RubyGems - hrr_rb_ssh - Versions diffs - 0.1.9 → 0.2.0 - Mend

hrr_rb_ssh 0.1.9 → 0.2.0

Files changed (123) hide show

data/lib/hrr_rb_ssh/algorithm/publickey/ecdsa_sha2_nistp384.rb ADDED Viewed

@@ -0,0 +1,19 @@
+# coding: utf-8
+# vim: et ts=2 sw=2
+require 'hrr_rb_ssh/algorithm/publickey/ecdsa_sha2'
+module HrrRbSsh
+  module Algorithm
+    class Publickey
+      class EcdsaSha2Nistp384 < Publickey
+        NAME = 'ecdsa-sha2-nistp384'
+        DIGEST = 'sha384'
+        IDENTIFIER = 'nistp384'
+        CURVE_NAME = 'secp384r1'
+        include EcdsaSha2
+      end
+    end
+  end
+end

data/lib/hrr_rb_ssh/algorithm/publickey/ecdsa_sha2_nistp521.rb ADDED Viewed

@@ -0,0 +1,19 @@
+# coding: utf-8
+# vim: et ts=2 sw=2
+require 'hrr_rb_ssh/algorithm/publickey/ecdsa_sha2'
+module HrrRbSsh
+  module Algorithm
+    class Publickey
+      class EcdsaSha2Nistp521 < Publickey
+        NAME = 'ecdsa-sha2-nistp521'
+        DIGEST = 'sha512'
+        IDENTIFIER = 'nistp521'
+        CURVE_NAME = 'secp521r1'
+        include EcdsaSha2
+      end
+    end
+  end
+end

data/lib/hrr_rb_ssh/{transport/server_host_key_algorithm → algorithm/publickey}/ssh_dss/public_key_blob.rb RENAMED Viewed

@@ -5,15 +5,15 @@ require 'hrr_rb_ssh/data_type'
 require 'hrr_rb_ssh/codable'
 module HrrRbSsh
-  class Transport
-    class ServerHostKeyAlgorithm
+  module Algorithm
+    class Publickey
       class SshDss
         module PublicKeyBlob
           class << self
             include Codable
           end
           DEFINITION = [
-            [DataType::String, :'ssh-dss'],
+            [DataType::String, :'public key algorithm name'],
             [DataType::Mpint,  :'p'],
             [DataType::Mpint,  :'q'],
             [DataType::Mpint,  :'g'],

data/lib/hrr_rb_ssh/{transport/server_host_key_algorithm → algorithm/publickey}/ssh_dss/signature.rb RENAMED Viewed

@@ -5,16 +5,16 @@ require 'hrr_rb_ssh/data_type'
 require 'hrr_rb_ssh/codable'
 module HrrRbSsh
-  class Transport
-    class ServerHostKeyAlgorithm
+  module Algorithm
+    class Publickey
       class SshDss
         module Signature
           class << self
             include Codable
           end
           DEFINITION = [
-            [DataType::String, :'ssh-dss'],
-            [DataType::String, :'dss_signature_blob'],
+            [DataType::String, :'public key algorithm name'],
+            [DataType::String, :'signature blob'],
           ]
         end
       end

