aboutsummaryrefslogtreecommitdiffstats
path: root/crypto
diff options
context:
space:
mode:
authorLinus Torvalds <torvalds@linux-foundation.org>2008-01-25 11:38:25 -0500
committerLinus Torvalds <torvalds@linux-foundation.org>2008-01-25 11:38:25 -0500
commiteba0e319c12fb098d66316a8eafbaaa9174a07c3 (patch)
treeb2703117db9e36bb3510654efd55361f61c54742 /crypto
parentdf8dc74e8a383eaf2d9b44b80a71ec6f0e52b42e (diff)
parent15e7b4452b72ae890f2fcb027b4c4fa63a1c9a7a (diff)
Merge git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6
* git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6: (125 commits) [CRYPTO] twofish: Merge common glue code [CRYPTO] hifn_795x: Fixup container_of() usage [CRYPTO] cast6: inline bloat-- [CRYPTO] api: Set default CRYPTO_MINALIGN to unsigned long long [CRYPTO] tcrypt: Make xcbc available as a standalone test [CRYPTO] xcbc: Remove bogus hash/cipher test [CRYPTO] xcbc: Fix algorithm leak when block size check fails [CRYPTO] tcrypt: Zero axbuf in the right function [CRYPTO] padlock: Only reset the key once for each CBC and ECB operation [CRYPTO] api: Include sched.h for cond_resched in scatterwalk.h [CRYPTO] salsa20-asm: Remove unnecessary dependency on CRYPTO_SALSA20 [CRYPTO] tcrypt: Add select of AEAD [CRYPTO] salsa20: Add x86-64 assembly version [CRYPTO] salsa20_i586: Salsa20 stream cipher algorithm (i586 version) [CRYPTO] gcm: Introduce rfc4106 [CRYPTO] api: Show async type [CRYPTO] chainiv: Avoid lock spinning where possible [CRYPTO] seqiv: Add select AEAD in Kconfig [CRYPTO] scatterwalk: Handle zero nbytes in scatterwalk_map_and_copy [CRYPTO] null: Allow setkey on digest_null ...
Diffstat (limited to 'crypto')
-rw-r--r--crypto/Kconfig97
-rw-r--r--crypto/Makefile14
-rw-r--r--crypto/ablkcipher.c241
-rw-r--r--crypto/aead.c400
-rw-r--r--crypto/aes_generic.c468
-rw-r--r--crypto/algapi.c65
-rw-r--r--crypto/api.c19
-rw-r--r--crypto/authenc.c334
-rw-r--r--crypto/blkcipher.c202
-rw-r--r--crypto/camellia.c1781
-rw-r--r--crypto/cast6.c6
-rw-r--r--crypto/cbc.c109
-rw-r--r--crypto/ccm.c889
-rw-r--r--crypto/chainiv.c331
-rw-r--r--crypto/cryptd.c6
-rw-r--r--crypto/crypto_null.c70
-rw-r--r--crypto/ctr.c422
-rw-r--r--crypto/des_generic.c17
-rw-r--r--crypto/digest.c4
-rw-r--r--crypto/eseqiv.c264
-rw-r--r--crypto/gcm.c823
-rw-r--r--crypto/hmac.c3
-rw-r--r--crypto/internal.h31
-rw-r--r--crypto/lzo.c106
-rw-r--r--crypto/pcbc.c105
-rw-r--r--crypto/salsa20_generic.c255
-rw-r--r--crypto/scatterwalk.c10
-rw-r--r--crypto/scatterwalk.h80
-rw-r--r--crypto/seqiv.c345
-rw-r--r--crypto/sha256_generic.c72
-rw-r--r--crypto/tcrypt.c449
-rw-r--r--crypto/tcrypt.h3415
-rw-r--r--crypto/twofish_common.c96
-rw-r--r--crypto/xcbc.c10
34 files changed, 9478 insertions, 2061 deletions
diff --git a/crypto/Kconfig b/crypto/Kconfig
index 083d2e1dfc21..c3166a1a5bb6 100644
--- a/crypto/Kconfig
+++ b/crypto/Kconfig
@@ -24,10 +24,6 @@ config CRYPTO_ALGAPI
24 help 24 help
25 This option provides the API for cryptographic algorithms. 25 This option provides the API for cryptographic algorithms.
26 26
27config CRYPTO_ABLKCIPHER
28 tristate
29 select CRYPTO_BLKCIPHER
30
31config CRYPTO_AEAD 27config CRYPTO_AEAD
32 tristate 28 tristate
33 select CRYPTO_ALGAPI 29 select CRYPTO_ALGAPI
@@ -36,6 +32,15 @@ config CRYPTO_BLKCIPHER
36 tristate 32 tristate
37 select CRYPTO_ALGAPI 33 select CRYPTO_ALGAPI
38 34
35config CRYPTO_SEQIV
36 tristate "Sequence Number IV Generator"
37 select CRYPTO_AEAD
38 select CRYPTO_BLKCIPHER
39 help
40 This IV generator generates an IV based on a sequence number by
41 xoring it with a salt. This algorithm is mainly useful for CTR
42 and similar modes.
43
39config CRYPTO_HASH 44config CRYPTO_HASH
40 tristate 45 tristate
41 select CRYPTO_ALGAPI 46 select CRYPTO_ALGAPI
@@ -91,7 +96,7 @@ config CRYPTO_SHA1
91 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2). 96 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2).
92 97
93config CRYPTO_SHA256 98config CRYPTO_SHA256
94 tristate "SHA256 digest algorithm" 99 tristate "SHA224 and SHA256 digest algorithm"
95 select CRYPTO_ALGAPI 100 select CRYPTO_ALGAPI
96 help 101 help
97 SHA256 secure hash standard (DFIPS 180-2). 102 SHA256 secure hash standard (DFIPS 180-2).
@@ -99,6 +104,9 @@ config CRYPTO_SHA256
99 This version of SHA implements a 256 bit hash with 128 bits of 104 This version of SHA implements a 256 bit hash with 128 bits of
100 security against collision attacks. 105 security against collision attacks.
101 106
107 This code also includes SHA-224, a 224 bit hash with 112 bits
108 of security against collision attacks.
109
102config CRYPTO_SHA512 110config CRYPTO_SHA512
103 tristate "SHA384 and SHA512 digest algorithms" 111 tristate "SHA384 and SHA512 digest algorithms"
104 select CRYPTO_ALGAPI 112 select CRYPTO_ALGAPI
@@ -195,9 +203,34 @@ config CRYPTO_XTS
195 key size 256, 384 or 512 bits. This implementation currently 203 key size 256, 384 or 512 bits. This implementation currently
196 can't handle a sectorsize which is not a multiple of 16 bytes. 204 can't handle a sectorsize which is not a multiple of 16 bytes.
197 205
206config CRYPTO_CTR
207 tristate "CTR support"
208 select CRYPTO_BLKCIPHER
209 select CRYPTO_SEQIV
210 select CRYPTO_MANAGER
211 help
212 CTR: Counter mode
213 This block cipher algorithm is required for IPSec.
214
215config CRYPTO_GCM
216 tristate "GCM/GMAC support"
217 select CRYPTO_CTR
218 select CRYPTO_AEAD
219 select CRYPTO_GF128MUL
220 help
221 Support for Galois/Counter Mode (GCM) and Galois Message
222 Authentication Code (GMAC). Required for IPSec.
223
224config CRYPTO_CCM
225 tristate "CCM support"
226 select CRYPTO_CTR
227 select CRYPTO_AEAD
228 help
229 Support for Counter with CBC MAC. Required for IPsec.
230
198config CRYPTO_CRYPTD 231config CRYPTO_CRYPTD
199 tristate "Software async crypto daemon" 232 tristate "Software async crypto daemon"
200 select CRYPTO_ABLKCIPHER 233 select CRYPTO_BLKCIPHER
201 select CRYPTO_MANAGER 234 select CRYPTO_MANAGER
202 help 235 help
203 This is a generic software asynchronous crypto daemon that 236 This is a generic software asynchronous crypto daemon that
@@ -320,6 +353,7 @@ config CRYPTO_AES_586
320 tristate "AES cipher algorithms (i586)" 353 tristate "AES cipher algorithms (i586)"
321 depends on (X86 || UML_X86) && !64BIT 354 depends on (X86 || UML_X86) && !64BIT
322 select CRYPTO_ALGAPI 355 select CRYPTO_ALGAPI
356 select CRYPTO_AES
323 help 357 help
324 AES cipher algorithms (FIPS-197). AES uses the Rijndael 358 AES cipher algorithms (FIPS-197). AES uses the Rijndael
325 algorithm. 359 algorithm.
@@ -341,6 +375,7 @@ config CRYPTO_AES_X86_64
341 tristate "AES cipher algorithms (x86_64)" 375 tristate "AES cipher algorithms (x86_64)"
342 depends on (X86 || UML_X86) && 64BIT 376 depends on (X86 || UML_X86) && 64BIT
343 select CRYPTO_ALGAPI 377 select CRYPTO_ALGAPI
378 select CRYPTO_AES
344 help 379 help
345 AES cipher algorithms (FIPS-197). AES uses the Rijndael 380 AES cipher algorithms (FIPS-197). AES uses the Rijndael
346 algorithm. 381 algorithm.
@@ -441,6 +476,46 @@ config CRYPTO_SEED
441 See also: 476 See also:
442 <http://www.kisa.or.kr/kisa/seed/jsp/seed_eng.jsp> 477 <http://www.kisa.or.kr/kisa/seed/jsp/seed_eng.jsp>
443 478
479config CRYPTO_SALSA20
480 tristate "Salsa20 stream cipher algorithm (EXPERIMENTAL)"
481 depends on EXPERIMENTAL
482 select CRYPTO_BLKCIPHER
483 help
484 Salsa20 stream cipher algorithm.
485
486 Salsa20 is a stream cipher submitted to eSTREAM, the ECRYPT
487 Stream Cipher Project. See <http://www.ecrypt.eu.org/stream/>
488
489 The Salsa20 stream cipher algorithm is designed by Daniel J.
490 Bernstein <djb@cr.yp.to>. See <http://cr.yp.to/snuffle.html>
491
492config CRYPTO_SALSA20_586
493 tristate "Salsa20 stream cipher algorithm (i586) (EXPERIMENTAL)"
494 depends on (X86 || UML_X86) && !64BIT
495 depends on EXPERIMENTAL
496 select CRYPTO_BLKCIPHER
497 help
498 Salsa20 stream cipher algorithm.
499
500 Salsa20 is a stream cipher submitted to eSTREAM, the ECRYPT
501 Stream Cipher Project. See <http://www.ecrypt.eu.org/stream/>
502
503 The Salsa20 stream cipher algorithm is designed by Daniel J.
504 Bernstein <djb@cr.yp.to>. See <http://cr.yp.to/snuffle.html>
505
506config CRYPTO_SALSA20_X86_64
507 tristate "Salsa20 stream cipher algorithm (x86_64) (EXPERIMENTAL)"
508 depends on (X86 || UML_X86) && 64BIT
509 depends on EXPERIMENTAL
510 select CRYPTO_BLKCIPHER
511 help
512 Salsa20 stream cipher algorithm.
513
514 Salsa20 is a stream cipher submitted to eSTREAM, the ECRYPT
515 Stream Cipher Project. See <http://www.ecrypt.eu.org/stream/>
516
517 The Salsa20 stream cipher algorithm is designed by Daniel J.
518 Bernstein <djb@cr.yp.to>. See <http://cr.yp.to/snuffle.html>
444 519
445config CRYPTO_DEFLATE 520config CRYPTO_DEFLATE
446 tristate "Deflate compression algorithm" 521 tristate "Deflate compression algorithm"
@@ -491,6 +566,7 @@ config CRYPTO_TEST
491 tristate "Testing module" 566 tristate "Testing module"
492 depends on m 567 depends on m
493 select CRYPTO_ALGAPI 568 select CRYPTO_ALGAPI
569 select CRYPTO_AEAD
494 help 570 help
495 Quick & dirty crypto test module. 571 Quick & dirty crypto test module.
496 572
@@ -498,10 +574,19 @@ config CRYPTO_AUTHENC
498 tristate "Authenc support" 574 tristate "Authenc support"
499 select CRYPTO_AEAD 575 select CRYPTO_AEAD
500 select CRYPTO_MANAGER 576 select CRYPTO_MANAGER
577 select CRYPTO_HASH
501 help 578 help
502 Authenc: Combined mode wrapper for IPsec. 579 Authenc: Combined mode wrapper for IPsec.
503 This is required for IPSec. 580 This is required for IPSec.
504 581
582config CRYPTO_LZO
583 tristate "LZO compression algorithm"
584 select CRYPTO_ALGAPI
585 select LZO_COMPRESS
586 select LZO_DECOMPRESS
587 help
588 This is the LZO algorithm.
589
505source "drivers/crypto/Kconfig" 590source "drivers/crypto/Kconfig"
506 591
507endif # if CRYPTO 592endif # if CRYPTO
diff --git a/crypto/Makefile b/crypto/Makefile
index 43c2a0dc9936..48c758379954 100644
--- a/crypto/Makefile
+++ b/crypto/Makefile
@@ -8,9 +8,14 @@ crypto_algapi-$(CONFIG_PROC_FS) += proc.o
8crypto_algapi-objs := algapi.o scatterwalk.o $(crypto_algapi-y) 8crypto_algapi-objs := algapi.o scatterwalk.o $(crypto_algapi-y)
9obj-$(CONFIG_CRYPTO_ALGAPI) += crypto_algapi.o 9obj-$(CONFIG_CRYPTO_ALGAPI) += crypto_algapi.o
10 10
11obj-$(CONFIG_CRYPTO_ABLKCIPHER) += ablkcipher.o
12obj-$(CONFIG_CRYPTO_AEAD) += aead.o 11obj-$(CONFIG_CRYPTO_AEAD) += aead.o
13obj-$(CONFIG_CRYPTO_BLKCIPHER) += blkcipher.o 12
13crypto_blkcipher-objs := ablkcipher.o
14crypto_blkcipher-objs += blkcipher.o
15obj-$(CONFIG_CRYPTO_BLKCIPHER) += crypto_blkcipher.o
16obj-$(CONFIG_CRYPTO_BLKCIPHER) += chainiv.o
17obj-$(CONFIG_CRYPTO_BLKCIPHER) += eseqiv.o
18obj-$(CONFIG_CRYPTO_SEQIV) += seqiv.o
14 19
15crypto_hash-objs := hash.o 20crypto_hash-objs := hash.o
16obj-$(CONFIG_CRYPTO_HASH) += crypto_hash.o 21obj-$(CONFIG_CRYPTO_HASH) += crypto_hash.o
@@ -32,6 +37,9 @@ obj-$(CONFIG_CRYPTO_CBC) += cbc.o
32obj-$(CONFIG_CRYPTO_PCBC) += pcbc.o 37obj-$(CONFIG_CRYPTO_PCBC) += pcbc.o
33obj-$(CONFIG_CRYPTO_LRW) += lrw.o 38obj-$(CONFIG_CRYPTO_LRW) += lrw.o
34obj-$(CONFIG_CRYPTO_XTS) += xts.o 39obj-$(CONFIG_CRYPTO_XTS) += xts.o
40obj-$(CONFIG_CRYPTO_CTR) += ctr.o
41obj-$(CONFIG_CRYPTO_GCM) += gcm.o
42obj-$(CONFIG_CRYPTO_CCM) += ccm.o
35obj-$(CONFIG_CRYPTO_CRYPTD) += cryptd.o 43obj-$(CONFIG_CRYPTO_CRYPTD) += cryptd.o
36obj-$(CONFIG_CRYPTO_DES) += des_generic.o 44obj-$(CONFIG_CRYPTO_DES) += des_generic.o
37obj-$(CONFIG_CRYPTO_FCRYPT) += fcrypt.o 45obj-$(CONFIG_CRYPTO_FCRYPT) += fcrypt.o
@@ -48,10 +56,12 @@ obj-$(CONFIG_CRYPTO_TEA) += tea.o
48obj-$(CONFIG_CRYPTO_KHAZAD) += khazad.o 56obj-$(CONFIG_CRYPTO_KHAZAD) += khazad.o
49obj-$(CONFIG_CRYPTO_ANUBIS) += anubis.o 57obj-$(CONFIG_CRYPTO_ANUBIS) += anubis.o
50obj-$(CONFIG_CRYPTO_SEED) += seed.o 58obj-$(CONFIG_CRYPTO_SEED) += seed.o
59obj-$(CONFIG_CRYPTO_SALSA20) += salsa20_generic.o
51obj-$(CONFIG_CRYPTO_DEFLATE) += deflate.o 60obj-$(CONFIG_CRYPTO_DEFLATE) += deflate.o
52obj-$(CONFIG_CRYPTO_MICHAEL_MIC) += michael_mic.o 61obj-$(CONFIG_CRYPTO_MICHAEL_MIC) += michael_mic.o
53obj-$(CONFIG_CRYPTO_CRC32C) += crc32c.o 62obj-$(CONFIG_CRYPTO_CRC32C) += crc32c.o
54obj-$(CONFIG_CRYPTO_AUTHENC) += authenc.o 63obj-$(CONFIG_CRYPTO_AUTHENC) += authenc.o
64obj-$(CONFIG_CRYPTO_LZO) += lzo.o
55 65
56obj-$(CONFIG_CRYPTO_TEST) += tcrypt.o 66obj-$(CONFIG_CRYPTO_TEST) += tcrypt.o
57 67
diff --git a/crypto/ablkcipher.c b/crypto/ablkcipher.c
index 2731acb86e7d..3bcb099b4a85 100644
--- a/crypto/ablkcipher.c
+++ b/crypto/ablkcipher.c
@@ -13,14 +13,18 @@
13 * 13 *
14 */ 14 */
15 15
16#include <crypto/algapi.h> 16#include <crypto/internal/skcipher.h>
17#include <linux/errno.h> 17#include <linux/err.h>
18#include <linux/init.h> 18#include <linux/init.h>
19#include <linux/kernel.h> 19#include <linux/kernel.h>
20#include <linux/module.h> 20#include <linux/module.h>
21#include <linux/rtnetlink.h>
22#include <linux/sched.h>
21#include <linux/slab.h> 23#include <linux/slab.h>
22#include <linux/seq_file.h> 24#include <linux/seq_file.h>
23 25
26#include "internal.h"
27
24static int setkey_unaligned(struct crypto_ablkcipher *tfm, const u8 *key, 28static int setkey_unaligned(struct crypto_ablkcipher *tfm, const u8 *key,
25 unsigned int keylen) 29 unsigned int keylen)
26{ 30{
@@ -66,6 +70,16 @@ static unsigned int crypto_ablkcipher_ctxsize(struct crypto_alg *alg, u32 type,
66 return alg->cra_ctxsize; 70 return alg->cra_ctxsize;
67} 71}
68 72
73int skcipher_null_givencrypt(struct skcipher_givcrypt_request *req)
74{
75 return crypto_ablkcipher_encrypt(&req->creq);
76}
77
78int skcipher_null_givdecrypt(struct skcipher_givcrypt_request *req)
79{
80 return crypto_ablkcipher_decrypt(&req->creq);
81}
82
69static int crypto_init_ablkcipher_ops(struct crypto_tfm *tfm, u32 type, 83static int crypto_init_ablkcipher_ops(struct crypto_tfm *tfm, u32 type,
70 u32 mask) 84 u32 mask)
71{ 85{
@@ -78,6 +92,11 @@ static int crypto_init_ablkcipher_ops(struct crypto_tfm *tfm, u32 type,
78 crt->setkey = setkey; 92 crt->setkey = setkey;
79 crt->encrypt = alg->encrypt; 93 crt->encrypt = alg->encrypt;
80 crt->decrypt = alg->decrypt; 94 crt->decrypt = alg->decrypt;
95 if (!alg->ivsize) {
96 crt->givencrypt = skcipher_null_givencrypt;
97 crt->givdecrypt = skcipher_null_givdecrypt;
98 }
99 crt->base = __crypto_ablkcipher_cast(tfm);
81 crt->ivsize = alg->ivsize; 100 crt->ivsize = alg->ivsize;
82 101
83 return 0; 102 return 0;
@@ -90,10 +109,13 @@ static void crypto_ablkcipher_show(struct seq_file *m, struct crypto_alg *alg)
90 struct ablkcipher_alg *ablkcipher = &alg->cra_ablkcipher; 109 struct ablkcipher_alg *ablkcipher = &alg->cra_ablkcipher;
91 110
92 seq_printf(m, "type : ablkcipher\n"); 111 seq_printf(m, "type : ablkcipher\n");
112 seq_printf(m, "async : %s\n", alg->cra_flags & CRYPTO_ALG_ASYNC ?
113 "yes" : "no");
93 seq_printf(m, "blocksize : %u\n", alg->cra_blocksize); 114 seq_printf(m, "blocksize : %u\n", alg->cra_blocksize);
94 seq_printf(m, "min keysize : %u\n", ablkcipher->min_keysize); 115 seq_printf(m, "min keysize : %u\n", ablkcipher->min_keysize);
95 seq_printf(m, "max keysize : %u\n", ablkcipher->max_keysize); 116 seq_printf(m, "max keysize : %u\n", ablkcipher->max_keysize);
96 seq_printf(m, "ivsize : %u\n", ablkcipher->ivsize); 117 seq_printf(m, "ivsize : %u\n", ablkcipher->ivsize);
118 seq_printf(m, "geniv : %s\n", ablkcipher->geniv ?: "<default>");
97} 119}
98 120
99const struct crypto_type crypto_ablkcipher_type = { 121const struct crypto_type crypto_ablkcipher_type = {
@@ -105,5 +127,220 @@ const struct crypto_type crypto_ablkcipher_type = {
105}; 127};
106EXPORT_SYMBOL_GPL(crypto_ablkcipher_type); 128EXPORT_SYMBOL_GPL(crypto_ablkcipher_type);
107 129
130static int no_givdecrypt(struct skcipher_givcrypt_request *req)
131{
132 return -ENOSYS;
133}
134
135static int crypto_init_givcipher_ops(struct crypto_tfm *tfm, u32 type,
136 u32 mask)
137{
138 struct ablkcipher_alg *alg = &tfm->__crt_alg->cra_ablkcipher;
139 struct ablkcipher_tfm *crt = &tfm->crt_ablkcipher;
140
141 if (alg->ivsize > PAGE_SIZE / 8)
142 return -EINVAL;
143
144 crt->setkey = tfm->__crt_alg->cra_flags & CRYPTO_ALG_GENIV ?
145 alg->setkey : setkey;
146 crt->encrypt = alg->encrypt;
147 crt->decrypt = alg->decrypt;
148 crt->givencrypt = alg->givencrypt;
149 crt->givdecrypt = alg->givdecrypt ?: no_givdecrypt;
150 crt->base = __crypto_ablkcipher_cast(tfm);
151 crt->ivsize = alg->ivsize;
152
153 return 0;
154}
155
156static void crypto_givcipher_show(struct seq_file *m, struct crypto_alg *alg)
157 __attribute__ ((unused));
158static void crypto_givcipher_show(struct seq_file *m, struct crypto_alg *alg)
159{
160 struct ablkcipher_alg *ablkcipher = &alg->cra_ablkcipher;
161
162 seq_printf(m, "type : givcipher\n");
163 seq_printf(m, "async : %s\n", alg->cra_flags & CRYPTO_ALG_ASYNC ?
164 "yes" : "no");
165 seq_printf(m, "blocksize : %u\n", alg->cra_blocksize);
166 seq_printf(m, "min keysize : %u\n", ablkcipher->min_keysize);
167 seq_printf(m, "max keysize : %u\n", ablkcipher->max_keysize);
168 seq_printf(m, "ivsize : %u\n", ablkcipher->ivsize);
169 seq_printf(m, "geniv : %s\n", ablkcipher->geniv ?: "<built-in>");
170}
171
172const struct crypto_type crypto_givcipher_type = {
173 .ctxsize = crypto_ablkcipher_ctxsize,
174 .init = crypto_init_givcipher_ops,
175#ifdef CONFIG_PROC_FS
176 .show = crypto_givcipher_show,
177#endif
178};
179EXPORT_SYMBOL_GPL(crypto_givcipher_type);
180
181const char *crypto_default_geniv(const struct crypto_alg *alg)
182{
183 return alg->cra_flags & CRYPTO_ALG_ASYNC ? "eseqiv" : "chainiv";
184}
185
186static int crypto_givcipher_default(struct crypto_alg *alg, u32 type, u32 mask)
187{
188 struct rtattr *tb[3];
189 struct {
190 struct rtattr attr;
191 struct crypto_attr_type data;
192 } ptype;
193 struct {
194 struct rtattr attr;
195 struct crypto_attr_alg data;
196 } palg;
197 struct crypto_template *tmpl;
198 struct crypto_instance *inst;
199 struct crypto_alg *larval;
200 const char *geniv;
201 int err;
202
203 larval = crypto_larval_lookup(alg->cra_driver_name,
204 CRYPTO_ALG_TYPE_GIVCIPHER,
205 CRYPTO_ALG_TYPE_MASK);
206 err = PTR_ERR(larval);
207 if (IS_ERR(larval))
208 goto out;
209
210 err = -EAGAIN;
211 if (!crypto_is_larval(larval))
212 goto drop_larval;
213
214 ptype.attr.rta_len = sizeof(ptype);
215 ptype.attr.rta_type = CRYPTOA_TYPE;
216 ptype.data.type = type | CRYPTO_ALG_GENIV;
217 /* GENIV tells the template that we're making a default geniv. */
218 ptype.data.mask = mask | CRYPTO_ALG_GENIV;
219 tb[0] = &ptype.attr;
220
221 palg.attr.rta_len = sizeof(palg);
222 palg.attr.rta_type = CRYPTOA_ALG;
223 /* Must use the exact name to locate ourselves. */
224 memcpy(palg.data.name, alg->cra_driver_name, CRYPTO_MAX_ALG_NAME);
225 tb[1] = &palg.attr;
226
227 tb[2] = NULL;
228
229 if ((alg->cra_flags & CRYPTO_ALG_TYPE_MASK) ==
230 CRYPTO_ALG_TYPE_BLKCIPHER)
231 geniv = alg->cra_blkcipher.geniv;
232 else
233 geniv = alg->cra_ablkcipher.geniv;
234
235 if (!geniv)
236 geniv = crypto_default_geniv(alg);
237
238 tmpl = crypto_lookup_template(geniv);
239 err = -ENOENT;
240 if (!tmpl)
241 goto kill_larval;
242
243 inst = tmpl->alloc(tb);
244 err = PTR_ERR(inst);
245 if (IS_ERR(inst))
246 goto put_tmpl;
247
248 if ((err = crypto_register_instance(tmpl, inst))) {
249 tmpl->free(inst);
250 goto put_tmpl;
251 }
252
253 /* Redo the lookup to use the instance we just registered. */
254 err = -EAGAIN;
255
256put_tmpl:
257 crypto_tmpl_put(tmpl);
258kill_larval:
259 crypto_larval_kill(larval);
260drop_larval:
261 crypto_mod_put(larval);
262out:
263 crypto_mod_put(alg);
264 return err;
265}
266
267static struct crypto_alg *crypto_lookup_skcipher(const char *name, u32 type,
268 u32 mask)
269{
270 struct crypto_alg *alg;
271
272 alg = crypto_alg_mod_lookup(name, type, mask);
273 if (IS_ERR(alg))
274 return alg;
275
276 if ((alg->cra_flags & CRYPTO_ALG_TYPE_MASK) ==
277 CRYPTO_ALG_TYPE_GIVCIPHER)
278 return alg;
279
280 if (!((alg->cra_flags & CRYPTO_ALG_TYPE_MASK) ==
281 CRYPTO_ALG_TYPE_BLKCIPHER ? alg->cra_blkcipher.ivsize :
282 alg->cra_ablkcipher.ivsize))
283 return alg;
284
285 return ERR_PTR(crypto_givcipher_default(alg, type, mask));
286}
287
288int crypto_grab_skcipher(struct crypto_skcipher_spawn *spawn, const char *name,
289 u32 type, u32 mask)
290{
291 struct crypto_alg *alg;
292 int err;
293
294 type = crypto_skcipher_type(type);
295 mask = crypto_skcipher_mask(mask);
296
297 alg = crypto_lookup_skcipher(name, type, mask);
298 if (IS_ERR(alg))
299 return PTR_ERR(alg);
300
301 err = crypto_init_spawn(&spawn->base, alg, spawn->base.inst, mask);
302 crypto_mod_put(alg);
303 return err;
304}
305EXPORT_SYMBOL_GPL(crypto_grab_skcipher);
306
307struct crypto_ablkcipher *crypto_alloc_ablkcipher(const char *alg_name,
308 u32 type, u32 mask)
309{
310 struct crypto_tfm *tfm;
311 int err;
312
313 type = crypto_skcipher_type(type);
314 mask = crypto_skcipher_mask(mask);
315
316 for (;;) {
317 struct crypto_alg *alg;
318
319 alg = crypto_lookup_skcipher(alg_name, type, mask);
320 if (IS_ERR(alg)) {
321 err = PTR_ERR(alg);
322 goto err;
323 }
324
325 tfm = __crypto_alloc_tfm(alg, type, mask);
326 if (!IS_ERR(tfm))
327 return __crypto_ablkcipher_cast(tfm);
328
329 crypto_mod_put(alg);
330 err = PTR_ERR(tfm);
331
332err:
333 if (err != -EAGAIN)
334 break;
335 if (signal_pending(current)) {
336 err = -EINTR;
337 break;
338 }
339 }
340
341 return ERR_PTR(err);
342}
343EXPORT_SYMBOL_GPL(crypto_alloc_ablkcipher);
344
108MODULE_LICENSE("GPL"); 345MODULE_LICENSE("GPL");
109MODULE_DESCRIPTION("Asynchronous block chaining cipher type"); 346MODULE_DESCRIPTION("Asynchronous block chaining cipher type");
diff --git a/crypto/aead.c b/crypto/aead.c
index 84a3501fb478..3a6f3f52c7c7 100644
--- a/crypto/aead.c
+++ b/crypto/aead.c
@@ -12,14 +12,17 @@
12 * 12 *
13 */ 13 */
14 14
15#include <crypto/algapi.h> 15#include <crypto/internal/aead.h>
16#include <linux/errno.h> 16#include <linux/err.h>
17#include <linux/init.h> 17#include <linux/init.h>
18#include <linux/kernel.h> 18#include <linux/kernel.h>
19#include <linux/module.h> 19#include <linux/module.h>
20#include <linux/rtnetlink.h>
20#include <linux/slab.h> 21#include <linux/slab.h>
21#include <linux/seq_file.h> 22#include <linux/seq_file.h>
22 23
24#include "internal.h"
25
23static int setkey_unaligned(struct crypto_aead *tfm, const u8 *key, 26static int setkey_unaligned(struct crypto_aead *tfm, const u8 *key,
24 unsigned int keylen) 27 unsigned int keylen)
25{ 28{
@@ -53,25 +56,54 @@ static int setkey(struct crypto_aead *tfm, const u8 *key, unsigned int keylen)
53 return aead->setkey(tfm, key, keylen); 56 return aead->setkey(tfm, key, keylen);
54} 57}
55 58
59int crypto_aead_setauthsize(struct crypto_aead *tfm, unsigned int authsize)
60{
61 struct aead_tfm *crt = crypto_aead_crt(tfm);
62 int err;
63
64 if (authsize > crypto_aead_alg(tfm)->maxauthsize)
65 return -EINVAL;
66
67 if (crypto_aead_alg(tfm)->setauthsize) {
68 err = crypto_aead_alg(tfm)->setauthsize(crt->base, authsize);
69 if (err)
70 return err;
71 }
72
73 crypto_aead_crt(crt->base)->authsize = authsize;
74 crt->authsize = authsize;
75 return 0;
76}
77EXPORT_SYMBOL_GPL(crypto_aead_setauthsize);
78
56static unsigned int crypto_aead_ctxsize(struct crypto_alg *alg, u32 type, 79static unsigned int crypto_aead_ctxsize(struct crypto_alg *alg, u32 type,
57 u32 mask) 80 u32 mask)
58{ 81{
59 return alg->cra_ctxsize; 82 return alg->cra_ctxsize;
60} 83}
61 84
85static int no_givcrypt(struct aead_givcrypt_request *req)
86{
87 return -ENOSYS;
88}
89
62static int crypto_init_aead_ops(struct crypto_tfm *tfm, u32 type, u32 mask) 90static int crypto_init_aead_ops(struct crypto_tfm *tfm, u32 type, u32 mask)
63{ 91{
64 struct aead_alg *alg = &tfm->__crt_alg->cra_aead; 92 struct aead_alg *alg = &tfm->__crt_alg->cra_aead;
65 struct aead_tfm *crt = &tfm->crt_aead; 93 struct aead_tfm *crt = &tfm->crt_aead;
66 94
67 if (max(alg->authsize, alg->ivsize) > PAGE_SIZE / 8) 95 if (max(alg->maxauthsize, alg->ivsize) > PAGE_SIZE / 8)
68 return -EINVAL; 96 return -EINVAL;
69 97
70 crt->setkey = setkey; 98 crt->setkey = tfm->__crt_alg->cra_flags & CRYPTO_ALG_GENIV ?
99 alg->setkey : setkey;
71 crt->encrypt = alg->encrypt; 100 crt->encrypt = alg->encrypt;
72 crt->decrypt = alg->decrypt; 101 crt->decrypt = alg->decrypt;
102 crt->givencrypt = alg->givencrypt ?: no_givcrypt;
103 crt->givdecrypt = alg->givdecrypt ?: no_givcrypt;
104 crt->base = __crypto_aead_cast(tfm);
73 crt->ivsize = alg->ivsize; 105 crt->ivsize = alg->ivsize;
74 crt->authsize = alg->authsize; 106 crt->authsize = alg->maxauthsize;
75 107
76 return 0; 108 return 0;
77} 109}
@@ -83,9 +115,12 @@ static void crypto_aead_show(struct seq_file *m, struct crypto_alg *alg)
83 struct aead_alg *aead = &alg->cra_aead; 115 struct aead_alg *aead = &alg->cra_aead;
84 116
85 seq_printf(m, "type : aead\n"); 117 seq_printf(m, "type : aead\n");
118 seq_printf(m, "async : %s\n", alg->cra_flags & CRYPTO_ALG_ASYNC ?
119 "yes" : "no");
86 seq_printf(m, "blocksize : %u\n", alg->cra_blocksize); 120 seq_printf(m, "blocksize : %u\n", alg->cra_blocksize);
87 seq_printf(m, "ivsize : %u\n", aead->ivsize); 121 seq_printf(m, "ivsize : %u\n", aead->ivsize);
88 seq_printf(m, "authsize : %u\n", aead->authsize); 122 seq_printf(m, "maxauthsize : %u\n", aead->maxauthsize);
123 seq_printf(m, "geniv : %s\n", aead->geniv ?: "<built-in>");
89} 124}
90 125
91const struct crypto_type crypto_aead_type = { 126const struct crypto_type crypto_aead_type = {
@@ -97,5 +132,358 @@ const struct crypto_type crypto_aead_type = {
97}; 132};
98EXPORT_SYMBOL_GPL(crypto_aead_type); 133EXPORT_SYMBOL_GPL(crypto_aead_type);
99 134
135static int aead_null_givencrypt(struct aead_givcrypt_request *req)
136{
137 return crypto_aead_encrypt(&req->areq);
138}
139
140static int aead_null_givdecrypt(struct aead_givcrypt_request *req)
141{
142 return crypto_aead_decrypt(&req->areq);
143}
144
145static int crypto_init_nivaead_ops(struct crypto_tfm *tfm, u32 type, u32 mask)
146{
147 struct aead_alg *alg = &tfm->__crt_alg->cra_aead;
148 struct aead_tfm *crt = &tfm->crt_aead;
149
150 if (max(alg->maxauthsize, alg->ivsize) > PAGE_SIZE / 8)
151 return -EINVAL;
152
153 crt->setkey = setkey;
154 crt->encrypt = alg->encrypt;
155 crt->decrypt = alg->decrypt;
156 if (!alg->ivsize) {
157 crt->givencrypt = aead_null_givencrypt;
158 crt->givdecrypt = aead_null_givdecrypt;
159 }
160 crt->base = __crypto_aead_cast(tfm);
161 crt->ivsize = alg->ivsize;
162 crt->authsize = alg->maxauthsize;
163
164 return 0;
165}
166
167static void crypto_nivaead_show(struct seq_file *m, struct crypto_alg *alg)
168 __attribute__ ((unused));
169static void crypto_nivaead_show(struct seq_file *m, struct crypto_alg *alg)
170{
171 struct aead_alg *aead = &alg->cra_aead;
172
173 seq_printf(m, "type : nivaead\n");
174 seq_printf(m, "async : %s\n", alg->cra_flags & CRYPTO_ALG_ASYNC ?
175 "yes" : "no");
176 seq_printf(m, "blocksize : %u\n", alg->cra_blocksize);
177 seq_printf(m, "ivsize : %u\n", aead->ivsize);
178 seq_printf(m, "maxauthsize : %u\n", aead->maxauthsize);
179 seq_printf(m, "geniv : %s\n", aead->geniv);
180}
181
182const struct crypto_type crypto_nivaead_type = {
183 .ctxsize = crypto_aead_ctxsize,
184 .init = crypto_init_nivaead_ops,
185#ifdef CONFIG_PROC_FS
186 .show = crypto_nivaead_show,
187#endif
188};
189EXPORT_SYMBOL_GPL(crypto_nivaead_type);
190
191static int crypto_grab_nivaead(struct crypto_aead_spawn *spawn,
192 const char *name, u32 type, u32 mask)
193{
194 struct crypto_alg *alg;
195 int err;
196
197 type &= ~(CRYPTO_ALG_TYPE_MASK | CRYPTO_ALG_GENIV);
198 type |= CRYPTO_ALG_TYPE_AEAD;
199 mask |= CRYPTO_ALG_TYPE_MASK | CRYPTO_ALG_GENIV;
200
201 alg = crypto_alg_mod_lookup(name, type, mask);
202 if (IS_ERR(alg))
203 return PTR_ERR(alg);
204
205 err = crypto_init_spawn(&spawn->base, alg, spawn->base.inst, mask);
206 crypto_mod_put(alg);
207 return err;
208}
209
210struct crypto_instance *aead_geniv_alloc(struct crypto_template *tmpl,
211 struct rtattr **tb, u32 type,
212 u32 mask)
213{
214 const char *name;
215 struct crypto_aead_spawn *spawn;
216 struct crypto_attr_type *algt;
217 struct crypto_instance *inst;
218 struct crypto_alg *alg;
219 int err;
220
221 algt = crypto_get_attr_type(tb);
222 err = PTR_ERR(algt);
223 if (IS_ERR(algt))
224 return ERR_PTR(err);
225
226 if ((algt->type ^ (CRYPTO_ALG_TYPE_AEAD | CRYPTO_ALG_GENIV)) &
227 algt->mask)
228 return ERR_PTR(-EINVAL);
229
230 name = crypto_attr_alg_name(tb[1]);
231 err = PTR_ERR(name);
232 if (IS_ERR(name))
233 return ERR_PTR(err);
234
235 inst = kzalloc(sizeof(*inst) + sizeof(*spawn), GFP_KERNEL);
236 if (!inst)
237 return ERR_PTR(-ENOMEM);
238
239 spawn = crypto_instance_ctx(inst);
240
241 /* Ignore async algorithms if necessary. */
242 mask |= crypto_requires_sync(algt->type, algt->mask);
243
244 crypto_set_aead_spawn(spawn, inst);
245 err = crypto_grab_nivaead(spawn, name, type, mask);
246 if (err)
247 goto err_free_inst;
248
249 alg = crypto_aead_spawn_alg(spawn);
250
251 err = -EINVAL;
252 if (!alg->cra_aead.ivsize)
253 goto err_drop_alg;
254
255 /*
256 * This is only true if we're constructing an algorithm with its
257 * default IV generator. For the default generator we elide the
258 * template name and double-check the IV generator.
