From 6a7bed06d77509dfe63c1119f51a1b38a9e36b57 Mon Sep 17 00:00:00 2001
From: Joe Testa <jtesta@positronsecurity.com>
Date: Tue, 28 Jul 2020 21:17:29 -0400
Subject: [PATCH] Added two new key exchanges: 'kexAlgoCurve25519SHA256' and
 'Curve25519SHA256'.

---
 README.md    | 2 +-
 ssh-audit.py | 2 ++
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index c869294..5ea5e6f 100644
--- a/README.md
+++ b/README.md
@@ -90,7 +90,7 @@ $ brew install ssh-audit
  - Suppress recommendation of token host key types.
  - Added check for use-after-free vulnerability in PuTTY v0.73.
  - Added 5 new host key types: `ssh-rsa1`, `ssh-dss-sha256@ssh.com`, `ssh-gost2001`, `ssh-gost2012-256`, `ssh-gost2012-512`.
- - Added 1 new key exchange: `diffie-hellman-group1-sha256`.
+ - Added 3 new key exchanges: `diffie-hellman-group1-sha256`, `kexAlgoCurve25519SHA256`, `Curve25519SHA256`.
  - Added 5 new ciphers: `blowfish`, `AEAD_AES_128_GCM`, `AEAD_AES_256_GCM`, `crypticore128@ssh.com`, `seed-cbc@ssh.com`.
  - Added 3 new MACs: `chacha20-poly1305@openssh.com`, `hmac-sha3-224`, `crypticore-mac@ssh.com`.
 
diff --git a/ssh-audit.py b/ssh-audit.py
index 25d3af6..eecf0e7 100755
--- a/ssh-audit.py
+++ b/ssh-audit.py
@@ -753,6 +753,8 @@ class SSH2:  # pylint: disable=too-few-public-methods
                 'rsa1024-sha1': [[], [FAIL_1024BIT_MODULUS], [WARN_HASH_WEAK]],
                 'rsa2048-sha256': [[]],
                 'sntrup4591761x25519-sha512@tinyssh.org': [['8.0'], [], [WARN_EXPERIMENTAL]],
+                'kexAlgoCurve25519SHA256': [[]],
+                'Curve25519SHA256': [[]],
                 'ext-info-c': [[]],  # Extension negotiation (RFC 8308)
                 'ext-info-s': [[]],  # Extension negotiation (RFC 8308)
             },