-
Notifications
You must be signed in to change notification settings - Fork 353
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[SSHD-1017] Add support for chacha20-poly1305@openssh.com #176
Conversation
sshd-common/src/main/java/org/apache/sshd/common/cipher/BuiltinCiphers.java
Outdated
Show resolved
Hide resolved
sshd-common/src/main/java/org/apache/sshd/common/cipher/ChaChaCipher.java
Outdated
Show resolved
Hide resolved
sshd-common/src/test/java/org/apache/sshd/common/cipher/ChaChaCipherTest.java
Outdated
Show resolved
Hide resolved
sshd-common/src/test/java/org/apache/sshd/common/cipher/ChaChaCipherTest.java
Outdated
Show resolved
Hide resolved
sshd-core/src/main/java/org/apache/sshd/common/session/helpers/AbstractSession.java
Outdated
Show resolved
Hide resolved
@jvz What's the status of this PR ? We're planning a 2.7.0 release this week, so wondering if I should merge this PR in. |
sshd-core/src/main/java/org/apache/sshd/common/BaseBuilder.java
Outdated
Show resolved
Hide resolved
I'll need to revisit this PR. I've done a lot more cryptography work since then, and I probably have some simplifications now. 😁 |
I am not opposed to it, but I am reluctant to doing this - especially if it is a lot of code. In the case of bcrypt it was one class which IMO is acceptable. Also, as mentioned we preserved the copyright notice and also cleared it with the relevant legal teams (which we should do to every piece of code we import...) |
At least in the case of ChaCha, there is indeed an undeniably public domain base in the OpenSSH sources[1] (original at [2]), and Matt is an Apache member. So this should not be necessary; including Matt's own code based on a public domain implementation is straight-forward; much simpler than including someone else's ISC-licensed code as was the case with bcrypt. [1] https://github.com/openssh/openssh-portable/blob/master/chacha.c |
Like I said, I am not opposed to it, and if it is as you describe then even better - let's just make sure with the legal team that there is no issue here - from what you describe it should be pretty straightforward. |
Let me clarify the IP provenance then. I have two versions of ChaCha20 and Poly1305 in my O(1) Cryptography library. There's a Java port that I wrote based on DJB's papers about ChaCha and Salsa (which are themselves public domain and patent free) and the corresponding RFC that standardized it. There's also a C version that is copied from one of the linked implementations from https://cr.yp.to/chacha.html which is independent (and added much later). O1C is my library where I'm the only copyright holder other than some C code that's imported from elsewhere (the Java code is all pure Java, all done by reimplementing or porting public domain algorithms from other languages). Suffice to say, I've done due diligence in the library, and I can trivially relicense any parts right now since nobody else has contributed yet. |
I've ported in the code I mentioned earlier. Based on files from my other project (ISC licensed, but with my ICLA on file, this is dual-licensed here as Apache 2.0):
I tested this out interactively with OpenSSH_8.1p1, LibreSSL 2.7.3 on macOS 11.3.1. |
Also, I tested this with Java 15 (openjdk version "15.0.2" 2021-01-19) which was the latest JDK in Homebrew. |
I don't see why the CI build is failing. Works on my machine. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nice. Two little suggestions.
sshd-common/src/main/java/org/apache/sshd/common/cipher/ChaCha20Cipher.java
Outdated
Show resolved
Hide resolved
sshd-common/src/main/java/org/apache/sshd/common/mac/Poly1305Mac.java
Outdated
Show resolved
Hide resolved
Neither do I. Maybe just an unstable test? |
LoadTest is unstable for me locally. Didn't dig deep; my suspicion is that in that test the channel gets closed sometimes before all data has been written back to the client. |
That one hasn't failed for me locally, though I've seen the SFTP transfer test randomly hang once in a while. |
Add ChaCha20 and Poly1305 implementations. OpenSSH uses a pre-RFC variant of ChaCha20; Java 1.8 doesn't have these algorithms, and Java 11 does not expose the Poly1305 MAC engine.
Go ahead! |
d007106
to
e6e8807
Compare
CI build still unstable; problems with that Thanks a lot, Matt! |
This reverts commit e6e8807. The chacha20-poly1305 cipher implementation from PR 176[1] evidently causes KEX failures, at least with a ecdsa-sha2-nistp256 key/signature. See SSHD-1191.[2] [1] #176 [2] https://issues.apache.org/jira/browse/SSHD-1191
And it's in again. Chacha20-poly1305 has a block size of 8, and This chacha20-poly1305 implementation itself is perfectly fine. |
Oh good to hear that because I was never able to figure out why anything wasn't working. Since I started these PRs, I've switched jobs where we use TLS instead of SSH as the secure transport behind most things, so I'm already starting to forget the protocol details from SSH. :) |
This uses BouncyCastle due to OpenSSH using the non-RFC variant of ChaCha20 as well as having a direct implementation of Poly1305 (Java 11 does not expose the Poly1305 mac engine).
https://issues.apache.org/jira/browse/SSHD-1017
Some ideas on simplification adapted from mwiede/jsch#17