net-ssh-backports 6.3.0.backports

data/lib/net/ssh/test.rb

@@ -0,0 +1,94 @@
+require 'net/ssh/transport/session'
+require 'net/ssh/connection/session'
+require 'net/ssh/test/kex'
+require 'net/ssh/test/socket'
+
+module Net
+  module SSH
+    # This module may be used in unit tests, for when you want to test that your
+    # SSH state machines are really doing what you expect they are doing. You will
+    # typically include this module in your unit test class, and then build a
+    # "story" of expected sends and receives:
+    #
+    #   require 'minitest/autorun'
+    #   require 'net/ssh/test'
+    #
+    #   class MyTest < Minitest::Test
+    #     include Net::SSH::Test
+    #
+    #     def test_exec_via_channel_works
+    #       story do |session|
+    #         channel = session.opens_channel
+    #         channel.sends_exec "ls"
+    #         channel.gets_data "result of ls"
+    #         channel.gets_close
+    #         channel.sends_close
+    #       end
+    #
+    #       assert_scripted do
+    #         result = nil
+    #
+    #         connection.open_channel do |ch|
+    #           ch.exec("ls") do |success|
+    #             ch.on_data { |c, data| result = data }
+    #             ch.on_close { |c| c.close }
+    #           end
+    #         end
+    #
+    #         connection.loop
+    #         assert_equal "result of ls", result
+    #       end
+    #     end
+    #   end
+    #
+    # See Net::SSH::Test::Channel and Net::SSH::Test::Script for more options.
+    #
+    # Note that the Net::SSH::Test system is rather finicky yet, and can be kind
+    # of frustrating to get working. Any suggestions for improvement will be
+    # welcome!
+    module Test
+      # If a block is given, yields the script for the test socket (#socket).
+      # Otherwise, simply returns the socket's script. See Net::SSH::Test::Script.
+      def story
+        Net::SSH::Test::Extensions::IO.with_test_extension { yield socket.script if block_given? }
+        return socket.script
+      end
+
+      # Returns the test socket instance to use for these tests (see
+      # Net::SSH::Test::Socket).
+      def socket(options={})
+        @socket ||= Net::SSH::Test::Socket.new
+      end
+
+      # Returns the connection session (Net::SSH::Connection::Session) for use
+      # in these tests. It is a fully functional SSH session, operating over
+      # a mock socket (#socket).
+      def connection(options={})
+        @connection ||= Net::SSH::Connection::Session.new(transport(options), options)
+      end
+
+      # Returns the transport session (Net::SSH::Transport::Session) for use
+      # in these tests. It is a fully functional SSH transport session, operating
+      # over a mock socket (#socket).
+      def transport(options={})
+        @transport ||= Net::SSH::Transport::Session.new(
+          options[:host] || "localhost",
+          options.merge(kex: "test", host_key: "ssh-rsa", append_all_supported_algorithms: true, verify_host_key: :never, proxy: socket(options))
+        )
+      end
+
+      # First asserts that a story has been described (see #story). Then yields,
+      # and then asserts that all items described in the script have been
+      # processed. Typically, this is called immediately after a story has
+      # been built, and the SSH commands being tested are then executed within
+      # the block passed to this assertion.
+      def assert_scripted
+        raise "there is no script to be processed" if socket.script.events.empty?
+
+        Net::SSH::Test::Extensions::IO.with_test_extension { yield }
+        assert socket.script.events.empty?, "there should not be any remaining scripted events, but there are still" \
+                                            "#{socket.script.events.length} pending"
+      end
+    end
+  end
+end

data/lib/net/ssh/transport/algorithms.rb

@@ -0,0 +1,502 @@
+require 'net/ssh/buffer'
+require 'net/ssh/known_hosts'
+require 'net/ssh/loggable'
+require 'net/ssh/transport/cipher_factory'
+require 'net/ssh/transport/constants'
+require 'net/ssh/transport/hmac'
+require 'net/ssh/transport/kex'
+require 'net/ssh/transport/kex/curve25519_sha256_loader'
+require 'net/ssh/transport/server_version'
+require 'net/ssh/authentication/ed25519_loader'
+
+module Net
+  module SSH
+    module Transport
+      # Implements the higher-level logic behind an SSH key-exchange. It handles
+      # both the initial exchange, as well as subsequent re-exchanges (as needed).
