[
https://issues.apache.org/jira/browse/SSHD-946?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16951848#comment-16951848
]
Lyor Goldstein edited comment on SSHD-946 at 10/15/19 11:30 AM:
----------------------------------------------------------------
Succeeded - the (un-documented ?) behavior compatible with {{OpenSSH}} is that
the padding should not take into account the length field (4 bytes) when
encrypt-then-MAC mode is used. Inferred by looking at the _C_ code:
{code:c}
aadlen = (mac && mac->enabled && mac->etm) || authlen ? 4 : 0;
block_size = enc ? enc->block_size : 8;
if (aadlen) {
/* only the payload is encrypted */
need = state->packlen;
} else {
/*
* the payload size and the payload are encrypted, but we
* have a partial packet of block_size bytes
*/
need = 4 + state->packlen - block_size;
}
if (need % block_size != 0) {
logit("padding error: need %d block %d mod %d",
need, block_size, need % block_size);
return ssh_packet_start_discard(ssh, enc, mac, 0,
PACKET_MAX_SIZE - block_size);
}
{code}
was (Author: lgoldstein):
Succeeded - the (un-documented ?) behavior compatible with {{OpenSSH}} is that
the padding should not take into account the length field (4 bytes) when
encrypt-then-MAC mode is used.
> Supporting 'encrypt-then-MAC' mode
> ----------------------------------
>
> Key: SSHD-946
> URL: https://issues.apache.org/jira/browse/SSHD-946
> Project: MINA SSHD
> Issue Type: New Feature
> Reporter: Cornelis Hoeflake
> Assignee: Lyor Goldstein
> Priority: Major
>
> Hi, the current implementation uses by default '**encrypt-*and*-MAC' mode. Is
> it possible to change this (or at least made it possible) to
> 'encrypt-*then*-MAC'?
> Please see also:
> [https://crypto.stackexchange.com/questions/202/should-we-mac-then-encrypt-or-encrypt-then-mac]
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
