net-ssh 5.2.0 → 7.0.1

data/lib/net/ssh/transport/algorithms.rb

@@ -5,13 +5,13 @@ require 'net/ssh/transport/cipher_factory'
 require 'net/ssh/transport/constants'
 require 'net/ssh/transport/hmac'
 require 'net/ssh/transport/kex'
+require 'net/ssh/transport/kex/curve25519_sha256_loader'
 require 'net/ssh/transport/server_version'
 require 'net/ssh/authentication/ed25519_loader'
 
 module Net
   module SSH
     module Transport
-
       # Implements the higher-level logic behind an SSH key-exchange. It handles
       # both the initial exchange, as well as subsequent re-exchanges (as needed).
       # It also encapsulates the negotiation of the algorithms, and provides a
@@ -23,56 +23,75 @@ module Net
         include Loggable
         include Constants
 
-        # Define the default algorithms, in order of preference, supported by
-        # Net::SSH.
-        ALGORITHMS = {
-          host_key: %w[ssh-rsa-cert-v01@openssh.com
+        # Define the default algorithms, in order of preference, supported by Net::SSH.
+        DEFAULT_ALGORITHMS = {
+          host_key: %w[ecdsa-sha2-nistp521-cert-v01@openssh.com
+                       ecdsa-sha2-nistp384-cert-v01@openssh.com
+                       ecdsa-sha2-nistp256-cert-v01@openssh.com
+                       ecdsa-sha2-nistp521
+                       ecdsa-sha2-nistp384
+                       ecdsa-sha2-nistp256
+                       ssh-rsa-cert-v01@openssh.com
                        ssh-rsa-cert-v00@openssh.com
-                       ssh-rsa ssh-dss],
-          kex: %w[diffie-hellman-group-exchange-sha256
-                  diffie-hellman-group-exchange-sha1
-                  diffie-hellman-group14-sha1
+                       ssh-rsa
+                       rsa-sha2-256
+                       rsa-sha2-512],
+
+          kex: %w[ecdh-sha2-nistp521
+                  ecdh-sha2-nistp384
+                  ecdh-sha2-nistp256
+                  diffie-hellman-group-exchange-sha256
+                  diffie-hellman-group14-sha256
+                  diffie-hellman-group14-sha1],
+
+          encryption: %w[aes256-ctr aes192-ctr aes128-ctr],
+
+          hmac: %w[hmac-sha2-512-etm@openssh.com hmac-sha2-256-etm@openssh.com
+                   hmac-sha2-512 hmac-sha2-256
+                   hmac-sha1]
+        }.freeze
+
+        if Net::SSH::Authentication::ED25519Loader::LOADED
+          DEFAULT_ALGORITHMS[:host_key].unshift(
+            'ssh-ed25519-cert-v01@openssh.com',
+            'ssh-ed25519'
+          )
+        end
+
+        if Net::SSH::Transport::Kex::Curve25519Sha256Loader::LOADED
+          DEFAULT_ALGORITHMS[:kex].unshift(
+            'curve25519-sha256',
+            'curve25519-sha256@libssh.org'
+          )
+        end
+
+        # Define all algorithms, with the deprecated, supported by Net::SSH.
+        ALGORITHMS = {
+          host_key: DEFAULT_ALGORITHMS[:host_key] + %w[ssh-dss],
+
+          kex: DEFAULT_ALGORITHMS[:kex] +
+               %w[diffie-hellman-group-exchange-sha1
                   diffie-hellman-group1-sha1],
-          encryption: %w[aes256-ctr aes192-ctr aes128-ctr
-                         aes256-cbc aes192-cbc aes128-cbc
+
+          encryption: DEFAULT_ALGORITHMS[:encryption] +
+                      %w[aes256-cbc aes192-cbc aes128-cbc
                          rijndael-cbc@lysator.liu.se
                          blowfish-ctr blowfish-cbc
                          cast128-ctr cast128-cbc
                          3des-ctr 3des-cbc
-                         idea-cbc arcfour256 arcfour128 arcfour
+                         idea-cbc
                          none],
 
