[ https://issues.apache.org/jira/browse/SSHD-1017?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17216920#comment-17216920 ]
Matt Sicker commented on SSHD-1017: ----------------------------------- Ha, indeed, the JDK cipher implementations are overly strict about how to use them. There are at least 10+ different papers on arxiv.org about misuses of Java crypto APIs in the wild, so I'd imagine that's an attempt to fix that. At least ChaCha20 is the easy part to do in pure Java (ChaCha20 was designed to be easy to implement correctly in software after all) if a mutable nonce counter is needed (you may have noticed how simple it is to update the counter in OpenSSL). The size of the counter in the nonce is really annoying since the choice was almost entirely arbitrary, hence the incompatibilities. As for reading the full 64-byte block, maybe that was one of the bugs I came across in my testing (or at least in some custom crypto code I was writing for a talk around the same time, that was a while ago). That JSch fork might be super useful in Jenkins; we have a fork of Trilead there, but we have various things that use Apache SSH, Trilead SSH, and JSch. As for the encrypted packet length question, I had initially proposed in the AES/GCM ticket to potentially make an AES/GCM extension that mirrored what OpenSSH did for encrypting the packet length. I think it's a neat idea. > Add support for chacha20-poly1...@openssh.com > --------------------------------------------- > > Key: SSHD-1017 > URL: https://issues.apache.org/jira/browse/SSHD-1017 > Project: MINA SSHD > Issue Type: New Feature > Reporter: Matt Sicker > Priority: Major > > See [protocol > details|https://github.com/openbsd/src/blob/master/usr.bin/ssh/PROTOCOL.chacha20poly1305]. > * [RFC 7539|https://tools.ietf.org/html/rfc7539] describes the > ChaCha20-Poly1305 algorithm. > * [Dropbear > implementation|https://github.com/mkj/dropbear/blob/master/chachapoly.c] > * [OpenSSH > implementation|https://github.com/openbsd/src/blob/master/usr.bin/ssh/cipher-chachapoly-libcrypto.c] > The cipher is provided by Bouncycastle. > As a bonus, this could potentially be adapted to propose an equivalent > AES/GCM cipher encoding to how OpenSSH implements this ChaCha20-Poly1305 > cipher. -- This message was sent by Atlassian Jira (v8.3.4#803005) --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org