[crypto] ssh: add hmac-sha2-512

24 views
Skip to first unread message

Gopher Robot (Gerrit)

unread,
Jun 22, 2023, 10:37:02 AM6/22/23
to Gerrit Bot, Stan Hu, goph...@pubsubhelper.golang.org, golang-...@googlegroups.com, Dmitri Shuralyov, Dmitri Shuralyov, Roland Shoemaker, Bryan Mills, Han-Wen Nienhuys, Ash McKenzie, golang-co...@googlegroups.com

Gopher Robot submitted this change.

View Change

Approvals: Han-Wen Nienhuys: Looks good to me, approved; Run TryBots; Dry run Dmitri Shuralyov: Looks good to me, but someone else must approve; Automatically submit change Gopher Robot: TryBots succeeded 
ssh: add hmac-sha2-512

This adds support for hmac-sha2-512 to ensure compatibility with SSH clients that request this MAC algorithm.

This rebases https://github.com/golang/crypto/pull/18.

Change-Id: Ia103c10a8b7e2e8dde556d5c36550eb5fa6bc1f6
GitHub-Last-Rev: 987ccae2bc7ae5e90a482d8797351c39dcb9bf33
GitHub-Pull-Request: golang/crypto#257
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/501455
Reviewed-by: Dmitri Shuralyov <dmit...@google.com>
Commit-Queue: Han-Wen Nienhuys <han...@google.com>
Auto-Submit: Dmitri Shuralyov <dmit...@google.com>
Reviewed-by: Han-Wen Nienhuys <han...@google.com>
Run-TryBot: Han-Wen Nienhuys <han...@google.com>
TryBot-Result: Gopher Robot <go...@golang.org>
---
M ssh/common.go
M ssh/mac.go
2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/ssh/common.go b/ssh/common.go
index dc6f301..9ba6e10 100644
--- a/ssh/common.go
+++ b/ssh/common.go
@@ -85,7 +85,7 @@
 // This is based on RFC 4253, section 6.4, but with hmac-md5 variants removed
 // because they have reached the end of their useful life.
 var supportedMACs = []string{
-	"hmac-sha...@openssh.com", "hmac-sha...@openssh.com", "hmac-sha2-256", "hmac-sha1", "hmac-sha1-96",
+	"hmac-sha...@openssh.com", "hmac-sha...@openssh.com", "hmac-sha2-256", "hmac-sha2-512", "hmac-sha1", "hmac-sha1-96",
 }
 
 var supportedCompressions = []string{compressionNone}
diff --git a/ssh/mac.go b/ssh/mac.go
index 0a21af4..06a1b27 100644
--- a/ssh/mac.go
+++ b/ssh/mac.go
@@ -53,6 +53,9 @@
 	"hmac-sha...@openssh.com": {32, true, func(key []byte) hash.Hash {
 		return hmac.New(sha256.New, key)
 	}},
+	"hmac-sha2-512": {64, false, func(key []byte) hash.Hash {
+		return hmac.New(sha512.New, key)
+	}},
 	"hmac-sha2-256": {32, false, func(key []byte) hash.Hash {
 		return hmac.New(sha256.New, key)
 	}},

To view, visit change 501455. To unsubscribe, or for help writing mail filters, visit settings.

Gerrit-MessageType: merged
Gerrit-Project: crypto
Gerrit-Branch: master
Gerrit-Change-Id: Ia103c10a8b7e2e8dde556d5c36550eb5fa6bc1f6
Gerrit-Change-Number: 501455
Gerrit-PatchSet: 2
Gerrit-Owner: Gerrit Bot <letsus...@gmail.com>
Gerrit-Reviewer: Bryan Mills <bcm...@google.com>
Gerrit-Reviewer: Dmitri Shuralyov <dmit...@google.com>
Gerrit-Reviewer: Gopher Robot <go...@golang.org>
Gerrit-Reviewer: Han-Wen Nienhuys <han...@google.com>
Gerrit-Reviewer: Roland Shoemaker <rol...@golang.org>
Gerrit-CC: Ash McKenzie <a...@ashmckenzie.org>
Gerrit-CC: Dmitri Shuralyov <dmit...@golang.org>
Gerrit-CC: Stan Hu <sta...@gmail.com>
Reply all
Reply to author
Forward
0 new messages