[ https://issues.apache.org/jira/browse/SSHD-1017?focusedWorklogId=596828&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-596828 ]
ASF GitHub Bot logged work on SSHD-1017: ---------------------------------------- Author: ASF GitHub Bot Created on: 14/May/21 18:33 Start Date: 14/May/21 18:33 Worklog Time Spent: 10m Work Description: jvz commented on a change in pull request #176: URL: https://github.com/apache/mina-sshd/pull/176#discussion_r632719666 ########## File path: sshd-core/src/main/java/org/apache/sshd/common/BaseBuilder.java ########## @@ -70,6 +70,7 @@ */ public static final List<BuiltinCiphers> DEFAULT_CIPHERS_PREFERENCE = Collections.unmodifiableList( Arrays.asList( + // BuiltinCiphers.cc20p1305_openssh, // TODO: enable by default when BouncyCastle available Review comment: The copy of ChaCha I'm thinking of is one I wrote in the first place based on the public domain reference implementation. However, if there's a clean way to simply require BouncyCastle to enable this cipher, then we can avoid any additional cipher code being copied. As I mentioned before, the main problem here is that OpenSSH decided to use a pre-standardized version of ChaCha20-Poly1305 which works slightly differently than the one bundled with Java 11+. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org Issue Time Tracking ------------------- Worklog Id: (was: 596828) Time Spent: 2h (was: 1h 50m) > Add support for chacha20-poly1...@openssh.com > --------------------------------------------- > > Key: SSHD-1017 > URL: https://issues.apache.org/jira/browse/SSHD-1017 > Project: MINA SSHD > Issue Type: New Feature > Reporter: Matt Sicker > Priority: Major > Time Spent: 2h > Remaining Estimate: 0h > > See [protocol > details|https://github.com/openbsd/src/blob/master/usr.bin/ssh/PROTOCOL.chacha20poly1305]. > * [RFC 7539|https://tools.ietf.org/html/rfc7539] describes the > ChaCha20-Poly1305 algorithm. > * [Dropbear > implementation|https://github.com/mkj/dropbear/blob/master/chachapoly.c] > * [OpenSSH > implementation|https://github.com/openbsd/src/blob/master/usr.bin/ssh/cipher-chachapoly-libcrypto.c] > The cipher is provided by Bouncycastle. > As a bonus, this could potentially be adapted to propose an equivalent > AES/GCM cipher encoding to how OpenSSH implements this ChaCha20-Poly1305 > cipher. -- This message was sent by Atlassian Jira (v8.3.4#803005) --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org