data/lib/hrr_rb_ssh/algorithm/publickey/ssh_dss.rb ADDED Viewed

@@ -0,0 +1,90 @@
+# coding: utf-8
+# vim: et ts=2 sw=2
+require 'hrr_rb_ssh/logger'
+module HrrRbSsh
+  module Algorithm
+    class Publickey
+      class SshDss < Publickey
+        NAME = 'ssh-dss'
+        DIGEST = 'sha1'
+        def initialize arg
+          begin
+            new_by_key_str arg
+          rescue OpenSSL::PKey::DSAError
+            new_by_public_key_blob arg
+          end
+        end
+        def new_by_key_str key_str
+          @publickey = OpenSSL::PKey::DSA.new(key_str)
+        end
+        def new_by_public_key_blob public_key_blob
+          public_key_blob_h = PublicKeyBlob.decode(public_key_blob)
+          @publickey = OpenSSL::PKey::DSA.new
+          if @publickey.respond_to?(:set_pqg)
+            @publickey.set_pqg public_key_blob_h[:'p'], public_key_blob_h[:'q'], public_key_blob_h[:'g']
+          else
+            @publickey.p = public_key_blob_h[:'p']
+            @publickey.q = public_key_blob_h[:'q']
+            @publickey.g = public_key_blob_h[:'g']
+          end
+          if @publickey.respond_to?(:set_key)
+            @publickey.set_key public_key_blob_h[:'y'], nil
+          else
+            @publickey.pub_key = public_key_blob_h[:'y']
+          end
+        end
+        def to_pem
+          @publickey.public_key.to_pem
+        end
+        def to_public_key_blob
+          public_key_blob_h = {
+            :'public key algorithm name' => self.class::NAME,
+            :'p'                         => @publickey.p.to_i,
+            :'q'                         => @publickey.q.to_i,
+            :'g'                         => @publickey.g.to_i,
+            :'y'                         => @publickey.pub_key.to_i,
+          }
+          PublicKeyBlob.encode(public_key_blob_h)
+        end
+        def sign signature_blob
+          hash = OpenSSL::Digest.digest(self.class::DIGEST, signature_blob)
+          sign_der = @publickey.syssign(hash)
+          sign_asn1 = OpenSSL::ASN1.decode(sign_der)
+          sign_r = sign_asn1.value[0].value.to_s(2).rjust(20, ["00"].pack("H"))
+          sign_s = sign_asn1.value[1].value.to_s(2).rjust(20, ["00"].pack("H"))
+          signature_h = {
+            :'public key algorithm name' => self.class::NAME,
+            :'signature blob'            => (sign_r + sign_s),
+          }
+          Signature.encode signature_h
+        end
+        def verify signature, signature_blob
+          signature_h = Signature.decode signature
+          sign_r = signature_h[:'signature blob'][ 0, 20]
+          sign_s = signature_h[:'signature blob'][20, 20]
+          sign_asn1 = OpenSSL::ASN1::Sequence.new(
+            [
+              OpenSSL::ASN1::Integer.new(OpenSSL::BN.new(sign_r, 2)),
+              OpenSSL::ASN1::Integer.new(OpenSSL::BN.new(sign_s, 2)),
+            ]
+          )
+          sign_der = sign_asn1.to_der
+          hash = OpenSSL::Digest.digest(self.class::DIGEST, signature_blob)
+          signature_h[:'public key algorithm name'] == self.class::NAME && @publickey.sysverify(hash, sign_der)
+        end
+      end
+    end
+  end
+end
+require 'hrr_rb_ssh/algorithm/publickey/ssh_dss/public_key_blob'
+require 'hrr_rb_ssh/algorithm/publickey/ssh_dss/signature'

data/lib/hrr_rb_ssh/{transport/server_host_key_algorithm → algorithm/publickey}/ssh_rsa/public_key_blob.rb RENAMED Viewed

@@ -5,15 +5,15 @@ require 'hrr_rb_ssh/data_type'
 require 'hrr_rb_ssh/codable'
 module HrrRbSsh
-  class Transport
-    class ServerHostKeyAlgorithm
+  module Algorithm
+    class Publickey
       class SshRsa
         module PublicKeyBlob
           class << self
             include Codable
           end
           DEFINITION = [
-            [DataType::String, :'ssh-rsa'],
+            [DataType::String, :'public key algorithm name'],
             [DataType::Mpint,  :'e'],
             [DataType::Mpint,  :'n'],
           ]
@@ -22,4 +22,3 @@ module HrrRbSsh
     end
   end
 end

data/lib/hrr_rb_ssh/{transport/server_host_key_algorithm → algorithm/publickey}/ssh_rsa/signature.rb RENAMED Viewed

