[jira] [Comment Edited] (SSHD-946) Supporting 'encrypt-then-MAC' mode

[Lyor Goldstein (Jira)]

    [ 
https://issues.apache.org/jira/browse/SSHD-946?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16951848#comment-16951848
 ] 

Lyor Goldstein edited comment on SSHD-946 at 10/15/19 11:30 AM:
----------------------------------------------------------------

Succeeded - the (un-documented ?) behavior compatible with {{OpenSSH}} is that 
the padding should not take into account the length field (4 bytes) when 
encrypt-then-MAC mode is used. Inferred by looking at the _C_ code:

{code:c}
        aadlen = (mac && mac->enabled && mac->etm) || authlen ? 4 : 0;
        block_size = enc ? enc->block_size : 8;

        if (aadlen) {
                /* only the payload is encrypted */
                need = state->packlen;
        } else {
                /*
                 * the payload size and the payload are encrypted, but we
                 * have a partial packet of block_size bytes
                 */
                need = 4 + state->packlen - block_size;
        }

        if (need % block_size != 0) {
                logit("padding error: need %d block %d mod %d",
                    need, block_size, need % block_size);
                return ssh_packet_start_discard(ssh, enc, mac, 0,
                    PACKET_MAX_SIZE - block_size);
        }
{code}


was (Author: lgoldstein):
Succeeded - the (un-documented ?) behavior compatible with {{OpenSSH}} is that 
the padding should not take into account the length field (4 bytes) when 
encrypt-then-MAC mode is used.

> Supporting 'encrypt-then-MAC' mode
> ----------------------------------
>
>                 Key: SSHD-946
>                 URL: https://issues.apache.org/jira/browse/SSHD-946
>             Project: MINA SSHD
>          Issue Type: New Feature
>            Reporter: Cornelis Hoeflake
>            Assignee: Lyor Goldstein
>            Priority: Major
>
> Hi, the current implementation uses by default '**encrypt-*and*-MAC' mode. Is 
> it possible to change this (or at least made it possible) to 
> 'encrypt-*then*-MAC'?
> Please see also: 
> [https://crypto.stackexchange.com/questions/202/should-we-mac-then-encrypt-or-encrypt-then-mac]



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org
For additional commands, e-mail: dev-h...@mina.apache.org