diff options
author | Ingo Molnar <mingo@elte.hu> | 2008-07-15 17:12:58 -0400 |
---|---|---|
committer | Ingo Molnar <mingo@elte.hu> | 2008-07-15 17:12:58 -0400 |
commit | 1e09481365ce248dbb4eb06dad70129bb5807037 (patch) | |
tree | c0cff5bef95c8b5e7486f144718ade9a06c284dc /crypto | |
parent | 3e2f69fdd1b00166e7d589bce56b2d36a9e74374 (diff) | |
parent | b9d2252c1e44fa83a4e65fdc9eb93db6297c55af (diff) |
Merge branch 'linus' into core/softlockup
Conflicts:
kernel/softlockup.c
Signed-off-by: Ingo Molnar <mingo@elte.hu>
Diffstat (limited to 'crypto')
-rw-r--r-- | crypto/Kconfig | 63 | ||||
-rw-r--r-- | crypto/Makefile | 7 | ||||
-rw-r--r-- | crypto/ahash.c | 194 | ||||
-rw-r--r-- | crypto/api.c | 8 | ||||
-rw-r--r-- | crypto/camellia.c | 84 | ||||
-rw-r--r-- | crypto/chainiv.c | 10 | ||||
-rw-r--r-- | crypto/crc32c.c | 128 | ||||
-rw-r--r-- | crypto/cryptd.c | 253 | ||||
-rw-r--r-- | crypto/digest.c | 83 | ||||
-rw-r--r-- | crypto/hash.c | 102 | ||||
-rw-r--r-- | crypto/hmac.c | 16 | ||||
-rw-r--r-- | crypto/internal.h | 1 | ||||
-rw-r--r-- | crypto/prng.c | 410 | ||||
-rw-r--r-- | crypto/prng.h | 27 | ||||
-rw-r--r-- | crypto/ripemd.h | 43 | ||||
-rw-r--r-- | crypto/rmd128.c | 325 | ||||
-rw-r--r-- | crypto/rmd160.c | 369 | ||||
-rw-r--r-- | crypto/rmd256.c | 344 | ||||
-rw-r--r-- | crypto/rmd320.c | 393 | ||||
-rw-r--r-- | crypto/tcrypt.c | 198 | ||||
-rw-r--r-- | crypto/tcrypt.h | 526 |
21 files changed, 3441 insertions, 143 deletions
diff --git a/crypto/Kconfig b/crypto/Kconfig index 864456c140fe..ea503572fcbe 100644 --- a/crypto/Kconfig +++ b/crypto/Kconfig | |||
@@ -65,6 +65,7 @@ config CRYPTO_NULL | |||
65 | config CRYPTO_CRYPTD | 65 | config CRYPTO_CRYPTD |
66 | tristate "Software async crypto daemon" | 66 | tristate "Software async crypto daemon" |
67 | select CRYPTO_BLKCIPHER | 67 | select CRYPTO_BLKCIPHER |
68 | select CRYPTO_HASH | ||
68 | select CRYPTO_MANAGER | 69 | select CRYPTO_MANAGER |
69 | help | 70 | help |
70 | This is a generic software asynchronous crypto daemon that | 71 | This is a generic software asynchronous crypto daemon that |
@@ -212,7 +213,7 @@ comment "Digest" | |||
212 | 213 | ||
213 | config CRYPTO_CRC32C | 214 | config CRYPTO_CRC32C |
214 | tristate "CRC32c CRC algorithm" | 215 | tristate "CRC32c CRC algorithm" |
215 | select CRYPTO_ALGAPI | 216 | select CRYPTO_HASH |
216 | select LIBCRC32C | 217 | select LIBCRC32C |
217 | help | 218 | help |
218 | Castagnoli, et al Cyclic Redundancy-Check Algorithm. Used | 219 | Castagnoli, et al Cyclic Redundancy-Check Algorithm. Used |
@@ -241,6 +242,57 @@ config CRYPTO_MICHAEL_MIC | |||
241 | should not be used for other purposes because of the weakness | 242 | should not be used for other purposes because of the weakness |
242 | of the algorithm. | 243 | of the algorithm. |
243 | 244 | ||
245 | config CRYPTO_RMD128 | ||
246 | tristate "RIPEMD-128 digest algorithm" | ||
247 | select CRYPTO_ALGAPI | ||
248 | help | ||
249 | RIPEMD-128 (ISO/IEC 10118-3:2004). | ||
250 | |||
251 | RIPEMD-128 is a 128-bit cryptographic hash function. It should only | ||
252 | to be used as a secure replacement for RIPEMD. For other use cases | ||
253 | RIPEMD-160 should be used. | ||
254 | |||
255 | Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel. | ||
256 | See <http://home.esat.kuleuven.be/~bosselae/ripemd160.html> | ||
257 | |||
258 | config CRYPTO_RMD160 | ||
259 | tristate "RIPEMD-160 digest algorithm" | ||
260 | select CRYPTO_ALGAPI | ||
261 | help | ||
262 | RIPEMD-160 (ISO/IEC 10118-3:2004). | ||
263 | |||
264 | RIPEMD-160 is a 160-bit cryptographic hash function. It is intended | ||
265 | to be used as a secure replacement for the 128-bit hash functions | ||
266 | MD4, MD5 and it's predecessor RIPEMD (not to be confused with RIPEMD-128). | ||
267 | |||
268 | It's speed is comparable to SHA1 and there are no known attacks against | ||
269 | RIPEMD-160. | ||
270 | |||
271 | Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel. | ||
272 | See <http://home.esat.kuleuven.be/~bosselae/ripemd160.html> | ||
273 | |||
274 | config CRYPTO_RMD256 | ||
275 | tristate "RIPEMD-256 digest algorithm" | ||
276 | select CRYPTO_ALGAPI | ||
277 | help | ||
278 | RIPEMD-256 is an optional extension of RIPEMD-128 with a 256 bit hash. | ||
279 | It is intended for applications that require longer hash-results, without | ||
280 | needing a larger security level (than RIPEMD-128). | ||
281 | |||
282 | Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel. | ||
283 | See <http://home.esat.kuleuven.be/~bosselae/ripemd160.html> | ||
284 | |||
285 | config CRYPTO_RMD320 | ||
286 | tristate "RIPEMD-320 digest algorithm" | ||
287 | select CRYPTO_ALGAPI | ||
288 | help | ||
289 | RIPEMD-320 is an optional extension of RIPEMD-160 with a 320 bit hash. | ||
290 | It is intended for applications that require longer hash-results, without | ||
291 | needing a larger security level (than RIPEMD-160). | ||
292 | |||
293 | Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel. | ||
294 | See <http://home.esat.kuleuven.be/~bosselae/ripemd160.html> | ||
295 | |||
244 | config CRYPTO_SHA1 | 296 | config CRYPTO_SHA1 |
245 | tristate "SHA1 digest algorithm" | 297 | tristate "SHA1 digest algorithm" |
246 | select CRYPTO_ALGAPI | 298 | select CRYPTO_ALGAPI |
@@ -614,6 +666,15 @@ config CRYPTO_LZO | |||
614 | help | 666 | help |
615 | This is the LZO algorithm. | 667 | This is the LZO algorithm. |
616 | 668 | ||
669 | comment "Random Number Generation" | ||
670 | |||
671 | config CRYPTO_PRNG | ||
672 | tristate "Pseudo Random Number Generation for Cryptographic modules" | ||
673 | help | ||
674 | This option enables the generic pseudo random number generator | ||
675 | for cryptographic modules. Uses the Algorithm specified in | ||
676 | ANSI X9.31 A.2.4 | ||
677 | |||
617 | source "drivers/crypto/Kconfig" | 678 | source "drivers/crypto/Kconfig" |
618 | 679 | ||
619 | endif # if CRYPTO | 680 | endif # if CRYPTO |
diff --git a/crypto/Makefile b/crypto/Makefile index ca024418f4fb..ef61b3b64660 100644 --- a/crypto/Makefile +++ b/crypto/Makefile | |||
@@ -19,6 +19,7 @@ obj-$(CONFIG_CRYPTO_BLKCIPHER) += crypto_blkcipher.o | |||
19 | obj-$(CONFIG_CRYPTO_SEQIV) += seqiv.o | 19 | obj-$(CONFIG_CRYPTO_SEQIV) += seqiv.o |
20 | 20 | ||
21 | crypto_hash-objs := hash.o | 21 | crypto_hash-objs := hash.o |
22 | crypto_hash-objs += ahash.o | ||
22 | obj-$(CONFIG_CRYPTO_HASH) += crypto_hash.o | 23 | obj-$(CONFIG_CRYPTO_HASH) += crypto_hash.o |
23 | 24 | ||
24 | obj-$(CONFIG_CRYPTO_MANAGER) += cryptomgr.o | 25 | obj-$(CONFIG_CRYPTO_MANAGER) += cryptomgr.o |
@@ -27,6 +28,10 @@ obj-$(CONFIG_CRYPTO_XCBC) += xcbc.o | |||
27 | obj-$(CONFIG_CRYPTO_NULL) += crypto_null.o | 28 | obj-$(CONFIG_CRYPTO_NULL) += crypto_null.o |
28 | obj-$(CONFIG_CRYPTO_MD4) += md4.o | 29 | obj-$(CONFIG_CRYPTO_MD4) += md4.o |
29 | obj-$(CONFIG_CRYPTO_MD5) += md5.o | 30 | obj-$(CONFIG_CRYPTO_MD5) += md5.o |
31 | obj-$(CONFIG_CRYPTO_RMD128) += rmd128.o | ||
32 | obj-$(CONFIG_CRYPTO_RMD160) += rmd160.o | ||
33 | obj-$(CONFIG_CRYPTO_RMD256) += rmd256.o | ||
34 | obj-$(CONFIG_CRYPTO_RMD320) += rmd320.o | ||
30 | obj-$(CONFIG_CRYPTO_SHA1) += sha1_generic.o | 35 | obj-$(CONFIG_CRYPTO_SHA1) += sha1_generic.o |
31 | obj-$(CONFIG_CRYPTO_SHA256) += sha256_generic.o | 36 | obj-$(CONFIG_CRYPTO_SHA256) += sha256_generic.o |
32 | obj-$(CONFIG_CRYPTO_SHA512) += sha512_generic.o | 37 | obj-$(CONFIG_CRYPTO_SHA512) += sha512_generic.o |
@@ -64,7 +69,7 @@ obj-$(CONFIG_CRYPTO_MICHAEL_MIC) += michael_mic.o | |||
64 | obj-$(CONFIG_CRYPTO_CRC32C) += crc32c.o | 69 | obj-$(CONFIG_CRYPTO_CRC32C) += crc32c.o |
65 | obj-$(CONFIG_CRYPTO_AUTHENC) += authenc.o | 70 | obj-$(CONFIG_CRYPTO_AUTHENC) += authenc.o |
66 | obj-$(CONFIG_CRYPTO_LZO) += lzo.o | 71 | obj-$(CONFIG_CRYPTO_LZO) += lzo.o |
67 | 72 | obj-$(CONFIG_CRYPTO_PRNG) += prng.o | |
68 | obj-$(CONFIG_CRYPTO_TEST) += tcrypt.o | 73 | obj-$(CONFIG_CRYPTO_TEST) += tcrypt.o |
69 | 74 | ||
70 | # | 75 | # |
diff --git a/crypto/ahash.c b/crypto/ahash.c new file mode 100644 index 000000000000..27128f2c687a --- /dev/null +++ b/crypto/ahash.c | |||
@@ -0,0 +1,194 @@ | |||
1 | /* | ||
2 | * Asynchronous Cryptographic Hash operations. | ||
3 | * | ||
4 | * This is the asynchronous version of hash.c with notification of | ||
5 | * completion via a callback. | ||
6 | * | ||
7 | * Copyright (c) 2008 Loc Ho <lho@amcc.com> | ||
8 | * | ||
9 | * This program is free software; you can redistribute it and/or modify it | ||
10 | * under the terms of the GNU General Public License as published by the Free | ||
11 | * Software Foundation; either version 2 of the License, or (at your option) | ||
12 | * any later version. | ||
13 | * | ||
14 | */ | ||
15 | |||
16 | #include <crypto/internal/hash.h> | ||
17 | #include <crypto/scatterwalk.h> | ||
18 | #include <linux/err.h> | ||
19 | #include <linux/kernel.h> | ||
20 | #include <linux/module.h> | ||
21 | #include <linux/sched.h> | ||
22 | #include <linux/slab.h> | ||
23 | #include <linux/seq_file.h> | ||
24 | |||
25 | #include "internal.h" | ||
26 | |||
27 | static int hash_walk_next(struct crypto_hash_walk *walk) | ||
28 | { | ||
29 | unsigned int alignmask = walk->alignmask; | ||
30 | unsigned int offset = walk->offset; | ||
31 | unsigned int nbytes = min(walk->entrylen, | ||
32 | ((unsigned int)(PAGE_SIZE)) - offset); | ||
33 | |||
34 | walk->data = crypto_kmap(walk->pg, 0); | ||
35 | walk->data += offset; | ||
36 | |||
37 | if (offset & alignmask) | ||
38 | nbytes = alignmask + 1 - (offset & alignmask); | ||
39 | |||
40 | walk->entrylen -= nbytes; | ||
41 | return nbytes; | ||
42 | } | ||
43 | |||
44 | static int hash_walk_new_entry(struct crypto_hash_walk *walk) | ||
45 | { | ||
46 | struct scatterlist *sg; | ||
47 | |||
48 | sg = walk->sg; | ||
49 | walk->pg = sg_page(sg); | ||
50 | walk->offset = sg->offset; | ||
51 | walk->entrylen = sg->length; | ||
52 | |||
53 | if (walk->entrylen > walk->total) | ||
54 | walk->entrylen = walk->total; | ||
55 | walk->total -= walk->entrylen; | ||
56 | |||
57 | return hash_walk_next(walk); | ||
58 | } | ||
59 | |||
60 | int crypto_hash_walk_done(struct crypto_hash_walk *walk, int err) | ||
61 | { | ||
62 | unsigned int alignmask = walk->alignmask; | ||
63 | unsigned int nbytes = walk->entrylen; | ||
64 | |||
65 | walk->data -= walk->offset; | ||
66 | |||
67 | if (nbytes && walk->offset & alignmask && !err) { | ||
68 | walk->offset += alignmask - 1; | ||
69 | walk->offset = ALIGN(walk->offset, alignmask + 1); | ||
70 | walk->data += walk->offset; | ||
71 | |||
72 | nbytes = min(nbytes, | ||
73 | ((unsigned int)(PAGE_SIZE)) - walk->offset); | ||
74 | walk->entrylen -= nbytes; | ||
75 | |||
76 | return nbytes; | ||
77 | } | ||
78 | |||
79 | crypto_kunmap(walk->data, 0); | ||
80 | crypto_yield(walk->flags); | ||
81 | |||
82 | if (err) | ||
83 | return err; | ||
84 | |||
85 | walk->offset = 0; | ||
86 | |||
87 | if (nbytes) | ||
88 | return hash_walk_next(walk); | ||
89 | |||
90 | if (!walk->total) | ||
91 | return 0; | ||
92 | |||
93 | walk->sg = scatterwalk_sg_next(walk->sg); | ||
94 | |||
95 | return hash_walk_new_entry(walk); | ||
96 | } | ||
97 | EXPORT_SYMBOL_GPL(crypto_hash_walk_done); | ||
98 | |||
99 | int crypto_hash_walk_first(struct ahash_request *req, | ||
100 | struct crypto_hash_walk *walk) | ||
101 | { | ||
102 | walk->total = req->nbytes; | ||
103 | |||
104 | if (!walk->total) | ||
105 | return 0; | ||
106 | |||
107 | walk->alignmask = crypto_ahash_alignmask(crypto_ahash_reqtfm(req)); | ||
108 | walk->sg = req->src; | ||
109 | walk->flags = req->base.flags; | ||
110 | |||
111 | return hash_walk_new_entry(walk); | ||
112 | } | ||
113 | EXPORT_SYMBOL_GPL(crypto_hash_walk_first); | ||
114 | |||
115 | static int ahash_setkey_unaligned(struct crypto_ahash *tfm, const u8 *key, | ||
116 | unsigned int keylen) | ||
117 | { | ||
118 | struct ahash_alg *ahash = crypto_ahash_alg(tfm); | ||
119 | unsigned long alignmask = crypto_ahash_alignmask(tfm); | ||
120 | int ret; | ||
121 | u8 *buffer, *alignbuffer; | ||
122 | unsigned long absize; | ||
123 | |||
124 | absize = keylen + alignmask; | ||
125 | buffer = kmalloc(absize, GFP_ATOMIC); | ||
126 | if (!buffer) | ||
127 | return -ENOMEM; | ||
128 | |||
129 | alignbuffer = (u8 *)ALIGN((unsigned long)buffer, alignmask + 1); | ||
130 | memcpy(alignbuffer, key, keylen); | ||
131 | ret = ahash->setkey(tfm, alignbuffer, keylen); | ||
132 | memset(alignbuffer, 0, keylen); | ||
133 | kfree(buffer); | ||
134 | return ret; | ||
135 | } | ||
136 | |||
137 | static int ahash_setkey(struct crypto_ahash *tfm, const u8 *key, | ||
138 | unsigned int keylen) | ||
139 | { | ||
140 | struct ahash_alg *ahash = crypto_ahash_alg(tfm); | ||
141 | unsigned long alignmask = crypto_ahash_alignmask(tfm); | ||
142 | |||
143 | if ((unsigned long)key & alignmask) | ||
144 | return ahash_setkey_unaligned(tfm, key, keylen); | ||
145 | |||
146 | return ahash->setkey(tfm, key, keylen); | ||
147 | } | ||
148 | |||
149 | static unsigned int crypto_ahash_ctxsize(struct crypto_alg *alg, u32 type, | ||
150 | u32 mask) | ||
151 | { | ||
152 | return alg->cra_ctxsize; | ||
153 | } | ||
154 | |||
155 | static int crypto_init_ahash_ops(struct crypto_tfm *tfm, u32 type, u32 mask) | ||
156 | { | ||
157 | struct ahash_alg *alg = &tfm->__crt_alg->cra_ahash; | ||
158 | struct ahash_tfm *crt = &tfm->crt_ahash; | ||
159 | |||
160 | if (alg->digestsize > PAGE_SIZE / 8) | ||
161 | return -EINVAL; | ||
162 | |||
163 | crt->init = alg->init; | ||
164 | crt->update = alg->update; | ||
165 | crt->final = alg->final; | ||
166 | crt->digest = alg->digest; | ||
167 | crt->setkey = ahash_setkey; | ||
168 | crt->digestsize = alg->digestsize; | ||
169 | |||
170 | return 0; | ||
171 | } | ||
172 | |||
173 | static void crypto_ahash_show(struct seq_file *m, struct crypto_alg *alg) | ||
174 | __attribute__ ((unused)); | ||
175 | static void crypto_ahash_show(struct seq_file *m, struct crypto_alg *alg) | ||
176 | { | ||
177 | seq_printf(m, "type : ahash\n"); | ||
178 | seq_printf(m, "async : %s\n", alg->cra_flags & CRYPTO_ALG_ASYNC ? | ||
179 | "yes" : "no"); | ||
180 | seq_printf(m, "blocksize : %u\n", alg->cra_blocksize); | ||
181 | seq_printf(m, "digestsize : %u\n", alg->cra_hash.digestsize); | ||
182 | } | ||
183 | |||
184 | const struct crypto_type crypto_ahash_type = { | ||
185 | .ctxsize = crypto_ahash_ctxsize, | ||
186 | .init = crypto_init_ahash_ops, | ||
187 | #ifdef CONFIG_PROC_FS | ||
188 | .show = crypto_ahash_show, | ||
189 | #endif | ||
190 | }; | ||
191 | EXPORT_SYMBOL_GPL(crypto_ahash_type); | ||
192 | |||
193 | MODULE_LICENSE("GPL"); | ||
194 | MODULE_DESCRIPTION("Asynchronous cryptographic hash type"); | ||
diff --git a/crypto/api.c b/crypto/api.c index 0a0f41ef255f..d06e33270abe 100644 --- a/crypto/api.c +++ b/crypto/api.c | |||
@@ -235,8 +235,12 @@ static int crypto_init_ops(struct crypto_tfm *tfm, u32 type, u32 mask) | |||
235 | return crypto_init_cipher_ops(tfm); | 235 | return crypto_init_cipher_ops(tfm); |
236 | 236 | ||
237 | case CRYPTO_ALG_TYPE_DIGEST: | 237 | case CRYPTO_ALG_TYPE_DIGEST: |
238 | return crypto_init_digest_ops(tfm); | 238 | if ((mask & CRYPTO_ALG_TYPE_HASH_MASK) != |
239 | 239 | CRYPTO_ALG_TYPE_HASH_MASK) | |
240 | return crypto_init_digest_ops_async(tfm); | ||
241 | else | ||
242 | return crypto_init_digest_ops(tfm); | ||
243 | |||
240 | case CRYPTO_ALG_TYPE_COMPRESS: | 244 | case CRYPTO_ALG_TYPE_COMPRESS: |
241 | return crypto_init_compress_ops(tfm); | 245 | return crypto_init_compress_ops(tfm); |
242 | 246 | ||
diff --git a/crypto/camellia.c b/crypto/camellia.c index 493fee7e0a8b..b1cc4de6493c 100644 --- a/crypto/camellia.c +++ b/crypto/camellia.c | |||
@@ -35,6 +35,8 @@ | |||
35 | #include <linux/init.h> | 35 | #include <linux/init.h> |
36 | #include <linux/kernel.h> | 36 | #include <linux/kernel.h> |
37 | #include <linux/module.h> | 37 | #include <linux/module.h> |
38 | #include <linux/bitops.h> | ||
39 | #include <asm/unaligned.h> | ||
38 | 40 | ||
39 | static const u32 camellia_sp1110[256] = { | 41 | static const u32 camellia_sp1110[256] = { |
40 | 0x70707000,0x82828200,0x2c2c2c00,0xececec00, | 42 | 0x70707000,0x82828200,0x2c2c2c00,0xececec00, |
@@ -335,20 +337,6 @@ static const u32 camellia_sp4404[256] = { | |||
335 | /* | 337 | /* |
336 | * macros | 338 | * macros |
337 | */ | 339 | */ |
338 | #define GETU32(v, pt) \ | ||
339 | do { \ | ||
340 | /* latest breed of gcc is clever enough to use move */ \ | ||
341 | memcpy(&(v), (pt), 4); \ | ||
342 | (v) = be32_to_cpu(v); \ | ||
343 | } while(0) | ||
344 | |||
345 | /* rotation right shift 1byte */ | ||
346 | #define ROR8(x) (((x) >> 8) + ((x) << 24)) | ||
347 | /* rotation left shift 1bit */ | ||
348 | #define ROL1(x) (((x) << 1) + ((x) >> 31)) | ||
349 | /* rotation left shift 1byte */ | ||
350 | #define ROL8(x) (((x) << 8) + ((x) >> 24)) | ||
351 | |||
352 | #define ROLDQ(ll, lr, rl, rr, w0, w1, bits) \ | 340 | #define ROLDQ(ll, lr, rl, rr, w0, w1, bits) \ |
353 | do { \ | 341 | do { \ |
354 | w0 = ll; \ | 342 | w0 = ll; \ |
@@ -383,7 +371,7 @@ static const u32 camellia_sp4404[256] = { | |||
383 | ^ camellia_sp3033[(u8)(il >> 8)] \ | 371 | ^ camellia_sp3033[(u8)(il >> 8)] \ |
384 | ^ camellia_sp4404[(u8)(il )]; \ | 372 | ^ camellia_sp4404[(u8)(il )]; \ |
385 | yl ^= yr; \ | 373 | yl ^= yr; \ |
386 | yr = ROR8(yr); \ | 374 | yr = ror32(yr, 8); \ |
387 | yr ^= yl; \ | 375 | yr ^= yl; \ |
388 | } while(0) | 376 | } while(0) |
389 | 377 | ||
@@ -405,7 +393,7 @@ static void camellia_setup_tail(u32 *subkey, u32 *subL, u32 *subR, int max) | |||
405 | subL[7] ^= subL[1]; subR[7] ^= subR[1]; | 393 | subL[7] ^= subL[1]; subR[7] ^= subR[1]; |
406 | subL[1] ^= subR[1] & ~subR[9]; | 394 | subL[1] ^= subR[1] & ~subR[9]; |
407 | dw = subL[1] & subL[9], | 395 | dw = subL[1] & subL[9], |
408 | subR[1] ^= ROL1(dw); /* modified for FLinv(kl2) */ | 396 | subR[1] ^= rol32(dw, 1); /* modified for FLinv(kl2) */ |
409 | /* round 8 */ | 397 | /* round 8 */ |
410 | subL[11] ^= subL[1]; subR[11] ^= subR[1]; | 398 | subL[11] ^= subL[1]; subR[11] ^= subR[1]; |
411 | /* round 10 */ | 399 | /* round 10 */ |
@@ -414,7 +402,7 @@ static void camellia_setup_tail(u32 *subkey, u32 *subL, u32 *subR, int max) | |||
414 | subL[15] ^= subL[1]; subR[15] ^= subR[1]; | 402 | subL[15] ^= subL[1]; subR[15] ^= subR[1]; |
415 | subL[1] ^= subR[1] & ~subR[17]; | 403 | subL[1] ^= subR[1] & ~subR[17]; |
416 | dw = subL[1] & subL[17], | 404 | dw = subL[1] & subL[17], |
417 | subR[1] ^= ROL1(dw); /* modified for FLinv(kl4) */ | 405 | subR[1] ^= rol32(dw, 1); /* modified for FLinv(kl4) */ |
418 | /* round 14 */ | 406 | /* round 14 */ |
419 | subL[19] ^= subL[1]; subR[19] ^= subR[1]; | 407 | subL[19] ^= subL[1]; subR[19] ^= subR[1]; |
420 | /* round 16 */ | 408 | /* round 16 */ |
@@ -430,7 +418,7 @@ static void camellia_setup_tail(u32 *subkey, u32 *subL, u32 *subR, int max) | |||
430 | } else { | 418 | } else { |
431 | subL[1] ^= subR[1] & ~subR[25]; | 419 | subL[1] ^= subR[1] & ~subR[25]; |
432 | dw = subL[1] & subL[25], | 420 | dw = subL[1] & subL[25], |
433 | subR[1] ^= ROL1(dw); /* modified for FLinv(kl6) */ | 421 | subR[1] ^= rol32(dw, 1); /* modified for FLinv(kl6) */ |
434 | /* round 20 */ | 422 | /* round 20 */ |
435 | subL[27] ^= subL[1]; subR[27] ^= subR[1]; | 423 | subL[27] ^= subL[1]; subR[27] ^= subR[1]; |
436 | /* round 22 */ | 424 | /* round 22 */ |
@@ -450,7 +438,7 @@ static void camellia_setup_tail(u32 *subkey, u32 *subL, u32 *subR, int max) | |||
450 | subL[26] ^= kw4l; subR[26] ^= kw4r; | 438 | subL[26] ^= kw4l; subR[26] ^= kw4r; |
451 | kw4l ^= kw4r & ~subR[24]; | 439 | kw4l ^= kw4r & ~subR[24]; |
452 | dw = kw4l & subL[24], | 440 | dw = kw4l & subL[24], |
453 | kw4r ^= ROL1(dw); /* modified for FL(kl5) */ | 441 | kw4r ^= rol32(dw, 1); /* modified for FL(kl5) */ |
454 | } | 442 | } |
455 | /* round 17 */ | 443 | /* round 17 */ |
456 | subL[22] ^= kw4l; subR[22] ^= kw4r; | 444 | subL[22] ^= kw4l; subR[22] ^= kw4r; |
@@ -460,7 +448,7 @@ static void camellia_setup_tail(u32 *subkey, u32 *subL, u32 *subR, int max) | |||
460 | subL[18] ^= kw4l; subR[18] ^= kw4r; | 448 | subL[18] ^= kw4l; subR[18] ^= kw4r; |
461 | kw4l ^= kw4r & ~subR[16]; | 449 | kw4l ^= kw4r & ~subR[16]; |
462 | dw = kw4l & subL[16], | 450 | dw = kw4l & subL[16], |
463 | kw4r ^= ROL1(dw); /* modified for FL(kl3) */ | 451 | kw4r ^= rol32(dw, 1); /* modified for FL(kl3) */ |
464 | /* round 11 */ | 452 | /* round 11 */ |
465 | subL[14] ^= kw4l; subR[14] ^= kw4r; | 453 | subL[14] ^= kw4l; subR[14] ^= kw4r; |
466 | /* round 9 */ | 454 | /* round 9 */ |
@@ -469,7 +457,7 @@ static void camellia_setup_tail(u32 *subkey, u32 *subL, u32 *subR, int max) | |||
469 | subL[10] ^= kw4l; subR[10] ^= kw4r; | 457 | subL[10] ^= kw4l; subR[10] ^= kw4r; |
470 | kw4l ^= kw4r & ~subR[8]; | 458 | kw4l ^= kw4r & ~subR[8]; |
471 | dw = kw4l & subL[8], | 459 | dw = kw4l & subL[8], |
472 | kw4r ^= ROL1(dw); /* modified for FL(kl1) */ | 460 | kw4r ^= rol32(dw, 1); /* modified for FL(kl1) */ |
473 | /* round 5 */ | 461 | /* round 5 */ |
474 | subL[6] ^= kw4l; subR[6] ^= kw4r; | 462 | subL[6] ^= kw4l; subR[6] ^= kw4r; |
475 | /* round 3 */ | 463 | /* round 3 */ |
@@ -494,7 +482,7 @@ static void camellia_setup_tail(u32 *subkey, u32 *subL, u32 *subR, int max) | |||
494 | SUBKEY_R(6) = subR[5] ^ subR[7]; | 482 | SUBKEY_R(6) = subR[5] ^ subR[7]; |
495 | tl = subL[10] ^ (subR[10] & ~subR[8]); | 483 | tl = subL[10] ^ (subR[10] & ~subR[8]); |
496 | dw = tl & subL[8], /* FL(kl1) */ | 484 | dw = tl & subL[8], /* FL(kl1) */ |
497 | tr = subR[10] ^ ROL1(dw); | 485 | tr = subR[10] ^ rol32(dw, 1); |
498 | SUBKEY_L(7) = subL[6] ^ tl; /* round 6 */ | 486 | SUBKEY_L(7) = subL[6] ^ tl; /* round 6 */ |
499 | SUBKEY_R(7) = subR[6] ^ tr; | 487 | SUBKEY_R(7) = subR[6] ^ tr; |
500 | SUBKEY_L(8) = subL[8]; /* FL(kl1) */ | 488 | SUBKEY_L(8) = subL[8]; /* FL(kl1) */ |
@@ -503,7 +491,7 @@ static void camellia_setup_tail(u32 *subkey, u32 *subL, u32 *subR, int max) | |||
503 | SUBKEY_R(9) = subR[9]; | 491 | SUBKEY_R(9) = subR[9]; |
504 | tl = subL[7] ^ (subR[7] & ~subR[9]); | 492 | tl = subL[7] ^ (subR[7] & ~subR[9]); |
505 | dw = tl & subL[9], /* FLinv(kl2) */ | 493 | dw = tl & subL[9], /* FLinv(kl2) */ |
506 | tr = subR[7] ^ ROL1(dw); | 494 | tr = subR[7] ^ rol32(dw, 1); |
507 | SUBKEY_L(10) = tl ^ subL[11]; /* round 7 */ | 495 | SUBKEY_L(10) = tl ^ subL[11]; /* round 7 */ |
508 | SUBKEY_R(10) = tr ^ subR[11]; | 496 | SUBKEY_R(10) = tr ^ subR[11]; |
509 | SUBKEY_L(11) = subL[10] ^ subL[12]; /* round 8 */ | 497 | SUBKEY_L(11) = subL[10] ^ subL[12]; /* round 8 */ |
@@ -516,7 +504,7 @@ static void camellia_setup_tail(u32 *subkey, u32 *subL, u32 *subR, int max) | |||
516 | SUBKEY_R(14) = subR[13] ^ subR[15]; | 504 | SUBKEY_R(14) = subR[13] ^ subR[15]; |
517 | tl = subL[18] ^ (subR[18] & ~subR[16]); | 505 | tl = subL[18] ^ (subR[18] & ~subR[16]); |
518 | dw = tl & subL[16], /* FL(kl3) */ | 506 | dw = tl & subL[16], /* FL(kl3) */ |
519 | tr = subR[18] ^ ROL1(dw); | 507 | tr = subR[18] ^ rol32(dw, 1); |
520 | SUBKEY_L(15) = subL[14] ^ tl; /* round 12 */ | 508 | SUBKEY_L(15) = subL[14] ^ tl; /* round 12 */ |
521 | SUBKEY_R(15) = subR[14] ^ tr; | 509 | SUBKEY_R(15) = subR[14] ^ tr; |
522 | SUBKEY_L(16) = subL[16]; /* FL(kl3) */ | 510 | SUBKEY_L(16) = subL[16]; /* FL(kl3) */ |
@@ -525,7 +513,7 @@ static void camellia_setup_tail(u32 *subkey, u32 *subL, u32 *subR, int max) | |||
