mina-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF GitHub Bot (Jira)" <j...@apache.org>
Subject [jira] [Work logged] (SSHD-506) Add support for aes128/256-gcm ciphers
Date Wed, 03 Jun 2020 01:51:00 GMT

     [ https://issues.apache.org/jira/browse/SSHD-506?focusedWorklogId=440554&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-440554

ASF GitHub Bot logged work on SSHD-506:

                Author: ASF GitHub Bot
            Created on: 03/Jun/20 01:50
            Start Date: 03/Jun/20 01:50
    Worklog Time Spent: 10m 
      Work Description: jvz edited a comment on pull request #132:
URL: https://github.com/apache/mina-sshd/pull/132#issuecomment-637901360

   Found one OSS implementation of the RFC version (disabled by default) in Erlang OTP. Seems
like the ambiguity about requiring a mac with an AEAD cipher caused OpenSSH to create their
variant in the first place. Docs: https://manpages.ubuntu.com/manpages/bionic/man7/ssh.7.html
   More notes here about the official ciphers: https://www.iana.org/assignments/ssh-parameters/ssh-parameters.xhtml
   in RFC 4253, we have the following:
   > The chosen encryption algorithm to each direction MUST be the first algorithm on the
client's name-list that is also on the server's name-list.
   > The chosen MAC algorithm MUST be the first algorithm on the client's name-list that
is also on the server's name-list.
   Then we go back to RFC 5647 which says:
   > If AES-GCM is selected as the encryption algorithm for a given tunnel, AES-GCM MUST
also be selected as the Message Authentication Code (MAC) algorithm.  Conversely, if AES-GCM
is selected as the MAC algorithm, it MUST also be selected as the encryption algorithm.
   I'll note this ambiguity is avoided in the OpenSSH ChaCha protocol: https://cvsweb.openbsd.org/src/usr.bin/ssh/PROTOCOL.chacha20poly1305?annotate=HEAD
   Edit: I found another project: https://commoncriteria.github.io/pp/ssh/ssh-release.html

This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:

Issue Time Tracking

    Worklog Id:     (was: 440554)
    Time Spent: 5h 20m  (was: 5h 10m)

> Add support for aes128/256-gcm ciphers
> --------------------------------------
>                 Key: SSHD-506
>                 URL: https://issues.apache.org/jira/browse/SSHD-506
>             Project: MINA SSHD
>          Issue Type: Improvement
>            Reporter: Lyor Goldstein
>            Priority: Major
>          Time Spent: 5h 20m
>  Remaining Estimate: 0h
> See:
> * [rfc5647|https://tools.ietf.org/html/rfc5647]
> * [draft-igoe-secsh-aes-gcm-01|https://tools.ietf.org/html/draft-igoe-secsh-aes-gcm-01]
> * [OpenSSH v6.2|http://www.openssh.com/txt/release-6.2]
> * [JAVA AES 256 GCM encrypt/decrypt example|https://javainterviewpoint.com/java-aes-256-gcm-encryption-and-decryption/]
- especially the usage of {{GCMParameterSpec}} to initialize the cipher
> * [OpenJDK 8 AESCipher.java source code|https://github.com/frohoff/jdk8u-dev-jdk/blob/master/src/share/classes/com/sun/crypto/provider/AESCipher.java]
> ** See also [CipherCore.java|https://github.com/frohoff/jdk8u-dev-jdk/blob/master/src/share/classes/com/sun/crypto/provider/CipherCore.java],

This message was sent by Atlassian Jira

To unsubscribe, e-mail: dev-unsubscribe@mina.apache.org
For additional commands, e-mail: dev-help@mina.apache.org

View raw message