[JSch-users] ciphers in CTR mode
Status: Alpha
Brought to you by:
ymnk
Menu
▾
▴
[JSch-users] ciphers in CTR mode
|
From: <ym...@jc...> - 2008-11-19 08:16:45
|
Hi,
You may have heard about "Plaintext Recovery Attack Against SSH"[1].
According to that issue,
"A
design flaw in the SSH specification allows an attacker with control
over the network to recover up to 32 bits of plaintext from an
SSH-protected connection in the standard configuration. The success
probability in recovering 32 plaintext bits is 2^{-18} when attacking
the OpenSSH implementation of the SSH RFCs. A variant of the attack
against the OpenSSH implementation verifiably recovers 14 plaintext bits with
probability 2^{-14}. The recovered bits come from an arbitrary,
attacker-selected block of ciphertext. The success probabilities for
other implementations are unknown (but are potentially much higher)."
As for the solution, that advisory has recommend to use ciphers in
"stateful-decryption counter"(SDCTR or CTR) mode in stead of in CBC mode.
Here is a patch to add the support for
"aes128-ctr,aes192-ctr,aes256-ctr,3des-ctr"[2]
and enable to chose some of them in establishing the session by the default
if they are available.
This patch depends on the CTR support in JCE(Java Cryptography Extension),
and Sun's J2SE 1.4.2(and the later) have supported it.
[1] http://www.cpni.gov.uk/Docs/Vulnerability_Advisory_SSH.txt
[2] http://tools.ietf.org/html/rfc4344
Sincerely,
--
Atsuhiko Yamanaka
JCraft,Inc.
1-14-20 HONCHO AOBA-KU,
SENDAI, MIYAGI 980-0014 Japan.
Tel +81-22-723-2150
+1-415-578-3454
Fax +81-22-224-8773
Skype callto://jcraft/
--------------------------------------------------------
diff -Naur jsch-0.1.40/src/com/jcraft/jsch/JSch.java jsch-0.1.41/src/com/jcraft/jsch/JSch.java
--- jsch-0.1.40/src/com/jcraft/jsch/JSch.java Fri Sep 26 08:56:08 2008
+++ jsch-0.1.41/src/com/jcraft/jsch/JSch.java Mon Nov 17 21:58:24 2008
@@ -41,9 +41,9 @@
// config.put("server_host_key", "ssh-dss,ssh-rsa");
config.put("cipher.s2c",
- "aes128-cbc,3des-cbc,blowfish-cbc,aes192-cbc,aes256-cbc");
+ "aes128-ctr,aes128-cbc,3des-ctr,3des-cbc,blowfish-cbc,aes192-cbc,aes256-cbc");
config.put("cipher.c2s",
- "aes128-cbc,3des-cbc,blowfish-cbc,aes192-cbc,aes256-cbc");
+ "aes128-ctr,aes128-cbc,3des-ctr,3des-cbc,blowfish-cbc,aes192-cbc,aes256-cbc");
config.put("mac.s2c", "hmac-md5,hmac-sha1,hmac-sha1-96,hmac-md5-96");
config.put("mac.c2s", "hmac-md5,hmac-sha1,hmac-sha1-96,hmac-md5-96");
@@ -82,8 +82,11 @@
config.put("aes128-cbc", "com.jcraft.jsch.jce.AES128CBC");
config.put("aes192-cbc", "com.jcraft.jsch.jce.AES192CBC");
config.put("aes256-cbc", "com.jcraft.jsch.jce.AES256CBC");
-// config.put("cipher.s2c", "aes128-cbc,3des-cbc,blowfish-cbc");
-// config.put("cipher.c2s", "aes128-cbc,3des-cbc,blowfish-cbc");
+
+ config.put("aes128-ctr", "com.jcraft.jsch.jce.AES128CTR");
+ config.put("aes192-ctr", "com.jcraft.jsch.jce.AES192CTR");
+ config.put("aes256-ctr", "com.jcraft.jsch.jce.AES256CTR");
+ config.put("3des-ctr", "com.jcraft.jsch.jce.TripleDESCTR");
config.put("userauth.none", "com.jcraft.jsch.UserAuthNone");
config.put("userauth.password", "com.jcraft.jsch.UserAuthPassword");
@@ -100,7 +103,7 @@
//config.put("HashKnownHosts", "yes");
