mirror of
git://anongit.mindrot.org/openssh.git
synced 2024-12-18 16:14:34 +00:00
0fde8acdad
[Makefile.in PROTOCOL PROTOCOL.chacha20poly1305 authfile.c chacha.c]
[chacha.h cipher-chachapoly.c cipher-chachapoly.h cipher.c cipher.h]
[dh.c myproposal.h packet.c poly1305.c poly1305.h servconf.c ssh.1]
[ssh.c ssh_config.5 sshd_config.5] Add a new protocol 2 transport
cipher "chacha20-poly1305@openssh.com" that combines Daniel
Bernstein's ChaCha20 stream cipher and Poly1305 MAC to build an
authenticated encryption mode.
Inspired by and similar to Adam Langley's proposal for TLS:
http://tools.ietf.org/html/draft-agl-tls-chacha20poly1305-03
but differs in layout used for the MAC calculation and the use of a
second ChaCha20 instance to separately encrypt packet lengths.
Details are in the PROTOCOL.chacha20poly1305 file.
Feedback markus@, naddy@; manpage bits Loganden Velvindron @ AfriNIC
ok markus@ naddy@
23 lines
643 B
C
23 lines
643 B
C
/* $OpenBSD: poly1305.h,v 1.1 2013/11/21 00:45:44 djm Exp $ */
|
|
|
|
/*
|
|
* Public Domain poly1305 from Andrew M.
|
|
* poly1305-donna-unrolled.c from https://github.com/floodyberry/poly1305-donna
|
|
*/
|
|
|
|
#ifndef POLY1305_H
|
|
#define POLY1305_H
|
|
|
|
#include <sys/types.h>
|
|
|
|
#define POLY1305_KEYLEN 32
|
|
#define POLY1305_TAGLEN 16
|
|
|
|
void poly1305_auth(u_char out[POLY1305_TAGLEN], const u_char *m, size_t inlen,
|
|
const u_char key[POLY1305_KEYLEN])
|
|
__attribute__((__bounded__(__minbytes__, 1, POLY1305_TAGLEN)))
|
|
__attribute__((__bounded__(__buffer__, 2, 3)))
|
|
__attribute__((__bounded__(__minbytes__, 4, POLY1305_KEYLEN)));
|
|
|
|
#endif /* POLY1305_H */
|