Generate key + iv and return cipher.
(
ciphername: bytes,
password: bytes | None,
salt: bytes,
rounds: int,
)
| 189 | |
| 190 | |
| 191 | def _init_cipher( |
| 192 | ciphername: bytes, |
| 193 | password: bytes | None, |
| 194 | salt: bytes, |
| 195 | rounds: int, |
| 196 | ) -> Cipher[modes.CBC | modes.CTR | modes.GCM]: |
| 197 | """Generate key + iv and return cipher.""" |
| 198 | if not password: |
| 199 | raise TypeError( |
| 200 | "Key is password-protected, but password was not provided." |
| 201 | ) |
| 202 | |
| 203 | ciph = _SSH_CIPHERS[ciphername] |
| 204 | seed = _bcrypt_kdf( |
| 205 | password, salt, ciph.key_len + ciph.iv_len, rounds, True |
| 206 | ) |
| 207 | return Cipher( |
| 208 | ciph.alg(seed[: ciph.key_len]), |
| 209 | ciph.mode(seed[ciph.key_len :]), |
| 210 | ) |
| 211 | |
| 212 | |
| 213 | def _get_u32(data: memoryview) -> tuple[int, memoryview]: |
no test coverage detected