525 | SUBKEY_R(17) = subR[17]; | 513 | SUBKEY_R(17) = subR[17]; |
526 | tl = subL[15] ^ (subR[15] & ~subR[17]); | 514 | tl = subL[15] ^ (subR[15] & ~subR[17]); |
527 | dw = tl & subL[17], /* FLinv(kl4) */ | 515 | dw = tl & subL[17], /* FLinv(kl4) */ |
528 | tr = subR[15] ^ ROL1(dw); | 516 | tr = subR[15] ^ rol32(dw, 1); |
529 | SUBKEY_L(18) = tl ^ subL[19]; /* round 13 */ | 517 | SUBKEY_L(18) = tl ^ subL[19]; /* round 13 */ |
530 | SUBKEY_R(18) = tr ^ subR[19]; | 518 | SUBKEY_R(18) = tr ^ subR[19]; |
531 | SUBKEY_L(19) = subL[18] ^ subL[20]; /* round 14 */ | 519 | SUBKEY_L(19) = subL[18] ^ subL[20]; /* round 14 */ |
@@ -544,7 +532,7 @@ static void camellia_setup_tail(u32 *subkey, u32 *subL, u32 *subR, int max) | |||
544 | } else { | 532 | } else { |
545 | tl = subL[26] ^ (subR[26] & ~subR[24]); | 533 | tl = subL[26] ^ (subR[26] & ~subR[24]); |
546 | dw = tl & subL[24], /* FL(kl5) */ | 534 | dw = tl & subL[24], /* FL(kl5) */ |
547 | tr = subR[26] ^ ROL1(dw); | 535 | tr = subR[26] ^ rol32(dw, 1); |
548 | SUBKEY_L(23) = subL[22] ^ tl; /* round 18 */ | 536 | SUBKEY_L(23) = subL[22] ^ tl; /* round 18 */ |
549 | SUBKEY_R(23) = subR[22] ^ tr; | 537 | SUBKEY_R(23) = subR[22] ^ tr; |
550 | SUBKEY_L(24) = subL[24]; /* FL(kl5) */ | 538 | SUBKEY_L(24) = subL[24]; /* FL(kl5) */ |
@@ -553,7 +541,7 @@ static void camellia_setup_tail(u32 *subkey, u32 *subL, u32 *subR, int max) | |||
553 | SUBKEY_R(25) = subR[25]; | 541 | SUBKEY_R(25) = subR[25]; |
554 | tl = subL[23] ^ (subR[23] & ~subR[25]); | 542 | tl = subL[23] ^ (subR[23] & ~subR[25]); |
555 | dw = tl & subL[25], /* FLinv(kl6) */ | 543 | dw = tl & subL[25], /* FLinv(kl6) */ |
556 | tr = subR[23] ^ ROL1(dw); | 544 | tr = subR[23] ^ rol32(dw, 1); |
557 | SUBKEY_L(26) = tl ^ subL[27]; /* round 19 */ | 545 | SUBKEY_L(26) = tl ^ subL[27]; /* round 19 */ |
558 | SUBKEY_R(26) = tr ^ subR[27]; | 546 | SUBKEY_R(26) = tr ^ subR[27]; |
559 | SUBKEY_L(27) = subL[26] ^ subL[28]; /* round 20 */ | 547 | SUBKEY_L(27) = subL[26] ^ subL[28]; /* round 20 */ |
@@ -573,17 +561,17 @@ static void camellia_setup_tail(u32 *subkey, u32 *subL, u32 *subR, int max) | |||
573 | /* apply the inverse of the last half of P-function */ | 561 | /* apply the inverse of the last half of P-function */ |
574 | i = 2; | 562 | i = 2; |
575 | do { | 563 | do { |
576 | dw = SUBKEY_L(i + 0) ^ SUBKEY_R(i + 0); dw = ROL8(dw);/* round 1 */ | 564 | dw = SUBKEY_L(i + 0) ^ SUBKEY_R(i + 0); dw = rol32(dw, 8);/* round 1 */ |
577 | SUBKEY_R(i + 0) = SUBKEY_L(i + 0) ^ dw; SUBKEY_L(i + 0) = dw; | 565 | SUBKEY_R(i + 0) = SUBKEY_L(i + 0) ^ dw; SUBKEY_L(i + 0) = dw; |
578 | dw = SUBKEY_L(i + 1) ^ SUBKEY_R(i + 1); dw = ROL8(dw);/* round 2 */ | 566 | dw = SUBKEY_L(i + 1) ^ SUBKEY_R(i + 1); dw = rol32(dw, 8);/* round 2 */ |
579 | SUBKEY_R(i + 1) = SUBKEY_L(i + 1) ^ dw; SUBKEY_L(i + 1) = dw; | 567 | SUBKEY_R(i + 1) = SUBKEY_L(i + 1) ^ dw; SUBKEY_L(i + 1) = dw; |
580 | dw = SUBKEY_L(i + 2) ^ SUBKEY_R(i + 2); dw = ROL8(dw);/* round 3 */ | 568 | dw = SUBKEY_L(i + 2) ^ SUBKEY_R(i + 2); dw = rol32(dw, 8);/* round 3 */ |
581 | SUBKEY_R(i + 2) = SUBKEY_L(i + 2) ^ dw; SUBKEY_L(i + 2) = dw; | 569 | SUBKEY_R(i + 2) = SUBKEY_L(i + 2) ^ dw; SUBKEY_L(i + 2) = dw; |
582 | dw = SUBKEY_L(i + 3) ^ SUBKEY_R(i + 3); dw = ROL8(dw);/* round 4 */ | 570 | dw = SUBKEY_L(i + 3) ^ SUBKEY_R(i + 3); dw = rol32(dw, 8);/* round 4 */ |
583 | SUBKEY_R(i + 3) = SUBKEY_L(i + 3) ^ dw; SUBKEY_L(i + 3) = dw; | 571 | SUBKEY_R(i + 3) = SUBKEY_L(i + 3) ^ dw; SUBKEY_L(i + 3) = dw; |
584 | dw = SUBKEY_L(i + 4) ^ SUBKEY_R(i + 4); dw = ROL8(dw);/* round 5 */ | 572 | dw = SUBKEY_L(i + 4) ^ SUBKEY_R(i + 4); dw = rol32(dw, 9);/* round 5 */ |
585 | SUBKEY_R(i + 4) = SUBKEY_L(i + 4) ^ dw; SUBKEY_L(i + 4) = dw; | 573 | SUBKEY_R(i + 4) = SUBKEY_L(i + 4) ^ dw; SUBKEY_L(i + 4) = dw; |
586 | dw = SUBKEY_L(i + 5) ^ SUBKEY_R(i + 5); dw = ROL8(dw);/* round 6 */ | 574 | dw = SUBKEY_L(i + 5) ^ SUBKEY_R(i + 5); dw = rol32(dw, 8);/* round 6 */ |
587 | SUBKEY_R(i + 5) = SUBKEY_L(i + 5) ^ dw; SUBKEY_L(i + 5) = dw; | 575 | SUBKEY_R(i + 5) = SUBKEY_L(i + 5) ^ dw; SUBKEY_L(i + 5) = dw; |
588 | i += 8; | 576 | i += 8; |
589 | } while (i < max); | 577 | } while (i < max); |
@@ -599,10 +587,10 @@ static void camellia_setup128(const unsigned char *key, u32 *subkey) | |||
599 | /** | 587 | /** |
600 | * k == kll || klr || krl || krr (|| is concatenation) | 588 | * k == kll || klr || krl || krr (|| is concatenation) |
601 | */ | 589 | */ |
602 | GETU32(kll, key ); | 590 | kll = get_unaligned_be32(key); |
603 | GETU32(klr, key + 4); | 591 | klr = get_unaligned_be32(key + 4); |
604 | GETU32(krl, key + 8); | 592 | krl = get_unaligned_be32(key + 8); |
605 | GETU32(krr, key + 12); | 593 | krr = get_unaligned_be32(key + 12); |
606 | 594 | ||
607 | /* generate KL dependent subkeys */ | 595 | /* generate KL dependent subkeys */ |
608 | /* kw1 */ | 596 | /* kw1 */ |
@@ -707,14 +695,14 @@ static void camellia_setup256(const unsigned char *key, u32 *subkey) | |||
707 | * key = (kll || klr || krl || krr || krll || krlr || krrl || krrr) | 695 | * key = (kll || klr || krl || krr || krll || krlr || krrl || krrr) |
708 | * (|| is concatenation) | 696 | * (|| is concatenation) |
709 | */ | 697 | */ |
710 | GETU32(kll, key ); | 698 | kll = get_unaligned_be32(key); |
711 | GETU32(klr, key + 4); | 699 | klr = get_unaligned_be32(key + 4); |
712 | GETU32(krl, key + 8); | 700 | krl = get_unaligned_be32(key + 8); |
713 | GETU32(krr, key + 12); | 701 | krr = get_unaligned_be32(key + 12); |
714 | GETU32(krll, key + 16); | 702 | krll = get_unaligned_be32(key + 16); |
715 | GETU32(krlr, key + 20); | 703 | krlr = get_unaligned_be32(key + 20); |
716 | GETU32(krrl, key + 24); | 704 | krrl = get_unaligned_be32(key + 24); |
717 | GETU32(krrr, key + 28); | 705 | krrr = get_unaligned_be32(key + 28); |
718 | 706 | ||
719 | /* generate KL dependent subkeys */ | 707 | /* generate KL dependent subkeys */ |
720 | /* kw1 */ | 708 | /* kw1 */ |
@@ -870,13 +858,13 @@ static void camellia_setup192(const unsigned char *key, u32 *subkey) | |||
870 | t0 &= ll; \ | 858 | t0 &= ll; \ |
871 | t2 |= rr; \ | 859 | t2 |= rr; \ |
872 | rl ^= t2; \ | 860 | rl ^= t2; \ |
873 | lr ^= ROL1(t0); \ | 861 | lr ^= rol32(t0, 1); \ |
874 | t3 = krl; \ | 862 | t3 = krl; \ |
875 | t1 = klr; \ | 863 | t1 = klr; \ |
876 | t3 &= rl; \ | 864 | t3 &= rl; \ |
877 | t1 |= lr; \ | 865 | t1 |= lr; \ |
878 | ll ^= t1; \ | 866 | ll ^= t1; \ |
879 | rr ^= ROL1(t3); \ | 867 | rr ^= rol32(t3, 1); \ |
880 | } while(0) | 868 | } while(0) |
881 | 869 | ||
882 | #define CAMELLIA_ROUNDSM(xl, xr, kl, kr, yl, yr, il, ir) \ | 870 | #define CAMELLIA_ROUNDSM(xl, xr, kl, kr, yl, yr, il, ir) \ |
@@ -892,7 +880,7 @@ static void camellia_setup192(const unsigned char *key, u32 *subkey) | |||
892 | il ^= kl; \ | 880 | il ^= kl; \ |
893 | ir ^= il ^ kr; \ | 881 | ir ^= il ^ kr; \ |
894 | yl ^= ir; \ | 882 | yl ^= ir; \ |
895 | yr ^= ROR8(il) ^ ir; \ | 883 | yr ^= ror32(il, 8) ^ ir; \ |
896 | } while(0) | 884 | } while(0) |
897 | 885 | ||
898 | /* max = 24: 128bit encrypt, max = 32: 256bit encrypt */ | 886 | /* max = 24: 128bit encrypt, max = 32: 256bit encrypt */ |
diff --git a/crypto/chainiv.c b/crypto/chainiv.c index 6da3f577e4db..9affadee3287 100644 --- a/crypto/chainiv.c +++ b/crypto/chainiv.c | |||
@@ -117,6 +117,7 @@ static int chainiv_init(struct crypto_tfm *tfm) | |||
117 | static int async_chainiv_schedule_work(struct async_chainiv_ctx *ctx) | 117 | static int async_chainiv_schedule_work(struct async_chainiv_ctx *ctx) |
118 | { | 118 | { |
119 | int queued; | 119 | int queued; |
120 | int err = ctx->err; | ||
120 | 121 | ||
121 | if (!ctx->queue.qlen) { | 122 | if (!ctx->queue.qlen) { |
122 | smp_mb__before_clear_bit(); | 123 | smp_mb__before_clear_bit(); |
@@ -131,7 +132,7 @@ static int async_chainiv_schedule_work(struct async_chainiv_ctx *ctx) | |||
131 | BUG_ON(!queued); | 132 | BUG_ON(!queued); |
132 | 133 | ||
133 | out: | 134 | out: |
134 | return ctx->err; | 135 | return err; |
135 | } | 136 | } |
136 | 137 | ||
137 | static int async_chainiv_postpone_request(struct skcipher_givcrypt_request *req) | 138 | static int async_chainiv_postpone_request(struct skcipher_givcrypt_request *req) |
@@ -227,6 +228,7 @@ static void async_chainiv_do_postponed(struct work_struct *work) | |||
227 | postponed); | 228 | postponed); |
228 | struct skcipher_givcrypt_request *req; | 229 | struct skcipher_givcrypt_request *req; |
229 | struct ablkcipher_request *subreq; | 230 | struct ablkcipher_request *subreq; |
231 | int err; | ||
230 | 232 | ||
231 | /* Only handle one request at a time to avoid hogging keventd. */ | 233 | /* Only handle one request at a time to avoid hogging keventd. */ |
232 | spin_lock_bh(&ctx->lock); | 234 | spin_lock_bh(&ctx->lock); |
@@ -241,7 +243,11 @@ static void async_chainiv_do_postponed(struct work_struct *work) | |||
241 | subreq = skcipher_givcrypt_reqctx(req); | 243 | subreq = skcipher_givcrypt_reqctx(req); |
242 | subreq->base.flags |= CRYPTO_TFM_REQ_MAY_SLEEP; | 244 | subreq->base.flags |= CRYPTO_TFM_REQ_MAY_SLEEP; |
243 | 245 | ||
244 | async_chainiv_givencrypt_tail(req); | 246 | err = async_chainiv_givencrypt_tail(req); |
247 | |||
248 | local_bh_disable(); | ||
249 | skcipher_givcrypt_complete(req, err); | ||
250 | local_bh_enable(); | ||
245 | } | 251 | } |
246 | 252 | ||
247 | static int async_chainiv_init(struct crypto_tfm *tfm) | 253 | static int async_chainiv_init(struct crypto_tfm *tfm) |
diff --git a/crypto/crc32c.c b/crypto/crc32c.c index 0dcf64a74e68..a882d9e4e63e 100644 --- a/crypto/crc32c.c +++ b/crypto/crc32c.c | |||
@@ -5,20 +5,23 @@ | |||
5 | * | 5 | * |
6 | * This module file is a wrapper to invoke the lib/crc32c routines. | 6 | * This module file is a wrapper to invoke the lib/crc32c routines. |
7 | * | 7 | * |
8 | * Copyright (c) 2008 Herbert Xu <herbert@gondor.apana.org.au> | ||
9 | * | ||
8 | * This program is free software; you can redistribute it and/or modify it | 10 | * This program is free software; you can redistribute it and/or modify it |
9 | * under the terms of the GNU General Public License as published by the Free | 11 | * under the terms of the GNU General Public License as published by the Free |
10 | * Software Foundation; either version 2 of the License, or (at your option) | 12 | * Software Foundation; either version 2 of the License, or (at your option) |
11 | * any later version. | 13 | * any later version. |
12 | * | 14 | * |
13 | */ | 15 | */ |
16 | |||
17 | #include <crypto/internal/hash.h> | ||
14 | #include <linux/init.h> | 18 | #include <linux/init.h> |
15 | #include <linux/module.h> | 19 | #include <linux/module.h> |
16 | #include <linux/string.h> | 20 | #include <linux/string.h> |
17 | #include <linux/crypto.h> | ||
18 | #include <linux/crc32c.h> | 21 | #include <linux/crc32c.h> |
19 | #include <linux/kernel.h> | 22 | #include <linux/kernel.h> |
20 | 23 | ||
21 | #define CHKSUM_BLOCK_SIZE 32 | 24 | #define CHKSUM_BLOCK_SIZE 1 |
22 | #define CHKSUM_DIGEST_SIZE 4 | 25 | #define CHKSUM_DIGEST_SIZE 4 |
23 | 26 | ||
24 | struct chksum_ctx { | 27 | struct chksum_ctx { |
@@ -71,7 +74,7 @@ static void chksum_final(struct crypto_tfm *tfm, u8 *out) | |||
71 | *(__le32 *)out = ~cpu_to_le32(mctx->crc); | 74 | *(__le32 *)out = ~cpu_to_le32(mctx->crc); |
72 | } | 75 | } |
73 | 76 | ||
74 | static int crc32c_cra_init(struct crypto_tfm *tfm) | 77 | static int crc32c_cra_init_old(struct crypto_tfm *tfm) |
75 | { | 78 | { |
76 | struct chksum_ctx *mctx = crypto_tfm_ctx(tfm); | 79 | struct chksum_ctx *mctx = crypto_tfm_ctx(tfm); |
77 | 80 | ||
@@ -79,14 +82,14 @@ static int crc32c_cra_init(struct crypto_tfm *tfm) | |||
79 | return 0; | 82 | return 0; |
80 | } | 83 | } |
81 | 84 | ||
82 | static struct crypto_alg alg = { | 85 | static struct crypto_alg old_alg = { |
83 | .cra_name = "crc32c", | 86 | .cra_name = "crc32c", |
84 | .cra_flags = CRYPTO_ALG_TYPE_DIGEST, | 87 | .cra_flags = CRYPTO_ALG_TYPE_DIGEST, |
85 | .cra_blocksize = CHKSUM_BLOCK_SIZE, | 88 | .cra_blocksize = CHKSUM_BLOCK_SIZE, |
86 | .cra_ctxsize = sizeof(struct chksum_ctx), | 89 | .cra_ctxsize = sizeof(struct chksum_ctx), |
87 | .cra_module = THIS_MODULE, | 90 | .cra_module = THIS_MODULE, |
88 | .cra_list = LIST_HEAD_INIT(alg.cra_list), | 91 | .cra_list = LIST_HEAD_INIT(old_alg.cra_list), |
89 | .cra_init = crc32c_cra_init, | 92 | .cra_init = crc32c_cra_init_old, |
90 | .cra_u = { | 93 | .cra_u = { |
91 | .digest = { | 94 | .digest = { |
92 | .dia_digestsize= CHKSUM_DIGEST_SIZE, | 95 | .dia_digestsize= CHKSUM_DIGEST_SIZE, |
@@ -98,14 +101,125 @@ static struct crypto_alg alg = { | |||
98 | } | 101 | } |
99 | }; | 102 | }; |
100 | 103 | ||
104 | /* | ||
105 | * Setting the seed allows arbitrary accumulators and flexible XOR policy | ||
106 | * If your algorithm starts with ~0, then XOR with ~0 before you set | ||
107 | * the seed. | ||
108 | */ | ||
109 | static int crc32c_setkey(struct crypto_ahash *hash, const u8 *key, | ||
110 | unsigned int keylen) | ||
111 | { | ||
112 | u32 *mctx = crypto_ahash_ctx(hash); | ||
113 | |||
114 | if (keylen != sizeof(u32)) { | ||
115 | crypto_ahash_set_flags(hash, CRYPTO_TFM_RES_BAD_KEY_LEN); | ||
116 | return -EINVAL; | ||
117 | } | ||
118 | *mctx = le32_to_cpup((__le32 *)key); | ||
119 | return 0; | ||
120 | } | ||
121 | |||
122 | static int crc32c_init(struct ahash_request *req) | ||
123 | { | ||
124 | u32 *mctx = crypto_ahash_ctx(crypto_ahash_reqtfm(req)); | ||
125 | u32 *crcp = ahash_request_ctx(req); | ||
126 | |||
127 | *crcp = *mctx; | ||
128 | return 0; | ||
129 | } | ||
130 | |||
131 | static int crc32c_update(struct ahash_request *req) | ||
132 | { | ||
133 | struct crypto_hash_walk walk; | ||
134 | u32 *crcp = ahash_request_ctx(req); | ||
135 | u32 crc = *crcp; | ||
136 | int nbytes; | ||
137 | |||
138 | for (nbytes = crypto_hash_walk_first(req, &walk); nbytes; | ||
139 | nbytes = crypto_hash_walk_done(&walk, 0)) | ||
140 | crc = crc32c(crc, walk.data, nbytes); | ||
141 | |||
142 | *crcp = crc; | ||
143 | return 0; | ||
144 | } | ||
145 | |||
146 | static int crc32c_final(struct ahash_request *req) | ||
147 | { | ||
148 | u32 *crcp = ahash_request_ctx(req); | ||
149 | |||
150 | *(__le32 *)req->result = ~cpu_to_le32p(crcp); | ||
151 | return 0; | ||
152 | } | ||
153 | |||
154 | static int crc32c_digest(struct ahash_request *req) | ||
155 | { | ||
156 | struct crypto_hash_walk walk; | ||
157 | u32 *mctx = crypto_ahash_ctx(crypto_ahash_reqtfm(req)); | ||
158 | u32 crc = *mctx; | ||
159 | int nbytes; | ||
160 | |||
161 | for (nbytes = crypto_hash_walk_first(req, &walk); nbytes; | ||
162 | nbytes = crypto_hash_walk_done(&walk, 0)) | ||
163 | crc = crc32c(crc, walk.data, nbytes); | ||
164 | |||
165 | *(__le32 *)req->result = ~cpu_to_le32(crc); | ||
166 | return 0; | ||
167 | } | ||
168 | |||
169 | static int crc32c_cra_init(struct crypto_tfm *tfm) | ||
170 | { | ||
171 | u32 *key = crypto_tfm_ctx(tfm); | ||
172 | |||
173 | *key = ~0; | ||
174 | |||
175 | tfm->crt_ahash.reqsize = sizeof(u32); | ||
176 | |||
177 | return 0; | ||
178 | } | ||
179 | |||
180 | static struct crypto_alg alg = { | ||
181 | .cra_name = "crc32c", | ||
182 | .cra_driver_name = "crc32c-generic", | ||
183 | .cra_priority = 100, | ||
184 | .cra_flags = CRYPTO_ALG_TYPE_AHASH, | ||
185 | .cra_blocksize = CHKSUM_BLOCK_SIZE, | ||
186 | .cra_alignmask = 3, | ||
187 | .cra_ctxsize = sizeof(u32), | ||
188 | .cra_module = THIS_MODULE, | ||
189 | .cra_list = LIST_HEAD_INIT(alg.cra_list), | ||
190 | .cra_init = crc32c_cra_init, | ||
191 | .cra_type = &crypto_ahash_type, | ||
192 | .cra_u = { | ||
193 | .ahash = { | ||
194 | .digestsize = CHKSUM_DIGEST_SIZE, | ||
195 | .setkey = crc32c_setkey, | ||
196 | .init = crc32c_init, | ||
197 | .update = crc32c_update, | ||
198 | .final = crc32c_final, | ||
199 | .digest = crc32c_digest, | ||
200 | } | ||
201 | } | ||
202 | }; | ||
203 | |||
101 | static int __init crc32c_mod_init(void) | 204 | static int __init crc32c_mod_init(void) |
102 | { | 205 | { |
103 | return crypto_register_alg(&alg); | 206 | int err; |
207 | |||
208 | err = crypto_register_alg(&old_alg); | ||
209 | if (err) | ||
210 | return err; | ||
211 | |||
212 | err = crypto_register_alg(&alg); | ||
213 | if (err) | ||
214 | crypto_unregister_alg(&old_alg); | ||
215 | |||
216 | return err; | ||
104 | } | 217 | } |
105 | 218 | ||
106 | static void __exit crc32c_mod_fini(void) | 219 | static void __exit crc32c_mod_fini(void) |
107 | { | 220 | { |
108 | crypto_unregister_alg(&alg); | 221 | crypto_unregister_alg(&alg); |
222 | crypto_unregister_alg(&old_alg); | ||
109 | } | 223 | } |
110 | 224 | ||
111 | module_init(crc32c_mod_init); | 225 | module_init(crc32c_mod_init); |
diff --git a/crypto/cryptd.c b/crypto/cryptd.c index b150de562057..d29e06b350ff 100644 --- a/crypto/cryptd.c +++ b/crypto/cryptd.c | |||
@@ -11,6 +11,7 @@ | |||
11 | */ | 11 | */ |
12 | 12 | ||
13 | #include <crypto/algapi.h> | 13 | #include <crypto/algapi.h> |
14 | #include <crypto/internal/hash.h> | ||
14 | #include <linux/err.h> | 15 | #include <linux/err.h> |
15 | #include <linux/init.h> | 16 | #include <linux/init.h> |
16 | #include <linux/kernel.h> | 17 | #include <linux/kernel.h> |
@@ -45,6 +46,13 @@ struct cryptd_blkcipher_request_ctx { | |||
45 | crypto_completion_t complete; | 46 | crypto_completion_t complete; |
46 | }; | 47 | }; |
47 | 48 | ||
49 | struct cryptd_hash_ctx { | ||
50 | struct crypto_hash *child; | ||
51 | }; | ||
52 | |||
53 | struct cryptd_hash_request_ctx { | ||
54 | crypto_completion_t complete; | ||
55 | }; | ||
48 | 56 | ||
49 | static inline struct cryptd_state *cryptd_get_state(struct crypto_tfm *tfm) | 57 | static inline struct cryptd_state *cryptd_get_state(struct crypto_tfm *tfm) |
50 | { | 58 | { |
@@ -82,10 +90,8 @@ static void cryptd_blkcipher_crypt(struct ablkcipher_request *req, | |||
82 | 90 | ||
83 | rctx = ablkcipher_request_ctx(req); | 91 | rctx = ablkcipher_request_ctx(req); |
84 | 92 | ||
85 | if (unlikely(err == -EINPROGRESS)) { | 93 | if (unlikely(err == -EINPROGRESS)) |
86 | rctx->complete(&req->base, err); | 94 | goto out; |
87 | return; | ||
88 | } | ||
89 | 95 | ||
90 | desc.tfm = child; | 96 | desc.tfm = child; |
91 | desc.info = req->info; | 97 | desc.info = req->info; |
@@ -95,8 +101,9 @@ static void cryptd_blkcipher_crypt(struct ablkcipher_request *req, | |||
95 | 101 | ||
96 | req->base.complete = rctx->complete; | 102 | req->base.complete = rctx->complete; |
97 | 103 | ||
104 | out: | ||
98 | local_bh_disable(); | 105 | local_bh_disable(); |
99 | req->base.complete(&req->base, err); | 106 | rctx->complete(&req->base, err); |
100 | local_bh_enable(); | 107 | local_bh_enable(); |
101 | } | 108 | } |
102 | 109 | ||
@@ -261,6 +268,240 @@ out_put_alg: | |||
261 | return inst; | 268 | return inst; |
262 | } | 269 | } |
263 | 270 | ||
271 | static int cryptd_hash_init_tfm(struct crypto_tfm *tfm) | ||
272 | { | ||
273 | struct crypto_instance *inst = crypto_tfm_alg_instance(tfm); | ||
274 | struct cryptd_instance_ctx *ictx = crypto_instance_ctx(inst); | ||
275 | struct crypto_spawn *spawn = &ictx->spawn; | ||
276 | struct cryptd_hash_ctx *ctx = crypto_tfm_ctx(tfm); | ||
277 | struct crypto_hash *cipher; | ||
278 | |||
279 | cipher = crypto_spawn_hash(spawn); | ||
280 | if (IS_ERR(cipher)) | ||
281 | return PTR_ERR(cipher); | ||
282 | |||
283 | ctx->child = cipher; | ||
284 | tfm->crt_ahash.reqsize = | ||
285 | sizeof(struct cryptd_hash_request_ctx); | ||
286 | return 0; | ||
287 | } | ||
288 | |||
289 | static void cryptd_hash_exit_tfm(struct crypto_tfm *tfm) | ||
290 | { | ||
291 | struct cryptd_hash_ctx *ctx = crypto_tfm_ctx(tfm); | ||
292 | struct cryptd_state *state = cryptd_get_state(tfm); | ||
293 | int active; | ||
294 | |||
295 | mutex_lock(&state->mutex); | ||
296 | active = ahash_tfm_in_queue(&state->queue, | ||
297 | __crypto_ahash_cast(tfm)); | ||
298 | mutex_unlock(&state->mutex); | ||
299 | |||
300 | BUG_ON(active); | ||
301 | |||
302 | crypto_free_hash(ctx->child); | ||
303 | } | ||
304 | |||
305 | static int cryptd_hash_setkey(struct crypto_ahash *parent, | ||
306 | const u8 *key, unsigned int keylen) | ||
307 | { | ||
308 | struct cryptd_hash_ctx *ctx = crypto_ahash_ctx(parent); | ||
309 | struct crypto_hash *child = ctx->child; | ||
310 | int err; | ||
311 | |||
312 | crypto_hash_clear_flags(child, CRYPTO_TFM_REQ_MASK); | ||
313 | crypto_hash_set_flags(child, crypto_ahash_get_flags(parent) & | ||
314 | CRYPTO_TFM_REQ_MASK); | ||
315 | err = crypto_hash_setkey(child, key, keylen); | ||
316 | crypto_ahash_set_flags(parent, crypto_hash_get_flags(child) & | ||
317 | CRYPTO_TFM_RES_MASK); | ||
318 | return err; | ||
319 | } | ||
320 | |||
321 | static int cryptd_hash_enqueue(struct ahash_request *req, | ||
322 | crypto_completion_t complete) | ||
323 | { | ||
324 | struct cryptd_hash_request_ctx *rctx = ahash_request_ctx(req); | ||
325 | struct crypto_ahash *tfm = crypto_ahash_reqtfm(req); | ||
326 | struct cryptd_state *state = | ||
327 | cryptd_get_state(crypto_ahash_tfm(tfm)); | ||
328 | int err; | ||
329 | |||
330 | rctx->complete = req->base.complete; | ||
331 | req->base.complete = complete; | ||
332 | |||
333 | spin_lock_bh(&state->lock); | ||
334 | err = ahash_enqueue_request(&state->queue, req); | ||
335 | spin_unlock_bh(&state->lock); | ||
336 | |||
337 | wake_up_process(state->task); | ||
338 | return err; | ||
339 | } | ||
340 | |||
341 | static void cryptd_hash_init(struct crypto_async_request *req_async, int err) | ||
342 | { | ||
343 | struct cryptd_hash_ctx *ctx = crypto_tfm_ctx(req_async->tfm); | ||
344 | struct crypto_hash *child = ctx->child; | ||
345 | struct ahash_request *req = ahash_request_cast(req_async); | ||
346 | struct cryptd_hash_request_ctx *rctx; | ||
347 | struct hash_desc desc; | ||
348 | |||
349 | rctx = ahash_request_ctx(req); | ||
350 | |||
351 | if (unlikely(err == -EINPROGRESS)) | ||
352 | goto out; | ||
353 | |||
354 | desc.tfm = child; | ||
355 | desc.flags = CRYPTO_TFM_REQ_MAY_SLEEP; | ||
356 | |||
357 | err = crypto_hash_crt(child)->init(&desc); | ||
358 | |||
359 | req->base.complete = rctx->complete; | ||
360 | |||
361 | out: | ||
362 | local_bh_disable(); | ||
363 | rctx->complete(&req->base, err); | ||
364 | local_bh_enable(); | ||
365 | } | ||
366 | |||
367 | static int cryptd_hash_init_enqueue(struct ahash_request *req) | ||
368 | { | ||
369 | return cryptd_hash_enqueue(req, cryptd_hash_init); | ||
370 | } | ||
371 | |||
372 | static void cryptd_hash_update(struct crypto_async_request *req_async, int err) | ||
373 | { | ||
374 | struct cryptd_hash_ctx *ctx = crypto_tfm_ctx(req_async->tfm); | ||
375 | struct crypto_hash *child = ctx->child; | ||
376 | struct ahash_request *req = ahash_request_cast(req_async); | ||
377 | struct cryptd_hash_request_ctx *rctx; | ||
378 | struct hash_desc desc; | ||
379 | |||
380 | rctx = ahash_request_ctx(req); | ||
381 | |||
382 | if (unlikely(err == -EINPROGRESS)) | ||
383 | goto out; | ||
384 | |||
385 | desc.tfm = child; | ||
386 | desc.flags = CRYPTO_TFM_REQ_MAY_SLEEP; | ||
387 | |||
388 | err = crypto_hash_crt(child)->update(&desc, | ||
389 | req->src, | ||
390 | req->nbytes); | ||
391 | |||
392 | req->base.complete = rctx->complete; | ||
393 | |||
394 | out: | ||
395 | local_bh_disable(); | ||
396 | rctx->complete(&req->base, err); | ||
397 | local_bh_enable(); | ||
398 | } | ||
399 | |||
