summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--NEWS3
-rw-r--r--lib/algorithms.h4
-rw-r--r--lib/algorithms/ciphers.c43
-rw-r--r--lib/algorithms/ciphersuites.c25
-rw-r--r--lib/gnutls_cipher.c28
-rw-r--r--lib/gnutls_constate.c5
-rw-r--r--lib/gnutls_dtls.c2
-rw-r--r--lib/includes/gnutls/crypto.h1
-rw-r--r--lib/includes/gnutls/gnutls.h.in2
-rw-r--r--lib/libgnutls.map1
-rw-r--r--lib/nettle/cipher.c34
-rw-r--r--lib/x509/privkey_openssl.c2
-rw-r--r--lib/x509/privkey_pkcs8.c2
-rw-r--r--src/benchmark-cipher.c19
-rw-r--r--src/benchmark-tls.c6
15 files changed, 138 insertions, 39 deletions
diff --git a/NEWS b/NEWS
index 5b5799fa6e..8dbf9b5c1c 100644
--- a/NEWS
+++ b/NEWS
@@ -18,6 +18,8 @@ support AES with PKCS #12.
on initialization. This speeds up gnutls initialization when smart
cards are present.
+** libgnutls: Added Salsa20R20 cipher (experimental)
+
** libgnutls-dane: Updated DANE verification options.
** configure: Trust store file must be explicitly set or unset when
@@ -34,6 +36,7 @@ gnutls_x509_trust_list_remove_cas: Added
gnutls_session_get_desc: Added
gnutls_privkey_sign_raw_data: Added
gnutls_pkcs11_status: Added
+gnutls_cipher_get_iv_size: Added
* Version 3.1.9 (released 2013-02-27)
diff --git a/lib/algorithms.h b/lib/algorithms.h
index 749f8daa07..9034adc3bc 100644
--- a/lib/algorithms.h
+++ b/lib/algorithms.h
@@ -89,10 +89,8 @@ _gnutls_cipher_suite_get_id (gnutls_kx_algorithm_t kx_algorithm,
int _gnutls_cipher_is_block (gnutls_cipher_algorithm_t algorithm);
int _gnutls_cipher_algo_is_aead (gnutls_cipher_algorithm_t algorithm);
int _gnutls_cipher_is_ok (gnutls_cipher_algorithm_t algorithm);
-int _gnutls_cipher_get_iv_size (gnutls_cipher_algorithm_t algorithm);
int _gnutls_cipher_get_export_flag (gnutls_cipher_algorithm_t algorithm);
-/* at least for now iv_size == tag_size */
-#define _gnutls_cipher_get_tag_size _gnutls_cipher_get_iv_size
+int _gnutls_cipher_get_tag_size (gnutls_cipher_algorithm_t algorithm);
/* Functions for key exchange. */
int _gnutls_kx_needs_dh_params (gnutls_kx_algorithm_t algorithm);
diff --git a/lib/algorithms/ciphers.c b/lib/algorithms/ciphers.c
index f2ccbb6d9d..13eb7ff45d 100644
--- a/lib/algorithms/ciphers.c
+++ b/lib/algorithms/ciphers.c
@@ -52,6 +52,8 @@ static const gnutls_cipher_entry algorithms[] = {
{"AES-128-GCM", GNUTLS_CIPHER_AES_128_GCM, 16, 16, CIPHER_STREAM, AEAD_IMPLICIT_DATA_SIZE, 0, 1},
{"AES-256-GCM", GNUTLS_CIPHER_AES_256_GCM, 16, 32, CIPHER_STREAM, AEAD_IMPLICIT_DATA_SIZE, 0, 1},
{"ARCFOUR-128", GNUTLS_CIPHER_ARCFOUR_128, 1, 16, CIPHER_STREAM, 0, 0, 0},
+ {"SALSA20R20-128", GNUTLS_CIPHER_SALSA20R20_128, 1, 16, CIPHER_STREAM, 8, 0, 0},
+ {"SALSA20R20-256", GNUTLS_CIPHER_SALSA20R20_256, 1, 32, CIPHER_STREAM, 8, 0, 0},
{"CAMELLIA-256-CBC", GNUTLS_CIPHER_CAMELLIA_256_CBC, 16, 32, CIPHER_BLOCK,
16, 0, 0},
{"CAMELLIA-192-CBC", GNUTLS_CIPHER_CAMELLIA_192_CBC, 16, 24, CIPHER_BLOCK,
@@ -112,6 +114,39 @@ gnutls_cipher_get_block_size (gnutls_cipher_algorithm_t algorithm)
}
+/**
+ * gnutls_cipher_get_iv_size:
+ * @algorithm: is an encryption algorithm
+ *
+ * Get block size for encryption algorithm.