@@ -5,16 +5,16 @@ require 'hrr_rb_ssh/data_type'
 require 'hrr_rb_ssh/codable'
 module HrrRbSsh
-  class Transport
-    class ServerHostKeyAlgorithm
+  module Algorithm
+    class Publickey
       class SshRsa
         module Signature
           class << self
             include Codable
           end
           DEFINITION = [
-            [DataType::String, :'ssh-rsa'],
-            [DataType::String, :'rsa_signature_blob'],
+            [DataType::String, :'public key algorithm name'],
+            [DataType::String, :'signature blob'],
           ]
         end
       end

data/lib/hrr_rb_ssh/algorithm/publickey/ssh_rsa.rb ADDED Viewed

@@ -0,0 +1,67 @@
+# coding: utf-8
+# vim: et ts=2 sw=2
+require 'hrr_rb_ssh/logger'
+module HrrRbSsh
+  module Algorithm
+    class Publickey
+      class SshRsa < Publickey
+        NAME = 'ssh-rsa'
+        DIGEST = 'sha1'
+        def initialize arg
+          begin
+            new_by_key_str arg
+          rescue OpenSSL::PKey::RSAError
+            new_by_public_key_blob arg
+          end
+        end
+        def new_by_key_str key_str
+          @publickey = OpenSSL::PKey::RSA.new(key_str)
+        end
+        def new_by_public_key_blob public_key_blob
+          public_key_blob_h = PublicKeyBlob.decode(public_key_blob)
+          @publickey = OpenSSL::PKey::RSA.new
+          if @publickey.respond_to?(:set_key)
+            @publickey.set_key public_key_blob_h[:'n'], public_key_blob_h[:'e'], nil
+          else
+            @publickey.n = public_key_blob_h[:'n']
+            @publickey.e = public_key_blob_h[:'e']
+          end
+        end
+        def to_pem
+          @publickey.public_key.to_pem
+        end
+        def to_public_key_blob
+          public_key_blob_h = {
+            :'public key algorithm name' => self.class::NAME,
+            :'e'                         => @publickey.e.to_i,
+            :'n'                         => @publickey.n.to_i,
+          }
+          PublicKeyBlob.encode(public_key_blob_h)
+        end
+        def sign signature_blob
+          signature_h = {
+            :'public key algorithm name' => self.class::NAME,
+            :'signature blob'            => @publickey.sign(self.class::DIGEST, signature_blob),
+          }
+          Signature.encode signature_h
+        end
+        def verify signature, signature_blob
+          signature_h = Signature.decode signature
+          signature_h[:'public key algorithm name'] == self.class::NAME && @publickey.verify(self.class::DIGEST, signature_h[:'signature blob'], signature_blob)
+        end
+      end
+    end
+  end
+end
+require 'hrr_rb_ssh/algorithm/publickey/ssh_rsa/public_key_blob'
+require 'hrr_rb_ssh/algorithm/publickey/ssh_rsa/signature'

data/lib/hrr_rb_ssh/algorithm/publickey.rb ADDED Viewed

@@ -0,0 +1,32 @@
+# coding: utf-8
+# vim: et ts=2 sw=2
+module HrrRbSsh
+  module Algorithm
+    class Publickey
+      @subclass_list = Array.new
+      class << self
+        def inherited klass
+          @subclass_list.push klass if @subclass_list
+        end
+        def [] key
+          __subclass_list__(__method__).find{ |klass| klass::NAME == key }
+        end
+        def __subclass_list__ method_name
+          send(:method_missing, method_name) unless @subclass_list
+          @subclass_list
+        end
+        private :__subclass_list__
+      end
+    end
+  end
+end
+require 'hrr_rb_ssh/algorithm/publickey/ssh_dss'
+require 'hrr_rb_ssh/algorithm/publickey/ssh_rsa'
+require 'hrr_rb_ssh/algorithm/publickey/ecdsa_sha2_nistp256'
+require 'hrr_rb_ssh/algorithm/publickey/ecdsa_sha2_nistp384'
+require 'hrr_rb_ssh/algorithm/publickey/ecdsa_sha2_nistp521'

