net-ssh 5.2.0 → 7.0.1

data/lib/net/ssh/transport/openssl.rb

@@ -2,7 +2,6 @@ require 'openssl'
 require 'net/ssh/authentication/pub_key_fingerprint'
 
 module OpenSSL
-
   # This class is originally defined in the OpenSSL module. As needed, methods
   # have been added to it by the Net::SSH module for convenience in dealing with
   # SSH functionality.
@@ -24,7 +23,6 @@ module OpenSSL
   end
 
   module PKey
-
     class PKey
       include Net::SSH::Authentication::PubKeyFingerprint
     end
@@ -37,6 +35,7 @@ module OpenSSL
       # lifted more-or-less directly from OpenSSH, dh.c, dh_pub_is_valid.)
       def valid?
         return false if pub_key.nil? || pub_key < 0
+
         bits_set = 0
         pub_key.num_bits.times { |i| bits_set += 1 if pub_key.bit_set?(i) }
         return (bits_set > 1 && pub_key < p)
@@ -53,9 +52,7 @@ module OpenSSL
         "ssh-rsa"
       end
 
-      def ssh_signature_type
-        ssh_type
-      end
+      alias ssh_signature_type ssh_type
 
       # Converts the key to a blob, according to the SSH2 protocol.
       def to_blob
@@ -63,13 +60,30 @@ module OpenSSL
       end
 
       # Verifies the given signature matches the given data.
-      def ssh_do_verify(sig, data)
-        verify(OpenSSL::Digest::SHA1.new, sig, data)
+      def ssh_do_verify(sig, data, options = {})
+        digester =
+          if options[:host_key] == "rsa-sha2-512"
+            OpenSSL::Digest::SHA512.new
+          elsif options[:host_key] == "rsa-sha2-256"
+            OpenSSL::Digest::SHA256.new
+          else
+            OpenSSL::Digest::SHA1.new
+          end
+
+        verify(digester, sig, data)
       end
 
       # Returns the signature for the given data.
-      def ssh_do_sign(data)
-        sign(OpenSSL::Digest::SHA1.new, data)
+      def ssh_do_sign(data, sig_alg = nil)
+        digester =
+          if sig_alg == "rsa-sha2-512"
+            OpenSSL::Digest::SHA512.new
+          elsif sig_alg == "rsa-sha2-256"
+            OpenSSL::Digest::SHA256.new
+          else
+            OpenSSL::Digest::SHA1.new
+          end
+        sign(digester, data)
       end
     end
 
@@ -83,36 +97,35 @@ module OpenSSL
         "ssh-dss"
       end
 
-      def ssh_signature_type
-        ssh_type
-      end
+      alias ssh_signature_type ssh_type
 
       # Converts the key to a blob, according to the SSH2 protocol.
       def to_blob
         @blob ||= Net::SSH::Buffer.from(:string, ssh_type,
-          :bignum, p, :bignum, q, :bignum, g, :bignum, pub_key).to_s
+                                        :bignum, p, :bignum, q, :bignum, g, :bignum, pub_key).to_s
       end
 
       # Verifies the given signature matches the given data.
-      def ssh_do_verify(sig, data)
-        sig_r = sig[0,20].unpack("H*")[0].to_i(16)
-        sig_s = sig[20,20].unpack("H*")[0].to_i(16)
+      def ssh_do_verify(sig, data, options = {})
+        sig_r = sig[0, 20].unpack("H*")[0].to_i(16)
+        sig_s = sig[20, 20].unpack("H*")[0].to_i(16)
         a1sig = OpenSSL::ASN1::Sequence([
-           OpenSSL::ASN1::Integer(sig_r),
-           OpenSSL::ASN1::Integer(sig_s)
-        ])
+                                          OpenSSL::ASN1::Integer(sig_r),
+                                          OpenSSL::ASN1::Integer(sig_s)
+                                        ])
         return verify(OpenSSL::Digest::SHA1.new, a1sig.to_der, data)
       end
 
       # Signs the given data.
-      def ssh_do_sign(data)
+      def ssh_do_sign(data, sig_alg = nil)
         sig = sign(OpenSSL::Digest::SHA1.new, data)
         a1sig = OpenSSL::ASN1.decode(sig)
 
         sig_r = a1sig.value[0].value.to_s(2)
         sig_s = a1sig.value[1].value.to_s(2)
 
