svn commit: r344714 - head/sys/crypto/chacha20

Conrad Meyer cem at FreeBSD.org
Fri Mar 1 23:30:24 UTC 2019


Author: cem
Date: Fri Mar  1 23:30:23 2019
New Revision: 344714
URL: https://svnweb.freebsd.org/changeset/base/344714

Log:
  Embedded chacha: Add 0-bit iv + 128-bit counter mode
  
  This mode might be suitable for a Fortuna keystream primitive.
  
  Reviewed by:	markm
  Sponsored by:	Dell EMC Isilon
  Differential Revision:	https://reviews.freebsd.org/D19410

Modified:
  head/sys/crypto/chacha20/chacha.c
  head/sys/crypto/chacha20/chacha.h

Modified: head/sys/crypto/chacha20/chacha.c
==============================================================================
--- head/sys/crypto/chacha20/chacha.c	Fri Mar  1 22:51:45 2019	(r344713)
+++ head/sys/crypto/chacha20/chacha.c	Fri Mar  1 23:30:23 2019	(r344714)
@@ -84,13 +84,33 @@ chacha_keysetup(chacha_ctx *x,const u8 *k,u32 kbits)
 LOCAL void
 chacha_ivsetup(chacha_ctx *x, const u8 *iv, const u8 *counter)
 {
+#ifndef CHACHA_NONCE0_CTR128
   x->input[12] = counter == NULL ? 0 : U8TO32_LITTLE(counter + 0);
   x->input[13] = counter == NULL ? 0 : U8TO32_LITTLE(counter + 4);
   x->input[14] = U8TO32_LITTLE(iv + 0);
   x->input[15] = U8TO32_LITTLE(iv + 4);
+#else
+  // CHACHA_STATELEN
+  (void)iv;
+  x->input[12] = U8TO32_LITTLE(counter + 0);
+  x->input[13] = U8TO32_LITTLE(counter + 4);
+  x->input[14] = U8TO32_LITTLE(counter + 8);
+  x->input[15] = U8TO32_LITTLE(counter + 12);
+#endif
 }
 
+#ifdef CHACHA_NONCE0_CTR128
 LOCAL void
+chacha_ctrsave(const chacha_ctx *x, u8 *counter)
+{
+    U32TO8_LITTLE(counter + 0, x->input[12]);
+    U32TO8_LITTLE(counter + 4, x->input[13]);
+    U32TO8_LITTLE(counter + 8, x->input[14]);
+    U32TO8_LITTLE(counter + 12, x->input[15]);
+}
+#endif
+
+LOCAL void
 chacha_encrypt_bytes(chacha_ctx *x,const u8 *m,u8 *c,u32 bytes)
 {
   u32 x0, x1, x2, x3, x4, x5, x6, x7, x8, x9, x10, x11, x12, x13, x14, x15;
@@ -192,7 +212,16 @@ chacha_encrypt_bytes(chacha_ctx *x,const u8 *m,u8 *c,u
     j12 = PLUSONE(j12);
     if (!j12) {
       j13 = PLUSONE(j13);
+#ifndef CHACHA_NONCE0_CTR128
       /* stopping at 2^70 bytes per nonce is user's responsibility */
+#else
+      if (!j13) {
+        j14 = PLUSONE(j14);
+        if (!j14) {
+          j15 = PLUSONE(j15);
+        }
+      }
+#endif
     }
 
     U32TO8_LITTLE(c + 0,x0);
@@ -218,6 +247,10 @@ chacha_encrypt_bytes(chacha_ctx *x,const u8 *m,u8 *c,u
       }
       x->input[12] = j12;
       x->input[13] = j13;
+#ifdef CHACHA_NONCE0_CTR128
+      x->input[14] = j14;
+      x->input[15] = j15;
+#endif
       return;
     }
     bytes -= 64;

Modified: head/sys/crypto/chacha20/chacha.h
==============================================================================
--- head/sys/crypto/chacha20/chacha.h	Fri Mar  1 22:51:45 2019	(r344713)
+++ head/sys/crypto/chacha20/chacha.h	Fri Mar  1 23:30:23 2019	(r344714)
@@ -26,10 +26,19 @@ Public domain.
 #define LOCAL
 #endif
 
+#ifdef CHACHA_NONCE0_CTR128
+#define CHACHA_UNUSED __unused
+#else
+#define CHACHA_UNUSED
+#endif
+
 LOCAL void chacha_keysetup(struct chacha_ctx *x, const u_char *k, u_int kbits);
-LOCAL void chacha_ivsetup(struct chacha_ctx *x, const u_char *iv, const u_char *ctr);
+LOCAL void chacha_ivsetup(struct chacha_ctx *x, const u_char *iv CHACHA_UNUSED,
+    const u_char *ctr);
 LOCAL void chacha_encrypt_bytes(struct chacha_ctx *x, const u_char *m,
     u_char *c, u_int bytes);
+
+#undef CHACHA_UNUSED
 
 #endif	/* CHACHA_H */
 


More information about the svn-src-head mailing list