Linux kernel: add chacha20

smuellerDD · smuellerDD · commit 3daf49af7a28 · 2025-12-02T09:12:23.000+01:00
Signed-off-by: Stephan Mueller &lt;smueller@chronox.de&gt;
diff --git a/CHANGES.md b/CHANGES.md
@@ -25,7 +25,7 @@ Changes 1.7.0-prerelease
 
 * X.509: add lc_x509_policy_cert_subject_match API
 
-* Linux kernel: add support for rfc4106(gcm(aes)), xts(aes), cbc(aes), ctr(aes)
+* Linux kernel: add support for rfc4106(gcm(aes)), xts(aes), cbc(aes), ctr(aes), chacha20
 
 Changes 1.6.0
 * ASN.1: use stack for small generator for small use cases
diff --git a/linux_kernel/Kbuild.chacha20 b/linux_kernel/Kbuild.chacha20
@@ -2,7 +2,11 @@
 # Symmetric implementation: ChaCha20
 leancrypto-$(CONFIG_LEANCRYPTO_CHACHA20)				       \
 				+= ../sym/src/chacha20.o		       \
-				   ../sym/src/chacha20_selector.o
+				   ../sym/src/chacha20_selector.o              \
+				   leancrypto_kernel_chacha20.o
+
+obj-m				+= leancrypto_kernel_chacha20_tester.o
+leancrypto_kernel_chacha20_tester-y	+= ../sym/tests/leancrypto_kernel_chacha20_tester.o
 
 ifdef CONFIG_X86_64
 chacha2_avx512_args += -mavx512bw -mavx512dq -mavx512f -mbmi2
diff --git a/linux_kernel/leancrypto_kernel.c b/linux_kernel/leancrypto_kernel.c
@@ -221,9 +221,16 @@ static int __init leancrypto_init(void)
 	if (ret)
 		goto free_aes_cbc;
 
+	ret = lc_kernel_chacha20_init();
+	if (ret)
+		goto free_aes_ctr;
+
 out:
 	return ret;
 
+free_aes_ctr:
+	lc_kernel_aes_ctr_exit();
+
 free_aes_cbc:
 	lc_kernel_aes_cbc_exit();
 
@@ -395,6 +402,7 @@ static void __exit leancrypto_exit(void)
 	lc_kernel_aes_xts_exit();
 	lc_kernel_aes_cbc_exit();
 	lc_kernel_aes_ctr_exit();
+	lc_kernel_chacha20_exit();
 
 	lc_proc_status_show_exit();
 }
diff --git a/linux_kernel/leancrypto_kernel.h b/linux_kernel/leancrypto_kernel.h
@@ -629,6 +629,20 @@ static inline void lc_kernel_aes_ctr_exit(void)
 }
 #endif
 
