summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorArd Biesheuvel <ard.biesheuvel@linaro.org>2019-07-03 04:55:06 -0400
committerHerbert Xu <herbert@gondor.apana.org.au>2019-07-26 01:02:06 -0400
commit5cb97700beaa005ceb2a127b6f53536a4544c9d8 (patch)
tree804250cce73d7cf8d842ce51881202cfaaecdbb8
parentf248caf9a5ccda733456baddb234bce7431152ba (diff)
crypto: morus - remove generic and x86 implementations
MORUS was not selected as a winner in the CAESAR competition, which is not surprising since it is considered to be cryptographically broken [0]. (Note that this is not an implementation defect, but a flaw in the underlying algorithm). Since it is unlikely to be in use currently, let's remove it before we're stuck with it. [0] https://eprint.iacr.org/2019/172.pdf Reviewed-by: Ondrej Mosnacek <omosnace@redhat.com> Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Diffstat
-rw-r--r--arch/x86/crypto/Makefile13
-rw-r--r--arch/x86/crypto/morus1280-avx2-asm.S619
-rw-r--r--arch/x86/crypto/morus1280-avx2-glue.c62
-rw-r--r--arch/x86/crypto/morus1280-sse2-asm.S893
-rw-r--r--arch/x86/crypto/morus1280-sse2-glue.c61
-rw-r--r--arch/x86/crypto/morus1280_glue.c205
-rw-r--r--arch/x86/crypto/morus640-sse2-asm.S612
-rw-r--r--arch/x86/crypto/morus640-sse2-glue.c61
-rw-r--r--arch/x86/crypto/morus640_glue.c200
-rw-r--r--crypto/Kconfig56
-rw-r--r--crypto/Makefile2
-rw-r--r--crypto/morus1280.c542
-rw-r--r--crypto/morus640.c533
-rw-r--r--crypto/testmgr.c12
-rw-r--r--crypto/testmgr.h1707
-rw-r--r--include/crypto/morus1280_glue.h97
-rw-r--r--include/crypto/morus640_glue.h97
-rw-r--r--include/crypto/morus_common.h18
18 files changed, 0 insertions, 5790 deletions
diff --git a/arch/x86/crypto/Makefile b/arch/x86/crypto/Makefile
index b96a14e67ab0..6f1d825fbb09 100644
--- a/arch/x86/crypto/Makefile
+++ b/arch/x86/crypto/Makefile
@@ -39,12 +39,6 @@ obj-$(CONFIG_CRYPTO_AEGIS128_AESNI_SSE2) += aegis128-aesni.o
39obj-$(CONFIG_CRYPTO_AEGIS128L_AESNI_SSE2) += aegis128l-aesni.o 39obj-$(CONFIG_CRYPTO_AEGIS128L_AESNI_SSE2) += aegis128l-aesni.o
40obj-$(CONFIG_CRYPTO_AEGIS256_AESNI_SSE2) += aegis256-aesni.o 40obj-$(CONFIG_CRYPTO_AEGIS256_AESNI_SSE2) += aegis256-aesni.o
41 41
42obj-$(CONFIG_CRYPTO_MORUS640_GLUE) += morus640_glue.o
43obj-$(CONFIG_CRYPTO_MORUS1280_GLUE) += morus1280_glue.o
44
45obj-$(CONFIG_CRYPTO_MORUS640_SSE2) += morus640-sse2.o
46obj-$(CONFIG_CRYPTO_MORUS1280_SSE2) += morus1280-sse2.o
47
48obj-$(CONFIG_CRYPTO_NHPOLY1305_SSE2) += nhpoly1305-sse2.o 42obj-$(CONFIG_CRYPTO_NHPOLY1305_SSE2) += nhpoly1305-sse2.o
49obj-$(CONFIG_CRYPTO_NHPOLY1305_AVX2) += nhpoly1305-avx2.o 43obj-$(CONFIG_CRYPTO_NHPOLY1305_AVX2) += nhpoly1305-avx2.o
50 44
@@ -62,8 +56,6 @@ endif
62ifeq ($(avx2_supported),yes) 56ifeq ($(avx2_supported),yes)
63 obj-$(CONFIG_CRYPTO_CAMELLIA_AESNI_AVX2_X86_64) += camellia-aesni-avx2.o 57 obj-$(CONFIG_CRYPTO_CAMELLIA_AESNI_AVX2_X86_64) += camellia-aesni-avx2.o
64 obj-$(CONFIG_CRYPTO_SERPENT_AVX2_X86_64) += serpent-avx2.o 58 obj-$(CONFIG_CRYPTO_SERPENT_AVX2_X86_64) += serpent-avx2.o
65
66 obj-$(CONFIG_CRYPTO_MORUS1280_AVX2) += morus1280-avx2.o
67endif 59endif
68 60
69twofish-i586-y := twofish-i586-asm_32.o twofish_glue.o 61twofish-i586-y := twofish-i586-asm_32.o twofish_glue.o
@@ -81,9 +73,6 @@ aegis128-aesni-y := aegis128-aesni-asm.o aegis128-aesni-glue.o
81aegis128l-aesni-y := aegis128l-aesni-asm.o aegis128l-aesni-glue.o 73aegis128l-aesni-y := aegis128l-aesni-asm.o aegis128l-aesni-glue.o
82aegis256-aesni-y := aegis256-aesni-asm.o aegis256-aesni-glue.o 74aegis256-aesni-y := aegis256-aesni-asm.o aegis256-aesni-glue.o
83 75
84morus640-sse2-y := morus640-sse2-asm.o morus640-sse2-glue.o
85morus1280-sse2-y := morus1280-sse2-asm.o morus1280-sse2-glue.o
86
87nhpoly1305-sse2-y := nh-sse2-x86_64.o nhpoly1305-sse2-glue.o 76nhpoly1305-sse2-y := nh-sse2-x86_64.o nhpoly1305-sse2-glue.o
88 77
89ifeq ($(avx_supported),yes) 78ifeq ($(avx_supported),yes)
@@ -102,8 +91,6 @@ ifeq ($(avx2_supported),yes)
102 chacha-x86_64-y += chacha-avx2-x86_64.o 91 chacha-x86_64-y += chacha-avx2-x86_64.o
103 serpent-avx2-y := serpent-avx2-asm_64.o serpent_avx2_glue.o 92 serpent-avx2-y := serpent-avx2-asm_64.o serpent_avx2_glue.o
104 93
105 morus1280-avx2-y := morus1280-avx2-asm.o morus1280-avx2-glue.o
106
107 nhpoly1305-avx2-y := nh-avx2-x86_64.o nhpoly1305-avx2-glue.o 94 nhpoly1305-avx2-y := nh-avx2-x86_64.o nhpoly1305-avx2-glue.o
108endif 95endif
109 96
diff --git a/arch/x86/crypto/morus1280-avx2-asm.S b/arch/x86/crypto/morus1280-avx2-asm.S
deleted file mode 100644
index 5413fee33481..000000000000
--- a/arch/x86/crypto/morus1280-avx2-asm.S
+++ /dev/null
@@ -1,619 +0,0 @@
1/* SPDX-License-Identifier: GPL-2.0-only */
2/*
3 * AVX2 implementation of MORUS-1280
4 *
5 * Copyright (c) 2017-2018 Ondrej Mosnacek <omosnacek@gmail.com>
6 * Copyright (C) 2017-2018 Red Hat, Inc. All rights reserved.
7 */
8
9#include <linux/linkage.h>
10#include <asm/frame.h>
11
12#define SHUFFLE_MASK(i0, i1, i2, i3) \
13 (i0 | (i1 << 2) | (i2 << 4) | (i3 << 6))
14
15#define MASK1 SHUFFLE_MASK(3, 0, 1, 2)
16#define MASK2 SHUFFLE_MASK(2, 3, 0, 1)
17#define MASK3 SHUFFLE_MASK(1, 2, 3, 0)
18
19#define STATE0 %ymm0
20#define STATE0_LOW %xmm0
21#define STATE1 %ymm1
22#define STATE2 %ymm2
23#define STATE3 %ymm3
24#define STATE4 %ymm4
25#define KEY %ymm5
26#define MSG %ymm5
27#define MSG_LOW %xmm5
28#define T0 %ymm6
29#define T0_LOW %xmm6
30#define T1 %ymm7
31
32.section .rodata.cst32.morus1280_const, "aM", @progbits, 32
33.align 32
34.Lmorus1280_const:
35 .byte 0x00, 0x01, 0x01, 0x02, 0x03, 0x05, 0x08, 0x0d
36 .byte 0x15, 0x22, 0x37, 0x59, 0x90, 0xe9, 0x79, 0x62
37 .byte 0xdb, 0x3d, 0x18, 0x55, 0x6d, 0xc2, 0x2f, 0xf1
38 .byte 0x20, 0x11, 0x31, 0x42, 0x73, 0xb5, 0x28, 0xdd
39
40.section .rodata.cst32.morus1280_counter, "aM", @progbits, 32
41.align 32
42.Lmorus1280_counter:
43 .byte 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07
44 .byte 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f
45 .byte 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17
46 .byte 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
47
48.text
49
50.macro morus1280_round s0, s1, s2, s3, s4, b, w
51 vpand \s1, \s2, T0
52 vpxor T0, \s0, \s0
53 vpxor \s3, \s0, \s0
54 vpsllq $\b, \s0, T0
55 vpsrlq $(64 - \b), \s0, \s0
56 vpxor T0, \s0, \s0
57 vpermq $\w, \s3, \s3
58.endm
59
60/*
61 * __morus1280_update: internal ABI
62 * input:
63 * STATE[0-4] - input state
64 * MSG - message block
65 * output:
66 * STATE[0-4] - output state
67 * changed:
68 * T0
69 */
70__morus1280_update:
71 morus1280_round STATE0, STATE1, STATE2, STATE3, STATE4, 13, MASK1
72 vpxor MSG, STATE1, STATE1
73 morus1280_round STATE1, STATE2, STATE3, STATE4, STATE0, 46, MASK2
74 vpxor MSG, STATE2, STATE2
75 morus1280_round STATE2, STATE3, STATE4, STATE0, STATE1, 38, MASK3
76 vpxor MSG, STATE3, STATE3
77 morus1280_round STATE3, STATE4, STATE0, STATE1, STATE2, 7, MASK2
78 vpxor MSG, STATE4, STATE4
79 morus1280_round STATE4, STATE0, STATE1, STATE2, STATE3, 4, MASK1
80 ret
81ENDPROC(__morus1280_update)
82
83/*
84 * __morus1280_update_zero: internal ABI
85 * input:
86 * STATE[0-4] - input state
87 * output:
88 * STATE[0-4] - output state
89 * changed:
90 * T0
91 */
92__morus1280_update_zero:
93 morus1280_round STATE0, STATE1, STATE2, STATE3, STATE4, 13, MASK1
94 morus1280_round STATE1, STATE2, STATE3, STATE4, STATE0, 46, MASK2
95 morus1280_round STATE2, STATE3, STATE4, STATE0, STATE1, 38, MASK3
96 morus1280_round STATE3, STATE4, STATE0, STATE1, STATE2, 7, MASK2
97 morus1280_round STATE4, STATE0, STATE1, STATE2, STATE3, 4, MASK1
98 ret
99ENDPROC(__morus1280_update_zero)
100
101/*
102 * __load_partial: internal ABI
103 * input:
104 * %rsi - src
105 * %rcx - bytes
106 * output:
107 * MSG - message block
108 * changed:
109 * %r8
110 * %r9
111 */
112__load_partial:
113 xor %r9d, %r9d
114 vpxor MSG, MSG, MSG
115
116 mov %rcx, %r8
117 and $0x1, %r8
118 jz .Lld_partial_1
119
120 mov %rcx, %r8
121 and $0x1E, %r8
122 add %rsi, %r8
123 mov (%r8), %r9b
124
125.Lld_partial_1:
126 mov %rcx, %r8
127 and $0x2, %r8
128 jz .Lld_partial_2
129
130 mov %rcx, %r8
131 and $0x1C, %r8
132 add %rsi, %r8
133 shl $16, %r9
134 mov (%r8), %r9w
135
136.Lld_partial_2:
137 mov %rcx, %r8
138 and $0x4, %r8
139 jz .Lld_partial_4
140
141 mov %rcx, %r8
142 and $0x18, %r8
143 add %rsi, %r8
144 shl $32, %r9
145 mov (%r8), %r8d
146 xor %r8, %r9
147
148.Lld_partial_4:
149 movq %r9, MSG_LOW
150
151 mov %rcx, %r8
152 and $0x8, %r8
153 jz .Lld_partial_8
154
155 mov %rcx, %r8
156 and $0x10, %r8
157 add %rsi, %r8
158 pshufd $MASK2, MSG_LOW, MSG_LOW
159 pinsrq $0, (%r8), MSG_LOW
160
161.Lld_partial_8:
162 mov %rcx, %r8
163 and $0x10, %r8
164 jz .Lld_partial_16
165
166 vpermq $MASK2, MSG, MSG
167 movdqu (%rsi), MSG_LOW
168
169.Lld_partial_16:
170 ret
171ENDPROC(__load_partial)
172
173/*
174 * __store_partial: internal ABI
175 * input:
176 * %rdx - dst
177 * %rcx - bytes
178 * output:
179 * T0 - message block
180 * changed:
181 * %r8
182 * %r9
183 * %r10
184 */
185__store_partial:
186 mov %rcx, %r8
187 mov %rdx, %r9
188
189 cmp $16, %r8
190 jl .Lst_partial_16
191
192 movdqu T0_LOW, (%r9)
193 vpermq $MASK2, T0, T0
194
195 sub $16, %r8
196 add $16, %r9
197
198.Lst_partial_16:
199 movq T0_LOW, %r10
200
201 cmp $8, %r8
202 jl .Lst_partial_8
203
204 mov %r10, (%r9)
205 pextrq $1, T0_LOW, %r10
206
207 sub $8, %r8
208 add $8, %r9
209
210.Lst_partial_8:
211 cmp $4, %r8
212 jl .Lst_partial_4
213
214 mov %r10d, (%r9)
215 shr $32, %r10
216
217 sub $4, %r8
218 add $4, %r9
219
220.Lst_partial_4:
221 cmp $2, %r8
222 jl .Lst_partial_2
223
224 mov %r10w, (%r9)
225 shr $16, %r10
226
227 sub $2, %r8
228 add $2, %r9
229
230.Lst_partial_2:
231 cmp $1, %r8
232 jl .Lst_partial_1
233
234 mov %r10b, (%r9)
235
236.Lst_partial_1:
237 ret
238ENDPROC(__store_partial)
239
240/*
241 * void crypto_morus1280_avx2_init(void *state, const void *key,
242 * const void *iv);
243 */
244ENTRY(crypto_morus1280_avx2_init)
245 FRAME_BEGIN
246
247 /* load IV: */
248 vpxor STATE0, STATE0, STATE0
249 movdqu (%rdx), STATE0_LOW
250 /* load key: */
251 vmovdqu (%rsi), KEY
252 vmovdqa KEY, STATE1
253 /* load all ones: */
254 vpcmpeqd STATE2, STATE2, STATE2
255 /* load all zeros: */
256 vpxor STATE3, STATE3, STATE3
257 /* load the constant: */
258 vmovdqa .Lmorus1280_const, STATE4
259
260 /* update 16 times with zero: */
261 call __morus1280_update_zero
262 call __morus1280_update_zero
263 call __morus1280_update_zero
264 call __morus1280_update_zero
265 call __morus1280_update_zero
266 call __morus1280_update_zero
267 call __morus1280_update_zero
268 call __morus1280_update_zero
269 call __morus1280_update_zero
270 call __morus1280_update_zero
271 call __morus1280_update_zero
272 call __morus1280_update_zero
273 call __morus1280_update_zero
274 call __morus1280_update_zero
275 call __morus1280_update_zero
276 call __morus1280_update_zero
277
278 /* xor-in the key again after updates: */
279 vpxor KEY, STATE1, STATE1
280
281 /* store the state: */
282 vmovdqu STATE0, (0 * 32)(%rdi)
283 vmovdqu STATE1, (1 * 32)(%rdi)
284 vmovdqu STATE2, (2 * 32)(%rdi)
285 vmovdqu STATE3, (3 * 32)(%rdi)
286 vmovdqu STATE4, (4 * 32)(%rdi)
287
288 FRAME_END
289 ret
290ENDPROC(crypto_morus1280_avx2_init)
291
292/*
293 * void crypto_morus1280_avx2_ad(void *state, const void *data,
294 * unsigned int length);
295 */
296ENTRY(crypto_morus1280_avx2_ad)
297 FRAME_BEGIN
298
299 cmp $32, %rdx
300 jb .Lad_out
301
302 /* load the state: */
303 vmovdqu (0 * 32)(%rdi), STATE0
304 vmovdqu (1 * 32)(%rdi), STATE1
305 vmovdqu (2 * 32)(%rdi), STATE2
306 vmovdqu (3 * 32)(%rdi), STATE3
307 vmovdqu (4 * 32)(%rdi), STATE4
308
309 mov %rsi, %r8
310 and $0x1F, %r8
311 jnz .Lad_u_loop
312
313.align 4
314.Lad_a_loop:
315 vmovdqa (%rsi), MSG
316 call __morus1280_update
317 sub $32, %rdx
318 add $32, %rsi
319 cmp $32, %rdx
320 jge .Lad_a_loop
321
322 jmp .Lad_cont
323.align 4
324.Lad_u_loop:
325 vmovdqu (%rsi), MSG
326 call __morus1280_update
327 sub $32, %rdx
328 add $32, %rsi
329 cmp $32, %rdx
330 jge .Lad_u_loop
331
332.Lad_cont:
333 /* store the state: */
334 vmovdqu STATE0, (0 * 32)(%rdi)
335 vmovdqu STATE1, (1 * 32)(%rdi)
336 vmovdqu STATE2, (2 * 32)(%rdi)
337 vmovdqu STATE3, (3 * 32)(%rdi)
338 vmovdqu STATE4, (4 * 32)(%rdi)
339
340.Lad_out:
341 FRAME_END
342 ret
343ENDPROC(crypto_morus1280_avx2_ad)
344
345/*
346 * void crypto_morus1280_avx2_enc(void *state, const void *src, void *dst,
347 * unsigned int length);
348 */
349ENTRY(crypto_morus1280_avx2_enc)
350 FRAME_BEGIN
351
352 cmp $32, %rcx
353 jb .Lenc_out
354
355 /* load the state: */
356 vmovdqu (0 * 32)(%rdi), STATE0
357 vmovdqu (1 * 32)(%rdi), STATE1
358 vmovdqu (2 * 32)(%rdi), STATE2
359 vmovdqu (3 * 32)(%rdi), STATE3
360 vmovdqu (4 * 32)(%rdi), STATE4
361
362 mov %rsi, %r8
363 or %rdx, %r8
364 and $0x1F, %r8
365 jnz .Lenc_u_loop
366
367.align 4
368.Lenc_a_loop:
369 vmovdqa (%rsi), MSG
370 vmovdqa MSG, T0
371 vpxor STATE0, T0, T0
372 vpermq $MASK3, STATE1, T1
373 vpxor T1, T0, T0
374 vpand STATE2, STATE3, T1
375 vpxor T1, T0, T0
376 vmovdqa T0, (%rdx)
377
378 call __morus1280_update
379 sub $32, %rcx
380 add $32, %rsi
381 add $32, %rdx
382 cmp $32, %rcx
383 jge .Lenc_a_loop
384
385 jmp .Lenc_cont
386.align 4
387.Lenc_u_loop:
388 vmovdqu (%rsi), MSG
389 vmovdqa MSG, T0
390 vpxor STATE0, T0, T0
391 vpermq $MASK3, STATE1, T1
392 vpxor T1, T0, T0
393 vpand STATE2, STATE3, T1
394 vpxor T1, T0, T0
395 vmovdqu T0, (%rdx)
396
397 call __morus1280_update
398 sub $32, %rcx
399 add $32, %rsi
400 add $32, %rdx
401 cmp $32, %rcx
402 jge .Lenc_u_loop
403
404.Lenc_cont:
405 /* store the state: */
406 vmovdqu STATE0, (0 * 32)(%rdi)
407 vmovdqu STATE1, (1 * 32)(%rdi)
408 vmovdqu STATE2, (2 * 32)(%rdi)
409 vmovdqu STATE3, (3 * 32)(%rdi)
410 vmovdqu STATE4, (4 * 32)(%rdi)
411
412.Lenc_out:
413 FRAME_END
414 ret
415ENDPROC(crypto_morus1280_avx2_enc)
416
417/*
418 * void crypto_morus1280_avx2_enc_tail(void *state, const void *src, void *dst,
419 * unsigned int length);
420 */
421ENTRY(crypto_morus1280_avx2_enc_tail)
422 FRAME_BEGIN
423
424 /* load the state: */
425 vmovdqu (0 * 32)(%rdi), STATE0
426 vmovdqu (1 * 32)(%rdi), STATE1
427 vmovdqu (2 * 32)(%rdi), STATE2
428 vmovdqu (3 * 32)(%rdi), STATE3
429 vmovdqu (4 * 32)(%rdi), STATE4
430
431 /* encrypt message: */
432 call __load_partial
433
434 vmovdqa MSG, T0
435 vpxor STATE0, T0, T0
436 vpermq $MASK3, STATE1, T1
437 vpxor T1, T0, T0
438 vpand STATE2, STATE3, T1
439 vpxor T1, T0, T0
440
441 call __store_partial
442
443 call __morus1280_update
444
445 /* store the state: */
446 vmovdqu STATE0, (0 * 32)(%rdi)
447 vmovdqu STATE1, (1 * 32)(%rdi)
448 vmovdqu STATE2, (2 * 32)(%rdi)
449 vmovdqu STATE3, (3 * 32)(%rdi)
450 vmovdqu STATE4, (4 * 32)(%rdi)
451
452 FRAME_END
453 ret
454ENDPROC(crypto_morus1280_avx2_enc_tail)
455
456/*
457 * void crypto_morus1280_avx2_dec(void *state, const void *src, void *dst,
458 * unsigned int length);
459 */
460ENTRY(crypto_morus1280_avx2_dec)
461 FRAME_BEGIN
462
463 cmp $32, %rcx
464 jb .Ldec_out
465
466 /* load the state: */
467 vmovdqu (0 * 32)(%rdi), STATE0
468 vmovdqu (1 * 32)(%rdi), STATE1
469 vmovdqu (2 * 32)(%rdi), STATE2
470 vmovdqu (3 * 32)(%rdi), STATE3
471 vmovdqu (4 * 32)(%rdi), STATE4
472
473 mov %rsi, %r8
474 or %rdx, %r8
475 and $0x1F, %r8
476 jnz .Ldec_u_loop
477
478.align 4
479.Ldec_a_loop:
480 vmovdqa (%rsi), MSG
481 vpxor STATE0, MSG, MSG
482 vpermq $MASK3, STATE1, T0
483 vpxor T0, MSG, MSG
484 vpand STATE2, STATE3, T0
485 vpxor T0, MSG, MSG
486 vmovdqa MSG, (%rdx)
487
488 call __morus1280_update
489 sub $32, %rcx
490 add $32, %rsi
491 add $32, %rdx
492 cmp $32, %rcx
493 jge .Ldec_a_loop
494
495 jmp .Ldec_cont
496.align 4
497.Ldec_u_loop:
498 vmovdqu (%rsi), MSG
499 vpxor STATE0, MSG, MSG
500 vpermq $MASK3, STATE1, T0
501 vpxor T0, MSG, MSG
502 vpand STATE2, STATE3, T0
503 vpxor T0, MSG, MSG
504 vmovdqu MSG, (%rdx)
505
506 call __morus1280_update
507 sub $32, %rcx
508 add $32, %rsi
509 add $32, %rdx
510 cmp $32, %rcx
511 jge .Ldec_u_loop
512
513.Ldec_cont:
514 /* store the state: */
515 vmovdqu STATE0, (0 * 32)(%rdi)
516 vmovdqu STATE1, (1 * 32)(%rdi)
517 vmovdqu STATE2, (2 * 32)(%rdi)
518 vmovdqu STATE3, (3 * 32)(%rdi)
519 vmovdqu STATE4, (4 * 32)(%rdi)
520
521.Ldec_out:
522 FRAME_END
523 ret
524ENDPROC(crypto_morus1280_avx2_dec)
525
526/*
527 * void crypto_morus1280_avx2_dec_tail(void *state, const void *src, void *dst,
528 * unsigned int length);
529 */
530ENTRY(crypto_morus1280_avx2_dec_tail)
531 FRAME_BEGIN
532
533 /* load the state: */
534 vmovdqu (0 * 32)(%rdi), STATE0
535 vmovdqu (1 * 32)(%rdi), STATE1
536 vmovdqu (2 * 32)(%rdi), STATE2
537 vmovdqu (3 * 32)(%rdi), STATE3
538 vmovdqu (4 * 32)(%rdi), STATE4
539
540 /* decrypt message: */
541 call __load_partial
542
543 vpxor STATE0, MSG, MSG
544 vpermq $MASK3, STATE1, T0
545 vpxor T0, MSG, MSG
546 vpand STATE2, STATE3, T0
547 vpxor T0, MSG, MSG
548 vmovdqa MSG, T0
549
550 call __store_partial
551
552 /* mask with byte count: */
553 movq %rcx, T0_LOW
554 vpbroadcastb T0_LOW, T0
555 vmovdqa .Lmorus1280_counter, T1
556 vpcmpgtb T1, T0, T0
557 vpand T0, MSG, MSG
558
559 call __morus1280_update
560
561 /* store the state: */
562 vmovdqu STATE0, (0 * 32)(%rdi)
563 vmovdqu STATE1, (1 * 32)(%rdi)
564 vmovdqu STATE2, (2 * 32)(%rdi)
565 vmovdqu STATE3, (3 * 32)(%rdi)
566 vmovdqu STATE4, (4 * 32)(%rdi)
567
568 FRAME_END
569 ret
570ENDPROC(crypto_morus1280_avx2_dec_tail)
571
572/*
573 * void crypto_morus1280_avx2_final(void *state, void *tag_xor,
574 * u64 assoclen, u64 cryptlen);
575 */
576ENTRY(crypto_morus1280_avx2_final)
577 FRAME_BEGIN
578
579 /* load the state: */
580 vmovdqu (0 * 32)(%rdi), STATE0
581 vmovdqu (1 * 32)(%rdi), STATE1
582 vmovdqu (2 * 32)(%rdi), STATE2
583 vmovdqu (3 * 32)(%rdi), STATE3
584 vmovdqu (4 * 32)(%rdi), STATE4
585
586 /* xor state[0] into state[4]: */
587 vpxor STATE0, STATE4, STATE4
588
589 /* prepare length block: */
590 vpxor MSG, MSG, MSG
591 vpinsrq $0, %rdx, MSG_LOW, MSG_LOW
592 vpinsrq $1, %rcx, MSG_LOW, MSG_LOW
593 vpsllq $3, MSG, MSG /* multiply by 8 (to get bit count) */
594
595 /* update state: */
596 call __morus1280_update
597 call __morus1280_update
598 call __morus1280_update
599 call __morus1280_update
600 call __morus1280_update
601 call __morus1280_update
602 call __morus1280_update
603 call __morus1280_update
604 call __morus1280_update
605 call __morus1280_update
606
607 /* xor tag: */
608 vmovdqu (%rsi), MSG
609
610 vpxor STATE0, MSG, MSG
611 vpermq $MASK3, STATE1, T0
612 vpxor T0, MSG, MSG
613 vpand STATE2, STATE3, T0
614 vpxor T0, MSG, MSG
615 vmovdqu MSG, (%rsi)
616
617 FRAME_END
618 ret
619ENDPROC(crypto_morus1280_avx2_final)
diff --git a/arch/x86/crypto/morus1280-avx2-glue.c b/arch/x86/crypto/morus1280-avx2-glue.c
deleted file mode 100644
index 2d000d66ba4c..000000000000
--- a/arch/x86/crypto/morus1280-avx2-glue.c
+++ /dev/null
@@ -1,62 +0,0 @@
1// SPDX-License-Identifier: GPL-2.0-or-later
2/*
3 * The MORUS-1280 Authenticated-Encryption Algorithm
4 * Glue for AVX2 implementation
5 *
6 * Copyright (c) 2016-2018 Ondrej Mosnacek <omosnacek@gmail.com>
7 * Copyright (C) 2017-2018 Red Hat, Inc. All rights reserved.
8 */
9
10#include <crypto/internal/aead.h>
11#include <crypto/internal/simd.h>
12#include <crypto/morus1280_glue.h>
13#include <linux/module.h>
14#include <asm/fpu/api.h>
15#include <asm/cpu_device_id.h>
16
17asmlinkage void crypto_morus1280_avx2_init(void *state, const void *key,
18 const void *iv);
19asmlinkage void crypto_morus1280_avx2_ad(void *state, const void *data,
20 unsigned int length);
21
22asmlinkage void crypto_morus1280_avx2_enc(void *state, const void *src,
23 void *dst, unsigned int length);
24asmlinkage void crypto_morus1280_avx2_dec(void *state, const void *src,
25 void *dst, unsigned int length);
26
27asmlinkage void crypto_morus1280_avx2_enc_tail(void *state, const void *src,
28 void *dst, unsigned int length);
29asmlinkage void crypto_morus1280_avx2_dec_tail(void *state, const void *src,
30 void *dst, unsigned int length);
31
32asmlinkage void crypto_morus1280_avx2_final(void *state, void *tag_xor,
33 u64 assoclen, u64 cryptlen);
34
35MORUS1280_DECLARE_ALG(avx2, "morus1280-avx2", 400);
36
37static struct simd_aead_alg *simd_alg;
38
39static int __init crypto_morus1280_avx2_module_init(void)
40{
41 if (!boot_cpu_has(X86_FEATURE_AVX2) ||
42 !boot_cpu_has(X86_FEATURE_OSXSAVE) ||
43 !cpu_has_xfeatures(XFEATURE_MASK_SSE | XFEATURE_MASK_YMM, NULL))
44 return -ENODEV;
45
46 return simd_register_aeads_compat(&crypto_morus1280_avx2_alg, 1,
47 &simd_alg);
48}
49
50static void __exit crypto_morus1280_avx2_module_exit(void)
51{
52 simd_unregister_aeads(&crypto_morus1280_avx2_alg, 1, &simd_alg);
53}
54
55module_init(crypto_morus1280_avx2_module_init);
56module_exit(crypto_morus1280_avx2_module_exit);
57
58MODULE_LICENSE("GPL");
59MODULE_AUTHOR("Ondrej Mosnacek <omosnacek@gmail.com>");
60MODULE_DESCRIPTION("MORUS-1280 AEAD algorithm -- AVX2 implementation");
61MODULE_ALIAS_CRYPTO("morus1280");
62MODULE_ALIAS_CRYPTO("morus1280-avx2");
diff --git a/arch/x86/crypto/morus1280-sse2-asm.S b/arch/x86/crypto/morus1280-sse2-asm.S
deleted file mode 100644
index 0eece772866b..000000000000
--- a/arch/x86/crypto/morus1280-sse2-asm.S
+++ /dev/null
@@ -1,893 +0,0 @@
1/* SPDX-License-Identifier: GPL-2.0-only */
2/*
3 * SSE2 implementation of MORUS-1280
4 *
5 * Copyright (c) 2017-2018 Ondrej Mosnacek <omosnacek@gmail.com>
6 * Copyright (C) 2017-2018 Red Hat, Inc. All rights reserved.
