aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJoy Latten <latten@austin.ibm.com>2007-10-22 20:50:32 -0400
committerHerbert Xu <herbert@gondor.apana.org.au>2008-01-10 16:16:01 -0500
commit23e353c8a681cc30d42fbd4f2c2be85c44fe209b (patch)
treed64934fa42e3e1e2b3fcccb4e86168a1614e250d
parent490fe3f05be3f7c87d7932bcb6e6e53e3db2cd9c (diff)
[CRYPTO] ctr: Add CTR (Counter) block cipher mode
This patch implements CTR mode for IPsec. It is based off of RFC 3686. Please note: 1. CTR turns a block cipher into a stream cipher. Encryption is done in blocks, however the last block may be a partial block. A "counter block" is encrypted, creating a keystream that is xor'ed with the plaintext. The counter portion of the counter block is incremented after each block of plaintext is encrypted. Decryption is performed in same manner. 2. The CTR counterblock is composed of, nonce + IV + counter The size of the counterblock is equivalent to the blocksize of the cipher. sizeof(nonce) + sizeof(IV) + sizeof(counter) = blocksize The CTR template requires the name of the cipher algorithm, the sizeof the nonce, and the sizeof the iv. ctr(cipher,sizeof_nonce,sizeof_iv) So for example, ctr(aes,4,8) specifies the counterblock will be composed of 4 bytes from a nonce, 8 bytes from the iv, and 4 bytes for counter since aes has a blocksize of 16 bytes. 3. The counter portion of the counter block is stored in big endian for conformance to rfc 3686. Signed-off-by: Joy Latten <latten@austin.ibm.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-rw-r--r--crypto/Kconfig9
-rw-r--r--crypto/Makefile1
-rw-r--r--crypto/ctr.c369
-rw-r--r--crypto/tcrypt.c8
-rw-r--r--crypto/tcrypt.h185
5 files changed, 572 insertions, 0 deletions
diff --git a/crypto/Kconfig b/crypto/Kconfig
index 083d2e1dfc21..1f32071a3068 100644
--- a/crypto/Kconfig
+++ b/crypto/Kconfig
@@ -195,6 +195,15 @@ config CRYPTO_XTS
195 key size 256, 384 or 512 bits. This implementation currently 195 key size 256, 384 or 512 bits. This implementation currently
196 can't handle a sectorsize which is not a multiple of 16 bytes. 196 can't handle a sectorsize which is not a multiple of 16 bytes.
197 197
198config CRYPTO_CTR
199 tristate "CTR support"
200 select CRYPTO_BLKCIPHER
201 select CRYPTO_MANAGER
202 default m
203 help
204 CTR: Counter mode
205 This block cipher algorithm is required for IPSec.
206
198config CRYPTO_CRYPTD 207config CRYPTO_CRYPTD
199 tristate "Software async crypto daemon" 208 tristate "Software async crypto daemon"
200 select CRYPTO_ABLKCIPHER 209 select CRYPTO_ABLKCIPHER
diff --git a/crypto/Makefile b/crypto/Makefile
index 43c2a0dc9936..1f87db2e45b9 100644
--- a/crypto/Makefile
+++ b/crypto/Makefile
@@ -32,6 +32,7 @@ obj-$(CONFIG_CRYPTO_CBC) += cbc.o
32obj-$(CONFIG_CRYPTO_PCBC) += pcbc.o 32obj-$(CONFIG_CRYPTO_PCBC) += pcbc.o
33obj-$(CONFIG_CRYPTO_LRW) += lrw.o 33obj-$(CONFIG_CRYPTO_LRW) += lrw.o
34obj-$(CONFIG_CRYPTO_XTS) += xts.o 34obj-$(CONFIG_CRYPTO_XTS) += xts.o
35obj-$(CONFIG_CRYPTO_CTR) += ctr.o
35obj-$(CONFIG_CRYPTO_CRYPTD) += cryptd.o 36obj-$(CONFIG_CRYPTO_CRYPTD) += cryptd.o
36obj-$(CONFIG_CRYPTO_DES) += des_generic.o 37obj-$(CONFIG_CRYPTO_DES) += des_generic.o
37obj-$(CONFIG_CRYPTO_FCRYPT) += fcrypt.o 38obj-$(CONFIG_CRYPTO_FCRYPT) += fcrypt.o
diff --git a/crypto/ctr.c b/crypto/ctr.c
new file mode 100644
index 000000000000..810d5ec2d5d2
--- /dev/null
+++ b/crypto/ctr.c
@@ -0,0 +1,369 @@
1/*
2 * CTR: Counter mode
3 *
4 * (C) Copyright IBM Corp. 2007 - Joy Latten <latten@us.ibm.com>
5 *
6 * This program is free software; you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License as published by the Free
8 * Software Foundation; either version 2 of the License, or (at your option)
9 * any later version.