400 | static int cryptd_hash_update_enqueue(struct ahash_request *req) | ||
401 | { | ||
402 | return cryptd_hash_enqueue(req, cryptd_hash_update); | ||
403 | } | ||
404 | |||
405 | static void cryptd_hash_final(struct crypto_async_request *req_async, int err) | ||
406 | { | ||
407 | struct cryptd_hash_ctx *ctx = crypto_tfm_ctx(req_async->tfm); | ||
408 | struct crypto_hash *child = ctx->child; | ||
409 | struct ahash_request *req = ahash_request_cast(req_async); | ||
410 | struct cryptd_hash_request_ctx *rctx; | ||
411 | struct hash_desc desc; | ||
412 | |||
413 | rctx = ahash_request_ctx(req); | ||
414 | |||
415 | if (unlikely(err == -EINPROGRESS)) | ||
416 | goto out; | ||
417 | |||
418 | desc.tfm = child; | ||
419 | desc.flags = CRYPTO_TFM_REQ_MAY_SLEEP; | ||
420 | |||
421 | err = crypto_hash_crt(child)->final(&desc, req->result); | ||
422 | |||
423 | req->base.complete = rctx->complete; | ||
424 | |||
425 | out: | ||
426 | local_bh_disable(); | ||
427 | rctx->complete(&req->base, err); | ||
428 | local_bh_enable(); | ||
429 | } | ||
430 | |||
431 | static int cryptd_hash_final_enqueue(struct ahash_request *req) | ||
432 | { | ||
433 | return cryptd_hash_enqueue(req, cryptd_hash_final); | ||
434 | } | ||
435 | |||
436 | static void cryptd_hash_digest(struct crypto_async_request *req_async, int err) | ||
437 | { | ||
438 | struct cryptd_hash_ctx *ctx = crypto_tfm_ctx(req_async->tfm); | ||
439 | struct crypto_hash *child = ctx->child; | ||
440 | struct ahash_request *req = ahash_request_cast(req_async); | ||
441 | struct cryptd_hash_request_ctx *rctx; | ||
442 | struct hash_desc desc; | ||
443 | |||
444 | rctx = ahash_request_ctx(req); | ||
445 | |||
446 | if (unlikely(err == -EINPROGRESS)) | ||
447 | goto out; | ||
448 | |||
449 | desc.tfm = child; | ||
450 | desc.flags = CRYPTO_TFM_REQ_MAY_SLEEP; | ||
451 | |||
452 | err = crypto_hash_crt(child)->digest(&desc, | ||
453 | req->src, | ||
454 | req->nbytes, | ||
455 | req->result); | ||
456 | |||
457 | req->base.complete = rctx->complete; | ||
458 | |||
459 | out: | ||
460 | local_bh_disable(); | ||
461 | rctx->complete(&req->base, err); | ||
462 | local_bh_enable(); | ||
463 | } | ||
464 | |||
465 | static int cryptd_hash_digest_enqueue(struct ahash_request *req) | ||
466 | { | ||
467 | return cryptd_hash_enqueue(req, cryptd_hash_digest); | ||
468 | } | ||
469 | |||
470 | static struct crypto_instance *cryptd_alloc_hash( | ||
471 | struct rtattr **tb, struct cryptd_state *state) | ||
472 | { | ||
473 | struct crypto_instance *inst; | ||
474 | struct crypto_alg *alg; | ||
475 | |||
476 | alg = crypto_get_attr_alg(tb, CRYPTO_ALG_TYPE_HASH, | ||
477 | CRYPTO_ALG_TYPE_HASH_MASK); | ||
478 | if (IS_ERR(alg)) | ||
479 | return ERR_PTR(PTR_ERR(alg)); | ||
480 | |||
481 | inst = cryptd_alloc_instance(alg, state); | ||
482 | if (IS_ERR(inst)) | ||
483 | goto out_put_alg; | ||
484 | |||
485 | inst->alg.cra_flags = CRYPTO_ALG_TYPE_AHASH | CRYPTO_ALG_ASYNC; | ||
486 | inst->alg.cra_type = &crypto_ahash_type; | ||
487 | |||
488 | inst->alg.cra_ahash.digestsize = alg->cra_hash.digestsize; | ||
489 | inst->alg.cra_ctxsize = sizeof(struct cryptd_hash_ctx); | ||
490 | |||
491 | inst->alg.cra_init = cryptd_hash_init_tfm; | ||
492 | inst->alg.cra_exit = cryptd_hash_exit_tfm; | ||
493 | |||
494 | inst->alg.cra_ahash.init = cryptd_hash_init_enqueue; | ||
495 | inst->alg.cra_ahash.update = cryptd_hash_update_enqueue; | ||
496 | inst->alg.cra_ahash.final = cryptd_hash_final_enqueue; | ||
497 | inst->alg.cra_ahash.setkey = cryptd_hash_setkey; | ||
498 | inst->alg.cra_ahash.digest = cryptd_hash_digest_enqueue; | ||
499 | |||
500 | out_put_alg: | ||
501 | crypto_mod_put(alg); | ||
502 | return inst; | ||
503 | } | ||
504 | |||
264 | static struct cryptd_state state; | 505 | static struct cryptd_state state; |
265 | 506 | ||
266 | static struct crypto_instance *cryptd_alloc(struct rtattr **tb) | 507 | static struct crypto_instance *cryptd_alloc(struct rtattr **tb) |
@@ -274,6 +515,8 @@ static struct crypto_instance *cryptd_alloc(struct rtattr **tb) | |||
274 | switch (algt->type & algt->mask & CRYPTO_ALG_TYPE_MASK) { | 515 | switch (algt->type & algt->mask & CRYPTO_ALG_TYPE_MASK) { |
275 | case CRYPTO_ALG_TYPE_BLKCIPHER: | 516 | case CRYPTO_ALG_TYPE_BLKCIPHER: |
276 | return cryptd_alloc_blkcipher(tb, &state); | 517 | return cryptd_alloc_blkcipher(tb, &state); |
518 | case CRYPTO_ALG_TYPE_DIGEST: | ||
519 | return cryptd_alloc_hash(tb, &state); | ||
277 | } | 520 | } |
278 | 521 | ||
279 | return ERR_PTR(-EINVAL); | 522 | return ERR_PTR(-EINVAL); |
diff --git a/crypto/digest.c b/crypto/digest.c index b526cc348b79..ac0919460d14 100644 --- a/crypto/digest.c +++ b/crypto/digest.c | |||
@@ -12,6 +12,7 @@ | |||
12 | * | 12 | * |
13 | */ | 13 | */ |
14 | 14 | ||
15 | #include <crypto/internal/hash.h> | ||
15 | #include <crypto/scatterwalk.h> | 16 | #include <crypto/scatterwalk.h> |
16 | #include <linux/mm.h> | 17 | #include <linux/mm.h> |
17 | #include <linux/errno.h> | 18 | #include <linux/errno.h> |
@@ -141,7 +142,7 @@ int crypto_init_digest_ops(struct crypto_tfm *tfm) | |||
141 | struct hash_tfm *ops = &tfm->crt_hash; | 142 | struct hash_tfm *ops = &tfm->crt_hash; |
142 | struct digest_alg *dalg = &tfm->__crt_alg->cra_digest; | 143 | struct digest_alg *dalg = &tfm->__crt_alg->cra_digest; |
143 | 144 | ||
144 | if (dalg->dia_digestsize > crypto_tfm_alg_blocksize(tfm)) | 145 | if (dalg->dia_digestsize > PAGE_SIZE / 8) |
145 | return -EINVAL; | 146 | return -EINVAL; |
146 | 147 | ||
147 | ops->init = init; | 148 | ops->init = init; |
@@ -157,3 +158,83 @@ int crypto_init_digest_ops(struct crypto_tfm *tfm) | |||
157 | void crypto_exit_digest_ops(struct crypto_tfm *tfm) | 158 | void crypto_exit_digest_ops(struct crypto_tfm *tfm) |
158 | { | 159 | { |
159 | } | 160 | } |
161 | |||
162 | static int digest_async_nosetkey(struct crypto_ahash *tfm_async, const u8 *key, | ||
163 | unsigned int keylen) | ||
164 | { | ||
165 | crypto_ahash_clear_flags(tfm_async, CRYPTO_TFM_RES_MASK); | ||
166 | return -ENOSYS; | ||
167 | } | ||
168 | |||
169 | static int digest_async_setkey(struct crypto_ahash *tfm_async, const u8 *key, | ||
170 | unsigned int keylen) | ||
171 | { | ||
172 | struct crypto_tfm *tfm = crypto_ahash_tfm(tfm_async); | ||
173 | struct digest_alg *dalg = &tfm->__crt_alg->cra_digest; | ||
174 | |||
175 | crypto_ahash_clear_flags(tfm_async, CRYPTO_TFM_RES_MASK); | ||
176 | return dalg->dia_setkey(tfm, key, keylen); | ||
177 | } | ||
178 | |||
179 | static int digest_async_init(struct ahash_request *req) | ||
180 | { | ||
181 | struct crypto_tfm *tfm = req->base.tfm; | ||
182 | struct digest_alg *dalg = &tfm->__crt_alg->cra_digest; | ||
183 | |||
184 | dalg->dia_init(tfm); | ||
185 | return 0; | ||
186 | } | ||
187 | |||
188 | static int digest_async_update(struct ahash_request *req) | ||
189 | { | ||
190 | struct crypto_tfm *tfm = req->base.tfm; | ||
191 | struct hash_desc desc = { | ||
192 | .tfm = __crypto_hash_cast(tfm), | ||
193 | .flags = req->base.flags, | ||
194 | }; | ||
195 | |||
196 | update(&desc, req->src, req->nbytes); | ||
197 | return 0; | ||
198 | } | ||
199 | |||
200 | static int digest_async_final(struct ahash_request *req) | ||
201 | { | ||
202 | struct crypto_tfm *tfm = req->base.tfm; | ||
203 | struct hash_desc desc = { | ||
204 | .tfm = __crypto_hash_cast(tfm), | ||
205 | .flags = req->base.flags, | ||
206 | }; | ||
207 | |||
208 | final(&desc, req->result); | ||
209 | return 0; | ||
210 | } | ||
211 | |||
212 | static int digest_async_digest(struct ahash_request *req) | ||
213 | { | ||
214 | struct crypto_tfm *tfm = req->base.tfm; | ||
215 | struct hash_desc desc = { | ||
216 | .tfm = __crypto_hash_cast(tfm), | ||
217 | .flags = req->base.flags, | ||
218 | }; | ||
219 | |||
220 | return digest(&desc, req->src, req->nbytes, req->result); | ||
221 | } | ||
222 | |||
223 | int crypto_init_digest_ops_async(struct crypto_tfm *tfm) | ||
224 | { | ||
225 | struct ahash_tfm *crt = &tfm->crt_ahash; | ||
226 | struct digest_alg *dalg = &tfm->__crt_alg->cra_digest; | ||
227 | |||
228 | if (dalg->dia_digestsize > crypto_tfm_alg_blocksize(tfm)) | ||
229 | return -EINVAL; | ||
230 | |||
231 | crt->init = digest_async_init; | ||
232 | crt->update = digest_async_update; | ||
233 | crt->final = digest_async_final; | ||
234 | crt->digest = digest_async_digest; | ||
235 | crt->setkey = dalg->dia_setkey ? digest_async_setkey : | ||
236 | digest_async_nosetkey; | ||
237 | crt->digestsize = dalg->dia_digestsize; | ||
238 | |||
239 | return 0; | ||
240 | } | ||
diff --git a/crypto/hash.c b/crypto/hash.c index 7dcff671c19b..cb86b19fd105 100644 --- a/crypto/hash.c +++ b/crypto/hash.c | |||
@@ -9,6 +9,7 @@ | |||
9 | * any later version. | 9 | * any later version. |
10 | */ | 10 | */ |
11 | 11 | ||
12 | #include <crypto/internal/hash.h> | ||
12 | #include <linux/errno.h> | 13 | #include <linux/errno.h> |
13 | #include <linux/kernel.h> | 14 | #include <linux/kernel.h> |
14 | #include <linux/module.h> | 15 | #include <linux/module.h> |
@@ -59,24 +60,107 @@ static int hash_setkey(struct crypto_hash *crt, const u8 *key, | |||
59 | return alg->setkey(crt, key, keylen); | 60 | return alg->setkey(crt, key, keylen); |
60 | } | 61 | } |
61 | 62 | ||
62 | static int crypto_init_hash_ops(struct crypto_tfm *tfm, u32 type, u32 mask) | 63 | static int hash_async_setkey(struct crypto_ahash *tfm_async, const u8 *key, |
64 | unsigned int keylen) | ||
65 | { | ||
66 | struct crypto_tfm *tfm = crypto_ahash_tfm(tfm_async); | ||
67 | struct crypto_hash *tfm_hash = __crypto_hash_cast(tfm); | ||
68 | struct hash_alg *alg = &tfm->__crt_alg->cra_hash; | ||
69 | |||
70 | return alg->setkey(tfm_hash, key, keylen); | ||
71 | } | ||
72 | |||
73 | static int hash_async_init(struct ahash_request *req) | ||
74 | { | ||
75 | struct crypto_tfm *tfm = req->base.tfm; | ||
76 | struct hash_alg *alg = &tfm->__crt_alg->cra_hash; | ||
77 | struct hash_desc desc = { | ||
78 | .tfm = __crypto_hash_cast(tfm), | ||
79 | .flags = req->base.flags, | ||
80 | }; | ||
81 | |||
82 | return alg->init(&desc); | ||
83 | } | ||
84 | |||
85 | static int hash_async_update(struct ahash_request *req) | ||
86 | { | ||
87 | struct crypto_tfm *tfm = req->base.tfm; | ||
88 | struct hash_alg *alg = &tfm->__crt_alg->cra_hash; | ||
89 | struct hash_desc desc = { | ||
90 | .tfm = __crypto_hash_cast(tfm), | ||
91 | .flags = req->base.flags, | ||
92 | }; | ||
93 | |||
94 | return alg->update(&desc, req->src, req->nbytes); | ||
95 | } | ||
96 | |||
97 | static int hash_async_final(struct ahash_request *req) | ||
98 | { | ||
99 | struct crypto_tfm *tfm = req->base.tfm; | ||
100 | struct hash_alg *alg = &tfm->__crt_alg->cra_hash; | ||
101 | struct hash_desc desc = { | ||
102 | .tfm = __crypto_hash_cast(tfm), | ||
103 | .flags = req->base.flags, | ||
104 | }; | ||
105 | |||
106 | return alg->final(&desc, req->result); | ||
107 | } | ||
108 | |||
109 | static int hash_async_digest(struct ahash_request *req) | ||
110 | { | ||
111 | struct crypto_tfm *tfm = req->base.tfm; | ||
112 | struct hash_alg *alg = &tfm->__crt_alg->cra_hash; | ||
113 | struct hash_desc desc = { | ||
114 | .tfm = __crypto_hash_cast(tfm), | ||
115 | .flags = req->base.flags, | ||
116 | }; | ||
117 | |||
118 | return alg->digest(&desc, req->src, req->nbytes, req->result); | ||
119 | } | ||
120 | |||
121 | static int crypto_init_hash_ops_async(struct crypto_tfm *tfm) | ||
122 | { | ||
123 | struct ahash_tfm *crt = &tfm->crt_ahash; | ||
124 | struct hash_alg *alg = &tfm->__crt_alg->cra_hash; | ||
125 | |||
126 | crt->init = hash_async_init; | ||
127 | crt->update = hash_async_update; | ||
128 | crt->final = hash_async_final; | ||
129 | crt->digest = hash_async_digest; | ||
130 | crt->setkey = hash_async_setkey; | ||
131 | crt->digestsize = alg->digestsize; | ||
132 | |||
133 | return 0; | ||
134 | } | ||
135 | |||
136 | static int crypto_init_hash_ops_sync(struct crypto_tfm *tfm) | ||
63 | { | 137 | { |
64 | struct hash_tfm *crt = &tfm->crt_hash; | 138 | struct hash_tfm *crt = &tfm->crt_hash; |
65 | struct hash_alg *alg = &tfm->__crt_alg->cra_hash; | 139 | struct hash_alg *alg = &tfm->__crt_alg->cra_hash; |
66 | 140 | ||
67 | if (alg->digestsize > crypto_tfm_alg_blocksize(tfm)) | 141 | crt->init = alg->init; |
68 | return -EINVAL; | 142 | crt->update = alg->update; |
69 | 143 | crt->final = alg->final; | |
70 | crt->init = alg->init; | 144 | crt->digest = alg->digest; |
71 | crt->update = alg->update; | 145 | crt->setkey = hash_setkey; |
72 | crt->final = alg->final; | ||
73 | crt->digest = alg->digest; | ||
74 | crt->setkey = hash_setkey; | ||
75 | crt->digestsize = alg->digestsize; | 146 | crt->digestsize = alg->digestsize; |
76 | 147 | ||
77 | return 0; | 148 | return 0; |
78 | } | 149 | } |
79 | 150 | ||
151 | static int crypto_init_hash_ops(struct crypto_tfm *tfm, u32 type, u32 mask) | ||
152 | { | ||
153 | struct hash_alg *alg = &tfm->__crt_alg->cra_hash; | ||
154 | |||
155 | if (alg->digestsize > PAGE_SIZE / 8) | ||
156 | return -EINVAL; | ||
157 | |||
158 | if ((mask & CRYPTO_ALG_TYPE_HASH_MASK) != CRYPTO_ALG_TYPE_HASH_MASK) | ||
159 | return crypto_init_hash_ops_async(tfm); | ||
160 | else | ||
161 | return crypto_init_hash_ops_sync(tfm); | ||
162 | } | ||
163 | |||
80 | static void crypto_hash_show(struct seq_file *m, struct crypto_alg *alg) | 164 | static void crypto_hash_show(struct seq_file *m, struct crypto_alg *alg) |
81 | __attribute__ ((unused)); | 165 | __attribute__ ((unused)); |
82 | static void crypto_hash_show(struct seq_file *m, struct crypto_alg *alg) | 166 | static void crypto_hash_show(struct seq_file *m, struct crypto_alg *alg) |
diff --git a/crypto/hmac.c b/crypto/hmac.c index 14c6351e639d..7ff2d6a8c7d0 100644 --- a/crypto/hmac.c +++ b/crypto/hmac.c | |||
@@ -226,6 +226,7 @@ static struct crypto_instance *hmac_alloc(struct rtattr **tb) | |||
226 | struct crypto_instance *inst; | 226 | struct crypto_instance *inst; |
227 | struct crypto_alg *alg; | 227 | struct crypto_alg *alg; |
228 | int err; | 228 | int err; |
229 | int ds; | ||
229 | 230 | ||
230 | err = crypto_check_attr_type(tb, CRYPTO_ALG_TYPE_HASH); | 231 | err = crypto_check_attr_type(tb, CRYPTO_ALG_TYPE_HASH); |
231 | if (err) | 232 | if (err) |
@@ -236,6 +237,13 @@ static struct crypto_instance *hmac_alloc(struct rtattr **tb) | |||
236 | if (IS_ERR(alg)) | 237 | if (IS_ERR(alg)) |
237 | return ERR_CAST(alg); | 238 | return ERR_CAST(alg); |
238 | 239 | ||
240 | inst = ERR_PTR(-EINVAL); | ||
241 | ds = (alg->cra_flags & CRYPTO_ALG_TYPE_MASK) == | ||
242 | CRYPTO_ALG_TYPE_HASH ? alg->cra_hash.digestsize : | ||
243 | alg->cra_digest.dia_digestsize; | ||
244 | if (ds > alg->cra_blocksize) | ||
245 | goto out_put_alg; | ||
246 | |||
239 | inst = crypto_alloc_instance("hmac", alg); | 247 | inst = crypto_alloc_instance("hmac", alg); |
240 | if (IS_ERR(inst)) | 248 | if (IS_ERR(inst)) |
241 | goto out_put_alg; | 249 | goto out_put_alg; |
@@ -246,14 +254,10 @@ static struct crypto_instance *hmac_alloc(struct rtattr **tb) | |||
246 | inst->alg.cra_alignmask = alg->cra_alignmask; | 254 | inst->alg.cra_alignmask = alg->cra_alignmask; |
247 | inst->alg.cra_type = &crypto_hash_type; | 255 | inst->alg.cra_type = &crypto_hash_type; |
248 | 256 | ||
249 | inst->alg.cra_hash.digestsize = | 257 | inst->alg.cra_hash.digestsize = ds; |
250 | (alg->cra_flags & CRYPTO_ALG_TYPE_MASK) == | ||
251 | CRYPTO_ALG_TYPE_HASH ? alg->cra_hash.digestsize : | ||
252 | alg->cra_digest.dia_digestsize; | ||
253 | 258 | ||
254 | inst->alg.cra_ctxsize = sizeof(struct hmac_ctx) + | 259 | inst->alg.cra_ctxsize = sizeof(struct hmac_ctx) + |
255 | ALIGN(inst->alg.cra_blocksize * 2 + | 260 | ALIGN(inst->alg.cra_blocksize * 2 + ds, |
256 | inst->alg.cra_hash.digestsize, | ||
257 | sizeof(void *)); | 261 | sizeof(void *)); |
258 | 262 | ||
259 | inst->alg.cra_init = hmac_init_tfm; | 263 | inst->alg.cra_init = hmac_init_tfm; |
diff --git a/crypto/internal.h b/crypto/internal.h index 32f4c2145603..683fcb2d91f4 100644 --- a/crypto/internal.h +++ b/crypto/internal.h | |||
@@ -86,6 +86,7 @@ struct crypto_alg *__crypto_alg_lookup(const char *name, u32 type, u32 mask); | |||
86 | struct crypto_alg *crypto_alg_mod_lookup(const char *name, u32 type, u32 mask); | 86 | struct crypto_alg *crypto_alg_mod_lookup(const char *name, u32 type, u32 mask); |
87 | 87 | ||
88 | int crypto_init_digest_ops(struct crypto_tfm *tfm); | 88 | int crypto_init_digest_ops(struct crypto_tfm *tfm); |
89 | int crypto_init_digest_ops_async(struct crypto_tfm *tfm); | ||
89 | int crypto_init_cipher_ops(struct crypto_tfm *tfm); | 90 | int crypto_init_cipher_ops(struct crypto_tfm *tfm); |
90 | int crypto_init_compress_ops(struct crypto_tfm *tfm); | 91 | int crypto_init_compress_ops(struct crypto_tfm *tfm); |
91 | 92 | ||
diff --git a/crypto/prng.c b/crypto/prng.c new file mode 100644 index 000000000000..24e4f3282c56 --- /dev/null +++ b/crypto/prng.c | |||
@@ -0,0 +1,410 @@ | |||
1 | /* | ||
2 | * PRNG: Pseudo Random Number Generator | ||
3 | * Based on NIST Recommended PRNG From ANSI X9.31 Appendix A.2.4 using | ||
4 | * AES 128 cipher in RFC3686 ctr mode | ||
5 | * | ||
6 | * (C) Neil Horman <nhorman@tuxdriver.com> | ||
7 | * | ||
8 | * This program is free software; you can redistribute it and/or modify it | ||
9 | * under the terms of the GNU General Public License as published by the | ||
10 | * Free Software Foundation; either version 2 of the License, or (at your | ||
11 | * any later version. | ||
12 | * | ||
13 | * | ||
14 | */ | ||
15 | |||
16 | #include <linux/err.h> | ||
17 | #include <linux/init.h> | ||
18 | #include <linux/module.h> | ||
19 | #include <linux/mm.h> | ||
20 | #include <linux/slab.h> | ||
21 | #include <linux/fs.h> | ||
22 | #include <linux/scatterlist.h> | ||
23 | #include <linux/string.h> | ||
24 | #include <linux/crypto.h> | ||
25 | #include <linux/highmem.h> | ||
26 | #include <linux/moduleparam.h> | ||
27 | #include <linux/jiffies.h> | ||
28 | #include <linux/timex.h> | ||
29 | #include <linux/interrupt.h> | ||
30 | #include <linux/miscdevice.h> | ||
31 | #include "prng.h" | ||
32 | |||
33 | #define TEST_PRNG_ON_START 0 | ||
34 | |||
35 | #define DEFAULT_PRNG_KEY "0123456789abcdef1011" | ||
36 | #define DEFAULT_PRNG_KSZ 20 | ||
37 | #define DEFAULT_PRNG_IV "defaultv" | ||
38 | #define DEFAULT_PRNG_IVSZ 8 | ||
39 | #define DEFAULT_BLK_SZ 16 | ||
40 | #define DEFAULT_V_SEED "zaybxcwdveuftgsh" | ||
41 | |||
42 | /* | ||
43 | * Flags for the prng_context flags field | ||
44 | */ | ||
45 | |||
46 | #define PRNG_FIXED_SIZE 0x1 | ||
47 | #define PRNG_NEED_RESET 0x2 | ||
48 | |||
49 | /* | ||
50 | * Note: DT is our counter value | ||
51 | * I is our intermediate value | ||
52 | * V is our seed vector | ||
53 | * See http://csrc.nist.gov/groups/STM/cavp/documents/rng/931rngext.pdf | ||
54 | * for implementation details | ||
55 | */ | ||
56 | |||
57 | |||
58 | struct prng_context { | ||
59 | char *prng_key; | ||
60 | char *prng_iv; | ||
61 | spinlock_t prng_lock; | ||
62 | unsigned char rand_data[DEFAULT_BLK_SZ]; | ||
63 | unsigned char last_rand_data[DEFAULT_BLK_SZ]; | ||
64 | unsigned char DT[DEFAULT_BLK_SZ]; | ||
65 | unsigned char I[DEFAULT_BLK_SZ]; | ||
66 | unsigned char V[DEFAULT_BLK_SZ]; | ||
67 | u32 rand_data_valid; | ||
68 | struct crypto_blkcipher *tfm; | ||
69 | u32 flags; | ||
70 | }; | ||
71 | |||
72 | static int dbg; | ||
73 | |||
74 | static void hexdump(char *note, unsigned char *buf, unsigned int len) | ||
75 | { | ||
76 | if (dbg) { | ||
77 | printk(KERN_CRIT "%s", note); | ||
78 | print_hex_dump(KERN_CONT, "", DUMP_PREFIX_OFFSET, | ||
79 | 16, 1, | ||
80 | buf, len, false); | ||
81 | } | ||
82 | } | ||
83 | |||
84 | #define dbgprint(format, args...) do {if(dbg) printk(format, ##args);} while(0) | ||
85 | |||
86 | static void xor_vectors(unsigned char *in1, unsigned char *in2, | ||
87 | unsigned char *out, unsigned int size) | ||
88 | { | ||
89 | int i; | ||
90 | |||
91 | for (i=0;i<size;i++) | ||
92 | out[i] = in1[i] ^ in2[i]; | ||
93 | |||
94 | } | ||
95 | /* | ||
96 | * Returns DEFAULT_BLK_SZ bytes of random data per call | ||
97 | * returns 0 if generation succeded, <0 if something went wrong | ||
98 | */ | ||
99 | static int _get_more_prng_bytes(struct prng_context *ctx) | ||
100 | { | ||
101 | int i; | ||
102 | struct blkcipher_desc desc; | ||
103 | struct scatterlist sg_in, sg_out; | ||
104 | int ret; | ||
105 | unsigned char tmp[DEFAULT_BLK_SZ]; | ||
106 | |||
107 | desc.tfm = ctx->tfm; | ||
108 | desc.flags = 0; | ||
109 | |||
110 | |||
111 | dbgprint(KERN_CRIT "Calling _get_more_prng_bytes for context %p\n",ctx); | ||
112 | |||
113 | hexdump("Input DT: ", ctx->DT, DEFAULT_BLK_SZ); | ||
114 | hexdump("Input I: ", ctx->I, DEFAULT_BLK_SZ); | ||
115 | hexdump("Input V: ", ctx->V, DEFAULT_BLK_SZ); | ||
116 | |||
117 | /* | ||
118 | * This algorithm is a 3 stage state machine | ||
119 | */ | ||
120 | for (i=0;i<3;i++) { | ||
121 | |||
122 | desc.tfm = ctx->tfm; | ||
123 | desc.flags = 0; | ||
124 | switch (i) { | ||
125 | case 0: | ||
126 | /* | ||
127 | * Start by encrypting the counter value | ||
128 | * This gives us an intermediate value I | ||
129 | */ | ||
130 | memcpy(tmp, ctx->DT, DEFAULT_BLK_SZ); | ||
131 | sg_init_one(&sg_out, &ctx->I[0], DEFAULT_BLK_SZ); | ||
132 | hexdump("tmp stage 0: ", tmp, DEFAULT_BLK_SZ); | ||
133 | break; | ||
134 | case 1: | ||
135 | |||
136 | /* | ||
137 | * Next xor I with our secret vector V | ||
138 | * encrypt that result to obtain our | ||
139 | * pseudo random data which we output | ||
140 | */ | ||
141 | xor_vectors(ctx->I, ctx->V, tmp, DEFAULT_BLK_SZ); | ||
142 | sg_init_one(&sg_out, &ctx->rand_data[0], DEFAULT_BLK_SZ); | ||
143 | hexdump("tmp stage 1: ", tmp, DEFAULT_BLK_SZ); | ||
144 | break; | ||
145 | case 2: | ||
146 | /* | ||
147 | * First check that we didn't produce the same random data | ||
148 | * that we did last time around through this | ||
149 | */ | ||
150 | if (!memcmp(ctx->rand_data, ctx->last_rand_data, DEFAULT_BLK_SZ)) { | ||
151 | printk(KERN_ERR "ctx %p Failed repetition check!\n", | ||
152 | ctx); | ||
153 | ctx->flags |= PRNG_NEED_RESET; | ||
154 | return -1; | ||
155 | } | ||
156 | memcpy(ctx->last_rand_data, ctx->rand_data, DEFAULT_BLK_SZ); | ||
157 | |||
158 | /* | ||
159 | * Lastly xor the random data with I | ||
160 | * and encrypt that to obtain a new secret vector V | ||
161 | */ | ||
162 | xor_vectors(ctx->rand_data, ctx->I, tmp, DEFAULT_BLK_SZ); | ||
163 | sg_init_one(&sg_out, &ctx->V[0], DEFAULT_BLK_SZ); | ||
164 | hexdump("tmp stage 2: ", tmp, DEFAULT_BLK_SZ); | ||
165 | break; | ||
166 | } | ||
167 | |||
168 | /* Initialize our input buffer */ | ||
169 | sg_init_one(&sg_in, &tmp[0], DEFAULT_BLK_SZ); | ||
170 | |||
171 | /* do the encryption */ | ||
172 | ret = crypto_blkcipher_encrypt(&desc, &sg_out, &sg_in, DEFAULT_BLK_SZ); | ||
173 | |||
174 | /* And check the result */ | ||
175 | if (ret) { | ||
176 | dbgprint(KERN_CRIT "Encryption of new block failed for context %p\n",ctx); | ||
177 | ctx->rand_data_valid = DEFAULT_BLK_SZ; | ||
178 | return -1; | ||
179 | } | ||
180 | |||
181 | } | ||
182 | |||
183 | /* | ||
184 | * Now update our DT value | ||
185 | */ | ||
186 | for (i=DEFAULT_BLK_SZ-1;i>0;i--) { | ||
187 | ctx->DT[i] = ctx->DT[i-1]; | ||
188 | } | ||
189 | ctx->DT[0] += 1; | ||
190 | |||
191 | dbgprint("Returning new block for context %p\n",ctx); | ||
192 | ctx->rand_data_valid = 0; | ||
