Changeset View
Changeset View
Standalone View
Standalone View
PROTOCOL.chacha20poly1305
| Show All 28 Lines | |||||
| negotiated. | negotiated. | ||||
| Detailed Construction | Detailed Construction | ||||
| --------------------- | --------------------- | ||||
| The chacha20-poly1305@openssh.com cipher requires 512 bits of key | The chacha20-poly1305@openssh.com cipher requires 512 bits of key | ||||
| material as output from the SSH key exchange. This forms two 256 bit | material as output from the SSH key exchange. This forms two 256 bit | ||||
| keys (K_1 and K_2), used by two separate instances of chacha20. | keys (K_1 and K_2), used by two separate instances of chacha20. | ||||
| The first 256 bits consitute K_2 and the second 256 bits become | The first 256 bits constitute K_2 and the second 256 bits become | ||||
| K_1. | K_1. | ||||
| The instance keyed by K_1 is a stream cipher that is used only | The instance keyed by K_1 is a stream cipher that is used only | ||||
| to encrypt the 4 byte packet length field. The second instance, | to encrypt the 4 byte packet length field. The second instance, | ||||
| keyed by K_2, is used in conjunction with poly1305 to build an AEAD | keyed by K_2, is used in conjunction with poly1305 to build an AEAD | ||||
| (Authenticated Encryption with Associated Data) that is used to encrypt | (Authenticated Encryption with Associated Data) that is used to encrypt | ||||
| and authenticate the entire packet. | and authenticate the entire packet. | ||||
| ▲ Show 20 Lines • Show All 52 Lines • ▼ Show 20 Lines | [1] "ChaCha, a variant of Salsa20", Daniel Bernstein | ||||
| http://cr.yp.to/chacha/chacha-20080128.pdf | http://cr.yp.to/chacha/chacha-20080128.pdf | ||||
| [2] "The Poly1305-AES message-authentication code", Daniel Bernstein | [2] "The Poly1305-AES message-authentication code", Daniel Bernstein | ||||
| http://cr.yp.to/mac/poly1305-20050329.pdf | http://cr.yp.to/mac/poly1305-20050329.pdf | ||||
| [3] "ChaCha20 and Poly1305 based Cipher Suites for TLS", Adam Langley | [3] "ChaCha20 and Poly1305 based Cipher Suites for TLS", Adam Langley | ||||
| http://tools.ietf.org/html/draft-agl-tls-chacha20poly1305-03 | http://tools.ietf.org/html/draft-agl-tls-chacha20poly1305-03 | ||||
| $OpenBSD: PROTOCOL.chacha20poly1305,v 1.4 2018/04/10 00:10:49 djm Exp $ | $OpenBSD: PROTOCOL.chacha20poly1305,v 1.5 2020/02/21 00:04:43 dtucker Exp $ | ||||