hrr_rb_ssh 0.1.9 → 0.2.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.travis.yml +12 -2
- data/README.md +11 -9
- data/demo/echo_server.rb +50 -42
- data/demo/server.rb +81 -62
- data/demo/subsystem_echo_server.rb +54 -47
- data/lib/hrr_rb_ssh/{transport/server_host_key_algorithm/ecdsa_sha2_nistp521 → algorithm/publickey/ecdsa_sha2}/ecdsa_signature_blob.rb +3 -3
- data/lib/hrr_rb_ssh/{transport/server_host_key_algorithm/ecdsa_sha2_nistp256 → algorithm/publickey/ecdsa_sha2}/public_key_blob.rb +5 -6
- data/lib/hrr_rb_ssh/{transport/server_host_key_algorithm/ecdsa_sha2_nistp256 → algorithm/publickey/ecdsa_sha2}/signature.rb +5 -5
- data/lib/hrr_rb_ssh/algorithm/publickey/ecdsa_sha2.rb +85 -0
- data/lib/hrr_rb_ssh/algorithm/publickey/ecdsa_sha2_nistp256.rb +19 -0
- data/lib/hrr_rb_ssh/algorithm/publickey/ecdsa_sha2_nistp384.rb +19 -0
- data/lib/hrr_rb_ssh/algorithm/publickey/ecdsa_sha2_nistp521.rb +19 -0
- data/lib/hrr_rb_ssh/{transport/server_host_key_algorithm → algorithm/publickey}/ssh_dss/public_key_blob.rb +3 -3
- data/lib/hrr_rb_ssh/{transport/server_host_key_algorithm → algorithm/publickey}/ssh_dss/signature.rb +4 -4
- data/lib/hrr_rb_ssh/algorithm/publickey/ssh_dss.rb +90 -0
- data/lib/hrr_rb_ssh/{transport/server_host_key_algorithm → algorithm/publickey}/ssh_rsa/public_key_blob.rb +3 -4
- data/lib/hrr_rb_ssh/{transport/server_host_key_algorithm → algorithm/publickey}/ssh_rsa/signature.rb +4 -4
- data/lib/hrr_rb_ssh/algorithm/publickey/ssh_rsa.rb +67 -0
- data/lib/hrr_rb_ssh/algorithm/publickey.rb +32 -0
- data/lib/hrr_rb_ssh/algorithm.rb +9 -0
- data/lib/hrr_rb_ssh/authentication/method/none/context.rb +1 -1
- data/lib/hrr_rb_ssh/authentication/method/none.rb +1 -1
- data/lib/hrr_rb_ssh/authentication/method/password/context.rb +1 -1
- data/lib/hrr_rb_ssh/authentication/method/password.rb +1 -1
- data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp256.rb +2 -65
- data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp384.rb +2 -65
- data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp521.rb +2 -65
- data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/functionable.rb +54 -0
- data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/signature_blob.rb +31 -0
- data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ssh_dss.rb +2 -73
- data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ssh_rsa.rb +2 -55
- data/lib/hrr_rb_ssh/authentication/method/publickey.rb +3 -3
- data/lib/hrr_rb_ssh/authentication.rb +15 -15
- data/lib/hrr_rb_ssh/codable.rb +1 -1
- data/lib/hrr_rb_ssh/compat/openssh/public_key.rb +3 -40
- data/lib/hrr_rb_ssh/compat/ruby/array.rb +14 -0
- data/lib/hrr_rb_ssh/compat/ruby/openssl/bn.rb +20 -0
- data/lib/hrr_rb_ssh/compat/ruby/openssl.rb +4 -0
- data/lib/hrr_rb_ssh/compat/ruby/queue.rb +38 -0
- data/lib/hrr_rb_ssh/compat/ruby.rb +6 -0
- data/lib/hrr_rb_ssh/compat.rb +1 -63
- data/lib/hrr_rb_ssh/connection/channel/channel_type/direct_tcpip.rb +1 -1
- data/lib/hrr_rb_ssh/connection/channel/channel_type/forwarded_tcpip.rb +1 -1
- data/lib/hrr_rb_ssh/connection/channel/channel_type/session/proc_chain/chain_context.rb +1 -1
- data/lib/hrr_rb_ssh/connection/channel/channel_type/session/proc_chain.rb +1 -1