193 | |||
194 | hexdump("Output DT: ", ctx->DT, DEFAULT_BLK_SZ); | ||
195 | hexdump("Output I: ", ctx->I, DEFAULT_BLK_SZ); | ||
196 | hexdump("Output V: ", ctx->V, DEFAULT_BLK_SZ); | ||
197 | hexdump("New Random Data: ", ctx->rand_data, DEFAULT_BLK_SZ); | ||
198 | |||
199 | return 0; | ||
200 | } | ||
201 | |||
202 | /* Our exported functions */ | ||
203 | int get_prng_bytes(char *buf, int nbytes, struct prng_context *ctx) | ||
204 | { | ||
205 | unsigned long flags; | ||
206 | unsigned char *ptr = buf; | ||
207 | unsigned int byte_count = (unsigned int)nbytes; | ||
208 | int err; | ||
209 | |||
210 | |||
211 | if (nbytes < 0) | ||
212 | return -EINVAL; | ||
213 | |||
214 | spin_lock_irqsave(&ctx->prng_lock, flags); | ||
215 | |||
216 | err = -EFAULT; | ||
217 | if (ctx->flags & PRNG_NEED_RESET) | ||
218 | goto done; | ||
219 | |||
220 | /* | ||
221 | * If the FIXED_SIZE flag is on, only return whole blocks of | ||
222 | * pseudo random data | ||
223 | */ | ||
224 | err = -EINVAL; | ||
225 | if (ctx->flags & PRNG_FIXED_SIZE) { | ||
226 | if (nbytes < DEFAULT_BLK_SZ) | ||
227 | goto done; | ||
228 | byte_count = DEFAULT_BLK_SZ; | ||
229 | } | ||
230 | |||
231 | err = byte_count; | ||
232 | |||
233 | dbgprint(KERN_CRIT "getting %d random bytes for context %p\n",byte_count, ctx); | ||
234 | |||
235 | |||
236 | remainder: | ||
237 | if (ctx->rand_data_valid == DEFAULT_BLK_SZ) { | ||
238 | if (_get_more_prng_bytes(ctx) < 0) { | ||
239 | memset(buf, 0, nbytes); | ||
240 | err = -EFAULT; | ||
241 | goto done; | ||
242 | } | ||
243 | } | ||
244 | |||
245 | /* | ||
246 | * Copy up to the next whole block size | ||
247 | */ | ||
248 | if (byte_count < DEFAULT_BLK_SZ) { | ||
249 | for (;ctx->rand_data_valid < DEFAULT_BLK_SZ; ctx->rand_data_valid++) { | ||
250 | *ptr = ctx->rand_data[ctx->rand_data_valid]; | ||
251 | ptr++; | ||
252 | byte_count--; | ||
253 | if (byte_count == 0) | ||
254 | goto done; | ||
255 | } | ||
256 | } | ||
257 | |||
258 | /* | ||
259 | * Now copy whole blocks | ||
260 | */ | ||
261 | for(;byte_count >= DEFAULT_BLK_SZ; byte_count -= DEFAULT_BLK_SZ) { | ||
262 | if (_get_more_prng_bytes(ctx) < 0) { | ||
263 | memset(buf, 0, nbytes); | ||
264 | err = -1; | ||
265 | goto done; | ||
266 | } | ||
267 | memcpy(ptr, ctx->rand_data, DEFAULT_BLK_SZ); | ||
268 | ctx->rand_data_valid += DEFAULT_BLK_SZ; | ||
269 | ptr += DEFAULT_BLK_SZ; | ||
270 | } | ||
271 | |||
272 | /* | ||
273 | * Now copy any extra partial data | ||
274 | */ | ||
275 | if (byte_count) | ||
276 | goto remainder; | ||
277 | |||
278 | done: | ||
279 | spin_unlock_irqrestore(&ctx->prng_lock, flags); | ||
280 | dbgprint(KERN_CRIT "returning %d from get_prng_bytes in context %p\n",err, ctx); | ||
281 | return err; | ||
282 | } | ||
283 | EXPORT_SYMBOL_GPL(get_prng_bytes); | ||
284 | |||
285 | struct prng_context *alloc_prng_context(void) | ||
286 | { | ||
287 | struct prng_context *ctx=kzalloc(sizeof(struct prng_context), GFP_KERNEL); | ||
288 | |||
289 | spin_lock_init(&ctx->prng_lock); | ||
290 | |||
291 | if (reset_prng_context(ctx, NULL, NULL, NULL, NULL)) { | ||
292 | kfree(ctx); | ||
293 | ctx = NULL; | ||
294 | } | ||
295 | |||
296 | dbgprint(KERN_CRIT "returning context %p\n",ctx); | ||
297 | return ctx; | ||
298 | } | ||
299 | |||
300 | EXPORT_SYMBOL_GPL(alloc_prng_context); | ||
301 | |||
302 | void free_prng_context(struct prng_context *ctx) | ||
303 | { | ||
304 | crypto_free_blkcipher(ctx->tfm); | ||
305 | kfree(ctx); | ||
306 | } | ||
307 | EXPORT_SYMBOL_GPL(free_prng_context); | ||
308 | |||
309 | int reset_prng_context(struct prng_context *ctx, | ||
310 | unsigned char *key, unsigned char *iv, | ||
311 | unsigned char *V, unsigned char *DT) | ||
312 | { | ||
313 | int ret; | ||
314 | int iv_len; | ||
315 | int rc = -EFAULT; | ||
316 | |||
317 | spin_lock(&ctx->prng_lock); | ||
318 | ctx->flags |= PRNG_NEED_RESET; | ||
319 | |||
320 | if (key) | ||
321 | memcpy(ctx->prng_key,key,strlen(ctx->prng_key)); | ||
322 | else | ||
323 | ctx->prng_key = DEFAULT_PRNG_KEY; | ||
324 | |||
325 | if (iv) | ||
326 | memcpy(ctx->prng_iv,iv, strlen(ctx->prng_iv)); | ||
327 | else | ||
328 | ctx->prng_iv = DEFAULT_PRNG_IV; | ||
329 | |||
330 | if (V) | ||
331 | memcpy(ctx->V,V,DEFAULT_BLK_SZ); | ||
332 | else | ||
333 | memcpy(ctx->V,DEFAULT_V_SEED,DEFAULT_BLK_SZ); | ||
334 | |||
335 | if (DT) | ||
336 | memcpy(ctx->DT, DT, DEFAULT_BLK_SZ); | ||
337 | else | ||
338 | memset(ctx->DT, 0, DEFAULT_BLK_SZ); | ||
339 | |||
340 | memset(ctx->rand_data,0,DEFAULT_BLK_SZ); | ||
341 | memset(ctx->last_rand_data,0,DEFAULT_BLK_SZ); | ||
342 | |||
343 | if (ctx->tfm) | ||
344 | crypto_free_blkcipher(ctx->tfm); | ||
345 | |||
346 | ctx->tfm = crypto_alloc_blkcipher("rfc3686(ctr(aes))",0,0); | ||
347 | if (!ctx->tfm) { | ||
348 | dbgprint(KERN_CRIT "Failed to alloc crypto tfm for context %p\n",ctx->tfm); | ||
349 | goto out; | ||
350 | } | ||
351 | |||
352 | ctx->rand_data_valid = DEFAULT_BLK_SZ; | ||
353 | |||
354 | ret = crypto_blkcipher_setkey(ctx->tfm, ctx->prng_key, strlen(ctx->prng_key)); | ||
355 | if (ret) { | ||
356 | dbgprint(KERN_CRIT "PRNG: setkey() failed flags=%x\n", | ||
357 | crypto_blkcipher_get_flags(ctx->tfm)); | ||
358 | crypto_free_blkcipher(ctx->tfm); | ||
359 | goto out; | ||
360 | } | ||
361 | |||
362 | iv_len = crypto_blkcipher_ivsize(ctx->tfm); | ||
363 | if (iv_len) { | ||
364 | crypto_blkcipher_set_iv(ctx->tfm, ctx->prng_iv, iv_len); | ||
365 | } | ||
366 | rc = 0; | ||
367 | ctx->flags &= ~PRNG_NEED_RESET; | ||
368 | out: | ||
369 | spin_unlock(&ctx->prng_lock); | ||
370 | |||
371 | return rc; | ||
372 | |||
373 | } | ||
374 | EXPORT_SYMBOL_GPL(reset_prng_context); | ||
375 | |||
376 | /* Module initalization */ | ||
377 | static int __init prng_mod_init(void) | ||
378 | { | ||
379 | |||
380 | #ifdef TEST_PRNG_ON_START | ||
381 | int i; | ||
382 | unsigned char tmpbuf[DEFAULT_BLK_SZ]; | ||
383 | |||
384 | struct prng_context *ctx = alloc_prng_context(); | ||
385 | if (ctx == NULL) | ||
386 | return -EFAULT; | ||
387 | for (i=0;i<16;i++) { | ||
388 | if (get_prng_bytes(tmpbuf, DEFAULT_BLK_SZ, ctx) < 0) { | ||
389 | free_prng_context(ctx); | ||
390 | return -EFAULT; | ||
391 | } | ||
392 | } | ||
393 | free_prng_context(ctx); | ||
394 | #endif | ||
395 | |||
396 | return 0; | ||
397 | } | ||
398 | |||
399 | static void __exit prng_mod_fini(void) | ||
400 | { | ||
401 | return; | ||
402 | } | ||
403 | |||
404 | MODULE_LICENSE("GPL"); | ||
405 | MODULE_DESCRIPTION("Software Pseudo Random Number Generator"); | ||
406 | MODULE_AUTHOR("Neil Horman <nhorman@tuxdriver.com>"); | ||
407 | module_param(dbg, int, 0); | ||
408 | MODULE_PARM_DESC(dbg, "Boolean to enable debugging (0/1 == off/on)"); | ||
409 | module_init(prng_mod_init); | ||
410 | module_exit(prng_mod_fini); | ||
diff --git a/crypto/prng.h b/crypto/prng.h new file mode 100644 index 000000000000..1ac9be5009b7 --- /dev/null +++ b/crypto/prng.h | |||
@@ -0,0 +1,27 @@ | |||
1 | /* | ||
2 | * PRNG: Pseudo Random Number Generator | ||
3 | * | ||
4 | * (C) Neil Horman <nhorman@tuxdriver.com> | ||
5 | * | ||
6 | * This program is free software; you can redistribute it and/or modify it | ||
7 | * under the terms of the GNU General Public License as published by the | ||
8 | * Free Software Foundation; either version 2 of the License, or (at your | ||
9 | * any later version. | ||
10 | * | ||
11 | * | ||
12 | */ | ||
13 | |||
14 | #ifndef _PRNG_H_ | ||
15 | #define _PRNG_H_ | ||
16 | struct prng_context; | ||
17 | |||
18 | int get_prng_bytes(char *buf, int nbytes, struct prng_context *ctx); | ||
19 | struct prng_context *alloc_prng_context(void); | ||
20 | int reset_prng_context(struct prng_context *ctx, | ||
21 | unsigned char *key, unsigned char *iv, | ||
22 | unsigned char *V, | ||
23 | unsigned char *DT); | ||
24 | void free_prng_context(struct prng_context *ctx); | ||
25 | |||
26 | #endif | ||
27 | |||
diff --git a/crypto/ripemd.h b/crypto/ripemd.h new file mode 100644 index 000000000000..c57a2d4ce8d9 --- /dev/null +++ b/crypto/ripemd.h | |||
@@ -0,0 +1,43 @@ | |||
1 | /* | ||
2 | * Common values for RIPEMD algorithms | ||
3 | */ | ||
4 | |||
5 | #ifndef _CRYPTO_RMD_H | ||
6 | #define _CRYPTO_RMD_H | ||
7 | |||
8 | #define RMD128_DIGEST_SIZE 16 | ||
9 | #define RMD128_BLOCK_SIZE 64 | ||
10 | |||
11 | #define RMD160_DIGEST_SIZE 20 | ||
12 | #define RMD160_BLOCK_SIZE 64 | ||
13 | |||
14 | #define RMD256_DIGEST_SIZE 32 | ||
15 | #define RMD256_BLOCK_SIZE 64 | ||
16 | |||
17 | #define RMD320_DIGEST_SIZE 40 | ||
18 | #define RMD320_BLOCK_SIZE 64 | ||
19 | |||
20 | /* initial values */ | ||
21 | #define RMD_H0 0x67452301UL | ||
22 | #define RMD_H1 0xefcdab89UL | ||
23 | #define RMD_H2 0x98badcfeUL | ||
24 | #define RMD_H3 0x10325476UL | ||
25 | #define RMD_H4 0xc3d2e1f0UL | ||
26 | #define RMD_H5 0x76543210UL | ||
27 | #define RMD_H6 0xfedcba98UL | ||
28 | #define RMD_H7 0x89abcdefUL | ||
29 | #define RMD_H8 0x01234567UL | ||
30 | #define RMD_H9 0x3c2d1e0fUL | ||
31 | |||
32 | /* constants */ | ||
33 | #define RMD_K1 0x00000000UL | ||
34 | #define RMD_K2 0x5a827999UL | ||
35 | #define RMD_K3 0x6ed9eba1UL | ||
36 | #define RMD_K4 0x8f1bbcdcUL | ||
37 | #define RMD_K5 0xa953fd4eUL | ||
38 | #define RMD_K6 0x50a28be6UL | ||
39 | #define RMD_K7 0x5c4dd124UL | ||
40 | #define RMD_K8 0x6d703ef3UL | ||
41 | #define RMD_K9 0x7a6d76e9UL | ||
42 | |||
43 | #endif | ||
diff --git a/crypto/rmd128.c b/crypto/rmd128.c new file mode 100644 index 000000000000..5de6fa2a76fb --- /dev/null +++ b/crypto/rmd128.c | |||
@@ -0,0 +1,325 @@ | |||
1 | /* | ||
2 | * Cryptographic API. | ||
3 | * | ||
4 | * RIPEMD-128 - RACE Integrity Primitives Evaluation Message Digest. | ||
5 | * | ||
6 | * Based on the reference implementation by Antoon Bosselaers, ESAT-COSIC | ||
7 | * | ||
8 | * Copyright (c) 2008 Adrian-Ken Rueegsegger <rueegsegger (at) swiss-it.ch> | ||
9 | * | ||
10 | * This program is free software; you can redistribute it and/or modify it | ||
11 | * under the terms of the GNU General Public License as published by the Free | ||
12 | * Software Foundation; either version 2 of the License, or (at your option) | ||
13 | * any later version. | ||
14 | * | ||
15 | */ | ||
16 | #include <linux/init.h> | ||
17 | #include <linux/module.h> | ||
18 | #include <linux/mm.h> | ||
19 | #include <linux/crypto.h> | ||
20 | #include <linux/cryptohash.h> | ||
21 | #include <linux/types.h> | ||
22 | #include <asm/byteorder.h> | ||
23 | |||
24 | #include "ripemd.h" | ||
25 | |||
26 | struct rmd128_ctx { | ||
27 | u64 byte_count; | ||
28 | u32 state[4]; | ||
29 | __le32 buffer[16]; | ||
30 | }; | ||
31 | |||
32 | #define K1 RMD_K1 | ||
33 | #define K2 RMD_K2 | ||
34 | #define K3 RMD_K3 | ||
35 | #define K4 RMD_K4 | ||
36 | #define KK1 RMD_K6 | ||
37 | #define KK2 RMD_K7 | ||
38 | #define KK3 RMD_K8 | ||
39 | #define KK4 RMD_K1 | ||
40 | |||
41 | #define F1(x, y, z) (x ^ y ^ z) /* XOR */ | ||
42 | #define F2(x, y, z) (z ^ (x & (y ^ z))) /* x ? y : z */ | ||
43 | #define F3(x, y, z) ((x | ~y) ^ z) | ||
44 | #define F4(x, y, z) (y ^ (z & (x ^ y))) /* z ? x : y */ | ||
45 | |||
46 | #define ROUND(a, b, c, d, f, k, x, s) { \ | ||
47 | (a) += f((b), (c), (d)) + le32_to_cpup(&(x)) + (k); \ | ||
48 | (a) = rol32((a), (s)); \ | ||
49 | } | ||
50 | |||
51 | static void rmd128_transform(u32 *state, const __le32 *in) | ||
52 | { | ||
53 | u32 aa, bb, cc, dd, aaa, bbb, ccc, ddd; | ||
54 | |||
55 | /* Initialize left lane */ | ||
56 | aa = state[0]; | ||
57 | bb = state[1]; | ||
58 | cc = state[2]; | ||
59 | dd = state[3]; | ||
60 | |||
61 | /* Initialize right lane */ | ||
62 | aaa = state[0]; | ||
63 | bbb = state[1]; | ||
64 | ccc = state[2]; | ||
65 | ddd = state[3]; | ||
66 | |||
67 | /* round 1: left lane */ | ||
68 | ROUND(aa, bb, cc, dd, F1, K1, in[0], 11); | ||
69 | ROUND(dd, aa, bb, cc, F1, K1, in[1], 14); | ||
70 | ROUND(cc, dd, aa, bb, F1, K1, in[2], 15); | ||
71 | ROUND(bb, cc, dd, aa, F1, K1, in[3], 12); | ||
72 | ROUND(aa, bb, cc, dd, F1, K1, in[4], 5); | ||
73 | ROUND(dd, aa, bb, cc, F1, K1, in[5], 8); | ||
74 | ROUND(cc, dd, aa, bb, F1, K1, in[6], 7); | ||
75 | ROUND(bb, cc, dd, aa, F1, K1, in[7], 9); | ||
76 | ROUND(aa, bb, cc, dd, F1, K1, in[8], 11); | ||
77 | ROUND(dd, aa, bb, cc, F1, K1, in[9], 13); | ||
78 | ROUND(cc, dd, aa, bb, F1, K1, in[10], 14); | ||
79 | ROUND(bb, cc, dd, aa, F1, K1, in[11], 15); | ||
80 | ROUND(aa, bb, cc, dd, F1, K1, in[12], 6); | ||
81 | ROUND(dd, aa, bb, cc, F1, K1, in[13], 7); | ||
82 | ROUND(cc, dd, aa, bb, F1, K1, in[14], 9); | ||
83 | ROUND(bb, cc, dd, aa, F1, K1, in[15], 8); | ||
84 | |||
85 | /* round 2: left lane */ | ||
86 | ROUND(aa, bb, cc, dd, F2, K2, in[7], 7); | ||
87 | ROUND(dd, aa, bb, cc, F2, K2, in[4], 6); | ||
88 | ROUND(cc, dd, aa, bb, F2, K2, in[13], 8); | ||
89 | ROUND(bb, cc, dd, aa, F2, K2, in[1], 13); | ||
90 | ROUND(aa, bb, cc, dd, F2, K2, in[10], 11); | ||
91 | ROUND(dd, aa, bb, cc, F2, K2, in[6], 9); | ||
92 | ROUND(cc, dd, aa, bb, F2, K2, in[15], 7); | ||
93 | ROUND(bb, cc, dd, aa, F2, K2, in[3], 15); | ||
94 | ROUND(aa, bb, cc, dd, F2, K2, in[12], 7); | ||
95 | ROUND(dd, aa, bb, cc, F2, K2, in[0], 12); | ||
96 | ROUND(cc, dd, aa, bb, F2, K2, in[9], 15); | ||
97 | ROUND(bb, cc, dd, aa, F2, K2, in[5], 9); | ||
98 | ROUND(aa, bb, cc, dd, F2, K2, in[2], 11); | ||
99 | ROUND(dd, aa, bb, cc, F2, K2, in[14], 7); | ||
100 | ROUND(cc, dd, aa, bb, F2, K2, in[11], 13); | ||
101 | ROUND(bb, cc, dd, aa, F2, K2, in[8], 12); | ||
102 | |||
103 | /* round 3: left lane */ | ||
104 | ROUND(aa, bb, cc, dd, F3, K3, in[3], 11); | ||
105 | ROUND(dd, aa, bb, cc, F3, K3, in[10], 13); | ||
106 | ROUND(cc, dd, aa, bb, F3, K3, in[14], 6); | ||
107 | ROUND(bb, cc, dd, aa, F3, K3, in[4], 7); | ||
108 | ROUND(aa, bb, cc, dd, F3, K3, in[9], 14); | ||
109 | ROUND(dd, aa, bb, cc, F3, K3, in[15], 9); | ||
110 | ROUND(cc, dd, aa, bb, F3, K3, in[8], 13); | ||
111 | ROUND(bb, cc, dd, aa, F3, K3, in[1], 15); | ||
112 | ROUND(aa, bb, cc, dd, F3, K3, in[2], 14); | ||
113 | ROUND(dd, aa, bb, cc, F3, K3, in[7], 8); | ||
114 | ROUND(cc, dd, aa, bb, F3, K3, in[0], 13); | ||
115 | ROUND(bb, cc, dd, aa, F3, K3, in[6], 6); | ||
116 | ROUND(aa, bb, cc, dd, F3, K3, in[13], 5); | ||
117 | ROUND(dd, aa, bb, cc, F3, K3, in[11], 12); | ||
118 | ROUND(cc, dd, aa, bb, F3, K3, in[5], 7); | ||
119 | ROUND(bb, cc, dd, aa, F3, K3, in[12], 5); | ||
120 | |||
121 | /* round 4: left lane */ | ||
122 | ROUND(aa, bb, cc, dd, F4, K4, in[1], 11); | ||
123 | ROUND(dd, aa, bb, cc, F4, K4, in[9], 12); | ||
124 | ROUND(cc, dd, aa, bb, F4, K4, in[11], 14); | ||
125 | ROUND(bb, cc, dd, aa, F4, K4, in[10], 15); | ||
126 | ROUND(aa, bb, cc, dd, F4, K4, in[0], 14); | ||
127 | ROUND(dd, aa, bb, cc, F4, K4, in[8], 15); | ||
128 | ROUND(cc, dd, aa, bb, F4, K4, in[12], 9); | ||
129 | ROUND(bb, cc, dd, aa, F4, K4, in[4], 8); | ||
130 | ROUND(aa, bb, cc, dd, F4, K4, in[13], 9); | ||
131 | ROUND(dd, aa, bb, cc, F4, K4, in[3], 14); | ||
132 | ROUND(cc, dd, aa, bb, F4, K4, in[7], 5); | ||
133 | ROUND(bb, cc, dd, aa, F4, K4, in[15], 6); | ||
134 | ROUND(aa, bb, cc, dd, F4, K4, in[14], 8); | ||
135 | ROUND(dd, aa, bb, cc, F4, K4, in[5], 6); | ||
136 | ROUND(cc, dd, aa, bb, F4, K4, in[6], 5); | ||
137 | ROUND(bb, cc, dd, aa, F4, K4, in[2], 12); | ||
138 | |||
139 | /* round 1: right lane */ | ||
140 | ROUND(aaa, bbb, ccc, ddd, F4, KK1, in[5], 8); | ||
141 | ROUND(ddd, aaa, bbb, ccc, F4, KK1, in[14], 9); | ||
142 | ROUND(ccc, ddd, aaa, bbb, F4, KK1, in[7], 9); | ||
143 | ROUND(bbb, ccc, ddd, aaa, F4, KK1, in[0], 11); | ||
144 | ROUND(aaa, bbb, ccc, ddd, F4, KK1, in[9], 13); | ||
145 | ROUND(ddd, aaa, bbb, ccc, F4, KK1, in[2], 15); | ||
146 | ROUND(ccc, ddd, aaa, bbb, F4, KK1, in[11], 15); | ||
147 | ROUND(bbb, ccc, ddd, aaa, F4, KK1, in[4], 5); | ||
148 | ROUND(aaa, bbb, ccc, ddd, F4, KK1, in[13], 7); | ||
149 | ROUND(ddd, aaa, bbb, ccc, F4, KK1, in[6], 7); | ||
150 | ROUND(ccc, ddd, aaa, bbb, F4, KK1, in[15], 8); | ||
151 | ROUND(bbb, ccc, ddd, aaa, F4, KK1, in[8], 11); | ||
152 | ROUND(aaa, bbb, ccc, ddd, F4, KK1, in[1], 14); | ||
153 | ROUND(ddd, aaa, bbb, ccc, F4, KK1, in[10], 14); | ||
154 | ROUND(ccc, ddd, aaa, bbb, F4, KK1, in[3], 12); | ||
155 | ROUND(bbb, ccc, ddd, aaa, F4, KK1, in[12], 6); | ||
156 | |||
157 | /* round 2: right lane */ | ||
158 | ROUND(aaa, bbb, ccc, ddd, F3, KK2, in[6], 9); | ||
159 | ROUND(ddd, aaa, bbb, ccc, F3, KK2, in[11], 13); | ||
160 | ROUND(ccc, ddd, aaa, bbb, F3, KK2, in[3], 15); | ||
161 | ROUND(bbb, ccc, ddd, aaa, F3, KK2, in[7], 7); | ||
162 | ROUND(aaa, bbb, ccc, ddd, F3, KK2, in[0], 12); | ||
163 | ROUND(ddd, aaa, bbb, ccc, F3, KK2, in[13], 8); | ||
164 | ROUND(ccc, ddd, aaa, bbb, F3, KK2, in[5], 9); | ||
165 | ROUND(bbb, ccc, ddd, aaa, F3, KK2, in[10], 11); | ||
166 | ROUND(aaa, bbb, ccc, ddd, F3, KK2, in[14], 7); | ||
167 | ROUND(ddd, aaa, bbb, ccc, F3, KK2, in[15], 7); | ||
168 | ROUND(ccc, ddd, aaa, bbb, F3, KK2, in[8], 12); | ||
169 | ROUND(bbb, ccc, ddd, aaa, F3, KK2, in[12], 7); | ||
170 | ROUND(aaa, bbb, ccc, ddd, F3, KK2, in[4], 6); | ||
171 | ROUND(ddd, aaa, bbb, ccc, F3, KK2, in[9], 15); | ||
172 | ROUND(ccc, ddd, aaa, bbb, F3, KK2, in[1], 13); | ||
173 | ROUND(bbb, ccc, ddd, aaa, F3, KK2, in[2], 11); | ||
174 | |||
175 | /* round 3: right lane */ | ||
176 | ROUND(aaa, bbb, ccc, ddd, F2, KK3, in[15], 9); | ||
177 | ROUND(ddd, aaa, bbb, ccc, F2, KK3, in[5], 7); | ||
178 | ROUND(ccc, ddd, aaa, bbb, F2, KK3, in[1], 15); | ||
179 | ROUND(bbb, ccc, ddd, aaa, F2, KK3, in[3], 11); | ||
180 | ROUND(aaa, bbb, ccc, ddd, F2, KK3, in[7], 8); | ||
181 | ROUND(ddd, aaa, bbb, ccc, F2, KK3, in[14], 6); | ||
182 | ROUND(ccc, ddd, aaa, bbb, F2, KK3, in[6], 6); | ||
183 | ROUND(bbb, ccc, ddd, aaa, F2, KK3, in[9], 14); | ||
184 | ROUND(aaa, bbb, ccc, ddd, F2, KK3, in[11], 12); | ||
185 | ROUND(ddd, aaa, bbb, ccc, F2, KK3, in[8], 13); | ||
186 | ROUND(ccc, ddd, aaa, bbb, F2, KK3, in[12], 5); | ||
187 | ROUND(bbb, ccc, ddd, aaa, F2, KK3, in[2], 14); | ||
188 | ROUND(aaa, bbb, ccc, ddd, F2, KK3, in[10], 13); | ||
189 | ROUND(ddd, aaa, bbb, ccc, F2, KK3, in[0], 13); | ||
190 | ROUND(ccc, ddd, aaa, bbb, F2, KK3, in[4], 7); | ||
191 | ROUND(bbb, ccc, ddd, aaa, F2, KK3, in[13], 5); | ||
192 | |||
193 | /* round 4: right lane */ | ||
194 | ROUND(aaa, bbb, ccc, ddd, F1, KK4, in[8], 15); | ||
195 | ROUND(ddd, aaa, bbb, ccc, F1, KK4, in[6], 5); | ||
196 | ROUND(ccc, ddd, aaa, bbb, F1, KK4, in[4], 8); | ||
197 | ROUND(bbb, ccc, ddd, aaa, F1, KK4, in[1], 11); | ||
198 | ROUND(aaa, bbb, ccc, ddd, F1, KK4, in[3], 14); | ||
199 | ROUND(ddd, aaa, bbb, ccc, F1, KK4, in[11], 14); | ||
200 | ROUND(ccc, ddd, aaa, bbb, F1, KK4, in[15], 6); | ||
201 | ROUND(bbb, ccc, ddd, aaa, F1, KK4, in[0], 14); | ||
202 | ROUND(aaa, bbb, ccc, ddd, F1, KK4, in[5], 6); | ||
203 | ROUND(ddd, aaa, bbb, ccc, F1, KK4, in[12], 9); | ||
204 | ROUND(ccc, ddd, aaa, bbb, F1, KK4, in[2], 12); | ||
205 | ROUND(bbb, ccc, ddd, aaa, F1, KK4, in[13], 9); | ||
206 | ROUND(aaa, bbb, ccc, ddd, F1, KK4, in[9], 12); | ||
207 | ROUND(ddd, aaa, bbb, ccc, F1, KK4, in[7], 5); | ||
208 | ROUND(ccc, ddd, aaa, bbb, F1, KK4, in[10], 15); | ||
209 | ROUND(bbb, ccc, ddd, aaa, F1, KK4, in[14], 8); | ||
210 | |||
211 | /* combine results */ | ||
212 | ddd += cc + state[1]; /* final result for state[0] */ | ||
213 | state[1] = state[2] + dd + aaa; | ||
214 | state[2] = state[3] + aa + bbb; | ||
215 | state[3] = state[0] + bb + ccc; | ||
216 | state[0] = ddd; | ||
217 | |||
218 | return; | ||
219 | } | ||
220 | |||
221 | static void rmd128_init(struct crypto_tfm *tfm) | ||
222 | { | ||
223 | struct rmd128_ctx *rctx = crypto_tfm_ctx(tfm); | ||
224 | |||
225 | rctx->byte_count = 0; | ||
226 | |||
227 | rctx->state[0] = RMD_H0; | ||
228 | rctx->state[1] = RMD_H1; | ||
229 | rctx->state[2] = RMD_H2; | ||
230 | rctx->state[3] = RMD_H3; | ||
231 | |||
232 | memset(rctx->buffer, 0, sizeof(rctx->buffer)); | ||
233 | } | ||
234 | |||
235 | static void rmd128_update(struct crypto_tfm *tfm, const u8 *data, | ||
236 | unsigned int len) | ||
237 | { | ||
238 | struct rmd128_ctx *rctx = crypto_tfm_ctx(tfm); | ||
239 | const u32 avail = sizeof(rctx->buffer) - (rctx->byte_count & 0x3f); | ||
240 | |||
241 | rctx->byte_count += len; | ||
242 | |||
243 | /* Enough space in buffer? If so copy and we're done */ | ||
244 | if (avail > len) { | ||
245 | memcpy((char *)rctx->buffer + (sizeof(rctx->buffer) - avail), | ||
246 | data, len); | ||
247 | return; | ||
248 | } | ||
249 | |||
250 | memcpy((char *)rctx->buffer + (sizeof(rctx->buffer) - avail), | ||
251 | data, avail); | ||
252 | |||
253 | rmd128_transform(rctx->state, rctx->buffer); | ||
254 | data += avail; | ||
255 | len -= avail; | ||
256 | |||
257 | while (len >= sizeof(rctx->buffer)) { | ||
258 | memcpy(rctx->buffer, data, sizeof(rctx->buffer)); | ||
259 | rmd128_transform(rctx->state, rctx->buffer); | ||
260 | data += sizeof(rctx->buffer); | ||
261 | len -= sizeof(rctx->buffer); | ||
262 | } | ||
263 | |||
264 | memcpy(rctx->buffer, data, len); | ||
265 | } | ||
266 | |||
267 | /* Add padding and return the message digest. */ | ||
268 | static void rmd128_final(struct crypto_tfm *tfm, u8 *out) | ||
269 | { | ||
270 | struct rmd128_ctx *rctx = crypto_tfm_ctx(tfm); | ||
271 | u32 i, index, padlen; | ||
272 | __le64 bits; | ||
273 | __le32 *dst = (__le32 *)out; | ||
274 | static const u8 padding[64] = { 0x80, }; | ||
275 | |||
276 | bits = cpu_to_le64(rctx->byte_count << 3); | ||
277 | |||
278 | /* Pad out to 56 mod 64 */ | ||
279 | index = rctx->byte_count & 0x3f; | ||
280 | padlen = (index < 56) ? (56 - index) : ((64+56) - index); | ||
281 | rmd128_update(tfm, padding, padlen); | ||
282 | |||
283 | /* Append length */ | ||
284 | rmd128_update(tfm, (const u8 *)&bits, sizeof(bits)); | ||
285 | |||
286 | /* Store state in digest */ | ||
287 | for (i = 0; i < 4; i++) | ||
288 | dst[i] = cpu_to_le32p(&rctx->state[i]); | ||
289 | |||
290 | /* Wipe context */ | ||
291 | memset(rctx, 0, sizeof(*rctx)); | ||
292 | } | ||
293 | |||
294 | static struct crypto_alg alg = { | ||
295 | .cra_name = "rmd128", | ||
296 | .cra_driver_name = "rmd128", | ||
297 | .cra_flags = CRYPTO_ALG_TYPE_DIGEST, | ||
298 | .cra_blocksize = RMD128_BLOCK_SIZE, | ||
299 | .cra_ctxsize = sizeof(struct rmd128_ctx), | ||
300 | .cra_module = THIS_MODULE, | ||
301 | .cra_list = LIST_HEAD_INIT(alg.cra_list), | ||
302 | .cra_u = { .digest = { | ||
303 | .dia_digestsize = RMD128_DIGEST_SIZE, | ||
304 | .dia_init = rmd128_init, | ||
305 | .dia_update = rmd128_update, | ||
306 | .dia_final = rmd128_final } } | ||
307 | }; | ||
308 | |||
309 | static int __init rmd128_mod_init(void) | ||
310 | { | ||
311 | return crypto_register_alg(&alg); | ||
312 | } | ||
313 | |||
314 | static void __exit rmd128_mod_fini(void) | ||
315 | { | ||
316 | crypto_unregister_alg(&alg); | ||
317 | } | ||
318 | |||
319 | module_init(rmd128_mod_init); | ||
320 | module_exit(rmd128_mod_fini); | ||
321 | |||
322 | MODULE_LICENSE("GPL"); | ||
323 | MODULE_DESCRIPTION("RIPEMD-128 Message Digest"); | ||
324 | |||
325 | MODULE_ALIAS("rmd128"); | ||
diff --git a/crypto/rmd160.c b/crypto/rmd160.c new file mode 100644 index 000000000000..f001ec775e1f --- /dev/null +++ b/crypto/rmd160.c | |||
@@ -0,0 +1,369 @@ | |||
1 | /* | ||
2 | * Cryptographic API. | ||
3 | * | ||
4 | * RIPEMD-160 - RACE Integrity Primitives Evaluation Message Digest. | ||
5 | * | ||
