~hc/RK356X_SDK_RELEASE.git

..	..	@@ -1,12 +1,8 @@
	1	+// SPDX-License-Identifier: GPL-2.0-or-later
1	2	/*
2	3	* ChaCha20-Poly1305 AEAD, RFC7539
3	4	*
4	5	* Copyright (C) 2015 Martin Willi
5		- *
6		- * This program is free software; you can redistribute it and/or modify
7		- * it under the terms of the GNU General Public License as published by
8		- * the Free Software Foundation; either version 2 of the License, or
9		- * (at your option) any later version.
10	6	*/
11	7
12	8	#include <crypto/internal/aead.h>
..	..	@@ -19,10 +15,6 @@
19	15	#include <linux/init.h>
20	16	#include <linux/kernel.h>
21	17	#include <linux/module.h>
22		-
23		-#include "internal.h"
24		-
25		-#define CHACHAPOLY_IV_SIZE 12
26	18
27	19	struct chachapoly_instance_ctx {
28	20	struct crypto_skcipher_spawn chacha;
..	..	@@ -141,14 +133,10 @@
141	133
142	134	chacha_iv(creq->iv, req, 1);
143	135
144		- sg_init_table(rctx->src, 2);
145	136	src = scatterwalk_ffwd(rctx->src, req->src, req->assoclen);
146	137	dst = src;
147		-
148		- if (req->src != req->dst) {
149		- sg_init_table(rctx->dst, 2);
	138	+ if (req->src != req->dst)
150	139	dst = scatterwalk_ffwd(rctx->dst, req->dst, req->assoclen);
151		- }
152	140
153	141	skcipher_request_set_callback(&creq->req, rctx->flags,
154	142	chacha_decrypt_done, req);
..	..	@@ -184,15 +172,11 @@
184	172	struct chachapoly_ctx *ctx = crypto_aead_ctx(tfm);
185	173	struct chachapoly_req_ctx *rctx = aead_request_ctx(req);
186	174	struct poly_req *preq = &rctx->u.poly;
187		- __le64 len;
188	175	int err;
189	176
190		- sg_init_table(preq->src, 1);
191		- len = cpu_to_le64(rctx->assoclen);
192		- memcpy(&preq->tail.assoclen, &len, sizeof(len));
193		- len = cpu_to_le64(rctx->cryptlen);
194		- memcpy(&preq->tail.cryptlen, &len, sizeof(len));
195		- sg_set_buf(preq->src, &preq->tail, sizeof(preq->tail));
	177	+ preq->tail.assoclen = cpu_to_le64(rctx->assoclen);
	178	+ preq->tail.cryptlen = cpu_to_le64(rctx->cryptlen);
	179	+ sg_init_one(preq->src, &preq->tail, sizeof(preq->tail));
196	180
197	181	ahash_request_set_callback(&preq->req, rctx->flags,
198	182	poly_tail_done, req);
..	..	@@ -217,13 +201,12 @@
217	201	struct chachapoly_ctx *ctx = crypto_aead_ctx(crypto_aead_reqtfm(req));
218	202	struct chachapoly_req_ctx *rctx = aead_request_ctx(req);
219	203	struct poly_req *preq = &rctx->u.poly;
220		- unsigned int padlen, bs = POLY1305_BLOCK_SIZE;
	204	+ unsigned int padlen;
221	205	int err;
222	206
223		- padlen = (bs - (rctx->cryptlen % bs)) % bs;
	207	+ padlen = -rctx->cryptlen % POLY1305_BLOCK_SIZE;
224	208	memset(preq->pad, 0, sizeof(preq->pad));
225		- sg_init_table(preq->src, 1);
226		- sg_set_buf(preq->src, &preq->pad, padlen);
	209	+ sg_init_one(preq->src, preq->pad, padlen);
227	210
228	211	ahash_request_set_callback(&preq->req, rctx->flags,
229	212	poly_cipherpad_done, req);
..	..	@@ -253,7 +236,6 @@
253	236	if (rctx->cryptlen == req->cryptlen) /* encrypting */
254	237	crypt = req->dst;
255	238
256		- sg_init_table(rctx->src, 2);
257	239	crypt = scatterwalk_ffwd(rctx->src, crypt, req->assoclen);
258	240