-          hmac: %w[hmac-sha2-512 hmac-sha2-256
-                   hmac-sha2-512-96 hmac-sha2-256-96
-                   hmac-sha1 hmac-sha1-96
+          hmac: DEFAULT_ALGORITHMS[:hmac] +
+                %w[hmac-sha2-512-96 hmac-sha2-256-96
+                   hmac-sha1-96
                    hmac-ripemd160 hmac-ripemd160@openssh.com
                    hmac-md5 hmac-md5-96
                    none],
 
           compression: %w[none zlib@openssh.com zlib],
           language: %w[]
-        }
-        if defined?(OpenSSL::PKey::EC)
-          ALGORITHMS[:host_key].unshift(
-            "ecdsa-sha2-nistp521-cert-v01@openssh.com",
-            "ecdsa-sha2-nistp384-cert-v01@openssh.com",
-            "ecdsa-sha2-nistp256-cert-v01@openssh.com",
-            "ecdsa-sha2-nistp521",
-            "ecdsa-sha2-nistp384",
-            "ecdsa-sha2-nistp256"
-          )
-          if Net::SSH::Authentication::ED25519Loader::LOADED
-            ALGORITHMS[:host_key].unshift(
-              "ssh-ed25519-cert-v01@openssh.com",
-              "ssh-ed25519"
-            )
-          end
-          ALGORITHMS[:kex].unshift(
-            "ecdh-sha2-nistp521",
-            "ecdh-sha2-nistp384",
-            "ecdh-sha2-nistp256"
-          )
-        end
+        }.freeze
 
         # The underlying transport layer session that supports this object
         attr_reader :session
@@ -127,7 +146,7 @@ module Net
 
         # Instantiates a new Algorithms object, and prepares the hash of preferred
         # algorithms based on the options parameter and the ALGORITHMS constant.
-        def initialize(session, options={})
+        def initialize(session, options = {})
           @session = session
           @logger = session.logger
           @options = options
@@ -140,6 +159,7 @@ module Net
         # Start the algorithm negotation
         def start
           raise ArgumentError, "Cannot call start if it's negotiation started or done" if @pending || @initialized
+
           send_kexinit
         end
 
@@ -197,8 +217,8 @@ module Net
 
         def host_key_format
           case host_key
-          when "ssh-rsa-cert-v01@openssh.com", "ssh-rsa-cert-v00@openssh.com"
-            "ssh-rsa"
+          when /^([a-z0-9-]+)-cert-v\d{2}@openssh.com$/
+            Regexp.last_match[1]
           else
             host_key
           end
@@ -239,7 +259,10 @@ module Net
           options[:compression] = %w[zlib@openssh.com zlib] if options[:compression] == true
 
           ALGORITHMS.each do |algorithm, supported|
-            algorithms[algorithm] = compose_algorithm_list(supported, options[algorithm], options[:append_all_supported_algorithms])
+            algorithms[algorithm] = compose_algorithm_list(
+              supported, options[algorithm] || DEFAULT_ALGORITHMS[algorithm],
+              options[:append_all_supported_algorithms]
+            )
           end
 
           # for convention, make sure our list has the same keys as the server
@@ -255,7 +278,7 @@ module Net
             # existing known key for the host has preference.
 
             existing_keys = session.host_keys
-            host_keys = existing_keys.map { |key| key.ssh_type }.uniq
+            host_keys = existing_keys.flat_map { |key| key.respond_to?(:ssh_types) ? key.ssh_types : [key.ssh_type] }.uniq
             algorithms[:host_key].each do |name|
               host_keys << name unless host_keys.include?(name)
             end
@@ -270,10 +293,24 @@ module Net
           list = []
           option = Array(option).compact.uniq
 
-          if option.first && option.first.start_with?('+')
+          if option.first && option.first.start_with?('+', '-')
             list = supported.dup
-            list << option.first[1..-1]
-            list.concat(option[1..-1])
+
+            appends = option.select { |opt| opt.start_with?('+') }.map { |opt| opt[1..-1] }
+            deletions = option.select { |opt| opt.start_with?('-') }.map { |opt| opt[1..-1] }
+
+            list.concat(appends)
+
+            deletions.each do |opt|
+              if opt.include?('*')
+                opt_escaped = Regexp.escape(opt)
+                algo_re = /\A#{opt_escaped.gsub('\*', '[A-Za-z\d\-@\.]*')}\z/
+                list.delete_if { |existing_opt| algo_re.match(existing_opt) }
+              else
+                list.delete(opt)
+              end
+            end
+
             list.uniq!
           else
             list = option
@@ -332,10 +369,10 @@ module Net
           language    = algorithms[:language].join(",")
 
