From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <SRS0=g0DB=NA=vger.kernel.org=linux-kernel-owner@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-6.9 required=3.0 tests=DKIM_SIGNED,DKIM_VALID,
	DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_PATCH,MAILING_LIST_MULTI,
	SIGNED_OFF_BY,SPF_PASS autolearn=ham autolearn_force=no version=3.4.0
Received: from mail.kernel.org (mail.kernel.org [198.145.29.99])
	by smtp.lore.kernel.org (Postfix) with ESMTP id AD35DECDE3D
	for <linux-kernel@archiver.kernel.org>; Sat, 20 Oct 2018 03:36:19 +0000 (UTC)
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by mail.kernel.org (Postfix) with ESMTP id 7441C20843
	for <linux-kernel@archiver.kernel.org>; Sat, 20 Oct 2018 03:36:19 +0000 (UTC)
Authentication-Results: mail.kernel.org;
	dkim=pass (1024-bit key) header.d=linaro.org header.i=@linaro.org header.b="E0fRca7B"
DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 7441C20843
Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=linaro.org
Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1726764AbeJTLpM (ORCPT
        <rfc822;linux-kernel@archiver.kernel.org>);
        Sat, 20 Oct 2018 07:45:12 -0400
Received: from mail-io1-f65.google.com ([209.85.166.65]:32768 "EHLO
        mail-io1-f65.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1726599AbeJTLpL (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Sat, 20 Oct 2018 07:45:11 -0400
Received: by mail-io1-f65.google.com with SMTP id l25-v6so24159045ioj.0
        for <linux-kernel@vger.kernel.org>; Fri, 19 Oct 2018 20:36:16 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=linaro.org; s=google;
        h=mime-version:in-reply-to:references:from:date:message-id:subject:to
         :cc;
        bh=JetETkZz58YSpa7TBF0LQ4b8VevGaMi232vEE+xJ/yU=;
        b=E0fRca7B17+o255dqlRN0Z0TLylq8T4BMunWhTvPLszZi79BrJnxmEmS6vNq+5FA7R
         qLZ+pMn94Z1G0dDrcAYLz8CU4HtXR1yCAAjPV7m4eyZ3EmKxb0hj+GL1Dsjl3SuCt8mF
         amfR11uqia7gD/D5wB2dQaByjfXXrPBKGRiKA=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:in-reply-to:references:from:date
         :message-id:subject:to:cc;
        bh=JetETkZz58YSpa7TBF0LQ4b8VevGaMi232vEE+xJ/yU=;
        b=jA9YMiqS74Mg2LXEOn/9v9inSnybZPRNoyuVT8x2hoJD6kZyP3cvEc+gQR2BelNNpL
         zU+L2j7MyDkB/bFfFnGso82wn7xT/rbEGWSPiiq9q46MMh2RfpBaVXA9ZYpuCjgDccbY
         JslCmeHys82NcinBkzh9I+Ddcxsz0iigaH0QByyUxCnXdWSTl0yf/gIBlVAzTmkRohFV
         /P6lQqEvR2VU+eM8YXv9uNwZ80YjKiN61OrIT8lf5kRPgcllQ+JhNAu+/vN/mHIfI49u
         UZoCptiD2AEZE6p5OiLT1taQHoLw5XW1X6269a8ZZgzKXhCci9sQY5JKzFqgaIb9dkUb
         zshg==
X-Gm-Message-State: AGRZ1gLMcW8punGmEvhmcjE5sTB6rijpPx6KB7AI/JFPY6vGKzw16JRN
        GIWThe2sQD03RAkj7roM2AbLExcy4LuOjhYhDjsqNQ==
X-Google-Smtp-Source: AJdET5enL6hn/0vPFzz+wq5rwhYGVA7D4KLaWvKkq/JuuyhzVzWGqXBHeW4DTjmWQtx/sBRhlghdN5nQL1I7qRKzb00=
X-Received: by 2002:a6b:5d12:: with SMTP id r18-v6mr4248786iob.170.1540006576409;
 Fri, 19 Oct 2018 20:36:16 -0700 (PDT)
MIME-Version: 1.0
Received: by 2002:a6b:5910:0:0:0:0:0 with HTTP; Fri, 19 Oct 2018 20:36:15
 -0700 (PDT)
In-Reply-To: <20181015175424.97147-8-ebiggers@kernel.org>
References: <20181015175424.97147-1-ebiggers@kernel.org> <20181015175424.97147-8-ebiggers@kernel.org>
From:   Ard Biesheuvel <ard.biesheuvel@linaro.org>
Date:   Sat, 20 Oct 2018 11:36:15 +0800
Message-ID: <CAKv+Gu91O99D48Dr-2UKrXdPrzGSFDGr_qH9zLpbvqDwd50DAw@mail.gmail.com>
Subject: Re: [RFC PATCH v2 07/12] crypto: arm/chacha - add XChaCha12 support
To:     Eric Biggers <ebiggers@kernel.org>
Cc:     "open list:HARDWARE RANDOM NUMBER GENERATOR CORE" 
        <linux-crypto@vger.kernel.org>, linux-fscrypt@vger.kernel.org,
        linux-arm-kernel <linux-arm-kernel@lists.infradead.org>,
        Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
        Herbert Xu <herbert@gondor.apana.org.au>,
        Paul Crowley <paulcrowley@google.com>,
        Greg Kaiser <gkaiser@google.com>,
        Michael Halcrow <mhalcrow@google.com>,
        "Jason A . Donenfeld" <Jason@zx2c4.com>,
        Samuel Neves <samuel.c.p.neves@gmail.com>,
        Tomer Ashur <tomer.ashur@esat.kuleuven.be>
Content-Type: text/plain; charset="UTF-8"
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On 16 October 2018 at 01:54, Eric Biggers <ebiggers@kernel.org> wrote:
> From: Eric Biggers <ebiggers@google.com>
>
> Now that the 32-bit ARM NEON implementation of ChaCha20 and XChaCha20
> has been refactored to support varying the number of rounds, add support
> for XChaCha12.  This is identical to XChaCha20 except for the number of
> rounds, which is 12 instead of 20.
