summaryrefslogtreecommitdiff
path: root/usr.bin
diff options
context:
space:
mode:
authorDamien Miller <djm@cvs.openbsd.org>2016-05-03 13:10:25 +0000
committerDamien Miller <djm@cvs.openbsd.org>2016-05-03 13:10:25 +0000
commit8b81d88f7d732f293510b9e74feef43ef849a66d (patch)
tree7b1784d8a6943ed8293922aeee7f6fd4b9288716 /usr.bin
parentc1c3ef84308558dbe0a26bad843ef948a8403f12 (diff)
clarify ordering of subkeys; pointed out by ietf-ssh AT stbuehler.de
Diffstat (limited to 'usr.bin')
-rw-r--r--usr.bin/ssh/PROTOCOL.chacha20poly13054
1 files changed, 3 insertions, 1 deletions
diff --git a/usr.bin/ssh/PROTOCOL.chacha20poly1305 b/usr.bin/ssh/PROTOCOL.chacha20poly1305
index 9cf73a926bb..4857d38533d 100644
--- a/usr.bin/ssh/PROTOCOL.chacha20poly1305
+++ b/usr.bin/ssh/PROTOCOL.chacha20poly1305
@@ -34,6 +34,8 @@ Detailed Construction
The chacha20-poly1305@openssh.com cipher requires 512 bits of key
material as output from the SSH key exchange. This forms two 256 bit
keys (K_1 and K_2), used by two separate instances of chacha20.
+The first 256 bits consitute K_2 and the second 256 bits become
+K_1.
The instance keyed by K_1 is a stream cipher that is used only
to encrypt the 4 byte packet length field. The second instance,
@@ -101,5 +103,5 @@ References
[3] "ChaCha20 and Poly1305 based Cipher Suites for TLS", Adam Langley
http://tools.ietf.org/html/draft-agl-tls-chacha20poly1305-03
-$OpenBSD: PROTOCOL.chacha20poly1305,v 1.2 2013/12/02 02:50:27 djm Exp $
+$OpenBSD: PROTOCOL.chacha20poly1305,v 1.3 2016/05/03 13:10:24 djm Exp $
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-26 13:16:04 +0000