- data/lib/hrr_rb_ssh/connection/channel/channel_type/session/request_type/env/context.rb +1 -1
- data/lib/hrr_rb_ssh/connection/channel/channel_type/session/request_type/env.rb +1 -1
- data/lib/hrr_rb_ssh/connection/channel/channel_type/session/request_type/exec/context.rb +1 -1
- data/lib/hrr_rb_ssh/connection/channel/channel_type/session/request_type/exec.rb +1 -1
- data/lib/hrr_rb_ssh/connection/channel/channel_type/session/request_type/pty_req/context.rb +1 -1
- data/lib/hrr_rb_ssh/connection/channel/channel_type/session/request_type/pty_req.rb +1 -1
- data/lib/hrr_rb_ssh/connection/channel/channel_type/session/request_type/shell/context.rb +1 -1
- data/lib/hrr_rb_ssh/connection/channel/channel_type/session/request_type/shell.rb +1 -1
- data/lib/hrr_rb_ssh/connection/channel/channel_type/session/request_type/subsystem/context.rb +1 -1
- data/lib/hrr_rb_ssh/connection/channel/channel_type/session/request_type/subsystem.rb +1 -1
- data/lib/hrr_rb_ssh/connection/channel/channel_type/session/request_type/window_change/context.rb +1 -1
- data/lib/hrr_rb_ssh/connection/channel/channel_type/session/request_type/window_change.rb +1 -1
- data/lib/hrr_rb_ssh/connection/channel/channel_type/session.rb +1 -1
- data/lib/hrr_rb_ssh/connection/channel.rb +22 -22
- data/lib/hrr_rb_ssh/connection/global_request_handler.rb +1 -1
- data/lib/hrr_rb_ssh/connection/request_handler/reference_env_request_handler.rb +1 -1
- data/lib/hrr_rb_ssh/connection/request_handler/reference_exec_request_handler.rb +3 -56
- data/lib/hrr_rb_ssh/connection/request_handler/reference_pty_req_request_handler.rb +50 -13
- data/lib/hrr_rb_ssh/connection/request_handler/reference_shell_request_handler.rb +3 -56
- data/lib/hrr_rb_ssh/connection/request_handler/reference_window_change_request_handler.rb +1 -1
- data/lib/hrr_rb_ssh/connection/request_handler.rb +1 -1
- data/lib/hrr_rb_ssh/connection.rb +40 -40
- data/lib/hrr_rb_ssh/data_type.rb +0 -3
- data/lib/hrr_rb_ssh/error/closed_authentication.rb +9 -0
- data/lib/hrr_rb_ssh/{closed_transport_error.rb → error/closed_connection.rb} +3 -1
- data/lib/hrr_rb_ssh/{closed_authentication_error.rb → error/closed_transport.rb} +3 -1
- data/lib/hrr_rb_ssh/error.rb +11 -0
- data/lib/hrr_rb_ssh/{closed_connection_error.rb → mode.rb} +3 -1
- data/lib/hrr_rb_ssh/server.rb +23 -0
- data/lib/hrr_rb_ssh/transport/compression_algorithm/functionable.rb +1 -1
- data/lib/hrr_rb_ssh/transport/compression_algorithm/unfunctionable.rb +1 -1
- data/lib/hrr_rb_ssh/transport/encryption_algorithm/functionable.rb +3 -3
- data/lib/hrr_rb_ssh/transport/encryption_algorithm/unfunctionable.rb +1 -1
- data/lib/hrr_rb_ssh/transport/kex_algorithm/diffie_hellman.rb +8 -48
- data/lib/hrr_rb_ssh/transport/kex_algorithm/diffie_hellman_group_exchange.rb +11 -51
- data/lib/hrr_rb_ssh/transport/kex_algorithm/elliptic_curve_diffie_hellman.rb +8 -48
- data/lib/hrr_rb_ssh/transport/kex_algorithm/iv_computable.rb +57 -0
- data/lib/hrr_rb_ssh/transport/mac_algorithm/functionable.rb +2 -2
- data/lib/hrr_rb_ssh/transport/mac_algorithm/unfunctionable.rb +1 -1
- data/lib/hrr_rb_ssh/transport/receiver.rb +1 -1
