From 4e894385dba69227fde6a5b402b169ec4621a356 Mon Sep 17 00:00:00 2001 From: Niclas Eklund Date: Mon, 20 Dec 2010 17:05:39 +0100 Subject: OTP-8987 In some cases SSH returned {error, normal} when a channel was terminated unexpectedly. This has now been changed to {error, channel_closed}. OTP-8986 It is now possible to use SSH to sign and verify binary data. --- lib/ssh/doc/src/notes.xml | 25 +++++++++++++++++++++ lib/ssh/doc/src/ssh.xml | 32 ++++++++++++++++++++++++++ lib/ssh/src/ssh.erl | 41 ++++++++++++++++++++++++++++++++++ lib/ssh/src/ssh_connection_manager.erl | 6 ++--- lib/ssh/src/ssh_file.erl | 9 ++++++-- lib/ssh/src/ssh_rsa.erl | 3 +-- lib/ssh/vsn.mk | 2 +- 7 files changed, 110 insertions(+), 8 deletions(-) (limited to 'lib') diff --git a/lib/ssh/doc/src/notes.xml b/lib/ssh/doc/src/notes.xml index 9bedd446f4..d2ec7b4097 100644 --- a/lib/ssh/doc/src/notes.xml +++ b/lib/ssh/doc/src/notes.xml @@ -29,6 +29,31 @@ notes.xml +
Ssh 2.0.4 +
Fixed Bugs and Malfunctions + + +

In some cases SSH returned {error, normal} when a channel was terminated + unexpectedly. This has now been changed to {error, channel_closed}.

+

+ *** POTENTIAL INCOMPATIBILITY ***

+

+ Own Id: OTP-8986 Aux Id: seq11748

+ + +
+
Improvements and New Features + + +

+ It is now possible to use SSH to sign and verify binary data.

+

+ Own Id: OTP-8986

+ + +
+
+
Ssh 2.0.3
Fixed Bugs and Malfunctions diff --git a/lib/ssh/doc/src/ssh.xml b/lib/ssh/doc/src/ssh.xml index 71e6b2cd3d..2c5096a25f 100644 --- a/lib/ssh/doc/src/ssh.xml +++ b/lib/ssh/doc/src/ssh.xml @@ -282,6 +282,22 @@ + + sign_data(Data, Algorithm) -> Signature | {error, Reason} + + + Data = binary() + Algorithm = "ssh-rsa" + Signature = binary() + Reason = term() + + +

Signs the supplied binary using the SSH key. +

+ + + + start() -> start(Type) -> ok | {error, Reason} @@ -339,6 +355,22 @@ by the listener up and running.

 + + + verify_data(Data, Signature, Algorithm) -> ok | {error, Reason} + + + Data = binary() + Algorithm = "ssh-rsa" + Signature = binary() + Reason = term() + + +

