|
DeterministicESPAsyncWebServer v6.27.1
Zero-allocation, bounded-execution async HTTP server for ESP32
|
chach.nosp@m.a20-.nosp@m.poly1.nosp@m.305@.nosp@m.opens.nosp@m.sh.c.nosp@m.om AEAD cipher (OpenSSH PROTOCOL.chacha20poly1305). More...
#include <stddef.h>#include <stdint.h>Go to the source code of this file.
Macros | |
| #define | SSH_CHACHAPOLY_KEY_LEN 64 |
| two 256-bit ChaCha20 keys | |
| #define | SSH_CHACHAPOLY_TAG_LEN 16 |
| Poly1305 tag. | |
| #define | SSH_CHACHAPOLY_AAD_LEN 4 |
| the encrypted packet-length field | |
Functions | |
| uint32_t | ssh_chachapoly_get_length (const uint8_t key[SSH_CHACHAPOLY_KEY_LEN], uint32_t seqnr, const uint8_t enc_len[SSH_CHACHAPOLY_AAD_LEN]) |
| Decrypt just the 4-byte length field to learn the packet length before reading the body. | |
| void | ssh_chachapoly_encrypt (const uint8_t key[SSH_CHACHAPOLY_KEY_LEN], uint32_t seqnr, uint8_t *dest, const uint8_t *src, uint32_t payload_len) |
| Encrypt+authenticate one packet. | |
| bool | ssh_chachapoly_decrypt (const uint8_t key[SSH_CHACHAPOLY_KEY_LEN], uint32_t seqnr, uint8_t *dest, const uint8_t *src, uint32_t payload_len) |
| Verify+decrypt one packet. | |
chach.nosp@m.a20-.nosp@m.poly1.nosp@m.305@.nosp@m.opens.nosp@m.sh.c.nosp@m.om AEAD cipher (OpenSSH PROTOCOL.chacha20poly1305).
OpenSSH's authenticated cipher for the SSH binary packet. The 512-bit key is split into two 256-bit ChaCha20 keys: K_main = key[0..32] encrypts the packet payload, K_header = key[32..64] encrypts the 4-byte packet-length field separately (so a receiver can size the packet before it has the whole thing). The nonce for both is the packet sequence number as a big-endian uint64.
On decrypt the tag is verified (constant-time) before any plaintext is produced. Pure, no heap.
Definition in file ssh_chachapoly.h.
| #define SSH_CHACHAPOLY_KEY_LEN 64 |
two 256-bit ChaCha20 keys
Definition at line 30 of file ssh_chachapoly.h.
| #define SSH_CHACHAPOLY_TAG_LEN 16 |
Poly1305 tag.
Definition at line 31 of file ssh_chachapoly.h.
| #define SSH_CHACHAPOLY_AAD_LEN 4 |
the encrypted packet-length field
Definition at line 32 of file ssh_chachapoly.h.
| uint32_t ssh_chachapoly_get_length | ( | const uint8_t | key[SSH_CHACHAPOLY_KEY_LEN], |
| uint32_t | seqnr, | ||
| const uint8_t | enc_len[SSH_CHACHAPOLY_AAD_LEN] | ||
| ) |
Decrypt just the 4-byte length field to learn the packet length before reading the body.
Definition at line 40 of file ssh_chachapoly.cpp.
References ssh_chacha20_xor().
Referenced by ssh_pkt_recv().
| void ssh_chachapoly_encrypt | ( | const uint8_t | key[SSH_CHACHAPOLY_KEY_LEN], |
| uint32_t | seqnr, | ||
| uint8_t * | dest, | ||
| const uint8_t * | src, | ||
| uint32_t | payload_len | ||
| ) |
Encrypt+authenticate one packet.
| src | plaintext: 4-byte packet length (big-endian) || payload_len payload bytes. |
| dest | output: encrypted length (4) || encrypted payload (payload_len) || tag (16). May alias src. dest must hold 4 + payload_len + 16 bytes. |
Definition at line 50 of file ssh_chachapoly.cpp.
References ssh_chacha20_xor(), and ssh_poly1305().
Referenced by ssh_pkt_send().
| bool ssh_chachapoly_decrypt | ( | const uint8_t | key[SSH_CHACHAPOLY_KEY_LEN], |
| uint32_t | seqnr, | ||
| uint8_t * | dest, | ||
| const uint8_t * | src, | ||
| uint32_t | payload_len | ||
| ) |
Verify+decrypt one packet.
| src | ciphertext: encrypted length (4) || encrypted payload (payload_len) || tag (16). |
| dest | output: plaintext length (4) || plaintext payload (payload_len). May alias src. |
Definition at line 62 of file ssh_chachapoly.cpp.
References ssh_chacha20_xor(), and ssh_poly1305().
Referenced by ssh_pkt_recv().