- data/lib/hrr_rb_ssh/transport/sender.rb +1 -1
- data/lib/hrr_rb_ssh/transport/sequence_number.rb +1 -1
- data/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp256.rb +2 -56
- data/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp384.rb +2 -56
- data/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp521.rb +2 -56
- data/lib/hrr_rb_ssh/transport/server_host_key_algorithm/functionable.rb +29 -0
- data/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ssh_dss.rb +2 -50
- data/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ssh_rsa.rb +2 -31
- data/lib/hrr_rb_ssh/transport.rb +83 -81
- data/lib/hrr_rb_ssh/version.rb +1 -1
- data/lib/hrr_rb_ssh.rb +4 -0
- metadata +32 -37
- data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp256/ecdsa_signature_blob.rb +0 -27
- data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp256/public_key_blob.rb +0 -28
- data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp256/signature.rb +0 -27
- data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp256/signature_blob.rb +0 -33
- data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp384/ecdsa_signature_blob.rb +0 -27
- data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp384/public_key_blob.rb +0 -28
- data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp384/signature.rb +0 -27
- data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp384/signature_blob.rb +0 -33
- data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp521/ecdsa_signature_blob.rb +0 -27
- data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp521/public_key_blob.rb +0 -28
- data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp521/signature.rb +0 -27
- data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp521/signature_blob.rb +0 -33
- data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ssh_dss/public_key_blob.rb +0 -30
- data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ssh_dss/signature.rb +0 -27
- data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ssh_dss/signature_blob.rb +0 -33
- data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ssh_rsa/public_key_blob.rb +0 -28
- data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ssh_rsa/signature.rb +0 -27
- data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ssh_rsa/signature_blob.rb +0 -33
- data/lib/hrr_rb_ssh/transport/mode.rb +0 -11
- data/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp256/ecdsa_signature_blob.rb +0 -23
- data/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp384/ecdsa_signature_blob.rb +0 -23
- data/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp384/public_key_blob.rb +0 -25
- data/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp384/signature.rb +0 -23
- data/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp521/public_key_blob.rb +0 -25
- data/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp521/signature.rb +0 -23
@@ -0,0 +1,57 @@
|
|
1
|
+
# coding: utf-8
|
2
|
+
# vim: et ts=2 sw=2
|
3
|
+
|
4
|
+
require 'hrr_rb_ssh/data_type'
|
5
|
+
require 'hrr_rb_ssh/transport/encryption_algorithm'
|
6
|
+
require 'hrr_rb_ssh/transport/mac_algorithm'
|
7
|
+
|
8
|
+
module HrrRbSsh
|
9
|
+
