1 | /* SPDX-License-Identifier: GPL-2.0 */ |
2 | /* |
3 | * Common values and helper functions for the ChaCha and XChaCha stream ciphers. |
4 | * |
5 | * XChaCha extends ChaCha's nonce to 192 bits, while provably retaining ChaCha's |
6 | * security. Here they share the same key size, tfm context, and setkey |
7 | * function; only their IV size and encrypt/decrypt function differ. |
8 | * |
9 | * The ChaCha paper specifies 20, 12, and 8-round variants. In general, it is |
10 | * recommended to use the 20-round variant ChaCha20. However, the other |
11 | * variants can be needed in some performance-sensitive scenarios. The generic |
12 | * ChaCha code currently allows only the 20 and 12-round variants. |
13 | */ |
14 | |
15 | #ifndef _CRYPTO_CHACHA_H |
16 | #define _CRYPTO_CHACHA_H |
17 | |
18 | #include <asm/unaligned.h> |
19 | #include <linux/types.h> |
20 | |
21 | /* 32-bit stream position, then 96-bit nonce (RFC7539 convention) */ |
22 | #define CHACHA_IV_SIZE 16 |
23 | |
24 | #define CHACHA_KEY_SIZE 32 |
25 | #define CHACHA_BLOCK_SIZE 64 |
26 | #define CHACHAPOLY_IV_SIZE 12 |
27 | |
28 | #define CHACHA_STATE_WORDS (CHACHA_BLOCK_SIZE / sizeof(u32)) |
29 | |
30 | /* 192-bit nonce, then 64-bit stream position */ |
31 | #define XCHACHA_IV_SIZE 32 |
32 | |
33 | void chacha_block_generic(u32 *state, u8 *stream, int nrounds); |
34 | static inline void chacha20_block(u32 *state, u8 *stream) |
35 | { |
36 | chacha_block_generic(state, stream, nrounds: 20); |
37 | } |
38 | |
39 | void hchacha_block_arch(const u32 *state, u32 *out, int nrounds); |
40 | void hchacha_block_generic(const u32 *state, u32 *out, int nrounds); |
41 | |
42 | static inline void hchacha_block(const u32 *state, u32 *out, int nrounds) |
43 | { |
44 | if (IS_ENABLED(CONFIG_CRYPTO_ARCH_HAVE_LIB_CHACHA)) |
45 | hchacha_block_arch(state, out, nrounds); |
46 | else |
47 | hchacha_block_generic(state, out, nrounds); |
48 | } |
49 | |
50 | enum chacha_constants { /* expand 32-byte k */ |
51 | CHACHA_CONSTANT_EXPA = 0x61707865U, |
52 | CHACHA_CONSTANT_ND_3 = 0x3320646eU, |
53 | CHACHA_CONSTANT_2_BY = 0x79622d32U, |
54 | CHACHA_CONSTANT_TE_K = 0x6b206574U |
55 | }; |
56 | |
57 | static inline void chacha_init_consts(u32 *state) |
58 | { |
59 | state[0] = CHACHA_CONSTANT_EXPA; |
60 | state[1] = CHACHA_CONSTANT_ND_3; |
61 | state[2] = CHACHA_CONSTANT_2_BY; |
62 | state[3] = CHACHA_CONSTANT_TE_K; |
63 | } |
64 | |
65 | void chacha_init_arch(u32 *state, const u32 *key, const u8 *iv); |
66 | static inline void chacha_init_generic(u32 *state, const u32 *key, const u8 *iv) |
67 | { |
68 | chacha_init_consts(state); |
69 | state[4] = key[0]; |
70 | state[5] = key[1]; |
71 | state[6] = key[2]; |
72 | state[7] = key[3]; |
73 | state[8] = key[4]; |
74 | state[9] = key[5]; |
75 | state[10] = key[6]; |
76 | state[11] = key[7]; |
77 | state[12] = get_unaligned_le32(p: iv + 0); |
78 | state[13] = get_unaligned_le32(p: iv + 4); |
79 | state[14] = get_unaligned_le32(p: iv + 8); |
80 | state[15] = get_unaligned_le32(p: iv + 12); |
81 | } |
82 | |
83 | static inline void chacha_init(u32 *state, const u32 *key, const u8 *iv) |
84 | { |
85 | if (IS_ENABLED(CONFIG_CRYPTO_ARCH_HAVE_LIB_CHACHA)) |
86 | chacha_init_arch(state, key, iv); |
87 | else |
88 | chacha_init_generic(state, key, iv); |
89 | } |
90 | |
91 | void chacha_crypt_arch(u32 *state, u8 *dst, const u8 *src, |
92 | unsigned int bytes, int nrounds); |
93 | void chacha_crypt_generic(u32 *state, u8 *dst, const u8 *src, |
94 | unsigned int bytes, int nrounds); |
95 | |
96 | static inline void chacha_crypt(u32 *state, u8 *dst, const u8 *src, |
97 | unsigned int bytes, int nrounds) |
98 | { |
99 | if (IS_ENABLED(CONFIG_CRYPTO_ARCH_HAVE_LIB_CHACHA)) |
100 | chacha_crypt_arch(state, dst, src, bytes, nrounds); |
101 | else |
102 | chacha_crypt_generic(state, dst, src, bytes, nrounds); |
103 | } |
104 | |
105 | static inline void chacha20_crypt(u32 *state, u8 *dst, const u8 *src, |
106 | unsigned int bytes) |
107 | { |
108 | chacha_crypt(state, dst, src, bytes, nrounds: 20); |
109 | } |
110 | |
111 | #endif /* _CRYPTO_CHACHA_H */ |
112 | |