package cc20p1305ssh import ( `golang.org/x/crypto/chacha20` `golang.org/x/crypto/poly1305` ) /* Decrypt decrypts and authenticates ciphertext returning the decrypted format of ciphertext. If tag is nil or empty, it will be assumed that the tag is appended to the end of ciphertext. If tag is specified but is (1<<38)-64 { panic("chacha20poly1305: plaintext too large") } */ // We need the crypter. if cc20, err = chacha20.NewUnauthenticatedCipher(c.realKey[:], iv); err != nil { return } // First we need the poly1305 key. This also sets the counter to 1. firstBlock = make([]byte, len(initBlock)) cc20.XORKeyStream(firstBlock, initBlock) copy(polyKey[:], firstBlock[:PolyKeySize]) // We explicitly set the counter to 1, just in case. cc20.SetCounter(1) encrypted = make([]byte, len(plaintext)) cc20.XORKeyStream(encrypted, plaintext) poly = poly1305.New(&polyKey) poly.Write(encrypted) tagTmp = poly.Sum(nil) tag = make([]byte, TagSize) copy(tag, tagTmp[:TagSize]) return }