diff options
| author | Damien Miller <djm@mindrot.org> | 2013-11-21 14:12:23 +1100 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2013-11-21 14:12:23 +1100 |
| commit | 0fde8acdad78a4d20cadae974376cc0165f645ee (patch) | |
| tree | 6e6aa82b73163bcb412920050d98f82ca9f4e86e /cipher.h | |
| parent | fdb2306acdc3eb2bc46b6dfdaaf6005c650af22a (diff) | |
- djm@cvs.openbsd.org 2013/11/21 00:45:44
[Makefile.in PROTOCOL PROTOCOL.chacha20poly1305 authfile.c chacha.c]
[chacha.h cipher-chachapoly.c cipher-chachapoly.h cipher.c cipher.h]
[dh.c myproposal.h packet.c poly1305.c poly1305.h servconf.c ssh.1]
[ssh.c ssh_config.5 sshd_config.5] Add a new protocol 2 transport
cipher "chacha20-poly1305@openssh.com" that combines Daniel
Bernstein's ChaCha20 stream cipher and Poly1305 MAC to build an
authenticated encryption mode.
Inspired by and similar to Adam Langley's proposal for TLS:
http://tools.ietf.org/html/draft-agl-tls-chacha20poly1305-03
but differs in layout used for the MAC calculation and the use of a
second ChaCha20 instance to separately encrypt packet lengths.
Details are in the PROTOCOL.chacha20poly1305 file.
Feedback markus@, naddy@; manpage bits Loganden Velvindron @ AfriNIC
ok markus@ naddy@
Diffstat (limited to 'cipher.h')
| -rw-r--r-- | cipher.h | 11 |
1 files changed, 8 insertions, 3 deletions
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: cipher.h,v 1.41 2013/11/07 11:58:27 dtucker Exp $ */ | 1 | /* $OpenBSD: cipher.h,v 1.42 2013/11/21 00:45:44 djm Exp $ */ |
| 2 | 2 | ||
| 3 | /* | 3 | /* |
| 4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
| @@ -38,6 +38,8 @@ | |||
| 38 | #define CIPHER_H | 38 | #define CIPHER_H |
| 39 | 39 | ||
| 40 | #include <openssl/evp.h> | 40 | #include <openssl/evp.h> |
| 41 | #include "cipher-chachapoly.h" | ||
| 42 | |||
| 41 | /* | 43 | /* |
| 42 | * Cipher types for SSH-1. New types can be added, but old types should not | 44 | * Cipher types for SSH-1. New types can be added, but old types should not |
| 43 | * be removed for compatibility. The maximum allowed value is 31. | 45 | * be removed for compatibility. The maximum allowed value is 31. |
| @@ -66,6 +68,7 @@ struct CipherContext { | |||
| 66 | int plaintext; | 68 | int plaintext; |
| 67 | int encrypt; | 69 | int encrypt; |
| 68 | EVP_CIPHER_CTX evp; | 70 | EVP_CIPHER_CTX evp; |
| 71 | struct chachapoly_ctx cp_ctx; /* XXX union with evp? */ | ||
| 69 | const Cipher *cipher; | 72 | const Cipher *cipher; |
| 70 | }; | 73 | }; |
| 71 | 74 | ||
| @@ -75,11 +78,13 @@ const Cipher *cipher_by_number(int); | |||
| 75 | int cipher_number(const char *); | 78 | int cipher_number(const char *); |
| 76 | char *cipher_name(int); | 79 | char *cipher_name(int); |
| 77 | int ciphers_valid(const char *); | 80 | int ciphers_valid(const char *); |
| 78 | char *cipher_alg_list(char); | 81 | char *cipher_alg_list(char, int); |
| 79 | void cipher_init(CipherContext *, const Cipher *, const u_char *, u_int, | 82 | void cipher_init(CipherContext *, const Cipher *, const u_char *, u_int, |
| 80 | const u_char *, u_int, int); | 83 | const u_char *, u_int, int); |
| 81 | void cipher_crypt(CipherContext *, u_char *, const u_char *, | 84 | void cipher_crypt(CipherContext *, u_int, u_char *, const u_char *, |
| 82 | u_int, u_int, u_int); | 85 | u_int, u_int, u_int); |
| 86 | int cipher_get_length(CipherContext *, u_int *, u_int, | ||
| 87 | const u_char *, u_int); | ||
| 83 | void cipher_cleanup(CipherContext *); | 88 | void cipher_cleanup(CipherContext *); |
| 84 | void cipher_set_key_string(CipherContext *, const Cipher *, const char *, int); | 89 | void cipher_set_key_string(CipherContext *, const Cipher *, const char *, int); |
| 85 | u_int cipher_blocksize(const Cipher *); | 90 | u_int cipher_blocksize(const Cipher *); |