aboutsummaryrefslogtreecommitdiffstats
path: root/crypto
diff options
context:
space:
mode:
authorLinus Torvalds <torvalds@linux-foundation.org>2018-12-27 16:53:32 -0500
committerLinus Torvalds <torvalds@linux-foundation.org>2018-12-27 16:53:32 -0500
commitb71acb0e372160167bf6d5500b88b30b52ccef6e (patch)
tree218e4b2752336ae38ffed12b67e89ed7995db931 /crypto
parente0c38a4d1f196a4b17d2eba36afff8f656a4f1de (diff)
parentc79b411eaa7257204f89c30651c45cea22278769 (diff)
Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6
Pull crypto updates from Herbert Xu: "API: - Add 1472-byte test to tcrypt for IPsec - Reintroduced crypto stats interface with numerous changes - Support incremental algorithm dumps Algorithms: - Add xchacha12/20 - Add nhpoly1305 - Add adiantum - Add streebog hash - Mark cts(cbc(aes)) as FIPS allowed Drivers: - Improve performance of arm64/chacha20 - Improve performance of x86/chacha20 - Add NEON-accelerated nhpoly1305 - Add SSE2 accelerated nhpoly1305 - Add AVX2 accelerated nhpoly1305 - Add support for 192/256-bit keys in gcmaes AVX - Add SG support in gcmaes AVX - ESN for inline IPsec tx in chcr - Add support for CryptoCell 703 in ccree - Add support for CryptoCell 713 in ccree - Add SM4 support in ccree - Add SM3 support in ccree - Add support for chacha20 in caam/qi2 - Add support for chacha20 + poly1305 in caam/jr - Add support for chacha20 + poly1305 in caam/qi2 - Add AEAD cipher support in cavium/nitrox" * 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6: (130 commits) crypto: skcipher - remove remnants of internal IV generators crypto: cavium/nitrox - Fix build with !CONFIG_DEBUG_FS crypto: salsa20-generic - don't unnecessarily use atomic walk crypto: skcipher - add might_sleep() to skcipher_walk_virt() crypto: x86/chacha - avoid sleeping under kernel_fpu_begin() crypto: cavium/nitrox - Added AEAD cipher support crypto: mxc-scc - fix build warnings on ARM64 crypto: api - document missing stats member crypto: user - remove unused dump functions crypto: chelsio - Fix wrong error counter increments crypto: chelsio - Reset counters on cxgb4 Detach crypto: chelsio - Handle PCI shutdown event crypto: chelsio - cleanup:send addr as value in function argument crypto: chelsio - Use same value for both channel in single WR crypto: chelsio - Swap location of AAD and IV sent in WR crypto: chelsio - remove set but not used variable 'kctx_len' crypto: ux500 - Use proper enum in hash_set_dma_transfer crypto: ux500 - Use proper enum in cryp_set_dma_transfer crypto: aesni - Add scatter/gather avx stubs, and use them in C crypto: aesni - Introduce partial block macro ..
Diffstat (limited to 'crypto')
-rw-r--r--crypto/Kconfig99
-rw-r--r--crypto/Makefile8
-rw-r--r--crypto/ablkcipher.c94
-rw-r--r--crypto/acompress.c10
-rw-r--r--crypto/adiantum.c664
-rw-r--r--crypto/aead.c14
-rw-r--r--crypto/aes_generic.c9
-rw-r--r--crypto/aes_ti.c18
-rw-r--r--crypto/ahash.c29
-rw-r--r--crypto/akcipher.c11
-rw-r--r--crypto/algapi.c247
-rw-r--r--crypto/blkcipher.c20
-rw-r--r--crypto/cfb.c2
-rw-r--r--crypto/chacha20_generic.c137
-rw-r--r--crypto/chacha20poly1305.c12
-rw-r--r--crypto/chacha_generic.c217
-rw-r--r--crypto/cryptd.c4
-rw-r--r--crypto/crypto_user_base.c136
-rw-r--r--crypto/crypto_user_stat.c301
-rw-r--r--crypto/ctr.c2
-rw-r--r--crypto/ecc.c58
-rw-r--r--crypto/hash_info.c4
-rw-r--r--crypto/kpp.c10
-rw-r--r--crypto/lz4.c1
-rw-r--r--crypto/lz4hc.c1
-rw-r--r--crypto/nhpoly1305.c254
-rw-r--r--crypto/pcrypt.c2
-rw-r--r--crypto/poly1305_generic.c174
-rw-r--r--crypto/rng.c16
-rw-r--r--crypto/salsa20_generic.c2
-rw-r--r--crypto/scompress.c11
-rw-r--r--crypto/shash.c12
-rw-r--r--crypto/skcipher.c23
-rw-r--r--crypto/streebog_generic.c1140
-rw-r--r--crypto/tcrypt.c59
-rw-r--r--crypto/testmgr.c62
-rw-r--r--crypto/testmgr.h3220
37 files changed, 6297 insertions, 786 deletions
diff --git a/crypto/Kconfig b/crypto/Kconfig
index 05c91eb10ca1..045af6eeb7e2 100644
--- a/crypto/Kconfig
+++ b/crypto/Kconfig
@@ -430,11 +430,14 @@ config CRYPTO_CTS
430 help 430 help
431 CTS: Cipher Text Stealing 431 CTS: Cipher Text Stealing
432 This is the Cipher Text Stealing mode as described by 432 This is the Cipher Text Stealing mode as described by
433 Section 8 of rfc2040 and referenced by rfc3962. 433 Section 8 of rfc2040 and referenced by rfc3962
434 (rfc3962 includes errata information in its Appendix A) 434 (rfc3962 includes errata information in its Appendix A) or
435 CBC-CS3 as defined by NIST in Sp800-38A addendum from Oct 2010.
435 This mode is required for Kerberos gss mechanism support 436 This mode is required for Kerberos gss mechanism support
436 for AES encryption. 437 for AES encryption.
437 438
439 See: https://csrc.nist.gov/publications/detail/sp/800-38a/addendum/final
440
438config CRYPTO_ECB 441config CRYPTO_ECB
439 tristate "ECB support" 442 tristate "ECB support"
440 select CRYPTO_BLKCIPHER 443 select CRYPTO_BLKCIPHER
@@ -493,6 +496,50 @@ config CRYPTO_KEYWRAP
493 Support for key wrapping (NIST SP800-38F / RFC3394) without 496 Support for key wrapping (NIST SP800-38F / RFC3394) without
494 padding. 497 padding.
495 498
499config CRYPTO_NHPOLY1305
500 tristate
501 select CRYPTO_HASH
502 select CRYPTO_POLY1305
503
504config CRYPTO_NHPOLY1305_SSE2
505 tristate "NHPoly1305 hash function (x86_64 SSE2 implementation)"
506 depends on X86 && 64BIT
507 select CRYPTO_NHPOLY1305
508 help
509 SSE2 optimized implementation of the hash function used by the
510 Adiantum encryption mode.
511
512config CRYPTO_NHPOLY1305_AVX2
513 tristate "NHPoly1305 hash function (x86_64 AVX2 implementation)"
514 depends on X86 && 64BIT
515 select CRYPTO_NHPOLY1305
516 help
517 AVX2 optimized implementation of the hash function used by the
518 Adiantum encryption mode.
519
520config CRYPTO_ADIANTUM
521 tristate "Adiantum support"
522 select CRYPTO_CHACHA20
523 select CRYPTO_POLY1305
524 select CRYPTO_NHPOLY1305
525 help
526 Adiantum is a tweakable, length-preserving encryption mode
527 designed for fast and secure disk encryption, especially on
528 CPUs without dedicated crypto instructions. It encrypts
529 each sector using the XChaCha12 stream cipher, two passes of
530 an ε-almost-∆-universal hash function, and an invocation of
531 the AES-256 block cipher on a single 16-byte block. On CPUs
532 without AES instructions, Adiantum is much faster than
533 AES-XTS.
534
535 Adiantum's security is provably reducible to that of its
536 underlying stream and block ciphers, subject to a security
537 bound. Unlike XTS, Adiantum is a true wide-block encryption
538 mode, so it actually provides an even stronger notion of
539 security than XTS, subject to the security bound.
540
541 If unsure, say N.
542
496comment "Hash modes" 543comment "Hash modes"
497 544
498config CRYPTO_CMAC 545config CRYPTO_CMAC
@@ -936,6 +983,18 @@ config CRYPTO_SM3
936 http://www.oscca.gov.cn/UpFile/20101222141857786.pdf 983 http://www.oscca.gov.cn/UpFile/20101222141857786.pdf
937 https://datatracker.ietf.org/doc/html/draft-shen-sm3-hash 984 https://datatracker.ietf.org/doc/html/draft-shen-sm3-hash
938 985
986config CRYPTO_STREEBOG
987 tristate "Streebog Hash Function"
988 select CRYPTO_HASH
989 help
990 Streebog Hash Function (GOST R 34.11-2012, RFC 6986) is one of the Russian
991 cryptographic standard algorithms (called GOST algorithms).
992 This setting enables two hash algorithms with 256 and 512 bits output.
993
994 References:
995 https://tc26.ru/upload/iblock/fed/feddbb4d26b685903faa2ba11aea43f6.pdf
996 https://tools.ietf.org/html/rfc6986
997
939config CRYPTO_TGR192 998config CRYPTO_TGR192
940 tristate "Tiger digest algorithms" 999 tristate "Tiger digest algorithms"
941 select CRYPTO_HASH 1000 select CRYPTO_HASH
@@ -1006,7 +1065,8 @@ config CRYPTO_AES_TI
1006 8 for decryption), this implementation only uses just two S-boxes of 1065 8 for decryption), this implementation only uses just two S-boxes of
1007 256 bytes each, and attempts to eliminate data dependent latencies by 1066 256 bytes each, and attempts to eliminate data dependent latencies by
1008 prefetching the entire table into the cache at the start of each 1067 prefetching the entire table into the cache at the start of each
1009 block. 1068 block. Interrupts are also disabled to avoid races where cachelines
1069 are evicted when the CPU is interrupted to do something else.
1010 1070
1011config CRYPTO_AES_586 1071config CRYPTO_AES_586
1012 tristate "AES cipher algorithms (i586)" 1072 tristate "AES cipher algorithms (i586)"
@@ -1387,32 +1447,34 @@ config CRYPTO_SALSA20
1387 Bernstein <djb@cr.yp.to>. See <http://cr.yp.to/snuffle.html> 1447 Bernstein <djb@cr.yp.to>. See <http://cr.yp.to/snuffle.html>
1388 1448
1389config CRYPTO_CHACHA20 1449config CRYPTO_CHACHA20
1390 tristate "ChaCha20 cipher algorithm" 1450 tristate "ChaCha stream cipher algorithms"
1391 select CRYPTO_BLKCIPHER 1451 select CRYPTO_BLKCIPHER
1392 help 1452 help
1393 ChaCha20 cipher algorithm, RFC7539. 1453 The ChaCha20, XChaCha20, and XChaCha12 stream cipher algorithms.
1394 1454
1395 ChaCha20 is a 256-bit high-speed stream cipher designed by Daniel J. 1455 ChaCha20 is a 256-bit high-speed stream cipher designed by Daniel J.
1396 Bernstein and further specified in RFC7539 for use in IETF protocols. 1456 Bernstein and further specified in RFC7539 for use in IETF protocols.
1397 This is the portable C implementation of ChaCha20. 1457 This is the portable C implementation of ChaCha20. See also:
1398
1399 See also:
1400 <http://cr.yp.to/chacha/chacha-20080128.pdf> 1458 <http://cr.yp.to/chacha/chacha-20080128.pdf>
1401 1459
1460 XChaCha20 is the application of the XSalsa20 construction to ChaCha20
1461 rather than to Salsa20. XChaCha20 extends ChaCha20's nonce length
1462 from 64 bits (or 96 bits using the RFC7539 convention) to 192 bits,
1463 while provably retaining ChaCha20's security. See also:
1464 <https://cr.yp.to/snuffle/xsalsa-20081128.pdf>
1465
1466 XChaCha12 is XChaCha20 reduced to 12 rounds, with correspondingly
1467 reduced security margin but increased performance. It can be needed
1468 in some performance-sensitive scenarios.
1469
1402config CRYPTO_CHACHA20_X86_64 1470config CRYPTO_CHACHA20_X86_64
1403 tristate "ChaCha20 cipher algorithm (x86_64/SSSE3/AVX2)" 1471 tristate "ChaCha stream cipher algorithms (x86_64/SSSE3/AVX2/AVX-512VL)"
1404 depends on X86 && 64BIT 1472 depends on X86 && 64BIT
1405 select CRYPTO_BLKCIPHER 1473 select CRYPTO_BLKCIPHER
1406 select CRYPTO_CHACHA20 1474 select CRYPTO_CHACHA20
1407 help 1475 help
1408 ChaCha20 cipher algorithm, RFC7539. 1476 SSSE3, AVX2, and AVX-512VL optimized implementations of the ChaCha20,
1409 1477 XChaCha20, and XChaCha12 stream ciphers.
1410 ChaCha20 is a 256-bit high-speed stream cipher designed by Daniel J.
1411 Bernstein and further specified in RFC7539 for use in IETF protocols.
1412 This is the x86_64 assembler implementation using SIMD instructions.
1413
1414 See also:
1415 <http://cr.yp.to/chacha/chacha-20080128.pdf>
1416 1478
1417config CRYPTO_SEED 1479config CRYPTO_SEED
1418 tristate "SEED cipher algorithm" 1480 tristate "SEED cipher algorithm"
@@ -1812,7 +1874,8 @@ config CRYPTO_USER_API_AEAD
1812 cipher algorithms. 1874 cipher algorithms.
1813 1875
1814config CRYPTO_STATS 1876config CRYPTO_STATS
1815 bool 1877 bool "Crypto usage statistics for User-space"
1878 depends on CRYPTO_USER
1816 help 1879 help
1817 This option enables the gathering of crypto stats. 1880 This option enables the gathering of crypto stats.
1818 This will collect: 1881 This will collect:
diff --git a/crypto/Makefile b/crypto/Makefile
index 5c207c76abf7..799ed5e94606 100644
--- a/crypto/Makefile
+++ b/crypto/Makefile
@@ -54,7 +54,8 @@ cryptomgr-y := algboss.o testmgr.o
54 54
55obj-$(CONFIG_CRYPTO_MANAGER2) += cryptomgr.o 55obj-$(CONFIG_CRYPTO_MANAGER2) += cryptomgr.o
56obj-$(CONFIG_CRYPTO_USER) += crypto_user.o 56obj-$(CONFIG_CRYPTO_USER) += crypto_user.o
57crypto_user-y := crypto_user_base.o crypto_user_stat.o 57crypto_user-y := crypto_user_base.o
58crypto_user-$(CONFIG_CRYPTO_STATS) += crypto_user_stat.o
58obj-$(CONFIG_CRYPTO_CMAC) += cmac.o 59obj-$(CONFIG_CRYPTO_CMAC) += cmac.o
59obj-$(CONFIG_CRYPTO_HMAC) += hmac.o 60obj-$(CONFIG_CRYPTO_HMAC) += hmac.o
60obj-$(CONFIG_CRYPTO_VMAC) += vmac.o 61obj-$(CONFIG_CRYPTO_VMAC) += vmac.o
@@ -71,6 +72,7 @@ obj-$(CONFIG_CRYPTO_SHA256) += sha256_generic.o
71obj-$(CONFIG_CRYPTO_SHA512) += sha512_generic.o 72obj-$(CONFIG_CRYPTO_SHA512) += sha512_generic.o
72obj-$(CONFIG_CRYPTO_SHA3) += sha3_generic.o 73obj-$(CONFIG_CRYPTO_SHA3) += sha3_generic.o
73obj-$(CONFIG_CRYPTO_SM3) += sm3_generic.o 74obj-$(CONFIG_CRYPTO_SM3) += sm3_generic.o
75obj-$(CONFIG_CRYPTO_STREEBOG) += streebog_generic.o
74obj-$(CONFIG_CRYPTO_WP512) += wp512.o 76obj-$(CONFIG_CRYPTO_WP512) += wp512.o
75CFLAGS_wp512.o := $(call cc-option,-fno-schedule-insns) # https://gcc.gnu.org/bugzilla/show_bug.cgi?id=79149 77CFLAGS_wp512.o := $(call cc-option,-fno-schedule-insns) # https://gcc.gnu.org/bugzilla/show_bug.cgi?id=79149
76obj-$(CONFIG_CRYPTO_TGR192) += tgr192.o 78obj-$(CONFIG_CRYPTO_TGR192) += tgr192.o
@@ -84,6 +86,8 @@ obj-$(CONFIG_CRYPTO_LRW) += lrw.o
84obj-$(CONFIG_CRYPTO_XTS) += xts.o 86obj-$(CONFIG_CRYPTO_XTS) += xts.o
85obj-$(CONFIG_CRYPTO_CTR) += ctr.o 87obj-$(CONFIG_CRYPTO_CTR) += ctr.o
86obj-$(CONFIG_CRYPTO_KEYWRAP) += keywrap.o 88obj-$(CONFIG_CRYPTO_KEYWRAP) += keywrap.o
89obj-$(CONFIG_CRYPTO_ADIANTUM) += adiantum.o
90obj-$(CONFIG_CRYPTO_NHPOLY1305) += nhpoly1305.o
87obj-$(CONFIG_CRYPTO_GCM) += gcm.o 91obj-$(CONFIG_CRYPTO_GCM) += gcm.o
88obj-$(CONFIG_CRYPTO_CCM) += ccm.o 92obj-$(CONFIG_CRYPTO_CCM) += ccm.o
89obj-$(CONFIG_CRYPTO_CHACHA20POLY1305) += chacha20poly1305.o 93obj-$(CONFIG_CRYPTO_CHACHA20POLY1305) += chacha20poly1305.o
@@ -116,7 +120,7 @@ obj-$(CONFIG_CRYPTO_KHAZAD) += khazad.o
116obj-$(CONFIG_CRYPTO_ANUBIS) += anubis.o 120obj-$(CONFIG_CRYPTO_ANUBIS) += anubis.o
117obj-$(CONFIG_CRYPTO_SEED) += seed.o 121obj-$(CONFIG_CRYPTO_SEED) += seed.o
118obj-$(CONFIG_CRYPTO_SALSA20) += salsa20_generic.o 122obj-$(CONFIG_CRYPTO_SALSA20) += salsa20_generic.o
119obj-$(CONFIG_CRYPTO_CHACHA20) += chacha20_generic.o 123obj-$(CONFIG_CRYPTO_CHACHA20) += chacha_generic.o
120obj-$(CONFIG_CRYPTO_POLY1305) += poly1305_generic.o 124obj-$(CONFIG_CRYPTO_POLY1305) += poly1305_generic.o
121obj-$(CONFIG_CRYPTO_DEFLATE) += deflate.o 125obj-$(CONFIG_CRYPTO_DEFLATE) += deflate.o
122obj-$(CONFIG_CRYPTO_MICHAEL_MIC) += michael_mic.o 126obj-$(CONFIG_CRYPTO_MICHAEL_MIC) += michael_mic.o
diff --git a/crypto/ablkcipher.c b/crypto/ablkcipher.c
index 8882e90e868e..b339587073c3 100644
--- a/crypto/ablkcipher.c
+++ b/crypto/ablkcipher.c
@@ -365,23 +365,18 @@ static int crypto_ablkcipher_report(struct sk_buff *skb, struct crypto_alg *alg)
365{ 365{
366 struct crypto_report_blkcipher rblkcipher; 366 struct crypto_report_blkcipher rblkcipher;
367 367
368 strncpy(rblkcipher.type, "ablkcipher", sizeof(rblkcipher.type)); 368 memset(&rblkcipher, 0, sizeof(rblkcipher));
369 strncpy(rblkcipher.geniv, alg->cra_ablkcipher.geniv ?: "<default>", 369
370 sizeof(rblkcipher.geniv)); 370 strscpy(rblkcipher.type, "ablkcipher", sizeof(rblkcipher.type));
371 rblkcipher.geniv[sizeof(rblkcipher.geniv) - 1] = '\0'; 371 strscpy(rblkcipher.geniv, "<default>", sizeof(rblkcipher.geniv));
372 372
373 rblkcipher.blocksize = alg->cra_blocksize; 373 rblkcipher.blocksize = alg->cra_blocksize;
374 rblkcipher.min_keysize = alg->cra_ablkcipher.min_keysize; 374 rblkcipher.min_keysize = alg->cra_ablkcipher.min_keysize;
375 rblkcipher.max_keysize = alg->cra_ablkcipher.max_keysize; 375 rblkcipher.max_keysize = alg->cra_ablkcipher.max_keysize;
376 rblkcipher.ivsize = alg->cra_ablkcipher.ivsize; 376 rblkcipher.ivsize = alg->cra_ablkcipher.ivsize;
377 377
378 if (nla_put(skb, CRYPTOCFGA_REPORT_BLKCIPHER, 378 return nla_put(skb, CRYPTOCFGA_REPORT_BLKCIPHER,
379 sizeof(struct crypto_report_blkcipher), &rblkcipher)) 379 sizeof(rblkcipher), &rblkcipher);
380 goto nla_put_failure;
381 return 0;
382
383nla_put_failure:
384 return -EMSGSIZE;
385} 380}
386#else 381#else
387static int crypto_ablkcipher_report(struct sk_buff *skb, struct crypto_alg *alg) 382static int crypto_ablkcipher_report(struct sk_buff *skb, struct crypto_alg *alg)
@@ -403,7 +398,7 @@ static void crypto_ablkcipher_show(struct seq_file *m, struct crypto_alg *alg)
403 seq_printf(m, "min keysize : %u\n", ablkcipher->min_keysize); 398 seq_printf(m, "min keysize : %u\n", ablkcipher->min_keysize);
404 seq_printf(m, "max keysize : %u\n", ablkcipher->max_keysize); 399 seq_printf(m, "max keysize : %u\n", ablkcipher->max_keysize);
405 seq_printf(m, "ivsize : %u\n", ablkcipher->ivsize); 400 seq_printf(m, "ivsize : %u\n", ablkcipher->ivsize);
406 seq_printf(m, "geniv : %s\n", ablkcipher->geniv ?: "<default>"); 401 seq_printf(m, "geniv : <default>\n");
407} 402}
408 403
409const struct crypto_type crypto_ablkcipher_type = { 404const struct crypto_type crypto_ablkcipher_type = {
@@ -415,78 +410,3 @@ const struct crypto_type crypto_ablkcipher_type = {
415 .report = crypto_ablkcipher_report, 410 .report = crypto_ablkcipher_report,
416}; 411};
417EXPORT_SYMBOL_GPL(crypto_ablkcipher_type); 412EXPORT_SYMBOL_GPL(crypto_ablkcipher_type);
418
419static int crypto_init_givcipher_ops(struct crypto_tfm *tfm, u32 type,
420 u32 mask)
421{
422 struct ablkcipher_alg *alg = &tfm->__crt_alg->cra_ablkcipher;
423 struct ablkcipher_tfm *crt = &tfm->crt_ablkcipher;
424
425 if (alg->ivsize > PAGE_SIZE / 8)
426 return -EINVAL;
427
428 crt->setkey = tfm->__crt_alg->cra_flags & CRYPTO_ALG_GENIV ?
429 alg->setkey : setkey;
430 crt->encrypt = alg->encrypt;
431 crt->decrypt = alg->decrypt;
432 crt->base = __crypto_ablkcipher_cast(tfm);
433 crt->ivsize = alg->ivsize;
434
435 return 0;
436}
437
438#ifdef CONFIG_NET
439static int crypto_givcipher_report(struct sk_buff *skb, struct crypto_alg *alg)
440{
441 struct crypto_report_blkcipher rblkcipher;
442
443 strncpy(rblkcipher.type, "givcipher", sizeof(rblkcipher.type));
444 strncpy(rblkcipher.geniv, alg->cra_ablkcipher.geniv ?: "<built-in>",
445 sizeof(rblkcipher.geniv));
446 rblkcipher.geniv[sizeof(rblkcipher.geniv) - 1] = '\0';
447
448 rblkcipher.blocksize = alg->cra_blocksize;
449 rblkcipher.min_keysize = alg->cra_ablkcipher.min_keysize;
450 rblkcipher.max_keysize = alg->cra_ablkcipher.max_keysize;
451 rblkcipher.ivsize = alg->cra_ablkcipher.ivsize;
452
453 if (nla_put(skb, CRYPTOCFGA_REPORT_BLKCIPHER,
454 sizeof(struct crypto_report_blkcipher), &rblkcipher))
455 goto nla_put_failure;
456 return 0;
457
458nla_put_failure:
459 return -EMSGSIZE;
460}
461#else
462static int crypto_givcipher_report(struct sk_buff *skb, struct crypto_alg *alg)
463{
464 return -ENOSYS;
465}
466#endif
467
468static void crypto_givcipher_show(struct seq_file *m, struct crypto_alg *alg)
469 __maybe_unused;
470static void crypto_givcipher_show(struct seq_file *m, struct crypto_alg *alg)
471{
472 struct ablkcipher_alg *ablkcipher = &alg->cra_ablkcipher;
473
474 seq_printf(m, "type : givcipher\n");
475 seq_printf(m, "async : %s\n", alg->cra_flags & CRYPTO_ALG_ASYNC ?
476 "yes" : "no");
477 seq_printf(m, "blocksize : %u\n", alg->cra_blocksize);
478 seq_printf(m, "min keysize : %u\n", ablkcipher->min_keysize);
479 seq_printf(m, "max keysize : %u\n", ablkcipher->max_keysize);
480 seq_printf(m, "ivsize : %u\n", ablkcipher->ivsize);
481 seq_printf(m, "geniv : %s\n", ablkcipher->geniv ?: "<built-in>");
482}
483
484const struct crypto_type crypto_givcipher_type = {
485 .ctxsize = crypto_ablkcipher_ctxsize,
486 .init = crypto_init_givcipher_ops,
487#ifdef CONFIG_PROC_FS
488 .show = crypto_givcipher_show,
489#endif
490 .report = crypto_givcipher_report,
491};
492EXPORT_SYMBOL_GPL(crypto_givcipher_type);
diff --git a/crypto/acompress.c b/crypto/acompress.c
index 1544b7c057fb..0c5bedd06e70 100644
--- a/crypto/acompress.c
+++ b/crypto/acompress.c
@@ -33,15 +33,11 @@ static int crypto_acomp_report(struct sk_buff *skb, struct crypto_alg *alg)
33{ 33{
34 struct crypto_report_acomp racomp; 34 struct crypto_report_acomp racomp;
35 35
36 strncpy(racomp.type, "acomp", sizeof(racomp.type)); 36 memset(&racomp, 0, sizeof(racomp));
37 37
38 if (nla_put(skb, CRYPTOCFGA_REPORT_ACOMP, 38 strscpy(racomp.type, "acomp", sizeof(racomp.type));
39 sizeof(struct crypto_report_acomp), &racomp))
40 goto nla_put_failure;
41 return 0;
42 39
43nla_put_failure: 40 return nla_put(skb, CRYPTOCFGA_REPORT_ACOMP, sizeof(racomp), &racomp);
44 return -EMSGSIZE;
45} 41}
46#else 42#else
47static int crypto_acomp_report(struct sk_buff *skb, struct crypto_alg *alg) 43static int crypto_acomp_report(struct sk_buff *skb, struct crypto_alg *alg)
diff --git a/crypto/adiantum.c b/crypto/adiantum.c
new file mode 100644
index 000000000000..6651e713c45d
--- /dev/null
+++ b/crypto/adiantum.c
@@ -0,0 +1,664 @@
1// SPDX-License-Identifier: GPL-2.0
2/*
3 * Adiantum length-preserving encryption mode
4 *
5 * Copyright 2018 Google LLC
6 */
7
8/*
9 * Adiantum is a tweakable, length-preserving encryption mode designed for fast
10 * and secure disk encryption, especially on CPUs without dedicated crypto
11 * instructions. Adiantum encrypts each sector using the XChaCha12 stream
12 * cipher, two passes of an ε-almost-∆-universal (ε-∆U) hash function based on
13 * NH and Poly1305, and an invocation of the AES-256 block cipher on a single
14 * 16-byte block. See the paper for details:
15 *
16 * Adiantum: length-preserving encryption for entry-level processors
17 * (https://eprint.iacr.org/2018/720.pdf)
18 *
19 * For flexibility, this implementation also allows other ciphers:
20 *
21 * - Stream cipher: XChaCha12 or XChaCha20
22 * - Block cipher: any with a 128-bit block size and 256-bit key
23 *
24 * This implementation doesn't currently allow other ε-∆U hash functions, i.e.
25 * HPolyC is not supported. This is because Adiantum is ~20% faster than HPolyC
26 * but still provably as secure, and also the ε-∆U hash function of HBSH is
27 * formally defined to take two inputs (tweak, message) which makes it difficult
28 * to wrap with the crypto_shash API. Rather, some details need to be handled
29 * here. Nevertheless, if needed in the future, support for other ε-∆U hash
30 * functions could be added here.
31 */
32
33#include <crypto/b128ops.h>
34#include <crypto/chacha.h>
35#include <crypto/internal/hash.h>
36#include <crypto/internal/skcipher.h>
37#include <crypto/nhpoly1305.h>
38#include <crypto/scatterwalk.h>
39#include <linux/module.h>
40
41#include "internal.h"
42
43/*
44 * Size of right-hand part of input data, in bytes; also the size of the block
45 * cipher's block size and the hash function's output.
46 */
47#define BLOCKCIPHER_BLOCK_SIZE 16
48
49/* Size of the block cipher key (K_E) in bytes */
50#define BLOCKCIPHER_KEY_SIZE 32
51
52/* Size of the hash key (K_H) in bytes */
53#define HASH_KEY_SIZE (POLY1305_BLOCK_SIZE + NHPOLY1305_KEY_SIZE)
54
55/*
56 * The specification allows variable-length tweaks, but Linux's crypto API
57 * currently only allows algorithms to support a single length. The "natural"
58 * tweak length for Adiantum is 16, since that fits into one Poly1305 block for
59 * the best performance. But longer tweaks are useful for fscrypt, to avoid
60 * needing to derive per-file keys. So instead we use two blocks, or 32 bytes.
61 */
62#define TWEAK_SIZE 32
63
64struct adiantum_instance_ctx {
65 struct crypto_skcipher_spawn streamcipher_spawn;
66 struct crypto_spawn blockcipher_spawn;
67 struct crypto_shash_spawn hash_spawn;
68};
69
70struct adiantum_tfm_ctx {
71 struct crypto_skcipher *streamcipher;
72 struct crypto_cipher *blockcipher;
73 struct crypto_shash *hash;
74 struct poly1305_key header_hash_key;
75};
76
77struct adiantum_request_ctx {
78
79 /*
80 * Buffer for right-hand part of data, i.e.
81 *
82 * P_L => P_M => C_M => C_R when encrypting, or
83 * C_R => C_M => P_M => P_L when decrypting.
84 *
85 * Also used to build the IV for the stream cipher.
86 */
87 union {
88 u8 bytes[XCHACHA_IV_SIZE];
89 __le32 words[XCHACHA_IV_SIZE / sizeof(__le32)];
90 le128 bignum; /* interpret as element of Z/(2^{128}Z) */
91 } rbuf;
92
93 bool enc; /* true if encrypting, false if decrypting */
94
95 /*
96 * The result of the Poly1305 ε-∆U hash function applied to
97 * (bulk length, tweak)
98 */
99 le128 header_hash;
100
101 /* Sub-requests, must be last */
102 union {
103 struct shash_desc hash_desc;
104 struct skcipher_request streamcipher_req;
105 } u;
106};
107
108/*
109 * Given the XChaCha stream key K_S, derive the block cipher key K_E and the
110 * hash key K_H as follows:
111 *
112 * K_E || K_H || ... = XChaCha(key=K_S, nonce=1||0^191)
113 *
114 * Note that this denotes using bits from the XChaCha keystream, which here we
115 * get indirectly by encrypting a buffer containing all 0's.
116 */
117static int adiantum_setkey(struct crypto_skcipher *tfm, const u8 *key,
118 unsigned int keylen)
119{
120 struct adiantum_tfm_ctx *tctx = crypto_skcipher_ctx(tfm);
121 struct {
122 u8 iv[XCHACHA_IV_SIZE];
123 u8 derived_keys[BLOCKCIPHER_KEY_SIZE + HASH_KEY_SIZE];
124 struct scatterlist sg;
125 struct crypto_wait wait;
126 struct skcipher_request req; /* must be last */
127 } *data;
128 u8 *keyp;
129 int err;
130
131 /* Set the stream cipher key (K_S) */
132 crypto_skcipher_clear_flags(tctx->streamcipher, CRYPTO_TFM_REQ_MASK);
133 crypto_skcipher_set_flags(tctx->streamcipher,
134 crypto_skcipher_get_flags(tfm) &
135 CRYPTO_TFM_REQ_MASK);
136 err = crypto_skcipher_setkey(tctx->streamcipher, key, keylen);
137 crypto_skcipher_set_flags(tfm,
138 crypto_skcipher_get_flags(tctx->streamcipher) &
139 CRYPTO_TFM_RES_MASK);
140 if (err)
141 return err;
142
143 /* Derive the subkeys */
144 data = kzalloc(sizeof(*data) +
145 crypto_skcipher_reqsize(tctx->streamcipher), GFP_KERNEL);
146 if (!data)
147 return -ENOMEM;
148 data->iv[0] = 1;
149 sg_init_one(&data->sg, data->derived_keys, sizeof(data->derived_keys));
150 crypto_init_wait(&data->wait);
151 skcipher_request_set_tfm(&data->req, tctx->streamcipher);
152 skcipher_request_set_callback(&data->req, CRYPTO_TFM_REQ_MAY_SLEEP |
153 CRYPTO_TFM_REQ_MAY_BACKLOG,
154 crypto_req_done, &data->wait);
155 skcipher_request_set_crypt(&data->req, &data->sg, &data->sg,
156 sizeof(data->derived_keys), data->iv);
157 err = crypto_wait_req(crypto_skcipher_encrypt(&data->req), &data->wait);
158 if (err)
159 goto out;
160 keyp = data->derived_keys;
161
162 /* Set the block cipher key (K_E) */
163 crypto_cipher_clear_flags(tctx->blockcipher, CRYPTO_TFM_REQ_MASK);
164 crypto_cipher_set_flags(tctx->blockcipher,
165 crypto_skcipher_get_flags(tfm) &
166 CRYPTO_TFM_REQ_MASK);
167 err = crypto_cipher_setkey(tctx->blockcipher, keyp,
168 BLOCKCIPHER_KEY_SIZE);
169 crypto_skcipher_set_flags(tfm,
170 crypto_cipher_get_flags(tctx->blockcipher) &
171 CRYPTO_TFM_RES_MASK);
172 if (err)
173 goto out;
174 keyp += BLOCKCIPHER_KEY_SIZE;
175
176 /* Set the hash key (K_H) */
177 poly1305_core_setkey(&tctx->header_hash_key, keyp);
178 keyp += POLY1305_BLOCK_SIZE;
179
180 crypto_shash_clear_flags(tctx->hash, CRYPTO_TFM_REQ_MASK);
181 crypto_shash_set_flags(tctx->hash, crypto_skcipher_get_flags(tfm) &
182 CRYPTO_TFM_REQ_MASK);
183 err = crypto_shash_setkey(tctx->hash, keyp, NHPOLY1305_KEY_SIZE);
184 crypto_skcipher_set_flags(tfm, crypto_shash_get_flags(tctx->hash) &
185 CRYPTO_TFM_RES_MASK);
186 keyp += NHPOLY1305_KEY_SIZE;
187 WARN_ON(keyp != &data->derived_keys[ARRAY_SIZE(data->derived_keys)]);
188out:
189 kzfree(data);
190 return err;
191}
192
193/* Addition in Z/(2^{128}Z) */
194static inline void le128_add(le128 *r, const le128 *v1, const le128 *v2)
195{
196 u64 x = le64_to_cpu(v1->b);
197 u64 y = le64_to_cpu(v2->b);
198
199 r->b = cpu_to_le64(x + y);
200 r->a = cpu_to_le64(le64_to_cpu(v1->a) + le64_to_cpu(v2->a) +
201 (x + y < x));
202}
203
204/* Subtraction in Z/(2^{128}Z) */
205static inline void le128_sub(le128 *r, const le128 *v1, const le128 *v2)
206{
207 u64 x = le64_to_cpu(v1->b);
208 u64 y = le64_to_cpu(v2->b);
209
210 r->b = cpu_to_le64(x - y);
211 r->a = cpu_to_le64(le64_to_cpu(v1->a) - le64_to_cpu(v2->a) -
212 (x - y > x));
213}
214
215/*
216 * Apply the Poly1305 ε-∆U hash function to (bulk length, tweak) and save the
217 * result to rctx->header_hash. This is the calculation
218 *
219 * H_T ← Poly1305_{K_T}(bin_{128}(|L|) || T)
220 *
221 * from the procedure in section 6.4 of the Adiantum paper. The resulting value
222 * is reused in both the first and second hash steps. Specifically, it's added
223 * to the result of an independently keyed ε-∆U hash function (for equal length
224 * inputs only) taken over the left-hand part (the "bulk") of the message, to
225 * give the overall Adiantum hash of the (tweak, left-hand part) pair.
226 */
227static void adiantum_hash_header(struct skcipher_request *req)
228{
229 struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req);
230 const struct adiantum_tfm_ctx *tctx = crypto_skcipher_ctx(tfm);
231 struct adiantum_request_ctx *rctx = skcipher_request_ctx(req);
232 const unsigned int bulk_len = req->cryptlen - BLOCKCIPHER_BLOCK_SIZE;
233 struct {
234 __le64 message_bits;
235 __le64 padding;
236 } header = {
237 .message_bits = cpu_to_le64((u64)bulk_len * 8)
238 };
239 struct poly1305_state state;
240
241 poly1305_core_init(&state);
242
243 BUILD_BUG_ON(sizeof(header) % POLY1305_BLOCK_SIZE != 0);
244 poly1305_core_blocks(&state, &tctx->header_hash_key,
245 &header, sizeof(header) / POLY1305_BLOCK_SIZE);
246
247 BUILD_BUG_ON(TWEAK_SIZE % POLY1305_BLOCK_SIZE != 0);
248 poly1305_core_blocks(&state, &tctx->header_hash_key, req->iv,
249 TWEAK_SIZE / POLY1305_BLOCK_SIZE);
250
251 poly1305_core_emit(&state, &rctx->header_hash);
252}
253
254/* Hash the left-hand part (the "bulk") of the message using NHPoly1305 */
255static int adiantum_hash_message(struct skcipher_request *req,
256 struct scatterlist *sgl, le128 *digest)
257{
258 struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req);
259 const struct adiantum_tfm_ctx *tctx = crypto_skcipher_ctx(tfm);
260 struct adiantum_request_ctx *rctx = skcipher_request_ctx(req);
261 const unsigned int bulk_len = req->cryptlen - BLOCKCIPHER_BLOCK_SIZE;
262 struct shash_desc *hash_desc = &rctx->u.hash_desc;
263 struct sg_mapping_iter miter;
264 unsigned int i, n;
265 int err;
266
267 hash_desc->tfm = tctx->hash;
268 hash_desc->flags = 0;
269
270 err = crypto_shash_init(hash_desc);
271 if (err)
272 return err;
273
274 sg_miter_start(&miter, sgl, sg_nents(sgl),
275 SG_MITER_FROM_SG | SG_MITER_ATOMIC);
276 for (i = 0; i < bulk_len; i += n) {
277 sg_miter_next(&miter);
278 n = min_t(unsigned int, miter.length, bulk_len - i);
279 err = crypto_shash_update(hash_desc, miter.addr, n);
280 if (err)
281 break;
282 }
283 sg_miter_stop(&miter);
284 if (err)
285 return err;
286
287 return crypto_shash_final(hash_desc, (u8 *)digest);
288}
289
290/* Continue Adiantum encryption/decryption after the stream cipher step */
291static int adiantum_finish(struct skcipher_request *req)
292{
293 struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req);
294 const struct adiantum_tfm_ctx *tctx = crypto_skcipher_ctx(tfm);
295 struct adiantum_request_ctx *rctx = skcipher_request_ctx(req);
296 const unsigned int bulk_len = req->cryptlen - BLOCKCIPHER_BLOCK_SIZE;
297 le128 digest;
298 int err;
299
300 /* If decrypting, decrypt C_M with the block cipher to get P_M */
301 if (!rctx->enc)
302 crypto_cipher_decrypt_one(tctx->blockcipher, rctx->rbuf.bytes,
303 rctx->rbuf.bytes);
304
305 /*
306 * Second hash step
307 * enc: C_R = C_M - H_{K_H}(T, C_L)
308 * dec: P_R = P_M - H_{K_H}(T, P_L)
309 */
310 err = adiantum_hash_message(req, req->dst, &digest);
311 if (err)
312 return err;
313 le128_add(&digest, &digest, &rctx->header_hash);
314 le128_sub(&rctx->rbuf.bignum, &rctx->rbuf.bignum, &digest);
315 scatterwalk_map_and_copy(&rctx->rbuf.bignum, req->dst,
316 bulk_len, BLOCKCIPHER_BLOCK_SIZE, 1);
317 return 0;
318}
319
320static void adiantum_streamcipher_done(struct crypto_async_request *areq,
321 int err)
322{
323 struct skcipher_request *req = areq->data;
324
325 if (!err)
326 err = adiantum_finish(req);
327
328 skcipher_request_complete(req, err);
329}
330
331static int adiantum_crypt(struct skcipher_request *req, bool enc)
332{
333 struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req);
334 const struct adiantum_tfm_ctx *tctx = crypto_skcipher_ctx(tfm);
335 struct adiantum_request_ctx *rctx = skcipher_request_ctx(req);
336 const unsigned int bulk_len = req->cryptlen - BLOCKCIPHER_BLOCK_SIZE;
337 unsigned int stream_len;
338 le128 digest;
339 int err;
340
341 if (req->cryptlen < BLOCKCIPHER_BLOCK_SIZE)
342 return -EINVAL;
343
344 rctx->enc = enc;
345
346 /*
347 * First hash step
348 * enc: P_M = P_R + H_{K_H}(T, P_L)
349 * dec: C_M = C_R + H_{K_H}(T, C_L)
350 */
351 adiantum_hash_header(req);
352 err = adiantum_hash_message(req, req->src, &digest);
353 if (err)
354 return err;
355 le128_add(&digest, &digest, &rctx->header_hash);
356 scatterwalk_map_and_copy(&rctx->rbuf.bignum, req->src,
357 bulk_len, BLOCKCIPHER_BLOCK_SIZE, 0);
358 le128_add(&rctx->rbuf.bignum, &rctx->rbuf.bignum, &digest);
359
360 /* If encrypting, encrypt P_M with the block cipher to get C_M */
361 if (enc)
362 crypto_cipher_encrypt_one(tctx->blockcipher, rctx->rbuf.bytes,
363 rctx->rbuf.bytes);
364
365 /* Initialize the rest of the XChaCha IV (first part is C_M) */
366 BUILD_BUG_ON(BLOCKCIPHER_BLOCK_SIZE != 16);
367 BUILD_BUG_ON(XCHACHA_IV_SIZE != 32); /* nonce || stream position */
368 rctx->rbuf.words[4] = cpu_to_le32(1);
369 rctx->rbuf.words[5] = 0;
370 rctx->rbuf.words[6] = 0;
371 rctx->rbuf.words[7] = 0;
372
373 /*
374 * XChaCha needs to be done on all the data except the last 16 bytes;
375 * for disk encryption that usually means 4080 or 496 bytes. But ChaCha
376 * implementations tend to be most efficient when passed a whole number
377 * of 64-byte ChaCha blocks, or sometimes even a multiple of 256 bytes.
378 * And here it doesn't matter whether the last 16 bytes are written to,
379 * as the second hash step will overwrite them. Thus, round the XChaCha
380 * length up to the next 64-byte boundary if possible.
381 */
382 stream_len = bulk_len;
383 if (round_up(stream_len, CHACHA_BLOCK_SIZE) <= req->cryptlen)
384 stream_len = round_up(stream_len, CHACHA_BLOCK_SIZE);
385
386 skcipher_request_set_tfm(&rctx->u.streamcipher_req, tctx->streamcipher);
387 skcipher_request_set_crypt(&rctx->u.streamcipher_req, req->src,
388 req->dst, stream_len, &rctx->rbuf);
389 skcipher_request_set_callback(&rctx->u.streamcipher_req,
390 req->base.flags,
391 adiantum_streamcipher_done, req);
392 return crypto_skcipher_encrypt(&rctx->u.streamcipher_req) ?:
393 adiantum_finish(req);
394}
395
396static int adiantum_encrypt(struct skcipher_request *req)
397{
398 return adiantum_crypt(req, true);
399}
400
401static int adiantum_decrypt(struct skcipher_request *req)
402{
403 return adiantum_crypt(req, false);
404}
405
406static int adiantum_init_tfm(struct crypto_skcipher *tfm)
407{
408 struct skcipher_instance *inst = skcipher_alg_instance(tfm);
409 struct adiantum_instance_ctx *ictx = skcipher_instance_ctx(inst);
410 struct adiantum_tfm_ctx *tctx = crypto_skcipher_ctx(tfm);
411 struct crypto_skcipher *streamcipher;
412 struct crypto_cipher *blockcipher;
413 struct crypto_shash *hash;
414 unsigned int subreq_size;
415 int err;
416
417 streamcipher = crypto_spawn_skcipher(&ictx->streamcipher_spawn);
418 if (IS_ERR(streamcipher))
419 return PTR_ERR(streamcipher);
420
421 blockcipher = crypto_spawn_cipher(&ictx->blockcipher_spawn);
422 if (IS_ERR(blockcipher)) {
423 err = PTR_ERR(blockcipher);
424 goto err_free_streamcipher;
425 }
426
427 hash = crypto_spawn_shash(&ictx->hash_spawn);
428 if (IS_ERR(hash)) {
429 err = PTR_ERR(hash);
430 goto err_free_blockcipher;
431 }
432
433 tctx->streamcipher = streamcipher;
434 tctx->blockcipher = blockcipher;
435 tctx->hash = hash;
436
437 BUILD_BUG_ON(offsetofend(struct adiantum_request_ctx, u) !=
438 sizeof(struct adiantum_request_ctx));
439 subreq_size = max(FIELD_SIZEOF(struct adiantum_request_ctx,
440 u.hash_desc) +
441 crypto_shash_descsize(hash),
442 FIELD_SIZEOF(struct adiantum_request_ctx,
443 u.streamcipher_req) +
444 crypto_skcipher_reqsize(streamcipher));
445
446 crypto_skcipher_set_reqsize(tfm,
447 offsetof(struct adiantum_request_ctx, u) +
448 subreq_size);
449 return 0;
450
451err_free_blockcipher:
452 crypto_free_cipher(blockcipher);
453err_free_streamcipher:
454 crypto_free_skcipher(streamcipher);
455 return err;
456}
457
458static void adiantum_exit_tfm(struct crypto_skcipher *tfm)
459{
460 struct adiantum_tfm_ctx *tctx = crypto_skcipher_ctx(tfm);
461
462 crypto_free_skcipher(tctx->streamcipher);
463 crypto_free_cipher(tctx->blockcipher);
464 crypto_free_shash(tctx->hash);
465}
466
467static void adiantum_free_instance(struct skcipher_instance *inst)
468{
469 struct adiantum_instance_ctx *ictx = skcipher_instance_ctx(inst);
470
471 crypto_drop_skcipher(&ictx->streamcipher_spawn);
472 crypto_drop_spawn(&ictx->blockcipher_spawn);
473 crypto_drop_shash(&ictx->hash_spawn);
474 kfree(inst);
475}
476
477/*
478 * Check for a supported set of inner algorithms.
479 * See the comment at the beginning of this file.
480 */
481static bool adiantum_supported_algorithms(struct skcipher_alg *streamcipher_alg,
482 struct crypto_alg *blockcipher_alg,
483 struct shash_alg *hash_alg)
484{
485 if (strcmp(streamcipher_alg->base.cra_name, "xchacha12") != 0 &&
486 strcmp(streamcipher_alg->base.cra_name, "xchacha20") != 0)
487 return false;
488
489 if (blockcipher_alg->cra_cipher.cia_min_keysize > BLOCKCIPHER_KEY_SIZE ||
490 blockcipher_alg->cra_cipher.cia_max_keysize < BLOCKCIPHER_KEY_SIZE)
491 return false;
492 if (blockcipher_alg->cra_blocksize != BLOCKCIPHER_BLOCK_SIZE)
493 return false;
494
495 if (strcmp(hash_alg->base.cra_name, "nhpoly1305") != 0)
496 return false;
497
498 return true;
499}
500
501static int adiantum_create(struct crypto_template *tmpl, struct rtattr **tb)
502{
503 struct crypto_attr_type *algt;
504 const char *streamcipher_name;
505 const char *blockcipher_name;
506 const char *nhpoly1305_name;
507 struct skcipher_instance *inst;
508 struct adiantum_instance_ctx *ictx;
509 struct skcipher_alg *streamcipher_alg;
510 struct crypto_alg *blockcipher_alg;
511 struct crypto_alg *_hash_alg;
512 struct shash_alg *hash_alg;
513 int err;
514
515 algt = crypto_get_attr_type(tb);
516 if (IS_ERR(algt))
517 return PTR_ERR(algt);
518
519 if ((algt->type ^ CRYPTO_ALG_TYPE_SKCIPHER) & algt->mask)
520 return -EINVAL;
521
522 streamcipher_name = crypto_attr_alg_name(tb[1]);
523 if (IS_ERR(streamcipher_name))
524 return PTR_ERR(streamcipher_name);
525
526 blockcipher_name = crypto_attr_alg_name(tb[2]);
527 if (IS_ERR(blockcipher_name))
528 return PTR_ERR(blockcipher_name);
529
530 nhpoly1305_name = crypto_attr_alg_name(tb[3]);
531 if (nhpoly1305_name == ERR_PTR(-ENOENT))
532 nhpoly1305_name = "nhpoly1305";
533 if (IS_ERR(nhpoly1305_name))
534 return PTR_ERR(nhpoly1305_name);
535
536 inst = kzalloc(sizeof(*inst) + sizeof(*ictx), GFP_KERNEL);
537 if (!inst)
538 return -ENOMEM;
539 ictx = skcipher_instance_ctx(inst);
540
541 /* Stream cipher, e.g. "xchacha12" */
542 err = crypto_grab_skcipher(&ictx->streamcipher_spawn, streamcipher_name,
543 0, crypto_requires_sync(algt->type,
544 algt->mask));
545 if (err)
546 goto out_free_inst;
547 streamcipher_alg = crypto_spawn_skcipher_alg(&ictx->streamcipher_spawn);
548
549 /* Block cipher, e.g. "aes" */
550 err = crypto_grab_spawn(&ictx->blockcipher_spawn, blockcipher_name,
551 CRYPTO_ALG_TYPE_CIPHER, CRYPTO_ALG_TYPE_MASK);
552 if (err)
553 goto out_drop_streamcipher;
554 blockcipher_alg = ictx->blockcipher_spawn.alg;
555
556 /* NHPoly1305 ε-∆U hash function */
557 _hash_alg = crypto_alg_mod_lookup(nhpoly1305_name,
558 CRYPTO_ALG_TYPE_SHASH,
559 CRYPTO_ALG_TYPE_MASK);
560 if (IS_ERR(_hash_alg)) {
561 err = PTR_ERR(_hash_alg);
562 goto out_drop_blockcipher;
563 }
564 hash_alg = __crypto_shash_alg(_hash_alg);
565 err = crypto_init_shash_spawn(&ictx->hash_spawn, hash_alg,
566 skcipher_crypto_instance(inst));
567 if (err)
568 goto out_put_hash;
569
570 /* Check the set of algorithms */
571 if (!adiantum_supported_algorithms(streamcipher_alg, blockcipher_alg,
572 hash_alg)) {
573 pr_warn("Unsupported Adiantum instantiation: (%s,%s,%s)\n",
574 streamcipher_alg->base.cra_name,
575 blockcipher_alg->cra_name, hash_alg->base.cra_name);
576 err = -EINVAL;
577 goto out_drop_hash;
578 }
579
580 /* Instance fields */
581
582 err = -ENAMETOOLONG;
583 if (snprintf(inst->alg.base.cra_name, CRYPTO_MAX_ALG_NAME,
584 "adiantum(%s,%s)", streamcipher_alg->base.cra_name,
585 blockcipher_alg->cra_name) >= CRYPTO_MAX_ALG_NAME)
586 goto out_drop_hash;
587 if (snprintf(inst->alg.base.cra_driver_name, CRYPTO_MAX_ALG_NAME,
588 "adiantum(%s,%s,%s)",
589 streamcipher_alg->base.cra_driver_name,
590 blockcipher_alg->cra_driver_name,
591 hash_alg->base.cra_driver_name) >= CRYPTO_MAX_ALG_NAME)
592 goto out_drop_hash;
593
594 inst->alg.base.cra_flags = streamcipher_alg->base.cra_flags &
595 CRYPTO_ALG_ASYNC;
596 inst->alg.base.cra_blocksize = BLOCKCIPHER_BLOCK_SIZE;
597 inst->alg.base.cra_ctxsize = sizeof(struct adiantum_tfm_ctx);
598 inst->alg.base.cra_alignmask = streamcipher_alg->base.cra_alignmask |
599 hash_alg->base.cra_alignmask;
600 /*
601 * The block cipher is only invoked once per message, so for long
602 * messages (e.g. sectors for disk encryption) its performance doesn't
603 * matter as much as that of the stream cipher and hash function. Thus,
604 * weigh the block cipher's ->cra_priority less.
605 */
606 inst->alg.base.cra_priority = (4 * streamcipher_alg->base.cra_priority +
607 2 * hash_alg->base.cra_priority +
608 blockcipher_alg->cra_priority) / 7;
609
610 inst->alg.setkey = adiantum_setkey;
611 inst->alg.encrypt = adiantum_encrypt;
612 inst->alg.decrypt = adiantum_decrypt;
613 inst->alg.init = adiantum_init_tfm;
614 inst->alg.exit = adiantum_exit_tfm;
615 inst->alg.min_keysize = crypto_skcipher_alg_min_keysize(streamcipher_alg);
616 inst->alg.max_keysize = crypto_skcipher_alg_max_keysize(streamcipher_alg);
617 inst->alg.ivsize = TWEAK_SIZE;
618
619 inst->free = adiantum_free_instance;
620
621 err = skcipher_register_instance(tmpl, inst);
622 if (err)
623 goto out_drop_hash;
624
625 crypto_mod_put(_hash_alg);
626 return 0;
627
628out_drop_hash:
629 crypto_drop_shash(&ictx->hash_spawn);
630out_put_hash:
631 crypto_mod_put(_hash_alg);
632out_drop_blockcipher:
633 crypto_drop_spawn(&ictx->blockcipher_spawn);
634out_drop_streamcipher:
635 crypto_drop_skcipher(&ictx->streamcipher_spawn);
636out_free_inst:
637 kfree(inst);
638 return err;
639}
640
641/* adiantum(streamcipher_name, blockcipher_name [, nhpoly1305_name]) */
642static struct crypto_template adiantum_tmpl = {
643 .name = "adiantum",
644 .create = adiantum_create,
645 .module = THIS_MODULE,
646};
647
648static int __init adiantum_module_init(void)
649{
650 return crypto_register_template(&adiantum_tmpl);
651}
652
653static void __exit adiantum_module_exit(void)
654{
655 crypto_unregister_template(&adiantum_tmpl);
656}
657
658module_init(adiantum_module_init);
659module_exit(adiantum_module_exit);
660
661MODULE_DESCRIPTION("Adiantum length-preserving encryption mode");
662MODULE_LICENSE("GPL v2");
663MODULE_AUTHOR("Eric Biggers <ebiggers@google.com>");
664MODULE_ALIAS_CRYPTO("adiantum");
diff --git a/crypto/aead.c b/crypto/aead.c
index 60b3bbe973e7..189c52d1f63a 100644
--- a/crypto/aead.c
+++ b/crypto/aead.c
@@ -119,20 +119,16 @@ static int crypto_aead_report(struct sk_buff *skb, struct crypto_alg *alg)
119 struct crypto_report_aead raead; 119 struct crypto_report_aead raead;
120 struct aead_alg *aead = container_of(alg, struct aead_alg, base); 120 struct aead_alg *aead = container_of(alg, struct aead_alg, base);
121 121
122 strncpy(raead.type, "aead", sizeof(raead.type)); 122 memset(&raead, 0, sizeof(raead));
123 strncpy(raead.geniv, "<none>", sizeof(raead.geniv)); 123
124 strscpy(raead.type, "aead", sizeof(raead.type));
125 strscpy(raead.geniv, "<none>", sizeof(raead.geniv));
124 126
125 raead.blocksize = alg->cra_blocksize; 127 raead.blocksize = alg->cra_blocksize;
126 raead.maxauthsize = aead->maxauthsize; 128 raead.maxauthsize = aead->maxauthsize;
127 raead.ivsize = aead->ivsize; 129 raead.ivsize = aead->ivsize;
128 130
129 if (nla_put(skb, CRYPTOCFGA_REPORT_AEAD, 131 return nla_put(skb, CRYPTOCFGA_REPORT_AEAD, sizeof(raead), &raead);
130 sizeof(struct crypto_report_aead), &raead))
131 goto nla_put_failure;
132 return 0;
133
134nla_put_failure:
135 return -EMSGSIZE;
136} 132}
137#else 133#else
138static int crypto_aead_report(struct sk_buff *skb, struct crypto_alg *alg) 134static int crypto_aead_report(struct sk_buff *skb, struct crypto_alg *alg)
diff --git a/crypto/aes_generic.c b/crypto/aes_generic.c
index ca554d57d01e..13df33aca463 100644
--- a/crypto/aes_generic.c
+++ b/crypto/aes_generic.c
@@ -63,7 +63,8 @@ static inline u8 byte(const u32 x, const unsigned n)
63 63
64static const u32 rco_tab[10] = { 1, 2, 4, 8, 16, 32, 64, 128, 27, 54 }; 64static const u32 rco_tab[10] = { 1, 2, 4, 8, 16, 32, 64, 128, 27, 54 };
65 65
66__visible const u32 crypto_ft_tab[4][256] = { 66/* cacheline-aligned to facilitate prefetching into cache */
67__visible const u32 crypto_ft_tab[4][256] __cacheline_aligned = {
67 { 68 {
68 0xa56363c6, 0x847c7cf8, 0x997777ee, 0x8d7b7bf6, 69 0xa56363c6, 0x847c7cf8, 0x997777ee, 0x8d7b7bf6,
69 0x0df2f2ff, 0xbd6b6bd6, 0xb16f6fde, 0x54c5c591, 70 0x0df2f2ff, 0xbd6b6bd6, 0xb16f6fde, 0x54c5c591,
@@ -327,7 +328,7 @@ __visible const u32 crypto_ft_tab[4][256] = {
327 } 328 }
328}; 329};
329 330
330__visible const u32 crypto_fl_tab[4][256] = { 331__visible const u32 crypto_fl_tab[4][256] __cacheline_aligned = {
331 { 332 {
332 0x00000063, 0x0000007c, 0x00000077, 0x0000007b, 333 0x00000063, 0x0000007c, 0x00000077, 0x0000007b,
333 0x000000f2, 0x0000006b, 0x0000006f, 0x000000c5, 334 0x000000f2, 0x0000006b, 0x0000006f, 0x000000c5,
@@ -591,7 +592,7 @@ __visible const u32 crypto_fl_tab[4][256] = {
591 } 592 }
592}; 593};
593 594
594__visible const u32 crypto_it_tab[4][256] = { 595__visible const u32 crypto_it_tab[4][256] __cacheline_aligned = {
595 { 596 {
596 0x50a7f451, 0x5365417e, 0xc3a4171a, 0x965e273a, 597 0x50a7f451, 0x5365417e, 0xc3a4171a, 0x965e273a,
597 0xcb6bab3b, 0xf1459d1f, 0xab58faac, 0x9303e34b, 598 0xcb6bab3b, 0xf1459d1f, 0xab58faac, 0x9303e34b,
@@ -855,7 +856,7 @@ __visible const u32 crypto_it_tab[4][256] = {
855 } 856 }
856}; 857};
857 858
858__visible const u32 crypto_il_tab[4][256] = { 859__visible const u32 crypto_il_tab[4][256] __cacheline_aligned = {
859 { 860 {
860 0x00000052, 0x00000009, 0x0000006a, 0x000000d5, 861 0x00000052, 0x00000009, 0x0000006a, 0x000000d5,
861 0x00000030, 0x00000036, 0x000000a5, 0x00000038, 862 0x00000030, 0x00000036, 0x000000a5, 0x00000038,
diff --git a/crypto/aes_ti.c b/crypto/aes_ti.c
index 03023b2290e8..1ff9785b30f5 100644
--- a/crypto/aes_ti.c
+++ b/crypto/aes_ti.c
@@ -269,6 +269,7 @@ static void aesti_encrypt(struct crypto_tfm *tfm, u8 *out, const u8 *in)
269 const u32 *rkp = ctx->key_enc + 4; 269 const u32 *rkp = ctx->key_enc + 4;
270 int rounds = 6 + ctx->key_length / 4; 270 int rounds = 6 + ctx->key_length / 4;
271 u32 st0[4], st1[4]; 271 u32 st0[4], st1[4];
272 unsigned long flags;
272 int round; 273 int round;
273 274
274 st0[0] = ctx->key_enc[0] ^ get_unaligned_le32(in); 275 st0[0] = ctx->key_enc[0] ^ get_unaligned_le32(in);
@@ -276,6 +277,12 @@ static void aesti_encrypt(struct crypto_tfm *tfm, u8 *out, const u8 *in)
276 st0[2] = ctx->key_enc[2] ^ get_unaligned_le32(in + 8); 277 st0[2] = ctx->key_enc[2] ^ get_unaligned_le32(in + 8);
277 st0[3] = ctx->key_enc[3] ^ get_unaligned_le32(in + 12); 278 st0[3] = ctx->key_enc[3] ^ get_unaligned_le32(in + 12);
278 279
280 /*
281 * Temporarily disable interrupts to avoid races where cachelines are
282 * evicted when the CPU is interrupted to do something else.
283 */
284 local_irq_save(flags);
285
279 st0[0] ^= __aesti_sbox[ 0] ^ __aesti_sbox[128]; 286 st0[0] ^= __aesti_sbox[ 0] ^ __aesti_sbox[128];
280 st0[1] ^= __aesti_sbox[32] ^ __aesti_sbox[160]; 287 st0[1] ^= __aesti_sbox[32] ^ __aesti_sbox[160];
281 st0[2] ^= __aesti_sbox[64] ^ __aesti_sbox[192]; 288 st0[2] ^= __aesti_sbox[64] ^ __aesti_sbox[192];
@@ -300,6 +307,8 @@ static void aesti_encrypt(struct crypto_tfm *tfm, u8 *out, const u8 *in)
300 put_unaligned_le32(subshift(st1, 1) ^ rkp[5], out + 4); 307 put_unaligned_le32(subshift(st1, 1) ^ rkp[5], out + 4);
301 put_unaligned_le32(subshift(st1, 2) ^ rkp[6], out + 8); 308 put_unaligned_le32(subshift(st1, 2) ^ rkp[6], out + 8);
302 put_unaligned_le32(subshift(st1, 3) ^ rkp[7], out + 12); 309 put_unaligned_le32(subshift(st1, 3) ^ rkp[7], out + 12);
310
311 local_irq_restore(flags);
303} 312}
304 313
305static void aesti_decrypt(struct crypto_tfm *tfm, u8 *out, const u8 *in) 314static void aesti_decrypt(struct crypto_tfm *tfm, u8 *out, const u8 *in)
@@ -308,6 +317,7 @@ static void aesti_decrypt(struct crypto_tfm *tfm, u8 *out, const u8 *in)
308 const u32 *rkp = ctx->key_dec + 4; 317 const u32 *rkp = ctx->key_dec + 4;
309 int rounds = 6 + ctx->key_length / 4; 318 int rounds = 6 + ctx->key_length / 4;
310 u32 st0[4], st1[4]; 319 u32 st0[4], st1[4];
320 unsigned long flags;
311 int round; 321 int round;
312 322
313 st0[0] = ctx->key_dec[0] ^ get_unaligned_le32(in); 323 st0[0] = ctx->key_dec[0] ^ get_unaligned_le32(in);
@@ -315,6 +325,12 @@ static void aesti_decrypt(struct crypto_tfm *tfm, u8 *out, const u8 *in)
315 st0[2] = ctx->key_dec[2] ^ get_unaligned_le32(in + 8); 325 st0[2] = ctx->key_dec[2] ^ get_unaligned_le32(in + 8);
316 st0[3] = ctx->key_dec[3] ^ get_unaligned_le32(in + 12); 326 st0[3] = ctx->key_dec[3] ^ get_unaligned_le32(in + 12);
317 327
328 /*
329 * Temporarily disable interrupts to avoid races where cachelines are
330 * evicted when the CPU is interrupted to do something else.
