On Mon, Oct 26, 2015 at 06:27:19PM +0100, Mike Belopuhov wrote:
> Kernel version lost the counter argument to chacha_ivsetup that I'll
> need for Chacha20 use in the IPsec stack.
>
> This change is a NO-OP.
>
> OK?
>
Looks OK and matches the version in ssh.
btw., why are we using this header file instead of chacha.[ch] again?
Reyk
> ---
> sys/crypto/chacha_private.h | 8 ++++----
> sys/crypto/xform.c | 1 +
> sys/dev/rnd.c | 8 ++++----
> 3 files changed, 9 insertions(+), 8 deletions(-)
>
> diff --git sys/crypto/chacha_private.h sys/crypto/chacha_private.h
> index 66b57c5..662c074 100644
> --- sys/crypto/chacha_private.h
> +++ sys/crypto/chacha_private.h
> @@ -48,11 +48,11 @@ typedef struct
>
> static const char sigma[16] = "expand 32-byte k";
> static const char tau[16] = "expand 16-byte k";
>
> static void
> -chacha_keysetup(chacha_ctx *x,const u8 *k,u32 kbits,u32 ivbits)
> +chacha_keysetup(chacha_ctx *x,const u8 *k,u32 kbits)
> {
> const char *constants;
>
> x->input[4] = U8TO32_LITTLE(k + 0);
> x->input[5] = U8TO32_LITTLE(k + 4);
> @@ -73,14 +73,14 @@ chacha_keysetup(chacha_ctx *x,const u8 *k,u32 kbits,u32
> ivbits)
> x->input[2] = U8TO32_LITTLE(constants + 8);
> x->input[3] = U8TO32_LITTLE(constants + 12);
> }
>
> static void
> -chacha_ivsetup(chacha_ctx *x,const u8 *iv)
> +chacha_ivsetup(chacha_ctx *x, const u8 *iv, const u8 *counter)
> {
> - x->input[12] = 0;
> - x->input[13] = 0;
> + x->input[12] = counter == NULL ? 0 : U8TO32_LITTLE(counter + 0);
> + x->input[13] = counter == NULL ? 0 : U8TO32_LITTLE(counter + 4);
> x->input[14] = U8TO32_LITTLE(iv + 0);
> x->input[15] = U8TO32_LITTLE(iv + 4);
> }
>
> static void
> diff --git sys/crypto/xform.c sys/crypto/xform.c
> index 1dbe054..84b762b 100644
> --- sys/crypto/xform.c
> +++ sys/crypto/xform.c
> @@ -56,10 +56,11 @@
> #include <crypto/cast.h>
> #include <crypto/rijndael.h>
> #include <crypto/cryptodev.h>
> #include <crypto/xform.h>
> #include <crypto/gmac.h>
> +#include <crypto/chachapoly.h>
>
> extern void des_ecb3_encrypt(caddr_t, caddr_t, caddr_t, caddr_t, caddr_t,
> int);
> extern void des_ecb_encrypt(caddr_t, caddr_t, caddr_t, int);
>
> int des_set_key(void *, caddr_t);
> diff --git sys/dev/rnd.c sys/dev/rnd.c
> index 58f12ed..eda81ed 100644
> --- sys/dev/rnd.c
> +++ sys/dev/rnd.c
> @@ -566,12 +566,12 @@ static inline void _rs_rekey(u_char *dat, size_t
> datlen);
>
> static inline void
> _rs_init(u_char *buf, size_t n)
> {
> KASSERT(n >= KEYSZ + IVSZ);
> - chacha_keysetup(&rs, buf, KEYSZ * 8, 0);
> - chacha_ivsetup(&rs, buf + KEYSZ);
> + chacha_keysetup(&rs, buf, KEYSZ * 8);
> + chacha_ivsetup(&rs, buf + KEYSZ, NULL);
> }
>
> static void
> _rs_seed(u_char *buf, size_t n)
> {
> @@ -831,12 +831,12 @@ randomread(dev_t dev, struct uio *uio, int ioflag)
> return 0;
>
> buf = malloc(POOLBYTES, M_TEMP, M_WAITOK);
> if (total > ARC4_MAIN_MAX_BYTES) {
> arc4random_buf(lbuf, sizeof(lbuf));
> - chacha_keysetup(&lctx, lbuf, KEYSZ * 8, 0);
> - chacha_ivsetup(&lctx, lbuf + KEYSZ);
> + chacha_keysetup(&lctx, lbuf, KEYSZ * 8);
> + chacha_ivsetup(&lctx, lbuf + KEYSZ, NULL);
> explicit_bzero(lbuf, sizeof(lbuf));
> myctx = 1;
> }
>
> while (ret == 0 && uio->uio_resid > 0) {
> --
> 2.6.2
>
--
