diff options
author | Joy Latten <latten@austin.ibm.com> | 2007-10-22 20:50:32 -0400 |
---|---|---|
committer | Herbert Xu <herbert@gondor.apana.org.au> | 2008-01-10 16:16:01 -0500 |
commit | 23e353c8a681cc30d42fbd4f2c2be85c44fe209b (patch) | |
tree | d64934fa42e3e1e2b3fcccb4e86168a1614e250d | |
parent | 490fe3f05be3f7c87d7932bcb6e6e53e3db2cd9c (diff) |
[CRYPTO] ctr: Add CTR (Counter) block cipher mode
This patch implements CTR mode for IPsec.
It is based off of RFC 3686.
Please note:
1. CTR turns a block cipher into a stream cipher.
Encryption is done in blocks, however the last block
may be a partial block.
A "counter block" is encrypted, creating a keystream
that is xor'ed with the plaintext. The counter portion
of the counter block is incremented after each block
of plaintext is encrypted.
Decryption is performed in same manner.
2. The CTR counterblock is composed of,
nonce + IV + counter
The size of the counterblock is equivalent to the
blocksize of the cipher.
sizeof(nonce) + sizeof(IV) + sizeof(counter) = blocksize
The CTR template requires the name of the cipher
algorithm, the sizeof the nonce, and the sizeof the iv.
ctr(cipher,sizeof_nonce,sizeof_iv)
So for example,
ctr(aes,4,8)
specifies the counterblock will be composed of 4 bytes
from a nonce, 8 bytes from the iv, and 4 bytes for counter
since aes has a blocksize of 16 bytes.
3. The counter portion of the counter block is stored
in big endian for conformance to rfc 3686.
Signed-off-by: Joy Latten <latten@austin.ibm.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-rw-r--r-- | crypto/Kconfig | 9 | ||||
-rw-r--r-- | crypto/Makefile | 1 | ||||
-rw-r--r-- | crypto/ctr.c | 369 | ||||
-rw-r--r-- | crypto/tcrypt.c | 8 | ||||
-rw-r--r-- | crypto/tcrypt.h | 185 |
5 files changed, 572 insertions, 0 deletions
diff --git a/crypto/Kconfig b/crypto/Kconfig index 083d2e1dfc21..1f32071a3068 100644 --- a/crypto/Kconfig +++ b/crypto/Kconfig | |||
@@ -195,6 +195,15 @@ config CRYPTO_XTS | |||
195 | key size 256, 384 or 512 bits. This implementation currently | 195 | key size 256, 384 or 512 bits. This implementation currently |
196 | can't handle a sectorsize which is not a multiple of 16 bytes. | 196 | can't handle a sectorsize which is not a multiple of 16 bytes. |
197 | 197 | ||
198 | config CRYPTO_CTR | ||
199 | tristate "CTR support" | ||
200 | select CRYPTO_BLKCIPHER | ||
201 | select CRYPTO_MANAGER | ||
202 | default m | ||
203 | help | ||
204 | CTR: Counter mode | ||
205 | This block cipher algorithm is required for IPSec. | ||
206 | |||
198 | config CRYPTO_CRYPTD | 207 | config CRYPTO_CRYPTD |
199 | tristate "Software async crypto daemon" | 208 | tristate "Software async crypto daemon" |
200 | select CRYPTO_ABLKCIPHER | 209 | select CRYPTO_ABLKCIPHER |
diff --git a/crypto/Makefile b/crypto/Makefile index 43c2a0dc9936..1f87db2e45b9 100644 --- a/crypto/Makefile +++ b/crypto/Makefile | |||
@@ -32,6 +32,7 @@ obj-$(CONFIG_CRYPTO_CBC) += cbc.o | |||
32 | obj-$(CONFIG_CRYPTO_PCBC) += pcbc.o | 32 | obj-$(CONFIG_CRYPTO_PCBC) += pcbc.o |
33 | obj-$(CONFIG_CRYPTO_LRW) += lrw.o | 33 | obj-$(CONFIG_CRYPTO_LRW) += lrw.o |
34 | obj-$(CONFIG_CRYPTO_XTS) += xts.o | 34 | obj-$(CONFIG_CRYPTO_XTS) += xts.o |
35 | obj-$(CONFIG_CRYPTO_CTR) += ctr.o | ||
35 | obj-$(CONFIG_CRYPTO_CRYPTD) += cryptd.o | 36 | obj-$(CONFIG_CRYPTO_CRYPTD) += cryptd.o |
36 | obj-$(CONFIG_CRYPTO_DES) += des_generic.o | 37 | obj-$(CONFIG_CRYPTO_DES) += des_generic.o |
37 | obj-$(CONFIG_CRYPTO_FCRYPT) += fcrypt.o | 38 | obj-$(CONFIG_CRYPTO_FCRYPT) += fcrypt.o |
