Attached is a patch for the Ruby/OpenSSL module, done against the code in the snapshot.tar.gz file as currently available from http://www.ruby-lang.org.
This patch adds functionality necessary to support SSH operations. I have also added a new method to Cipher::Cipher: called "crypt". I did this because I couldn't get the update/final stuff to work. This may have been because I do not have a complete understanding of how they are *supposed* to work. Still, I have a very hacked-together SSH client in Ruby now, using the routines provided by this patch.
Attached is a patch for the Ruby/OpenSSL module, done against the code
in the snapshot.tar.gz file as currently available from http://www.ruby-lang.org.
Thanks a lot. Your patch seems a good solution. It will be
applied when the CVS service's back.
But a question. In ossl_pkey_dh.c, you made
dh_bignum_accessors without using OSSL_PKEY_BN and
DEF_OSSL_PKEY_BN. Does these macro have any problem?
This patch adds functionality necessary to support SSH operations. I
have also added a new method to Cipher::Cipher: called "crypt". I did
this because I couldn't get the update/final stuff to work. This may
have been because I do not have a complete understanding of how they are
*supposed* to work.
Cipher#update and Cipher#final return a String; it is a set
of streamable interface. I feel that Cipher#crypt may be
added if you need a block specific interface.
Thanks a lot. Your patch seems a good solution. It will be
applied when the CVS service's back.
But a question. In ossl_pkey_dh.c, you made
dh_bignum_accessors without using OSSL_PKEY_BN and
DEF_OSSL_PKEY_BN. Does these macro have any problem?
Hah! Forget I did that. I wrote those before I discovered the OSSL_PKEY_BN macros. I discovered them later and then used them (in the rsa and dsa modules). If you'd like, I'll fix the ossl_pkey_dh.c file and resubmit the patch. Let me know.
Cipher#update and Cipher#final return a String; it is a set
of streamable interface. I feel that Cipher#crypt may be
added if you need a block specific interface.
[snip]
Hmm. I tried all that, and it wouldn't give me the answer that the ssh server expected. Using Cipher#crypt, however, did (and it should, since it is modeled from the OpenSSH code).
Still, I have a very hacked-together SSH client in Ruby now, using the routines provided by this patch.
I look forward to reading it:)
I'm refactoring all of the (Net::SSH) code now, to make it more robust. I'm hoping to have something worthwhile to report in a few weeks.
But I dunno whether obfuscated code is a good advertisement for ruby.
···
* "John W. Long" <ng@johnwlong.com> wrote:
> --
> Jamis Buck
> jgb3@email.byu.edu
> http://www.jamisbuck.org/jamis
> ruby -h | ruby -e
> 'a=;readlines.join.scan(/-(.)\[e|Kk(\S*)|le.l(..)e|#!(\S*)/)
> {|r| a << r.compact.first };puts "\n>#{a.join(%q/ /)}<\n\n"'
This signature is amazing! How long did it take you to come up with
that? and what motivated you?
This signature is amazing! How long did it take you to come up with that? and what motivated you?
Hynek has it right -- it was inspired by the myriad "japh" sigs ("Just Another Perl Hacker"). And it took me far too long to come up with than I needed to spend on it.
Hynek is also right on another point: whereas Perl is more prone to obfuscation, one of the goals of Ruby is clarity. Thus, obfuscated sigs in Ruby are harder to generate than in Perl (IMO), and don't exactly encourage newbies to leap into Ruby. However, that doesn't keep some of us from writing them anyway...
Unfortunately, I've previously only posted to c.l.r from work, where I use
Google for usenet. So my nifty Ruby signature, which appears when I post from
my home newsreader, has not been seen on this newsgroup until now, even though
I've been using it since November.
···
--
Karl von Laudermann - karlvonl(a)rcn.com - http://www.geocities.com/~karlvonl
#!/usr/bin/env ruby
c=" .,:;i|+=ahHME8";def l(a,b,c)x=b-a;y=c-a;Math.sqrt(x*x+y*y)end;25.times{|y|
50.times{|x|print(l(12,x/2,y)<=12?((c[l(8,x/2,y).to_i]||36).chr):" ")};puts""}
GOTOU Yuuzou wrote:
> But a question. In ossl_pkey_dh.c, you made
> dh_bignum_accessors without using OSSL_PKEY_BN and
> DEF_OSSL_PKEY_BN. Does these macro have any problem?
Hah! Forget I did that. I wrote those before I discovered the
OSSL_PKEY_BN macros. I discovered them later and then used them (in the
rsa and dsa modules). If you'd like, I'll fix the ossl_pkey_dh.c file
and resubmit the patch. Let me know.
I did it. No need to re-post.
Hmm. I tried all that, and it wouldn't give me the answer that the ssh
server expected. Using Cipher#crypt, however, did (and it should, since
it is modeled from the OpenSSH code).
Hehe, mine can even do cool graphics
(you need ImageMagick's display to see it)
···
On Tue, Jun 15, 2004 at 10:13:07PM +0900, Jamis Buck wrote:
John W. Long wrote:
>Jamis Buck wrote:
> > --
> > Jamis Buck
> > jgb3@email.byu.edu
> > http://www.jamisbuck.org/jamis
>
> > ruby -h | ruby -e
> > 'a=;readlines.join.scan(/-(.)\[e|Kk(\S*)|le.l(..)e|#!(\S*)/)
> > {|r| a << r.compact.first };puts "\n>#{a.join(%q/ /)}<\n\n"'
>
>This signature is amazing! How long did it take you to come up with
>that? and what motivated you?
