algorithms

package
v0.0.0-...-5cb2dda Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 5, 2026 License: MIT Imports: 12 Imported by: 0

Documentation

Overview

Package algorithms provides cryptographic algorithm implementations for SSH key exchange, encryption, and message authentication.

This package defines the interfaces and concrete implementations for:

Algorithms are configured in [ssh.SessionConfig] and negotiated during the SSH key exchange handshake (RFC 4253). Each algorithm type has a factory that creates stateful instances for the duration of a session.

The "none" algorithm (represented by a nil entry in algorithm lists) disables the corresponding security layer, which is useful for testing.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type AesGcmCipher 

type AesGcmCipher struct {
	// contains filtered or unexported fields
}

AesGcmCipher implements Cipher for AES-256-GCM authenticated encryption. It also serves as both MessageSigner and MessageVerifier since GCM provides built-in authentication.

func (*AesGcmCipher) AuthenticatedEncryption 

func (c *AesGcmCipher) AuthenticatedEncryption() bool

AuthenticatedEncryption returns true for GCM.

func (*AesGcmCipher) BlockLength 

func (c *AesGcmCipher) BlockLength() int

func (*AesGcmCipher) DigestLength 

func (c *AesGcmCipher) DigestLength() int

DigestLength returns the GCM tag size.

func (*AesGcmCipher) EncryptThenMac 

func (c *AesGcmCipher) EncryptThenMac() bool

EncryptThenMac returns false for GCM (it uses authenticated encryption, not EtM).

func (*AesGcmCipher) SetTag 

func (c *AesGcmCipher) SetTag(tag []byte)

SetTag sets the authentication tag for decryption verification.

func (*AesGcmCipher) Sign 

func (c *AesGcmCipher) Sign(data []byte) []byte

Sign retrieves the authentication tag produced by the last encryption. For GCM, this is the AEAD tag, not a separate HMAC.

The returned slice aliases internal state and is valid only until the next call to Transform. Callers must not modify the returned slice.

func (*AesGcmCipher) Transform 

func (c *AesGcmCipher) Transform(data []byte) error

Transform encrypts or decrypts data in-place. For encryption: the tag is stored internally and can be retrieved via Sign(). For decryption: the tag must be set via SetTag() before calling Transform. Returns an error if GCM authentication fails during decryption.

func (*AesGcmCipher) Verify 

func (c *AesGcmCipher) Verify(data, signature []byte) bool

Verify sets the authentication tag for subsequent decryption verification. For GCM, the actual verification happens during Transform (Open). This method stores the tag so Transform can use it.

type Cipher 

type Cipher interface {
	// BlockLength returns the cipher block size in bytes.
	BlockLength() int

	// Transform encrypts or decrypts the data in-place.
	// Returns an error if authenticated decryption fails (e.g., GCM tag mismatch).
	Transform(data []byte) error
}

Cipher provides symmetric encryption and decryption of SSH packets.

type EncryptionAlgorithm 

type EncryptionAlgorithm struct {
	// Name is the SSH algorithm name (e.g., "aes256-ctr").
	Name string

	// KeyLength is the key size in bytes.
	KeyLength int

	// IsAead indicates this is an Authenticated Encryption with Associated Data cipher.
	IsAead bool
	// contains filtered or unexported fields
}

EncryptionAlgorithm describes a symmetric encryption algorithm and creates Cipher instances for encrypting or decrypting data.

func NewAes256Cbc 

func NewAes256Cbc() *EncryptionAlgorithm

NewAes256Cbc creates an AES-256-CBC encryption algorithm descriptor.

func NewAes256Ctr 

func NewAes256Ctr() *EncryptionAlgorithm

NewAes256Ctr creates an AES-256-CTR encryption algorithm descriptor.

func NewAes256Gcm 

func NewAes256Gcm() *EncryptionAlgorithm

NewAes256Gcm creates an AES-256-GCM encryption algorithm descriptor.

func (*EncryptionAlgorithm) CreateCipher 

func (a *EncryptionAlgorithm) CreateCipher(isEncryption bool, key, iv []byte) (Cipher, error)

CreateCipher creates a new cipher instance. isEncryption is true for encryption, false for decryption.

func (*EncryptionAlgorithm) IVLength 

func (a *EncryptionAlgorithm) IVLength() int

IVLength returns the IV/nonce length required by this algorithm.

type HmacAlgorithm 

type HmacAlgorithm struct {
	// Name is the SSH algorithm name (e.g., "hmac-sha2-256").
	Name string

	// KeyLength is the HMAC key size in bytes.
	KeyLength int

	// IsEtm indicates this is an encrypt-then-MAC variant.
	IsEtm bool
	// contains filtered or unexported fields
}

HmacAlgorithm describes an HMAC algorithm and creates MessageSigner and MessageVerifier instances.

func NewHmacSha256 

func NewHmacSha256() *HmacAlgorithm

NewHmacSha256 creates an HMAC-SHA2-256 algorithm descriptor.