diff --git a/crypto/ctr.c b/crypto/ctr.c new file mode 100644 index 000000000000..810d5ec2d5d2 --- /dev/null +++ b/crypto/ctr.c | |||
@@ -0,0 +1,369 @@ | |||
1 | /* | ||
2 | * CTR: Counter mode | ||
3 | * | ||
4 | * (C) Copyright IBM Corp. 2007 - Joy Latten <latten@us.ibm.com> | ||
5 | * | ||
6 | * This program is free software; you can redistribute it and/or modify it | ||
7 | * under the terms of the GNU General Public License as published by the Free | ||
8 | * Software Foundation; either version 2 of the License, or (at your option) | ||
9 | * any later version. | ||
10 | * | ||
11 | */ | ||
12 | |||
13 | #include <crypto/algapi.h> | ||
14 | #include <linux/err.h> | ||
15 | #include <linux/init.h> | ||
16 | #include <linux/kernel.h> | ||
17 | #include <linux/module.h> | ||
18 | #include <linux/random.h> | ||
19 | #include <linux/scatterlist.h> | ||
20 | #include <linux/slab.h> | ||
21 | |||
22 | struct ctr_instance_ctx { | ||
23 | struct crypto_spawn alg; | ||
24 | unsigned int noncesize; | ||
25 | unsigned int ivsize; | ||
26 | }; | ||
27 | |||
28 | struct crypto_ctr_ctx { | ||
29 | struct crypto_cipher *child; | ||
30 | u8 *nonce; | ||
31 | }; | ||
32 | |||
33 | static inline void __ctr_inc_byte(u8 *a, unsigned int size) | ||
34 | { | ||
35 | u8 *b = (a + size); | ||
36 | u8 c; | ||
37 | |||
38 | for (; size; size--) { | ||
39 | c = *--b + 1; | ||
40 | *b = c; | ||
41 | if (c) | ||
42 | break; | ||
43 | } | ||
44 | } | ||
45 | |||
46 | static void ctr_inc_quad(u8 *a, unsigned int size) | ||
47 | { | ||
48 | __be32 *b = (__be32 *)(a + size); | ||
49 | u32 c; | ||
50 | |||
51 | for (; size >= 4; size -=4) { | ||
52 | c = be32_to_cpu(*--b) + 1; | ||
53 | *b = cpu_to_be32(c); | ||
54 | if (c) | ||
55 | return; | ||
56 | } | ||
57 | |||
58 | __ctr_inc_byte(a, size); | ||
59 | } | ||
60 | |||
61 | static void xor_byte(u8 *a, const u8 *b, unsigned int bs) | ||
62 | { | ||
63 | for (; bs; bs--) | ||
64 | *a++ ^= *b++; | ||
65 | } | ||
66 | |||
67 | static void xor_quad(u8 *dst, const u8 *src, unsigned int bs) | ||
68 | { | ||
69 | u32 *a = (u32 *)dst; | ||
70 | u32 *b = (u32 *)src; | ||
71 | |||
72 | for (; bs >= 4; bs -= 4) | ||
73 | *a++ ^= *b++; | ||
74 | |||
75 | xor_byte((u8 *)a, (u8 *)b, bs); | ||
76 | } | ||
77 | |||
78 | static int crypto_ctr_setkey(struct crypto_tfm *parent, const u8 *key, | ||
79 | unsigned int keylen) | ||
80 | { | ||
81 | struct crypto_ctr_ctx *ctx = crypto_tfm_ctx(parent); | ||
82 | struct crypto_cipher *child = ctx->child; | ||
83 | struct ctr_instance_ctx *ictx = | ||
84 | crypto_instance_ctx(crypto_tfm_alg_instance(parent)); | ||
85 | unsigned int noncelen = ictx->noncesize; | ||
86 | int err = 0; | ||
87 | |||
88 | /* the nonce is stored in bytes at end of key */ | ||
89 | if (keylen < noncelen) | ||
90 | return -EINVAL; | ||
91 | |||
92 | memcpy(ctx->nonce, key + (keylen - noncelen), noncelen); | ||
93 | |||
94 | keylen -= noncelen; | ||
95 | |||
96 | crypto_cipher_clear_flags(child, CRYPTO_TFM_REQ_MASK); | ||
97 | crypto_cipher_set_flags(child, crypto_tfm_get_flags(parent) & | ||
98 | CRYPTO_TFM_REQ_MASK); | ||
99 | err = crypto_cipher_setkey(child, key, keylen); | ||
100 | crypto_tfm_set_flags(parent, crypto_cipher_get_flags(child) & | ||
101 | CRYPTO_TFM_RES_MASK); | ||
102 | |||
103 | return err; | ||
104 | } | ||
105 | |||
106 | static int crypto_ctr_crypt_segment(struct blkcipher_walk *walk, | ||
107 | struct crypto_cipher *tfm, u8 *ctrblk, | ||
108 | unsigned int countersize) | ||
