Added 3 new host keys: ssh-gost2001, ssh-gost2012-256, and ssh-gost2012-512.

This commit is contained in:
Joe Testa 2020-07-14 10:43:18 -04:00
parent 1410894f45
commit 85f14720cb
2 changed files with 5 additions and 1 deletions

View File

@ -79,7 +79,7 @@ $ brew install ssh-audit
- Many Python 2 code clean-ups, testing framework improvements, pylint & flake8 fixes, and mypy type comments; credit [Jürgen Gmach](https://github.com/jugmac00)). - Many Python 2 code clean-ups, testing framework improvements, pylint & flake8 fixes, and mypy type comments; credit [Jürgen Gmach](https://github.com/jugmac00)).
- Suppress recommendation of token host key types. - Suppress recommendation of token host key types.
- Added check for use-after-free vulnerability in PuTTY v0.73. - Added check for use-after-free vulnerability in PuTTY v0.73.
- Added 2 new host key types: `ssh-rsa1`, `ssh-dss-sha256@ssh.com`. - Added 5 new host key types: `ssh-rsa1`, `ssh-dss-sha256@ssh.com`, `ssh-gost2001`, `ssh-gost2012-256`, `ssh-gost2012-512`.
- Added 1 new key exchange: `diffie-hellman-group1-sha256`. - Added 1 new key exchange: `diffie-hellman-group1-sha256`.
- Added 5 new ciphers: `blowfish`, `AEAD_AES_128_GCM`, `AEAD_AES_256_GCM`, `crypticore128@ssh.com`, `seed-cbc@ssh.com`. - Added 5 new ciphers: `blowfish`, `AEAD_AES_128_GCM`, `AEAD_AES_256_GCM`, `crypticore128@ssh.com`, `seed-cbc@ssh.com`.
- Added 3 new MACs: `chacha20-poly1305@openssh.com`, `hmac-sha3-224`, `crypticore-mac@ssh.com`. - Added 3 new MACs: `chacha20-poly1305@openssh.com`, `hmac-sha3-224`, `crypticore-mac@ssh.com`.

View File

@ -659,6 +659,7 @@ class SSH2: # pylint: disable=too-few-public-methods
WARN_TAG_SIZE_96 = 'using small 96-bit tag size' WARN_TAG_SIZE_96 = 'using small 96-bit tag size'
WARN_EXPERIMENTAL = 'using experimental algorithm' WARN_EXPERIMENTAL = 'using experimental algorithm'
WARN_OBSOLETE = 'using obsolete algorithm' WARN_OBSOLETE = 'using obsolete algorithm'
WARN_UNTRUSTED = 'using untrusted algorithm'
ALGORITHMS = { ALGORITHMS = {
# Format: 'algorithm_name': [['version_first_appeared_in'], [reason_for_failure1, reason_for_failure2, ...], [warning1, warning2, ...]] # Format: 'algorithm_name': [['version_first_appeared_in'], [reason_for_failure1, reason_for_failure2, ...], [warning1, warning2, ...]]
@ -747,6 +748,9 @@ class SSH2: # pylint: disable=too-few-public-methods
'sk-ecdsa-sha2-nistp256@openssh.com': [['8.2'], [WARN_CURVES_WEAK], [WARN_RNDSIG_KEY]], 'sk-ecdsa-sha2-nistp256@openssh.com': [['8.2'], [WARN_CURVES_WEAK], [WARN_RNDSIG_KEY]],
'sk-ssh-ed25519-cert-v01@openssh.com': [['8.2']], 'sk-ssh-ed25519-cert-v01@openssh.com': [['8.2']],
'sk-ssh-ed25519@openssh.com': [['8.2']], 'sk-ssh-ed25519@openssh.com': [['8.2']],
'ssh-gost2001': [[], [], [WARN_UNTRUSTED]],
'ssh-gost2012-256': [[], [], [WARN_UNTRUSTED]],
'ssh-gost2012-512': [[], [], [WARN_UNTRUSTED]],
}, },
'enc': { 'enc': {
'none': [['1.2.2,d2013.56,l10.2'], [FAIL_PLAINTEXT]], 'none': [['1.2.2,d2013.56,l10.2'], [FAIL_PLAINTEXT]],