[
https://issues.apache.org/jira/browse/SSHD-1017?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17151094#comment-17151094
]
Matt Sicker commented on SSHD-1017:
-----------------------------------
I took a closer look at the OpenSSH source code again today and discovered a
couple differences in their implementation compared to what I expected:
# The encrypted packet length is included in the Poly1305 input data.
# The RFC standard form of ChaCha20-Poly1305 includes the AAD length and
payload length in the Poly1305 input data, while the SSH form ignores the
implicit constant for the AAD length while using the encrypted payload length
in a different position in the Poly1305 input
Based on the difficulty in using the vaguely defined [protocol
docs|https://github.com/openbsd/src/blob/master/usr.bin/ssh/PROTOCOL.chacha20poly1305],
it seems like this could use an RFC at some point. I don't see any existing
ones in progress anywhere.
> Add support for [email protected]
> ---------------------------------------------
>
> Key: SSHD-1017
> URL: https://issues.apache.org/jira/browse/SSHD-1017
> Project: MINA SSHD
> Issue Type: New Feature
> Reporter: Matt Sicker
> Priority: Major
>
> See [protocol
> details|https://github.com/openbsd/src/blob/master/usr.bin/ssh/PROTOCOL.chacha20poly1305].
> * [RFC 7539|https://tools.ietf.org/html/rfc7539] describes the
> ChaCha20-Poly1305 algorithm.
> The cipher is available in Java 11 natively and is also provided by
> Bouncycastle with a pure Java implementation fallback.
> As a bonus, this could potentially be adapted to propose an equivalent
> AES/GCM cipher encoding to how OpenSSH implements this ChaCha20-Poly1305
> cipher.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
