diff options
author | Linus Torvalds <torvalds@g5.osdl.org> | 2006-09-22 15:51:33 -0400 |
---|---|---|
committer | Linus Torvalds <torvalds@g5.osdl.org> | 2006-09-22 15:51:33 -0400 |
commit | 6bbd9b6d694ff7242d63cda2faac4bd59ee4328e (patch) | |
tree | 0641aa896e2ea01f4692973e5fbea429408854f4 /crypto | |
parent | a489d159229fcc07bbb7566ac4fac745b79197ad (diff) | |
parent | 3c164bd8153c4644a22dc2101b003c67cd2a0d0a (diff) |
Merge git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6
* git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6: (64 commits)
[BLOCK] dm-crypt: trivial comment improvements
[CRYPTO] api: Deprecate crypto_digest_* and crypto_alg_available
[CRYPTO] padlock: Convert padlock-sha to use crypto_hash
[CRYPTO] users: Use crypto_comp and crypto_has_*
[CRYPTO] api: Add crypto_comp and crypto_has_*
[CRYPTO] users: Use crypto_hash interface instead of crypto_digest
[SCSI] iscsi: Use crypto_hash interface instead of crypto_digest
[CRYPTO] digest: Remove old HMAC implementation
[CRYPTO] doc: Update documentation for hash and me
[SCTP]: Use HMAC template and hash interface
[IPSEC]: Use HMAC template and hash interface
[CRYPTO] tcrypt: Use HMAC template and hash interface
[CRYPTO] hmac: Add crypto template implementation
[CRYPTO] digest: Added user API for new hash type
[CRYPTO] api: Mark parts of cipher interface as deprecated
[PATCH] scatterlist: Add const to sg_set_buf/sg_init_one pointer argument
[CRYPTO] drivers: Remove obsolete block cipher operations
[CRYPTO] users: Use block ciphers where applicable
[SUNRPC] GSS: Use block ciphers where applicable
[IPSEC] ESP: Use block ciphers where applicable
...
Diffstat (limited to 'crypto')
-rw-r--r-- | crypto/Kconfig | 154 | ||||
-rw-r--r-- | crypto/Makefile | 16 | ||||
-rw-r--r-- | crypto/aes.c | 5 | ||||
-rw-r--r-- | crypto/algapi.c | 486 | ||||
-rw-r--r-- | crypto/anubis.c | 3 | ||||
-rw-r--r-- | crypto/api.c | 428 | ||||
-rw-r--r-- | crypto/arc4.c | 2 | ||||
-rw-r--r-- | crypto/blkcipher.c | 405 | ||||
-rw-r--r-- | crypto/blowfish.c | 3 | ||||
-rw-r--r-- | crypto/cast5.c | 8 | ||||
-rw-r--r-- | crypto/cast6.c | 5 | ||||
-rw-r--r-- | crypto/cbc.c | 344 | ||||
-rw-r--r-- | crypto/cipher.c | 117 | ||||
-rw-r--r-- | crypto/crc32c.c | 30 | ||||
-rw-r--r-- | crypto/crypto_null.c | 2 | ||||
-rw-r--r-- | crypto/cryptomgr.c | 156 | ||||
-rw-r--r-- | crypto/des.c | 6 | ||||
-rw-r--r-- | crypto/digest.c | 155 | ||||
-rw-r--r-- | crypto/ecb.c | 181 | ||||
-rw-r--r-- | crypto/hash.c | 61 | ||||
-rw-r--r-- | crypto/hmac.c | 278 | ||||
-rw-r--r-- | crypto/internal.h | 106 | ||||
-rw-r--r-- | crypto/khazad.c | 8 | ||||
-rw-r--r-- | crypto/michael_mic.c | 5 | ||||
-rw-r--r-- | crypto/proc.c | 13 | ||||
-rw-r--r-- | crypto/scatterwalk.c | 89 | ||||
-rw-r--r-- | crypto/scatterwalk.h | 52 | ||||
-rw-r--r-- | crypto/serpent.c | 19 | ||||
-rw-r--r-- | crypto/sha1.c | 3 | ||||
-rw-r--r-- | crypto/sha256.c | 3 | ||||
-rw-r--r-- | crypto/tcrypt.c | 901 | ||||
-rw-r--r-- | crypto/tcrypt.h | 202 | ||||
-rw-r--r-- | crypto/tea.c | 16 | ||||
-rw-r--r-- | crypto/twofish.c | 700 | ||||
-rw-r--r-- | crypto/twofish_common.c | 744 |
35 files changed, 4103 insertions, 1603 deletions
diff --git a/crypto/Kconfig b/crypto/Kconfig index ba133d557045..1e2f39c21180 100644 --- a/crypto/Kconfig +++ b/crypto/Kconfig | |||
@@ -9,47 +9,71 @@ config CRYPTO | |||
9 | help | 9 | help |
10 | This option provides the core Cryptographic API. | 10 | This option provides the core Cryptographic API. |
11 | 11 | ||
12 | if CRYPTO | ||
13 | |||
14 | config CRYPTO_ALGAPI | ||
15 | tristate | ||
16 | help | ||
17 | This option provides the API for cryptographic algorithms. | ||
18 | |||
19 | config CRYPTO_BLKCIPHER | ||
20 | tristate | ||
21 | select CRYPTO_ALGAPI | ||
22 | |||
23 | config CRYPTO_HASH | ||
24 | tristate | ||
25 | select CRYPTO_ALGAPI | ||
26 | |||
27 | config CRYPTO_MANAGER | ||
28 | tristate "Cryptographic algorithm manager" | ||
29 | select CRYPTO_ALGAPI | ||
30 | default m | ||
31 | help | ||
32 | Create default cryptographic template instantiations such as | ||
33 | cbc(aes). | ||
34 | |||
12 | config CRYPTO_HMAC | 35 | config CRYPTO_HMAC |
13 | bool "HMAC support" | 36 | tristate "HMAC support" |
14 | depends on CRYPTO | 37 | select CRYPTO_HASH |
15 | help | 38 | help |
16 | HMAC: Keyed-Hashing for Message Authentication (RFC2104). | 39 | HMAC: Keyed-Hashing for Message Authentication (RFC2104). |
17 | This is required for IPSec. | 40 | This is required for IPSec. |
18 | 41 | ||
19 | config CRYPTO_NULL | 42 | config CRYPTO_NULL |
20 | tristate "Null algorithms" | 43 | tristate "Null algorithms" |
21 | depends on CRYPTO | 44 | select CRYPTO_ALGAPI |
22 | help | 45 | help |
23 | These are 'Null' algorithms, used by IPsec, which do nothing. | 46 | These are 'Null' algorithms, used by IPsec, which do nothing. |
24 | 47 | ||
25 | config CRYPTO_MD4 | 48 | config CRYPTO_MD4 |
26 | tristate "MD4 digest algorithm" | 49 | tristate "MD4 digest algorithm" |
27 | depends on CRYPTO | 50 | select CRYPTO_ALGAPI |
28 | help | 51 | help |
29 | MD4 message digest algorithm (RFC1320). | 52 | MD4 message digest algorithm (RFC1320). |
30 | 53 | ||
31 | config CRYPTO_MD5 | 54 | config CRYPTO_MD5 |
32 | tristate "MD5 digest algorithm" | 55 | tristate "MD5 digest algorithm" |
33 | depends on CRYPTO | 56 | select CRYPTO_ALGAPI |
34 | help | 57 | help |
35 | MD5 message digest algorithm (RFC1321). | 58 | MD5 message digest algorithm (RFC1321). |
36 | 59 | ||
37 | config CRYPTO_SHA1 | 60 | config CRYPTO_SHA1 |
38 | tristate "SHA1 digest algorithm" | 61 | tristate "SHA1 digest algorithm" |
39 | depends on CRYPTO | 62 | select CRYPTO_ALGAPI |
40 | help | 63 | help |
41 | SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2). | 64 | SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2). |
42 | 65 | ||
43 | config CRYPTO_SHA1_S390 | 66 | config CRYPTO_SHA1_S390 |
44 | tristate "SHA1 digest algorithm (s390)" | 67 | tristate "SHA1 digest algorithm (s390)" |
45 | depends on CRYPTO && S390 | 68 | depends on S390 |
69 | select CRYPTO_ALGAPI | ||
46 | help | 70 | help |
47 | This is the s390 hardware accelerated implementation of the | 71 | This is the s390 hardware accelerated implementation of the |
48 | SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2). | 72 | SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2). |
49 | 73 | ||
50 | config CRYPTO_SHA256 | 74 | config CRYPTO_SHA256 |
51 | tristate "SHA256 digest algorithm" | 75 | tristate "SHA256 digest algorithm" |
52 | depends on CRYPTO | 76 | select CRYPTO_ALGAPI |
53 | help | 77 | help |
54 | SHA256 secure hash standard (DFIPS 180-2). | 78 | SHA256 secure hash standard (DFIPS 180-2). |
55 | 79 | ||
@@ -58,7 +82,8 @@ config CRYPTO_SHA256 | |||
58 | 82 | ||
59 | config CRYPTO_SHA256_S390 | 83 | config CRYPTO_SHA256_S390 |
60 | tristate "SHA256 digest algorithm (s390)" | 84 | tristate "SHA256 digest algorithm (s390)" |
61 | depends on CRYPTO && S390 | 85 | depends on S390 |
86 | select CRYPTO_ALGAPI | ||
62 | help | 87 | help |
63 | This is the s390 hardware accelerated implementation of the | 88 | This is the s390 hardware accelerated implementation of the |
64 | SHA256 secure hash standard (DFIPS 180-2). | 89 | SHA256 secure hash standard (DFIPS 180-2). |
@@ -68,7 +93,7 @@ config CRYPTO_SHA256_S390 | |||
68 | 93 | ||
69 | config CRYPTO_SHA512 | 94 | config CRYPTO_SHA512 |
70 | tristate "SHA384 and SHA512 digest algorithms" | 95 | tristate "SHA384 and SHA512 digest algorithms" |
71 | depends on CRYPTO | 96 | select CRYPTO_ALGAPI |
72 | help | 97 | help |
73 | SHA512 secure hash standard (DFIPS 180-2). | 98 | SHA512 secure hash standard (DFIPS 180-2). |
74 | 99 | ||
@@ -80,7 +105,7 @@ config CRYPTO_SHA512 | |||
80 | 105 | ||
81 | config CRYPTO_WP512 | 106 | config CRYPTO_WP512 |
82 | tristate "Whirlpool digest algorithms" | 107 | tristate "Whirlpool digest algorithms" |
83 | depends on CRYPTO | 108 | select CRYPTO_ALGAPI |
84 | help | 109 | help |
85 | Whirlpool hash algorithm 512, 384 and 256-bit hashes | 110 | Whirlpool hash algorithm 512, 384 and 256-bit hashes |
86 | 111 | ||
@@ -92,7 +117,7 @@ config CRYPTO_WP512 | |||
92 | 117 | ||
93 | config CRYPTO_TGR192 | 118 | config CRYPTO_TGR192 |
94 | tristate "Tiger digest algorithms" | 119 | tristate "Tiger digest algorithms" |
95 | depends on CRYPTO | 120 | select CRYPTO_ALGAPI |
96 | help | 121 | help |
97 | Tiger hash algorithm 192, 160 and 128-bit hashes | 122 | Tiger hash algorithm 192, 160 and 128-bit hashes |
98 | 123 | ||
@@ -103,21 +128,40 @@ config CRYPTO_TGR192 | |||
103 | See also: | 128 | See also: |
104 | <http://www.cs.technion.ac.il/~biham/Reports/Tiger/>. | 129 | <http://www.cs.technion.ac.il/~biham/Reports/Tiger/>. |
105 | 130 | ||
131 | config CRYPTO_ECB | ||
132 | tristate "ECB support" | ||
133 | select CRYPTO_BLKCIPHER | ||
134 | default m | ||
135 | help | ||
136 | ECB: Electronic CodeBook mode | ||
137 | This is the simplest block cipher algorithm. It simply encrypts | ||
138 | the input block by block. | ||
139 | |||
140 | config CRYPTO_CBC | ||
141 | tristate "CBC support" | ||
142 | select CRYPTO_BLKCIPHER | ||
143 | default m | ||
144 | help | ||
145 | CBC: Cipher Block Chaining mode | ||
146 | This block cipher algorithm is required for IPSec. | ||
147 | |||
106 | config CRYPTO_DES | 148 | config CRYPTO_DES |
107 | tristate "DES and Triple DES EDE cipher algorithms" | 149 | tristate "DES and Triple DES EDE cipher algorithms" |
108 | depends on CRYPTO | 150 | select CRYPTO_ALGAPI |
109 | help | 151 | help |
110 | DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3). | 152 | DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3). |
111 | 153 | ||
112 | config CRYPTO_DES_S390 | 154 | config CRYPTO_DES_S390 |
113 | tristate "DES and Triple DES cipher algorithms (s390)" | 155 | tristate "DES and Triple DES cipher algorithms (s390)" |
114 | depends on CRYPTO && S390 | 156 | depends on S390 |
157 | select CRYPTO_ALGAPI | ||
158 | select CRYPTO_BLKCIPHER | ||
115 | help | 159 | help |
116 | DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3). | 160 | DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3). |
117 | 161 | ||
118 | config CRYPTO_BLOWFISH | 162 | config CRYPTO_BLOWFISH |
119 | tristate "Blowfish cipher algorithm" | 163 | tristate "Blowfish cipher algorithm" |
120 | depends on CRYPTO | 164 | select CRYPTO_ALGAPI |
121 | help | 165 | help |
122 | Blowfish cipher algorithm, by Bruce Schneier. | 166 | Blowfish cipher algorithm, by Bruce Schneier. |
123 | 167 | ||
@@ -130,7 +174,8 @@ config CRYPTO_BLOWFISH | |||
130 | 174 | ||
131 | config CRYPTO_TWOFISH | 175 | config CRYPTO_TWOFISH |
132 | tristate "Twofish cipher algorithm" | 176 | tristate "Twofish cipher algorithm" |
133 | depends on CRYPTO | 177 | select CRYPTO_ALGAPI |
178 | select CRYPTO_TWOFISH_COMMON | ||
134 | help | 179 | help |
135 | Twofish cipher algorithm. | 180 | Twofish cipher algorithm. |
136 | 181 | ||
@@ -142,9 +187,47 @@ config CRYPTO_TWOFISH | |||
142 | See also: | 187 | See also: |
143 | <http://www.schneier.com/twofish.html> | 188 | <http://www.schneier.com/twofish.html> |
144 | 189 | ||
190 | config CRYPTO_TWOFISH_COMMON | ||
191 | tristate | ||
192 | help | ||
193 | Common parts of the Twofish cipher algorithm shared by the | ||
194 | generic c and the assembler implementations. | ||
195 | |||
196 | config CRYPTO_TWOFISH_586 | ||
197 | tristate "Twofish cipher algorithms (i586)" | ||
198 | depends on (X86 || UML_X86) && !64BIT | ||
199 | select CRYPTO_ALGAPI | ||
200 | select CRYPTO_TWOFISH_COMMON | ||
201 | help | ||
202 | Twofish cipher algorithm. | ||
203 | |||
204 | Twofish was submitted as an AES (Advanced Encryption Standard) | ||
205 | candidate cipher by researchers at CounterPane Systems. It is a | ||
206 | 16 round block cipher supporting key sizes of 128, 192, and 256 | ||
207 | bits. | ||
208 | |||
209 | See also: | ||
210 | <http://www.schneier.com/twofish.html> | ||
211 | |||
212 | config CRYPTO_TWOFISH_X86_64 | ||
213 | tristate "Twofish cipher algorithm (x86_64)" | ||
214 | depends on (X86 || UML_X86) && 64BIT | ||
215 | select CRYPTO_ALGAPI | ||
216 | select CRYPTO_TWOFISH_COMMON | ||
217 | help | ||
218 | Twofish cipher algorithm (x86_64). | ||
219 | |||
220 | Twofish was submitted as an AES (Advanced Encryption Standard) | ||
221 | candidate cipher by researchers at CounterPane Systems. It is a | ||
222 | 16 round block cipher supporting key sizes of 128, 192, and 256 | ||
223 | bits. | ||
224 | |||
225 | See also: | ||
226 | <http://www.schneier.com/twofish.html> | ||
227 | |||
145 | config CRYPTO_SERPENT | 228 | config CRYPTO_SERPENT |
146 | tristate "Serpent cipher algorithm" | 229 | tristate "Serpent cipher algorithm" |
147 | depends on CRYPTO | 230 | select CRYPTO_ALGAPI |
148 | help | 231 | help |
149 | Serpent cipher algorithm, by Anderson, Biham & Knudsen. | 232 | Serpent cipher algorithm, by Anderson, Biham & Knudsen. |
150 | 233 | ||
@@ -157,7 +240,7 @@ config CRYPTO_SERPENT | |||
157 | 240 | ||
158 | config CRYPTO_AES | 241 | config CRYPTO_AES |
159 | tristate "AES cipher algorithms" | 242 | tristate "AES cipher algorithms" |
160 | depends on CRYPTO | 243 | select CRYPTO_ALGAPI |
161 | help | 244 | help |
162 | AES cipher algorithms (FIPS-197). AES uses the Rijndael | 245 | AES cipher algorithms (FIPS-197). AES uses the Rijndael |
163 | algorithm. | 246 | algorithm. |
@@ -177,7 +260,8 @@ config CRYPTO_AES | |||
177 | 260 | ||
178 | config CRYPTO_AES_586 | 261 | config CRYPTO_AES_586 |
179 | tristate "AES cipher algorithms (i586)" | 262 | tristate "AES cipher algorithms (i586)" |
180 | depends on CRYPTO && ((X86 || UML_X86) && !64BIT) | 263 | depends on (X86 || UML_X86) && !64BIT |
264 | select CRYPTO_ALGAPI | ||
181 | help | 265 | help |
182 | AES cipher algorithms (FIPS-197). AES uses the Rijndael | 266 | AES cipher algorithms (FIPS-197). AES uses the Rijndael |
183 | algorithm. | 267 | algorithm. |
@@ -197,7 +281,8 @@ config CRYPTO_AES_586 | |||
197 | 281 | ||
198 | config CRYPTO_AES_X86_64 | 282 | config CRYPTO_AES_X86_64 |
199 | tristate "AES cipher algorithms (x86_64)" | 283 | tristate "AES cipher algorithms (x86_64)" |
200 | depends on CRYPTO && ((X86 || UML_X86) && 64BIT) | 284 | depends on (X86 || UML_X86) && 64BIT |
285 | select CRYPTO_ALGAPI | ||
201 | help | 286 | help |
202 | AES cipher algorithms (FIPS-197). AES uses the Rijndael | 287 | AES cipher algorithms (FIPS-197). AES uses the Rijndael |
203 | algorithm. | 288 | algorithm. |
@@ -217,7 +302,9 @@ config CRYPTO_AES_X86_64 | |||
217 | 302 | ||
218 | config CRYPTO_AES_S390 | 303 | config CRYPTO_AES_S390 |
219 | tristate "AES cipher algorithms (s390)" | 304 | tristate "AES cipher algorithms (s390)" |
220 | depends on CRYPTO && S390 | 305 | depends on S390 |
306 | select CRYPTO_ALGAPI | ||
307 | select CRYPTO_BLKCIPHER | ||
221 | help | 308 | help |
222 | This is the s390 hardware accelerated implementation of the | 309 | This is the s390 hardware accelerated implementation of the |
223 | AES cipher algorithms (FIPS-197). AES uses the Rijndael | 310 | AES cipher algorithms (FIPS-197). AES uses the Rijndael |
@@ -237,21 +324,21 @@ config CRYPTO_AES_S390 | |||
237 | 324 | ||
238 | config CRYPTO_CAST5 | 325 | config CRYPTO_CAST5 |
239 | tristate "CAST5 (CAST-128) cipher algorithm" | 326 | tristate "CAST5 (CAST-128) cipher algorithm" |
240 | depends on CRYPTO | 327 | select CRYPTO_ALGAPI |
241 | help | 328 | help |
242 | The CAST5 encryption algorithm (synonymous with CAST-128) is | 329 | The CAST5 encryption algorithm (synonymous with CAST-128) is |
243 | described in RFC2144. | 330 | described in RFC2144. |
244 | 331 | ||
245 | config CRYPTO_CAST6 | 332 | config CRYPTO_CAST6 |
246 | tristate "CAST6 (CAST-256) cipher algorithm" | 333 | tristate "CAST6 (CAST-256) cipher algorithm" |
247 | depends on CRYPTO | 334 | select CRYPTO_ALGAPI |
248 | help | 335 | help |
249 | The CAST6 encryption algorithm (synonymous with CAST-256) is | 336 | The CAST6 encryption algorithm (synonymous with CAST-256) is |
250 | described in RFC2612. | 337 | described in RFC2612. |
251 | 338 | ||
252 | config CRYPTO_TEA | 339 | config CRYPTO_TEA |
253 | tristate "TEA, XTEA and XETA cipher algorithms" | 340 | tristate "TEA, XTEA and XETA cipher algorithms" |
254 | depends on CRYPTO | 341 | select CRYPTO_ALGAPI |
255 | help | 342 | help |
256 | TEA cipher algorithm. | 343 | TEA cipher algorithm. |
257 | 344 | ||
@@ -268,7 +355,7 @@ config CRYPTO_TEA | |||
268 | 355 | ||
269 | config CRYPTO_ARC4 | 356 | config CRYPTO_ARC4 |
270 | tristate "ARC4 cipher algorithm" | 357 | tristate "ARC4 cipher algorithm" |
271 | depends on CRYPTO | 358 | select CRYPTO_ALGAPI |
272 | help | 359 | help |
273 | ARC4 cipher algorithm. | 360 | ARC4 cipher algorithm. |
274 | 361 | ||
@@ -279,7 +366,7 @@ config CRYPTO_ARC4 | |||
279 | 366 | ||
280 | config CRYPTO_KHAZAD | 367 | config CRYPTO_KHAZAD |
281 | tristate "Khazad cipher algorithm" | 368 | tristate "Khazad cipher algorithm" |
282 | depends on CRYPTO | 369 | select CRYPTO_ALGAPI |
283 | help | 370 | help |
284 | Khazad cipher algorithm. | 371 | Khazad cipher algorithm. |
285 | 372 | ||
@@ -292,7 +379,7 @@ config CRYPTO_KHAZAD | |||
292 | 379 | ||
293 | config CRYPTO_ANUBIS | 380 | config CRYPTO_ANUBIS |
294 | tristate "Anubis cipher algorithm" | 381 | tristate "Anubis cipher algorithm" |
295 | depends on CRYPTO | 382 | select CRYPTO_ALGAPI |
296 | help | 383 | help |
297 | Anubis cipher algorithm. | 384 | Anubis cipher algorithm. |
298 | 385 | ||
@@ -307,7 +394,7 @@ config CRYPTO_ANUBIS | |||
307 | 394 | ||
308 | config CRYPTO_DEFLATE | 395 | config CRYPTO_DEFLATE |
309 | tristate "Deflate compression algorithm" | 396 | tristate "Deflate compression algorithm" |
310 | depends on CRYPTO | 397 | select CRYPTO_ALGAPI |
311 | select ZLIB_INFLATE | 398 | select ZLIB_INFLATE |
312 | select ZLIB_DEFLATE | 399 | select ZLIB_DEFLATE |
313 | help | 400 | help |
@@ -318,7 +405,7 @@ config CRYPTO_DEFLATE | |||
318 | 405 | ||
319 | config CRYPTO_MICHAEL_MIC | 406 | config CRYPTO_MICHAEL_MIC |
320 | tristate "Michael MIC keyed digest algorithm" | 407 | tristate "Michael MIC keyed digest algorithm" |
321 | depends on CRYPTO | 408 | select CRYPTO_ALGAPI |
322 | help | 409 | help |
323 | Michael MIC is used for message integrity protection in TKIP | 410 | Michael MIC is used for message integrity protection in TKIP |
324 | (IEEE 802.11i). This algorithm is required for TKIP, but it | 411 | (IEEE 802.11i). This algorithm is required for TKIP, but it |
@@ -327,7 +414,7 @@ config CRYPTO_MICHAEL_MIC | |||
327 | 414 | ||
328 | config CRYPTO_CRC32C | 415 | config CRYPTO_CRC32C |
329 | tristate "CRC32c CRC algorithm" | 416 | tristate "CRC32c CRC algorithm" |
330 | depends on CRYPTO | 417 | select CRYPTO_ALGAPI |
331 | select LIBCRC32C | 418 | select LIBCRC32C |
332 | help | 419 | help |
333 | Castagnoli, et al Cyclic Redundancy-Check Algorithm. Used | 420 | Castagnoli, et al Cyclic Redundancy-Check Algorithm. Used |
@@ -337,10 +424,13 @@ config CRYPTO_CRC32C | |||
337 | 424 | ||
338 | config CRYPTO_TEST | 425 | config CRYPTO_TEST |
339 | tristate "Testing module" | 426 | tristate "Testing module" |
340 | depends on CRYPTO && m | 427 | depends on m |
428 | select CRYPTO_ALGAPI | ||
341 | help | 429 | help |
342 | Quick & dirty crypto test module. | 430 | Quick & dirty crypto test module. |
343 | 431 | ||
344 | source "drivers/crypto/Kconfig" | 432 | source "drivers/crypto/Kconfig" |
345 | endmenu | ||
346 | 433 | ||
434 | endif # if CRYPTO | ||
435 | |||
436 | endmenu | ||
diff --git a/crypto/Makefile b/crypto/Makefile index d287b9e60c47..72366208e291 100644 --- a/crypto/Makefile +++ b/crypto/Makefile | |||
@@ -2,11 +2,18 @@ | |||
2 | # Cryptographic API | 2 | # Cryptographic API |
3 | # | 3 | # |
4 | 4 | ||
5 | proc-crypto-$(CONFIG_PROC_FS) = proc.o | 5 | obj-$(CONFIG_CRYPTO) += api.o scatterwalk.o cipher.o digest.o compress.o |
6 | 6 | ||
7 | obj-$(CONFIG_CRYPTO) += api.o scatterwalk.o cipher.o digest.o compress.o \ | 7 | crypto_algapi-$(CONFIG_PROC_FS) += proc.o |
8 | $(proc-crypto-y) | 8 | crypto_algapi-objs := algapi.o $(crypto_algapi-y) |
9 | obj-$(CONFIG_CRYPTO_ALGAPI) += crypto_algapi.o | ||
9 | 10 | ||
11 | obj-$(CONFIG_CRYPTO_BLKCIPHER) += blkcipher.o | ||
12 | |||
13 | crypto_hash-objs := hash.o | ||
14 | obj-$(CONFIG_CRYPTO_HASH) += crypto_hash.o | ||
15 | |||
16 | obj-$(CONFIG_CRYPTO_MANAGER) += cryptomgr.o | ||
10 | obj-$(CONFIG_CRYPTO_HMAC) += hmac.o | 17 | obj-$(CONFIG_CRYPTO_HMAC) += hmac.o |
11 | obj-$(CONFIG_CRYPTO_NULL) += crypto_null.o | 18 | obj-$(CONFIG_CRYPTO_NULL) += crypto_null.o |
12 | obj-$(CONFIG_CRYPTO_MD4) += md4.o | 19 | obj-$(CONFIG_CRYPTO_MD4) += md4.o |
@@ -16,9 +23,12 @@ obj-$(CONFIG_CRYPTO_SHA256) += sha256.o | |||
16 | obj-$(CONFIG_CRYPTO_SHA512) += sha512.o | 23 | obj-$(CONFIG_CRYPTO_SHA512) += sha512.o |
17 | obj-$(CONFIG_CRYPTO_WP512) += wp512.o | 24 | obj-$(CONFIG_CRYPTO_WP512) += wp512.o |
18 | obj-$(CONFIG_CRYPTO_TGR192) += tgr192.o | 25 | obj-$(CONFIG_CRYPTO_TGR192) += tgr192.o |
26 | obj-$(CONFIG_CRYPTO_ECB) += ecb.o | ||
27 | obj-$(CONFIG_CRYPTO_CBC) += cbc.o | ||
19 | obj-$(CONFIG_CRYPTO_DES) += des.o | 28 | obj-$(CONFIG_CRYPTO_DES) += des.o |
20 | obj-$(CONFIG_CRYPTO_BLOWFISH) += blowfish.o | 29 | obj-$(CONFIG_CRYPTO_BLOWFISH) += blowfish.o |
21 | obj-$(CONFIG_CRYPTO_TWOFISH) += twofish.o | 30 | obj-$(CONFIG_CRYPTO_TWOFISH) += twofish.o |
31 | obj-$(CONFIG_CRYPTO_TWOFISH_COMMON) += twofish_common.o | ||
22 | obj-$(CONFIG_CRYPTO_SERPENT) += serpent.o | 32 | obj-$(CONFIG_CRYPTO_SERPENT) += serpent.o |
23 | obj-$(CONFIG_CRYPTO_AES) += aes.o | 33 | obj-$(CONFIG_CRYPTO_AES) += aes.o |
24 | obj-$(CONFIG_CRYPTO_CAST5) += cast5.o | 34 | obj-$(CONFIG_CRYPTO_CAST5) += cast5.o |
diff --git a/crypto/aes.c b/crypto/aes.c index a038711831e7..e2440773878c 100644 --- a/crypto/aes.c +++ b/crypto/aes.c | |||
@@ -249,13 +249,14 @@ gen_tabs (void) | |||
249 | } | 249 | } |
250 | 250 | ||
251 | static int aes_set_key(struct crypto_tfm *tfm, const u8 *in_key, | 251 | static int aes_set_key(struct crypto_tfm *tfm, const u8 *in_key, |
252 | unsigned int key_len, u32 *flags) | 252 | unsigned int key_len) |
253 | { | 253 | { |
254 | struct aes_ctx *ctx = crypto_tfm_ctx(tfm); | 254 | struct aes_ctx *ctx = crypto_tfm_ctx(tfm); |
255 | const __le32 *key = (const __le32 *)in_key; | 255 | const __le32 *key = (const __le32 *)in_key; |
256 | u32 *flags = &tfm->crt_flags; | ||
256 | u32 i, t, u, v, w; | 257 | u32 i, t, u, v, w; |
257 | 258 | ||
258 | if (key_len != 16 && key_len != 24 && key_len != 32) { | 259 | if (key_len % 8) { |
259 | *flags |= CRYPTO_TFM_RES_BAD_KEY_LEN; | 260 | *flags |= CRYPTO_TFM_RES_BAD_KEY_LEN; |
260 | return -EINVAL; | 261 | return -EINVAL; |
261 | } | 262 | } |
diff --git a/crypto/algapi.c b/crypto/algapi.c new file mode 100644 index 000000000000..c91530021e9c --- /dev/null +++ b/crypto/algapi.c | |||
@@ -0,0 +1,486 @@ | |||
1 | /* | ||
2 | * Cryptographic API for algorithms (i.e., low-level API). | ||
3 | * | ||
4 | * Copyright (c) 2006 Herbert Xu <herbert@gondor.apana.org.au> | ||
5 | * | ||
6 | * This program is free software; you can redistribute it and/or modify it | ||
7 | * under the terms of the GNU General Public License as published by the Free | ||
8 | * Software Foundation; either version 2 of the License, or (at your option) | ||
9 | * any later version. | ||
10 | * | ||
11 | */ | ||
12 | |||
13 | #include <linux/err.h> | ||
14 | #include <linux/errno.h> | ||
15 | #include <linux/init.h> | ||
16 | #include <linux/kernel.h> | ||
17 | #include <linux/list.h> | ||
18 | #include <linux/module.h> | ||
19 | #include <linux/rtnetlink.h> | ||
20 | #include <linux/string.h> | ||
21 | |||
22 | #include "internal.h" | ||
23 | |||
24 | static LIST_HEAD(crypto_template_list); | ||
25 | |||
26 | void crypto_larval_error(const char *name, u32 type, u32 mask) | ||
27 | { | ||
28 | struct crypto_alg *alg; | ||
29 | |||
30 | down_read(&crypto_alg_sem); | ||
31 | alg = __crypto_alg_lookup(name, type, mask); | ||
32 | up_read(&crypto_alg_sem); | ||
33 | |||
34 | if (alg) { | ||
35 | if (crypto_is_larval(alg)) { | ||
36 | struct crypto_larval *larval = (void *)alg; | ||
37 | complete(&larval->completion); | ||
38 | } | ||
39 | crypto_mod_put(alg); | ||
40 | } | ||
41 | } | ||
42 | EXPORT_SYMBOL_GPL(crypto_larval_error); | ||
43 | |||
44 | static inline int crypto_set_driver_name(struct crypto_alg *alg) | ||
45 | { | ||
46 | static const char suffix[] = "-generic"; | ||
47 | char *driver_name = alg->cra_driver_name; | ||
48 | int len; | ||
49 | |||
50 | if (*driver_name) | ||
51 | return 0; | ||
52 | |||
53 | len = strlcpy(driver_name, alg->cra_name, CRYPTO_MAX_ALG_NAME); | ||
54 | if (len + sizeof(suffix) > CRYPTO_MAX_ALG_NAME) | ||
55 | return -ENAMETOOLONG; | ||
56 | |||
57 | memcpy(driver_name + len, suffix, sizeof(suffix)); | ||
58 | return 0; | ||
59 | } | ||
60 | |||
61 | static int crypto_check_alg(struct crypto_alg *alg) | ||
62 | { | ||
63 | if (alg->cra_alignmask & (alg->cra_alignmask + 1)) | ||
64 | return -EINVAL; | ||
65 | |||
66 | if (alg->cra_alignmask & alg->cra_blocksize) | ||
67 | return -EINVAL; | ||
68 | |||
69 | if (alg->cra_blocksize > PAGE_SIZE / 8) | ||
70 | return -EINVAL; | ||
71 | |||
72 | if (alg->cra_priority < 0) | ||
73 | return -EINVAL; | ||
74 | |||
75 | return crypto_set_driver_name(alg); | ||
76 | } | ||
77 | |||
78 | static void crypto_destroy_instance(struct crypto_alg *alg) | ||
79 | { | ||
80 | struct crypto_instance *inst = (void *)alg; | ||
81 | struct crypto_template *tmpl = inst->tmpl; | ||
82 | |||
83 | tmpl->free(inst); | ||
84 | crypto_tmpl_put(tmpl); | ||
85 | } | ||
86 | |||
87 | static void crypto_remove_spawns(struct list_head *spawns, | ||
88 | struct list_head *list) | ||
89 | { | ||
90 | struct crypto_spawn *spawn, *n; | ||
91 | |||
92 | list_for_each_entry_safe(spawn, n, spawns, list) { | ||
93 | struct crypto_instance *inst = spawn->inst; | ||
94 | struct crypto_template *tmpl = inst->tmpl; | ||
95 | |||
96 | list_del_init(&spawn->list); | ||
97 | spawn->alg = NULL; | ||
98 | |||
99 | if (crypto_is_dead(&inst->alg)) | ||
100 | continue; | ||
101 | |||
102 | inst->alg.cra_flags |= CRYPTO_ALG_DEAD; | ||
103 | if (!tmpl || !crypto_tmpl_get(tmpl)) | ||
104 | continue; | ||
105 | |||
106 | crypto_notify(CRYPTO_MSG_ALG_UNREGISTER, &inst->alg); | ||
107 | list_move(&inst->alg.cra_list, list); | ||
108 | hlist_del(&inst->list); | ||
109 | inst->alg.cra_destroy = crypto_destroy_instance; | ||
110 | |||
111 | if (!list_empty(&inst->alg.cra_users)) { | ||
112 | if (&n->list == spawns) | ||
113 | n = list_entry(inst->alg.cra_users.next, | ||
114 | typeof(*n), list); | ||
115 | __list_splice(&inst->alg.cra_users, spawns->prev); | ||
116 | } | ||
117 | } | ||
118 | } | ||
119 | |||
120 | static int __crypto_register_alg(struct crypto_alg *alg, | ||
121 | struct list_head *list) | ||
122 | { | ||
123 | struct crypto_alg *q; | ||
124 | int ret = -EAGAIN; | ||
125 | |||
126 | if (crypto_is_dead(alg)) | ||
127 | goto out; | ||
128 | |||
129 | INIT_LIST_HEAD(&alg->cra_users); | ||
130 | |||
131 | ret = -EEXIST; | ||
132 | |||
133 | atomic_set(&alg->cra_refcnt, 1); | ||
134 | list_for_each_entry(q, &crypto_alg_list, cra_list) { | ||
135 | if (q == alg) | ||
136 | goto out; | ||
137 | |||
138 | if (crypto_is_moribund(q)) | ||
139 | continue; | ||
140 | |||
141 | if (crypto_is_larval(q)) { | ||
142 | struct crypto_larval *larval = (void *)q; | ||
143 | |||
144 | if (strcmp(alg->cra_name, q->cra_name) && | ||
145 | strcmp(alg->cra_driver_name, q->cra_name)) | ||
146 | continue; | ||
147 | |||
148 | if (larval->adult) | ||
149 | continue; | ||
150 | if ((q->cra_flags ^ alg->cra_flags) & larval->mask) | ||
151 | continue; | ||
152 | if (!crypto_mod_get(alg)) | ||
153 | continue; | ||
154 | |||
155 | larval->adult = alg; | ||
156 | complete(&larval->completion); | ||
157 | continue; | ||
158 | } | ||
159 | |||
160 | if (strcmp(alg->cra_name, q->cra_name)) | ||
161 | continue; | ||
162 | |||
163 | if (strcmp(alg->cra_driver_name, q->cra_driver_name) && | ||
164 | q->cra_priority > alg->cra_priority) | ||
165 | continue; | ||
166 | |||
167 | crypto_remove_spawns(&q->cra_users, list); | ||
168 | } | ||
169 | |||
170 | list_add(&alg->cra_list, &crypto_alg_list); | ||
171 | |||
172 | crypto_notify(CRYPTO_MSG_ALG_REGISTER, alg); | ||
173 | ret = 0; | ||
174 | |||
175 | out: | ||
176 | return ret; | ||
177 | } | ||
178 | |||
179 | static void crypto_remove_final(struct list_head *list) | ||
180 | { | ||
181 | struct crypto_alg *alg; | ||
182 | struct crypto_alg *n; | ||
183 | |||
184 | list_for_each_entry_safe(alg, n, list, cra_list) { | ||
185 | list_del_init(&alg->cra_list); | ||
186 | crypto_alg_put(alg); | ||
187 | } | ||
188 | } | ||
189 | |||
190 | int crypto_register_alg(struct crypto_alg *alg) | ||
191 | { | ||
192 | LIST_HEAD(list); | ||
193 | int err; | ||
194 | |||
195 | err = crypto_check_alg(alg); | ||
196 | if (err) | ||
197 | return err; | ||
198 | |||
199 | down_write(&crypto_alg_sem); | ||
200 | err = __crypto_register_alg(alg, &list); | ||
201 | up_write(&crypto_alg_sem); | ||
202 | |||
203 | crypto_remove_final(&list); | ||
204 | return err; | ||
205 | } | ||
206 | EXPORT_SYMBOL_GPL(crypto_register_alg); | ||
207 | |||
208 | static int crypto_remove_alg(struct crypto_alg *alg, struct list_head *list) | ||
209 | { | ||
210 | if (unlikely(list_empty(&alg->cra_list))) | ||
211 | return -ENOENT; | ||
212 | |||
213 | alg->cra_flags |= CRYPTO_ALG_DEAD; | ||
214 | |||
215 | crypto_notify(CRYPTO_MSG_ALG_UNREGISTER, alg); | ||
216 | list_del_init(&alg->cra_list); | ||
217 | crypto_remove_spawns(&alg->cra_users, list); | ||
218 | |||
219 | return 0; | ||
220 | } | ||
221 | |||
222 | int crypto_unregister_alg(struct crypto_alg *alg) | ||
223 | { | ||
224 | int ret; | ||
225 | LIST_HEAD(list); | ||
226 | |||
227 | down_write(&crypto_alg_sem); | ||
228 | ret = crypto_remove_alg(alg, &list); | ||
229 | up_write(&crypto_alg_sem); | ||
230 | |||
231 | if (ret) | ||
232 | return ret; | ||
233 | |||
234 | BUG_ON(atomic_read(&alg->cra_refcnt) != 1); | ||
235 | if (alg->cra_destroy) | ||
236 | alg->cra_destroy(alg); | ||
237 | |||
238 | crypto_remove_final(&list); | ||
239 | return 0; | ||
240 | } | ||
241 | EXPORT_SYMBOL_GPL(crypto_unregister_alg); | ||
242 | |||
243 | int crypto_register_template(struct crypto_template *tmpl) | ||
244 | { | ||
245 | struct crypto_template *q; | ||
246 | int err = -EEXIST; | ||
247 | |||
248 | down_write(&crypto_alg_sem); | ||
249 | |||
250 | list_for_each_entry(q, &crypto_template_list, list) { | ||
251 | if (q == tmpl) | ||
252 | goto out; | ||
253 | } | ||
254 | |||
255 | list_add(&tmpl->list, &crypto_template_list); | ||
256 | crypto_notify(CRYPTO_MSG_TMPL_REGISTER, tmpl); | ||
257 | err = 0; | ||
258 | out: | ||
259 | up_write(&crypto_alg_sem); | ||
260 | return err; | ||
261 | } | ||
262 | EXPORT_SYMBOL_GPL(crypto_register_template); | ||
263 | |||
264 | void crypto_unregister_template(struct crypto_template *tmpl) | ||
265 | { | ||
266 | struct crypto_instance *inst; | ||
267 | struct hlist_node *p, *n; | ||
268 | struct hlist_head *list; | ||
269 | LIST_HEAD(users); | ||
270 | |||
271 | down_write(&crypto_alg_sem); | ||
272 | |||
273 | BUG_ON(list_empty(&tmpl->list)); | ||
274 | list_del_init(&tmpl->list); | ||
275 | |||
276 | list = &tmpl->instances; | ||
277 | hlist_for_each_entry(inst, p, list, list) { | ||
278 | int err = crypto_remove_alg(&inst->alg, &users); | ||
279 | BUG_ON(err); | ||
280 | } | ||
281 | |||
282 | crypto_notify(CRYPTO_MSG_TMPL_UNREGISTER, tmpl); | ||
283 | |||
284 | up_write(&crypto_alg_sem); | ||
285 | |||
286 | hlist_for_each_entry_safe(inst, p, n, list, list) { | ||
287 | BUG_ON(atomic_read(&inst->alg.cra_refcnt) != 1); | ||
288 | tmpl->free(inst); | ||
289 | } | ||
290 | crypto_remove_final(&users); | ||
291 | } | ||
292 | EXPORT_SYMBOL_GPL(crypto_unregister_template); | ||
293 | |||
294 | static struct crypto_template *__crypto_lookup_template(const char *name) | ||
295 | { | ||
296 | struct crypto_template *q, *tmpl = NULL; | ||
297 | |||
298 | down_read(&crypto_alg_sem); | ||
299 | list_for_each_entry(q, &crypto_template_list, list) { | ||
300 | if (strcmp(q->name, name)) | ||
301 | continue; | ||
302 | if (unlikely(!crypto_tmpl_get(q))) | ||
303 | continue; | ||
304 | |||
305 | tmpl = q; | ||
306 | break; | ||
307 | } | ||
308 | up_read(&crypto_alg_sem); | ||
309 | |||
310 | return tmpl; | ||
311 | } | ||
312 | |||
313 | struct crypto_template *crypto_lookup_template(const char *name) | ||
314 | { | ||
315 | return try_then_request_module(__crypto_lookup_template(name), name); | ||
316 | } | ||
317 | EXPORT_SYMBOL_GPL(crypto_lookup_template); | ||
318 | |||
319 | int crypto_register_instance(struct crypto_template *tmpl, | ||
320 | struct crypto_instance *inst) | ||
321 | { | ||
322 | LIST_HEAD(list); | ||
323 | int err = -EINVAL; | ||
324 | |||
325 | if (inst->alg.cra_destroy) | ||
326 | goto err; | ||
327 | |||
328 | err = crypto_check_alg(&inst->alg); | ||
329 | if (err) | ||
330 | goto err; | ||
331 | |||
332 | inst->alg.cra_module = tmpl->module; | ||
333 | |||
334 | down_write(&crypto_alg_sem); | ||
335 | |||
336 | err = __crypto_register_alg(&inst->alg, &list); | ||
337 | if (err) | ||
338 | goto unlock; | ||
339 | |||
340 | hlist_add_head(&inst->list, &tmpl->instances); | ||
341 | inst->tmpl = tmpl; | ||
342 | |||
343 | unlock: | ||
344 | up_write(&crypto_alg_sem); | ||
345 | |||
346 | crypto_remove_final(&list); | ||
347 | |||
348 | err: | ||
349 | return err; | ||
350 | } | ||
351 | EXPORT_SYMBOL_GPL(crypto_register_instance); | ||
352 | |||
353 | int crypto_init_spawn(struct crypto_spawn *spawn, struct crypto_alg *alg, | ||
354 | struct crypto_instance *inst) | ||
355 | { | ||
356 | int err = -EAGAIN; | ||
357 | |||
358 | spawn->inst = inst; | ||
359 | |||
360 | down_write(&crypto_alg_sem); | ||
361 | if (!crypto_is_moribund(alg)) { | ||
362 | list_add(&spawn->list, &alg->cra_users); | ||
363 | spawn->alg = alg; | ||
364 | err = 0; | ||
365 | } | ||
366 | up_write(&crypto_alg_sem); | ||
367 | |||
368 | return err; | ||
369 | } | ||
370 | EXPORT_SYMBOL_GPL(crypto_init_spawn); | ||
371 | |||
372 | void crypto_drop_spawn(struct crypto_spawn *spawn) | ||
373 | { | ||
374 | down_write(&crypto_alg_sem); | ||
375 | list_del(&spawn->list); | ||
376 | up_write(&crypto_alg_sem); | ||
377 | } | ||
378 | EXPORT_SYMBOL_GPL(crypto_drop_spawn); | ||
379 | |||
380 | struct crypto_tfm *crypto_spawn_tfm(struct crypto_spawn *spawn) | ||
381 | { | ||
382 | struct crypto_alg *alg; | ||
383 | struct crypto_alg *alg2; | ||
384 | struct crypto_tfm *tfm; | ||
385 | |||
386 | down_read(&crypto_alg_sem); | ||
387 | alg = spawn->alg; | ||
388 | alg2 = alg; | ||
389 | if (alg2) | ||
390 | alg2 = crypto_mod_get(alg2); | ||
391 | up_read(&crypto_alg_sem); | ||
392 | |||
393 | if (!alg2) { | ||
394 | if (alg) | ||
395 | crypto_shoot_alg(alg); | ||
396 | return ERR_PTR(-EAGAIN); | ||
397 | } | ||
398 | |||
399 | tfm = __crypto_alloc_tfm(alg, 0); | ||
400 | if (IS_ERR(tfm)) | ||
401 | crypto_mod_put(alg); | ||
402 | |||
403 | return tfm; | ||
404 | } | ||
405 | EXPORT_SYMBOL_GPL(crypto_spawn_tfm); | ||
406 | |||
407 | int crypto_register_notifier(struct notifier_block *nb) | ||
408 | { | ||
409 | return blocking_notifier_chain_register(&crypto_chain, nb); | ||
410 | } | ||
411 | EXPORT_SYMBOL_GPL(crypto_register_notifier); | ||
412 | |||
413 | int crypto_unregister_notifier(struct notifier_block *nb) | ||
414 | { | ||
415 | return blocking_notifier_chain_unregister(&crypto_chain, nb); | ||
416 | } | ||
417 | EXPORT_SYMBOL_GPL(crypto_unregister_notifier); | ||
418 | |||
419 | struct crypto_alg *crypto_get_attr_alg(void *param, unsigned int len, | ||
420 | u32 type, u32 mask) | ||
421 | { | ||
422 | struct rtattr *rta = param; | ||
423 | struct crypto_attr_alg *alga; | ||
424 | |||
425 | if (!RTA_OK(rta, len)) | ||
426 | return ERR_PTR(-EBADR); | ||
427 | if (rta->rta_type != CRYPTOA_ALG || RTA_PAYLOAD(rta) < sizeof(*alga)) | ||
428 | return ERR_PTR(-EINVAL); | ||
429 | |||
430 | alga = RTA_DATA(rta); | ||
431 | alga->name[CRYPTO_MAX_ALG_NAME - 1] = 0; | ||
432 | |||
433 | return crypto_alg_mod_lookup(alga->name, type, mask); | ||
434 | } | ||
435 | EXPORT_SYMBOL_GPL(crypto_get_attr_alg); | ||
436 | |||
437 | struct crypto_instance *crypto_alloc_instance(const char *name, | ||
438 | struct crypto_alg *alg) | ||
439 | { | ||
440 | struct crypto_instance *inst; | ||
441 | struct crypto_spawn *spawn; | ||
442 | int err; | ||
443 | |||
444 | inst = kzalloc(sizeof(*inst) + sizeof(*spawn), GFP_KERNEL); | ||
445 | if (!inst) | ||
446 | return ERR_PTR(-ENOMEM); | ||
447 | |||
448 | err = -ENAMETOOLONG; | ||
449 | if (snprintf(inst->alg.cra_name, CRYPTO_MAX_ALG_NAME, "%s(%s)", name, | ||
450 | alg->cra_name) >= CRYPTO_MAX_ALG_NAME) | ||
451 | goto err_free_inst; | ||
452 | |||
453 | if (snprintf(inst->alg.cra_driver_name, CRYPTO_MAX_ALG_NAME, "%s(%s)", | ||
454 | name, alg->cra_driver_name) >= CRYPTO_MAX_ALG_NAME) | ||
455 | goto err_free_inst; | ||
456 | |||
457 | spawn = crypto_instance_ctx(inst); | ||
458 | err = crypto_init_spawn(spawn, alg, inst); | ||
459 | |||
460 | if (err) | ||
461 | goto err_free_inst; | ||
462 | |||
463 | return inst; | ||
464 | |||
465 | err_free_inst: | ||
466 | kfree(inst); | ||
467 | return ERR_PTR(err); | ||
468 | } | ||
469 | EXPORT_SYMBOL_GPL(crypto_alloc_instance); | ||
470 | |||
471 | static int __init crypto_algapi_init(void) | ||
472 | { | ||
473 | crypto_init_proc(); | ||
474 | return 0; | ||
475 | } | ||
476 | |||
477 | static void __exit crypto_algapi_exit(void) | ||
478 | { | ||
479 | crypto_exit_proc(); | ||
480 | } | ||
481 | |||
482 | module_init(crypto_algapi_init); | ||
483 | module_exit(crypto_algapi_exit); | ||
484 | |||
485 | MODULE_LICENSE("GPL"); | ||
486 | MODULE_DESCRIPTION("Cryptographic algorithms API"); | ||
diff --git a/crypto/anubis.c b/crypto/anubis.c index 7e2e1a29800e..1c771f7f4dc5 100644 --- a/crypto/anubis.c +++ b/crypto/anubis.c | |||
@@ -461,10 +461,11 @@ static const u32 rc[] = { | |||
461 | }; | 461 | }; |
462 | 462 | ||
463 | static int anubis_setkey(struct crypto_tfm *tfm, const u8 *in_key, | 463 | static int anubis_setkey(struct crypto_tfm *tfm, const u8 *in_key, |
464 | unsigned int key_len, u32 *flags) | 464 | unsigned int key_len) |
465 | { | 465 | { |
466 | struct anubis_ctx *ctx = crypto_tfm_ctx(tfm); | 466 | struct anubis_ctx *ctx = crypto_tfm_ctx(tfm); |
467 | const __be32 *key = (const __be32 *)in_key; | 467 | const __be32 *key = (const __be32 *)in_key; |
468 | u32 *flags = &tfm->crt_flags; | ||
468 | int N, R, i, r; | 469 | int N, R, i, r; |
469 | u32 kappa[ANUBIS_MAX_N]; | 470 | u32 kappa[ANUBIS_MAX_N]; |
470 | u32 inter[ANUBIS_MAX_N]; | 471 | u32 inter[ANUBIS_MAX_N]; |
diff --git a/crypto/api.c b/crypto/api.c index c11ec1fd4f18..2e84d4b54790 100644 --- a/crypto/api.c +++ b/crypto/api.c | |||
@@ -15,70 +15,202 @@ | |||
15 | * | 15 | * |
16 | */ | 16 | */ |
17 | 17 | ||
18 | #include <linux/compiler.h> | 18 | #include <linux/err.h> |
19 | #include <linux/init.h> | ||
20 | #include <linux/crypto.h> | ||
21 | #include <linux/errno.h> | 19 | #include <linux/errno.h> |
22 | #include <linux/kernel.h> | 20 | #include <linux/kernel.h> |
23 | #include <linux/kmod.h> | 21 | #include <linux/kmod.h> |
24 | #include <linux/rwsem.h> | 22 | #include <linux/module.h> |
23 | #include <linux/param.h> | ||
24 | #include <linux/sched.h> | ||
25 | #include <linux/slab.h> | 25 | #include <linux/slab.h> |
26 | #include <linux/string.h> | 26 | #include <linux/string.h> |
27 | #include "internal.h" | 27 | #include "internal.h" |
28 | 28 | ||
29 | LIST_HEAD(crypto_alg_list); | 29 | LIST_HEAD(crypto_alg_list); |
30 | EXPORT_SYMBOL_GPL(crypto_alg_list); | ||
30 | DECLARE_RWSEM(crypto_alg_sem); | 31 | DECLARE_RWSEM(crypto_alg_sem); |
32 | EXPORT_SYMBOL_GPL(crypto_alg_sem); | ||
31 | 33 | ||
32 | static inline int crypto_alg_get(struct crypto_alg *alg) | 34 | BLOCKING_NOTIFIER_HEAD(crypto_chain); |
35 | EXPORT_SYMBOL_GPL(crypto_chain); | ||
36 | |||
37 | static inline struct crypto_alg *crypto_alg_get(struct crypto_alg *alg) | ||
38 | { | ||
39 | atomic_inc(&alg->cra_refcnt); | ||
40 | return alg; | ||
41 | } | ||
42 | |||
43 | struct crypto_alg *crypto_mod_get(struct crypto_alg *alg) | ||
33 | { | 44 | { |
34 | return try_module_get(alg->cra_module); | 45 | return try_module_get(alg->cra_module) ? crypto_alg_get(alg) : NULL; |
35 | } | 46 | } |
47 | EXPORT_SYMBOL_GPL(crypto_mod_get); | ||
36 | 48 | ||
37 | static inline void crypto_alg_put(struct crypto_alg *alg) | 49 | void crypto_mod_put(struct crypto_alg *alg) |
38 | { | 50 | { |
51 | crypto_alg_put(alg); | ||
39 | module_put(alg->cra_module); | 52 | module_put(alg->cra_module); |
40 | } | 53 | } |
54 | EXPORT_SYMBOL_GPL(crypto_mod_put); | ||
41 | 55 | ||
42 | static struct crypto_alg *crypto_alg_lookup(const char *name) | 56 | struct crypto_alg *__crypto_alg_lookup(const char *name, u32 type, u32 mask) |
43 | { | 57 | { |
44 | struct crypto_alg *q, *alg = NULL; | 58 | struct crypto_alg *q, *alg = NULL; |
45 | int best = -1; | 59 | int best = -2; |
46 | 60 | ||
47 | if (!name) | ||
48 | return NULL; | ||
49 | |||
50 | down_read(&crypto_alg_sem); | ||
51 | |||
52 | list_for_each_entry(q, &crypto_alg_list, cra_list) { | 61 | list_for_each_entry(q, &crypto_alg_list, cra_list) { |
53 | int exact, fuzzy; | 62 | int exact, fuzzy; |
54 | 63 | ||
64 | if (crypto_is_moribund(q)) | ||
65 | continue; | ||
66 | |||
67 | if ((q->cra_flags ^ type) & mask) | ||
68 | continue; | ||
69 | |||
70 | if (crypto_is_larval(q) && | ||
71 | ((struct crypto_larval *)q)->mask != mask) | ||
72 | continue; | ||
73 | |||
55 | exact = !strcmp(q->cra_driver_name, name); | 74 | exact = !strcmp(q->cra_driver_name, name); |
56 | fuzzy = !strcmp(q->cra_name, name); | 75 | fuzzy = !strcmp(q->cra_name, name); |
57 | if (!exact && !(fuzzy && q->cra_priority > best)) | 76 | if (!exact && !(fuzzy && q->cra_priority > best)) |
58 | continue; | 77 | continue; |
59 | 78 | ||
60 | if (unlikely(!crypto_alg_get(q))) | 79 | if (unlikely(!crypto_mod_get(q))) |
61 | continue; | 80 | continue; |
62 | 81 | ||
63 | best = q->cra_priority; | 82 | best = q->cra_priority; |
64 | if (alg) | 83 | if (alg) |
65 | crypto_alg_put(alg); | 84 | crypto_mod_put(alg); |
66 | alg = q; | 85 | alg = q; |
67 | 86 | ||
68 | if (exact) | 87 | if (exact) |
69 | break; | 88 | break; |
70 | } | 89 | } |
71 | 90 | ||
91 | return alg; | ||
92 | } | ||
93 | EXPORT_SYMBOL_GPL(__crypto_alg_lookup); | ||
94 | |||
95 | static void crypto_larval_destroy(struct crypto_alg *alg) | ||
96 | { | ||
97 | struct crypto_larval *larval = (void *)alg; | ||
98 | |||
99 | BUG_ON(!crypto_is_larval(alg)); | ||
100 | if (larval->adult) | ||
101 | crypto_mod_put(larval->adult); | ||
102 | kfree(larval); | ||
103 | } | ||
104 | |||
105 | static struct crypto_alg *crypto_larval_alloc(const char *name, u32 type, | ||
106 | u32 mask) | ||
107 | { | ||
