diff options
Diffstat (limited to 'PROTOCOL.chacha20poly1305')
| -rw-r--r-- | PROTOCOL.chacha20poly1305 | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/PROTOCOL.chacha20poly1305 b/PROTOCOL.chacha20poly1305 index 9cf73a926..4857d3853 100644 --- a/PROTOCOL.chacha20poly1305 +++ b/PROTOCOL.chacha20poly1305 | |||
| @@ -34,6 +34,8 @@ Detailed Construction | |||
| 34 | The chacha20-poly1305@openssh.com cipher requires 512 bits of key | 34 | The chacha20-poly1305@openssh.com cipher requires 512 bits of key |
| 35 | material as output from the SSH key exchange. This forms two 256 bit | 35 | material as output from the SSH key exchange. This forms two 256 bit |
| 36 | keys (K_1 and K_2), used by two separate instances of chacha20. | 36 | keys (K_1 and K_2), used by two separate instances of chacha20. |
| 37 | The first 256 bits consitute K_2 and the second 256 bits become | ||
| 38 | K_1. | ||
| 37 | 39 | ||
| 38 | The instance keyed by K_1 is a stream cipher that is used only | 40 | The instance keyed by K_1 is a stream cipher that is used only |
| 39 | to encrypt the 4 byte packet length field. The second instance, | 41 | to encrypt the 4 byte packet length field. The second instance, |
| @@ -101,5 +103,5 @@ References | |||
| 101 | [3] "ChaCha20 and Poly1305 based Cipher Suites for TLS", Adam Langley | 103 | [3] "ChaCha20 and Poly1305 based Cipher Suites for TLS", Adam Langley |
| 102 | http://tools.ietf.org/html/draft-agl-tls-chacha20poly1305-03 | 104 | http://tools.ietf.org/html/draft-agl-tls-chacha20poly1305-03 |
| 103 | 105 | ||
| 104 | $OpenBSD: PROTOCOL.chacha20poly1305,v 1.2 2013/12/02 02:50:27 djm Exp $ | 106 | $OpenBSD: PROTOCOL.chacha20poly1305,v 1.3 2016/05/03 13:10:24 djm Exp $ |
| 105 | 107 | ||