331 */
332 local_irq_save(flags);
333
318 st0[0] ^= __aesti_inv_sbox[ 0] ^ __aesti_inv_sbox[128]; 334 st0[0] ^= __aesti_inv_sbox[ 0] ^ __aesti_inv_sbox[128];
319 st0[1] ^= __aesti_inv_sbox[32] ^ __aesti_inv_sbox[160]; 335 st0[1] ^= __aesti_inv_sbox[32] ^ __aesti_inv_sbox[160];
320 st0[2] ^= __aesti_inv_sbox[64] ^ __aesti_inv_sbox[192]; 336 st0[2] ^= __aesti_inv_sbox[64] ^ __aesti_inv_sbox[192];
@@ -339,6 +355,8 @@ static void aesti_decrypt(struct crypto_tfm *tfm, u8 *out, const u8 *in)
339 put_unaligned_le32(inv_subshift(st1, 1) ^ rkp[5], out + 4); 355 put_unaligned_le32(inv_subshift(st1, 1) ^ rkp[5], out + 4);
340 put_unaligned_le32(inv_subshift(st1, 2) ^ rkp[6], out + 8); 356 put_unaligned_le32(inv_subshift(st1, 2) ^ rkp[6], out + 8);
341 put_unaligned_le32(inv_subshift(st1, 3) ^ rkp[7], out + 12); 357 put_unaligned_le32(inv_subshift(st1, 3) ^ rkp[7], out + 12);
358
359 local_irq_restore(flags);
342} 360}
343 361
344static struct crypto_alg aes_alg = { 362static struct crypto_alg aes_alg = {
diff --git a/crypto/ahash.c b/crypto/ahash.c
index e21667b4e10a..5d320a811f75 100644
--- a/crypto/ahash.c
+++ b/crypto/ahash.c
@@ -364,20 +364,28 @@ static int crypto_ahash_op(struct ahash_request *req,
364 364
365int crypto_ahash_final(struct ahash_request *req) 365int crypto_ahash_final(struct ahash_request *req)
366{ 366{
367 struct crypto_ahash *tfm = crypto_ahash_reqtfm(req);
368 struct crypto_alg *alg = tfm->base.__crt_alg;
369 unsigned int nbytes = req->nbytes;
367 int ret; 370 int ret;
368 371
372 crypto_stats_get(alg);
369 ret = crypto_ahash_op(req, crypto_ahash_reqtfm(req)->final); 373 ret = crypto_ahash_op(req, crypto_ahash_reqtfm(req)->final);
370 crypto_stat_ahash_final(req, ret); 374 crypto_stats_ahash_final(nbytes, ret, alg);
371 return ret; 375 return ret;
372} 376}
373EXPORT_SYMBOL_GPL(crypto_ahash_final); 377EXPORT_SYMBOL_GPL(crypto_ahash_final);
374 378
375int crypto_ahash_finup(struct ahash_request *req) 379int crypto_ahash_finup(struct ahash_request *req)
376{ 380{
381 struct crypto_ahash *tfm = crypto_ahash_reqtfm(req);
382 struct crypto_alg *alg = tfm->base.__crt_alg;
383 unsigned int nbytes = req->nbytes;
377 int ret; 384 int ret;
378 385
386 crypto_stats_get(alg);
379 ret = crypto_ahash_op(req, crypto_ahash_reqtfm(req)->finup); 387 ret = crypto_ahash_op(req, crypto_ahash_reqtfm(req)->finup);
380 crypto_stat_ahash_final(req, ret); 388 crypto_stats_ahash_final(nbytes, ret, alg);
381 return ret; 389 return ret;
382} 390}
383EXPORT_SYMBOL_GPL(crypto_ahash_finup); 391EXPORT_SYMBOL_GPL(crypto_ahash_finup);
@@ -385,13 +393,16 @@ EXPORT_SYMBOL_GPL(crypto_ahash_finup);
385int crypto_ahash_digest(struct ahash_request *req) 393int crypto_ahash_digest(struct ahash_request *req)
386{ 394{
387 struct crypto_ahash *tfm = crypto_ahash_reqtfm(req); 395 struct crypto_ahash *tfm = crypto_ahash_reqtfm(req);
396 struct crypto_alg *alg = tfm->base.__crt_alg;
397 unsigned int nbytes = req->nbytes;
388 int ret; 398 int ret;
389 399
400 crypto_stats_get(alg);
390 if (crypto_ahash_get_flags(tfm) & CRYPTO_TFM_NEED_KEY) 401 if (crypto_ahash_get_flags(tfm) & CRYPTO_TFM_NEED_KEY)
391 ret = -ENOKEY; 402 ret = -ENOKEY;
392 else 403 else
393 ret = crypto_ahash_op(req, tfm->digest); 404 ret = crypto_ahash_op(req, tfm->digest);
394 crypto_stat_ahash_final(req, ret); 405 crypto_stats_ahash_final(nbytes, ret, alg);
395 return ret; 406 return ret;
396} 407}
397EXPORT_SYMBOL_GPL(crypto_ahash_digest); 408EXPORT_SYMBOL_GPL(crypto_ahash_digest);
@@ -498,18 +509,14 @@ static int crypto_ahash_report(struct sk_buff *skb, struct crypto_alg *alg)
498{ 509{
499 struct crypto_report_hash rhash; 510 struct crypto_report_hash rhash;
500 511
501 strncpy(rhash.type, "ahash", sizeof(rhash.type)); 512 memset(&rhash, 0, sizeof(rhash));
513
514 strscpy(rhash.type, "ahash", sizeof(rhash.type));
502 515
503 rhash.blocksize = alg->cra_blocksize; 516 rhash.blocksize = alg->cra_blocksize;
504 rhash.digestsize = __crypto_hash_alg_common(alg)->digestsize; 517 rhash.digestsize = __crypto_hash_alg_common(alg)->digestsize;
505 518
506 if (nla_put(skb, CRYPTOCFGA_REPORT_HASH, 519 return nla_put(skb, CRYPTOCFGA_REPORT_HASH, sizeof(rhash), &rhash);
507 sizeof(struct crypto_report_hash), &rhash))
508 goto nla_put_failure;
509 return 0;
510
511nla_put_failure:
512 return -EMSGSIZE;
513} 520}
514#else 521#else
515static int crypto_ahash_report(struct sk_buff *skb, struct crypto_alg *alg) 522static int crypto_ahash_report(struct sk_buff *skb, struct crypto_alg *alg)
diff --git a/crypto/akcipher.c b/crypto/akcipher.c
index cfbdb06d8ca8..0cbeae137e0a 100644
--- a/crypto/akcipher.c
+++ b/crypto/akcipher.c
@@ -30,15 +30,12 @@ static int crypto_akcipher_report(struct sk_buff *skb, struct crypto_alg *alg)
30{ 30{
31 struct crypto_report_akcipher rakcipher; 31 struct crypto_report_akcipher rakcipher;
32 32
33 strncpy(rakcipher.type, "akcipher", sizeof(rakcipher.type)); 33 memset(&rakcipher, 0, sizeof(rakcipher));
34 34
35 if (nla_put(skb, CRYPTOCFGA_REPORT_AKCIPHER, 35 strscpy(rakcipher.type, "akcipher", sizeof(rakcipher.type));
36 sizeof(struct crypto_report_akcipher), &rakcipher))
37 goto nla_put_failure;
38 return 0;
39 36
40nla_put_failure: 37 return nla_put(skb, CRYPTOCFGA_REPORT_AKCIPHER,
41 return -EMSGSIZE; 38 sizeof(rakcipher), &rakcipher);
42} 39}
43#else 40#else
44static int crypto_akcipher_report(struct sk_buff *skb, struct crypto_alg *alg) 41static int crypto_akcipher_report(struct sk_buff *skb, struct crypto_alg *alg)
diff --git a/crypto/algapi.c b/crypto/algapi.c
index 2545c5f89c4c..8b65ada33e5d 100644
--- a/crypto/algapi.c
+++ b/crypto/algapi.c
@@ -258,13 +258,7 @@ static struct crypto_larval *__crypto_register_alg(struct crypto_alg *alg)
258 list_add(&alg->cra_list, &crypto_alg_list); 258 list_add(&alg->cra_list, &crypto_alg_list);
259 list_add(&larval->alg.cra_list, &crypto_alg_list); 259 list_add(&larval->alg.cra_list, &crypto_alg_list);
260 260
261 atomic_set(&alg->encrypt_cnt, 0); 261 crypto_stats_init(alg);
262 atomic_set(&alg->decrypt_cnt, 0);
263 atomic64_set(&alg->encrypt_tlen, 0);
264 atomic64_set(&alg->decrypt_tlen, 0);
265 atomic_set(&alg->verify_cnt, 0);
266 atomic_set(&alg->cipher_err_cnt, 0);
267 atomic_set(&alg->sign_cnt, 0);
268 262
269out: 263out:
270 return larval; 264 return larval;
@@ -1076,6 +1070,245 @@ int crypto_type_has_alg(const char *name, const struct crypto_type *frontend,
1076} 1070}
1077EXPORT_SYMBOL_GPL(crypto_type_has_alg); 1071EXPORT_SYMBOL_GPL(crypto_type_has_alg);
1078 1072
1073#ifdef CONFIG_CRYPTO_STATS
1074void crypto_stats_init(struct crypto_alg *alg)
1075{
1076 memset(&alg->stats, 0, sizeof(alg->stats));
1077}
1078EXPORT_SYMBOL_GPL(crypto_stats_init);
1079
1080void crypto_stats_get(struct crypto_alg *alg)
1081{
1082 crypto_alg_get(alg);
1083}
1084EXPORT_SYMBOL_GPL(crypto_stats_get);
1085
1086void crypto_stats_ablkcipher_encrypt(unsigned int nbytes, int ret,
1087 struct crypto_alg *alg)
1088{
1089 if (ret && ret != -EINPROGRESS && ret != -EBUSY) {
1090 atomic64_inc(&alg->stats.cipher.err_cnt);
1091 } else {
1092 atomic64_inc(&alg->stats.cipher.encrypt_cnt);
1093 atomic64_add(nbytes, &alg->stats.cipher.encrypt_tlen);
1094 }
1095 crypto_alg_put(alg);
1096}
1097EXPORT_SYMBOL_GPL(crypto_stats_ablkcipher_encrypt);
1098
1099void crypto_stats_ablkcipher_decrypt(unsigned int nbytes, int ret,
1100 struct crypto_alg *alg)
1101{
1102 if (ret && ret != -EINPROGRESS && ret != -EBUSY) {
1103 atomic64_inc(&alg->stats.cipher.err_cnt);
1104 } else {
1105 atomic64_inc(&alg->stats.cipher.decrypt_cnt);
1106 atomic64_add(nbytes, &alg->stats.cipher.decrypt_tlen);
1107 }
1108 crypto_alg_put(alg);
1109}
1110EXPORT_SYMBOL_GPL(crypto_stats_ablkcipher_decrypt);
1111
1112void crypto_stats_aead_encrypt(unsigned int cryptlen, struct crypto_alg *alg,
1113 int ret)
1114{
1115 if (ret && ret != -EINPROGRESS && ret != -EBUSY) {
1116 atomic64_inc(&alg->stats.aead.err_cnt);
1117 } else {
1118 atomic64_inc(&alg->stats.aead.encrypt_cnt);
1119 atomic64_add(cryptlen, &alg->stats.aead.encrypt_tlen);
1120 }
1121 crypto_alg_put(alg);
1122}
1123EXPORT_SYMBOL_GPL(crypto_stats_aead_encrypt);
1124
1125void crypto_stats_aead_decrypt(unsigned int cryptlen, struct crypto_alg *alg,
1126 int ret)
1127{
1128 if (ret && ret != -EINPROGRESS && ret != -EBUSY) {
1129 atomic64_inc(&alg->stats.aead.err_cnt);
1130 } else {
1131 atomic64_inc(&alg->stats.aead.decrypt_cnt);
1132 atomic64_add(cryptlen, &alg->stats.aead.decrypt_tlen);
1133 }
1134 crypto_alg_put(alg);
1135}
1136EXPORT_SYMBOL_GPL(crypto_stats_aead_decrypt);
1137
1138void crypto_stats_akcipher_encrypt(unsigned int src_len, int ret,
1139 struct crypto_alg *alg)
1140{
1141 if (ret && ret != -EINPROGRESS && ret != -EBUSY) {
1142 atomic64_inc(&alg->stats.akcipher.err_cnt);
1143 } else {
1144 atomic64_inc(&alg->stats.akcipher.encrypt_cnt);
1145 atomic64_add(src_len, &alg->stats.akcipher.encrypt_tlen);
1146 }
1147 crypto_alg_put(alg);
1148}
1149EXPORT_SYMBOL_GPL(crypto_stats_akcipher_encrypt);
1150
1151void crypto_stats_akcipher_decrypt(unsigned int src_len, int ret,
1152 struct crypto_alg *alg)
1153{
1154 if (ret && ret != -EINPROGRESS && ret != -EBUSY) {
1155 atomic64_inc(&alg->stats.akcipher.err_cnt);
1156 } else {
1157 atomic64_inc(&alg->stats.akcipher.decrypt_cnt);
1158 atomic64_add(src_len, &alg->stats.akcipher.decrypt_tlen);
1159 }
1160 crypto_alg_put(alg);
1161}
1162EXPORT_SYMBOL_GPL(crypto_stats_akcipher_decrypt);
1163
1164void crypto_stats_akcipher_sign(int ret, struct crypto_alg *alg)
1165{
1166 if (ret && ret != -EINPROGRESS && ret != -EBUSY)
1167 atomic64_inc(&alg->stats.akcipher.err_cnt);
1168 else
1169 atomic64_inc(&alg->stats.akcipher.sign_cnt);
1170 crypto_alg_put(alg);
1171}
1172EXPORT_SYMBOL_GPL(crypto_stats_akcipher_sign);
1173
1174void crypto_stats_akcipher_verify(int ret, struct crypto_alg *alg)
1175{
1176 if (ret && ret != -EINPROGRESS && ret != -EBUSY)
1177 atomic64_inc(&alg->stats.akcipher.err_cnt);
1178 else
1179 atomic64_inc(&alg->stats.akcipher.verify_cnt);
1180 crypto_alg_put(alg);
1181}
1182EXPORT_SYMBOL_GPL(crypto_stats_akcipher_verify);
1183
1184void crypto_stats_compress(unsigned int slen, int ret, struct crypto_alg *alg)
1185{
1186 if (ret && ret != -EINPROGRESS && ret != -EBUSY) {
1187 atomic64_inc(&alg->stats.compress.err_cnt);
1188 } else {
1189 atomic64_inc(&alg->stats.compress.compress_cnt);
1190 atomic64_add(slen, &alg->stats.compress.compress_tlen);
1191 }
1192 crypto_alg_put(alg);
1193}
1194EXPORT_SYMBOL_GPL(crypto_stats_compress);
1195
1196void crypto_stats_decompress(unsigned int slen, int ret, struct crypto_alg *alg)
1197{
1198 if (ret && ret != -EINPROGRESS && ret != -EBUSY) {
1199 atomic64_inc(&alg->stats.compress.err_cnt);
1200 } else {
1201 atomic64_inc(&alg->stats.compress.decompress_cnt);
1202 atomic64_add(slen, &alg->stats.compress.decompress_tlen);
1203 }
1204 crypto_alg_put(alg);
1205}
1206EXPORT_SYMBOL_GPL(crypto_stats_decompress);
1207
1208void crypto_stats_ahash_update(unsigned int nbytes, int ret,
1209 struct crypto_alg *alg)
1210{
1211 if (ret && ret != -EINPROGRESS && ret != -EBUSY)
1212 atomic64_inc(&alg->stats.hash.err_cnt);
1213 else
1214 atomic64_add(nbytes, &alg->stats.hash.hash_tlen);
1215 crypto_alg_put(alg);
1216}
1217EXPORT_SYMBOL_GPL(crypto_stats_ahash_update);
1218
1219void crypto_stats_ahash_final(unsigned int nbytes, int ret,
1220 struct crypto_alg *alg)
1221{
1222 if (ret && ret != -EINPROGRESS && ret != -EBUSY) {
1223 atomic64_inc(&alg->stats.hash.err_cnt);
1224 } else {
1225 atomic64_inc(&alg->stats.hash.hash_cnt);
1226 atomic64_add(nbytes, &alg->stats.hash.hash_tlen);
1227 }
1228 crypto_alg_put(alg);
1229}
1230EXPORT_SYMBOL_GPL(crypto_stats_ahash_final);
1231
1232void crypto_stats_kpp_set_secret(struct crypto_alg *alg, int ret)
1233{
1234 if (ret)
1235 atomic64_inc(&alg->stats.kpp.err_cnt);
1236 else
1237 atomic64_inc(&alg->stats.kpp.setsecret_cnt);
1238 crypto_alg_put(alg);
1239}
1240EXPORT_SYMBOL_GPL(crypto_stats_kpp_set_secret);
1241
1242void crypto_stats_kpp_generate_public_key(struct crypto_alg *alg, int ret)
1243{
1244 if (ret)
1245 atomic64_inc(&alg->stats.kpp.err_cnt);
1246 else
1247 atomic64_inc(&alg->stats.kpp.generate_public_key_cnt);
1248 crypto_alg_put(alg);
1249}
1250EXPORT_SYMBOL_GPL(crypto_stats_kpp_generate_public_key);
1251
1252void crypto_stats_kpp_compute_shared_secret(struct crypto_alg *alg, int ret)
1253{
1254 if (ret)
1255 atomic64_inc(&alg->stats.kpp.err_cnt);
1256 else
1257 atomic64_inc(&alg->stats.kpp.compute_shared_secret_cnt);
1258 crypto_alg_put(alg);
1259}
1260EXPORT_SYMBOL_GPL(crypto_stats_kpp_compute_shared_secret);
1261
1262void crypto_stats_rng_seed(struct crypto_alg *alg, int ret)
1263{
1264 if (ret && ret != -EINPROGRESS && ret != -EBUSY)
1265 atomic64_inc(&alg->stats.rng.err_cnt);
1266 else
1267 atomic64_inc(&alg->stats.rng.seed_cnt);
1268 crypto_alg_put(alg);
1269}
1270EXPORT_SYMBOL_GPL(crypto_stats_rng_seed);
1271
1272void crypto_stats_rng_generate(struct crypto_alg *alg, unsigned int dlen,
1273 int ret)
1274{
1275 if (ret && ret != -EINPROGRESS && ret != -EBUSY) {
1276 atomic64_inc(&alg->stats.rng.err_cnt);
1277 } else {
1278 atomic64_inc(&alg->stats.rng.generate_cnt);
1279 atomic64_add(dlen, &alg->stats.rng.generate_tlen);
1280 }
1281 crypto_alg_put(alg);
1282}
1283EXPORT_SYMBOL_GPL(crypto_stats_rng_generate);
1284
1285void crypto_stats_skcipher_encrypt(unsigned int cryptlen, int ret,
1286 struct crypto_alg *alg)
1287{
1288 if (ret && ret != -EINPROGRESS && ret != -EBUSY) {
1289 atomic64_inc(&alg->stats.cipher.err_cnt);
1290 } else {
1291 atomic64_inc(&alg->stats.cipher.encrypt_cnt);
1292 atomic64_add(cryptlen, &alg->stats.cipher.encrypt_tlen);
1293 }
1294 crypto_alg_put(alg);
1295}
1296EXPORT_SYMBOL_GPL(crypto_stats_skcipher_encrypt);
1297
1298void crypto_stats_skcipher_decrypt(unsigned int cryptlen, int ret,
1299 struct crypto_alg *alg)
1300{
1301 if (ret && ret != -EINPROGRESS && ret != -EBUSY) {
1302 atomic64_inc(&alg->stats.cipher.err_cnt);
1303 } else {
1304 atomic64_inc(&alg->stats.cipher.decrypt_cnt);
1305 atomic64_add(cryptlen, &alg->stats.cipher.decrypt_tlen);
1306 }
1307 crypto_alg_put(alg);
1308}
1309EXPORT_SYMBOL_GPL(crypto_stats_skcipher_decrypt);
1310#endif
1311
1079static int __init crypto_algapi_init(void) 1312static int __init crypto_algapi_init(void)
1080{ 1313{
1081 crypto_init_proc(); 1314 crypto_init_proc();
diff --git a/crypto/blkcipher.c b/crypto/blkcipher.c
index f93abf13b5d4..c5398bd54942 100644
--- a/crypto/blkcipher.c
+++ b/crypto/blkcipher.c
@@ -507,23 +507,18 @@ static int crypto_blkcipher_report(struct sk_buff *skb, struct crypto_alg *alg)
507{ 507{
508 struct crypto_report_blkcipher rblkcipher; 508 struct crypto_report_blkcipher rblkcipher;
509 509
510 strncpy(rblkcipher.type, "blkcipher", sizeof(rblkcipher.type)); 510 memset(&rblkcipher, 0, sizeof(rblkcipher));
511 strncpy(rblkcipher.geniv, alg->cra_blkcipher.geniv ?: "<default>", 511
512 sizeof(rblkcipher.geniv)); 512 strscpy(rblkcipher.type, "blkcipher", sizeof(rblkcipher.type));
513 rblkcipher.geniv[sizeof(rblkcipher.geniv) - 1] = '\0'; 513 strscpy(rblkcipher.geniv, "<default>", sizeof(rblkcipher.geniv));
514 514
515 rblkcipher.blocksize = alg->cra_blocksize; 515 rblkcipher.blocksize = alg->cra_blocksize;
516 rblkcipher.min_keysize = alg->cra_blkcipher.min_keysize; 516 rblkcipher.min_keysize = alg->cra_blkcipher.min_keysize;
517 rblkcipher.max_keysize = alg->cra_blkcipher.max_keysize; 517 rblkcipher.max_keysize = alg->cra_blkcipher.max_keysize;
518 rblkcipher.ivsize = alg->cra_blkcipher.ivsize; 518 rblkcipher.ivsize = alg->cra_blkcipher.ivsize;
519 519
520 if (nla_put(skb, CRYPTOCFGA_REPORT_BLKCIPHER, 520 return nla_put(skb, CRYPTOCFGA_REPORT_BLKCIPHER,
521 sizeof(struct crypto_report_blkcipher), &rblkcipher)) 521 sizeof(rblkcipher), &rblkcipher);
522 goto nla_put_failure;
523 return 0;
524
525nla_put_failure:
526 return -EMSGSIZE;
527} 522}
528#else 523#else
529static int crypto_blkcipher_report(struct sk_buff *skb, struct crypto_alg *alg) 524static int crypto_blkcipher_report(struct sk_buff *skb, struct crypto_alg *alg)
@@ -541,8 +536,7 @@ static void crypto_blkcipher_show(struct seq_file *m, struct crypto_alg *alg)
541 seq_printf(m, "min keysize : %u\n", alg->cra_blkcipher.min_keysize); 536 seq_printf(m, "min keysize : %u\n", alg->cra_blkcipher.min_keysize);
542 seq_printf(m, "max keysize : %u\n", alg->cra_blkcipher.max_keysize); 537 seq_printf(m, "max keysize : %u\n", alg->cra_blkcipher.max_keysize);
543 seq_printf(m, "ivsize : %u\n", alg->cra_blkcipher.ivsize); 538 seq_printf(m, "ivsize : %u\n", alg->cra_blkcipher.ivsize);
544 seq_printf(m, "geniv : %s\n", alg->cra_blkcipher.geniv ?: 539 seq_printf(m, "geniv : <default>\n");
545 "<default>");
546} 540}
547 541
548const struct crypto_type crypto_blkcipher_type = { 542const struct crypto_type crypto_blkcipher_type = {
diff --git a/crypto/cfb.c b/crypto/cfb.c
index 20987d0e09d8..e81e45673498 100644
--- a/crypto/cfb.c
+++ b/crypto/cfb.c
@@ -144,7 +144,7 @@ static int crypto_cfb_decrypt_segment(struct skcipher_walk *walk,
144 144
145 do { 145 do {
146 crypto_cfb_encrypt_one(tfm, iv, dst); 146 crypto_cfb_encrypt_one(tfm, iv, dst);
147 crypto_xor(dst, iv, bsize); 147 crypto_xor(dst, src, bsize);
148 iv = src; 148 iv = src;
149 149
150 src += bsize; 150 src += bsize;
diff --git a/crypto/chacha20_generic.c b/crypto/chacha20_generic.c
deleted file mode 100644
index 3ae96587caf9..000000000000
--- a/crypto/chacha20_generic.c
+++ /dev/null
@@ -1,137 +0,0 @@
1/*
2 * ChaCha20 256-bit cipher algorithm, RFC7539
3 *
4 * Copyright (C) 2015 Martin Willi
5 *
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 2 of the License, or
9 * (at your option) any later version.
10 */
11
12#include <asm/unaligned.h>
13#include <crypto/algapi.h>
14#include <crypto/chacha20.h>
15#include <crypto/internal/skcipher.h>
16#include <linux/module.h>
17
18static void chacha20_docrypt(u32 *state, u8 *dst, const u8 *src,
19 unsigned int bytes)
20{
21 /* aligned to potentially speed up crypto_xor() */
22 u8 stream[CHACHA20_BLOCK_SIZE] __aligned(sizeof(long));
23
24 if (dst != src)
25 memcpy(dst, src, bytes);
26
27 while (bytes >= CHACHA20_BLOCK_SIZE) {
28 chacha20_block(state, stream);
29 crypto_xor(dst, stream, CHACHA20_BLOCK_SIZE);
30 bytes -= CHACHA20_BLOCK_SIZE;
31 dst += CHACHA20_BLOCK_SIZE;
32 }
33 if (bytes) {
34 chacha20_block(state, stream);
35 crypto_xor(dst, stream, bytes);
36 }
37}
38
39void crypto_chacha20_init(u32 *state, struct chacha20_ctx *ctx, u8 *iv)
40{
41 state[0] = 0x61707865; /* "expa" */
42 state[1] = 0x3320646e; /* "nd 3" */
43 state[2] = 0x79622d32; /* "2-by" */
44 state[3] = 0x6b206574; /* "te k" */
45 state[4] = ctx->key[0];
46 state[5] = ctx->key[1];
47 state[6] = ctx->key[2];
48 state[7] = ctx->key[3];
49 state[8] = ctx->key[4];
50 state[9] = ctx->key[5];
51 state[10] = ctx->key[6];
52 state[11] = ctx->key[7];
53 state[12] = get_unaligned_le32(iv + 0);
54 state[13] = get_unaligned_le32(iv + 4);
55 state[14] = get_unaligned_le32(iv + 8);
56 state[15] = get_unaligned_le32(iv + 12);
57}
58EXPORT_SYMBOL_GPL(crypto_chacha20_init);
59
60int crypto_chacha20_setkey(struct crypto_skcipher *tfm, const u8 *key,
61 unsigned int keysize)
62{
63 struct chacha20_ctx *ctx = crypto_skcipher_ctx(tfm);
64 int i;
65
66 if (keysize != CHACHA20_KEY_SIZE)
67 return -EINVAL;
68
69 for (i = 0; i < ARRAY_SIZE(ctx->key); i++)
70 ctx->key[i] = get_unaligned_le32(key + i * sizeof(u32));
71
72 return 0;
73}
74EXPORT_SYMBOL_GPL(crypto_chacha20_setkey);
75
76int crypto_chacha20_crypt(struct skcipher_request *req)
77{
78 struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req);
79 struct chacha20_ctx *ctx = crypto_skcipher_ctx(tfm);
80 struct skcipher_walk walk;
81 u32 state[16];
82 int err;
83
84 err = skcipher_walk_virt(&walk, req, true);
85
86 crypto_chacha20_init(state, ctx, walk.iv);
87
88 while (walk.nbytes > 0) {
89 unsigned int nbytes = walk.nbytes;
90
91 if (nbytes < walk.total)
92 nbytes = round_down(nbytes, walk.stride);
93
94 chacha20_docrypt(state, walk.dst.virt.addr, walk.src.virt.addr,
95 nbytes);
96 err = skcipher_walk_done(&walk, walk.nbytes - nbytes);
97 }
98
99 return err;
100}
101EXPORT_SYMBOL_GPL(crypto_chacha20_crypt);
102
103static struct skcipher_alg alg = {
104 .base.cra_name = "chacha20",
105 .base.cra_driver_name = "chacha20-generic",
106 .base.cra_priority = 100,
107 .base.cra_blocksize = 1,
108 .base.cra_ctxsize = sizeof(struct chacha20_ctx),
109 .base.cra_module = THIS_MODULE,
110
111 .min_keysize = CHACHA20_KEY_SIZE,
112 .max_keysize = CHACHA20_KEY_SIZE,
113 .ivsize = CHACHA20_IV_SIZE,
114 .chunksize = CHACHA20_BLOCK_SIZE,
115 .setkey = crypto_chacha20_setkey,
116 .encrypt = crypto_chacha20_crypt,
117 .decrypt = crypto_chacha20_crypt,
118};
119
120static int __init chacha20_generic_mod_init(void)
121{
122 return crypto_register_skcipher(&alg);
123}
124
125static void __exit chacha20_generic_mod_fini(void)
126{
127 crypto_unregister_skcipher(&alg);
128}
129
130module_init(chacha20_generic_mod_init);
131module_exit(chacha20_generic_mod_fini);
132
133MODULE_LICENSE("GPL");
134MODULE_AUTHOR("Martin Willi <martin@strongswan.org>");
135MODULE_DESCRIPTION("chacha20 cipher algorithm");
136MODULE_ALIAS_CRYPTO("chacha20");
137MODULE_ALIAS_CRYPTO("chacha20-generic");
diff --git a/crypto/chacha20poly1305.c b/crypto/chacha20poly1305.c
index 600afa99941f..fef11446ab1b 100644
--- a/crypto/chacha20poly1305.c
+++ b/crypto/chacha20poly1305.c
@@ -13,7 +13,7 @@
13#include <crypto/internal/hash.h> 13#include <crypto/internal/hash.h>
14#include <crypto/internal/skcipher.h> 14#include <crypto/internal/skcipher.h>
15#include <crypto/scatterwalk.h> 15#include <crypto/scatterwalk.h>
16#include <crypto/chacha20.h> 16#include <crypto/chacha.h>
17#include <crypto/poly1305.h> 17#include <crypto/poly1305.h>
18#include <linux/err.h> 18#include <linux/err.h>
19#include <linux/init.h> 19#include <linux/init.h>
@@ -22,8 +22,6 @@
22 22
23#include "internal.h" 23#include "internal.h"
24 24
25#define CHACHAPOLY_IV_SIZE 12
26
27struct chachapoly_instance_ctx { 25struct chachapoly_instance_ctx {
28 struct crypto_skcipher_spawn chacha; 26 struct crypto_skcipher_spawn chacha;
29 struct crypto_ahash_spawn poly; 27 struct crypto_ahash_spawn poly;
@@ -51,7 +49,7 @@ struct poly_req {
51}; 49};
52 50
53struct chacha_req { 51struct chacha_req {
54 u8 iv[CHACHA20_IV_SIZE]; 52 u8 iv[CHACHA_IV_SIZE];
55 struct scatterlist src[1]; 53 struct scatterlist src[1];
56 struct skcipher_request req; /* must be last member */ 54 struct skcipher_request req; /* must be last member */
57}; 55};
@@ -91,7 +89,7 @@ static void chacha_iv(u8 *iv, struct aead_request *req, u32 icb)
91 memcpy(iv, &leicb, sizeof(leicb)); 89 memcpy(iv, &leicb, sizeof(leicb));
92 memcpy(iv + sizeof(leicb), ctx->salt, ctx->saltlen); 90 memcpy(iv + sizeof(leicb), ctx->salt, ctx->saltlen);
93 memcpy(iv + sizeof(leicb) + ctx->saltlen, req->iv, 91 memcpy(iv + sizeof(leicb) + ctx->saltlen, req->iv,
94 CHACHA20_IV_SIZE - sizeof(leicb) - ctx->saltlen); 92 CHACHA_IV_SIZE - sizeof(leicb) - ctx->saltlen);
95} 93}
96 94
97static int poly_verify_tag(struct aead_request *req) 95static int poly_verify_tag(struct aead_request *req)
@@ -494,7 +492,7 @@ static int chachapoly_setkey(struct crypto_aead *aead, const u8 *key,
494 struct chachapoly_ctx *ctx = crypto_aead_ctx(aead); 492 struct chachapoly_ctx *ctx = crypto_aead_ctx(aead);
495 int err; 493 int err;
496 494
497 if (keylen != ctx->saltlen + CHACHA20_KEY_SIZE) 495 if (keylen != ctx->saltlen + CHACHA_KEY_SIZE)
498 return -EINVAL; 496 return -EINVAL;
499 497
500 keylen -= ctx->saltlen; 498 keylen -= ctx->saltlen;
@@ -639,7 +637,7 @@ static int chachapoly_create(struct crypto_template *tmpl, struct rtattr **tb,
639 637
640 err = -EINVAL; 638 err = -EINVAL;
641 /* Need 16-byte IV size, including Initial Block Counter value */ 639 /* Need 16-byte IV size, including Initial Block Counter value */
642 if (crypto_skcipher_alg_ivsize(chacha) != CHACHA20_IV_SIZE) 640 if (crypto_skcipher_alg_ivsize(chacha) != CHACHA_IV_SIZE)
643 goto out_drop_chacha; 641 goto out_drop_chacha;
644 /* Not a stream cipher? */ 642 /* Not a stream cipher? */
645 if (chacha->base.cra_blocksize != 1) 643 if (chacha->base.cra_blocksize != 1)
diff --git a/crypto/chacha_generic.c b/crypto/chacha_generic.c
new file mode 100644
index 000000000000..35b583101f4f
--- /dev/null
+++ b/crypto/chacha_generic.c
@@ -0,0 +1,217 @@
1/*
2 * ChaCha and XChaCha stream ciphers, including ChaCha20 (RFC7539)
3 *
4 * Copyright (C) 2015 Martin Willi
5 * Copyright (C) 2018 Google LLC
6 *
7 * This program is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 2 of the License, or
10 * (at your option) any later version.
11 */
12
13#include <asm/unaligned.h>
14#include <crypto/algapi.h>
15#include <crypto/chacha.h>
16#include <crypto/internal/skcipher.h>
17#include <linux/module.h>
18
19static void chacha_docrypt(u32 *state, u8 *dst, const u8 *src,
20 unsigned int bytes, int nrounds)
21{
22 /* aligned to potentially speed up crypto_xor() */
23 u8 stream[CHACHA_BLOCK_SIZE] __aligned(sizeof(long));
24
25 if (dst != src)
26 memcpy(dst, src, bytes);
27
28 while (bytes >= CHACHA_BLOCK_SIZE) {
29 chacha_block(state, stream, nrounds);
30 crypto_xor(dst, stream, CHACHA_BLOCK_SIZE);
31 bytes -= CHACHA_BLOCK_SIZE;
32 dst += CHACHA_BLOCK_SIZE;
33 }
34 if (bytes) {
35 chacha_block(state, stream, nrounds);
36 crypto_xor(dst, stream, bytes);
37 }
38}
39
40static int chacha_stream_xor(struct skcipher_request *req,
41 struct chacha_ctx *ctx, u8 *iv)
42{
43 struct skcipher_walk walk;
44 u32 state[16];
45 int err;
46
47 err = skcipher_walk_virt(&walk, req, false);
48
49 crypto_chacha_init(state, ctx, iv);
50
51 while (walk.nbytes > 0) {
52 unsigned int nbytes = walk.nbytes;
53
54 if (nbytes < walk.total)
55 nbytes = round_down(nbytes, walk.stride);
56
57 chacha_docrypt(state, walk.dst.virt.addr, walk.src.virt.addr,
58 nbytes, ctx->nrounds);
59 err = skcipher_walk_done(&walk, walk.nbytes - nbytes);
60 }
61
62 return err;
63}
64
65void crypto_chacha_init(u32 *state, struct chacha_ctx *ctx, u8 *iv)
66{
67 state[0] = 0x61707865; /* "expa" */
68 state[1] = 0x3320646e; /* "nd 3" */
69 state[2] = 0x79622d32; /* "2-by" */
70 state[3] = 0x6b206574; /* "te k" */
71 state[4] = ctx->key[0];
72 state[5] = ctx->key[1];
73 state[6] = ctx->key[2];
74 state[7] = ctx->key[3];
75 state[8] = ctx->key[4];
76 state[9] = ctx->key[5];
77 state[10] = ctx->key[6];
78 state[11] = ctx->key[7];
79 state[12] = get_unaligned_le32(iv + 0);
80 state[13] = get_unaligned_le32(iv + 4);
81 state[14] = get_unaligned_le32(iv + 8);
82 state[15] = get_unaligned_le32(iv + 12);
83}
84EXPORT_SYMBOL_GPL(crypto_chacha_init);
85
86static int chacha_setkey(struct crypto_skcipher *tfm, const u8 *key,
87 unsigned int keysize, int nrounds)
88{
89 struct chacha_ctx *ctx = crypto_skcipher_ctx(tfm);
90 int i;
91
92 if (keysize != CHACHA_KEY_SIZE)
93 return -EINVAL;
94
95 for (i = 0; i < ARRAY_SIZE(ctx->key); i++)
96 ctx->key[i] = get_unaligned_le32(key + i * sizeof(u32));
97
98 ctx->nrounds = nrounds;
99 return 0;
100}
101
102int crypto_chacha20_setkey(struct crypto_skcipher *tfm, const u8 *key,
103 unsigned int keysize)
104{
105 return chacha_setkey(tfm, key, keysize, 20);
106}
107EXPORT_SYMBOL_GPL(crypto_chacha20_setkey);
108
109int crypto_chacha12_setkey(struct crypto_skcipher *tfm, const u8 *key,
110 unsigned int keysize)
111{
112 return chacha_setkey(tfm, key, keysize, 12);
113}
114EXPORT_SYMBOL_GPL(crypto_chacha12_setkey);
115
116int crypto_chacha_crypt(struct skcipher_request *req)
117{
118 struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req);
119 struct chacha_ctx *ctx = crypto_skcipher_ctx(tfm);
120
121 return chacha_stream_xor(req, ctx, req->iv);
122}
123EXPORT_SYMBOL_GPL(crypto_chacha_crypt);
124
125int crypto_xchacha_crypt(struct skcipher_request *req)
126{
127 struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req);
128 struct chacha_ctx *ctx = crypto_skcipher_ctx(tfm);
129 struct chacha_ctx subctx;
130 u32 state[16];
131 u8 real_iv[16];
132
133 /* Compute the subkey given the original key and first 128 nonce bits */
134 crypto_chacha_init(state, ctx, req->iv);
135 hchacha_block(state, subctx.key, ctx->nrounds);
136 subctx.nrounds = ctx->nrounds;
137
138 /* Build the real IV */
139 memcpy(&real_iv[0], req->iv + 24, 8); /* stream position */
140 memcpy(&real_iv[8], req->iv + 16, 8); /* remaining 64 nonce bits */
141
142 /* Generate the stream and XOR it with the data */
143 return chacha_stream_xor(req, &subctx, real_iv);
144}
145EXPORT_SYMBOL_GPL(crypto_xchacha_crypt);
146
147static struct skcipher_alg algs[] = {
148 {
149 .base.cra_name = "chacha20",
150 .base.cra_driver_name = "chacha20-generic",
151 .base.cra_priority = 100,
152 .base.cra_blocksize = 1,
153 .base.cra_ctxsize = sizeof(struct chacha_ctx),
154 .base.cra_module = THIS_MODULE,
155
156 .min_keysize = CHACHA_KEY_SIZE,
157 .max_keysize = CHACHA_KEY_SIZE,
158 .ivsize = CHACHA_IV_SIZE,
159 .chunksize = CHACHA_BLOCK_SIZE,
160 .setkey = crypto_chacha20_setkey,
161 .encrypt = crypto_chacha_crypt,
162 .decrypt = crypto_chacha_crypt,
163 }, {
164 .base.cra_name = "xchacha20",
165 .base.cra_driver_name = "xchacha20-generic",
166 .base.cra_priority = 100,
167 .base.cra_blocksize = 1,
168 .base.cra_ctxsize = sizeof(struct chacha_ctx),
169 .base.cra_module = THIS_MODULE,
170
171 .min_keysize = CHACHA_KEY_SIZE,
172 .max_keysize = CHACHA_KEY_SIZE,
173 .ivsize = XCHACHA_IV_SIZE,
174 .chunksize = CHACHA_BLOCK_SIZE,
175 .setkey = crypto_chacha20_setkey,
176 .encrypt = crypto_xchacha_crypt,
177 .decrypt = crypto_xchacha_crypt,
178 }, {
179 .base.cra_name = "xchacha12",
180 .base.cra_driver_name = "xchacha12-generic",
181 .base.cra_priority = 100,
182 .base.cra_blocksize = 1,
183 .base.cra_ctxsize = sizeof(struct chacha_ctx),
184 .base.cra_module = THIS_MODULE,
185
186 .min_keysize = CHACHA_KEY_SIZE,
187 .max_keysize = CHACHA_KEY_SIZE,
188 .ivsize = XCHACHA_IV_SIZE,
189 .chunksize = CHACHA_BLOCK_SIZE,
190 .setkey = crypto_chacha12_setkey,
191 .encrypt = crypto_xchacha_crypt,
192 .decrypt = crypto_xchacha_crypt,
193 }
194};
195
196static int __init chacha_generic_mod_init(void)
197{
198 return crypto_register_skciphers(algs, ARRAY_SIZE(algs));
199}
200
201static void __exit chacha_generic_mod_fini(void)
202{
203 crypto_unregister_skciphers(algs, ARRAY_SIZE(algs));
204}
205
206module_init(chacha_generic_mod_init);
207module_exit(chacha_generic_mod_fini);
208
209MODULE_LICENSE("GPL");
210MODULE_AUTHOR("Martin Willi <martin@strongswan.org>");
211MODULE_DESCRIPTION("ChaCha and XChaCha stream ciphers (generic)");
212MODULE_ALIAS_CRYPTO("chacha20");
213MODULE_ALIAS_CRYPTO("chacha20-generic");
214MODULE_ALIAS_CRYPTO("xchacha20");
215MODULE_ALIAS_CRYPTO("xchacha20-generic");
216MODULE_ALIAS_CRYPTO("xchacha12");
217MODULE_ALIAS_CRYPTO("xchacha12-generic");
diff --git a/crypto/cryptd.c b/crypto/cryptd.c
index 7118fb5efbaa..5640e5db7bdb 100644
--- a/crypto/cryptd.c
+++ b/crypto/cryptd.c
@@ -422,8 +422,6 @@ static int cryptd_create_blkcipher(struct crypto_template *tmpl,
422 inst->alg.cra_ablkcipher.min_keysize = alg->cra_blkcipher.min_keysize; 422 inst->alg.cra_ablkcipher.min_keysize = alg->cra_blkcipher.min_keysize;
423 inst->alg.cra_ablkcipher.max_keysize = alg->cra_blkcipher.max_keysize; 423 inst->alg.cra_ablkcipher.max_keysize = alg->cra_blkcipher.max_keysize;
424 424
425 inst->alg.cra_ablkcipher.geniv = alg->cra_blkcipher.geniv;
426
427 inst->alg.cra_ctxsize = sizeof(struct cryptd_blkcipher_ctx); 425 inst->alg.cra_ctxsize = sizeof(struct cryptd_blkcipher_ctx);
428 426
429 inst->alg.cra_init = cryptd_blkcipher_init_tfm; 427 inst->alg.cra_init = cryptd_blkcipher_init_tfm;
@@ -1174,7 +1172,7 @@ struct cryptd_ablkcipher *cryptd_alloc_ablkcipher(const char *alg_name,
1174 return ERR_PTR(-EINVAL); 1172 return ERR_PTR(-EINVAL);
1175 type = crypto_skcipher_type(type); 1173 type = crypto_skcipher_type(type);
1176 mask &= ~CRYPTO_ALG_TYPE_MASK; 1174 mask &= ~CRYPTO_ALG_TYPE_MASK;
1177 mask |= (CRYPTO_ALG_GENIV | CRYPTO_ALG_TYPE_BLKCIPHER_MASK); 1175 mask |= CRYPTO_ALG_TYPE_BLKCIPHER_MASK;
1178 tfm = crypto_alloc_base(cryptd_alg_name, type, mask); 1176 tfm = crypto_alloc_base(cryptd_alg_name, type, mask);
1179 if (IS_ERR(tfm)) 1177 if (IS_ERR(tfm))
1180 return ERR_CAST(tfm); 1178 return ERR_CAST(tfm);
diff --git a/crypto/crypto_user_base.c b/crypto/crypto_user_base.c
index 784748dbb19f..f25d3f32c9c2 100644
--- a/crypto/crypto_user_base.c
+++ b/crypto/crypto_user_base.c
@@ -84,87 +84,38 @@ static int crypto_report_cipher(struct sk_buff *skb, struct crypto_alg *alg)
84{ 84{
85 struct crypto_report_cipher rcipher; 85 struct crypto_report_cipher rcipher;
86 86
87 strncpy(rcipher.type, "cipher", sizeof(rcipher.type)); 87 memset(&rcipher, 0, sizeof(rcipher));
88
89 strscpy(rcipher.type, "cipher", sizeof(rcipher.type));
88 90
89 rcipher.blocksize = alg->cra_blocksize; 91 rcipher.blocksize = alg->cra_blocksize;
90 rcipher.min_keysize = alg->cra_cipher.cia_min_keysize; 92 rcipher.min_keysize = alg->cra_cipher.cia_min_keysize;
91 rcipher.max_keysize = alg->cra_cipher.cia_max_keysize; 93 rcipher.max_keysize = alg->cra_cipher.cia_max_keysize;
92 94
93 if (nla_put(skb, CRYPTOCFGA_REPORT_CIPHER, 95 return nla_put(skb, CRYPTOCFGA_REPORT_CIPHER,
94 sizeof(struct crypto_report_cipher), &rcipher)) 96 sizeof(rcipher), &rcipher);
95 goto nla_put_failure;
96 return 0;
97
98nla_put_failure:
99 return -EMSGSIZE;
100} 97}
101 98
102static int crypto_report_comp(struct sk_buff *skb, struct crypto_alg *alg) 99static int crypto_report_comp(struct sk_buff *skb, struct crypto_alg *alg)
103{ 100{
104 struct crypto_report_comp rcomp; 101 struct crypto_report_comp rcomp;
105 102
106 strncpy(rcomp.type, "compression", sizeof(rcomp.type)); 103 memset(&rcomp, 0, sizeof(rcomp));
107 if (nla_put(skb, CRYPTOCFGA_REPORT_COMPRESS,
108 sizeof(struct crypto_report_comp), &rcomp))
109 goto nla_put_failure;
110 return 0;
111
112nla_put_failure:
113 return -EMSGSIZE;
114}
115
116static int crypto_report_acomp(struct sk_buff *skb, struct crypto_alg *alg)
117{
118 struct crypto_report_acomp racomp;
119 104
120 strncpy(racomp.type, "acomp", sizeof(racomp.type)); 105 strscpy(rcomp.type, "compression", sizeof(rcomp.type));
121 106
122 if (nla_put(skb, CRYPTOCFGA_REPORT_ACOMP, 107 return nla_put(skb, CRYPTOCFGA_REPORT_COMPRESS, sizeof(rcomp), &rcomp);
123 sizeof(struct crypto_report_acomp), &racomp))
124 goto nla_put_failure;
125 return 0;
126
127nla_put_failure:
128 return -EMSGSIZE;
129}
130
131static int crypto_report_akcipher(struct sk_buff *skb, struct crypto_alg *alg)
132{
133 struct crypto_report_akcipher rakcipher;
134
135 strncpy(rakcipher.type, "akcipher", sizeof(rakcipher.type));
136
137 if (nla_put(skb, CRYPTOCFGA_REPORT_AKCIPHER,
138 sizeof(struct crypto_report_akcipher), &rakcipher))
139 goto nla_put_failure;
140 return 0;
141
142nla_put_failure:
143 return -EMSGSIZE;
144}
145
146static int crypto_report_kpp(struct sk_buff *skb, struct crypto_alg *alg)
147{
148 struct crypto_report_kpp rkpp;
149
150 strncpy(rkpp.type, "kpp", sizeof(rkpp.type));
151
152 if (nla_put(skb, CRYPTOCFGA_REPORT_KPP,
153 sizeof(struct crypto_report_kpp), &rkpp))
154 goto nla_put_failure;
155 return 0;
156
157nla_put_failure:
158 return -EMSGSIZE;
159} 108}
160 109
161static int crypto_report_one(struct crypto_alg *alg, 110static int crypto_report_one(struct crypto_alg *alg,
162 struct crypto_user_alg *ualg, struct sk_buff *skb) 111 struct crypto_user_alg *ualg, struct sk_buff *skb)
163{ 112{
164 strncpy(ualg->cru_name, alg->cra_name, sizeof(ualg->cru_name)); 113 memset(ualg, 0, sizeof(*ualg));
165 strncpy(ualg->cru_driver_name, alg->cra_driver_name, 114
115 strscpy(ualg->cru_name, alg->cra_name, sizeof(ualg->cru_name));
116 strscpy(ualg->cru_driver_name, alg->cra_driver_name,
166 sizeof(ualg->cru_driver_name)); 117 sizeof(ualg->cru_driver_name));
167 strncpy(ualg->cru_module_name, module_name(alg->cra_module), 118 strscpy(ualg->cru_module_name, module_name(alg->cra_module),
168 sizeof(ualg->cru_module_name)); 119 sizeof(ualg->cru_module_name));
169 120
170 ualg->cru_type = 0; 121 ualg->cru_type = 0;
@@ -177,9 +128,9 @@ static int crypto_report_one(struct crypto_alg *alg,
177 if (alg->cra_flags & CRYPTO_ALG_LARVAL) { 128 if (alg->cra_flags & CRYPTO_ALG_LARVAL) {
178 struct crypto_report_larval rl; 129 struct crypto_report_larval rl;
179 130
180 strncpy(rl.type, "larval", sizeof(rl.type)); 131 memset(&rl, 0, sizeof(rl));
181 if (nla_put(skb, CRYPTOCFGA_REPORT_LARVAL, 132 strscpy(rl.type, "larval", sizeof(rl.type));
182 sizeof(struct crypto_report_larval), &rl)) 133 if (nla_put(skb, CRYPTOCFGA_REPORT_LARVAL, sizeof(rl), &rl))
183 goto nla_put_failure; 134 goto nla_put_failure;
184 goto out; 135 goto out;
185 } 136 }
@@ -202,20 +153,6 @@ static int crypto_report_one(struct crypto_alg *alg,
202 goto nla_put_failure; 153 goto nla_put_failure;
203 154
204 break; 155 break;
205 case CRYPTO_ALG_TYPE_ACOMPRESS:
206 if (crypto_report_acomp(skb, alg))
207 goto nla_put_failure;
208
209 break;
210 case CRYPTO_ALG_TYPE_AKCIPHER:
211 if (crypto_report_akcipher(skb, alg))
212 goto nla_put_failure;
213
214 break;
215 case CRYPTO_ALG_TYPE_KPP:
216 if (crypto_report_kpp(skb, alg))
217 goto nla_put_failure;
218 break;
219 } 156 }
220 157
221out: 158out:
@@ -294,30 +231,33 @@ drop_alg:
294 231
295static int crypto_dump_report(struct sk_buff *skb, struct netlink_callback *cb) 232static int crypto_dump_report(struct sk_buff *skb, struct netlink_callback *cb)
296{ 233{
297 struct crypto_alg *alg; 234 const size_t start_pos = cb->args[0];
235 size_t pos = 0;
298 struct crypto_dump_info info; 236 struct crypto_dump_info info;
299 int err; 237 struct crypto_alg *alg;
300 238 int res;
301 if (cb->args[0])
302 goto out;
303
304 cb->args[0] = 1;
305 239
306 info.in_skb = cb->skb; 240 info.in_skb = cb->skb;
307 info.out_skb = skb; 241 info.out_skb = skb;
308 info.nlmsg_seq = cb->nlh->nlmsg_seq; 242 info.nlmsg_seq = cb->nlh->nlmsg_seq;
309 info.nlmsg_flags = NLM_F_MULTI; 243 info.nlmsg_flags = NLM_F_MULTI;
310 244
245 down_read(&crypto_alg_sem);
311 list_for_each_entry(alg, &crypto_alg_list, cra_list) { 246 list_for_each_entry(alg, &crypto_alg_list, cra_list) {
312 err = crypto_report_alg(alg, &info); 247 if (pos >= start_pos) {
313 if (err) 248 res = crypto_report_alg(alg, &info);
314 goto out_err; 249 if (res == -EMSGSIZE)
250 break;
251 if (res)
252 goto out;
253 }
254 pos++;
315 } 255 }
316 256 cb->args[0] = pos;
257 res = skb->len;
317out: 258out:
318 return skb->len; 259 up_read(&crypto_alg_sem);
319out_err: 260 return res;
320 return err;
321} 261}
322 262
323static int crypto_dump_report_done(struct netlink_callback *cb) 263static int crypto_dump_report_done(struct netlink_callback *cb)
@@ -483,9 +423,7 @@ static const struct crypto_link {
483 .dump = crypto_dump_report, 423 .dump = crypto_dump_report,
484 .done = crypto_dump_report_done}, 424 .done = crypto_dump_report_done},
485 [CRYPTO_MSG_DELRNG - CRYPTO_MSG_BASE] = { .doit = crypto_del_rng }, 425 [CRYPTO_MSG_DELRNG - CRYPTO_MSG_BASE] = { .doit = crypto_del_rng },
486 [CRYPTO_MSG_GETSTAT - CRYPTO_MSG_BASE] = { .doit = crypto_reportstat, 426 [CRYPTO_MSG_GETSTAT - CRYPTO_MSG_BASE] = { .doit = crypto_reportstat},
487 .dump = crypto_dump_reportstat,
488 .done = crypto_dump_reportstat_done},
489}; 427};
490 428
491static int crypto_user_rcv_msg(struct sk_buff *skb, struct nlmsghdr *nlh, 429static int crypto_user_rcv_msg(struct sk_buff *skb, struct nlmsghdr *nlh,
@@ -505,7 +443,7 @@ static int crypto_user_rcv_msg(struct sk_buff *skb, struct nlmsghdr *nlh,
505 if ((type == (CRYPTO_MSG_GETALG - CRYPTO_MSG_BASE) && 443 if ((type == (CRYPTO_MSG_GETALG - CRYPTO_MSG_BASE) &&
506 (nlh->nlmsg_flags & NLM_F_DUMP))) { 444 (nlh->nlmsg_flags & NLM_F_DUMP))) {
507 struct crypto_alg *alg; 445 struct crypto_alg *alg;
508 u16 dump_alloc = 0; 446 unsigned long dump_alloc = 0;
509 447
510 if (link->dump == NULL) 448 if (link->dump == NULL)
511 return -EINVAL; 449 return -EINVAL;
@@ -513,16 +451,16 @@ static int crypto_user_rcv_msg(struct sk_buff *skb, struct nlmsghdr *nlh,
513 down_read(&crypto_alg_sem); 451 down_read(&crypto_alg_sem);
514 list_for_each_entry(alg, &crypto_alg_list, cra_list) 452 list_for_each_entry(alg, &crypto_alg_list, cra_list)
515 dump_alloc += CRYPTO_REPORT_MAXSIZE; 453 dump_alloc += CRYPTO_REPORT_MAXSIZE;
454 up_read(&crypto_alg_sem);
516 455
517 { 456 {
518 struct netlink_dump_control c = { 457 struct netlink_dump_control c = {
519 .dump = link->dump, 458 .dump = link->dump,
520 .done = link->done, 459 .done = link->done,
521 .min_dump_alloc = dump_alloc, 460 .min_dump_alloc = min(dump_alloc, 65535UL),
522 }; 461 };
523 err = netlink_dump_start(crypto_nlsk, skb, nlh, &c); 462 err = netlink_dump_start(crypto_nlsk, skb, nlh, &c);
524 } 463 }
525 up_read(&crypto_alg_sem);
526 464
527 return err; 465 return err;
528 } 466 }
diff --git a/crypto/crypto_user_stat.c b/crypto/crypto_user_stat.c
index 1dfaa0ccd555..3e9a53233d80 100644
--- a/crypto/crypto_user_stat.c
+++ b/crypto/crypto_user_stat.c
@@ -33,260 +33,149 @@ struct crypto_dump_info {
33 33
34static int crypto_report_aead(struct sk_buff *skb, struct crypto_alg *alg) 34static int crypto_report_aead(struct sk_buff *skb, struct crypto_alg *alg)
35{ 35{
36 struct crypto_stat raead; 36 struct crypto_stat_aead raead;
37 u64 v64;
38 u32 v32;
39 37
40 memset(&raead, 0, sizeof(raead)); 38 memset(&raead, 0, sizeof(raead));
41 39
42 strncpy(raead.type, "aead", sizeof(raead.type)); 40 strscpy(raead.type, "aead", sizeof(raead.type));
43
44 v32 = atomic_read(&alg->encrypt_cnt);
45 raead.stat_encrypt_cnt = v32;
46 v64 = atomic64_read(&alg->encrypt_tlen);
47 raead.stat_encrypt_tlen = v64;
48 v32 = atomic_read(&alg->decrypt_cnt);
49 raead.stat_decrypt_cnt = v32;
50 v64 = atomic64_read(&alg->decrypt_tlen);
51 raead.stat_decrypt_tlen = v64;
52 v32 = atomic_read(&alg->aead_err_cnt);
53 raead.stat_aead_err_cnt = v32;
54
55 if (nla_put(skb, CRYPTOCFGA_STAT_AEAD,
56 sizeof(struct crypto_stat), &raead))
57 goto nla_put_failure;
58 return 0;
59 41
60nla_put_failure: 42 raead.stat_encrypt_cnt = atomic64_read(&alg->stats.aead.encrypt_cnt);
61 return -EMSGSIZE; 43 raead.stat_encrypt_tlen = atomic64_read(&alg->stats.aead.encrypt_tlen);
44 raead.stat_decrypt_cnt = atomic64_read(&alg->stats.aead.decrypt_cnt);
45 raead.stat_decrypt_tlen = atomic64_read(&alg->stats.aead.decrypt_tlen);
46 raead.stat_err_cnt = atomic64_read(&alg->stats.aead.err_cnt);
47
48 return nla_put(skb, CRYPTOCFGA_STAT_AEAD, sizeof(raead), &raead);
62} 49}
63 50
64static int crypto_report_cipher(struct sk_buff *skb, struct crypto_alg *alg) 51static int crypto_report_cipher(struct sk_buff *skb, struct crypto_alg *alg)
65{ 52{
66 struct crypto_stat rcipher; 53 struct crypto_stat_cipher rcipher;
67 u64 v64;
68 u32 v32;
69 54
70 memset(&rcipher, 0, sizeof(rcipher)); 55 memset(&rcipher, 0, sizeof(rcipher));
71 56
72 strlcpy(rcipher.type, "cipher", sizeof(rcipher.type)); 57 strscpy(rcipher.type, "cipher", sizeof(rcipher.type));
73
74 v32 = atomic_read(&alg->encrypt_cnt);
75 rcipher.stat_encrypt_cnt = v32;
76 v64 = atomic64_read(&alg->encrypt_tlen);
77 rcipher.stat_encrypt_tlen = v64;
78 v32 = atomic_read(&alg->decrypt_cnt);
79 rcipher.stat_decrypt_cnt = v32;
80 v64 = atomic64_read(&alg->decrypt_tlen);
81 rcipher.stat_decrypt_tlen = v64;
82 v32 = atomic_read(&alg->cipher_err_cnt);
83 rcipher.stat_cipher_err_cnt = v32;
84
85 if (nla_put(skb, CRYPTOCFGA_STAT_CIPHER,
86 sizeof(struct crypto_stat), &rcipher))
87 goto nla_put_failure;
88 return 0;
89 58
90nla_put_failure: 59 rcipher.stat_encrypt_cnt = atomic64_read(&alg->stats.cipher.encrypt_cnt);
91 return -EMSGSIZE; 60 rcipher.stat_encrypt_tlen = atomic64_read(&alg->stats.cipher.encrypt_tlen);
61 rcipher.stat_decrypt_cnt = atomic64_read(&alg->stats.cipher.decrypt_cnt);
62 rcipher.stat_decrypt_tlen = atomic64_read(&alg->stats.cipher.decrypt_tlen);
63 rcipher.stat_err_cnt = atomic64_read(&alg->stats.cipher.err_cnt);
64
65 return nla_put(skb, CRYPTOCFGA_STAT_CIPHER, sizeof(rcipher), &rcipher);
92} 66}
93 67
94static int crypto_report_comp(struct sk_buff *skb, struct crypto_alg *alg) 68static int crypto_report_comp(struct sk_buff *skb, struct crypto_alg *alg)
95{ 69{
96 struct crypto_stat rcomp; 70 struct crypto_stat_compress rcomp;
97 u64 v64;
98 u32 v32;
99 71
100 memset(&rcomp, 0, sizeof(rcomp)); 72 memset(&rcomp, 0, sizeof(rcomp));
101 73
102 strlcpy(rcomp.type, "compression", sizeof(rcomp.type)); 74 strscpy(rcomp.type, "compression", sizeof(rcomp.type));
103 v32 = atomic_read(&alg->compress_cnt); 75 rcomp.stat_compress_cnt = atomic64_read(&alg->stats.compress.compress_cnt);
104 rcomp.stat_compress_cnt = v32; 76 rcomp.stat_compress_tlen = atomic64_read(&alg->stats.compress.compress_tlen);
105 v64 = atomic64_read(&alg->compress_tlen); 77 rcomp.stat_decompress_cnt = atomic64_read(&alg->stats.compress.decompress_cnt);
106 rcomp.stat_compress_tlen = v64; 78 rcomp.stat_decompress_tlen = atomic64_read(&alg->stats.compress.decompress_tlen);
107 v32 = atomic_read(&alg->decompress_cnt); 79 rcomp.stat_err_cnt = atomic64_read(&alg->stats.compress.err_cnt);
108 rcomp.stat_decompress_cnt = v32;
109 v64 = atomic64_read(&alg->decompress_tlen);
110 rcomp.stat_decompress_tlen = v64;
111 v32 = atomic_read(&alg->cipher_err_cnt);
112 rcomp.stat_compress_err_cnt = v32;
113
114 if (nla_put(skb, CRYPTOCFGA_STAT_COMPRESS,
115 sizeof(struct crypto_stat), &rcomp))
116 goto nla_put_failure;
117 return 0;
118 80
119nla_put_failure: 81 return nla_put(skb, CRYPTOCFGA_STAT_COMPRESS, sizeof(rcomp), &rcomp);
120 return -EMSGSIZE;
121} 82}
122 83
123static int crypto_report_acomp(struct sk_buff *skb, struct crypto_alg *alg) 84static int crypto_report_acomp(struct sk_buff *skb, struct crypto_alg *alg)
124{ 85{
125 struct crypto_stat racomp; 86 struct crypto_stat_compress racomp;
126 u64 v64;
127 u32 v32;
128 87
129 memset(&racomp, 0, sizeof(racomp)); 88 memset(&racomp, 0, sizeof(racomp));
130 89
131 strlcpy(racomp.type, "acomp", sizeof(racomp.type)); 90 strscpy(racomp.type, "acomp", sizeof(racomp.type));
132 v32 = atomic_read(&alg->compress_cnt); 91 racomp.stat_compress_cnt = atomic64_read(&alg->stats.compress.compress_cnt);
133 racomp.stat_compress_cnt = v32; 92 racomp.stat_compress_tlen = atomic64_read(&alg->stats.compress.compress_tlen);
134 v64 = atomic64_read(&alg->compress_tlen); 93 racomp.stat_decompress_cnt = atomic64_read(&alg->stats.compress.decompress_cnt);
135 racomp.stat_compress_tlen = v64; 94 racomp.stat_decompress_tlen = atomic64_read(&alg->stats.compress.decompress_tlen);
136 v32 = atomic_read(&alg->decompress_cnt); 95 racomp.stat_err_cnt = atomic64_read(&alg->stats.compress.err_cnt);
137 racomp.stat_decompress_cnt = v32;
138 v64 = atomic64_read(&alg->decompress_tlen);
139 racomp.stat_decompress_tlen = v64;
140 v32 = atomic_read(&alg->cipher_err_cnt);
141 racomp.stat_compress_err_cnt = v32;
142
143 if (nla_put(skb, CRYPTOCFGA_STAT_ACOMP,
144 sizeof(struct crypto_stat), &racomp))
145 goto nla_put_failure;
146 return 0;
147 96
148nla_put_failure: 97 return nla_put(skb, CRYPTOCFGA_STAT_ACOMP, sizeof(racomp), &racomp);
149 return -EMSGSIZE;
150} 98}
151 99
152static int crypto_report_akcipher(struct sk_buff *skb, struct crypto_alg *alg) 100static int crypto_report_akcipher(struct sk_buff *skb, struct crypto_alg *alg)
153{ 101{
154 struct crypto_stat rakcipher; 102 struct crypto_stat_akcipher rakcipher;
155 u64 v64;
156 u32 v32;
157 103
158 memset(&rakcipher, 0, sizeof(rakcipher)); 104 memset(&rakcipher, 0, sizeof(rakcipher));
159 105
160 strncpy(rakcipher.type, "akcipher", sizeof(rakcipher.type)); 106 strscpy(rakcipher.type, "akcipher", sizeof(rakcipher.type));
161 v32 = atomic_read(&alg->encrypt_cnt); 107 rakcipher.stat_encrypt_cnt = atomic64_read(&alg->stats.akcipher.encrypt_cnt);
162 rakcipher.stat_encrypt_cnt = v32; 108 rakcipher.stat_encrypt_tlen = atomic64_read(&alg->stats.akcipher.encrypt_tlen);
163 v64 = atomic64_read(&alg->encrypt_tlen); 109 rakcipher.stat_decrypt_cnt = atomic64_read(&alg->stats.akcipher.decrypt_cnt);
164 rakcipher.stat_encrypt_tlen = v64; 110 rakcipher.stat_decrypt_tlen = atomic64_read(&alg->stats.akcipher.decrypt_tlen);
165 v32 = atomic_read(&alg->decrypt_cnt); 111 rakcipher.stat_sign_cnt = atomic64_read(&alg->stats.akcipher.sign_cnt);
166 rakcipher.stat_decrypt_cnt = v32; 112 rakcipher.stat_verify_cnt = atomic64_read(&alg->stats.akcipher.verify_cnt);
167 v64 = atomic64_read(&alg->decrypt_tlen); 113 rakcipher.stat_err_cnt = atomic64_read(&alg->stats.akcipher.err_cnt);
168 rakcipher.stat_decrypt_tlen = v64; 114
169 v32 = atomic_read(&alg->sign_cnt); 115 return nla_put(skb, CRYPTOCFGA_STAT_AKCIPHER,
170 rakcipher.stat_sign_cnt = v32; 116 sizeof(rakcipher), &rakcipher);
171 v32 = atomic_read(&alg->verify_cnt);
172 rakcipher.stat_verify_cnt = v32;
173 v32 = atomic_read(&alg->akcipher_err_cnt);
174 rakcipher.stat_akcipher_err_cnt = v32;
175
176 if (nla_put(skb, CRYPTOCFGA_STAT_AKCIPHER,
177 sizeof(struct crypto_stat), &rakcipher))
178 goto nla_put_failure;
179 return 0;
180
181nla_put_failure:
182 return -EMSGSIZE;
183} 117}
184 118
185static int crypto_report_kpp(struct sk_buff *skb, struct crypto_alg *alg) 119static int crypto_report_kpp(struct sk_buff *skb, struct crypto_alg *alg)
186{ 120{
187 struct crypto_stat rkpp; 121 struct crypto_stat_kpp rkpp;
188 u32 v;
189 122
190 memset(&rkpp, 0, sizeof(rkpp)); 123 memset(&rkpp, 0, sizeof(rkpp));
191 124
192 strlcpy(rkpp.type, "kpp", sizeof(rkpp.type)); 125 strscpy(rkpp.type, "kpp", sizeof(rkpp.type));
193
194 v = atomic_read(&alg->setsecret_cnt);
195 rkpp.stat_setsecret_cnt = v;
196 v = atomic_read(&alg->generate_public_key_cnt);
197 rkpp.stat_generate_public_key_cnt = v;
198 v = atomic_read(&alg->compute_shared_secret_cnt);
199 rkpp.stat_compute_shared_secret_cnt = v;
200 v = atomic_read(&alg->kpp_err_cnt);
201 rkpp.stat_kpp_err_cnt = v;
202 126
203 if (nla_put(skb, CRYPTOCFGA_STAT_KPP, 127 rkpp.stat_setsecret_cnt = atomic64_read(&alg->stats.kpp.setsecret_cnt);
204 sizeof(struct crypto_stat), &rkpp)) 128 rkpp.stat_generate_public_key_cnt = atomic64_read(&alg->stats.kpp.generate_public_key_cnt);
205 goto nla_put_failure; 129 rkpp.stat_compute_shared_secret_cnt = atomic64_read(&alg->stats.kpp.compute_shared_secret_cnt);
206 return 0; 130 rkpp.stat_err_cnt = atomic64_read(&alg->stats.kpp.err_cnt);
207 131
208nla_put_failure: 132 return nla_put(skb, CRYPTOCFGA_STAT_KPP, sizeof(rkpp), &rkpp);
209 return -EMSGSIZE;
210} 133}
211 134
212static int crypto_report_ahash(struct sk_buff *skb, struct crypto_alg *alg) 135static int crypto_report_ahash(struct sk_buff *skb, struct crypto_alg *alg)
213{ 136{
214 struct crypto_stat rhash; 137 struct crypto_stat_hash rhash;
215 u64 v64;
216 u32 v32;
217 138
218 memset(&rhash, 0, sizeof(rhash)); 139 memset(&rhash, 0, sizeof(rhash));
219 140
220 strncpy(rhash.type, "ahash", sizeof(rhash.type)); 141 strscpy(rhash.type, "ahash", sizeof(rhash.type));
221 142
222 v32 = atomic_read(&alg->hash_cnt); 143 rhash.stat_hash_cnt = atomic64_read(&alg->stats.hash.hash_cnt);
223 rhash.stat_hash_cnt = v32; 144 rhash.stat_hash_tlen = atomic64_read(&alg->stats.hash.hash_tlen);
224 v64 = atomic64_read(&alg->hash_tlen); 145 rhash.stat_err_cnt = atomic64_read(&alg->stats.hash.err_cnt);
225 rhash.stat_hash_tlen = v64;
226 v32 = atomic_read(&alg->hash_err_cnt);
227 rhash.stat_hash_err_cnt = v32;
228 146
229 if (nla_put(skb, CRYPTOCFGA_STAT_HASH, 147 return nla_put(skb, CRYPTOCFGA_STAT_HASH, sizeof(rhash), &rhash);
230 sizeof(struct crypto_stat), &rhash))
231 goto nla_put_failure;
232 return 0;
233
234nla_put_failure:
235 return -EMSGSIZE;
236} 148}
237 149
238static int crypto_report_shash(struct sk_buff *skb, struct crypto_alg *alg) 150static int crypto_report_shash(struct sk_buff *skb, struct crypto_alg *alg)
239{ 151{
240 struct crypto_stat rhash; 152 struct crypto_stat_hash rhash;
241 u64 v64;
242 u32 v32;
243 153
244 memset(&rhash, 0, sizeof(rhash)); 154 memset(&rhash, 0, sizeof(rhash));
245 155
246 strncpy(rhash.type, "shash", sizeof(rhash.type)); 156 strscpy(rhash.type, "shash", sizeof(rhash.type));
247
248 v32 = atomic_read(&alg->hash_cnt);
249 rhash.stat_hash_cnt = v32;
250 v64 = atomic64_read(&alg->hash_tlen);
251 rhash.stat_hash_tlen = v64;
252 v32 = atomic_read(&alg->hash_err_cnt);
253 rhash.stat_hash_err_cnt = v32;
254 157
255 if (nla_put(skb, CRYPTOCFGA_STAT_HASH, 158 rhash.stat_hash_cnt = atomic64_read(&alg->stats.hash.hash_cnt);
256 sizeof(struct crypto_stat), &rhash)) 159 rhash.stat_hash_tlen = atomic64_read(&alg->stats.hash.hash_tlen);
257 goto nla_put_failure; 160 rhash.stat_err_cnt = atomic64_read(&alg->stats.hash.err_cnt);
258 return 0;
259 161
260nla_put_failure: 162 return nla_put(skb, CRYPTOCFGA_STAT_HASH, sizeof(rhash), &rhash);
261 return -EMSGSIZE;
262} 163}
263 164
264static int crypto_report_rng(struct sk_buff *skb, struct crypto_alg *alg) 165static int crypto_report_rng(struct sk_buff *skb, struct crypto_alg *alg)
265{ 166{
266 struct crypto_stat rrng; 167 struct crypto_stat_rng rrng;
267 u64 v64;
268 u32 v32;
269 168
270 memset(&rrng, 0, sizeof(rrng)); 169 memset(&rrng, 0, sizeof(rrng));
271 170
272 strncpy(rrng.type, "rng", sizeof(rrng.type)); 171 strscpy(rrng.type, "rng", sizeof(rrng.type));
273 172
274 v32 = atomic_read(&alg->generate_cnt); 173 rrng.stat_generate_cnt = atomic64_read(&alg->stats.rng.generate_cnt);
275 rrng.stat_generate_cnt = v32; 174 rrng.stat_generate_tlen = atomic64_read(&alg->stats.rng.generate_tlen);
276 v64 = atomic64_read(&alg->generate_tlen); 175 rrng.stat_seed_cnt = atomic64_read(&alg->stats.rng.seed_cnt);
277 rrng.stat_generate_tlen = v64; 176 rrng.stat_err_cnt = atomic64_read(&alg->stats.rng.err_cnt);
278 v32 = atomic_read(&alg->seed_cnt);
279 rrng.stat_seed_cnt = v32;
280 v32 = atomic_read(&alg->hash_err_cnt);
281 rrng.stat_rng_err_cnt = v32;
282
283 if (nla_put(skb, CRYPTOCFGA_STAT_RNG,
284 sizeof(struct crypto_stat), &rrng))
285 goto nla_put_failure;
286 return 0;
287 177
288nla_put_failure: 178 return nla_put(skb, CRYPTOCFGA_STAT_RNG, sizeof(rrng), &rrng);
289 return -EMSGSIZE;
290} 179}
291 180
292static int crypto_reportstat_one(struct crypto_alg *alg, 181static int crypto_reportstat_one(struct crypto_alg *alg,
@@ -295,10 +184,10 @@ static int crypto_reportstat_one(struct crypto_alg *alg,
295{ 184{
296 memset(ualg, 0, sizeof(*ualg)); 185 memset(ualg, 0, sizeof(*ualg));
297 186
298 strlcpy(ualg->cru_name, alg->cra_name, sizeof(ualg->cru_name)); 187 strscpy(ualg->cru_name, alg->cra_name, sizeof(ualg->cru_name));
299 strlcpy(ualg->cru_driver_name, alg->cra_driver_name, 188 strscpy(ualg->cru_driver_name, alg->cra_driver_name,
300 sizeof(ualg->cru_driver_name)); 189 sizeof(ualg->cru_driver_name));
301 strlcpy(ualg->cru_module_name, module_name(alg->cra_module), 190 strscpy(ualg->cru_module_name, module_name(alg->cra_module),
302 sizeof(ualg->cru_module_name)); 191 sizeof(ualg->cru_module_name));
303 192
304 ualg->cru_type = 0; 193 ualg->cru_type = 0;
@@ -309,12 +198,11 @@ static int crypto_reportstat_one(struct crypto_alg *alg,
309 if (nla_put_u32(skb, CRYPTOCFGA_PRIORITY_VAL, alg->cra_priority)) 198 if (nla_put_u32(skb, CRYPTOCFGA_PRIORITY_VAL, alg->cra_priority))
310 goto nla_put_failure; 199 goto nla_put_failure;
311 if (alg->cra_flags & CRYPTO_ALG_LARVAL) { 200 if (alg->cra_flags & CRYPTO_ALG_LARVAL) {
312 struct crypto_stat rl; 201 struct crypto_stat_larval rl;
313 202
314 memset(&rl, 0, sizeof(rl)); 203 memset(&rl, 0, sizeof(rl));
315 strlcpy(rl.type, "larval", sizeof(rl.type)); 204 strscpy(rl.type, "larval", sizeof(rl.type));
316 if (nla_put(skb, CRYPTOCFGA_STAT_LARVAL, 205 if (nla_put(skb, CRYPTOCFGA_STAT_LARVAL, sizeof(rl), &rl))
317 sizeof(struct crypto_stat), &rl))
318 goto nla_put_failure; 206 goto nla_put_failure;
319 goto out; 207 goto out;
320 } 208 }
@@ -448,37 +336,4 @@ drop_alg:
448 return nlmsg_unicast(crypto_nlsk, skb, NETLINK_CB(in_skb).portid); 336 return nlmsg_unicast(crypto_nlsk, skb, NETLINK_CB(in_skb).portid);
449} 337}
450 338
451int crypto_dump_reportstat(struct sk_buff *skb, struct netlink_callback *cb)
452{
453 struct crypto_alg *alg;
454 struct crypto_dump_info info;
455 int err;
456
457 if (cb->args[0])
458 goto out;
459
460 cb->args[0] = 1;
461
462 info.in_skb = cb->skb;
463 info.out_skb = skb;
464 info.nlmsg_seq = cb->nlh->nlmsg_seq;
465 info.nlmsg_flags = NLM_F_MULTI;
466
467 list_for_each_entry(alg, &crypto_alg_list, cra_list) {
468 err = crypto_reportstat_alg(alg, &info);
469 if (err)
470 goto out_err;
471 }
472
473out:
474 return skb->len;
475out_err:
476 return err;
477}
478
479int crypto_dump_reportstat_done(struct netlink_callback *cb)
480{
481 return 0;
482}
483
484MODULE_LICENSE("GPL"); 339MODULE_LICENSE("GPL");
diff --git a/crypto/ctr.c b/crypto/ctr.c
index 435b75bd619e..30f3946efc6d 100644
--- a/crypto/ctr.c
+++ b/crypto/ctr.c
@@ -233,8 +233,6 @@ static struct crypto_instance *crypto_ctr_alloc(struct rtattr **tb)
233 inst->alg.cra_blkcipher.encrypt = crypto_ctr_crypt; 233 inst->alg.cra_blkcipher.encrypt = crypto_ctr_crypt;
234 inst->alg.cra_blkcipher.decrypt = crypto_ctr_crypt; 234 inst->alg.cra_blkcipher.decrypt = crypto_ctr_crypt;
235 235
236 inst->alg.cra_blkcipher.geniv = "chainiv";
237
238out: 236out:
239 crypto_mod_put(alg); 237 crypto_mod_put(alg);
240 return inst; 238 return inst;
diff --git a/crypto/ecc.c b/crypto/ecc.c
index 8facafd67802..ed1237115066 100644
--- a/crypto/ecc.c
+++ b/crypto/ecc.c
@@ -842,15 +842,23 @@ static void xycz_add_c(u64 *x1, u64 *y1, u64 *x2, u64 *y2, u64 *curve_prime,
842 842
843static void ecc_point_mult(struct ecc_point *result, 843static void ecc_point_mult(struct ecc_point *result,
844 const struct ecc_point *point, const u64 *scalar, 844 const struct ecc_point *point, const u64 *scalar,
845 u64 *initial_z, u64 *curve_prime, 845 u64 *initial_z, const struct ecc_curve *curve,
846 unsigned int ndigits) 846 unsigned int ndigits)
847{ 847{
848 /* R0 and R1 */ 848 /* R0 and R1 */
849 u64 rx[2][ECC_MAX_DIGITS]; 849 u64 rx[2][ECC_MAX_DIGITS];
850 u64 ry[2][ECC_MAX_DIGITS]; 850 u64 ry[2][ECC_MAX_DIGITS];
851 u64 z[ECC_MAX_DIGITS]; 851 u64 z[ECC_MAX_DIGITS];
852 u64 sk[2][ECC_MAX_DIGITS];
853 u64 *curve_prime = curve->p;
852 int i, nb; 854 int i, nb;
853 int num_bits = vli_num_bits(scalar, ndigits); 855 int num_bits;
856 int carry;
857
858 carry = vli_add(sk[0], scalar, curve->n, ndigits);
859 vli_add(sk[1], sk[0], curve->n, ndigits);
860 scalar = sk[!carry];
861 num_bits = sizeof(u64) * ndigits * 8 + 1;
854 862
855 vli_set(rx[1], point->x, ndigits); 863 vli_set(rx[1], point->x, ndigits);
856 vli_set(ry[1], point->y, ndigits); 864 vli_set(ry[1], point->y, ndigits);
@@ -904,30 +912,43 @@ static inline void ecc_swap_digits(const u64 *in, u64 *out,
904 out[i] = __swab64(in[ndigits - 1 - i]); 912 out[i] = __swab64(in[ndigits - 1 - i]);
905} 913}
906 914
907int ecc_is_key_valid(unsigned int curve_id, unsigned int ndigits, 915static int __ecc_is_key_valid(const struct ecc_curve *curve,
908 const u64 *private_key, unsigned int private_key_len) 916 const u64 *private_key, unsigned int ndigits)
909{ 917{
910 int nbytes; 918 u64 one[ECC_MAX_DIGITS] = { 1, };
911 const struct ecc_curve *curve = ecc_get_curve(curve_id); 919 u64 res[ECC_MAX_DIGITS];
912 920
913 if (!private_key) 921 if (!private_key)
914 return -EINVAL; 922 return -EINVAL;
915 923
916 nbytes = ndigits << ECC_DIGITS_TO_BYTES_SHIFT; 924 if (curve->g.ndigits != ndigits)
917
918 if (private_key_len != nbytes)
919 return -EINVAL; 925 return -EINVAL;
920 926
921 if (vli_is_zero(private_key, ndigits)) 927 /* Make sure the private key is in the range [2, n-3]. */
928 if (vli_cmp(one, private_key, ndigits) != -1)
922 return -EINVAL; 929 return -EINVAL;
923 930 vli_sub(res, curve->n, one, ndigits);
924 /* Make sure the private key is in the range [1, n-1]. */ 931 vli_sub(res, res, one, ndigits);
925 if (vli_cmp(curve->n, private_key, ndigits) != 1) 932 if (vli_cmp(res, private_key, ndigits) != 1)
926 return -EINVAL; 933 return -EINVAL;
927 934
928 return 0; 935 return 0;
929} 936}
930 937
938int ecc_is_key_valid(unsigned int curve_id, unsigned int ndigits,
939 const u64 *private_key, unsigned int private_key_len)
940{
941 int nbytes;
942 const struct ecc_curve *curve = ecc_get_curve(curve_id);
943
944 nbytes = ndigits << ECC_DIGITS_TO_BYTES_SHIFT;
945
946 if (private_key_len != nbytes)
947 return -EINVAL;
948
949 return __ecc_is_key_valid(curve, private_key, ndigits);
950}
951
931/* 952/*
932 * ECC private keys are generated using the method of extra random bits, 953 * ECC private keys are generated using the method of extra random bits,
933 * equivalent to that described in FIPS 186-4, Appendix B.4.1. 954 * equivalent to that described in FIPS 186-4, Appendix B.4.1.
