k-yamada-net-ssh 2.3.0

data/lib/net/ssh/transport/kex/diffie_hellman_group_exchange_sha1.rb

@@ -0,0 +1,80 @@
+require 'net/ssh/errors'
+require 'net/ssh/transport/constants'
+require 'net/ssh/transport/kex/diffie_hellman_group1_sha1'
+
+module Net::SSH::Transport::Kex
+
+  # A key-exchange service implementing the
+  # "diffie-hellman-group-exchange-sha1" key-exchange algorithm.
+  class DiffieHellmanGroupExchangeSHA1 < DiffieHellmanGroup1SHA1
+    MINIMUM_BITS      = 1024
+    MAXIMUM_BITS      = 8192
+
+    KEXDH_GEX_GROUP   = 31
+    KEXDH_GEX_INIT    = 32
+    KEXDH_GEX_REPLY   = 33
+    KEXDH_GEX_REQUEST = 34
+
+    private
+
+      # Compute the number of bits needed for the given number of bytes.
+      def compute_need_bits
+
+        # for Compatibility: OpenSSH requires (need_bits * 2 + 1) length of parameter
+        need_bits = data[:need_bytes] * 8 * 2 + 1
+
+        if need_bits < MINIMUM_BITS
+          need_bits = MINIMUM_BITS
+        elsif need_bits > MAXIMUM_BITS
+          need_bits = MAXIMUM_BITS
+        end
+
+        data[:need_bits ] = need_bits
+        data[:need_bytes] = need_bits / 8
+      end
+
+      # Returns the DH key parameters for the given session.
+      def get_parameters
+        compute_need_bits
+
+        # request the DH key parameters for the given number of bits.
+        buffer = Net::SSH::Buffer.from(:byte, KEXDH_GEX_REQUEST, :long, MINIMUM_BITS,
+          :long, data[:need_bits], :long, MAXIMUM_BITS)
+        connection.send_message(buffer)
+
+        buffer = connection.next_message
+        unless buffer.type == KEXDH_GEX_GROUP
+          raise Net::SSH::Exception, "expected KEXDH_GEX_GROUP, got #{buffer.type}"
+        end
+
+        p = buffer.read_bignum
+        g = buffer.read_bignum
+
+        [p, g]
+      end
+
+      # Returns the INIT/REPLY constants used by this algorithm.
+      def get_message_types
+        [KEXDH_GEX_INIT, KEXDH_GEX_REPLY]
+      end
+
+      # Build the signature buffer to use when verifying a signature from
+      # the server.
+      def build_signature_buffer(result)
+        response = Net::SSH::Buffer.new
+        response.write_string data[:client_version_string],
+                              data[:server_version_string],
+                              data[:client_algorithm_packet],
+                              data[:server_algorithm_packet],
+                              result[:key_blob]
+        response.write_long MINIMUM_BITS,
+                            data[:need_bits],
+                            MAXIMUM_BITS
+        response.write_bignum dh.p, dh.g, dh.pub_key,
+                              result[:server_dh_pubkey],
+                              result[:shared_secret]
+        response
+      end
+  end
+
+end

data/lib/net/ssh/transport/kex/diffie_hellman_group_exchange_sha256.rb

@@ -0,0 +1,15 @@
+require 'net/ssh/transport/kex/diffie_hellman_group_exchange_sha1'
+
+module Net::SSH::Transport::Kex
+  if defined?(OpenSSL::Digest::SHA256)
+    # A key-exchange service implementing the
+    # "diffie-hellman-group-exchange-sha256" key-exchange algorithm.
+    class DiffieHellmanGroupExchangeSHA256 < DiffieHellmanGroupExchangeSHA1
+      def initialize(*args)
+        super(*args)
+
+        @digester = OpenSSL::Digest::SHA256
+      end
+    end
+  end
+end

data/lib/net/ssh/transport/key_expander.rb

@@ -0,0 +1,26 @@
+module Net; module SSH; module Transport
+  module KeyExpander
+
+  # Generate a key value in accordance with the SSH2 specification.
+  # (RFC4253 7.2. "Output from Key Exchange")
+  def self.expand_key(bytes, start, options={})
+    if bytes == 0
+      return ""
+    end
+
+    k = start[0, bytes]
+
+    digester = options[:digester] or raise 'No digester supplied'
+    shared   = options[:shared] or raise 'No shared secret supplied'
+    hash     = options[:hash] or raise 'No hash supplied'
+
+    while k.length < bytes
+      step = digester.digest(shared + hash + k)
+      bytes_needed = bytes - k.length
+      k << step[0, bytes_needed]
+    end
+
+    return k
+  end
+end
+end; end; end