259	241	ahash_request_set_callback(&preq->req, rctx->flags,
..	..	@@ -278,13 +260,12 @@
278	260	struct chachapoly_ctx *ctx = crypto_aead_ctx(crypto_aead_reqtfm(req));
279	261	struct chachapoly_req_ctx *rctx = aead_request_ctx(req);
280	262	struct poly_req *preq = &rctx->u.poly;
281		- unsigned int padlen, bs = POLY1305_BLOCK_SIZE;
	263	+ unsigned int padlen;
282	264	int err;
283	265
284		- padlen = (bs - (rctx->assoclen % bs)) % bs;
	266	+ padlen = -rctx->assoclen % POLY1305_BLOCK_SIZE;
285	267	memset(preq->pad, 0, sizeof(preq->pad));
286		- sg_init_table(preq->src, 1);
287		- sg_set_buf(preq->src, preq->pad, padlen);
	268	+ sg_init_one(preq->src, preq->pad, padlen);
288	269
289	270	ahash_request_set_callback(&preq->req, rctx->flags,
290	271	poly_adpad_done, req);
..	..	@@ -334,8 +315,7 @@
334	315	struct poly_req *preq = &rctx->u.poly;
335	316	int err;
336	317
337		- sg_init_table(preq->src, 1);
338		- sg_set_buf(preq->src, rctx->key, sizeof(rctx->key));
	318	+ sg_init_one(preq->src, rctx->key, sizeof(rctx->key));
339	319
340	320	ahash_request_set_callback(&preq->req, rctx->flags,
341	321	poly_setkey_done, req);
..	..	@@ -393,9 +373,8 @@
393	373	rctx->assoclen -= 8;
394	374	}
395	375
396		- sg_init_table(creq->src, 1);
397	376	memset(rctx->key, 0, sizeof(rctx->key));
398		- sg_set_buf(creq->src, rctx->key, sizeof(rctx->key));
	377	+ sg_init_one(creq->src, rctx->key, sizeof(rctx->key));
399	378
400	379	chacha_iv(creq->iv, req, 0);
401	380
..	..	@@ -430,14 +409,10 @@
430	409
431	410	chacha_iv(creq->iv, req, 1);
432	411
433		- sg_init_table(rctx->src, 2);
434	412	src = scatterwalk_ffwd(rctx->src, req->src, req->assoclen);
435	413	dst = src;
436		-
437		- if (req->src != req->dst) {
438		- sg_init_table(rctx->dst, 2);
	414	+ if (req->src != req->dst)
439	415	dst = scatterwalk_ffwd(rctx->dst, req->dst, req->assoclen);
440		- }
441	416
442	417	skcipher_request_set_callback(&creq->req, rctx->flags,
443	418	chacha_encrypt_done, req);
..	..	@@ -500,7 +475,6 @@
500	475	unsigned int keylen)
501	476	{
502	477	struct chachapoly_ctx *ctx = crypto_aead_ctx(aead);
503		- int err;
504	478
505	479	if (keylen != ctx->saltlen + CHACHA_KEY_SIZE)
506	480	return -EINVAL;
..	..	@@ -511,11 +485,7 @@
511	485	crypto_skcipher_clear_flags(ctx->chacha, CRYPTO_TFM_REQ_MASK);
512	486	crypto_skcipher_set_flags(ctx->chacha, crypto_aead_get_flags(aead) &
513	487	CRYPTO_TFM_REQ_MASK);
514		-
515		- err = crypto_skcipher_setkey(ctx->chacha, key, keylen);
516		- crypto_aead_set_flags(aead, crypto_skcipher_get_flags(ctx->chacha) &
517		- CRYPTO_TFM_RES_MASK);
518		- return err;
	488	+ return crypto_skcipher_setkey(ctx->chacha, key, keylen);
519	489	}
520	490
521	491	static int chachapoly_setauthsize(struct crypto_aead *tfm,
..	..	@@ -585,91 +555,63 @@
585	555	static int chachapoly_create(struct crypto_template tmpl, struct rtattr *tb,
586	556	const char *name, unsigned int ivsize)
587	557	{
588		- struct crypto_attr_type *algt;
	558	+ u32 mask;
589	559	struct aead_instance *inst;
590		- struct skcipher_alg *chacha;
591		- struct crypto_alg *poly;
