op public repos

Blame

Date:: Wed Aug 23 17:38:49 2023 UTC
Message:: bundle libtls gmid (like all other daemons that want to do privsep crypto) has a very close relationship with libtls and need to stay in sync with it. OpenBSD' libtls was recently changed to use OpenSSL' EC_KEY_METHOD instead of the older ECDSA_METHOD, on the gmid side we have to do the same otherwise failures happens at runtime. In a similar manner, privsep crypto is silently broken in the current libretls (next version should fix it.) The proper solution would be to complete the signer APIs so that applications don't need to dive into the library' internals, but that's a mid-term goal, for the immediate bundling the 'little' libtls is the lesser evil. The configure script has gained a new (undocumented for the time being) flag `--with-libtls=bundled|system' to control which libtls to use. It defaults to `bundled' except for OpenBSD where it uses the `system' one. Note that OpenBSD versions before 7.3 (inclusive) ought to use --with-libtls=bundled too since they still do ECDSA_METHOD.
Actions:: History | Blob | Raw File
  1 f9ab77a8 2023-08-23 op /* OPENBSD ORIGINAL: lib/libc/crypt/chacha_private.h */
  2 f9ab77a8 2023-08-23 op 
  3 f9ab77a8 2023-08-23 op /*
  4 f9ab77a8 2023-08-23 op chacha-merged.c version 20080118
  5 f9ab77a8 2023-08-23 op D. J. Bernstein
  6 f9ab77a8 2023-08-23 op Public domain.
  7 f9ab77a8 2023-08-23 op */
  8 f9ab77a8 2023-08-23 op 
  9 f9ab77a8 2023-08-23 op /* $OpenBSD: chacha_private.h,v 1.3 2022/02/28 21:56:29 dtucker Exp $ */
 10 f9ab77a8 2023-08-23 op 
 11 f9ab77a8 2023-08-23 op typedef unsigned char u8;
 12 f9ab77a8 2023-08-23 op typedef unsigned int u32;
 13 f9ab77a8 2023-08-23 op 
 14 f9ab77a8 2023-08-23 op typedef struct
 15 f9ab77a8 2023-08-23 op {
 16 f9ab77a8 2023-08-23 op   u32 input[16]; /* could be compressed */
 17 f9ab77a8 2023-08-23 op } chacha_ctx;
 18 f9ab77a8 2023-08-23 op 
 19 f9ab77a8 2023-08-23 op #define U8C(v) (v##U)
 20 f9ab77a8 2023-08-23 op #define U32C(v) (v##U)
 21 f9ab77a8 2023-08-23 op 
 22 f9ab77a8 2023-08-23 op #define U8V(v) ((u8)(v) & U8C(0xFF))
 23 f9ab77a8 2023-08-23 op #define U32V(v) ((u32)(v) & U32C(0xFFFFFFFF))
 24 f9ab77a8 2023-08-23 op 
 25 f9ab77a8 2023-08-23 op #define ROTL32(v, n) \
 26 f9ab77a8 2023-08-23 op   (U32V((v) << (n)) | ((v) >> (32 - (n))))
 27 f9ab77a8 2023-08-23 op 
 28 f9ab77a8 2023-08-23 op #define U8TO32_LITTLE(p) \
 29 f9ab77a8 2023-08-23 op   (((u32)((p)[0])      ) | \
 30 f9ab77a8 2023-08-23 op    ((u32)((p)[1]) <<  8) | \
