File: //usr/share/rubygems-integration/all/gems/net-ssh-6.1.0/lib/net/ssh/transport/kex/abstract5656.rb
require 'net/ssh/transport/kex/abstract'
module Net
module SSH
module Transport
module Kex
# Implement key-exchange algorithm from Elliptic Curve Algorithm Integration
# in the Secure Shell Transport Layer (RFC 5656)
class Abstract5656 < Abstract
alias ecdh dh
def curve_name
raise NotImplementedError, 'abstract class: curve_name not implemented'
end
private
def get_message_types
[KEXECDH_INIT, KEXECDH_REPLY]
end
def build_signature_buffer(result)
response = Net::SSH::Buffer.new
response.write_string data[:client_version_string],
data[:server_version_string],
data[:client_algorithm_packet],
data[:server_algorithm_packet],
result[:key_blob],
ecdh_public_key_bytes,
result[:server_ecdh_pubkey]
response.write_bignum result[:shared_secret]
response
end
def send_kexinit #:nodoc:
init, reply = get_message_types
# send the KEXECDH_INIT message
## byte SSH_MSG_KEX_ECDH_INIT
## string Q_C, client's ephemeral public key octet string
buffer = Net::SSH::Buffer.from(:byte, init, :mstring, ecdh_public_key_bytes)
connection.send_message(buffer)
# expect the following KEXECDH_REPLY message
## byte SSH_MSG_KEX_ECDH_REPLY
## string K_S, server's public host key
## string Q_S, server's ephemeral public key octet string
## string the signature on the exchange hash
buffer = connection.next_message
raise Net::SSH::Exception, 'expected REPLY' unless buffer.type == reply
result = {}
result[:key_blob] = buffer.read_string
result[:server_key] = Net::SSH::Buffer.new(result[:key_blob]).read_key
result[:server_ecdh_pubkey] = buffer.read_string
result[:shared_secret] = compute_shared_secret(result[:server_ecdh_pubkey])
sig_buffer = Net::SSH::Buffer.new(buffer.read_string)
sig_type = sig_buffer.read_string
if sig_type != algorithms.host_key_format
raise Net::SSH::Exception, "host key algorithm mismatch for signature '#{sig_type}' != '#{algorithms.host_key_format}'"
end
result[:server_sig] = sig_buffer.read_string
result
end
end
end
end
end
end