aboutsummaryrefslogtreecommitdiffstats
path: root/crypto
diff options
context:
space:
mode:
authorJonathan Herman <hermanjl@cs.unc.edu>2013-01-22 10:38:37 -0500
committerJonathan Herman <hermanjl@cs.unc.edu>2013-01-22 10:38:37 -0500
commitfcc9d2e5a6c89d22b8b773a64fb4ad21ac318446 (patch)
treea57612d1888735a2ec7972891b68c1ac5ec8faea /crypto
parent8dea78da5cee153b8af9c07a2745f6c55057fe12 (diff)
Added missing tegra files.HEADmaster
Diffstat (limited to 'crypto')
-rw-r--r--crypto/blowfish.c482
-rw-r--r--crypto/camellia.c1116
-rw-r--r--crypto/cast5.c809
-rw-r--r--crypto/cast6.c547
-rw-r--r--crypto/serpent.c587
5 files changed, 3541 insertions, 0 deletions
diff --git a/crypto/blowfish.c b/crypto/blowfish.c
new file mode 100644
index 00000000000..a67d52ee058
--- /dev/null
+++ b/crypto/blowfish.c
@@ -0,0 +1,482 @@
1/*
2 * Cryptographic API.
3 *
4 * Blowfish Cipher Algorithm, by Bruce Schneier.
5 * http://www.counterpane.com/blowfish.html
6 *
7 * Adapted from Kerneli implementation.
8 *
9 * Copyright (c) Herbert Valerio Riedel <hvr@hvrlab.org>
10 * Copyright (c) Kyle McMartin <kyle@debian.org>
11 * Copyright (c) 2002 James Morris <jmorris@intercode.com.au>
12 *
13 * This program is free software; you can redistribute it and/or modify
14 * it under the terms of the GNU General Public License as published by
15 * the Free Software Foundation; either version 2 of the License, or
16 * (at your option) any later version.
17 *
18 */
19#include <linux/init.h>
20#include <linux/module.h>
21#include <linux/mm.h>
22#include <asm/byteorder.h>
23#include <linux/crypto.h>
24#include <linux/types.h>
25
26#define BF_BLOCK_SIZE 8
27#define BF_MIN_KEY_SIZE 4
28#define BF_MAX_KEY_SIZE 56
29
30struct bf_ctx {
31 u32 p[18];
32 u32 s[1024];
33};
34
35static const u32 bf_pbox[16 + 2] = {
36 0x243f6a88, 0x85a308d3, 0x13198a2e, 0x03707344,
37 0xa4093822, 0x299f31d0, 0x082efa98, 0xec4e6c89,
38 0x452821e6, 0x38d01377, 0xbe5466cf, 0x34e90c6c,
39 0xc0ac29b7, 0xc97c50dd, 0x3f84d5b5, 0xb5470917,
40 0x9216d5d9, 0x8979fb1b,
41};
42
43static const u32 bf_sbox[256 * 4] = {
44 0xd1310ba6, 0x98dfb5ac, 0x2ffd72db, 0xd01adfb7,
45 0xb8e1afed, 0x6a267e96, 0xba7c9045, 0xf12c7f99,
46 0x24a19947, 0xb3916cf7, 0x0801f2e2, 0x858efc16,
47 0x636920d8, 0x71574e69, 0xa458fea3, 0xf4933d7e,
48 0x0d95748f, 0x728eb658, 0x718bcd58, 0x82154aee,
49 0x7b54a41d, 0xc25a59b5, 0x9c30d539, 0x2af26013,
50 0xc5d1b023, 0x286085f0, 0xca417918, 0xb8db38ef,
51 0x8e79dcb0, 0x603a180e, 0x6c9e0e8b, 0xb01e8a3e,
52 0xd71577c1, 0xbd314b27, 0x78af2fda, 0x55605c60,
53 0xe65525f3, 0xaa55ab94, 0x57489862, 0x63e81440,
54 0x55ca396a, 0x2aab10b6, 0xb4cc5c34, 0x1141e8ce,
55 0xa15486af, 0x7c72e993, 0xb3ee1411, 0x636fbc2a,
56 0x2ba9c55d, 0x741831f6, 0xce5c3e16, 0x9b87931e,
57 0xafd6ba33, 0x6c24cf5c, 0x7a325381, 0x28958677,
58 0x3b8f4898, 0x6b4bb9af, 0xc4bfe81b, 0x66282193,
59 0x61d809cc, 0xfb21a991, 0x487cac60, 0x5dec8032,
60 0xef845d5d, 0xe98575b1, 0xdc262302, 0xeb651b88,
61 0x23893e81, 0xd396acc5, 0x0f6d6ff3, 0x83f44239,
62 0x2e0b4482, 0xa4842004, 0x69c8f04a, 0x9e1f9b5e,
63 0x21c66842, 0xf6e96c9a, 0x670c9c61, 0xabd388f0,
64 0x6a51a0d2, 0xd8542f68, 0x960fa728, 0xab5133a3,
65 0x6eef0b6c, 0x137a3be4, 0xba3bf050, 0x7efb2a98,
66 0xa1f1651d, 0x39af0176, 0x66ca593e, 0x82430e88,
67 0x8cee8619, 0x456f9fb4, 0x7d84a5c3, 0x3b8b5ebe,
68 0xe06f75d8, 0x85c12073, 0x401a449f, 0x56c16aa6,
69 0x4ed3aa62, 0x363f7706, 0x1bfedf72, 0x429b023d,
70 0x37d0d724, 0xd00a1248, 0xdb0fead3, 0x49f1c09b,
71 0x075372c9, 0x80991b7b, 0x25d479d8, 0xf6e8def7,
72 0xe3fe501a, 0xb6794c3b, 0x976ce0bd, 0x04c006ba,
73 0xc1a94fb6, 0x409f60c4, 0x5e5c9ec2, 0x196a2463,
74 0x68fb6faf, 0x3e6c53b5, 0x1339b2eb, 0x3b52ec6f,
75 0x6dfc511f, 0x9b30952c, 0xcc814544, 0xaf5ebd09,
76 0xbee3d004, 0xde334afd, 0x660f2807, 0x192e4bb3,
77 0xc0cba857, 0x45c8740f, 0xd20b5f39, 0xb9d3fbdb,
78 0x5579c0bd, 0x1a60320a, 0xd6a100c6, 0x402c7279,
79 0x679f25fe, 0xfb1fa3cc, 0x8ea5e9f8, 0xdb3222f8,
80 0x3c7516df, 0xfd616b15, 0x2f501ec8, 0xad0552ab,
81 0x323db5fa, 0xfd238760, 0x53317b48, 0x3e00df82,
82 0x9e5c57bb, 0xca6f8ca0, 0x1a87562e, 0xdf1769db,
83 0xd542a8f6, 0x287effc3, 0xac6732c6, 0x8c4f5573,
84 0x695b27b0, 0xbbca58c8, 0xe1ffa35d, 0xb8f011a0,
85 0x10fa3d98, 0xfd2183b8, 0x4afcb56c, 0x2dd1d35b,
86 0x9a53e479, 0xb6f84565, 0xd28e49bc, 0x4bfb9790,
87 0xe1ddf2da, 0xa4cb7e33, 0x62fb1341, 0xcee4c6e8,
88 0xef20cada, 0x36774c01, 0xd07e9efe, 0x2bf11fb4,
89 0x95dbda4d, 0xae909198, 0xeaad8e71, 0x6b93d5a0,
90 0xd08ed1d0, 0xafc725e0, 0x8e3c5b2f, 0x8e7594b7,
91 0x8ff6e2fb, 0xf2122b64, 0x8888b812, 0x900df01c,
92 0x4fad5ea0, 0x688fc31c, 0xd1cff191, 0xb3a8c1ad,
93 0x2f2f2218, 0xbe0e1777, 0xea752dfe, 0x8b021fa1,
94 0xe5a0cc0f, 0xb56f74e8, 0x18acf3d6, 0xce89e299,
95 0xb4a84fe0, 0xfd13e0b7, 0x7cc43b81, 0xd2ada8d9,
96 0x165fa266, 0x80957705, 0x93cc7314, 0x211a1477,
97 0xe6ad2065, 0x77b5fa86, 0xc75442f5, 0xfb9d35cf,
98 0xebcdaf0c, 0x7b3e89a0, 0xd6411bd3, 0xae1e7e49,
99 0x00250e2d, 0x2071b35e, 0x226800bb, 0x57b8e0af,
100 0x2464369b, 0xf009b91e, 0x5563911d, 0x59dfa6aa,
101 0x78c14389, 0xd95a537f, 0x207d5ba2, 0x02e5b9c5,
102 0x83260376, 0x6295cfa9, 0x11c81968, 0x4e734a41,
103 0xb3472dca, 0x7b14a94a, 0x1b510052, 0x9a532915,
104 0xd60f573f, 0xbc9bc6e4, 0x2b60a476, 0x81e67400,
105 0x08ba6fb5, 0x571be91f, 0xf296ec6b, 0x2a0dd915,
106 0xb6636521, 0xe7b9f9b6, 0xff34052e, 0xc5855664,
107 0x53b02d5d, 0xa99f8fa1, 0x08ba4799, 0x6e85076a,
108 0x4b7a70e9, 0xb5b32944, 0xdb75092e, 0xc4192623,
109 0xad6ea6b0, 0x49a7df7d, 0x9cee60b8, 0x8fedb266,
110 0xecaa8c71, 0x699a17ff, 0x5664526c, 0xc2b19ee1,
111 0x193602a5, 0x75094c29, 0xa0591340, 0xe4183a3e,
112 0x3f54989a, 0x5b429d65, 0x6b8fe4d6, 0x99f73fd6,
113 0xa1d29c07, 0xefe830f5, 0x4d2d38e6, 0xf0255dc1,
114 0x4cdd2086, 0x8470eb26, 0x6382e9c6, 0x021ecc5e,
115 0x09686b3f, 0x3ebaefc9, 0x3c971814, 0x6b6a70a1,
116 0x687f3584, 0x52a0e286, 0xb79c5305, 0xaa500737,
117 0x3e07841c, 0x7fdeae5c, 0x8e7d44ec, 0x5716f2b8,
118 0xb03ada37, 0xf0500c0d, 0xf01c1f04, 0x0200b3ff,
119 0xae0cf51a, 0x3cb574b2, 0x25837a58, 0xdc0921bd,
120 0xd19113f9, 0x7ca92ff6, 0x94324773, 0x22f54701,
121 0x3ae5e581, 0x37c2dadc, 0xc8b57634, 0x9af3dda7,
122 0xa9446146, 0x0fd0030e, 0xecc8c73e, 0xa4751e41,
123 0xe238cd99, 0x3bea0e2f, 0x3280bba1, 0x183eb331,
124 0x4e548b38, 0x4f6db908, 0x6f420d03, 0xf60a04bf,
125 0x2cb81290, 0x24977c79, 0x5679b072, 0xbcaf89af,
126 0xde9a771f, 0xd9930810, 0xb38bae12, 0xdccf3f2e,
127 0x5512721f, 0x2e6b7124, 0x501adde6, 0x9f84cd87,
128 0x7a584718, 0x7408da17, 0xbc9f9abc, 0xe94b7d8c,
129 0xec7aec3a, 0xdb851dfa, 0x63094366, 0xc464c3d2,
130 0xef1c1847, 0x3215d908, 0xdd433b37, 0x24c2ba16,
131 0x12a14d43, 0x2a65c451, 0x50940002, 0x133ae4dd,
132 0x71dff89e, 0x10314e55, 0x81ac77d6, 0x5f11199b,
133 0x043556f1, 0xd7a3c76b, 0x3c11183b, 0x5924a509,
134 0xf28fe6ed, 0x97f1fbfa, 0x9ebabf2c, 0x1e153c6e,
135 0x86e34570, 0xeae96fb1, 0x860e5e0a, 0x5a3e2ab3,
136 0x771fe71c, 0x4e3d06fa, 0x2965dcb9, 0x99e71d0f,
137 0x803e89d6, 0x5266c825, 0x2e4cc978, 0x9c10b36a,
138 0xc6150eba, 0x94e2ea78, 0xa5fc3c53, 0x1e0a2df4,
139 0xf2f74ea7, 0x361d2b3d, 0x1939260f, 0x19c27960,
140 0x5223a708, 0xf71312b6, 0xebadfe6e, 0xeac31f66,
141 0xe3bc4595, 0xa67bc883, 0xb17f37d1, 0x018cff28,
142 0xc332ddef, 0xbe6c5aa5, 0x65582185, 0x68ab9802,
143 0xeecea50f, 0xdb2f953b, 0x2aef7dad, 0x5b6e2f84,
144 0x1521b628, 0x29076170, 0xecdd4775, 0x619f1510,
145 0x13cca830, 0xeb61bd96, 0x0334fe1e, 0xaa0363cf,
146 0xb5735c90, 0x4c70a239, 0xd59e9e0b, 0xcbaade14,
147 0xeecc86bc, 0x60622ca7, 0x9cab5cab, 0xb2f3846e,
148 0x648b1eaf, 0x19bdf0ca, 0xa02369b9, 0x655abb50,
149 0x40685a32, 0x3c2ab4b3, 0x319ee9d5, 0xc021b8f7,
150 0x9b540b19, 0x875fa099, 0x95f7997e, 0x623d7da8,
151 0xf837889a, 0x97e32d77, 0x11ed935f, 0x16681281,
152 0x0e358829, 0xc7e61fd6, 0x96dedfa1, 0x7858ba99,
153 0x57f584a5, 0x1b227263, 0x9b83c3ff, 0x1ac24696,
154 0xcdb30aeb, 0x532e3054, 0x8fd948e4, 0x6dbc3128,
155 0x58ebf2ef, 0x34c6ffea, 0xfe28ed61, 0xee7c3c73,
156 0x5d4a14d9, 0xe864b7e3, 0x42105d14, 0x203e13e0,
157 0x45eee2b6, 0xa3aaabea, 0xdb6c4f15, 0xfacb4fd0,
158 0xc742f442, 0xef6abbb5, 0x654f3b1d, 0x41cd2105,
159 0xd81e799e, 0x86854dc7, 0xe44b476a, 0x3d816250,
160 0xcf62a1f2, 0x5b8d2646, 0xfc8883a0, 0xc1c7b6a3,
161 0x7f1524c3, 0x69cb7492, 0x47848a0b, 0x5692b285,
162 0x095bbf00, 0xad19489d, 0x1462b174, 0x23820e00,
163 0x58428d2a, 0x0c55f5ea, 0x1dadf43e, 0x233f7061,
164 0x3372f092, 0x8d937e41, 0xd65fecf1, 0x6c223bdb,
165 0x7cde3759, 0xcbee7460, 0x4085f2a7, 0xce77326e,
166 0xa6078084, 0x19f8509e, 0xe8efd855, 0x61d99735,
167 0xa969a7aa, 0xc50c06c2, 0x5a04abfc, 0x800bcadc,
168 0x9e447a2e, 0xc3453484, 0xfdd56705, 0x0e1e9ec9,
169 0xdb73dbd3, 0x105588cd, 0x675fda79, 0xe3674340,
170 0xc5c43465, 0x713e38d8, 0x3d28f89e, 0xf16dff20,
171 0x153e21e7, 0x8fb03d4a, 0xe6e39f2b, 0xdb83adf7,
172 0xe93d5a68, 0x948140f7, 0xf64c261c, 0x94692934,
173 0x411520f7, 0x7602d4f7, 0xbcf46b2e, 0xd4a20068,
174 0xd4082471, 0x3320f46a, 0x43b7d4b7, 0x500061af,
175 0x1e39f62e, 0x97244546, 0x14214f74, 0xbf8b8840,
176 0x4d95fc1d, 0x96b591af, 0x70f4ddd3, 0x66a02f45,
177 0xbfbc09ec, 0x03bd9785, 0x7fac6dd0, 0x31cb8504,
178 0x96eb27b3, 0x55fd3941, 0xda2547e6, 0xabca0a9a,
179 0x28507825, 0x530429f4, 0x0a2c86da, 0xe9b66dfb,
180 0x68dc1462, 0xd7486900, 0x680ec0a4, 0x27a18dee,
181 0x4f3ffea2, 0xe887ad8c, 0xb58ce006, 0x7af4d6b6,
182 0xaace1e7c, 0xd3375fec, 0xce78a399, 0x406b2a42,
183 0x20fe9e35, 0xd9f385b9, 0xee39d7ab, 0x3b124e8b,
184 0x1dc9faf7, 0x4b6d1856, 0x26a36631, 0xeae397b2,
185 0x3a6efa74, 0xdd5b4332, 0x6841e7f7, 0xca7820fb,
186 0xfb0af54e, 0xd8feb397, 0x454056ac, 0xba489527,
187 0x55533a3a, 0x20838d87, 0xfe6ba9b7, 0xd096954b,
188 0x55a867bc, 0xa1159a58, 0xcca92963, 0x99e1db33,
189 0xa62a4a56, 0x3f3125f9, 0x5ef47e1c, 0x9029317c,
190 0xfdf8e802, 0x04272f70, 0x80bb155c, 0x05282ce3,
191 0x95c11548, 0xe4c66d22, 0x48c1133f, 0xc70f86dc,
192 0x07f9c9ee, 0x41041f0f, 0x404779a4, 0x5d886e17,
193 0x325f51eb, 0xd59bc0d1, 0xf2bcc18f, 0x41113564,
194 0x257b7834, 0x602a9c60, 0xdff8e8a3, 0x1f636c1b,
195 0x0e12b4c2, 0x02e1329e, 0xaf664fd1, 0xcad18115,
196 0x6b2395e0, 0x333e92e1, 0x3b240b62, 0xeebeb922,
197 0x85b2a20e, 0xe6ba0d99, 0xde720c8c, 0x2da2f728,
198 0xd0127845, 0x95b794fd, 0x647d0862, 0xe7ccf5f0,
199 0x5449a36f, 0x877d48fa, 0xc39dfd27, 0xf33e8d1e,
200 0x0a476341, 0x992eff74, 0x3a6f6eab, 0xf4f8fd37,
201 0xa812dc60, 0xa1ebddf8, 0x991be14c, 0xdb6e6b0d,
202 0xc67b5510, 0x6d672c37, 0x2765d43b, 0xdcd0e804,
203 0xf1290dc7, 0xcc00ffa3, 0xb5390f92, 0x690fed0b,
204 0x667b9ffb, 0xcedb7d9c, 0xa091cf0b, 0xd9155ea3,
205 0xbb132f88, 0x515bad24, 0x7b9479bf, 0x763bd6eb,
206 0x37392eb3, 0xcc115979, 0x8026e297, 0xf42e312d,
207 0x6842ada7, 0xc66a2b3b, 0x12754ccc, 0x782ef11c,
208 0x6a124237, 0xb79251e7, 0x06a1bbe6, 0x4bfb6350,
209 0x1a6b1018, 0x11caedfa, 0x3d25bdd8, 0xe2e1c3c9,
210 0x44421659, 0x0a121386, 0xd90cec6e, 0xd5abea2a,
211 0x64af674e, 0xda86a85f, 0xbebfe988, 0x64e4c3fe,
212 0x9dbc8057, 0xf0f7c086, 0x60787bf8, 0x6003604d,
213 0xd1fd8346, 0xf6381fb0, 0x7745ae04, 0xd736fccc,
214 0x83426b33, 0xf01eab71, 0xb0804187, 0x3c005e5f,
215 0x77a057be, 0xbde8ae24, 0x55464299, 0xbf582e61,
216 0x4e58f48f, 0xf2ddfda2, 0xf474ef38, 0x8789bdc2,
217 0x5366f9c3, 0xc8b38e74, 0xb475f255, 0x46fcd9b9,
218 0x7aeb2661, 0x8b1ddf84, 0x846a0e79, 0x915f95e2,
219 0x466e598e, 0x20b45770, 0x8cd55591, 0xc902de4c,
220 0xb90bace1, 0xbb8205d0, 0x11a86248, 0x7574a99e,
221 0xb77f19b6, 0xe0a9dc09, 0x662d09a1, 0xc4324633,
222 0xe85a1f02, 0x09f0be8c, 0x4a99a025, 0x1d6efe10,
223 0x1ab93d1d, 0x0ba5a4df, 0xa186f20f, 0x2868f169,
224 0xdcb7da83, 0x573906fe, 0xa1e2ce9b, 0x4fcd7f52,
225 0x50115e01, 0xa70683fa, 0xa002b5c4, 0x0de6d027,
226 0x9af88c27, 0x773f8641, 0xc3604c06, 0x61a806b5,
227 0xf0177a28, 0xc0f586e0, 0x006058aa, 0x30dc7d62,
228 0x11e69ed7, 0x2338ea63, 0x53c2dd94, 0xc2c21634,
229 0xbbcbee56, 0x90bcb6de, 0xebfc7da1, 0xce591d76,
230 0x6f05e409, 0x4b7c0188, 0x39720a3d, 0x7c927c24,
231 0x86e3725f, 0x724d9db9, 0x1ac15bb4, 0xd39eb8fc,
232 0xed545578, 0x08fca5b5, 0xd83d7cd3, 0x4dad0fc4,
233 0x1e50ef5e, 0xb161e6f8, 0xa28514d9, 0x6c51133c,
234 0x6fd5c7e7, 0x56e14ec4, 0x362abfce, 0xddc6c837,
235 0xd79a3234, 0x92638212, 0x670efa8e, 0x406000e0,
236 0x3a39ce37, 0xd3faf5cf, 0xabc27737, 0x5ac52d1b,
237 0x5cb0679e, 0x4fa33742, 0xd3822740, 0x99bc9bbe,
238 0xd5118e9d, 0xbf0f7315, 0xd62d1c7e, 0xc700c47b,
239 0xb78c1b6b, 0x21a19045, 0xb26eb1be, 0x6a366eb4,
240 0x5748ab2f, 0xbc946e79, 0xc6a376d2, 0x6549c2c8,
241 0x530ff8ee, 0x468dde7d, 0xd5730a1d, 0x4cd04dc6,
242 0x2939bbdb, 0xa9ba4650, 0xac9526e8, 0xbe5ee304,
243 0xa1fad5f0, 0x6a2d519a, 0x63ef8ce2, 0x9a86ee22,
244 0xc089c2b8, 0x43242ef6, 0xa51e03aa, 0x9cf2d0a4,
245 0x83c061ba, 0x9be96a4d, 0x8fe51550, 0xba645bd6,
246 0x2826a2f9, 0xa73a3ae1, 0x4ba99586, 0xef5562e9,
247 0xc72fefd3, 0xf752f7da, 0x3f046f69, 0x77fa0a59,
248 0x80e4a915, 0x87b08601, 0x9b09e6ad, 0x3b3ee593,
249 0xe990fd5a, 0x9e34d797, 0x2cf0b7d9, 0x022b8b51,
250 0x96d5ac3a, 0x017da67d, 0xd1cf3ed6, 0x7c7d2d28,
251 0x1f9f25cf, 0xadf2b89b, 0x5ad6b472, 0x5a88f54c,
252 0xe029ac71, 0xe019a5e6, 0x47b0acfd, 0xed93fa9b,
253 0xe8d3c48d, 0x283b57cc, 0xf8d56629, 0x79132e28,
254 0x785f0191, 0xed756055, 0xf7960e44, 0xe3d35e8c,
255 0x15056dd4, 0x88f46dba, 0x03a16125, 0x0564f0bd,
256 0xc3eb9e15, 0x3c9057a2, 0x97271aec, 0xa93a072a,
257 0x1b3f6d9b, 0x1e6321f5, 0xf59c66fb, 0x26dcf319,
258 0x7533d928, 0xb155fdf5, 0x03563482, 0x8aba3cbb,
259 0x28517711, 0xc20ad9f8, 0xabcc5167, 0xccad925f,
260 0x4de81751, 0x3830dc8e, 0x379d5862, 0x9320f991,
261 0xea7a90c2, 0xfb3e7bce, 0x5121ce64, 0x774fbe32,
262 0xa8b6e37e, 0xc3293d46, 0x48de5369, 0x6413e680,
263 0xa2ae0810, 0xdd6db224, 0x69852dfd, 0x09072166,
264 0xb39a460a, 0x6445c0dd, 0x586cdecf, 0x1c20c8ae,
265 0x5bbef7dd, 0x1b588d40, 0xccd2017f, 0x6bb4e3bb,
266 0xdda26a7e, 0x3a59ff45, 0x3e350a44, 0xbcb4cdd5,
267 0x72eacea8, 0xfa6484bb, 0x8d6612ae, 0xbf3c6f47,
268 0xd29be463, 0x542f5d9e, 0xaec2771b, 0xf64e6370,
269 0x740e0d8d, 0xe75b1357, 0xf8721671, 0xaf537d5d,
270 0x4040cb08, 0x4eb4e2cc, 0x34d2466a, 0x0115af84,
271 0xe1b00428, 0x95983a1d, 0x06b89fb4, 0xce6ea048,
272 0x6f3f3b82, 0x3520ab82, 0x011a1d4b, 0x277227f8,
273 0x611560b1, 0xe7933fdc, 0xbb3a792b, 0x344525bd,
274 0xa08839e1, 0x51ce794b, 0x2f32c9b7, 0xa01fbac9,
275 0xe01cc87e, 0xbcc7d1f6, 0xcf0111c3, 0xa1e8aac7,
276 0x1a908749, 0xd44fbd9a, 0xd0dadecb, 0xd50ada38,
277 0x0339c32a, 0xc6913667, 0x8df9317c, 0xe0b12b4f,
278 0xf79e59b7, 0x43f5bb3a, 0xf2d519ff, 0x27d9459c,
279 0xbf97222c, 0x15e6fc2a, 0x0f91fc71, 0x9b941525,
280 0xfae59361, 0xceb69ceb, 0xc2a86459, 0x12baa8d1,
281 0xb6c1075e, 0xe3056a0c, 0x10d25065, 0xcb03a442,
282 0xe0ec6e0e, 0x1698db3b, 0x4c98a0be, 0x3278e964,
283 0x9f1f9532, 0xe0d392df, 0xd3a0342b, 0x8971f21e,
284 0x1b0a7441, 0x4ba3348c, 0xc5be7120, 0xc37632d8,
285 0xdf359f8d, 0x9b992f2e, 0xe60b6f47, 0x0fe3f11d,
286 0xe54cda54, 0x1edad891, 0xce6279cf, 0xcd3e7e6f,
287 0x1618b166, 0xfd2c1d05, 0x848fd2c5, 0xf6fb2299,
288 0xf523f357, 0xa6327623, 0x93a83531, 0x56cccd02,
289 0xacf08162, 0x5a75ebb5, 0x6e163697, 0x88d273cc,
290 0xde966292, 0x81b949d0, 0x4c50901b, 0x71c65614,
291 0xe6c6c7bd, 0x327a140a, 0x45e1d006, 0xc3f27b9a,
292 0xc9aa53fd, 0x62a80f00, 0xbb25bfe2, 0x35bdd2f6,
293 0x71126905, 0xb2040222, 0xb6cbcf7c, 0xcd769c2b,
294 0x53113ec0, 0x1640e3d3, 0x38abbd60, 0x2547adf0,
295 0xba38209c, 0xf746ce76, 0x77afa1c5, 0x20756060,
296 0x85cbfe4e, 0x8ae88dd8, 0x7aaaf9b0, 0x4cf9aa7e,
297 0x1948c25c, 0x02fb8a8c, 0x01c36ae4, 0xd6ebe1f9,
298 0x90d4f869, 0xa65cdea0, 0x3f09252d, 0xc208e69f,
299 0xb74e6132, 0xce77e25b, 0x578fdfe3, 0x3ac372e6,
300};
301
302/*
303 * Round loop unrolling macros, S is a pointer to a S-Box array
304 * organized in 4 unsigned longs at a row.
305 */
306#define GET32_3(x) (((x) & 0xff))
307#define GET32_2(x) (((x) >> (8)) & (0xff))
308#define GET32_1(x) (((x) >> (16)) & (0xff))
309#define GET32_0(x) (((x) >> (24)) & (0xff))
310
311#define bf_F(x) (((S[GET32_0(x)] + S[256 + GET32_1(x)]) ^ \
312 S[512 + GET32_2(x)]) + S[768 + GET32_3(x)])
313
314#define ROUND(a, b, n) b ^= P[n]; a ^= bf_F (b)
315
316/*
317 * The blowfish encipher, processes 64-bit blocks.
318 * NOTE: This function MUSTN'T respect endianess
319 */
320static void encrypt_block(struct bf_ctx *bctx, u32 *dst, u32 *src)
321{
322 const u32 *P = bctx->p;
323 const u32 *S = bctx->s;
324 u32 yl = src[0];
325 u32 yr = src[1];
326
327 ROUND(yr, yl, 0);
328 ROUND(yl, yr, 1);
329 ROUND(yr, yl, 2);
330 ROUND(yl, yr, 3);
331 ROUND(yr, yl, 4);
332 ROUND(yl, yr, 5);
333 ROUND(yr, yl, 6);
334 ROUND(yl, yr, 7);
335 ROUND(yr, yl, 8);
336 ROUND(yl, yr, 9);
337 ROUND(yr, yl, 10);
338 ROUND(yl, yr, 11);
339 ROUND(yr, yl, 12);
340 ROUND(yl, yr, 13);
341 ROUND(yr, yl, 14);
342 ROUND(yl, yr, 15);
343
344 yl ^= P[16];
345 yr ^= P[17];
346
347 dst[0] = yr;
348 dst[1] = yl;
349}
350
351static void bf_encrypt(struct crypto_tfm *tfm, u8 *dst, const u8 *src)
352{
353 const __be32 *in_blk = (const __be32 *)src;
354 __be32 *const out_blk = (__be32 *)dst;
355 u32 in32[2], out32[2];
356
357 in32[0] = be32_to_cpu(in_blk[0]);
358 in32[1] = be32_to_cpu(in_blk[1]);
359 encrypt_block(crypto_tfm_ctx(tfm), out32, in32);
360 out_blk[0] = cpu_to_be32(out32[0]);
361 out_blk[1] = cpu_to_be32(out32[1]);
362}
363
364static void bf_decrypt(struct crypto_tfm *tfm, u8 *dst, const u8 *src)
365{
366 struct bf_ctx *ctx = crypto_tfm_ctx(tfm);
367 const __be32 *in_blk = (const __be32 *)src;
368 __be32 *const out_blk = (__be32 *)dst;
369 const u32 *P = ctx->p;
370 const u32 *S = ctx->s;
371 u32 yl = be32_to_cpu(in_blk[0]);
372 u32 yr = be32_to_cpu(in_blk[1]);
373
374 ROUND(yr, yl, 17);
375 ROUND(yl, yr, 16);
376 ROUND(yr, yl, 15);
377 ROUND(yl, yr, 14);
378 ROUND(yr, yl, 13);
379 ROUND(yl, yr, 12);
380 ROUND(yr, yl, 11);
381 ROUND(yl, yr, 10);
382 ROUND(yr, yl, 9);
383 ROUND(yl, yr, 8);
384 ROUND(yr, yl, 7);
385 ROUND(yl, yr, 6);
386 ROUND(yr, yl, 5);
387 ROUND(yl, yr, 4);
388 ROUND(yr, yl, 3);
389 ROUND(yl, yr, 2);
390
391 yl ^= P[1];
392 yr ^= P[0];
393
394 out_blk[0] = cpu_to_be32(yr);
395 out_blk[1] = cpu_to_be32(yl);
396}
397
398/*
399 * Calculates the blowfish S and P boxes for encryption and decryption.