259 */
260 if (algt->mask & CRYPTO_ALG_GENIV) {
261 if (strcmp(tmpl->name, alg->cra_aead.geniv))
262 goto err_drop_alg;
263
264 memcpy(inst->alg.cra_name, alg->cra_name, CRYPTO_MAX_ALG_NAME);
265 memcpy(inst->alg.cra_driver_name, alg->cra_driver_name,
266 CRYPTO_MAX_ALG_NAME);
267 } else {
268 err = -ENAMETOOLONG;
269 if (snprintf(inst->alg.cra_name, CRYPTO_MAX_ALG_NAME,
270 "%s(%s)", tmpl->name, alg->cra_name) >=
271 CRYPTO_MAX_ALG_NAME)
272 goto err_drop_alg;
273 if (snprintf(inst->alg.cra_driver_name, CRYPTO_MAX_ALG_NAME,
274 "%s(%s)", tmpl->name, alg->cra_driver_name) >=
275 CRYPTO_MAX_ALG_NAME)
276 goto err_drop_alg;
277 }
278
279 inst->alg.cra_flags = CRYPTO_ALG_TYPE_AEAD | CRYPTO_ALG_GENIV;
280 inst->alg.cra_flags |= alg->cra_flags & CRYPTO_ALG_ASYNC;
281 inst->alg.cra_priority = alg->cra_priority;
282 inst->alg.cra_blocksize = alg->cra_blocksize;
283 inst->alg.cra_alignmask = alg->cra_alignmask;
284 inst->alg.cra_type = &crypto_aead_type;
285
286 inst->alg.cra_aead.ivsize = alg->cra_aead.ivsize;
287 inst->alg.cra_aead.maxauthsize = alg->cra_aead.maxauthsize;
288 inst->alg.cra_aead.geniv = alg->cra_aead.geniv;
289
290 inst->alg.cra_aead.setkey = alg->cra_aead.setkey;
291 inst->alg.cra_aead.setauthsize = alg->cra_aead.setauthsize;
292 inst->alg.cra_aead.encrypt = alg->cra_aead.encrypt;
293 inst->alg.cra_aead.decrypt = alg->cra_aead.decrypt;
294
295out:
296 return inst;
297
298err_drop_alg:
299 crypto_drop_aead(spawn);
300err_free_inst:
301 kfree(inst);
302 inst = ERR_PTR(err);
303 goto out;
304}
305EXPORT_SYMBOL_GPL(aead_geniv_alloc);
306
307void aead_geniv_free(struct crypto_instance *inst)
308{
309 crypto_drop_aead(crypto_instance_ctx(inst));
310 kfree(inst);
311}
312EXPORT_SYMBOL_GPL(aead_geniv_free);
313
314int aead_geniv_init(struct crypto_tfm *tfm)
315{
316 struct crypto_instance *inst = (void *)tfm->__crt_alg;
317 struct crypto_aead *aead;
318
319 aead = crypto_spawn_aead(crypto_instance_ctx(inst));
320 if (IS_ERR(aead))
321 return PTR_ERR(aead);
322
323 tfm->crt_aead.base = aead;
324 tfm->crt_aead.reqsize += crypto_aead_reqsize(aead);
325
326 return 0;
327}
328EXPORT_SYMBOL_GPL(aead_geniv_init);
329
330void aead_geniv_exit(struct crypto_tfm *tfm)
331{
332 crypto_free_aead(tfm->crt_aead.base);
333}
334EXPORT_SYMBOL_GPL(aead_geniv_exit);
335
336static int crypto_nivaead_default(struct crypto_alg *alg, u32 type, u32 mask)
337{
338 struct rtattr *tb[3];
339 struct {
340 struct rtattr attr;
341 struct crypto_attr_type data;
342 } ptype;
343 struct {
344 struct rtattr attr;
345 struct crypto_attr_alg data;
346 } palg;
347 struct crypto_template *tmpl;
348 struct crypto_instance *inst;
349 struct crypto_alg *larval;
350 const char *geniv;
351 int err;
352
353 larval = crypto_larval_lookup(alg->cra_driver_name,
354 CRYPTO_ALG_TYPE_AEAD | CRYPTO_ALG_GENIV,
355 CRYPTO_ALG_TYPE_MASK | CRYPTO_ALG_GENIV);
356 err = PTR_ERR(larval);
357 if (IS_ERR(larval))
358 goto out;
359
360 err = -EAGAIN;
361 if (!crypto_is_larval(larval))
362 goto drop_larval;
363
364 ptype.attr.rta_len = sizeof(ptype);
365 ptype.attr.rta_type = CRYPTOA_TYPE;
366 ptype.data.type = type | CRYPTO_ALG_GENIV;
367 /* GENIV tells the template that we're making a default geniv. */
368 ptype.data.mask = mask | CRYPTO_ALG_GENIV;
369 tb[0] = &ptype.attr;
370
371 palg.attr.rta_len = sizeof(palg);
372 palg.attr.rta_type = CRYPTOA_ALG;
373 /* Must use the exact name to locate ourselves. */
374 memcpy(palg.data.name, alg->cra_driver_name, CRYPTO_MAX_ALG_NAME);
375 tb[1] = &palg.attr;
376
377 tb[2] = NULL;
378
379 geniv = alg->cra_aead.geniv;
380
381 tmpl = crypto_lookup_template(geniv);
382 err = -ENOENT;
383 if (!tmpl)
384 goto kill_larval;
385
386 inst = tmpl->alloc(tb);
387 err = PTR_ERR(inst);
388 if (IS_ERR(inst))
389 goto put_tmpl;
390
391 if ((err = crypto_register_instance(tmpl, inst))) {
392 tmpl->free(inst);
393 goto put_tmpl;
394 }
395
396 /* Redo the lookup to use the instance we just registered. */
397 err = -EAGAIN;
398
399put_tmpl:
400 crypto_tmpl_put(tmpl);
401kill_larval:
402 crypto_larval_kill(larval);
403drop_larval:
404 crypto_mod_put(larval);
405out:
406 crypto_mod_put(alg);
407 return err;
408}
409
410static struct crypto_alg *crypto_lookup_aead(const char *name, u32 type,
411 u32 mask)
412{
413 struct crypto_alg *alg;
414
415 alg = crypto_alg_mod_lookup(name, type, mask);
416 if (IS_ERR(alg))
417 return alg;
418
419 if (alg->cra_type == &crypto_aead_type)
420 return alg;
421
422 if (!alg->cra_aead.ivsize)
423 return alg;
424
425 return ERR_PTR(crypto_nivaead_default(alg, type, mask));
426}
427
428int crypto_grab_aead(struct crypto_aead_spawn *spawn, const char *name,
429 u32 type, u32 mask)
430{
431 struct crypto_alg *alg;
432 int err;
433
434 type &= ~(CRYPTO_ALG_TYPE_MASK | CRYPTO_ALG_GENIV);
435 type |= CRYPTO_ALG_TYPE_AEAD;
436 mask &= ~(CRYPTO_ALG_TYPE_MASK | CRYPTO_ALG_GENIV);
437 mask |= CRYPTO_ALG_TYPE_MASK;
438
439 alg = crypto_lookup_aead(name, type, mask);
440 if (IS_ERR(alg))
441 return PTR_ERR(alg);
442
443 err = crypto_init_spawn(&spawn->base, alg, spawn->base.inst, mask);
444 crypto_mod_put(alg);
445 return err;
446}
447EXPORT_SYMBOL_GPL(crypto_grab_aead);
448
449struct crypto_aead *crypto_alloc_aead(const char *alg_name, u32 type, u32 mask)
450{
451 struct crypto_tfm *tfm;
452 int err;
453
454 type &= ~(CRYPTO_ALG_TYPE_MASK | CRYPTO_ALG_GENIV);
455 type |= CRYPTO_ALG_TYPE_AEAD;
456 mask &= ~(CRYPTO_ALG_TYPE_MASK | CRYPTO_ALG_GENIV);
457 mask |= CRYPTO_ALG_TYPE_MASK;
458
459 for (;;) {
460 struct crypto_alg *alg;
461
462 alg = crypto_lookup_aead(alg_name, type, mask);
463 if (IS_ERR(alg)) {
464 err = PTR_ERR(alg);
465 goto err;
466 }
467
468 tfm = __crypto_alloc_tfm(alg, type, mask);
469 if (!IS_ERR(tfm))
470 return __crypto_aead_cast(tfm);
471
472 crypto_mod_put(alg);
473 err = PTR_ERR(tfm);
474
475err:
476 if (err != -EAGAIN)
477 break;
478 if (signal_pending(current)) {
479 err = -EINTR;
480 break;
481 }
482 }
483
484 return ERR_PTR(err);
485}
486EXPORT_SYMBOL_GPL(crypto_alloc_aead);
487
100MODULE_LICENSE("GPL"); 488MODULE_LICENSE("GPL");
101MODULE_DESCRIPTION("Authenticated Encryption with Associated Data (AEAD)"); 489MODULE_DESCRIPTION("Authenticated Encryption with Associated Data (AEAD)");
diff --git a/crypto/aes_generic.c b/crypto/aes_generic.c
index 9401dca85e87..cf30af74480f 100644
--- a/crypto/aes_generic.c
+++ b/crypto/aes_generic.c
@@ -47,11 +47,7 @@
47 * --------------------------------------------------------------------------- 47 * ---------------------------------------------------------------------------
48 */ 48 */
49 49
50/* Some changes from the Gladman version: 50#include <crypto/aes.h>
51 s/RIJNDAEL(e_key)/E_KEY/g
52 s/RIJNDAEL(d_key)/D_KEY/g
53*/
54
55#include <linux/module.h> 51#include <linux/module.h>
56#include <linux/init.h> 52#include <linux/init.h>
57#include <linux/types.h> 53#include <linux/types.h>
@@ -59,88 +55,46 @@
59#include <linux/crypto.h> 55#include <linux/crypto.h>
60#include <asm/byteorder.h> 56#include <asm/byteorder.h>
61 57
62#define AES_MIN_KEY_SIZE 16 58static inline u8 byte(const u32 x, const unsigned n)
63#define AES_MAX_KEY_SIZE 32
64
65#define AES_BLOCK_SIZE 16
66
67/*
68 * #define byte(x, nr) ((unsigned char)((x) >> (nr*8)))
69 */
70static inline u8
71byte(const u32 x, const unsigned n)
72{ 59{
73 return x >> (n << 3); 60 return x >> (n << 3);
74} 61}
75 62
76struct aes_ctx {
77 int key_length;
78 u32 buf[120];
79};
80
81#define E_KEY (&ctx->buf[0])
82#define D_KEY (&ctx->buf[60])
83
84static u8 pow_tab[256] __initdata; 63static u8 pow_tab[256] __initdata;
85static u8 log_tab[256] __initdata; 64static u8 log_tab[256] __initdata;
86static u8 sbx_tab[256] __initdata; 65static u8 sbx_tab[256] __initdata;
87static u8 isb_tab[256] __initdata; 66static u8 isb_tab[256] __initdata;
88static u32 rco_tab[10]; 67static u32 rco_tab[10];
89static u32 ft_tab[4][256];
90static u32 it_tab[4][256];
91 68
92static u32 fl_tab[4][256]; 69u32 crypto_ft_tab[4][256];
93static u32 il_tab[4][256]; 70u32 crypto_fl_tab[4][256];
71u32 crypto_it_tab[4][256];
72u32 crypto_il_tab[4][256];
94 73
95static inline u8 __init 74EXPORT_SYMBOL_GPL(crypto_ft_tab);
96f_mult (u8 a, u8 b) 75EXPORT_SYMBOL_GPL(crypto_fl_tab);
76EXPORT_SYMBOL_GPL(crypto_it_tab);
77EXPORT_SYMBOL_GPL(crypto_il_tab);
78
79static inline u8 __init f_mult(u8 a, u8 b)
97{ 80{
98 u8 aa = log_tab[a], cc = aa + log_tab[b]; 81 u8 aa = log_tab[a], cc = aa + log_tab[b];
99 82
100 return pow_tab[cc + (cc < aa ? 1 : 0)]; 83 return pow_tab[cc + (cc < aa ? 1 : 0)];
101} 84}
102 85
103#define ff_mult(a,b) (a && b ? f_mult(a, b) : 0) 86#define ff_mult(a, b) (a && b ? f_mult(a, b) : 0)
104 87
105#define f_rn(bo, bi, n, k) \ 88static void __init gen_tabs(void)
106 bo[n] = ft_tab[0][byte(bi[n],0)] ^ \
107 ft_tab[1][byte(bi[(n + 1) & 3],1)] ^ \
108 ft_tab[2][byte(bi[(n + 2) & 3],2)] ^ \
109 ft_tab[3][byte(bi[(n + 3) & 3],3)] ^ *(k + n)
110
111#define i_rn(bo, bi, n, k) \
112 bo[n] = it_tab[0][byte(bi[n],0)] ^ \
113 it_tab[1][byte(bi[(n + 3) & 3],1)] ^ \
114 it_tab[2][byte(bi[(n + 2) & 3],2)] ^ \
115 it_tab[3][byte(bi[(n + 1) & 3],3)] ^ *(k + n)
116
117#define ls_box(x) \
118 ( fl_tab[0][byte(x, 0)] ^ \
119 fl_tab[1][byte(x, 1)] ^ \
120 fl_tab[2][byte(x, 2)] ^ \
121 fl_tab[3][byte(x, 3)] )
122
123#define f_rl(bo, bi, n, k) \
124 bo[n] = fl_tab[0][byte(bi[n],0)] ^ \
125 fl_tab[1][byte(bi[(n + 1) & 3],1)] ^ \
126 fl_tab[2][byte(bi[(n + 2) & 3],2)] ^ \
127 fl_tab[3][byte(bi[(n + 3) & 3],3)] ^ *(k + n)
128
129#define i_rl(bo, bi, n, k) \
130 bo[n] = il_tab[0][byte(bi[n],0)] ^ \
131 il_tab[1][byte(bi[(n + 3) & 3],1)] ^ \
132 il_tab[2][byte(bi[(n + 2) & 3],2)] ^ \
133 il_tab[3][byte(bi[(n + 1) & 3],3)] ^ *(k + n)
134
135static void __init
136gen_tabs (void)
137{ 89{
138 u32 i, t; 90 u32 i, t;
139 u8 p, q; 91 u8 p, q;
140 92
141 /* log and power tables for GF(2**8) finite field with 93 /*
142 0x011b as modular polynomial - the simplest primitive 94 * log and power tables for GF(2**8) finite field with
143 root is 0x03, used here to generate the tables */ 95 * 0x011b as modular polynomial - the simplest primitive
96 * root is 0x03, used here to generate the tables
97 */
144 98
145 for (i = 0, p = 1; i < 256; ++i) { 99 for (i = 0, p = 1; i < 256; ++i) {
146 pow_tab[i] = (u8) p; 100 pow_tab[i] = (u8) p;
@@ -169,92 +123,119 @@ gen_tabs (void)
169 p = sbx_tab[i]; 123 p = sbx_tab[i];
170 124
171 t = p; 125 t = p;
172 fl_tab[0][i] = t; 126 crypto_fl_tab[0][i] = t;
173 fl_tab[1][i] = rol32(t, 8); 127 crypto_fl_tab[1][i] = rol32(t, 8);
174 fl_tab[2][i] = rol32(t, 16); 128 crypto_fl_tab[2][i] = rol32(t, 16);
175 fl_tab[3][i] = rol32(t, 24); 129 crypto_fl_tab[3][i] = rol32(t, 24);
176 130
177 t = ((u32) ff_mult (2, p)) | 131 t = ((u32) ff_mult(2, p)) |
178 ((u32) p << 8) | 132 ((u32) p << 8) |
179 ((u32) p << 16) | ((u32) ff_mult (3, p) << 24); 133 ((u32) p << 16) | ((u32) ff_mult(3, p) << 24);
180 134
181 ft_tab[0][i] = t; 135 crypto_ft_tab[0][i] = t;
182 ft_tab[1][i] = rol32(t, 8); 136 crypto_ft_tab[1][i] = rol32(t, 8);
183 ft_tab[2][i] = rol32(t, 16); 137 crypto_ft_tab[2][i] = rol32(t, 16);
184 ft_tab[3][i] = rol32(t, 24); 138 crypto_ft_tab[3][i] = rol32(t, 24);
185 139
186 p = isb_tab[i]; 140 p = isb_tab[i];
187 141
188 t = p; 142 t = p;
189 il_tab[0][i] = t; 143 crypto_il_tab[0][i] = t;
190 il_tab[1][i] = rol32(t, 8); 144 crypto_il_tab[1][i] = rol32(t, 8);
191 il_tab[2][i] = rol32(t, 16); 145 crypto_il_tab[2][i] = rol32(t, 16);
192 il_tab[3][i] = rol32(t, 24); 146 crypto_il_tab[3][i] = rol32(t, 24);
193 147
194 t = ((u32) ff_mult (14, p)) | 148 t = ((u32) ff_mult(14, p)) |
195 ((u32) ff_mult (9, p) << 8) | 149 ((u32) ff_mult(9, p) << 8) |
196 ((u32) ff_mult (13, p) << 16) | 150 ((u32) ff_mult(13, p) << 16) |
197 ((u32) ff_mult (11, p) << 24); 151 ((u32) ff_mult(11, p) << 24);
198 152
199 it_tab[0][i] = t; 153 crypto_it_tab[0][i] = t;
200 it_tab[1][i] = rol32(t, 8); 154 crypto_it_tab[1][i] = rol32(t, 8);
201 it_tab[2][i] = rol32(t, 16); 155 crypto_it_tab[2][i] = rol32(t, 16);
202 it_tab[3][i] = rol32(t, 24); 156 crypto_it_tab[3][i] = rol32(t, 24);
203 } 157 }
204} 158}
205 159
206#define star_x(x) (((x) & 0x7f7f7f7f) << 1) ^ ((((x) & 0x80808080) >> 7) * 0x1b)
207
208#define imix_col(y,x) \
209 u = star_x(x); \
210 v = star_x(u); \
211 w = star_x(v); \
212 t = w ^ (x); \
213 (y) = u ^ v ^ w; \
214 (y) ^= ror32(u ^ t, 8) ^ \
215 ror32(v ^ t, 16) ^ \
216 ror32(t,24)
217
218/* initialise the key schedule from the user supplied key */ 160/* initialise the key schedule from the user supplied key */
219 161
220#define loop4(i) \ 162#define star_x(x) (((x) & 0x7f7f7f7f) << 1) ^ ((((x) & 0x80808080) >> 7) * 0x1b)
221{ t = ror32(t, 8); t = ls_box(t) ^ rco_tab[i]; \
222 t ^= E_KEY[4 * i]; E_KEY[4 * i + 4] = t; \
223 t ^= E_KEY[4 * i + 1]; E_KEY[4 * i + 5] = t; \
224 t ^= E_KEY[4 * i + 2]; E_KEY[4 * i + 6] = t; \
225 t ^= E_KEY[4 * i + 3]; E_KEY[4 * i + 7] = t; \
226}
227
228#define loop6(i) \
229{ t = ror32(t, 8); t = ls_box(t) ^ rco_tab[i]; \
230 t ^= E_KEY[6 * i]; E_KEY[6 * i + 6] = t; \
231 t ^= E_KEY[6 * i + 1]; E_KEY[6 * i + 7] = t; \
232 t ^= E_KEY[6 * i + 2]; E_KEY[6 * i + 8] = t; \
233 t ^= E_KEY[6 * i + 3]; E_KEY[6 * i + 9] = t; \
234 t ^= E_KEY[6 * i + 4]; E_KEY[6 * i + 10] = t; \
235 t ^= E_KEY[6 * i + 5]; E_KEY[6 * i + 11] = t; \
236}
237
238#define loop8(i) \
239{ t = ror32(t, 8); ; t = ls_box(t) ^ rco_tab[i]; \
240 t ^= E_KEY[8 * i]; E_KEY[8 * i + 8] = t; \
241 t ^= E_KEY[8 * i + 1]; E_KEY[8 * i + 9] = t; \
242 t ^= E_KEY[8 * i + 2]; E_KEY[8 * i + 10] = t; \
243 t ^= E_KEY[8 * i + 3]; E_KEY[8 * i + 11] = t; \
244 t = E_KEY[8 * i + 4] ^ ls_box(t); \
245 E_KEY[8 * i + 12] = t; \
246 t ^= E_KEY[8 * i + 5]; E_KEY[8 * i + 13] = t; \
247 t ^= E_KEY[8 * i + 6]; E_KEY[8 * i + 14] = t; \
248 t ^= E_KEY[8 * i + 7]; E_KEY[8 * i + 15] = t; \
249}
250 163
251static int aes_set_key(struct crypto_tfm *tfm, const u8 *in_key, 164#define imix_col(y,x) do { \
252 unsigned int key_len) 165 u = star_x(x); \
166 v = star_x(u); \
167 w = star_x(v); \
168 t = w ^ (x); \
169 (y) = u ^ v ^ w; \
170 (y) ^= ror32(u ^ t, 8) ^ \
171 ror32(v ^ t, 16) ^ \
172 ror32(t, 24); \
173} while (0)
174
175#define ls_box(x) \
176 crypto_fl_tab[0][byte(x, 0)] ^ \
177 crypto_fl_tab[1][byte(x, 1)] ^ \
178 crypto_fl_tab[2][byte(x, 2)] ^ \
179 crypto_fl_tab[3][byte(x, 3)]
180
181#define loop4(i) do { \
182 t = ror32(t, 8); \
183 t = ls_box(t) ^ rco_tab[i]; \
184 t ^= ctx->key_enc[4 * i]; \
185 ctx->key_enc[4 * i + 4] = t; \
186 t ^= ctx->key_enc[4 * i + 1]; \
187 ctx->key_enc[4 * i + 5] = t; \
188 t ^= ctx->key_enc[4 * i + 2]; \
189 ctx->key_enc[4 * i + 6] = t; \
190 t ^= ctx->key_enc[4 * i + 3]; \
191 ctx->key_enc[4 * i + 7] = t; \
192} while (0)
193
194#define loop6(i) do { \
195 t = ror32(t, 8); \
196 t = ls_box(t) ^ rco_tab[i]; \
197 t ^= ctx->key_enc[6 * i]; \
198 ctx->key_enc[6 * i + 6] = t; \
199 t ^= ctx->key_enc[6 * i + 1]; \
200 ctx->key_enc[6 * i + 7] = t; \
201 t ^= ctx->key_enc[6 * i + 2]; \
202 ctx->key_enc[6 * i + 8] = t; \
203 t ^= ctx->key_enc[6 * i + 3]; \
204 ctx->key_enc[6 * i + 9] = t; \
205 t ^= ctx->key_enc[6 * i + 4]; \
206 ctx->key_enc[6 * i + 10] = t; \
207 t ^= ctx->key_enc[6 * i + 5]; \
208 ctx->key_enc[6 * i + 11] = t; \
209} while (0)
210
211#define loop8(i) do { \
212 t = ror32(t, 8); \
213 t = ls_box(t) ^ rco_tab[i]; \
214 t ^= ctx->key_enc[8 * i]; \
215 ctx->key_enc[8 * i + 8] = t; \
216 t ^= ctx->key_enc[8 * i + 1]; \
217 ctx->key_enc[8 * i + 9] = t; \
218 t ^= ctx->key_enc[8 * i + 2]; \
219 ctx->key_enc[8 * i + 10] = t; \
220 t ^= ctx->key_enc[8 * i + 3]; \
221 ctx->key_enc[8 * i + 11] = t; \
222 t = ctx->key_enc[8 * i + 4] ^ ls_box(t); \
223 ctx->key_enc[8 * i + 12] = t; \
224 t ^= ctx->key_enc[8 * i + 5]; \
225 ctx->key_enc[8 * i + 13] = t; \
226 t ^= ctx->key_enc[8 * i + 6]; \
227 ctx->key_enc[8 * i + 14] = t; \
228 t ^= ctx->key_enc[8 * i + 7]; \
229 ctx->key_enc[8 * i + 15] = t; \
230} while (0)
231
232int crypto_aes_set_key(struct crypto_tfm *tfm, const u8 *in_key,
233 unsigned int key_len)
253{ 234{
254 struct aes_ctx *ctx = crypto_tfm_ctx(tfm); 235 struct crypto_aes_ctx *ctx = crypto_tfm_ctx(tfm);
255 const __le32 *key = (const __le32 *)in_key; 236 const __le32 *key = (const __le32 *)in_key;
256 u32 *flags = &tfm->crt_flags; 237 u32 *flags = &tfm->crt_flags;
257 u32 i, t, u, v, w; 238 u32 i, t, u, v, w, j;
258 239
259 if (key_len % 8) { 240 if (key_len % 8) {
260 *flags |= CRYPTO_TFM_RES_BAD_KEY_LEN; 241 *flags |= CRYPTO_TFM_RES_BAD_KEY_LEN;
@@ -263,95 +244,113 @@ static int aes_set_key(struct crypto_tfm *tfm, const u8 *in_key,
263 244
264 ctx->key_length = key_len; 245 ctx->key_length = key_len;
265 246
266 E_KEY[0] = le32_to_cpu(key[0]); 247 ctx->key_dec[key_len + 24] = ctx->key_enc[0] = le32_to_cpu(key[0]);
267 E_KEY[1] = le32_to_cpu(key[1]); 248 ctx->key_dec[key_len + 25] = ctx->key_enc[1] = le32_to_cpu(key[1]);
268 E_KEY[2] = le32_to_cpu(key[2]); 249 ctx->key_dec[key_len + 26] = ctx->key_enc[2] = le32_to_cpu(key[2]);
269 E_KEY[3] = le32_to_cpu(key[3]); 250 ctx->key_dec[key_len + 27] = ctx->key_enc[3] = le32_to_cpu(key[3]);
270 251
271 switch (key_len) { 252 switch (key_len) {
272 case 16: 253 case 16:
273 t = E_KEY[3]; 254 t = ctx->key_enc[3];
274 for (i = 0; i < 10; ++i) 255 for (i = 0; i < 10; ++i)
275 loop4 (i); 256 loop4(i);
276 break; 257 break;
277 258
278 case 24: 259 case 24:
279 E_KEY[4] = le32_to_cpu(key[4]); 260 ctx->key_enc[4] = le32_to_cpu(key[4]);
280 t = E_KEY[5] = le32_to_cpu(key[5]); 261 t = ctx->key_enc[5] = le32_to_cpu(key[5]);
281 for (i = 0; i < 8; ++i) 262 for (i = 0; i < 8; ++i)
282 loop6 (i); 263 loop6(i);
283 break; 264 break;
284 265
285 case 32: 266 case 32:
286 E_KEY[4] = le32_to_cpu(key[4]); 267 ctx->key_enc[4] = le32_to_cpu(key[4]);
287 E_KEY[5] = le32_to_cpu(key[5]); 268 ctx->key_enc[5] = le32_to_cpu(key[5]);
288 E_KEY[6] = le32_to_cpu(key[6]); 269 ctx->key_enc[6] = le32_to_cpu(key[6]);
289 t = E_KEY[7] = le32_to_cpu(key[7]); 270 t = ctx->key_enc[7] = le32_to_cpu(key[7]);
290 for (i = 0; i < 7; ++i) 271 for (i = 0; i < 7; ++i)
291 loop8 (i); 272 loop8(i);
292 break; 273 break;
293 } 274 }
294 275
295 D_KEY[0] = E_KEY[0]; 276 ctx->key_dec[0] = ctx->key_enc[key_len + 24];
296 D_KEY[1] = E_KEY[1]; 277 ctx->key_dec[1] = ctx->key_enc[key_len + 25];
297 D_KEY[2] = E_KEY[2]; 278 ctx->key_dec[2] = ctx->key_enc[key_len + 26];
298 D_KEY[3] = E_KEY[3]; 279 ctx->key_dec[3] = ctx->key_enc[key_len + 27];
299 280
300 for (i = 4; i < key_len + 24; ++i) { 281 for (i = 4; i < key_len + 24; ++i) {
301 imix_col (D_KEY[i], E_KEY[i]); 282 j = key_len + 24 - (i & ~3) + (i & 3);
283 imix_col(ctx->key_dec[j], ctx->key_enc[i]);
302 } 284 }
303
304 return 0; 285 return 0;
305} 286}
287EXPORT_SYMBOL_GPL(crypto_aes_set_key);
306 288
307/* encrypt a block of text */ 289/* encrypt a block of text */
308 290
309#define f_nround(bo, bi, k) \ 291#define f_rn(bo, bi, n, k) do { \
310 f_rn(bo, bi, 0, k); \ 292 bo[n] = crypto_ft_tab[0][byte(bi[n], 0)] ^ \
311 f_rn(bo, bi, 1, k); \ 293 crypto_ft_tab[1][byte(bi[(n + 1) & 3], 1)] ^ \
312 f_rn(bo, bi, 2, k); \ 294 crypto_ft_tab[2][byte(bi[(n + 2) & 3], 2)] ^ \
313 f_rn(bo, bi, 3, k); \ 295 crypto_ft_tab[3][byte(bi[(n + 3) & 3], 3)] ^ *(k + n); \
314 k += 4 296} while (0)
315 297
316#define f_lround(bo, bi, k) \ 298#define f_nround(bo, bi, k) do {\
317 f_rl(bo, bi, 0, k); \ 299 f_rn(bo, bi, 0, k); \
318 f_rl(bo, bi, 1, k); \ 300 f_rn(bo, bi, 1, k); \
319 f_rl(bo, bi, 2, k); \ 301 f_rn(bo, bi, 2, k); \
320 f_rl(bo, bi, 3, k) 302 f_rn(bo, bi, 3, k); \
303 k += 4; \
304} while (0)
305
306#define f_rl(bo, bi, n, k) do { \
307 bo[n] = crypto_fl_tab[0][byte(bi[n], 0)] ^ \
308 crypto_fl_tab[1][byte(bi[(n + 1) & 3], 1)] ^ \
309 crypto_fl_tab[2][byte(bi[(n + 2) & 3], 2)] ^ \
310 crypto_fl_tab[3][byte(bi[(n + 3) & 3], 3)] ^ *(k + n); \
311} while (0)
312
313#define f_lround(bo, bi, k) do {\
314 f_rl(bo, bi, 0, k); \
315 f_rl(bo, bi, 1, k); \
316 f_rl(bo, bi, 2, k); \
317 f_rl(bo, bi, 3, k); \
318} while (0)
321 319
322static void aes_encrypt(struct crypto_tfm *tfm, u8 *out, const u8 *in) 320static void aes_encrypt(struct crypto_tfm *tfm, u8 *out, const u8 *in)
323{ 321{
324 const struct aes_ctx *ctx = crypto_tfm_ctx(tfm); 322 const struct crypto_aes_ctx *ctx = crypto_tfm_ctx(tfm);
325 const __le32 *src = (const __le32 *)in; 323 const __le32 *src = (const __le32 *)in;
326 __le32 *dst = (__le32 *)out; 324 __le32 *dst = (__le32 *)out;
327 u32 b0[4], b1[4]; 325 u32 b0[4], b1[4];
328 const u32 *kp = E_KEY + 4; 326 const u32 *kp = ctx->key_enc + 4;
327 const int key_len = ctx->key_length;
329 328
330 b0[0] = le32_to_cpu(src[0]) ^ E_KEY[0]; 329 b0[0] = le32_to_cpu(src[0]) ^ ctx->key_enc[0];
331 b0[1] = le32_to_cpu(src[1]) ^ E_KEY[1]; 330 b0[1] = le32_to_cpu(src[1]) ^ ctx->key_enc[1];
332 b0[2] = le32_to_cpu(src[2]) ^ E_KEY[2]; 331 b0[2] = le32_to_cpu(src[2]) ^ ctx->key_enc[2];
333 b0[3] = le32_to_cpu(src[3]) ^ E_KEY[3]; 332 b0[3] = le32_to_cpu(src[3]) ^ ctx->key_enc[3];
334 333
335 if (ctx->key_length > 24) { 334 if (key_len > 24) {
336 f_nround (b1, b0, kp); 335 f_nround(b1, b0, kp);
337 f_nround (b0, b1, kp); 336 f_nround(b0, b1, kp);
338 } 337 }
339 338
340 if (ctx->key_length > 16) { 339 if (key_len > 16) {
341 f_nround (b1, b0, kp); 340 f_nround(b1, b0, kp);
342 f_nround (b0, b1, kp); 341 f_nround(b0, b1, kp);
343 } 342 }
344 343
345 f_nround (b1, b0, kp); 344 f_nround(b1, b0, kp);
346 f_nround (b0, b1, kp); 345 f_nround(b0, b1, kp);
347 f_nround (b1, b0, kp); 346 f_nround(b1, b0, kp);
348 f_nround (b0, b1, kp); 347 f_nround(b0, b1, kp);
349 f_nround (b1, b0, kp); 348 f_nround(b1, b0, kp);
350 f_nround (b0, b1, kp); 349 f_nround(b0, b1, kp);
351 f_nround (b1, b0, kp); 350 f_nround(b1, b0, kp);
352 f_nround (b0, b1, kp); 351 f_nround(b0, b1, kp);
353 f_nround (b1, b0, kp); 352 f_nround(b1, b0, kp);
354 f_lround (b0, b1, kp); 353 f_lround(b0, b1, kp);
355 354
356 dst[0] = cpu_to_le32(b0[0]); 355 dst[0] = cpu_to_le32(b0[0]);
357 dst[1] = cpu_to_le32(b0[1]); 356 dst[1] = cpu_to_le32(b0[1]);
@@ -361,53 +360,69 @@ static void aes_encrypt(struct crypto_tfm *tfm, u8 *out, const u8 *in)
361 360
362/* decrypt a block of text */ 361/* decrypt a block of text */
363 362
364#define i_nround(bo, bi, k) \ 363#define i_rn(bo, bi, n, k) do { \
365 i_rn(bo, bi, 0, k); \ 364 bo[n] = crypto_it_tab[0][byte(bi[n], 0)] ^ \
366 i_rn(bo, bi, 1, k); \ 365 crypto_it_tab[1][byte(bi[(n + 3) & 3], 1)] ^ \
367 i_rn(bo, bi, 2, k); \ 366 crypto_it_tab[2][byte(bi[(n + 2) & 3], 2)] ^ \
368 i_rn(bo, bi, 3, k); \ 367 crypto_it_tab[3][byte(bi[(n + 1) & 3], 3)] ^ *(k + n); \
369 k -= 4 368} while (0)
370 369
371#define i_lround(bo, bi, k) \ 370#define i_nround(bo, bi, k) do {\
372 i_rl(bo, bi, 0, k); \ 371 i_rn(bo, bi, 0, k); \
373 i_rl(bo, bi, 1, k); \ 372 i_rn(bo, bi, 1, k); \
374 i_rl(bo, bi, 2, k); \ 373 i_rn(bo, bi, 2, k); \
375 i_rl(bo, bi, 3, k) 374 i_rn(bo, bi, 3, k); \
375 k += 4; \
376} while (0)
377
378#define i_rl(bo, bi, n, k) do { \
379 bo[n] = crypto_il_tab[0][byte(bi[n], 0)] ^ \
380 crypto_il_tab[1][byte(bi[(n + 3) & 3], 1)] ^ \
381 crypto_il_tab[2][byte(bi[(n + 2) & 3], 2)] ^ \
382 crypto_il_tab[3][byte(bi[(n + 1) & 3], 3)] ^ *(k + n); \
383} while (0)
384
385#define i_lround(bo, bi, k) do {\
386 i_rl(bo, bi, 0, k); \
387 i_rl(bo, bi, 1, k); \
388 i_rl(bo, bi, 2, k); \
389 i_rl(bo, bi, 3, k); \
390} while (0)
376 391
377static void aes_decrypt(struct crypto_tfm *tfm, u8 *out, const u8 *in) 392static void aes_decrypt(struct crypto_tfm *tfm, u8 *out, const u8 *in)
378{ 393{
379 const struct aes_ctx *ctx = crypto_tfm_ctx(tfm); 394 const struct crypto_aes_ctx *ctx = crypto_tfm_ctx(tfm);
380 const __le32 *src = (const __le32 *)in; 395 const __le32 *src = (const __le32 *)in;
381 __le32 *dst = (__le32 *)out; 396 __le32 *dst = (__le32 *)out;
382 u32 b0[4], b1[4]; 397 u32 b0[4], b1[4];
383 const int key_len = ctx->key_length; 398 const int key_len = ctx->key_length;
384 const u32 *kp = D_KEY + key_len + 20; 399 const u32 *kp = ctx->key_dec + 4;
385 400
386 b0[0] = le32_to_cpu(src[0]) ^ E_KEY[key_len + 24]; 401 b0[0] = le32_to_cpu(src[0]) ^ ctx->key_dec[0];
387 b0[1] = le32_to_cpu(src[1]) ^ E_KEY[key_len + 25]; 402 b0[1] = le32_to_cpu(src[1]) ^ ctx->key_dec[1];
388 b0[2] = le32_to_cpu(src[2]) ^ E_KEY[key_len + 26]; 403 b0[2] = le32_to_cpu(src[2]) ^ ctx->key_dec[2];
389 b0[3] = le32_to_cpu(src[3]) ^ E_KEY[key_len + 27]; 404 b0[3] = le32_to_cpu(src[3]) ^ ctx->key_dec[3];
390 405
391 if (key_len > 24) { 406 if (key_len > 24) {
392 i_nround (b1, b0, kp); 407 i_nround(b1, b0, kp);
393 i_nround (b0, b1, kp); 408 i_nround(b0, b1, kp);
394 } 409 }
395 410
396 if (key_len > 16) { 411 if (key_len > 16) {
397 i_nround (b1, b0, kp); 412 i_nround(b1, b0, kp);
398 i_nround (b0, b1, kp); 413 i_nround(b0, b1, kp);
399 } 414 }
400 415
401 i_nround (b1, b0, kp); 416 i_nround(b1, b0, kp);
402 i_nround (b0, b1, kp); 417 i_nround(b0, b1, kp);
403 i_nround (b1, b0, kp); 418 i_nround(b1, b0, kp);
404 i_nround (b0, b1, kp); 419 i_nround(b0, b1, kp);
405 i_nround (b1, b0, kp); 420 i_nround(b1, b0, kp);
406 i_nround (b0, b1, kp); 421 i_nround(b0, b1, kp);
407 i_nround (b1, b0, kp); 422 i_nround(b1, b0, kp);
408 i_nround (b0, b1, kp); 423 i_nround(b0, b1, kp);
409 i_nround (b1, b0, kp); 424 i_nround(b1, b0, kp);
410 i_lround (b0, b1, kp); 425 i_lround(b0, b1, kp);
411 426
412 dst[0] = cpu_to_le32(b0[0]); 427 dst[0] = cpu_to_le32(b0[0]);
413 dst[1] = cpu_to_le32(b0[1]); 428 dst[1] = cpu_to_le32(b0[1]);
@@ -415,14 +430,13 @@ static void aes_decrypt(struct crypto_tfm *tfm, u8 *out, const u8 *in)
415 dst[3] = cpu_to_le32(b0[3]); 430 dst[3] = cpu_to_le32(b0[3]);
416} 431}
417 432
418
419static struct crypto_alg aes_alg = { 433static struct crypto_alg aes_alg = {
420 .cra_name = "aes", 434 .cra_name = "aes",
421 .cra_driver_name = "aes-generic", 435 .cra_driver_name = "aes-generic",
422 .cra_priority = 100, 436 .cra_priority = 100,
423 .cra_flags = CRYPTO_ALG_TYPE_CIPHER, 437 .cra_flags = CRYPTO_ALG_TYPE_CIPHER,
424 .cra_blocksize = AES_BLOCK_SIZE, 438 .cra_blocksize = AES_BLOCK_SIZE,
425 .cra_ctxsize = sizeof(struct aes_ctx), 439 .cra_ctxsize = sizeof(struct crypto_aes_ctx),
426 .cra_alignmask = 3, 440 .cra_alignmask = 3,
427 .cra_module = THIS_MODULE, 441 .cra_module = THIS_MODULE,
428 .cra_list = LIST_HEAD_INIT(aes_alg.cra_list), 442 .cra_list = LIST_HEAD_INIT(aes_alg.cra_list),
@@ -430,9 +444,9 @@ static struct crypto_alg aes_alg = {
430 .cipher = { 444 .cipher = {
431 .cia_min_keysize = AES_MIN_KEY_SIZE, 445 .cia_min_keysize = AES_MIN_KEY_SIZE,
432 .cia_max_keysize = AES_MAX_KEY_SIZE, 446 .cia_max_keysize = AES_MAX_KEY_SIZE,
433 .cia_setkey = aes_set_key, 447 .cia_setkey = crypto_aes_set_key,
434 .cia_encrypt = aes_encrypt, 448 .cia_encrypt = aes_encrypt,
435 .cia_decrypt = aes_decrypt 449 .cia_decrypt = aes_decrypt
436 } 450 }
437 } 451 }
438}; 452};
diff --git a/crypto/algapi.c b/crypto/algapi.c
index 8383282de1dd..e65cb50cf4af 100644
--- a/crypto/algapi.c
+++ b/crypto/algapi.c
@@ -472,7 +472,7 @@ int crypto_check_attr_type(struct rtattr **tb, u32 type)
472} 472}
473EXPORT_SYMBOL_GPL(crypto_check_attr_type); 473EXPORT_SYMBOL_GPL(crypto_check_attr_type);
474 474
475struct crypto_alg *crypto_attr_alg(struct rtattr *rta, u32 type, u32 mask) 475const char *crypto_attr_alg_name(struct rtattr *rta)
476{ 476{
477 struct crypto_attr_alg *alga; 477 struct crypto_attr_alg *alga;
478 478
@@ -486,7 +486,21 @@ struct crypto_alg *crypto_attr_alg(struct rtattr *rta, u32 type, u32 mask)
486 alga = RTA_DATA(rta); 486 alga = RTA_DATA(rta);
487 alga->name[CRYPTO_MAX_ALG_NAME - 1] = 0; 487 alga->name[CRYPTO_MAX_ALG_NAME - 1] = 0;
488 488
489 return crypto_alg_mod_lookup(alga->name, type, mask); 489 return alga->name;
490}
491EXPORT_SYMBOL_GPL(crypto_attr_alg_name);
492
493struct crypto_alg *crypto_attr_alg(struct rtattr *rta, u32 type, u32 mask)
494{
495 const char *name;
496 int err;
497
498 name = crypto_attr_alg_name(rta);
499 err = PTR_ERR(name);
500 if (IS_ERR(name))
501 return ERR_PTR(err);
502
503 return crypto_alg_mod_lookup(name, type, mask);
490} 504}
491EXPORT_SYMBOL_GPL(crypto_attr_alg); 505EXPORT_SYMBOL_GPL(crypto_attr_alg);
492 506
@@ -605,6 +619,53 @@ int crypto_tfm_in_queue(struct crypto_queue *queue, struct crypto_tfm *tfm)
605} 619}
606EXPORT_SYMBOL_GPL(crypto_tfm_in_queue); 620EXPORT_SYMBOL_GPL(crypto_tfm_in_queue);
607 621
622static inline void crypto_inc_byte(u8 *a, unsigned int size)
623{
624 u8 *b = (a + size);
625 u8 c;
626
627 for (; size; size--) {
628 c = *--b + 1;
629 *b = c;
630 if (c)
631 break;
632 }
633}
634
635void crypto_inc(u8 *a, unsigned int size)
636{
637 __be32 *b = (__be32 *)(a + size);
638 u32 c;
639
640 for (; size >= 4; size -= 4) {
641 c = be32_to_cpu(*--b) + 1;
642 *b = cpu_to_be32(c);
643 if (c)
644 return;
645 }
646
647 crypto_inc_byte(a, size);
648}
649EXPORT_SYMBOL_GPL(crypto_inc);
650
651static inline void crypto_xor_byte(u8 *a, const u8 *b, unsigned int size)
652{
653 for (; size; size--)
654 *a++ ^= *b++;
655}
656
657void crypto_xor(u8 *dst, const u8 *src, unsigned int size)
658{
659 u32 *a = (u32 *)dst;
660 u32 *b = (u32 *)src;
661
662 for (; size >= 4; size -= 4)
663 *a++ ^= *b++;
664
665 crypto_xor_byte((u8 *)a, (u8 *)b, size);
666}
667EXPORT_SYMBOL_GPL(crypto_xor);
668
608static int __init crypto_algapi_init(void) 669static int __init crypto_algapi_init(void)
609{ 670{
610 crypto_init_proc(); 671 crypto_init_proc();
diff --git a/crypto/api.c b/crypto/api.c
index 1f5c72477356..a2496d1bc6d4 100644
--- a/crypto/api.c
+++ b/crypto/api.c
@@ -137,7 +137,7 @@ static struct crypto_alg *crypto_larval_alloc(const char *name, u32 type,
137 return alg; 137 return alg;
138} 138}
139 139
140static void crypto_larval_kill(struct crypto_alg *alg) 140void crypto_larval_kill(struct crypto_alg *alg)
141{ 141{
142 struct crypto_larval *larval = (void *)alg; 142 struct crypto_larval *larval = (void *)alg;
143 143
@@ -147,6 +147,7 @@ static void crypto_larval_kill(struct crypto_alg *alg)
147 complete_all(&larval->completion); 147 complete_all(&larval->completion);
148 crypto_alg_put(alg); 148 crypto_alg_put(alg);
149} 149}
150EXPORT_SYMBOL_GPL(crypto_larval_kill);
150 151
151static struct crypto_alg *crypto_larval_wait(struct crypto_alg *alg) 152static struct crypto_alg *crypto_larval_wait(struct crypto_alg *alg)
152{ 153{
@@ -176,11 +177,9 @@ static struct crypto_alg *crypto_alg_lookup(const char *name, u32 type,
176 return alg; 177 return alg;
177} 178}
178 179
179struct crypto_alg *crypto_alg_mod_lookup(const char *name, u32 type, u32 mask) 180struct crypto_alg *crypto_larval_lookup(const char *name, u32 type, u32 mask)
180{ 181{
181 struct crypto_alg *alg; 182 struct crypto_alg *alg;
182 struct crypto_alg *larval;
183 int ok;
184 183
185 if (!name) 184 if (!name)
186 return ERR_PTR(-ENOENT); 185 return ERR_PTR(-ENOENT);
@@ -193,7 +192,17 @@ struct crypto_alg *crypto_alg_mod_lookup(const char *name, u32 type, u32 mask)
193 if (alg) 192 if (alg)
194 return crypto_is_larval(alg) ? crypto_larval_wait(alg) : alg; 193 return crypto_is_larval(alg) ? crypto_larval_wait(alg) : alg;
195 194
196 larval = crypto_larval_alloc(name, type, mask); 195 return crypto_larval_alloc(name, type, mask);
196}
197EXPORT_SYMBOL_GPL(crypto_larval_lookup);
198
199struct crypto_alg *crypto_alg_mod_lookup(const char *name, u32 type, u32 mask)
200{
201 struct crypto_alg *alg;
202 struct crypto_alg *larval;
203 int ok;
204
205 larval = crypto_larval_lookup(name, type, mask);
197 if (IS_ERR(larval) || !crypto_is_larval(larval)) 206 if (IS_ERR(larval) || !crypto_is_larval(larval))
198 return larval; 207 return larval;
199 208
diff --git a/crypto/authenc.c b/crypto/authenc.c
index 126a529b496d..ed8ac5a6fa5f 100644
--- a/crypto/authenc.c
+++ b/crypto/authenc.c
@@ -10,22 +10,21 @@
10 * 10 *
11 */ 11 */
12 12
13#include <crypto/algapi.h> 13#include <crypto/aead.h>
14#include <crypto/internal/skcipher.h>
15#include <crypto/authenc.h>
16#include <crypto/scatterwalk.h>
14#include <linux/err.h> 17#include <linux/err.h>
15#include <linux/init.h> 18#include <linux/init.h>
16#include <linux/kernel.h> 19#include <linux/kernel.h>
17#include <linux/module.h> 20#include <linux/module.h>
21#include <linux/rtnetlink.h>
18#include <linux/slab.h> 22#include <linux/slab.h>
19#include <linux/spinlock.h> 23#include <linux/spinlock.h>
20 24
21#include "scatterwalk.h"
22
23struct authenc_instance_ctx { 25struct authenc_instance_ctx {
24 struct crypto_spawn auth; 26 struct crypto_spawn auth;
25 struct crypto_spawn enc; 27 struct crypto_skcipher_spawn enc;
26
27 unsigned int authsize;
28 unsigned int enckeylen;
29}; 28};
30 29
31struct crypto_authenc_ctx { 30struct crypto_authenc_ctx {
@@ -37,19 +36,31 @@ struct crypto_authenc_ctx {
37static int crypto_authenc_setkey(struct crypto_aead *authenc, const u8 *key, 36static int crypto_authenc_setkey(struct crypto_aead *authenc, const u8 *key,
38 unsigned int keylen) 37 unsigned int keylen)
39{ 38{
40 struct authenc_instance_ctx *ictx =
41 crypto_instance_ctx(crypto_aead_alg_instance(authenc));
42 unsigned int enckeylen = ictx->enckeylen;
43 unsigned int authkeylen; 39 unsigned int authkeylen;
40 unsigned int enckeylen;
44 struct crypto_authenc_ctx *ctx = crypto_aead_ctx(authenc); 41 struct crypto_authenc_ctx *ctx = crypto_aead_ctx(authenc);
45 struct crypto_hash *auth = ctx->auth; 42 struct crypto_hash *auth = ctx->auth;
46 struct crypto_ablkcipher *enc = ctx->enc; 43 struct crypto_ablkcipher *enc = ctx->enc;
44 struct rtattr *rta = (void *)key;
45 struct crypto_authenc_key_param *param;
47 int err = -EINVAL; 46 int err = -EINVAL;
48 47
49 if (keylen < enckeylen) { 48 if (!RTA_OK(rta, keylen))
50 crypto_aead_set_flags(authenc, CRYPTO_TFM_RES_BAD_KEY_LEN); 49 goto badkey;