class Transport
|
10
|
+
class KexAlgorithm
|
11
|
+
module IvComputable
|
12
|
+
def build_key(_k, h, _x, session_id, key_length)
|
13
|
+
k = DataType::Mpint.encode _k
|
14
|
+
x = DataType::Byte.encode _x
|
15
|
+
|
16
|
+
key = OpenSSL::Digest.digest(self.class::DIGEST, k + h + x + session_id)
|
17
|
+
|
18
|
+
while key.length < key_length
|
19
|
+
key = key + OpenSSL::Digest.digest(self.class::DIGEST, k + h + key )
|
20
|
+
end
|
21
|
+
|
22
|
+
key[0, key_length]
|
23
|
+
end
|
24
|
+
|
25
|
+
def iv_c_to_s transport, encryption_algorithm_c_to_s_name
|
26
|
+
key_length = EncryptionAlgorithm[encryption_algorithm_c_to_s_name]::IV_LENGTH
|
27
|
+
build_key(shared_secret, hash(transport), 'A'.ord, transport.session_id, key_length)
|
28
|
+
end
|
29
|
+
|
30
|
+
def iv_s_to_c transport, encryption_algorithm_s_to_c_name
|
31
|
+
key_length = EncryptionAlgorithm[encryption_algorithm_s_to_c_name]::IV_LENGTH
|
32
|
+
build_key(shared_secret, hash(transport), 'B'.ord, transport.session_id, key_length)
|
33
|
+
end
|
34
|
+
|
35
|
+
def key_c_to_s transport, encryption_algorithm_c_to_s_name
|
36
|
+
key_length = EncryptionAlgorithm[encryption_algorithm_c_to_s_name]::KEY_LENGTH
|
37
|
+
build_key(shared_secret, hash(transport), 'C'.ord, transport.session_id, key_length)
|
38
|
+
end
|
39
|
+
|
40
|
+
def key_s_to_c transport, encryption_algorithm_s_to_c_name
|
41
|
+
key_length = EncryptionAlgorithm[encryption_algorithm_s_to_c_name]::KEY_LENGTH
|
42
|
+
build_key(shared_secret, hash(transport), 'D'.ord, transport.session_id, key_length)
|
43
|
+
end
|
44
|
+
|
45
|
+
def mac_c_to_s transport, mac_algorithm_c_to_s_name
|
46
|
+
key_length = MacAlgorithm[mac_algorithm_c_to_s_name]::KEY_LENGTH
|
47
|
+
build_key(shared_secret, hash(transport), 'E'.ord, transport.session_id, key_length)
|
48
|
+
end
|
49
|
+
|
50
|
+
def mac_s_to_c transport, mac_algorithm_s_to_c_name
|
51
|
+
key_length = MacAlgorithm[mac_algorithm_s_to_c_name]::KEY_LENGTH
|
52
|
+
build_key(shared_secret, hash(transport), 'F'.ord, transport.session_id, key_length)
|
53
|
+
end
|
54
|
+
end
|
55
|
+
end
|
56
|
+
end
|
57
|
+
end
|
@@ -8,7 +8,7 @@ module HrrRbSsh
|
|
8
8
|
class MacAlgorithm
|
9
9
|
module Functionable
|
10
10
|
def initialize key
|
11
|
-
@logger =
|
11
|
+
@logger = Logger.new(self.class.name)
|
12
12
|
@key = key
|
13
13
|
end
|
14
14
|
|
@@ -21,7 +21,7 @@ module HrrRbSsh
|
|
21
21
|
end
|
22
22
|
|
23
23
|
def compute sequence_number, unencrypted_packet
|
24
|
-
data =
|
24
|
+
data = DataType::Uint32.encode(sequence_number) + unencrypted_packet
|
25
25
|
digest = OpenSSL::HMAC.digest self.class::DIGEST, @key, data
|
26
26
|
digest[0, digest_length]
|
27
27
|
end
|
@@ -1,8 +1,8 @@
|
|
1
1
|
# coding: utf-8
|
2
2
|
# vim: et ts=2 sw=2
|
3
3
|
|
4
|
-
require 'hrr_rb_ssh/logger'
|
5
4
|
require 'hrr_rb_ssh/openssl_secure_random'
|
5
|
+
require 'hrr_rb_ssh/transport/server_host_key_algorithm/functionable'
|
6
6
|
|
7
7
|
module HrrRbSsh
|
8
8
|
class Transport
|
@@ -10,65 +10,11 @@ module HrrRbSsh
|
|
10
10
|
class EcdsaSha2Nistp256 < ServerHostKeyAlgorithm
|
11
11
|
NAME = 'ecdsa-sha2-nistp256'
|
12
12
|
PREFERENCE = 30
|
13
|
-
DIGEST = 'sha256'
