crypto: import zinc

6 files changed, 102 insertions, 29 deletions

diff --git a/src/crypto/simd.h b/src/crypto/include/linux/simd.h
index 6adf0c3..6adf0c3 100644
--- a/src/crypto/simd.h
+++ b/src/crypto/include/linux/simd.h
diff --git a/src/crypto/blake2s.h b/src/crypto/include/zinc/blake2s.h
index 7c42101..0e50836 100644
--- a/src/crypto/blake2s.h
+++ b/src/crypto/include/zinc/blake2s.h
@@ -3,8 +3,8 @@
  * Copyright (C) 2015-2018 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
  */
 
-#ifndef _WG_BLAKE2S_H
-#define _WG_BLAKE2S_H
+#ifndef _ZINC_BLAKE2S_H
+#define _ZINC_BLAKE2S_H
 
 #include <linux/types.h>
 #include <linux/kernel.h>
@@ -26,10 +26,12 @@ struct blake2s_state {
 };
 
 void blake2s_init(struct blake2s_state *state, const size_t outlen);
-void blake2s_init_key(struct blake2s_state *state, const size_t outlen, const void *key, const size_t keylen);
+void blake2s_init_key(struct blake2s_state *state, const size_t outlen,
+		      const void *key, const size_t keylen);
 void blake2s_update(struct blake2s_state *state, const u8 *in, size_t inlen);
 void __blake2s_final(struct blake2s_state *state);
-static inline void blake2s_final(struct blake2s_state *state, u8 *out, const size_t outlen)
+static inline void blake2s_final(struct blake2s_state *state, u8 *out,
+				 const size_t outlen)
 {
 	int i;
 
@@ -39,7 +41,8 @@ static inline void blake2s_final(struct blake2s_state *state, u8 *out, const siz
 	__blake2s_final(state);
 
 	if (__builtin_constant_p(outlen) && !(outlen % sizeof(u32))) {
-		if (IS_ENABLED(CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS) || IS_ALIGNED((unsigned long)out, __alignof__(u32))) {
+		if (IS_ENABLED(CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS) ||
+		    IS_ALIGNED((unsigned long)out, __alignof__(u32))) {
 			__le32 *outwords = (__le32 *)out;
 
 			for (i = 0; i < outlen / sizeof(u32); ++i)
@@ -65,13 +68,16 @@ static inline void blake2s_final(struct blake2s_state *state, u8 *out, const siz
 	memzero_explicit(state, sizeof(struct blake2s_state));
 }
 
-
-static inline void blake2s(u8 *out, const u8 *in, const u8 *key, const size_t outlen, const size_t inlen, const size_t keylen)
+static inline void blake2s(u8 *out, const u8 *in, const u8 *key,
+			   const size_t outlen, const size_t inlen,
+			   const size_t keylen)
 {
 	struct blake2s_state state;
 
 #ifdef DEBUG
-	BUG_ON((!in && inlen > 0) || !out || !outlen || outlen > BLAKE2S_OUTBYTES || keylen > BLAKE2S_KEYBYTES || (!key && keylen));
+	BUG_ON((!in && inlen > 0) || !out || !outlen ||
+	       outlen > BLAKE2S_OUTBYTES || keylen > BLAKE2S_KEYBYTES ||
+	       (!key && keylen));
 #endif
 
 	if (keylen)
@@ -83,7 +89,8 @@ static inline void blake2s(u8 *out, const u8 *in, const u8 *key, const size_t ou
 	blake2s_final(&state, out, outlen);
 }
 
-void blake2s_hmac(u8 *out, const u8 *in, const u8 *key, const size_t outlen, const size_t inlen, const size_t keylen);
+void blake2s_hmac(u8 *out, const u8 *in, const u8 *key, const size_t outlen,
+		  const size_t inlen, const size_t keylen);
 
 void blake2s_fpu_init(void);
 
@@ -91,4 +98,4 @@ void blake2s_fpu_init(void);
 bool blake2s_selftest(void);
 #endif
 
-#endif /* _WG_BLAKE2S_H */
+#endif /* _ZINC_BLAKE2S_H */
diff --git a/src/crypto/chacha20.h b/src/crypto/include/zinc/chacha20.h
index f3d408b..d09afbc 100644
--- a/src/crypto/chacha20.h
+++ b/src/crypto/include/zinc/chacha20.h
@@ -3,11 +3,11 @@
  * Copyright (C) 2015-2018 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
  */
 