10 *
11 */
12
13#include <crypto/algapi.h>
14#include <linux/err.h>
15#include <linux/init.h>
16#include <linux/kernel.h>
17#include <linux/module.h>
18#include <linux/random.h>
19#include <linux/scatterlist.h>
20#include <linux/slab.h>
21
22struct ctr_instance_ctx {
23 struct crypto_spawn alg;
24 unsigned int noncesize;
25 unsigned int ivsize;
26};
27
28struct crypto_ctr_ctx {
29 struct crypto_cipher *child;
30 u8 *nonce;
31};
32
33static inline void __ctr_inc_byte(u8 *a, unsigned int size)
34{
35 u8 *b = (a + size);
36 u8 c;
37
38 for (; size; size--) {
39 c = *--b + 1;
40 *b = c;
41 if (c)
42 break;
43 }
44}
45
46static void ctr_inc_quad(u8 *a, unsigned int size)
47{
48 __be32 *b = (__be32 *)(a + size);
49 u32 c;
50
51 for (; size >= 4; size -=4) {
52 c = be32_to_cpu(*--b) + 1;
53 *b = cpu_to_be32(c);
54 if (c)
55 return;
56 }
57
58 __ctr_inc_byte(a, size);
59}
60
61static void xor_byte(u8 *a, const u8 *b, unsigned int bs)
62{
63 for (; bs; bs--)
64 *a++ ^= *b++;
65}
66
67static void xor_quad(u8 *dst, const u8 *src, unsigned int bs)
68{
69 u32 *a = (u32 *)dst;
70 u32 *b = (u32 *)src;
71
72 for (; bs >= 4; bs -= 4)
73 *a++ ^= *b++;
74
75 xor_byte((u8 *)a, (u8 *)b, bs);
76}
77
78static int crypto_ctr_setkey(struct crypto_tfm *parent, const u8 *key,
79 unsigned int keylen)
80{
81 struct crypto_ctr_ctx *ctx = crypto_tfm_ctx(parent);
82 struct crypto_cipher *child = ctx->child;
83 struct ctr_instance_ctx *ictx =
84 crypto_instance_ctx(crypto_tfm_alg_instance(parent));
85 unsigned int noncelen = ictx->noncesize;
86 int err = 0;
87
88 /* the nonce is stored in bytes at end of key */
89 if (keylen < noncelen)
90 return -EINVAL;
91
92 memcpy(ctx->nonce, key + (keylen - noncelen), noncelen);
93
94 keylen -= noncelen;
95
96 crypto_cipher_clear_flags(child, CRYPTO_TFM_REQ_MASK);
97 crypto_cipher_set_flags(child, crypto_tfm_get_flags(parent) &
98 CRYPTO_TFM_REQ_MASK);
99 err = crypto_cipher_setkey(child, key, keylen);
100 crypto_tfm_set_flags(parent, crypto_cipher_get_flags(child) &
101 CRYPTO_TFM_RES_MASK);
102
103 return err;
104}
105
106static int crypto_ctr_crypt_segment(struct blkcipher_walk *walk,
107 struct crypto_cipher *tfm, u8 *ctrblk,
108 unsigned int countersize)
109{
110 void (*fn)(struct crypto_tfm *, u8 *, const u8 *) =
111 crypto_cipher_alg(tfm)->cia_encrypt;
112 unsigned int bsize = crypto_cipher_blocksize(tfm);
113 unsigned long alignmask = crypto_cipher_alignmask(tfm);
114 u8 ks[bsize + alignmask];
115 u8 *keystream = (u8 *)ALIGN((unsigned long)ks, alignmask + 1);
116 u8 *src = walk->src.virt.addr;
117 u8 *dst = walk->dst.virt.addr;
118 unsigned int nbytes = walk->nbytes;
119
120 do {
121 /* create keystream */
122 fn(crypto_cipher_tfm(tfm), keystream, ctrblk);
123 xor_quad(keystream, src, min(nbytes, bsize));
124
125 /* copy result into dst */
126 memcpy(dst, keystream, min(nbytes, bsize));
