diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..faeeb5e --- /dev/null +++ b/LICENSE @@ -0,0 +1,21 @@ +The MIT License (MIT) + +Copyright (c) 2023 Brent Saner + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. diff --git a/README.adoc b/README.adoc index fb12180..9ea7be3 100644 --- a/README.adoc +++ b/README.adoc @@ -1,4 +1,4 @@ -= cc20p1305ssh += r00t2.io/cc20p1305ssh Brent Saner Last updated {localdatetime} :doctype: book diff --git a/README.md b/README.md deleted file mode 100644 index 9d0e2ff..0000000 --- a/README.md +++ /dev/null @@ -1,29 +0,0 @@ -# cc20p1305ssh - -A Golang library variant of ChaCha20-Poly1305 that OpenSSH uses ("chacha20-poly1305@openssh.com"). - -Note that this module *only* supports the OpenSSH variant. - -## Why is this necessary? - -Because Golang.org/x/crypto [removes functionality](https://github.com/golang/go/issues/36646) (even for [very common tech](https://github.com/golang/go/issues/44226)) and thinks OpenSSH is a "weird" use case. - -I *really, really* hope this library is [no longer necessary](https://github.com/golang/go/issues/57699) by the time I'm done writing it, but based on my past experiences with core Golang devs, my expectations are extremely low. - -They have no decent support for OpenSSH keys or lower-level operations. And guess what -- sometimes you need lower-level functionality. Who knew? - -So now because I'm just a single individual, bug fixes will probably lag behind upstream. All because Golang.org/x/crypto decided the OpenSSH variant was "too weird". - -But, of course, not "weird" enough to [not support the *wire* protocol](https://go.googlesource.com/crypto/+/master/ssh/cipher.go#647) for SSH. Just the key encryption. Because of course. And not publicly exposed either. Because of course. - -## Why is the name so ugly? - -I couldn't think of a better one and I wanted something notably distinct from stdlib-x. - -## Why don't you expose the rest of ChaCha20/Poly1305/ChaCha20-Poly1305? - -* To keep code light (and thus easier to debug, audit, etc.) -* Because otherwise the module name is inaccurate -* Because OpenSSH has their own specific variant - * Which means we can handle SSH-specific functionality if needed -* Because Golang/x/crypto has made it painfully clear that if you want something that deviates from what they think is "best practice", you need to do it yourself