+      # It also encapsulates the negotiation of the algorithms, and provides a
+      # single point of access to the negotiated algorithms.
+      #
+      # You will never instantiate or reference this directly. It is used
+      # internally by the transport layer.
+      class Algorithms
+        include Loggable
+        include Constants
+
+        # Define the default algorithms, in order of preference, supported by Net::SSH.
+        DEFAULT_ALGORITHMS = {
+          host_key: %w[ecdsa-sha2-nistp521-cert-v01@openssh.com
+                       ecdsa-sha2-nistp384-cert-v01@openssh.com
+                       ecdsa-sha2-nistp256-cert-v01@openssh.com
+                       ecdsa-sha2-nistp521
+                       ecdsa-sha2-nistp384
+                       ecdsa-sha2-nistp256
+                       ssh-rsa-cert-v01@openssh.com
+                       ssh-rsa-cert-v00@openssh.com
+                       ssh-rsa
+                       rsa-sha2-256
+                       rsa-sha2-512],
+
+          kex: %w[ecdh-sha2-nistp521
+                  ecdh-sha2-nistp384
+                  ecdh-sha2-nistp256
+                  diffie-hellman-group-exchange-sha256
+                  diffie-hellman-group14-sha256
+                  diffie-hellman-group14-sha1],
+
+          encryption: %w[aes256-ctr aes192-ctr aes128-ctr],
+
+          hmac: %w[hmac-sha2-512-etm@openssh.com hmac-sha2-256-etm@openssh.com
+                   hmac-sha2-512 hmac-sha2-256
+                   hmac-sha1]
+        }.freeze
+
+        if Net::SSH::Authentication::ED25519Loader::LOADED
+          DEFAULT_ALGORITHMS[:host_key].unshift(
+            'ssh-ed25519-cert-v01@openssh.com',
+            'ssh-ed25519'
+          )
+        end
+
+        if Net::SSH::Transport::Kex::Curve25519Sha256Loader::LOADED
+          DEFAULT_ALGORITHMS[:kex].unshift(
+            'curve25519-sha256',
+            'curve25519-sha256@libssh.org'
+          )
+        end
+
+        # Define all algorithms, with the deprecated, supported by Net::SSH.
+        ALGORITHMS = {
+          host_key: DEFAULT_ALGORITHMS[:host_key] + %w[ssh-dss],
+
+          kex: DEFAULT_ALGORITHMS[:kex] +
+               %w[diffie-hellman-group-exchange-sha1
+                  diffie-hellman-group1-sha1],
+
+          encryption: DEFAULT_ALGORITHMS[:encryption] +
+                      %w[aes256-cbc aes192-cbc aes128-cbc
+                         rijndael-cbc@lysator.liu.se
+                         blowfish-ctr blowfish-cbc
+                         cast128-ctr cast128-cbc
+                         3des-ctr 3des-cbc
+                         idea-cbc
+                         none],
+
+          hmac: DEFAULT_ALGORITHMS[:hmac] +
+                %w[hmac-sha2-512-96 hmac-sha2-256-96
+                   hmac-sha1-96
+                   hmac-ripemd160 hmac-ripemd160@openssh.com
+                   hmac-md5 hmac-md5-96
+                   none],
+
+          compression: %w[none zlib@openssh.com zlib],
+          language: %w[]
+        }.freeze
+
+        # The underlying transport layer session that supports this object
+        attr_reader :session
+
+        # The hash of options used to initialize this object
+        attr_reader :options
+
+        # The kex algorithm to use settled on between the client and server.
