Module: HrrRbSsh::Transport::KexAlgorithm::DiffieHellmanGroupExchange

Includes:
IvComputable
Included in:
DiffieHellmanGroupExchangeSha1, DiffieHellmanGroupExchangeSha256
Defined in:
lib/hrr_rb_ssh/transport/kex_algorithm/diffie_hellman_group_exchange.rb,
lib/hrr_rb_ssh/transport/kex_algorithm/diffie_hellman_group_exchange/h0.rb

Defined Under Namespace

Modules: H0

Instance Method Summary collapse

Methods included from IvComputable

#build_key, #iv_c_to_s, #iv_s_to_c, #key_c_to_s, #key_s_to_c, #mac_c_to_s, #mac_s_to_c

Instance Method Details

#hash(transport) ⇒ Object 



78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
 
# File 'lib/hrr_rb_ssh/transport/kex_algorithm/diffie_hellman_group_exchange.rb', line 78

def hash transport
  h0_payload = {
    :'V_C' => transport.v_c,
    :'V_S' => transport.v_s,
    :'I_C' => transport.i_c,
    :'I_S' => transport.i_s,
    :'K_S' => @k_s,
    :'min' => @min,
    :'n'   => @n,
    :'max' => @max,
    :'p'   => @p,
    :'g'   => @g,
    :'e'   => @e,
    :'f'   => @f,
    :'k'   => @shared_secret,
  }
  h0 = H0.encode h0_payload
  h = OpenSSL::Digest.digest self.class::DIGEST, h0
end

#initializeObject 



15
16
17
 
# File 'lib/hrr_rb_ssh/transport/kex_algorithm/diffie_hellman_group_exchange.rb', line 15

def initialize
  @logger = Logger.new(self.class.name)
end

#initialize_dh(pg = nil) ⇒ Object 



54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
 
# File 'lib/hrr_rb_ssh/transport/kex_algorithm/diffie_hellman_group_exchange.rb', line 54

def initialize_dh pg=nil
  unless pg
    p_list = KexAlgorithm.list_supported.map{ |e| KexAlgorithm[e] }.select{ |e| e.const_defined?(:P) }.map{ |e| [OpenSSL::BN.new(e::P,16).num_bits, e::P] }.sort_by{ |e| e[0] }.reverse
    candidate = p_list.find{ |e| e[0] <= @n }
    raise unless (@min .. @max).include?(candidate[0])
    p, g = candidate[1], 2
  else
    p, g = pg
  end
  @dh = OpenSSL::PKey::DH.new
  if @dh.respond_to?(:set_pqg)
    @dh.set_pqg OpenSSL::BN.new(p, 16), nil, OpenSSL::BN.new(g)
  else
    @dh.p = OpenSSL::BN.new(p, 16)
    @dh.g = OpenSSL::BN.new(g)
  end
  @dh.generate_key!
  @public_key = @dh.pub_key.to_i
end

#receive_kex_dh_gex_group(payload) ⇒ Object 



143
144
145
 
# File 'lib/hrr_rb_ssh/transport/kex_algorithm/diffie_hellman_group_exchange.rb', line 143

def receive_kex_dh_gex_group payload
  Message::SSH_MSG_KEX_DH_GEX_GROUP.decode payload
end

#receive_kex_dh_gex_init(payload) ⇒ Object 



117
118
119
 
# File 'lib/hrr_rb_ssh/transport/kex_algorithm/diffie_hellman_group_exchange.rb', line 117

def receive_kex_dh_gex_init payload
  Message::SSH_MSG_KEX_DH_GEX_INIT.decode payload
end

#receive_kex_dh_gex_reply(payload) ⇒ Object 



156
157
158
 
# File 'lib/hrr_rb_ssh/transport/kex_algorithm/diffie_hellman_group_exchange.rb', line 156

def receive_kex_dh_gex_reply payload
  Message::SSH_MSG_KEX_DH_GEX_REPLY.decode payload
end

#receive_kex_dh_gex_request(payload) ⇒ Object 



103
104
105
 
# File 'lib/hrr_rb_ssh/transport/kex_algorithm/diffie_hellman_group_exchange.rb', line 103

def receive_kex_dh_gex_request payload
  Message::SSH_MSG_KEX_DH_GEX_REQUEST.decode payload
end

