Class BaseMAC

    • Field Summary

      Fields 
      Modifier and Type Field Description
      private java.lang.String algorithm  
      private int bsize  
      private int defbsize  
      private boolean etm  
      private javax.crypto.Mac mac  
      private byte[] tmp  
    • Constructor Summary

      Constructors 
      Constructor Description
      BaseMAC​(java.lang.String algorithm, int bsize, int defbsize)  
      BaseMAC​(java.lang.String algorithm, int bsize, int defbsize, boolean isEtm)  
    • Method Summary

      All Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      byte[] doFinal()  
      byte[] doFinal​(byte[] input)  
      void doFinal​(byte[] buf, int offset)  
      int getBlockSize()  
      void init​(byte[] key)  
      boolean isEtm()
      Indicates that an Encrypt-Then-Mac algorithm was selected.
      private byte[] resizeToHashSize​(byte[] buf)  
      void update​(byte[] foo)  
      void update​(byte[] foo, int s, int l)  
      void update​(long i)  
      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
    • Field Detail

      • algorithm

        private final java.lang.String algorithm
      • defbsize

        private final int defbsize
      • bsize

        private final int bsize
      • tmp

        private final byte[] tmp
      • etm

        private final boolean etm
      • mac

        private javax.crypto.Mac mac
    • Constructor Detail

      • BaseMAC

        public BaseMAC​(java.lang.String algorithm,
                       int bsize,
                       int defbsize)
      • BaseMAC

        public BaseMAC​(java.lang.String algorithm,
                       int bsize,
                       int defbsize,
                       boolean isEtm)
    • Method Detail

      • doFinal

        public byte[] doFinal()
        Specified by:
        doFinal in interface MAC
      • doFinal

        public byte[] doFinal​(byte[] input)
        Specified by:
        doFinal in interface MAC
      • doFinal

        public void doFinal​(byte[] buf,
                            int offset)
        Specified by:
        doFinal in interface MAC
      • resizeToHashSize

        private byte[] resizeToHashSize​(byte[] buf)
      • getBlockSize

        public int getBlockSize()
        Specified by:
        getBlockSize in interface MAC
      • init

        public void init​(byte[] key)
        Specified by:
        init in interface MAC
      • update

        public void update​(byte[] foo,
                           int s,
                           int l)
        Specified by:
        update in interface MAC
      • update

        public void update​(byte[] foo)
        Specified by:
        update in interface MAC
      • update

        public void update​(long i)
        Specified by:
        update in interface MAC
      • isEtm

        public boolean isEtm()
        Description copied from interface: MAC
        Indicates that an Encrypt-Then-Mac algorithm was selected.

        This has the following implementation details. 1.5 transport: Protocol 2 Encrypt-then-MAC MAC algorithms

        OpenSSH supports MAC algorithms, whose names contain "-etm", that perform the calculations in a different order to that defined in RFC 4253. These variants use the so-called "encrypt then MAC" ordering, calculating the MAC over the packet ciphertext rather than the plaintext. This ordering closes a security flaw in the SSH transport protocol, where decryption of unauthenticated ciphertext provided a "decryption oracle" that could, in conjunction with cipher flaws, reveal session plaintext.

        Specifically, the "-etm" MAC algorithms modify the transport protocol to calculate the MAC over the packet ciphertext and to send the packet length unencrypted. This is necessary for the transport to obtain the length of the packet and location of the MAC tag so that it may be verified without decrypting unauthenticated data.

        As such, the MAC covers:

        mac = MAC(key, sequence_number || packet_length || encrypted_packet)

        where "packet_length" is encoded as a uint32 and "encrypted_packet" contains:

        byte padding_length byte[n1] payload; n1 = packet_length - padding_length - 1 byte[n2] random padding; n2 = padding_length

        Specified by:
        isEtm in interface MAC
        Returns:
        Whether the MAC algorithm is an Encrypt-Then-Mac algorithm