diff options
| author | Tony Arcieri <bascule@gmail.com> | 2017-12-15 11:43:46 -0800 |
|---|---|---|
| committer | Miklos Fazekas <mfazekas@szemafor.com> | 2018-01-02 10:42:28 +0100 |
| commit | 1f32340536023390e2ab083b9258d750682ee7f0 (patch) | |
| tree | a0ebe79bfb1862482c9670baa5f4d67c7c399c6b | |
| parent | 9f2384dacd281b3bb353c82444501fdfba098dc0 (diff) | |
| download | net-ssh-1f32340536023390e2ab083b9258d750682ee7f0.tar.gz | |
Replace RbNaCl dependency with ed25519 gem
RbNaCl is a much more heavyweight dependency that is only being used for
Ed25519 signatures.
The ed25519 gem should install much more quickly.
This change otherwise preserves ed25519 being used as an optional
dependency and generally tries to keep as much as possible the same.
| -rw-r--r-- | .travis.yml | 4 | ||||
| -rw-r--r-- | Gemfile | 4 | ||||
| -rw-r--r-- | Gemfile.noed25519 (renamed from Gemfile.norbnacl) | 2 | ||||
| -rw-r--r-- | Gemfile.noed25519.lock (renamed from Gemfile.norbnacl.lock) | 28 | ||||
| -rw-r--r-- | README.rdoc | 2 | ||||
| -rw-r--r-- | appveyor.yml | 4 | ||||
| -rw-r--r-- | lib/net/ssh/authentication/agent.rb | 4 | ||||
| -rw-r--r-- | lib/net/ssh/authentication/ed25519.rb | 27 | ||||
| -rw-r--r-- | lib/net/ssh/authentication/ed25519_loader.rb | 3 | ||||
| -rw-r--r-- | net-ssh.gemspec | 5 | ||||
| -rw-r--r-- | test/authentication/test_agent.rb | 4 | ||||
| -rw-r--r-- | test/authentication/test_ed25519.rb | 4 | ||||
| -rw-r--r-- | test/integration/test_cert_user_auth.rb | 2 | ||||
| -rw-r--r-- | test/integration/test_ed25519_pkeys.rb | 2 |
14 files changed, 39 insertions, 56 deletions
diff --git a/.travis.yml b/.travis.yml index 4dd00b9..207d13c 100644 --- a/.travis.yml +++ b/.travis.yml @@ -40,7 +40,7 @@ install: - gem list bundler - bundle _1.16_ install - bundle _1.16_ -v - - BUNDLE_GEMFILE=./Gemfile.norbnacl bundle _1.16_ install + - BUNDLE_GEMFILE=./Gemfile.noed25519 bundle _1.16_ install - sudo ansible-galaxy install rvm_io.ruby - sudo chown -R travis:travis /home/travis/.ansible - ansible-playbook ./test/integration/playbook.yml -i "localhost," --become -c local -e 'no_rvm=true' -e 'myuser=travis' -e 'mygroup=travis' -e 'homedir=/home/travis' @@ -48,6 +48,6 @@ install: script: - ssh -V - bundle _1.16_ exec rake test - - BUNDLE_GEMFILE=./Gemfile.norbnacl bundle _1.16_ exec rake test + - BUNDLE_GEMFILE=./Gemfile.noed25519 bundle _1.16_ exec rake test - bundle _1.16_ exec rake test_test - bundle _1.16_ exec rubocop @@ -7,10 +7,6 @@ if !Gem.win_platform? && RUBY_ENGINE == "ruby" gem 'byebug', group: [:development, :test] end -if (Gem::Version.new(RUBY_VERSION) <=> Gem::Version.new("2.2.6")) < 0 - gem 'rbnacl', '< 4.0' -end - if ENV["CI"] gem 'codecov', require: false, group: :test gem 'simplecov', require: false, group: :test diff --git a/Gemfile.norbnacl b/Gemfile.noed25519 index 999aa32..b6c3576 100644 --- a/Gemfile.norbnacl +++ b/Gemfile.noed25519 @@ -1,6 +1,6 @@ source 'https://rubygems.org' -ENV['NET_SSH_NO_RBNACL'] = 'true' +ENV['NET_SSH_NO_ED25519'] = 