module Net::SSH::Transport::GCMCipher

def read_and_mac(data, mac, _sequence_number)

The appropriate Encryption Key formed during the Key Exchange.
BK (Block Cipher Key)
As described in section 7.1.
IV (Initialization Vector)
uint32 packet_length; // 0 <= packet_length < 2^32
AAD (Additional Authenticated Data)
byte[n2] random_padding; // n2 = padding_length
byte[n1] payload; // n1 = packet_length-padding_length-1
byte padding_length; // 4 <= padding_length < 256
PT (Plain Text)
are:
In AES-GCM secure shell, the inputs to the authenticated encryption
--- RFC 5647 ---

def read_and_mac(data, mac, _sequence_number)
  # The authentication tag will be placed in the MAC field at the end of the packet
  # OpenSSL does not verify auth tag length
  # GCM mode allows arbitrary sizes for the auth_tag up to 128 bytes and a single
  #   byte allows authentication to pass. If single byte auth tags are possible
  #   an attacker would require no more than 256 attempts to forge a valid tag.
  #
  raise 'incorrect auth_tag length' unless mac.to_s.length == mac_length
  packet_length    = data.unpack1('N')
  cipher.auth_tag  = mac.to_s
  cipher.auth_data = [packet_length].pack('N')
  result = cipher.update(data[4...]) << cipher.final
  incr_nonce
  result
end

Modules

Classes

module Net::SSH::Transport::GCMCipher

def read_and_mac(data, mac, _sequence_number)

Class Methods

Instance Methods