hrr_rb_ssh 0.1.9 → 0.2.0

data/lib/hrr_rb_ssh/transport/kex_algorithm/iv_computable.rb

@@ -0,0 +1,57 @@
+# coding: utf-8
+# vim: et ts=2 sw=2
+
+require 'hrr_rb_ssh/data_type'
+require 'hrr_rb_ssh/transport/encryption_algorithm'
+require 'hrr_rb_ssh/transport/mac_algorithm'
+
+module HrrRbSsh
+  class Transport
+    class KexAlgorithm
+      module IvComputable
+        def build_key(_k, h, _x, session_id, key_length)
+          k = DataType::Mpint.encode _k
+          x = DataType::Byte.encode _x
+
+          key = OpenSSL::Digest.digest(self.class::DIGEST, k + h + x + session_id)
+
+          while key.length < key_length
+            key = key + OpenSSL::Digest.digest(self.class::DIGEST, k + h + key )
+          end
+
+          key[0, key_length]
+        end
+
+        def iv_c_to_s transport, encryption_algorithm_c_to_s_name
+          key_length = EncryptionAlgorithm[encryption_algorithm_c_to_s_name]::IV_LENGTH
+          build_key(shared_secret, hash(transport), 'A'.ord, transport.session_id, key_length)
+        end
+
+        def iv_s_to_c transport, encryption_algorithm_s_to_c_name
+          key_length = EncryptionAlgorithm[encryption_algorithm_s_to_c_name]::IV_LENGTH
+          build_key(shared_secret, hash(transport), 'B'.ord, transport.session_id, key_length)
+        end
+
+        def key_c_to_s transport, encryption_algorithm_c_to_s_name
+          key_length = EncryptionAlgorithm[encryption_algorithm_c_to_s_name]::KEY_LENGTH
+          build_key(shared_secret, hash(transport), 'C'.ord, transport.session_id, key_length)
+        end
+
+        def key_s_to_c transport, encryption_algorithm_s_to_c_name
+          key_length = EncryptionAlgorithm[encryption_algorithm_s_to_c_name]::KEY_LENGTH
+          build_key(shared_secret, hash(transport), 'D'.ord, transport.session_id, key_length)
+        end
+
+        def mac_c_to_s transport, mac_algorithm_c_to_s_name
+          key_length = MacAlgorithm[mac_algorithm_c_to_s_name]::KEY_LENGTH
+          build_key(shared_secret, hash(transport), 'E'.ord, transport.session_id, key_length)
+        end
+
+        def mac_s_to_c transport, mac_algorithm_s_to_c_name
+          key_length = MacAlgorithm[mac_algorithm_s_to_c_name]::KEY_LENGTH
+          build_key(shared_secret, hash(transport), 'F'.ord, transport.session_id, key_length)
+        end
+      end
+    end
+  end
+end

data/lib/hrr_rb_ssh/transport/mac_algorithm/functionable.rb

@@ -8,7 +8,7 @@ module HrrRbSsh
     class MacAlgorithm
       module Functionable
         def initialize key
-          @logger = HrrRbSsh::Logger.new(self.class.name)
+          @logger = Logger.new(self.class.name)
           @key = key
         end
 
@@ -21,7 +21,7 @@ module HrrRbSsh
         end
 
         def compute sequence_number, unencrypted_packet
-          data = HrrRbSsh::DataType::Uint32.encode(sequence_number) + unencrypted_packet
+          data = DataType::Uint32.encode(sequence_number) + unencrypted_packet
           digest = OpenSSL::HMAC.digest self.class::DIGEST, @key, data
           digest[0, digest_length]
         end

data/lib/hrr_rb_ssh/transport/mac_algorithm/unfunctionable.rb

@@ -8,7 +8,7 @@ module HrrRbSsh
     class MacAlgorithm
       module Unfunctionable
         def initialize key=nil
-          @logger = HrrRbSsh::Logger.new(self.class.name)
+          @logger = Logger.new(self.class.name)
         end
 
