summaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
authorMatt Dunwoodie <ncon@mail.noconroy.net>2019-09-01 18:14:51 +1000
committerMatt Dunwoodie <ncon@mail.noconroy.net>2019-09-01 18:14:51 +1000
commitdfa9b319ef2537db8aea1473e00e554f9855b6ed (patch)
tree977bc47ae76fe142c043f6af0f4a11141f57e186 /src
parentRework key set/get in if_wg.c (diff)
downloadwireguard-openbsd-dfa9b319ef2537db8aea1473e00e554f9855b6ed.tar.xz
wireguard-openbsd-dfa9b319ef2537db8aea1473e00e554f9855b6ed.zip
Cleanup crypto patches
Diffstat (limited to 'src')
-rw-r--r--src/patches/chacha_private.h.patch44
-rw-r--r--src/patches/chachapoly.c.patch94
-rw-r--r--src/patches/chachapoly.h.patch37
3 files changed, 103 insertions, 72 deletions
diff --git a/src/patches/chacha_private.h.patch b/src/patches/chacha_private.h.patch
index 496401b0fdc..c59f48c5b8b 100644
--- a/src/patches/chacha_private.h.patch
+++ b/src/patches/chacha_private.h.patch
@@ -1,30 +1,30 @@
---- /usr/src/sys/crypto/chacha_private.h Sun Mar 24 20:16:11 2019
-+++ chacha_private.h Sun Mar 24 19:58:07 2019
+--- chacha_private.h.orig Mon Aug 26 23:28:23 2019
++++ chacha_private.h Sun Sep 1 18:14:14 2019
@@ -49,6 +49,44 @@
static const char sigma[16] = "expand 32-byte k";
static const char tau[16] = "expand 16-byte k";
-+inline static void
-+hchacha20(u_int32_t derived_key[8], const u_int8_t nonce[16], const u_int8_t key[32])
++static inline void
++hchacha20(u32 derived_key[8], const u8 nonce[16], const u8 key[32])
+{
+ int i;
+ u_int32_t x[] = {
-+ htole32(*((u_int32_t *) (sigma + 0))),
-+ htole32(*((u_int32_t *) (sigma + 4))),
-+ htole32(*((u_int32_t *) (sigma + 8))),
-+ htole32(*((u_int32_t *) (sigma + 12))),
-+ htole32(*((u_int32_t *) (key + 0))),
-+ htole32(*((u_int32_t *) (key + 4))),
-+ htole32(*((u_int32_t *) (key + 8))),
-+ htole32(*((u_int32_t *) (key + 12))),
-+ htole32(*((u_int32_t *) (key + 16))),
-+ htole32(*((u_int32_t *) (key + 20))),
-+ htole32(*((u_int32_t *) (key + 24))),
-+ htole32(*((u_int32_t *) (key + 28))),
-+ htole32(*((u_int32_t *) (nonce + 0))),
-+ htole32(*((u_int32_t *) (nonce + 4))),
-+ htole32(*((u_int32_t *) (nonce + 8))),
-+ htole32(*((u_int32_t *) (nonce + 12)))
++ U8TO32_LITTLE(sigma + 0),
++ U8TO32_LITTLE(sigma + 4),
++ U8TO32_LITTLE(sigma + 8),
++ U8TO32_LITTLE(sigma + 12),
++ U8TO32_LITTLE(key + 0),
++ U8TO32_LITTLE(key + 4),
++ U8TO32_LITTLE(key + 8),
++ U8TO32_LITTLE(key + 12),
++ U8TO32_LITTLE(key + 16),
++ U8TO32_LITTLE(key + 20),
++ U8TO32_LITTLE(key + 24),
++ U8TO32_LITTLE(key + 28),
++ U8TO32_LITTLE(nonce + 0),
++ U8TO32_LITTLE(nonce + 4),
++ U8TO32_LITTLE(nonce + 8),
++ U8TO32_LITTLE(nonce + 12)
+ };
+
+ for (i = 20;i > 0;i -= 2) {
@@ -38,8 +38,8 @@
+ QUARTERROUND( x[3], x[4], x[9],x[14])
+ }
+
-+ memcpy(derived_key + 0, x + 0, sizeof(u_int32_t) * 4);
-+ memcpy(derived_key + 4, x + 12, sizeof(u_int32_t) * 4);
++ memcpy(derived_key + 0, x + 0, sizeof(u32) * 4);
++ memcpy(derived_key + 4, x + 12, sizeof(u32) * 4);
+}
+
static void
diff --git a/src/patches/chachapoly.c.patch b/src/patches/chachapoly.c.patch
