From patchwork Tue Oct  9 09:43:15 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steffan Karger <steffan@karger.me>
X-Patchwork-Id: 524
Return-Path: <openvpn-devel-bounces@lists.sourceforge.net>
Delivered-To: patchwork@openvpn.net
Delivered-To: patchwork@openvpn.net
Received: from director10.mail.ord1d.rsapps.net ([172.30.191.6])
	by backend30.mail.ord1d.rsapps.net with LMTP id SEB8BR0TvVu9RgAAIUCqbw
	for <patchwork@openvpn.net>; Tue, 09 Oct 2018 16:44:13 -0400
Received: from proxy8.mail.ord1d.rsapps.net ([172.30.191.6])
	by director10.mail.ord1d.rsapps.net with LMTP id AHJMBR0TvVtTZwAApN4f7A
	; Tue, 09 Oct 2018 16:44:13 -0400
Received: from smtp13.gate.ord1d ([172.30.191.6])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	by proxy8.mail.ord1d.rsapps.net with LMTP id WF8qBR0TvVvqOwAAGdz6CA
	; Tue, 09 Oct 2018 16:44:13 -0400
X-Spam-Threshold: 95
X-Spam-Score: 0
X-Spam-Flag: NO
X-Virus-Scanned: OK
X-Orig-To: openvpnslackdevel@openvpn.net
X-Originating-Ip: [216.105.38.7]
Authentication-Results: smtp13.gate.ord1d.rsapps.net;
 iprev=pass policy.iprev="216.105.38.7";
 spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net"
 smtp.helo="lists.sourceforge.net";
 dkim=fail (signature verification failed) header.d=sourceforge.net;
 dkim=fail (signature verification failed) header.d=sf.net;
 dkim=fail (signature verification failed)
 header.d=karger-me.20150623.gappssmtp.com; dmarc=none (p=nil;
 dis=none) header.from=karger.me
X-Suspicious-Flag: YES
X-Classification-ID: 13c3986c-cc04-11e8-bc05-525400b197d9-1-1
Received: from [216.105.38.7] ([216.105.38.7:60936]
 helo=lists.sourceforge.net)
	by smtp13.gate.ord1d.rsapps.net (envelope-from
 <openvpn-devel-bounces@lists.sourceforge.net>)
	(ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384)
	id ED/B7-21675-C131DBB5; Tue, 09 Oct 2018 16:44:12 -0400
Received: from [127.0.0.1] (helo=sfs-ml-4.v29.lw.sourceforge.com)
	by sfs-ml-4.v29.lw.sourceforge.com with esmtp (Exim 4.90_1)
	(envelope-from <openvpn-devel-bounces@lists.sourceforge.net>)
	id 1g9yqr-0003BG-UQ; Tue, 09 Oct 2018 20:43:33 +0000
Received: from [172.30.20.202] (helo=mx.sourceforge.net)
 by sfs-ml-4.v29.lw.sourceforge.com with esmtps
 (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.90_1)
 (envelope-from <steffan@karger.me>) id 1g9yqq-0003BA-DK
 for openvpn-devel@lists.sourceforge.net; Tue, 09 Oct 2018 20:43:32 +0000
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
 d=sourceforge.net; s=x; h=References:In-Reply-To:Message-Id:Date:Subject:Cc:
 To:From:Sender:Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding:
 Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender:
 Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:
 List-Subscribe:List-Post:List-Owner:List-Archive;
 bh=0ehMzn/VGnn+6J1Oiv1zXRHC+GQuQWHXz049+aRcLhk=; b=fU9fma5kxKdQ6EWF3Gq/tkLm4G
 irCqgPmmctoh4FwUqmrspCsUv/7z3OVDQjbVS2RcfYylzx3n6CDH1Ece7cG9igsfgugAHMRBHPwuY
 CoJknoh7mh0YW07b6uh1yBP2+knZpSI+RMnmpIcJhLfwnzVR69LKzoEiJdresXDy3Z50=;
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x
 ;
 h=References:In-Reply-To:Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To
 :MIME-Version:Content-Type:Content-Transfer-Encoding:Content-ID:
 Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc
 :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe:
 List-Post:List-Owner:List-Archive;
 bh=0ehMzn/VGnn+6J1Oiv1zXRHC+GQuQWHXz049+aRcLhk=; b=LgXOlXg5UgD72WgoOmZPBvEK8U
 HHrNpQdE2CtAMmJ3CzPL/coj+LHiKJhn/hcSE89uykH26tCIZK2eMW+IeKof9EAprTGqYOfzBatji
 pa38GmtF853JcMuNo1Bo55frtzPOgI9NwIh6A3LLjFNYtY3Bi2oQINJDyy1LkNtTEseE=;
Received: from mail-ed1-f52.google.com ([209.85.208.52])
 by sfi-mx-2.v28.lw.sourceforge.com with esmtps
