@@ -98,36 +98,36 @@ func streamCipherMode(skip int, createFunc func(key, iv []byte) (cipher.Stream,
98
98
var cipherModes = map [string ]* cipherMode {
99
99
// Ciphers from RFC 4344, which introduced many CTR-based ciphers. Algorithms
100
100
// are defined in the order specified in the RFC.
101
- "aes128-ctr" : {16 , aes .BlockSize , streamCipherMode (0 , newAESCTR )},
102
- "aes192-ctr" : {24 , aes .BlockSize , streamCipherMode (0 , newAESCTR )},
103
- "aes256-ctr" : {32 , aes .BlockSize , streamCipherMode (0 , newAESCTR )},
101
+ CipherAES128CTR : {16 , aes .BlockSize , streamCipherMode (0 , newAESCTR )},
102
+ CipherAES192CTR : {24 , aes .BlockSize , streamCipherMode (0 , newAESCTR )},
103
+ CipherAES256CTR : {32 , aes .BlockSize , streamCipherMode (0 , newAESCTR )},
104
104
105
105
// Ciphers from RFC 4345, which introduces security-improved arcfour ciphers.
106
106
// They are defined in the order specified in the RFC.
107
- "arcfour128" : {16 , 0 , streamCipherMode (1536 , newRC4 )},
108
- "arcfour256" : {32 , 0 , streamCipherMode (1536 , newRC4 )},
107
+ InsecureCipherRC4128 : {16 , 0 , streamCipherMode (1536 , newRC4 )},
108
+ InsecureCipherRC4256 : {32 , 0 , streamCipherMode (1536 , newRC4 )},
109
109
110
110
// Cipher defined in RFC 4253, which describes SSH Transport Layer Protocol.
111
111
// Note that this cipher is not safe, as stated in RFC 4253: "Arcfour (and
112
112
// RC4) has problems with weak keys, and should be used with caution."
113
113
// RFC 4345 introduces improved versions of Arcfour.
114
- "arcfour" : {16 , 0 , streamCipherMode (0 , newRC4 )},
114
+ InsecureCipherRC4 : {16 , 0 , streamCipherMode (0 , newRC4 )},
115
115
116
116
// AEAD ciphers
117
- gcm128CipherID : {16 , 12 , newGCMCipher },
118
- gcm256CipherID : {32 , 12 , newGCMCipher },
119
- chacha20Poly1305ID : {64 , 0 , newChaCha20Cipher },
117
+ CipherAES128GCM : {16 , 12 , newGCMCipher },
118
+ CipherAES256GCM : {32 , 12 , newGCMCipher },
119
+ CipherChaCha20Poly1305 : {64 , 0 , newChaCha20Cipher },
120
120
121
121
// CBC mode is insecure and so is not included in the default config.
122
122
// (See https://www.ieee-security.org/TC/SP2013/papers/4977a526.pdf). If absolutely
123
123
// needed, it's possible to specify a custom Config to enable it.
124
124
// You should expect that an active attacker can recover plaintext if
125
125
// you do.
126
- aes128cbcID : {16 , aes .BlockSize , newAESCBCCipher },
126
+ InsecureCipherAES128CBC : {16 , aes .BlockSize , newAESCBCCipher },
127
127
128
128
// 3des-cbc is insecure and is not included in the default
129
129
// config.
130
- tripledescbcID : {24 , des .BlockSize , newTripleDESCBCCipher },
130
+ InsecureCipherTripleDESCBC : {24 , des .BlockSize , newTripleDESCBCCipher },
131
131
}
132
132
133
133
// prefixLen is the length of the packet prefix that contains the packet length
@@ -635,8 +635,6 @@ func (c *cbcCipher) writeCipherPacket(seqNum uint32, w io.Writer, rand io.Reader
635
635
return nil
636
636
}
637
637
638
- const chacha20Poly1305ID = "[email protected] "
639
-
640
638
// chacha20Poly1305Cipher implements the [email protected]
641
639
// AEAD, which is described here:
642
640
//
0 commit comments