ssh: rename methods in packetCipher interface
The new name readCipherPacket/writeCipherPacket disambiguates method
calls from packetConn.{read,write}Packet, which has a different
signature, and is called in different layers of the stack.
Change-Id: I02ca83e28f74f0a347a1cde665efdfb78f3f51bb
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/171657
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
diff --git a/ssh/cipher.go b/ssh/cipher.go
index 67b0126..a65a923 100644
--- a/ssh/cipher.go
+++ b/ssh/cipher.go
@@ -149,8 +149,8 @@
macResult []byte
}
-// readPacket reads and decrypt a single packet from the reader argument.
-func (s *streamPacketCipher) readPacket(seqNum uint32, r io.Reader) ([]byte, error) {
+// readCipherPacket reads and decrypt a single packet from the reader argument.
+func (s *streamPacketCipher) readCipherPacket(seqNum uint32, r io.Reader) ([]byte, error) {
if _, err := io.ReadFull(r, s.prefix[:]); err != nil {
return nil, err
}
@@ -221,8 +221,8 @@
return s.packetData[:length-paddingLength-1], nil
}
-// writePacket encrypts and sends a packet of data to the writer argument
-func (s *streamPacketCipher) writePacket(seqNum uint32, w io.Writer, rand io.Reader, packet []byte) error {
+// writeCipherPacket encrypts and sends a packet of data to the writer argument
+func (s *streamPacketCipher) writeCipherPacket(seqNum uint32, w io.Writer, rand io.Reader, packet []byte) error {
if len(packet) > maxPacket {
return errors.New("ssh: packet too large")
}
@@ -327,7 +327,7 @@
const gcmTagSize = 16
-func (c *gcmCipher) writePacket(seqNum uint32, w io.Writer, rand io.Reader, packet []byte) error {
+func (c *gcmCipher) writeCipherPacket(seqNum uint32, w io.Writer, rand io.Reader, packet []byte) error {
// Pad out to multiple of 16 bytes. This is different from the
// stream cipher because that encrypts the length too.
padding := byte(packetSizeMultiple - (1+len(packet))%packetSizeMultiple)
@@ -370,7 +370,7 @@
}
}
-func (c *gcmCipher) readPacket(seqNum uint32, r io.Reader) ([]byte, error) {
+func (c *gcmCipher) readCipherPacket(seqNum uint32, r io.Reader) ([]byte, error) {
if _, err := io.ReadFull(r, c.prefix[:]); err != nil {
return nil, err
}
@@ -486,8 +486,8 @@
func (e cbcError) Error() string { return string(e) }
-func (c *cbcCipher) readPacket(seqNum uint32, r io.Reader) ([]byte, error) {
- p, err := c.readPacketLeaky(seqNum, r)
+func (c *cbcCipher) readCipherPacket(seqNum uint32, r io.Reader) ([]byte, error) {
+ p, err := c.readCipherPacketLeaky(seqNum, r)
if err != nil {
if _, ok := err.(cbcError); ok {
// Verification error: read a fixed amount of
@@ -500,7 +500,7 @@
return p, err
}
-func (c *cbcCipher) readPacketLeaky(seqNum uint32, r io.Reader) ([]byte, error) {
+func (c *cbcCipher) readCipherPacketLeaky(seqNum uint32, r io.Reader) ([]byte, error) {
blockSize := c.decrypter.BlockSize()
// Read the header, which will include some of the subsequent data in the
@@ -576,7 +576,7 @@
return c.packetData[prefixLen:paddingStart], nil
}
-func (c *cbcCipher) writePacket(seqNum uint32, w io.Writer, rand io.Reader, packet []byte) error {
+func (c *cbcCipher) writeCipherPacket(seqNum uint32, w io.Writer, rand io.Reader, packet []byte) error {
effectiveBlockSize := maxUInt32(cbcMinPacketSizeMultiple, c.encrypter.BlockSize())
// Length of encrypted portion of the packet (header, payload, padding).
