crypto: lib/chacha - add strongly-typed state zeroization

Now that the ChaCha state matrix is strongly-typed, add a helper
function chacha_zeroize_state() which zeroizes it.  Then convert all
applicable callers to use it instead of direct memzero_explicit.  No
functional changes.

Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

diff --git a/drivers/char/random.c b/drivers/char/random.c
index 9f876ed2655b65c6d981a07b60e5853b4009b2b2..5f22a08101f69c8aaace22dda3cd0142820c1304 100644 (file)
--- a/drivers/char/random.c
+++ b/drivers/char/random.c
@@ -422,7 +422,7 @@ static void _get_random_bytes(void *buf, size_t len)
                buf += CHACHA_BLOCK_SIZE;
        }
 
-       memzero_explicit(&chacha_state, sizeof(chacha_state));
+       chacha_zeroize_state(&chacha_state);
 }
 
 /*
@@ -485,7 +485,7 @@ static ssize_t get_random_bytes_user(struct iov_iter *iter)
 
        memzero_explicit(block, sizeof(block));
 out_zero_chacha:
-       memzero_explicit(&chacha_state, sizeof(chacha_state));
+       chacha_zeroize_state(&chacha_state);
        return ret ? ret : -EFAULT;
 }
 

diff --git a/fs/bcachefs/checksum.c b/fs/bcachefs/checksum.c
index 312fda4bb1b5a012cb730ffc0e50fe97d75d6272..a4df8eba75f3ebc82c3a163af97a5fd12d0e071e 100644 (file)
--- a/fs/bcachefs/checksum.c
+++ b/fs/bcachefs/checksum.c
@@ -113,7 +113,7 @@ static void bch2_chacha20(const struct bch_key *key, struct nonce nonce,
 
        bch2_chacha20_init(&state, key, nonce);
        chacha20_crypt(&state, data, data, len);
-       memzero_explicit(&state, sizeof(state));
+       chacha_zeroize_state(&state);
 }
 
 static void bch2_poly1305_init(struct poly1305_desc_ctx *desc,
@@ -283,7 +283,7 @@ int __bch2_encrypt_bio(struct bch_fs *c, unsigned type,
                chacha20_crypt(&chacha_state, p, p, bv.bv_len);
                kunmap_local(p);
        }
-       memzero_explicit(&chacha_state, sizeof(chacha_state));
+       chacha_zeroize_state(&chacha_state);
        return ret;
 }
 

diff --git a/include/crypto/chacha.h b/include/crypto/chacha.h
index 64fb270f2bfcb8b8cd4e7a54b9b06de2e60b29b1..7c2e6c68919bb6cd8a0dee2ebbeb3c9f236cb07f 100644 (file)
--- a/include/crypto/chacha.h
+++ b/include/crypto/chacha.h
@@ -16,6 +16,7 @@
 #define _CRYPTO_CHACHA_H
 
 #include <linux/unaligned.h>
+#include <linux/string.h>
 #include <linux/types.h>
 
 /* 32-bit stream position, then 96-bit nonce (RFC7539 convention) */
@@ -108,6 +109,11 @@ static inline void chacha20_crypt(struct chacha_state *state,
        chacha_crypt(state, dst, src, bytes, 20);
 }
 
+static inline void chacha_zeroize_state(struct chacha_state *state)
+{
+       memzero_explicit(state, sizeof(*state));
+}
+
 #if IS_ENABLED(CONFIG_CRYPTO_ARCH_HAVE_LIB_CHACHA)
 bool chacha_is_arch_optimized(void);
 #else

diff --git a/lib/crypto/chacha20poly1305.c b/lib/crypto/chacha20poly1305.c
index ed81f0658956125f167b1043968be47d5c280633..2e7bbc1a67ea348412a4ad0ca9c7767ced62bcf8 100644 (file)
--- a/lib/crypto/chacha20poly1305.c
+++ b/lib/crypto/chacha20poly1305.c
@@ -84,7 +84,7 @@ __chacha20poly1305_encrypt(u8 *dst, const u8 *src, const size_t src_len,
 
        poly1305_final(&poly1305_state, dst + src_len);
 
-       memzero_explicit(chacha_state, sizeof(*chacha_state));
+       chacha_zeroize_state(chacha_state);
        memzero_explicit(&b, sizeof(b));
 }
 
@@ -188,7 +188,7 @@ bool chacha20poly1305_decrypt(u8 *dst, const u8 *src, const size_t src_len,
        ret = __chacha20poly1305_decrypt(dst, src, src_len, ad, ad_len,
                                         &chacha_state);
 
-       memzero_explicit(&chacha_state, sizeof(chacha_state));
+       chacha_zeroize_state(&chacha_state);
        memzero_explicit(iv, sizeof(iv));
        memzero_explicit(k, sizeof(k));
        return ret;
@@ -328,7 +328,7 @@ bool chacha20poly1305_crypt_sg_inplace(struct scatterlist *src,
                      !crypto_memneq(b.mac[0], b.mac[1], POLY1305_DIGEST_SIZE);
        }
 
-       memzero_explicit(&chacha_state, sizeof(chacha_state));
+       chacha_zeroize_state(&chacha_state);
        memzero_explicit(&b, sizeof(b));
 
        return ret;