[ https://issues.apache.org/jira/browse/SSHD-1017?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17220208#comment-17220208 ]
Matt Sicker commented on SSHD-1017: ----------------------------------- It seems like I've figured out how to implement this using BouncyCastle's Cipher and Mac implementations. The ChaCha part could potentially be adapted for use with the Java 11 API, but that engine seems stricter than the BouncyCastle one which seems to allow for some object reuse without mis-detecting it as IV-reuse. Since this only works with the BC provider, I'm unable to add it to the default ciphers list due to some test failures in modules without BC available (mostly errors of the 8 != 9 variety). I'll open a PR after I confirm the build still works. I've tested this with OpenSSH 8.4p1 on macOS so far which seemed to work fine. > Add support for chacha20-poly1...@openssh.com > --------------------------------------------- > > Key: SSHD-1017 > URL: https://issues.apache.org/jira/browse/SSHD-1017 > Project: MINA SSHD > Issue Type: New Feature > Reporter: Matt Sicker > Priority: Major > > See [protocol > details|https://github.com/openbsd/src/blob/master/usr.bin/ssh/PROTOCOL.chacha20poly1305]. > * [RFC 7539|https://tools.ietf.org/html/rfc7539] describes the > ChaCha20-Poly1305 algorithm. > * [Dropbear > implementation|https://github.com/mkj/dropbear/blob/master/chachapoly.c] > * [OpenSSH > implementation|https://github.com/openbsd/src/blob/master/usr.bin/ssh/cipher-chachapoly-libcrypto.c] > The cipher is provided by Bouncycastle. > As a bonus, this could potentially be adapted to propose an equivalent > AES/GCM cipher encoding to how OpenSSH implements this ChaCha20-Poly1305 > cipher. -- This message was sent by Atlassian Jira (v8.3.4#803005) --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org