51 goto out; 50 if (rta->rta_type != CRYPTO_AUTHENC_KEYA_PARAM)
52 } 51 goto badkey;
52 if (RTA_PAYLOAD(rta) < sizeof(*param))
53 goto badkey;
54
55 param = RTA_DATA(rta);
56 enckeylen = be32_to_cpu(param->enckeylen);
57
58 key += RTA_ALIGN(rta->rta_len);
59 keylen -= RTA_ALIGN(rta->rta_len);
60
61 if (keylen < enckeylen)
62 goto badkey;
63
53 authkeylen = keylen - enckeylen; 64 authkeylen = keylen - enckeylen;
54 65
55 crypto_hash_clear_flags(auth, CRYPTO_TFM_REQ_MASK); 66 crypto_hash_clear_flags(auth, CRYPTO_TFM_REQ_MASK);
@@ -71,21 +82,38 @@ static int crypto_authenc_setkey(struct crypto_aead *authenc, const u8 *key,
71 82
72out: 83out:
73 return err; 84 return err;
85
86badkey:
87 crypto_aead_set_flags(authenc, CRYPTO_TFM_RES_BAD_KEY_LEN);
88 goto out;
74} 89}
75 90
76static int crypto_authenc_hash(struct aead_request *req) 91static void authenc_chain(struct scatterlist *head, struct scatterlist *sg,
92 int chain)
93{
94 if (chain) {
95 head->length += sg->length;
96 sg = scatterwalk_sg_next(sg);
97 }
98
99 if (sg)
100 scatterwalk_sg_chain(head, 2, sg);
101 else
102 sg_mark_end(head);
103}
104
105static u8 *crypto_authenc_hash(struct aead_request *req, unsigned int flags,
106 struct scatterlist *cipher,
107 unsigned int cryptlen)
77{ 108{
78 struct crypto_aead *authenc = crypto_aead_reqtfm(req); 109 struct crypto_aead *authenc = crypto_aead_reqtfm(req);
79 struct authenc_instance_ctx *ictx =
80 crypto_instance_ctx(crypto_aead_alg_instance(authenc));
81 struct crypto_authenc_ctx *ctx = crypto_aead_ctx(authenc); 110 struct crypto_authenc_ctx *ctx = crypto_aead_ctx(authenc);
82 struct crypto_hash *auth = ctx->auth; 111 struct crypto_hash *auth = ctx->auth;
83 struct hash_desc desc = { 112 struct hash_desc desc = {
84 .tfm = auth, 113 .tfm = auth,
114 .flags = aead_request_flags(req) & flags,
85 }; 115 };
86 u8 *hash = aead_request_ctx(req); 116 u8 *hash = aead_request_ctx(req);
87 struct scatterlist *dst = req->dst;
88 unsigned int cryptlen = req->cryptlen;
89 int err; 117 int err;
90 118
91 hash = (u8 *)ALIGN((unsigned long)hash + crypto_hash_alignmask(auth), 119 hash = (u8 *)ALIGN((unsigned long)hash + crypto_hash_alignmask(auth),
@@ -100,7 +128,7 @@ static int crypto_authenc_hash(struct aead_request *req)
100 if (err) 128 if (err)
101 goto auth_unlock; 129 goto auth_unlock;
102 130
103 err = crypto_hash_update(&desc, dst, cryptlen); 131 err = crypto_hash_update(&desc, cipher, cryptlen);
104 if (err) 132 if (err)
105 goto auth_unlock; 133 goto auth_unlock;
106 134
@@ -109,17 +137,53 @@ auth_unlock:
109 spin_unlock_bh(&ctx->auth_lock); 137 spin_unlock_bh(&ctx->auth_lock);
110 138
111 if (err) 139 if (err)
112 return err; 140 return ERR_PTR(err);
141
142 return hash;
143}
113 144
114 scatterwalk_map_and_copy(hash, dst, cryptlen, ictx->authsize, 1); 145static int crypto_authenc_genicv(struct aead_request *req, u8 *iv,
146 unsigned int flags)
147{
148 struct crypto_aead *authenc = crypto_aead_reqtfm(req);
149 struct scatterlist *dst = req->dst;
150 struct scatterlist cipher[2];
151 struct page *dstp;
152 unsigned int ivsize = crypto_aead_ivsize(authenc);
153 unsigned int cryptlen;
154 u8 *vdst;
155 u8 *hash;
156
157 dstp = sg_page(dst);
158 vdst = PageHighMem(dstp) ? NULL : page_address(dstp) + dst->offset;
159
160 sg_init_table(cipher, 2);
161 sg_set_buf(cipher, iv, ivsize);
162 authenc_chain(cipher, dst, vdst == iv + ivsize);
163
164 cryptlen = req->cryptlen + ivsize;
165 hash = crypto_authenc_hash(req, flags, cipher, cryptlen);
166 if (IS_ERR(hash))
167 return PTR_ERR(hash);
168
169 scatterwalk_map_and_copy(hash, cipher, cryptlen,
170 crypto_aead_authsize(authenc), 1);
115 return 0; 171 return 0;
116} 172}
117 173
118static void crypto_authenc_encrypt_done(struct crypto_async_request *req, 174static void crypto_authenc_encrypt_done(struct crypto_async_request *req,
119 int err) 175 int err)
120{ 176{
121 if (!err) 177 if (!err) {
122 err = crypto_authenc_hash(req->data); 178 struct aead_request *areq = req->data;
179 struct crypto_aead *authenc = crypto_aead_reqtfm(areq);
180 struct crypto_authenc_ctx *ctx = crypto_aead_ctx(authenc);
181 struct ablkcipher_request *abreq = aead_request_ctx(areq);
182 u8 *iv = (u8 *)(abreq + 1) +
183 crypto_ablkcipher_reqsize(ctx->enc);
184
185 err = crypto_authenc_genicv(areq, iv, 0);
186 }
123 187
124 aead_request_complete(req->data, err); 188 aead_request_complete(req->data, err);
125} 189}
@@ -129,72 +193,99 @@ static int crypto_authenc_encrypt(struct aead_request *req)
129 struct crypto_aead *authenc = crypto_aead_reqtfm(req); 193 struct crypto_aead *authenc = crypto_aead_reqtfm(req);
130 struct crypto_authenc_ctx *ctx = crypto_aead_ctx(authenc); 194 struct crypto_authenc_ctx *ctx = crypto_aead_ctx(authenc);
131 struct ablkcipher_request *abreq = aead_request_ctx(req); 195 struct ablkcipher_request *abreq = aead_request_ctx(req);
196 struct crypto_ablkcipher *enc = ctx->enc;
197 struct scatterlist *dst = req->dst;
198 unsigned int cryptlen = req->cryptlen;
199 u8 *iv = (u8 *)(abreq + 1) + crypto_ablkcipher_reqsize(enc);
132 int err; 200 int err;
133 201
134 ablkcipher_request_set_tfm(abreq, ctx->enc); 202 ablkcipher_request_set_tfm(abreq, enc);
135 ablkcipher_request_set_callback(abreq, aead_request_flags(req), 203 ablkcipher_request_set_callback(abreq, aead_request_flags(req),
136 crypto_authenc_encrypt_done, req); 204 crypto_authenc_encrypt_done, req);
137 ablkcipher_request_set_crypt(abreq, req->src, req->dst, req->cryptlen, 205 ablkcipher_request_set_crypt(abreq, req->src, dst, cryptlen, req->iv);
138 req->iv); 206
207 memcpy(iv, req->iv, crypto_aead_ivsize(authenc));
139 208
140 err = crypto_ablkcipher_encrypt(abreq); 209 err = crypto_ablkcipher_encrypt(abreq);
141 if (err) 210 if (err)
142 return err; 211 return err;
143 212
144 return crypto_authenc_hash(req); 213 return crypto_authenc_genicv(req, iv, CRYPTO_TFM_REQ_MAY_SLEEP);
145} 214}
146 215
147static int crypto_authenc_verify(struct aead_request *req) 216static void crypto_authenc_givencrypt_done(struct crypto_async_request *req,
217 int err)
148{ 218{
149 struct crypto_aead *authenc = crypto_aead_reqtfm(req); 219 if (!err) {
150 struct authenc_instance_ctx *ictx = 220 struct aead_givcrypt_request *greq = req->data;
151 crypto_instance_ctx(crypto_aead_alg_instance(authenc)); 221
222 err = crypto_authenc_genicv(&greq->areq, greq->giv, 0);
223 }
224
225 aead_request_complete(req->data, err);
226}
227
228static int crypto_authenc_givencrypt(struct aead_givcrypt_request *req)
229{
230 struct crypto_aead *authenc = aead_givcrypt_reqtfm(req);
152 struct crypto_authenc_ctx *ctx = crypto_aead_ctx(authenc); 231 struct crypto_authenc_ctx *ctx = crypto_aead_ctx(authenc);
153 struct crypto_hash *auth = ctx->auth; 232 struct aead_request *areq = &req->areq;
154 struct hash_desc desc = { 233 struct skcipher_givcrypt_request *greq = aead_request_ctx(areq);
155 .tfm = auth, 234 u8 *iv = req->giv;
156 .flags = aead_request_flags(req),
157 };
158 u8 *ohash = aead_request_ctx(req);
159 u8 *ihash;
160 struct scatterlist *src = req->src;
161 unsigned int cryptlen = req->cryptlen;
162 unsigned int authsize;
163 int err; 235 int err;
164 236
165 ohash = (u8 *)ALIGN((unsigned long)ohash + crypto_hash_alignmask(auth), 237 skcipher_givcrypt_set_tfm(greq, ctx->enc);
166 crypto_hash_alignmask(auth) + 1); 238 skcipher_givcrypt_set_callback(greq, aead_request_flags(areq),
167 ihash = ohash + crypto_hash_digestsize(auth); 239 crypto_authenc_givencrypt_done, areq);
168 240 skcipher_givcrypt_set_crypt(greq, areq->src, areq->dst, areq->cryptlen,
169 spin_lock_bh(&ctx->auth_lock); 241 areq->iv);
170 err = crypto_hash_init(&desc); 242 skcipher_givcrypt_set_giv(greq, iv, req->seq);
171 if (err)
172 goto auth_unlock;
173 243
174 err = crypto_hash_update(&desc, req->assoc, req->assoclen); 244 err = crypto_skcipher_givencrypt(greq);
175 if (err) 245 if (err)
176 goto auth_unlock; 246 return err;
177 247
178 err = crypto_hash_update(&desc, src, cryptlen); 248 return crypto_authenc_genicv(areq, iv, CRYPTO_TFM_REQ_MAY_SLEEP);
179 if (err) 249}
180 goto auth_unlock;
181 250
182 err = crypto_hash_final(&desc, ohash); 251static int crypto_authenc_verify(struct aead_request *req,
183auth_unlock: 252 struct scatterlist *cipher,
184 spin_unlock_bh(&ctx->auth_lock); 253 unsigned int cryptlen)
254{
255 struct crypto_aead *authenc = crypto_aead_reqtfm(req);
256 u8 *ohash;
257 u8 *ihash;
258 unsigned int authsize;
185 259
186 if (err) 260 ohash = crypto_authenc_hash(req, CRYPTO_TFM_REQ_MAY_SLEEP, cipher,
187 return err; 261 cryptlen);
262 if (IS_ERR(ohash))
263 return PTR_ERR(ohash);
188 264
189 authsize = ictx->authsize; 265 authsize = crypto_aead_authsize(authenc);
190 scatterwalk_map_and_copy(ihash, src, cryptlen, authsize, 0); 266 ihash = ohash + authsize;
191 return memcmp(ihash, ohash, authsize) ? -EINVAL : 0; 267 scatterwalk_map_and_copy(ihash, cipher, cryptlen, authsize, 0);
268 return memcmp(ihash, ohash, authsize) ? -EBADMSG: 0;
192} 269}
193 270
194static void crypto_authenc_decrypt_done(struct crypto_async_request *req, 271static int crypto_authenc_iverify(struct aead_request *req, u8 *iv,
195 int err) 272 unsigned int cryptlen)
196{ 273{
197 aead_request_complete(req->data, err); 274 struct crypto_aead *authenc = crypto_aead_reqtfm(req);
275 struct scatterlist *src = req->src;
276 struct scatterlist cipher[2];
277 struct page *srcp;
278 unsigned int ivsize = crypto_aead_ivsize(authenc);
279 u8 *vsrc;
280
281 srcp = sg_page(src);
282 vsrc = PageHighMem(srcp) ? NULL : page_address(srcp) + src->offset;
283
284 sg_init_table(cipher, 2);
285 sg_set_buf(cipher, iv, ivsize);
286 authenc_chain(cipher, src, vsrc == iv + ivsize);
287
288 return crypto_authenc_verify(req, cipher, cryptlen + ivsize);
198} 289}
199 290
200static int crypto_authenc_decrypt(struct aead_request *req) 291static int crypto_authenc_decrypt(struct aead_request *req)
@@ -202,17 +293,23 @@ static int crypto_authenc_decrypt(struct aead_request *req)
202 struct crypto_aead *authenc = crypto_aead_reqtfm(req); 293 struct crypto_aead *authenc = crypto_aead_reqtfm(req);
203 struct crypto_authenc_ctx *ctx = crypto_aead_ctx(authenc); 294 struct crypto_authenc_ctx *ctx = crypto_aead_ctx(authenc);
204 struct ablkcipher_request *abreq = aead_request_ctx(req); 295 struct ablkcipher_request *abreq = aead_request_ctx(req);
296 unsigned int cryptlen = req->cryptlen;
297 unsigned int authsize = crypto_aead_authsize(authenc);
298 u8 *iv = req->iv;
205 int err; 299 int err;
206 300
207 err = crypto_authenc_verify(req); 301 if (cryptlen < authsize)
302 return -EINVAL;
303 cryptlen -= authsize;
304
305 err = crypto_authenc_iverify(req, iv, cryptlen);
208 if (err) 306 if (err)
209 return err; 307 return err;
210 308
211 ablkcipher_request_set_tfm(abreq, ctx->enc); 309 ablkcipher_request_set_tfm(abreq, ctx->enc);
212 ablkcipher_request_set_callback(abreq, aead_request_flags(req), 310 ablkcipher_request_set_callback(abreq, aead_request_flags(req),
213 crypto_authenc_decrypt_done, req); 311 req->base.complete, req->base.data);
214 ablkcipher_request_set_crypt(abreq, req->src, req->dst, req->cryptlen, 312 ablkcipher_request_set_crypt(abreq, req->src, req->dst, cryptlen, iv);
215 req->iv);
216 313
217 return crypto_ablkcipher_decrypt(abreq); 314 return crypto_ablkcipher_decrypt(abreq);
218} 315}
@@ -224,19 +321,13 @@ static int crypto_authenc_init_tfm(struct crypto_tfm *tfm)
224 struct crypto_authenc_ctx *ctx = crypto_tfm_ctx(tfm); 321 struct crypto_authenc_ctx *ctx = crypto_tfm_ctx(tfm);
225 struct crypto_hash *auth; 322 struct crypto_hash *auth;
226 struct crypto_ablkcipher *enc; 323 struct crypto_ablkcipher *enc;
227 unsigned int digestsize;
228 int err; 324 int err;
229 325
230 auth = crypto_spawn_hash(&ictx->auth); 326 auth = crypto_spawn_hash(&ictx->auth);
231 if (IS_ERR(auth)) 327 if (IS_ERR(auth))
232 return PTR_ERR(auth); 328 return PTR_ERR(auth);
233 329
234 err = -EINVAL; 330 enc = crypto_spawn_skcipher(&ictx->enc);
235 digestsize = crypto_hash_digestsize(auth);
236 if (ictx->authsize > digestsize)
237 goto err_free_hash;
238
239 enc = crypto_spawn_ablkcipher(&ictx->enc);
240 err = PTR_ERR(enc); 331 err = PTR_ERR(enc);
241 if (IS_ERR(enc)) 332 if (IS_ERR(enc))
242 goto err_free_hash; 333 goto err_free_hash;
@@ -246,9 +337,10 @@ static int crypto_authenc_init_tfm(struct crypto_tfm *tfm)
246 tfm->crt_aead.reqsize = max_t(unsigned int, 337 tfm->crt_aead.reqsize = max_t(unsigned int,
247 (crypto_hash_alignmask(auth) & 338 (crypto_hash_alignmask(auth) &
248 ~(crypto_tfm_ctx_alignment() - 1)) + 339 ~(crypto_tfm_ctx_alignment() - 1)) +
249 digestsize * 2, 340 crypto_hash_digestsize(auth) * 2,
250 sizeof(struct ablkcipher_request) + 341 sizeof(struct skcipher_givcrypt_request) +
251 crypto_ablkcipher_reqsize(enc)); 342 crypto_ablkcipher_reqsize(enc) +
343 crypto_ablkcipher_ivsize(enc));
252 344
253 spin_lock_init(&ctx->auth_lock); 345 spin_lock_init(&ctx->auth_lock);
254 346
@@ -269,75 +361,74 @@ static void crypto_authenc_exit_tfm(struct crypto_tfm *tfm)
269 361
270static struct crypto_instance *crypto_authenc_alloc(struct rtattr **tb) 362static struct crypto_instance *crypto_authenc_alloc(struct rtattr **tb)
271{ 363{
364 struct crypto_attr_type *algt;
272 struct crypto_instance *inst; 365 struct crypto_instance *inst;
273 struct crypto_alg *auth; 366 struct crypto_alg *auth;
274 struct crypto_alg *enc; 367 struct crypto_alg *enc;
275 struct authenc_instance_ctx *ctx; 368 struct authenc_instance_ctx *ctx;
276 unsigned int authsize; 369 const char *enc_name;
277 unsigned int enckeylen;
278 int err; 370 int err;
279 371
280 err = crypto_check_attr_type(tb, CRYPTO_ALG_TYPE_AEAD); 372 algt = crypto_get_attr_type(tb);
281 if (err) 373 err = PTR_ERR(algt);
374 if (IS_ERR(algt))
282 return ERR_PTR(err); 375 return ERR_PTR(err);
283 376
377 if ((algt->type ^ CRYPTO_ALG_TYPE_AEAD) & algt->mask)
378 return ERR_PTR(-EINVAL);
379
284 auth = crypto_attr_alg(tb[1], CRYPTO_ALG_TYPE_HASH, 380 auth = crypto_attr_alg(tb[1], CRYPTO_ALG_TYPE_HASH,
285 CRYPTO_ALG_TYPE_HASH_MASK); 381 CRYPTO_ALG_TYPE_HASH_MASK);
286 if (IS_ERR(auth)) 382 if (IS_ERR(auth))
287 return ERR_PTR(PTR_ERR(auth)); 383 return ERR_PTR(PTR_ERR(auth));
288 384
289 err = crypto_attr_u32(tb[2], &authsize); 385 enc_name = crypto_attr_alg_name(tb[2]);
290 inst = ERR_PTR(err); 386 err = PTR_ERR(enc_name);
291 if (err) 387 if (IS_ERR(enc_name))
292 goto out_put_auth;
293
294 enc = crypto_attr_alg(tb[3], CRYPTO_ALG_TYPE_BLKCIPHER,
295 CRYPTO_ALG_TYPE_MASK);
296 inst = ERR_PTR(PTR_ERR(enc));
297 if (IS_ERR(enc))
298 goto out_put_auth; 388 goto out_put_auth;
299 389
300 err = crypto_attr_u32(tb[4], &enckeylen);
301 if (err)
302 goto out_put_enc;
303
304 inst = kzalloc(sizeof(*inst) + sizeof(*ctx), GFP_KERNEL); 390 inst = kzalloc(sizeof(*inst) + sizeof(*ctx), GFP_KERNEL);
305 err = -ENOMEM; 391 err = -ENOMEM;
306 if (!inst) 392 if (!inst)
307 goto out_put_enc; 393 goto out_put_auth;
308
309 err = -ENAMETOOLONG;
310 if (snprintf(inst->alg.cra_name, CRYPTO_MAX_ALG_NAME,
311 "authenc(%s,%u,%s,%u)", auth->cra_name, authsize,
312 enc->cra_name, enckeylen) >= CRYPTO_MAX_ALG_NAME)
313 goto err_free_inst;
314
315 if (snprintf(inst->alg.cra_driver_name, CRYPTO_MAX_ALG_NAME,
316 "authenc(%s,%u,%s,%u)", auth->cra_driver_name,
317 authsize, enc->cra_driver_name, enckeylen) >=
318 CRYPTO_MAX_ALG_NAME)
319 goto err_free_inst;
320 394
321 ctx = crypto_instance_ctx(inst); 395 ctx = crypto_instance_ctx(inst);
322 ctx->authsize = authsize;
323 ctx->enckeylen = enckeylen;
324 396
325 err = crypto_init_spawn(&ctx->auth, auth, inst, CRYPTO_ALG_TYPE_MASK); 397 err = crypto_init_spawn(&ctx->auth, auth, inst, CRYPTO_ALG_TYPE_MASK);
326 if (err) 398 if (err)
327 goto err_free_inst; 399 goto err_free_inst;
328 400
329 err = crypto_init_spawn(&ctx->enc, enc, inst, CRYPTO_ALG_TYPE_MASK); 401 crypto_set_skcipher_spawn(&ctx->enc, inst);
402 err = crypto_grab_skcipher(&ctx->enc, enc_name, 0,
403 crypto_requires_sync(algt->type,
404 algt->mask));
330 if (err) 405 if (err)
331 goto err_drop_auth; 406 goto err_drop_auth;
332 407
333 inst->alg.cra_flags = CRYPTO_ALG_TYPE_AEAD | CRYPTO_ALG_ASYNC; 408 enc = crypto_skcipher_spawn_alg(&ctx->enc);
409
410 err = -ENAMETOOLONG;
411 if (snprintf(inst->alg.cra_name, CRYPTO_MAX_ALG_NAME,
412 "authenc(%s,%s)", auth->cra_name, enc->cra_name) >=
413 CRYPTO_MAX_ALG_NAME)
414 goto err_drop_enc;
415
416 if (snprintf(inst->alg.cra_driver_name, CRYPTO_MAX_ALG_NAME,
417 "authenc(%s,%s)", auth->cra_driver_name,
418 enc->cra_driver_name) >= CRYPTO_MAX_ALG_NAME)
419 goto err_drop_enc;
420
421 inst->alg.cra_flags = CRYPTO_ALG_TYPE_AEAD;
422 inst->alg.cra_flags |= enc->cra_flags & CRYPTO_ALG_ASYNC;
334 inst->alg.cra_priority = enc->cra_priority * 10 + auth->cra_priority; 423 inst->alg.cra_priority = enc->cra_priority * 10 + auth->cra_priority;
335 inst->alg.cra_blocksize = enc->cra_blocksize; 424 inst->alg.cra_blocksize = enc->cra_blocksize;
336 inst->alg.cra_alignmask = max(auth->cra_alignmask, enc->cra_alignmask); 425 inst->alg.cra_alignmask = auth->cra_alignmask | enc->cra_alignmask;
337 inst->alg.cra_type = &crypto_aead_type; 426 inst->alg.cra_type = &crypto_aead_type;
338 427
339 inst->alg.cra_aead.ivsize = enc->cra_blkcipher.ivsize; 428 inst->alg.cra_aead.ivsize = enc->cra_ablkcipher.ivsize;
340 inst->alg.cra_aead.authsize = authsize; 429 inst->alg.cra_aead.maxauthsize = auth->cra_type == &crypto_hash_type ?
430 auth->cra_hash.digestsize :
431 auth->cra_digest.dia_digestsize;
341 432
342 inst->alg.cra_ctxsize = sizeof(struct crypto_authenc_ctx); 433 inst->alg.cra_ctxsize = sizeof(struct crypto_authenc_ctx);
343 434
@@ -347,18 +438,19 @@ static struct crypto_instance *crypto_authenc_alloc(struct rtattr **tb)
347 inst->alg.cra_aead.setkey = crypto_authenc_setkey; 438 inst->alg.cra_aead.setkey = crypto_authenc_setkey;
348 inst->alg.cra_aead.encrypt = crypto_authenc_encrypt; 439 inst->alg.cra_aead.encrypt = crypto_authenc_encrypt;
349 inst->alg.cra_aead.decrypt = crypto_authenc_decrypt; 440 inst->alg.cra_aead.decrypt = crypto_authenc_decrypt;
441 inst->alg.cra_aead.givencrypt = crypto_authenc_givencrypt;
350 442
351out: 443out:
352 crypto_mod_put(enc);
353out_put_auth:
354 crypto_mod_put(auth); 444 crypto_mod_put(auth);
355 return inst; 445 return inst;
356 446
447err_drop_enc:
448 crypto_drop_skcipher(&ctx->enc);
357err_drop_auth: 449err_drop_auth:
358 crypto_drop_spawn(&ctx->auth); 450 crypto_drop_spawn(&ctx->auth);
359err_free_inst: 451err_free_inst:
360 kfree(inst); 452 kfree(inst);
361out_put_enc: 453out_put_auth:
362 inst = ERR_PTR(err); 454 inst = ERR_PTR(err);
363 goto out; 455 goto out;
364} 456}
@@ -367,7 +459,7 @@ static void crypto_authenc_free(struct crypto_instance *inst)
367{ 459{
368 struct authenc_instance_ctx *ctx = crypto_instance_ctx(inst); 460 struct authenc_instance_ctx *ctx = crypto_instance_ctx(inst);
369 461
370 crypto_drop_spawn(&ctx->enc); 462 crypto_drop_skcipher(&ctx->enc);
371 crypto_drop_spawn(&ctx->auth); 463 crypto_drop_spawn(&ctx->auth);
372 kfree(inst); 464 kfree(inst);
373} 465}
diff --git a/crypto/blkcipher.c b/crypto/blkcipher.c
index f6c67f9d4e5c..4a7e65c4df4d 100644
--- a/crypto/blkcipher.c
+++ b/crypto/blkcipher.c
@@ -14,7 +14,8 @@
14 * 14 *
15 */ 15 */
16 16
17#include <linux/crypto.h> 17#include <crypto/internal/skcipher.h>
18#include <crypto/scatterwalk.h>
18#include <linux/errno.h> 19#include <linux/errno.h>
19#include <linux/hardirq.h> 20#include <linux/hardirq.h>
20#include <linux/kernel.h> 21#include <linux/kernel.h>
@@ -25,7 +26,6 @@
25#include <linux/string.h> 26#include <linux/string.h>
26 27
27#include "internal.h" 28#include "internal.h"
28#include "scatterwalk.h"
29 29
30enum { 30enum {
31 BLKCIPHER_WALK_PHYS = 1 << 0, 31 BLKCIPHER_WALK_PHYS = 1 << 0,
@@ -433,9 +433,8 @@ static unsigned int crypto_blkcipher_ctxsize(struct crypto_alg *alg, u32 type,
433 struct blkcipher_alg *cipher = &alg->cra_blkcipher; 433 struct blkcipher_alg *cipher = &alg->cra_blkcipher;
434 unsigned int len = alg->cra_ctxsize; 434 unsigned int len = alg->cra_ctxsize;
435 435
436 type ^= CRYPTO_ALG_ASYNC; 436 if ((mask & CRYPTO_ALG_TYPE_MASK) == CRYPTO_ALG_TYPE_MASK &&
437 mask &= CRYPTO_ALG_ASYNC; 437 cipher->ivsize) {
438 if ((type & mask) && cipher->ivsize) {
439 len = ALIGN(len, (unsigned long)alg->cra_alignmask + 1); 438 len = ALIGN(len, (unsigned long)alg->cra_alignmask + 1);
440 len += cipher->ivsize; 439 len += cipher->ivsize;
441 } 440 }
@@ -451,6 +450,11 @@ static int crypto_init_blkcipher_ops_async(struct crypto_tfm *tfm)
451 crt->setkey = async_setkey; 450 crt->setkey = async_setkey;
452 crt->encrypt = async_encrypt; 451 crt->encrypt = async_encrypt;
453 crt->decrypt = async_decrypt; 452 crt->decrypt = async_decrypt;
453 if (!alg->ivsize) {
454 crt->givencrypt = skcipher_null_givencrypt;
455 crt->givdecrypt = skcipher_null_givdecrypt;
456 }
457 crt->base = __crypto_ablkcipher_cast(tfm);
454 crt->ivsize = alg->ivsize; 458 crt->ivsize = alg->ivsize;
455 459
456 return 0; 460 return 0;
@@ -482,9 +486,7 @@ static int crypto_init_blkcipher_ops(struct crypto_tfm *tfm, u32 type, u32 mask)
482 if (alg->ivsize > PAGE_SIZE / 8) 486 if (alg->ivsize > PAGE_SIZE / 8)
483 return -EINVAL; 487 return -EINVAL;
484 488
485 type ^= CRYPTO_ALG_ASYNC; 489 if ((mask & CRYPTO_ALG_TYPE_MASK) == CRYPTO_ALG_TYPE_MASK)
486 mask &= CRYPTO_ALG_ASYNC;
487 if (type & mask)
488 return crypto_init_blkcipher_ops_sync(tfm); 490 return crypto_init_blkcipher_ops_sync(tfm);
489 else 491 else
490 return crypto_init_blkcipher_ops_async(tfm); 492 return crypto_init_blkcipher_ops_async(tfm);
@@ -499,6 +501,8 @@ static void crypto_blkcipher_show(struct seq_file *m, struct crypto_alg *alg)
499 seq_printf(m, "min keysize : %u\n", alg->cra_blkcipher.min_keysize); 501 seq_printf(m, "min keysize : %u\n", alg->cra_blkcipher.min_keysize);
500 seq_printf(m, "max keysize : %u\n", alg->cra_blkcipher.max_keysize); 502 seq_printf(m, "max keysize : %u\n", alg->cra_blkcipher.max_keysize);
501 seq_printf(m, "ivsize : %u\n", alg->cra_blkcipher.ivsize); 503 seq_printf(m, "ivsize : %u\n", alg->cra_blkcipher.ivsize);
504 seq_printf(m, "geniv : %s\n", alg->cra_blkcipher.geniv ?:
505 "<default>");
502} 506}
503 507
504const struct crypto_type crypto_blkcipher_type = { 508const struct crypto_type crypto_blkcipher_type = {
@@ -510,5 +514,187 @@ const struct crypto_type crypto_blkcipher_type = {
510}; 514};
511EXPORT_SYMBOL_GPL(crypto_blkcipher_type); 515EXPORT_SYMBOL_GPL(crypto_blkcipher_type);
512 516
517static int crypto_grab_nivcipher(struct crypto_skcipher_spawn *spawn,
518 const char *name, u32 type, u32 mask)
519{
520 struct crypto_alg *alg;
521 int err;
522
523 type = crypto_skcipher_type(type);
524 mask = crypto_skcipher_mask(mask) | CRYPTO_ALG_GENIV;
525
526 alg = crypto_alg_mod_lookup(name, type, mask);
527 if (IS_ERR(alg))
528 return PTR_ERR(alg);
529
530 err = crypto_init_spawn(&spawn->base, alg, spawn->base.inst, mask);
531 crypto_mod_put(alg);
532 return err;
533}
534
535struct crypto_instance *skcipher_geniv_alloc(struct crypto_template *tmpl,
536 struct rtattr **tb, u32 type,
537 u32 mask)
538{
539 struct {
540 int (*setkey)(struct crypto_ablkcipher *tfm, const u8 *key,
541 unsigned int keylen);
542 int (*encrypt)(struct ablkcipher_request *req);
543 int (*decrypt)(struct ablkcipher_request *req);
544
545 unsigned int min_keysize;
546 unsigned int max_keysize;
547 unsigned int ivsize;
548
549 const char *geniv;
550 } balg;
551 const char *name;
552 struct crypto_skcipher_spawn *spawn;
553 struct crypto_attr_type *algt;
554 struct crypto_instance *inst;
555 struct crypto_alg *alg;
556 int err;
557
558 algt = crypto_get_attr_type(tb);
559 err = PTR_ERR(algt);
560 if (IS_ERR(algt))
561 return ERR_PTR(err);
562
563 if ((algt->type ^ (CRYPTO_ALG_TYPE_GIVCIPHER | CRYPTO_ALG_GENIV)) &
564 algt->mask)
565 return ERR_PTR(-EINVAL);
566
567 name = crypto_attr_alg_name(tb[1]);
568 err = PTR_ERR(name);
569 if (IS_ERR(name))
570 return ERR_PTR(err);
571
572 inst = kzalloc(sizeof(*inst) + sizeof(*spawn), GFP_KERNEL);
573 if (!inst)
574 return ERR_PTR(-ENOMEM);
575
576 spawn = crypto_instance_ctx(inst);
577
578 /* Ignore async algorithms if necessary. */
579 mask |= crypto_requires_sync(algt->type, algt->mask);
580
581 crypto_set_skcipher_spawn(spawn, inst);
582 err = crypto_grab_nivcipher(spawn, name, type, mask);
583 if (err)
584 goto err_free_inst;
585
586 alg = crypto_skcipher_spawn_alg(spawn);
587
588 if ((alg->cra_flags & CRYPTO_ALG_TYPE_MASK) ==
589 CRYPTO_ALG_TYPE_BLKCIPHER) {
590 balg.ivsize = alg->cra_blkcipher.ivsize;
591 balg.min_keysize = alg->cra_blkcipher.min_keysize;
592 balg.max_keysize = alg->cra_blkcipher.max_keysize;
593
594 balg.setkey = async_setkey;
595 balg.encrypt = async_encrypt;
596 balg.decrypt = async_decrypt;
597
598 balg.geniv = alg->cra_blkcipher.geniv;
599 } else {
600 balg.ivsize = alg->cra_ablkcipher.ivsize;
601 balg.min_keysize = alg->cra_ablkcipher.min_keysize;
602 balg.max_keysize = alg->cra_ablkcipher.max_keysize;
603
604 balg.setkey = alg->cra_ablkcipher.setkey;
605 balg.encrypt = alg->cra_ablkcipher.encrypt;
606 balg.decrypt = alg->cra_ablkcipher.decrypt;
607
608 balg.geniv = alg->cra_ablkcipher.geniv;
609 }
610
611 err = -EINVAL;
612 if (!balg.ivsize)
613 goto err_drop_alg;
614
615 /*
616 * This is only true if we're constructing an algorithm with its
617 * default IV generator. For the default generator we elide the
618 * template name and double-check the IV generator.
619 */
620 if (algt->mask & CRYPTO_ALG_GENIV) {
621 if (!balg.geniv)
622 balg.geniv = crypto_default_geniv(alg);
623 err = -EAGAIN;
624 if (strcmp(tmpl->name, balg.geniv))
625 goto err_drop_alg;
626
627 memcpy(inst->alg.cra_name, alg->cra_name, CRYPTO_MAX_ALG_NAME);
628 memcpy(inst->alg.cra_driver_name, alg->cra_driver_name,
629 CRYPTO_MAX_ALG_NAME);
630 } else {
631 err = -ENAMETOOLONG;
632 if (snprintf(inst->alg.cra_name, CRYPTO_MAX_ALG_NAME,
633 "%s(%s)", tmpl->name, alg->cra_name) >=
634 CRYPTO_MAX_ALG_NAME)
635 goto err_drop_alg;
636 if (snprintf(inst->alg.cra_driver_name, CRYPTO_MAX_ALG_NAME,
637 "%s(%s)", tmpl->name, alg->cra_driver_name) >=
638 CRYPTO_MAX_ALG_NAME)
639 goto err_drop_alg;
640 }
641
642 inst->alg.cra_flags = CRYPTO_ALG_TYPE_GIVCIPHER | CRYPTO_ALG_GENIV;
643 inst->alg.cra_flags |= alg->cra_flags & CRYPTO_ALG_ASYNC;
644 inst->alg.cra_priority = alg->cra_priority;
645 inst->alg.cra_blocksize = alg->cra_blocksize;
646 inst->alg.cra_alignmask = alg->cra_alignmask;
647 inst->alg.cra_type = &crypto_givcipher_type;
648
649 inst->alg.cra_ablkcipher.ivsize = balg.ivsize;
650 inst->alg.cra_ablkcipher.min_keysize = balg.min_keysize;
651 inst->alg.cra_ablkcipher.max_keysize = balg.max_keysize;
652 inst->alg.cra_ablkcipher.geniv = balg.geniv;
653
654 inst->alg.cra_ablkcipher.setkey = balg.setkey;
655 inst->alg.cra_ablkcipher.encrypt = balg.encrypt;
656 inst->alg.cra_ablkcipher.decrypt = balg.decrypt;
657
658out:
659 return inst;
660
661err_drop_alg:
662 crypto_drop_skcipher(spawn);
663err_free_inst:
664 kfree(inst);
665 inst = ERR_PTR(err);
666 goto out;
667}
668EXPORT_SYMBOL_GPL(skcipher_geniv_alloc);
669
670void skcipher_geniv_free(struct crypto_instance *inst)
671{
672 crypto_drop_skcipher(crypto_instance_ctx(inst));
673 kfree(inst);
674}
675EXPORT_SYMBOL_GPL(skcipher_geniv_free);
676
677int skcipher_geniv_init(struct crypto_tfm *tfm)
678{
679 struct crypto_instance *inst = (void *)tfm->__crt_alg;
680 struct crypto_ablkcipher *cipher;
681
682 cipher = crypto_spawn_skcipher(crypto_instance_ctx(inst));
683 if (IS_ERR(cipher))
684 return PTR_ERR(cipher);
685
686 tfm->crt_ablkcipher.base = cipher;
687 tfm->crt_ablkcipher.reqsize += crypto_ablkcipher_reqsize(cipher);
688
689 return 0;
690}
691EXPORT_SYMBOL_GPL(skcipher_geniv_init);
692
693void skcipher_geniv_exit(struct crypto_tfm *tfm)
694{
695 crypto_free_ablkcipher(tfm->crt_ablkcipher.base);
696}
697EXPORT_SYMBOL_GPL(skcipher_geniv_exit);
698
513MODULE_LICENSE("GPL"); 699MODULE_LICENSE("GPL");
514MODULE_DESCRIPTION("Generic block chaining cipher type"); 700MODULE_DESCRIPTION("Generic block chaining cipher type");
diff --git a/crypto/camellia.c b/crypto/camellia.c
index 6877ecfd90bb..493fee7e0a8b 100644
--- a/crypto/camellia.c
+++ b/crypto/camellia.c
@@ -36,176 +36,6 @@
36#include <linux/kernel.h> 36#include <linux/kernel.h>
37#include <linux/module.h> 37#include <linux/module.h>
38 38
39
40#define CAMELLIA_MIN_KEY_SIZE 16
41#define CAMELLIA_MAX_KEY_SIZE 32
42#define CAMELLIA_BLOCK_SIZE 16
43#define CAMELLIA_TABLE_BYTE_LEN 272
44#define CAMELLIA_TABLE_WORD_LEN (CAMELLIA_TABLE_BYTE_LEN / 4)
45
46typedef u32 KEY_TABLE_TYPE[CAMELLIA_TABLE_WORD_LEN];
47
48
49/* key constants */
50
51#define CAMELLIA_SIGMA1L (0xA09E667FL)
52#define CAMELLIA_SIGMA1R (0x3BCC908BL)
53#define CAMELLIA_SIGMA2L (0xB67AE858L)
54#define CAMELLIA_SIGMA2R (0x4CAA73B2L)
55#define CAMELLIA_SIGMA3L (0xC6EF372FL)
56#define CAMELLIA_SIGMA3R (0xE94F82BEL)
57#define CAMELLIA_SIGMA4L (0x54FF53A5L)
58#define CAMELLIA_SIGMA4R (0xF1D36F1CL)
59#define CAMELLIA_SIGMA5L (0x10E527FAL)
60#define CAMELLIA_SIGMA5R (0xDE682D1DL)
61#define CAMELLIA_SIGMA6L (0xB05688C2L)
62#define CAMELLIA_SIGMA6R (0xB3E6C1FDL)
63
64struct camellia_ctx {
65 int key_length;
66 KEY_TABLE_TYPE key_table;
67};
68
69
70/*
71 * macros
72 */
73
74
75# define GETU32(pt) (((u32)(pt)[0] << 24) \
76 ^ ((u32)(pt)[1] << 16) \
77 ^ ((u32)(pt)[2] << 8) \
78 ^ ((u32)(pt)[3]))
79
80#define COPY4WORD(dst, src) \
81 do { \
82 (dst)[0]=(src)[0]; \
83 (dst)[1]=(src)[1]; \
84 (dst)[2]=(src)[2]; \
85 (dst)[3]=(src)[3]; \
86 }while(0)
87
88#define SWAP4WORD(word) \
89 do { \
90 CAMELLIA_SWAP4((word)[0]); \
91 CAMELLIA_SWAP4((word)[1]); \
92 CAMELLIA_SWAP4((word)[2]); \
93 CAMELLIA_SWAP4((word)[3]); \
94 }while(0)
95
96#define XOR4WORD(a, b)/* a = a ^ b */ \
97 do { \
98 (a)[0]^=(b)[0]; \
99 (a)[1]^=(b)[1]; \
100 (a)[2]^=(b)[2]; \
101 (a)[3]^=(b)[3]; \
102 }while(0)
103
104#define XOR4WORD2(a, b, c)/* a = b ^ c */ \
105 do { \
106 (a)[0]=(b)[0]^(c)[0]; \
107 (a)[1]=(b)[1]^(c)[1]; \
108 (a)[2]=(b)[2]^(c)[2]; \
109 (a)[3]=(b)[3]^(c)[3]; \
110 }while(0)
111
112#define CAMELLIA_SUBKEY_L(INDEX) (subkey[(INDEX)*2])
113#define CAMELLIA_SUBKEY_R(INDEX) (subkey[(INDEX)*2 + 1])
114
115/* rotation right shift 1byte */
116#define CAMELLIA_RR8(x) (((x) >> 8) + ((x) << 24))
117/* rotation left shift 1bit */
118#define CAMELLIA_RL1(x) (((x) << 1) + ((x) >> 31))
119/* rotation left shift 1byte */
120#define CAMELLIA_RL8(x) (((x) << 8) + ((x) >> 24))
121
122#define CAMELLIA_ROLDQ(ll, lr, rl, rr, w0, w1, bits) \
123 do { \
124 w0 = ll; \
125 ll = (ll << bits) + (lr >> (32 - bits)); \
126 lr = (lr << bits) + (rl >> (32 - bits)); \
127 rl = (rl << bits) + (rr >> (32 - bits)); \
128 rr = (rr << bits) + (w0 >> (32 - bits)); \
129 } while(0)
130
131#define CAMELLIA_ROLDQo32(ll, lr, rl, rr, w0, w1, bits) \
132 do { \
133 w0 = ll; \
134 w1 = lr; \
135 ll = (lr << (bits - 32)) + (rl >> (64 - bits)); \
136 lr = (rl << (bits - 32)) + (rr >> (64 - bits)); \
137 rl = (rr << (bits - 32)) + (w0 >> (64 - bits)); \
138 rr = (w0 << (bits - 32)) + (w1 >> (64 - bits)); \
139 } while(0)
140
141#define CAMELLIA_SP1110(INDEX) (camellia_sp1110[(INDEX)])
142#define CAMELLIA_SP0222(INDEX) (camellia_sp0222[(INDEX)])
143#define CAMELLIA_SP3033(INDEX) (camellia_sp3033[(INDEX)])
144#define CAMELLIA_SP4404(INDEX) (camellia_sp4404[(INDEX)])
145
146#define CAMELLIA_F(xl, xr, kl, kr, yl, yr, il, ir, t0, t1) \
147 do { \
148 il = xl ^ kl; \
149 ir = xr ^ kr; \
150 t0 = il >> 16; \
151 t1 = ir >> 16; \
152 yl = CAMELLIA_SP1110(ir & 0xff) \
153 ^ CAMELLIA_SP0222((t1 >> 8) & 0xff) \
154 ^ CAMELLIA_SP3033(t1 & 0xff) \
155 ^ CAMELLIA_SP4404((ir >> 8) & 0xff); \
156 yr = CAMELLIA_SP1110((t0 >> 8) & 0xff) \
157 ^ CAMELLIA_SP0222(t0 & 0xff) \
158 ^ CAMELLIA_SP3033((il >> 8) & 0xff) \
159 ^ CAMELLIA_SP4404(il & 0xff); \
160 yl ^= yr; \
161 yr = CAMELLIA_RR8(yr); \
162 yr ^= yl; \
163 } while(0)
164
165
166/*
167 * for speed up
168 *
169 */
170#define CAMELLIA_FLS(ll, lr, rl, rr, kll, klr, krl, krr, t0, t1, t2, t3) \
171 do { \
172 t0 = kll; \
173 t2 = krr; \
174 t0 &= ll; \
175 t2 |= rr; \
176 rl ^= t2; \
177 lr ^= CAMELLIA_RL1(t0); \
178 t3 = krl; \
179 t1 = klr; \
180 t3 &= rl; \
181 t1 |= lr; \
182 ll ^= t1; \
183 rr ^= CAMELLIA_RL1(t3); \
184 } while(0)
185
186#define CAMELLIA_ROUNDSM(xl, xr, kl, kr, yl, yr, il, ir, t0, t1) \
187 do { \
188 ir = CAMELLIA_SP1110(xr & 0xff); \
189 il = CAMELLIA_SP1110((xl>>24) & 0xff); \
190 ir ^= CAMELLIA_SP0222((xr>>24) & 0xff); \
191 il ^= CAMELLIA_SP0222((xl>>16) & 0xff); \
192 ir ^= CAMELLIA_SP3033((xr>>16) & 0xff); \
193 il ^= CAMELLIA_SP3033((xl>>8) & 0xff); \
194 ir ^= CAMELLIA_SP4404((xr>>8) & 0xff); \
195 il ^= CAMELLIA_SP4404(xl & 0xff); \
196 il ^= kl; \
197 ir ^= il ^ kr; \
198 yl ^= ir; \
199 yr ^= CAMELLIA_RR8(il) ^ ir; \
200 } while(0)
201
202/**
203 * Stuff related to the Camellia key schedule
204 */
205#define SUBL(x) subL[(x)]
206#define SUBR(x) subR[(x)]
207
208
209static const u32 camellia_sp1110[256] = { 39static const u32 camellia_sp1110[256] = {
210 0x70707000,0x82828200,0x2c2c2c00,0xececec00, 40 0x70707000,0x82828200,0x2c2c2c00,0xececec00,
211 0xb3b3b300,0x27272700,0xc0c0c000,0xe5e5e500, 41 0xb3b3b300,0x27272700,0xc0c0c000,0xe5e5e500,
@@ -475,67 +305,348 @@ static const u32 camellia_sp4404[256] = {
475}; 305};
476 306
477 307
308#define CAMELLIA_MIN_KEY_SIZE 16
309#define CAMELLIA_MAX_KEY_SIZE 32
310#define CAMELLIA_BLOCK_SIZE 16
311#define CAMELLIA_TABLE_BYTE_LEN 272
312
313/*
314 * NB: L and R below stand for 'left' and 'right' as in written numbers.
315 * That is, in (xxxL,xxxR) pair xxxL holds most significant digits,
316 * _not_ least significant ones!
