mirror of
https://github.com/ntop/n2n.git
synced 2024-09-20 00:51:10 +02:00
Merge pull request #426 from Logan007/aesKeyLenTrgrs
adopted aes key-length trigger values
This commit is contained in:
commit
4759a99eb4
|
@ -40,6 +40,8 @@ AES also prepends a random value to the plaintext. Its size is adjustable by cha
|
||||||
|
|
||||||
Apart from n2n's plain C implementation, Intel's AES-NI is supported – again, please have a look at the [Building document](./Building.md). In case of openSSL support its `evp_*` interface gets used which also offers hardware acceleration where available (SSE, AES-NI, …). It however is slower than the following stream ciphers because the CBC mode cannot compete with the optimized stream ciphers.
|
Apart from n2n's plain C implementation, Intel's AES-NI is supported – again, please have a look at the [Building document](./Building.md). In case of openSSL support its `evp_*` interface gets used which also offers hardware acceleration where available (SSE, AES-NI, …). It however is slower than the following stream ciphers because the CBC mode cannot compete with the optimized stream ciphers.
|
||||||
|
|
||||||
|
This cipher's different key-sizes are triggered by the length of the user-provided key: 22 characters or less make n2n use AES-128, between 23 and 32 characters lead to AES-192, and 33 or more characters trigger AES-256.
|
||||||
|
|
||||||
### ChaCha20
|
### ChaCha20
|
||||||
|
|
||||||
ChaCha20 was the first stream cipher supported by n2n.
|
ChaCha20 was the first stream cipher supported by n2n.
|
||||||
|
|
|
@ -187,10 +187,11 @@ static int setup_aes_key(transop_aes_t *priv, const uint8_t *password, ssize_t p
|
||||||
pearson_hash_256(key_mat, password, password_len);
|
pearson_hash_256(key_mat, password, password_len);
|
||||||
|
|
||||||
// the length-dependant scheme for key setup was discussed on github:
|
// the length-dependant scheme for key setup was discussed on github:
|
||||||
// https://github.com/ntop/n2n/issues/101
|
// https://github.com/ntop/n2n/issues/101 -- as no iv encryption required
|
||||||
if(password_len >= 65) {
|
// anymore, the key-size trigger values were roughly halved
|
||||||
|
if(password_len >= 33) {
|
||||||
key_size = AES256_KEY_BYTES; // 256 bit
|
key_size = AES256_KEY_BYTES; // 256 bit
|
||||||
} else if(password_len >= 44) {
|
} else if(password_len >= 23) {
|
||||||
key_size = AES192_KEY_BYTES; // 192 bit
|
key_size = AES192_KEY_BYTES; // 192 bit
|
||||||
} else {
|
} else {
|
||||||
key_size = AES128_KEY_BYTES; // 128 bit
|
key_size = AES128_KEY_BYTES; // 128 bit
|
||||||
|
|
Loading…
Reference in New Issue
Block a user