6 | * Based on the reference implementation by Antoon Bosselaers, ESAT-COSIC | ||
7 | * | ||
8 | * Copyright (c) 2008 Adrian-Ken Rueegsegger <rueegsegger (at) swiss-it.ch> | ||
9 | * | ||
10 | * This program is free software; you can redistribute it and/or modify it | ||
11 | * under the terms of the GNU General Public License as published by the Free | ||
12 | * Software Foundation; either version 2 of the License, or (at your option) | ||
13 | * any later version. | ||
14 | * | ||
15 | */ | ||
16 | #include <linux/init.h> | ||
17 | #include <linux/module.h> | ||
18 | #include <linux/mm.h> | ||
19 | #include <linux/crypto.h> | ||
20 | #include <linux/cryptohash.h> | ||
21 | #include <linux/types.h> | ||
22 | #include <asm/byteorder.h> | ||
23 | |||
24 | #include "ripemd.h" | ||
25 | |||
26 | struct rmd160_ctx { | ||
27 | u64 byte_count; | ||
28 | u32 state[5]; | ||
29 | __le32 buffer[16]; | ||
30 | }; | ||
31 | |||
32 | #define K1 RMD_K1 | ||
33 | #define K2 RMD_K2 | ||
34 | #define K3 RMD_K3 | ||
35 | #define K4 RMD_K4 | ||
36 | #define K5 RMD_K5 | ||
37 | #define KK1 RMD_K6 | ||
38 | #define KK2 RMD_K7 | ||
39 | #define KK3 RMD_K8 | ||
40 | #define KK4 RMD_K9 | ||
41 | #define KK5 RMD_K1 | ||
42 | |||
43 | #define F1(x, y, z) (x ^ y ^ z) /* XOR */ | ||
44 | #define F2(x, y, z) (z ^ (x & (y ^ z))) /* x ? y : z */ | ||
45 | #define F3(x, y, z) ((x | ~y) ^ z) | ||
46 | #define F4(x, y, z) (y ^ (z & (x ^ y))) /* z ? x : y */ | ||
47 | #define F5(x, y, z) (x ^ (y | ~z)) | ||
48 | |||
49 | #define ROUND(a, b, c, d, e, f, k, x, s) { \ | ||
50 | (a) += f((b), (c), (d)) + le32_to_cpup(&(x)) + (k); \ | ||
51 | (a) = rol32((a), (s)) + (e); \ | ||
52 | (c) = rol32((c), 10); \ | ||
53 | } | ||
54 | |||
55 | static void rmd160_transform(u32 *state, const __le32 *in) | ||
56 | { | ||
57 | u32 aa, bb, cc, dd, ee, aaa, bbb, ccc, ddd, eee; | ||
58 | |||
59 | /* Initialize left lane */ | ||
60 | aa = state[0]; | ||
61 | bb = state[1]; | ||
62 | cc = state[2]; | ||
63 | dd = state[3]; | ||
64 | ee = state[4]; | ||
65 | |||
66 | /* Initialize right lane */ | ||
67 | aaa = state[0]; | ||
68 | bbb = state[1]; | ||
69 | ccc = state[2]; | ||
70 | ddd = state[3]; | ||
71 | eee = state[4]; | ||
72 | |||
73 | /* round 1: left lane */ | ||
74 | ROUND(aa, bb, cc, dd, ee, F1, K1, in[0], 11); | ||
75 | ROUND(ee, aa, bb, cc, dd, F1, K1, in[1], 14); | ||
76 | ROUND(dd, ee, aa, bb, cc, F1, K1, in[2], 15); | ||
77 | ROUND(cc, dd, ee, aa, bb, F1, K1, in[3], 12); | ||
78 | ROUND(bb, cc, dd, ee, aa, F1, K1, in[4], 5); | ||
79 | ROUND(aa, bb, cc, dd, ee, F1, K1, in[5], 8); | ||
80 | ROUND(ee, aa, bb, cc, dd, F1, K1, in[6], 7); | ||
81 | ROUND(dd, ee, aa, bb, cc, F1, K1, in[7], 9); | ||
82 | ROUND(cc, dd, ee, aa, bb, F1, K1, in[8], 11); | ||
83 | ROUND(bb, cc, dd, ee, aa, F1, K1, in[9], 13); | ||
84 | ROUND(aa, bb, cc, dd, ee, F1, K1, in[10], 14); | ||
85 | ROUND(ee, aa, bb, cc, dd, F1, K1, in[11], 15); | ||
86 | ROUND(dd, ee, aa, bb, cc, F1, K1, in[12], 6); | ||
87 | ROUND(cc, dd, ee, aa, bb, F1, K1, in[13], 7); | ||
88 | ROUND(bb, cc, dd, ee, aa, F1, K1, in[14], 9); | ||
89 | ROUND(aa, bb, cc, dd, ee, F1, K1, in[15], 8); | ||
90 | |||
91 | /* round 2: left lane" */ | ||
92 | ROUND(ee, aa, bb, cc, dd, F2, K2, in[7], 7); | ||
93 | ROUND(dd, ee, aa, bb, cc, F2, K2, in[4], 6); | ||
94 | ROUND(cc, dd, ee, aa, bb, F2, K2, in[13], 8); | ||
95 | ROUND(bb, cc, dd, ee, aa, F2, K2, in[1], 13); | ||
96 | ROUND(aa, bb, cc, dd, ee, F2, K2, in[10], 11); | ||
97 | ROUND(ee, aa, bb, cc, dd, F2, K2, in[6], 9); | ||
98 | ROUND(dd, ee, aa, bb, cc, F2, K2, in[15], 7); | ||
99 | ROUND(cc, dd, ee, aa, bb, F2, K2, in[3], 15); | ||
100 | ROUND(bb, cc, dd, ee, aa, F2, K2, in[12], 7); | ||
101 | ROUND(aa, bb, cc, dd, ee, F2, K2, in[0], 12); | ||
102 | ROUND(ee, aa, bb, cc, dd, F2, K2, in[9], 15); | ||
103 | ROUND(dd, ee, aa, bb, cc, F2, K2, in[5], 9); | ||
104 | ROUND(cc, dd, ee, aa, bb, F2, K2, in[2], 11); | ||
105 | ROUND(bb, cc, dd, ee, aa, F2, K2, in[14], 7); | ||
106 | ROUND(aa, bb, cc, dd, ee, F2, K2, in[11], 13); | ||
107 | ROUND(ee, aa, bb, cc, dd, F2, K2, in[8], 12); | ||
108 | |||
109 | /* round 3: left lane" */ | ||
110 | ROUND(dd, ee, aa, bb, cc, F3, K3, in[3], 11); | ||
111 | ROUND(cc, dd, ee, aa, bb, F3, K3, in[10], 13); | ||
112 | ROUND(bb, cc, dd, ee, aa, F3, K3, in[14], 6); | ||
113 | ROUND(aa, bb, cc, dd, ee, F3, K3, in[4], 7); | ||
114 | ROUND(ee, aa, bb, cc, dd, F3, K3, in[9], 14); | ||
115 | ROUND(dd, ee, aa, bb, cc, F3, K3, in[15], 9); | ||
116 | ROUND(cc, dd, ee, aa, bb, F3, K3, in[8], 13); | ||
117 | ROUND(bb, cc, dd, ee, aa, F3, K3, in[1], 15); | ||
118 | ROUND(aa, bb, cc, dd, ee, F3, K3, in[2], 14); | ||
119 | ROUND(ee, aa, bb, cc, dd, F3, K3, in[7], 8); | ||
120 | ROUND(dd, ee, aa, bb, cc, F3, K3, in[0], 13); | ||
121 | ROUND(cc, dd, ee, aa, bb, F3, K3, in[6], 6); | ||
122 | ROUND(bb, cc, dd, ee, aa, F3, K3, in[13], 5); | ||
123 | ROUND(aa, bb, cc, dd, ee, F3, K3, in[11], 12); | ||
124 | ROUND(ee, aa, bb, cc, dd, F3, K3, in[5], 7); | ||
125 | ROUND(dd, ee, aa, bb, cc, F3, K3, in[12], 5); | ||
126 | |||
127 | /* round 4: left lane" */ | ||
128 | ROUND(cc, dd, ee, aa, bb, F4, K4, in[1], 11); | ||
129 | ROUND(bb, cc, dd, ee, aa, F4, K4, in[9], 12); | ||
130 | ROUND(aa, bb, cc, dd, ee, F4, K4, in[11], 14); | ||
131 | ROUND(ee, aa, bb, cc, dd, F4, K4, in[10], 15); | ||
132 | ROUND(dd, ee, aa, bb, cc, F4, K4, in[0], 14); | ||
133 | ROUND(cc, dd, ee, aa, bb, F4, K4, in[8], 15); | ||
134 | ROUND(bb, cc, dd, ee, aa, F4, K4, in[12], 9); | ||
135 | ROUND(aa, bb, cc, dd, ee, F4, K4, in[4], 8); | ||
136 | ROUND(ee, aa, bb, cc, dd, F4, K4, in[13], 9); | ||
137 | ROUND(dd, ee, aa, bb, cc, F4, K4, in[3], 14); | ||
138 | ROUND(cc, dd, ee, aa, bb, F4, K4, in[7], 5); | ||
139 | ROUND(bb, cc, dd, ee, aa, F4, K4, in[15], 6); | ||
140 | ROUND(aa, bb, cc, dd, ee, F4, K4, in[14], 8); | ||
141 | ROUND(ee, aa, bb, cc, dd, F4, K4, in[5], 6); | ||
142 | ROUND(dd, ee, aa, bb, cc, F4, K4, in[6], 5); | ||
143 | ROUND(cc, dd, ee, aa, bb, F4, K4, in[2], 12); | ||
144 | |||
145 | /* round 5: left lane" */ | ||
146 | ROUND(bb, cc, dd, ee, aa, F5, K5, in[4], 9); | ||
147 | ROUND(aa, bb, cc, dd, ee, F5, K5, in[0], 15); | ||
148 | ROUND(ee, aa, bb, cc, dd, F5, K5, in[5], 5); | ||
149 | ROUND(dd, ee, aa, bb, cc, F5, K5, in[9], 11); | ||
150 | ROUND(cc, dd, ee, aa, bb, F5, K5, in[7], 6); | ||
151 | ROUND(bb, cc, dd, ee, aa, F5, K5, in[12], 8); | ||
152 | ROUND(aa, bb, cc, dd, ee, F5, K5, in[2], 13); | ||
153 | ROUND(ee, aa, bb, cc, dd, F5, K5, in[10], 12); | ||
154 | ROUND(dd, ee, aa, bb, cc, F5, K5, in[14], 5); | ||
155 | ROUND(cc, dd, ee, aa, bb, F5, K5, in[1], 12); | ||
156 | ROUND(bb, cc, dd, ee, aa, F5, K5, in[3], 13); | ||
157 | ROUND(aa, bb, cc, dd, ee, F5, K5, in[8], 14); | ||
158 | ROUND(ee, aa, bb, cc, dd, F5, K5, in[11], 11); | ||
159 | ROUND(dd, ee, aa, bb, cc, F5, K5, in[6], 8); | ||
160 | ROUND(cc, dd, ee, aa, bb, F5, K5, in[15], 5); | ||
161 | ROUND(bb, cc, dd, ee, aa, F5, K5, in[13], 6); | ||
162 | |||
163 | /* round 1: right lane */ | ||
164 | ROUND(aaa, bbb, ccc, ddd, eee, F5, KK1, in[5], 8); | ||
165 | ROUND(eee, aaa, bbb, ccc, ddd, F5, KK1, in[14], 9); | ||
166 | ROUND(ddd, eee, aaa, bbb, ccc, F5, KK1, in[7], 9); | ||
167 | ROUND(ccc, ddd, eee, aaa, bbb, F5, KK1, in[0], 11); | ||
168 | ROUND(bbb, ccc, ddd, eee, aaa, F5, KK1, in[9], 13); | ||
169 | ROUND(aaa, bbb, ccc, ddd, eee, F5, KK1, in[2], 15); | ||
170 | ROUND(eee, aaa, bbb, ccc, ddd, F5, KK1, in[11], 15); | ||
171 | ROUND(ddd, eee, aaa, bbb, ccc, F5, KK1, in[4], 5); | ||
172 | ROUND(ccc, ddd, eee, aaa, bbb, F5, KK1, in[13], 7); | ||
173 | ROUND(bbb, ccc, ddd, eee, aaa, F5, KK1, in[6], 7); | ||
174 | ROUND(aaa, bbb, ccc, ddd, eee, F5, KK1, in[15], 8); | ||
175 | ROUND(eee, aaa, bbb, ccc, ddd, F5, KK1, in[8], 11); | ||
176 | ROUND(ddd, eee, aaa, bbb, ccc, F5, KK1, in[1], 14); | ||
177 | ROUND(ccc, ddd, eee, aaa, bbb, F5, KK1, in[10], 14); | ||
178 | ROUND(bbb, ccc, ddd, eee, aaa, F5, KK1, in[3], 12); | ||
179 | ROUND(aaa, bbb, ccc, ddd, eee, F5, KK1, in[12], 6); | ||
180 | |||
181 | /* round 2: right lane */ | ||
182 | ROUND(eee, aaa, bbb, ccc, ddd, F4, KK2, in[6], 9); | ||
183 | ROUND(ddd, eee, aaa, bbb, ccc, F4, KK2, in[11], 13); | ||
184 | ROUND(ccc, ddd, eee, aaa, bbb, F4, KK2, in[3], 15); | ||
185 | ROUND(bbb, ccc, ddd, eee, aaa, F4, KK2, in[7], 7); | ||
186 | ROUND(aaa, bbb, ccc, ddd, eee, F4, KK2, in[0], 12); | ||
187 | ROUND(eee, aaa, bbb, ccc, ddd, F4, KK2, in[13], 8); | ||
188 | ROUND(ddd, eee, aaa, bbb, ccc, F4, KK2, in[5], 9); | ||
189 | ROUND(ccc, ddd, eee, aaa, bbb, F4, KK2, in[10], 11); | ||
190 | ROUND(bbb, ccc, ddd, eee, aaa, F4, KK2, in[14], 7); | ||
191 | ROUND(aaa, bbb, ccc, ddd, eee, F4, KK2, in[15], 7); | ||
192 | ROUND(eee, aaa, bbb, ccc, ddd, F4, KK2, in[8], 12); | ||
193 | ROUND(ddd, eee, aaa, bbb, ccc, F4, KK2, in[12], 7); | ||
194 | ROUND(ccc, ddd, eee, aaa, bbb, F4, KK2, in[4], 6); | ||
195 | ROUND(bbb, ccc, ddd, eee, aaa, F4, KK2, in[9], 15); | ||
196 | ROUND(aaa, bbb, ccc, ddd, eee, F4, KK2, in[1], 13); | ||
197 | ROUND(eee, aaa, bbb, ccc, ddd, F4, KK2, in[2], 11); | ||
198 | |||
199 | /* round 3: right lane */ | ||
200 | ROUND(ddd, eee, aaa, bbb, ccc, F3, KK3, in[15], 9); | ||
201 | ROUND(ccc, ddd, eee, aaa, bbb, F3, KK3, in[5], 7); | ||
202 | ROUND(bbb, ccc, ddd, eee, aaa, F3, KK3, in[1], 15); | ||
203 | ROUND(aaa, bbb, ccc, ddd, eee, F3, KK3, in[3], 11); | ||
204 | ROUND(eee, aaa, bbb, ccc, ddd, F3, KK3, in[7], 8); | ||
205 | ROUND(ddd, eee, aaa, bbb, ccc, F3, KK3, in[14], 6); | ||
206 | ROUND(ccc, ddd, eee, aaa, bbb, F3, KK3, in[6], 6); | ||
207 | ROUND(bbb, ccc, ddd, eee, aaa, F3, KK3, in[9], 14); | ||
208 | ROUND(aaa, bbb, ccc, ddd, eee, F3, KK3, in[11], 12); | ||
209 | ROUND(eee, aaa, bbb, ccc, ddd, F3, KK3, in[8], 13); | ||
210 | ROUND(ddd, eee, aaa, bbb, ccc, F3, KK3, in[12], 5); | ||
211 | ROUND(ccc, ddd, eee, aaa, bbb, F3, KK3, in[2], 14); | ||
212 | ROUND(bbb, ccc, ddd, eee, aaa, F3, KK3, in[10], 13); | ||
213 | ROUND(aaa, bbb, ccc, ddd, eee, F3, KK3, in[0], 13); | ||
214 | ROUND(eee, aaa, bbb, ccc, ddd, F3, KK3, in[4], 7); | ||
215 | ROUND(ddd, eee, aaa, bbb, ccc, F3, KK3, in[13], 5); | ||
216 | |||
217 | /* round 4: right lane */ | ||
218 | ROUND(ccc, ddd, eee, aaa, bbb, F2, KK4, in[8], 15); | ||
219 | ROUND(bbb, ccc, ddd, eee, aaa, F2, KK4, in[6], 5); | ||
220 | ROUND(aaa, bbb, ccc, ddd, eee, F2, KK4, in[4], 8); | ||
221 | ROUND(eee, aaa, bbb, ccc, ddd, F2, KK4, in[1], 11); | ||
222 | ROUND(ddd, eee, aaa, bbb, ccc, F2, KK4, in[3], 14); | ||
223 | ROUND(ccc, ddd, eee, aaa, bbb, F2, KK4, in[11], 14); | ||
224 | ROUND(bbb, ccc, ddd, eee, aaa, F2, KK4, in[15], 6); | ||
225 | ROUND(aaa, bbb, ccc, ddd, eee, F2, KK4, in[0], 14); | ||
226 | ROUND(eee, aaa, bbb, ccc, ddd, F2, KK4, in[5], 6); | ||
227 | ROUND(ddd, eee, aaa, bbb, ccc, F2, KK4, in[12], 9); | ||
228 | ROUND(ccc, ddd, eee, aaa, bbb, F2, KK4, in[2], 12); | ||
229 | ROUND(bbb, ccc, ddd, eee, aaa, F2, KK4, in[13], 9); | ||
230 | ROUND(aaa, bbb, ccc, ddd, eee, F2, KK4, in[9], 12); | ||
231 | ROUND(eee, aaa, bbb, ccc, ddd, F2, KK4, in[7], 5); | ||
232 | ROUND(ddd, eee, aaa, bbb, ccc, F2, KK4, in[10], 15); | ||
233 | ROUND(ccc, ddd, eee, aaa, bbb, F2, KK4, in[14], 8); | ||
234 | |||
235 | /* round 5: right lane */ | ||
236 | ROUND(bbb, ccc, ddd, eee, aaa, F1, KK5, in[12], 8); | ||
237 | ROUND(aaa, bbb, ccc, ddd, eee, F1, KK5, in[15], 5); | ||
238 | ROUND(eee, aaa, bbb, ccc, ddd, F1, KK5, in[10], 12); | ||
239 | ROUND(ddd, eee, aaa, bbb, ccc, F1, KK5, in[4], 9); | ||
240 | ROUND(ccc, ddd, eee, aaa, bbb, F1, KK5, in[1], 12); | ||
241 | ROUND(bbb, ccc, ddd, eee, aaa, F1, KK5, in[5], 5); | ||
242 | ROUND(aaa, bbb, ccc, ddd, eee, F1, KK5, in[8], 14); | ||
243 | ROUND(eee, aaa, bbb, ccc, ddd, F1, KK5, in[7], 6); | ||
244 | ROUND(ddd, eee, aaa, bbb, ccc, F1, KK5, in[6], 8); | ||
245 | ROUND(ccc, ddd, eee, aaa, bbb, F1, KK5, in[2], 13); | ||
246 | ROUND(bbb, ccc, ddd, eee, aaa, F1, KK5, in[13], 6); | ||
247 | ROUND(aaa, bbb, ccc, ddd, eee, F1, KK5, in[14], 5); | ||
248 | ROUND(eee, aaa, bbb, ccc, ddd, F1, KK5, in[0], 15); | ||
249 | ROUND(ddd, eee, aaa, bbb, ccc, F1, KK5, in[3], 13); | ||
250 | ROUND(ccc, ddd, eee, aaa, bbb, F1, KK5, in[9], 11); | ||
251 | ROUND(bbb, ccc, ddd, eee, aaa, F1, KK5, in[11], 11); | ||
252 | |||
253 | /* combine results */ | ||
254 | ddd += cc + state[1]; /* final result for state[0] */ | ||
255 | state[1] = state[2] + dd + eee; | ||
256 | state[2] = state[3] + ee + aaa; | ||
257 | state[3] = state[4] + aa + bbb; | ||
258 | state[4] = state[0] + bb + ccc; | ||
259 | state[0] = ddd; | ||
260 | |||
261 | return; | ||
262 | } | ||
263 | |||
264 | static void rmd160_init(struct crypto_tfm *tfm) | ||
265 | { | ||
266 | struct rmd160_ctx *rctx = crypto_tfm_ctx(tfm); | ||
267 | |||
268 | rctx->byte_count = 0; | ||
269 | |||
270 | rctx->state[0] = RMD_H0; | ||
271 | rctx->state[1] = RMD_H1; | ||
272 | rctx->state[2] = RMD_H2; | ||
273 | rctx->state[3] = RMD_H3; | ||
274 | rctx->state[4] = RMD_H4; | ||
275 | |||
276 | memset(rctx->buffer, 0, sizeof(rctx->buffer)); | ||
277 | } | ||
278 | |||
279 | static void rmd160_update(struct crypto_tfm *tfm, const u8 *data, | ||
280 | unsigned int len) | ||
281 | { | ||
282 | struct rmd160_ctx *rctx = crypto_tfm_ctx(tfm); | ||
283 | const u32 avail = sizeof(rctx->buffer) - (rctx->byte_count & 0x3f); | ||
284 | |||
285 | rctx->byte_count += len; | ||
286 | |||
287 | /* Enough space in buffer? If so copy and we're done */ | ||
288 | if (avail > len) { | ||
289 | memcpy((char *)rctx->buffer + (sizeof(rctx->buffer) - avail), | ||
290 | data, len); | ||
291 | return; | ||
292 | } | ||
293 | |||
294 | memcpy((char *)rctx->buffer + (sizeof(rctx->buffer) - avail), | ||
295 | data, avail); | ||
296 | |||
297 | rmd160_transform(rctx->state, rctx->buffer); | ||
298 | data += avail; | ||
299 | len -= avail; | ||
300 | |||
301 | while (len >= sizeof(rctx->buffer)) { | ||
302 | memcpy(rctx->buffer, data, sizeof(rctx->buffer)); | ||
303 | rmd160_transform(rctx->state, rctx->buffer); | ||
304 | data += sizeof(rctx->buffer); | ||
305 | len -= sizeof(rctx->buffer); | ||
306 | } | ||
307 | |||
308 | memcpy(rctx->buffer, data, len); | ||
309 | } | ||
310 | |||
311 | /* Add padding and return the message digest. */ | ||
312 | static void rmd160_final(struct crypto_tfm *tfm, u8 *out) | ||
313 | { | ||
314 | struct rmd160_ctx *rctx = crypto_tfm_ctx(tfm); | ||
315 | u32 i, index, padlen; | ||
316 | __le64 bits; | ||
317 | __le32 *dst = (__le32 *)out; | ||
318 | static const u8 padding[64] = { 0x80, }; | ||
319 | |||
320 | bits = cpu_to_le64(rctx->byte_count << 3); | ||
321 | |||
322 | /* Pad out to 56 mod 64 */ | ||
323 | index = rctx->byte_count & 0x3f; | ||
324 | padlen = (index < 56) ? (56 - index) : ((64+56) - index); | ||
325 | rmd160_update(tfm, padding, padlen); | ||
326 | |||
327 | /* Append length */ | ||
328 | rmd160_update(tfm, (const u8 *)&bits, sizeof(bits)); | ||
329 | |||
330 | /* Store state in digest */ | ||
331 | for (i = 0; i < 5; i++) | ||
332 | dst[i] = cpu_to_le32p(&rctx->state[i]); | ||
333 | |||
334 | /* Wipe context */ | ||
335 | memset(rctx, 0, sizeof(*rctx)); | ||
336 | } | ||
337 | |||
338 | static struct crypto_alg alg = { | ||
339 | .cra_name = "rmd160", | ||
340 | .cra_driver_name = "rmd160", | ||
341 | .cra_flags = CRYPTO_ALG_TYPE_DIGEST, | ||
342 | .cra_blocksize = RMD160_BLOCK_SIZE, | ||
343 | .cra_ctxsize = sizeof(struct rmd160_ctx), | ||
344 | .cra_module = THIS_MODULE, | ||
345 | .cra_list = LIST_HEAD_INIT(alg.cra_list), | ||
346 | .cra_u = { .digest = { | ||
347 | .dia_digestsize = RMD160_DIGEST_SIZE, | ||
348 | .dia_init = rmd160_init, | ||
349 | .dia_update = rmd160_update, | ||
350 | .dia_final = rmd160_final } } | ||
351 | }; | ||
352 | |||
353 | static int __init rmd160_mod_init(void) | ||
354 | { | ||
355 | return crypto_register_alg(&alg); | ||
356 | } | ||
357 | |||
358 | static void __exit rmd160_mod_fini(void) | ||
359 | { | ||
360 | crypto_unregister_alg(&alg); | ||
361 | } | ||
362 | |||
363 | module_init(rmd160_mod_init); | ||
364 | module_exit(rmd160_mod_fini); | ||
365 | |||
366 | MODULE_LICENSE("GPL"); | ||
367 | MODULE_DESCRIPTION("RIPEMD-160 Message Digest"); | ||
368 | |||
369 | MODULE_ALIAS("rmd160"); | ||
diff --git a/crypto/rmd256.c b/crypto/rmd256.c new file mode 100644 index 000000000000..e3de5b4cb47f --- /dev/null +++ b/crypto/rmd256.c | |||
@@ -0,0 +1,344 @@ | |||
1 | /* | ||
2 | * Cryptographic API. | ||
3 | * | ||
4 | * RIPEMD-256 - RACE Integrity Primitives Evaluation Message Digest. | ||
5 | * | ||
6 | * Based on the reference implementation by Antoon Bosselaers, ESAT-COSIC | ||
7 | * | ||
8 | * Copyright (c) 2008 Adrian-Ken Rueegsegger <rueegsegger (at) swiss-it.ch> | ||
9 | * | ||
10 | * This program is free software; you can redistribute it and/or modify it | ||
11 | * under the terms of the GNU General Public License as published by the Free | ||
12 | * Software Foundation; either version 2 of the License, or (at your option) | ||
13 | * any later version. | ||
14 | * | ||
15 | */ | ||
16 | #include <linux/init.h> | ||
17 | #include <linux/module.h> | ||
18 | #include <linux/mm.h> | ||
19 | #include <linux/crypto.h> | ||
20 | #include <linux/cryptohash.h> | ||
21 | #include <linux/types.h> | ||
22 | #include <asm/byteorder.h> | ||
23 | |||
24 | #include "ripemd.h" | ||
25 | |||
26 | struct rmd256_ctx { | ||
27 | u64 byte_count; | ||
28 | u32 state[8]; | ||
29 | __le32 buffer[16]; | ||
30 | }; | ||
31 | |||
32 | #define K1 RMD_K1 | ||
33 | #define K2 RMD_K2 | ||
34 | #define K3 RMD_K3 | ||
35 | #define K4 RMD_K4 | ||
36 | #define KK1 RMD_K6 | ||
37 | #define KK2 RMD_K7 | ||
38 | #define KK3 RMD_K8 | ||
39 | #define KK4 RMD_K1 | ||
40 | |||
41 | #define F1(x, y, z) (x ^ y ^ z) /* XOR */ | ||
42 | #define F2(x, y, z) (z ^ (x & (y ^ z))) /* x ? y : z */ | ||
43 | #define F3(x, y, z) ((x | ~y) ^ z) | ||
44 | #define F4(x, y, z) (y ^ (z & (x ^ y))) /* z ? x : y */ | ||
45 | |||
46 | #define ROUND(a, b, c, d, f, k, x, s) { \ | ||
47 | (a) += f((b), (c), (d)) + le32_to_cpup(&(x)) + (k); \ | ||
48 | (a) = rol32((a), (s)); \ | ||
49 | } | ||
50 | |||
51 | static void rmd256_transform(u32 *state, const __le32 *in) | ||
52 | { | ||
53 | u32 aa, bb, cc, dd, aaa, bbb, ccc, ddd, tmp; | ||
54 | |||
55 | /* Initialize left lane */ | ||
56 | aa = state[0]; | ||
57 | bb = state[1]; | ||
58 | cc = state[2]; | ||
59 | dd = state[3]; | ||
60 | |||
61 | /* Initialize right lane */ | ||
62 | aaa = state[4]; | ||
63 | bbb = state[5]; | ||
64 | ccc = state[6]; | ||
65 | ddd = state[7]; | ||
66 | |||
67 | /* round 1: left lane */ | ||
68 | ROUND(aa, bb, cc, dd, F1, K1, in[0], 11); | ||
69 | ROUND(dd, aa, bb, cc, F1, K1, in[1], 14); | ||
70 | ROUND(cc, dd, aa, bb, F1, K1, in[2], 15); | ||
71 | ROUND(bb, cc, dd, aa, F1, K1, in[3], 12); | ||
72 | ROUND(aa, bb, cc, dd, F1, K1, in[4], 5); | ||
73 | ROUND(dd, aa, bb, cc, F1, K1, in[5], 8); | ||
74 | ROUND(cc, dd, aa, bb, F1, K1, in[6], 7); | ||
75 | ROUND(bb, cc, dd, aa, F1, K1, in[7], 9); | ||
76 | ROUND(aa, bb, cc, dd, F1, K1, in[8], 11); | ||
77 | ROUND(dd, aa, bb, cc, F1, K1, in[9], 13); | ||
78 | ROUND(cc, dd, aa, bb, F1, K1, in[10], 14); | ||
79 | ROUND(bb, cc, dd, aa, F1, K1, in[11], 15); | ||
80 | ROUND(aa, bb, cc, dd, F1, K1, in[12], 6); | ||
81 | ROUND(dd, aa, bb, cc, F1, K1, in[13], 7); | ||
82 | ROUND(cc, dd, aa, bb, F1, K1, in[14], 9); | ||
83 | ROUND(bb, cc, dd, aa, F1, K1, in[15], 8); | ||
84 | |||
85 | /* round 1: right lane */ | ||
86 | ROUND(aaa, bbb, ccc, ddd, F4, KK1, in[5], 8); | ||
87 | ROUND(ddd, aaa, bbb, ccc, F4, KK1, in[14], 9); | ||
88 | ROUND(ccc, ddd, aaa, bbb, F4, KK1, in[7], 9); | ||
89 | ROUND(bbb, ccc, ddd, aaa, F4, KK1, in[0], 11); | ||
90 | ROUND(aaa, bbb, ccc, ddd, F4, KK1, in[9], 13); | ||
91 | ROUND(ddd, aaa, bbb, ccc, F4, KK1, in[2], 15); | ||
92 | ROUND(ccc, ddd, aaa, bbb, F4, KK1, in[11], 15); | ||
93 | ROUND(bbb, ccc, ddd, aaa, F4, KK1, in[4], 5); | ||
94 | ROUND(aaa, bbb, ccc, ddd, F4, KK1, in[13], 7); | ||
95 | ROUND(ddd, aaa, bbb, ccc, F4, KK1, in[6], 7); | ||
96 | ROUND(ccc, ddd, aaa, bbb, F4, KK1, in[15], 8); | ||
97 | ROUND(bbb, ccc, ddd, aaa, F4, KK1, in[8], 11); | ||
98 | ROUND(aaa, bbb, ccc, ddd, F4, KK1, in[1], 14); | ||
99 | ROUND(ddd, aaa, bbb, ccc, F4, KK1, in[10], 14); | ||
100 | ROUND(ccc, ddd, aaa, bbb, F4, KK1, in[3], 12); | ||
101 | ROUND(bbb, ccc, ddd, aaa, F4, KK1, in[12], 6); | ||
102 | |||
103 | /* Swap contents of "a" registers */ | ||
104 | tmp = aa; aa = aaa; aaa = tmp; | ||
105 | |||
106 | /* round 2: left lane */ | ||
107 | ROUND(aa, bb, cc, dd, F2, K2, in[7], 7); | ||
108 | ROUND(dd, aa, bb, cc, F2, K2, in[4], 6); | ||
109 | ROUND(cc, dd, aa, bb, F2, K2, in[13], 8); | ||
110 | ROUND(bb, cc, dd, aa, F2, K2, in[1], 13); | ||
111 | ROUND(aa, bb, cc, dd, F2, K2, in[10], 11); | ||
112 | ROUND(dd, aa, bb, cc, F2, K2, in[6], 9); | ||
113 | ROUND(cc, dd, aa, bb, F2, K2, in[15], 7); | ||
114 | ROUND(bb, cc, dd, aa, F2, K2, in[3], 15); | ||
115 | ROUND(aa, bb, cc, dd, F2, K2, in[12], 7); | ||
116 | ROUND(dd, aa, bb, cc, F2, K2, in[0], 12); | ||
117 | ROUND(cc, dd, aa, bb, F2, K2, in[9], 15); | ||
118 | ROUND(bb, cc, dd, aa, F2, K2, in[5], 9); | ||
119 | ROUND(aa, bb, cc, dd, F2, K2, in[2], 11); | ||
120 | ROUND(dd, aa, bb, cc, F2, K2, in[14], 7); | ||
121 | ROUND(cc, dd, aa, bb, F2, K2, in[11], 13); | ||
122 | ROUND(bb, cc, dd, aa, F2, K2, in[8], 12); | ||
123 | |||
124 | /* round 2: right lane */ | ||
125 | ROUND(aaa, bbb, ccc, ddd, F3, KK2, in[6], 9); | ||
126 | ROUND(ddd, aaa, bbb, ccc, F3, KK2, in[11], 13); | ||
127 | ROUND(ccc, ddd, aaa, bbb, F3, KK2, in[3], 15); | ||
128 | ROUND(bbb, ccc, ddd, aaa, F3, KK2, in[7], 7); | ||
129 | ROUND(aaa, bbb, ccc, ddd, F3, KK2, in[0], 12); | ||
130 | ROUND(ddd, aaa, bbb, ccc, F3, KK2, in[13], 8); | ||
131 | ROUND(ccc, ddd, aaa, bbb, F3, KK2, in[5], 9); | ||
132 | ROUND(bbb, ccc, ddd, aaa, F3, KK2, in[10], 11); | ||
133 | ROUND(aaa, bbb, ccc, ddd, F3, KK2, in[14], 7); | ||
134 | ROUND(ddd, aaa, bbb, ccc, F3, KK2, in[15], 7); | ||
135 | ROUND(ccc, ddd, aaa, bbb, F3, KK2, in[8], 12); | ||
136 | ROUND(bbb, ccc, ddd, aaa, F3, KK2, in[12], 7); | ||
137 | ROUND(aaa, bbb, ccc, ddd, F3, KK2, in[4], 6); | ||
138 | ROUND(ddd, aaa, bbb, ccc, F3, KK2, in[9], 15); | ||
139 | ROUND(ccc, ddd, aaa, bbb, F3, KK2, in[1], 13); | ||
140 | ROUND(bbb, ccc, ddd, aaa, F3, KK2, in[2], 11); | ||
141 | |||
142 | /* Swap contents of "b" registers */ | ||
143 | tmp = bb; bb = bbb; bbb = tmp; | ||
144 | |||
145 | /* round 3: left lane */ | ||
146 | ROUND(aa, bb, cc, dd, F3, K3, in[3], 11); | ||
147 | ROUND(dd, aa, bb, cc, F3, K3, in[10], 13); | ||
148 | ROUND(cc, dd, aa, bb, F3, K3, in[14], 6); | ||
149 | ROUND(bb, cc, dd, aa, F3, K3, in[4], 7); | ||
150 | ROUND(aa, bb, cc, dd, F3, K3, in[9], 14); | ||
151 | ROUND(dd, aa, bb, cc, F3, K3, in[15], 9); | ||
152 | ROUND(cc, dd, aa, bb, F3, K3, in[8], 13); | ||
153 | ROUND(bb, cc, dd, aa, F3, K3, in[1], 15); | ||
154 | ROUND(aa, bb, cc, dd, F3, K3, in[2], 14); | ||
155 | ROUND(dd, aa, bb, cc, F3, K3, in[7], 8); | ||
156 | ROUND(cc, dd, aa, bb, F3, K3, in[0], 13); | ||
157 | ROUND(bb, cc, dd, aa, F3, K3, in[6], 6); | ||
158 | ROUND(aa, bb, cc, dd, F3, K3, in[13], 5); | ||
159 | ROUND(dd, aa, bb, cc, F3, K3, in[11], 12); | ||
160 | ROUND(cc, dd, aa, bb, F3, K3, in[5], 7); | ||
161 | ROUND(bb, cc, dd, aa, F3, K3, in[12], 5); | ||
162 | |||
163 | /* round 3: right lane */ | ||
