minmb-net-ssh 2.5.1

data/lib/net/ssh/transport/kex/diffie_hellman_group_exchange_sha256.rb

@@ -0,0 +1,15 @@
+require 'net/ssh/transport/kex/diffie_hellman_group_exchange_sha1'
+
+module Net::SSH::Transport::Kex
+  if defined?(OpenSSL::Digest::SHA256)
+    # A key-exchange service implementing the
+    # "diffie-hellman-group-exchange-sha256" key-exchange algorithm.
+    class DiffieHellmanGroupExchangeSHA256 < DiffieHellmanGroupExchangeSHA1
+      def initialize(*args)
+        super(*args)
+
+        @digester = OpenSSL::Digest::SHA256
+      end
+    end
+  end
+end

data/lib/net/ssh/transport/kex/ecdh_sha2_nistp256.rb

@@ -0,0 +1,93 @@
+require 'net/ssh/transport/constants'
+require 'net/ssh/transport/kex/diffie_hellman_group1_sha1'
+
+module Net; module SSH; module Transport; module Kex
+
+  # A key-exchange service implementing the "ecdh-sha2-nistp256"
+  # key-exchange algorithm. (defined in RFC 5656)
+  class EcdhSHA2NistP256 < DiffieHellmanGroup1SHA1
+    include Constants, Loggable
+
+    attr_reader :ecdh
+
+    def digester
+      OpenSSL::Digest::SHA256
+    end
+
+    def curve_name
+      OpenSSL::PKey::EC::CurveNameAlias['nistp256']
+    end
+
+    def initialize(algorithms, connection, data)
+      @algorithms = algorithms
+      @connection = connection
+
+      @digester = digester
+      @data = data.dup
+      @ecdh = generate_key
+      @logger = @data.delete(:logger)
+    end
+
+    private
+
+    def get_message_types
+      [KEXECDH_INIT, KEXECDH_REPLY]
+    end
+
+    def build_signature_buffer(result)
+      response = Net::SSH::Buffer.new
+      response.write_string data[:client_version_string],
+                            data[:server_version_string],
+                            data[:client_algorithm_packet],
+                            data[:server_algorithm_packet],
+                            result[:key_blob],
+                            ecdh.public_key.to_bn.to_s(2),
+                            result[:server_ecdh_pubkey]
+      response.write_bignum result[:shared_secret]
+      response
+    end
+
+    def generate_key #:nodoc:
+      OpenSSL::PKey::EC.new(curve_name).generate_key
+    end
+
+    def send_kexinit #:nodoc:
+      init, reply = get_message_types
+
+      # send the KEXECDH_INIT message
+      ## byte     SSH_MSG_KEX_ECDH_INIT
+      ## string   Q_C, client's ephemeral public key octet string
+      buffer = Net::SSH::Buffer.from(:byte, init, :string, ecdh.public_key.to_bn.to_s(2))
+      connection.send_message(buffer)
+
+      # expect the following KEXECDH_REPLY message
+      ## byte     SSH_MSG_KEX_ECDH_REPLY
+      ## string   K_S, server's public host key
+      ## string   Q_S, server's ephemeral public key octet string
+      ## string   the signature on the exchange hash
+      buffer = connection.next_message
+      raise Net::SSH::Exception, "expected REPLY" unless buffer.type == reply
+
+      result = Hash.new
+      result[:key_blob] = buffer.read_string
+      result[:server_key] = Net::SSH::Buffer.new(result[:key_blob]).read_key
+      result[:server_ecdh_pubkey] = buffer.read_string
+
+      # compute shared secret from server's public key and client's private key
+      pk = OpenSSL::PKey::EC::Point.new(OpenSSL::PKey::EC.new(curve_name).group,
+                                        OpenSSL::BN.new(result[:server_ecdh_pubkey], 2))
+      result[:shared_secret] = OpenSSL::BN.new(ecdh.dh_compute_key(pk), 2)
+
+      sig_buffer = Net::SSH::Buffer.new(buffer.read_string)
+      sig_type = sig_buffer.read_string
+      if sig_type != algorithms.host_key
+        raise Net::SSH::Exception,
+        "host key algorithm mismatch for signature " +
+          "'#{sig_type}' != '#{algorithms.host_key}'"
+      end
+      result[:server_sig] = sig_buffer.read_string
+
+      return result
+    end
+  end
+end; end; end; end