7 */
8
9#include <linux/linkage.h>
10#include <asm/frame.h>
11
12#define SHUFFLE_MASK(i0, i1, i2, i3) \
13 (i0 | (i1 << 2) | (i2 << 4) | (i3 << 6))
14
15#define MASK2 SHUFFLE_MASK(2, 3, 0, 1)
16
17#define STATE0_LO %xmm0
18#define STATE0_HI %xmm1
19#define STATE1_LO %xmm2
20#define STATE1_HI %xmm3
21#define STATE2_LO %xmm4
22#define STATE2_HI %xmm5
23#define STATE3_LO %xmm6
24#define STATE3_HI %xmm7
25#define STATE4_LO %xmm8
26#define STATE4_HI %xmm9
27#define KEY_LO %xmm10
28#define KEY_HI %xmm11
29#define MSG_LO %xmm10
30#define MSG_HI %xmm11
31#define T0_LO %xmm12
32#define T0_HI %xmm13
33#define T1_LO %xmm14
34#define T1_HI %xmm15
35
36.section .rodata.cst16.morus640_const, "aM", @progbits, 16
37.align 16
38.Lmorus640_const_0:
39 .byte 0x00, 0x01, 0x01, 0x02, 0x03, 0x05, 0x08, 0x0d
40 .byte 0x15, 0x22, 0x37, 0x59, 0x90, 0xe9, 0x79, 0x62
41.Lmorus640_const_1:
42 .byte 0xdb, 0x3d, 0x18, 0x55, 0x6d, 0xc2, 0x2f, 0xf1
43 .byte 0x20, 0x11, 0x31, 0x42, 0x73, 0xb5, 0x28, 0xdd
44
45.section .rodata.cst16.morus640_counter, "aM", @progbits, 16
46.align 16
47.Lmorus640_counter_0:
48 .byte 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07
49 .byte 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f
50.Lmorus640_counter_1:
51 .byte 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17
52 .byte 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
53
54.text
55
56.macro rol1 hi, lo
57 /*
58 * HI_1 | HI_0 || LO_1 | LO_0
59 * ==>
60 * HI_0 | HI_1 || LO_1 | LO_0
61 * ==>
62 * HI_0 | LO_1 || LO_0 | HI_1
63 */
64 pshufd $MASK2, \hi, \hi
65 movdqa \hi, T0_LO
66 punpcklqdq \lo, T0_LO
67 punpckhqdq \hi, \lo
68 movdqa \lo, \hi
69 movdqa T0_LO, \lo
70.endm
71
72.macro rol2 hi, lo
73 movdqa \lo, T0_LO
74 movdqa \hi, \lo
75 movdqa T0_LO, \hi
76.endm
77
78.macro rol3 hi, lo
79 /*
80 * HI_1 | HI_0 || LO_1 | LO_0
81 * ==>
82 * HI_0 | HI_1 || LO_1 | LO_0
83 * ==>
84 * LO_0 | HI_1 || HI_0 | LO_1
85 */
86 pshufd $MASK2, \hi, \hi
87 movdqa \lo, T0_LO
88 punpckhqdq \hi, T0_LO
89 punpcklqdq \lo, \hi
90 movdqa T0_LO, \lo
91.endm
92
93.macro morus1280_round s0_l, s0_h, s1_l, s1_h, s2_l, s2_h, s3_l, s3_h, s4_l, s4_h, b, w
94 movdqa \s1_l, T0_LO
95 pand \s2_l, T0_LO
96 pxor T0_LO, \s0_l
97
98 movdqa \s1_h, T0_LO
99 pand \s2_h, T0_LO
100 pxor T0_LO, \s0_h
101
102 pxor \s3_l, \s0_l
103 pxor \s3_h, \s0_h
104
105 movdqa \s0_l, T0_LO
106 psllq $\b, T0_LO
107 psrlq $(64 - \b), \s0_l
108 pxor T0_LO, \s0_l
109
110 movdqa \s0_h, T0_LO
111 psllq $\b, T0_LO
112 psrlq $(64 - \b), \s0_h
113 pxor T0_LO, \s0_h
114
115 \w \s3_h, \s3_l
116.endm
117
118/*
119 * __morus1280_update: internal ABI
120 * input:
121 * STATE[0-4] - input state
122 * MSG - message block
123 * output:
124 * STATE[0-4] - output state
125 * changed:
126 * T0
127 */
128__morus1280_update:
129 morus1280_round \
130 STATE0_LO, STATE0_HI, \
131 STATE1_LO, STATE1_HI, \
132 STATE2_LO, STATE2_HI, \
133 STATE3_LO, STATE3_HI, \
134 STATE4_LO, STATE4_HI, \
135 13, rol1
136 pxor MSG_LO, STATE1_LO
137 pxor MSG_HI, STATE1_HI
138 morus1280_round \
139 STATE1_LO, STATE1_HI, \
140 STATE2_LO, STATE2_HI, \
141 STATE3_LO, STATE3_HI, \
142 STATE4_LO, STATE4_HI, \
143 STATE0_LO, STATE0_HI, \
144 46, rol2
145 pxor MSG_LO, STATE2_LO
146 pxor MSG_HI, STATE2_HI
147 morus1280_round \
148 STATE2_LO, STATE2_HI, \
149 STATE3_LO, STATE3_HI, \
150 STATE4_LO, STATE4_HI, \
151 STATE0_LO, STATE0_HI, \
152 STATE1_LO, STATE1_HI, \
153 38, rol3
154 pxor MSG_LO, STATE3_LO
155 pxor MSG_HI, STATE3_HI
156 morus1280_round \
157 STATE3_LO, STATE3_HI, \
158 STATE4_LO, STATE4_HI, \
159 STATE0_LO, STATE0_HI, \
160 STATE1_LO, STATE1_HI, \
161 STATE2_LO, STATE2_HI, \
162 7, rol2
163 pxor MSG_LO, STATE4_LO
164 pxor MSG_HI, STATE4_HI
165 morus1280_round \
166 STATE4_LO, STATE4_HI, \
167 STATE0_LO, STATE0_HI, \
168 STATE1_LO, STATE1_HI, \
169 STATE2_LO, STATE2_HI, \
170 STATE3_LO, STATE3_HI, \
171 4, rol1
172 ret
173ENDPROC(__morus1280_update)
174
175/*
176 * __morus1280_update_zero: internal ABI
177 * input:
178 * STATE[0-4] - input state
179 * output:
180 * STATE[0-4] - output state
181 * changed:
182 * T0
183 */
184__morus1280_update_zero:
185 morus1280_round \
186 STATE0_LO, STATE0_HI, \
187 STATE1_LO, STATE1_HI, \
188 STATE2_LO, STATE2_HI, \
189 STATE3_LO, STATE3_HI, \
190 STATE4_LO, STATE4_HI, \
191 13, rol1
192 morus1280_round \
193 STATE1_LO, STATE1_HI, \
194 STATE2_LO, STATE2_HI, \
195 STATE3_LO, STATE3_HI, \
196 STATE4_LO, STATE4_HI, \
197 STATE0_LO, STATE0_HI, \
198 46, rol2
199 morus1280_round \
200 STATE2_LO, STATE2_HI, \
201 STATE3_LO, STATE3_HI, \
202 STATE4_LO, STATE4_HI, \
203 STATE0_LO, STATE0_HI, \
204 STATE1_LO, STATE1_HI, \
205 38, rol3
206 morus1280_round \
207 STATE3_LO, STATE3_HI, \
208 STATE4_LO, STATE4_HI, \
209 STATE0_LO, STATE0_HI, \
210 STATE1_LO, STATE1_HI, \
211 STATE2_LO, STATE2_HI, \
212 7, rol2
213 morus1280_round \
214 STATE4_LO, STATE4_HI, \
215 STATE0_LO, STATE0_HI, \
216 STATE1_LO, STATE1_HI, \
217 STATE2_LO, STATE2_HI, \
218 STATE3_LO, STATE3_HI, \
219 4, rol1
220 ret
221ENDPROC(__morus1280_update_zero)
222
223/*
224 * __load_partial: internal ABI
225 * input:
226 * %rsi - src
227 * %rcx - bytes
228 * output:
229 * MSG - message block
230 * changed:
231 * %r8
232 * %r9
233 */
234__load_partial:
235 xor %r9d, %r9d
236 pxor MSG_LO, MSG_LO
237 pxor MSG_HI, MSG_HI
238
239 mov %rcx, %r8
240 and $0x1, %r8
241 jz .Lld_partial_1
242
243 mov %rcx, %r8
244 and $0x1E, %r8
245 add %rsi, %r8
246 mov (%r8), %r9b
247
248.Lld_partial_1:
249 mov %rcx, %r8
250 and $0x2, %r8
251 jz .Lld_partial_2
252
253 mov %rcx, %r8
254 and $0x1C, %r8
255 add %rsi, %r8
256 shl $16, %r9
257 mov (%r8), %r9w
258
259.Lld_partial_2:
260 mov %rcx, %r8
261 and $0x4, %r8
262 jz .Lld_partial_4
263
264 mov %rcx, %r8
265 and $0x18, %r8
266 add %rsi, %r8
267 shl $32, %r9
268 mov (%r8), %r8d
269 xor %r8, %r9
270
271.Lld_partial_4:
272 movq %r9, MSG_LO
273
274 mov %rcx, %r8
275 and $0x8, %r8
276 jz .Lld_partial_8
277
278 mov %rcx, %r8
279 and $0x10, %r8
280 add %rsi, %r8
281 pslldq $8, MSG_LO
282 movq (%r8), T0_LO
283 pxor T0_LO, MSG_LO
284
285.Lld_partial_8:
286 mov %rcx, %r8
287 and $0x10, %r8
288 jz .Lld_partial_16
289
290 movdqa MSG_LO, MSG_HI
291 movdqu (%rsi), MSG_LO
292
293.Lld_partial_16:
294 ret
295ENDPROC(__load_partial)
296
297/*
298 * __store_partial: internal ABI
299 * input:
300 * %rdx - dst
301 * %rcx - bytes
302 * output:
303 * T0 - message block
304 * changed:
305 * %r8
306 * %r9
307 * %r10
308 */
309__store_partial:
310 mov %rcx, %r8
311 mov %rdx, %r9
312
313 cmp $16, %r8
314 jl .Lst_partial_16
315
316 movdqu T0_LO, (%r9)
317 movdqa T0_HI, T0_LO
318
319 sub $16, %r8
320 add $16, %r9
321
322.Lst_partial_16:
323 movq T0_LO, %r10
324
325 cmp $8, %r8
326 jl .Lst_partial_8
327
328 mov %r10, (%r9)
329 psrldq $8, T0_LO
330 movq T0_LO, %r10
331
332 sub $8, %r8
333 add $8, %r9
334
335.Lst_partial_8:
336 cmp $4, %r8
337 jl .Lst_partial_4
338
339 mov %r10d, (%r9)
340 shr $32, %r10
341
342 sub $4, %r8
343 add $4, %r9
344
345.Lst_partial_4:
346 cmp $2, %r8
347 jl .Lst_partial_2
348
349 mov %r10w, (%r9)
350 shr $16, %r10
351
352 sub $2, %r8
353 add $2, %r9
354
355.Lst_partial_2:
356 cmp $1, %r8
357 jl .Lst_partial_1
358
359 mov %r10b, (%r9)
360
361.Lst_partial_1:
362 ret
363ENDPROC(__store_partial)
364
365/*
366 * void crypto_morus1280_sse2_init(void *state, const void *key,
367 * const void *iv);
368 */
369ENTRY(crypto_morus1280_sse2_init)
370 FRAME_BEGIN
371
372 /* load IV: */
373 pxor STATE0_HI, STATE0_HI
374 movdqu (%rdx), STATE0_LO
375 /* load key: */
376 movdqu 0(%rsi), KEY_LO
377 movdqu 16(%rsi), KEY_HI
378 movdqa KEY_LO, STATE1_LO
379 movdqa KEY_HI, STATE1_HI
380 /* load all ones: */
381 pcmpeqd STATE2_LO, STATE2_LO
382 pcmpeqd STATE2_HI, STATE2_HI
383 /* load all zeros: */
384 pxor STATE3_LO, STATE3_LO
385 pxor STATE3_HI, STATE3_HI
386 /* load the constant: */
387 movdqa .Lmorus640_const_0, STATE4_LO
388 movdqa .Lmorus640_const_1, STATE4_HI
389
390 /* update 16 times with zero: */
391 call __morus1280_update_zero
392 call __morus1280_update_zero
393 call __morus1280_update_zero
394 call __morus1280_update_zero
395 call __morus1280_update_zero
396 call __morus1280_update_zero
397 call __morus1280_update_zero
398 call __morus1280_update_zero
399 call __morus1280_update_zero
400 call __morus1280_update_zero
401 call __morus1280_update_zero
402 call __morus1280_update_zero
403 call __morus1280_update_zero
404 call __morus1280_update_zero
405 call __morus1280_update_zero
406 call __morus1280_update_zero
407
408 /* xor-in the key again after updates: */
409 pxor KEY_LO, STATE1_LO
410 pxor KEY_HI, STATE1_HI
411
412 /* store the state: */
413 movdqu STATE0_LO, (0 * 16)(%rdi)
414 movdqu STATE0_HI, (1 * 16)(%rdi)
415 movdqu STATE1_LO, (2 * 16)(%rdi)
416 movdqu STATE1_HI, (3 * 16)(%rdi)
417 movdqu STATE2_LO, (4 * 16)(%rdi)
418 movdqu STATE2_HI, (5 * 16)(%rdi)
419 movdqu STATE3_LO, (6 * 16)(%rdi)
420 movdqu STATE3_HI, (7 * 16)(%rdi)
421 movdqu STATE4_LO, (8 * 16)(%rdi)
422 movdqu STATE4_HI, (9 * 16)(%rdi)
423
424 FRAME_END
425 ret
426ENDPROC(crypto_morus1280_sse2_init)
427
428/*
429 * void crypto_morus1280_sse2_ad(void *state, const void *data,
430 * unsigned int length);
431 */
432ENTRY(crypto_morus1280_sse2_ad)
433 FRAME_BEGIN
434
435 cmp $32, %rdx
436 jb .Lad_out
437
438 /* load the state: */
439 movdqu (0 * 16)(%rdi), STATE0_LO
440 movdqu (1 * 16)(%rdi), STATE0_HI
441 movdqu (2 * 16)(%rdi), STATE1_LO
442 movdqu (3 * 16)(%rdi), STATE1_HI
443 movdqu (4 * 16)(%rdi), STATE2_LO
444 movdqu (5 * 16)(%rdi), STATE2_HI
445 movdqu (6 * 16)(%rdi), STATE3_LO
446 movdqu (7 * 16)(%rdi), STATE3_HI
447 movdqu (8 * 16)(%rdi), STATE4_LO
448 movdqu (9 * 16)(%rdi), STATE4_HI
449
450 mov %rsi, %r8
451 and $0xF, %r8
452 jnz .Lad_u_loop
453
454.align 4
455.Lad_a_loop:
456 movdqa 0(%rsi), MSG_LO
457 movdqa 16(%rsi), MSG_HI
458 call __morus1280_update
459 sub $32, %rdx
460 add $32, %rsi
461 cmp $32, %rdx
462 jge .Lad_a_loop
463
464 jmp .Lad_cont
465.align 4
466.Lad_u_loop:
467 movdqu 0(%rsi), MSG_LO
468 movdqu 16(%rsi), MSG_HI
469 call __morus1280_update
470 sub $32, %rdx
471 add $32, %rsi
472 cmp $32, %rdx
473 jge .Lad_u_loop
474
475.Lad_cont:
476 /* store the state: */
477 movdqu STATE0_LO, (0 * 16)(%rdi)
478 movdqu STATE0_HI, (1 * 16)(%rdi)
479 movdqu STATE1_LO, (2 * 16)(%rdi)
480 movdqu STATE1_HI, (3 * 16)(%rdi)
481 movdqu STATE2_LO, (4 * 16)(%rdi)
482 movdqu STATE2_HI, (5 * 16)(%rdi)
483 movdqu STATE3_LO, (6 * 16)(%rdi)
484 movdqu STATE3_HI, (7 * 16)(%rdi)
485 movdqu STATE4_LO, (8 * 16)(%rdi)
486 movdqu STATE4_HI, (9 * 16)(%rdi)
487
488.Lad_out:
489 FRAME_END
490 ret
491ENDPROC(crypto_morus1280_sse2_ad)
492
493/*
494 * void crypto_morus1280_sse2_enc(void *state, const void *src, void *dst,
495 * unsigned int length);
496 */
497ENTRY(crypto_morus1280_sse2_enc)
498 FRAME_BEGIN
499
500 cmp $32, %rcx
501 jb .Lenc_out
502
503 /* load the state: */
504 movdqu (0 * 16)(%rdi), STATE0_LO
505 movdqu (1 * 16)(%rdi), STATE0_HI
506 movdqu (2 * 16)(%rdi), STATE1_LO
507 movdqu (3 * 16)(%rdi), STATE1_HI
508 movdqu (4 * 16)(%rdi), STATE2_LO
509 movdqu (5 * 16)(%rdi), STATE2_HI
510 movdqu (6 * 16)(%rdi), STATE3_LO
511 movdqu (7 * 16)(%rdi), STATE3_HI
512 movdqu (8 * 16)(%rdi), STATE4_LO
513 movdqu (9 * 16)(%rdi), STATE4_HI
514
515 mov %rsi, %r8
516 or %rdx, %r8
517 and $0xF, %r8
518 jnz .Lenc_u_loop
519
520.align 4
521.Lenc_a_loop:
522 movdqa 0(%rsi), MSG_LO
523 movdqa 16(%rsi), MSG_HI
524 movdqa STATE1_LO, T1_LO
525 movdqa STATE1_HI, T1_HI
526 rol3 T1_HI, T1_LO
527 movdqa MSG_LO, T0_LO
528 movdqa MSG_HI, T0_HI
529 pxor T1_LO, T0_LO
530 pxor T1_HI, T0_HI
531 pxor STATE0_LO, T0_LO
532 pxor STATE0_HI, T0_HI
533 movdqa STATE2_LO, T1_LO
534 movdqa STATE2_HI, T1_HI
535 pand STATE3_LO, T1_LO
536 pand STATE3_HI, T1_HI
537 pxor T1_LO, T0_LO
538 pxor T1_HI, T0_HI
539 movdqa T0_LO, 0(%rdx)
540 movdqa T0_HI, 16(%rdx)
541
542 call __morus1280_update
543 sub $32, %rcx
544 add $32, %rsi
545 add $32, %rdx
546 cmp $32, %rcx
547 jge .Lenc_a_loop
548
549 jmp .Lenc_cont
550.align 4
551.Lenc_u_loop:
552 movdqu 0(%rsi), MSG_LO
553 movdqu 16(%rsi), MSG_HI
554 movdqa STATE1_LO, T1_LO
555 movdqa STATE1_HI, T1_HI
556 rol3 T1_HI, T1_LO
557 movdqa MSG_LO, T0_LO
558 movdqa MSG_HI, T0_HI
559 pxor T1_LO, T0_LO
560 pxor T1_HI, T0_HI
561 pxor STATE0_LO, T0_LO
562 pxor STATE0_HI, T0_HI
563 movdqa STATE2_LO, T1_LO
564 movdqa STATE2_HI, T1_HI
565 pand STATE3_LO, T1_LO
566 pand STATE3_HI, T1_HI
567 pxor T1_LO, T0_LO
568 pxor T1_HI, T0_HI
569 movdqu T0_LO, 0(%rdx)
570 movdqu T0_HI, 16(%rdx)
571
572 call __morus1280_update
573 sub $32, %rcx
574 add $32, %rsi
575 add $32, %rdx
576 cmp $32, %rcx
577 jge .Lenc_u_loop
578
579.Lenc_cont:
580 /* store the state: */
581 movdqu STATE0_LO, (0 * 16)(%rdi)
582 movdqu STATE0_HI, (1 * 16)(%rdi)
583 movdqu STATE1_LO, (2 * 16)(%rdi)
584 movdqu STATE1_HI, (3 * 16)(%rdi)
585 movdqu STATE2_LO, (4 * 16)(%rdi)
586 movdqu STATE2_HI, (5 * 16)(%rdi)
587 movdqu STATE3_LO, (6 * 16)(%rdi)
588 movdqu STATE3_HI, (7 * 16)(%rdi)
589 movdqu STATE4_LO, (8 * 16)(%rdi)
590 movdqu STATE4_HI, (9 * 16)(%rdi)
591
592.Lenc_out:
593 FRAME_END
594 ret
595ENDPROC(crypto_morus1280_sse2_enc)
596
597/*
598 * void crypto_morus1280_sse2_enc_tail(void *state, const void *src, void *dst,
599 * unsigned int length);
600 */
601ENTRY(crypto_morus1280_sse2_enc_tail)
602 FRAME_BEGIN
603
604 /* load the state: */
605 movdqu (0 * 16)(%rdi), STATE0_LO
606 movdqu (1 * 16)(%rdi), STATE0_HI
607 movdqu (2 * 16)(%rdi), STATE1_LO
608 movdqu (3 * 16)(%rdi), STATE1_HI
609 movdqu (4 * 16)(%rdi), STATE2_LO
610 movdqu (5 * 16)(%rdi), STATE2_HI
611 movdqu (6 * 16)(%rdi), STATE3_LO
612 movdqu (7 * 16)(%rdi), STATE3_HI
613 movdqu (8 * 16)(%rdi), STATE4_LO
614 movdqu (9 * 16)(%rdi), STATE4_HI
615
616 /* encrypt message: */
617 call __load_partial
618
619 movdqa STATE1_LO, T1_LO
620 movdqa STATE1_HI, T1_HI
621 rol3 T1_HI, T1_LO
622 movdqa MSG_LO, T0_LO
623 movdqa MSG_HI, T0_HI
624 pxor T1_LO, T0_LO
625 pxor T1_HI, T0_HI
626 pxor STATE0_LO, T0_LO
627 pxor STATE0_HI, T0_HI
628 movdqa STATE2_LO, T1_LO
629 movdqa STATE2_HI, T1_HI
630 pand STATE3_LO, T1_LO
631 pand STATE3_HI, T1_HI
632 pxor T1_LO, T0_LO
633 pxor T1_HI, T0_HI
634
635 call __store_partial
636
637 call __morus1280_update
638
639 /* store the state: */
640 movdqu STATE0_LO, (0 * 16)(%rdi)
641 movdqu STATE0_HI, (1 * 16)(%rdi)
642 movdqu STATE1_LO, (2 * 16)(%rdi)
643 movdqu STATE1_HI, (3 * 16)(%rdi)
644 movdqu STATE2_LO, (4 * 16)(%rdi)
645 movdqu STATE2_HI, (5 * 16)(%rdi)
646 movdqu STATE3_LO, (6 * 16)(%rdi)
647 movdqu STATE3_HI, (7 * 16)(%rdi)
648 movdqu STATE4_LO, (8 * 16)(%rdi)
649 movdqu STATE4_HI, (9 * 16)(%rdi)
650
651 FRAME_END
652 ret
653ENDPROC(crypto_morus1280_sse2_enc_tail)
654
655/*
656 * void crypto_morus1280_sse2_dec(void *state, const void *src, void *dst,
657 * unsigned int length);
658 */
659ENTRY(crypto_morus1280_sse2_dec)
660 FRAME_BEGIN
661
662 cmp $32, %rcx
663 jb .Ldec_out
664
665 /* load the state: */
666 movdqu (0 * 16)(%rdi), STATE0_LO
667 movdqu (1 * 16)(%rdi), STATE0_HI
668 movdqu (2 * 16)(%rdi), STATE1_LO
669 movdqu (3 * 16)(%rdi), STATE1_HI
670 movdqu (4 * 16)(%rdi), STATE2_LO
671 movdqu (5 * 16)(%rdi), STATE2_HI
672 movdqu (6 * 16)(%rdi), STATE3_LO
673 movdqu (7 * 16)(%rdi), STATE3_HI
674 movdqu (8 * 16)(%rdi), STATE4_LO
675 movdqu (9 * 16)(%rdi), STATE4_HI
676
677 mov %rsi, %r8
678 or %rdx, %r8
679 and $0xF, %r8
680 jnz .Ldec_u_loop
681
682.align 4
683.Ldec_a_loop:
684 movdqa 0(%rsi), MSG_LO
685 movdqa 16(%rsi), MSG_HI
686 pxor STATE0_LO, MSG_LO
687 pxor STATE0_HI, MSG_HI
688 movdqa STATE1_LO, T1_LO
689 movdqa STATE1_HI, T1_HI
690 rol3 T1_HI, T1_LO
691 pxor T1_LO, MSG_LO
692 pxor T1_HI, MSG_HI
693 movdqa STATE2_LO, T1_LO
694 movdqa STATE2_HI, T1_HI
695 pand STATE3_LO, T1_LO
696 pand STATE3_HI, T1_HI
697 pxor T1_LO, MSG_LO
698 pxor T1_HI, MSG_HI
699 movdqa MSG_LO, 0(%rdx)
700 movdqa MSG_HI, 16(%rdx)
701
702 call __morus1280_update
703 sub $32, %rcx
704 add $32, %rsi
705 add $32, %rdx
706 cmp $32, %rcx
707 jge .Ldec_a_loop
708
709 jmp .Ldec_cont
710.align 4
711.Ldec_u_loop:
712 movdqu 0(%rsi), MSG_LO
713 movdqu 16(%rsi), MSG_HI
714 pxor STATE0_LO, MSG_LO
715 pxor STATE0_HI, MSG_HI
716 movdqa STATE1_LO, T1_LO
717 movdqa STATE1_HI, T1_HI
718 rol3 T1_HI, T1_LO
719 pxor T1_LO, MSG_LO
720 pxor T1_HI, MSG_HI
721 movdqa STATE2_LO, T1_LO
722 movdqa STATE2_HI, T1_HI
723 pand STATE3_LO, T1_LO
724 pand STATE3_HI, T1_HI
725 pxor T1_LO, MSG_LO
726 pxor T1_HI, MSG_HI
727 movdqu MSG_LO, 0(%rdx)
728 movdqu MSG_HI, 16(%rdx)
729
730 call __morus1280_update
731 sub $32, %rcx
732 add $32, %rsi
733 add $32, %rdx
734 cmp $32, %rcx
735 jge .Ldec_u_loop
736
737.Ldec_cont:
738 /* store the state: */
739 movdqu STATE0_LO, (0 * 16)(%rdi)
740 movdqu STATE0_HI, (1 * 16)(%rdi)
741 movdqu STATE1_LO, (2 * 16)(%rdi)
742 movdqu STATE1_HI, (3 * 16)(%rdi)
743 movdqu STATE2_LO, (4 * 16)(%rdi)
744 movdqu STATE2_HI, (5 * 16)(%rdi)
745 movdqu STATE3_LO, (6 * 16)(%rdi)
746 movdqu STATE3_HI, (7 * 16)(%rdi)
747 movdqu STATE4_LO, (8 * 16)(%rdi)
748 movdqu STATE4_HI, (9 * 16)(%rdi)
749
750.Ldec_out:
751 FRAME_END
752 ret
753ENDPROC(crypto_morus1280_sse2_dec)
754
755/*
756 * void crypto_morus1280_sse2_dec_tail(void *state, const void *src, void *dst,
757 * unsigned int length);
758 */
759ENTRY(crypto_morus1280_sse2_dec_tail)
760 FRAME_BEGIN
761
762 /* load the state: */
763 movdqu (0 * 16)(%rdi), STATE0_LO
764 movdqu (1 * 16)(%rdi), STATE0_HI
765 movdqu (2 * 16)(%rdi), STATE1_LO
766 movdqu (3 * 16)(%rdi), STATE1_HI
767 movdqu (4 * 16)(%rdi), STATE2_LO
768 movdqu (5 * 16)(%rdi), STATE2_HI
769 movdqu (6 * 16)(%rdi), STATE3_LO
770 movdqu (7 * 16)(%rdi), STATE3_HI
771 movdqu (8 * 16)(%rdi), STATE4_LO
772 movdqu (9 * 16)(%rdi), STATE4_HI
773
774 /* decrypt message: */
775 call __load_partial
776
777 pxor STATE0_LO, MSG_LO
778 pxor STATE0_HI, MSG_HI
779 movdqa STATE1_LO, T1_LO
780 movdqa STATE1_HI, T1_HI
781 rol3 T1_HI, T1_LO
782 pxor T1_LO, MSG_LO
783 pxor T1_HI, MSG_HI
784 movdqa STATE2_LO, T1_LO
785 movdqa STATE2_HI, T1_HI
786 pand STATE3_LO, T1_LO
787 pand STATE3_HI, T1_HI
788 pxor T1_LO, MSG_LO
789 pxor T1_HI, MSG_HI
790 movdqa MSG_LO, T0_LO
791 movdqa MSG_HI, T0_HI
792
793 call __store_partial
794
795 /* mask with byte count: */
796 movq %rcx, T0_LO
797 punpcklbw T0_LO, T0_LO
798 punpcklbw T0_LO, T0_LO
799 punpcklbw T0_LO, T0_LO
800 punpcklbw T0_LO, T0_LO
801 movdqa T0_LO, T0_HI
802 movdqa .Lmorus640_counter_0, T1_LO
803 movdqa .Lmorus640_counter_1, T1_HI
804 pcmpgtb T1_LO, T0_LO
805 pcmpgtb T1_HI, T0_HI
806 pand T0_LO, MSG_LO
807 pand T0_HI, MSG_HI
808
809 call __morus1280_update
810
811 /* store the state: */
812 movdqu STATE0_LO, (0 * 16)(%rdi)
813 movdqu STATE0_HI, (1 * 16)(%rdi)
814 movdqu STATE1_LO, (2 * 16)(%rdi)
815 movdqu STATE1_HI, (3 * 16)(%rdi)
816 movdqu STATE2_LO, (4 * 16)(%rdi)
817 movdqu STATE2_HI, (5 * 16)(%rdi)
818 movdqu STATE3_LO, (6 * 16)(%rdi)
819 movdqu STATE3_HI, (7 * 16)(%rdi)
820 movdqu STATE4_LO, (8 * 16)(%rdi)
821 movdqu STATE4_HI, (9 * 16)(%rdi)
822
823 FRAME_END
824 ret
825ENDPROC(crypto_morus1280_sse2_dec_tail)
826
827/*
828 * void crypto_morus1280_sse2_final(void *state, void *tag_xor,
829 * u64 assoclen, u64 cryptlen);
830 */
831ENTRY(crypto_morus1280_sse2_final)
832 FRAME_BEGIN
833
834 /* load the state: */
835 movdqu (0 * 16)(%rdi), STATE0_LO
836 movdqu (1 * 16)(%rdi), STATE0_HI
837 movdqu (2 * 16)(%rdi), STATE1_LO
838 movdqu (3 * 16)(%rdi), STATE1_HI
839 movdqu (4 * 16)(%rdi), STATE2_LO
840 movdqu (5 * 16)(%rdi), STATE2_HI
841 movdqu (6 * 16)(%rdi), STATE3_LO
842 movdqu (7 * 16)(%rdi), STATE3_HI
843 movdqu (8 * 16)(%rdi), STATE4_LO
844 movdqu (9 * 16)(%rdi), STATE4_HI
845
846 /* xor state[0] into state[4]: */
847 pxor STATE0_LO, STATE4_LO
848 pxor STATE0_HI, STATE4_HI
849
850 /* prepare length block: */
851 movq %rdx, MSG_LO
852 movq %rcx, T0_LO
853 pslldq $8, T0_LO
854 pxor T0_LO, MSG_LO
855 psllq $3, MSG_LO /* multiply by 8 (to get bit count) */
856 pxor MSG_HI, MSG_HI
857
858 /* update state: */
859 call __morus1280_update
860 call __morus1280_update
861 call __morus1280_update
862 call __morus1280_update
863 call __morus1280_update
864 call __morus1280_update
865 call __morus1280_update
866 call __morus1280_update
867 call __morus1280_update
868 call __morus1280_update
869
870 /* xor tag: */
871 movdqu 0(%rsi), MSG_LO
872 movdqu 16(%rsi), MSG_HI
873
874 pxor STATE0_LO, MSG_LO
875 pxor STATE0_HI, MSG_HI
876 movdqa STATE1_LO, T0_LO
877 movdqa STATE1_HI, T0_HI
878 rol3 T0_HI, T0_LO
879 pxor T0_LO, MSG_LO
880 pxor T0_HI, MSG_HI
881 movdqa STATE2_LO, T0_LO
882 movdqa STATE2_HI, T0_HI
883 pand STATE3_LO, T0_LO
884 pand STATE3_HI, T0_HI
885 pxor T0_LO, MSG_LO
886 pxor T0_HI, MSG_HI
887
888 movdqu MSG_LO, 0(%rsi)
889 movdqu MSG_HI, 16(%rsi)
890
891 FRAME_END
892 ret
893ENDPROC(crypto_morus1280_sse2_final)
diff --git a/arch/x86/crypto/morus1280-sse2-glue.c b/arch/x86/crypto/morus1280-sse2-glue.c
deleted file mode 100644
index aada9d774293..000000000000
--- a/arch/x86/crypto/morus1280-sse2-glue.c
+++ /dev/null
@@ -1,61 +0,0 @@
1// SPDX-License-Identifier: GPL-2.0-or-later
2/*
3 * The MORUS-1280 Authenticated-Encryption Algorithm
4 * Glue for SSE2 implementation
5 *
6 * Copyright (c) 2016-2018 Ondrej Mosnacek <omosnacek@gmail.com>
7 * Copyright (C) 2017-2018 Red Hat, Inc. All rights reserved.
8 */
9
10#include <crypto/internal/aead.h>
11#include <crypto/internal/simd.h>
12#include <crypto/morus1280_glue.h>
13#include <linux/module.h>
14#include <asm/fpu/api.h>
15#include <asm/cpu_device_id.h>
16
17asmlinkage void crypto_morus1280_sse2_init(void *state, const void *key,
18 const void *iv);
19asmlinkage void crypto_morus1280_sse2_ad(void *state, const void *data,
20 unsigned int length);
21
22asmlinkage void crypto_morus1280_sse2_enc(void *state, const void *src,
23 void *dst, unsigned int length);
24asmlinkage void crypto_morus1280_sse2_dec(void *state, const void *src,
25 void *dst, unsigned int length);
26
27asmlinkage void crypto_morus1280_sse2_enc_tail(void *state, const void *src,
28 void *dst, unsigned int length);
29asmlinkage void crypto_morus1280_sse2_dec_tail(void *state, const void *src,
30 void *dst, unsigned int length);
31
32asmlinkage void crypto_morus1280_sse2_final(void *state, void *tag_xor,
33 u64 assoclen, u64 cryptlen);
34
35MORUS1280_DECLARE_ALG(sse2, "morus1280-sse2", 350);
36
37static struct simd_aead_alg *simd_alg;
38
39static int __init crypto_morus1280_sse2_module_init(void)
40{
41 if (!boot_cpu_has(X86_FEATURE_XMM2) ||
42 !cpu_has_xfeatures(XFEATURE_MASK_SSE, NULL))
43 return -ENODEV;
44
45 return simd_register_aeads_compat(&crypto_morus1280_sse2_alg, 1,
46 &simd_alg);
47}
48
49static void __exit crypto_morus1280_sse2_module_exit(void)
50{
51 simd_unregister_aeads(&crypto_morus1280_sse2_alg, 1, &simd_alg);
52}
53
54module_init(crypto_morus1280_sse2_module_init);
55module_exit(crypto_morus1280_sse2_module_exit);
56
57MODULE_LICENSE("GPL");
58MODULE_AUTHOR("Ondrej Mosnacek <omosnacek@gmail.com>");
59MODULE_DESCRIPTION("MORUS-1280 AEAD algorithm -- SSE2 implementation");
60MODULE_ALIAS_CRYPTO("morus1280");
61MODULE_ALIAS_CRYPTO("morus1280-sse2");
diff --git a/arch/x86/crypto/morus1280_glue.c b/arch/x86/crypto/morus1280_glue.c
deleted file mode 100644
index ffbde8b22838..000000000000
--- a/arch/x86/crypto/morus1280_glue.c
+++ /dev/null
@@ -1,205 +0,0 @@
1// SPDX-License-Identifier: GPL-2.0-or-later
2/*
3 * The MORUS-1280 Authenticated-Encryption Algorithm
4 * Common x86 SIMD glue skeleton
5 *
6 * Copyright (c) 2016-2018 Ondrej Mosnacek <omosnacek@gmail.com>
7 * Copyright (C) 2017-2018 Red Hat, Inc. All rights reserved.
