[
https://issues.apache.org/jira/browse/SSHD-506?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17109564#comment-17109564
]
Matt Sicker commented on SSHD-506:
----------------------------------
Yup, it's not as simple an update as some of the other SSH RFCs. Thus, it has
taken longer than a day for a proof of concept (I still seem to have a few off
by 1-ish errors in my modifications right now), but I hope to figure it out
with some added logging to figure out what I'm doing wrong.
There is one particularly tricky design issue here with the Mina interface for
Cipher. In order to use GCM, we need to finalize and initialize the cipher at
the end of each packet. The other modes never finalize the cipher until a rekey
event takes place (which it still technically never calls {{doFinal}}), thus no
new IVs are ever needed until said rekey event. In GCM, we need to
re-initialize the cipher for each packet with the appropriate nonce/IV. Based
on my reading of the standard, what I think happens is that we use the agreed
upon IVs as our initial nonce, but then we overwrite the invocation counter
octets with the corresponding packet sequence number. Once I can get something
working in a unit test at least, I can then try it out with OpenSSH to verify
my assumptions.
> Add support for aes128/256-gcm ciphers
> --------------------------------------
>
> Key: SSHD-506
> URL: https://issues.apache.org/jira/browse/SSHD-506
> Project: MINA SSHD
> Issue Type: Improvement
> Reporter: Lyor Goldstein
> Priority: Major
>
> See:
> * [rfc5647|https://tools.ietf.org/html/rfc5647]
> *
> [draft-igoe-secsh-aes-gcm-01|https://tools.ietf.org/html/draft-igoe-secsh-aes-gcm-01]
> * [OpenSSH v6.2|http://www.openssh.com/txt/release-6.2]
> * [JAVA AES 256 GCM encrypt/decrypt
> example|https://javainterviewpoint.com/java-aes-256-gcm-encryption-and-decryption/]
> - especially the usage of {{GCMParameterSpec}} to initialize the cipher
> * [OpenJDK 8 AESCipher.java source
> code|https://github.com/frohoff/jdk8u-dev-jdk/blob/master/src/share/classes/com/sun/crypto/provider/AESCipher.java]
> ** See also
> [CipherCore.java|https://github.com/frohoff/jdk8u-dev-jdk/blob/master/src/share/classes/com/sun/crypto/provider/CipherCore.java],
>
> [FeedbackCipher.java|https://github.com/frohoff/jdk8u-dev-jdk/blob/master/src/share/classes/com/sun/crypto/provider/FeedbackCipher.java],
>
> [GaloisCounterMode.java|https://github.com/frohoff/jdk8u-dev-jdk/blob/master/src/share/classes/com/sun/crypto/provider/GaloisCounterMode.java]
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