@@ -971,11 +992,8 @@ int ecc_gen_privkey(unsigned int curve_id, unsigned int ndigits, u64 *privkey)
971 if (err) 992 if (err)
972 return err; 993 return err;
973 994
974 if (vli_is_zero(priv, ndigits)) 995 /* Make sure the private key is in the valid range. */
975 return -EINVAL; 996 if (__ecc_is_key_valid(curve, priv, ndigits))
976
977 /* Make sure the private key is in the range [1, n-1]. */
978 if (vli_cmp(curve->n, priv, ndigits) != 1)
979 return -EINVAL; 997 return -EINVAL;
980 998
981 ecc_swap_digits(priv, privkey, ndigits); 999 ecc_swap_digits(priv, privkey, ndigits);
@@ -1004,7 +1022,7 @@ int ecc_make_pub_key(unsigned int curve_id, unsigned int ndigits,
1004 goto out; 1022 goto out;
1005 } 1023 }
1006 1024
1007 ecc_point_mult(pk, &curve->g, priv, NULL, curve->p, ndigits); 1025 ecc_point_mult(pk, &curve->g, priv, NULL, curve, ndigits);
1008 if (ecc_point_is_zero(pk)) { 1026 if (ecc_point_is_zero(pk)) {
1009 ret = -EAGAIN; 1027 ret = -EAGAIN;
1010 goto err_free_point; 1028 goto err_free_point;
@@ -1090,7 +1108,7 @@ int crypto_ecdh_shared_secret(unsigned int curve_id, unsigned int ndigits,
1090 goto err_alloc_product; 1108 goto err_alloc_product;
1091 } 1109 }
1092 1110
1093 ecc_point_mult(product, pk, priv, rand_z, curve->p, ndigits); 1111 ecc_point_mult(product, pk, priv, rand_z, curve, ndigits);
1094 1112
1095 ecc_swap_digits(product->x, secret, ndigits); 1113 ecc_swap_digits(product->x, secret, ndigits);
1096 1114
diff --git a/crypto/hash_info.c b/crypto/hash_info.c
index 7b1e0b188ce6..1dd095e4b451 100644
--- a/crypto/hash_info.c
+++ b/crypto/hash_info.c
@@ -32,6 +32,8 @@ const char *const hash_algo_name[HASH_ALGO__LAST] = {
32 [HASH_ALGO_TGR_160] = "tgr160", 32 [HASH_ALGO_TGR_160] = "tgr160",
33 [HASH_ALGO_TGR_192] = "tgr192", 33 [HASH_ALGO_TGR_192] = "tgr192",
34 [HASH_ALGO_SM3_256] = "sm3-256", 34 [HASH_ALGO_SM3_256] = "sm3-256",
35 [HASH_ALGO_STREEBOG_256] = "streebog256",
36 [HASH_ALGO_STREEBOG_512] = "streebog512",
35}; 37};
36EXPORT_SYMBOL_GPL(hash_algo_name); 38EXPORT_SYMBOL_GPL(hash_algo_name);
37 39
@@ -54,5 +56,7 @@ const int hash_digest_size[HASH_ALGO__LAST] = {
54 [HASH_ALGO_TGR_160] = TGR160_DIGEST_SIZE, 56 [HASH_ALGO_TGR_160] = TGR160_DIGEST_SIZE,
55 [HASH_ALGO_TGR_192] = TGR192_DIGEST_SIZE, 57 [HASH_ALGO_TGR_192] = TGR192_DIGEST_SIZE,
56 [HASH_ALGO_SM3_256] = SM3256_DIGEST_SIZE, 58 [HASH_ALGO_SM3_256] = SM3256_DIGEST_SIZE,
59 [HASH_ALGO_STREEBOG_256] = STREEBOG256_DIGEST_SIZE,
60 [HASH_ALGO_STREEBOG_512] = STREEBOG512_DIGEST_SIZE,
57}; 61};
58EXPORT_SYMBOL_GPL(hash_digest_size); 62EXPORT_SYMBOL_GPL(hash_digest_size);
diff --git a/crypto/kpp.c b/crypto/kpp.c
index a90edc27af77..bc2f1006a2f7 100644
--- a/crypto/kpp.c
+++ b/crypto/kpp.c
@@ -30,15 +30,11 @@ static int crypto_kpp_report(struct sk_buff *skb, struct crypto_alg *alg)
30{ 30{
31 struct crypto_report_kpp rkpp; 31 struct crypto_report_kpp rkpp;
32 32
33 strncpy(rkpp.type, "kpp", sizeof(rkpp.type)); 33 memset(&rkpp, 0, sizeof(rkpp));
34 34
35 if (nla_put(skb, CRYPTOCFGA_REPORT_KPP, 35 strscpy(rkpp.type, "kpp", sizeof(rkpp.type));
36 sizeof(struct crypto_report_kpp), &rkpp))
37 goto nla_put_failure;
38 return 0;
39 36
40nla_put_failure: 37 return nla_put(skb, CRYPTOCFGA_REPORT_KPP, sizeof(rkpp), &rkpp);
41 return -EMSGSIZE;
42} 38}
43#else 39#else
44static int crypto_kpp_report(struct sk_buff *skb, struct crypto_alg *alg) 40static int crypto_kpp_report(struct sk_buff *skb, struct crypto_alg *alg)
diff --git a/crypto/lz4.c b/crypto/lz4.c
index 2ce2660d3519..c160dfdbf2e0 100644
--- a/crypto/lz4.c
+++ b/crypto/lz4.c
@@ -122,7 +122,6 @@ static struct crypto_alg alg_lz4 = {
122 .cra_flags = CRYPTO_ALG_TYPE_COMPRESS, 122 .cra_flags = CRYPTO_ALG_TYPE_COMPRESS,
123 .cra_ctxsize = sizeof(struct lz4_ctx), 123 .cra_ctxsize = sizeof(struct lz4_ctx),
124 .cra_module = THIS_MODULE, 124 .cra_module = THIS_MODULE,
125 .cra_list = LIST_HEAD_INIT(alg_lz4.cra_list),
126 .cra_init = lz4_init, 125 .cra_init = lz4_init,
127 .cra_exit = lz4_exit, 126 .cra_exit = lz4_exit,
128 .cra_u = { .compress = { 127 .cra_u = { .compress = {
diff --git a/crypto/lz4hc.c b/crypto/lz4hc.c
index 2be14f054daf..583b5e013d7a 100644
--- a/crypto/lz4hc.c
+++ b/crypto/lz4hc.c
@@ -123,7 +123,6 @@ static struct crypto_alg alg_lz4hc = {
123 .cra_flags = CRYPTO_ALG_TYPE_COMPRESS, 123 .cra_flags = CRYPTO_ALG_TYPE_COMPRESS,
124 .cra_ctxsize = sizeof(struct lz4hc_ctx), 124 .cra_ctxsize = sizeof(struct lz4hc_ctx),
125 .cra_module = THIS_MODULE, 125 .cra_module = THIS_MODULE,
126 .cra_list = LIST_HEAD_INIT(alg_lz4hc.cra_list),
127 .cra_init = lz4hc_init, 126 .cra_init = lz4hc_init,
128 .cra_exit = lz4hc_exit, 127 .cra_exit = lz4hc_exit,
129 .cra_u = { .compress = { 128 .cra_u = { .compress = {
diff --git a/crypto/nhpoly1305.c b/crypto/nhpoly1305.c
new file mode 100644
index 000000000000..ec831a5594d8
--- /dev/null
+++ b/crypto/nhpoly1305.c
@@ -0,0 +1,254 @@
1// SPDX-License-Identifier: GPL-2.0
2/*
3 * NHPoly1305 - ε-almost-∆-universal hash function for Adiantum
4 *
5 * Copyright 2018 Google LLC
6 */
7
8/*
9 * "NHPoly1305" is the main component of Adiantum hashing.
10 * Specifically, it is the calculation
11 *
12 * H_L ← Poly1305_{K_L}(NH_{K_N}(pad_{128}(L)))
13 *
14 * from the procedure in section 6.4 of the Adiantum paper [1]. It is an
15 * ε-almost-∆-universal (ε-∆U) hash function for equal-length inputs over
16 * Z/(2^{128}Z), where the "∆" operation is addition. It hashes 1024-byte
17 * chunks of the input with the NH hash function [2], reducing the input length
18 * by 32x. The resulting NH digests are evaluated as a polynomial in
19 * GF(2^{130}-5), like in the Poly1305 MAC [3]. Note that the polynomial
20 * evaluation by itself would suffice to achieve the ε-∆U property; NH is used
21 * for performance since it's over twice as fast as Poly1305.
22 *
23 * This is *not* a cryptographic hash function; do not use it as such!
24 *
25 * [1] Adiantum: length-preserving encryption for entry-level processors
26 * (https://eprint.iacr.org/2018/720.pdf)
27 * [2] UMAC: Fast and Secure Message Authentication
28 * (https://fastcrypto.org/umac/umac_proc.pdf)
29 * [3] The Poly1305-AES message-authentication code
30 * (https://cr.yp.to/mac/poly1305-20050329.pdf)
31 */
32
33#include <asm/unaligned.h>
34#include <crypto/algapi.h>
35#include <crypto/internal/hash.h>
36#include <crypto/nhpoly1305.h>
37#include <linux/crypto.h>
38#include <linux/kernel.h>
39#include <linux/module.h>
40
41static void nh_generic(const u32 *key, const u8 *message, size_t message_len,
42 __le64 hash[NH_NUM_PASSES])
43{
44 u64 sums[4] = { 0, 0, 0, 0 };
45
46 BUILD_BUG_ON(NH_PAIR_STRIDE != 2);
47 BUILD_BUG_ON(NH_NUM_PASSES != 4);
48
49 while (message_len) {
50 u32 m0 = get_unaligned_le32(message + 0);
51 u32 m1 = get_unaligned_le32(message + 4);
52 u32 m2 = get_unaligned_le32(message + 8);
53 u32 m3 = get_unaligned_le32(message + 12);
54
55 sums[0] += (u64)(u32)(m0 + key[ 0]) * (u32)(m2 + key[ 2]);
56 sums[1] += (u64)(u32)(m0 + key[ 4]) * (u32)(m2 + key[ 6]);
57 sums[2] += (u64)(u32)(m0 + key[ 8]) * (u32)(m2 + key[10]);
58 sums[3] += (u64)(u32)(m0 + key[12]) * (u32)(m2 + key[14]);
59 sums[0] += (u64)(u32)(m1 + key[ 1]) * (u32)(m3 + key[ 3]);
60 sums[1] += (u64)(u32)(m1 + key[ 5]) * (u32)(m3 + key[ 7]);
61 sums[2] += (u64)(u32)(m1 + key[ 9]) * (u32)(m3 + key[11]);
62 sums[3] += (u64)(u32)(m1 + key[13]) * (u32)(m3 + key[15]);
63 key += NH_MESSAGE_UNIT / sizeof(key[0]);
64 message += NH_MESSAGE_UNIT;
65 message_len -= NH_MESSAGE_UNIT;
66 }
67
68 hash[0] = cpu_to_le64(sums[0]);
69 hash[1] = cpu_to_le64(sums[1]);
70 hash[2] = cpu_to_le64(sums[2]);
71 hash[3] = cpu_to_le64(sums[3]);
72}
73
74/* Pass the next NH hash value through Poly1305 */
75static void process_nh_hash_value(struct nhpoly1305_state *state,
76 const struct nhpoly1305_key *key)
77{
78 BUILD_BUG_ON(NH_HASH_BYTES % POLY1305_BLOCK_SIZE != 0);
79
80 poly1305_core_blocks(&state->poly_state, &key->poly_key, state->nh_hash,
81 NH_HASH_BYTES / POLY1305_BLOCK_SIZE);
82}
83
84/*
85 * Feed the next portion of the source data, as a whole number of 16-byte
86 * "NH message units", through NH and Poly1305. Each NH hash is taken over
87 * 1024 bytes, except possibly the final one which is taken over a multiple of
88 * 16 bytes up to 1024. Also, in the case where data is passed in misaligned
89 * chunks, we combine partial hashes; the end result is the same either way.
90 */
91static void nhpoly1305_units(struct nhpoly1305_state *state,
92 const struct nhpoly1305_key *key,
93 const u8 *src, unsigned int srclen, nh_t nh_fn)
94{
95 do {
96 unsigned int bytes;
97
98 if (state->nh_remaining == 0) {
99 /* Starting a new NH message */
100 bytes = min_t(unsigned int, srclen, NH_MESSAGE_BYTES);
101 nh_fn(key->nh_key, src, bytes, state->nh_hash);
102 state->nh_remaining = NH_MESSAGE_BYTES - bytes;
103 } else {
104 /* Continuing a previous NH message */
105 __le64 tmp_hash[NH_NUM_PASSES];
106 unsigned int pos;
107 int i;
108
109 pos = NH_MESSAGE_BYTES - state->nh_remaining;
110 bytes = min(srclen, state->nh_remaining);
111 nh_fn(&key->nh_key[pos / 4], src, bytes, tmp_hash);
112 for (i = 0; i < NH_NUM_PASSES; i++)
113 le64_add_cpu(&state->nh_hash[i],
114 le64_to_cpu(tmp_hash[i]));
115 state->nh_remaining -= bytes;
116 }
117 if (state->nh_remaining == 0)
118 process_nh_hash_value(state, key);
119 src += bytes;
120 srclen -= bytes;
121 } while (srclen);
122}
123
124int crypto_nhpoly1305_setkey(struct crypto_shash *tfm,
125 const u8 *key, unsigned int keylen)
126{
127 struct nhpoly1305_key *ctx = crypto_shash_ctx(tfm);
128 int i;
129
130 if (keylen != NHPOLY1305_KEY_SIZE)
131 return -EINVAL;
132
133 poly1305_core_setkey(&ctx->poly_key, key);
134 key += POLY1305_BLOCK_SIZE;
135
136 for (i = 0; i < NH_KEY_WORDS; i++)
137 ctx->nh_key[i] = get_unaligned_le32(key + i * sizeof(u32));
138
139 return 0;
140}
141EXPORT_SYMBOL(crypto_nhpoly1305_setkey);
142
143int crypto_nhpoly1305_init(struct shash_desc *desc)
144{
145 struct nhpoly1305_state *state = shash_desc_ctx(desc);
146
147 poly1305_core_init(&state->poly_state);
148 state->buflen = 0;
149 state->nh_remaining = 0;
150 return 0;
151}
152EXPORT_SYMBOL(crypto_nhpoly1305_init);
153
154int crypto_nhpoly1305_update_helper(struct shash_desc *desc,
155 const u8 *src, unsigned int srclen,
156 nh_t nh_fn)
157{
158 struct nhpoly1305_state *state = shash_desc_ctx(desc);
159 const struct nhpoly1305_key *key = crypto_shash_ctx(desc->tfm);
160 unsigned int bytes;
161
162 if (state->buflen) {
163 bytes = min(srclen, (int)NH_MESSAGE_UNIT - state->buflen);
164 memcpy(&state->buffer[state->buflen], src, bytes);
165 state->buflen += bytes;
166 if (state->buflen < NH_MESSAGE_UNIT)
167 return 0;
168 nhpoly1305_units(state, key, state->buffer, NH_MESSAGE_UNIT,
169 nh_fn);
170 state->buflen = 0;
171 src += bytes;
172 srclen -= bytes;
173 }
174
175 if (srclen >= NH_MESSAGE_UNIT) {
176 bytes = round_down(srclen, NH_MESSAGE_UNIT);
177 nhpoly1305_units(state, key, src, bytes, nh_fn);
178 src += bytes;
179 srclen -= bytes;
180 }
181
182 if (srclen) {
183 memcpy(state->buffer, src, srclen);
184 state->buflen = srclen;
185 }
186 return 0;
187}
188EXPORT_SYMBOL(crypto_nhpoly1305_update_helper);
189
190int crypto_nhpoly1305_update(struct shash_desc *desc,
191 const u8 *src, unsigned int srclen)
192{
193 return crypto_nhpoly1305_update_helper(desc, src, srclen, nh_generic);
194}
195EXPORT_SYMBOL(crypto_nhpoly1305_update);
196
197int crypto_nhpoly1305_final_helper(struct shash_desc *desc, u8 *dst, nh_t nh_fn)
198{
199 struct nhpoly1305_state *state = shash_desc_ctx(desc);
200 const struct nhpoly1305_key *key = crypto_shash_ctx(desc->tfm);
201
202 if (state->buflen) {
203 memset(&state->buffer[state->buflen], 0,
204 NH_MESSAGE_UNIT - state->buflen);
205 nhpoly1305_units(state, key, state->buffer, NH_MESSAGE_UNIT,
206 nh_fn);
207 }
208
209 if (state->nh_remaining)
210 process_nh_hash_value(state, key);
211
212 poly1305_core_emit(&state->poly_state, dst);
213 return 0;
214}
215EXPORT_SYMBOL(crypto_nhpoly1305_final_helper);
216
217int crypto_nhpoly1305_final(struct shash_desc *desc, u8 *dst)
218{
219 return crypto_nhpoly1305_final_helper(desc, dst, nh_generic);
220}
221EXPORT_SYMBOL(crypto_nhpoly1305_final);
222
223static struct shash_alg nhpoly1305_alg = {
224 .base.cra_name = "nhpoly1305",
225 .base.cra_driver_name = "nhpoly1305-generic",
226 .base.cra_priority = 100,
227 .base.cra_ctxsize = sizeof(struct nhpoly1305_key),
228 .base.cra_module = THIS_MODULE,
229 .digestsize = POLY1305_DIGEST_SIZE,
230 .init = crypto_nhpoly1305_init,
231 .update = crypto_nhpoly1305_update,
232 .final = crypto_nhpoly1305_final,
233 .setkey = crypto_nhpoly1305_setkey,
234 .descsize = sizeof(struct nhpoly1305_state),
235};
236
237static int __init nhpoly1305_mod_init(void)
238{
239 return crypto_register_shash(&nhpoly1305_alg);
240}
241
242static void __exit nhpoly1305_mod_exit(void)
243{
244 crypto_unregister_shash(&nhpoly1305_alg);
245}
246
247module_init(nhpoly1305_mod_init);
248module_exit(nhpoly1305_mod_exit);
249
250MODULE_DESCRIPTION("NHPoly1305 ε-almost-∆-universal hash function");
251MODULE_LICENSE("GPL v2");
252MODULE_AUTHOR("Eric Biggers <ebiggers@google.com>");
253MODULE_ALIAS_CRYPTO("nhpoly1305");
254MODULE_ALIAS_CRYPTO("nhpoly1305-generic");
diff --git a/crypto/pcrypt.c b/crypto/pcrypt.c
index 8eb3c4c9ff67..d47cfc47b1b1 100644
--- a/crypto/pcrypt.c
+++ b/crypto/pcrypt.c
@@ -394,7 +394,7 @@ static int pcrypt_sysfs_add(struct padata_instance *pinst, const char *name)
394 int ret; 394 int ret;
395 395
396 pinst->kobj.kset = pcrypt_kset; 396 pinst->kobj.kset = pcrypt_kset;
397 ret = kobject_add(&pinst->kobj, NULL, name); 397 ret = kobject_add(&pinst->kobj, NULL, "%s", name);
398 if (!ret) 398 if (!ret)
399 kobject_uevent(&pinst->kobj, KOBJ_ADD); 399 kobject_uevent(&pinst->kobj, KOBJ_ADD);
400 400
diff --git a/crypto/poly1305_generic.c b/crypto/poly1305_generic.c
index 47d3a6b83931..2a06874204e8 100644
--- a/crypto/poly1305_generic.c
+++ b/crypto/poly1305_generic.c
@@ -38,7 +38,7 @@ int crypto_poly1305_init(struct shash_desc *desc)
38{ 38{
39 struct poly1305_desc_ctx *dctx = shash_desc_ctx(desc); 39 struct poly1305_desc_ctx *dctx = shash_desc_ctx(desc);
40 40
41 memset(dctx->h, 0, sizeof(dctx->h)); 41 poly1305_core_init(&dctx->h);
42 dctx->buflen = 0; 42 dctx->buflen = 0;
43 dctx->rset = false; 43 dctx->rset = false;
44 dctx->sset = false; 44 dctx->sset = false;
@@ -47,23 +47,16 @@ int crypto_poly1305_init(struct shash_desc *desc)
47} 47}
48EXPORT_SYMBOL_GPL(crypto_poly1305_init); 48EXPORT_SYMBOL_GPL(crypto_poly1305_init);
49 49
50static void poly1305_setrkey(struct poly1305_desc_ctx *dctx, const u8 *key) 50void poly1305_core_setkey(struct poly1305_key *key, const u8 *raw_key)
51{ 51{
52 /* r &= 0xffffffc0ffffffc0ffffffc0fffffff */ 52 /* r &= 0xffffffc0ffffffc0ffffffc0fffffff */
53 dctx->r[0] = (get_unaligned_le32(key + 0) >> 0) & 0x3ffffff; 53 key->r[0] = (get_unaligned_le32(raw_key + 0) >> 0) & 0x3ffffff;
54 dctx->r[1] = (get_unaligned_le32(key + 3) >> 2) & 0x3ffff03; 54 key->r[1] = (get_unaligned_le32(raw_key + 3) >> 2) & 0x3ffff03;
55 dctx->r[2] = (get_unaligned_le32(key + 6) >> 4) & 0x3ffc0ff; 55 key->r[2] = (get_unaligned_le32(raw_key + 6) >> 4) & 0x3ffc0ff;
56 dctx->r[3] = (get_unaligned_le32(key + 9) >> 6) & 0x3f03fff; 56 key->r[3] = (get_unaligned_le32(raw_key + 9) >> 6) & 0x3f03fff;
57 dctx->r[4] = (get_unaligned_le32(key + 12) >> 8) & 0x00fffff; 57 key->r[4] = (get_unaligned_le32(raw_key + 12) >> 8) & 0x00fffff;
58}
59
60static void poly1305_setskey(struct poly1305_desc_ctx *dctx, const u8 *key)
61{
62 dctx->s[0] = get_unaligned_le32(key + 0);
63 dctx->s[1] = get_unaligned_le32(key + 4);
64 dctx->s[2] = get_unaligned_le32(key + 8);
65 dctx->s[3] = get_unaligned_le32(key + 12);
66} 58}
59EXPORT_SYMBOL_GPL(poly1305_core_setkey);
67 60
68/* 61/*
69 * Poly1305 requires a unique key for each tag, which implies that we can't set 62 * Poly1305 requires a unique key for each tag, which implies that we can't set
@@ -75,13 +68,16 @@ unsigned int crypto_poly1305_setdesckey(struct poly1305_desc_ctx *dctx,
75{ 68{
76 if (!dctx->sset) { 69 if (!dctx->sset) {
77 if (!dctx->rset && srclen >= POLY1305_BLOCK_SIZE) { 70 if (!dctx->rset && srclen >= POLY1305_BLOCK_SIZE) {
78 poly1305_setrkey(dctx, src); 71 poly1305_core_setkey(&dctx->r, src);
79 src += POLY1305_BLOCK_SIZE; 72 src += POLY1305_BLOCK_SIZE;
80 srclen -= POLY1305_BLOCK_SIZE; 73 srclen -= POLY1305_BLOCK_SIZE;
81 dctx->rset = true; 74 dctx->rset = true;
82 } 75 }
83 if (srclen >= POLY1305_BLOCK_SIZE) { 76 if (srclen >= POLY1305_BLOCK_SIZE) {
84 poly1305_setskey(dctx, src); 77 dctx->s[0] = get_unaligned_le32(src + 0);
78 dctx->s[1] = get_unaligned_le32(src + 4);
79 dctx->s[2] = get_unaligned_le32(src + 8);
80 dctx->s[3] = get_unaligned_le32(src + 12);
85 src += POLY1305_BLOCK_SIZE; 81 src += POLY1305_BLOCK_SIZE;
86 srclen -= POLY1305_BLOCK_SIZE; 82 srclen -= POLY1305_BLOCK_SIZE;
87 dctx->sset = true; 83 dctx->sset = true;
@@ -91,41 +87,37 @@ unsigned int crypto_poly1305_setdesckey(struct poly1305_desc_ctx *dctx,
91} 87}
92EXPORT_SYMBOL_GPL(crypto_poly1305_setdesckey); 88EXPORT_SYMBOL_GPL(crypto_poly1305_setdesckey);
93 89
94static unsigned int poly1305_blocks(struct poly1305_desc_ctx *dctx, 90static void poly1305_blocks_internal(struct poly1305_state *state,
95 const u8 *src, unsigned int srclen, 91 const struct poly1305_key *key,
96 u32 hibit) 92 const void *src, unsigned int nblocks,
93 u32 hibit)
97{ 94{
98 u32 r0, r1, r2, r3, r4; 95 u32 r0, r1, r2, r3, r4;
99 u32 s1, s2, s3, s4; 96 u32 s1, s2, s3, s4;
100 u32 h0, h1, h2, h3, h4; 97 u32 h0, h1, h2, h3, h4;
101 u64 d0, d1, d2, d3, d4; 98 u64 d0, d1, d2, d3, d4;
102 unsigned int datalen;
103 99
104 if (unlikely(!dctx->sset)) { 100 if (!nblocks)
105 datalen = crypto_poly1305_setdesckey(dctx, src, srclen); 101 return;
106 src += srclen - datalen;
107 srclen = datalen;
108 }
109 102
110 r0 = dctx->r[0]; 103 r0 = key->r[0];
111 r1 = dctx->r[1]; 104 r1 = key->r[1];
112 r2 = dctx->r[2]; 105 r2 = key->r[2];
113 r3 = dctx->r[3]; 106 r3 = key->r[3];
114 r4 = dctx->r[4]; 107 r4 = key->r[4];
115 108
116 s1 = r1 * 5; 109 s1 = r1 * 5;
117 s2 = r2 * 5; 110 s2 = r2 * 5;
118 s3 = r3 * 5; 111 s3 = r3 * 5;
119 s4 = r4 * 5; 112 s4 = r4 * 5;
120 113
121 h0 = dctx->h[0]; 114 h0 = state->h[0];
122 h1 = dctx->h[1]; 115 h1 = state->h[1];
123 h2 = dctx->h[2]; 116 h2 = state->h[2];
124 h3 = dctx->h[3]; 117 h3 = state->h[3];
125 h4 = dctx->h[4]; 118 h4 = state->h[4];
126
127 while (likely(srclen >= POLY1305_BLOCK_SIZE)) {
128 119
120 do {
129 /* h += m[i] */ 121 /* h += m[i] */
130 h0 += (get_unaligned_le32(src + 0) >> 0) & 0x3ffffff; 122 h0 += (get_unaligned_le32(src + 0) >> 0) & 0x3ffffff;
131 h1 += (get_unaligned_le32(src + 3) >> 2) & 0x3ffffff; 123 h1 += (get_unaligned_le32(src + 3) >> 2) & 0x3ffffff;
@@ -154,16 +146,36 @@ static unsigned int poly1305_blocks(struct poly1305_desc_ctx *dctx,
154 h1 += h0 >> 26; h0 = h0 & 0x3ffffff; 146 h1 += h0 >> 26; h0 = h0 & 0x3ffffff;
155 147
156 src += POLY1305_BLOCK_SIZE; 148 src += POLY1305_BLOCK_SIZE;
157 srclen -= POLY1305_BLOCK_SIZE; 149 } while (--nblocks);
158 }
159 150
160 dctx->h[0] = h0; 151 state->h[0] = h0;
161 dctx->h[1] = h1; 152 state->h[1] = h1;
162 dctx->h[2] = h2; 153 state->h[2] = h2;
163 dctx->h[3] = h3; 154 state->h[3] = h3;
164 dctx->h[4] = h4; 155 state->h[4] = h4;
156}
165 157
166 return srclen; 158void poly1305_core_blocks(struct poly1305_state *state,
159 const struct poly1305_key *key,
160 const void *src, unsigned int nblocks)
161{
162 poly1305_blocks_internal(state, key, src, nblocks, 1 << 24);
163}
164EXPORT_SYMBOL_GPL(poly1305_core_blocks);
165
166static void poly1305_blocks(struct poly1305_desc_ctx *dctx,
167 const u8 *src, unsigned int srclen, u32 hibit)
168{
169 unsigned int datalen;
170
171 if (unlikely(!dctx->sset)) {
172 datalen = crypto_poly1305_setdesckey(dctx, src, srclen);
173 src += srclen - datalen;
174 srclen = datalen;
175 }
176
177 poly1305_blocks_internal(&dctx->h, &dctx->r,
178 src, srclen / POLY1305_BLOCK_SIZE, hibit);
167} 179}
168 180
169int crypto_poly1305_update(struct shash_desc *desc, 181int crypto_poly1305_update(struct shash_desc *desc,
@@ -187,9 +199,9 @@ int crypto_poly1305_update(struct shash_desc *desc,
187 } 199 }
188 200
189 if (likely(srclen >= POLY1305_BLOCK_SIZE)) { 201 if (likely(srclen >= POLY1305_BLOCK_SIZE)) {
190 bytes = poly1305_blocks(dctx, src, srclen, 1 << 24); 202 poly1305_blocks(dctx, src, srclen, 1 << 24);
191 src += srclen - bytes; 203 src += srclen - (srclen % POLY1305_BLOCK_SIZE);
192 srclen = bytes; 204 srclen %= POLY1305_BLOCK_SIZE;
193 } 205 }
194 206
195 if (unlikely(srclen)) { 207 if (unlikely(srclen)) {
@@ -201,30 +213,18 @@ int crypto_poly1305_update(struct shash_desc *desc,
201} 213}
202EXPORT_SYMBOL_GPL(crypto_poly1305_update); 214EXPORT_SYMBOL_GPL(crypto_poly1305_update);
203 215
204int crypto_poly1305_final(struct shash_desc *desc, u8 *dst) 216void poly1305_core_emit(const struct poly1305_state *state, void *dst)
205{ 217{
206 struct poly1305_desc_ctx *dctx = shash_desc_ctx(desc);
207 u32 h0, h1, h2, h3, h4; 218 u32 h0, h1, h2, h3, h4;
208 u32 g0, g1, g2, g3, g4; 219 u32 g0, g1, g2, g3, g4;
209 u32 mask; 220 u32 mask;
210 u64 f = 0;
211
212 if (unlikely(!dctx->sset))
213 return -ENOKEY;
214
215 if (unlikely(dctx->buflen)) {
216 dctx->buf[dctx->buflen++] = 1;
217 memset(dctx->buf + dctx->buflen, 0,
218 POLY1305_BLOCK_SIZE - dctx->buflen);
219 poly1305_blocks(dctx, dctx->buf, POLY1305_BLOCK_SIZE, 0);
220 }
221 221
222 /* fully carry h */ 222 /* fully carry h */
223 h0 = dctx->h[0]; 223 h0 = state->h[0];
224 h1 = dctx->h[1]; 224 h1 = state->h[1];
225 h2 = dctx->h[2]; 225 h2 = state->h[2];
226 h3 = dctx->h[3]; 226 h3 = state->h[3];
227 h4 = dctx->h[4]; 227 h4 = state->h[4];
228 228
229 h2 += (h1 >> 26); h1 = h1 & 0x3ffffff; 229 h2 += (h1 >> 26); h1 = h1 & 0x3ffffff;
230 h3 += (h2 >> 26); h2 = h2 & 0x3ffffff; 230 h3 += (h2 >> 26); h2 = h2 & 0x3ffffff;
@@ -254,16 +254,40 @@ int crypto_poly1305_final(struct shash_desc *desc, u8 *dst)
254 h4 = (h4 & mask) | g4; 254 h4 = (h4 & mask) | g4;
255 255
256 /* h = h % (2^128) */ 256 /* h = h % (2^128) */
257 h0 = (h0 >> 0) | (h1 << 26); 257 put_unaligned_le32((h0 >> 0) | (h1 << 26), dst + 0);
258 h1 = (h1 >> 6) | (h2 << 20); 258 put_unaligned_le32((h1 >> 6) | (h2 << 20), dst + 4);
259 h2 = (h2 >> 12) | (h3 << 14); 259 put_unaligned_le32((h2 >> 12) | (h3 << 14), dst + 8);
260 h3 = (h3 >> 18) | (h4 << 8); 260 put_unaligned_le32((h3 >> 18) | (h4 << 8), dst + 12);
261}
262EXPORT_SYMBOL_GPL(poly1305_core_emit);
263
264int crypto_poly1305_final(struct shash_desc *desc, u8 *dst)
265{
266 struct poly1305_desc_ctx *dctx = shash_desc_ctx(desc);
267 __le32 digest[4];
268 u64 f = 0;
269
270 if (unlikely(!dctx->sset))
271 return -ENOKEY;
272
273 if (unlikely(dctx->buflen)) {
274 dctx->buf[dctx->buflen++] = 1;
275 memset(dctx->buf + dctx->buflen, 0,
276 POLY1305_BLOCK_SIZE - dctx->buflen);
277 poly1305_blocks(dctx, dctx->buf, POLY1305_BLOCK_SIZE, 0);
278 }
279
280 poly1305_core_emit(&dctx->h, digest);
261 281
262 /* mac = (h + s) % (2^128) */ 282 /* mac = (h + s) % (2^128) */
263 f = (f >> 32) + h0 + dctx->s[0]; put_unaligned_le32(f, dst + 0); 283 f = (f >> 32) + le32_to_cpu(digest[0]) + dctx->s[0];
264 f = (f >> 32) + h1 + dctx->s[1]; put_unaligned_le32(f, dst + 4); 284 put_unaligned_le32(f, dst + 0);
265 f = (f >> 32) + h2 + dctx->s[2]; put_unaligned_le32(f, dst + 8); 285 f = (f >> 32) + le32_to_cpu(digest[1]) + dctx->s[1];
266 f = (f >> 32) + h3 + dctx->s[3]; put_unaligned_le32(f, dst + 12); 286 put_unaligned_le32(f, dst + 4);
287 f = (f >> 32) + le32_to_cpu(digest[2]) + dctx->s[2];
288 put_unaligned_le32(f, dst + 8);
289 f = (f >> 32) + le32_to_cpu(digest[3]) + dctx->s[3];
290 put_unaligned_le32(f, dst + 12);
267 291
268 return 0; 292 return 0;
269} 293}
diff --git a/crypto/rng.c b/crypto/rng.c
index 547f16ecbfb0..33c38a72bff5 100644
--- a/crypto/rng.c
+++ b/crypto/rng.c
@@ -35,9 +35,11 @@ static int crypto_default_rng_refcnt;
35 35
36int crypto_rng_reset(struct crypto_rng *tfm, const u8 *seed, unsigned int slen) 36int crypto_rng_reset(struct crypto_rng *tfm, const u8 *seed, unsigned int slen)
37{ 37{
38 struct crypto_alg *alg = tfm->base.__crt_alg;
38 u8 *buf = NULL; 39 u8 *buf = NULL;
39 int err; 40 int err;
40 41
42 crypto_stats_get(alg);
41 if (!seed && slen) { 43 if (!seed && slen) {
42 buf = kmalloc(slen, GFP_KERNEL); 44 buf = kmalloc(slen, GFP_KERNEL);
43 if (!buf) 45 if (!buf)
@@ -50,7 +52,7 @@ int crypto_rng_reset(struct crypto_rng *tfm, const u8 *seed, unsigned int slen)
50 } 52 }
51 53
52 err = crypto_rng_alg(tfm)->seed(tfm, seed, slen); 54 err = crypto_rng_alg(tfm)->seed(tfm, seed, slen);
53 crypto_stat_rng_seed(tfm, err); 55 crypto_stats_rng_seed(alg, err);
54out: 56out:
55 kzfree(buf); 57 kzfree(buf);
56 return err; 58 return err;
@@ -74,17 +76,13 @@ static int crypto_rng_report(struct sk_buff *skb, struct crypto_alg *alg)
74{ 76{
75 struct crypto_report_rng rrng; 77 struct crypto_report_rng rrng;
76 78
77 strncpy(rrng.type, "rng", sizeof(rrng.type)); 79 memset(&rrng, 0, sizeof(rrng));
78 80
79 rrng.seedsize = seedsize(alg); 81 strscpy(rrng.type, "rng", sizeof(rrng.type));
80 82
81 if (nla_put(skb, CRYPTOCFGA_REPORT_RNG, 83 rrng.seedsize = seedsize(alg);
82 sizeof(struct crypto_report_rng), &rrng))
83 goto nla_put_failure;
84 return 0;
85 84
86nla_put_failure: 85 return nla_put(skb, CRYPTOCFGA_REPORT_RNG, sizeof(rrng), &rrng);
87 return -EMSGSIZE;
88} 86}
89#else 87#else
90static int crypto_rng_report(struct sk_buff *skb, struct crypto_alg *alg) 88static int crypto_rng_report(struct sk_buff *skb, struct crypto_alg *alg)
diff --git a/crypto/salsa20_generic.c b/crypto/salsa20_generic.c
index 8c77bc78a09f..00fce32ae17a 100644
--- a/crypto/salsa20_generic.c
+++ b/crypto/salsa20_generic.c
@@ -159,7 +159,7 @@ static int salsa20_crypt(struct skcipher_request *req)
159 u32 state[16]; 159 u32 state[16];
160 int err; 160 int err;
161 161
162 err = skcipher_walk_virt(&walk, req, true); 162 err = skcipher_walk_virt(&walk, req, false);
163 163
164 salsa20_init(state, ctx, walk.iv); 164 salsa20_init(state, ctx, walk.iv);
165 165
diff --git a/crypto/scompress.c b/crypto/scompress.c
index 968bbcf65c94..6f8305f8c300 100644
--- a/crypto/scompress.c
+++ b/crypto/scompress.c
@@ -40,15 +40,12 @@ static int crypto_scomp_report(struct sk_buff *skb, struct crypto_alg *alg)
40{ 40{
41 struct crypto_report_comp rscomp; 41 struct crypto_report_comp rscomp;
42 42
43 strncpy(rscomp.type, "scomp", sizeof(rscomp.type)); 43 memset(&rscomp, 0, sizeof(rscomp));
44 44
45 if (nla_put(skb, CRYPTOCFGA_REPORT_COMPRESS, 45 strscpy(rscomp.type, "scomp", sizeof(rscomp.type));
46 sizeof(struct crypto_report_comp), &rscomp))
47 goto nla_put_failure;
48 return 0;
49 46
50nla_put_failure: 47 return nla_put(skb, CRYPTOCFGA_REPORT_COMPRESS,
51 return -EMSGSIZE; 48 sizeof(rscomp), &rscomp);
52} 49}
53#else 50#else
54static int crypto_scomp_report(struct sk_buff *skb, struct crypto_alg *alg) 51static int crypto_scomp_report(struct sk_buff *skb, struct crypto_alg *alg)
diff --git a/crypto/shash.c b/crypto/shash.c
index d21f04d70dce..44d297b82a8f 100644
--- a/crypto/shash.c
+++ b/crypto/shash.c
@@ -408,18 +408,14 @@ static int crypto_shash_report(struct sk_buff *skb, struct crypto_alg *alg)
408 struct crypto_report_hash rhash; 408 struct crypto_report_hash rhash;
409 struct shash_alg *salg = __crypto_shash_alg(alg); 409 struct shash_alg *salg = __crypto_shash_alg(alg);
410 410
411 strncpy(rhash.type, "shash", sizeof(rhash.type)); 411 memset(&rhash, 0, sizeof(rhash));
412
413 strscpy(rhash.type, "shash", sizeof(rhash.type));
412 414
413 rhash.blocksize = alg->cra_blocksize; 415 rhash.blocksize = alg->cra_blocksize;
414 rhash.digestsize = salg->digestsize; 416 rhash.digestsize = salg->digestsize;
415 417
416 if (nla_put(skb, CRYPTOCFGA_REPORT_HASH, 418 return nla_put(skb, CRYPTOCFGA_REPORT_HASH, sizeof(rhash), &rhash);
417 sizeof(struct crypto_report_hash), &rhash))
418 goto nla_put_failure;
419 return 0;
420
421nla_put_failure:
422 return -EMSGSIZE;
423} 419}
424#else 420#else
425static int crypto_shash_report(struct sk_buff *skb, struct crypto_alg *alg) 421static int crypto_shash_report(struct sk_buff *skb, struct crypto_alg *alg)
diff --git a/crypto/skcipher.c b/crypto/skcipher.c
index 4caab81d2d02..2a969296bc24 100644
--- a/crypto/skcipher.c
+++ b/crypto/skcipher.c
@@ -474,6 +474,8 @@ int skcipher_walk_virt(struct skcipher_walk *walk,
474{ 474{
475 int err; 475 int err;
476 476
477 might_sleep_if(req->base.flags & CRYPTO_TFM_REQ_MAY_SLEEP);
478
477 walk->flags &= ~SKCIPHER_WALK_PHYS; 479 walk->flags &= ~SKCIPHER_WALK_PHYS;
478 480
479 err = skcipher_walk_skcipher(walk, req); 481 err = skcipher_walk_skcipher(walk, req);
@@ -577,8 +579,7 @@ static unsigned int crypto_skcipher_extsize(struct crypto_alg *alg)
577 if (alg->cra_type == &crypto_blkcipher_type) 579 if (alg->cra_type == &crypto_blkcipher_type)
578 return sizeof(struct crypto_blkcipher *); 580 return sizeof(struct crypto_blkcipher *);
579 581
580 if (alg->cra_type == &crypto_ablkcipher_type || 582 if (alg->cra_type == &crypto_ablkcipher_type)
581 alg->cra_type == &crypto_givcipher_type)
582 return sizeof(struct crypto_ablkcipher *); 583 return sizeof(struct crypto_ablkcipher *);
583 584
584 return crypto_alg_extsize(alg); 585 return crypto_alg_extsize(alg);
@@ -842,8 +843,7 @@ static int crypto_skcipher_init_tfm(struct crypto_tfm *tfm)
842 if (tfm->__crt_alg->cra_type == &crypto_blkcipher_type) 843 if (tfm->__crt_alg->cra_type == &crypto_blkcipher_type)
843 return crypto_init_skcipher_ops_blkcipher(tfm); 844 return crypto_init_skcipher_ops_blkcipher(tfm);
844 845
845 if (tfm->__crt_alg->cra_type == &crypto_ablkcipher_type || 846 if (tfm->__crt_alg->cra_type == &crypto_ablkcipher_type)
846 tfm->__crt_alg->cra_type == &crypto_givcipher_type)
847 return crypto_init_skcipher_ops_ablkcipher(tfm); 847 return crypto_init_skcipher_ops_ablkcipher(tfm);
848 848
849 skcipher->setkey = skcipher_setkey; 849 skcipher->setkey = skcipher_setkey;
@@ -897,21 +897,18 @@ static int crypto_skcipher_report(struct sk_buff *skb, struct crypto_alg *alg)
897 struct skcipher_alg *skcipher = container_of(alg, struct skcipher_alg, 897 struct skcipher_alg *skcipher = container_of(alg, struct skcipher_alg,
898 base); 898 base);
899 899
900 strncpy(rblkcipher.type, "skcipher", sizeof(rblkcipher.type)); 900 memset(&rblkcipher, 0, sizeof(rblkcipher));
901 strncpy(rblkcipher.geniv, "<none>", sizeof(rblkcipher.geniv)); 901
902 strscpy(rblkcipher.type, "skcipher", sizeof(rblkcipher.type));
903 strscpy(rblkcipher.geniv, "<none>", sizeof(rblkcipher.geniv));
902 904
903 rblkcipher.blocksize = alg->cra_blocksize; 905 rblkcipher.blocksize = alg->cra_blocksize;
904 rblkcipher.min_keysize = skcipher->min_keysize; 906 rblkcipher.min_keysize = skcipher->min_keysize;
905 rblkcipher.max_keysize = skcipher->max_keysize; 907 rblkcipher.max_keysize = skcipher->max_keysize;
906 rblkcipher.ivsize = skcipher->ivsize; 908 rblkcipher.ivsize = skcipher->ivsize;
907 909
908 if (nla_put(skb, CRYPTOCFGA_REPORT_BLKCIPHER, 910 return nla_put(skb, CRYPTOCFGA_REPORT_BLKCIPHER,
909 sizeof(struct crypto_report_blkcipher), &rblkcipher)) 911 sizeof(rblkcipher), &rblkcipher);
910 goto nla_put_failure;
911 return 0;
912
913nla_put_failure:
914 return -EMSGSIZE;
915} 912}
916#else 913#else
917static int crypto_skcipher_report(struct sk_buff *skb, struct crypto_alg *alg) 914static int crypto_skcipher_report(struct sk_buff *skb, struct crypto_alg *alg)
diff --git a/crypto/streebog_generic.c b/crypto/streebog_generic.c
new file mode 100644
index 000000000000..03272a22afce
--- /dev/null
+++ b/crypto/streebog_generic.c
@@ -0,0 +1,1140 @@
1// SPDX-License-Identifier: GPL-2.0+ OR BSD-2-Clause
2/*
3 * Streebog hash function as specified by GOST R 34.11-2012 and
4 * described at https://tools.ietf.org/html/rfc6986
5 *
6 * Copyright (c) 2013 Alexey Degtyarev <alexey@renatasystems.org>
7 * Copyright (c) 2018 Vitaly Chikunov <vt@altlinux.org>
8 *
9 * This program is free software; you can redistribute it and/or modify it
10 * under the terms of the GNU General Public License as published by the Free
11 * Software Foundation; either version 2 of the License, or (at your option)
12 * any later version.