|
14
13
|
IDENTIFIER = 'nistp256'
|
15
14
|
SECRET_KEY = OpenSSL::PKey::EC.new('prime256v1').generate_key.to_pem
|
16
15
|
|
17
|
-
|
18
|
-
@logger = HrrRbSsh::Logger.new(self.class.name)
|
19
|
-
@algorithm = OpenSSL::PKey::EC.new (secret_key || self.class::SECRET_KEY)
|
20
|
-
end
|
21
|
-
|
22
|
-
def server_public_host_key
|
23
|
-
payload = {
|
24
|
-
:'ecdsa-sha2-[identifier]' => self.class::NAME,
|
25
|
-
:'[identifier]' => self.class::IDENTIFIER,
|
26
|
-
:'Q' => @algorithm.public_key.to_bn.to_s(2)
|
27
|
-
}
|
28
|
-
PublicKeyBlob.encode payload
|
29
|
-
end
|
30
|
-
|
31
|
-
def ecdsa_signature_blob data
|
32
|
-
hash = OpenSSL::Digest.digest(self.class::DIGEST, data)
|
33
|
-
sign_der = @algorithm.dsa_sign_asn1(hash)
|
34
|
-
sign_asn1 = OpenSSL::ASN1.decode(sign_der)
|
35
|
-
r = sign_asn1.value[0].value.to_i
|
36
|
-
s = sign_asn1.value[1].value.to_i
|
37
|
-
payload = {
|
38
|
-
:'r' => r,
|
39
|
-
:'s' => s,
|
40
|
-
}
|
41
|
-
EcdsaSignatureBlob.encode payload
|
42
|
-
end
|
43
|
-
|
44
|
-
def sign data
|
45
|
-
payload = {
|
46
|
-
:'ecdsa-sha2-[identifier]' => self.class::NAME,
|
47
|
-
:'ecdsa_signature_blob' => ecdsa_signature_blob(data),
|
48
|
-
}
|
49
|
-
Signature.encode payload
|
50
|
-
end
|
51
|
-
|
52
|
-
def verify sign, data
|
53
|
-
payload = Signature.decode sign
|
54
|
-
ecdsa_signature_blob = EcdsaSignatureBlob.decode payload[:'ecdsa_signature_blob']
|
55
|
-
r = ecdsa_signature_blob[:'r']
|
56
|
-
s = ecdsa_signature_blob[:'s']
|
57
|
-
sign_asn1 = OpenSSL::ASN1::Sequence.new(
|
58
|
-
[
|
59
|
-
OpenSSL::ASN1::Integer.new(OpenSSL::BN.new(r)),
|
60
|
-
OpenSSL::ASN1::Integer.new(OpenSSL::BN.new(s)),
|
61
|
-
]
|
62
|
-
)
|
63
|
-
sign_der = sign_asn1.to_der
|
64
|
-
hash = OpenSSL::Digest.digest(self.class::DIGEST, data)
|
65
|
-
payload[:'ecdsa-sha2-[identifier]'] == self.class::NAME && @algorithm.dsa_verify_asn1(hash, sign_der)
|
66
|
-
end
|
16
|
+
include Functionable
|
67
17
|
end
|
68
18
|
end
|
69
19
|
end
|
70
20
|
end
|
71
|
-
|
72
|
-
require 'hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp256/public_key_blob'
|
73
|
-
require 'hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp256/ecdsa_signature_blob'
|
74
|
-
require 'hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp256/signature'
|
@@ -1,8 +1,8 @@
|
|
1
1
|
# coding: utf-8
|
2
2
|
# vim: et ts=2 sw=2
|
3
3
|
|
4
|
-
require 'hrr_rb_ssh/logger'
|
5
4
|
require 'hrr_rb_ssh/openssl_secure_random'
|
5
|
+
require 'hrr_rb_ssh/transport/server_host_key_algorithm/functionable'
|
6
6
|
|
7
7
|
module HrrRbSsh
|
8
8
|
class Transport
|
@@ -10,65 +10,11 @@ module HrrRbSsh
|
|
10
10
|
class EcdsaSha2Nistp384 < ServerHostKeyAlgorithm
|
11
11
|
NAME = 'ecdsa-sha2-nistp384'
|
12
12
|
PREFERENCE = 40
|
13
|
-
DIGEST = 'sha384'
|
14
13
|
IDENTIFIER = 'nistp384'
|
15
14
|
SECRET_KEY = OpenSSL::PKey::EC.new('secp384r1').generate_key.to_pem
|
16
15
|
|
17
|
-
|
18
|
-
@logger = HrrRbSsh::Logger.new(self.class.name)
|
19
|
-
@algorithm = OpenSSL::PKey::EC.new (secret_key || self.class::SECRET_KEY)
|
20
|
-
end
|
21
|
-
|
22
|
-
def server_public_host_key
|
23
|
-
payload = {
|
24
|
-
:'ecdsa-sha2-[identifier]' => self.class::NAME,