data/lib/hrr_rb_ssh/algorithm.rb ADDED Viewed

@@ -0,0 +1,9 @@
+# coding: utf-8
+# vim: et ts=2 sw=2
+module HrrRbSsh
+  module Algorithm
+  end
+end
+require 'hrr_rb_ssh/algorithm/publickey'

data/lib/hrr_rb_ssh/authentication/method/none/context.rb CHANGED Viewed

@@ -13,7 +13,7 @@ module HrrRbSsh
           def initialize username
             @username = username
-            @logger = HrrRbSsh::Logger.new self.class.name
+            @logger = Logger.new self.class.name
           end
           def verify username

data/lib/hrr_rb_ssh/authentication/method/none.rb CHANGED Viewed

@@ -11,7 +11,7 @@ module HrrRbSsh
         PREFERENCE = 0
         def initialize options
-          @logger = HrrRbSsh::Logger.new(self.class.name)
+          @logger = Logger.new(self.class.name)
           @authenticator = options.fetch( 'authentication_none_authenticator', Authenticator.new { false } )
         end

data/lib/hrr_rb_ssh/authentication/method/password/context.rb CHANGED Viewed

@@ -14,7 +14,7 @@ module HrrRbSsh
             @username = username
             @password = password
-            @logger = HrrRbSsh::Logger.new self.class.name
+            @logger = Logger.new self.class.name
           end
           def verify username, password

data/lib/hrr_rb_ssh/authentication/method/password.rb CHANGED Viewed

@@ -11,7 +11,7 @@ module HrrRbSsh
         PREFERENCE = 10
         def initialize options
-          @logger = HrrRbSsh::Logger.new(self.class.name)
+          @logger = Logger.new(self.class.name)
           @authenticator = options.fetch( 'authentication_password_authenticator', Authenticator.new { false } )
         end

data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp256.rb CHANGED Viewed

@@ -1,8 +1,7 @@
 # coding: utf-8
 # vim: et ts=2 sw=2
-require 'hrr_rb_ssh/logger'
-require 'hrr_rb_ssh/data_type'
+require 'hrr_rb_ssh/authentication/method/publickey/algorithm/functionable'
 module HrrRbSsh
   class Authentication
@@ -12,73 +11,11 @@ module HrrRbSsh
           class EcdsaSha2Nistp256 < Algorithm
             NAME = 'ecdsa-sha2-nistp256'
             PREFERENCE = 30
-            DIGEST = 'sha256'
-            IDENTIFIER = 'nistp256'
-            CURVE_NAME = 'prime256v1'
-            def initialize
-              @logger = HrrRbSsh::Logger.new(self.class.name)
-            end
-            def verify_public_key public_key_algorithm_name, public_key, public_key_blob
-              public_key = case public_key
-                           when String
-                             OpenSSL::PKey::EC.new(public_key)
-                           when OpenSSL::PKey::EC
-                             public_key
-                           else
-                             return false
-                           end
-              public_key_message = {
-                :'public key algorithm name' => public_key_algorithm_name,
-                :'[identifier]'              => self.class::IDENTIFIER,
-                :'Q'                         => public_key.public_key.to_bn.to_s(2)
-              }
-              public_key_blob == PublicKeyBlob.encode(public_key_message)
-            end
-            def verify_signature session_id, message
-              signature_message   = Signature.decode message[:'signature']
-              signature_algorithm = signature_message[:'public key algorithm name']
-              signature_blob      = signature_message[:'signature blob']
-              public_key = PublicKeyBlob.decode message[:'public key blob']
-              algorithm = OpenSSL::PKey::EC.new(self.class::CURVE_NAME)
-              algorithm.public_key = OpenSSL::PKey::EC::Point.new(algorithm.group, OpenSSL::BN.new(public_key[:'Q'], 2))
-              data_message = {
-                :'session identifier'        => session_id,
-                :'message number'            => message[:'message number'],
-                :'user name'                 => message[:'user name'],
-                :'service name'              => message[:'service name'],
-                :'method name'               => message[:'method name'],
-                :'with signature'            => message[:'with signature'],
-                :'public key algorithm name' => message[:'public key algorithm name'],
-                :'public key blob'           => message[:'public key blob'],
-              }
-              data_blob = SignatureBlob.encode data_message
-              hash = OpenSSL::Digest.digest(DIGEST, data_blob)
-              ecdsa_signature_blob = EcdsaSignatureBlob.decode signature_blob
-              sign_r = ecdsa_signature_blob[:'r']
-              sign_s = ecdsa_signature_blob[:'s']
-              sign_asn1 = OpenSSL::ASN1::Sequence.new(
-                [
-                  OpenSSL::ASN1::Integer.new(OpenSSL::BN.new(sign_r)),
-                  OpenSSL::ASN1::Integer.new(OpenSSL::BN.new(sign_s)),
-                ]
-              )
-              sign_der = sign_asn1.to_der
-              (signature_algorithm == message[:'public key algorithm name']) && algorithm.dsa_verify_asn1(hash, sign_der)
-            end
+            include Functionable
           end
         end
       end
     end
   end
 end
-require 'hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp256/public_key_blob'
-require 'hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp256/signature_blob'
-require 'hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp256/signature'
-require 'hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp256/ecdsa_signature_blob'