#send_kex_dh_gex_group(transport) ⇒ Object 



107
108
109
110
111
112
113
114
115
 
# File 'lib/hrr_rb_ssh/transport/kex_algorithm/diffie_hellman_group_exchange.rb', line 107

def send_kex_dh_gex_group transport
  message = {
    :'message number' => Message::SSH_MSG_KEX_DH_GEX_GROUP::VALUE,
    :'p'              => @p,
    :'g'              => @g,
  }
  payload = Message::SSH_MSG_KEX_DH_GEX_GROUP.encode message
  transport.send payload
end

#send_kex_dh_gex_init(transport) ⇒ Object 



147
148
149
150
151
152
153
154
 
# File 'lib/hrr_rb_ssh/transport/kex_algorithm/diffie_hellman_group_exchange.rb', line 147

def send_kex_dh_gex_init transport
  message = {
    :'message number' => Message::SSH_MSG_KEX_DH_GEX_INIT::VALUE,
    :'e'              => @e,
  }
  payload = Message::SSH_MSG_KEX_DH_GEX_INIT.encode message
  transport.send payload
end

#send_kex_dh_gex_reply(transport) ⇒ Object 



121
122
123
124
125
126
127
128
129
130
 
# File 'lib/hrr_rb_ssh/transport/kex_algorithm/diffie_hellman_group_exchange.rb', line 121

def send_kex_dh_gex_reply transport
  message = {
    :'message number'                                => Message::SSH_MSG_KEX_DH_GEX_REPLY::VALUE,
    :'server public host key and certificates (K_S)' => @k_s,
    :'f'                                             => @f,
    :'signature of H'                                => sign(transport),
  }
  payload = Message::SSH_MSG_KEX_DH_GEX_REPLY.encode message
  transport.send payload
end

#send_kex_dh_gex_request(transport) ⇒ Object 



132
133
134
135
136
137
138
139
140
141
 
# File 'lib/hrr_rb_ssh/transport/kex_algorithm/diffie_hellman_group_exchange.rb', line 132

def send_kex_dh_gex_request transport
  message = {
    :'message number' => Message::SSH_MSG_KEX_DH_GEX_REQUEST::VALUE,
    :'min'            => @min,
    :'n'              => @n,
    :'max'            => @max,
  }
  payload = Message::SSH_MSG_KEX_DH_GEX_REQUEST.encode message
  transport.send payload
end

#shared_secretObject 



74
75
76
 
# File 'lib/hrr_rb_ssh/transport/kex_algorithm/diffie_hellman_group_exchange.rb', line 74

def shared_secret
  @shared_secret
end

#sign(transport) ⇒ Object 



98
99
100
101
 
# File 'lib/hrr_rb_ssh/transport/kex_algorithm/diffie_hellman_group_exchange.rb', line 98

def sign transport
  h = hash transport
  s = transport.server_host_key_algorithm.sign h
end

#start(transport) ⇒ Object 



19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
 
# File 'lib/hrr_rb_ssh/transport/kex_algorithm/diffie_hellman_group_exchange.rb', line 19

def start transport
  case transport.mode
  when Mode::SERVER
    message = receive_kex_dh_gex_request transport.receive
    @min = message[:'min']
    @n   = message[:'n']
    @max = message[:'max']
    initialize_dh
    @p = @dh.p.to_i
    @g = @dh.g.to_i
    send_kex_dh_gex_group transport
    @k_s = transport.server_host_key_algorithm.server_public_host_key
    @f   = @public_key
    message = receive_kex_dh_gex_init transport.receive
    @e   = message[:'e']
    @shared_secret = OpenSSL::BN.new(@dh.compute_key(OpenSSL::BN.new(@e)), 2).to_i
    send_kex_dh_gex_reply transport
  when Mode::CLIENT
    @min = 1024
    @n   = 2048
    @max = 8192
    send_kex_dh_gex_request transport
    message = receive_kex_dh_gex_group transport.receive
    @p   = message[:'p']
    @g   = message[:'g']
    initialize_dh [@p, @g]
    @e   = @public_key
    send_kex_dh_gex_init transport
    message = receive_kex_dh_gex_reply transport.receive
    @k_s = message[:'server public host key and certificates (K_S)']
    @f   = message[:'f']
    @shared_secret = OpenSSL::BN.new(@dh.compute_key(OpenSSL::BN.new(@f)), 2).to_i
  end
end