aboutsummaryrefslogtreecommitdiffstats
path: root/crypto
diff options
context:
space:
mode:
Diffstat (limited to 'crypto')
-rw-r--r--crypto/Kconfig6
-rw-r--r--crypto/af_alg.c2
-rw-r--r--crypto/algif_hash.c4
-rw-r--r--crypto/arc4.c15
-rw-r--r--crypto/asymmetric_keys/.gitignore1
-rw-r--r--crypto/async_tx/raid6test.c1
-rw-r--r--crypto/crc32c.c10
-rw-r--r--crypto/cryptd.c2
-rw-r--r--crypto/gf128mul.c4
-rw-r--r--crypto/ghash-generic.c6
-rw-r--r--crypto/md5.c92
-rw-r--r--crypto/proc.c2
-rw-r--r--crypto/rng.c2
-rw-r--r--crypto/sha1_generic.c11
-rw-r--r--crypto/sha512_generic.c62
-rw-r--r--crypto/tcrypt.c8
-rw-r--r--crypto/testmgr.c12
-rw-r--r--crypto/testmgr.h566
18 files changed, 596 insertions, 210 deletions
diff --git a/crypto/Kconfig b/crypto/Kconfig
index 87b22ca9c22..ae27b7534ea 100644
--- a/crypto/Kconfig
+++ b/crypto/Kconfig
@@ -354,7 +354,7 @@ config CRYPTO_RMD128
354 RIPEMD-128 (ISO/IEC 10118-3:2004). 354 RIPEMD-128 (ISO/IEC 10118-3:2004).
355 355
356 RIPEMD-128 is a 128-bit cryptographic hash function. It should only 356 RIPEMD-128 is a 128-bit cryptographic hash function. It should only
357 to be used as a secure replacement for RIPEMD. For other use cases 357 be used as a secure replacement for RIPEMD. For other use cases,
358 RIPEMD-160 should be used. 358 RIPEMD-160 should be used.
359 359
360 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel. 360 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
@@ -458,7 +458,7 @@ config CRYPTO_WP512
458 458
459config CRYPTO_GHASH_CLMUL_NI_INTEL 459config CRYPTO_GHASH_CLMUL_NI_INTEL
460 tristate "GHASH digest algorithm (CLMUL-NI accelerated)" 460 tristate "GHASH digest algorithm (CLMUL-NI accelerated)"
461 depends on (X86 || UML_X86) && 64BIT 461 depends on X86 && 64BIT
462 select CRYPTO_SHASH 462 select CRYPTO_SHASH
463 select CRYPTO_CRYPTD 463 select CRYPTO_CRYPTD
464 help 464 help
@@ -533,7 +533,7 @@ config CRYPTO_AES_X86_64
533 533
534config CRYPTO_AES_NI_INTEL 534config CRYPTO_AES_NI_INTEL
535 tristate "AES cipher algorithms (AES-NI)" 535 tristate "AES cipher algorithms (AES-NI)"
536 depends on (X86 || UML_X86) 536 depends on X86
537 select CRYPTO_AES_X86_64 if 64BIT 537 select CRYPTO_AES_X86_64 if 64BIT
538 select CRYPTO_AES_586 if !64BIT 538 select CRYPTO_AES_586 if !64BIT
539 select CRYPTO_CRYPTD 539 select CRYPTO_CRYPTD
diff --git a/crypto/af_alg.c b/crypto/af_alg.c
index 940d70cb5c2..ac33d5f3077 100644
--- a/crypto/af_alg.c
+++ b/crypto/af_alg.c
@@ -12,7 +12,7 @@
12 * 12 *
13 */ 13 */
14 14
15#include <asm/atomic.h> 15#include <linux/atomic.h>
16#include <crypto/if_alg.h> 16#include <crypto/if_alg.h>
17#include <linux/crypto.h> 17#include <linux/crypto.h>
18#include <linux/init.h> 18#include <linux/init.h>
diff --git a/crypto/algif_hash.c b/crypto/algif_hash.c
index 62122a1a2f7..ef5356cd280 100644
--- a/crypto/algif_hash.c
+++ b/crypto/algif_hash.c
@@ -68,8 +68,10 @@ static int hash_sendmsg(struct kiocb *unused, struct socket *sock,
68 int newlen; 68 int newlen;
69 69
70 newlen = af_alg_make_sg(&ctx->sgl, from, len, 0); 70 newlen = af_alg_make_sg(&ctx->sgl, from, len, 0);
71 if (newlen < 0) 71 if (newlen < 0) {
72 err = copied ? 0 : newlen;
72 goto unlock; 73 goto unlock;
74 }
73 75
74 ahash_request_set_crypt(&ctx->req, ctx->sgl.sg, NULL, 76 ahash_request_set_crypt(&ctx->req, ctx->sgl.sg, NULL,
75 newlen); 77 newlen);
diff --git a/crypto/arc4.c b/crypto/arc4.c
index 8be47e13a9e..0d12a96da1d 100644
--- a/crypto/arc4.c
+++ b/crypto/arc4.c
@@ -1,4 +1,4 @@
1/* 1/*
2 * Cryptographic API 2 * Cryptographic API
3 * 3 *
4 * ARC4 Cipher Algorithm 4 * ARC4 Cipher Algorithm
@@ -33,16 +33,15 @@ static int arc4_set_key(struct crypto_tfm *tfm, const u8 *in_key,
33 ctx->x = 1; 33 ctx->x = 1;
34 ctx->y = 0; 34 ctx->y = 0;
35 35
36 for(i = 0; i < 256; i++) 36 for (i = 0; i < 256; i++)
37 ctx->S[i] = i; 37 ctx->S[i] = i;
38 38
39 for(i = 0; i < 256; i++) 39 for (i = 0; i < 256; i++) {
40 {
41 u8 a = ctx->S[i]; 40 u8 a = ctx->S[i];
42 j = (j + in_key[k] + a) & 0xff; 41 j = (j + in_key[k] + a) & 0xff;
43 ctx->S[i] = ctx->S[j]; 42 ctx->S[i] = ctx->S[j];
44 ctx->S[j] = a; 43 ctx->S[j] = a;
45 if(++k >= key_len) 44 if (++k >= key_len)
46 k = 0; 45 k = 0;
47 } 46 }
48 47
@@ -80,9 +79,9 @@ static struct crypto_alg arc4_alg = {
80 .cra_u = { .cipher = { 79 .cra_u = { .cipher = {
81 .cia_min_keysize = ARC4_MIN_KEY_SIZE, 80 .cia_min_keysize = ARC4_MIN_KEY_SIZE,
82 .cia_max_keysize = ARC4_MAX_KEY_SIZE, 81 .cia_max_keysize = ARC4_MAX_KEY_SIZE,
83 .cia_setkey = arc4_set_key, 82 .cia_setkey = arc4_set_key,
84 .cia_encrypt = arc4_crypt, 83 .cia_encrypt = arc4_crypt,
85 .cia_decrypt = arc4_crypt } } 84 .cia_decrypt = arc4_crypt } }
86}; 85};
87 86
88static int __init arc4_init(void) 87static int __init arc4_init(void)
diff --git a/crypto/asymmetric_keys/.gitignore b/crypto/asymmetric_keys/.gitignore
new file mode 100644
index 00000000000..ee328374dba
--- /dev/null
+++ b/crypto/asymmetric_keys/.gitignore
@@ -0,0 +1 @@
*-asn1.[ch]
diff --git a/crypto/async_tx/raid6test.c b/crypto/async_tx/raid6test.c
index c1321935ebc..c88ff9e3fd3 100644
--- a/crypto/async_tx/raid6test.c
+++ b/crypto/async_tx/raid6test.c
@@ -21,6 +21,7 @@
21 */ 21 */
22#include <linux/async_tx.h> 22#include <linux/async_tx.h>
23#include <linux/gfp.h> 23#include <linux/gfp.h>
24#include <linux/mm.h>
24#include <linux/random.h> 25#include <linux/random.h>
25 26
26#undef pr 27#undef pr
diff --git a/crypto/crc32c.c b/crypto/crc32c.c
index de9e55c2979..3f9ad280105 100644
--- a/crypto/crc32c.c
+++ b/crypto/crc32c.c
@@ -224,11 +224,11 @@ static int crc32c_cra_init(struct crypto_tfm *tfm)
224static struct shash_alg alg = { 224static struct shash_alg alg = {
225 .digestsize = CHKSUM_DIGEST_SIZE, 225 .digestsize = CHKSUM_DIGEST_SIZE,
226 .setkey = chksum_setkey, 226 .setkey = chksum_setkey,
227 .init = chksum_init, 227 .init = chksum_init,
228 .update = chksum_update, 228 .update = chksum_update,
229 .final = chksum_final, 229 .final = chksum_final,
