首页 发现 帮助
注册 登录
publics
/
crypto
0
0
派生 0
文件 工单管理 0 合并请求 0 Wiki
目录树: 470549d502
分支列表 标签列表
crypto
/
ssh
/
cipher.go

cipher.go 2.4 KB
文件历史 原始文件

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788 
  1. // Copyright 2011 The Go Authors. All rights reserved.
    2. 

  2. // Use of this source code is governed by a BSD-style
    3. 

  3. // license that can be found in the LICENSE file.
    4. 

  4. 

  5. package ssh
    6. 

  6. 

  7. import (
    8. 

  8. 	"crypto/aes"
    9. 

  9. 	"crypto/cipher"
    10. 

  10. 	"crypto/rc4"
    11. 

  11. )
    12. 

  12. 

  13. // streamDump is used to dump the initial keystream for stream ciphers. It is a
    14. 

  14. // a write-only buffer, and not intended for reading so do not require a mutex.
    15. 

  15. var streamDump [512]byte
    16. 

  16. 

  17. // noneCipher implements cipher.Stream and provides no encryption. It is used
    18. 

  18. // by the transport before the first key-exchange.
    19. 

  19. type noneCipher struct{}
    20. 

  20. 

  21. func (c noneCipher) XORKeyStream(dst, src []byte) {
    22. 

  22. 	copy(dst, src)
    23. 

  23. }
    24. 

  24. 

  25. func newAESCTR(key, iv []byte) (cipher.Stream, error) {
    26. 

  26. 	c, err := aes.NewCipher(key)
    27. 

  27. 	if err != nil {
    28. 

  28. 		return nil, err
    29. 

  29. 	}
    30. 

  30. 	return cipher.NewCTR(c, iv), nil
    31. 

  31. }
    32. 

  32. 

  33. func newRC4(key, iv []byte) (cipher.Stream, error) {
    34. 

  34. 	return rc4.NewCipher(key)
    35. 

  35. }
    36. 

  36. 

  37. type cipherMode struct {
    38. 

  38. 	keySize  int
    39. 

  39. 	ivSize   int
    40. 

  40. 	skip     int
    41. 

  41. 	createFn func(key, iv []byte) (cipher.Stream, error)
    42. 

  42. }
    43. 

  43. 

  44. func (c *cipherMode) createCipher(key, iv []byte) (cipher.Stream, error) {
    45. 

  45. 	if len(key) < c.keySize {
    46. 

  46. 		panic("ssh: key length too small for cipher")
    47. 

  47. 	}
    48. 

  48. 	if len(iv) < c.ivSize {
    49. 

  49. 		panic("ssh: iv too small for cipher")
    50. 

  50. 	}
    51. 

  51. 

  52. 	stream, err := c.createFn(key[:c.keySize], iv[:c.ivSize])
    53. 

  53. 	if err != nil {
    54. 

  54. 		return nil, err
    55. 

  55. 	}
    56. 

  56. 

  57. 	for remainingToDump := c.skip; remainingToDump > 0; {
    58. 

  58. 		dumpThisTime := remainingToDump
    59. 

  59. 		if dumpThisTime > len(streamDump) {
    60. 

  60. 			dumpThisTime = len(streamDump)
    61. 

  61. 		}
    62. 

  62. 		stream.XORKeyStream(streamDump[:dumpThisTime], streamDump[:dumpThisTime])
    63. 

  63. 		remainingToDump -= dumpThisTime
    64. 

  64. 	}
    65. 

  65. 

  66. 	return stream, nil
    67. 

  67. }
    68. 

  68. 

  69. // Specifies a default set of ciphers and a preference order. This is based on
    70. 

  70. // OpenSSH's default client preference order, minus algorithms that are not
    71. 

  71. // implemented.
    72. 

  72. var DefaultCipherOrder = []string{
    73. 

  73. 	"aes128-ctr", "aes192-ctr", "aes256-ctr",
    74. 

  74. 	"arcfour256", "arcfour128",
    75. 

  75. }
    76. 

  76. 

  77. var cipherModes = map[string]*cipherMode{
    78. 

  78. 	// Ciphers from RFC4344, which introduced many CTR-based ciphers. Algorithms
    79. 

  79. 	// are defined in the order specified in the RFC.
    80. 

  80. 	"aes128-ctr": {16, aes.BlockSize, 0, newAESCTR},
    81. 

  81. 	"aes192-ctr": {24, aes.BlockSize, 0, newAESCTR},
    82. 

  82. 	"aes256-ctr": {32, aes.BlockSize, 0, newAESCTR},
    83. 

  83. 

  84. 	// Ciphers from RFC4345, which introduces security-improved arcfour ciphers.
    85. 

  85. 	// They are defined in the order specified in the RFC.
    86. 

  86. 	"arcfour128": {16, 0, 1536, newRC4},
    87. 

  87. 	"arcfour256": {32, 0, 1536, newRC4},
    88. 

  88. }
    89.