400 */
401static int bf_setkey(struct crypto_tfm *tfm, const u8 *key, unsigned int keylen)
402{
403 struct bf_ctx *ctx = crypto_tfm_ctx(tfm);
404 u32 *P = ctx->p;
405 u32 *S = ctx->s;
406 short i, j, count;
407 u32 data[2], temp;
408
409 /* Copy the initialization s-boxes */
410 for (i = 0, count = 0; i < 256; i++)
411 for (j = 0; j < 4; j++, count++)
412 S[count] = bf_sbox[count];
413
414 /* Set the p-boxes */
415 for (i = 0; i < 16 + 2; i++)
416 P[i] = bf_pbox[i];
417
418 /* Actual subkey generation */
419 for (j = 0, i = 0; i < 16 + 2; i++) {
420 temp = (((u32)key[j] << 24) |
421 ((u32)key[(j + 1) % keylen] << 16) |
422 ((u32)key[(j + 2) % keylen] << 8) |
423 ((u32)key[(j + 3) % keylen]));
424
425 P[i] = P[i] ^ temp;
426 j = (j + 4) % keylen;
427 }
428
429 data[0] = 0x00000000;
430 data[1] = 0x00000000;
431
432 for (i = 0; i < 16 + 2; i += 2) {
433 encrypt_block((struct bf_ctx *)ctx, data, data);
434
435 P[i] = data[0];
436 P[i + 1] = data[1];
437 }
438
439 for (i = 0; i < 4; i++) {
440 for (j = 0, count = i * 256; j < 256; j += 2, count += 2) {
441 encrypt_block((struct bf_ctx *)ctx, data, data);
442
443 S[count] = data[0];
444 S[count + 1] = data[1];
445 }
446 }
447
448 /* Bruce says not to bother with the weak key check. */
449 return 0;
450}
451
452static struct crypto_alg alg = {
453 .cra_name = "blowfish",
454 .cra_flags = CRYPTO_ALG_TYPE_CIPHER,
455 .cra_blocksize = BF_BLOCK_SIZE,
456 .cra_ctxsize = sizeof(struct bf_ctx),
457 .cra_alignmask = 3,
458 .cra_module = THIS_MODULE,
459 .cra_list = LIST_HEAD_INIT(alg.cra_list),
460 .cra_u = { .cipher = {
461 .cia_min_keysize = BF_MIN_KEY_SIZE,
462 .cia_max_keysize = BF_MAX_KEY_SIZE,
463 .cia_setkey = bf_setkey,
464 .cia_encrypt = bf_encrypt,
465 .cia_decrypt = bf_decrypt } }
466};
467
468static int __init blowfish_mod_init(void)
469{
470 return crypto_register_alg(&alg);
471}
472
473static void __exit blowfish_mod_fini(void)
474{
475 crypto_unregister_alg(&alg);
476}
477
478module_init(blowfish_mod_init);
479module_exit(blowfish_mod_fini);
480
481MODULE_LICENSE("GPL");
482MODULE_DESCRIPTION("Blowfish Cipher Algorithm");
diff --git a/crypto/camellia.c b/crypto/camellia.c
new file mode 100644
index 00000000000..64cff46ea5e
--- /dev/null
+++ b/crypto/camellia.c
@@ -0,0 +1,1116 @@
1/*
2 * Copyright (C) 2006
3 * NTT (Nippon Telegraph and Telephone Corporation).
4 *
5 * This program is free software; you can redistribute it and/or
6 * modify it under the terms of the GNU General Public License
7 * as published by the Free Software Foundation; either version 2
8 * of the License, or (at your option) any later version.
9 *
10 * This program is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 * GNU General Public License for more details.
14 *
15 * You should have received a copy of the GNU General Public License
16 * along with this program; if not, write to the Free Software
17 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
18 */
19
20/*
21 * Algorithm Specification
22 * http://info.isl.ntt.co.jp/crypt/eng/camellia/specifications.html
23 */
24
25/*
26 *
27 * NOTE --- NOTE --- NOTE --- NOTE
28 * This implementation assumes that all memory addresses passed
29 * as parameters are four-byte aligned.
30 *
31 */
32
33#include <linux/crypto.h>
34#include <linux/errno.h>
35#include <linux/init.h>
36#include <linux/kernel.h>
37#include <linux/module.h>
38#include <linux/bitops.h>
39#include <asm/unaligned.h>
40
41static const u32 camellia_sp1110[256] = {
42 0x70707000, 0x82828200, 0x2c2c2c00, 0xececec00,
43 0xb3b3b300, 0x27272700, 0xc0c0c000, 0xe5e5e500,
44 0xe4e4e400, 0x85858500, 0x57575700, 0x35353500,
45 0xeaeaea00, 0x0c0c0c00, 0xaeaeae00, 0x41414100,
46 0x23232300, 0xefefef00, 0x6b6b6b00, 0x93939300,
47 0x45454500, 0x19191900, 0xa5a5a500, 0x21212100,
48 0xededed00, 0x0e0e0e00, 0x4f4f4f00, 0x4e4e4e00,
49 0x1d1d1d00, 0x65656500, 0x92929200, 0xbdbdbd00,
50 0x86868600, 0xb8b8b800, 0xafafaf00, 0x8f8f8f00,
51 0x7c7c7c00, 0xebebeb00, 0x1f1f1f00, 0xcecece00,
52 0x3e3e3e00, 0x30303000, 0xdcdcdc00, 0x5f5f5f00,
53 0x5e5e5e00, 0xc5c5c500, 0x0b0b0b00, 0x1a1a1a00,
54 0xa6a6a600, 0xe1e1e100, 0x39393900, 0xcacaca00,
55 0xd5d5d500, 0x47474700, 0x5d5d5d00, 0x3d3d3d00,
56 0xd9d9d900, 0x01010100, 0x5a5a5a00, 0xd6d6d600,
57 0x51515100, 0x56565600, 0x6c6c6c00, 0x4d4d4d00,
58 0x8b8b8b00, 0x0d0d0d00, 0x9a9a9a00, 0x66666600,
59 0xfbfbfb00, 0xcccccc00, 0xb0b0b000, 0x2d2d2d00,
60 0x74747400, 0x12121200, 0x2b2b2b00, 0x20202000,
61 0xf0f0f000, 0xb1b1b100, 0x84848400, 0x99999900,
62 0xdfdfdf00, 0x4c4c4c00, 0xcbcbcb00, 0xc2c2c200,
63 0x34343400, 0x7e7e7e00, 0x76767600, 0x05050500,
64 0x6d6d6d00, 0xb7b7b700, 0xa9a9a900, 0x31313100,
65 0xd1d1d100, 0x17171700, 0x04040400, 0xd7d7d700,
66 0x14141400, 0x58585800, 0x3a3a3a00, 0x61616100,
67 0xdedede00, 0x1b1b1b00, 0x11111100, 0x1c1c1c00,
68 0x32323200, 0x0f0f0f00, 0x9c9c9c00, 0x16161600,
69 0x53535300, 0x18181800, 0xf2f2f200, 0x22222200,
70 0xfefefe00, 0x44444400, 0xcfcfcf00, 0xb2b2b200,
71 0xc3c3c300, 0xb5b5b500, 0x7a7a7a00, 0x91919100,
72 0x24242400, 0x08080800, 0xe8e8e800, 0xa8a8a800,
73 0x60606000, 0xfcfcfc00, 0x69696900, 0x50505000,
74 0xaaaaaa00, 0xd0d0d000, 0xa0a0a000, 0x7d7d7d00,
75 0xa1a1a100, 0x89898900, 0x62626200, 0x97979700,
76 0x54545400, 0x5b5b5b00, 0x1e1e1e00, 0x95959500,
77 0xe0e0e000, 0xffffff00, 0x64646400, 0xd2d2d200,
78 0x10101000, 0xc4c4c400, 0x00000000, 0x48484800,
79 0xa3a3a300, 0xf7f7f700, 0x75757500, 0xdbdbdb00,
80 0x8a8a8a00, 0x03030300, 0xe6e6e600, 0xdadada00,
81 0x09090900, 0x3f3f3f00, 0xdddddd00, 0x94949400,
82 0x87878700, 0x5c5c5c00, 0x83838300, 0x02020200,
83 0xcdcdcd00, 0x4a4a4a00, 0x90909000, 0x33333300,
84 0x73737300, 0x67676700, 0xf6f6f600, 0xf3f3f300,
85 0x9d9d9d00, 0x7f7f7f00, 0xbfbfbf00, 0xe2e2e200,
86 0x52525200, 0x9b9b9b00, 0xd8d8d800, 0x26262600,
87 0xc8c8c800, 0x37373700, 0xc6c6c600, 0x3b3b3b00,
88 0x81818100, 0x96969600, 0x6f6f6f00, 0x4b4b4b00,
89 0x13131300, 0xbebebe00, 0x63636300, 0x2e2e2e00,
90 0xe9e9e900, 0x79797900, 0xa7a7a700, 0x8c8c8c00,
91 0x9f9f9f00, 0x6e6e6e00, 0xbcbcbc00, 0x8e8e8e00,
92 0x29292900, 0xf5f5f500, 0xf9f9f900, 0xb6b6b600,
93 0x2f2f2f00, 0xfdfdfd00, 0xb4b4b400, 0x59595900,
94 0x78787800, 0x98989800, 0x06060600, 0x6a6a6a00,
95 0xe7e7e700, 0x46464600, 0x71717100, 0xbababa00,
96 0xd4d4d400, 0x25252500, 0xababab00, 0x42424200,
97 0x88888800, 0xa2a2a200, 0x8d8d8d00, 0xfafafa00,
98 0x72727200, 0x07070700, 0xb9b9b900, 0x55555500,
99 0xf8f8f800, 0xeeeeee00, 0xacacac00, 0x0a0a0a00,
100 0x36363600, 0x49494900, 0x2a2a2a00, 0x68686800,
101 0x3c3c3c00, 0x38383800, 0xf1f1f100, 0xa4a4a400,
102 0x40404000, 0x28282800, 0xd3d3d300, 0x7b7b7b00,
103 0xbbbbbb00, 0xc9c9c900, 0x43434300, 0xc1c1c100,
104 0x15151500, 0xe3e3e300, 0xadadad00, 0xf4f4f400,
105 0x77777700, 0xc7c7c700, 0x80808000, 0x9e9e9e00,
106};
107
108static const u32 camellia_sp0222[256] = {
109 0x00e0e0e0, 0x00050505, 0x00585858, 0x00d9d9d9,
110 0x00676767, 0x004e4e4e, 0x00818181, 0x00cbcbcb,
111 0x00c9c9c9, 0x000b0b0b, 0x00aeaeae, 0x006a6a6a,
112 0x00d5d5d5, 0x00181818, 0x005d5d5d, 0x00828282,
113 0x00464646, 0x00dfdfdf, 0x00d6d6d6, 0x00272727,
114 0x008a8a8a, 0x00323232, 0x004b4b4b, 0x00424242,
115 0x00dbdbdb, 0x001c1c1c, 0x009e9e9e, 0x009c9c9c,
116 0x003a3a3a, 0x00cacaca, 0x00252525, 0x007b7b7b,
117 0x000d0d0d, 0x00717171, 0x005f5f5f, 0x001f1f1f,
118 0x00f8f8f8, 0x00d7d7d7, 0x003e3e3e, 0x009d9d9d,
119 0x007c7c7c, 0x00606060, 0x00b9b9b9, 0x00bebebe,
120 0x00bcbcbc, 0x008b8b8b, 0x00161616, 0x00343434,
121 0x004d4d4d, 0x00c3c3c3, 0x00727272, 0x00959595,
122 0x00ababab, 0x008e8e8e, 0x00bababa, 0x007a7a7a,
123 0x00b3b3b3, 0x00020202, 0x00b4b4b4, 0x00adadad,
124 0x00a2a2a2, 0x00acacac, 0x00d8d8d8, 0x009a9a9a,
125 0x00171717, 0x001a1a1a, 0x00353535, 0x00cccccc,
126 0x00f7f7f7, 0x00999999, 0x00616161, 0x005a5a5a,
127 0x00e8e8e8, 0x00242424, 0x00565656, 0x00404040,
128 0x00e1e1e1, 0x00636363, 0x00090909, 0x00333333,
129 0x00bfbfbf, 0x00989898, 0x00979797, 0x00858585,
130 0x00686868, 0x00fcfcfc, 0x00ececec, 0x000a0a0a,
131 0x00dadada, 0x006f6f6f, 0x00535353, 0x00626262,
132 0x00a3a3a3, 0x002e2e2e, 0x00080808, 0x00afafaf,
133 0x00282828, 0x00b0b0b0, 0x00747474, 0x00c2c2c2,
134 0x00bdbdbd, 0x00363636, 0x00222222, 0x00383838,
135 0x00646464, 0x001e1e1e, 0x00393939, 0x002c2c2c,
136 0x00a6a6a6, 0x00303030, 0x00e5e5e5, 0x00444444,
137 0x00fdfdfd, 0x00888888, 0x009f9f9f, 0x00656565,
138 0x00878787, 0x006b6b6b, 0x00f4f4f4, 0x00232323,
139 0x00484848, 0x00101010, 0x00d1d1d1, 0x00515151,
140 0x00c0c0c0, 0x00f9f9f9, 0x00d2d2d2, 0x00a0a0a0,
141 0x00555555, 0x00a1a1a1, 0x00414141, 0x00fafafa,
142 0x00434343, 0x00131313, 0x00c4c4c4, 0x002f2f2f,
143 0x00a8a8a8, 0x00b6b6b6, 0x003c3c3c, 0x002b2b2b,
144 0x00c1c1c1, 0x00ffffff, 0x00c8c8c8, 0x00a5a5a5,
145 0x00202020, 0x00898989, 0x00000000, 0x00909090,
146 0x00474747, 0x00efefef, 0x00eaeaea, 0x00b7b7b7,
147 0x00151515, 0x00060606, 0x00cdcdcd, 0x00b5b5b5,
148 0x00121212, 0x007e7e7e, 0x00bbbbbb, 0x00292929,
149 0x000f0f0f, 0x00b8b8b8, 0x00070707, 0x00040404,
150 0x009b9b9b, 0x00949494, 0x00212121, 0x00666666,
151 0x00e6e6e6, 0x00cecece, 0x00ededed, 0x00e7e7e7,
152 0x003b3b3b, 0x00fefefe, 0x007f7f7f, 0x00c5c5c5,
153 0x00a4a4a4, 0x00373737, 0x00b1b1b1, 0x004c4c4c,
154 0x00919191, 0x006e6e6e, 0x008d8d8d, 0x00767676,
155 0x00030303, 0x002d2d2d, 0x00dedede, 0x00969696,
156 0x00262626, 0x007d7d7d, 0x00c6c6c6, 0x005c5c5c,
157 0x00d3d3d3, 0x00f2f2f2, 0x004f4f4f, 0x00191919,
158 0x003f3f3f, 0x00dcdcdc, 0x00797979, 0x001d1d1d,
159 0x00525252, 0x00ebebeb, 0x00f3f3f3, 0x006d6d6d,
160 0x005e5e5e, 0x00fbfbfb, 0x00696969, 0x00b2b2b2,
161 0x00f0f0f0, 0x00313131, 0x000c0c0c, 0x00d4d4d4,
162 0x00cfcfcf, 0x008c8c8c, 0x00e2e2e2, 0x00757575,
163 0x00a9a9a9, 0x004a4a4a, 0x00575757, 0x00848484,
164 0x00111111, 0x00454545, 0x001b1b1b, 0x00f5f5f5,
165 0x00e4e4e4, 0x000e0e0e, 0x00737373, 0x00aaaaaa,
166 0x00f1f1f1, 0x00dddddd, 0x00595959, 0x00141414,
167 0x006c6c6c, 0x00929292, 0x00545454, 0x00d0d0d0,
168 0x00787878, 0x00707070, 0x00e3e3e3, 0x00494949,
169 0x00808080, 0x00505050, 0x00a7a7a7, 0x00f6f6f6,
170 0x00777777, 0x00939393, 0x00868686, 0x00838383,
171 0x002a2a2a, 0x00c7c7c7, 0x005b5b5b, 0x00e9e9e9,
172 0x00eeeeee, 0x008f8f8f, 0x00010101, 0x003d3d3d,
173};
174
175static const u32 camellia_sp3033[256] = {
176 0x38003838, 0x41004141, 0x16001616, 0x76007676,
177 0xd900d9d9, 0x93009393, 0x60006060, 0xf200f2f2,
178 0x72007272, 0xc200c2c2, 0xab00abab, 0x9a009a9a,
179 0x75007575, 0x06000606, 0x57005757, 0xa000a0a0,
180 0x91009191, 0xf700f7f7, 0xb500b5b5, 0xc900c9c9,
181 0xa200a2a2, 0x8c008c8c, 0xd200d2d2, 0x90009090,
182 0xf600f6f6, 0x07000707, 0xa700a7a7, 0x27002727,
183 0x8e008e8e, 0xb200b2b2, 0x49004949, 0xde00dede,
184 0x43004343, 0x5c005c5c, 0xd700d7d7, 0xc700c7c7,
185 0x3e003e3e, 0xf500f5f5, 0x8f008f8f, 0x67006767,
186 0x1f001f1f, 0x18001818, 0x6e006e6e, 0xaf00afaf,
187 0x2f002f2f, 0xe200e2e2, 0x85008585, 0x0d000d0d,
188 0x53005353, 0xf000f0f0, 0x9c009c9c, 0x65006565,
189 0xea00eaea, 0xa300a3a3, 0xae00aeae, 0x9e009e9e,
190 0xec00ecec, 0x80008080, 0x2d002d2d, 0x6b006b6b,
191 0xa800a8a8, 0x2b002b2b, 0x36003636, 0xa600a6a6,
192 0xc500c5c5, 0x86008686, 0x4d004d4d, 0x33003333,
193 0xfd00fdfd, 0x66006666, 0x58005858, 0x96009696,
194 0x3a003a3a, 0x09000909, 0x95009595, 0x10001010,
195 0x78007878, 0xd800d8d8, 0x42004242, 0xcc00cccc,
196 0xef00efef, 0x26002626, 0xe500e5e5, 0x61006161,
197 0x1a001a1a, 0x3f003f3f, 0x3b003b3b, 0x82008282,
198 0xb600b6b6, 0xdb00dbdb, 0xd400d4d4, 0x98009898,
199 0xe800e8e8, 0x8b008b8b, 0x02000202, 0xeb00ebeb,
200 0x0a000a0a, 0x2c002c2c, 0x1d001d1d, 0xb000b0b0,
201 0x6f006f6f, 0x8d008d8d, 0x88008888, 0x0e000e0e,
202 0x19001919, 0x87008787, 0x4e004e4e, 0x0b000b0b,
203 0xa900a9a9, 0x0c000c0c, 0x79007979, 0x11001111,
204 0x7f007f7f, 0x22002222, 0xe700e7e7, 0x59005959,
205 0xe100e1e1, 0xda00dada, 0x3d003d3d, 0xc800c8c8,
206 0x12001212, 0x04000404, 0x74007474, 0x54005454,
207 0x30003030, 0x7e007e7e, 0xb400b4b4, 0x28002828,
208 0x55005555, 0x68006868, 0x50005050, 0xbe00bebe,
209 0xd000d0d0, 0xc400c4c4, 0x31003131, 0xcb00cbcb,
210 0x2a002a2a, 0xad00adad, 0x0f000f0f, 0xca00caca,
211 0x70007070, 0xff00ffff, 0x32003232, 0x69006969,
212 0x08000808, 0x62006262, 0x00000000, 0x24002424,
213 0xd100d1d1, 0xfb00fbfb, 0xba00baba, 0xed00eded,
214 0x45004545, 0x81008181, 0x73007373, 0x6d006d6d,
215 0x84008484, 0x9f009f9f, 0xee00eeee, 0x4a004a4a,
216 0xc300c3c3, 0x2e002e2e, 0xc100c1c1, 0x01000101,
217 0xe600e6e6, 0x25002525, 0x48004848, 0x99009999,
218 0xb900b9b9, 0xb300b3b3, 0x7b007b7b, 0xf900f9f9,
219 0xce00cece, 0xbf00bfbf, 0xdf00dfdf, 0x71007171,
220 0x29002929, 0xcd00cdcd, 0x6c006c6c, 0x13001313,
221 0x64006464, 0x9b009b9b, 0x63006363, 0x9d009d9d,
222 0xc000c0c0, 0x4b004b4b, 0xb700b7b7, 0xa500a5a5,
223 0x89008989, 0x5f005f5f, 0xb100b1b1, 0x17001717,
224 0xf400f4f4, 0xbc00bcbc, 0xd300d3d3, 0x46004646,
225 0xcf00cfcf, 0x37003737, 0x5e005e5e, 0x47004747,
226 0x94009494, 0xfa00fafa, 0xfc00fcfc, 0x5b005b5b,
227 0x97009797, 0xfe00fefe, 0x5a005a5a, 0xac00acac,
228 0x3c003c3c, 0x4c004c4c, 0x03000303, 0x35003535,
229 0xf300f3f3, 0x23002323, 0xb800b8b8, 0x5d005d5d,
230 0x6a006a6a, 0x92009292, 0xd500d5d5, 0x21002121,
231 0x44004444, 0x51005151, 0xc600c6c6, 0x7d007d7d,
232 0x39003939, 0x83008383, 0xdc00dcdc, 0xaa00aaaa,
233 0x7c007c7c, 0x77007777, 0x56005656, 0x05000505,
234 0x1b001b1b, 0xa400a4a4, 0x15001515, 0x34003434,
235 0x1e001e1e, 0x1c001c1c, 0xf800f8f8, 0x52005252,
236 0x20002020, 0x14001414, 0xe900e9e9, 0xbd00bdbd,
237 0xdd00dddd, 0xe400e4e4, 0xa100a1a1, 0xe000e0e0,
238 0x8a008a8a, 0xf100f1f1, 0xd600d6d6, 0x7a007a7a,
239 0xbb00bbbb, 0xe300e3e3, 0x40004040, 0x4f004f4f,
240};
241
242static const u32 camellia_sp4404[256] = {
243 0x70700070, 0x2c2c002c, 0xb3b300b3, 0xc0c000c0,
244 0xe4e400e4, 0x57570057, 0xeaea00ea, 0xaeae00ae,
245 0x23230023, 0x6b6b006b, 0x45450045, 0xa5a500a5,
246 0xeded00ed, 0x4f4f004f, 0x1d1d001d, 0x92920092,
247 0x86860086, 0xafaf00af, 0x7c7c007c, 0x1f1f001f,
248 0x3e3e003e, 0xdcdc00dc, 0x5e5e005e, 0x0b0b000b,
249 0xa6a600a6, 0x39390039, 0xd5d500d5, 0x5d5d005d,
250 0xd9d900d9, 0x5a5a005a, 0x51510051, 0x6c6c006c,
251 0x8b8b008b, 0x9a9a009a, 0xfbfb00fb, 0xb0b000b0,
252 0x74740074, 0x2b2b002b, 0xf0f000f0, 0x84840084,
253 0xdfdf00df, 0xcbcb00cb, 0x34340034, 0x76760076,
254 0x6d6d006d, 0xa9a900a9, 0xd1d100d1, 0x04040004,
255 0x14140014, 0x3a3a003a, 0xdede00de, 0x11110011,
256 0x32320032, 0x9c9c009c, 0x53530053, 0xf2f200f2,
257 0xfefe00fe, 0xcfcf00cf, 0xc3c300c3, 0x7a7a007a,
258 0x24240024, 0xe8e800e8, 0x60600060, 0x69690069,
259 0xaaaa00aa, 0xa0a000a0, 0xa1a100a1, 0x62620062,
260 0x54540054, 0x1e1e001e, 0xe0e000e0, 0x64640064,
261 0x10100010, 0x00000000, 0xa3a300a3, 0x75750075,
262 0x8a8a008a, 0xe6e600e6, 0x09090009, 0xdddd00dd,
263 0x87870087, 0x83830083, 0xcdcd00cd, 0x90900090,
264 0x73730073, 0xf6f600f6, 0x9d9d009d, 0xbfbf00bf,
265 0x52520052, 0xd8d800d8, 0xc8c800c8, 0xc6c600c6,
266 0x81810081, 0x6f6f006f, 0x13130013, 0x63630063,
267 0xe9e900e9, 0xa7a700a7, 0x9f9f009f, 0xbcbc00bc,
268 0x29290029, 0xf9f900f9, 0x2f2f002f, 0xb4b400b4,
269 0x78780078, 0x06060006, 0xe7e700e7, 0x71710071,
270 0xd4d400d4, 0xabab00ab, 0x88880088, 0x8d8d008d,
271 0x72720072, 0xb9b900b9, 0xf8f800f8, 0xacac00ac,
272 0x36360036, 0x2a2a002a, 0x3c3c003c, 0xf1f100f1,
273 0x40400040, 0xd3d300d3, 0xbbbb00bb, 0x43430043,
274 0x15150015, 0xadad00ad, 0x77770077, 0x80800080,
275 0x82820082, 0xecec00ec, 0x27270027, 0xe5e500e5,
276 0x85850085, 0x35350035, 0x0c0c000c, 0x41410041,
277 0xefef00ef, 0x93930093, 0x19190019, 0x21210021,
278 0x0e0e000e, 0x4e4e004e, 0x65650065, 0xbdbd00bd,
279 0xb8b800b8, 0x8f8f008f, 0xebeb00eb, 0xcece00ce,
280 0x30300030, 0x5f5f005f, 0xc5c500c5, 0x1a1a001a,
281 0xe1e100e1, 0xcaca00ca, 0x47470047, 0x3d3d003d,
282 0x01010001, 0xd6d600d6, 0x56560056, 0x4d4d004d,
283 0x0d0d000d, 0x66660066, 0xcccc00cc, 0x2d2d002d,
284 0x12120012, 0x20200020, 0xb1b100b1, 0x99990099,
285 0x4c4c004c, 0xc2c200c2, 0x7e7e007e, 0x05050005,
286 0xb7b700b7, 0x31310031, 0x17170017, 0xd7d700d7,
287 0x58580058, 0x61610061, 0x1b1b001b, 0x1c1c001c,
288 0x0f0f000f, 0x16160016, 0x18180018, 0x22220022,
289 0x44440044, 0xb2b200b2, 0xb5b500b5, 0x91910091,
290 0x08080008, 0xa8a800a8, 0xfcfc00fc, 0x50500050,
291 0xd0d000d0, 0x7d7d007d, 0x89890089, 0x97970097,
292 0x5b5b005b, 0x95950095, 0xffff00ff, 0xd2d200d2,
293 0xc4c400c4, 0x48480048, 0xf7f700f7, 0xdbdb00db,
294 0x03030003, 0xdada00da, 0x3f3f003f, 0x94940094,
295 0x5c5c005c, 0x02020002, 0x4a4a004a, 0x33330033,
296 0x67670067, 0xf3f300f3, 0x7f7f007f, 0xe2e200e2,
297 0x9b9b009b, 0x26260026, 0x37370037, 0x3b3b003b,
298 0x96960096, 0x4b4b004b, 0xbebe00be, 0x2e2e002e,
299 0x79790079, 0x8c8c008c, 0x6e6e006e, 0x8e8e008e,
300 0xf5f500f5, 0xb6b600b6, 0xfdfd00fd, 0x59590059,
301 0x98980098, 0x6a6a006a, 0x46460046, 0xbaba00ba,
302 0x25250025, 0x42420042, 0xa2a200a2, 0xfafa00fa,
303 0x07070007, 0x55550055, 0xeeee00ee, 0x0a0a000a,
304 0x49490049, 0x68680068, 0x38380038, 0xa4a400a4,
305 0x28280028, 0x7b7b007b, 0xc9c900c9, 0xc1c100c1,
306 0xe3e300e3, 0xf4f400f4, 0xc7c700c7, 0x9e9e009e,
307};
308
309
310#define CAMELLIA_MIN_KEY_SIZE 16
311#define CAMELLIA_MAX_KEY_SIZE 32
312#define CAMELLIA_BLOCK_SIZE 16
313#define CAMELLIA_TABLE_BYTE_LEN 272
314
315/*
316 * NB: L and R below stand for 'left' and 'right' as in written numbers.
317 * That is, in (xxxL,xxxR) pair xxxL holds most significant digits,
318 * _not_ least significant ones!