230 .finup = chksum_finup, 230 .finup = chksum_finup,
231 .digest = chksum_digest, 231 .digest = chksum_digest,
232 .descsize = sizeof(struct chksum_desc_ctx), 232 .descsize = sizeof(struct chksum_desc_ctx),
233 .base = { 233 .base = {
234 .cra_name = "crc32c", 234 .cra_name = "crc32c",
diff --git a/crypto/cryptd.c b/crypto/cryptd.c
index e46d21ae26b..671d4d6d14d 100644
--- a/crypto/cryptd.c
+++ b/crypto/cryptd.c
@@ -945,7 +945,7 @@ static void __exit cryptd_exit(void)
945 crypto_unregister_template(&cryptd_tmpl); 945 crypto_unregister_template(&cryptd_tmpl);
946} 946}
947 947
948module_init(cryptd_init); 948subsys_initcall(cryptd_init);
949module_exit(cryptd_exit); 949module_exit(cryptd_exit);
950 950
951MODULE_LICENSE("GPL"); 951MODULE_LICENSE("GPL");
diff --git a/crypto/gf128mul.c b/crypto/gf128mul.c
index df35e4ccd07..5276607c72d 100644
--- a/crypto/gf128mul.c
+++ b/crypto/gf128mul.c
@@ -182,7 +182,7 @@ void gf128mul_lle(be128 *r, const be128 *b)
182 for (i = 0; i < 7; ++i) 182 for (i = 0; i < 7; ++i)
183 gf128mul_x_lle(&p[i + 1], &p[i]); 183 gf128mul_x_lle(&p[i + 1], &p[i]);
184 184
185 memset(r, 0, sizeof(r)); 185 memset(r, 0, sizeof(*r));
186 for (i = 0;;) { 186 for (i = 0;;) {
187 u8 ch = ((u8 *)b)[15 - i]; 187 u8 ch = ((u8 *)b)[15 - i];
188 188
@@ -220,7 +220,7 @@ void gf128mul_bbe(be128 *r, const be128 *b)
220 for (i = 0; i < 7; ++i) 220 for (i = 0; i < 7; ++i)
221 gf128mul_x_bbe(&p[i + 1], &p[i]); 221 gf128mul_x_bbe(&p[i + 1], &p[i]);
222 222
223 memset(r, 0, sizeof(r)); 223 memset(r, 0, sizeof(*r));
224 for (i = 0;;) { 224 for (i = 0;;) {
225 u8 ch = ((u8 *)b)[i]; 225 u8 ch = ((u8 *)b)[i];
226 226
diff --git a/crypto/ghash-generic.c b/crypto/ghash-generic.c
index be442561693..7835b8fc94d 100644
--- a/crypto/ghash-generic.c
+++ b/crypto/ghash-generic.c
@@ -67,6 +67,9 @@ static int ghash_update(struct shash_desc *desc,
67 struct ghash_ctx *ctx = crypto_shash_ctx(desc->tfm); 67 struct ghash_ctx *ctx = crypto_shash_ctx(desc->tfm);
68 u8 *dst = dctx->buffer; 68 u8 *dst = dctx->buffer;
69 69
70 if (!ctx->gf128)
71 return -ENOKEY;
72
70 if (dctx->bytes) { 73 if (dctx->bytes) {
71 int n = min(srclen, dctx->bytes); 74 int n = min(srclen, dctx->bytes);
72 u8 *pos = dst + (GHASH_BLOCK_SIZE - dctx->bytes); 75 u8 *pos = dst + (GHASH_BLOCK_SIZE - dctx->bytes);
@@ -119,6 +122,9 @@ static int ghash_final(struct shash_desc *desc, u8 *dst)
119 struct ghash_ctx *ctx = crypto_shash_ctx(desc->tfm); 122 struct ghash_ctx *ctx = crypto_shash_ctx(desc->tfm);
120 u8 *buf = dctx->buffer; 123 u8 *buf = dctx->buffer;
121 124
125 if (!ctx->gf128)
126 return -ENOKEY;
127
122 ghash_flush(ctx, dctx); 128 ghash_flush(ctx, dctx);
123 memcpy(dst, buf, GHASH_BLOCK_SIZE); 129 memcpy(dst, buf, GHASH_BLOCK_SIZE);
124 130
diff --git a/crypto/md5.c b/crypto/md5.c
index 30efc7dad89..7febeaab923 100644
--- a/crypto/md5.c
+++ b/crypto/md5.c
@@ -21,99 +21,9 @@
21#include <linux/module.h> 21#include <linux/module.h>
22#include <linux/string.h> 22#include <linux/string.h>
23#include <linux/types.h> 23#include <linux/types.h>
24#include <linux/cryptohash.h>
24#include <asm/byteorder.h> 25#include <asm/byteorder.h>
25 26
26#define F1(x, y, z) (z ^ (x & (y ^ z)))
27#define F2(x, y, z) F1(z, x, y)
28#define F3(x, y, z) (x ^ y ^ z)
29#define F4(x, y, z) (y ^ (x | ~z))
30
31#define MD5STEP(f, w, x, y, z, in, s) \
32 (w += f(x, y, z) + in, w = (w<<s | w>>(32-s)) + x)
33
34static void md5_transform(u32 *hash, u32 const *in)
35{
36 u32 a, b, c, d;
37
38 a = hash[0];
39 b = hash[1];
40 c = hash[2];
41 d = hash[3];
42
43 MD5STEP(F1, a, b, c, d, in[0] + 0xd76aa478, 7);
44 MD5STEP(F1, d, a, b, c, in[1] + 0xe8c7b756, 12);
45 MD5STEP(F1, c, d, a, b, in[2] + 0x242070db, 17);
46 MD5STEP(F1, b, c, d, a, in[3] + 0xc1bdceee, 22);
47 MD5STEP(F1, a, b, c, d, in[4] + 0xf57c0faf, 7);
48 MD5STEP(F1, d, a, b, c, in[5] + 0x4787c62a, 12);
49 MD5STEP(F1, c, d, a, b, in[6] + 0xa8304613, 17);
50 MD5STEP(F1, b, c, d, a, in[7] + 0xfd469501, 22);
51 MD5STEP(F1, a, b, c, d, in[8] + 0x698098d8, 7);
52 MD5STEP(F1, d, a, b, c, in[9] + 0x8b44f7af, 12);
53 MD5STEP(F1, c, d, a, b, in[10] + 0xffff5bb1, 17);
54 MD5STEP(F1, b, c, d, a, in[11] + 0x895cd7be, 22);
55 MD5STEP(F1, a, b, c, d, in[12] + 0x6b901122, 7);
56 MD5STEP(F1, d, a, b, c, in[13] + 0xfd987193, 12);
57 MD5STEP(F1, c, d, a, b, in[14] + 0xa679438e, 17);
58 MD5STEP(F1, b, c, d, a, in[15] + 0x49b40821, 22);
59
60 MD5STEP(F2, a, b, c, d, in[1] + 0xf61e2562, 5);
61 MD5STEP(F2, d, a, b, c, in[6] + 0xc040b340, 9);
62 MD5STEP(F2, c, d, a, b, in[11] + 0x265e5a51, 14);
63 MD5STEP(F2, b, c, d, a, in[0] + 0xe9b6c7aa, 20);
64 MD5STEP(F2, a, b, c, d, in[5] + 0xd62f105d, 5);
65 MD5STEP(F2, d, a, b, c, in[10] + 0x02441453, 9);
66 MD5STEP(F2, c, d, a, b, in[15] + 0xd8a1e681, 14);
67 MD5STEP(F2, b, c, d, a, in[4] + 0xe7d3fbc8, 20);
68 MD5STEP(F2, a, b, c, d, in[9] + 0x21e1cde6, 5);
69 MD5STEP(F2, d, a, b, c, in[14] + 0xc33707d6, 9);
70 MD5STEP(F2, c, d, a, b, in[3] + 0xf4d50d87, 14);
71 MD5STEP(F2, b, c, d, a, in[8] + 0x455a14ed, 20);
72 MD5STEP(F2, a, b, c, d, in[13] + 0xa9e3e905, 5);
73 MD5STEP(F2, d, a, b, c, in[2] + 0xfcefa3f8, 9);
74 MD5STEP(F2, c, d, a, b, in[7] + 0x676f02d9, 14);
75 MD5STEP(F2, b, c, d, a, in[12] + 0x8d2a4c8a, 20);
76
77 MD5STEP(F3, a, b, c, d, in[5] + 0xfffa3942, 4);
78 MD5STEP(F3, d, a, b, c, in[8] + 0x8771f681, 11);
79 MD5STEP(F3, c, d, a, b, in[11] + 0x6d9d6122, 16);
80 MD5STEP(F3, b, c, d, a, in[14] + 0xfde5380c, 23);
81 MD5STEP(F3, a, b, c, d, in[1] + 0xa4beea44, 4);
82 MD5STEP(F3, d, a, b, c, in[4] + 0x4bdecfa9, 11);
83 MD5STEP(F3, c, d, a, b, in[7] + 0xf6bb4b60, 16);
84 MD5STEP(F3, b, c, d, a, in[10] + 0xbebfbc70, 23);
85 MD5STEP(F3, a, b, c, d, in[13] + 0x289b7ec6, 4);
86 MD5STEP(F3, d, a, b, c, in[0] + 0xeaa127fa, 11);
87 MD5STEP(F3, c, d, a, b, in[3] + 0xd4ef3085, 16);
88 MD5STEP(F3, b, c, d, a, in[6] + 0x04881d05, 23);
89 MD5STEP(F3, a, b, c, d, in[9] + 0xd9d4d039, 4);
90 MD5STEP(F3, d, a, b, c, in[12] + 0xe6db99e5, 11);
