src/ssh/README.md deucessh-enc.h deucessh.h src/ssh/enc/aes128-cbc-bot

BBS:      TELESC.NET.BR
Assunto:  src/ssh/README.md deucessh-enc.h deucessh.h src/ssh/enc/aes128-cbc-bot
De:       Deuc¨
Data:     Wed, 6 May 2026 12:19:12 -0700
-----------------------------------------------------------
https://gitlab.synchro.net/main/sbbs/-/commit/69c190eb44cc60f35407c8fe
Modified Files:
	src/ssh/README.md deucessh-enc.h deucessh.h src/ssh/enc/aes128-cbc-botan.c aes128-cbc-openssl.c aes256-ctr-botan.c aes256-ctr-openssl.c none.c src/ssh/ssh-trans.c ssh-trans.h ssh.c src/ssh/test/test_selftest.c test_transport.c
Log Message:
DeuceSSH: cipher-aware byte rekey + opt-in time rekey

Two related rekey-policy changes that go together because they share
the same fix surface (rekey_needed) and rebuild on the same RFC.

1. Time-based auto-rekey is now off by default and configurable via
   dssh_session_set_rekey_seconds(sess, secs).  Pass 0 to disable
   (the new default), DSSH_REKEY_SECONDS for the historical 1-hour
   threshold, or any other positive value.  RFC 4253 s9 calls time
   rekey RECOMMENDED, not required, and Cryptlib-based servers
   (Mystic BBS) refuse mid-stream KEXINIT outright with
   CRYPT_ERROR_BADDATA, killing the session at the 1-hour mark.

2. Byte rekey is now per-cipher per-direction.  dssh_enc_s gains a
   bytes_per_key field (third-party-visible ABI bump, agreed); each
   AES module declares 2^36 = 64 GiB (RFC 4344 s3.2: 2^(L/4) blocks
   for L=128), and the none cipher declares UINT64_MAX.  rekey_needed
   compares tx_bytes against enc_c2s_selected->bytes_per_key and
   rx_bytes against enc_s2c_selected->bytes_per_key independently --
   no more sum-and-compare against a flat 1 GiB.  Pre-handshake
   (NULL ciphers) skips the byte check.

The DSSH_REKEY_BYTES constant is gone -- the transport gets all byte
limits from the cipher module, and we don't ship any cipher with
<128-bit blocks where the legacy 1 GiB fallback would apply.

Net: AES connections no longer rekey 64x more often than necessary,
the existing 2^28 packet limit (RFC 4344 s3.1) remains live for
small-packet sessions, and apps interoperating with brittle peers
can keep the connection alive past the 1-hour mark.

Tests: rekey/needed_bytes covers per-direction firing on each side;
new rekey/bytes_per_direction replaces the old sum-semantics test;
rekey/seconds_disabled covers all four states of the new setter;
selftest seedings use the live cipher's bytes_per_key.

Co-Authored-By: Claude Opus 4.7 (1M context) 
n
---
  mSynchronetn  hgVertrauen n hHome of Synchronet n gh[vert/cvs/bbs].synchro.net

-----------------------------------------------------------
[Voltar]