317 */
318
319
320/* key constants */
321
322#define CAMELLIA_SIGMA1L (0xA09E667FL)
323#define CAMELLIA_SIGMA1R (0x3BCC908BL)
324#define CAMELLIA_SIGMA2L (0xB67AE858L)
325#define CAMELLIA_SIGMA2R (0x4CAA73B2L)
326#define CAMELLIA_SIGMA3L (0xC6EF372FL)
327#define CAMELLIA_SIGMA3R (0xE94F82BEL)
328#define CAMELLIA_SIGMA4L (0x54FF53A5L)
329#define CAMELLIA_SIGMA4R (0xF1D36F1CL)
330#define CAMELLIA_SIGMA5L (0x10E527FAL)
331#define CAMELLIA_SIGMA5R (0xDE682D1DL)
332#define CAMELLIA_SIGMA6L (0xB05688C2L)
333#define CAMELLIA_SIGMA6R (0xB3E6C1FDL)
334
335/*
336 * macros
337 */
338#define GETU32(v, pt) \
339 do { \
340 /* latest breed of gcc is clever enough to use move */ \
341 memcpy(&(v), (pt), 4); \
342 (v) = be32_to_cpu(v); \
343 } while(0)
344
345/* rotation right shift 1byte */
346#define ROR8(x) (((x) >> 8) + ((x) << 24))
347/* rotation left shift 1bit */
348#define ROL1(x) (((x) << 1) + ((x) >> 31))
349/* rotation left shift 1byte */
350#define ROL8(x) (((x) << 8) + ((x) >> 24))
351
352#define ROLDQ(ll, lr, rl, rr, w0, w1, bits) \
353 do { \
354 w0 = ll; \
355 ll = (ll << bits) + (lr >> (32 - bits)); \
356 lr = (lr << bits) + (rl >> (32 - bits)); \
357 rl = (rl << bits) + (rr >> (32 - bits)); \
358 rr = (rr << bits) + (w0 >> (32 - bits)); \
359 } while(0)
360
361#define ROLDQo32(ll, lr, rl, rr, w0, w1, bits) \
362 do { \
363 w0 = ll; \
364 w1 = lr; \
365 ll = (lr << (bits - 32)) + (rl >> (64 - bits)); \
366 lr = (rl << (bits - 32)) + (rr >> (64 - bits)); \
367 rl = (rr << (bits - 32)) + (w0 >> (64 - bits)); \
368 rr = (w0 << (bits - 32)) + (w1 >> (64 - bits)); \
369 } while(0)
370
371#define CAMELLIA_F(xl, xr, kl, kr, yl, yr, il, ir, t0, t1) \
372 do { \
373 il = xl ^ kl; \
374 ir = xr ^ kr; \
375 t0 = il >> 16; \
376 t1 = ir >> 16; \
377 yl = camellia_sp1110[(u8)(ir )] \
378 ^ camellia_sp0222[ (t1 >> 8)] \
379 ^ camellia_sp3033[(u8)(t1 )] \
380 ^ camellia_sp4404[(u8)(ir >> 8)]; \
381 yr = camellia_sp1110[ (t0 >> 8)] \
382 ^ camellia_sp0222[(u8)(t0 )] \
383 ^ camellia_sp3033[(u8)(il >> 8)] \
384 ^ camellia_sp4404[(u8)(il )]; \
385 yl ^= yr; \
386 yr = ROR8(yr); \
387 yr ^= yl; \
388 } while(0)
389
390#define SUBKEY_L(INDEX) (subkey[(INDEX)*2])
391#define SUBKEY_R(INDEX) (subkey[(INDEX)*2 + 1])
392
393static void camellia_setup_tail(u32 *subkey, u32 *subL, u32 *subR, int max)
394{
395 u32 dw, tl, tr;
396 u32 kw4l, kw4r;
397 int i;
398
399 /* absorb kw2 to other subkeys */
400 /* round 2 */
401 subL[3] ^= subL[1]; subR[3] ^= subR[1];
402 /* round 4 */
403 subL[5] ^= subL[1]; subR[5] ^= subR[1];
404 /* round 6 */
405 subL[7] ^= subL[1]; subR[7] ^= subR[1];
406 subL[1] ^= subR[1] & ~subR[9];
407 dw = subL[1] & subL[9],
408 subR[1] ^= ROL1(dw); /* modified for FLinv(kl2) */
409 /* round 8 */
410 subL[11] ^= subL[1]; subR[11] ^= subR[1];
411 /* round 10 */
412 subL[13] ^= subL[1]; subR[13] ^= subR[1];
413 /* round 12 */
414 subL[15] ^= subL[1]; subR[15] ^= subR[1];
415 subL[1] ^= subR[1] & ~subR[17];
416 dw = subL[1] & subL[17],
417 subR[1] ^= ROL1(dw); /* modified for FLinv(kl4) */
418 /* round 14 */
419 subL[19] ^= subL[1]; subR[19] ^= subR[1];
420 /* round 16 */
421 subL[21] ^= subL[1]; subR[21] ^= subR[1];
422 /* round 18 */
423 subL[23] ^= subL[1]; subR[23] ^= subR[1];
424 if (max == 24) {
425 /* kw3 */
426 subL[24] ^= subL[1]; subR[24] ^= subR[1];
427
428 /* absorb kw4 to other subkeys */
429 kw4l = subL[25]; kw4r = subR[25];
430 } else {
431 subL[1] ^= subR[1] & ~subR[25];
432 dw = subL[1] & subL[25],
433 subR[1] ^= ROL1(dw); /* modified for FLinv(kl6) */
434 /* round 20 */
435 subL[27] ^= subL[1]; subR[27] ^= subR[1];
436 /* round 22 */
437 subL[29] ^= subL[1]; subR[29] ^= subR[1];
438 /* round 24 */
439 subL[31] ^= subL[1]; subR[31] ^= subR[1];
440 /* kw3 */
441 subL[32] ^= subL[1]; subR[32] ^= subR[1];
442
443 /* absorb kw4 to other subkeys */
444 kw4l = subL[33]; kw4r = subR[33];
445 /* round 23 */
446 subL[30] ^= kw4l; subR[30] ^= kw4r;
447 /* round 21 */
448 subL[28] ^= kw4l; subR[28] ^= kw4r;
449 /* round 19 */
450 subL[26] ^= kw4l; subR[26] ^= kw4r;
451 kw4l ^= kw4r & ~subR[24];
452 dw = kw4l & subL[24],
453 kw4r ^= ROL1(dw); /* modified for FL(kl5) */
454 }
455 /* round 17 */
456 subL[22] ^= kw4l; subR[22] ^= kw4r;
457 /* round 15 */
458 subL[20] ^= kw4l; subR[20] ^= kw4r;
459 /* round 13 */
460 subL[18] ^= kw4l; subR[18] ^= kw4r;
461 kw4l ^= kw4r & ~subR[16];
462 dw = kw4l & subL[16],
463 kw4r ^= ROL1(dw); /* modified for FL(kl3) */
464 /* round 11 */
465 subL[14] ^= kw4l; subR[14] ^= kw4r;
466 /* round 9 */
467 subL[12] ^= kw4l; subR[12] ^= kw4r;
468 /* round 7 */
469 subL[10] ^= kw4l; subR[10] ^= kw4r;
470 kw4l ^= kw4r & ~subR[8];
471 dw = kw4l & subL[8],
472 kw4r ^= ROL1(dw); /* modified for FL(kl1) */
473 /* round 5 */
474 subL[6] ^= kw4l; subR[6] ^= kw4r;
475 /* round 3 */
476 subL[4] ^= kw4l; subR[4] ^= kw4r;
477 /* round 1 */
478 subL[2] ^= kw4l; subR[2] ^= kw4r;
479 /* kw1 */
480 subL[0] ^= kw4l; subR[0] ^= kw4r;
481
482 /* key XOR is end of F-function */
483 SUBKEY_L(0) = subL[0] ^ subL[2];/* kw1 */
484 SUBKEY_R(0) = subR[0] ^ subR[2];
485 SUBKEY_L(2) = subL[3]; /* round 1 */
486 SUBKEY_R(2) = subR[3];
487 SUBKEY_L(3) = subL[2] ^ subL[4]; /* round 2 */
488 SUBKEY_R(3) = subR[2] ^ subR[4];
489 SUBKEY_L(4) = subL[3] ^ subL[5]; /* round 3 */
490 SUBKEY_R(4) = subR[3] ^ subR[5];
491 SUBKEY_L(5) = subL[4] ^ subL[6]; /* round 4 */
492 SUBKEY_R(5) = subR[4] ^ subR[6];
493 SUBKEY_L(6) = subL[5] ^ subL[7]; /* round 5 */
494 SUBKEY_R(6) = subR[5] ^ subR[7];
495 tl = subL[10] ^ (subR[10] & ~subR[8]);
496 dw = tl & subL[8], /* FL(kl1) */
497 tr = subR[10] ^ ROL1(dw);
498 SUBKEY_L(7) = subL[6] ^ tl; /* round 6 */
499 SUBKEY_R(7) = subR[6] ^ tr;
500 SUBKEY_L(8) = subL[8]; /* FL(kl1) */
501 SUBKEY_R(8) = subR[8];
502 SUBKEY_L(9) = subL[9]; /* FLinv(kl2) */
503 SUBKEY_R(9) = subR[9];
504 tl = subL[7] ^ (subR[7] & ~subR[9]);
505 dw = tl & subL[9], /* FLinv(kl2) */
506 tr = subR[7] ^ ROL1(dw);
507 SUBKEY_L(10) = tl ^ subL[11]; /* round 7 */
508 SUBKEY_R(10) = tr ^ subR[11];
509 SUBKEY_L(11) = subL[10] ^ subL[12]; /* round 8 */
510 SUBKEY_R(11) = subR[10] ^ subR[12];
511 SUBKEY_L(12) = subL[11] ^ subL[13]; /* round 9 */
512 SUBKEY_R(12) = subR[11] ^ subR[13];
513 SUBKEY_L(13) = subL[12] ^ subL[14]; /* round 10 */
514 SUBKEY_R(13) = subR[12] ^ subR[14];
515 SUBKEY_L(14) = subL[13] ^ subL[15]; /* round 11 */
516 SUBKEY_R(14) = subR[13] ^ subR[15];
517 tl = subL[18] ^ (subR[18] & ~subR[16]);
518 dw = tl & subL[16], /* FL(kl3) */
519 tr = subR[18] ^ ROL1(dw);
520 SUBKEY_L(15) = subL[14] ^ tl; /* round 12 */
521 SUBKEY_R(15) = subR[14] ^ tr;
522 SUBKEY_L(16) = subL[16]; /* FL(kl3) */
523 SUBKEY_R(16) = subR[16];
524 SUBKEY_L(17) = subL[17]; /* FLinv(kl4) */
525 SUBKEY_R(17) = subR[17];
526 tl = subL[15] ^ (subR[15] & ~subR[17]);
527 dw = tl & subL[17], /* FLinv(kl4) */
528 tr = subR[15] ^ ROL1(dw);
529 SUBKEY_L(18) = tl ^ subL[19]; /* round 13 */
530 SUBKEY_R(18) = tr ^ subR[19];
531 SUBKEY_L(19) = subL[18] ^ subL[20]; /* round 14 */
532 SUBKEY_R(19) = subR[18] ^ subR[20];
533 SUBKEY_L(20) = subL[19] ^ subL[21]; /* round 15 */
534 SUBKEY_R(20) = subR[19] ^ subR[21];
535 SUBKEY_L(21) = subL[20] ^ subL[22]; /* round 16 */
536 SUBKEY_R(21) = subR[20] ^ subR[22];
537 SUBKEY_L(22) = subL[21] ^ subL[23]; /* round 17 */
538 SUBKEY_R(22) = subR[21] ^ subR[23];
539 if (max == 24) {
540 SUBKEY_L(23) = subL[22]; /* round 18 */
541 SUBKEY_R(23) = subR[22];
542 SUBKEY_L(24) = subL[24] ^ subL[23]; /* kw3 */
543 SUBKEY_R(24) = subR[24] ^ subR[23];
544 } else {
545 tl = subL[26] ^ (subR[26] & ~subR[24]);
546 dw = tl & subL[24], /* FL(kl5) */
547 tr = subR[26] ^ ROL1(dw);
548 SUBKEY_L(23) = subL[22] ^ tl; /* round 18 */
549 SUBKEY_R(23) = subR[22] ^ tr;
550 SUBKEY_L(24) = subL[24]; /* FL(kl5) */
551 SUBKEY_R(24) = subR[24];
552 SUBKEY_L(25) = subL[25]; /* FLinv(kl6) */
553 SUBKEY_R(25) = subR[25];
554 tl = subL[23] ^ (subR[23] & ~subR[25]);
555 dw = tl & subL[25], /* FLinv(kl6) */
556 tr = subR[23] ^ ROL1(dw);
557 SUBKEY_L(26) = tl ^ subL[27]; /* round 19 */
558 SUBKEY_R(26) = tr ^ subR[27];
559 SUBKEY_L(27) = subL[26] ^ subL[28]; /* round 20 */
560 SUBKEY_R(27) = subR[26] ^ subR[28];
561 SUBKEY_L(28) = subL[27] ^ subL[29]; /* round 21 */
562 SUBKEY_R(28) = subR[27] ^ subR[29];
563 SUBKEY_L(29) = subL[28] ^ subL[30]; /* round 22 */
564 SUBKEY_R(29) = subR[28] ^ subR[30];
565 SUBKEY_L(30) = subL[29] ^ subL[31]; /* round 23 */
566 SUBKEY_R(30) = subR[29] ^ subR[31];
567 SUBKEY_L(31) = subL[30]; /* round 24 */
568 SUBKEY_R(31) = subR[30];
569 SUBKEY_L(32) = subL[32] ^ subL[31]; /* kw3 */
570 SUBKEY_R(32) = subR[32] ^ subR[31];
571 }
572
573 /* apply the inverse of the last half of P-function */
574 i = 2;
575 do {
576 dw = SUBKEY_L(i + 0) ^ SUBKEY_R(i + 0); dw = ROL8(dw);/* round 1 */
577 SUBKEY_R(i + 0) = SUBKEY_L(i + 0) ^ dw; SUBKEY_L(i + 0) = dw;
578 dw = SUBKEY_L(i + 1) ^ SUBKEY_R(i + 1); dw = ROL8(dw);/* round 2 */
579 SUBKEY_R(i + 1) = SUBKEY_L(i + 1) ^ dw; SUBKEY_L(i + 1) = dw;
580 dw = SUBKEY_L(i + 2) ^ SUBKEY_R(i + 2); dw = ROL8(dw);/* round 3 */
581 SUBKEY_R(i + 2) = SUBKEY_L(i + 2) ^ dw; SUBKEY_L(i + 2) = dw;
582 dw = SUBKEY_L(i + 3) ^ SUBKEY_R(i + 3); dw = ROL8(dw);/* round 4 */
583 SUBKEY_R(i + 3) = SUBKEY_L(i + 3) ^ dw; SUBKEY_L(i + 3) = dw;
584 dw = SUBKEY_L(i + 4) ^ SUBKEY_R(i + 4); dw = ROL8(dw);/* round 5 */
585 SUBKEY_R(i + 4) = SUBKEY_L(i + 4) ^ dw; SUBKEY_L(i + 4) = dw;
586 dw = SUBKEY_L(i + 5) ^ SUBKEY_R(i + 5); dw = ROL8(dw);/* round 6 */
587 SUBKEY_R(i + 5) = SUBKEY_L(i + 5) ^ dw; SUBKEY_L(i + 5) = dw;
588 i += 8;
589 } while (i < max);
590}
478 591
479static void camellia_setup128(const unsigned char *key, u32 *subkey) 592static void camellia_setup128(const unsigned char *key, u32 *subkey)
480{ 593{
481 u32 kll, klr, krl, krr; 594 u32 kll, klr, krl, krr;
482 u32 il, ir, t0, t1, w0, w1; 595 u32 il, ir, t0, t1, w0, w1;
483 u32 kw4l, kw4r, dw, tl, tr;
484 u32 subL[26]; 596 u32 subL[26];
485 u32 subR[26]; 597 u32 subR[26];
486 598
487 /** 599 /**
488 * k == kll || klr || krl || krr (|| is concatination) 600 * k == kll || klr || krl || krr (|| is concatenation)
489 */
490 kll = GETU32(key );
491 klr = GETU32(key + 4);
492 krl = GETU32(key + 8);
493 krr = GETU32(key + 12);
494 /**
495 * generate KL dependent subkeys
496 */ 601 */
602 GETU32(kll, key );
603 GETU32(klr, key + 4);
604 GETU32(krl, key + 8);
605 GETU32(krr, key + 12);
606
607 /* generate KL dependent subkeys */
497 /* kw1 */ 608 /* kw1 */
498 SUBL(0) = kll; SUBR(0) = klr; 609 subL[0] = kll; subR[0] = klr;
499 /* kw2 */ 610 /* kw2 */
500 SUBL(1) = krl; SUBR(1) = krr; 611 subL[1] = krl; subR[1] = krr;
501 /* rotation left shift 15bit */ 612 /* rotation left shift 15bit */
502 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15); 613 ROLDQ(kll, klr, krl, krr, w0, w1, 15);
503 /* k3 */ 614 /* k3 */
504 SUBL(4) = kll; SUBR(4) = klr; 615 subL[4] = kll; subR[4] = klr;
505 /* k4 */ 616 /* k4 */
506 SUBL(5) = krl; SUBR(5) = krr; 617 subL[5] = krl; subR[5] = krr;
507 /* rotation left shift 15+30bit */ 618 /* rotation left shift 15+30bit */
508 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 30); 619 ROLDQ(kll, klr, krl, krr, w0, w1, 30);
509 /* k7 */ 620 /* k7 */
510 SUBL(10) = kll; SUBR(10) = klr; 621 subL[10] = kll; subR[10] = klr;
511 /* k8 */ 622 /* k8 */
512 SUBL(11) = krl; SUBR(11) = krr; 623 subL[11] = krl; subR[11] = krr;
513 /* rotation left shift 15+30+15bit */ 624 /* rotation left shift 15+30+15bit */
514 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15); 625 ROLDQ(kll, klr, krl, krr, w0, w1, 15);
515 /* k10 */ 626 /* k10 */
516 SUBL(13) = krl; SUBR(13) = krr; 627 subL[13] = krl; subR[13] = krr;
517 /* rotation left shift 15+30+15+17 bit */ 628 /* rotation left shift 15+30+15+17 bit */
518 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17); 629 ROLDQ(kll, klr, krl, krr, w0, w1, 17);
519 /* kl3 */ 630 /* kl3 */
520 SUBL(16) = kll; SUBR(16) = klr; 631 subL[16] = kll; subR[16] = klr;
521 /* kl4 */ 632 /* kl4 */
522 SUBL(17) = krl; SUBR(17) = krr; 633 subL[17] = krl; subR[17] = krr;
523 /* rotation left shift 15+30+15+17+17 bit */ 634 /* rotation left shift 15+30+15+17+17 bit */
524 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17); 635 ROLDQ(kll, klr, krl, krr, w0, w1, 17);
525 /* k13 */ 636 /* k13 */
526 SUBL(18) = kll; SUBR(18) = klr; 637 subL[18] = kll; subR[18] = klr;
527 /* k14 */ 638 /* k14 */
528 SUBL(19) = krl; SUBR(19) = krr; 639 subL[19] = krl; subR[19] = krr;
529 /* rotation left shift 15+30+15+17+17+17 bit */ 640 /* rotation left shift 15+30+15+17+17+17 bit */
530 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17); 641 ROLDQ(kll, klr, krl, krr, w0, w1, 17);
531 /* k17 */ 642 /* k17 */
532 SUBL(22) = kll; SUBR(22) = klr; 643 subL[22] = kll; subR[22] = klr;
533 /* k18 */ 644 /* k18 */
534 SUBL(23) = krl; SUBR(23) = krr; 645 subL[23] = krl; subR[23] = krr;
535 646
536 /* generate KA */ 647 /* generate KA */
537 kll = SUBL(0); klr = SUBR(0); 648 kll = subL[0]; klr = subR[0];
538 krl = SUBL(1); krr = SUBR(1); 649 krl = subL[1]; krr = subR[1];
539 CAMELLIA_F(kll, klr, 650 CAMELLIA_F(kll, klr,
540 CAMELLIA_SIGMA1L, CAMELLIA_SIGMA1R, 651 CAMELLIA_SIGMA1L, CAMELLIA_SIGMA1R,
541 w0, w1, il, ir, t0, t1); 652 w0, w1, il, ir, t0, t1);
@@ -555,306 +666,108 @@ static void camellia_setup128(const unsigned char *key, u32 *subkey)
555 666
556 /* generate KA dependent subkeys */ 667 /* generate KA dependent subkeys */
557 /* k1, k2 */ 668 /* k1, k2 */
558 SUBL(2) = kll; SUBR(2) = klr; 669 subL[2] = kll; subR[2] = klr;
559 SUBL(3) = krl; SUBR(3) = krr; 670 subL[3] = krl; subR[3] = krr;
560 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15); 671 ROLDQ(kll, klr, krl, krr, w0, w1, 15);
561 /* k5,k6 */ 672 /* k5,k6 */
562 SUBL(6) = kll; SUBR(6) = klr; 673 subL[6] = kll; subR[6] = klr;
563 SUBL(7) = krl; SUBR(7) = krr; 674 subL[7] = krl; subR[7] = krr;
564 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15); 675 ROLDQ(kll, klr, krl, krr, w0, w1, 15);
565 /* kl1, kl2 */ 676 /* kl1, kl2 */
566 SUBL(8) = kll; SUBR(8) = klr; 677 subL[8] = kll; subR[8] = klr;
567 SUBL(9) = krl; SUBR(9) = krr; 678 subL[9] = krl; subR[9] = krr;
568 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15); 679 ROLDQ(kll, klr, krl, krr, w0, w1, 15);
569 /* k9 */ 680 /* k9 */
570 SUBL(12) = kll; SUBR(12) = klr; 681 subL[12] = kll; subR[12] = klr;
571 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15); 682 ROLDQ(kll, klr, krl, krr, w0, w1, 15);
572 /* k11, k12 */ 683 /* k11, k12 */
573 SUBL(14) = kll; SUBR(14) = klr; 684 subL[14] = kll; subR[14] = klr;
574 SUBL(15) = krl; SUBR(15) = krr; 685 subL[15] = krl; subR[15] = krr;
575 CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 34); 686 ROLDQo32(kll, klr, krl, krr, w0, w1, 34);
576 /* k15, k16 */ 687 /* k15, k16 */
577 SUBL(20) = kll; SUBR(20) = klr; 688 subL[20] = kll; subR[20] = klr;
578 SUBL(21) = krl; SUBR(21) = krr; 689 subL[21] = krl; subR[21] = krr;
579 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17); 690 ROLDQ(kll, klr, krl, krr, w0, w1, 17);
580 /* kw3, kw4 */ 691 /* kw3, kw4 */
581 SUBL(24) = kll; SUBR(24) = klr; 692 subL[24] = kll; subR[24] = klr;
582 SUBL(25) = krl; SUBR(25) = krr; 693 subL[25] = krl; subR[25] = krr;
583 694
584 695 camellia_setup_tail(subkey, subL, subR, 24);
585 /* absorb kw2 to other subkeys */
586 /* round 2 */
587 SUBL(3) ^= SUBL(1); SUBR(3) ^= SUBR(1);
588 /* round 4 */
589 SUBL(5) ^= SUBL(1); SUBR(5) ^= SUBR(1);
590 /* round 6 */
591 SUBL(7) ^= SUBL(1); SUBR(7) ^= SUBR(1);
592 SUBL(1) ^= SUBR(1) & ~SUBR(9);
593 dw = SUBL(1) & SUBL(9),
594 SUBR(1) ^= CAMELLIA_RL1(dw); /* modified for FLinv(kl2) */
595 /* round 8 */
596 SUBL(11) ^= SUBL(1); SUBR(11) ^= SUBR(1);
597 /* round 10 */
598 SUBL(13) ^= SUBL(1); SUBR(13) ^= SUBR(1);
599 /* round 12 */
600 SUBL(15) ^= SUBL(1); SUBR(15) ^= SUBR(1);
601 SUBL(1) ^= SUBR(1) & ~SUBR(17);
602 dw = SUBL(1) & SUBL(17),
603 SUBR(1) ^= CAMELLIA_RL1(dw); /* modified for FLinv(kl4) */
604 /* round 14 */
605 SUBL(19) ^= SUBL(1); SUBR(19) ^= SUBR(1);
606 /* round 16 */
607 SUBL(21) ^= SUBL(1); SUBR(21) ^= SUBR(1);
608 /* round 18 */
609 SUBL(23) ^= SUBL(1); SUBR(23) ^= SUBR(1);
610 /* kw3 */
611 SUBL(24) ^= SUBL(1); SUBR(24) ^= SUBR(1);
612
613 /* absorb kw4 to other subkeys */
614 kw4l = SUBL(25); kw4r = SUBR(25);
615 /* round 17 */
616 SUBL(22) ^= kw4l; SUBR(22) ^= kw4r;
617 /* round 15 */
618 SUBL(20) ^= kw4l; SUBR(20) ^= kw4r;
619 /* round 13 */
620 SUBL(18) ^= kw4l; SUBR(18) ^= kw4r;
621 kw4l ^= kw4r & ~SUBR(16);
622 dw = kw4l & SUBL(16),
623 kw4r ^= CAMELLIA_RL1(dw); /* modified for FL(kl3) */
624 /* round 11 */
625 SUBL(14) ^= kw4l; SUBR(14) ^= kw4r;
626 /* round 9 */
627 SUBL(12) ^= kw4l; SUBR(12) ^= kw4r;
628 /* round 7 */
629 SUBL(10) ^= kw4l; SUBR(10) ^= kw4r;
630 kw4l ^= kw4r & ~SUBR(8);
631 dw = kw4l & SUBL(8),
632 kw4r ^= CAMELLIA_RL1(dw); /* modified for FL(kl1) */
633 /* round 5 */
634 SUBL(6) ^= kw4l; SUBR(6) ^= kw4r;
635 /* round 3 */
636 SUBL(4) ^= kw4l; SUBR(4) ^= kw4r;
637 /* round 1 */
638 SUBL(2) ^= kw4l; SUBR(2) ^= kw4r;
639 /* kw1 */
640 SUBL(0) ^= kw4l; SUBR(0) ^= kw4r;
641
642
643 /* key XOR is end of F-function */
644 CAMELLIA_SUBKEY_L(0) = SUBL(0) ^ SUBL(2);/* kw1 */
645 CAMELLIA_SUBKEY_R(0) = SUBR(0) ^ SUBR(2);
646 CAMELLIA_SUBKEY_L(2) = SUBL(3); /* round 1 */
647 CAMELLIA_SUBKEY_R(2) = SUBR(3);
648 CAMELLIA_SUBKEY_L(3) = SUBL(2) ^ SUBL(4); /* round 2 */
649 CAMELLIA_SUBKEY_R(3) = SUBR(2) ^ SUBR(4);
650 CAMELLIA_SUBKEY_L(4) = SUBL(3) ^ SUBL(5); /* round 3 */
651 CAMELLIA_SUBKEY_R(4) = SUBR(3) ^ SUBR(5);
652 CAMELLIA_SUBKEY_L(5) = SUBL(4) ^ SUBL(6); /* round 4 */
653 CAMELLIA_SUBKEY_R(5) = SUBR(4) ^ SUBR(6);
654 CAMELLIA_SUBKEY_L(6) = SUBL(5) ^ SUBL(7); /* round 5 */
655 CAMELLIA_SUBKEY_R(6) = SUBR(5) ^ SUBR(7);
656 tl = SUBL(10) ^ (SUBR(10) & ~SUBR(8));
657 dw = tl & SUBL(8), /* FL(kl1) */
658 tr = SUBR(10) ^ CAMELLIA_RL1(dw);
659 CAMELLIA_SUBKEY_L(7) = SUBL(6) ^ tl; /* round 6 */
660 CAMELLIA_SUBKEY_R(7) = SUBR(6) ^ tr;
661 CAMELLIA_SUBKEY_L(8) = SUBL(8); /* FL(kl1) */
662 CAMELLIA_SUBKEY_R(8) = SUBR(8);
663 CAMELLIA_SUBKEY_L(9) = SUBL(9); /* FLinv(kl2) */
664 CAMELLIA_SUBKEY_R(9) = SUBR(9);
665 tl = SUBL(7) ^ (SUBR(7) & ~SUBR(9));
666 dw = tl & SUBL(9), /* FLinv(kl2) */
667 tr = SUBR(7) ^ CAMELLIA_RL1(dw);
668 CAMELLIA_SUBKEY_L(10) = tl ^ SUBL(11); /* round 7 */
669 CAMELLIA_SUBKEY_R(10) = tr ^ SUBR(11);
670 CAMELLIA_SUBKEY_L(11) = SUBL(10) ^ SUBL(12); /* round 8 */
671 CAMELLIA_SUBKEY_R(11) = SUBR(10) ^ SUBR(12);
672 CAMELLIA_SUBKEY_L(12) = SUBL(11) ^ SUBL(13); /* round 9 */
673 CAMELLIA_SUBKEY_R(12) = SUBR(11) ^ SUBR(13);
674 CAMELLIA_SUBKEY_L(13) = SUBL(12) ^ SUBL(14); /* round 10 */
675 CAMELLIA_SUBKEY_R(13) = SUBR(12) ^ SUBR(14);
676 CAMELLIA_SUBKEY_L(14) = SUBL(13) ^ SUBL(15); /* round 11 */
677 CAMELLIA_SUBKEY_R(14) = SUBR(13) ^ SUBR(15);
678 tl = SUBL(18) ^ (SUBR(18) & ~SUBR(16));
679 dw = tl & SUBL(16), /* FL(kl3) */
680 tr = SUBR(18) ^ CAMELLIA_RL1(dw);
681 CAMELLIA_SUBKEY_L(15) = SUBL(14) ^ tl; /* round 12 */
682 CAMELLIA_SUBKEY_R(15) = SUBR(14) ^ tr;
683 CAMELLIA_SUBKEY_L(16) = SUBL(16); /* FL(kl3) */
684 CAMELLIA_SUBKEY_R(16) = SUBR(16);
685 CAMELLIA_SUBKEY_L(17) = SUBL(17); /* FLinv(kl4) */
686 CAMELLIA_SUBKEY_R(17) = SUBR(17);
687 tl = SUBL(15) ^ (SUBR(15) & ~SUBR(17));
688 dw = tl & SUBL(17), /* FLinv(kl4) */
689 tr = SUBR(15) ^ CAMELLIA_RL1(dw);
690 CAMELLIA_SUBKEY_L(18) = tl ^ SUBL(19); /* round 13 */
691 CAMELLIA_SUBKEY_R(18) = tr ^ SUBR(19);
692 CAMELLIA_SUBKEY_L(19) = SUBL(18) ^ SUBL(20); /* round 14 */
693 CAMELLIA_SUBKEY_R(19) = SUBR(18) ^ SUBR(20);
694 CAMELLIA_SUBKEY_L(20) = SUBL(19) ^ SUBL(21); /* round 15 */
695 CAMELLIA_SUBKEY_R(20) = SUBR(19) ^ SUBR(21);
696 CAMELLIA_SUBKEY_L(21) = SUBL(20) ^ SUBL(22); /* round 16 */
697 CAMELLIA_SUBKEY_R(21) = SUBR(20) ^ SUBR(22);
698 CAMELLIA_SUBKEY_L(22) = SUBL(21) ^ SUBL(23); /* round 17 */
699 CAMELLIA_SUBKEY_R(22) = SUBR(21) ^ SUBR(23);
700 CAMELLIA_SUBKEY_L(23) = SUBL(22); /* round 18 */
701 CAMELLIA_SUBKEY_R(23) = SUBR(22);
702 CAMELLIA_SUBKEY_L(24) = SUBL(24) ^ SUBL(23); /* kw3 */
703 CAMELLIA_SUBKEY_R(24) = SUBR(24) ^ SUBR(23);
704
705 /* apply the inverse of the last half of P-function */
706 dw = CAMELLIA_SUBKEY_L(2) ^ CAMELLIA_SUBKEY_R(2),
707 dw = CAMELLIA_RL8(dw);/* round 1 */
708 CAMELLIA_SUBKEY_R(2) = CAMELLIA_SUBKEY_L(2) ^ dw,
709 CAMELLIA_SUBKEY_L(2) = dw;
710 dw = CAMELLIA_SUBKEY_L(3) ^ CAMELLIA_SUBKEY_R(3),
711 dw = CAMELLIA_RL8(dw);/* round 2 */
712 CAMELLIA_SUBKEY_R(3) = CAMELLIA_SUBKEY_L(3) ^ dw,
713 CAMELLIA_SUBKEY_L(3) = dw;
714 dw = CAMELLIA_SUBKEY_L(4) ^ CAMELLIA_SUBKEY_R(4),
715 dw = CAMELLIA_RL8(dw);/* round 3 */
716 CAMELLIA_SUBKEY_R(4) = CAMELLIA_SUBKEY_L(4) ^ dw,
717 CAMELLIA_SUBKEY_L(4) = dw;
718 dw = CAMELLIA_SUBKEY_L(5) ^ CAMELLIA_SUBKEY_R(5),
719 dw = CAMELLIA_RL8(dw);/* round 4 */
720 CAMELLIA_SUBKEY_R(5) = CAMELLIA_SUBKEY_L(5) ^ dw,
721 CAMELLIA_SUBKEY_L(5) = dw;
722 dw = CAMELLIA_SUBKEY_L(6) ^ CAMELLIA_SUBKEY_R(6),
723 dw = CAMELLIA_RL8(dw);/* round 5 */
724 CAMELLIA_SUBKEY_R(6) = CAMELLIA_SUBKEY_L(6) ^ dw,
725 CAMELLIA_SUBKEY_L(6) = dw;
726 dw = CAMELLIA_SUBKEY_L(7) ^ CAMELLIA_SUBKEY_R(7),
727 dw = CAMELLIA_RL8(dw);/* round 6 */
728 CAMELLIA_SUBKEY_R(7) = CAMELLIA_SUBKEY_L(7) ^ dw,
729 CAMELLIA_SUBKEY_L(7) = dw;
730 dw = CAMELLIA_SUBKEY_L(10) ^ CAMELLIA_SUBKEY_R(10),
731 dw = CAMELLIA_RL8(dw);/* round 7 */
732 CAMELLIA_SUBKEY_R(10) = CAMELLIA_SUBKEY_L(10) ^ dw,
733 CAMELLIA_SUBKEY_L(10) = dw;
734 dw = CAMELLIA_SUBKEY_L(11) ^ CAMELLIA_SUBKEY_R(11),
735 dw = CAMELLIA_RL8(dw);/* round 8 */
736 CAMELLIA_SUBKEY_R(11) = CAMELLIA_SUBKEY_L(11) ^ dw,
737 CAMELLIA_SUBKEY_L(11) = dw;
738 dw = CAMELLIA_SUBKEY_L(12) ^ CAMELLIA_SUBKEY_R(12),
739 dw = CAMELLIA_RL8(dw);/* round 9 */
740 CAMELLIA_SUBKEY_R(12) = CAMELLIA_SUBKEY_L(12) ^ dw,
741 CAMELLIA_SUBKEY_L(12) = dw;
742 dw = CAMELLIA_SUBKEY_L(13) ^ CAMELLIA_SUBKEY_R(13),
743 dw = CAMELLIA_RL8(dw);/* round 10 */
744 CAMELLIA_SUBKEY_R(13) = CAMELLIA_SUBKEY_L(13) ^ dw,
745 CAMELLIA_SUBKEY_L(13) = dw;
746 dw = CAMELLIA_SUBKEY_L(14) ^ CAMELLIA_SUBKEY_R(14),
747 dw = CAMELLIA_RL8(dw);/* round 11 */
748 CAMELLIA_SUBKEY_R(14) = CAMELLIA_SUBKEY_L(14) ^ dw,
749 CAMELLIA_SUBKEY_L(14) = dw;
750 dw = CAMELLIA_SUBKEY_L(15) ^ CAMELLIA_SUBKEY_R(15),
751 dw = CAMELLIA_RL8(dw);/* round 12 */
752 CAMELLIA_SUBKEY_R(15) = CAMELLIA_SUBKEY_L(15) ^ dw,
753 CAMELLIA_SUBKEY_L(15) = dw;
754 dw = CAMELLIA_SUBKEY_L(18) ^ CAMELLIA_SUBKEY_R(18),
755 dw = CAMELLIA_RL8(dw);/* round 13 */
756 CAMELLIA_SUBKEY_R(18) = CAMELLIA_SUBKEY_L(18) ^ dw,
757 CAMELLIA_SUBKEY_L(18) = dw;
758 dw = CAMELLIA_SUBKEY_L(19) ^ CAMELLIA_SUBKEY_R(19),
759 dw = CAMELLIA_RL8(dw);/* round 14 */
760 CAMELLIA_SUBKEY_R(19) = CAMELLIA_SUBKEY_L(19) ^ dw,
761 CAMELLIA_SUBKEY_L(19) = dw;
762 dw = CAMELLIA_SUBKEY_L(20) ^ CAMELLIA_SUBKEY_R(20),
763 dw = CAMELLIA_RL8(dw);/* round 15 */
764 CAMELLIA_SUBKEY_R(20) = CAMELLIA_SUBKEY_L(20) ^ dw,
765 CAMELLIA_SUBKEY_L(20) = dw;
766 dw = CAMELLIA_SUBKEY_L(21) ^ CAMELLIA_SUBKEY_R(21),
767 dw = CAMELLIA_RL8(dw);/* round 16 */
768 CAMELLIA_SUBKEY_R(21) = CAMELLIA_SUBKEY_L(21) ^ dw,
769 CAMELLIA_SUBKEY_L(21) = dw;
770 dw = CAMELLIA_SUBKEY_L(22) ^ CAMELLIA_SUBKEY_R(22),
771 dw = CAMELLIA_RL8(dw);/* round 17 */
772 CAMELLIA_SUBKEY_R(22) = CAMELLIA_SUBKEY_L(22) ^ dw,
773 CAMELLIA_SUBKEY_L(22) = dw;
774 dw = CAMELLIA_SUBKEY_L(23) ^ CAMELLIA_SUBKEY_R(23),
775 dw = CAMELLIA_RL8(dw);/* round 18 */
776 CAMELLIA_SUBKEY_R(23) = CAMELLIA_SUBKEY_L(23) ^ dw,
777 CAMELLIA_SUBKEY_L(23) = dw;
778
779 return;
780} 696}
781 697
782
783static void camellia_setup256(const unsigned char *key, u32 *subkey) 698static void camellia_setup256(const unsigned char *key, u32 *subkey)
784{ 699{
785 u32 kll,klr,krl,krr; /* left half of key */ 700 u32 kll, klr, krl, krr; /* left half of key */
786 u32 krll,krlr,krrl,krrr; /* right half of key */ 701 u32 krll, krlr, krrl, krrr; /* right half of key */
787 u32 il, ir, t0, t1, w0, w1; /* temporary variables */ 702 u32 il, ir, t0, t1, w0, w1; /* temporary variables */
788 u32 kw4l, kw4r, dw, tl, tr;
789 u32 subL[34]; 703 u32 subL[34];
790 u32 subR[34]; 704 u32 subR[34];
791 705
792 /** 706 /**
793 * key = (kll || klr || krl || krr || krll || krlr || krrl || krrr) 707 * key = (kll || klr || krl || krr || krll || krlr || krrl || krrr)
794 * (|| is concatination) 708 * (|| is concatenation)
795 */ 709 */
796 710 GETU32(kll, key );
797 kll = GETU32(key ); 711 GETU32(klr, key + 4);
798 klr = GETU32(key + 4); 712 GETU32(krl, key + 8);
799 krl = GETU32(key + 8); 713 GETU32(krr, key + 12);
800 krr = GETU32(key + 12); 714 GETU32(krll, key + 16);
801 krll = GETU32(key + 16); 715 GETU32(krlr, key + 20);
802 krlr = GETU32(key + 20); 716 GETU32(krrl, key + 24);
803 krrl = GETU32(key + 24); 717 GETU32(krrr, key + 28);
804 krrr = GETU32(key + 28);
805 718
806 /* generate KL dependent subkeys */ 719 /* generate KL dependent subkeys */
807 /* kw1 */ 720 /* kw1 */
808 SUBL(0) = kll; SUBR(0) = klr; 721 subL[0] = kll; subR[0] = klr;
809 /* kw2 */ 722 /* kw2 */
810 SUBL(1) = krl; SUBR(1) = krr; 723 subL[1] = krl; subR[1] = krr;
811 CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 45); 724 ROLDQo32(kll, klr, krl, krr, w0, w1, 45);
812 /* k9 */ 725 /* k9 */
813 SUBL(12) = kll; SUBR(12) = klr; 726 subL[12] = kll; subR[12] = klr;
814 /* k10 */ 727 /* k10 */
815 SUBL(13) = krl; SUBR(13) = krr; 728 subL[13] = krl; subR[13] = krr;
816 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15); 729 ROLDQ(kll, klr, krl, krr, w0, w1, 15);
817 /* kl3 */ 730 /* kl3 */
818 SUBL(16) = kll; SUBR(16) = klr; 731 subL[16] = kll; subR[16] = klr;
819 /* kl4 */ 732 /* kl4 */
820 SUBL(17) = krl; SUBR(17) = krr; 733 subL[17] = krl; subR[17] = krr;
821 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17); 734 ROLDQ(kll, klr, krl, krr, w0, w1, 17);
822 /* k17 */ 735 /* k17 */
823 SUBL(22) = kll; SUBR(22) = klr; 736 subL[22] = kll; subR[22] = klr;
824 /* k18 */ 737 /* k18 */
825 SUBL(23) = krl; SUBR(23) = krr; 738 subL[23] = krl; subR[23] = krr;
826 CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 34); 739 ROLDQo32(kll, klr, krl, krr, w0, w1, 34);
827 /* k23 */ 740 /* k23 */
828 SUBL(30) = kll; SUBR(30) = klr; 741 subL[30] = kll; subR[30] = klr;
829 /* k24 */ 742 /* k24 */
830 SUBL(31) = krl; SUBR(31) = krr; 743 subL[31] = krl; subR[31] = krr;
831 744
832 /* generate KR dependent subkeys */ 745 /* generate KR dependent subkeys */
833 CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 15); 746 ROLDQ(krll, krlr, krrl, krrr, w0, w1, 15);
834 /* k3 */ 747 /* k3 */
835 SUBL(4) = krll; SUBR(4) = krlr; 748 subL[4] = krll; subR[4] = krlr;
836 /* k4 */ 749 /* k4 */
837 SUBL(5) = krrl; SUBR(5) = krrr; 750 subL[5] = krrl; subR[5] = krrr;
838 CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 15); 751 ROLDQ(krll, krlr, krrl, krrr, w0, w1, 15);
839 /* kl1 */ 752 /* kl1 */
840 SUBL(8) = krll; SUBR(8) = krlr; 753 subL[8] = krll; subR[8] = krlr;
841 /* kl2 */ 754 /* kl2 */
842 SUBL(9) = krrl; SUBR(9) = krrr; 755 subL[9] = krrl; subR[9] = krrr;
843 CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30); 756 ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30);
844 /* k13 */ 757 /* k13 */
845 SUBL(18) = krll; SUBR(18) = krlr; 758 subL[18] = krll; subR[18] = krlr;
846 /* k14 */ 759 /* k14 */
847 SUBL(19) = krrl; SUBR(19) = krrr; 760 subL[19] = krrl; subR[19] = krrr;
848 CAMELLIA_ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 34); 761 ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 34);
849 /* k19 */ 762 /* k19 */
850 SUBL(26) = krll; SUBR(26) = krlr; 763 subL[26] = krll; subR[26] = krlr;
851 /* k20 */ 764 /* k20 */
852 SUBL(27) = krrl; SUBR(27) = krrr; 765 subL[27] = krrl; subR[27] = krrr;
853 CAMELLIA_ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 34); 766 ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 34);
854 767
855 /* generate KA */ 768 /* generate KA */
856 kll = SUBL(0) ^ krll; klr = SUBR(0) ^ krlr; 769 kll = subL[0] ^ krll; klr = subR[0] ^ krlr;
857 krl = SUBL(1) ^ krrl; krr = SUBR(1) ^ krrr; 770 krl = subL[1] ^ krrl; krr = subR[1] ^ krrr;
858 CAMELLIA_F(kll, klr, 771 CAMELLIA_F(kll, klr,
859 CAMELLIA_SIGMA1L, CAMELLIA_SIGMA1R, 772 CAMELLIA_SIGMA1L, CAMELLIA_SIGMA1R,
860 w0, w1, il, ir, t0, t1); 773 w0, w1, il, ir, t0, t1);
@@ -885,310 +798,50 @@ static void camellia_setup256(const unsigned char *key, u32 *subkey)
885 krll ^= w0; krlr ^= w1; 798 krll ^= w0; krlr ^= w1;
886 799
887 /* generate KA dependent subkeys */ 800 /* generate KA dependent subkeys */
888 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15); 801 ROLDQ(kll, klr, krl, krr, w0, w1, 15);
889 /* k5 */ 802 /* k5 */
890 SUBL(6) = kll; SUBR(6) = klr; 803 subL[6] = kll; subR[6] = klr;
891 /* k6 */ 804 /* k6 */
892 SUBL(7) = krl; SUBR(7) = krr; 805 subL[7] = krl; subR[7] = krr;
893 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 30); 806 ROLDQ(kll, klr, krl, krr, w0, w1, 30);
894 /* k11 */ 807 /* k11 */
895 SUBL(14) = kll; SUBR(14) = klr; 808 subL[14] = kll; subR[14] = klr;
896 /* k12 */ 809 /* k12 */
897 SUBL(15) = krl; SUBR(15) = krr; 810 subL[15] = krl; subR[15] = krr;
898 /* rotation left shift 32bit */ 811 /* rotation left shift 32bit */
899 /* kl5 */ 812 /* kl5 */
900 SUBL(24) = klr; SUBR(24) = krl; 813 subL[24] = klr; subR[24] = krl;
901 /* kl6 */ 814 /* kl6 */