|
25
|
-
:'[identifier]' => self.class::IDENTIFIER,
|
26
|
-
:'Q' => @algorithm.public_key.to_bn.to_s(2)
|
27
|
-
}
|
28
|
-
PublicKeyBlob.encode payload
|
29
|
-
end
|
30
|
-
|
31
|
-
def ecdsa_signature_blob data
|
32
|
-
hash = OpenSSL::Digest.digest(self.class::DIGEST, data)
|
33
|
-
sign_der = @algorithm.dsa_sign_asn1(hash)
|
34
|
-
sign_asn1 = OpenSSL::ASN1.decode(sign_der)
|
35
|
-
r = sign_asn1.value[0].value.to_i
|
36
|
-
s = sign_asn1.value[1].value.to_i
|
37
|
-
payload = {
|
38
|
-
:'r' => r,
|
39
|
-
:'s' => s,
|
40
|
-
}
|
41
|
-
EcdsaSignatureBlob.encode payload
|
42
|
-
end
|
43
|
-
|
44
|
-
def sign data
|
45
|
-
payload = {
|
46
|
-
:'ecdsa-sha2-[identifier]' => self.class::NAME,
|
47
|
-
:'ecdsa_signature_blob' => ecdsa_signature_blob(data),
|
48
|
-
}
|
49
|
-
Signature.encode payload
|
50
|
-
end
|
51
|
-
|
52
|
-
def verify sign, data
|
53
|
-
payload = Signature.decode sign
|
54
|
-
ecdsa_signature_blob = EcdsaSignatureBlob.decode payload[:'ecdsa_signature_blob']
|
55
|
-
r = ecdsa_signature_blob[:'r']
|
56
|
-
s = ecdsa_signature_blob[:'s']
|
57
|
-
sign_asn1 = OpenSSL::ASN1::Sequence.new(
|
58
|
-
[
|
59
|
-
OpenSSL::ASN1::Integer.new(OpenSSL::BN.new(r)),
|
60
|
-
OpenSSL::ASN1::Integer.new(OpenSSL::BN.new(s)),
|
61
|
-
]
|
62
|
-
)
|
63
|
-
sign_der = sign_asn1.to_der
|
64
|
-
hash = OpenSSL::Digest.digest(self.class::DIGEST, data)
|
65
|
-
payload[:'ecdsa-sha2-[identifier]'] == self.class::NAME && @algorithm.dsa_verify_asn1(hash, sign_der)
|
66
|
-
end
|
16
|
+
include Functionable
|
67
17
|
end
|
68
18
|
end
|
69
19
|
end
|
70
20
|
end
|
71
|
-
|
72
|
-
require 'hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp384/public_key_blob'
|
73
|
-
require 'hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp384/ecdsa_signature_blob'
|
74
|
-
require 'hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp384/signature'
|
@@ -1,8 +1,8 @@
|
|
1
1
|
# coding: utf-8
|
2
2
|
# vim: et ts=2 sw=2
|
3
3
|
|
4
|
-
require 'hrr_rb_ssh/logger'
|
5
4
|
require 'hrr_rb_ssh/openssl_secure_random'
|
5
|
+
require 'hrr_rb_ssh/transport/server_host_key_algorithm/functionable'
|
6
6
|
|
7
7
|
module HrrRbSsh
|
8
8
|
class Transport
|
@@ -10,65 +10,11 @@ module HrrRbSsh
|
|
10
10
|
class EcdsaSha2Nistp521 < ServerHostKeyAlgorithm
|
11
11
|
NAME = 'ecdsa-sha2-nistp521'
|
12
12
|
PREFERENCE = 50
|
13
|
-
DIGEST = 'sha512'
|
14
13
|
IDENTIFIER = 'nistp521'
|
15
14
|
SECRET_KEY = OpenSSL::PKey::EC.new('secp521r1').generate_key.to_pem
|
16
15
|
|
17
|
-
|
18
|
-
@logger = HrrRbSsh::Logger.new(self.class.name)
|
19
|
-
@algorithm = OpenSSL::PKey::EC.new (secret_key || self.class::SECRET_KEY)
|
20
|
-
end
|
21
|
-
|
22
|
-
def server_public_host_key
|
23
|
-
payload = {
|
24
|
-
:'ecdsa-sha2-[identifier]' => self.class::NAME,
|
25
|
-
:'[identifier]' => self.class::IDENTIFIER,
|
26
|
-
:'Q' => @algorithm.public_key.to_bn.to_s(2)
|
27
|
-
}
|
28
|
-
PublicKeyBlob.encode payload
|
29
|
-
end
|
30
|
-
|
31
|
-
def ecdsa_signature_blob data
|
32
|
-
hash = OpenSSL::Digest.digest(self.class::DIGEST, data)
|
33
|
-
sign_der = @algorithm.dsa_sign_asn1(hash)
|
34
|
-
sign_asn1 = OpenSSL::ASN1.decode(sign_der)
