crypto: salsa20-generic - cleanup and convert to skcipher API

 *

 *

 */

 */

#include <linux/init.h>

#include <asm/unaligned.h>

#include <crypto/internal/skcipher.h>

#include <linux/module.h>

#include <linux/module.h>

#include <linux/errno.h>

#include <linux/crypto.h>

#include <linux/types.h>

#include <linux/bitops.h>

#include <crypto/algapi.h>

#include <asm/byteorder.h>

#define SALSA20_IV_SIZE        8U

#define SALSA20_IV_SIZE        8

#define SALSA20_MIN_KEY_SIZE  16U

#define SALSA20_MIN_KEY_SIZE  16

#define SALSA20_MAX_KEY_SIZE  32U

#define SALSA20_MAX_KEY_SIZE  32

#define SALSA20_BLOCK_SIZE    64

/*

struct salsa20_ctx {

 * Start of code taken from D. J. Bernstein's reference implementation.

	u32 initial_state[16];

 * With some modifications and optimizations made to suit our needs.

 */

/*

salsa20-ref.c version 20051118

D. J. Bernstein

Public domain.

*/

#define U32TO8_LITTLE(p, v) \

	{ (p)[0] = (v >>  0) & 0xff; (p)[1] = (v >>  8) & 0xff; \

	  (p)[2] = (v >> 16) & 0xff; (p)[3] = (v >> 24) & 0xff; }

#define U8TO32_LITTLE(p)   \

	(((u32)((p)[0])      ) | ((u32)((p)[1]) <<  8) | \

	 ((u32)((p)[2]) << 16) | ((u32)((p)[3]) << 24)   )

struct salsa20_ctx

{

	u32 input[16];

};

};

static void salsa20_wordtobyte(u8 output[64], const u32 input[16])

static void salsa20_block(u32 *state, __le32 *stream)

{

{

	u32 x[16];

	u32 x[16];

	int i;

	int i;

	memcpy(x, input, sizeof(x));

	memcpy(x, state, sizeof(x));

	for (i = 20; i > 0; i -= 2) {

	for (i = 0; i < 20; i += 2) {

		x[ 4] ^= rol32((x[ 0] + x[12]),  7);

		x[ 4] ^= rol32((x[ 0] + x[12]),  7);

		x[ 8] ^= rol32((x[ 4] + x[ 0]),  9);

		x[ 8] ^= rol32((x[ 4] + x[ 0]),  9);

		x[12] ^= rol32((x[ 8] + x[ 4]), 13);

		x[12] ^= rol32((x[ 8] + x[ 4]), 13);

		x[14] ^= rol32((x[13] + x[12]), 13);

		x[14] ^= rol32((x[13] + x[12]), 13);

		x[15] ^= rol32((x[14] + x[13]), 18);

		x[15] ^= rol32((x[14] + x[13]), 18);

	}

	}

	for (i = 0; i < 16; ++i)

		x[i] += input[i];

	for (i = 0; i < 16; ++i)

		U32TO8_LITTLE(output + 4 * i,x[i]);

}

static const char sigma[16] = "expand 32-byte k";

	for (i = 0; i < 16; i++)

static const char tau[16] = "expand 16-byte k";

		stream[i] = cpu_to_le32(x[i] + state[i]);

	if (++state[8] == 0)

		state[9]++;

}

static void salsa20_keysetup(struct salsa20_ctx *ctx, const u8 *k, u32 kbytes)

static void salsa20_docrypt(u32 *state, u8 *dst, const u8 *src,

			    unsigned int bytes)

{

{

	const char *constants;

	__le32 stream[SALSA20_BLOCK_SIZE / sizeof(__le32)];

	ctx->input[1] = U8TO32_LITTLE(k + 0);

	if (dst != src)

	ctx->input[2] = U8TO32_LITTLE(k + 4);

		memcpy(dst, src, bytes);

	ctx->input[3] = U8TO32_LITTLE(k + 8);

	ctx->input[4] = U8TO32_LITTLE(k + 12);

	while (bytes >= SALSA20_BLOCK_SIZE) {

	if (kbytes == 32) { /* recommended */

		salsa20_block(state, stream);

		k += 16;

		crypto_xor(dst, (const u8 *)stream, SALSA20_BLOCK_SIZE);

		constants = sigma;

		bytes -= SALSA20_BLOCK_SIZE;