 31 f9ab77a8 2023-08-23 op    ((u32)((p)[2]) << 16) | \
 32 f9ab77a8 2023-08-23 op    ((u32)((p)[3]) << 24))
 33 f9ab77a8 2023-08-23 op 
 34 f9ab77a8 2023-08-23 op #define U32TO8_LITTLE(p, v) \
 35 f9ab77a8 2023-08-23 op   do { \
 36 f9ab77a8 2023-08-23 op     (p)[0] = U8V((v)      ); \
 37 f9ab77a8 2023-08-23 op     (p)[1] = U8V((v) >>  8); \
 38 f9ab77a8 2023-08-23 op     (p)[2] = U8V((v) >> 16); \
 39 f9ab77a8 2023-08-23 op     (p)[3] = U8V((v) >> 24); \
 40 f9ab77a8 2023-08-23 op   } while (0)
 41 f9ab77a8 2023-08-23 op 
 42 f9ab77a8 2023-08-23 op #define ROTATE(v,c) (ROTL32(v,c))
 43 f9ab77a8 2023-08-23 op #define XOR(v,w) ((v) ^ (w))
 44 f9ab77a8 2023-08-23 op #define PLUS(v,w) (U32V((v) + (w)))
 45 f9ab77a8 2023-08-23 op #define PLUSONE(v) (PLUS((v),1))
 46 f9ab77a8 2023-08-23 op 
 47 f9ab77a8 2023-08-23 op #define QUARTERROUND(a,b,c,d) \
 48 f9ab77a8 2023-08-23 op   a = PLUS(a,b); d = ROTATE(XOR(d,a),16); \
 49 f9ab77a8 2023-08-23 op   c = PLUS(c,d); b = ROTATE(XOR(b,c),12); \
 50 f9ab77a8 2023-08-23 op   a = PLUS(a,b); d = ROTATE(XOR(d,a), 8); \
 51 f9ab77a8 2023-08-23 op   c = PLUS(c,d); b = ROTATE(XOR(b,c), 7);
 52 f9ab77a8 2023-08-23 op 
 53 f9ab77a8 2023-08-23 op static const char sigma[16] = "expand 32-byte k";
 54 f9ab77a8 2023-08-23 op static const char tau[16] = "expand 16-byte k";
 55 f9ab77a8 2023-08-23 op 
 56 f9ab77a8 2023-08-23 op static void
 57 f9ab77a8 2023-08-23 op chacha_keysetup(chacha_ctx *x,const u8 *k,u32 kbits)
 58 f9ab77a8 2023-08-23 op {
 59 f9ab77a8 2023-08-23 op   const char *constants;
 60 f9ab77a8 2023-08-23 op 
 61 f9ab77a8 2023-08-23 op   x->input[4] = U8TO32_LITTLE(k + 0);
 62 f9ab77a8 2023-08-23 op   x->input[5] = U8TO32_LITTLE(k + 4);
 63 f9ab77a8 2023-08-23 op   x->input[6] = U8TO32_LITTLE(k + 8);
 64 f9ab77a8 2023-08-23 op   x->input[7] = U8TO32_LITTLE(k + 12);
 65 f9ab77a8 2023-08-23 op   if (kbits == 256) { /* recommended */
 66 f9ab77a8 2023-08-23 op     k += 16;
 67 f9ab77a8 2023-08-23 op     constants = sigma;
 68 f9ab77a8 2023-08-23 op   } else { /* kbits == 128 */
 69 f9ab77a8 2023-08-23 op     constants = tau;
 70 f9ab77a8 2023-08-23 op   }
 71 f9ab77a8 2023-08-23 op   x->input[8] = U8TO32_LITTLE(k + 0);
 72 f9ab77a8 2023-08-23 op   x->input[9] = U8TO32_LITTLE(k + 4);
 73 f9ab77a8 2023-08-23 op   x->input[10] = U8TO32_LITTLE(k + 8);
 74 f9ab77a8 2023-08-23 op   x->input[11] = U8TO32_LITTLE(k + 12);
 75 f9ab77a8 2023-08-23 op   x->input[0] = U8TO32_LITTLE(constants + 0);
 76 f9ab77a8 2023-08-23 op   x->input[1] = U8TO32_LITTLE(constants + 4);