+ *
+ * Returns: block size for encryption algorithm.
+ *
+ * Since: 3.1.10
+ **/
+int
+gnutls_cipher_get_iv_size (gnutls_cipher_algorithm_t algorithm)
+{
+ size_t ret = 0;
+ GNUTLS_ALG_LOOP (ret = p->iv);
+ return ret;
+}
+
+int
+_gnutls_cipher_get_tag_size (gnutls_cipher_algorithm_t algorithm)
+{
+ size_t ret = 0;
+
+ GNUTLS_ALG_LOOP (
+ if (p->auth)
+ ret = p->block; /* FIXME: happens to be the same for now */
+ else
+ ret = 0;
+ );
+ return ret;
+
+}
+
/* returns the priority */
int
_gnutls_cipher_priority (gnutls_session_t session,
@@ -165,14 +200,6 @@ gnutls_cipher_get_key_size (gnutls_cipher_algorithm_t algorithm)
}
-int
-_gnutls_cipher_get_iv_size (gnutls_cipher_algorithm_t algorithm)
-{ /* In bytes */
- size_t ret = 0;
- GNUTLS_ALG_LOOP (ret = p->iv);
- return ret;
-
-}
int
_gnutls_cipher_get_export_flag (gnutls_cipher_algorithm_t algorithm)
diff --git a/lib/algorithms/ciphersuites.c b/lib/algorithms/ciphersuites.c
index 817f07b659..d7b90903c6 100644
--- a/lib/algorithms/ciphersuites.c
+++ b/lib/algorithms/ciphersuites.c
@@ -120,7 +120,6 @@ typedef struct
/* DHE DSS
*/
-
#define GNUTLS_DHE_DSS_3DES_EDE_CBC_SHA1 { 0x00, 0x13 }
@@ -218,6 +217,12 @@ typedef struct
#define GNUTLS_ECDHE_PSK_NULL_SHA256 { 0xC0, 0x3A }
#define GNUTLS_ECDHE_PSK_NULL_SHA384 { 0xC0, 0x3B }
+/* Salsa 20 */
+#define GNUTLS_RSA_WITH_SALSA20R20_128_SHA256 {0xFA, 0xA1}
+#define GNUTLS_RSA_WITH_SALSA20R20_256_SHA256 {0xFA, 0xA2}
+#define GNUTLS_RSA_WITH_SALSA20R20_128_SHA1 {0xFA, 0xA3}
+#define GNUTLS_RSA_WITH_SALSA20R20_256_SHA1 {0xFA, 0xA4}
+
#define CIPHER_SUITES_COUNT (sizeof(cs_algorithms)/sizeof(gnutls_cipher_suite_entry)-1)
static const gnutls_cipher_suite_entry cs_algorithms[] = {
@@ -277,6 +282,24 @@ static const gnutls_cipher_suite_entry cs_algorithms[] = {
GNUTLS_CIPHER_AES_128_GCM, GNUTLS_KX_RSA,
GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
GNUTLS_VERSION_MAX, 1),
+/* Salsa20 */
+ ENTRY (GNUTLS_RSA_WITH_SALSA20R20_128_SHA1,
+ GNUTLS_CIPHER_SALSA20R20_128, GNUTLS_KX_RSA,
+ GNUTLS_MAC_SHA1, GNUTLS_TLS1_0,
+ GNUTLS_VERSION_MAX, 1),
+ ENTRY (GNUTLS_RSA_WITH_SALSA20R20_256_SHA1,
+ GNUTLS_CIPHER_SALSA20R20_256, GNUTLS_KX_RSA,
+ GNUTLS_MAC_SHA1, GNUTLS_TLS1_0,
+ GNUTLS_VERSION_MAX, 1),
+
+ ENTRY (GNUTLS_RSA_WITH_SALSA20R20_128_SHA256,
+ GNUTLS_CIPHER_SALSA20R20_128, GNUTLS_KX_RSA,
+ GNUTLS_MAC_SHA256, GNUTLS_TLS1_0,
+ GNUTLS_VERSION_MAX, 1),
+ ENTRY (GNUTLS_RSA_WITH_SALSA20R20_256_SHA256,
+ GNUTLS_CIPHER_SALSA20R20_256, GNUTLS_KX_RSA,
+ GNUTLS_MAC_SHA256, GNUTLS_TLS1_0,
+ GNUTLS_VERSION_MAX, 1),
/* DHE_DSS */
#ifdef ENABLE_DHE
diff --git a/lib/gnutls_cipher.c b/lib/gnutls_cipher.c
index 1a70a10023..8531a4c7b0 100644
--- a/lib/gnutls_cipher.c
+++ b/lib/gnutls_cipher.c
@@ -323,7 +323,9 @@ compressed_to_ciphertext (gnutls_session_t session,
int explicit_iv = _gnutls_version_has_explicit_iv (session->security_parameters.version);
int auth_cipher = _gnutls_auth_cipher_is_aead(&params->write.cipher_state);
