ssh: add hmac-sha2-256.

datianshi · agl · commit e3f150b4372f · 2015-05-14T18:39:32.000Z
Fixes golang/go#10274 Change-Id: Id8386828ee92ccc6cba5197831cdb8b2ce0cd648 Reviewed-on: https://go-review.googlesource.com/8353 Reviewed-by: Adam Langley <agl@golang.org> Run-TryBot: Adam Langley <agl@golang.org>
diff --git a/ssh/common.go b/ssh/common.go
@@ -53,7 +53,7 @@ var supportedHostKeyAlgos = []string{
 // This is based on RFC 4253, section 6.4, but with hmac-md5 variants removed
 // because they have reached the end of their useful life.
 var supportedMACs = []string{
-	"hmac-sha1", "hmac-sha1-96",
+	"hmac-sha2-256", "hmac-sha1", "hmac-sha1-96",
 }
 
 var supportedCompressions = []string{compressionNone}
diff --git a/ssh/mac.go b/ssh/mac.go
@@ -9,6 +9,7 @@ package ssh
 import (
 	"crypto/hmac"
 	"crypto/sha1"
+	"crypto/sha256"
 	"hash"
 )
 
@@ -44,6 +45,9 @@ func (t truncatingMAC) Size() int {
 func (t truncatingMAC) BlockSize() int { return t.hmac.BlockSize() }
 
 var macModes = map[string]*macMode{
+	"hmac-sha2-256": {32, func(key []byte) hash.Hash {
+		return hmac.New(sha256.New, key)
+	}},
 	"hmac-sha1": {20, func(key []byte) hash.Hash {
 		return hmac.New(sha1.New, key)
 	}},

Original file line number	Diff line number	Diff line change
`@@ -53,7 +53,7 @@ var supportedHostKeyAlgos = []string{`
`53`	`53`	`// This is based on RFC 4253, section 6.4, but with hmac-md5 variants removed`
`54`	`54`	`// because they have reached the end of their useful life.`
`55`	`55`	`var supportedMACs = []string{`
`56`		`- "hmac-sha1", "hmac-sha1-96",`
	`56`	`+ "hmac-sha2-256", "hmac-sha1", "hmac-sha1-96",`
`57`	`57`	`}`
`58`	`58`
`59`	`59`	`var supportedCompressions = []string{compressionNone}`