From owner-svn-src-head@freebsd.org  Sun Apr 16 14:35:07 2017
Return-Path: <owner-svn-src-head@freebsd.org>
Delivered-To: svn-src-head@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 2D49ED4087F;
 Sun, 16 Apr 2017 14:35:07 +0000 (UTC)
 (envelope-from cse.cem@gmail.com)
Received: from mail-wm0-f52.google.com (mail-wm0-f52.google.com [74.125.82.52])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (Client CN "smtp.gmail.com",
 Issuer "Google Internet Authority G2" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id C007613E1;
 Sun, 16 Apr 2017 14:35:06 +0000 (UTC)
 (envelope-from cse.cem@gmail.com)
Received: by mail-wm0-f52.google.com with SMTP id t189so19795290wmt.1;
 Sun, 16 Apr 2017 07:35:06 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:mime-version:reply-to:in-reply-to:references
 :from:date:message-id:subject:to:cc;
 bh=B2TE4rt6LN4dYoBSUl675EsqCxU7JuDknvJagLNSqHg=;
 b=S5HJA1LrVEpQdubACbm4jT04F2X+/frCTSj6SHU288G3J63AYWaPwM5r0vKvzQoo81
 QRhmYhBdFTPaUBYe02Xre8Kh1y/C4G0Q3kYDlE0K9kVptaYk7BWAvZ1x8aHMt5mv8NJu
 7ZQVzKbSZhrf1V9g9k2b23KRRjVYvL7m50jDbX4nOcAjE0nLlSikjXzaUo4hYrHCp78T
 k8WunItSdmurzlzAEVHp9XmKYktNsuDlju3N6mt5jiGZEugzR+Gc2mDfFp2ilRmRVOHw
 Ra3P54/sXKRBLb++ileqQnhobo3O98jQ5e42B0ihxL5gYa0qCVukUmWyO7l0bE6NKpuF
 F6yw==
X-Gm-Message-State: AN3rC/7COCLs9KwP6iQ3/DuMJDgsCJriFKtJsSKAdCXNqnGm3ffcjbWK
 m4WWaIEdnBbp18TSQqM=
X-Received: by 10.28.181.69 with SMTP id e66mr5585659wmf.33.1492353298911;
 Sun, 16 Apr 2017 07:34:58 -0700 (PDT)
Received: from mail-wr0-f171.google.com (mail-wr0-f171.google.com.
 [209.85.128.171])
 by smtp.gmail.com with ESMTPSA id u206sm6644995wmg.20.2017.04.16.07.34.58
 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
 Sun, 16 Apr 2017 07:34:58 -0700 (PDT)
Received: by mail-wr0-f171.google.com with SMTP id z109so72052405wrb.1;
 Sun, 16 Apr 2017 07:34:58 -0700 (PDT)
X-Received: by 10.223.181.132 with SMTP id c4mr7223758wre.178.1492353298651;
 Sun, 16 Apr 2017 07:34:58 -0700 (PDT)
MIME-Version: 1.0
Reply-To: cem@freebsd.org
Received: by 10.80.169.4 with HTTP; Sun, 16 Apr 2017 07:34:58 -0700 (PDT)
In-Reply-To: <CAG6CVpUuR7+qP8eGRGnkEmN-WCrq7XwF7wkBHvoCJzGedvSDfg@mail.gmail.com>
References: <201704160911.v3G9B3df023095@repo.freebsd.org>
 <BC50327E-E601-4FC4-98A7-0B258086CEFB@FreeBSD.org>
 <CAG6CVpUuR7+qP8eGRGnkEmN-WCrq7XwF7wkBHvoCJzGedvSDfg@mail.gmail.com>
From: Conrad Meyer <cem@freebsd.org>
Date: Sun, 16 Apr 2017 07:34:58 -0700
X-Gmail-Original-Message-ID: <CAG6CVpUC_xLpWZi6B2T=e41sdymkxoPWm97TKLbKHkSGOF-V2w@mail.gmail.com>
Message-ID: <CAG6CVpUC_xLpWZi6B2T=e41sdymkxoPWm97TKLbKHkSGOF-V2w@mail.gmail.com>
Subject: Re: svn commit: r317015 - in head/sys: boot/forth conf
 crypto/chacha20 dev/random libkern sys
To: Mark R V Murray <markm@freebsd.org>
Cc: src-committers <src-committers@freebsd.org>, svn-src-all@freebsd.org, 
 svn-src-head@freebsd.org
Content-Type: text/plain; charset=UTF-8
X-BeenThere: svn-src-head@freebsd.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: SVN commit messages for the src tree for head/-current
 <svn-src-head.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-src-head>,
 <mailto:svn-src-head-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-head/>
List-Post: <mailto:svn-src-head@freebsd.org>
List-Help: <mailto:svn-src-head-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-src-head>,
 <mailto:svn-src-head-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 16 Apr 2017 14:35:07 -0000

Furthmore:

chacha20.ko: 7 kB
GENERIC w/out chacha20: 27095416
GENERIC w/ chacha20: 27097976

device chacha20 adds 2560 *bytes* to the kernel.  That's +0.009%.  Not
worth bikeshedding about.

Best,
Conrad



On Sun, Apr 16, 2017 at 7:26 AM, Conrad Meyer <cem@freebsd.org> wrote:
> On Sun, Apr 16, 2017 at 2:19 AM, Mark R V Murray <markm@freebsd.org> wrote:
>> This does not use DES' Chacha20 commit, as I had already completed the
>> testing for it, and received SO@ approval.
>>
>> DES's commit made Chaha20 a module. This is of no use to arc4random(9),
>> which needs the code to be standard. Also his API is different.
>>
>> I have no objection to reworking the arc4random/Chacha below to use DES'
>> version of Chacha, but his code needs to be standard library code,
>> not an optional module.
>>
>> Any objections to me doing this?
>
> Hi Mark,
>
> I think you've taken the only sane approach possible here.  arc4random
> cannot be loadable, and it needs a standard cipher.  RC4 is
> undesirable because large parts of its early keystream are predictable
> and it is anticipated to have other weaknesses.
>
> I doubt Chacha comes out to much in the way of object code, and
> removing RC4 should subsidize even that number.  From AMD64:
> chacha20.ko is 7 kB.
>
> Furthermore, I do not believe you should be harangued into rewriting
> how RNG use works in the kernel just to allow Chacha to be loadable.
> And if it is "loadable," so what?  You can't boot without it; what
> good does a mandatory loadable module do?
>
> So:
>
> * I believe you've taken the right approach.  But somehow your import
> of chacha should be reconciled with DES' import (i.e., keep only one
> copy in the tree).
> * I don't believe the chacha code being standard is an undue burden.
> Especially balanced by kicking out RC4.
>
> Thanks for doing this work.
>
> Best,
> Conrad