Created attachment 1327 [details] A patch for supporting Camellia to OpenSSH-portable. I would like to add support for the Camellia block cipher to OpenSSH-portable. Camellia is one of the selected block cipher by New European Schemes for Signature, Integrity, and Encryption (NESSIE) and specified in several RFCs. The details for Camellia are in: http://info.isl.ntt.co.jp/crypt/eng/camellia/index.html I made a patch for current OpenSSH-portable. I have already tested it on FreeBSD 6.2R i386 and amd64 with OpenSSL 0.9.8e. Since the patch uses an encryption engine for Camellia in OpenSSL library, the patch needs OpenSSL whose version is greater than or equals to 0.9.8c with Camellia enabled. Will you review it? Thank you in advance.
This issue has postponed about four months. I want this issue to get next step, This patch is very simple and seems to have no problems.
What is the reason another cipher is needed? Is it faster or stronger than the existing ciphers? What advantage does it provide to offset the risk of additional code (which is exposed to unauthenticated users)? Regarding the patch itself: * it makes the camellia cipher mandatory for the software to build. A considerable effort has been made to make openssh work with older versions of the openssl library and this is negated by making camellia mandatory. * you use the standard namespace for the cipher, and the cipher is not listed in either RFC4253 or RFC4344. Non-standard ciphers must use the vendor extension mechanism (ie ciphername@yourdomain.com).
The reason I implemented the patch is that Camellia is stronger than AES if they are compared with a security margin. I saw someone saying Camellia is much faster than AES. I should also say Camellia is becoming familiar in FLOSS community; e.g. Linux, FreeBSD, GnuPG, and so on. It is true that implementing new cipher has a risk, but having an alternate 128-bit block cipher for AES will reduce a risk in the future. According to Darren's suggestion, I will update my patch in a week. I will use #ifdef to enable users to disable Camellia. I will change the name from camellia128-cbc to camellia128-cbc@openssh.com.
Created attachment 1392 [details] Update of the previeous patch. I updated the patch not to force the users to use the Camellia block cipher. I removed some descriptions about camellia from the manual pages and the list of default ciphers. I changed names of ciphers.
I'm approaching to get standard name space in SSH specification in IETF. I was asking to IANA help desk at last IETF in Vancouver and will make consensus in IETF. When this approach is finished standard name related to Camellia will appear in IANA SSH registry, http://www.iana.org/assignments/ssh-parameters, Encryption Algorithm Names. IETF policy are rough consensus and running code. For policy of running code, this patch is useful. OpenSSH developers, can you take in and test this code?
Created attachment 1397 [details] Camellia patch with CTR mode. I also implemented CTR mode for Camellia based on CTR mode for AES. Since this patch has patch #1392 inside, the patch and patch #1392 can not be used at the same time. I have compiled openssh in both with and without camellia, and no problem found. Will some one kindly review either of my patch? Thank you in advance.
Created attachment 1640 [details] Update of past patches to follow current CVS tree. Since CBC mode flag is added to struct Cipher in cipher.c, old patches cannot be used. This submission is just update of those old patches.
Created attachment 1878 [details] A patch to enable Camellia support of OpenBSD's OpenSSL.
Created attachment 1879 [details] A patch to enable Camellia support of OpenBSD's OpenSSH.
Created attachment 1902 [details] Update of Camellia patch because of draft-kanno-secsh-camellia-01 Submitted code is updated to support the methods written in the following draft: http://tools.ietf.org/id/draft-kanno-secsh-camellia-01.txt
For the last few years we have been removing ciphers from OpenSSH to arrive at a small set. We don't want to add any more.
closing resolved bugs as of 8.6p1 release