diff options
| author | cinap_lenrek <cinap_lenrek@felloff.net> | 2016-09-11 03:18:48 +0200 |
|---|---|---|
| committer | cinap_lenrek <cinap_lenrek@felloff.net> | 2016-09-11 03:18:48 +0200 |
| commit | 95c9f5bf37a5d8a659aa1aad34dee81afbdf8938 (patch) | |
| tree | a64ece2d9bace9dddee93c5decba94d7ed40a842 /sys/src/9 | |
| parent | 10275ad6dd261b21774848e3d5913807ae293236 (diff) | |
kernel: better nonce partitioning for chacha random number generator
leave the block counter to chacha_encrypt() and increment the 96 bit
iv instead.
Diffstat (limited to 'sys/src/9')
| -rw-r--r-- | sys/src/9/port/random.c | 9 |
1 files changed, 4 insertions, 5 deletions
diff --git a/sys/src/9/port/random.c b/sys/src/9/port/random.c index 253c89b03..c6dd838f4 100644 --- a/sys/src/9/port/random.c +++ b/sys/src/9/port/random.c @@ -89,7 +89,6 @@ ulong randomread(void *p, ulong n) { Chachastate c; - ulong b; if(n == 0) return 0; @@ -97,12 +96,12 @@ randomread(void *p, ulong n) if(hwrandbuf != nil) (*hwrandbuf)(p, n); - /* copy chacha state and advance block counter */ + /* copy chacha state and increment iv */ qlock(rs); c = *rs; - b = rs->input[12]; - rs->input[12] += (n + ChachaBsize-1)/ChachaBsize; - if(rs->input[12] < b) rs->input[13]++; + if(++rs->input[13] == 0) + if(++rs->input[14] == 0) + ++rs->input[15]; qunlock(rs); /* encrypt the buffer, can fault */ |