search

sshnet / SSH.NET

SSH.NET is a Secure Shell (SSH) library for .NET, optimized for parallelism.
MIT License
3.87k stars 915 forks source link

Add support for AEAD ChaCha20Poly1305 Cipher #1416

Open scott-xu opened 3 weeks ago

scott-xu commented 3 weeks ago

This PR adds support for chacha20-poly1305@openssh.com described in https://datatracker.ietf.org/doc/html/draft-josefsson-ssh-chacha20-poly1305-openssh-00

Resolves https://github.com/sshnet/SSH.NET/issues/1356

scott-xu commented 3 weeks ago

Note: It does not work currently. (That's why it is still in draft) The integration test fails and the server says "message authentication code incorrect"

output from server:

debug1: sshd version OpenSSH_8.9, OpenSSL 3.0.2 15 Mar 2022
debug1: private host key #0: ssh-rsa SHA256:i0kFdfQjSliPLw28b6R4VgUQJG9OasHV24TbSSeoysQ
debug1: private host key #1: ecdsa-sha2-nistp256 SHA256:BABbQ4XyDj1SwjEpqk1w4nmxxzHXcinwU7tp0GIlcmg
debug1: private host key #2: ssh-ed25519 SHA256:AKLEi6kJlwZgvCn/ngyN3JXiZLVJ+4GvwU0Lb4u5QsA
debug1: rexec_argv[0]='/usr/sbin/sshd'
debug1: rexec_argv[1]='-d'
debug1: rexec_argv[2]='-D'
debug1: Set /proc/self/oom_score_adj from 0 to -1000
debug1: Bind to port 22 on 0.0.0.0.
Server listening on 0.0.0.0 port 22.
debug1: Bind to port 22 on ::.
Server listening on :: port 22.
debug1: Server will not fork when running in debugging mode.
debug1: rexec start in 5 out 5 newsock 5 pipe -1 sock 8
debug1: sshd version OpenSSH_8.9, OpenSSL 3.0.2 15 Mar 2022
debug1: private host key #0: ssh-rsa SHA256:i0kFdfQjSliPLw28b6R4VgUQJG9OasHV24TbSSeoysQ
debug1: private host key #1: ecdsa-sha2-nistp256 SHA256:BABbQ4XyDj1SwjEpqk1w4nmxxzHXcinwU7tp0GIlcmg
debug1: private host key #2: ssh-ed25519 SHA256:AKLEi6kJlwZgvCn/ngyN3JXiZLVJ+4GvwU0Lb4u5QsA
debug1: inetd sockets after dupping: 3, 3
Connection from 127.0.0.1 port 33182 on 127.0.0.1 port 22 rdomain ""
debug1: Local version string SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.6
debug1: Remote protocol version 2.0, remote software version Renci.SshNet.SshClient.0.0.1
debug1: compat_banner: no match: Renci.SshNet.SshClient.0.0.1
debug1: permanently_set_uid: 108/65534 [preauth]
debug1: list_hostkey_types: rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519 [preauth]
debug1: SSH2_MSG_KEXINIT sent [preauth]
debug1: SSH2_MSG_KEXINIT received [preauth]
debug1: kex: algorithm: curve25519-sha256 [preauth]
debug1: kex: host key algorithm: ssh-ed25519 [preauth]
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none [preauth]
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none [preauth]
debug1: expecting SSH2_MSG_KEX_ECDH_INIT [preauth]
debug1: SSH2_MSG_KEX_ECDH_INIT received [preauth]
debug1: ssh_packet_send2_wrapped: resetting send seqnr 3 [preauth]
debug1: rekey out after 134217728 blocks [preauth]
debug1: SSH2_MSG_NEWKEYS sent [preauth]
debug1: expecting SSH2_MSG_NEWKEYS [preauth]
debug1: ssh_packet_read_poll2: resetting read seqnr 3 [preauth]
debug1: SSH2_MSG_NEWKEYS received [preauth]
debug1: rekey in after 134217728 blocks [preauth]
debug1: KEX done [preauth]
ssh_dispatch_run_fatal: Connection from 127.0.0.1 port 33182: message authentication code incorrect [preauth]
debug1: do_cleanup [preauth]
debug1: monitor_read_log: child log fd closed
debug1: do_cleanup
debug1: Killing privsep child 17109
debug1: audit_event: unhandled event 12
Rob-Hague commented 3 weeks ago

Another option would be to try it against the BC branch #1370

scott-xu commented 3 weeks ago

Another option would be to try it against the BC branch #1370

Yes, we can leverage BC if the final decision is to ref BC as the dependent nuget package. At current stage, since we've already had Poly1305 in Chao.Nacl, it is straightforward to just use it.