data/lib/net/ssh/transport/kex/ecdh_sha2_nistp384.rb

@@ -0,0 +1,13 @@
+module Net; module SSH; module Transport; module Kex
+
+  # A key-exchange service implementing the "ecdh-sha2-nistp256"
+  # key-exchange algorithm. (defined in RFC 5656)
+  class EcdhSHA2NistP384 < EcdhSHA2NistP256
+    def digester
+      OpenSSL::Digest::SHA384
+    end
+    def curve_name
+      OpenSSL::PKey::EC::CurveNameAlias['nistp384']
+    end
+  end
+end; end; end; end

data/lib/net/ssh/transport/kex/ecdh_sha2_nistp521.rb

@@ -0,0 +1,13 @@
+module Net; module SSH; module Transport; module Kex
+
+  # A key-exchange service implementing the "ecdh-sha2-nistp521"
+  # key-exchange algorithm. (defined in RFC 5656)
+  class EcdhSHA2NistP521 < EcdhSHA2NistP256
+    def digester
+      OpenSSL::Digest::SHA512
+    end
+    def curve_name
+      OpenSSL::PKey::EC::CurveNameAlias['nistp521']
+    end
+  end
+end; end; end; end

data/lib/net/ssh/transport/key_expander.rb

@@ -0,0 +1,26 @@
+module Net; module SSH; module Transport
+  module KeyExpander
+
+  # Generate a key value in accordance with the SSH2 specification.
+  # (RFC4253 7.2. "Output from Key Exchange")
+  def self.expand_key(bytes, start, options={})
+    if bytes == 0
+      return ""
+    end
+
+    k = start[0, bytes]
+
+    digester = options[:digester] or raise 'No digester supplied'
+    shared   = options[:shared] or raise 'No shared secret supplied'
+    hash     = options[:hash] or raise 'No hash supplied'
+
+    while k.length < bytes
+      step = digester.digest(shared + hash + k)
+      bytes_needed = bytes - k.length
+      k << step[0, bytes_needed]
+    end
+
+    return k
+  end
+end
+end; end; end

