Page MenuHomeFreeBSD
Differential D28755

The ChaCha20 counter is little endian, not big endian.
ClosedPublic
Actions

Authored by jhb on Feb 17 2021, 10:32 PM.
Tags
None
Referenced Files
F157126996: D28755.diff
Mon, May 18, 3:22 PM
F157126209: D28755.diff
Mon, May 18, 3:17 PM
Unknown Object (File)
Tue, May 12, 6:34 AM
Unknown Object (File)
Fri, May 8, 8:15 PM
Unknown Object (File)
Fri, May 1, 8:59 PM
Unknown Object (File)
Mon, Apr 27, 1:11 AM
Unknown Object (File)
Apr 10 2026, 1:33 AM
Unknown Object (File)
Apr 3 2026, 11:22 AM
View All Files
Subscribers
imp

Details

Reviewers
cem
Group Reviewers
manpages
Commits
rGee1e39b012f6: The ChaCha20 counter is little endian, not big endian.
rGa899ce4ba4c4: The ChaCha20 counter is little endian, not big endian.

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
No Lint Coverage
Unit
No Test Coverage
Build Status
Buildable 37134
Build 34023: arc lint + arc unit

Event Timeline

jhb created this revision.Feb 17 2021, 10:32 PM
Herald added a reviewer: manpages. · View Herald TranscriptFeb 17 2021, 10:32 PM
Herald added a subscriber: imp. · View Herald Transcript
jhb requested review of this revision.Feb 17 2021, 10:32 PM
jhb added a parent revision: D28754: ossl: Add Poly1305 digest support..
Harbormaster completed remote builds in B37134: Diff 84156.Feb 17 2021, 10:32 PM
jhb added a child revision: D28756: ossl: Add ChaCha20 cipher support..Feb 17 2021, 10:32 PM
cem added a comment.Feb 18 2021, 2:17 AM

Hm, it is little endian, but I'm not confident about the two sentences prior.

jhb added a comment.Mar 2 2021, 10:50 PM
In D28755#644005, @cem wrote:

Hm, it is little endian, but I'm not confident about the two sentences prior.

The variant in the kernel uses the 8/8 split. There are other variants however. libsodium has a xchacha variant that wireguard also uses (and I think that there are proposals to standardize in IETF for both IPsec and TLS) that uses a 24/4 split of nonce vs counter. If we add that in the future I would probably call it CRYPTO_XCHACHA20_POLY1305 to match the libsodium name.

cem accepted this revision.Mar 3 2021, 5:04 AM

Certainly not a regression :-)

This revision is now accepted and ready to land.Mar 3 2021, 5:04 AM
Closed by commit rGa899ce4ba4c4: The ChaCha20 counter is little endian, not big endian. (authored by jhb). · Explain WhyMar 3 2021, 11:21 PM
This revision was automatically updated to reflect the committed changes.
jhb added a commit: rGa899ce4ba4c4: The ChaCha20 counter is little endian, not big endian..
jhb added a commit: rGee1e39b012f6: The ChaCha20 counter is little endian, not big endian..Oct 21 2021, 5:07 PM

Revision Contents
Changeset List

PathSize
share/
man/
man7/
2 lines

Diff 84156

View Options

share/man/man7/crypto.7

Loading...