91 MD5STEP(F3, c, d, a, b, in[15] + 0x1fa27cf8, 16);
92 MD5STEP(F3, b, c, d, a, in[2] + 0xc4ac5665, 23);
93
94 MD5STEP(F4, a, b, c, d, in[0] + 0xf4292244, 6);
95 MD5STEP(F4, d, a, b, c, in[7] + 0x432aff97, 10);
96 MD5STEP(F4, c, d, a, b, in[14] + 0xab9423a7, 15);
97 MD5STEP(F4, b, c, d, a, in[5] + 0xfc93a039, 21);
98 MD5STEP(F4, a, b, c, d, in[12] + 0x655b59c3, 6);
99 MD5STEP(F4, d, a, b, c, in[3] + 0x8f0ccc92, 10);
100 MD5STEP(F4, c, d, a, b, in[10] + 0xffeff47d, 15);
101 MD5STEP(F4, b, c, d, a, in[1] + 0x85845dd1, 21);
102 MD5STEP(F4, a, b, c, d, in[8] + 0x6fa87e4f, 6);
103 MD5STEP(F4, d, a, b, c, in[15] + 0xfe2ce6e0, 10);
104 MD5STEP(F4, c, d, a, b, in[6] + 0xa3014314, 15);
105 MD5STEP(F4, b, c, d, a, in[13] + 0x4e0811a1, 21);
106 MD5STEP(F4, a, b, c, d, in[4] + 0xf7537e82, 6);
107 MD5STEP(F4, d, a, b, c, in[11] + 0xbd3af235, 10);
108 MD5STEP(F4, c, d, a, b, in[2] + 0x2ad7d2bb, 15);
109 MD5STEP(F4, b, c, d, a, in[9] + 0xeb86d391, 21);
110
111 hash[0] += a;
112 hash[1] += b;
113 hash[2] += c;
114 hash[3] += d;
115}
116
117/* XXX: this stuff can be optimized */ 27/* XXX: this stuff can be optimized */
118static inline void le32_to_cpu_array(u32 *buf, unsigned int words) 28static inline void le32_to_cpu_array(u32 *buf, unsigned int words)
119{ 29{
diff --git a/crypto/proc.c b/crypto/proc.c
index 58fef67d4f4..3808697814d 100644
--- a/crypto/proc.c
+++ b/crypto/proc.c
@@ -13,7 +13,7 @@
13 * 13 *
14 */ 14 */
15 15
16#include <asm/atomic.h> 16#include <linux/atomic.h>
17#include <linux/init.h> 17#include <linux/init.h>
18#include <linux/crypto.h> 18#include <linux/crypto.h>
19#include <linux/rwsem.h> 19#include <linux/rwsem.h>
diff --git a/crypto/rng.c b/crypto/rng.c
index f93cb531118..45229ae782b 100644
--- a/crypto/rng.c
+++ b/crypto/rng.c
@@ -12,7 +12,7 @@
12 * 12 *
13 */ 13 */
14 14
15#include <asm/atomic.h> 15#include <linux/atomic.h>
16#include <crypto/internal/rng.h> 16#include <crypto/internal/rng.h>
17#include <linux/err.h> 17#include <linux/err.h>
18#include <linux/module.h> 18#include <linux/module.h>
diff --git a/crypto/sha1_generic.c b/crypto/sha1_generic.c
index 0416091bf45..00ae60eb925 100644
--- a/crypto/sha1_generic.c
+++ b/crypto/sha1_generic.c
@@ -43,25 +43,26 @@ static int sha1_update(struct shash_desc *desc, const u8 *data,
43 unsigned int partial, done; 43 unsigned int partial, done;
44 const u8 *src; 44 const u8 *src;
45 45
46 partial = sctx->count & 0x3f; 46 partial = sctx->count % SHA1_BLOCK_SIZE;
47 sctx->count += len; 47 sctx->count += len;
48 done = 0; 48 done = 0;
49 src = data; 49 src = data;
50 50
51 if ((partial + len) > 63) { 51 if ((partial + len) >= SHA1_BLOCK_SIZE) {
52 u32 temp[SHA_WORKSPACE_WORDS]; 52 u32 temp[SHA_WORKSPACE_WORDS];
53 53
54 if (partial) { 54 if (partial) {
55 done = -partial; 55 done = -partial;
56 memcpy(sctx->buffer + partial, data, done + 64); 56 memcpy(sctx->buffer + partial, data,
57 done + SHA1_BLOCK_SIZE);
57 src = sctx->buffer; 58 src = sctx->buffer;
58 } 59 }
59 60
60 do { 61 do {
61 sha_transform(sctx->state, src, temp); 62 sha_transform(sctx->state, src, temp);
62 done += 64; 63 done += SHA1_BLOCK_SIZE;
63 src = data + done; 64 src = data + done;
64 } while (done + 63 < len); 65 } while (done + SHA1_BLOCK_SIZE <= len);
65 66
66 memset(temp, 0, sizeof(temp)); 67 memset(temp, 0, sizeof(temp));
67 partial = 0; 68 partial = 0;
diff --git a/crypto/sha512_generic.c b/crypto/sha512_generic.c
index 9ed9f60316e..88f160b77b1 100644
--- a/crypto/sha512_generic.c
+++ b/crypto/sha512_generic.c
@@ -21,8 +21,6 @@
21#include <linux/percpu.h> 21#include <linux/percpu.h>
22#include <asm/byteorder.h> 22#include <asm/byteorder.h>
23 23
24static DEFINE_PER_CPU(u64[80], msg_schedule);
25
26static inline u64 Ch(u64 x, u64 y, u64 z) 24static inline u64 Ch(u64 x, u64 y, u64 z)
27{ 25{
28 return z ^ (x & (y ^ z)); 26 return z ^ (x & (y ^ z));
@@ -80,7 +78,7 @@ static inline void LOAD_OP(int I, u64 *W, const u8 *input)
80 78
81static inline void BLEND_OP(int I, u64 *W) 79static inline void BLEND_OP(int I, u64 *W)
82{ 80{
83 W[I] = s1(W[I-2]) + W[I-7] + s0(W[I-15]) + W[I-16]; 81 W[I % 16] += s1(W[(I-2) % 16]) + W[(I-7) % 16] + s0(W[(I-15) % 16]);
84} 82}
85 83
86static void 84static void
@@ -89,38 +87,48 @@ sha512_transform(u64 *state, const u8 *input)
89 u64 a, b, c, d, e, f, g, h, t1, t2; 87 u64 a, b, c, d, e, f, g, h, t1, t2;
90 88
91 int i; 89 int i;
92 u64 *W = get_cpu_var(msg_schedule); 90 u64 W[16];
93 91
94 /* load the input */ 92 /* load the input */
95 for (i = 0; i < 16; i++) 93 for (i = 0; i < 16; i++)
96 LOAD_OP(i, W, input); 94 LOAD_OP(i, W, input);
97 95
98 for (i = 16; i < 80; i++) {
99 BLEND_OP(i, W);
100 }
101
102 /* load the state into our registers */ 96 /* load the state into our registers */
103 a=state[0]; b=state[1]; c=state[2]; d=state[3]; 97 a=state[0]; b=state[1]; c=state[2]; d=state[3];
104 e=state[4]; f=state[5]; g=state[6]; h=state[7]; 98 e=state[4]; f=state[5]; g=state[6]; h=state[7];
105 99
106 /* now iterate */ 100#define SHA512_0_15(i, a, b, c, d, e, f, g, h) \
107 for (i=0; i<80; i+=8) { 101 t1 = h + e1(e) + Ch(e, f, g) + sha512_K[i] + W[i]; \
108 t1 = h + e1(e) + Ch(e,f,g) + sha512_K[i ] + W[i ]; 102 t2 = e0(a) + Maj(a, b, c); \
109 t2 = e0(a) + Maj(a,b,c); d+=t1; h=t1+t2; 103 d += t1; \
110 t1 = g + e1(d) + Ch(d,e,f) + sha512_K[i+1] + W[i+1]; 104 h = t1 + t2
111 t2 = e0(h) + Maj(h,a,b); c+=t1; g=t1+t2; 105
112 t1 = f + e1(c) + Ch(c,d,e) + sha512_K[i+2] + W[i+2]; 106#define SHA512_16_79(i, a, b, c, d, e, f, g, h) \
113 t2 = e0(g) + Maj(g,h,a); b+=t1; f=t1+t2; 107 BLEND_OP(i, W); \
114 t1 = e + e1(b) + Ch(b,c,d) + sha512_K[i+3] + W[i+3]; 108 t1 = h + e1(e) + Ch(e, f, g) + sha512_K[i] + W[(i)%16]; \
115 t2 = e0(f) + Maj(f,g,h); a+=t1; e=t1+t2; 109 t2 = e0(a) + Maj(a, b, c); \
116 t1 = d + e1(a) + Ch(a,b,c) + sha512_K[i+4] + W[i+4]; 110 d += t1; \
117 t2 = e0(e) + Maj(e,f,g); h+=t1; d=t1+t2; 111 h = t1 + t2
118 t1 = c + e1(h) + Ch(h,a,b) + sha512_K[i+5] + W[i+5]; 112