902 SUBL(25) = krr; SUBR(25) = kll; 815 subL[25] = krr; subR[25] = kll;
903 /* rotation left shift 49 from k11,k12 -> k21,k22 */ 816 /* rotation left shift 49 from k11,k12 -> k21,k22 */
904 CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 49); 817 ROLDQo32(kll, klr, krl, krr, w0, w1, 49);
905 /* k21 */ 818 /* k21 */
906 SUBL(28) = kll; SUBR(28) = klr; 819 subL[28] = kll; subR[28] = klr;
907 /* k22 */ 820 /* k22 */
908 SUBL(29) = krl; SUBR(29) = krr; 821 subL[29] = krl; subR[29] = krr;
909 822
910 /* generate KB dependent subkeys */ 823 /* generate KB dependent subkeys */
911 /* k1 */ 824 /* k1 */
912 SUBL(2) = krll; SUBR(2) = krlr; 825 subL[2] = krll; subR[2] = krlr;
913 /* k2 */ 826 /* k2 */
914 SUBL(3) = krrl; SUBR(3) = krrr; 827 subL[3] = krrl; subR[3] = krrr;
915 CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30); 828 ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30);
916 /* k7 */ 829 /* k7 */
917 SUBL(10) = krll; SUBR(10) = krlr; 830 subL[10] = krll; subR[10] = krlr;
918 /* k8 */ 831 /* k8 */
919 SUBL(11) = krrl; SUBR(11) = krrr; 832 subL[11] = krrl; subR[11] = krrr;
920 CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30); 833 ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30);
921 /* k15 */ 834 /* k15 */
922 SUBL(20) = krll; SUBR(20) = krlr; 835 subL[20] = krll; subR[20] = krlr;
923 /* k16 */ 836 /* k16 */
924 SUBL(21) = krrl; SUBR(21) = krrr; 837 subL[21] = krrl; subR[21] = krrr;
925 CAMELLIA_ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 51); 838 ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 51);
926 /* kw3 */ 839 /* kw3 */
927 SUBL(32) = krll; SUBR(32) = krlr; 840 subL[32] = krll; subR[32] = krlr;
928 /* kw4 */ 841 /* kw4 */
929 SUBL(33) = krrl; SUBR(33) = krrr; 842 subL[33] = krrl; subR[33] = krrr;
930
931 /* absorb kw2 to other subkeys */
932 /* round 2 */
933 SUBL(3) ^= SUBL(1); SUBR(3) ^= SUBR(1);
934 /* round 4 */
935 SUBL(5) ^= SUBL(1); SUBR(5) ^= SUBR(1);
936 /* round 6 */
937 SUBL(7) ^= SUBL(1); SUBR(7) ^= SUBR(1);
938 SUBL(1) ^= SUBR(1) & ~SUBR(9);
939 dw = SUBL(1) & SUBL(9),
940 SUBR(1) ^= CAMELLIA_RL1(dw); /* modified for FLinv(kl2) */
941 /* round 8 */
942 SUBL(11) ^= SUBL(1); SUBR(11) ^= SUBR(1);
943 /* round 10 */
944 SUBL(13) ^= SUBL(1); SUBR(13) ^= SUBR(1);
945 /* round 12 */
946 SUBL(15) ^= SUBL(1); SUBR(15) ^= SUBR(1);
947 SUBL(1) ^= SUBR(1) & ~SUBR(17);
948 dw = SUBL(1) & SUBL(17),
949 SUBR(1) ^= CAMELLIA_RL1(dw); /* modified for FLinv(kl4) */
950 /* round 14 */
951 SUBL(19) ^= SUBL(1); SUBR(19) ^= SUBR(1);
952 /* round 16 */
953 SUBL(21) ^= SUBL(1); SUBR(21) ^= SUBR(1);
954 /* round 18 */
955 SUBL(23) ^= SUBL(1); SUBR(23) ^= SUBR(1);
956 SUBL(1) ^= SUBR(1) & ~SUBR(25);
957 dw = SUBL(1) & SUBL(25),
958 SUBR(1) ^= CAMELLIA_RL1(dw); /* modified for FLinv(kl6) */
959 /* round 20 */
960 SUBL(27) ^= SUBL(1); SUBR(27) ^= SUBR(1);
961 /* round 22 */
962 SUBL(29) ^= SUBL(1); SUBR(29) ^= SUBR(1);
963 /* round 24 */
964 SUBL(31) ^= SUBL(1); SUBR(31) ^= SUBR(1);
965 /* kw3 */
966 SUBL(32) ^= SUBL(1); SUBR(32) ^= SUBR(1);
967
968
969 /* absorb kw4 to other subkeys */
970 kw4l = SUBL(33); kw4r = SUBR(33);
971 /* round 23 */
972 SUBL(30) ^= kw4l; SUBR(30) ^= kw4r;
973 /* round 21 */
974 SUBL(28) ^= kw4l; SUBR(28) ^= kw4r;
975 /* round 19 */
976 SUBL(26) ^= kw4l; SUBR(26) ^= kw4r;
977 kw4l ^= kw4r & ~SUBR(24);
978 dw = kw4l & SUBL(24),
979 kw4r ^= CAMELLIA_RL1(dw); /* modified for FL(kl5) */
980 /* round 17 */
981 SUBL(22) ^= kw4l; SUBR(22) ^= kw4r;
982 /* round 15 */
983 SUBL(20) ^= kw4l; SUBR(20) ^= kw4r;
984 /* round 13 */
985 SUBL(18) ^= kw4l; SUBR(18) ^= kw4r;
986 kw4l ^= kw4r & ~SUBR(16);
987 dw = kw4l & SUBL(16),
988 kw4r ^= CAMELLIA_RL1(dw); /* modified for FL(kl3) */
989 /* round 11 */
990 SUBL(14) ^= kw4l; SUBR(14) ^= kw4r;
991 /* round 9 */
992 SUBL(12) ^= kw4l; SUBR(12) ^= kw4r;
993 /* round 7 */
994 SUBL(10) ^= kw4l; SUBR(10) ^= kw4r;
995 kw4l ^= kw4r & ~SUBR(8);
996 dw = kw4l & SUBL(8),
997 kw4r ^= CAMELLIA_RL1(dw); /* modified for FL(kl1) */
998 /* round 5 */
999 SUBL(6) ^= kw4l; SUBR(6) ^= kw4r;
1000 /* round 3 */
1001 SUBL(4) ^= kw4l; SUBR(4) ^= kw4r;
1002 /* round 1 */
1003 SUBL(2) ^= kw4l; SUBR(2) ^= kw4r;
1004 /* kw1 */
1005 SUBL(0) ^= kw4l; SUBR(0) ^= kw4r;
1006 843
1007 /* key XOR is end of F-function */ 844 camellia_setup_tail(subkey, subL, subR, 32);
1008 CAMELLIA_SUBKEY_L(0) = SUBL(0) ^ SUBL(2);/* kw1 */
1009 CAMELLIA_SUBKEY_R(0) = SUBR(0) ^ SUBR(2);
1010 CAMELLIA_SUBKEY_L(2) = SUBL(3); /* round 1 */
1011 CAMELLIA_SUBKEY_R(2) = SUBR(3);
1012 CAMELLIA_SUBKEY_L(3) = SUBL(2) ^ SUBL(4); /* round 2 */
1013 CAMELLIA_SUBKEY_R(3) = SUBR(2) ^ SUBR(4);
1014 CAMELLIA_SUBKEY_L(4) = SUBL(3) ^ SUBL(5); /* round 3 */
1015 CAMELLIA_SUBKEY_R(4) = SUBR(3) ^ SUBR(5);
1016 CAMELLIA_SUBKEY_L(5) = SUBL(4) ^ SUBL(6); /* round 4 */
1017 CAMELLIA_SUBKEY_R(5) = SUBR(4) ^ SUBR(6);
1018 CAMELLIA_SUBKEY_L(6) = SUBL(5) ^ SUBL(7); /* round 5 */
1019 CAMELLIA_SUBKEY_R(6) = SUBR(5) ^ SUBR(7);
1020 tl = SUBL(10) ^ (SUBR(10) & ~SUBR(8));
1021 dw = tl & SUBL(8), /* FL(kl1) */
1022 tr = SUBR(10) ^ CAMELLIA_RL1(dw);
1023 CAMELLIA_SUBKEY_L(7) = SUBL(6) ^ tl; /* round 6 */
1024 CAMELLIA_SUBKEY_R(7) = SUBR(6) ^ tr;
1025 CAMELLIA_SUBKEY_L(8) = SUBL(8); /* FL(kl1) */
1026 CAMELLIA_SUBKEY_R(8) = SUBR(8);
1027 CAMELLIA_SUBKEY_L(9) = SUBL(9); /* FLinv(kl2) */
1028 CAMELLIA_SUBKEY_R(9) = SUBR(9);
1029 tl = SUBL(7) ^ (SUBR(7) & ~SUBR(9));
1030 dw = tl & SUBL(9), /* FLinv(kl2) */
1031 tr = SUBR(7) ^ CAMELLIA_RL1(dw);
1032 CAMELLIA_SUBKEY_L(10) = tl ^ SUBL(11); /* round 7 */
1033 CAMELLIA_SUBKEY_R(10) = tr ^ SUBR(11);
1034 CAMELLIA_SUBKEY_L(11) = SUBL(10) ^ SUBL(12); /* round 8 */
1035 CAMELLIA_SUBKEY_R(11) = SUBR(10) ^ SUBR(12);
1036 CAMELLIA_SUBKEY_L(12) = SUBL(11) ^ SUBL(13); /* round 9 */
1037 CAMELLIA_SUBKEY_R(12) = SUBR(11) ^ SUBR(13);
1038 CAMELLIA_SUBKEY_L(13) = SUBL(12) ^ SUBL(14); /* round 10 */
1039 CAMELLIA_SUBKEY_R(13) = SUBR(12) ^ SUBR(14);
1040 CAMELLIA_SUBKEY_L(14) = SUBL(13) ^ SUBL(15); /* round 11 */
1041 CAMELLIA_SUBKEY_R(14) = SUBR(13) ^ SUBR(15);
1042 tl = SUBL(18) ^ (SUBR(18) & ~SUBR(16));
1043 dw = tl & SUBL(16), /* FL(kl3) */
1044 tr = SUBR(18) ^ CAMELLIA_RL1(dw);
1045 CAMELLIA_SUBKEY_L(15) = SUBL(14) ^ tl; /* round 12 */
1046 CAMELLIA_SUBKEY_R(15) = SUBR(14) ^ tr;
1047 CAMELLIA_SUBKEY_L(16) = SUBL(16); /* FL(kl3) */
1048 CAMELLIA_SUBKEY_R(16) = SUBR(16);
1049 CAMELLIA_SUBKEY_L(17) = SUBL(17); /* FLinv(kl4) */
1050 CAMELLIA_SUBKEY_R(17) = SUBR(17);
1051 tl = SUBL(15) ^ (SUBR(15) & ~SUBR(17));
1052 dw = tl & SUBL(17), /* FLinv(kl4) */
1053 tr = SUBR(15) ^ CAMELLIA_RL1(dw);
1054 CAMELLIA_SUBKEY_L(18) = tl ^ SUBL(19); /* round 13 */
1055 CAMELLIA_SUBKEY_R(18) = tr ^ SUBR(19);
1056 CAMELLIA_SUBKEY_L(19) = SUBL(18) ^ SUBL(20); /* round 14 */
1057 CAMELLIA_SUBKEY_R(19) = SUBR(18) ^ SUBR(20);
1058 CAMELLIA_SUBKEY_L(20) = SUBL(19) ^ SUBL(21); /* round 15 */
1059 CAMELLIA_SUBKEY_R(20) = SUBR(19) ^ SUBR(21);
1060 CAMELLIA_SUBKEY_L(21) = SUBL(20) ^ SUBL(22); /* round 16 */
1061 CAMELLIA_SUBKEY_R(21) = SUBR(20) ^ SUBR(22);
1062 CAMELLIA_SUBKEY_L(22) = SUBL(21) ^ SUBL(23); /* round 17 */
1063 CAMELLIA_SUBKEY_R(22) = SUBR(21) ^ SUBR(23);
1064 tl = SUBL(26) ^ (SUBR(26)
1065 & ~SUBR(24));
1066 dw = tl & SUBL(24), /* FL(kl5) */
1067 tr = SUBR(26) ^ CAMELLIA_RL1(dw);
1068 CAMELLIA_SUBKEY_L(23) = SUBL(22) ^ tl; /* round 18 */
1069 CAMELLIA_SUBKEY_R(23) = SUBR(22) ^ tr;
1070 CAMELLIA_SUBKEY_L(24) = SUBL(24); /* FL(kl5) */
1071 CAMELLIA_SUBKEY_R(24) = SUBR(24);
1072 CAMELLIA_SUBKEY_L(25) = SUBL(25); /* FLinv(kl6) */
1073 CAMELLIA_SUBKEY_R(25) = SUBR(25);
1074 tl = SUBL(23) ^ (SUBR(23) &
1075 ~SUBR(25));
1076 dw = tl & SUBL(25), /* FLinv(kl6) */
1077 tr = SUBR(23) ^ CAMELLIA_RL1(dw);
1078 CAMELLIA_SUBKEY_L(26) = tl ^ SUBL(27); /* round 19 */
1079 CAMELLIA_SUBKEY_R(26) = tr ^ SUBR(27);
1080 CAMELLIA_SUBKEY_L(27) = SUBL(26) ^ SUBL(28); /* round 20 */
1081 CAMELLIA_SUBKEY_R(27) = SUBR(26) ^ SUBR(28);
1082 CAMELLIA_SUBKEY_L(28) = SUBL(27) ^ SUBL(29); /* round 21 */
1083 CAMELLIA_SUBKEY_R(28) = SUBR(27) ^ SUBR(29);
1084 CAMELLIA_SUBKEY_L(29) = SUBL(28) ^ SUBL(30); /* round 22 */
1085 CAMELLIA_SUBKEY_R(29) = SUBR(28) ^ SUBR(30);
1086 CAMELLIA_SUBKEY_L(30) = SUBL(29) ^ SUBL(31); /* round 23 */
1087 CAMELLIA_SUBKEY_R(30) = SUBR(29) ^ SUBR(31);
1088 CAMELLIA_SUBKEY_L(31) = SUBL(30); /* round 24 */
1089 CAMELLIA_SUBKEY_R(31) = SUBR(30);
1090 CAMELLIA_SUBKEY_L(32) = SUBL(32) ^ SUBL(31); /* kw3 */
1091 CAMELLIA_SUBKEY_R(32) = SUBR(32) ^ SUBR(31);
1092
1093 /* apply the inverse of the last half of P-function */
1094 dw = CAMELLIA_SUBKEY_L(2) ^ CAMELLIA_SUBKEY_R(2),
1095 dw = CAMELLIA_RL8(dw);/* round 1 */
1096 CAMELLIA_SUBKEY_R(2) = CAMELLIA_SUBKEY_L(2) ^ dw,
1097 CAMELLIA_SUBKEY_L(2) = dw;
1098 dw = CAMELLIA_SUBKEY_L(3) ^ CAMELLIA_SUBKEY_R(3),
1099 dw = CAMELLIA_RL8(dw);/* round 2 */
1100 CAMELLIA_SUBKEY_R(3) = CAMELLIA_SUBKEY_L(3) ^ dw,
1101 CAMELLIA_SUBKEY_L(3) = dw;
1102 dw = CAMELLIA_SUBKEY_L(4) ^ CAMELLIA_SUBKEY_R(4),
1103 dw = CAMELLIA_RL8(dw);/* round 3 */
1104 CAMELLIA_SUBKEY_R(4) = CAMELLIA_SUBKEY_L(4) ^ dw,
1105 CAMELLIA_SUBKEY_L(4) = dw;
1106 dw = CAMELLIA_SUBKEY_L(5) ^ CAMELLIA_SUBKEY_R(5),
1107 dw = CAMELLIA_RL8(dw);/* round 4 */
1108 CAMELLIA_SUBKEY_R(5) = CAMELLIA_SUBKEY_L(5) ^ dw,
1109 CAMELLIA_SUBKEY_L(5) = dw;
1110 dw = CAMELLIA_SUBKEY_L(6) ^ CAMELLIA_SUBKEY_R(6),
1111 dw = CAMELLIA_RL8(dw);/* round 5 */
1112 CAMELLIA_SUBKEY_R(6) = CAMELLIA_SUBKEY_L(6) ^ dw,
1113 CAMELLIA_SUBKEY_L(6) = dw;
1114 dw = CAMELLIA_SUBKEY_L(7) ^ CAMELLIA_SUBKEY_R(7),
1115 dw = CAMELLIA_RL8(dw);/* round 6 */
1116 CAMELLIA_SUBKEY_R(7) = CAMELLIA_SUBKEY_L(7) ^ dw,
1117 CAMELLIA_SUBKEY_L(7) = dw;
1118 dw = CAMELLIA_SUBKEY_L(10) ^ CAMELLIA_SUBKEY_R(10),
1119 dw = CAMELLIA_RL8(dw);/* round 7 */
1120 CAMELLIA_SUBKEY_R(10) = CAMELLIA_SUBKEY_L(10) ^ dw,
1121 CAMELLIA_SUBKEY_L(10) = dw;
1122 dw = CAMELLIA_SUBKEY_L(11) ^ CAMELLIA_SUBKEY_R(11),
1123 dw = CAMELLIA_RL8(dw);/* round 8 */
1124 CAMELLIA_SUBKEY_R(11) = CAMELLIA_SUBKEY_L(11) ^ dw,
1125 CAMELLIA_SUBKEY_L(11) = dw;
1126 dw = CAMELLIA_SUBKEY_L(12) ^ CAMELLIA_SUBKEY_R(12),
1127 dw = CAMELLIA_RL8(dw);/* round 9 */
1128 CAMELLIA_SUBKEY_R(12) = CAMELLIA_SUBKEY_L(12) ^ dw,
1129 CAMELLIA_SUBKEY_L(12) = dw;
1130 dw = CAMELLIA_SUBKEY_L(13) ^ CAMELLIA_SUBKEY_R(13),
1131 dw = CAMELLIA_RL8(dw);/* round 10 */
1132 CAMELLIA_SUBKEY_R(13) = CAMELLIA_SUBKEY_L(13) ^ dw,
1133 CAMELLIA_SUBKEY_L(13) = dw;
1134 dw = CAMELLIA_SUBKEY_L(14) ^ CAMELLIA_SUBKEY_R(14),
1135 dw = CAMELLIA_RL8(dw);/* round 11 */
1136 CAMELLIA_SUBKEY_R(14) = CAMELLIA_SUBKEY_L(14) ^ dw,
1137 CAMELLIA_SUBKEY_L(14) = dw;
1138 dw = CAMELLIA_SUBKEY_L(15) ^ CAMELLIA_SUBKEY_R(15),
1139 dw = CAMELLIA_RL8(dw);/* round 12 */
1140 CAMELLIA_SUBKEY_R(15) = CAMELLIA_SUBKEY_L(15) ^ dw,
1141 CAMELLIA_SUBKEY_L(15) = dw;
1142 dw = CAMELLIA_SUBKEY_L(18) ^ CAMELLIA_SUBKEY_R(18),
1143 dw = CAMELLIA_RL8(dw);/* round 13 */
1144 CAMELLIA_SUBKEY_R(18) = CAMELLIA_SUBKEY_L(18) ^ dw,
1145 CAMELLIA_SUBKEY_L(18) = dw;
1146 dw = CAMELLIA_SUBKEY_L(19) ^ CAMELLIA_SUBKEY_R(19),
1147 dw = CAMELLIA_RL8(dw);/* round 14 */
1148 CAMELLIA_SUBKEY_R(19) = CAMELLIA_SUBKEY_L(19) ^ dw,
1149 CAMELLIA_SUBKEY_L(19) = dw;
1150 dw = CAMELLIA_SUBKEY_L(20) ^ CAMELLIA_SUBKEY_R(20),
1151 dw = CAMELLIA_RL8(dw);/* round 15 */
1152 CAMELLIA_SUBKEY_R(20) = CAMELLIA_SUBKEY_L(20) ^ dw,
1153 CAMELLIA_SUBKEY_L(20) = dw;
1154 dw = CAMELLIA_SUBKEY_L(21) ^ CAMELLIA_SUBKEY_R(21),
1155 dw = CAMELLIA_RL8(dw);/* round 16 */
1156 CAMELLIA_SUBKEY_R(21) = CAMELLIA_SUBKEY_L(21) ^ dw,
1157 CAMELLIA_SUBKEY_L(21) = dw;
1158 dw = CAMELLIA_SUBKEY_L(22) ^ CAMELLIA_SUBKEY_R(22),
1159 dw = CAMELLIA_RL8(dw);/* round 17 */
1160 CAMELLIA_SUBKEY_R(22) = CAMELLIA_SUBKEY_L(22) ^ dw,
1161 CAMELLIA_SUBKEY_L(22) = dw;
1162 dw = CAMELLIA_SUBKEY_L(23) ^ CAMELLIA_SUBKEY_R(23),
1163 dw = CAMELLIA_RL8(dw);/* round 18 */
1164 CAMELLIA_SUBKEY_R(23) = CAMELLIA_SUBKEY_L(23) ^ dw,
1165 CAMELLIA_SUBKEY_L(23) = dw;
1166 dw = CAMELLIA_SUBKEY_L(26) ^ CAMELLIA_SUBKEY_R(26),
1167 dw = CAMELLIA_RL8(dw);/* round 19 */
1168 CAMELLIA_SUBKEY_R(26) = CAMELLIA_SUBKEY_L(26) ^ dw,
1169 CAMELLIA_SUBKEY_L(26) = dw;
1170 dw = CAMELLIA_SUBKEY_L(27) ^ CAMELLIA_SUBKEY_R(27),
1171 dw = CAMELLIA_RL8(dw);/* round 20 */
1172 CAMELLIA_SUBKEY_R(27) = CAMELLIA_SUBKEY_L(27) ^ dw,
1173 CAMELLIA_SUBKEY_L(27) = dw;
1174 dw = CAMELLIA_SUBKEY_L(28) ^ CAMELLIA_SUBKEY_R(28),
1175 dw = CAMELLIA_RL8(dw);/* round 21 */
1176 CAMELLIA_SUBKEY_R(28) = CAMELLIA_SUBKEY_L(28) ^ dw,
1177 CAMELLIA_SUBKEY_L(28) = dw;
1178 dw = CAMELLIA_SUBKEY_L(29) ^ CAMELLIA_SUBKEY_R(29),
1179 dw = CAMELLIA_RL8(dw);/* round 22 */
1180 CAMELLIA_SUBKEY_R(29) = CAMELLIA_SUBKEY_L(29) ^ dw,
1181 CAMELLIA_SUBKEY_L(29) = dw;
1182 dw = CAMELLIA_SUBKEY_L(30) ^ CAMELLIA_SUBKEY_R(30),
1183 dw = CAMELLIA_RL8(dw);/* round 23 */
1184 CAMELLIA_SUBKEY_R(30) = CAMELLIA_SUBKEY_L(30) ^ dw,
1185 CAMELLIA_SUBKEY_L(30) = dw;
1186 dw = CAMELLIA_SUBKEY_L(31) ^ CAMELLIA_SUBKEY_R(31),
1187 dw = CAMELLIA_RL8(dw);/* round 24 */
1188 CAMELLIA_SUBKEY_R(31) = CAMELLIA_SUBKEY_L(31) ^ dw,
1189 CAMELLIA_SUBKEY_L(31) = dw;
1190
1191 return;
1192} 845}
1193 846
1194static void camellia_setup192(const unsigned char *key, u32 *subkey) 847static void camellia_setup192(const unsigned char *key, u32 *subkey)
@@ -1197,482 +850,168 @@ static void camellia_setup192(const unsigned char *key, u32 *subkey)
1197 u32 krll, krlr, krrl,krrr; 850 u32 krll, krlr, krrl,krrr;
1198 851
1199 memcpy(kk, key, 24); 852 memcpy(kk, key, 24);
1200 memcpy((unsigned char *)&krll, key+16,4); 853 memcpy((unsigned char *)&krll, key+16, 4);
1201 memcpy((unsigned char *)&krlr, key+20,4); 854 memcpy((unsigned char *)&krlr, key+20, 4);
1202 krrl = ~krll; 855 krrl = ~krll;
1203 krrr = ~krlr; 856 krrr = ~krlr;
1204 memcpy(kk+24, (unsigned char *)&krrl, 4); 857 memcpy(kk+24, (unsigned char *)&krrl, 4);
1205 memcpy(kk+28, (unsigned char *)&krrr, 4); 858 memcpy(kk+28, (unsigned char *)&krrr, 4);
1206 camellia_setup256(kk, subkey); 859 camellia_setup256(kk, subkey);
1207 return;
1208} 860}
1209 861
1210 862
1211/** 863/*
1212 * Stuff related to camellia encryption/decryption 864 * Encrypt/decrypt
1213 */ 865 */
1214static void camellia_encrypt128(const u32 *subkey, __be32 *io_text) 866#define CAMELLIA_FLS(ll, lr, rl, rr, kll, klr, krl, krr, t0, t1, t2, t3) \
1215{ 867 do { \
1216 u32 il,ir,t0,t1; /* temporary valiables */ 868 t0 = kll; \
1217 869 t2 = krr; \
1218 u32 io[4]; 870 t0 &= ll; \
1219 871 t2 |= rr; \
1220 io[0] = be32_to_cpu(io_text[0]); 872 rl ^= t2; \
1221 io[1] = be32_to_cpu(io_text[1]); 873 lr ^= ROL1(t0); \
1222 io[2] = be32_to_cpu(io_text[2]); 874 t3 = krl; \
1223 io[3] = be32_to_cpu(io_text[3]); 875 t1 = klr; \
1224 876 t3 &= rl; \
1225 /* pre whitening but absorb kw2*/ 877 t1 |= lr; \
1226 io[0] ^= CAMELLIA_SUBKEY_L(0); 878 ll ^= t1; \
1227 io[1] ^= CAMELLIA_SUBKEY_R(0); 879 rr ^= ROL1(t3); \
1228 /* main iteration */ 880 } while(0)
1229
1230 CAMELLIA_ROUNDSM(io[0],io[1],
1231 CAMELLIA_SUBKEY_L(2),CAMELLIA_SUBKEY_R(2),
1232 io[2],io[3],il,ir,t0,t1);
1233 CAMELLIA_ROUNDSM(io[2],io[3],
1234 CAMELLIA_SUBKEY_L(3),CAMELLIA_SUBKEY_R(3),
1235 io[0],io[1],il,ir,t0,t1);
1236 CAMELLIA_ROUNDSM(io[0],io[1],
1237 CAMELLIA_SUBKEY_L(4),CAMELLIA_SUBKEY_R(4),
1238 io[2],io[3],il,ir,t0,t1);
1239 CAMELLIA_ROUNDSM(io[2],io[3],
1240 CAMELLIA_SUBKEY_L(5),CAMELLIA_SUBKEY_R(5),
1241 io[0],io[1],il,ir,t0,t1);
1242 CAMELLIA_ROUNDSM(io[0],io[1],
1243 CAMELLIA_SUBKEY_L(6),CAMELLIA_SUBKEY_R(6),
1244 io[2],io[3],il,ir,t0,t1);
1245 CAMELLIA_ROUNDSM(io[2],io[3],
1246 CAMELLIA_SUBKEY_L(7),CAMELLIA_SUBKEY_R(7),
1247 io[0],io[1],il,ir,t0,t1);
1248
1249 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1250 CAMELLIA_SUBKEY_L(8),CAMELLIA_SUBKEY_R(8),
1251 CAMELLIA_SUBKEY_L(9),CAMELLIA_SUBKEY_R(9),
1252 t0,t1,il,ir);
1253
1254 CAMELLIA_ROUNDSM(io[0],io[1],
1255 CAMELLIA_SUBKEY_L(10),CAMELLIA_SUBKEY_R(10),
1256 io[2],io[3],il,ir,t0,t1);
1257 CAMELLIA_ROUNDSM(io[2],io[3],
1258 CAMELLIA_SUBKEY_L(11),CAMELLIA_SUBKEY_R(11),
1259 io[0],io[1],il,ir,t0,t1);
1260 CAMELLIA_ROUNDSM(io[0],io[1],
1261 CAMELLIA_SUBKEY_L(12),CAMELLIA_SUBKEY_R(12),
1262 io[2],io[3],il,ir,t0,t1);
1263 CAMELLIA_ROUNDSM(io[2],io[3],
1264 CAMELLIA_SUBKEY_L(13),CAMELLIA_SUBKEY_R(13),
1265 io[0],io[1],il,ir,t0,t1);
1266 CAMELLIA_ROUNDSM(io[0],io[1],
1267 CAMELLIA_SUBKEY_L(14),CAMELLIA_SUBKEY_R(14),
1268 io[2],io[3],il,ir,t0,t1);
1269 CAMELLIA_ROUNDSM(io[2],io[3],
1270 CAMELLIA_SUBKEY_L(15),CAMELLIA_SUBKEY_R(15),
1271 io[0],io[1],il,ir,t0,t1);
1272
1273 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1274 CAMELLIA_SUBKEY_L(16),CAMELLIA_SUBKEY_R(16),
1275 CAMELLIA_SUBKEY_L(17),CAMELLIA_SUBKEY_R(17),
1276 t0,t1,il,ir);
1277
1278 CAMELLIA_ROUNDSM(io[0],io[1],
1279 CAMELLIA_SUBKEY_L(18),CAMELLIA_SUBKEY_R(18),
1280 io[2],io[3],il,ir,t0,t1);
1281 CAMELLIA_ROUNDSM(io[2],io[3],
1282 CAMELLIA_SUBKEY_L(19),CAMELLIA_SUBKEY_R(19),
1283 io[0],io[1],il,ir,t0,t1);
1284 CAMELLIA_ROUNDSM(io[0],io[1],
1285 CAMELLIA_SUBKEY_L(20),CAMELLIA_SUBKEY_R(20),
1286 io[2],io[3],il,ir,t0,t1);
1287 CAMELLIA_ROUNDSM(io[2],io[3],
1288 CAMELLIA_SUBKEY_L(21),CAMELLIA_SUBKEY_R(21),
1289 io[0],io[1],il,ir,t0,t1);
1290 CAMELLIA_ROUNDSM(io[0],io[1],
1291 CAMELLIA_SUBKEY_L(22),CAMELLIA_SUBKEY_R(22),
1292 io[2],io[3],il,ir,t0,t1);
1293 CAMELLIA_ROUNDSM(io[2],io[3],
1294 CAMELLIA_SUBKEY_L(23),CAMELLIA_SUBKEY_R(23),
1295 io[0],io[1],il,ir,t0,t1);
1296 881
1297 /* post whitening but kw4 */ 882#define CAMELLIA_ROUNDSM(xl, xr, kl, kr, yl, yr, il, ir) \
1298 io[2] ^= CAMELLIA_SUBKEY_L(24); 883 do { \
1299 io[3] ^= CAMELLIA_SUBKEY_R(24); 884 ir = camellia_sp1110[(u8)xr]; \
1300 885 il = camellia_sp1110[ (xl >> 24)]; \
1301 t0 = io[0]; 886 ir ^= camellia_sp0222[ (xr >> 24)]; \
1302 t1 = io[1]; 887 il ^= camellia_sp0222[(u8)(xl >> 16)]; \
1303 io[0] = io[2]; 888 ir ^= camellia_sp3033[(u8)(xr >> 16)]; \
1304 io[1] = io[3]; 889 il ^= camellia_sp3033[(u8)(xl >> 8)]; \
1305 io[2] = t0; 890 ir ^= camellia_sp4404[(u8)(xr >> 8)]; \
1306 io[3] = t1; 891 il ^= camellia_sp4404[(u8)xl]; \
1307 892 il ^= kl; \
1308 io_text[0] = cpu_to_be32(io[0]); 893 ir ^= il ^ kr; \
1309 io_text[1] = cpu_to_be32(io[1]); 894 yl ^= ir; \
1310 io_text[2] = cpu_to_be32(io[2]); 895 yr ^= ROR8(il) ^ ir; \
1311 io_text[3] = cpu_to_be32(io[3]); 896 } while(0)
1312
1313 return;
1314}
1315 897
1316static void camellia_decrypt128(const u32 *subkey, __be32 *io_text) 898/* max = 24: 128bit encrypt, max = 32: 256bit encrypt */
899static void camellia_do_encrypt(const u32 *subkey, u32 *io, unsigned max)
1317{ 900{
1318 u32 il,ir,t0,t1; /* temporary valiables */ 901 u32 il,ir,t0,t1; /* temporary variables */
1319 902
1320 u32 io[4]; 903 /* pre whitening but absorb kw2 */
1321 904 io[0] ^= SUBKEY_L(0);
1322 io[0] = be32_to_cpu(io_text[0]); 905 io[1] ^= SUBKEY_R(0);
1323 io[1] = be32_to_cpu(io_text[1]);
1324 io[2] = be32_to_cpu(io_text[2]);
1325 io[3] = be32_to_cpu(io_text[3]);
1326
1327 /* pre whitening but absorb kw2*/
1328 io[0] ^= CAMELLIA_SUBKEY_L(24);
1329 io[1] ^= CAMELLIA_SUBKEY_R(24);
1330 906
1331 /* main iteration */ 907 /* main iteration */
1332 CAMELLIA_ROUNDSM(io[0],io[1], 908#define ROUNDS(i) do { \
1333 CAMELLIA_SUBKEY_L(23),CAMELLIA_SUBKEY_R(23), 909 CAMELLIA_ROUNDSM(io[0],io[1], \
1334 io[2],io[3],il,ir,t0,t1); 910 SUBKEY_L(i + 2),SUBKEY_R(i + 2), \
1335 CAMELLIA_ROUNDSM(io[2],io[3], 911 io[2],io[3],il,ir); \
1336 CAMELLIA_SUBKEY_L(22),CAMELLIA_SUBKEY_R(22), 912 CAMELLIA_ROUNDSM(io[2],io[3], \
1337 io[0],io[1],il,ir,t0,t1); 913 SUBKEY_L(i + 3),SUBKEY_R(i + 3), \
1338 CAMELLIA_ROUNDSM(io[0],io[1], 914 io[0],io[1],il,ir); \
1339 CAMELLIA_SUBKEY_L(21),CAMELLIA_SUBKEY_R(21), 915 CAMELLIA_ROUNDSM(io[0],io[1], \
1340 io[2],io[3],il,ir,t0,t1); 916 SUBKEY_L(i + 4),SUBKEY_R(i + 4), \
1341 CAMELLIA_ROUNDSM(io[2],io[3], 917 io[2],io[3],il,ir); \
1342 CAMELLIA_SUBKEY_L(20),CAMELLIA_SUBKEY_R(20), 918 CAMELLIA_ROUNDSM(io[2],io[3], \
1343 io[0],io[1],il,ir,t0,t1); 919 SUBKEY_L(i + 5),SUBKEY_R(i + 5), \
1344 CAMELLIA_ROUNDSM(io[0],io[1], 920 io[0],io[1],il,ir); \
1345 CAMELLIA_SUBKEY_L(19),CAMELLIA_SUBKEY_R(19), 921 CAMELLIA_ROUNDSM(io[0],io[1], \
1346 io[2],io[3],il,ir,t0,t1); 922 SUBKEY_L(i + 6),SUBKEY_R(i + 6), \
1347 CAMELLIA_ROUNDSM(io[2],io[3], 923 io[2],io[3],il,ir); \
1348 CAMELLIA_SUBKEY_L(18),CAMELLIA_SUBKEY_R(18), 924 CAMELLIA_ROUNDSM(io[2],io[3], \
1349 io[0],io[1],il,ir,t0,t1); 925 SUBKEY_L(i + 7),SUBKEY_R(i + 7), \
1350 926 io[0],io[1],il,ir); \
1351 CAMELLIA_FLS(io[0],io[1],io[2],io[3], 927} while (0)
1352 CAMELLIA_SUBKEY_L(17),CAMELLIA_SUBKEY_R(17), 928#define FLS(i) do { \
1353 CAMELLIA_SUBKEY_L(16),CAMELLIA_SUBKEY_R(16), 929 CAMELLIA_FLS(io[0],io[1],io[2],io[3], \
1354 t0,t1,il,ir); 930 SUBKEY_L(i + 0),SUBKEY_R(i + 0), \
1355 931 SUBKEY_L(i + 1),SUBKEY_R(i + 1), \
1356 CAMELLIA_ROUNDSM(io[0],io[1], 932 t0,t1,il,ir); \
1357 CAMELLIA_SUBKEY_L(15),CAMELLIA_SUBKEY_R(15), 933} while (0)
1358 io[2],io[3],il,ir,t0,t1); 934
1359 CAMELLIA_ROUNDSM(io[2],io[3], 935 ROUNDS(0);
1360 CAMELLIA_SUBKEY_L(14),CAMELLIA_SUBKEY_R(14), 936 FLS(8);
1361 io[0],io[1],il,ir,t0,t1); 937 ROUNDS(8);
1362 CAMELLIA_ROUNDSM(io[0],io[1], 938 FLS(16);
1363 CAMELLIA_SUBKEY_L(13),CAMELLIA_SUBKEY_R(13), 939 ROUNDS(16);
1364 io[2],io[3],il,ir,t0,t1); 940 if (max == 32) {
1365 CAMELLIA_ROUNDSM(io[2],io[3], 941 FLS(24);
1366 CAMELLIA_SUBKEY_L(12),CAMELLIA_SUBKEY_R(12), 942 ROUNDS(24);
1367 io[0],io[1],il,ir,t0,t1); 943 }
1368 CAMELLIA_ROUNDSM(io[0],io[1],
1369 CAMELLIA_SUBKEY_L(11),CAMELLIA_SUBKEY_R(11),
1370 io[2],io[3],il,ir,t0,t1);
1371 CAMELLIA_ROUNDSM(io[2],io[3],
1372 CAMELLIA_SUBKEY_L(10),CAMELLIA_SUBKEY_R(10),
1373 io[0],io[1],il,ir,t0,t1);
1374
1375 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1376 CAMELLIA_SUBKEY_L(9),CAMELLIA_SUBKEY_R(9),
1377 CAMELLIA_SUBKEY_L(8),CAMELLIA_SUBKEY_R(8),
1378 t0,t1,il,ir);
1379
1380 CAMELLIA_ROUNDSM(io[0],io[1],
1381 CAMELLIA_SUBKEY_L(7),CAMELLIA_SUBKEY_R(7),
1382 io[2],io[3],il,ir,t0,t1);
1383 CAMELLIA_ROUNDSM(io[2],io[3],
1384 CAMELLIA_SUBKEY_L(6),CAMELLIA_SUBKEY_R(6),
1385 io[0],io[1],il,ir,t0,t1);
1386 CAMELLIA_ROUNDSM(io[0],io[1],
1387 CAMELLIA_SUBKEY_L(5),CAMELLIA_SUBKEY_R(5),
1388 io[2],io[3],il,ir,t0,t1);
1389 CAMELLIA_ROUNDSM(io[2],io[3],
1390 CAMELLIA_SUBKEY_L(4),CAMELLIA_SUBKEY_R(4),
1391 io[0],io[1],il,ir,t0,t1);
1392 CAMELLIA_ROUNDSM(io[0],io[1],
1393 CAMELLIA_SUBKEY_L(3),CAMELLIA_SUBKEY_R(3),
1394 io[2],io[3],il,ir,t0,t1);
1395 CAMELLIA_ROUNDSM(io[2],io[3],
1396 CAMELLIA_SUBKEY_L(2),CAMELLIA_SUBKEY_R(2),
1397 io[0],io[1],il,ir,t0,t1);
1398
1399 /* post whitening but kw4 */
1400 io[2] ^= CAMELLIA_SUBKEY_L(0);
1401 io[3] ^= CAMELLIA_SUBKEY_R(0);
1402
1403 t0 = io[0];
1404 t1 = io[1];
1405 io[0] = io[2];
1406 io[1] = io[3];
1407 io[2] = t0;
1408 io[3] = t1;
1409
1410 io_text[0] = cpu_to_be32(io[0]);
1411 io_text[1] = cpu_to_be32(io[1]);
1412 io_text[2] = cpu_to_be32(io[2]);
1413 io_text[3] = cpu_to_be32(io[3]);
1414
1415 return;
1416}
1417
1418
1419/**
1420 * stuff for 192 and 256bit encryption/decryption
1421 */
1422static void camellia_encrypt256(const u32 *subkey, __be32 *io_text)
1423{
1424 u32 il,ir,t0,t1; /* temporary valiables */
1425
1426 u32 io[4];
1427
1428 io[0] = be32_to_cpu(io_text[0]);
1429 io[1] = be32_to_cpu(io_text[1]);
1430 io[2] = be32_to_cpu(io_text[2]);
1431 io[3] = be32_to_cpu(io_text[3]);
1432 944
1433 /* pre whitening but absorb kw2*/ 945#undef ROUNDS
1434 io[0] ^= CAMELLIA_SUBKEY_L(0); 946#undef FLS
1435 io[1] ^= CAMELLIA_SUBKEY_R(0);
1436
1437 /* main iteration */
1438 CAMELLIA_ROUNDSM(io[0],io[1],
1439 CAMELLIA_SUBKEY_L(2),CAMELLIA_SUBKEY_R(2),
1440 io[2],io[3],il,ir,t0,t1);
1441 CAMELLIA_ROUNDSM(io[2],io[3],
1442 CAMELLIA_SUBKEY_L(3),CAMELLIA_SUBKEY_R(3),
1443 io[0],io[1],il,ir,t0,t1);
1444 CAMELLIA_ROUNDSM(io[0],io[1],
1445 CAMELLIA_SUBKEY_L(4),CAMELLIA_SUBKEY_R(4),
1446 io[2],io[3],il,ir,t0,t1);
1447 CAMELLIA_ROUNDSM(io[2],io[3],
1448 CAMELLIA_SUBKEY_L(5),CAMELLIA_SUBKEY_R(5),
1449 io[0],io[1],il,ir,t0,t1);
1450 CAMELLIA_ROUNDSM(io[0],io[1],
1451 CAMELLIA_SUBKEY_L(6),CAMELLIA_SUBKEY_R(6),
1452 io[2],io[3],il,ir,t0,t1);
1453 CAMELLIA_ROUNDSM(io[2],io[3],
1454 CAMELLIA_SUBKEY_L(7),CAMELLIA_SUBKEY_R(7),
1455 io[0],io[1],il,ir,t0,t1);
1456
1457 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1458 CAMELLIA_SUBKEY_L(8),CAMELLIA_SUBKEY_R(8),
1459 CAMELLIA_SUBKEY_L(9),CAMELLIA_SUBKEY_R(9),
1460 t0,t1,il,ir);
1461
1462 CAMELLIA_ROUNDSM(io[0],io[1],
1463 CAMELLIA_SUBKEY_L(10),CAMELLIA_SUBKEY_R(10),
1464 io[2],io[3],il,ir,t0,t1);
1465 CAMELLIA_ROUNDSM(io[2],io[3],
1466 CAMELLIA_SUBKEY_L(11),CAMELLIA_SUBKEY_R(11),
1467 io[0],io[1],il,ir,t0,t1);
1468 CAMELLIA_ROUNDSM(io[0],io[1],
1469 CAMELLIA_SUBKEY_L(12),CAMELLIA_SUBKEY_R(12),
1470 io[2],io[3],il,ir,t0,t1);
1471 CAMELLIA_ROUNDSM(io[2],io[3],
1472 CAMELLIA_SUBKEY_L(13),CAMELLIA_SUBKEY_R(13),
1473 io[0],io[1],il,ir,t0,t1);
1474 CAMELLIA_ROUNDSM(io[0],io[1],
1475 CAMELLIA_SUBKEY_L(14),CAMELLIA_SUBKEY_R(14),
1476 io[2],io[3],il,ir,t0,t1);
1477 CAMELLIA_ROUNDSM(io[2],io[3],
1478 CAMELLIA_SUBKEY_L(15),CAMELLIA_SUBKEY_R(15),
1479 io[0],io[1],il,ir,t0,t1);
1480
1481 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1482 CAMELLIA_SUBKEY_L(16),CAMELLIA_SUBKEY_R(16),
1483 CAMELLIA_SUBKEY_L(17),CAMELLIA_SUBKEY_R(17),
1484 t0,t1,il,ir);
1485
1486 CAMELLIA_ROUNDSM(io[0],io[1],
1487 CAMELLIA_SUBKEY_L(18),CAMELLIA_SUBKEY_R(18),
1488 io[2],io[3],il,ir,t0,t1);
1489 CAMELLIA_ROUNDSM(io[2],io[3],
1490 CAMELLIA_SUBKEY_L(19),CAMELLIA_SUBKEY_R(19),
1491 io[0],io[1],il,ir,t0,t1);
1492 CAMELLIA_ROUNDSM(io[0],io[1],
1493 CAMELLIA_SUBKEY_L(20),CAMELLIA_SUBKEY_R(20),
1494 io[2],io[3],il,ir,t0,t1);
1495 CAMELLIA_ROUNDSM(io[2],io[3],
1496 CAMELLIA_SUBKEY_L(21),CAMELLIA_SUBKEY_R(21),
1497 io[0],io[1],il,ir,t0,t1);
1498 CAMELLIA_ROUNDSM(io[0],io[1],
1499 CAMELLIA_SUBKEY_L(22),CAMELLIA_SUBKEY_R(22),
1500 io[2],io[3],il,ir,t0,t1);
1501 CAMELLIA_ROUNDSM(io[2],io[3],
1502 CAMELLIA_SUBKEY_L(23),CAMELLIA_SUBKEY_R(23),
1503 io[0],io[1],il,ir,t0,t1);
1504
1505 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1506 CAMELLIA_SUBKEY_L(24),CAMELLIA_SUBKEY_R(24),
1507 CAMELLIA_SUBKEY_L(25),CAMELLIA_SUBKEY_R(25),
1508 t0,t1,il,ir);
1509
1510 CAMELLIA_ROUNDSM(io[0],io[1],
1511 CAMELLIA_SUBKEY_L(26),CAMELLIA_SUBKEY_R(26),
1512 io[2],io[3],il,ir,t0,t1);
1513 CAMELLIA_ROUNDSM(io[2],io[3],
1514 CAMELLIA_SUBKEY_L(27),CAMELLIA_SUBKEY_R(27),
1515 io[0],io[1],il,ir,t0,t1);
1516 CAMELLIA_ROUNDSM(io[0],io[1],
1517 CAMELLIA_SUBKEY_L(28),CAMELLIA_SUBKEY_R(28),
1518 io[2],io[3],il,ir,t0,t1);
1519 CAMELLIA_ROUNDSM(io[2],io[3],
1520 CAMELLIA_SUBKEY_L(29),CAMELLIA_SUBKEY_R(29),
1521 io[0],io[1],il,ir,t0,t1);
1522 CAMELLIA_ROUNDSM(io[0],io[1],
1523 CAMELLIA_SUBKEY_L(30),CAMELLIA_SUBKEY_R(30),
1524 io[2],io[3],il,ir,t0,t1);
1525 CAMELLIA_ROUNDSM(io[2],io[3],
1526 CAMELLIA_SUBKEY_L(31),CAMELLIA_SUBKEY_R(31),
1527 io[0],io[1],il,ir,t0,t1);
1528 947
1529 /* post whitening but kw4 */ 948 /* post whitening but kw4 */
1530 io[2] ^= CAMELLIA_SUBKEY_L(32); 949 io[2] ^= SUBKEY_L(max);
1531 io[3] ^= CAMELLIA_SUBKEY_R(32); 950 io[3] ^= SUBKEY_R(max);
1532 951 /* NB: io[0],[1] should be swapped with [2],[3] by caller! */
1533 t0 = io[0];
1534 t1 = io[1];
1535 io[0] = io[2];
1536 io[1] = io[3];
1537 io[2] = t0;
1538 io[3] = t1;
1539
1540 io_text[0] = cpu_to_be32(io[0]);
1541 io_text[1] = cpu_to_be32(io[1]);
1542 io_text[2] = cpu_to_be32(io[2]);
1543 io_text[3] = cpu_to_be32(io[3]);
1544
1545 return;
1546} 952}
1547 953
1548 954static void camellia_do_decrypt(const u32 *subkey, u32 *io, unsigned i)
1549static void camellia_decrypt256(const u32 *subkey, __be32 *io_text)
1550{ 955{
1551 u32 il,ir,t0,t1; /* temporary valiables */ 956 u32 il,ir,t0,t1; /* temporary variables */
1552 957
1553 u32 io[4]; 958 /* pre whitening but absorb kw2 */
1554 959 io[0] ^= SUBKEY_L(i);
1555 io[0] = be32_to_cpu(io_text[0]); 960 io[1] ^= SUBKEY_R(i);
1556 io[1] = be32_to_cpu(io_text[1]);
1557 io[2] = be32_to_cpu(io_text[2]);
1558 io[3] = be32_to_cpu(io_text[3]);
1559
1560 /* pre whitening but absorb kw2*/
1561 io[0] ^= CAMELLIA_SUBKEY_L(32);
1562 io[1] ^= CAMELLIA_SUBKEY_R(32);
1563 961
1564 /* main iteration */ 962 /* main iteration */
1565 CAMELLIA_ROUNDSM(io[0],io[1], 963#define ROUNDS(i) do { \
1566 CAMELLIA_SUBKEY_L(31),CAMELLIA_SUBKEY_R(31), 964 CAMELLIA_ROUNDSM(io[0],io[1], \
1567 io[2],io[3],il,ir,t0,t1); 965 SUBKEY_L(i + 7),SUBKEY_R(i + 7), \
1568 CAMELLIA_ROUNDSM(io[2],io[3], 966 io[2],io[3],il,ir); \
1569 CAMELLIA_SUBKEY_L(30),CAMELLIA_SUBKEY_R(30), 967 CAMELLIA_ROUNDSM(io[2],io[3], \
1570 io[0],io[1],il,ir,t0,t1); 968 SUBKEY_L(i + 6),SUBKEY_R(i + 6), \
1571 CAMELLIA_ROUNDSM(io[0],io[1], 969 io[0],io[1],il,ir); \
1572 CAMELLIA_SUBKEY_L(29),CAMELLIA_SUBKEY_R(29), 970 CAMELLIA_ROUNDSM(io[0],io[1], \
1573 io[2],io[3],il,ir,t0,t1); 971 SUBKEY_L(i + 5),SUBKEY_R(i + 5), \
1574 CAMELLIA_ROUNDSM(io[2],io[3], 972 io[2],io[3],il,ir); \
1575 CAMELLIA_SUBKEY_L(28),CAMELLIA_SUBKEY_R(28), 973 CAMELLIA_ROUNDSM(io[2],io[3], \
1576 io[0],io[1],il,ir,t0,t1); 974 SUBKEY_L(i + 4),SUBKEY_R(i + 4), \
1577 CAMELLIA_ROUNDSM(io[0],io[1], 975 io[0],io[1],il,ir); \
1578 CAMELLIA_SUBKEY_L(27),CAMELLIA_SUBKEY_R(27), 976 CAMELLIA_ROUNDSM(io[0],io[1], \
1579 io[2],io[3],il,ir,t0,t1); 977 SUBKEY_L(i + 3),SUBKEY_R(i + 3), \
1580 CAMELLIA_ROUNDSM(io[2],io[3], 978 io[2],io[3],il,ir); \
1581 CAMELLIA_SUBKEY_L(26),CAMELLIA_SUBKEY_R(26), 979 CAMELLIA_ROUNDSM(io[2],io[3], \
1582 io[0],io[1],il,ir,t0,t1); 980 SUBKEY_L(i + 2),SUBKEY_R(i + 2), \
