[crypto] crypto/ssh: Add additional kex algorithm support

Gopher Robot (Gerrit)

unread,

Feb 12, 2022, 3:59:34 AM2/12/22

to Михаил Патин, goph...@pubsubhelper.golang.org, golang-co...@googlegroups.com

Congratulations on opening your first change. Thank you for your contribution!

Next steps:
A maintainer will review your change and provide feedback. See
https://go.dev/doc/contribute#review for more info and tips to get your
patch through code review.

Most changes in the Go project go through a few rounds of revision. This can be
surprising to people new to the project. The careful, iterative review process
is our way of helping mentor contributors and ensuring that their contributions
have a lasting impact.

During May-July and Nov-Jan the Go project is in a code freeze, during which
little code gets reviewed or merged. If a reviewer responds with a comment like
R=go1.11 or adds a tag like "wait-release", it means that this CL will be
reviewed as part of the next development cycle. See https://go.dev/s/release
for more details.

View Change

To view, visit change 385394. To unsubscribe, or for help writing mail filters, visit settings.

Михаил Патин (Gerrit)

unread,

Feb 13, 2022, 1:48:41 PM2/13/22

to goph...@pubsubhelper.golang.org, golang-co...@googlegroups.com

Михаил Патин uploaded patch set #2 to this change.

View Change

crypto/ssh: Add additional kex algorithm support

Dut to the algorithm name update, some external systems support the curve25519 algorithm as 'curve25519-sha256' instead of the old one 'curve255...@libssh.org'
and a handshake failed at the 'key exchange' step

Fixes: #48756
Change-Id: Ice35874cd8c07ad48752686ac368bf11ab793f77
---
M ssh/common.go
M ssh/kex.go
2 files changed, 23 insertions(+), 8 deletions(-)

To view, visit change 385394. To unsubscribe, or for help writing mail filters, visit settings.

Михаил Патин (Gerrit)

unread,

Feb 13, 2022, 1:48:41 PM2/13/22

to goph...@pubsubhelper.golang.org, golang-co...@googlegroups.com

Михаил Патин has uploaded this change for review.

View Change

crypto/ssh: Add additional kex algorithm support

Dut to the algorithm name update, some external systems support the curve25519 algorithm as 'curve25519-sha256' instead of the old one curve255...@libssh.org'
and a handshake failed at the 'key exchange' step

Fixes: #48756
Change-Id: Ice35874cd8c07ad48752686ac368bf11ab793f77
---
M ssh/common.go
M ssh/kex.go
2 files changed, 23 insertions(+), 8 deletions(-)

diff --git a/ssh/common.go b/ssh/common.go
index 5ae2275..61cd2a0 100644
--- a/ssh/common.go
+++ b/ssh/common.go
@@ -44,7 +44,7 @@
 // supportedKexAlgos specifies the supported key-exchange algorithms in
 // preference order.
 var supportedKexAlgos = []string{
-	kexAlgoCurve25519SHA256,
+	kexAlgoCurve25519SHA256, kexAlgoCurve25519SHA256Libssh,
 	// P384 and P521 are not constant-time yet, but since we don't
 	// reuse ephemeral keys, using them for ECDH should be OK.
 	kexAlgoECDH256, kexAlgoECDH384, kexAlgoECDH521,
@@ -61,7 +61,7 @@
 // preferredKexAlgos specifies the default preference for key-exchange algorithms
 // in preference order.
 var preferredKexAlgos = []string{
-	kexAlgoCurve25519SHA256,
+	kexAlgoCurve25519SHA256, kexAlgoCurve25519SHA256Libssh,
 	kexAlgoECDH256, kexAlgoECDH384, kexAlgoECDH521,
 	kexAlgoDH14SHA1,
 }
diff --git a/ssh/kex.go b/ssh/kex.go
index 766e929..307c1ce 100644
--- a/ssh/kex.go
+++ b/ssh/kex.go
@@ -20,12 +20,13 @@
 )
 
 const (
-	kexAlgoDH1SHA1          = "diffie-hellman-group1-sha1"
-	kexAlgoDH14SHA1         = "diffie-hellman-group14-sha1"
-	kexAlgoECDH256          = "ecdh-sha2-nistp256"
-	kexAlgoECDH384          = "ecdh-sha2-nistp384"
-	kexAlgoECDH521          = "ecdh-sha2-nistp521"
-	kexAlgoCurve25519SHA256 = "curve255...@libssh.org"
+	kexAlgoDH1SHA1                = "diffie-hellman-group1-sha1"
+	kexAlgoDH14SHA1               = "diffie-hellman-group14-sha1"
+	kexAlgoECDH256                = "ecdh-sha2-nistp256"
+	kexAlgoECDH384                = "ecdh-sha2-nistp384"
+	kexAlgoECDH521                = "ecdh-sha2-nistp521"
+	kexAlgoCurve25519SHA256Libssh = "curve255...@libssh.org"
+	kexAlgoCurve25519SHA256       = "curve25519-sha256"
 
