Page MenuHomeFreeBSD
Differential D28755

The ChaCha20 counter is little endian, not big endian.
ClosedPublic
Actions

Authored by jhb on Feb 17 2021, 10:32 PM.
Tags
None
Referenced Files
F102589449: D28755.id85090.diff
Thu, Nov 14, 11:43 AM
Unknown Object (File)
Thu, Nov 7, 7:08 AM
Unknown Object (File)
Wed, Oct 30, 12:30 AM
Unknown Object (File)
Tue, Oct 22, 7:42 PM
Unknown Object (File)
Sep 24 2024, 6:22 PM
Unknown Object (File)
Sep 15 2024, 1:08 PM
Unknown Object (File)
Sep 8 2024, 9:13 AM
Unknown Object (File)
Sep 8 2024, 8:06 AM
View All 57 Files
Subscribers
imp

Details

Reviewers
cem
Group Reviewers
manpages
Commits
rGee1e39b012f6: The ChaCha20 counter is little endian, not big endian.
rGa899ce4ba4c4: The ChaCha20 counter is little endian, not big endian.

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

jhb created this revision.Feb 17 2021, 10:32 PM
Herald added a reviewer: manpages. · View Herald TranscriptFeb 17 2021, 10:32 PM
Herald added a subscriber: imp. · View Herald Transcript
jhb requested review of this revision.Feb 17 2021, 10:32 PM
jhb added a parent revision: D28754: ossl: Add Poly1305 digest support..
Harbormaster completed remote builds in B37134: Diff 84156.Feb 17 2021, 10:32 PM
jhb added a child revision: D28756: ossl: Add ChaCha20 cipher support..Feb 17 2021, 10:32 PM
cem added a comment.Feb 18 2021, 2:17 AM

Hm, it is little endian, but I'm not confident about the two sentences prior.

jhb added a comment.Mar 2 2021, 10:50 PM
In D28755#644005, @cem wrote:

Hm, it is little endian, but I'm not confident about the two sentences prior.

The variant in the kernel uses the 8/8 split. There are other variants however. libsodium has a xchacha variant that wireguard also uses (and I think that there are proposals to standardize in IETF for both IPsec and TLS) that uses a 24/4 split of nonce vs counter. If we add that in the future I would probably call it CRYPTO_XCHACHA20_POLY1305 to match the libsodium name.

cem accepted this revision.Mar 3 2021, 5:04 AM

Certainly not a regression :-)

This revision is now accepted and ready to land.Mar 3 2021, 5:04 AM
Closed by commit rGa899ce4ba4c4: The ChaCha20 counter is little endian, not big endian. (authored by jhb). · Explain WhyMar 3 2021, 11:21 PM
This revision was automatically updated to reflect the committed changes.
jhb added a commit: rGa899ce4ba4c4: The ChaCha20 counter is little endian, not big endian..
jhb added a commit: rGee1e39b012f6: The ChaCha20 counter is little endian, not big endian..Oct 21 2021, 5:07 PM

Revision Contents
Changeset List

PathSize
share/
man/
man7/
4 lines

Diff 85090

View Options

share/man/man7/crypto.7

Loading...