data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp384.rb CHANGED Viewed

@@ -1,8 +1,7 @@
 # coding: utf-8
 # vim: et ts=2 sw=2
-require 'hrr_rb_ssh/logger'
-require 'hrr_rb_ssh/data_type'
+require 'hrr_rb_ssh/authentication/method/publickey/algorithm/functionable'
 module HrrRbSsh
   class Authentication
@@ -12,73 +11,11 @@ module HrrRbSsh
           class EcdsaSha2Nistp384 < Algorithm
             NAME = 'ecdsa-sha2-nistp384'
             PREFERENCE = 40
-            DIGEST = 'sha384'
-            IDENTIFIER = 'nistp384'
-            CURVE_NAME = 'secp384r1'
-            def initialize
-              @logger = HrrRbSsh::Logger.new(self.class.name)
-            end
-            def verify_public_key public_key_algorithm_name, public_key, public_key_blob
-              public_key = case public_key
-                           when String
-                             OpenSSL::PKey::EC.new(public_key)
-                           when OpenSSL::PKey::EC
-                             public_key
-                           else
-                             return false
-                           end
-              public_key_message = {
-                :'public key algorithm name' => public_key_algorithm_name,
-                :'[identifier]'              => self.class::IDENTIFIER,
-                :'Q'                         => public_key.public_key.to_bn.to_s(2)
-              }
-              public_key_blob == PublicKeyBlob.encode(public_key_message)
-            end
-            def verify_signature session_id, message
-              signature_message   = Signature.decode message[:'signature']
-              signature_algorithm = signature_message[:'public key algorithm name']
-              signature_blob      = signature_message[:'signature blob']
-              public_key = PublicKeyBlob.decode message[:'public key blob']
-              algorithm = OpenSSL::PKey::EC.new(self.class::CURVE_NAME)
-              algorithm.public_key = OpenSSL::PKey::EC::Point.new(algorithm.group, OpenSSL::BN.new(public_key[:'Q'], 2))
-              data_message = {
-                :'session identifier'        => session_id,
-                :'message number'            => message[:'message number'],
-                :'user name'                 => message[:'user name'],
-                :'service name'              => message[:'service name'],
-                :'method name'               => message[:'method name'],
-                :'with signature'            => message[:'with signature'],
-                :'public key algorithm name' => message[:'public key algorithm name'],
-                :'public key blob'           => message[:'public key blob'],
-              }
-              data_blob = SignatureBlob.encode data_message
-              hash = OpenSSL::Digest.digest(DIGEST, data_blob)
-              ecdsa_signature_blob = EcdsaSignatureBlob.decode signature_blob
-              sign_r = ecdsa_signature_blob[:'r']
-              sign_s = ecdsa_signature_blob[:'s']
-              sign_asn1 = OpenSSL::ASN1::Sequence.new(
-                [
-                  OpenSSL::ASN1::Integer.new(OpenSSL::BN.new(sign_r)),
-                  OpenSSL::ASN1::Integer.new(OpenSSL::BN.new(sign_s)),
-                ]
-              )
-              sign_der = sign_asn1.to_der
-              (signature_algorithm == message[:'public key algorithm name']) && algorithm.dsa_verify_asn1(hash, sign_der)
-            end
+            include Functionable
           end
         end
       end
     end
   end
 end
-require 'hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp384/public_key_blob'
-require 'hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp384/signature_blob'
-require 'hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp384/signature'
-require 'hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp384/ecdsa_signature_blob'

