[jira] [Commented] (SSHD-506) Add support for aes128/256-gcm ciphers

Mon, 12 Oct 2020 13:16:52 -0700 


    [ 
https://issues.apache.org/jira/browse/SSHD-506?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17212645#comment-17212645
 ] 

Jeremy Norris commented on SSHD-506:
------------------------------------

I think there is a bug in how the invocation_counter part of the IV is 
incremented.

It appears that it is done by `Math.addExact(counter + 1L)`, but I believe it 
should simply be `counter + 1L`.

The counter is supposed to be a `uint64`, but `Math.addExact()` will throw an 
`ArithmeticException` if the counter hits `Long.MAX_VALUE`.

Since Java uses two's complement representation, letting the value overflow 
should achieve the desired behavior.

> Add support for aes128/256-gcm ciphers
> --------------------------------------
>
>                 Key: SSHD-506
>                 URL: https://issues.apache.org/jira/browse/SSHD-506
>             Project: MINA SSHD
>          Issue Type: Improvement
>            Reporter: Lyor Goldstein
>            Assignee: Lyor Goldstein
>            Priority: Major
>             Fix For: 2.6.0
>
>          Time Spent: 8h
>  Remaining Estimate: 0h
>
> See:
> * [rfc5647|https://tools.ietf.org/html/rfc5647]
> * 
> [draft-igoe-secsh-aes-gcm-01|https://tools.ietf.org/html/draft-igoe-secsh-aes-gcm-01]
> * [OpenSSH v6.2|http://www.openssh.com/txt/release-6.2]
> * [JAVA AES 256 GCM encrypt/decrypt 
> example|https://javainterviewpoint.com/java-aes-256-gcm-encryption-and-decryption/]
>  - especially the usage of {{GCMParameterSpec}} to initialize the cipher
> * [OpenJDK 8 AESCipher.java source 
> code|https://github.com/frohoff/jdk8u-dev-jdk/blob/master/src/share/classes/com/sun/crypto/provider/AESCipher.java]
> ** See also 
> [CipherCore.java|https://github.com/frohoff/jdk8u-dev-jdk/blob/master/src/share/classes/com/sun/crypto/provider/CipherCore.java],
>  
> [FeedbackCipher.java|https://github.com/frohoff/jdk8u-dev-jdk/blob/master/src/share/classes/com/sun/crypto/provider/FeedbackCipher.java],
>  
> [GaloisCounterMode.java|https://github.com/frohoff/jdk8u-dev-jdk/blob/master/src/share/classes/com/sun/crypto/provider/GaloisCounterMode.java]



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to