119 t2 = e0(d) + Maj(d,e,f); g+=t1; c=t1+t2; 113 for (i = 0; i < 16; i += 8) {
120 t1 = b + e1(g) + Ch(g,h,a) + sha512_K[i+6] + W[i+6]; 114 SHA512_0_15(i, a, b, c, d, e, f, g, h);
121 t2 = e0(c) + Maj(c,d,e); f+=t1; b=t1+t2; 115 SHA512_0_15(i + 1, h, a, b, c, d, e, f, g);
122 t1 = a + e1(f) + Ch(f,g,h) + sha512_K[i+7] + W[i+7]; 116 SHA512_0_15(i + 2, g, h, a, b, c, d, e, f);
123 t2 = e0(b) + Maj(b,c,d); e+=t1; a=t1+t2; 117 SHA512_0_15(i + 3, f, g, h, a, b, c, d, e);
118 SHA512_0_15(i + 4, e, f, g, h, a, b, c, d);
119 SHA512_0_15(i + 5, d, e, f, g, h, a, b, c);
120 SHA512_0_15(i + 6, c, d, e, f, g, h, a, b);
121 SHA512_0_15(i + 7, b, c, d, e, f, g, h, a);
122 }
123 for (i = 16; i < 80; i += 8) {
124 SHA512_16_79(i, a, b, c, d, e, f, g, h);
125 SHA512_16_79(i + 1, h, a, b, c, d, e, f, g);
126 SHA512_16_79(i + 2, g, h, a, b, c, d, e, f);
127 SHA512_16_79(i + 3, f, g, h, a, b, c, d, e);
128 SHA512_16_79(i + 4, e, f, g, h, a, b, c, d);
129 SHA512_16_79(i + 5, d, e, f, g, h, a, b, c);
130 SHA512_16_79(i + 6, c, d, e, f, g, h, a, b);
131 SHA512_16_79(i + 7, b, c, d, e, f, g, h, a);
124 } 132 }
125 133
126 state[0] += a; state[1] += b; state[2] += c; state[3] += d; 134 state[0] += a; state[1] += b; state[2] += c; state[3] += d;
@@ -128,8 +136,6 @@ sha512_transform(u64 *state, const u8 *input)
128 136
129 /* erase our data */ 137 /* erase our data */
130 a = b = c = d = e = f = g = h = t1 = t2 = 0; 138 a = b = c = d = e = f = g = h = t1 = t2 = 0;
131 memset(W, 0, sizeof(__get_cpu_var(msg_schedule)));
132 put_cpu_var(msg_schedule);
133} 139}
134 140
135static int 141static int
diff --git a/crypto/tcrypt.c b/crypto/tcrypt.c
index 2222617b3be..7569ba9b621 100644
--- a/crypto/tcrypt.c
+++ b/crypto/tcrypt.c
@@ -944,6 +944,10 @@ static int do_test(int m)
944 ret += tcrypt_test("rfc4309(ccm(aes))"); 944 ret += tcrypt_test("rfc4309(ccm(aes))");
945 break; 945 break;
946 946
947 case 46:
948 ret += tcrypt_test("ofb(aes)");
949 break;
950
947 case 100: 951 case 100:
948 ret += tcrypt_test("hmac(md5)"); 952 ret += tcrypt_test("hmac(md5)");
949 break; 953 break;
@@ -984,6 +988,10 @@ static int do_test(int m)
984 ret += tcrypt_test("vmac(aes)"); 988 ret += tcrypt_test("vmac(aes)");
985 break; 989 break;
986 990
991 case 110:
992 ret += tcrypt_test("cmac(aes)");
993 break;
994
987 case 150: 995 case 150:
988 ret += tcrypt_test("ansi_cprng"); 996 ret += tcrypt_test("ansi_cprng");
989 break; 997 break;
diff --git a/crypto/testmgr.c b/crypto/testmgr.c
index b6b93d41635..92b9298d658 100644
--- a/crypto/testmgr.c
+++ b/crypto/testmgr.c
@@ -1705,6 +1705,16 @@ static const struct alg_test_desc alg_test_descs[] = {
1705 } 1705 }
1706 } 1706 }
1707 } 1707 }
1708 },{
1709 .alg = "cmac(aes)",
1710 .test = alg_test_hash,
1711 .fips_allowed = 1,
1712 .suite = {
1713 .hash = {
1714 .vecs = cmac_aes_tv_template,
1715 .count = CMAC_AES_TEST_VECTORS
1716 }
1717 }
1708 }, { 1718 }, {
1709 .alg = "crc32c", 1719 .alg = "crc32c",
1710 .test = alg_test_crc32c, 1720 .test = alg_test_crc32c,
@@ -2234,7 +2244,7 @@ static const struct alg_test_desc alg_test_descs[] = {
2234 } 2244 }
2235 } 2245 }
2236 } 2246 }
2237 }, { 2247 },{
2238 .alg = "pcbc(fcrypt)", 2248 .alg = "pcbc(fcrypt)",
2239 .test = alg_test_skcipher, 2249 .test = alg_test_skcipher,
2240 .suite = { 2250 .suite = {
diff --git a/crypto/testmgr.h b/crypto/testmgr.h
index 27e60619538..572b71493e3 100644
--- a/crypto/testmgr.h
+++ b/crypto/testmgr.h
@@ -656,6 +656,59 @@ static struct hash_testvec sha512_tv_template[] = {
656 }, 656 },
657}; 657};
658 658
659#define CMAC_AES_TEST_VECTORS 4
660
661static struct hash_testvec cmac_aes_tv_template[] = {
662 {
663 .key = "\x2b\x7e\x15\x16\x28\xae\xd2\xa6"
664 "\xab\xf7\x15\x88\x09\xcf\x4f\x3c",
665 .ksize = 16,
666 .plaintext = "",
667 .psize = 0,
668 .digest = "\xbb\x1d\x69\x29\xe9\x59\x37\x28"
669 "\x7f\xa3\x7d\x12\x9b\x75\x67\x46",
670 },
671 {
672 .key = "\x2b\x7e\x15\x16\x28\xae\xd2\xa6"
673 "\xab\xf7\x15\x88\x09\xcf\x4f\x3c",
674 .ksize = 16,
675 .plaintext = "\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96"
676 "\xe9\x3d\x7e\x11\x73\x93\x17\x2a",
677 .psize = 16,
678 .digest = "\x07\x0a\x16\xb4\x6b\x4d\x41\x44"
679 "\xf7\x9b\xdd\x9d\xd0\x4a\x28\x7c",
680 },
681 {
682 .key = "\x2b\x7e\x15\x16\x28\xae\xd2\xa6"
683 "\xab\xf7\x15\x88\x09\xcf\x4f\x3c",
684 .ksize = 16,
685 .plaintext = "\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96"
686 "\xe9\x3d\x7e\x11\x73\x93\x17\x2a"
687 "\xae\x2d\x8a\x57\x1e\x03\xac\x9c"
688 "\x9e\xb7\x6f\xac\x45\xaf\x8e\x51"
689 "\x30\xc8\x1c\x46\xa3\x5c\xe4\x11",
690 .psize = 40,
691 .digest = "\xdf\xa6\x67\x47\xde\x9a\xe6\x30"
692 "\x30\xca\x32\x61\x14\x97\xc8\x27",
693 },
694 {
695 .key = "\x2b\x7e\x15\x16\x28\xae\xd2\xa6"
696 "\xab\xf7\x15\x88\x09\xcf\x4f\x3c",
697 .ksize = 16,
698 .plaintext = "\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96"
699 "\xe9\x3d\x7e\x11\x73\x93\x17\x2a"
700 "\xae\x2d\x8a\x57\x1e\x03\xac\x9c"
701 "\x9e\xb7\x6f\xac\x45\xaf\x8e\x51"
702 "\x30\xc8\x1c\x46\xa3\x5c\xe4\x11"
703 "\xe5\xfb\xc1\x19\x1a\x0a\x52\xef"
704 "\xf6\x9f\x24\x45\xdf\x4f\x9b\x17"
705 "\xad\x2b\x41\x7b\xe6\x6c\x37\x10",
706 .psize = 64,
707 .digest = "\x51\xf0\xbe\xbf\x7e\x3b\x9d\x92"
708 "\xfc\x49\x74\x17\x79\x36\x3c\xfe",
709 },
710
711};
659 712
660/* 713/*
661 * WHIRLPOOL test vectors from Whirlpool package 714 * WHIRLPOOL test vectors from Whirlpool package
@@ -2976,12 +3029,12 @@ static struct cipher_testvec cast6_dec_tv_template[] = {
2976#define AES_CBC_DEC_TEST_VECTORS 4 3029#define AES_CBC_DEC_TEST_VECTORS 4
2977#define AES_LRW_ENC_TEST_VECTORS 8 3030#define AES_LRW_ENC_TEST_VECTORS 8
2978#define AES_LRW_DEC_TEST_VECTORS 8 3031#define AES_LRW_DEC_TEST_VECTORS 8
2979#define AES_XTS_ENC_TEST_VECTORS 4 3032#define AES_XTS_ENC_TEST_VECTORS 5
2980#define AES_XTS_DEC_TEST_VECTORS 4 3033#define AES_XTS_DEC_TEST_VECTORS 5
2981#define AES_CTR_ENC_TEST_VECTORS 3 3034#define AES_CTR_ENC_TEST_VECTORS 3
