Class Net::SSH::Transport::CipherFactory

  1. lib/net/ssh/transport/cipher_factory.rb
Parent: Object

Implements a factory of OpenSSL cipher algorithms.

Methods

public class

  1. get
  2. get_lengths
  3. supported?

Constants

SSH_TO_OSSL = { "3des-cbc" => "des-ede3-cbc", "blowfish-cbc" => "bf-cbc", "aes256-cbc" => "aes-256-cbc", "aes192-cbc" => "aes-192-cbc", "aes128-cbc" => "aes-128-cbc", "idea-cbc" => "idea-cbc", "cast128-cbc" => "cast-cbc", "rijndael-cbc@lysator.liu.se" => "aes-256-cbc", "arcfour128" => "rc4", "arcfour256" => "rc4", "arcfour512" => "rc4", "none" => "none" }   Maps the SSH name of a cipher to it’s corresponding OpenSSL name
KEY_LEN_OVERRIDE = { "arcfour256" => 32, "arcfour512" => 64 }   Ruby’s OpenSSL bindings always return a key length of 16 for RC4 ciphers resulting in the error: OpenSSL::CipherError: key length too short. The following ciphers will override this key length.

Public class methods

get (name, options={})

Retrieves a new instance of the named algorithm. The new instance will be initialized using an iv and key generated from the given iv, key, shared, hash and digester values. Additionally, the cipher will be put into encryption or decryption mode, based on the value of the encrypt parameter.

[show source] 
    # File lib/net/ssh/transport/cipher_factory.rb, line 45
45:     def self.get(name, options={})
46:       ossl_name = SSH_TO_OSSL[name] or raise NotImplementedError, "unimplemented cipher `#{name}'"
47:       return IdentityCipher if ossl_name == "none"
48: 
49:       cipher = OpenSSL::Cipher::Cipher.new(ossl_name)
50:       cipher.send(options[:encrypt] ? :encrypt : :decrypt)
51: 
52:       cipher.padding = 0
53:       cipher.iv      = make_key(cipher.iv_len, options[:iv], options) if ossl_name != "rc4"
54:       key_len = KEY_LEN_OVERRIDE[name] || cipher.key_len
55:       cipher.key_len = key_len
56:       cipher.key     = make_key(key_len, options[:key], options)
57:       cipher.update(" " * 1536) if ossl_name == "rc4"
58: 
59:       return cipher
60:     end
get_lengths (name)

Returns a two-element array containing the [ key-length, block-size ] for the named cipher algorithm. If the cipher algorithm is unknown, or is “none”, 0 is returned for both elements of the tuple.

[show source] 
    # File lib/net/ssh/transport/cipher_factory.rb, line 66
66:     def self.get_lengths(name)
67:       ossl_name = SSH_TO_OSSL[name]
68:       return [0, 0] if ossl_name.nil? || ossl_name == "none"
69: 
70:       cipher = OpenSSL::Cipher::Cipher.new(ossl_name)
71:       key_len = KEY_LEN_OVERRIDE[name] || cipher.key_len
72:       cipher.key_len = key_len
73:       
74:       return [key_len, ossl_name=="rc4" ? 8 : cipher.block_size]
75:     end
supported? (name)

Returns true if the underlying OpenSSL library supports the given cipher, and false otherwise.

[show source] 
    # File lib/net/ssh/transport/cipher_factory.rb, line 34
34:     def self.supported?(name)
35:       ossl_name = SSH_TO_OSSL[name] or raise NotImplementedError, "unimplemented cipher `#{name}'"
36:       return true if ossl_name == "none"
37:       return OpenSSL::Cipher.ciphers.include?(ossl_name)
38:     end