319 */
320
321
322/* key constants */
323
324#define CAMELLIA_SIGMA1L (0xA09E667FL)
325#define CAMELLIA_SIGMA1R (0x3BCC908BL)
326#define CAMELLIA_SIGMA2L (0xB67AE858L)
327#define CAMELLIA_SIGMA2R (0x4CAA73B2L)
328#define CAMELLIA_SIGMA3L (0xC6EF372FL)
329#define CAMELLIA_SIGMA3R (0xE94F82BEL)
330#define CAMELLIA_SIGMA4L (0x54FF53A5L)
331#define CAMELLIA_SIGMA4R (0xF1D36F1CL)
332#define CAMELLIA_SIGMA5L (0x10E527FAL)
333#define CAMELLIA_SIGMA5R (0xDE682D1DL)
334#define CAMELLIA_SIGMA6L (0xB05688C2L)
335#define CAMELLIA_SIGMA6R (0xB3E6C1FDL)
336
337/*
338 * macros
339 */
340#define ROLDQ(ll, lr, rl, rr, w0, w1, bits) \
341 do { \
342 w0 = ll; \
343 ll = (ll << bits) + (lr >> (32 - bits)); \
344 lr = (lr << bits) + (rl >> (32 - bits)); \
345 rl = (rl << bits) + (rr >> (32 - bits)); \
346 rr = (rr << bits) + (w0 >> (32 - bits)); \
347 } while (0)
348
349#define ROLDQo32(ll, lr, rl, rr, w0, w1, bits) \
350 do { \
351 w0 = ll; \
352 w1 = lr; \
353 ll = (lr << (bits - 32)) + (rl >> (64 - bits)); \
354 lr = (rl << (bits - 32)) + (rr >> (64 - bits)); \
355 rl = (rr << (bits - 32)) + (w0 >> (64 - bits)); \
356 rr = (w0 << (bits - 32)) + (w1 >> (64 - bits)); \
357 } while (0)
358
359#define CAMELLIA_F(xl, xr, kl, kr, yl, yr, il, ir, t0, t1) \
360 do { \
361 il = xl ^ kl; \
362 ir = xr ^ kr; \
363 t0 = il >> 16; \
364 t1 = ir >> 16; \
365 yl = camellia_sp1110[(u8)(ir )] \
366 ^ camellia_sp0222[ (t1 >> 8)] \
367 ^ camellia_sp3033[(u8)(t1 )] \
368 ^ camellia_sp4404[(u8)(ir >> 8)]; \
369 yr = camellia_sp1110[ (t0 >> 8)] \
370 ^ camellia_sp0222[(u8)(t0 )] \
371 ^ camellia_sp3033[(u8)(il >> 8)] \
372 ^ camellia_sp4404[(u8)(il )]; \
373 yl ^= yr; \
374 yr = ror32(yr, 8); \
375 yr ^= yl; \
376 } while (0)
377
378#define SUBKEY_L(INDEX) (subkey[(INDEX)*2])
379#define SUBKEY_R(INDEX) (subkey[(INDEX)*2 + 1])
380
381static void camellia_setup_tail(u32 *subkey, u32 *subL, u32 *subR, int max)
382{
383 u32 dw, tl, tr;
384 u32 kw4l, kw4r;
385 int i;
386
387 /* absorb kw2 to other subkeys */
388 /* round 2 */
389 subL[3] ^= subL[1]; subR[3] ^= subR[1];
390 /* round 4 */
391 subL[5] ^= subL[1]; subR[5] ^= subR[1];
392 /* round 6 */
393 subL[7] ^= subL[1]; subR[7] ^= subR[1];
394 subL[1] ^= subR[1] & ~subR[9];
395 dw = subL[1] & subL[9],
396 subR[1] ^= rol32(dw, 1); /* modified for FLinv(kl2) */
397 /* round 8 */
398 subL[11] ^= subL[1]; subR[11] ^= subR[1];
399 /* round 10 */
400 subL[13] ^= subL[1]; subR[13] ^= subR[1];
401 /* round 12 */
402 subL[15] ^= subL[1]; subR[15] ^= subR[1];
403 subL[1] ^= subR[1] & ~subR[17];
404 dw = subL[1] & subL[17],
405 subR[1] ^= rol32(dw, 1); /* modified for FLinv(kl4) */
406 /* round 14 */
407 subL[19] ^= subL[1]; subR[19] ^= subR[1];
408 /* round 16 */
409 subL[21] ^= subL[1]; subR[21] ^= subR[1];
410 /* round 18 */
411 subL[23] ^= subL[1]; subR[23] ^= subR[1];
412 if (max == 24) {
413 /* kw3 */
414 subL[24] ^= subL[1]; subR[24] ^= subR[1];
415
416 /* absorb kw4 to other subkeys */
417 kw4l = subL[25]; kw4r = subR[25];
418 } else {
419 subL[1] ^= subR[1] & ~subR[25];
420 dw = subL[1] & subL[25],
421 subR[1] ^= rol32(dw, 1); /* modified for FLinv(kl6) */
422 /* round 20 */
423 subL[27] ^= subL[1]; subR[27] ^= subR[1];
424 /* round 22 */
425 subL[29] ^= subL[1]; subR[29] ^= subR[1];
426 /* round 24 */
427 subL[31] ^= subL[1]; subR[31] ^= subR[1];
428 /* kw3 */
429 subL[32] ^= subL[1]; subR[32] ^= subR[1];
430
431 /* absorb kw4 to other subkeys */
432 kw4l = subL[33]; kw4r = subR[33];
433 /* round 23 */
434 subL[30] ^= kw4l; subR[30] ^= kw4r;
435 /* round 21 */
436 subL[28] ^= kw4l; subR[28] ^= kw4r;
437 /* round 19 */
438 subL[26] ^= kw4l; subR[26] ^= kw4r;
439 kw4l ^= kw4r & ~subR[24];
440 dw = kw4l & subL[24],
441 kw4r ^= rol32(dw, 1); /* modified for FL(kl5) */
442 }
443 /* round 17 */
444 subL[22] ^= kw4l; subR[22] ^= kw4r;
445 /* round 15 */
446 subL[20] ^= kw4l; subR[20] ^= kw4r;
447 /* round 13 */
448 subL[18] ^= kw4l; subR[18] ^= kw4r;
449 kw4l ^= kw4r & ~subR[16];
450 dw = kw4l & subL[16],
451 kw4r ^= rol32(dw, 1); /* modified for FL(kl3) */
452 /* round 11 */
453 subL[14] ^= kw4l; subR[14] ^= kw4r;
454 /* round 9 */
455 subL[12] ^= kw4l; subR[12] ^= kw4r;
456 /* round 7 */
457 subL[10] ^= kw4l; subR[10] ^= kw4r;
458 kw4l ^= kw4r & ~subR[8];
459 dw = kw4l & subL[8],
460 kw4r ^= rol32(dw, 1); /* modified for FL(kl1) */
461 /* round 5 */
462 subL[6] ^= kw4l; subR[6] ^= kw4r;
463 /* round 3 */
464 subL[4] ^= kw4l; subR[4] ^= kw4r;
465 /* round 1 */
466 subL[2] ^= kw4l; subR[2] ^= kw4r;
467 /* kw1 */
468 subL[0] ^= kw4l; subR[0] ^= kw4r;
469
470 /* key XOR is end of F-function */
471 SUBKEY_L(0) = subL[0] ^ subL[2];/* kw1 */
472 SUBKEY_R(0) = subR[0] ^ subR[2];
473 SUBKEY_L(2) = subL[3]; /* round 1 */
474 SUBKEY_R(2) = subR[3];
475 SUBKEY_L(3) = subL[2] ^ subL[4]; /* round 2 */
476 SUBKEY_R(3) = subR[2] ^ subR[4];
477 SUBKEY_L(4) = subL[3] ^ subL[5]; /* round 3 */
478 SUBKEY_R(4) = subR[3] ^ subR[5];
479 SUBKEY_L(5) = subL[4] ^ subL[6]; /* round 4 */
480 SUBKEY_R(5) = subR[4] ^ subR[6];
481 SUBKEY_L(6) = subL[5] ^ subL[7]; /* round 5 */
482 SUBKEY_R(6) = subR[5] ^ subR[7];
483 tl = subL[10] ^ (subR[10] & ~subR[8]);
484 dw = tl & subL[8], /* FL(kl1) */
485 tr = subR[10] ^ rol32(dw, 1);
486 SUBKEY_L(7) = subL[6] ^ tl; /* round 6 */
487 SUBKEY_R(7) = subR[6] ^ tr;
488 SUBKEY_L(8) = subL[8]; /* FL(kl1) */
489 SUBKEY_R(8) = subR[8];
490 SUBKEY_L(9) = subL[9]; /* FLinv(kl2) */
491 SUBKEY_R(9) = subR[9];
492 tl = subL[7] ^ (subR[7] & ~subR[9]);
493 dw = tl & subL[9], /* FLinv(kl2) */
494 tr = subR[7] ^ rol32(dw, 1);
495 SUBKEY_L(10) = tl ^ subL[11]; /* round 7 */
496 SUBKEY_R(10) = tr ^ subR[11];
497 SUBKEY_L(11) = subL[10] ^ subL[12]; /* round 8 */
498 SUBKEY_R(11) = subR[10] ^ subR[12];
499 SUBKEY_L(12) = subL[11] ^ subL[13]; /* round 9 */
500 SUBKEY_R(12) = subR[11] ^ subR[13];
501 SUBKEY_L(13) = subL[12] ^ subL[14]; /* round 10 */
502 SUBKEY_R(13) = subR[12] ^ subR[14];
503 SUBKEY_L(14) = subL[13] ^ subL[15]; /* round 11 */
504 SUBKEY_R(14) = subR[13] ^ subR[15];
505 tl = subL[18] ^ (subR[18] & ~subR[16]);
506 dw = tl & subL[16], /* FL(kl3) */
507 tr = subR[18] ^ rol32(dw, 1);
508 SUBKEY_L(15) = subL[14] ^ tl; /* round 12 */
509 SUBKEY_R(15) = subR[14] ^ tr;
510 SUBKEY_L(16) = subL[16]; /* FL(kl3) */
511 SUBKEY_R(16) = subR[16];
512 SUBKEY_L(17) = subL[17]; /* FLinv(kl4) */
513 SUBKEY_R(17) = subR[17];
514 tl = subL[15] ^ (subR[15] & ~subR[17]);
515 dw = tl & subL[17], /* FLinv(kl4) */
516 tr = subR[15] ^ rol32(dw, 1);
517 SUBKEY_L(18) = tl ^ subL[19]; /* round 13 */
518 SUBKEY_R(18) = tr ^ subR[19];
519 SUBKEY_L(19) = subL[18] ^ subL[20]; /* round 14 */
520 SUBKEY_R(19) = subR[18] ^ subR[20];
521 SUBKEY_L(20) = subL[19] ^ subL[21]; /* round 15 */
522 SUBKEY_R(20) = subR[19] ^ subR[21];
523 SUBKEY_L(21) = subL[20] ^ subL[22]; /* round 16 */
524 SUBKEY_R(21) = subR[20] ^ subR[22];
525 SUBKEY_L(22) = subL[21] ^ subL[23]; /* round 17 */
526 SUBKEY_R(22) = subR[21] ^ subR[23];
527 if (max == 24) {
528 SUBKEY_L(23) = subL[22]; /* round 18 */
529 SUBKEY_R(23) = subR[22];
530 SUBKEY_L(24) = subL[24] ^ subL[23]; /* kw3 */
531 SUBKEY_R(24) = subR[24] ^ subR[23];
532 } else {
533 tl = subL[26] ^ (subR[26] & ~subR[24]);
534 dw = tl & subL[24], /* FL(kl5) */
535 tr = subR[26] ^ rol32(dw, 1);
536 SUBKEY_L(23) = subL[22] ^ tl; /* round 18 */
537 SUBKEY_R(23) = subR[22] ^ tr;
538 SUBKEY_L(24) = subL[24]; /* FL(kl5) */
539 SUBKEY_R(24) = subR[24];
540 SUBKEY_L(25) = subL[25]; /* FLinv(kl6) */
541 SUBKEY_R(25) = subR[25];
542 tl = subL[23] ^ (subR[23] & ~subR[25]);
543 dw = tl & subL[25], /* FLinv(kl6) */
544 tr = subR[23] ^ rol32(dw, 1);
545 SUBKEY_L(26) = tl ^ subL[27]; /* round 19 */
546 SUBKEY_R(26) = tr ^ subR[27];
547 SUBKEY_L(27) = subL[26] ^ subL[28]; /* round 20 */
548 SUBKEY_R(27) = subR[26] ^ subR[28];
549 SUBKEY_L(28) = subL[27] ^ subL[29]; /* round 21 */
550 SUBKEY_R(28) = subR[27] ^ subR[29];
551 SUBKEY_L(29) = subL[28] ^ subL[30]; /* round 22 */
552 SUBKEY_R(29) = subR[28] ^ subR[30];
553 SUBKEY_L(30) = subL[29] ^ subL[31]; /* round 23 */
554 SUBKEY_R(30) = subR[29] ^ subR[31];
555 SUBKEY_L(31) = subL[30]; /* round 24 */
556 SUBKEY_R(31) = subR[30];
557 SUBKEY_L(32) = subL[32] ^ subL[31]; /* kw3 */
558 SUBKEY_R(32) = subR[32] ^ subR[31];
559 }
560
561 /* apply the inverse of the last half of P-function */
562 i = 2;
563 do {
564 dw = SUBKEY_L(i + 0) ^ SUBKEY_R(i + 0); dw = rol32(dw, 8);/* round 1 */
565 SUBKEY_R(i + 0) = SUBKEY_L(i + 0) ^ dw; SUBKEY_L(i + 0) = dw;
566 dw = SUBKEY_L(i + 1) ^ SUBKEY_R(i + 1); dw = rol32(dw, 8);/* round 2 */
567 SUBKEY_R(i + 1) = SUBKEY_L(i + 1) ^ dw; SUBKEY_L(i + 1) = dw;
568 dw = SUBKEY_L(i + 2) ^ SUBKEY_R(i + 2); dw = rol32(dw, 8);/* round 3 */
569 SUBKEY_R(i + 2) = SUBKEY_L(i + 2) ^ dw; SUBKEY_L(i + 2) = dw;
570 dw = SUBKEY_L(i + 3) ^ SUBKEY_R(i + 3); dw = rol32(dw, 8);/* round 4 */
571 SUBKEY_R(i + 3) = SUBKEY_L(i + 3) ^ dw; SUBKEY_L(i + 3) = dw;
572 dw = SUBKEY_L(i + 4) ^ SUBKEY_R(i + 4); dw = rol32(dw, 8);/* round 5 */
573 SUBKEY_R(i + 4) = SUBKEY_L(i + 4) ^ dw; SUBKEY_L(i + 4) = dw;
574 dw = SUBKEY_L(i + 5) ^ SUBKEY_R(i + 5); dw = rol32(dw, 8);/* round 6 */
575 SUBKEY_R(i + 5) = SUBKEY_L(i + 5) ^ dw; SUBKEY_L(i + 5) = dw;
576 i += 8;
577 } while (i < max);
578}
579
580static void camellia_setup128(const unsigned char *key, u32 *subkey)
581{
582 u32 kll, klr, krl, krr;
583 u32 il, ir, t0, t1, w0, w1;
584 u32 subL[26];
585 u32 subR[26];
586
587 /**
588 * k == kll || klr || krl || krr (|| is concatenation)
589 */
590 kll = get_unaligned_be32(key);
591 klr = get_unaligned_be32(key + 4);
592 krl = get_unaligned_be32(key + 8);
593 krr = get_unaligned_be32(key + 12);
594
595 /* generate KL dependent subkeys */
596 /* kw1 */
597 subL[0] = kll; subR[0] = klr;
598 /* kw2 */
599 subL[1] = krl; subR[1] = krr;
600 /* rotation left shift 15bit */
601 ROLDQ(kll, klr, krl, krr, w0, w1, 15);
602 /* k3 */
603 subL[4] = kll; subR[4] = klr;
604 /* k4 */
605 subL[5] = krl; subR[5] = krr;
606 /* rotation left shift 15+30bit */
607 ROLDQ(kll, klr, krl, krr, w0, w1, 30);
608 /* k7 */
609 subL[10] = kll; subR[10] = klr;
610 /* k8 */
611 subL[11] = krl; subR[11] = krr;
612 /* rotation left shift 15+30+15bit */
613 ROLDQ(kll, klr, krl, krr, w0, w1, 15);
614 /* k10 */
615 subL[13] = krl; subR[13] = krr;
616 /* rotation left shift 15+30+15+17 bit */
617 ROLDQ(kll, klr, krl, krr, w0, w1, 17);
618 /* kl3 */
619 subL[16] = kll; subR[16] = klr;
620 /* kl4 */
621 subL[17] = krl; subR[17] = krr;
622 /* rotation left shift 15+30+15+17+17 bit */
623 ROLDQ(kll, klr, krl, krr, w0, w1, 17);
624 /* k13 */
625 subL[18] = kll; subR[18] = klr;
626 /* k14 */
627 subL[19] = krl; subR[19] = krr;
628 /* rotation left shift 15+30+15+17+17+17 bit */
629 ROLDQ(kll, klr, krl, krr, w0, w1, 17);
630 /* k17 */
631 subL[22] = kll; subR[22] = klr;
632 /* k18 */
633 subL[23] = krl; subR[23] = krr;
634
635 /* generate KA */
636 kll = subL[0]; klr = subR[0];
637 krl = subL[1]; krr = subR[1];
638 CAMELLIA_F(kll, klr,
639 CAMELLIA_SIGMA1L, CAMELLIA_SIGMA1R,
640 w0, w1, il, ir, t0, t1);
641 krl ^= w0; krr ^= w1;
642 CAMELLIA_F(krl, krr,
643 CAMELLIA_SIGMA2L, CAMELLIA_SIGMA2R,
644 kll, klr, il, ir, t0, t1);
645 /* current status == (kll, klr, w0, w1) */
646 CAMELLIA_F(kll, klr,
647 CAMELLIA_SIGMA3L, CAMELLIA_SIGMA3R,
648 krl, krr, il, ir, t0, t1);
649 krl ^= w0; krr ^= w1;
650 CAMELLIA_F(krl, krr,
651 CAMELLIA_SIGMA4L, CAMELLIA_SIGMA4R,
652 w0, w1, il, ir, t0, t1);
653 kll ^= w0; klr ^= w1;
654
655 /* generate KA dependent subkeys */
656 /* k1, k2 */
657 subL[2] = kll; subR[2] = klr;
658 subL[3] = krl; subR[3] = krr;
659 ROLDQ(kll, klr, krl, krr, w0, w1, 15);
660 /* k5,k6 */
661 subL[6] = kll; subR[6] = klr;
662 subL[7] = krl; subR[7] = krr;
663 ROLDQ(kll, klr, krl, krr, w0, w1, 15);
664 /* kl1, kl2 */
665 subL[8] = kll; subR[8] = klr;
666 subL[9] = krl; subR[9] = krr;
667 ROLDQ(kll, klr, krl, krr, w0, w1, 15);
668 /* k9 */
669 subL[12] = kll; subR[12] = klr;
670 ROLDQ(kll, klr, krl, krr, w0, w1, 15);
671 /* k11, k12 */
672 subL[14] = kll; subR[14] = klr;
673 subL[15] = krl; subR[15] = krr;
674 ROLDQo32(kll, klr, krl, krr, w0, w1, 34);
675 /* k15, k16 */
676 subL[20] = kll; subR[20] = klr;
677 subL[21] = krl; subR[21] = krr;
678 ROLDQ(kll, klr, krl, krr, w0, w1, 17);
679 /* kw3, kw4 */
680 subL[24] = kll; subR[24] = klr;
681 subL[25] = krl; subR[25] = krr;
682
683 camellia_setup_tail(subkey, subL, subR, 24);
684}
685
686static void camellia_setup256(const unsigned char *key, u32 *subkey)
687{
688 u32 kll, klr, krl, krr; /* left half of key */
689 u32 krll, krlr, krrl, krrr; /* right half of key */
690 u32 il, ir, t0, t1, w0, w1; /* temporary variables */
691 u32 subL[34];
692 u32 subR[34];
693
694 /**
695 * key = (kll || klr || krl || krr || krll || krlr || krrl || krrr)
696 * (|| is concatenation)
697 */
698 kll = get_unaligned_be32(key);
699 klr = get_unaligned_be32(key + 4);
700 krl = get_unaligned_be32(key + 8);
701 krr = get_unaligned_be32(key + 12);
702 krll = get_unaligned_be32(key + 16);
703 krlr = get_unaligned_be32(key + 20);
704 krrl = get_unaligned_be32(key + 24);
705 krrr = get_unaligned_be32(key + 28);
706
707 /* generate KL dependent subkeys */
708 /* kw1 */
709 subL[0] = kll; subR[0] = klr;
710 /* kw2 */
711 subL[1] = krl; subR[1] = krr;
712 ROLDQo32(kll, klr, krl, krr, w0, w1, 45);
713 /* k9 */
714 subL[12] = kll; subR[12] = klr;
715 /* k10 */
716 subL[13] = krl; subR[13] = krr;
717 ROLDQ(kll, klr, krl, krr, w0, w1, 15);
718 /* kl3 */
719 subL[16] = kll; subR[16] = klr;
720 /* kl4 */
721 subL[17] = krl; subR[17] = krr;
722 ROLDQ(kll, klr, krl, krr, w0, w1, 17);
723 /* k17 */
724 subL[22] = kll; subR[22] = klr;
725 /* k18 */
726 subL[23] = krl; subR[23] = krr;
727 ROLDQo32(kll, klr, krl, krr, w0, w1, 34);
728 /* k23 */
729 subL[30] = kll; subR[30] = klr;
730 /* k24 */
731 subL[31] = krl; subR[31] = krr;
732
733 /* generate KR dependent subkeys */
734 ROLDQ(krll, krlr, krrl, krrr, w0, w1, 15);
735 /* k3 */
736 subL[4] = krll; subR[4] = krlr;
737 /* k4 */
738 subL[5] = krrl; subR[5] = krrr;
739 ROLDQ(krll, krlr, krrl, krrr, w0, w1, 15);
740 /* kl1 */
741 subL[8] = krll; subR[8] = krlr;
742 /* kl2 */
743 subL[9] = krrl; subR[9] = krrr;
744 ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30);
745 /* k13 */
746 subL[18] = krll; subR[18] = krlr;
747 /* k14 */
748 subL[19] = krrl; subR[19] = krrr;
749 ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 34);
750 /* k19 */
751 subL[26] = krll; subR[26] = krlr;
752 /* k20 */
753 subL[27] = krrl; subR[27] = krrr;
754 ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 34);
755
756 /* generate KA */
757 kll = subL[0] ^ krll; klr = subR[0] ^ krlr;
758 krl = subL[1] ^ krrl; krr = subR[1] ^ krrr;
759 CAMELLIA_F(kll, klr,
760 CAMELLIA_SIGMA1L, CAMELLIA_SIGMA1R,
761 w0, w1, il, ir, t0, t1);
762 krl ^= w0; krr ^= w1;
763 CAMELLIA_F(krl, krr,
764 CAMELLIA_SIGMA2L, CAMELLIA_SIGMA2R,
765 kll, klr, il, ir, t0, t1);
766 kll ^= krll; klr ^= krlr;
767 CAMELLIA_F(kll, klr,
768 CAMELLIA_SIGMA3L, CAMELLIA_SIGMA3R,
769 krl, krr, il, ir, t0, t1);
770 krl ^= w0 ^ krrl; krr ^= w1 ^ krrr;
771 CAMELLIA_F(krl, krr,
772 CAMELLIA_SIGMA4L, CAMELLIA_SIGMA4R,
773 w0, w1, il, ir, t0, t1);
774 kll ^= w0; klr ^= w1;
775
776 /* generate KB */
777 krll ^= kll; krlr ^= klr;
778 krrl ^= krl; krrr ^= krr;
779 CAMELLIA_F(krll, krlr,
780 CAMELLIA_SIGMA5L, CAMELLIA_SIGMA5R,
781 w0, w1, il, ir, t0, t1);
782 krrl ^= w0; krrr ^= w1;
783 CAMELLIA_F(krrl, krrr,
784 CAMELLIA_SIGMA6L, CAMELLIA_SIGMA6R,
785 w0, w1, il, ir, t0, t1);
786 krll ^= w0; krlr ^= w1;
787
788 /* generate KA dependent subkeys */
789 ROLDQ(kll, klr, krl, krr, w0, w1, 15);
790 /* k5 */
791 subL[6] = kll; subR[6] = klr;
792 /* k6 */
793 subL[7] = krl; subR[7] = krr;
794 ROLDQ(kll, klr, krl, krr, w0, w1, 30);
795 /* k11 */
796 subL[14] = kll; subR[14] = klr;
797 /* k12 */
798 subL[15] = krl; subR[15] = krr;
799 /* rotation left shift 32bit */
800 /* kl5 */
801 subL[24] = klr; subR[24] = krl;
802 /* kl6 */
803 subL[25] = krr; subR[25] = kll;
804 /* rotation left shift 49 from k11,k12 -> k21,k22 */
805 ROLDQo32(kll, klr, krl, krr, w0, w1, 49);
806 /* k21 */
807 subL[28] = kll; subR[28] = klr;
808 /* k22 */
809 subL[29] = krl; subR[29] = krr;
810
811 /* generate KB dependent subkeys */
812 /* k1 */
813 subL[2] = krll; subR[2] = krlr;
814 /* k2 */
815 subL[3] = krrl; subR[3] = krrr;
816 ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30);
817 /* k7 */
818 subL[10] = krll; subR[10] = krlr;
819 /* k8 */
820 subL[11] = krrl; subR[11] = krrr;
821 ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30);
822 /* k15 */
823 subL[20] = krll; subR[20] = krlr;
824 /* k16 */
825 subL[21] = krrl; subR[21] = krrr;
826 ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 51);
827 /* kw3 */
828 subL[32] = krll; subR[32] = krlr;
829 /* kw4 */
830 subL[33] = krrl; subR[33] = krrr;
831
832 camellia_setup_tail(subkey, subL, subR, 32);
833}
834
835static void camellia_setup192(const unsigned char *key, u32 *subkey)
836{
837 unsigned char kk[32];
838 u32 krll, krlr, krrl, krrr;
839
840 memcpy(kk, key, 24);
841 memcpy((unsigned char *)&krll, key+16, 4);
842 memcpy((unsigned char *)&krlr, key+20, 4);
843 krrl = ~krll;
844 krrr = ~krlr;
845 memcpy(kk+24, (unsigned char *)&krrl, 4);
846 memcpy(kk+28, (unsigned char *)&krrr, 4);
847 camellia_setup256(kk, subkey);
848}
849
850
851/*
852 * Encrypt/decrypt
853 */
854#define CAMELLIA_FLS(ll, lr, rl, rr, kll, klr, krl, krr, t0, t1, t2, t3) \
855 do { \
856 t0 = kll; \
857 t2 = krr; \
858 t0 &= ll; \
859 t2 |= rr; \
860 rl ^= t2; \
861 lr ^= rol32(t0, 1); \
862 t3 = krl; \
863 t1 = klr; \
864 t3 &= rl; \
865 t1 |= lr; \
866 ll ^= t1; \
867 rr ^= rol32(t3, 1); \
868 } while (0)
869
870#define CAMELLIA_ROUNDSM(xl, xr, kl, kr, yl, yr, il, ir) \
871 do { \
872 ir = camellia_sp1110[(u8)xr]; \
873 il = camellia_sp1110[ (xl >> 24)]; \
874 ir ^= camellia_sp0222[ (xr >> 24)]; \
875 il ^= camellia_sp0222[(u8)(xl >> 16)]; \
876 ir ^= camellia_sp3033[(u8)(xr >> 16)]; \
877 il ^= camellia_sp3033[(u8)(xl >> 8)]; \
878 ir ^= camellia_sp4404[(u8)(xr >> 8)]; \
879 il ^= camellia_sp4404[(u8)xl]; \
880 il ^= kl; \
881 ir ^= il ^ kr; \
882 yl ^= ir; \
883 yr ^= ror32(il, 8) ^ ir; \
884 } while (0)
885
886/* max = 24: 128bit encrypt, max = 32: 256bit encrypt */
887static void camellia_do_encrypt(const u32 *subkey, u32 *io, unsigned max)
888{
889 u32 il, ir, t0, t1; /* temporary variables */
890
891 /* pre whitening but absorb kw2 */
892 io[0] ^= SUBKEY_L(0);
893 io[1] ^= SUBKEY_R(0);
894
895 /* main iteration */
896#define ROUNDS(i) do { \
897 CAMELLIA_ROUNDSM(io[0], io[1], \
898 SUBKEY_L(i + 2), SUBKEY_R(i + 2), \
899 io[2], io[3], il, ir); \
900 CAMELLIA_ROUNDSM(io[2], io[3], \
901 SUBKEY_L(i + 3), SUBKEY_R(i + 3), \
902 io[0], io[1], il, ir); \
903 CAMELLIA_ROUNDSM(io[0], io[1], \
904 SUBKEY_L(i + 4), SUBKEY_R(i + 4), \
905 io[2], io[3], il, ir); \
906 CAMELLIA_ROUNDSM(io[2], io[3], \
907 SUBKEY_L(i + 5), SUBKEY_R(i + 5), \
908 io[0], io[1], il, ir); \
909 CAMELLIA_ROUNDSM(io[0], io[1], \
910 SUBKEY_L(i + 6), SUBKEY_R(i + 6), \
911 io[2], io[3], il, ir); \
912 CAMELLIA_ROUNDSM(io[2], io[3], \
913 SUBKEY_L(i + 7), SUBKEY_R(i + 7), \
914 io[0], io[1], il, ir); \
915} while (0)
916#define FLS(i) do { \
917 CAMELLIA_FLS(io[0], io[1], io[2], io[3], \
918 SUBKEY_L(i + 0), SUBKEY_R(i + 0), \
919 SUBKEY_L(i + 1), SUBKEY_R(i + 1), \
920 t0, t1, il, ir); \
921} while (0)
922
923 ROUNDS(0);
924 FLS(8);
925 ROUNDS(8);
926 FLS(16);
927 ROUNDS(16);
928 if (max == 32) {
929 FLS(24);
930 ROUNDS(24);
931 }
932
933#undef ROUNDS
934#undef FLS
935
936 /* post whitening but kw4 */
937 io[2] ^= SUBKEY_L(max);
938 io[3] ^= SUBKEY_R(max);
939 /* NB: io[0],[1] should be swapped with [2],[3] by caller! */
940}
941
942static void camellia_do_decrypt(const u32 *subkey, u32 *io, unsigned i)
943{
944 u32 il, ir, t0, t1; /* temporary variables */
945
946 /* pre whitening but absorb kw2 */
947 io[0] ^= SUBKEY_L(i);
948 io[1] ^= SUBKEY_R(i);
949
950 /* main iteration */
951#define ROUNDS(i) do { \
952 CAMELLIA_ROUNDSM(io[0], io[1], \
953 SUBKEY_L(i + 7), SUBKEY_R(i + 7), \
954 io[2], io[3], il, ir); \
955 CAMELLIA_ROUNDSM(io[2], io[3], \
956 SUBKEY_L(i + 6), SUBKEY_R(i + 6), \
957 io[0], io[1], il, ir); \
958 CAMELLIA_ROUNDSM(io[0], io[1], \
959 SUBKEY_L(i + 5), SUBKEY_R(i + 5), \
960 io[2], io[3], il, ir); \
961 CAMELLIA_ROUNDSM(io[2], io[3], \
962 SUBKEY_L(i + 4), SUBKEY_R(i + 4), \
963 io[0], io[1], il, ir); \
964 CAMELLIA_ROUNDSM(io[0], io[1], \
965 SUBKEY_L(i + 3), SUBKEY_R(i + 3), \
966 io[2], io[3], il, ir); \
967 CAMELLIA_ROUNDSM(io[2], io[3], \
968 SUBKEY_L(i + 2), SUBKEY_R(i + 2), \
969 io[0], io[1], il, ir); \
970} while (0)
971#define FLS(i) do { \
972 CAMELLIA_FLS(io[0], io[1], io[2], io[3], \
973 SUBKEY_L(i + 1), SUBKEY_R(i + 1), \
974 SUBKEY_L(i + 0), SUBKEY_R(i + 0), \
975 t0, t1, il, ir); \
976} while (0)
977
978 if (i == 32) {
979 ROUNDS(24);
980 FLS(24);
981 }
982 ROUNDS(16);
983 FLS(16);
984 ROUNDS(8);
985 FLS(8);
986 ROUNDS(0);
987
988#undef ROUNDS
989#undef FLS
990
991 /* post whitening but kw4 */
992 io[2] ^= SUBKEY_L(0);
993 io[3] ^= SUBKEY_R(0);
994 /* NB: 0,1 should be swapped with 2,3 by caller! */
995}
996
997
998struct camellia_ctx {
999 int key_length;
1000 u32 key_table[CAMELLIA_TABLE_BYTE_LEN / sizeof(u32)];
1001};
1002
1003static int
1004camellia_set_key(struct crypto_tfm *tfm, const u8 *in_key,
1005 unsigned int key_len)
1006{
1007 struct camellia_ctx *cctx = crypto_tfm_ctx(tfm);
1008 const unsigned char *key = (const unsigned char *)in_key;
1009 u32 *flags = &tfm->crt_flags;
1010
1011 if (key_len != 16 && key_len != 24 && key_len != 32) {
1012 *flags |= CRYPTO_TFM_RES_BAD_KEY_LEN;
1013 return -EINVAL;
1014 }
1015
1016 cctx->key_length = key_len;
1017
1018 switch (key_len) {
1019 case 16:
1020 camellia_setup128(key, cctx->key_table);
1021 break;
1022 case 24:
1023 camellia_setup192(key, cctx->key_table);
1024 break;
1025 case 32:
1026 camellia_setup256(key, cctx->key_table);
1027 break;
1028 }
1029
1030 return 0;
1031}
1032
1033static void camellia_encrypt(struct crypto_tfm *tfm, u8 *out, const u8 *in)
1034{
1035 const struct camellia_ctx *cctx = crypto_tfm_ctx(tfm);
1036 const __be32 *src = (const __be32 *)in;
1037 __be32 *dst = (__be32 *)out;
1038
1039 u32 tmp[4];
1040
1041 tmp[0] = be32_to_cpu(src[0]);
1042 tmp[1] = be32_to_cpu(src[1]);
1043 tmp[2] = be32_to_cpu(src[2]);
1044 tmp[3] = be32_to_cpu(src[3]);
1045
1046 camellia_do_encrypt(cctx->key_table, tmp,
1047 cctx->key_length == 16 ? 24 : 32 /* for key lengths of 24 and 32 */
1048 );
1049
1050 /* do_encrypt returns 0,1 swapped with 2,3 */
1051 dst[0] = cpu_to_be32(tmp[2]);
1052 dst[1] = cpu_to_be32(tmp[3]);
1053 dst[2] = cpu_to_be32(tmp[0]);
1054 dst[3] = cpu_to_be32(tmp[1]);
1055}
1056
1057static void camellia_decrypt(struct crypto_tfm *tfm, u8 *out, const u8 *in)
1058{
1059 const struct camellia_ctx *cctx = crypto_tfm_ctx(tfm);
1060 const __be32 *src = (const __be32 *)in;
1061 __be32 *dst = (__be32 *)out;
1062
1063 u32 tmp[4];
1064
1065 tmp[0] = be32_to_cpu(src[0]);
1066 tmp[1] = be32_to_cpu(src[1]);
1067 tmp[2] = be32_to_cpu(src[2]);
1068 tmp[3] = be32_to_cpu(src[3]);
1069
1070 camellia_do_decrypt(cctx->key_table, tmp,
1071 cctx->key_length == 16 ? 24 : 32 /* for key lengths of 24 and 32 */
1072 );
1073
1074 /* do_decrypt returns 0,1 swapped with 2,3 */
1075 dst[0] = cpu_to_be32(tmp[2]);
1076 dst[1] = cpu_to_be32(tmp[3]);
1077 dst[2] = cpu_to_be32(tmp[0]);
1078 dst[3] = cpu_to_be32(tmp[1]);
1079}
1080
1081static struct crypto_alg camellia_alg = {
1082 .cra_name = "camellia",
1083 .cra_driver_name = "camellia-generic",
1084 .cra_priority = 100,
1085 .cra_flags = CRYPTO_ALG_TYPE_CIPHER,
1086 .cra_blocksize = CAMELLIA_BLOCK_SIZE,
1087 .cra_ctxsize = sizeof(struct camellia_ctx),
1088 .cra_alignmask = 3,
1089 .cra_module = THIS_MODULE,
1090 .cra_list = LIST_HEAD_INIT(camellia_alg.cra_list),
1091 .cra_u = {
1092 .cipher = {
1093 .cia_min_keysize = CAMELLIA_MIN_KEY_SIZE,
1094 .cia_max_keysize = CAMELLIA_MAX_KEY_SIZE,
1095 .cia_setkey = camellia_set_key,
1096 .cia_encrypt = camellia_encrypt,
1097 .cia_decrypt = camellia_decrypt
1098 }
1099 }
1100};
1101
1102static int __init camellia_init(void)
1103{
1104 return crypto_register_alg(&camellia_alg);
1105}
1106
1107static void __exit camellia_fini(void)
1108{
1109 crypto_unregister_alg(&camellia_alg);
1110}
1111
1112module_init(camellia_init);
1113module_exit(camellia_fini);
1114
1115MODULE_DESCRIPTION("Camellia Cipher Algorithm");
1116MODULE_LICENSE("GPL");
diff --git a/crypto/cast5.c b/crypto/cast5.c
new file mode 100644
index 00000000000..4a230ddec87
--- /dev/null
+++ b/crypto/cast5.c
@@ -0,0 +1,809 @@
1/* Kernel cryptographic api.
