lib/Net/SSH/Perl/Cipher/ChachaPoly.pm


            
              1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
—
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
              package Net::SSH::Perl::Cipher::ChachaPoly;
use strict;
use Net::SSH::Perl::Cipher;
use base qw( Net::SSH::Perl::Cipher );
use Carp qw( croak );
use constant POLY1305_KEYLEN => 32;
use constant ONE => chr(1) . "\0" x 7; # NB little endian
use constant AADLEN => 4;
unless (grep /^Net::SSH::Perl$/, @DynaLoader::dl_modules) {
        use XSLoader;
        XSLoader::load('Net::SSH::Perl');
}
sub new {
    my $class = shift;
    my $ciph = bless { }, $class;
    $ciph->init(@_) if @_;
    $ciph;
}
sub keysize { 64 }
sub blocksize { 8 }
sub authlen { 16 }
sub ivlen { 0 }
sub init {
    my $ciph = shift;
    my $key = shift;
    my $size = $ciph->keysize/2;
    my $mainkey = substr($key,0,$size);
    my $headerkey = substr($key,$size,$size);
    $ciph->{main} = Crypt::OpenSSH::ChachaPoly->new($mainkey);
    $ciph->{header} = Crypt::OpenSSH::ChachaPoly->new($headerkey);
}
sub _seqnr_bytes {
    my ($ciph, $seqnr) = @_;
    pack('N',0) . pack('N',$seqnr); # seqnr is only 32-bit
}
sub encrypt {
    my($ciph, $data, $seqnr, $aadlen) = @_;
    $aadlen ||= 0;
    # run chacha20 once to generate poly1305 key
    # the iv is the packet sequence number
    $seqnr = $ciph->_seqnr_bytes($seqnr);
    $ciph->{main}->ivsetup($seqnr,'');
    my $poly_key = "\0" x POLY1305_KEYLEN;
    $poly_key = $ciph->{main}->encrypt($poly_key);
    my $aadenc;
    if ($aadlen) {
        # encrypt packet length from first four bytes of data
        $ciph->{header}->ivsetup($seqnr,'');
        $aadenc = $ciph->{header}->encrypt(substr($data,0,$aadlen));
    }
    # set chacha's block counter to 1
    $ciph->{main}->ivsetup($seqnr,ONE);
    my $enc = $aadenc . $ciph->{main}->encrypt(substr($data,$aadlen));
    $enc .= $ciph->{main}->poly1305($enc,$poly_key);
    return $enc;
}
sub decrypt {
    my($ciph, $data, $seqnr, $aadlen) = @_;
    # run chacha20 once to generate poly1305 key
    # the iv is the packet sequence number
    $seqnr = $ciph->_seqnr_bytes($seqnr);
    $ciph->{main}->ivsetup($seqnr,'');
    my $poly_key = "\0" x POLY1305_KEYLEN;
    $poly_key = $ciph->{main}->encrypt($poly_key);
    my $datalen = length($data) - $ciph->authlen;
    if ($aadlen) {
        $datalen = unpack('N', $ciph->{length} ||
            eval {
                $ciph->{header}->ivsetup($seqnr,'');
                $ciph->{header}->decrypt(substr($data,0,$aadlen))
            });
    }
    delete $ciph->{length};
    # check tag before decrypting packet
    my $expected_tag = $ciph->{main}->poly1305(substr($data,0,$aadlen+$datalen),
                                               $poly_key);
    my $tag = substr($data,$aadlen+$datalen,$ciph->authlen);
    croak "Invalid poly1305 tag"
        if $expected_tag ne $tag;
    # set chacha's block counter to 1
    $ciph->{main}->ivsetup($seqnr,ONE);
    # return payload only
    $ciph->{main}->decrypt(substr($data,$aadlen,$datalen));
}
sub get_length {
    my($ciph, $data, $seqnr) = @_;
    return if length($data) < AADLEN;
    $seqnr = $ciph->_seqnr_bytes($seqnr);
    $ciph->{header}->ivsetup($seqnr,'');
    # save it so we do not have to decrypt again later in decrypt()
    $ciph->{length} = $ciph->{header}->decrypt(substr($data,0,AADLEN));
}
1;
__END__
=head1 NAME
Net::SSH::Perl::Cipher::ChachaPoly - provides Chacha20 encryption
with Poly1305 Authentication support for I<Net::SSH::Perl>.
=head1 SYNOPSIS
    use Net::SSH::Perl::Cipher;
    my $eight_byte_iv = pack('N',0) . pack('N',1);
    my $eight_byte_counter = chr(1) . 7 x "\0"; # little endian
    my $cipher = Net::SSH::Perl::Cipher->new('ChachaPoly', $key);
    # generate poly key
    $cipher->ivsetup($eight_byte_iv,undef);
    my $poly_key = "\0" x POLY1305_KEYLEN; # 32 byte key
    $poly_key = $ciph->encrypt($poly_key);
    $cipher->ivsetup($eight_byte_iv,$eight_byte_counter);
    my $enc = $cipher->encrypt($plaintext);
    my $tag = $cipher->poly1305($enc,$poly_key);
=head1 DESCRIPTION
I<Net::SSH::Perl::Cipher::Chacha> provides Chacha20 encryption
with Poly1305 support for I<Net::SSH::Perl>.
This module requires I<Crypt::OpenSSH::ChachaPoly> which provides
a wrapper to the OpenSSH Chacha and Poly1305 functions.
=head1 AUTHOR & COPYRIGHTS
Lance Kinley E<lkinley@loyaltymethods.com>
Copyright (c) 2015 Loyalty Methods, Inc.
=head1 LICENSE
This program is free software; you can redistribute it and/or
modify it under the same terms as Perl itself.
=cut
	Global
`s`	Focus search bar
`?`	Bring up this help dialog
	GitHub
`g` `p`	Go to pull requests
`g` `i`	go to github issues (only if github is preferred repository)
	POD
`g` `a`	Go to author
`g` `c`	Go to changes
`g` `i`	Go to issues
`g` `d`	Go to dist
`g` `r`	Go to repository/SCM
`g` `s`	Go to source
`g` `b`	Go to file browse
	Search terms
module: (e.g. module:Plugin)
distribution: (e.g. distribution:Dancer auth)
author: (e.g. author:SONGMU Redis)
version: (e.g. version:1.00)