net-ssh-backports 6.3.0.backports

data/lib/net/ssh/transport/openssl.rb

@@ -0,0 +1,253 @@
+require 'openssl'
+require 'net/ssh/authentication/pub_key_fingerprint'
+
+module OpenSSL
+  # This class is originally defined in the OpenSSL module. As needed, methods
+  # have been added to it by the Net::SSH module for convenience in dealing with
+  # SSH functionality.
+  class BN
+    # Converts a BN object to a string. The format used is that which is
+    # required by the SSH2 protocol.
+    def to_ssh
+      if zero?
+        return [0].pack("N")
+      else
+        buf = to_s(2)
+        if buf.getbyte(0)[7] == 1
+          return [buf.length + 1, 0, buf].pack("NCA*")
+        else
+          return [buf.length, buf].pack("NA*")
+        end
+      end
+    end
+  end
+
+  module PKey
+    class PKey
+      include Net::SSH::Authentication::PubKeyFingerprint
+    end
+
+    # This class is originally defined in the OpenSSL module. As needed, methods
+    # have been added to it by the Net::SSH module for convenience in dealing
+    # with SSH functionality.
+    class DH
+      # Determines whether the pub_key for this key is valid. (This algorithm
+      # lifted more-or-less directly from OpenSSH, dh.c, dh_pub_is_valid.)
+      def valid?
+        return false if pub_key.nil? || pub_key < 0
+
+        bits_set = 0
+        pub_key.num_bits.times { |i| bits_set += 1 if pub_key.bit_set?(i) }
+        return (bits_set > 1 && pub_key < p)
+      end
+    end
+
+    # This class is originally defined in the OpenSSL module. As needed, methods
+    # have been added to it by the Net::SSH module for convenience in dealing
+    # with SSH functionality.
+    class RSA
+      # Returns "ssh-rsa", which is the description of this key type used by the
+      # SSH2 protocol.
+      def ssh_type
+        "ssh-rsa"
+      end
+
+      alias ssh_signature_type ssh_type
+
+      # Converts the key to a blob, according to the SSH2 protocol.
+      def to_blob
+        @blob ||= Net::SSH::Buffer.from(:string, ssh_type, :bignum, e, :bignum, n).to_s
+      end
+
+      # Verifies the given signature matches the given data.
+      def ssh_do_verify(sig, data, options = {})
+        digester =
+          if options[:host_key] == "rsa-sha2-512"
+            OpenSSL::Digest::SHA512.new
+          elsif options[:host_key] == "rsa-sha2-256"
+            OpenSSL::Digest::SHA256.new
+          else
+            OpenSSL::Digest::SHA1.new
+          end
+
+        verify(digester, sig, data)
+      end
+
+      # Returns the signature for the given data.
+      def ssh_do_sign(data)
+        sign(OpenSSL::Digest::SHA1.new, data)
+      end
+    end
+
+    # This class is originally defined in the OpenSSL module. As needed, methods
+    # have been added to it by the Net::SSH module for convenience in dealing
+    # with SSH functionality.
+    class DSA
+      # Returns "ssh-dss", which is the description of this key type used by the
+      # SSH2 protocol.
+      def ssh_type
+        "ssh-dss"
+      end
+
+      alias ssh_signature_type ssh_type
+
+      # Converts the key to a blob, according to the SSH2 protocol.
+      def to_blob
+        @blob ||= Net::SSH::Buffer.from(:string, ssh_type,
+          :bignum, p, :bignum, q, :bignum, g, :bignum, pub_key).to_s
+      end
+
+      # Verifies the given signature matches the given data.
+      def ssh_do_verify(sig, data, options = {})
+        sig_r = sig[0,20].unpack("H*")[0].to_i(16)
+        sig_s = sig[20,20].unpack("H*")[0].to_i(16)
+        a1sig = OpenSSL::ASN1::Sequence([
+                                          OpenSSL::ASN1::Integer(sig_r),
+                                          OpenSSL::ASN1::Integer(sig_s)
+                                        ])
+        return verify(OpenSSL::Digest::SHA1.new, a1sig.to_der, data)
+      end
+
+      # Signs the given data.