8 */
9
10#include <crypto/internal/aead.h>
11#include <crypto/internal/skcipher.h>
12#include <crypto/morus1280_glue.h>
13#include <crypto/scatterwalk.h>
14#include <linux/err.h>
15#include <linux/init.h>
16#include <linux/kernel.h>
17#include <linux/module.h>
18#include <linux/scatterlist.h>
19#include <asm/fpu/api.h>
20
21struct morus1280_state {
22 struct morus1280_block s[MORUS_STATE_BLOCKS];
23};
24
25struct morus1280_ops {
26 int (*skcipher_walk_init)(struct skcipher_walk *walk,
27 struct aead_request *req, bool atomic);
28
29 void (*crypt_blocks)(void *state, const void *src, void *dst,
30 unsigned int length);
31 void (*crypt_tail)(void *state, const void *src, void *dst,
32 unsigned int length);
33};
34
35static void crypto_morus1280_glue_process_ad(
36 struct morus1280_state *state,
37 const struct morus1280_glue_ops *ops,
38 struct scatterlist *sg_src, unsigned int assoclen)
39{
40 struct scatter_walk walk;
41 struct morus1280_block buf;
42 unsigned int pos = 0;
43
44 scatterwalk_start(&walk, sg_src);
45 while (assoclen != 0) {
46 unsigned int size = scatterwalk_clamp(&walk, assoclen);
47 unsigned int left = size;
48 void *mapped = scatterwalk_map(&walk);
49 const u8 *src = (const u8 *)mapped;
50
51 if (pos + size >= MORUS1280_BLOCK_SIZE) {
52 if (pos > 0) {
53 unsigned int fill = MORUS1280_BLOCK_SIZE - pos;
54 memcpy(buf.bytes + pos, src, fill);
55 ops->ad(state, buf.bytes, MORUS1280_BLOCK_SIZE);
56 pos = 0;
57 left -= fill;
58 src += fill;
59 }
60
61 ops->ad(state, src, left);
62 src += left & ~(MORUS1280_BLOCK_SIZE - 1);
63 left &= MORUS1280_BLOCK_SIZE - 1;
64 }
65
66 memcpy(buf.bytes + pos, src, left);
67
68 pos += left;
69 assoclen -= size;
70 scatterwalk_unmap(mapped);
71 scatterwalk_advance(&walk, size);
72 scatterwalk_done(&walk, 0, assoclen);
73 }
74
75 if (pos > 0) {
76 memset(buf.bytes + pos, 0, MORUS1280_BLOCK_SIZE - pos);
77 ops->ad(state, buf.bytes, MORUS1280_BLOCK_SIZE);
78 }
79}
80
81static void crypto_morus1280_glue_process_crypt(struct morus1280_state *state,
82 struct morus1280_ops ops,
83 struct skcipher_walk *walk)
84{
85 while (walk->nbytes >= MORUS1280_BLOCK_SIZE) {
86 ops.crypt_blocks(state, walk->src.virt.addr,
87 walk->dst.virt.addr,
88 round_down(walk->nbytes,
89 MORUS1280_BLOCK_SIZE));
90 skcipher_walk_done(walk, walk->nbytes % MORUS1280_BLOCK_SIZE);
91 }
92
93 if (walk->nbytes) {
94 ops.crypt_tail(state, walk->src.virt.addr, walk->dst.virt.addr,
95 walk->nbytes);
96 skcipher_walk_done(walk, 0);
97 }
98}
99
100int crypto_morus1280_glue_setkey(struct crypto_aead *aead, const u8 *key,
101 unsigned int keylen)
102{
103 struct morus1280_ctx *ctx = crypto_aead_ctx(aead);
104
105 if (keylen == MORUS1280_BLOCK_SIZE) {
106 memcpy(ctx->key.bytes, key, MORUS1280_BLOCK_SIZE);
107 } else if (keylen == MORUS1280_BLOCK_SIZE / 2) {
108 memcpy(ctx->key.bytes, key, keylen);
109 memcpy(ctx->key.bytes + keylen, key, keylen);
110 } else {
111 crypto_aead_set_flags(aead, CRYPTO_TFM_RES_BAD_KEY_LEN);
112 return -EINVAL;
113 }
114
115 return 0;
116}
117EXPORT_SYMBOL_GPL(crypto_morus1280_glue_setkey);
118
119int crypto_morus1280_glue_setauthsize(struct crypto_aead *tfm,
120 unsigned int authsize)
121{
122 return (authsize <= MORUS_MAX_AUTH_SIZE) ? 0 : -EINVAL;
123}
124EXPORT_SYMBOL_GPL(crypto_morus1280_glue_setauthsize);
125
126static void crypto_morus1280_glue_crypt(struct aead_request *req,
127 struct morus1280_ops ops,
128 unsigned int cryptlen,
129 struct morus1280_block *tag_xor)
130{
131 struct crypto_aead *tfm = crypto_aead_reqtfm(req);
132 struct morus1280_ctx *ctx = crypto_aead_ctx(tfm);
133 struct morus1280_state state;
134 struct skcipher_walk walk;
135
136 ops.skcipher_walk_init(&walk, req, true);
137
138 kernel_fpu_begin();
139
140 ctx->ops->init(&state, &ctx->key, req->iv);
141 crypto_morus1280_glue_process_ad(&state, ctx->ops, req->src, req->assoclen);
142 crypto_morus1280_glue_process_crypt(&state, ops, &walk);
143 ctx->ops->final(&state, tag_xor, req->assoclen, cryptlen);
144
145 kernel_fpu_end();
146}
147
148int crypto_morus1280_glue_encrypt(struct aead_request *req)
149{
150 struct crypto_aead *tfm = crypto_aead_reqtfm(req);
151 struct morus1280_ctx *ctx = crypto_aead_ctx(tfm);
152 struct morus1280_ops OPS = {
153 .skcipher_walk_init = skcipher_walk_aead_encrypt,
154 .crypt_blocks = ctx->ops->enc,
155 .crypt_tail = ctx->ops->enc_tail,
156 };
157
158 struct morus1280_block tag = {};
159 unsigned int authsize = crypto_aead_authsize(tfm);
160 unsigned int cryptlen = req->cryptlen;
161
162 crypto_morus1280_glue_crypt(req, OPS, cryptlen, &tag);
163
164 scatterwalk_map_and_copy(tag.bytes, req->dst,
165 req->assoclen + cryptlen, authsize, 1);
166 return 0;
167}
168EXPORT_SYMBOL_GPL(crypto_morus1280_glue_encrypt);
169
170int crypto_morus1280_glue_decrypt(struct aead_request *req)
171{
172 static const u8 zeros[MORUS1280_BLOCK_SIZE] = {};
173
174 struct crypto_aead *tfm = crypto_aead_reqtfm(req);
175 struct morus1280_ctx *ctx = crypto_aead_ctx(tfm);
176 struct morus1280_ops OPS = {
177 .skcipher_walk_init = skcipher_walk_aead_decrypt,
178 .crypt_blocks = ctx->ops->dec,
179 .crypt_tail = ctx->ops->dec_tail,
180 };
181
182 struct morus1280_block tag;
183 unsigned int authsize = crypto_aead_authsize(tfm);
184 unsigned int cryptlen = req->cryptlen - authsize;
185
186 scatterwalk_map_and_copy(tag.bytes, req->src,
187 req->assoclen + cryptlen, authsize, 0);
188
189 crypto_morus1280_glue_crypt(req, OPS, cryptlen, &tag);
190
191 return crypto_memneq(tag.bytes, zeros, authsize) ? -EBADMSG : 0;
192}
193EXPORT_SYMBOL_GPL(crypto_morus1280_glue_decrypt);
194
195void crypto_morus1280_glue_init_ops(struct crypto_aead *aead,
196 const struct morus1280_glue_ops *ops)
197{
198 struct morus1280_ctx *ctx = crypto_aead_ctx(aead);
199 ctx->ops = ops;
200}
201EXPORT_SYMBOL_GPL(crypto_morus1280_glue_init_ops);
202
203MODULE_LICENSE("GPL");
204MODULE_AUTHOR("Ondrej Mosnacek <omosnacek@gmail.com>");
205MODULE_DESCRIPTION("MORUS-1280 AEAD mode -- glue for x86 optimizations");
diff --git a/arch/x86/crypto/morus640-sse2-asm.S b/arch/x86/crypto/morus640-sse2-asm.S
deleted file mode 100644
index a60891101bbd..000000000000
--- a/arch/x86/crypto/morus640-sse2-asm.S
+++ /dev/null
@@ -1,612 +0,0 @@
1/* SPDX-License-Identifier: GPL-2.0-only */
2/*
3 * SSE2 implementation of MORUS-640
4 *
5 * Copyright (c) 2017-2018 Ondrej Mosnacek <omosnacek@gmail.com>
6 * Copyright (C) 2017-2018 Red Hat, Inc. All rights reserved.
7 */
8
9#include <linux/linkage.h>
10#include <asm/frame.h>
11
12#define SHUFFLE_MASK(i0, i1, i2, i3) \
13 (i0 | (i1 << 2) | (i2 << 4) | (i3 << 6))
14
15#define MASK1 SHUFFLE_MASK(3, 0, 1, 2)
16#define MASK2 SHUFFLE_MASK(2, 3, 0, 1)
17#define MASK3 SHUFFLE_MASK(1, 2, 3, 0)
18
19#define STATE0 %xmm0
20#define STATE1 %xmm1
21#define STATE2 %xmm2
22#define STATE3 %xmm3
23#define STATE4 %xmm4
24#define KEY %xmm5
25#define MSG %xmm5
26#define T0 %xmm6
27#define T1 %xmm7
28
29.section .rodata.cst16.morus640_const, "aM", @progbits, 32
30.align 16
31.Lmorus640_const_0:
32 .byte 0x00, 0x01, 0x01, 0x02, 0x03, 0x05, 0x08, 0x0d
33 .byte 0x15, 0x22, 0x37, 0x59, 0x90, 0xe9, 0x79, 0x62
34.Lmorus640_const_1:
35 .byte 0xdb, 0x3d, 0x18, 0x55, 0x6d, 0xc2, 0x2f, 0xf1
36 .byte 0x20, 0x11, 0x31, 0x42, 0x73, 0xb5, 0x28, 0xdd
37
38.section .rodata.cst16.morus640_counter, "aM", @progbits, 16
39.align 16
40.Lmorus640_counter:
41 .byte 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07
42 .byte 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f
43
44.text
45
46.macro morus640_round s0, s1, s2, s3, s4, b, w
47 movdqa \s1, T0
48 pand \s2, T0
49 pxor T0, \s0
50 pxor \s3, \s0
51 movdqa \s0, T0
52 pslld $\b, T0
53 psrld $(32 - \b), \s0
54 pxor T0, \s0
55 pshufd $\w, \s3, \s3
56.endm
57
58/*
59 * __morus640_update: internal ABI
60 * input:
61 * STATE[0-4] - input state
62 * MSG - message block
63 * output:
64 * STATE[0-4] - output state
65 * changed:
66 * T0
67 */
68__morus640_update:
69 morus640_round STATE0, STATE1, STATE2, STATE3, STATE4, 5, MASK1
70 pxor MSG, STATE1
71 morus640_round STATE1, STATE2, STATE3, STATE4, STATE0, 31, MASK2
72 pxor MSG, STATE2
73 morus640_round STATE2, STATE3, STATE4, STATE0, STATE1, 7, MASK3
74 pxor MSG, STATE3
75 morus640_round STATE3, STATE4, STATE0, STATE1, STATE2, 22, MASK2
76 pxor MSG, STATE4
77 morus640_round STATE4, STATE0, STATE1, STATE2, STATE3, 13, MASK1
78 ret
79ENDPROC(__morus640_update)
80
81
82/*
83 * __morus640_update_zero: internal ABI
84 * input:
85 * STATE[0-4] - input state
86 * output:
87 * STATE[0-4] - output state
88 * changed:
89 * T0
90 */
91__morus640_update_zero:
92 morus640_round STATE0, STATE1, STATE2, STATE3, STATE4, 5, MASK1
93 morus640_round STATE1, STATE2, STATE3, STATE4, STATE0, 31, MASK2
94 morus640_round STATE2, STATE3, STATE4, STATE0, STATE1, 7, MASK3
95 morus640_round STATE3, STATE4, STATE0, STATE1, STATE2, 22, MASK2
96 morus640_round STATE4, STATE0, STATE1, STATE2, STATE3, 13, MASK1
97 ret
98ENDPROC(__morus640_update_zero)
99
100/*
101 * __load_partial: internal ABI
102 * input:
103 * %rsi - src
104 * %rcx - bytes
105 * output:
106 * MSG - message block
107 * changed:
108 * T0
109 * %r8
110 * %r9
111 */
112__load_partial:
113 xor %r9d, %r9d
114 pxor MSG, MSG
115
116 mov %rcx, %r8
117 and $0x1, %r8
118 jz .Lld_partial_1
119
120 mov %rcx, %r8
121 and $0x1E, %r8
122 add %rsi, %r8
123 mov (%r8), %r9b
124
125.Lld_partial_1:
126 mov %rcx, %r8
127 and $0x2, %r8
128 jz .Lld_partial_2
129
130 mov %rcx, %r8
131 and $0x1C, %r8
132 add %rsi, %r8
133 shl $16, %r9
134 mov (%r8), %r9w
135
136.Lld_partial_2:
137 mov %rcx, %r8
138 and $0x4, %r8
139 jz .Lld_partial_4
140
141 mov %rcx, %r8
142 and $0x18, %r8
143 add %rsi, %r8
144 shl $32, %r9
145 mov (%r8), %r8d
146 xor %r8, %r9
147
148.Lld_partial_4:
149 movq %r9, MSG
150
151 mov %rcx, %r8
152 and $0x8, %r8
153 jz .Lld_partial_8
154
155 mov %rcx, %r8
156 and $0x10, %r8
157 add %rsi, %r8
158 pslldq $8, MSG
159 movq (%r8), T0
160 pxor T0, MSG
161
162.Lld_partial_8:
163 ret
164ENDPROC(__load_partial)
165
166/*
167 * __store_partial: internal ABI
168 * input:
169 * %rdx - dst
170 * %rcx - bytes
171 * output:
172 * T0 - message block
173 * changed:
174 * %r8
175 * %r9
176 * %r10
177 */
178__store_partial:
179 mov %rcx, %r8
180 mov %rdx, %r9
181
182 movq T0, %r10
183
184 cmp $8, %r8
185 jl .Lst_partial_8
186
187 mov %r10, (%r9)
188 psrldq $8, T0
189 movq T0, %r10
190
191 sub $8, %r8
192 add $8, %r9
193
194.Lst_partial_8:
195 cmp $4, %r8
196 jl .Lst_partial_4
197
198 mov %r10d, (%r9)
199 shr $32, %r10
200
201 sub $4, %r8
202 add $4, %r9
203
204.Lst_partial_4:
205 cmp $2, %r8
206 jl .Lst_partial_2
207
208 mov %r10w, (%r9)
209 shr $16, %r10
210
211 sub $2, %r8
212 add $2, %r9
213
214.Lst_partial_2:
215 cmp $1, %r8
216 jl .Lst_partial_1
217
218 mov %r10b, (%r9)
219
220.Lst_partial_1:
221 ret
222ENDPROC(__store_partial)
223
224/*
225 * void crypto_morus640_sse2_init(void *state, const void *key, const void *iv);
226 */
227ENTRY(crypto_morus640_sse2_init)
228 FRAME_BEGIN
229
230 /* load IV: */
231 movdqu (%rdx), STATE0
232 /* load key: */
233 movdqu (%rsi), KEY
234 movdqa KEY, STATE1
235 /* load all ones: */
236 pcmpeqd STATE2, STATE2
237 /* load the constants: */
238 movdqa .Lmorus640_const_0, STATE3
239 movdqa .Lmorus640_const_1, STATE4
240
241 /* update 16 times with zero: */
242 call __morus640_update_zero
243 call __morus640_update_zero
244 call __morus640_update_zero
245 call __morus640_update_zero
246 call __morus640_update_zero
247 call __morus640_update_zero
248 call __morus640_update_zero
249 call __morus640_update_zero
250 call __morus640_update_zero
251 call __morus640_update_zero
252 call __morus640_update_zero
253 call __morus640_update_zero
254 call __morus640_update_zero
255 call __morus640_update_zero
256 call __morus640_update_zero
257 call __morus640_update_zero
258
259 /* xor-in the key again after updates: */
260 pxor KEY, STATE1
261
262 /* store the state: */
263 movdqu STATE0, (0 * 16)(%rdi)
264 movdqu STATE1, (1 * 16)(%rdi)
265 movdqu STATE2, (2 * 16)(%rdi)
266 movdqu STATE3, (3 * 16)(%rdi)
267 movdqu STATE4, (4 * 16)(%rdi)
268
269 FRAME_END
270 ret
271ENDPROC(crypto_morus640_sse2_init)
272
273/*
274 * void crypto_morus640_sse2_ad(void *state, const void *data,
275 * unsigned int length);
276 */
277ENTRY(crypto_morus640_sse2_ad)
278 FRAME_BEGIN
279
280 cmp $16, %rdx
281 jb .Lad_out
282
283 /* load the state: */
284 movdqu (0 * 16)(%rdi), STATE0
285 movdqu (1 * 16)(%rdi), STATE1
286 movdqu (2 * 16)(%rdi), STATE2
287 movdqu (3 * 16)(%rdi), STATE3
288 movdqu (4 * 16)(%rdi), STATE4
289
290 mov %rsi, %r8
291 and $0xF, %r8
292 jnz .Lad_u_loop
293
294.align 4
295.Lad_a_loop:
296 movdqa (%rsi), MSG
297 call __morus640_update
298 sub $16, %rdx
299 add $16, %rsi
300 cmp $16, %rdx
301 jge .Lad_a_loop
302
303 jmp .Lad_cont
304.align 4
305.Lad_u_loop:
306 movdqu (%rsi), MSG
307 call __morus640_update
308 sub $16, %rdx
309 add $16, %rsi
310 cmp $16, %rdx
311 jge .Lad_u_loop
312
313.Lad_cont:
314 /* store the state: */
315 movdqu STATE0, (0 * 16)(%rdi)
316 movdqu STATE1, (1 * 16)(%rdi)
317 movdqu STATE2, (2 * 16)(%rdi)
318 movdqu STATE3, (3 * 16)(%rdi)
319 movdqu STATE4, (4 * 16)(%rdi)
320
321.Lad_out:
322 FRAME_END
323 ret
324ENDPROC(crypto_morus640_sse2_ad)
325
326/*
327 * void crypto_morus640_sse2_enc(void *state, const void *src, void *dst,
328 * unsigned int length);
329 */
330ENTRY(crypto_morus640_sse2_enc)
331 FRAME_BEGIN
332
333 cmp $16, %rcx
334 jb .Lenc_out
335
336 /* load the state: */
337 movdqu (0 * 16)(%rdi), STATE0
338 movdqu (1 * 16)(%rdi), STATE1
339 movdqu (2 * 16)(%rdi), STATE2
340 movdqu (3 * 16)(%rdi), STATE3
341 movdqu (4 * 16)(%rdi), STATE4
342
343 mov %rsi, %r8
344 or %rdx, %r8
345 and $0xF, %r8
346 jnz .Lenc_u_loop
347
348.align 4
349.Lenc_a_loop:
350 movdqa (%rsi), MSG
351 movdqa MSG, T0
352 pxor STATE0, T0
353 pshufd $MASK3, STATE1, T1
354 pxor T1, T0
355 movdqa STATE2, T1
356 pand STATE3, T1
357 pxor T1, T0
358 movdqa T0, (%rdx)
359
360 call __morus640_update
361 sub $16, %rcx
362 add $16, %rsi
363 add $16, %rdx
364 cmp $16, %rcx
365 jge .Lenc_a_loop
366
367 jmp .Lenc_cont
368.align 4
369.Lenc_u_loop:
370 movdqu (%rsi), MSG
371 movdqa MSG, T0
372 pxor STATE0, T0
373 pshufd $MASK3, STATE1, T1
374 pxor T1, T0
375 movdqa STATE2, T1
376 pand STATE3, T1
377 pxor T1, T0
378 movdqu T0, (%rdx)
379
380 call __morus640_update
381 sub $16, %rcx
382 add $16, %rsi
383 add $16, %rdx
384 cmp $16, %rcx
385 jge .Lenc_u_loop
386
387.Lenc_cont:
388 /* store the state: */
389 movdqu STATE0, (0 * 16)(%rdi)
390 movdqu STATE1, (1 * 16)(%rdi)
391 movdqu STATE2, (2 * 16)(%rdi)
392 movdqu STATE3, (3 * 16)(%rdi)
393 movdqu STATE4, (4 * 16)(%rdi)
394
395.Lenc_out:
396 FRAME_END
397 ret
398ENDPROC(crypto_morus640_sse2_enc)
399
400/*
401 * void crypto_morus640_sse2_enc_tail(void *state, const void *src, void *dst,
402 * unsigned int length);
403 */
404ENTRY(crypto_morus640_sse2_enc_tail)
405 FRAME_BEGIN
406
407 /* load the state: */
408 movdqu (0 * 16)(%rdi), STATE0
409 movdqu (1 * 16)(%rdi), STATE1
410 movdqu (2 * 16)(%rdi), STATE2
411 movdqu (3 * 16)(%rdi), STATE3
412 movdqu (4 * 16)(%rdi), STATE4
413
414 /* encrypt message: */
415 call __load_partial
416
417 movdqa MSG, T0
418 pxor STATE0, T0
419 pshufd $MASK3, STATE1, T1
420 pxor T1, T0
421 movdqa STATE2, T1
422 pand STATE3, T1
423 pxor T1, T0
424
425 call __store_partial
426
427 call __morus640_update
428
429 /* store the state: */
430 movdqu STATE0, (0 * 16)(%rdi)
431 movdqu STATE1, (1 * 16)(%rdi)
432 movdqu STATE2, (2 * 16)(%rdi)
433 movdqu STATE3, (3 * 16)(%rdi)
434 movdqu STATE4, (4 * 16)(%rdi)
435
436 FRAME_END
437 ret
438ENDPROC(crypto_morus640_sse2_enc_tail)
439
440/*
441 * void crypto_morus640_sse2_dec(void *state, const void *src, void *dst,
442 * unsigned int length);
443 */
444ENTRY(crypto_morus640_sse2_dec)
445 FRAME_BEGIN
446
447 cmp $16, %rcx
448 jb .Ldec_out
449
450 /* load the state: */
451 movdqu (0 * 16)(%rdi), STATE0
452 movdqu (1 * 16)(%rdi), STATE1
453 movdqu (2 * 16)(%rdi), STATE2
454 movdqu (3 * 16)(%rdi), STATE3
455 movdqu (4 * 16)(%rdi), STATE4
456
457 mov %rsi, %r8
458 or %rdx, %r8
459 and $0xF, %r8
460 jnz .Ldec_u_loop
461
462.align 4
463.Ldec_a_loop:
464 movdqa (%rsi), MSG
465 pxor STATE0, MSG
466 pshufd $MASK3, STATE1, T0
467 pxor T0, MSG
468 movdqa STATE2, T0
469 pand STATE3, T0
470 pxor T0, MSG
471 movdqa MSG, (%rdx)
472
473 call __morus640_update
474 sub $16, %rcx
475 add $16, %rsi
476 add $16, %rdx
477 cmp $16, %rcx
478 jge .Ldec_a_loop
479
480 jmp .Ldec_cont
481.align 4
482.Ldec_u_loop:
483 movdqu (%rsi), MSG
484 pxor STATE0, MSG
485 pshufd $MASK3, STATE1, T0
486 pxor T0, MSG
487 movdqa STATE2, T0
488 pand STATE3, T0
489 pxor T0, MSG
490 movdqu MSG, (%rdx)
491
492 call __morus640_update
493 sub $16, %rcx
494 add $16, %rsi
495 add $16, %rdx
496 cmp $16, %rcx
497 jge .Ldec_u_loop
498
499.Ldec_cont:
500 /* store the state: */
501 movdqu STATE0, (0 * 16)(%rdi)
502 movdqu STATE1, (1 * 16)(%rdi)
503 movdqu STATE2, (2 * 16)(%rdi)
504 movdqu STATE3, (3 * 16)(%rdi)
505 movdqu STATE4, (4 * 16)(%rdi)
506
507.Ldec_out:
508 FRAME_END
509 ret
510ENDPROC(crypto_morus640_sse2_dec)
511
512/*
513 * void crypto_morus640_sse2_dec_tail(void *state, const void *src, void *dst,
514 * unsigned int length);
515 */
516ENTRY(crypto_morus640_sse2_dec_tail)
517 FRAME_BEGIN
518
519 /* load the state: */
520 movdqu (0 * 16)(%rdi), STATE0
521 movdqu (1 * 16)(%rdi), STATE1
522 movdqu (2 * 16)(%rdi), STATE2
523 movdqu (3 * 16)(%rdi), STATE3
524 movdqu (4 * 16)(%rdi), STATE4
525
526 /* decrypt message: */
527 call __load_partial
528
529 pxor STATE0, MSG
530 pshufd $MASK3, STATE1, T0
531 pxor T0, MSG
532 movdqa STATE2, T0
533 pand STATE3, T0
534 pxor T0, MSG
535 movdqa MSG, T0
536
537 call __store_partial
538
539 /* mask with byte count: */
540 movq %rcx, T0
541 punpcklbw T0, T0
542 punpcklbw T0, T0
543 punpcklbw T0, T0
544 punpcklbw T0, T0
545 movdqa .Lmorus640_counter, T1
546 pcmpgtb T1, T0
547 pand T0, MSG
548
549 call __morus640_update
550
551 /* store the state: */
552 movdqu STATE0, (0 * 16)(%rdi)
553 movdqu STATE1, (1 * 16)(%rdi)
554 movdqu STATE2, (2 * 16)(%rdi)
555 movdqu STATE3, (3 * 16)(%rdi)
556 movdqu STATE4, (4 * 16)(%rdi)
557
558 FRAME_END
559 ret
560ENDPROC(crypto_morus640_sse2_dec_tail)
561
562/*
563 * void crypto_morus640_sse2_final(void *state, void *tag_xor,
564 * u64 assoclen, u64 cryptlen);
565 */
566ENTRY(crypto_morus640_sse2_final)
567 FRAME_BEGIN
568
569 /* load the state: */
570 movdqu (0 * 16)(%rdi), STATE0
571 movdqu (1 * 16)(%rdi), STATE1
572 movdqu (2 * 16)(%rdi), STATE2
573 movdqu (3 * 16)(%rdi), STATE3
574 movdqu (4 * 16)(%rdi), STATE4
575
576 /* xor state[0] into state[4]: */
577 pxor STATE0, STATE4
578
579 /* prepare length block: */
580 movq %rdx, MSG
581 movq %rcx, T0
582 pslldq $8, T0
583 pxor T0, MSG
584 psllq $3, MSG /* multiply by 8 (to get bit count) */
585
586 /* update state: */
587 call __morus640_update
588 call __morus640_update
589 call __morus640_update
590 call __morus640_update
591 call __morus640_update
592 call __morus640_update
593 call __morus640_update
594 call __morus640_update
595 call __morus640_update
596 call __morus640_update
597
598 /* xor tag: */
599 movdqu (%rsi), MSG
600
601 pxor STATE0, MSG
602 pshufd $MASK3, STATE1, T0
603 pxor T0, MSG
604 movdqa STATE2, T0
605 pand STATE3, T0
606 pxor T0, MSG
607
608 movdqu MSG, (%rsi)
609
610 FRAME_END
611 ret
612ENDPROC(crypto_morus640_sse2_final)
diff --git a/arch/x86/crypto/morus640-sse2-glue.c b/arch/x86/crypto/morus640-sse2-glue.c
deleted file mode 100644
index 8ef68134aef4..000000000000
--- a/arch/x86/crypto/morus640-sse2-glue.c
+++ /dev/null
@@ -1,61 +0,0 @@
1// SPDX-License-Identifier: GPL-2.0-or-later
2/*
3 * The MORUS-640 Authenticated-Encryption Algorithm
4 * Glue for SSE2 implementation
5 *
6 * Copyright (c) 2016-2018 Ondrej Mosnacek <omosnacek@gmail.com>
7 * Copyright (C) 2017-2018 Red Hat, Inc. All rights reserved.
8 */
9
10#include <crypto/internal/aead.h>
11#include <crypto/internal/simd.h>
12#include <crypto/morus640_glue.h>
13#include <linux/module.h>
14#include <asm/fpu/api.h>
15#include <asm/cpu_device_id.h>
16
17asmlinkage void crypto_morus640_sse2_init(void *state, const void *key,
18 const void *iv);
19asmlinkage void crypto_morus640_sse2_ad(void *state, const void *data,
20 unsigned int length);
21
22asmlinkage void crypto_morus640_sse2_enc(void *state, const void *src,
23 void *dst, unsigned int length);
24asmlinkage void crypto_morus640_sse2_dec(void *state, const void *src,
25 void *dst, unsigned int length);
26
27asmlinkage void crypto_morus640_sse2_enc_tail(void *state, const void *src,
28 void *dst, unsigned int length);
29asmlinkage void crypto_morus640_sse2_dec_tail(void *state, const void *src,
30 void *dst, unsigned int length);
31
32asmlinkage void crypto_morus640_sse2_final(void *state, void *tag_xor,
33 u64 assoclen, u64 cryptlen);
34
35MORUS640_DECLARE_ALG(sse2, "morus640-sse2", 400);
36
37static struct simd_aead_alg *simd_alg;
38
39static int __init crypto_morus640_sse2_module_init(void)
40{
41 if (!boot_cpu_has(X86_FEATURE_XMM2) ||
42 !cpu_has_xfeatures(XFEATURE_MASK_SSE, NULL))
43 return -ENODEV;
44
45 return simd_register_aeads_compat(&crypto_morus640_sse2_alg, 1,
46 &simd_alg);
47}
48
49static void __exit crypto_morus640_sse2_module_exit(void)
50{
51 simd_unregister_aeads(&crypto_morus640_sse2_alg, 1, &simd_alg);
52}
53
54module_init(crypto_morus640_sse2_module_init);
55module_exit(crypto_morus640_sse2_module_exit);
56
57MODULE_LICENSE("GPL");
58MODULE_AUTHOR("Ondrej Mosnacek <omosnacek@gmail.com>");
59MODULE_DESCRIPTION("MORUS-640 AEAD algorithm -- SSE2 implementation");
60MODULE_ALIAS_CRYPTO("morus640");
61MODULE_ALIAS_CRYPTO("morus640-sse2");
diff --git a/arch/x86/crypto/morus640_glue.c b/arch/x86/crypto/morus640_glue.c
deleted file mode 100644
index d8b5fd6cef29..000000000000
--- a/arch/x86/crypto/morus640_glue.c
+++ /dev/null
@@ -1,200 +0,0 @@
1// SPDX-License-Identifier: GPL-2.0-or-later
2/*
3 * The MORUS-640 Authenticated-Encryption Algorithm
4 * Common x86 SIMD glue skeleton
5 *
6 * Copyright (c) 2016-2018 Ondrej Mosnacek <omosnacek@gmail.com>
7 * Copyright (C) 2017-2018 Red Hat, Inc. All rights reserved.
8 */
9
10#include <crypto/internal/aead.h>
11#include <crypto/internal/skcipher.h>
12#include <crypto/morus640_glue.h>
13#include <crypto/scatterwalk.h>
14#include <linux/err.h>
15#include <linux/init.h>
16#include <linux/kernel.h>
17#include <linux/module.h>
18#include <linux/scatterlist.h>
19#include <asm/fpu/api.h>
20
21struct morus640_state {
22 struct morus640_block s[MORUS_STATE_BLOCKS];
23};
24
25struct morus640_ops {
26 int (*skcipher_walk_init)(struct skcipher_walk *walk,
27 struct aead_request *req, bool atomic);
28
29 void (*crypt_blocks)(void *state, const void *src, void *dst,
30 unsigned int length);
31 void (*crypt_tail)(void *state, const void *src, void *dst,
32 unsigned int length);
33};
34
35static void crypto_morus640_glue_process_ad(
36 struct morus640_state *state,
37 const struct morus640_glue_ops *ops,
38 struct scatterlist *sg_src, unsigned int assoclen)
39{
40 struct scatter_walk walk;
41 struct morus640_block buf;
42 unsigned int pos = 0;
43
44 scatterwalk_start(&walk, sg_src);
45 while (assoclen != 0) {
46 unsigned int size = scatterwalk_clamp(&walk, assoclen);
47 unsigned int left = size;
48 void *mapped = scatterwalk_map(&walk);
49 const u8 *src = (const u8 *)mapped;
50
51 if (pos + size >= MORUS640_BLOCK_SIZE) {
52 if (pos > 0) {
53 unsigned int fill = MORUS640_BLOCK_SIZE - pos;
54 memcpy(buf.bytes + pos, src, fill);
55 ops->ad(state, buf.bytes, MORUS640_BLOCK_SIZE);
56 pos = 0;
57 left -= fill;
58 src += fill;
59 }
60
61 ops->ad(state, src, left);
62 src += left & ~(MORUS640_BLOCK_SIZE - 1);
63 left &= MORUS640_BLOCK_SIZE - 1;
64 }
65
66 memcpy(buf.bytes + pos, src, left);
67
68 pos += left;
69 assoclen -= size;
70 scatterwalk_unmap(mapped);
71 scatterwalk_advance(&walk, size);
72 scatterwalk_done(&walk, 0, assoclen);
73 }
74
75 if (pos > 0) {
76 memset(buf.bytes + pos, 0, MORUS640_BLOCK_SIZE - pos);
77 ops->ad(state, buf.bytes, MORUS640_BLOCK_SIZE);
78 }
79}
80
81static void crypto_morus640_glue_process_crypt(struct morus640_state *state,
82 struct morus640_ops ops,
83 struct skcipher_walk *walk)
84{
85 while (walk->nbytes >= MORUS640_BLOCK_SIZE) {
86 ops.crypt_blocks(state, walk->src.virt.addr,
87 walk->dst.virt.addr,
88 round_down(walk->nbytes, MORUS640_BLOCK_SIZE));
89 skcipher_walk_done(walk, walk->nbytes % MORUS640_BLOCK_SIZE);
90 }
91
92 if (walk->nbytes) {
93 ops.crypt_tail(state, walk->src.virt.addr, walk->dst.virt.addr,
94 walk->nbytes);
95 skcipher_walk_done(walk, 0);
96 }
97}
98
99int crypto_morus640_glue_setkey(struct crypto_aead *aead, const u8 *key,
100 unsigned int keylen)
101{
102 struct morus640_ctx *ctx = crypto_aead_ctx(aead);
103
104 if (keylen != MORUS640_BLOCK_SIZE) {
105 crypto_aead_set_flags(aead, CRYPTO_TFM_RES_BAD_KEY_LEN);
106 return -EINVAL;
107 }
108
109 memcpy(ctx->key.bytes, key, MORUS640_BLOCK_SIZE);
110 return 0;
111}
112EXPORT_SYMBOL_GPL(crypto_morus640_glue_setkey);
113
114int crypto_morus640_glue_setauthsize(struct crypto_aead *tfm,
115 unsigned int authsize)
116{
117 return (authsize <= MORUS_MAX_AUTH_SIZE) ? 0 : -EINVAL;
118}
119EXPORT_SYMBOL_GPL(crypto_morus640_glue_setauthsize);
120
121static void crypto_morus640_glue_crypt(struct aead_request *req,
122 struct morus640_ops ops,
123 unsigned int cryptlen,
124 struct morus640_block *tag_xor)
125{
126 struct crypto_aead *tfm = crypto_aead_reqtfm(req);
127 struct morus640_ctx *ctx = crypto_aead_ctx(tfm);
128 struct morus640_state state;
129 struct skcipher_walk walk;
130
131 ops.skcipher_walk_init(&walk, req, true);
132
133 kernel_fpu_begin();
134
135 ctx->ops->init(&state, &ctx->key, req->iv);
136 crypto_morus640_glue_process_ad(&state, ctx->ops, req->src, req->assoclen);
137 crypto_morus640_glue_process_crypt(&state, ops, &walk);
138 ctx->ops->final(&state, tag_xor, req->assoclen, cryptlen);
139
140 kernel_fpu_end();
141}
142
143int crypto_morus640_glue_encrypt(struct aead_request *req)
144{
145 struct crypto_aead *tfm = crypto_aead_reqtfm(req);
146 struct morus640_ctx *ctx = crypto_aead_ctx(tfm);
147 struct morus640_ops OPS = {
148 .skcipher_walk_init = skcipher_walk_aead_encrypt,
149 .crypt_blocks = ctx->ops->enc,
150 .crypt_tail = ctx->ops->enc_tail,
151 };
152
153 struct morus640_block tag = {};
154 unsigned int authsize = crypto_aead_authsize(tfm);
155 unsigned int cryptlen = req->cryptlen;
156
157 crypto_morus640_glue_crypt(req, OPS, cryptlen, &tag);
158
159 scatterwalk_map_and_copy(tag.bytes, req->dst,
160 req->assoclen + cryptlen, authsize, 1);
161 return 0;
162}
163EXPORT_SYMBOL_GPL(crypto_morus640_glue_encrypt);
164
165int crypto_morus640_glue_decrypt(struct aead_request *req)
166{
167 static const u8 zeros[MORUS640_BLOCK_SIZE] = {};
168
169 struct crypto_aead *tfm = crypto_aead_reqtfm(req);
170 struct morus640_ctx *ctx = crypto_aead_ctx(tfm);
171 struct morus640_ops OPS = {
172 .skcipher_walk_init = skcipher_walk_aead_decrypt,
173 .crypt_blocks = ctx->ops->dec,
174 .crypt_tail = ctx->ops->dec_tail,
175 };
176
177 struct morus640_block tag;
178 unsigned int authsize = crypto_aead_authsize(tfm);
179 unsigned int cryptlen = req->cryptlen - authsize;
180
181 scatterwalk_map_and_copy(tag.bytes, req->src,
182 req->assoclen + cryptlen, authsize, 0);
183
184 crypto_morus640_glue_crypt(req, OPS, cryptlen, &tag);
185
186 return crypto_memneq(tag.bytes, zeros, authsize) ? -EBADMSG : 0;
187}
188EXPORT_SYMBOL_GPL(crypto_morus640_glue_decrypt);
189
190void crypto_morus640_glue_init_ops(struct crypto_aead *aead,
191 const struct morus640_glue_ops *ops)
192{
193 struct morus640_ctx *ctx = crypto_aead_ctx(aead);
194 ctx->ops = ops;
195}
196EXPORT_SYMBOL_GPL(crypto_morus640_glue_init_ops);
197
198MODULE_LICENSE("GPL");
199MODULE_AUTHOR("Ondrej Mosnacek <omosnacek@gmail.com>");
200MODULE_DESCRIPTION("MORUS-640 AEAD mode -- glue for x86 optimizations");
diff --git a/crypto/Kconfig b/crypto/Kconfig
index 80ea118600ab..160dc1a9c7ec 100644
--- a/crypto/Kconfig
+++ b/crypto/Kconfig
@@ -344,62 +344,6 @@ config CRYPTO_AEGIS256_AESNI_SSE2
344 help 344 help
345 AESNI+SSE2 implementation of the AEGIS-256 dedicated AEAD algorithm. 345 AESNI+SSE2 implementation of the AEGIS-256 dedicated AEAD algorithm.
