A variant of ChaCha20-Poly1305 that OpenSSH uses ("chacha20-poly1305@openssh.com").
Go to file
2023-01-10 07:39:46 -05:00
_patches initial release. tests pass at least. 2023-01-10 07:39:46 -05:00
.githooks/pre-commit adding git hook test, simplified structure using vendoring 2023-01-09 05:50:26 -05:00
vendor initial release. tests pass at least. 2023-01-10 07:39:46 -05:00
.gitignore initial release. tests pass at least. 2023-01-10 07:39:46 -05:00
algos_test.go initial release. tests pass at least. 2023-01-10 07:39:46 -05:00
consts_test.go initial release. tests pass at least. 2023-01-10 07:39:46 -05:00
consts.go initial release. tests pass at least. 2023-01-10 07:39:46 -05:00
errs.go initial release. tests pass at least. 2023-01-10 07:39:46 -05:00
funcs_chacha20poly1305_ssh.go initial release. tests pass at least. 2023-01-10 07:39:46 -05:00
funcs_test.go initial release. tests pass at least. 2023-01-10 07:39:46 -05:00
funcs.go initial release. tests pass at least. 2023-01-10 07:39:46 -05:00
go.mod adding git hook test, simplified structure using vendoring 2023-01-09 05:50:26 -05:00
go.sum adding git hook test, simplified structure using vendoring 2023-01-09 05:50:26 -05:00
LICENSE add license 2023-01-09 06:17:49 -05:00
notes simplify this down 2023-01-08 17:31:09 -05:00
README.adoc initial release. tests pass at least. 2023-01-10 07:39:46 -05:00
types.go initial release. tests pass at least. 2023-01-10 07:39:46 -05:00

r00t2.io/cc20p1305ssh

1. What is it?

A Golang library variant of ChaCha20-Poly1305 that OpenSSH uses (chacha20-poly1305@openssh.com).

Warning
Note that this module only supports the OpenSSH variant, and should only be used for key generation/parsing/modification/manipulation, not actual connection/stream encryption.

2. Usage

The usage of this library is very limited in scope; its only intended for low-level OpenSSH key operations.

Primarily, for use with go_sshkeys.

3. FAQ

3.1. Why is this necessary?

Because Golang.org/x/crypto removes functionality (even for very common tech) and thinks OpenSSH is a "weird" use case. Thats a direct reference; they called it "weird".

I really, really hope this library is no longer necessary by the time Im done writing it but based on my past experiences with core Golang devs, my expectations are extremely low.

Narrator: It was still necessary .

They have no decent support for OpenSSH keys or lower-level operations. And guess whatsometimes you need lower-level functionality. Who knew?

So now because Im just a single individual, bug fixes will probably lag behind upstream if I have to re-vendor because Im not maintaining an entire fork of golang.org/x/crypto. All because Golang devs decided the OpenSSH variant was "too weird".

But, of course, not "weird" enough to not support the wire protocol for SSH. Just the key encryption. Because of course. And not publicly exposed either. Because of course.

Assholes.

3.2. Why is the name so ugly?

I couldnt think of a better one and I wanted something notably distinct from the stdlib-x naming.

And module names cant include the @ symbol.

3.3. Why dont you expose the rest of low-level ChaCha20/Poly1305/ChaCha20-Poly1305?

  • To keep code changes from upstream light (and thus easier to debug, audit, etc.)

  • Because otherwise the module name is inaccurate

    • Because OpenSSH has their own specific variant

    • Which means we can handle SSH-specific functionality if needed

  • Because golang.org/x/crypto has made it painfully clear that if you want something that deviates from what they think is "best practice", you need to do it yourself

    • Which ironically is something they also brand an "anti-pattern" which is just *chefs kiss*