979e91ed | 20-Feb-2024 |
Aaron LI <aly@aaronly.me> |
crypto: Move blake2s_hmac() to its only user wg_noise.c
The blake2s_hmac() is simply an ad-hoc HMAC implementation using the BLAKE2s hash algorithm. It's not generic; a proper solution is to implem
crypto: Move blake2s_hmac() to its only user wg_noise.c
The blake2s_hmac() is simply an ad-hoc HMAC implementation using the BLAKE2s hash algorithm. It's not generic; a proper solution is to implement the HMAC construction that supports any hash algorithms. Therefore, it's better to move blake2s_hmac() to wg_noise.c as noise_hmac().
See also: https://git.zx2c4.com/wireguard-freebsd/commit/?id=5c5832279855722b939a381b9a291dc5ca2ee52e
show more ...
|
acc7135c | 07-Feb-2024 |
Aaron LI <aly@aaronly.me> |
crypto: Fix the KKASSERT() in blake2s_init_key() |
01a03001 | 06-Feb-2024 |
Aaron LI <aly@aaronly.me> |
crypto: Minor cleanups to blake2s
- Adjust the KKASSERT() to be easier to read. - Add KKASSERT() to blake2s_hmac(), avoiding the possible misuse of passing a too large 'outlen', which could cause
crypto: Minor cleanups to blake2s
- Adjust the KKASSERT() to be easier to read. - Add KKASSERT() to blake2s_hmac(), avoiding the possible misuse of passing a too large 'outlen', which could cause panic or data corruption. - Minor style cleanups.
show more ...
|
aebcea9c | 06-Feb-2024 |
Aaron LI <aly@aaronly.me> |
crypto: Add two comments to _chacha20poly1305_final()
It's actually not hard to understand, but add comments to make it quite clear. |
b272101a | 30-Oct-2023 |
Aaron LI <aly@aaronly.me> |
Various minor whitespace cleanups
Accumulated along the way. |
117b0b40 | 08-Jan-2024 |
Aaron LI <aly@aaronly.me> |
crypto/chachapoly: Allow output be NULL in decrypting empty plaintext
Don't distinguish the input cipher data from AD by checking whether the output buffer is NULL, because it's actually valid to pa
crypto/chachapoly: Allow output be NULL in decrypting empty plaintext
Don't distinguish the input cipher data from AD by checking whether the output buffer is NULL, because it's actually valid to pass it as NULL when to decrypt a message of empty plaintext. And it's really used by WireGuard.
So separate the AD process code into a separate helper function named _chacha20poly1305_update_ad(). Update the assertions to not blindly assert 'out != NULL'. Also add a note about this special case to the header file.
show more ...
|
37273911 | 24-Nov-2023 |
Aaron LI <aly@aaronly.me> |
crypto: Implement chacha20poly1305 in-place process for mbuf chains
Implement the chacha20poly1305_{encrypt,decrypt}_mbuf() functions that performs in-place encryption and decryption for data in an
crypto: Implement chacha20poly1305 in-place process for mbuf chains
Implement the chacha20poly1305_{encrypt,decrypt}_mbuf() functions that performs in-place encryption and decryption for data in an mbuf chain.
The in-kernel WireGuard will use these two functions to encrypt/decrypt packets.
show more ...
|
59e2d684 | 23-Nov-2023 |
Aaron LI <aly@aaronly.me> |
crypto: Refactor the chacha20poly1305 code to be more flexible
Introduce the 'chacha20poly1305_ctx' struct to hold the context, and implement the _init()/_update()/_final() functions as the building
crypto: Refactor the chacha20poly1305 code to be more flexible
Introduce the 'chacha20poly1305_ctx' struct to hold the context, and implement the _init()/_update()/_final() functions as the building blocks to perform encryption/decryption in a more generic way.
The main intention is to help implement the in-place encryption and decryption of data in an mbuf chain. That would reduce the unnecessary memory allocations and data copies in packet manipulations, as needed by the in-kernel WireGuard. This API will be done in a later commit.
Rewrite the original chacha20poly1305_{encrypt,decrypt}() functions using the new blocks.
show more ...
|
6f63b8fa | 22-Nov-2023 |
Aaron LI <aly@aaronly.me> |
crypto: Add ChaCha20-Poly1305 and XChaCha20-Poly1305 AEAD
Derived from OpenBSD with significant modifications by me:
- Removed unused code to hook into the cryptosoft framework. - Adjusted the inte
crypto: Add ChaCha20-Poly1305 and XChaCha20-Poly1305 AEAD
Derived from OpenBSD with significant modifications by me:
- Removed unused code to hook into the cryptosoft framework. - Adjusted the interface to align with the IETF RFC document (e.g., make the nonce a byte string other than a uint64_t), so that the code becomes more generic.
