#
4d846d26 |
|
10-May-2023 |
Warner Losh <imp@FreeBSD.org> |
spdx: The BSD-2-Clause-FreeBSD identifier is obsolete, drop -FreeBSD The SPDX folks have obsoleted the BSD-2-Clause-FreeBSD identifier. Catch up to that fact and revert to their recommended match of BSD-2-Clause. Discussed with: pfg MFC After: 3 days Sponsored by: Netflix
|
#
d7f0b3ce |
|
11-Jan-2022 |
John Baldwin <jhb@FreeBSD.org> |
crypto: Re-add encrypt/decrypt_multi hooks to enc_xform. These callbacks allow multiple contiguous blocks to be manipulated in a single call. Note that any trailing partial block for a stream cipher must still be passed to encrypt/decrypt_last. While here, document the setkey and reinit hooks and reorder the hooks in 'struct enc_xform' to better reflect the life cycle. Reviewed by: markj Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D33529
|
#
8f35841f |
|
11-Jan-2022 |
John Baldwin <jhb@FreeBSD.org> |
crypto: Add support for the XChaCha20-Poly1305 AEAD cipher. This cipher is a wrapper around the ChaCha20-Poly1305 AEAD cipher which accepts a larger nonce. Part of the nonce is used along with the key as an input to HChaCha20 to generate a derived key used for ChaCha20-Poly1305. This cipher is used by WireGuard. Reviewed by: markj Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D33523
|
#
ab91fb6c |
|
09-Dec-2021 |
John Baldwin <jhb@FreeBSD.org> |
crypto: Refactor software support for AEAD ciphers. Extend struct enc_xform to add new members to handle auth operations for AEAD ciphers. In particular, AEAD operations in cryptosoft no longer use a struct auth_hash. Instead, the setkey and reinit methods of struct enc_xform are responsible for initializing both the cipher and auth state. Reviewed by: markj Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D33196
|
#
5a052b61 |
|
05-Dec-2021 |
Scott Long <scottl@FreeBSD.org> |
Fix "set but not used" in opencrypto Sponsored by: Rubicon Communications, LLC ("Netgate")
|
#
442ad83e |
|
09-Nov-2021 |
John Baldwin <jhb@FreeBSD.org> |
crypto: Don't assert on valid IV length for Chacha20-Poly1305. The assertion checking for valid IV lengths added in 1833d6042c9a was not properly updated to permit an IV length of 8 in commit 42dcd39528c6. Reported by: syzbot+f0c0559b8be1d6eb28c7@syzkaller.appspotmail.com Reviewed by: markj Fixes: 42dcd39528c6 crypto: Support Chacha20-Poly1305 with a nonce size of 8 bytes. MFC after: 3 days Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D32860
|
#
42dcd395 |
|
06-Oct-2021 |
John Baldwin <jhb@FreeBSD.org> |
crypto: Support Chacha20-Poly1305 with a nonce size of 8 bytes. This is useful for WireGuard which uses a nonce of 8 bytes rather than the 12 bytes used for IPsec and TLS. Note that this also fixes a (should be) harmless bug in ossl(4) where the counter was incorrectly treated as a 64-bit counter instead of a 32-bit counter in terms of wrapping when using a 12 byte nonce. However, this required a single message (TLS record) longer than 64 * (2^32 - 1) bytes (about 256 GB) to trigger. Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D32122
|
#
1833d604 |
|
06-Oct-2021 |
John Baldwin <jhb@FreeBSD.org> |
crypto: Permit variable-sized IVs for ciphers with a reinit hook. Add a 'len' argument to the reinit hook in 'struct enc_xform' to permit support for AEAD ciphers such as AES-CCM and Chacha20-Poly1305 which support different nonce lengths. Reviewed by: markj Sponsored by: Chelsio Communications, The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D32105
|
#
d8787d4f |
|
26-Jul-2021 |
Mark Johnston <markj@FreeBSD.org> |
crypto: Constify all transform descriptors No functional change intended. Reviewed by: ae, jhb MFC after: 1 week Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D31196
|
#
dd2e1352 |
|
18-Feb-2021 |
John Baldwin <jhb@FreeBSD.org> |
Add an implementation of CHACHA20_POLY1305 to cryptosoft. This uses the chacha20 IETF and poly1305 implementations from libsodium. A seperate auth_hash is created for the auth side whose Setkey method derives the poly1305 key from the AEAD key and nonce as described in RFC 8439. Sponsored by: Netflix Differential Revision: https://reviews.freebsd.org/D27837
|
#
fc8fc743 |
|
18-Feb-2021 |
John Baldwin <jhb@FreeBSD.org> |
Add an OCF algorithm for ChaCha20-Poly1305 AEAD. Note that this algorithm implements the mode defined in RFC 8439. Reviewed by: cem Sponsored by: Netflix Differential Revision: https://reviews.freebsd.org/D27836
|