         def digest_length

data/lib/hrr_rb_ssh/transport/receiver.rb

@@ -8,7 +8,7 @@ module HrrRbSsh
   class Transport
     class Receiver
       def initialize
-        @logger = HrrRbSsh::Logger.new self.class.name
+        @logger = Logger.new self.class.name
       end
 
       def depacketize transport, packet

data/lib/hrr_rb_ssh/transport/sender.rb

@@ -7,7 +7,7 @@ module HrrRbSsh
   class Transport
     class Sender
       def initialize
-        @logger = HrrRbSsh::Logger.new self.class.name
+        @logger = Logger.new self.class.name
       end
 
       def packetize transport, payload

data/lib/hrr_rb_ssh/transport/sequence_number.rb

@@ -11,7 +11,7 @@ module HrrRbSsh
       def initialize
         @sequence_number = 0
 
-        @logger = HrrRbSsh::Logger.new self.class.name
+        @logger = Logger.new self.class.name
       end
 
       def increment

data/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp256.rb

@@ -1,8 +1,8 @@
 # coding: utf-8
 # vim: et ts=2 sw=2
 
-require 'hrr_rb_ssh/logger'
 require 'hrr_rb_ssh/openssl_secure_random'
+require 'hrr_rb_ssh/transport/server_host_key_algorithm/functionable'
 
 module HrrRbSsh
   class Transport
@@ -10,65 +10,11 @@ module HrrRbSsh
       class EcdsaSha2Nistp256 < ServerHostKeyAlgorithm
         NAME = 'ecdsa-sha2-nistp256'
         PREFERENCE = 30
-        DIGEST = 'sha256'
         IDENTIFIER = 'nistp256'
         SECRET_KEY = OpenSSL::PKey::EC.new('prime256v1').generate_key.to_pem
 
-        def initialize secret_key=nil
-          @logger = HrrRbSsh::Logger.new(self.class.name)
-          @algorithm = OpenSSL::PKey::EC.new (secret_key || self.class::SECRET_KEY)
-        end
-
-        def server_public_host_key
-          payload = {
-            :'ecdsa-sha2-[identifier]' => self.class::NAME,
-            :'[identifier]'            => self.class::IDENTIFIER,
-            :'Q'                       => @algorithm.public_key.to_bn.to_s(2)
-          }
-          PublicKeyBlob.encode payload
-        end
-
-        def ecdsa_signature_blob data
-          hash = OpenSSL::Digest.digest(self.class::DIGEST, data)
-          sign_der = @algorithm.dsa_sign_asn1(hash)
-          sign_asn1 = OpenSSL::ASN1.decode(sign_der)
-          r = sign_asn1.value[0].value.to_i
-          s = sign_asn1.value[1].value.to_i
-          payload = {
-            :'r' => r,
-            :'s' => s,
-          }
-          EcdsaSignatureBlob.encode payload
-        end
-
-        def sign data
-          payload = {
-            :'ecdsa-sha2-[identifier]' => self.class::NAME,
-            :'ecdsa_signature_blob'    => ecdsa_signature_blob(data),
-          }
-          Signature.encode payload
-        end
-
-        def verify sign, data
-          payload = Signature.decode sign
-          ecdsa_signature_blob = EcdsaSignatureBlob.decode payload[:'ecdsa_signature_blob']
-          r = ecdsa_signature_blob[:'r']
-          s = ecdsa_signature_blob[:'s']
-          sign_asn1 = OpenSSL::ASN1::Sequence.new(
-            [
-              OpenSSL::ASN1::Integer.new(OpenSSL::BN.new(r)),
-              OpenSSL::ASN1::Integer.new(OpenSSL::BN.new(s)),
-            ]
-          )
-          sign_der = sign_asn1.to_der
-          hash = OpenSSL::Digest.digest(self.class::DIGEST, data)
-          payload[:'ecdsa-sha2-[identifier]'] == self.class::NAME && @algorithm.dsa_verify_asn1(hash, sign_der)
-        end
+        include Functionable
       end
     end
   end
 end
-
-require 'hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp256/public_key_blob'
-require 'hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp256/ecdsa_signature_blob'
-require 'hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp256/signature'