-#ifndef _WG_CHACHA20_H
-#define _WG_CHACHA20_H
+#ifndef _ZINC_CHACHA20_H
+#define _ZINC_CHACHA20_H
 
-#include "simd.h"
 #include <asm/unaligned.h>
+#include <linux/simd.h>
 #include <linux/kernel.h>
 #include <linux/types.h>
 
@@ -26,7 +26,9 @@ struct chacha20_ctx {
 
 void chacha20_fpu_init(void);
 
-static inline void chacha20_init(struct chacha20_ctx *state, const u8 key[CHACHA20_KEY_SIZE], const u64 nonce)
+static inline void chacha20_init(struct chacha20_ctx *state,
+				 const u8 key[CHACHA20_KEY_SIZE],
+				 const u64 nonce)
 {
 	state->key[0] = get_unaligned_le32(key + 0);
 	state->key[1] = get_unaligned_le32(key + 4);
@@ -40,8 +42,12 @@ static inline void chacha20_init(struct chacha20_ctx *state, const u8 key[CHACHA
 	state->counter[2] = nonce & U32_MAX;
 	state->counter[3] = nonce >> 32;
 }
-void chacha20(struct chacha20_ctx *state, u8 *dst, const u8 *src, u32 len, simd_context_t simd_context);
+void chacha20(struct chacha20_ctx *state, u8 *dst, const u8 *src, u32 len,
+	      simd_context_t simd_context);
 
-void hchacha20(u8 derived_key[CHACHA20_KEY_SIZE], const u8 nonce[HCHACHA20_NONCE_SIZE], const u8 key[HCHACHA20_KEY_SIZE], simd_context_t simd_context);
+/* Derived key should be 32-bit aligned */
+void hchacha20(u8 derived_key[CHACHA20_KEY_SIZE],
+	       const u8 nonce[HCHACHA20_NONCE_SIZE],
+	       const u8 key[HCHACHA20_KEY_SIZE], simd_context_t simd_context);
 
-#endif /* _WG_CHACHA20_H */
+#endif /* _ZINC_CHACHA20_H */
diff --git a/src/crypto/include/zinc/chacha20poly1305.h b/src/crypto/include/zinc/chacha20poly1305.h
new file mode 100644
index 0000000..b607c76
--- /dev/null
+++ b/src/crypto/include/zinc/chacha20poly1305.h
@@ -0,0 +1,54 @@
+/* SPDX-License-Identifier: GPL-2.0
+ *
+ * Copyright (C) 2015-2018 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
+ */
+
+#ifndef _ZINC_CHACHA20POLY1305_H
+#define _ZINC_CHACHA20POLY1305_H
+
+#include <linux/simd.h>
+#include <linux/types.h>
+
+struct scatterlist;
+
+enum chacha20poly1305_lengths {
+	XCHACHA20POLY1305_NONCELEN = 24,
+	CHACHA20POLY1305_KEYLEN = 32,
+	CHACHA20POLY1305_AUTHTAGLEN = 16
+};
+
+void chacha20poly1305_encrypt(u8 *dst, const u8 *src, const size_t src_len,
+			      const u8 *ad, const size_t ad_len,
+			      const u64 nonce,
+			      const u8 key[CHACHA20POLY1305_KEYLEN]);
+
+bool __must_check chacha20poly1305_encrypt_sg(
+	struct scatterlist *dst, struct scatterlist *src, const size_t src_len,
+	const u8 *ad, const size_t ad_len, const u64 nonce,
+	const u8 key[CHACHA20POLY1305_KEYLEN], simd_context_t simd_context);
+
+bool __must_check
+chacha20poly1305_decrypt(u8 *dst, const u8 *src, const size_t src_len,
+			 const u8 *ad, const size_t ad_len, const u64 nonce,
+			 const u8 key[CHACHA20POLY1305_KEYLEN]);
+
+bool __must_check chacha20poly1305_decrypt_sg(
+	struct scatterlist *dst, struct scatterlist *src, const size_t src_len,
+	const u8 *ad, const size_t ad_len, const u64 nonce,
+	const u8 key[CHACHA20POLY1305_KEYLEN], simd_context_t simd_context);
+
+void xchacha20poly1305_encrypt(u8 *dst, const u8 *src, const size_t src_len,
+			       const u8 *ad, const size_t ad_len,
+			       const u8 nonce[XCHACHA20POLY1305_NONCELEN],
+			       const u8 key[CHACHA20POLY1305_KEYLEN]);
+
+bool __must_check xchacha20poly1305_decrypt(
+	u8 *dst, const u8 *src, const size_t src_len, const u8 *ad,
+	const size_t ad_len, const u8 nonce[XCHACHA20POLY1305_NONCELEN],
+	const u8 key[CHACHA20POLY1305_KEYLEN]);
+
+#ifdef DEBUG
+bool chacha20poly1305_selftest(void);
+#endif
+
+#endif /* _ZINC_CHACHA20POLY1305_H */
diff --git a/src/crypto/curve25519.h b/src/crypto/include/zinc/curve25519.h
index a06a249..0e1caf0 100644
--- a/src/crypto/curve25519.h
+++ b/src/crypto/include/zinc/curve25519.h
@@ -3,8 +3,8 @@
  * Copyright (C) 2015-2018 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
  */
 
