ref: 95c9f5bf37a5d8a659aa1aad34dee81afbdf8938
parent: 10275ad6dd261b21774848e3d5913807ae293236
author: cinap_lenrek <cinap_lenrek@felloff.net>
date: Sat Sep 10 23:18:48 EDT 2016
kernel: better nonce partitioning for chacha random number generator leave the block counter to chacha_encrypt() and increment the 96 bit iv instead.
--- a/sys/src/9/port/random.c
+++ b/sys/src/9/port/random.c
@@ -89,7 +89,6 @@
randomread(void *p, ulong n)
{Chachastate c;
- ulong b;
if(n == 0)
return 0;
@@ -97,12 +96,12 @@
if(hwrandbuf != nil)
(*hwrandbuf)(p, n);
- /* copy chacha state and advance block counter */
+ /* copy chacha state and increment iv */
qlock(rs);
c = *rs;
- b = rs->input[12];
- rs->input[12] += (n + ChachaBsize-1)/ChachaBsize;
- if(rs->input[12] < b) rs->input[13]++;
+ if(++rs->input[13] == 0)
+ if(++rs->input[14] == 0)
+ ++rs->input[15];
qunlock(rs);
/* encrypt the buffer, can fault */