mirror of
git://anongit.mindrot.org/openssh.git
synced 2024-12-24 19:02:06 +00:00
0fde8acdad
[Makefile.in PROTOCOL PROTOCOL.chacha20poly1305 authfile.c chacha.c] [chacha.h cipher-chachapoly.c cipher-chachapoly.h cipher.c cipher.h] [dh.c myproposal.h packet.c poly1305.c poly1305.h servconf.c ssh.1] [ssh.c ssh_config.5 sshd_config.5] Add a new protocol 2 transport cipher "chacha20-poly1305@openssh.com" that combines Daniel Bernstein's ChaCha20 stream cipher and Poly1305 MAC to build an authenticated encryption mode. Inspired by and similar to Adam Langley's proposal for TLS: http://tools.ietf.org/html/draft-agl-tls-chacha20poly1305-03 but differs in layout used for the MAC calculation and the use of a second ChaCha20 instance to separately encrypt packet lengths. Details are in the PROTOCOL.chacha20poly1305 file. Feedback markus@, naddy@; manpage bits Loganden Velvindron @ AfriNIC ok markus@ naddy@
36 lines
975 B
C
36 lines
975 B
C
/* $OpenBSD: chacha.h,v 1.1 2013/11/21 00:45:44 djm Exp $ */
|
|
|
|
/*
|
|
chacha-merged.c version 20080118
|
|
D. J. Bernstein
|
|
Public domain.
|
|
*/
|
|
|
|
#ifndef CHACHA_H
|
|
#define CHACHA_H
|
|
|
|
#include <sys/types.h>
|
|
|
|
struct chacha_ctx {
|
|
u_int input[16];
|
|
};
|
|
|
|
#define CHACHA_MINKEYLEN 16
|
|
#define CHACHA_NONCELEN 8
|
|
#define CHACHA_CTRLEN 8
|
|
#define CHACHA_STATELEN (CHACHA_NONCELEN+CHACHA_CTRLEN)
|
|
#define CHACHA_BLOCKLEN 64
|
|
|
|
void chacha_keysetup(struct chacha_ctx *x, const u_char *k, u_int kbits)
|
|
__attribute__((__bounded__(__minbytes__, 2, CHACHA_MINKEYLEN)));
|
|
void chacha_ivsetup(struct chacha_ctx *x, const u_char *iv, const u_char *ctr)
|
|
__attribute__((__bounded__(__minbytes__, 2, CHACHA_NONCELEN)))
|
|
__attribute__((__bounded__(__minbytes__, 3, CHACHA_CTRLEN)));
|
|
void chacha_encrypt_bytes(struct chacha_ctx *x, const u_char *m,
|
|
u_char *c, u_int bytes)
|
|
__attribute__((__bounded__(__buffer__, 2, 4)))
|
|
__attribute__((__bounded__(__buffer__, 3, 4)));
|
|
|
|
#endif /* CHACHA_H */
|
|
|