+        attr_reader :kex
+
+        # The type of host key that will be used for this session.
+        attr_reader :host_key
+
+        # The type of the cipher to use to encrypt packets sent from the client to
+        # the server.
+        attr_reader :encryption_client
+
+        # The type of the cipher to use to decrypt packets arriving from the server.
+        attr_reader :encryption_server
+
+        # The type of HMAC to use to sign packets sent by the client.
+        attr_reader :hmac_client
+
+        # The type of HMAC to use to validate packets arriving from the server.
+        attr_reader :hmac_server
+
+        # The type of compression to use to compress packets being sent by the client.
+        attr_reader :compression_client
+
+        # The type of compression to use to decompress packets arriving from the server.
+        attr_reader :compression_server
+
+        # The language that will be used in messages sent by the client.
+        attr_reader :language_client
+
+        # The language that will be used in messages sent from the server.
+        attr_reader :language_server
+
+        # The hash of algorithms preferred by the client, which will be told to
+        # the server during algorithm negotiation.
+        attr_reader :algorithms
+
+        # The session-id for this session, as decided during the initial key exchange.
+        attr_reader :session_id
+
+        # Returns true if the given packet can be processed during a key-exchange.
+        def self.allowed_packet?(packet)
+          (1..4).include?(packet.type) ||
+          (6..19).include?(packet.type) ||
+          (21..49).include?(packet.type)
+        end
+
+        # Instantiates a new Algorithms object, and prepares the hash of preferred
+        # algorithms based on the options parameter and the ALGORITHMS constant.
+        def initialize(session, options={})
+          @session = session
+          @logger = session.logger
+          @options = options
+          @algorithms = {}
+          @pending = @initialized = false
+          @client_packet = @server_packet = nil
+          prepare_preferred_algorithms!
+        end
+
+        # Start the algorithm negotation
+        def start
+          raise ArgumentError, "Cannot call start if it's negotiation started or done" if @pending || @initialized
+
+          send_kexinit
+        end
+
+        # Request a rekey operation. This will return immediately, and does not
+        # actually perform the rekey operation. It does cause the session to change
+        # state, however--until the key exchange finishes, no new packets will be
+        # processed.
+        def rekey!
+          @client_packet = @server_packet = nil
+          @initialized = false
+          send_kexinit
+        end
+
+        # Called by the transport layer when a KEXINIT packet is received, indicating
+        # that the server wants to exchange keys. This can be spontaneous, or it
+        # can be in response to a client-initiated rekey request (see #rekey!). Either
+        # way, this will block until the key exchange completes.
+        def accept_kexinit(packet)
+          info { "got KEXINIT from server" }
+          @server_data = parse_server_algorithm_packet(packet)
+          @server_packet = @server_data[:raw]
+          if !pending?
+            send_kexinit
+          else
+            proceed!
+          end
+        end
+
+        # A convenience method for accessing the list of preferred types for a
+        # specific algorithm (see #algorithms).
+        def [](key)
+          algorithms[key]
+        end
+
+        # Returns +true+ if a key-exchange is pending. This will be true from the
+        # moment either the client or server requests the key exchange, until the
+        # exchange completes. While an exchange is pending, only a limited number
+        # of packets are allowed, so event processing essentially stops during this
+        # period.
+        def pending?
+          @pending
+        end
+
+        # Returns true if no exchange is pending, and otherwise returns true or
+        # false depending on whether the given packet is of a type that is allowed
+        # during a key exchange.
+        def allow?(packet)
+          !pending? || Algorithms.allowed_packet?(packet)
+        end
+
+        # Returns true if the algorithms have been negotiated at all.
+        def initialized?
+          @initialized
+        end
+
+        def host_key_format
+          case host_key
+          when /^([a-z0-9-]+)-cert-v\d{2}@openssh.com$/
+            Regexp.last_match[1]
+          else
+            host_key
+          end
+        end
+
+        private
+
+        # Sends a KEXINIT packet to the server. If a server KEXINIT has already
+        # been received, this will then invoke #proceed! to proceed with the key
+        # exchange, otherwise it returns immediately (but sets the object to the
+        # pending state).