127
128 /* increment counter in counterblock */
129 ctr_inc_quad(ctrblk + (bsize - countersize), countersize);
130
131 if (nbytes < bsize)
132 break;
133
134 src += bsize;
135 dst += bsize;
136 nbytes -= bsize;
137
138 } while (nbytes);
139
140 return 0;
141}
142
143static int crypto_ctr_crypt_inplace(struct blkcipher_walk *walk,
144 struct crypto_cipher *tfm, u8 *ctrblk,
145 unsigned int countersize)
146{
147 void (*fn)(struct crypto_tfm *, u8 *, const u8 *) =
148 crypto_cipher_alg(tfm)->cia_encrypt;
149 unsigned int bsize = crypto_cipher_blocksize(tfm);
150 unsigned long alignmask = crypto_cipher_alignmask(tfm);
151 unsigned int nbytes = walk->nbytes;
152 u8 *src = walk->src.virt.addr;
153 u8 ks[bsize + alignmask];
154 u8 *keystream = (u8 *)ALIGN((unsigned long)ks, alignmask + 1);
155
156 do {
157 /* create keystream */
158 fn(crypto_cipher_tfm(tfm), keystream, ctrblk);
159 xor_quad(src, keystream, min(nbytes, bsize));
160
161 /* increment counter in counterblock */
162 ctr_inc_quad(ctrblk + (bsize - countersize), countersize);
163
164 if (nbytes < bsize)
165 break;
166
167 src += bsize;
168 nbytes -= bsize;
169
170 } while (nbytes);
171
172 return 0;
173}
174
175static int crypto_ctr_crypt(struct blkcipher_desc *desc,
176 struct scatterlist *dst, struct scatterlist *src,
177 unsigned int nbytes)
178{
179 struct blkcipher_walk walk;
180 struct crypto_blkcipher *tfm = desc->tfm;
181 struct crypto_ctr_ctx *ctx = crypto_blkcipher_ctx(tfm);
182 struct crypto_cipher *child = ctx->child;
183 unsigned int bsize = crypto_cipher_blocksize(child);
184 struct ctr_instance_ctx *ictx =
185 crypto_instance_ctx(crypto_tfm_alg_instance(&tfm->base));
186 unsigned long alignmask = crypto_cipher_alignmask(child);
187 u8 cblk[bsize + alignmask];
188 u8 *counterblk = (u8 *)ALIGN((unsigned long)cblk, alignmask + 1);
189 unsigned int countersize;
190 int err;
191
192 blkcipher_walk_init(&walk, dst, src, nbytes);
193 err = blkcipher_walk_virt_block(desc, &walk, bsize);
194
195 /* set up counter block */
196 memset(counterblk, 0 , bsize);
197 memcpy(counterblk, ctx->nonce, ictx->noncesize);
198 memcpy(counterblk + ictx->noncesize, walk.iv, ictx->ivsize);
199
200 /* initialize counter portion of counter block */
201 countersize = bsize - ictx->noncesize - ictx->ivsize;
202 ctr_inc_quad(counterblk + (bsize - countersize), countersize);
203
204 while (walk.nbytes) {
205 if (walk.src.virt.addr == walk.dst.virt.addr)
206 nbytes = crypto_ctr_crypt_inplace(&walk, child,
207 counterblk,
208 countersize);
209 else
210 nbytes = crypto_ctr_crypt_segment(&walk, child,
211 counterblk,
212 countersize);
213
214 err = blkcipher_walk_done(desc, &walk, nbytes);
215 }
216 return err;
217}
218
219static int crypto_ctr_init_tfm(struct crypto_tfm *tfm)
220{
221 struct crypto_instance *inst = (void *)tfm->__crt_alg;
