You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@mina.apache.org by "Lyor Goldstein (Jira)" <ji...@apache.org> on 2019/10/15 12:56:00 UTC

[jira] [Comment Edited] (SSHD-506) Add support for aes128/256-gcm ciphers

    [ https://issues.apache.org/jira/browse/SSHD-506?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16951882#comment-16951882 ] 

Lyor Goldstein edited comment on SSHD-506 at 10/15/19 12:55 PM:
----------------------------------------------------------------

* My understanding of the RFC is that the _AAD_ value to use for the cipher is the packet length.
* The problem seems to be with
{quote}
The authentication tag produced by AES-GCM authenticated encryption will be placed in the MAC field at the end of the secure shell binary packet.
{quote}
Not sure how to make sure this is done by the current Java code



was (Author: lgoldstein):
My understanding of the RFC is that the _AAD_ value to use for the cipher is the packet length.

> Add support for aes128/256-gcm ciphers
> --------------------------------------
>
>                 Key: SSHD-506
>                 URL: https://issues.apache.org/jira/browse/SSHD-506
>             Project: MINA SSHD
>          Issue Type: Improvement
>            Reporter: Lyor Goldstein
>            Priority: Minor
>
> See:
> * [rfc5647|https://tools.ietf.org/html/rfc5647]
> * [draft-igoe-secsh-aes-gcm-01|https://tools.ietf.org/html/draft-igoe-secsh-aes-gcm-01]
> * [OpenSSH v6.2|http://www.openssh.com/txt/release-6.2]
> * [JAVA AES 256 GCM encrypt/decrypt example|https://javainterviewpoint.com/java-aes-256-gcm-encryption-and-decryption/] - especially the usage of {{GCMParameterSpec}} to initialize the cipher
> * [OpenJDK 8 AESCipher.java source code|https://github.com/frohoff/jdk8u-dev-jdk/blob/master/src/share/classes/com/sun/crypto/provider/AESCipher.java]
> ** See also [CipherCore.java|https://github.com/frohoff/jdk8u-dev-jdk/blob/master/src/share/classes/com/sun/crypto/provider/CipherCore.java], [FeedbackCipher.java|https://github.com/frohoff/jdk8u-dev-jdk/blob/master/src/share/classes/com/sun/crypto/provider/FeedbackCipher.java], [GaloisCounterMode.java|https://github.com/frohoff/jdk8u-dev-jdk/blob/master/src/share/classes/com/sun/crypto/provider/GaloisCounterMode.java]



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@mina.apache.org
For additional commands, e-mail: dev-help@mina.apache.org