go.crypto/ssh: implement ECDH.

Implement elliptic-curve Diffie-Hellman, including host key signature verification. Moves host key cryptographic verification to ClientConn.handshake(), so RSA host keys are also verified. Fixes golang/go#6158. R=dave, agl CC=golang-dev https://golang.org/cl/13021045
author: Han-Wen Nienhuys <hanwen@google.com> 2013-08-28 10:50:25 -0400
committer: Adam Langley <agl@golang.org> 2013-08-28 10:50:25 -0400
commit: d7d50b0a7ca68e2c21897511107809de9cee1137 (patch)
tree: 9460758fc9413fbfc36c2f9d8319a56ac2586c20 /ssh/cipher.go
parent: b725ff72eb4ef6b906846cc73efacaab8da3b2d1 (diff)
download: go-x-crypto-d7d50b0a7ca68e2c21897511107809de9cee1137.tar.xz
1 files changed, 9 insertions, 0 deletions
diff --git a/ssh/cipher.go b/ssh/cipher.go
index 97e5d9b..bc2e983 100644
--- a/ssh/cipher.go
+++ b/ssh/cipher.go
@@ -89,3 +89,12 @@ var cipherModes = map[string]*cipherMode{
 	"arcfour128": {16, 0, 1536, newRC4},
 	"arcfour256": {32, 0, 1536, newRC4},
 }
+
+// defaultKeyExchangeOrder specifies a default set of key exchange algorithms
+// with preferences.
+var defaultKeyExchangeOrder = []string{
+	// P384 and P521 are not constant-time yet, but since we don't
+	// reuse ephemeral keys, using them for ECDH should be OK.
+	kexAlgoECDH256, kexAlgoECDH384, kexAlgoECDH521,
+	kexAlgoDH14SHA1, kexAlgoDH1SHA1,
+}
author	Han-Wen Nienhuys <hanwen@google.com>	2013-08-28 10:50:25 -0400
committer	Adam Langley <agl@golang.org>	2013-08-28 10:50:25 -0400
commit	d7d50b0a7ca68e2c21897511107809de9cee1137 (patch)
tree	9460758fc9413fbfc36c2f9d8319a56ac2586c20 /ssh/cipher.go
parent	b725ff72eb4ef6b906846cc73efacaab8da3b2d1 (diff)
download	go-x-crypto-d7d50b0a7ca68e2c21897511107809de9cee1137.tar.xz