109 | { | ||
110 | void (*fn)(struct crypto_tfm *, u8 *, const u8 *) = | ||
111 | crypto_cipher_alg(tfm)->cia_encrypt; | ||
112 | unsigned int bsize = crypto_cipher_blocksize(tfm); | ||
113 | unsigned long alignmask = crypto_cipher_alignmask(tfm); | ||
114 | u8 ks[bsize + alignmask]; | ||
115 | u8 *keystream = (u8 *)ALIGN((unsigned long)ks, alignmask + 1); | ||
116 | u8 *src = walk->src.virt.addr; | ||
117 | u8 *dst = walk->dst.virt.addr; | ||
118 | unsigned int nbytes = walk->nbytes; | ||
119 | |||
120 | do { | ||
121 | /* create keystream */ | ||
122 | fn(crypto_cipher_tfm(tfm), keystream, ctrblk); | ||
123 | xor_quad(keystream, src, min(nbytes, bsize)); | ||
124 | |||
125 | /* copy result into dst */ | ||
126 | memcpy(dst, keystream, min(nbytes, bsize)); | ||
127 | |||
128 | /* increment counter in counterblock */ | ||
129 | ctr_inc_quad(ctrblk + (bsize - countersize), countersize); | ||
130 | |||
131 | if (nbytes < bsize) | ||
132 | break; | ||
133 | |||
134 | src += bsize; | ||
135 | dst += bsize; | ||
136 | nbytes -= bsize; | ||
137 | |||
138 | } while (nbytes); | ||
139 | |||
140 | return 0; | ||
141 | } | ||
142 | |||
143 | static int crypto_ctr_crypt_inplace(struct blkcipher_walk *walk, | ||
144 | struct crypto_cipher *tfm, u8 *ctrblk, | ||
145 | unsigned int countersize) | ||
146 | { | ||
147 | void (*fn)(struct crypto_tfm *, u8 *, const u8 *) = | ||
148 | crypto_cipher_alg(tfm)->cia_encrypt; | ||
149 | unsigned int bsize = crypto_cipher_blocksize(tfm); | ||
150 | unsigned long alignmask = crypto_cipher_alignmask(tfm); | ||
151 | unsigned int nbytes = walk->nbytes; | ||
152 | u8 *src = walk->src.virt.addr; | ||
153 | u8 ks[bsize + alignmask]; | ||
154 | u8 *keystream = (u8 *)ALIGN((unsigned long)ks, alignmask + 1); | ||
155 | |||
156 | do { | ||
157 | /* create keystream */ | ||
158 | fn(crypto_cipher_tfm(tfm), keystream, ctrblk); | ||
159 | xor_quad(src, keystream, min(nbytes, bsize)); | ||
160 | |||
161 | /* increment counter in counterblock */ | ||
162 | ctr_inc_quad(ctrblk + (bsize - countersize), countersize); | ||
163 | |||
164 | if (nbytes < bsize) | ||
165 | break; | ||
166 | |||
167 | src += bsize; | ||
168 | nbytes -= bsize; | ||
169 | |||
170 | } while (nbytes); | ||
171 | |||
172 | return 0; | ||
173 | } | ||
174 | |||
175 | static int crypto_ctr_crypt(struct blkcipher_desc *desc, | ||
176 | struct scatterlist *dst, struct scatterlist *src, | ||
177 | unsigned int nbytes) | ||
178 | { | ||
179 | struct blkcipher_walk walk; | ||
180 | struct crypto_blkcipher *tfm = desc->tfm; | ||
181 | struct crypto_ctr_ctx *ctx = crypto_blkcipher_ctx(tfm); | ||
182 | struct crypto_cipher *child = ctx->child; | ||
183 | unsigned int bsize = crypto_cipher_blocksize(child); | ||
184 | struct ctr_instance_ctx *ictx = | ||
185 | crypto_instance_ctx(crypto_tfm_alg_instance(&tfm->base)); | ||
186 | unsigned long alignmask = crypto_cipher_alignmask(child); | ||
187 | u8 cblk[bsize + alignmask]; | ||
188 | u8 *counterblk = (u8 *)ALIGN((unsigned long)cblk, alignmask + 1); | ||
189 | unsigned int countersize; | ||
190 | int err; | ||
191 | |||
192 | blkcipher_walk_init(&walk, dst, src, nbytes); | ||
193 | err = blkcipher_walk_virt_block(desc, &walk, bsize); | ||
194 | |||
195 | /* set up counter block */ | ||
196 | memset(counterblk, 0 , bsize); | ||
197 | memcpy(counterblk, ctx->nonce, ictx->noncesize); | ||
198 | memcpy(counterblk + ictx->noncesize, walk.iv, ictx->ivsize); | ||
199 | |||
200 | /* initialize counter portion of counter block */ | ||