222 struct ctr_instance_ctx *ictx = crypto_instance_ctx(inst);
223 struct crypto_ctr_ctx *ctx = crypto_tfm_ctx(tfm);
224 struct crypto_cipher *cipher;
225
226 ctx->nonce = kzalloc(ictx->noncesize, GFP_KERNEL);
227 if (!ctx->nonce)
228 return -ENOMEM;
229
230 cipher = crypto_spawn_cipher(&ictx->alg);
231 if (IS_ERR(cipher))
232 return PTR_ERR(cipher);
233
234 ctx->child = cipher;
235
236 return 0;
237}
238
239static void crypto_ctr_exit_tfm(struct crypto_tfm *tfm)
240{
241 struct crypto_ctr_ctx *ctx = crypto_tfm_ctx(tfm);
242
243 kfree(ctx->nonce);
244 crypto_free_cipher(ctx->child);
245}
246
247static struct crypto_instance *crypto_ctr_alloc(struct rtattr **tb)
248{
249 struct crypto_instance *inst;
250 struct crypto_alg *alg;
251 struct ctr_instance_ctx *ictx;
252 unsigned int noncesize;
253 unsigned int ivsize;
254 int err;
255
256 err = crypto_check_attr_type(tb, CRYPTO_ALG_TYPE_BLKCIPHER);
257 if (err)
258 return ERR_PTR(err);
259
260 alg = crypto_attr_alg(tb[1], CRYPTO_ALG_TYPE_CIPHER,
261 CRYPTO_ALG_TYPE_MASK);
262 if (IS_ERR(alg))
263 return ERR_PTR(PTR_ERR(alg));
264
265 err = crypto_attr_u32(tb[2], &noncesize);
266 if (err)
267 goto out_put_alg;
268
269 err = crypto_attr_u32(tb[3], &ivsize);
270 if (err)
271 goto out_put_alg;
272
273 /* verify size of nonce + iv + counter */
274 err = -EINVAL;
275 if ((noncesize + ivsize) >= alg->cra_blocksize)
276 goto out_put_alg;
277
278 inst = kzalloc(sizeof(*inst) + sizeof(*ictx), GFP_KERNEL);
279 err = -ENOMEM;
280 if (!inst)
281 goto out_put_alg;
282
283 err = -ENAMETOOLONG;
284 if (snprintf(inst->alg.cra_name, CRYPTO_MAX_ALG_NAME,
285 "ctr(%s,%u,%u)", alg->cra_name, noncesize,
286 ivsize) >= CRYPTO_MAX_ALG_NAME) {
287 goto err_free_inst;
288 }
289
290 if (snprintf(inst->alg.cra_driver_name, CRYPTO_MAX_ALG_NAME,
291 "ctr(%s,%u,%u)", alg->cra_driver_name, noncesize,
292 ivsize) >= CRYPTO_MAX_ALG_NAME) {
293 goto err_free_inst;
294 }
295
296 ictx = crypto_instance_ctx(inst);
297 ictx->noncesize = noncesize;
298 ictx->ivsize = ivsize;
299
300 err = crypto_init_spawn(&ictx->alg, alg, inst,
301 CRYPTO_ALG_TYPE_MASK | CRYPTO_ALG_ASYNC);
302 if (err)
303 goto err_free_inst;
304
305 err = 0;
306 inst->alg.cra_flags = CRYPTO_ALG_TYPE_BLKCIPHER;
307 inst->alg.cra_priority = alg->cra_priority;
308 inst->alg.cra_blocksize = 1;
309 inst->alg.cra_alignmask = 3;
310 inst->alg.cra_type = &crypto_blkcipher_type;
311
312 inst->alg.cra_blkcipher.ivsize = ivsize;
313 inst->alg.cra_blkcipher.min_keysize = alg->cra_cipher.cia_min_keysize
314 + noncesize;
315 inst->alg.cra_blkcipher.max_keysize = alg->cra_cipher.cia_max_keysize
316 + noncesize;
317
318 inst->alg.cra_ctxsize = sizeof(struct crypto_ctr_ctx);
319
320 inst->alg.cra_init = crypto_ctr_init_tfm;
321 inst->alg.cra_exit = crypto_ctr_exit_tfm;
322
323 inst->alg.cra_blkcipher.setkey = crypto_ctr_setkey;