2* cast5.c - Cast5 cipher algorithm (rfc2144).
3*
4* Derived from GnuPG implementation of cast5.
5*
6* Major Changes.
7* Complete conformance to rfc2144.
8* Supports key size from 40 to 128 bits.
9*
10* Copyright (C) 1998, 1999, 2000, 2001 Free Software Foundation, Inc.
11* Copyright (C) 2003 Kartikey Mahendra Bhatt <kartik_me@hotmail.com>.
12*
13* This program is free software; you can redistribute it and/or modify it
14* under the terms of GNU General Public License as published by the Free
15* Software Foundation; either version 2 of the License, or (at your option)
16* any later version.
17*
18* You should have received a copy of the GNU General Public License
19* along with this program; if not, write to the Free Software
20* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
21*/
22
23
24#include <asm/byteorder.h>
25#include <linux/init.h>
26#include <linux/crypto.h>
27#include <linux/module.h>
28#include <linux/errno.h>
29#include <linux/string.h>
30#include <linux/types.h>
31
32#define CAST5_BLOCK_SIZE 8
33#define CAST5_MIN_KEY_SIZE 5
34#define CAST5_MAX_KEY_SIZE 16
35
36struct cast5_ctx {
37 u32 Km[16];
38 u8 Kr[16];
39 int rr; /* rr?number of rounds = 16:number of rounds = 12; (rfc 2144) */
40};
41
42
43static const u32 s1[256] = {
44 0x30fb40d4, 0x9fa0ff0b, 0x6beccd2f, 0x3f258c7a, 0x1e213f2f,
45 0x9c004dd3, 0x6003e540, 0xcf9fc949,
46 0xbfd4af27, 0x88bbbdb5, 0xe2034090, 0x98d09675, 0x6e63a0e0,
47 0x15c361d2, 0xc2e7661d, 0x22d4ff8e,
48 0x28683b6f, 0xc07fd059, 0xff2379c8, 0x775f50e2, 0x43c340d3,
49 0xdf2f8656, 0x887ca41a, 0xa2d2bd2d,
50 0xa1c9e0d6, 0x346c4819, 0x61b76d87, 0x22540f2f, 0x2abe32e1,
51 0xaa54166b, 0x22568e3a, 0xa2d341d0,
52 0x66db40c8, 0xa784392f, 0x004dff2f, 0x2db9d2de, 0x97943fac,
53 0x4a97c1d8, 0x527644b7, 0xb5f437a7,
54 0xb82cbaef, 0xd751d159, 0x6ff7f0ed, 0x5a097a1f, 0x827b68d0,
55 0x90ecf52e, 0x22b0c054, 0xbc8e5935,
56 0x4b6d2f7f, 0x50bb64a2, 0xd2664910, 0xbee5812d, 0xb7332290,
57 0xe93b159f, 0xb48ee411, 0x4bff345d,
58 0xfd45c240, 0xad31973f, 0xc4f6d02e, 0x55fc8165, 0xd5b1caad,
59 0xa1ac2dae, 0xa2d4b76d, 0xc19b0c50,
60 0x882240f2, 0x0c6e4f38, 0xa4e4bfd7, 0x4f5ba272, 0x564c1d2f,
61 0xc59c5319, 0xb949e354, 0xb04669fe,
62 0xb1b6ab8a, 0xc71358dd, 0x6385c545, 0x110f935d, 0x57538ad5,
63 0x6a390493, 0xe63d37e0, 0x2a54f6b3,
64 0x3a787d5f, 0x6276a0b5, 0x19a6fcdf, 0x7a42206a, 0x29f9d4d5,
65 0xf61b1891, 0xbb72275e, 0xaa508167,
66 0x38901091, 0xc6b505eb, 0x84c7cb8c, 0x2ad75a0f, 0x874a1427,
67 0xa2d1936b, 0x2ad286af, 0xaa56d291,
68 0xd7894360, 0x425c750d, 0x93b39e26, 0x187184c9, 0x6c00b32d,
69 0x73e2bb14, 0xa0bebc3c, 0x54623779,
70 0x64459eab, 0x3f328b82, 0x7718cf82, 0x59a2cea6, 0x04ee002e,
71 0x89fe78e6, 0x3fab0950, 0x325ff6c2,
72 0x81383f05, 0x6963c5c8, 0x76cb5ad6, 0xd49974c9, 0xca180dcf,
73 0x380782d5, 0xc7fa5cf6, 0x8ac31511,
74 0x35e79e13, 0x47da91d0, 0xf40f9086, 0xa7e2419e, 0x31366241,
75 0x051ef495, 0xaa573b04, 0x4a805d8d,
76 0x548300d0, 0x00322a3c, 0xbf64cddf, 0xba57a68e, 0x75c6372b,
77 0x50afd341, 0xa7c13275, 0x915a0bf5,
78 0x6b54bfab, 0x2b0b1426, 0xab4cc9d7, 0x449ccd82, 0xf7fbf265,
79 0xab85c5f3, 0x1b55db94, 0xaad4e324,
80 0xcfa4bd3f, 0x2deaa3e2, 0x9e204d02, 0xc8bd25ac, 0xeadf55b3,
81 0xd5bd9e98, 0xe31231b2, 0x2ad5ad6c,
82 0x954329de, 0xadbe4528, 0xd8710f69, 0xaa51c90f, 0xaa786bf6,
83 0x22513f1e, 0xaa51a79b, 0x2ad344cc,
84 0x7b5a41f0, 0xd37cfbad, 0x1b069505, 0x41ece491, 0xb4c332e6,
85 0x032268d4, 0xc9600acc, 0xce387e6d,
86 0xbf6bb16c, 0x6a70fb78, 0x0d03d9c9, 0xd4df39de, 0xe01063da,
87 0x4736f464, 0x5ad328d8, 0xb347cc96,
88 0x75bb0fc3, 0x98511bfb, 0x4ffbcc35, 0xb58bcf6a, 0xe11f0abc,
89 0xbfc5fe4a, 0xa70aec10, 0xac39570a,
90 0x3f04442f, 0x6188b153, 0xe0397a2e, 0x5727cb79, 0x9ceb418f,
91 0x1cacd68d, 0x2ad37c96, 0x0175cb9d,
92 0xc69dff09, 0xc75b65f0, 0xd9db40d8, 0xec0e7779, 0x4744ead4,
93 0xb11c3274, 0xdd24cb9e, 0x7e1c54bd,
94 0xf01144f9, 0xd2240eb1, 0x9675b3fd, 0xa3ac3755, 0xd47c27af,
95 0x51c85f4d, 0x56907596, 0xa5bb15e6,
96 0x580304f0, 0xca042cf1, 0x011a37ea, 0x8dbfaadb, 0x35ba3e4a,
97 0x3526ffa0, 0xc37b4d09, 0xbc306ed9,
98 0x98a52666, 0x5648f725, 0xff5e569d, 0x0ced63d0, 0x7c63b2cf,
99 0x700b45e1, 0xd5ea50f1, 0x85a92872,
100 0xaf1fbda7, 0xd4234870, 0xa7870bf3, 0x2d3b4d79, 0x42e04198,
101 0x0cd0ede7, 0x26470db8, 0xf881814c,
102 0x474d6ad7, 0x7c0c5e5c, 0xd1231959, 0x381b7298, 0xf5d2f4db,
103 0xab838653, 0x6e2f1e23, 0x83719c9e,
104 0xbd91e046, 0x9a56456e, 0xdc39200c, 0x20c8c571, 0x962bda1c,
105 0xe1e696ff, 0xb141ab08, 0x7cca89b9,
106 0x1a69e783, 0x02cc4843, 0xa2f7c579, 0x429ef47d, 0x427b169c,
107 0x5ac9f049, 0xdd8f0f00, 0x5c8165bf
108};
109static const u32 s2[256] = {
110 0x1f201094, 0xef0ba75b, 0x69e3cf7e, 0x393f4380, 0xfe61cf7a,
111 0xeec5207a, 0x55889c94, 0x72fc0651,
112 0xada7ef79, 0x4e1d7235, 0xd55a63ce, 0xde0436ba, 0x99c430ef,
113 0x5f0c0794, 0x18dcdb7d, 0xa1d6eff3,
114 0xa0b52f7b, 0x59e83605, 0xee15b094, 0xe9ffd909, 0xdc440086,
115 0xef944459, 0xba83ccb3, 0xe0c3cdfb,
116 0xd1da4181, 0x3b092ab1, 0xf997f1c1, 0xa5e6cf7b, 0x01420ddb,
117 0xe4e7ef5b, 0x25a1ff41, 0xe180f806,
118 0x1fc41080, 0x179bee7a, 0xd37ac6a9, 0xfe5830a4, 0x98de8b7f,
119 0x77e83f4e, 0x79929269, 0x24fa9f7b,
120 0xe113c85b, 0xacc40083, 0xd7503525, 0xf7ea615f, 0x62143154,
121 0x0d554b63, 0x5d681121, 0xc866c359,
122 0x3d63cf73, 0xcee234c0, 0xd4d87e87, 0x5c672b21, 0x071f6181,
123 0x39f7627f, 0x361e3084, 0xe4eb573b,
124 0x602f64a4, 0xd63acd9c, 0x1bbc4635, 0x9e81032d, 0x2701f50c,
125 0x99847ab4, 0xa0e3df79, 0xba6cf38c,
126 0x10843094, 0x2537a95e, 0xf46f6ffe, 0xa1ff3b1f, 0x208cfb6a,
127 0x8f458c74, 0xd9e0a227, 0x4ec73a34,
128 0xfc884f69, 0x3e4de8df, 0xef0e0088, 0x3559648d, 0x8a45388c,
129 0x1d804366, 0x721d9bfd, 0xa58684bb,
130 0xe8256333, 0x844e8212, 0x128d8098, 0xfed33fb4, 0xce280ae1,
131 0x27e19ba5, 0xd5a6c252, 0xe49754bd,
132 0xc5d655dd, 0xeb667064, 0x77840b4d, 0xa1b6a801, 0x84db26a9,
133 0xe0b56714, 0x21f043b7, 0xe5d05860,
134 0x54f03084, 0x066ff472, 0xa31aa153, 0xdadc4755, 0xb5625dbf,
135 0x68561be6, 0x83ca6b94, 0x2d6ed23b,
136 0xeccf01db, 0xa6d3d0ba, 0xb6803d5c, 0xaf77a709, 0x33b4a34c,
137 0x397bc8d6, 0x5ee22b95, 0x5f0e5304,
138 0x81ed6f61, 0x20e74364, 0xb45e1378, 0xde18639b, 0x881ca122,
139 0xb96726d1, 0x8049a7e8, 0x22b7da7b,
140 0x5e552d25, 0x5272d237, 0x79d2951c, 0xc60d894c, 0x488cb402,
141 0x1ba4fe5b, 0xa4b09f6b, 0x1ca815cf,
142 0xa20c3005, 0x8871df63, 0xb9de2fcb, 0x0cc6c9e9, 0x0beeff53,
143 0xe3214517, 0xb4542835, 0x9f63293c,
144 0xee41e729, 0x6e1d2d7c, 0x50045286, 0x1e6685f3, 0xf33401c6,
145 0x30a22c95, 0x31a70850, 0x60930f13,
146 0x73f98417, 0xa1269859, 0xec645c44, 0x52c877a9, 0xcdff33a6,
147 0xa02b1741, 0x7cbad9a2, 0x2180036f,
148 0x50d99c08, 0xcb3f4861, 0xc26bd765, 0x64a3f6ab, 0x80342676,
149 0x25a75e7b, 0xe4e6d1fc, 0x20c710e6,
150 0xcdf0b680, 0x17844d3b, 0x31eef84d, 0x7e0824e4, 0x2ccb49eb,
151 0x846a3bae, 0x8ff77888, 0xee5d60f6,
152 0x7af75673, 0x2fdd5cdb, 0xa11631c1, 0x30f66f43, 0xb3faec54,
153 0x157fd7fa, 0xef8579cc, 0xd152de58,
154 0xdb2ffd5e, 0x8f32ce19, 0x306af97a, 0x02f03ef8, 0x99319ad5,
155 0xc242fa0f, 0xa7e3ebb0, 0xc68e4906,
156 0xb8da230c, 0x80823028, 0xdcdef3c8, 0xd35fb171, 0x088a1bc8,
157 0xbec0c560, 0x61a3c9e8, 0xbca8f54d,
158 0xc72feffa, 0x22822e99, 0x82c570b4, 0xd8d94e89, 0x8b1c34bc,
159 0x301e16e6, 0x273be979, 0xb0ffeaa6,
160 0x61d9b8c6, 0x00b24869, 0xb7ffce3f, 0x08dc283b, 0x43daf65a,
161 0xf7e19798, 0x7619b72f, 0x8f1c9ba4,
162 0xdc8637a0, 0x16a7d3b1, 0x9fc393b7, 0xa7136eeb, 0xc6bcc63e,
163 0x1a513742, 0xef6828bc, 0x520365d6,
164 0x2d6a77ab, 0x3527ed4b, 0x821fd216, 0x095c6e2e, 0xdb92f2fb,
165 0x5eea29cb, 0x145892f5, 0x91584f7f,
166 0x5483697b, 0x2667a8cc, 0x85196048, 0x8c4bacea, 0x833860d4,
167 0x0d23e0f9, 0x6c387e8a, 0x0ae6d249,
168 0xb284600c, 0xd835731d, 0xdcb1c647, 0xac4c56ea, 0x3ebd81b3,
169 0x230eabb0, 0x6438bc87, 0xf0b5b1fa,
170 0x8f5ea2b3, 0xfc184642, 0x0a036b7a, 0x4fb089bd, 0x649da589,
171 0xa345415e, 0x5c038323, 0x3e5d3bb9,
172 0x43d79572, 0x7e6dd07c, 0x06dfdf1e, 0x6c6cc4ef, 0x7160a539,
173 0x73bfbe70, 0x83877605, 0x4523ecf1
174};
175static const u32 s3[256] = {
176 0x8defc240, 0x25fa5d9f, 0xeb903dbf, 0xe810c907, 0x47607fff,
177 0x369fe44b, 0x8c1fc644, 0xaececa90,
178 0xbeb1f9bf, 0xeefbcaea, 0xe8cf1950, 0x51df07ae, 0x920e8806,
179 0xf0ad0548, 0xe13c8d83, 0x927010d5,
180 0x11107d9f, 0x07647db9, 0xb2e3e4d4, 0x3d4f285e, 0xb9afa820,
181 0xfade82e0, 0xa067268b, 0x8272792e,
182 0x553fb2c0, 0x489ae22b, 0xd4ef9794, 0x125e3fbc, 0x21fffcee,
183 0x825b1bfd, 0x9255c5ed, 0x1257a240,
184 0x4e1a8302, 0xbae07fff, 0x528246e7, 0x8e57140e, 0x3373f7bf,
185 0x8c9f8188, 0xa6fc4ee8, 0xc982b5a5,
186 0xa8c01db7, 0x579fc264, 0x67094f31, 0xf2bd3f5f, 0x40fff7c1,
187 0x1fb78dfc, 0x8e6bd2c1, 0x437be59b,
188 0x99b03dbf, 0xb5dbc64b, 0x638dc0e6, 0x55819d99, 0xa197c81c,
189 0x4a012d6e, 0xc5884a28, 0xccc36f71,
190 0xb843c213, 0x6c0743f1, 0x8309893c, 0x0feddd5f, 0x2f7fe850,
191 0xd7c07f7e, 0x02507fbf, 0x5afb9a04,
192 0xa747d2d0, 0x1651192e, 0xaf70bf3e, 0x58c31380, 0x5f98302e,
193 0x727cc3c4, 0x0a0fb402, 0x0f7fef82,
194 0x8c96fdad, 0x5d2c2aae, 0x8ee99a49, 0x50da88b8, 0x8427f4a0,
195 0x1eac5790, 0x796fb449, 0x8252dc15,
196 0xefbd7d9b, 0xa672597d, 0xada840d8, 0x45f54504, 0xfa5d7403,
197 0xe83ec305, 0x4f91751a, 0x925669c2,
198 0x23efe941, 0xa903f12e, 0x60270df2, 0x0276e4b6, 0x94fd6574,
199 0x927985b2, 0x8276dbcb, 0x02778176,
200 0xf8af918d, 0x4e48f79e, 0x8f616ddf, 0xe29d840e, 0x842f7d83,
201 0x340ce5c8, 0x96bbb682, 0x93b4b148,
202 0xef303cab, 0x984faf28, 0x779faf9b, 0x92dc560d, 0x224d1e20,
203 0x8437aa88, 0x7d29dc96, 0x2756d3dc,
204 0x8b907cee, 0xb51fd240, 0xe7c07ce3, 0xe566b4a1, 0xc3e9615e,
205 0x3cf8209d, 0x6094d1e3, 0xcd9ca341,
206 0x5c76460e, 0x00ea983b, 0xd4d67881, 0xfd47572c, 0xf76cedd9,
207 0xbda8229c, 0x127dadaa, 0x438a074e,
208 0x1f97c090, 0x081bdb8a, 0x93a07ebe, 0xb938ca15, 0x97b03cff,
209 0x3dc2c0f8, 0x8d1ab2ec, 0x64380e51,
210 0x68cc7bfb, 0xd90f2788, 0x12490181, 0x5de5ffd4, 0xdd7ef86a,
211 0x76a2e214, 0xb9a40368, 0x925d958f,
212 0x4b39fffa, 0xba39aee9, 0xa4ffd30b, 0xfaf7933b, 0x6d498623,
213 0x193cbcfa, 0x27627545, 0x825cf47a,
214 0x61bd8ba0, 0xd11e42d1, 0xcead04f4, 0x127ea392, 0x10428db7,
215 0x8272a972, 0x9270c4a8, 0x127de50b,
216 0x285ba1c8, 0x3c62f44f, 0x35c0eaa5, 0xe805d231, 0x428929fb,
217 0xb4fcdf82, 0x4fb66a53, 0x0e7dc15b,
218 0x1f081fab, 0x108618ae, 0xfcfd086d, 0xf9ff2889, 0x694bcc11,
219 0x236a5cae, 0x12deca4d, 0x2c3f8cc5,
220 0xd2d02dfe, 0xf8ef5896, 0xe4cf52da, 0x95155b67, 0x494a488c,
221 0xb9b6a80c, 0x5c8f82bc, 0x89d36b45,
222 0x3a609437, 0xec00c9a9, 0x44715253, 0x0a874b49, 0xd773bc40,
223 0x7c34671c, 0x02717ef6, 0x4feb5536,
224 0xa2d02fff, 0xd2bf60c4, 0xd43f03c0, 0x50b4ef6d, 0x07478cd1,
225 0x006e1888, 0xa2e53f55, 0xb9e6d4bc,
226 0xa2048016, 0x97573833, 0xd7207d67, 0xde0f8f3d, 0x72f87b33,
227 0xabcc4f33, 0x7688c55d, 0x7b00a6b0,
228 0x947b0001, 0x570075d2, 0xf9bb88f8, 0x8942019e, 0x4264a5ff,
229 0x856302e0, 0x72dbd92b, 0xee971b69,
230 0x6ea22fde, 0x5f08ae2b, 0xaf7a616d, 0xe5c98767, 0xcf1febd2,
231 0x61efc8c2, 0xf1ac2571, 0xcc8239c2,
232 0x67214cb8, 0xb1e583d1, 0xb7dc3e62, 0x7f10bdce, 0xf90a5c38,
233 0x0ff0443d, 0x606e6dc6, 0x60543a49,
234 0x5727c148, 0x2be98a1d, 0x8ab41738, 0x20e1be24, 0xaf96da0f,
235 0x68458425, 0x99833be5, 0x600d457d,
236 0x282f9350, 0x8334b362, 0xd91d1120, 0x2b6d8da0, 0x642b1e31,
237 0x9c305a00, 0x52bce688, 0x1b03588a,
238 0xf7baefd5, 0x4142ed9c, 0xa4315c11, 0x83323ec5, 0xdfef4636,
239 0xa133c501, 0xe9d3531c, 0xee353783
240};
241static const u32 s4[256] = {
242 0x9db30420, 0x1fb6e9de, 0xa7be7bef, 0xd273a298, 0x4a4f7bdb,
243 0x64ad8c57, 0x85510443, 0xfa020ed1,
244 0x7e287aff, 0xe60fb663, 0x095f35a1, 0x79ebf120, 0xfd059d43,
245 0x6497b7b1, 0xf3641f63, 0x241e4adf,
246 0x28147f5f, 0x4fa2b8cd, 0xc9430040, 0x0cc32220, 0xfdd30b30,
247 0xc0a5374f, 0x1d2d00d9, 0x24147b15,
248 0xee4d111a, 0x0fca5167, 0x71ff904c, 0x2d195ffe, 0x1a05645f,
249 0x0c13fefe, 0x081b08ca, 0x05170121,
250 0x80530100, 0xe83e5efe, 0xac9af4f8, 0x7fe72701, 0xd2b8ee5f,
251 0x06df4261, 0xbb9e9b8a, 0x7293ea25,
252 0xce84ffdf, 0xf5718801, 0x3dd64b04, 0xa26f263b, 0x7ed48400,
253 0x547eebe6, 0x446d4ca0, 0x6cf3d6f5,
254 0x2649abdf, 0xaea0c7f5, 0x36338cc1, 0x503f7e93, 0xd3772061,
255 0x11b638e1, 0x72500e03, 0xf80eb2bb,
256 0xabe0502e, 0xec8d77de, 0x57971e81, 0xe14f6746, 0xc9335400,
257 0x6920318f, 0x081dbb99, 0xffc304a5,
258 0x4d351805, 0x7f3d5ce3, 0xa6c866c6, 0x5d5bcca9, 0xdaec6fea,
259 0x9f926f91, 0x9f46222f, 0x3991467d,
260 0xa5bf6d8e, 0x1143c44f, 0x43958302, 0xd0214eeb, 0x022083b8,
261 0x3fb6180c, 0x18f8931e, 0x281658e6,
262 0x26486e3e, 0x8bd78a70, 0x7477e4c1, 0xb506e07c, 0xf32d0a25,
263 0x79098b02, 0xe4eabb81, 0x28123b23,
264 0x69dead38, 0x1574ca16, 0xdf871b62, 0x211c40b7, 0xa51a9ef9,
265 0x0014377b, 0x041e8ac8, 0x09114003,
266 0xbd59e4d2, 0xe3d156d5, 0x4fe876d5, 0x2f91a340, 0x557be8de,
267 0x00eae4a7, 0x0ce5c2ec, 0x4db4bba6,
268 0xe756bdff, 0xdd3369ac, 0xec17b035, 0x06572327, 0x99afc8b0,
269 0x56c8c391, 0x6b65811c, 0x5e146119,
270 0x6e85cb75, 0xbe07c002, 0xc2325577, 0x893ff4ec, 0x5bbfc92d,
271 0xd0ec3b25, 0xb7801ab7, 0x8d6d3b24,
272 0x20c763ef, 0xc366a5fc, 0x9c382880, 0x0ace3205, 0xaac9548a,
273 0xeca1d7c7, 0x041afa32, 0x1d16625a,
274 0x6701902c, 0x9b757a54, 0x31d477f7, 0x9126b031, 0x36cc6fdb,
275 0xc70b8b46, 0xd9e66a48, 0x56e55a79,
276 0x026a4ceb, 0x52437eff, 0x2f8f76b4, 0x0df980a5, 0x8674cde3,
277 0xedda04eb, 0x17a9be04, 0x2c18f4df,
278 0xb7747f9d, 0xab2af7b4, 0xefc34d20, 0x2e096b7c, 0x1741a254,
279 0xe5b6a035, 0x213d42f6, 0x2c1c7c26,
280 0x61c2f50f, 0x6552daf9, 0xd2c231f8, 0x25130f69, 0xd8167fa2,
281 0x0418f2c8, 0x001a96a6, 0x0d1526ab,
282 0x63315c21, 0x5e0a72ec, 0x49bafefd, 0x187908d9, 0x8d0dbd86,
283 0x311170a7, 0x3e9b640c, 0xcc3e10d7,
284 0xd5cad3b6, 0x0caec388, 0xf73001e1, 0x6c728aff, 0x71eae2a1,
285 0x1f9af36e, 0xcfcbd12f, 0xc1de8417,
286 0xac07be6b, 0xcb44a1d8, 0x8b9b0f56, 0x013988c3, 0xb1c52fca,
287 0xb4be31cd, 0xd8782806, 0x12a3a4e2,
288 0x6f7de532, 0x58fd7eb6, 0xd01ee900, 0x24adffc2, 0xf4990fc5,
289 0x9711aac5, 0x001d7b95, 0x82e5e7d2,
290 0x109873f6, 0x00613096, 0xc32d9521, 0xada121ff, 0x29908415,
291 0x7fbb977f, 0xaf9eb3db, 0x29c9ed2a,
292 0x5ce2a465, 0xa730f32c, 0xd0aa3fe8, 0x8a5cc091, 0xd49e2ce7,
293 0x0ce454a9, 0xd60acd86, 0x015f1919,
294 0x77079103, 0xdea03af6, 0x78a8565e, 0xdee356df, 0x21f05cbe,
295 0x8b75e387, 0xb3c50651, 0xb8a5c3ef,
296 0xd8eeb6d2, 0xe523be77, 0xc2154529, 0x2f69efdf, 0xafe67afb,
297 0xf470c4b2, 0xf3e0eb5b, 0xd6cc9876,
298 0x39e4460c, 0x1fda8538, 0x1987832f, 0xca007367, 0xa99144f8,
299 0x296b299e, 0x492fc295, 0x9266beab,
300 0xb5676e69, 0x9bd3ddda, 0xdf7e052f, 0xdb25701c, 0x1b5e51ee,
301 0xf65324e6, 0x6afce36c, 0x0316cc04,
302 0x8644213e, 0xb7dc59d0, 0x7965291f, 0xccd6fd43, 0x41823979,
303 0x932bcdf6, 0xb657c34d, 0x4edfd282,
304 0x7ae5290c, 0x3cb9536b, 0x851e20fe, 0x9833557e, 0x13ecf0b0,
305 0xd3ffb372, 0x3f85c5c1, 0x0aef7ed2
306};
307static const u32 s5[256] = {