+#ifdef CONFIG_LEANCRYPTO_CHACHA20
+int __init lc_kernel_chacha20_init(void);
+void lc_kernel_chacha20_exit(void);
+#else
+static inline int __init lc_kernel_chacha20_init(void)
+{
+	return 0;
+}
+
+static inline void lc_kernel_chacha20_exit(void)
+{
+}
+#endif
+
 #ifdef __cplusplus
 }
 #endif
diff --git a/linux_kernel/leancrypto_kernel_chacha20.c b/linux_kernel/leancrypto_kernel_chacha20.c
@@ -0,0 +1,129 @@
+// SPDX-License-Identifier: GPL-2.0 OR BSD-2-Clause
+/*
+ * Copyright (C) 2025, Stephan Mueller <smueller@chronox.de>
+ *
+ * License: see LICENSE file in root directory
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE, ALL OF
+ * WHICH ARE HEREBY DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
+ * OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+ * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
+ * USE OF THIS SOFTWARE, EVEN IF NOT ADVISED OF THE POSSIBILITY OF SUCH
+ * DAMAGE.
+ */
+
+#include <crypto/chacha.h>
+#include <crypto/internal/skcipher.h>
+#include <crypto/scatterwalk.h>
+#include <linux/init.h>
+#include <linux/module.h>
+#include <linux/types.h>
+
+#include "lc_chacha20.h"
+#include "lc_chacha20_private.h"
+
+#include "leancrypto_kernel.h"
+
+static int lc_chacha20_setkey(struct crypto_skcipher *tfm, const u8 *key,
+			      unsigned int keylen)
+{
+	struct lc_sym_ctx *ctx = crypto_skcipher_ctx(tfm);
+	int err;
+
+	err = lc_sym_init(ctx);
+	if (err)
+		return err;
+
+        return lc_sym_setkey(ctx, key, keylen);
+}
+
+static int lc_chacha20_common(struct skcipher_request *req,
+			      void (*crypt_func)(struct lc_sym_ctx *ctx,
+						 const uint8_t *in,
+						 uint8_t *out, size_t len))
+{
+	struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req);
+	struct lc_sym_ctx *ctx = crypto_skcipher_ctx(tfm);
+	struct skcipher_walk walk;
+	int err;
+
+	err = lc_sym_setiv(ctx, req->iv, CHACHA_IV_SIZE);
+	if (err)
+		return err;
+
+	err = skcipher_walk_virt(&walk, req, false);
+
+	while (walk.nbytes) {
+		unsigned int nbytes = walk.nbytes;
+
+		if (nbytes < walk.total)
+			nbytes = round_down(nbytes, CHACHA_BLOCK_SIZE);
+
+		crypt_func(ctx, walk.src.virt.addr, walk.dst.virt.addr,
+			   nbytes);
+		err = skcipher_walk_done(&walk, walk.nbytes - nbytes);
+	}
+
+	return err;
+}
+
+static int lc_chacha20_encrypt(struct skcipher_request *req)
+{
+	return lc_chacha20_common(req, lc_sym_encrypt);
+}
+
+static int lc_chacha20_decrypt(struct skcipher_request *req)
+{
+	return lc_chacha20_common(req, lc_sym_decrypt);
+}
+
+static int lc_chacha20_init(struct crypto_skcipher *tfm)
+{
+	struct lc_sym_ctx *ctx = crypto_skcipher_ctx(tfm);
+
+	LC_SYM_SET_CTX(ctx, lc_chacha20);
+
+	return 0;
+}
+
+/********************************* Interface  *********************************/
+
+static struct skcipher_alg lc_chacha20_skciphers[] = {
+	{
+		.base = {
+			.cra_name = "chacha20",
+			.cra_driver_name = "chacha20-leancrypto",
+			.cra_priority = LC_KERNEL_DEFAULT_PRIO,
+			.cra_blocksize = 1,
+			.cra_ctxsize = LC_SYM_CTX_SIZE_LEN(LC_CC20_STATE_SIZE),
+			.cra_alignmask = LC_SYM_COMMON_ALIGNMENT - 1,
+			.cra_module = THIS_MODULE,
+		},
+		.min_keysize = CHACHA_KEY_SIZE,
+		.max_keysize = CHACHA_KEY_SIZE,
+		.ivsize	 = CHACHA_IV_SIZE,
+		.chunksize = CHACHA_BLOCK_SIZE,
+		.setkey = lc_chacha20_setkey,
+		.encrypt = lc_chacha20_encrypt,
+		.decrypt = lc_chacha20_decrypt,
+		.init = lc_chacha20_init
+	}
+};
+
+int __init lc_kernel_chacha20_init(void)
+{
+	return crypto_register_skciphers(lc_chacha20_skciphers,
+					 ARRAY_SIZE(lc_chacha20_skciphers));
+}
+
+void lc_kernel_chacha20_exit(void)
+{
+	crypto_unregister_skciphers(lc_chacha20_skciphers,
+				    ARRAY_SIZE(lc_chacha20_skciphers));
+}
diff --git a/sym/src/chacha20.c b/sym/src/chacha20.c
@@ -317,14 +317,26 @@ int cc20_setkey(struct lc_sym_state *ctx, const uint8_t *key, size_t keylen)
 
 int cc20_setiv(struct lc_sym_state *ctx, const uint8_t *iv, size_t ivlen)
 {
-	/* IV is counter + nonce */
-	if (!ctx || ivlen != 12)
+	if (!ctx)
 		return -EINVAL;
 
-	ctx->counter[0] = 1;
-	ctx->counter[1] = ptr_to_le32(iv);
-	ctx->counter[2] = ptr_to_le32(iv + sizeof(uint32_t));
-	ctx->counter[3] = ptr_to_le32(iv + sizeof(uint32_t) * 2);
+	/* IV is counter + nonce */
+	switch (ivlen) {
+	case 12:
+		ctx->counter[0] = 1;
+		ctx->counter[1] = ptr_to_le32(iv);
+		ctx->counter[2] = ptr_to_le32(iv + sizeof(uint32_t));
+		ctx->counter[3] = ptr_to_le32(iv + sizeof(uint32_t) * 2);
+		break;
+	case 16:
+		ctx->counter[0] = ptr_to_le32(iv);
+		ctx->counter[1] = ptr_to_le32(iv + sizeof(uint32_t));
+		ctx->counter[2] = ptr_to_le32(iv + sizeof(uint32_t) * 2);
+		ctx->counter[3] = ptr_to_le32(iv + sizeof(uint32_t) * 3);
+		break;
+	default:
+		return -EINVAL;
+	}
 
 	ctx->keystream_ptr = 0;
 
diff --git a/sym/tests/leancrypto_kernel_chacha20_tester.c b/sym/tests/leancrypto_kernel_chacha20_tester.c
