You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@mina.apache.org by lg...@apache.org on 2020/10/17 15:16:08 UTC

[mina-sshd] branch master updated (e021a6f -> c110ff8)

This is an automated email from the ASF dual-hosted git repository.

lgoldstein pushed a change to branch master
in repository https://gitbox.apache.org/repos/asf/mina-sshd.git.


    from e021a6f  [SSHD-954] Improve validation of DH public key values
     new bec3884  [SSHD-506] Fix incrementing the invocation_counter part of the IV used in GCM cipher.
     new c110ff8  [SSHD-506] Guard against GCM IV reuse.

The 2 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.


Summary of changes:
 .../main/java/org/apache/sshd/common/cipher/BaseGCMCipher.java    | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

[mina-sshd] 02/02: [SSHD-506] Guard against GCM IV reuse.

Posted by lg...@apache.org.

This is an automated email from the ASF dual-hosted git repository.

lgoldstein pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/mina-sshd.git

commit c110ff837e1fcb638d76b38349216ab67fb2160e
Author: Jeremy Norris <je...@localbackhaul.com>
AuthorDate: Mon Oct 12 15:34:32 2020 -0500

    [SSHD-506] Guard against GCM IV reuse.
---
 .../main/java/org/apache/sshd/common/cipher/BaseGCMCipher.java    | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/sshd-common/src/main/java/org/apache/sshd/common/cipher/BaseGCMCipher.java b/sshd-common/src/main/java/org/apache/sshd/common/cipher/BaseGCMCipher.java
index 5e43336..d1b3191 100644
--- a/sshd-common/src/main/java/org/apache/sshd/common/cipher/BaseGCMCipher.java
+++ b/sshd-common/src/main/java/org/apache/sshd/common/cipher/BaseGCMCipher.java
@@ -78,6 +78,7 @@ public class BaseGCMCipher extends BaseCipher {
      */
     protected static class CounterGCMParameterSpec extends GCMParameterSpec {
         protected final byte[] iv;
+        protected final long initialCounter;
 
         protected CounterGCMParameterSpec(int tLen, byte[] src) {
             super(tLen, src);
@@ -85,12 +86,17 @@ public class BaseGCMCipher extends BaseCipher {
                 throw new IllegalArgumentException("GCM nonce must be 12 bytes, but given len=" + src.length);
             }
             iv = src.clone();
+            initialCounter = BufferUtils.getLong(iv, iv.length - Long.BYTES, Long.BYTES);
         }
 
         protected void incrementCounter() {
             int off = iv.length - Long.BYTES;
             long counter = BufferUtils.getLong(iv, off, Long.BYTES);
-            BufferUtils.putLong(counter + 1L, iv, off, Long.BYTES);
+            long newCounter = counter + 1L;
+            if (newCounter == initialCounter) {
+                throw new IllegalStateException("GCM IV would be reused");
+            }
+            BufferUtils.putLong(newCounter, iv, off, Long.BYTES);
         }
 
         @Override

[mina-sshd] 01/02: [SSHD-506] Fix incrementing the invocation_counter part of the IV used in GCM cipher.

Posted by lg...@apache.org.

This is an automated email from the ASF dual-hosted git repository.

lgoldstein pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/mina-sshd.git

commit bec3884c2a41b999106bbd2842359422ff15154e
Author: Jeremy Norris <je...@localbackhaul.com>
AuthorDate: Mon Oct 12 15:15:57 2020 -0500

    [SSHD-506] Fix incrementing the invocation_counter part of the IV used in GCM cipher.
    
    Since the invocation_counter part of the IV is treated as a uint64,
    guarding against overflow by using Math.addExact() would incorrectly
    throw an ArithmeticException when it hits Long.MAX_VALUE.
---
 .../src/main/java/org/apache/sshd/common/cipher/BaseGCMCipher.java      | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/sshd-common/src/main/java/org/apache/sshd/common/cipher/BaseGCMCipher.java b/sshd-common/src/main/java/org/apache/sshd/common/cipher/BaseGCMCipher.java
index c73cf32..5e43336 100644
--- a/sshd-common/src/main/java/org/apache/sshd/common/cipher/BaseGCMCipher.java
+++ b/sshd-common/src/main/java/org/apache/sshd/common/cipher/BaseGCMCipher.java
@@ -90,7 +90,7 @@ public class BaseGCMCipher extends BaseCipher {
         protected void incrementCounter() {
             int off = iv.length - Long.BYTES;
             long counter = BufferUtils.getLong(iv, off, Long.BYTES);
-            BufferUtils.putLong(Math.addExact(counter, 1L), iv, off, Long.BYTES);
+            BufferUtils.putLong(counter + 1L, iv, off, Long.BYTES);
         }
 
         @Override