13 */
14
15#include <crypto/internal/hash.h>
16#include <linux/module.h>
17#include <linux/crypto.h>
18#include <crypto/streebog.h>
19
20static const struct streebog_uint512 buffer0 = { {
21 0, 0, 0, 0, 0, 0, 0, 0
22} };
23
24static const struct streebog_uint512 buffer512 = { {
25 cpu_to_le64(0x200), 0, 0, 0, 0, 0, 0, 0
26} };
27
28static const struct streebog_uint512 C[12] = {
29 { {
30 cpu_to_le64(0xdd806559f2a64507ULL),
31 cpu_to_le64(0x05767436cc744d23ULL),
32 cpu_to_le64(0xa2422a08a460d315ULL),
33 cpu_to_le64(0x4b7ce09192676901ULL),
34 cpu_to_le64(0x714eb88d7585c4fcULL),
35 cpu_to_le64(0x2f6a76432e45d016ULL),
36 cpu_to_le64(0xebcb2f81c0657c1fULL),
37 cpu_to_le64(0xb1085bda1ecadae9ULL)
38 } },
39 { {
40 cpu_to_le64(0xe679047021b19bb7ULL),
41 cpu_to_le64(0x55dda21bd7cbcd56ULL),
42 cpu_to_le64(0x5cb561c2db0aa7caULL),
43 cpu_to_le64(0x9ab5176b12d69958ULL),
44 cpu_to_le64(0x61d55e0f16b50131ULL),
45 cpu_to_le64(0xf3feea720a232b98ULL),
46 cpu_to_le64(0x4fe39d460f70b5d7ULL),
47 cpu_to_le64(0x6fa3b58aa99d2f1aULL)
48 } },
49 { {
50 cpu_to_le64(0x991e96f50aba0ab2ULL),
51 cpu_to_le64(0xc2b6f443867adb31ULL),
52 cpu_to_le64(0xc1c93a376062db09ULL),
53 cpu_to_le64(0xd3e20fe490359eb1ULL),
54 cpu_to_le64(0xf2ea7514b1297b7bULL),
55 cpu_to_le64(0x06f15e5f529c1f8bULL),
56 cpu_to_le64(0x0a39fc286a3d8435ULL),
57 cpu_to_le64(0xf574dcac2bce2fc7ULL)
58 } },
59 { {
60 cpu_to_le64(0x220cbebc84e3d12eULL),
61 cpu_to_le64(0x3453eaa193e837f1ULL),
62 cpu_to_le64(0xd8b71333935203beULL),
63 cpu_to_le64(0xa9d72c82ed03d675ULL),
64 cpu_to_le64(0x9d721cad685e353fULL),
65 cpu_to_le64(0x488e857e335c3c7dULL),
66 cpu_to_le64(0xf948e1a05d71e4ddULL),
67 cpu_to_le64(0xef1fdfb3e81566d2ULL)
68 } },
69 { {
70 cpu_to_le64(0x601758fd7c6cfe57ULL),
71 cpu_to_le64(0x7a56a27ea9ea63f5ULL),
72 cpu_to_le64(0xdfff00b723271a16ULL),
73 cpu_to_le64(0xbfcd1747253af5a3ULL),
74 cpu_to_le64(0x359e35d7800fffbdULL),
75 cpu_to_le64(0x7f151c1f1686104aULL),
76 cpu_to_le64(0x9a3f410c6ca92363ULL),
77 cpu_to_le64(0x4bea6bacad474799ULL)
78 } },
79 { {
80 cpu_to_le64(0xfa68407a46647d6eULL),
81 cpu_to_le64(0xbf71c57236904f35ULL),
82 cpu_to_le64(0x0af21f66c2bec6b6ULL),
83 cpu_to_le64(0xcffaa6b71c9ab7b4ULL),
84 cpu_to_le64(0x187f9ab49af08ec6ULL),
85 cpu_to_le64(0x2d66c4f95142a46cULL),
86 cpu_to_le64(0x6fa4c33b7a3039c0ULL),
87 cpu_to_le64(0xae4faeae1d3ad3d9ULL)
88 } },
89 { {
90 cpu_to_le64(0x8886564d3a14d493ULL),
91 cpu_to_le64(0x3517454ca23c4af3ULL),
92 cpu_to_le64(0x06476983284a0504ULL),
93 cpu_to_le64(0x0992abc52d822c37ULL),
94 cpu_to_le64(0xd3473e33197a93c9ULL),
95 cpu_to_le64(0x399ec6c7e6bf87c9ULL),
96 cpu_to_le64(0x51ac86febf240954ULL),
97 cpu_to_le64(0xf4c70e16eeaac5ecULL)
98 } },
99 { {
100 cpu_to_le64(0xa47f0dd4bf02e71eULL),
101 cpu_to_le64(0x36acc2355951a8d9ULL),
102 cpu_to_le64(0x69d18d2bd1a5c42fULL),
103 cpu_to_le64(0xf4892bcb929b0690ULL),
104 cpu_to_le64(0x89b4443b4ddbc49aULL),
105 cpu_to_le64(0x4eb7f8719c36de1eULL),
106 cpu_to_le64(0x03e7aa020c6e4141ULL),
107 cpu_to_le64(0x9b1f5b424d93c9a7ULL)
108 } },
109 { {
110 cpu_to_le64(0x7261445183235adbULL),
111 cpu_to_le64(0x0e38dc92cb1f2a60ULL),
112 cpu_to_le64(0x7b2b8a9aa6079c54ULL),
113 cpu_to_le64(0x800a440bdbb2ceb1ULL),
114 cpu_to_le64(0x3cd955b7e00d0984ULL),
115 cpu_to_le64(0x3a7d3a1b25894224ULL),
116 cpu_to_le64(0x944c9ad8ec165fdeULL),
117 cpu_to_le64(0x378f5a541631229bULL)
118 } },
119 { {
120 cpu_to_le64(0x74b4c7fb98459cedULL),
121 cpu_to_le64(0x3698fad1153bb6c3ULL),
122 cpu_to_le64(0x7a1e6c303b7652f4ULL),
123 cpu_to_le64(0x9fe76702af69334bULL),
124 cpu_to_le64(0x1fffe18a1b336103ULL),
125 cpu_to_le64(0x8941e71cff8a78dbULL),
126 cpu_to_le64(0x382ae548b2e4f3f3ULL),
127 cpu_to_le64(0xabbedea680056f52ULL)
128 } },
129 { {
130 cpu_to_le64(0x6bcaa4cd81f32d1bULL),
131 cpu_to_le64(0xdea2594ac06fd85dULL),
132 cpu_to_le64(0xefbacd1d7d476e98ULL),
133 cpu_to_le64(0x8a1d71efea48b9caULL),
134 cpu_to_le64(0x2001802114846679ULL),
135 cpu_to_le64(0xd8fa6bbbebab0761ULL),
136 cpu_to_le64(0x3002c6cd635afe94ULL),
137 cpu_to_le64(0x7bcd9ed0efc889fbULL)
138 } },
139 { {
140 cpu_to_le64(0x48bc924af11bd720ULL),
141 cpu_to_le64(0xfaf417d5d9b21b99ULL),
142 cpu_to_le64(0xe71da4aa88e12852ULL),
143 cpu_to_le64(0x5d80ef9d1891cc86ULL),
144 cpu_to_le64(0xf82012d430219f9bULL),
145 cpu_to_le64(0xcda43c32bcdf1d77ULL),
146 cpu_to_le64(0xd21380b00449b17aULL),
147 cpu_to_le64(0x378ee767f11631baULL)
148 } }
149};
150
151static const u8 Tau[64] = {
152 0, 8, 16, 24, 32, 40, 48, 56,
153 1, 9, 17, 25, 33, 41, 49, 57,
154 2, 10, 18, 26, 34, 42, 50, 58,
155 3, 11, 19, 27, 35, 43, 51, 59,
156 4, 12, 20, 28, 36, 44, 52, 60,
157 5, 13, 21, 29, 37, 45, 53, 61,
158 6, 14, 22, 30, 38, 46, 54, 62,
159 7, 15, 23, 31, 39, 47, 55, 63
160};
161
162static const u8 Pi[256] = {
163 252, 238, 221, 17, 207, 110, 49, 22,
164 251, 196, 250, 218, 35, 197, 4, 77,
165 233, 119, 240, 219, 147, 46, 153, 186,
166 23, 54, 241, 187, 20, 205, 95, 193,
167 249, 24, 101, 90, 226, 92, 239, 33,
168 129, 28, 60, 66, 139, 1, 142, 79,
169 5, 132, 2, 174, 227, 106, 143, 160,
170 6, 11, 237, 152, 127, 212, 211, 31,
171 235, 52, 44, 81, 234, 200, 72, 171,
172 242, 42, 104, 162, 253, 58, 206, 204,
173 181, 112, 14, 86, 8, 12, 118, 18,
174 191, 114, 19, 71, 156, 183, 93, 135,
175 21, 161, 150, 41, 16, 123, 154, 199,
176 243, 145, 120, 111, 157, 158, 178, 177,
177 50, 117, 25, 61, 255, 53, 138, 126,
178 109, 84, 198, 128, 195, 189, 13, 87,
179 223, 245, 36, 169, 62, 168, 67, 201,
180 215, 121, 214, 246, 124, 34, 185, 3,
181 224, 15, 236, 222, 122, 148, 176, 188,
182 220, 232, 40, 80, 78, 51, 10, 74,
183 167, 151, 96, 115, 30, 0, 98, 68,
184 26, 184, 56, 130, 100, 159, 38, 65,
185 173, 69, 70, 146, 39, 94, 85, 47,
186 140, 163, 165, 125, 105, 213, 149, 59,
187 7, 88, 179, 64, 134, 172, 29, 247,
188 48, 55, 107, 228, 136, 217, 231, 137,
189 225, 27, 131, 73, 76, 63, 248, 254,
190 141, 83, 170, 144, 202, 216, 133, 97,
191 32, 113, 103, 164, 45, 43, 9, 91,
192 203, 155, 37, 208, 190, 229, 108, 82,
193 89, 166, 116, 210, 230, 244, 180, 192,
194 209, 102, 175, 194, 57, 75, 99, 182
195};
196
197static const unsigned long long Ax[8][256] = {
198 {
199 0xd01f715b5c7ef8e6ULL, 0x16fa240980778325ULL, 0xa8a42e857ee049c8ULL,
200 0x6ac1068fa186465bULL, 0x6e417bd7a2e9320bULL, 0x665c8167a437daabULL,
201 0x7666681aa89617f6ULL, 0x4b959163700bdcf5ULL, 0xf14be6b78df36248ULL,
202 0xc585bd689a625cffULL, 0x9557d7fca67d82cbULL, 0x89f0b969af6dd366ULL,
203 0xb0833d48749f6c35ULL, 0xa1998c23b1ecbc7cULL, 0x8d70c431ac02a736ULL,
204 0xd6dfbc2fd0a8b69eULL, 0x37aeb3e551fa198bULL, 0x0b7d128a40b5cf9cULL,
205 0x5a8f2008b5780cbcULL, 0xedec882284e333e5ULL, 0xd25fc177d3c7c2ceULL,
206 0x5e0f5d50b61778ecULL, 0x1d873683c0c24cb9ULL, 0xad040bcbb45d208cULL,
207 0x2f89a0285b853c76ULL, 0x5732fff6791b8d58ULL, 0x3e9311439ef6ec3fULL,
208 0xc9183a809fd3c00fULL, 0x83adf3f5260a01eeULL, 0xa6791941f4e8ef10ULL,
209 0x103ae97d0ca1cd5dULL, 0x2ce948121dee1b4aULL, 0x39738421dbf2bf53ULL,
210 0x093da2a6cf0cf5b4ULL, 0xcd9847d89cbcb45fULL, 0xf9561c078b2d8ae8ULL,
211 0x9c6a755a6971777fULL, 0xbc1ebaa0712ef0c5ULL, 0x72e61542abf963a6ULL,
212 0x78bb5fde229eb12eULL, 0x14ba94250fceb90dULL, 0x844d6697630e5282ULL,
213 0x98ea08026a1e032fULL, 0xf06bbea144217f5cULL, 0xdb6263d11ccb377aULL,
214 0x641c314b2b8ee083ULL, 0x320e96ab9b4770cfULL, 0x1ee7deb986a96b85ULL,
215 0xe96cf57a878c47b5ULL, 0xfdd6615f8842feb8ULL, 0xc83862965601dd1bULL,
216 0x2ea9f83e92572162ULL, 0xf876441142ff97fcULL, 0xeb2c455608357d9dULL,
217 0x5612a7e0b0c9904cULL, 0x6c01cbfb2d500823ULL, 0x4548a6a7fa037a2dULL,
218 0xabc4c6bf388b6ef4ULL, 0xbade77d4fdf8bebdULL, 0x799b07c8eb4cac3aULL,
219 0x0c9d87e805b19cf0ULL, 0xcb588aac106afa27ULL, 0xea0c1d40c1e76089ULL,
220 0x2869354a1e816f1aULL, 0xff96d17307fbc490ULL, 0x9f0a9d602f1a5043ULL,
221 0x96373fc6e016a5f7ULL, 0x5292dab8b3a6e41cULL, 0x9b8ae0382c752413ULL,
222 0x4f15ec3b7364a8a5ULL, 0x3fb349555724f12bULL, 0xc7c50d4415db66d7ULL,
223 0x92b7429ee379d1a7ULL, 0xd37f99611a15dfdaULL, 0x231427c05e34a086ULL,
224 0xa439a96d7b51d538ULL, 0xb403401077f01865ULL, 0xdda2aea5901d7902ULL,
225 0x0a5d4a9c8967d288ULL, 0xc265280adf660f93ULL, 0x8bb0094520d4e94eULL,
226 0x2a29856691385532ULL, 0x42a833c5bf072941ULL, 0x73c64d54622b7eb2ULL,
227 0x07e095624504536cULL, 0x8a905153e906f45aULL, 0x6f6123c16b3b2f1fULL,
228 0xc6e55552dc097bc3ULL, 0x4468feb133d16739ULL, 0xe211e7f0c7398829ULL,
229 0xa2f96419f7879b40ULL, 0x19074bdbc3ad38e9ULL, 0xf4ebc3f9474e0b0cULL,
230 0x43886bd376d53455ULL, 0xd8028beb5aa01046ULL, 0x51f23282f5cdc320ULL,
231 0xe7b1c2be0d84e16dULL, 0x081dfab006dee8a0ULL, 0x3b33340d544b857bULL,
232 0x7f5bcabc679ae242ULL, 0x0edd37c48a08a6d8ULL, 0x81ed43d9a9b33bc6ULL,
233 0xb1a3655ebd4d7121ULL, 0x69a1eeb5e7ed6167ULL, 0xf6ab73d5c8f73124ULL,
234 0x1a67a3e185c61fd5ULL, 0x2dc91004d43c065eULL, 0x0240b02c8fb93a28ULL,
235 0x90f7f2b26cc0eb8fULL, 0x3cd3a16f114fd617ULL, 0xaae49ea9f15973e0ULL,
236 0x06c0cd748cd64e78ULL, 0xda423bc7d5192a6eULL, 0xc345701c16b41287ULL,
237 0x6d2193ede4821537ULL, 0xfcf639494190e3acULL, 0x7c3b228621f1c57eULL,
238 0xfb16ac2b0494b0c0ULL, 0xbf7e529a3745d7f9ULL, 0x6881b6a32e3f7c73ULL,
239 0xca78d2bad9b8e733ULL, 0xbbfe2fc2342aa3a9ULL, 0x0dbddffecc6381e4ULL,
240 0x70a6a56e2440598eULL, 0xe4d12a844befc651ULL, 0x8c509c2765d0ba22ULL,
241 0xee8c6018c28814d9ULL, 0x17da7c1f49a59e31ULL, 0x609c4c1328e194d3ULL,
242 0xb3e3d57232f44b09ULL, 0x91d7aaa4a512f69bULL, 0x0ffd6fd243dabbccULL,
243 0x50d26a943c1fde34ULL, 0x6be15e9968545b4fULL, 0x94778fea6faf9fdfULL,
244 0x2b09dd7058ea4826ULL, 0x677cd9716de5c7bfULL, 0x49d5214fffb2e6ddULL,
245 0x0360e83a466b273cULL, 0x1fc786af4f7b7691ULL, 0xa0b9d435783ea168ULL,
246 0xd49f0c035f118cb6ULL, 0x01205816c9d21d14ULL, 0xac2453dd7d8f3d98ULL,
247 0x545217cc3f70aa64ULL, 0x26b4028e9489c9c2ULL, 0xdec2469fd6765e3eULL,
248 0x04807d58036f7450ULL, 0xe5f17292823ddb45ULL, 0xf30b569b024a5860ULL,
249 0x62dcfc3fa758aefbULL, 0xe84cad6c4e5e5aa1ULL, 0xccb81fce556ea94bULL,
250 0x53b282ae7a74f908ULL, 0x1b47fbf74c1402c1ULL, 0x368eebf39828049fULL,
251 0x7afbeff2ad278b06ULL, 0xbe5e0a8cfe97caedULL, 0xcfd8f7f413058e77ULL,
252 0xf78b2bc301252c30ULL, 0x4d555c17fcdd928dULL, 0x5f2f05467fc565f8ULL,
253 0x24f4b2a21b30f3eaULL, 0x860dd6bbecb768aaULL, 0x4c750401350f8f99ULL,
254 0x0000000000000000ULL, 0xecccd0344d312ef1ULL, 0xb5231806be220571ULL,
255 0xc105c030990d28afULL, 0x653c695de25cfd97ULL, 0x159acc33c61ca419ULL,
256 0xb89ec7f872418495ULL, 0xa9847693b73254dcULL, 0x58cf90243ac13694ULL,
257 0x59efc832f3132b80ULL, 0x5c4fed7c39ae42c4ULL, 0x828dabe3efd81cfaULL,
258 0xd13f294d95ace5f2ULL, 0x7d1b7a90e823d86aULL, 0xb643f03cf849224dULL,
259 0x3df3f979d89dcb03ULL, 0x7426d836272f2ddeULL, 0xdfe21e891fa4432aULL,
260 0x3a136c1b9d99986fULL, 0xfa36f43dcd46add4ULL, 0xc025982650df35bbULL,
261 0x856d3e81aadc4f96ULL, 0xc4a5e57e53b041ebULL, 0x4708168b75ba4005ULL,
262 0xaf44bbe73be41aa4ULL, 0x971767d029c4b8e3ULL, 0xb9be9feebb939981ULL,
263 0x215497ecd18d9aaeULL, 0x316e7e91dd2c57f3ULL, 0xcef8afe2dad79363ULL,
264 0x3853dc371220a247ULL, 0x35ee03c9de4323a3ULL, 0xe6919aa8c456fc79ULL,
265 0xe05157dc4880b201ULL, 0x7bdbb7e464f59612ULL, 0x127a59518318f775ULL,
266 0x332ecebd52956ddbULL, 0x8f30741d23bb9d1eULL, 0xd922d3fd93720d52ULL,
267 0x7746300c61440ae2ULL, 0x25d4eab4d2e2eefeULL, 0x75068020eefd30caULL,
268 0x135a01474acaea61ULL, 0x304e268714fe4ae7ULL, 0xa519f17bb283c82cULL,
269 0xdc82f6b359cf6416ULL, 0x5baf781e7caa11a8ULL, 0xb2c38d64fb26561dULL,
270 0x34ce5bdf17913eb7ULL, 0x5d6fb56af07c5fd0ULL, 0x182713cd0a7f25fdULL,
271 0x9e2ac576e6c84d57ULL, 0x9aaab82ee5a73907ULL, 0xa3d93c0f3e558654ULL,
272 0x7e7b92aaae48ff56ULL, 0x872d8ead256575beULL, 0x41c8dbfff96c0e7dULL,
273 0x99ca5014a3cc1e3bULL, 0x40e883e930be1369ULL, 0x1ca76e95091051adULL,
274 0x4e35b42dbab6b5b1ULL, 0x05a0254ecabd6944ULL, 0xe1710fca8152af15ULL,
275 0xf22b0e8dcb984574ULL, 0xb763a82a319b3f59ULL, 0x63fca4296e8ab3efULL,
276 0x9d4a2d4ca0a36a6bULL, 0xe331bfe60eeb953dULL, 0xd5bf541596c391a2ULL,
277 0xf5cb9bef8e9c1618ULL, 0x46284e9dbc685d11ULL, 0x2074cffa185f87baULL,
278 0xbd3ee2b6b8fcedd1ULL, 0xae64e3f1f23607b0ULL, 0xfeb68965ce29d984ULL,
279 0x55724fdaf6a2b770ULL, 0x29496d5cd753720eULL, 0xa75941573d3af204ULL,
280 0x8e102c0bea69800aULL, 0x111ab16bc573d049ULL, 0xd7ffe439197aab8aULL,
281 0xefac380e0b5a09cdULL, 0x48f579593660fbc9ULL, 0x22347fd697e6bd92ULL,
282 0x61bc1405e13389c7ULL, 0x4ab5c975b9d9c1e1ULL, 0x80cd1bcf606126d2ULL,
283 0x7186fd78ed92449aULL, 0x93971a882aabccb3ULL, 0x88d0e17f66bfce72ULL,
284 0x27945a985d5bd4d6ULL
285 }, {
286 0xde553f8c05a811c8ULL, 0x1906b59631b4f565ULL, 0x436e70d6b1964ff7ULL,
287 0x36d343cb8b1e9d85ULL, 0x843dfacc858aab5aULL, 0xfdfc95c299bfc7f9ULL,
288 0x0f634bdea1d51fa2ULL, 0x6d458b3b76efb3cdULL, 0x85c3f77cf8593f80ULL,
289 0x3c91315fbe737cb2ULL, 0x2148b03366ace398ULL, 0x18f8b8264c6761bfULL,
290 0xc830c1c495c9fb0fULL, 0x981a76102086a0aaULL, 0xaa16012142f35760ULL,
291 0x35cc54060c763cf6ULL, 0x42907d66cc45db2dULL, 0x8203d44b965af4bcULL,
292 0x3d6f3cefc3a0e868ULL, 0xbc73ff69d292bda7ULL, 0x8722ed0102e20a29ULL,
293 0x8f8185e8cd34deb7ULL, 0x9b0561dda7ee01d9ULL, 0x5335a0193227fad6ULL,
294 0xc9cecc74e81a6fd5ULL, 0x54f5832e5c2431eaULL, 0x99e47ba05d553470ULL,
295 0xf7bee756acd226ceULL, 0x384e05a5571816fdULL, 0xd1367452a47d0e6aULL,
296 0xf29fde1c386ad85bULL, 0x320c77316275f7caULL, 0xd0c879e2d9ae9ab0ULL,
297 0xdb7406c69110ef5dULL, 0x45505e51a2461011ULL, 0xfc029872e46c5323ULL,
298 0xfa3cb6f5f7bc0cc5ULL, 0x031f17cd8768a173ULL, 0xbd8df2d9af41297dULL,
299 0x9d3b4f5ab43e5e3fULL, 0x4071671b36feee84ULL, 0x716207e7d3e3b83dULL,
300 0x48d20ff2f9283a1aULL, 0x27769eb4757cbc7eULL, 0x5c56ebc793f2e574ULL,
301 0xa48b474f9ef5dc18ULL, 0x52cbada94ff46e0cULL, 0x60c7da982d8199c6ULL,
302 0x0e9d466edc068b78ULL, 0x4eec2175eaf865fcULL, 0x550b8e9e21f7a530ULL,
303 0x6b7ba5bc653fec2bULL, 0x5eb7f1ba6949d0ddULL, 0x57ea94e3db4c9099ULL,
304 0xf640eae6d101b214ULL, 0xdd4a284182c0b0bbULL, 0xff1d8fbf6304f250ULL,
305 0xb8accb933bf9d7e8ULL, 0xe8867c478eb68c4dULL, 0x3f8e2692391bddc1ULL,
306 0xcb2fd60912a15a7cULL, 0xaec935dbab983d2fULL, 0xf55ffd2b56691367ULL,
307 0x80e2ce366ce1c115ULL, 0x179bf3f8edb27e1dULL, 0x01fe0db07dd394daULL,
308 0xda8a0b76ecc37b87ULL, 0x44ae53e1df9584cbULL, 0xb310b4b77347a205ULL,
309 0xdfab323c787b8512ULL, 0x3b511268d070b78eULL, 0x65e6e3d2b9396753ULL,
310 0x6864b271e2574d58ULL, 0x259784c98fc789d7ULL, 0x02e11a7dfabb35a9ULL,
311 0x8841a6dfa337158bULL, 0x7ade78c39b5dcdd0ULL, 0xb7cf804d9a2cc84aULL,
312 0x20b6bd831b7f7742ULL, 0x75bd331d3a88d272ULL, 0x418f6aab4b2d7a5eULL,
313 0xd9951cbb6babdaf4ULL, 0xb6318dfde7ff5c90ULL, 0x1f389b112264aa83ULL,
314 0x492c024284fbaec0ULL, 0xe33a0363c608f9a0ULL, 0x2688930408af28a4ULL,
315 0xc7538a1a341ce4adULL, 0x5da8e677ee2171aeULL, 0x8c9e92254a5c7fc4ULL,
316 0x63d8cd55aae938b5ULL, 0x29ebd8daa97a3706ULL, 0x959827b37be88aa1ULL,
317 0x1484e4356adadf6eULL, 0xa7945082199d7d6bULL, 0xbf6ce8a455fa1cd4ULL,
318 0x9cc542eac9edcae5ULL, 0x79c16f0e1c356ca3ULL, 0x89bfab6fdee48151ULL,
319 0xd4174d1830c5f0ffULL, 0x9258048415eb419dULL, 0x6139d72850520d1cULL,
320 0x6a85a80c18ec78f1ULL, 0xcd11f88e0171059aULL, 0xcceff53e7ca29140ULL,
321 0xd229639f2315af19ULL, 0x90b91ef9ef507434ULL, 0x5977d28d074a1be1ULL,
322 0x311360fce51d56b9ULL, 0xc093a92d5a1f2f91ULL, 0x1a19a25bb6dc5416ULL,
323 0xeb996b8a09de2d3eULL, 0xfee3820f1ed7668aULL, 0xd7085ad5b7ad518cULL,
324 0x7fff41890fe53345ULL, 0xec5948bd67dde602ULL, 0x2fd5f65dbaaa68e0ULL,
325 0xa5754affe32648c2ULL, 0xf8ddac880d07396cULL, 0x6fa491468c548664ULL,
326 0x0c7c5c1326bdbed1ULL, 0x4a33158f03930fb3ULL, 0x699abfc19f84d982ULL,
327 0xe4fa2054a80b329cULL, 0x6707f9af438252faULL, 0x08a368e9cfd6d49eULL,
328 0x47b1442c58fd25b8ULL, 0xbbb3dc5ebc91769bULL, 0x1665fe489061eac7ULL,
329 0x33f27a811fa66310ULL, 0x93a609346838d547ULL, 0x30ed6d4c98cec263ULL,
330 0x1dd9816cd8df9f2aULL, 0x94662a03063b1e7bULL, 0x83fdd9fbeb896066ULL,
331 0x7b207573e68e590aULL, 0x5f49fc0a149a4407ULL, 0x343259b671a5a82cULL,
332 0xfbc2bb458a6f981fULL, 0xc272b350a0a41a38ULL, 0x3aaf1fd8ada32354ULL,
333 0x6cbb868b0b3c2717ULL, 0xa2b569c88d2583feULL, 0xf180c9d1bf027928ULL,
334 0xaf37386bd64ba9f5ULL, 0x12bacab2790a8088ULL, 0x4c0d3b0810435055ULL,
335 0xb2eeb9070e9436dfULL, 0xc5b29067cea7d104ULL, 0xdcb425f1ff132461ULL,
336 0x4f122cc5972bf126ULL, 0xac282fa651230886ULL, 0xe7e537992f6393efULL,
337 0xe61b3a2952b00735ULL, 0x709c0a57ae302ce7ULL, 0xe02514ae416058d3ULL,
338 0xc44c9dd7b37445deULL, 0x5a68c5408022ba92ULL, 0x1c278cdca50c0bf0ULL,
339 0x6e5a9cf6f18712beULL, 0x86dce0b17f319ef3ULL, 0x2d34ec2040115d49ULL,
340 0x4bcd183f7e409b69ULL, 0x2815d56ad4a9a3dcULL, 0x24698979f2141d0dULL,
341 0x0000000000000000ULL, 0x1ec696a15fb73e59ULL, 0xd86b110b16784e2eULL,
342 0x8e7f8858b0e74a6dULL, 0x063e2e8713d05fe6ULL, 0xe2c40ed3bbdb6d7aULL,
343 0xb1f1aeca89fc97acULL, 0xe1db191e3cb3cc09ULL, 0x6418ee62c4eaf389ULL,
344 0xc6ad87aa49cf7077ULL, 0xd6f65765ca7ec556ULL, 0x9afb6c6dda3d9503ULL,
345 0x7ce05644888d9236ULL, 0x8d609f95378feb1eULL, 0x23a9aa4e9c17d631ULL,
346 0x6226c0e5d73aac6fULL, 0x56149953a69f0443ULL, 0xeeb852c09d66d3abULL,
347 0x2b0ac2a753c102afULL, 0x07c023376e03cb3cULL, 0x2ccae1903dc2c993ULL,
348 0xd3d76e2f5ec63bc3ULL, 0x9e2458973356ff4cULL, 0xa66a5d32644ee9b1ULL,
349 0x0a427294356de137ULL, 0x783f62be61e6f879ULL, 0x1344c70204d91452ULL,
350 0x5b96c8f0fdf12e48ULL, 0xa90916ecc59bf613ULL, 0xbe92e5142829880eULL,
351 0x727d102a548b194eULL, 0x1be7afebcb0fc0ccULL, 0x3e702b2244c8491bULL,
352 0xd5e940a84d166425ULL, 0x66f9f41f3e51c620ULL, 0xabe80c913f20c3baULL,
353 0xf07ec461c2d1edf2ULL, 0xf361d3ac45b94c81ULL, 0x0521394a94b8fe95ULL,
354 0xadd622162cf09c5cULL, 0xe97871f7f3651897ULL, 0xf4a1f09b2bba87bdULL,
355 0x095d6559b2054044ULL, 0x0bbc7f2448be75edULL, 0x2af4cf172e129675ULL,
356 0x157ae98517094bb4ULL, 0x9fda55274e856b96ULL, 0x914713499283e0eeULL,
357 0xb952c623462a4332ULL, 0x74433ead475b46a8ULL, 0x8b5eb112245fb4f8ULL,
358 0xa34b6478f0f61724ULL, 0x11a5dd7ffe6221fbULL, 0xc16da49d27ccbb4bULL,
359 0x76a224d0bde07301ULL, 0x8aa0bca2598c2022ULL, 0x4df336b86d90c48fULL,
360 0xea67663a740db9e4ULL, 0xef465f70e0b54771ULL, 0x39b008152acb8227ULL,
361 0x7d1e5bf4f55e06ecULL, 0x105bd0cf83b1b521ULL, 0x775c2960c033e7dbULL,
362 0x7e014c397236a79fULL, 0x811cc386113255cfULL, 0xeda7450d1a0e72d8ULL,
363 0x5889df3d7a998f3bULL, 0x2e2bfbedc779fc3aULL, 0xce0eef438619a4e9ULL,
364 0x372d4e7bf6cd095fULL, 0x04df34fae96b6a4fULL, 0xf923a13870d4adb6ULL,
365 0xa1aa7e050a4d228dULL, 0xa8f71b5cb84862c9ULL, 0xb52e9a306097fde3ULL,
366 0x0d8251a35b6e2a0bULL, 0x2257a7fee1c442ebULL, 0x73831d9a29588d94ULL,
367 0x51d4ba64c89ccf7fULL, 0x502ab7d4b54f5ba5ULL, 0x97793dce8153bf08ULL,
368 0xe5042de4d5d8a646ULL, 0x9687307efc802bd2ULL, 0xa05473b5779eb657ULL,
369 0xb4d097801d446939ULL, 0xcff0e2f3fbca3033ULL, 0xc38cbee0dd778ee2ULL,
370 0x464f499c252eb162ULL, 0xcad1dbb96f72cea6ULL, 0xba4dd1eec142e241ULL,
371 0xb00fa37af42f0376ULL
372 }, {
373 0xcce4cd3aa968b245ULL, 0x089d5484e80b7fafULL, 0x638246c1b3548304ULL,
374 0xd2fe0ec8c2355492ULL, 0xa7fbdf7ff2374eeeULL, 0x4df1600c92337a16ULL,
375 0x84e503ea523b12fbULL, 0x0790bbfd53ab0c4aULL, 0x198a780f38f6ea9dULL,
376 0x2ab30c8f55ec48cbULL, 0xe0f7fed6b2c49db5ULL, 0xb6ecf3f422cadbdcULL,
377 0x409c9a541358df11ULL, 0xd3ce8a56dfde3fe3ULL, 0xc3e9224312c8c1a0ULL,
378 0x0d6dfa58816ba507ULL, 0xddf3e1b179952777ULL, 0x04c02a42748bb1d9ULL,
379 0x94c2abff9f2decb8ULL, 0x4f91752da8f8acf4ULL, 0x78682befb169bf7bULL,
380 0xe1c77a48af2ff6c4ULL, 0x0c5d7ec69c80ce76ULL, 0x4cc1e4928fd81167ULL,
381 0xfeed3d24d9997b62ULL, 0x518bb6dfc3a54a23ULL, 0x6dbf2d26151f9b90ULL,
382 0xb5bc624b05ea664fULL, 0xe86aaa525acfe21aULL, 0x4801ced0fb53a0beULL,
383 0xc91463e6c00868edULL, 0x1027a815cd16fe43ULL, 0xf67069a0319204cdULL,
384 0xb04ccc976c8abce7ULL, 0xc0b9b3fc35e87c33ULL, 0xf380c77c58f2de65ULL,
385 0x50bb3241de4e2152ULL, 0xdf93f490435ef195ULL, 0xf1e0d25d62390887ULL,
386 0xaf668bfb1a3c3141ULL, 0xbc11b251f00a7291ULL, 0x73a5eed47e427d47ULL,
387 0x25bee3f6ee4c3b2eULL, 0x43cc0beb34786282ULL, 0xc824e778dde3039cULL,
388 0xf97d86d98a327728ULL, 0xf2b043e24519b514ULL, 0xe297ebf7880f4b57ULL,
389 0x3a94a49a98fab688ULL, 0x868516cb68f0c419ULL, 0xeffa11af0964ee50ULL,
390 0xa4ab4ec0d517f37dULL, 0xa9c6b498547c567aULL, 0x8e18424f80fbbbb6ULL,
391 0x0bcdc53bcf2bc23cULL, 0x137739aaea3643d0ULL, 0x2c1333ec1bac2ff0ULL,
392 0x8d48d3f0a7db0625ULL, 0x1e1ac3f26b5de6d7ULL, 0xf520f81f16b2b95eULL,
393 0x9f0f6ec450062e84ULL, 0x0130849e1deb6b71ULL, 0xd45e31ab8c7533a9ULL,
394 0x652279a2fd14e43fULL, 0x3209f01e70f1c927ULL, 0xbe71a770cac1a473ULL,
395 0x0e3d6be7a64b1894ULL, 0x7ec8148cff29d840ULL, 0xcb7476c7fac3be0fULL,
396 0x72956a4a63a91636ULL, 0x37f95ec21991138fULL, 0x9e3fea5a4ded45f5ULL,
397 0x7b38ba50964902e8ULL, 0x222e580bbde73764ULL, 0x61e253e0899f55e6ULL,
398 0xfc8d2805e352ad80ULL, 0x35994be3235ac56dULL, 0x09add01af5e014deULL,
399 0x5e8659a6780539c6ULL, 0xb17c48097161d796ULL, 0x026015213acbd6e2ULL,
400 0xd1ae9f77e515e901ULL, 0xb7dc776a3f21b0adULL, 0xaba6a1b96eb78098ULL,
401 0x9bcf4486248d9f5dULL, 0x582666c536455efdULL, 0xfdbdac9bfeb9c6f1ULL,
402 0xc47999be4163cdeaULL, 0x765540081722a7efULL, 0x3e548ed8ec710751ULL,
403 0x3d041f67cb51bac2ULL, 0x7958af71ac82d40aULL, 0x36c9da5c047a78feULL,
404 0xed9a048e33af38b2ULL, 0x26ee7249c96c86bdULL, 0x900281bdeba65d61ULL,
405 0x11172c8bd0fd9532ULL, 0xea0abf73600434f8ULL, 0x42fc8f75299309f3ULL,
406 0x34a9cf7d3eb1ae1cULL, 0x2b838811480723baULL, 0x5ce64c8742ceef24ULL,
407 0x1adae9b01fd6570eULL, 0x3c349bf9d6bad1b3ULL, 0x82453c891c7b75c0ULL,
408 0x97923a40b80d512bULL, 0x4a61dbf1c198765cULL, 0xb48ce6d518010d3eULL,
409 0xcfb45c858e480fd6ULL, 0xd933cbf30d1e96aeULL, 0xd70ea014ab558e3aULL,
410 0xc189376228031742ULL, 0x9262949cd16d8b83ULL, 0xeb3a3bed7def5f89ULL,
411 0x49314a4ee6b8cbcfULL, 0xdcc3652f647e4c06ULL, 0xda635a4c2a3e2b3dULL,
412 0x470c21a940f3d35bULL, 0x315961a157d174b4ULL, 0x6672e81dda3459acULL,
413 0x5b76f77a1165e36eULL, 0x445cb01667d36ec8ULL, 0xc5491d205c88a69bULL,
414 0x456c34887a3805b9ULL, 0xffddb9bac4721013ULL, 0x99af51a71e4649bfULL,
415 0xa15be01cbc7729d5ULL, 0x52db2760e485f7b0ULL, 0x8c78576eba306d54ULL,
416 0xae560f6507d75a30ULL, 0x95f22f6182c687c9ULL, 0x71c5fbf54489aba5ULL,
417 0xca44f259e728d57eULL, 0x88b87d2ccebbdc8dULL, 0xbab18d32be4a15aaULL,
418 0x8be8ec93e99b611eULL, 0x17b713e89ebdf209ULL, 0xb31c5d284baa0174ULL,
419 0xeeca9531148f8521ULL, 0xb8d198138481c348ULL, 0x8988f9b2d350b7fcULL,
420 0xb9e11c8d996aa839ULL, 0x5a4673e40c8e881fULL, 0x1687977683569978ULL,
421 0xbf4123eed72acf02ULL, 0x4ea1f1b3b513c785ULL, 0xe767452be16f91ffULL,
422 0x7505d1b730021a7cULL, 0xa59bca5ec8fc980cULL, 0xad069eda20f7e7a3ULL,
423 0x38f4b1bba231606aULL, 0x60d2d77e94743e97ULL, 0x9affc0183966f42cULL,
424 0x248e6768f3a7505fULL, 0xcdd449a4b483d934ULL, 0x87b59255751baf68ULL,
425 0x1bea6d2e023d3c7fULL, 0x6b1f12455b5ffcabULL, 0x743555292de9710dULL,
426 0xd8034f6d10f5fddfULL, 0xc6198c9f7ba81b08ULL, 0xbb8109aca3a17edbULL,
427 0xfa2d1766ad12cabbULL, 0xc729080166437079ULL, 0x9c5fff7b77269317ULL,
428 0x0000000000000000ULL, 0x15d706c9a47624ebULL, 0x6fdf38072fd44d72ULL,
429 0x5fb6dd3865ee52b7ULL, 0xa33bf53d86bcff37ULL, 0xe657c1b5fc84fa8eULL,
430 0xaa962527735cebe9ULL, 0x39c43525bfda0b1bULL, 0x204e4d2a872ce186ULL,
431 0x7a083ece8ba26999ULL, 0x554b9c9db72efbfaULL, 0xb22cd9b656416a05ULL,
432 0x96a2bedea5e63a5aULL, 0x802529a826b0a322ULL, 0x8115ad363b5bc853ULL,
433 0x8375b81701901eb1ULL, 0x3069e53f4a3a1fc5ULL, 0xbd2136cfede119e0ULL,
434 0x18bafc91251d81ecULL, 0x1d4a524d4c7d5b44ULL, 0x05f0aedc6960daa8ULL,
435 0x29e39d3072ccf558ULL, 0x70f57f6b5962c0d4ULL, 0x989fd53903ad22ceULL,
436 0xf84d024797d91c59ULL, 0x547b1803aac5908bULL, 0xf0d056c37fd263f6ULL,
437 0xd56eb535919e58d8ULL, 0x1c7ad6d351963035ULL, 0x2e7326cd2167f912ULL,
438 0xac361a443d1c8cd2ULL, 0x697f076461942a49ULL, 0x4b515f6fdc731d2dULL,
439 0x8ad8680df4700a6fULL, 0x41ac1eca0eb3b460ULL, 0x7d988533d80965d3ULL,
440 0xa8f6300649973d0bULL, 0x7765c4960ac9cc9eULL, 0x7ca801adc5e20ea2ULL,
441 0xdea3700e5eb59ae4ULL, 0xa06b6482a19c42a4ULL, 0x6a2f96db46b497daULL,
442 0x27def6d7d487edccULL, 0x463ca5375d18b82aULL, 0xa6cb5be1efdc259fULL,
443 0x53eba3fef96e9cc1ULL, 0xce84d81b93a364a7ULL, 0xf4107c810b59d22fULL,
444 0x333974806d1aa256ULL, 0x0f0def79bba073e5ULL, 0x231edc95a00c5c15ULL,
445 0xe437d494c64f2c6cULL, 0x91320523f64d3610ULL, 0x67426c83c7df32ddULL,
446 0x6eefbc99323f2603ULL, 0x9d6f7be56acdf866ULL, 0x5916e25b2bae358cULL,
447 0x7ff89012e2c2b331ULL, 0x035091bf2720bd93ULL, 0x561b0d22900e4669ULL,
448 0x28d319ae6f279e29ULL, 0x2f43a2533c8c9263ULL, 0xd09e1be9f8fe8270ULL,
449 0xf740ed3e2c796fbcULL, 0xdb53ded237d5404cULL, 0x62b2c25faebfe875ULL,
450 0x0afd41a5d2c0a94dULL, 0x6412fd3ce0ff8f4eULL, 0xe3a76f6995e42026ULL,
451 0x6c8fa9b808f4f0e1ULL, 0xc2d9a6dd0f23aad1ULL, 0x8f28c6d19d10d0c7ULL,
452 0x85d587744fd0798aULL, 0xa20b71a39b579446ULL, 0x684f83fa7c7f4138ULL,
453 0xe507500adba4471dULL, 0x3f640a46f19a6c20ULL, 0x1247bd34f7dd28a1ULL,
454 0x2d23b77206474481ULL, 0x93521002cc86e0f2ULL, 0x572b89bc8de52d18ULL,
455 0xfb1d93f8b0f9a1caULL, 0xe95a2ecc4724896bULL, 0x3ba420048511ddf9ULL,
456 0xd63e248ab6bee54bULL, 0x5dd6c8195f258455ULL, 0x06a03f634e40673bULL,
457 0x1f2a476c76b68da6ULL, 0x217ec9b49ac78af7ULL, 0xecaa80102e4453c3ULL,
458 0x14e78257b99d4f9aULL
459 }, {
460 0x20329b2cc87bba05ULL, 0x4f5eb6f86546a531ULL, 0xd4f44775f751b6b1ULL,
461 0x8266a47b850dfa8bULL, 0xbb986aa15a6ca985ULL, 0xc979eb08f9ae0f99ULL,
462 0x2da6f447a2375ea1ULL, 0x1e74275dcd7d8576ULL, 0xbc20180a800bc5f8ULL,
463 0xb4a2f701b2dc65beULL, 0xe726946f981b6d66ULL, 0x48e6c453bf21c94cULL,
464 0x42cad9930f0a4195ULL, 0xefa47b64aacccd20ULL, 0x71180a8960409a42ULL,
465 0x8bb3329bf6a44e0cULL, 0xd34c35de2d36daccULL, 0xa92f5b7cbc23dc96ULL,
466 0xb31a85aa68bb09c3ULL, 0x13e04836a73161d2ULL, 0xb24dfc4129c51d02ULL,
467 0x8ae44b70b7da5acdULL, 0xe671ed84d96579a7ULL, 0xa4bb3417d66f3832ULL,
468 0x4572ab38d56d2de8ULL, 0xb1b47761ea47215cULL, 0xe81c09cf70aba15dULL,
469 0xffbdb872ce7f90acULL, 0xa8782297fd5dc857ULL, 0x0d946f6b6a4ce4a4ULL,
470 0xe4df1f4f5b995138ULL, 0x9ebc71edca8c5762ULL, 0x0a2c1dc0b02b88d9ULL,
471 0x3b503c115d9d7b91ULL, 0xc64376a8111ec3a2ULL, 0xcec199a323c963e4ULL,
472 0xdc76a87ec58616f7ULL, 0x09d596e073a9b487ULL, 0x14583a9d7d560dafULL,
473 0xf4c6dc593f2a0cb4ULL, 0xdd21d19584f80236ULL, 0x4a4836983ddde1d3ULL,
474 0xe58866a41ae745f9ULL, 0xf591a5b27e541875ULL, 0x891dc05074586693ULL,
475 0x5b068c651810a89eULL, 0xa30346bc0c08544fULL, 0x3dbf3751c684032dULL,
476 0x2a1e86ec785032dcULL, 0xf73f5779fca830eaULL, 0xb60c05ca30204d21ULL,
477 0x0cc316802b32f065ULL, 0x8770241bdd96be69ULL, 0xb861e18199ee95dbULL,
478 0xf805cad91418fcd1ULL, 0x29e70dccbbd20e82ULL, 0xc7140f435060d763ULL,
479 0x0f3a9da0e8b0cc3bULL, 0xa2543f574d76408eULL, 0xbd7761e1c175d139ULL,
480 0x4b1f4f737ca3f512ULL, 0x6dc2df1f2fc137abULL, 0xf1d05c3967b14856ULL,
481 0xa742bf3715ed046cULL, 0x654030141d1697edULL, 0x07b872abda676c7dULL,
482 0x3ce84eba87fa17ecULL, 0xc1fb0403cb79afdfULL, 0x3e46bc7105063f73ULL,
483 0x278ae987121cd678ULL, 0xa1adb4778ef47cd0ULL, 0x26dd906c5362c2b9ULL,
484 0x05168060589b44e2ULL, 0xfbfc41f9d79ac08fULL, 0x0e6de44ba9ced8faULL,
485 0x9feb08068bf243a3ULL, 0x7b341749d06b129bULL, 0x229c69e74a87929aULL,
486 0xe09ee6c4427c011bULL, 0x5692e30e725c4c3aULL, 0xda99a33e5e9f6e4bULL,
487 0x353dd85af453a36bULL, 0x25241b4c90e0fee7ULL, 0x5de987258309d022ULL,
488 0xe230140fc0802984ULL, 0x93281e86a0c0b3c6ULL, 0xf229d719a4337408ULL,
489 0x6f6c2dd4ad3d1f34ULL, 0x8ea5b2fbae3f0aeeULL, 0x8331dd90c473ee4aULL,
490 0x346aa1b1b52db7aaULL, 0xdf8f235e06042aa9ULL, 0xcc6f6b68a1354b7bULL,
491 0x6c95a6f46ebf236aULL, 0x52d31a856bb91c19ULL, 0x1a35ded6d498d555ULL,
492 0xf37eaef2e54d60c9ULL, 0x72e181a9a3c2a61cULL, 0x98537aad51952fdeULL,
493 0x16f6c856ffaa2530ULL, 0xd960281e9d1d5215ULL, 0x3a0745fa1ce36f50ULL,
494 0x0b7b642bf1559c18ULL, 0x59a87eae9aec8001ULL, 0x5e100c05408bec7cULL,
495 0x0441f98b19e55023ULL, 0xd70dcc5534d38aefULL, 0x927f676de1bea707ULL,
496 0x9769e70db925e3e5ULL, 0x7a636ea29115065aULL, 0x468b201816ef11b6ULL,
497 0xab81a9b73edff409ULL, 0xc0ac7de88a07bb1eULL, 0x1f235eb68c0391b7ULL,
498 0x6056b074458dd30fULL, 0xbe8eeac102f7ed67ULL, 0xcd381283e04b5fbaULL,
499 0x5cbefecec277c4e3ULL, 0xd21b4c356c48ce0dULL, 0x1019c31664b35d8cULL,
500 0x247362a7d19eea26ULL, 0xebe582efb3299d03ULL, 0x02aef2cb82fc289fULL,
501 0x86275df09ce8aaa8ULL, 0x28b07427faac1a43ULL, 0x38a9b7319e1f47cfULL,
502 0xc82e92e3b8d01b58ULL, 0x06ef0b409b1978bcULL, 0x62f842bfc771fb90ULL,
503 0x9904034610eb3b1fULL, 0xded85ab5477a3e68ULL, 0x90d195a663428f98ULL,
504 0x5384636e2ac708d8ULL, 0xcbd719c37b522706ULL, 0xae9729d76644b0ebULL,
505 0x7c8c65e20a0c7ee6ULL, 0x80c856b007f1d214ULL, 0x8c0b40302cc32271ULL,
506 0xdbcedad51fe17a8aULL, 0x740e8ae938dbdea0ULL, 0xa615c6dc549310adULL,
507 0x19cc55f6171ae90bULL, 0x49b1bdb8fe5fdd8dULL, 0xed0a89af2830e5bfULL,
508 0x6a7aadb4f5a65bd6ULL, 0x7e22972988f05679ULL, 0xf952b3325566e810ULL,
509 0x39fecedadf61530eULL, 0x6101c99f04f3c7ceULL, 0x2e5f7f6761b562ffULL,
510 0xf08725d226cf5c97ULL, 0x63af3b54860fef51ULL, 0x8ff2cb10ef411e2fULL,
511 0x884ab9bb35267252ULL, 0x4df04433e7ba8daeULL, 0x9afd8866d3690741ULL,
512 0x66b9bb34de94abb3ULL, 0x9baaf18d92171380ULL, 0x543c11c5f0a064a5ULL,
513 0x17a1b1bdbed431f1ULL, 0xb5f58eeaf3a2717fULL, 0xc355f6c849858740ULL,
514 0xec5df044694ef17eULL, 0xd83751f5dc6346d4ULL, 0xfc4433520dfdacf2ULL,
515 0x0000000000000000ULL, 0x5a51f58e596ebc5fULL, 0x3285aaf12e34cf16ULL,
516 0x8d5c39db6dbd36b0ULL, 0x12b731dde64f7513ULL, 0x94906c2d7aa7dfbbULL,
517 0x302b583aacc8e789ULL, 0x9d45facd090e6b3cULL, 0x2165e2c78905aec4ULL,
518 0x68d45f7f775a7349ULL, 0x189b2c1d5664fdcaULL, 0xe1c99f2f030215daULL,
519 0x6983269436246788ULL, 0x8489af3b1e148237ULL, 0xe94b702431d5b59cULL,
520 0x33d2d31a6f4adbd7ULL, 0xbfd9932a4389f9a6ULL, 0xb0e30e8aab39359dULL,
521 0xd1e2c715afcaf253ULL, 0x150f43763c28196eULL, 0xc4ed846393e2eb3dULL,
522 0x03f98b20c3823c5eULL, 0xfd134ab94c83b833ULL, 0x556b682eb1de7064ULL,
523 0x36c4537a37d19f35ULL, 0x7559f30279a5ca61ULL, 0x799ae58252973a04ULL,
524 0x9c12832648707ffdULL, 0x78cd9c6913e92ec5ULL, 0x1d8dac7d0effb928ULL,
525 0x439da0784e745554ULL, 0x413352b3cc887dcbULL, 0xbacf134a1b12bd44ULL,
526 0x114ebafd25cd494dULL, 0x2f08068c20cb763eULL, 0x76a07822ba27f63fULL,
527 0xeab2fb04f25789c2ULL, 0xe3676de481fe3d45ULL, 0x1b62a73d95e6c194ULL,
528 0x641749ff5c68832cULL, 0xa5ec4dfc97112cf3ULL, 0xf6682e92bdd6242bULL,
529 0x3f11c59a44782bb2ULL, 0x317c21d1edb6f348ULL, 0xd65ab5be75ad9e2eULL,
530 0x6b2dd45fb4d84f17ULL, 0xfaab381296e4d44eULL, 0xd0b5befeeeb4e692ULL,
531 0x0882ef0b32d7a046ULL, 0x512a91a5a83b2047ULL, 0x963e9ee6f85bf724ULL,
532 0x4e09cf132438b1f0ULL, 0x77f701c9fb59e2feULL, 0x7ddb1c094b726a27ULL,
533 0x5f4775ee01f5f8bdULL, 0x9186ec4d223c9b59ULL, 0xfeeac1998f01846dULL,
534 0xac39db1ce4b89874ULL, 0xb75b7c21715e59e0ULL, 0xafc0503c273aa42aULL,
535 0x6e3b543fec430bf5ULL, 0x704f7362213e8e83ULL, 0x58ff0745db9294c0ULL,
536 0x67eec2df9feabf72ULL, 0xa0facd9ccf8a6811ULL, 0xb936986ad890811aULL,
537 0x95c715c63bd9cb7aULL, 0xca8060283a2c33c7ULL, 0x507de84ee9453486ULL,
538 0x85ded6d05f6a96f6ULL, 0x1cdad5964f81ade9ULL, 0xd5a33e9eb62fa270ULL,
539 0x40642b588df6690aULL, 0x7f75eec2c98e42b8ULL, 0x2cf18dace3494a60ULL,
540 0x23cb100c0bf9865bULL, 0xeef3028febb2d9e1ULL, 0x4425d2d394133929ULL,
541 0xaad6d05c7fa1e0c8ULL, 0xad6ea2f7a5c68cb5ULL, 0xc2028f2308fb9381ULL,
542 0x819f2f5b468fc6d5ULL, 0xc5bafd88d29cfffcULL, 0x47dc59f357910577ULL,
543 0x2b49ff07392e261dULL, 0x57c59ae5332258fbULL, 0x73b6f842e2bcb2ddULL,
544 0xcf96e04862b77725ULL, 0x4ca73dd8a6c4996fULL, 0x015779eb417e14c1ULL,
545 0x37932a9176af8bf4ULL
546 }, {
547 0x190a2c9b249df23eULL, 0x2f62f8b62263e1e9ULL, 0x7a7f754740993655ULL,
548 0x330b7ba4d5564d9fULL, 0x4c17a16a46672582ULL, 0xb22f08eb7d05f5b8ULL,
549 0x535f47f40bc148ccULL, 0x3aec5d27d4883037ULL, 0x10ed0a1825438f96ULL,
550 0x516101f72c233d17ULL, 0x13cc6f949fd04eaeULL, 0x739853c441474bfdULL,
551 0x653793d90d3f5b1bULL, 0x5240647b96b0fc2fULL, 0x0c84890ad27623e0ULL,
552 0xd7189b32703aaea3ULL, 0x2685de3523bd9c41ULL, 0x99317c5b11bffefaULL,
553 0x0d9baa854f079703ULL, 0x70b93648fbd48ac5ULL, 0xa80441fce30bc6beULL,
554 0x7287704bdc36ff1eULL, 0xb65384ed33dc1f13ULL, 0xd36417343ee34408ULL,
555 0x39cd38ab6e1bf10fULL, 0x5ab861770a1f3564ULL, 0x0ebacf09f594563bULL,
556 0xd04572b884708530ULL, 0x3cae9722bdb3af47ULL, 0x4a556b6f2f5cbaf2ULL,
557 0xe1704f1f76c4bd74ULL, 0x5ec4ed7144c6dfcfULL, 0x16afc01d4c7810e6ULL,
558 0x283f113cd629ca7aULL, 0xaf59a8761741ed2dULL, 0xeed5a3991e215facULL,
559 0x3bf37ea849f984d4ULL, 0xe413e096a56ce33cULL, 0x2c439d3a98f020d1ULL,
560 0x637559dc6404c46bULL, 0x9e6c95d1e5f5d569ULL, 0x24bb9836045fe99aULL,
561 0x44efa466dac8ecc9ULL, 0xc6eab2a5c80895d6ULL, 0x803b50c035220cc4ULL,
562 0x0321658cba93c138ULL, 0x8f9ebc465dc7ee1cULL, 0xd15a5137190131d3ULL,
563 0x0fa5ec8668e5e2d8ULL, 0x91c979578d1037b1ULL, 0x0642ca05693b9f70ULL,
564 0xefca80168350eb4fULL, 0x38d21b24f36a45ecULL, 0xbeab81e1af73d658ULL,
565 0x8cbfd9cae7542f24ULL, 0xfd19cc0d81f11102ULL, 0x0ac6430fbb4dbc90ULL,
566 0x1d76a09d6a441895ULL, 0x2a01573ff1cbbfa1ULL, 0xb572e161894fde2bULL,
567 0x8124734fa853b827ULL, 0x614b1fdf43e6b1b0ULL, 0x68ac395c4238cc18ULL,
568 0x21d837bfd7f7b7d2ULL, 0x20c714304a860331ULL, 0x5cfaab726324aa14ULL,
569 0x74c5ba4eb50d606eULL, 0xf3a3030474654739ULL, 0x23e671bcf015c209ULL,
570 0x45f087e947b9582aULL, 0xd8bd77b418df4c7bULL, 0xe06f6c90ebb50997ULL,
571 0x0bd96080263c0873ULL, 0x7e03f9410e40dcfeULL, 0xb8e94be4c6484928ULL,
572 0xfb5b0608e8ca8e72ULL, 0x1a2b49179e0e3306ULL, 0x4e29e76961855059ULL,
573 0x4f36c4e6fcf4e4baULL, 0x49740ee395cf7bcaULL, 0xc2963ea386d17f7dULL,
574 0x90d65ad810618352ULL, 0x12d34c1b02a1fa4dULL, 0xfa44258775bb3a91ULL,
575 0x18150f14b9ec46ddULL, 0x1491861e6b9a653dULL, 0x9a1019d7ab2c3fc2ULL,
576 0x3668d42d06fe13d7ULL, 0xdcc1fbb25606a6d0ULL, 0x969490dd795a1c22ULL,
577 0x3549b1a1bc6dd2efULL, 0xc94f5e23a0ed770eULL, 0xb9f6686b5b39fdcbULL,
578 0xc4d4f4a6efeae00dULL, 0xe732851a1fff2204ULL, 0x94aad6de5eb869f9ULL,
579 0x3f8ff2ae07206e7fULL, 0xfe38a9813b62d03aULL, 0xa7a1ad7a8bee2466ULL,
580 0x7b6056c8dde882b6ULL, 0x302a1e286fc58ca7ULL, 0x8da0fa457a259bc7ULL,
581 0xb3302b64e074415bULL, 0x5402ae7eff8b635fULL, 0x08f8050c9cafc94bULL,
582 0xae468bf98a3059ceULL, 0x88c355cca98dc58fULL, 0xb10e6d67c7963480ULL,
583 0xbad70de7e1aa3cf3ULL, 0xbfb4a26e320262bbULL, 0xcb711820870f02d5ULL,
584 0xce12b7a954a75c9dULL, 0x563ce87dd8691684ULL, 0x9f73b65e7884618aULL,
585 0x2b1e74b06cba0b42ULL, 0x47cec1ea605b2df1ULL, 0x1c698312f735ac76ULL,
586 0x5fdbcefed9b76b2cULL, 0x831a354c8fb1cdfcULL, 0x820516c312c0791fULL,
587 0xb74ca762aeadabf0ULL, 0xfc06ef821c80a5e1ULL, 0x5723cbf24518a267ULL,
588 0x9d4df05d5f661451ULL, 0x588627742dfd40bfULL, 0xda8331b73f3d39a0ULL,
589 0x17b0e392d109a405ULL, 0xf965400bcf28fba9ULL, 0x7c3dbf4229a2a925ULL,
590 0x023e460327e275dbULL, 0x6cd0b55a0ce126b3ULL, 0xe62da695828e96e7ULL,
591 0x42ad6e63b3f373b9ULL, 0xe50cc319381d57dfULL, 0xc5cbd729729b54eeULL,
592 0x46d1e265fd2a9912ULL, 0x6428b056904eeff8ULL, 0x8be23040131e04b7ULL,
593 0x6709d5da2add2ec0ULL, 0x075de98af44a2b93ULL, 0x8447dcc67bfbe66fULL,
594 0x6616f655b7ac9a23ULL, 0xd607b8bded4b1a40ULL, 0x0563af89d3a85e48ULL,
595 0x3db1b4ad20c21ba4ULL, 0x11f22997b8323b75ULL, 0x292032b34b587e99ULL,
596 0x7f1cdace9331681dULL, 0x8e819fc9c0b65affULL, 0xa1e3677fe2d5bb16ULL,
597 0xcd33d225ee349da5ULL, 0xd9a2543b85aef898ULL, 0x795e10cbfa0af76dULL,
598 0x25a4bbb9992e5d79ULL, 0x78413344677b438eULL, 0xf0826688cef68601ULL,
599 0xd27b34bba392f0ebULL, 0x551d8df162fad7bcULL, 0x1e57c511d0d7d9adULL,
600 0xdeffbdb171e4d30bULL, 0xf4feea8e802f6caaULL, 0xa480c8f6317de55eULL,
601 0xa0fc44f07fa40ff5ULL, 0x95b5f551c3c9dd1aULL, 0x22f952336d6476eaULL,
602 0x0000000000000000ULL, 0xa6be8ef5169f9085ULL, 0xcc2cf1aa73452946ULL,
603 0x2e7ddb39bf12550aULL, 0xd526dd3157d8db78ULL, 0x486b2d6c08becf29ULL,
604 0x9b0f3a58365d8b21ULL, 0xac78cdfaadd22c15ULL, 0xbc95c7e28891a383ULL,
605 0x6a927f5f65dab9c3ULL, 0xc3891d2c1ba0cb9eULL, 0xeaa92f9f50f8b507ULL,
606 0xcf0d9426c9d6e87eULL, 0xca6e3baf1a7eb636ULL, 0xab25247059980786ULL,
607 0x69b31ad3df4978fbULL, 0xe2512a93cc577c4cULL, 0xff278a0ea61364d9ULL,
608 0x71a615c766a53e26ULL, 0x89dc764334fc716cULL, 0xf87a638452594f4aULL,
609 0xf2bc208be914f3daULL, 0x8766b94ac1682757ULL, 0xbbc82e687cdb8810ULL,
610 0x626a7a53f9757088ULL, 0xa2c202f358467a2eULL, 0x4d0882e5db169161ULL,
611 0x09e7268301de7da8ULL, 0xe897699c771ac0dcULL, 0xc8507dac3d9cc3edULL,
612 0xc0a878a0a1330aa6ULL, 0x978bb352e42ba8c1ULL, 0xe9884a13ea6b743fULL,
613 0x279afdbabecc28a2ULL, 0x047c8c064ed9eaabULL, 0x507e2278b15289f4ULL,
614 0x599904fbb08cf45cULL, 0xbd8ae46d15e01760ULL, 0x31353da7f2b43844ULL,
615 0x8558ff49e68a528cULL, 0x76fbfc4d92ef15b5ULL, 0x3456922e211c660cULL,
616 0x86799ac55c1993b4ULL, 0x3e90d1219a51da9cULL, 0x2d5cbeb505819432ULL,
617 0x982e5fd48cce4a19ULL, 0xdb9c1238a24c8d43ULL, 0xd439febecaa96f9bULL,
618 0x418c0bef0960b281ULL, 0x158ea591f6ebd1deULL, 0x1f48e69e4da66d4eULL,
619 0x8afd13cf8e6fb054ULL, 0xf5e1c9011d5ed849ULL, 0xe34e091c5126c8afULL,
620 0xad67ee7530a398f6ULL, 0x43b24dec2e82c75aULL, 0x75da99c1287cd48dULL,
621 0x92e81cdb3783f689ULL, 0xa3dd217cc537cecdULL, 0x60543c50de970553ULL,
622 0x93f73f54aaf2426aULL, 0xa91b62737e7a725dULL, 0xf19d4507538732e2ULL,
623 0x77e4dfc20f9ea156ULL, 0x7d229ccdb4d31dc6ULL, 0x1b346a98037f87e5ULL,
624 0xedf4c615a4b29e94ULL, 0x4093286094110662ULL, 0xb0114ee85ae78063ULL,
625 0x6ff1d0d6b672e78bULL, 0x6dcf96d591909250ULL, 0xdfe09e3eec9567e8ULL,
626 0x3214582b4827f97cULL, 0xb46dc2ee143e6ac8ULL, 0xf6c0ac8da7cd1971ULL,
627 0xebb60c10cd8901e4ULL, 0xf7df8f023abcad92ULL, 0x9c52d3d2c217a0b2ULL,
628 0x6b8d5cd0f8ab0d20ULL, 0x3777f7a29b8fa734ULL, 0x011f238f9d71b4e3ULL,
629 0xc1b75b2f3c42be45ULL, 0x5de588fdfe551ef7ULL, 0x6eeef3592b035368ULL,
630 0xaa3a07ffc4e9b365ULL, 0xecebe59a39c32a77ULL, 0x5ba742f8976e8187ULL,
631 0x4b4a48e0b22d0e11ULL, 0xddded83dcb771233ULL, 0xa59feb79ac0c51bdULL,
632 0xc7f5912a55792135ULL
633 }, {
634 0x6d6ae04668a9b08aULL, 0x3ab3f04b0be8c743ULL, 0xe51e166b54b3c908ULL,
635 0xbe90a9eb35c2f139ULL, 0xb2c7066637f2bec1ULL, 0xaa6945613392202cULL,
636 0x9a28c36f3b5201ebULL, 0xddce5a93ab536994ULL, 0x0e34133ef6382827ULL,
637 0x52a02ba1ec55048bULL, 0xa2f88f97c4b2a177ULL, 0x8640e513ca2251a5ULL,
638 0xcdf1d36258137622ULL, 0xfe6cb708dedf8ddbULL, 0x8a174a9ec8121e5dULL,
639 0x679896036b81560eULL, 0x59ed033395795feeULL, 0x1dd778ab8b74edafULL,
640 0xee533ef92d9f926dULL, 0x2a8c79baf8a8d8f5ULL, 0x6bcf398e69b119f6ULL,
641 0xe20491742fafdd95ULL, 0x276488e0809c2aecULL, 0xea955b82d88f5cceULL,
642 0x7102c63a99d9e0c4ULL, 0xf9763017a5c39946ULL, 0x429fa2501f151b3dULL,
643 0x4659c72bea05d59eULL, 0x984b7fdccf5a6634ULL, 0xf742232953fbb161ULL,
644 0x3041860e08c021c7ULL, 0x747bfd9616cd9386ULL, 0x4bb1367192312787ULL,
645 0x1b72a1638a6c44d3ULL, 0x4a0e68a6e8359a66ULL, 0x169a5039f258b6caULL,
646 0xb98a2ef44edee5a4ULL, 0xd9083fe85e43a737ULL, 0x967f6ce239624e13ULL,
647 0x8874f62d3c1a7982ULL, 0x3c1629830af06e3fULL, 0x9165ebfd427e5a8eULL,
648 0xb5dd81794ceeaa5cULL, 0x0de8f15a7834f219ULL, 0x70bd98ede3dd5d25ULL,
649 0xaccc9ca9328a8950ULL, 0x56664eda1945ca28ULL, 0x221db34c0f8859aeULL,
650 0x26dbd637fa98970dULL, 0x1acdffb4f068f932ULL, 0x4585254f64090fa0ULL,
651 0x72de245e17d53afaULL, 0x1546b25d7c546cf4ULL, 0x207e0ffffb803e71ULL,
652 0xfaaad2732bcf4378ULL, 0xb462dfae36ea17bdULL, 0xcf926fd1ac1b11fdULL,
653 0xe0672dc7dba7ba4aULL, 0xd3fa49ad5d6b41b3ULL, 0x8ba81449b216a3bcULL,
654 0x14f9ec8a0650d115ULL, 0x40fc1ee3eb1d7ce2ULL, 0x23a2ed9b758ce44fULL,
655 0x782c521b14fddc7eULL, 0x1c68267cf170504eULL, 0xbcf31558c1ca96e6ULL,
656 0xa781b43b4ba6d235ULL, 0xf6fd7dfe29ff0c80ULL, 0xb0a4bad5c3fad91eULL,
657 0xd199f51ea963266cULL, 0x414340349119c103ULL, 0x5405f269ed4dadf7ULL,
658 0xabd61bb649969dcdULL, 0x6813dbeae7bdc3c8ULL, 0x65fb2ab09f8931d1ULL,
659 0xf1e7fae152e3181dULL, 0xc1a67cef5a2339daULL, 0x7a4feea8e0f5bba1ULL,
660 0x1e0b9acf05783791ULL, 0x5b8ebf8061713831ULL, 0x80e53cdbcb3af8d9ULL,
661 0x7e898bd315e57502ULL, 0xc6bcfbf0213f2d47ULL, 0x95a38e86b76e942dULL,
662 0x092e94218d243cbaULL, 0x8339debf453622e7ULL, 0xb11be402b9fe64ffULL,
663 0x57d9100d634177c9ULL, 0xcc4e8db52217cbc3ULL, 0x3b0cae9c71ec7aa2ULL,
664 0xfb158ca451cbfe99ULL, 0x2b33276d82ac6514ULL, 0x01bf5ed77a04bde1ULL,
665 0xc5601994af33f779ULL, 0x75c4a3416cc92e67ULL, 0xf3844652a6eb7fc2ULL,
666 0x3487e375fdd0ef64ULL, 0x18ae430704609eedULL, 0x4d14efb993298efbULL,
667 0x815a620cb13e4538ULL, 0x125c354207487869ULL, 0x9eeea614ce42cf48ULL,
668 0xce2d3106d61fac1cULL, 0xbbe99247bad6827bULL, 0x071a871f7b1c149dULL,
669 0x2e4a1cc10db81656ULL, 0x77a71ff298c149b8ULL, 0x06a5d9c80118a97cULL,
670 0xad73c27e488e34b1ULL, 0x443a7b981e0db241ULL, 0xe3bbcfa355ab6074ULL,
671 0x0af276450328e684ULL, 0x73617a896dd1871bULL, 0x58525de4ef7de20fULL,
672 0xb7be3dcab8e6cd83ULL, 0x19111dd07e64230cULL, 0x842359a03e2a367aULL,
673 0x103f89f1f3401fb6ULL, 0xdc710444d157d475ULL, 0xb835702334da5845ULL,
674 0x4320fc876511a6dcULL, 0xd026abc9d3679b8dULL, 0x17250eee885c0b2bULL,
675 0x90dab52a387ae76fULL, 0x31fed8d972c49c26ULL, 0x89cba8fa461ec463ULL,
676 0x2ff5421677bcabb7ULL, 0x396f122f85e41d7dULL, 0xa09b332430bac6a8ULL,
677 0xc888e8ced7070560ULL, 0xaeaf201ac682ee8fULL, 0x1180d7268944a257ULL,
678 0xf058a43628e7a5fcULL, 0xbd4c4b8fbbce2b07ULL, 0xa1246df34abe7b49ULL,
679 0x7d5569b79be9af3cULL, 0xa9b5a705bd9efa12ULL, 0xdb6b835baa4bc0e8ULL,
680 0x05793bac8f147342ULL, 0x21c1512881848390ULL, 0xfdb0556c50d357e5ULL,
681 0x613d4fcb6a99ff72ULL, 0x03dce2648e0cda3eULL, 0xe949b9e6568386f0ULL,
682 0xfc0f0bbb2ad7ea04ULL, 0x6a70675913b5a417ULL, 0x7f36d5046fe1c8e3ULL,
683 0x0c57af8d02304ff8ULL, 0x32223abdfcc84618ULL, 0x0891caf6f720815bULL,
684 0xa63eeaec31a26fd4ULL, 0x2507345374944d33ULL, 0x49d28ac266394058ULL,
685 0xf5219f9aa7f3d6beULL, 0x2d96fea583b4cc68ULL, 0x5a31e1571b7585d0ULL,
686 0x8ed12fe53d02d0feULL, 0xdfade6205f5b0e4bULL, 0x4cabb16ee92d331aULL,
687 0x04c6657bf510cea3ULL, 0xd73c2cd6a87b8f10ULL, 0xe1d87310a1a307abULL,
688 0x6cd5be9112ad0d6bULL, 0x97c032354366f3f2ULL, 0xd4e0ceb22677552eULL,
689 0x0000000000000000ULL, 0x29509bde76a402cbULL, 0xc27a9e8bd42fe3e4ULL,
690 0x5ef7842cee654b73ULL, 0xaf107ecdbc86536eULL, 0x3fcacbe784fcb401ULL,
691 0xd55f90655c73e8cfULL, 0xe6c2f40fdabf1336ULL, 0xe8f6e7312c873b11ULL,
692 0xeb2a0555a28be12fULL, 0xe4a148bc2eb774e9ULL, 0x9b979db84156bc0aULL,
693 0x6eb60222e6a56ab4ULL, 0x87ffbbc4b026ec44ULL, 0xc703a5275b3b90a6ULL,
694 0x47e699fc9001687fULL, 0x9c8d1aa73a4aa897ULL, 0x7cea3760e1ed12ddULL,
695 0x4ec80ddd1d2554c5ULL, 0x13e36b957d4cc588ULL, 0x5d2b66486069914dULL,
696 0x92b90999cc7280b0ULL, 0x517cc9c56259deb5ULL, 0xc937b619ad03b881ULL,
697 0xec30824ad997f5b2ULL, 0xa45d565fc5aa080bULL, 0xd6837201d27f32f1ULL,
698 0x635ef3789e9198adULL, 0x531f75769651b96aULL, 0x4f77530a6721e924ULL,
699 0x486dd4151c3dfdb9ULL, 0x5f48dafb9461f692ULL, 0x375b011173dc355aULL,
700 0x3da9775470f4d3deULL, 0x8d0dcd81b30e0ac0ULL, 0x36e45fc609d888bbULL,
701 0x55baacbe97491016ULL, 0x8cb29356c90ab721ULL, 0x76184125e2c5f459ULL,