@@ -665,7 +665,7 @@
return c, nil
}
-func (c *chacha20Poly1305Cipher) readPacket(seqNum uint32, r io.Reader) ([]byte, error) {
+func (c *chacha20Poly1305Cipher) readCipherPacket(seqNum uint32, r io.Reader) ([]byte, error) {
nonce := [3]uint32{0, 0, bits.ReverseBytes32(seqNum)}
s := chacha20.New(c.contentKey, nonce)
var polyKey [32]byte
@@ -723,7 +723,7 @@
return plain, nil
}
-func (c *chacha20Poly1305Cipher) writePacket(seqNum uint32, w io.Writer, rand io.Reader, payload []byte) error {
+func (c *chacha20Poly1305Cipher) writeCipherPacket(seqNum uint32, w io.Writer, rand io.Reader, payload []byte) error {
nonce := [3]uint32{0, 0, bits.ReverseBytes32(seqNum)}
s := chacha20.New(c.contentKey, nonce)
var polyKey [32]byte
diff --git a/ssh/cipher_test.go b/ssh/cipher_test.go
index a52d6e4..70a2b5b 100644
--- a/ssh/cipher_test.go
+++ b/ssh/cipher_test.go
@@ -56,13 +56,13 @@
want := "bla bla"
input := []byte(want)
buf := &bytes.Buffer{}
- if err := client.writePacket(0, buf, rand.Reader, input); err != nil {
- t.Fatalf("writePacket(%q, %q): %v", cipher, mac, err)
+ if err := client.writeCipherPacket(0, buf, rand.Reader, input); err != nil {
+ t.Fatalf("writeCipherPacket(%q, %q): %v", cipher, mac, err)
}
- packet, err := server.readPacket(0, buf)
+ packet, err := server.readCipherPacket(0, buf)
if err != nil {
- t.Fatalf("readPacket(%q, %q): %v", cipher, mac, err)
+ t.Fatalf("readCipherPacket(%q, %q): %v", cipher, mac, err)
}
if string(packet) != want {
@@ -85,8 +85,8 @@
want := "bla bla"
input := []byte(want)
buf := &bytes.Buffer{}
- if err := client.writePacket(0, buf, rand.Reader, input); err != nil {
- t.Errorf("writePacket: %v", err)
+ if err := client.writeCipherPacket(0, buf, rand.Reader, input); err != nil {
+ t.Errorf("writeCipherPacket: %v", err)
}
packetSize := buf.Len()
@@ -106,9 +106,9 @@
fresh.Bytes()[i] ^= 0x01
before := fresh.Len()
- _, err = server.readPacket(0, fresh)
+ _, err = server.readCipherPacket(0, fresh)
if err == nil {
- t.Errorf("corrupt byte %d: readPacket succeeded ", i)
+ t.Errorf("corrupt byte %d: readCipherPacket succeeded ", i)
continue
}
if _, ok := err.(cbcError); !ok {
diff --git a/ssh/transport.go b/ssh/transport.go
index f6fae1d..49ddc2e 100644
--- a/ssh/transport.go
+++ b/ssh/transport.go
@@ -53,14 +53,14 @@
// packetCipher represents a combination of SSH encryption/MAC
// protocol. A single instance should be used for one direction only.
type packetCipher interface {
- // writePacket encrypts the packet and writes it to w. The
+ // writeCipherPacket encrypts the packet and writes it to w. The
// contents of the packet are generally scrambled.
- writePacket(seqnum uint32, w io.Writer, rand io.Reader, packet []byte) error
+ writeCipherPacket(seqnum uint32, w io.Writer, rand io.Reader, packet []byte) error
- // readPacket reads and decrypts a packet of data. The
+ // readCipherPacket reads and decrypts a packet of data. The
// returned packet may be overwritten by future calls of
// readPacket.
- readPacket(seqnum uint32, r io.Reader) ([]byte, error)
+ readCipherPacket(seqnum uint32, r io.Reader) ([]byte, error)
}
// connectionState represents one side (read or write) of the
@@ -127,7 +127,7 @@
}
func (s *connectionState) readPacket(r *bufio.Reader) ([]byte, error) {
- packet, err := s.packetCipher.readPacket(s.seqNum, r)
+ packet, err := s.packetCipher.readCipherPacket(s.seqNum, r)
s.seqNum++
if err == nil && len(packet) == 0 {
err = errors.New("ssh: zero length packet")
@@ -175,7 +175,7 @@
func (s *connectionState) writePacket(w *bufio.Writer, rand io.Reader, packet []byte) error {
changeKeys := len(packet) > 0 && packet[0] == msgNewKeys
- err := s.packetCipher.writePacket(s.seqNum, w, rand, packet)
+ err := s.packetCipher.writeCipherPacket(s.seqNum, w, rand, packet)
if err != nil {
return err
}