uint8_t nonce[MAX_CIPHER_BLOCK_SIZE];
+ unsigned iv_size;
+ iv_size = gnutls_cipher_get_iv_size(params->cipher_algorithm);
_gnutls_hard_log("ENC[%p]: cipher: %s, MAC: %s, Epoch: %u\n",
session, gnutls_cipher_get_name(params->cipher_algorithm), gnutls_mac_get_name(params->mac_algorithm),
@@ -349,9 +351,12 @@ compressed_to_ciphertext (gnutls_session_t session,
auth_cipher, blocksize);
}
else
- length_to_encrypt = length =
- calc_enc_length_stream (session, compressed->size, tag_size,
- auth_cipher);
+ {
+ length_to_encrypt = length =
+ calc_enc_length_stream (session, compressed->size, tag_size,
+ auth_cipher);
+ }
+
if (length < 0)
{
return gnutls_assert_val(length);
@@ -403,12 +408,17 @@ compressed_to_ciphertext (gnutls_session_t session,
*/
length_to_encrypt -= AEAD_EXPLICIT_DATA_SIZE + tag_size;
}
+ else if (iv_size > 0)
+ _gnutls_auth_cipher_setiv(&params->write.cipher_state, UINT64DATA(params->write.sequence_number), 8);
}
else
{
/* AEAD ciphers have an explicit IV. Shouldn't be used otherwise.
*/
- if (auth_cipher) return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
+ if (auth_cipher)
+ return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
+ else if (iv_size > 0)
+ _gnutls_auth_cipher_setiv(&params->write.cipher_state, UINT64DATA(params->write.sequence_number), 8);
}
memcpy (data_ptr, compressed->data, compressed->size);
@@ -646,10 +656,11 @@ ciphertext_to_compressed (gnutls_session_t session,
unsigned int ver = gnutls_protocol_get_version (session);
unsigned int tag_size = _gnutls_auth_cipher_tag_len (&params->read.cipher_state);
unsigned int explicit_iv = _gnutls_version_has_explicit_iv (session->security_parameters.version);
-
+ unsigned iv_size;
+
+ iv_size = gnutls_cipher_get_iv_size(params->cipher_algorithm);
blocksize = gnutls_cipher_get_block_size (params->cipher_algorithm);
-
/* actual decryption (inplace)
*/
switch (_gnutls_cipher_is_block (params->cipher_algorithm))
@@ -679,6 +690,11 @@ ciphertext_to_compressed (gnutls_session_t session,
length_to_decrypt = ciphertext->size - tag_size;
}
+ else if (iv_size > 0)
+ { /* a stream cipher with explicit IV */
+ _gnutls_auth_cipher_setiv(&params->read.cipher_state, UINT64DATA(*sequence), 8);
+ length_to_decrypt = ciphertext->size;
+ }
else
{
if (ciphertext->size < tag_size)
diff --git a/lib/gnutls_constate.c b/lib/gnutls_constate.c
index 4f798138bf..e86fb2c0e1 100644
--- a/lib/gnutls_constate.c
+++ b/lib/gnutls_constate.c
@@ -298,7 +298,8 @@ _gnutls_init_record_state (record_parameters_st * params, gnutls_protocol_t ver,
if (!_gnutls_version_has_explicit_iv(ver))
{
- iv = &state->IV;
+ if (_gnutls_cipher_is_block (params->cipher_algorithm) != CIPHER_STREAM)
+ iv = &state->IV;
}
ret = _gnutls_auth_cipher_init (&state->cipher_state,
@@ -424,7 +425,7 @@ _gnutls_epoch_set_keys (gnutls_session_t session, uint16_t epoch)
if (_gnutls_compression_is_ok (comp_algo) != 0)
