diff options
Diffstat (limited to 'src')
-rw-r--r-- | src/crypto/include/zinc/blake2s.h | 10 | ||||
-rw-r--r-- | src/crypto/include/zinc/chacha20.h | 6 | ||||
-rw-r--r-- | src/crypto/include/zinc/chacha20poly1305.h | 22 | ||||
-rw-r--r-- | src/crypto/include/zinc/curve25519.h | 12 | ||||
-rw-r--r-- | src/crypto/zinc/blake2s/blake2s.c | 68 | ||||
-rw-r--r-- | src/crypto/zinc/chacha20poly1305.c | 24 | ||||
-rw-r--r-- | src/crypto/zinc/curve25519/curve25519-arm-glue.h | 16 | ||||
-rw-r--r-- | src/crypto/zinc/curve25519/curve25519-fiat32.h | 6 | ||||
-rw-r--r-- | src/crypto/zinc/curve25519/curve25519-hacl64.h | 6 | ||||
-rw-r--r-- | src/crypto/zinc/curve25519/curve25519-x86_64-glue.h | 10 | ||||
-rw-r--r-- | src/crypto/zinc/curve25519/curve25519-x86_64.h | 38 | ||||
-rw-r--r-- | src/crypto/zinc/curve25519/curve25519.c | 36 | ||||
-rw-r--r-- | src/crypto/zinc/selftest/blake2s.h | 18 | ||||
-rw-r--r-- | src/crypto/zinc/selftest/chacha20poly1305.h | 4 | ||||
-rw-r--r-- | src/crypto/zinc/selftest/curve25519.h | 20 | ||||
-rw-r--r-- | src/messages.h | 10 | ||||
-rw-r--r-- | src/noise.c | 30 |
17 files changed, 168 insertions, 168 deletions
diff --git a/src/crypto/include/zinc/blake2s.h b/src/crypto/include/zinc/blake2s.h index f14230e..da313de 100644 --- a/src/crypto/include/zinc/blake2s.h +++ b/src/crypto/include/zinc/blake2s.h @@ -11,16 +11,16 @@ #include <crypto/algapi.h> enum blake2s_lengths { - BLAKE2S_BLOCKBYTES = 64, - BLAKE2S_OUTBYTES = 32, - BLAKE2S_KEYBYTES = 32 + BLAKE2S_BLOCK_SIZE = 64, + BLAKE2S_HASH_SIZE = 32, + BLAKE2S_KEY_SIZE = 32 }; struct blake2s_state { u32 h[8]; u32 t[2]; u32 f[2]; - u8 buf[BLAKE2S_BLOCKBYTES]; + u8 buf[BLAKE2S_BLOCK_SIZE]; size_t buflen; u8 last_node; }; @@ -39,7 +39,7 @@ static inline void blake2s(u8 *out, const u8 *in, const u8 *key, #ifdef DEBUG BUG_ON((!in && inlen > 0) || !out || !outlen || - outlen > BLAKE2S_OUTBYTES || keylen > BLAKE2S_KEYBYTES || + outlen > BLAKE2S_HASH_SIZE || keylen > BLAKE2S_KEY_SIZE || (!key && keylen)); #endif diff --git a/src/crypto/include/zinc/chacha20.h b/src/crypto/include/zinc/chacha20.h index 34d577d..14bbadd 100644 --- a/src/crypto/include/zinc/chacha20.h +++ b/src/crypto/include/zinc/chacha20.h @@ -12,13 +12,13 @@ #include <linux/types.h> enum { - CHACHA20_IV_SIZE = 16, + CHACHA20_NONCE_SIZE = 16, CHACHA20_KEY_SIZE = 32, CHACHA20_KEY_WORDS = CHACHA20_KEY_SIZE / sizeof(u32), CHACHA20_BLOCK_SIZE = 64, CHACHA20_BLOCK_WORDS = CHACHA20_BLOCK_SIZE / sizeof(u32), - HCHACHA20_KEY_SIZE = 32, - HCHACHA20_NONCE_SIZE = 16 + HCHACHA20_NONCE_SIZE = CHACHA20_NONCE_SIZE, + HCHACHA20_KEY_SIZE = CHACHA20_KEY_SIZE }; enum { /* expand 32-byte k */ diff --git a/src/crypto/include/zinc/chacha20poly1305.h b/src/crypto/include/zinc/chacha20poly1305.h index 50b2be9..d2753c5 100644 --- a/src/crypto/include/zinc/chacha20poly1305.h +++ b/src/crypto/include/zinc/chacha20poly1305.h @@ -12,39 +12,39 @@ struct scatterlist; enum chacha20poly1305_lengths { - XCHACHA20POLY1305_NONCELEN = 24, - CHACHA20POLY1305_KEYLEN = 32, - CHACHA20POLY1305_AUTHTAGLEN = 16 + XCHACHA20POLY1305_NONCE_SIZE = 24, + CHACHA20POLY1305_KEY_SIZE = 32, + CHACHA20POLY1305_AUTHTAG_SIZE = 16 }; void chacha20poly1305_encrypt(u8 *dst, const u8 *src, const size_t src_len, const u8 *ad, const size_t ad_len, const u64 nonce, - const u8 key[CHACHA20POLY1305_KEYLEN]); + const u8 key[CHACHA20POLY1305_KEY_SIZE]); bool __must_check chacha20poly1305_encrypt_sg( struct scatterlist *dst, struct scatterlist *src, const size_t src_len, const u8 *ad, const size_t ad_len, const u64 nonce, - const u8 key[CHACHA20POLY1305_KEYLEN], simd_context_t *simd_context); + const u8 key[CHACHA20POLY1305_KEY_SIZE], simd_context_t *simd_context); bool __must_check chacha20poly1305_decrypt(u8 *dst, const u8 *src, const size_t src_len, const u8 *ad, const size_t ad_len, const u64 nonce, - const u8 key[CHACHA20POLY1305_KEYLEN]); + const u8 key[CHACHA20POLY1305_KEY_SIZE]); bool __must_check chacha20poly1305_decrypt_sg( struct scatterlist *dst, struct scatterlist *src, const size_t src_len, const u8 *ad, const size_t ad_len, const u64 nonce, - const u8 key[CHACHA20POLY1305_KEYLEN], simd_context_t *simd_context); + const u8 key[CHACHA20POLY1305_KEY_SIZE], simd_context_t *simd_context); void xchacha20poly1305_encrypt(u8 *dst, const u8 *src, const size_t src_len, const u8 *ad, const size_t ad_len, - const u8 