diff options
| author | Mike Belopuhov <mikeb@cvs.openbsd.org> | 2015-11-03 01:31:37 +0000 |
|---|---|---|
| committer | Mike Belopuhov <mikeb@cvs.openbsd.org> | 2015-11-03 01:31:37 +0000 |
| commit | b78ac0fa68387f0eb95e5080c3a80ec088ace7ed (patch) | |
| tree | 2b7398ad4e0c18b5c7cd821e65e8dcdb7fd570a0 /sys | |
| parent | f62f3b6fa9908359574a7cb286bd7fd50bb465fe (diff) | |
Hook up Chacha20-Poly1305 to the OpenBSD Cryptographic Framework
ok naddy, jsing
Diffstat (limited to 'sys')
| -rw-r--r-- | sys/conf/files | 4 | ||||
| -rw-r--r-- | sys/crypto/cryptodev.h | 11 | ||||
| -rw-r--r-- | sys/crypto/xform.c | 24 | ||||
| -rw-r--r-- | sys/crypto/xform.h | 4 |
4 files changed, 36 insertions, 7 deletions
diff --git a/sys/conf/files b/sys/conf/files index 7e56c2e214a..173c4d0efd2 100644 --- a/sys/conf/files +++ b/sys/conf/files @@ -1,4 +1,4 @@ -# $OpenBSD: files,v 1.605 2015/10/24 10:52:05 reyk Exp $ +# $OpenBSD: files,v 1.606 2015/11/03 01:31:36 mikeb Exp $ # $NetBSD: files,v 1.87 1996/05/19 17:17:50 jonathan Exp $ # @(#)files.newconf 7.5 (Berkeley) 5/10/93 @@ -860,6 +860,8 @@ file crypto/hmac.c wlan | (softraid & crypto) file crypto/gmac.c ipsec | crypto file crypto/key_wrap.c wlan file crypto/idgen.c inet6 | nfsclient | nfsserver +file crypto/chachapoly.c ipsec | crypto +file crypto/poly1305.c ipsec | crypto file crypto/siphash.c file netmpls/mpls_input.c mpls file netmpls/mpls_output.c mpls diff --git a/sys/crypto/cryptodev.h b/sys/crypto/cryptodev.h index f4af569b728..7e7dd4c1352 100644 --- a/sys/crypto/cryptodev.h +++ b/sys/crypto/cryptodev.h @@ -1,4 +1,4 @@ -/* $OpenBSD: cryptodev.h,v 1.60 2014/12/28 10:02:37 tedu Exp $ */ +/* $OpenBSD: cryptodev.h,v 1.61 2015/11/03 01:31:36 mikeb Exp $ */ /* * The author of this code is Angelos D. Keromytis (angelos@cis.upenn.edu) @@ -77,7 +77,8 @@ #define BLOWFISH_BLOCK_LEN 8 #define CAST128_BLOCK_LEN 8 #define RIJNDAEL128_BLOCK_LEN 16 -#define EALG_MAX_BLOCK_LEN 16 /* Keep this updated */ +#define CHACHA20_BLOCK_LEN 64 +#define EALG_MAX_BLOCK_LEN 64 /* Keep this updated */ /* Maximum hash algorithm result length */ #define AALG_MAX_RESULT_LEN 64 /* Keep this updated */ @@ -107,8 +108,10 @@ #define CRYPTO_AES_192_GMAC 25 #define CRYPTO_AES_256_GMAC 26 #define CRYPTO_AES_GMAC 27 -#define CRYPTO_ESN 28 /* Support for Extended Sequence Numbers */ -#define CRYPTO_ALGORITHM_MAX 28 /* Keep updated */ +#define CRYPTO_CHACHA20_POLY1305 28 +#define CRYPTO_CHACHA20_POLY1305_MAC 29 +#define CRYPTO_ESN 30 /* Support for Extended Sequence Numbers */ +#define CRYPTO_ALGORITHM_MAX 30 /* Keep updated */ /* Algorithm flags */ #define CRYPTO_ALG_FLAG_SUPPORTED 0x01 /* Algorithm is supported */ diff --git a/sys/crypto/xform.c b/sys/crypto/xform.c index aaf6f29ea3f..27b30689475 100644 --- a/sys/crypto/xform.c +++ b/sys/crypto/xform.c @@ -1,4 +1,4 @@ -/* $OpenBSD: xform.c,v 1.47 2015/10/27 12:00:25 mikeb Exp $ */ +/* $OpenBSD: xform.c,v 1.48 2015/11/03 01:31:36 mikeb Exp $ */ /* * The authors of this code are John Ioannidis (ji@tla.org), * Angelos D. Keromytis (kermit@csd.uch.gr), @@ -58,6 +58,7 @@ #include <crypto/cryptodev.h> #include <crypto/xform.h> #include <crypto/gmac.h> +#include <crypto/chachapoly.h> extern void des_ecb3_encrypt(caddr_t, caddr_t, caddr_t, caddr_t, caddr_t, int); extern void des_ecb_encrypt(caddr_t, caddr_t, caddr_t, int); @@ -216,6 +217,16 @@ struct enc_xform enc_xform_aes_xts = { aes_xts_reinit }; +struct enc_xform enc_xform_chacha20_poly1305 = { + CRYPTO_CHACHA20_POLY1305, "CHACHA20-POLY1305", + 1, 8, 32+4, 32+4, + sizeof(struct chacha20_ctx), + chacha20_crypt, + chacha20_crypt, + chacha20_setkey, + chacha20_reinit +}; + struct enc_xform enc_xform_arc4 = { CRYPTO_ARC4, "ARC4", 1, 1, 1, 32, 0, @@ -313,6 +324,17 @@ struct auth_hash auth_hash_gmac_aes_256 = { (void (*)(u_int8_t *, void *)) AES_GMAC_Final }; +struct auth_hash auth_hash_chacha20_poly1305 = { + CRYPTO_CHACHA20_POLY1305_MAC, "CHACHA20-POLY1305", + CHACHA20_KEYSIZE+CHACHA20_SALT, POLY1305_BLOCK_LEN, POLY1305_TAGLEN, + sizeof(CHACHA20_POLY1305_CTX), CHACHA20_BLOCK_LEN, + (void (*)(void *))Chacha20_Poly1305_Init, + (void (*)(void *, const u_int8_t *, u_int16_t))Chacha20_Poly1305_Setkey, + (void (*)(void *, const u_int8_t *, u_int16_t))Chacha20_Poly1305_Reinit, + (int (*)(void *, const u_int8_t *, u_int16_t))Chacha20_Poly1305_Update, + (void (*)(u_int8_t *, void *))Chacha20_Poly1305_Final +}; + struct auth_hash auth_hash_md5 = { CRYPTO_MD5, "MD5", 0, 16, 16, sizeof(MD5_CTX), 0, diff --git a/sys/crypto/xform.h b/sys/crypto/xform.h index 0e7678c49af..baa18a07b51 100644 --- a/sys/crypto/xform.h +++ b/sys/crypto/xform.h @@ -1,4 +1,4 @@ -/* $OpenBSD: xform.h,v 1.24 2014/12/28 10:02:37 tedu Exp $ */ +/* $OpenBSD: xform.h,v 1.25 2015/11/03 01:31:36 mikeb Exp $ */ /* * The author of this code is Angelos D. Keromytis (angelos@cis.upenn.edu) @@ -85,6 +85,7 @@ extern struct enc_xform enc_xform_aes_ctr; extern struct enc_xform enc_xform_aes_gcm; extern struct enc_xform enc_xform_aes_gmac; extern struct enc_xform enc_xform_aes_xts; +extern struct enc_xform enc_xform_chacha20_poly1305; extern struct enc_xform enc_xform_arc4; extern struct enc_xform enc_xform_null; @@ -99,6 +100,7 @@ extern struct auth_hash auth_hash_hmac_sha2_512_256; extern struct auth_hash auth_hash_gmac_aes_128; extern struct auth_hash auth_hash_gmac_aes_192; extern struct auth_hash auth_hash_gmac_aes_256; +extern struct auth_hash auth_hash_chacha20_poly1305; extern struct comp_algo comp_algo_deflate; extern struct comp_algo comp_algo_lzs; |