Page MenuHomeFreeBSD
Differential D28755

The ChaCha20 counter is little endian, not big endian.
ClosedPublic
Actions

Authored by jhb on Feb 17 2021, 10:32 PM.
Tags
None
Referenced Files
Unknown Object (File)
Thu, Jan 30, 11:01 AM
Unknown Object (File)
Tue, Jan 28, 9:31 PM
Unknown Object (File)
Wed, Jan 22, 5:08 PM
Unknown Object (File)
Dec 13 2024, 5:00 PM
Unknown Object (File)
Dec 6 2024, 10:02 PM
Unknown Object (File)
Nov 22 2024, 4:36 PM
Unknown Object (File)
Nov 20 2024, 9:01 AM
Unknown Object (File)
Nov 15 2024, 2:26 PM
View All 67 Files
Subscribers
imp

Details

Reviewers
cem
Group Reviewers
manpages
Commits
rGee1e39b012f6: The ChaCha20 counter is little endian, not big endian.
rGa899ce4ba4c4: The ChaCha20 counter is little endian, not big endian.

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
No Lint Coverage
Unit
No Test Coverage
Build Status
Buildable 37134
Build 34023: arc lint + arc unit

Event Timeline

jhb created this revision.Feb 17 2021, 10:32 PM
Herald added a reviewer: manpages. · View Herald TranscriptFeb 17 2021, 10:32 PM
Herald added a subscriber: imp. · View Herald Transcript
jhb requested review of this revision.Feb 17 2021, 10:32 PM
jhb added a parent revision: D28754: ossl: Add Poly1305 digest support..
Harbormaster completed remote builds in B37134: Diff 84156.Feb 17 2021, 10:32 PM
jhb added a child revision: D28756: ossl: Add ChaCha20 cipher support..Feb 17 2021, 10:32 PM
cem added a comment.Feb 18 2021, 2:17 AM

Hm, it is little endian, but I'm not confident about the two sentences prior.

jhb added a comment.Mar 2 2021, 10:50 PM
In D28755#644005, @cem wrote:

Hm, it is little endian, but I'm not confident about the two sentences prior.

The variant in the kernel uses the 8/8 split. There are other variants however. libsodium has a xchacha variant that wireguard also uses (and I think that there are proposals to standardize in IETF for both IPsec and TLS) that uses a 24/4 split of nonce vs counter. If we add that in the future I would probably call it CRYPTO_XCHACHA20_POLY1305 to match the libsodium name.

cem accepted this revision.Mar 3 2021, 5:04 AM

Certainly not a regression :-)

This revision is now accepted and ready to land.Mar 3 2021, 5:04 AM
Closed by commit rGa899ce4ba4c4: The ChaCha20 counter is little endian, not big endian. (authored by jhb). · Explain WhyMar 3 2021, 11:21 PM
This revision was automatically updated to reflect the committed changes.
jhb added a commit: rGa899ce4ba4c4: The ChaCha20 counter is little endian, not big endian..
jhb added a commit: rGee1e39b012f6: The ChaCha20 counter is little endian, not big endian..Oct 21 2021, 5:07 PM

Revision Contents
Changeset List

PathSize
share/
man/
man7/
2 lines

Diff 84156

View Options

share/man/man7/crypto.7

Loading...