308 0x7ec90c04, 0x2c6e74b9, 0x9b0e66df, 0xa6337911, 0xb86a7fff,
309 0x1dd358f5, 0x44dd9d44, 0x1731167f,
310 0x08fbf1fa, 0xe7f511cc, 0xd2051b00, 0x735aba00, 0x2ab722d8,
311 0x386381cb, 0xacf6243a, 0x69befd7a,
312 0xe6a2e77f, 0xf0c720cd, 0xc4494816, 0xccf5c180, 0x38851640,
313 0x15b0a848, 0xe68b18cb, 0x4caadeff,
314 0x5f480a01, 0x0412b2aa, 0x259814fc, 0x41d0efe2, 0x4e40b48d,
315 0x248eb6fb, 0x8dba1cfe, 0x41a99b02,
316 0x1a550a04, 0xba8f65cb, 0x7251f4e7, 0x95a51725, 0xc106ecd7,
317 0x97a5980a, 0xc539b9aa, 0x4d79fe6a,
318 0xf2f3f763, 0x68af8040, 0xed0c9e56, 0x11b4958b, 0xe1eb5a88,
319 0x8709e6b0, 0xd7e07156, 0x4e29fea7,
320 0x6366e52d, 0x02d1c000, 0xc4ac8e05, 0x9377f571, 0x0c05372a,
321 0x578535f2, 0x2261be02, 0xd642a0c9,
322 0xdf13a280, 0x74b55bd2, 0x682199c0, 0xd421e5ec, 0x53fb3ce8,
323 0xc8adedb3, 0x28a87fc9, 0x3d959981,
324 0x5c1ff900, 0xfe38d399, 0x0c4eff0b, 0x062407ea, 0xaa2f4fb1,
325 0x4fb96976, 0x90c79505, 0xb0a8a774,
326 0xef55a1ff, 0xe59ca2c2, 0xa6b62d27, 0xe66a4263, 0xdf65001f,
327 0x0ec50966, 0xdfdd55bc, 0x29de0655,
328 0x911e739a, 0x17af8975, 0x32c7911c, 0x89f89468, 0x0d01e980,
329 0x524755f4, 0x03b63cc9, 0x0cc844b2,
330 0xbcf3f0aa, 0x87ac36e9, 0xe53a7426, 0x01b3d82b, 0x1a9e7449,
331 0x64ee2d7e, 0xcddbb1da, 0x01c94910,
332 0xb868bf80, 0x0d26f3fd, 0x9342ede7, 0x04a5c284, 0x636737b6,
333 0x50f5b616, 0xf24766e3, 0x8eca36c1,
334 0x136e05db, 0xfef18391, 0xfb887a37, 0xd6e7f7d4, 0xc7fb7dc9,
335 0x3063fcdf, 0xb6f589de, 0xec2941da,
336 0x26e46695, 0xb7566419, 0xf654efc5, 0xd08d58b7, 0x48925401,
337 0xc1bacb7f, 0xe5ff550f, 0xb6083049,
338 0x5bb5d0e8, 0x87d72e5a, 0xab6a6ee1, 0x223a66ce, 0xc62bf3cd,
339 0x9e0885f9, 0x68cb3e47, 0x086c010f,
340 0xa21de820, 0xd18b69de, 0xf3f65777, 0xfa02c3f6, 0x407edac3,
341 0xcbb3d550, 0x1793084d, 0xb0d70eba,
342 0x0ab378d5, 0xd951fb0c, 0xded7da56, 0x4124bbe4, 0x94ca0b56,
343 0x0f5755d1, 0xe0e1e56e, 0x6184b5be,
344 0x580a249f, 0x94f74bc0, 0xe327888e, 0x9f7b5561, 0xc3dc0280,
345 0x05687715, 0x646c6bd7, 0x44904db3,
346 0x66b4f0a3, 0xc0f1648a, 0x697ed5af, 0x49e92ff6, 0x309e374f,
347 0x2cb6356a, 0x85808573, 0x4991f840,
348 0x76f0ae02, 0x083be84d, 0x28421c9a, 0x44489406, 0x736e4cb8,
349 0xc1092910, 0x8bc95fc6, 0x7d869cf4,
350 0x134f616f, 0x2e77118d, 0xb31b2be1, 0xaa90b472, 0x3ca5d717,
351 0x7d161bba, 0x9cad9010, 0xaf462ba2,
352 0x9fe459d2, 0x45d34559, 0xd9f2da13, 0xdbc65487, 0xf3e4f94e,
353 0x176d486f, 0x097c13ea, 0x631da5c7,
354 0x445f7382, 0x175683f4, 0xcdc66a97, 0x70be0288, 0xb3cdcf72,
355 0x6e5dd2f3, 0x20936079, 0x459b80a5,
356 0xbe60e2db, 0xa9c23101, 0xeba5315c, 0x224e42f2, 0x1c5c1572,
357 0xf6721b2c, 0x1ad2fff3, 0x8c25404e,
358 0x324ed72f, 0x4067b7fd, 0x0523138e, 0x5ca3bc78, 0xdc0fd66e,
359 0x75922283, 0x784d6b17, 0x58ebb16e,
360 0x44094f85, 0x3f481d87, 0xfcfeae7b, 0x77b5ff76, 0x8c2302bf,
361 0xaaf47556, 0x5f46b02a, 0x2b092801,
362 0x3d38f5f7, 0x0ca81f36, 0x52af4a8a, 0x66d5e7c0, 0xdf3b0874,
363 0x95055110, 0x1b5ad7a8, 0xf61ed5ad,
364 0x6cf6e479, 0x20758184, 0xd0cefa65, 0x88f7be58, 0x4a046826,
365 0x0ff6f8f3, 0xa09c7f70, 0x5346aba0,
366 0x5ce96c28, 0xe176eda3, 0x6bac307f, 0x376829d2, 0x85360fa9,
367 0x17e3fe2a, 0x24b79767, 0xf5a96b20,
368 0xd6cd2595, 0x68ff1ebf, 0x7555442c, 0xf19f06be, 0xf9e0659a,
369 0xeeb9491d, 0x34010718, 0xbb30cab8,
370 0xe822fe15, 0x88570983, 0x750e6249, 0xda627e55, 0x5e76ffa8,
371 0xb1534546, 0x6d47de08, 0xefe9e7d4
372};
373static const u32 s6[256] = {
374 0xf6fa8f9d, 0x2cac6ce1, 0x4ca34867, 0xe2337f7c, 0x95db08e7,
375 0x016843b4, 0xeced5cbc, 0x325553ac,
376 0xbf9f0960, 0xdfa1e2ed, 0x83f0579d, 0x63ed86b9, 0x1ab6a6b8,
377 0xde5ebe39, 0xf38ff732, 0x8989b138,
378 0x33f14961, 0xc01937bd, 0xf506c6da, 0xe4625e7e, 0xa308ea99,
379 0x4e23e33c, 0x79cbd7cc, 0x48a14367,
380 0xa3149619, 0xfec94bd5, 0xa114174a, 0xeaa01866, 0xa084db2d,
381 0x09a8486f, 0xa888614a, 0x2900af98,
382 0x01665991, 0xe1992863, 0xc8f30c60, 0x2e78ef3c, 0xd0d51932,
383 0xcf0fec14, 0xf7ca07d2, 0xd0a82072,
384 0xfd41197e, 0x9305a6b0, 0xe86be3da, 0x74bed3cd, 0x372da53c,
385 0x4c7f4448, 0xdab5d440, 0x6dba0ec3,
386 0x083919a7, 0x9fbaeed9, 0x49dbcfb0, 0x4e670c53, 0x5c3d9c01,
387 0x64bdb941, 0x2c0e636a, 0xba7dd9cd,
388 0xea6f7388, 0xe70bc762, 0x35f29adb, 0x5c4cdd8d, 0xf0d48d8c,
389 0xb88153e2, 0x08a19866, 0x1ae2eac8,
390 0x284caf89, 0xaa928223, 0x9334be53, 0x3b3a21bf, 0x16434be3,
391 0x9aea3906, 0xefe8c36e, 0xf890cdd9,
392 0x80226dae, 0xc340a4a3, 0xdf7e9c09, 0xa694a807, 0x5b7c5ecc,
393 0x221db3a6, 0x9a69a02f, 0x68818a54,
394 0xceb2296f, 0x53c0843a, 0xfe893655, 0x25bfe68a, 0xb4628abc,
395 0xcf222ebf, 0x25ac6f48, 0xa9a99387,
396 0x53bddb65, 0xe76ffbe7, 0xe967fd78, 0x0ba93563, 0x8e342bc1,
397 0xe8a11be9, 0x4980740d, 0xc8087dfc,
398 0x8de4bf99, 0xa11101a0, 0x7fd37975, 0xda5a26c0, 0xe81f994f,
399 0x9528cd89, 0xfd339fed, 0xb87834bf,
400 0x5f04456d, 0x22258698, 0xc9c4c83b, 0x2dc156be, 0x4f628daa,
401 0x57f55ec5, 0xe2220abe, 0xd2916ebf,
402 0x4ec75b95, 0x24f2c3c0, 0x42d15d99, 0xcd0d7fa0, 0x7b6e27ff,
403 0xa8dc8af0, 0x7345c106, 0xf41e232f,
404 0x35162386, 0xe6ea8926, 0x3333b094, 0x157ec6f2, 0x372b74af,
405 0x692573e4, 0xe9a9d848, 0xf3160289,
406 0x3a62ef1d, 0xa787e238, 0xf3a5f676, 0x74364853, 0x20951063,
407 0x4576698d, 0xb6fad407, 0x592af950,
408 0x36f73523, 0x4cfb6e87, 0x7da4cec0, 0x6c152daa, 0xcb0396a8,
409 0xc50dfe5d, 0xfcd707ab, 0x0921c42f,
410 0x89dff0bb, 0x5fe2be78, 0x448f4f33, 0x754613c9, 0x2b05d08d,
411 0x48b9d585, 0xdc049441, 0xc8098f9b,
412 0x7dede786, 0xc39a3373, 0x42410005, 0x6a091751, 0x0ef3c8a6,
413 0x890072d6, 0x28207682, 0xa9a9f7be,
414 0xbf32679d, 0xd45b5b75, 0xb353fd00, 0xcbb0e358, 0x830f220a,
415 0x1f8fb214, 0xd372cf08, 0xcc3c4a13,
416 0x8cf63166, 0x061c87be, 0x88c98f88, 0x6062e397, 0x47cf8e7a,
417 0xb6c85283, 0x3cc2acfb, 0x3fc06976,
418 0x4e8f0252, 0x64d8314d, 0xda3870e3, 0x1e665459, 0xc10908f0,
419 0x513021a5, 0x6c5b68b7, 0x822f8aa0,
420 0x3007cd3e, 0x74719eef, 0xdc872681, 0x073340d4, 0x7e432fd9,
421 0x0c5ec241, 0x8809286c, 0xf592d891,
422 0x08a930f6, 0x957ef305, 0xb7fbffbd, 0xc266e96f, 0x6fe4ac98,
423 0xb173ecc0, 0xbc60b42a, 0x953498da,
424 0xfba1ae12, 0x2d4bd736, 0x0f25faab, 0xa4f3fceb, 0xe2969123,
425 0x257f0c3d, 0x9348af49, 0x361400bc,
426 0xe8816f4a, 0x3814f200, 0xa3f94043, 0x9c7a54c2, 0xbc704f57,
427 0xda41e7f9, 0xc25ad33a, 0x54f4a084,
428 0xb17f5505, 0x59357cbe, 0xedbd15c8, 0x7f97c5ab, 0xba5ac7b5,
429 0xb6f6deaf, 0x3a479c3a, 0x5302da25,
430 0x653d7e6a, 0x54268d49, 0x51a477ea, 0x5017d55b, 0xd7d25d88,
431 0x44136c76, 0x0404a8c8, 0xb8e5a121,
432 0xb81a928a, 0x60ed5869, 0x97c55b96, 0xeaec991b, 0x29935913,
433 0x01fdb7f1, 0x088e8dfa, 0x9ab6f6f5,
434 0x3b4cbf9f, 0x4a5de3ab, 0xe6051d35, 0xa0e1d855, 0xd36b4cf1,
435 0xf544edeb, 0xb0e93524, 0xbebb8fbd,
436 0xa2d762cf, 0x49c92f54, 0x38b5f331, 0x7128a454, 0x48392905,
437 0xa65b1db8, 0x851c97bd, 0xd675cf2f
438};
439static const u32 s7[256] = {
440 0x85e04019, 0x332bf567, 0x662dbfff, 0xcfc65693, 0x2a8d7f6f,
441 0xab9bc912, 0xde6008a1, 0x2028da1f,
442 0x0227bce7, 0x4d642916, 0x18fac300, 0x50f18b82, 0x2cb2cb11,
443 0xb232e75c, 0x4b3695f2, 0xb28707de,
444 0xa05fbcf6, 0xcd4181e9, 0xe150210c, 0xe24ef1bd, 0xb168c381,
445 0xfde4e789, 0x5c79b0d8, 0x1e8bfd43,
446 0x4d495001, 0x38be4341, 0x913cee1d, 0x92a79c3f, 0x089766be,
447 0xbaeeadf4, 0x1286becf, 0xb6eacb19,
448 0x2660c200, 0x7565bde4, 0x64241f7a, 0x8248dca9, 0xc3b3ad66,
449 0x28136086, 0x0bd8dfa8, 0x356d1cf2,
450 0x107789be, 0xb3b2e9ce, 0x0502aa8f, 0x0bc0351e, 0x166bf52a,
451 0xeb12ff82, 0xe3486911, 0xd34d7516,
452 0x4e7b3aff, 0x5f43671b, 0x9cf6e037, 0x4981ac83, 0x334266ce,
453 0x8c9341b7, 0xd0d854c0, 0xcb3a6c88,
454 0x47bc2829, 0x4725ba37, 0xa66ad22b, 0x7ad61f1e, 0x0c5cbafa,
455 0x4437f107, 0xb6e79962, 0x42d2d816,
456 0x0a961288, 0xe1a5c06e, 0x13749e67, 0x72fc081a, 0xb1d139f7,
457 0xf9583745, 0xcf19df58, 0xbec3f756,
458 0xc06eba30, 0x07211b24, 0x45c28829, 0xc95e317f, 0xbc8ec511,
459 0x38bc46e9, 0xc6e6fa14, 0xbae8584a,
460 0xad4ebc46, 0x468f508b, 0x7829435f, 0xf124183b, 0x821dba9f,
461 0xaff60ff4, 0xea2c4e6d, 0x16e39264,
462 0x92544a8b, 0x009b4fc3, 0xaba68ced, 0x9ac96f78, 0x06a5b79a,
463 0xb2856e6e, 0x1aec3ca9, 0xbe838688,
464 0x0e0804e9, 0x55f1be56, 0xe7e5363b, 0xb3a1f25d, 0xf7debb85,
465 0x61fe033c, 0x16746233, 0x3c034c28,
466 0xda6d0c74, 0x79aac56c, 0x3ce4e1ad, 0x51f0c802, 0x98f8f35a,
467 0x1626a49f, 0xeed82b29, 0x1d382fe3,
468 0x0c4fb99a, 0xbb325778, 0x3ec6d97b, 0x6e77a6a9, 0xcb658b5c,
469 0xd45230c7, 0x2bd1408b, 0x60c03eb7,
470 0xb9068d78, 0xa33754f4, 0xf430c87d, 0xc8a71302, 0xb96d8c32,
471 0xebd4e7be, 0xbe8b9d2d, 0x7979fb06,
472 0xe7225308, 0x8b75cf77, 0x11ef8da4, 0xe083c858, 0x8d6b786f,
473 0x5a6317a6, 0xfa5cf7a0, 0x5dda0033,
474 0xf28ebfb0, 0xf5b9c310, 0xa0eac280, 0x08b9767a, 0xa3d9d2b0,
475 0x79d34217, 0x021a718d, 0x9ac6336a,
476 0x2711fd60, 0x438050e3, 0x069908a8, 0x3d7fedc4, 0x826d2bef,
477 0x4eeb8476, 0x488dcf25, 0x36c9d566,
478 0x28e74e41, 0xc2610aca, 0x3d49a9cf, 0xbae3b9df, 0xb65f8de6,
479 0x92aeaf64, 0x3ac7d5e6, 0x9ea80509,
480 0xf22b017d, 0xa4173f70, 0xdd1e16c3, 0x15e0d7f9, 0x50b1b887,
481 0x2b9f4fd5, 0x625aba82, 0x6a017962,
482 0x2ec01b9c, 0x15488aa9, 0xd716e740, 0x40055a2c, 0x93d29a22,
483 0xe32dbf9a, 0x058745b9, 0x3453dc1e,
484 0xd699296e, 0x496cff6f, 0x1c9f4986, 0xdfe2ed07, 0xb87242d1,
485 0x19de7eae, 0x053e561a, 0x15ad6f8c,
486 0x66626c1c, 0x7154c24c, 0xea082b2a, 0x93eb2939, 0x17dcb0f0,
487 0x58d4f2ae, 0x9ea294fb, 0x52cf564c,
488 0x9883fe66, 0x2ec40581, 0x763953c3, 0x01d6692e, 0xd3a0c108,
489 0xa1e7160e, 0xe4f2dfa6, 0x693ed285,
490 0x74904698, 0x4c2b0edd, 0x4f757656, 0x5d393378, 0xa132234f,
491 0x3d321c5d, 0xc3f5e194, 0x4b269301,
492 0xc79f022f, 0x3c997e7e, 0x5e4f9504, 0x3ffafbbd, 0x76f7ad0e,
493 0x296693f4, 0x3d1fce6f, 0xc61e45be,
494 0xd3b5ab34, 0xf72bf9b7, 0x1b0434c0, 0x4e72b567, 0x5592a33d,
495 0xb5229301, 0xcfd2a87f, 0x60aeb767,
496 0x1814386b, 0x30bcc33d, 0x38a0c07d, 0xfd1606f2, 0xc363519b,
497 0x589dd390, 0x5479f8e6, 0x1cb8d647,
498 0x97fd61a9, 0xea7759f4, 0x2d57539d, 0x569a58cf, 0xe84e63ad,
499 0x462e1b78, 0x6580f87e, 0xf3817914,
500 0x91da55f4, 0x40a230f3, 0xd1988f35, 0xb6e318d2, 0x3ffa50bc,
501 0x3d40f021, 0xc3c0bdae, 0x4958c24c,
502 0x518f36b2, 0x84b1d370, 0x0fedce83, 0x878ddada, 0xf2a279c7,
503 0x94e01be8, 0x90716f4b, 0x954b8aa3
504};
505static const u32 sb8[256] = {
506 0xe216300d, 0xbbddfffc, 0xa7ebdabd, 0x35648095, 0x7789f8b7,
507 0xe6c1121b, 0x0e241600, 0x052ce8b5,
508 0x11a9cfb0, 0xe5952f11, 0xece7990a, 0x9386d174, 0x2a42931c,
509 0x76e38111, 0xb12def3a, 0x37ddddfc,
510 0xde9adeb1, 0x0a0cc32c, 0xbe197029, 0x84a00940, 0xbb243a0f,
511 0xb4d137cf, 0xb44e79f0, 0x049eedfd,
512 0x0b15a15d, 0x480d3168, 0x8bbbde5a, 0x669ded42, 0xc7ece831,
513 0x3f8f95e7, 0x72df191b, 0x7580330d,
514 0x94074251, 0x5c7dcdfa, 0xabbe6d63, 0xaa402164, 0xb301d40a,
515 0x02e7d1ca, 0x53571dae, 0x7a3182a2,
516 0x12a8ddec, 0xfdaa335d, 0x176f43e8, 0x71fb46d4, 0x38129022,
517 0xce949ad4, 0xb84769ad, 0x965bd862,
518 0x82f3d055, 0x66fb9767, 0x15b80b4e, 0x1d5b47a0, 0x4cfde06f,
519 0xc28ec4b8, 0x57e8726e, 0x647a78fc,
520 0x99865d44, 0x608bd593, 0x6c200e03, 0x39dc5ff6, 0x5d0b00a3,
521 0xae63aff2, 0x7e8bd632, 0x70108c0c,
522 0xbbd35049, 0x2998df04, 0x980cf42a, 0x9b6df491, 0x9e7edd53,
523 0x06918548, 0x58cb7e07, 0x3b74ef2e,
524 0x522fffb1, 0xd24708cc, 0x1c7e27cd, 0xa4eb215b, 0x3cf1d2e2,
525 0x19b47a38, 0x424f7618, 0x35856039,
526 0x9d17dee7, 0x27eb35e6, 0xc9aff67b, 0x36baf5b8, 0x09c467cd,
527 0xc18910b1, 0xe11dbf7b, 0x06cd1af8,
528 0x7170c608, 0x2d5e3354, 0xd4de495a, 0x64c6d006, 0xbcc0c62c,
529 0x3dd00db3, 0x708f8f34, 0x77d51b42,
530 0x264f620f, 0x24b8d2bf, 0x15c1b79e, 0x46a52564, 0xf8d7e54e,
531 0x3e378160, 0x7895cda5, 0x859c15a5,
532 0xe6459788, 0xc37bc75f, 0xdb07ba0c, 0x0676a3ab, 0x7f229b1e,
533 0x31842e7b, 0x24259fd7, 0xf8bef472,
534 0x835ffcb8, 0x6df4c1f2, 0x96f5b195, 0xfd0af0fc, 0xb0fe134c,
535 0xe2506d3d, 0x4f9b12ea, 0xf215f225,
536 0xa223736f, 0x9fb4c428, 0x25d04979, 0x34c713f8, 0xc4618187,
537 0xea7a6e98, 0x7cd16efc, 0x1436876c,
538 0xf1544107, 0xbedeee14, 0x56e9af27, 0xa04aa441, 0x3cf7c899,
539 0x92ecbae6, 0xdd67016d, 0x151682eb,
540 0xa842eedf, 0xfdba60b4, 0xf1907b75, 0x20e3030f, 0x24d8c29e,
541 0xe139673b, 0xefa63fb8, 0x71873054,
542 0xb6f2cf3b, 0x9f326442, 0xcb15a4cc, 0xb01a4504, 0xf1e47d8d,
543 0x844a1be5, 0xbae7dfdc, 0x42cbda70,
544 0xcd7dae0a, 0x57e85b7a, 0xd53f5af6, 0x20cf4d8c, 0xcea4d428,
545 0x79d130a4, 0x3486ebfb, 0x33d3cddc,
546 0x77853b53, 0x37effcb5, 0xc5068778, 0xe580b3e6, 0x4e68b8f4,
547 0xc5c8b37e, 0x0d809ea2, 0x398feb7c,
548 0x132a4f94, 0x43b7950e, 0x2fee7d1c, 0x223613bd, 0xdd06caa2,
549 0x37df932b, 0xc4248289, 0xacf3ebc3,
550 0x5715f6b7, 0xef3478dd, 0xf267616f, 0xc148cbe4, 0x9052815e,
551 0x5e410fab, 0xb48a2465, 0x2eda7fa4,
552 0xe87b40e4, 0xe98ea084, 0x5889e9e1, 0xefd390fc, 0xdd07d35b,
553 0xdb485694, 0x38d7e5b2, 0x57720101,
554 0x730edebc, 0x5b643113, 0x94917e4f, 0x503c2fba, 0x646f1282,
555 0x7523d24a, 0xe0779695, 0xf9c17a8f,
556 0x7a5b2121, 0xd187b896, 0x29263a4d, 0xba510cdf, 0x81f47c9f,
557 0xad1163ed, 0xea7b5965, 0x1a00726e,
558 0x11403092, 0x00da6d77, 0x4a0cdd61, 0xad1f4603, 0x605bdfb0,
559 0x9eedc364, 0x22ebe6a8, 0xcee7d28a,
560 0xa0e736a0, 0x5564a6b9, 0x10853209, 0xc7eb8f37, 0x2de705ca,
561 0x8951570f, 0xdf09822b, 0xbd691a6c,
562 0xaa12e4f2, 0x87451c0f, 0xe0f6a27a, 0x3ada4819, 0x4cf1764f,
563 0x0d771c2b, 0x67cdb156, 0x350d8384,
564 0x5938fa0f, 0x42399ef3, 0x36997b07, 0x0e84093d, 0x4aa93e61,
565 0x8360d87b, 0x1fa98b0c, 0x1149382c,
566 0xe97625a5, 0x0614d1b7, 0x0e25244b, 0x0c768347, 0x589e8d82,
567 0x0d2059d1, 0xa466bb1e, 0xf8da0a82,
568 0x04f19130, 0xba6e4ec0, 0x99265164, 0x1ee7230d, 0x50b2ad80,
569 0xeaee6801, 0x8db2a283, 0xea8bf59e
570};
571
572#define F1(D, m, r) ((I = ((m) + (D))), (I = rol32(I, (r))), \
573 (((s1[I >> 24] ^ s2[(I>>16)&0xff]) - s3[(I>>8)&0xff]) + s4[I&0xff]))
574#define F2(D, m, r) ((I = ((m) ^ (D))), (I = rol32(I, (r))), \
575 (((s1[I >> 24] - s2[(I>>16)&0xff]) + s3[(I>>8)&0xff]) ^ s4[I&0xff]))
576#define F3(D, m, r) ((I = ((m) - (D))), (I = rol32(I, (r))), \
577 (((s1[I >> 24] + s2[(I>>16)&0xff]) ^ s3[(I>>8)&0xff]) - s4[I&0xff]))
578
579
580static void cast5_encrypt(struct crypto_tfm *tfm, u8 *outbuf, const u8 *inbuf)
581{
582 struct cast5_ctx *c = crypto_tfm_ctx(tfm);
583 const __be32 *src = (const __be32 *)inbuf;
584 __be32 *dst = (__be32 *)outbuf;
585 u32 l, r, t;
586 u32 I; /* used by the Fx macros */
587 u32 *Km;
588 u8 *Kr;
589
590 Km = c->Km;
591 Kr = c->Kr;
592
593 /* (L0,R0) <-- (m1...m64). (Split the plaintext into left and
594 * right 32-bit halves L0 = m1...m32 and R0 = m33...m64.)
595 */
596 l = be32_to_cpu(src[0]);
597 r = be32_to_cpu(src[1]);
598
599 /* (16 rounds) for i from 1 to 16, compute Li and Ri as follows:
600 * Li = Ri-1;
601 * Ri = Li-1 ^ f(Ri-1,Kmi,Kri), where f is defined in Section 2.2
602 * Rounds 1, 4, 7, 10, 13, and 16 use f function Type 1.
603 * Rounds 2, 5, 8, 11, and 14 use f function Type 2.
604 * Rounds 3, 6, 9, 12, and 15 use f function Type 3.