592		- struct hash_alg_common *poly_hash;
593	560	struct chachapoly_instance_ctx *ctx;
594		- const char chacha_name, poly_name;
	561	+ struct skcipher_alg *chacha;
	562	+ struct hash_alg_common *poly;
595	563	int err;
596	564
597	565	if (ivsize > CHACHAPOLY_IV_SIZE)
598	566	return -EINVAL;
599	567
600		- algt = crypto_get_attr_type(tb);
601		- if (IS_ERR(algt))
602		- return PTR_ERR(algt);
	568	+ err = crypto_check_attr_type(tb, CRYPTO_ALG_TYPE_AEAD, &mask);
	569	+ if (err)
	570	+ return err;
603	571
604		- if ((algt->type ^ CRYPTO_ALG_TYPE_AEAD) & algt->mask)
605		- return -EINVAL;
606		-
607		- chacha_name = crypto_attr_alg_name(tb[1]);
608		- if (IS_ERR(chacha_name))
609		- return PTR_ERR(chacha_name);
610		- poly_name = crypto_attr_alg_name(tb[2]);
611		- if (IS_ERR(poly_name))
612		- return PTR_ERR(poly_name);
613		-
614		- poly = crypto_find_alg(poly_name, &crypto_ahash_type,
615		- CRYPTO_ALG_TYPE_HASH,
616		- CRYPTO_ALG_TYPE_AHASH_MASK \|
617		- crypto_requires_sync(algt->type,
618		- algt->mask));
619		- if (IS_ERR(poly))
620		- return PTR_ERR(poly);
621		- poly_hash = __crypto_hash_alg_common(poly);
622		-
623		- err = -EINVAL;
624		- if (poly_hash->digestsize != POLY1305_DIGEST_SIZE)
625		- goto out_put_poly;
626		-
627		- err = -ENOMEM;
628	572	inst = kzalloc(sizeof(inst) + sizeof(ctx), GFP_KERNEL);
629	573	if (!inst)
630		- goto out_put_poly;
631		-
	574	+ return -ENOMEM;
632	575	ctx = aead_instance_ctx(inst);
633	576	ctx->saltlen = CHACHAPOLY_IV_SIZE - ivsize;
634		- err = crypto_init_ahash_spawn(&ctx->poly, poly_hash,
635		- aead_crypto_instance(inst));
	577	+
	578	+ err = crypto_grab_skcipher(&ctx->chacha, aead_crypto_instance(inst),
	579	+ crypto_attr_alg_name(tb[1]), 0, mask);
636	580	if (err)
637	581	goto err_free_inst;
638		-
639		- crypto_set_skcipher_spawn(&ctx->chacha, aead_crypto_instance(inst));
640		- err = crypto_grab_skcipher(&ctx->chacha, chacha_name, 0,
641		- crypto_requires_sync(algt->type,
642		- algt->mask));
643		- if (err)
644		- goto err_drop_poly;
645		-
646	582	chacha = crypto_spawn_skcipher_alg(&ctx->chacha);
647	583
	584	+ err = crypto_grab_ahash(&ctx->poly, aead_crypto_instance(inst),
	585	+ crypto_attr_alg_name(tb[2]), 0, mask);
	586	+ if (err)
	587	+ goto err_free_inst;
	588	+ poly = crypto_spawn_ahash_alg(&ctx->poly);
	589	+
648	590	err = -EINVAL;
	591	+ if (poly->digestsize != POLY1305_DIGEST_SIZE)
	592	+ goto err_free_inst;
649	593	/* Need 16-byte IV size, including Initial Block Counter value */
650	594	if (crypto_skcipher_alg_ivsize(chacha) != CHACHA_IV_SIZE)
651		- goto out_drop_chacha;
	595	+ goto err_free_inst;
652	596	/* Not a stream cipher? */
653	597	if (chacha->base.cra_blocksize != 1)
654		- goto out_drop_chacha;
	598	+ goto err_free_inst;
655	599
656	600	err = -ENAMETOOLONG;
657	601	if (snprintf(inst->alg.base.cra_name, CRYPTO_MAX_ALG_NAME,
658	602	"%s(%s,%s)", name, chacha->base.cra_name,
659		- poly->cra_name) >= CRYPTO_MAX_ALG_NAME)
660		- goto out_drop_chacha;
	603	+ poly->base.cra_name) >= CRYPTO_MAX_ALG_NAME)
	604	+ goto err_free_inst;