nonce[XCHACHA20POLY1305_NONCELEN], - const u8 key[CHACHA20POLY1305_KEYLEN]); + const u8 nonce[XCHACHA20POLY1305_NONCE_SIZE], + const u8 key[CHACHA20POLY1305_KEY_SIZE]); bool __must_check xchacha20poly1305_decrypt( u8 *dst, const u8 *src, const size_t src_len, const u8 *ad, - const size_t ad_len, const u8 nonce[XCHACHA20POLY1305_NONCELEN], - const u8 key[CHACHA20POLY1305_KEYLEN]); + const size_t ad_len, const u8 nonce[XCHACHA20POLY1305_NONCE_SIZE], + const u8 key[CHACHA20POLY1305_KEY_SIZE]); #endif /* _ZINC_CHACHA20POLY1305_H */ diff --git a/src/crypto/include/zinc/curve25519.h b/src/crypto/include/zinc/curve25519.h index ac5979c..def173e 100644 --- a/src/crypto/include/zinc/curve25519.h +++ b/src/crypto/include/zinc/curve25519.h @@ -9,14 +9,14 @@ #include <linux/types.h> enum curve25519_lengths { - CURVE25519_POINT_SIZE = 32 + CURVE25519_KEY_SIZE = 32 }; -bool __must_check curve25519(u8 mypublic[CURVE25519_POINT_SIZE], - const u8 secret[CURVE25519_POINT_SIZE], - const u8 basepoint[CURVE25519_POINT_SIZE]); -void curve25519_generate_secret(u8 secret[CURVE25519_POINT_SIZE]); +bool __must_check curve25519(u8 mypublic[CURVE25519_KEY_SIZE], + const u8 secret[CURVE25519_KEY_SIZE], + const u8 basepoint[CURVE25519_KEY_SIZE]); +void curve25519_generate_secret(u8 secret[CURVE25519_KEY_SIZE]); bool __must_check curve25519_generate_public( - u8 pub[CURVE25519_POINT_SIZE], const u8 secret[CURVE25519_POINT_SIZE]); + u8 pub[CURVE25519_KEY_SIZE], const u8 secret[CURVE25519_KEY_SIZE]); #endif /* _ZINC_CURVE25519_H */ diff --git a/src/crypto/zinc/blake2s/blake2s.c b/src/crypto/zinc/blake2s/blake2s.c index a797524..5ce74c1 100644 --- a/src/crypto/zinc/blake2s/blake2s.c +++ b/src/crypto/zinc/blake2s/blake2s.c @@ -87,7 +87,7 @@ void blake2s_init(struct blake2s_state *state, const size_t outlen) }; #ifdef DEBUG - BUG_ON(!outlen || outlen > BLAKE2S_OUTBYTES); + BUG_ON(!outlen || outlen > BLAKE2S_HASH_SIZE); #endif blake2s_init_param(state, ¶m); } @@ -100,16 +100,16 @@ void blake2s_init_key(struct blake2s_state *state, const size_t outlen, .key_length = keylen, .fanout = 1, .depth = 1 }; - u8 block[BLAKE2S_BLOCKBYTES] = { 0 }; + u8 block[BLAKE2S_BLOCK_SIZE] = { 0 }; #ifdef DEBUG - BUG_ON(!outlen || outlen > BLAKE2S_OUTBYTES || !key || !keylen || - keylen > BLAKE2S_KEYBYTES); + BUG_ON(!outlen || outlen > BLAKE2S_HASH_SIZE || !key || !keylen || + keylen > BLAKE2S_KEY_SIZE); #endif blake2s_init_param(state, ¶m); memcpy(block, key, keylen); - blake2s_update(state, block, BLAKE2S_BLOCKBYTES); - memzero_explicit(block, BLAKE2S_BLOCKBYTES); + blake2s_update(state, block, BLAKE2S_BLOCK_SIZE); + memzero_explicit(block, BLAKE2S_BLOCK_SIZE); } EXPORT_SYMBOL(blake2s_init_key); @@ -136,7 +136,7 @@ static inline void blake2s_compress(struct blake2s_state *state, int i; #ifdef DEBUG - BUG_ON(nblocks > 1 && inc != BLAKE2S_BLOCKBYTES); + BUG_ON(nblocks > 1 && inc != BLAKE2S_BLOCK_SIZE); #endif if (blake2s_arch(state, block, nblocks, inc)) @@ -146,7 +146,7 @@ static inline void blake2s_compress(struct blake2s_state *state, blake2s_increment_counter(state, inc); #ifdef __LITTLE_ENDIAN - memcpy(m, block, BLAKE2S_BLOCKBYTES); + memcpy(m, block, BLAKE2S_BLOCK_SIZE); #else for (i = 0; i < 16; ++i) m[i] = get_unaligned_le32(block + i * sizeof(m[i])); @@ -199,31 +199,31 @@ static inline void blake2s_compress(struct blake2s_state *state, for (i = 0; i < 8; ++i) state->h[i] ^= v[i] ^ v[i + 8]; - block += BLAKE2S_BLOCKBYTES; + block += BLAKE2S_BLOCK_SIZE; --nblocks; } } void blake2s_update(struct blake2s_state *state, const u8 *in, size_t inlen) { - const size_t fill = BLAKE2S_BLOCKBYTES - state->buflen; + const size_t fill = BLAKE2S_BLOCK_SIZE - state->buflen; if (unlikely(!inlen)) return; if (inlen > fill) { memcpy(state->buf + state->buflen, in, fill); - blake2s_compress(state, state->buf, 1, BLAKE2S_BLOCKBYTES); + blake2s_compress(state, state->buf, 1, BLAKE2S_BLOCK_SIZE); state->buflen = 0; in += fill; inlen -= fill; } - if (inlen > BLAKE2S_BLOCKBYTES) { + if (inlen > BLAKE2S_BLOCK_SIZE) { const size_t nblocks = - (inlen + BLAKE2S_BLOCKBYTES - 1) / BLAKE2S_BLOCKBYTES; + (inlen + BLAKE2S_BLOCK_SIZE - 1) / BLAKE2S_BLOCK_SIZE; /* Hash one less (full) block than strictly possible */ - blake2s_compress(state, in, nblocks - 1, BLAKE2S_BLOCKBYTES); - in += BLAKE2S_BLOCKBYTES * (nblocks - 1); - inlen -= BLAKE2S_BLOCKBYTES * (nblocks - 