config.put("PreferredAuthentications", "gssapi-with-mic,publickey,keyboard-interactive,password");
- config.put("CheckCiphers", "aes256-cbc,aes192-cbc,aes128-cbc");
+ config.put("CheckCiphers", "aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-ctr");
}
java.util.Vector pool=new java.util.Vector();
java.util.Vector identities=new java.util.Vector();
diff -Naur jsch-0.1.40/src/com/jcraft/jsch/Session.java jsch-0.1.41/src/com/jcraft/jsch/Session.java
--- jsch-0.1.40/src/com/jcraft/jsch/Session.java Fri Sep 26 09:00:48 2008
+++ jsch-0.1.41/src/com/jcraft/jsch/Session.java Tue Nov 18 20:06:32 2008
@@ -1858,14 +1858,7 @@
java.util.Vector result=new java.util.Vector();
String[] _ciphers=Util.split(ciphers, ",");
for(int i=0; i<_ciphers.length; i++){
- try{
- Class c=Class.forName(getConfig(_ciphers[i]));
- Cipher _c=(Cipher)(c.newInstance());
- _c.init(Cipher.ENCRYPT_MODE,
- new byte[_c.getBlockSize()],
- new byte[_c.getIVSize()]);
- }
- catch(Exception e){
+ if(!checkCipher(getConfig(_ciphers[i]))){
result.addElement(_ciphers[i]);
}
}
@@ -1883,4 +1876,18 @@
return foo;
}
+
+ static boolean checkCipher(String cipher){
+ try{
+ Class c=Class.forName(cipher);
+ Cipher _c=(Cipher)(c.newInstance());
+ _c.init(Cipher.ENCRYPT_MODE,
+ new byte[_c.getBlockSize()],
+ new byte[_c.getIVSize()]);
+ return true;
+ }
+ catch(Exception e){
+ return false;
+ }
+ }
}
diff -Naur jsch-0.1.40/src/com/jcraft/jsch/jce/AES128CTR.java jsch-0.1.41/src/com/jcraft/jsch/jce/AES128CTR.java
--- jsch-0.1.40/src/com/jcraft/jsch/jce/AES128CTR.java Thu Jan 1 00:00:00 1970
+++ jsch-0.1.41/src/com/jcraft/jsch/jce/AES128CTR.java Mon Nov 17 21:56:11 2008
@@ -0,0 +1,71 @@
+/* -*-mode:java; c-basic-offset:2; indent-tabs-mode:nil -*- */
+/*
+Copyright (c) 2005-2008 ymnk, JCraft,Inc. All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in
+ the documentation and/or other materials provided with the distribution.
+
+ 3. The names of the authors may not be used to endorse or promote products
+ derived from this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED WARRANTIES,
+INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND
+FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL JCRAFT,
+INC. OR ANY CONTRIBUTORS TO THIS SOFTWARE BE LIABLE FOR ANY DIRECT, INDIRECT,
+INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA,
+OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
+EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+*/
+
+package com.jcraft.jsch.jce;
+
+import com.jcraft.jsch.Cipher;
+import javax.crypto.spec.*;
+
+public class AES128CTR implements Cipher{
+ private static final int ivsize=16;
+ private static final int bsize=16;
+ private javax.crypto.Cipher cipher;
+ public int getIVSize(){return ivsize;}
+ public int getBlockSize(){return bsize;}
+ public void init(int mode, byte[] key, byte[] iv) throws Exception{
+ String pad="NoPadding";
+ byte[] tmp;
+ if(iv.length>ivsize){
+ tmp=new byte[ivsize];
+ System.arraycopy(iv, 0, tmp, 0, tmp.length);
+ iv=tmp;
+ }
+ if(key.length>bsize){
+ tmp=new byte[bsize];
+ System.arraycopy(key, 0, tmp, 0, tmp.length);
+ key=tmp;
+ }
+
+ try{
+ SecretKeySpec keyspec=new SecretKeySpec(key, "AES");
+ cipher=javax.crypto.Cipher.getInstance("AES/CTR/"+pad);
+ cipher.init((mode==ENCRYPT_MODE?