           Net::SSH::Buffer.from(:byte, KEXINIT,
-            :long, [rand(0xFFFFFFFF), rand(0xFFFFFFFF), rand(0xFFFFFFFF), rand(0xFFFFFFFF)],
-            :mstring, [kex, host_key, encryption, encryption, hmac, hmac],
-            :mstring, [compression, compression, language, language],
-            :bool, false, :long, 0)
+                                :long, [rand(0xFFFFFFFF), rand(0xFFFFFFFF), rand(0xFFFFFFFF), rand(0xFFFFFFFF)],
+                                :mstring, [kex, host_key, encryption, encryption, hmac, hmac],
+                                :mstring, [compression, compression, language, language],
+                                :bool, false, :long, 0)
         end
 
         # Given the parsed server KEX packet, and the client's preferred algorithm
@@ -356,7 +393,8 @@ module Net
 
           debug do
             "negotiated:\n" +
-              %i[kex host_key encryption_server encryption_client hmac_client hmac_server compression_client compression_server language_client language_server].map do |key|
+              %i[kex host_key encryption_server encryption_client hmac_client hmac_server
+                 compression_client compression_server language_client language_server].map do |key|
                 "* #{key}: #{instance_variable_get("@#{key}")}"
               end.join("\n")
           end
@@ -368,7 +406,11 @@ module Net
         def negotiate(algorithm)
           match = self[algorithm].find { |item| @server_data[algorithm].include?(item) }
 
-          raise Net::SSH::Exception, "could not settle on #{algorithm} algorithm" if match.nil?
+          if match.nil?
+            raise Net::SSH::Exception, "could not settle on #{algorithm} algorithm\n"\
+              "Server #{algorithm} preferences: #{@server_data[algorithm].join(',')}\n"\
+              "Client #{algorithm} preferences: #{self[algorithm].join(',')}"
+          end
 
           return match
         end
@@ -396,13 +438,13 @@ module Net
           debug { "exchanging keys" }
 
           algorithm = Kex::MAP[kex].new(self, session,
-            client_version_string: Net::SSH::Transport::ServerVersion::PROTO_VERSION,
-            server_version_string: session.server_version.version,
-            server_algorithm_packet: @server_packet,
-            client_algorithm_packet: @client_packet,
-            need_bytes: kex_byte_requirement,
-            minimum_dh_bits: options[:minimum_dh_bits],
-            logger: logger)
+                                        client_version_string: Net::SSH::Transport::ServerVersion::PROTO_VERSION,
+                                        server_version_string: session.server_version.version,
+                                        server_algorithm_packet: @server_packet,
+                                        client_algorithm_packet: @client_packet,
+                                        need_bytes: kex_byte_requirement,
+                                        minimum_dh_bits: options[:minimum_dh_bits],
+                                        logger: logger)
           result = algorithm.exchange_keys
 
           secret   = result[:shared_secret].to_ssh

data/lib/net/ssh/transport/cipher_factory.rb

@@ -3,68 +3,56 @@ require 'net/ssh/transport/ctr.rb'
 require 'net/ssh/transport/key_expander'
 require 'net/ssh/transport/identity_cipher'
 
