From 0fde8acdad78a4d20cadae974376cc0165f645ee Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Thu, 21 Nov 2013 14:12:23 +1100 Subject: - djm@cvs.openbsd.org 2013/11/21 00:45:44 [Makefile.in PROTOCOL PROTOCOL.chacha20poly1305 authfile.c chacha.c] [chacha.h cipher-chachapoly.c cipher-chachapoly.h cipher.c cipher.h] [dh.c myproposal.h packet.c poly1305.c poly1305.h servconf.c ssh.1] [ssh.c ssh_config.5 sshd_config.5] Add a new protocol 2 transport cipher "chacha20-poly1305@openssh.com" that combines Daniel Bernstein's ChaCha20 stream cipher and Poly1305 MAC to build an authenticated encryption mode. Inspired by and similar to Adam Langley's proposal for TLS: http://tools.ietf.org/html/draft-agl-tls-chacha20poly1305-03 but differs in layout used for the MAC calculation and the use of a second ChaCha20 instance to separately encrypt packet lengths. Details are in the PROTOCOL.chacha20poly1305 file. Feedback markus@, naddy@; manpage bits Loganden Velvindron @ AfriNIC ok markus@ naddy@ --- PROTOCOL | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) (limited to 'PROTOCOL') diff --git a/PROTOCOL b/PROTOCOL index 0363314c..cace97f8 100644 --- a/PROTOCOL +++ b/PROTOCOL @@ -91,6 +91,11 @@ an MAC algorithm. Additionally, if AES-GCM is selected as the cipher the exchanged MAC algorithms are ignored and there doesn't have to be a matching MAC. +1.7 transport: chacha20-poly1305@openssh.com authenticated encryption + +OpenSSH supports authenticated encryption using ChaCha20 and Poly1305 +as described in PROTOCOL.chacha20poly1305. + 2. Connection protocol changes 2.1. connection: Channel write close extension "eow@openssh.com" @@ -345,4 +350,4 @@ respond with a SSH_FXP_STATUS message. This extension is advertised in the SSH_FXP_VERSION hello with version "1". -$OpenBSD: PROTOCOL,v 1.21 2013/10/17 00:30:13 djm Exp $ +$OpenBSD: PROTOCOL,v 1.22 2013/11/21 00:45:43 djm Exp $ -- cgit v1.2.3