-        raise OpenSSL::PKey::DSAError, "bad sig size" if sig_r.length > 20 || sig_s.length > 20
+        sig_size = params["q"].num_bits / 8
+        raise OpenSSL::PKey::DSAError, "bad sig size" if sig_r.length > sig_size || sig_s.length > sig_size
 
         sig_r = "\0" * (20 - sig_r.length) + sig_r if sig_r.length < 20
         sig_s = "\0" * (20 - sig_s.length) + sig_s if sig_s.length < 20
@@ -121,132 +134,141 @@ module OpenSSL
       end
     end
 
-    if defined?(OpenSSL::PKey::EC)
-      # This class is originally defined in the OpenSSL module. As needed, methods
-      # have been added to it by the Net::SSH module for convenience in dealing
-      # with SSH functionality.
-      class EC
-        CurveNameAlias = {
-          "nistp256" => "prime256v1",
-          "nistp384" => "secp384r1",
-          "nistp521" => "secp521r1"
-        }
-
-        CurveNameAliasInv = {
-          "prime256v1" => "nistp256",
-          "secp384r1" => "nistp384",
-          "secp521r1" => "nistp521"
-        }
-
-        def self.read_keyblob(curve_name_in_type, buffer)
-          curve_name_in_key = buffer.read_string
-          raise Net::SSH::Exception, "curve name mismatched (`#{curve_name_in_key}' with `#{curve_name_in_type}')" unless curve_name_in_type == curve_name_in_key
-          public_key_oct = buffer.read_string
-          begin
-            key = OpenSSL::PKey::EC.new(OpenSSL::PKey::EC::CurveNameAlias[curve_name_in_key])
-            group = key.group
-            point = OpenSSL::PKey::EC::Point.new(group, OpenSSL::BN.new(public_key_oct, 2))
-            key.public_key = point
-
-            return key
-          rescue OpenSSL::PKey::ECError
-            raise NotImplementedError, "unsupported key type `#{type}'"
-          end
+    # This class is originally defined in the OpenSSL module. As needed, methods
+    # have been added to it by the Net::SSH module for convenience in dealing
+    # with SSH functionality.
+    class EC
+      CurveNameAlias = {
+        'nistp256' => 'prime256v1',
+        'nistp384' => 'secp384r1',
+        'nistp521' => 'secp521r1'
+      }.freeze
+
+      CurveNameAliasInv = {
+        'prime256v1' => 'nistp256',
+        'secp384r1' => 'nistp384',
+        'secp521r1' => 'nistp521'
+      }.freeze
+
+      def self.read_keyblob(curve_name_in_type, buffer)
+        curve_name_in_key = buffer.read_string
+
+        unless curve_name_in_type == curve_name_in_key
+          raise Net::SSH::Exception, "curve name mismatched (`#{curve_name_in_key}' with `#{curve_name_in_type}')"
         end
 
-        # Returns the description of this key type used by the
-        # SSH2 protocol, like "ecdsa-sha2-nistp256"
-        def ssh_type
-          "ecdsa-sha2-#{CurveNameAliasInv[self.group.curve_name]}"
+        public_key_oct = buffer.read_string
+        begin
+          curvename = OpenSSL::PKey::EC::CurveNameAlias[curve_name_in_key]
+          group = OpenSSL::PKey::EC::Group.new(curvename)
+          point = OpenSSL::PKey::EC::Point.new(group, OpenSSL::BN.new(public_key_oct, 2))
+          asn1 = OpenSSL::ASN1::Sequence(
+            [
+              OpenSSL::ASN1::Sequence(
+                [
+                  OpenSSL::ASN1::ObjectId("id-ecPublicKey"),
+                  OpenSSL::ASN1::ObjectId(curvename)
+                ]
+              ),
+              OpenSSL::ASN1::BitString(point.to_octet_string(:uncompressed))
+            ]
+          )
+
+          key = OpenSSL::PKey::EC.new(asn1.to_der)
+
+          return key
+        rescue OpenSSL::PKey::ECError
+          raise NotImplementedError, "unsupported key type `#{type}'"
         end
+      end
 