-module Net 
-  module SSH 
+module Net
+  module SSH
     module Transport
-
       # Implements a factory of OpenSSL cipher algorithms.
       class CipherFactory
         # Maps the SSH name of a cipher to it's corresponding OpenSSL name
         SSH_TO_OSSL = {
-          "3des-cbc"                    => "des-ede3-cbc",
-          "blowfish-cbc"                => "bf-cbc",
-          "aes256-cbc"                  => "aes-256-cbc",
-          "aes192-cbc"                  => "aes-192-cbc",
-          "aes128-cbc"                  => "aes-128-cbc",
-          "idea-cbc"                    => "idea-cbc",
-          "cast128-cbc"                 => "cast-cbc",
+          "3des-cbc" => "des-ede3-cbc",
+          "blowfish-cbc" => "bf-cbc",
+          "aes256-cbc" => "aes-256-cbc",
+          "aes192-cbc" => "aes-192-cbc",
+          "aes128-cbc" => "aes-128-cbc",
+          "idea-cbc" => "idea-cbc",
+          "cast128-cbc" => "cast-cbc",
           "rijndael-cbc@lysator.liu.se" => "aes-256-cbc",
-          "arcfour128"                  => "rc4",
-          "arcfour256"                  => "rc4",
-          "arcfour512"                  => "rc4",
-          "arcfour"                     => "rc4",
-    
-          "3des-ctr"                    => "des-ede3",
-          "blowfish-ctr"                => "bf-ecb",
-    
-          "aes256-ctr"                  => ::OpenSSL::Cipher.ciphers.include?("aes-256-ctr") ? "aes-256-ctr" : "aes-256-ecb",
-          "aes192-ctr"                  => ::OpenSSL::Cipher.ciphers.include?("aes-192-ctr") ? "aes-192-ctr" : "aes-192-ecb",
-          "aes128-ctr"                  => ::OpenSSL::Cipher.ciphers.include?("aes-128-ctr") ? "aes-128-ctr" : "aes-128-ecb",
-          "cast128-ctr"                 => "cast5-ecb",
-    
-          "none"                        => "none"
-        }
-    
-        # Ruby's OpenSSL bindings always return a key length of 16 for RC4 ciphers
-        # resulting in the error: OpenSSL::CipherError: key length too short.
-        # The following ciphers will override this key length.
-        KEY_LEN_OVERRIDE = {
-          "arcfour256"                  => 32,
-          "arcfour512"                  => 64
+          "3des-ctr" => "des-ede3",
+          "blowfish-ctr" => "bf-ecb",
+
+          "aes256-ctr" => ::OpenSSL::Cipher.ciphers.include?("aes-256-ctr") ? "aes-256-ctr" : "aes-256-ecb",
+          "aes192-ctr" => ::OpenSSL::Cipher.ciphers.include?("aes-192-ctr") ? "aes-192-ctr" : "aes-192-ecb",
+          "aes128-ctr" => ::OpenSSL::Cipher.ciphers.include?("aes-128-ctr") ? "aes-128-ctr" : "aes-128-ecb",
+          'cast128-ctr' => 'cast5-ecb',
+
+          'none' => 'none'
         }
-    
+
         # Returns true if the underlying OpenSSL library supports the given cipher,
         # and false otherwise.
         def self.supported?(name)
           ossl_name = SSH_TO_OSSL[name] or raise NotImplementedError, "unimplemented cipher `#{name}'"
           return true if ossl_name == "none"
+
           return OpenSSL::Cipher.ciphers.include?(ossl_name)
         end
-    
+
         # Retrieves a new instance of the named algorithm. The new instance
         # will be initialized using an iv and key generated from the given
         # iv, key, shared, hash and digester values. Additionally, the
         # cipher will be put into encryption or decryption mode, based on the
         # value of the +encrypt+ parameter.
-        def self.get(name, options={})
+        def self.get(name, options = {})
           ossl_name = SSH_TO_OSSL[name] or raise NotImplementedError, "unimplemented cipher `#{name}'"
           return IdentityCipher if ossl_name == "none"
+
           cipher = OpenSSL::Cipher.new(ossl_name)
-    
+
           cipher.send(options[:encrypt] ? :encrypt : :decrypt)
-    
+
           cipher.padding = 0
-    
+
           if name =~ /-ctr(@openssh.org)?$/
             if ossl_name !~ /-ctr/
               cipher.extend(Net::SSH::Transport::CTR)
@@ -72,16 +60,15 @@ module Net
               cipher = Net::SSH::Transport::OpenSSLAESCTR.new(cipher)
             end
           end
-          cipher.iv = Net::SSH::Transport::KeyExpander.expand_key(cipher.iv_len, options[:iv], options) if ossl_name != "rc4"
-    
-          key_len = KEY_LEN_OVERRIDE[name] || cipher.key_len
+          cipher.iv = Net::SSH::Transport::KeyExpander.expand_key(cipher.iv_len, options[:iv], options)
+
+          key_len = cipher.key_len
           cipher.key_len = key_len
           cipher.key = Net::SSH::Transport::KeyExpander.expand_key(key_len, options[:key], options)
-          cipher.update(" " * 1536) if (ossl_name == "rc4" && name != "arcfour")
-    
+
           return cipher
         end
-    
+
         # Returns a two-element array containing the [ key-length,
         # block-size ] for the named cipher algorithm. If the cipher
         # algorithm is unknown, or is "none", 0 is returned for both elements
@@ -94,26 +81,23 @@ module Net
             result << 0 if options[:iv_len]
           else
             cipher = OpenSSL::Cipher.new(ossl_name)
-            key_len = KEY_LEN_OVERRIDE[name] || cipher.key_len
+            key_len = cipher.key_len
             cipher.key_len = key_len
-    
+
             block_size =
               case ossl_name
-              when "rc4"
-                8
               when /\-ctr/
                 Net::SSH::Transport::OpenSSLAESCTR.block_size
               else
                 cipher.block_size
               end
-    
+
             result = [key_len, block_size]
             result << cipher.iv_len if options[:iv_len]
           end
           result
         end
       end
-
     end
   end
 end