1); + blake2s_compress(state, in, nblocks - 1, BLAKE2S_BLOCK_SIZE); + in += BLAKE2S_BLOCK_SIZE * (nblocks - 1); + inlen -= BLAKE2S_BLOCK_SIZE * (nblocks - 1); } memcpy(state->buf + state->buflen, in, inlen); state->buflen += inlen; @@ -233,11 +233,11 @@ EXPORT_SYMBOL(blake2s_update); void blake2s_final(struct blake2s_state *state, u8 *out, const size_t outlen) { #ifdef DEBUG - BUG_ON(!out || !outlen || outlen > BLAKE2S_OUTBYTES); + BUG_ON(!out || !outlen || outlen > BLAKE2S_HASH_SIZE); #endif blake2s_set_lastblock(state); memset(state->buf + state->buflen, 0, - BLAKE2S_BLOCKBYTES - state->buflen); /* Padding */ + BLAKE2S_BLOCK_SIZE - state->buflen); /* Padding */ blake2s_compress(state, state->buf, 1, state->buflen); cpu_to_le32_array(state->h, ARRAY_SIZE(state->h)); memcpy(out, state->h, outlen); @@ -249,36 +249,36 @@ void blake2s_hmac(u8 *out, const u8 *in, const u8 *key, const size_t outlen, const size_t inlen, const size_t keylen) { struct blake2s_state state; - u8 x_key[BLAKE2S_BLOCKBYTES] __aligned(__alignof__(u32)) = { 0 }; - u8 i_hash[BLAKE2S_OUTBYTES] __aligned(__alignof__(u32)); + u8 x_key[BLAKE2S_BLOCK_SIZE] __aligned(__alignof__(u32)) = { 0 }; + u8 i_hash[BLAKE2S_HASH_SIZE] __aligned(__alignof__(u32)); int i; - if (keylen > BLAKE2S_BLOCKBYTES) { - blake2s_init(&state, BLAKE2S_OUTBYTES); + if (keylen > BLAKE2S_BLOCK_SIZE) { + blake2s_init(&state, BLAKE2S_HASH_SIZE); blake2s_update(&state, key, keylen); - blake2s_final(&state, x_key, BLAKE2S_OUTBYTES); + blake2s_final(&state, x_key, BLAKE2S_HASH_SIZE); } else memcpy(x_key, key, keylen); - for (i = 0; i < BLAKE2S_BLOCKBYTES; ++i) + for (i = 0; i < BLAKE2S_BLOCK_SIZE; ++i) x_key[i] ^= 0x36; - blake2s_init(&state, BLAKE2S_OUTBYTES); - blake2s_update(&state, x_key, BLAKE2S_BLOCKBYTES); + blake2s_init(&state, BLAKE2S_HASH_SIZE); + blake2s_update(&state, x_key, BLAKE2S_BLOCK_SIZE); blake2s_update(&state, in, inlen); - blake2s_final(&state, i_hash, BLAKE2S_OUTBYTES); + blake2s_final(&state, i_hash, BLAKE2S_HASH_SIZE); - for (i = 0; i < BLAKE2S_BLOCKBYTES; ++i) + for (i = 0; i < BLAKE2S_BLOCK_SIZE; ++i) x_key[i] ^= 0x5c ^ 0x36; - blake2s_init(&state, BLAKE2S_OUTBYTES); - blake2s_update(&state, x_key, BLAKE2S_BLOCKBYTES); - blake2s_update(&state, i_hash, BLAKE2S_OUTBYTES); - blake2s_final(&state, i_hash, BLAKE2S_OUTBYTES); + blake2s_init(&state, BLAKE2S_HASH_SIZE); + blake2s_update(&state, x_key, BLAKE2S_BLOCK_SIZE); + blake2s_update(&state, i_hash, BLAKE2S_HASH_SIZE); + blake2s_final(&state, i_hash, BLAKE2S_HASH_SIZE); memcpy(out, i_hash, outlen); - memzero_explicit(x_key, BLAKE2S_BLOCKBYTES); - memzero_explicit(i_hash, BLAKE2S_OUTBYTES); + memzero_explicit(x_key, BLAKE2S_BLOCK_SIZE); + memzero_explicit(i_hash, BLAKE2S_HASH_SIZE); } EXPORT_SYMBOL(blake2s_hmac); diff --git a/src/crypto/zinc/chacha20poly1305.c b/src/crypto/zinc/chacha20poly1305.c index f2d82a1..2d975c3 100644 --- a/src/crypto/zinc/chacha20poly1305.c +++ b/src/crypto/zinc/chacha20poly1305.c @@ -34,7 +34,7 @@ static struct blkcipher_desc chacha20_desc = { static inline void __chacha20poly1305_encrypt(u8 *dst, const u8 *src, const size_t src_len, const u8 *ad, const size_t ad_len, const u64 nonce, - const u8 key[CHACHA20POLY1305_KEYLEN], + const u8 key[CHACHA20POLY1305_KEY_SIZE], simd_context_t *simd_context) { struct poly1305_ctx poly1305_state; @@ -73,7 +73,7 @@ __chacha20poly1305_encrypt(u8 *dst, const u8 *src, const size_t src_len, void chacha20poly1305_encrypt(u8 *dst, const u8 *src, const size_t src_len, const u8 *ad, const size_t ad_len, const u64 nonce, - const u8 key[CHACHA20POLY1305_KEYLEN]) + const u8 key[CHACHA20POLY1305_KEY_SIZE]) { simd_context_t simd_context; @@ -88,7 +88,7 @@ bool chacha20poly1305_encrypt_sg(struct scatterlist *dst, struct scatterlist *src, const size_t src_len, const u8 *ad, const size_t ad_len, const u64 nonce, - const u8 key[CHACHA20POLY1305_KEYLEN], + const u8 key[CHACHA20POLY1305_KEY_SIZE], simd_context_t *simd_context) { struct poly1305_ctx poly1305_state; @@ -157,7 +157,7 @@ EXPORT_SYMBOL(chacha20poly1305_encrypt_sg); static inline bool __chacha20poly1305_decrypt(u8 *dst, const u8 *src, const size_t src_len, const u8 *ad, const size_t ad_len, const u64 nonce, - const u8 key[CHACHA20POLY1305_KEYLEN], + const u8 key[CHACHA20POLY1305_KEY_SIZE], simd_context_t *simd_context) { struct poly1305_ctx poly1305_state; @@ -207,7 +207,7 @@ __chacha20poly1305_decrypt(u8 *dst, const u8 *src, const size_t src_len, bool chacha20poly1305_decrypt(u8 *dst, const u8 *src, const size_t src_len, const u8 *ad, const size_t ad_len, const u64 nonce, - const u8 key[CHACHA20POLY1305_KEYLEN]) + const u8 key[CHACHA20POLY1305_KEY_SIZE]) { simd_context_t simd_context, ret; @@ -223,7 +223,7 @@ bool chacha20poly1305_decrypt_sg(struct scatterlist *dst, struct scatterlist *src, const size_t src_len, const u8 *ad, const size_t ad_len, const u64 nonce, - const u8 key[CHACHA20POLY1305_KEYLEN], + const u8 key[CHACHA20POLY1305_KEY_SIZE], simd_context_t *simd_context) { struct poly1305_ctx poly1305_state; @@ -301,8 +301,8 @@ EXPORT_SYMBOL(chacha20poly1305_decrypt_sg); void xchacha20poly1305_encrypt(u8 *dst, const u8 *src, const size_t src_len, const u8 *ad, const size_t ad_len, - const u8 nonce[XCHACHA20POLY1305_NONCELEN], - const u8 key[CHACHA20POLY1305_KEYLEN]) + const u8 nonce[XCHACHA20POLY1305_NONCE_SIZE], + const u8 key[CHACHA20POLY1305_KEY_SIZE]) { simd_context_t simd_context; u32 derived_key[CHACHA20_KEY_WORDS] __aligned(16); @@ -313,15 +313,15 @@ void xchacha20poly1305_encrypt(u8 *dst, const u8 *src, const size_t src_len, __chacha20poly1305_encrypt(dst, src, src_len, ad, ad_len, get_unaligned_le64(nonce + 16), (u8 *)derived_key, &simd_context); - memzero_explicit(derived_key, CHACHA20POLY1305_KEYLEN); + memzero_explicit(derived_key, CHACHA20POLY1305_KEY_SIZE); simd_put(&simd_context); } EXPORT_SYMBOL(xchacha20poly1305_encrypt); bool xchacha20poly1305_decrypt(u8 *dst, const u8 *src, const size_t src_len, const u8 *ad, const size_t ad_len, - const u8 nonce[XCHACHA20POLY1305_NONCELEN], - const u8 key[CHACHA20POLY1305_KEYLEN]) + const u8 nonce[XCHACHA20POLY1305_NONCE_SIZE], + const u8 key[CHACHA20POLY1305_KEY_SIZE]) { bool ret; simd_context_t simd_context; @@ -333,7 +333,7 @@ bool xchacha20poly1305_decrypt(u8 *dst, const u8 *src, const size_t src_len, ret = __chacha20poly1305_decrypt(dst, src, src_len, ad, ad_len, get_unaligned_le64(nonce + 16), (u8 *)derived_key, &simd_context); - memzero_explicit(derived_key, CHACHA20POLY1305_KEYLEN); + memzero_explicit(derived_key, CHACHA20POLY1305_KEY_SIZE); simd_put(&simd_context); return ret; } diff --git a/src/crypto/zinc/curve25519/curve25519-arm-glue.h b/src/crypto/zinc/curve25519/curve25519-arm-glue.h index 6b20931..9211bca 100644 --- a/src/crypto/zinc/curve25519/curve25519-arm-glue.h +++ b/src/crypto/zinc/curve25519/curve25519-arm-glue.h @@ -8,9 +8,9 @@ #include <asm/simd.h> #if defined(CONFIG_KERNEL_MODE_NEON) -asmlinkage void curve25519_neon(u8 mypublic[CURVE25519_POINT_SIZE], - const u8 secret[CURVE25519_POINT_SIZE], - const u8 basepoint[CURVE25519_POINT_SIZE]); +asmlinkage void curve25519_neon(u8 mypublic[CURVE25519_KEY_SIZE], + const u8 secret[CURVE25519_KEY_SIZE], + const u8 basepoint[CURVE25519_KEY_SIZE]); #endif static bool curve25519_use_neon __ro_after_init; @@ -20,9 +20,9 @@ static void __init curve25519_fpu_init(void) curve25519_use_neon = elf_hwcap & HWCAP_NEON; } -static inline bool curve25519_arch(u8 mypublic[CURVE25519_POINT_SIZE], - const u8 secret[CURVE25519_POINT_SIZE], - const u8 basepoint[CURVE25519_POINT_SIZE]) +static inline bool curve25519_arch(u8 mypublic[CURVE25519_KEY_SIZE], + const u8 secret[CURVE25519_KEY_SIZE], + const u8 basepoint[CURVE25519_KEY_SIZE]) { #if defined(CONFIG_KERNEL_MODE_NEON) if (curve25519_use_neon && may_use_simd()) { @@ -35,8 +35,8 @@ static inline bool curve25519_arch(u8 mypublic[CURVE25519_POINT_SIZE], return false; } -static inline bool curve25519_base_arch(u8 pub[CURVE25519_POINT_SIZE], - const u8 secret[CURVE25519_POINT_SIZE]) +static inline bool curve25519_base_arch(u8 pub[CURVE25519_KEY_SIZE], + const u8 secret[CURVE25519_KEY_SIZE]) { return false; } diff --git a/src/crypto/zinc/curve25519/curve25519-fiat32.h b/src/crypto/zinc/curve25519/curve25519-fiat32.h index e9d00c6..32b5ec7 100644 --- a/src/crypto/zinc/curve25519/curve25519-fiat32.h +++ b/src/crypto/zinc/curve25519/curve25519-fiat32.h @@ -749,9 +749,9 @@ static __always_inline void fe_mul121666(fe *h, const fe_loose *f) fe_mul_121666_impl(h->v, f->v); } -static void curve25519_generic(u8 out[CURVE25519_POINT_SIZE], - const u8 scalar[CURVE25519_POINT_SIZE], - const u8 point[CURVE25519_POINT_SIZE]) +static void curve25519_generic(u8 out[CURVE25519_KEY_SIZE], + const u8 scalar[CURVE25519_KEY_SIZE], + const