Issue Details (XML | Word | Printable)

Key: JDBC-613
Type: New Feature New Feature
Status: Open Open
Priority: Major Major
Assignee: Mark Rotteveel
Reporter: Mark Rotteveel
Votes: 0
Watchers: 0

If you were logged in you would be able to see more operations.
Jaybird JDBC Driver

Add support for Chacha wire encryption plugin

Created: 08/Mar/20 02:56 PM   Updated: 17/Jan/21 12:22 PM
Component/s: Wire protocol
Affects Version/s: None
Fix Version/s: Jaybird 4.0.3, Jaybird 5

 Description  « Hide
Firebird 4 adds support for the chacha wire encryption plugin. However, its implementation comes with the caveat that it doesn't implement the RFC-8439 variant of Chacha, but instead Firebird supports 128 bit and 256 bit keys, and given SRP produces 160 bit keys, will use the first 128 bits of that key. Java provides Chacha (RFC-8439 variant, requiring 256 bit keys) support since Java 11, so to support it in an earlier Java versions would require implementing a custom cipher (for example based on the BouncyCastle implementation).

Implementing a custom cipher would allow us to support both the 128 bit and 256 bit variant, but comes with the obvious overhead of having to implement crypto code in Jaybird.

 All   Comments   Change History   Subversion Commits      Sort Order: Ascending order - Click to sort in descending order
Mark Rotteveel added a comment - 12/Aug/20 02:28 PM
Since the 21st of April, Firebird will stretch (or reduce) the key to 256 bit using SHA-256, though it will reject keys shorter than 128 bits (16 bytes). The easy way out is to only support this in Java 11, or possibly allow or support selection of chacha from an alternative implementation like BouncyCastle.

Mark Rotteveel added a comment - 12/Aug/20 02:28 PM
Planned support for 4.0.2 is tentative.

Mark Rotteveel added a comment - 17/Jan/21 12:22 PM
Not done for 4.0.2, planned support for 4.0.3 is tentative.