-        def ssh_signature_type
-          ssh_type
-        end
+      # Returns the description of this key type used by the
+      # SSH2 protocol, like "ecdsa-sha2-nistp256"
+      def ssh_type
+        "ecdsa-sha2-#{CurveNameAliasInv[group.curve_name]}"
+      end
 
-        def digester
-          if self.group.curve_name =~ /^[a-z]+(\d+)\w*\z/
-            curve_size = $1.to_i
-            if curve_size <= 256
-              OpenSSL::Digest::SHA256.new
-            elsif curve_size <= 384
-              OpenSSL::Digest::SHA384.new
-            else
-              OpenSSL::Digest::SHA512.new
-            end
-          else
+      alias ssh_signature_type ssh_type
+
+      def digester
+        if group.curve_name =~ /^[a-z]+(\d+)\w*\z/
+          curve_size = Regexp.last_match(1).to_i
+          if curve_size <= 256
             OpenSSL::Digest::SHA256.new
+          elsif curve_size <= 384
+            OpenSSL::Digest::SHA384.new
+          else
+            OpenSSL::Digest::SHA512.new
           end
+        else
+          OpenSSL::Digest::SHA256.new
         end
-        private :digester
-
-        # Converts the key to a blob, according to the SSH2 protocol.
-        def to_blob
-          @blob ||= Net::SSH::Buffer.from(:string, ssh_type,
-                                          :string, CurveNameAliasInv[self.group.curve_name],
-                                          :mstring, self.public_key.to_bn.to_s(2)).to_s
-          @blob
-        end
-
-        # Verifies the given signature matches the given data.
-        def ssh_do_verify(sig, data)
-          digest = digester.digest(data)
-          a1sig = nil
-
-          begin
-            sig_r_len = sig[0,4].unpack("H*")[0].to_i(16)
-            sig_l_len = sig[4 + sig_r_len,4].unpack("H*")[0].to_i(16)
+      end
+      private :digester
 
-            sig_r = sig[4,sig_r_len].unpack("H*")[0]
-            sig_s = sig[4 + sig_r_len + 4,sig_l_len].unpack("H*")[0]
+      # Converts the key to a blob, according to the SSH2 protocol.
+      def to_blob
+        @blob ||= Net::SSH::Buffer.from(:string, ssh_type,
+                                        :string, CurveNameAliasInv[group.curve_name],
+                                        :mstring, public_key.to_bn.to_s(2)).to_s
+        @blob
+      end
 
-            a1sig = OpenSSL::ASN1::Sequence([
-              OpenSSL::ASN1::Integer(sig_r.to_i(16)),
-              OpenSSL::ASN1::Integer(sig_s.to_i(16))
-            ])
-          rescue StandardError
-          end
+      # Verifies the given signature matches the given data.
+      def ssh_do_verify(sig, data, options = {})
+        digest = digester.digest(data)
+        a1sig = nil
+
+        begin
+          sig_r_len = sig[0, 4].unpack('H*')[0].to_i(16)
+          sig_l_len = sig[4 + sig_r_len, 4].unpack('H*')[0].to_i(16)
+
+          sig_r = sig[4, sig_r_len].unpack('H*')[0]
+          sig_s = sig[4 + sig_r_len + 4, sig_l_len].unpack('H*')[0]
+
+          a1sig = OpenSSL::ASN1::Sequence([
+                                            OpenSSL::ASN1::Integer(sig_r.to_i(16)),
+                                            OpenSSL::ASN1::Integer(sig_s.to_i(16))
+                                          ])
+        rescue StandardError
+        end
 
-          if a1sig == nil
-            return false
-          else
-            dsa_verify_asn1(digest, a1sig.to_der)
-          end
+        if a1sig.nil?
+          return false
+        else
+          dsa_verify_asn1(digest, a1sig.to_der)
         end
+      end
+
+      # Returns the signature for the given data.
+      def ssh_do_sign(data, sig_alg = nil)
+        digest = digester.digest(data)
+        sig = dsa_sign_asn1(digest)
+        a1sig = OpenSSL::ASN1.decode(sig)
 
-        # Returns the signature for the given data.
-        def ssh_do_sign(data)
-          digest = digester.digest(data)
-          sig = dsa_sign_asn1(digest)
-          a1sig = OpenSSL::ASN1.decode(sig)
+        sig_r = a1sig.value[0].value
+        sig_s = a1sig.value[1].value
 