108 | struct crypto_alg *alg; | ||
109 | struct crypto_larval *larval; | ||
110 | |||
111 | larval = kzalloc(sizeof(*larval), GFP_KERNEL); | ||
112 | if (!larval) | ||
113 | return ERR_PTR(-ENOMEM); | ||
114 | |||
115 | larval->mask = mask; | ||
116 | larval->alg.cra_flags = CRYPTO_ALG_LARVAL | type; | ||
117 | larval->alg.cra_priority = -1; | ||
118 | larval->alg.cra_destroy = crypto_larval_destroy; | ||
119 | |||
120 | atomic_set(&larval->alg.cra_refcnt, 2); | ||
121 | strlcpy(larval->alg.cra_name, name, CRYPTO_MAX_ALG_NAME); | ||
122 | init_completion(&larval->completion); | ||
123 | |||
124 | down_write(&crypto_alg_sem); | ||
125 | alg = __crypto_alg_lookup(name, type, mask); | ||
126 | if (!alg) { | ||
127 | alg = &larval->alg; | ||
128 | list_add(&alg->cra_list, &crypto_alg_list); | ||
129 | } | ||
130 | up_write(&crypto_alg_sem); | ||
131 | |||
132 | if (alg != &larval->alg) | ||
133 | kfree(larval); | ||
134 | |||
135 | return alg; | ||
136 | } | ||
137 | |||
138 | static void crypto_larval_kill(struct crypto_alg *alg) | ||
139 | { | ||
140 | struct crypto_larval *larval = (void *)alg; | ||
141 | |||
142 | down_write(&crypto_alg_sem); | ||
143 | list_del(&alg->cra_list); | ||
144 | up_write(&crypto_alg_sem); | ||
145 | complete(&larval->completion); | ||
146 | crypto_alg_put(alg); | ||
147 | } | ||
148 | |||
149 | static struct crypto_alg *crypto_larval_wait(struct crypto_alg *alg) | ||
150 | { | ||
151 | struct crypto_larval *larval = (void *)alg; | ||
152 | |||
153 | wait_for_completion_interruptible_timeout(&larval->completion, 60 * HZ); | ||
154 | alg = larval->adult; | ||
155 | if (alg) { | ||
156 | if (!crypto_mod_get(alg)) | ||
157 | alg = ERR_PTR(-EAGAIN); | ||
158 | } else | ||
159 | alg = ERR_PTR(-ENOENT); | ||
160 | crypto_mod_put(&larval->alg); | ||
161 | |||
162 | return alg; | ||
163 | } | ||
164 | |||
165 | static struct crypto_alg *crypto_alg_lookup(const char *name, u32 type, | ||
166 | u32 mask) | ||
167 | { | ||
168 | struct crypto_alg *alg; | ||
169 | |||
170 | down_read(&crypto_alg_sem); | ||
171 | alg = __crypto_alg_lookup(name, type, mask); | ||
72 | up_read(&crypto_alg_sem); | 172 | up_read(&crypto_alg_sem); |
173 | |||
73 | return alg; | 174 | return alg; |
74 | } | 175 | } |
75 | 176 | ||
76 | /* A far more intelligent version of this is planned. For now, just | 177 | struct crypto_alg *crypto_alg_mod_lookup(const char *name, u32 type, u32 mask) |
77 | * try an exact match on the name of the algorithm. */ | ||
78 | static inline struct crypto_alg *crypto_alg_mod_lookup(const char *name) | ||
79 | { | 178 | { |
80 | return try_then_request_module(crypto_alg_lookup(name), name); | 179 | struct crypto_alg *alg; |
180 | struct crypto_alg *larval; | ||
181 | int ok; | ||
182 | |||
183 | if (!name) | ||
184 | return ERR_PTR(-ENOENT); | ||
185 | |||
186 | mask &= ~(CRYPTO_ALG_LARVAL | CRYPTO_ALG_DEAD); | ||
187 | type &= mask; | ||
188 | |||
189 | alg = try_then_request_module(crypto_alg_lookup(name, type, mask), | ||
190 | name); | ||
191 | if (alg) | ||
192 | return crypto_is_larval(alg) ? crypto_larval_wait(alg) : alg; | ||
193 | |||
194 | larval = crypto_larval_alloc(name, type, mask); | ||
195 | if (IS_ERR(larval) || !crypto_is_larval(larval)) | ||
196 | return larval; | ||
197 | |||
198 | ok = crypto_notify(CRYPTO_MSG_ALG_REQUEST, larval); | ||
199 | if (ok == NOTIFY_DONE) { | ||
200 | request_module("cryptomgr"); | ||
201 | ok = crypto_notify(CRYPTO_MSG_ALG_REQUEST, larval); | ||
202 | } | ||
203 | |||
204 | if (ok == NOTIFY_STOP) | ||
205 | alg = crypto_larval_wait(larval); | ||
206 | else { | ||
207 | crypto_mod_put(larval); | ||
208 | alg = ERR_PTR(-ENOENT); | ||
209 | } | ||
210 | crypto_larval_kill(larval); | ||
211 | return alg; | ||
81 | } | 212 | } |
213 | EXPORT_SYMBOL_GPL(crypto_alg_mod_lookup); | ||
82 | 214 | ||
83 | static int crypto_init_flags(struct crypto_tfm *tfm, u32 flags) | 215 | static int crypto_init_flags(struct crypto_tfm *tfm, u32 flags) |
84 | { | 216 | { |
@@ -94,17 +226,18 @@ static int crypto_init_flags(struct crypto_tfm *tfm, u32 flags) | |||
94 | 226 | ||
95 | case CRYPTO_ALG_TYPE_COMPRESS: | 227 | case CRYPTO_ALG_TYPE_COMPRESS: |
96 | return crypto_init_compress_flags(tfm, flags); | 228 | return crypto_init_compress_flags(tfm, flags); |
97 | |||
98 | default: | ||
99 | break; | ||
100 | } | 229 | } |
101 | 230 | ||
102 | BUG(); | 231 | return 0; |
103 | return -EINVAL; | ||
104 | } | 232 | } |
105 | 233 | ||
106 | static int crypto_init_ops(struct crypto_tfm *tfm) | 234 | static int crypto_init_ops(struct crypto_tfm *tfm) |
107 | { | 235 | { |
236 | const struct crypto_type *type = tfm->__crt_alg->cra_type; | ||
237 | |||
238 | if (type) | ||
239 | return type->init(tfm); | ||
240 | |||
108 | switch (crypto_tfm_alg_type(tfm)) { | 241 | switch (crypto_tfm_alg_type(tfm)) { |
109 | case CRYPTO_ALG_TYPE_CIPHER: | 242 | case CRYPTO_ALG_TYPE_CIPHER: |
110 | return crypto_init_cipher_ops(tfm); | 243 | return crypto_init_cipher_ops(tfm); |
@@ -125,6 +258,14 @@ static int crypto_init_ops(struct crypto_tfm *tfm) | |||
125 | 258 | ||
126 | static void crypto_exit_ops(struct crypto_tfm *tfm) | 259 | static void crypto_exit_ops(struct crypto_tfm *tfm) |
127 | { | 260 | { |
261 | const struct crypto_type *type = tfm->__crt_alg->cra_type; | ||
262 | |||
263 | if (type) { | ||
264 | if (type->exit) | ||
265 | type->exit(tfm); | ||
266 | return; | ||
267 | } | ||
268 | |||
128 | switch (crypto_tfm_alg_type(tfm)) { | 269 | switch (crypto_tfm_alg_type(tfm)) { |
129 | case CRYPTO_ALG_TYPE_CIPHER: | 270 | case CRYPTO_ALG_TYPE_CIPHER: |
130 | crypto_exit_cipher_ops(tfm); | 271 | crypto_exit_cipher_ops(tfm); |
@@ -146,53 +287,67 @@ static void crypto_exit_ops(struct crypto_tfm *tfm) | |||
146 | 287 | ||
147 | static unsigned int crypto_ctxsize(struct crypto_alg *alg, int flags) | 288 | static unsigned int crypto_ctxsize(struct crypto_alg *alg, int flags) |
148 | { | 289 | { |
290 | const struct crypto_type *type = alg->cra_type; | ||
149 | unsigned int len; | 291 | unsigned int len; |
150 | 292 | ||
293 | len = alg->cra_alignmask & ~(crypto_tfm_ctx_alignment() - 1); | ||
294 | if (type) | ||
295 | return len + type->ctxsize(alg); | ||
296 | |||
151 | switch (alg->cra_flags & CRYPTO_ALG_TYPE_MASK) { | 297 | switch (alg->cra_flags & CRYPTO_ALG_TYPE_MASK) { |
152 | default: | 298 | default: |
153 | BUG(); | 299 | BUG(); |
154 | 300 | ||
155 | case CRYPTO_ALG_TYPE_CIPHER: | 301 | case CRYPTO_ALG_TYPE_CIPHER: |
156 | len = crypto_cipher_ctxsize(alg, flags); | 302 | len += crypto_cipher_ctxsize(alg, flags); |
157 | break; | 303 | break; |
158 | 304 | ||
159 | case CRYPTO_ALG_TYPE_DIGEST: | 305 | case CRYPTO_ALG_TYPE_DIGEST: |
160 | len = crypto_digest_ctxsize(alg, flags); | 306 | len += crypto_digest_ctxsize(alg, flags); |
161 | break; | 307 | break; |
162 | 308 | ||
163 | case CRYPTO_ALG_TYPE_COMPRESS: | 309 | case CRYPTO_ALG_TYPE_COMPRESS: |
164 | len = crypto_compress_ctxsize(alg, flags); | 310 | len += crypto_compress_ctxsize(alg, flags); |
165 | break; | 311 | break; |
166 | } | 312 | } |
167 | 313 | ||
168 | return len + (alg->cra_alignmask & ~(crypto_tfm_ctx_alignment() - 1)); | 314 | return len; |
169 | } | 315 | } |
170 | 316 | ||
171 | struct crypto_tfm *crypto_alloc_tfm(const char *name, u32 flags) | 317 | void crypto_shoot_alg(struct crypto_alg *alg) |
318 | { | ||
319 | down_write(&crypto_alg_sem); | ||
320 | alg->cra_flags |= CRYPTO_ALG_DYING; | ||
321 | up_write(&crypto_alg_sem); | ||
322 | } | ||
323 | EXPORT_SYMBOL_GPL(crypto_shoot_alg); | ||
324 | |||
325 | struct crypto_tfm *__crypto_alloc_tfm(struct crypto_alg *alg, u32 flags) | ||
172 | { | 326 | { |
173 | struct crypto_tfm *tfm = NULL; | 327 | struct crypto_tfm *tfm = NULL; |
174 | struct crypto_alg *alg; | ||
175 | unsigned int tfm_size; | 328 | unsigned int tfm_size; |
176 | 329 | int err = -ENOMEM; | |
177 | alg = crypto_alg_mod_lookup(name); | ||
178 | if (alg == NULL) | ||
179 | goto out; | ||
180 | 330 | ||
181 | tfm_size = sizeof(*tfm) + crypto_ctxsize(alg, flags); | 331 | tfm_size = sizeof(*tfm) + crypto_ctxsize(alg, flags); |
182 | tfm = kzalloc(tfm_size, GFP_KERNEL); | 332 | tfm = kzalloc(tfm_size, GFP_KERNEL); |
183 | if (tfm == NULL) | 333 | if (tfm == NULL) |
184 | goto out_put; | 334 | goto out; |
185 | 335 | ||
186 | tfm->__crt_alg = alg; | 336 | tfm->__crt_alg = alg; |
187 | 337 | ||
188 | if (crypto_init_flags(tfm, flags)) | 338 | err = crypto_init_flags(tfm, flags); |
339 | if (err) | ||
189 | goto out_free_tfm; | 340 | goto out_free_tfm; |
190 | 341 | ||
191 | if (crypto_init_ops(tfm)) | 342 | err = crypto_init_ops(tfm); |
343 | if (err) | ||
192 | goto out_free_tfm; | 344 | goto out_free_tfm; |
193 | 345 | ||
194 | if (alg->cra_init && alg->cra_init(tfm)) | 346 | if (alg->cra_init && (err = alg->cra_init(tfm))) { |
347 | if (err == -EAGAIN) | ||
348 | crypto_shoot_alg(alg); | ||
195 | goto cra_init_failed; | 349 | goto cra_init_failed; |
350 | } | ||
196 | 351 | ||
197 | goto out; | 352 | goto out; |
198 | 353 | ||
@@ -200,13 +355,97 @@ cra_init_failed: | |||
200 | crypto_exit_ops(tfm); | 355 | crypto_exit_ops(tfm); |
201 | out_free_tfm: | 356 | out_free_tfm: |
202 | kfree(tfm); | 357 | kfree(tfm); |
203 | tfm = NULL; | 358 | tfm = ERR_PTR(err); |
204 | out_put: | ||
205 | crypto_alg_put(alg); | ||
206 | out: | 359 | out: |
207 | return tfm; | 360 | return tfm; |
208 | } | 361 | } |
362 | EXPORT_SYMBOL_GPL(__crypto_alloc_tfm); | ||
363 | |||
364 | struct crypto_tfm *crypto_alloc_tfm(const char *name, u32 flags) | ||
365 | { | ||
366 | struct crypto_tfm *tfm = NULL; | ||
367 | int err; | ||
368 | |||
369 | do { | ||
370 | struct crypto_alg *alg; | ||
371 | |||
372 | alg = crypto_alg_mod_lookup(name, 0, CRYPTO_ALG_ASYNC); | ||
373 | err = PTR_ERR(alg); | ||
374 | if (IS_ERR(alg)) | ||
375 | continue; | ||
376 | |||
377 | tfm = __crypto_alloc_tfm(alg, flags); | ||
378 | err = 0; | ||
379 | if (IS_ERR(tfm)) { | ||
380 | crypto_mod_put(alg); | ||
381 | err = PTR_ERR(tfm); | ||
382 | tfm = NULL; | ||
383 | } | ||
384 | } while (err == -EAGAIN && !signal_pending(current)); | ||
385 | |||
386 | return tfm; | ||
387 | } | ||
388 | |||
389 | /* | ||
390 | * crypto_alloc_base - Locate algorithm and allocate transform | ||
391 | * @alg_name: Name of algorithm | ||
392 | * @type: Type of algorithm | ||
393 | * @mask: Mask for type comparison | ||
394 | * | ||
395 | * crypto_alloc_base() will first attempt to locate an already loaded | ||
396 | * algorithm. If that fails and the kernel supports dynamically loadable | ||
397 | * modules, it will then attempt to load a module of the same name or | ||
398 | * alias. If that fails it will send a query to any loaded crypto manager | ||
399 | * to construct an algorithm on the fly. A refcount is grabbed on the | ||
400 | * algorithm which is then associated with the new transform. | ||
401 | * | ||
402 | * The returned transform is of a non-determinate type. Most people | ||
403 | * should use one of the more specific allocation functions such as | ||
404 | * crypto_alloc_blkcipher. | ||
405 | * | ||
406 | * In case of error the return value is an error pointer. | ||
407 | */ | ||
408 | struct crypto_tfm *crypto_alloc_base(const char *alg_name, u32 type, u32 mask) | ||
409 | { | ||
410 | struct crypto_tfm *tfm; | ||
411 | int err; | ||
412 | |||
413 | for (;;) { | ||
414 | struct crypto_alg *alg; | ||
415 | |||
416 | alg = crypto_alg_mod_lookup(alg_name, type, mask); | ||
417 | err = PTR_ERR(alg); | ||
418 | tfm = ERR_PTR(err); | ||
419 | if (IS_ERR(alg)) | ||
420 | goto err; | ||
421 | |||
422 | tfm = __crypto_alloc_tfm(alg, 0); | ||
423 | if (!IS_ERR(tfm)) | ||
424 | break; | ||
425 | |||
426 | crypto_mod_put(alg); | ||
427 | err = PTR_ERR(tfm); | ||
209 | 428 | ||
429 | err: | ||
430 | if (err != -EAGAIN) | ||
431 | break; | ||
432 | if (signal_pending(current)) { | ||
433 | err = -EINTR; | ||
434 | break; | ||
435 | } | ||
436 | }; | ||
437 | |||
438 | return tfm; | ||
439 | } | ||
440 | EXPORT_SYMBOL_GPL(crypto_alloc_base); | ||
441 | |||
442 | /* | ||
443 | * crypto_free_tfm - Free crypto transform | ||
444 | * @tfm: Transform to free | ||
445 | * | ||
446 | * crypto_free_tfm() frees up the transform and any associated resources, | ||
447 | * then drops the refcount on the associated algorithm. | ||
448 | */ | ||
210 | void crypto_free_tfm(struct crypto_tfm *tfm) | 449 | void crypto_free_tfm(struct crypto_tfm *tfm) |
211 | { | 450 | { |
212 | struct crypto_alg *alg; | 451 | struct crypto_alg *alg; |
@@ -221,108 +460,39 @@ void crypto_free_tfm(struct crypto_tfm *tfm) | |||
221 | if (alg->cra_exit) | 460 | if (alg->cra_exit) |
222 | alg->cra_exit(tfm); | 461 | alg->cra_exit(tfm); |
223 | crypto_exit_ops(tfm); | 462 | crypto_exit_ops(tfm); |
224 | crypto_alg_put(alg); | 463 | crypto_mod_put(alg); |
225 | memset(tfm, 0, size); | 464 | memset(tfm, 0, size); |
226 | kfree(tfm); | 465 | kfree(tfm); |
227 | } | 466 | } |
228 | 467 | ||
229 | static inline int crypto_set_driver_name(struct crypto_alg *alg) | 468 | int crypto_alg_available(const char *name, u32 flags) |
230 | { | ||
231 | static const char suffix[] = "-generic"; | ||
232 | char *driver_name = alg->cra_driver_name; | ||
233 | int len; | ||
234 | |||
235 | if (*driver_name) | ||
236 | return 0; | ||
237 | |||
238 | len = strlcpy(driver_name, alg->cra_name, CRYPTO_MAX_ALG_NAME); | ||
239 | if (len + sizeof(suffix) > CRYPTO_MAX_ALG_NAME) | ||
240 | return -ENAMETOOLONG; | ||
241 | |||
242 | memcpy(driver_name + len, suffix, sizeof(suffix)); | ||
243 | return 0; | ||
244 | } | ||
245 | |||
246 | int crypto_register_alg(struct crypto_alg *alg) | ||
247 | { | 469 | { |
248 | int ret; | 470 | int ret = 0; |
249 | struct crypto_alg *q; | 471 | struct crypto_alg *alg = crypto_alg_mod_lookup(name, 0, |
250 | 472 | CRYPTO_ALG_ASYNC); | |
251 | if (alg->cra_alignmask & (alg->cra_alignmask + 1)) | ||
252 | return -EINVAL; | ||
253 | |||
254 | if (alg->cra_alignmask & alg->cra_blocksize) | ||
255 | return -EINVAL; | ||
256 | |||
257 | if (alg->cra_blocksize > PAGE_SIZE / 8) | ||
258 | return -EINVAL; | ||
259 | |||
260 | if (alg->cra_priority < 0) | ||
261 | return -EINVAL; | ||
262 | |||
263 | ret = crypto_set_driver_name(alg); | ||
264 | if (unlikely(ret)) | ||
265 | return ret; | ||
266 | |||
267 | down_write(&crypto_alg_sem); | ||
268 | 473 | ||
269 | list_for_each_entry(q, &crypto_alg_list, cra_list) { | 474 | if (!IS_ERR(alg)) { |
270 | if (q == alg) { | 475 | crypto_mod_put(alg); |
271 | ret = -EEXIST; | 476 | ret = 1; |
272 | goto out; | ||
273 | } | ||
274 | } | 477 | } |
275 | 478 | ||
276 | list_add(&alg->cra_list, &crypto_alg_list); | ||
277 | out: | ||
278 | up_write(&crypto_alg_sem); | ||
279 | return ret; | 479 | return ret; |
280 | } | 480 | } |
281 | 481 | ||
282 | int crypto_unregister_alg(struct crypto_alg *alg) | 482 | EXPORT_SYMBOL_GPL(crypto_alloc_tfm); |
283 | { | 483 | EXPORT_SYMBOL_GPL(crypto_free_tfm); |
284 | int ret = -ENOENT; | 484 | EXPORT_SYMBOL_GPL(crypto_alg_available); |
285 | struct crypto_alg *q; | ||
286 | |||
287 | BUG_ON(!alg->cra_module); | ||
288 | |||
289 | down_write(&crypto_alg_sem); | ||
290 | list_for_each_entry(q, &crypto_alg_list, cra_list) { | ||
291 | if (alg == q) { | ||
292 | list_del(&alg->cra_list); | ||
293 | ret = 0; | ||
294 | goto out; | ||
295 | } | ||
296 | } | ||
297 | out: | ||
298 | up_write(&crypto_alg_sem); | ||
299 | return ret; | ||
300 | } | ||
301 | 485 | ||
302 | int crypto_alg_available(const char *name, u32 flags) | 486 | int crypto_has_alg(const char *name, u32 type, u32 mask) |
303 | { | 487 | { |
304 | int ret = 0; | 488 | int ret = 0; |
305 | struct crypto_alg *alg = crypto_alg_mod_lookup(name); | 489 | struct crypto_alg *alg = crypto_alg_mod_lookup(name, type, mask); |
306 | 490 | ||
307 | if (alg) { | 491 | if (!IS_ERR(alg)) { |
308 | crypto_alg_put(alg); | 492 | crypto_mod_put(alg); |
309 | ret = 1; | 493 | ret = 1; |
310 | } | 494 | } |
311 | 495 | ||
312 | return ret; | 496 | return ret; |
313 | } | 497 | } |
314 | 498 | EXPORT_SYMBOL_GPL(crypto_has_alg); | |
315 | static int __init init_crypto(void) | ||
316 | { | ||
317 | printk(KERN_INFO "Initializing Cryptographic API\n"); | ||
318 | crypto_init_proc(); | ||
319 | return 0; | ||
320 | } | ||
321 | |||
322 | __initcall(init_crypto); | ||
323 | |||
324 | EXPORT_SYMBOL_GPL(crypto_register_alg); | ||
325 | EXPORT_SYMBOL_GPL(crypto_unregister_alg); | ||
326 | EXPORT_SYMBOL_GPL(crypto_alloc_tfm); | ||
327 | EXPORT_SYMBOL_GPL(crypto_free_tfm); | ||
328 | EXPORT_SYMBOL_GPL(crypto_alg_available); | ||
diff --git a/crypto/arc4.c b/crypto/arc4.c index 5edc6a65b987..8be47e13a9e3 100644 --- a/crypto/arc4.c +++ b/crypto/arc4.c | |||
@@ -25,7 +25,7 @@ struct arc4_ctx { | |||
25 | }; | 25 | }; |
26 | 26 | ||
27 | static int arc4_set_key(struct crypto_tfm *tfm, const u8 *in_key, | 27 | static int arc4_set_key(struct crypto_tfm *tfm, const u8 *in_key, |
28 | unsigned int key_len, u32 *flags) | 28 | unsigned int key_len) |
29 | { | 29 | { |
30 | struct arc4_ctx *ctx = crypto_tfm_ctx(tfm); | 30 | struct arc4_ctx *ctx = crypto_tfm_ctx(tfm); |
31 | int i, j = 0, k = 0; | 31 | int i, j = 0, k = 0; |
diff --git a/crypto/blkcipher.c b/crypto/blkcipher.c new file mode 100644 index 000000000000..034c939bf91a --- /dev/null +++ b/crypto/blkcipher.c | |||
@@ -0,0 +1,405 @@ | |||
1 | /* | ||
2 | * Block chaining cipher operations. | ||
3 | * | ||
4 | * Generic encrypt/decrypt wrapper for ciphers, handles operations across | ||
5 | * multiple page boundaries by using temporary blocks. In user context, | ||
6 | * the kernel is given a chance to schedule us once per page. | ||
7 | * | ||
8 | * Copyright (c) 2006 Herbert Xu <herbert@gondor.apana.org.au> | ||
9 | * | ||
10 | * This program is free software; you can redistribute it and/or modify it | ||
11 | * under the terms of the GNU General Public License as published by the Free | ||
12 | * Software Foundation; either version 2 of the License, or (at your option) | ||
13 | * any later version. | ||
14 | * | ||
15 | */ | ||
16 | |||
17 | #include <linux/crypto.h> | ||
18 | #include <linux/errno.h> | ||
19 | #include <linux/kernel.h> | ||
20 | #include <linux/io.h> | ||
21 | #include <linux/module.h> | ||
22 | #include <linux/scatterlist.h> | ||
23 | #include <linux/seq_file.h> | ||
24 | #include <linux/slab.h> | ||
25 | #include <linux/string.h> | ||
26 | |||
27 | #include "internal.h" | ||
28 | #include "scatterwalk.h" | ||
29 | |||
30 | enum { | ||
31 | BLKCIPHER_WALK_PHYS = 1 << 0, | ||
32 | BLKCIPHER_WALK_SLOW = 1 << 1, | ||
33 | BLKCIPHER_WALK_COPY = 1 << 2, | ||
34 | BLKCIPHER_WALK_DIFF = 1 << 3, | ||
35 | }; | ||
36 | |||
37 | static int blkcipher_walk_next(struct blkcipher_desc *desc, | ||
38 | struct blkcipher_walk *walk); | ||
39 | static int blkcipher_walk_first(struct blkcipher_desc *desc, | ||
40 | struct blkcipher_walk *walk); | ||
41 | |||
42 | static inline void blkcipher_map_src(struct blkcipher_walk *walk) | ||
43 | { | ||
44 | walk->src.virt.addr = scatterwalk_map(&walk->in, 0); | ||
45 | } | ||
46 | |||
47 | static inline void blkcipher_map_dst(struct blkcipher_walk *walk) | ||
48 | { | ||
49 | walk->dst.virt.addr = scatterwalk_map(&walk->out, 1); | ||
50 | } | ||
51 | |||
52 | static inline void blkcipher_unmap_src(struct blkcipher_walk *walk) | ||
53 | { | ||
54 | scatterwalk_unmap(walk->src.virt.addr, 0); | ||
55 | } | ||
56 | |||
57 | static inline void blkcipher_unmap_dst(struct blkcipher_walk *walk) | ||
58 | { | ||
59 | scatterwalk_unmap(walk->dst.virt.addr, 1); | ||
60 | } | ||
61 | |||
62 | static inline u8 *blkcipher_get_spot(u8 *start, unsigned int len) | ||
63 | { | ||
64 | if (offset_in_page(start + len) < len) | ||
65 | return (u8 *)((unsigned long)(start + len) & PAGE_MASK); | ||
66 | return start; | ||
67 | } | ||
68 | |||
69 | static inline unsigned int blkcipher_done_slow(struct crypto_blkcipher *tfm, | ||
70 | struct blkcipher_walk *walk, | ||
71 | unsigned int bsize) | ||
72 | { | ||
73 | u8 *addr; | ||
74 | unsigned int alignmask = crypto_blkcipher_alignmask(tfm); | ||
75 | |||
76 | addr = (u8 *)ALIGN((unsigned long)walk->buffer, alignmask + 1); | ||
77 | addr = blkcipher_get_spot(addr, bsize); | ||
78 | scatterwalk_copychunks(addr, &walk->out, bsize, 1); | ||
79 | return bsize; | ||
80 | } | ||
81 | |||
82 | static inline unsigned int blkcipher_done_fast(struct blkcipher_walk *walk, | ||
83 | unsigned int n) | ||
84 | { | ||
85 | n = walk->nbytes - n; | ||
86 | |||
87 | if (walk->flags & BLKCIPHER_WALK_COPY) { | ||
88 | blkcipher_map_dst(walk); | ||
89 | memcpy(walk->dst.virt.addr, walk->page, n); | ||
90 | blkcipher_unmap_dst(walk); | ||
91 | } else if (!(walk->flags & BLKCIPHER_WALK_PHYS)) { | ||
92 | blkcipher_unmap_src(walk); | ||
93 | if (walk->flags & BLKCIPHER_WALK_DIFF) | ||
94 | blkcipher_unmap_dst(walk); | ||
95 | } | ||
96 | |||
97 | scatterwalk_advance(&walk->in, n); | ||
98 | scatterwalk_advance(&walk->out, n); | ||
99 | |||
100 | return n; | ||
101 | } | ||
102 | |||
103 | int blkcipher_walk_done(struct blkcipher_desc *desc, | ||
104 | struct blkcipher_walk *walk, int err) | ||
105 | { | ||
106 | struct crypto_blkcipher *tfm = desc->tfm; | ||
107 | unsigned int nbytes = 0; | ||
108 | |||
109 | if (likely(err >= 0)) { | ||
110 | unsigned int bsize = crypto_blkcipher_blocksize(tfm); | ||
111 | unsigned int n; | ||
112 | |||
113 | if (likely(!(walk->flags & BLKCIPHER_WALK_SLOW))) | ||
114 | n = blkcipher_done_fast(walk, err); | ||
115 | else | ||
116 | n = blkcipher_done_slow(tfm, walk, bsize); | ||
117 | |||
118 | nbytes = walk->total - n; | ||
119 | err = 0; | ||
120 | } | ||
121 | |||
122 | scatterwalk_done(&walk->in, 0, nbytes); | ||
123 | scatterwalk_done(&walk->out, 1, nbytes); | ||
124 | |||
125 | walk->total = nbytes; | ||
126 | walk->nbytes = nbytes; | ||
127 | |||
128 | if (nbytes) { | ||
129 | crypto_yield(desc->flags); | ||
130 | return blkcipher_walk_next(desc, walk); | ||
131 | } | ||
132 | |||
133 | if (walk->iv != desc->info) | ||
134 | memcpy(desc->info, walk->iv, crypto_blkcipher_ivsize(tfm)); | ||
135 | if (walk->buffer != walk->page) | ||
136 | kfree(walk->buffer); | ||
137 | if (walk->page) | ||
138 | free_page((unsigned long)walk->page); | ||
139 | |||
140 | return err; | ||
141 | } | ||
142 | EXPORT_SYMBOL_GPL(blkcipher_walk_done); | ||
143 | |||
144 | static inline int blkcipher_next_slow(struct blkcipher_desc *desc, | ||
145 | struct blkcipher_walk *walk, | ||
146 | unsigned int bsize, | ||
147 | unsigned int alignmask) | ||
148 | { | ||
149 | unsigned int n; | ||
150 | |||
151 | if (walk->buffer) | ||
152 | goto ok; | ||
153 | |||
154 | walk->buffer = walk->page; | ||
155 | if (walk->buffer) | ||
156 | goto ok; | ||
157 | |||
158 | n = bsize * 2 + (alignmask & ~(crypto_tfm_ctx_alignment() - 1)); | ||
159 | walk->buffer = kmalloc(n, GFP_ATOMIC); | ||
160 | if (!walk->buffer) | ||
161 | return blkcipher_walk_done(desc, walk, -ENOMEM); | ||
162 | |||
163 | ok: | ||
164 | walk->dst.virt.addr = (u8 *)ALIGN((unsigned long)walk->buffer, | ||
165 | alignmask + 1); | ||
166 | walk->dst.virt.addr = blkcipher_get_spot(walk->dst.virt.addr, bsize); | ||
167 | walk->src.virt.addr = blkcipher_get_spot(walk->dst.virt.addr + bsize, | ||
168 | bsize); | ||
169 | |||
170 | scatterwalk_copychunks(walk->src.virt.addr, &walk->in, bsize, 0); | ||
171 | |||
172 | walk->nbytes = bsize; | ||
173 | walk->flags |= BLKCIPHER_WALK_SLOW; | ||
174 | |||
175 | return 0; | ||
176 | } | ||
177 | |||
178 | static inline int blkcipher_next_copy(struct blkcipher_walk *walk) | ||
179 | { | ||
180 | u8 *tmp = walk->page; | ||
181 | |||
182 | blkcipher_map_src(walk); | ||
183 | memcpy(tmp, walk->src.virt.addr, walk->nbytes); | ||
184 | blkcipher_unmap_src(walk); | ||
185 | |||
186 | walk->src.virt.addr = tmp; | ||
187 | walk->dst.virt.addr = tmp; | ||
188 | |||
189 | return 0; | ||
190 | } | ||
191 | |||
192 | static inline int blkcipher_next_fast(struct blkcipher_desc *desc, | ||
193 | struct blkcipher_walk *walk) | ||
194 | { | ||
195 | unsigned long diff; | ||
196 | |||
197 | walk->src.phys.page = scatterwalk_page(&walk->in); | ||
198 | walk->src.phys.offset = offset_in_page(walk->in.offset); | ||
199 | walk->dst.phys.page = scatterwalk_page(&walk->out); | ||
200 | walk->dst.phys.offset = offset_in_page(walk->out.offset); | ||
201 | |||
202 | if (walk->flags & BLKCIPHER_WALK_PHYS) | ||
203 | return 0; | ||
204 | |||
205 | diff = walk->src.phys.offset - walk->dst.phys.offset; | ||
206 | diff |= walk->src.virt.page - walk->dst.virt.page; | ||
207 | |||
208 | blkcipher_map_src(walk); | ||
209 | walk->dst.virt.addr = walk->src.virt.addr; | ||
210 | |||
211 | if (diff) { | ||
212 | walk->flags |= BLKCIPHER_WALK_DIFF; | ||
213 | blkcipher_map_dst(walk); | ||
214 | } | ||
215 | |||
216 | return 0; | ||
217 | } | ||
218 | |||
219 | static int blkcipher_walk_next(struct blkcipher_desc *desc, | ||
220 | struct blkcipher_walk *walk) | ||
221 | { | ||
222 | struct crypto_blkcipher *tfm = desc->tfm; | ||
223 | unsigned int alignmask = crypto_blkcipher_alignmask(tfm); | ||
224 | unsigned int bsize = crypto_blkcipher_blocksize(tfm); | ||
225 | unsigned int n; | ||
226 | int err; | ||
227 | |||
228 | n = walk->total; | ||
229 | if (unlikely(n < bsize)) { | ||
230 | desc->flags |= CRYPTO_TFM_RES_BAD_BLOCK_LEN; | ||
231 | return blkcipher_walk_done(desc, walk, -EINVAL); | ||
232 | } | ||
233 | |||
234 | walk->flags &= ~(BLKCIPHER_WALK_SLOW | BLKCIPHER_WALK_COPY | | ||
235 | BLKCIPHER_WALK_DIFF); | ||
236 | if (!scatterwalk_aligned(&walk->in, alignmask) || | ||
237 | !scatterwalk_aligned(&walk->out, alignmask)) { | ||
238 | walk->flags |= BLKCIPHER_WALK_COPY; | ||
239 | if (!walk->page) { | ||
240 | walk->page = (void *)__get_free_page(GFP_ATOMIC); | ||
241 | if (!walk->page) | ||
242 | n = 0; | ||
243 | } | ||
244 | } | ||
245 | |||
246 | n = scatterwalk_clamp(&walk->in, n); | ||
247 | n = scatterwalk_clamp(&walk->out, n); | ||
248 | |||
249 | if (unlikely(n < bsize)) { | ||
250 | err = blkcipher_next_slow(desc, walk, bsize, alignmask); | ||
251 | goto set_phys_lowmem; | ||
252 | } | ||
253 | |||
254 | walk->nbytes = n; | ||
255 | if (walk->flags & BLKCIPHER_WALK_COPY) { | ||
256 | err = blkcipher_next_copy(walk); | ||
257 | goto set_phys_lowmem; | ||
258 | } | ||
259 | |||
260 | return blkcipher_next_fast(desc, walk); | ||
261 | |||
262 | set_phys_lowmem: | ||
263 | if (walk->flags & BLKCIPHER_WALK_PHYS) { | ||
264 | walk->src.phys.page = virt_to_page(walk->src.virt.addr); | ||
265 | walk->dst.phys.page = virt_to_page(walk->dst.virt.addr); | ||
266 | walk->src.phys.offset &= PAGE_SIZE - 1; | ||
267 | walk->dst.phys.offset &= PAGE_SIZE - 1; | ||
268 | } | ||
269 | return err; | ||
270 | } | ||
271 | |||
272 | static inline int blkcipher_copy_iv(struct blkcipher_walk *walk, | ||
273 | struct crypto_blkcipher *tfm, | ||
274 | unsigned int alignmask) | ||
275 | { | ||
276 | unsigned bs = crypto_blkcipher_blocksize(tfm); | ||
277 | unsigned int ivsize = crypto_blkcipher_ivsize(tfm); | ||
278 | unsigned int size = bs * 2 + ivsize + max(bs, ivsize) - (alignmask + 1); | ||
279 | u8 *iv; | ||
280 | |||
281 | size += alignmask & ~(crypto_tfm_ctx_alignment() - 1); | ||
282 | walk->buffer = kmalloc(size, GFP_ATOMIC); | ||
283 | if (!walk->buffer) | ||
284 | return -ENOMEM; | ||
285 | |||
286 | iv = (u8 *)ALIGN((unsigned long)walk->buffer, alignmask + 1); | ||
287 | iv = blkcipher_get_spot(iv, bs) + bs; | ||
288 | iv = blkcipher_get_spot(iv, bs) + bs; | ||
289 | iv = blkcipher_get_spot(iv, ivsize); | ||
290 | |||
291 | walk->iv = memcpy(iv, walk->iv, ivsize); | ||
292 | return 0; | ||
293 | } | ||
294 | |||
295 | int blkcipher_walk_virt(struct blkcipher_desc *desc, | ||
296 | struct blkcipher_walk *walk) | ||
297 | { | ||
298 | walk->flags &= ~BLKCIPHER_WALK_PHYS; | ||
299 | return blkcipher_walk_first(desc, walk); | ||
300 | } | ||
301 | EXPORT_SYMBOL_GPL(blkcipher_walk_virt); | ||
302 | |||
303 | int blkcipher_walk_phys(struct blkcipher_desc *desc, | ||
304 | struct blkcipher_walk *walk) | ||
305 | { | ||
306 | walk->flags |= BLKCIPHER_WALK_PHYS; | ||
307 | return blkcipher_walk_first(desc, walk); | ||
308 | } | ||
309 | EXPORT_SYMBOL_GPL(blkcipher_walk_phys); | ||
310 | |||
311 | static int blkcipher_walk_first(struct blkcipher_desc *desc, | ||
312 | struct blkcipher_walk *walk) | ||
313 | { | ||
314 | struct crypto_blkcipher *tfm = desc->tfm; | ||
315 | unsigned int alignmask = crypto_blkcipher_alignmask(tfm); | ||
316 | |||
317 | walk->nbytes = walk->total; | ||
318 | if (unlikely(!walk->total)) | ||
319 | return 0; | ||
320 | |||
321 | walk->buffer = NULL; | ||
322 | walk->iv = desc->info; | ||
323 | if (unlikely(((unsigned long)walk->iv & alignmask))) { | ||
324 | int err = blkcipher_copy_iv(walk, tfm, alignmask); | ||
325 | if (err) | ||
326 | return err; | ||
327 | } | ||
328 | |||
329 | scatterwalk_start(&walk->in, walk->in.sg); | ||
330 | scatterwalk_start(&walk->out, walk->out.sg); | ||
331 | walk->page = NULL; | ||
332 | |||
333 | return blkcipher_walk_next(desc, walk); | ||
334 | } | ||
335 | |||
336 | static int setkey(struct crypto_tfm *tfm, const u8 *key, | ||
337 | unsigned int keylen) | ||
338 | { | ||
339 | struct blkcipher_alg *cipher = &tfm->__crt_alg->cra_blkcipher; | ||
340 | |||
341 | if (keylen < cipher->min_keysize || keylen > cipher->max_keysize) { | ||
342 | tfm->crt_flags |= CRYPTO_TFM_RES_BAD_KEY_LEN; | ||
343 | return -EINVAL; | ||
344 | } | ||
345 | |||
346 | return cipher->setkey(tfm, key, keylen); | ||
347 | } | ||
348 | |||
349 | static unsigned int crypto_blkcipher_ctxsize(struct crypto_alg *alg) | ||
350 | { | ||
351 | struct blkcipher_alg *cipher = &alg->cra_blkcipher; | ||
352 | unsigned int len = alg->cra_ctxsize; | ||
353 | |||
354 | if (cipher->ivsize) { | ||
355 | len = ALIGN(len, (unsigned long)alg->cra_alignmask + 1); | ||
356 | len += cipher->ivsize; | ||
357 | } | ||
358 | |||
359 | return len; | ||
360 | } | ||
361 | |||
362 | static int crypto_init_blkcipher_ops(struct crypto_tfm *tfm) | ||
363 | { | ||
364 | struct blkcipher_tfm *crt = &tfm->crt_blkcipher; | ||
365 | struct blkcipher_alg *alg = &tfm->__crt_alg->cra_blkcipher; | ||
366 | unsigned long align = crypto_tfm_alg_alignmask(tfm) + 1; | ||
367 | unsigned long addr; | ||
368 | |||
369 | if (alg->ivsize > PAGE_SIZE / 8) | ||
370 | return -EINVAL; | ||
371 | |||
372 | crt->setkey = setkey; | ||
373 | crt->encrypt = alg->encrypt; | ||
374 | crt->decrypt = alg->decrypt; | ||
375 | |||
376 | addr = (unsigned long)crypto_tfm_ctx(tfm); | ||
377 | addr = ALIGN(addr, align); | ||
378 | addr += ALIGN(tfm->__crt_alg->cra_ctxsize, align); | ||
379 | crt->iv = (void *)addr; | ||
380 | |||
381 | return 0; | ||
382 | } | ||
383 | |||
384 | static void crypto_blkcipher_show(struct seq_file *m, struct crypto_alg *alg) | ||
385 | __attribute_used__; | ||
386 | static void crypto_blkcipher_show(struct seq_file *m, struct crypto_alg *alg) | ||
387 | { | ||
388 | seq_printf(m, "type : blkcipher\n"); | ||
389 | seq_printf(m, "blocksize : %u\n", alg->cra_blocksize); | ||
390 | seq_printf(m, "min keysize : %u\n", alg->cra_blkcipher.min_keysize); | ||
391 | seq_printf(m, "max keysize : %u\n", alg->cra_blkcipher.max_keysize); | ||
392 | seq_printf(m, "ivsize : %u\n", alg->cra_blkcipher.ivsize); | ||
393 | } | ||
394 | |||
395 | const struct crypto_type crypto_blkcipher_type = { | ||
396 | .ctxsize = crypto_blkcipher_ctxsize, | ||
397 | .init = crypto_init_blkcipher_ops, | ||
398 | #ifdef CONFIG_PROC_FS | ||
399 | .show = crypto_blkcipher_show, | ||
400 | #endif | ||
401 | }; | ||
402 | EXPORT_SYMBOL_GPL(crypto_blkcipher_type); | ||
403 | |||
404 | MODULE_LICENSE("GPL"); | ||
405 | MODULE_DESCRIPTION("Generic block chaining cipher type"); | ||
diff --git a/crypto/blowfish.c b/crypto/blowfish.c index 490265f42b3b..55238c4e37f0 100644 --- a/crypto/blowfish.c +++ b/crypto/blowfish.c | |||
@@ -399,8 +399,7 @@ static void bf_decrypt(struct crypto_tfm *tfm, u8 *dst, const u8 *src) | |||
399 | /* | 399 | /* |
400 | * Calculates the blowfish S and P boxes for encryption and decryption. | 400 | * Calculates the blowfish S and P boxes for encryption and decryption. |
401 | */ | 401 | */ |
402 | static int bf_setkey(struct crypto_tfm *tfm, const u8 *key, | 402 | static int bf_setkey(struct crypto_tfm *tfm, const u8 *key, unsigned int keylen) |
403 | unsigned int keylen, u32 *flags) | ||
404 | { | 403 | { |
405 | struct bf_ctx *ctx = crypto_tfm_ctx(tfm); | 404 | struct bf_ctx *ctx = crypto_tfm_ctx(tfm); |
406 | u32 *P = ctx->p; | 405 | u32 *P = ctx->p; |
diff --git a/crypto/cast5.c b/crypto/cast5.c index 08eef58c1d3d..13ea60abc19a 100644 --- a/crypto/cast5.c +++ b/crypto/cast5.c | |||
@@ -769,8 +769,7 @@ static void key_schedule(u32 * x, u32 * z, u32 * k) | |||
769 | } | 769 | } |
770 | 770 | ||
771 | 771 | ||
772 | static int cast5_setkey(struct crypto_tfm *tfm, const u8 *key, | 772 | static int cast5_setkey(struct crypto_tfm *tfm, const u8 *key, unsigned key_len) |
773 | unsigned key_len, u32 *flags) | ||
774 | { | 773 | { |
775 | struct cast5_ctx *c = crypto_tfm_ctx(tfm); | 774 | struct cast5_ctx *c = crypto_tfm_ctx(tfm); |
776 | int i; | 775 | int i; |
@@ -778,11 +777,6 @@ static int cast5_setkey(struct crypto_tfm *tfm, const u8 *key, | |||
778 | u32 z[4]; | 777 | u32 z[4]; |
779 | u32 k[16]; | 778 | u32 k[16]; |
780 | __be32 p_key[4]; | 779 | __be32 p_key[4]; |
781 | |||
782 | if (key_len < 5 || key_len > 16) { | ||
783 | *flags |= CRYPTO_TFM_RES_BAD_KEY_LEN; | ||
784 | return -EINVAL; | ||
785 | } | ||
786 | 780 | ||
787 | c->rr = key_len <= 10 ? 1 : 0; | 781 | c->rr = key_len <= 10 ? 1 : 0; |
788 | 782 | ||
diff --git a/crypto/cast6.c b/crypto/cast6.c index 08e33bfc3ad1..136ab6dfe8c5 100644 --- a/crypto/cast6.c +++ b/crypto/cast6.c | |||
@@ -382,14 +382,15 @@ static inline void W(u32 *key, unsigned int i) { | |||
382 | } | 382 | } |
383 | 383 | ||
384 | static int cast6_setkey(struct crypto_tfm *tfm, const u8 *in_key, | 384 | static int cast6_setkey(struct crypto_tfm *tfm, const u8 *in_key, |
385 | unsigned key_len, u32 *flags) | 385 | unsigned key_len) |
386 | { | 386 | { |
387 | int i; | 387 | int i; |
388 | u32 key[8]; | 388 | u32 key[8]; |
389 | __be32 p_key[8]; /* padded key */ | 389 | __be32 p_key[8]; /* padded key */ |
390 | struct cast6_ctx *c = crypto_tfm_ctx(tfm); | 390 | struct cast6_ctx *c = crypto_tfm_ctx(tfm); |
391 | u32 *flags = &tfm->crt_flags; | ||
391 | 392 | ||
392 | if (key_len < 16 || key_len > 32 || key_len % 4 != 0) { | 393 | if (key_len % 4 != 0) { |
393 | *flags |= CRYPTO_TFM_RES_BAD_KEY_LEN; | 394 | *flags |= CRYPTO_TFM_RES_BAD_KEY_LEN; |
394 | return -EINVAL; | 395 | return -EINVAL; |
395 | } | 396 | } |
diff --git a/crypto/cbc.c b/crypto/cbc.c new file mode 100644 index 000000000000..f5542b4db387 --- /dev/null +++ b/crypto/cbc.c | |||
@@ -0,0 +1,344 @@ | |||
1 | /* | ||
2 | * CBC: Cipher Block Chaining mode | ||
3 | * | ||
4 | * Copyright (c) 2006 Herbert Xu <herbert@gondor.apana.org.au> | ||
5 | * | ||
6 | * This program is free software; you can redistribute it and/or modify it | ||
7 | * under the terms of the GNU General Public License as published by the Free | ||
8 | * Software Foundation; either version 2 of the License, or (at your option) | ||
9 | * any later version. | ||
10 | * | ||
11 | */ | ||
12 | |||
13 | #include <crypto/algapi.h> | ||
14 | #include <linux/err.h> | ||
15 | #include <linux/init.h> | ||
16 | #include <linux/kernel.h> | ||
17 | #include <linux/module.h> | ||
18 | #include <linux/scatterlist.h> | ||
19 | #include <linux/slab.h> | ||
20 | |||
21 | struct crypto_cbc_ctx { | ||
22 | struct crypto_cipher *child; | ||
23 | void (*xor)(u8 *dst, const u8 *src, unsigned int bs); | ||
24 | }; | ||
25 | |||
26 | static int crypto_cbc_setkey(struct crypto_tfm *parent, const u8 *key, | ||
27 | unsigned int keylen) | ||
28 | { | ||
29 | struct crypto_cbc_ctx *ctx = crypto_tfm_ctx(parent); | ||
30 | struct crypto_cipher *child = ctx->child; | ||
31 | int err; | ||
32 | |||
33 | crypto_cipher_clear_flags(child, CRYPTO_TFM_REQ_MASK); | ||
34 | crypto_cipher_set_flags(child, crypto_tfm_get_flags(parent) & | ||
35 | CRYPTO_TFM_REQ_MASK); | ||
36 | err = crypto_cipher_setkey(child, key, keylen); | ||
37 | crypto_tfm_set_flags(parent, crypto_cipher_get_flags(child) & | ||
38 | CRYPTO_TFM_RES_MASK); | ||
39 | return err; | ||
40 | } | ||
41 | |||
42 | static int crypto_cbc_encrypt_segment(struct blkcipher_desc *desc, | ||
43 | struct blkcipher_walk *walk, | ||
44 | struct crypto_cipher *tfm, | ||
45 | void (*xor)(u8 *, const u8 *, | ||
46 | unsigned int)) | ||
47 | { | ||
48 | void (*fn)(struct crypto_tfm *, u8 *, const u8 *) = | ||
49 | crypto_cipher_alg(tfm)->cia_encrypt; | ||
50 | int bsize = crypto_cipher_blocksize(tfm); | ||
51 | unsigned int nbytes = walk->nbytes; | ||
52 | u8 *src = walk->src.virt.addr; | ||
53 | u8 *dst = walk->dst.virt.addr; | ||
54 | u8 *iv = walk->iv; | ||
55 | |||
56 | do { | ||
57 | xor(iv, src, bsize); | ||
58 | fn(crypto_cipher_tfm(tfm), dst, iv); | ||
59 | memcpy(iv, dst, bsize); | ||
60 | |||
61 | src += bsize; | ||
62 | dst += bsize; | ||
63 | } while ((nbytes -= bsize) >= bsize); | ||
64 | |||
65 | return nbytes; | ||
66 | } | ||
67 | |||
68 | static int crypto_cbc_encrypt_inplace(struct blkcipher_desc *desc, | ||
69 | struct blkcipher_walk *walk, | ||
70 | struct crypto_cipher *tfm, | ||
71 | void (*xor)(u8 *, const u8 *, | ||
72 | unsigned int)) | ||
73 | { | ||
74 | void (*fn)(struct crypto_tfm *, u8 *, const u8 *) = | ||
75 | crypto_cipher_alg(tfm)->cia_encrypt; | ||
76 | int bsize = crypto_cipher_blocksize(tfm); | ||
77 | unsigned int nbytes = walk->nbytes; | ||
78 | u8 *src = walk->src.virt.addr; | ||
79 | u8 *iv = walk->iv; | ||
80 | |||
81 | do { | ||
82 | xor(src, iv, bsize); | ||
83 | fn(crypto_cipher_tfm(tfm), src, src); | ||
84 | iv = src; | ||
85 | |||
86 | src += bsize; | ||
87 | } while ((nbytes -= bsize) >= bsize); | ||
88 | |||
89 | memcpy(walk->iv, iv, bsize); | ||
90 | |||
91 | return nbytes; | ||
92 | } | ||
93 | |||
94 | static int crypto_cbc_encrypt(struct blkcipher_desc *desc, | ||
95 | struct scatterlist *dst, struct scatterlist *src, | ||
96 | unsigned int nbytes) | ||
97 | { | ||
98 | struct blkcipher_walk walk; | ||
99 | struct crypto_blkcipher *tfm = desc->tfm; | ||
100 | struct crypto_cbc_ctx *ctx = crypto_blkcipher_ctx(tfm); | ||
101 | struct crypto_cipher *child = ctx->child; | ||
102 | void (*xor)(u8 *, const u8 *, unsigned int bs) = ctx->xor; | ||
103 | int err; | ||
104 | |||
105 | blkcipher_walk_init(&walk, dst, src, nbytes); | ||
106 | err = blkcipher_walk_virt(desc, &walk); | ||
107 | |||
108 | while ((nbytes = walk.nbytes)) { | ||
109 | if (walk.src.virt.addr == walk.dst.virt.addr) | ||
110 | nbytes = crypto_cbc_encrypt_inplace(desc, &walk, child, | ||
111 | xor); | ||
112 | else | ||
113 | nbytes = crypto_cbc_encrypt_segment(desc, &walk, child, | ||
114 | xor); | ||
115 | err = blkcipher_walk_done(desc, &walk, nbytes); | ||
116 | } | ||
117 | |||
118 | return err; | ||
119 | } | ||
120 | |||
121 | static int crypto_cbc_decrypt_segment(struct blkcipher_desc *desc, | ||
122 | struct blkcipher_walk *walk, | ||
123 | struct crypto_cipher *tfm, | ||
124 | void (*xor)(u8 *, const u8 *, | ||
125 | unsigned int)) | ||
126 | { | ||
127 | void (*fn)(struct crypto_tfm *, u8 *, const u8 *) = | ||
128 | crypto_cipher_alg(tfm)->cia_decrypt; | ||
129 | int bsize = crypto_cipher_blocksize(tfm); | ||
130 | unsigned int nbytes = walk->nbytes; | ||
131 | u8 *src = walk->src.virt.addr; | ||
132 | u8 *dst = walk->dst.virt.addr; | ||
133 | u8 *iv = walk->iv; | ||
134 | |||
135 | do { | ||
136 | fn(crypto_cipher_tfm(tfm), dst, src); | ||
137 | xor(dst, iv, bsize); | ||
138 | iv = src; | ||
139 | |||
140 | src += bsize; | ||
141 | dst += bsize; | ||
142 | } while ((nbytes -= bsize) >= bsize); | ||
143 | |||
144 | memcpy(walk->iv, iv, bsize); | ||
145 | |||
146 | return nbytes; | ||
147 | } | ||
148 | |||
149 | static int crypto_cbc_decrypt_inplace(struct blkcipher_desc *desc, | ||
150 | struct blkcipher_walk *walk, | ||
151 | struct crypto_cipher *tfm, | ||
152 | void (*xor)(u8 *, const u8 *, | ||
153 | unsigned int)) | ||
154 | { | ||
155 | void (*fn)(struct crypto_tfm *, u8 *, const u8 *) = | ||
156 | crypto_cipher_alg(tfm)->cia_decrypt; | ||
157 | int bsize = crypto_cipher_blocksize(tfm); | ||
158 | unsigned long alignmask = crypto_cipher_alignmask(tfm); | ||
159 | unsigned int nbytes = walk->nbytes; | ||
160 | u8 *src = walk->src.virt.addr; | ||
161 | u8 stack[bsize + alignmask]; | ||
162 | u8 *first_iv = (u8 *)ALIGN((unsigned long)stack, alignmask + 1); | ||
163 | |||
164 | memcpy(first_iv, walk->iv, bsize); | ||
165 | |||
166 | /* Start of the last block. */ | ||
167 | src += nbytes - nbytes % bsize - bsize; | ||
168 | memcpy(walk->iv, src, bsize); | ||
169 | |||
170 | for (;;) { | ||
171 | fn(crypto_cipher_tfm(tfm), src, src); | ||
172 | if ((nbytes -= bsize) < bsize) | ||
173 | break; | ||
174 | xor(src, src - bsize, bsize); | ||
175 | src -= bsize; | ||
176 | } | ||
177 | |||
178 | xor(src, first_iv, bsize); | ||
179 | |||
180 | return nbytes; | ||
181 | } | ||
182 | |||
183 | static int crypto_cbc_decrypt(struct blkcipher_desc *desc, | ||
184 | struct scatterlist *dst, struct scatterlist *src, | ||
185 | unsigned int nbytes) | ||
186 | { | ||
187 | struct blkcipher_walk walk; | ||
188 | struct crypto_blkcipher *tfm = desc->tfm; | ||
189 | struct crypto_cbc_ctx *ctx = crypto_blkcipher_ctx(tfm); | ||
190 | struct crypto_cipher *child = ctx->child; | ||
191 | void (*xor)(u8 *, const u8 *, unsigned int bs) = ctx->xor; | ||
192 | int err; | ||
193 | |||
194 | blkcipher_walk_init(&walk, dst, src, nbytes); | ||
195 | err = blkcipher_walk_virt(desc, &walk); | ||
196 | |||
197 | while ((nbytes = walk.nbytes)) { | ||
198 | if (walk.src.virt.addr == walk.dst.virt.addr) | ||
199 | nbytes = crypto_cbc_decrypt_inplace(desc, &walk, child, | ||
200 | xor); | ||
201 | else | ||
202 | nbytes = crypto_cbc_decrypt_segment(desc, &walk, child, | ||
203 | xor); | ||
204 | err = blkcipher_walk_done(desc, &walk, nbytes); | ||
205 | } | ||
206 | |||
207 | return err; | ||
208 | } | ||
209 | |||
210 | static void xor_byte(u8 *a, const u8 *b, unsigned int bs) | ||
211 | { | ||
212 | do { | ||
213 | *a++ ^= *b++; | ||
214 | } while (--bs); | ||
215 | } | ||
216 | |||
217 | static void xor_quad(u8 *dst, const u8 *src, unsigned int bs) | ||
218 | { | ||
219 | u32 *a = (u32 *)dst; | ||
220 | u32 *b = (u32 *)src; | ||
221 | |||
222 | do { | ||
223 | *a++ ^= *b++; | ||
224 | } while ((bs -= 4)); | ||
225 | } | ||
226 | |||
227 | static void xor_64(u8 *a, const u8 *b, unsigned int bs) | ||
228 | { | ||
229 | ((u32 *)a)[0] ^= ((u32 *)b)[0]; | ||
230 | ((u32 *)a)[1] ^= ((u32 *)b)[1]; | ||
231 | } | ||
232 | |||
233 | static void xor_128(u8 *a, const u8 *b, unsigned int bs) | ||
234 | { | ||
235 | ((u32 *)a)[0] ^= ((u32 *)b)[0]; | ||
236 | ((u32 *)a)[1] ^= ((u32 *)b)[1]; | ||
237 | ((u32 *)a)[2] ^= ((u32 *)b)[2]; | ||
238 | ((u32 *)a)[3] ^= ((u32 *)b)[3]; | ||
