go_chacha20poly1305_openssh/consts.go

package cc20p1305ssh

import (
	`golang.org/x/crypto/chacha20`
	`golang.org/x/crypto/poly1305`
)

const (
	// BlockSize is the size in bytes of the ChaCha20Poly1305 blocks (as used by OpenSSH padding).
	BlockSize int = 8

	/*
		KeySize is the size of the key used by OpenSSH's ChaCha20 implementation.
		It should be KDFKey[:(len(KDFKeySize)-1)/2]. (32 bytes, essentially.)
	*/
	KeySize int = chacha20.KeySize

	/*
		KDFKeySize is the size of the key to return from the chosen KDF.
		At the time of writing, only bcrypt_pbkdf is supported upstream.

		The KDF should return a key of 64 bytes, but OpenSSH only uses the first half for the ChaCha20 key.
		Normally in ChaCha20Poly1305, the second half is used for "additional data".
		OpenSSH keys do not have "additional data".
	*/
	KDFKeySize int = KeySize * 2

	// IvSize is 0 because OpenSSH uses a fixed internal constant (see iv below).
	IvSize int = 0

	/*
		NonceSize is the only reason I need to do this. The actual only reason.

		If this library ever breaks, it's because the chacha20 module was updated but I forgot to change (golang.org/x/crypto/chacha20).NonceSize to 16 instead of 12.
	*/
	NonceSize int = 16

	// TagLen is the length of the Poly1305 tag.
	TagLen int = poly1305.TagSize

	// DefaultRounds specifies the number of default rounds to use if using the provided KDF derivation and the specified rounds are 0 or negative.
	DefaultRounds int = 16
)

var (
	// iv is the constant fixed IV.
	iv []byte = []byte{
		0x0, 0x0, 0x0, 0x0,
		0x0, 0x0, 0x0, 0x0,
		0x0, 0x0, 0x0, 0x0,
		0x0, 0x0, 0x0, 0x0,
	}
)