aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorHerbert Xu <herbert@gondor.apana.org.au>2008-09-08 00:29:54 -0400
committerHerbert Xu <herbert@gondor.apana.org.au>2008-09-08 00:29:54 -0400
commitf4c4cd6d14e3a3f638475f2f83e26765a7d3327b (patch)
treed4d85e641a431e05b3a8e7f62cb33d46c6163699
parent7686ad5606f08d9dfb33a2087a36c8366366015b (diff)
Revert "crypto: camellia - Use kernel-provided bitops, unaligned access helpers"
This reverts commit bd699f2df6dbc2f4cba528fe598bd63a4d3702c5, which causes camellia to fail the included self-test vectors. It has also been confirmed that it breaks existing encrypted disks using camellia. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-rw-r--r--crypto/camellia.c84
1 files changed, 48 insertions, 36 deletions
diff --git a/crypto/camellia.c b/crypto/camellia.c
index b1cc4de6493c..493fee7e0a8b 100644
--- a/crypto/camellia.c
+++ b/crypto/camellia.c
@@ -35,8 +35,6 @@
35#include <linux/init.h> 35#include <linux/init.h>
36#include <linux/kernel.h> 36#include <linux/kernel.h>
37#include <linux/module.h> 37#include <linux/module.h>
38#include <linux/bitops.h>
39#include <asm/unaligned.h>
40 38
41static const u32 camellia_sp1110[256] = { 39static const u32 camellia_sp1110[256] = {
42 0x70707000,0x82828200,0x2c2c2c00,0xececec00, 40 0x70707000,0x82828200,0x2c2c2c00,0xececec00,
@@ -337,6 +335,20 @@ static const u32 camellia_sp4404[256] = {
337/* 335/*
338 * macros 336 * macros
339 */ 337 */
338#define GETU32(v, pt) \
339 do { \
340 /* latest breed of gcc is clever enough to use move */ \
341 memcpy(&(v), (pt), 4); \
342 (v) = be32_to_cpu(v); \
343 } while(0)
344
345/* rotation right shift 1byte */
346#define ROR8(x) (((x) >> 8) + ((x) << 24))
347/* rotation left shift 1bit */
348#define ROL1(x) (((x) << 1) + ((x) >> 31))
349/* rotation left shift 1byte */
350#define ROL8(x) (((x) << 8) + ((x) >> 24))
351
340#define ROLDQ(ll, lr, rl, rr, w0, w1, bits) \ 352#define ROLDQ(ll, lr, rl, rr, w0, w1, bits) \
341 do { \ 353 do { \
342 w0 = ll; \ 354 w0 = ll; \
@@ -371,7 +383,7 @@ static const u32 camellia_sp4404[256] = {
371 ^ camellia_sp3033[(u8)(il >> 8)] \ 383 ^ camellia_sp3033[(u8)(il >> 8)] \
372 ^ camellia_sp4404[(u8)(il )]; \ 384 ^ camellia_sp4404[(u8)(il )]; \
373 yl ^= yr; \ 385 yl ^= yr; \
374 yr = ror32(yr, 8); \ 386 yr = ROR8(yr); \
375 yr ^= yl; \ 387 yr ^= yl; \
376 } while(0) 388 } while(0)
377 389
@@ -393,7 +405,7 @@ static void camellia_setup_tail(u32 *subkey, u32 *subL, u32 *subR, int max)
393 subL[7] ^= subL[1]; subR[7] ^= subR[1]; 405 subL[7] ^= subL[1]; subR[7] ^= subR[1];
394 subL[1] ^= subR[1] & ~subR[9]; 406 subL[1] ^= subR[1] & ~subR[9];
395 dw = subL[1] & subL[9], 407 dw = subL[1] & subL[9],
396 subR[1] ^= rol32(dw, 1); /* modified for FLinv(kl2) */ 408 subR[1] ^= ROL1(dw); /* modified for FLinv(kl2) */
397 /* round 8 */ 409 /* round 8 */
