diff options
| author |   djm <djm@openbsd.org> | 2013-11-21 00:45:43 +0000 |
|---|---|---|
| committer | djm <djm@openbsd.org> | 2013-11-21 00:45:43 +0000 |
| commit | 1edbfe239db2487faa56c5fb5877105e3018932c (patch) | |
| tree | d5cbb0444e798f9ca43091e45c4a31f1498e401f /usr.bin/ssh/cipher.h | |
| parent | remove the #define b_cylinder b_resid from bufs. i hated the (diff) | |
| download | wireguard-openbsd-1edbfe239db2487faa56c5fb5877105e3018932c.tar.xz wireguard-openbsd-1edbfe239db2487faa56c5fb5877105e3018932c.zip | |
Add a new protocol 2 transport cipher "chacha20-poly1305@openssh.com"
that combines Daniel Bernstein's ChaCha20 stream cipher and Poly1305 MAC
to build an authenticated encryption mode.
Inspired by and similar to Adam Langley's proposal for TLS:
http://tools.ietf.org/html/draft-agl-tls-chacha20poly1305-03
but differs in layout used for the MAC calculation and the use of a
second ChaCha20 instance to separately encrypt packet lengths.
Details are in the PROTOCOL.chacha20poly1305 file.
Feedback markus@, naddy@; manpage bits Loganden Velvindron @ AfriNIC
ok markus@ naddy@
Diffstat (limited to 'usr.bin/ssh/cipher.h')
| -rw-r--r-- | usr.bin/ssh/cipher.h | 11 |
1 files changed, 8 insertions, 3 deletions
diff --git a/usr.bin/ssh/cipher.h b/usr.bin/ssh/cipher.h index 46502348b79..4e837a75412 100644 --- a/usr.bin/ssh/cipher.h +++ b/usr.bin/ssh/cipher.h @@ -1,4 +1,4 @@ -/* $OpenBSD: cipher.h,v 1.41 2013/11/07 11:58:27 dtucker Exp $ */ +/* $OpenBSD: cipher.h,v 1.42 2013/11/21 00:45:44 djm Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> @@ -38,6 +38,8 @@ #define CIPHER_H #include <openssl/evp.h> +#include "cipher-chachapoly.h" + /* * Cipher types for SSH-1. New types can be added, but old types should not * be removed for compatibility. The maximum allowed value is 31. @@ -66,6 +68,7 @@ struct CipherContext { int plaintext; int encrypt; EVP_CIPHER_CTX evp; + struct chachapoly_ctx cp_ctx; /* XXX union with evp? */ const Cipher *cipher; }; @@ -75,11 +78,13 @@ const Cipher *cipher_by_number(int); int cipher_number(const char *); char *cipher_name(int); int ciphers_valid(const char *); -char *cipher_alg_list(char); +char *cipher_alg_list(char, int); void cipher_init(CipherContext *, const Cipher *, const u_char *, u_int, const u_char *, u_int, int); -void cipher_crypt(CipherContext *, u_char *, const u_char *, +void cipher_crypt(CipherContext *, u_int, u_char *, const u_char *, u_int, u_int, u_int); +int cipher_get_length(CipherContext *, u_int *, u_int, + const u_char *, u_int); void cipher_cleanup(CipherContext *); void cipher_set_key_string(CipherContext *, const Cipher *, const char *, int); u_int cipher_blocksize(const Cipher *); |