-          sig_r = a1sig.value[0].value
-          sig_s = a1sig.value[1].value
+        Net::SSH::Buffer.from(:bignum, sig_r, :bignum, sig_s).to_s
+      end
 
-          return Net::SSH::Buffer.from(:bignum, sig_r, :bignum, sig_s).to_s
+      class Point
+        # Returns the description of this key type used by the
+        # SSH2 protocol, like "ecdsa-sha2-nistp256"
+        def ssh_type
+          "ecdsa-sha2-#{CurveNameAliasInv[group.curve_name]}"
         end
 
-        class Point
-          # Returns the description of this key type used by the
-          # SSH2 protocol, like "ecdsa-sha2-nistp256"
-          def ssh_type
-            "ecdsa-sha2-#{CurveNameAliasInv[self.group.curve_name]}"
-          end
+        alias ssh_signature_type ssh_type
 
-          # Converts the key to a blob, according to the SSH2 protocol.
-          def to_blob
-            @blob ||= Net::SSH::Buffer.from(:string, ssh_type,
-                                            :string, CurveNameAliasInv[self.group.curve_name],
-                                            :mstring, self.to_bn.to_s(2)).to_s
-            @blob
-          end
+        # Converts the key to a blob, according to the SSH2 protocol.
+        def to_blob
+          @blob ||= Net::SSH::Buffer.from(:string, ssh_type,
+                                          :string, CurveNameAliasInv[group.curve_name],
+                                          :mstring, to_bn.to_s(2)).to_s
+          @blob
         end
       end
-    else
-      class OpenSSL::PKey::ECError < RuntimeError
-        # for compatibility with interpreters
-        # without EC support (i.e. JRuby)
-      end
     end
   end
 end

data/lib/net/ssh/transport/packet_stream.rb

@@ -1,7 +1,6 @@
 require 'net/ssh/buffered_io'
 require 'net/ssh/errors'
 require 'net/ssh/packet'
-require 'net/ssh/ruby_compat'
 require 'net/ssh/transport/cipher_factory'
 require 'net/ssh/transport/hmac'
 require 'net/ssh/transport/state'
@@ -9,7 +8,6 @@ require 'net/ssh/transport/state'
 module Net
   module SSH
     module Transport
-
       # A module that builds additional functionality onto the Net::SSH::BufferedIo
       # module. It adds SSH encryption, compression, and packet validation, as
       # per the SSH2 protocol. It also adds an abstraction for polling packets,
@@ -82,7 +80,7 @@ module Net
         # available or not, and will return nil if there is no packet ready to be
         # returned. If the mode parameter is :block, then this method will block
         # until a packet is available or timeout seconds have passed.
-        def next_packet(mode=:nonblock, timeout=nil)
+        def next_packet(mode = :nonblock, timeout = nil)
           case mode
           when :nonblock then
             packet = poll_next_packet
@@ -130,7 +128,7 @@ module Net
           payload = client.compress(payload)
 
           # the length of the packet, minus the padding
-          actual_length = 4 + payload.bytesize + 1
+          actual_length = (client.hmac.etm ? 0 : 4) + payload.bytesize + 1
 
           # compute the padding length
           padding_length = client.block_size - (actual_length % client.block_size)
@@ -146,11 +144,32 @@ module Net
 
           padding = Array.new(padding_length) { rand(256) }.pack("C*")
 
-          unencrypted_data = [packet_length, padding_length, payload, padding].pack("NCA*A*")
-          mac = client.hmac.digest([client.sequence_number, unencrypted_data].pack("NA*"))
+          if client.hmac.etm
+            debug { "using encrypt-then-mac" }
+
+            # Encrypt padding_length, payload, and padding. Take MAC
+            # from the unencrypted packet_lenght and the encrypted
+            # data.
+            length_data = [packet_length].pack("N")
+
+            unencrypted_data = [padding_length, payload, padding].pack("CA*A*")
+
+            encrypted_data = client.update_cipher(unencrypted_data) << client.final_cipher
+
+            mac_data = length_data + encrypted_data
+
+            mac = client.hmac.digest([client.sequence_number, mac_data].pack("NA*"))
+
+            message = mac_data + mac
+          else
+            unencrypted_data = [packet_length, padding_length, payload, padding].pack("NCA*A*")
+
+            mac = client.hmac.digest([client.sequence_number, unencrypted_data].pack("NA*"))
+
+            encrypted_data = client.update_cipher(unencrypted_data) << client.final_cipher
 