201 | countersize = bsize - ictx->noncesize - ictx->ivsize; | ||
202 | ctr_inc_quad(counterblk + (bsize - countersize), countersize); | ||
203 | |||
204 | while (walk.nbytes) { | ||
205 | if (walk.src.virt.addr == walk.dst.virt.addr) | ||
206 | nbytes = crypto_ctr_crypt_inplace(&walk, child, | ||
207 | counterblk, | ||
208 | countersize); | ||
209 | else | ||
210 | nbytes = crypto_ctr_crypt_segment(&walk, child, | ||
211 | counterblk, | ||
212 | countersize); | ||
213 | |||
214 | err = blkcipher_walk_done(desc, &walk, nbytes); | ||
215 | } | ||
216 | return err; | ||
217 | } | ||
218 | |||
219 | static int crypto_ctr_init_tfm(struct crypto_tfm *tfm) | ||
220 | { | ||
221 | struct crypto_instance *inst = (void *)tfm->__crt_alg; | ||
222 | struct ctr_instance_ctx *ictx = crypto_instance_ctx(inst); | ||
223 | struct crypto_ctr_ctx *ctx = crypto_tfm_ctx(tfm); | ||
224 | struct crypto_cipher *cipher; | ||
225 | |||
226 | ctx->nonce = kzalloc(ictx->noncesize, GFP_KERNEL); | ||
227 | if (!ctx->nonce) | ||
228 | return -ENOMEM; | ||
229 | |||
230 | cipher = crypto_spawn_cipher(&ictx->alg); | ||
231 | if (IS_ERR(cipher)) | ||
232 | return PTR_ERR(cipher); | ||
233 | |||
234 | ctx->child = cipher; | ||
235 | |||
236 | return 0; | ||
237 | } | ||
238 | |||
239 | static void crypto_ctr_exit_tfm(struct crypto_tfm *tfm) | ||
240 | { | ||
241 | struct crypto_ctr_ctx *ctx = crypto_tfm_ctx(tfm); | ||
242 | |||
243 | kfree(ctx->nonce); | ||
244 | crypto_free_cipher(ctx->child); | ||
245 | } | ||
246 | |||
247 | static struct crypto_instance *crypto_ctr_alloc(struct rtattr **tb) | ||
248 | { | ||
249 | struct crypto_instance *inst; | ||
250 | struct crypto_alg *alg; | ||
251 | struct ctr_instance_ctx *ictx; | ||
252 | unsigned int noncesize; | ||
253 | unsigned int ivsize; | ||
254 | int err; | ||
255 | |||
256 | err = crypto_check_attr_type(tb, CRYPTO_ALG_TYPE_BLKCIPHER); | ||
257 | if (err) | ||
258 | return ERR_PTR(err); | ||
259 | |||
260 | alg = crypto_attr_alg(tb[1], CRYPTO_ALG_TYPE_CIPHER, | ||
261 | CRYPTO_ALG_TYPE_MASK); | ||
262 | if (IS_ERR(alg)) | ||
263 | return ERR_PTR(PTR_ERR(alg)); | ||
264 | |||
265 | err = crypto_attr_u32(tb[2], &noncesize); | ||
266 | if (err) | ||
267 | goto out_put_alg; | ||
268 | |||
269 | err = crypto_attr_u32(tb[3], &ivsize); | ||
270 | if (err) | ||
271 | goto out_put_alg; | ||
272 | |||
273 | /* verify size of nonce + iv + counter */ | ||
274 | err = -EINVAL; | ||
275 | if ((noncesize + ivsize) >= alg->cra_blocksize) | ||
276 | goto out_put_alg; | ||
277 | |||
278 | inst = kzalloc(sizeof(*inst) + sizeof(*ictx), GFP_KERNEL); | ||
279 | err = -ENOMEM; | ||
280 | if (!inst) | ||
281 | goto out_put_alg; | ||
282 | |||
283 | err = -ENAMETOOLONG; | ||
284 | if (snprintf(inst->alg.cra_name, CRYPTO_MAX_ALG_NAME, | ||
285 | "ctr(%s,%u,%u)", alg->cra_name, noncesize, | ||
286 | ivsize) >= CRYPTO_MAX_ALG_NAME) { | ||
287 | goto err_free_inst; | ||
288 | } | ||
289 | |||
290 | if (snprintf(inst->alg.cra_driver_name, CRYPTO_MAX_ALG_NAME, | ||
291 | "ctr(%s,%u,%u)", alg->cra_driver_name, noncesize, | ||
292 | ivsize) >= CRYPTO_MAX_ALG_NAME) { | ||
293 | goto err_free_inst; | ||
294 | } | ||
295 | |||
296 | ictx = crypto_instance_ctx(inst); | ||
297 | ictx->noncesize = noncesize; | ||
298 | ictx->ivsize = ivsize; | ||
299 | |||
300 | err = crypto_init_spawn(&ictx->alg, alg, inst, | ||
301 | CRYPTO_ALG_TYPE_MASK | CRYPTO_ALG_ASYNC); | ||
302 | if (err) | ||
303 | goto err_free_inst; | ||
304 | |||
305 | err = 0; | ||