+        def send_kexinit
+          info { "sending KEXINIT" }
+          @pending = true
+          packet = build_client_algorithm_packet
+          @client_packet = packet.to_s
+          session.send_message(packet)
+          proceed! if @server_packet
+        end
+
+        # After both client and server have sent their KEXINIT packets, this
+        # will do the algorithm negotiation and key exchange. Once both finish,
+        # the object leaves the pending state and the method returns.
+        def proceed!
+          info { "negotiating algorithms" }
+          negotiate_algorithms
+          exchange_keys
+          @pending = false
+        end
+
+        # Prepares the list of preferred algorithms, based on the options hash
+        # that was given when the object was constructed, and the ALGORITHMS
+        # constant. Also, when determining the host_key type to use, the known
+        # hosts files are examined to see if the host has ever sent a host_key
+        # before, and if so, that key type is used as the preferred type for
+        # communicating with this server.
+        def prepare_preferred_algorithms!
+          options[:compression] = %w[zlib@openssh.com zlib] if options[:compression] == true
+
+          ALGORITHMS.each do |algorithm, supported|
+            algorithms[algorithm] = compose_algorithm_list(
+              supported, options[algorithm] || DEFAULT_ALGORITHMS[algorithm],
+              options[:append_all_supported_algorithms]
+            )
+          end
+
+          # for convention, make sure our list has the same keys as the server
+          # list
+
+          algorithms[:encryption_client ] = algorithms[:encryption_server ] = algorithms[:encryption]
+          algorithms[:hmac_client       ] = algorithms[:hmac_server       ] = algorithms[:hmac]
+          algorithms[:compression_client] = algorithms[:compression_server] = algorithms[:compression]
+          algorithms[:language_client   ] = algorithms[:language_server   ] = algorithms[:language]
+
+          if !options.key?(:host_key)
+            # make sure the host keys are specified in preference order, where any
+            # existing known key for the host has preference.
+
+            existing_keys = session.host_keys
+            host_keys = existing_keys.flat_map { |key| key.respond_to?(:ssh_types) ? key.ssh_types : [key.ssh_type] }.uniq
+            algorithms[:host_key].each do |name|
+              host_keys << name unless host_keys.include?(name)
+            end
+            algorithms[:host_key] = host_keys
+          end
+        end
+
+        # Composes the list of algorithms by taking supported algorithms and matching with supplied options.
+        def compose_algorithm_list(supported, option, append_all_supported_algorithms = false)
+          return supported.dup unless option
+
+          list = []
+          option = Array(option).compact.uniq
+
+          if option.first && option.first.start_with?('+', '-')
+            list = supported.dup
+
+            appends = option.select { |opt| opt.start_with?('+') }.map { |opt| opt[1..-1] }
+            deletions = option.select { |opt| opt.start_with?('-') }.map { |opt| opt[1..-1] }
+
+            list.concat(appends)
+
+            deletions.each do |opt|
+              if opt.include?('*')
+                opt_escaped = Regexp.escape(opt)
+                algo_re = /\A#{opt_escaped.gsub('\*', '[A-Za-z\d\-@\.]*')}\z/
+                list.delete_if { |existing_opt| algo_re.match(existing_opt) }
+              else
+                list.delete(opt)
+              end
+            end
+
+            list.uniq!
+          else
+            list = option
+
+            if append_all_supported_algorithms
+              supported.each { |name| list << name unless list.include?(name) }
+            end
+          end
+
+          unsupported = []
+          list.select! do |name|
+            is_supported = supported.include?(name)
+            unsupported << name unless is_supported
+            is_supported
+          end
+
+          lwarn { %(unsupported algorithm: `#{unsupported}') } unless unsupported.empty?