Verifies the supplied binary against the binary signature. +

+ + + diff --git a/lib/ssh/src/ssh.erl b/lib/ssh/src/ssh.erl index 994c77436a..b7f56b1b38 100644 --- a/lib/ssh/src/ssh.erl +++ b/lib/ssh/src/ssh.erl @@ -30,6 +30,8 @@ stop_listener/1, stop_listener/2, stop_daemon/1, stop_daemon/2, shell/1, shell/2, shell/3]). +-export([sign_data/2, verify_data/3]). + %%-------------------------------------------------------------------- %% Function: start([, Type]) -> ok %% @@ -95,6 +97,8 @@ connect(Host, Port, Options, Timeout) -> {error, Other}; {'DOWN', MRef, _, Manager, Reason} when is_pid(Manager) -> receive %% Clear EXIT message from queue + {'EXIT', Manager, _What} when Reason == normal -> + {error, channel_closed}; {'EXIT', Manager, _What} -> {error, Reason} after 0 -> @@ -239,6 +243,43 @@ shell(Host, Port, Options) -> Error end. + +%%-------------------------------------------------------------------- +%% Function: sign_data(Data, Algorithm) -> binary() | +%% {error, Reason} +%% +%% Data = binary() +%% Algorithm = "ssh-rsa" +%% +%% Description: Use SSH key to sign data. +%%-------------------------------------------------------------------- +sign_data(Data, Algorithm) when is_binary(Data) -> + case ssh_file:private_identity_key(Algorithm,[]) of + {ok, Key} when Algorithm == "ssh-rsa" -> + ssh_rsa:sign(Key, Data); + Error -> + Error + end. + +%%-------------------------------------------------------------------- +%% Function: verify_data(Data, Signature, Algorithm) -> ok | +%% {error, Reason} +%% +%% Data = binary() +%% Signature = binary() +%% Algorithm = "ssh-rsa" +%% +%% Description: Use SSH signature to verify data. +%%-------------------------------------------------------------------- +verify_data(Data, Signature, Algorithm) when is_binary(Data), is_binary(Signature) -> + case ssh_file:public_identity_key(Algorithm, []) of + {ok, Key} when Algorithm == "ssh-rsa" -> + ssh_rsa:verify(Key, Data, Signature); + Error -> + Error + end. + + %%-------------------------------------------------------------------- %%% Internal functions %%-------------------------------------------------------------------- diff --git a/lib/ssh/src/ssh_connection_manager.erl b/lib/ssh/src/ssh_connection_manager.erl index 6bf89224cf..9bfd5270da 100644 --- a/lib/ssh/src/ssh_connection_manager.erl +++ b/lib/ssh/src/ssh_connection_manager.erl @@ -147,7 +147,7 @@ close(ConnectionManager, ChannelId) -> try call(ConnectionManager, {close, ChannelId}) of ok -> ok; - {error,normal} -> + {error, channel_closed} -> ok catch exit:{noproc, _} -> @@ -158,7 +158,7 @@ stop(ConnectionManager) -> try call(ConnectionManager, stop) of ok -> ok; - {error,normal} -> + {error, channel_closed} -> ok catch exit:{noproc, _} -> @@ -604,7 +604,7 @@ call(Pid, Msg, Timeout) -> exit:{timeout, _} -> {error, timeout}; exit:{normal, _} -> - {error, normal} + {error, channel_closed} end. cast(Pid, Msg) -> diff --git a/lib/ssh/src/ssh_file.erl b/lib/ssh/src/ssh_file.erl index 13722656db..cd0d01c546 100755 --- a/lib/ssh/src/ssh_file.erl +++ b/lib/ssh/src/ssh_file.erl @@ -33,8 +33,8 @@ lookup_host_key/3, add_host_key/3, % del_host_key/2, lookup_user_key/3, ssh_dir/2, file_name/3]). --export([private_identity_key/2]). -%% , public_identity_key/2, +-export([private_identity_key/2, + public_identity_key/2]). %% identity_keys/2]). -export([encode_public_key/1, decode_public_key_v2/2]). @@ -140,6 +140,11 @@ private_identity_key(Alg, Opts) -> Path = file_name(user, identity_key_filename(Alg), Opts), read_private_key_v2(Path, Alg). +public_identity_key(Alg, Opts) -> + Path = file_name(user, identity_key_filename(Alg) ++ ".pub", Opts), + read_public_key_v2(Path, Alg). + + read_public_key_v2(File, Type) -> case file:read_file(File) of {ok,Bin} -> diff --git a/lib/ssh/src/ssh_rsa.erl b/lib/ssh/src/ssh_rsa.erl index e27cdcf7bd..91b8285b2e 100755 --- a/lib/ssh/src/ssh_rsa.erl +++ b/lib/ssh/src/ssh_rsa.erl @@ -202,8 +202,7 @@ rsassa_pkcs1_v1_5_verify(Public=#ssh_key { public={N,_E}}, Mb, Sb) -> case emsa_pkcs1_v1_5_encode(Mb, K) of EM -> ok; _S -> - io:format("S: ~p~n", [_S]), - {error, invalid_signature} % exit(invalid_signature) + {error, invalid_signature} end. diff --git a/lib/ssh/vsn.mk b/lib/ssh/vsn.mk index db03168ad9..51f9f47446 100644 --- a/lib/ssh/vsn.mk +++ b/lib/ssh/vsn.mk @@ -1,5 +1,5 @@ #-*-makefile-*- ; force emacs to enter makefile-mode -SSH_VSN = 2.0.3 +SSH_VSN = 2.0.4 APP_VSN = "ssh-$(SSH_VSN)" -- cgit v1.2.3 From 264e7630339604f9113c57b99216f7cf35768580 Mon Sep 17 00:00:00 2001 From: Niclas Eklund Date: Mon, 20 Dec 2010 17:07:49 +0100 Subject: Release note contained wrong ticker number. --- lib/ssh/doc/src/notes.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib') diff --git a/lib/ssh/doc/src/notes.xml b/lib/ssh/doc/src/notes.xml index d2ec7b4097..8d73c033be 100644 --- a/lib/ssh/doc/src/notes.xml +++ b/lib/ssh/doc/src/notes.xml @@ -38,7 +38,7 @@

