diff options
-rw-r--r-- | NEWS | 3 | ||||
-rw-r--r-- | lib/algorithms.h | 4 | ||||
-rw-r--r-- | lib/algorithms/ciphers.c | 43 | ||||
-rw-r--r-- | lib/algorithms/ciphersuites.c | 25 | ||||
-rw-r--r-- | lib/gnutls_cipher.c | 28 | ||||
-rw-r--r-- | lib/gnutls_constate.c | 5 | ||||
-rw-r--r-- | lib/gnutls_dtls.c | 2 | ||||
-rw-r--r-- | lib/includes/gnutls/crypto.h | 1 | ||||
-rw-r--r-- | lib/includes/gnutls/gnutls.h.in | 2 | ||||
-rw-r--r-- | lib/libgnutls.map | 1 | ||||
-rw-r--r-- | lib/nettle/cipher.c | 34 | ||||
-rw-r--r-- | lib/x509/privkey_openssl.c | 2 | ||||
-rw-r--r-- | lib/x509/privkey_pkcs8.c | 2 | ||||
-rw-r--r-- | src/benchmark-cipher.c | 19 | ||||
-rw-r--r-- | src/benchmark-tls.c | 6 |
15 files changed, 138 insertions, 39 deletions
@@ -18,6 +18,8 @@ support AES with PKCS #12. on initialization. This speeds up gnutls initialization when smart cards are present. +** libgnutls: Added Salsa20R20 cipher (experimental) + ** libgnutls-dane: Updated DANE verification options. ** configure: Trust store file must be explicitly set or unset when @@ -34,6 +36,7 @@ gnutls_x509_trust_list_remove_cas: Added gnutls_session_get_desc: Added gnutls_privkey_sign_raw_data: Added gnutls_pkcs11_status: Added +gnutls_cipher_get_iv_size: Added * Version 3.1.9 (released 2013-02-27) diff --git a/lib/algorithms.h b/lib/algorithms.h index 749f8daa07..9034adc3bc 100644 --- a/lib/algorithms.h +++ b/lib/algorithms.h @@ -89,10 +89,8 @@ _gnutls_cipher_suite_get_id (gnutls_kx_algorithm_t kx_algorithm, int _gnutls_cipher_is_block (gnutls_cipher_algorithm_t algorithm); int _gnutls_cipher_algo_is_aead (gnutls_cipher_algorithm_t algorithm); int _gnutls_cipher_is_ok (gnutls_cipher_algorithm_t algorithm); -int _gnutls_cipher_get_iv_size (gnutls_cipher_algorithm_t algorithm); int _gnutls_cipher_get_export_flag (gnutls_cipher_algorithm_t algorithm); -/* at least for now iv_size == tag_size */ -#define _gnutls_cipher_get_tag_size _gnutls_cipher_get_iv_size +int _gnutls_cipher_get_tag_size (gnutls_cipher_algorithm_t algorithm); /* Functions for key exchange. */ int _gnutls_kx_needs_dh_params (gnutls_kx_algorithm_t algorithm); diff --git a/lib/algorithms/ciphers.c b/lib/algorithms/ciphers.c index f2ccbb6d9d..13eb7ff45d 100644 --- a/lib/algorithms/ciphers.c +++ b/lib/algorithms/ciphers.c @@ -52,6 +52,8 @@ static const gnutls_cipher_entry algorithms[] = { {"AES-128-GCM", GNUTLS_CIPHER_AES_128_GCM, 16, 16, CIPHER_STREAM, AEAD_IMPLICIT_DATA_SIZE, 0, 1}, {"AES-256-GCM", GNUTLS_CIPHER_AES_256_GCM, 16, 32, CIPHER_STREAM, AEAD_IMPLICIT_DATA_SIZE, 0, 1}, {"ARCFOUR-128", GNUTLS_CIPHER_ARCFOUR_128, 1, 16, CIPHER_STREAM, 0, 0, 0}, + {"SALSA20R20-128", GNUTLS_CIPHER_SALSA20R20_128, 1, 16, CIPHER_STREAM, 8, 0, 0}, + {"SALSA20R20-256", GNUTLS_CIPHER_SALSA20R20_256, 1, 32, CIPHER_STREAM, 8, 0, 0}, {"CAMELLIA-256-CBC", GNUTLS_CIPHER_CAMELLIA_256_CBC, 16, 32, CIPHER_BLOCK, 16, 0, 0}, {"CAMELLIA-192-CBC", GNUTLS_CIPHER_CAMELLIA_192_CBC, 16, 24, CIPHER_BLOCK, @@ -112,6 +114,39 @@ gnutls_cipher_get_block_size (gnutls_cipher_algorithm_t algorithm) } +/** + * gnutls_cipher_get_iv_size: + * @algorithm: is an encryption algorithm + * + * Get block size for encryption algorithm. + * + * Returns: block size for encryption algorithm. + * + * Since: 3.1.10 + **/ +int +gnutls_cipher_get_iv_size (gnutls_cipher_algorithm_t algorithm) +{ + size_t ret = 0; + GNUTLS_ALG_LOOP (ret = p->iv); + return ret; +} + +int +_gnutls_cipher_get_tag_size (gnutls_cipher_algorithm_t algorithm) +{ + size_t ret = 0; + + GNUTLS_ALG_LOOP ( + if (p->auth) + ret = p->block; /* FIXME: happens to be the same for now */ + else + ret = 0; + ); + return ret; + +} + /* returns the priority */ int _gnutls_cipher_priority (gnutls_session_t session, @@ -165,14 +200,6 @@ gnutls_cipher_get_key_size (gnutls_cipher_algorithm_t algorithm) } -int -_gnutls_cipher_get_iv_size (gnutls_cipher_algorithm_t algorithm) -{ /* In bytes */ - size_t ret = 0; - GNUTLS_ALG_LOOP (ret = p->iv); - return ret; - -} int _gnutls_cipher_get_export_flag (gnutls_cipher_algorithm_t algorithm) diff --git a/lib/algorithms/ciphersuites.c b/lib/algorithms/ciphersuites.c index 817f07b659..d7b90903c6 100644 --- a/lib/algorithms/ciphersuites.c +++ b/lib/algorithms/ciphersuites.c @@ -120,7 +120,6 @@ typedef struct /* DHE DSS */ - #define GNUTLS_DHE_DSS_3DES_EDE_CBC_SHA1 { 0x00, 0x13 } @@ -218,6 +217,12 @@ typedef struct #define GNUTLS_ECDHE_PSK_NULL_SHA256 { 0xC0, 0x3A } #define GNUTLS_ECDHE_PSK_NULL_SHA384 { 0xC0, 0x3B } +/* Salsa 20 */ +#define GNUTLS_RSA_WITH_SALSA20R20_128_SHA256 {0xFA, 0xA1} +#define GNUTLS_RSA_WITH_SALSA20R20_256_SHA256 {0xFA, 0xA2} +#define GNUTLS_RSA_WITH_SALSA20R20_128_SHA1 {0xFA, 0xA3} +#define GNUTLS_RSA_WITH_SALSA20R20_256_SHA1 {0xFA, 0xA4} + #define CIPHER_SUITES_COUNT (sizeof(cs_algorithms)/sizeof(gnutls_cipher_suite_entry)-1) static const gnutls_cipher_suite_entry cs_algorithms[] = { @@ -277,6 +282,24 @@ static const gnutls_cipher_suite_entry cs_algorithms[] = { GNUTLS_CIPHER_AES_128_GCM, GNUTLS_KX_RSA, GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, GNUTLS_VERSION_MAX, 1), +/* Salsa20 */ + ENTRY (GNUTLS_RSA_WITH_SALSA20R20_128_SHA1, + GNUTLS_CIPHER_SALSA20R20_128, GNUTLS_KX_RSA, + GNUTLS_MAC_SHA1, GNUTLS_TLS1_0, + GNUTLS_VERSION_MAX, 1), + ENTRY (GNUTLS_RSA_WITH_SALSA20R20_256_SHA1, + GNUTLS_CIPHER_SALSA20R20_256, GNUTLS_KX_RSA, + GNUTLS_MAC_SHA1, GNUTLS_TLS1_0, + GNUTLS_VERSION_MAX, 1), + + ENTRY (GNUTLS_RSA_WITH_SALSA20R20_128_SHA256, + GNUTLS_CIPHER_SALSA20R20_128, GNUTLS_KX_RSA, + GNUTLS_MAC_SHA256, GNUTLS_TLS1_0, + GNUTLS_VERSION_MAX, 1), + ENTRY (GNUTLS_RSA_WITH_SALSA20R20_256_SHA256, + GNUTLS_CIPHER_SALSA20R20_256, GNUTLS_KX_RSA, + GNUTLS_MAC_SHA256, GNUTLS_TLS1_0, + GNUTLS_VERSION_MAX, 1), /* DHE_DSS */ #ifdef ENABLE_DHE diff --git a/lib/gnutls_cipher.c b/lib/gnutls_cipher.c index 1a70a10023..8531a4c7b0 100644 --- a/lib/gnutls_cipher.c +++ b/lib/gnutls_cipher.c @@ -323,7 +323,9 @@ compressed_to_ciphertext (gnutls_session_t