702 0x99f4210bb55edbd5ULL, 0x6f095cf59ca1d755ULL, 0x9f51f8c3b44672a9ULL,
703 0x3538bda287d45285ULL, 0x50c39712185d6354ULL, 0xf23b1885dcefc223ULL,
704 0x79930ccc6ef9619fULL, 0xed8fdc9da3934853ULL, 0xcb540aaa590bdf5eULL,
705 0x5c94389f1a6d2cacULL, 0xe77daad8a0bbaed7ULL, 0x28efc5090ca0bf2aULL,
706 0xbf2ff73c4fc64cd8ULL, 0xb37858b14df60320ULL, 0xf8c96ec0dfc724a7ULL,
707 0x828680683f329f06ULL, 0x941cd051cd6a29ccULL, 0xc3c5c05cae2b5e05ULL,
708 0xb601631dc2e27062ULL, 0xc01922382027843bULL, 0x24b86a840e90f0d2ULL,
709 0xd245177a276ffc52ULL, 0x0f8b4de98c3c95c6ULL, 0x3e759530fef809e0ULL,
710 0x0b4d2892792c5b65ULL, 0xc4df4743d5374a98ULL, 0xa5e20888bfaeb5eaULL,
711 0xba56cc90c0d23f9aULL, 0x38d04cf8ffe0a09cULL, 0x62e1adafe495254cULL,
712 0x0263bcb3f40867dfULL, 0xcaeb547d230f62bfULL, 0x6082111c109d4293ULL,
713 0xdad4dd8cd04f7d09ULL, 0xefec602e579b2f8cULL, 0x1fb4c4187f7c8a70ULL,
714 0xffd3e9dfa4db303aULL, 0x7bf0b07f9af10640ULL, 0xf49ec14dddf76b5fULL,
715 0x8f6e713247066d1fULL, 0x339d646a86ccfbf9ULL, 0x64447467e58d8c30ULL,
716 0x2c29a072f9b07189ULL, 0xd8b7613f24471ad6ULL, 0x6627c8d41185ebefULL,
717 0xa347d140beb61c96ULL, 0xde12b8f7255fb3aaULL, 0x9d324470404e1576ULL,
718 0x9306574eb6763d51ULL, 0xa80af9d2c79a47f3ULL, 0x859c0777442e8b9bULL,
719 0x69ac853d9db97e29ULL
720 }, {
721 0xc3407dfc2de6377eULL, 0x5b9e93eea4256f77ULL, 0xadb58fdd50c845e0ULL,
722 0x5219ff11a75bed86ULL, 0x356b61cfd90b1de9ULL, 0xfb8f406e25abe037ULL,
723 0x7a5a0231c0f60796ULL, 0x9d3cd216e1f5020bULL, 0x0c6550fb6b48d8f3ULL,
724 0xf57508c427ff1c62ULL, 0x4ad35ffa71cb407dULL, 0x6290a2da1666aa6dULL,
725 0xe284ec2349355f9fULL, 0xb3c307c53d7c84ecULL, 0x05e23c0468365a02ULL,
726 0x190bac4d6c9ebfa8ULL, 0x94bbbee9e28b80faULL, 0xa34fc777529cb9b5ULL,
727 0xcc7b39f095bcd978ULL, 0x2426addb0ce532e3ULL, 0x7e79329312ce4fc7ULL,
728 0xab09a72eebec2917ULL, 0xf8d15499f6b9d6c2ULL, 0x1a55b8babf8c895dULL,
729 0xdb8add17fb769a85ULL, 0xb57f2f368658e81bULL, 0x8acd36f18f3f41f6ULL,
730 0x5ce3b7bba50f11d3ULL, 0x114dcc14d5ee2f0aULL, 0xb91a7fcded1030e8ULL,
731 0x81d5425fe55de7a1ULL, 0xb6213bc1554adeeeULL, 0x80144ef95f53f5f2ULL,
732 0x1e7688186db4c10cULL, 0x3b912965db5fe1bcULL, 0xc281715a97e8252dULL,
733 0x54a5d7e21c7f8171ULL, 0x4b12535ccbc5522eULL, 0x1d289cefbea6f7f9ULL,
734 0x6ef5f2217d2e729eULL, 0xe6a7dc819b0d17ceULL, 0x1b94b41c05829b0eULL,
735 0x33d7493c622f711eULL, 0xdcf7f942fa5ce421ULL, 0x600fba8b7f7a8ecbULL,
736 0x46b60f011a83988eULL, 0x235b898e0dcf4c47ULL, 0x957ab24f588592a9ULL,
737 0x4354330572b5c28cULL, 0xa5f3ef84e9b8d542ULL, 0x8c711e02341b2d01ULL,
738 0x0b1874ae6a62a657ULL, 0x1213d8e306fc19ffULL, 0xfe6d7c6a4d9dba35ULL,
739 0x65ed868f174cd4c9ULL, 0x88522ea0e6236550ULL, 0x899322065c2d7703ULL,
740 0xc01e690bfef4018bULL, 0x915982ed8abddaf8ULL, 0xbe675b98ec3a4e4cULL,
741 0xa996bf7f82f00db1ULL, 0xe1daf8d49a27696aULL, 0x2effd5d3dc8986e7ULL,
742 0xd153a51f2b1a2e81ULL, 0x18caa0ebd690adfbULL, 0x390e3134b243c51aULL,
743 0x2778b92cdff70416ULL, 0x029f1851691c24a6ULL, 0x5e7cafeacc133575ULL,
744 0xfa4e4cc89fa5f264ULL, 0x5a5f9f481e2b7d24ULL, 0x484c47ab18d764dbULL,
745 0x400a27f2a1a7f479ULL, 0xaeeb9b2a83da7315ULL, 0x721c626879869734ULL,
746 0x042330a2d2384851ULL, 0x85f672fd3765aff0ULL, 0xba446b3a3e02061dULL,
747 0x73dd6ecec3888567ULL, 0xffac70ccf793a866ULL, 0xdfa9edb5294ed2d4ULL,
748 0x6c6aea7014325638ULL, 0x834a5a0e8c41c307ULL, 0xcdba35562fb2cb2bULL,
749 0x0ad97808d06cb404ULL, 0x0f3b440cb85aee06ULL, 0xe5f9c876481f213bULL,
750 0x98deee1289c35809ULL, 0x59018bbfcd394bd1ULL, 0xe01bf47220297b39ULL,
751 0xde68e1139340c087ULL, 0x9fa3ca4788e926adULL, 0xbb85679c840c144eULL,
752 0x53d8f3b71d55ffd5ULL, 0x0da45c5dd146caa0ULL, 0x6f34fe87c72060cdULL,
753 0x57fbc315cf6db784ULL, 0xcee421a1fca0fddeULL, 0x3d2d0196607b8d4bULL,
754 0x642c8a29ad42c69aULL, 0x14aff010bdd87508ULL, 0xac74837beac657b3ULL,
755 0x3216459ad821634dULL, 0x3fb219c70967a9edULL, 0x06bc28f3bb246cf7ULL,
756 0xf2082c9126d562c6ULL, 0x66b39278c45ee23cULL, 0xbd394f6f3f2878b9ULL,
757 0xfd33689d9e8f8cc0ULL, 0x37f4799eb017394fULL, 0x108cc0b26fe03d59ULL,
758 0xda4bd1b1417888d6ULL, 0xb09d1332ee6eb219ULL, 0x2f3ed975668794b4ULL,
759 0x58c0871977375982ULL, 0x7561463d78ace990ULL, 0x09876cff037e82f1ULL,
760 0x7fb83e35a8c05d94ULL, 0x26b9b58a65f91645ULL, 0xef20b07e9873953fULL,
761 0x3148516d0b3355b8ULL, 0x41cb2b541ba9e62aULL, 0x790416c613e43163ULL,
762 0xa011d380818e8f40ULL, 0x3a5025c36151f3efULL, 0xd57095bdf92266d0ULL,
763 0x498d4b0da2d97688ULL, 0x8b0c3a57353153a5ULL, 0x21c491df64d368e1ULL,
764 0x8f2f0af5e7091bf4ULL, 0x2da1c1240f9bb012ULL, 0xc43d59a92ccc49daULL,
765 0xbfa6573e56345c1fULL, 0x828b56a8364fd154ULL, 0x9a41f643e0df7cafULL,
766 0xbcf843c985266aeaULL, 0x2b1de9d7b4bfdce5ULL, 0x20059d79dedd7ab2ULL,
767 0x6dabe6d6ae3c446bULL, 0x45e81bf6c991ae7bULL, 0x6351ae7cac68b83eULL,
768 0xa432e32253b6c711ULL, 0xd092a9b991143cd2ULL, 0xcac711032e98b58fULL,
769 0xd8d4c9e02864ac70ULL, 0xc5fc550f96c25b89ULL, 0xd7ef8dec903e4276ULL,
770 0x67729ede7e50f06fULL, 0xeac28c7af045cf3dULL, 0xb15c1f945460a04aULL,
771 0x9cfddeb05bfb1058ULL, 0x93c69abce3a1fe5eULL, 0xeb0380dc4a4bdd6eULL,
772 0xd20db1e8f8081874ULL, 0x229a8528b7c15e14ULL, 0x44291750739fbc28ULL,
773 0xd3ccbd4e42060a27ULL, 0xf62b1c33f4ed2a97ULL, 0x86a8660ae4779905ULL,
774 0xd62e814a2a305025ULL, 0x477703a7a08d8addULL, 0x7b9b0e977af815c5ULL,
775 0x78c51a60a9ea2330ULL, 0xa6adfb733aaae3b7ULL, 0x97e5aa1e3199b60fULL,
776 0x0000000000000000ULL, 0xf4b404629df10e31ULL, 0x5564db44a6719322ULL,
777 0x9207961a59afec0dULL, 0x9624a6b88b97a45cULL, 0x363575380a192b1cULL,
778 0x2c60cd82b595a241ULL, 0x7d272664c1dc7932ULL, 0x7142769faa94a1c1ULL,
779 0xa1d0df263b809d13ULL, 0x1630e841d4c451aeULL, 0xc1df65ad44fa13d8ULL,
780 0x13d2d445bcf20bacULL, 0xd915c546926abe23ULL, 0x38cf3d92084dd749ULL,
781 0xe766d0272103059dULL, 0xc7634d5effde7f2fULL, 0x077d2455012a7ea4ULL,
782 0xedbfa82ff16fb199ULL, 0xaf2a978c39d46146ULL, 0x42953fa3c8bbd0dfULL,
783 0xcb061da59496a7dcULL, 0x25e7a17db6eb20b0ULL, 0x34aa6d6963050fbaULL,
784 0xa76cf7d580a4f1e4ULL, 0xf7ea10954ee338c4ULL, 0xfcf2643b24819e93ULL,
785 0xcf252d0746aeef8dULL, 0x4ef06f58a3f3082cULL, 0x563acfb37563a5d7ULL,
786 0x5086e740ce47c920ULL, 0x2982f186dda3f843ULL, 0x87696aac5e798b56ULL,
787 0x5d22bb1d1f010380ULL, 0x035e14f7d31236f5ULL, 0x3cec0d30da759f18ULL,
788 0xf3c920379cdb7095ULL, 0xb8db736b571e22bbULL, 0xdd36f5e44052f672ULL,
789 0xaac8ab8851e23b44ULL, 0xa857b3d938fe1fe2ULL, 0x17f1e4e76eca43fdULL,
790 0xec7ea4894b61a3caULL, 0x9e62c6e132e734feULL, 0xd4b1991b432c7483ULL,
791 0x6ad6c283af163acfULL, 0x1ce9904904a8e5aaULL, 0x5fbda34c761d2726ULL,
792 0xf910583f4cb7c491ULL, 0xc6a241f845d06d7cULL, 0x4f3163fe19fd1a7fULL,
793 0xe99c988d2357f9c8ULL, 0x8eee06535d0709a7ULL, 0x0efa48aa0254fc55ULL,
794 0xb4be23903c56fa48ULL, 0x763f52caabbedf65ULL, 0xeee1bcd8227d876cULL,
795 0xe345e085f33b4dccULL, 0x3e731561b369bbbeULL, 0x2843fd2067adea10ULL,
796 0x2adce5710eb1ceb6ULL, 0xb7e03767ef44ccbdULL, 0x8db012a48e153f52ULL,
797 0x61ceb62dc5749c98ULL, 0xe85d942b9959eb9bULL, 0x4c6f7709caef2c8aULL,
798 0x84377e5b8d6bbda3ULL, 0x30895dcbb13d47ebULL, 0x74a04a9bc2a2fbc3ULL,
799 0x6b17ce251518289cULL, 0xe438c4d0f2113368ULL, 0x1fb784bed7bad35fULL,
800 0x9b80fae55ad16efcULL, 0x77fe5e6c11b0cd36ULL, 0xc858095247849129ULL,
801 0x08466059b97090a2ULL, 0x01c10ca6ba0e1253ULL, 0x6988d6747c040c3aULL,
802 0x6849dad2c60a1e69ULL, 0x5147ebe67449db73ULL, 0xc99905f4fd8a837aULL,
803 0x991fe2b433cd4a5aULL, 0xf09734c04fc94660ULL, 0xa28ecbd1e892abe6ULL,
804 0xf1563866f5c75433ULL, 0x4dae7baf70e13ed9ULL, 0x7ce62ac27bd26b61ULL,
805 0x70837a39109ab392ULL, 0x90988e4b30b3c8abULL, 0xb2020b63877296bfULL,
806 0x156efcb607d6675bULL
807 }, {
808 0xe63f55ce97c331d0ULL, 0x25b506b0015bba16ULL, 0xc8706e29e6ad9ba8ULL,
809 0x5b43d3775d521f6aULL, 0x0bfa3d577035106eULL, 0xab95fc172afb0e66ULL,
810 0xf64b63979e7a3276ULL, 0xf58b4562649dad4bULL, 0x48f7c3dbae0c83f1ULL,
811 0xff31916642f5c8c5ULL, 0xcbb048dc1c4a0495ULL, 0x66b8f83cdf622989ULL,
812 0x35c130e908e2b9b0ULL, 0x7c761a61f0b34fa1ULL, 0x3601161cf205268dULL,
813 0x9e54ccfe2219b7d6ULL, 0x8b7d90a538940837ULL, 0x9cd403588ea35d0bULL,
814 0xbc3c6fea9ccc5b5aULL, 0xe5ff733b6d24aeedULL, 0xceed22de0f7eb8d2ULL,
815 0xec8581cab1ab545eULL, 0xb96105e88ff8e71dULL, 0x8ca03501871a5eadULL,
816 0x76ccce65d6db2a2fULL, 0x5883f582a7b58057ULL, 0x3f7be4ed2e8adc3eULL,
817 0x0fe7be06355cd9c9ULL, 0xee054e6c1d11be83ULL, 0x1074365909b903a6ULL,
818 0x5dde9f80b4813c10ULL, 0x4a770c7d02b6692cULL, 0x5379c8d5d7809039ULL,
819 0xb4067448161ed409ULL, 0x5f5e5026183bd6cdULL, 0xe898029bf4c29df9ULL,
820 0x7fb63c940a54d09cULL, 0xc5171f897f4ba8bcULL, 0xa6f28db7b31d3d72ULL,
821 0x2e4f3be7716eaa78ULL, 0x0d6771a099e63314ULL, 0x82076254e41bf284ULL,
822 0x2f0fd2b42733df98ULL, 0x5c9e76d3e2dc49f0ULL, 0x7aeb569619606cdbULL,
823 0x83478b07b2468764ULL, 0xcfadcb8d5923cd32ULL, 0x85dac7f05b95a41eULL,
824 0xb5469d1b4043a1e9ULL, 0xb821ecbbd9a592fdULL, 0x1b8e0b0e798c13c8ULL,
825 0x62a57b6d9a0be02eULL, 0xfcf1b793b81257f8ULL, 0x9d94ea0bd8fe28ebULL,
826 0x4cea408aeb654a56ULL, 0x23284a47e888996cULL, 0x2d8f1d128b893545ULL,
827 0xf4cbac3132c0d8abULL, 0xbd7c86b9ca912ebaULL, 0x3a268eef3dbe6079ULL,
828 0xf0d62f6077a9110cULL, 0x2735c916ade150cbULL, 0x89fd5f03942ee2eaULL,
829 0x1acee25d2fd16628ULL, 0x90f39bab41181bffULL, 0x430dfe8cde39939fULL,
830 0xf70b8ac4c8274796ULL, 0x1c53aeaac6024552ULL, 0x13b410acf35e9c9bULL,
831 0xa532ab4249faa24fULL, 0x2b1251e5625a163fULL, 0xd7e3e676da4841c7ULL,
832 0xa7b264e4e5404892ULL, 0xda8497d643ae72d3ULL, 0x861ae105a1723b23ULL,
833 0x38a6414991048aa4ULL, 0x6578dec92585b6b4ULL, 0x0280cfa6acbaeaddULL,
834 0x88bdb650c273970aULL, 0x9333bd5ebbff84c2ULL, 0x4e6a8f2c47dfa08bULL,
835 0x321c954db76cef2aULL, 0x418d312a72837942ULL, 0xb29b38bfffcdf773ULL,
836 0x6c022c38f90a4c07ULL, 0x5a033a240b0f6a8aULL, 0x1f93885f3ce5da6fULL,
837 0xc38a537e96988bc6ULL, 0x39e6a81ac759ff44ULL, 0x29929e43cee0fce2ULL,
838 0x40cdd87924de0ca2ULL, 0xe9d8ebc8a29fe819ULL, 0x0c2798f3cfbb46f4ULL,
839 0x55e484223e53b343ULL, 0x4650948ecd0d2fd8ULL, 0x20e86cb2126f0651ULL,
840 0x6d42c56baf5739e7ULL, 0xa06fc1405ace1e08ULL, 0x7babbfc54f3d193bULL,
841 0x424d17df8864e67fULL, 0xd8045870ef14980eULL, 0xc6d7397c85ac3781ULL,
842 0x21a885e1443273b1ULL, 0x67f8116f893f5c69ULL, 0x24f5efe35706cff6ULL,
843 0xd56329d076f2ab1aULL, 0x5e1eb9754e66a32dULL, 0x28d2771098bd8902ULL,
844 0x8f6013f47dfdc190ULL, 0x17a993fdb637553cULL, 0xe0a219397e1012aaULL,
845 0x786b9930b5da8606ULL, 0x6e82e39e55b0a6daULL, 0x875a0856f72f4ec3ULL,
846 0x3741ff4fa458536dULL, 0xac4859b3957558fcULL, 0x7ef6d5c75c09a57cULL,
847 0xc04a758b6c7f14fbULL, 0xf9acdd91ab26ebbfULL, 0x7391a467c5ef9668ULL,
848 0x335c7c1ee1319acaULL, 0xa91533b18641e4bbULL, 0xe4bf9a683b79db0dULL,
849 0x8e20faa72ba0b470ULL, 0x51f907737b3a7ae4ULL, 0x2268a314bed5ec8cULL,
850 0xd944b123b949edeeULL, 0x31dcb3b84d8b7017ULL, 0xd3fe65279f218860ULL,
851 0x097af2f1dc8ffab3ULL, 0x9b09a6fc312d0b91ULL, 0xcc6ded78a3c4520fULL,
852 0x3481d9ba5ebfcc50ULL, 0x4f2a667f1182d56bULL, 0xdfd9fdd4509ace94ULL,
853 0x26752045fbbc252bULL, 0xbffc491f662bc467ULL, 0xdd593272fc202449ULL,
854 0x3cbbc218d46d4303ULL, 0x91b372f817456e1fULL, 0x681faf69bc6385a0ULL,
855 0xb686bbeebaa43ed4ULL, 0x1469b5084cd0ca01ULL, 0x98c98009cbca94acULL,
856 0x6438379a73d8c354ULL, 0xc2caba2dc0c5fe26ULL, 0x3e3b0dbe78d7a9deULL,
857 0x50b9ee202d670f04ULL, 0x4590b27b37eab0e5ULL, 0x6025b4cb36b10af3ULL,
858 0xfb2c1237079c0162ULL, 0xa12f28130c936be8ULL, 0x4b37e52e54eb1cccULL,
859 0x083a1ba28ad28f53ULL, 0xc10a9cd83a22611bULL, 0x9f1425ad7444c236ULL,
860 0x069d4cf7e9d3237aULL, 0xedc56899e7f621beULL, 0x778c273680865fcfULL,
861 0x309c5aeb1bd605f7ULL, 0x8de0dc52d1472b4dULL, 0xf8ec34c2fd7b9e5fULL,
862 0xea18cd3d58787724ULL, 0xaad515447ca67b86ULL, 0x9989695a9d97e14cULL,
863 0x0000000000000000ULL, 0xf196c63321f464ecULL, 0x71116bc169557cb5ULL,
864 0xaf887f466f92c7c1ULL, 0x972e3e0ffe964d65ULL, 0x190ec4a8d536f915ULL,
865 0x95aef1a9522ca7b8ULL, 0xdc19db21aa7d51a9ULL, 0x94ee18fa0471d258ULL,
866 0x8087adf248a11859ULL, 0xc457f6da2916dd5cULL, 0xfa6cfb6451c17482ULL,
867 0xf256e0c6db13fbd1ULL, 0x6a9f60cf10d96f7dULL, 0x4daaa9d9bd383fb6ULL,
868 0x03c026f5fae79f3dULL, 0xde99148706c7bb74ULL, 0x2a52b8b6340763dfULL,
869 0x6fc20acd03edd33aULL, 0xd423c08320afdefaULL, 0xbbe1ca4e23420dc0ULL,
870 0x966ed75ca8cb3885ULL, 0xeb58246e0e2502c4ULL, 0x055d6a021334bc47ULL,
871 0xa47242111fa7d7afULL, 0xe3623fcc84f78d97ULL, 0x81c744a11efc6db9ULL,
872 0xaec8961539cfb221ULL, 0xf31609958d4e8e31ULL, 0x63e5923ecc5695ceULL,
873 0x47107ddd9b505a38ULL, 0xa3afe7b5a0298135ULL, 0x792b7063e387f3e6ULL,
874 0x0140e953565d75e0ULL, 0x12f4f9ffa503e97bULL, 0x750ce8902c3cb512ULL,
875 0xdbc47e8515f30733ULL, 0x1ed3610c6ab8af8fULL, 0x5239218681dde5d9ULL,
876 0xe222d69fd2aaf877ULL, 0xfe71783514a8bd25ULL, 0xcaf0a18f4a177175ULL,
877 0x61655d9860ec7f13ULL, 0xe77fbc9dc19e4430ULL, 0x2ccff441ddd440a5ULL,
878 0x16e97aaee06a20dcULL, 0xa855dae2d01c915bULL, 0x1d1347f9905f30b2ULL,
879 0xb7c652bdecf94b34ULL, 0xd03e43d265c6175dULL, 0xfdb15ec0ee4f2218ULL,
880 0x57644b8492e9599eULL, 0x07dda5a4bf8e569aULL, 0x54a46d71680ec6a3ULL,
881 0x5624a2d7c4b42c7eULL, 0xbebca04c3076b187ULL, 0x7d36f332a6ee3a41ULL,
882 0x3b6667bc6be31599ULL, 0x695f463aea3ef040ULL, 0xad08b0e0c3282d1cULL,
883 0xb15b1e4a052a684eULL, 0x44d05b2861b7c505ULL, 0x15295c5b1a8dbfe1ULL,
884 0x744c01c37a61c0f2ULL, 0x59c31cd1f1e8f5b7ULL, 0xef45a73f4b4ccb63ULL,
885 0x6bdf899c46841a9dULL, 0x3dfb2b4b823036e3ULL, 0xa2ef0ee6f674f4d5ULL,
886 0x184e2dfb836b8cf5ULL, 0x1134df0a5fe47646ULL, 0xbaa1231d751f7820ULL,
887 0xd17eaa81339b62bdULL, 0xb01bf71953771daeULL, 0x849a2ea30dc8d1feULL,
888 0x705182923f080955ULL, 0x0ea757556301ac29ULL, 0x041d83514569c9a7ULL,
889 0x0abad4042668658eULL, 0x49b72a88f851f611ULL, 0x8a3d79f66ec97dd7ULL,
890 0xcd2d042bf59927efULL, 0xc930877ab0f0ee48ULL, 0x9273540deda2f122ULL,
891 0xc797d02fd3f14261ULL, 0xe1e2f06a284d674aULL, 0xd2be8c74c97cfd80ULL,
892 0x9a494faf67707e71ULL, 0xb3dbd1eca9908293ULL, 0x72d14d3493b2e388ULL,
893 0xd6a30f258c153427ULL
894 }
895}; /* Ax */
896
897static void streebog_xor(const struct streebog_uint512 *x,
898 const struct streebog_uint512 *y,
899 struct streebog_uint512 *z)
900{
901 z->qword[0] = x->qword[0] ^ y->qword[0];
902 z->qword[1] = x->qword[1] ^ y->qword[1];
903 z->qword[2] = x->qword[2] ^ y->qword[2];
904 z->qword[3] = x->qword[3] ^ y->qword[3];
905 z->qword[4] = x->qword[4] ^ y->qword[4];
906 z->qword[5] = x->qword[5] ^ y->qword[5];
907 z->qword[6] = x->qword[6] ^ y->qword[6];
908 z->qword[7] = x->qword[7] ^ y->qword[7];
909}
910
911static void streebog_xlps(const struct streebog_uint512 *x,
912 const struct streebog_uint512 *y,
913 struct streebog_uint512 *data)
914{
915 u64 r0, r1, r2, r3, r4, r5, r6, r7;
916 int i;
917
918 r0 = le64_to_cpu(x->qword[0] ^ y->qword[0]);
919 r1 = le64_to_cpu(x->qword[1] ^ y->qword[1]);
920 r2 = le64_to_cpu(x->qword[2] ^ y->qword[2]);
921 r3 = le64_to_cpu(x->qword[3] ^ y->qword[3]);
922 r4 = le64_to_cpu(x->qword[4] ^ y->qword[4]);
923 r5 = le64_to_cpu(x->qword[5] ^ y->qword[5]);
924 r6 = le64_to_cpu(x->qword[6] ^ y->qword[6]);
925 r7 = le64_to_cpu(x->qword[7] ^ y->qword[7]);
926
927 for (i = 0; i <= 7; i++) {
928 data->qword[i] = cpu_to_le64(Ax[0][r0 & 0xFF]);
929 data->qword[i] ^= cpu_to_le64(Ax[1][r1 & 0xFF]);
930 data->qword[i] ^= cpu_to_le64(Ax[2][r2 & 0xFF]);
931 data->qword[i] ^= cpu_to_le64(Ax[3][r3 & 0xFF]);
932 data->qword[i] ^= cpu_to_le64(Ax[4][r4 & 0xFF]);
933 data->qword[i] ^= cpu_to_le64(Ax[5][r5 & 0xFF]);
934 data->qword[i] ^= cpu_to_le64(Ax[6][r6 & 0xFF]);
935 data->qword[i] ^= cpu_to_le64(Ax[7][r7 & 0xFF]);
936 r0 >>= 8;
937 r1 >>= 8;
938 r2 >>= 8;
939 r3 >>= 8;
940 r4 >>= 8;
941 r5 >>= 8;
942 r6 >>= 8;
943 r7 >>= 8;
944 }
945}
946
947static void streebog_round(int i, struct streebog_uint512 *Ki,
948 struct streebog_uint512 *data)
949{
950 streebog_xlps(Ki, &C[i], Ki);
951 streebog_xlps(Ki, data, data);
952}
953
954static int streebog_init(struct shash_desc *desc)
955{
956 struct streebog_state *ctx = shash_desc_ctx(desc);
957 unsigned int digest_size = crypto_shash_digestsize(desc->tfm);
958 unsigned int i;
959
960 memset(ctx, 0, sizeof(struct streebog_state));
961 for (i = 0; i < 8; i++) {
962 if (digest_size == STREEBOG256_DIGEST_SIZE)
963 ctx->h.qword[i] = 0x0101010101010101ULL;
964 }
965 return 0;
966}
967
968static void streebog_pad(struct streebog_state *ctx)
969{
970 if (ctx->fillsize >= STREEBOG_BLOCK_SIZE)
971 return;
972
973 memset(ctx->buffer + ctx->fillsize, 0,
974 sizeof(ctx->buffer) - ctx->fillsize);
975
976 ctx->buffer[ctx->fillsize] = 1;
977}
978
979static void streebog_add512(const struct streebog_uint512 *x,
980 const struct streebog_uint512 *y,
981 struct streebog_uint512 *r)
982{
983 u64 carry = 0;
984 int i;
985
986 for (i = 0; i < 8; i++) {
987 const u64 left = le64_to_cpu(x->qword[i]);
988 u64 sum;
989
990 sum = left + le64_to_cpu(y->qword[i]) + carry;
991 if (sum != left)
992 carry = (sum < left);
993 r->qword[i] = cpu_to_le64(sum);
994 }
995}
996
997static void streebog_g(struct streebog_uint512 *h,
998 const struct streebog_uint512 *N,
999 const u8 *m)
1000{
1001 struct streebog_uint512 Ki, data;
1002 unsigned int i;
1003
1004 streebog_xlps(h, N, &data);
1005
1006 /* Starting E() */
1007 Ki = data;
1008 streebog_xlps(&Ki, (const struct streebog_uint512 *)&m[0], &data);
1009
1010 for (i = 0; i < 11; i++)
1011 streebog_round(i, &Ki, &data);
1012
1013 streebog_xlps(&Ki, &C[11], &Ki);
1014 streebog_xor(&Ki, &data, &data);
1015 /* E() done */
1016
1017 streebog_xor(&data, h, &data);
1018 streebog_xor(&data, (const struct streebog_uint512 *)&m[0], h);
1019}
1020
1021static void streebog_stage2(struct streebog_state *ctx, const u8 *data)
1022{
1023 streebog_g(&ctx->h, &ctx->N, data);
1024
1025 streebog_add512(&ctx->N, &buffer512, &ctx->N);
1026 streebog_add512(&ctx->Sigma, (const struct streebog_uint512 *)data,
1027 &ctx->Sigma);
1028}
1029
1030static void streebog_stage3(struct streebog_state *ctx)
1031{
1032 struct streebog_uint512 buf = { { 0 } };
1033
1034 buf.qword[0] = cpu_to_le64(ctx->fillsize << 3);
1035 streebog_pad(ctx);
1036
1037 streebog_g(&ctx->h, &ctx->N, (const u8 *)&ctx->buffer);
1038 streebog_add512(&ctx->N, &buf, &ctx->N);
1039 streebog_add512(&ctx->Sigma,
1040 (const struct streebog_uint512 *)&ctx->buffer[0],
1041 &ctx->Sigma);
1042 streebog_g(&ctx->h, &buffer0, (const u8 *)&ctx->N);
1043 streebog_g(&ctx->h, &buffer0, (const u8 *)&ctx->Sigma);
1044 memcpy(&ctx->hash, &ctx->h, sizeof(struct streebog_uint512));
1045}
1046
1047static int streebog_update(struct shash_desc *desc, const u8 *data,
1048 unsigned int len)
1049{
1050 struct streebog_state *ctx = shash_desc_ctx(desc);
1051 size_t chunksize;
1052
1053 if (ctx->fillsize) {
1054 chunksize = STREEBOG_BLOCK_SIZE - ctx->fillsize;
1055 if (chunksize > len)
1056 chunksize = len;
1057 memcpy(&ctx->buffer[ctx->fillsize], data, chunksize);
1058 ctx->fillsize += chunksize;
1059 len -= chunksize;
1060 data += chunksize;
1061
1062 if (ctx->fillsize == STREEBOG_BLOCK_SIZE) {
1063 streebog_stage2(ctx, ctx->buffer);
1064 ctx->fillsize = 0;
1065 }
1066 }
1067
1068 while (len >= STREEBOG_BLOCK_SIZE) {
1069 streebog_stage2(ctx, data);
1070 data += STREEBOG_BLOCK_SIZE;
1071 len -= STREEBOG_BLOCK_SIZE;
1072 }
1073
1074 if (len) {
1075 memcpy(&ctx->buffer, data, len);
1076 ctx->fillsize = len;
1077 }
1078 return 0;
1079}
1080
1081static int streebog_final(struct shash_desc *desc, u8 *digest)
1082{
1083 struct streebog_state *ctx = shash_desc_ctx(desc);
1084
1085 streebog_stage3(ctx);
1086 ctx->fillsize = 0;
1087 if (crypto_shash_digestsize(desc->tfm) == STREEBOG256_DIGEST_SIZE)
1088 memcpy(digest, &ctx->hash.qword[4], STREEBOG256_DIGEST_SIZE);
1089 else
1090 memcpy(digest, &ctx->hash.qword[0], STREEBOG512_DIGEST_SIZE);
1091 return 0;
1092}
1093
1094static struct shash_alg algs[2] = { {
1095 .digestsize = STREEBOG256_DIGEST_SIZE,
1096 .init = streebog_init,
1097 .update = streebog_update,
1098 .final = streebog_final,
1099 .descsize = sizeof(struct streebog_state),
1100 .base = {
1101 .cra_name = "streebog256",
1102 .cra_driver_name = "streebog256-generic",
1103 .cra_blocksize = STREEBOG_BLOCK_SIZE,
1104 .cra_module = THIS_MODULE,
1105 },
1106}, {
1107 .digestsize = STREEBOG512_DIGEST_SIZE,
1108 .init = streebog_init,
1109 .update = streebog_update,
1110 .final = streebog_final,
1111 .descsize = sizeof(struct streebog_state),
1112 .base = {
1113 .cra_name = "streebog512",
1114 .cra_driver_name = "streebog512-generic",
1115 .cra_blocksize = STREEBOG_BLOCK_SIZE,
1116 .cra_module = THIS_MODULE,
1117 }
1118} };
1119
1120static int __init streebog_mod_init(void)
1121{
1122 return crypto_register_shashes(algs, ARRAY_SIZE(algs));
1123}
1124
1125static void __exit streebog_mod_fini(void)
1126{
1127 crypto_unregister_shashes(algs, ARRAY_SIZE(algs));
1128}
1129
1130module_init(streebog_mod_init);
1131module_exit(streebog_mod_fini);
1132
1133MODULE_LICENSE("GPL");
1134MODULE_AUTHOR("Vitaly Chikunov <vt@altlinux.org>");
1135MODULE_DESCRIPTION("Streebog Hash Function");
1136
1137MODULE_ALIAS_CRYPTO("streebog256");
1138MODULE_ALIAS_CRYPTO("streebog256-generic");
1139MODULE_ALIAS_CRYPTO("streebog512");
1140MODULE_ALIAS_CRYPTO("streebog512-generic");
diff --git a/crypto/tcrypt.c b/crypto/tcrypt.c
index c20c9f5c18f2..e7fb87e114a5 100644
--- a/crypto/tcrypt.c
+++ b/crypto/tcrypt.c
@@ -76,10 +76,12 @@ static char *check[] = {
76 "cast6", "arc4", "michael_mic", "deflate", "crc32c", "tea", "xtea", 76 "cast6", "arc4", "michael_mic", "deflate", "crc32c", "tea", "xtea",
77 "khazad", "wp512", "wp384", "wp256", "tnepres", "xeta", "fcrypt", 77 "khazad", "wp512", "wp384", "wp256", "tnepres", "xeta", "fcrypt",
78 "camellia", "seed", "salsa20", "rmd128", "rmd160", "rmd256", "rmd320", 78 "camellia", "seed", "salsa20", "rmd128", "rmd160", "rmd256", "rmd320",
79 "lzo", "cts", "sha3-224", "sha3-256", "sha3-384", "sha3-512", NULL 79 "lzo", "cts", "sha3-224", "sha3-256", "sha3-384", "sha3-512",
80 "streebog256", "streebog512",
81 NULL
80}; 82};
81 83
82static u32 block_sizes[] = { 16, 64, 256, 1024, 8192, 0 }; 84static u32 block_sizes[] = { 16, 64, 256, 1024, 1472, 8192, 0 };
83static u32 aead_sizes[] = { 16, 64, 256, 512, 1024, 2048, 4096, 8192, 0 }; 85static u32 aead_sizes[] = { 16, 64, 256, 512, 1024, 2048, 4096, 8192, 0 };
84 86
85#define XBUFSIZE 8 87#define XBUFSIZE 8
@@ -1736,6 +1738,7 @@ static int do_test(const char *alg, u32 type, u32 mask, int m, u32 num_mb)
1736 ret += tcrypt_test("ctr(aes)"); 1738 ret += tcrypt_test("ctr(aes)");
1737 ret += tcrypt_test("rfc3686(ctr(aes))"); 1739 ret += tcrypt_test("rfc3686(ctr(aes))");
1738 ret += tcrypt_test("ofb(aes)"); 1740 ret += tcrypt_test("ofb(aes)");
1741 ret += tcrypt_test("cfb(aes)");
1739 break; 1742 break;
1740 1743
1741 case 11: 1744 case 11:
@@ -1913,6 +1916,14 @@ static int do_test(const char *alg, u32 type, u32 mask, int m, u32 num_mb)
1913 ret += tcrypt_test("sm3"); 1916 ret += tcrypt_test("sm3");
1914 break; 1917 break;
1915 1918
1919 case 53:
1920 ret += tcrypt_test("streebog256");
1921 break;
1922
1923 case 54:
1924 ret += tcrypt_test("streebog512");
1925 break;
1926
1916 case 100: 1927 case 100:
1917 ret += tcrypt_test("hmac(md5)"); 1928 ret += tcrypt_test("hmac(md5)");
1918 break; 1929 break;
@@ -1969,6 +1980,14 @@ static int do_test(const char *alg, u32 type, u32 mask, int m, u32 num_mb)
1969 ret += tcrypt_test("hmac(sha3-512)"); 1980 ret += tcrypt_test("hmac(sha3-512)");
1970 break; 1981 break;
1971 1982
1983 case 115:
1984 ret += tcrypt_test("hmac(streebog256)");
1985 break;
1986
1987 case 116:
1988 ret += tcrypt_test("hmac(streebog512)");
1989 break;
1990
1972 case 150: 1991 case 150:
1973 ret += tcrypt_test("ansi_cprng"); 1992 ret += tcrypt_test("ansi_cprng");
1974 break; 1993 break;
@@ -2060,6 +2079,10 @@ static int do_test(const char *alg, u32 type, u32 mask, int m, u32 num_mb)
2060 speed_template_16_24_32); 2079 speed_template_16_24_32);
2061 test_cipher_speed("ctr(aes)", DECRYPT, sec, NULL, 0, 2080 test_cipher_speed("ctr(aes)", DECRYPT, sec, NULL, 0,
2062 speed_template_16_24_32); 2081 speed_template_16_24_32);
2082 test_cipher_speed("cfb(aes)", ENCRYPT, sec, NULL, 0,
2083 speed_template_16_24_32);
2084 test_cipher_speed("cfb(aes)", DECRYPT, sec, NULL, 0,
2085 speed_template_16_24_32);
2063 break; 2086 break;
2064 2087
2065 case 201: 2088 case 201:
@@ -2297,6 +2320,18 @@ static int do_test(const char *alg, u32 type, u32 mask, int m, u32 num_mb)
2297 test_cipher_speed("ctr(sm4)", DECRYPT, sec, NULL, 0, 2320 test_cipher_speed("ctr(sm4)", DECRYPT, sec, NULL, 0,
2298 speed_template_16); 2321 speed_template_16);
2299 break; 2322 break;
2323
2324 case 219:
2325 test_cipher_speed("adiantum(xchacha12,aes)", ENCRYPT, sec, NULL,
2326 0, speed_template_32);
2327 test_cipher_speed("adiantum(xchacha12,aes)", DECRYPT, sec, NULL,
2328 0, speed_template_32);
2329 test_cipher_speed("adiantum(xchacha20,aes)", ENCRYPT, sec, NULL,
2330 0, speed_template_32);
2331 test_cipher_speed("adiantum(xchacha20,aes)", DECRYPT, sec, NULL,
2332 0, speed_template_32);
2333 break;
2334
2300 case 300: 2335 case 300:
2301 if (alg) { 2336 if (alg) {
2302 test_hash_speed(alg, sec, generic_hash_speed_template); 2337 test_hash_speed(alg, sec, generic_hash_speed_template);
@@ -2407,6 +2442,16 @@ static int do_test(const char *alg, u32 type, u32 mask, int m, u32 num_mb)
2407 test_hash_speed("sm3", sec, generic_hash_speed_template); 2442 test_hash_speed("sm3", sec, generic_hash_speed_template);
2408 if (mode > 300 && mode < 400) break; 2443 if (mode > 300 && mode < 400) break;
2409 /* fall through */ 2444 /* fall through */
2445 case 327:
2446 test_hash_speed("streebog256", sec,
2447 generic_hash_speed_template);
2448 if (mode > 300 && mode < 400) break;
2449 /* fall through */
2450 case 328:
2451 test_hash_speed("streebog512", sec,
2452 generic_hash_speed_template);
2453 if (mode > 300 && mode < 400) break;
2454 /* fall through */
2410 case 399: 2455 case 399:
2411 break; 2456 break;
2412 2457
@@ -2520,6 +2565,16 @@ static int do_test(const char *alg, u32 type, u32 mask, int m, u32 num_mb)
2520 num_mb); 2565 num_mb);
2521 if (mode > 400 && mode < 500) break; 2566 if (mode > 400 && mode < 500) break;
2522 /* fall through */ 2567 /* fall through */
2568 case 426:
2569 test_mb_ahash_speed("streebog256", sec,
2570 generic_hash_speed_template, num_mb);
2571 if (mode > 400 && mode < 500) break;
2572 /* fall through */
2573 case 427:
2574 test_mb_ahash_speed("streebog512", sec,
2575 generic_hash_speed_template, num_mb);
2576 if (mode > 400 && mode < 500) break;
2577 /* fall through */
2523 case 499: 2578 case 499:
2524 break; 2579 break;
2525 2580
diff --git a/crypto/testmgr.c b/crypto/testmgr.c
index b1f79c6bf409..0f684a414acb 100644
--- a/crypto/testmgr.c
+++ b/crypto/testmgr.c
@@ -2404,6 +2404,18 @@ static int alg_test_null(const struct alg_test_desc *desc,
2404/* Please keep this list sorted by algorithm name. */ 2404/* Please keep this list sorted by algorithm name. */
2405static const struct alg_test_desc alg_test_descs[] = { 2405static const struct alg_test_desc alg_test_descs[] = {
2406 { 2406 {
2407 .alg = "adiantum(xchacha12,aes)",
2408 .test = alg_test_skcipher,
2409 .suite = {
2410 .cipher = __VECS(adiantum_xchacha12_aes_tv_template)
2411 },
2412 }, {
2413 .alg = "adiantum(xchacha20,aes)",
2414 .test = alg_test_skcipher,
2415 .suite = {
2416 .cipher = __VECS(adiantum_xchacha20_aes_tv_template)
2417 },
2418 }, {
2407 .alg = "aegis128", 2419 .alg = "aegis128",
2408 .test = alg_test_aead, 2420 .test = alg_test_aead,
2409 .suite = { 2421 .suite = {
@@ -2691,6 +2703,13 @@ static const struct alg_test_desc alg_test_descs[] = {
2691 } 2703 }
2692 } 2704 }
2693 }, { 2705 }, {
2706 .alg = "cfb(aes)",
2707 .test = alg_test_skcipher,
2708 .fips_allowed = 1,
2709 .suite = {
2710 .cipher = __VECS(aes_cfb_tv_template)
2711 },
2712 }, {
2694 .alg = "chacha20", 2713 .alg = "chacha20",
2695 .test = alg_test_skcipher, 2714 .test = alg_test_skcipher,
2696 .suite = { 2715 .suite = {
@@ -2805,6 +2824,7 @@ static const struct alg_test_desc alg_test_descs[] = {
2805 }, { 2824 }, {
2806 .alg = "cts(cbc(aes))", 2825 .alg = "cts(cbc(aes))",
2807 .test = alg_test_skcipher, 2826 .test = alg_test_skcipher,
2827 .fips_allowed = 1,
2808 .suite = { 2828 .suite = {
2809 .cipher = __VECS(cts_mode_tv_template) 2829 .cipher = __VECS(cts_mode_tv_template)
2810 } 2830 }
@@ -3185,6 +3205,18 @@ static const struct alg_test_desc alg_test_descs[] = {
3185 .hash = __VECS(hmac_sha512_tv_template) 3205 .hash = __VECS(hmac_sha512_tv_template)
3186 } 3206 }
3187 }, { 3207 }, {
3208 .alg = "hmac(streebog256)",
3209 .test = alg_test_hash,
3210 .suite = {
3211 .hash = __VECS(hmac_streebog256_tv_template)
3212 }
3213 }, {
3214 .alg = "hmac(streebog512)",
3215 .test = alg_test_hash,
3216 .suite = {
3217 .hash = __VECS(hmac_streebog512_tv_template)
3218 }
3219 }, {
3188 .alg = "jitterentropy_rng", 3220 .alg = "jitterentropy_rng",
3189 .fips_allowed = 1, 3221 .fips_allowed = 1,
3190 .test = alg_test_null, 3222 .test = alg_test_null,
@@ -3292,6 +3324,12 @@ static const struct alg_test_desc alg_test_descs[] = {
3292 } 3324 }
3293 } 3325 }
3294 }, { 3326 }, {
3327 .alg = "nhpoly1305",
3328 .test = alg_test_hash,
3329 .suite = {
3330 .hash = __VECS(nhpoly1305_tv_template)
3331 }
3332 }, {
3295 .alg = "ofb(aes)", 3333 .alg = "ofb(aes)",
3296 .test = alg_test_skcipher, 3334 .test = alg_test_skcipher,
3297 .fips_allowed = 1, 3335 .fips_allowed = 1,
@@ -3497,6 +3535,18 @@ static const struct alg_test_desc alg_test_descs[] = {
3497 .hash = __VECS(sm3_tv_template) 3535 .hash = __VECS(sm3_tv_template)
3498 } 3536 }
3499 }, { 3537 }, {
3538 .alg = "streebog256",
3539 .test = alg_test_hash,
3540 .suite = {
3541 .hash = __VECS(streebog256_tv_template)
3542 }
3543 }, {
3544 .alg = "streebog512",
3545 .test = alg_test_hash,
3546 .suite = {
3547 .hash = __VECS(streebog512_tv_template)
3548 }
3549 }, {
3500 .alg = "tgr128", 3550 .alg = "tgr128",
3501 .test = alg_test_hash, 3551 .test = alg_test_hash,
3502 .suite = { 3552 .suite = {
@@ -3545,6 +3595,18 @@ static const struct alg_test_desc alg_test_descs[] = {
3545 .hash = __VECS(aes_xcbc128_tv_template) 3595 .hash = __VECS(aes_xcbc128_tv_template)
3546 } 3596 }
3547 }, { 3597 }, {
3598 .alg = "xchacha12",
3599 .test = alg_test_skcipher,
3600 .suite = {
3601 .cipher = __VECS(xchacha12_tv_template)
3602 },
3603 }, {
3604 .alg = "xchacha20",
3605 .test = alg_test_skcipher,
3606 .suite = {
3607 .cipher = __VECS(xchacha20_tv_template)
3608 },
3609 }, {
3548 .alg = "xts(aes)", 3610 .alg = "xts(aes)",
3549 .test = alg_test_skcipher, 3611 .test = alg_test_skcipher,
3550 .fips_allowed = 1, 3612 .fips_allowed = 1,
diff --git a/crypto/testmgr.h b/crypto/testmgr.h
index 1fe7b97ba03f..e8f47d7b92cd 100644
--- a/crypto/testmgr.h
+++ b/crypto/testmgr.h
@@ -27,7 +27,7 @@
27#define MAX_DIGEST_SIZE 64 27#define MAX_DIGEST_SIZE 64
28#define MAX_TAP 8 28#define MAX_TAP 8
29 29
30#define MAX_KEYLEN 160 30#define MAX_KEYLEN 1088
31#define MAX_IVLEN 32 31#define MAX_IVLEN 32
32 32
33struct hash_testvec { 33struct hash_testvec {
@@ -35,10 +35,10 @@ struct hash_testvec {
35 const char *key; 35 const char *key;
36 const char *plaintext; 36 const char *plaintext;
37 const char *digest; 37 const char *digest;
38 unsigned char tap[MAX_TAP]; 38 unsigned short tap[MAX_TAP];
39 unsigned short np;
39 unsigned short psize; 40 unsigned short psize;
40 unsigned char np; 41 unsigned short ksize;
41 unsigned char ksize;
42}; 42};
43 43
44/* 44/*
@@ -2307,6 +2307,122 @@ static const struct hash_testvec crct10dif_tv_template[] = {
2307 } 2307 }
2308}; 2308};
2309 2309
2310/*
2311 * Streebog test vectors from RFC 6986 and GOST R 34.11-2012
2312 */
2313static const struct hash_testvec streebog256_tv_template[] = {
2314 { /* M1 */
2315 .plaintext = "012345678901234567890123456789012345678901234567890123456789012",
2316 .psize = 63,
2317 .digest =
2318 "\x9d\x15\x1e\xef\xd8\x59\x0b\x89"
2319 "\xda\xa6\xba\x6c\xb7\x4a\xf9\x27"
2320 "\x5d\xd0\x51\x02\x6b\xb1\x49\xa4"
2321 "\x52\xfd\x84\xe5\xe5\x7b\x55\x00",
2322 },
2323 { /* M2 */
2324 .plaintext =
2325 "\xd1\xe5\x20\xe2\xe5\xf2\xf0\xe8"
2326 "\x2c\x20\xd1\xf2\xf0\xe8\xe1\xee"
2327 "\xe6\xe8\x20\xe2\xed\xf3\xf6\xe8"
2328 "\x2c\x20\xe2\xe5\xfe\xf2\xfa\x20"
2329 "\xf1\x20\xec\xee\xf0\xff\x20\xf1"
2330 "\xf2\xf0\xe5\xeb\xe0\xec\xe8\x20"
2331 "\xed\xe0\x20\xf5\xf0\xe0\xe1\xf0"
2332 "\xfb\xff\x20\xef\xeb\xfa\xea\xfb"
2333 "\x20\xc8\xe3\xee\xf0\xe5\xe2\xfb",
2334 .psize = 72,
2335 .digest =
2336 "\x9d\xd2\xfe\x4e\x90\x40\x9e\x5d"
2337 "\xa8\x7f\x53\x97\x6d\x74\x05\xb0"
2338 "\xc0\xca\xc6\x28\xfc\x66\x9a\x74"
2339 "\x1d\x50\x06\x3c\x55\x7e\x8f\x50",
2340 },
2341};
2342
2343static const struct hash_testvec streebog512_tv_template[] = {
2344 { /* M1 */
2345 .plaintext = "012345678901234567890123456789012345678901234567890123456789012",
2346 .psize = 63,
2347 .digest =
2348 "\x1b\x54\xd0\x1a\x4a\xf5\xb9\xd5"
2349 "\xcc\x3d\x86\xd6\x8d\x28\x54\x62"
2350 "\xb1\x9a\xbc\x24\x75\x22\x2f\x35"
2351 "\xc0\x85\x12\x2b\xe4\xba\x1f\xfa"
2352 "\x00\xad\x30\xf8\x76\x7b\x3a\x82"
2353 "\x38\x4c\x65\x74\xf0\x24\xc3\x11"
2354 "\xe2\xa4\x81\x33\x2b\x08\xef\x7f"
2355 "\x41\x79\x78\x91\xc1\x64\x6f\x48",
2356 },
2357 { /* M2 */
2358 .plaintext =
2359 "\xd1\xe5\x20\xe2\xe5\xf2\xf0\xe8"
2360 "\x2c\x20\xd1\xf2\xf0\xe8\xe1\xee"
2361 "\xe6\xe8\x20\xe2\xed\xf3\xf6\xe8"
2362 "\x2c\x20\xe2\xe5\xfe\xf2\xfa\x20"
2363 "\xf1\x20\xec\xee\xf0\xff\x20\xf1"
2364 "\xf2\xf0\xe5\xeb\xe0\xec\xe8\x20"
2365 "\xed\xe0\x20\xf5\xf0\xe0\xe1\xf0"
2366 "\xfb\xff\x20\xef\xeb\xfa\xea\xfb"
2367 "\x20\xc8\xe3\xee\xf0\xe5\xe2\xfb",
2368 .psize = 72,
2369 .digest =
2370 "\x1e\x88\xe6\x22\x26\xbf\xca\x6f"
2371 "\x99\x94\xf1\xf2\xd5\x15\x69\xe0"
2372 "\xda\xf8\x47\x5a\x3b\x0f\xe6\x1a"
2373 "\x53\x00\xee\xe4\x6d\x96\x13\x76"
2374 "\x03\x5f\xe8\x35\x49\xad\xa2\xb8"
2375 "\x62\x0f\xcd\x7c\x49\x6c\xe5\xb3"
2376 "\x3f\x0c\xb9\xdd\xdc\x2b\x64\x60"
2377 "\x14\x3b\x03\xda\xba\xc9\xfb\x28",
2378 },
2379};
2380
2381/*
2382 * Two HMAC-Streebog test vectors from RFC 7836 and R 50.1.113-2016 A
2383 */
2384static const struct hash_testvec hmac_streebog256_tv_template[] = {
2385 {
2386 .key = "\x00\x01\x02\x03\x04\x05\x06\x07"
2387 "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f"
2388 "\x10\x11\x12\x13\x14\x15\x16\x17"
2389 "\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f",
2390 .ksize = 32,
2391 .plaintext =
2392 "\x01\x26\xbd\xb8\x78\x00\xaf\x21"
2393 "\x43\x41\x45\x65\x63\x78\x01\x00",
2394 .psize = 16,
2395 .digest =
2396 "\xa1\xaa\x5f\x7d\xe4\x02\xd7\xb3"
2397 "\xd3\x23\xf2\x99\x1c\x8d\x45\x34"
2398 "\x01\x31\x37\x01\x0a\x83\x75\x4f"
2399 "\xd0\xaf\x6d\x7c\xd4\x92\x2e\xd9",
2400 },
2401};
2402
2403static const struct hash_testvec hmac_streebog512_tv_template[] = {
2404 {
2405 .key = "\x00\x01\x02\x03\x04\x05\x06\x07"
2406 "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f"
2407 "\x10\x11\x12\x13\x14\x15\x16\x17"
2408 "\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f",
2409 .ksize = 32,
2410 .plaintext =
2411 "\x01\x26\xbd\xb8\x78\x00\xaf\x21"
2412 "\x43\x41\x45\x65\x63\x78\x01\x00",
2413 .psize = 16,
2414 .digest =
2415 "\xa5\x9b\xab\x22\xec\xae\x19\xc6"
2416 "\x5f\xbd\xe6\xe5\xf4\xe9\xf5\xd8"
2417 "\x54\x9d\x31\xf0\x37\xf9\xdf\x9b"
2418 "\x90\x55\x00\xe1\x71\x92\x3a\x77"
2419 "\x3d\x5f\x15\x30\xf2\xed\x7e\x96"
2420 "\x4c\xb2\xee\xdc\x29\xe9\xad\x2f"
2421 "\x3a\xfe\x93\xb2\x81\x4f\x79\xf5"
2422 "\x00\x0f\xfc\x03\x66\xc2\x51\xe6",
2423 },
2424};
2425
2310/* Example vectors below taken from 2426/* Example vectors below taken from
2311 * http://www.oscca.gov.cn/UpFile/20101222141857786.pdf 2427 * http://www.oscca.gov.cn/UpFile/20101222141857786.pdf
2312 * 2428 *
@@ -5593,6 +5709,1238 @@ static const struct hash_testvec poly1305_tv_template[] = {
5593 }, 5709 },
5594}; 5710};
5595 5711
5712/* NHPoly1305 test vectors from https://github.com/google/adiantum */
5713static const struct hash_testvec nhpoly1305_tv_template[] = {
5714 {
5715 .key = "\xd2\x5d\x4c\xdd\x8d\x2b\x7f\x7a"
5716 "\xd9\xbe\x71\xec\xd1\x83\x52\xe3"
5717 "\xe1\xad\xd7\x5c\x0a\x75\x9d\xec"
5718 "\x1d\x13\x7e\x5d\x71\x07\xc9\xe4"
5719 "\x57\x2d\x44\x68\xcf\xd8\xd6\xc5"
5720 "\x39\x69\x7d\x32\x75\x51\x4f\x7e"
5721 "\xb2\x4c\xc6\x90\x51\x6e\xd9\xd6"
5722 "\xa5\x8b\x2d\xf1\x94\xf9\xf7\x5e"
5723 "\x2c\x84\x7b\x41\x0f\x88\x50\x89"
5724 "\x30\xd9\xa1\x38\x46\x6c\xc0\x4f"
5725 "\xe8\xdf\xdc\x66\xab\x24\x43\x41"
5726 "\x91\x55\x29\x65\x86\x28\x5e\x45"
5727 "\xd5\x2d\xb7\x80\x08\x9a\xc3\xd4"
5728 "\x9a\x77\x0a\xd4\xef\x3e\xe6\x3f"
5729 "\x6f\x2f\x9b\x3a\x7d\x12\x1e\x80"
5730 "\x6c\x44\xa2\x25\xe1\xf6\x60\xe9"
5731 "\x0d\xaf\xc5\x3c\xa5\x79\xae\x64"
5732 "\xbc\xa0\x39\xa3\x4d\x10\xe5\x4d"
5733 "\xd5\xe7\x89\x7a\x13\xee\x06\x78"
5734 "\xdc\xa4\xdc\x14\x27\xe6\x49\x38"
5735 "\xd0\xe0\x45\x25\x36\xc5\xf4\x79"
5736 "\x2e\x9a\x98\x04\xe4\x2b\x46\x52"
5737 "\x7c\x33\xca\xe2\x56\x51\x50\xe2"
5738 "\xa5\x9a\xae\x18\x6a\x13\xf8\xd2"
5739 "\x21\x31\x66\x02\xe2\xda\x8d\x7e"
5740 "\x41\x19\xb2\x61\xee\x48\x8f\xf1"
5741 "\x65\x24\x2e\x1e\x68\xce\x05\xd9"
5742 "\x2a\xcf\xa5\x3a\x57\xdd\x35\x91"
5743 "\x93\x01\xca\x95\xfc\x2b\x36\x04"
5744 "\xe6\x96\x97\x28\xf6\x31\xfe\xa3"
5745 "\x9d\xf6\x6a\x1e\x80\x8d\xdc\xec"
5746 "\xaf\x66\x11\x13\x02\x88\xd5\x27"
5747 "\x33\xb4\x1a\xcd\xa3\xf6\xde\x31"
5748 "\x8e\xc0\x0e\x6c\xd8\x5a\x97\x5e"
5749 "\xdd\xfd\x60\x69\x38\x46\x3f\x90"
5750 "\x5e\x97\xd3\x32\x76\xc7\x82\x49"
5751 "\xfe\xba\x06\x5f\x2f\xa2\xfd\xff"
5752 "\x80\x05\x40\xe4\x33\x03\xfb\x10"
5753 "\xc0\xde\x65\x8c\xc9\x8d\x3a\x9d"
5754 "\xb5\x7b\x36\x4b\xb5\x0c\xcf\x00"
5755 "\x9c\x87\xe4\x49\xad\x90\xda\x4a"
5756 "\xdd\xbd\xff\xe2\x32\x57\xd6\x78"
5757 "\x36\x39\x6c\xd3\x5b\x9b\x88\x59"
5758 "\x2d\xf0\x46\xe4\x13\x0e\x2b\x35"
5759 "\x0d\x0f\x73\x8a\x4f\x26\x84\x75"
5760 "\x88\x3c\xc5\x58\x66\x18\x1a\xb4"
5761 "\x64\x51\x34\x27\x1b\xa4\x11\xc9"
5762 "\x6d\x91\x8a\xfa\x32\x60\x9d\xd7"
5763 "\x87\xe5\xaa\x43\x72\xf8\xda\xd1"
5764 "\x48\x44\x13\x61\xdc\x8c\x76\x17"
5765 "\x0c\x85\x4e\xf3\xdd\xa2\x42\xd2"
5766 "\x74\xc1\x30\x1b\xeb\x35\x31\x29"
5767 "\x5b\xd7\x4c\x94\x46\x35\xa1\x23"
5768 "\x50\xf2\xa2\x8e\x7e\x4f\x23\x4f"
5769 "\x51\xff\xe2\xc9\xa3\x7d\x56\x8b"
5770 "\x41\xf2\xd0\xc5\x57\x7e\x59\xac"
5771 "\xbb\x65\xf3\xfe\xf7\x17\xef\x63"
5772 "\x7c\x6f\x23\xdd\x22\x8e\xed\x84"
5773 "\x0e\x3b\x09\xb3\xf3\xf4\x8f\xcd"
5774 "\x37\xa8\xe1\xa7\x30\xdb\xb1\xa2"
5775 "\x9c\xa2\xdf\x34\x17\x3e\x68\x44"
5776 "\xd0\xde\x03\x50\xd1\x48\x6b\x20"
5777 "\xe2\x63\x45\xa5\xea\x87\xc2\x42"
5778 "\x95\x03\x49\x05\xed\xe0\x90\x29"
5779 "\x1a\xb8\xcf\x9b\x43\xcf\x29\x7a"
5780 "\x63\x17\x41\x9f\xe0\xc9\x10\xfd"
5781 "\x2c\x56\x8c\x08\x55\xb4\xa9\x27"
5782 "\x0f\x23\xb1\x05\x6a\x12\x46\xc7"
5783 "\xe1\xfe\x28\x93\x93\xd7\x2f\xdc"
5784 "\x98\x30\xdb\x75\x8a\xbe\x97\x7a"
5785 "\x02\xfb\x8c\xba\xbe\x25\x09\xbe"
5786 "\xce\xcb\xa2\xef\x79\x4d\x0e\x9d"
5787 "\x1b\x9d\xb6\x39\x34\x38\xfa\x07"
5788 "\xec\xe8\xfc\x32\x85\x1d\xf7\x85"
5789 "\x63\xc3\x3c\xc0\x02\x75\xd7\x3f"
5790 "\xb2\x68\x60\x66\x65\x81\xc6\xb1"
5791 "\x42\x65\x4b\x4b\x28\xd7\xc7\xaa"
5792 "\x9b\xd2\xdc\x1b\x01\xe0\x26\x39"
5793 "\x01\xc1\x52\x14\xd1\x3f\xb7\xe6"
5794 "\x61\x41\xc7\x93\xd2\xa2\x67\xc6"
5795 "\xf7\x11\xb5\xf5\xea\xdd\x19\xfb"
5796 "\x4d\x21\x12\xd6\x7d\xf1\x10\xb0"
5797 "\x89\x07\xc7\x5a\x52\x73\x70\x2f"
5798 "\x32\xef\x65\x2b\x12\xb2\xf0\xf5"
5799 "\x20\xe0\x90\x59\x7e\x64\xf1\x4c"
5800 "\x41\xb3\xa5\x91\x08\xe6\x5e\x5f"
5801 "\x05\x56\x76\xb4\xb0\xcd\x70\x53"
5802 "\x10\x48\x9c\xff\xc2\x69\x55\x24"
5803 "\x87\xef\x84\xea\xfb\xa7\xbf\xa0"
5804 "\x91\x04\xad\x4f\x8b\x57\x54\x4b"
5805 "\xb6\xe9\xd1\xac\x37\x2f\x1d\x2e"
5806 "\xab\xa5\xa4\xe8\xff\xfb\xd9\x39"
5807 "\x2f\xb7\xac\xd1\xfe\x0b\x9a\x80"
5808 "\x0f\xb6\xf4\x36\x39\x90\x51\xe3"
5809 "\x0a\x2f\xb6\x45\x76\x89\xcd\x61"
5810 "\xfe\x48\x5f\x75\x1d\x13\x00\x62"
5811 "\x80\x24\x47\xe7\xbc\x37\xd7\xe3"
5812 "\x15\xe8\x68\x22\xaf\x80\x6f\x4b"
5813 "\xa8\x9f\x01\x10\x48\x14\xc3\x02"
5814 "\x52\xd2\xc7\x75\x9b\x52\x6d\x30"
5815 "\xac\x13\x85\xc8\xf7\xa3\x58\x4b"
5816 "\x49\xf7\x1c\x45\x55\x8c\x39\x9a"
5817 "\x99\x6d\x97\x27\x27\xe6\xab\xdd"
5818 "\x2c\x42\x1b\x35\xdd\x9d\x73\xbb"
5819 "\x6c\xf3\x64\xf1\xfb\xb9\xf7\xe6"
5820 "\x4a\x3c\xc0\x92\xc0\x2e\xb7\x1a"
5821 "\xbe\xab\xb3\x5a\xe5\xea\xb1\x48"
5822 "\x58\x13\x53\x90\xfd\xc3\x8e\x54"
5823 "\xf9\x18\x16\x73\xe8\xcb\x6d\x39"
5824 "\x0e\xd7\xe0\xfe\xb6\x9f\x43\x97"
5825 "\xe8\xd0\x85\x56\x83\x3e\x98\x68"
5826 "\x7f\xbd\x95\xa8\x9a\x61\x21\x8f"
5827 "\x06\x98\x34\xa6\xc8\xd6\x1d\xf3"
5828 "\x3d\x43\xa4\x9a\x8c\xe5\xd3\x5a"
5829 "\x32\xa2\x04\x22\xa4\x19\x1a\x46"
5830 "\x42\x7e\x4d\xe5\xe0\xe6\x0e\xca"
5831 "\xd5\x58\x9d\x2c\xaf\xda\x33\x5c"
5832 "\xb0\x79\x9e\xc9\xfc\xca\xf0\x2f"
5833 "\xa8\xb2\x77\xeb\x7a\xa2\xdd\x37"
5834 "\x35\x83\x07\xd6\x02\x1a\xb6\x6c"
5835 "\x24\xe2\x59\x08\x0e\xfd\x3e\x46"
5836 "\xec\x40\x93\xf4\x00\x26\x4f\x2a"
5837 "\xff\x47\x2f\xeb\x02\x92\x26\x5b"
5838 "\x53\x17\xc2\x8d\x2a\xc7\xa3\x1b"
5839 "\xcd\xbc\xa7\xe8\xd1\x76\xe3\x80"
5840 "\x21\xca\x5d\x3b\xe4\x9c\x8f\xa9"
5841 "\x5b\x7f\x29\x7f\x7c\xd8\xed\x6d"
5842 "\x8c\xb2\x86\x85\xe7\x77\xf2\x85"
5843 "\xab\x38\xa9\x9d\xc1\x4e\xc5\x64"
5844 "\x33\x73\x8b\x59\x03\xad\x05\xdf"
5845 "\x25\x98\x31\xde\xef\x13\xf1\x9b"
5846 "\x3c\x91\x9d\x7b\xb1\xfa\xe6\xbf"
5847 "\x5b\xed\xa5\x55\xe6\xea\x6c\x74"
5848 "\xf4\xb9\xe4\x45\x64\x72\x81\xc2"
5849 "\x4c\x28\xd4\xcd\xac\xe2\xde\xf9"
5850 "\xeb\x5c\xeb\x61\x60\x5a\xe5\x28",
5851 .ksize = 1088,
5852 .plaintext = "",
5853 .psize = 0,
5854 .digest = "\x00\x00\x00\x00\x00\x00\x00\x00"
5855 "\x00\x00\x00\x00\x00\x00\x00\x00",
5856 }, {
5857 .key = "\x29\x21\x43\xcb\xcb\x13\x07\xde"
5858 "\xbf\x48\xdf\x8a\x7f\xa2\x84\xde"
5859 "\x72\x23\x9d\xf5\xf0\x07\xf2\x4c"
5860 "\x20\x3a\x93\xb9\xcd\x5d\xfe\xcb"
5861 "\x99\x2c\x2b\x58\xc6\x50\x5f\x94"
5862 "\x56\xc3\x7c\x0d\x02\x3f\xb8\x5e"
5863 "\x7b\xc0\x6c\x51\x34\x76\xc0\x0e"
5864 "\xc6\x22\xc8\x9e\x92\xa0\x21\xc9"
5865 "\x85\x5c\x7c\xf8\xe2\x64\x47\xc9"
5866 "\xe4\xa2\x57\x93\xf8\xa2\x69\xcd"
5867 "\x62\x98\x99\xf4\xd7\x7b\x14\xb1"
5868 "\xd8\x05\xff\x04\x15\xc9\xe1\x6e"
5869 "\x9b\xe6\x50\x6b\x0b\x3f\x22\x1f"
5870 "\x08\xde\x0c\x5b\x08\x7e\xc6\x2f"
5871 "\x6c\xed\xd6\xb2\x15\xa4\xb3\xf9"
5872 "\xa7\x46\x38\x2a\xea\x69\xa5\xde"
5873 "\x02\xc3\x96\x89\x4d\x55\x3b\xed"
5874 "\x3d\x3a\x85\x77\xbf\x97\x45\x5c"
5875 "\x9e\x02\x69\xe2\x1b\x68\xbe\x96"
5876 "\xfb\x64\x6f\x0f\xf6\x06\x40\x67"
5877 "\xfa\x04\xe3\x55\xfa\xbe\xa4\x60"
5878 "\xef\x21\x66\x97\xe6\x9d\x5c\x1f"
5879 "\x62\x37\xaa\x31\xde\xe4\x9c\x28"
5880 "\x95\xe0\x22\x86\xf4\x4d\xf3\x07"
5881 "\xfd\x5f\x3a\x54\x2c\x51\x80\x71"