func NewHmacSha256Etm 

func NewHmacSha256Etm() *HmacAlgorithm

NewHmacSha256Etm creates an HMAC-SHA2-256 encrypt-then-MAC algorithm descriptor.

func NewHmacSha512 

func NewHmacSha512() *HmacAlgorithm

NewHmacSha512 creates an HMAC-SHA2-512 algorithm descriptor.

func NewHmacSha512Etm 

func NewHmacSha512Etm() *HmacAlgorithm

NewHmacSha512Etm creates an HMAC-SHA2-512 encrypt-then-MAC algorithm descriptor.

func (*HmacAlgorithm) CreateSigner 

func (a *HmacAlgorithm) CreateSigner(key []byte) MessageSigner

CreateSigner creates a new MessageSigner using the given key.

func (*HmacAlgorithm) CreateVerifier 

func (a *HmacAlgorithm) CreateVerifier(key []byte) MessageVerifier

CreateVerifier creates a new MessageVerifier using the given key.

type KeyExchange 

type KeyExchange interface {
	// DigestLength returns the hash digest length in bytes.
	DigestLength() int

	// StartKeyExchange generates ephemeral keys and returns the public
	// exchange value.
	// For DH: returns SSH mpint-format value bytes.
	// For ECDH: returns uncompressed point bytes (0x04 || X || Y).
	StartKeyExchange() ([]byte, error)

	// DecryptKeyExchange takes the remote party's exchange value and
	// returns the shared secret in SSH mpint-format value bytes.
	DecryptKeyExchange(exchangeValue []byte) ([]byte, error)

	// Sign hashes the given data using this algorithm's hash function
	// and returns the digest.
	Sign(data []byte) ([]byte, error)
}

KeyExchange represents a stateful key exchange instance that generates ephemeral keys and derives shared secrets.

type KeyExchangeAlgorithm 

type KeyExchangeAlgorithm struct {
	// Name is the SSH algorithm name (e.g., "diffie-hellman-group14-sha256").
	Name string

	// KeySizeInBits is the key size in bits.
	KeySizeInBits int

	// HashAlgorithmName is the hash algorithm name (e.g., "SHA-256").
	HashAlgorithmName string

	// HashDigestLength is the hash digest length in bytes.
	HashDigestLength int
	// contains filtered or unexported fields
}

KeyExchangeAlgorithm describes a key exchange algorithm and creates stateful KeyExchange instances for performing actual exchanges.

func NewDHGroup14SHA256 

func NewDHGroup14SHA256() *KeyExchangeAlgorithm

NewDHGroup14SHA256 creates a DH group 14 (2048-bit) key exchange algorithm with SHA-256.

func NewDHGroup16SHA512 

func NewDHGroup16SHA512() *KeyExchangeAlgorithm

NewDHGroup16SHA512 creates a DH group 16 (4096-bit) key exchange algorithm with SHA-512.

func NewECDHP256SHA256 

func NewECDHP256SHA256() *KeyExchangeAlgorithm

NewECDHP256SHA256 creates an ECDH key exchange algorithm with P-256 and SHA-256.

func NewECDHP384SHA384 

func NewECDHP384SHA384() *KeyExchangeAlgorithm

NewECDHP384SHA384 creates an ECDH key exchange algorithm with P-384 and SHA-384.

func NewECDHP521SHA512 

func NewECDHP521SHA512() *KeyExchangeAlgorithm

NewECDHP521SHA512 creates an ECDH key exchange algorithm with P-521 and SHA-512.

func (*KeyExchangeAlgorithm) CreateKeyExchange 

func (a *KeyExchangeAlgorithm) CreateKeyExchange() (KeyExchange, error)

CreateKeyExchange creates a new stateful key exchange instance.

type MessageSigner 

type MessageSigner interface {
	// DigestLength returns the MAC tag size in bytes.
	DigestLength() int

	// Sign computes the MAC tag for the given data.
	Sign(data []byte) []byte

	// EncryptThenMac returns true if the MAC should be computed over
	// ciphertext rather than plaintext.
	EncryptThenMac() bool

	// AuthenticatedEncryption returns true if this signer is part of an
	// AEAD cipher (e.g., GCM) rather than a separate HMAC.
	AuthenticatedEncryption() bool
}

MessageSigner computes authentication tags for SSH messages.

type MessageVerifier 

type MessageVerifier interface {
	// DigestLength returns the MAC tag size in bytes.
	DigestLength() int

	// Verify checks if the signature matches the data.
	Verify(data, signature []byte) bool

	// EncryptThenMac returns true if the MAC should be verified over
	// ciphertext rather than plaintext.
	EncryptThenMac() bool

	// AuthenticatedEncryption returns true if this verifier is part of an
	// AEAD cipher (e.g., GCM) rather than a separate HMAC.
	AuthenticatedEncryption() bool
}

MessageVerifier verifies authentication tags on SSH messages.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.