session, int explicit_iv = _gnutls_version_has_explicit_iv (session->security_parameters.version); int auth_cipher = _gnutls_auth_cipher_is_aead(¶ms->write.cipher_state); uint8_t nonce[MAX_CIPHER_BLOCK_SIZE]; + unsigned iv_size; + iv_size = gnutls_cipher_get_iv_size(params->cipher_algorithm); _gnutls_hard_log("ENC[%p]: cipher: %s, MAC: %s, Epoch: %u\n", session, gnutls_cipher_get_name(params->cipher_algorithm), gnutls_mac_get_name(params->mac_algorithm), @@ -349,9 +351,12 @@ compressed_to_ciphertext (gnutls_session_t session, auth_cipher, blocksize); } else - length_to_encrypt = length = - calc_enc_length_stream (session, compressed->size, tag_size, - auth_cipher); + { + length_to_encrypt = length = + calc_enc_length_stream (session, compressed->size, tag_size, + auth_cipher); + } + if (length < 0) { return gnutls_assert_val(length); @@ -403,12 +408,17 @@ compressed_to_ciphertext (gnutls_session_t session, */ length_to_encrypt -= AEAD_EXPLICIT_DATA_SIZE + tag_size; } + else if (iv_size > 0) + _gnutls_auth_cipher_setiv(¶ms->write.cipher_state, UINT64DATA(params->write.sequence_number), 8); } else { /* AEAD ciphers have an explicit IV. Shouldn't be used otherwise. */ - if (auth_cipher) return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR); + if (auth_cipher) + return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR); + else if (iv_size > 0) + _gnutls_auth_cipher_setiv(¶ms->write.cipher_state, UINT64DATA(params->write.sequence_number), 8); } memcpy (data_ptr, compressed->data, compressed->size); @@ -646,10 +656,11 @@ ciphertext_to_compressed (gnutls_session_t session, unsigned int ver = gnutls_protocol_get_version (session); unsigned int tag_size = _gnutls_auth_cipher_tag_len (¶ms->read.cipher_state); unsigned int explicit_iv = _gnutls_version_has_explicit_iv (session->security_parameters.version); - + unsigned iv_size; + + iv_size = gnutls_cipher_get_iv_size(params->cipher_algorithm); blocksize = gnutls_cipher_get_block_size (params->cipher_algorithm); - /* actual decryption (inplace) */ switch (_gnutls_cipher_is_block (params->cipher_algorithm)) @@ -679,6 +690,11 @@ ciphertext_to_compressed (gnutls_session_t session, length_to_decrypt = ciphertext->size - tag_size; } + else if (iv_size > 0) + { /* a stream cipher with explicit IV */ + _gnutls_auth_cipher_setiv(¶ms->read.cipher_state, UINT64DATA(*sequence), 8); + length_to_decrypt = ciphertext->size; + } else { if (ciphertext->size < tag_size) diff --git a/lib/gnutls_constate.c b/lib/gnutls_constate.c index 4f798138bf..e86fb2c0e1 100644 --- a/lib/gnutls_constate.c +++ b/lib/gnutls_constate.c @@ -298,7 +298,8 @@ _gnutls_init_record_state (record_parameters_st * params, gnutls_protocol_t ver, if (!