-#ifndef _WG_CURVE25519_H
-#define _WG_CURVE25519_H
+#ifndef _ZINC_CURVE25519_H
+#define _ZINC_CURVE25519_H
 
 #include <linux/types.h>
 
@@ -12,9 +12,12 @@ enum curve25519_lengths {
 	CURVE25519_POINT_SIZE = 32
 };
 
-bool __must_check curve25519(u8 mypublic[CURVE25519_POINT_SIZE], const u8 secret[CURVE25519_POINT_SIZE], const u8 basepoint[CURVE25519_POINT_SIZE]);
+bool __must_check curve25519(u8 mypublic[CURVE25519_POINT_SIZE],
+			     const u8 secret[CURVE25519_POINT_SIZE],
+			     const u8 basepoint[CURVE25519_POINT_SIZE]);
 void curve25519_generate_secret(u8 secret[CURVE25519_POINT_SIZE]);
-bool __must_check curve25519_generate_public(u8 pub[CURVE25519_POINT_SIZE], const u8 secret[CURVE25519_POINT_SIZE]);
+bool __must_check curve25519_generate_public(
+	u8 pub[CURVE25519_POINT_SIZE], const u8 secret[CURVE25519_POINT_SIZE]);
 
 void curve25519_fpu_init(void);
 
@@ -22,4 +25,4 @@ void curve25519_fpu_init(void);
 bool curve25519_selftest(void);
 #endif
 
-#endif /* _WG_CURVE25519_H */
+#endif /* _ZINC_CURVE25519_H */
diff --git a/src/crypto/poly1305.h b/src/crypto/include/zinc/poly1305.h
index f8467bc..5c9220f 100644
--- a/src/crypto/poly1305.h
+++ b/src/crypto/include/zinc/poly1305.h
@@ -3,10 +3,10 @@
  * Copyright (C) 2015-2018 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
  */
 
-#ifndef _WG_POLY1305_H
-#define _WG_POLY1305_H
+#ifndef _ZINC_POLY1305_H
+#define _ZINC_POLY1305_H
 
-#include "simd.h"
+#include <linux/simd.h>
 #include <linux/types.h>
 
 enum poly1305_lengths {
@@ -24,12 +24,15 @@ struct poly1305_ctx {
 
 void poly1305_fpu_init(void);
 
-void poly1305_init(struct poly1305_ctx *ctx, const u8 key[POLY1305_KEY_SIZE], simd_context_t simd_context);
-void poly1305_update(struct poly1305_ctx *ctx, const u8 *inp, const size_t len, simd_context_t simd_context);
-void poly1305_finish(struct poly1305_ctx *ctx, u8 mac[POLY1305_MAC_SIZE], simd_context_t simd_context);
+void poly1305_init(struct poly1305_ctx *ctx, const u8 key[POLY1305_KEY_SIZE],
+		   simd_context_t simd_context);
+void poly1305_update(struct poly1305_ctx *ctx, const u8 *inp, const size_t len,
+		     simd_context_t simd_context);
+void poly1305_finish(struct poly1305_ctx *ctx, u8 mac[POLY1305_MAC_SIZE],
+		     simd_context_t simd_context);
 
 #ifdef DEBUG
 bool poly1305_selftest(void);
 #endif
 
-#endif /* _WG_POLY1305_H */
+#endif /* _ZINC_POLY1305_H */