-          encrypted_data = client.update_cipher(unencrypted_data) << client.final_cipher
-          message = encrypted_data + mac
+            message = encrypted_data + mac
+          end
 
           debug { "queueing packet nr #{client.sequence_number} type #{payload.getbyte(0)} len #{packet_length}" }
           enqueue(message)
@@ -195,18 +214,28 @@ module Net
         # read, post-processed according to the cipher, hmac, and compression
         # algorithms specified in the server state object, and returned as a
         # new Packet object.
+        # rubocop:disable Metrics/AbcSize
         def poll_next_packet
+          aad_length = server.hmac.etm ? 4 : 0
+
           if @packet.nil?
             minimum = server.block_size < 4 ? 4 : server.block_size
-            return nil if available < minimum
-            data = read_available(minimum)
+            return nil if available < minimum + aad_length
+
+            data = read_available(minimum + aad_length)
 
             # decipher it
-            @packet = Net::SSH::Buffer.new(server.update_cipher(data))
-            @packet_length = @packet.read_long
+            if server.hmac.etm
+              @packet_length = data.unpack("N").first
+              @mac_data = data
+              @packet = Net::SSH::Buffer.new(server.update_cipher(data[aad_length..-1]))
+            else
+              @packet = Net::SSH::Buffer.new(server.update_cipher(data))
+              @packet_length = @packet.read_long
+            end
           end
 
-          need = @packet_length + 4 - server.block_size
+          need = @packet_length + 4 - aad_length - server.block_size
           raise Net::SSH::Exception, "padding error, need #{need} block #{server.block_size}" if need % server.block_size != 0
 
           return nil if available < need + server.hmac.mac_length
@@ -214,6 +243,7 @@ module Net
           if need > 0
             # read the remainder of the packet and decrypt it.
             data = read_available(need)
+            @mac_data += data if server.hmac.etm
             @packet.append(server.update_cipher(data))
           end
 
@@ -226,8 +256,12 @@ module Net
 
           payload = @packet.read(@packet_length - padding_length - 1)
 
-          my_computed_hmac = server.hmac.digest([server.sequence_number, @packet.content].pack("NA*"))
-          raise Net::SSH::Exception, "corrupted hmac detected" if real_hmac != my_computed_hmac
+          my_computed_hmac = if server.hmac.etm
+                               server.hmac.digest([server.sequence_number, @mac_data].pack("NA*"))
+                             else
+                               server.hmac.digest([server.sequence_number, @packet.content].pack("NA*"))
+                             end
+          raise Net::SSH::Exception, "corrupted hmac detected #{server.hmac.class}" if real_hmac != my_computed_hmac
 
           # try to decompress the payload, in case compression is active
           payload = server.decompress(payload)
@@ -240,7 +274,7 @@ module Net
           return Packet.new(payload)
         end
       end
-
+      # rubocop:enable Metrics/AbcSize
     end
   end
 end

data/lib/net/ssh/transport/server_version.rb

@@ -2,10 +2,9 @@ require 'net/ssh/errors'
 require 'net/ssh/loggable'
 require 'net/ssh/version'
 
