ovpn-dco: add support for configuring ChaCha20Poly1305 as data channel cipher

Extend the ovpn-dco module to allow the user to specify ChaCha20Poly1305
as data channel cipher.
Same as AES-GCM, it also belongs to the AEAD family and its nonce length
is 12 bytes.

Signed-off-by: Antonio Quartulli <antonio@openvpn.net>

openvpn/dco/kocrypto.hpp

@@ -85,6 +85,7 @@ namespace openvpn {
 	  case CryptoAlgs::AES_256_CBC:
 	  case CryptoAlgs::BF_CBC:
 #ifdef ENABLE_OVPNDCO
+	  case CryptoAlgs::CHACHA20_POLY1305:
 	  case CryptoAlgs::NONE:
 #endif
 	    break;

openvpn/dco/ovpndcokocrypto.hpp

@@ -57,6 +57,10 @@ public:
       kc.cipher_alg = OVPN_CIPHER_ALG_AES_GCM;
       kc.encrypt.cipher_key_size = 256 / 8;
       break;
+    case CryptoAlgs::CHACHA20_POLY1305:
+      kc.cipher_alg = OVPN_CIPHER_ALG_CHACHA20_POLY1305;
+      kc.encrypt.cipher_key_size = 256 / 8;
+      break;
     default:
       OPENVPN_THROW(korekey_error,
                     "cipher alg " << calg.name()

openvpn/tun/linux/client/genl.hpp

@@ -224,7 +224,8 @@ public:
     key_dir = nla_nest_start(msg, OVPN_ATTR_ENCRYPT_KEY);
     NLA_PUT(msg, OVPN_KEY_DIR_ATTR_CIPHER_KEY, kc->encrypt.cipher_key_size,
             kc->encrypt.cipher_key);
-    if (kc->cipher_alg == OVPN_CIPHER_ALG_AES_GCM) {
+    if (kc->cipher_alg == OVPN_CIPHER_ALG_AES_GCM
+	|| kc->cipher_alg == OVPN_CIPHER_ALG_CHACHA20_POLY1305) {
       NLA_PUT(msg, OVPN_KEY_DIR_ATTR_NONCE_TAIL, NONCE_TAIL_LEN,
               kc->encrypt.nonce_tail);
     }
@@ -233,7 +234,8 @@ public:
     key_dir = nla_nest_start(msg, OVPN_ATTR_DECRYPT_KEY);
     NLA_PUT(msg, OVPN_KEY_DIR_ATTR_CIPHER_KEY, kc->decrypt.cipher_key_size,
             kc->decrypt.cipher_key);
-    if (kc->cipher_alg == OVPN_CIPHER_ALG_AES_GCM) {
+    if (kc->cipher_alg == OVPN_CIPHER_ALG_AES_GCM
+	|| kc->cipher_alg == OVPN_CIPHER_ALG_CHACHA20_POLY1305) {
       NLA_PUT(msg, OVPN_KEY_DIR_ATTR_NONCE_TAIL, NONCE_TAIL_LEN,
               kc->decrypt.nonce_tail);
     }