239 | } | ||
240 | |||
241 | static int crypto_cbc_init_tfm(struct crypto_tfm *tfm) | ||
242 | { | ||
243 | struct crypto_instance *inst = (void *)tfm->__crt_alg; | ||
244 | struct crypto_spawn *spawn = crypto_instance_ctx(inst); | ||
245 | struct crypto_cbc_ctx *ctx = crypto_tfm_ctx(tfm); | ||
246 | |||
247 | switch (crypto_tfm_alg_blocksize(tfm)) { | ||
248 | case 8: | ||
249 | ctx->xor = xor_64; | ||
250 | break; | ||
251 | |||
252 | case 16: | ||
253 | ctx->xor = xor_128; | ||
254 | break; | ||
255 | |||
256 | default: | ||
257 | if (crypto_tfm_alg_blocksize(tfm) % 4) | ||
258 | ctx->xor = xor_byte; | ||
259 | else | ||
260 | ctx->xor = xor_quad; | ||
261 | } | ||
262 | |||
263 | tfm = crypto_spawn_tfm(spawn); | ||
264 | if (IS_ERR(tfm)) | ||
265 | return PTR_ERR(tfm); | ||
266 | |||
267 | ctx->child = crypto_cipher_cast(tfm); | ||
268 | return 0; | ||
269 | } | ||
270 | |||
271 | static void crypto_cbc_exit_tfm(struct crypto_tfm *tfm) | ||
272 | { | ||
273 | struct crypto_cbc_ctx *ctx = crypto_tfm_ctx(tfm); | ||
274 | crypto_free_cipher(ctx->child); | ||
275 | } | ||
276 | |||
277 | static struct crypto_instance *crypto_cbc_alloc(void *param, unsigned int len) | ||
278 | { | ||
279 | struct crypto_instance *inst; | ||
280 | struct crypto_alg *alg; | ||
281 | |||
282 | alg = crypto_get_attr_alg(param, len, CRYPTO_ALG_TYPE_CIPHER, | ||
283 | CRYPTO_ALG_TYPE_MASK | CRYPTO_ALG_ASYNC); | ||
284 | if (IS_ERR(alg)) | ||
285 | return ERR_PTR(PTR_ERR(alg)); | ||
286 | |||
287 | inst = crypto_alloc_instance("cbc", alg); | ||
288 | if (IS_ERR(inst)) | ||
289 | goto out_put_alg; | ||
290 | |||
291 | inst->alg.cra_flags = CRYPTO_ALG_TYPE_BLKCIPHER; | ||
292 | inst->alg.cra_priority = alg->cra_priority; | ||
293 | inst->alg.cra_blocksize = alg->cra_blocksize; | ||
294 | inst->alg.cra_alignmask = alg->cra_alignmask; | ||
295 | inst->alg.cra_type = &crypto_blkcipher_type; | ||
296 | |||
297 | if (!(alg->cra_blocksize % 4)) | ||
298 | inst->alg.cra_alignmask |= 3; | ||
299 | inst->alg.cra_blkcipher.ivsize = alg->cra_blocksize; | ||
300 | inst->alg.cra_blkcipher.min_keysize = alg->cra_cipher.cia_min_keysize; | ||
301 | inst->alg.cra_blkcipher.max_keysize = alg->cra_cipher.cia_max_keysize; | ||
302 | |||
303 | inst->alg.cra_ctxsize = sizeof(struct crypto_cbc_ctx); | ||
304 | |||
305 | inst->alg.cra_init = crypto_cbc_init_tfm; | ||
306 | inst->alg.cra_exit = crypto_cbc_exit_tfm; | ||
307 | |||
308 | inst->alg.cra_blkcipher.setkey = crypto_cbc_setkey; | ||
309 | inst->alg.cra_blkcipher.encrypt = crypto_cbc_encrypt; | ||
310 | inst->alg.cra_blkcipher.decrypt = crypto_cbc_decrypt; | ||
311 | |||
312 | out_put_alg: | ||
313 | crypto_mod_put(alg); | ||
314 | return inst; | ||
315 | } | ||
316 | |||
317 | static void crypto_cbc_free(struct crypto_instance *inst) | ||
318 | { | ||
319 | crypto_drop_spawn(crypto_instance_ctx(inst)); | ||
320 | kfree(inst); | ||
321 | } | ||
322 | |||
323 | static struct crypto_template crypto_cbc_tmpl = { | ||
324 | .name = "cbc", | ||
325 | .alloc = crypto_cbc_alloc, | ||
326 | .free = crypto_cbc_free, | ||
327 | .module = THIS_MODULE, | ||
328 | }; | ||
329 | |||
330 | static int __init crypto_cbc_module_init(void) | ||
331 | { | ||
332 | return crypto_register_template(&crypto_cbc_tmpl); | ||
333 | } | ||
334 | |||
335 | static void __exit crypto_cbc_module_exit(void) | ||
336 | { | ||
337 | crypto_unregister_template(&crypto_cbc_tmpl); | ||
338 | } | ||
339 | |||
340 | module_init(crypto_cbc_module_init); | ||
341 | module_exit(crypto_cbc_module_exit); | ||
342 | |||
343 | MODULE_LICENSE("GPL"); | ||
344 | MODULE_DESCRIPTION("CBC block cipher algorithm"); | ||
diff --git a/crypto/cipher.c b/crypto/cipher.c index b899eb97abd7..9e03701cfdcc 100644 --- a/crypto/cipher.c +++ b/crypto/cipher.c | |||
@@ -23,6 +23,28 @@ | |||
23 | #include "internal.h" | 23 | #include "internal.h" |
24 | #include "scatterwalk.h" | 24 | #include "scatterwalk.h" |
25 | 25 | ||
26 | struct cipher_alg_compat { | ||
27 | unsigned int cia_min_keysize; | ||
28 | unsigned int cia_max_keysize; | ||
29 | int (*cia_setkey)(struct crypto_tfm *tfm, const u8 *key, | ||
30 | unsigned int keylen); | ||
31 | void (*cia_encrypt)(struct crypto_tfm *tfm, u8 *dst, const u8 *src); | ||
32 | void (*cia_decrypt)(struct crypto_tfm *tfm, u8 *dst, const u8 *src); | ||
33 | |||
34 | unsigned int (*cia_encrypt_ecb)(const struct cipher_desc *desc, | ||
35 | u8 *dst, const u8 *src, | ||
36 | unsigned int nbytes); | ||
37 | unsigned int (*cia_decrypt_ecb)(const struct cipher_desc *desc, | ||
38 | u8 *dst, const u8 *src, | ||
39 | unsigned int nbytes); | ||
40 | unsigned int (*cia_encrypt_cbc)(const struct cipher_desc *desc, | ||
41 | u8 *dst, const u8 *src, | ||
42 | unsigned int nbytes); | ||
43 | unsigned int (*cia_decrypt_cbc)(const struct cipher_desc *desc, | ||
44 | u8 *dst, const u8 *src, | ||
45 | unsigned int nbytes); | ||
46 | }; | ||
47 | |||
26 | static inline void xor_64(u8 *a, const u8 *b) | 48 | static inline void xor_64(u8 *a, const u8 *b) |
27 | { | 49 | { |
28 | ((u32 *)a)[0] ^= ((u32 *)b)[0]; | 50 | ((u32 *)a)[0] ^= ((u32 *)b)[0]; |
@@ -45,15 +67,10 @@ static unsigned int crypt_slow(const struct cipher_desc *desc, | |||
45 | u8 buffer[bsize * 2 + alignmask]; | 67 | u8 buffer[bsize * 2 + alignmask]; |
46 | u8 *src = (u8 *)ALIGN((unsigned long)buffer, alignmask + 1); | 68 | u8 *src = (u8 *)ALIGN((unsigned long)buffer, alignmask + 1); |
47 | u8 *dst = src + bsize; | 69 | u8 *dst = src + bsize; |
48 | unsigned int n; | ||
49 | |||
50 | n = scatterwalk_copychunks(src, in, bsize, 0); | ||
51 | scatterwalk_advance(in, n); | ||
52 | 70 | ||
71 | scatterwalk_copychunks(src, in, bsize, 0); | ||
53 | desc->prfn(desc, dst, src, bsize); | 72 | desc->prfn(desc, dst, src, bsize); |
54 | 73 | scatterwalk_copychunks(dst, out, bsize, 1); | |
55 | n = scatterwalk_copychunks(dst, out, bsize, 1); | ||
56 | scatterwalk_advance(out, n); | ||
57 | 74 | ||
58 | return bsize; | 75 | return bsize; |
59 | } | 76 | } |
@@ -64,12 +81,16 @@ static inline unsigned int crypt_fast(const struct cipher_desc *desc, | |||
64 | unsigned int nbytes, u8 *tmp) | 81 | unsigned int nbytes, u8 *tmp) |
65 | { | 82 | { |
66 | u8 *src, *dst; | 83 | u8 *src, *dst; |
84 | u8 *real_src, *real_dst; | ||
85 | |||
86 | real_src = scatterwalk_map(in, 0); | ||
87 | real_dst = scatterwalk_map(out, 1); | ||
67 | 88 | ||
68 | src = in->data; | 89 | src = real_src; |
69 | dst = scatterwalk_samebuf(in, out) ? src : out->data; | 90 | dst = scatterwalk_samebuf(in, out) ? src : real_dst; |
70 | 91 | ||
71 | if (tmp) { | 92 | if (tmp) { |
72 | memcpy(tmp, in->data, nbytes); | 93 | memcpy(tmp, src, nbytes); |
73 | src = tmp; | 94 | src = tmp; |
74 | dst = tmp; | 95 | dst = tmp; |
75 | } | 96 | } |
@@ -77,7 +98,10 @@ static inline unsigned int crypt_fast(const struct cipher_desc *desc, | |||
77 | nbytes = desc->prfn(desc, dst, src, nbytes); | 98 | nbytes = desc->prfn(desc, dst, src, nbytes); |
78 | 99 | ||
79 | if (tmp) | 100 | if (tmp) |
80 | memcpy(out->data, tmp, nbytes); | 101 | memcpy(real_dst, tmp, nbytes); |
102 | |||
103 | scatterwalk_unmap(real_src, 0); | ||
104 | scatterwalk_unmap(real_dst, 1); | ||
81 | 105 | ||
82 | scatterwalk_advance(in, nbytes); | 106 | scatterwalk_advance(in, nbytes); |
83 | scatterwalk_advance(out, nbytes); | 107 | scatterwalk_advance(out, nbytes); |
@@ -126,9 +150,6 @@ static int crypt(const struct cipher_desc *desc, | |||
126 | tmp = (u8 *)buffer; | 150 | tmp = (u8 *)buffer; |
127 | } | 151 | } |
128 | 152 | ||
129 | scatterwalk_map(&walk_in, 0); | ||
130 | scatterwalk_map(&walk_out, 1); | ||
131 | |||
132 | n = scatterwalk_clamp(&walk_in, n); | 153 | n = scatterwalk_clamp(&walk_in, n); |
133 | n = scatterwalk_clamp(&walk_out, n); | 154 | n = scatterwalk_clamp(&walk_out, n); |
134 | 155 | ||
@@ -145,7 +166,7 @@ static int crypt(const struct cipher_desc *desc, | |||
145 | if (!nbytes) | 166 | if (!nbytes) |
146 | break; | 167 | break; |
147 | 168 | ||
148 | crypto_yield(tfm); | 169 | crypto_yield(tfm->crt_flags); |
149 | } | 170 | } |
150 | 171 | ||
151 | if (buffer) | 172 | if (buffer) |
@@ -264,12 +285,12 @@ static int setkey(struct crypto_tfm *tfm, const u8 *key, unsigned int keylen) | |||
264 | { | 285 | { |
265 | struct cipher_alg *cia = &tfm->__crt_alg->cra_cipher; | 286 | struct cipher_alg *cia = &tfm->__crt_alg->cra_cipher; |
266 | 287 | ||
288 | tfm->crt_flags &= ~CRYPTO_TFM_RES_MASK; | ||
267 | if (keylen < cia->cia_min_keysize || keylen > cia->cia_max_keysize) { | 289 | if (keylen < cia->cia_min_keysize || keylen > cia->cia_max_keysize) { |
268 | tfm->crt_flags |= CRYPTO_TFM_RES_BAD_KEY_LEN; | 290 | tfm->crt_flags |= CRYPTO_TFM_RES_BAD_KEY_LEN; |
269 | return -EINVAL; | 291 | return -EINVAL; |
270 | } else | 292 | } else |
271 | return cia->cia_setkey(tfm, key, keylen, | 293 | return cia->cia_setkey(tfm, key, keylen); |
272 | &tfm->crt_flags); | ||
273 | } | 294 | } |
274 | 295 | ||
275 | static int ecb_encrypt(struct crypto_tfm *tfm, | 296 | static int ecb_encrypt(struct crypto_tfm *tfm, |
@@ -277,7 +298,7 @@ static int ecb_encrypt(struct crypto_tfm *tfm, | |||
277 | struct scatterlist *src, unsigned int nbytes) | 298 | struct scatterlist *src, unsigned int nbytes) |
278 | { | 299 | { |
279 | struct cipher_desc desc; | 300 | struct cipher_desc desc; |
280 | struct cipher_alg *cipher = &tfm->__crt_alg->cra_cipher; | 301 | struct cipher_alg_compat *cipher = (void *)&tfm->__crt_alg->cra_cipher; |
281 | 302 | ||
282 | desc.tfm = tfm; | 303 | desc.tfm = tfm; |
283 | desc.crfn = cipher->cia_encrypt; | 304 | desc.crfn = cipher->cia_encrypt; |
@@ -292,7 +313,7 @@ static int ecb_decrypt(struct crypto_tfm *tfm, | |||
292 | unsigned int nbytes) | 313 | unsigned int nbytes) |
293 | { | 314 | { |
294 | struct cipher_desc desc; | 315 | struct cipher_desc desc; |
295 | struct cipher_alg *cipher = &tfm->__crt_alg->cra_cipher; | 316 | struct cipher_alg_compat *cipher = (void *)&tfm->__crt_alg->cra_cipher; |
296 | 317 | ||
297 | desc.tfm = tfm; | 318 | desc.tfm = tfm; |
298 | desc.crfn = cipher->cia_decrypt; | 319 | desc.crfn = cipher->cia_decrypt; |
@@ -307,7 +328,7 @@ static int cbc_encrypt(struct crypto_tfm *tfm, | |||
307 | unsigned int nbytes) | 328 | unsigned int nbytes) |
308 | { | 329 | { |
309 | struct cipher_desc desc; | 330 | struct cipher_desc desc; |
310 | struct cipher_alg *cipher = &tfm->__crt_alg->cra_cipher; | 331 | struct cipher_alg_compat *cipher = (void *)&tfm->__crt_alg->cra_cipher; |
311 | 332 | ||
312 | desc.tfm = tfm; | 333 | desc.tfm = tfm; |
313 | desc.crfn = cipher->cia_encrypt; | 334 | desc.crfn = cipher->cia_encrypt; |
@@ -323,7 +344,7 @@ static int cbc_encrypt_iv(struct crypto_tfm *tfm, | |||
323 | unsigned int nbytes, u8 *iv) | 344 | unsigned int nbytes, u8 *iv) |
324 | { | 345 | { |
325 | struct cipher_desc desc; | 346 | struct cipher_desc desc; |
326 | struct cipher_alg *cipher = &tfm->__crt_alg->cra_cipher; | 347 | struct cipher_alg_compat *cipher = (void *)&tfm->__crt_alg->cra_cipher; |
327 | 348 | ||
328 | desc.tfm = tfm; | 349 | desc.tfm = tfm; |
329 | desc.crfn = cipher->cia_encrypt; | 350 | desc.crfn = cipher->cia_encrypt; |
@@ -339,7 +360,7 @@ static int cbc_decrypt(struct crypto_tfm *tfm, | |||
339 | unsigned int nbytes) | 360 | unsigned int nbytes) |
340 | { | 361 | { |
341 | struct cipher_desc desc; | 362 | struct cipher_desc desc; |
342 | struct cipher_alg *cipher = &tfm->__crt_alg->cra_cipher; | 363 | struct cipher_alg_compat *cipher = (void *)&tfm->__crt_alg->cra_cipher; |
343 | 364 | ||
344 | desc.tfm = tfm; | 365 | desc.tfm = tfm; |
345 | desc.crfn = cipher->cia_decrypt; | 366 | desc.crfn = cipher->cia_decrypt; |
@@ -355,7 +376,7 @@ static int cbc_decrypt_iv(struct crypto_tfm *tfm, | |||
355 | unsigned int nbytes, u8 *iv) | 376 | unsigned int nbytes, u8 *iv) |
356 | { | 377 | { |
357 | struct cipher_desc desc; | 378 | struct cipher_desc desc; |
358 | struct cipher_alg *cipher = &tfm->__crt_alg->cra_cipher; | 379 | struct cipher_alg_compat *cipher = (void *)&tfm->__crt_alg->cra_cipher; |
359 | 380 | ||
360 | desc.tfm = tfm; | 381 | desc.tfm = tfm; |
361 | desc.crfn = cipher->cia_decrypt; | 382 | desc.crfn = cipher->cia_decrypt; |
@@ -388,17 +409,67 @@ int crypto_init_cipher_flags(struct crypto_tfm *tfm, u32 flags) | |||
388 | return 0; | 409 | return 0; |
389 | } | 410 | } |
390 | 411 | ||
412 | static void cipher_crypt_unaligned(void (*fn)(struct crypto_tfm *, u8 *, | ||
413 | const u8 *), | ||
414 | struct crypto_tfm *tfm, | ||
415 | u8 *dst, const u8 *src) | ||
416 | { | ||
417 | unsigned long alignmask = crypto_tfm_alg_alignmask(tfm); | ||
418 | unsigned int size = crypto_tfm_alg_blocksize(tfm); | ||
419 | u8 buffer[size + alignmask]; | ||
420 | u8 *tmp = (u8 *)ALIGN((unsigned long)buffer, alignmask + 1); | ||
421 | |||
422 | memcpy(tmp, src, size); | ||
423 | fn(tfm, tmp, tmp); | ||
424 | memcpy(dst, tmp, size); | ||
425 | } | ||
426 | |||
427 | static void cipher_encrypt_unaligned(struct crypto_tfm *tfm, | ||
428 | u8 *dst, const u8 *src) | ||
429 | { | ||
430 | unsigned long alignmask = crypto_tfm_alg_alignmask(tfm); | ||
431 | struct cipher_alg *cipher = &tfm->__crt_alg->cra_cipher; | ||
432 | |||
433 | if (unlikely(((unsigned long)dst | (unsigned long)src) & alignmask)) { | ||
434 | cipher_crypt_unaligned(cipher->cia_encrypt, tfm, dst, src); | ||
435 | return; | ||
436 | } | ||
437 | |||
438 | cipher->cia_encrypt(tfm, dst, src); | ||
439 | } | ||
440 | |||
441 | static void cipher_decrypt_unaligned(struct crypto_tfm *tfm, | ||
442 | u8 *dst, const u8 *src) | ||
443 | { | ||
444 | unsigned long alignmask = crypto_tfm_alg_alignmask(tfm); | ||
445 | struct cipher_alg *cipher = &tfm->__crt_alg->cra_cipher; | ||
446 | |||
447 | if (unlikely(((unsigned long)dst | (unsigned long)src) & alignmask)) { | ||
448 | cipher_crypt_unaligned(cipher->cia_decrypt, tfm, dst, src); | ||
449 | return; | ||
450 | } | ||
451 | |||
452 | cipher->cia_decrypt(tfm, dst, src); | ||
453 | } | ||
454 | |||
391 | int crypto_init_cipher_ops(struct crypto_tfm *tfm) | 455 | int crypto_init_cipher_ops(struct crypto_tfm *tfm) |
392 | { | 456 | { |
393 | int ret = 0; | 457 | int ret = 0; |
394 | struct cipher_tfm *ops = &tfm->crt_cipher; | 458 | struct cipher_tfm *ops = &tfm->crt_cipher; |
459 | struct cipher_alg *cipher = &tfm->__crt_alg->cra_cipher; | ||
395 | 460 | ||
396 | ops->cit_setkey = setkey; | 461 | ops->cit_setkey = setkey; |
462 | ops->cit_encrypt_one = crypto_tfm_alg_alignmask(tfm) ? | ||
463 | cipher_encrypt_unaligned : cipher->cia_encrypt; | ||
464 | ops->cit_decrypt_one = crypto_tfm_alg_alignmask(tfm) ? | ||
465 | cipher_decrypt_unaligned : cipher->cia_decrypt; | ||
397 | 466 | ||
398 | switch (tfm->crt_cipher.cit_mode) { | 467 | switch (tfm->crt_cipher.cit_mode) { |
399 | case CRYPTO_TFM_MODE_ECB: | 468 | case CRYPTO_TFM_MODE_ECB: |
400 | ops->cit_encrypt = ecb_encrypt; | 469 | ops->cit_encrypt = ecb_encrypt; |
401 | ops->cit_decrypt = ecb_decrypt; | 470 | ops->cit_decrypt = ecb_decrypt; |
471 | ops->cit_encrypt_iv = nocrypt_iv; | ||
472 | ops->cit_decrypt_iv = nocrypt_iv; | ||
402 | break; | 473 | break; |
403 | 474 | ||
404 | case CRYPTO_TFM_MODE_CBC: | 475 | case CRYPTO_TFM_MODE_CBC: |
diff --git a/crypto/crc32c.c b/crypto/crc32c.c index f2660123aeb4..0fa744392a4c 100644 --- a/crypto/crc32c.c +++ b/crypto/crc32c.c | |||
@@ -16,14 +16,14 @@ | |||
16 | #include <linux/string.h> | 16 | #include <linux/string.h> |
17 | #include <linux/crypto.h> | 17 | #include <linux/crypto.h> |
18 | #include <linux/crc32c.h> | 18 | #include <linux/crc32c.h> |
19 | #include <linux/types.h> | 19 | #include <linux/kernel.h> |
20 | #include <asm/byteorder.h> | ||
21 | 20 | ||
22 | #define CHKSUM_BLOCK_SIZE 32 | 21 | #define CHKSUM_BLOCK_SIZE 32 |
23 | #define CHKSUM_DIGEST_SIZE 4 | 22 | #define CHKSUM_DIGEST_SIZE 4 |
24 | 23 | ||
25 | struct chksum_ctx { | 24 | struct chksum_ctx { |
26 | u32 crc; | 25 | u32 crc; |
26 | u32 key; | ||
27 | }; | 27 | }; |
28 | 28 | ||
29 | /* | 29 | /* |
@@ -35,7 +35,7 @@ static void chksum_init(struct crypto_tfm *tfm) | |||
35 | { | 35 | { |
36 | struct chksum_ctx *mctx = crypto_tfm_ctx(tfm); | 36 | struct chksum_ctx *mctx = crypto_tfm_ctx(tfm); |
37 | 37 | ||
38 | mctx->crc = ~(u32)0; /* common usage */ | 38 | mctx->crc = mctx->key; |
39 | } | 39 | } |
40 | 40 | ||
41 | /* | 41 | /* |
@@ -44,16 +44,15 @@ static void chksum_init(struct crypto_tfm *tfm) | |||
44 | * the seed. | 44 | * the seed. |
45 | */ | 45 | */ |
46 | static int chksum_setkey(struct crypto_tfm *tfm, const u8 *key, | 46 | static int chksum_setkey(struct crypto_tfm *tfm, const u8 *key, |
47 | unsigned int keylen, u32 *flags) | 47 | unsigned int keylen) |
48 | { | 48 | { |
49 | struct chksum_ctx *mctx = crypto_tfm_ctx(tfm); | 49 | struct chksum_ctx *mctx = crypto_tfm_ctx(tfm); |
50 | 50 | ||
51 | if (keylen != sizeof(mctx->crc)) { | 51 | if (keylen != sizeof(mctx->crc)) { |
52 | if (flags) | 52 | tfm->crt_flags |= CRYPTO_TFM_RES_BAD_KEY_LEN; |
53 | *flags = CRYPTO_TFM_RES_BAD_KEY_LEN; | ||
54 | return -EINVAL; | 53 | return -EINVAL; |
55 | } | 54 | } |
56 | mctx->crc = __cpu_to_le32(*(u32 *)key); | 55 | mctx->key = le32_to_cpu(*(__le32 *)key); |
57 | return 0; | 56 | return 0; |
58 | } | 57 | } |
59 | 58 | ||
@@ -61,19 +60,23 @@ static void chksum_update(struct crypto_tfm *tfm, const u8 *data, | |||
61 | unsigned int length) | 60 | unsigned int length) |
62 | { | 61 | { |
63 | struct chksum_ctx *mctx = crypto_tfm_ctx(tfm); | 62 | struct chksum_ctx *mctx = crypto_tfm_ctx(tfm); |
64 | u32 mcrc; | ||
65 | 63 | ||
66 | mcrc = crc32c(mctx->crc, data, (size_t)length); | 64 | mctx->crc = crc32c(mctx->crc, data, length); |
67 | |||
68 | mctx->crc = mcrc; | ||
69 | } | 65 | } |
70 | 66 | ||
71 | static void chksum_final(struct crypto_tfm *tfm, u8 *out) | 67 | static void chksum_final(struct crypto_tfm *tfm, u8 *out) |
72 | { | 68 | { |
73 | struct chksum_ctx *mctx = crypto_tfm_ctx(tfm); | 69 | struct chksum_ctx *mctx = crypto_tfm_ctx(tfm); |
74 | u32 mcrc = (mctx->crc ^ ~(u32)0); | ||
75 | 70 | ||
76 | *(u32 *)out = __le32_to_cpu(mcrc); | 71 | *(__le32 *)out = ~cpu_to_le32(mctx->crc); |
72 | } | ||
73 | |||
74 | static int crc32c_cra_init(struct crypto_tfm *tfm) | ||
75 | { | ||
76 | struct chksum_ctx *mctx = crypto_tfm_ctx(tfm); | ||
77 | |||
78 | mctx->key = ~0; | ||
79 | return 0; | ||
77 | } | 80 | } |
78 | 81 | ||
79 | static struct crypto_alg alg = { | 82 | static struct crypto_alg alg = { |
@@ -83,6 +86,7 @@ static struct crypto_alg alg = { | |||
83 | .cra_ctxsize = sizeof(struct chksum_ctx), | 86 | .cra_ctxsize = sizeof(struct chksum_ctx), |
84 | .cra_module = THIS_MODULE, | 87 | .cra_module = THIS_MODULE, |
85 | .cra_list = LIST_HEAD_INIT(alg.cra_list), | 88 | .cra_list = LIST_HEAD_INIT(alg.cra_list), |
89 | .cra_init = crc32c_cra_init, | ||
86 | .cra_u = { | 90 | .cra_u = { |
87 | .digest = { | 91 | .digest = { |
88 | .dia_digestsize= CHKSUM_DIGEST_SIZE, | 92 | .dia_digestsize= CHKSUM_DIGEST_SIZE, |
diff --git a/crypto/crypto_null.c b/crypto/crypto_null.c index a0d956b52949..24dbb5d8617e 100644 --- a/crypto/crypto_null.c +++ b/crypto/crypto_null.c | |||
@@ -48,7 +48,7 @@ static void null_final(struct crypto_tfm *tfm, u8 *out) | |||
48 | { } | 48 | { } |
49 | 49 | ||
50 | static int null_setkey(struct crypto_tfm *tfm, const u8 *key, | 50 | static int null_setkey(struct crypto_tfm *tfm, const u8 *key, |
51 | unsigned int keylen, u32 *flags) | 51 | unsigned int keylen) |
52 | { return 0; } | 52 | { return 0; } |
53 | 53 | ||
54 | static void null_crypt(struct crypto_tfm *tfm, u8 *dst, const u8 *src) | 54 | static void null_crypt(struct crypto_tfm *tfm, u8 *dst, const u8 *src) |
diff --git a/crypto/cryptomgr.c b/crypto/cryptomgr.c new file mode 100644 index 000000000000..9b5b15601068 --- /dev/null +++ b/crypto/cryptomgr.c | |||
@@ -0,0 +1,156 @@ | |||
1 | /* | ||
2 | * Create default crypto algorithm instances. | ||
3 | * | ||
4 | * Copyright (c) 2006 Herbert Xu <herbert@gondor.apana.org.au> | ||
5 | * | ||
6 | * This program is free software; you can redistribute it and/or modify it | ||
7 | * under the terms of the GNU General Public License as published by the Free | ||
8 | * Software Foundation; either version 2 of the License, or (at your option) | ||
9 | * any later version. | ||
10 | * | ||
11 | */ | ||
12 | |||
13 | #include <linux/crypto.h> | ||
14 | #include <linux/ctype.h> | ||
15 | #include <linux/err.h> | ||
16 | #include <linux/init.h> | ||
17 | #include <linux/module.h> | ||
18 | #include <linux/notifier.h> | ||
19 | #include <linux/rtnetlink.h> | ||
20 | #include <linux/sched.h> | ||
21 | #include <linux/string.h> | ||
22 | #include <linux/workqueue.h> | ||
23 | |||
24 | #include "internal.h" | ||
25 | |||
26 | struct cryptomgr_param { | ||
27 | struct work_struct work; | ||
28 | |||
29 | struct { | ||
30 | struct rtattr attr; | ||
31 | struct crypto_attr_alg data; | ||
32 | } alg; | ||
33 | |||
34 | struct { | ||
35 | u32 type; | ||
36 | u32 mask; | ||
37 | char name[CRYPTO_MAX_ALG_NAME]; | ||
38 | } larval; | ||
39 | |||
40 | char template[CRYPTO_MAX_ALG_NAME]; | ||
41 | }; | ||
42 | |||
43 | static void cryptomgr_probe(void *data) | ||
44 | { | ||
45 | struct cryptomgr_param *param = data; | ||
46 | struct crypto_template *tmpl; | ||
47 | struct crypto_instance *inst; | ||
48 | int err; | ||
49 | |||
50 | tmpl = crypto_lookup_template(param->template); | ||
51 | if (!tmpl) | ||
52 | goto err; | ||
53 | |||
54 | do { | ||
55 | inst = tmpl->alloc(¶m->alg, sizeof(param->alg)); | ||
56 | if (IS_ERR(inst)) | ||
57 | err = PTR_ERR(inst); | ||
58 | else if ((err = crypto_register_instance(tmpl, inst))) | ||
59 | tmpl->free(inst); | ||
60 | } while (err == -EAGAIN && !signal_pending(current)); | ||
61 | |||
62 | crypto_tmpl_put(tmpl); | ||
63 | |||
64 | if (err) | ||
65 | goto err; | ||
66 | |||
67 | out: | ||
68 | kfree(param); | ||
69 | return; | ||
70 | |||
71 | err: | ||
72 | crypto_larval_error(param->larval.name, param->larval.type, | ||
73 | param->larval.mask); | ||
74 | goto out; | ||
75 | } | ||
76 | |||
77 | static int cryptomgr_schedule_probe(struct crypto_larval *larval) | ||
78 | { | ||
79 | struct cryptomgr_param *param; | ||
80 | const char *name = larval->alg.cra_name; | ||
81 | const char *p; | ||
82 | unsigned int len; | ||
83 | |||
84 | param = kmalloc(sizeof(*param), GFP_KERNEL); | ||
85 | if (!param) | ||
86 | goto err; | ||
87 | |||
88 | for (p = name; isalnum(*p) || *p == '-' || *p == '_'; p++) | ||
89 | ; | ||
90 | |||
91 | len = p - name; | ||
92 | if (!len || *p != '(') | ||
93 | goto err_free_param; | ||
94 | |||
95 | memcpy(param->template, name, len); | ||
96 | param->template[len] = 0; | ||
97 | |||
98 | name = p + 1; | ||
99 | for (p = name; isalnum(*p) || *p == '-' || *p == '_'; p++) | ||
100 | ; | ||
101 | |||
102 | len = p - name; | ||
103 | if (!len || *p != ')' || p[1]) | ||
104 | goto err_free_param; | ||
105 | |||
106 | param->alg.attr.rta_len = sizeof(param->alg); | ||
107 | param->alg.attr.rta_type = CRYPTOA_ALG; | ||
108 | memcpy(param->alg.data.name, name, len); | ||
109 | param->alg.data.name[len] = 0; | ||
110 | |||
111 | memcpy(param->larval.name, larval->alg.cra_name, CRYPTO_MAX_ALG_NAME); | ||
112 | param->larval.type = larval->alg.cra_flags; | ||
113 | param->larval.mask = larval->mask; | ||
114 | |||
115 | INIT_WORK(¶m->work, cryptomgr_probe, param); | ||
116 | schedule_work(¶m->work); | ||
117 | |||
118 | return NOTIFY_STOP; | ||
119 | |||
120 | err_free_param: | ||
121 | kfree(param); | ||
122 | err: | ||
123 | return NOTIFY_OK; | ||
124 | } | ||
125 | |||
126 | static int cryptomgr_notify(struct notifier_block *this, unsigned long msg, | ||
127 | void *data) | ||
128 | { | ||
129 | switch (msg) { | ||
130 | case CRYPTO_MSG_ALG_REQUEST: | ||
131 | return cryptomgr_schedule_probe(data); | ||
132 | } | ||
133 | |||
134 | return NOTIFY_DONE; | ||
135 | } | ||
136 | |||
137 | static struct notifier_block cryptomgr_notifier = { | ||
138 | .notifier_call = cryptomgr_notify, | ||
139 | }; | ||
140 | |||
141 | static int __init cryptomgr_init(void) | ||
142 | { | ||
143 | return crypto_register_notifier(&cryptomgr_notifier); | ||
144 | } | ||
145 | |||
146 | static void __exit cryptomgr_exit(void) | ||
147 | { | ||
148 | int err = crypto_unregister_notifier(&cryptomgr_notifier); | ||
149 | BUG_ON(err); | ||
150 | } | ||
151 | |||
152 | module_init(cryptomgr_init); | ||
153 | module_exit(cryptomgr_exit); | ||
154 | |||
155 | MODULE_LICENSE("GPL"); | ||
156 | MODULE_DESCRIPTION("Crypto Algorithm Manager"); | ||
diff --git a/crypto/des.c b/crypto/des.c index a9d3c235a6af..1df3a714fa47 100644 --- a/crypto/des.c +++ b/crypto/des.c | |||
@@ -784,9 +784,10 @@ static void dkey(u32 *pe, const u8 *k) | |||
784 | } | 784 | } |
785 | 785 | ||
786 | static int des_setkey(struct crypto_tfm *tfm, const u8 *key, | 786 | static int des_setkey(struct crypto_tfm *tfm, const u8 *key, |
787 | unsigned int keylen, u32 *flags) | 787 | unsigned int keylen) |
788 | { | 788 | { |
789 | struct des_ctx *dctx = crypto_tfm_ctx(tfm); | 789 | struct des_ctx *dctx = crypto_tfm_ctx(tfm); |
790 | u32 *flags = &tfm->crt_flags; | ||
790 | u32 tmp[DES_EXPKEY_WORDS]; | 791 | u32 tmp[DES_EXPKEY_WORDS]; |
791 | int ret; | 792 | int ret; |
792 | 793 | ||
@@ -864,11 +865,12 @@ static void des_decrypt(struct crypto_tfm *tfm, u8 *dst, const u8 *src) | |||
864 | * | 865 | * |
865 | */ | 866 | */ |
866 | static int des3_ede_setkey(struct crypto_tfm *tfm, const u8 *key, | 867 | static int des3_ede_setkey(struct crypto_tfm *tfm, const u8 *key, |
867 | unsigned int keylen, u32 *flags) | 868 | unsigned int keylen) |
868 | { | 869 | { |
869 | const u32 *K = (const u32 *)key; | 870 | const u32 *K = (const u32 *)key; |
870 | struct des3_ede_ctx *dctx = crypto_tfm_ctx(tfm); | 871 | struct des3_ede_ctx *dctx = crypto_tfm_ctx(tfm); |
871 | u32 *expkey = dctx->expkey; | 872 | u32 *expkey = dctx->expkey; |
873 | u32 *flags = &tfm->crt_flags; | ||
872 | 874 | ||
873 | if (unlikely(!((K[0] ^ K[2]) | (K[1] ^ K[3])) || | 875 | if (unlikely(!((K[0] ^ K[2]) | (K[1] ^ K[3])) || |
874 | !((K[2] ^ K[4]) | (K[3] ^ K[5])))) | 876 | !((K[2] ^ K[4]) | (K[3] ^ K[5])))) |
diff --git a/crypto/digest.c b/crypto/digest.c index 603006a7bef2..0155a94e4b15 100644 --- a/crypto/digest.c +++ b/crypto/digest.c | |||
@@ -11,29 +11,89 @@ | |||
11 | * any later version. | 11 | * any later version. |
12 | * | 12 | * |
13 | */ | 13 | */ |
14 | #include <linux/crypto.h> | 14 | |
15 | #include <linux/mm.h> | 15 | #include <linux/mm.h> |
16 | #include <linux/errno.h> | 16 | #include <linux/errno.h> |
17 | #include <linux/highmem.h> | 17 | #include <linux/highmem.h> |
18 | #include <asm/scatterlist.h> | 18 | #include <linux/module.h> |
19 | #include <linux/scatterlist.h> | ||
20 | |||
19 | #include "internal.h" | 21 | #include "internal.h" |
22 | #include "scatterwalk.h" | ||
20 | 23 | ||
21 | static void init(struct crypto_tfm *tfm) | 24 | void crypto_digest_init(struct crypto_tfm *tfm) |
22 | { | 25 | { |
23 | tfm->__crt_alg->cra_digest.dia_init(tfm); | 26 | struct crypto_hash *hash = crypto_hash_cast(tfm); |
27 | struct hash_desc desc = { .tfm = hash, .flags = tfm->crt_flags }; | ||
28 | |||
29 | crypto_hash_init(&desc); | ||
30 | } | ||
31 | EXPORT_SYMBOL_GPL(crypto_digest_init); | ||
32 | |||
33 | void crypto_digest_update(struct crypto_tfm *tfm, | ||
34 | struct scatterlist *sg, unsigned int nsg) | ||
35 | { | ||
36 | struct crypto_hash *hash = crypto_hash_cast(tfm); | ||
37 | struct hash_desc desc = { .tfm = hash, .flags = tfm->crt_flags }; | ||
38 | unsigned int nbytes = 0; | ||
39 | unsigned int i; | ||
40 | |||
41 | for (i = 0; i < nsg; i++) | ||
42 | nbytes += sg[i].length; | ||
43 | |||
44 | crypto_hash_update(&desc, sg, nbytes); | ||
45 | } | ||
46 | EXPORT_SYMBOL_GPL(crypto_digest_update); | ||
47 | |||
48 | void crypto_digest_final(struct crypto_tfm *tfm, u8 *out) | ||
49 | { | ||
50 | struct crypto_hash *hash = crypto_hash_cast(tfm); | ||
51 | struct hash_desc desc = { .tfm = hash, .flags = tfm->crt_flags }; | ||
52 | |||
53 | crypto_hash_final(&desc, out); | ||
24 | } | 54 | } |
55 | EXPORT_SYMBOL_GPL(crypto_digest_final); | ||
25 | 56 | ||
26 | static void update(struct crypto_tfm *tfm, | 57 | void crypto_digest_digest(struct crypto_tfm *tfm, |
27 | struct scatterlist *sg, unsigned int nsg) | 58 | struct scatterlist *sg, unsigned int nsg, u8 *out) |
28 | { | 59 | { |
60 | struct crypto_hash *hash = crypto_hash_cast(tfm); | ||
61 | struct hash_desc desc = { .tfm = hash, .flags = tfm->crt_flags }; | ||
62 | unsigned int nbytes = 0; | ||
29 | unsigned int i; | 63 | unsigned int i; |
64 | |||
65 | for (i = 0; i < nsg; i++) | ||
66 | nbytes += sg[i].length; | ||
67 | |||
68 | crypto_hash_digest(&desc, sg, nbytes, out); | ||
69 | } | ||
70 | EXPORT_SYMBOL_GPL(crypto_digest_digest); | ||
71 | |||
72 | static int init(struct hash_desc *desc) | ||
73 | { | ||
74 | struct crypto_tfm *tfm = crypto_hash_tfm(desc->tfm); | ||
75 | |||
76 | tfm->__crt_alg->cra_digest.dia_init(tfm); | ||
77 | return 0; | ||
78 | } | ||
79 | |||
80 | static int update(struct hash_desc *desc, | ||
81 | struct scatterlist *sg, unsigned int nbytes) | ||
82 | { | ||
83 | struct crypto_tfm *tfm = crypto_hash_tfm(desc->tfm); | ||
30 | unsigned int alignmask = crypto_tfm_alg_alignmask(tfm); | 84 | unsigned int alignmask = crypto_tfm_alg_alignmask(tfm); |
31 | 85 | ||
32 | for (i = 0; i < nsg; i++) { | 86 | if (!nbytes) |
87 | return 0; | ||
88 | |||
89 | for (;;) { | ||
90 | struct page *pg = sg->page; | ||
91 | unsigned int offset = sg->offset; | ||
92 | unsigned int l = sg->length; | ||
33 | 93 | ||
34 | struct page *pg = sg[i].page; | 94 | if (unlikely(l > nbytes)) |
35 | unsigned int offset = sg[i].offset; | 95 | l = nbytes; |
36 | unsigned int l = sg[i].length; | 96 | nbytes -= l; |
37 | 97 | ||
38 | do { | 98 | do { |
39 | unsigned int bytes_from_page = min(l, ((unsigned int) | 99 | unsigned int bytes_from_page = min(l, ((unsigned int) |
@@ -55,41 +115,60 @@ static void update(struct crypto_tfm *tfm, | |||
55 | tfm->__crt_alg->cra_digest.dia_update(tfm, p, | 115 | tfm->__crt_alg->cra_digest.dia_update(tfm, p, |
56 | bytes_from_page); | 116 | bytes_from_page); |
57 | crypto_kunmap(src, 0); | 117 | crypto_kunmap(src, 0); |
58 | crypto_yield(tfm); | 118 | crypto_yield(desc->flags); |
59 | offset = 0; | 119 | offset = 0; |
60 | pg++; | 120 | pg++; |
61 | l -= bytes_from_page; | 121 | l -= bytes_from_page; |
62 | } while (l > 0); | 122 | } while (l > 0); |
123 | |||
124 | if (!nbytes) | ||
125 | break; | ||
126 | sg = sg_next(sg); | ||
63 | } | 127 | } |
128 | |||
129 | return 0; | ||
64 | } | 130 | } |
65 | 131 | ||
66 | static void final(struct crypto_tfm *tfm, u8 *out) | 132 | static int final(struct hash_desc *desc, u8 *out) |
67 | { | 133 | { |
134 | struct crypto_tfm *tfm = crypto_hash_tfm(desc->tfm); | ||
68 | unsigned long alignmask = crypto_tfm_alg_alignmask(tfm); | 135 | unsigned long alignmask = crypto_tfm_alg_alignmask(tfm); |
136 | struct digest_alg *digest = &tfm->__crt_alg->cra_digest; | ||
137 | |||
69 | if (unlikely((unsigned long)out & alignmask)) { | 138 | if (unlikely((unsigned long)out & alignmask)) { |
70 | unsigned int size = crypto_tfm_alg_digestsize(tfm); | 139 | unsigned long align = alignmask + 1; |
71 | u8 buffer[size + alignmask]; | 140 | unsigned long addr = (unsigned long)crypto_tfm_ctx(tfm); |
72 | u8 *dst = (u8 *)ALIGN((unsigned long)buffer, alignmask + 1); | 141 | u8 *dst = (u8 *)ALIGN(addr, align) + |
73 | tfm->__crt_alg->cra_digest.dia_final(tfm, dst); | 142 | ALIGN(tfm->__crt_alg->cra_ctxsize, align); |
74 | memcpy(out, dst, size); | 143 | |
144 | digest->dia_final(tfm, dst); | ||
145 | memcpy(out, dst, digest->dia_digestsize); | ||
75 | } else | 146 | } else |
76 | tfm->__crt_alg->cra_digest.dia_final(tfm, out); | 147 | digest->dia_final(tfm, out); |
148 | |||
149 | return 0; | ||
150 | } | ||
151 | |||
152 | static int nosetkey(struct crypto_hash *tfm, const u8 *key, unsigned int keylen) | ||
153 | { | ||
154 | crypto_hash_clear_flags(tfm, CRYPTO_TFM_RES_MASK); | ||
155 | return -ENOSYS; | ||
77 | } | 156 | } |
78 | 157 | ||
79 | static int setkey(struct crypto_tfm *tfm, const u8 *key, unsigned int keylen) | 158 | static int setkey(struct crypto_hash *hash, const u8 *key, unsigned int keylen) |
80 | { | 159 | { |
81 | u32 flags; | 160 | struct crypto_tfm *tfm = crypto_hash_tfm(hash); |
82 | if (tfm->__crt_alg->cra_digest.dia_setkey == NULL) | 161 | |
83 | return -ENOSYS; | 162 | crypto_hash_clear_flags(hash, CRYPTO_TFM_RES_MASK); |
84 | return tfm->__crt_alg->cra_digest.dia_setkey(tfm, key, keylen, &flags); | 163 | return tfm->__crt_alg->cra_digest.dia_setkey(tfm, key, keylen); |
85 | } | 164 | } |
86 | 165 | ||
87 | static void digest(struct crypto_tfm *tfm, | 166 | static int digest(struct hash_desc *desc, |
88 | struct scatterlist *sg, unsigned int nsg, u8 *out) | 167 | struct scatterlist *sg, unsigned int nbytes, u8 *out) |
89 | { | 168 | { |
90 | init(tfm); | 169 | init(desc); |
91 | update(tfm, sg, nsg); | 170 | update(desc, sg, nbytes); |
92 | final(tfm, out); | 171 | return final(desc, out); |
93 | } | 172 | } |
94 | 173 | ||
95 | int crypto_init_digest_flags(struct crypto_tfm *tfm, u32 flags) | 174 | int crypto_init_digest_flags(struct crypto_tfm *tfm, u32 flags) |
@@ -99,18 +178,22 @@ int crypto_init_digest_flags(struct crypto_tfm *tfm, u32 flags) | |||
99 | 178 | ||
100 | int crypto_init_digest_ops(struct crypto_tfm *tfm) | 179 | int crypto_init_digest_ops(struct crypto_tfm *tfm) |
101 | { | 180 | { |
102 | struct digest_tfm *ops = &tfm->crt_digest; | 181 | struct hash_tfm *ops = &tfm->crt_hash; |
182 | struct digest_alg *dalg = &tfm->__crt_alg->cra_digest; | ||
183 | |||
184 | if (dalg->dia_digestsize > crypto_tfm_alg_blocksize(tfm)) | ||
185 | return -EINVAL; | ||
103 | 186 | ||
104 | ops->dit_init = init; | 187 | ops->init = init; |
105 | ops->dit_update = update; | 188 | ops->update = update; |
106 | ops->dit_final = final; | 189 | ops->final = final; |
107 | ops->dit_digest = digest; | 190 | ops->digest = digest; |
108 | ops->dit_setkey = setkey; | 191 | ops->setkey = dalg->dia_setkey ? setkey : nosetkey; |
192 | ops->digestsize = dalg->dia_digestsize; | ||
109 | 193 | ||
110 | return crypto_alloc_hmac_block(tfm); | 194 | return 0; |
111 | } | 195 | } |
112 | 196 | ||
113 | void crypto_exit_digest_ops(struct crypto_tfm *tfm) | 197 | void crypto_exit_digest_ops(struct crypto_tfm *tfm) |
114 | { | 198 | { |
115 | crypto_free_hmac_block(tfm); | ||
116 | } | 199 | } |
diff --git a/crypto/ecb.c b/crypto/ecb.c new file mode 100644 index 000000000000..f239aa9c4017 --- /dev/null +++ b/crypto/ecb.c | |||
@@ -0,0 +1,181 @@ | |||
1 | /* | ||
2 | * ECB: Electronic CodeBook mode | ||
3 | * | ||
4 | * Copyright (c) 2006 Herbert Xu <herbert@gondor.apana.org.au> | ||
5 | * | ||
6 | * This program is free software; you can redistribute it and/or modify it | ||
7 | * under the terms of the GNU General Public License as published by the Free | ||
8 | * Software Foundation; either version 2 of the License, or (at your option) | ||
9 | * any later version. | ||
10 | * | ||
11 | */ | ||
12 | |||
13 | #include <crypto/algapi.h> | ||
14 | #include <linux/err.h> | ||
15 | #include <linux/init.h> | ||
16 | #include <linux/kernel.h> | ||
17 | #include <linux/module.h> | ||
18 | #include <linux/scatterlist.h> | ||
19 | #include <linux/slab.h> | ||
20 | |||
21 | struct crypto_ecb_ctx { | ||
22 | struct crypto_cipher *child; | ||
23 | }; | ||
24 | |||
25 | static int crypto_ecb_setkey(struct crypto_tfm *parent, const u8 *key, | ||
26 | unsigned int keylen) | ||
27 | { | ||
28 | struct crypto_ecb_ctx *ctx = crypto_tfm_ctx(parent); | ||
29 | struct crypto_cipher *child = ctx->child; | ||
30 | int err; | ||
31 | |||
32 | crypto_cipher_clear_flags(child, CRYPTO_TFM_REQ_MASK); | ||
33 | crypto_cipher_set_flags(child, crypto_tfm_get_flags(parent) & | ||
34 | CRYPTO_TFM_REQ_MASK); | ||
35 | err = crypto_cipher_setkey(child, key, keylen); | ||
36 | crypto_tfm_set_flags(parent, crypto_cipher_get_flags(child) & | ||
37 | CRYPTO_TFM_RES_MASK); | ||
38 | return err; | ||
39 | } | ||
40 | |||
41 | static int crypto_ecb_crypt(struct blkcipher_desc *desc, | ||
42 | struct blkcipher_walk *walk, | ||
43 | struct crypto_cipher *tfm, | ||
44 | void (*fn)(struct crypto_tfm *, u8 *, const u8 *)) | ||
45 | { | ||
46 | int bsize = crypto_cipher_blocksize(tfm); | ||
47 | unsigned int nbytes; | ||
48 | int err; | ||
49 | |||
50 | err = blkcipher_walk_virt(desc, walk); | ||
51 | |||
52 | while ((nbytes = walk->nbytes)) { | ||
53 | u8 *wsrc = walk->src.virt.addr; | ||
54 | u8 *wdst = walk->dst.virt.addr; | ||
55 | |||
56 | do { | ||
57 | fn(crypto_cipher_tfm(tfm), wdst, wsrc); | ||
58 | |||
59 | wsrc += bsize; | ||
60 | wdst += bsize; | ||
61 | } while ((nbytes -= bsize) >= bsize); | ||
62 | |||
63 | err = blkcipher_walk_done(desc, walk, nbytes); | ||
64 | } | ||
65 | |||
66 | return err; | ||
67 | } | ||
68 | |||
69 | static int crypto_ecb_encrypt(struct blkcipher_desc *desc, | ||
70 | struct scatterlist *dst, struct scatterlist *src, | ||
71 | unsigned int nbytes) | ||
72 | { | ||
73 | struct blkcipher_walk walk; | ||
74 | struct crypto_blkcipher *tfm = desc->tfm; | ||
75 | struct crypto_ecb_ctx *ctx = crypto_blkcipher_ctx(tfm); | ||
76 | struct crypto_cipher *child = ctx->child; | ||
77 | |||
78 | blkcipher_walk_init(&walk, dst, src, nbytes); | ||
79 | return crypto_ecb_crypt(desc, &walk, child, | ||
80 | crypto_cipher_alg(child)->cia_encrypt); | ||
81 | } | ||
82 | |||
83 | static int crypto_ecb_decrypt(struct blkcipher_desc *desc, | ||
84 | struct scatterlist *dst, struct scatterlist *src, | ||
85 | unsigned int nbytes) | ||
86 | { | ||
87 | struct blkcipher_walk walk; | ||
88 | struct crypto_blkcipher *tfm = desc->tfm; | ||
89 | struct crypto_ecb_ctx *ctx = crypto_blkcipher_ctx(tfm); | ||
90 | struct crypto_cipher *child = ctx->child; | ||
91 | |||
92 | blkcipher_walk_init(&walk, dst, src, nbytes); | ||
93 | return crypto_ecb_crypt(desc, &walk, child, | ||
94 | crypto_cipher_alg(child)->cia_decrypt); | ||
95 | } | ||
96 | |||
97 | static int crypto_ecb_init_tfm(struct crypto_tfm *tfm) | ||
98 | { | ||
99 | struct crypto_instance *inst = (void *)tfm->__crt_alg; | ||
100 | struct crypto_spawn *spawn = crypto_instance_ctx(inst); | ||
101 | struct crypto_ecb_ctx *ctx = crypto_tfm_ctx(tfm); | ||
102 | |||
103 | tfm = crypto_spawn_tfm(spawn); | ||
104 | if (IS_ERR(tfm)) | ||
105 | return PTR_ERR(tfm); | ||
106 | |||
107 | ctx->child = crypto_cipher_cast(tfm); | ||
108 | return 0; | ||
109 | } | ||
110 | |||
111 | static void crypto_ecb_exit_tfm(struct crypto_tfm *tfm) | ||
112 | { | ||
113 | struct crypto_ecb_ctx *ctx = crypto_tfm_ctx(tfm); | ||
114 | crypto_free_cipher(ctx->child); | ||
115 | } | ||
116 | |||
117 | static struct crypto_instance *crypto_ecb_alloc(void *param, unsigned int len) | ||
118 | { | ||
119 | struct crypto_instance *inst; | ||
120 | struct crypto_alg *alg; | ||
121 | |||
122 | alg = crypto_get_attr_alg(param, len, CRYPTO_ALG_TYPE_CIPHER, | ||
123 | CRYPTO_ALG_TYPE_MASK | CRYPTO_ALG_ASYNC); | ||
124 | if (IS_ERR(alg)) | ||
125 | return ERR_PTR(PTR_ERR(alg)); | ||
126 | |||
127 | inst = crypto_alloc_instance("ecb", alg); | ||
128 | if (IS_ERR(inst)) | ||
129 | goto out_put_alg; | ||
130 | |||
131 | inst->alg.cra_flags = CRYPTO_ALG_TYPE_BLKCIPHER; | ||
132 | inst->alg.cra_priority = alg->cra_priority; | ||
133 | inst->alg.cra_blocksize = alg->cra_blocksize; | ||
134 | inst->alg.cra_alignmask = alg->cra_alignmask; | ||
135 | inst->alg.cra_type = &crypto_blkcipher_type; | ||
136 | |||
137 | inst->alg.cra_blkcipher.min_keysize = alg->cra_cipher.cia_min_keysize; | ||
138 | inst->alg.cra_blkcipher.max_keysize = alg->cra_cipher.cia_max_keysize; | ||
139 | |||
140 | inst->alg.cra_ctxsize = sizeof(struct crypto_ecb_ctx); | ||
141 | |||
142 | inst->alg.cra_init = crypto_ecb_init_tfm; | ||
143 | inst->alg.cra_exit = crypto_ecb_exit_tfm; | ||
144 | |||
145 | inst->alg.cra_blkcipher.setkey = crypto_ecb_setkey; | ||
146 | inst->alg.cra_blkcipher.encrypt = crypto_ecb_encrypt; | ||
147 | inst->alg.cra_blkcipher.decrypt = crypto_ecb_decrypt; | ||
148 | |||
149 | out_put_alg: | ||
150 | crypto_mod_put(alg); | ||
151 | return inst; | ||
152 | } | ||
153 | |||
154 | static void crypto_ecb_free(struct crypto_instance *inst) | ||
155 | { | ||
156 | crypto_drop_spawn(crypto_instance_ctx(inst)); | ||
157 | kfree(inst); | ||
158 | } | ||
159 | |||
160 | static struct crypto_template crypto_ecb_tmpl = { | ||
161 | .name = "ecb", | ||
162 | .alloc = crypto_ecb_alloc, | ||
163 | .free = crypto_ecb_free, | ||
164 | .module = THIS_MODULE, | ||
165 | }; | ||
166 | |||
167 | static int __init crypto_ecb_module_init(void) | ||
168 | { | ||
169 | return crypto_register_template(&crypto_ecb_tmpl); | ||
170 | } | ||
171 | |||
172 | static void __exit crypto_ecb_module_exit(void) | ||
173 | { | ||
174 | crypto_unregister_template(&crypto_ecb_tmpl); | ||
175 | } | ||
176 | |||
177 | module_init(crypto_ecb_module_init); | ||
178 | module_exit(crypto_ecb_module_exit); | ||
179 | |||
180 | MODULE_LICENSE("GPL"); | ||
181 | MODULE_DESCRIPTION("ECB block cipher algorithm"); | ||
diff --git a/crypto/hash.c b/crypto/hash.c new file mode 100644 index 000000000000..cdec23d885fe --- /dev/null +++ b/crypto/hash.c | |||
@@ -0,0 +1,61 @@ | |||
1 | /* | ||
2 | * Cryptographic Hash operations. | ||
3 | * | ||
4 | * Copyright (c) 2006 Herbert Xu <herbert@gondor.apana.org.au> | ||
5 | * | ||
6 | * This program is free software; you can redistribute it and/or modify it | ||
7 | * under the terms of the GNU General Public License as published by the Free | ||
8 | * Software Foundation; either version 2 of the License, or (at your option) | ||
9 | * any later version. | ||
10 | */ | ||
11 | |||
12 | #include <linux/errno.h> | ||
13 | #include <linux/kernel.h> | ||
14 | #include <linux/module.h> | ||
15 | #include <linux/seq_file.h> | ||
16 | |||
17 | #include "internal.h" | ||
18 | |||
19 | static unsigned int crypto_hash_ctxsize(struct crypto_alg *alg) | ||
20 | { | ||
21 | return alg->cra_ctxsize; | ||
22 | } | ||
23 | |||
24 | static int crypto_init_hash_ops(struct crypto_tfm *tfm) | ||
25 | { | ||
26 | struct hash_tfm *crt = &tfm->crt_hash; | ||
27 | struct hash_alg *alg = &tfm->__crt_alg->cra_hash; | ||
28 | |||
29 | if (alg->digestsize > crypto_tfm_alg_blocksize(tfm)) | ||
30 | return -EINVAL; | ||
31 | |||
32 | crt->init = alg->init; | ||
33 | crt->update = alg->update; | ||
34 | crt->final = alg->final; | ||
35 | crt->digest = alg->digest; | ||
36 | crt->setkey = alg->setkey; | ||
37 | crt->digestsize = alg->digestsize; | ||
38 | |||
39 | return 0; | ||
40 | } | ||
41 | |||
42 | static void crypto_hash_show(struct seq_file *m, struct crypto_alg *alg) | ||
43 | __attribute_used__; | ||
44 | static void crypto_hash_show(struct seq_file *m, struct crypto_alg *alg) | ||
45 | { | ||
46 | seq_printf(m, "type : hash\n"); | ||
47 | seq_printf(m, "blocksize : %u\n", alg->cra_blocksize); | ||
