crypto: chacha20-generic - refactor to allow varying number of rounds
In preparation for adding XChaCha12 support, rename/refactor
chacha20-generic to support different numbers of rounds. The
justification for needing XChaCha12 support is explained in more detail
in the patch "crypto: chacha - add XChaCha12 support".
The only difference between ChaCha{8,12,20} are the number of rounds
itself; all other parts of the algorithm are the same. Therefore,
remove the "20" from all definitions, structures, functions, files, etc.
that will be shared by all ChaCha versions.
Also make ->setkey() store the round count in the chacha_ctx (previously
chacha20_ctx). The generic code then passes the round count through to
chacha_block(). There will be a ->setkey() function for each explicitly
allowed round count; the encrypt/decrypt functions will be the same. I
decided not to do it the opposite way (same ->setkey() function for all
round counts, with different encrypt/decrypt functions) because that
would have required more boilerplate code in architecture-specific
implementations of ChaCha and XChaCha.
Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Acked-by: Martin Willi <martin@strongswan.org>
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
This commit is contained in:
Eric Biggers
47
include/crypto/chacha.h
Normal file
47
include/crypto/chacha.h
Normal file
@@ -0,0 +1,47 @@
|
||||
/* SPDX-License-Identifier: GPL-2.0 */
|
||||
/*
|
||||
* Common values and helper functions for the ChaCha and XChaCha stream ciphers.
|
||||
*
|
||||
* XChaCha extends ChaCha's nonce to 192 bits, while provably retaining ChaCha's
|
||||
* security. Here they share the same key size, tfm context, and setkey
|
||||
* function; only their IV size and encrypt/decrypt function differ.
|
||||
*/
|
||||
|
||||
#ifndef _CRYPTO_CHACHA_H
|
||||
#define _CRYPTO_CHACHA_H
|
||||
|
||||
#include <crypto/skcipher.h>
|
||||
#include <linux/types.h>
|
||||
#include <linux/crypto.h>
|
||||
|
||||
/* 32-bit stream position, then 96-bit nonce (RFC7539 convention) */
|
||||
#define CHACHA_IV_SIZE 16
|
||||
|
||||
#define CHACHA_KEY_SIZE 32
|
||||
#define CHACHA_BLOCK_SIZE 64
|
||||
#define CHACHAPOLY_IV_SIZE 12
|
||||
|
||||
/* 192-bit nonce, then 64-bit stream position */
|
||||
#define XCHACHA_IV_SIZE 32
|
||||
|
||||
struct chacha_ctx {
|
||||
u32 key[8];
|
||||
int nrounds;
|
||||
};
|
||||
|
||||
void chacha_block(u32 *state, u8 *stream, int nrounds);
|
||||
static inline void chacha20_block(u32 *state, u8 *stream)
|
||||
{
|
||||
chacha_block(state, stream, 20);
|
||||
}
|
||||
void hchacha_block(const u32 *in, u32 *out, int nrounds);
|
||||
|
||||
void crypto_chacha_init(u32 *state, struct chacha_ctx *ctx, u8 *iv);
|
||||
|
||||
int crypto_chacha20_setkey(struct crypto_skcipher *tfm, const u8 *key,
|
||||
unsigned int keysize);
|
||||
|
||||
int crypto_chacha_crypt(struct skcipher_request *req);
|
||||
int crypto_xchacha_crypt(struct skcipher_request *req);
|
||||
|
||||
#endif /* _CRYPTO_CHACHA_H */
|
||||
Reference in New Issue
Block a user