From patchwork Sat Nov 17 01:26:26 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Biggers X-Patchwork-Id: 10687293 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id D5FED13BB for ; Sat, 17 Nov 2018 01:30:49 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id C50762C40B for ; Sat, 17 Nov 2018 01:30:49 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id B7FE82C45A; Sat, 17 Nov 2018 01:30:49 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-3.6 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,MAILING_LIST_MULTI,RCVD_IN_DNSWL_LOW autolearn=unavailable version=3.3.1 Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 28CD42C40B for ; Sat, 17 Nov 2018 01:30:49 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:Cc:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To: Message-Id:Date:Subject:To:From:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=WFO4tTYlOzAyYF3N/q90KbwWWOQHdyZLIZrmpKpbVP8=; b=KiQ/W7CQJXQ/99 rGb5SCRsZx99nlDRdMTJwWtIqxm2qZJsvrCaF4k7FKNjyktwLMk8nebhXG/8mpIbKzr/0M71tqwi9 lfrBrFmzj/pd2Y/r0LipqUyHWbzOKAKFid96amtdXEYT2aELFMYPS7aAUi01/XPVzr1iqk5jHR3Mc ZuqmxBesQEwOyPMqhI6IOj4UfgiEoQfUFBi8/F/S9SuDubPIgyNpu/b9RdPXJnTEe7F7YZBSvXG6c +YeTI8MNsIfLBgVyV+F2rhvAovnibiDqB4Fl67iRvJTj564148nxkrT3c+jHHjH6PnW3P1eaTleSz /R0tk9EnVWAgZnUjYwPQ==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.90_1 #2 (Red Hat Linux)) id 1gNpRe-0004MB-Bs; Sat, 17 Nov 2018 01:30:46 +0000 Received: from merlin.infradead.org ([2001:8b0:10b:1231::1]) by bombadil.infradead.org with esmtps (Exim 4.90_1 #2 (Red Hat Linux)) id 1gNpQE-0001he-Jw for linux-arm-kernel@bombadil.infradead.org; Sat, 17 Nov 2018 01:29:18 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=merlin.20170209; h=Content-Transfer-Encoding:MIME-Version: References:In-Reply-To:Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To: Content-Type:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help: List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=Oft9cJtsYNiYzlxKI8evfeK5TXALfKbC2BXppPal/Js=; b=jsCQfSF/vO79rm68HTTkb8T895 8w83xgZlFIlTy7t0XKclulUD6g5zJi9rKXcTwV8ntmwTMTIMVf1kpV3HncjAFMaIAhUa5k9KIykJr JRpfPiPKGLX+F28XHhC1mGYsp4usO3DKKv8dPcNVZxQ+BwuOihxSc0NPaTRxx/ggSDOH0xZHRg5FF 1RsCtHn6WWjFqqKFjlUtjXOV4cqGVbXkXaIFk+XCuxuHrI71p9mFXyRfvV7HV7oR5IaKBuRjudwIM upw1jbzHWmvm1kde/q30rvkDzVTsAF2YEisfE7whQai6FL3Y8Lh68oS0RGkD86EK7ShSfHx0Jch8u OvBaG6Cw==; Received: from mail.kernel.org ([198.145.29.99]) by merlin.infradead.org with esmtps (Exim 4.90_1 #2 (Red Hat Linux)) id 1gNpQB-0000Rg-EF for linux-arm-kernel@lists.infradead.org; Sat, 17 Nov 2018 01:29:16 +0000 Received: from ebiggers.mtv.corp.google.com (unknown [104.132.1.85]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 3633D214C1; Sat, 17 Nov 2018 01:28:53 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1542418133; bh=+ervPETGkti/VwKM7z90Ynte+hq6Bej6lSNk5xOd0j8=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=F5eLXGcIkocRUqKKqxcCsOqgCxTmVs5EjNDF9majCEx31rRuePjE0HnqLq8qVazCW Hu43UfZDo3/cLWf/pESEQBB6v7HnwxqkIqyfOcecxCubaE8aXVE/rOwXgslekObuTv /oDHqqV+cN5S8C7x+Gu9VzdBizh01YW0q44HAnRk= From: Eric Biggers To: linux-crypto@vger.kernel.org, Herbert Xu Subject: [PATCH v4 09/14] crypto: arm/chacha - add XChaCha12 support Date: Fri, 