605 */
606
607 t = l; l = r; r = t ^ F1(r, Km[0], Kr[0]);
608 t = l; l = r; r = t ^ F2(r, Km[1], Kr[1]);
609 t = l; l = r; r = t ^ F3(r, Km[2], Kr[2]);
610 t = l; l = r; r = t ^ F1(r, Km[3], Kr[3]);
611 t = l; l = r; r = t ^ F2(r, Km[4], Kr[4]);
612 t = l; l = r; r = t ^ F3(r, Km[5], Kr[5]);
613 t = l; l = r; r = t ^ F1(r, Km[6], Kr[6]);
614 t = l; l = r; r = t ^ F2(r, Km[7], Kr[7]);
615 t = l; l = r; r = t ^ F3(r, Km[8], Kr[8]);
616 t = l; l = r; r = t ^ F1(r, Km[9], Kr[9]);
617 t = l; l = r; r = t ^ F2(r, Km[10], Kr[10]);
618 t = l; l = r; r = t ^ F3(r, Km[11], Kr[11]);
619 if (!(c->rr)) {
620 t = l; l = r; r = t ^ F1(r, Km[12], Kr[12]);
621 t = l; l = r; r = t ^ F2(r, Km[13], Kr[13]);
622 t = l; l = r; r = t ^ F3(r, Km[14], Kr[14]);
623 t = l; l = r; r = t ^ F1(r, Km[15], Kr[15]);
624 }
625
626 /* c1...c64 <-- (R16,L16). (Exchange final blocks L16, R16 and
627 * concatenate to form the ciphertext.) */
628 dst[0] = cpu_to_be32(r);
629 dst[1] = cpu_to_be32(l);
630}
631
632static void cast5_decrypt(struct crypto_tfm *tfm, u8 *outbuf, const u8 *inbuf)
633{
634 struct cast5_ctx *c = crypto_tfm_ctx(tfm);
635 const __be32 *src = (const __be32 *)inbuf;
636 __be32 *dst = (__be32 *)outbuf;
637 u32 l, r, t;
638 u32 I;
639 u32 *Km;
640 u8 *Kr;
641
642 Km = c->Km;
643 Kr = c->Kr;
644
645 l = be32_to_cpu(src[0]);
646 r = be32_to_cpu(src[1]);
647
648 if (!(c->rr)) {
649 t = l; l = r; r = t ^ F1(r, Km[15], Kr[15]);
650 t = l; l = r; r = t ^ F3(r, Km[14], Kr[14]);
651 t = l; l = r; r = t ^ F2(r, Km[13], Kr[13]);
652 t = l; l = r; r = t ^ F1(r, Km[12], Kr[12]);
653 }
654 t = l; l = r; r = t ^ F3(r, Km[11], Kr[11]);
655 t = l; l = r; r = t ^ F2(r, Km[10], Kr[10]);
656 t = l; l = r; r = t ^ F1(r, Km[9], Kr[9]);
657 t = l; l = r; r = t ^ F3(r, Km[8], Kr[8]);
658 t = l; l = r; r = t ^ F2(r, Km[7], Kr[7]);
659 t = l; l = r; r = t ^ F1(r, Km[6], Kr[6]);
660 t = l; l = r; r = t ^ F3(r, Km[5], Kr[5]);
661 t = l; l = r; r = t ^ F2(r, Km[4], Kr[4]);
662 t = l; l = r; r = t ^ F1(r, Km[3], Kr[3]);
663 t = l; l = r; r = t ^ F3(r, Km[2], Kr[2]);
664 t = l; l = r; r = t ^ F2(r, Km[1], Kr[1]);
665 t = l; l = r; r = t ^ F1(r, Km[0], Kr[0]);
666
667 dst[0] = cpu_to_be32(r);
668 dst[1] = cpu_to_be32(l);
669}
670
671static void key_schedule(u32 *x, u32 *z, u32 *k)
672{
673
674#define xi(i) ((x[(i)/4] >> (8*(3-((i)%4)))) & 0xff)
675#define zi(i) ((z[(i)/4] >> (8*(3-((i)%4)))) & 0xff)
676
677 z[0] = x[0] ^ s5[xi(13)] ^ s6[xi(15)] ^ s7[xi(12)] ^ sb8[xi(14)] ^
678 s7[xi(8)];
679 z[1] = x[2] ^ s5[zi(0)] ^ s6[zi(2)] ^ s7[zi(1)] ^ sb8[zi(3)] ^
680 sb8[xi(10)];
681 z[2] = x[3] ^ s5[zi(7)] ^ s6[zi(6)] ^ s7[zi(5)] ^ sb8[zi(4)] ^
682 s5[xi(9)];
683 z[3] = x[1] ^ s5[zi(10)] ^ s6[zi(9)] ^ s7[zi(11)] ^ sb8[zi(8)] ^
684 s6[xi(11)];
685 k[0] = s5[zi(8)] ^ s6[zi(9)] ^ s7[zi(7)] ^ sb8[zi(6)] ^ s5[zi(2)];
686 k[1] = s5[zi(10)] ^ s6[zi(11)] ^ s7[zi(5)] ^ sb8[zi(4)] ^
687 s6[zi(6)];
688 k[2] = s5[zi(12)] ^ s6[zi(13)] ^ s7[zi(3)] ^ sb8[zi(2)] ^
689 s7[zi(9)];
690 k[3] = s5[zi(14)] ^ s6[zi(15)] ^ s7[zi(1)] ^ sb8[zi(0)] ^
691 sb8[zi(12)];
692
693 x[0] = z[2] ^ s5[zi(5)] ^ s6[zi(7)] ^ s7[zi(4)] ^ sb8[zi(6)] ^
694 s7[zi(0)];
695 x[1] = z[0] ^ s5[xi(0)] ^ s6[xi(2)] ^ s7[xi(1)] ^ sb8[xi(3)] ^
696 sb8[zi(2)];
697 x[2] = z[1] ^ s5[xi(7)] ^ s6[xi(6)] ^ s7[xi(5)] ^ sb8[xi(4)] ^
698 s5[zi(1)];
699 x[3] = z[3] ^ s5[xi(10)] ^ s6[xi(9)] ^ s7[xi(11)] ^ sb8[xi(8)] ^
700 s6[zi(3)];
701 k[4] = s5[xi(3)] ^ s6[xi(2)] ^ s7[xi(12)] ^ sb8[xi(13)] ^
702 s5[xi(8)];
703 k[5] = s5[xi(1)] ^ s6[xi(0)] ^ s7[xi(14)] ^ sb8[xi(15)] ^
704 s6[xi(13)];
705 k[6] = s5[xi(7)] ^ s6[xi(6)] ^ s7[xi(8)] ^ sb8[xi(9)] ^ s7[xi(3)];
706 k[7] = s5[xi(5)] ^ s6[xi(4)] ^ s7[xi(10)] ^ sb8[xi(11)] ^
707 sb8[xi(7)];
708
709 z[0] = x[0] ^ s5[xi(13)] ^ s6[xi(15)] ^ s7[xi(12)] ^ sb8[xi(14)] ^
710 s7[xi(8)];
711 z[1] = x[2] ^ s5[zi(0)] ^ s6[zi(2)] ^ s7[zi(1)] ^ sb8[zi(3)] ^
712 sb8[xi(10)];
713 z[2] = x[3] ^ s5[zi(7)] ^ s6[zi(6)] ^ s7[zi(5)] ^ sb8[zi(4)] ^
714 s5[xi(9)];
715 z[3] = x[1] ^ s5[zi(10)] ^ s6[zi(9)] ^ s7[zi(11)] ^ sb8[zi(8)] ^
716 s6[xi(11)];
717 k[8] = s5[zi(3)] ^ s6[zi(2)] ^ s7[zi(12)] ^ sb8[zi(13)] ^
718 s5[zi(9)];
719 k[9] = s5[zi(1)] ^ s6[zi(0)] ^ s7[zi(14)] ^ sb8[zi(15)] ^
720 s6[zi(12)];
721 k[10] = s5[zi(7)] ^ s6[zi(6)] ^ s7[zi(8)] ^ sb8[zi(9)] ^ s7[zi(2)];
722 k[11] = s5[zi(5)] ^ s6[zi(4)] ^ s7[zi(10)] ^ sb8[zi(11)] ^
723 sb8[zi(6)];
724
725 x[0] = z[2] ^ s5[zi(5)] ^ s6[zi(7)] ^ s7[zi(4)] ^ sb8[zi(6)] ^
726 s7[zi(0)];
727 x[1] = z[0] ^ s5[xi(0)] ^ s6[xi(2)] ^ s7[xi(1)] ^ sb8[xi(3)] ^
728 sb8[zi(2)];
729 x[2] = z[1] ^ s5[xi(7)] ^ s6[xi(6)] ^ s7[xi(5)] ^ sb8[xi(4)] ^
730 s5[zi(1)];
731 x[3] = z[3] ^ s5[xi(10)] ^ s6[xi(9)] ^ s7[xi(11)] ^ sb8[xi(8)] ^
732 s6[zi(3)];
733 k[12] = s5[xi(8)] ^ s6[xi(9)] ^ s7[xi(7)] ^ sb8[xi(6)] ^ s5[xi(3)];
734 k[13] = s5[xi(10)] ^ s6[xi(11)] ^ s7[xi(5)] ^ sb8[xi(4)] ^
735 s6[xi(7)];
736 k[14] = s5[xi(12)] ^ s6[xi(13)] ^ s7[xi(3)] ^ sb8[xi(2)] ^
737 s7[xi(8)];
738 k[15] = s5[xi(14)] ^ s6[xi(15)] ^ s7[xi(1)] ^ sb8[xi(0)] ^
739 sb8[xi(13)];
740
741#undef xi
742#undef zi
743}
744
745
746static int cast5_setkey(struct crypto_tfm *tfm, const u8 *key, unsigned key_len)
747{
748 struct cast5_ctx *c = crypto_tfm_ctx(tfm);
749 int i;
750 u32 x[4];
751 u32 z[4];
752 u32 k[16];
753 __be32 p_key[4];
754
755 c->rr = key_len <= 10 ? 1 : 0;
756
757 memset(p_key, 0, 16);
758 memcpy(p_key, key, key_len);
759
760
761 x[0] = be32_to_cpu(p_key[0]);
762 x[1] = be32_to_cpu(p_key[1]);
763 x[2] = be32_to_cpu(p_key[2]);
764 x[3] = be32_to_cpu(p_key[3]);
765
766 key_schedule(x, z, k);
767 for (i = 0; i < 16; i++)
768 c->Km[i] = k[i];
769 key_schedule(x, z, k);
770 for (i = 0; i < 16; i++)
771 c->Kr[i] = k[i] & 0x1f;
772 return 0;
773}
774
775static struct crypto_alg alg = {
776 .cra_name = "cast5",
777 .cra_flags = CRYPTO_ALG_TYPE_CIPHER,
778 .cra_blocksize = CAST5_BLOCK_SIZE,
779 .cra_ctxsize = sizeof(struct cast5_ctx),
780 .cra_alignmask = 3,
781 .cra_module = THIS_MODULE,
782 .cra_list = LIST_HEAD_INIT(alg.cra_list),
783 .cra_u = {
784 .cipher = {
785 .cia_min_keysize = CAST5_MIN_KEY_SIZE,
786 .cia_max_keysize = CAST5_MAX_KEY_SIZE,
787 .cia_setkey = cast5_setkey,
788 .cia_encrypt = cast5_encrypt,
789 .cia_decrypt = cast5_decrypt
790 }
791 }
792};
793
794static int __init cast5_mod_init(void)
795{
796 return crypto_register_alg(&alg);
797}
798
799static void __exit cast5_mod_fini(void)
800{
801 crypto_unregister_alg(&alg);
802}
803
804module_init(cast5_mod_init);
805module_exit(cast5_mod_fini);
806
807MODULE_LICENSE("GPL");
808MODULE_DESCRIPTION("Cast5 Cipher Algorithm");
809
diff --git a/crypto/cast6.c b/crypto/cast6.c
new file mode 100644
index 00000000000..e0c15a6c7c3
--- /dev/null
+++ b/crypto/cast6.c
@@ -0,0 +1,547 @@
1/* Kernel cryptographic api.
2 * cast6.c - Cast6 cipher algorithm [rfc2612].
3 *
4 * CAST-256 (*cast6*) is a DES like Substitution-Permutation Network (SPN)
5 * cryptosystem built upon the CAST-128 (*cast5*) [rfc2144] encryption
6 * algorithm.
7 *
8 * Copyright (C) 2003 Kartikey Mahendra Bhatt <kartik_me@hotmail.com>.
9 *
10 * This program is free software; you can redistribute it and/or modify it
11 * under the terms of GNU General Public License as published by the Free
12 * Software Foundation; either version 2 of the License, or (at your option)
13 * any later version.
14 *
15 * You should have received a copy of the GNU General Public License
16 * along with this program; if not, write to the Free Software
17 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
18 */
19
20
21#include <asm/byteorder.h>
22#include <linux/init.h>
23#include <linux/crypto.h>
24#include <linux/module.h>
25#include <linux/errno.h>
26#include <linux/string.h>
27#include <linux/types.h>
28
29#define CAST6_BLOCK_SIZE 16
30#define CAST6_MIN_KEY_SIZE 16
31#define CAST6_MAX_KEY_SIZE 32
32
33struct cast6_ctx {
34 u32 Km[12][4];
35 u8 Kr[12][4];
36};
37
38#define F1(D, r, m) ((I = ((m) + (D))), (I = rol32(I, (r))), \
39 (((s1[I >> 24] ^ s2[(I>>16)&0xff]) - s3[(I>>8)&0xff]) + s4[I&0xff]))
40#define F2(D, r, m) ((I = ((m) ^ (D))), (I = rol32(I, (r))), \
41 (((s1[I >> 24] - s2[(I>>16)&0xff]) + s3[(I>>8)&0xff]) ^ s4[I&0xff]))
42#define F3(D, r, m) ((I = ((m) - (D))), (I = rol32(I, (r))), \
43 (((s1[I >> 24] + s2[(I>>16)&0xff]) ^ s3[(I>>8)&0xff]) - s4[I&0xff]))
44
45static const u32 s1[256] = {
46 0x30fb40d4, 0x9fa0ff0b, 0x6beccd2f, 0x3f258c7a, 0x1e213f2f,
47 0x9c004dd3, 0x6003e540, 0xcf9fc949,
48 0xbfd4af27, 0x88bbbdb5, 0xe2034090, 0x98d09675, 0x6e63a0e0,
49 0x15c361d2, 0xc2e7661d, 0x22d4ff8e,
50 0x28683b6f, 0xc07fd059, 0xff2379c8, 0x775f50e2, 0x43c340d3,
51 0xdf2f8656, 0x887ca41a, 0xa2d2bd2d,
52 0xa1c9e0d6, 0x346c4819, 0x61b76d87, 0x22540f2f, 0x2abe32e1,
53 0xaa54166b, 0x22568e3a, 0xa2d341d0,
54 0x66db40c8, 0xa784392f, 0x004dff2f, 0x2db9d2de, 0x97943fac,
55 0x4a97c1d8, 0x527644b7, 0xb5f437a7,
56 0xb82cbaef, 0xd751d159, 0x6ff7f0ed, 0x5a097a1f, 0x827b68d0,
57 0x90ecf52e, 0x22b0c054, 0xbc8e5935,
58 0x4b6d2f7f, 0x50bb64a2, 0xd2664910, 0xbee5812d, 0xb7332290,
59 0xe93b159f, 0xb48ee411, 0x4bff345d,
60 0xfd45c240, 0xad31973f, 0xc4f6d02e, 0x55fc8165, 0xd5b1caad,
61 0xa1ac2dae, 0xa2d4b76d, 0xc19b0c50,
62 0x882240f2, 0x0c6e4f38, 0xa4e4bfd7, 0x4f5ba272, 0x564c1d2f,
63 0xc59c5319, 0xb949e354, 0xb04669fe,
64 0xb1b6ab8a, 0xc71358dd, 0x6385c545, 0x110f935d, 0x57538ad5,
65 0x6a390493, 0xe63d37e0, 0x2a54f6b3,
66 0x3a787d5f, 0x6276a0b5, 0x19a6fcdf, 0x7a42206a, 0x29f9d4d5,
67 0xf61b1891, 0xbb72275e, 0xaa508167,
68 0x38901091, 0xc6b505eb, 0x84c7cb8c, 0x2ad75a0f, 0x874a1427,
69 0xa2d1936b, 0x2ad286af, 0xaa56d291,
70 0xd7894360, 0x425c750d, 0x93b39e26, 0x187184c9, 0x6c00b32d,
71 0x73e2bb14, 0xa0bebc3c, 0x54623779,
72 0x64459eab, 0x3f328b82, 0x7718cf82, 0x59a2cea6, 0x04ee002e,
73 0x89fe78e6, 0x3fab0950, 0x325ff6c2,
74 0x81383f05, 0x6963c5c8, 0x76cb5ad6, 0xd49974c9, 0xca180dcf,
75 0x380782d5, 0xc7fa5cf6, 0x8ac31511,
76 0x35e79e13, 0x47da91d0, 0xf40f9086, 0xa7e2419e, 0x31366241,
77 0x051ef495, 0xaa573b04, 0x4a805d8d,
78 0x548300d0, 0x00322a3c, 0xbf64cddf, 0xba57a68e, 0x75c6372b,
79 0x50afd341, 0xa7c13275, 0x915a0bf5,
80 0x6b54bfab, 0x2b0b1426, 0xab4cc9d7, 0x449ccd82, 0xf7fbf265,
81 0xab85c5f3, 0x1b55db94, 0xaad4e324,
82 0xcfa4bd3f, 0x2deaa3e2, 0x9e204d02, 0xc8bd25ac, 0xeadf55b3,
83 0xd5bd9e98, 0xe31231b2, 0x2ad5ad6c,
84 0x954329de, 0xadbe4528, 0xd8710f69, 0xaa51c90f, 0xaa786bf6,
85 0x22513f1e, 0xaa51a79b, 0x2ad344cc,
86 0x7b5a41f0, 0xd37cfbad, 0x1b069505, 0x41ece491, 0xb4c332e6,
87 0x032268d4, 0xc9600acc, 0xce387e6d,
88 0xbf6bb16c, 0x6a70fb78, 0x0d03d9c9, 0xd4df39de, 0xe01063da,
89 0x4736f464, 0x5ad328d8, 0xb347cc96,
90 0x75bb0fc3, 0x98511bfb, 0x4ffbcc35, 0xb58bcf6a, 0xe11f0abc,
91 0xbfc5fe4a, 0xa70aec10, 0xac39570a,
92 0x3f04442f, 0x6188b153, 0xe0397a2e, 0x5727cb79, 0x9ceb418f,
93 0x1cacd68d, 0x2ad37c96, 0x0175cb9d,
94 0xc69dff09, 0xc75b65f0, 0xd9db40d8, 0xec0e7779, 0x4744ead4,
95 0xb11c3274, 0xdd24cb9e, 0x7e1c54bd,
96 0xf01144f9, 0xd2240eb1, 0x9675b3fd, 0xa3ac3755, 0xd47c27af,
97 0x51c85f4d, 0x56907596, 0xa5bb15e6,
98 0x580304f0, 0xca042cf1, 0x011a37ea, 0x8dbfaadb, 0x35ba3e4a,
99 0x3526ffa0, 0xc37b4d09, 0xbc306ed9,
100 0x98a52666, 0x5648f725, 0xff5e569d, 0x0ced63d0, 0x7c63b2cf,
101 0x700b45e1, 0xd5ea50f1, 0x85a92872,
102 0xaf1fbda7, 0xd4234870, 0xa7870bf3, 0x2d3b4d79, 0x42e04198,
103 0x0cd0ede7, 0x26470db8, 0xf881814c,
104 0x474d6ad7, 0x7c0c5e5c, 0xd1231959, 0x381b7298, 0xf5d2f4db,
105 0xab838653, 0x6e2f1e23, 0x83719c9e,
106 0xbd91e046, 0x9a56456e, 0xdc39200c, 0x20c8c571, 0x962bda1c,
107 0xe1e696ff, 0xb141ab08, 0x7cca89b9,
108 0x1a69e783, 0x02cc4843, 0xa2f7c579, 0x429ef47d, 0x427b169c,
109 0x5ac9f049, 0xdd8f0f00, 0x5c8165bf
110};
111
112static const u32 s2[256] = {
113 0x1f201094, 0xef0ba75b, 0x69e3cf7e, 0x393f4380, 0xfe61cf7a,
114 0xeec5207a, 0x55889c94, 0x72fc0651,
115 0xada7ef79, 0x4e1d7235, 0xd55a63ce, 0xde0436ba, 0x99c430ef,
116 0x5f0c0794, 0x18dcdb7d, 0xa1d6eff3,
117 0xa0b52f7b, 0x59e83605, 0xee15b094, 0xe9ffd909, 0xdc440086,
118 0xef944459, 0xba83ccb3, 0xe0c3cdfb,
119 0xd1da4181, 0x3b092ab1, 0xf997f1c1, 0xa5e6cf7b, 0x01420ddb,
120 0xe4e7ef5b, 0x25a1ff41, 0xe180f806,
121 0x1fc41080, 0x179bee7a, 0xd37ac6a9, 0xfe5830a4, 0x98de8b7f,
122 0x77e83f4e, 0x79929269, 0x24fa9f7b,
123 0xe113c85b, 0xacc40083, 0xd7503525, 0xf7ea615f, 0x62143154,
124 0x0d554b63, 0x5d681121, 0xc866c359,
125 0x3d63cf73, 0xcee234c0, 0xd4d87e87, 0x5c672b21, 0x071f6181,
126 0x39f7627f, 0x361e3084, 0xe4eb573b,
127 0x602f64a4, 0xd63acd9c, 0x1bbc4635, 0x9e81032d, 0x2701f50c,
128 0x99847ab4, 0xa0e3df79, 0xba6cf38c,
129 0x10843094, 0x2537a95e, 0xf46f6ffe, 0xa1ff3b1f, 0x208cfb6a,
130 0x8f458c74, 0xd9e0a227, 0x4ec73a34,
131 0xfc884f69, 0x3e4de8df, 0xef0e0088, 0x3559648d, 0x8a45388c,
132 0x1d804366, 0x721d9bfd, 0xa58684bb,
133 0xe8256333, 0x844e8212, 0x128d8098, 0xfed33fb4, 0xce280ae1,
134 0x27e19ba5, 0xd5a6c252, 0xe49754bd,
135 0xc5d655dd, 0xeb667064, 0x77840b4d, 0xa1b6a801, 0x84db26a9,
136 0xe0b56714, 0x21f043b7, 0xe5d05860,
137 0x54f03084, 0x066ff472, 0xa31aa153, 0xdadc4755, 0xb5625dbf,
138 0x68561be6, 0x83ca6b94, 0x2d6ed23b,
139 0xeccf01db, 0xa6d3d0ba, 0xb6803d5c, 0xaf77a709, 0x33b4a34c,
140 0x397bc8d6, 0x5ee22b95, 0x5f0e5304,
141 0x81ed6f61, 0x20e74364, 0xb45e1378, 0xde18639b, 0x881ca122,
142 0xb96726d1, 0x8049a7e8, 0x22b7da7b,
143 0x5e552d25, 0x5272d237, 0x79d2951c, 0xc60d894c, 0x488cb402,
144 0x1ba4fe5b, 0xa4b09f6b, 0x1ca815cf,
145 0xa20c3005, 0x8871df63, 0xb9de2fcb, 0x0cc6c9e9, 0x0beeff53,
146 0xe3214517, 0xb4542835, 0x9f63293c,
147 0xee41e729, 0x6e1d2d7c, 0x50045286, 0x1e6685f3, 0xf33401c6,
148 0x30a22c95, 0x31a70850, 0x60930f13,
149 0x73f98417, 0xa1269859, 0xec645c44, 0x52c877a9, 0xcdff33a6,
150 0xa02b1741, 0x7cbad9a2, 0x2180036f,
151 0x50d99c08, 0xcb3f4861, 0xc26bd765, 0x64a3f6ab, 0x80342676,
152 0x25a75e7b, 0xe4e6d1fc, 0x20c710e6,
153 0xcdf0b680, 0x17844d3b, 0x31eef84d, 0x7e0824e4, 0x2ccb49eb,
154 0x846a3bae, 0x8ff77888, 0xee5d60f6,
155 0x7af75673, 0x2fdd5cdb, 0xa11631c1, 0x30f66f43, 0xb3faec54,
156 0x157fd7fa, 0xef8579cc, 0xd152de58,
157 0xdb2ffd5e, 0x8f32ce19, 0x306af97a, 0x02f03ef8, 0x99319ad5,
158 0xc242fa0f, 0xa7e3ebb0, 0xc68e4906,
159 0xb8da230c, 0x80823028, 0xdcdef3c8, 0xd35fb171, 0x088a1bc8,
160 0xbec0c560, 0x61a3c9e8, 0xbca8f54d,
161 0xc72feffa, 0x22822e99, 0x82c570b4, 0xd8d94e89, 0x8b1c34bc,
162 0x301e16e6, 0x273be979, 0xb0ffeaa6,
163 0x61d9b8c6, 0x00b24869, 0xb7ffce3f, 0x08dc283b, 0x43daf65a,
164 0xf7e19798, 0x7619b72f, 0x8f1c9ba4,
165 0xdc8637a0, 0x16a7d3b1, 0x9fc393b7, 0xa7136eeb, 0xc6bcc63e,
166 0x1a513742, 0xef6828bc, 0x520365d6,
167 0x2d6a77ab, 0x3527ed4b, 0x821fd216, 0x095c6e2e, 0xdb92f2fb,
168 0x5eea29cb, 0x145892f5, 0x91584f7f,
169 0x5483697b, 0x2667a8cc, 0x85196048, 0x8c4bacea, 0x833860d4,
170 0x0d23e0f9, 0x6c387e8a, 0x0ae6d249,
171 0xb284600c, 0xd835731d, 0xdcb1c647, 0xac4c56ea, 0x3ebd81b3,
172 0x230eabb0, 0x6438bc87, 0xf0b5b1fa,
173 0x8f5ea2b3, 0xfc184642, 0x0a036b7a, 0x4fb089bd, 0x649da589,
174 0xa345415e, 0x5c038323, 0x3e5d3bb9,
175 0x43d79572, 0x7e6dd07c, 0x06dfdf1e, 0x6c6cc4ef, 0x7160a539,
176 0x73bfbe70, 0x83877605, 0x4523ecf1
177};
178
179static const u32 s3[256] = {
180 0x8defc240, 0x25fa5d9f, 0xeb903dbf, 0xe810c907, 0x47607fff,
181 0x369fe44b, 0x8c1fc644, 0xaececa90,
182 0xbeb1f9bf, 0xeefbcaea, 0xe8cf1950, 0x51df07ae, 0x920e8806,
183 0xf0ad0548, 0xe13c8d83, 0x927010d5,
184 0x11107d9f, 0x07647db9, 0xb2e3e4d4, 0x3d4f285e, 0xb9afa820,
185 0xfade82e0, 0xa067268b, 0x8272792e,
186 0x553fb2c0, 0x489ae22b, 0xd4ef9794, 0x125e3fbc, 0x21fffcee,
187 0x825b1bfd, 0x9255c5ed, 0x1257a240,
188 0x4e1a8302, 0xbae07fff, 0x528246e7, 0x8e57140e, 0x3373f7bf,
189 0x8c9f8188, 0xa6fc4ee8, 0xc982b5a5,
190 0xa8c01db7, 0x579fc264, 0x67094f31, 0xf2bd3f5f, 0x40fff7c1,
