3 files changed, 63 insertions, 3 deletions
diff --git a/src/lib/libcrypto/chacha/chacha-merged.c b/src/lib/libcrypto/chacha/chacha-merged.c
index 08511ed273..67508f208d 100644
--- a/src/lib/libcrypto/chacha/chacha-merged.c
+++ b/src/lib/libcrypto/chacha/chacha-merged.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: chacha-merged.c,v 1.8 2017/08/13 16:55:31 jsing Exp $ */
+/* $OpenBSD: chacha-merged.c,v 1.9 2019/01/22 00:59:21 dlg Exp $ */
 /*
 chacha-merged.c version 20080118
 D. J. Bernstein
@@ -277,3 +277,49 @@ chacha_encrypt_bytes(chacha_ctx *x, const u8 *m, u8 *c, u32 bytes)
                m += 64;
        }
 }
+void
+CRYPTO_hchacha_20(unsigned char subkey[32], const unsigned char key[32],
+    const unsigned char nonce[16])
+{
+        uint32_t x[16];
+        int i;
+        x[0] = U8TO32_LITTLE(sigma + 0);
+        x[1] = U8TO32_LITTLE(sigma + 4);
+        x[2] = U8TO32_LITTLE(sigma + 8);
+        x[3] = U8TO32_LITTLE(sigma + 12);
+        x[4] = U8TO32_LITTLE(key + 0);
+        x[5] = U8TO32_LITTLE(key + 4);
+        x[6] = U8TO32_LITTLE(key + 8);
+        x[7] = U8TO32_LITTLE(key + 12);
+        x[8] = U8TO32_LITTLE(key + 16);
+        x[9] = U8TO32_LITTLE(key + 20);
+        x[10] = U8TO32_LITTLE(key + 24);
+        x[11] = U8TO32_LITTLE(key + 28);
+        x[12] = U8TO32_LITTLE(nonce + 0);
+        x[13] = U8TO32_LITTLE(nonce + 4);
+        x[14] = U8TO32_LITTLE(nonce + 8);
+        x[15] = U8TO32_LITTLE(nonce + 12);
+        for (i = 20; i > 0; i -= 2) {
+                QUARTERROUND(x[0], x[4], x[8], x[12])
+                QUARTERROUND(x[1], x[5], x[9], x[13])
+                QUARTERROUND(x[2], x[6], x[10], x[14])
+                QUARTERROUND(x[3], x[7], x[11], x[15])
+                QUARTERROUND(x[0], x[5], x[10], x[15])
+                QUARTERROUND(x[1], x[6], x[11], x[12])
+                QUARTERROUND(x[2], x[7], x[8], x[13])
+                QUARTERROUND(x[3], x[4], x[9], x[14])
+        }
+        U32TO8_LITTLE(subkey + 0, x[0]);
+        U32TO8_LITTLE(subkey + 4, x[1]);
+        U32TO8_LITTLE(subkey + 8, x[2]);
+        U32TO8_LITTLE(subkey + 12, x[3]);
+        U32TO8_LITTLE(subkey + 16, x[12]);
+        U32TO8_LITTLE(subkey + 20, x[13]);
+        U32TO8_LITTLE(subkey + 24, x[14]);
+        U32TO8_LITTLE(subkey + 28, x[15]);
+}
diff --git a/src/lib/libcrypto/chacha/chacha.c b/src/lib/libcrypto/chacha/chacha.c
index 0c384ab88a..6a2dddf055 100644
--- a/src/lib/libcrypto/chacha/chacha.c
+++ b/src/lib/libcrypto/chacha/chacha.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: chacha.c,v 1.7 2015/12/09 14:07:55 bcook Exp $ */
+/* $OpenBSD: chacha.c,v 1.8 2019/01/22 00:59:21 dlg Exp $ */
 /*
 * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
 *
@@ -75,3 +75,13 @@ CRYPTO_chacha_20(unsigned char *out, const unsigned char *in, size_t len,
