aboutsummaryrefslogtreecommitdiffstats
path: root/target/linux/generic/backport-5.4/080-wireguard-0036-crypto-lib-chacha20poly1305-use-chacha20_crypt.patch
blob: 6ad20b999e16d9b02fe23bfc8e5cb510cfe39a38 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Eric Biggers <ebiggers@google.com>
Date: Sun, 17 Nov 2019 23:22:16 -0800
Subject: [PATCH] crypto: lib/chacha20poly1305 - use chacha20_crypt()

commit 413808b71e6204b0cc1eeaa77960f7c3cd381d33 upstream.

Use chacha20_crypt() instead of chacha_crypt(), since it's not really
appropriate for users of the ChaCha library API to be passing the number
of rounds as an argument.

Signed-off-by: Eric Biggers <ebiggers@google.com>
Acked-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
---
 lib/crypto/chacha20poly1305.c | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

--- a/lib/crypto/chacha20poly1305.c
+++ b/lib/crypto/chacha20poly1305.c
@@ -66,14 +66,14 @@ __chacha20poly1305_encrypt(u8 *dst, cons
 		__le64 lens[2];
 	} b;
 
-	chacha_crypt(chacha_state, b.block0, pad0, sizeof(b.block0), 20);
+	chacha20_crypt(chacha_state, b.block0, pad0, sizeof(b.block0));
 	poly1305_init(&poly1305_state, b.block0);
 
 	poly1305_update(&poly1305_state, ad, ad_len);
 	if (ad_len & 0xf)
 		poly1305_update(&poly1305_state, pad0, 0x10 - (ad_len & 0xf));
 
-	chacha_crypt(chacha_state, dst, src, src_len, 20);
+	chacha20_crypt(chacha_state, dst, src, src_len);
 
 	poly1305_update(&poly1305_state, dst, src_len);
 	if (src_len & 0xf)
@@ -140,7 +140,7 @@ __chacha20poly1305_decrypt(u8 *dst, cons
 	if (unlikely(src_len < POLY1305_DIGEST_SIZE))
 		return false;
 
-	chacha_crypt(chacha_state, b.block0, pad0, sizeof(b.block0), 20);
+	chacha20_crypt(chacha_state, b.block0, pad0, sizeof(b.block0));
 	poly1305_init(&poly1305_state, b.block0);
 
 	poly1305_update(&poly1305_state, ad, ad_len);
@@ -160,7 +160,7 @@ __chacha20poly1305_decrypt(u8 *dst, cons
 
 	ret = crypto_memneq(b.mac, src + dst_len, POLY1305_DIGEST_SIZE);
 	if (likely(!ret))
-		chacha_crypt(chacha_state, dst, src, dst_len, 20);
+		chacha20_crypt(chacha_state, dst, src, dst_len);
 
 	memzero_explicit(&b, sizeof(b));
 
@@ -241,7 +241,7 @@ bool chacha20poly1305_crypt_sg_inplace(s
 	b.iv[1] = cpu_to_le64(nonce);
 
 	chacha_init(chacha_state, b.k, (u8 *)b.iv);
-	chacha_crypt(chacha_state, b.block0, pad0, sizeof(b.block0), 20);
+	chacha20_crypt(chacha_state, b.block0, pad0, sizeof(b.block0));
 	poly1305_init(&poly1305_state, b.block0);
 
 	if (unlikely(ad_len)) {
@@ -278,14 +278,14 @@ bool chacha20poly1305_crypt_sg_inplace(s
 
 			if (unlikely(length < sl))
 				l &= ~(CHACHA_BLOCK_SIZE - 1);
-			chacha_crypt(chacha_state, addr, addr, l, 20);
+			chacha20_crypt(chacha_state, addr, addr, l);
 			addr += l;
 			length -= l;
 		}
 
 		if (unlikely(length > 0)) {
-			chacha_crypt(chacha_state, b.chacha_stream, pad0,
-				     CHACHA_BLOCK_SIZE, 20);
+			chacha20_crypt(chacha_state, b.chacha_stream, pad0,
+				       CHACHA_BLOCK_SIZE);
 			crypto_xor(addr, b.chacha_stream, length);
 			partial = length;
 		}