 	// For the following kex only the client half contains a production
 	// ready implementation. The server half only consists of a minimal
@@ -410,6 +411,7 @@
 	kexAlgoMap[kexAlgoECDH384] = &ecdh{elliptic.P384()}
 	kexAlgoMap[kexAlgoECDH256] = &ecdh{elliptic.P256()}
 	kexAlgoMap[kexAlgoCurve25519SHA256] = &curve25519sha256{}
+	kexAlgoMap[kexAlgoCurve25519SHA256Libssh] = &curve25519sha256{}
 	kexAlgoMap[kexAlgoDHGEXSHA1] = &dhGEXSHA{hashFunc: crypto.SHA1}
 	kexAlgoMap[kexAlgoDHGEXSHA256] = &dhGEXSHA{hashFunc: crypto.SHA256}
 }

To view, visit change 385394. To unsubscribe, or for help writing mail filters, visit settings.

Михаил Патин (Gerrit)

unread,

Feb 24, 2022, 7:52:21 AM2/24/22

to goph...@pubsubhelper.golang.org, Filippo Valsorda, Adam Langley, Katie Hockman, Roland Shoemaker, Gopher Robot, golang-co...@googlegroups.com

Attention is currently required from: Filippo Valsorda.

View Change

1 comment:

Patchset:
- Patch Set #2:
  this issue is a blocker, please take a look, there is only one new constant

To view, visit change 385394. To unsubscribe, or for help writing mail filters, visit settings.

Михаил Патин (Gerrit)

unread,

Mar 1, 2022, 9:47:17 AM3/1/22

to goph...@pubsubhelper.golang.org, golang-co...@googlegroups.com

Attention is currently required from: Alex Scheel, Matt Layher, Filippo Valsorda.

Михаил Патин uploaded patch set #3 to this change.

View Change

crypto/ssh: Add additional kex algorithm support

Due to the algorithm name update, some external systems support the curve25519 algorithm as 'curve25519-sha256' instead of the old one 'curve255...@libssh.org'


and a handshake failed at the 'key exchange' step

Fixes: #48756
Change-Id: Ice35874cd8c07ad48752686ac368bf11ab793f77
---
M ssh/common.go
M ssh/kex.go
2 files changed, 23 insertions(+), 8 deletions(-)

To view, visit change 385394. To unsubscribe, or for help writing mail filters, visit settings.

Matt Layher (Gerrit)

unread,

Mar 1, 2022, 9:48:42 AM3/1/22

to Михаил Патин, goph...@pubsubhelper.golang.org, Alex Scheel, Filippo Valsorda, Adam Langley, Katie Hockman, Roland Shoemaker, Gopher Robot, golang-co...@googlegroups.com

Attention is currently required from: Михаил Патин, Alex Scheel, Filippo Valsorda.

Patch set 3:Run-TryBot +1Code-Review +1Trust +1

View Change

1 comment:

Patchset:
- Patch Set #3:
  LGTM from a non-crytogopher perspective.

To view, visit change 385394. To unsubscribe, or for help writing mail filters, visit settings.

Михаил Патин (Gerrit)

unread,

Mar 1, 2022, 10:16:24 AM3/1/22

to goph...@pubsubhelper.golang.org, Gopher Robot, Matt Layher, Alex Scheel, Filippo Valsorda, Adam Langley, Katie Hockman, Roland Shoemaker, golang-co...@googlegroups.com

Attention is currently required from: Alex Scheel, Filippo Valsorda.

View Change

1 comment:

Patchset:
- Patch Set #3:
  We can't go to a production using forked x/crypto due to security approve issue.
  May be I need to add someone else to this MR?

To view, visit change 385394. To unsubscribe, or for help writing mail filters, visit settings.

Matt Layher (Gerrit)

unread,

Mar 1, 2022, 10:18:08 AM3/1/22

to Михаил Патин, goph...@pubsubhelper.golang.org, Gopher Robot, Alex Scheel, Filippo Valsorda, Adam Langley, Katie Hockman, Roland Shoemaker, golang-co...@googlegroups.com

Attention is currently required from: Михаил Патин, Alex Scheel, Filippo Valsorda.