346 346
347config CRYPTO_MORUS640
348 tristate "MORUS-640 AEAD algorithm"
349 select CRYPTO_AEAD
350 help
351 Support for the MORUS-640 dedicated AEAD algorithm.
352
353config CRYPTO_MORUS640_GLUE
354 tristate
355 depends on X86
356 select CRYPTO_AEAD
357 select CRYPTO_SIMD
358 help
359 Common glue for SIMD optimizations of the MORUS-640 dedicated AEAD
360 algorithm.
361
362config CRYPTO_MORUS640_SSE2
363 tristate "MORUS-640 AEAD algorithm (x86_64 SSE2 implementation)"
364 depends on X86 && 64BIT
365 select CRYPTO_AEAD
366 select CRYPTO_MORUS640_GLUE
367 help
368 SSE2 implementation of the MORUS-640 dedicated AEAD algorithm.
369
370config CRYPTO_MORUS1280
371 tristate "MORUS-1280 AEAD algorithm"
372 select CRYPTO_AEAD
373 help
374 Support for the MORUS-1280 dedicated AEAD algorithm.
375
376config CRYPTO_MORUS1280_GLUE
377 tristate
378 depends on X86
379 select CRYPTO_AEAD
380 select CRYPTO_SIMD
381 help
382 Common glue for SIMD optimizations of the MORUS-1280 dedicated AEAD
383 algorithm.
384
385config CRYPTO_MORUS1280_SSE2
386 tristate "MORUS-1280 AEAD algorithm (x86_64 SSE2 implementation)"
387 depends on X86 && 64BIT
388 select CRYPTO_AEAD
389 select CRYPTO_MORUS1280_GLUE
390 help
391 SSE2 optimizedimplementation of the MORUS-1280 dedicated AEAD
392 algorithm.
393
394config CRYPTO_MORUS1280_AVX2
395 tristate "MORUS-1280 AEAD algorithm (x86_64 AVX2 implementation)"
396 depends on X86 && 64BIT
397 select CRYPTO_AEAD
398 select CRYPTO_MORUS1280_GLUE
399 help
400 AVX2 optimized implementation of the MORUS-1280 dedicated AEAD
401 algorithm.
402
403config CRYPTO_SEQIV 347config CRYPTO_SEQIV
404 tristate "Sequence Number IV Generator" 348 tristate "Sequence Number IV Generator"
405 select CRYPTO_AEAD 349 select CRYPTO_AEAD
diff --git a/crypto/Makefile b/crypto/Makefile
index 9479e1a45d8c..4bc1951d3787 100644
--- a/crypto/Makefile
+++ b/crypto/Makefile
@@ -92,8 +92,6 @@ obj-$(CONFIG_CRYPTO_CHACHA20POLY1305) += chacha20poly1305.o
92obj-$(CONFIG_CRYPTO_AEGIS128) += aegis128.o 92obj-$(CONFIG_CRYPTO_AEGIS128) += aegis128.o
93obj-$(CONFIG_CRYPTO_AEGIS128L) += aegis128l.o 93obj-$(CONFIG_CRYPTO_AEGIS128L) += aegis128l.o
94obj-$(CONFIG_CRYPTO_AEGIS256) += aegis256.o 94obj-$(CONFIG_CRYPTO_AEGIS256) += aegis256.o
95obj-$(CONFIG_CRYPTO_MORUS640) += morus640.o
96obj-$(CONFIG_CRYPTO_MORUS1280) += morus1280.o
97obj-$(CONFIG_CRYPTO_PCRYPT) += pcrypt.o 95obj-$(CONFIG_CRYPTO_PCRYPT) += pcrypt.o
98obj-$(CONFIG_CRYPTO_CRYPTD) += cryptd.o 96obj-$(CONFIG_CRYPTO_CRYPTD) += cryptd.o
99obj-$(CONFIG_CRYPTO_DES) += des_generic.o 97obj-$(CONFIG_CRYPTO_DES) += des_generic.o
diff --git a/crypto/morus1280.c b/crypto/morus1280.c
deleted file mode 100644
index f8734c6576af..000000000000
--- a/crypto/morus1280.c
+++ /dev/null
@@ -1,542 +0,0 @@
1// SPDX-License-Identifier: GPL-2.0-or-later
2/*
3 * The MORUS-1280 Authenticated-Encryption Algorithm
4 *
5 * Copyright (c) 2016-2018 Ondrej Mosnacek <omosnacek@gmail.com>
6 * Copyright (C) 2017-2018 Red Hat, Inc. All rights reserved.
7 */
8
9#include <asm/unaligned.h>
10#include <crypto/algapi.h>
11#include <crypto/internal/aead.h>
12#include <crypto/internal/skcipher.h>
13#include <crypto/morus_common.h>
14#include <crypto/scatterwalk.h>
15#include <linux/err.h>
16#include <linux/init.h>
17#include <linux/kernel.h>
18#include <linux/module.h>
19#include <linux/scatterlist.h>
20
21#define MORUS1280_WORD_SIZE 8
22#define MORUS1280_BLOCK_SIZE (MORUS_BLOCK_WORDS * MORUS1280_WORD_SIZE)
23#define MORUS1280_BLOCK_ALIGN (__alignof__(__le64))
24#define MORUS1280_ALIGNED(p) IS_ALIGNED((uintptr_t)p, MORUS1280_BLOCK_ALIGN)
25
26struct morus1280_block {
27 u64 words[MORUS_BLOCK_WORDS];
28};
29
30union morus1280_block_in {
31 __le64 words[MORUS_BLOCK_WORDS];
32 u8 bytes[MORUS1280_BLOCK_SIZE];
33};
34
35struct morus1280_state {
36 struct morus1280_block s[MORUS_STATE_BLOCKS];
37};
38
39struct morus1280_ctx {
40 struct morus1280_block key;
41};
42
43struct morus1280_ops {
44 int (*skcipher_walk_init)(struct skcipher_walk *walk,
45 struct aead_request *req, bool atomic);
46
47 void (*crypt_chunk)(struct morus1280_state *state,
48 u8 *dst, const u8 *src, unsigned int size);
49};
50
51static const struct morus1280_block crypto_morus1280_const[1] = {
52 { .words = {
53 U64_C(0x0d08050302010100),
54 U64_C(0x6279e99059372215),
55 U64_C(0xf12fc26d55183ddb),
56 U64_C(0xdd28b57342311120),
57 } },
58};
59
60static void crypto_morus1280_round(struct morus1280_block *b0,
61 struct morus1280_block *b1,
62 struct morus1280_block *b2,
63 struct morus1280_block *b3,
64 struct morus1280_block *b4,
65 const struct morus1280_block *m,
66 unsigned int b, unsigned int w)
67{
68 unsigned int i;
69 struct morus1280_block tmp;
70
71 for (i = 0; i < MORUS_BLOCK_WORDS; i++) {
72 b0->words[i] ^= b1->words[i] & b2->words[i];
73 b0->words[i] ^= b3->words[i];
74 b0->words[i] ^= m->words[i];
75 b0->words[i] = rol64(b0->words[i], b);
76 }
77
78 tmp = *b3;
79 for (i = 0; i < MORUS_BLOCK_WORDS; i++)
80 b3->words[(i + w) % MORUS_BLOCK_WORDS] = tmp.words[i];
81}
82
83static void crypto_morus1280_update(struct morus1280_state *state,
84 const struct morus1280_block *m)
85{
86 static const struct morus1280_block z = {};
87
88 struct morus1280_block *s = state->s;
89
90 crypto_morus1280_round(&s[0], &s[1], &s[2], &s[3], &s[4], &z, 13, 1);
91 crypto_morus1280_round(&s[1], &s[2], &s[3], &s[4], &s[0], m, 46, 2);
92 crypto_morus1280_round(&s[2], &s[3], &s[4], &s[0], &s[1], m, 38, 3);
93 crypto_morus1280_round(&s[3], &s[4], &s[0], &s[1], &s[2], m, 7, 2);
94 crypto_morus1280_round(&s[4], &s[0], &s[1], &s[2], &s[3], m, 4, 1);
95}
96
97static void crypto_morus1280_load_a(struct morus1280_block *dst, const u8 *src)
98{
99 unsigned int i;
100 for (i = 0; i < MORUS_BLOCK_WORDS; i++) {
101 dst->words[i] = le64_to_cpu(*(const __le64 *)src);
102 src += MORUS1280_WORD_SIZE;
103 }
104}
105
106static void crypto_morus1280_load_u(struct morus1280_block *dst, const u8 *src)
107{
108 unsigned int i;
109 for (i = 0; i < MORUS_BLOCK_WORDS; i++) {
110 dst->words[i] = get_unaligned_le64(src);
111 src += MORUS1280_WORD_SIZE;
112 }
113}
114
115static void crypto_morus1280_load(struct morus1280_block *dst, const u8 *src)
116{
117 if (MORUS1280_ALIGNED(src))
118 crypto_morus1280_load_a(dst, src);
119 else
120 crypto_morus1280_load_u(dst, src);
121}
122
123static void crypto_morus1280_store_a(u8 *dst, const struct morus1280_block *src)
124{
125 unsigned int i;
126 for (i = 0; i < MORUS_BLOCK_WORDS; i++) {
127 *(__le64 *)dst = cpu_to_le64(src->words[i]);
128 dst += MORUS1280_WORD_SIZE;
129 }
130}
131
132static void crypto_morus1280_store_u(u8 *dst, const struct morus1280_block *src)
133{
134 unsigned int i;
135 for (i = 0; i < MORUS_BLOCK_WORDS; i++) {
136 put_unaligned_le64(src->words[i], dst);
137 dst += MORUS1280_WORD_SIZE;
138 }
139}
140
141static void crypto_morus1280_store(u8 *dst, const struct morus1280_block *src)
142{
143 if (MORUS1280_ALIGNED(dst))
144 crypto_morus1280_store_a(dst, src);
145 else
146 crypto_morus1280_store_u(dst, src);
147}
148
149static void crypto_morus1280_ad(struct morus1280_state *state, const u8 *src,
150 unsigned int size)
151{
152 struct morus1280_block m;
153
154 if (MORUS1280_ALIGNED(src)) {
155 while (size >= MORUS1280_BLOCK_SIZE) {
156 crypto_morus1280_load_a(&m, src);
157 crypto_morus1280_update(state, &m);
158
159 size -= MORUS1280_BLOCK_SIZE;
160 src += MORUS1280_BLOCK_SIZE;
161 }
162 } else {
163 while (size >= MORUS1280_BLOCK_SIZE) {
164 crypto_morus1280_load_u(&m, src);
165 crypto_morus1280_update(state, &m);
166
167 size -= MORUS1280_BLOCK_SIZE;
168 src += MORUS1280_BLOCK_SIZE;
169 }
170 }
171}
172
173static void crypto_morus1280_core(const struct morus1280_state *state,
174 struct morus1280_block *blk)
175{
176 unsigned int i;
177
178 for (i = 0; i < MORUS_BLOCK_WORDS; i++)
179 blk->words[(i + 3) % MORUS_BLOCK_WORDS] ^= state->s[1].words[i];
180
181 for (i = 0; i < MORUS_BLOCK_WORDS; i++) {
182 blk->words[i] ^= state->s[0].words[i];
183 blk->words[i] ^= state->s[2].words[i] & state->s[3].words[i];
184 }
185}
186
187static void crypto_morus1280_encrypt_chunk(struct morus1280_state *state,
188 u8 *dst, const u8 *src,
189 unsigned int size)
190{
191 struct morus1280_block c, m;
192
193 if (MORUS1280_ALIGNED(src) && MORUS1280_ALIGNED(dst)) {
194 while (size >= MORUS1280_BLOCK_SIZE) {
195 crypto_morus1280_load_a(&m, src);
196 c = m;
197 crypto_morus1280_core(state, &c);
198 crypto_morus1280_store_a(dst, &c);
199 crypto_morus1280_update(state, &m);
200
201 src += MORUS1280_BLOCK_SIZE;
202 dst += MORUS1280_BLOCK_SIZE;
203 size -= MORUS1280_BLOCK_SIZE;
204 }
205 } else {
206 while (size >= MORUS1280_BLOCK_SIZE) {
207 crypto_morus1280_load_u(&m, src);
208 c = m;
209 crypto_morus1280_core(state, &c);
210 crypto_morus1280_store_u(dst, &c);
211 crypto_morus1280_update(state, &m);
212
213 src += MORUS1280_BLOCK_SIZE;
214 dst += MORUS1280_BLOCK_SIZE;
215 size -= MORUS1280_BLOCK_SIZE;
216 }
217 }
218
219 if (size > 0) {
220 union morus1280_block_in tail;
221
222 memcpy(tail.bytes, src, size);
223 memset(tail.bytes + size, 0, MORUS1280_BLOCK_SIZE - size);
224
225 crypto_morus1280_load_a(&m, tail.bytes);
226 c = m;
227 crypto_morus1280_core(state, &c);
228 crypto_morus1280_store_a(tail.bytes, &c);
229 crypto_morus1280_update(state, &m);
230
231 memcpy(dst, tail.bytes, size);
232 }
233}
234
235static void crypto_morus1280_decrypt_chunk(struct morus1280_state *state,
236 u8 *dst, const u8 *src,
237 unsigned int size)
238{
239 struct morus1280_block m;
240
241 if (MORUS1280_ALIGNED(src) && MORUS1280_ALIGNED(dst)) {
242 while (size >= MORUS1280_BLOCK_SIZE) {
243 crypto_morus1280_load_a(&m, src);
244 crypto_morus1280_core(state, &m);
245 crypto_morus1280_store_a(dst, &m);
246 crypto_morus1280_update(state, &m);
247
248 src += MORUS1280_BLOCK_SIZE;
249 dst += MORUS1280_BLOCK_SIZE;
250 size -= MORUS1280_BLOCK_SIZE;
251 }
252 } else {
253 while (size >= MORUS1280_BLOCK_SIZE) {
254 crypto_morus1280_load_u(&m, src);
255 crypto_morus1280_core(state, &m);
256 crypto_morus1280_store_u(dst, &m);
257 crypto_morus1280_update(state, &m);
258
259 src += MORUS1280_BLOCK_SIZE;
260 dst += MORUS1280_BLOCK_SIZE;
261 size -= MORUS1280_BLOCK_SIZE;
262 }
263 }
264
265 if (size > 0) {
266 union morus1280_block_in tail;
267
268 memcpy(tail.bytes, src, size);
269 memset(tail.bytes + size, 0, MORUS1280_BLOCK_SIZE - size);
270
271 crypto_morus1280_load_a(&m, tail.bytes);
272 crypto_morus1280_core(state, &m);
273 crypto_morus1280_store_a(tail.bytes, &m);
274 memset(tail.bytes + size, 0, MORUS1280_BLOCK_SIZE - size);
275 crypto_morus1280_load_a(&m, tail.bytes);
276 crypto_morus1280_update(state, &m);
277
278 memcpy(dst, tail.bytes, size);
279 }
280}
281
282static void crypto_morus1280_init(struct morus1280_state *state,
283 const struct morus1280_block *key,
284 const u8 *iv)
285{
286 static const struct morus1280_block z = {};
287
288 union morus1280_block_in tmp;
289 unsigned int i;
290
291 memcpy(tmp.bytes, iv, MORUS_NONCE_SIZE);
292 memset(tmp.bytes + MORUS_NONCE_SIZE, 0,
293 MORUS1280_BLOCK_SIZE - MORUS_NONCE_SIZE);
294
295 crypto_morus1280_load(&state->s[0], tmp.bytes);
296 state->s[1] = *key;
297 for (i = 0; i < MORUS_BLOCK_WORDS; i++)
298 state->s[2].words[i] = U64_C(0xFFFFFFFFFFFFFFFF);
299 state->s[3] = z;
300 state->s[4] = crypto_morus1280_const[0];
301
302 for (i = 0; i < 16; i++)
303 crypto_morus1280_update(state, &z);
304
305 for (i = 0; i < MORUS_BLOCK_WORDS; i++)
306 state->s[1].words[i] ^= key->words[i];
307}
308
309static void crypto_morus1280_process_ad(struct morus1280_state *state,
310 struct scatterlist *sg_src,
311 unsigned int assoclen)
312{
313 struct scatter_walk walk;
314 struct morus1280_block m;
315 union morus1280_block_in buf;
316 unsigned int pos = 0;
317
318 scatterwalk_start(&walk, sg_src);
319 while (assoclen != 0) {
320 unsigned int size = scatterwalk_clamp(&walk, assoclen);
321 unsigned int left = size;
322 void *mapped = scatterwalk_map(&walk);
323 const u8 *src = (const u8 *)mapped;
324
325 if (pos + size >= MORUS1280_BLOCK_SIZE) {
326 if (pos > 0) {
327 unsigned int fill = MORUS1280_BLOCK_SIZE - pos;
328 memcpy(buf.bytes + pos, src, fill);
329
330 crypto_morus1280_load_a(&m, buf.bytes);
331 crypto_morus1280_update(state, &m);
332
333 pos = 0;
334 left -= fill;
335 src += fill;
336 }
337
338 crypto_morus1280_ad(state, src, left);
339 src += left & ~(MORUS1280_BLOCK_SIZE - 1);
340 left &= MORUS1280_BLOCK_SIZE - 1;
341 }
342
343 memcpy(buf.bytes + pos, src, left);
344
345 pos += left;
346 assoclen -= size;
347 scatterwalk_unmap(mapped);
348 scatterwalk_advance(&walk, size);
349 scatterwalk_done(&walk, 0, assoclen);
350 }
351
352 if (pos > 0) {
353 memset(buf.bytes + pos, 0, MORUS1280_BLOCK_SIZE - pos);
354
355 crypto_morus1280_load_a(&m, buf.bytes);
356 crypto_morus1280_update(state, &m);
357 }
358}
359
360static void crypto_morus1280_process_crypt(struct morus1280_state *state,
361 struct aead_request *req,
362 const struct morus1280_ops *ops)
363{
364 struct skcipher_walk walk;
365
366 ops->skcipher_walk_init(&walk, req, false);
367
368 while (walk.nbytes) {
369 unsigned int nbytes = walk.nbytes;
370
371 if (nbytes < walk.total)
372 nbytes = round_down(nbytes, walk.stride);
373
374 ops->crypt_chunk(state, walk.dst.virt.addr, walk.src.virt.addr,
375 nbytes);
376
377 skcipher_walk_done(&walk, walk.nbytes - nbytes);
378 }
379}
380
381static void crypto_morus1280_final(struct morus1280_state *state,
382 struct morus1280_block *tag_xor,
383 u64 assoclen, u64 cryptlen)
384{
385 struct morus1280_block tmp;
386 unsigned int i;
387
388 tmp.words[0] = assoclen * 8;
389 tmp.words[1] = cryptlen * 8;
390 tmp.words[2] = 0;
391 tmp.words[3] = 0;
392
393 for (i = 0; i < MORUS_BLOCK_WORDS; i++)
394 state->s[4].words[i] ^= state->s[0].words[i];
395
396 for (i = 0; i < 10; i++)
397 crypto_morus1280_update(state, &tmp);
398
399 crypto_morus1280_core(state, tag_xor);
400}
401
402static int crypto_morus1280_setkey(struct crypto_aead *aead, const u8 *key,
403 unsigned int keylen)
404{
405 struct morus1280_ctx *ctx = crypto_aead_ctx(aead);
406 union morus1280_block_in tmp;
407
408 if (keylen == MORUS1280_BLOCK_SIZE)
409 crypto_morus1280_load(&ctx->key, key);
410 else if (keylen == MORUS1280_BLOCK_SIZE / 2) {
411 memcpy(tmp.bytes, key, keylen);
412 memcpy(tmp.bytes + keylen, key, keylen);
413
414 crypto_morus1280_load(&ctx->key, tmp.bytes);
415 } else {
416 crypto_aead_set_flags(aead, CRYPTO_TFM_RES_BAD_KEY_LEN);
417 return -EINVAL;
418 }
419
420 return 0;
421}
422
423static int crypto_morus1280_setauthsize(struct crypto_aead *tfm,
424 unsigned int authsize)
425{
426 return (authsize <= MORUS_MAX_AUTH_SIZE) ? 0 : -EINVAL;
427}
428
429static void crypto_morus1280_crypt(struct aead_request *req,
430 struct morus1280_block *tag_xor,
431 unsigned int cryptlen,
432 const struct morus1280_ops *ops)
433{
434 struct crypto_aead *tfm = crypto_aead_reqtfm(req);
435 struct morus1280_ctx *ctx = crypto_aead_ctx(tfm);
436 struct morus1280_state state;
437
438 crypto_morus1280_init(&state, &ctx->key, req->iv);
439 crypto_morus1280_process_ad(&state, req->src, req->assoclen);
440 crypto_morus1280_process_crypt(&state, req, ops);
441 crypto_morus1280_final(&state, tag_xor, req->assoclen, cryptlen);
442}
443
444static int crypto_morus1280_encrypt(struct aead_request *req)
445{
446 static const struct morus1280_ops ops = {
447 .skcipher_walk_init = skcipher_walk_aead_encrypt,
448 .crypt_chunk = crypto_morus1280_encrypt_chunk,
449 };
450
451 struct crypto_aead *tfm = crypto_aead_reqtfm(req);
452 struct morus1280_block tag = {};
453 union morus1280_block_in tag_out;
454 unsigned int authsize = crypto_aead_authsize(tfm);
455 unsigned int cryptlen = req->cryptlen;
456
457 crypto_morus1280_crypt(req, &tag, cryptlen, &ops);
458 crypto_morus1280_store(tag_out.bytes, &tag);
459
460 scatterwalk_map_and_copy(tag_out.bytes, req->dst,
461 req->assoclen + cryptlen, authsize, 1);
462 return 0;
463}
464
465static int crypto_morus1280_decrypt(struct aead_request *req)
466{
467 static const struct morus1280_ops ops = {
468 .skcipher_walk_init = skcipher_walk_aead_decrypt,
469 .crypt_chunk = crypto_morus1280_decrypt_chunk,
470 };
471 static const u8 zeros[MORUS1280_BLOCK_SIZE] = {};
472
473 struct crypto_aead *tfm = crypto_aead_reqtfm(req);
474 union morus1280_block_in tag_in;
475 struct morus1280_block tag;
476 unsigned int authsize = crypto_aead_authsize(tfm);
477 unsigned int cryptlen = req->cryptlen - authsize;
478
479 scatterwalk_map_and_copy(tag_in.bytes, req->src,
480 req->assoclen + cryptlen, authsize, 0);
481
482 crypto_morus1280_load(&tag, tag_in.bytes);
483 crypto_morus1280_crypt(req, &tag, cryptlen, &ops);
484 crypto_morus1280_store(tag_in.bytes, &tag);
485
486 return crypto_memneq(tag_in.bytes, zeros, authsize) ? -EBADMSG : 0;
487}
488
489static int crypto_morus1280_init_tfm(struct crypto_aead *tfm)
490{
491 return 0;
492}
493
494static void crypto_morus1280_exit_tfm(struct crypto_aead *tfm)
495{
496}
497
498static struct aead_alg crypto_morus1280_alg = {
499 .setkey = crypto_morus1280_setkey,
500 .setauthsize = crypto_morus1280_setauthsize,
501 .encrypt = crypto_morus1280_encrypt,
502 .decrypt = crypto_morus1280_decrypt,
503 .init = crypto_morus1280_init_tfm,
504 .exit = crypto_morus1280_exit_tfm,
505
506 .ivsize = MORUS_NONCE_SIZE,
507 .maxauthsize = MORUS_MAX_AUTH_SIZE,
508 .chunksize = MORUS1280_BLOCK_SIZE,
509
510 .base = {
511 .cra_blocksize = 1,
512 .cra_ctxsize = sizeof(struct morus1280_ctx),
513 .cra_alignmask = 0,
514
515 .cra_priority = 100,
516
517 .cra_name = "morus1280",
518 .cra_driver_name = "morus1280-generic",
519
520 .cra_module = THIS_MODULE,
521 }
522};
523
524
525static int __init crypto_morus1280_module_init(void)
526{
527 return crypto_register_aead(&crypto_morus1280_alg);
528}
529
530static void __exit crypto_morus1280_module_exit(void)
531{
532 crypto_unregister_aead(&crypto_morus1280_alg);
533}
534
535subsys_initcall(crypto_morus1280_module_init);
536module_exit(crypto_morus1280_module_exit);
537
538MODULE_LICENSE("GPL");
539MODULE_AUTHOR("Ondrej Mosnacek <omosnacek@gmail.com>");
540MODULE_DESCRIPTION("MORUS-1280 AEAD algorithm");
541MODULE_ALIAS_CRYPTO("morus1280");
542MODULE_ALIAS_CRYPTO("morus1280-generic");
diff --git a/crypto/morus640.c b/crypto/morus640.c
deleted file mode 100644
index ae5aa9482cb4..000000000000
--- a/crypto/morus640.c
+++ /dev/null
@@ -1,533 +0,0 @@
1// SPDX-License-Identifier: GPL-2.0-or-later
2/*
3 * The MORUS-640 Authenticated-Encryption Algorithm
4 *
5 * Copyright (c) 2016-2018 Ondrej Mosnacek <omosnacek@gmail.com>
6 * Copyright (C) 2017-2018 Red Hat, Inc. All rights reserved.
