Received: by 2002:ac0:a5a7:0:0:0:0:0 with SMTP id m36-v6csp4040235imm;
        Mon, 6 Aug 2018 15:37:58 -0700 (PDT)
X-Google-Smtp-Source: AAOMgpdGSWASbuLlpTg0yaFXhG6XXKvt1v4mpspiV29EfcXgxrzxXoW2tV4F5ZP9LsoY9ynheXmt
X-Received: by 2002:a17:902:8697:: with SMTP id g23-v6mr15534087plo.292.1533595077962;
        Mon, 06 Aug 2018 15:37:57 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1533595077; cv=none;
        d=google.com; s=arc-20160816;
        b=MTqJwJYf0odYWVdu0/dP9VAc3wnMGR5KWNuG4EnzGm75I3txbX667NbCFq4xCByrma
         dK8M1XV7oljKpTJJc2/nQV9LPX2l9na2I1K9OGH3qGuG78kD9zSpn1aEtNPNTTjj3Hl2
         bl3z0EDvy2OrcNtI3yZ0EMJy2cFYFIc0Hj6BiLzRWYA3L92K8FDNudJcbbWbVh8S3SiT
         b19bdR2LFU8KiBvDWFOCitDJlj0IrrI0fwvfVZqhVioej9IqbXMxKoxY/5/unAm93aH2
         nEcE+j6a8deqH2TXBDhhHA8h0ROuZFoEgpUMpnQjdrZh7Mzwwdm9PuktrFTOxfK+SyPH
         wOsA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-transfer-encoding:mime-version
         :references:in-reply-to:message-id:date:subject:cc:to:from
         :dkim-signature:arc-authentication-results;
        bh=n/208IeeBpWZIQZv2Rf16eXaB/Mm3i6KHEprbbcOSRU=;
        b=uZzqnHJaH9ehMIyq05GZJBenujxifq28O9jCLnyu3XuP7nRNbdqE/ivJtVLERXLhbk
         vfp/C3SJrGY61j6+u1dKhd3hpXq4uuCXlK33i4qRrrrOrsr7TCuTC3vDc4Jh53qvdSlv
         qdoXBb3wBhxWagtq8ORt+zFvddGIcS+NZHN+w8wEf0GTeqIqIUFYW96tSkiPN4pTiePu
         TR9oZ3oiFyhcKzbB5+GbUy81vtC2nVFHUbwr6kE2M+pk2QhFVnZk3DOEW4mu2BuSiLqw
         YO37/g5oBh8vOfLeLx47iLcliE9+DGFfi5NgezN2cQkQRVIEkSU7lPKdvqRdbmWHtwx6
         C2Pw==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@kernel.org header.s=default header.b=qYduDkWn;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id s185-v6si4241131pgs.499.2018.08.06.15.37.43;
        Mon, 06 Aug 2018 15:37:57 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@kernel.org header.s=default header.b=qYduDkWn;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1733279AbeHGAqs (ORCPT <rfc822;carmate383@gmail.com>
        + 99 others); Mon, 6 Aug 2018 20:46:48 -0400
Received: from mail.kernel.org ([198.145.29.99]:45146 "EHLO mail.kernel.org"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1732382AbeHGAqN (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 6 Aug 2018 20:46:13 -0400
Received: from ebiggers-linuxstation.kir.corp.google.com (unknown [104.132.51.88])
        (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
        (No client certificate requested)
        by mail.kernel.org (Postfix) with ESMTPSA id 0C84321A70;
        Mon,  6 Aug 2018 22:35:00 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
        s=default; t=1533594900;
        bh=69ARqbIkf3tYzc5fBb5j9RP57lLwH6Z2F2ov684TlD4=;
        h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
        b=qYduDkWnyEZ+S6VEntCjnH80y/06iyBMxl6Ic8kdPFriGUyEGHdGpBmcMAhiXSApm
         YQv68HgHjfZJhxFnN9EQ4aXYoV1+XDNKfpm6qJhbukN5WPlYhtEJQc54SmPc+6AkeO
         VjdH9SGATxuiGybI9muumZomviP//yDpkJR2okzE=
From:   Eric Biggers <ebiggers@kernel.org>
To:     linux-crypto@vger.kernel.org
Cc:     linux-fscrypt@vger.kernel.org,
        linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org,
        Herbert Xu <herbert@gondor.apana.org.au>,
        Paul Crowley <paulcrowley@google.com>,
        Greg Kaiser <gkaiser@google.com>,
        Michael Halcrow <mhalcrow@google.com>,
        "Jason A . Donenfeld" <Jason@zx2c4.com>,
        Samuel Neves <samuel.c.p.neves@gmail.com>,
        Tomer Ashur <tomer.ashur@esat.kuleuven.be>,
        Eric Biggers <ebiggers@google.com>
Subject: [RFC PATCH 7/9] crypto: arm/chacha - add XChaCha12 support
Date:   Mon,  6 Aug 2018 15:32:58 -0700
Message-Id: <20180806223300.113891-8-ebiggers@kernel.org>
X-Mailer: git-send-email 2.18.0.597.ga71716f1ad-goog
In-Reply-To: <20180806223300.113891-1-ebiggers@kernel.org>
References: <20180806223300.113891-1-ebiggers@kernel.org>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