2982#define AES_CTR_DEC_TEST_VECTORS 3 3035#define AES_CTR_DEC_TEST_VECTORS 3
2983#define AES_OFB_ENC_TEST_VECTORS 1 3036#define AES_OFB_ENC_TEST_VECTORS 3
2984#define AES_OFB_DEC_TEST_VECTORS 1 3037#define AES_OFB_DEC_TEST_VECTORS 3
2985#define AES_CTR_3686_ENC_TEST_VECTORS 7 3038#define AES_CTR_3686_ENC_TEST_VECTORS 7
2986#define AES_CTR_3686_DEC_TEST_VECTORS 6 3039#define AES_CTR_3686_DEC_TEST_VECTORS 6
2987#define AES_GCM_ENC_TEST_VECTORS 9 3040#define AES_GCM_ENC_TEST_VECTORS 9
@@ -3926,6 +3979,150 @@ static struct cipher_testvec aes_xts_enc_tv_template[] = {
3926 "\x0a\x28\x2d\xf9\x20\x14\x7b\xea" 3979 "\x0a\x28\x2d\xf9\x20\x14\x7b\xea"
3927 "\xbe\x42\x1e\xe5\x31\x9d\x05\x68", 3980 "\xbe\x42\x1e\xe5\x31\x9d\x05\x68",
3928 .rlen = 512, 3981 .rlen = 512,
3982 }, { /* XTS-AES 10, XTS-AES-256, data unit 512 bytes */
3983 .key = "\x27\x18\x28\x18\x28\x45\x90\x45"
3984 "\x23\x53\x60\x28\x74\x71\x35\x26"
3985 "\x62\x49\x77\x57\x24\x70\x93\x69"
3986 "\x99\x59\x57\x49\x66\x96\x76\x27"
3987 "\x31\x41\x59\x26\x53\x58\x97\x93"
3988 "\x23\x84\x62\x64\x33\x83\x27\x95"
3989 "\x02\x88\x41\x97\x16\x93\x99\x37"
3990 "\x51\x05\x82\x09\x74\x94\x45\x92",
3991 .klen = 64,
3992 .iv = "\xff\x00\x00\x00\x00\x00\x00\x00"
3993 "\x00\x00\x00\x00\x00\x00\x00\x00",
3994 "\x00\x00\x00\x00\x00\x00\x00\x00",
3995 "\x00\x00\x00\x00\x00\x00\x00\x00",
3996 .input = "\x00\x01\x02\x03\x04\x05\x06\x07"
3997 "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f"
3998 "\x10\x11\x12\x13\x14\x15\x16\x17"
3999 "\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f"
4000 "\x20\x21\x22\x23\x24\x25\x26\x27"
4001 "\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f"
4002 "\x30\x31\x32\x33\x34\x35\x36\x37"
4003 "\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f"
4004 "\x40\x41\x42\x43\x44\x45\x46\x47"
4005 "\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f"
4006 "\x50\x51\x52\x53\x54\x55\x56\x57"
4007 "\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f"
4008 "\x60\x61\x62\x63\x64\x65\x66\x67"
4009 "\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f"
4010 "\x70\x71\x72\x73\x74\x75\x76\x77"
4011 "\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f"
4012 "\x80\x81\x82\x83\x84\x85\x86\x87"
4013 "\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f"
4014 "\x90\x91\x92\x93\x94\x95\x96\x97"
4015 "\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f"
4016 "\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7"
4017 "\xa8\xa9\xaa\xab\xac\xad\xae\xaf"
4018 "\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7"
4019 "\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf"
4020 "\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7"
4021 "\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf"
4022 "\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7"
4023 "\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf"
4024 "\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7"
4025 "\xe8\xe9\xea\xeb\xec\xed\xee\xef"
4026 "\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7"
4027 "\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff"
4028 "\x00\x01\x02\x03\x04\x05\x06\x07"
4029 "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f"
4030 "\x10\x11\x12\x13\x14\x15\x16\x17"
4031 "\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f"
4032 "\x20\x21\x22\x23\x24\x25\x26\x27"
4033 "\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f"
4034 "\x30\x31\x32\x33\x34\x35\x36\x37"
4035 "\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f"
4036 "\x40\x41\x42\x43\x44\x45\x46\x47"
4037 "\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f"
4038 "\x50\x51\x52\x53\x54\x55\x56\x57"
4039 "\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f"
4040 "\x60\x61\x62\x63\x64\x65\x66\x67"
4041 "\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f"
4042 "\x70\x71\x72\x73\x74\x75\x76\x77"
4043 "\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f"
4044 "\x80\x81\x82\x83\x84\x85\x86\x87"
4045 "\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f"
4046 "\x90\x91\x92\x93\x94\x95\x96\x97"
4047 "\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f"
4048 "\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7"
4049 "\xa8\xa9\xaa\xab\xac\xad\xae\xaf"
4050 "\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7"
4051 "\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf"
4052 "\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7"
4053 "\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf"
4054 "\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7"
4055 "\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf"
4056 "\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7"
4057 "\xe8\xe9\xea\xeb\xec\xed\xee\xef"
4058 "\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7"
4059 "\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff",
4060 .ilen = 512,
4061 .result = "\x1c\x3b\x3a\x10\x2f\x77\x03\x86"
4062 "\xe4\x83\x6c\x99\xe3\x70\xcf\x9b"
4063 "\xea\x00\x80\x3f\x5e\x48\x23\x57"
4064 "\xa4\xae\x12\xd4\x14\xa3\xe6\x3b"
4065 "\x5d\x31\xe2\x76\xf8\xfe\x4a\x8d"
4066 "\x66\xb3\x17\xf9\xac\x68\x3f\x44"
4067 "\x68\x0a\x86\xac\x35\xad\xfc\x33"
4068 "\x45\xbe\xfe\xcb\x4b\xb1\x88\xfd"
4069 "\x57\x76\x92\x6c\x49\xa3\x09\x5e"
4070 "\xb1\x08\xfd\x10\x98\xba\xec\x70"
4071 "\xaa\xa6\x69\x99\xa7\x2a\x82\xf2"
4072 "\x7d\x84\x8b\x21\xd4\xa7\x41\xb0"
4073 "\xc5\xcd\x4d\x5f\xff\x9d\xac\x89"
4074 "\xae\xba\x12\x29\x61\xd0\x3a\x75"
4075 "\x71\x23\xe9\x87\x0f\x8a\xcf\x10"
4076 "\x00\x02\x08\x87\x89\x14\x29\xca"
4077 "\x2a\x3e\x7a\x7d\x7d\xf7\xb1\x03"
4078 "\x55\x16\x5c\x8b\x9a\x6d\x0a\x7d"
4079 "\xe8\xb0\x62\xc4\x50\x0d\xc4\xcd"
4080 "\x12\x0c\x0f\x74\x18\xda\xe3\xd0"
4081 "\xb5\x78\x1c\x34\x80\x3f\xa7\x54"
4082 "\x21\xc7\x90\xdf\xe1\xde\x18\x34"
4083 "\xf2\x80\xd7\x66\x7b\x32\x7f\x6c"
4084 "\x8c\xd7\x55\x7e\x12\xac\x3a\x0f"
4085 "\x93\xec\x05\xc5\x2e\x04\x93\xef"
4086 "\x31\xa1\x2d\x3d\x92\x60\xf7\x9a"
4087 "\x28\x9d\x6a\x37\x9b\xc7\x0c\x50"
4088 "\x84\x14\x73\xd1\xa8\xcc\x81\xec"