data/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp384.rb

@@ -1,8 +1,8 @@
 # coding: utf-8
 # vim: et ts=2 sw=2
 
-require 'hrr_rb_ssh/logger'
 require 'hrr_rb_ssh/openssl_secure_random'
+require 'hrr_rb_ssh/transport/server_host_key_algorithm/functionable'
 
 module HrrRbSsh
   class Transport
@@ -10,65 +10,11 @@ module HrrRbSsh
       class EcdsaSha2Nistp384 < ServerHostKeyAlgorithm
         NAME = 'ecdsa-sha2-nistp384'
         PREFERENCE = 40
-        DIGEST = 'sha384'
         IDENTIFIER = 'nistp384'
         SECRET_KEY = OpenSSL::PKey::EC.new('secp384r1').generate_key.to_pem
 
-        def initialize secret_key=nil
-          @logger = HrrRbSsh::Logger.new(self.class.name)
-          @algorithm = OpenSSL::PKey::EC.new (secret_key || self.class::SECRET_KEY)
-        end
-
-        def server_public_host_key
-          payload = {
-            :'ecdsa-sha2-[identifier]' => self.class::NAME,
-            :'[identifier]'            => self.class::IDENTIFIER,
-            :'Q'                       => @algorithm.public_key.to_bn.to_s(2)
-          }
-          PublicKeyBlob.encode payload
-        end
-
-        def ecdsa_signature_blob data
-          hash = OpenSSL::Digest.digest(self.class::DIGEST, data)
-          sign_der = @algorithm.dsa_sign_asn1(hash)
-          sign_asn1 = OpenSSL::ASN1.decode(sign_der)
-          r = sign_asn1.value[0].value.to_i
-          s = sign_asn1.value[1].value.to_i
-          payload = {
-            :'r' => r,
-            :'s' => s,
-          }
-          EcdsaSignatureBlob.encode payload
-        end
-
-        def sign data
-          payload = {
-            :'ecdsa-sha2-[identifier]' => self.class::NAME,
-            :'ecdsa_signature_blob'    => ecdsa_signature_blob(data),
-          }
-          Signature.encode payload
-        end
-
-        def verify sign, data
-          payload = Signature.decode sign
-          ecdsa_signature_blob = EcdsaSignatureBlob.decode payload[:'ecdsa_signature_blob']
-          r = ecdsa_signature_blob[:'r']
-          s = ecdsa_signature_blob[:'s']
-          sign_asn1 = OpenSSL::ASN1::Sequence.new(
-            [
-              OpenSSL::ASN1::Integer.new(OpenSSL::BN.new(r)),
-              OpenSSL::ASN1::Integer.new(OpenSSL::BN.new(s)),
-            ]
-          )
-          sign_der = sign_asn1.to_der
-          hash = OpenSSL::Digest.digest(self.class::DIGEST, data)
-          payload[:'ecdsa-sha2-[identifier]'] == self.class::NAME && @algorithm.dsa_verify_asn1(hash, sign_der)
-        end
+        include Functionable
       end
     end
   end
 end
-
-require 'hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp384/public_key_blob'
-require 'hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp384/ecdsa_signature_blob'
-require 'hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp384/signature'

data/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp521.rb

@@ -1,8 +1,8 @@
 # coding: utf-8
 # vim: et ts=2 sw=2
 
-require 'hrr_rb_ssh/logger'
 require 'hrr_rb_ssh/openssl_secure_random'
+require 'hrr_rb_ssh/transport/server_host_key_algorithm/functionable'
 
 module HrrRbSsh
   class Transport
@@ -10,65 +10,11 @@ module HrrRbSsh
       class EcdsaSha2Nistp521 < ServerHostKeyAlgorithm
         NAME = 'ecdsa-sha2-nistp521'
         PREFERENCE = 50
-        DIGEST = 'sha512'
         IDENTIFIER = 'nistp521'
         SECRET_KEY = OpenSSL::PKey::EC.new('secp521r1').generate_key.to_pem
 
