mirror of
https://github.com/OpenVPN/openvpn3.git
synced 2024-09-20 04:02:15 +02:00
ovpn-dco: add support for configuring ChaCha20Poly1305 as data channel cipher
Extend the ovpn-dco module to allow the user to specify ChaCha20Poly1305 as data channel cipher. Same as AES-GCM, it also belongs to the AEAD family and its nonce length is 12 bytes. Signed-off-by: Antonio Quartulli <antonio@openvpn.net>
This commit is contained in:
parent
8ce41b76f8
commit
6eb1680099
@ -85,6 +85,7 @@ namespace openvpn {
|
||||
case CryptoAlgs::AES_256_CBC:
|
||||
case CryptoAlgs::BF_CBC:
|
||||
#ifdef ENABLE_OVPNDCO
|
||||
case CryptoAlgs::CHACHA20_POLY1305:
|
||||
case CryptoAlgs::NONE:
|
||||
#endif
|
||||
break;
|
||||
|
@ -57,6 +57,10 @@ public:
|
||||
kc.cipher_alg = OVPN_CIPHER_ALG_AES_GCM;
|
||||
kc.encrypt.cipher_key_size = 256 / 8;
|
||||
break;
|
||||
case CryptoAlgs::CHACHA20_POLY1305:
|
||||
kc.cipher_alg = OVPN_CIPHER_ALG_CHACHA20_POLY1305;
|
||||
kc.encrypt.cipher_key_size = 256 / 8;
|
||||
break;
|
||||
default:
|
||||
OPENVPN_THROW(korekey_error,
|
||||
"cipher alg " << calg.name()
|
||||
|
@ -224,7 +224,8 @@ public:
|
||||
key_dir = nla_nest_start(msg, OVPN_ATTR_ENCRYPT_KEY);
|
||||
NLA_PUT(msg, OVPN_KEY_DIR_ATTR_CIPHER_KEY, kc->encrypt.cipher_key_size,
|
||||
kc->encrypt.cipher_key);
|
||||
if (kc->cipher_alg == OVPN_CIPHER_ALG_AES_GCM) {
|
||||
if (kc->cipher_alg == OVPN_CIPHER_ALG_AES_GCM
|
||||
|| kc->cipher_alg == OVPN_CIPHER_ALG_CHACHA20_POLY1305) {
|
||||
NLA_PUT(msg, OVPN_KEY_DIR_ATTR_NONCE_TAIL, NONCE_TAIL_LEN,
|
||||
kc->encrypt.nonce_tail);
|
||||
}
|
||||
@ -233,7 +234,8 @@ public:
|
||||
key_dir = nla_nest_start(msg, OVPN_ATTR_DECRYPT_KEY);
|
||||
NLA_PUT(msg, OVPN_KEY_DIR_ATTR_CIPHER_KEY, kc->decrypt.cipher_key_size,
|
||||
kc->decrypt.cipher_key);
|
||||
if (kc->cipher_alg == OVPN_CIPHER_ALG_AES_GCM) {
|
||||
if (kc->cipher_alg == OVPN_CIPHER_ALG_AES_GCM
|
||||
|| kc->cipher_alg == OVPN_CIPHER_ALG_CHACHA20_POLY1305) {
|
||||
NLA_PUT(msg, OVPN_KEY_DIR_ATTR_NONCE_TAIL, NONCE_TAIL_LEN,
|
||||
kc->decrypt.nonce_tail);
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user