398 subL[11] ^= subL[1]; subR[11] ^= subR[1]; 410 subL[11] ^= subL[1]; subR[11] ^= subR[1];
399 /* round 10 */ 411 /* round 10 */
@@ -402,7 +414,7 @@ static void camellia_setup_tail(u32 *subkey, u32 *subL, u32 *subR, int max)
402 subL[15] ^= subL[1]; subR[15] ^= subR[1]; 414 subL[15] ^= subL[1]; subR[15] ^= subR[1];
403 subL[1] ^= subR[1] & ~subR[17]; 415 subL[1] ^= subR[1] & ~subR[17];
404 dw = subL[1] & subL[17], 416 dw = subL[1] & subL[17],
405 subR[1] ^= rol32(dw, 1); /* modified for FLinv(kl4) */ 417 subR[1] ^= ROL1(dw); /* modified for FLinv(kl4) */
406 /* round 14 */ 418 /* round 14 */
407 subL[19] ^= subL[1]; subR[19] ^= subR[1]; 419 subL[19] ^= subL[1]; subR[19] ^= subR[1];
408 /* round 16 */ 420 /* round 16 */
@@ -418,7 +430,7 @@ static void camellia_setup_tail(u32 *subkey, u32 *subL, u32 *subR, int max)
418 } else { 430 } else {
419 subL[1] ^= subR[1] & ~subR[25]; 431 subL[1] ^= subR[1] & ~subR[25];
420 dw = subL[1] & subL[25], 432 dw = subL[1] & subL[25],
421 subR[1] ^= rol32(dw, 1); /* modified for FLinv(kl6) */ 433 subR[1] ^= ROL1(dw); /* modified for FLinv(kl6) */
422 /* round 20 */ 434 /* round 20 */
423 subL[27] ^= subL[1]; subR[27] ^= subR[1]; 435 subL[27] ^= subL[1]; subR[27] ^= subR[1];
424 /* round 22 */ 436 /* round 22 */
@@ -438,7 +450,7 @@ static void camellia_setup_tail(u32 *subkey, u32 *subL, u32 *subR, int max)
438 subL[26] ^= kw4l; subR[26] ^= kw4r; 450 subL[26] ^= kw4l; subR[26] ^= kw4r;
439 kw4l ^= kw4r & ~subR[24]; 451 kw4l ^= kw4r & ~subR[24];
440 dw = kw4l & subL[24], 452 dw = kw4l & subL[24],
441 kw4r ^= rol32(dw, 1); /* modified for FL(kl5) */ 453 kw4r ^= ROL1(dw); /* modified for FL(kl5) */
442 } 454 }
443 /* round 17 */ 455 /* round 17 */
444 subL[22] ^= kw4l; subR[22] ^= kw4r; 456 subL[22] ^= kw4l; subR[22] ^= kw4r;
@@ -448,7 +460,7 @@ static void camellia_setup_tail(u32 *subkey, u32 *subL, u32 *subR, int max)
448 subL[18] ^= kw4l; subR[18] ^= kw4r; 460 subL[18] ^= kw4l; subR[18] ^= kw4r;
449 kw4l ^= kw4r & ~subR[16]; 461 kw4l ^= kw4r & ~subR[16];
450 dw = kw4l & subL[16], 462 dw = kw4l & subL[16],
451 kw4r ^= rol32(dw, 1); /* modified for FL(kl3) */ 463 kw4r ^= ROL1(dw); /* modified for FL(kl3) */
452 /* round 11 */ 464 /* round 11 */
453 subL[14] ^= kw4l; subR[14] ^= kw4r; 465 subL[14] ^= kw4l; subR[14] ^= kw4r;
454 /* round 9 */ 466 /* round 9 */
@@ -457,7 +469,7 @@ static void camellia_setup_tail(u32 *subkey, u32 *subL, u32 *subR, int max)
457 subL[10] ^= kw4l; subR[10] ^= kw4r; 469 subL[10] ^= kw4l; subR[10] ^= kw4r;
458 kw4l ^= kw4r & ~subR[8]; 470 kw4l ^= kw4r & ~subR[8];
459 dw = kw4l & subL[8], 471 dw = kw4l & subL[8],
460 kw4r ^= rol32(dw, 1); /* modified for FL(kl1) */ 472 kw4r ^= ROL1(dw); /* modified for FL(kl1) */
461 /* round 5 */ 473 /* round 5 */
462 subL[6] ^= kw4l; subR[6] ^= kw4r; 474 subL[6] ^= kw4l; subR[6] ^= kw4r;