u8 point[CURVE25519_KEY_SIZE]) { fe x1, x2, z2, x3, z3; fe_loose x2l, z2l, x3l; diff --git a/src/crypto/zinc/curve25519/curve25519-hacl64.h b/src/crypto/zinc/curve25519/curve25519-hacl64.h index 547deac..c7b2924 100644 --- a/src/crypto/zinc/curve25519/curve25519-hacl64.h +++ b/src/crypto/zinc/curve25519/curve25519-hacl64.h @@ -753,9 +753,9 @@ static __always_inline void format_scalar_of_point(u8 *scalar, u64 *point) format_fcontract(scalar, sc); } -static void curve25519_generic(u8 mypublic[CURVE25519_POINT_SIZE], - const u8 secret[CURVE25519_POINT_SIZE], - const u8 basepoint[CURVE25519_POINT_SIZE]) +static void curve25519_generic(u8 mypublic[CURVE25519_KEY_SIZE], + const u8 secret[CURVE25519_KEY_SIZE], + const u8 basepoint[CURVE25519_KEY_SIZE]) { u64 buf0[10] __aligned(32) = { 0 }; u64 *x0 = buf0; diff --git a/src/crypto/zinc/curve25519/curve25519-x86_64-glue.h b/src/crypto/zinc/curve25519/curve25519-x86_64-glue.h index 00dbfde..142e467 100644 --- a/src/crypto/zinc/curve25519/curve25519-x86_64-glue.h +++ b/src/crypto/zinc/curve25519/curve25519-x86_64-glue.h @@ -18,9 +18,9 @@ static void __init curve25519_fpu_init(void) boot_cpu_has(X86_FEATURE_ADX); } -static inline bool curve25519_arch(u8 mypublic[CURVE25519_POINT_SIZE], - const u8 secret[CURVE25519_POINT_SIZE], - const u8 basepoint[CURVE25519_POINT_SIZE]) +static inline bool curve25519_arch(u8 mypublic[CURVE25519_KEY_SIZE], + const u8 secret[CURVE25519_KEY_SIZE], + const u8 basepoint[CURVE25519_KEY_SIZE]) { if (curve25519_use_adx) { curve25519_adx(mypublic, secret, basepoint); @@ -32,8 +32,8 @@ static inline bool curve25519_arch(u8 mypublic[CURVE25519_POINT_SIZE], return false; } -static inline bool curve25519_base_arch(u8 pub[CURVE25519_POINT_SIZE], - const u8 secret[CURVE25519_POINT_SIZE]) +static inline bool curve25519_base_arch(u8 pub[CURVE25519_KEY_SIZE], + const u8 secret[CURVE25519_KEY_SIZE]) { if (curve25519_use_adx) { curve25519_adx_base(pub, secret); diff --git a/src/crypto/zinc/curve25519/curve25519-x86_64.h b/src/crypto/zinc/curve25519/curve25519-x86_64.h index 6c895f7..258a30d 100644 --- a/src/crypto/zinc/curve25519/curve25519-x86_64.h +++ b/src/crypto/zinc/curve25519/curve25519-x86_64.h @@ -1935,23 +1935,23 @@ static __always_inline void cselect(u8 bit, u64 *const px, const u64 *const py) ); } -static __always_inline void clamp_secret(u8 secret[CURVE25519_POINT_SIZE]) +static __always_inline void clamp_secret(u8 secret[CURVE25519_KEY_SIZE]) { secret[0] &= 248; secret[31] &= 127; secret[31] |= 64; } -static void curve25519_adx(u8 shared[CURVE25519_POINT_SIZE], - const u8 private_key[CURVE25519_POINT_SIZE], - const u8 session_key[CURVE25519_POINT_SIZE]) +static void curve25519_adx(u8 shared[CURVE25519_KEY_SIZE], + const u8 private_key[CURVE25519_KEY_SIZE], + const u8 session_key[CURVE25519_KEY_SIZE]) { struct { u64 buffer[4 * NUM_WORDS_ELTFP25519]; u64 coordinates[4 * NUM_WORDS_ELTFP25519]; u64 workspace[6 * NUM_WORDS_ELTFP25519]; - u8 session[CURVE25519_POINT_SIZE]; - u8 private[CURVE25519_POINT_SIZE]; + u8 session[CURVE25519_KEY_SIZE]; + u8 private[CURVE25519_KEY_SIZE]; } __aligned(32) m; int i = 0, j = 0; @@ -1991,7 +1991,7 @@ static void curve25519_adx(u8 shared[CURVE25519_POINT_SIZE], * reserve the sign bit for use in other protocols and to * increase resistance to implementation fingerprinting */ - m.session[CURVE25519_POINT_SIZE - 1] &= (1 << (255 % 8)) - 1; + m.session[CURVE25519_KEY_SIZE - 1] &= (1 << (255 % 8)) - 1; copy_eltfp25519_1w(Px, X1); setzero_eltfp25519_1w(Pz); @@ -2043,14 +2043,14 @@ static void curve25519_adx(u8 shared[CURVE25519_POINT_SIZE], memzero_explicit(&m, sizeof(m)); } -static void curve25519_adx_base(u8 session_key[CURVE25519_POINT_SIZE], - const u8 private_key[CURVE25519_POINT_SIZE]) +static void curve25519_adx_base(u8 session_key[CURVE25519_KEY_SIZE], + const u8 private_key[CURVE25519_KEY_SIZE]) { struct { u64 buffer[4 * NUM_WORDS_ELTFP25519]; u64 coordinates[4 * NUM_WORDS_ELTFP25519]; u64 workspace[4 * NUM_WORDS_ELTFP25519]; - u8 private[CURVE25519_POINT_SIZE]; + u8 private[CURVE25519_KEY_SIZE]; } __aligned(32) m; const int ite[4] = { 64, 64, 64, 63 }; @@ -2137,16 +2137,16 @@ static void curve25519_adx_base(u8 session_key[CURVE25519_POINT_SIZE], memzero_explicit(&m, sizeof(m)); } -static void curve25519_bmi2(u8 shared[CURVE25519_POINT_SIZE], - const u8 