*** POTENTIAL INCOMPATIBILITY ***

- Own Id: OTP-8986 Aux Id: seq11748

+ Own Id: OTP-8987 Aux Id: seq11748
-- cgit v1.2.3 From d9e039164f2eb1dce7b37e24371d1be8d82b6c92 Mon Sep 17 00:00:00 2001 From: Niclas Eklund Date: Mon, 27 Dec 2010 14:56:05 +0100 Subject: Improved error handling for ssh:connect/3/4. --- lib/ssh/src/ssh.erl | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) (limited to 'lib') diff --git a/lib/ssh/src/ssh.erl b/lib/ssh/src/ssh.erl index b7f56b1b38..cada109df0 100644 --- a/lib/ssh/src/ssh.erl +++ b/lib/ssh/src/ssh.erl @@ -96,13 +96,17 @@ connect(Host, Port, Options, Timeout) -> do_demonitor(MRef, Manager), {error, Other}; {'DOWN', MRef, _, Manager, Reason} when is_pid(Manager) -> + error_logger:warning_report([{ssh, connect}, + {diagnose, + "Connection was closed before properly set up."}, + {host, Host}, + {port, Port}, + {reason, Reason}]), receive %% Clear EXIT message from queue - {'EXIT', Manager, _What} when Reason == normal -> - {error, channel_closed}; {'EXIT', Manager, _What} -> - {error, Reason} + {error, channel_closed} after 0 -> - {error, Reason} + {error, channel_closed} end after Timeout -> do_demonitor(MRef, Manager), -- cgit v1.2.3 From 0a0c3227283db6db232aa93886e73ebd0fae8f20 Mon Sep 17 00:00:00 2001 From: Niclas Eklund Date: Thu, 20 Jan 2011 10:40:00 +0100 Subject: Added updated modules to the appup file. --- lib/ssh/src/ssh.appup.src | 20 +++++++++++++++++--- 1 file changed, 17 insertions(+), 3 deletions(-) (limited to 'lib') diff --git a/lib/ssh/src/ssh.appup.src b/lib/ssh/src/ssh.appup.src index 9c806bcd03..3bd86a2a01 100644 --- a/lib/ssh/src/ssh.appup.src +++ b/lib/ssh/src/ssh.appup.src @@ -1,7 +1,7 @@ %% %% %CopyrightBegin% %% -%% Copyright Ericsson AB 2004-2010. All Rights Reserved. +%% Copyright Ericsson AB 2004-2011. All Rights Reserved. %% %% The contents of this file are subject to the Erlang Public License, %% Version 1.1, (the "License"); you may not use this file except in @@ -19,11 +19,25 @@ {"%VSN%", [ - {"2.0.2", [{load_module, ssh_file, soft_purge, soft_purge, []}]}, + {"2.0.3", [{load_module, ssh_file, soft_purge, soft_purge, []}, + {load_module, ssh, soft_purge, soft_purge, []}, + {load_module, ssh_rsa, soft_purge, soft_purge, []}, + {load_module, ssh_connection_manager, soft_purge, soft_purge, []}]}, + {"2.0.2", [{load_module, ssh_file, soft_purge, soft_purge, []}, + {load_module, ssh, soft_purge, soft_purge, []}, + {load_module, ssh_rsa, soft_purge, soft_purge, []}, + {load_module, ssh_connection_manager, soft_purge, soft_purge, []}]}, {"2.0.1", [{restart_application, ssh}]} ], [ - {"2.0.2", [{load_module, ssh_file, soft_purge, soft_purge, []}]}, + {"2.0.3", [{load_module, ssh_file, soft_purge, soft_purge, []}, + {load_module, ssh, soft_purge, soft_purge, []}, + {load_module, ssh_rsa, soft_purge, soft_purge, []}, + {load_module, ssh_connection_manager, soft_purge, soft_purge, []}]}, + {"2.0.2", [{load_module, ssh_file, soft_purge, soft_purge, []}, + {load_module, ssh, soft_purge, soft_purge, []}, + {load_module, ssh_rsa, soft_purge, soft_purge, []}, + {load_module, ssh_connection_manager, soft_purge, soft_purge, []}]}, {"2.0.1", [{restart_application, ssh}]} ] }. -- cgit v1.2.3 From 07647272d13eba11304790b4cb964efae3c722a3 Mon Sep 17 00:00:00 2001 From: Niclas Eklund Date: Thu, 20 Jan 2011 12:10:15 +0100 Subject: Changed year in copyright header. --- lib/ssh/doc/src/notes.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib') diff --git a/lib/ssh/doc/src/notes.xml b/lib/ssh/doc/src/notes.xml index 8d73c033be..2867de338c 100644 --- a/lib/ssh/doc/src/notes.xml +++ b/lib/ssh/doc/src/notes.xml @@ -4,7 +4,7 @@
- 20042010 + 20042011 Ericsson AB. All Rights Reserved. -- cgit v1.2.3 From 1a9b4c4e0a799a3573f28f005da8b6a35a53fadc Mon Sep 17 00:00:00 2001 From: Niclas Eklund Date: Thu, 20 Jan 2011 12:25:16 +0100 Subject: Updated notes file. --- lib/ssh/doc/src/notes.xml | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) (limited to 'lib') diff --git a/lib/ssh/doc/src/notes.xml b/lib/ssh/doc/src/notes.xml index 2867de338c..af667b1a71 100644 --- a/lib/ssh/doc/src/notes.xml +++ b/lib/ssh/doc/src/notes.xml @@ -40,6 +40,13 @@