From: Eric Biggers <ebiggers@google.com>

Now that the 32-bit ARM NEON implementation of ChaCha20 and XChaCha20
has been refactored to support varying the number of rounds, add support
for XChaCha12.  This is identical to XChaCha20 except for the number of
rounds, which is reduced from 20 to 12.

As I explained in more detail in the patch which added XChaCha12 to the
generic code, "crypto: chacha - add XChaCha12 support", we'd prefer to
use XChaCha20, but unfortunately it is not fast enough for our use case.
Thus, we must settle for a reduced-round variant.  See that patch for a
more detailed explanation.

Signed-off-by: Eric Biggers <ebiggers@google.com>
---
 arch/arm/crypto/Kconfig            |  2 +-
 arch/arm/crypto/chacha-neon-glue.c | 21 ++++++++++++++++++++-
 2 files changed, 21 insertions(+), 2 deletions(-)

diff --git a/arch/arm/crypto/Kconfig b/arch/arm/crypto/Kconfig
index 896dcf142719..75c613413e31 100644
--- a/arch/arm/crypto/Kconfig
+++ b/arch/arm/crypto/Kconfig
@@ -116,7 +116,7 @@ config CRYPTO_CRC32_ARM_CE
 	select CRYPTO_HASH
 
 config CRYPTO_CHACHA20_NEON
-	tristate "NEON accelerated ChaCha20 stream cipher algorithms"
+	tristate "NEON accelerated ChaCha stream cipher algorithms"
 	depends on KERNEL_MODE_NEON
 	select CRYPTO_BLKCIPHER
 	select CRYPTO_CHACHA20
diff --git a/arch/arm/crypto/chacha-neon-glue.c b/arch/arm/crypto/chacha-neon-glue.c
index b236af4889c6..0b1b23822770 100644
--- a/arch/arm/crypto/chacha-neon-glue.c
+++ b/arch/arm/crypto/chacha-neon-glue.c
@@ -1,5 +1,6 @@
 /*
- * ChaCha20 (RFC7539) and XChaCha20 stream ciphers, NEON accelerated
+ * ARM NEON accelerated ChaCha and XChaCha stream ciphers,
+ * including ChaCha20 (RFC7539)
  *
  * Copyright (C) 2016 Linaro, Ltd. <ard.biesheuvel@linaro.org>
  *
@@ -160,6 +161,22 @@ static struct skcipher_alg algs[] = {
 		.setkey			= crypto_chacha20_setkey,
 		.encrypt		= xchacha_neon,
 		.decrypt		= xchacha_neon,
+	}, {
+		.base.cra_name		= "xchacha12",
+		.base.cra_driver_name	= "xchacha12-neon",
+		.base.cra_priority	= 300,
+		.base.cra_blocksize	= 1,
+		.base.cra_ctxsize	= sizeof(struct chacha_ctx),
+		.base.cra_module	= THIS_MODULE,
+
+		.min_keysize		= CHACHA_KEY_SIZE,
+		.max_keysize		= CHACHA_KEY_SIZE,
+		.ivsize			= XCHACHA_IV_SIZE,
+		.chunksize		= CHACHA_BLOCK_SIZE,
+		.walksize		= 4 * CHACHA_BLOCK_SIZE,
+		.setkey			= crypto_chacha12_setkey,
+		.encrypt		= xchacha_neon,
+		.decrypt		= xchacha_neon,
 	}
 };
 
@@ -186,3 +203,5 @@ MODULE_ALIAS_CRYPTO("chacha20");
 MODULE_ALIAS_CRYPTO("chacha20-neon");
 MODULE_ALIAS_CRYPTO("xchacha20");
 MODULE_ALIAS_CRYPTO("xchacha20-neon");
+MODULE_ALIAS_CRYPTO("xchacha12");
+MODULE_ALIAS_CRYPTO("xchacha12-neon");
-- 
2.18.0.597.ga71716f1ad-goog