5882 "\xba\x78\x69\x5b\x65\xab\x1f\x81"
5883 "\xed\x3b\xff\x34\xa3\xfb\xbc\x73"
5884 "\x66\x7d\x13\x7f\xdf\x6e\xe2\xe2"
5885 "\xeb\x4f\x6c\xda\x7d\x33\x57\xd0"
5886 "\xd3\x7c\x95\x4f\x33\x58\x21\xc7"
5887 "\xc0\xe5\x6f\x42\x26\xc6\x1f\x5e"
5888 "\x85\x1b\x98\x9a\xa2\x1e\x55\x77"
5889 "\x23\xdf\x81\x5e\x79\x55\x05\xfc"
5890 "\xfb\xda\xee\xba\x5a\xba\xf7\x77"
5891 "\x7f\x0e\xd3\xe1\x37\xfe\x8d\x2b"
5892 "\xd5\x3f\xfb\xd0\xc0\x3c\x0b\x3f"
5893 "\xcf\x3c\x14\xcf\xfb\x46\x72\x4c"
5894 "\x1f\x39\xe2\xda\x03\x71\x6d\x23"
5895 "\xef\x93\xcd\x39\xd9\x37\x80\x4d"
5896 "\x65\x61\xd1\x2c\x03\xa9\x47\x72"
5897 "\x4d\x1e\x0e\x16\x33\x0f\x21\x17"
5898 "\xec\x92\xea\x6f\x37\x22\xa4\xd8"
5899 "\x03\x33\x9e\xd8\x03\x69\x9a\xe8"
5900 "\xb2\x57\xaf\x78\x99\x05\x12\xab"
5901 "\x48\x90\x80\xf0\x12\x9b\x20\x64"
5902 "\x7a\x1d\x47\x5f\xba\x3c\xf9\xc3"
5903 "\x0a\x0d\x8d\xa1\xf9\x1b\x82\x13"
5904 "\x3e\x0d\xec\x0a\x83\xc0\x65\xe1"
5905 "\xe9\x95\xff\x97\xd6\xf2\xe4\xd5"
5906 "\x86\xc0\x1f\x29\x27\x63\xd7\xde"
5907 "\xb7\x0a\x07\x99\x04\x2d\xa3\x89"
5908 "\xa2\x43\xcf\xf3\xe1\x43\xac\x4a"
5909 "\x06\x97\xd0\x05\x4f\x87\xfa\xf9"
5910 "\x9b\xbf\x52\x70\xbd\xbc\x6c\xf3"
5911 "\x03\x13\x60\x41\x28\x09\xec\xcc"
5912 "\xb1\x1a\xec\xd6\xfb\x6f\x2a\x89"
5913 "\x5d\x0b\x53\x9c\x59\xc1\x84\x21"
5914 "\x33\x51\x47\x19\x31\x9c\xd4\x0a"
5915 "\x4d\x04\xec\x50\x90\x61\xbd\xbc"
5916 "\x7e\xc8\xd9\x6c\x98\x1d\x45\x41"
5917 "\x17\x5e\x97\x1c\xc5\xa8\xe8\xea"
5918 "\x46\x58\x53\xf7\x17\xd5\xad\x11"
5919 "\xc8\x54\xf5\x7a\x33\x90\xf5\x19"
5920 "\xba\x36\xb4\xfc\x52\xa5\x72\x3d"
5921 "\x14\xbb\x55\xa7\xe9\xe3\x12\xf7"
5922 "\x1c\x30\xa2\x82\x03\xbf\x53\x91"
5923 "\x2e\x60\x41\x9f\x5b\x69\x39\xf6"
5924 "\x4d\xc8\xf8\x46\x7a\x7f\xa4\x98"
5925 "\x36\xff\x06\xcb\xca\xe7\x33\xf2"
5926 "\xc0\x4a\xf4\x3c\x14\x44\x5f\x6b"
5927 "\x75\xef\x02\x36\x75\x08\x14\xfd"
5928 "\x10\x8e\xa5\x58\xd0\x30\x46\x49"
5929 "\xaf\x3a\xf8\x40\x3d\x35\xdb\x84"
5930 "\x11\x2e\x97\x6a\xb7\x87\x7f\xad"
5931 "\xf1\xfa\xa5\x63\x60\xd8\x5e\xbf"
5932 "\x41\x78\x49\xcf\x77\xbb\x56\xbb"
5933 "\x7d\x01\x67\x05\x22\xc8\x8f\x41"
5934 "\xba\x81\xd2\xca\x2c\x38\xac\x76"
5935 "\x06\xc1\x1a\xc2\xce\xac\x90\x67"
5936 "\x57\x3e\x20\x12\x5b\xd9\x97\x58"
5937 "\x65\x05\xb7\x04\x61\x7e\xd8\x3a"
5938 "\xbf\x55\x3b\x13\xe9\x34\x5a\x37"
5939 "\x36\xcb\x94\x45\xc5\x32\xb3\xa0"
5940 "\x0c\x3e\x49\xc5\xd3\xed\xa7\xf0"
5941 "\x1c\x69\xcc\xea\xcc\x83\xc9\x16"
5942 "\x95\x72\x4b\xf4\x89\xd5\xb9\x10"
5943 "\xf6\x2d\x60\x15\xea\x3c\x06\x66"
5944 "\x9f\x82\xad\x17\xce\xd2\xa4\x48"
5945 "\x7c\x65\xd9\xf8\x02\x4d\x9b\x4c"
5946 "\x89\x06\x3a\x34\x85\x48\x89\x86"
5947 "\xf9\x24\xa9\x54\x72\xdb\x44\x95"
5948 "\xc7\x44\x1c\x19\x11\x4c\x04\xdc"
5949 "\x13\xb9\x67\xc8\xc3\x3a\x6a\x50"
5950 "\xfa\xd1\xfb\xe1\x88\xb6\xf1\xa3"
5951 "\xc5\x3b\xdc\x38\x45\x16\x26\x02"
5952 "\x3b\xb8\x8f\x8b\x58\x7d\x23\x04"
5953 "\x50\x6b\x81\x9f\xae\x66\xac\x6f"
5954 "\xcf\x2a\x9d\xf1\xfd\x1d\x57\x07"
5955 "\xbe\x58\xeb\x77\x0c\xe3\xc2\x19"
5956 "\x14\x74\x1b\x51\x1c\x4f\x41\xf3"
5957 "\x32\x89\xb3\xe7\xde\x62\xf6\x5f"
5958 "\xc7\x6a\x4a\x2a\x5b\x0f\x5f\x87"
5959 "\x9c\x08\xb9\x02\x88\xc8\x29\xb7"
5960 "\x94\x52\xfa\x52\xfe\xaa\x50\x10"
5961 "\xba\x48\x75\x5e\x11\x1b\xe6\x39"
5962 "\xd7\x82\x2c\x87\xf1\x1e\xa4\x38"
5963 "\x72\x3e\x51\xe7\xd8\x3e\x5b\x7b"
5964 "\x31\x16\x89\xba\xd6\xad\x18\x5e"
5965 "\xba\xf8\x12\xb3\xf4\x6c\x47\x30"
5966 "\xc0\x38\x58\xb3\x10\x8d\x58\x5d"
5967 "\xb4\xfb\x19\x7e\x41\xc3\x66\xb8"
5968 "\xd6\x72\x84\xe1\x1a\xc2\x71\x4c"
5969 "\x0d\x4a\x21\x7a\xab\xa2\xc0\x36"
5970 "\x15\xc5\xe9\x46\xd7\x29\x17\x76"
5971 "\x5e\x47\x36\x7f\x72\x05\xa7\xcc"
5972 "\x36\x63\xf9\x47\x7d\xe6\x07\x3c"
5973 "\x8b\x79\x1d\x96\x61\x8d\x90\x65"
5974 "\x7c\xf5\xeb\x4e\x6e\x09\x59\x6d"
5975 "\x62\x50\x1b\x0f\xe0\xdc\x78\xf2"
5976 "\x5b\x83\x1a\xa1\x11\x75\xfd\x18"
5977 "\xd7\xe2\x8d\x65\x14\x21\xce\xbe"
5978 "\xb5\x87\xe3\x0a\xda\x24\x0a\x64"
5979 "\xa9\x9f\x03\x8d\x46\x5d\x24\x1a"
5980 "\x8a\x0c\x42\x01\xca\xb1\x5f\x7c"
5981 "\xa5\xac\x32\x4a\xb8\x07\x91\x18"
5982 "\x6f\xb0\x71\x3c\xc9\xb1\xa8\xf8"
5983 "\x5f\x69\xa5\xa1\xca\x9e\x7a\xaa"
5984 "\xac\xe9\xc7\x47\x41\x75\x25\xc3"
5985 "\x73\xe2\x0b\xdd\x6d\x52\x71\xbe"
5986 "\xc5\xdc\xb4\xe7\x01\x26\x53\x77"
5987 "\x86\x90\x85\x68\x6b\x7b\x03\x53"
5988 "\xda\x52\x52\x51\x68\xc8\xf3\xec"
5989 "\x6c\xd5\x03\x7a\xa3\x0e\xb4\x02"
5990 "\x5f\x1a\xab\xee\xca\x67\x29\x7b"
5991 "\xbd\x96\x59\xb3\x8b\x32\x7a\x92"
5992 "\x9f\xd8\x25\x2b\xdf\xc0\x4c\xda",
5993 .ksize = 1088,
5994 .plaintext = "\xbc\xda\x81\xa8\x78\x79\x1c\xbf"
5995 "\x77\x53\xba\x4c\x30\x5b\xb8\x33",
5996 .psize = 16,
5997 .digest = "\x04\xbf\x7f\x6a\xce\x72\xea\x6a"
5998 "\x79\xdb\xb0\xc9\x60\xf6\x12\xcc",
5999 .np = 6,
6000 .tap = { 4, 4, 1, 1, 1, 5 },
6001 }, {
6002 .key = "\x65\x4d\xe3\xf8\xd2\x4c\xac\x28"
6003 "\x68\xf5\xb3\x81\x71\x4b\xa1\xfa"
6004 "\x04\x0e\xd3\x81\x36\xbe\x0c\x81"
6005 "\x5e\xaf\xbc\x3a\xa4\xc0\x8e\x8b"
6006 "\x55\x63\xd3\x52\x97\x88\xd6\x19"
6007 "\xbc\x96\xdf\x49\xff\x04\x63\xf5"
6008 "\x0c\x11\x13\xaa\x9e\x1f\x5a\xf7"
6009 "\xdd\xbd\x37\x80\xc3\xd0\xbe\xa7"
6010 "\x05\xc8\x3c\x98\x1e\x05\x3c\x84"
6011 "\x39\x61\xc4\xed\xed\x71\x1b\xc4"
6012 "\x74\x45\x2c\xa1\x56\x70\x97\xfd"
6013 "\x44\x18\x07\x7d\xca\x60\x1f\x73"
6014 "\x3b\x6d\x21\xcb\x61\x87\x70\x25"
6015 "\x46\x21\xf1\x1f\x21\x91\x31\x2d"
6016 "\x5d\xcc\xb7\xd1\x84\x3e\x3d\xdb"
6017 "\x03\x53\x2a\x82\xa6\x9a\x95\xbc"
6018 "\x1a\x1e\x0a\x5e\x07\x43\xab\x43"
6019 "\xaf\x92\x82\x06\x91\x04\x09\xf4"
6020 "\x17\x0a\x9a\x2c\x54\xdb\xb8\xf4"
6021 "\xd0\xf0\x10\x66\x24\x8d\xcd\xda"
6022 "\xfe\x0e\x45\x9d\x6f\xc4\x4e\xf4"
6023 "\x96\xaf\x13\xdc\xa9\xd4\x8c\xc4"
6024 "\xc8\x57\x39\x3c\xc2\xd3\x0a\x76"
6025 "\x4a\x1f\x75\x83\x44\xc7\xd1\x39"
6026 "\xd8\xb5\x41\xba\x73\x87\xfa\x96"
6027 "\xc7\x18\x53\xfb\x9b\xda\xa0\x97"
6028 "\x1d\xee\x60\x85\x9e\x14\xc3\xce"
6029 "\xc4\x05\x29\x3b\x95\x30\xa3\xd1"
6030 "\x9f\x82\x6a\x04\xf5\xa7\x75\x57"
6031 "\x82\x04\xfe\x71\x51\x71\xb1\x49"
6032 "\x50\xf8\xe0\x96\xf1\xfa\xa8\x88"
6033 "\x3f\xa0\x86\x20\xd4\x60\x79\x59"
6034 "\x17\x2d\xd1\x09\xf4\xec\x05\x57"
6035 "\xcf\x62\x7e\x0e\x7e\x60\x78\xe6"
6036 "\x08\x60\x29\xd8\xd5\x08\x1a\x24"
6037 "\xc4\x6c\x24\xe7\x92\x08\x3d\x8a"
6038 "\x98\x7a\xcf\x99\x0a\x65\x0e\xdc"
6039 "\x8c\x8a\xbe\x92\x82\x91\xcc\x62"
6040 "\x30\xb6\xf4\x3f\xc6\x8a\x7f\x12"
6041 "\x4a\x8a\x49\xfa\x3f\x5c\xd4\x5a"
6042 "\xa6\x82\xa3\xe6\xaa\x34\x76\xb2"
6043 "\xab\x0a\x30\xef\x6c\x77\x58\x3f"
6044 "\x05\x6b\xcc\x5c\xae\xdc\xd7\xb9"
6045 "\x51\x7e\x8d\x32\x5b\x24\x25\xbe"
6046 "\x2b\x24\x01\xcf\x80\xda\x16\xd8"
6047 "\x90\x72\x2c\xad\x34\x8d\x0c\x74"
6048 "\x02\xcb\xfd\xcf\x6e\xef\x97\xb5"
6049 "\x4c\xf2\x68\xca\xde\x43\x9e\x8a"
6050 "\xc5\x5f\x31\x7f\x14\x71\x38\xec"
6051 "\xbd\x98\xe5\x71\xc4\xb5\xdb\xef"
6052 "\x59\xd2\xca\xc0\xc1\x86\x75\x01"
6053 "\xd4\x15\x0d\x6f\xa4\xf7\x7b\x37"
6054 "\x47\xda\x18\x93\x63\xda\xbe\x9e"
6055 "\x07\xfb\xb2\x83\xd5\xc4\x34\x55"
6056 "\xee\x73\xa1\x42\x96\xf9\x66\x41"
6057 "\xa4\xcc\xd2\x93\x6e\xe1\x0a\xbb"
6058 "\xd2\xdd\x18\x23\xe6\x6b\x98\x0b"
6059 "\x8a\x83\x59\x2c\xc3\xa6\x59\x5b"
6060 "\x01\x22\x59\xf7\xdc\xb0\x87\x7e"
6061 "\xdb\x7d\xf4\x71\x41\xab\xbd\xee"
6062 "\x79\xbe\x3c\x01\x76\x0b\x2d\x0a"
6063 "\x42\xc9\x77\x8c\xbb\x54\x95\x60"
6064 "\x43\x2e\xe0\x17\x52\xbd\x90\xc9"
6065 "\xc2\x2c\xdd\x90\x24\x22\x76\x40"
6066 "\x5c\xb9\x41\xc9\xa1\xd5\xbd\xe3"
6067 "\x44\xe0\xa4\xab\xcc\xb8\xe2\x32"
6068 "\x02\x15\x04\x1f\x8c\xec\x5d\x14"
6069 "\xac\x18\xaa\xef\x6e\x33\x19\x6e"
6070 "\xde\xfe\x19\xdb\xeb\x61\xca\x18"
6071 "\xad\xd8\x3d\xbf\x09\x11\xc7\xa5"
6072 "\x86\x0b\x0f\xe5\x3e\xde\xe8\xd9"
6073 "\x0a\x69\x9e\x4c\x20\xff\xf9\xc5"
6074 "\xfa\xf8\xf3\x7f\xa5\x01\x4b\x5e"
6075 "\x0f\xf0\x3b\x68\xf0\x46\x8c\x2a"
6076 "\x7a\xc1\x8f\xa0\xfe\x6a\x5b\x44"
6077 "\x70\x5c\xcc\x92\x2c\x6f\x0f\xbd"
6078 "\x25\x3e\xb7\x8e\x73\x58\xda\xc9"
6079 "\xa5\xaa\x9e\xf3\x9b\xfd\x37\x3e"
6080 "\xe2\x88\xa4\x7b\xc8\x5c\xa8\x93"
6081 "\x0e\xe7\x9a\x9c\x2e\x95\x18\x9f"
6082 "\xc8\x45\x0c\x88\x9e\x53\x4f\x3a"
6083 "\x76\xc1\x35\xfa\x17\xd8\xac\xa0"
6084 "\x0c\x2d\x47\x2e\x4f\x69\x9b\xf7"
6085 "\xd0\xb6\x96\x0c\x19\xb3\x08\x01"
6086 "\x65\x7a\x1f\xc7\x31\x86\xdb\xc8"
6087 "\xc1\x99\x8f\xf8\x08\x4a\x9d\x23"
6088 "\x22\xa8\xcf\x27\x01\x01\x88\x93"
6089 "\x9c\x86\x45\xbd\xe0\x51\xca\x52"
6090 "\x84\xba\xfe\x03\xf7\xda\xc5\xce"
6091 "\x3e\x77\x75\x86\xaf\x84\xc8\x05"
6092 "\x44\x01\x0f\x02\xf3\x58\xb0\x06"
6093 "\x5a\xd7\x12\x30\x8d\xdf\x1f\x1f"
6094 "\x0a\xe6\xd2\xea\xf6\x3a\x7a\x99"
6095 "\x63\xe8\xd2\xc1\x4a\x45\x8b\x40"
6096 "\x4d\x0a\xa9\x76\x92\xb3\xda\x87"
6097 "\x36\x33\xf0\x78\xc3\x2f\x5f\x02"
6098 "\x1a\x6a\x2c\x32\xcd\x76\xbf\xbd"
6099 "\x5a\x26\x20\x28\x8c\x8c\xbc\x52"
6100 "\x3d\x0a\xc9\xcb\xab\xa4\x21\xb0"
6101 "\x54\x40\x81\x44\xc7\xd6\x1c\x11"
6102 "\x44\xc6\x02\x92\x14\x5a\xbf\x1a"
6103 "\x09\x8a\x18\xad\xcd\x64\x3d\x53"
6104 "\x4a\xb6\xa5\x1b\x57\x0e\xef\xe0"
6105 "\x8c\x44\x5f\x7d\xbd\x6c\xfd\x60"
6106 "\xae\x02\x24\xb6\x99\xdd\x8c\xaf"
6107 "\x59\x39\x75\x3c\xd1\x54\x7b\x86"
6108 "\xcc\x99\xd9\x28\x0c\xb0\x94\x62"
6109 "\xf9\x51\xd1\x19\x96\x2d\x66\xf5"
6110 "\x55\xcf\x9e\x59\xe2\x6b\x2c\x08"
6111 "\xc0\x54\x48\x24\x45\xc3\x8c\x73"
6112 "\xea\x27\x6e\x66\x7d\x1d\x0e\x6e"
6113 "\x13\xe8\x56\x65\x3a\xb0\x81\x5c"
6114 "\xf0\xe8\xd8\x00\x6b\xcd\x8f\xad"
6115 "\xdd\x53\xf3\xa4\x6c\x43\xd6\x31"
6116 "\xaf\xd2\x76\x1e\x91\x12\xdb\x3c"
6117 "\x8c\xc2\x81\xf0\x49\xdb\xe2\x6b"
6118 "\x76\x62\x0a\x04\xe4\xaa\x8a\x7c"
6119 "\x08\x0b\x5d\xd0\xee\x1d\xfb\xc4"
6120 "\x02\x75\x42\xd6\xba\xa7\x22\xa8"
6121 "\x47\x29\xb7\x85\x6d\x93\x3a\xdb"
6122 "\x00\x53\x0b\xa2\xeb\xf8\xfe\x01"
6123 "\x6f\x8a\x31\xd6\x17\x05\x6f\x67"
6124 "\x88\x95\x32\xfe\x4f\xa6\x4b\xf8"
6125 "\x03\xe4\xcd\x9a\x18\xe8\x4e\x2d"
6126 "\xf7\x97\x9a\x0c\x7d\x9f\x7e\x44"
6127 "\x69\x51\xe0\x32\x6b\x62\x86\x8f"
6128 "\xa6\x8e\x0b\x21\x96\xe5\xaf\x77"
6129 "\xc0\x83\xdf\xa5\x0e\xd0\xa1\x04"
6130 "\xaf\xc1\x10\xcb\x5a\x40\xe4\xe3"
6131 "\x38\x7e\x07\xe8\x4d\xfa\xed\xc5"
6132 "\xf0\x37\xdf\xbb\x8a\xcf\x3d\xdc"
6133 "\x61\xd2\xc6\x2b\xff\x07\xc9\x2f"
6134 "\x0c\x2d\x5c\x07\xa8\x35\x6a\xfc"
6135 "\xae\x09\x03\x45\x74\x51\x4d\xc4"
6136 "\xb8\x23\x87\x4a\x99\x27\x20\x87"
6137 "\x62\x44\x0a\x4a\xce\x78\x47\x22",
6138 .ksize = 1088,
6139 .plaintext = "\x8e\xb0\x4c\xde\x9c\x4a\x04\x5a"
6140 "\xf6\xa9\x7f\x45\x25\xa5\x7b\x3a"
6141 "\xbc\x4d\x73\x39\x81\xb5\xbd\x3d"
6142 "\x21\x6f\xd7\x37\x50\x3c\x7b\x28"
6143 "\xd1\x03\x3a\x17\xed\x7b\x7c\x2a"
6144 "\x16\xbc\xdf\x19\x89\x52\x71\x31"
6145 "\xb6\xc0\xfd\xb5\xd3\xba\x96\x99"
6146 "\xb6\x34\x0b\xd0\x99\x93\xfc\x1a"
6147 "\x01\x3c\x85\xc6\x9b\x78\x5c\x8b"
6148 "\xfe\xae\xd2\xbf\xb2\x6f\xf9\xed"
6149 "\xc8\x25\x17\xfe\x10\x3b\x7d\xda"
6150 "\xf4\x8d\x35\x4b\x7c\x7b\x82\xe7"
6151 "\xc2\xb3\xee\x60\x4a\x03\x86\xc9"
6152 "\x4e\xb5\xc4\xbe\xd2\xbd\x66\xf1"
6153 "\x13\xf1\x09\xab\x5d\xca\x63\x1f"
6154 "\xfc\xfb\x57\x2a\xfc\xca\x66\xd8"
6155 "\x77\x84\x38\x23\x1d\xac\xd3\xb3"
6156 "\x7a\xad\x4c\x70\xfa\x9c\xc9\x61"
6157 "\xa6\x1b\xba\x33\x4b\x4e\x33\xec"
6158 "\xa0\xa1\x64\x39\x40\x05\x1c\xc2"
6159 "\x3f\x49\x9d\xae\xf2\xc5\xf2\xc5"
6160 "\xfe\xe8\xf4\xc2\xf9\x96\x2d\x28"
6161 "\x92\x30\x44\xbc\xd2\x7f\xe1\x6e"
6162 "\x62\x02\x8f\x3d\x1c\x80\xda\x0e"
6163 "\x6a\x90\x7e\x75\xff\xec\x3e\xc4"
6164 "\xcd\x16\x34\x3b\x05\x6d\x4d\x20"
6165 "\x1c\x7b\xf5\x57\x4f\xfa\x3d\xac"
6166 "\xd0\x13\x55\xe8\xb3\xe1\x1b\x78"
6167 "\x30\xe6\x9f\x84\xd4\x69\xd1\x08"
6168 "\x12\x77\xa7\x4a\xbd\xc0\xf2\xd2"
6169 "\x78\xdd\xa3\x81\x12\xcb\x6c\x14"
6170 "\x90\x61\xe2\x84\xc6\x2b\x16\xcc"
6171 "\x40\x99\x50\x88\x01\x09\x64\x4f"
6172 "\x0a\x80\xbe\x61\xae\x46\xc9\x0a"
6173 "\x5d\xe0\xfb\x72\x7a\x1a\xdd\x61"
6174 "\x63\x20\x05\xa0\x4a\xf0\x60\x69"
6175 "\x7f\x92\xbc\xbf\x4e\x39\x4d\xdd"
6176 "\x74\xd1\xb7\xc0\x5a\x34\xb7\xae"
6177 "\x76\x65\x2e\xbc\x36\xb9\x04\x95"
6178 "\x42\xe9\x6f\xca\x78\xb3\x72\x07"
6179 "\xa3\xba\x02\x94\x67\x4c\xb1\xd7"
6180 "\xe9\x30\x0d\xf0\x3b\xb8\x10\x6d"
6181 "\xea\x2b\x21\xbf\x74\x59\x82\x97"
6182 "\x85\xaa\xf1\xd7\x54\x39\xeb\x05"
6183 "\xbd\xf3\x40\xa0\x97\xe6\x74\xfe"
6184 "\xb4\x82\x5b\xb1\x36\xcb\xe8\x0d"
6185 "\xce\x14\xd9\xdf\xf1\x94\x22\xcd"
6186 "\xd6\x00\xba\x04\x4c\x05\x0c\xc0"
6187 "\xd1\x5a\xeb\x52\xd5\xa8\x8e\xc8"
6188 "\x97\xa1\xaa\xc1\xea\xc1\xbe\x7c"
6189 "\x36\xb3\x36\xa0\xc6\x76\x66\xc5"
6190 "\xe2\xaf\xd6\x5c\xe2\xdb\x2c\xb3"
6191 "\x6c\xb9\x99\x7f\xff\x9f\x03\x24"
6192 "\xe1\x51\x44\x66\xd8\x0c\x5d\x7f"
6193 "\x5c\x85\x22\x2a\xcf\x6d\x79\x28"
6194 "\xab\x98\x01\x72\xfe\x80\x87\x5f"
6195 "\x46\xba\xef\x81\x24\xee\xbf\xb0"
6196 "\x24\x74\xa3\x65\x97\x12\xc4\xaf"
6197 "\x8b\xa0\x39\xda\x8a\x7e\x74\x6e"
6198 "\x1b\x42\xb4\x44\x37\xfc\x59\xfd"
6199 "\x86\xed\xfb\x8c\x66\x33\xda\x63"
6200 "\x75\xeb\xe1\xa4\x85\x4f\x50\x8f"
6201 "\x83\x66\x0d\xd3\x37\xfa\xe6\x9c"
6202 "\x4f\x30\x87\x35\x18\xe3\x0b\xb7"
6203 "\x6e\x64\x54\xcd\x70\xb3\xde\x54"
6204 "\xb7\x1d\xe6\x4c\x4d\x55\x12\x12"
6205 "\xaf\x5f\x7f\x5e\xee\x9d\xe8\x8e"
6206 "\x32\x9d\x4e\x75\xeb\xc6\xdd\xaa"
6207 "\x48\x82\xa4\x3f\x3c\xd7\xd3\xa8"
6208 "\x63\x9e\x64\xfe\xe3\x97\x00\x62"
6209 "\xe5\x40\x5d\xc3\xad\x72\xe1\x28"
6210 "\x18\x50\xb7\x75\xef\xcd\x23\xbf"
6211 "\x3f\xc0\x51\x36\xf8\x41\xc3\x08"
6212 "\xcb\xf1\x8d\x38\x34\xbd\x48\x45"
6213 "\x75\xed\xbc\x65\x7b\xb5\x0c\x9b"
6214 "\xd7\x67\x7d\x27\xb4\xc4\x80\xd7"
6215 "\xa9\xb9\xc7\x4a\x97\xaa\xda\xc8"
6216 "\x3c\x74\xcf\x36\x8f\xe4\x41\xe3"
6217 "\xd4\xd3\x26\xa7\xf3\x23\x9d\x8f"
6218 "\x6c\x20\x05\x32\x3e\xe0\xc3\xc8"
6219 "\x56\x3f\xa7\x09\xb7\xfb\xc7\xf7"
6220 "\xbe\x2a\xdd\x0f\x06\x7b\x0d\xdd"
6221 "\xb0\xb4\x86\x17\xfd\xb9\x04\xe5"
6222 "\xc0\x64\x5d\xad\x2a\x36\x38\xdb"
6223 "\x24\xaf\x5b\xff\xca\xf9\x41\xe8"
6224 "\xf9\x2f\x1e\x5e\xf9\xf5\xd5\xf2"
6225 "\xb2\x88\xca\xc9\xa1\x31\xe2\xe8"
6226 "\x10\x95\x65\xbf\xf1\x11\x61\x7a"
6227 "\x30\x1a\x54\x90\xea\xd2\x30\xf6"
6228 "\xa5\xad\x60\xf9\x4d\x84\x21\x1b"
6229 "\xe4\x42\x22\xc8\x12\x4b\xb0\x58"
6230 "\x3e\x9c\x2d\x32\x95\x0a\x8e\xb0"
6231 "\x0a\x7e\x77\x2f\xe8\x97\x31\x6a"
6232 "\xf5\x59\xb4\x26\xe6\x37\x12\xc9"
6233 "\xcb\xa0\x58\x33\x6f\xd5\x55\x55"
6234 "\x3c\xa1\x33\xb1\x0b\x7e\x2e\xb4"
6235 "\x43\x2a\x84\x39\xf0\x9c\xf4\x69"
6236 "\x4f\x1e\x79\xa6\x15\x1b\x87\xbb"
6237 "\xdb\x9b\xe0\xf1\x0b\xba\xe3\x6e"
6238 "\xcc\x2f\x49\x19\x22\x29\xfc\x71"
6239 "\xbb\x77\x38\x18\x61\xaf\x85\x76"
6240 "\xeb\xd1\x09\xcc\x86\x04\x20\x9a"
6241 "\x66\x53\x2f\x44\x8b\xc6\xa3\xd2"
6242 "\x5f\xc7\x79\x82\x66\xa8\x6e\x75"
6243 "\x7d\x94\xd1\x86\x75\x0f\xa5\x4f"
6244 "\x3c\x7a\x33\xce\xd1\x6e\x9d\x7b"
6245 "\x1f\x91\x37\xb8\x37\x80\xfb\xe0"
6246 "\x52\x26\xd0\x9a\xd4\x48\x02\x41"
6247 "\x05\xe3\x5a\x94\xf1\x65\x61\x19"
6248 "\xb8\x88\x4e\x2b\xea\xba\x8b\x58"
6249 "\x8b\x42\x01\x00\xa8\xfe\x00\x5c"
6250 "\xfe\x1c\xee\x31\x15\x69\xfa\xb3"
6251 "\x9b\x5f\x22\x8e\x0d\x2c\xe3\xa5"
6252 "\x21\xb9\x99\x8a\x8e\x94\x5a\xef"
6253 "\x13\x3e\x99\x96\x79\x6e\xd5\x42"
6254 "\x36\x03\xa9\xe2\xca\x65\x4e\x8a"
6255 "\x8a\x30\xd2\x7d\x74\xe7\xf0\xaa"
6256 "\x23\x26\xdd\xcb\x82\x39\xfc\x9d"
6257 "\x51\x76\x21\x80\xa2\xbe\x93\x03"
6258 "\x47\xb0\xc1\xb6\xdc\x63\xfd\x9f"
6259 "\xca\x9d\xa5\xca\x27\x85\xe2\xd8"
6260 "\x15\x5b\x7e\x14\x7a\xc4\x89\xcc"
6261 "\x74\x14\x4b\x46\xd2\xce\xac\x39"
6262 "\x6b\x6a\x5a\xa4\x0e\xe3\x7b\x15"
6263 "\x94\x4b\x0f\x74\xcb\x0c\x7f\xa9"
6264 "\xbe\x09\x39\xa3\xdd\x56\x5c\xc7"
6265 "\x99\x56\x65\x39\xf4\x0b\x7d\x87"
6266 "\xec\xaa\xe3\x4d\x22\x65\x39\x4e",
6267 .psize = 1024,
6268 .digest = "\x64\x3a\xbc\xc3\x3f\x74\x40\x51"
6269 "\x6e\x56\x01\x1a\x51\xec\x36\xde",
6270 .np = 8,
6271 .tap = { 64, 203, 267, 28, 263, 62, 54, 83 },
6272 }, {
6273 .key = "\x1b\x82\x2e\x1b\x17\x23\xb9\x6d"
6274 "\xdc\x9c\xda\x99\x07\xe3\x5f\xd8"
6275 "\xd2\xf8\x43\x80\x8d\x86\x7d\x80"
6276 "\x1a\xd0\xcc\x13\xb9\x11\x05\x3f"
6277 "\x7e\xcf\x7e\x80\x0e\xd8\x25\x48"
6278 "\x8b\xaa\x63\x83\x92\xd0\x72\xf5"
6279 "\x4f\x67\x7e\x50\x18\x25\xa4\xd1"
6280 "\xe0\x7e\x1e\xba\xd8\xa7\x6e\xdb"
6281 "\x1a\xcc\x0d\xfe\x9f\x6d\x22\x35"
6282 "\xe1\xe6\xe0\xa8\x7b\x9c\xb1\x66"
6283 "\xa3\xf8\xff\x4d\x90\x84\x28\xbc"
6284 "\xdc\x19\xc7\x91\x49\xfc\xf6\x33"
6285 "\xc9\x6e\x65\x7f\x28\x6f\x68\x2e"
6286 "\xdf\x1a\x75\xe9\xc2\x0c\x96\xb9"
6287 "\x31\x22\xc4\x07\xc6\x0a\x2f\xfd"
6288 "\x36\x06\x5f\x5c\xc5\xb1\x3a\xf4"
6289 "\x5e\x48\xa4\x45\x2b\x88\xa7\xee"
6290 "\xa9\x8b\x52\xcc\x99\xd9\x2f\xb8"
6291 "\xa4\x58\x0a\x13\xeb\x71\x5a\xfa"
6292 "\xe5\x5e\xbe\xf2\x64\xad\x75\xbc"
6293 "\x0b\x5b\x34\x13\x3b\x23\x13\x9a"
6294 "\x69\x30\x1e\x9a\xb8\x03\xb8\x8b"
6295 "\x3e\x46\x18\x6d\x38\xd9\xb3\xd8"
6296 "\xbf\xf1\xd0\x28\xe6\x51\x57\x80"
6297 "\x5e\x99\xfb\xd0\xce\x1e\x83\xf7"
6298 "\xe9\x07\x5a\x63\xa9\xef\xce\xa5"
6299 "\xfb\x3f\x37\x17\xfc\x0b\x37\x0e"
6300 "\xbb\x4b\x21\x62\xb7\x83\x0e\xa9"
6301 "\x9e\xb0\xc4\xad\x47\xbe\x35\xe7"
6302 "\x51\xb2\xf2\xac\x2b\x65\x7b\x48"
6303 "\xe3\x3f\x5f\xb6\x09\x04\x0c\x58"
6304 "\xce\x99\xa9\x15\x2f\x4e\xc1\xf2"
6305 "\x24\x48\xc0\xd8\x6c\xd3\x76\x17"
6306 "\x83\x5d\xe6\xe3\xfd\x01\x8e\xf7"
6307 "\x42\xa5\x04\x29\x30\xdf\xf9\x00"
6308 "\x4a\xdc\x71\x22\x1a\x33\x15\xb6"
6309 "\xd7\x72\xfb\x9a\xb8\xeb\x2b\x38"
6310 "\xea\xa8\x61\xa8\x90\x11\x9d\x73"
6311 "\x2e\x6c\xce\x81\x54\x5a\x9f\xcd"
6312 "\xcf\xd5\xbd\x26\x5d\x66\xdb\xfb"
6313 "\xdc\x1e\x7c\x10\xfe\x58\x82\x10"
6314 "\x16\x24\x01\xce\x67\x55\x51\xd1"
6315 "\xdd\x6b\x44\xa3\x20\x8e\xa9\xa6"
6316 "\x06\xa8\x29\x77\x6e\x00\x38\x5b"
6317 "\xde\x4d\x58\xd8\x1f\x34\xdf\xf9"
6318 "\x2c\xac\x3e\xad\xfb\x92\x0d\x72"
6319 "\x39\xa4\xac\x44\x10\xc0\x43\xc4"
6320 "\xa4\x77\x3b\xfc\xc4\x0d\x37\xd3"
6321 "\x05\x84\xda\x53\x71\xf8\x80\xd3"
6322 "\x34\x44\xdb\x09\xb4\x2b\x8e\xe3"
6323 "\x00\x75\x50\x9e\x43\x22\x00\x0b"
6324 "\x7c\x70\xab\xd4\x41\xf1\x93\xcd"
6325 "\x25\x2d\x84\x74\xb5\xf2\x92\xcd"
6326 "\x0a\x28\xea\x9a\x49\x02\x96\xcb"
6327 "\x85\x9e\x2f\x33\x03\x86\x1d\xdc"
6328 "\x1d\x31\xd5\xfc\x9d\xaa\xc5\xe9"
6329 "\x9a\xc4\x57\xf5\x35\xed\xf4\x4b"
6330 "\x3d\x34\xc2\x29\x13\x86\x36\x42"
6331 "\x5d\xbf\x90\x86\x13\x77\xe5\xc3"
6332 "\x62\xb4\xfe\x0b\x70\x39\x35\x65"
6333 "\x02\xea\xf6\xce\x57\x0c\xbb\x74"
6334 "\x29\xe3\xfd\x60\x90\xfd\x10\x38"
6335 "\xd5\x4e\x86\xbd\x37\x70\xf0\x97"
6336 "\xa6\xab\x3b\x83\x64\x52\xca\x66"
6337 "\x2f\xf9\xa4\xca\x3a\x55\x6b\xb0"
6338 "\xe8\x3a\x34\xdb\x9e\x48\x50\x2f"
6339 "\x3b\xef\xfd\x08\x2d\x5f\xc1\x37"
6340 "\x5d\xbe\x73\xe4\xd8\xe9\xac\xca"
6341 "\x8a\xaa\x48\x7c\x5c\xf4\xa6\x96"
6342 "\x5f\xfa\x70\xa6\xb7\x8b\x50\xcb"
6343 "\xa6\xf5\xa9\xbd\x7b\x75\x4c\x22"
6344 "\x0b\x19\x40\x2e\xc9\x39\x39\x32"
6345 "\x83\x03\xa8\xa4\x98\xe6\x8e\x16"
6346 "\xb9\xde\x08\xc5\xfc\xbf\xad\x39"
6347 "\xa8\xc7\x93\x6c\x6f\x23\xaf\xc1"
6348 "\xab\xe1\xdf\xbb\x39\xae\x93\x29"
6349 "\x0e\x7d\x80\x8d\x3e\x65\xf3\xfd"
6350 "\x96\x06\x65\x90\xa1\x28\x64\x4b"
6351 "\x69\xf9\xa8\x84\x27\x50\xfc\x87"
6352 "\xf7\xbf\x55\x8e\x56\x13\x58\x7b"
6353 "\x85\xb4\x6a\x72\x0f\x40\xf1\x4f"
6354 "\x83\x81\x1f\x76\xde\x15\x64\x7a"
6355 "\x7a\x80\xe4\xc7\x5e\x63\x01\x91"
6356 "\xd7\x6b\xea\x0b\x9b\xa2\x99\x3b"
6357 "\x6c\x88\xd8\xfd\x59\x3c\x8d\x22"
6358 "\x86\x56\xbe\xab\xa1\x37\x08\x01"
6359 "\x50\x85\x69\x29\xee\x9f\xdf\x21"
6360 "\x3e\x20\x20\xf5\xb0\xbb\x6b\xd0"
6361 "\x9c\x41\x38\xec\x54\x6f\x2d\xbd"
6362 "\x0f\xe1\xbd\xf1\x2b\x6e\x60\x56"
6363 "\x29\xe5\x7a\x70\x1c\xe2\xfc\x97"
6364 "\x82\x68\x67\xd9\x3d\x1f\xfb\xd8"
6365 "\x07\x9f\xbf\x96\x74\xba\x6a\x0e"
6366 "\x10\x48\x20\xd8\x13\x1e\xb5\x44"
6367 "\xf2\xcc\xb1\x8b\xfb\xbb\xec\xd7"
6368 "\x37\x70\x1f\x7c\x55\xd2\x4b\xb9"
6369 "\xfd\x70\x5e\xa3\x91\x73\x63\x52"
6370 "\x13\x47\x5a\x06\xfb\x01\x67\xa5"
6371 "\xc0\xd0\x49\x19\x56\x66\x9a\x77"
6372 "\x64\xaf\x8c\x25\x91\x52\x87\x0e"
6373 "\x18\xf3\x5f\x97\xfd\x71\x13\xf8"
6374 "\x05\xa5\x39\xcc\x65\xd3\xcc\x63"
6375 "\x5b\xdb\x5f\x7e\x5f\x6e\xad\xc4"
6376 "\xf4\xa0\xc5\xc2\x2b\x4d\x97\x38"
6377 "\x4f\xbc\xfa\x33\x17\xb4\x47\xb9"
6378 "\x43\x24\x15\x8d\xd2\xed\x80\x68"
6379 "\x84\xdb\x04\x80\xca\x5e\x6a\x35"
6380 "\x2c\x2c\xe7\xc5\x03\x5f\x54\xb0"
6381 "\x5e\x4f\x1d\x40\x54\x3d\x78\x9a"
6382 "\xac\xda\x80\x27\x4d\x15\x4c\x1a"
6383 "\x6e\x80\xc9\xc4\x3b\x84\x0e\xd9"
6384 "\x2e\x93\x01\x8c\xc3\xc8\x91\x4b"
6385 "\xb3\xaa\x07\x04\x68\x5b\x93\xa5"
6386 "\xe7\xc4\x9d\xe7\x07\xee\xf5\x3b"
6387 "\x40\x89\xcc\x60\x34\x9d\xb4\x06"
6388 "\x1b\xef\x92\xe6\xc1\x2a\x7d\x0f"
6389 "\x81\xaa\x56\xe3\xd7\xed\xa7\xd4"
6390 "\xa7\x3a\x49\xc4\xad\x81\x5c\x83"
6391 "\x55\x8e\x91\x54\xb7\x7d\x65\xa5"
6392 "\x06\x16\xd5\x9a\x16\xc1\xb0\xa2"
6393 "\x06\xd8\x98\x47\x73\x7e\x73\xa0"
6394 "\xb8\x23\xb1\x52\xbf\x68\x74\x5d"
6395 "\x0b\xcb\xfa\x8c\x46\xe3\x24\xe6"
6396 "\xab\xd4\x69\x8d\x8c\xf2\x8a\x59"
6397 "\xbe\x48\x46\x50\x8c\x9a\xe8\xe3"
6398 "\x31\x55\x0a\x06\xed\x4f\xf8\xb7"
6399 "\x4f\xe3\x85\x17\x30\xbd\xd5\x20"
6400 "\xe7\x5b\xb2\x32\xcf\x6b\x16\x44"
6401 "\xd2\xf5\x7e\xd7\xd1\x2f\xee\x64"
6402 "\x3e\x9d\x10\xef\x27\x35\x43\x64"
6403 "\x67\xfb\x7a\x7b\xe0\x62\x31\x9a"
6404 "\x4d\xdf\xa5\xab\xc0\x20\xbb\x01"
6405 "\xe9\x7b\x54\xf1\xde\xb2\x79\x50"
6406 "\x6c\x4b\x91\xdb\x7f\xbb\x50\xc1"
6407 "\x55\x44\x38\x9a\xe0\x9f\xe8\x29"
6408 "\x6f\x15\xf8\x4e\xa6\xec\xa0\x60",
6409 .ksize = 1088,
6410 .plaintext = "\x15\x68\x9e\x2f\xad\x15\x52\xdf"
6411 "\xf0\x42\x62\x24\x2a\x2d\xea\xbf"
6412 "\xc7\xf3\xb4\x1a\xf5\xed\xb2\x08"
6413 "\x15\x60\x1c\x00\x77\xbf\x0b\x0e"
6414 "\xb7\x2c\xcf\x32\x3a\xc7\x01\x77"
6415 "\xef\xa6\x75\xd0\x29\xc7\x68\x20"
6416 "\xb2\x92\x25\xbf\x12\x34\xe9\xa4"
6417 "\xfd\x32\x7b\x3f\x7c\xbd\xa5\x02"
6418 "\x38\x41\xde\xc9\xc1\x09\xd9\xfc"
6419 "\x6e\x78\x22\x83\x18\xf7\x50\x8d"
6420 "\x8f\x9c\x2d\x02\xa5\x30\xac\xff"
6421 "\xea\x63\x2e\x80\x37\x83\xb0\x58"
6422 "\xda\x2f\xef\x21\x55\xba\x7b\xb1"
6423 "\xb6\xed\xf5\xd2\x4d\xaa\x8c\xa9"
6424 "\xdd\xdb\x0f\xb4\xce\xc1\x9a\xb1"
6425 "\xc1\xdc\xbd\xab\x86\xc2\xdf\x0b"
6426 "\xe1\x2c\xf9\xbe\xf6\xd8\xda\x62"
6427 "\x72\xdd\x98\x09\x52\xc0\xc4\xb6"
6428 "\x7b\x17\x5c\xf5\xd8\x4b\x88\xd6"
6429 "\x6b\xbf\x84\x4a\x3f\xf5\x4d\xd2"
6430 "\x94\xe2\x9c\xff\xc7\x3c\xd9\xc8"
6431 "\x37\x38\xbc\x8c\xf3\xe7\xb7\xd0"
6432 "\x1d\x78\xc4\x39\x07\xc8\x5e\x79"
6433 "\xb6\x5a\x90\x5b\x6e\x97\xc9\xd4"
6434 "\x82\x9c\xf3\x83\x7a\xe7\x97\xfc"
6435 "\x1d\xbb\xef\xdb\xce\xe0\x82\xad"
6436 "\xca\x07\x6c\x54\x62\x6f\x81\xe6"
6437 "\x7a\x5a\x96\x6e\x80\x3a\xa2\x37"
6438 "\x6f\xc6\xa4\x29\xc3\x9e\x19\x94"
6439 "\x9f\xb0\x3e\x38\xfb\x3c\x2b\x7d"
6440 "\xaa\xb8\x74\xda\x54\x23\x51\x12"
6441 "\x4b\x96\x36\x8f\x91\x4f\x19\x37"
6442 "\x83\xc9\xdd\xc7\x1a\x32\x2d\xab"
6443 "\xc7\x89\xe2\x07\x47\x6c\xe8\xa6"
6444 "\x70\x6b\x8e\x0c\xda\x5c\x6a\x59"
6445 "\x27\x33\x0e\xe1\xe1\x20\xe8\xc8"
6446 "\xae\xdc\xd0\xe3\x6d\xa8\xa6\x06"
6447 "\x41\xb4\xd4\xd4\xcf\x91\x3e\x06"
6448 "\xb0\x9a\xf7\xf1\xaa\xa6\x23\x92"
6449 "\x10\x86\xf0\x94\xd1\x7c\x2e\x07"
6450 "\x30\xfb\xc5\xd8\xf3\x12\xa9\xe8"
6451 "\x22\x1c\x97\x1a\xad\x96\xb0\xa1"
6452 "\x72\x6a\x6b\xb4\xfd\xf7\xe8\xfa"
6453 "\xe2\x74\xd8\x65\x8d\x35\x17\x4b"
6454 "\x00\x23\x5c\x8c\x70\xad\x71\xa2"
6455 "\xca\xc5\x6c\x59\xbf\xb4\xc0\x6d"
6456 "\x86\x98\x3e\x19\x5a\x90\x92\xb1"
6457 "\x66\x57\x6a\x91\x68\x7c\xbc\xf3"
6458 "\xf1\xdb\x94\xf8\x48\xf1\x36\xd8"
6459 "\x78\xac\x1c\xa9\xcc\xd6\x27\xba"
6460 "\x91\x54\x22\xf5\xe6\x05\x3f\xcc"
6461 "\xc2\x8f\x2c\x3b\x2b\xc3\x2b\x2b"
6462 "\x3b\xb8\xb6\x29\xb7\x2f\x94\xb6"
6463 "\x7b\xfc\x94\x3e\xd0\x7a\x41\x59"
6464 "\x7b\x1f\x9a\x09\xa6\xed\x4a\x82"
6465 "\x9d\x34\x1c\xbd\x4e\x1c\x3a\x66"
6466 "\x80\x74\x0e\x9a\x4f\x55\x54\x47"
6467 "\x16\xba\x2a\x0a\x03\x35\x99\xa3"
6468 "\x5c\x63\x8d\xa2\x72\x8b\x17\x15"
6469 "\x68\x39\x73\xeb\xec\xf2\xe8\xf5"
6470 "\x95\x32\x27\xd6\xc4\xfe\xb0\x51"
6471 "\xd5\x0c\x50\xc5\xcd\x6d\x16\xb3"
6472 "\xa3\x1e\x95\x69\xad\x78\x95\x06"
6473 "\xb9\x46\xf2\x6d\x24\x5a\x99\x76"
6474 "\x73\x6a\x91\xa6\xac\x12\xe1\x28"
6475 "\x79\xbc\x08\x4e\x97\x00\x98\x63"
6476 "\x07\x1c\x4e\xd1\x68\xf3\xb3\x81"
6477 "\xa8\xa6\x5f\xf1\x01\xc9\xc1\xaf"
6478 "\x3a\x96\xf9\x9d\xb5\x5a\x5f\x8f"
6479 "\x7e\xc1\x7e\x77\x0a\x40\xc8\x8e"
6480 "\xfc\x0e\xed\xe1\x0d\xb0\xe5\x5e"
6481 "\x5e\x6f\xf5\x7f\xab\x33\x7d\xcd"
6482 "\xf0\x09\x4b\xb2\x11\x37\xdc\x65"
6483 "\x97\x32\x62\x71\x3a\x29\x54\xb9"
6484 "\xc7\xa4\xbf\x75\x0f\xf9\x40\xa9"
6485 "\x8d\xd7\x8b\xa7\xe0\x9a\xbe\x15"
6486 "\xc6\xda\xd8\x00\x14\x69\x1a\xaf"
6487 "\x5f\x79\xc3\xf5\xbb\x6c\x2a\x9d"
6488 "\xdd\x3c\x5f\x97\x21\xe1\x3a\x03"
6489 "\x84\x6a\xe9\x76\x11\x1f\xd3\xd5"
6490 "\xf0\x54\x20\x4d\xc2\x91\xc3\xa4"
6491 "\x36\x25\xbe\x1b\x2a\x06\xb7\xf3"
6492 "\xd1\xd0\x55\x29\x81\x4c\x83\xa3"
6493 "\xa6\x84\x1e\x5c\xd1\xd0\x6c\x90"
6494 "\xa4\x11\xf0\xd7\x63\x6a\x48\x05"
6495 "\xbc\x48\x18\x53\xcd\xb0\x8d\xdb"
6496 "\xdc\xfe\x55\x11\x5c\x51\xb3\xab"
6497 "\xab\x63\x3e\x31\x5a\x8b\x93\x63"
6498 "\x34\xa9\xba\x2b\x69\x1a\xc0\xe3"
6499 "\xcb\x41\xbc\xd7\xf5\x7f\x82\x3e"
6500 "\x01\xa3\x3c\x72\xf4\xfe\xdf\xbe"
6501 "\xb1\x67\x17\x2b\x37\x60\x0d\xca"
6502 "\x6f\xc3\x94\x2c\xd2\x92\x6d\x9d"
6503 "\x75\x18\x77\xaa\x29\x38\x96\xed"
6504 "\x0e\x20\x70\x92\xd5\xd0\xb4\x00"
6505 "\xc0\x31\xf2\xc9\x43\x0e\x75\x1d"
6506 "\x4b\x64\xf2\x1f\xf2\x29\x6c\x7b"
6507 "\x7f\xec\x59\x7d\x8c\x0d\xd4\xd3"
6508 "\xac\x53\x4c\xa3\xde\x42\x92\x95"
6509 "\x6d\xa3\x4f\xd0\xe6\x3d\xe7\xec"
6510 "\x7a\x4d\x68\xf1\xfe\x67\x66\x09"
6511 "\x83\x22\xb1\x98\x43\x8c\xab\xb8"
6512 "\x45\xe6\x6d\xdf\x5e\x50\x71\xce"
6513 "\xf5\x4e\x40\x93\x2b\xfa\x86\x0e"
6514 "\xe8\x30\xbd\x82\xcc\x1c\x9c\x5f"
6515 "\xad\xfd\x08\x31\xbe\x52\xe7\xe6"
6516 "\xf2\x06\x01\x62\x25\x15\x99\x74"
6517 "\x33\x51\x52\x57\x3f\x57\x87\x61"
6518 "\xb9\x7f\x29\x3d\xcd\x92\x5e\xa6"
6519 "\x5c\x3b\xf1\xed\x5f\xeb\x82\xed"
6520 "\x56\x7b\x61\xe7\xfd\x02\x47\x0e"
6521 "\x2a\x15\xa4\xce\x43\x86\x9b\xe1"
6522 "\x2b\x4c\x2a\xd9\x42\x97\xf7\x9a"
6523 "\xe5\x47\x46\x48\xd3\x55\x6f\x4d"
6524 "\xd9\xeb\x4b\xdd\x7b\x21\x2f\xb3"
6525 "\xa8\x36\x28\xdf\xca\xf1\xf6\xd9"
6526 "\x10\xf6\x1c\xfd\x2e\x0c\x27\xe0"
6527 "\x01\xb3\xff\x6d\x47\x08\x4d\xd4"
6528 "\x00\x25\xee\x55\x4a\xe9\xe8\x5b"
6529 "\xd8\xf7\x56\x12\xd4\x50\xb2\xe5"
6530 "\x51\x6f\x34\x63\x69\xd2\x4e\x96"
6531 "\x4e\xbc\x79\xbf\x18\xae\xc6\x13"
6532 "\x80\x92\x77\xb0\xb4\x0f\x29\x94"
6533 "\x6f\x4c\xbb\x53\x11\x36\xc3\x9f"
6534 "\x42\x8e\x96\x8a\x91\xc8\xe9\xfc"
6535 "\xfe\xbf\x7c\x2d\x6f\xf9\xb8\x44"
6536 "\x89\x1b\x09\x53\x0a\x2a\x92\xc3"
6537 "\x54\x7a\x3a\xf9\xe2\xe4\x75\x87"
6538 "\xa0\x5e\x4b\x03\x7a\x0d\x8a\xf4"
6539 "\x55\x59\x94\x2b\x63\x96\x0e\xf5",
6540 .psize = 1040,
6541 .digest = "\xb5\xb9\x08\xb3\x24\x3e\x03\xf0"
6542 "\xd6\x0b\x57\xbc\x0a\x6d\x89\x59",
6543 }, {
6544 .key = "\xf6\x34\x42\x71\x35\x52\x8b\x58"
6545 "\x02\x3a\x8e\x4a\x8d\x41\x13\xe9"
6546 "\x7f\xba\xb9\x55\x9d\x73\x4d\xf8"
6547 "\x3f\x5d\x73\x15\xff\xd3\x9e\x7f"
6548 "\x20\x2a\x6a\xa8\xd1\xf0\x8f\x12"
6549 "\x6b\x02\xd8\x6c\xde\xba\x80\x22"
6550 "\x19\x37\xc8\xd0\x4e\x89\x17\x7c"
6551 "\x7c\xdd\x88\xfd\x41\xc0\x04\xb7"
6552 "\x1d\xac\x19\xe3\x20\xc7\x16\xcf"
6553 "\x58\xee\x1d\x7a\x61\x69\xa9\x12"
6554 "\x4b\xef\x4f\xb6\x38\xdd\x78\xf8"
6555 "\x28\xee\x70\x08\xc7\x7c\xcc\xc8"
6556 "\x1e\x41\xf5\x80\x86\x70\xd0\xf0"
6557 "\xa3\x87\x6b\x0a\x00\xd2\x41\x28"
6558 "\x74\x26\xf1\x24\xf3\xd0\x28\x77"
6559 "\xd7\xcd\xf6\x2d\x61\xf4\xa2\x13"
6560 "\x77\xb4\x6f\xa0\xf4\xfb\xd6\xb5"
6561 "\x38\x9d\x5a\x0c\x51\xaf\xad\x63"
6562 "\x27\x67\x8c\x01\xea\x42\x1a\x66"
6563 "\xda\x16\x7c\x3c\x30\x0c\x66\x53"
6564 "\x1c\x88\xa4\x5c\xb2\xe3\x78\x0a"
6565 "\x13\x05\x6d\xe2\xaf\xb3\xe4\x75"
6566 "\x00\x99\x58\xee\x76\x09\x64\xaa"
6567 "\xbb\x2e\xb1\x81\xec\xd8\x0e\xd3"
6568 "\x0c\x33\x5d\xb7\x98\xef\x36\xb6"
6569 "\xd2\x65\x69\x41\x70\x12\xdc\x25"
6570 "\x41\x03\x99\x81\x41\x19\x62\x13"
6571 "\xd1\x0a\x29\xc5\x8c\xe0\x4c\xf3"
6572 "\xd6\xef\x4c\xf4\x1d\x83\x2e\x6d"
6573 "\x8e\x14\x87\xed\x80\xe0\xaa\xd3"
6574 "\x08\x04\x73\x1a\x84\x40\xf5\x64"
6575 "\xbd\x61\x32\x65\x40\x42\xfb\xb0"
6576 "\x40\xf6\x40\x8d\xc7\x7f\x14\xd0"
6577 "\x83\x99\xaa\x36\x7e\x60\xc6\xbf"
6578 "\x13\x8a\xf9\x21\xe4\x7e\x68\x87"
6579 "\xf3\x33\x86\xb4\xe0\x23\x7e\x0a"
6580 "\x21\xb1\xf5\xad\x67\x3c\x9c\x9d"
6581 "\x09\xab\xaf\x5f\xba\xe0\xd0\x82"
6582 "\x48\x22\x70\xb5\x6d\x53\xd6\x0e"
6583 "\xde\x64\x92\x41\xb0\xd3\xfb\xda"
6584 "\x21\xfe\xab\xea\x20\xc4\x03\x58"
6585 "\x18\x2e\x7d\x2f\x03\xa9\x47\x66"
6586 "\xdf\x7b\xa4\x6b\x34\x6b\x55\x9c"
6587 "\x4f\xd7\x9c\x47\xfb\xa9\x42\xec"
6588 "\x5a\x12\xfd\xfe\x76\xa0\x92\x9d"
6589 "\xfe\x1e\x16\xdd\x24\x2a\xe4\x27"
6590 "\xd5\xa9\xf2\x05\x4f\x83\xa2\xaf"
6591 "\xfe\xee\x83\x7a\xad\xde\xdf\x9a"
6592 "\x80\xd5\x81\x14\x93\x16\x7e\x46"
6593 "\x47\xc2\x14\xef\x49\x6e\xb9\xdb"
6594 "\x40\xe8\x06\x6f\x9c\x2a\xfd\x62"
6595 "\x06\x46\xfd\x15\x1d\x36\x61\x6f"
6596 "\x77\x77\x5e\x64\xce\x78\x1b\x85"
6597 "\xbf\x50\x9a\xfd\x67\xa6\x1a\x65"
6598 "\xad\x5b\x33\x30\xf1\x71\xaa\xd9"
6599 "\x23\x0d\x92\x24\x5f\xae\x57\xb0"
6600 "\x24\x37\x0a\x94\x12\xfb\xb5\xb1"
6601 "\xd3\xb8\x1d\x12\x29\xb0\x80\x24"
6602 "\x2d\x47\x9f\x96\x1f\x95\xf1\xb1"
6603 "\xda\x35\xf6\x29\xe0\xe1\x23\x96"
6604 "\xc7\xe8\x22\x9b\x7c\xac\xf9\x41"
6605 "\x39\x01\xe5\x73\x15\x5e\x99\xec"
6606 "\xb4\xc1\xf4\xe7\xa7\x97\x6a\xd5"
6607 "\x90\x9a\xa0\x1d\xf3\x5a\x8b\x5f"
6608 "\xdf\x01\x52\xa4\x93\x31\x97\xb0"
6609 "\x93\x24\xb5\xbc\xb2\x14\x24\x98"
6610 "\x4a\x8f\x19\x85\xc3\x2d\x0f\x74"
6611 "\x9d\x16\x13\x80\x5e\x59\x62\x62"
6612 "\x25\xe0\xd1\x2f\x64\xef\xba\xac"
6613 "\xcd\x09\x07\x15\x8a\xcf\x73\xb5"
6614 "\x8b\xc9\xd8\x24\xb0\x53\xd5\x6f"
6615 "\xe1\x2b\x77\xb1\xc5\xe4\xa7\x0e"
6616 "\x18\x45\xab\x36\x03\x59\xa8\xbd"
6617 "\x43\xf0\xd8\x2c\x1a\x69\x96\xbb"
6618 "\x13\xdf\x6c\x33\x77\xdf\x25\x34"
6619 "\x5b\xa5\x5b\x8c\xf9\x51\x05\xd4"
6620 "\x8b\x8b\x44\x87\x49\xfc\xa0\x8f"
6621 "\x45\x15\x5b\x40\x42\xc4\x09\x92"
6622 "\x98\x0c\x4d\xf4\x26\x37\x1b\x13"
6623 "\x76\x01\x93\x8d\x4f\xe6\xed\x18"
6624 "\xd0\x79\x7b\x3f\x44\x50\xcb\xee"
6625 "\xf7\x4a\xc9\x9e\xe0\x96\x74\xa7"
6626 "\xe6\x93\xb2\x53\xca\x55\xa8\xdc"
6627 "\x1e\x68\x07\x87\xb7\x2e\xc1\x08"
6628 "\xb2\xa4\x5b\xaf\xc6\xdb\x5c\x66"
6629 "\x41\x1c\x51\xd9\xb0\x07\x00\x0d"
6630 "\xf0\x4c\xdc\x93\xde\xa9\x1e\x8e"
6631 "\xd3\x22\x62\xd8\x8b\x88\x2c\xea"
6632 "\x5e\xf1\x6e\x14\x40\xc7\xbe\xaa"
6633 "\x42\x28\xd0\x26\x30\x78\x01\x9b"
6634 "\x83\x07\xbc\x94\xc7\x57\xa2\x9f"
6635 "\x03\x07\xff\x16\xff\x3c\x6e\x48"
6636 "\x0a\xd0\xdd\x4c\xf6\x64\x9a\xf1"
6637 "\xcd\x30\x12\x82\x2c\x38\xd3\x26"
6638 "\x83\xdb\xab\x3e\xc6\xf8\xe6\xfa"
6639 "\x77\x0a\x78\x82\x75\xf8\x63\x51"
6640 "\x59\xd0\x8d\x24\x9f\x25\xe6\xa3"
6641 "\x4c\xbc\x34\xfc\xe3\x10\xc7\x62"
6642 "\xd4\x23\xc8\x3d\xa7\xc6\xa6\x0a"
6643 "\x4f\x7e\x29\x9d\x6d\xbe\xb5\xf1"
6644 "\xdf\xa4\x53\xfa\xc0\x23\x0f\x37"
6645 "\x84\x68\xd0\xb5\xc8\xc6\xae\xf8"
6646 "\xb7\x8d\xb3\x16\xfe\x8f\x87\xad"
6647 "\xd0\xc1\x08\xee\x12\x1c\x9b\x1d"
6648 "\x90\xf8\xd1\x63\xa4\x92\x3c\xf0"
6649 "\xc7\x34\xd8\xf1\x14\xed\xa3\xbc"
6650 "\x17\x7e\xd4\x62\x42\x54\x57\x2c"
6651 "\x3e\x7a\x35\x35\x17\x0f\x0b\x7f"
6652 "\x81\xa1\x3f\xd0\xcd\xc8\x3b\x96"
6653 "\xe9\xe0\x4a\x04\xe1\xb6\x3c\xa1"
6654 "\xd6\xca\xc4\xbd\xb6\xb5\x95\x34"
6655 "\x12\x9d\xc5\x96\xf2\xdf\xba\x54"
6656 "\x76\xd1\xb2\x6b\x3b\x39\xe0\xb9"
6657 "\x18\x62\xfb\xf7\xfc\x12\xf1\x5f"
6658 "\x7e\xc7\xe3\x59\x4c\xa6\xc2\x3d"
6659 "\x40\x15\xf9\xa3\x95\x64\x4c\x74"
6660 "\x8b\x73\x77\x33\x07\xa7\x04\x1d"
6661 "\x33\x5a\x7e\x8f\xbd\x86\x01\x4f"
6662 "\x3e\xb9\x27\x6f\xe2\x41\xf7\x09"
6663 "\x67\xfd\x29\x28\xc5\xe4\xf6\x18"
6664 "\x4c\x1b\x49\xb2\x9c\x5b\xf6\x81"
6665 "\x4f\xbb\x5c\xcc\x0b\xdf\x84\x23"
6666 "\x58\xd6\x28\x34\x93\x3a\x25\x97"
6667 "\xdf\xb2\xc3\x9e\x97\x38\x0b\x7d"
6668 "\x10\xb3\x54\x35\x23\x8c\x64\xee"
6669 "\xf0\xd8\x66\xff\x8b\x22\xd2\x5b"
6670 "\x05\x16\x3c\x89\xf7\xb1\x75\xaf"
6671 "\xc0\xae\x6a\x4f\x3f\xaf\x9a\xf4"
6672 "\xf4\x9a\x24\xd9\x80\x82\xc0\x12"
6673 "\xde\x96\xd1\xbe\x15\x0b\x8d\x6a"
6674 "\xd7\x12\xe4\x85\x9f\x83\xc9\xc3"
6675 "\xff\x0b\xb5\xaf\x3b\xd8\x6d\x67"
6676 "\x81\x45\xe6\xac\xec\xc1\x7b\x16"
6677 "\x18\x0a\xce\x4b\xc0\x2e\x76\xbc"
6678 "\x1b\xfa\xb4\x34\xb8\xfc\x3e\xc8"
6679 "\x5d\x90\x71\x6d\x7a\x79\xef\x06",
6680 .ksize = 1088,
6681 .plaintext = "\xaa\x5d\x54\xcb\xea\x1e\x46\x0f"
6682 "\x45\x87\x70\x51\x8a\x66\x7a\x33"
6683 "\xb4\x18\xff\xa9\x82\xf9\x45\x4b"
6684 "\x93\xae\x2e\x7f\xab\x98\xfe\xbf"
6685 "\x01\xee\xe5\xa0\x37\x8f\x57\xa6"
6686 "\xb0\x76\x0d\xa4\xd6\x28\x2b\x5d"
6687 "\xe1\x03\xd6\x1c\x6f\x34\x0d\xe7"
6688 "\x61\x2d\x2e\xe5\xae\x5d\x47\xc7"
6689 "\x80\x4b\x18\x8f\xa8\x99\xbc\x28"
6690 "\xed\x1d\x9d\x86\x7d\xd7\x41\xd1"
6691 "\xe0\x2b\xe1\x8c\x93\x2a\xa7\x80"
6692 "\xe1\x07\xa0\xa9\x9f\x8c\x8d\x1a"
6693 "\x55\xfc\x6b\x24\x7a\xbd\x3e\x51"
6694 "\x68\x4b\x26\x59\xc8\xa7\x16\xd9"
6695 "\xb9\x61\x13\xde\x8b\x63\x1c\xf6"
6696 "\x60\x01\xfb\x08\xb3\x5b\x0a\xbf"
6697 "\x34\x73\xda\x87\x87\x3d\x6f\x97"
6698 "\x4a\x0c\xa3\x58\x20\xa2\xc0\x81"
6699 "\x5b\x8c\xef\xa9\xc2\x01\x1e\x64"
6700 "\x83\x8c\xbc\x03\xb6\xd0\x29\x9f"
6701 "\x54\xe2\xce\x8b\xc2\x07\x85\x78"
6702 "\x25\x38\x96\x4c\xb4\xbe\x17\x4a"
6703 "\x65\xa6\xfa\x52\x9d\x66\x9d\x65"
6704 "\x4a\xd1\x01\x01\xf0\xcb\x13\xcc"
6705 "\xa5\x82\xf3\xf2\x66\xcd\x3f\x9d"
6706 "\xd1\xaa\xe4\x67\xea\xf2\xad\x88"
6707 "\x56\x76\xa7\x9b\x59\x3c\xb1\x5d"
6708 "\x78\xfd\x69\x79\x74\x78\x43\x26"
6709 "\x7b\xde\x3f\xf1\xf5\x4e\x14\xd9"
6710 "\x15\xf5\x75\xb5\x2e\x19\xf3\x0c"
6711 "\x48\x72\xd6\x71\x6d\x03\x6e\xaa"
6712 "\xa7\x08\xf9\xaa\x70\xa3\x0f\x4d"
6713 "\x12\x8a\xdd\xe3\x39\x73\x7e\xa7"
6714 "\xea\x1f\x6d\x06\x26\x2a\xf2\xc5"
6715 "\x52\xb4\xbf\xfd\x52\x0c\x06\x60"
6716 "\x90\xd1\xb2\x7b\x56\xae\xac\x58"
6717 "\x5a\x6b\x50\x2a\xf5\xe0\x30\x3c"
6718 "\x2a\x98\x0f\x1b\x5b\x0a\x84\x6c"
6719 "\x31\xae\x92\xe2\xd4\xbb\x7f\x59"
6720 "\x26\x10\xb9\x89\x37\x68\x26\xbf"
6721 "\x41\xc8\x49\xc4\x70\x35\x7d\xff"
6722 "\x2d\x7f\xf6\x8a\x93\x68\x8c\x78"
6723 "\x0d\x53\xce\x7d\xff\x7d\xfb\xae"
6724 "\x13\x1b\x75\xc4\x78\xd7\x71\xd8"
6725 "\xea\xd3\xf4\x9d\x95\x64\x8e\xb4"
6726 "\xde\xb8\xe4\xa6\x68\xc8\xae\x73"
6727 "\x58\xaf\xa8\xb0\x5a\x20\xde\x87"
6728 "\x43\xb9\x0f\xe3\xad\x41\x4b\xd5"
6729 "\xb7\xad\x16\x00\xa6\xff\xf6\x74"
6730 "\xbf\x8c\x9f\xb3\x58\x1b\xb6\x55"
6731 "\xa9\x90\x56\x28\xf0\xb5\x13\x4e"
6732 "\x9e\xf7\x25\x86\xe0\x07\x7b\x98"
6733 "\xd8\x60\x5d\x38\x95\x3c\xe4\x22"
6734 "\x16\x2f\xb2\xa2\xaf\xe8\x90\x17"
6735 "\xec\x11\x83\x1a\xf4\xa9\x26\xda"
6736 "\x39\x72\xf5\x94\x61\x05\x51\xec"
6737 "\xa8\x30\x8b\x2c\x13\xd0\x72\xac"
6738 "\xb9\xd2\xa0\x4c\x4b\x78\xe8\x6e"
6739 "\x04\x85\xe9\x04\x49\x82\x91\xff"
6740 "\x89\xe5\xab\x4c\xaa\x37\x03\x12"
6741 "\xca\x8b\x74\x10\xfd\x9e\xd9\x7b"
6742 "\xcb\xdb\x82\x6e\xce\x2e\x33\x39"
6743 "\xce\xd2\x84\x6e\x34\x71\x51\x6e"
6744 "\x0d\xd6\x01\x87\xc7\xfa\x0a\xd3"
6745 "\xad\x36\xf3\x4c\x9f\x96\x5e\x62"
6746 "\x62\x54\xc3\x03\x78\xd6\xab\xdd"
6747 "\x89\x73\x55\x25\x30\xf8\xa7\xe6"
6748 "\x4f\x11\x0c\x7c\x0a\xa1\x2b\x7b"
6749 "\x3d\x0d\xde\x81\xd4\x9d\x0b\xae"
6750 "\xdf\x00\xf9\x4c\xb6\x90\x8e\x16"
6751 "\xcb\x11\xc8\xd1\x2e\x73\x13\x75"
6752 "\x75\x3e\xaa\xf5\xee\x02\xb3\x18"
6753 "\xa6\x2d\xf5\x3b\x51\xd1\x1f\x47"
6754 "\x6b\x2c\xdb\xc4\x10\xe0\xc8\xba"
6755 "\x9d\xac\xb1\x9d\x75\xd5\x41\x0e"
6756 "\x7e\xbe\x18\x5b\xa4\x1f\xf8\x22"
6757 "\x4c\xc1\x68\xda\x6d\x51\x34\x6c"
6758 "\x19\x59\xec\xb5\xb1\xec\xa7\x03"
6759 "\xca\x54\x99\x63\x05\x6c\xb1\xac"
6760 "\x9c\x31\xd6\xdb\xba\x7b\x14\x12"
6761 "\x7a\xc3\x2f\xbf\x8d\xdc\x37\x46"
6762 "\xdb\xd2\xbc\xd4\x2f\xab\x30\xd5"
6763 "\xed\x34\x99\x8e\x83\x3e\xbe\x4c"
6764 "\x86\x79\x58\xe0\x33\x8d\x9a\xb8"
6765 "\xa9\xa6\x90\x46\xa2\x02\xb8\xdd"
6766 "\xf5\xf9\x1a\x5c\x8c\x01\xaa\x6e"
6767 "\xb4\x22\x12\xf5\x0c\x1b\x9b\x7a"
6768 "\xc3\x80\xf3\x06\x00\x5f\x30\xd5"
6769 "\x06\xdb\x7d\x82\xc2\xd4\x0b\x4c"
6770 "\x5f\xe9\xc5\xf5\xdf\x97\x12\xbf"
6771 "\x56\xaf\x9b\x69\xcd\xee\x30\xb4"
6772 "\xa8\x71\xff\x3e\x7d\x73\x7a\xb4"
6773 "\x0d\xa5\x46\x7a\xf3\xf4\x15\x87"
6774 "\x5d\x93\x2b\x8c\x37\x64\xb5\xdd"
6775 "\x48\xd1\xe5\x8c\xae\xd4\xf1\x76"
6776 "\xda\xf4\xba\x9e\x25\x0e\xad\xa3"
6777 "\x0d\x08\x7c\xa8\x82\x16\x8d\x90"
6778 "\x56\x40\x16\x84\xe7\x22\x53\x3a"
6779 "\x58\xbc\xb9\x8f\x33\xc8\xc2\x84"
6780 "\x22\xe6\x0d\xe7\xb3\xdc\x5d\xdf"
6781 "\xd7\x2a\x36\xe4\x16\x06\x07\xd2"
6782 "\x97\x60\xb2\xf5\x5e\x14\xc9\xfd"
6783 "\x8b\x05\xd1\xce\xee\x9a\x65\x99"
6784 "\xb7\xae\x19\xb7\xc8\xbc\xd5\xa2"
6785 "\x7b\x95\xe1\xcc\xba\x0d\xdc\x8a"
6786 "\x1d\x59\x52\x50\xaa\x16\x02\x82"
6787 "\xdf\x61\x33\x2e\x44\xce\x49\xc7"
6788 "\xe5\xc6\x2e\x76\xcf\x80\x52\xf0"
6789 "\x3d\x17\x34\x47\x3f\xd3\x80\x48"
6790 "\xa2\xba\xd5\xc7\x7b\x02\x28\xdb"
6791 "\xac\x44\xc7\x6e\x05\x5c\xc2\x79"
6792 "\xb3\x7d\x6a\x47\x77\x66\xf1\x38"
6793 "\xf0\xf5\x4f\x27\x1a\x31\xca\x6c"
6794 "\x72\x95\x92\x8e\x3f\xb0\xec\x1d"
6795 "\xc7\x2a\xff\x73\xee\xdf\x55\x80"
6796 "\x93\xd2\xbd\x34\xd3\x9f\x00\x51"
6797 "\xfb\x2e\x41\xba\x6c\x5a\x7c\x17"
6798 "\x7f\xe6\x70\xac\x8d\x39\x3f\x77"
6799 "\xe2\x23\xac\x8f\x72\x4e\xe4\x53"
6800 "\xcc\xf1\x1b\xf1\x35\xfe\x52\xa4"
6801 "\xd6\xb8\x40\x6b\xc1\xfd\xa0\xa1"
6802 "\xf5\x46\x65\xc2\x50\xbb\x43\xe2"
6803 "\xd1\x43\x28\x34\x74\xf5\x87\xa0"
6804 "\xf2\x5e\x27\x3b\x59\x2b\x3e\x49"
6805 "\xdf\x46\xee\xaf\x71\xd7\x32\x36"
6806 "\xc7\x14\x0b\x58\x6e\x3e\x2d\x41"
6807 "\xfa\x75\x66\x3a\x54\xe0\xb2\xb9"
6808 "\xaf\xdd\x04\x80\x15\x19\x3f\x6f"
6809 "\xce\x12\xb4\xd8\xe8\x89\x3c\x05"
6810 "\x30\xeb\xf3\x3d\xcd\x27\xec\xdc"
6811 "\x56\x70\x12\xcf\x78\x2b\x77\xbf"
6812 "\x22\xf0\x1b\x17\x9c\xcc\xd6\x1b"
6813 "\x2d\x3d\xa0\x3b\xd8\xc9\x70\xa4"
6814 "\x7a\x3e\x07\xb9\x06\xc3\xfa\xb0"
6815 "\x33\xee\xc1\xd8\xf6\xe0\xf0\xb2"
6816 "\x61\x12\x69\xb0\x5f\x28\x99\xda"
6817 "\xc3\x61\x48\xfa\x07\x16\x03\xc4"
6818 "\xa8\xe1\x3c\xe8\x0e\x64\x15\x30"
6819 "\xc1\x9d\x84\x2f\x73\x98\x0e\x3a"
6820 "\xf2\x86\x21\xa4\x9e\x1d\xb5\x86"
6821 "\x16\xdb\x2b\x9a\x06\x64\x8e\x79"
6822 "\x8d\x76\x3e\xc3\xc2\x64\x44\xe3"
6823 "\xda\xbc\x1a\x52\xd7\x61\x03\x65"
6824 "\x54\x32\x77\x01\xed\x9d\x8a\x43"
6825 "\x25\x24\xe3\xc1\xbe\xb8\x2f\xcb"
6826 "\x89\x14\x64\xab\xf6\xa0\x6e\x02"
6827 "\x57\xe4\x7d\xa9\x4e\x9a\x03\x36"
6828 "\xad\xf1\xb1\xfc\x0b\xe6\x79\x51"
6829 "\x9f\x81\x77\xc4\x14\x78\x9d\xbf"
6830 "\xb6\xd6\xa3\x8c\xba\x0b\x26\xe7"
6831 "\xc8\xb9\x5c\xcc\xe1\x5f\xd5\xc6"
6832 "\xc4\xca\xc2\xa3\x45\xba\x94\x13"
6833 "\xb2\x8f\xc3\x54\x01\x09\xe7\x8b"
6834 "\xda\x2a\x0a\x11\x02\x43\xcb\x57"
6835 "\xc9\xcc\xb5\x5c\xab\xc4\xec\x54"
6836 "\x00\x06\x34\xe1\x6e\x03\x89\x7c"
6837 "\xc6\xfb\x6a\xc7\x60\x43\xd6\xc5"
6838 "\xb5\x68\x72\x89\x8f\x42\xc3\x74"
6839 "\xbd\x25\xaa\x9f\x67\xb5\xdf\x26"
6840 "\x20\xe8\xb7\x01\x3c\xe4\x77\xce"
6841 "\xc4\x65\xa7\x23\x79\xea\x33\xc7"
6842 "\x82\x14\x5c\x82\xf2\x4e\x3d\xf6"
6843 "\xc6\x4a\x0e\x29\xbb\xec\x44\xcd"
6844 "\x2f\xd1\x4f\x21\x71\xa9\xce\x0f"
6845 "\x5c\xf2\x72\x5c\x08\x2e\x21\xd2"
6846 "\xc3\x29\x13\xd8\xac\xc3\xda\x13"
6847 "\x1a\x9d\xa7\x71\x1d\x27\x1d\x27"
6848 "\x1d\xea\xab\x44\x79\xad\xe5\xeb"
6849 "\xef\x1f\x22\x0a\x44\x4f\xcb\x87"
6850 "\xa7\x58\x71\x0e\x66\xf8\x60\xbf"
6851 "\x60\x74\x4a\xb4\xec\x2e\xfe\xd3"
6852 "\xf5\xb8\xfe\x46\x08\x50\x99\x6c"
6853 "\x66\xa5\xa8\x34\x44\xb5\xe5\xf0"
6854 "\xdd\x2c\x67\x4e\x35\x96\x8e\x67"
6855 "\x48\x3f\x5f\x37\x44\x60\x51\x2e"
6856 "\x14\x91\x5e\x57\xc3\x0e\x79\x77"
6857 "\x2f\x03\xf4\xe2\x1c\x72\xbf\x85"
6858 "\x5d\xd3\x17\xdf\x6c\xc5\x70\x24"
6859 "\x42\xdf\x51\x4e\x2a\xb2\xd2\x5b"
6860 "\x9e\x69\x83\x41\x11\xfe\x73\x22"
6861 "\xde\x8a\x9e\xd8\x8a\xfb\x20\x38"
6862 "\xd8\x47\x6f\xd5\xed\x8f\x41\xfd"
6863 "\x13\x7a\x18\x03\x7d\x0f\xcd\x7d"
6864 "\xa6\x7d\x31\x9e\xf1\x8f\x30\xa3"
6865 "\x8b\x4c\x24\xb7\xf5\x48\xd7\xd9"
6866 "\x12\xe7\x84\x97\x5c\x31\x6d\xfb"
6867 "\xdf\xf3\xd3\xd1\xd5\x0c\x30\x06"
6868 "\x01\x6a\xbc\x6c\x78\x7b\xa6\x50"
6869 "\xfa\x0f\x3c\x42\x2d\xa5\xa3\x3b"
6870 "\xcf\x62\x50\xff\x71\x6d\xe7\xda"
6871 "\x27\xab\xc6\x67\x16\x65\x68\x64"
6872 "\xc7\xd5\x5f\x81\xa9\xf6\x65\xb3"
6873 "\x5e\x43\x91\x16\xcd\x3d\x55\x37"
6874 "\x55\xb3\xf0\x28\xc5\x54\x19\xc0"
6875 "\xe0\xd6\x2a\x61\xd4\xc8\x72\x51"
6876 "\xe9\xa1\x7b\x48\x21\xad\x44\x09"
6877 "\xe4\x01\x61\x3c\x8a\x5b\xf9\xa1"
6878 "\x6e\x1b\xdf\xc0\x04\xa8\x8b\xf2"
6879 "\x21\xbe\x34\x7b\xfc\xa1\xcd\xc9"
6880 "\xa9\x96\xf4\xa4\x4c\xf7\x4e\x8f"
6881 "\x84\xcc\xd3\xa8\x92\x77\x8f\x36"
6882 "\xe2\x2e\x8c\x33\xe8\x84\xa6\x0c"
6883 "\x6c\x8a\xda\x14\x32\xc2\x96\xff"
6884 "\xc6\x4a\xc2\x9b\x30\x7f\xd1\x29"
6885 "\xc0\xd5\x78\x41\x00\x80\x80\x03"
6886 "\x2a\xb1\xde\x26\x03\x48\x49\xee"
6887 "\x57\x14\x76\x51\x3c\x36\x5d\x0a"
6888 "\x5c\x9f\xe8\xd8\x53\xdb\x4f\xd4"
6889 "\x38\xbf\x66\xc9\x75\x12\x18\x75"
6890 "\x34\x2d\x93\x22\x96\x51\x24\x6e"
6891 "\x4e\xd9\x30\xea\x67\xff\x92\x1c"
6892 "\x16\x26\xe9\xb5\x33\xab\x8c\x22"
6893 "\x47\xdb\xa0\x2c\x08\xf0\x12\x69"
6894 "\x7e\x93\x52\xda\xa5\xe5\xca\xc1"
6895 "\x0f\x55\x2a\xbd\x09\x30\x88\x1b"
6896 "\x9c\xc6\x9f\xe6\xdb\xa6\x92\xeb"
6897 "\xf4\xbd\x5c\xc4\xdb\xc6\x71\x09"
6898 "\xab\x5e\x48\x0c\xed\x6f\xda\x8e"
6899 "\x8d\x0c\x98\x71\x7d\x10\xd0\x9c"
6900 "\x20\x9b\x79\x53\x26\x5d\xb9\x85"
6901 "\x8a\x31\xb8\xc5\x1c\x97\xde\x88"
6902 "\x61\x55\x7f\x7c\x21\x06\xea\xc4"
6903 "\x5f\xaf\xf2\xf0\xd5\x5e\x7d\xb4"
6904 "\x6e\xcf\xe9\xae\x1b\x0e\x11\x80"
6905 "\xc1\x9a\x74\x7e\x52\x6f\xa0\xb7"
6906 "\x24\xcd\x8d\x0a\x11\x40\x63\x72"
6907 "\xfa\xe2\xc5\xb3\x94\xef\x29\xa2"
6908 "\x1a\x23\x43\x04\x37\x55\x0d\xe9"
6909 "\x83\xb2\x29\x51\x49\x64\xa0\xbd"
6910 "\xde\x73\xfd\xa5\x7c\x95\x70\x62"
6911 "\x58\xdc\xe2\xd0\xbf\x98\xf5\x8a"
6912 "\x6a\xfd\xce\xa8\x0e\x42\x2a\xeb"
6913 "\xd2\xff\x83\x27\x53\x5c\xa0\x6e"
6914 "\x93\xef\xe2\xb9\x5d\x35\xd6\x98"
6915 "\xf6\x71\x19\x7a\x54\xa1\xa7\xe8"
6916 "\x09\xfe\xf6\x9e\xc7\xbd\x3e\x29"
6917 "\xbd\x6b\x17\xf4\xe7\x3e\x10\x5c"
6918 "\xc1\xd2\x59\x4f\x4b\x12\x1a\x5b"
6919 "\x50\x80\x59\xb9\xec\x13\x66\xa8"
6920 "\xd2\x31\x7b\x6a\x61\x22\xdd\x7d"
6921 "\x61\xee\x87\x16\x46\x9f\xf9\xc7"
6922 "\x41\xee\x74\xf8\xd0\x96\x2c\x76"
6923 "\x2a\xac\x7d\x6e\x9f\x0e\x7f\x95"
6924 "\xfe\x50\x16\xb2\x23\xca\x62\xd5"
6925 "\x68\xcf\x07\x3f\x3f\x97\x85\x2a"
6926 "\x0c\x25\x45\xba\xdb\x32\xcb\x83"
6927 "\x8c\x4f\xe0\x6d\x9a\x99\xf9\xc9"
6928 "\xda\xd4\x19\x31\xc1\x7c\x6d\xd9"
6929 "\x9c\x56\xd3\xec\xc1\x81\x4c\xed"
6930 "\x28\x9d\x87\xeb\x19\xd7\x1a\x4f"
6931 "\x04\x6a\xcb\x1f\xcf\x1f\xa2\x16"
6932 "\xfc\x2a\x0d\xa1\x14\x2d\xfa\xc5"
6933 "\x5a\xd2\xc5\xf9\x19\x7c\x20\x1f"
6934 "\x2d\x10\xc0\x66\x7c\xd9\x2d\xe5"
6935 "\x88\x70\x59\xa7\x85\xd5\x2e\x7c"
6936 "\x5c\xe3\xb7\x12\xd6\x97\x3f\x29",
6937 .psize = 2048,
6938 .digest = "\x37\x90\x92\xc2\xeb\x01\x87\xd9"
6939 "\x95\xc7\x91\xc3\x17\x8b\x38\x52",
6940 }
6941};
6942
6943
5596/* 6944/*
5597 * DES test vectors. 6945 * DES test vectors.