private_key[CURVE25519_POINT_SIZE], - const u8 session_key[CURVE25519_POINT_SIZE]) +static void curve25519_bmi2(u8 shared[CURVE25519_KEY_SIZE], + const u8 private_key[CURVE25519_KEY_SIZE], + const u8 session_key[CURVE25519_KEY_SIZE]) { struct { u64 buffer[4 * NUM_WORDS_ELTFP25519]; u64 coordinates[4 * NUM_WORDS_ELTFP25519]; u64 workspace[6 * NUM_WORDS_ELTFP25519]; - u8 session[CURVE25519_POINT_SIZE]; - u8 private[CURVE25519_POINT_SIZE]; + u8 session[CURVE25519_KEY_SIZE]; + u8 private[CURVE25519_KEY_SIZE]; } __aligned(32) m; int i = 0, j = 0; @@ -2186,7 +2186,7 @@ static void curve25519_bmi2(u8 shared[CURVE25519_POINT_SIZE], * reserve the sign bit for use in other protocols and to * increase resistance to implementation fingerprinting */ - m.session[CURVE25519_POINT_SIZE - 1] &= (1 << (255 % 8)) - 1; + m.session[CURVE25519_KEY_SIZE - 1] &= (1 << (255 % 8)) - 1; copy_eltfp25519_1w(Px, X1); setzero_eltfp25519_1w(Pz); @@ -2238,14 +2238,14 @@ static void curve25519_bmi2(u8 shared[CURVE25519_POINT_SIZE], memzero_explicit(&m, sizeof(m)); } -static void curve25519_bmi2_base(u8 session_key[CURVE25519_POINT_SIZE], - const u8 private_key[CURVE25519_POINT_SIZE]) +static void curve25519_bmi2_base(u8 session_key[CURVE25519_KEY_SIZE], + const u8 private_key[CURVE25519_KEY_SIZE]) { struct { u64 buffer[4 * NUM_WORDS_ELTFP25519]; u64 coordinates[4 * NUM_WORDS_ELTFP25519]; u64 workspace[4 * NUM_WORDS_ELTFP25519]; - u8 private[CURVE25519_POINT_SIZE]; + u8 private[CURVE25519_KEY_SIZE]; } __aligned(32) m; const int ite[4] = { 64, 64, 64, 63 }; diff --git a/src/crypto/zinc/curve25519/curve25519.c b/src/crypto/zinc/curve25519/curve25519.c index fd46b36..a1f35aa 100644 --- a/src/crypto/zinc/curve25519/curve25519.c +++ b/src/crypto/zinc/curve25519/curve25519.c @@ -27,20 +27,20 @@ void __init curve25519_fpu_init(void) { } -static inline bool curve25519_arch(u8 mypublic[CURVE25519_POINT_SIZE], - const u8 secret[CURVE25519_POINT_SIZE], - const u8 basepoint[CURVE25519_POINT_SIZE]) +static inline bool curve25519_arch(u8 mypublic[CURVE25519_KEY_SIZE], + const u8 secret[CURVE25519_KEY_SIZE], + const u8 basepoint[CURVE25519_KEY_SIZE]) { return false; } -static inline bool curve25519_base_arch(u8 pub[CURVE25519_POINT_SIZE], - const u8 secret[CURVE25519_POINT_SIZE]) +static inline bool curve25519_base_arch(u8 pub[CURVE25519_KEY_SIZE], + const u8 secret[CURVE25519_KEY_SIZE]) { return false; } #endif -static __always_inline void normalize_secret(u8 secret[CURVE25519_POINT_SIZE]) +static __always_inline void normalize_secret(u8 secret[CURVE25519_KEY_SIZE]) { secret[0] &= 248; secret[31] &= 127; @@ -53,35 +53,35 @@ static __always_inline void normalize_secret(u8 secret[CURVE25519_POINT_SIZE]) #include "curve25519-fiat32.h" #endif -static const u8 null_point[CURVE25519_POINT_SIZE] = { 0 }; +static const u8 null_point[CURVE25519_KEY_SIZE] = { 0 }; -bool curve25519(u8 mypublic[CURVE25519_POINT_SIZE], - const u8 secret[CURVE25519_POINT_SIZE], - const u8 basepoint[CURVE25519_POINT_SIZE]) +bool curve25519(u8 mypublic[CURVE25519_KEY_SIZE], + const u8 secret[CURVE25519_KEY_SIZE], + const u8 basepoint[CURVE25519_KEY_SIZE]) { if (!curve25519_arch(mypublic, secret, basepoint)) curve25519_generic(mypublic, secret, basepoint); - return crypto_memneq(mypublic, null_point, CURVE25519_POINT_SIZE); + return crypto_memneq(mypublic, null_point, CURVE25519_KEY_SIZE); } EXPORT_SYMBOL(curve25519); -bool curve25519_generate_public(u8 pub[CURVE25519_POINT_SIZE], - const u8 secret[CURVE25519_POINT_SIZE]) +bool curve25519_generate_public(u8 pub[CURVE25519_KEY_SIZE], + const u8 secret[CURVE25519_KEY_SIZE]) { - static const u8 basepoint[CURVE25519_POINT_SIZE] __aligned(32) = { 9 }; + static const u8 basepoint[CURVE25519_KEY_SIZE] __aligned(32) = { 9 }; - if (unlikely(!crypto_memneq(secret, null_point, CURVE25519_POINT_SIZE))) + if (unlikely(!crypto_memneq(secret, null_point, CURVE25519_KEY_SIZE))) return false; if (curve25519_base_arch(pub, secret)) - return crypto_memneq(pub, null_point, CURVE25519_POINT_SIZE); + return crypto_memneq(pub, null_point, CURVE25519_KEY_SIZE); return curve25519(pub, secret, basepoint); } EXPORT_SYMBOL(curve25519_generate_public); -void curve25519_generate_secret(u8 secret[CURVE25519_POINT_SIZE]) +void curve25519_generate_secret(u8 