+ javax.crypto.Cipher.ENCRYPT_MODE:
+ javax.crypto.Cipher.DECRYPT_MODE),
+ keyspec, new IvParameterSpec(iv));
+ }
+ catch(Exception e){
+ cipher=null;
+ throw e;
+ }
+ }
+ public void update(byte[] foo, int s1, int len, byte[] bar, int s2) throws Exception{
+ cipher.update(foo, s1, len, bar, s2);
+ }
+}
diff -Naur jsch-0.1.40/src/com/jcraft/jsch/jce/AES192CTR.java jsch-0.1.41/src/com/jcraft/jsch/jce/AES192CTR.java
--- jsch-0.1.40/src/com/jcraft/jsch/jce/AES192CTR.java Thu Jan 1 00:00:00 1970
+++ jsch-0.1.41/src/com/jcraft/jsch/jce/AES192CTR.java Mon Nov 17 21:56:11 2008
@@ -0,0 +1,70 @@
+/* -*-mode:java; c-basic-offset:2; indent-tabs-mode:nil -*- */
+/*
+Copyright (c) 2005-2008 ymnk, JCraft,Inc. All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in
+ the documentation and/or other materials provided with the distribution.
+
+ 3. The names of the authors may not be used to endorse or promote products
+ derived from this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED WARRANTIES,
+INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND
+FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL JCRAFT,
+INC. OR ANY CONTRIBUTORS TO THIS SOFTWARE BE LIABLE FOR ANY DIRECT, INDIRECT,
+INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA,
+OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
+EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+*/
+
+package com.jcraft.jsch.jce;
+
+import com.jcraft.jsch.Cipher;
+import javax.crypto.spec.*;
+
+public class AES192CTR implements Cipher{
+ private static final int ivsize=16;
+ private static final int bsize=24;
+ private javax.crypto.Cipher cipher;
+ public int getIVSize(){return ivsize;}
+ public int getBlockSize(){return bsize;}
+ public void init(int mode, byte[] key, byte[] iv) throws Exception{
+ String pad="NoPadding";
+ byte[] tmp;
+ if(iv.length>ivsize){
+ tmp=new byte[ivsize];
+ System.arraycopy(iv, 0, tmp, 0, tmp.length);
+ iv=tmp;
+ }
+ if(key.length>bsize){
+ tmp=new byte[bsize];
+ System.arraycopy(key, 0, tmp, 0, tmp.length);
+ key=tmp;
+ }
+ try{
+ SecretKeySpec keyspec=new SecretKeySpec(key, "AES");
+ cipher=javax.crypto.Cipher.getInstance("AES/CTR/"+pad);
+ cipher.init((mode==ENCRYPT_MODE?
+ javax.crypto.Cipher.ENCRYPT_MODE:
+ javax.crypto.Cipher.DECRYPT_MODE),
+ keyspec, new IvParameterSpec(iv));
+ }
+ catch(Exception e){
+ cipher=null;
+ throw e;
+ }
+ }
+ public void update(byte[] foo, int s1, int len, byte[] bar, int s2) throws Exception{
+ cipher.update(foo, s1, len, bar, s2);
+ }
+}
diff -Naur jsch-0.1.40/src/com/jcraft/jsch/jce/AES256CTR.java jsch-0.1.41/src/com/jcraft/jsch/jce/AES256CTR.java
--- jsch-0.1.40/src/com/jcraft/jsch/jce/AES256CTR.java Thu Jan 1 00:00:00 1970
+++ jsch-0.1.41/src/com/jcraft/jsch/jce/AES256CTR.java Mon Nov 17 21:56:11 2008
@@ -0,0 +1,70 @@
+/* -*-mode:java; c-basic-offset:2; indent-tabs-mode:nil -*- */
+/*
+Copyright (c) 2005-2008 ymnk, JCraft,Inc. All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in
+ the documentation and/or other materials provided with the distribution.
+
+ 3. The names of the authors may not be used to endorse or promote products
+ derived from this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED WARRANTIES,
+INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND
+FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL JCRAFT,
+INC. OR ANY CONTRIBUTORS TO THIS SOFTWARE BE LIABLE FOR ANY DIRECT, INDIRECT,
+INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA,
+OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
+EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+*/
+
+package com.jcraft.jsch.jce;
+
+import com.jcraft.jsch.Cipher;
+import javax.crypto.spec.*;
+
+public class AES256CTR implements Cipher{
+ private static final int ivsize=16;
+ private static final int bsize=32;
+ private javax.crypto.Cipher cipher;
+ public int getIVSize(){return ivsize;}
+ public int getBlockSize(){return bsize;}
+ public void init(int mode, byte[] key, byte[] iv) throws Exception{
+ String pad="NoPadding";
+ byte[] tmp;
+ if(iv.length>ivsize){
+ tmp=new byte[ivsize];
+ System.arraycopy(iv, 0, tmp, 0, tmp.length);
+ iv=tmp;
+ }
+ if(key.length>bsize){
+ tmp=new byte[bsize];
+ System.arraycopy(key, 0, tmp, 0, tmp.length);
+ key=tmp;
+ }
+ try{
+ SecretKeySpec keyspec=new SecretKeySpec(key, "AES");
+ cipher=javax.crypto.Cipher.getInstance("AES/CTR/"+pad);
+ cipher.init((mode==ENCRYPT_MODE?
