kernel: better nonce partitioning for chacha random number generator

leave the block counter to chacha_encrypt() and increment the 96 bit iv instead.
author: cinap_lenrek <cinap_lenrek@felloff.net> 2016-09-11 03:18:48 +0200
committer: cinap_lenrek <cinap_lenrek@felloff.net> 2016-09-11 03:18:48 +0200
commit: 95c9f5bf37a5d8a659aa1aad34dee81afbdf8938 (patch)
tree: a64ece2d9bace9dddee93c5decba94d7ed40a842 /sys/src/9/port
parent: 10275ad6dd261b21774848e3d5913807ae293236 (diff)
1 files changed, 4 insertions, 5 deletions
diff --git a/sys/src/9/port/random.c b/sys/src/9/port/random.c
index 253c89b03..c6dd838f4 100644
--- a/sys/src/9/port/random.c
+++ b/sys/src/9/port/random.c
@@ -89,7 +89,6 @@ ulong
 randomread(void *p, ulong n)
 {
 	Chachastate c;
-	ulong b;
 
 	if(n == 0)
 		return 0;
@@ -97,12 +96,12 @@ randomread(void *p, ulong n)
 	if(hwrandbuf != nil)
 		(*hwrandbuf)(p, n);
 
-	/* copy chacha state and advance block counter */
+	/* copy chacha state and increment iv */
 	qlock(rs);
 	c = *rs;
-	b = rs->input[12];
-	rs->input[12] += (n + ChachaBsize-1)/ChachaBsize;
-	if(rs->input[12] < b) rs->input[13]++;
+	if(++rs->input[13] == 0)
+		if(++rs->input[14] == 0)
+			++rs->input[15];
 	qunlock(rs);
 
 	/* encrypt the buffer, can fault */
author	cinap_lenrek <cinap_lenrek@felloff.net>	2016-09-11 03:18:48 +0200
committer	cinap_lenrek <cinap_lenrek@felloff.net>	2016-09-11 03:18:48 +0200
commit	95c9f5bf37a5d8a659aa1aad34dee81afbdf8938 (patch)
tree	a64ece2d9bace9dddee93c5decba94d7ed40a842 /sys/src/9/port
parent	10275ad6dd261b21774848e3d5913807ae293236 (diff)