48 | seq_printf(m, "digestsize : %u\n", alg->cra_hash.digestsize); | ||
49 | } | ||
50 | |||
51 | const struct crypto_type crypto_hash_type = { | ||
52 | .ctxsize = crypto_hash_ctxsize, | ||
53 | .init = crypto_init_hash_ops, | ||
54 | #ifdef CONFIG_PROC_FS | ||
55 | .show = crypto_hash_show, | ||
56 | #endif | ||
57 | }; | ||
58 | EXPORT_SYMBOL_GPL(crypto_hash_type); | ||
59 | |||
60 | MODULE_LICENSE("GPL"); | ||
61 | MODULE_DESCRIPTION("Generic cryptographic hash type"); | ||
diff --git a/crypto/hmac.c b/crypto/hmac.c index 46120dee5ada..f403b6946047 100644 --- a/crypto/hmac.c +++ b/crypto/hmac.c | |||
@@ -4,121 +4,249 @@ | |||
4 | * HMAC: Keyed-Hashing for Message Authentication (RFC2104). | 4 | * HMAC: Keyed-Hashing for Message Authentication (RFC2104). |
5 | * | 5 | * |
6 | * Copyright (c) 2002 James Morris <jmorris@intercode.com.au> | 6 | * Copyright (c) 2002 James Morris <jmorris@intercode.com.au> |
7 | * Copyright (c) 2006 Herbert Xu <herbert@gondor.apana.org.au> | ||
7 | * | 8 | * |
8 | * The HMAC implementation is derived from USAGI. | 9 | * The HMAC implementation is derived from USAGI. |
9 | * Copyright (c) 2002 Kazunori Miyazawa <miyazawa@linux-ipv6.org> / USAGI | 10 | * Copyright (c) 2002 Kazunori Miyazawa <miyazawa@linux-ipv6.org> / USAGI |
10 | * | 11 | * |
11 | * This program is free software; you can redistribute it and/or modify it | 12 | * This program is free software; you can redistribute it and/or modify it |
12 | * under the terms of the GNU General Public License as published by the Free | 13 | * under the terms of the GNU General Public License as published by the Free |
13 | * Software Foundation; either version 2 of the License, or (at your option) | 14 | * Software Foundation; either version 2 of the License, or (at your option) |
14 | * any later version. | 15 | * any later version. |
15 | * | 16 | * |
16 | */ | 17 | */ |
17 | #include <linux/crypto.h> | 18 | |
18 | #include <linux/mm.h> | 19 | #include <crypto/algapi.h> |
19 | #include <linux/highmem.h> | 20 | #include <linux/err.h> |
20 | #include <linux/slab.h> | 21 | #include <linux/init.h> |
22 | #include <linux/kernel.h> | ||
23 | #include <linux/module.h> | ||
21 | #include <linux/scatterlist.h> | 24 | #include <linux/scatterlist.h> |
22 | #include "internal.h" | 25 | #include <linux/slab.h> |
26 | #include <linux/string.h> | ||
23 | 27 | ||
24 | static void hash_key(struct crypto_tfm *tfm, u8 *key, unsigned int keylen) | 28 | struct hmac_ctx { |
29 | struct crypto_hash *child; | ||
30 | }; | ||
31 | |||
32 | static inline void *align_ptr(void *p, unsigned int align) | ||
25 | { | 33 | { |
26 | struct scatterlist tmp; | 34 | return (void *)ALIGN((unsigned long)p, align); |
27 | |||
28 | sg_set_buf(&tmp, key, keylen); | ||
29 | crypto_digest_digest(tfm, &tmp, 1, key); | ||
30 | } | 35 | } |
31 | 36 | ||
32 | int crypto_alloc_hmac_block(struct crypto_tfm *tfm) | 37 | static inline struct hmac_ctx *hmac_ctx(struct crypto_hash *tfm) |
33 | { | 38 | { |
34 | int ret = 0; | 39 | return align_ptr(crypto_hash_ctx_aligned(tfm) + |
40 | crypto_hash_blocksize(tfm) * 2 + | ||
41 | crypto_hash_digestsize(tfm), sizeof(void *)); | ||
42 | } | ||
43 | |||
44 | static int hmac_setkey(struct crypto_hash *parent, | ||
45 | const u8 *inkey, unsigned int keylen) | ||
46 | { | ||
47 | int bs = crypto_hash_blocksize(parent); | ||
48 | int ds = crypto_hash_digestsize(parent); | ||
49 | char *ipad = crypto_hash_ctx_aligned(parent); | ||
50 | char *opad = ipad + bs; | ||
51 | char *digest = opad + bs; | ||
52 | struct hmac_ctx *ctx = align_ptr(digest + ds, sizeof(void *)); | ||
53 | struct crypto_hash *tfm = ctx->child; | ||
54 | unsigned int i; | ||
55 | |||
56 | if (keylen > bs) { | ||
57 | struct hash_desc desc; | ||
58 | struct scatterlist tmp; | ||
59 | int err; | ||
60 | |||
61 | desc.tfm = tfm; | ||
62 | desc.flags = crypto_hash_get_flags(parent); | ||
63 | desc.flags &= CRYPTO_TFM_REQ_MAY_SLEEP; | ||
64 | sg_set_buf(&tmp, inkey, keylen); | ||
35 | 65 | ||
36 | BUG_ON(!crypto_tfm_alg_blocksize(tfm)); | 66 | err = crypto_hash_digest(&desc, &tmp, keylen, digest); |
37 | 67 | if (err) | |
38 | tfm->crt_digest.dit_hmac_block = kmalloc(crypto_tfm_alg_blocksize(tfm), | 68 | return err; |
39 | GFP_KERNEL); | ||
40 | if (tfm->crt_digest.dit_hmac_block == NULL) | ||
41 | ret = -ENOMEM; | ||
42 | 69 | ||
43 | return ret; | 70 | inkey = digest; |
44 | 71 | keylen = ds; | |
72 | } | ||
73 | |||
74 | memcpy(ipad, inkey, keylen); | ||
75 | memset(ipad + keylen, 0, bs - keylen); | ||
76 | memcpy(opad, ipad, bs); | ||
77 | |||
78 | for (i = 0; i < bs; i++) { | ||
79 | ipad[i] ^= 0x36; | ||
80 | opad[i] ^= 0x5c; | ||
81 | } | ||
82 | |||
83 | return 0; | ||
45 | } | 84 | } |
46 | 85 | ||
47 | void crypto_free_hmac_block(struct crypto_tfm *tfm) | 86 | static int hmac_init(struct hash_desc *pdesc) |
48 | { | 87 | { |
49 | kfree(tfm->crt_digest.dit_hmac_block); | 88 | struct crypto_hash *parent = pdesc->tfm; |
89 | int bs = crypto_hash_blocksize(parent); | ||
90 | int ds = crypto_hash_digestsize(parent); | ||
91 | char *ipad = crypto_hash_ctx_aligned(parent); | ||
92 | struct hmac_ctx *ctx = align_ptr(ipad + bs * 2 + ds, sizeof(void *)); | ||
93 | struct hash_desc desc; | ||
94 | struct scatterlist tmp; | ||
95 | |||
96 | desc.tfm = ctx->child; | ||
97 | desc.flags = pdesc->flags & CRYPTO_TFM_REQ_MAY_SLEEP; | ||
98 | sg_set_buf(&tmp, ipad, bs); | ||
99 | |||
100 | return unlikely(crypto_hash_init(&desc)) ?: | ||
101 | crypto_hash_update(&desc, &tmp, 1); | ||
50 | } | 102 | } |
51 | 103 | ||
52 | void crypto_hmac_init(struct crypto_tfm *tfm, u8 *key, unsigned int *keylen) | 104 | static int hmac_update(struct hash_desc *pdesc, |
105 | struct scatterlist *sg, unsigned int nbytes) | ||
53 | { | 106 | { |
54 | unsigned int i; | 107 | struct hmac_ctx *ctx = hmac_ctx(pdesc->tfm); |
108 | struct hash_desc desc; | ||
109 | |||
110 | desc.tfm = ctx->child; | ||
111 | desc.flags = pdesc->flags & CRYPTO_TFM_REQ_MAY_SLEEP; | ||
112 | |||
113 | return crypto_hash_update(&desc, sg, nbytes); | ||
114 | } | ||
115 | |||
116 | static int hmac_final(struct hash_desc *pdesc, u8 *out) | ||
117 | { | ||
118 | struct crypto_hash *parent = pdesc->tfm; | ||
119 | int bs = crypto_hash_blocksize(parent); | ||
120 | int ds = crypto_hash_digestsize(parent); | ||
121 | char *opad = crypto_hash_ctx_aligned(parent) + bs; | ||
122 | char *digest = opad + bs; | ||
123 | struct hmac_ctx *ctx = align_ptr(digest + ds, sizeof(void *)); | ||
124 | struct hash_desc desc; | ||
55 | struct scatterlist tmp; | 125 | struct scatterlist tmp; |
56 | char *ipad = tfm->crt_digest.dit_hmac_block; | ||
57 | |||
58 | if (*keylen > crypto_tfm_alg_blocksize(tfm)) { | ||
59 | hash_key(tfm, key, *keylen); | ||
60 | *keylen = crypto_tfm_alg_digestsize(tfm); | ||
61 | } | ||
62 | 126 | ||
63 | memset(ipad, 0, crypto_tfm_alg_blocksize(tfm)); | 127 | desc.tfm = ctx->child; |
64 | memcpy(ipad, key, *keylen); | 128 | desc.flags = pdesc->flags & CRYPTO_TFM_REQ_MAY_SLEEP; |
129 | sg_set_buf(&tmp, opad, bs + ds); | ||
65 | 130 | ||
66 | for (i = 0; i < crypto_tfm_alg_blocksize(tfm); i++) | 131 | return unlikely(crypto_hash_final(&desc, digest)) ?: |
67 | ipad[i] ^= 0x36; | 132 | crypto_hash_digest(&desc, &tmp, bs + ds, out); |
133 | } | ||
68 | 134 | ||
69 | sg_set_buf(&tmp, ipad, crypto_tfm_alg_blocksize(tfm)); | 135 | static int hmac_digest(struct hash_desc *pdesc, struct scatterlist *sg, |
70 | 136 | unsigned int nbytes, u8 *out) | |
71 | crypto_digest_init(tfm); | 137 | { |
72 | crypto_digest_update(tfm, &tmp, 1); | 138 | struct crypto_hash *parent = pdesc->tfm; |
139 | int bs = crypto_hash_blocksize(parent); | ||
140 | int ds = crypto_hash_digestsize(parent); | ||
141 | char *ipad = crypto_hash_ctx_aligned(parent); | ||
142 | char *opad = ipad + bs; | ||
143 | char *digest = opad + bs; | ||
144 | struct hmac_ctx *ctx = align_ptr(digest + ds, sizeof(void *)); | ||
145 | struct hash_desc desc; | ||
146 | struct scatterlist sg1[2]; | ||
147 | struct scatterlist sg2[1]; | ||
148 | |||
149 | desc.tfm = ctx->child; | ||
150 | desc.flags = pdesc->flags & CRYPTO_TFM_REQ_MAY_SLEEP; | ||
151 | |||
152 | sg_set_buf(sg1, ipad, bs); | ||
153 | sg1[1].page = (void *)sg; | ||
154 | sg1[1].length = 0; | ||
155 | sg_set_buf(sg2, opad, bs + ds); | ||
156 | |||
157 | return unlikely(crypto_hash_digest(&desc, sg1, nbytes + bs, digest)) ?: | ||
158 | crypto_hash_digest(&desc, sg2, bs + ds, out); | ||
73 | } | 159 | } |
74 | 160 | ||
75 | void crypto_hmac_update(struct crypto_tfm *tfm, | 161 | static int hmac_init_tfm(struct crypto_tfm *tfm) |
76 | struct scatterlist *sg, unsigned int nsg) | ||
77 | { | 162 | { |
78 | crypto_digest_update(tfm, sg, nsg); | 163 | struct crypto_instance *inst = (void *)tfm->__crt_alg; |
164 | struct crypto_spawn *spawn = crypto_instance_ctx(inst); | ||
165 | struct hmac_ctx *ctx = hmac_ctx(__crypto_hash_cast(tfm)); | ||
166 | |||
167 | tfm = crypto_spawn_tfm(spawn); | ||
168 | if (IS_ERR(tfm)) | ||
169 | return PTR_ERR(tfm); | ||
170 | |||
171 | ctx->child = crypto_hash_cast(tfm); | ||
172 | return 0; | ||
79 | } | 173 | } |
80 | 174 | ||
81 | void crypto_hmac_final(struct crypto_tfm *tfm, u8 *key, | 175 | static void hmac_exit_tfm(struct crypto_tfm *tfm) |
82 | unsigned int *keylen, u8 *out) | ||
83 | { | 176 | { |
84 | unsigned int i; | 177 | struct hmac_ctx *ctx = hmac_ctx(__crypto_hash_cast(tfm)); |
85 | struct scatterlist tmp; | 178 | crypto_free_hash(ctx->child); |
86 | char *opad = tfm->crt_digest.dit_hmac_block; | 179 | } |
87 | |||
88 | if (*keylen > crypto_tfm_alg_blocksize(tfm)) { | ||
89 | hash_key(tfm, key, *keylen); | ||
90 | *keylen = crypto_tfm_alg_digestsize(tfm); | ||
91 | } | ||
92 | 180 | ||
93 | crypto_digest_final(tfm, out); | 181 | static void hmac_free(struct crypto_instance *inst) |
182 | { | ||
183 | crypto_drop_spawn(crypto_instance_ctx(inst)); | ||
184 | kfree(inst); | ||
185 | } | ||
94 | 186 | ||
95 | memset(opad, 0, crypto_tfm_alg_blocksize(tfm)); | 187 | static struct crypto_instance *hmac_alloc(void *param, unsigned int len) |
96 | memcpy(opad, key, *keylen); | 188 | { |
97 | 189 | struct crypto_instance *inst; | |
98 | for (i = 0; i < crypto_tfm_alg_blocksize(tfm); i++) | 190 | struct crypto_alg *alg; |
99 | opad[i] ^= 0x5c; | 191 | |
192 | alg = crypto_get_attr_alg(param, len, CRYPTO_ALG_TYPE_HASH, | ||
193 | CRYPTO_ALG_TYPE_HASH_MASK | CRYPTO_ALG_ASYNC); | ||
194 | if (IS_ERR(alg)) | ||
195 | return ERR_PTR(PTR_ERR(alg)); | ||
196 | |||
197 | inst = crypto_alloc_instance("hmac", alg); | ||
198 | if (IS_ERR(inst)) | ||
199 | goto out_put_alg; | ||
200 | |||
201 | inst->alg.cra_flags = CRYPTO_ALG_TYPE_HASH; | ||
202 | inst->alg.cra_priority = alg->cra_priority; | ||
203 | inst->alg.cra_blocksize = alg->cra_blocksize; | ||
204 | inst->alg.cra_alignmask = alg->cra_alignmask; | ||
205 | inst->alg.cra_type = &crypto_hash_type; | ||
206 | |||
207 | inst->alg.cra_hash.digestsize = | ||
208 | (alg->cra_flags & CRYPTO_ALG_TYPE_MASK) == | ||
209 | CRYPTO_ALG_TYPE_HASH ? alg->cra_hash.digestsize : | ||
210 | alg->cra_digest.dia_digestsize; | ||
211 | |||
212 | inst->alg.cra_ctxsize = sizeof(struct hmac_ctx) + | ||
213 | ALIGN(inst->alg.cra_blocksize * 2 + | ||
214 | inst->alg.cra_hash.digestsize, | ||
215 | sizeof(void *)); | ||
216 | |||
217 | inst->alg.cra_init = hmac_init_tfm; | ||
218 | inst->alg.cra_exit = hmac_exit_tfm; | ||
219 | |||
220 | inst->alg.cra_hash.init = hmac_init; | ||
221 | inst->alg.cra_hash.update = hmac_update; | ||
222 | inst->alg.cra_hash.final = hmac_final; | ||
223 | inst->alg.cra_hash.digest = hmac_digest; | ||
224 | inst->alg.cra_hash.setkey = hmac_setkey; | ||
225 | |||
226 | out_put_alg: | ||
227 | crypto_mod_put(alg); | ||
228 | return inst; | ||
229 | } | ||
100 | 230 | ||
101 | sg_set_buf(&tmp, opad, crypto_tfm_alg_blocksize(tfm)); | 231 | static struct crypto_template hmac_tmpl = { |
232 | .name = "hmac", | ||
233 | .alloc = hmac_alloc, | ||
234 | .free = hmac_free, | ||
235 | .module = THIS_MODULE, | ||
236 | }; | ||
102 | 237 | ||
103 | crypto_digest_init(tfm); | 238 | static int __init hmac_module_init(void) |
104 | crypto_digest_update(tfm, &tmp, 1); | 239 | { |
105 | 240 | return crypto_register_template(&hmac_tmpl); | |
106 | sg_set_buf(&tmp, out, crypto_tfm_alg_digestsize(tfm)); | ||
107 | |||
108 | crypto_digest_update(tfm, &tmp, 1); | ||
109 | crypto_digest_final(tfm, out); | ||
110 | } | 241 | } |
111 | 242 | ||
112 | void crypto_hmac(struct crypto_tfm *tfm, u8 *key, unsigned int *keylen, | 243 | static void __exit hmac_module_exit(void) |
113 | struct scatterlist *sg, unsigned int nsg, u8 *out) | ||
114 | { | 244 | { |
115 | crypto_hmac_init(tfm, key, keylen); | 245 | crypto_unregister_template(&hmac_tmpl); |
116 | crypto_hmac_update(tfm, sg, nsg); | ||
117 | crypto_hmac_final(tfm, key, keylen, out); | ||
118 | } | 246 | } |
119 | 247 | ||
120 | EXPORT_SYMBOL_GPL(crypto_hmac_init); | 248 | module_init(hmac_module_init); |
121 | EXPORT_SYMBOL_GPL(crypto_hmac_update); | 249 | module_exit(hmac_module_exit); |
122 | EXPORT_SYMBOL_GPL(crypto_hmac_final); | ||
123 | EXPORT_SYMBOL_GPL(crypto_hmac); | ||
124 | 250 | ||
251 | MODULE_LICENSE("GPL"); | ||
252 | MODULE_DESCRIPTION("HMAC hash algorithm"); | ||
diff --git a/crypto/internal.h b/crypto/internal.h index 959e602909a6..2da6ad4f3593 100644 --- a/crypto/internal.h +++ b/crypto/internal.h | |||
@@ -12,19 +12,43 @@ | |||
12 | */ | 12 | */ |
13 | #ifndef _CRYPTO_INTERNAL_H | 13 | #ifndef _CRYPTO_INTERNAL_H |
14 | #define _CRYPTO_INTERNAL_H | 14 | #define _CRYPTO_INTERNAL_H |
15 | #include <linux/crypto.h> | 15 | |
16 | #include <crypto/algapi.h> | ||
17 | #include <linux/completion.h> | ||
16 | #include <linux/mm.h> | 18 | #include <linux/mm.h> |
17 | #include <linux/highmem.h> | 19 | #include <linux/highmem.h> |
18 | #include <linux/interrupt.h> | 20 | #include <linux/interrupt.h> |
19 | #include <linux/init.h> | 21 | #include <linux/init.h> |
20 | #include <linux/list.h> | 22 | #include <linux/list.h> |
23 | #include <linux/module.h> | ||
21 | #include <linux/kernel.h> | 24 | #include <linux/kernel.h> |
25 | #include <linux/notifier.h> | ||
22 | #include <linux/rwsem.h> | 26 | #include <linux/rwsem.h> |
23 | #include <linux/slab.h> | 27 | #include <linux/slab.h> |
24 | #include <asm/kmap_types.h> | 28 | #include <asm/kmap_types.h> |
25 | 29 | ||
30 | /* Crypto notification events. */ | ||
31 | enum { | ||
32 | CRYPTO_MSG_ALG_REQUEST, | ||
33 | CRYPTO_MSG_ALG_REGISTER, | ||
34 | CRYPTO_MSG_ALG_UNREGISTER, | ||
35 | CRYPTO_MSG_TMPL_REGISTER, | ||
36 | CRYPTO_MSG_TMPL_UNREGISTER, | ||
37 | }; | ||
38 | |||
39 | struct crypto_instance; | ||
40 | struct crypto_template; | ||
41 | |||
42 | struct crypto_larval { | ||
43 | struct crypto_alg alg; | ||
44 | struct crypto_alg *adult; | ||
45 | struct completion completion; | ||
46 | u32 mask; | ||
47 | }; | ||
48 | |||
26 | extern struct list_head crypto_alg_list; | 49 | extern struct list_head crypto_alg_list; |
27 | extern struct rw_semaphore crypto_alg_sem; | 50 | extern struct rw_semaphore crypto_alg_sem; |
51 | extern struct blocking_notifier_head crypto_chain; | ||
28 | 52 | ||
29 | extern enum km_type crypto_km_types[]; | 53 | extern enum km_type crypto_km_types[]; |
30 | 54 | ||
@@ -43,36 +67,33 @@ static inline void crypto_kunmap(void *vaddr, int out) | |||
43 | kunmap_atomic(vaddr, crypto_kmap_type(out)); | 67 | kunmap_atomic(vaddr, crypto_kmap_type(out)); |
44 | } | 68 | } |
45 | 69 | ||
46 | static inline void crypto_yield(struct crypto_tfm *tfm) | 70 | static inline void crypto_yield(u32 flags) |
47 | { | 71 | { |
48 | if (tfm->crt_flags & CRYPTO_TFM_REQ_MAY_SLEEP) | 72 | if (flags & CRYPTO_TFM_REQ_MAY_SLEEP) |
49 | cond_resched(); | 73 | cond_resched(); |
50 | } | 74 | } |
51 | 75 | ||
52 | #ifdef CONFIG_CRYPTO_HMAC | ||
53 | int crypto_alloc_hmac_block(struct crypto_tfm *tfm); | ||
54 | void crypto_free_hmac_block(struct crypto_tfm *tfm); | ||
55 | #else | ||
56 | static inline int crypto_alloc_hmac_block(struct crypto_tfm *tfm) | ||
57 | { | ||
58 | return 0; | ||
59 | } | ||
60 | |||
61 | static inline void crypto_free_hmac_block(struct crypto_tfm *tfm) | ||
62 | { } | ||
63 | #endif | ||
64 | |||
65 | #ifdef CONFIG_PROC_FS | 76 | #ifdef CONFIG_PROC_FS |
66 | void __init crypto_init_proc(void); | 77 | void __init crypto_init_proc(void); |
78 | void __exit crypto_exit_proc(void); | ||
67 | #else | 79 | #else |
68 | static inline void crypto_init_proc(void) | 80 | static inline void crypto_init_proc(void) |
69 | { } | 81 | { } |
82 | static inline void crypto_exit_proc(void) | ||
83 | { } | ||
70 | #endif | 84 | #endif |
71 | 85 | ||
72 | static inline unsigned int crypto_digest_ctxsize(struct crypto_alg *alg, | 86 | static inline unsigned int crypto_digest_ctxsize(struct crypto_alg *alg, |
73 | int flags) | 87 | int flags) |
74 | { | 88 | { |
75 | return alg->cra_ctxsize; | 89 | unsigned int len = alg->cra_ctxsize; |
90 | |||
91 | if (alg->cra_alignmask) { | ||
92 | len = ALIGN(len, (unsigned long)alg->cra_alignmask + 1); | ||
93 | len += alg->cra_digest.dia_digestsize; | ||
94 | } | ||
95 | |||
96 | return len; | ||
76 | } | 97 | } |
77 | 98 | ||
78 | static inline unsigned int crypto_cipher_ctxsize(struct crypto_alg *alg, | 99 | static inline unsigned int crypto_cipher_ctxsize(struct crypto_alg *alg, |
@@ -96,6 +117,10 @@ static inline unsigned int crypto_compress_ctxsize(struct crypto_alg *alg, | |||
96 | return alg->cra_ctxsize; | 117 | return alg->cra_ctxsize; |
97 | } | 118 | } |
98 | 119 | ||
120 | struct crypto_alg *crypto_mod_get(struct crypto_alg *alg); | ||
121 | struct crypto_alg *__crypto_alg_lookup(const char *name, u32 type, u32 mask); | ||
122 | struct crypto_alg *crypto_alg_mod_lookup(const char *name, u32 type, u32 mask); | ||
123 | |||
99 | int crypto_init_digest_flags(struct crypto_tfm *tfm, u32 flags); | 124 | int crypto_init_digest_flags(struct crypto_tfm *tfm, u32 flags); |
100 | int crypto_init_cipher_flags(struct crypto_tfm *tfm, u32 flags); | 125 | int crypto_init_cipher_flags(struct crypto_tfm *tfm, u32 flags); |
101 | int crypto_init_compress_flags(struct crypto_tfm *tfm, u32 flags); | 126 | int crypto_init_compress_flags(struct crypto_tfm *tfm, u32 flags); |
@@ -108,5 +133,52 @@ void crypto_exit_digest_ops(struct crypto_tfm *tfm); | |||
108 | void crypto_exit_cipher_ops(struct crypto_tfm *tfm); | 133 | void crypto_exit_cipher_ops(struct crypto_tfm *tfm); |
109 | void crypto_exit_compress_ops(struct crypto_tfm *tfm); | 134 | void crypto_exit_compress_ops(struct crypto_tfm *tfm); |
110 | 135 | ||
136 | void crypto_larval_error(const char *name, u32 type, u32 mask); | ||
137 | |||
138 | void crypto_shoot_alg(struct crypto_alg *alg); | ||
139 | struct crypto_tfm *__crypto_alloc_tfm(struct crypto_alg *alg, u32 flags); | ||
140 | |||
141 | int crypto_register_instance(struct crypto_template *tmpl, | ||
142 | struct crypto_instance *inst); | ||
143 | |||
144 | int crypto_register_notifier(struct notifier_block *nb); | ||
145 | int crypto_unregister_notifier(struct notifier_block *nb); | ||
146 | |||
147 | static inline void crypto_alg_put(struct crypto_alg *alg) | ||
148 | { | ||
149 | if (atomic_dec_and_test(&alg->cra_refcnt) && alg->cra_destroy) | ||
150 | alg->cra_destroy(alg); | ||
151 | } | ||
152 | |||
153 | static inline int crypto_tmpl_get(struct crypto_template *tmpl) | ||
154 | { | ||
155 | return try_module_get(tmpl->module); | ||
156 | } | ||
157 | |||
158 | static inline void crypto_tmpl_put(struct crypto_template *tmpl) | ||
159 | { | ||
160 | module_put(tmpl->module); | ||
161 | } | ||
162 | |||
163 | static inline int crypto_is_larval(struct crypto_alg *alg) | ||
164 | { | ||
165 | return alg->cra_flags & CRYPTO_ALG_LARVAL; | ||
166 | } | ||
167 | |||
168 | static inline int crypto_is_dead(struct crypto_alg *alg) | ||
169 | { | ||
170 | return alg->cra_flags & CRYPTO_ALG_DEAD; | ||
171 | } | ||
172 | |||
173 | static inline int crypto_is_moribund(struct crypto_alg *alg) | ||
174 | { | ||
175 | return alg->cra_flags & (CRYPTO_ALG_DEAD | CRYPTO_ALG_DYING); | ||
176 | } | ||
177 | |||
178 | static inline int crypto_notify(unsigned long val, void *v) | ||
179 | { | ||
180 | return blocking_notifier_call_chain(&crypto_chain, val, v); | ||
181 | } | ||
182 | |||
111 | #endif /* _CRYPTO_INTERNAL_H */ | 183 | #endif /* _CRYPTO_INTERNAL_H */ |
112 | 184 | ||
diff --git a/crypto/khazad.c b/crypto/khazad.c index d4c9d3657b36..9fa24a2dd6ff 100644 --- a/crypto/khazad.c +++ b/crypto/khazad.c | |||
@@ -755,19 +755,13 @@ static const u64 c[KHAZAD_ROUNDS + 1] = { | |||
755 | }; | 755 | }; |
756 | 756 | ||
757 | static int khazad_setkey(struct crypto_tfm *tfm, const u8 *in_key, | 757 | static int khazad_setkey(struct crypto_tfm *tfm, const u8 *in_key, |
758 | unsigned int key_len, u32 *flags) | 758 | unsigned int key_len) |
759 | { | 759 | { |
760 | struct khazad_ctx *ctx = crypto_tfm_ctx(tfm); | 760 | struct khazad_ctx *ctx = crypto_tfm_ctx(tfm); |
761 | const __be32 *key = (const __be32 *)in_key; | 761 | const __be32 *key = (const __be32 *)in_key; |
762 | int r; | 762 | int r; |
763 | const u64 *S = T7; | 763 | const u64 *S = T7; |
764 | u64 K2, K1; | 764 | u64 K2, K1; |
765 | |||
766 | if (key_len != 16) | ||
767 | { | ||
768 | *flags |= CRYPTO_TFM_RES_BAD_KEY_LEN; | ||
769 | return -EINVAL; | ||
770 | } | ||
771 | 765 | ||
772 | /* key is supposed to be 32-bit aligned */ | 766 | /* key is supposed to be 32-bit aligned */ |
773 | K2 = ((u64)be32_to_cpu(key[0]) << 32) | be32_to_cpu(key[1]); | 767 | K2 = ((u64)be32_to_cpu(key[0]) << 32) | be32_to_cpu(key[1]); |
diff --git a/crypto/michael_mic.c b/crypto/michael_mic.c index d061da21cfda..094397b48849 100644 --- a/crypto/michael_mic.c +++ b/crypto/michael_mic.c | |||
@@ -123,14 +123,13 @@ static void michael_final(struct crypto_tfm *tfm, u8 *out) | |||
123 | 123 | ||
124 | 124 | ||
125 | static int michael_setkey(struct crypto_tfm *tfm, const u8 *key, | 125 | static int michael_setkey(struct crypto_tfm *tfm, const u8 *key, |
126 | unsigned int keylen, u32 *flags) | 126 | unsigned int keylen) |
127 | { | 127 | { |
128 | struct michael_mic_ctx *mctx = crypto_tfm_ctx(tfm); | 128 | struct michael_mic_ctx *mctx = crypto_tfm_ctx(tfm); |
129 | const __le32 *data = (const __le32 *)key; | 129 | const __le32 *data = (const __le32 *)key; |
130 | 130 | ||
131 | if (keylen != 8) { | 131 | if (keylen != 8) { |
132 | if (flags) | 132 | tfm->crt_flags |= CRYPTO_TFM_RES_BAD_KEY_LEN; |
133 | *flags = CRYPTO_TFM_RES_BAD_KEY_LEN; | ||
134 | return -EINVAL; | 133 | return -EINVAL; |
135 | } | 134 | } |
136 | 135 | ||
diff --git a/crypto/proc.c b/crypto/proc.c index c0a5dd7ce2cc..dabce0676f63 100644 --- a/crypto/proc.c +++ b/crypto/proc.c | |||
@@ -12,6 +12,8 @@ | |||
12 | * any later version. | 12 | * any later version. |
13 | * | 13 | * |
14 | */ | 14 | */ |
15 | |||
16 | #include <asm/atomic.h> | ||
15 | #include <linux/init.h> | 17 | #include <linux/init.h> |
16 | #include <linux/crypto.h> | 18 | #include <linux/crypto.h> |
17 | #include <linux/rwsem.h> | 19 | #include <linux/rwsem.h> |
@@ -54,6 +56,7 @@ static int c_show(struct seq_file *m, void *p) | |||
54 | seq_printf(m, "driver : %s\n", alg->cra_driver_name); | 56 | seq_printf(m, "driver : %s\n", alg->cra_driver_name); |
55 | seq_printf(m, "module : %s\n", module_name(alg->cra_module)); | 57 | seq_printf(m, "module : %s\n", module_name(alg->cra_module)); |
56 | seq_printf(m, "priority : %d\n", alg->cra_priority); | 58 | seq_printf(m, "priority : %d\n", alg->cra_priority); |
59 | seq_printf(m, "refcnt : %d\n", atomic_read(&alg->cra_refcnt)); | ||
57 | 60 | ||
58 | switch (alg->cra_flags & CRYPTO_ALG_TYPE_MASK) { | 61 | switch (alg->cra_flags & CRYPTO_ALG_TYPE_MASK) { |
59 | case CRYPTO_ALG_TYPE_CIPHER: | 62 | case CRYPTO_ALG_TYPE_CIPHER: |
@@ -75,7 +78,10 @@ static int c_show(struct seq_file *m, void *p) | |||
75 | seq_printf(m, "type : compression\n"); | 78 | seq_printf(m, "type : compression\n"); |
76 | break; | 79 | break; |
77 | default: | 80 | default: |
78 | seq_printf(m, "type : unknown\n"); | 81 | if (alg->cra_type && alg->cra_type->show) |
82 | alg->cra_type->show(m, alg); | ||
83 | else | ||
84 | seq_printf(m, "type : unknown\n"); | ||
79 | break; | 85 | break; |
80 | } | 86 | } |
81 | 87 | ||
@@ -110,3 +116,8 @@ void __init crypto_init_proc(void) | |||
110 | if (proc) | 116 | if (proc) |
111 | proc->proc_fops = &proc_crypto_ops; | 117 | proc->proc_fops = &proc_crypto_ops; |
112 | } | 118 | } |
119 | |||
120 | void __exit crypto_exit_proc(void) | ||
121 | { | ||
122 | remove_proc_entry("crypto", NULL); | ||
123 | } | ||
diff --git a/crypto/scatterwalk.c b/crypto/scatterwalk.c index 2953e2cc56f0..35172d3f043b 100644 --- a/crypto/scatterwalk.c +++ b/crypto/scatterwalk.c | |||
@@ -15,9 +15,11 @@ | |||
15 | */ | 15 | */ |
16 | #include <linux/kernel.h> | 16 | #include <linux/kernel.h> |
17 | #include <linux/mm.h> | 17 | #include <linux/mm.h> |
18 | #include <linux/module.h> | ||
18 | #include <linux/pagemap.h> | 19 | #include <linux/pagemap.h> |
19 | #include <linux/highmem.h> | 20 | #include <linux/highmem.h> |
20 | #include <asm/scatterlist.h> | 21 | #include <linux/scatterlist.h> |
22 | |||
21 | #include "internal.h" | 23 | #include "internal.h" |
22 | #include "scatterwalk.h" | 24 | #include "scatterwalk.h" |
23 | 25 | ||
@@ -27,88 +29,77 @@ enum km_type crypto_km_types[] = { | |||
27 | KM_SOFTIRQ0, | 29 | KM_SOFTIRQ0, |
28 | KM_SOFTIRQ1, | 30 | KM_SOFTIRQ1, |
29 | }; | 31 | }; |
32 | EXPORT_SYMBOL_GPL(crypto_km_types); | ||
30 | 33 | ||
31 | static void memcpy_dir(void *buf, void *sgdata, size_t nbytes, int out) | 34 | static inline void memcpy_dir(void *buf, void *sgdata, size_t nbytes, int out) |
32 | { | 35 | { |
33 | if (out) | 36 | void *src = out ? buf : sgdata; |
34 | memcpy(sgdata, buf, nbytes); | 37 | void *dst = out ? sgdata : buf; |
35 | else | 38 | |
36 | memcpy(buf, sgdata, nbytes); | 39 | memcpy(dst, src, nbytes); |
37 | } | 40 | } |
38 | 41 | ||
39 | void scatterwalk_start(struct scatter_walk *walk, struct scatterlist *sg) | 42 | void scatterwalk_start(struct scatter_walk *walk, struct scatterlist *sg) |
40 | { | 43 | { |
41 | unsigned int rest_of_page; | ||
42 | |||
43 | walk->sg = sg; | 44 | walk->sg = sg; |
44 | 45 | ||
45 | walk->page = sg->page; | ||
46 | walk->len_this_segment = sg->length; | ||
47 | |||
48 | BUG_ON(!sg->length); | 46 | BUG_ON(!sg->length); |
49 | 47 | ||
50 | rest_of_page = PAGE_CACHE_SIZE - (sg->offset & (PAGE_CACHE_SIZE - 1)); | ||
51 | walk->len_this_page = min(sg->length, rest_of_page); | ||
52 | walk->offset = sg->offset; | 48 | walk->offset = sg->offset; |
53 | } | 49 | } |
50 | EXPORT_SYMBOL_GPL(scatterwalk_start); | ||
54 | 51 | ||
55 | void scatterwalk_map(struct scatter_walk *walk, int out) | 52 | void *scatterwalk_map(struct scatter_walk *walk, int out) |
56 | { | ||
57 | walk->data = crypto_kmap(walk->page, out) + walk->offset; | ||
58 | } | ||
59 | |||
60 | static inline void scatterwalk_unmap(struct scatter_walk *walk, int out) | ||
61 | { | 53 | { |
62 | /* walk->data may be pointing the first byte of the next page; | 54 | return crypto_kmap(scatterwalk_page(walk), out) + |
63 | however, we know we transfered at least one byte. So, | 55 | offset_in_page(walk->offset); |
64 | walk->data - 1 will be a virtual address in the mapped page. */ | ||
65 | crypto_kunmap(walk->data - 1, out); | ||
66 | } | 56 | } |
57 | EXPORT_SYMBOL_GPL(scatterwalk_map); | ||
67 | 58 | ||
68 | static void scatterwalk_pagedone(struct scatter_walk *walk, int out, | 59 | static void scatterwalk_pagedone(struct scatter_walk *walk, int out, |
69 | unsigned int more) | 60 | unsigned int more) |
70 | { | 61 | { |
71 | if (out) | 62 | if (out) |
72 | flush_dcache_page(walk->page); | 63 | flush_dcache_page(scatterwalk_page(walk)); |
73 | 64 | ||
74 | if (more) { | 65 | if (more) { |
75 | walk->len_this_segment -= walk->len_this_page; | 66 | walk->offset += PAGE_SIZE - 1; |
76 | 67 | walk->offset &= PAGE_MASK; | |
77 | if (walk->len_this_segment) { | 68 | if (walk->offset >= walk->sg->offset + walk->sg->length) |
78 | walk->page++; | ||
79 | walk->len_this_page = min(walk->len_this_segment, | ||
80 | (unsigned)PAGE_CACHE_SIZE); | ||
81 | walk->offset = 0; | ||
82 | } | ||
83 | else | ||
84 | scatterwalk_start(walk, sg_next(walk->sg)); | 69 | scatterwalk_start(walk, sg_next(walk->sg)); |
85 | } | 70 | } |
86 | } | 71 | } |
87 | 72 | ||
88 | void scatterwalk_done(struct scatter_walk *walk, int out, int more) | 73 | void scatterwalk_done(struct scatter_walk *walk, int out, int more) |
89 | { | 74 | { |
90 | scatterwalk_unmap(walk, out); | 75 | if (!offset_in_page(walk->offset) || !more) |
91 | if (walk->len_this_page == 0 || !more) | ||
92 | scatterwalk_pagedone(walk, out, more); | 76 | scatterwalk_pagedone(walk, out, more); |
93 | } | 77 | } |
78 | EXPORT_SYMBOL_GPL(scatterwalk_done); | ||
94 | 79 | ||
95 | /* | 80 | void scatterwalk_copychunks(void *buf, struct scatter_walk *walk, |
96 | * Do not call this unless the total length of all of the fragments | 81 | size_t nbytes, int out) |
97 | * has been verified as multiple of the block size. | ||
98 | */ | ||
99 | int scatterwalk_copychunks(void *buf, struct scatter_walk *walk, | ||
100 | size_t nbytes, int out) | ||
101 | { | 82 | { |
102 | while (nbytes > walk->len_this_page) { | 83 | for (;;) { |
103 | memcpy_dir(buf, walk->data, walk->len_this_page, out); | 84 | unsigned int len_this_page = scatterwalk_pagelen(walk); |
104 | buf += walk->len_this_page; | 85 | u8 *vaddr; |
105 | nbytes -= walk->len_this_page; | 86 | |
87 | if (len_this_page > nbytes) | ||
88 | len_this_page = nbytes; | ||
89 | |||
90 | vaddr = scatterwalk_map(walk, out); | ||
91 | memcpy_dir(buf, vaddr, len_this_page, out); | ||
92 | scatterwalk_unmap(vaddr, out); | ||
93 | |||
94 | if (nbytes == len_this_page) | ||
95 | break; | ||
96 | |||
97 | buf += len_this_page; | ||
98 | nbytes -= len_this_page; | ||
106 | 99 | ||
107 | scatterwalk_unmap(walk, out); | ||
108 | scatterwalk_pagedone(walk, out, 1); | 100 | scatterwalk_pagedone(walk, out, 1); |
109 | scatterwalk_map(walk, out); | ||
110 | } | 101 | } |
111 | 102 | ||
112 | memcpy_dir(buf, walk->data, nbytes, out); | 103 | scatterwalk_advance(walk, nbytes); |
113 | return nbytes; | ||
114 | } | 104 | } |
105 | EXPORT_SYMBOL_GPL(scatterwalk_copychunks); | ||
diff --git a/crypto/scatterwalk.h b/crypto/scatterwalk.h index e79925c474a3..f1592cc2d0f4 100644 --- a/crypto/scatterwalk.h +++ b/crypto/scatterwalk.h | |||
@@ -14,45 +14,42 @@ | |||
14 | 14 | ||
15 | #ifndef _CRYPTO_SCATTERWALK_H | 15 | #ifndef _CRYPTO_SCATTERWALK_H |
16 | #define _CRYPTO_SCATTERWALK_H | 16 | #define _CRYPTO_SCATTERWALK_H |
17 | |||
17 | #include <linux/mm.h> | 18 | #include <linux/mm.h> |
18 | #include <asm/scatterlist.h> | 19 | #include <linux/scatterlist.h> |
19 | 20 | ||
20 | struct scatter_walk { | 21 | #include "internal.h" |
21 | struct scatterlist *sg; | ||
22 | struct page *page; | ||
23 | void *data; | ||
24 | unsigned int len_this_page; | ||
25 | unsigned int len_this_segment; | ||
26 | unsigned int offset; | ||
27 | }; | ||
28 | 22 | ||
29 | /* Define sg_next is an inline routine now in case we want to change | ||
30 | scatterlist to a linked list later. */ | ||
31 | static inline struct scatterlist *sg_next(struct scatterlist *sg) | 23 | static inline struct scatterlist *sg_next(struct scatterlist *sg) |
32 | { | 24 | { |
33 | return sg + 1; | 25 | return (++sg)->length ? sg : (void *)sg->page; |
34 | } | 26 | } |
35 | 27 | ||
36 | static inline int scatterwalk_samebuf(struct scatter_walk *walk_in, | 28 | static inline unsigned long scatterwalk_samebuf(struct scatter_walk *walk_in, |
37 | struct scatter_walk *walk_out) | 29 | struct scatter_walk *walk_out) |
38 | { | 30 | { |
39 | return walk_in->page == walk_out->page && | 31 | return !(((walk_in->sg->page - walk_out->sg->page) << PAGE_SHIFT) + |
40 | walk_in->offset == walk_out->offset; | 32 | (int)(walk_in->offset - walk_out->offset)); |
33 | } | ||
34 | |||
35 | static inline unsigned int scatterwalk_pagelen(struct scatter_walk *walk) | ||
36 | { | ||
37 | unsigned int len = walk->sg->offset + walk->sg->length - walk->offset; | ||
38 | unsigned int len_this_page = offset_in_page(~walk->offset) + 1; | ||
39 | return len_this_page > len ? len : len_this_page; | ||
41 | } | 40 | } |
42 | 41 | ||
43 | static inline unsigned int scatterwalk_clamp(struct scatter_walk *walk, | 42 | static inline unsigned int scatterwalk_clamp(struct scatter_walk *walk, |
44 | unsigned int nbytes) | 43 | unsigned int nbytes) |
45 | { | 44 | { |
46 | return nbytes > walk->len_this_page ? walk->len_this_page : nbytes; | 45 | unsigned int len_this_page = scatterwalk_pagelen(walk); |
46 | return nbytes > len_this_page ? len_this_page : nbytes; | ||
47 | } | 47 | } |
48 | 48 | ||
49 | static inline void scatterwalk_advance(struct scatter_walk *walk, | 49 | static inline void scatterwalk_advance(struct scatter_walk *walk, |
50 | unsigned int nbytes) | 50 | unsigned int nbytes) |
51 | { | 51 | { |
52 | walk->data += nbytes; | ||
53 | walk->offset += nbytes; | 52 | walk->offset += nbytes; |
54 | walk->len_this_page -= nbytes; | ||
55 | walk->len_this_segment -= nbytes; | ||
56 | } | 53 | } |
57 | 54 | ||
58 | static inline unsigned int scatterwalk_aligned(struct scatter_walk *walk, | 55 | static inline unsigned int scatterwalk_aligned(struct scatter_walk *walk, |
@@ -61,9 +58,20 @@ static inline unsigned int scatterwalk_aligned(struct scatter_walk *walk, | |||
61 | return !(walk->offset & alignmask); | 58 | return !(walk->offset & alignmask); |
62 | } | 59 | } |
63 | 60 | ||
61 | static inline struct page *scatterwalk_page(struct scatter_walk *walk) | ||
62 | { | ||
63 | return walk->sg->page + (walk->offset >> PAGE_SHIFT); | ||
64 | } | ||
65 | |||
66 | static inline void scatterwalk_unmap(void *vaddr, int out) | ||
67 | { | ||
68 | crypto_kunmap(vaddr, out); | ||
69 | } | ||
70 | |||
64 | void scatterwalk_start(struct scatter_walk *walk, struct scatterlist *sg); | 71 | void scatterwalk_start(struct scatter_walk *walk, struct scatterlist *sg); |
65 | int scatterwalk_copychunks(void *buf, struct scatter_walk *walk, size_t nbytes, int out); | 72 | void scatterwalk_copychunks(void *buf, struct scatter_walk *walk, |
66 | void scatterwalk_map(struct scatter_walk *walk, int out); | 73 | size_t nbytes, int out); |
74 | void *scatterwalk_map(struct scatter_walk *walk, int out); | ||
67 | void scatterwalk_done(struct scatter_walk *walk, int out, int more); | 75 | void scatterwalk_done(struct scatter_walk *walk, int out, int more); |
68 | 76 | ||
69 | #endif /* _CRYPTO_SCATTERWALK_H */ | 77 | #endif /* _CRYPTO_SCATTERWALK_H */ |
diff --git a/crypto/serpent.c b/crypto/serpent.c index de60cdddbf4a..465d091cd3ec 100644 --- a/crypto/serpent.c +++ b/crypto/serpent.c | |||
@@ -216,7 +216,7 @@ struct serpent_ctx { | |||
216 | 216 | ||
217 | 217 | ||
218 | static int serpent_setkey(struct crypto_tfm *tfm, const u8 *key, | 218 | static int serpent_setkey(struct crypto_tfm *tfm, const u8 *key, |
219 | unsigned int keylen, u32 *flags) | 219 | unsigned int keylen) |
220 | { | 220 | { |
221 | struct serpent_ctx *ctx = crypto_tfm_ctx(tfm); | 221 | struct serpent_ctx *ctx = crypto_tfm_ctx(tfm); |
222 | u32 *k = ctx->expkey; | 222 | u32 *k = ctx->expkey; |
@@ -224,13 +224,6 @@ static int serpent_setkey(struct crypto_tfm *tfm, const u8 *key, | |||
224 | u32 r0,r1,r2,r3,r4; | 224 | u32 r0,r1,r2,r3,r4; |
225 | int i; | 225 | int i; |
226 | 226 | ||
227 | if ((keylen < SERPENT_MIN_KEY_SIZE) | ||
228 | || (keylen > SERPENT_MAX_KEY_SIZE)) | ||
229 | { | ||
230 | *flags |= CRYPTO_TFM_RES_BAD_KEY_LEN; | ||
231 | return -EINVAL; | ||
232 | } | ||
233 | |||
234 | /* Copy key, add padding */ | 227 | /* Copy key, add padding */ |
235 | 228 | ||
236 | for (i = 0; i < keylen; ++i) | 229 | for (i = 0; i < keylen; ++i) |
@@ -497,21 +490,15 @@ static struct crypto_alg serpent_alg = { | |||
497 | }; | 490 | }; |
498 | 491 | ||
499 | static int tnepres_setkey(struct crypto_tfm *tfm, const u8 *key, | 492 | static int tnepres_setkey(struct crypto_tfm *tfm, const u8 *key, |
500 | unsigned int keylen, u32 *flags) | 493 | unsigned int keylen) |
501 | { | 494 | { |
502 | u8 rev_key[SERPENT_MAX_KEY_SIZE]; | 495 | u8 rev_key[SERPENT_MAX_KEY_SIZE]; |
503 | int i; | 496 | int i; |
504 | 497 | ||
505 | if ((keylen < SERPENT_MIN_KEY_SIZE) | ||
506 | || (keylen > SERPENT_MAX_KEY_SIZE)) { | ||
507 | *flags |= CRYPTO_TFM_RES_BAD_KEY_LEN; | ||
508 | return -EINVAL; | ||
509 | } | ||
510 | |||
511 | for (i = 0; i < keylen; ++i) | 498 | for (i = 0; i < keylen; ++i) |
512 | rev_key[keylen - i - 1] = key[i]; | 499 | rev_key[keylen - i - 1] = key[i]; |
513 | 500 | ||
514 | return serpent_setkey(tfm, rev_key, keylen, flags); | 501 | return serpent_setkey(tfm, rev_key, keylen); |
515 | } | 502 | } |
516 | 503 | ||
517 | static void tnepres_encrypt(struct crypto_tfm *tfm, u8 *dst, const u8 *src) | 504 | static void tnepres_encrypt(struct crypto_tfm *tfm, u8 *dst, const u8 *src) |
diff --git a/crypto/sha1.c b/crypto/sha1.c index 6c77b689f87e..1bba551e5b45 100644 --- a/crypto/sha1.c +++ b/crypto/sha1.c | |||
@@ -109,6 +109,7 @@ static void sha1_final(struct crypto_tfm *tfm, u8 *out) | |||
109 | 109 | ||
110 | static struct crypto_alg alg = { | 110 | static struct crypto_alg alg = { |
111 | .cra_name = "sha1", | 111 | .cra_name = "sha1", |
112 | .cra_driver_name= "sha1-generic", | ||
112 | .cra_flags = CRYPTO_ALG_TYPE_DIGEST, | 113 | .cra_flags = CRYPTO_ALG_TYPE_DIGEST, |
113 | .cra_blocksize = SHA1_HMAC_BLOCK_SIZE, | 114 | .cra_blocksize = SHA1_HMAC_BLOCK_SIZE, |
114 | .cra_ctxsize = sizeof(struct sha1_ctx), | 115 | .cra_ctxsize = sizeof(struct sha1_ctx), |
@@ -137,3 +138,5 @@ module_exit(fini); | |||
137 | 138 | ||
138 | MODULE_LICENSE("GPL"); | 139 | MODULE_LICENSE("GPL"); |
139 | MODULE_DESCRIPTION("SHA1 Secure Hash Algorithm"); | 140 | MODULE_DESCRIPTION("SHA1 Secure Hash Algorithm"); |
141 | |||
142 | MODULE_ALIAS("sha1-generic"); | ||
diff --git a/crypto/sha256.c b/crypto/sha256.c index bc71d85a7d02..716195bb54f2 100644 --- a/crypto/sha256.c +++ b/crypto/sha256.c | |||
@@ -309,6 +309,7 @@ static void sha256_final(struct crypto_tfm *tfm, u8 *out) | |||
309 | 309 | ||
310 | static struct crypto_alg alg = { | 310 | static struct crypto_alg alg = { |
311 | .cra_name = "sha256", | 311 | .cra_name = "sha256", |
312 | .cra_driver_name= "sha256-generic", | ||
312 | .cra_flags = CRYPTO_ALG_TYPE_DIGEST, | 313 | .cra_flags = CRYPTO_ALG_TYPE_DIGEST, |
313 | .cra_blocksize = SHA256_HMAC_BLOCK_SIZE, | 314 | .cra_blocksize = SHA256_HMAC_BLOCK_SIZE, |
314 | .cra_ctxsize = sizeof(struct sha256_ctx), | 315 | .cra_ctxsize = sizeof(struct sha256_ctx), |
@@ -337,3 +338,5 @@ module_exit(fini); | |||
337 | 338 | ||
338 | MODULE_LICENSE("GPL"); | 339 | MODULE_LICENSE("GPL"); |
339 | MODULE_DESCRIPTION("SHA256 Secure Hash Algorithm"); | 340 | MODULE_DESCRIPTION("SHA256 Secure Hash Algorithm"); |
341 | |||
342 | MODULE_ALIAS("sha256-generic"); | ||
diff --git a/crypto/tcrypt.c b/crypto/tcrypt.c index e52f56c5bd5e..83307420d31c 100644 --- a/crypto/tcrypt.c +++ b/crypto/tcrypt.c | |||
@@ -17,6 +17,7 @@ | |||
17 | * | 17 | * |
18 | */ | 18 | */ |
19 | 19 | ||
20 | #include <linux/err.h> | ||
20 | #include <linux/init.h> | 21 | #include <linux/init.h> |
21 | #include <linux/module.h> | 22 | #include <linux/module.h> |
22 | #include <linux/mm.h> | 23 | #include <linux/mm.h> |
@@ -54,8 +55,6 @@ | |||
54 | */ | 55 | */ |
55 | #define ENCRYPT 1 | 56 | #define ENCRYPT 1 |
56 | #define DECRYPT 0 | 57 | #define DECRYPT 0 |
57 | #define MODE_ECB 1 | ||
58 | #define MODE_CBC 0 | ||
59 | 58 | ||
60 | static unsigned int IDX[8] = { IDX1, IDX2, IDX3, IDX4, IDX5, IDX6, IDX7, IDX8 }; | 59 | static unsigned int IDX[8] = { IDX1, IDX2, IDX3, IDX4, IDX5, IDX6, IDX7, IDX8 }; |
61 | 60 | ||
@@ -89,9 +88,11 @@ static void test_hash(char *algo, struct hash_testvec *template, | |||
89 | unsigned int i, j, k, temp; | 88 | unsigned int i, j, k, temp; |
90 | struct scatterlist sg[8]; | 89 | struct scatterlist sg[8]; |
91 | char result[64]; | 90 | char result[64]; |
92 | struct crypto_tfm *tfm; | 91 | struct crypto_hash *tfm; |
92 | struct hash_desc desc; | ||
93 | struct hash_testvec *hash_tv; | 93 | struct hash_testvec *hash_tv; |
94 | unsigned int tsize; | 94 | unsigned int tsize; |
95 | int ret; | ||
95 | 96 | ||
96 | printk("\ntesting %s\n", algo); | 97 | printk("\ntesting %s\n", algo); |
97 | 98 | ||
@@ -105,30 +106,42 @@ static void test_hash(char *algo, struct hash_testvec *template, | |||
105 | 106 | ||
106 | memcpy(tvmem, template, tsize); | 107 | memcpy(tvmem, template, tsize); |
107 | hash_tv = (void *)tvmem; | 108 | hash_tv = (void *)tvmem; |
108 | tfm = crypto_alloc_tfm(algo, 0); | 109 | |
109 | if (tfm == NULL) { | 110 | tfm = crypto_alloc_hash(algo, 0, CRYPTO_ALG_ASYNC); |
110 | printk("failed to load transform for %s\n", algo); | 111 | if (IS_ERR(tfm)) { |
112 | printk("failed to load transform for %s: %ld\n", algo, | ||
113 | PTR_ERR(tfm)); | ||
111 | return; | 114 | return; |
112 | } | 115 | } |
113 | 116 | ||
117 | desc.tfm = tfm; | ||
118 | desc.flags = 0; | ||
119 | |||
114 | for (i = 0; i < tcount; i++) { | 120 | for (i = 0; i < tcount; i++) { |
115 | printk("test %u:\n", i + 1); | 121 | printk("test %u:\n", i + 1); |
116 | memset(result, 0, 64); | 122 | memset(result, 0, 64); |
117 | 123 | ||
118 | sg_set_buf(&sg[0], hash_tv[i].plaintext, hash_tv[i].psize); | 124 | sg_set_buf(&sg[0], hash_tv[i].plaintext, hash_tv[i].psize); |
119 | 125 | ||
120 | crypto_digest_init(tfm); | 126 | if (hash_tv[i].ksize) { |
121 | if (tfm->crt_u.digest.dit_setkey) { | 127 | ret = crypto_hash_setkey(tfm, hash_tv[i].key, |
122 | crypto_digest_setkey(tfm, hash_tv[i].key, | 128 | hash_tv[i].ksize); |
123 | hash_tv[i].ksize); | 129 | if (ret) { |
130 | printk("setkey() failed ret=%d\n", ret); | ||
131 | goto out; | ||
132 | } | ||
133 | } | ||
134 | |||
135 | ret = crypto_hash_digest(&desc, sg, hash_tv[i].psize, result); | ||
136 | if (ret) { | ||
137 | printk("digest () failed ret=%d\n", ret); | ||
138 | goto out; | ||
124 | } | 139 | } |
125 | crypto_digest_update(tfm, sg, 1); | ||
126 | crypto_digest_final(tfm, result); | ||
127 | 140 | ||
128 | hexdump(result, crypto_tfm_alg_digestsize(tfm)); | 141 | hexdump(result, crypto_hash_digestsize(tfm)); |
129 | printk("%s\n", | 142 | printk("%s\n", |
130 | memcmp(result, hash_tv[i].digest, | 143 | memcmp(result, hash_tv[i].digest, |
131 | crypto_tfm_alg_digestsize(tfm)) ? | 144 | crypto_hash_digestsize(tfm)) ? |
132 | "fail" : "pass"); | 145 | "fail" : "pass"); |
133 | } | 146 | } |
134 | 147 | ||
@@ -154,127 +167,56 @@ static void test_hash(char *algo, struct hash_testvec *template, | |||
154 | hash_tv[i].tap[k]); | 167 | hash_tv[i].tap[k]); |
155 | } | 168 | } |
156 | 169 | ||
157 | crypto_digest_digest(tfm, sg, hash_tv[i].np, result); | 170 | if (hash_tv[i].ksize) { |
158 | 171 | ret = crypto_hash_setkey(tfm, hash_tv[i].key, | |
