Changeset View
Changeset View
Standalone View
Standalone View
PROTOCOL.chacha20poly1305
Show All 28 Lines | |||||
negotiated. | negotiated. | ||||
Detailed Construction | Detailed Construction | ||||
--------------------- | --------------------- | ||||
The chacha20-poly1305@openssh.com cipher requires 512 bits of key | The chacha20-poly1305@openssh.com cipher requires 512 bits of key | ||||
material as output from the SSH key exchange. This forms two 256 bit | material as output from the SSH key exchange. This forms two 256 bit | ||||
keys (K_1 and K_2), used by two separate instances of chacha20. | keys (K_1 and K_2), used by two separate instances of chacha20. | ||||
The first 256 bits consitute K_2 and the second 256 bits become | The first 256 bits constitute K_2 and the second 256 bits become | ||||
K_1. | K_1. | ||||
The instance keyed by K_1 is a stream cipher that is used only | The instance keyed by K_1 is a stream cipher that is used only | ||||
to encrypt the 4 byte packet length field. The second instance, | to encrypt the 4 byte packet length field. The second instance, | ||||
keyed by K_2, is used in conjunction with poly1305 to build an AEAD | keyed by K_2, is used in conjunction with poly1305 to build an AEAD | ||||
(Authenticated Encryption with Associated Data) that is used to encrypt | (Authenticated Encryption with Associated Data) that is used to encrypt | ||||
and authenticate the entire packet. | and authenticate the entire packet. | ||||
▲ Show 20 Lines • Show All 52 Lines • ▼ Show 20 Lines | [1] "ChaCha, a variant of Salsa20", Daniel Bernstein | ||||
http://cr.yp.to/chacha/chacha-20080128.pdf | http://cr.yp.to/chacha/chacha-20080128.pdf | ||||
[2] "The Poly1305-AES message-authentication code", Daniel Bernstein | [2] "The Poly1305-AES message-authentication code", Daniel Bernstein | ||||
http://cr.yp.to/mac/poly1305-20050329.pdf | http://cr.yp.to/mac/poly1305-20050329.pdf | ||||
[3] "ChaCha20 and Poly1305 based Cipher Suites for TLS", Adam Langley | [3] "ChaCha20 and Poly1305 based Cipher Suites for TLS", Adam Langley | ||||
http://tools.ietf.org/html/draft-agl-tls-chacha20poly1305-03 | http://tools.ietf.org/html/draft-agl-tls-chacha20poly1305-03 | ||||
$OpenBSD: PROTOCOL.chacha20poly1305,v 1.4 2018/04/10 00:10:49 djm Exp $ | $OpenBSD: PROTOCOL.chacha20poly1305,v 1.5 2020/02/21 00:04:43 dtucker Exp $ | ||||