1583 981 io[0],io[1],il,ir); \
1584 CAMELLIA_FLS(io[0],io[1],io[2],io[3], 982} while (0)
1585 CAMELLIA_SUBKEY_L(25),CAMELLIA_SUBKEY_R(25), 983#define FLS(i) do { \
1586 CAMELLIA_SUBKEY_L(24),CAMELLIA_SUBKEY_R(24), 984 CAMELLIA_FLS(io[0],io[1],io[2],io[3], \
1587 t0,t1,il,ir); 985 SUBKEY_L(i + 1),SUBKEY_R(i + 1), \
1588 986 SUBKEY_L(i + 0),SUBKEY_R(i + 0), \
1589 CAMELLIA_ROUNDSM(io[0],io[1], 987 t0,t1,il,ir); \
1590 CAMELLIA_SUBKEY_L(23),CAMELLIA_SUBKEY_R(23), 988} while (0)
1591 io[2],io[3],il,ir,t0,t1); 989
1592 CAMELLIA_ROUNDSM(io[2],io[3], 990 if (i == 32) {
1593 CAMELLIA_SUBKEY_L(22),CAMELLIA_SUBKEY_R(22), 991 ROUNDS(24);
1594 io[0],io[1],il,ir,t0,t1); 992 FLS(24);
1595 CAMELLIA_ROUNDSM(io[0],io[1], 993 }
1596 CAMELLIA_SUBKEY_L(21),CAMELLIA_SUBKEY_R(21), 994 ROUNDS(16);
1597 io[2],io[3],il,ir,t0,t1); 995 FLS(16);
1598 CAMELLIA_ROUNDSM(io[2],io[3], 996 ROUNDS(8);
1599 CAMELLIA_SUBKEY_L(20),CAMELLIA_SUBKEY_R(20), 997 FLS(8);
1600 io[0],io[1],il,ir,t0,t1); 998 ROUNDS(0);
1601 CAMELLIA_ROUNDSM(io[0],io[1], 999
1602 CAMELLIA_SUBKEY_L(19),CAMELLIA_SUBKEY_R(19), 1000#undef ROUNDS
1603 io[2],io[3],il,ir,t0,t1); 1001#undef FLS
1604 CAMELLIA_ROUNDSM(io[2],io[3],
1605 CAMELLIA_SUBKEY_L(18),CAMELLIA_SUBKEY_R(18),
1606 io[0],io[1],il,ir,t0,t1);
1607
1608 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1609 CAMELLIA_SUBKEY_L(17),CAMELLIA_SUBKEY_R(17),
1610 CAMELLIA_SUBKEY_L(16),CAMELLIA_SUBKEY_R(16),
1611 t0,t1,il,ir);
1612
1613 CAMELLIA_ROUNDSM(io[0],io[1],
1614 CAMELLIA_SUBKEY_L(15),CAMELLIA_SUBKEY_R(15),
1615 io[2],io[3],il,ir,t0,t1);
1616 CAMELLIA_ROUNDSM(io[2],io[3],
1617 CAMELLIA_SUBKEY_L(14),CAMELLIA_SUBKEY_R(14),
1618 io[0],io[1],il,ir,t0,t1);
1619 CAMELLIA_ROUNDSM(io[0],io[1],
1620 CAMELLIA_SUBKEY_L(13),CAMELLIA_SUBKEY_R(13),
1621 io[2],io[3],il,ir,t0,t1);
1622 CAMELLIA_ROUNDSM(io[2],io[3],
1623 CAMELLIA_SUBKEY_L(12),CAMELLIA_SUBKEY_R(12),
1624 io[0],io[1],il,ir,t0,t1);
1625 CAMELLIA_ROUNDSM(io[0],io[1],
1626 CAMELLIA_SUBKEY_L(11),CAMELLIA_SUBKEY_R(11),
1627 io[2],io[3],il,ir,t0,t1);
1628 CAMELLIA_ROUNDSM(io[2],io[3],
1629 CAMELLIA_SUBKEY_L(10),CAMELLIA_SUBKEY_R(10),
1630 io[0],io[1],il,ir,t0,t1);
1631
1632 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1633 CAMELLIA_SUBKEY_L(9),CAMELLIA_SUBKEY_R(9),
1634 CAMELLIA_SUBKEY_L(8),CAMELLIA_SUBKEY_R(8),
1635 t0,t1,il,ir);
1636
1637 CAMELLIA_ROUNDSM(io[0],io[1],
1638 CAMELLIA_SUBKEY_L(7),CAMELLIA_SUBKEY_R(7),
1639 io[2],io[3],il,ir,t0,t1);
1640 CAMELLIA_ROUNDSM(io[2],io[3],
1641 CAMELLIA_SUBKEY_L(6),CAMELLIA_SUBKEY_R(6),
1642 io[0],io[1],il,ir,t0,t1);
1643 CAMELLIA_ROUNDSM(io[0],io[1],
1644 CAMELLIA_SUBKEY_L(5),CAMELLIA_SUBKEY_R(5),
1645 io[2],io[3],il,ir,t0,t1);
1646 CAMELLIA_ROUNDSM(io[2],io[3],
1647 CAMELLIA_SUBKEY_L(4),CAMELLIA_SUBKEY_R(4),
1648 io[0],io[1],il,ir,t0,t1);
1649 CAMELLIA_ROUNDSM(io[0],io[1],
1650 CAMELLIA_SUBKEY_L(3),CAMELLIA_SUBKEY_R(3),
1651 io[2],io[3],il,ir,t0,t1);
1652 CAMELLIA_ROUNDSM(io[2],io[3],
1653 CAMELLIA_SUBKEY_L(2),CAMELLIA_SUBKEY_R(2),
1654 io[0],io[1],il,ir,t0,t1);
1655 1002
1656 /* post whitening but kw4 */ 1003 /* post whitening but kw4 */
1657 io[2] ^= CAMELLIA_SUBKEY_L(0); 1004 io[2] ^= SUBKEY_L(0);
1658 io[3] ^= CAMELLIA_SUBKEY_R(0); 1005 io[3] ^= SUBKEY_R(0);
1659 1006 /* NB: 0,1 should be swapped with 2,3 by caller! */
1660 t0 = io[0];
1661 t1 = io[1];
1662 io[0] = io[2];
1663 io[1] = io[3];
1664 io[2] = t0;
1665 io[3] = t1;
1666
1667 io_text[0] = cpu_to_be32(io[0]);
1668 io_text[1] = cpu_to_be32(io[1]);
1669 io_text[2] = cpu_to_be32(io[2]);
1670 io_text[3] = cpu_to_be32(io[3]);
1671
1672 return;
1673} 1007}
1674 1008
1675 1009
1010struct camellia_ctx {
1011 int key_length;
1012 u32 key_table[CAMELLIA_TABLE_BYTE_LEN / sizeof(u32)];
1013};
1014
1676static int 1015static int
1677camellia_set_key(struct crypto_tfm *tfm, const u8 *in_key, 1016camellia_set_key(struct crypto_tfm *tfm, const u8 *in_key,
1678 unsigned int key_len) 1017 unsigned int key_len)
@@ -1688,7 +1027,7 @@ camellia_set_key(struct crypto_tfm *tfm, const u8 *in_key,
1688 1027
1689 cctx->key_length = key_len; 1028 cctx->key_length = key_len;
1690 1029
1691 switch(key_len) { 1030 switch (key_len) {
1692 case 16: 1031 case 16:
1693 camellia_setup128(key, cctx->key_table); 1032 camellia_setup128(key, cctx->key_table);
1694 break; 1033 break;
@@ -1698,68 +1037,59 @@ camellia_set_key(struct crypto_tfm *tfm, const u8 *in_key,
1698 case 32: 1037 case 32:
1699 camellia_setup256(key, cctx->key_table); 1038 camellia_setup256(key, cctx->key_table);
1700 break; 1039 break;
1701 default:
1702 break;
1703 } 1040 }
1704 1041
1705 return 0; 1042 return 0;
1706} 1043}
1707 1044
1708
1709static void camellia_encrypt(struct crypto_tfm *tfm, u8 *out, const u8 *in) 1045static void camellia_encrypt(struct crypto_tfm *tfm, u8 *out, const u8 *in)
1710{ 1046{
1711 const struct camellia_ctx *cctx = crypto_tfm_ctx(tfm); 1047 const struct camellia_ctx *cctx = crypto_tfm_ctx(tfm);
1712 const __be32 *src = (const __be32 *)in; 1048 const __be32 *src = (const __be32 *)in;
1713 __be32 *dst = (__be32 *)out; 1049 __be32 *dst = (__be32 *)out;
1714 1050
1715 __be32 tmp[4]; 1051 u32 tmp[4];
1716 1052
1717 memcpy(tmp, src, CAMELLIA_BLOCK_SIZE); 1053 tmp[0] = be32_to_cpu(src[0]);
1054 tmp[1] = be32_to_cpu(src[1]);
1055 tmp[2] = be32_to_cpu(src[2]);
1056 tmp[3] = be32_to_cpu(src[3]);
1718 1057
1719 switch (cctx->key_length) { 1058 camellia_do_encrypt(cctx->key_table, tmp,
1720 case 16: 1059 cctx->key_length == 16 ? 24 : 32 /* for key lengths of 24 and 32 */
1721 camellia_encrypt128(cctx->key_table, tmp); 1060 );
1722 break;
1723 case 24:
1724 /* fall through */
1725 case 32:
1726 camellia_encrypt256(cctx->key_table, tmp);
1727 break;
1728 default:
1729 break;
1730 }
1731 1061
1732 memcpy(dst, tmp, CAMELLIA_BLOCK_SIZE); 1062 /* do_encrypt returns 0,1 swapped with 2,3 */
1063 dst[0] = cpu_to_be32(tmp[2]);
1064 dst[1] = cpu_to_be32(tmp[3]);
1065 dst[2] = cpu_to_be32(tmp[0]);
1066 dst[3] = cpu_to_be32(tmp[1]);
1733} 1067}
1734 1068
1735
1736static void camellia_decrypt(struct crypto_tfm *tfm, u8 *out, const u8 *in) 1069static void camellia_decrypt(struct crypto_tfm *tfm, u8 *out, const u8 *in)
1737{ 1070{
1738 const struct camellia_ctx *cctx = crypto_tfm_ctx(tfm); 1071 const struct camellia_ctx *cctx = crypto_tfm_ctx(tfm);
1739 const __be32 *src = (const __be32 *)in; 1072 const __be32 *src = (const __be32 *)in;
1740 __be32 *dst = (__be32 *)out; 1073 __be32 *dst = (__be32 *)out;
1741 1074
1742 __be32 tmp[4]; 1075 u32 tmp[4];
1743 1076
1744 memcpy(tmp, src, CAMELLIA_BLOCK_SIZE); 1077 tmp[0] = be32_to_cpu(src[0]);
1078 tmp[1] = be32_to_cpu(src[1]);
1079 tmp[2] = be32_to_cpu(src[2]);
1080 tmp[3] = be32_to_cpu(src[3]);
1745 1081
1746 switch (cctx->key_length) { 1082 camellia_do_decrypt(cctx->key_table, tmp,
1747 case 16: 1083 cctx->key_length == 16 ? 24 : 32 /* for key lengths of 24 and 32 */
1748 camellia_decrypt128(cctx->key_table, tmp); 1084 );
1749 break;
1750 case 24:
1751 /* fall through */
1752 case 32:
1753 camellia_decrypt256(cctx->key_table, tmp);
1754 break;
1755 default:
1756 break;
1757 }
1758 1085
1759 memcpy(dst, tmp, CAMELLIA_BLOCK_SIZE); 1086 /* do_decrypt returns 0,1 swapped with 2,3 */
1087 dst[0] = cpu_to_be32(tmp[2]);
1088 dst[1] = cpu_to_be32(tmp[3]);
1089 dst[2] = cpu_to_be32(tmp[0]);
1090 dst[3] = cpu_to_be32(tmp[1]);
1760} 1091}
1761 1092
1762
1763static struct crypto_alg camellia_alg = { 1093static struct crypto_alg camellia_alg = {
1764 .cra_name = "camellia", 1094 .cra_name = "camellia",
1765 .cra_driver_name = "camellia-generic", 1095 .cra_driver_name = "camellia-generic",
@@ -1786,16 +1116,13 @@ static int __init camellia_init(void)
1786 return crypto_register_alg(&camellia_alg); 1116 return crypto_register_alg(&camellia_alg);
1787} 1117}
1788 1118
1789
1790static void __exit camellia_fini(void) 1119static void __exit camellia_fini(void)
1791{ 1120{
1792 crypto_unregister_alg(&camellia_alg); 1121 crypto_unregister_alg(&camellia_alg);
1793} 1122}
1794 1123
1795
1796module_init(camellia_init); 1124module_init(camellia_init);
1797module_exit(camellia_fini); 1125module_exit(camellia_fini);
1798 1126
1799
1800MODULE_DESCRIPTION("Camellia Cipher Algorithm"); 1127MODULE_DESCRIPTION("Camellia Cipher Algorithm");
1801MODULE_LICENSE("GPL"); 1128MODULE_LICENSE("GPL");
diff --git a/crypto/cast6.c b/crypto/cast6.c
index 136ab6dfe8c5..5fd9420dc58e 100644
--- a/crypto/cast6.c
+++ b/crypto/cast6.c
@@ -369,7 +369,7 @@ static const u8 Tr[4][8] = {
369}; 369};
370 370
371/* forward octave */ 371/* forward octave */
372static inline void W(u32 *key, unsigned int i) { 372static void W(u32 *key, unsigned int i) {
373 u32 I; 373 u32 I;
374 key[6] ^= F1(key[7], Tr[i % 4][0], Tm[i][0]); 374 key[6] ^= F1(key[7], Tr[i % 4][0], Tm[i][0]);
375 key[5] ^= F2(key[6], Tr[i % 4][1], Tm[i][1]); 375 key[5] ^= F2(key[6], Tr[i % 4][1], Tm[i][1]);
@@ -428,7 +428,7 @@ static int cast6_setkey(struct crypto_tfm *tfm, const u8 *in_key,
428} 428}
429 429
430/*forward quad round*/ 430/*forward quad round*/
431static inline void Q (u32 * block, u8 * Kr, u32 * Km) { 431static void Q (u32 * block, u8 * Kr, u32 * Km) {
432 u32 I; 432 u32 I;
433 block[2] ^= F1(block[3], Kr[0], Km[0]); 433 block[2] ^= F1(block[3], Kr[0], Km[0]);
434 block[1] ^= F2(block[2], Kr[1], Km[1]); 434 block[1] ^= F2(block[2], Kr[1], Km[1]);
@@ -437,7 +437,7 @@ static inline void Q (u32 * block, u8 * Kr, u32 * Km) {
437} 437}
438 438
439/*reverse quad round*/ 439/*reverse quad round*/
440static inline void QBAR (u32 * block, u8 * Kr, u32 * Km) { 440static void QBAR (u32 * block, u8 * Kr, u32 * Km) {
441 u32 I; 441 u32 I;
442 block[3] ^= F1(block[0], Kr[3], Km[3]); 442 block[3] ^= F1(block[0], Kr[3], Km[3]);
443 block[0] ^= F3(block[1], Kr[2], Km[2]); 443 block[0] ^= F3(block[1], Kr[2], Km[2]);
diff --git a/crypto/cbc.c b/crypto/cbc.c
index 1f2649e13b42..6affff882cf8 100644
--- a/crypto/cbc.c
+++ b/crypto/cbc.c
@@ -14,13 +14,13 @@
14#include <linux/err.h> 14#include <linux/err.h>
15#include <linux/init.h> 15#include <linux/init.h>
16#include <linux/kernel.h> 16#include <linux/kernel.h>
17#include <linux/log2.h>
17#include <linux/module.h> 18#include <linux/module.h>
18#include <linux/scatterlist.h> 19#include <linux/scatterlist.h>
19#include <linux/slab.h> 20#include <linux/slab.h>
20 21
21struct crypto_cbc_ctx { 22struct crypto_cbc_ctx {
22 struct crypto_cipher *child; 23 struct crypto_cipher *child;
23 void (*xor)(u8 *dst, const u8 *src, unsigned int bs);
24}; 24};
25 25
26static int crypto_cbc_setkey(struct crypto_tfm *parent, const u8 *key, 26static int crypto_cbc_setkey(struct crypto_tfm *parent, const u8 *key,
@@ -41,9 +41,7 @@ static int crypto_cbc_setkey(struct crypto_tfm *parent, const u8 *key,
41 41
42static int crypto_cbc_encrypt_segment(struct blkcipher_desc *desc, 42static int crypto_cbc_encrypt_segment(struct blkcipher_desc *desc,
43 struct blkcipher_walk *walk, 43 struct blkcipher_walk *walk,
44 struct crypto_cipher *tfm, 44 struct crypto_cipher *tfm)
45 void (*xor)(u8 *, const u8 *,
46 unsigned int))
47{ 45{
48 void (*fn)(struct crypto_tfm *, u8 *, const u8 *) = 46 void (*fn)(struct crypto_tfm *, u8 *, const u8 *) =
49 crypto_cipher_alg(tfm)->cia_encrypt; 47 crypto_cipher_alg(tfm)->cia_encrypt;
@@ -54,7 +52,7 @@ static int crypto_cbc_encrypt_segment(struct blkcipher_desc *desc,
54 u8 *iv = walk->iv; 52 u8 *iv = walk->iv;
55 53
56 do { 54 do {
57 xor(iv, src, bsize); 55 crypto_xor(iv, src, bsize);
58 fn(crypto_cipher_tfm(tfm), dst, iv); 56 fn(crypto_cipher_tfm(tfm), dst, iv);
59 memcpy(iv, dst, bsize); 57 memcpy(iv, dst, bsize);
60 58
@@ -67,9 +65,7 @@ static int crypto_cbc_encrypt_segment(struct blkcipher_desc *desc,
67 65
68static int crypto_cbc_encrypt_inplace(struct blkcipher_desc *desc, 66static int crypto_cbc_encrypt_inplace(struct blkcipher_desc *desc,
69 struct blkcipher_walk *walk, 67 struct blkcipher_walk *walk,
70 struct crypto_cipher *tfm, 68 struct crypto_cipher *tfm)
71 void (*xor)(u8 *, const u8 *,
72 unsigned int))
73{ 69{
74 void (*fn)(struct crypto_tfm *, u8 *, const u8 *) = 70 void (*fn)(struct crypto_tfm *, u8 *, const u8 *) =
75 crypto_cipher_alg(tfm)->cia_encrypt; 71 crypto_cipher_alg(tfm)->cia_encrypt;
@@ -79,7 +75,7 @@ static int crypto_cbc_encrypt_inplace(struct blkcipher_desc *desc,
79 u8 *iv = walk->iv; 75 u8 *iv = walk->iv;
80 76
81 do { 77 do {
82 xor(src, iv, bsize); 78 crypto_xor(src, iv, bsize);
83 fn(crypto_cipher_tfm(tfm), src, src); 79 fn(crypto_cipher_tfm(tfm), src, src);
84 iv = src; 80 iv = src;
85 81
@@ -99,7 +95,6 @@ static int crypto_cbc_encrypt(struct blkcipher_desc *desc,
99 struct crypto_blkcipher *tfm = desc->tfm; 95 struct crypto_blkcipher *tfm = desc->tfm;
100 struct crypto_cbc_ctx *ctx = crypto_blkcipher_ctx(tfm); 96 struct crypto_cbc_ctx *ctx = crypto_blkcipher_ctx(tfm);
101 struct crypto_cipher *child = ctx->child; 97 struct crypto_cipher *child = ctx->child;
102 void (*xor)(u8 *, const u8 *, unsigned int bs) = ctx->xor;
103 int err; 98 int err;
104 99
105 blkcipher_walk_init(&walk, dst, src, nbytes); 100 blkcipher_walk_init(&walk, dst, src, nbytes);
@@ -107,11 +102,9 @@ static int crypto_cbc_encrypt(struct blkcipher_desc *desc,
107 102
108 while ((nbytes = walk.nbytes)) { 103 while ((nbytes = walk.nbytes)) {
109 if (walk.src.virt.addr == walk.dst.virt.addr) 104 if (walk.src.virt.addr == walk.dst.virt.addr)
110 nbytes = crypto_cbc_encrypt_inplace(desc, &walk, child, 105 nbytes = crypto_cbc_encrypt_inplace(desc, &walk, child);
111 xor);
112 else 106 else
113 nbytes = crypto_cbc_encrypt_segment(desc, &walk, child, 107 nbytes = crypto_cbc_encrypt_segment(desc, &walk, child);
114 xor);
115 err = blkcipher_walk_done(desc, &walk, nbytes); 108 err = blkcipher_walk_done(desc, &walk, nbytes);
116 } 109 }
117 110
@@ -120,9 +113,7 @@ static int crypto_cbc_encrypt(struct blkcipher_desc *desc,
120 113
121static int crypto_cbc_decrypt_segment(struct blkcipher_desc *desc, 114static int crypto_cbc_decrypt_segment(struct blkcipher_desc *desc,
122 struct blkcipher_walk *walk, 115 struct blkcipher_walk *walk,
123 struct crypto_cipher *tfm, 116 struct crypto_cipher *tfm)
124 void (*xor)(u8 *, const u8 *,
125 unsigned int))
126{ 117{
127 void (*fn)(struct crypto_tfm *, u8 *, const u8 *) = 118 void (*fn)(struct crypto_tfm *, u8 *, const u8 *) =
128 crypto_cipher_alg(tfm)->cia_decrypt; 119 crypto_cipher_alg(tfm)->cia_decrypt;
@@ -134,7 +125,7 @@ static int crypto_cbc_decrypt_segment(struct blkcipher_desc *desc,
134 125
135 do { 126 do {
136 fn(crypto_cipher_tfm(tfm), dst, src); 127 fn(crypto_cipher_tfm(tfm), dst, src);
137 xor(dst, iv, bsize); 128 crypto_xor(dst, iv, bsize);
138 iv = src; 129 iv = src;
139 130
140 src += bsize; 131 src += bsize;
@@ -148,34 +139,29 @@ static int crypto_cbc_decrypt_segment(struct blkcipher_desc *desc,
148 139
149static int crypto_cbc_decrypt_inplace(struct blkcipher_desc *desc, 140static int crypto_cbc_decrypt_inplace(struct blkcipher_desc *desc,
150 struct blkcipher_walk *walk, 141 struct blkcipher_walk *walk,
151 struct crypto_cipher *tfm, 142 struct crypto_cipher *tfm)
152 void (*xor)(u8 *, const u8 *,
153 unsigned int))
154{ 143{
155 void (*fn)(struct crypto_tfm *, u8 *, const u8 *) = 144 void (*fn)(struct crypto_tfm *, u8 *, const u8 *) =
156 crypto_cipher_alg(tfm)->cia_decrypt; 145 crypto_cipher_alg(tfm)->cia_decrypt;
157 int bsize = crypto_cipher_blocksize(tfm); 146 int bsize = crypto_cipher_blocksize(tfm);
158 unsigned long alignmask = crypto_cipher_alignmask(tfm);
159 unsigned int nbytes = walk->nbytes; 147 unsigned int nbytes = walk->nbytes;
160 u8 *src = walk->src.virt.addr; 148 u8 *src = walk->src.virt.addr;
161 u8 stack[bsize + alignmask]; 149 u8 last_iv[bsize];
162 u8 *first_iv = (u8 *)ALIGN((unsigned long)stack, alignmask + 1);
163
164 memcpy(first_iv, walk->iv, bsize);
165 150
166 /* Start of the last block. */ 151 /* Start of the last block. */
167 src += nbytes - nbytes % bsize - bsize; 152 src += nbytes - (nbytes & (bsize - 1)) - bsize;
168 memcpy(walk->iv, src, bsize); 153 memcpy(last_iv, src, bsize);
169 154
170 for (;;) { 155 for (;;) {
171 fn(crypto_cipher_tfm(tfm), src, src); 156 fn(crypto_cipher_tfm(tfm), src, src);
172 if ((nbytes -= bsize) < bsize) 157 if ((nbytes -= bsize) < bsize)
173 break; 158 break;
174 xor(src, src - bsize, bsize); 159 crypto_xor(src, src - bsize, bsize);
175 src -= bsize; 160 src -= bsize;
176 } 161 }
177 162
178 xor(src, first_iv, bsize); 163 crypto_xor(src, walk->iv, bsize);
164 memcpy(walk->iv, last_iv, bsize);
179 165
180 return nbytes; 166 return nbytes;
181} 167}
@@ -188,7 +174,6 @@ static int crypto_cbc_decrypt(struct blkcipher_desc *desc,
188 struct crypto_blkcipher *tfm = desc->tfm; 174 struct crypto_blkcipher *tfm = desc->tfm;
189 struct crypto_cbc_ctx *ctx = crypto_blkcipher_ctx(tfm); 175 struct crypto_cbc_ctx *ctx = crypto_blkcipher_ctx(tfm);
190 struct crypto_cipher *child = ctx->child; 176 struct crypto_cipher *child = ctx->child;
191 void (*xor)(u8 *, const u8 *, unsigned int bs) = ctx->xor;
192 int err; 177 int err;
193 178
194 blkcipher_walk_init(&walk, dst, src, nbytes); 179 blkcipher_walk_init(&walk, dst, src, nbytes);
@@ -196,48 +181,15 @@ static int crypto_cbc_decrypt(struct blkcipher_desc *desc,
196 181
197 while ((nbytes = walk.nbytes)) { 182 while ((nbytes = walk.nbytes)) {
198 if (walk.src.virt.addr == walk.dst.virt.addr) 183 if (walk.src.virt.addr == walk.dst.virt.addr)
199 nbytes = crypto_cbc_decrypt_inplace(desc, &walk, child, 184 nbytes = crypto_cbc_decrypt_inplace(desc, &walk, child);
200 xor);
201 else 185 else
202 nbytes = crypto_cbc_decrypt_segment(desc, &walk, child, 186 nbytes = crypto_cbc_decrypt_segment(desc, &walk, child);
203 xor);
204 err = blkcipher_walk_done(desc, &walk, nbytes); 187 err = blkcipher_walk_done(desc, &walk, nbytes);
205 } 188 }
206 189
207 return err; 190 return err;
208} 191}
209 192
210static void xor_byte(u8 *a, const u8 *b, unsigned int bs)
211{
212 do {
213 *a++ ^= *b++;
214 } while (--bs);
215}
216
217static void xor_quad(u8 *dst, const u8 *src, unsigned int bs)
218{
219 u32 *a = (u32 *)dst;
220 u32 *b = (u32 *)src;
221
222 do {
223 *a++ ^= *b++;
224 } while ((bs -= 4));
225}
226
227static void xor_64(u8 *a, const u8 *b, unsigned int bs)
228{
229 ((u32 *)a)[0] ^= ((u32 *)b)[0];
230 ((u32 *)a)[1] ^= ((u32 *)b)[1];
231}
232
233static void xor_128(u8 *a, const u8 *b, unsigned int bs)
234{
235 ((u32 *)a)[0] ^= ((u32 *)b)[0];
236 ((u32 *)a)[1] ^= ((u32 *)b)[1];
237 ((u32 *)a)[2] ^= ((u32 *)b)[2];
238 ((u32 *)a)[3] ^= ((u32 *)b)[3];
239}
240
241static int crypto_cbc_init_tfm(struct crypto_tfm *tfm) 193static int crypto_cbc_init_tfm(struct crypto_tfm *tfm)
242{ 194{
243 struct crypto_instance *inst = (void *)tfm->__crt_alg; 195 struct crypto_instance *inst = (void *)tfm->__crt_alg;
@@ -245,22 +197,6 @@ static int crypto_cbc_init_tfm(struct crypto_tfm *tfm)
245 struct crypto_cbc_ctx *ctx = crypto_tfm_ctx(tfm); 197 struct crypto_cbc_ctx *ctx = crypto_tfm_ctx(tfm);
246 struct crypto_cipher *cipher; 198 struct crypto_cipher *cipher;
247 199
248 switch (crypto_tfm_alg_blocksize(tfm)) {
249 case 8:
250 ctx->xor = xor_64;
251 break;
252
253 case 16:
254 ctx->xor = xor_128;
255 break;
256
257 default:
258 if (crypto_tfm_alg_blocksize(tfm) % 4)
259 ctx->xor = xor_byte;
260 else
261 ctx->xor = xor_quad;
262 }
263
264 cipher = crypto_spawn_cipher(spawn); 200 cipher = crypto_spawn_cipher(spawn);
265 if (IS_ERR(cipher)) 201 if (IS_ERR(cipher))
266 return PTR_ERR(cipher); 202 return PTR_ERR(cipher);
@@ -290,6 +226,10 @@ static struct crypto_instance *crypto_cbc_alloc(struct rtattr **tb)
290 if (IS_ERR(alg)) 226 if (IS_ERR(alg))
291 return ERR_PTR(PTR_ERR(alg)); 227 return ERR_PTR(PTR_ERR(alg));
292 228
229 inst = ERR_PTR(-EINVAL);
230 if (!is_power_of_2(alg->cra_blocksize))
231 goto out_put_alg;
232
293 inst = crypto_alloc_instance("cbc", alg); 233 inst = crypto_alloc_instance("cbc", alg);
294 if (IS_ERR(inst)) 234 if (IS_ERR(inst))
295 goto out_put_alg; 235 goto out_put_alg;
@@ -300,8 +240,9 @@ static struct crypto_instance *crypto_cbc_alloc(struct rtattr **tb)
300 inst->alg.cra_alignmask = alg->cra_alignmask; 240 inst->alg.cra_alignmask = alg->cra_alignmask;
301 inst->alg.cra_type = &crypto_blkcipher_type; 241 inst->alg.cra_type = &crypto_blkcipher_type;
302 242
303 if (!(alg->cra_blocksize % 4)) 243 /* We access the data as u32s when xoring. */
304 inst->alg.cra_alignmask |= 3; 244 inst->alg.cra_alignmask |= __alignof__(u32) - 1;
245
305 inst->alg.cra_blkcipher.ivsize = alg->cra_blocksize; 246 inst->alg.cra_blkcipher.ivsize = alg->cra_blocksize;
306 inst->alg.cra_blkcipher.min_keysize = alg->cra_cipher.cia_min_keysize; 247 inst->alg.cra_blkcipher.min_keysize = alg->cra_cipher.cia_min_keysize;
307 inst->alg.cra_blkcipher.max_keysize = alg->cra_cipher.cia_max_keysize; 248 inst->alg.cra_blkcipher.max_keysize = alg->cra_cipher.cia_max_keysize;
diff --git a/crypto/ccm.c b/crypto/ccm.c
new file mode 100644
index 000000000000..7cf7e5a6b781
--- /dev/null
+++ b/crypto/ccm.c
@@ -0,0 +1,889 @@
1/*
2 * CCM: Counter with CBC-MAC
3 *
4 * (C) Copyright IBM Corp. 2007 - Joy Latten <latten@us.ibm.com>
5 *
6 * This program is free software; you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License as published by the Free
8 * Software Foundation; either version 2 of the License, or (at your option)
9 * any later version.
10 *
11 */
12
13#include <crypto/internal/aead.h>
14#include <crypto/internal/skcipher.h>
15#include <crypto/scatterwalk.h>
16#include <linux/err.h>
17#include <linux/init.h>
18#include <linux/kernel.h>
19#include <linux/module.h>
20#include <linux/slab.h>
21
22#include "internal.h"
23
24struct ccm_instance_ctx {
25 struct crypto_skcipher_spawn ctr;
26 struct crypto_spawn cipher;
27};
28
29struct crypto_ccm_ctx {
30 struct crypto_cipher *cipher;
31 struct crypto_ablkcipher *ctr;
32};
33
34struct crypto_rfc4309_ctx {
35 struct crypto_aead *child;
36 u8 nonce[3];
37};
38
39struct crypto_ccm_req_priv_ctx {
40 u8 odata[16];
41 u8 idata[16];
42 u8 auth_tag[16];
43 u32 ilen;
44 u32 flags;
45 struct scatterlist src[2];
46 struct scatterlist dst[2];
47 struct ablkcipher_request abreq;
48};
49
50static inline struct crypto_ccm_req_priv_ctx *crypto_ccm_reqctx(
51 struct aead_request *req)
52{
53 unsigned long align = crypto_aead_alignmask(crypto_aead_reqtfm(req));
54
55 return (void *)PTR_ALIGN((u8 *)aead_request_ctx(req), align + 1);
56}
57
58static int set_msg_len(u8 *block, unsigned int msglen, int csize)
59{
60 __be32 data;
61
62 memset(block, 0, csize);
63 block += csize;
64
65 if (csize >= 4)
66 csize = 4;
67 else if (msglen > (1 << (8 * csize)))
68 return -EOVERFLOW;
69
70 data = cpu_to_be32(msglen);
71 memcpy(block - csize, (u8 *)&data + 4 - csize, csize);
72
73 return 0;
74}
75
76static int crypto_ccm_setkey(struct crypto_aead *aead, const u8 *key,
77 unsigned int keylen)
78{
79 struct crypto_ccm_ctx *ctx = crypto_aead_ctx(aead);
80 struct crypto_ablkcipher *ctr = ctx->ctr;
81 struct crypto_cipher *tfm = ctx->cipher;
82 int err = 0;
83
84 crypto_ablkcipher_clear_flags(ctr, CRYPTO_TFM_REQ_MASK);
85 crypto_ablkcipher_set_flags(ctr, crypto_aead_get_flags(aead) &
86 CRYPTO_TFM_REQ_MASK);
87 err = crypto_ablkcipher_setkey(ctr, key, keylen);
88 crypto_aead_set_flags(aead, crypto_ablkcipher_get_flags(ctr) &
89 CRYPTO_TFM_RES_MASK);
90 if (err)
91 goto out;
92
93 crypto_cipher_clear_flags(tfm, CRYPTO_TFM_REQ_MASK);
94 crypto_cipher_set_flags(tfm, crypto_aead_get_flags(aead) &
95 CRYPTO_TFM_REQ_MASK);
96 err = crypto_cipher_setkey(tfm, key, keylen);
97 crypto_aead_set_flags(aead, crypto_cipher_get_flags(tfm) &
98 CRYPTO_TFM_RES_MASK);
99
100out:
101 return err;
102}
103
104static int crypto_ccm_setauthsize(struct crypto_aead *tfm,
105 unsigned int authsize)
106{
107 switch (authsize) {
108 case 4:
109 case 6:
110 case 8:
111 case 10:
112 case 12:
113 case 14:
114 case 16:
115 break;
116 default:
117 return -EINVAL;
118 }
119
120 return 0;
121}
122
123static int format_input(u8 *info, struct aead_request *req,
124 unsigned int cryptlen)
125{
126 struct crypto_aead *aead = crypto_aead_reqtfm(req);
127 unsigned int lp = req->iv[0];
128 unsigned int l = lp + 1;
129 unsigned int m;
130
131 m = crypto_aead_authsize(aead);
132
133 memcpy(info, req->iv, 16);
134
135 /* format control info per RFC 3610 and
136 * NIST Special Publication 800-38C
137 */
138 *info |= (8 * ((m - 2) / 2));
139 if (req->assoclen)
140 *info |= 64;
141
142 return set_msg_len(info + 16 - l, cryptlen, l);
143}
144
145static int format_adata(u8 *adata, unsigned int a)
146{
147 int len = 0;
148
149 /* add control info for associated data
150 * RFC 3610 and NIST Special Publication 800-38C
151 */
152 if (a < 65280) {
153 *(__be16 *)adata = cpu_to_be16(a);
154 len = 2;
155 } else {
156 *(__be16 *)adata = cpu_to_be16(0xfffe);
157 *(__be32 *)&adata[2] = cpu_to_be32(a);
158 len = 6;
159 }
160
161 return len;
162}
163
164static void compute_mac(struct crypto_cipher *tfm, u8 *data, int n,
165 struct crypto_ccm_req_priv_ctx *pctx)
166{
167 unsigned int bs = 16;
168 u8 *odata = pctx->odata;
169 u8 *idata = pctx->idata;
170 int datalen, getlen;
171
172 datalen = n;
173
174 /* first time in here, block may be partially filled. */
175 getlen = bs - pctx->ilen;
176 if (datalen >= getlen) {
177 memcpy(idata + pctx->ilen, data, getlen);
178 crypto_xor(odata, idata, bs);
179 crypto_cipher_encrypt_one(tfm, odata, odata);
180 datalen -= getlen;
181 data += getlen;
182 pctx->ilen = 0;
183 }
184
185 /* now encrypt rest of data */
186 while (datalen >= bs) {
187 crypto_xor(odata, data, bs);
188 crypto_cipher_encrypt_one(tfm, odata, odata);
189
190 datalen -= bs;
191 data += bs;
192 }
193
194 /* check and see if there's leftover data that wasn't
195 * enough to fill a block.
196 */
197 if (datalen) {
198 memcpy(idata + pctx->ilen, data, datalen);
199 pctx->ilen += datalen;
200 }
201}
202
203static void get_data_to_compute(struct crypto_cipher *tfm,
204 struct crypto_ccm_req_priv_ctx *pctx,
205 struct scatterlist *sg, unsigned int len)
206{
207 struct scatter_walk walk;
208 u8 *data_src;
209 int n;
210
211 scatterwalk_start(&walk, sg);
212
213 while (len) {
214 n = scatterwalk_clamp(&walk, len);
215 if (!n) {
216 scatterwalk_start(&walk, sg_next(walk.sg));
217 n = scatterwalk_clamp(&walk, len);
218 }
219 data_src = scatterwalk_map(&walk, 0);
220
221 compute_mac(tfm, data_src, n, pctx);
222 len -= n;
223
224 scatterwalk_unmap(data_src, 0);
225 scatterwalk_advance(&walk, n);
226 scatterwalk_done(&walk, 0, len);
227 if (len)
228 crypto_yield(pctx->flags);
229 }
230
231 /* any leftover needs padding and then encrypted */
232 if (pctx->ilen) {
233 int padlen;
234 u8 *odata = pctx->odata;
235 u8 *idata = pctx->idata;
236
237 padlen = 16 - pctx->ilen;
238 memset(idata + pctx->ilen, 0, padlen);
239 crypto_xor(odata, idata, 16);
240 crypto_cipher_encrypt_one(tfm, odata, odata);
241 pctx->ilen = 0;
242 }
243}
244
245static int crypto_ccm_auth(struct aead_request *req, struct scatterlist *plain,
246 unsigned int cryptlen)
247{
248 struct crypto_aead *aead = crypto_aead_reqtfm(req);
249 struct crypto_ccm_ctx *ctx = crypto_aead_ctx(aead);
250 struct crypto_ccm_req_priv_ctx *pctx = crypto_ccm_reqctx(req);
251 struct crypto_cipher *cipher = ctx->cipher;
252 unsigned int assoclen = req->assoclen;
253 u8 *odata = pctx->odata;
254 u8 *idata = pctx->idata;
255 int err;
256
257 /* format control data for input */
258 err = format_input(odata, req, cryptlen);
259 if (err)
260 goto out;
261
262 /* encrypt first block to use as start in computing mac */
263 crypto_cipher_encrypt_one(cipher, odata, odata);
264
265 /* format associated data and compute into mac */
266 if (assoclen) {
267 pctx->ilen = format_adata(idata, assoclen);
268 get_data_to_compute(cipher, pctx, req->assoc, req->assoclen);
269 }
270
271 /* compute plaintext into mac */
272 get_data_to_compute(cipher, pctx, plain, cryptlen);
273
274out:
275 return err;
276}
277
278static void crypto_ccm_encrypt_done(struct crypto_async_request *areq, int err)
279{
280 struct aead_request *req = areq->data;
281 struct crypto_aead *aead = crypto_aead_reqtfm(req);
282 struct crypto_ccm_req_priv_ctx *pctx = crypto_ccm_reqctx(req);
283 u8 *odata = pctx->odata;
284
285 if (!err)
286 scatterwalk_map_and_copy(odata, req->dst, req->cryptlen,
287 crypto_aead_authsize(aead), 1);
288 aead_request_complete(req, err);
289}
290
291static inline int crypto_ccm_check_iv(const u8 *iv)
292{
293 /* 2 <= L <= 8, so 1 <= L' <= 7. */
294 if (1 > iv[0] || iv[0] > 7)
295 return -EINVAL;
296
297 return 0;
298}
299
300static int crypto_ccm_encrypt(struct aead_request *req)
301{
302 struct crypto_aead *aead = crypto_aead_reqtfm(req);
303 struct crypto_ccm_ctx *ctx = crypto_aead_ctx(aead);
304 struct crypto_ccm_req_priv_ctx *pctx = crypto_ccm_reqctx(req);
305 struct ablkcipher_request *abreq = &pctx->abreq;
306 struct scatterlist *dst;
307 unsigned int cryptlen = req->cryptlen;
308 u8 *odata = pctx->odata;
309 u8 *iv = req->iv;
310 int err;
311
312 err = crypto_ccm_check_iv(iv);
313 if (err)
314 return err;
315
316 pctx->flags = aead_request_flags(req);
317
318 err = crypto_ccm_auth(req, req->src, cryptlen);
319 if (err)
320 return err;
321
322 /* Note: rfc 3610 and NIST 800-38C require counter of
323 * zero to encrypt auth tag.
