Page MenuHomeFreeBSD
Differential D28755

The ChaCha20 counter is little endian, not big endian.
ClosedPublic
Actions

Authored by jhb on Feb 17 2021, 10:32 PM.
Tags
None
Referenced Files
Unknown Object (File)
Thu, Dec 25, 8:01 AM
Unknown Object (File)
Wed, Dec 17, 12:32 PM
Unknown Object (File)
Wed, Dec 17, 6:41 AM
Unknown Object (File)
Thu, Dec 11, 6:45 AM
Unknown Object (File)
Thu, Nov 27, 3:17 AM
Unknown Object (File)
Nov 20 2025, 7:09 AM
Unknown Object (File)
Nov 11 2025, 6:38 PM
Unknown Object (File)
Nov 9 2025, 3:03 AM
View All Files
Subscribers
imp

Details

Reviewers
cem
Group Reviewers
manpages
Commits
rGee1e39b012f6: The ChaCha20 counter is little endian, not big endian.
rGa899ce4ba4c4: The ChaCha20 counter is little endian, not big endian.

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
No Lint Coverage
Unit
No Test Coverage
Build Status
Buildable 37134
Build 34023: arc lint + arc unit

Event Timeline

jhb created this revision.Feb 17 2021, 10:32 PM
Herald added a reviewer: manpages. · View Herald TranscriptFeb 17 2021, 10:32 PM
Herald added a subscriber: imp. · View Herald Transcript
jhb requested review of this revision.Feb 17 2021, 10:32 PM
jhb added a parent revision: D28754: ossl: Add Poly1305 digest support..
Harbormaster completed remote builds in B37134: Diff 84156.Feb 17 2021, 10:32 PM
jhb added a child revision: D28756: ossl: Add ChaCha20 cipher support..Feb 17 2021, 10:32 PM
cem added a comment.Feb 18 2021, 2:17 AM

Hm, it is little endian, but I'm not confident about the two sentences prior.

jhb added a comment.Mar 2 2021, 10:50 PM
In D28755#644005, @cem wrote:

Hm, it is little endian, but I'm not confident about the two sentences prior.

The variant in the kernel uses the 8/8 split. There are other variants however. libsodium has a xchacha variant that wireguard also uses (and I think that there are proposals to standardize in IETF for both IPsec and TLS) that uses a 24/4 split of nonce vs counter. If we add that in the future I would probably call it CRYPTO_XCHACHA20_POLY1305 to match the libsodium name.

cem accepted this revision.Mar 3 2021, 5:04 AM

Certainly not a regression :-)

This revision is now accepted and ready to land.Mar 3 2021, 5:04 AM
Closed by commit rGa899ce4ba4c4: The ChaCha20 counter is little endian, not big endian. (authored by jhb). · Explain WhyMar 3 2021, 11:21 PM
This revision was automatically updated to reflect the committed changes.
jhb added a commit: rGa899ce4ba4c4: The ChaCha20 counter is little endian, not big endian..
jhb added a commit: rGee1e39b012f6: The ChaCha20 counter is little endian, not big endian..Oct 21 2021, 5:07 PM

Revision Contents
Changeset List

PathSize
share/
man/
man7/
2 lines

Diff 84156

View Options

share/man/man7/crypto.7

Loading...