data/lib/net/ssh/transport/openssl.rb

@@ -0,0 +1,127 @@
+require 'openssl'
+
+module OpenSSL
+
+  # This class is originally defined in the OpenSSL module. As needed, methods
+  # have been added to it by the Net::SSH module for convenience in dealing with
+  # SSH functionality.
+  class BN
+
+    # Converts a BN object to a string. The format used is that which is
+    # required by the SSH2 protocol.
+    def to_ssh
+      if zero?
+        return [0].pack("N")
+      else
+        buf = to_s(2)
+        if buf.getbyte(0)[7] == 1
+          return [buf.length+1, 0, buf].pack("NCA*")
+        else
+          return [buf.length, buf].pack("NA*")
+        end
+      end
+    end
+
+  end
+
+  module PKey
+
+    class PKey
+      def fingerprint
+        @fingerprint ||= OpenSSL::Digest::MD5.hexdigest(to_blob).scan(/../).join(":")
+      end
+    end
+
+    # This class is originally defined in the OpenSSL module. As needed, methods
+    # have been added to it by the Net::SSH module for convenience in dealing
+    # with SSH functionality.
+    class DH
+
+      # Determines whether the pub_key for this key is valid. (This algorithm
+      # lifted more-or-less directly from OpenSSH, dh.c, dh_pub_is_valid.)
+      def valid?
+        return false if pub_key.nil? || pub_key < 0
+        bits_set = 0
+        pub_key.num_bits.times { |i| bits_set += 1 if pub_key.bit_set?(i) }
+        return ( bits_set > 1 && pub_key < p )
+      end
+
+    end
+
+    # This class is originally defined in the OpenSSL module. As needed, methods
+    # have been added to it by the Net::SSH module for convenience in dealing
+    # with SSH functionality.
+    class RSA
+
+      # Returns "ssh-rsa", which is the description of this key type used by the
+      # SSH2 protocol.
+      def ssh_type
+        "ssh-rsa"
+      end
+
+      # Converts the key to a blob, according to the SSH2 protocol.
+      def to_blob
+        @blob ||= Net::SSH::Buffer.from(:string, ssh_type, :bignum, e, :bignum, n).to_s
+      end
+
+      # Verifies the given signature matches the given data.
+      def ssh_do_verify(sig, data)
+        verify(OpenSSL::Digest::SHA1.new, sig, data)
+      end
+
+      # Returns the signature for the given data.
+      def ssh_do_sign(data)
+        sign(OpenSSL::Digest::SHA1.new, data)
+      end
+    end
+
+    # This class is originally defined in the OpenSSL module. As needed, methods
+    # have been added to it by the Net::SSH module for convenience in dealing
+    # with SSH functionality.
+    class DSA
+
+      # Returns "ssh-dss", which is the description of this key type used by the
+      # SSH2 protocol.
+      def ssh_type
+        "ssh-dss"
+      end
+
+      # Converts the key to a blob, according to the SSH2 protocol.
+      def to_blob
+        @blob ||= Net::SSH::Buffer.from(:string, ssh_type,
+          :bignum, p, :bignum, q, :bignum, g, :bignum, pub_key).to_s
+      end
+
+      # Verifies the given signature matches the given data.
+      def ssh_do_verify(sig, data)
+        sig_r = sig[0,20].unpack("H*")[0].to_i(16)
+        sig_s = sig[20,20].unpack("H*")[0].to_i(16)
+        a1sig = OpenSSL::ASN1::Sequence([
+           OpenSSL::ASN1::Integer(sig_r),
+           OpenSSL::ASN1::Integer(sig_s)
+        ])
+        return verify(OpenSSL::Digest::DSS1.new, a1sig.to_der, data)
+      end
+
+      # Signs the given data.
+      def ssh_do_sign(data)
+        sig = sign( OpenSSL::Digest::DSS1.new, data)
+        a1sig = OpenSSL::ASN1.decode( sig )
+
+        sig_r = a1sig.value[0].value.to_s(2)
+        sig_s = a1sig.value[1].value.to_s(2)
+
+        if sig_r.length > 20 || sig_s.length > 20
+          raise OpenSSL::PKey::DSAError, "bad sig size"
+        end
+
+        sig_r = "\0" * ( 20 - sig_r.length ) + sig_r if sig_r.length < 20
+        sig_s = "\0" * ( 20 - sig_s.length ) + sig_s if sig_s.length < 20
+
+        return sig_r + sig_s
+      end
+    end
+
+  end
+
+end