References: - RFC 8439: ChaCha20 and Poly1305 for IETF Protocols - RFC draft: XChaCha: eXtended-nonce ChaCha and AEAD_XChaCha20_Poly1305
show more ...
|
01016e1b | 23-Nov-2023 |
Aaron LI <aly@aaronly.me> |
crypto: Add brief descriptions to every chacha20 public function
One important note is that chacha_encrypt_bytes() supports in-place decryption/encryption. This point ensures that the chacha20poly1
crypto: Add brief descriptions to every chacha20 public function
One important note is that chacha_encrypt_bytes() supports in-place decryption/encryption. This point ensures that the chacha20poly1305 code also supports in-place operations.
show more ...
|
ec5a219c | 21-Nov-2023 |
Aaron LI <aly@aaronly.me> |
crypto: Add hchacha20() for implementing XChaCha20-Poly1305 AEAD
Derived from OpenBSD. I changed memcpy() to multiple U32TO8_LITTLE()s, so the output key is in the standard little-endian format.
R
crypto: Add hchacha20() for implementing XChaCha20-Poly1305 AEAD
Derived from OpenBSD. I changed memcpy() to multiple U32TO8_LITTLE()s, so the output key is in the standard little-endian format.
Reference: - RFC draft: XChaCha: eXtended-nonce ChaCha and AEAD_XChaCha20_Poly1305
show more ...
|
a163f8c4 | 17-Nov-2023 |
Aaron LI <aly@aaronly.me> |
crypto: Adjust curve25519 and hook to build
- Fix header inclusions. - Add necessary '__inline' for '__always_inline' to fix build. - Replace 'letoh32()' with 'le32toh()'. - Adjust style a bit to be
crypto: Adjust curve25519 and hook to build
- Fix header inclusions. - Add necessary '__inline' for '__always_inline' to fix build. - Replace 'letoh32()' with 'le32toh()'. - Adjust style a bit to be more consistent.
show more ...
|
94a56eda | 17-Nov-2023 |
Aaron LI <aly@aaronly.me> |
crypto: Import Curve25519 implementation from OpenBSD
Required by the in-kernel WireGuard VPN. |
be5bbc0b | 22-Nov-2023 |
Aaron LI <aly@aaronly.me> |
crypto: Some minor cleanups to poly1305
- Use 'uint8_t' instead of 'unsigned char', being more consistent with other crypto code (e.g., chacha20) - Add two more macros: POLY1305_KEY_SIZE, POLY1305
crypto: Some minor cleanups to poly1305
- Use 'uint8_t' instead of 'unsigned char', being more consistent with other crypto code (e.g., chacha20) - Add two more macros: POLY1305_KEY_SIZE, POLY1305_MAC_SIZE
show more ...
|
69e8d0ef | 17-Nov-2023 |
Aaron LI <aly@aaronly.me> |
crypto: Adjust poly1305 and hook to build
- Use all uppercase for macro constant (i.e., POLY1305_BLOCK_SIZE). - Add 'inline' to two helper functions: U8TO32(), U32TO8() |
e64de06a | 17-Nov-2023 |
Aaron LI <aly@aaronly.me> |
crypto: Import Poly1305 implementation from OpenBSD
This hash algorithm is required to implement the Chacha20-Poly1305 AEAD cipher as required by the in-kernel WireGuard VPN. |
04473dc8 | 22-Nov-2023 |
Aaron LI <aly@aaronly.me> |
crypto: Remove unnecessary 'const' qualifiers in blake2s |
15b48a60 | 17-Nov-2023 |
Aaron LI <aly@aaronly.me> |
crypto: Adjust blake2 and hook to build
Make necessary changes to make it build. Meanwhile, adjust the style a bit to look more consistent. |
0949a0d6 | 17-Nov-2023 |
Aaron LI <aly@aaronly.me> |
crypto: Import BLAKE2s implementation from OpenBSD
Required by the in-kernel WireGuard VPN. |
025d8334 | 17-Nov-2023 |
Aaron LI <aly@aaronly.me> |
crypto: Adjust siphash a bit and hook to build |
010ff285 | 17-Nov-2023 |
Aaron LI <aly@aaronly.me> |
crypto: Import SipHash implementation from FreeBSD
Required by the in-kernel WireGuard VPN. |
be412c2f | 10-Nov-2023 |
Aaron LI <aly@aaronly.me> |
crypto: Remove unused/useless chacha20/chacha-sw.c
It's used in FreeBSD to hook the software-implementation (without hardware acceleration) of Chacha20 to the crypto(9) framework. Given our crypto(
crypto: Remove unused/useless chacha20/chacha-sw.c
It's used in FreeBSD to hook the software-implementation (without hardware acceleration) of Chacha20 to the crypto(9) framework. Given our crypto(9) is significantly different from FreeBSD's, this source is useless to us. The hook code must be rewritten in our side.
show more ...
|
e008caa2 | 10-Nov-2023 |
Aaron LI <aly@aaronly.me> |
crypto: Include chacha20 into this module |
907c6cc9 | 10-Nov-2023 |
Aaron LI <aly@aaronly.me> |
crypto: Cleanup Makefile by grouping and sorting the sources |
dfdd4c3e | 08-Nov-2023 |
Aaron LI <aly@aaronly.me> |
crypto: Remove obsolete chacha (superseded by chacha20)
|