 77 f9ab77a8 2023-08-23 op   x->input[2] = U8TO32_LITTLE(constants + 8);
 78 f9ab77a8 2023-08-23 op   x->input[3] = U8TO32_LITTLE(constants + 12);
 79 f9ab77a8 2023-08-23 op }
 80 f9ab77a8 2023-08-23 op 
 81 f9ab77a8 2023-08-23 op static void
 82 f9ab77a8 2023-08-23 op chacha_ivsetup(chacha_ctx *x,const u8 *iv)
 83 f9ab77a8 2023-08-23 op {
 84 f9ab77a8 2023-08-23 op   x->input[12] = 0;
 85 f9ab77a8 2023-08-23 op   x->input[13] = 0;
 86 f9ab77a8 2023-08-23 op   x->input[14] = U8TO32_LITTLE(iv + 0);
 87 f9ab77a8 2023-08-23 op   x->input[15] = U8TO32_LITTLE(iv + 4);
 88 f9ab77a8 2023-08-23 op }
 89 f9ab77a8 2023-08-23 op 
 90 f9ab77a8 2023-08-23 op static void
 91 f9ab77a8 2023-08-23 op chacha_encrypt_bytes(chacha_ctx *x,const u8 *m,u8 *c,u32 bytes)
 92 f9ab77a8 2023-08-23 op {
 93 f9ab77a8 2023-08-23 op   u32 x0, x1, x2, x3, x4, x5, x6, x7, x8, x9, x10, x11, x12, x13, x14, x15;
 94 f9ab77a8 2023-08-23 op   u32 j0, j1, j2, j3, j4, j5, j6, j7, j8, j9, j10, j11, j12, j13, j14, j15;
 95 f9ab77a8 2023-08-23 op   u8 *ctarget = NULL;
 96 f9ab77a8 2023-08-23 op   u8 tmp[64];
 97 f9ab77a8 2023-08-23 op   u_int i;
 98 f9ab77a8 2023-08-23 op 
 99 f9ab77a8 2023-08-23 op   if (!bytes) return;
100 f9ab77a8 2023-08-23 op 
101 f9ab77a8 2023-08-23 op   j0 = x->input[0];
102 f9ab77a8 2023-08-23 op   j1 = x->input[1];
103 f9ab77a8 2023-08-23 op   j2 = x->input[2];
104 f9ab77a8 2023-08-23 op   j3 = x->input[3];
105 f9ab77a8 2023-08-23 op   j4 = x->input[4];
106 f9ab77a8 2023-08-23 op   j5 = x->input[5];
107 f9ab77a8 2023-08-23 op   j6 = x->input[6];
108 f9ab77a8 2023-08-23 op   j7 = x->input[7];
109 f9ab77a8 2023-08-23 op   j8 = x->input[8];
110 f9ab77a8 2023-08-23 op   j9 = x->input[9];
111 f9ab77a8 2023-08-23 op   j10 = x->input[10];
112 f9ab77a8 2023-08-23 op   j11 = x->input[11];
113 f9ab77a8 2023-08-23 op   j12 = x->input[12];
114 f9ab77a8 2023-08-23 op   j13 = x->input[13];
115 f9ab77a8 2023-08-23 op   j14 = x->input[14];
116 f9ab77a8 2023-08-23 op   j15 = x->input[15];
117 f9ab77a8 2023-08-23 op 
118 f9ab77a8 2023-08-23 op   for (;;) {
119 f9ab77a8 2023-08-23 op     if (bytes < 64) {
120 f9ab77a8 2023-08-23 op       for (i = 0;i < bytes;++i) tmp[i] = m[i];
121 f9ab77a8 2023-08-23 op       m = tmp;
122 f9ab77a8 2023-08-23 op       ctarget = c;
123 f9ab77a8 2023-08-23 op       c = tmp;
124 f9ab77a8 2023-08-23 op     }
125 f9ab77a8 2023-08-23 op     x0 = j0;
126 f9ab77a8 2023-08-23 op     x1 = j1;
127 f9ab77a8 2023-08-23 op     x2 = j2;
128 f9ab77a8 2023-08-23 op     x3 = j3;
