mina-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Matt Sicker (Jira)" <j...@apache.org>
Subject [jira] [Commented] (SSHD-1017) Add support for chacha20-poly1305@openssh.com
Date Sat, 24 Oct 2020 22:46:00 GMT

    [ https://issues.apache.org/jira/browse/SSHD-1017?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17220208#comment-17220208

Matt Sicker commented on SSHD-1017:

It seems like I've figured out how to implement this using BouncyCastle's Cipher and Mac implementations.
The ChaCha part could potentially be adapted for use with the Java 11 API, but that engine
seems stricter than the BouncyCastle one which seems to allow for some object reuse without
mis-detecting it as IV-reuse.

Since this only works with the BC provider, I'm unable to add it to the default ciphers list
due to some test failures in modules without BC available (mostly errors of the 8 != 9 variety).
I'll open a PR after I confirm the build still works. I've tested this with OpenSSH 8.4p1
on macOS so far which seemed to work fine.

> Add support for chacha20-poly1305@openssh.com
> ---------------------------------------------
>                 Key: SSHD-1017
>                 URL: https://issues.apache.org/jira/browse/SSHD-1017
>             Project: MINA SSHD
>          Issue Type: New Feature
>            Reporter: Matt Sicker
>            Priority: Major
> See [protocol details|https://github.com/openbsd/src/blob/master/usr.bin/ssh/PROTOCOL.chacha20poly1305].
> * [RFC 7539|https://tools.ietf.org/html/rfc7539] describes the ChaCha20-Poly1305 algorithm.
> * [Dropbear implementation|https://github.com/mkj/dropbear/blob/master/chachapoly.c]
> * [OpenSSH implementation|https://github.com/openbsd/src/blob/master/usr.bin/ssh/cipher-chachapoly-libcrypto.c]
> The cipher is provided by Bouncycastle.
> As a bonus, this could potentially be adapted to propose an equivalent AES/GCM cipher
encoding to how OpenSSH implements this ChaCha20-Poly1305 cipher.

This message was sent by Atlassian Jira

To unsubscribe, e-mail: dev-unsubscribe@mina.apache.org
For additional commands, e-mail: dev-help@mina.apache.org

View raw message