	} else { /* kbytes == 16 */

		dst += SALSA20_BLOCK_SIZE;

		constants = tau;

	}

	if (bytes) {

		salsa20_block(state, stream);

		crypto_xor(dst, (const u8 *)stream, bytes);

	}

	}

	ctx->input[11] = U8TO32_LITTLE(k + 0);

	ctx->input[12] = U8TO32_LITTLE(k + 4);

	ctx->input[13] = U8TO32_LITTLE(k + 8);

	ctx->input[14] = U8TO32_LITTLE(k + 12);

	ctx->input[0] = U8TO32_LITTLE(constants + 0);

	ctx->input[5] = U8TO32_LITTLE(constants + 4);

	ctx->input[10] = U8TO32_LITTLE(constants + 8);

	ctx->input[15] = U8TO32_LITTLE(constants + 12);

}

}

static void salsa20_ivsetup(struct salsa20_ctx *ctx, const u8 *iv)

static void salsa20_init(u32 *state, const struct salsa20_ctx *ctx,

			 const u8 *iv)

{

{

	ctx->input[6] = U8TO32_LITTLE(iv + 0);

	memcpy(state, ctx->initial_state, sizeof(ctx->initial_state));

	ctx->input[7] = U8TO32_LITTLE(iv + 4);

	state[6] = get_unaligned_le32(iv + 0);

	ctx->input[8] = 0;

	state[7] = get_unaligned_le32(iv + 4);

	ctx->input[9] = 0;

}

}

static void salsa20_encrypt_bytes(struct salsa20_ctx *ctx, u8 *dst,

static int salsa20_setkey(struct crypto_skcipher *tfm, const u8 *key,

				  const u8 *src, unsigned int bytes)

			  unsigned int keysize)

{

{

	u8 buf[64];

	static const char sigma[16] = "expand 32-byte k";

	static const char tau[16] = "expand 16-byte k";

	if (dst != src)

	struct salsa20_ctx *ctx = crypto_skcipher_ctx(tfm);

		memcpy(dst, src, bytes);

	const char *constants;

	while (bytes) {

		salsa20_wordtobyte(buf, ctx->input);

		ctx->input[8]++;

	if (keysize != SALSA20_MIN_KEY_SIZE &&

		if (!ctx->input[8])

	    keysize != SALSA20_MAX_KEY_SIZE)

			ctx->input[9]++;

		return -EINVAL;

		if (bytes <= 64) {

	ctx->initial_state[1] = get_unaligned_le32(key + 0);

			crypto_xor(dst, buf, bytes);

	ctx->initial_state[2] = get_unaligned_le32(key + 4);

			return;

	ctx->initial_state[3] = get_unaligned_le32(key + 8);

	ctx->initial_state[4] = get_unaligned_le32(key + 12);

	if (keysize == 32) { /* recommended */

		key += 16;

		constants = sigma;

	} else { /* keysize == 16 */

		constants = tau;

	}

	}

	ctx->initial_state[11] = get_unaligned_le32(key + 0);

	ctx->initial_state[12] = get_unaligned_le32(key + 4);

	ctx->initial_state[13] = get_unaligned_le32(key + 8);

	ctx->initial_state[14] = get_unaligned_le32(key + 12);

	ctx->initial_state[0]  = get_unaligned_le32(constants + 0);

	ctx->initial_state[5]  = get_unaligned_le32(constants + 4);

	ctx->initial_state[10] = get_unaligned_le32(constants + 8);

	ctx->initial_state[15] = get_unaligned_le32(constants + 12);

		crypto_xor(dst, buf, 64);

	/* space for the nonce; it will be overridden for each request */

		bytes -= 64;

	ctx->initial_state[6] = 0;

		dst += 64;

	ctx->initial_state[7] = 0;

	}

}

/*

	/* initial block number */

 * End of code taken from D. J. Bernstein's reference implementation.

	ctx->initial_state[8] = 0;

 */

	ctx->initial_state[9] = 0;

static int setkey(struct crypto_tfm *tfm, const u8 *key,

		  unsigned int keysize)