324 */
325 memset(iv + 15 - iv[0], 0, iv[0] + 1);
326
327 sg_init_table(pctx->src, 2);
328 sg_set_buf(pctx->src, odata, 16);
329 scatterwalk_sg_chain(pctx->src, 2, req->src);
330
331 dst = pctx->src;
332 if (req->src != req->dst) {
333 sg_init_table(pctx->dst, 2);
334 sg_set_buf(pctx->dst, odata, 16);
335 scatterwalk_sg_chain(pctx->dst, 2, req->dst);
336 dst = pctx->dst;
337 }
338
339 ablkcipher_request_set_tfm(abreq, ctx->ctr);
340 ablkcipher_request_set_callback(abreq, pctx->flags,
341 crypto_ccm_encrypt_done, req);
342 ablkcipher_request_set_crypt(abreq, pctx->src, dst, cryptlen + 16, iv);
343 err = crypto_ablkcipher_encrypt(abreq);
344 if (err)
345 return err;
346
347 /* copy authtag to end of dst */
348 scatterwalk_map_and_copy(odata, req->dst, cryptlen,
349 crypto_aead_authsize(aead), 1);
350 return err;
351}
352
353static void crypto_ccm_decrypt_done(struct crypto_async_request *areq,
354 int err)
355{
356 struct aead_request *req = areq->data;
357 struct crypto_ccm_req_priv_ctx *pctx = crypto_ccm_reqctx(req);
358 struct crypto_aead *aead = crypto_aead_reqtfm(req);
359 unsigned int authsize = crypto_aead_authsize(aead);
360 unsigned int cryptlen = req->cryptlen - authsize;
361
362 if (!err) {
363 err = crypto_ccm_auth(req, req->dst, cryptlen);
364 if (!err && memcmp(pctx->auth_tag, pctx->odata, authsize))
365 err = -EBADMSG;
366 }
367 aead_request_complete(req, err);
368}
369
370static int crypto_ccm_decrypt(struct aead_request *req)
371{
372 struct crypto_aead *aead = crypto_aead_reqtfm(req);
373 struct crypto_ccm_ctx *ctx = crypto_aead_ctx(aead);
374 struct crypto_ccm_req_priv_ctx *pctx = crypto_ccm_reqctx(req);
375 struct ablkcipher_request *abreq = &pctx->abreq;
376 struct scatterlist *dst;
377 unsigned int authsize = crypto_aead_authsize(aead);
378 unsigned int cryptlen = req->cryptlen;
379 u8 *authtag = pctx->auth_tag;
380 u8 *odata = pctx->odata;
381 u8 *iv = req->iv;
382 int err;
383
384 if (cryptlen < authsize)
385 return -EINVAL;
386 cryptlen -= authsize;
387
388 err = crypto_ccm_check_iv(iv);
389 if (err)
390 return err;
391
392 pctx->flags = aead_request_flags(req);
393
394 scatterwalk_map_and_copy(authtag, req->src, cryptlen, authsize, 0);
395
396 memset(iv + 15 - iv[0], 0, iv[0] + 1);
397
398 sg_init_table(pctx->src, 2);
399 sg_set_buf(pctx->src, authtag, 16);
400 scatterwalk_sg_chain(pctx->src, 2, req->src);
401
402 dst = pctx->src;
403 if (req->src != req->dst) {
404 sg_init_table(pctx->dst, 2);
405 sg_set_buf(pctx->dst, authtag, 16);
406 scatterwalk_sg_chain(pctx->dst, 2, req->dst);
407 dst = pctx->dst;
408 }
409
410 ablkcipher_request_set_tfm(abreq, ctx->ctr);
411 ablkcipher_request_set_callback(abreq, pctx->flags,
412 crypto_ccm_decrypt_done, req);
413 ablkcipher_request_set_crypt(abreq, pctx->src, dst, cryptlen + 16, iv);
414 err = crypto_ablkcipher_decrypt(abreq);
415 if (err)
416 return err;
417
418 err = crypto_ccm_auth(req, req->dst, cryptlen);
419 if (err)
420 return err;
421
422 /* verify */
423 if (memcmp(authtag, odata, authsize))
424 return -EBADMSG;
425
426 return err;
427}
428
429static int crypto_ccm_init_tfm(struct crypto_tfm *tfm)
430{
431 struct crypto_instance *inst = (void *)tfm->__crt_alg;
432 struct ccm_instance_ctx *ictx = crypto_instance_ctx(inst);
433 struct crypto_ccm_ctx *ctx = crypto_tfm_ctx(tfm);
434 struct crypto_cipher *cipher;
435 struct crypto_ablkcipher *ctr;
436 unsigned long align;
437 int err;
438
439 cipher = crypto_spawn_cipher(&ictx->cipher);
440 if (IS_ERR(cipher))
441 return PTR_ERR(cipher);
442
443 ctr = crypto_spawn_skcipher(&ictx->ctr);
444 err = PTR_ERR(ctr);
445 if (IS_ERR(ctr))
446 goto err_free_cipher;
447
448 ctx->cipher = cipher;
449 ctx->ctr = ctr;
450
451 align = crypto_tfm_alg_alignmask(tfm);
452 align &= ~(crypto_tfm_ctx_alignment() - 1);
453 tfm->crt_aead.reqsize = align +
454 sizeof(struct crypto_ccm_req_priv_ctx) +
455 crypto_ablkcipher_reqsize(ctr);
456
457 return 0;
458
459err_free_cipher:
460 crypto_free_cipher(cipher);
461 return err;
462}
463
464static void crypto_ccm_exit_tfm(struct crypto_tfm *tfm)
465{
466 struct crypto_ccm_ctx *ctx = crypto_tfm_ctx(tfm);
467
468 crypto_free_cipher(ctx->cipher);
469 crypto_free_ablkcipher(ctx->ctr);
470}
471
472static struct crypto_instance *crypto_ccm_alloc_common(struct rtattr **tb,
473 const char *full_name,
474 const char *ctr_name,
475 const char *cipher_name)
476{
477 struct crypto_attr_type *algt;
478 struct crypto_instance *inst;
479 struct crypto_alg *ctr;
480 struct crypto_alg *cipher;
481 struct ccm_instance_ctx *ictx;
482 int err;
483
484 algt = crypto_get_attr_type(tb);
485 err = PTR_ERR(algt);
486 if (IS_ERR(algt))
487 return ERR_PTR(err);
488
489 if ((algt->type ^ CRYPTO_ALG_TYPE_AEAD) & algt->mask)
490 return ERR_PTR(-EINVAL);
491
492 cipher = crypto_alg_mod_lookup(cipher_name, CRYPTO_ALG_TYPE_CIPHER,
493 CRYPTO_ALG_TYPE_MASK);
494 err = PTR_ERR(cipher);
495 if (IS_ERR(cipher))
496 return ERR_PTR(err);
497
498 err = -EINVAL;
499 if (cipher->cra_blocksize != 16)
500 goto out_put_cipher;
501
502 inst = kzalloc(sizeof(*inst) + sizeof(*ictx), GFP_KERNEL);
503 err = -ENOMEM;
504 if (!inst)
505 goto out_put_cipher;
506
507 ictx = crypto_instance_ctx(inst);
508
509 err = crypto_init_spawn(&ictx->cipher, cipher, inst,
510 CRYPTO_ALG_TYPE_MASK);
511 if (err)
512 goto err_free_inst;
513
514 crypto_set_skcipher_spawn(&ictx->ctr, inst);
515 err = crypto_grab_skcipher(&ictx->ctr, ctr_name, 0,
516 crypto_requires_sync(algt->type,
517 algt->mask));
518 if (err)
519 goto err_drop_cipher;
520
521 ctr = crypto_skcipher_spawn_alg(&ictx->ctr);
522
523 /* Not a stream cipher? */
524 err = -EINVAL;
525 if (ctr->cra_blocksize != 1)
526 goto err_drop_ctr;
527
528 /* We want the real thing! */
529 if (ctr->cra_ablkcipher.ivsize != 16)
530 goto err_drop_ctr;
531
532 err = -ENAMETOOLONG;
533 if (snprintf(inst->alg.cra_driver_name, CRYPTO_MAX_ALG_NAME,
534 "ccm_base(%s,%s)", ctr->cra_driver_name,
535 cipher->cra_driver_name) >= CRYPTO_MAX_ALG_NAME)
536 goto err_drop_ctr;
537
538 memcpy(inst->alg.cra_name, full_name, CRYPTO_MAX_ALG_NAME);
539
540 inst->alg.cra_flags = CRYPTO_ALG_TYPE_AEAD;
541 inst->alg.cra_flags |= ctr->cra_flags & CRYPTO_ALG_ASYNC;
542 inst->alg.cra_priority = cipher->cra_priority + ctr->cra_priority;
543 inst->alg.cra_blocksize = 1;
544 inst->alg.cra_alignmask = cipher->cra_alignmask | ctr->cra_alignmask |
545 (__alignof__(u32) - 1);
546 inst->alg.cra_type = &crypto_aead_type;
547 inst->alg.cra_aead.ivsize = 16;
548 inst->alg.cra_aead.maxauthsize = 16;
549 inst->alg.cra_ctxsize = sizeof(struct crypto_ccm_ctx);
550 inst->alg.cra_init = crypto_ccm_init_tfm;
551 inst->alg.cra_exit = crypto_ccm_exit_tfm;
552 inst->alg.cra_aead.setkey = crypto_ccm_setkey;
553 inst->alg.cra_aead.setauthsize = crypto_ccm_setauthsize;
554 inst->alg.cra_aead.encrypt = crypto_ccm_encrypt;
555 inst->alg.cra_aead.decrypt = crypto_ccm_decrypt;
556
557out:
558 crypto_mod_put(cipher);
559 return inst;
560
561err_drop_ctr:
562 crypto_drop_skcipher(&ictx->ctr);
563err_drop_cipher:
564 crypto_drop_spawn(&ictx->cipher);
565err_free_inst:
566 kfree(inst);
567out_put_cipher:
568 inst = ERR_PTR(err);
569 goto out;
570}
571
572static struct crypto_instance *crypto_ccm_alloc(struct rtattr **tb)
573{
574 int err;
575 const char *cipher_name;
576 char ctr_name[CRYPTO_MAX_ALG_NAME];
577 char full_name[CRYPTO_MAX_ALG_NAME];
578
579 cipher_name = crypto_attr_alg_name(tb[1]);
580 err = PTR_ERR(cipher_name);
581 if (IS_ERR(cipher_name))
582 return ERR_PTR(err);
583
584 if (snprintf(ctr_name, CRYPTO_MAX_ALG_NAME, "ctr(%s)",
585 cipher_name) >= CRYPTO_MAX_ALG_NAME)
586 return ERR_PTR(-ENAMETOOLONG);
587
588 if (snprintf(full_name, CRYPTO_MAX_ALG_NAME, "ccm(%s)", cipher_name) >=
589 CRYPTO_MAX_ALG_NAME)
590 return ERR_PTR(-ENAMETOOLONG);
591
592 return crypto_ccm_alloc_common(tb, full_name, ctr_name, cipher_name);
593}
594
595static void crypto_ccm_free(struct crypto_instance *inst)
596{
597 struct ccm_instance_ctx *ctx = crypto_instance_ctx(inst);
598
599 crypto_drop_spawn(&ctx->cipher);
600 crypto_drop_skcipher(&ctx->ctr);
601 kfree(inst);
602}
603
604static struct crypto_template crypto_ccm_tmpl = {
605 .name = "ccm",
606 .alloc = crypto_ccm_alloc,
607 .free = crypto_ccm_free,
608 .module = THIS_MODULE,
609};
610
611static struct crypto_instance *crypto_ccm_base_alloc(struct rtattr **tb)
612{
613 int err;
614 const char *ctr_name;
615 const char *cipher_name;
616 char full_name[CRYPTO_MAX_ALG_NAME];
617
618 ctr_name = crypto_attr_alg_name(tb[1]);
619 err = PTR_ERR(ctr_name);
620 if (IS_ERR(ctr_name))
621 return ERR_PTR(err);
622
623 cipher_name = crypto_attr_alg_name(tb[2]);
624 err = PTR_ERR(cipher_name);
625 if (IS_ERR(cipher_name))
626 return ERR_PTR(err);
627
628 if (snprintf(full_name, CRYPTO_MAX_ALG_NAME, "ccm_base(%s,%s)",
629 ctr_name, cipher_name) >= CRYPTO_MAX_ALG_NAME)
630 return ERR_PTR(-ENAMETOOLONG);
631
632 return crypto_ccm_alloc_common(tb, full_name, ctr_name, cipher_name);
633}
634
635static struct crypto_template crypto_ccm_base_tmpl = {
636 .name = "ccm_base",
637 .alloc = crypto_ccm_base_alloc,
638 .free = crypto_ccm_free,
639 .module = THIS_MODULE,
640};
641
642static int crypto_rfc4309_setkey(struct crypto_aead *parent, const u8 *key,
643 unsigned int keylen)
644{
645 struct crypto_rfc4309_ctx *ctx = crypto_aead_ctx(parent);
646 struct crypto_aead *child = ctx->child;
647 int err;
648
649 if (keylen < 3)
650 return -EINVAL;
651
652 keylen -= 3;
653 memcpy(ctx->nonce, key + keylen, 3);
654
655 crypto_aead_clear_flags(child, CRYPTO_TFM_REQ_MASK);
656 crypto_aead_set_flags(child, crypto_aead_get_flags(parent) &
657 CRYPTO_TFM_REQ_MASK);
658 err = crypto_aead_setkey(child, key, keylen);
659 crypto_aead_set_flags(parent, crypto_aead_get_flags(child) &
660 CRYPTO_TFM_RES_MASK);
661
662 return err;
663}
664
665static int crypto_rfc4309_setauthsize(struct crypto_aead *parent,
666 unsigned int authsize)
667{
668 struct crypto_rfc4309_ctx *ctx = crypto_aead_ctx(parent);
669
670 switch (authsize) {
671 case 8:
672 case 12:
673 case 16:
674 break;
675 default:
676 return -EINVAL;
677 }
678
679 return crypto_aead_setauthsize(ctx->child, authsize);
680}
681
682static struct aead_request *crypto_rfc4309_crypt(struct aead_request *req)
683{
684 struct aead_request *subreq = aead_request_ctx(req);
685 struct crypto_aead *aead = crypto_aead_reqtfm(req);
686 struct crypto_rfc4309_ctx *ctx = crypto_aead_ctx(aead);
687 struct crypto_aead *child = ctx->child;
688 u8 *iv = PTR_ALIGN((u8 *)(subreq + 1) + crypto_aead_reqsize(child),
689 crypto_aead_alignmask(child) + 1);
690
691 /* L' */
692 iv[0] = 3;
693
694 memcpy(iv + 1, ctx->nonce, 3);
695 memcpy(iv + 4, req->iv, 8);
696
697 aead_request_set_tfm(subreq, child);
698 aead_request_set_callback(subreq, req->base.flags, req->base.complete,
699 req->base.data);
700 aead_request_set_crypt(subreq, req->src, req->dst, req->cryptlen, iv);
701 aead_request_set_assoc(subreq, req->assoc, req->assoclen);
702
703 return subreq;
704}
705
706static int crypto_rfc4309_encrypt(struct aead_request *req)
707{
708 req = crypto_rfc4309_crypt(req);
709
710 return crypto_aead_encrypt(req);
711}
712
713static int crypto_rfc4309_decrypt(struct aead_request *req)
714{
715 req = crypto_rfc4309_crypt(req);
716
717 return crypto_aead_decrypt(req);
718}
719
720static int crypto_rfc4309_init_tfm(struct crypto_tfm *tfm)
721{
722 struct crypto_instance *inst = (void *)tfm->__crt_alg;
723 struct crypto_aead_spawn *spawn = crypto_instance_ctx(inst);
724 struct crypto_rfc4309_ctx *ctx = crypto_tfm_ctx(tfm);
725 struct crypto_aead *aead;
726 unsigned long align;
727
728 aead = crypto_spawn_aead(spawn);
729 if (IS_ERR(aead))
730 return PTR_ERR(aead);
731
732 ctx->child = aead;
733
734 align = crypto_aead_alignmask(aead);
735 align &= ~(crypto_tfm_ctx_alignment() - 1);
736 tfm->crt_aead.reqsize = sizeof(struct aead_request) +
737 ALIGN(crypto_aead_reqsize(aead),
738 crypto_tfm_ctx_alignment()) +
739 align + 16;
740
741 return 0;
742}
743
744static void crypto_rfc4309_exit_tfm(struct crypto_tfm *tfm)
745{
746 struct crypto_rfc4309_ctx *ctx = crypto_tfm_ctx(tfm);
747
748 crypto_free_aead(ctx->child);
749}
750
751static struct crypto_instance *crypto_rfc4309_alloc(struct rtattr **tb)
752{
753 struct crypto_attr_type *algt;
754 struct crypto_instance *inst;
755 struct crypto_aead_spawn *spawn;
756 struct crypto_alg *alg;
757 const char *ccm_name;
758 int err;
759
760 algt = crypto_get_attr_type(tb);
761 err = PTR_ERR(algt);
762 if (IS_ERR(algt))
763 return ERR_PTR(err);
764
765 if ((algt->type ^ CRYPTO_ALG_TYPE_AEAD) & algt->mask)
766 return ERR_PTR(-EINVAL);
767
768 ccm_name = crypto_attr_alg_name(tb[1]);
769 err = PTR_ERR(ccm_name);
770 if (IS_ERR(ccm_name))
771 return ERR_PTR(err);
772
773 inst = kzalloc(sizeof(*inst) + sizeof(*spawn), GFP_KERNEL);
774 if (!inst)
775 return ERR_PTR(-ENOMEM);
776
777 spawn = crypto_instance_ctx(inst);
778 crypto_set_aead_spawn(spawn, inst);
779 err = crypto_grab_aead(spawn, ccm_name, 0,
780 crypto_requires_sync(algt->type, algt->mask));
781 if (err)
782 goto out_free_inst;
783
784 alg = crypto_aead_spawn_alg(spawn);
785
786 err = -EINVAL;
787
788 /* We only support 16-byte blocks. */
789 if (alg->cra_aead.ivsize != 16)
790 goto out_drop_alg;
791
792 /* Not a stream cipher? */
793 if (alg->cra_blocksize != 1)
794 goto out_drop_alg;
795
796 err = -ENAMETOOLONG;
797 if (snprintf(inst->alg.cra_name, CRYPTO_MAX_ALG_NAME,
798 "rfc4309(%s)", alg->cra_name) >= CRYPTO_MAX_ALG_NAME ||
799 snprintf(inst->alg.cra_driver_name, CRYPTO_MAX_ALG_NAME,
800 "rfc4309(%s)", alg->cra_driver_name) >=
801 CRYPTO_MAX_ALG_NAME)
802 goto out_drop_alg;
803
804 inst->alg.cra_flags = CRYPTO_ALG_TYPE_AEAD;
805 inst->alg.cra_flags |= alg->cra_flags & CRYPTO_ALG_ASYNC;
806 inst->alg.cra_priority = alg->cra_priority;
807 inst->alg.cra_blocksize = 1;
808 inst->alg.cra_alignmask = alg->cra_alignmask;
809 inst->alg.cra_type = &crypto_nivaead_type;
810
811 inst->alg.cra_aead.ivsize = 8;
812 inst->alg.cra_aead.maxauthsize = 16;
813
814 inst->alg.cra_ctxsize = sizeof(struct crypto_rfc4309_ctx);
815
816 inst->alg.cra_init = crypto_rfc4309_init_tfm;
817 inst->alg.cra_exit = crypto_rfc4309_exit_tfm;
818
819 inst->alg.cra_aead.setkey = crypto_rfc4309_setkey;
820 inst->alg.cra_aead.setauthsize = crypto_rfc4309_setauthsize;
821 inst->alg.cra_aead.encrypt = crypto_rfc4309_encrypt;
822 inst->alg.cra_aead.decrypt = crypto_rfc4309_decrypt;
823
824 inst->alg.cra_aead.geniv = "seqiv";
825
826out:
827 return inst;
828
829out_drop_alg:
830 crypto_drop_aead(spawn);
831out_free_inst:
832 kfree(inst);
833 inst = ERR_PTR(err);
834 goto out;
835}
836
837static void crypto_rfc4309_free(struct crypto_instance *inst)
838{
839 crypto_drop_spawn(crypto_instance_ctx(inst));
840 kfree(inst);
841}
842
843static struct crypto_template crypto_rfc4309_tmpl = {
844 .name = "rfc4309",
845 .alloc = crypto_rfc4309_alloc,
846 .free = crypto_rfc4309_free,
847 .module = THIS_MODULE,
848};
849
850static int __init crypto_ccm_module_init(void)
851{
852 int err;
853
854 err = crypto_register_template(&crypto_ccm_base_tmpl);
855 if (err)
856 goto out;
857
858 err = crypto_register_template(&crypto_ccm_tmpl);
859 if (err)
860 goto out_undo_base;
861
862 err = crypto_register_template(&crypto_rfc4309_tmpl);
863 if (err)
864 goto out_undo_ccm;
865
866out:
867 return err;
868
869out_undo_ccm:
870 crypto_unregister_template(&crypto_ccm_tmpl);
871out_undo_base:
872 crypto_unregister_template(&crypto_ccm_base_tmpl);
873 goto out;
874}
875
876static void __exit crypto_ccm_module_exit(void)
877{
878 crypto_unregister_template(&crypto_rfc4309_tmpl);
879 crypto_unregister_template(&crypto_ccm_tmpl);
880 crypto_unregister_template(&crypto_ccm_base_tmpl);
881}
882
883module_init(crypto_ccm_module_init);
884module_exit(crypto_ccm_module_exit);
885
886MODULE_LICENSE("GPL");
887MODULE_DESCRIPTION("Counter with CBC MAC");
888MODULE_ALIAS("ccm_base");
889MODULE_ALIAS("rfc4309");
diff --git a/crypto/chainiv.c b/crypto/chainiv.c
new file mode 100644
index 000000000000..d17fa0454dc3
--- /dev/null
+++ b/crypto/chainiv.c
@@ -0,0 +1,331 @@
1/*
2 * chainiv: Chain IV Generator
3 *
4 * Generate IVs simply be using the last block of the previous encryption.
5 * This is mainly useful for CBC with a synchronous algorithm.
6 *
7 * Copyright (c) 2007 Herbert Xu <herbert@gondor.apana.org.au>
8 *
9 * This program is free software; you can redistribute it and/or modify it
10 * under the terms of the GNU General Public License as published by the Free
11 * Software Foundation; either version 2 of the License, or (at your option)
12 * any later version.
13 *
14 */
15
16#include <crypto/internal/skcipher.h>
17#include <linux/err.h>
18#include <linux/init.h>
19#include <linux/kernel.h>
20#include <linux/module.h>
21#include <linux/random.h>
22#include <linux/spinlock.h>
23#include <linux/string.h>
24#include <linux/workqueue.h>
25
26enum {
27 CHAINIV_STATE_INUSE = 0,
28};
29
30struct chainiv_ctx {
31 spinlock_t lock;
32 char iv[];
33};
34
35struct async_chainiv_ctx {
36 unsigned long state;
37
38 spinlock_t lock;
39 int err;
40
41 struct crypto_queue queue;
42 struct work_struct postponed;
43
44 char iv[];
45};
46
47static int chainiv_givencrypt(struct skcipher_givcrypt_request *req)
48{
49 struct crypto_ablkcipher *geniv = skcipher_givcrypt_reqtfm(req);
50 struct chainiv_ctx *ctx = crypto_ablkcipher_ctx(geniv);
51 struct ablkcipher_request *subreq = skcipher_givcrypt_reqctx(req);
52 unsigned int ivsize;
53 int err;
54
55 ablkcipher_request_set_tfm(subreq, skcipher_geniv_cipher(geniv));
56 ablkcipher_request_set_callback(subreq, req->creq.base.flags &
57 ~CRYPTO_TFM_REQ_MAY_SLEEP,
58 req->creq.base.complete,
59 req->creq.base.data);
60 ablkcipher_request_set_crypt(subreq, req->creq.src, req->creq.dst,
61 req->creq.nbytes, req->creq.info);
62
63 spin_lock_bh(&ctx->lock);
64
65 ivsize = crypto_ablkcipher_ivsize(geniv);
66
67 memcpy(req->giv, ctx->iv, ivsize);
68 memcpy(subreq->info, ctx->iv, ivsize);
69
70 err = crypto_ablkcipher_encrypt(subreq);
71 if (err)
72 goto unlock;
73
74 memcpy(ctx->iv, subreq->info, ivsize);
75
76unlock:
77 spin_unlock_bh(&ctx->lock);
78
79 return err;
80}
81
82static int chainiv_givencrypt_first(struct skcipher_givcrypt_request *req)
83{
84 struct crypto_ablkcipher *geniv = skcipher_givcrypt_reqtfm(req);
85 struct chainiv_ctx *ctx = crypto_ablkcipher_ctx(geniv);
86
87 spin_lock_bh(&ctx->lock);
88 if (crypto_ablkcipher_crt(geniv)->givencrypt !=
89 chainiv_givencrypt_first)
90 goto unlock;
91
92 crypto_ablkcipher_crt(geniv)->givencrypt = chainiv_givencrypt;
93 get_random_bytes(ctx->iv, crypto_ablkcipher_ivsize(geniv));
94
95unlock:
96 spin_unlock_bh(&ctx->lock);
97
98 return chainiv_givencrypt(req);
99}
100
101static int chainiv_init_common(struct crypto_tfm *tfm)
102{
103 tfm->crt_ablkcipher.reqsize = sizeof(struct ablkcipher_request);
104
105 return skcipher_geniv_init(tfm);
106}
107
108static int chainiv_init(struct crypto_tfm *tfm)
109{
110 struct chainiv_ctx *ctx = crypto_tfm_ctx(tfm);
111
112 spin_lock_init(&ctx->lock);
113
114 return chainiv_init_common(tfm);
115}
116
117static int async_chainiv_schedule_work(struct async_chainiv_ctx *ctx)
118{
119 int queued;
120
121 if (!ctx->queue.qlen) {
122 smp_mb__before_clear_bit();
123 clear_bit(CHAINIV_STATE_INUSE, &ctx->state);
124
125 if (!ctx->queue.qlen ||
126 test_and_set_bit(CHAINIV_STATE_INUSE, &ctx->state))
127 goto out;
128 }
129
130 queued = schedule_work(&ctx->postponed);
131 BUG_ON(!queued);
132
133out:
134 return ctx->err;
135}
136
137static int async_chainiv_postpone_request(struct skcipher_givcrypt_request *req)
138{
139 struct crypto_ablkcipher *geniv = skcipher_givcrypt_reqtfm(req);
140 struct async_chainiv_ctx *ctx = crypto_ablkcipher_ctx(geniv);
141 int err;
142
143 spin_lock_bh(&ctx->lock);
144 err = skcipher_enqueue_givcrypt(&ctx->queue, req);
145 spin_unlock_bh(&ctx->lock);
146
147 if (test_and_set_bit(CHAINIV_STATE_INUSE, &ctx->state))
148 return err;
149
150 ctx->err = err;
151 return async_chainiv_schedule_work(ctx);
152}
153
154static int async_chainiv_givencrypt_tail(struct skcipher_givcrypt_request *req)
155{
156 struct crypto_ablkcipher *geniv = skcipher_givcrypt_reqtfm(req);
157 struct async_chainiv_ctx *ctx = crypto_ablkcipher_ctx(geniv);
158 struct ablkcipher_request *subreq = skcipher_givcrypt_reqctx(req);
159 unsigned int ivsize = crypto_ablkcipher_ivsize(geniv);
160
161 memcpy(req->giv, ctx->iv, ivsize);
162 memcpy(subreq->info, ctx->iv, ivsize);
163
164 ctx->err = crypto_ablkcipher_encrypt(subreq);
165 if (ctx->err)
166 goto out;
167
168 memcpy(ctx->iv, subreq->info, ivsize);
169
170out:
171 return async_chainiv_schedule_work(ctx);
172}
173
174static int async_chainiv_givencrypt(struct skcipher_givcrypt_request *req)
175{
176 struct crypto_ablkcipher *geniv = skcipher_givcrypt_reqtfm(req);
177 struct async_chainiv_ctx *ctx = crypto_ablkcipher_ctx(geniv);
178 struct ablkcipher_request *subreq = skcipher_givcrypt_reqctx(req);
179
180 ablkcipher_request_set_tfm(subreq, skcipher_geniv_cipher(geniv));
181 ablkcipher_request_set_callback(subreq, req->creq.base.flags,
182 req->creq.base.complete,
183 req->creq.base.data);
184 ablkcipher_request_set_crypt(subreq, req->creq.src, req->creq.dst,
185 req->creq.nbytes, req->creq.info);
186
187 if (test_and_set_bit(CHAINIV_STATE_INUSE, &ctx->state))
188 goto postpone;
189
190 if (ctx->queue.qlen) {
191 clear_bit(CHAINIV_STATE_INUSE, &ctx->state);
192 goto postpone;
193 }
194
195 return async_chainiv_givencrypt_tail(req);
196
197postpone:
198 return async_chainiv_postpone_request(req);
199}
200
201static int async_chainiv_givencrypt_first(struct skcipher_givcrypt_request *req)
202{
203 struct crypto_ablkcipher *geniv = skcipher_givcrypt_reqtfm(req);
204 struct async_chainiv_ctx *ctx = crypto_ablkcipher_ctx(geniv);
205
206 if (test_and_set_bit(CHAINIV_STATE_INUSE, &ctx->state))
207 goto out;
208
209 if (crypto_ablkcipher_crt(geniv)->givencrypt !=
210 async_chainiv_givencrypt_first)
211 goto unlock;
212
213 crypto_ablkcipher_crt(geniv)->givencrypt = async_chainiv_givencrypt;
214 get_random_bytes(ctx->iv, crypto_ablkcipher_ivsize(geniv));
215
216unlock:
217 clear_bit(CHAINIV_STATE_INUSE, &ctx->state);
218
219out:
220 return async_chainiv_givencrypt(req);
221}
222
223static void async_chainiv_do_postponed(struct work_struct *work)
224{
225 struct async_chainiv_ctx *ctx = container_of(work,
226 struct async_chainiv_ctx,
227 postponed);
228 struct skcipher_givcrypt_request *req;
229 struct ablkcipher_request *subreq;
230
231 /* Only handle one request at a time to avoid hogging keventd. */
232 spin_lock_bh(&ctx->lock);
233 req = skcipher_dequeue_givcrypt(&ctx->queue);
234 spin_unlock_bh(&ctx->lock);
235
236 if (!req) {
237 async_chainiv_schedule_work(ctx);
238 return;
239 }
240
241 subreq = skcipher_givcrypt_reqctx(req);
242 subreq->base.flags |= CRYPTO_TFM_REQ_MAY_SLEEP;
243
244 async_chainiv_givencrypt_tail(req);
245}
246
247static int async_chainiv_init(struct crypto_tfm *tfm)
248{
249 struct async_chainiv_ctx *ctx = crypto_tfm_ctx(tfm);
250
251 spin_lock_init(&ctx->lock);
252
253 crypto_init_queue(&ctx->queue, 100);
254 INIT_WORK(&ctx->postponed, async_chainiv_do_postponed);
255
256 return chainiv_init_common(tfm);
257}
258
259static void async_chainiv_exit(struct crypto_tfm *tfm)
260{
261 struct async_chainiv_ctx *ctx = crypto_tfm_ctx(tfm);
262
263 BUG_ON(test_bit(CHAINIV_STATE_INUSE, &ctx->state) || ctx->queue.qlen);
264
265 skcipher_geniv_exit(tfm);
266}
267
268static struct crypto_template chainiv_tmpl;
269
270static struct crypto_instance *chainiv_alloc(struct rtattr **tb)
271{
272 struct crypto_attr_type *algt;
273 struct crypto_instance *inst;
274 int err;
275
276 algt = crypto_get_attr_type(tb);
277 err = PTR_ERR(algt);
278 if (IS_ERR(algt))
279 return ERR_PTR(err);
280
281 inst = skcipher_geniv_alloc(&chainiv_tmpl, tb, 0, 0);
282 if (IS_ERR(inst))
283 goto out;
284
285 inst->alg.cra_ablkcipher.givencrypt = chainiv_givencrypt_first;
286
287 inst->alg.cra_init = chainiv_init;
288 inst->alg.cra_exit = skcipher_geniv_exit;
289
290 inst->alg.cra_ctxsize = sizeof(struct chainiv_ctx);
291
292 if (!crypto_requires_sync(algt->type, algt->mask)) {
293 inst->alg.cra_flags |= CRYPTO_ALG_ASYNC;
294
295 inst->alg.cra_ablkcipher.givencrypt =
296 async_chainiv_givencrypt_first;
297
298 inst->alg.cra_init = async_chainiv_init;
299 inst->alg.cra_exit = async_chainiv_exit;
300
301 inst->alg.cra_ctxsize = sizeof(struct async_chainiv_ctx);
302 }
303
304 inst->alg.cra_ctxsize += inst->alg.cra_ablkcipher.ivsize;
305
306out:
307 return inst;
308}
309
310static struct crypto_template chainiv_tmpl = {
311 .name = "chainiv",
312 .alloc = chainiv_alloc,
313 .free = skcipher_geniv_free,
314 .module = THIS_MODULE,
315};
316
317static int __init chainiv_module_init(void)
318{
319 return crypto_register_template(&chainiv_tmpl);
320}
321
322static void __exit chainiv_module_exit(void)
323{
324 crypto_unregister_template(&chainiv_tmpl);
325}
326
327module_init(chainiv_module_init);
328module_exit(chainiv_module_exit);
329
330MODULE_LICENSE("GPL");
331MODULE_DESCRIPTION("Chain IV Generator");
diff --git a/crypto/cryptd.c b/crypto/cryptd.c
index 8bf2da835f7b..074298f2f8e3 100644
--- a/crypto/cryptd.c
+++ b/crypto/cryptd.c
@@ -228,7 +228,7 @@ static struct crypto_instance *cryptd_alloc_blkcipher(
228 struct crypto_alg *alg; 228 struct crypto_alg *alg;
229 229
230 alg = crypto_get_attr_alg(tb, CRYPTO_ALG_TYPE_BLKCIPHER, 230 alg = crypto_get_attr_alg(tb, CRYPTO_ALG_TYPE_BLKCIPHER,
231 CRYPTO_ALG_TYPE_MASK | CRYPTO_ALG_ASYNC); 231 CRYPTO_ALG_TYPE_MASK);
232 if (IS_ERR(alg)) 232 if (IS_ERR(alg))
233 return ERR_PTR(PTR_ERR(alg)); 233 return ERR_PTR(PTR_ERR(alg));
234 234
@@ -236,13 +236,15 @@ static struct crypto_instance *cryptd_alloc_blkcipher(
236 if (IS_ERR(inst)) 236 if (IS_ERR(inst))
237 goto out_put_alg; 237 goto out_put_alg;
238 238
239 inst->alg.cra_flags = CRYPTO_ALG_TYPE_BLKCIPHER | CRYPTO_ALG_ASYNC; 239 inst->alg.cra_flags = CRYPTO_ALG_TYPE_ABLKCIPHER | CRYPTO_ALG_ASYNC;
240 inst->alg.cra_type = &crypto_ablkcipher_type; 240 inst->alg.cra_type = &crypto_ablkcipher_type;
241 241
242 inst->alg.cra_ablkcipher.ivsize = alg->cra_blkcipher.ivsize; 242 inst->alg.cra_ablkcipher.ivsize = alg->cra_blkcipher.ivsize;
243 inst->alg.cra_ablkcipher.min_keysize = alg->cra_blkcipher.min_keysize; 243 inst->alg.cra_ablkcipher.min_keysize = alg->cra_blkcipher.min_keysize;
244 inst->alg.cra_ablkcipher.max_keysize = alg->cra_blkcipher.max_keysize; 244 inst->alg.cra_ablkcipher.max_keysize = alg->cra_blkcipher.max_keysize;
245 245
246 inst->alg.cra_ablkcipher.geniv = alg->cra_blkcipher.geniv;
247
246 inst->alg.cra_ctxsize = sizeof(struct cryptd_blkcipher_ctx); 248 inst->alg.cra_ctxsize = sizeof(struct cryptd_blkcipher_ctx);
247 249
248 inst->alg.cra_init = cryptd_blkcipher_init_tfm; 250 inst->alg.cra_init = cryptd_blkcipher_init_tfm;
diff --git a/crypto/crypto_null.c b/crypto/crypto_null.c
index 29f77477d701..ff7b3de1bcfd 100644
--- a/crypto/crypto_null.c
+++ b/crypto/crypto_null.c
@@ -16,15 +16,17 @@
16 * (at your option) any later version. 16 * (at your option) any later version.
17 * 17 *
18 */ 18 */
19
20#include <crypto/internal/skcipher.h>
19#include <linux/init.h> 21#include <linux/init.h>
20#include <linux/module.h> 22#include <linux/module.h>
21#include <linux/mm.h> 23#include <linux/mm.h>
22#include <linux/crypto.h>
23#include <linux/string.h> 24#include <linux/string.h>
24 25
25#define NULL_KEY_SIZE 0 26#define NULL_KEY_SIZE 0
26#define NULL_BLOCK_SIZE 1 27#define NULL_BLOCK_SIZE 1
27#define NULL_DIGEST_SIZE 0 28#define NULL_DIGEST_SIZE 0
29#define NULL_IV_SIZE 0
28 30
29static int null_compress(struct crypto_tfm *tfm, const u8 *src, 31static int null_compress(struct crypto_tfm *tfm, const u8 *src,
30 unsigned int slen, u8 *dst, unsigned int *dlen) 32 unsigned int slen, u8 *dst, unsigned int *dlen)
@@ -55,6 +57,26 @@ static void null_crypt(struct crypto_tfm *tfm, u8 *dst, const u8 *src)
55 memcpy(dst, src, NULL_BLOCK_SIZE); 57 memcpy(dst, src, NULL_BLOCK_SIZE);
56} 58}
57 59
60static int skcipher_null_crypt(struct blkcipher_desc *desc,
61 struct scatterlist *dst,
62 struct scatterlist *src, unsigned int nbytes)
63{
64 struct blkcipher_walk walk;
65 int err;
66
67 blkcipher_walk_init(&walk, dst, src, nbytes);
68 err = blkcipher_walk_virt(desc, &walk);
69
70 while (walk.nbytes) {
71 if (walk.src.virt.addr != walk.dst.virt.addr)
72 memcpy(walk.dst.virt.addr, walk.src.virt.addr,
73 walk.nbytes);
74 err = blkcipher_walk_done(desc, &walk, 0);
75 }
76
77 return err;
78}
79
58static struct crypto_alg compress_null = { 80static struct crypto_alg compress_null = {
59 .cra_name = "compress_null", 81 .cra_name = "compress_null",
60 .cra_flags = CRYPTO_ALG_TYPE_COMPRESS, 82 .cra_flags = CRYPTO_ALG_TYPE_COMPRESS,
@@ -76,6 +98,7 @@ static struct crypto_alg digest_null = {
76 .cra_list = LIST_HEAD_INIT(digest_null.cra_list), 98 .cra_list = LIST_HEAD_INIT(digest_null.cra_list),
77 .cra_u = { .digest = { 99 .cra_u = { .digest = {
78 .dia_digestsize = NULL_DIGEST_SIZE, 100 .dia_digestsize = NULL_DIGEST_SIZE,
101 .dia_setkey = null_setkey,
79 .dia_init = null_init, 102 .dia_init = null_init,
80 .dia_update = null_update, 103 .dia_update = null_update,
81 .dia_final = null_final } } 104 .dia_final = null_final } }
@@ -96,6 +119,25 @@ static struct crypto_alg cipher_null = {
96 .cia_decrypt = null_crypt } } 119 .cia_decrypt = null_crypt } }
97}; 120};
98 121
122static struct crypto_alg skcipher_null = {
123 .cra_name = "ecb(cipher_null)",
124 .cra_driver_name = "ecb-cipher_null",
125 .cra_priority = 100,
126 .cra_flags = CRYPTO_ALG_TYPE_BLKCIPHER,
127 .cra_blocksize = NULL_BLOCK_SIZE,
128 .cra_type = &crypto_blkcipher_type,
129 .cra_ctxsize = 0,
130 .cra_module = THIS_MODULE,
131 .cra_list = LIST_HEAD_INIT(skcipher_null.cra_list),
132 .cra_u = { .blkcipher = {
133 .min_keysize = NULL_KEY_SIZE,
134 .max_keysize = NULL_KEY_SIZE,
135 .ivsize = NULL_IV_SIZE,
136 .setkey = null_setkey,
137 .encrypt = skcipher_null_crypt,
138 .decrypt = skcipher_null_crypt } }
139};
140
99MODULE_ALIAS("compress_null"); 141MODULE_ALIAS("compress_null");
100MODULE_ALIAS("digest_null"); 142MODULE_ALIAS("digest_null");
101MODULE_ALIAS("cipher_null"); 143MODULE_ALIAS("cipher_null");
@@ -108,27 +150,35 @@ static int __init init(void)
108 if (ret < 0) 150 if (ret < 0)
109 goto out; 151 goto out;
110 152
153 ret = crypto_register_alg(&skcipher_null);
154 if (ret < 0)
155 goto out_unregister_cipher;
156
111 ret = crypto_register_alg(&digest_null); 157 ret = crypto_register_alg(&digest_null);
112 if (ret < 0) { 158 if (ret < 0)
113 crypto_unregister_alg(&cipher_null); 159 goto out_unregister_skcipher;
114 goto out;
115 }
116 160
117 ret = crypto_register_alg(&compress_null); 161 ret = crypto_register_alg(&compress_null);
118 if (ret < 0) { 162 if (ret < 0)
119 crypto_unregister_alg(&digest_null); 163 goto out_unregister_digest;
120 crypto_unregister_alg(&cipher_null);
121 goto out;
122 }
123 164
124out: 165out:
125 return ret; 166 return ret;
167
168out_unregister_digest:
169 crypto_unregister_alg(&digest_null);
170out_unregister_skcipher:
171 crypto_unregister_alg(&skcipher_null);
172out_unregister_cipher:
173 crypto_unregister_alg(&cipher_null);
174 goto out;
126} 175}
127 176
128static void __exit fini(void) 177static void __exit fini(void)
129{ 178{
130 crypto_unregister_alg(&compress_null); 179 crypto_unregister_alg(&compress_null);
131 crypto_unregister_alg(&digest_null); 180 crypto_unregister_alg(&digest_null);
181 crypto_unregister_alg(&skcipher_null);
132 crypto_unregister_alg(&cipher_null); 182 crypto_unregister_alg(&cipher_null);
133} 183}
134 184
diff --git a/crypto/ctr.c b/crypto/ctr.c
new file mode 100644
index 000000000000..2d7425f0e7b8
--- /dev/null
+++ b/crypto/ctr.c
@@ -0,0 +1,422 @@
1/*
2 * CTR: Counter mode
3 *
4 * (C) Copyright IBM Corp. 2007 - Joy Latten <latten@us.ibm.com>
5 *
6 * This program is free software; you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License as published by the Free
8 * Software Foundation; either version 2 of the License, or (at your option)
9 * any later version.
10 *
11 */
12
13#include <crypto/algapi.h>
14#include <crypto/ctr.h>
15#include <linux/err.h>
16#include <linux/init.h>
17#include <linux/kernel.h>
18#include <linux/module.h>
19#include <linux/random.h>
20#include <linux/scatterlist.h>
21#include <linux/slab.h>
22
23struct crypto_ctr_ctx {
24 struct crypto_cipher *child;
25};
26
27struct crypto_rfc3686_ctx {
28 struct crypto_blkcipher *child;
29 u8 nonce[CTR_RFC3686_NONCE_SIZE];
30};
31
32static int crypto_ctr_setkey(struct crypto_tfm *parent, const u8 *key,
33 unsigned int keylen)
34{
35 struct crypto_ctr_ctx *ctx = crypto_tfm_ctx(parent);
36 struct crypto_cipher *child = ctx->child;
37 int err;
38
39 crypto_cipher_clear_flags(child, CRYPTO_TFM_REQ_MASK);
40 crypto_cipher_set_flags(child, crypto_tfm_get_flags(parent) &
41 CRYPTO_TFM_REQ_MASK);
42 err = crypto_cipher_setkey(child, key, keylen);
43 crypto_tfm_set_flags(parent, crypto_cipher_get_flags(child) &
44 CRYPTO_TFM_RES_MASK);
45
46 return err;
47}
48
49static void crypto_ctr_crypt_final(struct blkcipher_walk *walk,
50 struct crypto_cipher *tfm)
51{
52 unsigned int bsize = crypto_cipher_blocksize(tfm);
53 unsigned long alignmask = crypto_cipher_alignmask(tfm);
54 u8 *ctrblk = walk->iv;
55 u8 tmp[bsize + alignmask];
56 u8 *keystream = PTR_ALIGN(tmp + 0, alignmask + 1);
57 u8 *src = walk->src.virt.addr;
58 u8 *dst = walk->dst.virt.addr;
59 unsigned int nbytes = walk->nbytes;
60
61 crypto_cipher_encrypt_one(tfm, keystream, ctrblk);
62 crypto_xor(keystream, src, nbytes);
63 memcpy(dst, keystream, nbytes);
64
65 crypto_inc(ctrblk, bsize);
66}
67
68static int crypto_ctr_crypt_segment(struct blkcipher_walk *walk,
69 struct crypto_cipher *tfm)
70{
71 void (*fn)(struct crypto_tfm *, u8 *, const u8 *) =
72 crypto_cipher_alg(tfm)->cia_encrypt;
73 unsigned int bsize = crypto_cipher_blocksize(tfm);
74 u8 *ctrblk = walk->iv;
75 u8 *src = walk->src.virt.addr;
76 u8 *dst = walk->dst.virt.addr;
77 unsigned int nbytes = walk->nbytes;
78
79 do {
80 /* create keystream */
81 fn(crypto_cipher_tfm(tfm), dst, ctrblk);
82 crypto_xor(dst, src, bsize);
83
84 /* increment counter in counterblock */
85 crypto_inc(ctrblk, bsize);
86
87 src += bsize;
88 dst += bsize;
89 } while ((nbytes -= bsize) >= bsize);
90
91 return nbytes;
92}
93
94static int crypto_ctr_crypt_inplace(struct blkcipher_walk *walk,
95 struct crypto_cipher *tfm)
96{
97 void (*fn)(struct crypto_tfm *, u8 *, const u8 *) =
98 crypto_cipher_alg(tfm)->cia_encrypt;
99 unsigned int bsize = crypto_cipher_blocksize(tfm);
100 unsigned long alignmask = crypto_cipher_alignmask(tfm);
101 unsigned int nbytes = walk->nbytes;
102 u8 *ctrblk = walk->iv;
103 u8 *src = walk->src.virt.addr;
104 u8 tmp[bsize + alignmask];
105 u8 *keystream = PTR_ALIGN(tmp + 0, alignmask + 1);
106
107 do {
108 /* create keystream */
109 fn(crypto_cipher_tfm(tfm), keystream, ctrblk);
110 crypto_xor(src, keystream, bsize);
111
112 /* increment counter in counterblock */
113 crypto_inc(ctrblk, bsize);
114
115 src += bsize;
116 } while ((nbytes -= bsize) >= bsize);
117
118 return nbytes;
119}
120
121static int crypto_ctr_crypt(struct blkcipher_desc *desc,
122 struct scatterlist *dst, struct scatterlist *src,
123 unsigned int nbytes)
124{
125 struct blkcipher_walk walk;
126 struct crypto_blkcipher *tfm = desc->tfm;
127 struct crypto_ctr_ctx *ctx = crypto_blkcipher_ctx(tfm);
128 struct crypto_cipher *child = ctx->child;
129 unsigned int bsize = crypto_cipher_blocksize(child);
130 int err;
131
132 blkcipher_walk_init(&walk, dst, src, nbytes);
133 err = blkcipher_walk_virt_block(desc, &walk, bsize);
134
135 while (walk.nbytes >= bsize) {
136 if (walk.src.virt.addr == walk.dst.virt.addr)
137 nbytes = crypto_ctr_crypt_inplace(&walk, child);
138 else
139 nbytes = crypto_ctr_crypt_segment(&walk, child);
140
141 err = blkcipher_walk_done(desc, &walk, nbytes);
142 }
143
144 if (walk.nbytes) {
145 crypto_ctr_crypt_final(&walk, child);
146 err = blkcipher_walk_done(desc, &walk, 0);
147 }
148
149 return err;
150}
151
152static int crypto_ctr_init_tfm(struct crypto_tfm *tfm)
153{
154 struct crypto_instance *inst = (void *)tfm->__crt_alg;
155 struct crypto_spawn *spawn = crypto_instance_ctx(inst);
156 struct crypto_ctr_ctx *ctx = crypto_tfm_ctx(tfm);
157 struct crypto_cipher *cipher;
158
159 cipher = crypto_spawn_cipher(spawn);
160 if (IS_ERR(cipher))
161 return PTR_ERR(cipher);
162
163 ctx->child = cipher;
164
165 return 0;
166}
167
168static void crypto_ctr_exit_tfm(struct crypto_tfm *tfm)
169{
170 struct crypto_ctr_ctx *ctx = crypto_tfm_ctx(tfm);
171
172 crypto_free_cipher(ctx->child);
173}
174
175static struct crypto_instance *crypto_ctr_alloc(struct rtattr **tb)
176{
177 struct crypto_instance *inst;
178 struct crypto_alg *alg;
179 int err;
180
181 err = crypto_check_attr_type(tb, CRYPTO_ALG_TYPE_BLKCIPHER);
182 if (err)
183 return ERR_PTR(err);
184
185 alg = crypto_attr_alg(tb[1], CRYPTO_ALG_TYPE_CIPHER,
186 CRYPTO_ALG_TYPE_MASK);
187 if (IS_ERR(alg))
188 return ERR_PTR(PTR_ERR(alg));
189
190 /* Block size must be >= 4 bytes. */
191 err = -EINVAL;
192 if (alg->cra_blocksize < 4)
193 goto out_put_alg;
194
195 /* If this is false we'd fail the alignment of crypto_inc. */
196 if (alg->cra_blocksize % 4)
197 goto out_put_alg;
198
199 inst = crypto_alloc_instance("ctr", alg);
200 if (IS_ERR(inst))
201 goto out;
202
203 inst->alg.cra_flags = CRYPTO_ALG_TYPE_BLKCIPHER;
204 inst->alg.cra_priority = alg->cra_priority;
205 inst->alg.cra_blocksize = 1;
206 inst->alg.cra_alignmask = alg->cra_alignmask | (__alignof__(u32) - 1);
207 inst->alg.cra_type = &crypto_blkcipher_type;
208
209 inst->alg.cra_blkcipher.ivsize = alg->cra_blocksize;
210 inst->alg.cra_blkcipher.min_keysize = alg->cra_cipher.cia_min_keysize;
211 inst->alg.cra_blkcipher.max_keysize = alg->cra_cipher.cia_max_keysize;
212
213 inst->alg.cra_ctxsize = sizeof(struct crypto_ctr_ctx);
214
215 inst->alg.cra_init = crypto_ctr_init_tfm;
216 inst->alg.cra_exit = crypto_ctr_exit_tfm;
217
218 inst->alg.cra_blkcipher.setkey = crypto_ctr_setkey;
219 inst->alg.cra_blkcipher.encrypt = crypto_ctr_crypt;
220 inst->alg.cra_blkcipher.decrypt = crypto_ctr_crypt;
221
222out:
223 crypto_mod_put(alg);
224 return inst;
225
226out_put_alg:
227 inst = ERR_PTR(err);
228 goto out;
229}
230
231static void crypto_ctr_free(struct crypto_instance *inst)
232{
233 crypto_drop_spawn(crypto_instance_ctx(inst));
234 kfree(inst);
235}
236
237static struct crypto_template crypto_ctr_tmpl = {
238 .name = "ctr",
239 .alloc = crypto_ctr_alloc,
240 .free = crypto_ctr_free,
241 .module = THIS_MODULE,
242};
243
244static int crypto_rfc3686_setkey(struct crypto_tfm *parent, const u8 *key,
245 unsigned int keylen)
246{
247 struct crypto_rfc3686_ctx *ctx = crypto_tfm_ctx(parent);
248 struct crypto_blkcipher *child = ctx->child;
249 int err;
250
251 /* the nonce is stored in bytes at end of key */
252 if (keylen < CTR_RFC3686_NONCE_SIZE)
253 return -EINVAL;
254
255 memcpy(ctx->nonce, key + (keylen - CTR_RFC3686_NONCE_SIZE),
256 CTR_RFC3686_NONCE_SIZE);
257
258 keylen -= CTR_RFC3686_NONCE_SIZE;
259
260 crypto_blkcipher_clear_flags(child, CRYPTO_TFM_REQ_MASK);
261 crypto_blkcipher_set_flags(child, crypto_tfm_get_flags(parent) &
262 CRYPTO_TFM_REQ_MASK);
263 err = crypto_blkcipher_setkey(child, key, keylen);
264 crypto_tfm_set_flags(parent, crypto_blkcipher_get_flags(child) &
265 CRYPTO_TFM_RES_MASK);
266
267 return err;
268}
269
270static int crypto_rfc3686_crypt(struct blkcipher_desc *desc,
271 struct scatterlist *dst,
272 struct scatterlist *src, unsigned int nbytes)
273{
274 struct crypto_blkcipher *tfm = desc->tfm;
275 struct crypto_rfc3686_ctx *ctx = crypto_blkcipher_ctx(tfm);
276 struct crypto_blkcipher *child = ctx->child;
277 unsigned long alignmask = crypto_blkcipher_alignmask(tfm);
278 u8 ivblk[CTR_RFC3686_BLOCK_SIZE + alignmask];
279 u8 *iv = PTR_ALIGN(ivblk + 0, alignmask + 1);
280 u8 *info = desc->info;
281 int err;
282
283 /* set up counter block */
284 memcpy(iv, ctx->nonce, CTR_RFC3686_NONCE_SIZE);
285 memcpy(iv + CTR_RFC3686_NONCE_SIZE, info, CTR_RFC3686_IV_SIZE);
286
287 /* initialize counter portion of counter block */
288 *(__be32 *)(iv + CTR_RFC3686_NONCE_SIZE + CTR_RFC3686_IV_SIZE) =
289 cpu_to_be32(1);
290
291 desc->tfm = child;
292 desc->info = iv;
293 err = crypto_blkcipher_encrypt_iv(desc, dst, src, nbytes);
294 desc->tfm = tfm;
295 desc->info = info;
296
297 return err;
298}
299
300static int crypto_rfc3686_init_tfm(struct crypto_tfm *tfm)
301{
302 struct crypto_instance *inst = (void *)tfm->__crt_alg;
303 struct crypto_spawn *spawn = crypto_instance_ctx(inst);
304 struct crypto_rfc3686_ctx *ctx = crypto_tfm_ctx(tfm);
305 struct crypto_blkcipher *cipher;
306
307 cipher = crypto_spawn_blkcipher(spawn);
308 if (IS_ERR(cipher))
309 return PTR_ERR(cipher);
310
311 ctx->child = cipher;
312
313 return 0;
314}
315
316static void crypto_rfc3686_exit_tfm(struct crypto_tfm *tfm)
317{
318 struct crypto_rfc3686_ctx *ctx = crypto_tfm_ctx(tfm);
319
320 crypto_free_blkcipher(ctx->child);
321}
322
323static struct crypto_instance *crypto_rfc3686_alloc(struct rtattr **tb)
324{
325 struct crypto_instance *inst;
326 struct crypto_alg *alg;
327 int err;
328
329 err = crypto_check_attr_type(tb, CRYPTO_ALG_TYPE_BLKCIPHER);
330 if (err)
331 return ERR_PTR(err);
332
333 alg = crypto_attr_alg(tb[1], CRYPTO_ALG_TYPE_BLKCIPHER,
334 CRYPTO_ALG_TYPE_MASK);
335 err = PTR_ERR(alg);
336 if (IS_ERR(alg))
337 return ERR_PTR(err);
338
339 /* We only support 16-byte blocks. */
340 err = -EINVAL;
341 if (alg->cra_blkcipher.ivsize != CTR_RFC3686_BLOCK_SIZE)
342 goto out_put_alg;
343
344 /* Not a stream cipher? */
345 if (alg->cra_blocksize != 1)
346 goto out_put_alg;
347
348 inst = crypto_alloc_instance("rfc3686", alg);
349 if (IS_ERR(inst))
350 goto out;
351
352 inst->alg.cra_flags = CRYPTO_ALG_TYPE_BLKCIPHER;
353 inst->alg.cra_priority = alg->cra_priority;
354 inst->alg.cra_blocksize = 1;
355 inst->alg.cra_alignmask = alg->cra_alignmask;
356 inst->alg.cra_type = &crypto_blkcipher_type;
357
358 inst->alg.cra_blkcipher.ivsize = CTR_RFC3686_IV_SIZE;
359 inst->alg.cra_blkcipher.min_keysize = alg->cra_blkcipher.min_keysize
360 + CTR_RFC3686_NONCE_SIZE;
361 inst->alg.cra_blkcipher.max_keysize = alg->cra_blkcipher.max_keysize
362 + CTR_RFC3686_NONCE_SIZE;
363
364 inst->alg.cra_blkcipher.geniv = "seqiv";
365
366 inst->alg.cra_ctxsize = sizeof(struct crypto_rfc3686_ctx);
367
368 inst->alg.cra_init = crypto_rfc3686_init_tfm;
369 inst->alg.cra_exit = crypto_rfc3686_exit_tfm;
370
371 inst->alg.cra_blkcipher.setkey = crypto_rfc3686_setkey;
372 inst->alg.cra_blkcipher.encrypt = crypto_rfc3686_crypt;
373 inst->alg.cra_blkcipher.decrypt = crypto_rfc3686_crypt;
374
375out:
376 crypto_mod_put(alg);
377 return inst;
378
379out_put_alg:
380 inst = ERR_PTR(err);
381 goto out;
382}
383
384static struct crypto_template crypto_rfc3686_tmpl = {
385 .name = "rfc3686",
386 .alloc = crypto_rfc3686_alloc,
387 .free = crypto_ctr_free,
388 .module = THIS_MODULE,
389};
390
391static int __init crypto_ctr_module_init(void)
392{
393 int err;
394
395 err = crypto_register_template(&crypto_ctr_tmpl);
396 if (err)
397 goto out;
398
399 err = crypto_register_template(&crypto_rfc3686_tmpl);
400 if (err)
401 goto out_drop_ctr;
402
403out:
404 return err;
405
406out_drop_ctr:
407 crypto_unregister_template(&crypto_ctr_tmpl);
408 goto out;
409}
410
411static void __exit crypto_ctr_module_exit(void)
412{
413 crypto_unregister_template(&crypto_rfc3686_tmpl);
414 crypto_unregister_template(&crypto_ctr_tmpl);
415}
416
417module_init(crypto_ctr_module_init);
418module_exit(crypto_ctr_module_exit);
419
420MODULE_LICENSE("GPL");
421MODULE_DESCRIPTION("CTR Counter block mode");
422MODULE_ALIAS("rfc3686");
diff --git a/crypto/des_generic.c b/crypto/des_generic.c
index 59966d14b8e0..355ecb71cb0d 100644
--- a/crypto/des_generic.c
+++ b/crypto/des_generic.c
@@ -20,13 +20,7 @@
20#include <linux/crypto.h> 20#include <linux/crypto.h>
21#include <linux/types.h> 21#include <linux/types.h>
22 22
23#define DES_KEY_SIZE 8 23#include <crypto/des.h>
24#define DES_EXPKEY_WORDS 32
25#define DES_BLOCK_SIZE 8
26
27#define DES3_EDE_KEY_SIZE (3 * DES_KEY_SIZE)
28#define DES3_EDE_EXPKEY_WORDS (3 * DES_EXPKEY_WORDS)
29#define DES3_EDE_BLOCK_SIZE DES_BLOCK_SIZE
30 24
31#define ROL(x, r) ((x) = rol32((x), (r))) 25#define ROL(x, r) ((x) = rol32((x), (r)))
32#define ROR(x, r) ((x) = ror32((x), (r))) 26#define ROR(x, r) ((x) = ror32((x), (r)))
@@ -634,7 +628,7 @@ static const u32 S8[64] = {
634 * Choice 1 has operated on the key. 628 * Choice 1 has operated on the key.
