package cc20p1305ssh /* New returns a cipher.AEAD from KDF-derived key. Currently, key should be KDFKeySize bytes and returned by bcrypt_pbkdf as it's currently the only OpenSSH-supported KDF. It is up to the caller to perform the appropriate KDF. Per the chacha20polycom1305@openssh.com specification, only the first KeySize bytes of key is used for encrypting the private key. The second half (the canonical key is 64 bytes) would be used for traffic purposes, but since this is a static blob it is not used. If key is nil or