ThePassionate opened a new pull request, #19396:
URL: https://github.com/apache/nuttx/pull/19396

   ## Summary
   
   Add a raw CRYPTO_CHACHA20 stream cipher to the OCF crypto framework 
(/dev/crypto) so applications such as an SSH server (chacha20-poly1305) can use 
ChaCha20 directly, not only as part of the ChaCha20-Poly1305 AEAD.
   
   Instead of introducing a separate multi-buffer stream path (parallel 
encrypt_multi/decrypt_multi callbacks), extend the existing enc_xform 
encrypt/decrypt callback signature with a length argument:
   
     void (*encrypt)(caddr_t, FAR uint8_t *, size_t len);
     void (*decrypt)(caddr_t, FAR uint8_t *, size_t len);
   
   With that single change every cipher, block or stream, flows through the 
same swcr_encdec path. swcr_encdec already handles a short final block via 
buflen = MIN(i, blocksize), so arbitrary-length data works without a second 
code path. This is exactly how the existing stream ciphers (AES-CTR/OFB/CFB) 
already behave: the cipher keeps its own counter in the context and swcr_encdec 
feeds it whole blocks (only the last one may be shorter). chacha20_crypt 
likewise relies on the underlying chacha state block counter (input[12]) to 
continue the keystream across calls, so no per-call keystream caching is needed.
   
   * xform.h/xform.c: add size_t len to encrypt/decrypt; add enc_xform_chacha20 
(blocksize 64, 12-byte IV, RFC 8439 layout).
   * chachapoly.c/chacha_private.h: chacha_ivsetup now uses a 4-byte counter 
and a 12-byte nonce (RFC 8439); chacha20_crypt encrypts the requested length in 
one pass, mirroring aes_ctr_crypt.
   * cryptodev.c/cryptosoft.c: register CRYPTO_CHACHA20 as a txform cipher and 
route new sessions to enc_xform_chacha20.
   
   This keeps all ciphers on one uniform path instead of maintaining two, and 
any future stream cipher drops in with just an xform table entry.
   
   
   ## Impact
   
   extends an internal kernel callback signature (enc_xform encrypt/decrypt). 
All in-tree implementations are updated in the same commit and the user-facing 
/dev/crypto ABI is unchanged, so this is self-contained and not a breaking 
change for existing configurations.
   
   ## Testing
   
     Build host: Ubuntu Linux x86_64, GCC (host sim toolchain)
     Target: sim:crypto (CONFIG_ARCH=sim)
     Enabled regression tests (cover both code paths through swcr_encdec):
     
     3DES-CBC, AES-CBC — block ciphers, non-reinit CBC branch
     AES-CTR — stream cipher, reinit branch (same path as the new CHACHA20)
     AES-XTS — block cipher with reinit
     CHACHA20 — new algorithm, incl. a 375-byte multi-block vector
     HMAC — auth path
   
           NuttShell (NSH) NuttX-13.0.0-RC0
           nsh> des3cbc
           ok, encrypt with /dev/crypto, decrypt with /dev/crypto
           nsh> aescbc
           aescbc test ok
           nsh> aesctr
           OK test vector 0
           OK test vector 1
           OK test vector 2
           OK test vector 3
           OK test vector 4
           OK test vector 5
           OK test vector 6
           OK test vector 7
           OK test vector 8
           nsh> aesxts
           OK encrypt test vector 0
           OK decrypt test vector 0
           OK encrypt test vector 1
           OK decrypt test vector 1
           OK encrypt test vector 2
           OK decrypt test vector 2
           OK encrypt test vector 3
           OK decrypt test vector 3
           OK encrypt test vector 4
           OK decrypt test vector 4
           OK encrypt test vector 5
           OK decrypt test vector 5
           OK encrypt test vector 6
           OK decrypt test vector 6
           OK encrypt test vector 7
           OK decrypt test vector 7
           OK encrypt test vector 8
           OK decrypt test vector 8
           OK encrypt test vector 9
           OK decrypt test vector 9
           OK encrypt test vector 10
           OK decrypt test vector 10
           OK encrypt test vector 11
           OK decrypt test vector 11
           OK encrypt test vector 12
           OK decrypt test vector 12
           OK encrypt test vector 13
           OK decrypt test vector 13
           nsh> chacha20
           run(0) start
           OK test vector 0
           run(1) start
           OK test vector 1
           chacha20: 2/2 vectors passed
           nsh> hmac
           hmac md5 success
           hmac md5 success
           hmac md5 success
           hmac md5 success
           hmac md5 success
           hmac sha1 success
           hmac sha1 success
           hmac sha1 success
           hmac sha1 success
           hmac sha1 success
           hmac sha256 success
           hmac sha256 success
           hmac sha256 success
           hmac sha256 success
           hmac sha256 success
           nsh>
   
   
   *Note: Please adhere to [Contributing 
Guidelines](https://github.com/apache/nuttx/blob/master/CONTRIBUTING.md).*
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to