324 inst->alg.cra_blkcipher.encrypt = crypto_ctr_crypt;
325 inst->alg.cra_blkcipher.decrypt = crypto_ctr_crypt;
326
327err_free_inst:
328 if (err)
329 kfree(inst);
330
331out_put_alg:
332 crypto_mod_put(alg);
333
334 if (err)
335 inst = ERR_PTR(err);
336
337 return inst;
338}
339
340static void crypto_ctr_free(struct crypto_instance *inst)
341{
342 struct ctr_instance_ctx *ictx = crypto_instance_ctx(inst);
343
344 crypto_drop_spawn(&ictx->alg);
345 kfree(inst);
346}
347
348static struct crypto_template crypto_ctr_tmpl = {
349 .name = "ctr",
350 .alloc = crypto_ctr_alloc,
351 .free = crypto_ctr_free,
352 .module = THIS_MODULE,
353};
354
355static int __init crypto_ctr_module_init(void)
356{
357 return crypto_register_template(&crypto_ctr_tmpl);
358}
359
360static void __exit crypto_ctr_module_exit(void)
361{
362 crypto_unregister_template(&crypto_ctr_tmpl);
363}
364
365module_init(crypto_ctr_module_init);
366module_exit(crypto_ctr_module_exit);
367
368MODULE_LICENSE("GPL");
369MODULE_DESCRIPTION("CTR Counter block mode");
diff --git a/crypto/tcrypt.c b/crypto/tcrypt.c
index 24141fb6f5cb..640cbcad32a1 100644
--- a/crypto/tcrypt.c
+++ b/crypto/tcrypt.c
@@ -969,6 +969,10 @@ static void do_test(void)
969 AES_XTS_ENC_TEST_VECTORS); 969 AES_XTS_ENC_TEST_VECTORS);
970 test_cipher("xts(aes)", DECRYPT, aes_xts_dec_tv_template, 970 test_cipher("xts(aes)", DECRYPT, aes_xts_dec_tv_template,
971 AES_XTS_DEC_TEST_VECTORS); 971 AES_XTS_DEC_TEST_VECTORS);
972 test_cipher("ctr(aes,4,8)", ENCRYPT, aes_ctr_enc_tv_template,
973 AES_CTR_ENC_TEST_VECTORS);
974 test_cipher("ctr(aes,4,8)", DECRYPT, aes_ctr_dec_tv_template,
975 AES_CTR_DEC_TEST_VECTORS);
972 976
973 //CAST5 977 //CAST5
974 test_cipher("ecb(cast5)", ENCRYPT, cast5_enc_tv_template, 978 test_cipher("ecb(cast5)", ENCRYPT, cast5_enc_tv_template,
@@ -1156,6 +1160,10 @@ static void do_test(void)
1156 AES_XTS_ENC_TEST_VECTORS); 1160 AES_XTS_ENC_TEST_VECTORS);
1157 test_cipher("xts(aes)", DECRYPT, aes_xts_dec_tv_template, 1161 test_cipher("xts(aes)", DECRYPT, aes_xts_dec_tv_template,
1158 AES_XTS_DEC_TEST_VECTORS); 1162 AES_XTS_DEC_TEST_VECTORS);
1163 test_cipher("ctr(aes,4,8)", ENCRYPT, aes_ctr_enc_tv_template,
1164 AES_CTR_ENC_TEST_VECTORS);
1165 test_cipher("ctr(aes,4,8)", DECRYPT, aes_ctr_dec_tv_template,
1166 AES_CTR_DEC_TEST_VECTORS);
1159 break; 1167 break;
1160 1168
1161 case 11: 1169 case 11:
diff --git a/crypto/tcrypt.h b/crypto/tcrypt.h
index ec861388d9a0..f7f9b2379270 100644
--- a/crypto/tcrypt.h
+++ b/crypto/tcrypt.h
@@ -2146,6 +2146,8 @@ static struct cipher_testvec cast6_dec_tv_template[] = {
2146#define AES_LRW_DEC_TEST_VECTORS 8 2146#define AES_LRW_DEC_TEST_VECTORS 8
2147#define AES_XTS_ENC_TEST_VECTORS 4 2147#define AES_XTS_ENC_TEST_VECTORS 4
2148#define AES_XTS_DEC_TEST_VECTORS 4 2148#define AES_XTS_DEC_TEST_VECTORS 4
