From: ebiggers@kernel.org (Eric Biggers)
To: linux-arm-kernel@lists.infradead.org
Subject: [PATCH v4 09/14] crypto: arm/chacha - add XChaCha12 support
Date: Fri, 16 Nov 2018 17:26:26 -0800 [thread overview]
Message-ID: <20181117012631.23528-10-ebiggers@kernel.org> (raw)
In-Reply-To: <20181117012631.23528-1-ebiggers@kernel.org>
From: Eric Biggers <ebiggers@google.com>
Now that the 32-bit ARM NEON implementation of ChaCha20 and XChaCha20
has been refactored to support varying the number of rounds, add support
for XChaCha12. This is identical to XChaCha20 except for the number of
rounds, which is 12 instead of 20.
XChaCha12 is faster than XChaCha20 but has a lower security margin,
though still greater than AES-256's since the best known attacks make it
through only 7 rounds. See the patch "crypto: chacha - add XChaCha12
support" for more details about why we need XChaCha12 support.
Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Eric Biggers <ebiggers@google.com>
---
arch/arm/crypto/Kconfig | 2 +-
arch/arm/crypto/chacha-neon-glue.c | 21 ++++++++++++++++++++-
2 files changed, 21 insertions(+), 2 deletions(-)
diff --git a/arch/arm/crypto/Kconfig b/arch/arm/crypto/Kconfig
index a08759c32cb9..59c674cf08ef 100644
--- a/arch/arm/crypto/Kconfig
+++ b/arch/arm/crypto/Kconfig
@@ -126,7 +126,7 @@ config CRYPTO_CRC32_ARM_CE
select CRYPTO_HASH
config CRYPTO_CHACHA20_NEON
- tristate "NEON accelerated ChaCha20 stream cipher algorithms"
+ tristate "NEON accelerated ChaCha stream cipher algorithms"
depends on KERNEL_MODE_NEON
select CRYPTO_BLKCIPHER
select CRYPTO_CHACHA20
diff --git a/arch/arm/crypto/chacha-neon-glue.c b/arch/arm/crypto/chacha-neon-glue.c
index 385557d38634..9d6fda81986d 100644
--- a/arch/arm/crypto/chacha-neon-glue.c
+++ b/arch/arm/crypto/chacha-neon-glue.c
@@ -1,5 +1,6 @@
/*
- * ChaCha20 (RFC7539) and XChaCha20 stream ciphers, NEON accelerated
+ * ARM NEON accelerated ChaCha and XChaCha stream ciphers,
+ * including ChaCha20 (RFC7539)
*
* Copyright (C) 2016 Linaro, Ltd. <ard.biesheuvel@linaro.org>
*
@@ -154,6 +155,22 @@ static struct skcipher_alg algs[] = {
.setkey = crypto_chacha20_setkey,
.encrypt = xchacha_neon,
.decrypt = xchacha_neon,
+ }, {
+ .base.cra_name = "xchacha12",
+ .base.cra_driver_name = "xchacha12-neon",
+ .base.cra_priority = 300,
+ .base.cra_blocksize = 1,
+ .base.cra_ctxsize = sizeof(struct chacha_ctx),
+ .base.cra_module = THIS_MODULE,
+
+ .min_keysize = CHACHA_KEY_SIZE,
+ .max_keysize = CHACHA_KEY_SIZE,
+ .ivsize = XCHACHA_IV_SIZE,
+ .chunksize = CHACHA_BLOCK_SIZE,
+ .walksize = 4 * CHACHA_BLOCK_SIZE,
+ .setkey = crypto_chacha12_setkey,
+ .encrypt = xchacha_neon,
+ .decrypt = xchacha_neon,
}
};
@@ -180,3 +197,5 @@ MODULE_ALIAS_CRYPTO("chacha20");
MODULE_ALIAS_CRYPTO("chacha20-neon");
MODULE_ALIAS_CRYPTO("xchacha20");
MODULE_ALIAS_CRYPTO("xchacha20-neon");
+MODULE_ALIAS_CRYPTO("xchacha12");
+MODULE_ALIAS_CRYPTO("xchacha12-neon");
--
2.19.1.1215.g8438c0b245-goog
next prev parent reply other threads:[~2018-11-17 1:26 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-11-17 1:26 [PATCH v4 00/14] crypto: Adiantum support Eric Biggers
2018-11-17 1:26 ` [PATCH v4 01/14] crypto: chacha20-generic - add HChaCha20 library function Eric Biggers
2018-11-17 1:26 ` [PATCH v4 02/14] crypto: chacha20-generic - don't unnecessarily use atomic walk Eric Biggers
2018-11-17 1:26 ` [PATCH v4 03/14] crypto: chacha20-generic - add XChaCha20 support Eric Biggers
2018-11-17 1:26 ` [PATCH v4 04/14] crypto: chacha20-generic - refactor to allow varying number of rounds Eric Biggers
2018-11-17 1:26 ` [PATCH v4 05/14] crypto: chacha - add XChaCha12 support Eric Biggers
2018-11-17 1:26 ` [PATCH v4 06/14] crypto: arm/chacha20 - limit the preemption-disabled section Eric Biggers
2018-11-17 1:26 ` [PATCH v4 07/14] crypto: arm/chacha20 - add XChaCha20 support Eric Biggers
2018-11-17 1:26 ` [PATCH v4 08/14] crypto: arm/chacha20 - refactor to allow varying number of rounds Eric Biggers
2018-11-17 1:26 ` Eric Biggers [this message]
2018-11-17 1:26 ` [PATCH v4 10/14] crypto: poly1305 - use structures for key and accumulator Eric Biggers
2018-11-17 1:43 ` Ard Biesheuvel
2018-11-17 1:26 ` [PATCH v4 11/14] crypto: poly1305 - add Poly1305 core API Eric Biggers
2018-11-17 1:50 ` Ard Biesheuvel
2018-11-17 1:26 ` [PATCH v4 12/14] crypto: nhpoly1305 - add NHPoly1305 support Eric Biggers
2018-11-17 1:52 ` Ard Biesheuvel
2018-11-17 1:26 ` [PATCH v4 13/14] crypto: arm/nhpoly1305 - add NEON-accelerated NHPoly1305 Eric Biggers
2018-11-17 2:00 ` Ard Biesheuvel
2018-11-17 1:26 ` [PATCH v4 14/14] crypto: adiantum - add Adiantum support Eric Biggers
2018-11-17 2:03 ` Ard Biesheuvel
2018-11-20 6:33 ` [PATCH v4 00/14] crypto: " Herbert Xu
2018-11-30 17:58 ` Eric Biggers
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20181117012631.23528-10-ebiggers@kernel.org \
--to=ebiggers@kernel.org \
--cc=linux-arm-kernel@lists.infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).