 (TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.90_1)
 id 1g9yqm-00G2iD-SX
 for openvpn-devel@lists.sourceforge.net; Tue, 09 Oct 2018 20:43:32 +0000
Received: by mail-ed1-f52.google.com with SMTP id c1-v6so2958522ede.5
 for <openvpn-devel@lists.sourceforge.net>;
 Tue, 09 Oct 2018 13:43:28 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=karger-me.20150623.gappssmtp.com; s=20150623;
 h=from:to:cc:subject:date:message-id:in-reply-to:references;
 bh=0ehMzn/VGnn+6J1Oiv1zXRHC+GQuQWHXz049+aRcLhk=;
 b=jKwyJRyzF21Xxgt6T15kRlFiRW/vxOHXMpov821T1VQQRshkby3awkshcw5mY20+y0
 vWoJ2kpuXVT5xrw/O2OieFi7VykJbuNwk7G/20BzHXgs1woneg/obxidgasBdckFQCql
 iRjvI4ZJUPIQDfe3azOvN59cORb/IkoZeH6qUP69vKUDmSsMGSa46yjW3UypU43ItE/B
 WDAZYG4jTuwDJMKrBD0Ldkr3cIvvY+8KQQxZCP/s71IHZu7f7IPn8G2UwKt9iyLiRss2
 w3Lf/Go57UjRvb7XksmYqS7RjBwUuhNBICx4cvsbkk1mNB1TI8Z0h0gppRIHK7v5lnl+
 ik6A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
 :references;
 bh=0ehMzn/VGnn+6J1Oiv1zXRHC+GQuQWHXz049+aRcLhk=;
 b=osk6PDt4fFg53S7QX47VI+AVrGgKkhfhjbtIVJv+hqDvl2oo60NUV2UGXJOvqQ5/uC
 tZiftP/SAQYms59t2eU0fBrFuzLYnX5ZnERZQZhciV9ldLdw3SCTa+KsCj7Sf/jbYJ7N
 X5VAn0kG7aRSayel3PlxCoFkuGoZRHjH1cGumtaeS3W1Qt0/TGb6ih2kpJDW/2axtSwZ
 0R4uO+xcPr/e5YfuL0QvpBxWGBlL5Cr30l2zxym5cHSFsqmBXPC/Sb+pTKI18PptfFpu
 sa/4rcTr/zd60wzZSAKoe5/DymuE+8VSatLA5kfbePr5BOX+VQ/2F+9MpkHvB+h5UL91
 l7tg==
X-Gm-Message-State: ABuFfogIx5HmrZVfzV19Pk6KAM4X6G3UrOJHr/Iz2aLbAN9DZ25YBLY0
 KBZQZZOrrEpogUlb6Yh4LO3SLyoFH88=
X-Google-Smtp-Source: 
 ACcGV611mrXRTk4qKl5oCEueqv6DSQ+Lpu/0qWe3n6jd9CDoJgwvzp/wyBXhSqZEcLONDCQyAzNF1A==
X-Received: by 2002:a50:ad96:: with SMTP id
 a22-v6mr36259308edd.274.1539117801786;
 Tue, 09 Oct 2018 13:43:21 -0700 (PDT)
Received: from vesta.fritz.box ([2001:985:e54:1:f08c:164a:8f9b:cac])
 by smtp.gmail.com with ESMTPSA id c2sm1833737edv.14.2018.10.09.13.43.20
 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
 Tue, 09 Oct 2018 13:43:21 -0700 (PDT)
From: Steffan Karger <steffan@karger.me>
To: openvpn-devel@lists.sourceforge.net
Date: Tue,  9 Oct 2018 22:43:15 +0200
Message-Id: <20181009204315.8262-1-steffan@karger.me>
X-Mailer: git-send-email 2.17.1
In-Reply-To: <9b927c56-b850-b019-2385-2e9e199389b0@unstable.cc>
References: <9b927c56-b850-b019-2385-2e9e199389b0@unstable.cc>
X-Spam-Report: Spam Filtering performed by mx.sourceforge.net.
 See http://spamassassin.org/tag/ for more details.
 -0.0 RCVD_IN_DNSWL_NONE     RBL: Sender listed at http://www.dnswl.org/, no
 trust [209.85.208.52 listed in list.dnswl.org]
 -0.0 RCVD_IN_MSPIKE_H2      RBL: Average reputation (+2)
 [209.85.208.52 listed in wl.mailspike.net]
 -0.0 SPF_PASS               SPF: sender matches SPF record
 -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
 0.1 DKIM_SIGNED            Message has a DKIM or DK signature,
 not necessarily valid
 -0.0 DKIMWL_WL_MED          DKIMwl.org - Whitelisted Medium sender
X-Headers-End: 1g9yqm-00G2iD-SX
Subject: [Openvpn-devel] [PATCH v3 2/2] List ChaCha20-Poly1305 as stream
 cipher
X-BeenThere: openvpn-devel@lists.sourceforge.net
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: <openvpn-devel.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/options/openvpn-devel>,
 <mailto:openvpn-devel-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: 
 <http://sourceforge.net/mailarchive/forum.php?forum_name=openvpn-devel>
List-Post: <mailto:openvpn-devel@lists.sourceforge.net>
List-Help: <mailto:openvpn-devel-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/openvpn-devel>,
 <mailto:openvpn-devel-request@lists.sourceforge.net?subject=subscribe>
MIME-Version: 1.0
Errors-To: openvpn-devel-bounces@lists.sourceforge.net
X-getmail-retrieved-from-mailbox: Inbox