data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp521.rb CHANGED Viewed

@@ -1,8 +1,7 @@
 # coding: utf-8
 # vim: et ts=2 sw=2
-require 'hrr_rb_ssh/logger'
-require 'hrr_rb_ssh/data_type'
+require 'hrr_rb_ssh/authentication/method/publickey/algorithm/functionable'
 module HrrRbSsh
   class Authentication
@@ -12,73 +11,11 @@ module HrrRbSsh
           class EcdsaSha2Nistp521 < Algorithm
             NAME = 'ecdsa-sha2-nistp521'
             PREFERENCE = 50
-            DIGEST = 'sha512'
-            IDENTIFIER = 'nistp521'
-            CURVE_NAME = 'secp521r1'
-            def initialize
-              @logger = HrrRbSsh::Logger.new(self.class.name)
-            end
-            def verify_public_key public_key_algorithm_name, public_key, public_key_blob
-              public_key = case public_key
-                           when String
-                             OpenSSL::PKey::EC.new(public_key)
-                           when OpenSSL::PKey::EC
-                             public_key
-                           else
-                             return false
-                           end
-              public_key_message = {
-                :'public key algorithm name' => public_key_algorithm_name,
-                :'[identifier]'              => self.class::IDENTIFIER,
-                :'Q'                         => public_key.public_key.to_bn.to_s(2)
-              }
-              public_key_blob == PublicKeyBlob.encode(public_key_message)
-            end
-            def verify_signature session_id, message
-              signature_message   = Signature.decode message[:'signature']
-              signature_algorithm = signature_message[:'public key algorithm name']
-              signature_blob      = signature_message[:'signature blob']
-              public_key = PublicKeyBlob.decode message[:'public key blob']
-              algorithm = OpenSSL::PKey::EC.new(self.class::CURVE_NAME)
-              algorithm.public_key = OpenSSL::PKey::EC::Point.new(algorithm.group, OpenSSL::BN.new(public_key[:'Q'], 2))
-              data_message = {
-                :'session identifier'        => session_id,
-                :'message number'            => message[:'message number'],
-                :'user name'                 => message[:'user name'],
-                :'service name'              => message[:'service name'],
-                :'method name'               => message[:'method name'],
-                :'with signature'            => message[:'with signature'],
-                :'public key algorithm name' => message[:'public key algorithm name'],
-                :'public key blob'           => message[:'public key blob'],
-              }
-              data_blob = SignatureBlob.encode data_message
-              hash = OpenSSL::Digest.digest(DIGEST, data_blob)
-              ecdsa_signature_blob = EcdsaSignatureBlob.decode signature_blob
-              sign_r = ecdsa_signature_blob[:'r']
-              sign_s = ecdsa_signature_blob[:'s']
-              sign_asn1 = OpenSSL::ASN1::Sequence.new(
-                [
-                  OpenSSL::ASN1::Integer.new(OpenSSL::BN.new(sign_r)),
-                  OpenSSL::ASN1::Integer.new(OpenSSL::BN.new(sign_s)),
-                ]
-              )
-              sign_der = sign_asn1.to_der
-              (signature_algorithm == message[:'public key algorithm name']) && algorithm.dsa_verify_asn1(hash, sign_der)
-            end
+            include Functionable
           end
         end
       end
     end
   end
 end
-require 'hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp521/public_key_blob'
-require 'hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp521/signature_blob'
-require 'hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp521/signature'
-require 'hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp521/ecdsa_signature_blob'