return gnutls_assert_val (GNUTLS_E_UNKNOWN_COMPRESSION_ALGORITHM);
- IV_size = _gnutls_cipher_get_iv_size (cipher_algo);
+ IV_size = gnutls_cipher_get_iv_size (cipher_algo);
key_size = gnutls_cipher_get_key_size (cipher_algo);
export_flag = _gnutls_cipher_get_export_flag (cipher_algo);
hash_size = _gnutls_hmac_get_algo_len (mac_algo);
diff --git a/lib/gnutls_dtls.c b/lib/gnutls_dtls.c
index 4ad513afc6..24fa2e1c18 100644
--- a/lib/gnutls_dtls.c
+++ b/lib/gnutls_dtls.c
@@ -602,7 +602,7 @@ int total = 0, ret, iv_size;
return gnutls_assert_val(ret);
/* requires padding */
- iv_size = _gnutls_cipher_get_iv_size(params->cipher_algorithm);
+ iv_size = gnutls_cipher_get_iv_size(params->cipher_algorithm);
if (_gnutls_cipher_is_block (params->cipher_algorithm) == CIPHER_BLOCK)
{
diff --git a/lib/includes/gnutls/crypto.h b/lib/includes/gnutls/crypto.h
index 39946fa4f9..1bc429040c 100644
--- a/lib/includes/gnutls/crypto.h
+++ b/lib/includes/gnutls/crypto.h
@@ -52,6 +52,7 @@ extern "C"
void gnutls_cipher_deinit (gnutls_cipher_hd_t handle);
int gnutls_cipher_get_block_size (gnutls_cipher_algorithm_t algorithm);
+ int gnutls_cipher_get_iv_size (gnutls_cipher_algorithm_t algorithm);
typedef struct hash_hd_st *gnutls_hash_hd_t;
diff --git a/lib/includes/gnutls/gnutls.h.in b/lib/includes/gnutls/gnutls.h.in
index 851d397ae3..00c9689870 100644
--- a/lib/includes/gnutls/gnutls.h.in
+++ b/lib/includes/gnutls/gnutls.h.in
@@ -111,6 +111,8 @@ extern "C"
GNUTLS_CIPHER_AES_128_GCM = 93,
GNUTLS_CIPHER_AES_256_GCM = 94,
GNUTLS_CIPHER_CAMELLIA_192_CBC = 95,
+ GNUTLS_CIPHER_SALSA20R20_128 = 96,
+ GNUTLS_CIPHER_SALSA20R20_256 = 97,
/* used only for PGP internals. Ignored in TLS/SSL
*/
diff --git a/lib/libgnutls.map b/lib/libgnutls.map
index 4c7719639d..5c57278290 100644
--- a/lib/libgnutls.map
+++ b/lib/libgnutls.map
@@ -903,6 +903,7 @@ GNUTLS_3_1_0 {
gnutls_session_get_desc;
gnutls_privkey_sign_raw_data;
gnutls_privkey_status;
+ gnutls_cipher_get_iv_size;
} GNUTLS_3_0_0;
GNUTLS_PRIVATE {
diff --git a/lib/nettle/cipher.c b/lib/nettle/cipher.c
index ebd947e5b4..f17cc44a0e 100644
--- a/lib/nettle/cipher.c
+++ b/lib/nettle/cipher.c
@@ -30,6 +30,7 @@
#include <nettle/camellia.h>
#include <nettle/arcfour.h>
#include <nettle/arctwo.h>
+#include <nettle/salsa20.h>
#include <nettle/des.h>
#include <nettle/nettle-meta.h>
#include <nettle/cbc.h>
@@ -69,6 +70,7 @@ struct nettle_cipher_ctx
struct des3_ctx des3;
struct des_ctx des;
struct gcm_aes_ctx aes_gcm;
+ struct salsa20_ctx salsa20;
} ctx;
void *ctx_ptr;
uint8_t iv[MAX_BLOCK_SIZE];
@@ -116,6 +118,8 @@ static int wrap_nettle_cipher_exists(gnutls_cipher_algorithm_t algo)
case GNUTLS_CIPHER_3DES_CBC:
case GNUTLS_CIPHER_DES_CBC:
case GNUTLS_CIPHER_ARCFOUR_128:
+ case GNUTLS_CIPHER_SALSA20R20_128:
+ case GNUTLS_CIPHER_SALSA20R20_256:
case GNUTLS_CIPHER_ARCFOUR_40:
case GNUTLS_CIPHER_RC2_40_CBC:
return 1;