463 /* round 3 */ 475 /* round 3 */
@@ -482,7 +494,7 @@ static void camellia_setup_tail(u32 *subkey, u32 *subL, u32 *subR, int max)
482 SUBKEY_R(6) = subR[5] ^ subR[7]; 494 SUBKEY_R(6) = subR[5] ^ subR[7];
483 tl = subL[10] ^ (subR[10] & ~subR[8]); 495 tl = subL[10] ^ (subR[10] & ~subR[8]);
484 dw = tl & subL[8], /* FL(kl1) */ 496 dw = tl & subL[8], /* FL(kl1) */
485 tr = subR[10] ^ rol32(dw, 1); 497 tr = subR[10] ^ ROL1(dw);
486 SUBKEY_L(7) = subL[6] ^ tl; /* round 6 */ 498 SUBKEY_L(7) = subL[6] ^ tl; /* round 6 */
487 SUBKEY_R(7) = subR[6] ^ tr; 499 SUBKEY_R(7) = subR[6] ^ tr;
488 SUBKEY_L(8) = subL[8]; /* FL(kl1) */ 500 SUBKEY_L(8) = subL[8]; /* FL(kl1) */
@@ -491,7 +503,7 @@ static void camellia_setup_tail(u32 *subkey, u32 *subL, u32 *subR, int max)
491 SUBKEY_R(9) = subR[9]; 503 SUBKEY_R(9) = subR[9];
492 tl = subL[7] ^ (subR[7] & ~subR[9]); 504 tl = subL[7] ^ (subR[7] & ~subR[9]);
493 dw = tl & subL[9], /* FLinv(kl2) */ 505 dw = tl & subL[9], /* FLinv(kl2) */
494 tr = subR[7] ^ rol32(dw, 1); 506 tr = subR[7] ^ ROL1(dw);
495 SUBKEY_L(10) = tl ^ subL[11]; /* round 7 */ 507 SUBKEY_L(10) = tl ^ subL[11]; /* round 7 */
496 SUBKEY_R(10) = tr ^ subR[11]; 508 SUBKEY_R(10) = tr ^ subR[11];
497 SUBKEY_L(11) = subL[10] ^ subL[12]; /* round 8 */ 509 SUBKEY_L(11) = subL[10] ^ subL[12]; /* round 8 */
@@ -504,7 +516,7 @@ static void camellia_setup_tail(u32 *subkey, u32 *subL, u32 *subR, int max)
504 SUBKEY_R(14) = subR[13] ^ subR[15]; 516 SUBKEY_R(14) = subR[13] ^ subR[15];
505 tl = subL[18] ^ (subR[18] & ~subR[16]); 517 tl = subL[18] ^ (subR[18] & ~subR[16]);
506 dw = tl & subL[16], /* FL(kl3) */ 518 dw = tl & subL[16], /* FL(kl3) */
507 tr = subR[18] ^ rol32(dw, 1); 519 tr = subR[18] ^ ROL1(dw);
508 SUBKEY_L(15) = subL[14] ^ tl; /* round 12 */ 520 SUBKEY_L(15) = subL[14] ^ tl; /* round 12 */
509 SUBKEY_R(15) = subR[14] ^ tr; 521 SUBKEY_R(15) = subR[14] ^ tr;
510 SUBKEY_L(16) = subL[16]; /* FL(kl3) */ 522 SUBKEY_L(16) = subL[16]; /* FL(kl3) */
@@ -513,7 +525,7 @@ static void camellia_setup_tail(u32 *subkey, u32 *subL, u32 *subR, int max)
513 SUBKEY_R(17) = subR[17]; 525 SUBKEY_R(17) = subR[17];
514 tl = subL[15] ^ (subR[15] & ~subR[17]); 526 tl = subL[15] ^ (subR[15] & ~subR[17]);
515 dw = tl & subL[17], /* FLinv(kl4) */ 527 dw = tl & subL[17], /* FLinv(kl4) */
516 tr = subR[15] ^ rol32(dw, 1); 528 tr = subR[15] ^ ROL1(dw);
517 SUBKEY_L(18) = tl ^ subL[19]; /* round 13 */ 529 SUBKEY_L(18) = tl ^ subL[19]; /* round 13 */
518 SUBKEY_R(18) = tr ^ subR[19]; 530 SUBKEY_R(18) = tr ^ subR[19];
519 SUBKEY_L(19) = subL[18] ^ subL[20]; /* round 14 */ 531 SUBKEY_L(19) = subL[18] ^ subL[20]; /* round 14 */
@@ -532,7 +544,7 @@ static void camellia_setup_tail(u32 *subkey, u32 *subL, u32 *subR, int max)
532 } else { 544 } else {
533 tl = subL[26] ^ (subR[26] & ~subR[24]); 545 tl = subL[26] ^ (subR[26] & ~subR[24]);
