Add support for AEAD AES 128/256 GCM Ciphers (.NET 6.0 onward only) #1369
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
… SymmetricCipher to BlockCipher
…just like other ciphers
…d tag field in offset and length when call AesGcm's `Decrypt(...)` method. Do not determine HMAC if cipher is AesGcm during kex.
Closed
|
Generally it looks good to me but I'll take a closer look soon. One thing is that (side note: if you don't want to close #1356, replace "fix" with a non-keyword e.g. "contributes to") |
Guard AES-GCM with `NET6_0_OR_GREATER`. Insert AES-GCM ciphers right after AES-CTR ciphers but before AES-CBC ciphers, which is similar with OpenSSH: ``` debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com ``` Although Dictionary's order is not defined, from observation, it is in the same order with add. Anyway that would be another topic.
scott-xu
changed the title
…mance" for `ConnectionInfo.Encryptions`. Test `Aes128Gcm` and `Aes256Gcm` only when `NET6_0_OR_GREATER`
scott-xu
changed the title
scott-xu
changed the title
Rob-Hague
reviewed
Apr 6, 2024
Rob-Hague
reviewed
Apr 8, 2024
Rob-Hague
reviewed
Apr 8, 2024
… the packet length and the size it 4.
Co-authored-by: Rob Hague <rob.hague00@gmail.com>
Assert offset when decrypt.
|
fyi you can click this to see your PRs without needing to assign yourself:
|
|
Thanks |
1 similar comment
|
Thanks |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR adds support for aes128-gcm@openssh.com and aes256-gcm@openssh.com described in https://datatracker.ietf.org/doc/html/rfc5647
Resolves #792
Contributes to #1356
Resolves #774
Resolves #773
Resolves #555
Resolves #477
Resolves #994
Closes #877
Notes:
ChaCha20to encrypt/decrypt the packet length field.The BCL adds support for ChaCha20Ploy1305 since .NET 6.0, but no standalone
ChaCha20till now (2024-04-04).At the beginning, I created a branch named as "aes-gcm-and-chacha20-poly1305" in my fork and created a PR Support AesGcm cipher #1364. Then when I realize there's no direct way to implement chacha20-poly1305@openssh.com, I renamed the branch to aesgcm. The original PR is closed automatically after renaming. I have to create this new PR. Please refer the previous PR for review comment history. Thank @zybexXL @Rob-Hague for reviewing.
Dictionary's order is not defined, from observation, it is in the same order with add. Anyway that would be another topic, see Dictionary enumeration order is relied upon in ConnectionInfo despite being undefined behaviour #719