1// Copyright 2012 The Go Authors. All rights reserved. 2// Use of this source code is governed by a BSD-style 3// license that can be found in the LICENSE file. 4 5package ssh 6 7// Message authentication support 8 9import ( 10 "crypto/hmac" 11 "crypto/sha1" 12 "crypto/sha256" 13 "hash" 14) 15 16type macMode struct { 17 keySize int 18 etm bool 19 new func(key []byte) hash.Hash 20} 21 22// truncatingMAC wraps around a hash.Hash and truncates the output digest to 23// a given size. 24type truncatingMAC struct { 25 length int 26 hmac hash.Hash 27} 28 29func (t truncatingMAC) Write(data []byte) (int, error) { 30 return t.hmac.Write(data) 31} 32 33func (t truncatingMAC) Sum(in []byte) []byte { 34 out := t.hmac.Sum(in) 35 return out[:len(in)+t.length] 36} 37 38func (t truncatingMAC) Reset() { 39 t.hmac.Reset() 40} 41 42func (t truncatingMAC) Size() int { 43 return t.length 44} 45 46func (t truncatingMAC) BlockSize() int { return t.hmac.BlockSize() } 47 48var macModes = map[string]*macMode{ 49 "hmac-sha2-256-etm@openssh.com": {32, true, func(key []byte) hash.Hash { 50 return hmac.New(sha256.New, key) 51 }}, 52 "hmac-sha2-256": {32, false, func(key []byte) hash.Hash { 53 return hmac.New(sha256.New, key) 54 }}, 55 "hmac-sha1": {20, false, func(key []byte) hash.Hash { 56 return hmac.New(sha1.New, key) 57 }}, 58 "hmac-sha1-96": {20, false, func(key []byte) hash.Hash { 59 return truncatingMAC{12, hmac.New(sha1.New, key)} 60 }}, 61} 62