+
+          list
+        end
+
+        # Parses a KEXINIT packet from the server.
+        def parse_server_algorithm_packet(packet)
+          data = { raw: packet.content }
+
+          packet.read(16) # skip the cookie value
+
+          data[:kex]                = packet.read_string.split(/,/)
+          data[:host_key]           = packet.read_string.split(/,/)
+          data[:encryption_client]  = packet.read_string.split(/,/)
+          data[:encryption_server]  = packet.read_string.split(/,/)
+          data[:hmac_client]        = packet.read_string.split(/,/)
+          data[:hmac_server]        = packet.read_string.split(/,/)
+          data[:compression_client] = packet.read_string.split(/,/)
+          data[:compression_server] = packet.read_string.split(/,/)
+          data[:language_client]    = packet.read_string.split(/,/)
+          data[:language_server]    = packet.read_string.split(/,/)
+
+          # TODO: if first_kex_packet_follows, we need to try to skip the
+          # actual kexinit stuff and try to guess what the server is doing...
+          # need to read more about this scenario.
+          # first_kex_packet_follows = packet.read_bool
+
+          return data
+        end
+
+        # Given the #algorithms map of preferred algorithm types, this constructs
+        # a KEXINIT packet to send to the server. It does not actually send it,
+        # it simply builds the packet and returns it.
+        def build_client_algorithm_packet
+          kex         = algorithms[:kex].join(",")
+          host_key    = algorithms[:host_key].join(",")
+          encryption  = algorithms[:encryption].join(",")
+          hmac        = algorithms[:hmac].join(",")
+          compression = algorithms[:compression].join(",")
+          language    = algorithms[:language].join(",")
+
+          Net::SSH::Buffer.from(:byte, KEXINIT,
+            :long, [rand(0xFFFFFFFF), rand(0xFFFFFFFF), rand(0xFFFFFFFF), rand(0xFFFFFFFF)],
+            :mstring, [kex, host_key, encryption, encryption, hmac, hmac],
+            :mstring, [compression, compression, language, language],
+            :bool, false, :long, 0)
+        end
+
+        # Given the parsed server KEX packet, and the client's preferred algorithm
+        # lists in #algorithms, determine which preferred algorithms each has
+        # in common and set those as the selected algorithms. If, for any algorithm,
+        # no type can be settled on, an exception is raised.
+        def negotiate_algorithms
+          @kex                = negotiate(:kex)
+          @host_key           = negotiate(:host_key)
+          @encryption_client  = negotiate(:encryption_client)
+          @encryption_server  = negotiate(:encryption_server)
+          @hmac_client        = negotiate(:hmac_client)
+          @hmac_server        = negotiate(:hmac_server)
+          @compression_client = negotiate(:compression_client)
+          @compression_server = negotiate(:compression_server)
+          @language_client    = negotiate(:language_client) rescue ""
+          @language_server    = negotiate(:language_server) rescue ""
+
+          debug do
+            "negotiated:\n" +
+              %i[kex host_key encryption_server encryption_client hmac_client hmac_server
+                 compression_client compression_server language_client language_server].map do |key|
+                "* #{key}: #{instance_variable_get("@#{key}")}"
+              end.join("\n")
+          end
+        end
+
+        # Negotiates a single algorithm based on the preferences reported by the
+        # server and those set by the client. This is called by
+        # #negotiate_algorithms.
+        def negotiate(algorithm)
+          match = self[algorithm].find { |item| @server_data[algorithm].include?(item) }
+
+          if match.nil?
+            raise Net::SSH::Exception, "could not settle on #{algorithm} algorithm\n"\
+              "Server #{algorithm} preferences: #{@server_data[algorithm].join(',')}\n"\
+              "Client #{algorithm} preferences: #{self[algorithm].join(',')}"
+          end
+
+          return match
+        end
+
+        # Considers the sizes of the keys and block-sizes for the selected ciphers,
+        # and the lengths of the hmacs, and returns the largest as the byte requirement
+        # for the key-exchange algorithm.
