diff options
| author |   John Baldwin <jhb@FreeBSD.org> | 2021-11-11 16:40:04 -0800 |
|---|---|---|
| committer |   Jason A. Donenfeld <Jason@zx2c4.com> | 2022-06-14 00:55:15 +0200 |
| commit | f59e60e369720eb19ce8ff2d48b9cd32f3d1fc1e (patch) | |
| tree | 638d06dea83d33b381a0ed50da7f9c96590af4cf | |
| parent | crypto: use OCF to encrypt/decrypt packets when supported (diff) | |
| download | wireguard-freebsd-f59e60e369720eb19ce8ff2d48b9cd32f3d1fc1e.tar.xz wireguard-freebsd-f59e60e369720eb19ce8ff2d48b9cd32f3d1fc1e.zip | |
crypto: use <crypto/chacha20_poly1305.h> when present
Signed-off-by: John Baldwin <jhb@FreeBSD.org>
| -rw-r--r-- | src/crypto.c | 10 | ||||
| -rw-r--r-- | src/crypto.h | 72 |
2 files changed, 74 insertions, 8 deletions
diff --git a/src/crypto.c b/src/crypto.c index fb8290d..dd80eae 100644 --- a/src/crypto.c +++ b/src/crypto.c @@ -39,6 +39,7 @@ static inline uint32_t get_unaligned_le32(const uint8_t *a) __builtin_memcpy(&l, a, sizeof(l)); return le32_to_cpup(&l); } +#if !defined(OCF_CHACHA20_POLY1305) || !defined(KERNEL_CHACHA20_POLY1305) static inline uint64_t get_unaligned_le64(const uint8_t *a) { uint64_t l; @@ -50,6 +51,7 @@ static inline void put_unaligned_le32(uint32_t s, uint8_t *d) uint32_t l = cpu_to_le32(s); __builtin_memcpy(d, &l, sizeof(l)); } +#endif static inline void cpu_to_le32_array(uint32_t *buf, unsigned int words) { while (words--) { @@ -65,15 +67,18 @@ static inline void le32_to_cpu_array(uint32_t *buf, unsigned int words) } } +#if !defined(OCF_CHACHA20_POLY1305) || !defined(KERNEL_CHACHA20_POLY1305) static inline uint32_t rol32(uint32_t word, unsigned int shift) { return (word << (shift & 31)) | (word >> ((-shift) & 31)); } +#endif static inline uint32_t ror32(uint32_t word, unsigned int shift) { return (word >> (shift & 31)) | (word << ((-shift) & 31)); } +#if !defined(OCF_CHACHA20_POLY1305) || !defined(KERNEL_CHACHA20_POLY1305) static void xor_cpy(uint8_t *dst, const uint8_t *src1, const uint8_t *src2, size_t len) { @@ -511,7 +516,9 @@ static void poly1305_final(struct poly1305_ctx *ctx, static const uint8_t pad0[16] = { 0 }; +#endif +#ifndef KERNEL_CHACHA20_POLY1305 void chacha20poly1305_encrypt(uint8_t *dst, const uint8_t *src, const size_t src_len, const uint8_t *ad, const size_t ad_len, @@ -592,6 +599,7 @@ chacha20poly1305_decrypt(uint8_t *dst, const uint8_t *src, const size_t src_len, return ret; } +#endif #ifdef OCF_CHACHA20_POLY1305 static int @@ -743,6 +751,7 @@ chacha20poly1305_decrypt_mbuf(struct mbuf *m, const uint64_t nonce, } #endif +#ifndef KERNEL_CHACHA20_POLY1305 void xchacha20poly1305_encrypt(uint8_t *dst, const uint8_t *src, const size_t src_len, const uint8_t *ad, @@ -778,6 +787,7 @@ xchacha20poly1305_decrypt(uint8_t *dst, const uint8_t *src, explicit_bzero(derived_key, CHACHA20POLY1305_KEY_SIZE); return ret; } +#endif static const uint32_t blake2s_iv[8] = { diff --git a/src/crypto.h b/src/crypto.h index 01b4dee..2b741fc 100644 --- a/src/crypto.h +++ b/src/crypto.h @@ -14,12 +14,67 @@ #define OCF_CHACHA20_POLY1305 #endif +#if __FreeBSD_version >= 1400048 +#define KERNEL_CHACHA20_POLY1305 +#endif + enum chacha20poly1305_lengths { XCHACHA20POLY1305_NONCE_SIZE = 24, CHACHA20POLY1305_KEY_SIZE = 32, CHACHA20POLY1305_AUTHTAG_SIZE = 16 }; +#ifdef KERNEL_CHACHA20_POLY1305 +#include <sys/endian.h> +#include <crypto/chacha20_poly1305.h> + +static __inline void +chacha20poly1305_encrypt(uint8_t *dst, const uint8_t *src, const size_t src_len, + const uint8_t *ad, const size_t ad_len, + const uint64_t nonce, + const uint8_t key[CHACHA20POLY1305_KEY_SIZE]) +{ + uint8_t nonce_bytes[8]; + + le64enc(nonce_bytes, nonce); + chacha20_poly1305_encrypt(dst, src, src_len, ad, ad_len, nonce_bytes, + sizeof(nonce_bytes), key); +} + +static __inline bool +chacha20poly1305_decrypt(uint8_t *dst, const uint8_t *src, const size_t src_len, + const uint8_t *ad, const size_t ad_len, + const uint64_t nonce, + const uint8_t key[CHACHA20POLY1305_KEY_SIZE]) +{ + uint8_t nonce_bytes[8]; + + le64enc(nonce_bytes, nonce); + return (chacha20_poly1305_decrypt(dst, src, src_len, ad, ad_len, + nonce_bytes, sizeof(nonce_bytes), key)); +} + +static __inline void +xchacha20poly1305_encrypt(uint8_t *dst, const uint8_t *src, + const size_t src_len, const uint8_t *ad, + const size_t ad_len, + const uint8_t nonce[XCHACHA20POLY1305_NONCE_SIZE], + const uint8_t key[CHACHA20POLY1305_KEY_SIZE]) +{ + xchacha20_poly1305_encrypt(dst, src, src_len, ad, ad_len, nonce, key); +} + +static __inline bool +xchacha20poly1305_decrypt(uint8_t *dst, const uint8_t *src, + const size_t src_len, const uint8_t *ad, + const size_t ad_len, + const uint8_t nonce[XCHACHA20POLY1305_NONCE_SIZE], + const uint8_t key[CHACHA20POLY1305_KEY_SIZE]) +{ + return (xchacha20_poly1305_decrypt(dst, src, src_len, ad, ad_len, nonce, + key)); +} +#else void chacha20poly1305_encrypt(uint8_t *dst, const uint8_t *src, const size_t src_len, const uint8_t *ad, const size_t ad_len, @@ -32,14 +87,6 @@ chacha20poly1305_decrypt(uint8_t *dst, const uint8_t *src, const size_t src_len, const uint64_t nonce, const uint8_t key[CHACHA20POLY1305_KEY_SIZE]); -int -chacha20poly1305_encrypt_mbuf(struct mbuf *, const uint64_t nonce, - const uint8_t key[CHACHA20POLY1305_KEY_SIZE]); - -int -chacha20poly1305_decrypt_mbuf(struct mbuf *, const uint64_t nonce, - const uint8_t key[CHACHA20POLY1305_KEY_SIZE]); - void xchacha20poly1305_encrypt(uint8_t *dst, const uint8_t *src, const size_t src_len, const uint8_t *ad, @@ -53,6 +100,15 @@ xchacha20poly1305_decrypt(uint8_t *dst, const uint8_t *src, const size_t ad_len, const uint8_t nonce[XCHACHA20POLY1305_NONCE_SIZE], const uint8_t key[CHACHA20POLY1305_KEY_SIZE]); +#endif + +int +chacha20poly1305_encrypt_mbuf(struct mbuf *, const uint64_t nonce, + const uint8_t key[CHACHA20POLY1305_KEY_SIZE]); + +int +chacha20poly1305_decrypt_mbuf(struct mbuf *, const uint64_t nonce, + const uint8_t key[CHACHA20POLY1305_KEY_SIZE]); enum blake2s_lengths { |