data/lib/net/ssh/transport/openssl.rb

@@ -0,0 +1,237 @@
+# -*- coding: utf-8 -*-
+require 'openssl'
+
+module OpenSSL
+
+  # This class is originally defined in the OpenSSL module. As needed, methods
+  # have been added to it by the Net::SSH module for convenience in dealing with
+  # SSH functionality.
+  class BN
+
+    # Converts a BN object to a string. The format used is that which is
+    # required by the SSH2 protocol.
+    def to_ssh
+      if zero?
+        return [0].pack("N")
+      else
+        buf = to_s(2)
+        if buf.getbyte(0)[7] == 1
+          return [buf.length+1, 0, buf].pack("NCA*")
+        else
+          return [buf.length, buf].pack("NA*")
+        end
+      end
+    end
+
+  end
+
+  module PKey
+
+    class PKey
+      def fingerprint
+        @fingerprint ||= OpenSSL::Digest::MD5.hexdigest(to_blob).scan(/../).join(":")
+      end
+    end
+
+    # This class is originally defined in the OpenSSL module. As needed, methods
+    # have been added to it by the Net::SSH module for convenience in dealing
+    # with SSH functionality.
+    class DH
+
+      # Determines whether the pub_key for this key is valid. (This algorithm
+      # lifted more-or-less directly from OpenSSH, dh.c, dh_pub_is_valid.)
+      def valid?
+        return false if pub_key.nil? || pub_key < 0
+        bits_set = 0
+        pub_key.num_bits.times { |i| bits_set += 1 if pub_key.bit_set?(i) }
+        return ( bits_set > 1 && pub_key < p )
+      end
+
+    end
+
+    # This class is originally defined in the OpenSSL module. As needed, methods
+    # have been added to it by the Net::SSH module for convenience in dealing
+    # with SSH functionality.
+    class RSA
+
+      # Returns "ssh-rsa", which is the description of this key type used by the
+      # SSH2 protocol.
+      def ssh_type
+        "ssh-rsa"
+      end
+
+      # Converts the key to a blob, according to the SSH2 protocol.
+      def to_blob
+        @blob ||= Net::SSH::Buffer.from(:string, ssh_type, :bignum, e, :bignum, n).to_s
+      end
+
+      # Verifies the given signature matches the given data.
+      def ssh_do_verify(sig, data)
+        verify(OpenSSL::Digest::SHA1.new, sig, data)
+      end
+
+      # Returns the signature for the given data.
+      def ssh_do_sign(data)
+        sign(OpenSSL::Digest::SHA1.new, data)
+      end
+    end
+
+    # This class is originally defined in the OpenSSL module. As needed, methods
+    # have been added to it by the Net::SSH module for convenience in dealing
+    # with SSH functionality.
+    class DSA
+
+      # Returns "ssh-dss", which is the description of this key type used by the
+      # SSH2 protocol.
+      def ssh_type
+        "ssh-dss"
+      end
+
+      # Converts the key to a blob, according to the SSH2 protocol.
+      def to_blob
+        @blob ||= Net::SSH::Buffer.from(:string, ssh_type,
+          :bignum, p, :bignum, q, :bignum, g, :bignum, pub_key).to_s
+      end
+
+      # Verifies the given signature matches the given data.
+      def ssh_do_verify(sig, data)
+        sig_r = sig[0,20].unpack("H*")[0].to_i(16)
+        sig_s = sig[20,20].unpack("H*")[0].to_i(16)
+        a1sig = OpenSSL::ASN1::Sequence([
+           OpenSSL::ASN1::Integer(sig_r),
+           OpenSSL::ASN1::Integer(sig_s)
+        ])
+        return verify(OpenSSL::Digest::DSS1.new, a1sig.to_der, data)
+      end
+
+      # Signs the given data.
+      def ssh_do_sign(data)
+        sig = sign( OpenSSL::Digest::DSS1.new, data)
+        a1sig = OpenSSL::ASN1.decode( sig )
+
+        sig_r = a1sig.value[0].value.to_s(2)
+        sig_s = a1sig.value[1].value.to_s(2)
+
+        if sig_r.length > 20 || sig_s.length > 20
+          raise OpenSSL::PKey::DSAError, "bad sig size"
+        end
+
+        sig_r = "\0" * ( 20 - sig_r.length ) + sig_r if sig_r.length < 20
+        sig_s = "\0" * ( 20 - sig_s.length ) + sig_s if sig_s.length < 20