As Antonio pointed out, "8-bit block cipher" is a bit funny. So teach
print_cipher() to print such cipher as "stream cipher".

Because I didn't want to write the same code twice, I decided to merge the
two print_cipher() implementations into one shared function. That should
make it easier to keep both backends consistent.

Signed-off-by: Steffan Karger <steffan@karger.me>
Acked-by: Antonio Quartulli <a@unstable.cc>
---
 src/openvpn/crypto.c         | 27 +++++++++++++++++++++++++++
 src/openvpn/crypto.h         |  3 +++
 src/openvpn/crypto_mbedtls.c | 24 +++---------------------
 src/openvpn/crypto_mbedtls.h |  4 ++++
 src/openvpn/crypto_openssl.c | 15 ---------------
 src/openvpn/crypto_openssl.h |  4 ++++
 6 files changed, 41 insertions(+), 36 deletions(-)

diff --git a/src/openvpn/crypto.c b/src/openvpn/crypto.c
index 6d34acd7..e81399b7 100644
--- a/src/openvpn/crypto.c
+++ b/src/openvpn/crypto.c
@@ -1769,6 +1769,33 @@ get_random(void)
     return l;
 }
 
+void
+print_cipher(const cipher_kt_t *cipher)
+{
+    const char *var_key_size = cipher_kt_var_key_size(cipher) ?
+        " by default" : "";
+
+    printf("%s  (%d bit key%s, ",
+           translate_cipher_name_to_openvpn(cipher_kt_name(cipher)),
+           cipher_kt_key_size(cipher) * 8, var_key_size);
+
+    if (cipher_kt_block_size(cipher) == 1)
+    {
+        printf("stream cipher");
+    }
+    else
+    {
+        printf("%d bit block", cipher_kt_block_size(cipher) * 8);
+    }
+
+    if (!cipher_kt_mode_cbc(cipher))
+    {
+        printf(", TLS client/server mode only");
+    }
+
+    printf(")\n");
+}
+
 static const cipher_name_pair *
 get_cipher_name_pair(const char *cipher_name)
 {
diff --git a/src/openvpn/crypto.h b/src/openvpn/crypto.h
index f4b3dca3..cf87cb49 100644
--- a/src/openvpn/crypto.h
+++ b/src/openvpn/crypto.h
@@ -465,6 +465,9 @@ void prng_uninit(void);
 /* an analogue to the random() function, but use prng_bytes */
 long int get_random(void);
 
+/** Print a cipher list entry */
+void print_cipher(const cipher_kt_t *cipher);
+
 void test_crypto(struct crypto_options *co, struct frame *f);
 
 
diff --git a/src/openvpn/crypto_mbedtls.c b/src/openvpn/crypto_mbedtls.c
index 0c39eccc..46c3c606 100644
--- a/src/openvpn/crypto_mbedtls.c
+++ b/src/openvpn/crypto_mbedtls.c
@@ -39,6 +39,7 @@
 #include "errlevel.h"
 #include "basic.h"
 #include "buffer.h"
+#include "crypto.h"
 #include "integer.h"
 #include "crypto_backend.h"
 #include "otime.h"
@@ -140,26 +141,6 @@ const cipher_name_pair cipher_name_translation_table[] = {
 const size_t cipher_name_translation_table_count =
     sizeof(cipher_name_translation_table) / sizeof(*cipher_name_translation_table);
 
