Blame view
crypto/chacha20_generic.c
3.9 KB
c08d0e647 crypto: chacha20 ... |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 |
/* * ChaCha20 256-bit cipher algorithm, RFC7539 * * Copyright (C) 2015 Martin Willi * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. */ #include <crypto/algapi.h> #include <linux/crypto.h> #include <linux/kernel.h> #include <linux/module.h> |
31d7247da crypto: chacha20 ... |
16 |
#include <crypto/chacha20.h> |
c08d0e647 crypto: chacha20 ... |
17 |
|
c08d0e647 crypto: chacha20 ... |
18 19 20 21 |
static inline u32 le32_to_cpuvp(const void *p) { return le32_to_cpup(p); } |
c08d0e647 crypto: chacha20 ... |
22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 |
static void chacha20_docrypt(u32 *state, u8 *dst, const u8 *src, unsigned int bytes) { u8 stream[CHACHA20_BLOCK_SIZE]; if (dst != src) memcpy(dst, src, bytes); while (bytes >= CHACHA20_BLOCK_SIZE) { chacha20_block(state, stream); crypto_xor(dst, stream, CHACHA20_BLOCK_SIZE); bytes -= CHACHA20_BLOCK_SIZE; dst += CHACHA20_BLOCK_SIZE; } if (bytes) { chacha20_block(state, stream); crypto_xor(dst, stream, bytes); } } |
31d7247da crypto: chacha20 ... |
41 |
void crypto_chacha20_init(u32 *state, struct chacha20_ctx *ctx, u8 *iv) |
c08d0e647 crypto: chacha20 ... |
42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 |
{ static const char constant[16] = "expand 32-byte k"; state[0] = le32_to_cpuvp(constant + 0); state[1] = le32_to_cpuvp(constant + 4); state[2] = le32_to_cpuvp(constant + 8); state[3] = le32_to_cpuvp(constant + 12); state[4] = ctx->key[0]; state[5] = ctx->key[1]; state[6] = ctx->key[2]; state[7] = ctx->key[3]; state[8] = ctx->key[4]; state[9] = ctx->key[5]; state[10] = ctx->key[6]; state[11] = ctx->key[7]; state[12] = le32_to_cpuvp(iv + 0); state[13] = le32_to_cpuvp(iv + 4); state[14] = le32_to_cpuvp(iv + 8); state[15] = le32_to_cpuvp(iv + 12); } |
31d7247da crypto: chacha20 ... |
62 |
EXPORT_SYMBOL_GPL(crypto_chacha20_init); |
c08d0e647 crypto: chacha20 ... |
63 |
|
31d7247da crypto: chacha20 ... |
64 |
int crypto_chacha20_setkey(struct crypto_tfm *tfm, const u8 *key, |
c08d0e647 crypto: chacha20 ... |
65 66 67 68 69 70 71 72 73 74 75 76 77 |
unsigned int keysize) { struct chacha20_ctx *ctx = crypto_tfm_ctx(tfm); int i; if (keysize != CHACHA20_KEY_SIZE) return -EINVAL; for (i = 0; i < ARRAY_SIZE(ctx->key); i++) ctx->key[i] = le32_to_cpuvp(key + i * sizeof(u32)); return 0; } |
31d7247da crypto: chacha20 ... |
78 |
EXPORT_SYMBOL_GPL(crypto_chacha20_setkey); |
c08d0e647 crypto: chacha20 ... |
79 |
|
31d7247da crypto: chacha20 ... |
80 |
int crypto_chacha20_crypt(struct blkcipher_desc *desc, struct scatterlist *dst, |
c08d0e647 crypto: chacha20 ... |
81 82 83 84 85 86 87 88 |
struct scatterlist *src, unsigned int nbytes) { struct blkcipher_walk walk; u32 state[16]; int err; blkcipher_walk_init(&walk, dst, src, nbytes); err = blkcipher_walk_virt_block(desc, &walk, CHACHA20_BLOCK_SIZE); |
31d7247da crypto: chacha20 ... |
89 |
crypto_chacha20_init(state, crypto_blkcipher_ctx(desc->tfm), walk.iv); |
c08d0e647 crypto: chacha20 ... |
90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 |
while (walk.nbytes >= CHACHA20_BLOCK_SIZE) { chacha20_docrypt(state, walk.dst.virt.addr, walk.src.virt.addr, rounddown(walk.nbytes, CHACHA20_BLOCK_SIZE)); err = blkcipher_walk_done(desc, &walk, walk.nbytes % CHACHA20_BLOCK_SIZE); } if (walk.nbytes) { chacha20_docrypt(state, walk.dst.virt.addr, walk.src.virt.addr, walk.nbytes); err = blkcipher_walk_done(desc, &walk, 0); } return err; } |
31d7247da crypto: chacha20 ... |
106 |
EXPORT_SYMBOL_GPL(crypto_chacha20_crypt); |
c08d0e647 crypto: chacha20 ... |
107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 |
static struct crypto_alg alg = { .cra_name = "chacha20", .cra_driver_name = "chacha20-generic", .cra_priority = 100, .cra_flags = CRYPTO_ALG_TYPE_BLKCIPHER, .cra_blocksize = 1, .cra_type = &crypto_blkcipher_type, .cra_ctxsize = sizeof(struct chacha20_ctx), .cra_alignmask = sizeof(u32) - 1, .cra_module = THIS_MODULE, .cra_u = { .blkcipher = { .min_keysize = CHACHA20_KEY_SIZE, .max_keysize = CHACHA20_KEY_SIZE, |
31d7247da crypto: chacha20 ... |
122 |
.ivsize = CHACHA20_IV_SIZE, |
c08d0e647 crypto: chacha20 ... |
123 |
.geniv = "seqiv", |
31d7247da crypto: chacha20 ... |
124 125 126 |
.setkey = crypto_chacha20_setkey, .encrypt = crypto_chacha20_crypt, .decrypt = crypto_chacha20_crypt, |
c08d0e647 crypto: chacha20 ... |
127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 |
}, }, }; static int __init chacha20_generic_mod_init(void) { return crypto_register_alg(&alg); } static void __exit chacha20_generic_mod_fini(void) { crypto_unregister_alg(&alg); } module_init(chacha20_generic_mod_init); module_exit(chacha20_generic_mod_fini); MODULE_LICENSE("GPL"); MODULE_AUTHOR("Martin Willi <martin@strongswan.org>"); MODULE_DESCRIPTION("chacha20 cipher algorithm"); MODULE_ALIAS_CRYPTO("chacha20"); MODULE_ALIAS_CRYPTO("chacha20-generic"); |