+        def kex_byte_requirement
+          sizes = [8] # require at least 8 bytes
+
+          sizes.concat(CipherFactory.get_lengths(encryption_client))
+          sizes.concat(CipherFactory.get_lengths(encryption_server))
+
+          sizes << HMAC.key_length(hmac_client)
+          sizes << HMAC.key_length(hmac_server)
+
+          sizes.max
+        end
+
+        # Instantiates one of the Transport::Kex classes (based on the negotiated
+        # kex algorithm), and uses it to exchange keys. Then, the ciphers and
+        # HMACs are initialized and fed to the transport layer, to be used in
+        # further communication with the server.
+        def exchange_keys
+          debug { "exchanging keys" }
+
+          algorithm = Kex::MAP[kex].new(self, session,
+            client_version_string: Net::SSH::Transport::ServerVersion::PROTO_VERSION,
+            server_version_string: session.server_version.version,
+            server_algorithm_packet: @server_packet,
+            client_algorithm_packet: @client_packet,
+            need_bytes: kex_byte_requirement,
+            minimum_dh_bits: options[:minimum_dh_bits],
+            logger: logger)
+          result = algorithm.exchange_keys
+
+          secret   = result[:shared_secret].to_ssh
+          hash     = result[:session_id]
+          digester = result[:hashing_algorithm]
+
+          @session_id ||= hash
+
+          key = Proc.new { |salt| digester.digest(secret + hash + salt + @session_id) }
+
+          iv_client = key["A"]
+          iv_server = key["B"]
+          key_client = key["C"]
+          key_server = key["D"]
+          mac_key_client = key["E"]
+          mac_key_server = key["F"]
+
+          parameters = { shared: secret, hash: hash, digester: digester }
+
+          cipher_client = CipherFactory.get(encryption_client, parameters.merge(iv: iv_client, key: key_client, encrypt: true))
+          cipher_server = CipherFactory.get(encryption_server, parameters.merge(iv: iv_server, key: key_server, decrypt: true))
+
+          mac_client = HMAC.get(hmac_client, mac_key_client, parameters)
+          mac_server = HMAC.get(hmac_server, mac_key_server, parameters)
+
+          session.configure_client cipher: cipher_client, hmac: mac_client,
+                                   compression: normalize_compression_name(compression_client),
+                                   compression_level: options[:compression_level],
+                                   rekey_limit: options[:rekey_limit],
+                                   max_packets: options[:rekey_packet_limit],
+                                   max_blocks: options[:rekey_blocks_limit]
+
+          session.configure_server cipher: cipher_server, hmac: mac_server,
+                                   compression: normalize_compression_name(compression_server),
+                                   rekey_limit: options[:rekey_limit],
+                                   max_packets: options[:rekey_packet_limit],
+                                   max_blocks: options[:rekey_blocks_limit]
+
+          @initialized = true
+        end
+
+        # Given the SSH name for some compression algorithm, return a normalized
+        # name as a symbol.
+        def normalize_compression_name(name)
+          case name
+          when "none"             then false
+          when "zlib"             then :standard
+          when "zlib@openssh.com" then :delayed
+          else raise ArgumentError, "unknown compression type `#{name}'"
+          end
+        end
+      end
+    end
+  end
+end

data/lib/net/ssh/transport/cipher_factory.rb

@@ -0,0 +1,103 @@
+require 'openssl'
+require 'net/ssh/transport/ctr.rb'
+require 'net/ssh/transport/key_expander'
+require 'net/ssh/transport/identity_cipher'
+
+module Net
+  module SSH
+    module Transport
+      # Implements a factory of OpenSSL cipher algorithms.
