d540725871
Without this patch, the chacha block counter is not incremented on neon rounds, resulting in incorrect calculations and corrupt packets. This also switches to using `--no-numbered --zero-commit` so that future diffs are smaller. Reported-by: Hans Geiblinger <cybrnook2002@yahoo.com> Reviewed-by: Ilya Lipnitskiy <ilya.lipnitskiy@gmail.com> Cc: David Bauer <mail@david-bauer.net> Cc: Petr Štetiar <ynezz@true.cz> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
116 lines
3.9 KiB
Diff
116 lines
3.9 KiB
Diff
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
|
From: Ard Biesheuvel <ardb@kernel.org>
|
|
Date: Fri, 8 Nov 2019 13:22:18 +0100
|
|
Subject: [PATCH] crypto: chacha - unexport chacha_generic routines
|
|
|
|
commit 22cf705360707ced15f9fe5423938f313c7df536 upstream.
|
|
|
|
Now that all users of generic ChaCha code have moved to the core library,
|
|
there is no longer a need for the generic ChaCha skcpiher driver to
|
|
export parts of it implementation for reuse by other drivers. So drop
|
|
the exports, and make the symbols static.
|
|
|
|
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
|
|
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
|
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
---
|
|
crypto/chacha_generic.c | 26 ++++++++------------------
|
|
include/crypto/internal/chacha.h | 10 ----------
|
|
2 files changed, 8 insertions(+), 28 deletions(-)
|
|
|
|
--- a/crypto/chacha_generic.c
|
|
+++ b/crypto/chacha_generic.c
|
|
@@ -21,7 +21,7 @@ static int chacha_stream_xor(struct skci
|
|
|
|
err = skcipher_walk_virt(&walk, req, false);
|
|
|
|
- crypto_chacha_init(state, ctx, iv);
|
|
+ chacha_init_generic(state, ctx->key, iv);
|
|
|
|
while (walk.nbytes > 0) {
|
|
unsigned int nbytes = walk.nbytes;
|
|
@@ -37,36 +37,27 @@ static int chacha_stream_xor(struct skci
|
|
return err;
|
|
}
|
|
|
|
-void crypto_chacha_init(u32 *state, const struct chacha_ctx *ctx, const u8 *iv)
|
|
-{
|
|
- chacha_init_generic(state, ctx->key, iv);
|
|
-}
|
|
-EXPORT_SYMBOL_GPL(crypto_chacha_init);
|
|
-
|
|
-int crypto_chacha20_setkey(struct crypto_skcipher *tfm, const u8 *key,
|
|
- unsigned int keysize)
|
|
+static int crypto_chacha20_setkey(struct crypto_skcipher *tfm, const u8 *key,
|
|
+ unsigned int keysize)
|
|
{
|
|
return chacha_setkey(tfm, key, keysize, 20);
|
|
}
|
|
-EXPORT_SYMBOL_GPL(crypto_chacha20_setkey);
|
|
|
|
-int crypto_chacha12_setkey(struct crypto_skcipher *tfm, const u8 *key,
|
|
- unsigned int keysize)
|
|
+static int crypto_chacha12_setkey(struct crypto_skcipher *tfm, const u8 *key,
|
|
+ unsigned int keysize)
|
|
{
|
|
return chacha_setkey(tfm, key, keysize, 12);
|
|
}
|
|
-EXPORT_SYMBOL_GPL(crypto_chacha12_setkey);
|
|
|
|
-int crypto_chacha_crypt(struct skcipher_request *req)
|
|
+static int crypto_chacha_crypt(struct skcipher_request *req)
|
|
{
|
|
struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req);
|
|
struct chacha_ctx *ctx = crypto_skcipher_ctx(tfm);
|
|
|
|
return chacha_stream_xor(req, ctx, req->iv);
|
|
}
|
|
-EXPORT_SYMBOL_GPL(crypto_chacha_crypt);
|
|
|
|
-int crypto_xchacha_crypt(struct skcipher_request *req)
|
|
+static int crypto_xchacha_crypt(struct skcipher_request *req)
|
|
{
|
|
struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req);
|
|
struct chacha_ctx *ctx = crypto_skcipher_ctx(tfm);
|
|
@@ -75,7 +66,7 @@ int crypto_xchacha_crypt(struct skcipher
|
|
u8 real_iv[16];
|
|
|
|
/* Compute the subkey given the original key and first 128 nonce bits */
|
|
- crypto_chacha_init(state, ctx, req->iv);
|
|
+ chacha_init_generic(state, ctx->key, req->iv);
|
|
hchacha_block_generic(state, subctx.key, ctx->nrounds);
|
|
subctx.nrounds = ctx->nrounds;
|
|
|
|
@@ -86,7 +77,6 @@ int crypto_xchacha_crypt(struct skcipher
|
|
/* Generate the stream and XOR it with the data */
|
|
return chacha_stream_xor(req, &subctx, real_iv);
|
|
}
|
|
-EXPORT_SYMBOL_GPL(crypto_xchacha_crypt);
|
|
|
|
static struct skcipher_alg algs[] = {
|
|
{
|
|
--- a/include/crypto/internal/chacha.h
|
|
+++ b/include/crypto/internal/chacha.h
|
|
@@ -12,8 +12,6 @@ struct chacha_ctx {
|
|
int nrounds;
|
|
};
|
|
|
|
-void crypto_chacha_init(u32 *state, const struct chacha_ctx *ctx, const u8 *iv);
|
|
-
|
|
static inline int chacha_setkey(struct crypto_skcipher *tfm, const u8 *key,
|
|
unsigned int keysize, int nrounds)
|
|
{
|
|
@@ -42,12 +40,4 @@ static int inline chacha12_setkey(struct
|
|
return chacha_setkey(tfm, key, keysize, 12);
|
|
}
|
|
|
|
-int crypto_chacha20_setkey(struct crypto_skcipher *tfm, const u8 *key,
|
|
- unsigned int keysize);
|
|
-int crypto_chacha12_setkey(struct crypto_skcipher *tfm, const u8 *key,
|
|
- unsigned int keysize);
|
|
-
|
|
-int crypto_chacha_crypt(struct skcipher_request *req);
|
|
-int crypto_xchacha_crypt(struct skcipher_request *req);
|
|
-
|
|
#endif /* _CRYPTO_CHACHA_H */
|