^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1) // SPDX-License-Identifier: GPL-2.0-or-later
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3) * ChaCha and XChaCha stream ciphers, including ChaCha20 (RFC7539)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5) * Copyright (C) 2015 Martin Willi
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6) * Copyright (C) 2018 Google LLC
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 8)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 9) #include <asm/unaligned.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 10) #include <crypto/algapi.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 11) #include <crypto/internal/chacha.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 12) #include <crypto/internal/skcipher.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 13) #include <linux/module.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 14)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 15) static int chacha_stream_xor(struct skcipher_request *req,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 16) const struct chacha_ctx *ctx, const u8 *iv)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 17) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 18) struct skcipher_walk walk;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 19) u32 state[16];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 20) int err;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 21)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 22) err = skcipher_walk_virt(&walk, req, false);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 23)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 24) chacha_init_generic(state, ctx->key, iv);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 25)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 26) while (walk.nbytes > 0) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 27) unsigned int nbytes = walk.nbytes;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 28)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 29) if (nbytes < walk.total)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 30) nbytes = round_down(nbytes, CHACHA_BLOCK_SIZE);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 31)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 32) chacha_crypt_generic(state, walk.dst.virt.addr,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 33) walk.src.virt.addr, nbytes, ctx->nrounds);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 34) err = skcipher_walk_done(&walk, walk.nbytes - nbytes);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 35) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 36)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 37) return err;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 38) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 39)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 40) static int crypto_chacha_crypt(struct skcipher_request *req)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 41) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 42) struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 43) struct chacha_ctx *ctx = crypto_skcipher_ctx(tfm);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 44)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 45) return chacha_stream_xor(req, ctx, req->iv);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 46) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 47)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 48) static int crypto_xchacha_crypt(struct skcipher_request *req)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 49) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 50) struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 51) struct chacha_ctx *ctx = crypto_skcipher_ctx(tfm);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 52) struct chacha_ctx subctx;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 53) u32 state[16];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 54) u8 real_iv[16];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 55)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 56) /* Compute the subkey given the original key and first 128 nonce bits */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 57) chacha_init_generic(state, ctx->key, req->iv);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 58) hchacha_block_generic(state, subctx.key, ctx->nrounds);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 59) subctx.nrounds = ctx->nrounds;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 60)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 61) /* Build the real IV */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 62) memcpy(&real_iv[0], req->iv + 24, 8); /* stream position */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 63) memcpy(&real_iv[8], req->iv + 16, 8); /* remaining 64 nonce bits */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 64)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 65) /* Generate the stream and XOR it with the data */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 66) return chacha_stream_xor(req, &subctx, real_iv);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 67) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 68)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 69) static struct skcipher_alg algs[] = {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 70) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 71) .base.cra_name = "chacha20",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 72) .base.cra_driver_name = "chacha20-generic",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 73) .base.cra_priority = 100,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 74) .base.cra_blocksize = 1,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 75) .base.cra_ctxsize = sizeof(struct chacha_ctx),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 76) .base.cra_module = THIS_MODULE,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 77)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 78) .min_keysize = CHACHA_KEY_SIZE,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 79) .max_keysize = CHACHA_KEY_SIZE,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 80) .ivsize = CHACHA_IV_SIZE,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 81) .chunksize = CHACHA_BLOCK_SIZE,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 82) .setkey = chacha20_setkey,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 83) .encrypt = crypto_chacha_crypt,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 84) .decrypt = crypto_chacha_crypt,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 85) }, {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 86) .base.cra_name = "xchacha20",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 87) .base.cra_driver_name = "xchacha20-generic",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 88) .base.cra_priority = 100,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 89) .base.cra_blocksize = 1,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 90) .base.cra_ctxsize = sizeof(struct chacha_ctx),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 91) .base.cra_module = THIS_MODULE,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 92)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 93) .min_keysize = CHACHA_KEY_SIZE,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 94) .max_keysize = CHACHA_KEY_SIZE,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 95) .ivsize = XCHACHA_IV_SIZE,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 96) .chunksize = CHACHA_BLOCK_SIZE,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 97) .setkey = chacha20_setkey,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 98) .encrypt = crypto_xchacha_crypt,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 99) .decrypt = crypto_xchacha_crypt,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 100) }, {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 101) .base.cra_name = "xchacha12",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 102) .base.cra_driver_name = "xchacha12-generic",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 103) .base.cra_priority = 100,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 104) .base.cra_blocksize = 1,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 105) .base.cra_ctxsize = sizeof(struct chacha_ctx),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 106) .base.cra_module = THIS_MODULE,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 107)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 108) .min_keysize = CHACHA_KEY_SIZE,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 109) .max_keysize = CHACHA_KEY_SIZE,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 110) .ivsize = XCHACHA_IV_SIZE,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 111) .chunksize = CHACHA_BLOCK_SIZE,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 112) .setkey = chacha12_setkey,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 113) .encrypt = crypto_xchacha_crypt,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 114) .decrypt = crypto_xchacha_crypt,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 115) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 116) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 117)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 118) static int __init chacha_generic_mod_init(void)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 119) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 120) return crypto_register_skciphers(algs, ARRAY_SIZE(algs));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 121) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 122)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 123) static void __exit chacha_generic_mod_fini(void)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 124) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 125) crypto_unregister_skciphers(algs, ARRAY_SIZE(algs));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 126) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 127)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 128) subsys_initcall(chacha_generic_mod_init);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 129) module_exit(chacha_generic_mod_fini);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 130)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 131) MODULE_LICENSE("GPL");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 132) MODULE_AUTHOR("Martin Willi <martin@strongswan.org>");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 133) MODULE_DESCRIPTION("ChaCha and XChaCha stream ciphers (generic)");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 134) MODULE_ALIAS_CRYPTO("chacha20");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 135) MODULE_ALIAS_CRYPTO("chacha20-generic");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 136) MODULE_ALIAS_CRYPTO("xchacha20");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 137) MODULE_ALIAS_CRYPTO("xchacha20-generic");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 138) MODULE_ALIAS_CRYPTO("xchacha12");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 139) MODULE_ALIAS_CRYPTO("xchacha12-generic");
Orange Pi5 kernel
Deprecated Linux kernel 5.10.110 for OrangePi 5/5B/5+ boards
3 Commits
0 Branches
0 Tags