RepoMirrors
/
openssh
mirror of git://anongit.mindrot.org/openssh.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

upstream commit 

clarify ordering of subkeys; pointed out by ietf-ssh AT
 stbuehler.de

Upstream-ID: 05ebe9f949449a555ebce8e0aad7c8c9acaf8463
This commit is contained in:
djm@openbsd.org 2016-05-03 13:10:24 +00:00 committed by Damien Miller
parent cca3b43958
commit 05855bf2ce
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
PROTOCOL.chacha20poly1305
View File

@ -34,6 +34,8 @@ Detailed Construction
The chacha20-poly1305@openssh.com cipher requires 512 bits of key The chacha20-poly1305@openssh.com cipher requires 512 bits of key
material as output from the SSH key exchange. This forms two 256 bit material as output from the SSH key exchange. This forms two 256 bit
keys (K_1 and K_2), used by two separate instances of chacha20. keys (K_1 and K_2), used by two separate instances of chacha20.
The first 256 bits consitute K_2 and the second 256 bits become
K_1.
The instance keyed by K_1 is a stream cipher that is used only The instance keyed by K_1 is a stream cipher that is used only
to encrypt the 4 byte packet length field. The second instance, to encrypt the 4 byte packet length field. The second instance,
@ -101,5 +103,5 @@ References
[3] "ChaCha20 and Poly1305 based Cipher Suites for TLS", Adam Langley [3] "ChaCha20 and Poly1305 based Cipher Suites for TLS", Adam Langley
http://tools.ietf.org/html/draft-agl-tls-chacha20poly1305-03 http://tools.ietf.org/html/draft-agl-tls-chacha20poly1305-03
$OpenBSD: PROTOCOL.chacha20poly1305,v 1.2 2013/12/02 02:50:27 djm Exp $ $OpenBSD: PROTOCOL.chacha20poly1305,v 1.3 2016/05/03 13:10:24 djm Exp $