secret[CURVE25519_KEY_SIZE]) { - get_random_bytes_wait(secret, CURVE25519_POINT_SIZE); + get_random_bytes_wait(secret, CURVE25519_KEY_SIZE); normalize_secret(secret); } EXPORT_SYMBOL(curve25519_generate_secret); diff --git a/src/crypto/zinc/selftest/blake2s.h b/src/crypto/zinc/selftest/blake2s.h index dea18f4..b15cc56 100644 --- a/src/crypto/zinc/selftest/blake2s.h +++ b/src/crypto/zinc/selftest/blake2s.h @@ -4,7 +4,7 @@ */ #ifdef DEBUG -static const u8 blake2s_testvecs[][BLAKE2S_OUTBYTES] __initconst = { +static const u8 blake2s_testvecs[][BLAKE2S_HASH_SIZE] __initconst = { { 0x69, 0x21, 0x7a, 0x30, 0x79, 0x90, 0x80, 0x94, 0xe1, 0x11, 0x21, 0xd0, 0x42, 0x35, 0x4a, 0x7c, 0x1f, 0x55, 0xb6, 0x48, 0x2c, 0xa1, 0xa5, 0x1e, @@ -1031,7 +1031,7 @@ static const u8 blake2s_testvecs[][BLAKE2S_OUTBYTES] __initconst = { 0x86, 0xaa, 0x99, 0x4a, 0xcb, 0x38, 0xfe, 0x2d } }; -static const u8 blake2s_keyed_testvecs[][BLAKE2S_OUTBYTES] __initconst = { +static const u8 blake2s_keyed_testvecs[][BLAKE2S_HASH_SIZE] __initconst = { { 0x48, 0xa8, 0x99, 0x7d, 0xa4, 0x07, 0x87, 0x6b, 0x3d, 0x79, 0xc0, 0xd9, 0x23, 0x25, 0xad, 0x3b, 0x89, 0xcb, 0xb7, 0x54, 0xd8, 0x6a, 0xb7, 0x1a, @@ -2060,29 +2060,29 @@ static const u8 blake2s_keyed_testvecs[][BLAKE2S_OUTBYTES] __initconst = { static bool __init blake2s_selftest(void) { - u8 key[BLAKE2S_KEYBYTES]; + u8 key[BLAKE2S_KEY_SIZE]; u8 buf[ARRAY_SIZE(blake2s_testvecs)]; - u8 hash[BLAKE2S_OUTBYTES]; + u8 hash[BLAKE2S_HASH_SIZE]; size_t i; bool success = true; - for (i = 0; i < BLAKE2S_KEYBYTES; ++i) + for (i = 0; i < BLAKE2S_KEY_SIZE; ++i) key[i] = (u8)i; for (i = 0; i < ARRAY_SIZE(blake2s_testvecs); ++i) buf[i] = (u8)i; for (i = 0; i < ARRAY_SIZE(blake2s_keyed_testvecs); ++i) { - blake2s(hash, buf, key, BLAKE2S_OUTBYTES, i, BLAKE2S_KEYBYTES); - if (memcmp(hash, blake2s_keyed_testvecs[i], BLAKE2S_OUTBYTES)) { + blake2s(hash, buf, key, BLAKE2S_HASH_SIZE, i, BLAKE2S_KEY_SIZE); + if (memcmp(hash, blake2s_keyed_testvecs[i], BLAKE2S_HASH_SIZE)) { pr_info("blake2s keyed self-test %zu: FAIL\n", i + 1); success = false; } } for (i = 0; i < ARRAY_SIZE(blake2s_testvecs); ++i) { - blake2s(hash, buf, NULL, BLAKE2S_OUTBYTES, i, 0); - if (memcmp(hash, blake2s_testvecs[i], BLAKE2S_OUTBYTES)) { + blake2s(hash, buf, NULL, BLAKE2S_HASH_SIZE, i, 0); + if (memcmp(hash, blake2s_testvecs[i], BLAKE2S_HASH_SIZE)) { pr_info("blake2s unkeyed self-test %zu: FAIL\n", i + i); success = false; } diff --git a/src/crypto/zinc/selftest/chacha20poly1305.h b/src/crypto/zinc/selftest/chacha20poly1305.h index 2a75dfa..0510a8e 100644 --- a/src/crypto/zinc/selftest/chacha20poly1305.h +++ b/src/crypto/zinc/selftest/chacha20poly1305.h @@ -8817,7 +8817,7 @@ chacha20poly1305_selftest_encrypt_bignonce(u8 *dst, const u8 *src, const size_t src_len, const u8 *ad, const size_t ad_len, const u8 nonce[12], - const u8 key[CHACHA20POLY1305_KEYLEN]) + const u8 key[CHACHA20POLY1305_KEY_SIZE]) { simd_context_t simd_context; struct poly1305_ctx poly1305_state; @@ -8856,7 +8856,7 @@ static void __init chacha20poly1305_selftest_encrypt(u8 *dst, const u8 *src, const size_t src_len, const u8 *ad, const size_t ad_len, const u8 *nonce, const size_t nonce_len, - const u8 key[CHACHA20POLY1305_KEYLEN]) + const u8 key[CHACHA20POLY1305_KEY_SIZE]) { if (nonce_len == 8) chacha20poly1305_encrypt(dst, src, src_len, ad, ad_len, diff --git a/src/crypto/zinc/selftest/curve25519.h b/src/crypto/zinc/selftest/curve25519.h index 5d3f268..8c11d80 100644 --- a/src/crypto/zinc/selftest/curve25519.h +++ b/src/crypto/zinc/selftest/curve25519.h @@ -5,9 +5,9 @@ #ifdef DEBUG struct curve25519_test_vector { - u8 private[CURVE25519_POINT_SIZE]; - u8 public[CURVE25519_POINT_SIZE]; - u8 result[CURVE25519_POINT_SIZE]; + u8 private[CURVE25519_KEY_SIZE]; + u8 public[CURVE25519_KEY_SIZE]; + u8 result[CURVE25519_KEY_SIZE]; bool valid; }; static const struct curve25519_test_vector curve25519_test_vectors[] __initconst = { @@ -1283,16 +1283,16 @@ static bool __init curve25519_selftest(void) { bool success = true, ret, ret2; size_t i = 0, j; - u8 in[CURVE25519_POINT_SIZE]; - u8 out[CURVE25519_POINT_SIZE], out2[CURVE25519_POINT_SIZE]; + u8 in[CURVE25519_KEY_SIZE]; + u8 out[CURVE25519_KEY_SIZE], out2[CURVE25519_KEY_SIZE]; for (i = 0; i < ARRAY_SIZE(curve25519_test_vectors); ++i) { - memset(out, 0, CURVE25519_POINT_SIZE); + memset(out, 0, CURVE25519_KEY_SIZE); ret = curve25519(out, curve25519_test_vectors[i].private, curve25519_test_vectors[i].public); if (ret != curve25519_test_vectors[i].valid || memcmp(out, curve25519_test_vectors[i].result, - CURVE25519_POINT_SIZE)) { + CURVE25519_KEY_SIZE)) { pr_info("curve25519 self-test %zu: FAIL\n", i + 1); success = false; break; @@ -1302,11 +1302,11 @@ static bool __init curve25519_selftest(void) for (i = 0; i < 5; ++i) { get_random_bytes(in, sizeof(in)); ret = curve25519_generate_public(out, in); - ret2 = curve25519(out2, in, (u8[CURVE25519_POINT_SIZE]){ 9 }); - if (ret != ret2 || memcmp(out, out2, CURVE25519_POINT_SIZE)) { + ret2 = curve25519(out2, in, (u8[CURVE25519_KEY_SIZE]){ 9 }); + if (ret != ret2 || memcmp(out, out2, CURVE25519_KEY_SIZE)) { pr_info("curve25519 basepoint self-test %zu: FAIL: input - 0x", i + 1); - for (j = CURVE25519_POINT_SIZE; j-- > 0;) + for (j = CURVE25519_KEY_SIZE; j-- > 0;) printk(KERN_CONT "%02x", in[j]); printk(KERN_CONT "\n"); success = false; diff --git a/src/messages.h b/src/messages.h index 131e1c4..090e6f0 100644 --- a/src/messages.h +++ b/src/messages.h @@ -15,11 +15,11 @@ #include <linux/skbuff.h> enum noise_lengths { - NOISE_PUBLIC_KEY_LEN = CURVE25519_POINT_SIZE, - NOISE_SYMMETRIC_KEY_LEN = CHACHA20POLY1305_KEYLEN, + NOISE_PUBLIC_KEY_LEN = CURVE25519_KEY_SIZE, + NOISE_SYMMETRIC_KEY_LEN = CHACHA20POLY1305_KEY_SIZE, NOISE_TIMESTAMP_LEN = sizeof(u64) + sizeof(u32), - NOISE_AUTHTAG_LEN = CHACHA20POLY1305_AUTHTAGLEN, - NOISE_HASH_LEN = BLAKE2S_OUTBYTES + NOISE_AUTHTAG_LEN = CHACHA20POLY1305_AUTHTAG_SIZE, + NOISE_HASH_LEN = BLAKE2S_HASH_SIZE }; #define noise_encrypted_len(plain_len) (plain_len + NOISE_AUTHTAG_LEN) @@ -27,7 +27,7 @@ enum noise_lengths { enum cookie_values { COOKIE_SECRET_MAX_AGE = 2 * 60, COOKIE_SECRET_LATENCY = 5, - COOKIE_NONCE_LEN = XCHACHA20POLY1305_NONCELEN, + COOKIE_NONCE_LEN = XCHACHA20POLY1305_NONCE_SIZE, COOKIE_LEN = 16 }; diff --git a/src/noise.c b/src/noise.c index 1d5d48b..7ab3890 100644 --- a/src/noise.c +++ b/src/noise.c @@ -286,19 +286,19 @@ static void kdf(u8 *first_dst, u8 *second_dst, u8 *third_dst, const u8 *data, size_t first_len, size_t second_len, size_t third_len, size_t data_len, const u8 chaining_key[NOISE_HASH_LEN]) { - u8 output[BLAKE2S_OUTBYTES + 1]; - u8 secret[BLAKE2S_OUTBYTES]; + u8 output[BLAKE2S_HASH_SIZE + 1]; + u8 secret[BLAKE2S_HASH_SIZE]; #ifdef DEBUG - BUG_ON(first_len > BLAKE2S_OUTBYTES || second_len > BLAKE2S_OUTBYTES || - third_len > BLAKE2S_OUTBYTES || + BUG_ON(first_len > BLAKE2S_HASH_SIZE || second_len > BLAKE2S_HASH_SIZE || + third_len > BLAKE2S_HASH_SIZE || ((second_len || second_dst || third_len || third_dst) && (!first_len || !first_dst)) || ((third_len || third_dst) && (!second_len || !second_dst))); #endif /* Extract entropy from data into secret */ - blake2s_hmac(secret, data, chaining_key, BLAKE2S_OUTBYTES, data_len, + blake2s_hmac(secret, data, chaining_key, BLAKE2S_HASH_SIZE, data_len, NOISE_HASH_LEN); if (!first_dst || !first_len) @@ -306,32 +306,32 @@ static void kdf(u8 *first_dst, u8 *second_dst, u8 *third_dst, const u8 *data, /* Expand first key: key = secret, data = 0x1 */ output[0] = 1; - blake2s_hmac(output, output, secret, BLAKE2S_OUTBYTES, 1, - BLAKE2S_OUTBYTES); + blake2s_hmac(output, output, secret, BLAKE2S_HASH_SIZE, 1, + BLAKE2S_HASH_SIZE); memcpy(first_dst, output, first_len); if (!second_dst || !second_len) goto out; /* Expand second key: key = secret, data = first-key || 0x2 */ - output[BLAKE2S_OUTBYTES] = 2; - blake2s_hmac(output, output, secret, BLAKE2S_OUTBYTES, - BLAKE2S_OUTBYTES + 1, BLAKE2S_OUTBYTES); + output[BLAKE2S_HASH_SIZE] = 2; + blake2s_hmac(output, output, secret, BLAKE2S_HASH_SIZE, + BLAKE2S_HASH_SIZE + 1, BLAKE2S_HASH_SIZE); memcpy(second_dst, output, second_len); if (!third_dst || !third_len) goto out; /* Expand third key: key = secret, data = second-key || 0x3 */ - output[BLAKE2S_OUTBYTES] = 3; - blake2s_hmac(output, output, secret, BLAKE2S_OUTBYTES, - BLAKE2S_OUTBYTES + 1, BLAKE2S_OUTBYTES); + output[BLAKE2S_HASH_SIZE] = 3; + blake2s_hmac(output, output, secret, BLAKE2S_HASH_SIZE, + BLAKE2S_HASH_SIZE + 1, BLAKE2S_HASH_SIZE); memcpy(third_dst, output, third_len); out: /* Clear sensitive data from stack */ - memzero_explicit(secret, BLAKE2S_OUTBYTES); - memzero_explicit(output, BLAKE2S_OUTBYTES + 1); + memzero_explicit(secret, BLAKE2S_HASH_SIZE); + memzero_explicit(output, BLAKE2S_HASH_SIZE + 1); } static void symmetric_key_init(struct noise_symmetric_key *key) |