7 */
8
9#include <asm/unaligned.h>
10#include <crypto/algapi.h>
11#include <crypto/internal/aead.h>
12#include <crypto/internal/skcipher.h>
13#include <crypto/morus_common.h>
14#include <crypto/scatterwalk.h>
15#include <linux/err.h>
16#include <linux/init.h>
17#include <linux/kernel.h>
18#include <linux/module.h>
19#include <linux/scatterlist.h>
20
21#define MORUS640_WORD_SIZE 4
22#define MORUS640_BLOCK_SIZE (MORUS_BLOCK_WORDS * MORUS640_WORD_SIZE)
23#define MORUS640_BLOCK_ALIGN (__alignof__(__le32))
24#define MORUS640_ALIGNED(p) IS_ALIGNED((uintptr_t)p, MORUS640_BLOCK_ALIGN)
25
26struct morus640_block {
27 u32 words[MORUS_BLOCK_WORDS];
28};
29
30union morus640_block_in {
31 __le32 words[MORUS_BLOCK_WORDS];
32 u8 bytes[MORUS640_BLOCK_SIZE];
33};
34
35struct morus640_state {
36 struct morus640_block s[MORUS_STATE_BLOCKS];
37};
38
39struct morus640_ctx {
40 struct morus640_block key;
41};
42
43struct morus640_ops {
44 int (*skcipher_walk_init)(struct skcipher_walk *walk,
45 struct aead_request *req, bool atomic);
46
47 void (*crypt_chunk)(struct morus640_state *state,
48 u8 *dst, const u8 *src, unsigned int size);
49};
50
51static const struct morus640_block crypto_morus640_const[2] = {
52 { .words = {
53 U32_C(0x02010100),
54 U32_C(0x0d080503),
55 U32_C(0x59372215),
56 U32_C(0x6279e990),
57 } },
58 { .words = {
59 U32_C(0x55183ddb),
60 U32_C(0xf12fc26d),
61 U32_C(0x42311120),
62 U32_C(0xdd28b573),
63 } },
64};
65
66static void crypto_morus640_round(struct morus640_block *b0,
67 struct morus640_block *b1,
68 struct morus640_block *b2,
69 struct morus640_block *b3,
70 struct morus640_block *b4,
71 const struct morus640_block *m,
72 unsigned int b, unsigned int w)
73{
74 unsigned int i;
75 struct morus640_block tmp;
76
77 for (i = 0; i < MORUS_BLOCK_WORDS; i++) {
78 b0->words[i] ^= b1->words[i] & b2->words[i];
79 b0->words[i] ^= b3->words[i];
80 b0->words[i] ^= m->words[i];
81 b0->words[i] = rol32(b0->words[i], b);
82 }
83
84 tmp = *b3;
85 for (i = 0; i < MORUS_BLOCK_WORDS; i++)
86 b3->words[(i + w) % MORUS_BLOCK_WORDS] = tmp.words[i];
87}
88
89static void crypto_morus640_update(struct morus640_state *state,
90 const struct morus640_block *m)
91{
92 static const struct morus640_block z = {};
93
94 struct morus640_block *s = state->s;
95
96 crypto_morus640_round(&s[0], &s[1], &s[2], &s[3], &s[4], &z, 5, 1);
97 crypto_morus640_round(&s[1], &s[2], &s[3], &s[4], &s[0], m, 31, 2);
98 crypto_morus640_round(&s[2], &s[3], &s[4], &s[0], &s[1], m, 7, 3);
99 crypto_morus640_round(&s[3], &s[4], &s[0], &s[1], &s[2], m, 22, 2);
100 crypto_morus640_round(&s[4], &s[0], &s[1], &s[2], &s[3], m, 13, 1);
101}
102
103static void crypto_morus640_load_a(struct morus640_block *dst, const u8 *src)
104{
105 unsigned int i;
106 for (i = 0; i < MORUS_BLOCK_WORDS; i++) {
107 dst->words[i] = le32_to_cpu(*(const __le32 *)src);
108 src += MORUS640_WORD_SIZE;
109 }
110}
111
112static void crypto_morus640_load_u(struct morus640_block *dst, const u8 *src)
113{
114 unsigned int i;
115 for (i = 0; i < MORUS_BLOCK_WORDS; i++) {
116 dst->words[i] = get_unaligned_le32(src);
117 src += MORUS640_WORD_SIZE;
118 }
119}
120
121static void crypto_morus640_load(struct morus640_block *dst, const u8 *src)
122{
123 if (MORUS640_ALIGNED(src))
124 crypto_morus640_load_a(dst, src);
125 else
126 crypto_morus640_load_u(dst, src);
127}
128
129static void crypto_morus640_store_a(u8 *dst, const struct morus640_block *src)
130{
131 unsigned int i;
132 for (i = 0; i < MORUS_BLOCK_WORDS; i++) {
133 *(__le32 *)dst = cpu_to_le32(src->words[i]);
134 dst += MORUS640_WORD_SIZE;
135 }
136}
137
138static void crypto_morus640_store_u(u8 *dst, const struct morus640_block *src)
139{
140 unsigned int i;
141 for (i = 0; i < MORUS_BLOCK_WORDS; i++) {
142 put_unaligned_le32(src->words[i], dst);
143 dst += MORUS640_WORD_SIZE;
144 }
145}
146
147static void crypto_morus640_store(u8 *dst, const struct morus640_block *src)
148{
149 if (MORUS640_ALIGNED(dst))
150 crypto_morus640_store_a(dst, src);
151 else
152 crypto_morus640_store_u(dst, src);
153}
154
155static void crypto_morus640_ad(struct morus640_state *state, const u8 *src,
156 unsigned int size)
157{
158 struct morus640_block m;
159
160 if (MORUS640_ALIGNED(src)) {
161 while (size >= MORUS640_BLOCK_SIZE) {
162 crypto_morus640_load_a(&m, src);
163 crypto_morus640_update(state, &m);
164
165 size -= MORUS640_BLOCK_SIZE;
166 src += MORUS640_BLOCK_SIZE;
167 }
168 } else {
169 while (size >= MORUS640_BLOCK_SIZE) {
170 crypto_morus640_load_u(&m, src);
171 crypto_morus640_update(state, &m);
172
173 size -= MORUS640_BLOCK_SIZE;
174 src += MORUS640_BLOCK_SIZE;
175 }
176 }
177}
178
179static void crypto_morus640_core(const struct morus640_state *state,
180 struct morus640_block *blk)
181{
182 unsigned int i;
183
184 for (i = 0; i < MORUS_BLOCK_WORDS; i++)
185 blk->words[(i + 3) % MORUS_BLOCK_WORDS] ^= state->s[1].words[i];
186
187 for (i = 0; i < MORUS_BLOCK_WORDS; i++) {
188 blk->words[i] ^= state->s[0].words[i];
189 blk->words[i] ^= state->s[2].words[i] & state->s[3].words[i];
190 }
191}
192
193static void crypto_morus640_encrypt_chunk(struct morus640_state *state, u8 *dst,
194 const u8 *src, unsigned int size)
195{
196 struct morus640_block c, m;
197
198 if (MORUS640_ALIGNED(src) && MORUS640_ALIGNED(dst)) {
199 while (size >= MORUS640_BLOCK_SIZE) {
200 crypto_morus640_load_a(&m, src);
201 c = m;
202 crypto_morus640_core(state, &c);
203 crypto_morus640_store_a(dst, &c);
204 crypto_morus640_update(state, &m);
205
206 src += MORUS640_BLOCK_SIZE;
207 dst += MORUS640_BLOCK_SIZE;
208 size -= MORUS640_BLOCK_SIZE;
209 }
210 } else {
211 while (size >= MORUS640_BLOCK_SIZE) {
212 crypto_morus640_load_u(&m, src);
213 c = m;
214 crypto_morus640_core(state, &c);
215 crypto_morus640_store_u(dst, &c);
216 crypto_morus640_update(state, &m);
217
218 src += MORUS640_BLOCK_SIZE;
219 dst += MORUS640_BLOCK_SIZE;
220 size -= MORUS640_BLOCK_SIZE;
221 }
222 }
223
224 if (size > 0) {
225 union morus640_block_in tail;
226
227 memcpy(tail.bytes, src, size);
228 memset(tail.bytes + size, 0, MORUS640_BLOCK_SIZE - size);
229
230 crypto_morus640_load_a(&m, tail.bytes);
231 c = m;
232 crypto_morus640_core(state, &c);
233 crypto_morus640_store_a(tail.bytes, &c);
234 crypto_morus640_update(state, &m);
235
236 memcpy(dst, tail.bytes, size);
237 }
238}
239
240static void crypto_morus640_decrypt_chunk(struct morus640_state *state, u8 *dst,
241 const u8 *src, unsigned int size)
242{
243 struct morus640_block m;
244
245 if (MORUS640_ALIGNED(src) && MORUS640_ALIGNED(dst)) {
246 while (size >= MORUS640_BLOCK_SIZE) {
247 crypto_morus640_load_a(&m, src);
248 crypto_morus640_core(state, &m);
249 crypto_morus640_store_a(dst, &m);
250 crypto_morus640_update(state, &m);
251
252 src += MORUS640_BLOCK_SIZE;
253 dst += MORUS640_BLOCK_SIZE;
254 size -= MORUS640_BLOCK_SIZE;
255 }
256 } else {
257 while (size >= MORUS640_BLOCK_SIZE) {
258 crypto_morus640_load_u(&m, src);
259 crypto_morus640_core(state, &m);
260 crypto_morus640_store_u(dst, &m);
261 crypto_morus640_update(state, &m);
262
263 src += MORUS640_BLOCK_SIZE;
264 dst += MORUS640_BLOCK_SIZE;
265 size -= MORUS640_BLOCK_SIZE;
266 }
267 }
268
269 if (size > 0) {
270 union morus640_block_in tail;
271
272 memcpy(tail.bytes, src, size);
273 memset(tail.bytes + size, 0, MORUS640_BLOCK_SIZE - size);
274
275 crypto_morus640_load_a(&m, tail.bytes);
276 crypto_morus640_core(state, &m);
277 crypto_morus640_store_a(tail.bytes, &m);
278 memset(tail.bytes + size, 0, MORUS640_BLOCK_SIZE - size);
279 crypto_morus640_load_a(&m, tail.bytes);
280 crypto_morus640_update(state, &m);
281
282 memcpy(dst, tail.bytes, size);
283 }
284}
285
286static void crypto_morus640_init(struct morus640_state *state,
287 const struct morus640_block *key,
288 const u8 *iv)
289{
290 static const struct morus640_block z = {};
291
292 unsigned int i;
293
294 crypto_morus640_load(&state->s[0], iv);
295 state->s[1] = *key;
296 for (i = 0; i < MORUS_BLOCK_WORDS; i++)
297 state->s[2].words[i] = U32_C(0xFFFFFFFF);
298 state->s[3] = crypto_morus640_const[0];
299 state->s[4] = crypto_morus640_const[1];
300
301 for (i = 0; i < 16; i++)
302 crypto_morus640_update(state, &z);
303
304 for (i = 0; i < MORUS_BLOCK_WORDS; i++)
305 state->s[1].words[i] ^= key->words[i];
306}
307
308static void crypto_morus640_process_ad(struct morus640_state *state,
309 struct scatterlist *sg_src,
310 unsigned int assoclen)
311{
312 struct scatter_walk walk;
313 struct morus640_block m;
314 union morus640_block_in buf;
315 unsigned int pos = 0;
316
317 scatterwalk_start(&walk, sg_src);
318 while (assoclen != 0) {
319 unsigned int size = scatterwalk_clamp(&walk, assoclen);
320 unsigned int left = size;
321 void *mapped = scatterwalk_map(&walk);
322 const u8 *src = (const u8 *)mapped;
323
324 if (pos + size >= MORUS640_BLOCK_SIZE) {
325 if (pos > 0) {
326 unsigned int fill = MORUS640_BLOCK_SIZE - pos;
327 memcpy(buf.bytes + pos, src, fill);
328
329 crypto_morus640_load_a(&m, buf.bytes);
330 crypto_morus640_update(state, &m);
331
332 pos = 0;
333 left -= fill;
334 src += fill;
335 }
336
337 crypto_morus640_ad(state, src, left);
338 src += left & ~(MORUS640_BLOCK_SIZE - 1);
339 left &= MORUS640_BLOCK_SIZE - 1;
340 }
341
342 memcpy(buf.bytes + pos, src, left);
343
344 pos += left;
345 assoclen -= size;
346 scatterwalk_unmap(mapped);
347 scatterwalk_advance(&walk, size);
348 scatterwalk_done(&walk, 0, assoclen);
349 }
350
351 if (pos > 0) {
352 memset(buf.bytes + pos, 0, MORUS640_BLOCK_SIZE - pos);
353
354 crypto_morus640_load_a(&m, buf.bytes);
355 crypto_morus640_update(state, &m);
356 }
357}
358
359static void crypto_morus640_process_crypt(struct morus640_state *state,
360 struct aead_request *req,
361 const struct morus640_ops *ops)
362{
363 struct skcipher_walk walk;
364
365 ops->skcipher_walk_init(&walk, req, false);
366
367 while (walk.nbytes) {
368 unsigned int nbytes = walk.nbytes;
369
370 if (nbytes < walk.total)
371 nbytes = round_down(nbytes, walk.stride);
372
373 ops->crypt_chunk(state, walk.dst.virt.addr, walk.src.virt.addr,
374 nbytes);
375
376 skcipher_walk_done(&walk, walk.nbytes - nbytes);
377 }
378}
379
380static void crypto_morus640_final(struct morus640_state *state,
381 struct morus640_block *tag_xor,
382 u64 assoclen, u64 cryptlen)
383{
384 struct morus640_block tmp;
385 unsigned int i;
386
387 tmp.words[0] = lower_32_bits(assoclen * 8);
388 tmp.words[1] = upper_32_bits(assoclen * 8);
389 tmp.words[2] = lower_32_bits(cryptlen * 8);
390 tmp.words[3] = upper_32_bits(cryptlen * 8);
391
392 for (i = 0; i < MORUS_BLOCK_WORDS; i++)
393 state->s[4].words[i] ^= state->s[0].words[i];
394
395 for (i = 0; i < 10; i++)
396 crypto_morus640_update(state, &tmp);
397
398 crypto_morus640_core(state, tag_xor);
399}
400
401static int crypto_morus640_setkey(struct crypto_aead *aead, const u8 *key,
402 unsigned int keylen)
403{
404 struct morus640_ctx *ctx = crypto_aead_ctx(aead);
405
406 if (keylen != MORUS640_BLOCK_SIZE) {
407 crypto_aead_set_flags(aead, CRYPTO_TFM_RES_BAD_KEY_LEN);
408 return -EINVAL;
409 }
410
411 crypto_morus640_load(&ctx->key, key);
412 return 0;
413}
414
415static int crypto_morus640_setauthsize(struct crypto_aead *tfm,
416 unsigned int authsize)
417{
418 return (authsize <= MORUS_MAX_AUTH_SIZE) ? 0 : -EINVAL;
419}
420
421static void crypto_morus640_crypt(struct aead_request *req,
422 struct morus640_block *tag_xor,
423 unsigned int cryptlen,
424 const struct morus640_ops *ops)
425{
426 struct crypto_aead *tfm = crypto_aead_reqtfm(req);
427 struct morus640_ctx *ctx = crypto_aead_ctx(tfm);
428 struct morus640_state state;
429
430 crypto_morus640_init(&state, &ctx->key, req->iv);
431 crypto_morus640_process_ad(&state, req->src, req->assoclen);
432 crypto_morus640_process_crypt(&state, req, ops);
433 crypto_morus640_final(&state, tag_xor, req->assoclen, cryptlen);
434}
435
436static int crypto_morus640_encrypt(struct aead_request *req)
437{
438 static const struct morus640_ops ops = {
439 .skcipher_walk_init = skcipher_walk_aead_encrypt,
440 .crypt_chunk = crypto_morus640_encrypt_chunk,
441 };
442
443 struct crypto_aead *tfm = crypto_aead_reqtfm(req);
444 struct morus640_block tag = {};
445 union morus640_block_in tag_out;
446 unsigned int authsize = crypto_aead_authsize(tfm);
447 unsigned int cryptlen = req->cryptlen;
448
449 crypto_morus640_crypt(req, &tag, cryptlen, &ops);
450 crypto_morus640_store(tag_out.bytes, &tag);
451
452 scatterwalk_map_and_copy(tag_out.bytes, req->dst,
453 req->assoclen + cryptlen, authsize, 1);
454 return 0;
455}
456
457static int crypto_morus640_decrypt(struct aead_request *req)
458{
459 static const struct morus640_ops ops = {
460 .skcipher_walk_init = skcipher_walk_aead_decrypt,
461 .crypt_chunk = crypto_morus640_decrypt_chunk,
462 };
463 static const u8 zeros[MORUS640_BLOCK_SIZE] = {};
464
465 struct crypto_aead *tfm = crypto_aead_reqtfm(req);
466 union morus640_block_in tag_in;
467 struct morus640_block tag;
468 unsigned int authsize = crypto_aead_authsize(tfm);
469 unsigned int cryptlen = req->cryptlen - authsize;
470
471 scatterwalk_map_and_copy(tag_in.bytes, req->src,
472 req->assoclen + cryptlen, authsize, 0);
473
474 crypto_morus640_load(&tag, tag_in.bytes);
475 crypto_morus640_crypt(req, &tag, cryptlen, &ops);
476 crypto_morus640_store(tag_in.bytes, &tag);
477
478 return crypto_memneq(tag_in.bytes, zeros, authsize) ? -EBADMSG : 0;
479}
480
481static int crypto_morus640_init_tfm(struct crypto_aead *tfm)
482{
483 return 0;
484}
485
486static void crypto_morus640_exit_tfm(struct crypto_aead *tfm)
487{
488}
489
490static struct aead_alg crypto_morus640_alg = {
491 .setkey = crypto_morus640_setkey,
492 .setauthsize = crypto_morus640_setauthsize,
493 .encrypt = crypto_morus640_encrypt,
494 .decrypt = crypto_morus640_decrypt,
495 .init = crypto_morus640_init_tfm,
496 .exit = crypto_morus640_exit_tfm,
497
498 .ivsize = MORUS_NONCE_SIZE,
499 .maxauthsize = MORUS_MAX_AUTH_SIZE,
500 .chunksize = MORUS640_BLOCK_SIZE,
501
502 .base = {
503 .cra_blocksize = 1,
504 .cra_ctxsize = sizeof(struct morus640_ctx),
505 .cra_alignmask = 0,
506
507 .cra_priority = 100,
508
509 .cra_name = "morus640",
510 .cra_driver_name = "morus640-generic",
511
512 .cra_module = THIS_MODULE,
513 }
514};
515
516static int __init crypto_morus640_module_init(void)
517{
518 return crypto_register_aead(&crypto_morus640_alg);
519}
520
521static void __exit crypto_morus640_module_exit(void)
522{
523 crypto_unregister_aead(&crypto_morus640_alg);
524}
525
526subsys_initcall(crypto_morus640_module_init);
527module_exit(crypto_morus640_module_exit);
528
529MODULE_LICENSE("GPL");
530MODULE_AUTHOR("Ondrej Mosnacek <omosnacek@gmail.com>");
531MODULE_DESCRIPTION("MORUS-640 AEAD algorithm");
532MODULE_ALIAS_CRYPTO("morus640");
533MODULE_ALIAS_CRYPTO("morus640-generic");
diff --git a/crypto/testmgr.c b/crypto/testmgr.c
index 5fe90ea46319..6258581aa628 100644
--- a/crypto/testmgr.c
+++ b/crypto/testmgr.c
@@ -4769,18 +4769,6 @@ static const struct alg_test_desc alg_test_descs[] = {
4769 .hash = __VECS(michael_mic_tv_template) 4769 .hash = __VECS(michael_mic_tv_template)
4770 } 4770 }
4771 }, { 4771 }, {
4772 .alg = "morus1280",
4773 .test = alg_test_aead,
4774 .suite = {
4775 .aead = __VECS(morus1280_tv_template)
4776 }
4777 }, {
4778 .alg = "morus640",
4779 .test = alg_test_aead,
4780 .suite = {
4781 .aead = __VECS(morus640_tv_template)
4782 }
4783 }, {
4784 .alg = "nhpoly1305", 4772 .alg = "nhpoly1305",
4785 .test = alg_test_hash, 4773 .test = alg_test_hash,
4786 .suite = { 4774 .suite = {
diff --git a/crypto/testmgr.h b/crypto/testmgr.h
index b743ca6d12cc..fca03fa018fc 100644
--- a/crypto/testmgr.h
+++ b/crypto/testmgr.h
@@ -20473,1713 +20473,6 @@ static const struct aead_testvec aegis256_tv_template[] = {
20473}; 20473};
20474 20474
20475/* 20475/*
20476 * MORUS-640 test vectors - generated via reference implementation from
20477 * SUPERCOP (https://bench.cr.yp.to/supercop.html):
20478 *
20479 * https://bench.cr.yp.to/supercop/supercop-20170228.tar.xz
20480 * (see crypto_aead/morus640128v2/)
20481 */
20482static const struct aead_testvec morus640_tv_template[] = {
20483 {
20484 .key = "\x00\x00\x00\x00\x00\x00\x00\x00"
20485 "\x00\x00\x00\x00\x00\x00\x00\x00",
20486 .klen = 16,
20487 .iv = "\x0f\xc9\x8e\x67\x44\x9e\xaa\x86"
20488 "\x20\x36\x2c\x24\xfe\xc9\x30\x81",
20489 .assoc = "",
20490 .alen = 0,
20491 .ptext = "",
20492 .plen = 0,
20493 .ctext = "\x89\x62\x7d\xf3\x07\x9d\x52\x05"
20494 "\x53\xc3\x04\x60\x93\xb4\x37\x9a",
20495 .clen = 16,
20496 }, {
20497 .key = "\x3c\x24\x39\x9f\x10\x7b\xa8\x1b"
20498 "\x80\xda\xb2\x91\xf9\x24\xc2\x06",
20499 .klen = 16,
20500 .iv = "\x4b\xed\xc8\x07\x54\x1a\x52\xa2"
20501 "\xa1\x10\xde\xb5\xf8\xed\xf3\x87",
20502 .assoc = "",
20503 .alen = 0,
20504 .ptext = "\x69",
20505 .plen = 1,
20506 .ctext = "\xa8\x8d\xe4\x90\xb5\x50\x8f\x78"
20507 "\xb6\x10\x9a\x59\x5f\x61\x37\x70"
20508 "\x09",
20509 .clen = 17,
20510 }, {
20511 .key = "\x79\x49\x73\x3e\x20\xf7\x51\x37"
20512 "\x01\xb4\x64\x22\xf3\x48\x85\x0c",
20513 .klen = 16,
20514 .iv = "\x88\x12\x01\xa6\x64\x96\xfb\xbe"
20515 "\x22\xea\x90\x47\xf2\x11\xb5\x8e",
20516 .assoc = "",
20517 .alen = 0,
20518 .ptext = "\xa6\xa4\x1e\x76\xec\xd4\x50\xcc"
20519 "\x62\x58\xe9\x8f\xef\xa4\x17",
20520 .plen = 15,
20521 .ctext = "\x76\xdd\xb9\x05\x3d\xce\x61\x38"
20522 "\xf3\xef\xf7\xe5\xd7\xfd\x70\xa5"
20523 "\xcf\x9d\x64\xb8\x0a\x9f\xfd\x8b"
20524 "\xd4\x6e\xfe\xd9\xc8\x63\x4b",
20525 .clen = 31,
20526 }, {
20527 .key = "\xb5\x6e\xad\xdd\x30\x72\xfa\x53"
20528 "\x82\x8e\x16\xb4\xed\x6d\x47\x12",
20529 .klen = 16,
20530 .iv = "\xc4\x37\x3b\x45\x74\x11\xa4\xda"
20531 "\xa2\xc5\x42\xd8\xec\x36\x78\x94",
20532 .assoc = "",
20533 .alen = 0,
20534 .ptext = "\xe2\xc9\x58\x15\xfc\x4f\xf8\xe8"
20535 "\xe3\x32\x9b\x21\xe9\xc8\xd9\x97",
20536 .plen = 16,
20537 .ctext = "\xdc\x72\xe8\x14\xfb\x63\xad\x72"
20538 "\x1f\x57\x9a\x1f\x88\x81\xdb\xd6"
20539 "\xc1\x91\x9d\xb9\x25\xc4\x99\x4c"
20540 "\x97\xcd\x8a\x0c\x9d\x68\x00\x1c",
20541 .clen = 32,
20542 }, {
20543 .key = "\xf2\x92\xe6\x7d\x40\xee\xa3\x6f"
20544 "\x03\x68\xc8\x45\xe7\x91\x0a\x18",
20545 .klen = 16,
20546 .iv = "\x01\x5c\x75\xe5\x84\x8d\x4d\xf6"
20547 "\x23\x9f\xf4\x6a\xe6\x5a\x3b\x9a",
20548 .assoc = "",
20549 .alen = 0,
20550 .ptext = "\x1f\xee\x92\xb4\x0c\xcb\xa1\x04"
20551 "\x64\x0c\x4d\xb2\xe3\xec\x9c\x9d"
20552 "\x09",
20553 .plen = 17,
20554 .ctext = "\x6b\x4f\x3b\x90\x9a\xa2\xb3\x82"
20555 "\x0a\xb8\x55\xee\xeb\x73\x4d\x7f"
20556 "\x54\x11\x3a\x8a\x31\xa3\xb5\xf2"
20557 "\xcd\x49\xdb\xf3\xee\x26\xbd\xa2"
20558 "\x0d",
20559 .clen = 33,
20560 }, {
20561 .key = "\x2e\xb7\x20\x1c\x50\x6a\x4b\x8b"
20562 "\x84\x42\x7a\xd7\xe1\xb5\xcd\x1f",
20563 .klen = 16,
20564 .iv = "\x3d\x80\xae\x84\x94\x09\xf6\x12"
20565 "\xa4\x79\xa6\xfb\xe0\x7f\xfd\xa0",
20566 .assoc = "",
20567 .alen = 0,
20568 .ptext = "\x5c\x13\xcb\x54\x1c\x47\x4a\x1f"
20569 "\xe5\xe6\xff\x44\xdd\x11\x5f\xa3"
20570 "\x33\xdd\xc2\xf8\xdd\x18\x2b\x93"
20571 "\x57\x05\x01\x1c\x66\x22\xd3",
20572 .plen = 31,
20573 .ctext = "\x59\xd1\x0f\x6b\xee\x27\x84\x92"
20574 "\xb7\xa9\xb5\xdd\x02\xa4\x12\xa5"
20575 "\x50\x32\xb4\x9a\x2e\x35\x83\x55"
20576 "\x36\x12\x12\xed\xa3\x31\xc5\x30"
20577 "\xa7\xe2\x4a\x6d\x05\x59\x43\x91"
20578 "\x75\xfa\x6c\x17\xc6\x73\xca",
20579 .clen = 47,
20580 }, {
20581 .key = "\x6b\xdc\x5a\xbb\x60\xe5\xf4\xa6"
20582 "\x05\x1d\x2c\x68\xdb\xda\x8f\x25",
20583 .klen = 16,
20584 .iv = "\x7a\xa5\xe8\x23\xa4\x84\x9e\x2d"
20585 "\x25\x53\x58\x8c\xda\xa3\xc0\xa6",
20586 .assoc = "",
20587 .alen = 0,
20588 .ptext = "\x98\x37\x05\xf3\x2c\xc2\xf3\x3b"
20589 "\x66\xc0\xb1\xd5\xd7\x35\x21\xaa"
20590 "\x5d\x9f\xce\x7c\xe2\xb8\xad\xad"
20591 "\x19\x33\xe0\xf4\x40\x81\x72\x28",
20592 .plen = 32,
20593 .ctext = "\xdb\x49\x68\x0f\x91\x5b\x21\xb1"
20594 "\xcf\x50\xb2\x4c\x32\xe1\xa6\x69"
20595 "\xc0\xfb\x44\x1f\xa0\x9a\xeb\x39"
20596 "\x1b\xde\x68\x38\xcc\x27\x52\xc5"
20597 "\xf6\x3e\x74\xea\x66\x5b\x5f\x0c"
20598 "\x65\x9e\x58\xe6\x52\xa2\xfe\x59",
20599 .clen = 48,
20600 }, {
20601 .key = "\xa7\x00\x93\x5b\x70\x61\x9d\xc2"
20602 "\x86\xf7\xde\xfa\xd5\xfe\x52\x2b",
20603 .klen = 16,
20604 .iv = "\xb6\xca\x22\xc3\xb4\x00\x47\x49"
20605 "\xa6\x2d\x0a\x1e\xd4\xc7\x83\xad",
20606 .assoc = "\xc5",
20607 .alen = 1,
20608 .ptext = "",
20609 .plen = 0,
20610 .ctext = "\x56\xe7\x24\x52\xdd\x95\x60\x5b"
20611 "\x09\x48\x39\x69\x9c\xb3\x62\x46",
20612 .clen = 16,
20613 }, {
20614 .key = "\xe4\x25\xcd\xfa\x80\xdd\x46\xde"
20615 "\x07\xd1\x90\x8b\xcf\x23\x15\x31",
20616 .klen = 16,
20617 .iv = "\xf3\xee\x5c\x62\xc4\x7c\xf0\x65"
20618 "\x27\x08\xbd\xaf\xce\xec\x45\xb3",
20619 .assoc = "\x02\xb8\xea\xca\x09\x1b\x9a\xec"
20620 "\x47\x3e\xe9\xd4\xcc\xb5\x76",
20621 .alen = 15,
20622 .ptext = "",
20623 .plen = 0,
20624 .ctext = "\xdd\xfa\x6c\x1f\x5d\x86\x87\x01"
20625 "\x13\xe5\x73\x46\x46\xf2\x5c\xe1",
20626 .clen = 16,
20627 }, {
20628 .key = "\x20\x4a\x07\x99\x91\x58\xee\xfa"
20629 "\x88\xab\x42\x1c\xc9\x47\xd7\x38",
20630 .klen = 16,
20631 .iv = "\x2f\x13\x95\x01\xd5\xf7\x99\x81"
20632 "\xa8\xe2\x6f\x41\xc8\x10\x08\xb9",
20633 .assoc = "\x3f\xdc\x24\x69\x19\x96\x43\x08"
20634 "\xc8\x18\x9b\x65\xc6\xd9\x39\x3b",
20635 .alen = 16,
20636 .ptext = "",
20637 .plen = 0,
20638 .ctext = "\xa6\x1b\xb9\xd7\x5e\x3c\xcf\xac"