data/lib/net/ssh/transport/constants.rb

@@ -1,35 +1,39 @@
-module Net 
-  module SSH 
+module Net
+  module SSH
     module Transport
       module Constants
-    
         #--
         # Transport layer generic messages
         #++
-    
+
         DISCONNECT                = 1
         IGNORE                    = 2
         UNIMPLEMENTED             = 3
         DEBUG                     = 4
         SERVICE_REQUEST           = 5
         SERVICE_ACCEPT            = 6
-    
+
         #--
         # Algorithm negotiation messages
         #++
-    
+
         KEXINIT                   = 20
         NEWKEYS                   = 21
-    
+
         #--
         # Key exchange method specific messages
         #++
-    
+
         KEXDH_INIT                = 30
         KEXDH_REPLY               = 31
-    
+
         KEXECDH_INIT              = 30
         KEXECDH_REPLY             = 31
+
+        KEXDH_GEX_GROUP           = 31
+        KEXDH_GEX_INIT            = 32
+        KEXDH_GEX_REPLY           = 33
+        KEXDH_GEX_REQUEST         = 34
       end
     end
   end

data/lib/net/ssh/transport/ctr.rb

@@ -2,7 +2,7 @@ require 'openssl'
 require 'delegate'
 
 module Net::SSH::Transport
-  #:nodoc:
+  # :nodoc:
   class OpenSSLAESCTR < SimpleDelegator
     def initialize(original)
       super
@@ -26,13 +26,13 @@ module Net::SSH::Transport
     end
   end
 
-  #:nodoc:
+  # :nodoc:
   # Pure-Ruby implementation of Stateful Decryption Counter(SDCTR) Mode
   # for Block Ciphers. See RFC4344 for detail.
   module CTR
     def self.extended(orig)
       orig.instance_eval {
-        @remaining = ""
+        @remaining = String.new
         @counter = nil
         @counter_len = orig.block_size
         orig.encrypt
@@ -67,13 +67,13 @@ module Net::SSH::Transport
         end
 
         def reset
-          @remaining = ""
+          @remaining = String.new
         end
 
         def update(data)
           @remaining += data
 
-          encrypted = ""
+          encrypted = String.new
 
           offset = 0
           while (@remaining.bytesize - offset) >= block_size
@@ -88,20 +88,14 @@ module Net::SSH::Transport
         end
 
         def final
-          unless @remaining.empty?
-            s = xor!(@remaining, _update(@counter))
-          else
-            s = ""
-          end
-
-          @remaining = ""
-
+          s = @remaining.empty? ? '' : xor!(@remaining, _update(@counter))
+          @remaining = String.new
           s
         end
 
         def xor!(s1, s2)
           s = []
-          s1.unpack('Q*').zip(s2.unpack('Q*')) {|a,b| s.push(a ^ b) }
+          s1.unpack('Q*').zip(s2.unpack('Q*')) {|a, b| s.push(a ^ b) }
           s.pack('Q*')
         end
         singleton_class.send(:private, :xor!)

