Bases: CipherSuiteBase
Skeleton suite for OpenSSH policy.
Source code in swarmauri_cipher_suite_ssh/SshCipherSuite.py
| def suite_id(self) -> str:
return "ssh"
|
Source code in swarmauri_cipher_suite_ssh/SshCipherSuite.py
| def supports(self) -> Mapping[CipherOp, Iterable[Alg]]:
return {"encrypt": _SSH_CIPHER, "decrypt": _SSH_CIPHER}
|
default_alg(op, *, for_key=None)
Source code in swarmauri_cipher_suite_ssh/SshCipherSuite.py
| def default_alg(self, op: CipherOp, *, for_key: Optional[KeyRef] = None) -> Alg:
return "chacha20-poly1305@openssh.com"
|
Source code in swarmauri_cipher_suite_ssh/SshCipherSuite.py
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52 | def features(self) -> Features:
return {
"suite": "ssh",
"version": 1,
"dialects": {"ssh": list(_SSH_CIPHER)},
"constraints": {
"kex": _SSH_KEX,
"host_key": _SSH_HOST,
"mac": _SSH_MAC,
},
"ops": {
"encrypt": {
"default": self.default_alg("encrypt"),
"allowed": list(_SSH_CIPHER),
}
},
"compliance": {"fips": False},
}
|
normalize(
*, op, alg=None, key=None, params=None, dialect=None
)
Source code in swarmauri_cipher_suite_ssh/SshCipherSuite.py
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76 | def normalize(
self,
*,
op: CipherOp,
alg: Optional[Alg] = None,
key: Optional[KeyRef] = None,
params: Optional[ParamMapping] = None,
dialect: Optional[str] = None,
) -> NormalizedDescriptor:
allowed = set(self.supports().get(op, ()))
chosen = alg or self.default_alg(op)
if chosen not in allowed:
raise ValueError(f"{chosen=} not supported for {op=}")
return {
"op": op,
"alg": chosen,
"dialect": "ssh" if dialect is None else dialect,
"mapped": {"ssh": chosen, "provider": chosen},
"params": dict(params or {}),
"constraints": {},
"policy": self.policy(),
}
|