+      def ssh_do_sign(data)
+        sig = sign(OpenSSL::Digest::SHA1.new, data)
+        a1sig = OpenSSL::ASN1.decode(sig)
+
+        sig_r = a1sig.value[0].value.to_s(2)
+        sig_s = a1sig.value[1].value.to_s(2)
+
+        raise OpenSSL::PKey::DSAError, "bad sig size" if sig_r.length > 20 || sig_s.length > 20
+
+        sig_r = "\0" * (20 - sig_r.length) + sig_r if sig_r.length < 20
+        sig_s = "\0" * (20 - sig_s.length) + sig_s if sig_s.length < 20
+
+        return sig_r + sig_s
+      end
+    end
+
+    # This class is originally defined in the OpenSSL module. As needed, methods
+    # have been added to it by the Net::SSH module for convenience in dealing
+    # with SSH functionality.
+    class EC
+      CurveNameAlias = {
+        'nistp256' => 'prime256v1',
+        'nistp384' => 'secp384r1',
+        'nistp521' => 'secp521r1'
+      }.freeze
+
+      CurveNameAliasInv = {
+        'prime256v1' => 'nistp256',
+        'secp384r1' => 'nistp384',
+        'secp521r1' => 'nistp521'
+      }.freeze
+
+      def self.read_keyblob(curve_name_in_type, buffer)
+        curve_name_in_key = buffer.read_string
+
+        unless curve_name_in_type == curve_name_in_key
+          raise Net::SSH::Exception, "curve name mismatched (`#{curve_name_in_key}' with `#{curve_name_in_type}')"
+        end
+
+        public_key_oct = buffer.read_string
+        begin
+          key = OpenSSL::PKey::EC.new(OpenSSL::PKey::EC::CurveNameAlias[curve_name_in_key])
+          group = key.group
+          point = OpenSSL::PKey::EC::Point.new(group, OpenSSL::BN.new(public_key_oct, 2))
+          key.public_key = point
+
+          return key
+        rescue OpenSSL::PKey::ECError
+          raise NotImplementedError, "unsupported key type `#{type}'"
+        end
+      end
+
+      # Returns the description of this key type used by the
+      # SSH2 protocol, like "ecdsa-sha2-nistp256"
+      def ssh_type
+        "ecdsa-sha2-#{CurveNameAliasInv[group.curve_name]}"
+      end
+
+      alias ssh_signature_type ssh_type
+
+      def digester
+        if group.curve_name =~ /^[a-z]+(\d+)\w*\z/
+          curve_size = Regexp.last_match(1).to_i
+          if curve_size <= 256
+            OpenSSL::Digest::SHA256.new
+          elsif curve_size <= 384
+            OpenSSL::Digest::SHA384.new
+          else
+            OpenSSL::Digest::SHA512.new
+          end
+        else
+          OpenSSL::Digest::SHA256.new
+        end
+      end
+      private :digester
+
+      # Converts the key to a blob, according to the SSH2 protocol.
+      def to_blob
+        @blob ||= Net::SSH::Buffer.from(:string, ssh_type,
+                                        :string, CurveNameAliasInv[group.curve_name],
+                                        :mstring, public_key.to_bn.to_s(2)).to_s
+        @blob
+      end
+
+      # Verifies the given signature matches the given data.
+      def ssh_do_verify(sig, data, options = {})
+        digest = digester.digest(data)
+        a1sig = nil
+
+        begin
+          sig_r_len = sig[0, 4].unpack('H*')[0].to_i(16)
+          sig_l_len = sig[4 + sig_r_len, 4].unpack('H*')[0].to_i(16)
+
+          sig_r = sig[4, sig_r_len].unpack('H*')[0]
+          sig_s = sig[4 + sig_r_len + 4, sig_l_len].unpack('H*')[0]
+
+          a1sig = OpenSSL::ASN1::Sequence([
+                                            OpenSSL::ASN1::Integer(sig_r.to_i(16)),
+                                            OpenSSL::ASN1::Integer(sig_s.to_i(16))
+                                          ])
+        rescue StandardError
+        end
+
+        if a1sig.nil?
+          return false
+        else
+          dsa_verify_asn1(digest, a1sig.to_der)
+        end
+      end
+
+      # Returns the signature for the given data.