16 Nov 2018 17:26:26 -0800 Message-Id: <20181117012631.23528-10-ebiggers@kernel.org> X-Mailer: git-send-email 2.19.1.1215.g8438c0b245-goog In-Reply-To: <20181117012631.23528-1-ebiggers@kernel.org> References: <20181117012631.23528-1-ebiggers@kernel.org> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20181116_202915_690784_B5091922 X-CRM114-Status: GOOD ( 15.27 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: "Jason A . Donenfeld" , Greg Kaiser , Tomer Ashur , Eric Biggers , Samuel Neves , Ard Biesheuvel , linux-kernel@vger.kernel.org, linux-fscrypt@vger.kernel.org, linux-arm-kernel@lists.infradead.org, Paul Crowley Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org X-Virus-Scanned: ClamAV using ClamSMTP From: Eric Biggers Now that the 32-bit ARM NEON implementation of ChaCha20 and XChaCha20 has been refactored to support varying the number of rounds, add support for XChaCha12. This is identical to XChaCha20 except for the number of rounds, which is 12 instead of 20. XChaCha12 is faster than XChaCha20 but has a lower security margin, though still greater than AES-256's since the best known attacks make it through only 7 rounds. See the patch "crypto: chacha - add XChaCha12 support" for more details about why we need XChaCha12 support. Reviewed-by: Ard Biesheuvel Signed-off-by: Eric Biggers --- arch/arm/crypto/Kconfig | 2 +- arch/arm/crypto/chacha-neon-glue.c | 21 ++++++++++++++++++++- 2 files changed, 21 insertions(+), 2 deletions(-) diff --git a/arch/arm/crypto/Kconfig b/arch/arm/crypto/Kconfig index a08759c32cb9..59c674cf08ef 100644 --- a/arch/arm/crypto/Kconfig +++ b/arch/arm/crypto/Kconfig @@ -126,7 +126,7 @@ config CRYPTO_CRC32_ARM_CE select CRYPTO_HASH config CRYPTO_CHACHA20_NEON - tristate "NEON accelerated ChaCha20 stream cipher algorithms" + tristate "NEON accelerated ChaCha stream cipher algorithms" depends on KERNEL_MODE_NEON select CRYPTO_BLKCIPHER select CRYPTO_CHACHA20 diff --git a/arch/arm/crypto/chacha-neon-glue.c b/arch/arm/crypto/chacha-neon-glue.c index 385557d38634..9d6fda81986d 100644 --- a/arch/arm/crypto/chacha-neon-glue.c +++ b/arch/arm/crypto/chacha-neon-glue.c @@ -1,5 +1,6 @@ /* - * ChaCha20 (RFC7539) and XChaCha20 stream ciphers, NEON accelerated + * ARM NEON accelerated ChaCha and XChaCha stream ciphers, + * including ChaCha20 (RFC7539) * * Copyright (C) 2016 Linaro, Ltd. * @@ -154,6 +155,22 @@ static struct skcipher_alg algs[] = { .setkey = crypto_chacha20_setkey, .encrypt = xchacha_neon, .decrypt = xchacha_neon, + }, { + .base.cra_name = "xchacha12", + .base.cra_driver_name = "xchacha12-neon", + .base.cra_priority = 300, + .base.cra_blocksize = 1, + .base.cra_ctxsize = sizeof(struct chacha_ctx), + .base.cra_module = THIS_MODULE, + + .min_keysize = CHACHA_KEY_SIZE, + .max_keysize = CHACHA_KEY_SIZE, + .ivsize = XCHACHA_IV_SIZE, + .chunksize = CHACHA_BLOCK_SIZE, + .walksize = 4 * CHACHA_BLOCK_SIZE, + .setkey = crypto_chacha12_setkey, + .encrypt = xchacha_neon, + .decrypt = xchacha_neon, } }; @@ -180,3 +197,5 @@ MODULE_ALIAS_CRYPTO("chacha20"); MODULE_ALIAS_CRYPTO("chacha20-neon"); MODULE_ALIAS_CRYPTO("xchacha20"); MODULE_ALIAS_CRYPTO("xchacha20-neon"); +MODULE_ALIAS_CRYPTO("xchacha12"); +MODULE_ALIAS_CRYPTO("xchacha12-neon");