Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support ETM (Encrypt-then-MAC) variants for HMAC #1316

Merged
merged 11 commits into from
Feb 16, 2024
Merged

Support ETM (Encrypt-then-MAC) variants for HMAC #1316

merged 11 commits into from
Feb 16, 2024

Conversation

scott-xu
Copy link
Collaborator

@scott-xu scott-xu commented Feb 12, 2024
edited by Rob-Hague
Loading

@scott-xu
Copy link
Collaborator Author

Would you mind giving a try for this PR?
Note: it is written without testing at this moment. Feel free to improve the PR if you want.
@PashCracken @SkymaX86 @robert-scheck @alef75 @Jedrzej94 @Ph43n0m @AliceTJ

@Rob-Hague
Copy link
Collaborator

Nice. Testing should be straightforward:

diff --git a/test/Renci.SshNet.IntegrationTests/HmacTests.cs b/test/Renci.SshNet.IntegrationTests/HmacTests.cs
index 993e5ec98..e5057248c 100644
--- a/test/Renci.SshNet.IntegrationTests/HmacTests.cs
+++ b/test/Renci.SshNet.IntegrationTests/HmacTests.cs
@@ -58,6 +58,24 @@ public void HmacSha2_512()
             DoTest(MessageAuthenticationCodeAlgorithm.HmacSha2_512);
         }
 
+        [TestMethod]
+        public void HmacSha1Etm()
+        {
+            DoTest(MessageAuthenticationCodeAlgorithm.HmacSha1Etm);
+        }
+
+        [TestMethod]
+        public void HmacSha2_256_Etm()
+        {
+            DoTest(MessageAuthenticationCodeAlgorithm.HmacSha2_256_Etm);
+        }
+
+        [TestMethod]
+        public void HmacSha2_512_Etm()
+        {
+            DoTest(MessageAuthenticationCodeAlgorithm.HmacSha2_512_Etm);
+        }
+
         private void DoTest(MessageAuthenticationCodeAlgorithm macAlgorithm)
         {
             _remoteSshdConfig.ClearMessageAuthenticationCodeAlgorithms()

@scott-xu
Copy link
Collaborator Author

Do we want to support HmacSha1Etm? IMHO, HmacSha2_256_Etm and HmacSha2_512_Etm is sufficient (and secure). @Rob-Hague

@scott-xu scott-xu marked this pull request as ready for review February 13, 2024 00:11
@Rob-Hague
Copy link
Collaborator

I think we might as well, while we still have hmac-sha1

@Rob-Hague
Copy link
Collaborator

Looks good to me otherwise

WojciechNagorski
WojciechNagorski reviewed Feb 13, 2024
View reviewed changes
src/Renci.SshNet/HashInfo.cs Outdated Show resolved Hide resolved
src/Renci.SshNet/Security/Cryptography/HMAC.cs Outdated Show resolved Hide resolved
@WojciechNagorski
Copy link
Collaborator

If it weren't a breaking change, I would approve it. I need some time to think it over and check it out.

@Rob-Hague any idea?

@Rob-Hague
Copy link
Collaborator

Yes I think we should go with the bool property on HashInfo and change IKeyExchange.CreateServerHash() from HashAlgorithm CreateServerHash() to HashAlgorithm CreateServerHash(out bool isEncryptThenMac). I don't see the problem with that.

@scott-xu
Copy link
Collaborator Author

Sorry I don't understand why you against HMAC so much.

The HashAlgorithm CreateServerHash(out bool isEncryptThenMac) is a break change anyway.

Shouldn't we focus on the implementation details of ETM? That's the main purpose of this PR.

@scott-xu
Copy link
Collaborator Author

I know everyone else's code always smells, but enough is enough - this is a collaboration, not a competition.

-- @zybexXL

@Rob-Hague
Copy link
Collaborator

I think we've made it pretty clear that it's an unnecessary breaking change

IKeyExchange takes a break either way. That's fine: it's in the internals of the library and less likely to affect anyone.

Breaking HashInfo does not need to happen. It is much closer to the common API that people use.

You said you had already gone in this direction in an earlier iteration. I've not seen any reason to stray from that.

Shouldn't we focus on the implementation details of ETM? That's the main purpose of this PR.

I've checked the details. They look good.

@scott-xu
Copy link
Collaborator Author

I've already explained why I abandoned the first iteration. I don't think HashInfo is widely used externally just like you believe IKeyExchange is not widely used externally.

@scott-xu
Copy link
Collaborator Author

To get the ball roll, someone has to compromise. Let me update the PR.

@scott-xu scott-xu marked this pull request as draft February 16, 2024 10:00
@scott-xu
Store ETM in HashInfo;
2d991cc 
Change `HMAC Create[...]Hash()` to `HashAlgorithm Create[...]Hash(out bool isEncryptThenMAC)`
@scott-xu scott-xu marked this pull request as ready for review February 16, 2024 10:48
Rob-Hague
Rob-Hague approved these changes Feb 16, 2024
View reviewed changes
Copy link
Collaborator

@Rob-Hague Rob-Hague left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for making the change. It looks great to me. Another big pain point of the library bites the dust 🙂

Perhaps you could update the description to close a bunch of issues

@scott-xu
Copy link
Collaborator Author

Thanks for making the change. It looks great to me. Another big pain point of the library bites the dust 🙂

Perhaps you could update the description to close a bunch of issues

The description has had the format to close the 2 related issues. Are there more?

@Rob-Hague
Copy link
Collaborator

Rob-Hague commented Feb 16, 2024
edited
Loading

Only one more as it turned out, I thought there were a lot more. I've updated the description

@scott-xu scott-xu self-assigned this Feb 16, 2024
@Rob-Hague Rob-Hague mentioned this pull request Feb 16, 2024
Closed
@WojciechNagorski WojciechNagorski merged commit 7cfe62b into sshnet:develop Feb 16, 2024
1 check passed
@WojciechNagorski
Copy link
Collaborator

@scott-xu thanks!

@scott-xu
Copy link
Collaborator Author

Cheers!

@scott-xu scott-xu deleted the etm branch February 16, 2024 12:41
@WojciechNagorski WojciechNagorski added this to the 2024.0.0 milestone Feb 22, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Rob-Hague Rob-Hague Rob-Hague approved these changes

@WojciechNagorski WojciechNagorski WojciechNagorski approved these changes

@drieseng drieseng Awaiting requested review from drieseng drieseng is a code owner

Assignees

@scott-xu scott-xu

Labels
None yet
Projects
None yet
Milestone
2024.0.0
3 participants
@scott-xu @Rob-Hague @WojciechNagorski