+ javax.crypto.Cipher.ENCRYPT_MODE:
+ javax.crypto.Cipher.DECRYPT_MODE),
+ keyspec, new IvParameterSpec(iv));
+ }
+ catch(Exception e){
+ cipher=null;
+ throw e;
+ }
+ }
+ public void update(byte[] foo, int s1, int len, byte[] bar, int s2) throws Exception{
+ cipher.update(foo, s1, len, bar, s2);
+ }
+}
diff -Naur jsch-0.1.40/src/com/jcraft/jsch/jce/TripleDESCTR.java jsch-0.1.41/src/com/jcraft/jsch/jce/TripleDESCTR.java
--- jsch-0.1.40/src/com/jcraft/jsch/jce/TripleDESCTR.java Thu Jan 1 00:00:00 1970
+++ jsch-0.1.41/src/com/jcraft/jsch/jce/TripleDESCTR.java Mon Nov 17 21:56:11 2008
@@ -0,0 +1,83 @@
+/* -*-mode:java; c-basic-offset:2; indent-tabs-mode:nil -*- */
+/*
+Copyright (c) 2002-2008 ymnk, JCraft,Inc. All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in
+ the documentation and/or other materials provided with the distribution.
+
+ 3. The names of the authors may not be used to endorse or promote products
+ derived from this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED WARRANTIES,
+INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND
+FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL JCRAFT,
+INC. OR ANY CONTRIBUTORS TO THIS SOFTWARE BE LIABLE FOR ANY DIRECT, INDIRECT,
+INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA,
+OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
+EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+*/
+
+package com.jcraft.jsch.jce;
+
+import com.jcraft.jsch.Cipher;
+import javax.crypto.*;
+import javax.crypto.spec.*;
+
+public class TripleDESCTR implements Cipher{
+ private static final int ivsize=8;
+ private static final int bsize=24;
+ private javax.crypto.Cipher cipher;
+ public int getIVSize(){return ivsize;}
+ public int getBlockSize(){return bsize;}
+ public void init(int mode, byte[] key, byte[] iv) throws Exception{
+ String pad="NoPadding";
+ //if(padding) pad="PKCS5Padding";
+ byte[] tmp;
+ if(iv.length>ivsize){
+ tmp=new byte[ivsize];
+ System.arraycopy(iv, 0, tmp, 0, tmp.length);
+ iv=tmp;
+ }
+ if(key.length>bsize){
+ tmp=new byte[bsize];
+ System.arraycopy(key, 0, tmp, 0, tmp.length);
+ key=tmp;
+ }
+
+ try{
+ cipher=javax.crypto.Cipher.getInstance("DESede/CTR/"+pad);
+/*
+ // The following code does not work on IBM's JDK 1.4.1
+ SecretKeySpec skeySpec = new SecretKeySpec(key, "DESede");
+ cipher.init((mode==ENCRYPT_MODE?
+ javax.crypto.Cipher.ENCRYPT_MODE:
+ javax.crypto.Cipher.DECRYPT_MODE),
+ skeySpec, new IvParameterSpec(iv));
+*/
+ DESedeKeySpec keyspec=new DESedeKeySpec(key);
+ SecretKeyFactory keyfactory=SecretKeyFactory.getInstance("DESede");
+ SecretKey _key=keyfactory.generateSecret(keyspec);
+ cipher.init((mode==ENCRYPT_MODE?
+ javax.crypto.Cipher.ENCRYPT_MODE:
+ javax.crypto.Cipher.DECRYPT_MODE),
+ _key, new IvParameterSpec(iv));
+ }
+ catch(Exception e){
+ cipher=null;
+ throw e;
+ }
+ }
+ public void update(byte[] foo, int s1, int len, byte[] bar, int s2) throws Exception{
+ cipher.update(foo, s1, len, bar, s2);
+ }
+}
|