-static void
-print_cipher(const cipher_kt_t *info)
-{
-    if (info && (cipher_kt_mode_cbc(info)
-#ifdef HAVE_AEAD_CIPHER_MODES
-                 || cipher_kt_mode_aead(info)
-#endif
-                 ))
-    {
-        const char *ssl_only = cipher_kt_mode_cbc(info) ?
-                               "" : ", TLS client/server mode only";
-        const char *var_key_size = info->flags & MBEDTLS_CIPHER_VARIABLE_KEY_LEN ?
-                                   " by default" : "";
-
-        printf("%s  (%d bit key%s, %d bit block%s)\n",
-               cipher_kt_name(info), cipher_kt_key_size(info) * 8, var_key_size,
-               cipher_kt_block_size(info) * 8, ssl_only);
-    }
-}
-
 void
 show_available_ciphers(void)
 {
@@ -175,7 +156,8 @@ show_available_ciphers(void)
     while (*ciphers != 0)
     {
         const cipher_kt_t *info = mbedtls_cipher_info_from_type(*ciphers);
-        if (info && !cipher_kt_insecure(info))
+        if (info && !cipher_kt_insecure(info)
+            && (cipher_kt_mode_aead(info) || cipher_kt_mode_cbc(info)))
         {
             print_cipher(info);
         }
diff --git a/src/openvpn/crypto_mbedtls.h b/src/openvpn/crypto_mbedtls.h
index 452b06ed..81b542bc 100644
--- a/src/openvpn/crypto_mbedtls.h
+++ b/src/openvpn/crypto_mbedtls.h
@@ -146,5 +146,9 @@ mbed_log_func_line_lite(unsigned int flags, int errval,
 #define mbed_ok(errval) \
     mbed_log_func_line_lite(D_CRYPT_ERRORS, errval, __func__, __LINE__)
 
+static inline bool cipher_kt_var_key_size(const cipher_kt_t *cipher)
+{
+    return cipher->flags & MBEDTLS_CIPHER_VARIABLE_KEY_LEN;
+}
 
 #endif /* CRYPTO_MBEDTLS_H_ */
diff --git a/src/openvpn/crypto_openssl.c b/src/openvpn/crypto_openssl.c
index 1c0fae86..7989127b 100644
--- a/src/openvpn/crypto_openssl.c
+++ b/src/openvpn/crypto_openssl.c
@@ -265,21 +265,6 @@ cipher_name_cmp(const void *a, const void *b)
     return strcmp(cipher_name_a, cipher_name_b);
 }
 
-static void
-print_cipher(const EVP_CIPHER *cipher)
-{
-    const char *var_key_size =
-        (EVP_CIPHER_flags(cipher) & EVP_CIPH_VARIABLE_LENGTH) ?
-        " by default" : "";
-    const char *ssl_only = cipher_kt_mode_cbc(cipher) ?
-                           "" : ", TLS client/server mode only";
-
-    printf("%s  (%d bit key%s, %d bit block%s)\n",
-           translate_cipher_name_to_openvpn(EVP_CIPHER_name(cipher)),
-           EVP_CIPHER_key_length(cipher) * 8, var_key_size,
-           cipher_kt_block_size(cipher) * 8, ssl_only);
-}
-
 void
 show_available_ciphers(void)
 {
diff --git a/src/openvpn/crypto_openssl.h b/src/openvpn/crypto_openssl.h
index 0a413705..1ea3e858 100644
--- a/src/openvpn/crypto_openssl.h
+++ b/src/openvpn/crypto_openssl.h
@@ -101,5 +101,9 @@ void crypto_print_openssl_errors(const unsigned int flags);
         msg((flags), __VA_ARGS__); \
     } while (false)
 
+static inline bool cipher_kt_var_key_size(const cipher_kt_t *cipher)
+{
+    return EVP_CIPHER_flags(cipher) & EVP_CIPH_VARIABLE_LENGTH;
+}
 
 #endif /* CRYPTO_OPENSSL_H_ */