data/lib/net/ssh/transport/packet_stream.rb

@@ -0,0 +1,235 @@
+require 'net/ssh/buffered_io'
+require 'net/ssh/errors'
+require 'net/ssh/packet'
+require 'net/ssh/ruby_compat'
+require 'net/ssh/transport/cipher_factory'
+require 'net/ssh/transport/hmac'
+require 'net/ssh/transport/state'
+
+
+module Net; module SSH; module Transport
+
+  # A module that builds additional functionality onto the Net::SSH::BufferedIo
+  # module. It adds SSH encryption, compression, and packet validation, as
+  # per the SSH2 protocol. It also adds an abstraction for polling packets,
+  # to allow for both blocking and non-blocking reads.
+  module PacketStream
+    include BufferedIo
+
+    def self.extended(object)
+      object.__send__(:initialize_ssh)
+    end
+
+    # The map of "hints" that can be used to modify the behavior of the packet
+    # stream. For instance, when authentication succeeds, an "authenticated"
+    # hint is set, which is used to determine whether or not to compress the
+    # data when using the "delayed" compression algorithm.
+    attr_reader :hints
+
+    # The server state object, which encapsulates the algorithms used to interpret
+    # packets coming from the server.
+    attr_reader :server
+
+    # The client state object, which encapsulates the algorithms used to build
+    # packets to send to the server.
+    attr_reader :client
+
+    # The name of the client (local) end of the socket, as reported by the
+    # socket.
+    def client_name
+      @client_name ||= begin
+        sockaddr = getsockname
+        begin
+          Socket.getnameinfo(sockaddr, Socket::NI_NAMEREQD).first
+        rescue
+          begin
+            Socket.getnameinfo(sockaddr).first
+          rescue
+            begin
+              Socket.gethostbyname(Socket.gethostname).first
+            rescue
+              lwarn { "the client ipaddr/name could not be determined" }
+              "unknown"
+            end
+          end
+        end
+      end
+    end
+
+    # The IP address of the peer (remote) end of the socket, as reported by
+    # the socket.
+    def peer_ip
+      @peer_ip ||=
+        if respond_to?(:getpeername)
+          addr = getpeername
+          Socket.getnameinfo(addr, Socket::NI_NUMERICHOST | Socket::NI_NUMERICSERV).first
+        else
+          "<no hostip for proxy command>"
+        end
+    end
+    
+    # Returns true if the IO is available for reading, and false otherwise.
+    def available_for_read?
+      result = Net::SSH::Compat.io_select([self], nil, nil, 0)
+      result && result.first.any?
+    end
+    
+    # Returns the next full packet. If the mode parameter is :nonblock (the
+    # default), then this will return immediately, whether a packet is
+    # available or not, and will return nil if there is no packet ready to be
+    # returned. If the mode parameter is :block, then this method will block
+    # until a packet is available.
+    def next_packet(mode=:nonblock)
+      case mode
+      when :nonblock then
+        fill if available_for_read?
+        poll_next_packet
+
+      when :block then
+        loop do
+          packet = poll_next_packet
+          return packet if packet
+
+          loop do
+            result = Net::SSH::Compat.io_select([self]) or next
+            break if result.first.any?
+          end
+
+          if fill <= 0
+            raise Net::SSH::Disconnect, "connection closed by remote host"
+          end
+        end
+
+      else
+        raise ArgumentError, "expected :block or :nonblock, got #{mode.inspect}"
+      end
+    end
+
+    # Enqueues a packet to be sent, and blocks until the entire packet is
+    # sent.
+    def send_packet(payload)
+      enqueue_packet(payload)
+      wait_for_pending_sends
+    end
+
+    # Enqueues a packet to be sent, but does not immediately send the packet.
+    # The given payload is pre-processed according to the algorithms specified
+    # in the client state (compression, cipher, and hmac).
+    def enqueue_packet(payload)
+      # try to compress the packet
+      payload = client.compress(payload)
+
+      # the length of the packet, minus the padding