306 | inst->alg.cra_flags = CRYPTO_ALG_TYPE_BLKCIPHER; | ||
307 | inst->alg.cra_priority = alg->cra_priority; | ||
308 | inst->alg.cra_blocksize = 1; | ||
309 | inst->alg.cra_alignmask = 3; | ||
310 | inst->alg.cra_type = &crypto_blkcipher_type; | ||
311 | |||
312 | inst->alg.cra_blkcipher.ivsize = ivsize; | ||
313 | inst->alg.cra_blkcipher.min_keysize = alg->cra_cipher.cia_min_keysize | ||
314 | + noncesize; | ||
315 | inst->alg.cra_blkcipher.max_keysize = alg->cra_cipher.cia_max_keysize | ||
316 | + noncesize; | ||
317 | |||
318 | inst->alg.cra_ctxsize = sizeof(struct crypto_ctr_ctx); | ||
319 | |||
320 | inst->alg.cra_init = crypto_ctr_init_tfm; | ||
321 | inst->alg.cra_exit = crypto_ctr_exit_tfm; | ||
322 | |||
323 | inst->alg.cra_blkcipher.setkey = crypto_ctr_setkey; | ||
324 | inst->alg.cra_blkcipher.encrypt = crypto_ctr_crypt; | ||
325 | inst->alg.cra_blkcipher.decrypt = crypto_ctr_crypt; | ||
326 | |||
327 | err_free_inst: | ||
328 | if (err) | ||
329 | kfree(inst); | ||
330 | |||
331 | out_put_alg: | ||
332 | crypto_mod_put(alg); | ||
333 | |||
334 | if (err) | ||
335 | inst = ERR_PTR(err); | ||
336 | |||
337 | return inst; | ||
338 | } | ||
339 | |||
340 | static void crypto_ctr_free(struct crypto_instance *inst) | ||
341 | { | ||
342 | struct ctr_instance_ctx *ictx = crypto_instance_ctx(inst); | ||
343 | |||
344 | crypto_drop_spawn(&ictx->alg); | ||
345 | kfree(inst); | ||
346 | } | ||
347 | |||
348 | static struct crypto_template crypto_ctr_tmpl = { | ||
349 | .name = "ctr", | ||
350 | .alloc = crypto_ctr_alloc, | ||
351 | .free = crypto_ctr_free, | ||
352 | .module = THIS_MODULE, | ||
353 | }; | ||
354 | |||
355 | static int __init crypto_ctr_module_init(void) | ||
356 | { | ||
357 | return crypto_register_template(&crypto_ctr_tmpl); | ||
358 | } | ||
359 | |||
360 | static void __exit crypto_ctr_module_exit(void) | ||
361 | { | ||
362 | crypto_unregister_template(&crypto_ctr_tmpl); | ||
363 | } | ||
364 | |||
365 | module_init(crypto_ctr_module_init); | ||
366 | module_exit(crypto_ctr_module_exit); | ||
367 | |||
368 | MODULE_LICENSE("GPL"); | ||
369 | MODULE_DESCRIPTION("CTR Counter block mode"); | ||
diff --git a/crypto/tcrypt.c b/crypto/tcrypt.c index 24141fb6f5cb..640cbcad32a1 100644 --- a/crypto/tcrypt.c +++ b/crypto/tcrypt.c | |||
@@ -969,6 +969,10 @@ static void do_test(void) | |||
969 | AES_XTS_ENC_TEST_VECTORS); | 969 | AES_XTS_ENC_TEST_VECTORS); |
970 | test_cipher("xts(aes)", DECRYPT, aes_xts_dec_tv_template, | 970 | test_cipher("xts(aes)", DECRYPT, aes_xts_dec_tv_template, |
971 | AES_XTS_DEC_TEST_VECTORS); | 971 | AES_XTS_DEC_TEST_VECTORS); |
972 | test_cipher("ctr(aes,4,8)", ENCRYPT, aes_ctr_enc_tv_template, | ||
973 | AES_CTR_ENC_TEST_VECTORS); | ||
974 | test_cipher("ctr(aes,4,8)", DECRYPT, aes_ctr_dec_tv_template, | ||
975 | AES_CTR_DEC_TEST_VECTORS); | ||
972 | 976 | ||
973 | //CAST5 | 977 | //CAST5 |
974 | test_cipher("ecb(cast5)", ENCRYPT, cast5_enc_tv_template, | 978 | test_cipher("ecb(cast5)", ENCRYPT, cast5_enc_tv_template, |
@@ -1156,6 +1160,10 @@ static void do_test(void) | |||
1156 | AES_XTS_ENC_TEST_VECTORS); | 1160 | AES_XTS_ENC_TEST_VECTORS); |
1157 | test_cipher("xts(aes)", DECRYPT, aes_xts_dec_tv_template, | 1161 | test_cipher("xts(aes)", DECRYPT, aes_xts_dec_tv_template, |
1158 | AES_XTS_DEC_TEST_VECTORS); | 1162 | AES_XTS_DEC_TEST_VECTORS); |
1163 | test_cipher("ctr(aes,4,8)", ENCRYPT, aes_ctr_enc_tv_template, | ||
1164 | AES_CTR_ENC_TEST_VECTORS); | ||
1165 | test_cipher("ctr(aes,4,8)", DECRYPT, aes_ctr_dec_tv_template, | ||