index b522e3a9d05..7011478e371 100644
--- a/src/patches/chachapoly.c.patch
+++ b/src/patches/chachapoly.c.patch
@@ -1,5 +1,5 @@
---- chachapoly.c.orig Tue May 21 19:45:20 2019
-+++ chachapoly.c Sun Jun 30 15:51:47 2019
+--- chachapoly.c.orig Mon Aug 26 23:28:23 2019
++++ chachapoly.c Sun Sep 1 18:08:40 2019
@@ -16,6 +16,7 @@
#include <sys/param.h>
@@ -8,7 +8,7 @@
#include <crypto/chacha_private.h>
#include <crypto/poly1305.h>
-@@ -109,4 +110,114 @@
+@@ -109,4 +110,146 @@
poly1305_finish((poly1305_state *)&ctx->poly, tag);
explicit_bzero(ctx, sizeof(*ctx));
@@ -17,24 +17,31 @@
+static const u_int8_t pad0[16] = { 0 };
+
+void
-+chacha20poly1305_encrypt(u_int8_t *dst, const u_int8_t *src, const size_t src_len, const u_int8_t *ad, const size_t ad_len, const u_int64_t nonce, const u_int8_t key[CHACHA20_KEYSIZE])
-+{
++chacha20poly1305_encrypt(
++ u_int8_t *dst,
++ const u_int8_t *src,
++ const size_t src_len,
++ const u_int8_t *ad,
++ const size_t ad_len,
++ const u_int64_t nonce,
++ const u_int8_t key[CHACHA20_KEYSIZE]
++) {
+ poly1305_state poly1305_ctx;
-+ struct chacha20_ctx chacha20_ctx;
++ chacha_ctx chacha_ctx;
+ union {
-+ u_int8_t block0[POLY1305_KEY_SIZE];
++ u_int8_t b0[POLY1305_KEY_SIZE];
+ u_int64_t lens[2];
+ } b = { { 0 } };
+
-+ chacha_keysetup((chacha_ctx *)chacha20_ctx.block, key, CHACHA20_KEYSIZE * 8);
-+ chacha_ivsetup((chacha_ctx *)chacha20_ctx.block, (u_int8_t *) &nonce, NULL);
-+ chacha_encrypt_bytes((chacha_ctx *)chacha20_ctx.block, b.block0, b.block0, sizeof(b.block0));
-+ poly1305_init(&poly1305_ctx, b.block0);
++ chacha_keysetup(&chacha_ctx, key, CHACHA20_KEYSIZE * 8);
++ chacha_ivsetup(&chacha_ctx, (u_int8_t *) &nonce, NULL);
++ chacha_encrypt_bytes(&chacha_ctx, b.b0, b.b0, sizeof(b.b0));
++ poly1305_init(&poly1305_ctx, b.b0);
+
+ poly1305_update(&poly1305_ctx, ad, ad_len);
+ poly1305_update(&poly1305_ctx, pad0, (0x10 - ad_len) & 0xf);
+
-+ chacha_encrypt_bytes((chacha_ctx *)chacha20_ctx.block, (u_int8_t *) src, dst, src_len);
++ chacha_encrypt_bytes(&chacha_ctx, (u_int8_t *) src, dst, src_len);
+
+ poly1305_update(&poly1305_ctx, dst, src_len);
+ poly1305_update(&poly1305_ctx, pad0, (0x10 - src_len) & 0xf);
@@ -45,19 +52,26 @@
+
+ poly1305_finish(&poly1305_ctx, dst + src_len);
+
-+ explicit_bzero(&chacha20_ctx, sizeof(chacha20_ctx));
++ explicit_bzero(&chacha_ctx, sizeof(chacha_ctx));
+ explicit_bzero(&b, sizeof(b));
+}
+
+int
-+chacha20poly1305_decrypt(u_int8_t *dst, const u_int8_t *src, const size_t src_len, const u_int8_t *ad, const size_t ad_len, const u_int64_t nonce, const u_int8_t key[CHACHA20POLY1305_KEY_SIZE])
-+{
++chacha20poly1305_decrypt(
++ u_int8_t *dst,
++ const u_int8_t *src,
++ const size_t src_len,
++ const u_int8_t *ad,
++ const size_t ad_len,
++ const u_int64_t nonce,
++ const u_int8_t key[CHACHA20POLY1305_KEY_SIZE]
++) {
+ poly1305_state poly1305_ctx;
-+ struct chacha20_ctx chacha20_ctx;
++ chacha_ctx chacha_ctx;
+ int ret;
+ size_t dst_len;
+ union {
-+ u_int8_t block0[POLY1305_KEY_SIZE];
