diff options
Diffstat (limited to 'vendor/golang.org/x/crypto/ssh/cipher.go')
-rw-r--r-- | vendor/golang.org/x/crypto/ssh/cipher.go | 39 |
1 files changed, 33 insertions, 6 deletions
diff --git a/vendor/golang.org/x/crypto/ssh/cipher.go b/vendor/golang.org/x/crypto/ssh/cipher.go index 2732963f3..34d3917c4 100644 --- a/vendor/golang.org/x/crypto/ssh/cipher.go +++ b/vendor/golang.org/x/crypto/ssh/cipher.go @@ -7,6 +7,7 @@ package ssh import ( "crypto/aes" "crypto/cipher" + "crypto/des" "crypto/rc4" "crypto/subtle" "encoding/binary" @@ -121,6 +122,9 @@ var cipherModes = map[string]*streamCipherMode{ // You should expect that an active attacker can recover plaintext if // you do. aes128cbcID: {16, aes.BlockSize, 0, nil}, + + // 3des-cbc is insecure and is disabled by default. + tripledescbcID: {24, des.BlockSize, 0, nil}, } // prefixLen is the length of the packet prefix that contains the packet length @@ -368,12 +372,7 @@ type cbcCipher struct { oracleCamouflage uint32 } -func newAESCBCCipher(iv, key, macKey []byte, algs directionAlgorithms) (packetCipher, error) { - c, err := aes.NewCipher(key) - if err != nil { - return nil, err - } - +func newCBCCipher(c cipher.Block, iv, key, macKey []byte, algs directionAlgorithms) (packetCipher, error) { cbc := &cbcCipher{ mac: macModes[algs.MAC].new(macKey), decrypter: cipher.NewCBCDecrypter(c, iv), @@ -387,6 +386,34 @@ func newAESCBCCipher(iv, key, macKey []byte, algs directionAlgorithms) (packetCi return cbc, nil } +func newAESCBCCipher(iv, key, macKey []byte, algs directionAlgorithms) (packetCipher, error) { + c, err := aes.NewCipher(key) + if err != nil { + return nil, err + } + + cbc, err := newCBCCipher(c, iv, key, macKey, algs) + if err != nil { + return nil, err + } + + return cbc, nil +} + +func newTripleDESCBCCipher(iv, key, macKey []byte, algs directionAlgorithms) (packetCipher, error) { + c, err := des.NewTripleDESCipher(key) + if err != nil { + return nil, err + } + + cbc, err := newCBCCipher(c, iv, key, macKey, algs) + if err != nil { + return nil, err + } + + return cbc, nil +} + func maxUInt32(a, b int) uint32 { if a > b { return uint32(a) |