534 dw = tl & subL[24], /* FL(kl5) */ 546 dw = tl & subL[24], /* FL(kl5) */
535 tr = subR[26] ^ rol32(dw, 1); 547 tr = subR[26] ^ ROL1(dw);
536 SUBKEY_L(23) = subL[22] ^ tl; /* round 18 */ 548 SUBKEY_L(23) = subL[22] ^ tl; /* round 18 */
537 SUBKEY_R(23) = subR[22] ^ tr; 549 SUBKEY_R(23) = subR[22] ^ tr;
538 SUBKEY_L(24) = subL[24]; /* FL(kl5) */ 550 SUBKEY_L(24) = subL[24]; /* FL(kl5) */
@@ -541,7 +553,7 @@ static void camellia_setup_tail(u32 *subkey, u32 *subL, u32 *subR, int max)
541 SUBKEY_R(25) = subR[25]; 553 SUBKEY_R(25) = subR[25];
542 tl = subL[23] ^ (subR[23] & ~subR[25]); 554 tl = subL[23] ^ (subR[23] & ~subR[25]);
543 dw = tl & subL[25], /* FLinv(kl6) */ 555 dw = tl & subL[25], /* FLinv(kl6) */
544 tr = subR[23] ^ rol32(dw, 1); 556 tr = subR[23] ^ ROL1(dw);
545 SUBKEY_L(26) = tl ^ subL[27]; /* round 19 */ 557 SUBKEY_L(26) = tl ^ subL[27]; /* round 19 */
546 SUBKEY_R(26) = tr ^ subR[27]; 558 SUBKEY_R(26) = tr ^ subR[27];
547 SUBKEY_L(27) = subL[26] ^ subL[28]; /* round 20 */ 559 SUBKEY_L(27) = subL[26] ^ subL[28]; /* round 20 */
@@ -561,17 +573,17 @@ static void camellia_setup_tail(u32 *subkey, u32 *subL, u32 *subR, int max)
561 /* apply the inverse of the last half of P-function */ 573 /* apply the inverse of the last half of P-function */
562 i = 2; 574 i = 2;
563 do { 575 do {
564 dw = SUBKEY_L(i + 0) ^ SUBKEY_R(i + 0); dw = rol32(dw, 8);/* round 1 */ 576 dw = SUBKEY_L(i + 0) ^ SUBKEY_R(i + 0); dw = ROL8(dw);/* round 1 */
565 SUBKEY_R(i + 0) = SUBKEY_L(i + 0) ^ dw; SUBKEY_L(i + 0) = dw; 577 SUBKEY_R(i + 0) = SUBKEY_L(i + 0) ^ dw; SUBKEY_L(i + 0) = dw;
566 dw = SUBKEY_L(i + 1) ^ SUBKEY_R(i + 1); dw = rol32(dw, 8);/* round 2 */ 578 dw = SUBKEY_L(i + 1) ^ SUBKEY_R(i + 1); dw = ROL8(dw);/* round 2 */
567 SUBKEY_R(i + 1) = SUBKEY_L(i + 1) ^ dw; SUBKEY_L(i + 1) = dw; 579 SUBKEY_R(i + 1) = SUBKEY_L(i + 1) ^ dw; SUBKEY_L(i + 1) = dw;
568 dw = SUBKEY_L(i + 2) ^ SUBKEY_R(i + 2); dw = rol32(dw, 8);/* round 3 */ 580 dw = SUBKEY_L(i + 2) ^ SUBKEY_R(i + 2); dw = ROL8(dw);/* round 3 */
569 SUBKEY_R(i + 2) = SUBKEY_L(i + 2) ^ dw; SUBKEY_L(i + 2) = dw; 581 SUBKEY_R(i + 2) = SUBKEY_L(i + 2) ^ dw; SUBKEY_L(i + 2) = dw;
570 dw = SUBKEY_L(i + 3) ^ SUBKEY_R(i + 3); dw = rol32(dw, 8);/* round 4 */ 582 dw = SUBKEY_L(i + 3) ^ SUBKEY_R(i + 3); dw = ROL8(dw);/* round 4 */
571 SUBKEY_R(i + 3) = SUBKEY_L(i + 3) ^ dw; SUBKEY_L(i + 3) = dw; 583 SUBKEY_R(i + 3) = SUBKEY_L(i + 3) ^ dw; SUBKEY_L(i + 3) = dw;
572 dw = SUBKEY_L(i + 4) ^ SUBKEY_R(i + 4); dw = rol32(dw, 9);/* round 5 */ 584 dw = SUBKEY_L(i + 4) ^ SUBKEY_R(i + 4); dw = ROL8(dw);/* round 5 */
573 SUBKEY_R(i + 4) = SUBKEY_L(i + 4) ^ dw; SUBKEY_L(i + 4) = dw; 585 SUBKEY_R(i + 4) = SUBKEY_L(i + 4) ^ dw; SUBKEY_L(i + 4) = dw;
574 dw = SUBKEY_L(i + 5) ^ SUBKEY_R(i + 5); dw = rol32(dw, 8);/* round 6 */ 586 dw = SUBKEY_L(i + 5) ^ SUBKEY_R(i + 5); dw = ROL8(dw);/* round 6 */
