diff options
| author |   Eric Biggers <ebiggers@google.com> | 2025-05-05 11:18:21 -0700 |
|---|---|---|
| committer |   Herbert Xu <herbert@gondor.apana.org.au> | 2025-05-12 13:32:53 +0800 |
| commit | 98066f2f8901ccf72f3c5d6c391c8fff1cabd49d (patch) | |
| tree | a88e8b02bcfc5fbc4a1b71213ba078d98c07fba1 /arch/riscv/lib | |
| parent | crypto: crypto4xx - Remove ahash-related code (diff) | |
| download | wireguard-linux-98066f2f8901ccf72f3c5d6c391c8fff1cabd49d.tar.xz wireguard-linux-98066f2f8901ccf72f3c5d6c391c8fff1cabd49d.zip | |
crypto: lib/chacha - strongly type the ChaCha state
The ChaCha state matrix is 16 32-bit words. Currently it is represented
in the code as a raw u32 array, or even just a pointer to u32. This
weak typing is error-prone. Instead, introduce struct chacha_state:
struct chacha_state {
u32 x[16];
};
Convert all ChaCha and HChaCha functions to use struct chacha_state.
No functional changes.
Signed-off-by: Eric Biggers <ebiggers@google.com>
Acked-by: Kent Overstreet <kent.overstreet@linux.dev>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Diffstat (limited to 'arch/riscv/lib')
| -rw-r--r-- | arch/riscv/lib/crypto/chacha-riscv64-glue.c | 8 | ||||
| -rw-r--r-- | arch/riscv/lib/crypto/chacha-riscv64-zvkb.S | 10 |
2 files changed, 9 insertions, 9 deletions
diff --git a/arch/riscv/lib/crypto/chacha-riscv64-glue.c b/arch/riscv/lib/crypto/chacha-riscv64-glue.c index 1740e1ca3a94..57541621981e 100644 --- a/arch/riscv/lib/crypto/chacha-riscv64-glue.c +++ b/arch/riscv/lib/crypto/chacha-riscv64-glue.c @@ -15,17 +15,17 @@ static __ro_after_init DEFINE_STATIC_KEY_FALSE(use_zvkb); -asmlinkage void chacha_zvkb(u32 state[16], const u8 *in, u8 *out, +asmlinkage void chacha_zvkb(struct chacha_state *state, const u8 *in, u8 *out, size_t nblocks, int nrounds); -void hchacha_block_arch(const u32 *state, u32 *out, int nrounds) +void hchacha_block_arch(const struct chacha_state *state, u32 *out, int nrounds) { hchacha_block_generic(state, out, nrounds); } EXPORT_SYMBOL(hchacha_block_arch); -void chacha_crypt_arch(u32 *state, u8 *dst, const u8 *src, unsigned int bytes, - int nrounds) +void chacha_crypt_arch(struct chacha_state *state, u8 *dst, const u8 *src, + unsigned int bytes, int nrounds) { u8 block_buffer[CHACHA_BLOCK_SIZE]; unsigned int full_blocks = bytes / CHACHA_BLOCK_SIZE; diff --git a/arch/riscv/lib/crypto/chacha-riscv64-zvkb.S b/arch/riscv/lib/crypto/chacha-riscv64-zvkb.S index ab4423b3880e..b777d0b4e379 100644 --- a/arch/riscv/lib/crypto/chacha-riscv64-zvkb.S +++ b/arch/riscv/lib/crypto/chacha-riscv64-zvkb.S @@ -132,15 +132,15 @@ vror.vi \b3, \b3, 32 - 7 .endm -// void chacha_zvkb(u32 state[16], const u8 *in, u8 *out, size_t nblocks, -// int nrounds); +// void chacha_zvkb(struct chacha_state *state, const u8 *in, u8 *out, +// size_t nblocks, int nrounds); // // |nblocks| is the number of 64-byte blocks to process, and must be nonzero. // // |state| gives the ChaCha state matrix, including the 32-bit counter in -// state[12] following the RFC7539 convention; note that this differs from the -// original Salsa20 paper which uses a 64-bit counter in state[12..13]. The -// updated 32-bit counter is written back to state[12] before returning. +// state->x[12] following the RFC7539 convention; note that this differs from +// the original Salsa20 paper which uses a 64-bit counter in state->x[12..13]. +// The updated 32-bit counter is written back to state->x[12] before returning. SYM_FUNC_START(chacha_zvkb) addi sp, sp, -96 sd s0, 0(sp) |