+
+        return sig_r + sig_s
+      end
+    end
+
+    if defined?(OpenSSL::PKey::EC)
+      # This class is originally defined in the OpenSSL module. As needed, methods
+      # have been added to it by the Net::SSH module for convenience in dealing
+      # with SSH functionality.
+      class EC
+        CurveNameAlias = {
+          "nistp256" => "prime256v1",
+          "nistp384" => "secp384r1",
+          "nistp521" => "secp521r1",
+        }
+
+        CurveNameAliasInv = {
+          "prime256v1" => "nistp256",
+          "secp384r1" => "nistp384",
+          "secp521r1" => "nistp521",
+        }
+
+        def self.read_keyblob(curve_name_in_type, buffer)
+          curve_name_in_key = buffer.read_string
+          unless curve_name_in_type == curve_name_in_key
+            raise Net::SSH::Exception, "curve name mismatched (`#{curve_name_in_key}' with `#{curve_name_in_type}')"
+          end
+          public_key_oct = buffer.read_string
+          begin
+            key = OpenSSL::PKey::EC.new(OpenSSL::PKey::EC::CurveNameAlias[curve_name_in_key])
+            group = key.group
+            point = OpenSSL::PKey::EC::Point.new(group, OpenSSL::BN.new(public_key_oct, 2))
+            key.public_key = point
+
+            return key
+          rescue OpenSSL::PKey::ECError => e
+            raise NotImplementedError, "unsupported key type `#{type}'"
+          end
+
+        end
+
+        # Returns the description of this key type used by the
+        # SSH2 protocol, like "ecdsa-sha2-nistp256"
+        def ssh_type
+          "ecdsa-sha2-#{CurveNameAliasInv[self.group.curve_name]}"
+        end
+
+        def digester
+          if self.group.curve_name =~ /^[a-z]+(\d+)\w*\z/
+            curve_size = $1.to_i
+            if curve_size <= 256
+              OpenSSL::Digest::SHA256.new
+            elsif curve_size <= 384
+              OpenSSL::Digest::SHA384.new
+            else
+              OpenSSL::Digest::SHA512.new
+            end
+          else
+            OpenSSL::Digest::SHA256.new
+          end
+        end
+        private :digester
+
+        # Converts the key to a blob, according to the SSH2 protocol.
+        def to_blob
+          @blob ||= Net::SSH::Buffer.from(:string, ssh_type,
+                                          :string, CurveNameAliasInv[self.group.curve_name],
+                                          :string, self.public_key.to_bn.to_s(2)).to_s
+          @blob
+        end
+
+        # Verifies the given signature matches the given data.
+        def ssh_do_verify(sig, data)
+          digest = digester.digest(data)
+          a1sig = nil
+
+          begin
+            sig_r_len = sig[0,4].unpack("H*")[0].to_i(16)
+            sig_l_len = sig[4+sig_r_len,4].unpack("H*")[0].to_i(16)
+
+            sig_r = sig[4,sig_r_len].unpack("H*")[0]
+            sig_s = sig[4+sig_r_len+4,sig_l_len].unpack("H*")[0]
+
+            a1sig = OpenSSL::ASN1::Sequence([
+              OpenSSL::ASN1::Integer(sig_r.to_i(16)),
+              OpenSSL::ASN1::Integer(sig_s.to_i(16)),
+            ])
+          rescue
+          end
+
+          if a1sig == nil
+            return false
+          else
+            dsa_verify_asn1(digest, a1sig.to_der)
+          end
+        end
+
+        # Returns the signature for the given data.
+        def ssh_do_sign(data)
+          digest = digester.digest(data)
+          sig = dsa_sign_asn1(digest)
+          a1sig = OpenSSL::ASN1.decode( sig )
+
+          sig_r = a1sig.value[0].value
+          sig_s = a1sig.value[1].value
+
+          return Net::SSH::Buffer.from(:bignum, sig_r, :bignum, sig_s).to_s
+        end
+      end
+    else
+      class OpenSSL::PKey::ECError < RuntimeError
+        # for compatibility with interpreters
+        # without EC support (i.e. JRuby)
+      end
+    end
+  end
+end