1166 | AES_CTR_DEC_TEST_VECTORS); | ||
1159 | break; | 1167 | break; |
1160 | 1168 | ||
1161 | case 11: | 1169 | case 11: |
diff --git a/crypto/tcrypt.h b/crypto/tcrypt.h index ec861388d9a0..f7f9b2379270 100644 --- a/crypto/tcrypt.h +++ b/crypto/tcrypt.h | |||
@@ -2146,6 +2146,8 @@ static struct cipher_testvec cast6_dec_tv_template[] = { | |||
2146 | #define AES_LRW_DEC_TEST_VECTORS 8 | 2146 | #define AES_LRW_DEC_TEST_VECTORS 8 |
2147 | #define AES_XTS_ENC_TEST_VECTORS 4 | 2147 | #define AES_XTS_ENC_TEST_VECTORS 4 |
2148 | #define AES_XTS_DEC_TEST_VECTORS 4 | 2148 | #define AES_XTS_DEC_TEST_VECTORS 4 |
2149 | #define AES_CTR_ENC_TEST_VECTORS 6 | ||
2150 | #define AES_CTR_DEC_TEST_VECTORS 6 | ||
2149 | 2151 | ||
2150 | static struct cipher_testvec aes_enc_tv_template[] = { | 2152 | static struct cipher_testvec aes_enc_tv_template[] = { |
2151 | { /* From FIPS-197 */ | 2153 | { /* From FIPS-197 */ |
@@ -3180,6 +3182,189 @@ static struct cipher_testvec aes_xts_dec_tv_template[] = { | |||
3180 | } | 3182 | } |
3181 | }; | 3183 | }; |
3182 | 3184 | ||
3185 | |||
3186 | static struct cipher_testvec aes_ctr_enc_tv_template[] = { | ||
3187 | { /* From RFC 3686 */ | ||
3188 | .key = { 0xae, 0x68, 0x52, 0xf8, 0x12, 0x10, 0x67, 0xcc, | ||
3189 | 0x4b, 0xf7, 0xa5, 0x76, 0x55, 0x77, 0xf3, 0x9e, | ||
3190 | 0x00, 0x00, 0x00, 0x30 }, | ||
3191 | .klen = 20, | ||
3192 | .iv = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, | ||
3193 | .input = { "Single block msg" }, | ||
3194 | .ilen = 16, | ||
3195 | .result = { 0xe4, 0x09, 0x5d, 0x4f, 0xb7, 0xa7, 0xb3, 0x79, | ||
3196 | 0x2d, 0x61, 0x75, 0xa3, 0x26, 0x13, 0x11, 0xb8 }, | ||
3197 | .rlen = 16, | ||
3198 | }, { | ||
3199 | .key = { 0x7e, 0x24, 0x06, 0x78, 0x17, 0xfa, 0xe0, 0xd7, | ||
3200 | 0x43, 0xd6, 0xce, 0x1f, 0x32, 0x53, 0x91, 0x63, | ||
3201 | 0x00, 0x6c, 0xb6, 0xdb }, | ||
3202 | .klen = 20, | ||
3203 | .iv = { 0xc0, 0x54, 0x3b, 0x59, 0xda, 0x48, 0xd9, 0x0b }, | ||
3204 | .input = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, | ||
3205 | 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, | ||
3206 | 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, | ||
3207 | 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f }, | ||
3208 | .ilen = 32, | ||
3209 | .result = { 0x51, 0x04, 0xa1, 0x06, 0x16, 0x8a, 0x72, 0xd9, | ||
3210 | 0x79, 0x0d, 0x41, 0xee, 0x8e, 0xda, 0xd3, 0x88, | ||
3211 | 0xeb, 0x2e, 0x1e, 0xfc, 0x46, 0xda, 0x57, 0xc8, | ||
3212 | 0xfc, 0xe6, 0x30, 0xdf, 0x91, 0x41, 0xbe, 0x28 }, | ||
3213 | .rlen = 32, | ||
3214 | }, { | ||
3215 | .key = { 0x16, 0xaf, 0x5b, 0x14, 0x5f, 0xc9, 0xf5, 0x79, | ||
3216 | 0xc1, 0x75, 0xf9, 0x3e, 0x3b, 0xfb, 0x0e, 0xed, | ||
3217 | 0x86, 0x3d, 0x06, 0xcc, 0xfd, 0xb7, 0x85, 0x15, | ||
3218 | 0x00, 0x00, 0x00, 0x48 }, | ||
3219 | .klen = 28, | ||
3220 | .iv = { 0x36, 0x73, 0x3c, 0x14, 0x7d, 0x6d, 0x93, 0xcb }, | ||
3221 | .input = { "Single block msg" }, | ||
3222 | .ilen = 16, | ||
3223 | .result = { 0x4b, 0x55, 0x38, 0x4f, 0xe2, 0x59, 0xc9, 0xc8, | ||
3224 | 0x4e, 0x79, 0x35, 0xa0, 0x03, 0xcb, 0xe9, 0x28 }, | ||
3225 | .rlen = 16, | ||
3226 | }, { | ||
3227 | .key = { 0x7c, 0x5c, 0xb2, 0x40, 0x1b, 0x3d, 0xc3, 0x3c, | ||
3228 | 0x19, 0xe7, 0x34, 0x08, 0x19, 0xe0, 0xf6, 0x9c, | ||
3229 | 0x67, 0x8c, 0x3d, 0xb8, 0xe6, 0xf6, 0xa9, 0x1a, | ||
3230 | 0x00, 0x96, 0xb0, 0x3b }, | ||
3231 | .klen = 28, | ||
3232 | .iv = { 0x02, 0x0c, 0x6e, 0xad, 0xc2, 0xcb, 0x50, 0x0d }, | ||
3233 | .input = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, | ||
