go_chacha20poly1305_openssh/consts.go

67 lines
2.0 KiB
Go

package cc20p1305ssh
import (
`golang.org/x/crypto/chacha20`
`golang.org/x/crypto/poly1305`
)
const (
// BlockSize is the size in bytes of the ChaCha20Poly1305 blocks (as used by OpenSSH padding).
BlockSize int = 8
/*
KeySize is the size of the key used by OpenSSH's ChaCha20 implementation.
It should be KDFKey[:(len(KDFKeySize)-1)/2]. (32 bytes, essentially.)
*/
KeySize int = chacha20.KeySize
/*
KDFKeySize is the size of the key to return from the chosen KDF.
At the time of writing, only bcrypt_pbkdf is supported upstream.
The KDF should return a key of 64 bytes, but OpenSSH only uses the first half for the ChaCha20 key.
Normally in ChaCha20Poly1305, the second half is used for "additional data".
OpenSSH keys do not have "additional data".
*/
KDFKeySize int = KeySize * 2
// IvSize is 0 because OpenSSH uses a fixed internal constant (see iv below).
IvSize int = 0
/*
NonceSize is the only reason I need to do this. The actual only reason.
If this library ever breaks, it's because the chacha20 module was updated but I forgot to change (golang.org/x/crypto/chacha20).NonceSize to 16 instead of 12.
*/
NonceSize int = 16
// PolyKeySize is the amount of the cipher result of chacha20.
PolyKeySize int = 32
// TagSize is the length of the Poly1305 tag.
TagSize int = poly1305.TagSize
)
var (
// initBlock is used at counter 0 in chacha20 to get the poly1305 key.
initBlock []byte = []byte{
// 64 bytes
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
}
// iv is the constant fixed IV.
iv []byte = []byte{
0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0, 0x0,
}
)