mac.go (1477B)
1 // Copyright 2012 The Go Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style 3 // license that can be found in the LICENSE file. 4 5 package ssh 6 7 // Message authentication support 8 9 import ( 10 "crypto/hmac" 11 "crypto/sha1" 12 "crypto/sha256" 13 "crypto/sha512" 14 "hash" 15 ) 16 17 type macMode struct { 18 keySize int 19 etm bool 20 new func(key []byte) hash.Hash 21 } 22 23 // truncatingMAC wraps around a hash.Hash and truncates the output digest to 24 // a given size. 25 type truncatingMAC struct { 26 length int 27 hmac hash.Hash 28 } 29 30 func (t truncatingMAC) Write(data []byte) (int, error) { 31 return t.hmac.Write(data) 32 } 33 34 func (t truncatingMAC) Sum(in []byte) []byte { 35 out := t.hmac.Sum(in) 36 return out[:len(in)+t.length] 37 } 38 39 func (t truncatingMAC) Reset() { 40 t.hmac.Reset() 41 } 42 43 func (t truncatingMAC) Size() int { 44 return t.length 45 } 46 47 func (t truncatingMAC) BlockSize() int { return t.hmac.BlockSize() } 48 49 var macModes = map[string]*macMode{ 50 "hmac-sha2-512-etm@openssh.com": {64, true, func(key []byte) hash.Hash { 51 return hmac.New(sha512.New, key) 52 }}, 53 "hmac-sha2-256-etm@openssh.com": {32, true, func(key []byte) hash.Hash { 54 return hmac.New(sha256.New, key) 55 }}, 56 "hmac-sha2-256": {32, false, func(key []byte) hash.Hash { 57 return hmac.New(sha256.New, key) 58 }}, 59 "hmac-sha1": {20, false, func(key []byte) hash.Hash { 60 return hmac.New(sha1.New, key) 61 }}, 62 "hmac-sha1-96": {20, false, func(key []byte) hash.Hash { 63 return truncatingMAC{12, hmac.New(sha1.New, key)} 64 }}, 65 }