Own Id: OTP-8987 Aux Id: seq11748

+ +

+ SSH did not handle the error reason enetunreach + when trying to open a IPv6 connection.

+

+ Own Id: OTP-9031

+
Improvements and New Features @@ -50,9 +57,16 @@

Own Id: OTP-8986

+ +

+ SSH now ensures that the .ssh directory exists before trying + to access files located in that directory.

+

+ Own Id: OTP-9010

+
- +
Ssh 2.0.3
Fixed Bugs and Malfunctions -- cgit v1.2.3 From afdb12f28b7b66452dd0bd83c8f539aee4e61ed9 Mon Sep 17 00:00:00 2001 From: Niclas Eklund Date: Thu, 20 Jan 2011 12:35:08 +0100 Subject: Updated appup file. --- lib/ssh/src/ssh.appup.src | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'lib') diff --git a/lib/ssh/src/ssh.appup.src b/lib/ssh/src/ssh.appup.src index 3bd86a2a01..501da8ceb9 100644 --- a/lib/ssh/src/ssh.appup.src +++ b/lib/ssh/src/ssh.appup.src @@ -22,10 +22,14 @@ {"2.0.3", [{load_module, ssh_file, soft_purge, soft_purge, []}, {load_module, ssh, soft_purge, soft_purge, []}, {load_module, ssh_rsa, soft_purge, soft_purge, []}, + {load_module, ssh_acceptor, soft_purge, soft_purge, []}, + {load_module, ssh_transport, soft_purge, soft_purge, []}, {load_module, ssh_connection_manager, soft_purge, soft_purge, []}]}, {"2.0.2", [{load_module, ssh_file, soft_purge, soft_purge, []}, {load_module, ssh, soft_purge, soft_purge, []}, {load_module, ssh_rsa, soft_purge, soft_purge, []}, + {load_module, ssh_acceptor, soft_purge, soft_purge, []}, + {load_module, ssh_transport, soft_purge, soft_purge, []}, {load_module, ssh_connection_manager, soft_purge, soft_purge, []}]}, {"2.0.1", [{restart_application, ssh}]} ], @@ -33,10 +37,14 @@ {"2.0.3", [{load_module, ssh_file, soft_purge, soft_purge, []}, {load_module, ssh, soft_purge, soft_purge, []}, {load_module, ssh_rsa, soft_purge, soft_purge, []}, + {load_module, ssh_acceptor, soft_purge, soft_purge, []}, + {load_module, ssh_transport, soft_purge, soft_purge, []}, {load_module, ssh_connection_manager, soft_purge, soft_purge, []}]}, {"2.0.2", [{load_module, ssh_file, soft_purge, soft_purge, []}, {load_module, ssh, soft_purge, soft_purge, []}, {load_module, ssh_rsa, soft_purge, soft_purge, []}, + {load_module, ssh_acceptor, soft_purge, soft_purge, []}, + {load_module, ssh_transport, soft_purge, soft_purge, []}, {load_module, ssh_connection_manager, soft_purge, soft_purge, []}]}, {"2.0.1", [{restart_application, ssh}]} ] -- cgit v1.2.3