1Net::SSH::Perl::Mac(3)User Contributed Perl DocumentationNet::SSH::Perl::Mac(3)
2
3
4

NAME

6       Net::SSH::Perl::Mac - MAC support for SSH2
7

SYNOPSIS

9           use Net::SSH::Perl::Mac;
10           my $mac = Net::SSH::Perl::Mac->new('hmac-sha1', $key);
11           $mac->hmac("foo bar");
12

DESCRIPTION

14       Net::SSH::Perl::Mac (and its subclasses) provides MAC support for the
15       SSH2 implementation in Net::SSH::Perl. In the SSH2 protocol, each
16       packet sent between client and server (after the key exchange and
17       algorithm negotiation phase) contains a MAC to protect its integrity.
18       The sending party computes the MAC over the length, padding, and
19       (encrypted) payload fields of the packet, then appends the MAC; and the
20       receiving party recomputes the MAC against the data that it receives.
21
22       The MAC is computed using part of the key that is negotiated during the
23       key exchange phase. During negotiation, packets do not contain MAC;
24       after the SSH_MSG_NEWKEYS message is sent, each side turns on its
25       respective encryption, MAC, and compression code, for each packet that
26       is sent after that point.
27
28       Net::SSH::Perl supports two MAC algorithms: hmac-sha1 and hmac-md5.
29       These algorithms are implemented, respectively, by Digest::HMAC_SHA1
30       and Digest::HMAC_MD5.
31

USAGE

33       Each MAC object supports the following methods:
34
35   $mac = Net::SSH::Perl::Mac->new( $name )
36       Constructs a new MAC object and returns that object.
37
38   $mac->init( $key )
39       Initializes $mac and sets its key to $key (or rather, to a substring of
40       key, key_len bytes long). As this implies, the key_len method should be
41       called before init to set the intended length of the key.
42
43   $mac->hmac( $data )
44       Computes the MAC over $data, using the key set in the initialization
45       phase, and returns the MAC.
46
47   $mac->len
48       Returns the length of the MAC (eg. 20 for HMAC_SHA1).
49
50   $mac->key_len( $len )
51       Given $len sets the key length of $mac to $len.  This should be called
52       before the init method, because init uses this value to take a
53       substring of the provided key value.
54
55       Most of the time this should just be set to the MAC length (the len
56       method); certain SSH implementations have a bug, however, wherein they
57       always use only the first 16 bytes of the provided key.
58
59   $mac->enable
60       Enables the MAC object. This is used by Net::SSH::Perl::Kex to "turn
61       on" the MAC after key negotiation.
62
63   $mac->enabled
64       Tests the enabled flag (set with the enable method).  This is used by
65       Net::SSH::Perl::Packet to determine whether or not to compute a MAC on
66       an outgoing packet.
67

AUTHOR & COPYRIGHTS

69       Please see the Net::SSH::Perl manpage for author, copyright, and
70       license information.
71
72       hmac-sha2-256 and hmac-sha2-512 support added by: Lance Kinley
73       E<lkinley@loyaltymethods.com>
74
75       Copyright (c) 2015 Loyalty Methods, Inc.
76

POD ERRORS

78       Hey! The above document had some coding errors, which are explained
79       below:
80
81       Around line 182:
82           Unknown E content in E<lkinley@loyaltymethods.com>
83
84
85
86perl v5.36.0                      2023-01-20            Net::SSH::Perl::Mac(3)
Impressum