159 | hexdump(result, crypto_tfm_alg_digestsize(tfm)); | 172 | hash_tv[i].ksize); |
160 | printk("%s\n", | ||
161 | memcmp(result, hash_tv[i].digest, | ||
162 | crypto_tfm_alg_digestsize(tfm)) ? | ||
163 | "fail" : "pass"); | ||
164 | } | ||
165 | } | ||
166 | |||
167 | crypto_free_tfm(tfm); | ||
168 | } | ||
169 | |||
170 | |||
171 | #ifdef CONFIG_CRYPTO_HMAC | ||
172 | |||
173 | static void test_hmac(char *algo, struct hmac_testvec *template, | ||
174 | unsigned int tcount) | ||
175 | { | ||
176 | unsigned int i, j, k, temp; | ||
177 | struct scatterlist sg[8]; | ||
178 | char result[64]; | ||
179 | struct crypto_tfm *tfm; | ||
180 | struct hmac_testvec *hmac_tv; | ||
181 | unsigned int tsize, klen; | ||
182 | |||
183 | tfm = crypto_alloc_tfm(algo, 0); | ||
184 | if (tfm == NULL) { | ||
185 | printk("failed to load transform for %s\n", algo); | ||
186 | return; | ||
187 | } | ||
188 | |||
189 | printk("\ntesting hmac_%s\n", algo); | ||
190 | |||
191 | tsize = sizeof(struct hmac_testvec); | ||
192 | tsize *= tcount; | ||
193 | if (tsize > TVMEMSIZE) { | ||
194 | printk("template (%u) too big for tvmem (%u)\n", tsize, | ||
195 | TVMEMSIZE); | ||
196 | goto out; | ||
197 | } | ||
198 | |||
199 | memcpy(tvmem, template, tsize); | ||
200 | hmac_tv = (void *)tvmem; | ||
201 | |||
202 | for (i = 0; i < tcount; i++) { | ||
203 | printk("test %u:\n", i + 1); | ||
204 | memset(result, 0, sizeof (result)); | ||
205 | |||
206 | klen = hmac_tv[i].ksize; | ||
207 | sg_set_buf(&sg[0], hmac_tv[i].plaintext, hmac_tv[i].psize); | ||
208 | |||
209 | crypto_hmac(tfm, hmac_tv[i].key, &klen, sg, 1, result); | ||
210 | 173 | ||
211 | hexdump(result, crypto_tfm_alg_digestsize(tfm)); | 174 | if (ret) { |
212 | printk("%s\n", | 175 | printk("setkey() failed ret=%d\n", ret); |
213 | memcmp(result, hmac_tv[i].digest, | 176 | goto out; |
214 | crypto_tfm_alg_digestsize(tfm)) ? "fail" : | 177 | } |
215 | "pass"); | ||
216 | } | ||
217 | |||
218 | printk("\ntesting hmac_%s across pages\n", algo); | ||
219 | |||
220 | memset(xbuf, 0, XBUFSIZE); | ||
221 | |||
222 | j = 0; | ||
223 | for (i = 0; i < tcount; i++) { | ||
224 | if (hmac_tv[i].np) { | ||
225 | j++; | ||
226 | printk("test %u:\n",j); | ||
227 | memset(result, 0, 64); | ||
228 | |||
229 | temp = 0; | ||
230 | klen = hmac_tv[i].ksize; | ||
231 | for (k = 0; k < hmac_tv[i].np; k++) { | ||
232 | memcpy(&xbuf[IDX[k]], | ||
233 | hmac_tv[i].plaintext + temp, | ||
234 | hmac_tv[i].tap[k]); | ||
235 | temp += hmac_tv[i].tap[k]; | ||
236 | sg_set_buf(&sg[k], &xbuf[IDX[k]], | ||
237 | hmac_tv[i].tap[k]); | ||
238 | } | 178 | } |
239 | 179 | ||
240 | crypto_hmac(tfm, hmac_tv[i].key, &klen, sg, | 180 | ret = crypto_hash_digest(&desc, sg, hash_tv[i].psize, |
241 | hmac_tv[i].np, result); | 181 | result); |
242 | hexdump(result, crypto_tfm_alg_digestsize(tfm)); | 182 | if (ret) { |
183 | printk("digest () failed ret=%d\n", ret); | ||
184 | goto out; | ||
185 | } | ||
243 | 186 | ||
187 | hexdump(result, crypto_hash_digestsize(tfm)); | ||
244 | printk("%s\n", | 188 | printk("%s\n", |
245 | memcmp(result, hmac_tv[i].digest, | 189 | memcmp(result, hash_tv[i].digest, |
246 | crypto_tfm_alg_digestsize(tfm)) ? | 190 | crypto_hash_digestsize(tfm)) ? |
247 | "fail" : "pass"); | 191 | "fail" : "pass"); |
248 | } | 192 | } |
249 | } | 193 | } |
194 | |||
250 | out: | 195 | out: |
251 | crypto_free_tfm(tfm); | 196 | crypto_free_hash(tfm); |
252 | } | 197 | } |
253 | 198 | ||
254 | #endif /* CONFIG_CRYPTO_HMAC */ | 199 | static void test_cipher(char *algo, int enc, |
255 | |||
256 | static void test_cipher(char *algo, int mode, int enc, | ||
257 | struct cipher_testvec *template, unsigned int tcount) | 200 | struct cipher_testvec *template, unsigned int tcount) |
258 | { | 201 | { |
259 | unsigned int ret, i, j, k, temp; | 202 | unsigned int ret, i, j, k, temp; |
260 | unsigned int tsize; | 203 | unsigned int tsize; |
204 | unsigned int iv_len; | ||
205 | unsigned int len; | ||
261 | char *q; | 206 | char *q; |
262 | struct crypto_tfm *tfm; | 207 | struct crypto_blkcipher *tfm; |
263 | char *key; | 208 | char *key; |
264 | struct cipher_testvec *cipher_tv; | 209 | struct cipher_testvec *cipher_tv; |
210 | struct blkcipher_desc desc; | ||
265 | struct scatterlist sg[8]; | 211 | struct scatterlist sg[8]; |
266 | const char *e, *m; | 212 | const char *e; |
267 | 213 | ||
268 | if (enc == ENCRYPT) | 214 | if (enc == ENCRYPT) |
269 | e = "encryption"; | 215 | e = "encryption"; |
270 | else | 216 | else |
271 | e = "decryption"; | 217 | e = "decryption"; |
272 | if (mode == MODE_ECB) | ||
273 | m = "ECB"; | ||
274 | else | ||
275 | m = "CBC"; | ||
276 | 218 | ||
277 | printk("\ntesting %s %s %s\n", algo, m, e); | 219 | printk("\ntesting %s %s\n", algo, e); |
278 | 220 | ||
279 | tsize = sizeof (struct cipher_testvec); | 221 | tsize = sizeof (struct cipher_testvec); |
280 | tsize *= tcount; | 222 | tsize *= tcount; |
@@ -288,15 +230,15 @@ static void test_cipher(char *algo, int mode, int enc, | |||
288 | memcpy(tvmem, template, tsize); | 230 | memcpy(tvmem, template, tsize); |
289 | cipher_tv = (void *)tvmem; | 231 | cipher_tv = (void *)tvmem; |
290 | 232 | ||
291 | if (mode) | 233 | tfm = crypto_alloc_blkcipher(algo, 0, CRYPTO_ALG_ASYNC); |
292 | tfm = crypto_alloc_tfm(algo, 0); | ||
293 | else | ||
294 | tfm = crypto_alloc_tfm(algo, CRYPTO_TFM_MODE_CBC); | ||
295 | 234 | ||
296 | if (tfm == NULL) { | 235 | if (IS_ERR(tfm)) { |
297 | printk("failed to load transform for %s %s\n", algo, m); | 236 | printk("failed to load transform for %s: %ld\n", algo, |
237 | PTR_ERR(tfm)); | ||
298 | return; | 238 | return; |
299 | } | 239 | } |
240 | desc.tfm = tfm; | ||
241 | desc.flags = 0; | ||
300 | 242 | ||
301 | j = 0; | 243 | j = 0; |
302 | for (i = 0; i < tcount; i++) { | 244 | for (i = 0; i < tcount; i++) { |
@@ -305,14 +247,17 @@ static void test_cipher(char *algo, int mode, int enc, | |||
305 | printk("test %u (%d bit key):\n", | 247 | printk("test %u (%d bit key):\n", |
306 | j, cipher_tv[i].klen * 8); | 248 | j, cipher_tv[i].klen * 8); |
307 | 249 | ||
308 | tfm->crt_flags = 0; | 250 | crypto_blkcipher_clear_flags(tfm, ~0); |
309 | if (cipher_tv[i].wk) | 251 | if (cipher_tv[i].wk) |
310 | tfm->crt_flags |= CRYPTO_TFM_REQ_WEAK_KEY; | 252 | crypto_blkcipher_set_flags( |
253 | tfm, CRYPTO_TFM_REQ_WEAK_KEY); | ||
311 | key = cipher_tv[i].key; | 254 | key = cipher_tv[i].key; |
312 | 255 | ||
313 | ret = crypto_cipher_setkey(tfm, key, cipher_tv[i].klen); | 256 | ret = crypto_blkcipher_setkey(tfm, key, |
257 | cipher_tv[i].klen); | ||
314 | if (ret) { | 258 | if (ret) { |
315 | printk("setkey() failed flags=%x\n", tfm->crt_flags); | 259 | printk("setkey() failed flags=%x\n", |
260 | crypto_blkcipher_get_flags(tfm)); | ||
316 | 261 | ||
317 | if (!cipher_tv[i].fail) | 262 | if (!cipher_tv[i].fail) |
318 | goto out; | 263 | goto out; |
@@ -321,19 +266,19 @@ static void test_cipher(char *algo, int mode, int enc, | |||
321 | sg_set_buf(&sg[0], cipher_tv[i].input, | 266 | sg_set_buf(&sg[0], cipher_tv[i].input, |
322 | cipher_tv[i].ilen); | 267 | cipher_tv[i].ilen); |
323 | 268 | ||
324 | if (!mode) { | 269 | iv_len = crypto_blkcipher_ivsize(tfm); |
325 | crypto_cipher_set_iv(tfm, cipher_tv[i].iv, | 270 | if (iv_len) |
326 | crypto_tfm_alg_ivsize(tfm)); | 271 | crypto_blkcipher_set_iv(tfm, cipher_tv[i].iv, |
327 | } | 272 | iv_len); |
328 | |||
329 | if (enc) | ||
330 | ret = crypto_cipher_encrypt(tfm, sg, sg, cipher_tv[i].ilen); | ||
331 | else | ||
332 | ret = crypto_cipher_decrypt(tfm, sg, sg, cipher_tv[i].ilen); | ||
333 | 273 | ||
274 | len = cipher_tv[i].ilen; | ||
275 | ret = enc ? | ||
276 | crypto_blkcipher_encrypt(&desc, sg, sg, len) : | ||
277 | crypto_blkcipher_decrypt(&desc, sg, sg, len); | ||
334 | 278 | ||
335 | if (ret) { | 279 | if (ret) { |
336 | printk("%s () failed flags=%x\n", e, tfm->crt_flags); | 280 | printk("%s () failed flags=%x\n", e, |
281 | desc.flags); | ||
337 | goto out; | 282 | goto out; |
338 | } | 283 | } |
339 | 284 | ||
@@ -346,7 +291,7 @@ static void test_cipher(char *algo, int mode, int enc, | |||
346 | } | 291 | } |
347 | } | 292 | } |
348 | 293 | ||
349 | printk("\ntesting %s %s %s across pages (chunking)\n", algo, m, e); | 294 | printk("\ntesting %s %s across pages (chunking)\n", algo, e); |
350 | memset(xbuf, 0, XBUFSIZE); | 295 | memset(xbuf, 0, XBUFSIZE); |
351 | 296 | ||
352 | j = 0; | 297 | j = 0; |
@@ -356,14 +301,17 @@ static void test_cipher(char *algo, int mode, int enc, | |||
356 | printk("test %u (%d bit key):\n", | 301 | printk("test %u (%d bit key):\n", |
357 | j, cipher_tv[i].klen * 8); | 302 | j, cipher_tv[i].klen * 8); |
358 | 303 | ||
359 | tfm->crt_flags = 0; | 304 | crypto_blkcipher_clear_flags(tfm, ~0); |
360 | if (cipher_tv[i].wk) | 305 | if (cipher_tv[i].wk) |
361 | tfm->crt_flags |= CRYPTO_TFM_REQ_WEAK_KEY; | 306 | crypto_blkcipher_set_flags( |
307 | tfm, CRYPTO_TFM_REQ_WEAK_KEY); | ||
362 | key = cipher_tv[i].key; | 308 | key = cipher_tv[i].key; |
363 | 309 | ||
364 | ret = crypto_cipher_setkey(tfm, key, cipher_tv[i].klen); | 310 | ret = crypto_blkcipher_setkey(tfm, key, |
311 | cipher_tv[i].klen); | ||
365 | if (ret) { | 312 | if (ret) { |
366 | printk("setkey() failed flags=%x\n", tfm->crt_flags); | 313 | printk("setkey() failed flags=%x\n", |
314 | crypto_blkcipher_get_flags(tfm)); | ||
367 | 315 | ||
368 | if (!cipher_tv[i].fail) | 316 | if (!cipher_tv[i].fail) |
369 | goto out; | 317 | goto out; |
@@ -379,18 +327,19 @@ static void test_cipher(char *algo, int mode, int enc, | |||
379 | cipher_tv[i].tap[k]); | 327 | cipher_tv[i].tap[k]); |
380 | } | 328 | } |
381 | 329 | ||
382 | if (!mode) { | 330 | iv_len = crypto_blkcipher_ivsize(tfm); |
383 | crypto_cipher_set_iv(tfm, cipher_tv[i].iv, | 331 | if (iv_len) |
384 | crypto_tfm_alg_ivsize(tfm)); | 332 | crypto_blkcipher_set_iv(tfm, cipher_tv[i].iv, |
385 | } | 333 | iv_len); |
386 | 334 | ||
387 | if (enc) | 335 | len = cipher_tv[i].ilen; |
388 | ret = crypto_cipher_encrypt(tfm, sg, sg, cipher_tv[i].ilen); | 336 | ret = enc ? |
389 | else | 337 | crypto_blkcipher_encrypt(&desc, sg, sg, len) : |
390 | ret = crypto_cipher_decrypt(tfm, sg, sg, cipher_tv[i].ilen); | 338 | crypto_blkcipher_decrypt(&desc, sg, sg, len); |
391 | 339 | ||
392 | if (ret) { | 340 | if (ret) { |
393 | printk("%s () failed flags=%x\n", e, tfm->crt_flags); | 341 | printk("%s () failed flags=%x\n", e, |
342 | desc.flags); | ||
394 | goto out; | 343 | goto out; |
395 | } | 344 | } |
396 | 345 | ||
@@ -409,10 +358,10 @@ static void test_cipher(char *algo, int mode, int enc, | |||
409 | } | 358 | } |
410 | 359 | ||
411 | out: | 360 | out: |
412 | crypto_free_tfm(tfm); | 361 | crypto_free_blkcipher(tfm); |
413 | } | 362 | } |
414 | 363 | ||
415 | static int test_cipher_jiffies(struct crypto_tfm *tfm, int enc, char *p, | 364 | static int test_cipher_jiffies(struct blkcipher_desc *desc, int enc, char *p, |
416 | int blen, int sec) | 365 | int blen, int sec) |
417 | { | 366 | { |
418 | struct scatterlist sg[1]; | 367 | struct scatterlist sg[1]; |
@@ -425,9 +374,9 @@ static int test_cipher_jiffies(struct crypto_tfm *tfm, int enc, char *p, | |||
425 | for (start = jiffies, end = start + sec * HZ, bcount = 0; | 374 | for (start = jiffies, end = start + sec * HZ, bcount = 0; |
426 | time_before(jiffies, end); bcount++) { | 375 | time_before(jiffies, end); bcount++) { |
427 | if (enc) | 376 | if (enc) |
428 | ret = crypto_cipher_encrypt(tfm, sg, sg, blen); | 377 | ret = crypto_blkcipher_encrypt(desc, sg, sg, blen); |
429 | else | 378 | else |
430 | ret = crypto_cipher_decrypt(tfm, sg, sg, blen); | 379 | ret = crypto_blkcipher_decrypt(desc, sg, sg, blen); |
431 | 380 | ||
432 | if (ret) | 381 | if (ret) |
433 | return ret; | 382 | return ret; |
@@ -438,7 +387,7 @@ static int test_cipher_jiffies(struct crypto_tfm *tfm, int enc, char *p, | |||
438 | return 0; | 387 | return 0; |
439 | } | 388 | } |
440 | 389 | ||
441 | static int test_cipher_cycles(struct crypto_tfm *tfm, int enc, char *p, | 390 | static int test_cipher_cycles(struct blkcipher_desc *desc, int enc, char *p, |
442 | int blen) | 391 | int blen) |
443 | { | 392 | { |
444 | struct scatterlist sg[1]; | 393 | struct scatterlist sg[1]; |
@@ -454,9 +403,9 @@ static int test_cipher_cycles(struct crypto_tfm *tfm, int enc, char *p, | |||
454 | /* Warm-up run. */ | 403 | /* Warm-up run. */ |
455 | for (i = 0; i < 4; i++) { | 404 | for (i = 0; i < 4; i++) { |
456 | if (enc) | 405 | if (enc) |
457 | ret = crypto_cipher_encrypt(tfm, sg, sg, blen); | 406 | ret = crypto_blkcipher_encrypt(desc, sg, sg, blen); |
458 | else | 407 | else |
459 | ret = crypto_cipher_decrypt(tfm, sg, sg, blen); | 408 | ret = crypto_blkcipher_decrypt(desc, sg, sg, blen); |
460 | 409 | ||
461 | if (ret) | 410 | if (ret) |
462 | goto out; | 411 | goto out; |
@@ -468,9 +417,9 @@ static int test_cipher_cycles(struct crypto_tfm *tfm, int enc, char *p, | |||
468 | 417 | ||
469 | start = get_cycles(); | 418 | start = get_cycles(); |
470 | if (enc) | 419 | if (enc) |
471 | ret = crypto_cipher_encrypt(tfm, sg, sg, blen); | 420 | ret = crypto_blkcipher_encrypt(desc, sg, sg, blen); |
472 | else | 421 | else |
473 | ret = crypto_cipher_decrypt(tfm, sg, sg, blen); | 422 | ret = crypto_blkcipher_decrypt(desc, sg, sg, blen); |
474 | end = get_cycles(); | 423 | end = get_cycles(); |
475 | 424 | ||
476 | if (ret) | 425 | if (ret) |
@@ -490,35 +439,32 @@ out: | |||
490 | return ret; | 439 | return ret; |
491 | } | 440 | } |
492 | 441 | ||
493 | static void test_cipher_speed(char *algo, int mode, int enc, unsigned int sec, | 442 | static void test_cipher_speed(char *algo, int enc, unsigned int sec, |
494 | struct cipher_testvec *template, | 443 | struct cipher_testvec *template, |
495 | unsigned int tcount, struct cipher_speed *speed) | 444 | unsigned int tcount, struct cipher_speed *speed) |
496 | { | 445 | { |
497 | unsigned int ret, i, j, iv_len; | 446 | unsigned int ret, i, j, iv_len; |
498 | unsigned char *key, *p, iv[128]; | 447 | unsigned char *key, *p, iv[128]; |
499 | struct crypto_tfm *tfm; | 448 | struct crypto_blkcipher *tfm; |
500 | const char *e, *m; | 449 | struct blkcipher_desc desc; |
450 | const char *e; | ||
501 | 451 | ||
502 | if (enc == ENCRYPT) | 452 | if (enc == ENCRYPT) |
503 | e = "encryption"; | 453 | e = "encryption"; |
504 | else | 454 | else |
505 | e = "decryption"; | 455 | e = "decryption"; |
506 | if (mode == MODE_ECB) | ||
507 | m = "ECB"; | ||
508 | else | ||
509 | m = "CBC"; | ||
510 | 456 | ||
511 | printk("\ntesting speed of %s %s %s\n", algo, m, e); | 457 | printk("\ntesting speed of %s %s\n", algo, e); |
512 | 458 | ||
513 | if (mode) | 459 | tfm = crypto_alloc_blkcipher(algo, 0, CRYPTO_ALG_ASYNC); |
514 | tfm = crypto_alloc_tfm(algo, 0); | ||
515 | else | ||
516 | tfm = crypto_alloc_tfm(algo, CRYPTO_TFM_MODE_CBC); | ||
517 | 460 | ||
518 | if (tfm == NULL) { | 461 | if (IS_ERR(tfm)) { |
519 | printk("failed to load transform for %s %s\n", algo, m); | 462 | printk("failed to load transform for %s: %ld\n", algo, |
463 | PTR_ERR(tfm)); | ||
520 | return; | 464 | return; |
521 | } | 465 | } |
466 | desc.tfm = tfm; | ||
467 | desc.flags = 0; | ||
522 | 468 | ||
523 | for (i = 0; speed[i].klen != 0; i++) { | 469 | for (i = 0; speed[i].klen != 0; i++) { |
524 | if ((speed[i].blen + speed[i].klen) > TVMEMSIZE) { | 470 | if ((speed[i].blen + speed[i].klen) > TVMEMSIZE) { |
@@ -542,125 +488,231 @@ static void test_cipher_speed(char *algo, int mode, int enc, unsigned int sec, | |||
542 | } | 488 | } |
543 | p = (unsigned char *)tvmem + speed[i].klen; | 489 | p = (unsigned char *)tvmem + speed[i].klen; |
544 | 490 | ||
545 | ret = crypto_cipher_setkey(tfm, key, speed[i].klen); | 491 | ret = crypto_blkcipher_setkey(tfm, key, speed[i].klen); |
546 | if (ret) { | 492 | if (ret) { |
547 | printk("setkey() failed flags=%x\n", tfm->crt_flags); | 493 | printk("setkey() failed flags=%x\n", |
494 | crypto_blkcipher_get_flags(tfm)); | ||
548 | goto out; | 495 | goto out; |
549 | } | 496 | } |
550 | 497 | ||
551 | if (!mode) { | 498 | iv_len = crypto_blkcipher_ivsize(tfm); |
552 | iv_len = crypto_tfm_alg_ivsize(tfm); | 499 | if (iv_len) { |
553 | memset(&iv, 0xff, iv_len); | 500 | memset(&iv, 0xff, iv_len); |
554 | crypto_cipher_set_iv(tfm, iv, iv_len); | 501 | crypto_blkcipher_set_iv(tfm, iv, iv_len); |
555 | } | 502 | } |
556 | 503 | ||
557 | if (sec) | 504 | if (sec) |
558 | ret = test_cipher_jiffies(tfm, enc, p, speed[i].blen, | 505 | ret = test_cipher_jiffies(&desc, enc, p, speed[i].blen, |
559 | sec); | 506 | sec); |
560 | else | 507 | else |
561 | ret = test_cipher_cycles(tfm, enc, p, speed[i].blen); | 508 | ret = test_cipher_cycles(&desc, enc, p, speed[i].blen); |
562 | 509 | ||
563 | if (ret) { | 510 | if (ret) { |
564 | printk("%s() failed flags=%x\n", e, tfm->crt_flags); | 511 | printk("%s() failed flags=%x\n", e, desc.flags); |
565 | break; | 512 | break; |
566 | } | 513 | } |
567 | } | 514 | } |
568 | 515 | ||
569 | out: | 516 | out: |
570 | crypto_free_tfm(tfm); | 517 | crypto_free_blkcipher(tfm); |
571 | } | 518 | } |
572 | 519 | ||
573 | static void test_digest_jiffies(struct crypto_tfm *tfm, char *p, int blen, | 520 | static int test_hash_jiffies_digest(struct hash_desc *desc, char *p, int blen, |
574 | int plen, char *out, int sec) | 521 | char *out, int sec) |
522 | { | ||
523 | struct scatterlist sg[1]; | ||
524 | unsigned long start, end; | ||
525 | int bcount; | ||
526 | int ret; | ||
527 | |||
528 | for (start = jiffies, end = start + sec * HZ, bcount = 0; | ||
529 | time_before(jiffies, end); bcount++) { | ||
530 | sg_set_buf(sg, p, blen); | ||
531 | ret = crypto_hash_digest(desc, sg, blen, out); | ||
532 | if (ret) | ||
533 | return ret; | ||
534 | } | ||
535 | |||
536 | printk("%6u opers/sec, %9lu bytes/sec\n", | ||
537 | bcount / sec, ((long)bcount * blen) / sec); | ||
538 | |||
539 | return 0; | ||
540 | } | ||
541 | |||
542 | static int test_hash_jiffies(struct hash_desc *desc, char *p, int blen, | ||
543 | int plen, char *out, int sec) | ||
575 | { | 544 | { |
576 | struct scatterlist sg[1]; | 545 | struct scatterlist sg[1]; |
577 | unsigned long start, end; | 546 | unsigned long start, end; |
578 | int bcount, pcount; | 547 | int bcount, pcount; |
548 | int ret; | ||
549 | |||
550 | if (plen == blen) | ||
551 | return test_hash_jiffies_digest(desc, p, blen, out, sec); | ||
579 | 552 | ||
580 | for (start = jiffies, end = start + sec * HZ, bcount = 0; | 553 | for (start = jiffies, end = start + sec * HZ, bcount = 0; |
581 | time_before(jiffies, end); bcount++) { | 554 | time_before(jiffies, end); bcount++) { |
582 | crypto_digest_init(tfm); | 555 | ret = crypto_hash_init(desc); |
556 | if (ret) | ||
557 | return ret; | ||
583 | for (pcount = 0; pcount < blen; pcount += plen) { | 558 | for (pcount = 0; pcount < blen; pcount += plen) { |
584 | sg_set_buf(sg, p + pcount, plen); | 559 | sg_set_buf(sg, p + pcount, plen); |
585 | crypto_digest_update(tfm, sg, 1); | 560 | ret = crypto_hash_update(desc, sg, plen); |
561 | if (ret) | ||
562 | return ret; | ||
586 | } | 563 | } |
587 | /* we assume there is enough space in 'out' for the result */ | 564 | /* we assume there is enough space in 'out' for the result */ |
588 | crypto_digest_final(tfm, out); | 565 | ret = crypto_hash_final(desc, out); |
566 | if (ret) | ||
567 | return ret; | ||
589 | } | 568 | } |
590 | 569 | ||
591 | printk("%6u opers/sec, %9lu bytes/sec\n", | 570 | printk("%6u opers/sec, %9lu bytes/sec\n", |
592 | bcount / sec, ((long)bcount * blen) / sec); | 571 | bcount / sec, ((long)bcount * blen) / sec); |
593 | 572 | ||
594 | return; | 573 | return 0; |
574 | } | ||
575 | |||
576 | static int test_hash_cycles_digest(struct hash_desc *desc, char *p, int blen, | ||
577 | char *out) | ||
578 | { | ||
579 | struct scatterlist sg[1]; | ||
580 | unsigned long cycles = 0; | ||
581 | int i; | ||
582 | int ret; | ||
583 | |||
584 | local_bh_disable(); | ||
585 | local_irq_disable(); | ||
586 | |||
587 | /* Warm-up run. */ | ||
588 | for (i = 0; i < 4; i++) { | ||
589 | sg_set_buf(sg, p, blen); | ||
590 | ret = crypto_hash_digest(desc, sg, blen, out); | ||
591 | if (ret) | ||
592 | goto out; | ||
593 | } | ||
594 | |||
595 | /* The real thing. */ | ||
596 | for (i = 0; i < 8; i++) { | ||
597 | cycles_t start, end; | ||
598 | |||
599 | start = get_cycles(); | ||
600 | |||
601 | sg_set_buf(sg, p, blen); | ||
602 | ret = crypto_hash_digest(desc, sg, blen, out); | ||
603 | if (ret) | ||
604 | goto out; | ||
605 | |||
606 | end = get_cycles(); | ||
607 | |||
608 | cycles += end - start; | ||
609 | } | ||
610 | |||
611 | out: | ||
612 | local_irq_enable(); | ||
613 | local_bh_enable(); | ||
614 | |||
615 | if (ret) | ||
616 | return ret; | ||
617 | |||
618 | printk("%6lu cycles/operation, %4lu cycles/byte\n", | ||
619 | cycles / 8, cycles / (8 * blen)); | ||
620 | |||
621 | return 0; | ||
595 | } | 622 | } |
596 | 623 | ||
597 | static void test_digest_cycles(struct crypto_tfm *tfm, char *p, int blen, | 624 | static int test_hash_cycles(struct hash_desc *desc, char *p, int blen, |
598 | int plen, char *out) | 625 | int plen, char *out) |
599 | { | 626 | { |
600 | struct scatterlist sg[1]; | 627 | struct scatterlist sg[1]; |
601 | unsigned long cycles = 0; | 628 | unsigned long cycles = 0; |
602 | int i, pcount; | 629 | int i, pcount; |
630 | int ret; | ||
631 | |||
632 | if (plen == blen) | ||
633 | return test_hash_cycles_digest(desc, p, blen, out); | ||
603 | 634 | ||
604 | local_bh_disable(); | 635 | local_bh_disable(); |
605 | local_irq_disable(); | 636 | local_irq_disable(); |
606 | 637 | ||
607 | /* Warm-up run. */ | 638 | /* Warm-up run. */ |
608 | for (i = 0; i < 4; i++) { | 639 | for (i = 0; i < 4; i++) { |
609 | crypto_digest_init(tfm); | 640 | ret = crypto_hash_init(desc); |
641 | if (ret) | ||
642 | goto out; | ||
610 | for (pcount = 0; pcount < blen; pcount += plen) { | 643 | for (pcount = 0; pcount < blen; pcount += plen) { |
611 | sg_set_buf(sg, p + pcount, plen); | 644 | sg_set_buf(sg, p + pcount, plen); |
612 | crypto_digest_update(tfm, sg, 1); | 645 | ret = crypto_hash_update(desc, sg, plen); |
646 | if (ret) | ||
647 | goto out; | ||
613 | } | 648 | } |
614 | crypto_digest_final(tfm, out); | 649 | crypto_hash_final(desc, out); |
650 | if (ret) | ||
651 | goto out; | ||
615 | } | 652 | } |
616 | 653 | ||
617 | /* The real thing. */ | 654 | /* The real thing. */ |
618 | for (i = 0; i < 8; i++) { | 655 | for (i = 0; i < 8; i++) { |
619 | cycles_t start, end; | 656 | cycles_t start, end; |
620 | 657 | ||
621 | crypto_digest_init(tfm); | ||
622 | |||
623 | start = get_cycles(); | 658 | start = get_cycles(); |
624 | 659 | ||
660 | ret = crypto_hash_init(desc); | ||
661 | if (ret) | ||
662 | goto out; | ||
625 | for (pcount = 0; pcount < blen; pcount += plen) { | 663 | for (pcount = 0; pcount < blen; pcount += plen) { |
626 | sg_set_buf(sg, p + pcount, plen); | 664 | sg_set_buf(sg, p + pcount, plen); |
627 | crypto_digest_update(tfm, sg, 1); | 665 | ret = crypto_hash_update(desc, sg, plen); |
666 | if (ret) | ||
667 | goto out; | ||
628 | } | 668 | } |
629 | crypto_digest_final(tfm, out); | 669 | ret = crypto_hash_final(desc, out); |
670 | if (ret) | ||
671 | goto out; | ||
630 | 672 | ||
631 | end = get_cycles(); | 673 | end = get_cycles(); |
632 | 674 | ||
633 | cycles += end - start; | 675 | cycles += end - start; |
634 | } | 676 | } |
635 | 677 | ||
678 | out: | ||
636 | local_irq_enable(); | 679 | local_irq_enable(); |
637 | local_bh_enable(); | 680 | local_bh_enable(); |
638 | 681 | ||
682 | if (ret) | ||
683 | return ret; | ||
684 | |||
639 | printk("%6lu cycles/operation, %4lu cycles/byte\n", | 685 | printk("%6lu cycles/operation, %4lu cycles/byte\n", |
640 | cycles / 8, cycles / (8 * blen)); | 686 | cycles / 8, cycles / (8 * blen)); |
641 | 687 | ||
642 | return; | 688 | return 0; |
643 | } | 689 | } |
644 | 690 | ||
645 | static void test_digest_speed(char *algo, unsigned int sec, | 691 | static void test_hash_speed(char *algo, unsigned int sec, |
646 | struct digest_speed *speed) | 692 | struct hash_speed *speed) |
647 | { | 693 | { |
648 | struct crypto_tfm *tfm; | 694 | struct crypto_hash *tfm; |
695 | struct hash_desc desc; | ||
649 | char output[1024]; | 696 | char output[1024]; |
650 | int i; | 697 | int i; |
698 | int ret; | ||
651 | 699 | ||
652 | printk("\ntesting speed of %s\n", algo); | 700 | printk("\ntesting speed of %s\n", algo); |
653 | 701 | ||
654 | tfm = crypto_alloc_tfm(algo, 0); | 702 | tfm = crypto_alloc_hash(algo, 0, CRYPTO_ALG_ASYNC); |
655 | 703 | ||
656 | if (tfm == NULL) { | 704 | if (IS_ERR(tfm)) { |
657 | printk("failed to load transform for %s\n", algo); | 705 | printk("failed to load transform for %s: %ld\n", algo, |
706 | PTR_ERR(tfm)); | ||
658 | return; | 707 | return; |
659 | } | 708 | } |
660 | 709 | ||
661 | if (crypto_tfm_alg_digestsize(tfm) > sizeof(output)) { | 710 | desc.tfm = tfm; |
711 | desc.flags = 0; | ||
712 | |||
713 | if (crypto_hash_digestsize(tfm) > sizeof(output)) { | ||
662 | printk("digestsize(%u) > outputbuffer(%zu)\n", | 714 | printk("digestsize(%u) > outputbuffer(%zu)\n", |
663 | crypto_tfm_alg_digestsize(tfm), sizeof(output)); | 715 | crypto_hash_digestsize(tfm), sizeof(output)); |
664 | goto out; | 716 | goto out; |
665 | } | 717 | } |
666 | 718 | ||
@@ -677,20 +729,27 @@ static void test_digest_speed(char *algo, unsigned int sec, | |||
677 | memset(tvmem, 0xff, speed[i].blen); | 729 | memset(tvmem, 0xff, speed[i].blen); |
678 | 730 | ||
679 | if (sec) | 731 | if (sec) |
680 | test_digest_jiffies(tfm, tvmem, speed[i].blen, speed[i].plen, output, sec); | 732 | ret = test_hash_jiffies(&desc, tvmem, speed[i].blen, |
733 | speed[i].plen, output, sec); | ||
681 | else | 734 | else |
682 | test_digest_cycles(tfm, tvmem, speed[i].blen, speed[i].plen, output); | 735 | ret = test_hash_cycles(&desc, tvmem, speed[i].blen, |
736 | speed[i].plen, output); | ||
737 | |||
738 | if (ret) { | ||
739 | printk("hashing failed ret=%d\n", ret); | ||
740 | break; | ||
741 | } | ||
683 | } | 742 | } |
684 | 743 | ||
685 | out: | 744 | out: |
686 | crypto_free_tfm(tfm); | 745 | crypto_free_hash(tfm); |
687 | } | 746 | } |
688 | 747 | ||
689 | static void test_deflate(void) | 748 | static void test_deflate(void) |
690 | { | 749 | { |
691 | unsigned int i; | 750 | unsigned int i; |
692 | char result[COMP_BUF_SIZE]; | 751 | char result[COMP_BUF_SIZE]; |
693 | struct crypto_tfm *tfm; | 752 | struct crypto_comp *tfm; |
694 | struct comp_testvec *tv; | 753 | struct comp_testvec *tv; |
695 | unsigned int tsize; | 754 | unsigned int tsize; |
696 | 755 | ||
@@ -762,105 +821,7 @@ static void test_deflate(void) | |||
762 | ilen, dlen); | 821 | ilen, dlen); |
763 | } | 822 | } |
764 | out: | 823 | out: |
765 | crypto_free_tfm(tfm); | 824 | crypto_free_comp(tfm); |
766 | } | ||
767 | |||
768 | static void test_crc32c(void) | ||
769 | { | ||
770 | #define NUMVEC 6 | ||
771 | #define VECSIZE 40 | ||
772 | |||
773 | int i, j, pass; | ||
774 | u32 crc; | ||
775 | u8 b, test_vec[NUMVEC][VECSIZE]; | ||
776 | static u32 vec_results[NUMVEC] = { | ||
777 | 0x0e2c157f, 0xe980ebf6, 0xde74bded, | ||
778 | 0xd579c862, 0xba979ad0, 0x2b29d913 | ||
779 | }; | ||
780 | static u32 tot_vec_results = 0x24c5d375; | ||
781 | |||
782 | struct scatterlist sg[NUMVEC]; | ||
783 | struct crypto_tfm *tfm; | ||
784 | char *fmtdata = "testing crc32c initialized to %08x: %s\n"; | ||
785 | #define SEEDTESTVAL 0xedcba987 | ||
786 | u32 seed; | ||
787 | |||
788 | printk("\ntesting crc32c\n"); | ||
789 | |||
790 | tfm = crypto_alloc_tfm("crc32c", 0); | ||
791 | if (tfm == NULL) { | ||
792 | printk("failed to load transform for crc32c\n"); | ||
793 | return; | ||
794 | } | ||
795 | |||
796 | crypto_digest_init(tfm); | ||
797 | crypto_digest_final(tfm, (u8*)&crc); | ||
798 | printk(fmtdata, crc, (crc == 0) ? "pass" : "ERROR"); | ||
799 | |||
800 | /* | ||
801 | * stuff test_vec with known values, simple incrementing | ||
802 | * byte values. | ||
803 | */ | ||
804 | b = 0; | ||
805 | for (i = 0; i < NUMVEC; i++) { | ||
806 | for (j = 0; j < VECSIZE; j++) | ||
807 | test_vec[i][j] = ++b; | ||
808 | sg_set_buf(&sg[i], test_vec[i], VECSIZE); | ||
809 | } | ||
810 | |||
811 | seed = SEEDTESTVAL; | ||
812 | (void)crypto_digest_setkey(tfm, (const u8*)&seed, sizeof(u32)); | ||
813 | crypto_digest_final(tfm, (u8*)&crc); | ||
814 | printk("testing crc32c setkey returns %08x : %s\n", crc, (crc == (SEEDTESTVAL ^ ~(u32)0)) ? | ||
815 | "pass" : "ERROR"); | ||
816 | |||
817 | printk("testing crc32c using update/final:\n"); | ||
818 | |||
819 | pass = 1; /* assume all is well */ | ||
820 | |||
821 | for (i = 0; i < NUMVEC; i++) { | ||
822 | seed = ~(u32)0; | ||
823 | (void)crypto_digest_setkey(tfm, (const u8*)&seed, sizeof(u32)); | ||
824 | crypto_digest_update(tfm, &sg[i], 1); | ||
825 | crypto_digest_final(tfm, (u8*)&crc); | ||
826 | if (crc == vec_results[i]) { | ||
827 | printk(" %08x:OK", crc); | ||
828 | } else { | ||
829 | printk(" %08x:BAD, wanted %08x\n", crc, vec_results[i]); | ||
830 | pass = 0; | ||
831 | } | ||
832 | } | ||
833 | |||
834 | printk("\ntesting crc32c using incremental accumulator:\n"); | ||
835 | crc = 0; | ||
836 | for (i = 0; i < NUMVEC; i++) { | ||
837 | seed = (crc ^ ~(u32)0); | ||
838 | (void)crypto_digest_setkey(tfm, (const u8*)&seed, sizeof(u32)); | ||
839 | crypto_digest_update(tfm, &sg[i], 1); | ||
840 | crypto_digest_final(tfm, (u8*)&crc); | ||
841 | } | ||
842 | if (crc == tot_vec_results) { | ||
843 | printk(" %08x:OK", crc); | ||
844 | } else { | ||
845 | printk(" %08x:BAD, wanted %08x\n", crc, tot_vec_results); | ||
846 | pass = 0; | ||
847 | } | ||
848 | |||
849 | printk("\ntesting crc32c using digest:\n"); | ||
850 | seed = ~(u32)0; | ||
851 | (void)crypto_digest_setkey(tfm, (const u8*)&seed, sizeof(u32)); | ||
852 | crypto_digest_digest(tfm, sg, NUMVEC, (u8*)&crc); | ||
853 | if (crc == tot_vec_results) { | ||
854 | printk(" %08x:OK", crc); | ||
855 | } else { | ||
856 | printk(" %08x:BAD, wanted %08x\n", crc, tot_vec_results); | ||
857 | pass = 0; | ||
858 | } | ||
859 | |||
860 | printk("\n%s\n", pass ? "pass" : "ERROR"); | ||
861 | |||
862 | crypto_free_tfm(tfm); | ||
863 | printk("crc32c test complete\n"); | ||
864 | } | 825 | } |
865 | 826 | ||
866 | static void test_available(void) | 827 | static void test_available(void) |
@@ -869,8 +830,8 @@ static void test_available(void) | |||
869 | 830 | ||
870 | while (*name) { | 831 | while (*name) { |
871 | printk("alg %s ", *name); | 832 | printk("alg %s ", *name); |
872 | printk((crypto_alg_available(*name, 0)) ? | 833 | printk(crypto_has_alg(*name, 0, CRYPTO_ALG_ASYNC) ? |
873 | "found\n" : "not found\n"); | 834 | "found\n" : "not found\n"); |
874 | name++; | 835 | name++; |
875 | } | 836 | } |
876 | } | 837 | } |
@@ -885,79 +846,119 @@ static void do_test(void) | |||
885 | test_hash("sha1", sha1_tv_template, SHA1_TEST_VECTORS); | 846 | test_hash("sha1", sha1_tv_template, SHA1_TEST_VECTORS); |
886 | 847 | ||
887 | //DES | 848 | //DES |
888 | test_cipher ("des", MODE_ECB, ENCRYPT, des_enc_tv_template, DES_ENC_TEST_VECTORS); | 849 | test_cipher("ecb(des)", ENCRYPT, des_enc_tv_template, |
889 | test_cipher ("des", MODE_ECB, DECRYPT, des_dec_tv_template, DES_DEC_TEST_VECTORS); | 850 | DES_ENC_TEST_VECTORS); |
890 | test_cipher ("des", MODE_CBC, ENCRYPT, des_cbc_enc_tv_template, DES_CBC_ENC_TEST_VECTORS); | 851 | test_cipher("ecb(des)", DECRYPT, des_dec_tv_template, |
891 | test_cipher ("des", MODE_CBC, DECRYPT, des_cbc_dec_tv_template, DES_CBC_DEC_TEST_VECTORS); | 852 | DES_DEC_TEST_VECTORS); |
853 | test_cipher("cbc(des)", ENCRYPT, des_cbc_enc_tv_template, | ||
854 | DES_CBC_ENC_TEST_VECTORS); | ||
855 | test_cipher("cbc(des)", DECRYPT, des_cbc_dec_tv_template, | ||
856 | DES_CBC_DEC_TEST_VECTORS); | ||
892 | 857 | ||
893 | //DES3_EDE | 858 | //DES3_EDE |
894 | test_cipher ("des3_ede", MODE_ECB, ENCRYPT, des3_ede_enc_tv_template, DES3_EDE_ENC_TEST_VECTORS); | 859 | test_cipher("ecb(des3_ede)", ENCRYPT, des3_ede_enc_tv_template, |
895 | test_cipher ("des3_ede", MODE_ECB, DECRYPT, des3_ede_dec_tv_template, DES3_EDE_DEC_TEST_VECTORS); | 860 | DES3_EDE_ENC_TEST_VECTORS); |
861 | test_cipher("ecb(des3_ede)", DECRYPT, des3_ede_dec_tv_template, | ||
862 | DES3_EDE_DEC_TEST_VECTORS); | ||
896 | 863 | ||
897 | test_hash("md4", md4_tv_template, MD4_TEST_VECTORS); | 864 | test_hash("md4", md4_tv_template, MD4_TEST_VECTORS); |
898 | 865 | ||
899 | test_hash("sha256", sha256_tv_template, SHA256_TEST_VECTORS); | 866 | test_hash("sha256", sha256_tv_template, SHA256_TEST_VECTORS); |
900 | 867 | ||
901 | //BLOWFISH | 868 | //BLOWFISH |
902 | test_cipher ("blowfish", MODE_ECB, ENCRYPT, bf_enc_tv_template, BF_ENC_TEST_VECTORS); | 869 | test_cipher("ecb(blowfish)", ENCRYPT, bf_enc_tv_template, |
903 | test_cipher ("blowfish", MODE_ECB, DECRYPT, bf_dec_tv_template, BF_DEC_TEST_VECTORS); | 870 | BF_ENC_TEST_VECTORS); |
904 | test_cipher ("blowfish", MODE_CBC, ENCRYPT, bf_cbc_enc_tv_template, BF_CBC_ENC_TEST_VECTORS); | 871 | test_cipher("ecb(blowfish)", DECRYPT, bf_dec_tv_template, |
905 | test_cipher ("blowfish", MODE_CBC, DECRYPT, bf_cbc_dec_tv_template, BF_CBC_DEC_TEST_VECTORS); | 872 | BF_DEC_TEST_VECTORS); |
873 | test_cipher("cbc(blowfish)", ENCRYPT, bf_cbc_enc_tv_template, | ||
874 | BF_CBC_ENC_TEST_VECTORS); | ||
875 | test_cipher("cbc(blowfish)", DECRYPT, bf_cbc_dec_tv_template, | ||
876 | BF_CBC_DEC_TEST_VECTORS); | ||
906 | 877 | ||
907 | //TWOFISH | 878 | //TWOFISH |
908 | test_cipher ("twofish", MODE_ECB, ENCRYPT, tf_enc_tv_template, TF_ENC_TEST_VECTORS); | 879 | test_cipher("ecb(twofish)", ENCRYPT, tf_enc_tv_template, |
909 | test_cipher ("twofish", MODE_ECB, DECRYPT, tf_dec_tv_template, TF_DEC_TEST_VECTORS); | 880 | TF_ENC_TEST_VECTORS); |
910 | test_cipher ("twofish", MODE_CBC, ENCRYPT, tf_cbc_enc_tv_template, TF_CBC_ENC_TEST_VECTORS); | 881 | test_cipher("ecb(twofish)", DECRYPT, tf_dec_tv_template, |
911 | test_cipher ("twofish", MODE_CBC, DECRYPT, tf_cbc_dec_tv_template, TF_CBC_DEC_TEST_VECTORS); | 882 | TF_DEC_TEST_VECTORS); |
883 | test_cipher("cbc(twofish)", ENCRYPT, tf_cbc_enc_tv_template, | ||
884 | TF_CBC_ENC_TEST_VECTORS); | ||
885 | test_cipher("cbc(twofish)", DECRYPT, tf_cbc_dec_tv_template, | ||
886 | TF_CBC_DEC_TEST_VECTORS); | ||
912 | 887 | ||
913 | //SERPENT | 888 | //SERPENT |
914 | test_cipher ("serpent", MODE_ECB, ENCRYPT, serpent_enc_tv_template, SERPENT_ENC_TEST_VECTORS); | 889 | test_cipher("ecb(serpent)", ENCRYPT, serpent_enc_tv_template, |
915 | test_cipher ("serpent", MODE_ECB, DECRYPT, serpent_dec_tv_template, SERPENT_DEC_TEST_VECTORS); | 890 | SERPENT_ENC_TEST_VECTORS); |
891 | test_cipher("ecb(serpent)", DECRYPT, serpent_dec_tv_template, | ||
892 | SERPENT_DEC_TEST_VECTORS); | ||
916 | 893 | ||
917 | //TNEPRES | 894 | //TNEPRES |
918 | test_cipher ("tnepres", MODE_ECB, ENCRYPT, tnepres_enc_tv_template, TNEPRES_ENC_TEST_VECTORS); | 895 | test_cipher("ecb(tnepres)", ENCRYPT, tnepres_enc_tv_template, |
919 | test_cipher ("tnepres", MODE_ECB, DECRYPT, tnepres_dec_tv_template, TNEPRES_DEC_TEST_VECTORS); | 896 | TNEPRES_ENC_TEST_VECTORS); |
897 | test_cipher("ecb(tnepres)", DECRYPT, tnepres_dec_tv_template, | ||
898 | TNEPRES_DEC_TEST_VECTORS); | ||
920 | 899 | ||
921 | //AES | 900 | //AES |
922 | test_cipher ("aes", MODE_ECB, ENCRYPT, aes_enc_tv_template, AES_ENC_TEST_VECTORS); | 901 | test_cipher("ecb(aes)", ENCRYPT, aes_enc_tv_template, |
923 | test_cipher ("aes", MODE_ECB, DECRYPT, aes_dec_tv_template, AES_DEC_TEST_VECTORS); | 902 | AES_ENC_TEST_VECTORS); |
924 | test_cipher ("aes", MODE_CBC, ENCRYPT, aes_cbc_enc_tv_template, AES_CBC_ENC_TEST_VECTORS); | 903 | test_cipher("ecb(aes)", DECRYPT, aes_dec_tv_template, |
925 | test_cipher ("aes", MODE_CBC, DECRYPT, aes_cbc_dec_tv_template, AES_CBC_DEC_TEST_VECTORS); | 904 | AES_DEC_TEST_VECTORS); |
905 | test_cipher("cbc(aes)", ENCRYPT, aes_cbc_enc_tv_template, | ||
906 | AES_CBC_ENC_TEST_VECTORS); | ||
907 | test_cipher("cbc(aes)", DECRYPT, aes_cbc_dec_tv_template, | ||
908 | AES_CBC_DEC_TEST_VECTORS); | ||
926 | 909 | ||
927 | //CAST5 | 910 | //CAST5 |
928 | test_cipher ("cast5", MODE_ECB, ENCRYPT, cast5_enc_tv_template, CAST5_ENC_TEST_VECTORS); | 911 | test_cipher("ecb(cast5)", ENCRYPT, cast5_enc_tv_template, |
929 | test_cipher ("cast5", MODE_ECB, DECRYPT, cast5_dec_tv_template, CAST5_DEC_TEST_VECTORS); | 912 | CAST5_ENC_TEST_VECTORS); |
913 | test_cipher("ecb(cast5)", DECRYPT, cast5_dec_tv_template, | ||
914 | CAST5_DEC_TEST_VECTORS); | ||
930 | 915 | ||
931 | //CAST6 | 916 | //CAST6 |
932 | test_cipher ("cast6", MODE_ECB, ENCRYPT, cast6_enc_tv_template, CAST6_ENC_TEST_VECTORS); | 917 | test_cipher("ecb(cast6)", ENCRYPT, cast6_enc_tv_template, |
933 | test_cipher ("cast6", MODE_ECB, DECRYPT, cast6_dec_tv_template, CAST6_DEC_TEST_VECTORS); | 918 | CAST6_ENC_TEST_VECTORS); |
919 | test_cipher("ecb(cast6)", DECRYPT, cast6_dec_tv_template, | ||
920 | CAST6_DEC_TEST_VECTORS); | ||
934 | 921 | ||
935 | //ARC4 | 922 | //ARC4 |
936 | test_cipher ("arc4", MODE_ECB, ENCRYPT, arc4_enc_tv_template, ARC4_ENC_TEST_VECTORS); | 923 | test_cipher("ecb(arc4)", ENCRYPT, arc4_enc_tv_template, |
937 | test_cipher ("arc4", MODE_ECB, DECRYPT, arc4_dec_tv_template, ARC4_DEC_TEST_VECTORS); | 924 | ARC4_ENC_TEST_VECTORS); |
925 | test_cipher("ecb(arc4)", DECRYPT, arc4_dec_tv_template, | ||
926 | ARC4_DEC_TEST_VECTORS); | ||
938 | 927 | ||
939 | //TEA | 928 | //TEA |
940 | test_cipher ("tea", MODE_ECB, ENCRYPT, tea_enc_tv_template, TEA_ENC_TEST_VECTORS); | 929 | test_cipher("ecb(tea)", ENCRYPT, tea_enc_tv_template, |
941 | test_cipher ("tea", MODE_ECB, DECRYPT, tea_dec_tv_template, TEA_DEC_TEST_VECTORS); | 930 | TEA_ENC_TEST_VECTORS); |
931 | test_cipher("ecb(tea)", DECRYPT, tea_dec_tv_template, | ||
932 | TEA_DEC_TEST_VECTORS); | ||
942 | 933 | ||
943 | 934 | ||
944 | //XTEA | 935 | //XTEA |
945 | test_cipher ("xtea", MODE_ECB, ENCRYPT, xtea_enc_tv_template, XTEA_ENC_TEST_VECTORS); | 936 | test_cipher("ecb(xtea)", ENCRYPT, xtea_enc_tv_template, |
946 | test_cipher ("xtea", MODE_ECB, DECRYPT, xtea_dec_tv_template, XTEA_DEC_TEST_VECTORS); | 937 | XTEA_ENC_TEST_VECTORS); |
938 | test_cipher("ecb(xtea)", DECRYPT, xtea_dec_tv_template, | ||
939 | XTEA_DEC_TEST_VECTORS); | ||
947 | 940 | ||
948 | //KHAZAD | 941 | //KHAZAD |
949 | test_cipher ("khazad", MODE_ECB, ENCRYPT, khazad_enc_tv_template, KHAZAD_ENC_TEST_VECTORS); | 942 | test_cipher("ecb(khazad)", ENCRYPT, khazad_enc_tv_template, |
950 | test_cipher ("khazad", MODE_ECB, DECRYPT, khazad_dec_tv_template, KHAZAD_DEC_TEST_VECTORS); | 943 | KHAZAD_ENC_TEST_VECTORS); |
944 | test_cipher("ecb(khazad)", DECRYPT, khazad_dec_tv_template, | ||
945 | KHAZAD_DEC_TEST_VECTORS); | ||
951 | 946 | ||
952 | //ANUBIS | 947 | //ANUBIS |
953 | test_cipher ("anubis", MODE_ECB, ENCRYPT, anubis_enc_tv_template, ANUBIS_ENC_TEST_VECTORS); | 948 | test_cipher("ecb(anubis)", ENCRYPT, anubis_enc_tv_template, |
954 | test_cipher ("anubis", MODE_ECB, DECRYPT, anubis_dec_tv_template, ANUBIS_DEC_TEST_VECTORS); | 949 | ANUBIS_ENC_TEST_VECTORS); |
955 | test_cipher ("anubis", MODE_CBC, ENCRYPT, anubis_cbc_enc_tv_template, ANUBIS_CBC_ENC_TEST_VECTORS); | 950 | test_cipher("ecb(anubis)", DECRYPT, anubis_dec_tv_template, |
956 | test_cipher ("anubis", MODE_CBC, DECRYPT, anubis_cbc_dec_tv_template, ANUBIS_CBC_ENC_TEST_VECTORS); | 951 | ANUBIS_DEC_TEST_VECTORS); |
952 | test_cipher("cbc(anubis)", ENCRYPT, anubis_cbc_enc_tv_template, | ||
953 | ANUBIS_CBC_ENC_TEST_VECTORS); | ||
954 | test_cipher("cbc(anubis)", DECRYPT, anubis_cbc_dec_tv_template, | ||
955 | ANUBIS_CBC_ENC_TEST_VECTORS); | ||
957 | 956 | ||
958 | //XETA | 957 | //XETA |
959 | test_cipher ("xeta", MODE_ECB, ENCRYPT, xeta_enc_tv_template, XETA_ENC_TEST_VECTORS); | 958 | test_cipher("ecb(xeta)", ENCRYPT, xeta_enc_tv_template, |
960 | test_cipher ("xeta", MODE_ECB, DECRYPT, xeta_dec_tv_template, XETA_DEC_TEST_VECTORS); | 959 | XETA_ENC_TEST_VECTORS); |
960 | test_cipher("ecb(xeta)", DECRYPT, xeta_dec_tv_template, | ||
961 | XETA_DEC_TEST_VECTORS); | ||
961 | 962 | ||
962 | test_hash("sha384", sha384_tv_template, SHA384_TEST_VECTORS); | 963 | test_hash("sha384", sha384_tv_template, SHA384_TEST_VECTORS); |
963 | test_hash("sha512", sha512_tv_template, SHA512_TEST_VECTORS); | 964 | test_hash("sha512", sha512_tv_template, SHA512_TEST_VECTORS); |
@@ -968,12 +969,13 @@ static void do_test(void) | |||
968 | test_hash("tgr160", tgr160_tv_template, TGR160_TEST_VECTORS); | 969 | test_hash("tgr160", tgr160_tv_template, TGR160_TEST_VECTORS); |
969 | test_hash("tgr128", tgr128_tv_template, TGR128_TEST_VECTORS); | 970 | test_hash("tgr128", tgr128_tv_template, TGR128_TEST_VECTORS); |
970 | test_deflate(); | 971 | test_deflate(); |
971 | test_crc32c(); | 972 | test_hash("crc32c", crc32c_tv_template, CRC32C_TEST_VECTORS); |
972 | #ifdef CONFIG_CRYPTO_HMAC | 973 | test_hash("hmac(md5)", hmac_md5_tv_template, |
973 | test_hmac("md5", hmac_md5_tv_template, HMAC_MD5_TEST_VECTORS); | 974 | HMAC_MD5_TEST_VECTORS); |
974 | test_hmac("sha1", hmac_sha1_tv_template, HMAC_SHA1_TEST_VECTORS); | 975 | test_hash("hmac(sha1)", hmac_sha1_tv_template, |
975 | test_hmac("sha256", hmac_sha256_tv_template, HMAC_SHA256_TEST_VECTORS); | 976 | HMAC_SHA1_TEST_VECTORS); |
976 | #endif | 977 | test_hash("hmac(sha256)", hmac_sha256_tv_template, |
978 | HMAC_SHA256_TEST_VECTORS); | ||
977 | 979 | ||
978 | test_hash("michael_mic", michael_mic_tv_template, MICHAEL_MIC_TEST_VECTORS); | 980 | test_hash("michael_mic", michael_mic_tv_template, MICHAEL_MIC_TEST_VECTORS); |
979 | break; | 981 | break; |
@@ -987,15 +989,21 @@ static void do_test(void) | |||
987 | break; | 989 | break; |
988 | 990 | ||
989 | case 3: | 991 | case 3: |
990 | test_cipher ("des", MODE_ECB, ENCRYPT, des_enc_tv_template, DES_ENC_TEST_VECTORS); | 992 | test_cipher("ecb(des)", ENCRYPT, des_enc_tv_template, |
991 | test_cipher ("des", MODE_ECB, DECRYPT, des_dec_tv_template, DES_DEC_TEST_VECTORS); | 993 | DES_ENC_TEST_VECTORS); |
992 | test_cipher ("des", MODE_CBC, ENCRYPT, des_cbc_enc_tv_template, DES_CBC_ENC_TEST_VECTORS); | 994 | test_cipher("ecb(des)", DECRYPT, des_dec_tv_template, |
993 | test_cipher ("des", MODE_CBC, DECRYPT, des_cbc_dec_tv_template, DES_CBC_DEC_TEST_VECTORS); | 995 | DES_DEC_TEST_VECTORS); |
996 | test_cipher("cbc(des)", ENCRYPT, des_cbc_enc_tv_template, | ||
997 | DES_CBC_ENC_TEST_VECTORS); | ||
998 | test_cipher("cbc(des)", DECRYPT, des_cbc_dec_tv_template, | ||
999 | DES_CBC_DEC_TEST_VECTORS); | ||
994 | break; | 1000 | break; |
995 | 1001 | ||
996 | case 4: | 1002 | case 4: |
997 | test_cipher ("des3_ede", MODE_ECB, ENCRYPT, des3_ede_enc_tv_template, DES3_EDE_ENC_TEST_VECTORS); | 1003 | test_cipher("ecb(des3_ede)", ENCRYPT, des3_ede_enc_tv_template, |
998 | test_cipher ("des3_ede", MODE_ECB, DECRYPT, des3_ede_dec_tv_template, DES3_EDE_DEC_TEST_VECTORS); | 1004 | DES3_EDE_ENC_TEST_VECTORS); |
1005 | test_cipher("ecb(des3_ede)", DECRYPT, des3_ede_dec_tv_template, | ||
1006 | DES3_EDE_DEC_TEST_VECTORS); | ||
999 | break; | 1007 | break; |
