diff options
| author | Bryan Cantrill <bryan@joyent.com> | 2019-06-29 18:17:08 +0000 |
|---|---|---|
| committer | Joshua M. Clulow <jmc@joyent.com> | 2019-06-29 21:53:45 +0000 |
| commit | d2cb459496a9ba43c051f163b6233046ccb5bcdf (patch) | |
| tree | 5551d1e4587b4b047866d5b0f925f00decfa01ac /usr/src/common/crypto | |
| parent | e9686f2048541f02e63b97976f385b6efa0f4831 (diff) | |
| download | illumos-joyent-d2cb459496a9ba43c051f163b6233046ccb5bcdf.tar.gz | |
OS-7828 add support for kernel crash dump encryption
Reviewed by: Robert Mustacchi <robert.mustacchi@joyent.com>
Approved by: Joshua M. Clulow <jmc@joyent.com>
Diffstat (limited to 'usr/src/common/crypto')
| -rw-r--r-- | usr/src/common/crypto/chacha/chacha.c | 24 | ||||
| -rw-r--r-- | usr/src/common/crypto/chacha/chacha.h | 6 |
2 files changed, 21 insertions, 9 deletions
diff --git a/usr/src/common/crypto/chacha/chacha.c b/usr/src/common/crypto/chacha/chacha.c index 5f9ef3b411..0a0b09919e 100644 --- a/usr/src/common/crypto/chacha/chacha.c +++ b/usr/src/common/crypto/chacha/chacha.c @@ -1,13 +1,25 @@ /* + * This implementation of ChaCha20 comes from the initial Dan Bernstein + * implementation, including a 256-bit key, a 64-bit nonce and a 64-bit + * counter. This is in contrast to ChaCha20 as defined in RFC 7539, which + * defines a 256-bit key, a 96-bit nonce and a 32-bit counter. In particular, + * kernel crash dump encryption relies on the fact that our larger counter + * allows for the encryption of very large messages (many gigabytes in + * length); any change to this implementation that reduces the size of the + * counter should be mindful of this use case. + */ + +/* chacha-merged.c version 20080118 D. J. Bernstein Public domain. */ -/* $OpenBSD: chacha_private.h,v 1.2 2013/10/04 07:02:27 djm Exp $ */ +/* $OpenBSD: chacha.c,v 1.1 2013/11/21 00:45:44 djm Exp $ */ -#include <chacha.h> -#include <stddef.h> +#include "chacha.h" +#include <sys/stddef.h> +#include <sys/null.h> typedef unsigned char u8; typedef unsigned int u32; @@ -76,10 +88,10 @@ chacha_keysetup(chacha_ctx_t *x,const u8 *k,u32 kbits,u32 ivbits) } void -chacha_ivsetup(chacha_ctx_t *x,const u8 *iv) +chacha_ivsetup(chacha_ctx_t *x,const u8 *iv, const u8 *counter) { - x->chacha_input[12] = 0; - x->chacha_input[13] = 0; + x->chacha_input[12] = counter == NULL ? 0 : U8TO32_LITTLE(counter + 0); + x->chacha_input[13] = counter == NULL ? 0 : U8TO32_LITTLE(counter + 4); x->chacha_input[14] = U8TO32_LITTLE(iv + 0); x->chacha_input[15] = U8TO32_LITTLE(iv + 4); } diff --git a/usr/src/common/crypto/chacha/chacha.h b/usr/src/common/crypto/chacha/chacha.h index ac9993a8a4..edadca4934 100644 --- a/usr/src/common/crypto/chacha/chacha.h +++ b/usr/src/common/crypto/chacha/chacha.h @@ -10,7 +10,7 @@ */ /* - * Copyright (c) 2015, Joyent, Inc. + * Copyright 2019 Joyent, Inc. */ #ifndef _CHACHA_H @@ -27,7 +27,7 @@ * over the data and xoring it with the generated cipher. */ -#include <inttypes.h> +#include <sys/inttypes.h> #ifdef __cplusplus extern "C" { @@ -39,7 +39,7 @@ typedef struct chacha_ctx { extern void chacha_keysetup(chacha_ctx_t *, const uint8_t *, uint32_t, uint32_t); -extern void chacha_ivsetup(chacha_ctx_t *, const uint8_t *); +extern void chacha_ivsetup(chacha_ctx_t *, const uint8_t *, const uint8_t *); extern void chacha_encrypt_bytes(chacha_ctx_t *, const uint8_t *, uint8_t *, uint32_t); |