+      class CipherFactory
+        # Maps the SSH name of a cipher to it's corresponding OpenSSL name
+        SSH_TO_OSSL = {
+          "3des-cbc"                    => "des-ede3-cbc",
+          "blowfish-cbc"                => "bf-cbc",
+          "aes256-cbc"                  => "aes-256-cbc",
+          "aes192-cbc"                  => "aes-192-cbc",
+          "aes128-cbc"                  => "aes-128-cbc",
+          "idea-cbc"                    => "idea-cbc",
+          "cast128-cbc"                 => "cast-cbc",
+          "rijndael-cbc@lysator.liu.se" => "aes-256-cbc",
+          "3des-ctr"                    => "des-ede3",
+          "blowfish-ctr"                => "bf-ecb",
+
+          "aes256-ctr"                  => ::OpenSSL::Cipher.ciphers.include?("aes-256-ctr") ? "aes-256-ctr" : "aes-256-ecb",
+          "aes192-ctr"                  => ::OpenSSL::Cipher.ciphers.include?("aes-192-ctr") ? "aes-192-ctr" : "aes-192-ecb",
+          "aes128-ctr"                  => ::OpenSSL::Cipher.ciphers.include?("aes-128-ctr") ? "aes-128-ctr" : "aes-128-ecb",
+          'cast128-ctr'                 => 'cast5-ecb',
+
+          'none'                        => 'none'
+        }
+
+        # Returns true if the underlying OpenSSL library supports the given cipher,
+        # and false otherwise.
+        def self.supported?(name)
+          ossl_name = SSH_TO_OSSL[name] or raise NotImplementedError, "unimplemented cipher `#{name}'"
+          return true if ossl_name == "none"
+
+          return OpenSSL::Cipher.ciphers.include?(ossl_name)
+        end
+
+        # Retrieves a new instance of the named algorithm. The new instance
+        # will be initialized using an iv and key generated from the given
+        # iv, key, shared, hash and digester values. Additionally, the
+        # cipher will be put into encryption or decryption mode, based on the
+        # value of the +encrypt+ parameter.
+        def self.get(name, options={})
+          ossl_name = SSH_TO_OSSL[name] or raise NotImplementedError, "unimplemented cipher `#{name}'"
+          return IdentityCipher if ossl_name == "none"
+
+          cipher = OpenSSL::Cipher.new(ossl_name)
+
+          cipher.send(options[:encrypt] ? :encrypt : :decrypt)
+
+          cipher.padding = 0
+
+          if name =~ /-ctr(@openssh.org)?$/
+            if ossl_name !~ /-ctr/
+              cipher.extend(Net::SSH::Transport::CTR)
+            else
+              cipher = Net::SSH::Transport::OpenSSLAESCTR.new(cipher)
+            end
+          end
+          cipher.iv = Net::SSH::Transport::KeyExpander.expand_key(cipher.iv_len, options[:iv], options)
+
+          key_len = cipher.key_len
+          cipher.key_len = key_len
+          cipher.key = Net::SSH::Transport::KeyExpander.expand_key(key_len, options[:key], options)
+
+          return cipher
+        end
+
+        # Returns a two-element array containing the [ key-length,
+        # block-size ] for the named cipher algorithm. If the cipher
+        # algorithm is unknown, or is "none", 0 is returned for both elements
+        # of the tuple.
+        # if :iv_len option is supplied the third return value will be ivlen
+        def self.get_lengths(name, options = {})
+          ossl_name = SSH_TO_OSSL[name]
+          if ossl_name.nil? || ossl_name == "none"
+            result = [0, 0]
+            result << 0 if options[:iv_len]
+          else
+            cipher = OpenSSL::Cipher.new(ossl_name)
+            key_len = cipher.key_len
+            cipher.key_len = key_len
+
+            block_size =
+              case ossl_name
+              when /\-ctr/
+                Net::SSH::Transport::OpenSSLAESCTR.block_size
+              else
+                cipher.block_size
+              end
+
+            result = [key_len, block_size]
+            result << cipher.iv_len if options[:iv_len]
+          end
+          result
+        end
+      end
+    end
+  end
+end