1000 | 1008 | ||
1001 | case 5: | 1009 | case 5: |
@@ -1007,29 +1015,43 @@ static void do_test(void) | |||
1007 | break; | 1015 | break; |
1008 | 1016 | ||
1009 | case 7: | 1017 | case 7: |
1010 | test_cipher ("blowfish", MODE_ECB, ENCRYPT, bf_enc_tv_template, BF_ENC_TEST_VECTORS); | 1018 | test_cipher("ecb(blowfish)", ENCRYPT, bf_enc_tv_template, |
1011 | test_cipher ("blowfish", MODE_ECB, DECRYPT, bf_dec_tv_template, BF_DEC_TEST_VECTORS); | 1019 | BF_ENC_TEST_VECTORS); |
1012 | test_cipher ("blowfish", MODE_CBC, ENCRYPT, bf_cbc_enc_tv_template, BF_CBC_ENC_TEST_VECTORS); | 1020 | test_cipher("ecb(blowfish)", DECRYPT, bf_dec_tv_template, |
1013 | test_cipher ("blowfish", MODE_CBC, DECRYPT, bf_cbc_dec_tv_template, BF_CBC_DEC_TEST_VECTORS); | 1021 | BF_DEC_TEST_VECTORS); |
1022 | test_cipher("cbc(blowfish)", ENCRYPT, bf_cbc_enc_tv_template, | ||
1023 | BF_CBC_ENC_TEST_VECTORS); | ||
1024 | test_cipher("cbc(blowfish)", DECRYPT, bf_cbc_dec_tv_template, | ||
1025 | BF_CBC_DEC_TEST_VECTORS); | ||
1014 | break; | 1026 | break; |
1015 | 1027 | ||
1016 | case 8: | 1028 | case 8: |
1017 | test_cipher ("twofish", MODE_ECB, ENCRYPT, tf_enc_tv_template, TF_ENC_TEST_VECTORS); | 1029 | test_cipher("ecb(twofish)", ENCRYPT, tf_enc_tv_template, |
1018 | test_cipher ("twofish", MODE_ECB, DECRYPT, tf_dec_tv_template, TF_DEC_TEST_VECTORS); | 1030 | TF_ENC_TEST_VECTORS); |
1019 | test_cipher ("twofish", MODE_CBC, ENCRYPT, tf_cbc_enc_tv_template, TF_CBC_ENC_TEST_VECTORS); | 1031 | test_cipher("ecb(twofish)", DECRYPT, tf_dec_tv_template, |
1020 | test_cipher ("twofish", MODE_CBC, DECRYPT, tf_cbc_dec_tv_template, TF_CBC_DEC_TEST_VECTORS); | 1032 | TF_DEC_TEST_VECTORS); |
1033 | test_cipher("cbc(twofish)", ENCRYPT, tf_cbc_enc_tv_template, | ||
1034 | TF_CBC_ENC_TEST_VECTORS); | ||
1035 | test_cipher("cbc(twofish)", DECRYPT, tf_cbc_dec_tv_template, | ||
1036 | TF_CBC_DEC_TEST_VECTORS); | ||
1021 | break; | 1037 | break; |
1022 | 1038 | ||
1023 | case 9: | 1039 | case 9: |
1024 | test_cipher ("serpent", MODE_ECB, ENCRYPT, serpent_enc_tv_template, SERPENT_ENC_TEST_VECTORS); | 1040 | test_cipher("ecb(serpent)", ENCRYPT, serpent_enc_tv_template, |
1025 | test_cipher ("serpent", MODE_ECB, DECRYPT, serpent_dec_tv_template, SERPENT_DEC_TEST_VECTORS); | 1041 | SERPENT_ENC_TEST_VECTORS); |
1042 | test_cipher("ecb(serpent)", DECRYPT, serpent_dec_tv_template, | ||
1043 | SERPENT_DEC_TEST_VECTORS); | ||
1026 | break; | 1044 | break; |
1027 | 1045 | ||
1028 | case 10: | 1046 | case 10: |
1029 | test_cipher ("aes", MODE_ECB, ENCRYPT, aes_enc_tv_template, AES_ENC_TEST_VECTORS); | 1047 | test_cipher("ecb(aes)", ENCRYPT, aes_enc_tv_template, |
1030 | test_cipher ("aes", MODE_ECB, DECRYPT, aes_dec_tv_template, AES_DEC_TEST_VECTORS); | 1048 | AES_ENC_TEST_VECTORS); |
1031 | test_cipher ("aes", MODE_CBC, ENCRYPT, aes_cbc_enc_tv_template, AES_CBC_ENC_TEST_VECTORS); | 1049 | test_cipher("ecb(aes)", DECRYPT, aes_dec_tv_template, |
1032 | test_cipher ("aes", MODE_CBC, DECRYPT, aes_cbc_dec_tv_template, AES_CBC_DEC_TEST_VECTORS); | 1050 | AES_DEC_TEST_VECTORS); |
1051 | test_cipher("cbc(aes)", ENCRYPT, aes_cbc_enc_tv_template, | ||
1052 | AES_CBC_ENC_TEST_VECTORS); | ||
1053 | test_cipher("cbc(aes)", DECRYPT, aes_cbc_dec_tv_template, | ||
1054 | AES_CBC_DEC_TEST_VECTORS); | ||
1033 | break; | 1055 | break; |
1034 | 1056 | ||
1035 | case 11: | 1057 | case 11: |
@@ -1045,18 +1067,24 @@ static void do_test(void) | |||
1045 | break; | 1067 | break; |
1046 | 1068 | ||
1047 | case 14: | 1069 | case 14: |
1048 | test_cipher ("cast5", MODE_ECB, ENCRYPT, cast5_enc_tv_template, CAST5_ENC_TEST_VECTORS); | 1070 | test_cipher("ecb(cast5)", ENCRYPT, cast5_enc_tv_template, |
1049 | test_cipher ("cast5", MODE_ECB, DECRYPT, cast5_dec_tv_template, CAST5_DEC_TEST_VECTORS); | 1071 | CAST5_ENC_TEST_VECTORS); |
1072 | test_cipher("ecb(cast5)", DECRYPT, cast5_dec_tv_template, | ||
1073 | CAST5_DEC_TEST_VECTORS); | ||
1050 | break; | 1074 | break; |
1051 | 1075 | ||
1052 | case 15: | 1076 | case 15: |
1053 | test_cipher ("cast6", MODE_ECB, ENCRYPT, cast6_enc_tv_template, CAST6_ENC_TEST_VECTORS); | 1077 | test_cipher("ecb(cast6)", ENCRYPT, cast6_enc_tv_template, |
1054 | test_cipher ("cast6", MODE_ECB, DECRYPT, cast6_dec_tv_template, CAST6_DEC_TEST_VECTORS); | 1078 | CAST6_ENC_TEST_VECTORS); |
1079 | test_cipher("ecb(cast6)", DECRYPT, cast6_dec_tv_template, | ||
1080 | CAST6_DEC_TEST_VECTORS); | ||
1055 | break; | 1081 | break; |
1056 | 1082 | ||
1057 | case 16: | 1083 | case 16: |
1058 | test_cipher ("arc4", MODE_ECB, ENCRYPT, arc4_enc_tv_template, ARC4_ENC_TEST_VECTORS); | 1084 | test_cipher("ecb(arc4)", ENCRYPT, arc4_enc_tv_template, |
1059 | test_cipher ("arc4", MODE_ECB, DECRYPT, arc4_dec_tv_template, ARC4_DEC_TEST_VECTORS); | 1085 | ARC4_ENC_TEST_VECTORS); |
1086 | test_cipher("ecb(arc4)", DECRYPT, arc4_dec_tv_template, | ||
1087 | ARC4_DEC_TEST_VECTORS); | ||
1060 | break; | 1088 | break; |
1061 | 1089 | ||
1062 | case 17: | 1090 | case 17: |
@@ -1064,22 +1092,28 @@ static void do_test(void) | |||
1064 | break; | 1092 | break; |
1065 | 1093 | ||
1066 | case 18: | 1094 | case 18: |
1067 | test_crc32c(); | 1095 | test_hash("crc32c", crc32c_tv_template, CRC32C_TEST_VECTORS); |
1068 | break; | 1096 | break; |
1069 | 1097 | ||
1070 | case 19: | 1098 | case 19: |
1071 | test_cipher ("tea", MODE_ECB, ENCRYPT, tea_enc_tv_template, TEA_ENC_TEST_VECTORS); | 1099 | test_cipher("ecb(tea)", ENCRYPT, tea_enc_tv_template, |
1072 | test_cipher ("tea", MODE_ECB, DECRYPT, tea_dec_tv_template, TEA_DEC_TEST_VECTORS); | 1100 | TEA_ENC_TEST_VECTORS); |
1101 | test_cipher("ecb(tea)", DECRYPT, tea_dec_tv_template, | ||
1102 | TEA_DEC_TEST_VECTORS); | ||
1073 | break; | 1103 | break; |
1074 | 1104 | ||
1075 | case 20: | 1105 | case 20: |
1076 | test_cipher ("xtea", MODE_ECB, ENCRYPT, xtea_enc_tv_template, XTEA_ENC_TEST_VECTORS); | 1106 | test_cipher("ecb(xtea)", ENCRYPT, xtea_enc_tv_template, |
1077 | test_cipher ("xtea", MODE_ECB, DECRYPT, xtea_dec_tv_template, XTEA_DEC_TEST_VECTORS); | 1107 | XTEA_ENC_TEST_VECTORS); |
1108 | test_cipher("ecb(xtea)", DECRYPT, xtea_dec_tv_template, | ||
1109 | XTEA_DEC_TEST_VECTORS); | ||
1078 | break; | 1110 | break; |
1079 | 1111 | ||
1080 | case 21: | 1112 | case 21: |
1081 | test_cipher ("khazad", MODE_ECB, ENCRYPT, khazad_enc_tv_template, KHAZAD_ENC_TEST_VECTORS); | 1113 | test_cipher("ecb(khazad)", ENCRYPT, khazad_enc_tv_template, |
1082 | test_cipher ("khazad", MODE_ECB, DECRYPT, khazad_dec_tv_template, KHAZAD_DEC_TEST_VECTORS); | 1114 | KHAZAD_ENC_TEST_VECTORS); |
1115 | test_cipher("ecb(khazad)", DECRYPT, khazad_dec_tv_template, | ||
1116 | KHAZAD_DEC_TEST_VECTORS); | ||
1083 | break; | 1117 | break; |
1084 | 1118 | ||
1085 | case 22: | 1119 | case 22: |
@@ -1095,15 +1129,21 @@ static void do_test(void) | |||
1095 | break; | 1129 | break; |
1096 | 1130 | ||
1097 | case 25: | 1131 | case 25: |
1098 | test_cipher ("tnepres", MODE_ECB, ENCRYPT, tnepres_enc_tv_template, TNEPRES_ENC_TEST_VECTORS); | 1132 | test_cipher("ecb(tnepres)", ENCRYPT, tnepres_enc_tv_template, |
1099 | test_cipher ("tnepres", MODE_ECB, DECRYPT, tnepres_dec_tv_template, TNEPRES_DEC_TEST_VECTORS); | 1133 | TNEPRES_ENC_TEST_VECTORS); |
1134 | test_cipher("ecb(tnepres)", DECRYPT, tnepres_dec_tv_template, | ||
1135 | TNEPRES_DEC_TEST_VECTORS); | ||
1100 | break; | 1136 | break; |
1101 | 1137 | ||
1102 | case 26: | 1138 | case 26: |
1103 | test_cipher ("anubis", MODE_ECB, ENCRYPT, anubis_enc_tv_template, ANUBIS_ENC_TEST_VECTORS); | 1139 | test_cipher("ecb(anubis)", ENCRYPT, anubis_enc_tv_template, |
1104 | test_cipher ("anubis", MODE_ECB, DECRYPT, anubis_dec_tv_template, ANUBIS_DEC_TEST_VECTORS); | 1140 | ANUBIS_ENC_TEST_VECTORS); |
1105 | test_cipher ("anubis", MODE_CBC, ENCRYPT, anubis_cbc_enc_tv_template, ANUBIS_CBC_ENC_TEST_VECTORS); | 1141 | test_cipher("ecb(anubis)", DECRYPT, anubis_dec_tv_template, |
1106 | test_cipher ("anubis", MODE_CBC, DECRYPT, anubis_cbc_dec_tv_template, ANUBIS_CBC_ENC_TEST_VECTORS); | 1142 | ANUBIS_DEC_TEST_VECTORS); |
1143 | test_cipher("cbc(anubis)", ENCRYPT, anubis_cbc_enc_tv_template, | ||
1144 | ANUBIS_CBC_ENC_TEST_VECTORS); | ||
1145 | test_cipher("cbc(anubis)", DECRYPT, anubis_cbc_dec_tv_template, | ||
1146 | ANUBIS_CBC_ENC_TEST_VECTORS); | ||
1107 | break; | 1147 | break; |
1108 | 1148 | ||
1109 | case 27: | 1149 | case 27: |
@@ -1120,85 +1160,88 @@ static void do_test(void) | |||
1120 | break; | 1160 | break; |
1121 | 1161 | ||
1122 | case 30: | 1162 | case 30: |
1123 | test_cipher ("xeta", MODE_ECB, ENCRYPT, xeta_enc_tv_template, XETA_ENC_TEST_VECTORS); | 1163 | test_cipher("ecb(xeta)", ENCRYPT, xeta_enc_tv_template, |
1124 | test_cipher ("xeta", MODE_ECB, DECRYPT, xeta_dec_tv_template, XETA_DEC_TEST_VECTORS); | 1164 | XETA_ENC_TEST_VECTORS); |
1165 | test_cipher("ecb(xeta)", DECRYPT, xeta_dec_tv_template, | ||
1166 | XETA_DEC_TEST_VECTORS); | ||
1125 | break; | 1167 | break; |
1126 | 1168 | ||
1127 | #ifdef CONFIG_CRYPTO_HMAC | ||
1128 | case 100: | 1169 | case 100: |
1129 | test_hmac("md5", hmac_md5_tv_template, HMAC_MD5_TEST_VECTORS); | 1170 | test_hash("hmac(md5)", hmac_md5_tv_template, |
1171 | HMAC_MD5_TEST_VECTORS); | ||
1130 | break; | 1172 | break; |
1131 | 1173 | ||
1132 | case 101: | 1174 | case 101: |
1133 | test_hmac("sha1", hmac_sha1_tv_template, HMAC_SHA1_TEST_VECTORS); | 1175 | test_hash("hmac(sha1)", hmac_sha1_tv_template, |
1176 | HMAC_SHA1_TEST_VECTORS); | ||
1134 | break; | 1177 | break; |
1135 | 1178 | ||
1136 | case 102: | 1179 | case 102: |
1137 | test_hmac("sha256", hmac_sha256_tv_template, HMAC_SHA256_TEST_VECTORS); | 1180 | test_hash("hmac(sha256)", hmac_sha256_tv_template, |
1181 | HMAC_SHA256_TEST_VECTORS); | ||
1138 | break; | 1182 | break; |
1139 | 1183 | ||
1140 | #endif | ||
1141 | 1184 | ||
1142 | case 200: | 1185 | case 200: |
1143 | test_cipher_speed("aes", MODE_ECB, ENCRYPT, sec, NULL, 0, | 1186 | test_cipher_speed("ecb(aes)", ENCRYPT, sec, NULL, 0, |
1144 | aes_speed_template); | 1187 | aes_speed_template); |
1145 | test_cipher_speed("aes", MODE_ECB, DECRYPT, sec, NULL, 0, | 1188 | test_cipher_speed("ecb(aes)", DECRYPT, sec, NULL, 0, |
1146 | aes_speed_template); | 1189 | aes_speed_template); |
1147 | test_cipher_speed("aes", MODE_CBC, ENCRYPT, sec, NULL, 0, | 1190 | test_cipher_speed("cbc(aes)", ENCRYPT, sec, NULL, 0, |
1148 | aes_speed_template); | 1191 | aes_speed_template); |
1149 | test_cipher_speed("aes", MODE_CBC, DECRYPT, sec, NULL, 0, | 1192 | test_cipher_speed("cbc(aes)", DECRYPT, sec, NULL, 0, |
1150 | aes_speed_template); | 1193 | aes_speed_template); |
1151 | break; | 1194 | break; |
1152 | 1195 | ||
1153 | case 201: | 1196 | case 201: |
1154 | test_cipher_speed("des3_ede", MODE_ECB, ENCRYPT, sec, | 1197 | test_cipher_speed("ecb(des3_ede)", ENCRYPT, sec, |
1155 | des3_ede_enc_tv_template, | 1198 | des3_ede_enc_tv_template, |
1156 | DES3_EDE_ENC_TEST_VECTORS, | 1199 | DES3_EDE_ENC_TEST_VECTORS, |
1157 | des3_ede_speed_template); | 1200 | des3_ede_speed_template); |
1158 | test_cipher_speed("des3_ede", MODE_ECB, DECRYPT, sec, | 1201 | test_cipher_speed("ecb(des3_ede)", DECRYPT, sec, |
1159 | des3_ede_dec_tv_template, | 1202 | des3_ede_dec_tv_template, |
1160 | DES3_EDE_DEC_TEST_VECTORS, | 1203 | DES3_EDE_DEC_TEST_VECTORS, |
1161 | des3_ede_speed_template); | 1204 | des3_ede_speed_template); |
1162 | test_cipher_speed("des3_ede", MODE_CBC, ENCRYPT, sec, | 1205 | test_cipher_speed("cbc(des3_ede)", ENCRYPT, sec, |
1163 | des3_ede_enc_tv_template, | 1206 | des3_ede_enc_tv_template, |
1164 | DES3_EDE_ENC_TEST_VECTORS, | 1207 | DES3_EDE_ENC_TEST_VECTORS, |
1165 | des3_ede_speed_template); | 1208 | des3_ede_speed_template); |
1166 | test_cipher_speed("des3_ede", MODE_CBC, DECRYPT, sec, | 1209 | test_cipher_speed("cbc(des3_ede)", DECRYPT, sec, |
1167 | des3_ede_dec_tv_template, | 1210 | des3_ede_dec_tv_template, |
1168 | DES3_EDE_DEC_TEST_VECTORS, | 1211 | DES3_EDE_DEC_TEST_VECTORS, |
1169 | des3_ede_speed_template); | 1212 | des3_ede_speed_template); |
1170 | break; | 1213 | break; |
1171 | 1214 | ||
1172 | case 202: | 1215 | case 202: |
1173 | test_cipher_speed("twofish", MODE_ECB, ENCRYPT, sec, NULL, 0, | 1216 | test_cipher_speed("ecb(twofish)", ENCRYPT, sec, NULL, 0, |
1174 | twofish_speed_template); | 1217 | twofish_speed_template); |
1175 | test_cipher_speed("twofish", MODE_ECB, DECRYPT, sec, NULL, 0, | 1218 | test_cipher_speed("ecb(twofish)", DECRYPT, sec, NULL, 0, |
1176 | twofish_speed_template); | 1219 | twofish_speed_template); |
1177 | test_cipher_speed("twofish", MODE_CBC, ENCRYPT, sec, NULL, 0, | 1220 | test_cipher_speed("cbc(twofish)", ENCRYPT, sec, NULL, 0, |
1178 | twofish_speed_template); | 1221 | twofish_speed_template); |
1179 | test_cipher_speed("twofish", MODE_CBC, DECRYPT, sec, NULL, 0, | 1222 | test_cipher_speed("cbc(twofish)", DECRYPT, sec, NULL, 0, |
1180 | twofish_speed_template); | 1223 | twofish_speed_template); |
1181 | break; | 1224 | break; |
1182 | 1225 | ||
1183 | case 203: | 1226 | case 203: |
1184 | test_cipher_speed("blowfish", MODE_ECB, ENCRYPT, sec, NULL, 0, | 1227 | test_cipher_speed("ecb(blowfish)", ENCRYPT, sec, NULL, 0, |
1185 | blowfish_speed_template); | 1228 | blowfish_speed_template); |
1186 | test_cipher_speed("blowfish", MODE_ECB, DECRYPT, sec, NULL, 0, | 1229 | test_cipher_speed("ecb(blowfish)", DECRYPT, sec, NULL, 0, |
1187 | blowfish_speed_template); | 1230 | blowfish_speed_template); |
1188 | test_cipher_speed("blowfish", MODE_CBC, ENCRYPT, sec, NULL, 0, | 1231 | test_cipher_speed("cbc(blowfish)", ENCRYPT, sec, NULL, 0, |
1189 | blowfish_speed_template); | 1232 | blowfish_speed_template); |
1190 | test_cipher_speed("blowfish", MODE_CBC, DECRYPT, sec, NULL, 0, | 1233 | test_cipher_speed("cbc(blowfish)", DECRYPT, sec, NULL, 0, |
1191 | blowfish_speed_template); | 1234 | blowfish_speed_template); |
1192 | break; | 1235 | break; |
1193 | 1236 | ||
1194 | case 204: | 1237 | case 204: |
1195 | test_cipher_speed("des", MODE_ECB, ENCRYPT, sec, NULL, 0, | 1238 | test_cipher_speed("ecb(des)", ENCRYPT, sec, NULL, 0, |
1196 | des_speed_template); | 1239 | des_speed_template); |
1197 | test_cipher_speed("des", MODE_ECB, DECRYPT, sec, NULL, 0, | 1240 | test_cipher_speed("ecb(des)", DECRYPT, sec, NULL, 0, |
1198 | des_speed_template); | 1241 | des_speed_template); |
1199 | test_cipher_speed("des", MODE_CBC, ENCRYPT, sec, NULL, 0, | 1242 | test_cipher_speed("cbc(des)", ENCRYPT, sec, NULL, 0, |
1200 | des_speed_template); | 1243 | des_speed_template); |
1201 | test_cipher_speed("des", MODE_CBC, DECRYPT, sec, NULL, 0, | 1244 | test_cipher_speed("cbc(des)", DECRYPT, sec, NULL, 0, |
1202 | des_speed_template); | 1245 | des_speed_template); |
1203 | break; | 1246 | break; |
1204 | 1247 | ||
@@ -1206,51 +1249,51 @@ static void do_test(void) | |||
1206 | /* fall through */ | 1249 | /* fall through */ |
1207 | 1250 | ||
1208 | case 301: | 1251 | case 301: |
1209 | test_digest_speed("md4", sec, generic_digest_speed_template); | 1252 | test_hash_speed("md4", sec, generic_hash_speed_template); |
1210 | if (mode > 300 && mode < 400) break; | 1253 | if (mode > 300 && mode < 400) break; |
1211 | 1254 | ||
1212 | case 302: | 1255 | case 302: |
1213 | test_digest_speed("md5", sec, generic_digest_speed_template); | 1256 | test_hash_speed("md5", sec, generic_hash_speed_template); |
1214 | if (mode > 300 && mode < 400) break; | 1257 | if (mode > 300 && mode < 400) break; |
1215 | 1258 | ||
1216 | case 303: | 1259 | case 303: |
1217 | test_digest_speed("sha1", sec, generic_digest_speed_template); | 1260 | test_hash_speed("sha1", sec, generic_hash_speed_template); |
1218 | if (mode > 300 && mode < 400) break; | 1261 | if (mode > 300 && mode < 400) break; |
1219 | 1262 | ||
1220 | case 304: | 1263 | case 304: |
1221 | test_digest_speed("sha256", sec, generic_digest_speed_template); | 1264 | test_hash_speed("sha256", sec, generic_hash_speed_template); |
1222 | if (mode > 300 && mode < 400) break; | 1265 | if (mode > 300 && mode < 400) break; |
1223 | 1266 | ||
1224 | case 305: | 1267 | case 305: |
1225 | test_digest_speed("sha384", sec, generic_digest_speed_template); | 1268 | test_hash_speed("sha384", sec, generic_hash_speed_template); |
1226 | if (mode > 300 && mode < 400) break; | 1269 | if (mode > 300 && mode < 400) break; |
1227 | 1270 | ||
1228 | case 306: | 1271 | case 306: |
1229 | test_digest_speed("sha512", sec, generic_digest_speed_template); | 1272 | test_hash_speed("sha512", sec, generic_hash_speed_template); |
1230 | if (mode > 300 && mode < 400) break; | 1273 | if (mode > 300 && mode < 400) break; |
1231 | 1274 | ||
1232 | case 307: | 1275 | case 307: |
1233 | test_digest_speed("wp256", sec, generic_digest_speed_template); | 1276 | test_hash_speed("wp256", sec, generic_hash_speed_template); |
1234 | if (mode > 300 && mode < 400) break; | 1277 | if (mode > 300 && mode < 400) break; |
1235 | 1278 | ||
1236 | case 308: | 1279 | case 308: |
1237 | test_digest_speed("wp384", sec, generic_digest_speed_template); | 1280 | test_hash_speed("wp384", sec, generic_hash_speed_template); |
1238 | if (mode > 300 && mode < 400) break; | 1281 | if (mode > 300 && mode < 400) break; |
1239 | 1282 | ||
1240 | case 309: | 1283 | case 309: |
1241 | test_digest_speed("wp512", sec, generic_digest_speed_template); | 1284 | test_hash_speed("wp512", sec, generic_hash_speed_template); |
1242 | if (mode > 300 && mode < 400) break; | 1285 | if (mode > 300 && mode < 400) break; |
1243 | 1286 | ||
1244 | case 310: | 1287 | case 310: |
1245 | test_digest_speed("tgr128", sec, generic_digest_speed_template); | 1288 | test_hash_speed("tgr128", sec, generic_hash_speed_template); |
1246 | if (mode > 300 && mode < 400) break; | 1289 | if (mode > 300 && mode < 400) break; |
1247 | 1290 | ||
1248 | case 311: | 1291 | case 311: |
1249 | test_digest_speed("tgr160", sec, generic_digest_speed_template); | 1292 | test_hash_speed("tgr160", sec, generic_hash_speed_template); |
1250 | if (mode > 300 && mode < 400) break; | 1293 | if (mode > 300 && mode < 400) break; |
1251 | 1294 | ||
1252 | case 312: | 1295 | case 312: |
1253 | test_digest_speed("tgr192", sec, generic_digest_speed_template); | 1296 | test_hash_speed("tgr192", sec, generic_hash_speed_template); |
1254 | if (mode > 300 && mode < 400) break; | 1297 | if (mode > 300 && mode < 400) break; |
1255 | 1298 | ||
1256 | case 399: | 1299 | case 399: |
diff --git a/crypto/tcrypt.h b/crypto/tcrypt.h index 1fac5602f633..a40c4411729e 100644 --- a/crypto/tcrypt.h +++ b/crypto/tcrypt.h | |||
@@ -28,7 +28,7 @@ | |||
28 | struct hash_testvec { | 28 | struct hash_testvec { |
29 | /* only used with keyed hash algorithms */ | 29 | /* only used with keyed hash algorithms */ |
30 | char key[128] __attribute__ ((__aligned__(4))); | 30 | char key[128] __attribute__ ((__aligned__(4))); |
31 | char plaintext[128]; | 31 | char plaintext[240]; |
32 | char digest[MAX_DIGEST_SIZE]; | 32 | char digest[MAX_DIGEST_SIZE]; |
33 | unsigned char tap[MAX_TAP]; | 33 | unsigned char tap[MAX_TAP]; |
34 | unsigned char psize; | 34 | unsigned char psize; |
@@ -36,16 +36,6 @@ struct hash_testvec { | |||
36 | unsigned char ksize; | 36 | unsigned char ksize; |
37 | }; | 37 | }; |
38 | 38 | ||
39 | struct hmac_testvec { | ||
40 | char key[128]; | ||
41 | char plaintext[128]; | ||
42 | char digest[MAX_DIGEST_SIZE]; | ||
43 | unsigned char tap[MAX_TAP]; | ||
44 | unsigned char ksize; | ||
45 | unsigned char psize; | ||
46 | unsigned char np; | ||
47 | }; | ||
48 | |||
49 | struct cipher_testvec { | 39 | struct cipher_testvec { |
50 | char key[MAX_KEYLEN] __attribute__ ((__aligned__(4))); | 40 | char key[MAX_KEYLEN] __attribute__ ((__aligned__(4))); |
51 | char iv[MAX_IVLEN]; | 41 | char iv[MAX_IVLEN]; |
@@ -65,7 +55,7 @@ struct cipher_speed { | |||
65 | unsigned int blen; | 55 | unsigned int blen; |
66 | }; | 56 | }; |
67 | 57 | ||
68 | struct digest_speed { | 58 | struct hash_speed { |
69 | unsigned int blen; /* buffer length */ | 59 | unsigned int blen; /* buffer length */ |
70 | unsigned int plen; /* per-update length */ | 60 | unsigned int plen; /* per-update length */ |
71 | }; | 61 | }; |
@@ -697,14 +687,13 @@ static struct hash_testvec tgr128_tv_template[] = { | |||
697 | }, | 687 | }, |
698 | }; | 688 | }; |
699 | 689 | ||
700 | #ifdef CONFIG_CRYPTO_HMAC | ||
701 | /* | 690 | /* |
702 | * HMAC-MD5 test vectors from RFC2202 | 691 | * HMAC-MD5 test vectors from RFC2202 |
703 | * (These need to be fixed to not use strlen). | 692 | * (These need to be fixed to not use strlen). |
704 | */ | 693 | */ |
705 | #define HMAC_MD5_TEST_VECTORS 7 | 694 | #define HMAC_MD5_TEST_VECTORS 7 |
706 | 695 | ||
707 | static struct hmac_testvec hmac_md5_tv_template[] = | 696 | static struct hash_testvec hmac_md5_tv_template[] = |
708 | { | 697 | { |
709 | { | 698 | { |
710 | .key = { [0 ... 15] = 0x0b }, | 699 | .key = { [0 ... 15] = 0x0b }, |
@@ -768,7 +757,7 @@ static struct hmac_testvec hmac_md5_tv_template[] = | |||
768 | */ | 757 | */ |
769 | #define HMAC_SHA1_TEST_VECTORS 7 | 758 | #define HMAC_SHA1_TEST_VECTORS 7 |
770 | 759 | ||
771 | static struct hmac_testvec hmac_sha1_tv_template[] = { | 760 | static struct hash_testvec hmac_sha1_tv_template[] = { |
772 | { | 761 | { |
773 | .key = { [0 ... 19] = 0x0b }, | 762 | .key = { [0 ... 19] = 0x0b }, |
774 | .ksize = 20, | 763 | .ksize = 20, |
@@ -833,7 +822,7 @@ static struct hmac_testvec hmac_sha1_tv_template[] = { | |||
833 | */ | 822 | */ |
834 | #define HMAC_SHA256_TEST_VECTORS 10 | 823 | #define HMAC_SHA256_TEST_VECTORS 10 |
835 | 824 | ||
836 | static struct hmac_testvec hmac_sha256_tv_template[] = { | 825 | static struct hash_testvec hmac_sha256_tv_template[] = { |
837 | { | 826 | { |
838 | .key = { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, | 827 | .key = { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, |
839 | 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, | 828 | 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, |
@@ -944,8 +933,6 @@ static struct hmac_testvec hmac_sha256_tv_template[] = { | |||
944 | }, | 933 | }, |
945 | }; | 934 | }; |
946 | 935 | ||
947 | #endif /* CONFIG_CRYPTO_HMAC */ | ||
948 | |||
949 | /* | 936 | /* |
950 | * DES test vectors. | 937 | * DES test vectors. |
951 | */ | 938 | */ |
@@ -2897,6 +2884,183 @@ static struct hash_testvec michael_mic_tv_template[] = { | |||
2897 | }; | 2884 | }; |
2898 | 2885 | ||
2899 | /* | 2886 | /* |
2887 | * CRC32C test vectors | ||
2888 | */ | ||
2889 | #define CRC32C_TEST_VECTORS 14 | ||
2890 | |||
2891 | static struct hash_testvec crc32c_tv_template[] = { | ||
2892 | { | ||
2893 | .psize = 0, | ||
2894 | .digest = { 0x00, 0x00, 0x00, 0x00 } | ||
2895 | }, | ||
2896 | { | ||
2897 | .key = { 0x87, 0xa9, 0xcb, 0xed }, | ||
2898 | .ksize = 4, | ||
2899 | .psize = 0, | ||
2900 | .digest = { 0x78, 0x56, 0x34, 0x12 }, | ||
2901 | }, | ||
2902 | { | ||
2903 | .key = { 0xff, 0xff, 0xff, 0xff }, | ||
2904 | .ksize = 4, | ||
2905 | .plaintext = { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, | ||
2906 | 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, | ||
2907 | 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, | ||
2908 | 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20, | ||
2909 | 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28 }, | ||
2910 | .psize = 40, | ||
2911 | .digest = { 0x7f, 0x15, 0x2c, 0x0e } | ||
2912 | }, | ||
2913 | { | ||
2914 | .key = { 0xff, 0xff, 0xff, 0xff }, | ||
2915 | .ksize = 4, | ||
2916 | .plaintext = { 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, 0x30, | ||
2917 | 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, | ||
2918 | 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f, 0x40, | ||
2919 | 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, 0x48, | ||
2920 | 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, 0x50 }, | ||
2921 | .psize = 40, | ||
2922 | .digest = { 0xf6, 0xeb, 0x80, 0xe9 } | ||
2923 | }, | ||
2924 | { | ||
2925 | .key = { 0xff, 0xff, 0xff, 0xff }, | ||
2926 | .ksize = 4, | ||
2927 | .plaintext = { 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, 0x58, | ||
2928 | 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f, 0x60, | ||
2929 | 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, | ||
2930 | 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f, 0x70, | ||
2931 | 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78 }, | ||
2932 | .psize = 40, | ||
2933 | .digest = { 0xed, 0xbd, 0x74, 0xde } | ||
2934 | }, | ||
2935 | { | ||
2936 | .key = { 0xff, 0xff, 0xff, 0xff }, | ||
2937 | .ksize = 4, | ||
2938 | .plaintext = { 0x79, 0x7a, 0x7b, 0x7c, 0x7d, 0x7e, 0x7f, 0x80, | ||
2939 | 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 0x88, | ||
2940 | 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f, 0x90, | ||
2941 | 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97, 0x98, | ||
2942 | 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f, 0xa0 }, | ||
2943 | .psize = 40, | ||
2944 | .digest = { 0x62, 0xc8, 0x79, 0xd5 } | ||
2945 | }, | ||
2946 | { | ||
2947 | .key = { 0xff, 0xff, 0xff, 0xff }, | ||
2948 | .ksize = 4, | ||
2949 | .plaintext = { 0xa1, 0xa2, 0xa3, 0xa4, 0xa5, 0xa6, 0xa7, 0xa8, | ||
2950 | 0xa9, 0xaa, 0xab, 0xac, 0xad, 0xae, 0xaf, 0xb0, | ||
2951 | 0xb1, 0xb2, 0xb3, 0xb4, 0xb5, 0xb6, 0xb7, 0xb8, | ||
2952 | 0xb9, 0xba, 0xbb, 0xbc, 0xbd, 0xbe, 0xbf, 0xc0, | ||
2953 | 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7, 0xc8 }, | ||
2954 | .psize = 40, | ||
2955 | .digest = { 0xd0, 0x9a, 0x97, 0xba } | ||
2956 | }, | ||
2957 | { | ||
2958 | .key = { 0xff, 0xff, 0xff, 0xff }, | ||
2959 | .ksize = 4, | ||
2960 | .plaintext = { 0xc9, 0xca, 0xcb, 0xcc, 0xcd, 0xce, 0xcf, 0xd0, | ||
2961 | 0xd1, 0xd2, 0xd3, 0xd4, 0xd5, 0xd6, 0xd7, 0xd8, | ||
2962 | 0xd9, 0xda, 0xdb, 0xdc, 0xdd, 0xde, 0xdf, 0xe0, | ||
2963 | 0xe1, 0xe2, 0xe3, 0xe4, 0xe5, 0xe6, 0xe7, 0xe8, | ||
2964 | 0xe9, 0xea, 0xeb, 0xec, 0xed, 0xee, 0xef, 0xf0 }, | ||
2965 | .psize = 40, | ||
2966 | .digest = { 0x13, 0xd9, 0x29, 0x2b } | ||
2967 | }, | ||
2968 | { | ||
2969 | .key = { 0x80, 0xea, 0xd3, 0xf1 }, | ||
2970 | .ksize = 4, | ||
2971 | .plaintext = { 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, 0x30, | ||
2972 | 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, | ||
2973 | 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f, 0x40, | ||
2974 | 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, 0x48, | ||
2975 | 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, 0x50 }, | ||
2976 | .psize = 40, | ||
2977 | .digest = { 0x0c, 0xb5, 0xe2, 0xa2 } | ||
2978 | }, | ||
2979 | { | ||
2980 | .key = { 0xf3, 0x4a, 0x1d, 0x5d }, | ||
2981 | .ksize = 4, | ||
2982 | .plaintext = { 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, 0x58, | ||
2983 | 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f, 0x60, | ||
2984 | 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, | ||
2985 | 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f, 0x70, | ||
2986 | 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78 }, | ||
2987 | .psize = 40, | ||
2988 | .digest = { 0xd1, 0x7f, 0xfb, 0xa6 } | ||
2989 | }, | ||
2990 | { | ||
2991 | .key = { 0x2e, 0x80, 0x04, 0x59 }, | ||
2992 | .ksize = 4, | ||
2993 | .plaintext = { 0x79, 0x7a, 0x7b, 0x7c, 0x7d, 0x7e, 0x7f, 0x80, | ||
2994 | 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 0x88, | ||
2995 | 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f, 0x90, | ||
2996 | 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97, 0x98, | ||
2997 | 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f, 0xa0 }, | ||
2998 | .psize = 40, | ||
2999 | .digest = { 0x59, 0x33, 0xe6, 0x7a } | ||
3000 | }, | ||
3001 | { | ||
3002 | .key = { 0xa6, 0xcc, 0x19, 0x85 }, | ||
3003 | .ksize = 4, | ||
3004 | .plaintext = { 0xa1, 0xa2, 0xa3, 0xa4, 0xa5, 0xa6, 0xa7, 0xa8, | ||
3005 | 0xa9, 0xaa, 0xab, 0xac, 0xad, 0xae, 0xaf, 0xb0, | ||
3006 | 0xb1, 0xb2, 0xb3, 0xb4, 0xb5, 0xb6, 0xb7, 0xb8, | ||
3007 | 0xb9, 0xba, 0xbb, 0xbc, 0xbd, 0xbe, 0xbf, 0xc0, | ||
3008 | 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7, 0xc8 }, | ||
3009 | .psize = 40, | ||
3010 | .digest = { 0xbe, 0x03, 0x01, 0xd2 } | ||
3011 | }, | ||
3012 | { | ||
3013 | .key = { 0x41, 0xfc, 0xfe, 0x2d }, | ||
3014 | .ksize = 4, | ||
3015 | .plaintext = { 0xc9, 0xca, 0xcb, 0xcc, 0xcd, 0xce, 0xcf, 0xd0, | ||
3016 | 0xd1, 0xd2, 0xd3, 0xd4, 0xd5, 0xd6, 0xd7, 0xd8, | ||
3017 | 0xd9, 0xda, 0xdb, 0xdc, 0xdd, 0xde, 0xdf, 0xe0, | ||
3018 | 0xe1, 0xe2, 0xe3, 0xe4, 0xe5, 0xe6, 0xe7, 0xe8, | ||
3019 | 0xe9, 0xea, 0xeb, 0xec, 0xed, 0xee, 0xef, 0xf0 }, | ||
3020 | .psize = 40, | ||
3021 | .digest = { 0x75, 0xd3, 0xc5, 0x24 } | ||
3022 | }, | ||
3023 | { | ||
3024 | .key = { 0xff, 0xff, 0xff, 0xff }, | ||
3025 | .ksize = 4, | ||
3026 | .plaintext = { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, | ||
3027 | 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, | ||
3028 | 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, | ||
3029 | 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20, | ||
3030 | 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, | ||
3031 | 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, 0x30, | ||
3032 | 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, | ||
3033 | 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f, 0x40, | ||
3034 | 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, 0x48, | ||
3035 | 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, 0x50, | ||
3036 | 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, 0x58, | ||
3037 | 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f, 0x60, | ||
3038 | 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, | ||
3039 | 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f, 0x70, | ||
3040 | 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, | ||
3041 | 0x79, 0x7a, 0x7b, 0x7c, 0x7d, 0x7e, 0x7f, 0x80, | ||
3042 | 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 0x88, | ||
3043 | 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f, 0x90, | ||
3044 | 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97, 0x98, | ||
3045 | 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f, 0xa0, | ||
3046 | 0xa1, 0xa2, 0xa3, 0xa4, 0xa5, 0xa6, 0xa7, 0xa8, | ||
3047 | 0xa9, 0xaa, 0xab, 0xac, 0xad, 0xae, 0xaf, 0xb0, | ||
3048 | 0xb1, 0xb2, 0xb3, 0xb4, 0xb5, 0xb6, 0xb7, 0xb8, | ||
3049 | 0xb9, 0xba, 0xbb, 0xbc, 0xbd, 0xbe, 0xbf, 0xc0, | ||
3050 | 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7, 0xc8, | ||
3051 | 0xc9, 0xca, 0xcb, 0xcc, 0xcd, 0xce, 0xcf, 0xd0, | ||
3052 | 0xd1, 0xd2, 0xd3, 0xd4, 0xd5, 0xd6, 0xd7, 0xd8, | ||
3053 | 0xd9, 0xda, 0xdb, 0xdc, 0xdd, 0xde, 0xdf, 0xe0, | ||
3054 | 0xe1, 0xe2, 0xe3, 0xe4, 0xe5, 0xe6, 0xe7, 0xe8, | ||
3055 | 0xe9, 0xea, 0xeb, 0xec, 0xed, 0xee, 0xef, 0xf0 }, | ||
3056 | .psize = 240, | ||
3057 | .digest = { 0x75, 0xd3, 0xc5, 0x24 }, | ||
3058 | .np = 2, | ||
3059 | .tap = { 31, 209 } | ||
3060 | }, | ||
3061 | }; | ||
3062 | |||
3063 | /* | ||
2900 | * Cipher speed tests | 3064 | * Cipher speed tests |
2901 | */ | 3065 | */ |
2902 | static struct cipher_speed aes_speed_template[] = { | 3066 | static struct cipher_speed aes_speed_template[] = { |
@@ -2983,7 +3147,7 @@ static struct cipher_speed des_speed_template[] = { | |||
2983 | /* | 3147 | /* |
2984 | * Digest speed tests | 3148 | * Digest speed tests |
2985 | */ | 3149 | */ |
2986 | static struct digest_speed generic_digest_speed_template[] = { | 3150 | static struct hash_speed generic_hash_speed_template[] = { |
2987 | { .blen = 16, .plen = 16, }, | 3151 | { .blen = 16, .plen = 16, }, |
2988 | { .blen = 64, .plen = 16, }, | 3152 | { .blen = 64, .plen = 16, }, |
2989 | { .blen = 64, .plen = 64, }, | 3153 | { .blen = 64, .plen = 64, }, |
diff --git a/crypto/tea.c b/crypto/tea.c index 5367adc82fc9..1c54e26fa529 100644 --- a/crypto/tea.c +++ b/crypto/tea.c | |||
@@ -46,16 +46,10 @@ struct xtea_ctx { | |||
46 | }; | 46 | }; |
47 | 47 | ||
48 | static int tea_setkey(struct crypto_tfm *tfm, const u8 *in_key, | 48 | static int tea_setkey(struct crypto_tfm *tfm, const u8 *in_key, |
49 | unsigned int key_len, u32 *flags) | 49 | unsigned int key_len) |
50 | { | 50 | { |
51 | struct tea_ctx *ctx = crypto_tfm_ctx(tfm); | 51 | struct tea_ctx *ctx = crypto_tfm_ctx(tfm); |
52 | const __le32 *key = (const __le32 *)in_key; | 52 | const __le32 *key = (const __le32 *)in_key; |
53 | |||
54 | if (key_len != 16) | ||
55 | { | ||
56 | *flags |= CRYPTO_TFM_RES_BAD_KEY_LEN; | ||
57 | return -EINVAL; | ||
58 | } | ||
59 | 53 | ||
60 | ctx->KEY[0] = le32_to_cpu(key[0]); | 54 | ctx->KEY[0] = le32_to_cpu(key[0]); |
61 | ctx->KEY[1] = le32_to_cpu(key[1]); | 55 | ctx->KEY[1] = le32_to_cpu(key[1]); |
@@ -125,16 +119,10 @@ static void tea_decrypt(struct crypto_tfm *tfm, u8 *dst, const u8 *src) | |||
125 | } | 119 | } |
126 | 120 | ||
127 | static int xtea_setkey(struct crypto_tfm *tfm, const u8 *in_key, | 121 | static int xtea_setkey(struct crypto_tfm *tfm, const u8 *in_key, |
128 | unsigned int key_len, u32 *flags) | 122 | unsigned int key_len) |
129 | { | 123 | { |
130 | struct xtea_ctx *ctx = crypto_tfm_ctx(tfm); | 124 | struct xtea_ctx *ctx = crypto_tfm_ctx(tfm); |
131 | const __le32 *key = (const __le32 *)in_key; | 125 | const __le32 *key = (const __le32 *)in_key; |
132 | |||
133 | if (key_len != 16) | ||
134 | { | ||
135 | *flags |= CRYPTO_TFM_RES_BAD_KEY_LEN; | ||
136 | return -EINVAL; | ||
137 | } | ||
138 | 126 | ||
139 | ctx->KEY[0] = le32_to_cpu(key[0]); | 127 | ctx->KEY[0] = le32_to_cpu(key[0]); |
140 | ctx->KEY[1] = le32_to_cpu(key[1]); | 128 | ctx->KEY[1] = le32_to_cpu(key[1]); |
diff --git a/crypto/twofish.c b/crypto/twofish.c index ec2488242e2d..4979a2be48a9 100644 --- a/crypto/twofish.c +++ b/crypto/twofish.c | |||
@@ -39,6 +39,7 @@ | |||
39 | */ | 39 | */ |
40 | 40 | ||
41 | #include <asm/byteorder.h> | 41 | #include <asm/byteorder.h> |
42 | #include <crypto/twofish.h> | ||
42 | #include <linux/module.h> | 43 | #include <linux/module.h> |
43 | #include <linux/init.h> | 44 | #include <linux/init.h> |
44 | #include <linux/types.h> | 45 | #include <linux/types.h> |
@@ -46,534 +47,6 @@ | |||
46 | #include <linux/crypto.h> | 47 | #include <linux/crypto.h> |
47 | #include <linux/bitops.h> | 48 | #include <linux/bitops.h> |
48 | 49 | ||
49 | |||
50 | /* The large precomputed tables for the Twofish cipher (twofish.c) | ||
51 | * Taken from the same source as twofish.c | ||
52 | * Marc Mutz <Marc@Mutz.com> | ||
53 | */ | ||
54 | |||
55 | /* These two tables are the q0 and q1 permutations, exactly as described in | ||
56 | * the Twofish paper. */ | ||
57 | |||
58 | static const u8 q0[256] = { | ||
59 | 0xA9, 0x67, 0xB3, 0xE8, 0x04, 0xFD, 0xA3, 0x76, 0x9A, 0x92, 0x80, 0x78, | ||
60 | 0xE4, 0xDD, 0xD1, 0x38, 0x0D, 0xC6, 0x35, 0x98, 0x18, 0xF7, 0xEC, 0x6C, | ||
61 | 0x43, 0x75, 0x37, 0x26, 0xFA, 0x13, 0x94, 0x48, 0xF2, 0xD0, 0x8B, 0x30, | ||
62 | 0x84, 0x54, 0xDF, 0x23, 0x19, 0x5B, 0x3D, 0x59, 0xF3, 0xAE, 0xA2, 0x82, | ||
63 | 0x63, 0x01, 0x83, 0x2E, 0xD9, 0x51, 0x9B, 0x7C, 0xA6, 0xEB, 0xA5, 0xBE, | ||
64 | 0x16, 0x0C, 0xE3, 0x61, 0xC0, 0x8C, 0x3A, 0xF5, 0x73, 0x2C, 0x25, 0x0B, | ||
65 | 0xBB, 0x4E, 0x89, 0x6B, 0x53, 0x6A, 0xB4, 0xF1, 0xE1, 0xE6, 0xBD, 0x45, | ||
66 | 0xE2, 0xF4, 0xB6, 0x66, 0xCC, 0x95, 0x03, 0x56, 0xD4, 0x1C, 0x1E, 0xD7, | ||
67 | 0xFB, 0xC3, 0x8E, 0xB5, 0xE9, 0xCF, 0xBF, 0xBA, 0xEA, 0x77, 0x39, 0xAF, | ||
68 | 0x33, 0xC9, 0x62, 0x71, 0x81, 0x79, 0x09, 0xAD, 0x24, 0xCD, 0xF9, 0xD8, | ||
69 | 0xE5, 0xC5, 0xB9, 0x4D, 0x44, 0x08, 0x86, 0xE7, 0xA1, 0x1D, 0xAA, 0xED, | ||
70 | 0x06, 0x70, 0xB2, 0xD2, 0x41, 0x7B, 0xA0, 0x11, 0x31, 0xC2, 0x27, 0x90, | ||
71 | 0x20, 0xF6, 0x60, 0xFF, 0x96, 0x5C, 0xB1, 0xAB, 0x9E, 0x9C, 0x52, 0x1B, | ||
72 | 0x5F, 0x93, 0x0A, 0xEF, 0x91, 0x85, 0x49, 0xEE, 0x2D, 0x4F, 0x8F, 0x3B, | ||
73 | 0x47, 0x87, 0x6D, 0x46, 0xD6, 0x3E, 0x69, 0x64, 0x2A, 0xCE, 0xCB, 0x2F, | ||
74 | 0xFC, 0x97, 0x05, 0x7A, 0xAC, 0x7F, 0xD5, 0x1A, 0x4B, 0x0E, 0xA7, 0x5A, | ||
75 | 0x28, 0x14, 0x3F, 0x29, 0x88, 0x3C, 0x4C, 0x02, 0xB8, 0xDA, 0xB0, 0x17, | ||
76 | 0x55, 0x1F, 0x8A, 0x7D, 0x57, 0xC7, 0x8D, 0x74, 0xB7, 0xC4, 0x9F, 0x72, | ||
77 | 0x7E, 0x15, 0x22, 0x12, 0x58, 0x07, 0x99, 0x34, 0x6E, 0x50, 0xDE, 0x68, | ||
78 | 0x65, 0xBC, 0xDB, 0xF8, 0xC8, 0xA8, 0x2B, 0x40, 0xDC, 0xFE, 0x32, 0xA4, | ||
79 | 0xCA, 0x10, 0x21, 0xF0, 0xD3, 0x5D, 0x0F, 0x00, 0x6F, 0x9D, 0x36, 0x42, | ||
80 | 0x4A, 0x5E, 0xC1, 0xE0 | ||
81 | }; | ||
82 | |||
83 | static const u8 q1[256] = { | ||
84 | 0x75, 0xF3, 0xC6, 0xF4, 0xDB, 0x7B, 0xFB, 0xC8, 0x4A, 0xD3, 0xE6, 0x6B, | ||
85 | 0x45, 0x7D, 0xE8, 0x4B, 0xD6, 0x32, 0xD8, 0xFD, 0x37, 0x71, 0xF1, 0xE1, | ||
86 | 0x30, 0x0F, 0xF8, 0x1B, 0x87, 0xFA, 0x06, 0x3F, 0x5E, 0xBA, 0xAE, 0x5B, | ||
87 | 0x8A, 0x00, 0xBC, 0x9D, 0x6D, 0xC1, 0xB1, 0x0E, 0x80, 0x5D, 0xD2, 0xD5, | ||
88 | 0xA0, 0x84, 0x07, 0x14, 0xB5, 0x90, 0x2C, 0xA3, 0xB2, 0x73, 0x4C, 0x54, | ||
89 | 0x92, 0x74, 0x36, 0x51, 0x38, 0xB0, 0xBD, 0x5A, 0xFC, 0x60, 0x62, 0x96, | ||
90 | 0x6C, 0x42, 0xF7, 0x10, 0x7C, 0x28, 0x27, 0x8C, 0x13, 0x95, 0x9C, 0xC7, | ||
91 | 0x24, 0x46, 0x3B, 0x70, 0xCA, 0xE3, 0x85, 0xCB, 0x11, 0xD0, 0x93, 0xB8, | ||
92 | 0xA6, 0x83, 0x20, 0xFF, 0x9F, 0x77, 0xC3, 0xCC, 0x03, 0x6F, 0x08, 0xBF, | ||
93 | 0x40, 0xE7, 0x2B, 0xE2, 0x79, 0x0C, 0xAA, 0x82, 0x41, 0x3A, 0xEA, 0xB9, | ||
94 | 0xE4, 0x9A, 0xA4, 0x97, 0x7E, 0xDA, 0x7A, 0x17, 0x66, 0x94, 0xA1, 0x1D, | ||
95 | 0x3D, 0xF0, 0xDE, 0xB3, 0x0B, 0x72, 0xA7, 0x1C, 0xEF, 0xD1, 0x53, 0x3E, | ||
96 | 0x8F, 0x33, 0x26, 0x5F, 0xEC, 0x76, 0x2A, 0x49, 0x81, 0x88, 0xEE, 0x21, | ||
97 | 0xC4, 0x1A, 0xEB, 0xD9, 0xC5, 0x39, 0x99, 0xCD, 0xAD, 0x31, 0x8B, 0x01, | ||
98 | 0x18, 0x23, 0xDD, 0x1F, 0x4E, 0x2D, 0xF9, 0x48, 0x4F, 0xF2, 0x65, 0x8E, | ||
99 | 0x78, 0x5C, 0x58, 0x19, 0x8D, 0xE5, 0x98, 0x57, 0x67, 0x7F, 0x05, 0x64, | ||
100 | 0xAF, 0x63, 0xB6, 0xFE, 0xF5, 0xB7, 0x3C, 0xA5, 0xCE, 0xE9, 0x68, 0x44, | ||
101 | 0xE0, 0x4D, 0x43, 0x69, 0x29, 0x2E, 0xAC, 0x15, 0x59, 0xA8, 0x0A, 0x9E, | ||
102 | 0x6E, 0x47, 0xDF, 0x34, 0x35, 0x6A, 0xCF, 0xDC, 0x22, 0xC9, 0xC0, 0x9B, | ||
103 | 0x89, 0xD4, 0xED, 0xAB, 0x12, 0xA2, 0x0D, 0x52, 0xBB, 0x02, 0x2F, 0xA9, | ||
104 | 0xD7, 0x61, 0x1E, 0xB4, 0x50, 0x04, 0xF6, 0xC2, 0x16, 0x25, 0x86, 0x56, | ||
105 | 0x55, 0x09, 0xBE, 0x91 | ||
106 | }; | ||
107 | |||
108 | /* These MDS tables are actually tables of MDS composed with q0 and q1, | ||
109 | * because it is only ever used that way and we can save some time by | ||
110 | * precomputing. Of course the main saving comes from precomputing the | ||
111 | * GF(2^8) multiplication involved in the MDS matrix multiply; by looking | ||
112 | * things up in these tables we reduce the matrix multiply to four lookups | ||
113 | * and three XORs. Semi-formally, the definition of these tables is: | ||
114 | * mds[0][i] = MDS (q1[i] 0 0 0)^T mds[1][i] = MDS (0 q0[i] 0 0)^T | ||
115 | * mds[2][i] = MDS (0 0 q1[i] 0)^T mds[3][i] = MDS (0 0 0 q0[i])^T | ||
116 | * where ^T means "transpose", the matrix multiply is performed in GF(2^8) | ||
117 | * represented as GF(2)[x]/v(x) where v(x)=x^8+x^6+x^5+x^3+1 as described | ||
118 | * by Schneier et al, and I'm casually glossing over the byte/word | ||
119 | * conversion issues. */ | ||
120 | |||
121 | static const u32 mds[4][256] = { | ||
122 | {0xBCBC3275, 0xECEC21F3, 0x202043C6, 0xB3B3C9F4, 0xDADA03DB, 0x02028B7B, | ||
123 | 0xE2E22BFB, 0x9E9EFAC8, 0xC9C9EC4A, 0xD4D409D3, 0x18186BE6, 0x1E1E9F6B, | ||
124 | 0x98980E45, 0xB2B2387D, 0xA6A6D2E8, 0x2626B74B, 0x3C3C57D6, 0x93938A32, | ||
125 | 0x8282EED8, 0x525298FD, 0x7B7BD437, 0xBBBB3771, 0x5B5B97F1, 0x474783E1, | ||
126 | 0x24243C30, 0x5151E20F, 0xBABAC6F8, 0x4A4AF31B, 0xBFBF4887, 0x0D0D70FA, | ||
127 | 0xB0B0B306, 0x7575DE3F, 0xD2D2FD5E, 0x7D7D20BA, 0x666631AE, 0x3A3AA35B, | ||
128 | 0x59591C8A, 0x00000000, 0xCDCD93BC, 0x1A1AE09D, 0xAEAE2C6D, 0x7F7FABC1, | ||
129 | 0x2B2BC7B1, 0xBEBEB90E, 0xE0E0A080, 0x8A8A105D, 0x3B3B52D2, 0x6464BAD5, | ||
130 | 0xD8D888A0, 0xE7E7A584, 0x5F5FE807, 0x1B1B1114, 0x2C2CC2B5, 0xFCFCB490, | ||
131 | 0x3131272C, 0x808065A3, 0x73732AB2, 0x0C0C8173, 0x79795F4C, 0x6B6B4154, | ||
132 | 0x4B4B0292, 0x53536974, 0x94948F36, 0x83831F51, 0x2A2A3638, 0xC4C49CB0, | ||
133 | 0x2222C8BD, 0xD5D5F85A, 0xBDBDC3FC, 0x48487860, 0xFFFFCE62, 0x4C4C0796, | ||
134 | 0x4141776C, 0xC7C7E642, 0xEBEB24F7, 0x1C1C1410, 0x5D5D637C, 0x36362228, | ||
135 | 0x6767C027, 0xE9E9AF8C, 0x4444F913, 0x1414EA95, 0xF5F5BB9C, 0xCFCF18C7, | ||
136 | 0x3F3F2D24, 0xC0C0E346, 0x7272DB3B, 0x54546C70, 0x29294CCA, 0xF0F035E3, | ||
137 | 0x0808FE85, 0xC6C617CB, 0xF3F34F11, 0x8C8CE4D0, 0xA4A45993, 0xCACA96B8, | ||
138 | 0x68683BA6, 0xB8B84D83, 0x38382820, 0xE5E52EFF, 0xADAD569F, 0x0B0B8477, | ||
139 | 0xC8C81DC3, 0x9999FFCC, 0x5858ED03, 0x19199A6F, 0x0E0E0A08, 0x95957EBF, | ||
140 | 0x70705040, 0xF7F730E7, 0x6E6ECF2B, 0x1F1F6EE2, 0xB5B53D79, 0x09090F0C, | ||
141 | 0x616134AA, 0x57571682, 0x9F9F0B41, 0x9D9D803A, 0x111164EA, 0x2525CDB9, | ||
142 | 0xAFAFDDE4, 0x4545089A, 0xDFDF8DA4, 0xA3A35C97, 0xEAEAD57E, 0x353558DA, | ||
143 | 0xEDEDD07A, 0x4343FC17, 0xF8F8CB66, 0xFBFBB194, 0x3737D3A1, 0xFAFA401D, | ||
144 | 0xC2C2683D, 0xB4B4CCF0, 0x32325DDE, 0x9C9C71B3, 0x5656E70B, 0xE3E3DA72, | ||
145 | 0x878760A7, 0x15151B1C, 0xF9F93AEF, 0x6363BFD1, 0x3434A953, 0x9A9A853E, | ||
146 | 0xB1B1428F, 0x7C7CD133, 0x88889B26, 0x3D3DA65F, 0xA1A1D7EC, 0xE4E4DF76, | ||
147 | 0x8181942A, 0x91910149, 0x0F0FFB81, 0xEEEEAA88, 0x161661EE, 0xD7D77321, | ||
148 | 0x9797F5C4, 0xA5A5A81A, 0xFEFE3FEB, 0x6D6DB5D9, 0x7878AEC5, 0xC5C56D39, | ||
149 | 0x1D1DE599, 0x7676A4CD, 0x3E3EDCAD, 0xCBCB6731, 0xB6B6478B, 0xEFEF5B01, | ||
150 | 0x12121E18, 0x6060C523, 0x6A6AB0DD, 0x4D4DF61F, 0xCECEE94E, 0xDEDE7C2D, | ||
151 | 0x55559DF9, 0x7E7E5A48, 0x2121B24F, 0x03037AF2, 0xA0A02665, 0x5E5E198E, | ||
152 | 0x5A5A6678, 0x65654B5C, 0x62624E58, 0xFDFD4519, 0x0606F48D, 0x404086E5, | ||
153 | 0xF2F2BE98, 0x3333AC57, 0x17179067, 0x05058E7F, 0xE8E85E05, 0x4F4F7D64, | ||
154 | 0x89896AAF, 0x10109563, 0x74742FB6, 0x0A0A75FE, 0x5C5C92F5, 0x9B9B74B7, | ||
155 | 0x2D2D333C, 0x3030D6A5, 0x2E2E49CE, 0x494989E9, 0x46467268, 0x77775544, | ||
156 | 0xA8A8D8E0, 0x9696044D, 0x2828BD43, 0xA9A92969, 0xD9D97929, 0x8686912E, | ||
157 | 0xD1D187AC, 0xF4F44A15, 0x8D8D1559, 0xD6D682A8, 0xB9B9BC0A, 0x42420D9E, | ||
158 | 0xF6F6C16E, 0x2F2FB847, 0xDDDD06DF, 0x23233934, 0xCCCC6235, 0xF1F1C46A, | ||
159 | 0xC1C112CF, 0x8585EBDC, 0x8F8F9E22, 0x7171A1C9, 0x9090F0C0, 0xAAAA539B, | ||
160 | 0x0101F189, 0x8B8BE1D4, 0x4E4E8CED, 0x8E8E6FAB, 0xABABA212, 0x6F6F3EA2, | ||
161 | 0xE6E6540D, 0xDBDBF252, 0x92927BBB, 0xB7B7B602, 0x6969CA2F, 0x3939D9A9, | ||
162 | 0xD3D30CD7, 0xA7A72361, 0xA2A2AD1E, 0xC3C399B4, 0x6C6C4450, 0x07070504, | ||
163 | 0x04047FF6, 0x272746C2, 0xACACA716, 0xD0D07625, 0x50501386, 0xDCDCF756, | ||
164 | 0x84841A55, 0xE1E15109, 0x7A7A25BE, 0x1313EF91}, | ||
165 | |||
166 | {0xA9D93939, 0x67901717, 0xB3719C9C, 0xE8D2A6A6, 0x04050707, 0xFD985252, | ||
167 | 0xA3658080, 0x76DFE4E4, 0x9A084545, 0x92024B4B, 0x80A0E0E0, 0x78665A5A, | ||
168 | 0xE4DDAFAF, 0xDDB06A6A, 0xD1BF6363, 0x38362A2A, 0x0D54E6E6, 0xC6432020, | ||
