From 3e144b63e8ca59ebf48e3a00b97b245f9827451e Mon Sep 17 00:00:00 2001 From: Nicola Murino Date: Wed, 15 Feb 2023 18:36:09 +0000 Subject: [PATCH] ssh: add support for aes256-gcm@openssh.com Change-Id: I91caf3bda3dfd00c050f5ebf23c2a35a04c5762b GitHub-Last-Rev: 6e71340e7960b5b6f71f7b96eeeaf8dfb268e306 GitHub-Pull-Request: golang/crypto#127 Reviewed-on: https://go-review.googlesource.com/c/crypto/+/223518 Auto-Submit: Filippo Valsorda Run-TryBot: Filippo Valsorda TryBot-Result: Gopher Robot Reviewed-by: Roland Shoemaker Reviewed-by: Filippo Valsorda Reviewed-by: Han-Wen Nienhuys --- ssh/cipher.go | 3 ++- ssh/cipher_test.go | 2 +- ssh/common.go | 9 +++++---- ssh/handshake_test.go | 2 +- ssh/transport.go | 3 ++- 5 files changed, 11 insertions(+), 8 deletions(-) diff --git a/ssh/cipher.go b/ssh/cipher.go index 87f48552ce..741e984f33 100644 --- a/ssh/cipher.go +++ b/ssh/cipher.go @@ -114,7 +114,8 @@ var cipherModes = map[string]*cipherMode{ "arcfour": {16, 0, streamCipherMode(0, newRC4)}, // AEAD ciphers - gcmCipherID: {16, 12, newGCMCipher}, + gcm128CipherID: {16, 12, newGCMCipher}, + gcm256CipherID: {32, 12, newGCMCipher}, chacha20Poly1305ID: {64, 0, newChaCha20Cipher}, // CBC mode is insecure and so is not included in the default config. diff --git a/ssh/cipher_test.go b/ssh/cipher_test.go index 610982807d..f1be0d6db4 100644 --- a/ssh/cipher_test.go +++ b/ssh/cipher_test.go @@ -141,7 +141,7 @@ func TestCVE202143565(t *testing.T) { constructPacket func(packetCipher) io.Reader }{ { - cipher: gcmCipherID, + cipher: gcm128CipherID, constructPacket: func(client packetCipher) io.Reader { internalCipher := client.(*gcmCipher) b := &bytes.Buffer{} diff --git a/ssh/common.go b/ssh/common.go index c7964275de..e6a77f26a0 100644 --- a/ssh/common.go +++ b/ssh/common.go @@ -28,7 +28,7 @@ const ( // supportedCiphers lists ciphers we support but might not recommend. var supportedCiphers = []string{ "aes128-ctr", "aes192-ctr", "aes256-ctr", - "aes128-gcm@openssh.com", + "aes128-gcm@openssh.com", gcm256CipherID, chacha20Poly1305ID, "arcfour256", "arcfour128", "arcfour", aes128cbcID, @@ -37,7 +37,7 @@ var supportedCiphers = []string{ // preferredCiphers specifies the default preference for ciphers. var preferredCiphers = []string{ - "aes128-gcm@openssh.com", + "aes128-gcm@openssh.com", gcm256CipherID, chacha20Poly1305ID, "aes128-ctr", "aes192-ctr", "aes256-ctr", } @@ -168,7 +168,7 @@ func (a *directionAlgorithms) rekeyBytes() int64 { // 2^(BLOCKSIZE/4) blocks. For all AES flavors BLOCKSIZE is // 128. switch a.Cipher { - case "aes128-ctr", "aes192-ctr", "aes256-ctr", gcmCipherID, aes128cbcID: + case "aes128-ctr", "aes192-ctr", "aes256-ctr", gcm128CipherID, gcm256CipherID, aes128cbcID: return 16 * (1 << 32) } @@ -178,7 +178,8 @@ func (a *directionAlgorithms) rekeyBytes() int64 { } var aeadCiphers = map[string]bool{ - gcmCipherID: true, + gcm128CipherID: true, + gcm256CipherID: true, chacha20Poly1305ID: true, } diff --git a/ssh/handshake_test.go b/ssh/handshake_test.go index b05aab30c7..3d0ab5044c 100644 --- a/ssh/handshake_test.go +++ b/ssh/handshake_test.go @@ -562,7 +562,7 @@ func TestHandshakeRekeyDefault(t *testing.T) { } func TestHandshakeAEADCipherNoMAC(t *testing.T) { - for _, cipher := range []string{chacha20Poly1305ID, gcmCipherID} { + for _, cipher := range []string{chacha20Poly1305ID, gcm128CipherID} { checker := &syncChecker{ called: make(chan int, 1), } diff --git a/ssh/transport.go b/ssh/transport.go index acf5a21bbb..da015801ea 100644 --- a/ssh/transport.go +++ b/ssh/transport.go @@ -17,7 +17,8 @@ import ( const debugTransport = false const ( - gcmCipherID = "aes128-gcm@openssh.com" + gcm128CipherID = "aes128-gcm@openssh.com" + gcm256CipherID = "aes256-gcm@openssh.com" aes128cbcID = "aes128-cbc" tripledescbcID = "3des-cbc" )