        chacha_encrypt_bytes(&ctx, in, out, (uint32_t)len);
 }
+void
+CRYPTO_xchacha_20(unsigned char *out, const unsigned char *in, size_t len,
+    const unsigned char key[32], const unsigned char iv[24])
+{
+        uint8_t subkey[32];
+        CRYPTO_hchacha_20(subkey, key, iv);
+        CRYPTO_chacha_20(out, in, len, subkey, iv + 16, 0);
+}
diff --git a/src/lib/libcrypto/chacha/chacha.h b/src/lib/libcrypto/chacha/chacha.h
index 8d94e626f8..e2345b2199 100644
--- a/src/lib/libcrypto/chacha/chacha.h
+++ b/src/lib/libcrypto/chacha/chacha.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: chacha.h,v 1.7 2015/12/09 14:07:55 bcook Exp $ */
+/* $OpenBSD: chacha.h,v 1.8 2019/01/22 00:59:21 dlg Exp $ */
 /*
 * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
 *
@@ -46,6 +46,10 @@ void ChaCha(ChaCha_ctx *ctx, unsigned char *out, const unsigned char *in,
 void CRYPTO_chacha_20(unsigned char *out, const unsigned char *in, size_t len,
    const unsigned char key[32], const unsigned char iv[8], uint64_t counter);
+void CRYPTO_xchacha_20(unsigned char *out, const unsigned char *in, size_t len,
+    const unsigned char key[32], const unsigned char iv[24]);
+void CRYPTO_hchacha_20(unsigned char out[32],
+    const unsigned char key[32], const unsigned char iv[16]);
 #ifdef  __cplusplus
 }

diff --git a/src/lib/libcrypto/chacha/chacha-merged.c b/src/lib/libcrypto/chacha/chacha-merged.c index 08511ed273..67508f208d 100644 --- a/src/lib/libcrypto/chacha/chacha-merged.c +++ b/src/lib/libcrypto/chacha/chacha-merged.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: chacha-merged.c,v 1.8 2017/08/13 16:55:31 jsing Exp $ */	1	/* $OpenBSD: chacha-merged.c,v 1.9 2019/01/22 00:59:21 dlg Exp $ */
2	/*	2	/*
3	chacha-merged.c version 20080118	3	chacha-merged.c version 20080118
4	D. J. Bernstein	4	D. J. Bernstein
@@ -277,3 +277,49 @@ chacha_encrypt_bytes(chacha_ctx x, const u8 m, u8 *c, u32 bytes)
277	m += 64;	277	m += 64;
278	}	278	}
279	}	279	}
		280
		281	void
		282	CRYPTO_hchacha_20(unsigned char subkey[32], const unsigned char key[32],
		283	const unsigned char nonce[16])
		284	{
		285	uint32_t x[16];
		286	int i;
		287
		288	x[0] = U8TO32_LITTLE(sigma + 0);
		289	x[1] = U8TO32_LITTLE(sigma + 4);
		290	x[2] = U8TO32_LITTLE(sigma + 8);
		291	x[3] = U8TO32_LITTLE(sigma + 12);
		292	x[4] = U8TO32_LITTLE(key + 0);
		293	x[5] = U8TO32_LITTLE(key + 4);
		294	x[6] = U8TO32_LITTLE(key + 8);
		295	x[7] = U8TO32_LITTLE(key + 12);
		296	x[8] = U8TO32_LITTLE(key + 16);
		297	x[9] = U8TO32_LITTLE(key + 20);
		298	x[10] = U8TO32_LITTLE(key + 24);
		299	x[11] = U8TO32_LITTLE(key + 28);
		300	x[12] = U8TO32_LITTLE(nonce + 0);
		301	x[13] = U8TO32_LITTLE(nonce + 4);
		302	x[14] = U8TO32_LITTLE(nonce + 8);
		303	x[15] = U8TO32_LITTLE(nonce + 12);
		304
		305	for (i = 20; i > 0; i -= 2) {
		306	QUARTERROUND(x[0], x[4], x[8], x[12])
		307	QUARTERROUND(x[1], x[5], x[9], x[13])