169 | 0x3562CCCC, 0x98BEF2F2, 0x181E1212, 0xF724EBEB, 0xECD7A1A1, 0x6C774141, | ||
170 | 0x43BD2828, 0x7532BCBC, 0x37D47B7B, 0x269B8888, 0xFA700D0D, 0x13F94444, | ||
171 | 0x94B1FBFB, 0x485A7E7E, 0xF27A0303, 0xD0E48C8C, 0x8B47B6B6, 0x303C2424, | ||
172 | 0x84A5E7E7, 0x54416B6B, 0xDF06DDDD, 0x23C56060, 0x1945FDFD, 0x5BA33A3A, | ||
173 | 0x3D68C2C2, 0x59158D8D, 0xF321ECEC, 0xAE316666, 0xA23E6F6F, 0x82165757, | ||
174 | 0x63951010, 0x015BEFEF, 0x834DB8B8, 0x2E918686, 0xD9B56D6D, 0x511F8383, | ||
175 | 0x9B53AAAA, 0x7C635D5D, 0xA63B6868, 0xEB3FFEFE, 0xA5D63030, 0xBE257A7A, | ||
176 | 0x16A7ACAC, 0x0C0F0909, 0xE335F0F0, 0x6123A7A7, 0xC0F09090, 0x8CAFE9E9, | ||
177 | 0x3A809D9D, 0xF5925C5C, 0x73810C0C, 0x2C273131, 0x2576D0D0, 0x0BE75656, | ||
178 | 0xBB7B9292, 0x4EE9CECE, 0x89F10101, 0x6B9F1E1E, 0x53A93434, 0x6AC4F1F1, | ||
179 | 0xB499C3C3, 0xF1975B5B, 0xE1834747, 0xE66B1818, 0xBDC82222, 0x450E9898, | ||
180 | 0xE26E1F1F, 0xF4C9B3B3, 0xB62F7474, 0x66CBF8F8, 0xCCFF9999, 0x95EA1414, | ||
181 | 0x03ED5858, 0x56F7DCDC, 0xD4E18B8B, 0x1C1B1515, 0x1EADA2A2, 0xD70CD3D3, | ||
182 | 0xFB2BE2E2, 0xC31DC8C8, 0x8E195E5E, 0xB5C22C2C, 0xE9894949, 0xCF12C1C1, | ||
183 | 0xBF7E9595, 0xBA207D7D, 0xEA641111, 0x77840B0B, 0x396DC5C5, 0xAF6A8989, | ||
184 | 0x33D17C7C, 0xC9A17171, 0x62CEFFFF, 0x7137BBBB, 0x81FB0F0F, 0x793DB5B5, | ||
185 | 0x0951E1E1, 0xADDC3E3E, 0x242D3F3F, 0xCDA47676, 0xF99D5555, 0xD8EE8282, | ||
186 | 0xE5864040, 0xC5AE7878, 0xB9CD2525, 0x4D049696, 0x44557777, 0x080A0E0E, | ||
187 | 0x86135050, 0xE730F7F7, 0xA1D33737, 0x1D40FAFA, 0xAA346161, 0xED8C4E4E, | ||
188 | 0x06B3B0B0, 0x706C5454, 0xB22A7373, 0xD2523B3B, 0x410B9F9F, 0x7B8B0202, | ||
189 | 0xA088D8D8, 0x114FF3F3, 0x3167CBCB, 0xC2462727, 0x27C06767, 0x90B4FCFC, | ||
190 | 0x20283838, 0xF67F0404, 0x60784848, 0xFF2EE5E5, 0x96074C4C, 0x5C4B6565, | ||
191 | 0xB1C72B2B, 0xAB6F8E8E, 0x9E0D4242, 0x9CBBF5F5, 0x52F2DBDB, 0x1BF34A4A, | ||
192 | 0x5FA63D3D, 0x9359A4A4, 0x0ABCB9B9, 0xEF3AF9F9, 0x91EF1313, 0x85FE0808, | ||
193 | 0x49019191, 0xEE611616, 0x2D7CDEDE, 0x4FB22121, 0x8F42B1B1, 0x3BDB7272, | ||
194 | 0x47B82F2F, 0x8748BFBF, 0x6D2CAEAE, 0x46E3C0C0, 0xD6573C3C, 0x3E859A9A, | ||
195 | 0x6929A9A9, 0x647D4F4F, 0x2A948181, 0xCE492E2E, 0xCB17C6C6, 0x2FCA6969, | ||
196 | 0xFCC3BDBD, 0x975CA3A3, 0x055EE8E8, 0x7AD0EDED, 0xAC87D1D1, 0x7F8E0505, | ||
197 | 0xD5BA6464, 0x1AA8A5A5, 0x4BB72626, 0x0EB9BEBE, 0xA7608787, 0x5AF8D5D5, | ||
198 | 0x28223636, 0x14111B1B, 0x3FDE7575, 0x2979D9D9, 0x88AAEEEE, 0x3C332D2D, | ||
199 | 0x4C5F7979, 0x02B6B7B7, 0xB896CACA, 0xDA583535, 0xB09CC4C4, 0x17FC4343, | ||
200 | 0x551A8484, 0x1FF64D4D, 0x8A1C5959, 0x7D38B2B2, 0x57AC3333, 0xC718CFCF, | ||
201 | 0x8DF40606, 0x74695353, 0xB7749B9B, 0xC4F59797, 0x9F56ADAD, 0x72DAE3E3, | ||
202 | 0x7ED5EAEA, 0x154AF4F4, 0x229E8F8F, 0x12A2ABAB, 0x584E6262, 0x07E85F5F, | ||
203 | 0x99E51D1D, 0x34392323, 0x6EC1F6F6, 0x50446C6C, 0xDE5D3232, 0x68724646, | ||
204 | 0x6526A0A0, 0xBC93CDCD, 0xDB03DADA, 0xF8C6BABA, 0xC8FA9E9E, 0xA882D6D6, | ||
205 | 0x2BCF6E6E, 0x40507070, 0xDCEB8585, 0xFE750A0A, 0x328A9393, 0xA48DDFDF, | ||
206 | 0xCA4C2929, 0x10141C1C, 0x2173D7D7, 0xF0CCB4B4, 0xD309D4D4, 0x5D108A8A, | ||
207 | 0x0FE25151, 0x00000000, 0x6F9A1919, 0x9DE01A1A, 0x368F9494, 0x42E6C7C7, | ||
208 | 0x4AECC9C9, 0x5EFDD2D2, 0xC1AB7F7F, 0xE0D8A8A8}, | ||
209 | |||
210 | {0xBC75BC32, 0xECF3EC21, 0x20C62043, 0xB3F4B3C9, 0xDADBDA03, 0x027B028B, | ||
211 | 0xE2FBE22B, 0x9EC89EFA, 0xC94AC9EC, 0xD4D3D409, 0x18E6186B, 0x1E6B1E9F, | ||
212 | 0x9845980E, 0xB27DB238, 0xA6E8A6D2, 0x264B26B7, 0x3CD63C57, 0x9332938A, | ||
213 | 0x82D882EE, 0x52FD5298, 0x7B377BD4, 0xBB71BB37, 0x5BF15B97, 0x47E14783, | ||
214 | 0x2430243C, 0x510F51E2, 0xBAF8BAC6, 0x4A1B4AF3, 0xBF87BF48, 0x0DFA0D70, | ||
215 | 0xB006B0B3, 0x753F75DE, 0xD25ED2FD, 0x7DBA7D20, 0x66AE6631, 0x3A5B3AA3, | ||
216 | 0x598A591C, 0x00000000, 0xCDBCCD93, 0x1A9D1AE0, 0xAE6DAE2C, 0x7FC17FAB, | ||
217 | 0x2BB12BC7, 0xBE0EBEB9, 0xE080E0A0, 0x8A5D8A10, 0x3BD23B52, 0x64D564BA, | ||
218 | 0xD8A0D888, 0xE784E7A5, 0x5F075FE8, 0x1B141B11, 0x2CB52CC2, 0xFC90FCB4, | ||
219 | 0x312C3127, 0x80A38065, 0x73B2732A, 0x0C730C81, 0x794C795F, 0x6B546B41, | ||
220 | 0x4B924B02, 0x53745369, 0x9436948F, 0x8351831F, 0x2A382A36, 0xC4B0C49C, | ||
221 | 0x22BD22C8, 0xD55AD5F8, 0xBDFCBDC3, 0x48604878, 0xFF62FFCE, 0x4C964C07, | ||
222 | 0x416C4177, 0xC742C7E6, 0xEBF7EB24, 0x1C101C14, 0x5D7C5D63, 0x36283622, | ||
223 | 0x672767C0, 0xE98CE9AF, 0x441344F9, 0x149514EA, 0xF59CF5BB, 0xCFC7CF18, | ||
224 | 0x3F243F2D, 0xC046C0E3, 0x723B72DB, 0x5470546C, 0x29CA294C, 0xF0E3F035, | ||
225 | 0x088508FE, 0xC6CBC617, 0xF311F34F, 0x8CD08CE4, 0xA493A459, 0xCAB8CA96, | ||
226 | 0x68A6683B, 0xB883B84D, 0x38203828, 0xE5FFE52E, 0xAD9FAD56, 0x0B770B84, | ||
227 | 0xC8C3C81D, 0x99CC99FF, 0x580358ED, 0x196F199A, 0x0E080E0A, 0x95BF957E, | ||
228 | 0x70407050, 0xF7E7F730, 0x6E2B6ECF, 0x1FE21F6E, 0xB579B53D, 0x090C090F, | ||
229 | 0x61AA6134, 0x57825716, 0x9F419F0B, 0x9D3A9D80, 0x11EA1164, 0x25B925CD, | ||
230 | 0xAFE4AFDD, 0x459A4508, 0xDFA4DF8D, 0xA397A35C, 0xEA7EEAD5, 0x35DA3558, | ||
231 | 0xED7AEDD0, 0x431743FC, 0xF866F8CB, 0xFB94FBB1, 0x37A137D3, 0xFA1DFA40, | ||
232 | 0xC23DC268, 0xB4F0B4CC, 0x32DE325D, 0x9CB39C71, 0x560B56E7, 0xE372E3DA, | ||
233 | 0x87A78760, 0x151C151B, 0xF9EFF93A, 0x63D163BF, 0x345334A9, 0x9A3E9A85, | ||
234 | 0xB18FB142, 0x7C337CD1, 0x8826889B, 0x3D5F3DA6, 0xA1ECA1D7, 0xE476E4DF, | ||
235 | 0x812A8194, 0x91499101, 0x0F810FFB, 0xEE88EEAA, 0x16EE1661, 0xD721D773, | ||
236 | 0x97C497F5, 0xA51AA5A8, 0xFEEBFE3F, 0x6DD96DB5, 0x78C578AE, 0xC539C56D, | ||
237 | 0x1D991DE5, 0x76CD76A4, 0x3EAD3EDC, 0xCB31CB67, 0xB68BB647, 0xEF01EF5B, | ||
238 | 0x1218121E, 0x602360C5, 0x6ADD6AB0, 0x4D1F4DF6, 0xCE4ECEE9, 0xDE2DDE7C, | ||
239 | 0x55F9559D, 0x7E487E5A, 0x214F21B2, 0x03F2037A, 0xA065A026, 0x5E8E5E19, | ||
240 | 0x5A785A66, 0x655C654B, 0x6258624E, 0xFD19FD45, 0x068D06F4, 0x40E54086, | ||
241 | 0xF298F2BE, 0x335733AC, 0x17671790, 0x057F058E, 0xE805E85E, 0x4F644F7D, | ||
242 | 0x89AF896A, 0x10631095, 0x74B6742F, 0x0AFE0A75, 0x5CF55C92, 0x9BB79B74, | ||
243 | 0x2D3C2D33, 0x30A530D6, 0x2ECE2E49, 0x49E94989, 0x46684672, 0x77447755, | ||
244 | 0xA8E0A8D8, 0x964D9604, 0x284328BD, 0xA969A929, 0xD929D979, 0x862E8691, | ||
245 | 0xD1ACD187, 0xF415F44A, 0x8D598D15, 0xD6A8D682, 0xB90AB9BC, 0x429E420D, | ||
246 | 0xF66EF6C1, 0x2F472FB8, 0xDDDFDD06, 0x23342339, 0xCC35CC62, 0xF16AF1C4, | ||
247 | 0xC1CFC112, 0x85DC85EB, 0x8F228F9E, 0x71C971A1, 0x90C090F0, 0xAA9BAA53, | ||
248 | 0x018901F1, 0x8BD48BE1, 0x4EED4E8C, 0x8EAB8E6F, 0xAB12ABA2, 0x6FA26F3E, | ||
249 | 0xE60DE654, 0xDB52DBF2, 0x92BB927B, 0xB702B7B6, 0x692F69CA, 0x39A939D9, | ||
250 | 0xD3D7D30C, 0xA761A723, 0xA21EA2AD, 0xC3B4C399, 0x6C506C44, 0x07040705, | ||
251 | 0x04F6047F, 0x27C22746, 0xAC16ACA7, 0xD025D076, 0x50865013, 0xDC56DCF7, | ||
252 | 0x8455841A, 0xE109E151, 0x7ABE7A25, 0x139113EF}, | ||
253 | |||
254 | {0xD939A9D9, 0x90176790, 0x719CB371, 0xD2A6E8D2, 0x05070405, 0x9852FD98, | ||
255 | 0x6580A365, 0xDFE476DF, 0x08459A08, 0x024B9202, 0xA0E080A0, 0x665A7866, | ||
256 | 0xDDAFE4DD, 0xB06ADDB0, 0xBF63D1BF, 0x362A3836, 0x54E60D54, 0x4320C643, | ||
257 | 0x62CC3562, 0xBEF298BE, 0x1E12181E, 0x24EBF724, 0xD7A1ECD7, 0x77416C77, | ||
258 | 0xBD2843BD, 0x32BC7532, 0xD47B37D4, 0x9B88269B, 0x700DFA70, 0xF94413F9, | ||
259 | 0xB1FB94B1, 0x5A7E485A, 0x7A03F27A, 0xE48CD0E4, 0x47B68B47, 0x3C24303C, | ||
260 | 0xA5E784A5, 0x416B5441, 0x06DDDF06, 0xC56023C5, 0x45FD1945, 0xA33A5BA3, | ||
261 | 0x68C23D68, 0x158D5915, 0x21ECF321, 0x3166AE31, 0x3E6FA23E, 0x16578216, | ||
262 | 0x95106395, 0x5BEF015B, 0x4DB8834D, 0x91862E91, 0xB56DD9B5, 0x1F83511F, | ||
263 | 0x53AA9B53, 0x635D7C63, 0x3B68A63B, 0x3FFEEB3F, 0xD630A5D6, 0x257ABE25, | ||
264 | 0xA7AC16A7, 0x0F090C0F, 0x35F0E335, 0x23A76123, 0xF090C0F0, 0xAFE98CAF, | ||
265 | 0x809D3A80, 0x925CF592, 0x810C7381, 0x27312C27, 0x76D02576, 0xE7560BE7, | ||
266 | 0x7B92BB7B, 0xE9CE4EE9, 0xF10189F1, 0x9F1E6B9F, 0xA93453A9, 0xC4F16AC4, | ||
267 | 0x99C3B499, 0x975BF197, 0x8347E183, 0x6B18E66B, 0xC822BDC8, 0x0E98450E, | ||
268 | 0x6E1FE26E, 0xC9B3F4C9, 0x2F74B62F, 0xCBF866CB, 0xFF99CCFF, 0xEA1495EA, | ||
269 | 0xED5803ED, 0xF7DC56F7, 0xE18BD4E1, 0x1B151C1B, 0xADA21EAD, 0x0CD3D70C, | ||
270 | 0x2BE2FB2B, 0x1DC8C31D, 0x195E8E19, 0xC22CB5C2, 0x8949E989, 0x12C1CF12, | ||
271 | 0x7E95BF7E, 0x207DBA20, 0x6411EA64, 0x840B7784, 0x6DC5396D, 0x6A89AF6A, | ||
272 | 0xD17C33D1, 0xA171C9A1, 0xCEFF62CE, 0x37BB7137, 0xFB0F81FB, 0x3DB5793D, | ||
273 | 0x51E10951, 0xDC3EADDC, 0x2D3F242D, 0xA476CDA4, 0x9D55F99D, 0xEE82D8EE, | ||
274 | 0x8640E586, 0xAE78C5AE, 0xCD25B9CD, 0x04964D04, 0x55774455, 0x0A0E080A, | ||
275 | 0x13508613, 0x30F7E730, 0xD337A1D3, 0x40FA1D40, 0x3461AA34, 0x8C4EED8C, | ||
276 | 0xB3B006B3, 0x6C54706C, 0x2A73B22A, 0x523BD252, 0x0B9F410B, 0x8B027B8B, | ||
277 | 0x88D8A088, 0x4FF3114F, 0x67CB3167, 0x4627C246, 0xC06727C0, 0xB4FC90B4, | ||
278 | 0x28382028, 0x7F04F67F, 0x78486078, 0x2EE5FF2E, 0x074C9607, 0x4B655C4B, | ||
279 | 0xC72BB1C7, 0x6F8EAB6F, 0x0D429E0D, 0xBBF59CBB, 0xF2DB52F2, 0xF34A1BF3, | ||
280 | 0xA63D5FA6, 0x59A49359, 0xBCB90ABC, 0x3AF9EF3A, 0xEF1391EF, 0xFE0885FE, | ||
281 | 0x01914901, 0x6116EE61, 0x7CDE2D7C, 0xB2214FB2, 0x42B18F42, 0xDB723BDB, | ||
282 | 0xB82F47B8, 0x48BF8748, 0x2CAE6D2C, 0xE3C046E3, 0x573CD657, 0x859A3E85, | ||
283 | 0x29A96929, 0x7D4F647D, 0x94812A94, 0x492ECE49, 0x17C6CB17, 0xCA692FCA, | ||
284 | 0xC3BDFCC3, 0x5CA3975C, 0x5EE8055E, 0xD0ED7AD0, 0x87D1AC87, 0x8E057F8E, | ||
285 | 0xBA64D5BA, 0xA8A51AA8, 0xB7264BB7, 0xB9BE0EB9, 0x6087A760, 0xF8D55AF8, | ||
286 | 0x22362822, 0x111B1411, 0xDE753FDE, 0x79D92979, 0xAAEE88AA, 0x332D3C33, | ||
287 | 0x5F794C5F, 0xB6B702B6, 0x96CAB896, 0x5835DA58, 0x9CC4B09C, 0xFC4317FC, | ||
288 | 0x1A84551A, 0xF64D1FF6, 0x1C598A1C, 0x38B27D38, 0xAC3357AC, 0x18CFC718, | ||
289 | 0xF4068DF4, 0x69537469, 0x749BB774, 0xF597C4F5, 0x56AD9F56, 0xDAE372DA, | ||
290 | 0xD5EA7ED5, 0x4AF4154A, 0x9E8F229E, 0xA2AB12A2, 0x4E62584E, 0xE85F07E8, | ||
291 | 0xE51D99E5, 0x39233439, 0xC1F66EC1, 0x446C5044, 0x5D32DE5D, 0x72466872, | ||
292 | 0x26A06526, 0x93CDBC93, 0x03DADB03, 0xC6BAF8C6, 0xFA9EC8FA, 0x82D6A882, | ||
293 | 0xCF6E2BCF, 0x50704050, 0xEB85DCEB, 0x750AFE75, 0x8A93328A, 0x8DDFA48D, | ||
294 | 0x4C29CA4C, 0x141C1014, 0x73D72173, 0xCCB4F0CC, 0x09D4D309, 0x108A5D10, | ||
295 | 0xE2510FE2, 0x00000000, 0x9A196F9A, 0xE01A9DE0, 0x8F94368F, 0xE6C742E6, | ||
296 | 0xECC94AEC, 0xFDD25EFD, 0xAB7FC1AB, 0xD8A8E0D8} | ||
297 | }; | ||
298 | |||
299 | /* The exp_to_poly and poly_to_exp tables are used to perform efficient | ||
300 | * operations in GF(2^8) represented as GF(2)[x]/w(x) where | ||
301 | * w(x)=x^8+x^6+x^3+x^2+1. We care about doing that because it's part of the | ||
302 | * definition of the RS matrix in the key schedule. Elements of that field | ||
303 | * are polynomials of degree not greater than 7 and all coefficients 0 or 1, | ||
304 | * which can be represented naturally by bytes (just substitute x=2). In that | ||
305 | * form, GF(2^8) addition is the same as bitwise XOR, but GF(2^8) | ||
306 | * multiplication is inefficient without hardware support. To multiply | ||
307 | * faster, I make use of the fact x is a generator for the nonzero elements, | ||
308 | * so that every element p of GF(2)[x]/w(x) is either 0 or equal to (x)^n for | ||
309 | * some n in 0..254. Note that that caret is exponentiation in GF(2^8), | ||
310 | * *not* polynomial notation. So if I want to compute pq where p and q are | ||
311 | * in GF(2^8), I can just say: | ||
312 | * 1. if p=0 or q=0 then pq=0 | ||
313 | * 2. otherwise, find m and n such that p=x^m and q=x^n | ||
314 | * 3. pq=(x^m)(x^n)=x^(m+n), so add m and n and find pq | ||
315 | * The translations in steps 2 and 3 are looked up in the tables | ||
316 | * poly_to_exp (for step 2) and exp_to_poly (for step 3). To see this | ||
317 | * in action, look at the CALC_S macro. As additional wrinkles, note that | ||
318 | * one of my operands is always a constant, so the poly_to_exp lookup on it | ||
319 | * is done in advance; I included the original values in the comments so | ||
320 | * readers can have some chance of recognizing that this *is* the RS matrix | ||
321 | * from the Twofish paper. I've only included the table entries I actually | ||
322 | * need; I never do a lookup on a variable input of zero and the biggest | ||
323 | * exponents I'll ever see are 254 (variable) and 237 (constant), so they'll | ||
324 | * never sum to more than 491. I'm repeating part of the exp_to_poly table | ||
325 | * so that I don't have to do mod-255 reduction in the exponent arithmetic. | ||
326 | * Since I know my constant operands are never zero, I only have to worry | ||
327 | * about zero values in the variable operand, and I do it with a simple | ||
328 | * conditional branch. I know conditionals are expensive, but I couldn't | ||
329 | * see a non-horrible way of avoiding them, and I did manage to group the | ||
330 | * statements so that each if covers four group multiplications. */ | ||
331 | |||
332 | static const u8 poly_to_exp[255] = { | ||
333 | 0x00, 0x01, 0x17, 0x02, 0x2E, 0x18, 0x53, 0x03, 0x6A, 0x2F, 0x93, 0x19, | ||
334 | 0x34, 0x54, 0x45, 0x04, 0x5C, 0x6B, 0xB6, 0x30, 0xA6, 0x94, 0x4B, 0x1A, | ||
335 | 0x8C, 0x35, 0x81, 0x55, 0xAA, 0x46, 0x0D, 0x05, 0x24, 0x5D, 0x87, 0x6C, | ||
336 | 0x9B, 0xB7, 0xC1, 0x31, 0x2B, 0xA7, 0xA3, 0x95, 0x98, 0x4C, 0xCA, 0x1B, | ||
337 | 0xE6, 0x8D, 0x73, 0x36, 0xCD, 0x82, 0x12, 0x56, 0x62, 0xAB, 0xF0, 0x47, | ||
338 | 0x4F, 0x0E, 0xBD, 0x06, 0xD4, 0x25, 0xD2, 0x5E, 0x27, 0x88, 0x66, 0x6D, | ||
339 | 0xD6, 0x9C, 0x79, 0xB8, 0x08, 0xC2, 0xDF, 0x32, 0x68, 0x2C, 0xFD, 0xA8, | ||
340 | 0x8A, 0xA4, 0x5A, 0x96, 0x29, 0x99, 0x22, 0x4D, 0x60, 0xCB, 0xE4, 0x1C, | ||
341 | 0x7B, 0xE7, 0x3B, 0x8E, 0x9E, 0x74, 0xF4, 0x37, 0xD8, 0xCE, 0xF9, 0x83, | ||
342 | 0x6F, 0x13, 0xB2, 0x57, 0xE1, 0x63, 0xDC, 0xAC, 0xC4, 0xF1, 0xAF, 0x48, | ||
343 | 0x0A, 0x50, 0x42, 0x0F, 0xBA, 0xBE, 0xC7, 0x07, 0xDE, 0xD5, 0x78, 0x26, | ||
344 | 0x65, 0xD3, 0xD1, 0x5F, 0xE3, 0x28, 0x21, 0x89, 0x59, 0x67, 0xFC, 0x6E, | ||
345 | 0xB1, 0xD7, 0xF8, 0x9D, 0xF3, 0x7A, 0x3A, 0xB9, 0xC6, 0x09, 0x41, 0xC3, | ||
346 | 0xAE, 0xE0, 0xDB, 0x33, 0x44, 0x69, 0x92, 0x2D, 0x52, 0xFE, 0x16, 0xA9, | ||
347 | 0x0C, 0x8B, 0x80, 0xA5, 0x4A, 0x5B, 0xB5, 0x97, 0xC9, 0x2A, 0xA2, 0x9A, | ||
348 | 0xC0, 0x23, 0x86, 0x4E, 0xBC, 0x61, 0xEF, 0xCC, 0x11, 0xE5, 0x72, 0x1D, | ||
349 | 0x3D, 0x7C, 0xEB, 0xE8, 0xE9, 0x3C, 0xEA, 0x8F, 0x7D, 0x9F, 0xEC, 0x75, | ||
350 | 0x1E, 0xF5, 0x3E, 0x38, 0xF6, 0xD9, 0x3F, 0xCF, 0x76, 0xFA, 0x1F, 0x84, | ||
351 | 0xA0, 0x70, 0xED, 0x14, 0x90, 0xB3, 0x7E, 0x58, 0xFB, 0xE2, 0x20, 0x64, | ||
352 | 0xD0, 0xDD, 0x77, 0xAD, 0xDA, 0xC5, 0x40, 0xF2, 0x39, 0xB0, 0xF7, 0x49, | ||
353 | 0xB4, 0x0B, 0x7F, 0x51, 0x15, 0x43, 0x91, 0x10, 0x71, 0xBB, 0xEE, 0xBF, | ||
354 | 0x85, 0xC8, 0xA1 | ||
355 | }; | ||
356 | |||
357 | static const u8 exp_to_poly[492] = { | ||
358 | 0x01, 0x02, 0x04, 0x08, 0x10, 0x20, 0x40, 0x80, 0x4D, 0x9A, 0x79, 0xF2, | ||
359 | 0xA9, 0x1F, 0x3E, 0x7C, 0xF8, 0xBD, 0x37, 0x6E, 0xDC, 0xF5, 0xA7, 0x03, | ||
360 | 0x06, 0x0C, 0x18, 0x30, 0x60, 0xC0, 0xCD, 0xD7, 0xE3, 0x8B, 0x5B, 0xB6, | ||
361 | 0x21, 0x42, 0x84, 0x45, 0x8A, 0x59, 0xB2, 0x29, 0x52, 0xA4, 0x05, 0x0A, | ||
362 | 0x14, 0x28, 0x50, 0xA0, 0x0D, 0x1A, 0x34, 0x68, 0xD0, 0xED, 0x97, 0x63, | ||
363 | 0xC6, 0xC1, 0xCF, 0xD3, 0xEB, 0x9B, 0x7B, 0xF6, 0xA1, 0x0F, 0x1E, 0x3C, | ||
364 | 0x78, 0xF0, 0xAD, 0x17, 0x2E, 0x5C, 0xB8, 0x3D, 0x7A, 0xF4, 0xA5, 0x07, | ||
365 | 0x0E, 0x1C, 0x38, 0x70, 0xE0, 0x8D, 0x57, 0xAE, 0x11, 0x22, 0x44, 0x88, | ||
366 | 0x5D, 0xBA, 0x39, 0x72, 0xE4, 0x85, 0x47, 0x8E, 0x51, 0xA2, 0x09, 0x12, | ||
367 | 0x24, 0x48, 0x90, 0x6D, 0xDA, 0xF9, 0xBF, 0x33, 0x66, 0xCC, 0xD5, 0xE7, | ||
368 | 0x83, 0x4B, 0x96, 0x61, 0xC2, 0xC9, 0xDF, 0xF3, 0xAB, 0x1B, 0x36, 0x6C, | ||
369 | 0xD8, 0xFD, 0xB7, 0x23, 0x46, 0x8C, 0x55, 0xAA, 0x19, 0x32, 0x64, 0xC8, | ||
370 | 0xDD, 0xF7, 0xA3, 0x0B, 0x16, 0x2C, 0x58, 0xB0, 0x2D, 0x5A, 0xB4, 0x25, | ||
371 | 0x4A, 0x94, 0x65, 0xCA, 0xD9, 0xFF, 0xB3, 0x2B, 0x56, 0xAC, 0x15, 0x2A, | ||
372 | 0x54, 0xA8, 0x1D, 0x3A, 0x74, 0xE8, 0x9D, 0x77, 0xEE, 0x91, 0x6F, 0xDE, | ||
373 | 0xF1, 0xAF, 0x13, 0x26, 0x4C, 0x98, 0x7D, 0xFA, 0xB9, 0x3F, 0x7E, 0xFC, | ||
374 | 0xB5, 0x27, 0x4E, 0x9C, 0x75, 0xEA, 0x99, 0x7F, 0xFE, 0xB1, 0x2F, 0x5E, | ||
375 | 0xBC, 0x35, 0x6A, 0xD4, 0xE5, 0x87, 0x43, 0x86, 0x41, 0x82, 0x49, 0x92, | ||
376 | 0x69, 0xD2, 0xE9, 0x9F, 0x73, 0xE6, 0x81, 0x4F, 0x9E, 0x71, 0xE2, 0x89, | ||
377 | 0x5F, 0xBE, 0x31, 0x62, 0xC4, 0xC5, 0xC7, 0xC3, 0xCB, 0xDB, 0xFB, 0xBB, | ||
378 | 0x3B, 0x76, 0xEC, 0x95, 0x67, 0xCE, 0xD1, 0xEF, 0x93, 0x6B, 0xD6, 0xE1, | ||
379 | 0x8F, 0x53, 0xA6, 0x01, 0x02, 0x04, 0x08, 0x10, 0x20, 0x40, 0x80, 0x4D, | ||
380 | 0x9A, 0x79, 0xF2, 0xA9, 0x1F, 0x3E, 0x7C, 0xF8, 0xBD, 0x37, 0x6E, 0xDC, | ||
381 | 0xF5, 0xA7, 0x03, 0x06, 0x0C, 0x18, 0x30, 0x60, 0xC0, 0xCD, 0xD7, 0xE3, | ||
382 | 0x8B, 0x5B, 0xB6, 0x21, 0x42, 0x84, 0x45, 0x8A, 0x59, 0xB2, 0x29, 0x52, | ||
383 | 0xA4, 0x05, 0x0A, 0x14, 0x28, 0x50, 0xA0, 0x0D, 0x1A, 0x34, 0x68, 0xD0, | ||
384 | 0xED, 0x97, 0x63, 0xC6, 0xC1, 0xCF, 0xD3, 0xEB, 0x9B, 0x7B, 0xF6, 0xA1, | ||
385 | 0x0F, 0x1E, 0x3C, 0x78, 0xF0, 0xAD, 0x17, 0x2E, 0x5C, 0xB8, 0x3D, 0x7A, | ||
386 | 0xF4, 0xA5, 0x07, 0x0E, 0x1C, 0x38, 0x70, 0xE0, 0x8D, 0x57, 0xAE, 0x11, | ||
387 | 0x22, 0x44, 0x88, 0x5D, 0xBA, 0x39, 0x72, 0xE4, 0x85, 0x47, 0x8E, 0x51, | ||
388 | 0xA2, 0x09, 0x12, 0x24, 0x48, 0x90, 0x6D, 0xDA, 0xF9, 0xBF, 0x33, 0x66, | ||
389 | 0xCC, 0xD5, 0xE7, 0x83, 0x4B, 0x96, 0x61, 0xC2, 0xC9, 0xDF, 0xF3, 0xAB, | ||
390 | 0x1B, 0x36, 0x6C, 0xD8, 0xFD, 0xB7, 0x23, 0x46, 0x8C, 0x55, 0xAA, 0x19, | ||
391 | 0x32, 0x64, 0xC8, 0xDD, 0xF7, 0xA3, 0x0B, 0x16, 0x2C, 0x58, 0xB0, 0x2D, | ||
392 | 0x5A, 0xB4, 0x25, 0x4A, 0x94, 0x65, 0xCA, 0xD9, 0xFF, 0xB3, 0x2B, 0x56, | ||
393 | 0xAC, 0x15, 0x2A, 0x54, 0xA8, 0x1D, 0x3A, 0x74, 0xE8, 0x9D, 0x77, 0xEE, | ||
394 | 0x91, 0x6F, 0xDE, 0xF1, 0xAF, 0x13, 0x26, 0x4C, 0x98, 0x7D, 0xFA, 0xB9, | ||
395 | 0x3F, 0x7E, 0xFC, 0xB5, 0x27, 0x4E, 0x9C, 0x75, 0xEA, 0x99, 0x7F, 0xFE, | ||
396 | 0xB1, 0x2F, 0x5E, 0xBC, 0x35, 0x6A, 0xD4, 0xE5, 0x87, 0x43, 0x86, 0x41, | ||
397 | 0x82, 0x49, 0x92, 0x69, 0xD2, 0xE9, 0x9F, 0x73, 0xE6, 0x81, 0x4F, 0x9E, | ||
398 | 0x71, 0xE2, 0x89, 0x5F, 0xBE, 0x31, 0x62, 0xC4, 0xC5, 0xC7, 0xC3, 0xCB | ||
399 | }; | ||
400 | |||
401 | |||
402 | /* The table constants are indices of | ||
403 | * S-box entries, preprocessed through q0 and q1. */ | ||
404 | static const u8 calc_sb_tbl[512] = { | ||
405 | 0xA9, 0x75, 0x67, 0xF3, 0xB3, 0xC6, 0xE8, 0xF4, | ||
406 | 0x04, 0xDB, 0xFD, 0x7B, 0xA3, 0xFB, 0x76, 0xC8, | ||
407 | 0x9A, 0x4A, 0x92, 0xD3, 0x80, 0xE6, 0x78, 0x6B, | ||
408 | 0xE4, 0x45, 0xDD, 0x7D, 0xD1, 0xE8, 0x38, 0x4B, | ||
409 | 0x0D, 0xD6, 0xC6, 0x32, 0x35, 0xD8, 0x98, 0xFD, | ||
410 | 0x18, 0x37, 0xF7, 0x71, 0xEC, 0xF1, 0x6C, 0xE1, | ||
411 | 0x43, 0x30, 0x75, 0x0F, 0x37, 0xF8, 0x26, 0x1B, | ||
412 | 0xFA, 0x87, 0x13, 0xFA, 0x94, 0x06, 0x48, 0x3F, | ||
413 | 0xF2, 0x5E, 0xD0, 0xBA, 0x8B, 0xAE, 0x30, 0x5B, | ||
414 | 0x84, 0x8A, 0x54, 0x00, 0xDF, 0xBC, 0x23, 0x9D, | ||
415 | 0x19, 0x6D, 0x5B, 0xC1, 0x3D, 0xB1, 0x59, 0x0E, | ||
416 | 0xF3, 0x80, 0xAE, 0x5D, 0xA2, 0xD2, 0x82, 0xD5, | ||
417 | 0x63, 0xA0, 0x01, 0x84, 0x83, 0x07, 0x2E, 0x14, | ||
418 | 0xD9, 0xB5, 0x51, 0x90, 0x9B, 0x2C, 0x7C, 0xA3, | ||
419 | 0xA6, 0xB2, 0xEB, 0x73, 0xA5, 0x4C, 0xBE, 0x54, | ||
420 | 0x16, 0x92, 0x0C, 0x74, 0xE3, 0x36, 0x61, 0x51, | ||
421 | 0xC0, 0x38, 0x8C, 0xB0, 0x3A, 0xBD, 0xF5, 0x5A, | ||
422 | 0x73, 0xFC, 0x2C, 0x60, 0x25, 0x62, 0x0B, 0x96, | ||
423 | 0xBB, 0x6C, 0x4E, 0x42, 0x89, 0xF7, 0x6B, 0x10, | ||
424 | 0x53, 0x7C, 0x6A, 0x28, 0xB4, 0x27, 0xF1, 0x8C, | ||
425 | 0xE1, 0x13, 0xE6, 0x95, 0xBD, 0x9C, 0x45, 0xC7, | ||
426 | 0xE2, 0x24, 0xF4, 0x46, 0xB6, 0x3B, 0x66, 0x70, | ||
427 | 0xCC, 0xCA, 0x95, 0xE3, 0x03, 0x85, 0x56, 0xCB, | ||
428 | 0xD4, 0x11, 0x1C, 0xD0, 0x1E, 0x93, 0xD7, 0xB8, | ||
429 | 0xFB, 0xA6, 0xC3, 0x83, 0x8E, 0x20, 0xB5, 0xFF, | ||
430 | 0xE9, 0x9F, 0xCF, 0x77, 0xBF, 0xC3, 0xBA, 0xCC, | ||
431 | 0xEA, 0x03, 0x77, 0x6F, 0x39, 0x08, 0xAF, 0xBF, | ||
432 | 0x33, 0x40, 0xC9, 0xE7, 0x62, 0x2B, 0x71, 0xE2, | ||
433 | 0x81, 0x79, 0x79, 0x0C, 0x09, 0xAA, 0xAD, 0x82, | ||
434 | 0x24, 0x41, 0xCD, 0x3A, 0xF9, 0xEA, 0xD8, 0xB9, | ||
435 | 0xE5, 0xE4, 0xC5, 0x9A, 0xB9, 0xA4, 0x4D, 0x97, | ||
436 | 0x44, 0x7E, 0x08, 0xDA, 0x86, 0x7A, 0xE7, 0x17, | ||
437 | 0xA1, 0x66, 0x1D, 0x94, 0xAA, 0xA1, 0xED, 0x1D, | ||
438 | 0x06, 0x3D, 0x70, 0xF0, 0xB2, 0xDE, 0xD2, 0xB3, | ||
439 | 0x41, 0x0B, 0x7B, 0x72, 0xA0, 0xA7, 0x11, 0x1C, | ||
440 | 0x31, 0xEF, 0xC2, 0xD1, 0x27, 0x53, 0x90, 0x3E, | ||
441 | 0x20, 0x8F, 0xF6, 0x33, 0x60, 0x26, 0xFF, 0x5F, | ||
442 | 0x96, 0xEC, 0x5C, 0x76, 0xB1, 0x2A, 0xAB, 0x49, | ||
443 | 0x9E, 0x81, 0x9C, 0x88, 0x52, 0xEE, 0x1B, 0x21, | ||
444 | 0x5F, 0xC4, 0x93, 0x1A, 0x0A, 0xEB, 0xEF, 0xD9, | ||
445 | 0x91, 0xC5, 0x85, 0x39, 0x49, 0x99, 0xEE, 0xCD, | ||
446 | 0x2D, 0xAD, 0x4F, 0x31, 0x8F, 0x8B, 0x3B, 0x01, | ||
447 | 0x47, 0x18, 0x87, 0x23, 0x6D, 0xDD, 0x46, 0x1F, | ||
448 | 0xD6, 0x4E, 0x3E, 0x2D, 0x69, 0xF9, 0x64, 0x48, | ||
449 | 0x2A, 0x4F, 0xCE, 0xF2, 0xCB, 0x65, 0x2F, 0x8E, | ||
450 | 0xFC, 0x78, 0x97, 0x5C, 0x05, 0x58, 0x7A, 0x19, | ||
451 | 0xAC, 0x8D, 0x7F, 0xE5, 0xD5, 0x98, 0x1A, 0x57, | ||
452 | 0x4B, 0x67, 0x0E, 0x7F, 0xA7, 0x05, 0x5A, 0x64, | ||
453 | 0x28, 0xAF, 0x14, 0x63, 0x3F, 0xB6, 0x29, 0xFE, | ||
454 | 0x88, 0xF5, 0x3C, 0xB7, 0x4C, 0x3C, 0x02, 0xA5, | ||
455 | 0xB8, 0xCE, 0xDA, 0xE9, 0xB0, 0x68, 0x17, 0x44, | ||
456 | 0x55, 0xE0, 0x1F, 0x4D, 0x8A, 0x43, 0x7D, 0x69, | ||
457 | 0x57, 0x29, 0xC7, 0x2E, 0x8D, 0xAC, 0x74, 0x15, | ||
458 | 0xB7, 0x59, 0xC4, 0xA8, 0x9F, 0x0A, 0x72, 0x9E, | ||
459 | 0x7E, 0x6E, 0x15, 0x47, 0x22, 0xDF, 0x12, 0x34, | ||
460 | 0x58, 0x35, 0x07, 0x6A, 0x99, 0xCF, 0x34, 0xDC, | ||
461 | 0x6E, 0x22, 0x50, 0xC9, 0xDE, 0xC0, 0x68, 0x9B, | ||
462 | 0x65, 0x89, 0xBC, 0xD4, 0xDB, 0xED, 0xF8, 0xAB, | ||
463 | 0xC8, 0x12, 0xA8, 0xA2, 0x2B, 0x0D, 0x40, 0x52, | ||
464 | 0xDC, 0xBB, 0xFE, 0x02, 0x32, 0x2F, 0xA4, 0xA9, | ||
465 | 0xCA, 0xD7, 0x10, 0x61, 0x21, 0x1E, 0xF0, 0xB4, | ||
466 | 0xD3, 0x50, 0x5D, 0x04, 0x0F, 0xF6, 0x00, 0xC2, | ||
467 | 0x6F, 0x16, 0x9D, 0x25, 0x36, 0x86, 0x42, 0x56, | ||
468 | 0x4A, 0x55, 0x5E, 0x09, 0xC1, 0xBE, 0xE0, 0x91 | ||
469 | }; | ||
470 | |||
471 | /* Macro to perform one column of the RS matrix multiplication. The | ||
472 | * parameters a, b, c, and d are the four bytes of output; i is the index | ||
473 | * of the key bytes, and w, x, y, and z, are the column of constants from | ||
474 | * the RS matrix, preprocessed through the poly_to_exp table. */ | ||
475 | |||
476 | #define CALC_S(a, b, c, d, i, w, x, y, z) \ | ||
477 | if (key[i]) { \ | ||
478 | tmp = poly_to_exp[key[i] - 1]; \ | ||
479 | (a) ^= exp_to_poly[tmp + (w)]; \ | ||
480 | (b) ^= exp_to_poly[tmp + (x)]; \ | ||
481 | (c) ^= exp_to_poly[tmp + (y)]; \ | ||
482 | (d) ^= exp_to_poly[tmp + (z)]; \ | ||
483 | } | ||
484 | |||
485 | /* Macros to calculate the key-dependent S-boxes for a 128-bit key using | ||
486 | * the S vector from CALC_S. CALC_SB_2 computes a single entry in all | ||
487 | * four S-boxes, where i is the index of the entry to compute, and a and b | ||
488 | * are the index numbers preprocessed through the q0 and q1 tables | ||
489 | * respectively. */ | ||
490 | |||
491 | #define CALC_SB_2(i, a, b) \ | ||
492 | ctx->s[0][i] = mds[0][q0[(a) ^ sa] ^ se]; \ | ||
493 | ctx->s[1][i] = mds[1][q0[(b) ^ sb] ^ sf]; \ | ||
494 | ctx->s[2][i] = mds[2][q1[(a) ^ sc] ^ sg]; \ | ||
495 | ctx->s[3][i] = mds[3][q1[(b) ^ sd] ^ sh] | ||
496 | |||
497 | /* Macro exactly like CALC_SB_2, but for 192-bit keys. */ | ||
498 | |||
499 | #define CALC_SB192_2(i, a, b) \ | ||
500 | ctx->s[0][i] = mds[0][q0[q0[(b) ^ sa] ^ se] ^ si]; \ | ||
501 | ctx->s[1][i] = mds[1][q0[q1[(b) ^ sb] ^ sf] ^ sj]; \ | ||
502 | ctx->s[2][i] = mds[2][q1[q0[(a) ^ sc] ^ sg] ^ sk]; \ | ||
503 | ctx->s[3][i] = mds[3][q1[q1[(a) ^ sd] ^ sh] ^ sl]; | ||
504 | |||
505 | /* Macro exactly like CALC_SB_2, but for 256-bit keys. */ | ||
506 | |||
507 | #define CALC_SB256_2(i, a, b) \ | ||
508 | ctx->s[0][i] = mds[0][q0[q0[q1[(b) ^ sa] ^ se] ^ si] ^ sm]; \ | ||
509 | ctx->s[1][i] = mds[1][q0[q1[q1[(a) ^ sb] ^ sf] ^ sj] ^ sn]; \ | ||
510 | ctx->s[2][i] = mds[2][q1[q0[q0[(a) ^ sc] ^ sg] ^ sk] ^ so]; \ | ||
511 | ctx->s[3][i] = mds[3][q1[q1[q0[(b) ^ sd] ^ sh] ^ sl] ^ sp]; | ||
512 | |||
513 | /* Macros to calculate the whitening and round subkeys. CALC_K_2 computes the | ||
514 | * last two stages of the h() function for a given index (either 2i or 2i+1). | ||
515 | * a, b, c, and d are the four bytes going into the last two stages. For | ||
516 | * 128-bit keys, this is the entire h() function and a and c are the index | ||
517 | * preprocessed through q0 and q1 respectively; for longer keys they are the | ||
518 | * output of previous stages. j is the index of the first key byte to use. | ||
519 | * CALC_K computes a pair of subkeys for 128-bit Twofish, by calling CALC_K_2 | ||
520 | * twice, doing the Pseudo-Hadamard Transform, and doing the necessary | ||
521 | * rotations. Its parameters are: a, the array to write the results into, | ||
522 | * j, the index of the first output entry, k and l, the preprocessed indices | ||
523 | * for index 2i, and m and n, the preprocessed indices for index 2i+1. | ||
524 | * CALC_K192_2 expands CALC_K_2 to handle 192-bit keys, by doing an | ||
525 | * additional lookup-and-XOR stage. The parameters a, b, c and d are the | ||
526 | * four bytes going into the last three stages. For 192-bit keys, c = d | ||
527 | * are the index preprocessed through q0, and a = b are the index | ||
528 | * preprocessed through q1; j is the index of the first key byte to use. | ||
529 | * CALC_K192 is identical to CALC_K but for using the CALC_K192_2 macro | ||
530 | * instead of CALC_K_2. | ||
531 | * CALC_K256_2 expands CALC_K192_2 to handle 256-bit keys, by doing an | ||
532 | * additional lookup-and-XOR stage. The parameters a and b are the index | ||
533 | * preprocessed through q0 and q1 respectively; j is the index of the first | ||
534 | * key byte to use. CALC_K256 is identical to CALC_K but for using the | ||
535 | * CALC_K256_2 macro instead of CALC_K_2. */ | ||
536 | |||
537 | #define CALC_K_2(a, b, c, d, j) \ | ||
538 | mds[0][q0[a ^ key[(j) + 8]] ^ key[j]] \ | ||
539 | ^ mds[1][q0[b ^ key[(j) + 9]] ^ key[(j) + 1]] \ | ||
540 | ^ mds[2][q1[c ^ key[(j) + 10]] ^ key[(j) + 2]] \ | ||
541 | ^ mds[3][q1[d ^ key[(j) + 11]] ^ key[(j) + 3]] | ||
542 | |||
543 | #define CALC_K(a, j, k, l, m, n) \ | ||
544 | x = CALC_K_2 (k, l, k, l, 0); \ | ||
545 | y = CALC_K_2 (m, n, m, n, 4); \ | ||
546 | y = rol32(y, 8); \ | ||
547 | x += y; y += x; ctx->a[j] = x; \ | ||
548 | ctx->a[(j) + 1] = rol32(y, 9) | ||
549 | |||
550 | #define CALC_K192_2(a, b, c, d, j) \ | ||
551 | CALC_K_2 (q0[a ^ key[(j) + 16]], \ | ||
552 | q1[b ^ key[(j) + 17]], \ | ||
553 | q0[c ^ key[(j) + 18]], \ | ||
554 | q1[d ^ key[(j) + 19]], j) | ||
555 | |||
556 | #define CALC_K192(a, j, k, l, m, n) \ | ||
557 | x = CALC_K192_2 (l, l, k, k, 0); \ | ||
558 | y = CALC_K192_2 (n, n, m, m, 4); \ | ||
559 | y = rol32(y, 8); \ | ||
560 | x += y; y += x; ctx->a[j] = x; \ | ||
561 | ctx->a[(j) + 1] = rol32(y, 9) | ||
562 | |||
563 | #define CALC_K256_2(a, b, j) \ | ||
564 | CALC_K192_2 (q1[b ^ key[(j) + 24]], \ | ||
565 | q1[a ^ key[(j) + 25]], \ | ||
566 | q0[a ^ key[(j) + 26]], \ | ||
567 | q0[b ^ key[(j) + 27]], j) | ||
568 | |||
569 | #define CALC_K256(a, j, k, l, m, n) \ | ||
570 | x = CALC_K256_2 (k, l, 0); \ | ||
571 | y = CALC_K256_2 (m, n, 4); \ | ||
572 | y = rol32(y, 8); \ | ||
573 | x += y; y += x; ctx->a[j] = x; \ | ||
574 | ctx->a[(j) + 1] = rol32(y, 9) | ||
575 | |||
576 | |||
577 | /* Macros to compute the g() function in the encryption and decryption | 50 | /* Macros to compute the g() function in the encryption and decryption |
578 | * rounds. G1 is the straight g() function; G2 includes the 8-bit | 51 | * rounds. G1 is the straight g() function; G2 includes the 8-bit |
579 | * rotation for the high 32-bit word. */ | 52 | * rotation for the high 32-bit word. */ |
@@ -630,176 +103,7 @@ static const u8 calc_sb_tbl[512] = { | |||
630 | x ^= ctx->w[m]; \ | 103 | x ^= ctx->w[m]; \ |
631 | dst[n] = cpu_to_le32(x) | 104 | dst[n] = cpu_to_le32(x) |
632 | 105 | ||
633 | #define TF_MIN_KEY_SIZE 16 | ||
634 | #define TF_MAX_KEY_SIZE 32 | ||
635 | #define TF_BLOCK_SIZE 16 | ||
636 | |||
637 | /* Structure for an expanded Twofish key. s contains the key-dependent | ||
638 | * S-boxes composed with the MDS matrix; w contains the eight "whitening" | ||
639 | * subkeys, K[0] through K[7]. k holds the remaining, "round" subkeys. Note | ||
640 | * that k[i] corresponds to what the Twofish paper calls K[i+8]. */ | ||
641 | struct twofish_ctx { | ||
642 | u32 s[4][256], w[8], k[32]; | ||
643 | }; | ||
644 | |||
645 | /* Perform the key setup. */ | ||
646 | static int twofish_setkey(struct crypto_tfm *tfm, const u8 *key, | ||
647 | unsigned int key_len, u32 *flags) | ||
648 | { | ||
649 | |||
650 | struct twofish_ctx *ctx = crypto_tfm_ctx(tfm); | ||
651 | 106 | ||
652 | int i, j, k; | ||
653 | |||
654 | /* Temporaries for CALC_K. */ | ||
655 | u32 x, y; | ||
656 | |||
657 | /* The S vector used to key the S-boxes, split up into individual bytes. | ||
658 | * 128-bit keys use only sa through sh; 256-bit use all of them. */ | ||
659 | u8 sa = 0, sb = 0, sc = 0, sd = 0, se = 0, sf = 0, sg = 0, sh = 0; | ||
660 | u8 si = 0, sj = 0, sk = 0, sl = 0, sm = 0, sn = 0, so = 0, sp = 0; | ||
661 | |||
662 | /* Temporary for CALC_S. */ | ||
663 | u8 tmp; | ||
664 | |||
665 | /* Check key length. */ | ||
666 | if (key_len != 16 && key_len != 24 && key_len != 32) | ||
667 | { | ||
668 | *flags |= CRYPTO_TFM_RES_BAD_KEY_LEN; | ||
669 | return -EINVAL; /* unsupported key length */ | ||
670 | } | ||
671 | |||
672 | /* Compute the first two words of the S vector. The magic numbers are | ||
673 | * the entries of the RS matrix, preprocessed through poly_to_exp. The | ||
674 | * numbers in the comments are the original (polynomial form) matrix | ||
675 | * entries. */ | ||
676 | CALC_S (sa, sb, sc, sd, 0, 0x00, 0x2D, 0x01, 0x2D); /* 01 A4 02 A4 */ | ||
677 | CALC_S (sa, sb, sc, sd, 1, 0x2D, 0xA4, 0x44, 0x8A); /* A4 56 A1 55 */ | ||
678 | CALC_S (sa, sb, sc, sd, 2, 0x8A, 0xD5, 0xBF, 0xD1); /* 55 82 FC 87 */ | ||
679 | CALC_S (sa, sb, sc, sd, 3, 0xD1, 0x7F, 0x3D, 0x99); /* 87 F3 C1 5A */ | ||
680 | CALC_S (sa, sb, sc, sd, 4, 0x99, 0x46, 0x66, 0x96); /* 5A 1E 47 58 */ | ||
681 | CALC_S (sa, sb, sc, sd, 5, 0x96, 0x3C, 0x5B, 0xED); /* 58 C6 AE DB */ | ||
682 | CALC_S (sa, sb, sc, sd, 6, 0xED, 0x37, 0x4F, 0xE0); /* DB 68 3D 9E */ | ||
683 | CALC_S (sa, sb, sc, sd, 7, 0xE0, 0xD0, 0x8C, 0x17); /* 9E E5 19 03 */ | ||
684 | CALC_S (se, sf, sg, sh, 8, 0x00, 0x2D, 0x01, 0x2D); /* 01 A4 02 A4 */ | ||
685 | CALC_S (se, sf, sg, sh, 9, 0x2D, 0xA4, 0x44, 0x8A); /* A4 56 A1 55 */ | ||
686 | CALC_S (se, sf, sg, sh, 10, 0x8A, 0xD5, 0xBF, 0xD1); /* 55 82 FC 87 */ | ||
687 | CALC_S (se, sf, sg, sh, 11, 0xD1, 0x7F, 0x3D, 0x99); /* 87 F3 C1 5A */ | ||
688 | CALC_S (se, sf, sg, sh, 12, 0x99, 0x46, 0x66, 0x96); /* 5A 1E 47 58 */ | ||
689 | CALC_S (se, sf, sg, sh, 13, 0x96, 0x3C, 0x5B, 0xED); /* 58 C6 AE DB */ | ||
690 | CALC_S (se, sf, sg, sh, 14, 0xED, 0x37, 0x4F, 0xE0); /* DB 68 3D 9E */ | ||
691 | CALC_S (se, sf, sg, sh, 15, 0xE0, 0xD0, 0x8C, 0x17); /* 9E E5 19 03 */ | ||
692 | |||
693 | if (key_len == 24 || key_len == 32) { /* 192- or 256-bit key */ | ||
694 | /* Calculate the third word of the S vector */ | ||
695 | CALC_S (si, sj, sk, sl, 16, 0x00, 0x2D, 0x01, 0x2D); /* 01 A4 02 A4 */ | ||
696 | CALC_S (si, sj, sk, sl, 17, 0x2D, 0xA4, 0x44, 0x8A); /* A4 56 A1 55 */ | ||
697 | CALC_S (si, sj, sk, sl, 18, 0x8A, 0xD5, 0xBF, 0xD1); /* 55 82 FC 87 */ | ||
698 | CALC_S (si, sj, sk, sl, 19, 0xD1, 0x7F, 0x3D, 0x99); /* 87 F3 C1 5A */ | ||
699 | CALC_S (si, sj, sk, sl, 20, 0x99, 0x46, 0x66, 0x96); /* 5A 1E 47 58 */ | ||
700 | CALC_S (si, sj, sk, sl, 21, 0x96, 0x3C, 0x5B, 0xED); /* 58 C6 AE DB */ | ||
701 | CALC_S (si, sj, sk, sl, 22, 0xED, 0x37, 0x4F, 0xE0); /* DB 68 3D 9E */ | ||
702 | CALC_S (si, sj, sk, sl, 23, 0xE0, 0xD0, 0x8C, 0x17); /* 9E E5 19 03 */ | ||
703 | } | ||
704 | |||
705 | if (key_len == 32) { /* 256-bit key */ | ||
706 | /* Calculate the fourth word of the S vector */ | ||
707 | CALC_S (sm, sn, so, sp, 24, 0x00, 0x2D, 0x01, 0x2D); /* 01 A4 02 A4 */ | ||
708 | CALC_S (sm, sn, so, sp, 25, 0x2D, 0xA4, 0x44, 0x8A); /* A4 56 A1 55 */ | ||
709 | CALC_S (sm, sn, so, sp, 26, 0x8A, 0xD5, 0xBF, 0xD1); /* 55 82 FC 87 */ | ||
710 | CALC_S (sm, sn, so, sp, 27, 0xD1, 0x7F, 0x3D, 0x99); /* 87 F3 C1 5A */ | ||
711 | CALC_S (sm, sn, so, sp, 28, 0x99, 0x46, 0x66, 0x96); /* 5A 1E 47 58 */ | ||
712 | CALC_S (sm, sn, so, sp, 29, 0x96, 0x3C, 0x5B, 0xED); /* 58 C6 AE DB */ | ||
713 | CALC_S (sm, sn, so, sp, 30, 0xED, 0x37, 0x4F, 0xE0); /* DB 68 3D 9E */ | ||
714 | CALC_S (sm, sn, so, sp, 31, 0xE0, 0xD0, 0x8C, 0x17); /* 9E E5 19 03 */ | ||
715 | |||
716 | /* Compute the S-boxes. */ | ||
717 | for ( i = j = 0, k = 1; i < 256; i++, j += 2, k += 2 ) { | ||
718 | CALC_SB256_2( i, calc_sb_tbl[j], calc_sb_tbl[k] ); | ||
719 | } | ||
720 | |||
721 | /* Calculate whitening and round subkeys. The constants are | ||
722 | * indices of subkeys, preprocessed through q0 and q1. */ | ||
723 | CALC_K256 (w, 0, 0xA9, 0x75, 0x67, 0xF3); | ||
724 | CALC_K256 (w, 2, 0xB3, 0xC6, 0xE8, 0xF4); | ||
725 | CALC_K256 (w, 4, 0x04, 0xDB, 0xFD, 0x7B); | ||
726 | CALC_K256 (w, 6, 0xA3, 0xFB, 0x76, 0xC8); | ||
727 | CALC_K256 (k, 0, 0x9A, 0x4A, 0x92, 0xD3); | ||
728 | CALC_K256 (k, 2, 0x80, 0xE6, 0x78, 0x6B); | ||
729 | CALC_K256 (k, 4, 0xE4, 0x45, 0xDD, 0x7D); | ||
730 | CALC_K256 (k, 6, 0xD1, 0xE8, 0x38, 0x4B); | ||
731 | CALC_K256 (k, 8, 0x0D, 0xD6, 0xC6, 0x32); | ||
732 | CALC_K256 (k, 10, 0x35, 0xD8, 0x98, 0xFD); | ||
733 | CALC_K256 (k, 12, 0x18, 0x37, 0xF7, 0x71); | ||
734 | CALC_K256 (k, 14, 0xEC, 0xF1, 0x6C, 0xE1); | ||
735 | CALC_K256 (k, 16, 0x43, 0x30, 0x75, 0x0F); | ||
736 | CALC_K256 (k, 18, 0x37, 0xF8, 0x26, 0x1B); | ||
737 | CALC_K256 (k, 20, 0xFA, 0x87, 0x13, 0xFA); | ||
738 | CALC_K256 (k, 22, 0x94, 0x06, 0x48, 0x3F); | ||
739 | CALC_K256 (k, 24, 0xF2, 0x5E, 0xD0, 0xBA); | ||
740 | CALC_K256 (k, 26, 0x8B, 0xAE, 0x30, 0x5B); | ||
741 | CALC_K256 (k, 28, 0x84, 0x8A, 0x54, 0x00); | ||
742 | CALC_K256 (k, 30, 0xDF, 0xBC, 0x23, 0x9D); | ||
743 | } else if (key_len == 24) { /* 192-bit key */ | ||
744 | /* Compute the S-boxes. */ | ||
745 | for ( i = j = 0, k = 1; i < 256; i++, j += 2, k += 2 ) { | ||
746 | CALC_SB192_2( i, calc_sb_tbl[j], calc_sb_tbl[k] ); | ||
747 | } | ||
748 | |||
749 | /* Calculate whitening and round subkeys. The constants are | ||
750 | * indices of subkeys, preprocessed through q0 and q1. */ | ||
751 | CALC_K192 (w, 0, 0xA9, 0x75, 0x67, 0xF3); | ||
752 | CALC_K192 (w, 2, 0xB3, 0xC6, 0xE8, 0xF4); | ||
753 | CALC_K192 (w, 4, 0x04, 0xDB, 0xFD, 0x7B); | ||
754 | CALC_K192 (w, 6, 0xA3, 0xFB, 0x76, 0xC8); | ||
755 | CALC_K192 (k, 0, 0x9A, 0x4A, 0x92, 0xD3); | ||
756 | CALC_K192 (k, 2, 0x80, 0xE6, 0x78, 0x6B); | ||
757 | CALC_K192 (k, 4, 0xE4, 0x45, 0xDD, 0x7D); | ||
758 | CALC_K192 (k, 6, 0xD1, 0xE8, 0x38, 0x4B); | ||
759 | CALC_K192 (k, 8, 0x0D, 0xD6, 0xC6, 0x32); | ||
760 | CALC_K192 (k, 10, 0x35, 0xD8, 0x98, 0xFD); | ||
761 | CALC_K192 (k, 12, 0x18, 0x37, 0xF7, 0x71); | ||
762 | CALC_K192 (k, 14, 0xEC, 0xF1, 0x6C, 0xE1); | ||
763 | CALC_K192 (k, 16, 0x43, 0x30, 0x75, 0x0F); | ||
764 | CALC_K192 (k, 18, 0x37, 0xF8, 0x26, 0x1B); | ||
765 | CALC_K192 (k, 20, 0xFA, 0x87, 0x13, 0xFA); | ||
766 | CALC_K192 (k, 22, 0x94, 0x06, 0x48, 0x3F); | ||
767 | CALC_K192 (k, 24, 0xF2, 0x5E, 0xD0, 0xBA); | ||
768 | CALC_K192 (k, 26, 0x8B, 0xAE, 0x30, 0x5B); | ||
769 | CALC_K192 (k, 28, 0x84, 0x8A, 0x54, 0x00); | ||
770 | CALC_K192 (k, 30, 0xDF, 0xBC, 0x23, 0x9D); | ||
771 | } else { /* 128-bit key */ | ||
772 | /* Compute the S-boxes. */ | ||
773 | for ( i = j = 0, k = 1; i < 256; i++, j += 2, k += 2 ) { | ||
774 | CALC_SB_2( i, calc_sb_tbl[j], calc_sb_tbl[k] ); | ||
775 | } | ||
776 | |||
777 | /* Calculate whitening and round subkeys. The constants are | ||
778 | * indices of subkeys, preprocessed through q0 and q1. */ | ||
779 | CALC_K (w, 0, 0xA9, 0x75, 0x67, 0xF3); | ||
780 | CALC_K (w, 2, 0xB3, 0xC6, 0xE8, 0xF4); | ||
781 | CALC_K (w, 4, 0x04, 0xDB, 0xFD, 0x7B); | ||
782 | CALC_K (w, 6, 0xA3, 0xFB, 0x76, 0xC8); | ||
783 | CALC_K (k, 0, 0x9A, 0x4A, 0x92, 0xD3); | ||
784 | CALC_K (k, 2, 0x80, 0xE6, 0x78, 0x6B); | ||
785 | CALC_K (k, 4, 0xE4, 0x45, 0xDD, 0x7D); | ||
786 | CALC_K (k, 6, 0xD1, 0xE8, 0x38, 0x4B); | ||
787 | CALC_K (k, 8, 0x0D, 0xD6, 0xC6, 0x32); | ||
788 | CALC_K (k, 10, 0x35, 0xD8, 0x98, 0xFD); | ||
789 | CALC_K (k, 12, 0x18, 0x37, 0xF7, 0x71); | ||
790 | CALC_K (k, 14, 0xEC, 0xF1, 0x6C, 0xE1); | ||
791 | CALC_K (k, 16, 0x43, 0x30, 0x75, 0x0F); | ||
792 | CALC_K (k, 18, 0x37, 0xF8, 0x26, 0x1B); | ||
793 | CALC_K (k, 20, 0xFA, 0x87, 0x13, 0xFA); | ||
794 | CALC_K (k, 22, 0x94, 0x06, 0x48, 0x3F); | ||
795 | CALC_K (k, 24, 0xF2, 0x5E, 0xD0, 0xBA); | ||
796 | CALC_K (k, 26, 0x8B, 0xAE, 0x30, 0x5B); | ||
797 | CALC_K (k, 28, 0x84, 0x8A, 0x54, 0x00); | ||
798 | CALC_K (k, 30, 0xDF, 0xBC, 0x23, 0x9D); | ||
799 | } | ||
800 | |||
801 | return 0; | ||
802 | } | ||
803 | 107 | ||
804 | /* Encrypt one block. in and out may be the same. */ | 108 | /* Encrypt one block. in and out may be the same. */ |
805 | static void twofish_encrypt(struct crypto_tfm *tfm, u8 *out, const u8 *in) | 109 | static void twofish_encrypt(struct crypto_tfm *tfm, u8 *out, const u8 *in) |
@@ -877,6 +181,8 @@ static void twofish_decrypt(struct crypto_tfm *tfm, u8 *out, const u8 *in) | |||
877 | 181 | ||
878 | static struct crypto_alg alg = { | 182 | static struct crypto_alg alg = { |
879 | .cra_name = "twofish", | 183 | .cra_name = "twofish", |
184 | .cra_driver_name = "twofish-generic", | ||
185 | .cra_priority = 100, | ||
880 | .cra_flags = CRYPTO_ALG_TYPE_CIPHER, | 186 | .cra_flags = CRYPTO_ALG_TYPE_CIPHER, |
881 | .cra_blocksize = TF_BLOCK_SIZE, | 187 | .cra_blocksize = TF_BLOCK_SIZE, |
882 | .cra_ctxsize = sizeof(struct twofish_ctx), | 188 | .cra_ctxsize = sizeof(struct twofish_ctx), |
diff --git a/crypto/twofish_common.c b/crypto/twofish_common.c new file mode 100644 index 000000000000..b4b9c0c3f4ae --- /dev/null +++ b/crypto/twofish_common.c | |||
@@ -0,0 +1,744 @@ | |||
1 | /* | ||
2 | * Common Twofish algorithm parts shared between the c and assembler | ||
3 | * implementations | ||
4 | * | ||
5 | * Originally Twofish for GPG | ||
6 | * By Matthew Skala <mskala@ansuz.sooke.bc.ca>, July 26, 1998 | ||
7 | * 256-bit key length added March 20, 1999 | ||
8 | * Some modifications to reduce the text size by Werner Koch, April, 1998 | ||
9 | * Ported to the kerneli patch by Marc Mutz <Marc@Mutz.com> | ||
10 | * Ported to CryptoAPI by Colin Slater <hoho@tacomeat.net> | ||
11 | * | ||
12 | * The original author has disclaimed all copyright interest in this | ||
13 | * code and thus put it in the public domain. The subsequent authors | ||
14 | * have put this under the GNU General Public License. | ||
15 | * | ||
16 | * This program is free software; you can redistribute it and/or modify | ||
17 | * it under the terms of the GNU General Public License as published by | ||
18 | * the Free Software Foundation; either version 2 of the License, or | ||
19 | * (at your option) any later version. | ||
20 | * | ||
21 | * This program is distributed in the hope that it will be useful, | ||
22 | * but WITHOUT ANY WARRANTY; without even the implied warranty of | ||
23 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | ||
24 | * GNU General Public License for more details. | ||
25 | * | ||
26 | * You should have received a copy of the GNU General Public License | ||
27 | * along with this program; if not, write to the Free Software | ||
28 | * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 | ||
29 | * USA | ||
30 | * | ||
31 | * This code is a "clean room" implementation, written from the paper | ||
32 | * _Twofish: A 128-Bit Block Cipher_ by Bruce Schneier, John Kelsey, | ||
33 | * Doug Whiting, David Wagner, Chris Hall, and Niels Ferguson, available | ||
34 | * through http://www.counterpane.com/twofish.html | ||
35 | * | ||
36 | * For background information on multiplication in finite fields, used for | ||
37 | * the matrix operations in the key schedule, see the book _Contemporary | ||
38 | * Abstract Algebra_ by Joseph A. Gallian, especially chapter 22 in the | ||
39 | * Third Edition. | ||
40 | */ | ||
41 | |||
42 | #include <crypto/twofish.h> | ||
43 | #include <linux/bitops.h> | ||
44 | #include <linux/crypto.h> | ||
45 | #include <linux/errno.h> | ||
46 | #include <linux/init.h> | ||
47 | #include <linux/kernel.h> | ||
48 | #include <linux/module.h> | ||
49 | #include <linux/types.h> | ||
50 | |||
51 | |||
52 | /* The large precomputed tables for the Twofish cipher (twofish.c) | ||
53 | * Taken from the same source as twofish.c | ||
54 | * Marc Mutz <Marc@Mutz.com> | ||
55 | */ | ||
56 | |||
57 | /* These two tables are the q0 and q1 permutations, exactly as described in | ||
58 | * the Twofish paper. */ | ||
59 | |||
60 | static const u8 q0[256] = { | ||
61 | 0xA9, 0x67, 0xB3, 0xE8, 0x04, 0xFD, 0xA3, 0x76, 0x9A, 0x92, 0x80, 0x78, | ||
62 | 0xE4, 0xDD, 0xD1, 0x38, 0x0D, 0xC6, 0x35, 0x98, 0x18, 0xF7, 0xEC, 0x6C, | ||
63 | 0x43, 0x75, 0x37, 0x26, 0xFA, 0x13, 0x94, 0x48, 0xF2, 0xD0, 0x8B, 0x30, | ||
64 | 0x84, 0x54, 0xDF, 0x23, 0x19, 0x5B, 0x3D, 0x59, 0xF3, 0xAE, 0xA2, 0x82, | ||
65 | 0x63, 0x01, 0x83, 0x2E, 0xD9, 0x51, 0x9B, 0x7C, 0xA6, 0xEB, 0xA5, 0xBE, | ||
66 | 0x16, 0x0C, 0xE3, 0x61, 0xC0, 0x8C, 0x3A, 0xF5, 0x73, 0x2C, 0x25, 0x0B, | ||
67 | 0xBB, 0x4E, 0x89, 0x6B, 0x53, 0x6A, 0xB4, 0xF1, 0xE1, 0xE6, 0xBD, 0x45, | ||
68 | 0xE2, 0xF4, 0xB6, 0x66, 0xCC, 0x95, 0x03, 0x56, 0xD4, 0x1C, 0x1E, 0xD7, | ||
69 | 0xFB, 0xC3, 0x8E, 0xB5, 0xE9, 0xCF, 0xBF, 0xBA, 0xEA, 0x77, 0x39, 0xAF, | ||
70 | 0x33, 0xC9, 0x62, 0x71, 0x81, 0x79, 0x09, 0xAD, 0x24, 0xCD, 0xF9, 0xD8, | ||
71 | 0xE5, 0xC5, 0xB9, 0x4D, 0x44, 0x08, 0x86, 0xE7, 0xA1, 0x1D, 0xAA, 0xED, | ||
72 | 0x06, 0x70, 0xB2, 0xD2, 0x41, 0x7B, 0xA0, 0x11, 0x31, 0xC2, 0x27, 0x90, | ||
73 | 0x20, 0xF6, 0x60, 0xFF, 0x96, 0x5C, 0xB1, 0xAB, 0x9E, 0x9C, 0x52, 0x1B, | ||
74 | 0x5F, 0x93, 0x0A, 0xEF, 0x91, 0x85, 0x49, 0xEE, 0x2D, 0x4F, 0x8F, 0x3B, | ||
75 | 0x47, 0x87, 0x6D, 0x46, 0xD6, 0x3E, 0x69, 0x64, 0x2A, 0xCE, 0xCB, 0x2F, | ||
76 | 0xFC, 0x97, 0x05, 0x7A, 0xAC, 0x7F, 0xD5, 0x1A, 0x4B, 0x0E, 0xA7, 0x5A, | ||
77 | 0x28, 0x14, 0x3F, 0x29, 0x88, 0x3C, 0x4C, 0x02, 0xB8, 0xDA, 0xB0, 0x17, | ||
78 | 0x55, 0x1F, 0x8A, 0x7D, 0x57, 0xC7, 0x8D, 0x74, 0xB7, 0xC4, 0x9F, 0x72, | ||
79 | 0x7E, 0x15, 0x22, 0x12, 0x58, 0x07, 0x99, 0x34, 0x6E, 0x50, 0xDE, 0x68, | ||
80 | 0x65, 0xBC, 0xDB, 0xF8, 0xC8, 0xA8, 0x2B, 0x40, 0xDC, 0xFE, 0x32, 0xA4, | ||
81 | 0xCA, 0x10, 0x21, 0xF0, 0xD3, 0x5D, 0x0F, 0x00, 0x6F, 0x9D, 0x36, 0x42, | ||
82 | 0x4A, 0x5E, 0xC1, 0xE0 | ||