data/lib/net/ssh/transport/hmac/abstract.rb

@@ -5,10 +5,21 @@ module Net
   module SSH
     module Transport
       module HMAC
-
         # The base class of all OpenSSL-based HMAC algorithm wrappers.
         class Abstract
-          class <<self
+          class << self
+            def etm(*v)
+              @etm = false if !defined?(@etm)
+              if v.empty?
+                @etm = superclass.etm if @etm.nil? && superclass.respond_to?(:etm)
+                return @etm
+              elsif v.length == 1
+                @etm = v.first
+              else
+                raise ArgumentError, "wrong number of arguments (#{v.length} for 1)"
+              end
+            end
+
             def key_length(*v)
               @key_length = nil if !defined?(@key_length)
               if v.empty?
@@ -46,6 +57,10 @@ module Net
             end
           end
 
+          def etm
+            self.class.etm
+          end
+
           def key_length
             self.class.key_length
           end
@@ -61,19 +76,19 @@ module Net
           # The key in use for this instance.
           attr_reader :key
 
-          def initialize(key=nil)
+          def initialize(key = nil)
             self.key = key
           end
 
           # Sets the key to the given value, truncating it so that it is the correct
           # length.
           def key=(value)
-            @key = value ? value.to_s[0,key_length] : nil
+            @key = value ? value.to_s[0, key_length] : nil
           end
 
           # Compute the HMAC digest for the given data string.
           def digest(data)
-            OpenSSL::HMAC.digest(digest_class.new, key, data)[0,mac_length]
+            OpenSSL::HMAC.digest(digest_class.new, key, data)[0, mac_length]
           end
         end
       end

data/lib/net/ssh/transport/hmac/md5.rb

@@ -1,12 +1,10 @@
 require 'net/ssh/transport/hmac/abstract'
 
 module Net::SSH::Transport::HMAC
-
   # The MD5 HMAC algorithm.
   class MD5 < Abstract
     mac_length   16
     key_length   16
     digest_class OpenSSL::Digest::MD5
   end
-
 end

data/lib/net/ssh/transport/hmac/md5_96.rb

@@ -1,11 +1,9 @@
 require 'net/ssh/transport/hmac/md5'
 
 module Net::SSH::Transport::HMAC
-
   # The MD5-96 HMAC algorithm. This returns only the first 12 bytes of
   # the digest.
   class MD5_96 < MD5
     mac_length 12
   end
-
 end

data/lib/net/ssh/transport/hmac/none.rb

@@ -1,7 +1,6 @@
 require 'net/ssh/transport/hmac/abstract'
 
 module Net::SSH::Transport::HMAC
-
   # The "none" algorithm. This has a key and mac length of 0.
   class None < Abstract
     key_length 0
@@ -11,5 +10,4 @@ module Net::SSH::Transport::HMAC
       ""
     end
   end
-
 end

data/lib/net/ssh/transport/hmac/ripemd160.rb

@@ -1,7 +1,6 @@
 require 'net/ssh/transport/hmac/abstract'
 
 module Net::SSH::Transport::HMAC
-
   # The RIPEMD-160 HMAC algorithm. This has a mac and key length of 20, and
   # uses the RIPEMD-160 digest algorithm.
   class RIPEMD160 < Abstract
@@ -9,5 +8,4 @@ module Net::SSH::Transport::HMAC
     key_length   20
     digest_class OpenSSL::Digest::RIPEMD160
   end
-
 end

data/lib/net/ssh/transport/hmac/sha1.rb

@@ -1,7 +1,6 @@
 require 'net/ssh/transport/hmac/abstract'
 
 module Net::SSH::Transport::HMAC
-
   # The SHA1 HMAC algorithm. This has a mac and key length of 20, and
   # uses the SHA1 digest algorithm.
   class SHA1 < Abstract
@@ -9,5 +8,4 @@ module Net::SSH::Transport::HMAC
     key_length   20
     digest_class OpenSSL::Digest::SHA1
   end
-
 end

data/lib/net/ssh/transport/hmac/sha1_96.rb

@@ -1,11 +1,9 @@
 require 'net/ssh/transport/hmac/sha1'
 
 module Net::SSH::Transport::HMAC
-
   # The SHA1-96 HMAC algorithm. This returns only the first 12 bytes of
   # the digest.
   class SHA1_96 < SHA1
     mac_length 12
   end
-
 end