Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add support for Chacha wire encryption plugin [JDBC613] #644

Open
firebird-issue-importer opened this issue Mar 8, 2020 · 7 comments
Open

Add support for Chacha wire encryption plugin [JDBC613] #644

firebird-issue-importer opened this issue Mar 8, 2020 · 7 comments

Comments

@firebird-issue-importer
Copy link

@firebird-issue-importer firebird-issue-importer commented Mar 8, 2020

Submitted by: @mrotteveel

Firebird 4 adds support for the chacha wire encryption plugin. However, its implementation comes with the caveat that it doesn't implement the RFC-8439 variant of Chacha, but instead Firebird supports 128 bit and 256 bit keys, and given SRP produces 160 bit keys, will use the first 128 bits of that key. Java provides Chacha (RFC-8439 variant, requiring 256 bit keys) support since Java 11, so to support it in an earlier Java versions would require implementing a custom cipher (for example based on the BouncyCastle implementation).

Implementing a custom cipher would allow us to support both the 128 bit and 256 bit variant, but comes with the obvious overhead of having to implement crypto code in Jaybird.

@firebird-issue-importer
Copy link
Author

@firebird-issue-importer firebird-issue-importer commented Aug 12, 2020

Commented by: @mrotteveel

Since the 21st of April, Firebird will stretch (or reduce) the key to 256 bit using SHA-256, though it will reject keys shorter than 128 bits (16 bytes). The easy way out is to only support this in Java 11, or possibly allow or support selection of chacha from an alternative implementation like BouncyCastle.

@firebird-issue-importer
Copy link
Author

@firebird-issue-importer firebird-issue-importer commented Aug 12, 2020

Commented by: @mrotteveel

Planned support for 4.0.2 is tentative.

@firebird-issue-importer
Copy link
Author

@firebird-issue-importer firebird-issue-importer commented Aug 12, 2020

Modified by: @mrotteveel

Fix Version: Jaybird 4.0.2 [ 10950 ]

Fix Version: Jaybird 5 [ 10871 ]

@firebird-issue-importer
Copy link
Author

@firebird-issue-importer firebird-issue-importer commented Jan 17, 2021

Modified by: @mrotteveel

Fix Version: Jaybird 4.0.3 [ 10981 ]

Fix Version: Jaybird 4.0.2 [ 10950 ] =>

@firebird-issue-importer
Copy link
Author

@firebird-issue-importer firebird-issue-importer commented Jan 17, 2021

Commented by: @mrotteveel

Not done for 4.0.2, planned support for 4.0.3 is tentative.

@firebird-issue-importer
Copy link
Author

@firebird-issue-importer firebird-issue-importer commented Mar 20, 2021

Modified by: @mrotteveel

Fix Version: Jaybird 4.0.4 [ 10991 ]

Fix Version: Jaybird 4.0.3 [ 10981 ] =>

@firebird-issue-importer
Copy link
Author

@firebird-issue-importer firebird-issue-importer commented Mar 20, 2021

Commented by: @mrotteveel

Not done for 4.0.3, planned support for 4.0.4 is tentative.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
2 participants