]>
Commit | Line | Data |
---|---|---|
1ca1b917 EB |
1 | /* SPDX-License-Identifier: GPL-2.0 */ |
2 | /* | |
3 | * Common values and helper functions for the ChaCha and XChaCha stream ciphers. | |
4 | * | |
5 | * XChaCha extends ChaCha's nonce to 192 bits, while provably retaining ChaCha's | |
6 | * security. Here they share the same key size, tfm context, and setkey | |
7 | * function; only their IV size and encrypt/decrypt function differ. | |
aa762409 EB |
8 | * |
9 | * The ChaCha paper specifies 20, 12, and 8-round variants. In general, it is | |
10 | * recommended to use the 20-round variant ChaCha20. However, the other | |
11 | * variants can be needed in some performance-sensitive scenarios. The generic | |
12 | * ChaCha code currently allows only the 20 and 12-round variants. | |
1ca1b917 EB |
13 | */ |
14 | ||
15 | #ifndef _CRYPTO_CHACHA_H | |
16 | #define _CRYPTO_CHACHA_H | |
17 | ||
5fb8ef25 | 18 | #include <asm/unaligned.h> |
1ca1b917 | 19 | #include <linux/types.h> |
1ca1b917 EB |
20 | |
21 | /* 32-bit stream position, then 96-bit nonce (RFC7539 convention) */ | |
22 | #define CHACHA_IV_SIZE 16 | |
23 | ||
24 | #define CHACHA_KEY_SIZE 32 | |
25 | #define CHACHA_BLOCK_SIZE 64 | |
26 | #define CHACHAPOLY_IV_SIZE 12 | |
27 | ||
84e03fa3 | 28 | #define CHACHA_STATE_WORDS (CHACHA_BLOCK_SIZE / sizeof(u32)) |
84e03fa3 | 29 | |
1ca1b917 EB |
30 | /* 192-bit nonce, then 64-bit stream position */ |
31 | #define XCHACHA_IV_SIZE 32 | |
32 | ||
5fb8ef25 | 33 | void chacha_block_generic(u32 *state, u8 *stream, int nrounds); |
1ca1b917 EB |
34 | static inline void chacha20_block(u32 *state, u8 *stream) |
35 | { | |
5fb8ef25 | 36 | chacha_block_generic(state, stream, 20); |
1ca1b917 | 37 | } |
1ca1b917 | 38 | |
5fb8ef25 AB |
39 | void hchacha_block_arch(const u32 *state, u32 *out, int nrounds); |
40 | void hchacha_block_generic(const u32 *state, u32 *out, int nrounds); | |
41 | ||
42 | static inline void hchacha_block(const u32 *state, u32 *out, int nrounds) | |
43 | { | |
44 | if (IS_ENABLED(CONFIG_CRYPTO_ARCH_HAVE_LIB_CHACHA)) | |
45 | hchacha_block_arch(state, out, nrounds); | |
46 | else | |
47 | hchacha_block_generic(state, out, nrounds); | |
48 | } | |
1ca1b917 | 49 | |
5fb8ef25 AB |
50 | void chacha_init_arch(u32 *state, const u32 *key, const u8 *iv); |
51 | static inline void chacha_init_generic(u32 *state, const u32 *key, const u8 *iv) | |
52 | { | |
53 | state[0] = 0x61707865; /* "expa" */ | |
54 | state[1] = 0x3320646e; /* "nd 3" */ | |
55 | state[2] = 0x79622d32; /* "2-by" */ | |
56 | state[3] = 0x6b206574; /* "te k" */ | |
57 | state[4] = key[0]; | |
58 | state[5] = key[1]; | |
59 | state[6] = key[2]; | |
60 | state[7] = key[3]; | |
61 | state[8] = key[4]; | |
62 | state[9] = key[5]; | |
63 | state[10] = key[6]; | |
64 | state[11] = key[7]; | |
65 | state[12] = get_unaligned_le32(iv + 0); | |
66 | state[13] = get_unaligned_le32(iv + 4); | |
67 | state[14] = get_unaligned_le32(iv + 8); | |
68 | state[15] = get_unaligned_le32(iv + 12); | |
69 | } | |
1ca1b917 | 70 | |
5fb8ef25 AB |
71 | static inline void chacha_init(u32 *state, const u32 *key, const u8 *iv) |
72 | { | |
73 | if (IS_ENABLED(CONFIG_CRYPTO_ARCH_HAVE_LIB_CHACHA)) | |
74 | chacha_init_arch(state, key, iv); | |
75 | else | |
76 | chacha_init_generic(state, key, iv); | |
77 | } | |
78 | ||
79 | void chacha_crypt_arch(u32 *state, u8 *dst, const u8 *src, | |
80 | unsigned int bytes, int nrounds); | |
81 | void chacha_crypt_generic(u32 *state, u8 *dst, const u8 *src, | |
82 | unsigned int bytes, int nrounds); | |
83 | ||
84 | static inline void chacha_crypt(u32 *state, u8 *dst, const u8 *src, | |
85 | unsigned int bytes, int nrounds) | |
86 | { | |
87 | if (IS_ENABLED(CONFIG_CRYPTO_ARCH_HAVE_LIB_CHACHA)) | |
88 | chacha_crypt_arch(state, dst, src, bytes, nrounds); | |
89 | else | |
90 | chacha_crypt_generic(state, dst, src, bytes, nrounds); | |
91 | } | |
92 | ||
93 | static inline void chacha20_crypt(u32 *state, u8 *dst, const u8 *src, | |
94 | unsigned int bytes) | |
95 | { | |
96 | chacha_crypt(state, dst, src, bytes, 20); | |
97 | } | |
1ca1b917 EB |
98 | |
99 | #endif /* _CRYPTO_CHACHA_H */ |