5598 */ 6946 */
@@ -11449,6 +12797,82 @@ static const struct cipher_testvec aes_cbc_tv_template[] = {
11449 }, 12797 },
11450}; 12798};
11451 12799
12800static const struct cipher_testvec aes_cfb_tv_template[] = {
12801 { /* From NIST SP800-38A */
12802 .key = "\x2b\x7e\x15\x16\x28\xae\xd2\xa6"
12803 "\xab\xf7\x15\x88\x09\xcf\x4f\x3c",
12804 .klen = 16,
12805 .iv = "\x00\x01\x02\x03\x04\x05\x06\x07"
12806 "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f",
12807 .ptext = "\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96"
12808 "\xe9\x3d\x7e\x11\x73\x93\x17\x2a"
12809 "\xae\x2d\x8a\x57\x1e\x03\xac\x9c"
12810 "\x9e\xb7\x6f\xac\x45\xaf\x8e\x51"
12811 "\x30\xc8\x1c\x46\xa3\x5c\xe4\x11"
12812 "\xe5\xfb\xc1\x19\x1a\x0a\x52\xef"
12813 "\xf6\x9f\x24\x45\xdf\x4f\x9b\x17"
12814 "\xad\x2b\x41\x7b\xe6\x6c\x37\x10",
12815 .ctext = "\x3b\x3f\xd9\x2e\xb7\x2d\xad\x20"
12816 "\x33\x34\x49\xf8\xe8\x3c\xfb\x4a"
12817 "\xc8\xa6\x45\x37\xa0\xb3\xa9\x3f"
12818 "\xcd\xe3\xcd\xad\x9f\x1c\xe5\x8b"
12819 "\x26\x75\x1f\x67\xa3\xcb\xb1\x40"
12820 "\xb1\x80\x8c\xf1\x87\xa4\xf4\xdf"
12821 "\xc0\x4b\x05\x35\x7c\x5d\x1c\x0e"
12822 "\xea\xc4\xc6\x6f\x9f\xf7\xf2\xe6",
12823 .len = 64,
12824 }, {
12825 .key = "\x8e\x73\xb0\xf7\xda\x0e\x64\x52"
12826 "\xc8\x10\xf3\x2b\x80\x90\x79\xe5"
12827 "\x62\xf8\xea\xd2\x52\x2c\x6b\x7b",
12828 .klen = 24,
12829 .iv = "\x00\x01\x02\x03\x04\x05\x06\x07"
12830 "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f",
12831 .ptext = "\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96"
12832 "\xe9\x3d\x7e\x11\x73\x93\x17\x2a"
12833 "\xae\x2d\x8a\x57\x1e\x03\xac\x9c"
12834 "\x9e\xb7\x6f\xac\x45\xaf\x8e\x51"
12835 "\x30\xc8\x1c\x46\xa3\x5c\xe4\x11"
12836 "\xe5\xfb\xc1\x19\x1a\x0a\x52\xef"
12837 "\xf6\x9f\x24\x45\xdf\x4f\x9b\x17"
12838 "\xad\x2b\x41\x7b\xe6\x6c\x37\x10",
12839 .ctext = "\xcd\xc8\x0d\x6f\xdd\xf1\x8c\xab"
12840 "\x34\xc2\x59\x09\xc9\x9a\x41\x74"
12841 "\x67\xce\x7f\x7f\x81\x17\x36\x21"
12842 "\x96\x1a\x2b\x70\x17\x1d\x3d\x7a"
12843 "\x2e\x1e\x8a\x1d\xd5\x9b\x88\xb1"
12844 "\xc8\xe6\x0f\xed\x1e\xfa\xc4\xc9"
12845 "\xc0\x5f\x9f\x9c\xa9\x83\x4f\xa0"
12846 "\x42\xae\x8f\xba\x58\x4b\x09\xff",
12847 .len = 64,
12848 }, {
12849 .key = "\x60\x3d\xeb\x10\x15\xca\x71\xbe"
12850 "\x2b\x73\xae\xf0\x85\x7d\x77\x81"
12851 "\x1f\x35\x2c\x07\x3b\x61\x08\xd7"
12852 "\x2d\x98\x10\xa3\x09\x14\xdf\xf4",
12853 .klen = 32,
12854 .iv = "\x00\x01\x02\x03\x04\x05\x06\x07"
12855 "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f",
12856 .ptext = "\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96"
12857 "\xe9\x3d\x7e\x11\x73\x93\x17\x2a"
12858 "\xae\x2d\x8a\x57\x1e\x03\xac\x9c"
12859 "\x9e\xb7\x6f\xac\x45\xaf\x8e\x51"
12860 "\x30\xc8\x1c\x46\xa3\x5c\xe4\x11"
12861 "\xe5\xfb\xc1\x19\x1a\x0a\x52\xef"
12862 "\xf6\x9f\x24\x45\xdf\x4f\x9b\x17"
12863 "\xad\x2b\x41\x7b\xe6\x6c\x37\x10",
12864 .ctext = "\xdc\x7e\x84\xbf\xda\x79\x16\x4b"
12865 "\x7e\xcd\x84\x86\x98\x5d\x38\x60"
12866 "\x39\xff\xed\x14\x3b\x28\xb1\xc8"
12867 "\x32\x11\x3c\x63\x31\xe5\x40\x7b"
12868 "\xdf\x10\x13\x24\x15\xe5\x4b\x92"
12869 "\xa1\x3e\xd0\xa8\x26\x7a\xe2\xf9"
12870 "\x75\xa3\x85\x74\x1a\xb9\xce\xf8"
12871 "\x20\x31\x62\x3d\x55\xb1\xe4\x71",
12872 .len = 64,
12873 },
12874};
12875
11452static const struct aead_testvec hmac_md5_ecb_cipher_null_enc_tv_template[] = { 12876static const struct aead_testvec hmac_md5_ecb_cipher_null_enc_tv_template[] = {
11453 { /* Input data from RFC 2410 Case 1 */ 12877 { /* Input data from RFC 2410 Case 1 */
11454#ifdef __LITTLE_ENDIAN 12878#ifdef __LITTLE_ENDIAN
@@ -30802,6 +32226,1794 @@ static const struct cipher_testvec chacha20_tv_template[] = {
30802 }, 32226 },
30803}; 32227};
30804 32228
32229static const struct cipher_testvec xchacha20_tv_template[] = {
32230 { /* from libsodium test/default/xchacha20.c */
32231 .key = "\x79\xc9\x97\x98\xac\x67\x30\x0b"
32232 "\xbb\x27\x04\xc9\x5c\x34\x1e\x32"
32233 "\x45\xf3\xdc\xb2\x17\x61\xb9\x8e"
32234 "\x52\xff\x45\xb2\x4f\x30\x4f\xc4",
32235 .klen = 32,
32236 .iv = "\xb3\x3f\xfd\x30\x96\x47\x9b\xcf"
32237 "\xbc\x9a\xee\x49\x41\x76\x88\xa0"
32238 "\xa2\x55\x4f\x8d\x95\x38\x94\x19"
32239 "\x00\x00\x00\x00\x00\x00\x00\x00",
32240 .ptext = "\x00\x00\x00\x00\x00\x00\x00\x00"
32241 "\x00\x00\x00\x00\x00\x00\x00\x00"
32242 "\x00\x00\x00\x00\x00\x00\x00\x00"
32243 "\x00\x00\x00\x00\x00",
32244 .ctext = "\xc6\xe9\x75\x81\x60\x08\x3a\xc6"
32245 "\x04\xef\x90\xe7\x12\xce\x6e\x75"
32246 "\xd7\x79\x75\x90\x74\x4e\x0c\xf0"
32247 "\x60\xf0\x13\x73\x9c",
32248 .len = 29,
32249 }, { /* from libsodium test/default/xchacha20.c */
32250 .key = "\x9d\x23\xbd\x41\x49\xcb\x97\x9c"
32251 "\xcf\x3c\x5c\x94\xdd\x21\x7e\x98"
32252 "\x08\xcb\x0e\x50\xcd\x0f\x67\x81"
32253 "\x22\x35\xea\xaf\x60\x1d\x62\x32",
32254 .klen = 32,
32255 .iv = "\xc0\x47\x54\x82\x66\xb7\xc3\x70"
32256 "\xd3\x35\x66\xa2\x42\x5c\xbf\x30"
32257 "\xd8\x2d\x1e\xaf\x52\x94\x10\x9e"
32258 "\x00\x00\x00\x00\x00\x00\x00\x00",
32259 .ptext = "\x00\x00\x00\x00\x00\x00\x00\x00"
32260 "\x00\x00\x00\x00\x00\x00\x00\x00"
32261 "\x00\x00\x00\x00\x00\x00\x00\x00"
32262 "\x00\x00\x00\x00\x00\x00\x00\x00"
32263 "\x00\x00\x00\x00\x00\x00\x00\x00"
32264 "\x00\x00\x00\x00\x00\x00\x00\x00"
32265 "\x00\x00\x00\x00\x00\x00\x00\x00"
32266 "\x00\x00\x00\x00\x00\x00\x00\x00"
32267 "\x00\x00\x00\x00\x00\x00\x00\x00"
32268 "\x00\x00\x00\x00\x00\x00\x00\x00"
32269 "\x00\x00\x00\x00\x00\x00\x00\x00"
32270 "\x00\x00\x00",
32271 .ctext = "\xa2\x12\x09\x09\x65\x94\xde\x8c"
32272 "\x56\x67\xb1\xd1\x3a\xd9\x3f\x74"
32273 "\x41\x06\xd0\x54\xdf\x21\x0e\x47"
32274 "\x82\xcd\x39\x6f\xec\x69\x2d\x35"
32275 "\x15\xa2\x0b\xf3\x51\xee\xc0\x11"
32276 "\xa9\x2c\x36\x78\x88\xbc\x46\x4c"
32277 "\x32\xf0\x80\x7a\xcd\x6c\x20\x3a"
32278 "\x24\x7e\x0d\xb8\x54\x14\x84\x68"
32279 "\xe9\xf9\x6b\xee\x4c\xf7\x18\xd6"
32280 "\x8d\x5f\x63\x7c\xbd\x5a\x37\x64"
32281 "\x57\x78\x8e\x6f\xae\x90\xfc\x31"
32282 "\x09\x7c\xfc",
32283 .len = 91,
32284 }, { /* Taken from the ChaCha20 test vectors, appended 12 random bytes
32285 to the nonce, zero-padded the stream position from 4 to 8 bytes,
32286 and recomputed the ciphertext using libsodium's XChaCha20 */
32287 .key = "\x00\x00\x00\x00\x00\x00\x00\x00"
32288 "\x00\x00\x00\x00\x00\x00\x00\x00"
32289 "\x00\x00\x00\x00\x00\x00\x00\x00"
32290 "\x00\x00\x00\x00\x00\x00\x00\x00",
32291 .klen = 32,
32292 .iv = "\x00\x00\x00\x00\x00\x00\x00\x00"
32293 "\x00\x00\x00\x00\x67\xc6\x69\x73"
32294 "\x51\xff\x4a\xec\x29\xcd\xba\xab"
32295 "\x00\x00\x00\x00\x00\x00\x00\x00",
32296 .ptext = "\x00\x00\x00\x00\x00\x00\x00\x00"
32297 "\x00\x00\x00\x00\x00\x00\x00\x00"
32298 "\x00\x00\x00\x00\x00\x00\x00\x00"
32299 "\x00\x00\x00\x00\x00\x00\x00\x00"
32300 "\x00\x00\x00\x00\x00\x00\x00\x00"
32301 "\x00\x00\x00\x00\x00\x00\x00\x00"
32302 "\x00\x00\x00\x00\x00\x00\x00\x00"
32303 "\x00\x00\x00\x00\x00\x00\x00\x00",
32304 .ctext = "\x9c\x49\x2a\xe7\x8a\x2f\x93\xc7"
32305 "\xb3\x33\x6f\x82\x17\xd8\xc4\x1e"
32306 "\xad\x80\x11\x11\x1d\x4c\x16\x18"
32307 "\x07\x73\x9b\x4f\xdb\x7c\xcb\x47"
32308 "\xfd\xef\x59\x74\xfa\x3f\xe5\x4c"
32309 "\x9b\xd0\xea\xbc\xba\x56\xad\x32"
32310 "\x03\xdc\xf8\x2b\xc1\xe1\x75\x67"
32311 "\x23\x7b\xe6\xfc\xd4\x03\x86\x54",
32312 .len = 64,
32313 }, { /* Derived from a ChaCha20 test vector, via the process above */
32314 .key = "\x00\x00\x00\x00\x00\x00\x00\x00"
32315 "\x00\x00\x00\x00\x00\x00\x00\x00"
32316 "\x00\x00\x00\x00\x00\x00\x00\x00"
32317 "\x00\x00\x00\x00\x00\x00\x00\x01",
32318 .klen = 32,
32319 .iv = "\x00\x00\x00\x00\x00\x00\x00\x00"
32320 "\x00\x00\x00\x02\xf2\xfb\xe3\x46"
32321 "\x7c\xc2\x54\xf8\x1b\xe8\xe7\x8d"
32322 "\x01\x00\x00\x00\x00\x00\x00\x00",
32323 .ptext = "\x41\x6e\x79\x20\x73\x75\x62\x6d"
32324 "\x69\x73\x73\x69\x6f\x6e\x20\x74"
32325 "\x6f\x20\x74\x68\x65\x20\x49\x45"
32326 "\x54\x46\x20\x69\x6e\x74\x65\x6e"
32327 "\x64\x65\x64\x20\x62\x79\x20\x74"
32328 "\x68\x65\x20\x43\x6f\x6e\x74\x72"
32329 "\x69\x62\x75\x74\x6f\x72\x20\x66"
32330 "\x6f\x72\x20\x70\x75\x62\x6c\x69"
32331 "\x63\x61\x74\x69\x6f\x6e\x20\x61"
32332 "\x73\x20\x61\x6c\x6c\x20\x6f\x72"
32333 "\x20\x70\x61\x72\x74\x20\x6f\x66"
32334 "\x20\x61\x6e\x20\x49\x45\x54\x46"
32335 "\x20\x49\x6e\x74\x65\x72\x6e\x65"
32336 "\x74\x2d\x44\x72\x61\x66\x74\x20"
32337 "\x6f\x72\x20\x52\x46\x43\x20\x61"
32338 "\x6e\x64\x20\x61\x6e\x79\x20\x73"
32339 "\x74\x61\x74\x65\x6d\x65\x6e\x74"
32340 "\x20\x6d\x61\x64\x65\x20\x77\x69"
32341 "\x74\x68\x69\x6e\x20\x74\x68\x65"
32342 "\x20\x63\x6f\x6e\x74\x65\x78\x74"
32343 "\x20\x6f\x66\x20\x61\x6e\x20\x49"
32344 "\x45\x54\x46\x20\x61\x63\x74\x69"
32345 "\x76\x69\x74\x79\x20\x69\x73\x20"
32346 "\x63\x6f\x6e\x73\x69\x64\x65\x72"
32347 "\x65\x64\x20\x61\x6e\x20\x22\x49"
32348 "\x45\x54\x46\x20\x43\x6f\x6e\x74"
32349 "\x72\x69\x62\x75\x74\x69\x6f\x6e"
32350 "\x22\x2e\x20\x53\x75\x63\x68\x20"
32351 "\x73\x74\x61\x74\x65\x6d\x65\x6e"
32352 "\x74\x73\x20\x69\x6e\x63\x6c\x75"
32353 "\x64\x65\x20\x6f\x72\x61\x6c\x20"
32354 "\x73\x74\x61\x74\x65\x6d\x65\x6e"
32355 "\x74\x73\x20\x69\x6e\x20\x49\x45"
32356 "\x54\x46\x20\x73\x65\x73\x73\x69"
32357 "\x6f\x6e\x73\x2c\x20\x61\x73\x20"
32358 "\x77\x65\x6c\x6c\x20\x61\x73\x20"
32359 "\x77\x72\x69\x74\x74\x65\x6e\x20"
32360 "\x61\x6e\x64\x20\x65\x6c\x65\x63"
32361 "\x74\x72\x6f\x6e\x69\x63\x20\x63"
32362 "\x6f\x6d\x6d\x75\x6e\x69\x63\x61"
32363 "\x74\x69\x6f\x6e\x73\x20\x6d\x61"
32364 "\x64\x65\x20\x61\x74\x20\x61\x6e"
32365 "\x79\x20\x74\x69\x6d\x65\x20\x6f"
32366 "\x72\x20\x70\x6c\x61\x63\x65\x2c"
32367 "\x20\x77\x68\x69\x63\x68\x20\x61"
32368 "\x72\x65\x20\x61\x64\x64\x72\x65"
32369 "\x73\x73\x65\x64\x20\x74\x6f",
32370 .ctext = "\xf9\xab\x7a\x4a\x60\xb8\x5f\xa0"
32371 "\x50\xbb\x57\xce\xef\x8c\xc1\xd9"
32372 "\x24\x15\xb3\x67\x5e\x7f\x01\xf6"
32373 "\x1c\x22\xf6\xe5\x71\xb1\x43\x64"
32374 "\x63\x05\xd5\xfc\x5c\x3d\xc0\x0e"
32375 "\x23\xef\xd3\x3b\xd9\xdc\x7f\xa8"
32376 "\x58\x26\xb3\xd0\xc2\xd5\x04\x3f"
32377 "\x0a\x0e\x8f\x17\xe4\xcd\xf7\x2a"
32378 "\xb4\x2c\x09\xe4\x47\xec\x8b\xfb"
32379 "\x59\x37\x7a\xa1\xd0\x04\x7e\xaa"
32380 "\xf1\x98\x5f\x24\x3d\x72\x9a\x43"
32381 "\xa4\x36\x51\x92\x22\x87\xff\x26"
32382 "\xce\x9d\xeb\x59\x78\x84\x5e\x74"
32383 "\x97\x2e\x63\xc0\xef\x29\xf7\x8a"
32384 "\xb9\xee\x35\x08\x77\x6a\x35\x9a"
32385 "\x3e\xe6\x4f\x06\x03\x74\x1b\xc1"
32386 "\x5b\xb3\x0b\x89\x11\x07\xd3\xb7"
32387 "\x53\xd6\x25\x04\xd9\x35\xb4\x5d"
32388 "\x4c\x33\x5a\xc2\x42\x4c\xe6\xa4"
32389 "\x97\x6e\x0e\xd2\xb2\x8b\x2f\x7f"
32390 "\x28\xe5\x9f\xac\x4b\x2e\x02\xab"
32391 "\x85\xfa\xa9\x0d\x7c\x2d\x10\xe6"
32392 "\x91\xab\x55\x63\xf0\xde\x3a\x94"
32393 "\x25\x08\x10\x03\xc2\x68\xd1\xf4"
32394 "\xaf\x7d\x9c\x99\xf7\x86\x96\x30"
32395 "\x60\xfc\x0b\xe6\xa8\x80\x15\xb0"
32396 "\x81\xb1\x0c\xbe\xb9\x12\x18\x25"
32397 "\xe9\x0e\xb1\xe7\x23\xb2\xef\x4a"
32398 "\x22\x8f\xc5\x61\x89\xd4\xe7\x0c"
32399 "\x64\x36\x35\x61\xb6\x34\x60\xf7"
32400 "\x7b\x61\x37\x37\x12\x10\xa2\xf6"
32401 "\x7e\xdb\x7f\x39\x3f\xb6\x8e\x89"
32402 "\x9e\xf3\xfe\x13\x98\xbb\x66\x5a"
32403 "\xec\xea\xab\x3f\x9c\x87\xc4\x8c"
32404 "\x8a\x04\x18\x49\xfc\x77\x11\x50"
32405 "\x16\xe6\x71\x2b\xee\xc0\x9c\xb6"
32406 "\x87\xfd\x80\xff\x0b\x1d\x73\x38"
32407 "\xa4\x1d\x6f\xae\xe4\x12\xd7\x93"
32408 "\x9d\xcd\x38\x26\x09\x40\x52\xcd"
32409 "\x67\x01\x67\x26\xe0\x3e\x98\xa8"
32410 "\xe8\x1a\x13\x41\xbb\x90\x4d\x87"
32411 "\xbb\x42\x82\x39\xce\x3a\xd0\x18"
32412 "\x6d\x7b\x71\x8f\xbb\x2c\x6a\xd1"
32413 "\xbd\xf5\xc7\x8a\x7e\xe1\x1e\x0f"
32414 "\x0d\x0d\x13\x7c\xd9\xd8\x3c\x91"
32415 "\xab\xff\x1f\x12\xc3\xee\xe5\x65"
32416 "\x12\x8d\x7b\x61\xe5\x1f\x98",
32417 .len = 375,
32418 .also_non_np = 1,
32419 .np = 3,
32420 .tap = { 375 - 20, 4, 16 },
32421
32422 }, { /* Derived from a ChaCha20 test vector, via the process above */
32423 .key = "\x1c\x92\x40\xa5\xeb\x55\xd3\x8a"
32424 "\xf3\x33\x88\x86\x04\xf6\xb5\xf0"
32425 "\x47\x39\x17\xc1\x40\x2b\x80\x09"
32426 "\x9d\xca\x5c\xbc\x20\x70\x75\xc0",
32427 .klen = 32,
32428 .iv = "\x00\x00\x00\x00\x00\x00\x00\x00"
32429 "\x00\x00\x00\x02\x76\x5a\x2e\x63"
32430 "\x33\x9f\xc9\x9a\x66\x32\x0d\xb7"
32431 "\x2a\x00\x00\x00\x00\x00\x00\x00",
32432 .ptext = "\x27\x54\x77\x61\x73\x20\x62\x72"
32433 "\x69\x6c\x6c\x69\x67\x2c\x20\x61"
32434 "\x6e\x64\x20\x74\x68\x65\x20\x73"
32435 "\x6c\x69\x74\x68\x79\x20\x74\x6f"
32436 "\x76\x65\x73\x0a\x44\x69\x64\x20"
32437 "\x67\x79\x72\x65\x20\x61\x6e\x64"
32438 "\x20\x67\x69\x6d\x62\x6c\x65\x20"
32439 "\x69\x6e\x20\x74\x68\x65\x20\x77"
32440 "\x61\x62\x65\x3a\x0a\x41\x6c\x6c"
32441 "\x20\x6d\x69\x6d\x73\x79\x20\x77"
32442 "\x65\x72\x65\x20\x74\x68\x65\x20"
32443 "\x62\x6f\x72\x6f\x67\x6f\x76\x65"
32444 "\x73\x2c\x0a\x41\x6e\x64\x20\x74"
32445 "\x68\x65\x20\x6d\x6f\x6d\x65\x20"
32446 "\x72\x61\x74\x68\x73\x20\x6f\x75"
32447 "\x74\x67\x72\x61\x62\x65\x2e",
32448 .ctext = "\x95\xb9\x51\xe7\x8f\xb4\xa4\x03"
32449 "\xca\x37\xcc\xde\x60\x1d\x8c\xe2"
32450 "\xf1\xbb\x8a\x13\x7f\x61\x85\xcc"
32451 "\xad\xf4\xf0\xdc\x86\xa6\x1e\x10"
32452 "\xbc\x8e\xcb\x38\x2b\xa5\xc8\x8f"
32453 "\xaa\x03\x3d\x53\x4a\x42\xb1\x33"
32454 "\xfc\xd3\xef\xf0\x8e\x7e\x10\x9c"
32455 "\x6f\x12\x5e\xd4\x96\xfe\x5b\x08"
32456 "\xb6\x48\xf0\x14\x74\x51\x18\x7c"
32457 "\x07\x92\xfc\xac\x9d\xf1\x94\xc0"
32458 "\xc1\x9d\xc5\x19\x43\x1f\x1d\xbb"
32459 "\x07\xf0\x1b\x14\x25\x45\xbb\xcb"
32460 "\x5c\xe2\x8b\x28\xf3\xcf\x47\x29"
32461 "\x27\x79\x67\x24\xa6\x87\xc2\x11"
32462 "\x65\x03\xfa\x45\xf7\x9e\x53\x7a"
32463 "\x99\xf1\x82\x25\x4f\x8d\x07",
32464 .len = 127,
32465 }, { /* Derived from a ChaCha20 test vector, via the process above */
32466 .key = "\x1c\x92\x40\xa5\xeb\x55\xd3\x8a"
32467 "\xf3\x33\x88\x86\x04\xf6\xb5\xf0"
32468 "\x47\x39\x17\xc1\x40\x2b\x80\x09"
32469 "\x9d\xca\x5c\xbc\x20\x70\x75\xc0",
32470 .klen = 32,
32471 .iv = "\x00\x00\x00\x00\x00\x00\x00\x00"
32472 "\x00\x00\x00\x01\x31\x58\xa3\x5a"
32473 "\x25\x5d\x05\x17\x58\xe9\x5e\xd4"
32474 "\x1c\x00\x00\x00\x00\x00\x00\x00",
32475 .ptext = "\x49\xee\xe0\xdc\x24\x90\x40\xcd"
32476 "\xc5\x40\x8f\x47\x05\xbc\xdd\x81"
32477 "\x47\xc6\x8d\xe6\xb1\x8f\xd7\xcb"
32478 "\x09\x0e\x6e\x22\x48\x1f\xbf\xb8"
32479 "\x5c\xf7\x1e\x8a\xc1\x23\xf2\xd4"
32480 "\x19\x4b\x01\x0f\x4e\xa4\x43\xce"
32481 "\x01\xc6\x67\xda\x03\x91\x18\x90"
32482 "\xa5\xa4\x8e\x45\x03\xb3\x2d\xac"
32483 "\x74\x92\xd3\x53\x47\xc8\xdd\x25"
32484 "\x53\x6c\x02\x03\x87\x0d\x11\x0c"
32485 "\x58\xe3\x12\x18\xfd\x2a\x5b\x40"
32486 "\x0c\x30\xf0\xb8\x3f\x43\xce\xae"
32487 "\x65\x3a\x7d\x7c\xf4\x54\xaa\xcc"
32488 "\x33\x97\xc3\x77\xba\xc5\x70\xde"
32489 "\xd7\xd5\x13\xa5\x65\xc4\x5f\x0f"
32490 "\x46\x1a\x0d\x97\xb5\xf3\xbb\x3c"
32491 "\x84\x0f\x2b\xc5\xaa\xea\xf2\x6c"
32492 "\xc9\xb5\x0c\xee\x15\xf3\x7d\xbe"
32493 "\x9f\x7b\x5a\xa6\xae\x4f\x83\xb6"
32494 "\x79\x49\x41\xf4\x58\x18\xcb\x86"
32495 "\x7f\x30\x0e\xf8\x7d\x44\x36\xea"
32496 "\x75\xeb\x88\x84\x40\x3c\xad\x4f"
32497 "\x6f\x31\x6b\xaa\x5d\xe5\xa5\xc5"
32498 "\x21\x66\xe9\xa7\xe3\xb2\x15\x88"
32499 "\x78\xf6\x79\xa1\x59\x47\x12\x4e"
32500 "\x9f\x9f\x64\x1a\xa0\x22\x5b\x08"
32501 "\xbe\x7c\x36\xc2\x2b\x66\x33\x1b"
32502 "\xdd\x60\x71\xf7\x47\x8c\x61\xc3"
32503 "\xda\x8a\x78\x1e\x16\xfa\x1e\x86"
32504 "\x81\xa6\x17\x2a\xa7\xb5\xc2\xe7"
32505 "\xa4\xc7\x42\xf1\xcf\x6a\xca\xb4"
32506 "\x45\xcf\xf3\x93\xf0\xe7\xea\xf6"
32507 "\xf4\xe6\x33\x43\x84\x93\xa5\x67"
32508 "\x9b\x16\x58\x58\x80\x0f\x2b\x5c"
32509 "\x24\x74\x75\x7f\x95\x81\xb7\x30"
32510 "\x7a\x33\xa7\xf7\x94\x87\x32\x27"
32511 "\x10\x5d\x14\x4c\x43\x29\xdd\x26"
32512 "\xbd\x3e\x3c\x0e\xfe\x0e\xa5\x10"
32513 "\xea\x6b\x64\xfd\x73\xc6\xed\xec"
32514 "\xa8\xc9\xbf\xb3\xba\x0b\x4d\x07"
32515 "\x70\xfc\x16\xfd\x79\x1e\xd7\xc5"
32516 "\x49\x4e\x1c\x8b\x8d\x79\x1b\xb1"
32517 "\xec\xca\x60\x09\x4c\x6a\xd5\x09"
32518 "\x49\x46\x00\x88\x22\x8d\xce\xea"
32519 "\xb1\x17\x11\xde\x42\xd2\x23\xc1"
32520 "\x72\x11\xf5\x50\x73\x04\x40\x47"
32521 "\xf9\x5d\xe7\xa7\x26\xb1\x7e\xb0"
32522 "\x3f\x58\xc1\x52\xab\x12\x67\x9d"
32523 "\x3f\x43\x4b\x68\xd4\x9c\x68\x38"
32524 "\x07\x8a\x2d\x3e\xf3\xaf\x6a\x4b"
32525 "\xf9\xe5\x31\x69\x22\xf9\xa6\x69"
32526 "\xc6\x9c\x96\x9a\x12\x35\x95\x1d"
32527 "\x95\xd5\xdd\xbe\xbf\x93\x53\x24"
32528 "\xfd\xeb\xc2\x0a\x64\xb0\x77\x00"
32529 "\x6f\x88\xc4\x37\x18\x69\x7c\xd7"
32530 "\x41\x92\x55\x4c\x03\xa1\x9a\x4b"
32531 "\x15\xe5\xdf\x7f\x37\x33\x72\xc1"
32532 "\x8b\x10\x67\xa3\x01\x57\x94\x25"
32533 "\x7b\x38\x71\x7e\xdd\x1e\xcc\x73"
32534 "\x55\xd2\x8e\xeb\x07\xdd\xf1\xda"
32535 "\x58\xb1\x47\x90\xfe\x42\x21\x72"
32536 "\xa3\x54\x7a\xa0\x40\xec\x9f\xdd"
32537 "\xc6\x84\x6e\xca\xae\xe3\x68\xb4"
32538 "\x9d\xe4\x78\xff\x57\xf2\xf8\x1b"
32539 "\x03\xa1\x31\xd9\xde\x8d\xf5\x22"
32540 "\x9c\xdd\x20\xa4\x1e\x27\xb1\x76"
32541 "\x4f\x44\x55\xe2\x9b\xa1\x9c\xfe"
32542 "\x54\xf7\x27\x1b\xf4\xde\x02\xf5"
32543 "\x1b\x55\x48\x5c\xdc\x21\x4b\x9e"
32544 "\x4b\x6e\xed\x46\x23\xdc\x65\xb2"
32545 "\xcf\x79\x5f\x28\xe0\x9e\x8b\xe7"
32546 "\x4c\x9d\x8a\xff\xc1\xa6\x28\xb8"
32547 "\x65\x69\x8a\x45\x29\xef\x74\x85"
32548 "\xde\x79\xc7\x08\xae\x30\xb0\xf4"
32549 "\xa3\x1d\x51\x41\xab\xce\xcb\xf6"
32550 "\xb5\xd8\x6d\xe0\x85\xe1\x98\xb3"
32551 "\x43\xbb\x86\x83\x0a\xa0\xf5\xb7"
32552 "\x04\x0b\xfa\x71\x1f\xb0\xf6\xd9"
32553 "\x13\x00\x15\xf0\xc7\xeb\x0d\x5a"
32554 "\x9f\xd7\xb9\x6c\x65\x14\x22\x45"
32555 "\x6e\x45\x32\x3e\x7e\x60\x1a\x12"
32556 "\x97\x82\x14\xfb\xaa\x04\x22\xfa"
32557 "\xa0\xe5\x7e\x8c\x78\x02\x48\x5d"
32558 "\x78\x33\x5a\x7c\xad\xdb\x29\xce"
32559 "\xbb\x8b\x61\xa4\xb7\x42\xe2\xac"
32560 "\x8b\x1a\xd9\x2f\x0b\x8b\x62\x21"
32561 "\x83\x35\x7e\xad\x73\xc2\xb5\x6c"
32562 "\x10\x26\x38\x07\xe5\xc7\x36\x80"
32563 "\xe2\x23\x12\x61\xf5\x48\x4b\x2b"
32564 "\xc5\xdf\x15\xd9\x87\x01\xaa\xac"
32565 "\x1e\x7c\xad\x73\x78\x18\x63\xe0"
32566 "\x8b\x9f\x81\xd8\x12\x6a\x28\x10"
32567 "\xbe\x04\x68\x8a\x09\x7c\x1b\x1c"
32568 "\x83\x66\x80\x47\x80\xe8\xfd\x35"
32569 "\x1c\x97\x6f\xae\x49\x10\x66\xcc"
32570 "\xc6\xd8\xcc\x3a\x84\x91\x20\x77"
32571 "\x72\xe4\x24\xd2\x37\x9f\xc5\xc9"
32572 "\x25\x94\x10\x5f\x40\x00\x64\x99"
32573 "\xdc\xae\xd7\x21\x09\x78\x50\x15"
32574 "\xac\x5f\xc6\x2c\xa2\x0b\xa9\x39"
32575 "\x87\x6e\x6d\xab\xde\x08\x51\x16"
32576 "\xc7\x13\xe9\xea\xed\x06\x8e\x2c"
32577 "\xf8\x37\x8c\xf0\xa6\x96\x8d\x43"
32578 "\xb6\x98\x37\xb2\x43\xed\xde\xdf"
32579 "\x89\x1a\xe7\xeb\x9d\xa1\x7b\x0b"
32580 "\x77\xb0\xe2\x75\xc0\xf1\x98\xd9"
32581 "\x80\x55\xc9\x34\x91\xd1\x59\xe8"
32582 "\x4b\x0f\xc1\xa9\x4b\x7a\x84\x06"
32583 "\x20\xa8\x5d\xfa\xd1\xde\x70\x56"
32584 "\x2f\x9e\x91\x9c\x20\xb3\x24\xd8"
32585 "\x84\x3d\xe1\x8c\x7e\x62\x52\xe5"
32586 "\x44\x4b\x9f\xc2\x93\x03\xea\x2b"
32587 "\x59\xc5\xfa\x3f\x91\x2b\xbb\x23"
32588 "\xf5\xb2\x7b\xf5\x38\xaf\xb3\xee"
32589 "\x63\xdc\x7b\xd1\xff\xaa\x8b\xab"
32590 "\x82\x6b\x37\x04\xeb\x74\xbe\x79"
32591 "\xb9\x83\x90\xef\x20\x59\x46\xff"
32592 "\xe9\x97\x3e\x2f\xee\xb6\x64\x18"
32593 "\x38\x4c\x7a\x4a\xf9\x61\xe8\x9a"
32594 "\xa1\xb5\x01\xa6\x47\xd3\x11\xd4"
32595 "\xce\xd3\x91\x49\x88\xc7\xb8\x4d"
32596 "\xb1\xb9\x07\x6d\x16\x72\xae\x46"
32597 "\x5e\x03\xa1\x4b\xb6\x02\x30\xa8"
32598 "\x3d\xa9\x07\x2a\x7c\x19\xe7\x62"
32599 "\x87\xe3\x82\x2f\x6f\xe1\x09\xd9"
32600 "\x94\x97\xea\xdd\x58\x9e\xae\x76"
32601 "\x7e\x35\xe5\xb4\xda\x7e\xf4\xde"
32602 "\xf7\x32\x87\xcd\x93\xbf\x11\x56"
32603 "\x11\xbe\x08\x74\xe1\x69\xad\xe2"
32604 "\xd7\xf8\x86\x75\x8a\x3c\xa4\xbe"
32605 "\x70\xa7\x1b\xfc\x0b\x44\x2a\x76"
32606 "\x35\xea\x5d\x85\x81\xaf\x85\xeb"
32607 "\xa0\x1c\x61\xc2\xf7\x4f\xa5\xdc"
32608 "\x02\x7f\xf6\x95\x40\x6e\x8a\x9a"
32609 "\xf3\x5d\x25\x6e\x14\x3a\x22\xc9"
32610 "\x37\x1c\xeb\x46\x54\x3f\xa5\x91"
32611 "\xc2\xb5\x8c\xfe\x53\x08\x97\x32"
32612 "\x1b\xb2\x30\x27\xfe\x25\x5d\xdc"
32613 "\x08\x87\xd0\xe5\x94\x1a\xd4\xf1"
32614 "\xfe\xd6\xb4\xa3\xe6\x74\x81\x3c"
32615 "\x1b\xb7\x31\xa7\x22\xfd\xd4\xdd"
32616 "\x20\x4e\x7c\x51\xb0\x60\x73\xb8"
32617 "\x9c\xac\x91\x90\x7e\x01\xb0\xe1"
32618 "\x8a\x2f\x75\x1c\x53\x2a\x98\x2a"
32619 "\x06\x52\x95\x52\xb2\xe9\x25\x2e"
32620 "\x4c\xe2\x5a\x00\xb2\x13\x81\x03"
32621 "\x77\x66\x0d\xa5\x99\xda\x4e\x8c"
32622 "\xac\xf3\x13\x53\x27\x45\xaf\x64"
32623 "\x46\xdc\xea\x23\xda\x97\xd1\xab"
32624 "\x7d\x6c\x30\x96\x1f\xbc\x06\x34"
32625 "\x18\x0b\x5e\x21\x35\x11\x8d\x4c"
32626 "\xe0\x2d\xe9\x50\x16\x74\x81\xa8"
32627 "\xb4\x34\xb9\x72\x42\xa6\xcc\xbc"
32628 "\xca\x34\x83\x27\x10\x5b\x68\x45"
32629 "\x8f\x52\x22\x0c\x55\x3d\x29\x7c"
32630 "\xe3\xc0\x66\x05\x42\x91\x5f\x58"
32631 "\xfe\x4a\x62\xd9\x8c\xa9\x04\x19"
32632 "\x04\xa9\x08\x4b\x57\xfc\x67\x53"
32633 "\x08\x7c\xbc\x66\x8a\xb0\xb6\x9f"
32634 "\x92\xd6\x41\x7c\x5b\x2a\x00\x79"
32635 "\x72",
32636 .ctext = "\x3a\x92\xee\x53\x31\xaf\x2b\x60"
32637 "\x5f\x55\x8d\x00\x5d\xfc\x74\x97"
32638 "\x28\x54\xf4\xa5\x75\xf1\x9b\x25"
32639 "\x62\x1c\xc0\xe0\x13\xc8\x87\x53"
32640 "\xd0\xf3\xa7\x97\x1f\x3b\x1e\xea"
32641 "\xe0\xe5\x2a\xd1\xdd\xa4\x3b\x50"
32642 "\x45\xa3\x0d\x7e\x1b\xc9\xa0\xad"
32643 "\xb9\x2c\x54\xa6\xc7\x55\x16\xd0"
32644 "\xc5\x2e\x02\x44\x35\xd0\x7e\x67"
32645 "\xf2\xc4\x9b\xcd\x95\x10\xcc\x29"
32646 "\x4b\xfa\x86\x87\xbe\x40\x36\xbe"
32647 "\xe1\xa3\x52\x89\x55\x20\x9b\xc2"
32648 "\xab\xf2\x31\x34\x16\xad\xc8\x17"
32649 "\x65\x24\xc0\xff\x12\x37\xfe\x5a"
32650 "\x62\x3b\x59\x47\x6c\x5f\x3a\x8e"
32651 "\x3b\xd9\x30\xc8\x7f\x2f\x88\xda"
32652 "\x80\xfd\x02\xda\x7f\x9a\x7a\x73"
32653 "\x59\xc5\x34\x09\x9a\x11\xcb\xa7"
32654 "\xfc\xf6\xa1\xa0\x60\xfb\x43\xbb"
32655 "\xf1\xe9\xd7\xc6\x79\x27\x4e\xff"
32656 "\x22\xb4\x24\xbf\x76\xee\x47\xb9"
32657 "\x6d\x3f\x8b\xb0\x9c\x3c\x43\xdd"
32658 "\xff\x25\x2e\x6d\xa4\x2b\xfb\x5d"
32659 "\x1b\x97\x6c\x55\x0a\x82\x7a\x7b"
32660 "\x94\x34\xc2\xdb\x2f\x1f\xc1\xea"
32661 "\xd4\x4d\x17\x46\x3b\x51\x69\x09"
32662 "\xe4\x99\x32\x25\xfd\x94\xaf\xfb"
32663 "\x10\xf7\x4f\xdd\x0b\x3c\x8b\x41"
32664 "\xb3\x6a\xb7\xd1\x33\xa8\x0c\x2f"
32665 "\x62\x4c\x72\x11\xd7\x74\xe1\x3b"
32666 "\x38\x43\x66\x7b\x6c\x36\x48\xe7"
32667 "\xe3\xe7\x9d\xb9\x42\x73\x7a\x2a"
32668 "\x89\x20\x1a\x41\x80\x03\xf7\x8f"
32669 "\x61\x78\x13\xbf\xfe\x50\xf5\x04"
32670 "\x52\xf9\xac\x47\xf8\x62\x4b\xb2"
32671 "\x24\xa9\xbf\x64\xb0\x18\x69\xd2"
32672 "\xf5\xe4\xce\xc8\xb1\x87\x75\xd6"
32673 "\x2c\x24\x79\x00\x7d\x26\xfb\x44"
32674 "\xe7\x45\x7a\xee\x58\xa5\x83\xc1"
32675 "\xb4\x24\xab\x23\x2f\x4d\xd7\x4f"
32676 "\x1c\xc7\xaa\xa9\x50\xf4\xa3\x07"
32677 "\x12\x13\x89\x74\xdc\x31\x6a\xb2"
32678 "\xf5\x0f\x13\x8b\xb9\xdb\x85\x1f"
32679 "\xf5\xbc\x88\xd9\x95\xea\x31\x6c"
32680 "\x36\x60\xb6\x49\xdc\xc4\xf7\x55"
32681 "\x3f\x21\xc1\xb5\x92\x18\x5e\xbc"
32682 "\x9f\x87\x7f\xe7\x79\x25\x40\x33"
32683 "\xd6\xb9\x33\xd5\x50\xb3\xc7\x89"
32684 "\x1b\x12\xa0\x46\xdd\xa7\xd8\x3e"
32685 "\x71\xeb\x6f\x66\xa1\x26\x0c\x67"
32686 "\xab\xb2\x38\x58\x17\xd8\x44\x3b"
32687 "\x16\xf0\x8e\x62\x8d\x16\x10\x00"
32688 "\x32\x8b\xef\xb9\x28\xd3\xc5\xad"
32689 "\x0a\x19\xa2\xe4\x03\x27\x7d\x94"
32690 "\x06\x18\xcd\xd6\x27\x00\xf9\x1f"
32691 "\xb6\xb3\xfe\x96\x35\x5f\xc4\x1c"
32692 "\x07\x62\x10\x79\x68\x50\xf1\x7e"
32693 "\x29\xe7\xc4\xc4\xe7\xee\x54\xd6"
32694 "\x58\x76\x84\x6d\x8d\xe4\x59\x31"
32695 "\xe9\xf4\xdc\xa1\x1f\xe5\x1a\xd6"
32696 "\xe6\x64\x46\xf5\x77\x9c\x60\x7a"
32697 "\x5e\x62\xe3\x0a\xd4\x9f\x7a\x2d"
32698 "\x7a\xa5\x0a\x7b\x29\x86\x7a\x74"
32699 "\x74\x71\x6b\xca\x7d\x1d\xaa\xba"
32700 "\x39\x84\x43\x76\x35\xfe\x4f\x9b"
32701 "\xbb\xbb\xb5\x6a\x32\xb5\x5d\x41"
32702 "\x51\xf0\x5b\x68\x03\x47\x4b\x8a"
32703 "\xca\x88\xf6\x37\xbd\x73\x51\x70"
32704 "\x66\xfe\x9e\x5f\x21\x9c\xf3\xdd"
32705 "\xc3\xea\x27\xf9\x64\x94\xe1\x19"
32706 "\xa0\xa9\xab\x60\xe0\x0e\xf7\x78"
32707 "\x70\x86\xeb\xe0\xd1\x5c\x05\xd3"
32708 "\xd7\xca\xe0\xc0\x47\x47\x34\xee"
32709 "\x11\xa3\xa3\x54\x98\xb7\x49\x8e"
32710 "\x84\x28\x70\x2c\x9e\xfb\x55\x54"
32711 "\x4d\xf8\x86\xf7\x85\x7c\xbd\xf3"
32712 "\x17\xd8\x47\xcb\xac\xf4\x20\x85"
32713 "\x34\x66\xad\x37\x2d\x5e\x52\xda"
32714 "\x8a\xfe\x98\x55\x30\xe7\x2d\x2b"
32715 "\x19\x10\x8e\x7b\x66\x5e\xdc\xe0"
32716 "\x45\x1f\x7b\xb4\x08\xfb\x8f\xf6"
32717 "\x8c\x89\x21\x34\x55\x27\xb2\x76"
32718 "\xb2\x07\xd9\xd6\x68\x9b\xea\x6b"
32719 "\x2d\xb4\xc4\x35\xdd\xd2\x79\xae"
32720 "\xc7\xd6\x26\x7f\x12\x01\x8c\xa7"
32721 "\xe3\xdb\xa8\xf4\xf7\x2b\xec\x99"
32722 "\x11\x00\xf1\x35\x8c\xcf\xd5\xc9"
32723 "\xbd\x91\x36\x39\x70\xcf\x7d\x70"
32724 "\x47\x1a\xfc\x6b\x56\xe0\x3f\x9c"
32725 "\x60\x49\x01\x72\xa9\xaf\x2c\x9c"
32726 "\xe8\xab\xda\x8c\x14\x19\xf3\x75"
32727 "\x07\x17\x9d\x44\x67\x7a\x2e\xef"
32728 "\xb7\x83\x35\x4a\xd1\x3d\x1c\x84"
32729 "\x32\xdd\xaa\xea\xca\x1d\xdc\x72"
32730 "\x2c\xcc\x43\xcd\x5d\xe3\x21\xa4"
32731 "\xd0\x8a\x4b\x20\x12\xa3\xd5\x86"
32732 "\x76\x96\xff\x5f\x04\x57\x0f\xe6"
32733 "\xba\xe8\x76\x50\x0c\x64\x1d\x83"
32734 "\x9c\x9b\x9a\x9a\x58\x97\x9c\x5c"
32735 "\xb4\xa4\xa6\x3e\x19\xeb\x8f\x5a"
32736 "\x61\xb2\x03\x7b\x35\x19\xbe\xa7"
32737 "\x63\x0c\xfd\xdd\xf9\x90\x6c\x08"
32738 "\x19\x11\xd3\x65\x4a\xf5\x96\x92"
32739 "\x59\xaa\x9c\x61\x0c\x29\xa7\xf8"
32740 "\x14\x39\x37\xbf\x3c\xf2\x16\x72"
32741 "\x02\xfa\xa2\xf3\x18\x67\x5d\xcb"
32742 "\xdc\x4d\xbb\x96\xff\x70\x08\x2d"
32743 "\xc2\xa8\x52\xe1\x34\x5f\x72\xfe"
32744 "\x64\xbf\xca\xa7\x74\x38\xfb\x74"
32745 "\x55\x9c\xfa\x8a\xed\xfb\x98\xeb"
32746 "\x58\x2e\x6c\xe1\x52\x76\x86\xd7"
32747 "\xcf\xa1\xa4\xfc\xb2\x47\x41\x28"
32748 "\xa3\xc1\xe5\xfd\x53\x19\x28\x2b"
32749 "\x37\x04\x65\x96\x99\x7a\x28\x0f"
32750 "\x07\x68\x4b\xc7\x52\x0a\x55\x35"
32751 "\x40\x19\x95\x61\xe8\x59\x40\x1f"
32752 "\x9d\xbf\x78\x7d\x8f\x84\xff\x6f"
32753 "\xd0\xd5\x63\xd2\x22\xbd\xc8\x4e"
32754 "\xfb\xe7\x9f\x06\xe6\xe7\x39\x6d"
32755 "\x6a\x96\x9f\xf0\x74\x7e\xc9\x35"
32756 "\xb7\x26\xb8\x1c\x0a\xa6\x27\x2c"
32757 "\xa2\x2b\xfe\xbe\x0f\x07\x73\xae"
32758 "\x7f\x7f\x54\xf5\x7c\x6a\x0a\x56"
32759 "\x49\xd4\x81\xe5\x85\x53\x99\x1f"
32760 "\x95\x05\x13\x58\x8d\x0e\x1b\x90"
32761 "\xc3\x75\x48\x64\x58\x98\x67\x84"
32762 "\xae\xe2\x21\xa2\x8a\x04\x0a\x0b"
32763 "\x61\xaa\xb0\xd4\x28\x60\x7a\xf8"
32764 "\xbc\x52\xfb\x24\x7f\xed\x0d\x2a"
32765 "\x0a\xb2\xf9\xc6\x95\xb5\x11\xc9"
32766 "\xf4\x0f\x26\x11\xcf\x2a\x57\x87"
32767 "\x7a\xf3\xe7\x94\x65\xc2\xb5\xb3"
32768 "\xab\x98\xe3\xc1\x2b\x59\x19\x7c"
32769 "\xd6\xf3\xf9\xbf\xff\x6d\xc6\x82"
32770 "\x13\x2f\x4a\x2e\xcd\x26\xfe\x2d"
32771 "\x01\x70\xf4\xc2\x7f\x1f\x4c\xcb"
32772 "\x47\x77\x0c\xa0\xa3\x03\xec\xda"
32773 "\xa9\xbf\x0d\x2d\xae\xe4\xb8\x7b"
32774 "\xa9\xbc\x08\xb4\x68\x2e\xc5\x60"
32775 "\x8d\x87\x41\x2b\x0f\x69\xf0\xaf"
32776 "\x5f\xba\x72\x20\x0f\x33\xcd\x6d"
32777 "\x36\x7d\x7b\xd5\x05\xf1\x4b\x05"
32778 "\xc4\xfc\x7f\x80\xb9\x4d\xbd\xf7"
32779 "\x7c\x84\x07\x01\xc2\x40\x66\x5b"
32780 "\x98\xc7\x2c\xe3\x97\xfa\xdf\x87"
32781 "\xa0\x1f\xe9\x21\x42\x0f\x3b\xeb"
32782 "\x89\x1c\x3b\xca\x83\x61\x77\x68"
32783 "\x84\xbb\x60\x87\x38\x2e\x25\xd5"
32784 "\x9e\x04\x41\x70\xac\xda\xc0\x9c"
32785 "\x9c\x69\xea\x8d\x4e\x55\x2a\x29"
32786 "\xed\x05\x4b\x7b\x73\x71\x90\x59"
32787 "\x4d\xc8\xd8\x44\xf0\x4c\xe1\x5e"
32788 "\x84\x47\x55\xcc\x32\x3f\xe7\x97"
32789 "\x42\xc6\x32\xac\x40\xe5\xa5\xc7"
32790 "\x8b\xed\xdb\xf7\x83\xd6\xb1\xc2"
32791 "\x52\x5e\x34\xb7\xeb\x6e\xd9\xfc"
32792 "\xe5\x93\x9a\x97\x3e\xb0\xdc\xd9"
32793 "\xd7\x06\x10\xb6\x1d\x80\x59\xdd"
32794 "\x0d\xfe\x64\x35\xcd\x5d\xec\xf0"
32795 "\xba\xd0\x34\xc9\x2d\x91\xc5\x17"
32796 "\x11",
32797 .len = 1281,
32798 .also_non_np = 1,
32799 .np = 3,
32800 .tap = { 1200, 1, 80 },
32801 }, { /* test vector from https://tools.ietf.org/html/draft-arciszewski-xchacha-02#appendix-A.3.2 */
32802 .key = "\x80\x81\x82\x83\x84\x85\x86\x87"
32803 "\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f"
32804 "\x90\x91\x92\x93\x94\x95\x96\x97"
32805 "\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f",
32806 .klen = 32,
32807 .iv = "\x40\x41\x42\x43\x44\x45\x46\x47"
32808 "\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f"
32809 "\x50\x51\x52\x53\x54\x55\x56\x58"
32810 "\x00\x00\x00\x00\x00\x00\x00\x00",
32811 .ptext = "\x54\x68\x65\x20\x64\x68\x6f\x6c"
32812 "\x65\x20\x28\x70\x72\x6f\x6e\x6f"
32813 "\x75\x6e\x63\x65\x64\x20\x22\x64"
32814 "\x6f\x6c\x65\x22\x29\x20\x69\x73"
32815 "\x20\x61\x6c\x73\x6f\x20\x6b\x6e"
32816 "\x6f\x77\x6e\x20\x61\x73\x20\x74"
32817 "\x68\x65\x20\x41\x73\x69\x61\x74"
32818 "\x69\x63\x20\x77\x69\x6c\x64\x20"
32819 "\x64\x6f\x67\x2c\x20\x72\x65\x64"
32820 "\x20\x64\x6f\x67\x2c\x20\x61\x6e"
32821 "\x64\x20\x77\x68\x69\x73\x74\x6c"
32822 "\x69\x6e\x67\x20\x64\x6f\x67\x2e"
32823 "\x20\x49\x74\x20\x69\x73\x20\x61"
32824 "\x62\x6f\x75\x74\x20\x74\x68\x65"
32825 "\x20\x73\x69\x7a\x65\x20\x6f\x66"
32826 "\x20\x61\x20\x47\x65\x72\x6d\x61"
32827 "\x6e\x20\x73\x68\x65\x70\x68\x65"
32828 "\x72\x64\x20\x62\x75\x74\x20\x6c"
32829 "\x6f\x6f\x6b\x73\x20\x6d\x6f\x72"
32830 "\x65\x20\x6c\x69\x6b\x65\x20\x61"
32831 "\x20\x6c\x6f\x6e\x67\x2d\x6c\x65"
32832 "\x67\x67\x65\x64\x20\x66\x6f\x78"
32833 "\x2e\x20\x54\x68\x69\x73\x20\x68"
32834 "\x69\x67\x68\x6c\x79\x20\x65\x6c"
32835 "\x75\x73\x69\x76\x65\x20\x61\x6e"
32836 "\x64\x20\x73\x6b\x69\x6c\x6c\x65"
32837 "\x64\x20\x6a\x75\x6d\x70\x65\x72"
32838 "\x20\x69\x73\x20\x63\x6c\x61\x73"
32839 "\x73\x69\x66\x69\x65\x64\x20\x77"
32840 "\x69\x74\x68\x20\x77\x6f\x6c\x76"
32841 "\x65\x73\x2c\x20\x63\x6f\x79\x6f"
32842 "\x74\x65\x73\x2c\x20\x6a\x61\x63"
32843 "\x6b\x61\x6c\x73\x2c\x20\x61\x6e"
32844 "\x64\x20\x66\x6f\x78\x65\x73\x20"
32845 "\x69\x6e\x20\x74\x68\x65\x20\x74"
32846 "\x61\x78\x6f\x6e\x6f\x6d\x69\x63"
32847 "\x20\x66\x61\x6d\x69\x6c\x79\x20"
32848 "\x43\x61\x6e\x69\x64\x61\x65\x2e",
32849 .ctext = "\x45\x59\xab\xba\x4e\x48\xc1\x61"
32850 "\x02\xe8\xbb\x2c\x05\xe6\x94\x7f"
32851 "\x50\xa7\x86\xde\x16\x2f\x9b\x0b"
32852 "\x7e\x59\x2a\x9b\x53\xd0\xd4\xe9"
32853 "\x8d\x8d\x64\x10\xd5\x40\xa1\xa6"
32854 "\x37\x5b\x26\xd8\x0d\xac\xe4\xfa"
32855 "\xb5\x23\x84\xc7\x31\xac\xbf\x16"
32856 "\xa5\x92\x3c\x0c\x48\xd3\x57\x5d"
32857 "\x4d\x0d\x2c\x67\x3b\x66\x6f\xaa"
32858 "\x73\x10\x61\x27\x77\x01\x09\x3a"
32859 "\x6b\xf7\xa1\x58\xa8\x86\x42\x92"
32860 "\xa4\x1c\x48\xe3\xa9\xb4\xc0\xda"
32861 "\xec\xe0\xf8\xd9\x8d\x0d\x7e\x05"
32862 "\xb3\x7a\x30\x7b\xbb\x66\x33\x31"
32863 "\x64\xec\x9e\x1b\x24\xea\x0d\x6c"
32864 "\x3f\xfd\xdc\xec\x4f\x68\xe7\x44"
32865 "\x30\x56\x19\x3a\x03\xc8\x10\xe1"
32866 "\x13\x44\xca\x06\xd8\xed\x8a\x2b"
32867 "\xfb\x1e\x8d\x48\xcf\xa6\xbc\x0e"
32868 "\xb4\xe2\x46\x4b\x74\x81\x42\x40"
32869 "\x7c\x9f\x43\x1a\xee\x76\x99\x60"
32870 "\xe1\x5b\xa8\xb9\x68\x90\x46\x6e"
32871 "\xf2\x45\x75\x99\x85\x23\x85\xc6"
32872 "\x61\xf7\x52\xce\x20\xf9\xda\x0c"
32873 "\x09\xab\x6b\x19\xdf\x74\xe7\x6a"
32874 "\x95\x96\x74\x46\xf8\xd0\xfd\x41"
32875 "\x5e\x7b\xee\x2a\x12\xa1\x14\xc2"
32876 "\x0e\xb5\x29\x2a\xe7\xa3\x49\xae"
32877 "\x57\x78\x20\xd5\x52\x0a\x1f\x3f"
32878 "\xb6\x2a\x17\xce\x6a\x7e\x68\xfa"
32879 "\x7c\x79\x11\x1d\x88\x60\x92\x0b"
32880 "\xc0\x48\xef\x43\xfe\x84\x48\x6c"
32881 "\xcb\x87\xc2\x5f\x0a\xe0\x45\xf0"
32882 "\xcc\xe1\xe7\x98\x9a\x9a\xa2\x20"
32883 "\xa2\x8b\xdd\x48\x27\xe7\x51\xa2"
32884 "\x4a\x6d\x5c\x62\xd7\x90\xa6\x63"
32885 "\x93\xb9\x31\x11\xc1\xa5\x5d\xd7"
32886 "\x42\x1a\x10\x18\x49\x74\xc7\xc5",
32887 .len = 304,
32888 }
32889};
32890
32891/*
32892 * Same as XChaCha20 test vectors above, but recomputed the ciphertext with
32893 * XChaCha12, using a modified libsodium.