164 | ROUND(aaa, bbb, ccc, ddd, F2, KK3, in[15], 9); | ||
165 | ROUND(ddd, aaa, bbb, ccc, F2, KK3, in[5], 7); | ||
166 | ROUND(ccc, ddd, aaa, bbb, F2, KK3, in[1], 15); | ||
167 | ROUND(bbb, ccc, ddd, aaa, F2, KK3, in[3], 11); | ||
168 | ROUND(aaa, bbb, ccc, ddd, F2, KK3, in[7], 8); | ||
169 | ROUND(ddd, aaa, bbb, ccc, F2, KK3, in[14], 6); | ||
170 | ROUND(ccc, ddd, aaa, bbb, F2, KK3, in[6], 6); | ||
171 | ROUND(bbb, ccc, ddd, aaa, F2, KK3, in[9], 14); | ||
172 | ROUND(aaa, bbb, ccc, ddd, F2, KK3, in[11], 12); | ||
173 | ROUND(ddd, aaa, bbb, ccc, F2, KK3, in[8], 13); | ||
174 | ROUND(ccc, ddd, aaa, bbb, F2, KK3, in[12], 5); | ||
175 | ROUND(bbb, ccc, ddd, aaa, F2, KK3, in[2], 14); | ||
176 | ROUND(aaa, bbb, ccc, ddd, F2, KK3, in[10], 13); | ||
177 | ROUND(ddd, aaa, bbb, ccc, F2, KK3, in[0], 13); | ||
178 | ROUND(ccc, ddd, aaa, bbb, F2, KK3, in[4], 7); | ||
179 | ROUND(bbb, ccc, ddd, aaa, F2, KK3, in[13], 5); | ||
180 | |||
181 | /* Swap contents of "c" registers */ | ||
182 | tmp = cc; cc = ccc; ccc = tmp; | ||
183 | |||
184 | /* round 4: left lane */ | ||
185 | ROUND(aa, bb, cc, dd, F4, K4, in[1], 11); | ||
186 | ROUND(dd, aa, bb, cc, F4, K4, in[9], 12); | ||
187 | ROUND(cc, dd, aa, bb, F4, K4, in[11], 14); | ||
188 | ROUND(bb, cc, dd, aa, F4, K4, in[10], 15); | ||
189 | ROUND(aa, bb, cc, dd, F4, K4, in[0], 14); | ||
190 | ROUND(dd, aa, bb, cc, F4, K4, in[8], 15); | ||
191 | ROUND(cc, dd, aa, bb, F4, K4, in[12], 9); | ||
192 | ROUND(bb, cc, dd, aa, F4, K4, in[4], 8); | ||
193 | ROUND(aa, bb, cc, dd, F4, K4, in[13], 9); | ||
194 | ROUND(dd, aa, bb, cc, F4, K4, in[3], 14); | ||
195 | ROUND(cc, dd, aa, bb, F4, K4, in[7], 5); | ||
196 | ROUND(bb, cc, dd, aa, F4, K4, in[15], 6); | ||
197 | ROUND(aa, bb, cc, dd, F4, K4, in[14], 8); | ||
198 | ROUND(dd, aa, bb, cc, F4, K4, in[5], 6); | ||
199 | ROUND(cc, dd, aa, bb, F4, K4, in[6], 5); | ||
200 | ROUND(bb, cc, dd, aa, F4, K4, in[2], 12); | ||
201 | |||
202 | /* round 4: right lane */ | ||
203 | ROUND(aaa, bbb, ccc, ddd, F1, KK4, in[8], 15); | ||
204 | ROUND(ddd, aaa, bbb, ccc, F1, KK4, in[6], 5); | ||
205 | ROUND(ccc, ddd, aaa, bbb, F1, KK4, in[4], 8); | ||
206 | ROUND(bbb, ccc, ddd, aaa, F1, KK4, in[1], 11); | ||
207 | ROUND(aaa, bbb, ccc, ddd, F1, KK4, in[3], 14); | ||
208 | ROUND(ddd, aaa, bbb, ccc, F1, KK4, in[11], 14); | ||
209 | ROUND(ccc, ddd, aaa, bbb, F1, KK4, in[15], 6); | ||
210 | ROUND(bbb, ccc, ddd, aaa, F1, KK4, in[0], 14); | ||
211 | ROUND(aaa, bbb, ccc, ddd, F1, KK4, in[5], 6); | ||
212 | ROUND(ddd, aaa, bbb, ccc, F1, KK4, in[12], 9); | ||
213 | ROUND(ccc, ddd, aaa, bbb, F1, KK4, in[2], 12); | ||
214 | ROUND(bbb, ccc, ddd, aaa, F1, KK4, in[13], 9); | ||
215 | ROUND(aaa, bbb, ccc, ddd, F1, KK4, in[9], 12); | ||
216 | ROUND(ddd, aaa, bbb, ccc, F1, KK4, in[7], 5); | ||
217 | ROUND(ccc, ddd, aaa, bbb, F1, KK4, in[10], 15); | ||
218 | ROUND(bbb, ccc, ddd, aaa, F1, KK4, in[14], 8); | ||
219 | |||
220 | /* Swap contents of "d" registers */ | ||
221 | tmp = dd; dd = ddd; ddd = tmp; | ||
222 | |||
223 | /* combine results */ | ||
224 | state[0] += aa; | ||
225 | state[1] += bb; | ||
226 | state[2] += cc; | ||
227 | state[3] += dd; | ||
228 | state[4] += aaa; | ||
229 | state[5] += bbb; | ||
230 | state[6] += ccc; | ||
231 | state[7] += ddd; | ||
232 | |||
233 | return; | ||
234 | } | ||
235 | |||
236 | static void rmd256_init(struct crypto_tfm *tfm) | ||
237 | { | ||
238 | struct rmd256_ctx *rctx = crypto_tfm_ctx(tfm); | ||
239 | |||
240 | rctx->byte_count = 0; | ||
241 | |||
242 | rctx->state[0] = RMD_H0; | ||
243 | rctx->state[1] = RMD_H1; | ||
244 | rctx->state[2] = RMD_H2; | ||
245 | rctx->state[3] = RMD_H3; | ||
246 | rctx->state[4] = RMD_H5; | ||
247 | rctx->state[5] = RMD_H6; | ||
248 | rctx->state[6] = RMD_H7; | ||
249 | rctx->state[7] = RMD_H8; | ||
250 | |||
251 | memset(rctx->buffer, 0, sizeof(rctx->buffer)); | ||
252 | } | ||
253 | |||
254 | static void rmd256_update(struct crypto_tfm *tfm, const u8 *data, | ||
255 | unsigned int len) | ||
256 | { | ||
257 | struct rmd256_ctx *rctx = crypto_tfm_ctx(tfm); | ||
258 | const u32 avail = sizeof(rctx->buffer) - (rctx->byte_count & 0x3f); | ||
259 | |||
260 | rctx->byte_count += len; | ||
261 | |||
262 | /* Enough space in buffer? If so copy and we're done */ | ||
263 | if (avail > len) { | ||
264 | memcpy((char *)rctx->buffer + (sizeof(rctx->buffer) - avail), | ||
265 | data, len); | ||
266 | return; | ||
267 | } | ||
268 | |||
269 | memcpy((char *)rctx->buffer + (sizeof(rctx->buffer) - avail), | ||
270 | data, avail); | ||
271 | |||
272 | rmd256_transform(rctx->state, rctx->buffer); | ||
273 | data += avail; | ||
274 | len -= avail; | ||
275 | |||
276 | while (len >= sizeof(rctx->buffer)) { | ||
277 | memcpy(rctx->buffer, data, sizeof(rctx->buffer)); | ||
278 | rmd256_transform(rctx->state, rctx->buffer); | ||
279 | data += sizeof(rctx->buffer); | ||
280 | len -= sizeof(rctx->buffer); | ||
281 | } | ||
282 | |||
283 | memcpy(rctx->buffer, data, len); | ||
284 | } | ||
285 | |||
286 | /* Add padding and return the message digest. */ | ||
287 | static void rmd256_final(struct crypto_tfm *tfm, u8 *out) | ||
288 | { | ||
289 | struct rmd256_ctx *rctx = crypto_tfm_ctx(tfm); | ||
290 | u32 i, index, padlen; | ||
291 | __le64 bits; | ||
292 | __le32 *dst = (__le32 *)out; | ||
293 | static const u8 padding[64] = { 0x80, }; | ||
294 | |||
295 | bits = cpu_to_le64(rctx->byte_count << 3); | ||
296 | |||
297 | /* Pad out to 56 mod 64 */ | ||
298 | index = rctx->byte_count & 0x3f; | ||
299 | padlen = (index < 56) ? (56 - index) : ((64+56) - index); | ||
300 | rmd256_update(tfm, padding, padlen); | ||
301 | |||
302 | /* Append length */ | ||
303 | rmd256_update(tfm, (const u8 *)&bits, sizeof(bits)); | ||
304 | |||
305 | /* Store state in digest */ | ||
306 | for (i = 0; i < 8; i++) | ||
307 | dst[i] = cpu_to_le32p(&rctx->state[i]); | ||
308 | |||
309 | /* Wipe context */ | ||
310 | memset(rctx, 0, sizeof(*rctx)); | ||
311 | } | ||
312 | |||
313 | static struct crypto_alg alg = { | ||
314 | .cra_name = "rmd256", | ||
315 | .cra_driver_name = "rmd256", | ||
316 | .cra_flags = CRYPTO_ALG_TYPE_DIGEST, | ||
317 | .cra_blocksize = RMD256_BLOCK_SIZE, | ||
318 | .cra_ctxsize = sizeof(struct rmd256_ctx), | ||
319 | .cra_module = THIS_MODULE, | ||
320 | .cra_list = LIST_HEAD_INIT(alg.cra_list), | ||
321 | .cra_u = { .digest = { | ||
322 | .dia_digestsize = RMD256_DIGEST_SIZE, | ||
323 | .dia_init = rmd256_init, | ||
324 | .dia_update = rmd256_update, | ||
325 | .dia_final = rmd256_final } } | ||
326 | }; | ||
327 | |||
328 | static int __init rmd256_mod_init(void) | ||
329 | { | ||
330 | return crypto_register_alg(&alg); | ||
331 | } | ||
332 | |||
333 | static void __exit rmd256_mod_fini(void) | ||
334 | { | ||
335 | crypto_unregister_alg(&alg); | ||
336 | } | ||
337 | |||
338 | module_init(rmd256_mod_init); | ||
339 | module_exit(rmd256_mod_fini); | ||
340 | |||
341 | MODULE_LICENSE("GPL"); | ||
342 | MODULE_DESCRIPTION("RIPEMD-256 Message Digest"); | ||
343 | |||
344 | MODULE_ALIAS("rmd256"); | ||
diff --git a/crypto/rmd320.c b/crypto/rmd320.c new file mode 100644 index 000000000000..b143d66e42c8 --- /dev/null +++ b/crypto/rmd320.c | |||
@@ -0,0 +1,393 @@ | |||
1 | /* | ||
2 | * Cryptographic API. | ||
3 | * | ||
4 | * RIPEMD-320 - RACE Integrity Primitives Evaluation Message Digest. | ||
5 | * | ||
6 | * Based on the reference implementation by Antoon Bosselaers, ESAT-COSIC | ||
7 | * | ||
8 | * Copyright (c) 2008 Adrian-Ken Rueegsegger <rueegsegger (at) swiss-it.ch> | ||
9 | * | ||
10 | * This program is free software; you can redistribute it and/or modify it | ||
11 | * under the terms of the GNU General Public License as published by the Free | ||
12 | * Software Foundation; either version 2 of the License, or (at your option) | ||
13 | * any later version. | ||
14 | * | ||
15 | */ | ||
16 | #include <linux/init.h> | ||
17 | #include <linux/module.h> | ||
18 | #include <linux/mm.h> | ||
19 | #include <linux/crypto.h> | ||
20 | #include <linux/cryptohash.h> | ||
21 | #include <linux/types.h> | ||
22 | #include <asm/byteorder.h> | ||
23 | |||
24 | #include "ripemd.h" | ||
25 | |||
26 | struct rmd320_ctx { | ||
27 | u64 byte_count; | ||
28 | u32 state[10]; | ||
29 | __le32 buffer[16]; | ||
30 | }; | ||
31 | |||
32 | #define K1 RMD_K1 | ||
33 | #define K2 RMD_K2 | ||
34 | #define K3 RMD_K3 | ||
35 | #define K4 RMD_K4 | ||
36 | #define K5 RMD_K5 | ||
37 | #define KK1 RMD_K6 | ||
38 | #define KK2 RMD_K7 | ||
39 | #define KK3 RMD_K8 | ||
40 | #define KK4 RMD_K9 | ||
41 | #define KK5 RMD_K1 | ||
42 | |||
43 | #define F1(x, y, z) (x ^ y ^ z) /* XOR */ | ||
44 | #define F2(x, y, z) (z ^ (x & (y ^ z))) /* x ? y : z */ | ||
45 | #define F3(x, y, z) ((x | ~y) ^ z) | ||
46 | #define F4(x, y, z) (y ^ (z & (x ^ y))) /* z ? x : y */ | ||
47 | #define F5(x, y, z) (x ^ (y | ~z)) | ||
48 | |||
49 | #define ROUND(a, b, c, d, e, f, k, x, s) { \ | ||
50 | (a) += f((b), (c), (d)) + le32_to_cpup(&(x)) + (k); \ | ||
51 | (a) = rol32((a), (s)) + (e); \ | ||
52 | (c) = rol32((c), 10); \ | ||
53 | } | ||
54 | |||
55 | static void rmd320_transform(u32 *state, const __le32 *in) | ||
56 | { | ||
57 | u32 aa, bb, cc, dd, ee, aaa, bbb, ccc, ddd, eee, tmp; | ||
58 | |||
59 | /* Initialize left lane */ | ||
60 | aa = state[0]; | ||
61 | bb = state[1]; | ||
62 | cc = state[2]; | ||
63 | dd = state[3]; | ||
64 | ee = state[4]; | ||
65 | |||
66 | /* Initialize right lane */ | ||
67 | aaa = state[5]; | ||
68 | bbb = state[6]; | ||
69 | ccc = state[7]; | ||
70 | ddd = state[8]; | ||
71 | eee = state[9]; | ||
72 | |||
73 | /* round 1: left lane */ | ||
74 | ROUND(aa, bb, cc, dd, ee, F1, K1, in[0], 11); | ||
75 | ROUND(ee, aa, bb, cc, dd, F1, K1, in[1], 14); | ||
76 | ROUND(dd, ee, aa, bb, cc, F1, K1, in[2], 15); | ||
77 | ROUND(cc, dd, ee, aa, bb, F1, K1, in[3], 12); | ||
78 | ROUND(bb, cc, dd, ee, aa, F1, K1, in[4], 5); | ||
79 | ROUND(aa, bb, cc, dd, ee, F1, K1, in[5], 8); | ||
80 | ROUND(ee, aa, bb, cc, dd, F1, K1, in[6], 7); | ||
81 | ROUND(dd, ee, aa, bb, cc, F1, K1, in[7], 9); | ||
82 | ROUND(cc, dd, ee, aa, bb, F1, K1, in[8], 11); | ||
83 | ROUND(bb, cc, dd, ee, aa, F1, K1, in[9], 13); | ||
84 | ROUND(aa, bb, cc, dd, ee, F1, K1, in[10], 14); | ||
85 | ROUND(ee, aa, bb, cc, dd, F1, K1, in[11], 15); | ||
86 | ROUND(dd, ee, aa, bb, cc, F1, K1, in[12], 6); | ||
87 | ROUND(cc, dd, ee, aa, bb, F1, K1, in[13], 7); | ||
88 | ROUND(bb, cc, dd, ee, aa, F1, K1, in[14], 9); | ||
89 | ROUND(aa, bb, cc, dd, ee, F1, K1, in[15], 8); | ||
90 | |||
91 | /* round 1: right lane */ | ||
92 | ROUND(aaa, bbb, ccc, ddd, eee, F5, KK1, in[5], 8); | ||
93 | ROUND(eee, aaa, bbb, ccc, ddd, F5, KK1, in[14], 9); | ||
94 | ROUND(ddd, eee, aaa, bbb, ccc, F5, KK1, in[7], 9); | ||
95 | ROUND(ccc, ddd, eee, aaa, bbb, F5, KK1, in[0], 11); | ||
96 | ROUND(bbb, ccc, ddd, eee, aaa, F5, KK1, in[9], 13); | ||
97 | ROUND(aaa, bbb, ccc, ddd, eee, F5, KK1, in[2], 15); | ||
98 | ROUND(eee, aaa, bbb, ccc, ddd, F5, KK1, in[11], 15); | ||
99 | ROUND(ddd, eee, aaa, bbb, ccc, F5, KK1, in[4], 5); | ||
100 | ROUND(ccc, ddd, eee, aaa, bbb, F5, KK1, in[13], 7); | ||
101 | ROUND(bbb, ccc, ddd, eee, aaa, F5, KK1, in[6], 7); | ||
102 | ROUND(aaa, bbb, ccc, ddd, eee, F5, KK1, in[15], 8); | ||
103 | ROUND(eee, aaa, bbb, ccc, ddd, F5, KK1, in[8], 11); | ||
104 | ROUND(ddd, eee, aaa, bbb, ccc, F5, KK1, in[1], 14); | ||
105 | ROUND(ccc, ddd, eee, aaa, bbb, F5, KK1, in[10], 14); | ||
106 | ROUND(bbb, ccc, ddd, eee, aaa, F5, KK1, in[3], 12); | ||
107 | ROUND(aaa, bbb, ccc, ddd, eee, F5, KK1, in[12], 6); | ||
108 | |||
109 | /* Swap contents of "a" registers */ | ||
110 | tmp = aa; aa = aaa; aaa = tmp; | ||
111 | |||
112 | /* round 2: left lane" */ | ||
113 | ROUND(ee, aa, bb, cc, dd, F2, K2, in[7], 7); | ||
114 | ROUND(dd, ee, aa, bb, cc, F2, K2, in[4], 6); | ||
115 | ROUND(cc, dd, ee, aa, bb, F2, K2, in[13], 8); | ||
116 | ROUND(bb, cc, dd, ee, aa, F2, K2, in[1], 13); | ||
117 | ROUND(aa, bb, cc, dd, ee, F2, K2, in[10], 11); | ||
118 | ROUND(ee, aa, bb, cc, dd, F2, K2, in[6], 9); | ||
119 | ROUND(dd, ee, aa, bb, cc, F2, K2, in[15], 7); | ||
120 | ROUND(cc, dd, ee, aa, bb, F2, K2, in[3], 15); | ||
121 | ROUND(bb, cc, dd, ee, aa, F2, K2, in[12], 7); | ||
122 | ROUND(aa, bb, cc, dd, ee, F2, K2, in[0], 12); | ||
123 | ROUND(ee, aa, bb, cc, dd, F2, K2, in[9], 15); | ||
124 | ROUND(dd, ee, aa, bb, cc, F2, K2, in[5], 9); | ||
125 | ROUND(cc, dd, ee, aa, bb, F2, K2, in[2], 11); | ||
126 | ROUND(bb, cc, dd, ee, aa, F2, K2, in[14], 7); | ||
127 | ROUND(aa, bb, cc, dd, ee, F2, K2, in[11], 13); | ||
128 | ROUND(ee, aa, bb, cc, dd, F2, K2, in[8], 12); | ||
129 | |||
130 | /* round 2: right lane */ | ||
131 | ROUND(eee, aaa, bbb, ccc, ddd, F4, KK2, in[6], 9); | ||
132 | ROUND(ddd, eee, aaa, bbb, ccc, F4, KK2, in[11], 13); | ||
133 | ROUND(ccc, ddd, eee, aaa, bbb, F4, KK2, in[3], 15); | ||
134 | ROUND(bbb, ccc, ddd, eee, aaa, F4, KK2, in[7], 7); | ||
135 | ROUND(aaa, bbb, ccc, ddd, eee, F4, KK2, in[0], 12); | ||
136 | ROUND(eee, aaa, bbb, ccc, ddd, F4, KK2, in[13], 8); | ||
137 | ROUND(ddd, eee, aaa, bbb, ccc, F4, KK2, in[5], 9); | ||
138 | ROUND(ccc, ddd, eee, aaa, bbb, F4, KK2, in[10], 11); | ||
139 | ROUND(bbb, ccc, ddd, eee, aaa, F4, KK2, in[14], 7); | ||
140 | ROUND(aaa, bbb, ccc, ddd, eee, F4, KK2, in[15], 7); | ||
141 | ROUND(eee, aaa, bbb, ccc, ddd, F4, KK2, in[8], 12); | ||
142 | ROUND(ddd, eee, aaa, bbb, ccc, F4, KK2, in[12], 7); | ||
143 | ROUND(ccc, ddd, eee, aaa, bbb, F4, KK2, in[4], 6); | ||
144 | ROUND(bbb, ccc, ddd, eee, aaa, F4, KK2, in[9], 15); | ||
145 | ROUND(aaa, bbb, ccc, ddd, eee, F4, KK2, in[1], 13); | ||
146 | ROUND(eee, aaa, bbb, ccc, ddd, F4, KK2, in[2], 11); | ||
147 | |||
148 | /* Swap contents of "b" registers */ | ||
149 | tmp = bb; bb = bbb; bbb = tmp; | ||
150 | |||
151 | /* round 3: left lane" */ | ||
152 | ROUND(dd, ee, aa, bb, cc, F3, K3, in[3], 11); | ||
153 | ROUND(cc, dd, ee, aa, bb, F3, K3, in[10], 13); | ||
154 | ROUND(bb, cc, dd, ee, aa, F3, K3, in[14], 6); | ||
155 | ROUND(aa, bb, cc, dd, ee, F3, K3, in[4], 7); | ||
156 | ROUND(ee, aa, bb, cc, dd, F3, K3, in[9], 14); | ||
157 | ROUND(dd, ee, aa, bb, cc, F3, K3, in[15], 9); | ||
158 | ROUND(cc, dd, ee, aa, bb, F3, K3, in[8], 13); | ||
159 | ROUND(bb, cc, dd, ee, aa, F3, K3, in[1], 15); | ||
160 | ROUND(aa, bb, cc, dd, ee, F3, K3, in[2], 14); | ||
161 | ROUND(ee, aa, bb, cc, dd, F3, K3, in[7], 8); | ||
162 | ROUND(dd, ee, aa, bb, cc, F3, K3, in[0], 13); | ||
163 | ROUND(cc, dd, ee, aa, bb, F3, K3, in[6], 6); | ||
164 | ROUND(bb, cc, dd, ee, aa, F3, K3, in[13], 5); | ||
165 | ROUND(aa, bb, cc, dd, ee, F3, K3, in[11], 12); | ||
166 | ROUND(ee, aa, bb, cc, dd, F3, K3, in[5], 7); | ||
167 | ROUND(dd, ee, aa, bb, cc, F3, K3, in[12], 5); | ||
168 | |||
169 | /* round 3: right lane */ | ||
170 | ROUND(ddd, eee, aaa, bbb, ccc, F3, KK3, in[15], 9); | ||
171 | ROUND(ccc, ddd, eee, aaa, bbb, F3, KK3, in[5], 7); | ||
172 | ROUND(bbb, ccc, ddd, eee, aaa, F3, KK3, in[1], 15); | ||
173 | ROUND(aaa, bbb, ccc, ddd, eee, F3, KK3, in[3], 11); | ||
174 | ROUND(eee, aaa, bbb, ccc, ddd, F3, KK3, in[7], 8); | ||
175 | ROUND(ddd, eee, aaa, bbb, ccc, F3, KK3, in[14], 6); | ||
176 | ROUND(ccc, ddd, eee, aaa, bbb, F3, KK3, in[6], 6); | ||
177 | ROUND(bbb, ccc, ddd, eee, aaa, F3, KK3, in[9], 14); | ||
178 | ROUND(aaa, bbb, ccc, ddd, eee, F3, KK3, in[11], 12); | ||
179 | ROUND(eee, aaa, bbb, ccc, ddd, F3, KK3, in[8], 13); | ||
180 | ROUND(ddd, eee, aaa, bbb, ccc, F3, KK3, in[12], 5); | ||
181 | ROUND(ccc, ddd, eee, aaa, bbb, F3, KK3, in[2], 14); | ||
182 | ROUND(bbb, ccc, ddd, eee, aaa, F3, KK3, in[10], 13); | ||
183 | ROUND(aaa, bbb, ccc, ddd, eee, F3, KK3, in[0], 13); | ||
184 | ROUND(eee, aaa, bbb, ccc, ddd, F3, KK3, in[4], 7); | ||
185 | ROUND(ddd, eee, aaa, bbb, ccc, F3, KK3, in[13], 5); | ||
186 | |||
187 | /* Swap contents of "c" registers */ | ||
188 | tmp = cc; cc = ccc; ccc = tmp; | ||
189 | |||
190 | /* round 4: left lane" */ | ||
191 | ROUND(cc, dd, ee, aa, bb, F4, K4, in[1], 11); | ||
192 | ROUND(bb, cc, dd, ee, aa, F4, K4, in[9], 12); | ||
193 | ROUND(aa, bb, cc, dd, ee, F4, K4, in[11], 14); | ||
194 | ROUND(ee, aa, bb, cc, dd, F4, K4, in[10], 15); | ||
195 | ROUND(dd, ee, aa, bb, cc, F4, K4, in[0], 14); | ||
196 | ROUND(cc, dd, ee, aa, bb, F4, K4, in[8], 15); | ||
197 | ROUND(bb, cc, dd, ee, aa, F4, K4, in[12], 9); | ||
198 | ROUND(aa, bb, cc, dd, ee, F4, K4, in[4], 8); | ||
199 | ROUND(ee, aa, bb, cc, dd, F4, K4, in[13], 9); | ||
200 | ROUND(dd, ee, aa, bb, cc, F4, K4, in[3], 14); | ||
201 | ROUND(cc, dd, ee, aa, bb, F4, K4, in[7], 5); | ||
202 | ROUND(bb, cc, dd, ee, aa, F4, K4, in[15], 6); | ||
203 | ROUND(aa, bb, cc, dd, ee, F4, K4, in[14], 8); | ||
204 | ROUND(ee, aa, bb, cc, dd, F4, K4, in[5], 6); | ||
205 | ROUND(dd, ee, aa, bb, cc, F4, K4, in[6], 5); | ||
206 | ROUND(cc, dd, ee, aa, bb, F4, K4, in[2], 12); | ||
207 | |||
208 | /* round 4: right lane */ | ||
209 | ROUND(ccc, ddd, eee, aaa, bbb, F2, KK4, in[8], 15); | ||
210 | ROUND(bbb, ccc, ddd, eee, aaa, F2, KK4, in[6], 5); | ||
211 | ROUND(aaa, bbb, ccc, ddd, eee, F2, KK4, in[4], 8); | ||
212 | ROUND(eee, aaa, bbb, ccc, ddd, F2, KK4, in[1], 11); | ||
213 | ROUND(ddd, eee, aaa, bbb, ccc, F2, KK4, in[3], 14); | ||
214 | ROUND(ccc, ddd, eee, aaa, bbb, F2, KK4, in[11], 14); | ||
215 | ROUND(bbb, ccc, ddd, eee, aaa, F2, KK4, in[15], 6); | ||
216 | ROUND(aaa, bbb, ccc, ddd, eee, F2, KK4, in[0], 14); | ||
217 | ROUND(eee, aaa, bbb, ccc, ddd, F2, KK4, in[5], 6); | ||
218 | ROUND(ddd, eee, aaa, bbb, ccc, F2, KK4, in[12], 9); | ||
219 | ROUND(ccc, ddd, eee, aaa, bbb, F2, KK4, in[2], 12); | ||
220 | ROUND(bbb, ccc, ddd, eee, aaa, F2, KK4, in[13], 9); | ||
221 | ROUND(aaa, bbb, ccc, ddd, eee, F2, KK4, in[9], 12); | ||
222 | ROUND(eee, aaa, bbb, ccc, ddd, F2, KK4, in[7], 5); | ||
223 | ROUND(ddd, eee, aaa, bbb, ccc, F2, KK4, in[10], 15); | ||
224 | ROUND(ccc, ddd, eee, aaa, bbb, F2, KK4, in[14], 8); | ||
225 | |||
226 | /* Swap contents of "d" registers */ | ||
227 | tmp = dd; dd = ddd; ddd = tmp; | ||
228 | |||
229 | /* round 5: left lane" */ | ||
230 | ROUND(bb, cc, dd, ee, aa, F5, K5, in[4], 9); | ||
231 | ROUND(aa, bb, cc, dd, ee, F5, K5, in[0], 15); | ||
232 | ROUND(ee, aa, bb, cc, dd, F5, K5, in[5], 5); | ||
233 | ROUND(dd, ee, aa, bb, cc, F5, K5, in[9], 11); | ||
234 | ROUND(cc, dd, ee, aa, bb, F5, K5, in[7], 6); | ||
235 | ROUND(bb, cc, dd, ee, aa, F5, K5, in[12], 8); | ||
236 | ROUND(aa, bb, cc, dd, ee, F5, K5, in[2], 13); | ||
237 | ROUND(ee, aa, bb, cc, dd, F5, K5, in[10], 12); | ||
238 | ROUND(dd, ee, aa, bb, cc, F5, K5, in[14], 5); | ||
239 | ROUND(cc, dd, ee, aa, bb, F5, K5, in[1], 12); | ||
240 | ROUND(bb, cc, dd, ee, aa, F5, K5, in[3], 13); | ||
241 | ROUND(aa, bb, cc, dd, ee, F5, K5, in[8], 14); | ||
242 | ROUND(ee, aa, bb, cc, dd, F5, K5, in[11], 11); | ||
243 | ROUND(dd, ee, aa, bb, cc, F5, K5, in[6], 8); | ||
244 | ROUND(cc, dd, ee, aa, bb, F5, K5, in[15], 5); | ||
245 | ROUND(bb, cc, dd, ee, aa, F5, K5, in[13], 6); | ||
246 | |||
247 | /* round 5: right lane */ | ||
248 | ROUND(bbb, ccc, ddd, eee, aaa, F1, KK5, in[12], 8); | ||
249 | ROUND(aaa, bbb, ccc, ddd, eee, F1, KK5, in[15], 5); | ||
250 | ROUND(eee, aaa, bbb, ccc, ddd, F1, KK5, in[10], 12); | ||
251 | ROUND(ddd, eee, aaa, bbb, ccc, F1, KK5, in[4], 9); | ||
252 | ROUND(ccc, ddd, eee, aaa, bbb, F1, KK5, in[1], 12); | ||
253 | ROUND(bbb, ccc, ddd, eee, aaa, F1, KK5, in[5], 5); | ||
254 | ROUND(aaa, bbb, ccc, ddd, eee, F1, KK5, in[8], 14); | ||
255 | ROUND(eee, aaa, bbb, ccc, ddd, F1, KK5, in[7], 6); | ||
256 | ROUND(ddd, eee, aaa, bbb, ccc, F1, KK5, in[6], 8); | ||
257 | ROUND(ccc, ddd, eee, aaa, bbb, F1, KK5, in[2], 13); | ||
258 | ROUND(bbb, ccc, ddd, eee, aaa, F1, KK5, in[13], 6); | ||
259 | ROUND(aaa, bbb, ccc, ddd, eee, F1, KK5, in[14], 5); | ||
260 | ROUND(eee, aaa, bbb, ccc, ddd, F1, KK5, in[0], 15); | ||
261 | ROUND(ddd, eee, aaa, bbb, ccc, F1, KK5, in[3], 13); | ||
262 | ROUND(ccc, ddd, eee, aaa, bbb, F1, KK5, in[9], 11); | ||
263 | ROUND(bbb, ccc, ddd, eee, aaa, F1, KK5, in[11], 11); | ||
264 | |||
265 | /* Swap contents of "e" registers */ | ||
266 | tmp = ee; ee = eee; eee = tmp; | ||
267 | |||
268 | /* combine results */ | ||
269 | state[0] += aa; | ||
270 | state[1] += bb; | ||
271 | state[2] += cc; | ||
272 | state[3] += dd; | ||
273 | state[4] += ee; | ||
274 | state[5] += aaa; | ||
275 | state[6] += bbb; | ||
276 | state[7] += ccc; | ||
277 | state[8] += ddd; | ||
278 | state[9] += eee; | ||
279 | |||
280 | return; | ||
281 | } | ||
282 | |||
283 | static void rmd320_init(struct crypto_tfm *tfm) | ||
284 | { | ||
285 | struct rmd320_ctx *rctx = crypto_tfm_ctx(tfm); | ||
286 | |||
287 | rctx->byte_count = 0; | ||
288 | |||
289 | rctx->state[0] = RMD_H0; | ||
290 | rctx->state[1] = RMD_H1; | ||
291 | rctx->state[2] = RMD_H2; | ||
292 | rctx->state[3] = RMD_H3; | ||
293 | rctx->state[4] = RMD_H4; | ||
294 | rctx->state[5] = RMD_H5; | ||
295 | rctx->state[6] = RMD_H6; | ||
296 | rctx->state[7] = RMD_H7; | ||
297 | rctx->state[8] = RMD_H8; | ||
298 | rctx->state[9] = RMD_H9; | ||
299 | |||
300 | memset(rctx->buffer, 0, sizeof(rctx->buffer)); | ||
301 | } | ||
302 | |||
303 | static void rmd320_update(struct crypto_tfm *tfm, const u8 *data, | ||
304 | unsigned int len) | ||
305 | { | ||
306 | struct rmd320_ctx *rctx = crypto_tfm_ctx(tfm); | ||
307 | const u32 avail = sizeof(rctx->buffer) - (rctx->byte_count & 0x3f); | ||
308 | |||
309 | rctx->byte_count += len; | ||
310 | |||
311 | /* Enough space in buffer? If so copy and we're done */ | ||
312 | if (avail > len) { | ||
313 | memcpy((char *)rctx->buffer + (sizeof(rctx->buffer) - avail), | ||
314 | data, len); | ||
315 | return; | ||
316 | } | ||
317 | |||
318 | memcpy((char *)rctx->buffer + (sizeof(rctx->buffer) - avail), | ||
319 | data, avail); | ||
320 | |||
321 | rmd320_transform(rctx->state, rctx->buffer); | ||
322 | data += avail; | ||
323 | len -= avail; | ||
324 | |||
325 | while (len >= sizeof(rctx->buffer)) { | ||
326 | memcpy(rctx->buffer, data, sizeof(rctx->buffer)); | ||
327 | rmd320_transform(rctx->state, rctx->buffer); | ||
328 | data += sizeof(rctx->buffer); | ||
329 | len -= sizeof(rctx->buffer); | ||
330 | } | ||
331 | |||
332 | memcpy(rctx->buffer, data, len); | ||
333 | } | ||
334 | |||
335 | /* Add padding and return the message digest. */ | ||
336 | static void rmd320_final(struct crypto_tfm *tfm, u8 *out) | ||
337 | { | ||
338 | struct rmd320_ctx *rctx = crypto_tfm_ctx(tfm); | ||
339 | u32 i, index, padlen; | ||
340 | __le64 bits; | ||
341 | __le32 *dst = (__le32 *)out; | ||
342 | static const u8 padding[64] = { 0x80, }; | ||
343 | |||
344 | bits = cpu_to_le64(rctx->byte_count << 3); | ||
345 | |||
346 | /* Pad out to 56 mod 64 */ | ||
347 | index = rctx->byte_count & 0x3f; | ||
348 | padlen = (index < 56) ? (56 - index) : ((64+56) - index); | ||
349 | rmd320_update(tfm, padding, padlen); | ||
350 | |||
351 | /* Append length */ | ||
352 | rmd320_update(tfm, (const u8 *)&bits, sizeof(bits)); | ||
353 | |||
354 | /* Store state in digest */ | ||
355 | for (i = 0; i < 10; i++) | ||
356 | dst[i] = cpu_to_le32p(&rctx->state[i]); | ||
357 | |||
358 | /* Wipe context */ | ||
359 | memset(rctx, 0, sizeof(*rctx)); | ||
360 | } | ||
361 | |||
362 | static struct crypto_alg alg = { | ||
363 | .cra_name = "rmd320", | ||
364 | .cra_driver_name = "rmd320", | ||
365 | .cra_flags = CRYPTO_ALG_TYPE_DIGEST, | ||
366 | .cra_blocksize = RMD320_BLOCK_SIZE, | ||