-module Net 
-  module SSH 
+module Net
+  module SSH
     module Transport
-
       # Negotiates the SSH protocol version and trades information about server
       # and client. This is never used directly--it is always called by the
       # transport layer as part of the initialization process of the transport
@@ -15,40 +14,41 @@ module Net
       # the authoritative reference for any queries regarding the version in effect.
       class ServerVersion
         include Loggable
-    
+
         # The SSH version string as reported by Net::SSH
         PROTO_VERSION = "SSH-2.0-Ruby/Net::SSH_#{Net::SSH::Version::CURRENT} #{RUBY_PLATFORM}"
-    
+
         # Any header text sent by the server prior to sending the version.
         attr_reader :header
-    
+
         # The version string reported by the server.
         attr_reader :version
-    
+
         # Instantiates a new ServerVersion and immediately (and synchronously)
         # negotiates the SSH protocol in effect, using the given socket.
         def initialize(socket, logger, timeout = nil)
-          @header = ""
+          @header = String.new
           @version = nil
           @logger = logger
           negotiate!(socket, timeout)
         end
-    
+
         private
-    
+
         # Negotiates the SSH protocol to use, via the given socket. If the server
         # reports an incompatible SSH version (e.g., SSH1), this will raise an
         # exception.
         def negotiate!(socket, timeout)
           info { "negotiating protocol version" }
-    
+
           debug { "local is `#{PROTO_VERSION}'" }
           socket.write "#{PROTO_VERSION}\r\n"
           socket.flush
-    
+
           raise Net::SSH::ConnectionTimeout, "timeout during server version negotiating" if timeout && !IO.select([socket], nil, nil, timeout)
+
           loop do
-            @version = ""
+            @version = String.new
             loop do
               begin
                 b = socket.readpartial(1)
@@ -60,14 +60,15 @@ module Net
               break if b == "\n"
             end
             break if @version.match(/^SSH-/)
+
             @header << @version
           end
-    
+
           @version.chomp!
           debug { "remote is `#{@version}'" }
-    
+
           raise Net::SSH::Exception, "incompatible SSH version `#{@version}'" unless @version.match(/^SSH-(1\.99|2\.0)-/)
-    
+
           raise Net::SSH::ConnectionTimeout, "timeout during client version negotiating" if timeout && !IO.select(nil, [socket], nil, timeout)
         end
       end

data/lib/net/ssh/transport/session.rb

@@ -15,7 +15,6 @@ require 'net/ssh/verifiers/never'
 module Net
   module SSH
     module Transport
-
       # The transport layer represents the lowest level of the SSH protocol, and
       # implements basic message exchanging and protocol initialization. It will
       # never be instantiated directly (unless you really know what you're about),
@@ -56,7 +55,7 @@ module Net
         # Instantiates a new transport layer abstraction. This will block until
         # the initial key exchange completes, leaving you with a ready-to-use
         # transport session.
-        def initialize(host, options={})
+        def initialize(host, options = {})
           self.logger = options[:logger]
 
           @host = host
@@ -160,6 +159,7 @@ module Net
         # one is performed, causing this method to block until it completes.
         def rekey_as_needed
           return if algorithms.pending?
+
           socket.if_needs_rekey? { rekey! }
         end
 
@@ -186,7 +186,7 @@ module Net
         # received, it will be enqueued and otherwise ignored. When a key-exchange
         # is not in process, and consume_queue is true, packets will be first
         # read from the queue before the socket is queried.
-        def poll_message(mode=:nonblock, consume_queue=true)
+        def poll_message(mode = :nonblock, consume_queue = true)
           loop do
             return @queue.shift if consume_queue && @queue.any? && algorithms.allow?(@queue.first)
 
@@ -211,6 +211,7 @@ module Net
 
             else
               return packet if algorithms.allow?(packet)
+
               push(packet)
             end
           end
@@ -222,6 +223,7 @@ module Net
         def wait
           loop do
             break if block_given? && yield
+
             message = poll_message(:nonblock, false)
             push(message) if message
             break if !block_given?
@@ -250,27 +252,27 @@ module Net
         # Configure's the packet stream's client state with the given set of
         # options. This is typically used to define the cipher, compression, and
         # hmac algorithms to use when sending packets to the server.
-        def configure_client(options={})
+        def configure_client(options = {})
           socket.client.set(options)
         end
 
         # Configure's the packet stream's server state with the given set of
         # options. This is typically used to define the cipher, compression, and
         # hmac algorithms to use when reading packets from the server.
-        def configure_server(options={})
+        def configure_server(options = {})
           socket.server.set(options)
         end
 
         # Sets a new hint for the packet stream, which the packet stream may use
         # to change its behavior. (See PacketStream#hints).
-        def hint(which, value=true)
+        def hint(which, value = true)
           socket.hints[which] = value
         end
 
         public
 
         # this method is primarily for use in tests
-        attr_reader :queue #:nodoc:
+        attr_reader :queue # :nodoc:
 
         private