-        def initialize secret_key=nil
-          @logger = HrrRbSsh::Logger.new(self.class.name)
-          @algorithm = OpenSSL::PKey::EC.new (secret_key || self.class::SECRET_KEY)
-        end
-
-        def server_public_host_key
-          payload = {
-            :'ecdsa-sha2-[identifier]' => self.class::NAME,
-            :'[identifier]'            => self.class::IDENTIFIER,
-            :'Q'                       => @algorithm.public_key.to_bn.to_s(2)
-          }
-          PublicKeyBlob.encode payload
-        end
-
-        def ecdsa_signature_blob data
-          hash = OpenSSL::Digest.digest(self.class::DIGEST, data)
-          sign_der = @algorithm.dsa_sign_asn1(hash)
-          sign_asn1 = OpenSSL::ASN1.decode(sign_der)
-          r = sign_asn1.value[0].value.to_i
-          s = sign_asn1.value[1].value.to_i
-          payload = {
-            :'r' => r,
-            :'s' => s,
-          }
-          EcdsaSignatureBlob.encode payload
-        end
-
-        def sign data
-          payload = {
-            :'ecdsa-sha2-[identifier]' => self.class::NAME,
-            :'ecdsa_signature_blob'    => ecdsa_signature_blob(data),
-          }
-          Signature.encode payload
-        end
-
-        def verify sign, data
-          payload = Signature.decode sign
-          ecdsa_signature_blob = EcdsaSignatureBlob.decode payload[:'ecdsa_signature_blob']
-          r = ecdsa_signature_blob[:'r']
-          s = ecdsa_signature_blob[:'s']
-          sign_asn1 = OpenSSL::ASN1::Sequence.new(
-            [
-              OpenSSL::ASN1::Integer.new(OpenSSL::BN.new(r)),
-              OpenSSL::ASN1::Integer.new(OpenSSL::BN.new(s)),
-            ]
-          )
-          sign_der = sign_asn1.to_der
-          hash = OpenSSL::Digest.digest(self.class::DIGEST, data)
-          payload[:'ecdsa-sha2-[identifier]'] == self.class::NAME && @algorithm.dsa_verify_asn1(hash, sign_der)
-        end
+        include Functionable
       end
     end
   end
 end
-
-require 'hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp521/public_key_blob'
-require 'hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp521/ecdsa_signature_blob'
-require 'hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp521/signature'

data/lib/hrr_rb_ssh/transport/server_host_key_algorithm/functionable.rb

@@ -0,0 +1,29 @@
+# coding: utf-8
+# vim: et ts=2 sw=2
+
+require 'hrr_rb_ssh/logger'
+
+module HrrRbSsh
+  class Transport
+    class ServerHostKeyAlgorithm
+      module Functionable
+        def initialize secret_key=nil
+          @logger = Logger.new(self.class.name)
+          @publickey = Algorithm::Publickey[self.class::NAME].new (secret_key || self.class::SECRET_KEY)
+        end
+
+        def server_public_host_key
+          @publickey.to_public_key_blob
+        end
+
+        def sign signature_blob
+          @publickey.sign signature_blob
+        end
+
+        def verify signature, signature_blob
+          @publickey.verify signature, signature_blob
+        end
+      end
+    end
+  end
+end

data/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ssh_dss.rb

@@ -1,9 +1,8 @@
 # coding: utf-8
 # vim: et ts=2 sw=2
 
-require 'hrr_rb_ssh/logger'
-require 'hrr_rb_ssh/data_type'
 require 'hrr_rb_ssh/openssl_secure_random'
+require 'hrr_rb_ssh/transport/server_host_key_algorithm/functionable'
 
 module HrrRbSsh
   class Transport
@@ -11,57 +10,10 @@ module HrrRbSsh
       class SshDss < ServerHostKeyAlgorithm
         NAME = 'ssh-dss'
         PREFERENCE = 10
-        DIGEST = 'sha1'
         SECRET_KEY = OpenSSL::PKey::DSA.new(1024).to_pem
 
