HomePhabricator

Add tests and implementation for Encrypt-then-MAC mode

Authored by Dirkjan Bussink <d.bussink@gmail.com> on Feb 12 2019, 9:56 AM.

Description

Add tests and implementation for Encrypt-then-MAC mode

This adds the OpenSSH HMACs that do encrypt then mac. This is a more
secure mode than the original HMAC. Newer AEAD ciphers like chacha20 and
AES-GCM are already encrypt-then-mac, but this also adds it for older
legacy clients that don't support those ciphers yet.

Signed-off-by: Dirkjan Bussink <d.bussink@gmail.com>
Reviewed-by: Jon Simons <jon@jonsimons.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>

Details

Committed
asnFeb 22 2019, 3:31 PM
Parents
rLIBSSHe4c7912b3531: Add flag for tracking EtM HMACs
Branches
Unknown
Tags
Unknown