83 | }; | ||
84 | |||
85 | static const u8 q1[256] = { | ||
86 | 0x75, 0xF3, 0xC6, 0xF4, 0xDB, 0x7B, 0xFB, 0xC8, 0x4A, 0xD3, 0xE6, 0x6B, | ||
87 | 0x45, 0x7D, 0xE8, 0x4B, 0xD6, 0x32, 0xD8, 0xFD, 0x37, 0x71, 0xF1, 0xE1, | ||
88 | 0x30, 0x0F, 0xF8, 0x1B, 0x87, 0xFA, 0x06, 0x3F, 0x5E, 0xBA, 0xAE, 0x5B, | ||
89 | 0x8A, 0x00, 0xBC, 0x9D, 0x6D, 0xC1, 0xB1, 0x0E, 0x80, 0x5D, 0xD2, 0xD5, | ||
90 | 0xA0, 0x84, 0x07, 0x14, 0xB5, 0x90, 0x2C, 0xA3, 0xB2, 0x73, 0x4C, 0x54, | ||
91 | 0x92, 0x74, 0x36, 0x51, 0x38, 0xB0, 0xBD, 0x5A, 0xFC, 0x60, 0x62, 0x96, | ||
92 | 0x6C, 0x42, 0xF7, 0x10, 0x7C, 0x28, 0x27, 0x8C, 0x13, 0x95, 0x9C, 0xC7, | ||
93 | 0x24, 0x46, 0x3B, 0x70, 0xCA, 0xE3, 0x85, 0xCB, 0x11, 0xD0, 0x93, 0xB8, | ||
94 | 0xA6, 0x83, 0x20, 0xFF, 0x9F, 0x77, 0xC3, 0xCC, 0x03, 0x6F, 0x08, 0xBF, | ||
95 | 0x40, 0xE7, 0x2B, 0xE2, 0x79, 0x0C, 0xAA, 0x82, 0x41, 0x3A, 0xEA, 0xB9, | ||
96 | 0xE4, 0x9A, 0xA4, 0x97, 0x7E, 0xDA, 0x7A, 0x17, 0x66, 0x94, 0xA1, 0x1D, | ||
97 | 0x3D, 0xF0, 0xDE, 0xB3, 0x0B, 0x72, 0xA7, 0x1C, 0xEF, 0xD1, 0x53, 0x3E, | ||
98 | 0x8F, 0x33, 0x26, 0x5F, 0xEC, 0x76, 0x2A, 0x49, 0x81, 0x88, 0xEE, 0x21, | ||
99 | 0xC4, 0x1A, 0xEB, 0xD9, 0xC5, 0x39, 0x99, 0xCD, 0xAD, 0x31, 0x8B, 0x01, | ||
100 | 0x18, 0x23, 0xDD, 0x1F, 0x4E, 0x2D, 0xF9, 0x48, 0x4F, 0xF2, 0x65, 0x8E, | ||
101 | 0x78, 0x5C, 0x58, 0x19, 0x8D, 0xE5, 0x98, 0x57, 0x67, 0x7F, 0x05, 0x64, | ||
102 | 0xAF, 0x63, 0xB6, 0xFE, 0xF5, 0xB7, 0x3C, 0xA5, 0xCE, 0xE9, 0x68, 0x44, | ||
103 | 0xE0, 0x4D, 0x43, 0x69, 0x29, 0x2E, 0xAC, 0x15, 0x59, 0xA8, 0x0A, 0x9E, | ||
104 | 0x6E, 0x47, 0xDF, 0x34, 0x35, 0x6A, 0xCF, 0xDC, 0x22, 0xC9, 0xC0, 0x9B, | ||
105 | 0x89, 0xD4, 0xED, 0xAB, 0x12, 0xA2, 0x0D, 0x52, 0xBB, 0x02, 0x2F, 0xA9, | ||
106 | 0xD7, 0x61, 0x1E, 0xB4, 0x50, 0x04, 0xF6, 0xC2, 0x16, 0x25, 0x86, 0x56, | ||
107 | 0x55, 0x09, 0xBE, 0x91 | ||
108 | }; | ||
109 | |||
110 | /* These MDS tables are actually tables of MDS composed with q0 and q1, | ||
111 | * because it is only ever used that way and we can save some time by | ||
112 | * precomputing. Of course the main saving comes from precomputing the | ||
113 | * GF(2^8) multiplication involved in the MDS matrix multiply; by looking | ||
114 | * things up in these tables we reduce the matrix multiply to four lookups | ||
115 | * and three XORs. Semi-formally, the definition of these tables is: | ||
116 | * mds[0][i] = MDS (q1[i] 0 0 0)^T mds[1][i] = MDS (0 q0[i] 0 0)^T | ||
117 | * mds[2][i] = MDS (0 0 q1[i] 0)^T mds[3][i] = MDS (0 0 0 q0[i])^T | ||
118 | * where ^T means "transpose", the matrix multiply is performed in GF(2^8) | ||
119 | * represented as GF(2)[x]/v(x) where v(x)=x^8+x^6+x^5+x^3+1 as described | ||
120 | * by Schneier et al, and I'm casually glossing over the byte/word | ||
121 | * conversion issues. */ | ||
122 | |||
123 | static const u32 mds[4][256] = { | ||
124 | { | ||
125 | 0xBCBC3275, 0xECEC21F3, 0x202043C6, 0xB3B3C9F4, 0xDADA03DB, 0x02028B7B, | ||
126 | 0xE2E22BFB, 0x9E9EFAC8, 0xC9C9EC4A, 0xD4D409D3, 0x18186BE6, 0x1E1E9F6B, | ||
127 | 0x98980E45, 0xB2B2387D, 0xA6A6D2E8, 0x2626B74B, 0x3C3C57D6, 0x93938A32, | ||
128 | 0x8282EED8, 0x525298FD, 0x7B7BD437, 0xBBBB3771, 0x5B5B97F1, 0x474783E1, | ||
129 | 0x24243C30, 0x5151E20F, 0xBABAC6F8, 0x4A4AF31B, 0xBFBF4887, 0x0D0D70FA, | ||
130 | 0xB0B0B306, 0x7575DE3F, 0xD2D2FD5E, 0x7D7D20BA, 0x666631AE, 0x3A3AA35B, | ||
131 | 0x59591C8A, 0x00000000, 0xCDCD93BC, 0x1A1AE09D, 0xAEAE2C6D, 0x7F7FABC1, | ||
132 | 0x2B2BC7B1, 0xBEBEB90E, 0xE0E0A080, 0x8A8A105D, 0x3B3B52D2, 0x6464BAD5, | ||
133 | 0xD8D888A0, 0xE7E7A584, 0x5F5FE807, 0x1B1B1114, 0x2C2CC2B5, 0xFCFCB490, | ||
134 | 0x3131272C, 0x808065A3, 0x73732AB2, 0x0C0C8173, 0x79795F4C, 0x6B6B4154, | ||
135 | 0x4B4B0292, 0x53536974, 0x94948F36, 0x83831F51, 0x2A2A3638, 0xC4C49CB0, | ||
136 | 0x2222C8BD, 0xD5D5F85A, 0xBDBDC3FC, 0x48487860, 0xFFFFCE62, 0x4C4C0796, | ||
137 | 0x4141776C, 0xC7C7E642, 0xEBEB24F7, 0x1C1C1410, 0x5D5D637C, 0x36362228, | ||
138 | 0x6767C027, 0xE9E9AF8C, 0x4444F913, 0x1414EA95, 0xF5F5BB9C, 0xCFCF18C7, | ||
139 | 0x3F3F2D24, 0xC0C0E346, 0x7272DB3B, 0x54546C70, 0x29294CCA, 0xF0F035E3, | ||
140 | 0x0808FE85, 0xC6C617CB, 0xF3F34F11, 0x8C8CE4D0, 0xA4A45993, 0xCACA96B8, | ||
141 | 0x68683BA6, 0xB8B84D83, 0x38382820, 0xE5E52EFF, 0xADAD569F, 0x0B0B8477, | ||
142 | 0xC8C81DC3, 0x9999FFCC, 0x5858ED03, 0x19199A6F, 0x0E0E0A08, 0x95957EBF, | ||
143 | 0x70705040, 0xF7F730E7, 0x6E6ECF2B, 0x1F1F6EE2, 0xB5B53D79, 0x09090F0C, | ||
144 | 0x616134AA, 0x57571682, 0x9F9F0B41, 0x9D9D803A, 0x111164EA, 0x2525CDB9, | ||
145 | 0xAFAFDDE4, 0x4545089A, 0xDFDF8DA4, 0xA3A35C97, 0xEAEAD57E, 0x353558DA, | ||
146 | 0xEDEDD07A, 0x4343FC17, 0xF8F8CB66, 0xFBFBB194, 0x3737D3A1, 0xFAFA401D, | ||
147 | 0xC2C2683D, 0xB4B4CCF0, 0x32325DDE, 0x9C9C71B3, 0x5656E70B, 0xE3E3DA72, | ||
148 | 0x878760A7, 0x15151B1C, 0xF9F93AEF, 0x6363BFD1, 0x3434A953, 0x9A9A853E, | ||
149 | 0xB1B1428F, 0x7C7CD133, 0x88889B26, 0x3D3DA65F, 0xA1A1D7EC, 0xE4E4DF76, | ||
150 | 0x8181942A, 0x91910149, 0x0F0FFB81, 0xEEEEAA88, 0x161661EE, 0xD7D77321, | ||
151 | 0x9797F5C4, 0xA5A5A81A, 0xFEFE3FEB, 0x6D6DB5D9, 0x7878AEC5, 0xC5C56D39, | ||
152 | 0x1D1DE599, 0x7676A4CD, 0x3E3EDCAD, 0xCBCB6731, 0xB6B6478B, 0xEFEF5B01, | ||
153 | 0x12121E18, 0x6060C523, 0x6A6AB0DD, 0x4D4DF61F, 0xCECEE94E, 0xDEDE7C2D, | ||
154 | 0x55559DF9, 0x7E7E5A48, 0x2121B24F, 0x03037AF2, 0xA0A02665, 0x5E5E198E, | ||
155 | 0x5A5A6678, 0x65654B5C, 0x62624E58, 0xFDFD4519, 0x0606F48D, 0x404086E5, | ||
156 | 0xF2F2BE98, 0x3333AC57, 0x17179067, 0x05058E7F, 0xE8E85E05, 0x4F4F7D64, | ||
157 | 0x89896AAF, 0x10109563, 0x74742FB6, 0x0A0A75FE, 0x5C5C92F5, 0x9B9B74B7, | ||
158 | 0x2D2D333C, 0x3030D6A5, 0x2E2E49CE, 0x494989E9, 0x46467268, 0x77775544, | ||
159 | 0xA8A8D8E0, 0x9696044D, 0x2828BD43, 0xA9A92969, 0xD9D97929, 0x8686912E, | ||
160 | 0xD1D187AC, 0xF4F44A15, 0x8D8D1559, 0xD6D682A8, 0xB9B9BC0A, 0x42420D9E, | ||
161 | 0xF6F6C16E, 0x2F2FB847, 0xDDDD06DF, 0x23233934, 0xCCCC6235, 0xF1F1C46A, | ||
162 | 0xC1C112CF, 0x8585EBDC, 0x8F8F9E22, 0x7171A1C9, 0x9090F0C0, 0xAAAA539B, | ||
163 | 0x0101F189, 0x8B8BE1D4, 0x4E4E8CED, 0x8E8E6FAB, 0xABABA212, 0x6F6F3EA2, | ||
164 | 0xE6E6540D, 0xDBDBF252, 0x92927BBB, 0xB7B7B602, 0x6969CA2F, 0x3939D9A9, | ||
165 | 0xD3D30CD7, 0xA7A72361, 0xA2A2AD1E, 0xC3C399B4, 0x6C6C4450, 0x07070504, | ||
166 | 0x04047FF6, 0x272746C2, 0xACACA716, 0xD0D07625, 0x50501386, 0xDCDCF756, | ||
167 | 0x84841A55, 0xE1E15109, 0x7A7A25BE, 0x1313EF91}, | ||
168 | |||
169 | { | ||
170 | 0xA9D93939, 0x67901717, 0xB3719C9C, 0xE8D2A6A6, 0x04050707, 0xFD985252, | ||
171 | 0xA3658080, 0x76DFE4E4, 0x9A084545, 0x92024B4B, 0x80A0E0E0, 0x78665A5A, | ||
172 | 0xE4DDAFAF, 0xDDB06A6A, 0xD1BF6363, 0x38362A2A, 0x0D54E6E6, 0xC6432020, | ||
173 | 0x3562CCCC, 0x98BEF2F2, 0x181E1212, 0xF724EBEB, 0xECD7A1A1, 0x6C774141, | ||
174 | 0x43BD2828, 0x7532BCBC, 0x37D47B7B, 0x269B8888, 0xFA700D0D, 0x13F94444, | ||
175 | 0x94B1FBFB, 0x485A7E7E, 0xF27A0303, 0xD0E48C8C, 0x8B47B6B6, 0x303C2424, | ||
176 | 0x84A5E7E7, 0x54416B6B, 0xDF06DDDD, 0x23C56060, 0x1945FDFD, 0x5BA33A3A, | ||
177 | 0x3D68C2C2, 0x59158D8D, 0xF321ECEC, 0xAE316666, 0xA23E6F6F, 0x82165757, | ||
178 | 0x63951010, 0x015BEFEF, 0x834DB8B8, 0x2E918686, 0xD9B56D6D, 0x511F8383, | ||
179 | 0x9B53AAAA, 0x7C635D5D, 0xA63B6868, 0xEB3FFEFE, 0xA5D63030, 0xBE257A7A, | ||
180 | 0x16A7ACAC, 0x0C0F0909, 0xE335F0F0, 0x6123A7A7, 0xC0F09090, 0x8CAFE9E9, | ||
181 | 0x3A809D9D, 0xF5925C5C, 0x73810C0C, 0x2C273131, 0x2576D0D0, 0x0BE75656, | ||
182 | 0xBB7B9292, 0x4EE9CECE, 0x89F10101, 0x6B9F1E1E, 0x53A93434, 0x6AC4F1F1, | ||
183 | 0xB499C3C3, 0xF1975B5B, 0xE1834747, 0xE66B1818, 0xBDC82222, 0x450E9898, | ||
184 | 0xE26E1F1F, 0xF4C9B3B3, 0xB62F7474, 0x66CBF8F8, 0xCCFF9999, 0x95EA1414, | ||
185 | 0x03ED5858, 0x56F7DCDC, 0xD4E18B8B, 0x1C1B1515, 0x1EADA2A2, 0xD70CD3D3, | ||
186 | 0xFB2BE2E2, 0xC31DC8C8, 0x8E195E5E, 0xB5C22C2C, 0xE9894949, 0xCF12C1C1, | ||
187 | 0xBF7E9595, 0xBA207D7D, 0xEA641111, 0x77840B0B, 0x396DC5C5, 0xAF6A8989, | ||
188 | 0x33D17C7C, 0xC9A17171, 0x62CEFFFF, 0x7137BBBB, 0x81FB0F0F, 0x793DB5B5, | ||
189 | 0x0951E1E1, 0xADDC3E3E, 0x242D3F3F, 0xCDA47676, 0xF99D5555, 0xD8EE8282, | ||
190 | 0xE5864040, 0xC5AE7878, 0xB9CD2525, 0x4D049696, 0x44557777, 0x080A0E0E, | ||
191 | 0x86135050, 0xE730F7F7, 0xA1D33737, 0x1D40FAFA, 0xAA346161, 0xED8C4E4E, | ||
192 | 0x06B3B0B0, 0x706C5454, 0xB22A7373, 0xD2523B3B, 0x410B9F9F, 0x7B8B0202, | ||
193 | 0xA088D8D8, 0x114FF3F3, 0x3167CBCB, 0xC2462727, 0x27C06767, 0x90B4FCFC, | ||
194 | 0x20283838, 0xF67F0404, 0x60784848, 0xFF2EE5E5, 0x96074C4C, 0x5C4B6565, | ||
195 | 0xB1C72B2B, 0xAB6F8E8E, 0x9E0D4242, 0x9CBBF5F5, 0x52F2DBDB, 0x1BF34A4A, | ||
196 | 0x5FA63D3D, 0x9359A4A4, 0x0ABCB9B9, 0xEF3AF9F9, 0x91EF1313, 0x85FE0808, | ||
197 | 0x49019191, 0xEE611616, 0x2D7CDEDE, 0x4FB22121, 0x8F42B1B1, 0x3BDB7272, | ||
198 | 0x47B82F2F, 0x8748BFBF, 0x6D2CAEAE, 0x46E3C0C0, 0xD6573C3C, 0x3E859A9A, | ||
199 | 0x6929A9A9, 0x647D4F4F, 0x2A948181, 0xCE492E2E, 0xCB17C6C6, 0x2FCA6969, | ||
200 | 0xFCC3BDBD, 0x975CA3A3, 0x055EE8E8, 0x7AD0EDED, 0xAC87D1D1, 0x7F8E0505, | ||
201 | 0xD5BA6464, 0x1AA8A5A5, 0x4BB72626, 0x0EB9BEBE, 0xA7608787, 0x5AF8D5D5, | ||
202 | 0x28223636, 0x14111B1B, 0x3FDE7575, 0x2979D9D9, 0x88AAEEEE, 0x3C332D2D, | ||
203 | 0x4C5F7979, 0x02B6B7B7, 0xB896CACA, 0xDA583535, 0xB09CC4C4, 0x17FC4343, | ||
204 | 0x551A8484, 0x1FF64D4D, 0x8A1C5959, 0x7D38B2B2, 0x57AC3333, 0xC718CFCF, | ||
205 | 0x8DF40606, 0x74695353, 0xB7749B9B, 0xC4F59797, 0x9F56ADAD, 0x72DAE3E3, | ||
206 | 0x7ED5EAEA, 0x154AF4F4, 0x229E8F8F, 0x12A2ABAB, 0x584E6262, 0x07E85F5F, | ||
207 | 0x99E51D1D, 0x34392323, 0x6EC1F6F6, 0x50446C6C, 0xDE5D3232, 0x68724646, | ||
208 | 0x6526A0A0, 0xBC93CDCD, 0xDB03DADA, 0xF8C6BABA, 0xC8FA9E9E, 0xA882D6D6, | ||
209 | 0x2BCF6E6E, 0x40507070, 0xDCEB8585, 0xFE750A0A, 0x328A9393, 0xA48DDFDF, | ||
210 | 0xCA4C2929, 0x10141C1C, 0x2173D7D7, 0xF0CCB4B4, 0xD309D4D4, 0x5D108A8A, | ||
211 | 0x0FE25151, 0x00000000, 0x6F9A1919, 0x9DE01A1A, 0x368F9494, 0x42E6C7C7, | ||
212 | 0x4AECC9C9, 0x5EFDD2D2, 0xC1AB7F7F, 0xE0D8A8A8}, | ||
213 | |||
214 | { | ||
215 | 0xBC75BC32, 0xECF3EC21, 0x20C62043, 0xB3F4B3C9, 0xDADBDA03, 0x027B028B, | ||
216 | 0xE2FBE22B, 0x9EC89EFA, 0xC94AC9EC, 0xD4D3D409, 0x18E6186B, 0x1E6B1E9F, | ||
217 | 0x9845980E, 0xB27DB238, 0xA6E8A6D2, 0x264B26B7, 0x3CD63C57, 0x9332938A, | ||
218 | 0x82D882EE, 0x52FD5298, 0x7B377BD4, 0xBB71BB37, 0x5BF15B97, 0x47E14783, | ||
219 | 0x2430243C, 0x510F51E2, 0xBAF8BAC6, 0x4A1B4AF3, 0xBF87BF48, 0x0DFA0D70, | ||
220 | 0xB006B0B3, 0x753F75DE, 0xD25ED2FD, 0x7DBA7D20, 0x66AE6631, 0x3A5B3AA3, | ||
221 | 0x598A591C, 0x00000000, 0xCDBCCD93, 0x1A9D1AE0, 0xAE6DAE2C, 0x7FC17FAB, | ||
222 | 0x2BB12BC7, 0xBE0EBEB9, 0xE080E0A0, 0x8A5D8A10, 0x3BD23B52, 0x64D564BA, | ||
223 | 0xD8A0D888, 0xE784E7A5, 0x5F075FE8, 0x1B141B11, 0x2CB52CC2, 0xFC90FCB4, | ||
224 | 0x312C3127, 0x80A38065, 0x73B2732A, 0x0C730C81, 0x794C795F, 0x6B546B41, | ||
225 | 0x4B924B02, 0x53745369, 0x9436948F, 0x8351831F, 0x2A382A36, 0xC4B0C49C, | ||
226 | 0x22BD22C8, 0xD55AD5F8, 0xBDFCBDC3, 0x48604878, 0xFF62FFCE, 0x4C964C07, | ||
227 | 0x416C4177, 0xC742C7E6, 0xEBF7EB24, 0x1C101C14, 0x5D7C5D63, 0x36283622, | ||
228 | 0x672767C0, 0xE98CE9AF, 0x441344F9, 0x149514EA, 0xF59CF5BB, 0xCFC7CF18, | ||
229 | 0x3F243F2D, 0xC046C0E3, 0x723B72DB, 0x5470546C, 0x29CA294C, 0xF0E3F035, | ||
230 | 0x088508FE, 0xC6CBC617, 0xF311F34F, 0x8CD08CE4, 0xA493A459, 0xCAB8CA96, | ||
231 | 0x68A6683B, 0xB883B84D, 0x38203828, 0xE5FFE52E, 0xAD9FAD56, 0x0B770B84, | ||
232 | 0xC8C3C81D, 0x99CC99FF, 0x580358ED, 0x196F199A, 0x0E080E0A, 0x95BF957E, | ||
233 | 0x70407050, 0xF7E7F730, 0x6E2B6ECF, 0x1FE21F6E, 0xB579B53D, 0x090C090F, | ||
234 | 0x61AA6134, 0x57825716, 0x9F419F0B, 0x9D3A9D80, 0x11EA1164, 0x25B925CD, | ||
235 | 0xAFE4AFDD, 0x459A4508, 0xDFA4DF8D, 0xA397A35C, 0xEA7EEAD5, 0x35DA3558, | ||
236 | 0xED7AEDD0, 0x431743FC, 0xF866F8CB, 0xFB94FBB1, 0x37A137D3, 0xFA1DFA40, | ||
237 | 0xC23DC268, 0xB4F0B4CC, 0x32DE325D, 0x9CB39C71, 0x560B56E7, 0xE372E3DA, | ||
238 | 0x87A78760, 0x151C151B, 0xF9EFF93A, 0x63D163BF, 0x345334A9, 0x9A3E9A85, | ||
239 | 0xB18FB142, 0x7C337CD1, 0x8826889B, 0x3D5F3DA6, 0xA1ECA1D7, 0xE476E4DF, | ||
240 | 0x812A8194, 0x91499101, 0x0F810FFB, 0xEE88EEAA, 0x16EE1661, 0xD721D773, | ||
241 | 0x97C497F5, 0xA51AA5A8, 0xFEEBFE3F, 0x6DD96DB5, 0x78C578AE, 0xC539C56D, | ||
242 | 0x1D991DE5, 0x76CD76A4, 0x3EAD3EDC, 0xCB31CB67, 0xB68BB647, 0xEF01EF5B, | ||
243 | 0x1218121E, 0x602360C5, 0x6ADD6AB0, 0x4D1F4DF6, 0xCE4ECEE9, 0xDE2DDE7C, | ||
244 | 0x55F9559D, 0x7E487E5A, 0x214F21B2, 0x03F2037A, 0xA065A026, 0x5E8E5E19, | ||
245 | 0x5A785A66, 0x655C654B, 0x6258624E, 0xFD19FD45, 0x068D06F4, 0x40E54086, | ||
246 | 0xF298F2BE, 0x335733AC, 0x17671790, 0x057F058E, 0xE805E85E, 0x4F644F7D, | ||
247 | 0x89AF896A, 0x10631095, 0x74B6742F, 0x0AFE0A75, 0x5CF55C92, 0x9BB79B74, | ||
248 | 0x2D3C2D33, 0x30A530D6, 0x2ECE2E49, 0x49E94989, 0x46684672, 0x77447755, | ||
249 | 0xA8E0A8D8, 0x964D9604, 0x284328BD, 0xA969A929, 0xD929D979, 0x862E8691, | ||
250 | 0xD1ACD187, 0xF415F44A, 0x8D598D15, 0xD6A8D682, 0xB90AB9BC, 0x429E420D, | ||
251 | 0xF66EF6C1, 0x2F472FB8, 0xDDDFDD06, 0x23342339, 0xCC35CC62, 0xF16AF1C4, | ||
252 | 0xC1CFC112, 0x85DC85EB, 0x8F228F9E, 0x71C971A1, 0x90C090F0, 0xAA9BAA53, | ||
253 | 0x018901F1, 0x8BD48BE1, 0x4EED4E8C, 0x8EAB8E6F, 0xAB12ABA2, 0x6FA26F3E, | ||
254 | 0xE60DE654, 0xDB52DBF2, 0x92BB927B, 0xB702B7B6, 0x692F69CA, 0x39A939D9, | ||
255 | 0xD3D7D30C, 0xA761A723, 0xA21EA2AD, 0xC3B4C399, 0x6C506C44, 0x07040705, | ||
256 | 0x04F6047F, 0x27C22746, 0xAC16ACA7, 0xD025D076, 0x50865013, 0xDC56DCF7, | ||
257 | 0x8455841A, 0xE109E151, 0x7ABE7A25, 0x139113EF}, | ||
258 | |||
259 | { | ||
260 | 0xD939A9D9, 0x90176790, 0x719CB371, 0xD2A6E8D2, 0x05070405, 0x9852FD98, | ||
261 | 0x6580A365, 0xDFE476DF, 0x08459A08, 0x024B9202, 0xA0E080A0, 0x665A7866, | ||
262 | 0xDDAFE4DD, 0xB06ADDB0, 0xBF63D1BF, 0x362A3836, 0x54E60D54, 0x4320C643, | ||
263 | 0x62CC3562, 0xBEF298BE, 0x1E12181E, 0x24EBF724, 0xD7A1ECD7, 0x77416C77, | ||
264 | 0xBD2843BD, 0x32BC7532, 0xD47B37D4, 0x9B88269B, 0x700DFA70, 0xF94413F9, | ||
265 | 0xB1FB94B1, 0x5A7E485A, 0x7A03F27A, 0xE48CD0E4, 0x47B68B47, 0x3C24303C, | ||
266 | 0xA5E784A5, 0x416B5441, 0x06DDDF06, 0xC56023C5, 0x45FD1945, 0xA33A5BA3, | ||
267 | 0x68C23D68, 0x158D5915, 0x21ECF321, 0x3166AE31, 0x3E6FA23E, 0x16578216, | ||
268 | 0x95106395, 0x5BEF015B, 0x4DB8834D, 0x91862E91, 0xB56DD9B5, 0x1F83511F, | ||
269 | 0x53AA9B53, 0x635D7C63, 0x3B68A63B, 0x3FFEEB3F, 0xD630A5D6, 0x257ABE25, | ||
270 | 0xA7AC16A7, 0x0F090C0F, 0x35F0E335, 0x23A76123, 0xF090C0F0, 0xAFE98CAF, | ||
271 | 0x809D3A80, 0x925CF592, 0x810C7381, 0x27312C27, 0x76D02576, 0xE7560BE7, | ||
272 | 0x7B92BB7B, 0xE9CE4EE9, 0xF10189F1, 0x9F1E6B9F, 0xA93453A9, 0xC4F16AC4, | ||
273 | 0x99C3B499, 0x975BF197, 0x8347E183, 0x6B18E66B, 0xC822BDC8, 0x0E98450E, | ||
274 | 0x6E1FE26E, 0xC9B3F4C9, 0x2F74B62F, 0xCBF866CB, 0xFF99CCFF, 0xEA1495EA, | ||
275 | 0xED5803ED, 0xF7DC56F7, 0xE18BD4E1, 0x1B151C1B, 0xADA21EAD, 0x0CD3D70C, | ||
276 | 0x2BE2FB2B, 0x1DC8C31D, 0x195E8E19, 0xC22CB5C2, 0x8949E989, 0x12C1CF12, | ||
277 | 0x7E95BF7E, 0x207DBA20, 0x6411EA64, 0x840B7784, 0x6DC5396D, 0x6A89AF6A, | ||
278 | 0xD17C33D1, 0xA171C9A1, 0xCEFF62CE, 0x37BB7137, 0xFB0F81FB, 0x3DB5793D, | ||
279 | 0x51E10951, 0xDC3EADDC, 0x2D3F242D, 0xA476CDA4, 0x9D55F99D, 0xEE82D8EE, | ||
280 | 0x8640E586, 0xAE78C5AE, 0xCD25B9CD, 0x04964D04, 0x55774455, 0x0A0E080A, | ||
281 | 0x13508613, 0x30F7E730, 0xD337A1D3, 0x40FA1D40, 0x3461AA34, 0x8C4EED8C, | ||
282 | 0xB3B006B3, 0x6C54706C, 0x2A73B22A, 0x523BD252, 0x0B9F410B, 0x8B027B8B, | ||
283 | 0x88D8A088, 0x4FF3114F, 0x67CB3167, 0x4627C246, 0xC06727C0, 0xB4FC90B4, | ||
284 | 0x28382028, 0x7F04F67F, 0x78486078, 0x2EE5FF2E, 0x074C9607, 0x4B655C4B, | ||
285 | 0xC72BB1C7, 0x6F8EAB6F, 0x0D429E0D, 0xBBF59CBB, 0xF2DB52F2, 0xF34A1BF3, | ||
286 | 0xA63D5FA6, 0x59A49359, 0xBCB90ABC, 0x3AF9EF3A, 0xEF1391EF, 0xFE0885FE, | ||
287 | 0x01914901, 0x6116EE61, 0x7CDE2D7C, 0xB2214FB2, 0x42B18F42, 0xDB723BDB, | ||
288 | 0xB82F47B8, 0x48BF8748, 0x2CAE6D2C, 0xE3C046E3, 0x573CD657, 0x859A3E85, | ||
289 | 0x29A96929, 0x7D4F647D, 0x94812A94, 0x492ECE49, 0x17C6CB17, 0xCA692FCA, | ||
290 | 0xC3BDFCC3, 0x5CA3975C, 0x5EE8055E, 0xD0ED7AD0, 0x87D1AC87, 0x8E057F8E, | ||
291 | 0xBA64D5BA, 0xA8A51AA8, 0xB7264BB7, 0xB9BE0EB9, 0x6087A760, 0xF8D55AF8, | ||
292 | 0x22362822, 0x111B1411, 0xDE753FDE, 0x79D92979, 0xAAEE88AA, 0x332D3C33, | ||
293 | 0x5F794C5F, 0xB6B702B6, 0x96CAB896, 0x5835DA58, 0x9CC4B09C, 0xFC4317FC, | ||
294 | 0x1A84551A, 0xF64D1FF6, 0x1C598A1C, 0x38B27D38, 0xAC3357AC, 0x18CFC718, | ||
295 | 0xF4068DF4, 0x69537469, 0x749BB774, 0xF597C4F5, 0x56AD9F56, 0xDAE372DA, | ||
296 | 0xD5EA7ED5, 0x4AF4154A, 0x9E8F229E, 0xA2AB12A2, 0x4E62584E, 0xE85F07E8, | ||
297 | 0xE51D99E5, 0x39233439, 0xC1F66EC1, 0x446C5044, 0x5D32DE5D, 0x72466872, | ||
298 | 0x26A06526, 0x93CDBC93, 0x03DADB03, 0xC6BAF8C6, 0xFA9EC8FA, 0x82D6A882, | ||
299 | 0xCF6E2BCF, 0x50704050, 0xEB85DCEB, 0x750AFE75, 0x8A93328A, 0x8DDFA48D, | ||
300 | 0x4C29CA4C, 0x141C1014, 0x73D72173, 0xCCB4F0CC, 0x09D4D309, 0x108A5D10, | ||
301 | 0xE2510FE2, 0x00000000, 0x9A196F9A, 0xE01A9DE0, 0x8F94368F, 0xE6C742E6, | ||
302 | 0xECC94AEC, 0xFDD25EFD, 0xAB7FC1AB, 0xD8A8E0D8} | ||
303 | }; | ||
304 | |||
305 | /* The exp_to_poly and poly_to_exp tables are used to perform efficient | ||
306 | * operations in GF(2^8) represented as GF(2)[x]/w(x) where | ||
307 | * w(x)=x^8+x^6+x^3+x^2+1. We care about doing that because it's part of the | ||
308 | * definition of the RS matrix in the key schedule. Elements of that field | ||
309 | * are polynomials of degree not greater than 7 and all coefficients 0 or 1, | ||
310 | * which can be represented naturally by bytes (just substitute x=2). In that | ||
311 | * form, GF(2^8) addition is the same as bitwise XOR, but GF(2^8) | ||
312 | * multiplication is inefficient without hardware support. To multiply | ||
313 | * faster, I make use of the fact x is a generator for the nonzero elements, | ||
314 | * so that every element p of GF(2)[x]/w(x) is either 0 or equal to (x)^n for | ||
315 | * some n in 0..254. Note that that caret is exponentiation in GF(2^8), | ||
316 | * *not* polynomial notation. So if I want to compute pq where p and q are | ||
317 | * in GF(2^8), I can just say: | ||
318 | * 1. if p=0 or q=0 then pq=0 | ||
319 | * 2. otherwise, find m and n such that p=x^m and q=x^n | ||
320 | * 3. pq=(x^m)(x^n)=x^(m+n), so add m and n and find pq | ||
321 | * The translations in steps 2 and 3 are looked up in the tables | ||
322 | * poly_to_exp (for step 2) and exp_to_poly (for step 3). To see this | ||
323 | * in action, look at the CALC_S macro. As additional wrinkles, note that | ||
324 | * one of my operands is always a constant, so the poly_to_exp lookup on it | ||
325 | * is done in advance; I included the original values in the comments so | ||
326 | * readers can have some chance of recognizing that this *is* the RS matrix | ||
327 | * from the Twofish paper. I've only included the table entries I actually | ||
328 | * need; I never do a lookup on a variable input of zero and the biggest | ||
329 | * exponents I'll ever see are 254 (variable) and 237 (constant), so they'll | ||
330 | * never sum to more than 491. I'm repeating part of the exp_to_poly table | ||
331 | * so that I don't have to do mod-255 reduction in the exponent arithmetic. | ||
332 | * Since I know my constant operands are never zero, I only have to worry | ||
333 | * about zero values in the variable operand, and I do it with a simple | ||
334 | * conditional branch. I know conditionals are expensive, but I couldn't | ||
335 | * see a non-horrible way of avoiding them, and I did manage to group the | ||
336 | * statements so that each if covers four group multiplications. */ | ||
337 | |||
338 | static const u8 poly_to_exp[255] = { | ||
339 | 0x00, 0x01, 0x17, 0x02, 0x2E, 0x18, 0x53, 0x03, 0x6A, 0x2F, 0x93, 0x19, | ||
340 | 0x34, 0x54, 0x45, 0x04, 0x5C, 0x6B, 0xB6, 0x30, 0xA6, 0x94, 0x4B, 0x1A, | ||
341 | 0x8C, 0x35, 0x81, 0x55, 0xAA, 0x46, 0x0D, 0x05, 0x24, 0x5D, 0x87, 0x6C, | ||
342 | 0x9B, 0xB7, 0xC1, 0x31, 0x2B, 0xA7, 0xA3, 0x95, 0x98, 0x4C, 0xCA, 0x1B, | ||
343 | 0xE6, 0x8D, 0x73, 0x36, 0xCD, 0x82, 0x12, 0x56, 0x62, 0xAB, 0xF0, 0x47, | ||
344 | 0x4F, 0x0E, 0xBD, 0x06, 0xD4, 0x25, 0xD2, 0x5E, 0x27, 0x88, 0x66, 0x6D, | ||
345 | 0xD6, 0x9C, 0x79, 0xB8, 0x08, 0xC2, 0xDF, 0x32, 0x68, 0x2C, 0xFD, 0xA8, | ||
346 | 0x8A, 0xA4, 0x5A, 0x96, 0x29, 0x99, 0x22, 0x4D, 0x60, 0xCB, 0xE4, 0x1C, | ||
347 | 0x7B, 0xE7, 0x3B, 0x8E, 0x9E, 0x74, 0xF4, 0x37, 0xD8, 0xCE, 0xF9, 0x83, | ||
348 | 0x6F, 0x13, 0xB2, 0x57, 0xE1, 0x63, 0xDC, 0xAC, 0xC4, 0xF1, 0xAF, 0x48, | ||
349 | 0x0A, 0x50, 0x42, 0x0F, 0xBA, 0xBE, 0xC7, 0x07, 0xDE, 0xD5, 0x78, 0x26, | ||
350 | 0x65, 0xD3, 0xD1, 0x5F, 0xE3, 0x28, 0x21, 0x89, 0x59, 0x67, 0xFC, 0x6E, | ||
351 | 0xB1, 0xD7, 0xF8, 0x9D, 0xF3, 0x7A, 0x3A, 0xB9, 0xC6, 0x09, 0x41, 0xC3, | ||
352 | 0xAE, 0xE0, 0xDB, 0x33, 0x44, 0x69, 0x92, 0x2D, 0x52, 0xFE, 0x16, 0xA9, | ||
353 | 0x0C, 0x8B, 0x80, 0xA5, 0x4A, 0x5B, 0xB5, 0x97, 0xC9, 0x2A, 0xA2, 0x9A, | ||
354 | 0xC0, 0x23, 0x86, 0x4E, 0xBC, 0x61, 0xEF, 0xCC, 0x11, 0xE5, 0x72, 0x1D, | ||
355 | 0x3D, 0x7C, 0xEB, 0xE8, 0xE9, 0x3C, 0xEA, 0x8F, 0x7D, 0x9F, 0xEC, 0x75, | ||
356 | 0x1E, 0xF5, 0x3E, 0x38, 0xF6, 0xD9, 0x3F, 0xCF, 0x76, 0xFA, 0x1F, 0x84, | ||
357 | 0xA0, 0x70, 0xED, 0x14, 0x90, 0xB3, 0x7E, 0x58, 0xFB, 0xE2, 0x20, 0x64, | ||
358 | 0xD0, 0xDD, 0x77, 0xAD, 0xDA, 0xC5, 0x40, 0xF2, 0x39, 0xB0, 0xF7, 0x49, | ||
359 | 0xB4, 0x0B, 0x7F, 0x51, 0x15, 0x43, 0x91, 0x10, 0x71, 0xBB, 0xEE, 0xBF, | ||
360 | 0x85, 0xC8, 0xA1 | ||
361 | }; | ||
362 | |||
363 | static const u8 exp_to_poly[492] = { | ||
364 | 0x01, 0x02, 0x04, 0x08, 0x10, 0x20, 0x40, 0x80, 0x4D, 0x9A, 0x79, 0xF2, | ||
365 | 0xA9, 0x1F, 0x3E, 0x7C, 0xF8, 0xBD, 0x37, 0x6E, 0xDC, 0xF5, 0xA7, 0x03, | ||
366 | 0x06, 0x0C, 0x18, 0x30, 0x60, 0xC0, 0xCD, 0xD7, 0xE3, 0x8B, 0x5B, 0xB6, | ||
367 | 0x21, 0x42, 0x84, 0x45, 0x8A, 0x59, 0xB2, 0x29, 0x52, 0xA4, 0x05, 0x0A, | ||
368 | 0x14, 0x28, 0x50, 0xA0, 0x0D, 0x1A, 0x34, 0x68, 0xD0, 0xED, 0x97, 0x63, | ||
369 | 0xC6, 0xC1, 0xCF, 0xD3, 0xEB, 0x9B, 0x7B, 0xF6, 0xA1, 0x0F, 0x1E, 0x3C, | ||
370 | 0x78, 0xF0, 0xAD, 0x17, 0x2E, 0x5C, 0xB8, 0x3D, 0x7A, 0xF4, 0xA5, 0x07, | ||
371 | 0x0E, 0x1C, 0x38, 0x70, 0xE0, 0x8D, 0x57, 0xAE, 0x11, 0x22, 0x44, 0x88, | ||
372 | 0x5D, 0xBA, 0x39, 0x72, 0xE4, 0x85, 0x47, 0x8E, 0x51, 0xA2, 0x09, 0x12, | ||
373 | 0x24, 0x48, 0x90, 0x6D, 0xDA, 0xF9, 0xBF, 0x33, 0x66, 0xCC, 0xD5, 0xE7, | ||
374 | 0x83, 0x4B, 0x96, 0x61, 0xC2, 0xC9, 0xDF, 0xF3, 0xAB, 0x1B, 0x36, 0x6C, | ||
375 | 0xD8, 0xFD, 0xB7, 0x23, 0x46, 0x8C, 0x55, 0xAA, 0x19, 0x32, 0x64, 0xC8, | ||
376 | 0xDD, 0xF7, 0xA3, 0x0B, 0x16, 0x2C, 0x58, 0xB0, 0x2D, 0x5A, 0xB4, 0x25, | ||
377 | 0x4A, 0x94, 0x65, 0xCA, 0xD9, 0xFF, 0xB3, 0x2B, 0x56, 0xAC, 0x15, 0x2A, | ||
378 | 0x54, 0xA8, 0x1D, 0x3A, 0x74, 0xE8, 0x9D, 0x77, 0xEE, 0x91, 0x6F, 0xDE, | ||
379 | 0xF1, 0xAF, 0x13, 0x26, 0x4C, 0x98, 0x7D, 0xFA, 0xB9, 0x3F, 0x7E, 0xFC, | ||
380 | 0xB5, 0x27, 0x4E, 0x9C, 0x75, 0xEA, 0x99, 0x7F, 0xFE, 0xB1, 0x2F, 0x5E, | ||
381 | 0xBC, 0x35, 0x6A, 0xD4, 0xE5, 0x87, 0x43, 0x86, 0x41, 0x82, 0x49, 0x92, | ||
382 | 0x69, 0xD2, 0xE9, 0x9F, 0x73, 0xE6, 0x81, 0x4F, 0x9E, 0x71, 0xE2, 0x89, | ||
383 | 0x5F, 0xBE, 0x31, 0x62, 0xC4, 0xC5, 0xC7, 0xC3, 0xCB, 0xDB, 0xFB, 0xBB, | ||
384 | 0x3B, 0x76, 0xEC, 0x95, 0x67, 0xCE, 0xD1, 0xEF, 0x93, 0x6B, 0xD6, 0xE1, | ||
385 | 0x8F, 0x53, 0xA6, 0x01, 0x02, 0x04, 0x08, 0x10, 0x20, 0x40, 0x80, 0x4D, | ||
386 | 0x9A, 0x79, 0xF2, 0xA9, 0x1F, 0x3E, 0x7C, 0xF8, 0xBD, 0x37, 0x6E, 0xDC, | ||
387 | 0xF5, 0xA7, 0x03, 0x06, 0x0C, 0x18, 0x30, 0x60, 0xC0, 0xCD, 0xD7, 0xE3, | ||
388 | 0x8B, 0x5B, 0xB6, 0x21, 0x42, 0x84, 0x45, 0x8A, 0x59, 0xB2, 0x29, 0x52, | ||
389 | 0xA4, 0x05, 0x0A, 0x14, 0x28, 0x50, 0xA0, 0x0D, 0x1A, 0x34, 0x68, 0xD0, | ||
390 | 0xED, 0x97, 0x63, 0xC6, 0xC1, 0xCF, 0xD3, 0xEB, 0x9B, 0x7B, 0xF6, 0xA1, | ||
391 | 0x0F, 0x1E, 0x3C, 0x78, 0xF0, 0xAD, 0x17, 0x2E, 0x5C, 0xB8, 0x3D, 0x7A, | ||
392 | 0xF4, 0xA5, 0x07, 0x0E, 0x1C, 0x38, 0x70, 0xE0, 0x8D, 0x57, 0xAE, 0x11, | ||
393 | 0x22, 0x44, 0x88, 0x5D, 0xBA, 0x39, 0x72, 0xE4, 0x85, 0x47, 0x8E, 0x51, | ||
394 | 0xA2, 0x09, 0x12, 0x24, 0x48, 0x90, 0x6D, 0xDA, 0xF9, 0xBF, 0x33, 0x66, | ||
395 | 0xCC, 0xD5, 0xE7, 0x83, 0x4B, 0x96, 0x61, 0xC2, 0xC9, 0xDF, 0xF3, 0xAB, | ||
396 | 0x1B, 0x36, 0x6C, 0xD8, 0xFD, 0xB7, 0x23, 0x46, 0x8C, 0x55, 0xAA, 0x19, | ||
397 | 0x32, 0x64, 0xC8, 0xDD, 0xF7, 0xA3, 0x0B, 0x16, 0x2C, 0x58, 0xB0, 0x2D, | ||
398 | 0x5A, 0xB4, 0x25, 0x4A, 0x94, 0x65, 0xCA, 0xD9, 0xFF, 0xB3, 0x2B, 0x56, | ||
399 | 0xAC, 0x15, 0x2A, 0x54, 0xA8, 0x1D, 0x3A, 0x74, 0xE8, 0x9D, 0x77, 0xEE, | ||
400 | 0x91, 0x6F, 0xDE, 0xF1, 0xAF, 0x13, 0x26, 0x4C, 0x98, 0x7D, 0xFA, 0xB9, | ||
401 | 0x3F, 0x7E, 0xFC, 0xB5, 0x27, 0x4E, 0x9C, 0x75, 0xEA, 0x99, 0x7F, 0xFE, | ||
402 | 0xB1, 0x2F, 0x5E, 0xBC, 0x35, 0x6A, 0xD4, 0xE5, 0x87, 0x43, 0x86, 0x41, | ||
403 | 0x82, 0x49, 0x92, 0x69, 0xD2, 0xE9, 0x9F, 0x73, 0xE6, 0x81, 0x4F, 0x9E, | ||
404 | 0x71, 0xE2, 0x89, 0x5F, 0xBE, 0x31, 0x62, 0xC4, 0xC5, 0xC7, 0xC3, 0xCB | ||
405 | }; | ||
406 | |||
407 | |||
408 | /* The table constants are indices of | ||
409 | * S-box entries, preprocessed through q0 and q1. */ | ||
410 | static const u8 calc_sb_tbl[512] = { | ||
411 | 0xA9, 0x75, 0x67, 0xF3, 0xB3, 0xC6, 0xE8, 0xF4, | ||
412 | 0x04, 0xDB, 0xFD, 0x7B, 0xA3, 0xFB, 0x76, 0xC8, | ||
413 | 0x9A, 0x4A, 0x92, 0xD3, 0x80, 0xE6, 0x78, 0x6B, | ||
414 | 0xE4, 0x45, 0xDD, 0x7D, 0xD1, 0xE8, 0x38, 0x4B, | ||
415 | 0x0D, 0xD6, 0xC6, 0x32, 0x35, 0xD8, 0x98, 0xFD, | ||
416 | 0x18, 0x37, 0xF7, 0x71, 0xEC, 0xF1, 0x6C, 0xE1, | ||
417 | 0x43, 0x30, 0x75, 0x0F, 0x37, 0xF8, 0x26, 0x1B, | ||
418 | 0xFA, 0x87, 0x13, 0xFA, 0x94, 0x06, 0x48, 0x3F, | ||
419 | 0xF2, 0x5E, 0xD0, 0xBA, 0x8B, 0xAE, 0x30, 0x5B, | ||
420 | 0x84, 0x8A, 0x54, 0x00, 0xDF, 0xBC, 0x23, 0x9D, | ||
421 | 0x19, 0x6D, 0x5B, 0xC1, 0x3D, 0xB1, 0x59, 0x0E, | ||
422 | 0xF3, 0x80, 0xAE, 0x5D, 0xA2, 0xD2, 0x82, 0xD5, | ||
423 | 0x63, 0xA0, 0x01, 0x84, 0x83, 0x07, 0x2E, 0x14, | ||
424 | 0xD9, 0xB5, 0x51, 0x90, 0x9B, 0x2C, 0x7C, 0xA3, | ||
425 | 0xA6, 0xB2, 0xEB, 0x73, 0xA5, 0x4C, 0xBE, 0x54, | ||
426 | 0x16, 0x92, 0x0C, 0x74, 0xE3, 0x36, 0x61, 0x51, | ||
427 | 0xC0, 0x38, 0x8C, 0xB0, 0x3A, 0xBD, 0xF5, 0x5A, | ||
428 | 0x73, 0xFC, 0x2C, 0x60, 0x25, 0x62, 0x0B, 0x96, | ||
429 | 0xBB, 0x6C, 0x4E, 0x42, 0x89, 0xF7, 0x6B, 0x10, | ||
430 | 0x53, 0x7C, 0x6A, 0x28, 0xB4, 0x27, 0xF1, 0x8C, | ||
431 | 0xE1, 0x13, 0xE6, 0x95, 0xBD, 0x9C, 0x45, 0xC7, | ||
432 | 0xE2, 0x24, 0xF4, 0x46, 0xB6, 0x3B, 0x66, 0x70, | ||
433 | 0xCC, 0xCA, 0x95, 0xE3, 0x03, 0x85, 0x56, 0xCB, | ||
434 | 0xD4, 0x11, 0x1C, 0xD0, 0x1E, 0x93, 0xD7, 0xB8, | ||
435 | 0xFB, 0xA6, 0xC3, 0x83, 0x8E, 0x20, 0xB5, 0xFF, | ||
436 | 0xE9, 0x9F, 0xCF, 0x77, 0xBF, 0xC3, 0xBA, 0xCC, | ||
437 | 0xEA, 0x03, 0x77, 0x6F, 0x39, 0x08, 0xAF, 0xBF, | ||
438 | 0x33, 0x40, 0xC9, 0xE7, 0x62, 0x2B, 0x71, 0xE2, | ||
439 | 0x81, 0x79, 0x79, 0x0C, 0x09, 0xAA, 0xAD, 0x82, | ||
440 | 0x24, 0x41, 0xCD, 0x3A, 0xF9, 0xEA, 0xD8, 0xB9, | ||
441 | 0xE5, 0xE4, 0xC5, 0x9A, 0xB9, 0xA4, 0x4D, 0x97, | ||
442 | 0x44, 0x7E, 0x08, 0xDA, 0x86, 0x7A, 0xE7, 0x17, | ||
443 | 0xA1, 0x66, 0x1D, 0x94, 0xAA, 0xA1, 0xED, 0x1D, | ||
444 | 0x06, 0x3D, 0x70, 0xF0, 0xB2, 0xDE, 0xD2, 0xB3, | ||
445 | 0x41, 0x0B, 0x7B, 0x72, 0xA0, 0xA7, 0x11, 0x1C, | ||
446 | 0x31, 0xEF, 0xC2, 0xD1, 0x27, 0x53, 0x90, 0x3E, | ||
447 | 0x20, 0x8F, 0xF6, 0x33, 0x60, 0x26, 0xFF, 0x5F, | ||
448 | 0x96, 0xEC, 0x5C, 0x76, 0xB1, 0x2A, 0xAB, 0x49, | ||
449 | 0x9E, 0x81, 0x9C, 0x88, 0x52, 0xEE, 0x1B, 0x21, | ||
450 | 0x5F, 0xC4, 0x93, 0x1A, 0x0A, 0xEB, 0xEF, 0xD9, | ||
451 | 0x91, 0xC5, 0x85, 0x39, 0x49, 0x99, 0xEE, 0xCD, | ||
452 | 0x2D, 0xAD, 0x4F, 0x31, 0x8F, 0x8B, 0x3B, 0x01, | ||
453 | 0x47, 0x18, 0x87, 0x23, 0x6D, 0xDD, 0x46, 0x1F, | ||
454 | 0xD6, 0x4E, 0x3E, 0x2D, 0x69, 0xF9, 0x64, 0x48, | ||
455 | 0x2A, 0x4F, 0xCE, 0xF2, 0xCB, 0x65, 0x2F, 0x8E, | ||
456 | 0xFC, 0x78, 0x97, 0x5C, 0x05, 0x58, 0x7A, 0x19, | ||
457 | 0xAC, 0x8D, 0x7F, 0xE5, 0xD5, 0x98, 0x1A, 0x57, | ||
458 | 0x4B, 0x67, 0x0E, 0x7F, 0xA7, 0x05, 0x5A, 0x64, | ||
459 | 0x28, 0xAF, 0x14, 0x63, 0x3F, 0xB6, 0x29, 0xFE, | ||
460 | 0x88, 0xF5, 0x3C, 0xB7, 0x4C, 0x3C, 0x02, 0xA5, | ||
461 | 0xB8, 0xCE, 0xDA, 0xE9, 0xB0, 0x68, 0x17, 0x44, | ||
462 | 0x55, 0xE0, 0x1F, 0x4D, 0x8A, 0x43, 0x7D, 0x69, | ||
463 | 0x57, 0x29, 0xC7, 0x2E, 0x8D, 0xAC, 0x74, 0x15, | ||
464 | 0xB7, 0x59, 0xC4, 0xA8, 0x9F, 0x0A, 0x72, 0x9E, | ||
465 | 0x7E, 0x6E, 0x15, 0x47, 0x22, 0xDF, 0x12, 0x34, | ||
466 | 0x58, 0x35, 0x07, 0x6A, 0x99, 0xCF, 0x34, 0xDC, | ||
467 | 0x6E, 0x22, 0x50, 0xC9, 0xDE, 0xC0, 0x68, 0x9B, | ||
468 | 0x65, 0x89, 0xBC, 0xD4, 0xDB, 0xED, 0xF8, 0xAB, | ||
469 | 0xC8, 0x12, 0xA8, 0xA2, 0x2B, 0x0D, 0x40, 0x52, | ||
470 | 0xDC, 0xBB, 0xFE, 0x02, 0x32, 0x2F, 0xA4, 0xA9, | ||
471 | 0xCA, 0xD7, 0x10, 0x61, 0x21, 0x1E, 0xF0, 0xB4, | ||
472 | 0xD3, 0x50, 0x5D, 0x04, 0x0F, 0xF6, 0x00, 0xC2, | ||
473 | 0x6F, 0x16, 0x9D, 0x25, 0x36, 0x86, 0x42, 0x56, | ||
474 | 0x4A, 0x55, 0x5E, 0x09, 0xC1, 0xBE, 0xE0, 0x91 | ||
475 | }; | ||
476 | |||
477 | /* Macro to perform one column of the RS matrix multiplication. The | ||
478 | * parameters a, b, c, and d are the four bytes of output; i is the index | ||
479 | * of the key bytes, and w, x, y, and z, are the column of constants from | ||
480 | * the RS matrix, preprocessed through the poly_to_exp table. */ | ||
481 | |||
482 | #define CALC_S(a, b, c, d, i, w, x, y, z) \ | ||
483 | if (key[i]) { \ | ||
484 | tmp = poly_to_exp[key[i] - 1]; \ | ||
485 | (a) ^= exp_to_poly[tmp + (w)]; \ | ||
486 | (b) ^= exp_to_poly[tmp + (x)]; \ | ||
487 | (c) ^= exp_to_poly[tmp + (y)]; \ | ||
488 | (d) ^= exp_to_poly[tmp + (z)]; \ | ||
489 | } | ||
490 | |||
491 | /* Macros to calculate the key-dependent S-boxes for a 128-bit key using | ||
492 | * the S vector from CALC_S. CALC_SB_2 computes a single entry in all | ||
493 | * four S-boxes, where i is the index of the entry to compute, and a and b | ||
494 | * are the index numbers preprocessed through the q0 and q1 tables | ||
495 | * respectively. */ | ||
496 | |||
497 | #define CALC_SB_2(i, a, b) \ | ||
498 | ctx->s[0][i] = mds[0][q0[(a) ^ sa] ^ se]; \ | ||
499 | ctx->s[1][i] = mds[1][q0[(b) ^ sb] ^ sf]; \ | ||
500 | ctx->s[2][i] = mds[2][q1[(a) ^ sc] ^ sg]; \ | ||
501 | ctx->s[3][i] = mds[3][q1[(b) ^ sd] ^ sh] | ||
502 | |||
503 | /* Macro exactly like CALC_SB_2, but for 192-bit keys. */ | ||
504 | |||
505 | #define CALC_SB192_2(i, a, b) \ | ||
506 | ctx->s[0][i] = mds[0][q0[q0[(b) ^ sa] ^ se] ^ si]; \ | ||
507 | ctx->s[1][i] = mds[1][q0[q1[(b) ^ sb] ^ sf] ^ sj]; \ | ||
508 | ctx->s[2][i] = mds[2][q1[q0[(a) ^ sc] ^ sg] ^ sk]; \ | ||
509 | ctx->s[3][i] = mds[3][q1[q1[(a) ^ sd] ^ sh] ^ sl]; | ||
510 | |||
511 | /* Macro exactly like CALC_SB_2, but for 256-bit keys. */ | ||
512 | |||
513 | #define CALC_SB256_2(i, a, b) \ | ||
514 | ctx->s[0][i] = mds[0][q0[q0[q1[(b) ^ sa] ^ se] ^ si] ^ sm]; \ | ||
515 | ctx->s[1][i] = mds[1][q0[q1[q1[(a) ^ sb] ^ sf] ^ sj] ^ sn]; \ | ||
516 | ctx->s[2][i] = mds[2][q1[q0[q0[(a) ^ sc] ^ sg] ^ sk] ^ so]; \ | ||
517 | ctx->s[3][i] = mds[3][q1[q1[q0[(b) ^ sd] ^ sh] ^ sl] ^ sp]; | ||
518 | |||
519 | /* Macros to calculate the whitening and round subkeys. CALC_K_2 computes the | ||
520 | * last two stages of the h() function for a given index (either 2i or 2i+1). | ||
521 | * a, b, c, and d are the four bytes going into the last two stages. For | ||
522 | * 128-bit keys, this is the entire h() function and a and c are the index | ||
523 | * preprocessed through q0 and q1 respectively; for longer keys they are the | ||
524 | * output of previous stages. j is the index of the first key byte to use. | ||
525 | * CALC_K computes a pair of subkeys for 128-bit Twofish, by calling CALC_K_2 | ||
526 | * twice, doing the Pseudo-Hadamard Transform, and doing the necessary | ||
527 | * rotations. Its parameters are: a, the array to write the results into, | ||
528 | * j, the index of the first output entry, k and l, the preprocessed indices | ||
529 | * for index 2i, and m and n, the preprocessed indices for index 2i+1. | ||
530 | * CALC_K192_2 expands CALC_K_2 to handle 192-bit keys, by doing an | ||
531 | * additional lookup-and-XOR stage. The parameters a, b, c and d are the | ||
532 | * four bytes going into the last three stages. For 192-bit keys, c = d | ||
533 | * are the index preprocessed through q0, and a = b are the index | ||
534 | * preprocessed through q1; j is the index of the first key byte to use. | ||
535 | * CALC_K192 is identical to CALC_K but for using the CALC_K192_2 macro | ||
536 | * instead of CALC_K_2. | ||
537 | * CALC_K256_2 expands CALC_K192_2 to handle 256-bit keys, by doing an | ||
538 | * additional lookup-and-XOR stage. The parameters a and b are the index | ||
539 | * preprocessed through q0 and q1 respectively; j is the index of the first | ||
540 | * key byte to use. CALC_K256 is identical to CALC_K but for using the | ||
541 | * CALC_K256_2 macro instead of CALC_K_2. */ | ||
542 | |||
543 | #define CALC_K_2(a, b, c, d, j) \ | ||
544 | mds[0][q0[a ^ key[(j) + 8]] ^ key[j]] \ | ||
545 | ^ mds[1][q0[b ^ key[(j) + 9]] ^ key[(j) + 1]] \ | ||
546 | ^ mds[2][q1[c ^ key[(j) + 10]] ^ key[(j) + 2]] \ | ||
547 | ^ mds[3][q1[d ^ key[(j) + 11]] ^ key[(j) + 3]] | ||
548 | |||
549 | #define CALC_K(a, j, k, l, m, n) \ | ||
550 | x = CALC_K_2 (k, l, k, l, 0); \ | ||
551 | y = CALC_K_2 (m, n, m, n, 4); \ | ||
552 | y = rol32(y, 8); \ | ||
553 | x += y; y += x; ctx->a[j] = x; \ | ||
554 | ctx->a[(j) + 1] = rol32(y, 9) | ||
555 | |||
556 | #define CALC_K192_2(a, b, c, d, j) \ | ||
557 | CALC_K_2 (q0[a ^ key[(j) + 16]], \ | ||
558 | q1[b ^ key[(j) + 17]], \ | ||
559 | q0[c ^ key[(j) + 18]], \ | ||
560 | q1[d ^ key[(j) + 19]], j) | ||
561 | |||
562 | #define CALC_K192(a, j, k, l, m, n) \ | ||
563 | x = CALC_K192_2 (l, l, k, k, 0); \ | ||
564 | y = CALC_K192_2 (n, n, m, m, 4); \ | ||
565 | y = rol32(y, 8); \ | ||
566 | x += y; y += x; ctx->a[j] = x; \ | ||
567 | ctx->a[(j) + 1] = rol32(y, 9) | ||
568 | |||
569 | #define CALC_K256_2(a, b, j) \ | ||
570 | CALC_K192_2 (q1[b ^ key[(j) + 24]], \ | ||
571 | q1[a ^ key[(j) + 25]], \ | ||
572 | q0[a ^ key[(j) + 26]], \ | ||
573 | q0[b ^ key[(j) + 27]], j) | ||
574 | |||
575 | #define CALC_K256(a, j, k, l, m, n) \ | ||
576 | x = CALC_K256_2 (k, l, 0); \ | ||
577 | y = CALC_K256_2 (m, n, 4); \ | ||
578 | y = rol32(y, 8); \ | ||
579 | x += y; y += x; ctx->a[j] = x; \ | ||
580 | ctx->a[(j) + 1] = rol32(y, 9) | ||
581 | |||
582 | /* Perform the key setup. */ | ||
583 | int twofish_setkey(struct crypto_tfm *tfm, const u8 *key, unsigned int key_len) | ||
584 | { | ||
585 | |||
586 | struct twofish_ctx *ctx = crypto_tfm_ctx(tfm); | ||
587 | u32 *flags = &tfm->crt_flags; | ||
588 | |||
589 | int i, j, k; | ||
590 | |||
591 | /* Temporaries for CALC_K. */ | ||
592 | u32 x, y; | ||
593 | |||
594 | /* The S vector used to key the S-boxes, split up into individual bytes. | ||
595 | * 128-bit keys use only sa through sh; 256-bit use all of them. */ | ||
596 | u8 sa = 0, sb = 0, sc = 0, sd = 0, se = 0, sf = 0, sg = 0, sh = 0; | ||
597 | u8 si = 0, sj = 0, sk = 0, sl = 0, sm = 0, sn = 0, so = 0, sp = 0; | ||
598 | |||
599 | /* Temporary for CALC_S. */ | ||
600 | u8 tmp; | ||
601 | |||
602 | /* Check key length. */ | ||
603 | if (key_len % 8) | ||
604 | { | ||
605 | *flags |= CRYPTO_TFM_RES_BAD_KEY_LEN; | ||
606 | return -EINVAL; /* unsupported key length */ | ||
607 | } | ||
608 | |||
609 | /* Compute the first two words of the S vector. The magic numbers are | ||
610 | * the entries of the RS matrix, preprocessed through poly_to_exp. The | ||
611 | * numbers in the comments are the original (polynomial form) matrix | ||
612 | * entries. */ | ||
613 | CALC_S (sa, sb, sc, sd, 0, 0x00, 0x2D, 0x01, 0x2D); /* 01 A4 02 A4 */ | ||
614 | CALC_S (sa, sb, sc, sd, 1, 0x2D, 0xA4, 0x44, 0x8A); /* A4 56 A1 55 */ | ||
615 | CALC_S (sa, sb, sc, sd, 2, 0x8A, 0xD5, 0xBF, 0xD1); /* 55 82 FC 87 */ | ||
616 | CALC_S (sa, sb, sc, sd, 3, 0xD1, 0x7F, 0x3D, 0x99); /* 87 F3 C1 5A */ | ||
617 | CALC_S (sa, sb, sc, sd, 4, 0x99, 0x46, 0x66, 0x96); /* 5A 1E 47 58 */ | ||
618 | CALC_S (sa, sb, sc, sd, 5, 0x96, 0x3C, 0x5B, 0xED); /* 58 C6 AE DB */ | ||
619 | CALC_S (sa, sb, sc, sd, 6, 0xED, 0x37, 0x4F, 0xE0); /* DB 68 3D 9E */ | ||
620 | CALC_S (sa, sb, sc, sd, 7, 0xE0, 0xD0, 0x8C, 0x17); /* 9E E5 19 03 */ | ||
621 | CALC_S (se, sf, sg, sh, 8, 0x00, 0x2D, 0x01, 0x2D); /* 01 A4 02 A4 */ | ||
622 | CALC_S (se, sf, sg, sh, 9, 0x2D, 0xA4, 0x44, 0x8A); /* A4 56 A1 55 */ | ||
623 | CALC_S (se, sf, sg, sh, 10, 0x8A, 0xD5, 0xBF, 0xD1); /* 55 82 FC 87 */ | ||
624 | CALC_S (se, sf, sg, sh, 11, 0xD1, 0x7F, 0x3D, 0x99); /* 87 F3 C1 5A */ | ||
625 | CALC_S (se, sf, sg, sh, 12, 0x99, 0x46, 0x66, 0x96); /* 5A 1E 47 58 */ | ||
626 | CALC_S (se, sf, sg, sh, 13, 0x96, 0x3C, 0x5B, 0xED); /* 58 C6 AE DB */ | ||
627 | CALC_S (se, sf, sg, sh, 14, 0xED, 0x37, 0x4F, 0xE0); /* DB 68 3D 9E */ | ||
628 | CALC_S (se, sf, sg, sh, 15, 0xE0, 0xD0, 0x8C, 0x17); /* 9E E5 19 03 */ | ||
629 | |||
630 | if (key_len == 24 || key_len == 32) { /* 192- or 256-bit key */ | ||
631 | /* Calculate the third word of the S vector */ | ||
632 | CALC_S (si, sj, sk, sl, 16, 0x00, 0x2D, 0x01, 0x2D); /* 01 A4 02 A4 */ | ||
633 | CALC_S (si, sj, sk, sl, 17, 0x2D, 0xA4, 0x44, 0x8A); /* A4 56 A1 55 */ | ||
634 | CALC_S (si, sj, sk, sl, 18, 0x8A, 0xD5, 0xBF, 0xD1); /* 55 82 FC 87 */ | ||
635 | CALC_S (si, sj, sk, sl, 19, 0xD1, 0x7F, 0x3D, 0x99); /* 87 F3 C1 5A */ | ||
636 | CALC_S (si, sj, sk, sl, 20, 0x99, 0x46, 0x66, 0x96); /* 5A 1E 47 58 */ | ||
637 | CALC_S (si, sj, sk, sl, 21, 0x96, 0x3C, 0x5B, 0xED); /* 58 C6 AE DB */ | ||
638 | CALC_S (si, sj, sk, sl, 22, 0xED, 0x37, 0x4F, 0xE0); /* DB 68 3D 9E */ | ||
639 | CALC_S (si, sj, sk, sl, 23, 0xE0, 0xD0, 0x8C, 0x17); /* 9E E5 19 03 */ | ||
640 | } | ||
641 | |||
642 | if (key_len == 32) { /* 256-bit key */ | ||
643 | /* Calculate the fourth word of the S vector */ | ||
644 | CALC_S (sm, sn, so, sp, 24, 0x00, 0x2D, 0x01, 0x2D); /* 01 A4 02 A4 */ | ||
645 | CALC_S (sm, sn, so, sp, 25, 0x2D, 0xA4, 0x44, 0x8A); /* A4 56 A1 55 */ | ||
646 | CALC_S (sm, sn, so, sp, 26, 0x8A, 0xD5, 0xBF, 0xD1); /* 55 82 FC 87 */ | ||
647 | CALC_S (sm, sn, so, sp, 27, 0xD1, 0x7F, 0x3D, 0x99); /* 87 F3 C1 5A */ | ||
648 | CALC_S (sm, sn, so, sp, 28, 0x99, 0x46, 0x66, 0x96); /* 5A 1E 47 58 */ | ||
649 | CALC_S (sm, sn, so, sp, 29, 0x96, 0x3C, 0x5B, 0xED); /* 58 C6 AE DB */ | ||
650 | CALC_S (sm, sn, so, sp, 30, 0xED, 0x37, 0x4F, 0xE0); /* DB 68 3D 9E */ | ||
651 | CALC_S (sm, sn, so, sp, 31, 0xE0, 0xD0, 0x8C, 0x17); /* 9E E5 19 03 */ | ||
652 | |||
653 | /* Compute the S-boxes. */ | ||
654 | for ( i = j = 0, k = 1; i < 256; i++, j += 2, k += 2 ) { | ||
655 | CALC_SB256_2( i, calc_sb_tbl[j], calc_sb_tbl[k] ); | ||
656 | } | ||
657 | |||
658 | /* Calculate whitening and round subkeys. The constants are | ||
659 | * indices of subkeys, preprocessed through q0 and q1. */ | ||
660 | CALC_K256 (w, 0, 0xA9, 0x75, 0x67, 0xF3); | ||
661 | CALC_K256 (w, 2, 0xB3, 0xC6, 0xE8, 0xF4); | ||
662 | CALC_K256 (w, 4, 0x04, 0xDB, 0xFD, 0x7B); | ||
663 | CALC_K256 (w, 6, 0xA3, 0xFB, 0x76, 0xC8); | ||
664 | CALC_K256 (k, 0, 0x9A, 0x4A, 0x92, 0xD3); | ||
665 | CALC_K256 (k, 2, 0x80, 0xE6, 0x78, 0x6B); | ||
666 | CALC_K256 (k, 4, 0xE4, 0x45, 0xDD, 0x7D); | ||
667 | CALC_K256 (k, 6, 0xD1, 0xE8, 0x38, 0x4B); | ||
668 | CALC_K256 (k, 8, 0x0D, 0xD6, 0xC6, 0x32); | ||
669 | CALC_K256 (k, 10, 0x35, 0xD8, 0x98, 0xFD); | ||
670 | CALC_K256 (k, 12, 0x18, 0x37, 0xF7, 0x71); | ||
671 | CALC_K256 (k, 14, 0xEC, 0xF1, 0x6C, 0xE1); | ||
672 | CALC_K256 (k, 16, 0x43, 0x30, 0x75, 0x0F); | ||
673 | CALC_K256 (k, 18, 0x37, 0xF8, 0x26, 0x1B); | ||
674 | CALC_K256 (k, 20, 0xFA, 0x87, 0x13, 0xFA); | ||
675 | CALC_K256 (k, 22, 0x94, 0x06, 0x48, 0x3F); | ||
676 | CALC_K256 (k, 24, 0xF2, 0x5E, 0xD0, 0xBA); | ||
677 | CALC_K256 (k, 26, 0x8B, 0xAE, 0x30, 0x5B); | ||
678 | CALC_K256 (k, 28, 0x84, 0x8A, 0x54, 0x00); | ||
679 | CALC_K256 (k, 30, 0xDF, 0xBC, 0x23, 0x9D); | ||
680 | } else if (key_len == 24) { /* 192-bit key */ | ||
681 | /* Compute the S-boxes. */ | ||
682 | for ( i = j = 0, k = 1; i < 256; i++, j += 2, k += 2 ) { | ||
683 | CALC_SB192_2( i, calc_sb_tbl[j], calc_sb_tbl[k] ); | ||
684 | } | ||
685 | |||
686 | /* Calculate whitening and round subkeys. The constants are | ||
687 | * indices of subkeys, preprocessed through q0 and q1. */ | ||
688 | CALC_K192 (w, 0, 0xA9, 0x75, 0x67, 0xF3); | ||
689 | CALC_K192 (w, 2, 0xB3, 0xC6, 0xE8, 0xF4); | ||
690 | CALC_K192 (w, 4, 0x04, 0xDB, 0xFD, 0x7B); | ||
691 | CALC_K192 (w, 6, 0xA3, 0xFB, 0x76, 0xC8); | ||
692 | CALC_K192 (k, 0, 0x9A, 0x4A, 0x92, 0xD3); | ||
693 | CALC_K192 (k, 2, 0x80, 0xE6, 0x78, 0x6B); | ||
694 | CALC_K192 (k, 4, 0xE4, 0x45, 0xDD, 0x7D); | ||
695 | CALC_K192 (k, 6, 0xD1, 0xE8, 0x38, 0x4B); | ||
696 | CALC_K192 (k, 8, 0x0D, 0xD6, 0xC6, 0x32); | ||
697 | CALC_K192 (k, 10, 0x35, 0xD8, 0x98, 0xFD); | ||
698 | CALC_K192 (k, 12, 0x18, 0x37, 0xF7, 0x71); | ||
699 | CALC_K192 (k, 14, 0xEC, 0xF1, 0x6C, 0xE1); | ||
700 | CALC_K192 (k, 16, 0x43, 0x30, 0x75, 0x0F); | ||
701 | CALC_K192 (k, 18, 0x37, 0xF8, 0x26, 0x1B); | ||
702 | CALC_K192 (k, 20, 0xFA, 0x87, 0x13, 0xFA); | ||
703 | CALC_K192 (k, 22, 0x94, 0x06, 0x48, 0x3F); | ||
704 | CALC_K192 (k, 24, 0xF2, 0x5E, 0xD0, 0xBA); | ||
705 | CALC_K192 (k, 26, 0x8B, 0xAE, 0x30, 0x5B); | ||
706 | CALC_K192 (k, 28, 0x84, 0x8A, 0x54, 0x00); | ||
707 | CALC_K192 (k, 30, 0xDF, 0xBC, 0x23, 0x9D); | ||
708 | } else { /* 128-bit key */ | ||
709 | /* Compute the S-boxes. */ | ||
710 | for ( i = j = 0, k = 1; i < 256; i++, j += 2, k += 2 ) { | ||
711 | CALC_SB_2( i, calc_sb_tbl[j], calc_sb_tbl[k] ); | ||
712 | } | ||
713 | |||
714 | /* Calculate whitening and round subkeys. The constants are | ||
715 | * indices of subkeys, preprocessed through q0 and q1. */ | ||
716 | CALC_K (w, 0, 0xA9, 0x75, 0x67, 0xF3); | ||
717 | CALC_K (w, 2, 0xB3, 0xC6, 0xE8, 0xF4); | ||
718 | CALC_K (w, 4, 0x04, 0xDB, 0xFD, 0x7B); | ||
719 | CALC_K (w, 6, 0xA3, 0xFB, 0x76, 0xC8); | ||
720 | CALC_K (k, 0, 0x9A, 0x4A, 0x92, 0xD3); | ||
721 | CALC_K (k, 2, 0x80, 0xE6, 0x78, 0x6B); | ||
722 | CALC_K (k, 4, 0xE4, 0x45, 0xDD, 0x7D); | ||
723 | CALC_K (k, 6, 0xD1, 0xE8, 0x38, 0x4B); | ||
724 | CALC_K (k, 8, 0x0D, 0xD6, 0xC6, 0x32); | ||
725 | CALC_K (k, 10, 0x35, 0xD8, 0x98, 0xFD); | ||
726 | CALC_K (k, 12, 0x18, 0x37, 0xF7, 0x71); | ||
727 | CALC_K (k, 14, 0xEC, 0xF1, 0x6C, 0xE1); | ||
728 | CALC_K (k, 16, 0x43, 0x30, 0x75, 0x0F); | ||
729 | CALC_K (k, 18, 0x37, 0xF8, 0x26, 0x1B); | ||
730 | CALC_K (k, 20, 0xFA, 0x87, 0x13, 0xFA); | ||
731 | CALC_K (k, 22, 0x94, 0x06, 0x48, 0x3F); | ||
732 | CALC_K (k, 24, 0xF2, 0x5E, 0xD0, 0xBA); | ||
733 | CALC_K (k, 26, 0x8B, 0xAE, 0x30, 0x5B); | ||
734 | CALC_K (k, 28, 0x84, 0x8A, 0x54, 0x00); | ||
735 | CALC_K (k, 30, 0xDF, 0xBC, 0x23, 0x9D); | ||
736 | } | ||
737 | |||
738 | return 0; | ||
739 | } | ||
740 | |||
741 | EXPORT_SYMBOL_GPL(twofish_setkey); | ||
742 | |||
743 | MODULE_LICENSE("GPL"); | ||
744 | MODULE_DESCRIPTION("Twofish cipher common functions"); | ||