chacha.h source code [linux/include/crypto/chacha.h]

1	/ SPDX-License-Identifier: GPL-2.0 /
2	/*
3	* Common values and helper functions for the ChaCha and XChaCha stream ciphers.
4	*
5	* XChaCha extends ChaCha's nonce to 192 bits, while provably retaining ChaCha's
6	* security. Here they share the same key size, tfm context, and setkey
7	* function; only their IV size and encrypt/decrypt function differ.
8	*
9	* The ChaCha paper specifies 20, 12, and 8-round variants. In general, it is
10	* recommended to use the 20-round variant ChaCha20. However, the other
11	* variants can be needed in some performance-sensitive scenarios. The generic
12	* ChaCha code currently allows only the 20 and 12-round variants.
13	*/
14
15	#ifndef _CRYPTO_CHACHA_H
16	#define _CRYPTO_CHACHA_H
17
18	#include <asm/unaligned.h>
19	#include <linux/types.h>
20
21	/ 32-bit stream position, then 96-bit nonce (RFC7539 convention) /
22	#define CHACHA_IV_SIZE 16
23
24	#define CHACHA_KEY_SIZE 32
25	#define CHACHA_BLOCK_SIZE 64
26	#define CHACHAPOLY_IV_SIZE 12
27
28	#define CHACHA_STATE_WORDS (CHACHA_BLOCK_SIZE / sizeof(u32))
29
30	/ 192-bit nonce, then 64-bit stream position /
31	#define XCHACHA_IV_SIZE 32
32
33	void chacha_block_generic(u32 state, u8 stream, int nrounds);
34	static inline void chacha20_block(u32 state, u8 stream)
35	{
36	chacha_block_generic(state, stream, nrounds: `20`);
37	}
38
39	void hchacha_block_arch(const u32 state, u32 out, int nrounds);
40	void hchacha_block_generic(const u32 state, u32 out, int nrounds);
41
42	static inline void hchacha_block(const u32 state, u32 out, int nrounds)
43	{
44	if (IS_ENABLED(CONFIG_CRYPTO_ARCH_HAVE_LIB_CHACHA))
45	hchacha_block_arch(state, out, nrounds);
46	else
47	hchacha_block_generic(state, out, nrounds);
48	}
49
50	enum chacha_constants { / expand 32-byte k /
51	CHACHA_CONSTANT_EXPA = `0x61707865U`,
52	CHACHA_CONSTANT_ND_3 = `0x3320646eU`,
53	CHACHA_CONSTANT_2_BY = `0x79622d32U`,
54	CHACHA_CONSTANT_TE_K = `0x6b206574U`
55	};
56
57	static inline void chacha_init_consts(u32 *state)
58	{
59	state[`0`] = CHACHA_CONSTANT_EXPA;
60	state[`1`] = CHACHA_CONSTANT_ND_3;
61	state[`2`] = CHACHA_CONSTANT_2_BY;
62	state[`3`] = CHACHA_CONSTANT_TE_K;
63	}
64
65	void chacha_init_arch(u32 state, const* u32 key, const* u8 *iv);
66	static inline void chacha_init_generic(u32 state, const* u32 key, const* u8 *iv)
67	{
68	chacha_init_consts(state);
69	state[`4`] = key[`0`];
70	state[`5`] = key[`1`];
71	state[`6`] = key[`2`];
72	state[`7`] = key[`3`];
73	state[`8`] = key[`4`];
74	state[`9`] = key[`5`];
75	state[`10`] = key[`6`];
76	state[`11`] = key[`7`];
77	state[`12`] = get_unaligned_le32(p: iv + `0`);
78	state[`13`] = get_unaligned_le32(p: iv + `4`);
79	state[`14`] = get_unaligned_le32(p: iv + `8`);
80	state[`15`] = get_unaligned_le32(p: iv + `12`);
81	}
82
83	static inline void chacha_init(u32 state, const* u32 key, const* u8 *iv)
84	{
85	if (IS_ENABLED(CONFIG_CRYPTO_ARCH_HAVE_LIB_CHACHA))
86	chacha_init_arch(state, key, iv);
87	else
88	chacha_init_generic(state, key, iv);
89	}
90
91	void chacha_crypt_arch(u32 state, u8 dst, const u8 *src,
92	unsigned int bytes, int nrounds);
93	void chacha_crypt_generic(u32 state, u8 dst, const u8 *src,
94	unsigned int bytes, int nrounds);
95
96	static inline void chacha_crypt(u32 state, u8 dst, const u8 *src,
97	unsigned int bytes, int nrounds)
98	{
99	if (IS_ENABLED(CONFIG_CRYPTO_ARCH_HAVE_LIB_CHACHA))
100	chacha_crypt_arch(state, dst, src, bytes, nrounds);
101	else
102	chacha_crypt_generic(state, dst, src, bytes, nrounds);
103	}
104
105	static inline void chacha20_crypt(u32 state, u8 dst, const u8 *src,
106	unsigned int bytes)
107	{
108	chacha_crypt(state, dst, src, bytes, nrounds: `20`);
109	}
110
111	#endif /* _CRYPTO_CHACHA_H */
112

source code of linux/include/crypto/chacha.h