random: initialize ChaCha20 constants with correct endianness

commit a181e0fdb2164268274453b5b291589edbb9b22d upstream. On big endian CPUs, the ChaCha20-based CRNG is using the wrong endianness for the ChaCha20 constants. This doesn't matter cryptographically, but technically it means it's not ChaCha20 anymore. Fix it to always use the standard constants. Cc: linux-crypto@vger.kernel.org Cc: Andy Lutomirski <luto@kernel.org> Cc: Jann Horn <jannh@google.com> Cc: Theodore Ts'o <tytso@mit.edu> Acked-by: Ard Biesheuvel <ardb@kernel.org> Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
author: Eric Biggers <ebiggers@google.com> 2021-03-21 22:13:47 -0700
committer: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2022-06-25 11:49:02 +0200
commit: 7ec9cf3a155f1c3002c4aa4928f54447c7bb5ba3 (patch)
tree: 490cd2b8f85fc7e31bd51ec1c9e81d340fedc2ee /include
parent: 1e8598d79e314a34dc0fb40ce2a017ae41611951 (diff)
1 files changed, 8 insertions, 0 deletions
diff --git a/include/crypto/chacha20.h b/include/crypto/chacha20.h
index f76302d99e2b..da08504e347e 100644
--- a/include/crypto/chacha20.h
+++ b/include/crypto/chacha20.h
@@ -24,4 +24,12 @@ int crypto_chacha20_setkey(struct crypto_skcipher *tfm, const u8 *key,
 			   unsigned int keysize);
 int crypto_chacha20_crypt(struct skcipher_request *req);
 
+static inline void chacha_init_consts(u32 *state)
+{
+	state[0]  = 0x61707865; /* "expa" */
+	state[1]  = 0x3320646e; /* "nd 3" */
+	state[2]  = 0x79622d32; /* "2-by" */
+	state[3]  = 0x6b206574; /* "te k" */
+}
+
 #endif
author	Eric Biggers <ebiggers@google.com>	2021-03-21 22:13:47 -0700
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2022-06-25 11:49:02 +0200
commit	7ec9cf3a155f1c3002c4aa4928f54447c7bb5ba3 (patch)
tree	490cd2b8f85fc7e31bd51ec1c9e81d340fedc2ee /include
parent	1e8598d79e314a34dc0fb40ce2a017ae41611951 (diff)