New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

AES support by Lance Kinley #10

Closed
wants to merge 20 commits into
base: master
from

Conversation

Projects
None yet
1 participant
@choroba
Contributor

choroba commented Jan 23, 2016

I used git magick to keep Lance's history.

choroba and others added some commits Jan 22, 2016

Add AES cipher support
aes128-ctr, aes192-ctr, aes256-ctr are all implemented
Requires Crypt::OpenSSL::AES module
Add Group 14 Diffie-Hellman Key Exchange
Add Group Exchange (RFC4523) Diffie-Hellman Key Exchange
(preferred DH method for security)
Default DH KEX order is now DHGEX256, DH14, DH1
Requires Digest::SHA2
Add hmac-sha2-256,hmac-sha2-512 MAC support
Default MAC order is now sha2-256, sha2-512, sha1, md5
Add Curve25519 (curve25519-sha256@libssh.org) Key Exchange support
  (Requires Crypt::Curve25519)
Add support for Ed25519 ssh/host keys (Requires Crypt::Ed25519)
Default KEX order is now Curve25519, DHGEXSHA256, DH14, DH1
Default MAC order is now sha2-512, sha2-256, sha1, md5
Now does not abort due to OpenSSH 6.8+ server SSH2_MSG_GLOBAL_REQUEST
  messages for host key rotation
Add hmac-sha2-256-etm@openssh.com, hmac-sha2-512-etm@openssh.com
  Encrypt-then-MAC (ETM) MAC support
Use BSD::arc4random for encrypted packet padding
Default MAC order is now hmac-sha2-512-etm@openssh.com,
  hmac-sha2-256-etm@openssh.com, sha2-512, sha2-256, sha1, md5
Fixes that allow test t/05-cipher.t to pass with AES CTR ciphers
Minor fixes for Ed25519 key
Update README
Add Chacha20-Poly1305 cipher support for best security
(Requires Crypt::OpenSSH::ChachaPoly, see README)
Default ciphers order is now chacha,aes,3des,blowfish,arcfour
Make Crypt::OpenBSD::Blowfish the preferred Blowfish cipher module
(Required for encrypted Ed25519 keys anyway)
Add diffie-hellman-group-exchange-sha1 Kex support
(RHEL5/OpenSSH 4.3 does not support diffie-hellman-group-exchange-sha256)
Change wanted bits from 2048 to 4096 in DH Group Exchange to match OpenSSH
Replace Digest::SHA1, Digest::SHA2, and Digest::HMAC_SHA1 with Digest::SHA

@choroba choroba closed this Jan 23, 2016

@choroba choroba deleted the choroba:rt110379-aes branch Jan 23, 2016

@choroba

This comment has been minimized.

Show comment
Hide comment
@choroba

choroba Jan 23, 2016

Contributor

I'll try again without conflicts

Contributor

choroba commented Jan 23, 2016

I'll try again without conflicts

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment