Skip to content

Add support for AEAD AES 128/256 GCM Ciphers (.NET 6.0 onward only) #1369

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 31 commits into from
Apr 18, 2024
Merged

Add support for AEAD AES 128/256 GCM Ciphers (.NET 6.0 onward only) #1369

merged 31 commits into from
Apr 18, 2024

Conversation

scott-xu
Copy link
Collaborator

@scott-xu scott-xu commented Apr 4, 2024
edited by Rob-Hague
Loading

This PR adds support for [email protected] and [email protected] described in https://datatracker.ietf.org/doc/html/rfc5647

Resolves #792
Contributes to #1356
Resolves #774
Resolves #773
Resolves #555
Resolves #477
Resolves #994
Closes #877

Notes:

  1. This PR does not add support for [email protected] described in https://datatracker.ietf.org/doc/html/draft-josefsson-ssh-chacha20-poly1305-openssh-00 because it requires ChaCha20 to encrypt/decrypt the packet length field.
    The BCL adds support for ChaCha20Ploy1305 since .NET 6.0, but no standalone ChaCha20 till now (2024-04-04).
    At the beginning, I created a branch named as "aes-gcm-and-chacha20-poly1305" in my fork and created a PR Support AesGcm cipher #1364. Then when I realize there's no direct way to implement [email protected], I renamed the branch to aesgcm. The original PR is closed automatically after renaming. I have to create this new PR. Please refer the previous PR for review comment history. Thank @zybexXL @Rob-Hague for reviewing.
  2. The AES-GCM ciphers are inserted right after AES-CTR ciphers but before AES-CBC ciphers, which is kind of similar with OpenSSH: 
    debug2: ciphers ctos: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected]
debug2: ciphers stoc: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected]
    Although Dictionary's order is not defined, from observation, it is in the same order with add. Anyway that would be another topic, see Dictionary enumeration order is relied upon in ConnectionInfo despite being undefined behaviour #719

scott-xu added 13 commits March 27, 2024 21:35
@scott-xu
Init AeadCipher
8b5c819
@scott-xu
Move AeadCipher to parent folder. Move EncryptBlock/DecryptBlock from…
4d160ca 
… SymmetricCipher to BlockCipher
@scott-xu
simplify parameter name
7546a5a
@scott-xu
Implement AesGcmCipher
270fb96
@scott-xu
Merge branch 'develop' into aes-gcm-and-chacha20-poly1305
7a6b334
@scott-xu
Update README
1059b68
@scott-xu
Remove protected IV from AeadCipher; Set offset to outbound sequence …
fe26b65 
…just like other ciphers
@scott-xu
Rename associatedData to packetLengthField
1b92a6a
@scott-xu
Use Span<byte> to avoid unnecessary allocations
7377cbe
@scott-xu
Use Span to improve performance when IncrementCounter()
cdbe822
@scott-xu
Add IsAead property to CipherInfo. Include packet length field an…
65ad16a 
…d tag field in offset and length when call AesGcm's `Decrypt(...)` method. Do not determine HMAC if cipher is AesGcm during kex.
@scott-xu
Fix build
3336d3d
@scott-xu
Fix UT
37a16bf
@scott-xu scott-xu requested a review from Rob-Hague April 4, 2024 08:54
@scott-xu scott-xu self-assigned this Apr 4, 2024
@zybexXL zybexXL mentioned this pull request Apr 4, 2024
Closed
@Rob-Hague
Copy link
Collaborator

Generally it looks good to me but I'll take a closer look soon.

One thing is that S.S.C.AesGcm has an IsSupported property, but only on >=NET 6. It probably makes sense to be checking that. I would suggest guarding AES-GCM support on #if NET6_0_OR_GREATER in order to keep it simple there (i.e. drop the support for AES-GCM on netstandard2.1). That would also mean only including the cipher in the ConnectionInfo if it is supported.

(side note: if you don't want to close #1356, replace "fix" with a non-keyword e.g. "contributes to")

scott-xu added 2 commits April 4, 2024 20:17
@scott-xu
Check AesGcm.IsSupported before add to the Encryptions collection.
e727959 
Guard AES-GCM with `NET6_0_OR_GREATER`.
Insert AES-GCM ciphers right after AES-CTR ciphers but before AES-CBC ciphers, which is similar with OpenSSH:
```
debug2: ciphers ctos: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected]
debug2: ciphers stoc: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected]
```
Although Dictionary's order is not defined, from observation, it is in the same order with add. Anyway that would be another topic.
@scott-xu
Merge branch 'aesgcm' of https://github.com/scott-xu/SSH.NET into aesgcm
b0ccb0c
@scott-xu scott-xu changed the title Add support for AES 128/256 GCM Ciphers Add support for AEAD AES 128/256 GCM Ciphers Apr 4, 2024
scott-xu added 2 commits April 4, 2024 20:24
@scott-xu
Merge branch 'develop' into aesgcm
6bdbfc0
@scott-xu
Suppress CA1859 "Use concrete types when possible for improved perfor…
e8ed4a2 
…mance" for `ConnectionInfo.Encryptions`.

Test `Aes128Gcm` and `Aes256Gcm` only when `NET6_0_OR_GREATER`
@scott-xu scott-xu changed the title Add support for AEAD AES 128/256 GCM Ciphers Add support for AEAD AES 128/256 GCM Ciphers (.NET 6.0 onward) Apr 4, 2024
@scott-xu scott-xu changed the title Add support for AEAD AES 128/256 GCM Ciphers (.NET 6.0 onward) Add support for AEAD AES 128/256 GCM Ciphers (.NET 6.0 onward only) Apr 5, 2024
Rob-Hague
Rob-Hague reviewed Apr 6, 2024
View reviewed changes
@scott-xu scott-xu marked this pull request as draft April 8, 2024 00:26
@scott-xu scott-xu marked this pull request as ready for review April 8, 2024 04:03
Rob-Hague
Rob-Hague reviewed Apr 8, 2024
View reviewed changes
@scott-xu scott-xu marked this pull request as draft April 9, 2024 11:02
@scott-xu scott-xu marked this pull request as ready for review April 9, 2024 11:19
Rob-Hague
Rob-Hague approved these changes Apr 9, 2024
View reviewed changes
Copy link
Collaborator

@Rob-Hague Rob-Hague left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you

@safeerk safeerk mentioned this pull request Apr 15, 2024
Closed
@Rob-Hague Rob-Hague merged commit 3dc3fc8 into sshnet:develop Apr 18, 2024
@Rob-Hague
Copy link
Collaborator

fyi you can click this to see your PRs without needing to assign yourself:

image

@scott-xu scott-xu deleted the aesgcm branch April 18, 2024 22:02
@scott-xu
Copy link
Collaborator Author

Thanks

1 similar comment
@Dlyftservies
Copy link

Thanks

@scott-xu scott-xu mentioned this pull request May 26, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Rob-Hague Rob-Hague Rob-Hague approved these changes

@drieseng drieseng Awaiting requested review from drieseng drieseng is a code owner

@WojciechNagorski WojciechNagorski Awaiting requested review from WojciechNagorski WojciechNagorski is a code owner

+1 more reviewer

@jscarle jscarle jscarle left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

@scott-xu scott-xu

Labels

None yet

Projects

None yet

Milestone

No milestone

4 participants

@scott-xu @Rob-Hague @Dlyftservies @jscarle