20639 "\xa9\x21\x45\x0b\x16\x52\xf7\xe1",
20640 .clen = 16,
20641 }, {
20642 .key = "\x5d\x6f\x41\x39\xa1\xd4\x97\x16"
20643 "\x09\x85\xf4\xae\xc3\x6b\x9a\x3e",
20644 .klen = 16,
20645 .iv = "\x6c\x38\xcf\xa1\xe5\x73\x41\x9d"
20646 "\x29\xbc\x21\xd2\xc2\x35\xcb\xbf",
20647 .assoc = "\x7b\x01\x5d\x08\x29\x12\xec\x24"
20648 "\x49\xf3\x4d\xf7\xc0\xfe\xfb\x41"
20649 "\x3c",
20650 .alen = 17,
20651 .ptext = "",
20652 .plen = 0,
20653 .ctext = "\x15\xff\xde\x3b\x34\xfc\xf6\xf9"
20654 "\xbb\xa8\x62\xad\x0a\xf5\x48\x60",
20655 .clen = 16,
20656 }, {
20657 .key = "\x99\x93\x7a\xd8\xb1\x50\x40\x31"
20658 "\x8a\x60\xa6\x3f\xbd\x90\x5d\x44",
20659 .klen = 16,
20660 .iv = "\xa8\x5c\x09\x40\xf5\xef\xea\xb8"
20661 "\xaa\x96\xd3\x64\xbc\x59\x8d\xc6",
20662 .assoc = "\xb8\x26\x97\xa8\x39\x8e\x94\x3f"
20663 "\xca\xcd\xff\x88\xba\x22\xbe\x47"
20664 "\x67\xba\x85\xf1\xbb\x30\x56\x26"
20665 "\xaf\x0b\x02\x38\xcc\x44\xa7",
20666 .alen = 31,
20667 .ptext = "",
20668 .plen = 0,
20669 .ctext = "\xd2\x9d\xf8\x3b\xd7\x84\xe9\x2d"
20670 "\x4b\xef\x75\x16\x0a\x99\xae\x6b",
20671 .clen = 16,
20672 }, {
20673 .key = "\xd6\xb8\xb4\x77\xc1\xcb\xe9\x4d"
20674 "\x0a\x3a\x58\xd1\xb7\xb4\x1f\x4a",
20675 .klen = 16,
20676 .iv = "\xe5\x81\x42\xdf\x05\x6a\x93\xd4"
20677 "\x2b\x70\x85\xf5\xb6\x7d\x50\xcc",
20678 .assoc = "\xf4\x4a\xd1\x47\x49\x09\x3d\x5b"
20679 "\x4b\xa7\xb1\x19\xb4\x46\x81\x4d"
20680 "\x91\x7c\x91\x75\xc0\xd0\xd8\x40"
20681 "\x71\x39\xe1\x10\xa6\xa3\x46\x7a",
20682 .alen = 32,
20683 .ptext = "",
20684 .plen = 0,
20685 .ctext = "\xe4\x8d\xa7\xa7\x45\xc1\x31\x4f"
20686 "\xce\xfb\xaf\xd6\xc2\xe6\xee\xc0",
20687 .clen = 16,
20688 }, {
20689 .key = "\x12\xdd\xee\x17\xd1\x47\x92\x69"
20690 "\x8b\x14\x0a\x62\xb1\xd9\xe2\x50",
20691 .klen = 16,
20692 .iv = "\x22\xa6\x7c\x7f\x15\xe6\x3c\xf0"
20693 "\xac\x4b\x37\x86\xb0\xa2\x13\xd2",
20694 .assoc = "\x31",
20695 .alen = 1,
20696 .ptext = "\x40",
20697 .plen = 1,
20698 .ctext = "\xe2\x67\x38\x4f\xb9\xad\x7d\x38"
20699 "\x01\xfe\x84\x14\x85\xf8\xd1\xe3"
20700 "\x22",
20701 .clen = 17,
20702 }, {
20703 .key = "\x4f\x01\x27\xb6\xe1\xc3\x3a\x85"
20704 "\x0c\xee\xbc\xf4\xab\xfd\xa5\x57",
20705 .klen = 16,
20706 .iv = "\x5e\xcb\xb6\x1e\x25\x62\xe4\x0c"
20707 "\x2d\x25\xe9\x18\xaa\xc6\xd5\xd8",
20708 .assoc = "\x6d\x94\x44\x86\x69\x00\x8f\x93"
20709 "\x4d\x5b\x15\x3c\xa8\x8f\x06",
20710 .alen = 15,
20711 .ptext = "\x7c\x5d\xd3\xee\xad\x9f\x39\x1a"
20712 "\x6d\x92\x42\x61\xa7\x58\x37",
20713 .plen = 15,
20714 .ctext = "\x77\x32\x61\xeb\xb4\x33\x29\x92"
20715 "\x29\x95\xc5\x8e\x85\x76\xab\xfc"
20716 "\x07\x95\xa7\x44\x74\xf7\x22\xff"
20717 "\xd8\xd8\x36\x3d\x8a\x7f\x9e",
20718 .clen = 31,
20719 }, {
20720 .key = "\x8b\x26\x61\x55\xf1\x3e\xe3\xa1"
20721 "\x8d\xc8\x6e\x85\xa5\x21\x67\x5d",
20722 .klen = 16,
20723 .iv = "\x9b\xef\xf0\xbd\x35\xdd\x8d\x28"
20724 "\xad\xff\x9b\xa9\xa4\xeb\x98\xdf",
20725 .assoc = "\xaa\xb8\x7e\x25\x79\x7c\x37\xaf"
20726 "\xce\x36\xc7\xce\xa2\xb4\xc9\x60",
20727 .alen = 16,
20728 .ptext = "\xb9\x82\x0c\x8d\xbd\x1b\xe2\x36"
20729 "\xee\x6c\xf4\xf2\xa1\x7d\xf9\xe2",
20730 .plen = 16,
20731 .ctext = "\xd8\xfd\x44\x45\xf6\x42\x12\x38"
20732 "\xf2\x0b\xea\x4f\x9e\x11\x61\x07"
20733 "\x48\x67\x98\x18\x9b\xd0\x0c\x59"
20734 "\x67\xa4\x11\xb3\x2b\xd6\xc1\x70",
20735 .clen = 32,
20736 }, {
20737 .key = "\xc8\x4b\x9b\xf5\x01\xba\x8c\xbd"
20738 "\x0e\xa3\x21\x16\x9f\x46\x2a\x63",
20739 .klen = 16,
20740 .iv = "\xd7\x14\x29\x5d\x45\x59\x36\x44"
20741 "\x2e\xd9\x4d\x3b\x9e\x0f\x5b\xe5",
20742 .assoc = "\xe6\xdd\xb8\xc4\x89\xf8\xe0\xca"
20743 "\x4f\x10\x7a\x5f\x9c\xd8\x8b\x66"
20744 "\x3b",
20745 .alen = 17,
20746 .ptext = "\xf5\xa6\x46\x2c\xce\x97\x8a\x51"
20747 "\x6f\x46\xa6\x83\x9b\xa1\xbc\xe8"
20748 "\x05",
20749 .plen = 17,
20750 .ctext = "\xb1\xab\x53\x4e\xc7\x40\x16\xb6"
20751 "\x71\x3a\x00\x9f\x41\x88\xb0\xb2"
20752 "\x71\x83\x85\x5f\xc8\x79\x0a\x99"
20753 "\x99\xdc\x89\x1c\x88\xd2\x3e\xf9"
20754 "\x83",
20755 .clen = 33,
20756 }, {
20757 .key = "\x05\x70\xd5\x94\x12\x36\x35\xd8"
20758 "\x8f\x7d\xd3\xa8\x99\x6a\xed\x69",
20759 .klen = 16,
20760 .iv = "\x14\x39\x63\xfc\x56\xd5\xdf\x5f"
20761 "\xaf\xb3\xff\xcc\x98\x33\x1d\xeb",
20762 .assoc = "\x23\x02\xf1\x64\x9a\x73\x89\xe6"
20763 "\xd0\xea\x2c\xf1\x96\xfc\x4e\x6d"
20764 "\x65\x48\xcb\x0a\xda\xf0\x62\xc0"
20765 "\x38\x1d\x3b\x4a\xe9\x7e\x62",
20766 .alen = 31,
20767 .ptext = "\x32\xcb\x80\xcc\xde\x12\x33\x6d"
20768 "\xf0\x20\x58\x15\x95\xc6\x7f\xee"
20769 "\x2f\xf9\x4e\x2c\x1b\x98\x43\xc7"
20770 "\x68\x28\x73\x40\x9f\x96\x4a",
20771 .plen = 31,
20772 .ctext = "\x29\xc4\xf0\x03\xc1\x86\xdf\x06"
20773 "\x5c\x7b\xef\x64\x87\x00\xd1\x37"
20774 "\xa7\x08\xbc\x7f\x8f\x41\x54\xd0"
20775 "\x3e\xf1\xc3\xa2\x96\x84\xdd\x2a"
20776 "\x2d\x21\x30\xf9\x02\xdb\x06\x0c"
20777 "\xf1\x5a\x66\x69\xe0\xca\x83",
20778 .clen = 47,
20779 }, {
20780 .key = "\x41\x94\x0e\x33\x22\xb1\xdd\xf4"
20781 "\x10\x57\x85\x39\x93\x8f\xaf\x70",
20782 .klen = 16,
20783 .iv = "\x50\x5d\x9d\x9b\x66\x50\x88\x7b"
20784 "\x30\x8e\xb1\x5e\x92\x58\xe0\xf1",
20785 .assoc = "\x5f\x27\x2b\x03\xaa\xef\x32\x02"
20786 "\x50\xc4\xde\x82\x90\x21\x11\x73"
20787 "\x8f\x0a\xd6\x8f\xdf\x90\xe4\xda"
20788 "\xf9\x4a\x1a\x23\xc3\xdd\x02\x81",
20789 .alen = 32,
20790 .ptext = "\x6e\xf0\xba\x6b\xee\x8e\xdc\x89"
20791 "\x71\xfb\x0a\xa6\x8f\xea\x41\xf4"
20792 "\x5a\xbb\x59\xb0\x20\x38\xc5\xe0"
20793 "\x29\x56\x52\x19\x79\xf5\xe9\x37",
20794 .plen = 32,
20795 .ctext = "\xe2\x2e\x44\xdf\xd3\x60\x6d\xb2"
20796 "\x70\x57\x37\xc5\xc2\x4f\x8d\x14"
20797 "\xc6\xbf\x8b\xec\xf5\x62\x67\xf2"
20798 "\x2f\xa1\xe6\xd6\xa7\xb1\x8c\x54"
20799 "\xe5\x6b\x49\xf9\x6e\x90\xc3\xaa"
20800 "\x7a\x00\x2e\x4d\x7f\x31\x2e\x81",
20801 .clen = 48,
20802 }, {
20803 .key = "\x7e\xb9\x48\xd3\x32\x2d\x86\x10"
20804 "\x91\x31\x37\xcb\x8d\xb3\x72\x76",
20805 .klen = 16,
20806 .iv = "\x8d\x82\xd6\x3b\x76\xcc\x30\x97"
20807 "\xb1\x68\x63\xef\x8c\x7c\xa3\xf7",
20808 .assoc = "\x9c\x4b\x65\xa2\xba\x6b\xdb\x1e"
20809 "\xd1\x9e\x90\x13\x8a\x45\xd3\x79"
20810 "\xba\xcd\xe2\x13\xe4\x30\x66\xf4"
20811 "\xba\x78\xf9\xfb\x9d\x3c\xa1\x58"
20812 "\x1a",
20813 .alen = 33,
20814 .ptext = "\xab\x14\xf3\x0a\xfe\x0a\x85\xa5"
20815 "\xf2\xd5\xbc\x38\x89\x0e\x04\xfb"
20816 "\x84\x7d\x65\x34\x25\xd8\x47\xfa"
20817 "\xeb\x83\x31\xf1\x54\x54\x89\x0d"
20818 "\x9d\x4d\x54\x51\x84\x61\xf6\x8e"
20819 "\x03\x31\xf2\x25\x16\xcc\xaa\xc6"
20820 "\x75\x73\x20\x30\x59\x54\xb2\xf0"
20821 "\x3a\x4b\xe0\x23\x8e\xa6\x08\x35"
20822 "\x8a",
20823 .plen = 65,
20824 .ctext = "\xc7\xca\x26\x61\x57\xee\xa2\xb9"
20825 "\xb1\x37\xde\x95\x06\x90\x11\x08"
20826 "\x4d\x30\x9f\x24\xc0\x56\xb7\xe1"
20827 "\x0b\x9f\xd2\x57\xe9\xd2\xb1\x76"
20828 "\x56\x9a\xb4\x58\xc5\x08\xfc\xb5"
20829 "\xf2\x31\x9b\xc9\xcd\xb3\x64\xdb"
20830 "\x6f\x50\xbf\xf4\x73\x9d\xfb\x6b"
20831 "\xef\x35\x25\x48\xed\xcf\x29\xa8"
20832 "\xac\xc3\xb9\xcb\x61\x8f\x73\x92"
20833 "\x2c\x7a\x6f\xda\xf9\x09\x6f\xe1"
20834 "\xc4",
20835 .clen = 81,
20836 }, {
20837 .key = "\xba\xde\x82\x72\x42\xa9\x2f\x2c"
20838 "\x12\x0b\xe9\x5c\x87\xd7\x35\x7c",
20839 .klen = 16,
20840 .iv = "\xc9\xa7\x10\xda\x86\x48\xd9\xb3"
20841 "\x32\x42\x15\x80\x85\xa1\x65\xfe",
20842 .assoc = "\xd8\x70\x9f\x42\xca\xe6\x83\x3a"
20843 "\x52\x79\x42\xa5\x84\x6a\x96\x7f"
20844 "\xe4\x8f\xed\x97\xe9\xd0\xe8\x0d"
20845 "\x7c\xa6\xd8\xd4\x77\x9b\x40\x2e"
20846 "\x28\xce\x57\x34\xcd\x6e\x84\x4c"
20847 "\x17\x3c\xe1\xb2\xa8\x0b\xbb\xf1"
20848 "\x96\x41\x0d\x69\xe8\x54\x0a\xc8"
20849 "\x15\x4e\x91\x92\x89\x4b\xb7\x9b"
20850 "\x21",
20851 .alen = 65,
20852 .ptext = "\xe8\x39\x2d\xaa\x0e\x85\x2d\xc1"
20853 "\x72\xaf\x6e\xc9\x82\x33\xc7\x01"
20854 "\xaf\x40\x70\xb8\x2a\x78\xc9\x14"
20855 "\xac\xb1\x10\xca\x2e\xb3\x28\xe4"
20856 "\xac",
20857 .plen = 33,
20858 .ctext = "\x57\xcd\x3d\x46\xc5\xf9\x68\x3b"
20859 "\x2c\x0f\xb4\x7e\x7b\x64\x3e\x40"
20860 "\xf3\x78\x63\x34\x89\x79\x39\x6b"
20861 "\x61\x64\x4a\x9a\xfa\x70\xa4\xd3"
20862 "\x54\x0b\xea\x05\xa6\x95\x64\xed"
20863 "\x3d\x69\xa2\x0c\x27\x56\x2f\x34"
20864 "\x66",
20865 .clen = 49,
20866 }, {
20867 .key = "\xf7\x02\xbb\x11\x52\x24\xd8\x48"
20868 "\x93\xe6\x9b\xee\x81\xfc\xf7\x82",
20869 .klen = 16,
20870 .iv = "\x06\xcc\x4a\x79\x96\xc3\x82\xcf"
20871 "\xb3\x1c\xc7\x12\x7f\xc5\x28\x04",
20872 .assoc = "\x15\x95\xd8\xe1\xda\x62\x2c\x56"
20873 "\xd3\x53\xf4\x36\x7e\x8e\x59\x85",
20874 .alen = 16,
20875 .ptext = "\x24\x5e\x67\x49\x1e\x01\xd6\xdd"
20876 "\xf3\x89\x20\x5b\x7c\x57\x89\x07",
20877 .plen = 16,
20878 .ctext = "\xfc\x85\x06\x28\x8f\xe8\x23\x1f"
20879 "\x33\x98\x87\xde\x08\xb6\xb6\xae"
20880 "\x3e\xa4\xf8\x19\xf1\x92\x60\x39"
20881 "\xb9\x6b\x3f\xdf\xc8\xcb\x30",
20882 .clen = 31,
20883 }, {
20884 .key = "\x33\x27\xf5\xb1\x62\xa0\x80\x63"
20885 "\x14\xc0\x4d\x7f\x7b\x20\xba\x89",
20886 .klen = 16,
20887 .iv = "\x42\xf0\x84\x19\xa6\x3f\x2b\xea"
20888 "\x34\xf6\x79\xa3\x79\xe9\xeb\x0a",
20889 .assoc = "\x51\xb9\x12\x80\xea\xde\xd5\x71"
20890 "\x54\x2d\xa6\xc8\x78\xb2\x1b\x8c",
20891 .alen = 16,
20892 .ptext = "\x61\x83\xa0\xe8\x2e\x7d\x7f\xf8"
20893 "\x74\x63\xd2\xec\x76\x7c\x4c\x0d",
20894 .plen = 16,
20895 .ctext = "\x74\x7d\x70\x07\xe9\xba\x01\xee"
20896 "\x6c\xc6\x6f\x50\x25\x33\xbe\x50"
20897 "\x17\xb8\x17\x62\xed\x80\xa2\xf5"
20898 "\x03\xde\x85\x71\x5d\x34",
20899 .clen = 30,
20900 }, {
20901 .key = "\x70\x4c\x2f\x50\x72\x1c\x29\x7f"
20902 "\x95\x9a\xff\x10\x75\x45\x7d\x8f",
20903 .klen = 16,
20904 .iv = "\x7f\x15\xbd\xb8\xb6\xba\xd3\x06"
20905 "\xb5\xd1\x2b\x35\x73\x0e\xad\x10",
20906 .assoc = "\x8e\xde\x4c\x20\xfa\x59\x7e\x8d"
20907 "\xd5\x07\x58\x59\x72\xd7\xde\x92",
20908 .alen = 16,
20909 .ptext = "\x9d\xa7\xda\x88\x3e\xf8\x28\x14"
20910 "\xf5\x3e\x85\x7d\x70\xa0\x0f\x13",
20911 .plen = 16,
20912 .ctext = "\xf4\xb3\x85\xf9\xac\xde\xb1\x38"
20913 "\x29\xfd\x6c\x7c\x49\xe5\x1d\xaf"
20914 "\xba\xea\xd4\xfa\x3f\x11\x33\x98",
20915 .clen = 24,
20916 }, {
20917 .key = "\xac\x70\x69\xef\x82\x97\xd2\x9b"
20918 "\x15\x74\xb1\xa2\x6f\x69\x3f\x95",
20919 .klen = 16,
20920 .iv = "\xbb\x3a\xf7\x57\xc6\x36\x7c\x22"
20921 "\x36\xab\xde\xc6\x6d\x32\x70\x17",
20922 .assoc = "\xcb\x03\x85\xbf\x0a\xd5\x26\xa9"
20923 "\x56\xe1\x0a\xeb\x6c\xfb\xa1\x98",
20924 .alen = 16,
20925 .ptext = "\xda\xcc\x14\x27\x4e\x74\xd1\x30"
20926 "\x76\x18\x37\x0f\x6a\xc4\xd1\x1a",
20927 .plen = 16,
20928 .ctext = "\xe6\x5c\x49\x4f\x78\xf3\x62\x86"
20929 "\xe1\xb7\xa5\xc3\x32\x88\x3c\x8c"
20930 "\x6e",
20931 .clen = 17,
20932 },
20933};
20934
20935/*
20936 * MORUS-1280 test vectors - generated via reference implementation from
20937 * SUPERCOP (https://bench.cr.yp.to/supercop.html):
20938 *
20939 * https://bench.cr.yp.to/supercop/supercop-20170228.tar.xz
20940 * (see crypto_aead/morus1280128v2/ and crypto_aead/morus1280256v2/ )
20941 */
20942static const struct aead_testvec morus1280_tv_template[] = {
20943 {
20944 .key = "\x00\x00\x00\x00\x00\x00\x00\x00"
20945 "\x00\x00\x00\x00\x00\x00\x00\x00",
20946 .klen = 16,
20947 .iv = "\x0f\xc9\x8e\x67\x44\x9e\xaa\x86"
20948 "\x20\x36\x2c\x24\xfe\xc9\x30\x81",
20949 .assoc = "",
20950 .alen = 0,
20951 .ptext = "",
20952 .plen = 0,
20953 .ctext = "\x91\x85\x0f\xf5\x52\x9e\xce\xce"
20954 "\x65\x99\xc7\xbf\xd3\x76\xe8\x98",
20955 .clen = 16,
20956 }, {
20957 .key = "\x3c\x24\x39\x9f\x10\x7b\xa8\x1b"
20958 "\x80\xda\xb2\x91\xf9\x24\xc2\x06",
20959 .klen = 16,
20960 .iv = "\x4b\xed\xc8\x07\x54\x1a\x52\xa2"
20961 "\xa1\x10\xde\xb5\xf8\xed\xf3\x87",
20962 .assoc = "",
20963 .alen = 0,
20964 .ptext = "\x69",
20965 .plen = 1,
20966 .ctext = "\x88\xc3\x4c\xf0\x2f\x43\x76\x13"
20967 "\x96\xda\x76\x34\x33\x4e\xd5\x39"
20968 "\x73",
20969 .clen = 17,
20970 }, {
20971 .key = "\x79\x49\x73\x3e\x20\xf7\x51\x37"
20972 "\x01\xb4\x64\x22\xf3\x48\x85\x0c",
20973 .klen = 16,
20974 .iv = "\x88\x12\x01\xa6\x64\x96\xfb\xbe"
20975 "\x22\xea\x90\x47\xf2\x11\xb5\x8e",
20976 .assoc = "",
20977 .alen = 0,
20978 .ptext = "\xa6\xa4\x1e\x76\xec\xd4\x50\xcc"
20979 "\x62\x58\xe9\x8f\xef\xa4\x17\x91"
20980 "\xb4\x96\x9f\x6b\xce\x38\xa5\x46"
20981 "\x13\x7d\x64\x93\xd7\x05\xf5",
20982 .plen = 31,
20983 .ctext = "\x3e\x5c\x3b\x58\x3b\x7d\x2a\x22"
20984 "\x75\x0b\x24\xa6\x0e\xc3\xde\x52"
20985 "\x97\x0b\x64\xd4\xce\x90\x52\xf7"
20986 "\xef\xdb\x6a\x38\xd2\xa8\xa1\x0d"
20987 "\xe0\x61\x33\x24\xc6\x4d\x51\xbc"
20988 "\xa4\x21\x74\xcf\x19\x16\x59",
20989 .clen = 47,
20990 }, {
20991 .key = "\xb5\x6e\xad\xdd\x30\x72\xfa\x53"
20992 "\x82\x8e\x16\xb4\xed\x6d\x47\x12",
20993 .klen = 16,
20994 .iv = "\xc4\x37\x3b\x45\x74\x11\xa4\xda"
20995 "\xa2\xc5\x42\xd8\xec\x36\x78\x94",
20996 .assoc = "",
20997 .alen = 0,
20998 .ptext = "\xe2\xc9\x58\x15\xfc\x4f\xf8\xe8"
20999 "\xe3\x32\x9b\x21\xe9\xc8\xd9\x97"
21000 "\xde\x58\xab\xf0\xd3\xd8\x27\x60"
21001 "\xd5\xaa\x43\x6b\xb1\x64\x95\xa4",
21002 .plen = 32,
21003 .ctext = "\x30\x82\x9c\x2b\x67\xcb\xf9\x1f"
21004 "\xde\x9f\x77\xb2\xda\x92\x61\x5c"
21005 "\x09\x0b\x2d\x9a\x26\xaa\x1c\x06"
21006 "\xab\x74\xb7\x2b\x95\x5f\x9f\xa1"
21007 "\x9a\xff\x50\xa0\xa2\xff\xc5\xad"
21008 "\x21\x8e\x84\x5c\x12\x61\xb2\xae",
21009 .clen = 48,
21010 }, {
21011 .key = "\xf2\x92\xe6\x7d\x40\xee\xa3\x6f"
21012 "\x03\x68\xc8\x45\xe7\x91\x0a\x18",
21013 .klen = 16,
21014 .iv = "\x01\x5c\x75\xe5\x84\x8d\x4d\xf6"
21015 "\x23\x9f\xf4\x6a\xe6\x5a\x3b\x9a",
21016 .assoc = "",
21017 .alen = 0,
21018 .ptext = "\x1f\xee\x92\xb4\x0c\xcb\xa1\x04"
21019 "\x64\x0c\x4d\xb2\xe3\xec\x9c\x9d"
21020 "\x09\x1a\xb7\x74\xd8\x78\xa9\x79"
21021 "\x96\xd8\x22\x43\x8c\xc3\x34\x7b"
21022 "\xc4",
21023 .plen = 33,
21024 .ctext = "\x67\x5d\x8e\x45\xc8\x39\xf5\x17"
21025 "\xc1\x1d\x2a\xdd\x88\x67\xda\x1f"
21026 "\x6d\xe8\x37\x28\x5a\xc1\x5e\x9f"
21027 "\xa6\xec\xc6\x92\x05\x4b\xc0\xa3"
21028 "\x63\xef\x88\xa4\x9b\x0a\x5c\xed"
21029 "\x2b\x6a\xac\x63\x52\xaa\x10\x94"
21030 "\xd0",
21031 .clen = 49,
21032 }, {
21033 .key = "\x2e\xb7\x20\x1c\x50\x6a\x4b\x8b"
21034 "\x84\x42\x7a\xd7\xe1\xb5\xcd\x1f",
21035 .klen = 16,
21036 .iv = "\x3d\x80\xae\x84\x94\x09\xf6\x12"
21037 "\xa4\x79\xa6\xfb\xe0\x7f\xfd\xa0",
21038 .assoc = "",
21039 .alen = 0,
21040 .ptext = "\x5c\x13\xcb\x54\x1c\x47\x4a\x1f"
21041 "\xe5\xe6\xff\x44\xdd\x11\x5f\xa3"
21042 "\x33\xdd\xc2\xf8\xdd\x18\x2b\x93"
21043 "\x57\x05\x01\x1c\x66\x22\xd3\x51"
21044 "\xd3\xdf\x18\xc9\x30\x66\xed\xb1"
21045 "\x96\x58\xd5\x8c\x64\x8c\x7c\xf5"
21046 "\x01\xd0\x74\x5f\x9b\xaa\xf6\xd1"
21047 "\xe6\x16\xa2\xac\xde\x47\x40",
21048 .plen = 63,
21049 .ctext = "\x7d\x61\x1a\x35\x20\xcc\x07\x88"
21050 "\x03\x98\x87\xcf\xc0\x6e\x4d\x19"
21051 "\xe3\xd4\x0b\xfb\x29\x8f\x49\x1a"
21052 "\x3a\x06\x77\xce\x71\x2c\xcd\xdd"
21053 "\xed\xf6\xc9\xbe\xa6\x3b\xb8\xfc"
21054 "\x6c\xbe\x77\xed\x74\x0e\x20\x85"
21055 "\xd0\x65\xde\x24\x6f\xe3\x25\xc5"
21056 "\xdf\x5b\x0f\xbd\x8a\x88\x78\xc9"
21057 "\xe5\x81\x37\xde\x84\x7a\xf6\x84"
21058 "\x99\x7a\x72\x9c\x54\x31\xa1",
21059 .clen = 79,
21060 }, {
21061 .key = "\x6b\xdc\x5a\xbb\x60\xe5\xf4\xa6"
21062 "\x05\x1d\x2c\x68\xdb\xda\x8f\x25",
21063 .klen = 16,
21064 .iv = "\x7a\xa5\xe8\x23\xa4\x84\x9e\x2d"
21065 "\x25\x53\x58\x8c\xda\xa3\xc0\xa6",
21066 .assoc = "",
21067 .alen = 0,
21068 .ptext = "\x98\x37\x05\xf3\x2c\xc2\xf3\x3b"
21069 "\x66\xc0\xb1\xd5\xd7\x35\x21\xaa"
21070 "\x5d\x9f\xce\x7c\xe2\xb8\xad\xad"
21071 "\x19\x33\xe0\xf4\x40\x81\x72\x28"
21072 "\xe1\x8b\x1c\xf8\x91\x78\xff\xaf"
21073 "\xb0\x68\x69\xf2\x27\x35\x91\x84"
21074 "\x2e\x37\x5b\x00\x04\xff\x16\x9c"
21075 "\xb5\x19\x39\xeb\xd9\xcd\x29\x9a",
21076 .plen = 64,
21077 .ctext = "\x05\xc5\xb1\xf9\x1b\xb9\xab\x2c"
21078 "\xa5\x07\x12\xa7\x12\x39\x60\x66"
21079 "\x30\x81\x4a\x03\x78\x28\x45\x52"
21080 "\xd2\x2b\x24\xfd\x8b\xa5\xb7\x66"
21081 "\x6f\x45\xd7\x3b\x67\x6f\x51\xb9"
21082 "\xc0\x3d\x6c\xca\x1e\xae\xff\xb6"
21083 "\x79\xa9\xe4\x82\x5d\x4c\x2d\xdf"
21084 "\xeb\x71\x40\xc9\x2c\x40\x45\x6d"
21085 "\x73\x77\x01\xf3\x4f\xf3\x9d\x2a"
21086 "\x5d\x57\xa8\xa1\x18\xa2\xad\xcb",
21087 .clen = 80,
21088 }, {
21089 .key = "\xa7\x00\x93\x5b\x70\x61\x9d\xc2"
21090 "\x86\xf7\xde\xfa\xd5\xfe\x52\x2b",
21091 .klen = 16,
21092 .iv = "\xb6\xca\x22\xc3\xb4\x00\x47\x49"
21093 "\xa6\x2d\x0a\x1e\xd4\xc7\x83\xad",
21094 .assoc = "\xc5",
21095 .alen = 1,
21096 .ptext = "",
21097 .plen = 0,
21098 .ctext = "\x4d\xbf\x11\xac\x7f\x97\x0b\x2e"
21099 "\x89\x3b\x9d\x0f\x83\x1c\x08\xc3",
21100 .clen = 16,
21101 }, {
21102 .key = "\xe4\x25\xcd\xfa\x80\xdd\x46\xde"
21103 "\x07\xd1\x90\x8b\xcf\x23\x15\x31",
21104 .klen = 16,
21105 .iv = "\xf3\xee\x5c\x62\xc4\x7c\xf0\x65"
21106 "\x27\x08\xbd\xaf\xce\xec\x45\xb3",
21107 .assoc = "\x02\xb8\xea\xca\x09\x1b\x9a\xec"
21108 "\x47\x3e\xe9\xd4\xcc\xb5\x76\x34"
21109 "\xe8\x73\x62\x64\xab\x50\xd0\xda"
21110 "\x6b\x83\x66\xaf\x3e\x27\xc9",
21111 .alen = 31,
21112 .ptext = "",
21113 .plen = 0,
21114 .ctext = "\x5b\xc0\x8d\x54\xe4\xec\xbe\x38"
21115 "\x03\x12\xf9\xcc\x9e\x46\x42\x92",
21116 .clen = 16,
21117 }, {
21118 .key = "\x20\x4a\x07\x99\x91\x58\xee\xfa"
21119 "\x88\xab\x42\x1c\xc9\x47\xd7\x38",
21120 .klen = 16,
21121 .iv = "\x2f\x13\x95\x01\xd5\xf7\x99\x81"
21122 "\xa8\xe2\x6f\x41\xc8\x10\x08\xb9",
21123 .assoc = "\x3f\xdc\x24\x69\x19\x96\x43\x08"
21124 "\xc8\x18\x9b\x65\xc6\xd9\x39\x3b"
21125 "\x12\x35\x6e\xe8\xb0\xf0\x52\xf3"
21126 "\x2d\xb0\x45\x87\x18\x86\x68\xf6",
21127 .alen = 32,
21128 .ptext = "",
21129 .plen = 0,
21130 .ctext = "\x48\xc5\xc3\x4c\x40\x2e\x2f\xc2"
21131 "\x6d\x65\xe0\x67\x9c\x1d\xa0\xf0",
21132 .clen = 16,
21133 }, {
21134 .key = "\x5d\x6f\x41\x39\xa1\xd4\x97\x16"
21135 "\x09\x85\xf4\xae\xc3\x6b\x9a\x3e",
21136 .klen = 16,
21137 .iv = "\x6c\x38\xcf\xa1\xe5\x73\x41\x9d"
21138 "\x29\xbc\x21\xd2\xc2\x35\xcb\xbf",
21139 .assoc = "\x7b\x01\x5d\x08\x29\x12\xec\x24"
21140 "\x49\xf3\x4d\xf7\xc0\xfe\xfb\x41"
21141 "\x3c\xf8\x79\x6c\xb6\x90\xd4\x0d"
21142 "\xee\xde\x23\x60\xf2\xe5\x08\xcc"
21143 "\x97",
21144 .alen = 33,
21145 .ptext = "",
21146 .plen = 0,
21147 .ctext = "\x28\x64\x78\x51\x55\xd8\x56\x4a"
21148 "\x58\x3e\xf7\xbe\xee\x21\xfe\x94",
21149 .clen = 16,
21150 }, {
21151 .key = "\x99\x93\x7a\xd8\xb1\x50\x40\x31"
21152 "\x8a\x60\xa6\x3f\xbd\x90\x5d\x44",
21153 .klen = 16,
21154 .iv = "\xa8\x5c\x09\x40\xf5\xef\xea\xb8"
21155 "\xaa\x96\xd3\x64\xbc\x59\x8d\xc6",
21156 .assoc = "\xb8\x26\x97\xa8\x39\x8e\x94\x3f"
21157 "\xca\xcd\xff\x88\xba\x22\xbe\x47"
21158 "\x67\xba\x85\xf1\xbb\x30\x56\x26"
21159 "\xaf\x0b\x02\x38\xcc\x44\xa7\xa3"
21160 "\xa6\xbf\x31\x93\x60\xcd\xda\x63"
21161 "\x2c\xb1\xaa\x19\xc8\x19\xf8\xeb"
21162 "\x03\xa1\xe8\xbe\x37\x54\xec\xa2"
21163 "\xcd\x2c\x45\x58\xbd\x8e\x80",
21164 .alen = 63,
21165 .ptext = "",
21166 .plen = 0,
21167 .ctext = "\xb3\xa6\x00\x4e\x09\x20\xac\x21"
21168 "\x77\x72\x69\x76\x2d\x36\xe5\xc8",
21169 .clen = 16,
21170 }, {
21171 .key = "\xd6\xb8\xb4\x77\xc1\xcb\xe9\x4d"
21172 "\x0a\x3a\x58\xd1\xb7\xb4\x1f\x4a",
21173 .klen = 16,
21174 .iv = "\xe5\x81\x42\xdf\x05\x6a\x93\xd4"
21175 "\x2b\x70\x85\xf5\xb6\x7d\x50\xcc",
21176 .assoc = "\xf4\x4a\xd1\x47\x49\x09\x3d\x5b"
21177 "\x4b\xa7\xb1\x19\xb4\x46\x81\x4d"
21178 "\x91\x7c\x91\x75\xc0\xd0\xd8\x40"
21179 "\x71\x39\xe1\x10\xa6\xa3\x46\x7a"
21180 "\xb4\x6b\x35\xc2\xc1\xdf\xed\x60"
21181 "\x46\xc1\x3e\x7f\x8c\xc2\x0e\x7a"
21182 "\x30\x08\xd0\x5f\xa0\xaa\x0c\x6d"
21183 "\x9c\x2f\xdb\x97\xb8\x15\x69\x01",
21184 .alen = 64,
21185 .ptext = "",
21186 .plen = 0,
21187 .ctext = "\x65\x33\x7b\xa1\x63\xf4\x20\xdd"
21188 "\xe4\xb9\x4a\xaa\x9a\x21\xaa\x14",
21189 .clen = 16,
21190 }, {
21191 .key = "\x12\xdd\xee\x17\xd1\x47\x92\x69"
21192 "\x8b\x14\x0a\x62\xb1\xd9\xe2\x50",
21193 .klen = 16,
21194 .iv = "\x22\xa6\x7c\x7f\x15\xe6\x3c\xf0"
21195 "\xac\x4b\x37\x86\xb0\xa2\x13\xd2",
21196 .assoc = "\x31",
21197 .alen = 1,
21198 .ptext = "\x40",
21199 .plen = 1,
21200 .ctext = "\x1d\x47\x17\x34\x86\xf5\x54\x1a"
21201 "\x6d\x28\xb8\x5d\x6c\xcf\xa0\xb9"
21202 "\xbf",
21203 .clen = 17,
21204 }, {
21205 .key = "\x4f\x01\x27\xb6\xe1\xc3\x3a\x85"
21206 "\x0c\xee\xbc\xf4\xab\xfd\xa5\x57",
21207 .klen = 16,
21208 .iv = "\x5e\xcb\xb6\x1e\x25\x62\xe4\x0c"
21209 "\x2d\x25\xe9\x18\xaa\xc6\xd5\xd8",
21210 .assoc = "\x6d\x94\x44\x86\x69\x00\x8f\x93"
21211 "\x4d\x5b\x15\x3c\xa8\x8f\x06\x5a"
21212 "\xe6\x01\xa8\x7e\xca\x10\xdc\x73"
21213 "\xf4\x94\x9f\xc1\x5a\x61\x85",
21214 .alen = 31,
21215 .ptext = "\x7c\x5d\xd3\xee\xad\x9f\x39\x1a"
21216 "\x6d\x92\x42\x61\xa7\x58\x37\xdb"
21217 "\xb0\xb2\x2b\x9f\x0b\xb8\xbd\x7a"
21218 "\x24\xa0\xd6\xb7\x11\x79\x6c",
21219 .plen = 31,
21220 .ctext = "\x78\x90\x52\xae\x0f\xf7\x2e\xef"
21221 "\x63\x09\x08\x58\xb5\x56\xbd\x72"
21222 "\x6e\x42\xcf\x27\x04\x7c\xdb\x92"
21223 "\x18\xe9\xa4\x33\x90\xba\x62\xb5"
21224 "\x70\xd3\x88\x9b\x4f\x05\xa7\x51"
21225 "\x85\x87\x17\x09\x42\xed\x4e",
21226 .clen = 47,
21227 }, {
21228 .key = "\x8b\x26\x61\x55\xf1\x3e\xe3\xa1"
21229 "\x8d\xc8\x6e\x85\xa5\x21\x67\x5d",
21230 .klen = 16,
21231 .iv = "\x9b\xef\xf0\xbd\x35\xdd\x8d\x28"
21232 "\xad\xff\x9b\xa9\xa4\xeb\x98\xdf",
21233 .assoc = "\xaa\xb8\x7e\x25\x79\x7c\x37\xaf"
21234 "\xce\x36\xc7\xce\xa2\xb4\xc9\x60"
21235 "\x10\xc3\xb3\x02\xcf\xb0\x5e\x8d"
21236 "\xb5\xc2\x7e\x9a\x35\xc0\x24\xfd",
21237 .alen = 32,
21238 .ptext = "\xb9\x82\x0c\x8d\xbd\x1b\xe2\x36"
21239 "\xee\x6c\xf4\xf2\xa1\x7d\xf9\xe2"
21240 "\xdb\x74\x36\x23\x11\x58\x3f\x93"
21241 "\xe5\xcd\xb5\x90\xeb\xd8\x0c\xb3",
21242 .plen = 32,
21243 .ctext = "\x1d\x2c\x57\xe0\x50\x38\x3d\x41"
21244 "\x2e\x71\xc8\x3b\x92\x43\x58\xaf"
21245 "\x5a\xfb\xad\x8f\xd9\xd5\x8a\x5e"