'true' # Specify your gem's dependencies in mygem.gemspec gemspec diff --git a/Gemfile.norbnacl.lock b/Gemfile.noed25519.lock index a64c7da..3d15a2f 100644 --- a/Gemfile.norbnacl.lock +++ b/Gemfile.noed25519.lock @@ -1,33 +1,33 @@ PATH remote: . specs: - net-ssh (4.0.0) + net-ssh (4.2.0) GEM remote: https://rubygems.org/ specs: ast (2.3.0) metaclass (0.0.4) - minitest (5.10.1) - mocha (1.2.1) + minitest (5.10.3) + mocha (1.3.0) metaclass (~> 0.0.1) - parser (2.3.3.1) - ast (~> 2.2) + parser (2.4.0.2) + ast (~> 2.3) powerpack (0.1.1) - rainbow (2.1.0) - rake (12.0.0) - rubocop (0.46.0) - parser (>= 2.3.1.1, < 3.0) + rainbow (2.2.2) + rake + rake (12.3.0) + rubocop (0.47.1) + parser (>= 2.3.3.1, < 3.0) powerpack (~> 0.1) rainbow (>= 1.99.1, < 3.0) ruby-progressbar (~> 1.7) unicode-display_width (~> 1.0, >= 1.0.1) - ruby-progressbar (1.8.1) - unicode-display_width (1.1.2) + ruby-progressbar (1.9.0) + unicode-display_width (1.3.0) PLATFORMS ruby - x86-mingw32 DEPENDENCIES bundler (~> 1.11) @@ -35,7 +35,7 @@ DEPENDENCIES mocha (>= 1.2.1) net-ssh! rake (~> 12.0) - rubocop (~> 0.46.0) + rubocop (~> 0.47.0) BUNDLED WITH - 1.13.6 + 1.14.6 diff --git a/README.rdoc b/README.rdoc index 1545874..f774538 100644 --- a/README.rdoc +++ b/README.rdoc @@ -106,7 +106,7 @@ Then, when install the gem, do so with high security: If you don't add the public key, you'll see an error like "Couldn't verify data signature". If you're still having trouble let me know and I'll give you a hand. -For ed25519 public key auth support your bundle file should contain ```rbnacl-libsodium```, ```rbnacl```, ```bcrypt_pbkdf``` dependencies. +For ed25519 public key auth support your bundle file should contain ```ed25519```, ```bcrypt_pbkdf``` dependencies. == RUBY SUPPORT diff --git a/appveyor.yml b/appveyor.yml index 0fe7302..2beadc6 100644 --- a/appveyor.yml +++ b/appveyor.yml @@ -30,7 +30,7 @@ install: - if "%ruby_version%" == "jruby-9.1.2.0" ( SET "PATH=C:\jruby-9.1.2.0\bin\;%PATH%" ) - ruby --version - gem install bundler --no-document --user-install -v 1.16 - - SET BUNDLE_GEMFILE=Gemfile.norbnacl + - SET BUNDLE_GEMFILE=Gemfile.noed25519 - bundle install --retry=3 - cinst freesshd - cinst putty --allow-empty-checksums @@ -49,7 +49,7 @@ install: } test_script: - - SET BUNDLE_GEMFILE=Gemfile.norbnacl + - SET BUNDLE_GEMFILE=Gemfile.noed25519 - SET NET_SSH_RUN_WIN_INTEGRATION_TESTS=YES - bundle exec rake test diff --git a/lib/net/ssh/authentication/agent.rb b/lib/net/ssh/authentication/agent.rb index 1085d9c..f019458 100644 --- a/lib/net/ssh/authentication/agent.rb +++ b/lib/net/ssh/authentication/agent.rb @@ -238,12 +238,12 @@ module Net; module SSH; module Authentication Net::SSH::Buffer.from(:string, priv_key.to_blob, :bignum, priv_key.key.private_key).to_s when /^ssh-ed25519$/ Net::SSH::Buffer.from(:string, priv_key.public_key.verify_key.to_bytes, - :string, priv_key.sign_key.keypair_bytes).to_s + :string, priv_key.sign_key.keypair).to_s when /^ssh-ed25519-cert-v01@openssh\.com$/ # Unlike the other certificate types, the public key is included after the certifiate. Net::SSH::Buffer.from(:string, priv_key.to_blob, :string, priv_key.key.public_key.verify_key.to_bytes, - :string, priv_key.key.sign_key.keypair_bytes).to_s + :string, priv_key.key.sign_key.keypair).to_s when /^ssh-rsa$/ # `n` and `e` are reversed compared to the ordering in `OpenSSL::PKey::RSA#to_blob`. Net::SSH::Buffer.from(:bignum, priv_key.n, :bignum, priv_key.e, :bignum, priv_key.d, diff --git a/lib/net/ssh/authentication/ed25519.rb b/lib/net/ssh/authentication/ed25519.rb index a92011a..571a40c 100644 --- a/lib/net/ssh/authentication/ed25519.rb +++ b/lib/net/ssh/authentication/ed25519.rb @@ -1,16 +1,7 @@ -gem 'rbnacl', '>= 3.2.0', '< 5.0' +gem 'ed25519', '~> 1.2' gem 'bcrypt_pbkdf', '~> 1.0' unless RUBY_PLATFORM == "java" -begin - require 'rbnacl/libsodium' -rescue LoadError # rubocop:disable Lint/HandleExceptions -end - -require 'rbnacl' -require 'rbnacl/signatures/ed25519/verify_key' -require 'rbnacl/signatures/ed25519/signing_key' - -require 'rbnacl/hash' +require 'ed25519' require 'base64' @@ -19,10 +10,12 @@ require 'bcrypt_pbkdf' unless RUBY_PLATFORM == "java" module Net; module SSH; module Authentication module ED25519 - class SigningKeyFromFile < RbNaCl::Signatures::Ed25519::SigningKey + class SigningKeyFromFile < SimpleDelegator def initialize(pk,sk) - @signing_key = sk - @verify_key = RbNaCl::Signatures::Ed25519::VerifyKey.new(pk) + key = ::Ed25519::SigningKey.from_keypair(sk) + raise ArgumentError, "pk does not match sk" unless pk == key.verify_key.to_bytes + + super(key) end end @@ -30,7 +23,7 @@ module ED25519 attr_reader :verify_key def initialize(data) - @verify_key = RbNaCl::Signatures::Ed25519::VerifyKey.new(data) + @verify_key = ::Ed25519::VerifyKey.new(data) end def self.read_keyblob(buffer) @@ -151,10 +144,6 @@ module ED25519 def self.read(data,password) self.new(data,password) end - - def self.read_keyblob(buffer) - ED25519::PubKey.read_keyblob(buffer) - end end end end; end; end diff --git a/lib/net/ssh/authentication/ed25519_loader.rb b/lib/net/ssh/authentication/ed25519_loader.rb index 5c3d43f..5d31205 100644 --- a/lib/net/ssh/authentication/ed25519_loader.rb +++ b/lib/net/ssh/authentication/ed25519_loader.rb @@ -21,8 +21,7 @@ end def self.dependenciesRequiredForED25519 result = "net-ssh requires the following gems for ed25519 support:\n" - result << " * rbnacl (>= 3.2, < 5.0)\n" - result << " * rbnacl-libsodium, if your system doesn't have libsodium installed.\n" + result << " * ed25519 (>= 1.2, < 2.0)\n" result << " * bcrypt_pbkdf (>= 1.0, < 2.0)\n" unless RUBY_PLATFORM == "java" result << "See https://github.com/net-ssh/net-ssh/issues/478 for more information\n" end diff --git a/net-ssh.gemspec b/net-ssh.gemspec index 91ab190..f50aa55 100644 --- a/net-ssh.gemspec +++ b/net-ssh.gemspec @@ -28,9 +28,8 @@ Gem::Specification.new do |spec| spec.executables = spec.files.grep(%r{^exe/}) { |f| File.basename(f) } spec.require_paths = ["lib"] - unless ENV['NET_SSH_NO_RBNACL'] - spec.add_development_dependency("rbnacl-libsodium", "~> 1.0.11") - spec.add_development_dependency("rbnacl", ['>= 3.2.0','< 5.0']) + unless ENV['NET_SSH_NO_ED25519'] + spec.add_development_dependency("ed25519", "~> 1.2") spec.add_development_dependency("bcrypt_pbkdf", "~> 1.0") unless RUBY_PLATFORM == "java" end diff --git a/test/authentication/test_agent.rb b/test/authentication/test_agent.rb index 78659c2..92fb862 100644 --- a/test/authentication/test_agent.rb +++ b/test/authentication/test_agent.rb @@ -312,7 +312,7 @@ EOF assert_equal SSH2_AGENT_ADD_IDENTITY, type assert_equal buffer.read_string, "ssh-ed25519" assert_equal buffer.read_string, ed25519.public_key.verify_key.to_bytes - assert_equal buffer.read_string, ed25519.sign_key.keypair_bytes + assert_equal buffer.read_string, ed25519.sign_key.keypair assert_equal 'foobar', buffer.read_string assert buffer.eof? @@ -330,7 +330,7 @@ EOF assert_equal buffer.read_string, "ssh-ed25519-cert-v01@openssh.com" assert_equal buffer.read_string, cert.to_blob assert_equal buffer.read_string, cert.key.public_key.verify_key.to_bytes - assert_equal buffer.read_string, cert.key.sign_key.keypair_bytes + assert_equal buffer.read_string, cert.key.sign_key.keypair assert_equal 'foobar', buffer.read_string assert buffer.eof? diff --git a/test/authentication/test_ed25519.rb b/test/authentication/test_ed25519.rb index f4a1931..e9e10fd 100644 --- a/test/authentication/test_ed25519.rb +++ b/test/authentication/test_ed25519.rb @@ -1,4 +1,4 @@ -unless ENV['NET_SSH_NO_RBNACL'] +unless ENV['NET_SSH_NO_ED25519'] require 'common' require 'net/ssh/authentication/ed25519_loader' @@ -8,7 +8,7 @@ module Authentication class TestED25519 < NetSSHTest def setup - raise "No ED25519 set NET_SSH_NO_RBNACL to ignore this test" unless Net::SSH::Authentication::ED25519Loader::LOADED + raise "No ED25519 set NET_SSH_NO_ED25519 to ignore this test" unless Net::SSH::Authentication::ED25519Loader::LOADED end def test_no_pwd_key diff --git a/test/integration/test_cert_user_auth.rb b/test/integration/test_cert_user_auth.rb index 4045943..382d88f 100644 --- a/test/integration/test_cert_user_auth.rb +++ b/test/integration/test_cert_user_auth.rb @@ -5,7 +5,7 @@ require 'net/ssh' # 1. cert files: /etc/ssh/users_ca and /etc/ssh/users_ca.pub and # 2. /etc/ssh/sshd_config: TrustedUserCAKeys /etc/ssh/users_ca.pub -unless ENV['NET_SSH_NO_RBNACL'] +unless ENV['NET_SSH_NO_ED25519'] class TestCertUserAuth < NetSSHTest include IntegrationTestHelpers diff --git a/test/integration/test_ed25519_pkeys.rb b/test/integration/test_ed25519_pkeys.rb index 56efcee..4e17e0c 100644 --- a/test/integration/test_ed25519_pkeys.rb +++ b/test/integration/test_ed25519_pkeys.rb @@ -4,7 +4,7 @@ require 'tmpdir' require 'net/ssh' -unless ENV['NET_SSH_NO_RBNACL'] +unless ENV['NET_SSH_NO_ED25519'] # see Vagrantfile,playbook for env. # we're running as net_ssh_1 user password foo # and usually connecting to net_ssh_2 user password foo2pwd |