661	605	if (snprintf(inst->alg.base.cra_driver_name, CRYPTO_MAX_ALG_NAME,
662	606	"%s(%s,%s)", name, chacha->base.cra_driver_name,
663		- poly->cra_driver_name) >= CRYPTO_MAX_ALG_NAME)
664		- goto out_drop_chacha;
	607	+ poly->base.cra_driver_name) >= CRYPTO_MAX_ALG_NAME)
	608	+ goto err_free_inst;
665	609
666		- inst->alg.base.cra_flags = (chacha->base.cra_flags \| poly->cra_flags) &
667		- CRYPTO_ALG_ASYNC;
668	610	inst->alg.base.cra_priority = (chacha->base.cra_priority +
669		- poly->cra_priority) / 2;
	611	+ poly->base.cra_priority) / 2;
670	612	inst->alg.base.cra_blocksize = 1;
671	613	inst->alg.base.cra_alignmask = chacha->base.cra_alignmask \|
672		- poly->cra_alignmask;
	614	+ poly->base.cra_alignmask;
673	615	inst->alg.base.cra_ctxsize = sizeof(struct chachapoly_ctx) +
674	616	ctx->saltlen;
675	617	inst->alg.ivsize = ivsize;
..	..	@@ -685,20 +627,11 @@
685	627	inst->free = chachapoly_free;
686	628
687	629	err = aead_register_instance(tmpl, inst);
688		- if (err)
689		- goto out_drop_chacha;
690		-
691		-out_put_poly:
692		- crypto_mod_put(poly);
693		- return err;
694		-
695		-out_drop_chacha:
696		- crypto_drop_skcipher(&ctx->chacha);
697		-err_drop_poly:
698		- crypto_drop_ahash(&ctx->poly);
	630	+ if (err) {
699	631	err_free_inst:
700		- kfree(inst);
701		- goto out_put_poly;
	632	+ chachapoly_free(inst);
	633	+ }
	634	+ return err;
702	635	}
703	636
704	637	static int rfc7539_create(struct crypto_template tmpl, struct rtattr *tb)
..	..	@@ -711,40 +644,31 @@
711	644	return chachapoly_create(tmpl, tb, "rfc7539esp", 8);
712	645	}
713	646
714		-static struct crypto_template rfc7539_tmpl = {
715		- .name = "rfc7539",
716		- .create = rfc7539_create,
717		- .module = THIS_MODULE,
718		-};
719		-
720		-static struct crypto_template rfc7539esp_tmpl = {
721		- .name = "rfc7539esp",
722		- .create = rfc7539esp_create,
723		- .module = THIS_MODULE,
	647	+static struct crypto_template rfc7539_tmpls[] = {
	648	+ {
	649	+ .name = "rfc7539",
	650	+ .create = rfc7539_create,
	651	+ .module = THIS_MODULE,
	652	+ }, {
	653	+ .name = "rfc7539esp",
	654	+ .create = rfc7539esp_create,
	655	+ .module = THIS_MODULE,
	656	+ },
724	657	};
725	658
726	659	static int __init chacha20poly1305_module_init(void)
727	660	{
728		- int err;
729		-
730		- err = crypto_register_template(&rfc7539_tmpl);
731		- if (err)
732		- return err;
733		-
734		- err = crypto_register_template(&rfc7539esp_tmpl);
735		- if (err)
736		- crypto_unregister_template(&rfc7539_tmpl);
737		-
738		- return err;
	661	+ return crypto_register_templates(rfc7539_tmpls,
	662	+ ARRAY_SIZE(rfc7539_tmpls));
739	663	}
740	664
741	665	static void __exit chacha20poly1305_module_exit(void)
742	666	{
743		- crypto_unregister_template(&rfc7539esp_tmpl);
744		- crypto_unregister_template(&rfc7539_tmpl);
	667	+ crypto_unregister_templates(rfc7539_tmpls,
	668	+ ARRAY_SIZE(rfc7539_tmpls));
745	669	}
746	670
747		-module_init(chacha20poly1305_module_init);
	671	+subsys_initcall(chacha20poly1305_module_init);
748	672	module_exit(chacha20poly1305_module_exit);
749	673
750	674	MODULE_LICENSE("GPL");