575 SUBKEY_R(i + 5) = SUBKEY_L(i + 5) ^ dw; SUBKEY_L(i + 5) = dw; 587 SUBKEY_R(i + 5) = SUBKEY_L(i + 5) ^ dw; SUBKEY_L(i + 5) = dw;
576 i += 8; 588 i += 8;
577 } while (i < max); 589 } while (i < max);
@@ -587,10 +599,10 @@ static void camellia_setup128(const unsigned char *key, u32 *subkey)
587 /** 599 /**
588 * k == kll || klr || krl || krr (|| is concatenation) 600 * k == kll || klr || krl || krr (|| is concatenation)
589 */ 601 */
590 kll = get_unaligned_be32(key); 602 GETU32(kll, key );
591 klr = get_unaligned_be32(key + 4); 603 GETU32(klr, key + 4);
592 krl = get_unaligned_be32(key + 8); 604 GETU32(krl, key + 8);
593 krr = get_unaligned_be32(key + 12); 605 GETU32(krr, key + 12);
594 606
595 /* generate KL dependent subkeys */ 607 /* generate KL dependent subkeys */
596 /* kw1 */ 608 /* kw1 */
@@ -695,14 +707,14 @@ static void camellia_setup256(const unsigned char *key, u32 *subkey)
695 * key = (kll || klr || krl || krr || krll || krlr || krrl || krrr) 707 * key = (kll || klr || krl || krr || krll || krlr || krrl || krrr)
696 * (|| is concatenation) 708 * (|| is concatenation)
697 */ 709 */
698 kll = get_unaligned_be32(key); 710 GETU32(kll, key );
699 klr = get_unaligned_be32(key + 4); 711 GETU32(klr, key + 4);
700 krl = get_unaligned_be32(key + 8); 712 GETU32(krl, key + 8);
701 krr = get_unaligned_be32(key + 12); 713 GETU32(krr, key + 12);
702 krll = get_unaligned_be32(key + 16); 714 GETU32(krll, key + 16);
703 krlr = get_unaligned_be32(key + 20); 715 GETU32(krlr, key + 20);
704 krrl = get_unaligned_be32(key + 24); 716 GETU32(krrl, key + 24);
705 krrr = get_unaligned_be32(key + 28); 717 GETU32(krrr, key + 28);
706 718
707 /* generate KL dependent subkeys */ 719 /* generate KL dependent subkeys */
708 /* kw1 */ 720 /* kw1 */
@@ -858,13 +870,13 @@ static void camellia_setup192(const unsigned char *key, u32 *subkey)
858 t0 &= ll; \ 870 t0 &= ll; \
859 t2 |= rr; \ 871 t2 |= rr; \
860 rl ^= t2; \ 872 rl ^= t2; \
861 lr ^= rol32(t0, 1); \ 873 lr ^= ROL1(t0); \
862 t3 = krl; \ 874 t3 = krl; \
863 t1 = klr; \ 875 t1 = klr; \
864 t3 &= rl; \ 876 t3 &= rl; \
865 t1 |= lr; \ 877 t1 |= lr; \
866 ll ^= t1; \ 878 ll ^= t1; \
867 rr ^= rol32(t3, 1); \ 879 rr ^= ROL1(t3); \
868 } while(0) 880 } while(0)
869 881
870#define CAMELLIA_ROUNDSM(xl, xr, kl, kr, yl, yr, il, ir) \ 882#define CAMELLIA_ROUNDSM(xl, xr, kl, kr, yl, yr, il, ir) \
@@ -880,7 +892,7 @@ static void camellia_setup192(const unsigned char *key, u32 *subkey)
880 il ^= kl; \ 892 il ^= kl; \
881 ir ^= il ^ kr; \ 893 ir ^= il ^ kr; \
882 yl ^= ir; \ 894 yl ^= ir; \
883 yr ^= ror32(il, 8) ^ ir; \ 895 yr ^= ROR8(il) ^ ir; \
884 } while(0) 896 } while(0)
885 897
886/* max = 24: 128bit encrypt, max = 32: 256bit encrypt */ 898/* max = 24: 128bit encrypt, max = 32: 256bit encrypt */