|
35
|
-
r = sign_asn1.value[0].value.to_i
|
36
|
-
s = sign_asn1.value[1].value.to_i
|
37
|
-
payload = {
|
38
|
-
:'r' => r,
|
39
|
-
:'s' => s,
|
40
|
-
}
|
41
|
-
EcdsaSignatureBlob.encode payload
|
42
|
-
end
|
43
|
-
|
44
|
-
def sign data
|
45
|
-
payload = {
|
46
|
-
:'ecdsa-sha2-[identifier]' => self.class::NAME,
|
47
|
-
:'ecdsa_signature_blob' => ecdsa_signature_blob(data),
|
48
|
-
}
|
49
|
-
Signature.encode payload
|
50
|
-
end
|
51
|
-
|
52
|
-
def verify sign, data
|
53
|
-
payload = Signature.decode sign
|
54
|
-
ecdsa_signature_blob = EcdsaSignatureBlob.decode payload[:'ecdsa_signature_blob']
|
55
|
-
r = ecdsa_signature_blob[:'r']
|
56
|
-
s = ecdsa_signature_blob[:'s']
|
57
|
-
sign_asn1 = OpenSSL::ASN1::Sequence.new(
|
58
|
-
[
|
59
|
-
OpenSSL::ASN1::Integer.new(OpenSSL::BN.new(r)),
|
60
|
-
OpenSSL::ASN1::Integer.new(OpenSSL::BN.new(s)),
|
61
|
-
]
|
62
|
-
)
|
63
|
-
sign_der = sign_asn1.to_der
|
64
|
-
hash = OpenSSL::Digest.digest(self.class::DIGEST, data)
|
65
|
-
payload[:'ecdsa-sha2-[identifier]'] == self.class::NAME && @algorithm.dsa_verify_asn1(hash, sign_der)
|
66
|
-
end
|
16
|
+
include Functionable
|
67
17
|
end
|
68
18
|
end
|
69
19
|
end
|
70
20
|
end
|
71
|
-
|
72
|
-
require 'hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp521/public_key_blob'
|
73
|
-
require 'hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp521/ecdsa_signature_blob'
|
74
|
-
require 'hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp521/signature'
|
@@ -0,0 +1,29 @@
|
|
1
|
+
# coding: utf-8
|
2
|
+
# vim: et ts=2 sw=2
|
3
|
+
|
4
|
+
require 'hrr_rb_ssh/logger'
|
5
|
+
|
6
|
+
module HrrRbSsh
|
7
|
+
class Transport
|
8
|
+
class ServerHostKeyAlgorithm
|
9
|
+
module Functionable
|
10
|
+
def initialize secret_key=nil
|
11
|
+
@logger = Logger.new(self.class.name)
|
12
|
+
@publickey = Algorithm::Publickey[self.class::NAME].new (secret_key || self.class::SECRET_KEY)
|
13
|
+
end
|
14
|
+
|
15
|
+
def server_public_host_key
|
16
|
+
@publickey.to_public_key_blob
|
17
|
+
end
|
18
|
+
|
19
|
+
def sign signature_blob
|
20
|
+
@publickey.sign signature_blob
|
21
|
+
end
|
22
|
+
|
23
|
+
def verify signature, signature_blob
|
24
|
+
@publickey.verify signature, signature_blob
|
25
|
+
end
|
26
|
+
end
|
27
|
+
end
|
28
|
+
end
|
29
|
+
end
|
@@ -1,9 +1,8 @@
|
|
1
1
|
# coding: utf-8
|
2
2
|
# vim: et ts=2 sw=2
|
3
3
|
|
4
|
-
require 'hrr_rb_ssh/logger'
|
5
|
-
require 'hrr_rb_ssh/data_type'
|
6
4
|
require 'hrr_rb_ssh/openssl_secure_random'
|
5
|
+
require 'hrr_rb_ssh/transport/server_host_key_algorithm/functionable'
|
7
6
|
|
8
7
|
module HrrRbSsh
|
9
8
|
class Transport
|
@@ -11,57 +10,10 @@ module HrrRbSsh
|
|
11
10
|
class SshDss < ServerHostKeyAlgorithm
|
12
11
|
NAME = 'ssh-dss'
|
13
12
|
PREFERENCE = 10
|
14
|
-
DIGEST = 'sha1'
|
15
13
|
SECRET_KEY = OpenSSL::PKey::DSA.new(1024).to_pem
|
16
14
|
|
17
|
-
|
18
|
-
@logger = HrrRbSsh::Logger.new(self.class.name)
|
19
|
-
@dss = OpenSSL::PKey::DSA.new (secret_key || self.class::SECRET_KEY)
|
20
|
-
end
|
21
|
-
|
22
|
-
def server_public_host_key
|
23
|
-
payload = {
|
24
|
-
:'ssh-dss' => "ssh-dss",
|
25
|
-
:'p' => @dss.p.to_i,
|
26
|
-