View Change

1 comment:

Patchset:
- Patch Set #3:
  We can't go to a production using forked x/crypto due to security approve issue. […]
  Please be patient and wait for a review from one of the x/crypto maintainers.

To view, visit change 385394. To unsubscribe, or for help writing mail filters, visit settings.

Михаил Патин (Gerrit)

unread,

Mar 1, 2022, 10:24:33 AM3/1/22

to goph...@pubsubhelper.golang.org, Gopher Robot, Matt Layher, Alex Scheel, Filippo Valsorda, Adam Langley, Katie Hockman, Roland Shoemaker, golang-co...@googlegroups.com

Attention is currently required from: Alex Scheel, Matt Layher, Filippo Valsorda.

View Change

1 comment:

Patchset:
- Patch Set #3:
  Please be patient and wait for a review from one of the x/crypto maintainers.
  Ok, thank you

To view, visit change 385394. To unsubscribe, or for help writing mail filters, visit settings.

Filippo Valsorda (Gerrit)

unread,

Mar 12, 2022, 8:24:48 AM3/12/22

to Михаил Патин, Filippo Valsorda, goph...@pubsubhelper.golang.org, golang-co...@googlegroups.com

Attention is currently required from: Alex Scheel, Matt Layher, Roland Shoemaker, Filippo Valsorda.

Filippo Valsorda uploaded patch set #4 to the change originally created by Михаил Патин.

View Change

crypto/ssh: support new curve25519-sha256 kex name

RFC 8731 standardized curve255...@libssh.org as curve25519-sha256,
and some systems only advertise support for the new name.

Fixes golang/go#48756

Change-Id: Ice35874cd8c07ad48752686ac368bf11ab793f77
Co-authored-by: Filippo Valsorda <fil...@golang.org>


---
M ssh/common.go
M ssh/kex.go

2 files changed, 27 insertions(+), 11 deletions(-)

To view, visit change 385394. To unsubscribe, or for help writing mail filters, visit settings.

Filippo Valsorda (Gerrit)

unread,

Mar 12, 2022, 12:53:06 PM3/12/22

to Михаил Патин, Filippo Valsorda, goph...@pubsubhelper.golang.org, golang-co...@googlegroups.com

Attention is currently required from: Alex Scheel, Matt Layher, Roland Shoemaker, Filippo Valsorda.

Filippo Valsorda uploaded patch set #5 to the change originally created by Михаил Патин.

View Change

ssh: support new curve25519-sha256 kex name



RFC 8731 standardized curve255...@libssh.org as curve25519-sha256,
and some systems only advertise support for the new name.

Fixes golang/go#48756

Change-Id: Ice35874cd8c07ad48752686ac368bf11ab793f77
Co-authored-by: Filippo Valsorda <fil...@golang.org>
---
M ssh/common.go
M ssh/kex.go
2 files changed, 27 insertions(+), 11 deletions(-)

To view, visit change 385394. To unsubscribe, or for help writing mail filters, visit settings.

Roland Shoemaker (Gerrit)

unread,

Mar 14, 2022, 3:12:25 PM3/14/22

to Михаил Патин, Filippo Valsorda, goph...@pubsubhelper.golang.org, Gopher Robot, Matt Layher, Alex Scheel, Adam Langley, Katie Hockman, golang-co...@googlegroups.com

Attention is currently required from: Михаил Патин, Alex Scheel, Matt Layher, Filippo Valsorda.

Patch set 5:Code-Review +2

View Change

To view, visit change 385394. To unsubscribe, or for help writing mail filters, visit settings.

Filippo Valsorda (Gerrit)

unread,

Mar 14, 2022, 7:46:28 PM3/14/22

to Михаил Патин, Filippo Valsorda, goph...@pubsubhelper.golang.org, golang-...@googlegroups.com, Roland Shoemaker, Gopher Robot, Matt Layher, Alex Scheel, Adam Langley, Katie Hockman, golang-co...@googlegroups.com

Filippo Valsorda submitted this change.

View Change

Approvals:
  Roland Shoemaker: Looks good to me, approved
  Matt Layher: Trusted
  Filippo Valsorda: Trusted; Run TryBots
  Gopher Robot: TryBots succeeded

ssh: support new curve25519-sha256 kex name

RFC 8731 standardized curve255...@libssh.org as curve25519-sha256,
and some systems only advertise support for the new name.

