search

golang / go

The Go programming language
https://go.dev
BSD 3-Clause "New" or "Revised" License
123.46k stars 17.59k forks source link

x/crypto/ssh: export supported algorithms #61537

Open drakkan opened 1 year ago

drakkan commented 1 year ago

Currently KEXs, MACs and ciphers are private, some of them are defined as constants and others as simple strings, for example take a look at the supported ciphers list

// supportedCiphers lists ciphers we support but might not recommend.
var supportedCiphers = []string{
    "aes128-ctr", "aes192-ctr", "aes256-ctr",
    "aes128-gcm@openssh.com", gcm256CipherID,
    chacha20Poly1305ID,
    "arcfour256", "arcfour128", "arcfour",
    aes128cbcID,
    tripledescbcID,
}

I propose defining all supported algorithms as constants and exporting them for better discoverability. We should also export the list of supported ciphers, KEXs, MACs, host key, public key algorithms and so on, so an application using the library can simply check if an algorithm is supported.

cc @golang/security

FiloSottile commented 9 months ago

Sorry for catching this late, but KeyExchangeECDH256 and similar really need to be KeyExchangeECDHP256. "ECDH256" is not specific enough, there are many 256-bit curves for ECDH.

drakkan commented 9 months ago

Sorry for catching this late, but KeyExchangeECDH256 and similar really need to be KeyExchangeECDHP256. "ECDH256" is not specific enough, there are many 256-bit curves for ECDH.

CL updated, thanks