@@ -196,6 +200,15 @@ wrap_nettle_cipher_init (gnutls_cipher_algorithm_t algo, void **_ctx, int enc)
ctx->ctx_ptr = &ctx->ctx.arcfour;
ctx->block_size = 1;
break;
+ case GNUTLS_CIPHER_SALSA20R20_128:
+ case GNUTLS_CIPHER_SALSA20R20_256:
+ ctx->encrypt = stream_encrypt;
+ ctx->decrypt = stream_encrypt;
+ ctx->i_encrypt = (nettle_crypt_func *) salsa20_crypt;
+ ctx->i_decrypt = (nettle_crypt_func *) salsa20_crypt;
+ ctx->ctx_ptr = &ctx->ctx.salsa20;
+ ctx->block_size = 1;
+ break;
case GNUTLS_CIPHER_RC2_40_CBC:
ctx->encrypt = cbc_encrypt;
ctx->decrypt = cbc_decrypt;
@@ -278,6 +291,10 @@ wrap_nettle_cipher_setkey (void *_ctx, const void *key, size_t keysize)
case GNUTLS_CIPHER_ARCFOUR_40:
arcfour_set_key (ctx->ctx_ptr, keysize, key);
break;
+ case GNUTLS_CIPHER_SALSA20R20_128:
+ case GNUTLS_CIPHER_SALSA20R20_256:
+ salsa20_set_key (ctx->ctx_ptr, keysize, key);
+ break;
case GNUTLS_CIPHER_RC2_40_CBC:
arctwo_set_key (ctx->ctx_ptr, keysize, key);
break;
@@ -299,19 +316,20 @@ struct nettle_cipher_ctx *ctx = _ctx;
case GNUTLS_CIPHER_AES_128_GCM:
case GNUTLS_CIPHER_AES_256_GCM:
if (ivsize != GCM_DEFAULT_NONCE_SIZE)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
gcm_aes_set_iv(&ctx->ctx.aes_gcm, GCM_DEFAULT_NONCE_SIZE, iv);
break;
+ case GNUTLS_CIPHER_SALSA20R20_128:
+ case GNUTLS_CIPHER_SALSA20R20_256:
+ if (ivsize != SALSA20_IV_SIZE)
+ return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+
+ salsa20_set_iv(&ctx->ctx.salsa20, iv);
+ break;
default:
if (ivsize > ctx->block_size)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
memcpy (ctx->iv, iv, ivsize);
}
diff --git a/lib/x509/privkey_openssl.c b/lib/x509/privkey_openssl.c
index 9945733d33..389f531e34 100644
--- a/lib/x509/privkey_openssl.c
+++ b/lib/x509/privkey_openssl.c
@@ -181,7 +181,7 @@ gnutls_x509_privkey_import_openssl (gnutls_x509_privkey_t key,
return GNUTLS_E_INVALID_REQUEST;
}
- iv_size = _gnutls_cipher_get_iv_size(cipher);
+ iv_size = gnutls_cipher_get_iv_size(cipher);
salt.size = iv_size;
salt.data = gnutls_malloc (salt.size);
if (!salt.data)
diff --git a/lib/x509/privkey_pkcs8.c b/lib/x509/privkey_pkcs8.c
index a5e73447f9..1bbfc78223 100644
--- a/lib/x509/privkey_pkcs8.c
+++ b/lib/x509/privkey_pkcs8.c
@@ -2070,7 +2070,7 @@ generate_key (schema_id schema,
key->size = kdf_params->key_size =
gnutls_cipher_get_key_size (enc_params->cipher);
- enc_params->iv_size = _gnutls_cipher_get_iv_size (enc_params->cipher);
+ enc_params->iv_size = gnutls_cipher_get_iv_size (enc_params->cipher);
key->data = gnutls_malloc (key->size);
if (key->data == NULL)
{
diff --git a/src/benchmark-cipher.c b/src/benchmark-cipher.c
index b620723a2a..0a4510f86d 100644
--- a/src/benchmark-cipher.c
+++ b/src/benchmark-cipher.c
@@ -48,7 +48,7 @@ cipher_mac_bench (int algo, int mac_algo, int size)
gnutls_hmac_hd_t mac_ctx;
void *_key, *_iv;
gnutls_datum_t key, iv;
- int blocksize = gnutls_cipher_get_block_size (algo);
+ int ivsize = gnutls_cipher_get_iv_size(algo);