21246 "\xdb\xf3\xcd\x3a\x2b\xe1\x2c\x1a"
21247 "\xb0\xed\xe3\x0c\x6e\xf9\xf2\xd6"
21248 "\x90\xe6\xb1\x0e\xa5\x8a\xac\xb7",
21249 .clen = 48,
21250 }, {
21251 .key = "\xc8\x4b\x9b\xf5\x01\xba\x8c\xbd"
21252 "\x0e\xa3\x21\x16\x9f\x46\x2a\x63",
21253 .klen = 16,
21254 .iv = "\xd7\x14\x29\x5d\x45\x59\x36\x44"
21255 "\x2e\xd9\x4d\x3b\x9e\x0f\x5b\xe5",
21256 .assoc = "\xe6\xdd\xb8\xc4\x89\xf8\xe0\xca"
21257 "\x4f\x10\x7a\x5f\x9c\xd8\x8b\x66"
21258 "\x3b\x86\xbf\x86\xd4\x50\xe0\xa7"
21259 "\x76\xef\x5c\x72\x0f\x1f\xc3\xd4"
21260 "\xee",
21261 .alen = 33,
21262 .ptext = "\xf5\xa6\x46\x2c\xce\x97\x8a\x51"
21263 "\x6f\x46\xa6\x83\x9b\xa1\xbc\xe8"
21264 "\x05\x36\x42\xa7\x16\xf8\xc1\xad"
21265 "\xa7\xfb\x94\x68\xc5\x37\xab\x8a"
21266 "\x72",
21267 .plen = 33,
21268 .ctext = "\x59\x10\x84\x1c\x83\x4c\x8b\xfc"
21269 "\xfd\x2e\x4b\x46\x84\xff\x78\x4e"
21270 "\x50\xda\x5c\xb9\x61\x1d\xf5\xb9"
21271 "\xfe\xbb\x7f\xae\x8c\xc1\x24\xbd"
21272 "\x8c\x6f\x1f\x9b\xce\xc6\xc1\x37"
21273 "\x08\x06\x5a\xe5\x96\x10\x95\xc2"
21274 "\x5e",
21275 .clen = 49,
21276 }, {
21277 .key = "\x05\x70\xd5\x94\x12\x36\x35\xd8"
21278 "\x8f\x7d\xd3\xa8\x99\x6a\xed\x69",
21279 .klen = 16,
21280 .iv = "\x14\x39\x63\xfc\x56\xd5\xdf\x5f"
21281 "\xaf\xb3\xff\xcc\x98\x33\x1d\xeb",
21282 .assoc = "\x23\x02\xf1\x64\x9a\x73\x89\xe6"
21283 "\xd0\xea\x2c\xf1\x96\xfc\x4e\x6d"
21284 "\x65\x48\xcb\x0a\xda\xf0\x62\xc0"
21285 "\x38\x1d\x3b\x4a\xe9\x7e\x62\xaa"
21286 "\xfd\xc9\x4a\xa9\xa9\x39\x4b\x54"
21287 "\xc8\x0e\x24\x7f\x5e\x10\x7a\x45"
21288 "\x10\x0b\x56\x85\xad\x54\xaa\x66"
21289 "\xa8\x43\xcd\xd4\x9b\xb7\xfa",
21290 .alen = 63,
21291 .ptext = "\x32\xcb\x80\xcc\xde\x12\x33\x6d"
21292 "\xf0\x20\x58\x15\x95\xc6\x7f\xee"
21293 "\x2f\xf9\x4e\x2c\x1b\x98\x43\xc7"
21294 "\x68\x28\x73\x40\x9f\x96\x4a\x60"
21295 "\x80\xf4\x4b\xf4\xc1\x3d\xd0\x93"
21296 "\xcf\x12\xc9\x59\x8f\x7a\x7f\xa8"
21297 "\x1b\xa5\x50\xed\x87\xa9\x72\x59"
21298 "\x9c\x44\xb2\xa4\x99\x98\x34",
21299 .plen = 63,
21300 .ctext = "\x9a\x12\xbc\xdf\x72\xa8\x56\x22"
21301 "\x49\x2d\x07\x92\xfc\x3d\x6d\x5f"
21302 "\xef\x36\x19\xae\x91\xfa\xd6\x63"
21303 "\x46\xea\x8a\x39\x14\x21\xa6\x37"
21304 "\x18\xfc\x97\x3e\x16\xa5\x4d\x39"
21305 "\x45\x2e\x69\xcc\x9c\x5f\xdf\x6d"
21306 "\x5e\xa2\xbf\xac\x83\x32\x72\x52"
21307 "\x58\x58\x23\x40\xfd\xa5\xc2\xe6"
21308 "\xe9\x5a\x50\x98\x00\x58\xc9\x86"
21309 "\x4f\x20\x37\xdb\x7b\x22\xa3",
21310 .clen = 79,
21311 }, {
21312 .key = "\x41\x94\x0e\x33\x22\xb1\xdd\xf4"
21313 "\x10\x57\x85\x39\x93\x8f\xaf\x70",
21314 .klen = 16,
21315 .iv = "\x50\x5d\x9d\x9b\x66\x50\x88\x7b"
21316 "\x30\x8e\xb1\x5e\x92\x58\xe0\xf1",
21317 .assoc = "\x5f\x27\x2b\x03\xaa\xef\x32\x02"
21318 "\x50\xc4\xde\x82\x90\x21\x11\x73"
21319 "\x8f\x0a\xd6\x8f\xdf\x90\xe4\xda"
21320 "\xf9\x4a\x1a\x23\xc3\xdd\x02\x81"
21321 "\x0b\x76\x4f\xd7\x0a\x4b\x5e\x51"
21322 "\xe3\x1d\xb9\xe5\x21\xb9\x8f\xd4"
21323 "\x3d\x72\x3e\x26\x16\xa9\xca\x32"
21324 "\x77\x47\x63\x14\x95\x3d\xe4\x34",
21325 .alen = 64,
21326 .ptext = "\x6e\xf0\xba\x6b\xee\x8e\xdc\x89"
21327 "\x71\xfb\x0a\xa6\x8f\xea\x41\xf4"
21328 "\x5a\xbb\x59\xb0\x20\x38\xc5\xe0"
21329 "\x29\x56\x52\x19\x79\xf5\xe9\x37"
21330 "\x8f\xa1\x50\x23\x22\x4f\xe3\x91"
21331 "\xe9\x21\x5e\xbf\x52\x23\x95\x37"
21332 "\x48\x0c\x38\x8f\xf0\xff\x92\x24"
21333 "\x6b\x47\x49\xe3\x94\x1f\x1e\x01",
21334 .plen = 64,
21335 .ctext = "\xe6\xeb\x92\x5a\x5b\xf0\x2d\xbb"
21336 "\x23\xec\x35\xe3\xae\xc9\xfb\x0b"
21337 "\x90\x14\x46\xeb\xa8\x8d\xb0\x9b"
21338 "\x39\xda\x8b\x48\xec\xb2\x00\x4e"
21339 "\x80\x6f\x46\x4f\x9b\x1e\xbb\x35"
21340 "\xea\x5a\xbc\xa2\x36\xa5\x89\x45"
21341 "\xc2\xd6\xd7\x15\x0b\xf6\x6c\x56"
21342 "\xec\x99\x7d\x61\xb3\x15\x93\xed"
21343 "\x83\x1e\xd9\x48\x84\x0b\x37\xfe"
21344 "\x95\x74\x44\xd5\x54\xa6\x27\x06",
21345 .clen = 80,
21346 }, {
21347 .key = "\x7e\xb9\x48\xd3\x32\x2d\x86\x10"
21348 "\x91\x31\x37\xcb\x8d\xb3\x72\x76",
21349 .klen = 16,
21350 .iv = "\x8d\x82\xd6\x3b\x76\xcc\x30\x97"
21351 "\xb1\x68\x63\xef\x8c\x7c\xa3\xf7",
21352 .assoc = "\x9c\x4b\x65\xa2\xba\x6b\xdb\x1e"
21353 "\xd1\x9e\x90\x13\x8a\x45\xd3\x79"
21354 "\xba\xcd\xe2\x13\xe4\x30\x66\xf4"
21355 "\xba\x78\xf9\xfb\x9d\x3c\xa1\x58"
21356 "\x1a\x22\x53\x05\x6b\x5c\x71\x4f"
21357 "\xfd\x2d\x4d\x4c\xe5\x62\xa5\x63"
21358 "\x6a\xda\x26\xc8\x7f\xff\xea\xfd"
21359 "\x46\x4a\xfa\x53\x8f\xc4\xcd\x68"
21360 "\x58",
21361 .alen = 65,
21362 .ptext = "\xab\x14\xf3\x0a\xfe\x0a\x85\xa5"
21363 "\xf2\xd5\xbc\x38\x89\x0e\x04\xfb"
21364 "\x84\x7d\x65\x34\x25\xd8\x47\xfa"
21365 "\xeb\x83\x31\xf1\x54\x54\x89\x0d"
21366 "\x9d\x4d\x54\x51\x84\x61\xf6\x8e"
21367 "\x03\x31\xf2\x25\x16\xcc\xaa\xc6"
21368 "\x75\x73\x20\x30\x59\x54\xb2\xf0"
21369 "\x3a\x4b\xe0\x23\x8e\xa6\x08\x35"
21370 "\x8a\xdf\x27\xa0\xe4\x60\x99\xae"
21371 "\x8e\x43\xd9\x39\x7b\x10\x40\x67"
21372 "\x5c\x7e\xc9\x70\x63\x34\xca\x59"
21373 "\xfe\x86\xbc\xb7\x9c\x39\xf3\x6d"
21374 "\x6a\x41\x64\x6f\x16\x7f\x65\x7e"
21375 "\x89\x84\x68\xeb\xb0\x51\xbe\x55"
21376 "\x33\x16\x59\x6c\x3b\xef\x88\xad"
21377 "\x2f\xab\xbc\x25\x76\x87\x41\x2f"
21378 "\x36",
21379 .plen = 129,
21380 .ctext = "\x89\x24\x27\x86\xdc\xd7\x6b\xd9"
21381 "\xd1\xcd\xdc\x16\xdd\x2c\xc1\xfb"
21382 "\x52\xb5\xb3\xab\x50\x99\x3f\xa0"
21383 "\x38\xa4\x74\xa5\x04\x15\x63\x05"
21384 "\x8f\x54\x81\x06\x5a\x6b\xa4\x63"
21385 "\x6d\xa7\x21\xcb\xff\x42\x30\x8e"
21386 "\x3b\xd1\xca\x3f\x4b\x1a\xb8\xc3"
21387 "\x42\x01\xe6\xbc\x75\x15\x87\xee"
21388 "\xc9\x8e\x65\x01\xd9\xd8\xb5\x9f"
21389 "\x48\x86\xa6\x5f\x2c\xc7\xb5\xb0"
21390 "\xed\x5d\x14\x7c\x3f\x40\xb1\x0b"
21391 "\x72\xef\x94\x8d\x7a\x85\x56\xe5"
21392 "\x56\x08\x15\x56\xba\xaf\xbd\xf0"
21393 "\x20\xef\xa0\xf6\xa9\xad\xa2\xc9"
21394 "\x1c\x3b\x28\x51\x7e\x77\xb2\x18"
21395 "\x4f\x61\x64\x37\x22\x36\x6d\x78"
21396 "\xed\xed\x35\xe8\x83\xa5\xec\x25"
21397 "\x6b\xff\x5f\x1a\x09\x96\x3d\xdc"
21398 "\x20",
21399 .clen = 145,
21400 }, {
21401 .key = "\xba\xde\x82\x72\x42\xa9\x2f\x2c"
21402 "\x12\x0b\xe9\x5c\x87\xd7\x35\x7c",
21403 .klen = 16,
21404 .iv = "\xc9\xa7\x10\xda\x86\x48\xd9\xb3"
21405 "\x32\x42\x15\x80\x85\xa1\x65\xfe",
21406 .assoc = "\xd8\x70\x9f\x42\xca\xe6\x83\x3a"
21407 "\x52\x79\x42\xa5\x84\x6a\x96\x7f"
21408 "\xe4\x8f\xed\x97\xe9\xd0\xe8\x0d"
21409 "\x7c\xa6\xd8\xd4\x77\x9b\x40\x2e"
21410 "\x28\xce\x57\x34\xcd\x6e\x84\x4c"
21411 "\x17\x3c\xe1\xb2\xa8\x0b\xbb\xf1"
21412 "\x96\x41\x0d\x69\xe8\x54\x0a\xc8"
21413 "\x15\x4e\x91\x92\x89\x4b\xb7\x9b"
21414 "\x21\xf7\x42\x89\xac\x12\x2a\x54"
21415 "\x69\xee\x18\xc7\x8d\xed\xe8\xfd"
21416 "\xbb\x04\x28\xe6\x8a\x3c\x98\xc1"
21417 "\x04\x2d\xa9\xa1\x24\x83\xff\xe9"
21418 "\x55\x7a\xf0\xd1\xf6\x63\x05\xe1"
21419 "\xd9\x1e\x75\x72\xc1\x9f\xae\x32"
21420 "\xe1\x6b\xcd\x9e\x61\x19\x23\x86"
21421 "\xd9\xd2\xaf\x8e\xd5\xd3\xa8\xa9"
21422 "\x51",
21423 .alen = 129,
21424 .ptext = "\xe8\x39\x2d\xaa\x0e\x85\x2d\xc1"
21425 "\x72\xaf\x6e\xc9\x82\x33\xc7\x01"
21426 "\xaf\x40\x70\xb8\x2a\x78\xc9\x14"
21427 "\xac\xb1\x10\xca\x2e\xb3\x28\xe4"
21428 "\xac\xfa\x58\x7f\xe5\x73\x09\x8c"
21429 "\x1d\x40\x87\x8c\xd9\x75\xc0\x55"
21430 "\xa2\xda\x07\xd1\xc2\xa9\xd1\xbb"
21431 "\x09\x4f\x77\x62\x88\x2d\xf2\x68"
21432 "\x54",
21433 .plen = 65,
21434 .ctext = "\x36\x78\xb9\x22\xde\x62\x35\x55"
21435 "\x1a\x7a\xf5\x45\xbc\xd7\x15\x82"
21436 "\x01\xe9\x5a\x07\xea\x46\xaf\x91"
21437 "\xcb\x73\xa5\xee\xe1\xb4\xbf\xc2"
21438 "\xdb\xd2\x9d\x59\xde\xfc\x83\x00"
21439 "\xf5\x46\xac\x97\xd5\x57\xa9\xb9"
21440 "\x1f\x8c\xe8\xca\x68\x8b\x91\x0c"
21441 "\x01\xbe\x0a\xaf\x7c\xf6\x67\xa4"
21442 "\xbf\xbc\x88\x3f\x5d\xd1\xf9\x19"
21443 "\x0f\x9d\xb2\xaf\xb9\x6e\x17\xdf"
21444 "\xa2",
21445 .clen = 81,
21446 }, {
21447 .key = "\xf7\x02\xbb\x11\x52\x24\xd8\x48"
21448 "\x93\xe6\x9b\xee\x81\xfc\xf7\x82",
21449 .klen = 16,
21450 .iv = "\x06\xcc\x4a\x79\x96\xc3\x82\xcf"
21451 "\xb3\x1c\xc7\x12\x7f\xc5\x28\x04",
21452 .assoc = "\x15\x95\xd8\xe1\xda\x62\x2c\x56"
21453 "\xd3\x53\xf4\x36\x7e\x8e\x59\x85"
21454 "\x0e\x51\xf9\x1c\xee\x70\x6a\x27"
21455 "\x3d\xd3\xb7\xac\x51\xfa\xdf\x05",
21456 .alen = 32,
21457 .ptext = "\x24\x5e\x67\x49\x1e\x01\xd6\xdd"
21458 "\xf3\x89\x20\x5b\x7c\x57\x89\x07"
21459 "\xd9\x02\x7c\x3d\x2f\x18\x4b\x2d"
21460 "\x6e\xde\xee\xa2\x08\x12\xc7\xba",
21461 .plen = 32,
21462 .ctext = "\x08\x1b\x95\x0e\x41\x95\x02\x4b"
21463 "\x9c\xbb\xa8\xd0\x7c\xd3\x44\x6e"
21464 "\x89\x14\x33\x70\x0a\xbc\xea\x39"
21465 "\x88\xaa\x2b\xd5\x73\x11\x55\xf5"
21466 "\x33\x33\x9c\xd7\x42\x34\x49\x8e"
21467 "\x2f\x03\x30\x05\x47\xaf\x34",
21468 .clen = 47,
21469 }, {
21470 .key = "\x33\x27\xf5\xb1\x62\xa0\x80\x63"
21471 "\x14\xc0\x4d\x7f\x7b\x20\xba\x89",
21472 .klen = 16,
21473 .iv = "\x42\xf0\x84\x19\xa6\x3f\x2b\xea"
21474 "\x34\xf6\x79\xa3\x79\xe9\xeb\x0a",
21475 .assoc = "\x51\xb9\x12\x80\xea\xde\xd5\x71"
21476 "\x54\x2d\xa6\xc8\x78\xb2\x1b\x8c"
21477 "\x39\x14\x05\xa0\xf3\x10\xec\x41"
21478 "\xff\x01\x95\x84\x2b\x59\x7f\xdb",
21479 .alen = 32,
21480 .ptext = "\x61\x83\xa0\xe8\x2e\x7d\x7f\xf8"
21481 "\x74\x63\xd2\xec\x76\x7c\x4c\x0d"
21482 "\x03\xc4\x88\xc1\x35\xb8\xcd\x47"
21483 "\x2f\x0c\xcd\x7a\xe2\x71\x66\x91",
21484 .plen = 32,
21485 .ctext = "\x97\xca\xf4\xe0\x8d\x89\xbf\x68"
21486 "\x0c\x60\xb9\x27\xdf\xaa\x41\xc6"
21487 "\x25\xd8\xf7\x1f\x10\x15\x48\x61"
21488 "\x4c\x95\x00\xdf\x51\x9b\x7f\xe6"
21489 "\x24\x40\x9e\xbe\x3b\xeb\x1b\x98"
21490 "\xb9\x9c\xe5\xef\xf2\x05",
21491 .clen = 46,
21492 }, {
21493 .key = "\x70\x4c\x2f\x50\x72\x1c\x29\x7f"
21494 "\x95\x9a\xff\x10\x75\x45\x7d\x8f",
21495 .klen = 16,
21496 .iv = "\x7f\x15\xbd\xb8\xb6\xba\xd3\x06"
21497 "\xb5\xd1\x2b\x35\x73\x0e\xad\x10",
21498 .assoc = "\x8e\xde\x4c\x20\xfa\x59\x7e\x8d"
21499 "\xd5\x07\x58\x59\x72\xd7\xde\x92"
21500 "\x63\xd6\x10\x24\xf8\xb0\x6e\x5a"
21501 "\xc0\x2e\x74\x5d\x06\xb8\x1e\xb2",
21502 .alen = 32,
21503 .ptext = "\x9d\xa7\xda\x88\x3e\xf8\x28\x14"
21504 "\xf5\x3e\x85\x7d\x70\xa0\x0f\x13"
21505 "\x2e\x86\x93\x45\x3a\x58\x4f\x61"
21506 "\xf0\x3a\xac\x53\xbc\xd0\x06\x68",
21507 .plen = 32,
21508 .ctext = "\x63\x4c\x2a\x8e\xb4\x6b\x63\x0d"
21509 "\xb5\xec\x9b\x4e\x12\x23\xa3\xcf"
21510 "\x1a\x5a\x70\x15\x5a\x10\x40\x51"
21511 "\xca\x47\x4c\x9d\xc9\x97\xf4\x77"
21512 "\xdb\xc8\x10\x2d\xdc\x65\x20\x3f",
21513 .clen = 40,
21514 }, {
21515 .key = "\xac\x70\x69\xef\x82\x97\xd2\x9b"
21516 "\x15\x74\xb1\xa2\x6f\x69\x3f\x95",
21517 .klen = 16,
21518 .iv = "\xbb\x3a\xf7\x57\xc6\x36\x7c\x22"
21519 "\x36\xab\xde\xc6\x6d\x32\x70\x17",
21520 .assoc = "\xcb\x03\x85\xbf\x0a\xd5\x26\xa9"
21521 "\x56\xe1\x0a\xeb\x6c\xfb\xa1\x98"
21522 "\x8d\x98\x1c\xa8\xfe\x50\xf0\x74"
21523 "\x81\x5c\x53\x35\xe0\x17\xbd\x88",
21524 .alen = 32,
21525 .ptext = "\xda\xcc\x14\x27\x4e\x74\xd1\x30"
21526 "\x76\x18\x37\x0f\x6a\xc4\xd1\x1a"
21527 "\x58\x49\x9f\xc9\x3f\xf8\xd1\x7a"
21528 "\xb2\x67\x8b\x2b\x96\x2f\xa5\x3e",
21529 .plen = 32,
21530 .ctext = "\xf1\x62\x44\xc7\x5f\x19\xca\x43"
21531 "\x47\x2c\xaf\x68\x82\xbd\x51\xef"
21532 "\x3d\x65\xd8\x45\x2d\x06\x07\x78"
21533 "\x08\x2e\xb3\x23\xcd\x81\x12\x55"
21534 "\x1a",
21535 .clen = 33,
21536 }, {
21537 .key = "\xe9\x95\xa2\x8f\x93\x13\x7b\xb7"
21538 "\x96\x4e\x63\x33\x69\x8d\x02\x9b"
21539 "\x23\xf9\x22\xeb\x80\xa0\xb1\x81"
21540 "\xe2\x73\xc3\x21\x4d\x47\x8d\xf4",
21541 .klen = 32,
21542 .iv = "\xf8\x5e\x31\xf7\xd7\xb2\x25\x3e"
21543 "\xb7\x85\x90\x58\x67\x57\x33\x1d",
21544 .assoc = "",
21545 .alen = 0,
21546 .ptext = "",
21547 .plen = 0,
21548 .ctext = "\xdf\x2f\x83\xc0\x45\x4a\x2c\xcf"
21549 "\xb9\xd2\x41\xf6\x80\xa1\x52\x70",
21550 .clen = 16,
21551 }, {
21552 .key = "\x25\xba\xdc\x2e\xa3\x8f\x24\xd3"
21553 "\x17\x29\x15\xc5\x63\xb2\xc5\xa1"
21554 "\x4d\xbc\x2d\x6f\x85\x40\x33\x9a"
21555 "\xa3\xa0\xa1\xfa\x27\xa6\x2c\xca",
21556 .klen = 32,
21557 .iv = "\x34\x83\x6a\x96\xe7\x2d\xce\x5a"
21558 "\x38\x5f\x42\xe9\x61\x7b\xf5\x23",
21559 .assoc = "",
21560 .alen = 0,
21561 .ptext = "\x53",
21562 .plen = 1,
21563 .ctext = "\x01\xd8\x55\x3c\xc0\x5a\x4b\xc7"
21564 "\x01\xf4\x08\xe3\x0d\xf7\xf0\x78"
21565 "\x53",
21566 .clen = 17,
21567 }, {
21568 .key = "\x62\xdf\x16\xcd\xb3\x0a\xcc\xef"
21569 "\x98\x03\xc7\x56\x5d\xd6\x87\xa8"
21570 "\x77\x7e\x39\xf3\x8a\xe0\xb5\xb4"
21571 "\x65\xce\x80\xd2\x01\x05\xcb\xa1",
21572 .klen = 32,
21573 .iv = "\x71\xa8\xa4\x35\xf7\xa9\x76\x75"
21574 "\xb8\x39\xf4\x7a\x5b\x9f\xb8\x29",
21575 .assoc = "",
21576 .alen = 0,
21577 .ptext = "\x8f\x3a\xc1\x05\x7f\xe7\xcb\x83"
21578 "\xf9\xa6\x4d\xc3\x58\x31\x19\x2c"
21579 "\xd7\x90\xc2\x56\x4e\xd8\x57\xc7"
21580 "\xf6\xf0\x27\xb4\x25\x4c\x83",
21581 .plen = 31,
21582 .ctext = "\xc2\x4b\x41\x0f\x2d\xb9\x62\x07"
21583 "\xff\x8e\x74\xf8\xa1\xa6\xd5\x37"
21584 "\xa5\x64\x31\x5c\xca\x73\x9b\x43"
21585 "\xe6\x70\x63\x46\x95\xcb\xf7\xb5"
21586 "\x20\x8c\x75\x7a\x2a\x17\x2f\xa9"
21587 "\xb8\x4d\x11\x42\xd1\xf8\xf1",
21588 .clen = 47,
21589 }, {
21590 .key = "\x9e\x03\x4f\x6d\xc3\x86\x75\x0a"
21591 "\x19\xdd\x79\xe8\x57\xfb\x4a\xae"
21592 "\xa2\x40\x45\x77\x90\x80\x37\xce"
21593 "\x26\xfb\x5f\xaa\xdb\x64\x6b\x77",
21594 .klen = 32,
21595 .iv = "\xae\xcc\xde\xd5\x07\x25\x1f\x91"
21596 "\x39\x14\xa6\x0c\x55\xc4\x7b\x30",
21597 .assoc = "",
21598 .alen = 0,
21599 .ptext = "\xcc\x5f\xfb\xa4\x8f\x63\x74\x9f"
21600 "\x7a\x81\xff\x55\x52\x56\xdc\x33"
21601 "\x01\x52\xcd\xdb\x53\x78\xd9\xe1"
21602 "\xb7\x1d\x06\x8d\xff\xab\x22\x98",
21603 .plen = 32,
21604 .ctext = "\xbb\x01\x7c\xd1\x2c\x33\x7b\x37"
21605 "\x0a\xee\xc4\x30\x19\xd7\x3a\x6f"
21606 "\xf8\x2b\x67\xf5\x3b\x84\x87\x2a"
21607 "\xfb\x07\x7a\x82\xb5\xe4\x85\x26"
21608 "\x1e\xa8\xe5\x04\x54\xce\xe5\x5f"
21609 "\xb5\x3f\xc1\xd5\x7f\xbd\xd2\xa6",
21610 .clen = 48,
21611 }, {
21612 .key = "\xdb\x28\x89\x0c\xd3\x01\x1e\x26"
21613 "\x9a\xb7\x2b\x79\x51\x1f\x0d\xb4"
21614 "\xcc\x03\x50\xfc\x95\x20\xb9\xe7"
21615 "\xe8\x29\x3e\x83\xb5\xc3\x0a\x4e",
21616 .klen = 32,
21617 .iv = "\xea\xf1\x18\x74\x17\xa0\xc8\xad"
21618 "\xba\xee\x58\x9d\x4f\xe8\x3d\x36",
21619 .assoc = "",
21620 .alen = 0,
21621 .ptext = "\x08\x84\x34\x44\x9f\xde\x1c\xbb"
21622 "\xfb\x5b\xb1\xe6\x4c\x7a\x9f\x39"
21623 "\x2c\x14\xd9\x5f\x59\x18\x5b\xfb"
21624 "\x79\x4b\xe5\x65\xd9\x0a\xc1\x6f"
21625 "\x2e",
21626 .plen = 33,
21627 .ctext = "\xc2\xf4\x40\x55\xf9\x59\xff\x73"
21628 "\x08\xf5\x98\x92\x0c\x7b\x35\x9a"
21629 "\xa8\xf4\x42\x7e\x6f\x93\xca\x22"
21630 "\x23\x06\x1e\xf8\x89\x22\xf4\x46"
21631 "\x7c\x7c\x67\x75\xab\xe5\x75\xaa"
21632 "\x15\xd7\x83\x19\xfd\x31\x59\x5b"
21633 "\x32",
21634 .clen = 49,
21635 }, {
21636 .key = "\x17\x4d\xc3\xab\xe3\x7d\xc7\x42"
21637 "\x1b\x91\xdd\x0a\x4b\x43\xcf\xba"
21638 "\xf6\xc5\x5c\x80\x9a\xc0\x3b\x01"
21639 "\xa9\x56\x1d\x5b\x8f\x22\xa9\x25",
21640 .klen = 32,
21641 .iv = "\x27\x16\x51\x13\x27\x1c\x71\xc9"
21642 "\x3b\xc8\x0a\x2f\x49\x0c\x00\x3c",
21643 .assoc = "",
21644 .alen = 0,
21645 .ptext = "\x45\xa8\x6e\xe3\xaf\x5a\xc5\xd7"
21646 "\x7c\x35\x63\x77\x46\x9f\x61\x3f"
21647 "\x56\xd7\xe4\xe3\x5e\xb8\xdc\x14"
21648 "\x3a\x79\xc4\x3e\xb3\x69\x61\x46"
21649 "\x3c\xb6\x83\x4e\xb4\x26\xc7\x73"
21650 "\x22\xda\x52\x8b\x7d\x11\x98\xea"
21651 "\x62\xe1\x14\x1e\xdc\xfe\x0f\xad"
21652 "\x20\x76\x5a\xdc\x4e\x71\x13",
21653 .plen = 63,
21654 .ctext = "\xc9\x82\x3b\x4b\x87\x84\xa5\xdb"
21655 "\xa0\x8c\xd3\x3e\x7f\x8d\xe8\x28"
21656 "\x2a\xdc\xfa\x01\x84\x87\x9a\x70"
21657 "\x81\x75\x37\x0a\xd2\x75\xa9\xb6"
21658 "\x21\x72\xee\x7e\x65\x95\xe5\xcc"
21659 "\x01\xb7\x39\xa6\x51\x15\xca\xff"
21660 "\x61\xdc\x97\x38\xcc\xf4\xca\xc7"
21661 "\x83\x9b\x05\x11\x72\x60\xf0\xb4"
21662 "\x7e\x06\xab\x0a\xc0\xbb\x59\x23"
21663 "\xaa\x2d\xfc\x4e\x35\x05\x59",
21664 .clen = 79,
21665 }, {
21666 .key = "\x54\x71\xfd\x4b\xf3\xf9\x6f\x5e"
21667 "\x9c\x6c\x8f\x9c\x45\x68\x92\xc1"
21668 "\x21\x87\x67\x04\x9f\x60\xbd\x1b"
21669 "\x6a\x84\xfc\x34\x6a\x81\x48\xfb",
21670 .klen = 32,
21671 .iv = "\x63\x3b\x8b\xb3\x37\x98\x1a\xe5"
21672 "\xbc\xa2\xbc\xc0\x43\x31\xc2\x42",
21673 .assoc = "",
21674 .alen = 0,
21675 .ptext = "\x81\xcd\xa8\x82\xbf\xd6\x6e\xf3"
21676 "\xfd\x0f\x15\x09\x40\xc3\x24\x45"
21677 "\x81\x99\xf0\x67\x63\x58\x5e\x2e"
21678 "\xfb\xa6\xa3\x16\x8d\xc8\x00\x1c"
21679 "\x4b\x62\x87\x7c\x15\x38\xda\x70"
21680 "\x3d\xea\xe7\xf2\x40\xba\xae\x79"
21681 "\x8f\x48\xfc\xbf\x45\x53\x2e\x78"
21682 "\xef\x79\xf0\x1b\x49\xf7\xfd\x9c",
21683 .plen = 64,
21684 .ctext = "\x11\x7c\x7d\xef\xce\x29\x95\xec"
21685 "\x7e\x9f\x42\xa6\x26\x07\xa1\x75"
21686 "\x2f\x4e\x09\x9a\xf6\x6b\xc2\xfa"
21687 "\x0d\xd0\x17\xdc\x25\x1e\x9b\xdc"
21688 "\x5f\x8c\x1c\x60\x15\x4f\x9b\x20"
21689 "\x7b\xff\xcd\x82\x60\x84\xf4\xa5"
21690 "\x20\x9a\x05\x19\x5b\x02\x0a\x72"
21691 "\x43\x11\x26\x58\xcf\xc5\x41\xcf"
21692 "\x13\xcc\xde\x32\x92\xfa\x86\xf2"
21693 "\xaf\x16\xe8\x8f\xca\xb6\xfd\x54",
21694 .clen = 80,
21695 }, {
21696 .key = "\x90\x96\x36\xea\x03\x74\x18\x7a"
21697 "\x1d\x46\x42\x2d\x3f\x8c\x54\xc7"
21698 "\x4b\x4a\x73\x89\xa4\x00\x3f\x34"
21699 "\x2c\xb1\xdb\x0c\x44\xe0\xe8\xd2",
21700 .klen = 32,
21701 .iv = "\xa0\x5f\xc5\x52\x47\x13\xc2\x01"
21702 "\x3d\x7c\x6e\x52\x3d\x55\x85\x48",
21703 .assoc = "\xaf",
21704 .alen = 1,
21705 .ptext = "",
21706 .plen = 0,
21707 .ctext = "\x9b\xc5\x3b\x20\x0a\x88\x56\xbe"
21708 "\x69\xdf\xc4\xc4\x02\x46\x3a\xf0",
21709 .clen = 16,
21710 }, {
21711 .key = "\xcd\xbb\x70\x89\x13\xf0\xc1\x95"
21712 "\x9e\x20\xf4\xbf\x39\xb1\x17\xcd"
21713 "\x76\x0c\x7f\x0d\xa9\xa0\xc1\x4e"
21714 "\xed\xdf\xb9\xe4\x1e\x3f\x87\xa8",
21715 .klen = 32,
21716 .iv = "\xdc\x84\xfe\xf1\x58\x8f\x6b\x1c"
21717 "\xbe\x57\x20\xe3\x37\x7a\x48\x4f",
21718 .assoc = "\xeb\x4d\x8d\x59\x9c\x2e\x15\xa3"
21719 "\xde\x8d\x4d\x07\x36\x43\x78\xd0"
21720 "\x0b\x6d\x84\x4f\x2c\xf0\x82\x5b"
21721 "\x4e\xf6\x29\xd1\x8b\x6f\x56",
21722 .alen = 31,
21723 .ptext = "",
21724 .plen = 0,
21725 .ctext = "\xe0\x6d\xa1\x07\x98\x2f\x40\x2d"
21726 "\x2e\x9a\xd6\x61\x43\xc0\x74\x69",
21727 .clen = 16,
21728 }, {
21729 .key = "\x0a\xe0\xaa\x29\x24\x6c\x6a\xb1"
21730 "\x1f\xfa\xa6\x50\x33\xd5\xda\xd3"
21731 "\xa0\xce\x8a\x91\xae\x40\x43\x68"
21732 "\xae\x0d\x98\xbd\xf8\x9e\x26\x7f",
21733 .klen = 32,
21734 .iv = "\x19\xa9\x38\x91\x68\x0b\x14\x38"
21735 "\x3f\x31\xd2\x74\x31\x9e\x0a\x55",
21736 .assoc = "\x28\x72\xc7\xf8\xac\xaa\xbe\xbf"
21737 "\x5f\x67\xff\x99\x30\x67\x3b\xd6"
21738 "\x35\x2f\x90\xd3\x31\x90\x04\x74"
21739 "\x0f\x23\x08\xa9\x65\xce\xf6\xea",
21740 .alen = 32,
21741 .ptext = "",
21742 .plen = 0,
21743 .ctext = "\xb9\x57\x13\x3e\x82\x31\x61\x65"
21744 "\x0d\x7f\x6c\x96\x93\x5c\x50\xe2",
21745 .clen = 16,
21746 }, {
21747 .key = "\x46\x04\xe3\xc8\x34\xe7\x12\xcd"
21748 "\xa0\xd4\x58\xe2\x2d\xf9\x9c\xda"
21749 "\xca\x91\x96\x15\xb4\xe0\xc5\x81"
21750 "\x70\x3a\x77\x95\xd2\xfd\xc5\x55",
21751 .klen = 32,
21752 .iv = "\x55\xcd\x72\x30\x78\x86\xbd\x54"
21753 "\xc0\x0b\x84\x06\x2b\xc2\xcd\x5b",
21754 .assoc = "\x64\x97\x00\x98\xbc\x25\x67\xdb"
21755 "\xe0\x41\xb1\x2a\x2a\x8c\xfe\xdd"
21756 "\x5f\xf2\x9c\x58\x36\x30\x86\x8e"
21757 "\xd1\x51\xe6\x81\x3f\x2d\x95\xc1"
21758 "\x01",
21759 .alen = 33,
21760 .ptext = "",
21761 .plen = 0,
21762 .ctext = "\x81\x96\x34\xde\xbb\x36\xdd\x3e"
21763 "\x4e\x5e\xcb\x44\x21\xb8\x3f\xf1",
21764 .clen = 16,
21765 }, {
21766 .key = "\x83\x29\x1d\x67\x44\x63\xbb\xe9"
21767 "\x20\xaf\x0a\x73\x27\x1e\x5f\xe0"
21768 "\xf5\x53\xa1\x9a\xb9\x80\x47\x9b"
21769 "\x31\x68\x56\x6e\xac\x5c\x65\x2c",
21770 .klen = 32,
21771 .iv = "\x92\xf2\xac\xcf\x88\x02\x65\x70"
21772 "\x41\xe5\x36\x97\x25\xe7\x90\x61",
21773 .assoc = "\xa1\xbb\x3a\x37\xcc\xa1\x10\xf7"
21774 "\x61\x1c\x63\xbc\x24\xb0\xc0\xe3"
21775 "\x8a\xb4\xa7\xdc\x3b\xd0\x08\xa8"
21776 "\x92\x7f\xc5\x5a\x19\x8c\x34\x97"
21777 "\x0f\x95\x9b\x18\xe4\x8d\xb4\x24"
21778 "\xb9\x33\x28\x18\xe1\x9d\x14\xe0"
21779 "\x64\xb2\x89\x7d\x78\xa8\x05\x7e"
21780 "\x07\x8c\xfc\x88\x2d\xb8\x53",
21781 .alen = 63,
21782 .ptext = "",
21783 .plen = 0,
21784 .ctext = "\x2e\x99\xb6\x79\x57\x56\x80\x36"
21785 "\x8e\xc4\x1c\x12\x7d\x71\x36\x0c",
21786 .clen = 16,
21787 }, {
21788 .key = "\xbf\x4e\x57\x07\x54\xdf\x64\x05"
21789 "\xa1\x89\xbc\x04\x21\x42\x22\xe6"
21790 "\x1f\x15\xad\x1e\xbe\x20\xc9\xb4"
21791 "\xf3\x95\x35\x46\x86\xbb\x04\x03",
21792 .klen = 32,
21793 .iv = "\xce\x17\xe5\x6f\x98\x7e\x0e\x8c"
21794 "\xc2\xbf\xe8\x29\x1f\x0b\x52\x68",
21795 .assoc = "\xdd\xe0\x74\xd6\xdc\x1d\xb8\x13"
21796 "\xe2\xf6\x15\x4d\x1e\xd4\x83\xe9"
21797 "\xb4\x76\xb3\x60\x40\x70\x8a\xc1"
21798 "\x53\xac\xa4\x32\xf3\xeb\xd3\x6e"
21799 "\x1e\x42\xa0\x46\x45\x9f\xc7\x22"
21800 "\xd3\x43\xbc\x7e\xa5\x47\x2a\x6f"
21801 "\x91\x19\x70\x1e\xe1\xfe\x25\x49"
21802 "\xd6\x8f\x93\xc7\x28\x3f\x3d\x03",
21803 .alen = 64,
21804 .ptext = "",
21805 .plen = 0,
21806 .ctext = "\x7b\x25\x3d\x47\xd4\xa7\x08\xce"
21807 "\x3b\x89\x40\x36\xba\x6d\x0e\xa2",
21808 .clen = 16,
21809 }, {
21810 .key = "\xfc\x72\x90\xa6\x64\x5a\x0d\x21"
21811 "\x22\x63\x6e\x96\x1b\x67\xe4\xec"
21812 "\x49\xd7\xb9\xa2\xc3\xc0\x4b\xce"
21813 "\xb4\xc3\x14\x1e\x61\x1a\xa3\xd9",
21814 .klen = 32,
21815 .iv = "\x0b\x3c\x1f\x0e\xa8\xf9\xb7\xa7"
21816 "\x42\x9a\x9a\xba\x19\x30\x15\x6e",
21817 .assoc = "\x1a",
21818 .alen = 1,
21819 .ptext = "\x29",
21820 .plen = 1,
21821 .ctext = "\xe6\x09\x6f\x95\x9a\x18\xc8\xf6"
21822 "\x17\x75\x81\x16\xdf\x26\xff\x67"
21823 "\x92",
21824 .clen = 17,
21825 }, {
21826 .key = "\x38\x97\xca\x45\x74\xd6\xb6\x3c"
21827 "\xa3\x3d\x20\x27\x15\x8b\xa7\xf2"
21828 "\x74\x9a\xc4\x27\xc8\x60\xcd\xe8"
21829 "\x75\xf0\xf2\xf7\x3b\x79\x42\xb0",
21830 .klen = 32,
21831 .iv = "\x47\x60\x59\xad\xb8\x75\x60\xc3"
21832 "\xc3\x74\x4c\x4c\x13\x54\xd8\x74",