		308	QUARTERROUND(x[2], x[6], x[10], x[14])
		309	QUARTERROUND(x[3], x[7], x[11], x[15])
		310	QUARTERROUND(x[0], x[5], x[10], x[15])
		311	QUARTERROUND(x[1], x[6], x[11], x[12])
		312	QUARTERROUND(x[2], x[7], x[8], x[13])
		313	QUARTERROUND(x[3], x[4], x[9], x[14])
		314	}
		315
		316	U32TO8_LITTLE(subkey + 0, x[0]);
		317	U32TO8_LITTLE(subkey + 4, x[1]);
		318	U32TO8_LITTLE(subkey + 8, x[2]);
		319	U32TO8_LITTLE(subkey + 12, x[3]);
		320
		321	U32TO8_LITTLE(subkey + 16, x[12]);
		322	U32TO8_LITTLE(subkey + 20, x[13]);
		323	U32TO8_LITTLE(subkey + 24, x[14]);
		324	U32TO8_LITTLE(subkey + 28, x[15]);
		325	}


diff --git a/src/lib/libcrypto/chacha/chacha.c b/src/lib/libcrypto/chacha/chacha.c index 0c384ab88a..6a2dddf055 100644 --- a/src/lib/libcrypto/chacha/chacha.c +++ b/src/lib/libcrypto/chacha/chacha.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: chacha.c,v 1.7 2015/12/09 14:07:55 bcook Exp $ */	1	/* $OpenBSD: chacha.c,v 1.8 2019/01/22 00:59:21 dlg Exp $ */
2	/*	2	/*
3	* Copyright (c) 2014 Joel Sing <jsing@openbsd.org>	3	* Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
4	*	4	*
@@ -75,3 +75,13 @@ CRYPTO_chacha_20(unsigned char out, const unsigned char in, size_t len,
75		75
76	chacha_encrypt_bytes(&ctx, in, out, (uint32_t)len);	76	chacha_encrypt_bytes(&ctx, in, out, (uint32_t)len);
77	}	77	}
		78
		79	void
		80	CRYPTO_xchacha_20(unsigned char out, const unsigned char in, size_t len,
		81	const unsigned char key[32], const unsigned char iv[24])
		82	{
		83	uint8_t subkey[32];
		84
		85	CRYPTO_hchacha_20(subkey, key, iv);
		86	CRYPTO_chacha_20(out, in, len, subkey, iv + 16, 0);
		87	}


diff --git a/src/lib/libcrypto/chacha/chacha.h b/src/lib/libcrypto/chacha/chacha.h index 8d94e626f8..e2345b2199 100644 --- a/src/lib/libcrypto/chacha/chacha.h +++ b/src/lib/libcrypto/chacha/chacha.h
@@ -1,4 +1,4 @@
1	/* $OpenBSD: chacha.h,v 1.7 2015/12/09 14:07:55 bcook Exp $ */	1	/* $OpenBSD: chacha.h,v 1.8 2019/01/22 00:59:21 dlg Exp $ */
2	/*	2	/*
3	* Copyright (c) 2014 Joel Sing <jsing@openbsd.org>	3	* Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
4	*	4	*
@@ -46,6 +46,10 @@ void ChaCha(ChaCha_ctx ctx, unsigned char out, const unsigned char *in,
46		46
47	void CRYPTO_chacha_20(unsigned char out, const unsigned char in, size_t len,	47	void CRYPTO_chacha_20(unsigned char out, const unsigned char in, size_t len,
48	const unsigned char key[32], const unsigned char iv[8], uint64_t counter);	48	const unsigned char key[32], const unsigned char iv[8], uint64_t counter);
		49	void CRYPTO_xchacha_20(unsigned char out, const unsigned char in, size_t len,
		50	const unsigned char key[32], const unsigned char iv[24]);
		51	void CRYPTO_hchacha_20(unsigned char out[32],
		52	const unsigned char key[32], const unsigned char iv[16]);
49		53
50	#ifdef __cplusplus	54	#ifdef __cplusplus
51	}	55	}