-        def initialize secret_key=nil
-          @logger = HrrRbSsh::Logger.new(self.class.name)
-          @dss = OpenSSL::PKey::DSA.new (secret_key || self.class::SECRET_KEY)
-        end
-
-        def server_public_host_key
-          payload = {
-            :'ssh-dss' => "ssh-dss",
-            :'p'       => @dss.p.to_i,
-            :'q'       => @dss.q.to_i,
-            :'g'       => @dss.g.to_i,
-            :'y'       => @dss.pub_key.to_i,
-          }
-          PublicKeyBlob.encode payload
-        end
-
-        def sign data
-          hash = OpenSSL::Digest.digest(self.class::DIGEST, data)
-          sign_der = @dss.syssign(hash)
-          sign_asn1 = OpenSSL::ASN1.decode(sign_der)
-          sign_r = sign_asn1.value[0].value.to_s(2).rjust(20, ["00"].pack("H"))
-          sign_s = sign_asn1.value[1].value.to_s(2).rjust(20, ["00"].pack("H"))
-          payload = {
-            :'ssh-dss'            => "ssh-dss",
-            :'dss_signature_blob' => (sign_r + sign_s),
-          }
-          Signature.encode payload
-        end
-
-        def verify sign, data
-          payload = Signature.decode sign
-          dss_signature_blob = payload[:'dss_signature_blob']
-          sign_r = dss_signature_blob[ 0, 20]
-          sign_s = dss_signature_blob[20, 20]
-          sign_asn1 = OpenSSL::ASN1::Sequence.new(
-            [
-              OpenSSL::ASN1::Integer.new(OpenSSL::BN.new(sign_r, 2)),
-              OpenSSL::ASN1::Integer.new(OpenSSL::BN.new(sign_s, 2)),
-            ]
-          )
-          sign_der = sign_asn1.to_der
-          hash = OpenSSL::Digest.digest(self.class::DIGEST, data)
-          payload[:'ssh-dss'] == "ssh-dss" && @dss.sysverify(hash, sign_der)
-        end
+        include Functionable
       end
     end
   end
 end
-
-require 'hrr_rb_ssh/transport/server_host_key_algorithm/ssh_dss/public_key_blob'
-require 'hrr_rb_ssh/transport/server_host_key_algorithm/ssh_dss/signature'

data/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ssh_rsa.rb

@@ -1,8 +1,8 @@
 # coding: utf-8
 # vim: et ts=2 sw=2
 
-require 'hrr_rb_ssh/logger'
 require 'hrr_rb_ssh/openssl_secure_random'
+require 'hrr_rb_ssh/transport/server_host_key_algorithm/functionable'
 
 module HrrRbSsh
   class Transport
@@ -10,39 +10,10 @@ module HrrRbSsh
       class SshRsa < ServerHostKeyAlgorithm
         NAME = 'ssh-rsa'
         PREFERENCE = 20
-        DIGEST = 'sha1'
         SECRET_KEY = OpenSSL::PKey::RSA.new(2048).to_pem
 
-        def initialize secret_key=nil
-          @logger = HrrRbSsh::Logger.new(self.class.name)
-          @rsa = OpenSSL::PKey::RSA.new (secret_key || self.class::SECRET_KEY)
-        end
-
-        def server_public_host_key
-          payload = {
-            :'ssh-rsa' => "ssh-rsa",
-            :'e'       => @rsa.e.to_i,
-            :'n'       => @rsa.n.to_i,
-          }
-          PublicKeyBlob.encode payload
-        end
-
-        def sign data
-          payload = {
-            :'ssh-rsa'            => "ssh-rsa",
-            :'rsa_signature_blob' => @rsa.sign(self.class::DIGEST, data),
-          }
-          Signature.encode payload
-        end
-
-        def verify sign, data
-          payload = Signature.decode sign
-          payload[:'ssh-rsa'] == "ssh-rsa" && @rsa.verify(self.class::DIGEST, payload[:'rsa_signature_blob'], data)
-        end
+        include Functionable
       end
     end
   end
 end
-
-require 'hrr_rb_ssh/transport/server_host_key_algorithm/ssh_rsa/public_key_blob'
-require 'hrr_rb_ssh/transport/server_host_key_algorithm/ssh_rsa/signature'