67 lines
2.0 KiB
Go
67 lines
2.0 KiB
Go
package cc20p1305ssh
|
|
|
|
import (
|
|
`golang.org/x/crypto/chacha20`
|
|
`golang.org/x/crypto/poly1305`
|
|
)
|
|
|
|
const (
|
|
// BlockSize is the size in bytes of the ChaCha20Poly1305 blocks (as used by OpenSSH padding).
|
|
BlockSize int = 8
|
|
|
|
/*
|
|
KeySize is the size of the key used by OpenSSH's ChaCha20 implementation.
|
|
It should be KDFKey[:(len(KDFKeySize)-1)/2]. (32 bytes, essentially.)
|
|
*/
|
|
KeySize int = chacha20.KeySize
|
|
|
|
/*
|
|
KDFKeySize is the size of the key to return from the chosen KDF.
|
|
At the time of writing, only bcrypt_pbkdf is supported upstream.
|
|
|
|
The KDF should return a key of 64 bytes, but OpenSSH only uses the first half for the ChaCha20 key.
|
|
Normally in ChaCha20Poly1305, the second half is used for "additional data".
|
|
OpenSSH keys do not have "additional data".
|
|
*/
|
|
KDFKeySize int = KeySize * 2
|
|
|
|
// IvSize is 0 because OpenSSH uses a fixed internal constant (see iv below).
|
|
IvSize int = 0
|
|
|
|
/*
|
|
NonceSize is the only reason I need to do this. The actual only reason.
|
|
|
|
If this library ever breaks, it's because the chacha20 module was updated but I forgot to change (golang.org/x/crypto/chacha20).NonceSize to 16 instead of 12.
|
|
*/
|
|
NonceSize int = 16
|
|
|
|
// PolyKeySize is the amount of the cipher result of chacha20.
|
|
PolyKeySize int = 32
|
|
|
|
// TagSize is the length of the Poly1305 tag.
|
|
TagSize int = poly1305.TagSize
|
|
)
|
|
|
|
var (
|
|
// initBlock is used at counter 0 in chacha20 to get the poly1305 key.
|
|
initBlock []byte = []byte{
|
|
// 64 bytes
|
|
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
|
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
|
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
|
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
|
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
|
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
|
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
|
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
|
}
|
|
|
|
// iv is the constant fixed IV.
|
|
iv []byte = []byte{
|
|
0x0, 0x0, 0x0, 0x0,
|
|
0x0, 0x0, 0x0, 0x0,
|
|
0x0, 0x0, 0x0, 0x0,
|
|
0x0, 0x0, 0x0, 0x0,
|
|
}
|
|
)
|