:'q' => @dss.q.to_i,
|
27
|
-
:'g' => @dss.g.to_i,
|
28
|
-
:'y' => @dss.pub_key.to_i,
|
29
|
-
}
|
30
|
-
PublicKeyBlob.encode payload
|
31
|
-
end
|
32
|
-
|
33
|
-
def sign data
|
34
|
-
hash = OpenSSL::Digest.digest(self.class::DIGEST, data)
|
35
|
-
sign_der = @dss.syssign(hash)
|
36
|
-
sign_asn1 = OpenSSL::ASN1.decode(sign_der)
|
37
|
-
sign_r = sign_asn1.value[0].value.to_s(2).rjust(20, ["00"].pack("H"))
|
38
|
-
sign_s = sign_asn1.value[1].value.to_s(2).rjust(20, ["00"].pack("H"))
|
39
|
-
payload = {
|
40
|
-
:'ssh-dss' => "ssh-dss",
|
41
|
-
:'dss_signature_blob' => (sign_r + sign_s),
|
42
|
-
}
|
43
|
-
Signature.encode payload
|
44
|
-
end
|
45
|
-
|
46
|
-
def verify sign, data
|
47
|
-
payload = Signature.decode sign
|
48
|
-
dss_signature_blob = payload[:'dss_signature_blob']
|
49
|
-
sign_r = dss_signature_blob[ 0, 20]
|
50
|
-
sign_s = dss_signature_blob[20, 20]
|
51
|
-
sign_asn1 = OpenSSL::ASN1::Sequence.new(
|
52
|
-
[
|
53
|
-
OpenSSL::ASN1::Integer.new(OpenSSL::BN.new(sign_r, 2)),
|
54
|
-
OpenSSL::ASN1::Integer.new(OpenSSL::BN.new(sign_s, 2)),
|
55
|
-
]
|
56
|
-
)
|
57
|
-
sign_der = sign_asn1.to_der
|
58
|
-
hash = OpenSSL::Digest.digest(self.class::DIGEST, data)
|
59
|
-
payload[:'ssh-dss'] == "ssh-dss" && @dss.sysverify(hash, sign_der)
|
60
|
-
end
|
15
|
+
include Functionable
|
61
16
|
end
|
62
17
|
end
|
63
18
|
end
|
64
19
|
end
|
65
|
-
|
66
|
-
require 'hrr_rb_ssh/transport/server_host_key_algorithm/ssh_dss/public_key_blob'
|
67
|
-
require 'hrr_rb_ssh/transport/server_host_key_algorithm/ssh_dss/signature'
|
@@ -1,8 +1,8 @@
|
|
1
1
|
# coding: utf-8
|
2
2
|
# vim: et ts=2 sw=2
|
3
3
|
|
4
|
-
require 'hrr_rb_ssh/logger'
|
5
4
|
require 'hrr_rb_ssh/openssl_secure_random'
|
5
|
+
require 'hrr_rb_ssh/transport/server_host_key_algorithm/functionable'
|
6
6
|
|
7
7
|
module HrrRbSsh
|
8
8
|
class Transport
|
@@ -10,39 +10,10 @@ module HrrRbSsh
|
|
10
10
|
class SshRsa < ServerHostKeyAlgorithm
|
11
11
|
NAME = 'ssh-rsa'
|
12
12
|
PREFERENCE = 20
|
13
|
-
DIGEST = 'sha1'
|
14
13
|
SECRET_KEY = OpenSSL::PKey::RSA.new(2048).to_pem
|
15
14
|
|
16
|
-
|
17
|
-
@logger = HrrRbSsh::Logger.new(self.class.name)
|
18
|
-
@rsa = OpenSSL::PKey::RSA.new (secret_key || self.class::SECRET_KEY)
|
19
|
-
end
|
20
|
-
|
21
|
-
def server_public_host_key
|
22
|
-
payload = {
|
23
|
-
:'ssh-rsa' => "ssh-rsa",
|
24
|
-
:'e' => @rsa.e.to_i,
|
25
|
-
:'n' => @rsa.n.to_i,
|
26
|
-
}
|
27
|
-
PublicKeyBlob.encode payload
|
28
|
-
end
|
29
|
-
|
30
|
-
def sign data
|
31
|
-
payload = {
|
32
|
-
:'ssh-rsa' => "ssh-rsa",
|
33
|
-
:'rsa_signature_blob' => @rsa.sign(self.class::DIGEST, data),
|
34
|
-
}
|
35
|
-
Signature.encode payload
|
36
|
-
end
|
37
|
-
|
38
|
-
def verify sign, data
|
39
|
-
payload = Signature.decode sign
|
40
|
-
payload[:'ssh-rsa'] == "ssh-rsa" && @rsa.verify(self.class::DIGEST, payload[:'rsa_signature_blob'], data)
|
41
|
-
end
|
15
|
+
include Functionable
|
42
16
|
end
|
43
17
|
end
|
44
18
|
end
|
45
19
|
end
|
46
|
-
|
47
|
-
require 'hrr_rb_ssh/transport/server_host_key_algorithm/ssh_rsa/public_key_blob'
|
48
|
-
require 'hrr_rb_ssh/transport/server_host_key_algorithm/ssh_rsa/signature'
|