++ u_int8_t b0[POLY1305_KEY_SIZE];
+ u_int8_t mac[POLY1305_MAC_SIZE];
+ u_int64_t lens[2];
+ } b = { { 0 } };
@@ -65,10 +79,10 @@
+ if (src_len < POLY1305_MAC_SIZE)
+ return 0;
+
-+ chacha_keysetup((chacha_ctx *)chacha20_ctx.block, key, CHACHA20_KEYSIZE * 8);
-+ chacha_ivsetup((chacha_ctx *)chacha20_ctx.block, (u_int8_t *) &nonce, NULL);
-+ chacha_encrypt_bytes((chacha_ctx *)chacha20_ctx.block, b.block0, b.block0, sizeof(b.block0));
-+ poly1305_init(&poly1305_ctx, b.block0);
++ chacha_keysetup(&chacha_ctx, key, CHACHA20_KEYSIZE * 8);
++ chacha_ivsetup(&chacha_ctx, (u_int8_t *) &nonce, NULL);
++ chacha_encrypt_bytes(&chacha_ctx, b.b0, b.b0, sizeof(b.b0));
++ poly1305_init(&poly1305_ctx, b.b0);
+
+ poly1305_update(&poly1305_ctx, ad, ad_len);
+ poly1305_update(&poly1305_ctx, pad0, (0x10 - ad_len) & 0xf);
@@ -85,40 +99,58 @@
+
+ ret = timingsafe_bcmp(b.mac, src + dst_len, POLY1305_MAC_SIZE);
+ if (!ret)
-+ chacha_encrypt_bytes((chacha_ctx *)chacha20_ctx.block, (u_int8_t *) src, dst, dst_len);
++ chacha_encrypt_bytes(&chacha_ctx, (u_int8_t *) src, dst, dst_len);
+
-+ explicit_bzero(&chacha20_ctx, sizeof(chacha20_ctx));
++ explicit_bzero(&chacha_ctx, sizeof(chacha_ctx));
+ explicit_bzero(&b, sizeof(b));
+
+ return !ret;
+}
+
+void
-+xchacha20poly1305_encrypt(u_int8_t *dst, const u_int8_t *src, const size_t src_len, const u_int8_t *ad, const size_t ad_len, const u_int8_t nonce[XCHACHA20POLY1305_NONCE_SIZE], const u_int8_t key[CHACHA20POLY1305_KEY_SIZE])
-+{
++xchacha20poly1305_encrypt(
++ u_int8_t *dst,
++ const u_int8_t *src,
++ const size_t src_len,
++ const u_int8_t *ad,
++ const size_t ad_len,
++ const u_int8_t nonce[XCHACHA20POLY1305_NONCE_SIZE],
++ const u_int8_t key[CHACHA20POLY1305_KEY_SIZE]
++) {
+ int i;
-+ u_int32_t derived_key[CHACHA20POLY1305_KEY_SIZE / sizeof(u_int32_t)] __aligned(16);
++ u_int32_t derived_key[CHACHA20POLY1305_KEY_SIZE / sizeof(u_int32_t)]
++ __aligned(16);
+
+ hchacha20(derived_key, nonce, key);
+
+ for(i = 0; i < (sizeof(derived_key)/sizeof(derived_key[0])); i++)
+ (derived_key[i]) = htole32((derived_key[i]));
+
-+ chacha20poly1305_encrypt(dst, src, src_len, ad, ad_len, htole64(*(u_int64_t *)(nonce + 16)), (u_int8_t *)derived_key);
++ chacha20poly1305_encrypt(dst, src, src_len, ad, ad_len,
++ htole64(*(u_int64_t *)(nonce + 16)), (u_int8_t *)derived_key);
+ explicit_bzero(derived_key, CHACHA20POLY1305_KEY_SIZE);
+}
+
+int
-+xchacha20poly1305_decrypt(u_int8_t *dst, const u_int8_t *src, const size_t src_len, const u_int8_t *ad, const size_t ad_len, const u_int8_t nonce[XCHACHA20POLY1305_NONCE_SIZE], const u_int8_t key[CHACHA20POLY1305_KEY_SIZE])
-+{
++xchacha20poly1305_decrypt(
++ u_int8_t *dst,
++ const u_int8_t *src,
++ const size_t src_len,
++ const u_int8_t *ad,
++ const size_t ad_len,
++ const u_int8_t nonce[XCHACHA20POLY1305_NONCE_SIZE],
++ const u_int8_t key[CHACHA20POLY1305_KEY_SIZE]
++) {
+ int ret, i;
-+ u_int32_t derived_key[CHACHA20POLY1305_KEY_SIZE / sizeof(u_int32_t)] __aligned(16);