>
> XChaCha12 is faster than XChaCha20 but has a lower security margin,
> though still greater than AES-256's since the best known attacks make it
> through only 7 rounds.  See the patch "crypto: chacha - add XChaCha12
> support" for more details about why we need XChaCha12 support.
>
> Signed-off-by: Eric Biggers <ebiggers@google.com>

Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>

> ---
>  arch/arm/crypto/Kconfig            |  2 +-
>  arch/arm/crypto/chacha-neon-glue.c | 21 ++++++++++++++++++++-
>  2 files changed, 21 insertions(+), 2 deletions(-)
>
> diff --git a/arch/arm/crypto/Kconfig b/arch/arm/crypto/Kconfig
> index 0aa1471f27d2e..cc932d9bba561 100644
> --- a/arch/arm/crypto/Kconfig
> +++ b/arch/arm/crypto/Kconfig
> @@ -117,7 +117,7 @@ config CRYPTO_CRC32_ARM_CE
>         select CRYPTO_HASH
>
>  config CRYPTO_CHACHA20_NEON
> -       tristate "NEON accelerated ChaCha20 stream cipher algorithms"
> +       tristate "NEON accelerated ChaCha stream cipher algorithms"
>         depends on KERNEL_MODE_NEON
>         select CRYPTO_BLKCIPHER
>         select CRYPTO_CHACHA20
> diff --git a/arch/arm/crypto/chacha-neon-glue.c b/arch/arm/crypto/chacha-neon-glue.c
> index b236af4889c61..0b1b238227707 100644
> --- a/arch/arm/crypto/chacha-neon-glue.c
> +++ b/arch/arm/crypto/chacha-neon-glue.c
> @@ -1,5 +1,6 @@
>  /*
> - * ChaCha20 (RFC7539) and XChaCha20 stream ciphers, NEON accelerated
> + * ARM NEON accelerated ChaCha and XChaCha stream ciphers,
> + * including ChaCha20 (RFC7539)
>   *
>   * Copyright (C) 2016 Linaro, Ltd. <ard.biesheuvel@linaro.org>
>   *
> @@ -160,6 +161,22 @@ static struct skcipher_alg algs[] = {
>                 .setkey                 = crypto_chacha20_setkey,
>                 .encrypt                = xchacha_neon,
>                 .decrypt                = xchacha_neon,
> +       }, {
> +               .base.cra_name          = "xchacha12",
> +               .base.cra_driver_name   = "xchacha12-neon",
> +               .base.cra_priority      = 300,
> +               .base.cra_blocksize     = 1,
> +               .base.cra_ctxsize       = sizeof(struct chacha_ctx),
> +               .base.cra_module        = THIS_MODULE,
> +
> +               .min_keysize            = CHACHA_KEY_SIZE,
> +               .max_keysize            = CHACHA_KEY_SIZE,
> +               .ivsize                 = XCHACHA_IV_SIZE,
> +               .chunksize              = CHACHA_BLOCK_SIZE,
> +               .walksize               = 4 * CHACHA_BLOCK_SIZE,
> +               .setkey                 = crypto_chacha12_setkey,
> +               .encrypt                = xchacha_neon,
> +               .decrypt                = xchacha_neon,
>         }
>  };
>
> @@ -186,3 +203,5 @@ MODULE_ALIAS_CRYPTO("chacha20");
>  MODULE_ALIAS_CRYPTO("chacha20-neon");
>  MODULE_ALIAS_CRYPTO("xchacha20");
>  MODULE_ALIAS_CRYPTO("xchacha20-neon");
> +MODULE_ALIAS_CRYPTO("xchacha12");
> +MODULE_ALIAS_CRYPTO("xchacha12-neon");
> --
> 2.19.1.331.ge82ca0e54c-goog
>