[jira] [Comment Edited] (SSHD-1017) Add support for chacha20-poly1305@openssh.com

Sat, 20 Jun 2020 14:57:51 -0700 


    [ 
https://issues.apache.org/jira/browse/SSHD-1017?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17141219#comment-17141219
 ] 

Matt Sicker edited comment on SSHD-1017 at 6/20/20, 9:56 PM:
-------------------------------------------------------------

Potential compatibility problem: it seems like OpenSSH is using the pre-AEAD 
version of ChaCha20-Poly1305 which is the old Poly1305-AES style of using the 
MAC. This uses a 64-bit counter and 64-bit nonce, while the version of ChaCha 
in Java and Bouncycastle uses the RFC 7539 form with a 96-bit nonce and a 
32-bit counter. Not sure if this is an issue in practice since the counter and 
nonce are subsequent regions in the engine state anyways (might just need to 
encode the nonce and counter weirdly).


was (Author: jvz):
Potential compatibility problem: it seems like OpenSSH is using the pre-AEAD 
version of ChaCha20-Poly1305 which is the old Poly1305-AES style of using the 
MAC. This uses a 64-bit counter and 64-bit nonce, while the version of ChaCha 
in Java and Bouncycastle uses the RFC 7539 form. Not sure if this is an issue 
in practice since the counter and nonce are subsequent regions in the engine 
state anyways (might just need to encode the nonce and counter weirdly).

> Add support for chacha20-poly1...@openssh.com
> ---------------------------------------------
>
>                 Key: SSHD-1017
>                 URL: https://issues.apache.org/jira/browse/SSHD-1017
>             Project: MINA SSHD
>          Issue Type: New Feature
>            Reporter: Matt Sicker
>            Priority: Major
>
> See [protocol 
> details|https://github.com/openbsd/src/blob/master/usr.bin/ssh/PROTOCOL.chacha20poly1305].
> * [RFC 7539|https://tools.ietf.org/html/rfc7539] describes the 
> ChaCha20-Poly1305 algorithm.
> The cipher is available in Java 11 natively and is also provided by 
> Bouncycastle with a pure Java implementation fallback.
> As a bonus, this could potentially be adapted to propose an equivalent 
> AES/GCM cipher encoding to how OpenSSH implements this ChaCha20-Poly1305 
> cipher.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org
For additional commands, e-mail: dev-h...@mina.apache.org

Reply via email to