[
https://issues.apache.org/jira/browse/SSHD-1017?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17220208#comment-17220208
]
Matt Sicker commented on SSHD-1017:
-----------------------------------
It seems like I've figured out how to implement this using BouncyCastle's
Cipher and Mac implementations. The ChaCha part could potentially be adapted
for use with the Java 11 API, but that engine seems stricter than the
BouncyCastle one which seems to allow for some object reuse without
mis-detecting it as IV-reuse.
Since this only works with the BC provider, I'm unable to add it to the default
ciphers list due to some test failures in modules without BC available (mostly
errors of the 8 != 9 variety). I'll open a PR after I confirm the build still
works. I've tested this with OpenSSH 8.4p1 on macOS so far which seemed to work
fine.
> Add support for chacha20-poly1...@openssh.com
> ---------------------------------------------
>
> Key: SSHD-1017
> URL: https://issues.apache.org/jira/browse/SSHD-1017
> Project: MINA SSHD
> Issue Type: New Feature
> Reporter: Matt Sicker
> Priority: Major
>
> See [protocol
> details|https://github.com/openbsd/src/blob/master/usr.bin/ssh/PROTOCOL.chacha20poly1305].
> * [RFC 7539|https://tools.ietf.org/html/rfc7539] describes the
> ChaCha20-Poly1305 algorithm.
> * [Dropbear
> implementation|https://github.com/mkj/dropbear/blob/master/chachapoly.c]
> * [OpenSSH
> implementation|https://github.com/openbsd/src/blob/master/usr.bin/ssh/cipher-chachapoly-libcrypto.c]
> The cipher is provided by Bouncycastle.
> As a bonus, this could potentially be adapted to propose an equivalent
> AES/GCM cipher encoding to how OpenSSH implements this ChaCha20-Poly1305
> cipher.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org
For additional commands, e-mail: dev-h...@mina.apache.org