129 f9ab77a8 2023-08-23 op     x4 = j4;
130 f9ab77a8 2023-08-23 op     x5 = j5;
131 f9ab77a8 2023-08-23 op     x6 = j6;
132 f9ab77a8 2023-08-23 op     x7 = j7;
133 f9ab77a8 2023-08-23 op     x8 = j8;
134 f9ab77a8 2023-08-23 op     x9 = j9;
135 f9ab77a8 2023-08-23 op     x10 = j10;
136 f9ab77a8 2023-08-23 op     x11 = j11;
137 f9ab77a8 2023-08-23 op     x12 = j12;
138 f9ab77a8 2023-08-23 op     x13 = j13;
139 f9ab77a8 2023-08-23 op     x14 = j14;
140 f9ab77a8 2023-08-23 op     x15 = j15;
141 f9ab77a8 2023-08-23 op     for (i = 20;i > 0;i -= 2) {
142 f9ab77a8 2023-08-23 op       QUARTERROUND( x0, x4, x8,x12)
143 f9ab77a8 2023-08-23 op       QUARTERROUND( x1, x5, x9,x13)
144 f9ab77a8 2023-08-23 op       QUARTERROUND( x2, x6,x10,x14)
145 f9ab77a8 2023-08-23 op       QUARTERROUND( x3, x7,x11,x15)
146 f9ab77a8 2023-08-23 op       QUARTERROUND( x0, x5,x10,x15)
147 f9ab77a8 2023-08-23 op       QUARTERROUND( x1, x6,x11,x12)
148 f9ab77a8 2023-08-23 op       QUARTERROUND( x2, x7, x8,x13)
149 f9ab77a8 2023-08-23 op       QUARTERROUND( x3, x4, x9,x14)
150 f9ab77a8 2023-08-23 op     }
151 f9ab77a8 2023-08-23 op     x0 = PLUS(x0,j0);
152 f9ab77a8 2023-08-23 op     x1 = PLUS(x1,j1);
153 f9ab77a8 2023-08-23 op     x2 = PLUS(x2,j2);
154 f9ab77a8 2023-08-23 op     x3 = PLUS(x3,j3);
155 f9ab77a8 2023-08-23 op     x4 = PLUS(x4,j4);
156 f9ab77a8 2023-08-23 op     x5 = PLUS(x5,j5);
157 f9ab77a8 2023-08-23 op     x6 = PLUS(x6,j6);
158 f9ab77a8 2023-08-23 op     x7 = PLUS(x7,j7);
159 f9ab77a8 2023-08-23 op     x8 = PLUS(x8,j8);
160 f9ab77a8 2023-08-23 op     x9 = PLUS(x9,j9);
161 f9ab77a8 2023-08-23 op     x10 = PLUS(x10,j10);
162 f9ab77a8 2023-08-23 op     x11 = PLUS(x11,j11);
163 f9ab77a8 2023-08-23 op     x12 = PLUS(x12,j12);
164 f9ab77a8 2023-08-23 op     x13 = PLUS(x13,j13);
165 f9ab77a8 2023-08-23 op     x14 = PLUS(x14,j14);
166 f9ab77a8 2023-08-23 op     x15 = PLUS(x15,j15);
167 f9ab77a8 2023-08-23 op 
168 f9ab77a8 2023-08-23 op #ifndef KEYSTREAM_ONLY
169 f9ab77a8 2023-08-23 op     x0 = XOR(x0,U8TO32_LITTLE(m + 0));
170 f9ab77a8 2023-08-23 op     x1 = XOR(x1,U8TO32_LITTLE(m + 4));
171 f9ab77a8 2023-08-23 op     x2 = XOR(x2,U8TO32_LITTLE(m + 8));
172 f9ab77a8 2023-08-23 op     x3 = XOR(x3,U8TO32_LITTLE(m + 12));
173 f9ab77a8 2023-08-23 op     x4 = XOR(x4,U8TO32_LITTLE(m + 16));
174 f9ab77a8 2023-08-23 op     x5 = XOR(x5,U8TO32_LITTLE(m + 20));
175 f9ab77a8 2023-08-23 op     x6 = XOR(x6,U8TO32_LITTLE(m + 24));
176 f9ab77a8 2023-08-23 op     x7 = XOR(x7,U8TO32_LITTLE(m + 28));