3234 | 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, | ||
3235 | 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, | ||
3236 | 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f }, | ||
3237 | .ilen = 32, | ||
3238 | .result = { 0x45, 0x32, 0x43, 0xfc, 0x60, 0x9b, 0x23, 0x32, | ||
3239 | 0x7e, 0xdf, 0xaa, 0xfa, 0x71, 0x31, 0xcd, 0x9f, | ||
3240 | 0x84, 0x90, 0x70, 0x1c, 0x5a, 0xd4, 0xa7, 0x9c, | ||
3241 | 0xfc, 0x1f, 0xe0, 0xff, 0x42, 0xf4, 0xfb, 0x00 }, | ||
3242 | .rlen = 32, | ||
3243 | }, { | ||
3244 | .key = { 0x77, 0x6b, 0xef, 0xf2, 0x85, 0x1d, 0xb0, 0x6f, | ||
3245 | 0x4c, 0x8a, 0x05, 0x42, 0xc8, 0x69, 0x6f, 0x6c, | ||
3246 | 0x6a, 0x81, 0xaf, 0x1e, 0xec, 0x96, 0xb4, 0xd3, | ||
3247 | 0x7f, 0xc1, 0xd6, 0x89, 0xe6, 0xc1, 0xc1, 0x04, | ||
3248 | 0x00, 0x00, 0x00, 0x60 }, | ||
3249 | .klen = 36, | ||
3250 | .iv = { 0xdb, 0x56, 0x72, 0xc9, 0x7a, 0xa8, 0xf0, 0xb2 }, | ||
3251 | .input = { "Single block msg" }, | ||
3252 | .ilen = 16, | ||
3253 | .result = { 0x14, 0x5a, 0xd0, 0x1d, 0xbf, 0x82, 0x4e, 0xc7, | ||
3254 | 0x56, 0x08, 0x63, 0xdc, 0x71, 0xe3, 0xe0, 0xc0 }, | ||
3255 | .rlen = 16, | ||
3256 | }, { | ||
3257 | .key = { 0xf6, 0xd6, 0x6d, 0x6b, 0xd5, 0x2d, 0x59, 0xbb, | ||
3258 | 0x07, 0x96, 0x36, 0x58, 0x79, 0xef, 0xf8, 0x86, | ||
3259 | 0xc6, 0x6d, 0xd5, 0x1a, 0x5b, 0x6a, 0x99, 0x74, | ||
3260 | 0x4b, 0x50, 0x59, 0x0c, 0x87, 0xa2, 0x38, 0x84, | ||
3261 | 0x00, 0xfa, 0xac, 0x24 }, | ||
3262 | .klen = 36, | ||
3263 | .iv = { 0xc1, 0x58, 0x5e, 0xf1, 0x5a, 0x43, 0xd8, 0x75 }, | ||
3264 | .input = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, | ||
3265 | 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, | ||
3266 | 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, | ||
3267 | 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f }, | ||
3268 | .ilen = 32, | ||
3269 | .result = { 0xf0, 0x5e, 0x23, 0x1b, 0x38, 0x94, 0x61, 0x2c, | ||
3270 | 0x49, 0xee, 0x00, 0x0b, 0x80, 0x4e, 0xb2, 0xa9, | ||
3271 | 0xb8, 0x30, 0x6b, 0x50, 0x8f, 0x83, 0x9d, 0x6a, | ||
3272 | 0x55, 0x30, 0x83, 0x1d, 0x93, 0x44, 0xaf, 0x1c }, | ||
3273 | .rlen = 32, | ||
3274 | }, | ||
3275 | }; | ||
3276 | |||
3277 | static struct cipher_testvec aes_ctr_dec_tv_template[] = { | ||
3278 | { /* From RFC 3686 */ | ||
3279 | .key = { 0xae, 0x68, 0x52, 0xf8, 0x12, 0x10, 0x67, 0xcc, | ||
3280 | 0x4b, 0xf7, 0xa5, 0x76, 0x55, 0x77, 0xf3, 0x9e, | ||
3281 | 0x00, 0x00, 0x00, 0x30 }, | ||
3282 | .klen = 20, | ||
3283 | .iv = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, | ||
3284 | .input = { 0xe4, 0x09, 0x5d, 0x4f, 0xb7, 0xa7, 0xb3, 0x79, | ||
3285 | 0x2d, 0x61, 0x75, 0xa3, 0x26, 0x13, 0x11, 0xb8 }, | ||
3286 | .ilen = 16, | ||
3287 | .result = { "Single block msg" }, | ||
3288 | .rlen = 16, | ||
3289 | }, { | ||
3290 | .key = { 0x7e, 0x24, 0x06, 0x78, 0x17, 0xfa, 0xe0, 0xd7, | ||
3291 | 0x43, 0xd6, 0xce, 0x1f, 0x32, 0x53, 0x91, 0x63, | ||
3292 | 0x00, 0x6c, 0xb6, 0xdb }, | ||
3293 | .klen = 20, | ||
3294 | .iv = { 0xc0, 0x54, 0x3b, 0x59, 0xda, 0x48, 0xd9, 0x0b }, | ||
3295 | .input = { 0x51, 0x04, 0xa1, 0x06, 0x16, 0x8a, 0x72, 0xd9, | ||
3296 | 0x79, 0x0d, 0x41, 0xee, 0x8e, 0xda, 0xd3, 0x88, | ||
3297 | 0xeb, 0x2e, 0x1e, 0xfc, 0x46, 0xda, 0x57, 0xc8, | ||
3298 | 0xfc, 0xe6, 0x30, 0xdf, 0x91, 0x41, 0xbe, 0x28 }, | ||
3299 | .ilen = 32, | ||
3300 | .result = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, | ||
3301 | 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, | ||
3302 | 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, | ||
