1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
|
require 'net/ssh/buffer'
require 'net/ssh/errors'
require 'net/ssh/loggable'
require 'net/ssh/transport/openssl'
require 'net/ssh/transport/constants'
module Net
module SSH
module Transport
module Kex
# A key-exchange service implementing the "diffie-hellman-group1-sha1"
# key-exchange algorithm.
class DiffieHellmanGroup1SHA1
include Loggable
include Constants
# The value of 'P', as a string, in hexadecimal
P_s = "FFFFFFFF" "FFFFFFFF" "C90FDAA2" "2168C234" +
"C4C6628B" "80DC1CD1" "29024E08" "8A67CC74" +
"020BBEA6" "3B139B22" "514A0879" "8E3404DD" +
"EF9519B3" "CD3A431B" "302B0A6D" "F25F1437" +
"4FE1356D" "6D51C245" "E485B576" "625E7EC6" +
"F44C42E9" "A637ED6B" "0BFF5CB6" "F406B7ED" +
"EE386BFB" "5A899FA5" "AE9F2411" "7C4B1FE6" +
"49286651" "ECE65381" "FFFFFFFF" "FFFFFFFF"
# The radix in which P_s represents the value of P
P_r = 16
# The group constant
G = 2
attr_reader :p
attr_reader :g
attr_reader :digester
attr_reader :algorithms
attr_reader :connection
attr_reader :data
attr_reader :dh
# Create a new instance of the DiffieHellmanGroup1SHA1 algorithm.
# The data is a Hash of symbols representing information
# required by this algorithm, which was acquired during earlier
# processing.
def initialize(algorithms, connection, data)
@p = get_p
@g = get_g
@digester = OpenSSL::Digest::SHA1
@algorithms = algorithms
@connection = connection
@data = data.dup
@dh = generate_key
@logger = @data.delete(:logger)
end
# Perform the key-exchange for the given session, with the given
# data. This method will return a hash consisting of the
# following keys:
#
# * :session_id
# * :server_key
# * :shared_secret
# * :hashing_algorithm
#
# The caller is expected to be able to understand how to use these
# deliverables.
def exchange_keys
result = send_kexinit
verify_server_key(result[:server_key])
session_id = verify_signature(result)
confirm_newkeys
return { session_id: session_id,
server_key: result[:server_key],
shared_secret: result[:shared_secret],
hashing_algorithm: digester }
end
private
def get_p
OpenSSL::BN.new(P_s, P_r)
end
def get_g
G
end
# Returns the DH key parameters for the current connection.
def get_parameters
[p, g]
end
# Returns the INIT/REPLY constants used by this algorithm.
def get_message_types
[KEXDH_INIT, KEXDH_REPLY]
end
# Build the signature buffer to use when verifying a signature from
# the server.
def build_signature_buffer(result)
response = Net::SSH::Buffer.new
response.write_string data[:client_version_string],
data[:server_version_string],
data[:client_algorithm_packet],
data[:server_algorithm_packet],
result[:key_blob]
response.write_bignum dh.pub_key,
result[:server_dh_pubkey],
result[:shared_secret]
response
end
# Generate a DH key with a private key consisting of the given
# number of bytes.
def generate_key #:nodoc:
dh = OpenSSL::PKey::DH.new
if dh.respond_to?(:set_pqg)
p, g = get_parameters
dh.set_pqg(p, nil, g)
else
dh.p, dh.g = get_parameters
end
dh.generate_key!
until dh.valid? && dh.priv_key.num_bytes == data[:need_bytes]
if dh.respond_to?(:set_key)
dh.set_key(nil, OpenSSL::BN.rand(data[:need_bytes] * 8))
else
dh.priv_key = OpenSSL::BN.rand(data[:need_bytes] * 8)
end
dh.generate_key!
end
dh
end
# Send the KEXDH_INIT message, and expect the KEXDH_REPLY. Return the
# resulting buffer.
#
# Parse the buffer from a KEXDH_REPLY message, returning a hash of
# the extracted values.
def send_kexinit #:nodoc:
init, reply = get_message_types
# send the KEXDH_INIT message
buffer = Net::SSH::Buffer.from(:byte, init, :bignum, dh.pub_key)
connection.send_message(buffer)
# expect the KEXDH_REPLY message
buffer = connection.next_message
raise Net::SSH::Exception, "expected REPLY" unless buffer.type == reply
result = Hash.new
result[:key_blob] = buffer.read_string
result[:server_key] = Net::SSH::Buffer.new(result[:key_blob]).read_key
result[:server_dh_pubkey] = buffer.read_bignum
result[:shared_secret] = OpenSSL::BN.new(dh.compute_key(result[:server_dh_pubkey]), 2)
sig_buffer = Net::SSH::Buffer.new(buffer.read_string)
sig_type = sig_buffer.read_string
if sig_type != algorithms.host_key
raise Net::SSH::Exception,
"host key algorithm mismatch for signature " +
"'#{sig_type}' != '#{algorithms.host_key}'"
end
result[:server_sig] = sig_buffer.read_string
return result
end
# Verify that the given key is of the expected type, and that it
# really is the key for the session's host. Raise Net::SSH::Exception
# if it is not.
def verify_server_key(key) #:nodoc:
if key.ssh_type != algorithms.host_key
raise Net::SSH::Exception,
"host key algorithm mismatch " +
"'#{key.ssh_type}' != '#{algorithms.host_key}'"
end
blob, fingerprint = generate_key_fingerprint(key)
raise Net::SSH::Exception, "host key verification failed" unless connection.host_key_verifier.verify(key: key, key_blob: blob, fingerprint: fingerprint, session: connection)
end
def generate_key_fingerprint(key)
blob = Net::SSH::Buffer.from(:key, key).to_s
fingerprint = OpenSSL::Digest::MD5.hexdigest(blob).scan(/../).join(":")
[blob, fingerprint]
rescue ::Exception => e
[nil, "(could not generate fingerprint: #{e.message})"]
end
# Verify the signature that was received. Raise Net::SSH::Exception
# if the signature could not be verified. Otherwise, return the new
# session-id.
def verify_signature(result) #:nodoc:
response = build_signature_buffer(result)
hash = @digester.digest(response.to_s)
raise Net::SSH::Exception, "could not verify server signature" unless result[:server_key].ssh_do_verify(result[:server_sig], hash)
return hash
end
# Send the NEWKEYS message, and expect the NEWKEYS message in
# reply.
def confirm_newkeys #:nodoc:
# send own NEWKEYS message first (the wodSSHServer won't send first)
response = Net::SSH::Buffer.new
response.write_byte(NEWKEYS)
connection.send_message(response)
# wait for the server's NEWKEYS message
buffer = connection.next_message
raise Net::SSH::Exception, "expected NEWKEYS" unless buffer.type == NEWKEYS
end
end
end
end
end
end
|
