diff options
Diffstat (limited to 'libgo/go/exp/ssh/common.go')
-rw-r--r-- | libgo/go/exp/ssh/common.go | 101 |
1 files changed, 99 insertions, 2 deletions
diff --git a/libgo/go/exp/ssh/common.go b/libgo/go/exp/ssh/common.go index 273820b6428..01c55219d47 100644 --- a/libgo/go/exp/ssh/common.go +++ b/libgo/go/exp/ssh/common.go @@ -5,6 +5,8 @@ package ssh import ( + "crypto/dsa" + "crypto/rsa" "math/big" "strconv" "sync" @@ -14,7 +16,6 @@ import ( const ( kexAlgoDH14SHA1 = "diffie-hellman-group14-sha1" hostAlgoRSA = "ssh-rsa" - cipherAES128CTR = "aes128-ctr" macSHA196 = "hmac-sha1-96" compressionNone = "none" serviceUserAuth = "ssh-userauth" @@ -23,7 +24,6 @@ const ( var supportedKexAlgos = []string{kexAlgoDH14SHA1} var supportedHostKeyAlgos = []string{hostAlgoRSA} -var supportedCiphers = []string{cipherAES128CTR} var supportedMACs = []string{macSHA196} var supportedCompressions = []string{compressionNone} @@ -127,3 +127,100 @@ func findAgreedAlgorithms(transport *transport, clientKexInit, serverKexInit *ke ok = true return } + +// Cryptographic configuration common to both ServerConfig and ClientConfig. +type CryptoConfig struct { + // The allowed cipher algorithms. If unspecified then DefaultCipherOrder is + // used. + Ciphers []string +} + +func (c *CryptoConfig) ciphers() []string { + if c.Ciphers == nil { + return DefaultCipherOrder + } + return c.Ciphers +} + +// serialize a signed slice according to RFC 4254 6.6. +func serializeSignature(algoname string, sig []byte) []byte { + length := stringLength([]byte(algoname)) + length += stringLength(sig) + + ret := make([]byte, length) + r := marshalString(ret, []byte(algoname)) + r = marshalString(r, sig) + + return ret +} + +// serialize an rsa.PublicKey or dsa.PublicKey according to RFC 4253 6.6. +func serializePublickey(key interface{}) []byte { + algoname := algoName(key) + switch key := key.(type) { + case rsa.PublicKey: + e := new(big.Int).SetInt64(int64(key.E)) + length := stringLength([]byte(algoname)) + length += intLength(e) + length += intLength(key.N) + ret := make([]byte, length) + r := marshalString(ret, []byte(algoname)) + r = marshalInt(r, e) + marshalInt(r, key.N) + return ret + case dsa.PublicKey: + length := stringLength([]byte(algoname)) + length += intLength(key.P) + length += intLength(key.Q) + length += intLength(key.G) + length += intLength(key.Y) + ret := make([]byte, length) + r := marshalString(ret, []byte(algoname)) + r = marshalInt(r, key.P) + r = marshalInt(r, key.Q) + r = marshalInt(r, key.G) + marshalInt(r, key.Y) + return ret + } + panic("unexpected key type") +} + +func algoName(key interface{}) string { + switch key.(type) { + case rsa.PublicKey: + return "ssh-rsa" + case dsa.PublicKey: + return "ssh-dss" + } + panic("unexpected key type") +} + +// buildDataSignedForAuth returns the data that is signed in order to prove +// posession of a private key. See RFC 4252, section 7. +func buildDataSignedForAuth(sessionId []byte, req userAuthRequestMsg, algo, pubKey []byte) []byte { + user := []byte(req.User) + service := []byte(req.Service) + method := []byte(req.Method) + + length := stringLength(sessionId) + length += 1 + length += stringLength(user) + length += stringLength(service) + length += stringLength(method) + length += 1 + length += stringLength(algo) + length += stringLength(pubKey) + + ret := make([]byte, length) + r := marshalString(ret, sessionId) + r[0] = msgUserAuthRequest + r = r[1:] + r = marshalString(r, user) + r = marshalString(r, service) + r = marshalString(r, method) + r[0] = 1 + r = r[1:] + r = marshalString(r, algo) + r = marshalString(r, pubKey) + return ret +} |