search for: sshcipher

...rity of the cipher as it's implemented. Especially the > without-openssl internal implementation. This is what I'm playing with at the moment: diff --git a/cipher.c b/cipher.c index c7664a3..ec6fa4f 100644 --- a/cipher.c +++ b/cipher.c @@ -150,6 +150,39 @@ cipher_blocksize(const struct sshcipher *c) return (c->block_size); } +uint64_t +cipher_rekey_blocks(const struct sshcipher *c) +{ + /* + * Chacha20-Poly1305 does not benefit from data-based rekeying, + * per "The Security of ChaCha20-Poly1305 in the Multi-user Setting", + * Degabriele, J. P., Govinden, J, Gunther, F...

...rity of the cipher as it's implemented. Especially the > without-openssl internal implementation. This is what I'm playing with at the moment: diff --git a/cipher.c b/cipher.c index c7664a3..ec6fa4f 100644 --- a/cipher.c +++ b/cipher.c @@ -150,6 +150,39 @@ cipher_blocksize(const struct sshcipher *c) return (c->block_size); } +uint64_t +cipher_rekey_blocks(const struct sshcipher *c) +{ + /* + * Chacha20-Poly1305 does not benefit from data-based rekeying, + * per "The Security of ChaCha20-Poly1305 in the Multi-user Setting", + * Degabriele, J. P., Govinden, J, Gunther, F. and P...

...ally > the > > without-openssl internal implementation. > > This is what I'm playing with at the moment: > > diff --git a/cipher.c b/cipher.c > index c7664a3..ec6fa4f 100644 > --- a/cipher.c > +++ b/cipher.c > @@ -150,6 +150,39 @@ cipher_blocksize(const struct sshcipher *c) > return (c->block_size); > } > > +uint64_t > +cipher_rekey_blocks(const struct sshcipher *c) > +{ > + /* > + * Chacha20-Poly1305 does not benefit from data-based rekeying, > + * per "The Security of ChaCha20-Poly1305 in the Multi-user Setting", > + *...

I was wondering if there was something specific to the internal chacha20 cipher as opposed to OpenSSL implementation. I can't just change the block size because it breaks compatibility. I can do something like as a hack (though it would probably be better to do it with the compat function): if (strstr(enc->name, "chacha")) *max_blocks = (u_int64_t)1 << (16*2);

...cially > the > > without-openssl internal implementation. > > This is what I'm playing with at the moment: > > diff --git a/cipher.c b/cipher.c > index c7664a3..ec6fa4f 100644 > --- a/cipher.c > +++ b/cipher.c > @@ -150,6 +150,39 @@ cipher_blocksize(const struct sshcipher *c) > return (c->block_size); > } > > +uint64_t > +cipher_rekey_blocks(const struct sshcipher *c) > +{ > + /* > + * Chacha20-Poly1305 does not benefit from data-based rekeying, > + * per "The Security of ChaCha20-Poly1305 in the Multi-user Setting", > + *...

...a function); ... Signed-off-by: Hongxu Jia <hongxu.jia at windriver.com> --- cipher.c | 2 ++ configure.ac | 20 ++++++++++++++++++++ 2 files changed, 22 insertions(+) diff --git a/cipher.c b/cipher.c index c3cd5dc..41dacfb 100644 --- a/cipher.c +++ b/cipher.c @@ -82,7 +82,9 @@ struct sshcipher { static const struct sshcipher ciphers[] = { #ifdef WITH_OPENSSL +#ifdef OPENSSL_HAVE_DES { "3des-cbc", 8, 24, 0, 0, CFLAG_CBC, EVP_des_ede3_cbc }, +#endif { "aes128-cbc", 16, 16, 0, 0, CFLAG_CBC, EVP_aes_128_cbc }, { "aes192-cbc", 16, 24, 0, 0, CFLAG_CBC...

...gt;+ * Most other ciphers have a 128 bit blocksize, so this equates to > >+ * 2**32 blocks / 64GB data. > >+ */ > >+ return (uint64_t)1 << (c->block_size * 2); > > ? this get an upper bound? This is UB for 256-bit blocksizes > at least? block sizes in struct sshcipher are in bytes, not bits

On Thu, 30 Mar 2023, Damien Miller wrote: >> >+ return (uint64_t)1 << (c->block_size * 2); >> >> ? this get an upper bound? This is UB for 256-bit blocksizes >> at least? > >block sizes in struct sshcipher are in bytes, not bits Yes, exactly. 256 bit = 32 bytes; 32*2 = 64; (uint64_t)1 << 64 is UB. bye, //mirabilos -- Infrastrukturexperte ? tarent solutions GmbH Am Dickobskreuz 10, D-53121 Bonn ? http://www.tarent.de/ Telephon +49 228 54881-393 ? Fax: +49 228 54881-235 HRB AG Bonn 5168 ? USt...

...print "<HEAD><TITLE>Quick Test</TITLE></HEAD>"; $ENV{HOME} = "/var/www"; $ENV{USER} = "apache"; use Net::SSH::Perl; $sshhost='target'; $sshuser='cgissh'; $sshport='22'; $sshprotocol='2'; $sshdebug='1'; $sshcipher='3des-cbc'; $sshconn = Net::SSH::Perl->new($sshhost, protocol=>$sshprotocol, port=>$sshport, debug=>$sshdebug, cipher=>$sshcipher); $sshconn->login($sshuser); my($out,$err) = $sshconn->cmd('hostname'); print "<HTML>"; print "<BODY>&qu...

Hi Damien, >This is what I'm playing with at the moment: if you?re playing with this currently anyway, shouldn?t? >+ /* >+ * Otherwise, use the RFC4344 s3.2 recommendation of 2**(L/4) blocks >+ * before rekeying where L is the blocksize in bits. >+ * Most other ciphers have a 128 bit blocksize, so this equates to >+ * 2**32 blocks / 64GB data. >+ */ >+ return

https://bugzilla.mindrot.org/show_bug.cgi?id=2466 Bug ID: 2466 Summary: Cipher defines from opensslconf.h Product: Portable OpenSSH Version: 7.1p1 Hardware: All OS: Linux Status: NEW Severity: minor Priority: P5 Component: Miscellaneous Assignee: unassigned-bugs at mindrot.org

Hi, OpenSSH 7.2 is almost ready for release, so we would appreciate testing on as many platforms and systems as possible. This release contains many bugfixes and several new features. The OpenBSD version is available in CVS HEAD: http://www.openbsd.org/anoncvs.html Portable OpenSSH is available via Git at https://anongit.mindrot.org/openssh.git/ or via a mirror on Github at

...? ?static int ?private2_decrypt(struct sshbuf *decoded, const char *passphrase, -??? struct sshbuf **decryptedp, struct sshkey **pubkeyp) +??? struct sshbuf **decryptedp, struct sshkey **pubkeyp, struct sshkey_vault **vault_infop) ?{ ??? ?char *ciphername = NULL, *kdfname = NULL; ??? ?const struct sshcipher *cipher = NULL; @@ -4038,12 +4081,21 @@ private2_decrypt(struct sshbuf *decoded, const char *passphrase, ??? ?struct sshbuf *kdf = NULL, *decrypted = NULL; ??? ?struct sshcipher_ctx *ciphercontext = NULL; ??? ?struct sshkey *pubkey = NULL; +?? ?struct sshkey_vault *vault_info = NULL; ??? ?u_char *k...