+      def ssh_do_sign(data)
+        digest = digester.digest(data)
+        sig = dsa_sign_asn1(digest)
+        a1sig = OpenSSL::ASN1.decode(sig)
+
+        sig_r = a1sig.value[0].value
+        sig_s = a1sig.value[1].value
+
+        Net::SSH::Buffer.from(:bignum, sig_r, :bignum, sig_s).to_s
+      end
+
+      class Point
+        # Returns the description of this key type used by the
+        # SSH2 protocol, like "ecdsa-sha2-nistp256"
+        def ssh_type
+          "ecdsa-sha2-#{CurveNameAliasInv[group.curve_name]}"
+        end
+
+        alias ssh_signature_type ssh_type
+
+        # Converts the key to a blob, according to the SSH2 protocol.
+        def to_blob
+          @blob ||= Net::SSH::Buffer.from(:string, ssh_type,
+                                          :string, CurveNameAliasInv[group.curve_name],
+                                          :mstring, to_bn.to_s(2)).to_s
+          @blob
+        end
+      end
+    end
+  end
+end

data/lib/net/ssh/transport/packet_stream.rb

@@ -0,0 +1,280 @@
+require 'net/ssh/buffered_io'
+require 'net/ssh/errors'
+require 'net/ssh/packet'
+require 'net/ssh/transport/cipher_factory'
+require 'net/ssh/transport/hmac'
+require 'net/ssh/transport/state'
+
+module Net
+  module SSH
+    module Transport
+      # A module that builds additional functionality onto the Net::SSH::BufferedIo
+      # module. It adds SSH encryption, compression, and packet validation, as
+      # per the SSH2 protocol. It also adds an abstraction for polling packets,
+      # to allow for both blocking and non-blocking reads.
+      module PacketStream
+        PROXY_COMMAND_HOST_IP = '<no hostip for proxy command>'.freeze
+
+        include BufferedIo
+
+        def self.extended(object)
+          object.__send__(:initialize_ssh)
+        end
+
+        # The map of "hints" that can be used to modify the behavior of the packet
+        # stream. For instance, when authentication succeeds, an "authenticated"
+        # hint is set, which is used to determine whether or not to compress the
+        # data when using the "delayed" compression algorithm.
+        attr_reader :hints
+
+        # The server state object, which encapsulates the algorithms used to interpret
+        # packets coming from the server.
+        attr_reader :server
+
+        # The client state object, which encapsulates the algorithms used to build
+        # packets to send to the server.
+        attr_reader :client
+
+        # The name of the client (local) end of the socket, as reported by the
+        # socket.
+        def client_name
+          @client_name ||= begin
+            sockaddr = getsockname
+            begin
+              Socket.getnameinfo(sockaddr, Socket::NI_NAMEREQD).first
+            rescue StandardError
+              begin
+                Socket.getnameinfo(sockaddr).first
+              rescue StandardError
+                begin
+                  Socket.gethostbyname(Socket.gethostname).first
+                rescue StandardError
+                  lwarn { "the client ipaddr/name could not be determined" }
+                  "unknown"
+                end
+              end
+            end
+          end
+        end
+
+        # The IP address of the peer (remote) end of the socket, as reported by
+        # the socket.
+        def peer_ip
+          @peer_ip ||=
+            if respond_to?(:getpeername)
+              addr = getpeername
+              Socket.getnameinfo(addr, Socket::NI_NUMERICHOST | Socket::NI_NUMERICSERV).first
+            else
+              PROXY_COMMAND_HOST_IP
+            end
+        end
+
+        # Returns true if the IO is available for reading, and false otherwise.
+        def available_for_read?
+          result = IO.select([self], nil, nil, 0)
+          result && result.first.any?
+        end
+
+        # Returns the next full packet. If the mode parameter is :nonblock (the
+        # default), then this will return immediately, whether a packet is
+        # available or not, and will return nil if there is no packet ready to be
+        # returned. If the mode parameter is :block, then this method will block
+        # until a packet is available or timeout seconds have passed.
+        def next_packet(mode=:nonblock, timeout=nil)
+          case mode
+          when :nonblock then
+            packet = poll_next_packet
+            return packet if packet
+
+            if available_for_read?
+              if fill <= 0
+                result = poll_next_packet
+                if result.nil?
+                  raise Net::SSH::Disconnect, "connection closed by remote host"
+                else
+                  return result
+                end
+              end
+            end
+            poll_next_packet
+
+          when :block then
+            loop do
+              packet = poll_next_packet
+              return packet if packet
+
+              result = IO.select([self], nil, nil, timeout)
+              raise Net::SSH::ConnectionTimeout, "timeout waiting for next packet" unless result
+              raise Net::SSH::Disconnect, "connection closed by remote host" if fill <= 0
+            end
+
+          else
+            raise ArgumentError, "expected :block or :nonblock, got #{mode.inspect}"
+          end
+        end
+
+        # Enqueues a packet to be sent, and blocks until the entire packet is
+        # sent.
+        def send_packet(payload)
+          enqueue_packet(payload)
+          wait_for_pending_sends
+        end
+
+        # Enqueues a packet to be sent, but does not immediately send the packet.
+        # The given payload is pre-processed according to the algorithms specified
+        # in the client state (compression, cipher, and hmac).
+        def enqueue_packet(payload)
+          # try to compress the packet
+          payload = client.compress(payload)
+
+          # the length of the packet, minus the padding
+          actual_length = (client.hmac.etm ? 0 : 4) + payload.bytesize + 1
+
+          # compute the padding length
+          padding_length = client.block_size - (actual_length % client.block_size)
+          padding_length += client.block_size if padding_length < 4
+
+          # compute the packet length (sans the length field itself)
+          packet_length = payload.bytesize + padding_length + 1
+
+          if packet_length < 16
+            padding_length += client.block_size
+            packet_length = payload.bytesize + padding_length + 1
+          end
+
+          padding = Array.new(padding_length) { rand(256) }.pack("C*")
+
+          if client.hmac.etm
+            debug { "using encrypt-then-mac" }
+
+            # Encrypt padding_length, payload, and padding. Take MAC
+            # from the unencrypted packet_lenght and the encrypted
+            # data.
+            length_data = [packet_length].pack("N")
+
+            unencrypted_data = [padding_length, payload, padding].pack("CA*A*")
+
+            encrypted_data = client.update_cipher(unencrypted_data) << client.final_cipher
+
+            mac_data = length_data + encrypted_data
+
+            mac = client.hmac.digest([client.sequence_number, mac_data].pack("NA*"))
+
+            message = mac_data + mac
+          else
+            unencrypted_data = [packet_length, padding_length, payload, padding].pack("NCA*A*")
+
+            mac = client.hmac.digest([client.sequence_number, unencrypted_data].pack("NA*"))
+
+            encrypted_data = client.update_cipher(unencrypted_data) << client.final_cipher
+
+            message = encrypted_data + mac
+          end
+
+          debug { "queueing packet nr #{client.sequence_number} type #{payload.getbyte(0)} len #{packet_length}" }
+          enqueue(message)
+
+          client.increment(packet_length)
+
+          self
+        end
+
+        # Performs any pending cleanup necessary on the IO and its associated
+        # state objects. (See State#cleanup).
+        def cleanup
+          client.cleanup
+          server.cleanup
+        end
+
+        # If the IO object requires a rekey operation (as indicated by either its
+        # client or server state objects, see State#needs_rekey?), this will
+        # yield. Otherwise, this does nothing.
+        def if_needs_rekey?
+          if client.needs_rekey? || server.needs_rekey?
+            yield
+            client.reset! if client.needs_rekey?
+            server.reset! if server.needs_rekey?
+          end
+        end
+
+        protected
+
+        # Called when this module is used to extend an object. It initializes
+        # the states and generally prepares the object for use as a packet stream.
+        def initialize_ssh
+          @hints  = {}
+          @server = State.new(self, :server)
+          @client = State.new(self, :client)
+          @packet = nil
+          initialize_buffered_io
+        end
+
+        # Tries to read the next packet. If there is insufficient data to read
+        # an entire packet, this returns immediately, otherwise the packet is
+        # read, post-processed according to the cipher, hmac, and compression
+        # algorithms specified in the server state object, and returned as a
+        # new Packet object.
+        # rubocop:disable Metrics/AbcSize
+        def poll_next_packet
+          aad_length = server.hmac.etm ? 4 : 0
+
+          if @packet.nil?
+            minimum = server.block_size < 4 ? 4 : server.block_size
+            return nil if available < minimum + aad_length
+
+            data = read_available(minimum + aad_length)
+
+            # decipher it
+            if server.hmac.etm
+              @packet_length = data.unpack("N").first
+              @mac_data = data
+              @packet = Net::SSH::Buffer.new(server.update_cipher(data[aad_length..-1]))
+            else
+              @packet = Net::SSH::Buffer.new(server.update_cipher(data))
+              @packet_length = @packet.read_long
+            end
+          end
+
+          need = @packet_length + 4 - aad_length - server.block_size
+          raise Net::SSH::Exception, "padding error, need #{need} block #{server.block_size}" if need % server.block_size != 0
+
+          return nil if available < need + server.hmac.mac_length
+
+          if need > 0
+            # read the remainder of the packet and decrypt it.
