Open
Description
If I apply the following patch to the cipher.go file the tests still pass. It would be nice to catch this kind of error so we can refactor this code and have some confidence we haven't broken it.
diff --git a/ssh/cipher.go b/ssh/cipher.go
index 67b0126..d99ffc7 100644
--- a/ssh/cipher.go
+++ b/ssh/cipher.go
@@ -16,7 +16,7 @@ import (
"hash"
"io"
"io/ioutil"
- "math/bits"
+ _ "math/bits"
"golang.org/x/crypto/internal/chacha20"
"golang.org/x/crypto/poly1305"
@@ -666,7 +666,7 @@ func newChaCha20Cipher(key, unusedIV, unusedMACKey []byte, unusedAlgs directionA
}
func (c *chacha20Poly1305Cipher) readPacket(seqNum uint32, r io.Reader) ([]byte, error) {
- nonce := [3]uint32{0, 0, bits.ReverseBytes32(seqNum)}
+ nonce := [3]uint32{1, 2, 3}
s := chacha20.New(c.contentKey, nonce)
var polyKey [32]byte
s.XORKeyStream(polyKey[:], polyKey[:])
@@ -724,7 +724,7 @@ func (c *chacha20Poly1305Cipher) readPacket(seqNum uint32, r io.Reader) ([]byte,
}
func (c *chacha20Poly1305Cipher) writePacket(seqNum uint32, w io.Writer, rand io.Reader, payload []byte) error {
- nonce := [3]uint32{0, 0, bits.ReverseBytes32(seqNum)}
+ nonce := [3]uint32{1, 2, 3}
s := chacha20.New(c.contentKey, nonce)
var polyKey [32]byte
s.XORKeyStream(polyKey[:], polyKey[:])