go_chacha20poly1305_openssh/funcs.go

34 lines
1.0 KiB
Go
Raw Permalink Normal View History

2023-01-10 07:24:12 -05:00
package cc20p1305ssh
/*
New returns a cipher.AEAD from KDF-derived key.
Currently, key should be KDFKeySize bytes and returned by bcrypt_pbkdf as it's currently the
only OpenSSH-supported KDF. It is up to the caller to perform the appropriate KDF.
Per the chacha20polycom1305@openssh.com specification, only the first KeySize bytes of key
is used for encrypting the private key. The second half (the canonical key is 64 bytes)
would be used for traffic purposes, but since this is a static blob it is not used.
If key is nil or <KDFKeySize bytes in length, an error ErrInvalidKeySize will be returned.
*DO NOT USE crypter FOR STREAMS. THIS SHOULD ONLY BE USED TO ENCRYPT AN OPENSSH PRIVATE KEY.*
*/
func New(key []byte) (crypter *ChaCha20Poly1305OpenSSH, err error) {
var crypterReal ChaCha20Poly1305OpenSSH
if key == nil || len(key) < KDFKeySize {
err = ErrInvalidKeySize
return
}
crypterReal = ChaCha20Poly1305OpenSSH{}
copy(crypterReal.kdfKey[:], key[:KDFKeySize])
copy(crypterReal.realKey[:], key[:KeySize])
crypter = &crypterReal
return
}