4089 "\x58\x3e\x96\x45\xe0\x7b\x8d\x96"
4090 "\x70\x65\x5b\xa5\xbb\xcf\xec\xc6"
4091 "\xdc\x39\x66\x38\x0a\xd8\xfe\xcb"
4092 "\x17\xb6\xba\x02\x46\x9a\x02\x0a"
4093 "\x84\xe1\x8e\x8f\x84\x25\x20\x70"
4094 "\xc1\x3e\x9f\x1f\x28\x9b\xe5\x4f"
4095 "\xbc\x48\x14\x57\x77\x8f\x61\x60"
4096 "\x15\xe1\x32\x7a\x02\xb1\x40\xf1"
4097 "\x50\x5e\xb3\x09\x32\x6d\x68\x37"
4098 "\x8f\x83\x74\x59\x5c\x84\x9d\x84"
4099 "\xf4\xc3\x33\xec\x44\x23\x88\x51"
4100 "\x43\xcb\x47\xbd\x71\xc5\xed\xae"
4101 "\x9b\xe6\x9a\x2f\xfe\xce\xb1\xbe"
4102 "\xc9\xde\x24\x4f\xbe\x15\x99\x2b"
4103 "\x11\xb7\x7c\x04\x0f\x12\xbd\x8f"
4104 "\x6a\x97\x5a\x44\xa0\xf9\x0c\x29"
4105 "\xa9\xab\xc3\xd4\xd8\x93\x92\x72"
4106 "\x84\xc5\x87\x54\xcc\xe2\x94\x52"
4107 "\x9f\x86\x14\xdc\xd2\xab\xa9\x91"
4108 "\x92\x5f\xed\xc4\xae\x74\xff\xac"
4109 "\x6e\x33\x3b\x93\xeb\x4a\xff\x04"
4110 "\x79\xda\x9a\x41\x0e\x44\x50\xe0"
4111 "\xdd\x7a\xe4\xc6\xe2\x91\x09\x00"
4112 "\x57\x5d\xa4\x01\xfc\x07\x05\x9f"
4113 "\x64\x5e\x8b\x7e\x9b\xfd\xef\x33"
4114 "\x94\x30\x54\xff\x84\x01\x14\x93"
4115 "\xc2\x7b\x34\x29\xea\xed\xb4\xed"
4116 "\x53\x76\x44\x1a\x77\xed\x43\x85"
4117 "\x1a\xd7\x7f\x16\xf5\x41\xdf\xd2"
4118 "\x69\xd5\x0d\x6a\x5f\x14\xfb\x0a"
4119 "\xab\x1c\xbb\x4c\x15\x50\xbe\x97"
4120 "\xf7\xab\x40\x66\x19\x3c\x4c\xaa"
4121 "\x77\x3d\xad\x38\x01\x4b\xd2\x09"
4122 "\x2f\xa7\x55\xc8\x24\xbb\x5e\x54"
4123 "\xc4\xf3\x6f\xfd\xa9\xfc\xea\x70"
4124 "\xb9\xc6\xe6\x93\xe1\x48\xc1\x51",
4125 .rlen = 512,
3929 } 4126 }
3930}; 4127};
3931 4128
@@ -4123,6 +4320,151 @@ static struct cipher_testvec aes_xts_dec_tv_template[] = {
4123 "\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7" 4320 "\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7"
4124 "\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff", 4321 "\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff",
4125 .rlen = 512, 4322 .rlen = 512,
4323 }, { /* XTS-AES 10, XTS-AES-256, data unit 512 bytes */
4324 .key = "\x27\x18\x28\x18\x28\x45\x90\x45"
4325 "\x23\x53\x60\x28\x74\x71\x35\x26"
4326 "\x62\x49\x77\x57\x24\x70\x93\x69"
4327 "\x99\x59\x57\x49\x66\x96\x76\x27"
4328 "\x31\x41\x59\x26\x53\x58\x97\x93"
4329 "\x23\x84\x62\x64\x33\x83\x27\x95"
4330 "\x02\x88\x41\x97\x16\x93\x99\x37"
4331 "\x51\x05\x82\x09\x74\x94\x45\x92",
4332 .klen = 64,
4333 .iv = "\xff\x00\x00\x00\x00\x00\x00\x00"
4334 "\x00\x00\x00\x00\x00\x00\x00\x00",
4335 "\x00\x00\x00\x00\x00\x00\x00\x00",
4336 "\x00\x00\x00\x00\x00\x00\x00\x00",
4337 .input = "\x1c\x3b\x3a\x10\x2f\x77\x03\x86"
4338 "\xe4\x83\x6c\x99\xe3\x70\xcf\x9b"
4339 "\xea\x00\x80\x3f\x5e\x48\x23\x57"
4340 "\xa4\xae\x12\xd4\x14\xa3\xe6\x3b"
4341 "\x5d\x31\xe2\x76\xf8\xfe\x4a\x8d"
4342 "\x66\xb3\x17\xf9\xac\x68\x3f\x44"
4343 "\x68\x0a\x86\xac\x35\xad\xfc\x33"
4344 "\x45\xbe\xfe\xcb\x4b\xb1\x88\xfd"
4345 "\x57\x76\x92\x6c\x49\xa3\x09\x5e"
4346 "\xb1\x08\xfd\x10\x98\xba\xec\x70"
4347 "\xaa\xa6\x69\x99\xa7\x2a\x82\xf2"
4348 "\x7d\x84\x8b\x21\xd4\xa7\x41\xb0"
4349 "\xc5\xcd\x4d\x5f\xff\x9d\xac\x89"
4350 "\xae\xba\x12\x29\x61\xd0\x3a\x75"
4351 "\x71\x23\xe9\x87\x0f\x8a\xcf\x10"
4352 "\x00\x02\x08\x87\x89\x14\x29\xca"
4353 "\x2a\x3e\x7a\x7d\x7d\xf7\xb1\x03"
4354 "\x55\x16\x5c\x8b\x9a\x6d\x0a\x7d"
4355 "\xe8\xb0\x62\xc4\x50\x0d\xc4\xcd"
4356 "\x12\x0c\x0f\x74\x18\xda\xe3\xd0"
4357 "\xb5\x78\x1c\x34\x80\x3f\xa7\x54"
4358 "\x21\xc7\x90\xdf\xe1\xde\x18\x34"
4359 "\xf2\x80\xd7\x66\x7b\x32\x7f\x6c"
4360 "\x8c\xd7\x55\x7e\x12\xac\x3a\x0f"
4361 "\x93\xec\x05\xc5\x2e\x04\x93\xef"
4362 "\x31\xa1\x2d\x3d\x92\x60\xf7\x9a"
4363 "\x28\x9d\x6a\x37\x9b\xc7\x0c\x50"
4364 "\x84\x14\x73\xd1\xa8\xcc\x81\xec"
4365 "\x58\x3e\x96\x45\xe0\x7b\x8d\x96"
4366 "\x70\x65\x5b\xa5\xbb\xcf\xec\xc6"
4367 "\xdc\x39\x66\x38\x0a\xd8\xfe\xcb"
4368 "\x17\xb6\xba\x02\x46\x9a\x02\x0a"
4369 "\x84\xe1\x8e\x8f\x84\x25\x20\x70"
4370 "\xc1\x3e\x9f\x1f\x28\x9b\xe5\x4f"
4371 "\xbc\x48\x14\x57\x77\x8f\x61\x60"
4372 "\x15\xe1\x32\x7a\x02\xb1\x40\xf1"
4373 "\x50\x5e\xb3\x09\x32\x6d\x68\x37"
4374 "\x8f\x83\x74\x59\x5c\x84\x9d\x84"
4375 "\xf4\xc3\x33\xec\x44\x23\x88\x51"
4376 "\x43\xcb\x47\xbd\x71\xc5\xed\xae"
4377 "\x9b\xe6\x9a\x2f\xfe\xce\xb1\xbe"
4378 "\xc9\xde\x24\x4f\xbe\x15\x99\x2b"
4379 "\x11\xb7\x7c\x04\x0f\x12\xbd\x8f"
4380 "\x6a\x97\x5a\x44\xa0\xf9\x0c\x29"
4381 "\xa9\xab\xc3\xd4\xd8\x93\x92\x72"
4382 "\x84\xc5\x87\x54\xcc\xe2\x94\x52"
4383 "\x9f\x86\x14\xdc\xd2\xab\xa9\x91"
4384 "\x92\x5f\xed\xc4\xae\x74\xff\xac"
4385 "\x6e\x33\x3b\x93\xeb\x4a\xff\x04"
4386 "\x79\xda\x9a\x41\x0e\x44\x50\xe0"
4387 "\xdd\x7a\xe4\xc6\xe2\x91\x09\x00"
4388 "\x57\x5d\xa4\x01\xfc\x07\x05\x9f"
4389 "\x64\x5e\x8b\x7e\x9b\xfd\xef\x33"
4390 "\x94\x30\x54\xff\x84\x01\x14\x93"
4391 "\xc2\x7b\x34\x29\xea\xed\xb4\xed"
4392 "\x53\x76\x44\x1a\x77\xed\x43\x85"
4393 "\x1a\xd7\x7f\x16\xf5\x41\xdf\xd2"
4394 "\x69\xd5\x0d\x6a\x5f\x14\xfb\x0a"
4395 "\xab\x1c\xbb\x4c\x15\x50\xbe\x97"
4396 "\xf7\xab\x40\x66\x19\x3c\x4c\xaa"
4397 "\x77\x3d\xad\x38\x01\x4b\xd2\x09"
4398 "\x2f\xa7\x55\xc8\x24\xbb\x5e\x54"
4399 "\xc4\xf3\x6f\xfd\xa9\xfc\xea\x70"
4400 "\xb9\xc6\xe6\x93\xe1\x48\xc1\x51",
4401 .ilen = 512,
4402 .result = "\x00\x01\x02\x03\x04\x05\x06\x07"
4403 "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f"
4404 "\x10\x11\x12\x13\x14\x15\x16\x17"
4405 "\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f"
4406 "\x20\x21\x22\x23\x24\x25\x26\x27"
4407 "\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f"
4408 "\x30\x31\x32\x33\x34\x35\x36\x37"
4409 "\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f"
4410 "\x40\x41\x42\x43\x44\x45\x46\x47"
4411 "\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f"
4412 "\x50\x51\x52\x53\x54\x55\x56\x57"
4413 "\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f"
4414 "\x60\x61\x62\x63\x64\x65\x66\x67"
4415 "\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f"
4416 "\x70\x71\x72\x73\x74\x75\x76\x77"
4417 "\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f"
4418 "\x80\x81\x82\x83\x84\x85\x86\x87"