++ u_int32_t derived_key[CHACHA20POLY1305_KEY_SIZE / sizeof(u_int32_t)]
++ __aligned(16);
+
+ hchacha20(derived_key, nonce, key);
+ for(i = 0; i < (sizeof(derived_key)/sizeof(derived_key[0])); i++)
+ (derived_key[i]) = htole32((derived_key[i]));
+
-+ ret = chacha20poly1305_decrypt(dst, src, src_len, ad, ad_len, htole64(*(u_int64_t *)(nonce + 16)), (u_int8_t *)derived_key);
++ ret = chacha20poly1305_decrypt(dst, src, src_len, ad, ad_len,
++ htole64(*(u_int64_t *)(nonce + 16)), (u_int8_t *)derived_key);
+ explicit_bzero(derived_key, CHACHA20POLY1305_KEY_SIZE);
+
+ return ret;
diff --git a/src/patches/chachapoly.h.patch b/src/patches/chachapoly.h.patch
index 9c8eed1a5da..12039292dd7 100644
--- a/src/patches/chachapoly.h.patch
+++ b/src/patches/chachapoly.h.patch
@@ -1,10 +1,10 @@
---- /usr/src/sys/crypto/chachapoly.h Sun Mar 24 20:16:11 2019
-+++ chachapoly.h Sun Mar 24 19:58:07 2019
-@@ -59,4 +59,42 @@
+--- chachapoly.h.orig Mon Aug 26 23:28:23 2019
++++ chachapoly.h Sun Sep 1 18:04:21 2019
+@@ -59,4 +59,41 @@
int Chacha20_Poly1305_Update(void *, const uint8_t *, uint16_t);
void Chacha20_Poly1305_Final(uint8_t[POLY1305_TAGLEN], void *);
-+/* WireGuard Crypto */
++/* WireGuard crypto */
+enum chacha20_lengths {
+ POLY1305_BLOCK_SIZE = 16,
+ POLY1305_KEY_SIZE = 32,
@@ -23,23 +23,22 @@
+ CHACHA20POLY1305_AUTHTAG_SIZE = 16
+};
+
-+void chacha20poly1305_encrypt(u_int8_t *dst, const u_int8_t *src, const size_t src_len,
-+ const u_int8_t *ad, const size_t ad_len,
-+ const u_int64_t nonce,
-+ const u_int8_t key[CHACHA20POLY1305_KEY_SIZE]);
++void chacha20poly1305_encrypt(u_int8_t *, const u_int8_t *, const size_t,
++ const u_int8_t *, const size_t, const u_int64_t,
++ const u_int8_t[CHACHA20POLY1305_KEY_SIZE]);
+
-+int chacha20poly1305_decrypt(u_int8_t *dst, const u_int8_t *src, const size_t src_len,
-+ const u_int8_t *ad, const size_t ad_len, const u_int64_t nonce,
-+ const u_int8_t key[CHACHA20POLY1305_KEY_SIZE]);
++int chacha20poly1305_decrypt(u_int8_t *, const u_int8_t *, const size_t,
++ const u_int8_t *, const size_t, const u_int64_t,
++ const u_int8_t[CHACHA20POLY1305_KEY_SIZE]);
+
-+void xchacha20poly1305_encrypt(u_int8_t *dst, const u_int8_t *src, const size_t src_len,
-+ const u_int8_t *ad, const size_t ad_len,
-+ const u_int8_t nonce[XCHACHA20POLY1305_NONCE_SIZE],
-+ const u_int8_t key[CHACHA20POLY1305_KEY_SIZE]);
++void xchacha20poly1305_encrypt(u_int8_t *, const u_int8_t *, const size_t,
++ const u_int8_t *, const size_t,
++ const u_int8_t[XCHACHA20POLY1305_NONCE_SIZE],
++ const u_int8_t[CHACHA20POLY1305_KEY_SIZE]);
+
-+int xchacha20poly1305_decrypt(u_int8_t *dst, const u_int8_t *src, const size_t src_len,
-+ const u_int8_t *ad, const size_t ad_len,
-+ const u_int8_t nonce[XCHACHA20POLY1305_NONCE_SIZE],
-+ const u_int8_t key[CHACHA20POLY1305_KEY_SIZE]);
++int xchacha20poly1305_decrypt(u_int8_t *, const u_int8_t *, const size_t,
++ const u_int8_t *, const size_t,
++ const u_int8_t[XCHACHA20POLY1305_NONCE_SIZE],
++ const u_int8_t[CHACHA20POLY1305_KEY_SIZE]);
+
#endif /* _CHACHAPOLY_H_ */