search for: cipher_keylen

...+ * Otherwise, use the RFC4344 s3.2 recommendation of 2**(L/4) blocks + * before rekeying where L is the blocksize in bits. + * Most other ciphers have a 128 bit blocksize, so this equates to + * 2**32 blocks / 64GB data. + */ + return (uint64_t)1 << (c->block_size * 2); +} + u_int cipher_keylen(const struct sshcipher *c) { diff --git a/cipher.h b/cipher.h index 1a591cd..68be9ed 100644 --- a/cipher.h +++ b/cipher.h @@ -63,6 +63,7 @@ int cipher_get_length(struct sshcipher_ctx *, u_int *, u_int, const u_char *, u_int); void cipher_free(struct sshcipher_ctx *); u_int cipher_blocksi...

...e; + /* + * Otherwise, use the RFC4344 s3.2 recommendation of 2**(L/4) blocks + * before rekeying where L is the blocksize in bits. + * Most other ciphers have a 128 bit blocksize, so this equates to + * 2**32 blocks / 64GB data. + */ + return (uint64_t)1 << (c->block_size * 2); +} + u_int cipher_keylen(const struct sshcipher *c) { diff --git a/cipher.h b/cipher.h index 1a591cd..68be9ed 100644 --- a/cipher.h +++ b/cipher.h @@ -63,6 +63,7 @@ int cipher_get_length(struct sshcipher_ctx *, u_int *, u_int, const u_char *, u_int); void cipher_free(struct sshcipher_ctx *); u_int cipher_blocksize(const st...

...ecommendation of 2**(L/4) blocks > + * before rekeying where L is the blocksize in bits. > + * Most other ciphers have a 128 bit blocksize, so this equates to > + * 2**32 blocks / 64GB data. > + */ > + return (uint64_t)1 << (c->block_size * 2); > +} > + > u_int > cipher_keylen(const struct sshcipher *c) > { > diff --git a/cipher.h b/cipher.h > index 1a591cd..68be9ed 100644 > --- a/cipher.h > +++ b/cipher.h > @@ -63,6 +63,7 @@ int cipher_get_length(struct sshcipher_ctx *, u_int *, > u_int, > const u_char *, u_int); > void cipher_free(struct sshc...

I was wondering if there was something specific to the internal chacha20 cipher as opposed to OpenSSL implementation. I can't just change the block size because it breaks compatibility. I can do something like as a hack (though it would probably be better to do it with the compat function): if (strstr(enc->name, "chacha")) *max_blocks = (u_int64_t)1 << (16*2);

...ecommendation of 2**(L/4) blocks > + * before rekeying where L is the blocksize in bits. > + * Most other ciphers have a 128 bit blocksize, so this equates to > + * 2**32 blocks / 64GB data. > + */ > + return (uint64_t)1 << (c->block_size * 2); > +} > + > u_int > cipher_keylen(const struct sshcipher *c) > { > diff --git a/cipher.h b/cipher.h > index 1a591cd..68be9ed 100644 > --- a/cipher.h > +++ b/cipher.h > @@ -63,6 +63,7 @@ int cipher_get_length(struct sshcipher_ctx *, u_int *, > u_int, > const u_char *, u_int); > void cipher_free(struct sshc...