4419 "\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f"
4420 "\x90\x91\x92\x93\x94\x95\x96\x97"
4421 "\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f"
4422 "\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7"
4423 "\xa8\xa9\xaa\xab\xac\xad\xae\xaf"
4424 "\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7"
4425 "\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf"
4426 "\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7"
4427 "\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf"
4428 "\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7"
4429 "\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf"
4430 "\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7"
4431 "\xe8\xe9\xea\xeb\xec\xed\xee\xef"
4432 "\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7"
4433 "\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff"
4434 "\x00\x01\x02\x03\x04\x05\x06\x07"
4435 "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f"
4436 "\x10\x11\x12\x13\x14\x15\x16\x17"
4437 "\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f"
4438 "\x20\x21\x22\x23\x24\x25\x26\x27"
4439 "\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f"
4440 "\x30\x31\x32\x33\x34\x35\x36\x37"
4441 "\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f"
4442 "\x40\x41\x42\x43\x44\x45\x46\x47"
4443 "\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f"
4444 "\x50\x51\x52\x53\x54\x55\x56\x57"
4445 "\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f"
4446 "\x60\x61\x62\x63\x64\x65\x66\x67"
4447 "\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f"
4448 "\x70\x71\x72\x73\x74\x75\x76\x77"
4449 "\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f"
4450 "\x80\x81\x82\x83\x84\x85\x86\x87"
4451 "\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f"
4452 "\x90\x91\x92\x93\x94\x95\x96\x97"
4453 "\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f"
4454 "\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7"
4455 "\xa8\xa9\xaa\xab\xac\xad\xae\xaf"
4456 "\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7"
4457 "\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf"
4458 "\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7"
4459 "\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf"
4460 "\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7"
4461 "\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf"
4462 "\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7"
4463 "\xe8\xe9\xea\xeb\xec\xed\xee\xef"
4464 "\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7"
4465 "\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff",
4466 .rlen = 512,
4467
4126 } 4468 }
4127}; 4469};
4128 4470
@@ -4285,6 +4627,164 @@ static struct cipher_testvec aes_ctr_dec_tv_template[] = {
4285 } 4627 }
4286}; 4628};
4287 4629
4630static struct cipher_testvec aes_ofb_enc_tv_template[] = {
4631 { /* From NIST Special Publication 800-38A, Appendix F.5 */
4632 .key = "\x2b\x7e\x15\x16\x28\xae\xd2\xa6"
4633 "\xab\xf7\x15\x88\x09\xcf\x4f\x3c",
4634 .klen = 16,
4635 .iv = "\x00\x01\x02\x03\x04\x05\x06\x07"
4636 "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f",
4637 .input = "\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96"
4638 "\xe9\x3d\x7e\x11\x73\x93\x17\x2a"
4639 "\xae\x2d\x8a\x57\x1e\x03\xac\x9c"
4640 "\x9e\xb7\x6f\xac\x45\xaf\x8e\x51"
4641 "\x30\xc8\x1c\x46\xa3\x5c\xe4\x11"
4642 "\xe5\xfb\xc1\x19\x1a\x0a\x52\xef"
4643 "\xf6\x9f\x24\x45\xdf\x4f\x9b\x17"
4644 "\xad\x2b\x41\x7b\xe6\x6c\x37\x10",
4645 .ilen = 64,
4646 .result = "\x3B\x3F\xD9\x2E\xB7\x2D\xAD\x20"
4647 "\x33\x34\x49\xF8\xE8\x3C\xFB\x4A"
4648 "\x77\x89\x50\x8D\x16\x91\x8F\x03"
4649 "\xF5\x3C\x52\xDA\xC5\x4E\xD8\x25"
4650 "\x97\x40\x05\x1E\x9C\x5F\xEC\xF6"
4651 "\x43\x44\xF7\xA8\x22\x60\xED\xCC"
4652 "\x30\x4C\x65\x28\xF6\x59\xC7\x78"
4653 "\x66\xA5\x10\xD9\xC1\xD6\xAE\x5E",
4654 .rlen = 64,
4655 }, {
4656 .key = "\x8e\x73\xb0\xf7\xda\x0e\x64\x52"
4657 "\xc8\x10\xf3\x2b\x80\x90\x79\xe5"
4658 "\x62\xf8\xea\xd2\x52\x2c\x6b\x7b",
4659 .klen = 24,
4660 .iv = "\x00\x01\x02\x03\x04\x05\x06\x07"
4661 "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f",
4662 .input = "\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96"
4663 "\xe9\x3d\x7e\x11\x73\x93\x17\x2a"
4664 "\xae\x2d\x8a\x57\x1e\x03\xac\x9c"
4665 "\x9e\xb7\x6f\xac\x45\xaf\x8e\x51"
4666 "\x30\xc8\x1c\x46\xa3\x5c\xe4\x11"
4667 "\xe5\xfb\xc1\x19\x1a\x0a\x52\xef"
4668 "\xf6\x9f\x24\x45\xdf\x4f\x9b\x17"
4669 "\xad\x2b\x41\x7b\xe6\x6c\x37\x10",
4670 .ilen = 64,
4671 .result = "\xCD\xC8\x0D\x6F\xDD\xF1\x8C\xAB"
4672 "\x34\xC2\x59\x09\xC9\x9A\x41\x74"
4673 "\xFC\xC2\x8B\x8D\x4C\x63\x83\x7C"
4674 "\x09\xE8\x17\x00\xC1\x10\x04\x01"
4675 "\x8D\x9A\x9A\xEA\xC0\xF6\x59\x6F"
4676 "\x55\x9C\x6D\x4D\xAF\x59\xA5\xF2"
4677 "\x6D\x9F\x20\x08\x57\xCA\x6C\x3E"
4678 "\x9C\xAC\x52\x4B\xD9\xAC\xC9\x2A",
4679 .rlen = 64,
4680 }, {
4681 .key = "\x60\x3d\xeb\x10\x15\xca\x71\xbe"
4682 "\x2b\x73\xae\xf0\x85\x7d\x77\x81"
4683 "\x1f\x35\x2c\x07\x3b\x61\x08\xd7"
4684 "\x2d\x98\x10\xa3\x09\x14\xdf\xf4",
4685 .klen = 32,
4686 .iv = "\x00\x01\x02\x03\x04\x05\x06\x07"
4687 "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f",
4688 .input = "\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96"
4689 "\xe9\x3d\x7e\x11\x73\x93\x17\x2a"
4690 "\xae\x2d\x8a\x57\x1e\x03\xac\x9c"
4691 "\x9e\xb7\x6f\xac\x45\xaf\x8e\x51"
4692 "\x30\xc8\x1c\x46\xa3\x5c\xe4\x11"
4693 "\xe5\xfb\xc1\x19\x1a\x0a\x52\xef"
4694 "\xf6\x9f\x24\x45\xdf\x4f\x9b\x17"
4695 "\xad\x2b\x41\x7b\xe6\x6c\x37\x10",
4696 .ilen = 64,
4697 .result = "\xDC\x7E\x84\xBF\xDA\x79\x16\x4B"
4698 "\x7E\xCD\x84\x86\x98\x5D\x38\x60"
4699 "\x4F\xEB\xDC\x67\x40\xD2\x0B\x3A"
4700 "\xC8\x8F\x6A\xD8\x2A\x4F\xB0\x8D"
4701 "\x71\xAB\x47\xA0\x86\xE8\x6E\xED"
4702 "\xF3\x9D\x1C\x5B\xBA\x97\xC4\x08"
4703 "\x01\x26\x14\x1D\x67\xF3\x7B\xE8"
4704 "\x53\x8F\x5A\x8B\xE7\x40\xE4\x84",
4705 .rlen = 64,
4706 }
4707};
4708
4709static struct cipher_testvec aes_ofb_dec_tv_template[] = {