_gnutls_version_has_explicit_iv(ver)) { - iv = &state->IV; + if (_gnutls_cipher_is_block (params->cipher_algorithm) != CIPHER_STREAM) + iv = &state->IV; } ret = _gnutls_auth_cipher_init (&state->cipher_state, @@ -424,7 +425,7 @@ _gnutls_epoch_set_keys (gnutls_session_t session, uint16_t epoch) if (_gnutls_compression_is_ok (comp_algo) != 0) return gnutls_assert_val (GNUTLS_E_UNKNOWN_COMPRESSION_ALGORITHM); - IV_size = _gnutls_cipher_get_iv_size (cipher_algo); + IV_size = gnutls_cipher_get_iv_size (cipher_algo); key_size = gnutls_cipher_get_key_size (cipher_algo); export_flag = _gnutls_cipher_get_export_flag (cipher_algo); hash_size = _gnutls_hmac_get_algo_len (mac_algo); diff --git a/lib/gnutls_dtls.c b/lib/gnutls_dtls.c index 4ad513afc6..24fa2e1c18 100644 --- a/lib/gnutls_dtls.c +++ b/lib/gnutls_dtls.c @@ -602,7 +602,7 @@ int total = 0, ret, iv_size; return gnutls_assert_val(ret); /* requires padding */ - iv_size = _gnutls_cipher_get_iv_size(params->cipher_algorithm); + iv_size = gnutls_cipher_get_iv_size(params->cipher_algorithm); if (_gnutls_cipher_is_block (params->cipher_algorithm) == CIPHER_BLOCK) { diff --git a/lib/includes/gnutls/crypto.h b/lib/includes/gnutls/crypto.h index 39946fa4f9..1bc429040c 100644 --- a/lib/includes/gnutls/crypto.h +++ b/lib/includes/gnutls/crypto.h @@ -52,6 +52,7 @@ extern "C" void gnutls_cipher_deinit (gnutls_cipher_hd_t handle); int gnutls_cipher_get_block_size (gnutls_cipher_algorithm_t algorithm); + int gnutls_cipher_get_iv_size (gnutls_cipher_algorithm_t algorithm); typedef struct hash_hd_st *gnutls_hash_hd_t; diff --git a/lib/includes/gnutls/gnutls.h.in b/lib/includes/gnutls/gnutls.h.in index 851d397ae3..00c9689870 100644 --- a/lib/includes/gnutls/gnutls.h.in +++ b/lib/includes/gnutls/gnutls.h.in @@ -111,6 +111,8 @@ extern "C" GNUTLS_CIPHER_AES_128_GCM = 93, GNUTLS_CIPHER_AES_256_GCM = 94, GNUTLS_CIPHER_CAMELLIA_192_CBC = 95, + GNUTLS_CIPHER_SALSA20R20_128 = 96, + GNUTLS_CIPHER_SALSA20R20_256 = 97, /* used only for PGP internals. Ignored in TLS/SSL */ diff --git a/lib/libgnutls.map b/lib/libgnutls.map index 4c7719639d..5c57278290 100644 --- a/lib/libgnutls.map +++ b/lib/libgnutls.map @@ -903,6 +903,7 @@ GNUTLS_3_1_0 { gnutls_session_get_desc; gnutls_privkey_sign_raw_data; gnutls_privkey_status; + gnutls_cipher_get_iv_size; } GNUTLS_3_0_0; GNUTLS_PRIVATE { diff --git a/lib/nettle/cipher.c b/lib/nettle/cipher.c index ebd947e5b4..f17cc44a0e 100644 --- a/lib/nettle/cipher.c +++ b/lib/nettle/cipher.c @@ -30,6 +30,7 @@ #include <nettle/camellia.h> #include <nettle/arcfour.h> #include <nettle/arctwo.h> +#include <nettle/salsa20.h> #include <nettle/des.h> #include <nettle/nettle-meta.h> #include <nettle/cbc.h> @@ -69,6 +70,7 @@ struct nettle_cipher_ctx struct des3_ctx des3; struct des_ctx des; struct gcm_aes_ctx aes_gcm; + struct salsa20_ctx salsa20; } ctx; void *ctx_ptr; uint8_t iv[MAX_BLOCK_SIZE]; @@ -116,6 +118,8 @@ static int wrap_nettle_cipher_exists(gnutls_cipher_algorithm_t algo) case GNUTLS_CIPHER_3DES_CBC: case GNUTLS_CIPHER_DES_CBC: case GNUTLS_CIPHER_ARCFOUR_128: + case GNUTLS_CIPHER_SALSA20R20_128: + case GNUTLS_CIPHER_SALSA20R20_256: case GNUTLS_CIPHER_ARCFOUR_40: case GNUTLS_CIPHER_RC2_40_CBC: return 1; @@ -196,6 +200,15 @@ wrap_nettle_cipher_init (gnutls_cipher_algorithm_t algo, void **_ctx, int enc) ctx->ctx_ptr = &ctx->ctx.arcfour; ctx->block_size = 1; break; + case GNUTLS_CIPHER_SALSA20R20_128: + case GNUTLS_CIPHER_SALSA20R20_256: + ctx->encrypt = stream_encrypt; + ctx->decrypt = stream_encrypt; + ctx->i_encrypt = (nettle_crypt_func *) salsa20_crypt; + ctx->i_decrypt = (nettle_crypt_func *) salsa20_crypt; + ctx->ctx_ptr = &ctx->ctx.salsa20; + ctx->block_size = 1; + break; case GNUTLS_CIPHER_RC2_40_CBC: ctx->encrypt = cbc_encrypt; ctx->decrypt = cbc_decrypt; @@ -278,6 +291,10 @@ wrap_nettle_cipher_setkey (void *_ctx, const void *key, size_t keysize) case GNUTLS_CIPHER_ARCFOUR_40: arcfour_set_key (ctx->ctx_ptr, keysize, key); break; + case GNUTLS_CIPHER_SALSA20R20_128: + case GNUTLS_CIPHER_SALSA20R20_256: + salsa20_set_key (ctx->ctx_ptr, keysize, key); + break; case GNUTLS_CIPHER_RC2_40_CBC: arctwo_set_key (ctx->ctx_ptr, keysize, key); break; @@ -299,19 +316,20 @@ struct nettle_cipher_ctx *ctx = _ctx; case GNUTLS_CIPHER_AES_128_GCM: case GNUTLS_CIPHER_AES_256_GCM: if (ivsize != GCM_DEFAULT_NONCE_SIZE) - { - gnutls_assert (); - return GNUTLS_E_INVALID_REQUEST; - } + return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); gcm_aes_set_iv(&ctx->ctx.aes_gcm, GCM_DEFAULT_NONCE_SIZE, iv); break; + case GNUTLS_CIPHER_SALSA20R20_128: + case GNUTLS_CIPHER_SALSA20R20_256: + if (ivsize != SALSA20_IV_SIZE) + return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); + + salsa20_set_iv(&ctx->ctx.salsa20, iv); + break; default: if (ivsize > ctx->block_size) - { - gnutls_assert (); - return GNUTLS_E_INVALID_REQUEST; - } + return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); memcpy (ctx->iv, iv, ivsize); } diff --git a/lib/x509/privkey_openssl.c b/lib/x509/privkey_openssl.c index 9945733d33..389f531e34 100644 --- a/lib/x509/privkey_openssl.c +++ b/lib/x509/privkey_openssl.c @@ -181,7 +181,7 @@ gnutls_x509_privkey_import_openssl (gnutls_x509_privkey_t key, return GNUTLS_E_INVALID_REQUEST; } - iv_size = _gnutls_cipher_get_iv_size(cipher); + iv_size = gnutls_cipher_get_iv_size(cipher); salt.size = iv_size; salt.data = gnutls_malloc (salt.size); if (!salt.data) diff --git a/lib/x509/privkey_pkcs8.c b/lib/x509/privkey_pkcs8.c index a5e73447f9..1bbfc78223 100644 --- a/lib/x509/privkey_pkcs8.c +++ b/lib/x509/privkey_pkcs8.c @@ -2070,7 +2070,7 @@ generate_key (schema_id schema, key->size = kdf_params->key_size = gnutls_cipher_get_key_size (enc_params->cipher); - enc_params->iv_size = _gnutls_cipher_get_iv_size (enc_params->cipher); + enc_params->iv_size = gnutls_cipher_get_iv_size (enc_params->cipher); key->data = gnutls_malloc (key->size); if (key->data == NULL) { diff --git a/src/benchmark-cipher.c b/src/benchmark-cipher.c index b620723a2a..0a4510f86d 100644 --- a/src/benchmark-cipher.c +++ b/src/benchmark-cipher.c @@ -48,7 +48,7 @@ cipher_mac_bench (int algo, int mac_algo, int size) gnutls_hmac_hd_t mac_ctx; void *_key, *_iv; gnutls_datum_t