+            data = read_available(need)
+            @mac_data += data if server.hmac.etm
+            @packet.append(server.update_cipher(data))
+          end
+
+          # get the hmac from the tail of the packet (if one exists), and
+          # then validate it.
+          real_hmac = read_available(server.hmac.mac_length) || ""
+
+          @packet.append(server.final_cipher)
+          padding_length = @packet.read_byte
+
+          payload = @packet.read(@packet_length - padding_length - 1)
+
+          my_computed_hmac = if server.hmac.etm
+                               server.hmac.digest([server.sequence_number, @mac_data].pack("NA*"))
+                             else
+                               server.hmac.digest([server.sequence_number, @packet.content].pack("NA*"))
+                             end
+          raise Net::SSH::Exception, "corrupted hmac detected #{server.hmac.class}" if real_hmac != my_computed_hmac
+
+          # try to decompress the payload, in case compression is active
+          payload = server.decompress(payload)
+
+          debug { "received packet nr #{server.sequence_number} type #{payload.getbyte(0)} len #{@packet_length}" }
+
+          server.increment(@packet_length)
+          @packet = nil
+
+          return Packet.new(payload)
+        end
+      end
+      # rubocop:enable Metrics/AbcSize
+    end
+  end
+end

data/lib/net/ssh/transport/server_version.rb

@@ -0,0 +1,77 @@
+require 'net/ssh/errors'
+require 'net/ssh/loggable'
+require 'net/ssh/version'
+
+module Net
+  module SSH
+    module Transport
+      # Negotiates the SSH protocol version and trades information about server
+      # and client. This is never used directly--it is always called by the
+      # transport layer as part of the initialization process of the transport
+      # layer.
+      #
+      # Note that this class also encapsulates the negotiated version, and acts as
+      # the authoritative reference for any queries regarding the version in effect.
+      class ServerVersion
+        include Loggable
+
+        # The SSH version string as reported by Net::SSH
+        PROTO_VERSION = "SSH-2.0-Ruby/Net::SSH_#{Net::SSH::Version::CURRENT} #{RUBY_PLATFORM}"
+
+        # Any header text sent by the server prior to sending the version.
+        attr_reader :header
+
+        # The version string reported by the server.
+        attr_reader :version
+
+        # Instantiates a new ServerVersion and immediately (and synchronously)
+        # negotiates the SSH protocol in effect, using the given socket.
+        def initialize(socket, logger, timeout = nil)
+          @header = String.new
+          @version = nil
+          @logger = logger
+          negotiate!(socket, timeout)
+        end
+
+        private
+
+        # Negotiates the SSH protocol to use, via the given socket. If the server
+        # reports an incompatible SSH version (e.g., SSH1), this will raise an
+        # exception.
+        def negotiate!(socket, timeout)
+          info { "negotiating protocol version" }
+
+          debug { "local is `#{PROTO_VERSION}'" }
+          socket.write "#{PROTO_VERSION}\r\n"
+          socket.flush
+
+          raise Net::SSH::ConnectionTimeout, "timeout during server version negotiating" if timeout && !IO.select([socket], nil, nil, timeout)
+
+          loop do
+            @version = String.new
+            loop do
+              begin
+                b = socket.readpartial(1)
+                raise Net::SSH::Disconnect, "connection closed by remote host" if b.nil?
+              rescue EOFError
+                raise Net::SSH::Disconnect, "connection closed by remote host"
+              end
+              @version << b
+              break if b == "\n"
+            end
+            break if @version.match(/^SSH-/)
+
+            @header << @version
+          end
+
+          @version.chomp!
+          debug { "remote is `#{@version}'" }
+
+          raise Net::SSH::Exception, "incompatible SSH version `#{@version}'" unless @version.match(/^SSH-(1\.99|2\.0)-/)
+
+          raise Net::SSH::ConnectionTimeout, "timeout during client version negotiating" if timeout && !IO.select(nil, [socket], nil, timeout)
+        end
+      end
+    end
+  end
+end