2149#define AES_CTR_ENC_TEST_VECTORS 6
2150#define AES_CTR_DEC_TEST_VECTORS 6
2149 2151
2150static struct cipher_testvec aes_enc_tv_template[] = { 2152static struct cipher_testvec aes_enc_tv_template[] = {
2151 { /* From FIPS-197 */ 2153 { /* From FIPS-197 */
@@ -3180,6 +3182,189 @@ static struct cipher_testvec aes_xts_dec_tv_template[] = {
3180 } 3182 }
3181}; 3183};
3182 3184
3185
3186static struct cipher_testvec aes_ctr_enc_tv_template[] = {
3187 { /* From RFC 3686 */
3188 .key = { 0xae, 0x68, 0x52, 0xf8, 0x12, 0x10, 0x67, 0xcc,
3189 0x4b, 0xf7, 0xa5, 0x76, 0x55, 0x77, 0xf3, 0x9e,
3190 0x00, 0x00, 0x00, 0x30 },
3191 .klen = 20,
3192 .iv = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
3193 .input = { "Single block msg" },
3194 .ilen = 16,
3195 .result = { 0xe4, 0x09, 0x5d, 0x4f, 0xb7, 0xa7, 0xb3, 0x79,
3196 0x2d, 0x61, 0x75, 0xa3, 0x26, 0x13, 0x11, 0xb8 },
3197 .rlen = 16,
3198 }, {
3199 .key = { 0x7e, 0x24, 0x06, 0x78, 0x17, 0xfa, 0xe0, 0xd7,
3200 0x43, 0xd6, 0xce, 0x1f, 0x32, 0x53, 0x91, 0x63,
3201 0x00, 0x6c, 0xb6, 0xdb },
3202 .klen = 20,
3203 .iv = { 0xc0, 0x54, 0x3b, 0x59, 0xda, 0x48, 0xd9, 0x0b },
3204 .input = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
3205 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
3206 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
3207 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f },
3208 .ilen = 32,
3209 .result = { 0x51, 0x04, 0xa1, 0x06, 0x16, 0x8a, 0x72, 0xd9,
3210 0x79, 0x0d, 0x41, 0xee, 0x8e, 0xda, 0xd3, 0x88,
3211 0xeb, 0x2e, 0x1e, 0xfc, 0x46, 0xda, 0x57, 0xc8,
3212 0xfc, 0xe6, 0x30, 0xdf, 0x91, 0x41, 0xbe, 0x28 },
3213 .rlen = 32,
3214 }, {
3215 .key = { 0x16, 0xaf, 0x5b, 0x14, 0x5f, 0xc9, 0xf5, 0x79,
3216 0xc1, 0x75, 0xf9, 0x3e, 0x3b, 0xfb, 0x0e, 0xed,
3217 0x86, 0x3d, 0x06, 0xcc, 0xfd, 0xb7, 0x85, 0x15,
3218 0x00, 0x00, 0x00, 0x48 },
3219 .klen = 28,
3220 .iv = { 0x36, 0x73, 0x3c, 0x14, 0x7d, 0x6d, 0x93, 0xcb },
3221 .input = { "Single block msg" },
3222 .ilen = 16,
3223 .result = { 0x4b, 0x55, 0x38, 0x4f, 0xe2, 0x59, 0xc9, 0xc8,
3224 0x4e, 0x79, 0x35, 0xa0, 0x03, 0xcb, 0xe9, 0x28 },
3225 .rlen = 16,
3226 }, {
3227 .key = { 0x7c, 0x5c, 0xb2, 0x40, 0x1b, 0x3d, 0xc3, 0x3c,
3228 0x19, 0xe7, 0x34, 0x08, 0x19, 0xe0, 0xf6, 0x9c,
3229 0x67, 0x8c, 0x3d, 0xb8, 0xe6, 0xf6, 0xa9, 0x1a,
3230 0x00, 0x96, 0xb0, 0x3b },
3231 .klen = 28,
3232 .iv = { 0x02, 0x0c, 0x6e, 0xad, 0xc2, 0xcb, 0x50, 0x0d },
3233 .input = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
3234 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
3235 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
3236 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f },
3237 .ilen = 32,
3238 .result = { 0x45, 0x32, 0x43, 0xfc, 0x60, 0x9b, 0x23, 0x32,
3239 0x7e, 0xdf, 0xaa, 0xfa, 0x71, 0x31, 0xcd, 0x9f,
3240 0x84, 0x90, 0x70, 0x1c, 0x5a, 0xd4, 0xa7, 0x9c,