int keysize = gnutls_cipher_get_key_size (algo);
int step = size*1024;
struct benchmark_st st;
@@ -58,13 +58,13 @@ cipher_mac_bench (int algo, int mac_algo, int size)
return;
memset (_key, 0xf0, keysize);
- _iv = malloc (blocksize);
+ _iv = malloc (ivsize);
if (_iv == NULL)
return;
- memset (_iv, 0xf0, blocksize);
+ memset (_iv, 0xf0, ivsize);
iv.data = _iv;
- iv.size = blocksize;
+ iv.size = ivsize;
key.data = _key;
key.size = keysize;
@@ -118,7 +118,7 @@ cipher_bench (int algo, int size, int aead)
gnutls_cipher_hd_t ctx;
void *_key, *_iv;
gnutls_datum_t key, iv;
- int blocksize = gnutls_cipher_get_block_size (algo);
+ int ivsize = gnutls_cipher_get_iv_size(algo);
int keysize = gnutls_cipher_get_key_size (algo);
int step = size*1024;
struct benchmark_st st;
@@ -128,14 +128,14 @@ cipher_bench (int algo, int size, int aead)
return;
memset (_key, 0xf0, keysize);
- _iv = malloc (blocksize);
+ _iv = malloc (ivsize);
if (_iv == NULL)
return;
- memset (_iv, 0xf0, blocksize);
+ memset (_iv, 0xf0, ivsize);
iv.data = _iv;
if (aead) iv.size = 12;
- else iv.size = blocksize;
+ else iv.size = ivsize;
key.data = _key;
key.size = keysize;
@@ -212,6 +212,7 @@ void benchmark_cipher (int init, int debug_level)
gnutls_rnd( GNUTLS_RND_NONCE, data, sizeof(data));
}
+ cipher_mac_bench ( GNUTLS_CIPHER_SALSA20R20_128, GNUTLS_MAC_SHA1, 16);
cipher_mac_bench ( GNUTLS_CIPHER_AES_128_CBC, GNUTLS_MAC_SHA1, 16);
cipher_mac_bench ( GNUTLS_CIPHER_AES_128_CBC, GNUTLS_MAC_SHA256, 16);
cipher_bench ( GNUTLS_CIPHER_AES_128_GCM, 16, 1);
@@ -226,5 +227,7 @@ void benchmark_cipher (int init, int debug_level)
cipher_bench (GNUTLS_CIPHER_ARCFOUR, 16, 0);
+ cipher_bench ( GNUTLS_CIPHER_SALSA20R20_128, 16, 0);
+
gnutls_global_deinit();
}
diff --git a/src/benchmark-tls.c b/src/benchmark-tls.c
index 59b269a647..eb82c8e68e 100644
--- a/src/benchmark-tls.c
+++ b/src/benchmark-tls.c
@@ -52,6 +52,7 @@ const char* side = "";
#define PRIO_ARCFOUR_128_MD5 "NONE:+VERS-TLS1.0:+ARCFOUR-128:+MD5:+SIGN-ALL:+COMP-NULL:+ANON-DH"
#define PRIO_AES_GCM "NONE:+VERS-TLS1.2:+AES-128-GCM:+AEAD:+SIGN-ALL:+COMP-NULL:+ANON-DH"
#define PRIO_CAMELLIA_CBC_SHA1 "NONE:+VERS-TLS1.0:+CAMELLIA-128-CBC:+SHA1:+SIGN-ALL:+COMP-NULL:+ANON-DH"
+#define PRIO_SALSA20R20_128_SHA1 "NONE:+VERS-TLS1.0:+SALSA20R20-128:+SHA1:+SIGN-ALL:+COMP-NULL:+ANON-DH"
static const int rsa_bits = 1776, ec_bits = 192;
@@ -426,6 +427,11 @@ void benchmark_tls(int debug_level, int ciphers)
test_ciphersuite(PRIO_ARCFOUR_128_MD5, 8 * 1024);
test_ciphersuite(PRIO_ARCFOUR_128_MD5, 15 * 1024);
+ test_ciphersuite(PRIO_SALSA20R20_128_SHA1, 1024);
+ test_ciphersuite(PRIO_SALSA20R20_128_SHA1, 4096);
+ test_ciphersuite(PRIO_SALSA20R20_128_SHA1, 8*1024);
+ test_ciphersuite(PRIO_SALSA20R20_128_SHA1, 15*1024);
+
test_ciphersuite(PRIO_AES_GCM, 1024);
test_ciphersuite(PRIO_AES_GCM, 4096);
test_ciphersuite(PRIO_AES_GCM, 8 * 1024);
View Lorry Controller Status