21833 .assoc = "\x56\x29\xe7\x15\xfc\x14\x0a\x4a"
21834 "\xe4\xaa\x79\x70\x12\x1d\x08\xf6"
21835 "\x09\xfb\xca\x69\x4b\xb0\x8e\xf5"
21836 "\xd6\x07\x62\xe3\xa8\xa9\x12",
21837 .alen = 31,
21838 .ptext = "\x66\xf3\x75\x7d\x40\xb3\xb4\xd1"
21839 "\x04\xe1\xa6\x94\x10\xe6\x39\x77"
21840 "\xd3\xac\x4d\x8a\x8c\x58\x6e\xfb"
21841 "\x06\x13\x9a\xd9\x5e\xc0\xfa",
21842 .plen = 31,
21843 .ctext = "\x82\xc0\x56\xf0\xd7\xc4\xc9\xfd"
21844 "\x3c\xd1\x2a\xd4\x15\x86\x9d\xda"
21845 "\xea\x6c\x6f\xa1\x33\xb0\x7a\x01"
21846 "\x57\xe7\xf3\x7b\x73\xe7\x54\x10"
21847 "\xc6\x91\xe2\xc6\xa0\x69\xe7\xe6"
21848 "\x76\xc3\xf5\x3a\x76\xfd\x4a",
21849 .clen = 47,
21850 }, {
21851 .key = "\x75\xbc\x04\xe5\x84\x52\x5e\x58"
21852 "\x24\x17\xd2\xb9\x0e\xaf\x6a\xf9"
21853 "\x9e\x5c\xd0\xab\xcd\x00\x4f\x01"
21854 "\x37\x1e\xd1\xcf\x15\xd8\xe2\x86",
21855 .klen = 32,
21856 .iv = "\x84\x85\x92\x4d\xc8\xf1\x08\xdf"
21857 "\x44\x4e\xff\xdd\x0d\x78\x9a\x7a",
21858 .assoc = "\x93\x4e\x21\xb4\x0c\x90\xb3\x66"
21859 "\x65\x84\x2b\x01\x0b\x42\xcb\xfc"
21860 "\x33\xbd\xd6\xed\x50\x50\x10\x0e"
21861 "\x97\x35\x41\xbb\x82\x08\xb1\xf2",
21862 .alen = 32,
21863 .ptext = "\xa2\x17\xaf\x1c\x50\x2e\x5d\xed"
21864 "\x85\xbb\x58\x26\x0a\x0b\xfc\x7d"
21865 "\xfe\x6e\x59\x0e\x91\xf8\xf0\x15"
21866 "\xc8\x40\x78\xb1\x38\x1f\x99\xa7",
21867 .plen = 32,
21868 .ctext = "\x01\x47\x8e\x6c\xf6\x64\x89\x3a"
21869 "\x71\xce\xe4\xaa\x45\x70\xe6\x84"
21870 "\x62\x48\x08\x64\x86\x6a\xdf\xec"
21871 "\xb4\xa0\xfb\x34\x03\x0c\x19\xf4"
21872 "\x2b\x7b\x36\x73\xec\x54\xa9\x1e"
21873 "\x30\x85\xdb\xe4\xac\xe9\x2c\xca",
21874 .clen = 48,
21875 }, {
21876 .key = "\xb1\xe1\x3e\x84\x94\xcd\x07\x74"
21877 "\xa5\xf2\x84\x4a\x08\xd4\x2c\xff"
21878 "\xc8\x1e\xdb\x2f\xd2\xa0\xd1\x1b"
21879 "\xf8\x4c\xb0\xa8\xef\x37\x81\x5d",
21880 .klen = 32,
21881 .iv = "\xc0\xaa\xcc\xec\xd8\x6c\xb1\xfb"
21882 "\xc5\x28\xb1\x6e\x07\x9d\x5d\x81",
21883 .assoc = "\xd0\x73\x5a\x54\x1d\x0b\x5b\x82"
21884 "\xe5\x5f\xdd\x93\x05\x66\x8e\x02"
21885 "\x5e\x80\xe1\x71\x55\xf0\x92\x28"
21886 "\x59\x62\x20\x94\x5c\x67\x50\xc8"
21887 "\x58",
21888 .alen = 33,
21889 .ptext = "\xdf\x3c\xe9\xbc\x61\xaa\x06\x09"
21890 "\x06\x95\x0a\xb7\x04\x2f\xbe\x84"
21891 "\x28\x30\x64\x92\x96\x98\x72\x2e"
21892 "\x89\x6e\x57\x8a\x13\x7e\x38\x7e"
21893 "\xdb",
21894 .plen = 33,
21895 .ctext = "\x85\xe0\xf8\x0f\x8e\x49\xe3\x60"
21896 "\xcb\x4a\x54\x94\xcf\xf5\x7e\x34"
21897 "\xe9\xf8\x80\x65\x53\xd0\x72\x70"
21898 "\x4f\x7d\x9d\xd1\x15\x6f\xb9\x2c"
21899 "\xfa\xe8\xdd\xac\x2e\xe1\x3f\x67"
21900 "\x63\x0f\x1a\x59\xb7\x89\xdb\xf4"
21901 "\xc3",
21902 .clen = 49,
21903 }, {
21904 .key = "\xee\x05\x77\x23\xa5\x49\xb0\x90"
21905 "\x26\xcc\x36\xdc\x02\xf8\xef\x05"
21906 "\xf3\xe1\xe7\xb3\xd8\x40\x53\x35"
21907 "\xb9\x79\x8f\x80\xc9\x96\x20\x33",
21908 .klen = 32,
21909 .iv = "\xfd\xce\x06\x8b\xe9\xe8\x5a\x17"
21910 "\x46\x02\x63\x00\x01\xc1\x20\x87",
21911 .assoc = "\x0c\x98\x94\xf3\x2d\x87\x04\x9e"
21912 "\x66\x39\x8f\x24\xff\x8a\x50\x08"
21913 "\x88\x42\xed\xf6\x5a\x90\x14\x42"
21914 "\x1a\x90\xfe\x6c\x36\xc6\xf0\x9f"
21915 "\x66\xa0\xb5\x2d\x2c\xf8\x25\x15"
21916 "\x55\x90\xa2\x7e\x77\x94\x96\x3a"
21917 "\x71\x1c\xf7\x44\xee\xa8\xc3\x42"
21918 "\xe2\xa3\x84\x04\x0b\xe1\xce",
21919 .alen = 63,
21920 .ptext = "\x1b\x61\x23\x5b\x71\x26\xae\x25"
21921 "\x87\x6f\xbc\x49\xfe\x53\x81\x8a"
21922 "\x53\xf2\x70\x17\x9b\x38\xf4\x48"
21923 "\x4b\x9b\x36\x62\xed\xdd\xd8\x54"
21924 "\xea\xcb\xb6\x79\x45\xfc\xaa\x54"
21925 "\x5c\x94\x47\x58\xa7\xff\x9c\x9e"
21926 "\x7c\xb6\xf1\xac\xc8\xfd\x8b\x35"
21927 "\xd5\xa4\x6a\xd4\x09\xc2\x08",
21928 .plen = 63,
21929 .ctext = "\x00\xe5\x5b\x87\x5c\x20\x22\x8a"
21930 "\xda\x1f\xd3\xff\xbb\xb2\xb0\xf8"
21931 "\xef\xe9\xeb\x9e\x7c\x80\xf4\x2b"
21932 "\x59\xc0\x79\xbc\x17\xa0\x15\x01"
21933 "\xf5\x72\xfb\x5a\xe7\xaf\x07\xe3"
21934 "\x1b\x49\x21\x34\x23\x63\x55\x5e"
21935 "\xee\x4f\x34\x17\xfa\xfe\xa5\x0c"
21936 "\xed\x0b\x23\xea\x9b\xda\x57\x2f"
21937 "\xf6\xa9\xae\x0d\x4e\x40\x96\x45"
21938 "\x7f\xfa\xf0\xbf\xc4\x98\x78",
21939 .clen = 79,
21940 }, {
21941 .key = "\x2a\x2a\xb1\xc3\xb5\xc5\x59\xac"
21942 "\xa7\xa6\xe8\x6d\xfc\x1d\xb2\x0b"
21943 "\x1d\xa3\xf3\x38\xdd\xe0\xd5\x4e"
21944 "\x7b\xa7\x6e\x58\xa3\xf5\xbf\x0a",
21945 .klen = 32,
21946 .iv = "\x39\xf3\x3f\x2b\xf9\x64\x03\x33"
21947 "\xc7\xdd\x15\x91\xfb\xe6\xe2\x8d",
21948 .assoc = "\x49\xbc\xce\x92\x3d\x02\xad\xba"
21949 "\xe7\x13\x41\xb6\xf9\xaf\x13\x0f"
21950 "\xb2\x04\xf8\x7a\x5f\x30\x96\x5b"
21951 "\xdc\xbd\xdd\x44\x10\x25\x8f\x75"
21952 "\x75\x4d\xb9\x5b\x8e\x0a\x38\x13"
21953 "\x6f\x9f\x36\xe4\x3a\x3e\xac\xc9"
21954 "\x9d\x83\xde\xe5\x57\xfd\xe3\x0e"
21955 "\xb1\xa7\x1b\x44\x05\x67\xb7\x37",
21956 .alen = 64,
21957 .ptext = "\x58\x85\x5c\xfa\x81\xa1\x57\x40"
21958 "\x08\x4a\x6e\xda\xf8\x78\x44\x90"
21959 "\x7d\xb5\x7b\x9b\xa1\xd8\x76\x62"
21960 "\x0c\xc9\x15\x3b\xc7\x3c\x77\x2b"
21961 "\xf8\x78\xba\xa7\xa6\x0e\xbd\x52"
21962 "\x76\xa3\xdc\xbe\x6b\xa8\xb1\x2d"
21963 "\xa9\x1d\xd8\x4e\x31\x53\xab\x00"
21964 "\xa5\xa7\x01\x13\x04\x49\xf2\x04",
21965 .plen = 64,
21966 .ctext = "\x28\xdd\xb9\x4a\x12\xc7\x0a\xe1"
21967 "\x58\x06\x1a\x9b\x8c\x67\xdf\xeb"
21968 "\x35\x35\x60\x9d\x06\x40\x65\xc1"
21969 "\x93\xe8\xb3\x82\x50\x29\xdd\xb5"
21970 "\x2b\xcb\xde\x18\x78\x6b\x42\xbe"
21971 "\x6d\x24\xd0\xb2\x7d\xd7\x08\x8f"
21972 "\x4a\x18\x98\xad\x8c\xf2\x97\xb4"
21973 "\xf4\x77\xe4\xbf\x41\x3b\xc4\x06"
21974 "\xce\x9e\x34\x81\xf0\x89\x11\x13"
21975 "\x02\x65\xa1\x7c\xdf\x07\x33\x06",
21976 .clen = 80,
21977 }, {
21978 .key = "\x67\x4f\xeb\x62\xc5\x40\x01\xc7"
21979 "\x28\x80\x9a\xfe\xf6\x41\x74\x12"
21980 "\x48\x65\xfe\xbc\xe2\x80\x57\x68"
21981 "\x3c\xd4\x4d\x31\x7d\x54\x5f\xe1",
21982 .klen = 32,
21983 .iv = "\x76\x18\x79\xca\x09\xdf\xac\x4e"
21984 "\x48\xb7\xc7\x23\xf5\x0a\xa5\x93",
21985 .assoc = "\x85\xe1\x08\x32\x4d\x7e\x56\xd5"
21986 "\x68\xed\xf3\x47\xf3\xd3\xd6\x15"
21987 "\xdd\xc7\x04\xfe\x64\xd0\x18\x75"
21988 "\x9d\xeb\xbc\x1d\xea\x84\x2e\x4c"
21989 "\x83\xf9\xbe\x8a\xef\x1c\x4b\x10"
21990 "\x89\xaf\xcb\x4b\xfe\xe7\xc1\x58"
21991 "\xca\xea\xc6\x87\xc0\x53\x03\xd9"
21992 "\x80\xaa\xb2\x83\xff\xee\xa1\x6a"
21993 "\x04",
21994 .alen = 65,
21995 .ptext = "\x94\xaa\x96\x9a\x91\x1d\x00\x5c"
21996 "\x88\x24\x20\x6b\xf2\x9c\x06\x96"
21997 "\xa7\x77\x87\x1f\xa6\x78\xf8\x7b"
21998 "\xcd\xf6\xf4\x13\xa1\x9b\x16\x02"
21999 "\x07\x24\xbf\xd5\x08\x20\xd0\x4f"
22000 "\x90\xb3\x70\x24\x2f\x51\xc7\xbb"
22001 "\xd6\x84\xc0\xef\x9a\xa8\xca\xcc"
22002 "\x74\xab\x97\x53\xfe\xd0\xdb\x37"
22003 "\x37\x6a\x0e\x9f\x3f\xa3\x2a\xe3"
22004 "\x1b\x34\x6d\x51\x72\x2b\x17\xe7"
22005 "\x4d\xaa\x2c\x18\xda\xa3\x33\x89"
22006 "\x2a\x9f\xf4\xd2\xed\x76\x3d\x3f"
22007 "\x3c\x15\x9d\x8e\x4f\x3c\x27\xb0"
22008 "\x42\x3f\x2f\x8a\xd4\xc2\x10\xb2"
22009 "\x27\x7f\xe3\x34\x80\x02\x49\x4b"
22010 "\x07\x68\x22\x2a\x88\x25\x53\xb2"
22011 "\x2f",
22012 .plen = 129,
22013 .ctext = "\x85\x39\x69\x35\xfb\xf9\xb0\xa6"
22014 "\x85\x43\x88\xd0\xd7\x78\x60\x19"
22015 "\x3e\x1f\xb1\xa4\xd6\xc5\x96\xec"
22016 "\xf7\x84\x85\xc7\x27\x0f\x74\x57"
22017 "\x28\x9e\xdd\x90\x3c\x43\x12\xc5"
22018 "\x51\x3d\x39\x8f\xa5\xf4\xe0\x0b"
22019 "\x57\x04\xf1\x6d\xfe\x9b\x84\x27"
22020 "\xe8\xeb\x4d\xda\x02\x0a\xc5\x49"
22021 "\x1a\x55\x5e\x50\x56\x4d\x94\xda"
22022 "\x20\xf8\x12\x54\x50\xb3\x11\xda"
22023 "\xed\x44\x27\x67\xd5\xd1\x8b\x4b"
22024 "\x38\x67\x56\x65\x59\xda\xe6\x97"
22025 "\x81\xae\x2f\x92\x3b\xae\x22\x1c"
22026 "\x91\x59\x38\x18\x00\xe8\xba\x92"
22027 "\x04\x19\x56\xdf\xb0\x82\xeb\x6f"
22028 "\x2e\xdb\x54\x3c\x4b\xbb\x60\x90"
22029 "\x4c\x50\x10\x62\xba\x7a\xb1\x68"
22030 "\x37\xd7\x87\x4e\xe4\x66\x09\x1f"
22031 "\xa5",
22032 .clen = 145,
22033 }, {
22034 .key = "\xa3\x73\x24\x01\xd5\xbc\xaa\xe3"
22035 "\xa9\x5a\x4c\x90\xf0\x65\x37\x18"
22036 "\x72\x28\x0a\x40\xe7\x20\xd9\x82"
22037 "\xfe\x02\x2b\x09\x57\xb3\xfe\xb7",
22038 .klen = 32,
22039 .iv = "\xb3\x3d\xb3\x69\x19\x5b\x54\x6a"
22040 "\xc9\x91\x79\xb4\xef\x2e\x68\x99",
22041 .assoc = "\xc2\x06\x41\xd1\x5d\xfa\xff\xf1"
22042 "\xe9\xc7\xa5\xd9\xed\xf8\x98\x1b"
22043 "\x07\x89\x10\x82\x6a\x70\x9a\x8f"
22044 "\x5e\x19\x9b\xf5\xc5\xe3\xcd\x22"
22045 "\x92\xa5\xc2\xb8\x51\x2e\x5e\x0e"
22046 "\xa4\xbe\x5f\xb1\xc1\x90\xd7\xe7"
22047 "\xf7\x52\xae\x28\x29\xa8\x22\xa4"
22048 "\x4f\xae\x48\xc2\xfa\x75\x8b\x9e"
22049 "\xce\x83\x2a\x88\x07\x55\xbb\x89"
22050 "\xf6\xdf\xac\xdf\x83\x08\xbf\x7d"
22051 "\xac\x30\x8b\x8e\x02\xac\x00\xf1"
22052 "\x30\x46\xe1\xbc\x75\xbf\x49\xbb"
22053 "\x26\x4e\x29\xf0\x2f\x21\xc6\x13"
22054 "\x92\xd9\x3d\x11\xe4\x10\x00\x8e"
22055 "\xd4\xd4\x58\x65\xa6\x2b\xe3\x25"
22056 "\xb1\x8f\x15\x93\xe7\x71\xb9\x2c"
22057 "\x4b",
22058 .alen = 129,
22059 .ptext = "\xd1\xcf\xd0\x39\xa1\x99\xa9\x78"
22060 "\x09\xfe\xd2\xfd\xec\xc1\xc9\x9d"
22061 "\xd2\x39\x93\xa3\xab\x18\x7a\x95"
22062 "\x8f\x24\xd3\xeb\x7b\xfa\xb5\xd8"
22063 "\x15\xd1\xc3\x04\x69\x32\xe3\x4d"
22064 "\xaa\xc2\x04\x8b\xf2\xfa\xdc\x4a"
22065 "\x02\xeb\xa8\x90\x03\xfd\xea\x97"
22066 "\x43\xaf\x2e\x92\xf8\x57\xc5\x6a"
22067 "\x00",
22068 .plen = 65,
22069 .ctext = "\x7d\xde\x53\x22\xe4\x23\x3b\x30"
22070 "\x78\xde\x35\x90\x7a\xd9\x0b\x93"
22071 "\xf6\x0e\x0b\xed\x40\xee\x10\x9c"
22072 "\x96\x3a\xd3\x34\xb2\xd0\x67\xcf"
22073 "\x63\x7f\x2d\x0c\xcf\x96\xec\x64"
22074 "\x1a\x87\xcc\x7d\x2c\x5e\x81\x4b"
22075 "\xd2\x8f\x4c\x7c\x00\xb1\xb4\xe0"
22076 "\x87\x4d\xb1\xbc\xd8\x78\x2c\x17"
22077 "\xf2\x3b\xd8\x28\x40\xe2\x76\xf6"
22078 "\x20\x13\x83\x46\xaf\xff\xe3\x0f"
22079 "\x72",
22080 .clen = 81,
22081 }, {
22082 .key = "\xe0\x98\x5e\xa1\xe5\x38\x53\xff"
22083 "\x2a\x35\xfe\x21\xea\x8a\xfa\x1e"
22084 "\x9c\xea\x15\xc5\xec\xc0\x5b\x9b"
22085 "\xbf\x2f\x0a\xe1\x32\x12\x9d\x8e",
22086 .klen = 32,
22087 .iv = "\xef\x61\xed\x08\x29\xd7\xfd\x86"
22088 "\x4a\x6b\x2b\x46\xe9\x53\x2a\xa0",
22089 .assoc = "\xfe\x2a\x7b\x70\x6d\x75\xa7\x0d"
22090 "\x6a\xa2\x57\x6a\xe7\x1c\x5b\x21"
22091 "\x31\x4b\x1b\x07\x6f\x10\x1c\xa8"
22092 "\x20\x46\x7a\xce\x9f\x42\x6d\xf9",
22093 .alen = 32,
22094 .ptext = "\x0d\xf4\x09\xd8\xb1\x14\x51\x94"
22095 "\x8a\xd8\x84\x8e\xe6\xe5\x8c\xa3"
22096 "\xfc\xfc\x9e\x28\xb0\xb8\xfc\xaf"
22097 "\x50\x52\xb1\xc4\x55\x59\x55\xaf",
22098 .plen = 32,
22099 .ctext = "\x5a\xcd\x8c\x57\xf2\x6a\xb6\xbe"
22100 "\x53\xc7\xaa\x9a\x60\x74\x9c\xc4"
22101 "\xa2\xc2\xd0\x6d\xe1\x03\x63\xdc"
22102 "\xbb\x51\x7e\x9c\x89\x73\xde\x4e"
22103 "\x24\xf8\x52\x7c\x15\x41\x0e\xba"
22104 "\x69\x0e\x36\x5f\x2f\x22\x8c",
22105 .clen = 47,
22106 }, {
22107 .key = "\x1c\xbd\x98\x40\xf5\xb3\xfc\x1b"
22108 "\xaa\x0f\xb0\xb3\xe4\xae\xbc\x24"
22109 "\xc7\xac\x21\x49\xf1\x60\xdd\xb5"
22110 "\x80\x5d\xe9\xba\x0c\x71\x3c\x64",
22111 .klen = 32,
22112 .iv = "\x2c\x86\x26\xa8\x39\x52\xa6\xa2"
22113 "\xcb\x45\xdd\xd7\xe3\x77\xed\xa6",
22114 .assoc = "\x3b\x4f\xb5\x10\x7d\xf1\x50\x29"
22115 "\xeb\x7c\x0a\xfb\xe1\x40\x1e\x27"
22116 "\x5c\x0d\x27\x8b\x74\xb0\x9e\xc2"
22117 "\xe1\x74\x59\xa6\x79\xa1\x0c\xd0",
22118 .alen = 32,
22119 .ptext = "\x4a\x18\x43\x77\xc1\x90\xfa\xb0"
22120 "\x0b\xb2\x36\x20\xe0\x09\x4e\xa9"
22121 "\x26\xbe\xaa\xac\xb5\x58\x7e\xc8"
22122 "\x11\x7f\x90\x9c\x2f\xb8\xf4\x85",
22123 .plen = 32,
22124 .ctext = "\x47\xd6\xce\x78\xd6\xbf\x4a\x51"
22125 "\xb8\xda\x92\x3c\xfd\xda\xac\x8e"
22126 "\x8d\x88\xd7\x4d\x90\xe5\xeb\xa1"
22127 "\xab\xd6\x7c\x76\xad\xea\x7d\x76"
22128 "\x53\xee\xb0\xcd\xd0\x02\xbb\x70"
22129 "\x5b\x6f\x7b\xe2\x8c\xe8",
22130 .clen = 46,
22131 }, {
22132 .key = "\x59\xe1\xd2\xdf\x05\x2f\xa4\x37"
22133 "\x2b\xe9\x63\x44\xde\xd3\x7f\x2b"
22134 "\xf1\x6f\x2d\xcd\xf6\x00\x5f\xcf"
22135 "\x42\x8a\xc8\x92\xe6\xd0\xdc\x3b",
22136 .klen = 32,
22137 .iv = "\x68\xab\x60\x47\x49\xce\x4f\xbe"
22138 "\x4c\x20\x8f\x68\xdd\x9c\xb0\xac",
22139 .assoc = "\x77\x74\xee\xaf\x8d\x6d\xf9\x45"
22140 "\x6c\x56\xbc\x8d\xdb\x65\xe0\x2e"
22141 "\x86\xd0\x32\x0f\x79\x50\x20\xdb"
22142 "\xa2\xa1\x37\x7e\x53\x00\xab\xa6",
22143 .alen = 32,
22144 .ptext = "\x86\x3d\x7d\x17\xd1\x0c\xa3\xcc"
22145 "\x8c\x8d\xe8\xb1\xda\x2e\x11\xaf"
22146 "\x51\x80\xb5\x30\xba\xf8\x00\xe2"
22147 "\xd3\xad\x6f\x75\x09\x18\x93\x5c",
22148 .plen = 32,
22149 .ctext = "\x9f\xa9\x2b\xa4\x8f\x00\x05\x2b"
22150 "\xe7\x68\x81\x51\xbb\xfb\xdf\x60"
22151 "\xbb\xac\xe8\xc1\xdc\x68\xae\x68"
22152 "\x3a\xcd\x7a\x06\x49\xfe\x80\x11"
22153 "\xe6\x61\x99\xe2\xdd\xbe\x2c\xbf",
22154 .clen = 40,
22155 }, {
22156 .key = "\x96\x06\x0b\x7f\x15\xab\x4d\x53"
22157 "\xac\xc3\x15\xd6\xd8\xf7\x42\x31"
22158 "\x1b\x31\x38\x51\xfc\xa0\xe1\xe8"
22159 "\x03\xb8\xa7\x6b\xc0\x2f\x7b\x11",
22160 .klen = 32,
22161 .iv = "\xa5\xcf\x9a\xe6\x59\x4a\xf7\xd9"
22162 "\xcd\xfa\x41\xfa\xd7\xc0\x72\xb2",
22163 .assoc = "\xb4\x99\x28\x4e\x9d\xe8\xa2\x60"
22164 "\xed\x30\x6e\x1e\xd5\x89\xa3\x34"
22165 "\xb1\x92\x3e\x93\x7e\xf0\xa2\xf5"
22166 "\x64\xcf\x16\x57\x2d\x5f\x4a\x7d",
22167 .alen = 32,
22168 .ptext = "\xc3\x62\xb7\xb6\xe2\x87\x4c\xe7"
22169 "\x0d\x67\x9a\x43\xd4\x52\xd4\xb5"
22170 "\x7b\x43\xc1\xb5\xbf\x98\x82\xfc"
22171 "\x94\xda\x4e\x4d\xe4\x77\x32\x32",
22172 .plen = 32,
22173 .ctext = "\xe2\x34\xfa\x25\xfd\xfb\x89\x5e"
22174 "\x5b\x4e\x0b\x15\x6e\x39\xfb\x0c"
22175 "\x73\xc7\xd9\x6b\xbe\xce\x9b\x70"
22176 "\xc7\x4f\x96\x16\x03\xfc\xea\xfb"
22177 "\x56",
22178 .clen = 33,
22179 },
22180};
22181
22182/*
22183 * All key wrapping test vectors taken from 20476 * All key wrapping test vectors taken from
22184 * http://csrc.nist.gov/groups/STM/cavp/documents/mac/kwtestvectors.zip 20477 * http://csrc.nist.gov/groups/STM/cavp/documents/mac/kwtestvectors.zip
22185 * 20478 *
diff --git a/include/crypto/morus1280_glue.h b/include/crypto/morus1280_glue.h
deleted file mode 100644
index 5cefddb1991f..000000000000
--- a/include/crypto/morus1280_glue.h
+++ /dev/null
@@ -1,97 +0,0 @@
1/* SPDX-License-Identifier: GPL-2.0-or-later */
2/*
3 * The MORUS-1280 Authenticated-Encryption Algorithm
4 * Common glue skeleton -- header file
5 *
6 * Copyright (c) 2016-2018 Ondrej Mosnacek <omosnacek@gmail.com>
7 * Copyright (C) 2017-2018 Red Hat, Inc. All rights reserved.
8 */
9
10#ifndef _CRYPTO_MORUS1280_GLUE_H
11#define _CRYPTO_MORUS1280_GLUE_H
12
13#include <linux/module.h>
14#include <linux/types.h>
15#include <crypto/algapi.h>
16#include <crypto/aead.h>
17#include <crypto/morus_common.h>
18
19#define MORUS1280_WORD_SIZE 8
20#define MORUS1280_BLOCK_SIZE (MORUS_BLOCK_WORDS * MORUS1280_WORD_SIZE)
21
22struct morus1280_block {
23 u8 bytes[MORUS1280_BLOCK_SIZE];
24};
25
26struct morus1280_glue_ops {
27 void (*init)(void *state, const void *key, const void *iv);
28 void (*ad)(void *state, const void *data, unsigned int length);
29 void (*enc)(void *state, const void *src, void *dst, unsigned int length);
30 void (*dec)(void *state, const void *src, void *dst, unsigned int length);
31 void (*enc_tail)(void *state, const void *src, void *dst, unsigned int length);
32 void (*dec_tail)(void *state, const void *src, void *dst, unsigned int length);
33 void (*final)(void *state, void *tag_xor, u64 assoclen, u64 cryptlen);
34};
35
36struct morus1280_ctx {
37 const struct morus1280_glue_ops *ops;
38 struct morus1280_block key;
39};
40
41void crypto_morus1280_glue_init_ops(struct crypto_aead *aead,
42 const struct morus1280_glue_ops *ops);
43int crypto_morus1280_glue_setkey(struct crypto_aead *aead, const u8 *key,
44 unsigned int keylen);
45int crypto_morus1280_glue_setauthsize(struct crypto_aead *tfm,
46 unsigned int authsize);
47int crypto_morus1280_glue_encrypt(struct aead_request *req);
48int crypto_morus1280_glue_decrypt(struct aead_request *req);
49
50#define MORUS1280_DECLARE_ALG(id, driver_name, priority) \
51 static const struct morus1280_glue_ops crypto_morus1280_##id##_ops = {\
52 .init = crypto_morus1280_##id##_init, \
53 .ad = crypto_morus1280_##id##_ad, \
54 .enc = crypto_morus1280_##id##_enc, \
55 .enc_tail = crypto_morus1280_##id##_enc_tail, \
56 .dec = crypto_morus1280_##id##_dec, \
57 .dec_tail = crypto_morus1280_##id##_dec_tail, \
58 .final = crypto_morus1280_##id##_final, \
59 }; \
60 \
61 static int crypto_morus1280_##id##_init_tfm(struct crypto_aead *tfm) \
62 { \
63 crypto_morus1280_glue_init_ops(tfm, &crypto_morus1280_##id##_ops); \
64 return 0; \
65 } \
66 \
67 static void crypto_morus1280_##id##_exit_tfm(struct crypto_aead *tfm) \
68 { \
69 } \
70 \
71 static struct aead_alg crypto_morus1280_##id##_alg = { \
72 .setkey = crypto_morus1280_glue_setkey, \
73 .setauthsize = crypto_morus1280_glue_setauthsize, \
74 .encrypt = crypto_morus1280_glue_encrypt, \
75 .decrypt = crypto_morus1280_glue_decrypt, \
76 .init = crypto_morus1280_##id##_init_tfm, \
77 .exit = crypto_morus1280_##id##_exit_tfm, \
78 \
79 .ivsize = MORUS_NONCE_SIZE, \
80 .maxauthsize = MORUS_MAX_AUTH_SIZE, \
81 .chunksize = MORUS1280_BLOCK_SIZE, \
82 \
83 .base = { \
84 .cra_flags = CRYPTO_ALG_INTERNAL, \
85 .cra_blocksize = 1, \
86 .cra_ctxsize = sizeof(struct morus1280_ctx), \
87 .cra_alignmask = 0, \
88 .cra_priority = priority, \
89 \
90 .cra_name = "__morus1280", \
91 .cra_driver_name = "__"driver_name, \
92 \
93 .cra_module = THIS_MODULE, \
94 } \
95 }
96
97#endif /* _CRYPTO_MORUS1280_GLUE_H */
diff --git a/include/crypto/morus640_glue.h b/include/crypto/morus640_glue.h
deleted file mode 100644
index 0ee6266cb26c..000000000000
--- a/include/crypto/morus640_glue.h
+++ /dev/null
@@ -1,97 +0,0 @@
1/* SPDX-License-Identifier: GPL-2.0-or-later */
2/*
3 * The MORUS-640 Authenticated-Encryption Algorithm
4 * Common glue skeleton -- header file
5 *
6 * Copyright (c) 2016-2018 Ondrej Mosnacek <omosnacek@gmail.com>
7 * Copyright (C) 2017-2018 Red Hat, Inc. All rights reserved.
8 */
9
10#ifndef _CRYPTO_MORUS640_GLUE_H
11#define _CRYPTO_MORUS640_GLUE_H
12
13#include <linux/module.h>
14#include <linux/types.h>
15#include <crypto/algapi.h>
16#include <crypto/aead.h>
17#include <crypto/morus_common.h>
18
19#define MORUS640_WORD_SIZE 4
20#define MORUS640_BLOCK_SIZE (MORUS_BLOCK_WORDS * MORUS640_WORD_SIZE)
21
22struct morus640_block {
23 u8 bytes[MORUS640_BLOCK_SIZE];
24};
25
26struct morus640_glue_ops {
27 void (*init)(void *state, const void *key, const void *iv);
28 void (*ad)(void *state, const void *data, unsigned int length);
29 void (*enc)(void *state, const void *src, void *dst, unsigned int length);
30 void (*dec)(void *state, const void *src, void *dst, unsigned int length);
31 void (*enc_tail)(void *state, const void *src, void *dst, unsigned int length);
32 void (*dec_tail)(void *state, const void *src, void *dst, unsigned int length);
33 void (*final)(void *state, void *tag_xor, u64 assoclen, u64 cryptlen);
34};
35
36struct morus640_ctx {
37 const struct morus640_glue_ops *ops;
38 struct morus640_block key;
39};
40
41void crypto_morus640_glue_init_ops(struct crypto_aead *aead,
42 const struct morus640_glue_ops *ops);
43int crypto_morus640_glue_setkey(struct crypto_aead *aead, const u8 *key,
44 unsigned int keylen);
45int crypto_morus640_glue_setauthsize(struct crypto_aead *tfm,
46 unsigned int authsize);
47int crypto_morus640_glue_encrypt(struct aead_request *req);
48int crypto_morus640_glue_decrypt(struct aead_request *req);
49
50#define MORUS640_DECLARE_ALG(id, driver_name, priority) \
51 static const struct morus640_glue_ops crypto_morus640_##id##_ops = {\
52 .init = crypto_morus640_##id##_init, \
53 .ad = crypto_morus640_##id##_ad, \
54 .enc = crypto_morus640_##id##_enc, \
55 .enc_tail = crypto_morus640_##id##_enc_tail, \
56 .dec = crypto_morus640_##id##_dec, \
57 .dec_tail = crypto_morus640_##id##_dec_tail, \
58 .final = crypto_morus640_##id##_final, \
59 }; \
60 \
61 static int crypto_morus640_##id##_init_tfm(struct crypto_aead *tfm) \
62 { \
63 crypto_morus640_glue_init_ops(tfm, &crypto_morus640_##id##_ops); \
64 return 0; \
65 } \
66 \
67 static void crypto_morus640_##id##_exit_tfm(struct crypto_aead *tfm) \
68 { \
69 } \
70 \
71 static struct aead_alg crypto_morus640_##id##_alg = {\
72 .setkey = crypto_morus640_glue_setkey, \
73 .setauthsize = crypto_morus640_glue_setauthsize, \
74 .encrypt = crypto_morus640_glue_encrypt, \
75 .decrypt = crypto_morus640_glue_decrypt, \
76 .init = crypto_morus640_##id##_init_tfm, \
77 .exit = crypto_morus640_##id##_exit_tfm, \
78 \
79 .ivsize = MORUS_NONCE_SIZE, \
80 .maxauthsize = MORUS_MAX_AUTH_SIZE, \
81 .chunksize = MORUS640_BLOCK_SIZE, \
82 \
83 .base = { \
84 .cra_flags = CRYPTO_ALG_INTERNAL, \
85 .cra_blocksize = 1, \
86 .cra_ctxsize = sizeof(struct morus640_ctx), \
87 .cra_alignmask = 0, \
88 .cra_priority = priority, \
89 \
90 .cra_name = "__morus640", \
91 .cra_driver_name = "__"driver_name, \
92 \
93 .cra_module = THIS_MODULE, \
94 } \
95 }
96
97#endif /* _CRYPTO_MORUS640_GLUE_H */
diff --git a/include/crypto/morus_common.h b/include/crypto/morus_common.h
deleted file mode 100644
index 969510a9a56c..000000000000
--- a/include/crypto/morus_common.h
+++ /dev/null
@@ -1,18 +0,0 @@
1/* SPDX-License-Identifier: GPL-2.0-or-later */
2/*
3 * The MORUS Authenticated-Encryption Algorithm
4 * Common definitions
5 *
6 * Copyright (c) 2016-2018 Ondrej Mosnacek <omosnacek@gmail.com>
7 * Copyright (C) 2017-2018 Red Hat, Inc. All rights reserved.
8 */
9
10#ifndef _CRYPTO_MORUS_COMMON_H
11#define _CRYPTO_MORUS_COMMON_H
12
13#define MORUS_BLOCK_WORDS 4
14#define MORUS_STATE_BLOCKS 5
15#define MORUS_NONCE_SIZE 16
16#define MORUS_MAX_AUTH_SIZE 16
17
18#endif /* _CRYPTO_MORUS_COMMON_H */
generated by cgit v1.2.2 (git 2.25.0) at 2025-01-30 18:40:48 -0500