Documentation ¶
Index ¶
Constants ¶
const ( // BlockSize is the size in bytes of the ChaCha20Poly1305 blocks (as used by OpenSSH padding). BlockSize int = 8 /* KeySize is the size of the key used by OpenSSH's ChaCha20 implementation. It should be KDFKey[:(len(KDFKeySize)-1)/2]. (32 bytes, essentially.) */ KeySize int = chacha20.KeySize /* KDFKeySize is the size of the key to return from the chosen KDF. At the time of writing, only bcrypt_pbkdf is supported upstream. The KDF should return a key of 64 bytes, but OpenSSH only uses the first half for the ChaCha20 key. Normally in ChaCha20Poly1305, the second half is used for "additional data". OpenSSH keys do not have "additional data". */ KDFKeySize int = KeySize * 2 // IvSize is 0 because OpenSSH uses a fixed internal constant (see iv below). IvSize int = 0 /* NonceSize is the only reason I need to do this. The actual only reason. If this library ever breaks, it's because the chacha20 module was updated but I forgot to change (golang.org/x/crypto/chacha20).NonceSize to 16 instead of 12. */ NonceSize int = 16 // PolyKeySize is the amount of the cipher result of chacha20. PolyKeySize int = 32 // TagSize is the length of the Poly1305 tag. TagSize int = poly1305.TagSize )
Variables ¶
var ( ErrInvalidKeySize error = errors.New("a key of invalid size was provided; it must be at least 32 bytes") ErrInvalidTag = errors.New("the provided tag does not match the ciphertext") ErrInvalidTagSize = errors.New("a tag of invalid size was provided; it must be at least 16 bytes") )
Functions ¶
This section is empty.
Types ¶
type ChaCha20Poly1305OpenSSH ¶
type ChaCha20Poly1305OpenSSH struct {
// contains filtered or unexported fields
}
ChaCha20Poly1305OpenSSH is an implementation of the chacha20poly1305@openssh.com private key cipher.
Use New to return a usable version.
func New ¶
func New(key []byte) (crypter *ChaCha20Poly1305OpenSSH, err error)
New returns a cipher.AEAD from KDF-derived key.
Currently, key should be KDFKeySize bytes and returned by bcrypt_pbkdf as it's currently the only OpenSSH-supported KDF. It is up to the caller to perform the appropriate KDF.
Per the chacha20polycom1305@openssh.com specification, only the first KeySize bytes of key is used for encrypting the private key. The second half (the canonical key is 64 bytes) would be used for traffic purposes, but since this is a static blob it is not used.
If key is nil or <KDFKeySize bytes in length, an error ErrInvalidKeySize will be returned.
*DO NOT USE crypter FOR STREAMS. THIS SHOULD ONLY BE USED TO ENCRYPT AN OPENSSH PRIVATE KEY.*
func (*ChaCha20Poly1305OpenSSH) Decrypt ¶
func (c *ChaCha20Poly1305OpenSSH) Decrypt(ciphertext, tag []byte) (decrypted []byte, err error)
Decrypt decrypts and authenticates ciphertext returning the decrypted format of ciphertext.
If tag is nil or empty, it will be assumed that the tag is appended to the end of ciphertext.
If tag is specified but is <TagSize, an error ErrInvalidTagSize will be returned.
func (*ChaCha20Poly1305OpenSSH) Encrypt ¶
func (c *ChaCha20Poly1305OpenSSH) Encrypt(plaintext []byte) (encrypted, tag []byte, err error)
Encrypt encrypts and authenticates plaintext returning the encrypted format of plaintext.
If polyTag is nil or <TagSize bytes in length, an error ErrInvalidTagSize will be returned.