From 98a1fb0315c57516e0d7ccfebec5c2e443a37463 Mon Sep 17 00:00:00 2001
From: Joe Testa <jtesta@positronsecurity.com>
Date: Mon, 28 Jun 2021 21:59:41 -0400
Subject: [PATCH] Added two new MACs: 'AEAD_AES_128_GCM', and
 'AEAD_AES_256_GCM'.

---
 README.md                   | 2 +-
 src/ssh_audit/ssh2_kexdb.py | 2 ++
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index f9ef4ab..d675333 100644
--- a/README.md
+++ b/README.md
@@ -183,7 +183,7 @@ For convenience, a web front-end on top of the command-line tool is available at
  - Added `-d`/`--debug` option for getting debugging output; credit [Adam Russell](https://github.com/thecliguy).
  - Updated JSON output to include MD5 fingerprints.  Note that this results in a breaking change in the 'fingerprints' dictionary format.
  - Updated OpenSSH 8.1 (and earlier) policies to include `rsa-sha2-512` and `rsa-sha2-256`.
- - Added 1 new MAC: `hmac-ripemd160-96`.
+ - Added 3 new MACs: `hmac-ripemd160-96`, `AEAD_AES_128_GCM`, and `AEAD_AES_256_GCM`.
 
 ### v2.4.0 (2021-02-23)
  - Added multi-threaded scanning support.
diff --git a/src/ssh_audit/ssh2_kexdb.py b/src/ssh_audit/ssh2_kexdb.py
index 1f21a08..7e1fceb 100644
--- a/src/ssh_audit/ssh2_kexdb.py
+++ b/src/ssh_audit/ssh2_kexdb.py
@@ -271,5 +271,7 @@ class SSH2_KexDB:  # pylint: disable=too-few-public-methods
             'aes256-gcm': [[]],
             'chacha20-poly1305@openssh.com': [[]],  # Despite the @openssh.com tag, this was never shipped as a MAC in OpenSSH (only as a cipher); it is only implemented as a MAC in Syncplify.
             'crypticore-mac@ssh.com': [[], [FAIL_UNPROVEN]],
+            'AEAD_AES_128_GCM': [[]],
+            'AEAD_AES_256_GCM': [[]],
         }
     }