diff options
| author | Jason A. Donenfeld <Jason@zx2c4.com> | 2021-02-19 14:29:04 +0100 |
|---|---|---|
| committer | David Bauer <mail@david-bauer.net> | 2021-02-26 20:41:01 +0100 |
| commit | 3888fa78802354ab7bbd19b7d061fd80a16ce06b (patch) | |
| tree | 2225a6313cb6482f0cb9c09df662a0d44197350e /target/linux/generic/backport-5.4/080-wireguard-0036-crypto-lib-chacha20poly1305-use-chacha20_crypt.patch | |
| parent | 7d4143234c4dfdd050ebc64ec8231f9d81ea65af (diff) | |
| download | upstream-3888fa78802354ab7bbd19b7d061fd80a16ce06b.tar.gz upstream-3888fa78802354ab7bbd19b7d061fd80a16ce06b.tar.bz2 upstream-3888fa78802354ab7bbd19b7d061fd80a16ce06b.zip | |
kernel: 5.4: import wireguard backport
Rather than using the clunky, old, slower wireguard-linux-compat out of
tree module, this commit does a patch-by-patch backport of upstream's
wireguard to 5.4. This specific backport is in widespread use, being
part of SUSE's enterprise kernel, Oracle's enterprise kernel, Google's
Android kernel, Gentoo's distro kernel, and probably more I've forgotten
about. It's definately the "more proper" way of adding wireguard to a
kernel than the ugly compat.h hell of the wireguard-linux-compat repo.
And most importantly for OpenWRT, it allows using the same module
configuration code for 5.10 as for 5.4, with no need for bifurcation.
These patches are from the backport tree which is maintained in the
open here: https://git.zx2c4.com/wireguard-linux/log/?h=backport-5.4.y
I'll be sending PRs to update this as needed.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Diffstat (limited to 'target/linux/generic/backport-5.4/080-wireguard-0036-crypto-lib-chacha20poly1305-use-chacha20_crypt.patch')
| -rw-r--r-- | target/linux/generic/backport-5.4/080-wireguard-0036-crypto-lib-chacha20poly1305-use-chacha20_crypt.patch | 83 |
1 files changed, 83 insertions, 0 deletions
diff --git a/target/linux/generic/backport-5.4/080-wireguard-0036-crypto-lib-chacha20poly1305-use-chacha20_crypt.patch b/target/linux/generic/backport-5.4/080-wireguard-0036-crypto-lib-chacha20poly1305-use-chacha20_crypt.patch new file mode 100644 index 0000000000..1f6d22ee35 --- /dev/null +++ b/target/linux/generic/backport-5.4/080-wireguard-0036-crypto-lib-chacha20poly1305-use-chacha20_crypt.patch @@ -0,0 +1,83 @@ +From 41d7b5227dcad70f5bd6471e9620fe3c8b3db300 Mon Sep 17 00:00:00 2001 +From: Eric Biggers <ebiggers@google.com> +Date: Sun, 17 Nov 2019 23:22:16 -0800 +Subject: [PATCH 036/124] crypto: lib/chacha20poly1305 - use chacha20_crypt() + +commit 413808b71e6204b0cc1eeaa77960f7c3cd381d33 upstream. + +Use chacha20_crypt() instead of chacha_crypt(), since it's not really +appropriate for users of the ChaCha library API to be passing the number +of rounds as an argument. + +Signed-off-by: Eric Biggers <ebiggers@google.com> +Acked-by: Ard Biesheuvel <ardb@kernel.org> +Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> +Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> +--- + lib/crypto/chacha20poly1305.c | 16 ++++++++-------- + 1 file changed, 8 insertions(+), 8 deletions(-) + +--- a/lib/crypto/chacha20poly1305.c ++++ b/lib/crypto/chacha20poly1305.c +@@ -66,14 +66,14 @@ __chacha20poly1305_encrypt(u8 *dst, cons + __le64 lens[2]; + } b; + +- chacha_crypt(chacha_state, b.block0, pad0, sizeof(b.block0), 20); ++ chacha20_crypt(chacha_state, b.block0, pad0, sizeof(b.block0)); + poly1305_init(&poly1305_state, b.block0); + + poly1305_update(&poly1305_state, ad, ad_len); + if (ad_len & 0xf) + poly1305_update(&poly1305_state, pad0, 0x10 - (ad_len & 0xf)); + +- chacha_crypt(chacha_state, dst, src, src_len, 20); ++ chacha20_crypt(chacha_state, dst, src, src_len); + + poly1305_update(&poly1305_state, dst, src_len); + if (src_len & 0xf) +@@ -140,7 +140,7 @@ __chacha20poly1305_decrypt(u8 *dst, cons + if (unlikely(src_len < POLY1305_DIGEST_SIZE)) + return false; + +- chacha_crypt(chacha_state, b.block0, pad0, sizeof(b.block0), 20); ++ chacha20_crypt(chacha_state, b.block0, pad0, sizeof(b.block0)); + poly1305_init(&poly1305_state, b.block0); + + poly1305_update(&poly1305_state, ad, ad_len); +@@ -160,7 +160,7 @@ __chacha20poly1305_decrypt(u8 *dst, cons + + ret = crypto_memneq(b.mac, src + dst_len, POLY1305_DIGEST_SIZE); + if (likely(!ret)) +- chacha_crypt(chacha_state, dst, src, dst_len, 20); ++ chacha20_crypt(chacha_state, dst, src, dst_len); + + memzero_explicit(&b, sizeof(b)); + +@@ -241,7 +241,7 @@ bool chacha20poly1305_crypt_sg_inplace(s + b.iv[1] = cpu_to_le64(nonce); + + chacha_init(chacha_state, b.k, (u8 *)b.iv); +- chacha_crypt(chacha_state, b.block0, pad0, sizeof(b.block0), 20); ++ chacha20_crypt(chacha_state, b.block0, pad0, sizeof(b.block0)); + poly1305_init(&poly1305_state, b.block0); + + if (unlikely(ad_len)) { +@@ -278,14 +278,14 @@ bool chacha20poly1305_crypt_sg_inplace(s + + if (unlikely(length < sl)) + l &= ~(CHACHA_BLOCK_SIZE - 1); +- chacha_crypt(chacha_state, addr, addr, l, 20); ++ chacha20_crypt(chacha_state, addr, addr, l); + addr += l; + length -= l; + } + + if (unlikely(length > 0)) { +- chacha_crypt(chacha_state, b.chacha_stream, pad0, +- CHACHA_BLOCK_SIZE, 20); ++ chacha20_crypt(chacha_state, b.chacha_stream, pad0, ++ CHACHA_BLOCK_SIZE); + crypto_xor(addr, b.chacha_stream, length); + partial = length; + } |