+      actual_length = 4 + payload.length + 1
+
+      # compute the padding length
+      padding_length = client.block_size - (actual_length % client.block_size)
+      padding_length += client.block_size if padding_length < 4
+
+      # compute the packet length (sans the length field itself)
+      packet_length = payload.length + padding_length + 1
+
+      if packet_length < 16
+        padding_length += client.block_size
+        packet_length = payload.length + padding_length + 1
+      end
+
+      padding = Array.new(padding_length) { rand(256) }.pack("C*")
+
+      unencrypted_data = [packet_length, padding_length, payload, padding].pack("NCA*A*")
+      mac = client.hmac.digest([client.sequence_number, unencrypted_data].pack("NA*"))
+
+      encrypted_data = client.update_cipher(unencrypted_data) << client.final_cipher
+      message = encrypted_data + mac
+
+      debug { "queueing packet nr #{client.sequence_number} type #{payload.getbyte(0)} len #{packet_length}" }
+      enqueue(message)
+
+      client.increment(packet_length)
+
+      self
+    end
+
+    # Performs any pending cleanup necessary on the IO and its associated
+    # state objects. (See State#cleanup).
+    def cleanup
+      client.cleanup
+      server.cleanup
+    end
+
+    # If the IO object requires a rekey operation (as indicated by either its
+    # client or server state objects, see State#needs_rekey?), this will
+    # yield. Otherwise, this does nothing.
+    def if_needs_rekey?
+      if client.needs_rekey? || server.needs_rekey?
+        yield
+        client.reset! if client.needs_rekey?
+        server.reset! if server.needs_rekey?
+      end
+    end
+
+    protected
+
+      # Called when this module is used to extend an object. It initializes
+      # the states and generally prepares the object for use as a packet stream.
+      def initialize_ssh
+        @hints  = {}
+        @server = State.new(self, :server)
+        @client = State.new(self, :client)
+        @packet = nil
+        initialize_buffered_io
+      end
+
+      # Tries to read the next packet. If there is insufficient data to read
+      # an entire packet, this returns immediately, otherwise the packet is
+      # read, post-processed according to the cipher, hmac, and compression
+      # algorithms specified in the server state object, and returned as a
+      # new Packet object.
+      def poll_next_packet
+        if @packet.nil?
+          minimum = server.block_size < 4 ? 4 : server.block_size
+          return nil if available < minimum
+          data = read_available(minimum)
+
+          # decipher it
+          @packet = Net::SSH::Buffer.new(server.update_cipher(data))
+          @packet_length = @packet.read_long
+        end
+
+        need = @packet_length + 4 - server.block_size
+        raise Net::SSH::Exception, "padding error, need #{need} block #{server.block_size}" if need % server.block_size != 0
+
+        return nil if available < need + server.hmac.mac_length
+
+        if need > 0
+          # read the remainder of the packet and decrypt it.
+          data = read_available(need)
+          @packet.append(server.update_cipher(data))
+        end
+
+        # get the hmac from the tail of the packet (if one exists), and
+        # then validate it.
+        real_hmac = read_available(server.hmac.mac_length) || ""
+
+        @packet.append(server.final_cipher)
+        padding_length = @packet.read_byte
+
+        payload = @packet.read(@packet_length - padding_length - 1)
+        padding = @packet.read(padding_length) if padding_length > 0
+
+        my_computed_hmac = server.hmac.digest([server.sequence_number, @packet.content].pack("NA*"))
+        raise Net::SSH::Exception, "corrupted mac detected" if real_hmac != my_computed_hmac
+
+        # try to decompress the payload, in case compression is active
+        payload = server.decompress(payload)
+
+        debug { "received packet nr #{server.sequence_number} type #{payload.getbyte(0)} len #{@packet_length}" }
+
+        server.increment(@packet_length)
+        @packet = nil
+
+        return Packet.new(payload)
+      end
+  end
+
+end; end; end