Rietveld Code Review Tool
Help | Bug tracker | Discussion group | Source code | Sign in
(3951)

Delta Between Two Patch Sets: ssh/client_auth.go

Issue 14494058: code review 14494058: go.crypto/ssh: support rekeying in both directions. (Closed)
Left Patch Set: diff -r 5ff5636e18c9 https://code.google.com/p/go.crypto Created 10 years, 5 months ago
Right Patch Set: diff -r cd1eea1eb828 https://code.google.com/p/go.crypto Created 10 years, 5 months ago
Left:
Right:
Use n/p to move between diff chunks; N/P to move between comments. Please Sign in to add in-line comments.
Jump to:
Left: Side by side diff | Download
Right: Side by side diff | Download
« no previous file with change/comment | « ssh/client.go ('k') | ssh/common.go » ('j') | ssh/common.go » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
LEFTRIGHT
1 // Copyright 2011 The Go Authors. All rights reserved. 1 // Copyright 2011 The Go Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style 2 // Use of this source code is governed by a BSD-style
3 // license that can be found in the LICENSE file. 3 // license that can be found in the LICENSE file.
4 4
5 package ssh 5 package ssh
6 6
7 import ( 7 import (
8 "errors" 8 "errors"
9 "fmt" 9 "fmt"
10 "io" 10 "io"
11 "net" 11 "net"
12 ) 12 )
13 13
14 // authenticate authenticates with the remote server. See RFC 4252. 14 // authenticate authenticates with the remote server. See RFC 4252.
15 func (c *ClientConn) authenticate() error { 15 func (c *ClientConn) authenticate() error {
16 // initiate user auth session 16 // initiate user auth session
17 » if err := c.writePacket(marshal(msgServiceRequest, serviceRequestMsg{ser viceUserAuth})); err != nil { 17 » if err := c.transport.writePacket(marshal(msgServiceRequest, serviceRequ estMsg{serviceUserAuth})); err != nil {
18 return err 18 return err
19 } 19 }
20 » packet, err := c.readPacket() 20 » packet, err := c.transport.readPacket()
21 if err != nil { 21 if err != nil {
22 return err 22 return err
23 } 23 }
24 var serviceAccept serviceAcceptMsg 24 var serviceAccept serviceAcceptMsg
25 if err := unmarshal(&serviceAccept, packet, msgServiceAccept); err != ni l { 25 if err := unmarshal(&serviceAccept, packet, msgServiceAccept); err != ni l {
26 return err 26 return err
27 } 27 }
28 28
29 // during the authentication phase the client first attempts the "none" method 29 // during the authentication phase the client first attempts the "none" method
30 // then any untried methods suggested by the server. 30 // then any untried methods suggested by the server.
31 tried, remain := make(map[string]bool), make(map[string]bool) 31 tried, remain := make(map[string]bool), make(map[string]bool)
32 for auth := ClientAuth(new(noneAuth)); auth != nil; { 32 for auth := ClientAuth(new(noneAuth)); auth != nil; {
33 » » ok, methods, err := auth.auth(c.handshakeTransport.getSessionID( ), c.config.User, c.handshakeTransport, c.config.rand()) 33 » » ok, methods, err := auth.auth(c.transport.getSessionID(), c.conf ig.User, c.transport, c.config.rand())
34 if err != nil { 34 if err != nil {
35 return err 35 return err
36 } 36 }
37 if ok { 37 if ok {
38 // success 38 // success
39 return nil 39 return nil
40 } 40 }
41 tried[auth.method()] = true 41 tried[auth.method()] = true
42 delete(remain, auth.method()) 42 delete(remain, auth.method())
43 for _, meth := range methods { 43 for _, meth := range methods {
(...skipping 170 matching lines...) Expand 10 before | Expand all | Expand 10 after
214 // methods that may continue if this auth is not successful. 214 // methods that may continue if this auth is not successful.
215 var methods []string 215 var methods []string
216 for i, key := range validKeys { 216 for i, key := range validKeys {
217 pubkey := MarshalPublicKey(key) 217 pubkey := MarshalPublicKey(key)
218 algoname := key.PublicKeyAlgo() 218 algoname := key.PublicKeyAlgo()
219 data := buildDataSignedForAuth(session, userAuthRequestMsg{ 219 data := buildDataSignedForAuth(session, userAuthRequestMsg{
220 User: user, 220 User: user,
221 Service: serviceSSH, 221 Service: serviceSSH,
222 Method: p.method(), 222 Method: p.method(),
223 }, []byte(algoname), pubkey) 223 }, []byte(algoname), pubkey)
224 » » sign, err := p.Sign(i, rand, data) 224 » » sigBlob, err := p.Sign(i, rand, data)
225 if err != nil { 225 if err != nil {
226 return false, nil, err 226 return false, nil, err
227 } 227 }
228 // manually wrap the serialized signature in a string 228 // manually wrap the serialized signature in a string
229 » » s := serializeSignature(key.PublicKeyAlgo(), sign) 229 » » s := serializeSignature(key.PublicKeyAlgo(), sigBlob)
230 sig := make([]byte, stringLength(len(s))) 230 sig := make([]byte, stringLength(len(s)))
231 marshalString(sig, s) 231 marshalString(sig, s)
232 msg := publickeyAuthMsg{ 232 msg := publickeyAuthMsg{
233 User: user, 233 User: user,
234 Service: serviceSSH, 234 Service: serviceSSH,
235 Method: p.method(), 235 Method: p.method(),
236 HasSig: true, 236 HasSig: true,
237 Algoname: algoname, 237 Algoname: algoname,
238 Pubkey: string(pubkey), 238 Pubkey: string(pubkey),
239 Sig: sig, 239 Sig: sig,
(...skipping 261 matching lines...) Expand 10 before | Expand all | Expand 10 after
501 p = marshalUint32(p, uint32(len(answers))) 501 p = marshalUint32(p, uint32(len(answers)))
502 for _, a := range answers { 502 for _, a := range answers {
503 p = marshalString(p, []byte(a)) 503 p = marshalString(p, []byte(a))
504 } 504 }
505 505
506 if err := c.writePacket(serialized); err != nil { 506 if err := c.writePacket(serialized); err != nil {
507 return false, nil, err 507 return false, nil, err
508 } 508 }
509 } 509 }
510 } 510 }
LEFTRIGHT

Powered by Google App Engine
RSS Feeds Recent Issues | This issue
This is Rietveld f62528b