367 | .cra_ctxsize = sizeof(struct rmd320_ctx), | ||
368 | .cra_module = THIS_MODULE, | ||
369 | .cra_list = LIST_HEAD_INIT(alg.cra_list), | ||
370 | .cra_u = { .digest = { | ||
371 | .dia_digestsize = RMD320_DIGEST_SIZE, | ||
372 | .dia_init = rmd320_init, | ||
373 | .dia_update = rmd320_update, | ||
374 | .dia_final = rmd320_final } } | ||
375 | }; | ||
376 | |||
377 | static int __init rmd320_mod_init(void) | ||
378 | { | ||
379 | return crypto_register_alg(&alg); | ||
380 | } | ||
381 | |||
382 | static void __exit rmd320_mod_fini(void) | ||
383 | { | ||
384 | crypto_unregister_alg(&alg); | ||
385 | } | ||
386 | |||
387 | module_init(rmd320_mod_init); | ||
388 | module_exit(rmd320_mod_fini); | ||
389 | |||
390 | MODULE_LICENSE("GPL"); | ||
391 | MODULE_DESCRIPTION("RIPEMD-320 Message Digest"); | ||
392 | |||
393 | MODULE_ALIAS("rmd320"); | ||
diff --git a/crypto/tcrypt.c b/crypto/tcrypt.c index 6beabc5abd07..59821a22d752 100644 --- a/crypto/tcrypt.c +++ b/crypto/tcrypt.c | |||
@@ -13,15 +13,9 @@ | |||
13 | * Software Foundation; either version 2 of the License, or (at your option) | 13 | * Software Foundation; either version 2 of the License, or (at your option) |
14 | * any later version. | 14 | * any later version. |
15 | * | 15 | * |
16 | * 2007-11-13 Added GCM tests | ||
17 | * 2007-11-13 Added AEAD support | ||
18 | * 2007-11-06 Added SHA-224 and SHA-224-HMAC tests | ||
19 | * 2006-12-07 Added SHA384 HMAC and SHA512 HMAC tests | ||
20 | * 2004-08-09 Added cipher speed tests (Reyk Floeter <reyk@vantronix.net>) | ||
21 | * 2003-09-14 Rewritten by Kartikey Mahendra Bhatt | ||
22 | * | ||
23 | */ | 16 | */ |
24 | 17 | ||
18 | #include <crypto/hash.h> | ||
25 | #include <linux/err.h> | 19 | #include <linux/err.h> |
26 | #include <linux/init.h> | 20 | #include <linux/init.h> |
27 | #include <linux/module.h> | 21 | #include <linux/module.h> |
@@ -30,7 +24,6 @@ | |||
30 | #include <linux/scatterlist.h> | 24 | #include <linux/scatterlist.h> |
31 | #include <linux/string.h> | 25 | #include <linux/string.h> |
32 | #include <linux/crypto.h> | 26 | #include <linux/crypto.h> |
33 | #include <linux/highmem.h> | ||
34 | #include <linux/moduleparam.h> | 27 | #include <linux/moduleparam.h> |
35 | #include <linux/jiffies.h> | 28 | #include <linux/jiffies.h> |
36 | #include <linux/timex.h> | 29 | #include <linux/timex.h> |
@@ -38,7 +31,7 @@ | |||
38 | #include "tcrypt.h" | 31 | #include "tcrypt.h" |
39 | 32 | ||
40 | /* | 33 | /* |
41 | * Need to kmalloc() memory for testing kmap(). | 34 | * Need to kmalloc() memory for testing. |
42 | */ | 35 | */ |
43 | #define TVMEMSIZE 16384 | 36 | #define TVMEMSIZE 16384 |
44 | #define XBUFSIZE 32768 | 37 | #define XBUFSIZE 32768 |
@@ -46,7 +39,7 @@ | |||
46 | /* | 39 | /* |
47 | * Indexes into the xbuf to simulate cross-page access. | 40 | * Indexes into the xbuf to simulate cross-page access. |
48 | */ | 41 | */ |
49 | #define IDX1 37 | 42 | #define IDX1 32 |
50 | #define IDX2 32400 | 43 | #define IDX2 32400 |
51 | #define IDX3 1 | 44 | #define IDX3 1 |
52 | #define IDX4 8193 | 45 | #define IDX4 8193 |
@@ -83,7 +76,8 @@ static char *check[] = { | |||
83 | "blowfish", "twofish", "serpent", "sha384", "sha512", "md4", "aes", | 76 | "blowfish", "twofish", "serpent", "sha384", "sha512", "md4", "aes", |
84 | "cast6", "arc4", "michael_mic", "deflate", "crc32c", "tea", "xtea", | 77 | "cast6", "arc4", "michael_mic", "deflate", "crc32c", "tea", "xtea", |
85 | "khazad", "wp512", "wp384", "wp256", "tnepres", "xeta", "fcrypt", | 78 | "khazad", "wp512", "wp384", "wp256", "tnepres", "xeta", "fcrypt", |
86 | "camellia", "seed", "salsa20", "lzo", "cts", NULL | 79 | "camellia", "seed", "salsa20", "rmd128", "rmd160", "rmd256", "rmd320", |
80 | "lzo", "cts", NULL | ||
87 | }; | 81 | }; |
88 | 82 | ||
89 | static void hexdump(unsigned char *buf, unsigned int len) | 83 | static void hexdump(unsigned char *buf, unsigned int len) |
@@ -110,22 +104,30 @@ static void test_hash(char *algo, struct hash_testvec *template, | |||
110 | unsigned int i, j, k, temp; | 104 | unsigned int i, j, k, temp; |
111 | struct scatterlist sg[8]; | 105 | struct scatterlist sg[8]; |
112 | char result[64]; | 106 | char result[64]; |
113 | struct crypto_hash *tfm; | 107 | struct crypto_ahash *tfm; |
114 | struct hash_desc desc; | 108 | struct ahash_request *req; |
109 | struct tcrypt_result tresult; | ||
115 | int ret; | 110 | int ret; |
116 | void *hash_buff; | 111 | void *hash_buff; |
117 | 112 | ||
118 | printk("\ntesting %s\n", algo); | 113 | printk("\ntesting %s\n", algo); |
119 | 114 | ||
120 | tfm = crypto_alloc_hash(algo, 0, CRYPTO_ALG_ASYNC); | 115 | init_completion(&tresult.completion); |
116 | |||
117 | tfm = crypto_alloc_ahash(algo, 0, 0); | ||
121 | if (IS_ERR(tfm)) { | 118 | if (IS_ERR(tfm)) { |
122 | printk("failed to load transform for %s: %ld\n", algo, | 119 | printk("failed to load transform for %s: %ld\n", algo, |
123 | PTR_ERR(tfm)); | 120 | PTR_ERR(tfm)); |
124 | return; | 121 | return; |
125 | } | 122 | } |
126 | 123 | ||
127 | desc.tfm = tfm; | 124 | req = ahash_request_alloc(tfm, GFP_KERNEL); |
128 | desc.flags = 0; | 125 | if (!req) { |
126 | printk(KERN_ERR "failed to allocate request for %s\n", algo); | ||
127 | goto out_noreq; | ||
128 | } | ||
129 | ahash_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG, | ||
130 | tcrypt_complete, &tresult); | ||
129 | 131 | ||
130 | for (i = 0; i < tcount; i++) { | 132 | for (i = 0; i < tcount; i++) { |
131 | printk("test %u:\n", i + 1); | 133 | printk("test %u:\n", i + 1); |
@@ -139,8 +141,9 @@ static void test_hash(char *algo, struct hash_testvec *template, | |||
139 | sg_init_one(&sg[0], hash_buff, template[i].psize); | 141 | sg_init_one(&sg[0], hash_buff, template[i].psize); |
140 | 142 | ||
141 | if (template[i].ksize) { | 143 | if (template[i].ksize) { |
142 | ret = crypto_hash_setkey(tfm, template[i].key, | 144 | crypto_ahash_clear_flags(tfm, ~0); |
143 | template[i].ksize); | 145 | ret = crypto_ahash_setkey(tfm, template[i].key, |
146 | template[i].ksize); | ||
144 | if (ret) { | 147 | if (ret) { |
145 | printk("setkey() failed ret=%d\n", ret); | 148 | printk("setkey() failed ret=%d\n", ret); |
146 | kfree(hash_buff); | 149 | kfree(hash_buff); |
@@ -148,17 +151,30 @@ static void test_hash(char *algo, struct hash_testvec *template, | |||
148 | } | 151 | } |
149 | } | 152 | } |
150 | 153 | ||
151 | ret = crypto_hash_digest(&desc, sg, template[i].psize, result); | 154 | ahash_request_set_crypt(req, sg, result, template[i].psize); |
152 | if (ret) { | 155 | ret = crypto_ahash_digest(req); |
156 | switch (ret) { | ||
157 | case 0: | ||
158 | break; | ||
159 | case -EINPROGRESS: | ||
160 | case -EBUSY: | ||
161 | ret = wait_for_completion_interruptible( | ||
162 | &tresult.completion); | ||
163 | if (!ret && !(ret = tresult.err)) { | ||
164 | INIT_COMPLETION(tresult.completion); | ||
165 | break; | ||
166 | } | ||
167 | /* fall through */ | ||
168 | default: | ||
153 | printk("digest () failed ret=%d\n", ret); | 169 | printk("digest () failed ret=%d\n", ret); |
154 | kfree(hash_buff); | 170 | kfree(hash_buff); |
155 | goto out; | 171 | goto out; |
156 | } | 172 | } |
157 | 173 | ||
158 | hexdump(result, crypto_hash_digestsize(tfm)); | 174 | hexdump(result, crypto_ahash_digestsize(tfm)); |
159 | printk("%s\n", | 175 | printk("%s\n", |
160 | memcmp(result, template[i].digest, | 176 | memcmp(result, template[i].digest, |
161 | crypto_hash_digestsize(tfm)) ? | 177 | crypto_ahash_digestsize(tfm)) ? |
162 | "fail" : "pass"); | 178 | "fail" : "pass"); |
163 | kfree(hash_buff); | 179 | kfree(hash_buff); |
164 | } | 180 | } |
@@ -187,8 +203,9 @@ static void test_hash(char *algo, struct hash_testvec *template, | |||
187 | } | 203 | } |
188 | 204 | ||
189 | if (template[i].ksize) { | 205 | if (template[i].ksize) { |
190 | ret = crypto_hash_setkey(tfm, template[i].key, | 206 | crypto_ahash_clear_flags(tfm, ~0); |
191 | template[i].ksize); | 207 | ret = crypto_ahash_setkey(tfm, template[i].key, |
208 | template[i].ksize); | ||
192 | 209 | ||
193 | if (ret) { | 210 | if (ret) { |
194 | printk("setkey() failed ret=%d\n", ret); | 211 | printk("setkey() failed ret=%d\n", ret); |
@@ -196,29 +213,44 @@ static void test_hash(char *algo, struct hash_testvec *template, | |||
196 | } | 213 | } |
197 | } | 214 | } |
198 | 215 | ||
199 | ret = crypto_hash_digest(&desc, sg, template[i].psize, | 216 | ahash_request_set_crypt(req, sg, result, |
200 | result); | 217 | template[i].psize); |
201 | if (ret) { | 218 | ret = crypto_ahash_digest(req); |
219 | switch (ret) { | ||
220 | case 0: | ||
221 | break; | ||
222 | case -EINPROGRESS: | ||
223 | case -EBUSY: | ||
224 | ret = wait_for_completion_interruptible( | ||
225 | &tresult.completion); | ||
226 | if (!ret && !(ret = tresult.err)) { | ||
227 | INIT_COMPLETION(tresult.completion); | ||
228 | break; | ||
229 | } | ||
230 | /* fall through */ | ||
231 | default: | ||
202 | printk("digest () failed ret=%d\n", ret); | 232 | printk("digest () failed ret=%d\n", ret); |
203 | goto out; | 233 | goto out; |
204 | } | 234 | } |
205 | 235 | ||
206 | hexdump(result, crypto_hash_digestsize(tfm)); | 236 | hexdump(result, crypto_ahash_digestsize(tfm)); |
207 | printk("%s\n", | 237 | printk("%s\n", |
208 | memcmp(result, template[i].digest, | 238 | memcmp(result, template[i].digest, |
209 | crypto_hash_digestsize(tfm)) ? | 239 | crypto_ahash_digestsize(tfm)) ? |
210 | "fail" : "pass"); | 240 | "fail" : "pass"); |
211 | } | 241 | } |
212 | } | 242 | } |
213 | 243 | ||
214 | out: | 244 | out: |
215 | crypto_free_hash(tfm); | 245 | ahash_request_free(req); |
246 | out_noreq: | ||
247 | crypto_free_ahash(tfm); | ||
216 | } | 248 | } |
217 | 249 | ||
218 | static void test_aead(char *algo, int enc, struct aead_testvec *template, | 250 | static void test_aead(char *algo, int enc, struct aead_testvec *template, |
219 | unsigned int tcount) | 251 | unsigned int tcount) |
220 | { | 252 | { |
221 | unsigned int ret, i, j, k, temp; | 253 | unsigned int ret, i, j, k, n, temp; |
222 | char *q; | 254 | char *q; |
223 | struct crypto_aead *tfm; | 255 | struct crypto_aead *tfm; |
224 | char *key; | 256 | char *key; |
@@ -344,13 +376,12 @@ static void test_aead(char *algo, int enc, struct aead_testvec *template, | |||
344 | goto next_one; | 376 | goto next_one; |
345 | } | 377 | } |
346 | 378 | ||
347 | q = kmap(sg_page(&sg[0])) + sg[0].offset; | 379 | q = input; |
348 | hexdump(q, template[i].rlen); | 380 | hexdump(q, template[i].rlen); |
349 | 381 | ||
350 | printk(KERN_INFO "enc/dec: %s\n", | 382 | printk(KERN_INFO "enc/dec: %s\n", |
351 | memcmp(q, template[i].result, | 383 | memcmp(q, template[i].result, |
352 | template[i].rlen) ? "fail" : "pass"); | 384 | template[i].rlen) ? "fail" : "pass"); |
353 | kunmap(sg_page(&sg[0])); | ||
354 | next_one: | 385 | next_one: |
355 | if (!template[i].key) | 386 | if (!template[i].key) |
356 | kfree(key); | 387 | kfree(key); |
@@ -360,7 +391,6 @@ next_one: | |||
360 | } | 391 | } |
361 | 392 | ||
362 | printk(KERN_INFO "\ntesting %s %s across pages (chunking)\n", algo, e); | 393 | printk(KERN_INFO "\ntesting %s %s across pages (chunking)\n", algo, e); |
363 | memset(xbuf, 0, XBUFSIZE); | ||
364 | memset(axbuf, 0, XBUFSIZE); | 394 | memset(axbuf, 0, XBUFSIZE); |
365 | 395 | ||
366 | for (i = 0, j = 0; i < tcount; i++) { | 396 | for (i = 0, j = 0; i < tcount; i++) { |
@@ -388,6 +418,7 @@ next_one: | |||
388 | goto out; | 418 | goto out; |
389 | } | 419 | } |
390 | 420 | ||
421 | memset(xbuf, 0, XBUFSIZE); | ||
391 | sg_init_table(sg, template[i].np); | 422 | sg_init_table(sg, template[i].np); |
392 | for (k = 0, temp = 0; k < template[i].np; k++) { | 423 | for (k = 0, temp = 0; k < template[i].np; k++) { |
393 | memcpy(&xbuf[IDX[k]], | 424 | memcpy(&xbuf[IDX[k]], |
@@ -450,7 +481,7 @@ next_one: | |||
450 | 481 | ||
451 | for (k = 0, temp = 0; k < template[i].np; k++) { | 482 | for (k = 0, temp = 0; k < template[i].np; k++) { |
452 | printk(KERN_INFO "page %u\n", k); | 483 | printk(KERN_INFO "page %u\n", k); |
453 | q = kmap(sg_page(&sg[k])) + sg[k].offset; | 484 | q = &axbuf[IDX[k]]; |
454 | hexdump(q, template[i].tap[k]); | 485 | hexdump(q, template[i].tap[k]); |
455 | printk(KERN_INFO "%s\n", | 486 | printk(KERN_INFO "%s\n", |
456 | memcmp(q, template[i].result + temp, | 487 | memcmp(q, template[i].result + temp, |
@@ -459,8 +490,15 @@ next_one: | |||
459 | 0 : authsize)) ? | 490 | 0 : authsize)) ? |
460 | "fail" : "pass"); | 491 | "fail" : "pass"); |
461 | 492 | ||
493 | for (n = 0; q[template[i].tap[k] + n]; n++) | ||
494 | ; | ||
495 | if (n) { | ||
496 | printk("Result buffer corruption %u " | ||
497 | "bytes:\n", n); | ||
498 | hexdump(&q[template[i].tap[k]], n); | ||
499 | } | ||
500 | |||
462 | temp += template[i].tap[k]; | 501 | temp += template[i].tap[k]; |
463 | kunmap(sg_page(&sg[k])); | ||
464 | } | 502 | } |
465 | } | 503 | } |
466 | } | 504 | } |
@@ -473,7 +511,7 @@ out: | |||
473 | static void test_cipher(char *algo, int enc, | 511 | static void test_cipher(char *algo, int enc, |
474 | struct cipher_testvec *template, unsigned int tcount) | 512 | struct cipher_testvec *template, unsigned int tcount) |
475 | { | 513 | { |
476 | unsigned int ret, i, j, k, temp; | 514 | unsigned int ret, i, j, k, n, temp; |
477 | char *q; | 515 | char *q; |
478 | struct crypto_ablkcipher *tfm; | 516 | struct crypto_ablkcipher *tfm; |
479 | struct ablkcipher_request *req; | 517 | struct ablkcipher_request *req; |
@@ -569,29 +607,21 @@ static void test_cipher(char *algo, int enc, | |||
569 | goto out; | 607 | goto out; |
570 | } | 608 | } |
571 | 609 | ||
572 | q = kmap(sg_page(&sg[0])) + sg[0].offset; | 610 | q = data; |
573 | hexdump(q, template[i].rlen); | 611 | hexdump(q, template[i].rlen); |
574 | 612 | ||
575 | printk("%s\n", | 613 | printk("%s\n", |
576 | memcmp(q, template[i].result, | 614 | memcmp(q, template[i].result, |
577 | template[i].rlen) ? "fail" : "pass"); | 615 | template[i].rlen) ? "fail" : "pass"); |
578 | kunmap(sg_page(&sg[0])); | ||
579 | } | 616 | } |
580 | kfree(data); | 617 | kfree(data); |
581 | } | 618 | } |
582 | 619 | ||
583 | printk("\ntesting %s %s across pages (chunking)\n", algo, e); | 620 | printk("\ntesting %s %s across pages (chunking)\n", algo, e); |
584 | memset(xbuf, 0, XBUFSIZE); | ||
585 | 621 | ||
586 | j = 0; | 622 | j = 0; |
587 | for (i = 0; i < tcount; i++) { | 623 | for (i = 0; i < tcount; i++) { |
588 | 624 | ||
589 | data = kzalloc(template[i].ilen, GFP_KERNEL); | ||
590 | if (!data) | ||
591 | continue; | ||
592 | |||
593 | memcpy(data, template[i].input, template[i].ilen); | ||
594 | |||
595 | if (template[i].iv) | 625 | if (template[i].iv) |
596 | memcpy(iv, template[i].iv, MAX_IVLEN); | 626 | memcpy(iv, template[i].iv, MAX_IVLEN); |
597 | else | 627 | else |
@@ -602,6 +632,7 @@ static void test_cipher(char *algo, int enc, | |||
602 | printk("test %u (%d bit key):\n", | 632 | printk("test %u (%d bit key):\n", |
603 | j, template[i].klen * 8); | 633 | j, template[i].klen * 8); |
604 | 634 | ||
635 | memset(xbuf, 0, XBUFSIZE); | ||
605 | crypto_ablkcipher_clear_flags(tfm, ~0); | 636 | crypto_ablkcipher_clear_flags(tfm, ~0); |
606 | if (template[i].wk) | 637 | if (template[i].wk) |
607 | crypto_ablkcipher_set_flags( | 638 | crypto_ablkcipher_set_flags( |
@@ -613,10 +644,8 @@ static void test_cipher(char *algo, int enc, | |||
613 | printk("setkey() failed flags=%x\n", | 644 | printk("setkey() failed flags=%x\n", |
614 | crypto_ablkcipher_get_flags(tfm)); | 645 | crypto_ablkcipher_get_flags(tfm)); |
615 | 646 | ||
616 | if (!template[i].fail) { | 647 | if (!template[i].fail) |
617 | kfree(data); | ||
618 | goto out; | 648 | goto out; |
619 | } | ||
620 | } | 649 | } |
621 | 650 | ||
622 | temp = 0; | 651 | temp = 0; |
@@ -657,14 +686,21 @@ static void test_cipher(char *algo, int enc, | |||
657 | temp = 0; | 686 | temp = 0; |
658 | for (k = 0; k < template[i].np; k++) { | 687 | for (k = 0; k < template[i].np; k++) { |
659 | printk("page %u\n", k); | 688 | printk("page %u\n", k); |
660 | q = kmap(sg_page(&sg[k])) + sg[k].offset; | 689 | q = &xbuf[IDX[k]]; |
661 | hexdump(q, template[i].tap[k]); | 690 | hexdump(q, template[i].tap[k]); |
662 | printk("%s\n", | 691 | printk("%s\n", |
663 | memcmp(q, template[i].result + temp, | 692 | memcmp(q, template[i].result + temp, |
664 | template[i].tap[k]) ? "fail" : | 693 | template[i].tap[k]) ? "fail" : |
665 | "pass"); | 694 | "pass"); |
695 | |||
696 | for (n = 0; q[template[i].tap[k] + n]; n++) | ||
697 | ; | ||
698 | if (n) { | ||
699 | printk("Result buffer corruption %u " | ||
700 | "bytes:\n", n); | ||
701 | hexdump(&q[template[i].tap[k]], n); | ||
702 | } | ||
666 | temp += template[i].tap[k]; | 703 | temp += template[i].tap[k]; |
667 | kunmap(sg_page(&sg[k])); | ||
668 | } | 704 | } |
669 | } | 705 | } |
670 | } | 706 | } |
@@ -1180,6 +1216,14 @@ static void do_test(void) | |||
1180 | test_cipher("ecb(des3_ede)", DECRYPT, des3_ede_dec_tv_template, | 1216 | test_cipher("ecb(des3_ede)", DECRYPT, des3_ede_dec_tv_template, |
1181 | DES3_EDE_DEC_TEST_VECTORS); | 1217 | DES3_EDE_DEC_TEST_VECTORS); |
1182 | 1218 | ||
1219 | test_cipher("cbc(des3_ede)", ENCRYPT, | ||
1220 | des3_ede_cbc_enc_tv_template, | ||
1221 | DES3_EDE_CBC_ENC_TEST_VECTORS); | ||
1222 | |||
1223 | test_cipher("cbc(des3_ede)", DECRYPT, | ||
1224 | des3_ede_cbc_dec_tv_template, | ||
1225 | DES3_EDE_CBC_DEC_TEST_VECTORS); | ||
1226 | |||
1183 | test_hash("md4", md4_tv_template, MD4_TEST_VECTORS); | 1227 | test_hash("md4", md4_tv_template, MD4_TEST_VECTORS); |
1184 | 1228 | ||
1185 | test_hash("sha224", sha224_tv_template, SHA224_TEST_VECTORS); | 1229 | test_hash("sha224", sha224_tv_template, SHA224_TEST_VECTORS); |
@@ -1390,6 +1434,14 @@ static void do_test(void) | |||
1390 | DES3_EDE_ENC_TEST_VECTORS); | 1434 | DES3_EDE_ENC_TEST_VECTORS); |
1391 | test_cipher("ecb(des3_ede)", DECRYPT, des3_ede_dec_tv_template, | 1435 | test_cipher("ecb(des3_ede)", DECRYPT, des3_ede_dec_tv_template, |
1392 | DES3_EDE_DEC_TEST_VECTORS); | 1436 | DES3_EDE_DEC_TEST_VECTORS); |
1437 | |||
1438 | test_cipher("cbc(des3_ede)", ENCRYPT, | ||
1439 | des3_ede_cbc_enc_tv_template, | ||
1440 | DES3_EDE_CBC_ENC_TEST_VECTORS); | ||
1441 | |||
1442 | test_cipher("cbc(des3_ede)", DECRYPT, | ||
1443 | des3_ede_cbc_dec_tv_template, | ||
1444 | DES3_EDE_CBC_DEC_TEST_VECTORS); | ||
1393 | break; | 1445 | break; |
1394 | 1446 | ||
1395 | case 5: | 1447 | case 5: |
@@ -1558,7 +1610,7 @@ static void do_test(void) | |||
1558 | case 29: | 1610 | case 29: |
1559 | test_hash("tgr128", tgr128_tv_template, TGR128_TEST_VECTORS); | 1611 | test_hash("tgr128", tgr128_tv_template, TGR128_TEST_VECTORS); |
1560 | break; | 1612 | break; |
1561 | 1613 | ||
1562 | case 30: | 1614 | case 30: |
1563 | test_cipher("ecb(xeta)", ENCRYPT, xeta_enc_tv_template, | 1615 | test_cipher("ecb(xeta)", ENCRYPT, xeta_enc_tv_template, |
1564 | XETA_ENC_TEST_VECTORS); | 1616 | XETA_ENC_TEST_VECTORS); |
@@ -1623,6 +1675,22 @@ static void do_test(void) | |||
1623 | CTS_MODE_DEC_TEST_VECTORS); | 1675 | CTS_MODE_DEC_TEST_VECTORS); |
1624 | break; | 1676 | break; |
1625 | 1677 | ||
1678 | case 39: | ||
1679 | test_hash("rmd128", rmd128_tv_template, RMD128_TEST_VECTORS); | ||
1680 | break; | ||
1681 | |||
1682 | case 40: | ||
1683 | test_hash("rmd160", rmd160_tv_template, RMD160_TEST_VECTORS); | ||
1684 | break; | ||
1685 | |||
1686 | case 41: | ||
1687 | test_hash("rmd256", rmd256_tv_template, RMD256_TEST_VECTORS); | ||
1688 | break; | ||
1689 | |||
1690 | case 42: | ||
1691 | test_hash("rmd320", rmd320_tv_template, RMD320_TEST_VECTORS); | ||
1692 | break; | ||
1693 | |||
1626 | case 100: | 1694 | case 100: |
1627 | test_hash("hmac(md5)", hmac_md5_tv_template, | 1695 | test_hash("hmac(md5)", hmac_md5_tv_template, |
1628 | HMAC_MD5_TEST_VECTORS); | 1696 | HMAC_MD5_TEST_VECTORS); |
@@ -1658,6 +1726,16 @@ static void do_test(void) | |||
1658 | XCBC_AES_TEST_VECTORS); | 1726 | XCBC_AES_TEST_VECTORS); |
1659 | break; | 1727 | break; |
1660 | 1728 | ||
1729 | case 107: | ||
1730 | test_hash("hmac(rmd128)", hmac_rmd128_tv_template, | ||
1731 | HMAC_RMD128_TEST_VECTORS); | ||
1732 | break; | ||
1733 | |||
1734 | case 108: | ||
1735 | test_hash("hmac(rmd160)", hmac_rmd160_tv_template, | ||
1736 | HMAC_RMD160_TEST_VECTORS); | ||
1737 | break; | ||
1738 | |||
1661 | case 200: | 1739 | case 200: |
1662 | test_cipher_speed("ecb(aes)", ENCRYPT, sec, NULL, 0, | 1740 | test_cipher_speed("ecb(aes)", ENCRYPT, sec, NULL, 0, |
1663 | speed_template_16_24_32); | 1741 | speed_template_16_24_32); |
@@ -1796,6 +1874,22 @@ static void do_test(void) | |||
1796 | test_hash_speed("sha224", sec, generic_hash_speed_template); | 1874 | test_hash_speed("sha224", sec, generic_hash_speed_template); |
1797 | if (mode > 300 && mode < 400) break; | 1875 | if (mode > 300 && mode < 400) break; |
1798 | 1876 | ||
1877 | case 314: | ||
1878 | test_hash_speed("rmd128", sec, generic_hash_speed_template); | ||
1879 | if (mode > 300 && mode < 400) break; | ||
1880 | |||
1881 | case 315: | ||
1882 | test_hash_speed("rmd160", sec, generic_hash_speed_template); | ||
1883 | if (mode > 300 && mode < 400) break; | ||
1884 | |||
1885 | case 316: | ||
1886 | test_hash_speed("rmd256", sec, generic_hash_speed_template); | ||
1887 | if (mode > 300 && mode < 400) break; | ||
1888 | |||
1889 | case 317: | ||
1890 | test_hash_speed("rmd320", sec, generic_hash_speed_template); | ||
1891 | if (mode > 300 && mode < 400) break; | ||
1892 | |||
1799 | case 399: | 1893 | case 399: |
1800 | break; | 1894 | break; |
1801 | 1895 | ||
diff --git a/crypto/tcrypt.h b/crypto/tcrypt.h index 47bc0ecb8978..801e0c288862 100644 --- a/crypto/tcrypt.h +++ b/crypto/tcrypt.h | |||
@@ -13,12 +13,6 @@ | |||
13 | * Software Foundation; either version 2 of the License, or (at your option) | 13 | * Software Foundation; either version 2 of the License, or (at your option) |
14 | * any later version. | 14 | * any later version. |
15 | * | 15 | * |
16 | * 2007-11-13 Added GCM tests | ||
17 | * 2007-11-13 Added AEAD support | ||
18 | * 2006-12-07 Added SHA384 HMAC and SHA512 HMAC tests | ||
19 | * 2004-08-09 Cipher speed tests by Reyk Floeter <reyk@vantronix.net> | ||
20 | * 2003-09-14 Changes by Kartikey Mahendra Bhatt | ||
21 | * | ||
22 | */ | 16 | */ |
23 | #ifndef _CRYPTO_TCRYPT_H | 17 | #ifndef _CRYPTO_TCRYPT_H |
24 | #define _CRYPTO_TCRYPT_H | 18 | #define _CRYPTO_TCRYPT_H |
@@ -168,6 +162,271 @@ static struct hash_testvec md5_tv_template[] = { | |||
168 | .digest = "\x57\xed\xf4\xa2\x2b\xe3\xc9\x55" | 162 | .digest = "\x57\xed\xf4\xa2\x2b\xe3\xc9\x55" |
169 | "\xac\x49\xda\x2e\x21\x07\xb6\x7a", | 163 | "\xac\x49\xda\x2e\x21\x07\xb6\x7a", |
170 | } | 164 | } |
165 | |||
166 | }; | ||
167 | |||
168 | /* | ||
169 | * RIPEMD-128 test vectors from ISO/IEC 10118-3:2004(E) | ||
170 | */ | ||
171 | #define RMD128_TEST_VECTORS 10 | ||
172 | |||
173 | static struct hash_testvec rmd128_tv_template[] = { | ||
174 | { | ||
175 | .digest = "\xcd\xf2\x62\x13\xa1\x50\xdc\x3e" | ||
176 | "\xcb\x61\x0f\x18\xf6\xb3\x8b\x46", | ||
177 | }, { | ||
178 | .plaintext = "a", | ||
179 | .psize = 1, | ||
180 | .digest = "\x86\xbe\x7a\xfa\x33\x9d\x0f\xc7" | ||
181 | "\xcf\xc7\x85\xe7\x2f\x57\x8d\x33", | ||
182 | }, { | ||
183 | .plaintext = "abc", | ||
184 | .psize = 3, | ||
185 | .digest = "\xc1\x4a\x12\x19\x9c\x66\xe4\xba" | ||
