1. Forum
  2. DOVE-Net
  3. Synchronet Programming

  • src/ssh/README.md deucessh-enc.h deucessh.h src/ssh/enc/aes128-cbc-bot

    From Deuc¿@VERT to Git commit to main/sbbs/master on Wed May 6 12:19:12 2026
    https://gitlab.synchro.net/main/sbbs/-/commit/69c190eb44cc60f35407c8fe
    Modified Files:
    src/ssh/README.md deucessh-enc.h deucessh.h src/ssh/enc/aes128-cbc-botan.c aes128-cbc-openssl.c aes256-ctr-botan.c aes256-ctr-openssl.c none.c src/ssh/ssh-trans.c ssh-trans.h ssh.c src/ssh/test/test_selftest.c test_transport.c
    Log Message:
    DeuceSSH: cipher-aware byte rekey + opt-in time rekey

    Two related rekey-policy changes that go together because they share
    the same fix surface (rekey_needed) and rebuild on the same RFC.

    1. Time-based auto-rekey is now off by default and configurable via
    dssh_session_set_rekey_seconds(sess, secs). Pass 0 to disable
    (the new default), DSSH_REKEY_SECONDS for the historical 1-hour
    threshold, or any other positive value. RFC 4253 s9 calls time
    rekey RECOMMENDED, not required, and Cryptlib-based servers
    (Mystic BBS) refuse mid-stream KEXINIT outright with
    CRYPT_ERROR_BADDATA, killing the session at the 1-hour mark.

    2. Byte rekey is now per-cipher per-direction. dssh_enc_s gains a
    bytes_per_key field (third-party-visible ABI bump, agreed); each
    AES module declares 2^36 = 64 GiB (RFC 4344 s3.2: 2^(L/4) blocks
    for L=128), and the none cipher declares UINT64_MAX. rekey_needed
    compares tx_bytes against enc_c2s_selected->bytes_per_key and
    rx_bytes against enc_s2c_selected->bytes_per_key independently --
    no more sum-and-compare against a flat 1 GiB. Pre-handshake
    (NULL ciphers) skips the byte check.

    The DSSH_REKEY_BYTES constant is gone -- the transport gets all byte
    limits from the cipher module, and we don't ship any cipher with
    <128-bit blocks where the legacy 1 GiB fallback would apply.

    Net: AES connections no longer rekey 64x more often than necessary,
    the existing 2^28 packet limit (RFC 4344 s3.1) remains live for
    small-packet sessions, and apps interoperating with brittle peers
    can keep the connection alive past the 1-hour mark.

    Tests: rekey/needed_bytes covers per-direction firing on each side;
    new rekey/bytes_per_direction replaces the old sum-semantics test; rekey/seconds_disabled covers all four states of the new setter;
    selftest seedings use the live cipher's bytes_per_key.

    Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net