Fixes golang/go#48756

Change-Id: Ice35874cd8c07ad48752686ac368bf11ab793f77
Co-authored-by: Filippo Valsorda <fil...@golang.org>

Reviewed-on: https://go-review.googlesource.com/c/crypto/+/385394
Trust: Filippo Valsorda <fil...@golang.org>
Run-TryBot: Filippo Valsorda <fil...@golang.org>
Trust: Matt Layher <mdla...@gmail.com>
TryBot-Result: Gopher Robot <go...@golang.org>
Reviewed-by: Roland Shoemaker <rol...@golang.org>


---
M ssh/common.go
M ssh/kex.go

2 files changed, 33 insertions(+), 11 deletions(-)

diff --git a/ssh/common.go b/ssh/common.go
index ec1f839..ba7052b 100644


--- a/ssh/common.go
+++ b/ssh/common.go
@@ -44,7 +44,7 @@
 // supportedKexAlgos specifies the supported key-exchange algorithms in
 // preference order.
 var supportedKexAlgos = []string{
-	kexAlgoCurve25519SHA256,

+	kexAlgoCurve25519SHA256, kexAlgoCurve25519SHA256LibSSH,


 	// P384 and P521 are not constant-time yet, but since we don't
 	// reuse ephemeral keys, using them for ECDH should be OK.
 	kexAlgoECDH256, kexAlgoECDH384, kexAlgoECDH521,
@@ -61,7 +61,7 @@
 // preferredKexAlgos specifies the default preference for key-exchange algorithms
 // in preference order.
 var preferredKexAlgos = []string{
-	kexAlgoCurve25519SHA256,

+	kexAlgoCurve25519SHA256, kexAlgoCurve25519SHA256LibSSH,


 	kexAlgoECDH256, kexAlgoECDH384, kexAlgoECDH521,
 	kexAlgoDH14SHA1,
 }
diff --git a/ssh/kex.go b/ssh/kex.go

index 766e929..36eac6c 100644


--- a/ssh/kex.go
+++ b/ssh/kex.go
@@ -20,12 +20,13 @@
 )
 
 const (
-	kexAlgoDH1SHA1          = "diffie-hellman-group1-sha1"
-	kexAlgoDH14SHA1         = "diffie-hellman-group14-sha1"
-	kexAlgoECDH256          = "ecdh-sha2-nistp256"
-	kexAlgoECDH384          = "ecdh-sha2-nistp384"
-	kexAlgoECDH521          = "ecdh-sha2-nistp521"
-	kexAlgoCurve25519SHA256 = "curve255...@libssh.org"
+	kexAlgoDH1SHA1                = "diffie-hellman-group1-sha1"
+	kexAlgoDH14SHA1               = "diffie-hellman-group14-sha1"
+	kexAlgoECDH256                = "ecdh-sha2-nistp256"
+	kexAlgoECDH384                = "ecdh-sha2-nistp384"
+	kexAlgoECDH521                = "ecdh-sha2-nistp521"

+	kexAlgoCurve25519SHA256LibSSH = "curve255...@libssh.org"


+	kexAlgoCurve25519SHA256       = "curve25519-sha256"
 
 	// For the following kex only the client half contains a production
 	// ready implementation. The server half only consists of a minimal

@@ -410,13 +411,13 @@


 	kexAlgoMap[kexAlgoECDH384] = &ecdh{elliptic.P384()}
 	kexAlgoMap[kexAlgoECDH256] = &ecdh{elliptic.P256()}
 	kexAlgoMap[kexAlgoCurve25519SHA256] = &curve25519sha256{}

+	kexAlgoMap[kexAlgoCurve25519SHA256LibSSH] = &curve25519sha256{}


 	kexAlgoMap[kexAlgoDHGEXSHA1] = &dhGEXSHA{hashFunc: crypto.SHA1}
 	kexAlgoMap[kexAlgoDHGEXSHA256] = &dhGEXSHA{hashFunc: crypto.SHA256}
 }

-// curve25519sha256 implements the curve255...@libssh.org key
-// agreement protocol, as described in
-// https://git.libssh.org/projects/libssh.git/tree/doc/curve255...@libssh.org.txt
+// curve25519sha256 implements the curve25519-sha256 (formerly known as
+// curve255...@libssh.org) key exchange method, as described in RFC 8731.
 type curve25519sha256 struct{}
 
 type curve25519KeyPair struct {

To view, visit change 385394. To unsubscribe, or for help writing mail filters, visit settings.

Reply all

Reply to author

Forward