177 f9ab77a8 2023-08-23 op     x8 = XOR(x8,U8TO32_LITTLE(m + 32));
178 f9ab77a8 2023-08-23 op     x9 = XOR(x9,U8TO32_LITTLE(m + 36));
179 f9ab77a8 2023-08-23 op     x10 = XOR(x10,U8TO32_LITTLE(m + 40));
180 f9ab77a8 2023-08-23 op     x11 = XOR(x11,U8TO32_LITTLE(m + 44));
181 f9ab77a8 2023-08-23 op     x12 = XOR(x12,U8TO32_LITTLE(m + 48));
182 f9ab77a8 2023-08-23 op     x13 = XOR(x13,U8TO32_LITTLE(m + 52));
183 f9ab77a8 2023-08-23 op     x14 = XOR(x14,U8TO32_LITTLE(m + 56));
184 f9ab77a8 2023-08-23 op     x15 = XOR(x15,U8TO32_LITTLE(m + 60));
185 f9ab77a8 2023-08-23 op #endif
186 f9ab77a8 2023-08-23 op 
187 f9ab77a8 2023-08-23 op     j12 = PLUSONE(j12);
188 f9ab77a8 2023-08-23 op     if (!j12) {
189 f9ab77a8 2023-08-23 op       j13 = PLUSONE(j13);
190 f9ab77a8 2023-08-23 op       /* stopping at 2^70 bytes per nonce is user's responsibility */
191 f9ab77a8 2023-08-23 op     }
192 f9ab77a8 2023-08-23 op 
193 f9ab77a8 2023-08-23 op     U32TO8_LITTLE(c + 0,x0);
194 f9ab77a8 2023-08-23 op     U32TO8_LITTLE(c + 4,x1);
195 f9ab77a8 2023-08-23 op     U32TO8_LITTLE(c + 8,x2);
196 f9ab77a8 2023-08-23 op     U32TO8_LITTLE(c + 12,x3);
197 f9ab77a8 2023-08-23 op     U32TO8_LITTLE(c + 16,x4);
198 f9ab77a8 2023-08-23 op     U32TO8_LITTLE(c + 20,x5);
199 f9ab77a8 2023-08-23 op     U32TO8_LITTLE(c + 24,x6);
200 f9ab77a8 2023-08-23 op     U32TO8_LITTLE(c + 28,x7);
201 f9ab77a8 2023-08-23 op     U32TO8_LITTLE(c + 32,x8);
202 f9ab77a8 2023-08-23 op     U32TO8_LITTLE(c + 36,x9);
203 f9ab77a8 2023-08-23 op     U32TO8_LITTLE(c + 40,x10);
204 f9ab77a8 2023-08-23 op     U32TO8_LITTLE(c + 44,x11);
205 f9ab77a8 2023-08-23 op     U32TO8_LITTLE(c + 48,x12);
206 f9ab77a8 2023-08-23 op     U32TO8_LITTLE(c + 52,x13);
207 f9ab77a8 2023-08-23 op     U32TO8_LITTLE(c + 56,x14);
208 f9ab77a8 2023-08-23 op     U32TO8_LITTLE(c + 60,x15);
209 f9ab77a8 2023-08-23 op 
210 f9ab77a8 2023-08-23 op     if (bytes <= 64) {
211 f9ab77a8 2023-08-23 op       if (bytes < 64) {
212 f9ab77a8 2023-08-23 op         for (i = 0;i < bytes;++i) ctarget[i] = c[i];
213 f9ab77a8 2023-08-23 op       }
214 f9ab77a8 2023-08-23 op       x->input[12] = j12;
215 f9ab77a8 2023-08-23 op       x->input[13] = j13;
216 f9ab77a8 2023-08-23 op       return;
217 f9ab77a8 2023-08-23 op     }
218 f9ab77a8 2023-08-23 op     bytes -= 64;
219 f9ab77a8 2023-08-23 op     c += 64;
220 f9ab77a8 2023-08-23 op #ifndef KEYSTREAM_ONLY
221 f9ab77a8 2023-08-23 op     m += 64;
222 f9ab77a8 2023-08-23 op #endif
223 f9ab77a8 2023-08-23 op   }
224 f9ab77a8 2023-08-23 op }