191 0x1fb78dfc, 0x8e6bd2c1, 0x437be59b,
192 0x99b03dbf, 0xb5dbc64b, 0x638dc0e6, 0x55819d99, 0xa197c81c,
193 0x4a012d6e, 0xc5884a28, 0xccc36f71,
194 0xb843c213, 0x6c0743f1, 0x8309893c, 0x0feddd5f, 0x2f7fe850,
195 0xd7c07f7e, 0x02507fbf, 0x5afb9a04,
196 0xa747d2d0, 0x1651192e, 0xaf70bf3e, 0x58c31380, 0x5f98302e,
197 0x727cc3c4, 0x0a0fb402, 0x0f7fef82,
198 0x8c96fdad, 0x5d2c2aae, 0x8ee99a49, 0x50da88b8, 0x8427f4a0,
199 0x1eac5790, 0x796fb449, 0x8252dc15,
200 0xefbd7d9b, 0xa672597d, 0xada840d8, 0x45f54504, 0xfa5d7403,
201 0xe83ec305, 0x4f91751a, 0x925669c2,
202 0x23efe941, 0xa903f12e, 0x60270df2, 0x0276e4b6, 0x94fd6574,
203 0x927985b2, 0x8276dbcb, 0x02778176,
204 0xf8af918d, 0x4e48f79e, 0x8f616ddf, 0xe29d840e, 0x842f7d83,
205 0x340ce5c8, 0x96bbb682, 0x93b4b148,
206 0xef303cab, 0x984faf28, 0x779faf9b, 0x92dc560d, 0x224d1e20,
207 0x8437aa88, 0x7d29dc96, 0x2756d3dc,
208 0x8b907cee, 0xb51fd240, 0xe7c07ce3, 0xe566b4a1, 0xc3e9615e,
209 0x3cf8209d, 0x6094d1e3, 0xcd9ca341,
210 0x5c76460e, 0x00ea983b, 0xd4d67881, 0xfd47572c, 0xf76cedd9,
211 0xbda8229c, 0x127dadaa, 0x438a074e,
212 0x1f97c090, 0x081bdb8a, 0x93a07ebe, 0xb938ca15, 0x97b03cff,
213 0x3dc2c0f8, 0x8d1ab2ec, 0x64380e51,
214 0x68cc7bfb, 0xd90f2788, 0x12490181, 0x5de5ffd4, 0xdd7ef86a,
215 0x76a2e214, 0xb9a40368, 0x925d958f,
216 0x4b39fffa, 0xba39aee9, 0xa4ffd30b, 0xfaf7933b, 0x6d498623,
217 0x193cbcfa, 0x27627545, 0x825cf47a,
218 0x61bd8ba0, 0xd11e42d1, 0xcead04f4, 0x127ea392, 0x10428db7,
219 0x8272a972, 0x9270c4a8, 0x127de50b,
220 0x285ba1c8, 0x3c62f44f, 0x35c0eaa5, 0xe805d231, 0x428929fb,
221 0xb4fcdf82, 0x4fb66a53, 0x0e7dc15b,
222 0x1f081fab, 0x108618ae, 0xfcfd086d, 0xf9ff2889, 0x694bcc11,
223 0x236a5cae, 0x12deca4d, 0x2c3f8cc5,
224 0xd2d02dfe, 0xf8ef5896, 0xe4cf52da, 0x95155b67, 0x494a488c,
225 0xb9b6a80c, 0x5c8f82bc, 0x89d36b45,
226 0x3a609437, 0xec00c9a9, 0x44715253, 0x0a874b49, 0xd773bc40,
227 0x7c34671c, 0x02717ef6, 0x4feb5536,
228 0xa2d02fff, 0xd2bf60c4, 0xd43f03c0, 0x50b4ef6d, 0x07478cd1,
229 0x006e1888, 0xa2e53f55, 0xb9e6d4bc,
230 0xa2048016, 0x97573833, 0xd7207d67, 0xde0f8f3d, 0x72f87b33,
231 0xabcc4f33, 0x7688c55d, 0x7b00a6b0,
232 0x947b0001, 0x570075d2, 0xf9bb88f8, 0x8942019e, 0x4264a5ff,
233 0x856302e0, 0x72dbd92b, 0xee971b69,
234 0x6ea22fde, 0x5f08ae2b, 0xaf7a616d, 0xe5c98767, 0xcf1febd2,
235 0x61efc8c2, 0xf1ac2571, 0xcc8239c2,
236 0x67214cb8, 0xb1e583d1, 0xb7dc3e62, 0x7f10bdce, 0xf90a5c38,
237 0x0ff0443d, 0x606e6dc6, 0x60543a49,
238 0x5727c148, 0x2be98a1d, 0x8ab41738, 0x20e1be24, 0xaf96da0f,
239 0x68458425, 0x99833be5, 0x600d457d,
240 0x282f9350, 0x8334b362, 0xd91d1120, 0x2b6d8da0, 0x642b1e31,
241 0x9c305a00, 0x52bce688, 0x1b03588a,
242 0xf7baefd5, 0x4142ed9c, 0xa4315c11, 0x83323ec5, 0xdfef4636,
243 0xa133c501, 0xe9d3531c, 0xee353783
244};
245
246static const u32 s4[256] = {
247 0x9db30420, 0x1fb6e9de, 0xa7be7bef, 0xd273a298, 0x4a4f7bdb,
248 0x64ad8c57, 0x85510443, 0xfa020ed1,
249 0x7e287aff, 0xe60fb663, 0x095f35a1, 0x79ebf120, 0xfd059d43,
250 0x6497b7b1, 0xf3641f63, 0x241e4adf,
251 0x28147f5f, 0x4fa2b8cd, 0xc9430040, 0x0cc32220, 0xfdd30b30,
252 0xc0a5374f, 0x1d2d00d9, 0x24147b15,
253 0xee4d111a, 0x0fca5167, 0x71ff904c, 0x2d195ffe, 0x1a05645f,
254 0x0c13fefe, 0x081b08ca, 0x05170121,
255 0x80530100, 0xe83e5efe, 0xac9af4f8, 0x7fe72701, 0xd2b8ee5f,
256 0x06df4261, 0xbb9e9b8a, 0x7293ea25,
257 0xce84ffdf, 0xf5718801, 0x3dd64b04, 0xa26f263b, 0x7ed48400,
258 0x547eebe6, 0x446d4ca0, 0x6cf3d6f5,
259 0x2649abdf, 0xaea0c7f5, 0x36338cc1, 0x503f7e93, 0xd3772061,
260 0x11b638e1, 0x72500e03, 0xf80eb2bb,
261 0xabe0502e, 0xec8d77de, 0x57971e81, 0xe14f6746, 0xc9335400,
262 0x6920318f, 0x081dbb99, 0xffc304a5,
263 0x4d351805, 0x7f3d5ce3, 0xa6c866c6, 0x5d5bcca9, 0xdaec6fea,
264 0x9f926f91, 0x9f46222f, 0x3991467d,
265 0xa5bf6d8e, 0x1143c44f, 0x43958302, 0xd0214eeb, 0x022083b8,
266 0x3fb6180c, 0x18f8931e, 0x281658e6,
267 0x26486e3e, 0x8bd78a70, 0x7477e4c1, 0xb506e07c, 0xf32d0a25,
268 0x79098b02, 0xe4eabb81, 0x28123b23,
269 0x69dead38, 0x1574ca16, 0xdf871b62, 0x211c40b7, 0xa51a9ef9,
270 0x0014377b, 0x041e8ac8, 0x09114003,
271 0xbd59e4d2, 0xe3d156d5, 0x4fe876d5, 0x2f91a340, 0x557be8de,
272 0x00eae4a7, 0x0ce5c2ec, 0x4db4bba6,
273 0xe756bdff, 0xdd3369ac, 0xec17b035, 0x06572327, 0x99afc8b0,
274 0x56c8c391, 0x6b65811c, 0x5e146119,
275 0x6e85cb75, 0xbe07c002, 0xc2325577, 0x893ff4ec, 0x5bbfc92d,
276 0xd0ec3b25, 0xb7801ab7, 0x8d6d3b24,
277 0x20c763ef, 0xc366a5fc, 0x9c382880, 0x0ace3205, 0xaac9548a,
278 0xeca1d7c7, 0x041afa32, 0x1d16625a,
279 0x6701902c, 0x9b757a54, 0x31d477f7, 0x9126b031, 0x36cc6fdb,
280 0xc70b8b46, 0xd9e66a48, 0x56e55a79,
281 0x026a4ceb, 0x52437eff, 0x2f8f76b4, 0x0df980a5, 0x8674cde3,
282 0xedda04eb, 0x17a9be04, 0x2c18f4df,
283 0xb7747f9d, 0xab2af7b4, 0xefc34d20, 0x2e096b7c, 0x1741a254,
284 0xe5b6a035, 0x213d42f6, 0x2c1c7c26,
285 0x61c2f50f, 0x6552daf9, 0xd2c231f8, 0x25130f69, 0xd8167fa2,
286 0x0418f2c8, 0x001a96a6, 0x0d1526ab,
287 0x63315c21, 0x5e0a72ec, 0x49bafefd, 0x187908d9, 0x8d0dbd86,
288 0x311170a7, 0x3e9b640c, 0xcc3e10d7,
289 0xd5cad3b6, 0x0caec388, 0xf73001e1, 0x6c728aff, 0x71eae2a1,
290 0x1f9af36e, 0xcfcbd12f, 0xc1de8417,
291 0xac07be6b, 0xcb44a1d8, 0x8b9b0f56, 0x013988c3, 0xb1c52fca,
292 0xb4be31cd, 0xd8782806, 0x12a3a4e2,
293 0x6f7de532, 0x58fd7eb6, 0xd01ee900, 0x24adffc2, 0xf4990fc5,
294 0x9711aac5, 0x001d7b95, 0x82e5e7d2,
295 0x109873f6, 0x00613096, 0xc32d9521, 0xada121ff, 0x29908415,
296 0x7fbb977f, 0xaf9eb3db, 0x29c9ed2a,
297 0x5ce2a465, 0xa730f32c, 0xd0aa3fe8, 0x8a5cc091, 0xd49e2ce7,
298 0x0ce454a9, 0xd60acd86, 0x015f1919,
299 0x77079103, 0xdea03af6, 0x78a8565e, 0xdee356df, 0x21f05cbe,
300 0x8b75e387, 0xb3c50651, 0xb8a5c3ef,
301 0xd8eeb6d2, 0xe523be77, 0xc2154529, 0x2f69efdf, 0xafe67afb,
302 0xf470c4b2, 0xf3e0eb5b, 0xd6cc9876,
303 0x39e4460c, 0x1fda8538, 0x1987832f, 0xca007367, 0xa99144f8,
304 0x296b299e, 0x492fc295, 0x9266beab,
305 0xb5676e69, 0x9bd3ddda, 0xdf7e052f, 0xdb25701c, 0x1b5e51ee,
306 0xf65324e6, 0x6afce36c, 0x0316cc04,
307 0x8644213e, 0xb7dc59d0, 0x7965291f, 0xccd6fd43, 0x41823979,
308 0x932bcdf6, 0xb657c34d, 0x4edfd282,
309 0x7ae5290c, 0x3cb9536b, 0x851e20fe, 0x9833557e, 0x13ecf0b0,
310 0xd3ffb372, 0x3f85c5c1, 0x0aef7ed2
311};
312
313static const u32 Tm[24][8] = {
314 { 0x5a827999, 0xc95c653a, 0x383650db, 0xa7103c7c, 0x15ea281d,
315 0x84c413be, 0xf39dff5f, 0x6277eb00 } ,
316 { 0xd151d6a1, 0x402bc242, 0xaf05ade3, 0x1ddf9984, 0x8cb98525,
317 0xfb9370c6, 0x6a6d5c67, 0xd9474808 } ,
318 { 0x482133a9, 0xb6fb1f4a, 0x25d50aeb, 0x94aef68c, 0x0388e22d,
319 0x7262cdce, 0xe13cb96f, 0x5016a510 } ,
320 { 0xbef090b1, 0x2dca7c52, 0x9ca467f3, 0x0b7e5394, 0x7a583f35,
321 0xe9322ad6, 0x580c1677, 0xc6e60218 } ,
322 { 0x35bfedb9, 0xa499d95a, 0x1373c4fb, 0x824db09c, 0xf1279c3d,
323 0x600187de, 0xcedb737f, 0x3db55f20 } ,
324 { 0xac8f4ac1, 0x1b693662, 0x8a432203, 0xf91d0da4, 0x67f6f945,
325 0xd6d0e4e6, 0x45aad087, 0xb484bc28 } ,
326 { 0x235ea7c9, 0x9238936a, 0x01127f0b, 0x6fec6aac, 0xdec6564d,
327 0x4da041ee, 0xbc7a2d8f, 0x2b541930 } ,
328 { 0x9a2e04d1, 0x0907f072, 0x77e1dc13, 0xe6bbc7b4, 0x5595b355,
329 0xc46f9ef6, 0x33498a97, 0xa2237638 } ,
330 { 0x10fd61d9, 0x7fd74d7a, 0xeeb1391b, 0x5d8b24bc, 0xcc65105d,
331 0x3b3efbfe, 0xaa18e79f, 0x18f2d340 } ,
332 { 0x87ccbee1, 0xf6a6aa82, 0x65809623, 0xd45a81c4, 0x43346d65,
333 0xb20e5906, 0x20e844a7, 0x8fc23048 } ,
334 { 0xfe9c1be9, 0x6d76078a, 0xdc4ff32b, 0x4b29decc, 0xba03ca6d,
335 0x28ddb60e, 0x97b7a1af, 0x06918d50 } ,
336 { 0x756b78f1, 0xe4456492, 0x531f5033, 0xc1f93bd4, 0x30d32775,
337 0x9fad1316, 0x0e86feb7, 0x7d60ea58 } ,
338 { 0xec3ad5f9, 0x5b14c19a, 0xc9eead3b, 0x38c898dc, 0xa7a2847d,
339 0x167c701e, 0x85565bbf, 0xf4304760 } ,
340 { 0x630a3301, 0xd1e41ea2, 0x40be0a43, 0xaf97f5e4, 0x1e71e185,
341 0x8d4bcd26, 0xfc25b8c7, 0x6affa468 } ,
342 { 0xd9d99009, 0x48b37baa, 0xb78d674b, 0x266752ec, 0x95413e8d,
343 0x041b2a2e, 0x72f515cf, 0xe1cf0170 } ,
344 { 0x50a8ed11, 0xbf82d8b2, 0x2e5cc453, 0x9d36aff4, 0x0c109b95,
345 0x7aea8736, 0xe9c472d7, 0x589e5e78 } ,
346 { 0xc7784a19, 0x365235ba, 0xa52c215b, 0x14060cfc, 0x82dff89d,
347 0xf1b9e43e, 0x6093cfdf, 0xcf6dbb80 } ,
348 { 0x3e47a721, 0xad2192c2, 0x1bfb7e63, 0x8ad56a04, 0xf9af55a5,
349 0x68894146, 0xd7632ce7, 0x463d1888 } ,
350 { 0xb5170429, 0x23f0efca, 0x92cadb6b, 0x01a4c70c, 0x707eb2ad,
351 0xdf589e4e, 0x4e3289ef, 0xbd0c7590 } ,
352 { 0x2be66131, 0x9ac04cd2, 0x099a3873, 0x78742414, 0xe74e0fb5,
353 0x5627fb56, 0xc501e6f7, 0x33dbd298 } ,
354 { 0xa2b5be39, 0x118fa9da, 0x8069957b, 0xef43811c, 0x5e1d6cbd,
355 0xccf7585e, 0x3bd143ff, 0xaaab2fa0 } ,
356 { 0x19851b41, 0x885f06e2, 0xf738f283, 0x6612de24, 0xd4ecc9c5,
357 0x43c6b566, 0xb2a0a107, 0x217a8ca8 } ,
358 { 0x90547849, 0xff2e63ea, 0x6e084f8b, 0xdce23b2c, 0x4bbc26cd,
359 0xba96126e, 0x296ffe0f, 0x9849e9b0 } ,
360 { 0x0723d551, 0x75fdc0f2, 0xe4d7ac93, 0x53b19834, 0xc28b83d5,
361 0x31656f76, 0xa03f5b17, 0x0f1946b8 }
362};
363
364static const u8 Tr[4][8] = {
365 { 0x13, 0x04, 0x15, 0x06, 0x17, 0x08, 0x19, 0x0a } ,
366 { 0x1b, 0x0c, 0x1d, 0x0e, 0x1f, 0x10, 0x01, 0x12 } ,
367 { 0x03, 0x14, 0x05, 0x16, 0x07, 0x18, 0x09, 0x1a } ,
368 { 0x0b, 0x1c, 0x0d, 0x1e, 0x0f, 0x00, 0x11, 0x02 }
369};
370
371/* forward octave */
372static void W(u32 *key, unsigned int i)
373{
374 u32 I;
375 key[6] ^= F1(key[7], Tr[i % 4][0], Tm[i][0]);
376 key[5] ^= F2(key[6], Tr[i % 4][1], Tm[i][1]);
377 key[4] ^= F3(key[5], Tr[i % 4][2], Tm[i][2]);
378 key[3] ^= F1(key[4], Tr[i % 4][3], Tm[i][3]);
379 key[2] ^= F2(key[3], Tr[i % 4][4], Tm[i][4]);
380 key[1] ^= F3(key[2], Tr[i % 4][5], Tm[i][5]);
381 key[0] ^= F1(key[1], Tr[i % 4][6], Tm[i][6]);
382 key[7] ^= F2(key[0], Tr[i % 4][7], Tm[i][7]);
383}
384
385static int cast6_setkey(struct crypto_tfm *tfm, const u8 *in_key,
386 unsigned key_len)
387{
388 int i;
389 u32 key[8];
390 __be32 p_key[8]; /* padded key */
391 struct cast6_ctx *c = crypto_tfm_ctx(tfm);
392 u32 *flags = &tfm->crt_flags;
393
394 if (key_len % 4 != 0) {
395 *flags |= CRYPTO_TFM_RES_BAD_KEY_LEN;
396 return -EINVAL;
397 }
398
399 memset(p_key, 0, 32);
400 memcpy(p_key, in_key, key_len);
401
402 key[0] = be32_to_cpu(p_key[0]); /* A */
403 key[1] = be32_to_cpu(p_key[1]); /* B */
404 key[2] = be32_to_cpu(p_key[2]); /* C */
405 key[3] = be32_to_cpu(p_key[3]); /* D */
406 key[4] = be32_to_cpu(p_key[4]); /* E */
407 key[5] = be32_to_cpu(p_key[5]); /* F */
408 key[6] = be32_to_cpu(p_key[6]); /* G */
409 key[7] = be32_to_cpu(p_key[7]); /* H */
410
411 for (i = 0; i < 12; i++) {
412 W(key, 2 * i);
413 W(key, 2 * i + 1);
414
415 c->Kr[i][0] = key[0] & 0x1f;
416 c->Kr[i][1] = key[2] & 0x1f;
417 c->Kr[i][2] = key[4] & 0x1f;
418 c->Kr[i][3] = key[6] & 0x1f;
419
420 c->Km[i][0] = key[7];
421 c->Km[i][1] = key[5];
422 c->Km[i][2] = key[3];
423 c->Km[i][3] = key[1];
424 }
425
426 return 0;
427}
428
429/*forward quad round*/
430static void Q(u32 *block, u8 *Kr, u32 *Km)
431{
432 u32 I;
433 block[2] ^= F1(block[3], Kr[0], Km[0]);
434 block[1] ^= F2(block[2], Kr[1], Km[1]);
435 block[0] ^= F3(block[1], Kr[2], Km[2]);
436 block[3] ^= F1(block[0], Kr[3], Km[3]);
437}
438
439/*reverse quad round*/
440static void QBAR(u32 *block, u8 *Kr, u32 *Km)
441{
442 u32 I;
443 block[3] ^= F1(block[0], Kr[3], Km[3]);
444 block[0] ^= F3(block[1], Kr[2], Km[2]);
445 block[1] ^= F2(block[2], Kr[1], Km[1]);
446 block[2] ^= F1(block[3], Kr[0], Km[0]);
447}
448
449static void cast6_encrypt(struct crypto_tfm *tfm, u8 *outbuf, const u8 *inbuf)
450{
451 struct cast6_ctx *c = crypto_tfm_ctx(tfm);
452 const __be32 *src = (const __be32 *)inbuf;
453 __be32 *dst = (__be32 *)outbuf;
454 u32 block[4];
455 u32 *Km;
456 u8 *Kr;
457
458 block[0] = be32_to_cpu(src[0]);
459 block[1] = be32_to_cpu(src[1]);
460 block[2] = be32_to_cpu(src[2]);
461 block[3] = be32_to_cpu(src[3]);
462
463 Km = c->Km[0]; Kr = c->Kr[0]; Q(block, Kr, Km);
464 Km = c->Km[1]; Kr = c->Kr[1]; Q(block, Kr, Km);
465 Km = c->Km[2]; Kr = c->Kr[2]; Q(block, Kr, Km);
466 Km = c->Km[3]; Kr = c->Kr[3]; Q(block, Kr, Km);
467 Km = c->Km[4]; Kr = c->Kr[4]; Q(block, Kr, Km);
468 Km = c->Km[5]; Kr = c->Kr[5]; Q(block, Kr, Km);
469 Km = c->Km[6]; Kr = c->Kr[6]; QBAR(block, Kr, Km);
470 Km = c->Km[7]; Kr = c->Kr[7]; QBAR(block, Kr, Km);
471 Km = c->Km[8]; Kr = c->Kr[8]; QBAR(block, Kr, Km);
472 Km = c->Km[9]; Kr = c->Kr[9]; QBAR(block, Kr, Km);
473 Km = c->Km[10]; Kr = c->Kr[10]; QBAR(block, Kr, Km);
474 Km = c->Km[11]; Kr = c->Kr[11]; QBAR(block, Kr, Km);
475
476 dst[0] = cpu_to_be32(block[0]);
477 dst[1] = cpu_to_be32(block[1]);
478 dst[2] = cpu_to_be32(block[2]);
479 dst[3] = cpu_to_be32(block[3]);
480}
481
482static void cast6_decrypt(struct crypto_tfm *tfm, u8 *outbuf, const u8 *inbuf)
483{
484 struct cast6_ctx *c = crypto_tfm_ctx(tfm);
485 const __be32 *src = (const __be32 *)inbuf;
486 __be32 *dst = (__be32 *)outbuf;
487 u32 block[4];
488 u32 *Km;
489 u8 *Kr;
490
491 block[0] = be32_to_cpu(src[0]);
492 block[1] = be32_to_cpu(src[1]);
493 block[2] = be32_to_cpu(src[2]);
494 block[3] = be32_to_cpu(src[3]);
495
496 Km = c->Km[11]; Kr = c->Kr[11]; Q(block, Kr, Km);
497 Km = c->Km[10]; Kr = c->Kr[10]; Q(block, Kr, Km);
498 Km = c->Km[9]; Kr = c->Kr[9]; Q(block, Kr, Km);
499 Km = c->Km[8]; Kr = c->Kr[8]; Q(block, Kr, Km);
500 Km = c->Km[7]; Kr = c->Kr[7]; Q(block, Kr, Km);
501 Km = c->Km[6]; Kr = c->Kr[6]; Q(block, Kr, Km);
502 Km = c->Km[5]; Kr = c->Kr[5]; QBAR(block, Kr, Km);
503 Km = c->Km[4]; Kr = c->Kr[4]; QBAR(block, Kr, Km);
504 Km = c->Km[3]; Kr = c->Kr[3]; QBAR(block, Kr, Km);
505 Km = c->Km[2]; Kr = c->Kr[2]; QBAR(block, Kr, Km);
506 Km = c->Km[1]; Kr = c->Kr[1]; QBAR(block, Kr, Km);
507 Km = c->Km[0]; Kr = c->Kr[0]; QBAR(block, Kr, Km);
508
509 dst[0] = cpu_to_be32(block[0]);
510 dst[1] = cpu_to_be32(block[1]);
511 dst[2] = cpu_to_be32(block[2]);
512 dst[3] = cpu_to_be32(block[3]);
513}
514
515static struct crypto_alg alg = {
516 .cra_name = "cast6",
517 .cra_flags = CRYPTO_ALG_TYPE_CIPHER,
518 .cra_blocksize = CAST6_BLOCK_SIZE,
519 .cra_ctxsize = sizeof(struct cast6_ctx),
520 .cra_alignmask = 3,
521 .cra_module = THIS_MODULE,
522 .cra_list = LIST_HEAD_INIT(alg.cra_list),
523 .cra_u = {
524 .cipher = {
525 .cia_min_keysize = CAST6_MIN_KEY_SIZE,
526 .cia_max_keysize = CAST6_MAX_KEY_SIZE,
527 .cia_setkey = cast6_setkey,
528 .cia_encrypt = cast6_encrypt,
529 .cia_decrypt = cast6_decrypt}
530 }
531};
532
533static int __init cast6_mod_init(void)
534{
535 return crypto_register_alg(&alg);
536}
537
538static void __exit cast6_mod_fini(void)
539{
540 crypto_unregister_alg(&alg);
541}
542
543module_init(cast6_mod_init);
544module_exit(cast6_mod_fini);
545
546MODULE_LICENSE("GPL");
547MODULE_DESCRIPTION("Cast6 Cipher Algorithm");
diff --git a/crypto/serpent.c b/crypto/serpent.c
new file mode 100644
index 00000000000..b651a55fa56
--- /dev/null
+++ b/crypto/serpent.c
@@ -0,0 +1,587 @@
1/*
2 * Cryptographic API.
3 *
4 * Serpent Cipher Algorithm.
5 *
6 * Copyright (C) 2002 Dag Arne Osvik <osvik@ii.uib.no>
7 * 2003 Herbert Valerio Riedel <hvr@gnu.org>
8 *
9 * Added tnepres support: Ruben Jesus Garcia Hernandez <ruben@ugr.es>, 18.10.2004
10 * Based on code by hvr
11 *
12 * This program is free software; you can redistribute it and/or modify
13 * it under the terms of the GNU General Public License as published by
14 * the Free Software Foundation; either version 2 of the License, or
15 * (at your option) any later version.
16 */
17
18#include <linux/init.h>
19#include <linux/module.h>
20#include <linux/errno.h>
21#include <asm/byteorder.h>
22#include <linux/crypto.h>
23#include <linux/types.h>
24
25/* Key is padded to the maximum of 256 bits before round key generation.
26 * Any key length <= 256 bits (32 bytes) is allowed by the algorithm.
