[jira] [Commented] (SSHD-1017) Add support for chacha20-poly1305@openssh.com

Mon, 19 Oct 2020 10:10:14 -0700 


    [ 
https://issues.apache.org/jira/browse/SSHD-1017?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17216920#comment-17216920
 ] 

Matt Sicker commented on SSHD-1017:
-----------------------------------

Ha, indeed, the JDK cipher implementations are overly strict about how to use 
them. There are at least 10+ different papers on arxiv.org about misuses of 
Java crypto APIs in the wild, so I'd imagine that's an attempt to fix that. At 
least ChaCha20 is the easy part to do in pure Java (ChaCha20 was designed to be 
easy to implement correctly in software after all) if a mutable nonce counter 
is needed (you may have noticed how simple it is to update the counter in 
OpenSSL). The size of the counter in the nonce is really annoying since the 
choice was almost entirely arbitrary, hence the incompatibilities. As for 
reading the full 64-byte block, maybe that was one of the bugs I came across in 
my testing (or at least in some custom crypto code I was writing for a talk 
around the same time, that was a while ago).

That JSch fork might be super useful in Jenkins; we have a fork of Trilead 
there, but we have various things that use Apache SSH, Trilead SSH, and JSch.

As for the encrypted packet length question, I had initially proposed in the 
AES/GCM ticket to potentially make an AES/GCM extension that mirrored what 
OpenSSH did for encrypting the packet length. I think it's a neat idea.

> Add support for chacha20-poly1...@openssh.com
> ---------------------------------------------
>
>                 Key: SSHD-1017
>                 URL: https://issues.apache.org/jira/browse/SSHD-1017
>             Project: MINA SSHD
>          Issue Type: New Feature
>            Reporter: Matt Sicker
>            Priority: Major
>
> See [protocol 
> details|https://github.com/openbsd/src/blob/master/usr.bin/ssh/PROTOCOL.chacha20poly1305].
> * [RFC 7539|https://tools.ietf.org/html/rfc7539] describes the 
> ChaCha20-Poly1305 algorithm.
> * [Dropbear 
> implementation|https://github.com/mkj/dropbear/blob/master/chachapoly.c]
> * [OpenSSH 
> implementation|https://github.com/openbsd/src/blob/master/usr.bin/ssh/cipher-chachapoly-libcrypto.c]
> The cipher is provided by Bouncycastle.
> As a bonus, this could potentially be adapted to propose an equivalent 
> AES/GCM cipher encoding to how OpenSSH implements this ChaCha20-Poly1305 
> cipher.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org
For additional commands, e-mail: dev-h...@mina.apache.org

Reply via email to