On Mon, Oct 26, 2015 at 06:31:08PM +0100, Mike Belopuhov wrote:
> OK?
>
see two comments below.
Otherwise OK.
> ---
> sys/crypto/cryptosoft.c | 24 ++++++++++++++++++++++++
> 1 file changed, 24 insertions(+)
>
> diff --git sys/crypto/cryptosoft.c sys/crypto/cryptosoft.c
> index f735c7c..2a4abce 100644
> --- sys/crypto/cryptosoft.c
> +++ sys/crypto/cryptosoft.c
> @@ -511,18 +511,20 @@ swcr_authenc(struct cryptop *crp)
> return (EINVAL);
>
> switch (sw->sw_alg) {
> case CRYPTO_AES_GCM_16:
> case CRYPTO_AES_GMAC:
> + case CRYPTO_CHACHA20_POLY1305:
> swe = sw;
> crde = crd;
> exf = swe->sw_exf;
> ivlen = exf->ivsize;
> break;
> case CRYPTO_AES_128_GMAC:
> case CRYPTO_AES_192_GMAC:
> case CRYPTO_AES_256_GMAC:
> + case CRYPTO_CHACHA20_POLY1305_MAC:
> swa = sw;
> crda = crd;
> axf = swa->sw_axf;
> if (swa->sw_ictx == 0)
> return (EINVAL);
> @@ -628,10 +630,19 @@ swcr_authenc(struct cryptop *crp)
> *blkp = htobe32(aadlen * 8);
> blkp = (uint32_t *)blk + 3;
> *blkp = htobe32(crde->crd_len * 8);
> axf->Update(&ctx, blk, axf->hashsize);
> break;
> + case CRYPTO_CHACHA20_POLY1305_MAC:
> + /* length block */
> + bzero(blk, axf->hashsize);
better use memset for new code.
> + blkp = (uint32_t *)blk;
> + *blkp = htole32(aadlen);
> + blkp = (uint32_t *)blk + 2;
> + *blkp = htole32(crde->crd_len);
this could also be 64bit as it is little endian. but OK.
> + axf->Update(&ctx, blk, axf->hashsize);
> + break;
> }
>
> /* Finalize MAC */
> axf->Final(aalg, &ctx);
>
> @@ -809,10 +820,13 @@ swcr_newsession(u_int32_t *sid, struct cryptoini *cri)
> goto enccommon;
> case CRYPTO_AES_GMAC:
> txf = &enc_xform_aes_gmac;
> (*swd)->sw_exf = txf;
> break;
> + case CRYPTO_CHACHA20_POLY1305:
> + txf = &enc_xform_chacha20_poly1305;
> + goto enccommon;
> case CRYPTO_NULL:
> txf = &enc_xform_null;
> goto enccommon;
> enccommon:
> if (txf->ctxsize > 0) {
> @@ -912,10 +926,14 @@ swcr_newsession(u_int32_t *sid, struct cryptoini *cri)
> axf = &auth_hash_gmac_aes_192;
> goto auth4common;
>
> case CRYPTO_AES_256_GMAC:
> axf = &auth_hash_gmac_aes_256;
> + goto auth4common;
> +
> + case CRYPTO_CHACHA20_POLY1305_MAC:
> + axf = &auth_hash_chacha20_poly1305;
> auth4common:
> (*swd)->sw_ictx = malloc(axf->ctxsize, M_CRYPTO_DATA,
> M_NOWAIT);
> if ((*swd)->sw_ictx == NULL) {
> swcr_freesession(i);
> @@ -976,10 +994,11 @@ swcr_freesession(u_int64_t tid)
> case CRYPTO_RIJNDAEL128_CBC:
> case CRYPTO_AES_CTR:
> case CRYPTO_AES_XTS:
> case CRYPTO_AES_GCM_16:
> case CRYPTO_AES_GMAC:
> + case CRYPTO_CHACHA20_POLY1305:
> case CRYPTO_NULL:
> txf = swd->sw_exf;
>
> if (swd->sw_kschedule) {
> explicit_bzero(swd->sw_kschedule, txf->ctxsize);
> @@ -1006,10 +1025,11 @@ swcr_freesession(u_int64_t tid)
f> break;
>
> case CRYPTO_AES_128_GMAC:
> case CRYPTO_AES_192_GMAC:
> case CRYPTO_AES_256_GMAC:
> + case CRYPTO_CHACHA20_POLY1305_MAC:
> case CRYPTO_MD5:
> case CRYPTO_SHA1:
> axf = swd->sw_axf;
>
> if (swd->sw_ictx) {
> @@ -1108,10 +1128,12 @@ swcr_process(struct cryptop *crp)
> case CRYPTO_AES_GCM_16:
> case CRYPTO_AES_GMAC:
> case CRYPTO_AES_128_GMAC:
> case CRYPTO_AES_192_GMAC:
> case CRYPTO_AES_256_GMAC:
> + case CRYPTO_CHACHA20_POLY1305:
> + case CRYPTO_CHACHA20_POLY1305_MAC:
> crp->crp_etype = swcr_authenc(crp);
> goto done;
>
> case CRYPTO_DEFLATE_COMP:
> if ((crp->crp_etype = swcr_compdec(crd, sw,
> @@ -1171,10 +1193,12 @@ swcr_init(void)
> algs[CRYPTO_SHA2_384_HMAC] = CRYPTO_ALG_FLAG_SUPPORTED;
> algs[CRYPTO_SHA2_512_HMAC] = CRYPTO_ALG_FLAG_SUPPORTED;
> algs[CRYPTO_AES_128_GMAC] = CRYPTO_ALG_FLAG_SUPPORTED;
> algs[CRYPTO_AES_192_GMAC] = CRYPTO_ALG_FLAG_SUPPORTED;
> algs[CRYPTO_AES_256_GMAC] = CRYPTO_ALG_FLAG_SUPPORTED;
> + algs[CRYPTO_CHACHA20_POLY1305] = CRYPTO_ALG_FLAG_SUPPORTED;
> + algs[CRYPTO_CHACHA20_POLY1305_MAC] = CRYPTO_ALG_FLAG_SUPPORTED;
> algs[CRYPTO_ESN] = CRYPTO_ALG_FLAG_SUPPORTED;
>
> crypto_register(swcr_id, algs, swcr_newsession,
> swcr_freesession, swcr_process);
> }
> --
> 2.6.2
>
--