186 | "\x84\x63\x6b\x0f\x69\x14\x4c\x77", | ||
187 | }, { | ||
188 | .plaintext = "message digest", | ||
189 | .psize = 14, | ||
190 | .digest = "\x9e\x32\x7b\x3d\x6e\x52\x30\x62" | ||
191 | "\xaf\xc1\x13\x2d\x7d\xf9\xd1\xb8", | ||
192 | }, { | ||
193 | .plaintext = "abcdefghijklmnopqrstuvwxyz", | ||
194 | .psize = 26, | ||
195 | .digest = "\xfd\x2a\xa6\x07\xf7\x1d\xc8\xf5" | ||
196 | "\x10\x71\x49\x22\xb3\x71\x83\x4e", | ||
197 | }, { | ||
198 | .plaintext = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcde" | ||
199 | "fghijklmnopqrstuvwxyz0123456789", | ||
200 | .psize = 62, | ||
201 | .digest = "\xd1\xe9\x59\xeb\x17\x9c\x91\x1f" | ||
202 | "\xae\xa4\x62\x4c\x60\xc5\xc7\x02", | ||
203 | }, { | ||
204 | .plaintext = "1234567890123456789012345678901234567890" | ||
205 | "1234567890123456789012345678901234567890", | ||
206 | .psize = 80, | ||
207 | .digest = "\x3f\x45\xef\x19\x47\x32\xc2\xdb" | ||
208 | "\xb2\xc4\xa2\xc7\x69\x79\x5f\xa3", | ||
209 | }, { | ||
210 | .plaintext = "abcdbcdecdefdefgefghfghighij" | ||
211 | "hijkijkljklmklmnlmnomnopnopq", | ||
212 | .psize = 56, | ||
213 | .digest = "\xa1\xaa\x06\x89\xd0\xfa\xfa\x2d" | ||
214 | "\xdc\x22\xe8\x8b\x49\x13\x3a\x06", | ||
215 | .np = 2, | ||
216 | .tap = { 28, 28 }, | ||
217 | }, { | ||
218 | .plaintext = "abcdefghbcdefghicdefghijdefghijkefghijklfghi" | ||
219 | "jklmghijklmnhijklmnoijklmnopjklmnopqklmnopqr" | ||
220 | "lmnopqrsmnopqrstnopqrstu", | ||
221 | .psize = 112, | ||
222 | .digest = "\xd4\xec\xc9\x13\xe1\xdf\x77\x6b" | ||
223 | "\xf4\x8d\xe9\xd5\x5b\x1f\x25\x46", | ||
224 | }, { | ||
225 | .plaintext = "abcdbcdecdefdefgefghfghighijhijk", | ||
226 | .psize = 32, | ||
227 | .digest = "\x13\xfc\x13\xe8\xef\xff\x34\x7d" | ||
228 | "\xe1\x93\xff\x46\xdb\xac\xcf\xd4", | ||
229 | } | ||
230 | }; | ||
231 | |||
232 | /* | ||
233 | * RIPEMD-160 test vectors from ISO/IEC 10118-3:2004(E) | ||
234 | */ | ||
235 | #define RMD160_TEST_VECTORS 10 | ||
236 | |||
237 | static struct hash_testvec rmd160_tv_template[] = { | ||
238 | { | ||
239 | .digest = "\x9c\x11\x85\xa5\xc5\xe9\xfc\x54\x61\x28" | ||
240 | "\x08\x97\x7e\xe8\xf5\x48\xb2\x25\x8d\x31", | ||
241 | }, { | ||
242 | .plaintext = "a", | ||
243 | .psize = 1, | ||
244 | .digest = "\x0b\xdc\x9d\x2d\x25\x6b\x3e\xe9\xda\xae" | ||
245 | "\x34\x7b\xe6\xf4\xdc\x83\x5a\x46\x7f\xfe", | ||
246 | }, { | ||
247 | .plaintext = "abc", | ||
248 | .psize = 3, | ||
249 | .digest = "\x8e\xb2\x08\xf7\xe0\x5d\x98\x7a\x9b\x04" | ||
250 | "\x4a\x8e\x98\xc6\xb0\x87\xf1\x5a\x0b\xfc", | ||
251 | }, { | ||
252 | .plaintext = "message digest", | ||
253 | .psize = 14, | ||
254 | .digest = "\x5d\x06\x89\xef\x49\xd2\xfa\xe5\x72\xb8" | ||
255 | "\x81\xb1\x23\xa8\x5f\xfa\x21\x59\x5f\x36", | ||
256 | }, { | ||
257 | .plaintext = "abcdefghijklmnopqrstuvwxyz", | ||
258 | .psize = 26, | ||
259 | .digest = "\xf7\x1c\x27\x10\x9c\x69\x2c\x1b\x56\xbb" | ||
260 | "\xdc\xeb\x5b\x9d\x28\x65\xb3\x70\x8d\xbc", | ||
261 | }, { | ||
262 | .plaintext = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcde" | ||
263 | "fghijklmnopqrstuvwxyz0123456789", | ||
264 | .psize = 62, | ||
265 | .digest = "\xb0\xe2\x0b\x6e\x31\x16\x64\x02\x86\xed" | ||
266 | "\x3a\x87\xa5\x71\x30\x79\xb2\x1f\x51\x89", | ||
267 | }, { | ||
268 | .plaintext = "1234567890123456789012345678901234567890" | ||
269 | "1234567890123456789012345678901234567890", | ||
270 | .psize = 80, | ||
271 | .digest = "\x9b\x75\x2e\x45\x57\x3d\x4b\x39\xf4\xdb" | ||
272 | "\xd3\x32\x3c\xab\x82\xbf\x63\x32\x6b\xfb", | ||
273 | }, { | ||
274 | .plaintext = "abcdbcdecdefdefgefghfghighij" | ||
275 | "hijkijkljklmklmnlmnomnopnopq", | ||
276 | .psize = 56, | ||
277 | .digest = "\x12\xa0\x53\x38\x4a\x9c\x0c\x88\xe4\x05" | ||
278 | "\xa0\x6c\x27\xdc\xf4\x9a\xda\x62\xeb\x2b", | ||
279 | .np = 2, | ||
280 | .tap = { 28, 28 }, | ||
281 | }, { | ||
282 | .plaintext = "abcdefghbcdefghicdefghijdefghijkefghijklfghi" | ||
283 | "jklmghijklmnhijklmnoijklmnopjklmnopqklmnopqr" | ||
284 | "lmnopqrsmnopqrstnopqrstu", | ||
285 | .psize = 112, | ||
286 | .digest = "\x6f\x3f\xa3\x9b\x6b\x50\x3c\x38\x4f\x91" | ||
287 | "\x9a\x49\xa7\xaa\x5c\x2c\x08\xbd\xfb\x45", | ||
288 | }, { | ||
289 | .plaintext = "abcdbcdecdefdefgefghfghighijhijk", | ||
290 | .psize = 32, | ||
291 | .digest = "\x94\xc2\x64\x11\x54\x04\xe6\x33\x79\x0d" | ||
292 | "\xfc\xc8\x7b\x58\x7d\x36\x77\x06\x7d\x9f", | ||
293 | } | ||
294 | }; | ||
295 | |||
296 | /* | ||
297 | * RIPEMD-256 test vectors | ||
298 | */ | ||
299 | #define RMD256_TEST_VECTORS 8 | ||
300 | |||
301 | static struct hash_testvec rmd256_tv_template[] = { | ||
302 | { | ||
303 | .digest = "\x02\xba\x4c\x4e\x5f\x8e\xcd\x18" | ||
304 | "\x77\xfc\x52\xd6\x4d\x30\xe3\x7a" | ||
305 | "\x2d\x97\x74\xfb\x1e\x5d\x02\x63" | ||
306 | "\x80\xae\x01\x68\xe3\xc5\x52\x2d", | ||
307 | }, { | ||
308 | .plaintext = "a", | ||
309 | .psize = 1, | ||
310 | .digest = "\xf9\x33\x3e\x45\xd8\x57\xf5\xd9" | ||
311 | "\x0a\x91\xba\xb7\x0a\x1e\xba\x0c" | ||
312 | "\xfb\x1b\xe4\xb0\x78\x3c\x9a\xcf" | ||
313 | "\xcd\x88\x3a\x91\x34\x69\x29\x25", | ||
314 | }, { | ||
315 | .plaintext = "abc", | ||
316 | .psize = 3, | ||
317 | .digest = "\xaf\xbd\x6e\x22\x8b\x9d\x8c\xbb" | ||
318 | "\xce\xf5\xca\x2d\x03\xe6\xdb\xa1" | ||
319 | "\x0a\xc0\xbc\x7d\xcb\xe4\x68\x0e" | ||
320 | "\x1e\x42\xd2\xe9\x75\x45\x9b\x65", | ||
321 | }, { | ||
322 | .plaintext = "message digest", | ||
323 | .psize = 14, | ||
324 | .digest = "\x87\xe9\x71\x75\x9a\x1c\xe4\x7a" | ||
325 | "\x51\x4d\x5c\x91\x4c\x39\x2c\x90" | ||
326 | "\x18\xc7\xc4\x6b\xc1\x44\x65\x55" | ||
327 | "\x4a\xfc\xdf\x54\xa5\x07\x0c\x0e", | ||
328 | }, { | ||
329 | .plaintext = "abcdefghijklmnopqrstuvwxyz", | ||
330 | .psize = 26, | ||
331 | .digest = "\x64\x9d\x30\x34\x75\x1e\xa2\x16" | ||
332 | "\x77\x6b\xf9\xa1\x8a\xcc\x81\xbc" | ||
333 | "\x78\x96\x11\x8a\x51\x97\x96\x87" | ||
334 | "\x82\xdd\x1f\xd9\x7d\x8d\x51\x33", | ||
335 | }, { | ||
336 | .plaintext = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcde" | ||
337 | "fghijklmnopqrstuvwxyz0123456789", | ||
338 | .psize = 62, | ||
339 | .digest = "\x57\x40\xa4\x08\xac\x16\xb7\x20" | ||
340 | "\xb8\x44\x24\xae\x93\x1c\xbb\x1f" | ||
341 | "\xe3\x63\xd1\xd0\xbf\x40\x17\xf1" | ||
342 | "\xa8\x9f\x7e\xa6\xde\x77\xa0\xb8", | ||
343 | }, { | ||
344 | .plaintext = "1234567890123456789012345678901234567890" | ||
345 | "1234567890123456789012345678901234567890", | ||
346 | .psize = 80, | ||
347 | .digest = "\x06\xfd\xcc\x7a\x40\x95\x48\xaa" | ||
348 | "\xf9\x13\x68\xc0\x6a\x62\x75\xb5" | ||
349 | "\x53\xe3\xf0\x99\xbf\x0e\xa4\xed" | ||
350 | "\xfd\x67\x78\xdf\x89\xa8\x90\xdd", | ||
351 | }, { | ||
352 | .plaintext = "abcdbcdecdefdefgefghfghighij" | ||
353 | "hijkijkljklmklmnlmnomnopnopq", | ||
354 | .psize = 56, | ||
355 | .digest = "\x38\x43\x04\x55\x83\xaa\xc6\xc8" | ||
356 | "\xc8\xd9\x12\x85\x73\xe7\xa9\x80" | ||
357 | "\x9a\xfb\x2a\x0f\x34\xcc\xc3\x6e" | ||
358 | "\xa9\xe7\x2f\x16\xf6\x36\x8e\x3f", | ||
359 | .np = 2, | ||
360 | .tap = { 28, 28 }, | ||
361 | } | ||
362 | }; | ||
363 | |||
364 | /* | ||
365 | * RIPEMD-320 test vectors | ||
366 | */ | ||
367 | #define RMD320_TEST_VECTORS 8 | ||
368 | |||
369 | static struct hash_testvec rmd320_tv_template[] = { | ||
370 | { | ||
371 | .digest = "\x22\xd6\x5d\x56\x61\x53\x6c\xdc\x75\xc1" | ||
372 | "\xfd\xf5\xc6\xde\x7b\x41\xb9\xf2\x73\x25" | ||
373 | "\xeb\xc6\x1e\x85\x57\x17\x7d\x70\x5a\x0e" | ||
374 | "\xc8\x80\x15\x1c\x3a\x32\xa0\x08\x99\xb8", | ||
375 | }, { | ||
376 | .plaintext = "a", | ||
377 | .psize = 1, | ||
378 | .digest = "\xce\x78\x85\x06\x38\xf9\x26\x58\xa5\xa5" | ||
379 | "\x85\x09\x75\x79\x92\x6d\xda\x66\x7a\x57" | ||
380 | "\x16\x56\x2c\xfc\xf6\xfb\xe7\x7f\x63\x54" | ||
381 | "\x2f\x99\xb0\x47\x05\xd6\x97\x0d\xff\x5d", | ||
382 | }, { | ||
383 | .plaintext = "abc", | ||
384 | .psize = 3, | ||
385 | .digest = "\xde\x4c\x01\xb3\x05\x4f\x89\x30\xa7\x9d" | ||
386 | "\x09\xae\x73\x8e\x92\x30\x1e\x5a\x17\x08" | ||
387 | "\x5b\xef\xfd\xc1\xb8\xd1\x16\x71\x3e\x74" | ||
388 | "\xf8\x2f\xa9\x42\xd6\x4c\xdb\xc4\x68\x2d", | ||
389 | }, { | ||
390 | .plaintext = "message digest", | ||
391 | .psize = 14, | ||
392 | .digest = "\x3a\x8e\x28\x50\x2e\xd4\x5d\x42\x2f\x68" | ||
393 | "\x84\x4f\x9d\xd3\x16\xe7\xb9\x85\x33\xfa" | ||
394 | "\x3f\x2a\x91\xd2\x9f\x84\xd4\x25\xc8\x8d" | ||
395 | "\x6b\x4e\xff\x72\x7d\xf6\x6a\x7c\x01\x97", | ||
396 | }, { | ||
397 | .plaintext = "abcdefghijklmnopqrstuvwxyz", | ||
398 | .psize = 26, | ||
399 | .digest = "\xca\xbd\xb1\x81\x0b\x92\x47\x0a\x20\x93" | ||
400 | "\xaa\x6b\xce\x05\x95\x2c\x28\x34\x8c\xf4" | ||
401 | "\x3f\xf6\x08\x41\x97\x51\x66\xbb\x40\xed" | ||
402 | "\x23\x40\x04\xb8\x82\x44\x63\xe6\xb0\x09", | ||
403 | }, { | ||
404 | .plaintext = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcde" | ||
405 | "fghijklmnopqrstuvwxyz0123456789", | ||
406 | .psize = 62, | ||
407 | .digest = "\xed\x54\x49\x40\xc8\x6d\x67\xf2\x50\xd2" | ||
408 | "\x32\xc3\x0b\x7b\x3e\x57\x70\xe0\xc6\x0c" | ||
409 | "\x8c\xb9\xa4\xca\xfe\x3b\x11\x38\x8a\xf9" | ||
410 | "\x92\x0e\x1b\x99\x23\x0b\x84\x3c\x86\xa4", | ||
411 | }, { | ||
412 | .plaintext = "1234567890123456789012345678901234567890" | ||
413 | "1234567890123456789012345678901234567890", | ||
414 | .psize = 80, | ||
415 | .digest = "\x55\x78\x88\xaf\x5f\x6d\x8e\xd6\x2a\xb6" | ||
416 | "\x69\x45\xc6\xd2\xa0\xa4\x7e\xcd\x53\x41" | ||
417 | "\xe9\x15\xeb\x8f\xea\x1d\x05\x24\x95\x5f" | ||
418 | "\x82\x5d\xc7\x17\xe4\xa0\x08\xab\x2d\x42", | ||
419 | }, { | ||
420 | .plaintext = "abcdbcdecdefdefgefghfghighij" | ||
421 | "hijkijkljklmklmnlmnomnopnopq", | ||
422 | .psize = 56, | ||
423 | .digest = "\xd0\x34\xa7\x95\x0c\xf7\x22\x02\x1b\xa4" | ||
424 | "\xb8\x4d\xf7\x69\xa5\xde\x20\x60\xe2\x59" | ||
425 | "\xdf\x4c\x9b\xb4\xa4\x26\x8c\x0e\x93\x5b" | ||
426 | "\xbc\x74\x70\xa9\x69\xc9\xd0\x72\xa1\xac", | ||
427 | .np = 2, | ||
428 | .tap = { 28, 28 }, | ||
429 | } | ||
171 | }; | 430 | }; |
172 | 431 | ||
173 | /* | 432 | /* |
@@ -817,6 +1076,168 @@ static struct hash_testvec hmac_md5_tv_template[] = | |||
817 | }; | 1076 | }; |
818 | 1077 | ||
819 | /* | 1078 | /* |
1079 | * HMAC-RIPEMD128 test vectors from RFC2286 | ||
1080 | */ | ||
1081 | #define HMAC_RMD128_TEST_VECTORS 7 | ||
1082 | |||
1083 | static struct hash_testvec hmac_rmd128_tv_template[] = { | ||
1084 | { | ||
1085 | .key = "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b", | ||
1086 | .ksize = 16, | ||
1087 | .plaintext = "Hi There", | ||
1088 | .psize = 8, | ||
1089 | .digest = "\xfb\xf6\x1f\x94\x92\xaa\x4b\xbf" | ||
1090 | "\x81\xc1\x72\xe8\x4e\x07\x34\xdb", | ||
1091 | }, { | ||
1092 | .key = "Jefe", | ||
1093 | .ksize = 4, | ||
1094 | .plaintext = "what do ya want for nothing?", | ||
1095 | .psize = 28, | ||
1096 | .digest = "\x87\x5f\x82\x88\x62\xb6\xb3\x34" | ||
1097 | "\xb4\x27\xc5\x5f\x9f\x7f\xf0\x9b", | ||
1098 | .np = 2, | ||
1099 | .tap = { 14, 14 }, | ||
1100 | }, { | ||
1101 | .key = "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa", | ||
1102 | .ksize = 16, | ||
1103 | .plaintext = "\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd" | ||
1104 | "\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd" | ||
1105 | "\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd" | ||
1106 | "\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd", | ||
1107 | .psize = 50, | ||
1108 | .digest = "\x09\xf0\xb2\x84\x6d\x2f\x54\x3d" | ||
1109 | "\xa3\x63\xcb\xec\x8d\x62\xa3\x8d", | ||
1110 | }, { | ||
1111 | .key = "\x01\x02\x03\x04\x05\x06\x07\x08" | ||
1112 | "\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10" | ||
1113 | "\x11\x12\x13\x14\x15\x16\x17\x18\x19", | ||
1114 | .ksize = 25, | ||
1115 | .plaintext = "\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd" | ||
1116 | "\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd" | ||
1117 | "\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd" | ||
1118 | "\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd", | ||
1119 | .psize = 50, | ||
1120 | .digest = "\xbd\xbb\xd7\xcf\x03\xe4\x4b\x5a" | ||
1121 | "\xa6\x0a\xf8\x15\xbe\x4d\x22\x94", | ||
1122 | }, { | ||
1123 | .key = "\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c", | ||
1124 | .ksize = 16, | ||
1125 | .plaintext = "Test With Truncation", | ||
1126 | .psize = 20, | ||
1127 | .digest = "\xe7\x98\x08\xf2\x4b\x25\xfd\x03" | ||
1128 | "\x1c\x15\x5f\x0d\x55\x1d\x9a\x3a", | ||
1129 | }, { | ||
1130 | .key = "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" | ||
1131 | "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" | ||
1132 | "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" | ||
1133 | "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" | ||
1134 | "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" | ||
1135 | "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" | ||
1136 | "\xaa\xaa", | ||
1137 | .ksize = 80, | ||
1138 | .plaintext = "Test Using Larger Than Block-Size Key - Hash Key First", | ||
1139 | .psize = 54, | ||
1140 | .digest = "\xdc\x73\x29\x28\xde\x98\x10\x4a" | ||
1141 | "\x1f\x59\xd3\x73\xc1\x50\xac\xbb", | ||
1142 | }, { | ||
1143 | .key = "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" | ||
1144 | "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" | ||
1145 | "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" | ||
1146 | "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" | ||
1147 | "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" | ||
1148 | "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" | ||
1149 | "\xaa\xaa", | ||
1150 | .ksize = 80, | ||
1151 | .plaintext = "Test Using Larger Than Block-Size Key and Larger Than One " | ||
1152 | "Block-Size Data", | ||
1153 | .psize = 73, | ||
1154 | .digest = "\x5c\x6b\xec\x96\x79\x3e\x16\xd4" | ||
1155 | "\x06\x90\xc2\x37\x63\x5f\x30\xc5", | ||
1156 | }, | ||
1157 | }; | ||
1158 | |||
1159 | /* | ||
1160 | * HMAC-RIPEMD160 test vectors from RFC2286 | ||
1161 | */ | ||
1162 | #define HMAC_RMD160_TEST_VECTORS 7 | ||
1163 | |||
1164 | static struct hash_testvec hmac_rmd160_tv_template[] = { | ||
1165 | { | ||
1166 | .key = "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b", | ||
1167 | .ksize = 20, | ||
1168 | .plaintext = "Hi There", | ||
1169 | .psize = 8, | ||
1170 | .digest = "\x24\xcb\x4b\xd6\x7d\x20\xfc\x1a\x5d\x2e" | ||
1171 | "\xd7\x73\x2d\xcc\x39\x37\x7f\x0a\x56\x68", | ||
1172 | }, { | ||
1173 | .key = "Jefe", | ||
1174 | .ksize = 4, | ||
1175 | .plaintext = "what do ya want for nothing?", | ||
1176 | .psize = 28, | ||
1177 | .digest = "\xdd\xa6\xc0\x21\x3a\x48\x5a\x9e\x24\xf4" | ||
1178 | "\x74\x20\x64\xa7\xf0\x33\xb4\x3c\x40\x69", | ||
1179 | .np = 2, | ||
1180 | .tap = { 14, 14 }, | ||
1181 | }, { | ||
1182 | .key = "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa", | ||
1183 | .ksize = 20, | ||
1184 | .plaintext = "\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd" | ||
1185 | "\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd" | ||
1186 | "\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd" | ||
1187 | "\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd", | ||
1188 | .psize = 50, | ||
1189 | .digest = "\xb0\xb1\x05\x36\x0d\xe7\x59\x96\x0a\xb4" | ||
1190 | "\xf3\x52\x98\xe1\x16\xe2\x95\xd8\xe7\xc1", | ||
1191 | }, { | ||
1192 | .key = "\x01\x02\x03\x04\x05\x06\x07\x08" | ||
1193 | "\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10" | ||
1194 | "\x11\x12\x13\x14\x15\x16\x17\x18\x19", | ||
1195 | .ksize = 25, | ||
1196 | .plaintext = "\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd" | ||
1197 | "\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd" | ||
1198 | "\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd" | ||
1199 | "\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd", | ||
1200 | .psize = 50, | ||
1201 | .digest = "\xd5\xca\x86\x2f\x4d\x21\xd5\xe6\x10\xe1" | ||
1202 | "\x8b\x4c\xf1\xbe\xb9\x7a\x43\x65\xec\xf4", | ||
1203 | }, { | ||
1204 | .key = "\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c", | ||
1205 | .ksize = 20, | ||
1206 | .plaintext = "Test With Truncation", | ||
1207 | .psize = 20, | ||
1208 | .digest = "\x76\x19\x69\x39\x78\xf9\x1d\x90\x53\x9a" | ||
1209 | "\xe7\x86\x50\x0f\xf3\xd8\xe0\x51\x8e\x39", | ||
1210 | }, { | ||
1211 | .key = "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" | ||
1212 | "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" | ||
1213 | "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" | ||
1214 | "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" | ||
1215 | "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" | ||
1216 | "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" | ||
1217 | "\xaa\xaa", | ||
1218 | .ksize = 80, | ||
1219 | .plaintext = "Test Using Larger Than Block-Size Key - Hash Key First", | ||
1220 | .psize = 54, | ||
1221 | .digest = "\x64\x66\xca\x07\xac\x5e\xac\x29\xe1\xbd" | ||
1222 | "\x52\x3e\x5a\xda\x76\x05\xb7\x91\xfd\x8b", | ||
1223 | }, { | ||
1224 | .key = "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" | ||
1225 | "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" | ||
1226 | "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" | ||
1227 | "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" | ||
1228 | "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" | ||
1229 | "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" | ||
1230 | "\xaa\xaa", | ||
1231 | .ksize = 80, | ||
1232 | .plaintext = "Test Using Larger Than Block-Size Key and Larger Than One " | ||
1233 | "Block-Size Data", | ||
1234 | .psize = 73, | ||
1235 | .digest = "\x69\xea\x60\x79\x8d\x71\x61\x6c\xce\x5f" | ||
1236 | "\xd0\x87\x1e\x23\x75\x4c\xd7\x5d\x5a\x0a", | ||
1237 | }, | ||
1238 | }; | ||
1239 | |||
1240 | /* | ||
820 | * HMAC-SHA1 test vectors from RFC2202 | 1241 | * HMAC-SHA1 test vectors from RFC2202 |
821 | */ | 1242 | */ |
822 | #define HMAC_SHA1_TEST_VECTORS 7 | 1243 | #define HMAC_SHA1_TEST_VECTORS 7 |
@@ -1442,6 +1863,8 @@ static struct hash_testvec hmac_sha512_tv_template[] = { | |||
1442 | #define DES_CBC_DEC_TEST_VECTORS 4 | 1863 | #define DES_CBC_DEC_TEST_VECTORS 4 |
1443 | #define DES3_EDE_ENC_TEST_VECTORS 3 | 1864 | #define DES3_EDE_ENC_TEST_VECTORS 3 |
1444 | #define DES3_EDE_DEC_TEST_VECTORS 3 | 1865 | #define DES3_EDE_DEC_TEST_VECTORS 3 |
1866 | #define DES3_EDE_CBC_ENC_TEST_VECTORS 1 | ||
1867 | #define DES3_EDE_CBC_DEC_TEST_VECTORS 1 | ||
1445 | 1868 | ||
1446 | static struct cipher_testvec des_enc_tv_template[] = { | 1869 | static struct cipher_testvec des_enc_tv_template[] = { |
1447 | { /* From Applied Cryptography */ | 1870 | { /* From Applied Cryptography */ |
@@ -1680,9 +2103,6 @@ static struct cipher_testvec des_cbc_dec_tv_template[] = { | |||
1680 | }, | 2103 | }, |
1681 | }; | 2104 | }; |
1682 | 2105 | ||
1683 | /* | ||
1684 | * We really need some more test vectors, especially for DES3 CBC. | ||
1685 | */ | ||
1686 | static struct cipher_testvec des3_ede_enc_tv_template[] = { | 2106 | static struct cipher_testvec des3_ede_enc_tv_template[] = { |
1687 | { /* These are from openssl */ | 2107 | { /* These are from openssl */ |
1688 | .key = "\x01\x23\x45\x67\x89\xab\xcd\xef" | 2108 | .key = "\x01\x23\x45\x67\x89\xab\xcd\xef" |
@@ -1745,6 +2165,94 @@ static struct cipher_testvec des3_ede_dec_tv_template[] = { | |||
1745 | }, | 2165 | }, |
1746 | }; | 2166 | }; |
1747 | 2167 | ||
2168 | static struct cipher_testvec des3_ede_cbc_enc_tv_template[] = { | ||
2169 | { /* Generated from openssl */ | ||
2170 | .key = "\xE9\xC0\xFF\x2E\x76\x0B\x64\x24" | ||
2171 | "\x44\x4D\x99\x5A\x12\xD6\x40\xC0" | ||
2172 | "\xEA\xC2\x84\xE8\x14\x95\xDB\xE8", | ||
2173 | .klen = 24, | ||
2174 | .iv = "\x7D\x33\x88\x93\x0F\x93\xB2\x42", | ||
2175 | .input = "\x6f\x54\x20\x6f\x61\x4d\x79\x6e" | ||
2176 | "\x53\x20\x63\x65\x65\x72\x73\x74" | ||
2177 | "\x54\x20\x6f\x6f\x4d\x20\x6e\x61" | ||
2178 | "\x20\x79\x65\x53\x72\x63\x74\x65" | ||
2179 | "\x20\x73\x6f\x54\x20\x6f\x61\x4d" | ||
2180 | "\x79\x6e\x53\x20\x63\x65\x65\x72" | ||
2181 | "\x73\x74\x54\x20\x6f\x6f\x4d\x20" | ||
2182 | "\x6e\x61\x20\x79\x65\x53\x72\x63" | ||
2183 | "\x74\x65\x20\x73\x6f\x54\x20\x6f" | ||
2184 | "\x61\x4d\x79\x6e\x53\x20\x63\x65" | ||
2185 | "\x65\x72\x73\x74\x54\x20\x6f\x6f" | ||
2186 | "\x4d\x20\x6e\x61\x20\x79\x65\x53" | ||
2187 | "\x72\x63\x74\x65\x20\x73\x6f\x54" | ||
2188 | "\x20\x6f\x61\x4d\x79\x6e\x53\x20" | ||
2189 | "\x63\x65\x65\x72\x73\x74\x54\x20" | ||
2190 | "\x6f\x6f\x4d\x20\x6e\x61\x0a\x79", | ||
2191 | .ilen = 128, | ||
2192 | .result = "\x0e\x2d\xb6\x97\x3c\x56\x33\xf4" | ||
2193 | "\x67\x17\x21\xc7\x6e\x8a\xd5\x49" | ||
2194 | "\x74\xb3\x49\x05\xc5\x1c\xd0\xed" | ||
2195 | "\x12\x56\x5c\x53\x96\xb6\x00\x7d" | ||
2196 | "\x90\x48\xfc\xf5\x8d\x29\x39\xcc" | ||
2197 | "\x8a\xd5\x35\x18\x36\x23\x4e\xd7" | ||
2198 | "\x76\xd1\xda\x0c\x94\x67\xbb\x04" | ||
2199 | "\x8b\xf2\x03\x6c\xa8\xcf\xb6\xea" | ||
2200 | "\x22\x64\x47\xaa\x8f\x75\x13\xbf" | ||
2201 | "\x9f\xc2\xc3\xf0\xc9\x56\xc5\x7a" | ||
2202 | "\x71\x63\x2e\x89\x7b\x1e\x12\xca" | ||
2203 | "\xe2\x5f\xaf\xd8\xa4\xf8\xc9\x7a" | ||
2204 | "\xd6\xf9\x21\x31\x62\x44\x45\xa6" | ||
2205 | "\xd6\xbc\x5a\xd3\x2d\x54\x43\xcc" | ||
2206 | "\x9d\xde\xa5\x70\xe9\x42\x45\x8a" | ||
2207 | "\x6b\xfa\xb1\x91\x13\xb0\xd9\x19", | ||
2208 | .rlen = 128, | ||
2209 | }, | ||
2210 | }; | ||
2211 | |||
2212 | static struct cipher_testvec des3_ede_cbc_dec_tv_template[] = { | ||
2213 | { /* Generated from openssl */ | ||
2214 | .key = "\xE9\xC0\xFF\x2E\x76\x0B\x64\x24" | ||
2215 | "\x44\x4D\x99\x5A\x12\xD6\x40\xC0" | ||
2216 | "\xEA\xC2\x84\xE8\x14\x95\xDB\xE8", | ||
2217 | .klen = 24, | ||
2218 | .iv = "\x7D\x33\x88\x93\x0F\x93\xB2\x42", | ||
2219 | .input = "\x0e\x2d\xb6\x97\x3c\x56\x33\xf4" | ||
2220 | "\x67\x17\x21\xc7\x6e\x8a\xd5\x49" | ||
2221 | "\x74\xb3\x49\x05\xc5\x1c\xd0\xed" | ||
2222 | "\x12\x56\x5c\x53\x96\xb6\x00\x7d" | ||
2223 | "\x90\x48\xfc\xf5\x8d\x29\x39\xcc" | ||
2224 | "\x8a\xd5\x35\x18\x36\x23\x4e\xd7" | ||
2225 | "\x76\xd1\xda\x0c\x94\x67\xbb\x04" | ||
2226 | "\x8b\xf2\x03\x6c\xa8\xcf\xb6\xea" | ||
2227 | "\x22\x64\x47\xaa\x8f\x75\x13\xbf" | ||
2228 | "\x9f\xc2\xc3\xf0\xc9\x56\xc5\x7a" | ||
2229 | "\x71\x63\x2e\x89\x7b\x1e\x12\xca" | ||
2230 | "\xe2\x5f\xaf\xd8\xa4\xf8\xc9\x7a" | ||
2231 | "\xd6\xf9\x21\x31\x62\x44\x45\xa6" | ||
2232 | "\xd6\xbc\x5a\xd3\x2d\x54\x43\xcc" | ||
2233 | "\x9d\xde\xa5\x70\xe9\x42\x45\x8a" | ||
2234 | "\x6b\xfa\xb1\x91\x13\xb0\xd9\x19", | ||
2235 | .ilen = 128, | ||
2236 | .result = "\x6f\x54\x20\x6f\x61\x4d\x79\x6e" | ||
2237 | "\x53\x20\x63\x65\x65\x72\x73\x74" | ||
2238 | "\x54\x20\x6f\x6f\x4d\x20\x6e\x61" | ||
2239 | "\x20\x79\x65\x53\x72\x63\x74\x65" | ||
2240 | "\x20\x73\x6f\x54\x20\x6f\x61\x4d" | ||
2241 | "\x79\x6e\x53\x20\x63\x65\x65\x72" | ||
2242 | "\x73\x74\x54\x20\x6f\x6f\x4d\x20" | ||
2243 | "\x6e\x61\x20\x79\x65\x53\x72\x63" | ||
2244 | "\x74\x65\x20\x73\x6f\x54\x20\x6f" | ||
2245 | "\x61\x4d\x79\x6e\x53\x20\x63\x65" | ||
2246 | "\x65\x72\x73\x74\x54\x20\x6f\x6f" | ||
2247 | "\x4d\x20\x6e\x61\x20\x79\x65\x53" | ||
2248 | "\x72\x63\x74\x65\x20\x73\x6f\x54" | ||
2249 | "\x20\x6f\x61\x4d\x79\x6e\x53\x20" | ||
2250 | "\x63\x65\x65\x72\x73\x74\x54\x20" | ||
2251 | "\x6f\x6f\x4d\x20\x6e\x61\x0a\x79", | ||
2252 | .rlen = 128, | ||
2253 | }, | ||
2254 | }; | ||
2255 | |||
1748 | /* | 2256 | /* |
1749 | * Blowfish test vectors. | 2257 | * Blowfish test vectors. |
1750 | */ | 2258 | */ |