3241 0xfc, 0x1f, 0xe0, 0xff, 0x42, 0xf4, 0xfb, 0x00 },
3242 .rlen = 32,
3243 }, {
3244 .key = { 0x77, 0x6b, 0xef, 0xf2, 0x85, 0x1d, 0xb0, 0x6f,
3245 0x4c, 0x8a, 0x05, 0x42, 0xc8, 0x69, 0x6f, 0x6c,
3246 0x6a, 0x81, 0xaf, 0x1e, 0xec, 0x96, 0xb4, 0xd3,
3247 0x7f, 0xc1, 0xd6, 0x89, 0xe6, 0xc1, 0xc1, 0x04,
3248 0x00, 0x00, 0x00, 0x60 },
3249 .klen = 36,
3250 .iv = { 0xdb, 0x56, 0x72, 0xc9, 0x7a, 0xa8, 0xf0, 0xb2 },
3251 .input = { "Single block msg" },
3252 .ilen = 16,
3253 .result = { 0x14, 0x5a, 0xd0, 0x1d, 0xbf, 0x82, 0x4e, 0xc7,
3254 0x56, 0x08, 0x63, 0xdc, 0x71, 0xe3, 0xe0, 0xc0 },
3255 .rlen = 16,
3256 }, {
3257 .key = { 0xf6, 0xd6, 0x6d, 0x6b, 0xd5, 0x2d, 0x59, 0xbb,
3258 0x07, 0x96, 0x36, 0x58, 0x79, 0xef, 0xf8, 0x86,
3259 0xc6, 0x6d, 0xd5, 0x1a, 0x5b, 0x6a, 0x99, 0x74,
3260 0x4b, 0x50, 0x59, 0x0c, 0x87, 0xa2, 0x38, 0x84,
3261 0x00, 0xfa, 0xac, 0x24 },
3262 .klen = 36,
3263 .iv = { 0xc1, 0x58, 0x5e, 0xf1, 0x5a, 0x43, 0xd8, 0x75 },
3264 .input = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
3265 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
3266 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
3267 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f },
3268 .ilen = 32,
3269 .result = { 0xf0, 0x5e, 0x23, 0x1b, 0x38, 0x94, 0x61, 0x2c,
3270 0x49, 0xee, 0x00, 0x0b, 0x80, 0x4e, 0xb2, 0xa9,
3271 0xb8, 0x30, 0x6b, 0x50, 0x8f, 0x83, 0x9d, 0x6a,
3272 0x55, 0x30, 0x83, 0x1d, 0x93, 0x44, 0xaf, 0x1c },
3273 .rlen = 32,
3274 },
3275};
3276
3277static struct cipher_testvec aes_ctr_dec_tv_template[] = {
3278 { /* From RFC 3686 */
3279 .key = { 0xae, 0x68, 0x52, 0xf8, 0x12, 0x10, 0x67, 0xcc,
3280 0x4b, 0xf7, 0xa5, 0x76, 0x55, 0x77, 0xf3, 0x9e,
3281 0x00, 0x00, 0x00, 0x30 },
3282 .klen = 20,
3283 .iv = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
3284 .input = { 0xe4, 0x09, 0x5d, 0x4f, 0xb7, 0xa7, 0xb3, 0x79,
3285 0x2d, 0x61, 0x75, 0xa3, 0x26, 0x13, 0x11, 0xb8 },
3286 .ilen = 16,
3287 .result = { "Single block msg" },
3288 .rlen = 16,
3289 }, {
3290 .key = { 0x7e, 0x24, 0x06, 0x78, 0x17, 0xfa, 0xe0, 0xd7,
3291 0x43, 0xd6, 0xce, 0x1f, 0x32, 0x53, 0x91, 0x63,
3292 0x00, 0x6c, 0xb6, 0xdb },
3293 .klen = 20,
3294 .iv = { 0xc0, 0x54, 0x3b, 0x59, 0xda, 0x48, 0xd9, 0x0b },
3295 .input = { 0x51, 0x04, 0xa1, 0x06, 0x16, 0x8a, 0x72, 0xd9,
3296 0x79, 0x0d, 0x41, 0xee, 0x8e, 0xda, 0xd3, 0x88,
3297 0xeb, 0x2e, 0x1e, 0xfc, 0x46, 0xda, 0x57, 0xc8,
3298 0xfc, 0xe6, 0x30, 0xdf, 0x91, 0x41, 0xbe, 0x28 },
3299 .ilen = 32,
3300 .result = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
3301 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
3302 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
3303 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f },
3304 .rlen = 32,
3305 }, {
3306 .key = { 0x16, 0xaf, 0x5b, 0x14, 0x5f, 0xc9, 0xf5, 0x79,
