ssh: add support for aes256-gcm@openssh.com
Change-Id: I91caf3bda3dfd00c050f5ebf23c2a35a04c5762b
GitHub-Last-Rev: 6e71340e7960b5b6f71f7b96eeeaf8dfb268e306
GitHub-Pull-Request: golang/crypto#127
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/223518
Auto-Submit: Filippo Valsorda <filippo@golang.org>
Run-TryBot: Filippo Valsorda <filippo@golang.org>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Roland Shoemaker <roland@golang.org>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Han-Wen Nienhuys <hanwen@google.com>
diff --git a/ssh/cipher.go b/ssh/cipher.go
index 87f4855..741e984 100644
--- a/ssh/cipher.go
+++ b/ssh/cipher.go
@@ -114,7 +114,8 @@
"arcfour": {16, 0, streamCipherMode(0, newRC4)},
// AEAD ciphers
- gcmCipherID: {16, 12, newGCMCipher},
+ gcm128CipherID: {16, 12, newGCMCipher},
+ gcm256CipherID: {32, 12, newGCMCipher},
chacha20Poly1305ID: {64, 0, newChaCha20Cipher},
// CBC mode is insecure and so is not included in the default config.
diff --git a/ssh/cipher_test.go b/ssh/cipher_test.go
index 6109828..f1be0d6 100644
--- a/ssh/cipher_test.go
+++ b/ssh/cipher_test.go
@@ -141,7 +141,7 @@
constructPacket func(packetCipher) io.Reader
}{
{
- cipher: gcmCipherID,
+ cipher: gcm128CipherID,
constructPacket: func(client packetCipher) io.Reader {
internalCipher := client.(*gcmCipher)
b := &bytes.Buffer{}
diff --git a/ssh/common.go b/ssh/common.go
index c796427..e6a77f2 100644
--- a/ssh/common.go
+++ b/ssh/common.go
@@ -28,7 +28,7 @@
// supportedCiphers lists ciphers we support but might not recommend.
var supportedCiphers = []string{
"aes128-ctr", "aes192-ctr", "aes256-ctr",
- "aes128-gcm@openssh.com",
+ "aes128-gcm@openssh.com", gcm256CipherID,
chacha20Poly1305ID,
"arcfour256", "arcfour128", "arcfour",
aes128cbcID,
@@ -37,7 +37,7 @@
// preferredCiphers specifies the default preference for ciphers.
var preferredCiphers = []string{
- "aes128-gcm@openssh.com",
+ "aes128-gcm@openssh.com", gcm256CipherID,
chacha20Poly1305ID,
"aes128-ctr", "aes192-ctr", "aes256-ctr",
}
@@ -168,7 +168,7 @@
// 2^(BLOCKSIZE/4) blocks. For all AES flavors BLOCKSIZE is
// 128.
switch a.Cipher {
- case "aes128-ctr", "aes192-ctr", "aes256-ctr", gcmCipherID, aes128cbcID:
+ case "aes128-ctr", "aes192-ctr", "aes256-ctr", gcm128CipherID, gcm256CipherID, aes128cbcID:
return 16 * (1 << 32)
}
@@ -178,7 +178,8 @@
}
var aeadCiphers = map[string]bool{
- gcmCipherID: true,
+ gcm128CipherID: true,
+ gcm256CipherID: true,
chacha20Poly1305ID: true,
}
diff --git a/ssh/handshake_test.go b/ssh/handshake_test.go
index b05aab3..3d0ab50 100644
--- a/ssh/handshake_test.go
+++ b/ssh/handshake_test.go
@@ -562,7 +562,7 @@
}
func TestHandshakeAEADCipherNoMAC(t *testing.T) {
- for _, cipher := range []string{chacha20Poly1305ID, gcmCipherID} {
+ for _, cipher := range []string{chacha20Poly1305ID, gcm128CipherID} {
checker := &syncChecker{
called: make(chan int, 1),
}
diff --git a/ssh/transport.go b/ssh/transport.go
index acf5a21..da01580 100644
--- a/ssh/transport.go
+++ b/ssh/transport.go
@@ -17,7 +17,8 @@
const debugTransport = false
const (
- gcmCipherID = "aes128-gcm@openssh.com"
+ gcm128CipherID = "aes128-gcm@openssh.com"
+ gcm256CipherID = "aes256-gcm@openssh.com"
aes128cbcID = "aes128-cbc"
tripledescbcID = "3des-cbc"
)