27 */
28
29#define SERPENT_MIN_KEY_SIZE 0
30#define SERPENT_MAX_KEY_SIZE 32
31#define SERPENT_EXPKEY_WORDS 132
32#define SERPENT_BLOCK_SIZE 16
33
34#define PHI 0x9e3779b9UL
35
36#define keyiter(a,b,c,d,i,j) \
37 b ^= d; b ^= c; b ^= a; b ^= PHI ^ i; b = rol32(b,11); k[j] = b;
38
39#define loadkeys(x0,x1,x2,x3,i) \
40 x0=k[i]; x1=k[i+1]; x2=k[i+2]; x3=k[i+3];
41
42#define storekeys(x0,x1,x2,x3,i) \
43 k[i]=x0; k[i+1]=x1; k[i+2]=x2; k[i+3]=x3;
44
45#define K(x0,x1,x2,x3,i) \
46 x3 ^= k[4*(i)+3]; x2 ^= k[4*(i)+2]; \
47 x1 ^= k[4*(i)+1]; x0 ^= k[4*(i)+0];
48
49#define LK(x0,x1,x2,x3,x4,i) \
50 x0=rol32(x0,13);\
51 x2=rol32(x2,3); x1 ^= x0; x4 = x0 << 3; \
52 x3 ^= x2; x1 ^= x2; \
53 x1=rol32(x1,1); x3 ^= x4; \
54 x3=rol32(x3,7); x4 = x1; \
55 x0 ^= x1; x4 <<= 7; x2 ^= x3; \
56 x0 ^= x3; x2 ^= x4; x3 ^= k[4*i+3]; \
57 x1 ^= k[4*i+1]; x0=rol32(x0,5); x2=rol32(x2,22);\
58 x0 ^= k[4*i+0]; x2 ^= k[4*i+2];
59
60#define KL(x0,x1,x2,x3,x4,i) \
61 x0 ^= k[4*i+0]; x1 ^= k[4*i+1]; x2 ^= k[4*i+2]; \
62 x3 ^= k[4*i+3]; x0=ror32(x0,5); x2=ror32(x2,22);\
63 x4 = x1; x2 ^= x3; x0 ^= x3; \
64 x4 <<= 7; x0 ^= x1; x1=ror32(x1,1); \
65 x2 ^= x4; x3=ror32(x3,7); x4 = x0 << 3; \
66 x1 ^= x0; x3 ^= x4; x0=ror32(x0,13);\
67 x1 ^= x2; x3 ^= x2; x2=ror32(x2,3);
68
69#define S0(x0,x1,x2,x3,x4) \
70 x4 = x3; \
71 x3 |= x0; x0 ^= x4; x4 ^= x2; \
72 x4 =~ x4; x3 ^= x1; x1 &= x0; \
73 x1 ^= x4; x2 ^= x0; x0 ^= x3; \
74 x4 |= x0; x0 ^= x2; x2 &= x1; \
75 x3 ^= x2; x1 =~ x1; x2 ^= x4; \
76 x1 ^= x2;
77
78#define S1(x0,x1,x2,x3,x4) \
79 x4 = x1; \
80 x1 ^= x0; x0 ^= x3; x3 =~ x3; \
81 x4 &= x1; x0 |= x1; x3 ^= x2; \
82 x0 ^= x3; x1 ^= x3; x3 ^= x4; \
83 x1 |= x4; x4 ^= x2; x2 &= x0; \
84 x2 ^= x1; x1 |= x0; x0 =~ x0; \
85 x0 ^= x2; x4 ^= x1;
86
87#define S2(x0,x1,x2,x3,x4) \
88 x3 =~ x3; \
89 x1 ^= x0; x4 = x0; x0 &= x2; \
90 x0 ^= x3; x3 |= x4; x2 ^= x1; \
91 x3 ^= x1; x1 &= x0; x0 ^= x2; \
92 x2 &= x3; x3 |= x1; x0 =~ x0; \
93 x3 ^= x0; x4 ^= x0; x0 ^= x2; \
94 x1 |= x2;
95
96#define S3(x0,x1,x2,x3,x4) \
97 x4 = x1; \
98 x1 ^= x3; x3 |= x0; x4 &= x0; \
99 x0 ^= x2; x2 ^= x1; x1 &= x3; \
100 x2 ^= x3; x0 |= x4; x4 ^= x3; \
101 x1 ^= x0; x0 &= x3; x3 &= x4; \
102 x3 ^= x2; x4 |= x1; x2 &= x1; \
103 x4 ^= x3; x0 ^= x3; x3 ^= x2;
104
105#define S4(x0,x1,x2,x3,x4) \
106 x4 = x3; \
107 x3 &= x0; x0 ^= x4; \
108 x3 ^= x2; x2 |= x4; x0 ^= x1; \
109 x4 ^= x3; x2 |= x0; \
110 x2 ^= x1; x1 &= x0; \
111 x1 ^= x4; x4 &= x2; x2 ^= x3; \
112 x4 ^= x0; x3 |= x1; x1 =~ x1; \
113 x3 ^= x0;
114
115#define S5(x0,x1,x2,x3,x4) \
116 x4 = x1; x1 |= x0; \
117 x2 ^= x1; x3 =~ x3; x4 ^= x0; \
118 x0 ^= x2; x1 &= x4; x4 |= x3; \
119 x4 ^= x0; x0 &= x3; x1 ^= x3; \
120 x3 ^= x2; x0 ^= x1; x2 &= x4; \
121 x1 ^= x2; x2 &= x0; \
122 x3 ^= x2;
123
124#define S6(x0,x1,x2,x3,x4) \
125 x4 = x1; \
126 x3 ^= x0; x1 ^= x2; x2 ^= x0; \
127 x0 &= x3; x1 |= x3; x4 =~ x4; \
128 x0 ^= x1; x1 ^= x2; \
129 x3 ^= x4; x4 ^= x0; x2 &= x0; \
130 x4 ^= x1; x2 ^= x3; x3 &= x1; \
131 x3 ^= x0; x1 ^= x2;
132
133#define S7(x0,x1,x2,x3,x4) \
134 x1 =~ x1; \
135 x4 = x1; x0 =~ x0; x1 &= x2; \
136 x1 ^= x3; x3 |= x4; x4 ^= x2; \
137 x2 ^= x3; x3 ^= x0; x0 |= x1; \
138 x2 &= x0; x0 ^= x4; x4 ^= x3; \
139 x3 &= x0; x4 ^= x1; \
140 x2 ^= x4; x3 ^= x1; x4 |= x0; \
141 x4 ^= x1;
142
143#define SI0(x0,x1,x2,x3,x4) \
144 x4 = x3; x1 ^= x0; \
145 x3 |= x1; x4 ^= x1; x0 =~ x0; \
146 x2 ^= x3; x3 ^= x0; x0 &= x1; \
147 x0 ^= x2; x2 &= x3; x3 ^= x4; \
148 x2 ^= x3; x1 ^= x3; x3 &= x0; \
149 x1 ^= x0; x0 ^= x2; x4 ^= x3;
150
151#define SI1(x0,x1,x2,x3,x4) \
152 x1 ^= x3; x4 = x0; \
153 x0 ^= x2; x2 =~ x2; x4 |= x1; \
154 x4 ^= x3; x3 &= x1; x1 ^= x2; \
155 x2 &= x4; x4 ^= x1; x1 |= x3; \
156 x3 ^= x0; x2 ^= x0; x0 |= x4; \
157 x2 ^= x4; x1 ^= x0; \
158 x4 ^= x1;
159
160#define SI2(x0,x1,x2,x3,x4) \
161 x2 ^= x1; x4 = x3; x3 =~ x3; \
162 x3 |= x2; x2 ^= x4; x4 ^= x0; \
163 x3 ^= x1; x1 |= x2; x2 ^= x0; \
164 x1 ^= x4; x4 |= x3; x2 ^= x3; \
165 x4 ^= x2; x2 &= x1; \
166 x2 ^= x3; x3 ^= x4; x4 ^= x0;
167
168#define SI3(x0,x1,x2,x3,x4) \
169 x2 ^= x1; \
170 x4 = x1; x1 &= x2; \
171 x1 ^= x0; x0 |= x4; x4 ^= x3; \
172 x0 ^= x3; x3 |= x1; x1 ^= x2; \
173 x1 ^= x3; x0 ^= x2; x2 ^= x3; \
174 x3 &= x1; x1 ^= x0; x0 &= x2; \
175 x4 ^= x3; x3 ^= x0; x0 ^= x1;
176
177#define SI4(x0,x1,x2,x3,x4) \
178 x2 ^= x3; x4 = x0; x0 &= x1; \
179 x0 ^= x2; x2 |= x3; x4 =~ x4; \
180 x1 ^= x0; x0 ^= x2; x2 &= x4; \
181 x2 ^= x0; x0 |= x4; \
182 x0 ^= x3; x3 &= x2; \
183 x4 ^= x3; x3 ^= x1; x1 &= x0; \
184 x4 ^= x1; x0 ^= x3;
185
186#define SI5(x0,x1,x2,x3,x4) \
187 x4 = x1; x1 |= x2; \
188 x2 ^= x4; x1 ^= x3; x3 &= x4; \
189 x2 ^= x3; x3 |= x0; x0 =~ x0; \
190 x3 ^= x2; x2 |= x0; x4 ^= x1; \
191 x2 ^= x4; x4 &= x0; x0 ^= x1; \
192 x1 ^= x3; x0 &= x2; x2 ^= x3; \
193 x0 ^= x2; x2 ^= x4; x4 ^= x3;
194
195#define SI6(x0,x1,x2,x3,x4) \
196 x0 ^= x2; \
197 x4 = x0; x0 &= x3; x2 ^= x3; \
198 x0 ^= x2; x3 ^= x1; x2 |= x4; \
199 x2 ^= x3; x3 &= x0; x0 =~ x0; \
200 x3 ^= x1; x1 &= x2; x4 ^= x0; \
201 x3 ^= x4; x4 ^= x2; x0 ^= x1; \
202 x2 ^= x0;
203
204#define SI7(x0,x1,x2,x3,x4) \
205 x4 = x3; x3 &= x0; x0 ^= x2; \
206 x2 |= x4; x4 ^= x1; x0 =~ x0; \
207 x1 |= x3; x4 ^= x0; x0 &= x2; \
208 x0 ^= x1; x1 &= x2; x3 ^= x2; \
209 x4 ^= x3; x2 &= x3; x3 |= x0; \
210 x1 ^= x4; x3 ^= x4; x4 &= x0; \
211 x4 ^= x2;
212
213struct serpent_ctx {
214 u32 expkey[SERPENT_EXPKEY_WORDS];
215};
216
217
218static int serpent_setkey(struct crypto_tfm *tfm, const u8 *key,
219 unsigned int keylen)
220{
221 struct serpent_ctx *ctx = crypto_tfm_ctx(tfm);
222 u32 *k = ctx->expkey;
223 u8 *k8 = (u8 *)k;
224 u32 r0,r1,r2,r3,r4;
225 int i;
226
227 /* Copy key, add padding */
228
229 for (i = 0; i < keylen; ++i)
230 k8[i] = key[i];
231 if (i < SERPENT_MAX_KEY_SIZE)
232 k8[i++] = 1;
233 while (i < SERPENT_MAX_KEY_SIZE)
234 k8[i++] = 0;
235
236 /* Expand key using polynomial */
237
238 r0 = le32_to_cpu(k[3]);
239 r1 = le32_to_cpu(k[4]);
240 r2 = le32_to_cpu(k[5]);
241 r3 = le32_to_cpu(k[6]);
242 r4 = le32_to_cpu(k[7]);
243
244 keyiter(le32_to_cpu(k[0]),r0,r4,r2,0,0);
245 keyiter(le32_to_cpu(k[1]),r1,r0,r3,1,1);
246 keyiter(le32_to_cpu(k[2]),r2,r1,r4,2,2);
247 keyiter(le32_to_cpu(k[3]),r3,r2,r0,3,3);
248 keyiter(le32_to_cpu(k[4]),r4,r3,r1,4,4);
249 keyiter(le32_to_cpu(k[5]),r0,r4,r2,5,5);
250 keyiter(le32_to_cpu(k[6]),r1,r0,r3,6,6);
251 keyiter(le32_to_cpu(k[7]),r2,r1,r4,7,7);
252
253 keyiter(k[ 0],r3,r2,r0, 8, 8); keyiter(k[ 1],r4,r3,r1, 9, 9);
254 keyiter(k[ 2],r0,r4,r2, 10, 10); keyiter(k[ 3],r1,r0,r3, 11, 11);
255 keyiter(k[ 4],r2,r1,r4, 12, 12); keyiter(k[ 5],r3,r2,r0, 13, 13);
256 keyiter(k[ 6],r4,r3,r1, 14, 14); keyiter(k[ 7],r0,r4,r2, 15, 15);
257 keyiter(k[ 8],r1,r0,r3, 16, 16); keyiter(k[ 9],r2,r1,r4, 17, 17);
258 keyiter(k[ 10],r3,r2,r0, 18, 18); keyiter(k[ 11],r4,r3,r1, 19, 19);
259 keyiter(k[ 12],r0,r4,r2, 20, 20); keyiter(k[ 13],r1,r0,r3, 21, 21);
260 keyiter(k[ 14],r2,r1,r4, 22, 22); keyiter(k[ 15],r3,r2,r0, 23, 23);
261 keyiter(k[ 16],r4,r3,r1, 24, 24); keyiter(k[ 17],r0,r4,r2, 25, 25);
262 keyiter(k[ 18],r1,r0,r3, 26, 26); keyiter(k[ 19],r2,r1,r4, 27, 27);
263 keyiter(k[ 20],r3,r2,r0, 28, 28); keyiter(k[ 21],r4,r3,r1, 29, 29);
264 keyiter(k[ 22],r0,r4,r2, 30, 30); keyiter(k[ 23],r1,r0,r3, 31, 31);
265
266 k += 50;
267
268 keyiter(k[-26],r2,r1,r4, 32,-18); keyiter(k[-25],r3,r2,r0, 33,-17);
269 keyiter(k[-24],r4,r3,r1, 34,-16); keyiter(k[-23],r0,r4,r2, 35,-15);
270 keyiter(k[-22],r1,r0,r3, 36,-14); keyiter(k[-21],r2,r1,r4, 37,-13);
271 keyiter(k[-20],r3,r2,r0, 38,-12); keyiter(k[-19],r4,r3,r1, 39,-11);
272 keyiter(k[-18],r0,r4,r2, 40,-10); keyiter(k[-17],r1,r0,r3, 41, -9);
273 keyiter(k[-16],r2,r1,r4, 42, -8); keyiter(k[-15],r3,r2,r0, 43, -7);
274 keyiter(k[-14],r4,r3,r1, 44, -6); keyiter(k[-13],r0,r4,r2, 45, -5);
275 keyiter(k[-12],r1,r0,r3, 46, -4); keyiter(k[-11],r2,r1,r4, 47, -3);
276 keyiter(k[-10],r3,r2,r0, 48, -2); keyiter(k[ -9],r4,r3,r1, 49, -1);
277 keyiter(k[ -8],r0,r4,r2, 50, 0); keyiter(k[ -7],r1,r0,r3, 51, 1);
278 keyiter(k[ -6],r2,r1,r4, 52, 2); keyiter(k[ -5],r3,r2,r0, 53, 3);
279 keyiter(k[ -4],r4,r3,r1, 54, 4); keyiter(k[ -3],r0,r4,r2, 55, 5);
280 keyiter(k[ -2],r1,r0,r3, 56, 6); keyiter(k[ -1],r2,r1,r4, 57, 7);
281 keyiter(k[ 0],r3,r2,r0, 58, 8); keyiter(k[ 1],r4,r3,r1, 59, 9);
282 keyiter(k[ 2],r0,r4,r2, 60, 10); keyiter(k[ 3],r1,r0,r3, 61, 11);
283 keyiter(k[ 4],r2,r1,r4, 62, 12); keyiter(k[ 5],r3,r2,r0, 63, 13);
284 keyiter(k[ 6],r4,r3,r1, 64, 14); keyiter(k[ 7],r0,r4,r2, 65, 15);
285 keyiter(k[ 8],r1,r0,r3, 66, 16); keyiter(k[ 9],r2,r1,r4, 67, 17);
286 keyiter(k[ 10],r3,r2,r0, 68, 18); keyiter(k[ 11],r4,r3,r1, 69, 19);
287 keyiter(k[ 12],r0,r4,r2, 70, 20); keyiter(k[ 13],r1,r0,r3, 71, 21);
288 keyiter(k[ 14],r2,r1,r4, 72, 22); keyiter(k[ 15],r3,r2,r0, 73, 23);
289 keyiter(k[ 16],r4,r3,r1, 74, 24); keyiter(k[ 17],r0,r4,r2, 75, 25);
290 keyiter(k[ 18],r1,r0,r3, 76, 26); keyiter(k[ 19],r2,r1,r4, 77, 27);
291 keyiter(k[ 20],r3,r2,r0, 78, 28); keyiter(k[ 21],r4,r3,r1, 79, 29);
292 keyiter(k[ 22],r0,r4,r2, 80, 30); keyiter(k[ 23],r1,r0,r3, 81, 31);
293
294 k += 50;
295
296 keyiter(k[-26],r2,r1,r4, 82,-18); keyiter(k[-25],r3,r2,r0, 83,-17);
297 keyiter(k[-24],r4,r3,r1, 84,-16); keyiter(k[-23],r0,r4,r2, 85,-15);
298 keyiter(k[-22],r1,r0,r3, 86,-14); keyiter(k[-21],r2,r1,r4, 87,-13);
299 keyiter(k[-20],r3,r2,r0, 88,-12); keyiter(k[-19],r4,r3,r1, 89,-11);
300 keyiter(k[-18],r0,r4,r2, 90,-10); keyiter(k[-17],r1,r0,r3, 91, -9);
301 keyiter(k[-16],r2,r1,r4, 92, -8); keyiter(k[-15],r3,r2,r0, 93, -7);
302 keyiter(k[-14],r4,r3,r1, 94, -6); keyiter(k[-13],r0,r4,r2, 95, -5);
303 keyiter(k[-12],r1,r0,r3, 96, -4); keyiter(k[-11],r2,r1,r4, 97, -3);
304 keyiter(k[-10],r3,r2,r0, 98, -2); keyiter(k[ -9],r4,r3,r1, 99, -1);
305 keyiter(k[ -8],r0,r4,r2,100, 0); keyiter(k[ -7],r1,r0,r3,101, 1);
306 keyiter(k[ -6],r2,r1,r4,102, 2); keyiter(k[ -5],r3,r2,r0,103, 3);
307 keyiter(k[ -4],r4,r3,r1,104, 4); keyiter(k[ -3],r0,r4,r2,105, 5);
308 keyiter(k[ -2],r1,r0,r3,106, 6); keyiter(k[ -1],r2,r1,r4,107, 7);
309 keyiter(k[ 0],r3,r2,r0,108, 8); keyiter(k[ 1],r4,r3,r1,109, 9);
310 keyiter(k[ 2],r0,r4,r2,110, 10); keyiter(k[ 3],r1,r0,r3,111, 11);
311 keyiter(k[ 4],r2,r1,r4,112, 12); keyiter(k[ 5],r3,r2,r0,113, 13);
312 keyiter(k[ 6],r4,r3,r1,114, 14); keyiter(k[ 7],r0,r4,r2,115, 15);
313 keyiter(k[ 8],r1,r0,r3,116, 16); keyiter(k[ 9],r2,r1,r4,117, 17);
314 keyiter(k[ 10],r3,r2,r0,118, 18); keyiter(k[ 11],r4,r3,r1,119, 19);
315 keyiter(k[ 12],r0,r4,r2,120, 20); keyiter(k[ 13],r1,r0,r3,121, 21);
316 keyiter(k[ 14],r2,r1,r4,122, 22); keyiter(k[ 15],r3,r2,r0,123, 23);
317 keyiter(k[ 16],r4,r3,r1,124, 24); keyiter(k[ 17],r0,r4,r2,125, 25);
318 keyiter(k[ 18],r1,r0,r3,126, 26); keyiter(k[ 19],r2,r1,r4,127, 27);
319 keyiter(k[ 20],r3,r2,r0,128, 28); keyiter(k[ 21],r4,r3,r1,129, 29);
320 keyiter(k[ 22],r0,r4,r2,130, 30); keyiter(k[ 23],r1,r0,r3,131, 31);
321
322 /* Apply S-boxes */
323
324 S3(r3,r4,r0,r1,r2); storekeys(r1,r2,r4,r3, 28); loadkeys(r1,r2,r4,r3, 24);
325 S4(r1,r2,r4,r3,r0); storekeys(r2,r4,r3,r0, 24); loadkeys(r2,r4,r3,r0, 20);
326 S5(r2,r4,r3,r0,r1); storekeys(r1,r2,r4,r0, 20); loadkeys(r1,r2,r4,r0, 16);
327 S6(r1,r2,r4,r0,r3); storekeys(r4,r3,r2,r0, 16); loadkeys(r4,r3,r2,r0, 12);
328 S7(r4,r3,r2,r0,r1); storekeys(r1,r2,r0,r4, 12); loadkeys(r1,r2,r0,r4, 8);
329 S0(r1,r2,r0,r4,r3); storekeys(r0,r2,r4,r1, 8); loadkeys(r0,r2,r4,r1, 4);
330 S1(r0,r2,r4,r1,r3); storekeys(r3,r4,r1,r0, 4); loadkeys(r3,r4,r1,r0, 0);
331 S2(r3,r4,r1,r0,r2); storekeys(r2,r4,r3,r0, 0); loadkeys(r2,r4,r3,r0, -4);
332 S3(r2,r4,r3,r0,r1); storekeys(r0,r1,r4,r2, -4); loadkeys(r0,r1,r4,r2, -8);
333 S4(r0,r1,r4,r2,r3); storekeys(r1,r4,r2,r3, -8); loadkeys(r1,r4,r2,r3,-12);
334 S5(r1,r4,r2,r3,r0); storekeys(r0,r1,r4,r3,-12); loadkeys(r0,r1,r4,r3,-16);
335 S6(r0,r1,r4,r3,r2); storekeys(r4,r2,r1,r3,-16); loadkeys(r4,r2,r1,r3,-20);
336 S7(r4,r2,r1,r3,r0); storekeys(r0,r1,r3,r4,-20); loadkeys(r0,r1,r3,r4,-24);
337 S0(r0,r1,r3,r4,r2); storekeys(r3,r1,r4,r0,-24); loadkeys(r3,r1,r4,r0,-28);
338 k -= 50;
339 S1(r3,r1,r4,r0,r2); storekeys(r2,r4,r0,r3, 22); loadkeys(r2,r4,r0,r3, 18);
340 S2(r2,r4,r0,r3,r1); storekeys(r1,r4,r2,r3, 18); loadkeys(r1,r4,r2,r3, 14);
341 S3(r1,r4,r2,r3,r0); storekeys(r3,r0,r4,r1, 14); loadkeys(r3,r0,r4,r1, 10);
342 S4(r3,r0,r4,r1,r2); storekeys(r0,r4,r1,r2, 10); loadkeys(r0,r4,r1,r2, 6);
343 S5(r0,r4,r1,r2,r3); storekeys(r3,r0,r4,r2, 6); loadkeys(r3,r0,r4,r2, 2);
344 S6(r3,r0,r4,r2,r1); storekeys(r4,r1,r0,r2, 2); loadkeys(r4,r1,r0,r2, -2);
345 S7(r4,r1,r0,r2,r3); storekeys(r3,r0,r2,r4, -2); loadkeys(r3,r0,r2,r4, -6);
346 S0(r3,r0,r2,r4,r1); storekeys(r2,r0,r4,r3, -6); loadkeys(r2,r0,r4,r3,-10);
347 S1(r2,r0,r4,r3,r1); storekeys(r1,r4,r3,r2,-10); loadkeys(r1,r4,r3,r2,-14);
348 S2(r1,r4,r3,r2,r0); storekeys(r0,r4,r1,r2,-14); loadkeys(r0,r4,r1,r2,-18);
349 S3(r0,r4,r1,r2,r3); storekeys(r2,r3,r4,r0,-18); loadkeys(r2,r3,r4,r0,-22);
350 k -= 50;
351 S4(r2,r3,r4,r0,r1); storekeys(r3,r4,r0,r1, 28); loadkeys(r3,r4,r0,r1, 24);
352 S5(r3,r4,r0,r1,r2); storekeys(r2,r3,r4,r1, 24); loadkeys(r2,r3,r4,r1, 20);
353 S6(r2,r3,r4,r1,r0); storekeys(r4,r0,r3,r1, 20); loadkeys(r4,r0,r3,r1, 16);
354 S7(r4,r0,r3,r1,r2); storekeys(r2,r3,r1,r4, 16); loadkeys(r2,r3,r1,r4, 12);
355 S0(r2,r3,r1,r4,r0); storekeys(r1,r3,r4,r2, 12); loadkeys(r1,r3,r4,r2, 8);
356 S1(r1,r3,r4,r2,r0); storekeys(r0,r4,r2,r1, 8); loadkeys(r0,r4,r2,r1, 4);
357 S2(r0,r4,r2,r1,r3); storekeys(r3,r4,r0,r1, 4); loadkeys(r3,r4,r0,r1, 0);
358 S3(r3,r4,r0,r1,r2); storekeys(r1,r2,r4,r3, 0);
359
360 return 0;
361}
362
363static void serpent_encrypt(struct crypto_tfm *tfm, u8 *dst, const u8 *src)
364{
365 struct serpent_ctx *ctx = crypto_tfm_ctx(tfm);
366 const u32
367 *k = ctx->expkey;
368 const __le32 *s = (const __le32 *)src;
369 __le32 *d = (__le32 *)dst;
370 u32 r0, r1, r2, r3, r4;
371
372/*
373 * Note: The conversions between u8* and u32* might cause trouble
374 * on architectures with stricter alignment rules than x86
375 */
376
377 r0 = le32_to_cpu(s[0]);
378 r1 = le32_to_cpu(s[1]);
379 r2 = le32_to_cpu(s[2]);
380 r3 = le32_to_cpu(s[3]);
381
382 K(r0,r1,r2,r3,0);
383 S0(r0,r1,r2,r3,r4); LK(r2,r1,r3,r0,r4,1);
384 S1(r2,r1,r3,r0,r4); LK(r4,r3,r0,r2,r1,2);
385 S2(r4,r3,r0,r2,r1); LK(r1,r3,r4,r2,r0,3);
386 S3(r1,r3,r4,r2,r0); LK(r2,r0,r3,r1,r4,4);
387 S4(r2,r0,r3,r1,r4); LK(r0,r3,r1,r4,r2,5);
388 S5(r0,r3,r1,r4,r2); LK(r2,r0,r3,r4,r1,6);
389 S6(r2,r0,r3,r4,r1); LK(r3,r1,r0,r4,r2,7);
390 S7(r3,r1,r0,r4,r2); LK(r2,r0,r4,r3,r1,8);
391 S0(r2,r0,r4,r3,r1); LK(r4,r0,r3,r2,r1,9);
392 S1(r4,r0,r3,r2,r1); LK(r1,r3,r2,r4,r0,10);
393 S2(r1,r3,r2,r4,r0); LK(r0,r3,r1,r4,r2,11);
394 S3(r0,r3,r1,r4,r2); LK(r4,r2,r3,r0,r1,12);
395 S4(r4,r2,r3,r0,r1); LK(r2,r3,r0,r1,r4,13);
396 S5(r2,r3,r0,r1,r4); LK(r4,r2,r3,r1,r0,14);
397 S6(r4,r2,r3,r1,r0); LK(r3,r0,r2,r1,r4,15);
398 S7(r3,r0,r2,r1,r4); LK(r4,r2,r1,r3,r0,16);
399 S0(r4,r2,r1,r3,r0); LK(r1,r2,r3,r4,r0,17);
400 S1(r1,r2,r3,r4,r0); LK(r0,r3,r4,r1,r2,18);
401 S2(r0,r3,r4,r1,r2); LK(r2,r3,r0,r1,r4,19);
402 S3(r2,r3,r0,r1,r4); LK(r1,r4,r3,r2,r0,20);
403 S4(r1,r4,r3,r2,r0); LK(r4,r3,r2,r0,r1,21);
404 S5(r4,r3,r2,r0,r1); LK(r1,r4,r3,r0,r2,22);
405 S6(r1,r4,r3,r0,r2); LK(r3,r2,r4,r0,r1,23);
406 S7(r3,r2,r4,r0,r1); LK(r1,r4,r0,r3,r2,24);
407 S0(r1,r4,r0,r3,r2); LK(r0,r4,r3,r1,r2,25);
408 S1(r0,r4,r3,r1,r2); LK(r2,r3,r1,r0,r4,26);
409 S2(r2,r3,r1,r0,r4); LK(r4,r3,r2,r0,r1,27);
410 S3(r4,r3,r2,r0,r1); LK(r0,r1,r3,r4,r2,28);
411 S4(r0,r1,r3,r4,r2); LK(r1,r3,r4,r2,r0,29);
412 S5(r1,r3,r4,r2,r0); LK(r0,r1,r3,r2,r4,30);
413 S6(r0,r1,r3,r2,r4); LK(r3,r4,r1,r2,r0,31);
414 S7(r3,r4,r1,r2,r0); K(r0,r1,r2,r3,32);
415
416 d[0] = cpu_to_le32(r0);
417 d[1] = cpu_to_le32(r1);
418 d[2] = cpu_to_le32(r2);
419 d[3] = cpu_to_le32(r3);
420}
421
422static void serpent_decrypt(struct crypto_tfm *tfm, u8 *dst, const u8 *src)
423{
424 struct serpent_ctx *ctx = crypto_tfm_ctx(tfm);
425 const u32
426 *k = ((struct serpent_ctx *)ctx)->expkey;
427 const __le32 *s = (const __le32 *)src;
428 __le32 *d = (__le32 *)dst;
429 u32 r0, r1, r2, r3, r4;
430
431 r0 = le32_to_cpu(s[0]);
432 r1 = le32_to_cpu(s[1]);
433 r2 = le32_to_cpu(s[2]);
434 r3 = le32_to_cpu(s[3]);
435
436 K(r0,r1,r2,r3,32);
437 SI7(r0,r1,r2,r3,r4); KL(r1,r3,r0,r4,r2,31);
438 SI6(r1,r3,r0,r4,r2); KL(r0,r2,r4,r1,r3,30);
439 SI5(r0,r2,r4,r1,r3); KL(r2,r3,r0,r4,r1,29);
440 SI4(r2,r3,r0,r4,r1); KL(r2,r0,r1,r4,r3,28);
441 SI3(r2,r0,r1,r4,r3); KL(r1,r2,r3,r4,r0,27);
442 SI2(r1,r2,r3,r4,r0); KL(r2,r0,r4,r3,r1,26);
443 SI1(r2,r0,r4,r3,r1); KL(r1,r0,r4,r3,r2,25);
444 SI0(r1,r0,r4,r3,r2); KL(r4,r2,r0,r1,r3,24);
445 SI7(r4,r2,r0,r1,r3); KL(r2,r1,r4,r3,r0,23);
446 SI6(r2,r1,r4,r3,r0); KL(r4,r0,r3,r2,r1,22);
447 SI5(r4,r0,r3,r2,r1); KL(r0,r1,r4,r3,r2,21);
448 SI4(r0,r1,r4,r3,r2); KL(r0,r4,r2,r3,r1,20);
449 SI3(r0,r4,r2,r3,r1); KL(r2,r0,r1,r3,r4,19);
450 SI2(r2,r0,r1,r3,r4); KL(r0,r4,r3,r1,r2,18);
451 SI1(r0,r4,r3,r1,r2); KL(r2,r4,r3,r1,r0,17);
452 SI0(r2,r4,r3,r1,r0); KL(r3,r0,r4,r2,r1,16);
453 SI7(r3,r0,r4,r2,r1); KL(r0,r2,r3,r1,r4,15);
454 SI6(r0,r2,r3,r1,r4); KL(r3,r4,r1,r0,r2,14);
455 SI5(r3,r4,r1,r0,r2); KL(r4,r2,r3,r1,r0,13);
456 SI4(r4,r2,r3,r1,r0); KL(r4,r3,r0,r1,r2,12);
457 SI3(r4,r3,r0,r1,r2); KL(r0,r4,r2,r1,r3,11);
458 SI2(r0,r4,r2,r1,r3); KL(r4,r3,r1,r2,r0,10);
459 SI1(r4,r3,r1,r2,r0); KL(r0,r3,r1,r2,r4,9);
460 SI0(r0,r3,r1,r2,r4); KL(r1,r4,r3,r0,r2,8);
461 SI7(r1,r4,r3,r0,r2); KL(r4,r0,r1,r2,r3,7);
462 SI6(r4,r0,r1,r2,r3); KL(r1,r3,r2,r4,r0,6);
463 SI5(r1,r3,r2,r4,r0); KL(r3,r0,r1,r2,r4,5);
464 SI4(r3,r0,r1,r2,r4); KL(r3,r1,r4,r2,r0,4);
465 SI3(r3,r1,r4,r2,r0); KL(r4,r3,r0,r2,r1,3);
466 SI2(r4,r3,r0,r2,r1); KL(r3,r1,r2,r0,r4,2);
467 SI1(r3,r1,r2,r0,r4); KL(r4,r1,r2,r0,r3,1);
468 SI0(r4,r1,r2,r0,r3); K(r2,r3,r1,r4,0);
469
470 d[0] = cpu_to_le32(r2);
471 d[1] = cpu_to_le32(r3);
472 d[2] = cpu_to_le32(r1);
473 d[3] = cpu_to_le32(r4);
474}
475
476static struct crypto_alg serpent_alg = {
477 .cra_name = "serpent",
478 .cra_flags = CRYPTO_ALG_TYPE_CIPHER,
479 .cra_blocksize = SERPENT_BLOCK_SIZE,
480 .cra_ctxsize = sizeof(struct serpent_ctx),
481 .cra_alignmask = 3,
482 .cra_module = THIS_MODULE,
483 .cra_list = LIST_HEAD_INIT(serpent_alg.cra_list),
484 .cra_u = { .cipher = {
485 .cia_min_keysize = SERPENT_MIN_KEY_SIZE,
486 .cia_max_keysize = SERPENT_MAX_KEY_SIZE,
487 .cia_setkey = serpent_setkey,
488 .cia_encrypt = serpent_encrypt,
489 .cia_decrypt = serpent_decrypt } }
490};
491
492static int tnepres_setkey(struct crypto_tfm *tfm, const u8 *key,
493 unsigned int keylen)
494{
495 u8 rev_key[SERPENT_MAX_KEY_SIZE];
496 int i;
497
498 for (i = 0; i < keylen; ++i)
499 rev_key[keylen - i - 1] = key[i];
500
501 return serpent_setkey(tfm, rev_key, keylen);
502}
503
504static void tnepres_encrypt(struct crypto_tfm *tfm, u8 *dst, const u8 *src)
505{
506 const u32 * const s = (const u32 * const)src;
507 u32 * const d = (u32 * const)dst;
508
509 u32 rs[4], rd[4];
510
511 rs[0] = swab32(s[3]);
512 rs[1] = swab32(s[2]);
513 rs[2] = swab32(s[1]);
514 rs[3] = swab32(s[0]);
515
516 serpent_encrypt(tfm, (u8 *)rd, (u8 *)rs);
517
518 d[0] = swab32(rd[3]);
519 d[1] = swab32(rd[2]);
520 d[2] = swab32(rd[1]);
521 d[3] = swab32(rd[0]);
522}
523
524static void tnepres_decrypt(struct crypto_tfm *tfm, u8 *dst, const u8 *src)
525{
526 const u32 * const s = (const u32 * const)src;
527 u32 * const d = (u32 * const)dst;
528
529 u32 rs[4], rd[4];
530
531 rs[0] = swab32(s[3]);
532 rs[1] = swab32(s[2]);
533 rs[2] = swab32(s[1]);
534 rs[3] = swab32(s[0]);
535
536 serpent_decrypt(tfm, (u8 *)rd, (u8 *)rs);
537
538 d[0] = swab32(rd[3]);
539 d[1] = swab32(rd[2]);
540 d[2] = swab32(rd[1]);
541 d[3] = swab32(rd[0]);
542}
543
544static struct crypto_alg tnepres_alg = {
545 .cra_name = "tnepres",
546 .cra_flags = CRYPTO_ALG_TYPE_CIPHER,
547 .cra_blocksize = SERPENT_BLOCK_SIZE,
548 .cra_ctxsize = sizeof(struct serpent_ctx),
549 .cra_alignmask = 3,
550 .cra_module = THIS_MODULE,
551 .cra_list = LIST_HEAD_INIT(serpent_alg.cra_list),
552 .cra_u = { .cipher = {
553 .cia_min_keysize = SERPENT_MIN_KEY_SIZE,
554 .cia_max_keysize = SERPENT_MAX_KEY_SIZE,
555 .cia_setkey = tnepres_setkey,
556 .cia_encrypt = tnepres_encrypt,
557 .cia_decrypt = tnepres_decrypt } }
558};
559
560static int __init serpent_mod_init(void)
561{
562 int ret = crypto_register_alg(&serpent_alg);
563
564 if (ret)
565 return ret;
566
567 ret = crypto_register_alg(&tnepres_alg);
568
569 if (ret)
570 crypto_unregister_alg(&serpent_alg);
571
572 return ret;
573}
574
575static void __exit serpent_mod_fini(void)
576{
577 crypto_unregister_alg(&tnepres_alg);
578 crypto_unregister_alg(&serpent_alg);
579}
580
581module_init(serpent_mod_init);
582module_exit(serpent_mod_fini);
583
584MODULE_LICENSE("GPL");
585MODULE_DESCRIPTION("Serpent and tnepres (kerneli compatible serpent reversed) Cipher Algorithm");
586MODULE_AUTHOR("Dag Arne Osvik <osvik@ii.uib.no>");
587MODULE_ALIAS("tnepres");
generated by cgit v1.2.2 (git 2.25.0) at 2025-03-13 21:46:21 -0400