data/lib/net/ssh/transport/packet_stream.rb

@@ -0,0 +1,235 @@
+require 'net/ssh/buffered_io'
+require 'net/ssh/errors'
+require 'net/ssh/packet'
+require 'net/ssh/ruby_compat'
+require 'net/ssh/transport/cipher_factory'
+require 'net/ssh/transport/hmac'
+require 'net/ssh/transport/state'
+
+
+module Net; module SSH; module Transport
+
+  # A module that builds additional functionality onto the Net::SSH::BufferedIo
+  # module. It adds SSH encryption, compression, and packet validation, as
+  # per the SSH2 protocol. It also adds an abstraction for polling packets,
+  # to allow for both blocking and non-blocking reads.
+  module PacketStream
+    include BufferedIo
+
+    def self.extended(object)
+      object.__send__(:initialize_ssh)
+    end
+
+    # The map of "hints" that can be used to modify the behavior of the packet
+    # stream. For instance, when authentication succeeds, an "authenticated"
+    # hint is set, which is used to determine whether or not to compress the
+    # data when using the "delayed" compression algorithm.
+    attr_reader :hints
+
+    # The server state object, which encapsulates the algorithms used to interpret
+    # packets coming from the server.
+    attr_reader :server
+
+    # The client state object, which encapsulates the algorithms used to build
+    # packets to send to the server.
+    attr_reader :client
+
+    # The name of the client (local) end of the socket, as reported by the
+    # socket.
+    def client_name
+      @client_name ||= begin
+        sockaddr = getsockname
+        begin
+          Socket.getnameinfo(sockaddr, Socket::NI_NAMEREQD).first
+        rescue
+          begin
+            Socket.getnameinfo(sockaddr).first
+          rescue
+            begin
+              Socket.gethostbyname(Socket.gethostname).first
+            rescue
+              lwarn { "the client ipaddr/name could not be determined" }
+              "unknown"
+            end
+          end
+        end
+      end
+    end
+
+    # The IP address of the peer (remote) end of the socket, as reported by
+    # the socket.
+    def peer_ip
+      @peer_ip ||=
+        if respond_to?(:getpeername)
+          addr = getpeername
+          Socket.getnameinfo(addr, Socket::NI_NUMERICHOST | Socket::NI_NUMERICSERV).first
+        else
+          "<no hostip for proxy command>"
+        end
+    end
+    
+    # Returns true if the IO is available for reading, and false otherwise.
+    def available_for_read?
+      result = Net::SSH::Compat.io_select([self], nil, nil, 0)
+      result && result.first.any?
+    end
+    
+    # Returns the next full packet. If the mode parameter is :nonblock (the
+    # default), then this will return immediately, whether a packet is
+    # available or not, and will return nil if there is no packet ready to be
+    # returned. If the mode parameter is :block, then this method will block
+    # until a packet is available.
+    def next_packet(mode=:nonblock)
+      case mode
+      when :nonblock then
+        fill if available_for_read?
+        poll_next_packet
+
+      when :block then
+        loop do
+          packet = poll_next_packet
+          return packet if packet
+
+          loop do
+            result = Net::SSH::Compat.io_select([self]) or next
+            break if result.first.any?
+          end
+
+          if fill <= 0
+            raise Net::SSH::Disconnect, "connection closed by remote host"
+          end
+        end
+
+      else
+        raise ArgumentError, "expected :block or :nonblock, got #{mode.inspect}"
+      end
+    end
+
+    # Enqueues a packet to be sent, and blocks until the entire packet is
+    # sent.
+    def send_packet(payload)
+      enqueue_packet(payload)
+      wait_for_pending_sends
+    end
+
+    # Enqueues a packet to be sent, but does not immediately send the packet.
+    # The given payload is pre-processed according to the algorithms specified
+    # in the client state (compression, cipher, and hmac).
+    def enqueue_packet(payload)
+      # try to compress the packet
+      payload = client.compress(payload)
+
+      # the length of the packet, minus the padding
+      actual_length = 4 + payload.length + 1
+
+      # compute the padding length
+      padding_length = client.block_size - (actual_length % client.block_size)
+      padding_length += client.block_size if padding_length < 4
+
+      # compute the packet length (sans the length field itself)
+      packet_length = payload.length + padding_length + 1
+
+      if packet_length < 16
+        padding_length += client.block_size
+        packet_length = payload.length + padding_length + 1
+      end
+
+      padding = Array.new(padding_length) { rand(256) }.pack("C*")
+
+      unencrypted_data = [packet_length, padding_length, payload, padding].pack("NCA*A*")
+      mac = client.hmac.digest([client.sequence_number, unencrypted_data].pack("NA*"))
+
+      encrypted_data = client.update_cipher(unencrypted_data) << client.final_cipher
+      message = encrypted_data + mac
+
+      debug { "queueing packet nr #{client.sequence_number} type #{payload.getbyte(0)} len #{packet_length}" }
+      enqueue(message)
+
+      client.increment(packet_length)
+
+      self
+    end
+
+    # Performs any pending cleanup necessary on the IO and its associated
+    # state objects. (See State#cleanup).
+    def cleanup
+      client.cleanup
+      server.cleanup
+    end
+
+    # If the IO object requires a rekey operation (as indicated by either its
+    # client or server state objects, see State#needs_rekey?), this will
+    # yield. Otherwise, this does nothing.
+    def if_needs_rekey?
+      if client.needs_rekey? || server.needs_rekey?
+        yield
+        client.reset! if client.needs_rekey?
+        server.reset! if server.needs_rekey?
+      end
+    end
+
+    protected
+
+      # Called when this module is used to extend an object. It initializes
+      # the states and generally prepares the object for use as a packet stream.
+      def initialize_ssh
+        @hints  = {}
+        @server = State.new(self, :server)
+        @client = State.new(self, :client)
+        @packet = nil
+        initialize_buffered_io
+      end
+
+      # Tries to read the next packet. If there is insufficient data to read
+      # an entire packet, this returns immediately, otherwise the packet is
+      # read, post-processed according to the cipher, hmac, and compression
+      # algorithms specified in the server state object, and returned as a
+      # new Packet object.
+      def poll_next_packet
+        if @packet.nil?
+          minimum = server.block_size < 4 ? 4 : server.block_size
+          return nil if available < minimum
+          data = read_available(minimum)
+
+          # decipher it
+          @packet = Net::SSH::Buffer.new(server.update_cipher(data))
+          @packet_length = @packet.read_long
+        end
+
+        need = @packet_length + 4 - server.block_size
+        raise Net::SSH::Exception, "padding error, need #{need} block #{server.block_size}" if need % server.block_size != 0
+
+        return nil if available < need + server.hmac.mac_length
+
+        if need > 0
+          # read the remainder of the packet and decrypt it.
+          data = read_available(need)
+          @packet.append(server.update_cipher(data))
+        end
+
+        # get the hmac from the tail of the packet (if one exists), and
+        # then validate it.
+        real_hmac = read_available(server.hmac.mac_length) || ""
+
+        @packet.append(server.final_cipher)
+        padding_length = @packet.read_byte
+
+        payload = @packet.read(@packet_length - padding_length - 1)
+        padding = @packet.read(padding_length) if padding_length > 0
+
+        my_computed_hmac = server.hmac.digest([server.sequence_number, @packet.content].pack("NA*"))
+        raise Net::SSH::Exception, "corrupted mac detected" if real_hmac != my_computed_hmac
+
+        # try to decompress the payload, in case compression is active
+        payload = server.decompress(payload)
+
+        debug { "received packet nr #{server.sequence_number} type #{payload.getbyte(0)} len #{@packet_length}" }
+
+        server.increment(@packet_length)
+        @packet = nil
+
+        return Packet.new(payload)
+      end
+  end
+
+end; end; end