key, iv; - int blocksize = gnutls_cipher_get_block_size (algo); + int ivsize = gnutls_cipher_get_iv_size(algo); int keysize = gnutls_cipher_get_key_size (algo); int step = size*1024; struct benchmark_st st; @@ -58,13 +58,13 @@ cipher_mac_bench (int algo, int mac_algo, int size) return; memset (_key, 0xf0, keysize); - _iv = malloc (blocksize); + _iv = malloc (ivsize); if (_iv == NULL) return; - memset (_iv, 0xf0, blocksize); + memset (_iv, 0xf0, ivsize); iv.data = _iv; - iv.size = blocksize; + iv.size = ivsize; key.data = _key; key.size = keysize; @@ -118,7 +118,7 @@ cipher_bench (int algo, int size, int aead) gnutls_cipher_hd_t ctx; void *_key, *_iv; gnutls_datum_t key, iv; - int blocksize = gnutls_cipher_get_block_size (algo); + int ivsize = gnutls_cipher_get_iv_size(algo); int keysize = gnutls_cipher_get_key_size (algo); int step = size*1024; struct benchmark_st st; @@ -128,14 +128,14 @@ cipher_bench (int algo, int size, int aead) return; memset (_key, 0xf0, keysize); - _iv = malloc (blocksize); + _iv = malloc (ivsize); if (_iv == NULL) return; - memset (_iv, 0xf0, blocksize); + memset (_iv, 0xf0, ivsize); iv.data = _iv; if (aead) iv.size = 12; - else iv.size = blocksize; + else iv.size = ivsize; key.data = _key; key.size = keysize; @@ -212,6 +212,7 @@ void benchmark_cipher (int init, int debug_level) gnutls_rnd( GNUTLS_RND_NONCE, data, sizeof(data)); } + cipher_mac_bench ( GNUTLS_CIPHER_SALSA20R20_128, GNUTLS_MAC_SHA1, 16); cipher_mac_bench ( GNUTLS_CIPHER_AES_128_CBC, GNUTLS_MAC_SHA1, 16); cipher_mac_bench ( GNUTLS_CIPHER_AES_128_CBC, GNUTLS_MAC_SHA256, 16); cipher_bench ( GNUTLS_CIPHER_AES_128_GCM, 16, 1); @@ -226,5 +227,7 @@ void benchmark_cipher (int init, int debug_level) cipher_bench (GNUTLS_CIPHER_ARCFOUR, 16, 0); + cipher_bench ( GNUTLS_CIPHER_SALSA20R20_128, 16, 0); + gnutls_global_deinit(); } diff --git a/src/benchmark-tls.c b/src/benchmark-tls.c index 59b269a647..eb82c8e68e 100644 --- a/src/benchmark-tls.c +++ b/src/benchmark-tls.c @@ -52,6 +52,7 @@ const char* side = ""; #define PRIO_ARCFOUR_128_MD5 "NONE:+VERS-TLS1.0:+ARCFOUR-128:+MD5:+SIGN-ALL:+COMP-NULL:+ANON-DH" #define PRIO_AES_GCM "NONE:+VERS-TLS1.2:+AES-128-GCM:+AEAD:+SIGN-ALL:+COMP-NULL:+ANON-DH" #define PRIO_CAMELLIA_CBC_SHA1 "NONE:+VERS-TLS1.0:+CAMELLIA-128-CBC:+SHA1:+SIGN-ALL:+COMP-NULL:+ANON-DH" +#define PRIO_SALSA20R20_128_SHA1 "NONE:+VERS-TLS1.0:+SALSA20R20-128:+SHA1:+SIGN-ALL:+COMP-NULL:+ANON-DH" static const int rsa_bits = 1776, ec_bits = 192; @@ -426,6 +427,11 @@ void benchmark_tls(int debug_level, int ciphers) test_ciphersuite(PRIO_ARCFOUR_128_MD5, 8 * 1024); test_ciphersuite(PRIO_ARCFOUR_128_MD5, 15 * 1024); + test_ciphersuite(PRIO_SALSA20R20_128_SHA1, 1024); + test_ciphersuite(PRIO_SALSA20R20_128_SHA1, 4096); + test_ciphersuite(PRIO_SALSA20R20_128_SHA1, 8*1024); + test_ciphersuite(PRIO_SALSA20R20_128_SHA1, 15*1024); + test_ciphersuite(PRIO_AES_GCM, 1024); test_ciphersuite(PRIO_AES_GCM, 4096); test_ciphersuite(PRIO_AES_GCM, 8 * 1024); |