Hynek has it right -- it was inspired by the myriad "japh" sigs ("Just
Another Perl Hacker"). And it took me far too long to come up with than
I needed to spend on it.
Hynek is also right on another point: whereas Perl is more prone to
obfuscation, one of the goals of Ruby is clarity. Thus, obfuscated sigs
in Ruby are harder to generate than in Perl (IMO), and don't exactly
encourage newbies to leap into Ruby. However, that doesn't keep some of
us from writing them anyway...
At Tue, 15 Jun 2004 22:13:07 +0900,
Jamis Buck wrote in [ruby-talk:103666]:
Hynek is also right on another point: whereas Perl is more prone to
obfuscation, one of the goals of Ruby is clarity. Thus, obfuscated sigs
in Ruby are harder to generate than in Perl (IMO), and don't exactly
encourage newbies to leap into Ruby. However, that doesn't keep some of
us from writing them anyway...
Unfortunately, I've previously only posted to c.l.r from work, where I use Google for usenet. So my nifty Ruby signature, which appears when I post from my home newsreader, has not been seen on this newsgroup until now, even though I've been using it since November.
that's cool. Yet, it's missing the word ruby somewhere in the image
···
il Wed, 16 Jun 2004 22:07:06 -0400, Karl von Laudermann <karlvonl@rcn.com.invalid> ha scritto::
Unfortunately, I've previously only posted to c.l.r from work, where I use
Google for usenet. So my nifty Ruby signature, which appears when I post from
my home newsreader, has not been seen on this newsgroup until now, even though
I've been using it since November.
can't wait to see that I can think of several uses right off the top of my head.
I'm glad I'm not the only one that wants this. It's been a pretty challenging project! I've wanted this for some time, and I finally decided that it wasn't going to happen if I just kept waiting for someone else to do it. I'm a little nervous about releasing it to the general public, since (as I've stressed before) cryptography is not by strong point, by any stretch of the imagination, and reading through the SSH specs has really emphasized that for me. I've sure learned a ton about it in the last 3 weeks, though!
I finished refactoring my existing code just a few minutes ago. Now I've got the transport layer about 80% done and a proof-of-concept user-authentication service written (meaning it's really only about 10% done). To be written: the connection service, which (when finished) will be the real "meat and potatoes" of Net::SSH, since that will be the service that allows you to execute programs (for instance) on the remote host. Once that's done I'll probably bundle it up and release it, with the caveat that it's still experimental. At that point, I would REALLY appreciate feedback (and patches, preferably).
Also, I'm kind of lost as to how to write test cases for something like this. It's hard to (for instance) force the server to send something unexpected without writing your own server... Any tips?
But a question. In ossl_pkey_dh.c, you made
dh_bignum_accessors without using OSSL_PKEY_BN and
DEF_OSSL_PKEY_BN. Does these macro have any problem?
Hah! Forget I did that. I wrote those before I discovered the OSSL_PKEY_BN macros. I discovered them later and then used them (in the rsa and dsa modules). If you'd like, I'll fix the ossl_pkey_dh.c file and resubmit the patch. Let me know.
I did it. No need to re-post.
One other thing: I was advised off-list that the "crypt" method I added is unecessary, and I have verified that this is true. My problem was that I was not setting the padding. By setting the padding on the cipher to 0, I can use update/final without any problems. I.e.:
c = OpenSSL::Cipher::Cipher.new(...)
c.encrypt
c.key = ...
c.iv = ...
c.padding = 0 # <-- this is what I was missing
v = c.update( .... ) << c.final
p v
So... if you haven't already applied the patch, I can send you another one. Or you can just remove the definition of that "crypt" method I added.
il Mon, 14 Jun 2004 12:37:43 +0900, Jamis Buck <jgb3@email.byu.edu> ha scritto::
Also, I'm kind of lost as to how to write test cases for something like
this. It's hard to (for instance) force the server to send something
unexpected without writing your own server... Any tips?
One other thing: I was advised off-list that the "crypt" method I added
is unecessary, and I have verified that this is true. My problem was
that I was not setting the padding. By setting the padding on the cipher
to 0, I can use update/final without any problems. I.e.:
c = OpenSSL::Cipher::Cipher.new(...)
c.encrypt
c.key = ...
c.iv = ...
c.padding = 0 # <-- this is what I was missing
v = c.update( .... ) << c.final
p v
So... if you haven't already applied the patch, I can send you another
one. Or you can just remove the definition of that "crypt" method I added.
No problem. ossl_cipher.c was rolled back.
BTW, I'd like to change the type of the argument of Cipher#padding=.
It should take a boolean but an integer. (patch is attaced.)
# I'll add a workaround to treat backward compatibility if
# it is applied to Ruby 1.8.
regards,
--
gotoyuzo
--- ext/openssl/ossl_cipher.c 17 Sep 2003 09:05:02 -0000 1.4
+++ ext/openssl/ossl_cipher.c 14 Jun 2004 13:34:32 -0000
@@ -315,13 +282,16 @@ ossl_cipher_set_iv(VALUE self, VALUE iv)
static VALUE
ossl_cipher_set_padding(VALUE self, VALUE padding)
{
-#if defined(HAVE_ST_FLAGS)
+#if defined(HAVE_ST_FLAGS) || OPENSSL_VERSION_NUMBER >= 0x0090702fL
+ /*
+ * EVP_CIPHER_CTX_set_padding existed in an earlier versions of openssl.
+ * I don't know the exact version number, but it does exist in 0x0090702fL.
+ */
EVP_CIPHER_CTX *ctx;