32894 */
32895static const struct cipher_testvec xchacha12_tv_template[] = {
32896 {
32897 .key = "\x79\xc9\x97\x98\xac\x67\x30\x0b"
32898 "\xbb\x27\x04\xc9\x5c\x34\x1e\x32"
32899 "\x45\xf3\xdc\xb2\x17\x61\xb9\x8e"
32900 "\x52\xff\x45\xb2\x4f\x30\x4f\xc4",
32901 .klen = 32,
32902 .iv = "\xb3\x3f\xfd\x30\x96\x47\x9b\xcf"
32903 "\xbc\x9a\xee\x49\x41\x76\x88\xa0"
32904 "\xa2\x55\x4f\x8d\x95\x38\x94\x19"
32905 "\x00\x00\x00\x00\x00\x00\x00\x00",
32906 .ptext = "\x00\x00\x00\x00\x00\x00\x00\x00"
32907 "\x00\x00\x00\x00\x00\x00\x00\x00"
32908 "\x00\x00\x00\x00\x00\x00\x00\x00"
32909 "\x00\x00\x00\x00\x00",
32910 .ctext = "\x1b\x78\x7f\xd7\xa1\x41\x68\xab"
32911 "\x3d\x3f\xd1\x7b\x69\x56\xb2\xd5"
32912 "\x43\xce\xeb\xaf\x36\xf0\x29\x9d"
32913 "\x3a\xfb\x18\xae\x1b",
32914 .len = 29,
32915 }, {
32916 .key = "\x9d\x23\xbd\x41\x49\xcb\x97\x9c"
32917 "\xcf\x3c\x5c\x94\xdd\x21\x7e\x98"
32918 "\x08\xcb\x0e\x50\xcd\x0f\x67\x81"
32919 "\x22\x35\xea\xaf\x60\x1d\x62\x32",
32920 .klen = 32,
32921 .iv = "\xc0\x47\x54\x82\x66\xb7\xc3\x70"
32922 "\xd3\x35\x66\xa2\x42\x5c\xbf\x30"
32923 "\xd8\x2d\x1e\xaf\x52\x94\x10\x9e"
32924 "\x00\x00\x00\x00\x00\x00\x00\x00",
32925 .ptext = "\x00\x00\x00\x00\x00\x00\x00\x00"
32926 "\x00\x00\x00\x00\x00\x00\x00\x00"
32927 "\x00\x00\x00\x00\x00\x00\x00\x00"
32928 "\x00\x00\x00\x00\x00\x00\x00\x00"
32929 "\x00\x00\x00\x00\x00\x00\x00\x00"
32930 "\x00\x00\x00\x00\x00\x00\x00\x00"
32931 "\x00\x00\x00\x00\x00\x00\x00\x00"
32932 "\x00\x00\x00\x00\x00\x00\x00\x00"
32933 "\x00\x00\x00\x00\x00\x00\x00\x00"
32934 "\x00\x00\x00\x00\x00\x00\x00\x00"
32935 "\x00\x00\x00\x00\x00\x00\x00\x00"
32936 "\x00\x00\x00",
32937 .ctext = "\xfb\x32\x09\x1d\x83\x05\xae\x4c"
32938 "\x13\x1f\x12\x71\xf2\xca\xb2\xeb"
32939 "\x5b\x83\x14\x7d\x83\xf6\x57\x77"
32940 "\x2e\x40\x1f\x92\x2c\xf9\xec\x35"
32941 "\x34\x1f\x93\xdf\xfb\x30\xd7\x35"
32942 "\x03\x05\x78\xc1\x20\x3b\x7a\xe3"
32943 "\x62\xa3\x89\xdc\x11\x11\x45\xa8"
32944 "\x82\x89\xa0\xf1\x4e\xc7\x0f\x11"
32945 "\x69\xdd\x0c\x84\x2b\x89\x5c\xdc"
32946 "\xf0\xde\x01\xef\xc5\x65\x79\x23"
32947 "\x87\x67\xd6\x50\xd9\x8d\xd9\x92"
32948 "\x54\x5b\x0e",
32949 .len = 91,
32950 }, {
32951 .key = "\x00\x00\x00\x00\x00\x00\x00\x00"
32952 "\x00\x00\x00\x00\x00\x00\x00\x00"
32953 "\x00\x00\x00\x00\x00\x00\x00\x00"
32954 "\x00\x00\x00\x00\x00\x00\x00\x00",
32955 .klen = 32,
32956 .iv = "\x00\x00\x00\x00\x00\x00\x00\x00"
32957 "\x00\x00\x00\x00\x67\xc6\x69\x73"
32958 "\x51\xff\x4a\xec\x29\xcd\xba\xab"
32959 "\x00\x00\x00\x00\x00\x00\x00\x00",
32960 .ptext = "\x00\x00\x00\x00\x00\x00\x00\x00"
32961 "\x00\x00\x00\x00\x00\x00\x00\x00"
32962 "\x00\x00\x00\x00\x00\x00\x00\x00"
32963 "\x00\x00\x00\x00\x00\x00\x00\x00"
32964 "\x00\x00\x00\x00\x00\x00\x00\x00"
32965 "\x00\x00\x00\x00\x00\x00\x00\x00"
32966 "\x00\x00\x00\x00\x00\x00\x00\x00"
32967 "\x00\x00\x00\x00\x00\x00\x00\x00",
32968 .ctext = "\xdf\x2d\xc6\x21\x2a\x9d\xa1\xbb"
32969 "\xc2\x77\x66\x0c\x5c\x46\xef\xa7"
32970 "\x79\x1b\xb9\xdf\x55\xe2\xf9\x61"
32971 "\x4c\x7b\xa4\x52\x24\xaf\xa2\xda"
32972 "\xd1\x8f\x8f\xa2\x9e\x53\x4d\xc4"
32973 "\xb8\x55\x98\x08\x7c\x08\xd4\x18"
32974 "\x67\x8f\xef\x50\xb1\x5f\xa5\x77"
32975 "\x4c\x25\xe7\x86\x26\x42\xca\x44",
32976 .len = 64,
32977 }, {
32978 .key = "\x00\x00\x00\x00\x00\x00\x00\x00"
32979 "\x00\x00\x00\x00\x00\x00\x00\x00"
32980 "\x00\x00\x00\x00\x00\x00\x00\x00"
32981 "\x00\x00\x00\x00\x00\x00\x00\x01",
32982 .klen = 32,
32983 .iv = "\x00\x00\x00\x00\x00\x00\x00\x00"
32984 "\x00\x00\x00\x02\xf2\xfb\xe3\x46"
32985 "\x7c\xc2\x54\xf8\x1b\xe8\xe7\x8d"
32986 "\x01\x00\x00\x00\x00\x00\x00\x00",
32987 .ptext = "\x41\x6e\x79\x20\x73\x75\x62\x6d"
32988 "\x69\x73\x73\x69\x6f\x6e\x20\x74"
32989 "\x6f\x20\x74\x68\x65\x20\x49\x45"
32990 "\x54\x46\x20\x69\x6e\x74\x65\x6e"
32991 "\x64\x65\x64\x20\x62\x79\x20\x74"
32992 "\x68\x65\x20\x43\x6f\x6e\x74\x72"
32993 "\x69\x62\x75\x74\x6f\x72\x20\x66"
32994 "\x6f\x72\x20\x70\x75\x62\x6c\x69"
32995 "\x63\x61\x74\x69\x6f\x6e\x20\x61"
32996 "\x73\x20\x61\x6c\x6c\x20\x6f\x72"
32997 "\x20\x70\x61\x72\x74\x20\x6f\x66"
32998 "\x20\x61\x6e\x20\x49\x45\x54\x46"
32999 "\x20\x49\x6e\x74\x65\x72\x6e\x65"
33000 "\x74\x2d\x44\x72\x61\x66\x74\x20"
33001 "\x6f\x72\x20\x52\x46\x43\x20\x61"
33002 "\x6e\x64\x20\x61\x6e\x79\x20\x73"
33003 "\x74\x61\x74\x65\x6d\x65\x6e\x74"
33004 "\x20\x6d\x61\x64\x65\x20\x77\x69"
33005 "\x74\x68\x69\x6e\x20\x74\x68\x65"
33006 "\x20\x63\x6f\x6e\x74\x65\x78\x74"
33007 "\x20\x6f\x66\x20\x61\x6e\x20\x49"
33008 "\x45\x54\x46\x20\x61\x63\x74\x69"
33009 "\x76\x69\x74\x79\x20\x69\x73\x20"
33010 "\x63\x6f\x6e\x73\x69\x64\x65\x72"
33011 "\x65\x64\x20\x61\x6e\x20\x22\x49"
33012 "\x45\x54\x46\x20\x43\x6f\x6e\x74"
33013 "\x72\x69\x62\x75\x74\x69\x6f\x6e"
33014 "\x22\x2e\x20\x53\x75\x63\x68\x20"
33015 "\x73\x74\x61\x74\x65\x6d\x65\x6e"
33016 "\x74\x73\x20\x69\x6e\x63\x6c\x75"
33017 "\x64\x65\x20\x6f\x72\x61\x6c\x20"
33018 "\x73\x74\x61\x74\x65\x6d\x65\x6e"
33019 "\x74\x73\x20\x69\x6e\x20\x49\x45"
33020 "\x54\x46\x20\x73\x65\x73\x73\x69"
33021 "\x6f\x6e\x73\x2c\x20\x61\x73\x20"
33022 "\x77\x65\x6c\x6c\x20\x61\x73\x20"
33023 "\x77\x72\x69\x74\x74\x65\x6e\x20"
33024 "\x61\x6e\x64\x20\x65\x6c\x65\x63"
33025 "\x74\x72\x6f\x6e\x69\x63\x20\x63"
33026 "\x6f\x6d\x6d\x75\x6e\x69\x63\x61"
33027 "\x74\x69\x6f\x6e\x73\x20\x6d\x61"
33028 "\x64\x65\x20\x61\x74\x20\x61\x6e"
33029 "\x79\x20\x74\x69\x6d\x65\x20\x6f"
33030 "\x72\x20\x70\x6c\x61\x63\x65\x2c"
33031 "\x20\x77\x68\x69\x63\x68\x20\x61"
33032 "\x72\x65\x20\x61\x64\x64\x72\x65"
33033 "\x73\x73\x65\x64\x20\x74\x6f",
33034 .ctext = "\xe4\xa6\xc8\x30\xc4\x23\x13\xd6"
33035 "\x08\x4d\xc9\xb7\xa5\x64\x7c\xb9"
33036 "\x71\xe2\xab\x3e\xa8\x30\x8a\x1c"
33037 "\x4a\x94\x6d\x9b\xe0\xb3\x6f\xf1"
33038 "\xdc\xe3\x1b\xb3\xa9\x6d\x0d\xd6"
33039 "\xd0\xca\x12\xef\xe7\x5f\xd8\x61"
33040 "\x3c\x82\xd3\x99\x86\x3c\x6f\x66"
33041 "\x02\x06\xdc\x55\xf9\xed\xdf\x38"
33042 "\xb4\xa6\x17\x00\x7f\xef\xbf\x4f"
33043 "\xf8\x36\xf1\x60\x7e\x47\xaf\xdb"
33044 "\x55\x9b\x12\xcb\x56\x44\xa7\x1f"
33045 "\xd3\x1a\x07\x3b\x00\xec\xe6\x4c"
33046 "\xa2\x43\x27\xdf\x86\x19\x4f\x16"
33047 "\xed\xf9\x4a\xf3\x63\x6f\xfa\x7f"
33048 "\x78\x11\xf6\x7d\x97\x6f\xec\x6f"
33049 "\x85\x0f\x5c\x36\x13\x8d\x87\xe0"
33050 "\x80\xb1\x69\x0b\x98\x89\x9c\x4e"
33051 "\xf8\xdd\xee\x5c\x0a\x85\xce\xd4"
33052 "\xea\x1b\x48\xbe\x08\xf8\xe2\xa8"
33053 "\xa5\xb0\x3c\x79\xb1\x15\xb4\xb9"
33054 "\x75\x10\x95\x35\x81\x7e\x26\xe6"
33055 "\x78\xa4\x88\xcf\xdb\x91\x34\x18"
33056 "\xad\xd7\x8e\x07\x7d\xab\x39\xf9"
33057 "\xa3\x9e\xa5\x1d\xbb\xed\x61\xfd"
33058 "\xdc\xb7\x5a\x27\xfc\xb5\xc9\x10"
33059 "\xa8\xcc\x52\x7f\x14\x76\x90\xe7"
33060 "\x1b\x29\x60\x74\xc0\x98\x77\xbb"
33061 "\xe0\x54\xbb\x27\x49\x59\x1e\x62"
33062 "\x3d\xaf\x74\x06\xa4\x42\x6f\xc6"
33063 "\x52\x97\xc4\x1d\xc4\x9f\xe2\xe5"
33064 "\x38\x57\x91\xd1\xa2\x28\xcc\x40"
33065 "\xcc\x70\x59\x37\xfc\x9f\x4b\xda"
33066 "\xa0\xeb\x97\x9a\x7d\xed\x14\x5c"
33067 "\x9c\xb7\x93\x26\x41\xa8\x66\xdd"
33068 "\x87\x6a\xc0\xd3\xc2\xa9\x3e\xae"
33069 "\xe9\x72\xfe\xd1\xb3\xac\x38\xea"
33070 "\x4d\x15\xa9\xd5\x36\x61\xe9\x96"
33071 "\x6c\x23\xf8\x43\xe4\x92\x29\xd9"
33072 "\x8b\x78\xf7\x0a\x52\xe0\x19\x5b"
33073 "\x59\x69\x5b\x5d\xa1\x53\xc4\x68"
33074 "\xe1\xbb\xac\x89\x14\xe2\xe2\x85"
33075 "\x41\x18\xf5\xb3\xd1\xfa\x68\x19"
33076 "\x44\x78\xdc\xcf\xe7\x88\x2d\x52"
33077 "\x5f\x40\xb5\x7e\xf8\x88\xa2\xae"
33078 "\x4a\xb2\x07\x35\x9d\x9b\x07\x88"
33079 "\xb7\x00\xd0\x0c\xb6\xa0\x47\x59"
33080 "\xda\x4e\xc9\xab\x9b\x8a\x7b",
33081
33082 .len = 375,
33083 .also_non_np = 1,
33084 .np = 3,
33085 .tap = { 375 - 20, 4, 16 },
33086
33087 }, {
33088 .key = "\x1c\x92\x40\xa5\xeb\x55\xd3\x8a"
33089 "\xf3\x33\x88\x86\x04\xf6\xb5\xf0"
33090 "\x47\x39\x17\xc1\x40\x2b\x80\x09"
33091 "\x9d\xca\x5c\xbc\x20\x70\x75\xc0",
33092 .klen = 32,
33093 .iv = "\x00\x00\x00\x00\x00\x00\x00\x00"
33094 "\x00\x00\x00\x02\x76\x5a\x2e\x63"
33095 "\x33\x9f\xc9\x9a\x66\x32\x0d\xb7"
33096 "\x2a\x00\x00\x00\x00\x00\x00\x00",
33097 .ptext = "\x27\x54\x77\x61\x73\x20\x62\x72"
33098 "\x69\x6c\x6c\x69\x67\x2c\x20\x61"
33099 "\x6e\x64\x20\x74\x68\x65\x20\x73"
33100 "\x6c\x69\x74\x68\x79\x20\x74\x6f"
33101 "\x76\x65\x73\x0a\x44\x69\x64\x20"
33102 "\x67\x79\x72\x65\x20\x61\x6e\x64"
33103 "\x20\x67\x69\x6d\x62\x6c\x65\x20"
33104 "\x69\x6e\x20\x74\x68\x65\x20\x77"
33105 "\x61\x62\x65\x3a\x0a\x41\x6c\x6c"
33106 "\x20\x6d\x69\x6d\x73\x79\x20\x77"
33107 "\x65\x72\x65\x20\x74\x68\x65\x20"
33108 "\x62\x6f\x72\x6f\x67\x6f\x76\x65"
33109 "\x73\x2c\x0a\x41\x6e\x64\x20\x74"
33110 "\x68\x65\x20\x6d\x6f\x6d\x65\x20"
33111 "\x72\x61\x74\x68\x73\x20\x6f\x75"
33112 "\x74\x67\x72\x61\x62\x65\x2e",
33113 .ctext = "\xb9\x68\xbc\x6a\x24\xbc\xcc\xd8"
33114 "\x9b\x2a\x8d\x5b\x96\xaf\x56\xe3"
33115 "\x11\x61\xe7\xa7\x9b\xce\x4e\x7d"
33116 "\x60\x02\x48\xac\xeb\xd5\x3a\x26"
33117 "\x9d\x77\x3b\xb5\x32\x13\x86\x8e"
33118 "\x20\x82\x26\x72\xae\x64\x1b\x7e"
33119 "\x2e\x01\x68\xb4\x87\x45\xa1\x24"
33120 "\xe4\x48\x40\xf0\xaa\xac\xee\xa9"
33121 "\xfc\x31\xad\x9d\x89\xa3\xbb\xd2"
33122 "\xe4\x25\x13\xad\x0f\x5e\xdf\x3c"
33123 "\x27\xab\xb8\x62\x46\x22\x30\x48"
33124 "\x55\x2c\x4e\x84\x78\x1d\x0d\x34"
33125 "\x8d\x3c\x91\x0a\x7f\x5b\x19\x9f"
33126 "\x97\x05\x4c\xa7\x62\x47\x8b\xc5"
33127 "\x44\x2e\x20\x33\xdd\xa0\x82\xa9"
33128 "\x25\x76\x37\xe6\x3c\x67\x5b",
33129 .len = 127,
33130 }, {
33131 .key = "\x1c\x92\x40\xa5\xeb\x55\xd3\x8a"
33132 "\xf3\x33\x88\x86\x04\xf6\xb5\xf0"
33133 "\x47\x39\x17\xc1\x40\x2b\x80\x09"
33134 "\x9d\xca\x5c\xbc\x20\x70\x75\xc0",
33135 .klen = 32,
33136 .iv = "\x00\x00\x00\x00\x00\x00\x00\x00"
33137 "\x00\x00\x00\x01\x31\x58\xa3\x5a"
33138 "\x25\x5d\x05\x17\x58\xe9\x5e\xd4"
33139 "\x1c\x00\x00\x00\x00\x00\x00\x00",
33140 .ptext = "\x49\xee\xe0\xdc\x24\x90\x40\xcd"
33141 "\xc5\x40\x8f\x47\x05\xbc\xdd\x81"
33142 "\x47\xc6\x8d\xe6\xb1\x8f\xd7\xcb"
33143 "\x09\x0e\x6e\x22\x48\x1f\xbf\xb8"
33144 "\x5c\xf7\x1e\x8a\xc1\x23\xf2\xd4"
33145 "\x19\x4b\x01\x0f\x4e\xa4\x43\xce"
33146 "\x01\xc6\x67\xda\x03\x91\x18\x90"
33147 "\xa5\xa4\x8e\x45\x03\xb3\x2d\xac"
33148 "\x74\x92\xd3\x53\x47\xc8\xdd\x25"
33149 "\x53\x6c\x02\x03\x87\x0d\x11\x0c"
33150 "\x58\xe3\x12\x18\xfd\x2a\x5b\x40"
33151 "\x0c\x30\xf0\xb8\x3f\x43\xce\xae"
33152 "\x65\x3a\x7d\x7c\xf4\x54\xaa\xcc"
33153 "\x33\x97\xc3\x77\xba\xc5\x70\xde"
33154 "\xd7\xd5\x13\xa5\x65\xc4\x5f\x0f"
33155 "\x46\x1a\x0d\x97\xb5\xf3\xbb\x3c"
33156 "\x84\x0f\x2b\xc5\xaa\xea\xf2\x6c"
33157 "\xc9\xb5\x0c\xee\x15\xf3\x7d\xbe"
33158 "\x9f\x7b\x5a\xa6\xae\x4f\x83\xb6"
33159 "\x79\x49\x41\xf4\x58\x18\xcb\x86"
33160 "\x7f\x30\x0e\xf8\x7d\x44\x36\xea"
33161 "\x75\xeb\x88\x84\x40\x3c\xad\x4f"
33162 "\x6f\x31\x6b\xaa\x5d\xe5\xa5\xc5"
33163 "\x21\x66\xe9\xa7\xe3\xb2\x15\x88"
33164 "\x78\xf6\x79\xa1\x59\x47\x12\x4e"
33165 "\x9f\x9f\x64\x1a\xa0\x22\x5b\x08"
33166 "\xbe\x7c\x36\xc2\x2b\x66\x33\x1b"
33167 "\xdd\x60\x71\xf7\x47\x8c\x61\xc3"
33168 "\xda\x8a\x78\x1e\x16\xfa\x1e\x86"
33169 "\x81\xa6\x17\x2a\xa7\xb5\xc2\xe7"
33170 "\xa4\xc7\x42\xf1\xcf\x6a\xca\xb4"
33171 "\x45\xcf\xf3\x93\xf0\xe7\xea\xf6"
33172 "\xf4\xe6\x33\x43\x84\x93\xa5\x67"
33173 "\x9b\x16\x58\x58\x80\x0f\x2b\x5c"
33174 "\x24\x74\x75\x7f\x95\x81\xb7\x30"
33175 "\x7a\x33\xa7\xf7\x94\x87\x32\x27"
33176 "\x10\x5d\x14\x4c\x43\x29\xdd\x26"
33177 "\xbd\x3e\x3c\x0e\xfe\x0e\xa5\x10"
33178 "\xea\x6b\x64\xfd\x73\xc6\xed\xec"
33179 "\xa8\xc9\xbf\xb3\xba\x0b\x4d\x07"
33180 "\x70\xfc\x16\xfd\x79\x1e\xd7\xc5"
33181 "\x49\x4e\x1c\x8b\x8d\x79\x1b\xb1"
33182 "\xec\xca\x60\x09\x4c\x6a\xd5\x09"
33183 "\x49\x46\x00\x88\x22\x8d\xce\xea"
33184 "\xb1\x17\x11\xde\x42\xd2\x23\xc1"
33185 "\x72\x11\xf5\x50\x73\x04\x40\x47"
33186 "\xf9\x5d\xe7\xa7\x26\xb1\x7e\xb0"
33187 "\x3f\x58\xc1\x52\xab\x12\x67\x9d"
33188 "\x3f\x43\x4b\x68\xd4\x9c\x68\x38"
33189 "\x07\x8a\x2d\x3e\xf3\xaf\x6a\x4b"
33190 "\xf9\xe5\x31\x69\x22\xf9\xa6\x69"
33191 "\xc6\x9c\x96\x9a\x12\x35\x95\x1d"
33192 "\x95\xd5\xdd\xbe\xbf\x93\x53\x24"
33193 "\xfd\xeb\xc2\x0a\x64\xb0\x77\x00"
33194 "\x6f\x88\xc4\x37\x18\x69\x7c\xd7"
33195 "\x41\x92\x55\x4c\x03\xa1\x9a\x4b"
33196 "\x15\xe5\xdf\x7f\x37\x33\x72\xc1"
33197 "\x8b\x10\x67\xa3\x01\x57\x94\x25"
33198 "\x7b\x38\x71\x7e\xdd\x1e\xcc\x73"
33199 "\x55\xd2\x8e\xeb\x07\xdd\xf1\xda"
33200 "\x58\xb1\x47\x90\xfe\x42\x21\x72"
33201 "\xa3\x54\x7a\xa0\x40\xec\x9f\xdd"
33202 "\xc6\x84\x6e\xca\xae\xe3\x68\xb4"
33203 "\x9d\xe4\x78\xff\x57\xf2\xf8\x1b"
33204 "\x03\xa1\x31\xd9\xde\x8d\xf5\x22"
33205 "\x9c\xdd\x20\xa4\x1e\x27\xb1\x76"
33206 "\x4f\x44\x55\xe2\x9b\xa1\x9c\xfe"
33207 "\x54\xf7\x27\x1b\xf4\xde\x02\xf5"
33208 "\x1b\x55\x48\x5c\xdc\x21\x4b\x9e"
33209 "\x4b\x6e\xed\x46\x23\xdc\x65\xb2"
33210 "\xcf\x79\x5f\x28\xe0\x9e\x8b\xe7"
33211 "\x4c\x9d\x8a\xff\xc1\xa6\x28\xb8"
33212 "\x65\x69\x8a\x45\x29\xef\x74\x85"
33213 "\xde\x79\xc7\x08\xae\x30\xb0\xf4"
33214 "\xa3\x1d\x51\x41\xab\xce\xcb\xf6"
33215 "\xb5\xd8\x6d\xe0\x85\xe1\x98\xb3"
33216 "\x43\xbb\x86\x83\x0a\xa0\xf5\xb7"
33217 "\x04\x0b\xfa\x71\x1f\xb0\xf6\xd9"
33218 "\x13\x00\x15\xf0\xc7\xeb\x0d\x5a"
33219 "\x9f\xd7\xb9\x6c\x65\x14\x22\x45"
33220 "\x6e\x45\x32\x3e\x7e\x60\x1a\x12"
33221 "\x97\x82\x14\xfb\xaa\x04\x22\xfa"
33222 "\xa0\xe5\x7e\x8c\x78\x02\x48\x5d"
33223 "\x78\x33\x5a\x7c\xad\xdb\x29\xce"
33224 "\xbb\x8b\x61\xa4\xb7\x42\xe2\xac"
33225 "\x8b\x1a\xd9\x2f\x0b\x8b\x62\x21"
33226 "\x83\x35\x7e\xad\x73\xc2\xb5\x6c"
33227 "\x10\x26\x38\x07\xe5\xc7\x36\x80"
33228 "\xe2\x23\x12\x61\xf5\x48\x4b\x2b"
33229 "\xc5\xdf\x15\xd9\x87\x01\xaa\xac"
33230 "\x1e\x7c\xad\x73\x78\x18\x63\xe0"
33231 "\x8b\x9f\x81\xd8\x12\x6a\x28\x10"
33232 "\xbe\x04\x68\x8a\x09\x7c\x1b\x1c"
33233 "\x83\x66\x80\x47\x80\xe8\xfd\x35"
33234 "\x1c\x97\x6f\xae\x49\x10\x66\xcc"
33235 "\xc6\xd8\xcc\x3a\x84\x91\x20\x77"
33236 "\x72\xe4\x24\xd2\x37\x9f\xc5\xc9"
33237 "\x25\x94\x10\x5f\x40\x00\x64\x99"
33238 "\xdc\xae\xd7\x21\x09\x78\x50\x15"
33239 "\xac\x5f\xc6\x2c\xa2\x0b\xa9\x39"
33240 "\x87\x6e\x6d\xab\xde\x08\x51\x16"
33241 "\xc7\x13\xe9\xea\xed\x06\x8e\x2c"
33242 "\xf8\x37\x8c\xf0\xa6\x96\x8d\x43"
33243 "\xb6\x98\x37\xb2\x43\xed\xde\xdf"
33244 "\x89\x1a\xe7\xeb\x9d\xa1\x7b\x0b"
33245 "\x77\xb0\xe2\x75\xc0\xf1\x98\xd9"
33246 "\x80\x55\xc9\x34\x91\xd1\x59\xe8"
33247 "\x4b\x0f\xc1\xa9\x4b\x7a\x84\x06"
33248 "\x20\xa8\x5d\xfa\xd1\xde\x70\x56"
33249 "\x2f\x9e\x91\x9c\x20\xb3\x24\xd8"
33250 "\x84\x3d\xe1\x8c\x7e\x62\x52\xe5"
33251 "\x44\x4b\x9f\xc2\x93\x03\xea\x2b"
33252 "\x59\xc5\xfa\x3f\x91\x2b\xbb\x23"
33253 "\xf5\xb2\x7b\xf5\x38\xaf\xb3\xee"
33254 "\x63\xdc\x7b\xd1\xff\xaa\x8b\xab"
33255 "\x82\x6b\x37\x04\xeb\x74\xbe\x79"
33256 "\xb9\x83\x90\xef\x20\x59\x46\xff"
33257 "\xe9\x97\x3e\x2f\xee\xb6\x64\x18"
33258 "\x38\x4c\x7a\x4a\xf9\x61\xe8\x9a"
33259 "\xa1\xb5\x01\xa6\x47\xd3\x11\xd4"
33260 "\xce\xd3\x91\x49\x88\xc7\xb8\x4d"
33261 "\xb1\xb9\x07\x6d\x16\x72\xae\x46"
33262 "\x5e\x03\xa1\x4b\xb6\x02\x30\xa8"
33263 "\x3d\xa9\x07\x2a\x7c\x19\xe7\x62"
33264 "\x87\xe3\x82\x2f\x6f\xe1\x09\xd9"
33265 "\x94\x97\xea\xdd\x58\x9e\xae\x76"
33266 "\x7e\x35\xe5\xb4\xda\x7e\xf4\xde"
33267 "\xf7\x32\x87\xcd\x93\xbf\x11\x56"
33268 "\x11\xbe\x08\x74\xe1\x69\xad\xe2"
33269 "\xd7\xf8\x86\x75\x8a\x3c\xa4\xbe"
33270 "\x70\xa7\x1b\xfc\x0b\x44\x2a\x76"
33271 "\x35\xea\x5d\x85\x81\xaf\x85\xeb"
33272 "\xa0\x1c\x61\xc2\xf7\x4f\xa5\xdc"
33273 "\x02\x7f\xf6\x95\x40\x6e\x8a\x9a"
33274 "\xf3\x5d\x25\x6e\x14\x3a\x22\xc9"
33275 "\x37\x1c\xeb\x46\x54\x3f\xa5\x91"
33276 "\xc2\xb5\x8c\xfe\x53\x08\x97\x32"
33277 "\x1b\xb2\x30\x27\xfe\x25\x5d\xdc"
33278 "\x08\x87\xd0\xe5\x94\x1a\xd4\xf1"
33279 "\xfe\xd6\xb4\xa3\xe6\x74\x81\x3c"
33280 "\x1b\xb7\x31\xa7\x22\xfd\xd4\xdd"
33281 "\x20\x4e\x7c\x51\xb0\x60\x73\xb8"
33282 "\x9c\xac\x91\x90\x7e\x01\xb0\xe1"
33283 "\x8a\x2f\x75\x1c\x53\x2a\x98\x2a"
33284 "\x06\x52\x95\x52\xb2\xe9\x25\x2e"
33285 "\x4c\xe2\x5a\x00\xb2\x13\x81\x03"
33286 "\x77\x66\x0d\xa5\x99\xda\x4e\x8c"
33287 "\xac\xf3\x13\x53\x27\x45\xaf\x64"
33288 "\x46\xdc\xea\x23\xda\x97\xd1\xab"
33289 "\x7d\x6c\x30\x96\x1f\xbc\x06\x34"
33290 "\x18\x0b\x5e\x21\x35\x11\x8d\x4c"
33291 "\xe0\x2d\xe9\x50\x16\x74\x81\xa8"
33292 "\xb4\x34\xb9\x72\x42\xa6\xcc\xbc"
33293 "\xca\x34\x83\x27\x10\x5b\x68\x45"
33294 "\x8f\x52\x22\x0c\x55\x3d\x29\x7c"
33295 "\xe3\xc0\x66\x05\x42\x91\x5f\x58"
33296 "\xfe\x4a\x62\xd9\x8c\xa9\x04\x19"
33297 "\x04\xa9\x08\x4b\x57\xfc\x67\x53"
33298 "\x08\x7c\xbc\x66\x8a\xb0\xb6\x9f"
33299 "\x92\xd6\x41\x7c\x5b\x2a\x00\x79"
33300 "\x72",
33301 .ctext = "\xe1\xb6\x8b\x5c\x80\xb8\xcc\x08"
33302 "\x1b\x84\xb2\xd1\xad\xa4\x70\xac"
33303 "\x67\xa9\x39\x27\xac\xb4\x5b\xb7"
33304 "\x4c\x26\x77\x23\x1d\xce\x0a\xbe"
33305 "\x18\x9e\x42\x8b\xbd\x7f\xd6\xf1"
33306 "\xf1\x6b\xe2\x6d\x7f\x92\x0e\xcb"
33307 "\xb8\x79\xba\xb4\xac\x7e\x2d\xc0"
33308 "\x9e\x83\x81\x91\xd5\xea\xc3\x12"
33309 "\x8d\xa4\x26\x70\xa4\xf9\x71\x0b"
33310 "\xbd\x2e\xe1\xb3\x80\x42\x25\xb3"
33311 "\x0b\x31\x99\xe1\x0d\xde\xa6\x90"
33312 "\xf2\xa3\x10\xf7\xe5\xf3\x83\x1e"
33313 "\x2c\xfb\x4d\xf0\x45\x3d\x28\x3c"
33314 "\xb8\xf1\xcb\xbf\x67\xd8\x43\x5a"
33315 "\x9d\x7b\x73\x29\x88\x0f\x13\x06"
33316 "\x37\x50\x0d\x7c\xe6\x9b\x07\xdd"
33317 "\x7e\x01\x1f\x81\x90\x10\x69\xdb"
33318 "\xa4\xad\x8a\x5e\xac\x30\x72\xf2"
33319 "\x36\xcd\xe3\x23\x49\x02\x93\xfa"
33320 "\x3d\xbb\xe2\x98\x83\xeb\xe9\x8d"
33321 "\xb3\x8f\x11\xaa\x53\xdb\xaf\x2e"
33322 "\x95\x13\x99\x3d\x71\xbd\x32\x92"
33323 "\xdd\xfc\x9d\x5e\x6f\x63\x2c\xee"
33324 "\x91\x1f\x4c\x64\x3d\x87\x55\x0f"
33325 "\xcc\x3d\x89\x61\x53\x02\x57\x8f"
33326 "\xe4\x77\x29\x32\xaf\xa6\x2f\x0a"
33327 "\xae\x3c\x3f\x3f\xf4\xfb\x65\x52"
33328 "\xc5\xc1\x78\x78\x53\x28\xad\xed"
33329 "\xd1\x67\x37\xc7\x59\x70\xcd\x0a"
33330 "\xb8\x0f\x80\x51\x9f\xc0\x12\x5e"
33331 "\x06\x0a\x7e\xec\x24\x5f\x73\x00"
33332 "\xb1\x0b\x31\x47\x4f\x73\x8d\xb4"
33333 "\xce\xf3\x55\x45\x6c\x84\x27\xba"
33334 "\xb9\x6f\x03\x4a\xeb\x98\x88\x6e"
33335 "\x53\xed\x25\x19\x0d\x8f\xfe\xca"
33336 "\x60\xe5\x00\x93\x6e\x3c\xff\x19"
33337 "\xae\x08\x3b\x8a\xa6\x84\x05\xfe"
33338 "\x9b\x59\xa0\x8c\xc8\x05\x45\xf5"
33339 "\x05\x37\xdc\x45\x6f\x8b\x95\x8c"
33340 "\x4e\x11\x45\x7a\xce\x21\xa5\xf7"
33341 "\x71\x67\xb9\xce\xd7\xf9\xe9\x5e"
33342 "\x60\xf5\x53\x7a\xa8\x85\x14\x03"
33343 "\xa0\x92\xec\xf3\x51\x80\x84\xc4"
33344 "\xdc\x11\x9e\x57\xce\x4b\x45\xcf"
33345 "\x90\x95\x85\x0b\x96\xe9\xee\x35"
33346 "\x10\xb8\x9b\xf2\x59\x4a\xc6\x7e"
33347 "\x85\xe5\x6f\x38\x51\x93\x40\x0c"
33348 "\x99\xd7\x7f\x32\xa8\x06\x27\xd1"
33349 "\x2b\xd5\xb5\x3a\x1a\xe1\x5e\xda"
33350 "\xcd\x5a\x50\x30\x3c\xc7\xe7\x65"
33351 "\xa6\x07\x0b\x98\x91\xc6\x20\x27"
33352 "\x2a\x03\x63\x1b\x1e\x3d\xaf\xc8"
33353 "\x71\x48\x46\x6a\x64\x28\xf9\x3d"
33354 "\xd1\x1d\xab\xc8\x40\x76\xc2\x39"
33355 "\x4e\x00\x75\xd2\x0e\x82\x58\x8c"
33356 "\xd3\x73\x5a\xea\x46\x89\xbe\xfd"
33357 "\x4e\x2c\x0d\x94\xaa\x9b\x68\xac"
33358 "\x86\x87\x30\x7e\xa9\x16\xcd\x59"
33359 "\xd2\xa6\xbe\x0a\xd8\xf5\xfd\x2d"
33360 "\x49\x69\xd2\x1a\x90\xd2\x1b\xed"
33361 "\xff\x71\x04\x87\x87\x21\xc4\xb8"
33362 "\x1f\x5b\x51\x33\xd0\xd6\x59\x9a"
33363 "\x03\x0e\xd3\x8b\xfb\x57\x73\xfd"
33364 "\x5a\x52\x63\x82\xc8\x85\x2f\xcb"
33365 "\x74\x6d\x4e\xd9\x68\x37\x85\x6a"
33366 "\xd4\xfb\x94\xed\x8d\xd1\x1a\xaf"
33367 "\x76\xa7\xb7\x88\xd0\x2b\x4e\xda"
33368 "\xec\x99\x94\x27\x6f\x87\x8c\xdf"
33369 "\x4b\x5e\xa6\x66\xdd\xcb\x33\x7b"
33370 "\x64\x94\x31\xa8\x37\xa6\x1d\xdb"
33371 "\x0d\x5c\x93\xa4\x40\xf9\x30\x53"
33372 "\x4b\x74\x8d\xdd\xf6\xde\x3c\xac"
33373 "\x5c\x80\x01\x3a\xef\xb1\x9a\x02"
33374 "\x0c\x22\x8e\xe7\x44\x09\x74\x4c"
33375 "\xf2\x9a\x27\x69\x7f\x12\x32\x36"
33376 "\xde\x92\xdf\xde\x8f\x5b\x31\xab"
33377 "\x4a\x01\x26\xe0\xb1\xda\xe8\x37"
33378 "\x21\x64\xe8\xff\x69\xfc\x9e\x41"
33379 "\xd2\x96\x2d\x18\x64\x98\x33\x78"
33380 "\x24\x61\x73\x9b\x47\x29\xf1\xa7"
33381 "\xcb\x27\x0f\xf0\x85\x6d\x8c\x9d"
33382 "\x2c\x95\x9e\xe5\xb2\x8e\x30\x29"
33383 "\x78\x8a\x9d\x65\xb4\x8e\xde\x7b"
33384 "\xd9\x00\x50\xf5\x7f\x81\xc3\x1b"
33385 "\x25\x85\xeb\xc2\x8c\x33\x22\x1e"
33386 "\x68\x38\x22\x30\xd8\x2e\x00\x98"
33387 "\x85\x16\x06\x56\xb4\x81\x74\x20"
33388 "\x95\xdb\x1c\x05\x19\xe8\x23\x4d"
33389 "\x65\x5d\xcc\xd8\x7f\xc4\x2d\x0f"
33390 "\x57\x26\x71\x07\xad\xaa\x71\x9f"
33391 "\x19\x76\x2f\x25\x51\x88\xe4\xc0"
33392 "\x82\x6e\x08\x05\x37\x04\xee\x25"
33393 "\x23\x90\xe9\x4e\xce\x9b\x16\xc1"
33394 "\x31\xe7\x6e\x2c\x1b\xe1\x85\x9a"
33395 "\x0c\x8c\xbb\x12\x1e\x68\x7b\x93"
33396 "\xa9\x3c\x39\x56\x23\x3e\x6e\xc7"
33397 "\x77\x84\xd3\xe0\x86\x59\xaa\xb9"
33398 "\xd5\x53\x58\xc9\x0a\x83\x5f\x85"
33399 "\xd8\x47\x14\x67\x8a\x3c\x17\xe0"
33400 "\xab\x02\x51\xea\xf1\xf0\x4f\x30"
33401 "\x7d\xe0\x92\xc2\x5f\xfb\x19\x5a"
33402 "\x3f\xbd\xf4\x39\xa4\x31\x0c\x39"
33403 "\xd1\xae\x4e\xf7\x65\x7f\x1f\xce"
33404 "\xc2\x39\xd1\x84\xd4\xe5\x02\xe0"
33405 "\x58\xaa\xf1\x5e\x81\xaf\x7f\x72"
33406 "\x0f\x08\x99\x43\xb9\xd8\xac\x41"
33407 "\x35\x55\xf2\xb2\xd4\x98\xb8\x3b"
33408 "\x2b\x3c\x3e\x16\x06\x31\xfc\x79"
33409 "\x47\x38\x63\x51\xc5\xd0\x26\xd7"
33410 "\x43\xb4\x2b\xd9\xc5\x05\xf2\x9d"
33411 "\x18\xc9\x26\x82\x56\xd2\x11\x05"
33412 "\xb6\x89\xb4\x43\x9c\xb5\x9d\x11"
33413 "\x6c\x83\x37\x71\x27\x1c\xae\xbf"
33414 "\xcd\x57\xd2\xee\x0d\x5a\x15\x26"
33415 "\x67\x88\x80\x80\x1b\xdc\xc1\x62"
33416 "\xdd\x4c\xff\x92\x5c\x6c\xe1\xa0"
33417 "\xe3\x79\xa9\x65\x8c\x8c\x14\x42"
33418 "\xe5\x11\xd2\x1a\xad\xa9\x56\x6f"
33419 "\x98\xfc\x8a\x7b\x56\x1f\xc6\xc1"
33420 "\x52\x12\x92\x9b\x41\x0f\x4b\xae"
33421 "\x1b\x4a\xbc\xfe\x23\xb6\x94\x70"
33422 "\x04\x30\x9e\x69\x47\xbe\xb8\x8f"
33423 "\xca\x45\xd7\x8a\xf4\x78\x3e\xaa"
33424 "\x71\x17\xd8\x1e\xb8\x11\x8f\xbc"
33425 "\xc8\x1a\x65\x7b\x41\x89\x72\xc7"
33426 "\x5f\xbe\xc5\x2a\xdb\x5c\x54\xf9"
33427 "\x25\xa3\x7a\x80\x56\x9c\x8c\xab"
33428 "\x26\x19\x10\x36\xa6\xf3\x14\x79"
33429 "\x40\x98\x70\x68\xb7\x35\xd9\xb9"
33430 "\x27\xd4\xe7\x74\x5b\x3d\x97\xb4"
33431 "\xd9\xaa\xd9\xf2\xb5\x14\x84\x1f"
33432 "\xa9\xde\x12\x44\x5b\x00\xc0\xbc"
33433 "\xc8\x11\x25\x1b\x67\x7a\x15\x72"
33434 "\xa6\x31\x6f\xf4\x68\x7a\x86\x9d"
33435 "\x43\x1c\x5f\x16\xd3\xad\x2e\x52"
33436 "\xf3\xb4\xc3\xfa\x27\x2e\x68\x6c"
33437 "\x06\xe7\x4c\x4f\xa2\xe0\xe4\x21"
33438 "\x5d\x9e\x33\x58\x8d\xbf\xd5\x70"
33439 "\xf8\x80\xa5\xdd\xe7\x18\x79\xfa"
33440 "\x7b\xfd\x09\x69\x2c\x37\x32\xa8"
33441 "\x65\xfa\x8d\x8b\x5c\xcc\xe8\xf3"
33442 "\x37\xf6\xa6\xc6\x5c\xa2\x66\x79"
33443 "\xfa\x8a\xa7\xd1\x0b\x2e\x1b\x5e"
33444 "\x95\x35\x00\x76\xae\x42\xf7\x50"
33445 "\x51\x78\xfb\xb4\x28\x24\xde\x1a"
33446 "\x70\x8b\xed\xca\x3c\x5e\xe4\xbd"
33447 "\x28\xb5\xf3\x76\x4f\x67\x5d\x81"
33448 "\xb2\x60\x87\xd9\x7b\x19\x1a\xa7"
33449 "\x79\xa2\xfa\x3f\x9e\xa9\xd7\x25"
33450 "\x61\xe1\x74\x31\xa2\x77\xa0\x1b"
33451 "\xf6\xf7\xcb\xc5\xaa\x9e\xce\xf9"
33452 "\x9b\x96\xef\x51\xc3\x1a\x44\x96"
33453 "\xae\x17\x50\xab\x29\x08\xda\xcc"
33454 "\x1a\xb3\x12\xd0\x24\xe4\xe2\xe0"
33455 "\xc6\xe3\xcc\x82\xd0\xba\x47\x4c"
33456 "\x3f\x49\xd7\xe8\xb6\x61\xaa\x65"
33457 "\x25\x18\x40\x2d\x62\x25\x02\x71"
33458 "\x61\xa2\xc1\xb2\x13\xd2\x71\x3f"
33459 "\x43\x1a\xc9\x09\x92\xff\xd5\x57"
33460 "\xf0\xfc\x5e\x1c\xf1\xf5\xf9\xf3"
33461 "\x5b",
33462 .len = 1281,
33463 .also_non_np = 1,
33464 .np = 3,
33465 .tap = { 1200, 1, 80 },
33466 }, {
33467 .key = "\x80\x81\x82\x83\x84\x85\x86\x87"
33468 "\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f"
33469 "\x90\x91\x92\x93\x94\x95\x96\x97"
33470 "\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f",
33471 .klen = 32,
33472 .iv = "\x40\x41\x42\x43\x44\x45\x46\x47"
33473 "\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f"
33474 "\x50\x51\x52\x53\x54\x55\x56\x58"
33475 "\x00\x00\x00\x00\x00\x00\x00\x00",
33476 .ptext = "\x54\x68\x65\x20\x64\x68\x6f\x6c"
33477 "\x65\x20\x28\x70\x72\x6f\x6e\x6f"
33478 "\x75\x6e\x63\x65\x64\x20\x22\x64"
33479 "\x6f\x6c\x65\x22\x29\x20\x69\x73"
33480 "\x20\x61\x6c\x73\x6f\x20\x6b\x6e"
33481 "\x6f\x77\x6e\x20\x61\x73\x20\x74"
33482 "\x68\x65\x20\x41\x73\x69\x61\x74"
33483 "\x69\x63\x20\x77\x69\x6c\x64\x20"
33484 "\x64\x6f\x67\x2c\x20\x72\x65\x64"
33485 "\x20\x64\x6f\x67\x2c\x20\x61\x6e"
33486 "\x64\x20\x77\x68\x69\x73\x74\x6c"
33487 "\x69\x6e\x67\x20\x64\x6f\x67\x2e"
33488 "\x20\x49\x74\x20\x69\x73\x20\x61"
33489 "\x62\x6f\x75\x74\x20\x74\x68\x65"
33490 "\x20\x73\x69\x7a\x65\x20\x6f\x66"
33491 "\x20\x61\x20\x47\x65\x72\x6d\x61"
33492 "\x6e\x20\x73\x68\x65\x70\x68\x65"
33493 "\x72\x64\x20\x62\x75\x74\x20\x6c"
33494 "\x6f\x6f\x6b\x73\x20\x6d\x6f\x72"
33495 "\x65\x20\x6c\x69\x6b\x65\x20\x61"
33496 "\x20\x6c\x6f\x6e\x67\x2d\x6c\x65"
33497 "\x67\x67\x65\x64\x20\x66\x6f\x78"
33498 "\x2e\x20\x54\x68\x69\x73\x20\x68"
33499 "\x69\x67\x68\x6c\x79\x20\x65\x6c"
33500 "\x75\x73\x69\x76\x65\x20\x61\x6e"
33501 "\x64\x20\x73\x6b\x69\x6c\x6c\x65"
33502 "\x64\x20\x6a\x75\x6d\x70\x65\x72"
33503 "\x20\x69\x73\x20\x63\x6c\x61\x73"
33504 "\x73\x69\x66\x69\x65\x64\x20\x77"
33505 "\x69\x74\x68\x20\x77\x6f\x6c\x76"
33506 "\x65\x73\x2c\x20\x63\x6f\x79\x6f"
33507 "\x74\x65\x73\x2c\x20\x6a\x61\x63"
33508 "\x6b\x61\x6c\x73\x2c\x20\x61\x6e"
33509 "\x64\x20\x66\x6f\x78\x65\x73\x20"
33510 "\x69\x6e\x20\x74\x68\x65\x20\x74"
33511 "\x61\x78\x6f\x6e\x6f\x6d\x69\x63"
33512 "\x20\x66\x61\x6d\x69\x6c\x79\x20"
33513 "\x43\x61\x6e\x69\x64\x61\x65\x2e",
33514 .ctext = "\x9f\x1a\xab\x8a\x95\xf4\x7e\xcd"
33515 "\xee\x34\xc0\x39\xd6\x23\x43\x94"
33516 "\xf6\x01\xc1\x7f\x60\x91\xa5\x23"
33517 "\x4a\x8a\xe6\xb1\x14\x8b\xd7\x58"
33518 "\xee\x02\xad\xab\xce\x1e\x7d\xdf"
33519 "\xf9\x49\x27\x69\xd0\x8d\x0c\x20"
33520 "\x6e\x17\xc4\xae\x87\x7a\xc6\x61"
33521 "\x91\xe2\x8e\x0a\x1d\x61\xcc\x38"
33522 "\x02\x64\x43\x49\xc6\xb2\x59\x59"
33523 "\x42\xe7\x9d\x83\x00\x60\x90\xd2"
33524 "\xb9\xcd\x97\x6e\xc7\x95\x71\xbc"
33525 "\x23\x31\x58\x07\xb3\xb4\xac\x0b"
33526 "\x87\x64\x56\xe5\xe3\xec\x63\xa1"
33527 "\x71\x8c\x08\x48\x33\x20\x29\x81"
33528 "\xea\x01\x25\x20\xc3\xda\xe6\xee"
33529 "\x6a\x03\xf6\x68\x4d\x26\xa0\x91"
33530 "\x9e\x44\xb8\xc1\xc0\x8f\x5a\x6a"
33531 "\xc0\xcd\xbf\x24\x5e\x40\x66\xd2"
33532 "\x42\x24\xb5\xbf\xc1\xeb\x12\x60"
33533 "\x56\xbe\xb1\xa6\xc4\x0f\xfc\x49"
33534 "\x69\x9f\xcc\x06\x5c\xe3\x26\xd7"
33535 "\x52\xc0\x42\xe8\xb4\x76\xc3\xee"
33536 "\xb2\x97\xe3\x37\x61\x29\x5a\xb5"
33537 "\x8e\xe8\x8c\xc5\x38\xcc\xcb\xec"
33538 "\x64\x1a\xa9\x12\x5f\xf7\x79\xdf"
33539 "\x64\xca\x77\x4e\xbd\xf9\x83\xa0"
33540 "\x13\x27\x3f\x31\x03\x63\x30\x26"
33541 "\x27\x0b\x3e\xb3\x23\x13\x61\x0b"
33542 "\x70\x1d\xd4\xad\x85\x1e\xbf\xdf"
33543 "\xc6\x8e\x4d\x08\xcc\x7e\x77\xbd"
33544 "\x1e\x18\x77\x38\x3a\xfe\xc0\x5d"
33545 "\x16\xfc\xf0\xa9\x2f\xe9\x17\xc7"
33546 "\xd3\x23\x17\x18\xa3\xe6\x54\x77"
33547 "\x6f\x1b\xbe\x8a\x6e\x7e\xca\x97"
33548 "\x08\x05\x36\x76\xaf\x12\x7a\x42"
33549 "\xf7\x7a\xc2\x35\xc3\xb4\x93\x40"
33550 "\x54\x14\x90\xa0\x4d\x65\x1c\x37"
33551 "\x50\x70\x44\x29\x6d\x6e\x62\x68",
33552 .len = 304,
33553 }
33554};
33555
33556/* Adiantum test vectors from https://github.com/google/adiantum */
33557static const struct cipher_testvec adiantum_xchacha12_aes_tv_template[] = {
33558 {
33559 .key = "\x9e\xeb\xb2\x49\x3c\x1c\xf5\xf4"
33560 "\x6a\x99\xc2\xc4\xdf\xb1\xf4\xdd"
33561 "\x75\x20\x57\xea\x2c\x4f\xcd\xb2"
33562 "\xa5\x3d\x7b\x49\x1e\xab\xfd\x0f",
33563 .klen = 32,
33564 .iv = "\xdf\x63\xd4\xab\xd2\x49\xf3\xd8"
33565 "\x33\x81\x37\x60\x7d\xfa\x73\x08"
33566 "\xd8\x49\x6d\x80\xe8\x2f\x62\x54"
33567 "\xeb\x0e\xa9\x39\x5b\x45\x7f\x8a",
33568 .ptext = "\x67\xc9\xf2\x30\x84\x41\x8e\x43"
33569 "\xfb\xf3\xb3\x3e\x79\x36\x7f\xe8",
33570 .ctext = "\x6d\x32\x86\x18\x67\x86\x0f\x3f"
33571 "\x96\x7c\x9d\x28\x0d\x53\xec\x9f",
33572 .len = 16,
33573 .also_non_np = 1,
33574 .np = 2,
33575 .tap = { 14, 2 },
33576 }, {
33577 .key = "\x36\x2b\x57\x97\xf8\x5d\xcd\x99"
33578 "\x5f\x1a\x5a\x44\x1d\x92\x0f\x27"
33579 "\xcc\x16\xd7\x2b\x85\x63\x99\xd3"
33580 "\xba\x96\xa1\xdb\xd2\x60\x68\xda",
33581 .klen = 32,
33582 .iv = "\xef\x58\x69\xb1\x2c\x5e\x9a\x47"
33583 "\x24\xc1\xb1\x69\xe1\x12\x93\x8f"
33584 "\x43\x3d\x6d\x00\xdb\x5e\xd8\xd9"
33585 "\x12\x9a\xfe\xd9\xff\x2d\xaa\xc4",
33586 .ptext = "\x5e\xa8\x68\x19\x85\x98\x12\x23"
33587 "\x26\x0a\xcc\xdb\x0a\x04\xb9\xdf"
33588 "\x4d\xb3\x48\x7b\xb0\xe3\xc8\x19"
33589 "\x43\x5a\x46\x06\x94\x2d\xf2",
33590 .ctext = "\xc7\xc6\xf1\x73\x8f\xc4\xff\x4a"
33591 "\x39\xbe\x78\xbe\x8d\x28\xc8\x89"
33592 "\x46\x63\xe7\x0c\x7d\x87\xe8\x4e"
33593 "\xc9\x18\x7b\xbe\x18\x60\x50",
33594 .len = 31,
33595 }, {
33596 .key = "\xa5\x28\x24\x34\x1a\x3c\xd8\xf7"
33597 "\x05\x91\x8f\xee\x85\x1f\x35\x7f"
33598 "\x80\x3d\xfc\x9b\x94\xf6\xfc\x9e"
33599 "\x19\x09\x00\xa9\x04\x31\x4f\x11",
33600 .klen = 32,
33601 .iv = "\xa1\xba\x49\x95\xff\x34\x6d\xb8"
33602 "\xcd\x87\x5d\x5e\xfd\xea\x85\xdb"
33603 "\x8a\x7b\x5e\xb2\x5d\x57\xdd\x62"
33604 "\xac\xa9\x8c\x41\x42\x94\x75\xb7",
33605 .ptext = "\x69\xb4\xe8\x8c\x37\xe8\x67\x82"
33606 "\xf1\xec\x5d\x04\xe5\x14\x91\x13"
33607 "\xdf\xf2\x87\x1b\x69\x81\x1d\x71"
33608 "\x70\x9e\x9c\x3b\xde\x49\x70\x11"
33609 "\xa0\xa3\xdb\x0d\x54\x4f\x66\x69"
33610 "\xd7\xdb\x80\xa7\x70\x92\x68\xce"
33611 "\x81\x04\x2c\xc6\xab\xae\xe5\x60"
33612 "\x15\xe9\x6f\xef\xaa\x8f\xa7\xa7"
33613 "\x63\x8f\xf2\xf0\x77\xf1\xa8\xea"
33614 "\xe1\xb7\x1f\x9e\xab\x9e\x4b\x3f"
33615 "\x07\x87\x5b\x6f\xcd\xa8\xaf\xb9"
33616 "\xfa\x70\x0b\x52\xb8\xa8\xa7\x9e"
33617 "\x07\x5f\xa6\x0e\xb3\x9b\x79\x13"
33618 "\x79\xc3\x3e\x8d\x1c\x2c\x68\xc8"
33619 "\x51\x1d\x3c\x7b\x7d\x79\x77\x2a"
33620 "\x56\x65\xc5\x54\x23\x28\xb0\x03",
33621 .ctext = "\x9e\x16\xab\xed\x4b\xa7\x42\x5a"
33622 "\xc6\xfb\x4e\x76\xff\xbe\x03\xa0"
33623 "\x0f\xe3\xad\xba\xe4\x98\x2b\x0e"
33624 "\x21\x48\xa0\xb8\x65\x48\x27\x48"
33625 "\x84\x54\x54\xb2\x9a\x94\x7b\xe6"
33626 "\x4b\x29\xe9\xcf\x05\x91\x80\x1a"
33627 "\x3a\xf3\x41\x96\x85\x1d\x9f\x74"
33628 "\x51\x56\x63\xfa\x7c\x28\x85\x49"
33629 "\xf7\x2f\xf9\xf2\x18\x46\xf5\x33"
33630 "\x80\xa3\x3c\xce\xb2\x57\x93\xf5"
33631 "\xae\xbd\xa9\xf5\x7b\x30\xc4\x93"
33632 "\x66\xe0\x30\x77\x16\xe4\xa0\x31"
33633 "\xba\x70\xbc\x68\x13\xf5\xb0\x9a"
33634 "\xc1\xfc\x7e\xfe\x55\x80\x5c\x48"
33635 "\x74\xa6\xaa\xa3\xac\xdc\xc2\xf5"
33636 "\x8d\xde\x34\x86\x78\x60\x75\x8d",
33637 .len = 128,
33638 .also_non_np = 1,
33639 .np = 4,
33640 .tap = { 104, 16, 4, 4 },
33641 }, {
33642 .key = "\xd3\x81\x72\x18\x23\xff\x6f\x4a"
33643 "\x25\x74\x29\x0d\x51\x8a\x0e\x13"
33644 "\xc1\x53\x5d\x30\x8d\xee\x75\x0d"
33645 "\x14\xd6\x69\xc9\x15\xa9\x0c\x60",
33646 .klen = 32,
33647 .iv = "\x65\x9b\xd4\xa8\x7d\x29\x1d\xf4"
33648 "\xc4\xd6\x9b\x6a\x28\xab\x64\xe2"
33649 "\x62\x81\x97\xc5\x81\xaa\xf9\x44"
33650 "\xc1\x72\x59\x82\xaf\x16\xc8\x2c",
33651 .ptext = "\xc7\x6b\x52\x6a\x10\xf0\xcc\x09"
33652 "\xc1\x12\x1d\x6d\x21\xa6\x78\xf5"
33653 "\x05\xa3\x69\x60\x91\x36\x98\x57"
33654 "\xba\x0c\x14\xcc\xf3\x2d\x73\x03"
33655 "\xc6\xb2\x5f\xc8\x16\x27\x37\x5d"
33656 "\xd0\x0b\x87\xb2\x50\x94\x7b\x58"
33657 "\x04\xf4\xe0\x7f\x6e\x57\x8e\xc9"
33658 "\x41\x84\xc1\xb1\x7e\x4b\x91\x12"
33659 "\x3a\x8b\x5d\x50\x82\x7b\xcb\xd9"
33660 "\x9a\xd9\x4e\x18\x06\x23\x9e\xd4"
33661 "\xa5\x20\x98\xef\xb5\xda\xe5\xc0"
33662 "\x8a\x6a\x83\x77\x15\x84\x1e\xae"
33663 "\x78\x94\x9d\xdf\xb7\xd1\xea\x67"
33664 "\xaa\xb0\x14\x15\xfa\x67\x21\x84"
33665 "\xd3\x41\x2a\xce\xba\x4b\x4a\xe8"
33666 "\x95\x62\xa9\x55\xf0\x80\xad\xbd"
33667 "\xab\xaf\xdd\x4f\xa5\x7c\x13\x36"
33668 "\xed\x5e\x4f\x72\xad\x4b\xf1\xd0"
33669 "\x88\x4e\xec\x2c\x88\x10\x5e\xea"
33670 "\x12\xc0\x16\x01\x29\xa3\xa0\x55"
33671 "\xaa\x68\xf3\xe9\x9d\x3b\x0d\x3b"
33672 "\x6d\xec\xf8\xa0\x2d\xf0\x90\x8d"
33673 "\x1c\xe2\x88\xd4\x24\x71\xf9\xb3"
33674 "\xc1\x9f\xc5\xd6\x76\x70\xc5\x2e"
33675 "\x9c\xac\xdb\x90\xbd\x83\x72\xba"
33676 "\x6e\xb5\xa5\x53\x83\xa9\xa5\xbf"
33677 "\x7d\x06\x0e\x3c\x2a\xd2\x04\xb5"
33678 "\x1e\x19\x38\x09\x16\xd2\x82\x1f"
33679 "\x75\x18\x56\xb8\x96\x0b\xa6\xf9"
33680 "\xcf\x62\xd9\x32\x5d\xa9\xd7\x1d"
33681 "\xec\xe4\xdf\x1b\xbe\xf1\x36\xee"
33682 "\xe3\x7b\xb5\x2f\xee\xf8\x53\x3d"
33683 "\x6a\xb7\x70\xa9\xfc\x9c\x57\x25"
33684 "\xf2\x89\x10\xd3\xb8\xa8\x8c\x30"
33685 "\xae\x23\x4f\x0e\x13\x66\x4f\xe1"
33686 "\xb6\xc0\xe4\xf8\xef\x93\xbd\x6e"
33687 "\x15\x85\x6b\xe3\x60\x81\x1d\x68"
33688 "\xd7\x31\x87\x89\x09\xab\xd5\x96"
33689 "\x1d\xf3\x6d\x67\x80\xca\x07\x31"
33690 "\x5d\xa7\xe4\xfb\x3e\xf2\x9b\x33"
33691 "\x52\x18\xc8\x30\xfe\x2d\xca\x1e"
33692 "\x79\x92\x7a\x60\x5c\xb6\x58\x87"
33693 "\xa4\x36\xa2\x67\x92\x8b\xa4\xb7"
33694 "\xf1\x86\xdf\xdc\xc0\x7e\x8f\x63"
33695 "\xd2\xa2\xdc\x78\xeb\x4f\xd8\x96"
33696 "\x47\xca\xb8\x91\xf9\xf7\x94\x21"
33697 "\x5f\x9a\x9f\x5b\xb8\x40\x41\x4b"
33698 "\x66\x69\x6a\x72\xd0\xcb\x70\xb7"
33699 "\x93\xb5\x37\x96\x05\x37\x4f\xe5"
33700 "\x8c\xa7\x5a\x4e\x8b\xb7\x84\xea"
33701 "\xc7\xfc\x19\x6e\x1f\x5a\xa1\xac"
33702 "\x18\x7d\x52\x3b\xb3\x34\x62\x99"
33703 "\xe4\x9e\x31\x04\x3f\xc0\x8d\x84"
33704 "\x17\x7c\x25\x48\x52\x67\x11\x27"
33705 "\x67\xbb\x5a\x85\xca\x56\xb2\x5c"
33706 "\xe6\xec\xd5\x96\x3d\x15\xfc\xfb"
33707 "\x22\x25\xf4\x13\xe5\x93\x4b\x9a"
33708 "\x77\xf1\x52\x18\xfa\x16\x5e\x49"
33709 "\x03\x45\xa8\x08\xfa\xb3\x41\x92"
33710 "\x79\x50\x33\xca\xd0\xd7\x42\x55"
33711 "\xc3\x9a\x0c\x4e\xd9\xa4\x3c\x86"
33712 "\x80\x9f\x53\xd1\xa4\x2e\xd1\xbc"
33713 "\xf1\x54\x6e\x93\xa4\x65\x99\x8e"
33714 "\xdf\x29\xc0\x64\x63\x07\xbb\xea",
33715 .ctext = "\x15\x97\xd0\x86\x18\x03\x9c\x51"
33716 "\xc5\x11\x36\x62\x13\x92\xe6\x73"
33717 "\x29\x79\xde\xa1\x00\x3e\x08\x64"
33718 "\x17\x1a\xbc\xd5\xfe\x33\x0e\x0c"
33719 "\x7c\x94\xa7\xc6\x3c\xbe\xac\xa2"
33720 "\x89\xe6\xbc\xdf\x0c\x33\x27\x42"
33721 "\x46\x73\x2f\xba\x4e\xa6\x46\x8f"
33722 "\xe4\xee\x39\x63\x42\x65\xa3\x88"
33723 "\x7a\xad\x33\x23\xa9\xa7\x20\x7f"
33724 "\x0b\xe6\x6a\xc3\x60\xda\x9e\xb4"
33725 "\xd6\x07\x8a\x77\x26\xd1\xab\x44"
33726 "\x99\x55\x03\x5e\xed\x8d\x7b\xbd"
33727 "\xc8\x21\xb7\x21\x30\x3f\xc0\xb5"
33728 "\xc8\xec\x6c\x23\xa6\xa3\x6d\xf1"
33729 "\x30\x0a\xd0\xa6\xa9\x28\x69\xae"
33730 "\x2a\xe6\x54\xac\x82\x9d\x6a\x95"
33731 "\x6f\x06\x44\xc5\x5a\x77\x6e\xec"
33732 "\xf8\xf8\x63\xb2\xe6\xaa\xbd\x8e"
33733 "\x0e\x8a\x62\x00\x03\xc8\x84\xdd"
33734 "\x47\x4a\xc3\x55\xba\xb7\xe7\xdf"
33735 "\x08\xbf\x62\xf5\xe8\xbc\xb6\x11"
33736 "\xe4\xcb\xd0\x66\x74\x32\xcf\xd4"
33737 "\xf8\x51\x80\x39\x14\x05\x12\xdb"
33738 "\x87\x93\xe2\x26\x30\x9c\x3a\x21"
33739 "\xe5\xd0\x38\x57\x80\x15\xe4\x08"
33740 "\x58\x05\x49\x7d\xe6\x92\x77\x70"
33741 "\xfb\x1e\x2d\x6a\x84\x00\xc8\x68"
33742 "\xf7\x1a\xdd\xf0\x7b\x38\x1e\xd8"
33743 "\x2c\x78\x78\x61\xcf\xe3\xde\x69"
33744 "\x1f\xd5\x03\xd5\x1a\xb4\xcf\x03"
33745 "\xc8\x7a\x70\x68\x35\xb4\xf6\xbe"
33746 "\x90\x62\xb2\x28\x99\x86\xf5\x44"
33747 "\x99\xeb\x31\xcf\xca\xdf\xd0\x21"
33748 "\xd6\x60\xf7\x0f\x40\xb4\x80\xb7"
33749 "\xab\xe1\x9b\x45\xba\x66\xda\xee"
33750 "\xdd\x04\x12\x40\x98\xe1\x69\xe5"
33751 "\x2b\x9c\x59\x80\xe7\x7b\xcc\x63"
33752 "\xa6\xc0\x3a\xa9\xfe\x8a\xf9\x62"
33753 "\x11\x34\x61\x94\x35\xfe\xf2\x99"
33754 "\xfd\xee\x19\xea\x95\xb6\x12\xbf"
33755 "\x1b\xdf\x02\x1a\xcc\x3e\x7e\x65"
33756 "\x78\x74\x10\x50\x29\x63\x28\xea"
33757 "\x6b\xab\xd4\x06\x4d\x15\x24\x31"
33758 "\xc7\x0a\xc9\x16\xb6\x48\xf0\xbf"
33759 "\x49\xdb\x68\x71\x31\x8f\x87\xe2"
33760 "\x13\x05\x64\xd6\x22\x0c\xf8\x36"
33761 "\x84\x24\x3e\x69\x5e\xb8\x9e\x16"
33762 "\x73\x6c\x83\x1e\xe0\x9f\x9e\xba"
33763 "\xe5\x59\x21\x33\x1b\xa9\x26\xc2"
33764 "\xc7\xd9\x30\x73\xb6\xa6\x73\x82"
33765 "\x19\xfa\x44\x4d\x40\x8b\x69\x04"
33766 "\x94\x74\xea\x6e\xb3\x09\x47\x01"
33767 "\x2a\xb9\x78\x34\x43\x11\xed\xd6"
33768 "\x8c\x95\x65\x1b\x85\x67\xa5\x40"
33769 "\xac\x9c\x05\x4b\x57\x4a\xa9\x96"
33770 "\x0f\xdd\x4f\xa1\xe0\xcf\x6e\xc7"
33771 "\x1b\xed\xa2\xb4\x56\x8c\x09\x6e"
33772 "\xa6\x65\xd7\x55\x81\xb7\xed\x11"
33773 "\x9b\x40\x75\xa8\x6b\x56\xaf\x16"
33774 "\x8b\x3d\xf4\xcb\xfe\xd5\x1d\x3d"
33775 "\x85\xc2\xc0\xde\x43\x39\x4a\x96"
33776 "\xba\x88\x97\xc0\xd6\x00\x0e\x27"
33777 "\x21\xb0\x21\x52\xba\xa7\x37\xaa"
33778 "\xcc\xbf\x95\xa8\xf4\xd0\x91\xf6",
33779 .len = 512,
33780 .also_non_np = 1,
33781 .np = 2,
33782 .tap = { 144, 368 },
33783 }
33784};
33785
33786/* Adiantum with XChaCha20 instead of XChaCha12 */
33787/* Test vectors from https://github.com/google/adiantum */
33788static const struct cipher_testvec adiantum_xchacha20_aes_tv_template[] = {
33789 {
33790 .key = "\x9e\xeb\xb2\x49\x3c\x1c\xf5\xf4"
33791 "\x6a\x99\xc2\xc4\xdf\xb1\xf4\xdd"
33792 "\x75\x20\x57\xea\x2c\x4f\xcd\xb2"
33793 "\xa5\x3d\x7b\x49\x1e\xab\xfd\x0f",
33794 .klen = 32,
33795 .iv = "\xdf\x63\xd4\xab\xd2\x49\xf3\xd8"
33796 "\x33\x81\x37\x60\x7d\xfa\x73\x08"
33797 "\xd8\x49\x6d\x80\xe8\x2f\x62\x54"
33798 "\xeb\x0e\xa9\x39\x5b\x45\x7f\x8a",
33799 .ptext = "\x67\xc9\xf2\x30\x84\x41\x8e\x43"
33800 "\xfb\xf3\xb3\x3e\x79\x36\x7f\xe8",
33801 .ctext = "\xf6\x78\x97\xd6\xaa\x94\x01\x27"
33802 "\x2e\x4d\x83\xe0\x6e\x64\x9a\xdf",
33803 .len = 16,
33804 .also_non_np = 1,
33805 .np = 3,
33806 .tap = { 5, 2, 9 },
33807 }, {
33808 .key = "\x36\x2b\x57\x97\xf8\x5d\xcd\x99"
33809 "\x5f\x1a\x5a\x44\x1d\x92\x0f\x27"
33810 "\xcc\x16\xd7\x2b\x85\x63\x99\xd3"
33811 "\xba\x96\xa1\xdb\xd2\x60\x68\xda",
33812 .klen = 32,
33813 .iv = "\xef\x58\x69\xb1\x2c\x5e\x9a\x47"
33814 "\x24\xc1\xb1\x69\xe1\x12\x93\x8f"
33815 "\x43\x3d\x6d\x00\xdb\x5e\xd8\xd9"
33816 "\x12\x9a\xfe\xd9\xff\x2d\xaa\xc4",
33817 .ptext = "\x5e\xa8\x68\x19\x85\x98\x12\x23"
33818 "\x26\x0a\xcc\xdb\x0a\x04\xb9\xdf"
33819 "\x4d\xb3\x48\x7b\xb0\xe3\xc8\x19"
33820 "\x43\x5a\x46\x06\x94\x2d\xf2",
33821 .ctext = "\x4b\xb8\x90\x10\xdf\x7f\x64\x08"
33822 "\x0e\x14\x42\x5f\x00\x74\x09\x36"
33823 "\x57\x72\xb5\xfd\xb5\x5d\xb8\x28"
33824 "\x0c\x04\x91\x14\x91\xe9\x37",
33825 .len = 31,
33826 .also_non_np = 1,
33827 .np = 2,
33828 .tap = { 16, 15 },
33829 }, {
33830 .key = "\xa5\x28\x24\x34\x1a\x3c\xd8\xf7"
33831 "\x05\x91\x8f\xee\x85\x1f\x35\x7f"
33832 "\x80\x3d\xfc\x9b\x94\xf6\xfc\x9e"
33833 "\x19\x09\x00\xa9\x04\x31\x4f\x11",
33834 .klen = 32,
33835 .iv = "\xa1\xba\x49\x95\xff\x34\x6d\xb8"
33836 "\xcd\x87\x5d\x5e\xfd\xea\x85\xdb"
33837 "\x8a\x7b\x5e\xb2\x5d\x57\xdd\x62"
33838 "\xac\xa9\x8c\x41\x42\x94\x75\xb7",
33839 .ptext = "\x69\xb4\xe8\x8c\x37\xe8\x67\x82"
33840 "\xf1\xec\x5d\x04\xe5\x14\x91\x13"
33841 "\xdf\xf2\x87\x1b\x69\x81\x1d\x71"
33842 "\x70\x9e\x9c\x3b\xde\x49\x70\x11"
33843 "\xa0\xa3\xdb\x0d\x54\x4f\x66\x69"
33844 "\xd7\xdb\x80\xa7\x70\x92\x68\xce"
33845 "\x81\x04\x2c\xc6\xab\xae\xe5\x60"
33846 "\x15\xe9\x6f\xef\xaa\x8f\xa7\xa7"
33847 "\x63\x8f\xf2\xf0\x77\xf1\xa8\xea"
33848 "\xe1\xb7\x1f\x9e\xab\x9e\x4b\x3f"
33849 "\x07\x87\x5b\x6f\xcd\xa8\xaf\xb9"
33850 "\xfa\x70\x0b\x52\xb8\xa8\xa7\x9e"
33851 "\x07\x5f\xa6\x0e\xb3\x9b\x79\x13"
33852 "\x79\xc3\x3e\x8d\x1c\x2c\x68\xc8"
33853 "\x51\x1d\x3c\x7b\x7d\x79\x77\x2a"
33854 "\x56\x65\xc5\x54\x23\x28\xb0\x03",
33855 .ctext = "\xb1\x8b\xa0\x05\x77\xa8\x4d\x59"
33856 "\x1b\x8e\x21\xfc\x3a\x49\xfa\xd4"
33857 "\xeb\x36\xf3\xc4\xdf\xdc\xae\x67"
33858 "\x07\x3f\x70\x0e\xe9\x66\xf5\x0c"
33859 "\x30\x4d\x66\xc9\xa4\x2f\x73\x9c"
33860 "\x13\xc8\x49\x44\xcc\x0a\x90\x9d"
33861 "\x7c\xdd\x19\x3f\xea\x72\x8d\x58"
33862 "\xab\xe7\x09\x2c\xec\xb5\x44\xd2"
33863 "\xca\xa6\x2d\x7a\x5c\x9c\x2b\x15"
33864 "\xec\x2a\xa6\x69\x91\xf9\xf3\x13"
33865 "\xf7\x72\xc1\xc1\x40\xd5\xe1\x94"
33866 "\xf4\x29\xa1\x3e\x25\x02\xa8\x3e"
33867 "\x94\xc1\x91\x14\xa1\x14\xcb\xbe"
33868 "\x67\x4c\xb9\x38\xfe\xa7\xaa\x32"
33869 "\x29\x62\x0d\xb2\xf6\x3c\x58\x57"
33870 "\xc1\xd5\x5a\xbb\xd6\xa6\x2a\xe5",
33871 .len = 128,
33872 .also_non_np = 1,
33873 .np = 4,
33874 .tap = { 112, 7, 8, 1 },
33875 }, {
33876 .key = "\xd3\x81\x72\x18\x23\xff\x6f\x4a"
33877 "\x25\x74\x29\x0d\x51\x8a\x0e\x13"
33878 "\xc1\x53\x5d\x30\x8d\xee\x75\x0d"
33879 "\x14\xd6\x69\xc9\x15\xa9\x0c\x60",
33880 .klen = 32,
33881 .iv = "\x65\x9b\xd4\xa8\x7d\x29\x1d\xf4"
33882 "\xc4\xd6\x9b\x6a\x28\xab\x64\xe2"
33883 "\x62\x81\x97\xc5\x81\xaa\xf9\x44"
33884 "\xc1\x72\x59\x82\xaf\x16\xc8\x2c",
33885 .ptext = "\xc7\x6b\x52\x6a\x10\xf0\xcc\x09"
33886 "\xc1\x12\x1d\x6d\x21\xa6\x78\xf5"
33887 "\x05\xa3\x69\x60\x91\x36\x98\x57"
33888 "\xba\x0c\x14\xcc\xf3\x2d\x73\x03"
33889 "\xc6\xb2\x5f\xc8\x16\x27\x37\x5d"
33890 "\xd0\x0b\x87\xb2\x50\x94\x7b\x58"
33891 "\x04\xf4\xe0\x7f\x6e\x57\x8e\xc9"
33892 "\x41\x84\xc1\xb1\x7e\x4b\x91\x12"
33893 "\x3a\x8b\x5d\x50\x82\x7b\xcb\xd9"
33894 "\x9a\xd9\x4e\x18\x06\x23\x9e\xd4"
33895 "\xa5\x20\x98\xef\xb5\xda\xe5\xc0"
33896 "\x8a\x6a\x83\x77\x15\x84\x1e\xae"
33897 "\x78\x94\x9d\xdf\xb7\xd1\xea\x67"
33898 "\xaa\xb0\x14\x15\xfa\x67\x21\x84"
33899 "\xd3\x41\x2a\xce\xba\x4b\x4a\xe8"
33900 "\x95\x62\xa9\x55\xf0\x80\xad\xbd"
33901 "\xab\xaf\xdd\x4f\xa5\x7c\x13\x36"
33902 "\xed\x5e\x4f\x72\xad\x4b\xf1\xd0"
33903 "\x88\x4e\xec\x2c\x88\x10\x5e\xea"
33904 "\x12\xc0\x16\x01\x29\xa3\xa0\x55"
33905 "\xaa\x68\xf3\xe9\x9d\x3b\x0d\x3b"
33906 "\x6d\xec\xf8\xa0\x2d\xf0\x90\x8d"
33907 "\x1c\xe2\x88\xd4\x24\x71\xf9\xb3"
33908 "\xc1\x9f\xc5\xd6\x76\x70\xc5\x2e"
33909 "\x9c\xac\xdb\x90\xbd\x83\x72\xba"
33910 "\x6e\xb5\xa5\x53\x83\xa9\xa5\xbf"
33911 "\x7d\x06\x0e\x3c\x2a\xd2\x04\xb5"
33912 "\x1e\x19\x38\x09\x16\xd2\x82\x1f"
33913 "\x75\x18\x56\xb8\x96\x0b\xa6\xf9"
33914 "\xcf\x62\xd9\x32\x5d\xa9\xd7\x1d"
33915 "\xec\xe4\xdf\x1b\xbe\xf1\x36\xee"
33916 "\xe3\x7b\xb5\x2f\xee\xf8\x53\x3d"
33917 "\x6a\xb7\x70\xa9\xfc\x9c\x57\x25"
33918 "\xf2\x89\x10\xd3\xb8\xa8\x8c\x30"
33919 "\xae\x23\x4f\x0e\x13\x66\x4f\xe1"
33920 "\xb6\xc0\xe4\xf8\xef\x93\xbd\x6e"
33921 "\x15\x85\x6b\xe3\x60\x81\x1d\x68"
33922 "\xd7\x31\x87\x89\x09\xab\xd5\x96"
33923 "\x1d\xf3\x6d\x67\x80\xca\x07\x31"
33924 "\x5d\xa7\xe4\xfb\x3e\xf2\x9b\x33"
33925 "\x52\x18\xc8\x30\xfe\x2d\xca\x1e"
33926 "\x79\x92\x7a\x60\x5c\xb6\x58\x87"
33927 "\xa4\x36\xa2\x67\x92\x8b\xa4\xb7"
33928 "\xf1\x86\xdf\xdc\xc0\x7e\x8f\x63"
33929 "\xd2\xa2\xdc\x78\xeb\x4f\xd8\x96"
33930 "\x47\xca\xb8\x91\xf9\xf7\x94\x21"
33931 "\x5f\x9a\x9f\x5b\xb8\x40\x41\x4b"
33932 "\x66\x69\x6a\x72\xd0\xcb\x70\xb7"
33933 "\x93\xb5\x37\x96\x05\x37\x4f\xe5"
33934 "\x8c\xa7\x5a\x4e\x8b\xb7\x84\xea"
33935 "\xc7\xfc\x19\x6e\x1f\x5a\xa1\xac"
33936 "\x18\x7d\x52\x3b\xb3\x34\x62\x99"
33937 "\xe4\x9e\x31\x04\x3f\xc0\x8d\x84"
33938 "\x17\x7c\x25\x48\x52\x67\x11\x27"
33939 "\x67\xbb\x5a\x85\xca\x56\xb2\x5c"
33940 "\xe6\xec\xd5\x96\x3d\x15\xfc\xfb"
33941 "\x22\x25\xf4\x13\xe5\x93\x4b\x9a"
33942 "\x77\xf1\x52\x18\xfa\x16\x5e\x49"
33943 "\x03\x45\xa8\x08\xfa\xb3\x41\x92"
33944 "\x79\x50\x33\xca\xd0\xd7\x42\x55"
33945 "\xc3\x9a\x0c\x4e\xd9\xa4\x3c\x86"
33946 "\x80\x9f\x53\xd1\xa4\x2e\xd1\xbc"
33947 "\xf1\x54\x6e\x93\xa4\x65\x99\x8e"
33948 "\xdf\x29\xc0\x64\x63\x07\xbb\xea",
33949 .ctext = "\xe0\x33\xf6\xe0\xb4\xa5\xdd\x2b"
33950 "\xdd\xce\xfc\x12\x1e\xfc\x2d\xf2"
33951 "\x8b\xc7\xeb\xc1\xc4\x2a\xe8\x44"
33952 "\x0f\x3d\x97\x19\x2e\x6d\xa2\x38"
33953 "\x9d\xa6\xaa\xe1\x96\xb9\x08\xe8"
33954 "\x0b\x70\x48\x5c\xed\xb5\x9b\xcb"
33955 "\x8b\x40\x88\x7e\x69\x73\xf7\x16"
33956 "\x71\xbb\x5b\xfc\xa3\x47\x5d\xa6"
33957 "\xae\x3a\x64\xc4\xe7\xb8\xa8\xe7"
33958 "\xb1\x32\x19\xdb\xe3\x01\xb8\xf0"
33959 "\xa4\x86\xb4\x4c\xc2\xde\x5c\xd2"
33960 "\x6c\x77\xd2\xe8\x18\xb7\x0a\xc9"
33961 "\x3d\x53\xb5\xc4\x5c\xf0\x8c\x06"
33962 "\xdc\x90\xe0\x74\x47\x1b\x0b\xf6"
33963 "\xd2\x71\x6b\xc4\xf1\x97\x00\x2d"
33964 "\x63\x57\x44\x1f\x8c\xf4\xe6\x9b"
33965 "\xe0\x7a\xdd\xec\x32\x73\x42\x32"
33966 "\x7f\x35\x67\x60\x0d\xcf\x10\x52"
33967 "\x61\x22\x53\x8d\x8e\xbb\x33\x76"
33968 "\x59\xd9\x10\xce\xdf\xef\xc0\x41"
33969 "\xd5\x33\x29\x6a\xda\x46\xa4\x51"
33970 "\xf0\x99\x3d\x96\x31\xdd\xb5\xcb"
33971 "\x3e\x2a\x1f\xc7\x5c\x79\xd3\xc5"
33972 "\x20\xa1\xb1\x39\x1b\xc6\x0a\x70"
33973 "\x26\x39\x95\x07\xad\x7a\xc9\x69"
33974 "\xfe\x81\xc7\x88\x08\x38\xaf\xad"
33975 "\x9e\x8d\xfb\xe8\x24\x0d\x22\xb8"
33976 "\x0e\xed\xbe\x37\x53\x7c\xa6\xc6"
33977 "\x78\x62\xec\xa3\x59\xd9\xc6\x9d"
33978 "\xb8\x0e\x69\x77\x84\x2d\x6a\x4c"
33979 "\xc5\xd9\xb2\xa0\x2b\xa8\x80\xcc"
33980 "\xe9\x1e\x9c\x5a\xc4\xa1\xb2\x37"
33981 "\x06\x9b\x30\x32\x67\xf7\xe7\xd2"
33982 "\x42\xc7\xdf\x4e\xd4\xcb\xa0\x12"
33983 "\x94\xa1\x34\x85\x93\x50\x4b\x0a"
33984 "\x3c\x7d\x49\x25\x01\x41\x6b\x96"
33985 "\xa9\x12\xbb\x0b\xc0\xd7\xd0\x93"
33986 "\x1f\x70\x38\xb8\x21\xee\xf6\xa7"
33987 "\xee\xeb\xe7\x81\xa4\x13\xb4\x87"
33988 "\xfa\xc1\xb0\xb5\x37\x8b\x74\xa2"
33989 "\x4e\xc7\xc2\xad\x3d\x62\x3f\xf8"
33990 "\x34\x42\xe5\xae\x45\x13\x63\xfe"
33991 "\xfc\x2a\x17\x46\x61\xa9\xd3\x1c"
33992 "\x4c\xaf\xf0\x09\x62\x26\x66\x1e"
33993 "\x74\xcf\xd6\x68\x3d\x7d\xd8\xb7"
33994 "\xe7\xe6\xf8\xf0\x08\x20\xf7\x47"
33995 "\x1c\x52\xaa\x0f\x3e\x21\xa3\xf2"
33996 "\xbf\x2f\x95\x16\xa8\xc8\xc8\x8c"
33997 "\x99\x0f\x5d\xfb\xfa\x2b\x58\x8a"
33998 "\x7e\xd6\x74\x02\x60\xf0\xd0\x5b"
33999 "\x65\xa8\xac\xea\x8d\x68\x46\x34"
34000 "\x26\x9d\x4f\xb1\x9a\x8e\xc0\x1a"
34001 "\xf1\xed\xc6\x7a\x83\xfd\x8a\x57"
34002 "\xf2\xe6\xe4\xba\xfc\xc6\x3c\xad"
34003 "\x5b\x19\x50\x2f\x3a\xcc\x06\x46"
34004 "\x04\x51\x3f\x91\x97\xf0\xd2\x07"
34005 "\xe7\x93\x89\x7e\xb5\x32\x0f\x03"
34006 "\xe5\x58\x9e\x74\x72\xeb\xc2\x38"
34007 "\x00\x0c\x91\x72\x69\xed\x7d\x6d"
34008 "\xc8\x71\xf0\xec\xff\x80\xd9\x1c"
34009 "\x9e\xd2\xfa\x15\xfc\x6c\x4e\xbc"
34010 "\xb1\xa6\xbd\xbd\x70\x40\xca\x20"
34011 "\xb8\x78\xd2\xa3\xc6\xf3\x79\x9c"
34012 "\xc7\x27\xe1\x6a\x29\xad\xa4\x03",
34013 .len = 512,
34014 }
34015};
34016
30805/* 34017/*
30806 * CTS (Cipher Text Stealing) mode tests 34018 * CTS (Cipher Text Stealing) mode tests
30807 */ 34019 */
generated by cgit v1.2.2 (git 2.25.0) at 2025-08-31 13:57:42 -0400