Page MenuHomeFreeBSD
Differential D17322

EKCD: Add Chacha20 encryption mode
AbandonedPublic
Actions

Authored by cem on Sep 25 2018, 8:01 PM.
Tags
None
Referenced Files
Unknown Object (File)
Wed, Jan 22, 11:20 PM
Unknown Object (File)
Sat, Jan 18, 5:41 PM
Unknown Object (File)
Fri, Jan 10, 5:13 PM
Unknown Object (File)
Mon, Jan 6, 9:30 PM
Unknown Object (File)
Dec 6 2024, 2:27 PM
Unknown Object (File)
Nov 23 2024, 5:24 AM
Unknown Object (File)
Nov 13 2024, 9:53 PM
Unknown Object (File)
Oct 4 2024, 1:26 AM
View All 69 Files
Subscribers
None

Details

Reviewers
markj
def
jhb
Summary

Chacha20 does not require messages to be multiples of block size, so it is
valid to use the cipher without the explicit padding AES-CBC would require.

Diff Detail

Lint
Lint Passed
Unit
No Test Coverage
Build Status
Buildable 24111
Build 22970: arc lint + arc unit

Event Timeline

cem created this revision.Sep 25 2018, 8:01 PM
Harbormaster completed remote builds in B19813: Diff 48459.Sep 25 2018, 8:01 PM
cem marked an inline comment as done.Sep 25 2018, 9:03 PM
cem added inline comments.
sbin/decryptcore/decryptcore.c
212

This needs a little more sophistication.

Openssl uses all of the first 128 provided IV bits to initialize, whereas our kernel implemented uses the first 64 bits as IV and initializes the counter to zero. This can be addressed in decryptcore's usage of openssl, just needs a little change.

(One other note is that decryptcore will need to be retrofitted slightly to compile with openssl 1.1.x anyway: EVP_CIPHER_CTX_init/cleanup goes away and only opaque access to EVP_CIPHER_CTX is provided. Instead we should use _new() and _free().)

cem marked an inline comment as done and an inline comment as not done.Sep 26 2018, 1:11 AM
cem added inline comments.
sbin/decryptcore/decryptcore.c
212

(re: 1.1.x, addressed in r338782.)

cem updated this revision to Diff 48470.Sep 26 2018, 1:18 AM

Fix IV and at least initial counter used by OpenSSL decrypt. The 32-bit
counter variant should produce the same result as the 64-bit counter variant,
up to 64B * 2^32 = 256 GB of input.

Harbormaster completed remote builds in B19819: Diff 48470.Sep 26 2018, 1:18 AM
cem updated this revision to Diff 57057.May 5 2019, 3:41 AM

Refresh Chacha EKCD mode for commit

OpenSSL in tree is now new enough to handle it and seems to tolerate a 64-bit counter.

Remove hacks that disabled AES-256-CBC and allow dumpon to choose a cipher with
-C.

Harbormaster completed remote builds in B24111: Diff 57057.May 5 2019, 3:41 AM
cem retitled this revision from EKCD: Add proof-of-concept Chacha20 encryption mode to EKCD: Add Chacha20 encryption mode.May 5 2019, 3:42 AM
cem edited the summary of this revision. (Show Details)
cem edited the test plan for this revision. (Show Details)
cem added a reviewer: jhb.
cem added a parent revision: D19996: List-ify kernel dump device configuration.
cem abandoned this revision.May 23 2019, 8:12 PM

r348197

Revision Contents
Changeset List

PathSize
sbin/
decryptcore/
24 lines
dumpon/
16 lines
36 lines
sys/
kern/
31 lines
sys/
1 line

Diff 57057

View Options

sbin/decryptcore/decryptcore.c

Loading...
View Options

sbin/dumpon/dumpon.8

Loading...
View Options

sbin/dumpon/dumpon.c

Loading...
View Options

sys/kern/kern_shutdown.c

Loading...
View Options

sys/sys/kerneldump.h

Loading...