BACKPORT, FROMGIT: crypto: arm/chacha - add XChaCha12 support

Now that the 32-bit ARM NEON implementation of ChaCha20 and XChaCha20
has been refactored to support varying the number of rounds, add support
for XChaCha12.  This is identical to XChaCha20 except for the number of
rounds, which is 12 instead of 20.

XChaCha12 is faster than XChaCha20 but has a lower security margin,
though still greater than AES-256's since the best known attacks make it
through only 7 rounds.  See the patch "crypto: chacha - add XChaCha12
support" for more details about why we need XChaCha12 support.

Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
(cherry picked from commit bdb063a79f6da589af1de3f10a7c8f654fba9ae8
 https://git.kernel.org/pub/scm/linux/kernel/git/herbert/cryptodev-2.6.git master)

Conflicts:
	arch/arm/crypto/chacha-neon-glue.c

Bug: 112008522
Test: As series, see Ic61c13b53facfd2173065be715a7ee5f3af8760b
Change-Id: I08fba7f6f8bc9f1d08a75f5e6f6b73ceba6b8109
Signed-off-by: Eric Biggers <ebiggers@google.com>

diff --git a/arch/arm/crypto/Kconfig b/arch/arm/crypto/Kconfig
index 5f95502..556f9d8 100644 (file)
--- a/arch/arm/crypto/Kconfig
+++ b/arch/arm/crypto/Kconfig
@@ -112,7 +112,7 @@ config CRYPTO_GHASH_ARM_CE
          that is part of the ARMv8 Crypto Extensions
 
 config CRYPTO_CHACHA20_NEON
-       tristate "NEON accelerated ChaCha20 stream cipher algorithms"
+       tristate "NEON accelerated ChaCha stream cipher algorithms"
        depends on KERNEL_MODE_NEON
        select CRYPTO_BLKCIPHER
        select CRYPTO_CHACHA20

diff --git a/arch/arm/crypto/chacha-neon-glue.c b/arch/arm/crypto/chacha-neon-glue.c
index 4b488f9..14cc6b0 100644 (file)
--- a/arch/arm/crypto/chacha-neon-glue.c
+++ b/arch/arm/crypto/chacha-neon-glue.c
@@ -1,5 +1,6 @@
 /*
- * ChaCha20 (RFC7539) and XChaCha20 stream ciphers, NEON accelerated
+ * ARM NEON accelerated ChaCha and XChaCha stream ciphers,
+ * including ChaCha20 (RFC7539)
  *
  * Copyright (C) 2016 Linaro, Ltd. <ard.biesheuvel@linaro.org>
  *
@@ -174,6 +175,27 @@ static struct crypto_alg algs[] = {
                                .decrypt        = xchacha_neon,
                        },
                },
+       }, {
+               .cra_name               = "xchacha12",
+               .cra_driver_name        = "xchacha12-neon",
+               .cra_priority           = 300,
+               .cra_flags              = CRYPTO_ALG_TYPE_BLKCIPHER,
+               .cra_blocksize          = 1,
+               .cra_type               = &crypto_blkcipher_type,
+               .cra_ctxsize            = sizeof(struct chacha_ctx),
+               .cra_alignmask          = sizeof(u32) - 1,
+               .cra_module             = THIS_MODULE,
+               .cra_u                  = {
+                       .blkcipher = {
+                               .min_keysize    = CHACHA_KEY_SIZE,
+                               .max_keysize    = CHACHA_KEY_SIZE,
+                               .ivsize         = XCHACHA_IV_SIZE,
+                               .geniv          = "seqiv",
+                               .setkey         = crypto_chacha12_setkey,
+                               .encrypt        = xchacha_neon,
+                               .decrypt        = xchacha_neon,
+                       },
+               },
        },
 };
 
@@ -200,3 +222,5 @@ MODULE_ALIAS_CRYPTO("chacha20");
 MODULE_ALIAS_CRYPTO("chacha20-neon");
 MODULE_ALIAS_CRYPTO("xchacha20");
 MODULE_ALIAS_CRYPTO("xchacha20-neon");
+MODULE_ALIAS_CRYPTO("xchacha12");
+MODULE_ALIAS_CRYPTO("xchacha12-neon");