{

	struct salsa20_ctx *ctx = crypto_tfm_ctx(tfm);

	salsa20_keysetup(ctx, key, keysize);

	return 0;

	return 0;

}

}

static int encrypt(struct blkcipher_desc *desc,

static int salsa20_crypt(struct skcipher_request *req)

		   struct scatterlist *dst, struct scatterlist *src,

		   unsigned int nbytes)

{

{

	struct blkcipher_walk walk;

	struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req);

	struct crypto_blkcipher *tfm = desc->tfm;

	const struct salsa20_ctx *ctx = crypto_skcipher_ctx(tfm);

	struct salsa20_ctx *ctx = crypto_blkcipher_ctx(tfm);

	struct skcipher_walk walk;

	u32 state[16];

	int err;

	int err;

	blkcipher_walk_init(&walk, dst, src, nbytes);

	err = skcipher_walk_virt(&walk, req, true);

	err = blkcipher_walk_virt_block(desc, &walk, 64);

	salsa20_ivsetup(ctx, walk.iv);

	salsa20_init(state, ctx, walk.iv);

	while (walk.nbytes >= 64) {

	while (walk.nbytes > 0) {

		salsa20_encrypt_bytes(ctx, walk.dst.virt.addr,

		unsigned int nbytes = walk.nbytes;

				      walk.src.virt.addr,

				      walk.nbytes - (walk.nbytes % 64));

		if (nbytes < walk.total)

		err = blkcipher_walk_done(desc, &walk, walk.nbytes % 64);

			nbytes = round_down(nbytes, walk.stride);

	}

	if (walk.nbytes) {

		salsa20_docrypt(state, walk.dst.virt.addr, walk.src.virt.addr,

		salsa20_encrypt_bytes(ctx, walk.dst.virt.addr,

				nbytes);

				      walk.src.virt.addr, walk.nbytes);

		err = skcipher_walk_done(&walk, walk.nbytes - nbytes);

		err = blkcipher_walk_done(desc, &walk, 0);

	}

	}

	return err;

	return err;

}

}

static struct crypto_alg alg = {

static struct skcipher_alg alg = {

	.cra_name           =   "salsa20",

	.base.cra_name		= "salsa20",

	.cra_driver_name    =   "salsa20-generic",

	.base.cra_driver_name	= "salsa20-generic",

	.cra_priority       =   100,

	.base.cra_priority	= 100,

	.cra_flags          =   CRYPTO_ALG_TYPE_BLKCIPHER,

	.base.cra_blocksize	= 1,

	.cra_type           =   &crypto_blkcipher_type,

	.base.cra_ctxsize	= sizeof(struct salsa20_ctx),

	.cra_blocksize      =   1,

	.base.cra_module	= THIS_MODULE,

	.cra_ctxsize        =   sizeof(struct salsa20_ctx),

	.cra_alignmask      =	3,

	.cra_module         =   THIS_MODULE,

	.cra_u              =   {

		.blkcipher = {

			.setkey         =   setkey,

			.encrypt        =   encrypt,

			.decrypt        =   encrypt,

	.min_keysize		= SALSA20_MIN_KEY_SIZE,

	.min_keysize		= SALSA20_MIN_KEY_SIZE,

	.max_keysize		= SALSA20_MAX_KEY_SIZE,

	.max_keysize		= SALSA20_MAX_KEY_SIZE,

	.ivsize			= SALSA20_IV_SIZE,

	.ivsize			= SALSA20_IV_SIZE,

		}

	.chunksize		= SALSA20_BLOCK_SIZE,

	}

	.setkey			= salsa20_setkey,

	.encrypt		= salsa20_crypt,

	.decrypt		= salsa20_crypt,

};

};

static int __init salsa20_generic_mod_init(void)

static int __init salsa20_generic_mod_init(void)

{

{

	return crypto_register_alg(&alg);

	return crypto_register_skcipher(&alg);

}

}

static void __exit salsa20_generic_mod_fini(void)

static void __exit salsa20_generic_mod_fini(void)

{

{

	crypto_unregister_alg(&alg);

	crypto_unregister_skcipher(&alg);

}

}

module_init(salsa20_generic_mod_init);

module_init(salsa20_generic_mod_init);