4710 { /* From NIST Special Publication 800-38A, Appendix F.5 */
4711 .key = "\x2b\x7e\x15\x16\x28\xae\xd2\xa6"
4712 "\xab\xf7\x15\x88\x09\xcf\x4f\x3c",
4713 .klen = 16,
4714 .iv = "\x00\x01\x02\x03\x04\x05\x06\x07"
4715 "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f",
4716 .input = "\x3B\x3F\xD9\x2E\xB7\x2D\xAD\x20"
4717 "\x33\x34\x49\xF8\xE8\x3C\xFB\x4A"
4718 "\x77\x89\x50\x8D\x16\x91\x8F\x03"
4719 "\xF5\x3C\x52\xDA\xC5\x4E\xD8\x25"
4720 "\x97\x40\x05\x1E\x9C\x5F\xEC\xF6"
4721 "\x43\x44\xF7\xA8\x22\x60\xED\xCC"
4722 "\x30\x4C\x65\x28\xF6\x59\xC7\x78"
4723 "\x66\xA5\x10\xD9\xC1\xD6\xAE\x5E",
4724 .ilen = 64,
4725 .result = "\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96"
4726 "\xe9\x3d\x7e\x11\x73\x93\x17\x2a"
4727 "\xae\x2d\x8a\x57\x1e\x03\xac\x9c"
4728 "\x9e\xb7\x6f\xac\x45\xaf\x8e\x51"
4729 "\x30\xc8\x1c\x46\xa3\x5c\xe4\x11"
4730 "\xe5\xfb\xc1\x19\x1a\x0a\x52\xef"
4731 "\xf6\x9f\x24\x45\xdf\x4f\x9b\x17"
4732 "\xad\x2b\x41\x7b\xe6\x6c\x37\x10",
4733 .rlen = 64,
4734 }, {
4735 .key = "\x8e\x73\xb0\xf7\xda\x0e\x64\x52"
4736 "\xc8\x10\xf3\x2b\x80\x90\x79\xe5"
4737 "\x62\xf8\xea\xd2\x52\x2c\x6b\x7b",
4738 .klen = 24,
4739 .iv = "\x00\x01\x02\x03\x04\x05\x06\x07"
4740 "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f",
4741 .input = "\xCD\xC8\x0D\x6F\xDD\xF1\x8C\xAB"
4742 "\x34\xC2\x59\x09\xC9\x9A\x41\x74"
4743 "\xFC\xC2\x8B\x8D\x4C\x63\x83\x7C"
4744 "\x09\xE8\x17\x00\xC1\x10\x04\x01"
4745 "\x8D\x9A\x9A\xEA\xC0\xF6\x59\x6F"
4746 "\x55\x9C\x6D\x4D\xAF\x59\xA5\xF2"
4747 "\x6D\x9F\x20\x08\x57\xCA\x6C\x3E"
4748 "\x9C\xAC\x52\x4B\xD9\xAC\xC9\x2A",
4749 .ilen = 64,
4750 .result = "\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96"
4751 "\xe9\x3d\x7e\x11\x73\x93\x17\x2a"
4752 "\xae\x2d\x8a\x57\x1e\x03\xac\x9c"
4753 "\x9e\xb7\x6f\xac\x45\xaf\x8e\x51"
4754 "\x30\xc8\x1c\x46\xa3\x5c\xe4\x11"
4755 "\xe5\xfb\xc1\x19\x1a\x0a\x52\xef"
4756 "\xf6\x9f\x24\x45\xdf\x4f\x9b\x17"
4757 "\xad\x2b\x41\x7b\xe6\x6c\x37\x10",
4758 .rlen = 64,
4759 }, {
4760 .key = "\x60\x3d\xeb\x10\x15\xca\x71\xbe"
4761 "\x2b\x73\xae\xf0\x85\x7d\x77\x81"
4762 "\x1f\x35\x2c\x07\x3b\x61\x08\xd7"
4763 "\x2d\x98\x10\xa3\x09\x14\xdf\xf4",
4764 .klen = 32,
4765 .iv = "\x00\x01\x02\x03\x04\x05\x06\x07"
4766 "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f",
4767 .input = "\xDC\x7E\x84\xBF\xDA\x79\x16\x4B"
4768 "\x7E\xCD\x84\x86\x98\x5D\x38\x60"
4769 "\x4F\xEB\xDC\x67\x40\xD2\x0B\x3A"
4770 "\xC8\x8F\x6A\xD8\x2A\x4F\xB0\x8D"
4771 "\x71\xAB\x47\xA0\x86\xE8\x6E\xED"
4772 "\xF3\x9D\x1C\x5B\xBA\x97\xC4\x08"
4773 "\x01\x26\x14\x1D\x67\xF3\x7B\xE8"
4774 "\x53\x8F\x5A\x8B\xE7\x40\xE4\x84",
4775 .ilen = 64,
4776 .result = "\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96"
4777 "\xe9\x3d\x7e\x11\x73\x93\x17\x2a"
4778 "\xae\x2d\x8a\x57\x1e\x03\xac\x9c"
4779 "\x9e\xb7\x6f\xac\x45\xaf\x8e\x51"
4780 "\x30\xc8\x1c\x46\xa3\x5c\xe4\x11"
4781 "\xe5\xfb\xc1\x19\x1a\x0a\x52\xef"
4782 "\xf6\x9f\x24\x45\xdf\x4f\x9b\x17"
4783 "\xad\x2b\x41\x7b\xe6\x6c\x37\x10",
4784 .rlen = 64,
4785 }
4786};
4787
4288static struct cipher_testvec aes_ctr_rfc3686_enc_tv_template[] = { 4788static struct cipher_testvec aes_ctr_rfc3686_enc_tv_template[] = {
4289 { /* From RFC 3686 */ 4789 { /* From RFC 3686 */
4290 .key = "\xae\x68\x52\xf8\x12\x10\x67\xcc" 4790 .key = "\xae\x68\x52\xf8\x12\x10\x67\xcc"
@@ -5508,64 +6008,6 @@ static struct cipher_testvec aes_ctr_rfc3686_dec_tv_template[] = {
5508 }, 6008 },
5509}; 6009};
5510 6010
5511static struct cipher_testvec aes_ofb_enc_tv_template[] = {
5512 /* From NIST Special Publication 800-38A, Appendix F.5 */
5513 {
5514 .key = "\x2b\x7e\x15\x16\x28\xae\xd2\xa6"
5515 "\xab\xf7\x15\x88\x09\xcf\x4f\x3c",
5516 .klen = 16,
5517 .iv = "\x00\x01\x02\x03\x04\x05\x06\x07\x08"
5518 "\x09\x0a\x0b\x0c\x0d\x0e\x0f",
5519 .input = "\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96"
5520 "\xe9\x3d\x7e\x11\x73\x93\x17\x2a"
5521 "\xae\x2d\x8a\x57\x1e\x03\xac\x9c"
5522 "\x9e\xb7\x6f\xac\x45\xaf\x8e\x51"
5523 "\x30\xc8\x1c\x46\xa3\x5c\xe4\x11"
5524 "\xe5\xfb\xc1\x19\x1a\x0a\x52\xef"
5525 "\xf6\x9f\x24\x45\xdf\x4f\x9b\x17"
5526 "\xad\x2b\x41\x7b\xe6\x6c\x37\x10",
5527 .ilen = 64,
5528 .result = "\x3b\x3f\xd9\x2e\xb7\x2d\xad\x20"
5529 "\x33\x34\x49\xf8\xe8\x3c\xfb\x4a"
5530 "\x77\x89\x50\x8d\x16\x91\x8f\x03\xf5"
5531 "\x3c\x52\xda\xc5\x4e\xd8\x25"
5532 "\x97\x40\x05\x1e\x9c\x5f\xec\xf6\x43"
5533 "\x44\xf7\xa8\x22\x60\xed\xcc"
5534 "\x30\x4c\x65\x28\xf6\x59\xc7\x78"
5535 "\x66\xa5\x10\xd9\xc1\xd6\xae\x5e",
5536 .rlen = 64,
5537 }
5538};
5539
5540static struct cipher_testvec aes_ofb_dec_tv_template[] = {
5541 /* From NIST Special Publication 800-38A, Appendix F.5 */
5542 {
5543 .key = "\x2b\x7e\x15\x16\x28\xae\xd2\xa6"
5544 "\xab\xf7\x15\x88\x09\xcf\x4f\x3c",
5545 .klen = 16,
5546 .iv = "\x00\x01\x02\x03\x04\x05\x06\x07\x08"
5547 "\x09\x0a\x0b\x0c\x0d\x0e\x0f",
5548 .input = "\x3b\x3f\xd9\x2e\xb7\x2d\xad\x20"
5549 "\x33\x34\x49\xf8\xe8\x3c\xfb\x4a"
5550 "\x77\x89\x50\x8d\x16\x91\x8f\x03\xf5"
5551 "\x3c\x52\xda\xc5\x4e\xd8\x25"
5552 "\x97\x40\x05\x1e\x9c\x5f\xec\xf6\x43"
5553 "\x44\xf7\xa8\x22\x60\xed\xcc"
5554 "\x30\x4c\x65\x28\xf6\x59\xc7\x78"
5555 "\x66\xa5\x10\xd9\xc1\xd6\xae\x5e",
5556 .ilen = 64,
5557 .result = "\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96"
5558 "\xe9\x3d\x7e\x11\x73\x93\x17\x2a"
5559 "\xae\x2d\x8a\x57\x1e\x03\xac\x9c"
5560 "\x9e\xb7\x6f\xac\x45\xaf\x8e\x51"
5561 "\x30\xc8\x1c\x46\xa3\x5c\xe4\x11"
5562 "\xe5\xfb\xc1\x19\x1a\x0a\x52\xef"
5563 "\xf6\x9f\x24\x45\xdf\x4f\x9b\x17"
5564 "\xad\x2b\x41\x7b\xe6\x6c\x37\x10",
5565 .rlen = 64,
5566 }
5567};
5568
5569static struct aead_testvec aes_gcm_enc_tv_template[] = { 6011static struct aead_testvec aes_gcm_enc_tv_template[] = {
5570 { /* From McGrew & Viega - http://citeseer.ist.psu.edu/656989.html */ 6012 { /* From McGrew & Viega - http://citeseer.ist.psu.edu/656989.html */
5571 .key = zeroed_string, 6013 .key = zeroed_string,
generated by cgit v1.2.2 (git 2.25.0) at 2025-07-20 11:38:46 -0400