3307 0xc1, 0x75, 0xf9, 0x3e, 0x3b, 0xfb, 0x0e, 0xed,
3308 0x86, 0x3d, 0x06, 0xcc, 0xfd, 0xb7, 0x85, 0x15,
3309 0x00, 0x00, 0x00, 0x48 },
3310 .klen = 28,
3311 .iv = { 0x36, 0x73, 0x3c, 0x14, 0x7d, 0x6d, 0x93, 0xcb },
3312 .input = { 0x4b, 0x55, 0x38, 0x4f, 0xe2, 0x59, 0xc9, 0xc8,
3313 0x4e, 0x79, 0x35, 0xa0, 0x03, 0xcb, 0xe9, 0x28 },
3314 .ilen = 16,
3315 .result = { "Single block msg" },
3316 .rlen = 16,
3317 }, {
3318 .key = { 0x7c, 0x5c, 0xb2, 0x40, 0x1b, 0x3d, 0xc3, 0x3c,
3319 0x19, 0xe7, 0x34, 0x08, 0x19, 0xe0, 0xf6, 0x9c,
3320 0x67, 0x8c, 0x3d, 0xb8, 0xe6, 0xf6, 0xa9, 0x1a,
3321 0x00, 0x96, 0xb0, 0x3b },
3322 .klen = 28,
3323 .iv = { 0x02, 0x0c, 0x6e, 0xad, 0xc2, 0xcb, 0x50, 0x0d },
3324 .input = { 0x45, 0x32, 0x43, 0xfc, 0x60, 0x9b, 0x23, 0x32,
3325 0x7e, 0xdf, 0xaa, 0xfa, 0x71, 0x31, 0xcd, 0x9f,
3326 0x84, 0x90, 0x70, 0x1c, 0x5a, 0xd4, 0xa7, 0x9c,
3327 0xfc, 0x1f, 0xe0, 0xff, 0x42, 0xf4, 0xfb, 0x00 },
3328 .ilen = 32,
3329 .result = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
3330 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
3331 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
3332 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f },
3333 .rlen = 32,
3334 }, {
3335 .key = { 0x77, 0x6b, 0xef, 0xf2, 0x85, 0x1d, 0xb0, 0x6f,
3336 0x4c, 0x8a, 0x05, 0x42, 0xc8, 0x69, 0x6f, 0x6c,
3337 0x6a, 0x81, 0xaf, 0x1e, 0xec, 0x96, 0xb4, 0xd3,
3338 0x7f, 0xc1, 0xd6, 0x89, 0xe6, 0xc1, 0xc1, 0x04,
3339 0x00, 0x00, 0x00, 0x60 },
3340 .klen = 36,
3341 .iv = { 0xdb, 0x56, 0x72, 0xc9, 0x7a, 0xa8, 0xf0, 0xb2 },
3342 .input = { 0x14, 0x5a, 0xd0, 0x1d, 0xbf, 0x82, 0x4e, 0xc7,
3343 0x56, 0x08, 0x63, 0xdc, 0x71, 0xe3, 0xe0, 0xc0 },
3344 .ilen = 16,
3345 .result = { "Single block msg" },
3346 .rlen = 16,
3347 }, {
3348 .key = { 0xf6, 0xd6, 0x6d, 0x6b, 0xd5, 0x2d, 0x59, 0xbb,
3349 0x07, 0x96, 0x36, 0x58, 0x79, 0xef, 0xf8, 0x86,
3350 0xc6, 0x6d, 0xd5, 0x1a, 0x5b, 0x6a, 0x99, 0x74,
3351 0x4b, 0x50, 0x59, 0x0c, 0x87, 0xa2, 0x38, 0x84,
3352 0x00, 0xfa, 0xac, 0x24 },
3353 .klen = 36,
3354 .iv = { 0xc1, 0x58, 0x5e, 0xf1, 0x5a, 0x43, 0xd8, 0x75 },
3355 .input = { 0xf0, 0x5e, 0x23, 0x1b, 0x38, 0x94, 0x61, 0x2c,
3356 0x49, 0xee, 0x00, 0x0b, 0x80, 0x4e, 0xb2, 0xa9,
3357 0xb8, 0x30, 0x6b, 0x50, 0x8f, 0x83, 0x9d, 0x6a,
3358 0x55, 0x30, 0x83, 0x1d, 0x93, 0x44, 0xaf, 0x1c },
3359 .ilen = 32,
3360 .result = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
3361 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
3362 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
3363 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f },
3364 .rlen = 32,
3365 },
3366};
3367
3183/* Cast5 test vectors from RFC 2144 */ 3368/* Cast5 test vectors from RFC 2144 */
3184#define CAST5_ENC_TEST_VECTORS 3 3369#define CAST5_ENC_TEST_VECTORS 3
3185#define CAST5_DEC_TEST_VECTORS 3 3370#define CAST5_DEC_TEST_VECTORS 3