3303 | 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f }, | ||
3304 | .rlen = 32, | ||
3305 | }, { | ||
3306 | .key = { 0x16, 0xaf, 0x5b, 0x14, 0x5f, 0xc9, 0xf5, 0x79, | ||
3307 | 0xc1, 0x75, 0xf9, 0x3e, 0x3b, 0xfb, 0x0e, 0xed, | ||
3308 | 0x86, 0x3d, 0x06, 0xcc, 0xfd, 0xb7, 0x85, 0x15, | ||
3309 | 0x00, 0x00, 0x00, 0x48 }, | ||
3310 | .klen = 28, | ||
3311 | .iv = { 0x36, 0x73, 0x3c, 0x14, 0x7d, 0x6d, 0x93, 0xcb }, | ||
3312 | .input = { 0x4b, 0x55, 0x38, 0x4f, 0xe2, 0x59, 0xc9, 0xc8, | ||
3313 | 0x4e, 0x79, 0x35, 0xa0, 0x03, 0xcb, 0xe9, 0x28 }, | ||
3314 | .ilen = 16, | ||
3315 | .result = { "Single block msg" }, | ||
3316 | .rlen = 16, | ||
3317 | }, { | ||
3318 | .key = { 0x7c, 0x5c, 0xb2, 0x40, 0x1b, 0x3d, 0xc3, 0x3c, | ||
3319 | 0x19, 0xe7, 0x34, 0x08, 0x19, 0xe0, 0xf6, 0x9c, | ||
3320 | 0x67, 0x8c, 0x3d, 0xb8, 0xe6, 0xf6, 0xa9, 0x1a, | ||
3321 | 0x00, 0x96, 0xb0, 0x3b }, | ||
3322 | .klen = 28, | ||
3323 | .iv = { 0x02, 0x0c, 0x6e, 0xad, 0xc2, 0xcb, 0x50, 0x0d }, | ||
3324 | .input = { 0x45, 0x32, 0x43, 0xfc, 0x60, 0x9b, 0x23, 0x32, | ||
3325 | 0x7e, 0xdf, 0xaa, 0xfa, 0x71, 0x31, 0xcd, 0x9f, | ||
3326 | 0x84, 0x90, 0x70, 0x1c, 0x5a, 0xd4, 0xa7, 0x9c, | ||
3327 | 0xfc, 0x1f, 0xe0, 0xff, 0x42, 0xf4, 0xfb, 0x00 }, | ||
3328 | .ilen = 32, | ||
3329 | .result = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, | ||
3330 | 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, | ||
3331 | 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, | ||
3332 | 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f }, | ||
3333 | .rlen = 32, | ||
3334 | }, { | ||
3335 | .key = { 0x77, 0x6b, 0xef, 0xf2, 0x85, 0x1d, 0xb0, 0x6f, | ||
3336 | 0x4c, 0x8a, 0x05, 0x42, 0xc8, 0x69, 0x6f, 0x6c, | ||
3337 | 0x6a, 0x81, 0xaf, 0x1e, 0xec, 0x96, 0xb4, 0xd3, | ||
3338 | 0x7f, 0xc1, 0xd6, 0x89, 0xe6, 0xc1, 0xc1, 0x04, | ||
3339 | 0x00, 0x00, 0x00, 0x60 }, | ||
3340 | .klen = 36, | ||
3341 | .iv = { 0xdb, 0x56, 0x72, 0xc9, 0x7a, 0xa8, 0xf0, 0xb2 }, | ||
3342 | .input = { 0x14, 0x5a, 0xd0, 0x1d, 0xbf, 0x82, 0x4e, 0xc7, | ||
3343 | 0x56, 0x08, 0x63, 0xdc, 0x71, 0xe3, 0xe0, 0xc0 }, | ||
3344 | .ilen = 16, | ||
3345 | .result = { "Single block msg" }, | ||
3346 | .rlen = 16, | ||
3347 | }, { | ||
3348 | .key = { 0xf6, 0xd6, 0x6d, 0x6b, 0xd5, 0x2d, 0x59, 0xbb, | ||
3349 | 0x07, 0x96, 0x36, 0x58, 0x79, 0xef, 0xf8, 0x86, | ||
3350 | 0xc6, 0x6d, 0xd5, 0x1a, 0x5b, 0x6a, 0x99, 0x74, | ||
3351 | 0x4b, 0x50, 0x59, 0x0c, 0x87, 0xa2, 0x38, 0x84, | ||
3352 | 0x00, 0xfa, 0xac, 0x24 }, | ||
3353 | .klen = 36, | ||
3354 | .iv = { 0xc1, 0x58, 0x5e, 0xf1, 0x5a, 0x43, 0xd8, 0x75 }, | ||
3355 | .input = { 0xf0, 0x5e, 0x23, 0x1b, 0x38, 0x94, 0x61, 0x2c, | ||
3356 | 0x49, 0xee, 0x00, 0x0b, 0x80, 0x4e, 0xb2, 0xa9, | ||
3357 | 0xb8, 0x30, 0x6b, 0x50, 0x8f, 0x83, 0x9d, 0x6a, | ||
3358 | 0x55, 0x30, 0x83, 0x1d, 0x93, 0x44, 0xaf, 0x1c }, | ||
3359 | .ilen = 32, | ||
3360 | .result = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, | ||
3361 | 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, | ||
3362 | 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, | ||
3363 | 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f }, | ||
3364 | .rlen = 32, | ||
3365 | }, | ||
3366 | }; | ||
3367 | |||
3183 | /* Cast5 test vectors from RFC 2144 */ | 3368 | /* Cast5 test vectors from RFC 2144 */ |
3184 | #define CAST5_ENC_TEST_VECTORS 3 | 3369 | #define CAST5_ENC_TEST_VECTORS 3 |
3185 | #define CAST5_DEC_TEST_VECTORS 3 | 3370 | #define CAST5_DEC_TEST_VECTORS 3 |