| Warren 2005-02-02, 8:59 am |
| Hello,
I'm trying to process SSH packets on a sockets input stream. I was thinking
of just decorating the socket's stream with a CipherInputStream object, but
I've run into a problem.
SSH packets are of the form ( encrypted-part || plaintext MAC ), which means
I need to control how much of the read in data is filtered. Is there a way
to switch the filtering on/off?
My current solution is to place a pipe in between the socket stream and
cipher input stream and send all but the last <MAC length> bytes on the
socket through the pipe and redirect the remaining bytes to a byte array to
compare with my own calculated MAC. This works fine as long as I know that i
have the whole packet, but if I don't or if two packets are queued then I'm
in trouble.
If I can turn off the cipher for a while I can just use a single input
stream to read the cipher text and plaintext, but from what I read it
doesn't look like this is possible, is that correct?
I definitely want to keep the CipherInputStream, because the last block of
one packet is the IV for the next packet, which makes using the
CipherInputStream the best option as I don't have to worry about the
chaining process.
Thanks for any help
Warren
|