22 Aug, 2017

1 commit

• 4de437265   crypto: chacha20 - fix handling of chunked input ... Browse Code »

  Commit 9ae433bc79f9 ("crypto: chacha20 - convert generic and x86 versions
  to skcipher") ported the existing chacha20 code to use the new skcipher
  API, and introduced a bug along the way. Unfortunately, the tcrypt tests
  did not catch the error, and it was only found recently by Tobias.

  Stefan kindly diagnosed the error, and proposed a fix which is similar
  to the one below, with the exception that 'walk.stride' is used rather
  than the hardcoded block size. This does not actually matter in this
  case, but it's a better example of how to use the skcipher walk API.

  Fixes: 9ae433bc79f9 ("crypto: chacha20 - convert generic and x86 ...")
  Cc: # v4.11+
  Cc: Steffen Klassert
  Reported-by: Tobias Brunner
  Signed-off-by: Ard Biesheuvel
  Signed-off-by: Herbert Xu

  Ard Biesheuvel

  2017-08-22 14:45:47 +0800  

27 Dec, 2016

1 commit

• 9ae433bc7   crypto: chacha20 - convert generic and x86 versions to skcipher ... Browse Code »

  This converts the ChaCha20 code from a blkcipher to a skcipher, which
  is now the preferred way to implement symmetric block and stream ciphers.

  This ports the generic and x86 versions at the same time because the
  latter reuses routines of the former.

  Note that the skcipher_walk() API guarantees that all presented blocks
  except the final one are a multiple of the chunk size, so we can simplify
  the encrypt() routine somewhat.

  Signed-off-by: Ard Biesheuvel
  Signed-off-by: Herbert Xu

  Ard Biesheuvel

  2016-12-27 17:47:31 +0800  

03 Jul, 2016

1 commit

• e192be9d9   random: replace non-blocking pool with a Chacha20-based CRNG ... Browse Code »

  The CRNG is faster, and we don't pretend to track entropy usage in the
  CRNG any more.

  Signed-off-by: Theodore Ts'o

  Theodore Ts'o

  2016-07-03 12:57:23 +0800  

17 Jul, 2015

1 commit

• 31d7247da   crypto: chacha20 - Export common ChaCha20 helpers ... Browse Code »

  As architecture specific drivers need a software fallback, export a
  ChaCha20 en-/decryption function together with some helpers in a header
  file.

  Signed-off-by: Martin Willi
  Signed-off-by: Herbert Xu

  Martin Willi

  2015-07-17 21:20:21 +0800  

04 Jun, 2015

1 commit

• c08d0e647   crypto: chacha20 - Add a generic ChaCha20 stream cipher implementation ... Browse Code »

  ChaCha20 is a high speed 256-bit key size stream cipher algorithm designed by
  Daniel J. Bernstein. It is further specified in RFC7539 for use in IETF
  protocols as a building block for the ChaCha20-Poly1305 AEAD.

  This is a portable C implementation without any architecture specific
  optimizations. It uses a 16-byte IV, which includes the 12-byte ChaCha20 nonce
  prepended by the initial block counter. Some algorithms require an explicit
  counter value, for example the mentioned AEAD construction.

  Signed-off-by: Martin Willi
  Acked-by: Steffen Klassert
  Signed-off-by: Herbert Xu

  Martin Willi

  2015-06-04 15:04:49 +0800