635 * 629 *
636 */ 630 */
637static unsigned long ekey(u32 *pe, const u8 *k) 631unsigned long des_ekey(u32 *pe, const u8 *k)
638{ 632{
639 /* K&R: long is at least 32 bits */ 633 /* K&R: long is at least 32 bits */
640 unsigned long a, b, c, d, w; 634 unsigned long a, b, c, d, w;
@@ -709,6 +703,7 @@ static unsigned long ekey(u32 *pe, const u8 *k)
709 /* Zero if weak key */ 703 /* Zero if weak key */
710 return w; 704 return w;
711} 705}
706EXPORT_SYMBOL_GPL(des_ekey);
712 707
713/* 708/*
714 * Decryption key expansion 709 * Decryption key expansion
@@ -792,7 +787,7 @@ static int des_setkey(struct crypto_tfm *tfm, const u8 *key,
792 int ret; 787 int ret;
793 788
794 /* Expand to tmp */ 789 /* Expand to tmp */
795 ret = ekey(tmp, key); 790 ret = des_ekey(tmp, key);
796 791
797 if (unlikely(ret == 0) && (*flags & CRYPTO_TFM_REQ_WEAK_KEY)) { 792 if (unlikely(ret == 0) && (*flags & CRYPTO_TFM_REQ_WEAK_KEY)) {
798 *flags |= CRYPTO_TFM_RES_WEAK_KEY; 793 *flags |= CRYPTO_TFM_RES_WEAK_KEY;
@@ -879,9 +874,9 @@ static int des3_ede_setkey(struct crypto_tfm *tfm, const u8 *key,
879 return -EINVAL; 874 return -EINVAL;
880 } 875 }
881 876
882 ekey(expkey, key); expkey += DES_EXPKEY_WORDS; key += DES_KEY_SIZE; 877 des_ekey(expkey, key); expkey += DES_EXPKEY_WORDS; key += DES_KEY_SIZE;
883 dkey(expkey, key); expkey += DES_EXPKEY_WORDS; key += DES_KEY_SIZE; 878 dkey(expkey, key); expkey += DES_EXPKEY_WORDS; key += DES_KEY_SIZE;
884 ekey(expkey, key); 879 des_ekey(expkey, key);
885 880
886 return 0; 881 return 0;
887} 882}
diff --git a/crypto/digest.c b/crypto/digest.c
index 8871dec8cae7..6fd43bddd545 100644
--- a/crypto/digest.c
+++ b/crypto/digest.c
@@ -12,6 +12,7 @@
12 * 12 *
13 */ 13 */
14 14
15#include <crypto/scatterwalk.h>
15#include <linux/mm.h> 16#include <linux/mm.h>
16#include <linux/errno.h> 17#include <linux/errno.h>
17#include <linux/hardirq.h> 18#include <linux/hardirq.h>
@@ -20,9 +21,6 @@
20#include <linux/module.h> 21#include <linux/module.h>
21#include <linux/scatterlist.h> 22#include <linux/scatterlist.h>
22 23
23#include "internal.h"
24#include "scatterwalk.h"
25
26static int init(struct hash_desc *desc) 24static int init(struct hash_desc *desc)
27{ 25{
28 struct crypto_tfm *tfm = crypto_hash_tfm(desc->tfm); 26 struct crypto_tfm *tfm = crypto_hash_tfm(desc->tfm);
diff --git a/crypto/eseqiv.c b/crypto/eseqiv.c
new file mode 100644
index 000000000000..eb90d27ae118
--- /dev/null
+++ b/crypto/eseqiv.c
@@ -0,0 +1,264 @@
1/*
2 * eseqiv: Encrypted Sequence Number IV Generator
3 *
4 * This generator generates an IV based on a sequence number by xoring it
5 * with a salt and then encrypting it with the same key as used to encrypt
6 * the plain text. This algorithm requires that the block size be equal
7 * to the IV size. It is mainly useful for CBC.
8 *
9 * Copyright (c) 2007 Herbert Xu <herbert@gondor.apana.org.au>
10 *
11 * This program is free software; you can redistribute it and/or modify it
12 * under the terms of the GNU General Public License as published by the Free
13 * Software Foundation; either version 2 of the License, or (at your option)
14 * any later version.
15 *
16 */
17
18#include <crypto/internal/skcipher.h>
19#include <crypto/scatterwalk.h>
20#include <linux/err.h>
21#include <linux/init.h>
22#include <linux/kernel.h>
23#include <linux/mm.h>
24#include <linux/module.h>
25#include <linux/random.h>
26#include <linux/scatterlist.h>
27#include <linux/spinlock.h>
28#include <linux/string.h>
29
30struct eseqiv_request_ctx {
31 struct scatterlist src[2];
32 struct scatterlist dst[2];
33 char tail[];
34};
35
36struct eseqiv_ctx {
37 spinlock_t lock;
38 unsigned int reqoff;
39 char salt[];
40};
41
42static void eseqiv_complete2(struct skcipher_givcrypt_request *req)
43{
44 struct crypto_ablkcipher *geniv = skcipher_givcrypt_reqtfm(req);
45 struct eseqiv_request_ctx *reqctx = skcipher_givcrypt_reqctx(req);
46
47 memcpy(req->giv, PTR_ALIGN((u8 *)reqctx->tail,
48 crypto_ablkcipher_alignmask(geniv) + 1),
49 crypto_ablkcipher_ivsize(geniv));
50}
51
52static void eseqiv_complete(struct crypto_async_request *base, int err)
53{
54 struct skcipher_givcrypt_request *req = base->data;
55
56 if (err)
57 goto out;
58
59 eseqiv_complete2(req);
60
61out:
62 skcipher_givcrypt_complete(req, err);
63}
64
65static void eseqiv_chain(struct scatterlist *head, struct scatterlist *sg,
66 int chain)
67{
68 if (chain) {
69 head->length += sg->length;
70 sg = scatterwalk_sg_next(sg);
71 }
72
73 if (sg)
74 scatterwalk_sg_chain(head, 2, sg);
75 else
76 sg_mark_end(head);
77}
78
79static int eseqiv_givencrypt(struct skcipher_givcrypt_request *req)
80{
81 struct crypto_ablkcipher *geniv = skcipher_givcrypt_reqtfm(req);
82 struct eseqiv_ctx *ctx = crypto_ablkcipher_ctx(geniv);
83 struct eseqiv_request_ctx *reqctx = skcipher_givcrypt_reqctx(req);
84 struct ablkcipher_request *subreq;
85 crypto_completion_t complete;
86 void *data;
87 struct scatterlist *osrc, *odst;
88 struct scatterlist *dst;
89 struct page *srcp;
90 struct page *dstp;
91 u8 *giv;
92 u8 *vsrc;
93 u8 *vdst;
94 __be64 seq;
95 unsigned int ivsize;
96 unsigned int len;
97 int err;
98
99 subreq = (void *)(reqctx->tail + ctx->reqoff);
100 ablkcipher_request_set_tfm(subreq, skcipher_geniv_cipher(geniv));
101
102 giv = req->giv;
103 complete = req->creq.base.complete;
104 data = req->creq.base.data;
105
106 osrc = req->creq.src;
107 odst = req->creq.dst;
108 srcp = sg_page(osrc);
109 dstp = sg_page(odst);
110 vsrc = PageHighMem(srcp) ? NULL : page_address(srcp) + osrc->offset;
111 vdst = PageHighMem(dstp) ? NULL : page_address(dstp) + odst->offset;
112
113 ivsize = crypto_ablkcipher_ivsize(geniv);
114
115 if (vsrc != giv + ivsize && vdst != giv + ivsize) {
116 giv = PTR_ALIGN((u8 *)reqctx->tail,
117 crypto_ablkcipher_alignmask(geniv) + 1);
118 complete = eseqiv_complete;
119 data = req;
120 }
121
122 ablkcipher_request_set_callback(subreq, req->creq.base.flags, complete,
123 data);
124
125 sg_init_table(reqctx->src, 2);
126 sg_set_buf(reqctx->src, giv, ivsize);
127 eseqiv_chain(reqctx->src, osrc, vsrc == giv + ivsize);
128
129 dst = reqctx->src;
130 if (osrc != odst) {
131 sg_init_table(reqctx->dst, 2);
132 sg_set_buf(reqctx->dst, giv, ivsize);
133 eseqiv_chain(reqctx->dst, odst, vdst == giv + ivsize);
134
135 dst = reqctx->dst;
136 }
137
138 ablkcipher_request_set_crypt(subreq, reqctx->src, dst,
139 req->creq.nbytes, req->creq.info);
140
141 memcpy(req->creq.info, ctx->salt, ivsize);
142
143 len = ivsize;
144 if (ivsize > sizeof(u64)) {
145 memset(req->giv, 0, ivsize - sizeof(u64));
146 len = sizeof(u64);
147 }
148 seq = cpu_to_be64(req->seq);
149 memcpy(req->giv + ivsize - len, &seq, len);
150
151 err = crypto_ablkcipher_encrypt(subreq);
152 if (err)
153 goto out;
154
155 eseqiv_complete2(req);
156
157out:
158 return err;
159}
160
161static int eseqiv_givencrypt_first(struct skcipher_givcrypt_request *req)
162{
163 struct crypto_ablkcipher *geniv = skcipher_givcrypt_reqtfm(req);
164 struct eseqiv_ctx *ctx = crypto_ablkcipher_ctx(geniv);
165
166 spin_lock_bh(&ctx->lock);
167 if (crypto_ablkcipher_crt(geniv)->givencrypt != eseqiv_givencrypt_first)
168 goto unlock;
169
170 crypto_ablkcipher_crt(geniv)->givencrypt = eseqiv_givencrypt;
171 get_random_bytes(ctx->salt, crypto_ablkcipher_ivsize(geniv));
172
173unlock:
174 spin_unlock_bh(&ctx->lock);
175
176 return eseqiv_givencrypt(req);
177}
178
179static int eseqiv_init(struct crypto_tfm *tfm)
180{
181 struct crypto_ablkcipher *geniv = __crypto_ablkcipher_cast(tfm);
182 struct eseqiv_ctx *ctx = crypto_ablkcipher_ctx(geniv);
183 unsigned long alignmask;
184 unsigned int reqsize;
185
186 spin_lock_init(&ctx->lock);
187
188 alignmask = crypto_tfm_ctx_alignment() - 1;
189 reqsize = sizeof(struct eseqiv_request_ctx);
190
191 if (alignmask & reqsize) {
192 alignmask &= reqsize;
193 alignmask--;
194 }
195
196 alignmask = ~alignmask;
197 alignmask &= crypto_ablkcipher_alignmask(geniv);
198
199 reqsize += alignmask;
200 reqsize += crypto_ablkcipher_ivsize(geniv);
201 reqsize = ALIGN(reqsize, crypto_tfm_ctx_alignment());
202
203 ctx->reqoff = reqsize - sizeof(struct eseqiv_request_ctx);
204
205 tfm->crt_ablkcipher.reqsize = reqsize +
206 sizeof(struct ablkcipher_request);
207
208 return skcipher_geniv_init(tfm);
209}
210
211static struct crypto_template eseqiv_tmpl;
212
213static struct crypto_instance *eseqiv_alloc(struct rtattr **tb)
214{
215 struct crypto_instance *inst;
216 int err;
217
218 inst = skcipher_geniv_alloc(&eseqiv_tmpl, tb, 0, 0);
219 if (IS_ERR(inst))
220 goto out;
221
222 err = -EINVAL;
223 if (inst->alg.cra_ablkcipher.ivsize != inst->alg.cra_blocksize)
224 goto free_inst;
225
226 inst->alg.cra_ablkcipher.givencrypt = eseqiv_givencrypt_first;
227
228 inst->alg.cra_init = eseqiv_init;
229 inst->alg.cra_exit = skcipher_geniv_exit;
230
231 inst->alg.cra_ctxsize = sizeof(struct eseqiv_ctx);
232 inst->alg.cra_ctxsize += inst->alg.cra_ablkcipher.ivsize;
233
234out:
235 return inst;
236
237free_inst:
238 skcipher_geniv_free(inst);
239 inst = ERR_PTR(err);
240 goto out;
241}
242
243static struct crypto_template eseqiv_tmpl = {
244 .name = "eseqiv",
245 .alloc = eseqiv_alloc,
246 .free = skcipher_geniv_free,
247 .module = THIS_MODULE,
248};
249
250static int __init eseqiv_module_init(void)
251{
252 return crypto_register_template(&eseqiv_tmpl);
253}
254
255static void __exit eseqiv_module_exit(void)
256{
257 crypto_unregister_template(&eseqiv_tmpl);
258}
259
260module_init(eseqiv_module_init);
261module_exit(eseqiv_module_exit);
262
263MODULE_LICENSE("GPL");
264MODULE_DESCRIPTION("Encrypted Sequence Number IV Generator");
diff --git a/crypto/gcm.c b/crypto/gcm.c
new file mode 100644
index 000000000000..e70afd0c73dd
--- /dev/null
+++ b/crypto/gcm.c
@@ -0,0 +1,823 @@
1/*
2 * GCM: Galois/Counter Mode.
3 *
4 * Copyright (c) 2007 Nokia Siemens Networks - Mikko Herranen <mh1@iki.fi>
5 *
6 * This program is free software; you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License version 2 as published
8 * by the Free Software Foundation.
9 */
10
11#include <crypto/gf128mul.h>
12#include <crypto/internal/aead.h>
13#include <crypto/internal/skcipher.h>
14#include <crypto/scatterwalk.h>
15#include <linux/completion.h>
16#include <linux/err.h>
17#include <linux/init.h>
18#include <linux/kernel.h>
19#include <linux/module.h>
20#include <linux/slab.h>
21
22struct gcm_instance_ctx {
23 struct crypto_skcipher_spawn ctr;
24};
25
26struct crypto_gcm_ctx {
27 struct crypto_ablkcipher *ctr;
28 struct gf128mul_4k *gf128;
29};
30
31struct crypto_rfc4106_ctx {
32 struct crypto_aead *child;
33 u8 nonce[4];
34};
35
36struct crypto_gcm_ghash_ctx {
37 u32 bytes;
38 u32 flags;
39 struct gf128mul_4k *gf128;
40 u8 buffer[16];
41};
42
43struct crypto_gcm_req_priv_ctx {
44 u8 auth_tag[16];
45 u8 iauth_tag[16];
46 struct scatterlist src[2];
47 struct scatterlist dst[2];
48 struct crypto_gcm_ghash_ctx ghash;
49 struct ablkcipher_request abreq;
50};
51
52struct crypto_gcm_setkey_result {
53 int err;
54 struct completion completion;
55};
56
57static inline struct crypto_gcm_req_priv_ctx *crypto_gcm_reqctx(
58 struct aead_request *req)
59{
60 unsigned long align = crypto_aead_alignmask(crypto_aead_reqtfm(req));
61
62 return (void *)PTR_ALIGN((u8 *)aead_request_ctx(req), align + 1);
63}
64
65static void crypto_gcm_ghash_init(struct crypto_gcm_ghash_ctx *ctx, u32 flags,
66 struct gf128mul_4k *gf128)
67{
68 ctx->bytes = 0;
69 ctx->flags = flags;
70 ctx->gf128 = gf128;
71 memset(ctx->buffer, 0, 16);
72}
73
74static void crypto_gcm_ghash_update(struct crypto_gcm_ghash_ctx *ctx,
75 const u8 *src, unsigned int srclen)
76{
77 u8 *dst = ctx->buffer;
78
79 if (ctx->bytes) {
80 int n = min(srclen, ctx->bytes);
81 u8 *pos = dst + (16 - ctx->bytes);
82
83 ctx->bytes -= n;
84 srclen -= n;
85
86 while (n--)
87 *pos++ ^= *src++;
88
89 if (!ctx->bytes)
90 gf128mul_4k_lle((be128 *)dst, ctx->gf128);
91 }
92
93 while (srclen >= 16) {
94 crypto_xor(dst, src, 16);
95 gf128mul_4k_lle((be128 *)dst, ctx->gf128);
96 src += 16;
97 srclen -= 16;
98 }
99
100 if (srclen) {
101 ctx->bytes = 16 - srclen;
102 while (srclen--)
103 *dst++ ^= *src++;
104 }
105}
106
107static void crypto_gcm_ghash_update_sg(struct crypto_gcm_ghash_ctx *ctx,
108 struct scatterlist *sg, int len)
109{
110 struct scatter_walk walk;
111 u8 *src;
112 int n;
113
114 if (!len)
115 return;
116
117 scatterwalk_start(&walk, sg);
118
119 while (len) {
120 n = scatterwalk_clamp(&walk, len);
121
122 if (!n) {
123 scatterwalk_start(&walk, scatterwalk_sg_next(walk.sg));
124 n = scatterwalk_clamp(&walk, len);
125 }
126
127 src = scatterwalk_map(&walk, 0);
128
129 crypto_gcm_ghash_update(ctx, src, n);
130 len -= n;
131
132 scatterwalk_unmap(src, 0);
133 scatterwalk_advance(&walk, n);
134 scatterwalk_done(&walk, 0, len);
135 if (len)
136 crypto_yield(ctx->flags);
137 }
138}
139
140static void crypto_gcm_ghash_flush(struct crypto_gcm_ghash_ctx *ctx)
141{
142 u8 *dst = ctx->buffer;
143
144 if (ctx->bytes) {
145 u8 *tmp = dst + (16 - ctx->bytes);
146
147 while (ctx->bytes--)
148 *tmp++ ^= 0;
149
150 gf128mul_4k_lle((be128 *)dst, ctx->gf128);
151 }
152
153 ctx->bytes = 0;
154}
155
156static void crypto_gcm_ghash_final_xor(struct crypto_gcm_ghash_ctx *ctx,
157 unsigned int authlen,
158 unsigned int cryptlen, u8 *dst)
159{
160 u8 *buf = ctx->buffer;
161 u128 lengths;
162
163 lengths.a = cpu_to_be64(authlen * 8);
164 lengths.b = cpu_to_be64(cryptlen * 8);
165
166 crypto_gcm_ghash_flush(ctx);
167 crypto_xor(buf, (u8 *)&lengths, 16);
168 gf128mul_4k_lle((be128 *)buf, ctx->gf128);
169 crypto_xor(dst, buf, 16);
170}
171
172static void crypto_gcm_setkey_done(struct crypto_async_request *req, int err)
173{
174 struct crypto_gcm_setkey_result *result = req->data;
175
176 if (err == -EINPROGRESS)
177 return;
178
179 result->err = err;
180 complete(&result->completion);
181}
182
183static int crypto_gcm_setkey(struct crypto_aead *aead, const u8 *key,
184 unsigned int keylen)
185{
186 struct crypto_gcm_ctx *ctx = crypto_aead_ctx(aead);
187 struct crypto_ablkcipher *ctr = ctx->ctr;
188 struct {
189 be128 hash;
190 u8 iv[8];
191
192 struct crypto_gcm_setkey_result result;
193
194 struct scatterlist sg[1];
195 struct ablkcipher_request req;
196 } *data;
197 int err;
198
199 crypto_ablkcipher_clear_flags(ctr, CRYPTO_TFM_REQ_MASK);
200 crypto_ablkcipher_set_flags(ctr, crypto_aead_get_flags(aead) &
201 CRYPTO_TFM_REQ_MASK);
202
203 err = crypto_ablkcipher_setkey(ctr, key, keylen);
204 if (err)
205 return err;
206
207 crypto_aead_set_flags(aead, crypto_ablkcipher_get_flags(ctr) &
208 CRYPTO_TFM_RES_MASK);
209
210 data = kzalloc(sizeof(*data) + crypto_ablkcipher_reqsize(ctr),
211 GFP_KERNEL);
212 if (!data)
213 return -ENOMEM;
214
215 init_completion(&data->result.completion);
216 sg_init_one(data->sg, &data->hash, sizeof(data->hash));
217 ablkcipher_request_set_tfm(&data->req, ctr);
218 ablkcipher_request_set_callback(&data->req, CRYPTO_TFM_REQ_MAY_SLEEP |
219 CRYPTO_TFM_REQ_MAY_BACKLOG,
220 crypto_gcm_setkey_done,
221 &data->result);
222 ablkcipher_request_set_crypt(&data->req, data->sg, data->sg,
223 sizeof(data->hash), data->iv);
224
225 err = crypto_ablkcipher_encrypt(&data->req);
226 if (err == -EINPROGRESS || err == -EBUSY) {
227 err = wait_for_completion_interruptible(
228 &data->result.completion);
229 if (!err)
230 err = data->result.err;
231 }
232
233 if (err)
234 goto out;
235
236 if (ctx->gf128 != NULL)
237 gf128mul_free_4k(ctx->gf128);
238
239 ctx->gf128 = gf128mul_init_4k_lle(&data->hash);
240
241 if (ctx->gf128 == NULL)
242 err = -ENOMEM;
243
244out:
245 kfree(data);
246 return err;
247}
248
249static int crypto_gcm_setauthsize(struct crypto_aead *tfm,
250 unsigned int authsize)
251{
252 switch (authsize) {
253 case 4:
254 case 8:
255 case 12:
256 case 13:
257 case 14:
258 case 15:
259 case 16:
260 break;
261 default:
262 return -EINVAL;
263 }
264
265 return 0;
266}
267
268static void crypto_gcm_init_crypt(struct ablkcipher_request *ablk_req,
269 struct aead_request *req,
270 unsigned int cryptlen)
271{
272 struct crypto_aead *aead = crypto_aead_reqtfm(req);
273 struct crypto_gcm_ctx *ctx = crypto_aead_ctx(aead);
274 struct crypto_gcm_req_priv_ctx *pctx = crypto_gcm_reqctx(req);
275 u32 flags = req->base.tfm->crt_flags;
276 struct crypto_gcm_ghash_ctx *ghash = &pctx->ghash;
277 struct scatterlist *dst;
278 __be32 counter = cpu_to_be32(1);
279
280 memset(pctx->auth_tag, 0, sizeof(pctx->auth_tag));
281 memcpy(req->iv + 12, &counter, 4);
282
283 sg_init_table(pctx->src, 2);
284 sg_set_buf(pctx->src, pctx->auth_tag, sizeof(pctx->auth_tag));
285 scatterwalk_sg_chain(pctx->src, 2, req->src);
286
287 dst = pctx->src;
288 if (req->src != req->dst) {
289 sg_init_table(pctx->dst, 2);
290 sg_set_buf(pctx->dst, pctx->auth_tag, sizeof(pctx->auth_tag));
291 scatterwalk_sg_chain(pctx->dst, 2, req->dst);
292 dst = pctx->dst;
293 }
294
295 ablkcipher_request_set_tfm(ablk_req, ctx->ctr);
296 ablkcipher_request_set_crypt(ablk_req, pctx->src, dst,
297 cryptlen + sizeof(pctx->auth_tag),
298 req->iv);
299
300 crypto_gcm_ghash_init(ghash, flags, ctx->gf128);
301
302 crypto_gcm_ghash_update_sg(ghash, req->assoc, req->assoclen);
303 crypto_gcm_ghash_flush(ghash);
304}
305
306static int crypto_gcm_hash(struct aead_request *req)
307{
308 struct crypto_aead *aead = crypto_aead_reqtfm(req);
309 struct crypto_gcm_req_priv_ctx *pctx = crypto_gcm_reqctx(req);
310 u8 *auth_tag = pctx->auth_tag;
311 struct crypto_gcm_ghash_ctx *ghash = &pctx->ghash;
312
313 crypto_gcm_ghash_update_sg(ghash, req->dst, req->cryptlen);
314 crypto_gcm_ghash_final_xor(ghash, req->assoclen, req->cryptlen,
315 auth_tag);
316
317 scatterwalk_map_and_copy(auth_tag, req->dst, req->cryptlen,
318 crypto_aead_authsize(aead), 1);
319 return 0;
320}
321
322static void crypto_gcm_encrypt_done(struct crypto_async_request *areq, int err)
323{
324 struct aead_request *req = areq->data;
325
326 if (!err)
327 err = crypto_gcm_hash(req);
328
329 aead_request_complete(req, err);
330}
331
332static int crypto_gcm_encrypt(struct aead_request *req)
333{
334 struct crypto_gcm_req_priv_ctx *pctx = crypto_gcm_reqctx(req);
335 struct ablkcipher_request *abreq = &pctx->abreq;
336 int err;
337
338 crypto_gcm_init_crypt(abreq, req, req->cryptlen);
339 ablkcipher_request_set_callback(abreq, aead_request_flags(req),
340 crypto_gcm_encrypt_done, req);
341
342 err = crypto_ablkcipher_encrypt(abreq);
343 if (err)
344 return err;
345
346 return crypto_gcm_hash(req);
347}
348
349static int crypto_gcm_verify(struct aead_request *req)
350{
351 struct crypto_aead *aead = crypto_aead_reqtfm(req);
352 struct crypto_gcm_req_priv_ctx *pctx = crypto_gcm_reqctx(req);
353 struct crypto_gcm_ghash_ctx *ghash = &pctx->ghash;
354 u8 *auth_tag = pctx->auth_tag;
355 u8 *iauth_tag = pctx->iauth_tag;
356 unsigned int authsize = crypto_aead_authsize(aead);
357 unsigned int cryptlen = req->cryptlen - authsize;
358
359 crypto_gcm_ghash_final_xor(ghash, req->assoclen, cryptlen, auth_tag);
360
361 authsize = crypto_aead_authsize(aead);
362 scatterwalk_map_and_copy(iauth_tag, req->src, cryptlen, authsize, 0);
363 return memcmp(iauth_tag, auth_tag, authsize) ? -EBADMSG : 0;
364}
365
366static void crypto_gcm_decrypt_done(struct crypto_async_request *areq, int err)
367{
368 struct aead_request *req = areq->data;
369
370 if (!err)
371 err = crypto_gcm_verify(req);
372
373 aead_request_complete(req, err);
374}
375
376static int crypto_gcm_decrypt(struct aead_request *req)
377{
378 struct crypto_aead *aead = crypto_aead_reqtfm(req);
379 struct crypto_gcm_req_priv_ctx *pctx = crypto_gcm_reqctx(req);
380 struct ablkcipher_request *abreq = &pctx->abreq;
381 struct crypto_gcm_ghash_ctx *ghash = &pctx->ghash;
382 unsigned int cryptlen = req->cryptlen;
383 unsigned int authsize = crypto_aead_authsize(aead);
384 int err;
385
386 if (cryptlen < authsize)
387 return -EINVAL;
388 cryptlen -= authsize;
389
390 crypto_gcm_init_crypt(abreq, req, cryptlen);
391 ablkcipher_request_set_callback(abreq, aead_request_flags(req),
392 crypto_gcm_decrypt_done, req);
393
394 crypto_gcm_ghash_update_sg(ghash, req->src, cryptlen);
395
396 err = crypto_ablkcipher_decrypt(abreq);
397 if (err)
398 return err;
399
400 return crypto_gcm_verify(req);
401}
402
403static int crypto_gcm_init_tfm(struct crypto_tfm *tfm)
404{
405 struct crypto_instance *inst = (void *)tfm->__crt_alg;
406 struct gcm_instance_ctx *ictx = crypto_instance_ctx(inst);
407 struct crypto_gcm_ctx *ctx = crypto_tfm_ctx(tfm);
408 struct crypto_ablkcipher *ctr;
409 unsigned long align;
410 int err;
411
412 ctr = crypto_spawn_skcipher(&ictx->ctr);
413 err = PTR_ERR(ctr);
414 if (IS_ERR(ctr))
415 return err;
416
417 ctx->ctr = ctr;
418 ctx->gf128 = NULL;
419
420 align = crypto_tfm_alg_alignmask(tfm);
421 align &= ~(crypto_tfm_ctx_alignment() - 1);
422 tfm->crt_aead.reqsize = align +
423 sizeof(struct crypto_gcm_req_priv_ctx) +
424 crypto_ablkcipher_reqsize(ctr);
425
426 return 0;
427}
428
429static void crypto_gcm_exit_tfm(struct crypto_tfm *tfm)
430{
431 struct crypto_gcm_ctx *ctx = crypto_tfm_ctx(tfm);
432
433 if (ctx->gf128 != NULL)
434 gf128mul_free_4k(ctx->gf128);
435
436 crypto_free_ablkcipher(ctx->ctr);
437}
438
439static struct crypto_instance *crypto_gcm_alloc_common(struct rtattr **tb,
440 const char *full_name,
441 const char *ctr_name)
442{
443 struct crypto_attr_type *algt;
444 struct crypto_instance *inst;
445 struct crypto_alg *ctr;
446 struct gcm_instance_ctx *ctx;
447 int err;
448
449 algt = crypto_get_attr_type(tb);
450 err = PTR_ERR(algt);
451 if (IS_ERR(algt))
452 return ERR_PTR(err);
453
454 if ((algt->type ^ CRYPTO_ALG_TYPE_AEAD) & algt->mask)
455 return ERR_PTR(-EINVAL);
456
457 inst = kzalloc(sizeof(*inst) + sizeof(*ctx), GFP_KERNEL);
458 if (!inst)
459 return ERR_PTR(-ENOMEM);
460
461 ctx = crypto_instance_ctx(inst);
462 crypto_set_skcipher_spawn(&ctx->ctr, inst);
463 err = crypto_grab_skcipher(&ctx->ctr, ctr_name, 0,
464 crypto_requires_sync(algt->type,
465 algt->mask));
466 if (err)
467 goto err_free_inst;
468
469 ctr = crypto_skcipher_spawn_alg(&ctx->ctr);
470
471 /* We only support 16-byte blocks. */
472 if (ctr->cra_ablkcipher.ivsize != 16)
473 goto out_put_ctr;
474
475 /* Not a stream cipher? */
476 err = -EINVAL;
477 if (ctr->cra_blocksize != 1)
478 goto out_put_ctr;
479
480 err = -ENAMETOOLONG;
481 if (snprintf(inst->alg.cra_driver_name, CRYPTO_MAX_ALG_NAME,
482 "gcm_base(%s)", ctr->cra_driver_name) >=
483 CRYPTO_MAX_ALG_NAME)
484 goto out_put_ctr;
485
486 memcpy(inst->alg.cra_name, full_name, CRYPTO_MAX_ALG_NAME);
487
488 inst->alg.cra_flags = CRYPTO_ALG_TYPE_AEAD;
489 inst->alg.cra_flags |= ctr->cra_flags & CRYPTO_ALG_ASYNC;
490 inst->alg.cra_priority = ctr->cra_priority;
491 inst->alg.cra_blocksize = 1;
492 inst->alg.cra_alignmask = ctr->cra_alignmask | (__alignof__(u64) - 1);
493 inst->alg.cra_type = &crypto_aead_type;
494 inst->alg.cra_aead.ivsize = 16;
495 inst->alg.cra_aead.maxauthsize = 16;
496 inst->alg.cra_ctxsize = sizeof(struct crypto_gcm_ctx);
497 inst->alg.cra_init = crypto_gcm_init_tfm;
498 inst->alg.cra_exit = crypto_gcm_exit_tfm;
499 inst->alg.cra_aead.setkey = crypto_gcm_setkey;
500 inst->alg.cra_aead.setauthsize = crypto_gcm_setauthsize;
501 inst->alg.cra_aead.encrypt = crypto_gcm_encrypt;
502 inst->alg.cra_aead.decrypt = crypto_gcm_decrypt;
503
504out:
505 return inst;
506
507out_put_ctr:
508 crypto_drop_skcipher(&ctx->ctr);
509err_free_inst:
510 kfree(inst);
511 inst = ERR_PTR(err);
512 goto out;
513}
514
515static struct crypto_instance *crypto_gcm_alloc(struct rtattr **tb)
516{
517 int err;
518 const char *cipher_name;
519 char ctr_name[CRYPTO_MAX_ALG_NAME];
520 char full_name[CRYPTO_MAX_ALG_NAME];
521
522 cipher_name = crypto_attr_alg_name(tb[1]);
523 err = PTR_ERR(cipher_name);
524 if (IS_ERR(cipher_name))
525 return ERR_PTR(err);
526
527 if (snprintf(ctr_name, CRYPTO_MAX_ALG_NAME, "ctr(%s)", cipher_name) >=
528 CRYPTO_MAX_ALG_NAME)
529 return ERR_PTR(-ENAMETOOLONG);
530
531 if (snprintf(full_name, CRYPTO_MAX_ALG_NAME, "gcm(%s)", cipher_name) >=
532 CRYPTO_MAX_ALG_NAME)
533 return ERR_PTR(-ENAMETOOLONG);
534
535 return crypto_gcm_alloc_common(tb, full_name, ctr_name);
536}
537
538static void crypto_gcm_free(struct crypto_instance *inst)
539{
540 struct gcm_instance_ctx *ctx = crypto_instance_ctx(inst);
541
542 crypto_drop_skcipher(&ctx->ctr);
543 kfree(inst);
544}
545
546static struct crypto_template crypto_gcm_tmpl = {
547 .name = "gcm",
548 .alloc = crypto_gcm_alloc,
549 .free = crypto_gcm_free,
550 .module = THIS_MODULE,
551};
552
553static struct crypto_instance *crypto_gcm_base_alloc(struct rtattr **tb)
554{
555 int err;
556 const char *ctr_name;
557 char full_name[CRYPTO_MAX_ALG_NAME];
558
559 ctr_name = crypto_attr_alg_name(tb[1]);
560 err = PTR_ERR(ctr_name);
561 if (IS_ERR(ctr_name))
562 return ERR_PTR(err);
563
564 if (snprintf(full_name, CRYPTO_MAX_ALG_NAME, "gcm_base(%s)",
565 ctr_name) >= CRYPTO_MAX_ALG_NAME)
566 return ERR_PTR(-ENAMETOOLONG);
567
568 return crypto_gcm_alloc_common(tb, full_name, ctr_name);
569}
570
571static struct crypto_template crypto_gcm_base_tmpl = {
572 .name = "gcm_base",
573 .alloc = crypto_gcm_base_alloc,
574 .free = crypto_gcm_free,
575 .module = THIS_MODULE,
576};
577
578static int crypto_rfc4106_setkey(struct crypto_aead *parent, const u8 *key,
579 unsigned int keylen)
580{
581 struct crypto_rfc4106_ctx *ctx = crypto_aead_ctx(parent);
582 struct crypto_aead *child = ctx->child;
583 int err;
584
585 if (keylen < 4)
586 return -EINVAL;
587
588 keylen -= 4;
589 memcpy(ctx->nonce, key + keylen, 4);
590
591 crypto_aead_clear_flags(child, CRYPTO_TFM_REQ_MASK);
592 crypto_aead_set_flags(child, crypto_aead_get_flags(parent) &
593 CRYPTO_TFM_REQ_MASK);
594 err = crypto_aead_setkey(child, key, keylen);
595 crypto_aead_set_flags(parent, crypto_aead_get_flags(child) &
596 CRYPTO_TFM_RES_MASK);
597
598 return err;
599}
600
601static int crypto_rfc4106_setauthsize(struct crypto_aead *parent,
602 unsigned int authsize)
603{
604 struct crypto_rfc4106_ctx *ctx = crypto_aead_ctx(parent);
605
606 switch (authsize) {
607 case 8:
608 case 12:
609 case 16:
610 break;
611 default:
612 return -EINVAL;
613 }
614
615 return crypto_aead_setauthsize(ctx->child, authsize);
616}
617
618static struct aead_request *crypto_rfc4106_crypt(struct aead_request *req)
619{
620 struct aead_request *subreq = aead_request_ctx(req);
621 struct crypto_aead *aead = crypto_aead_reqtfm(req);
622 struct crypto_rfc4106_ctx *ctx = crypto_aead_ctx(aead);
623 struct crypto_aead *child = ctx->child;
624 u8 *iv = PTR_ALIGN((u8 *)(subreq + 1) + crypto_aead_reqsize(child),
625 crypto_aead_alignmask(child) + 1);
626
627 memcpy(iv, ctx->nonce, 4);
628 memcpy(iv + 4, req->iv, 8);
629
630 aead_request_set_tfm(subreq, child);
631 aead_request_set_callback(subreq, req->base.flags, req->base.complete,
632 req->base.data);
633 aead_request_set_crypt(subreq, req->src, req->dst, req->cryptlen, iv);
634 aead_request_set_assoc(subreq, req->assoc, req->assoclen);
635
636 return subreq;
637}
638
639static int crypto_rfc4106_encrypt(struct aead_request *req)
640{
641 req = crypto_rfc4106_crypt(req);
642
643 return crypto_aead_encrypt(req);
644}
645
646static int crypto_rfc4106_decrypt(struct aead_request *req)
647{
648 req = crypto_rfc4106_crypt(req);
649
650 return crypto_aead_decrypt(req);
651}
652
653static int crypto_rfc4106_init_tfm(struct crypto_tfm *tfm)
654{
655 struct crypto_instance *inst = (void *)tfm->__crt_alg;
656 struct crypto_aead_spawn *spawn = crypto_instance_ctx(inst);
657 struct crypto_rfc4106_ctx *ctx = crypto_tfm_ctx(tfm);
658 struct crypto_aead *aead;
659 unsigned long align;
660
661 aead = crypto_spawn_aead(spawn);
662 if (IS_ERR(aead))
663 return PTR_ERR(aead);
664
665 ctx->child = aead;
666
667 align = crypto_aead_alignmask(aead);
668 align &= ~(crypto_tfm_ctx_alignment() - 1);
669 tfm->crt_aead.reqsize = sizeof(struct aead_request) +
670 ALIGN(crypto_aead_reqsize(aead),
671 crypto_tfm_ctx_alignment()) +
672 align + 16;
673
674 return 0;
675}
676
677static void crypto_rfc4106_exit_tfm(struct crypto_tfm *tfm)
678{
679 struct crypto_rfc4106_ctx *ctx = crypto_tfm_ctx(tfm);
680
681 crypto_free_aead(ctx->child);
682}
683
684static struct crypto_instance *crypto_rfc4106_alloc(struct rtattr **tb)
685{
686 struct crypto_attr_type *algt;
687 struct crypto_instance *inst;
688 struct crypto_aead_spawn *spawn;
689 struct crypto_alg *alg;
690 const char *ccm_name;
691 int err;
692
693 algt = crypto_get_attr_type(tb);
694 err = PTR_ERR(algt);
695 if (IS_ERR(algt))
696 return ERR_PTR(err);
697
698 if ((algt->type ^ CRYPTO_ALG_TYPE_AEAD) & algt->mask)
699 return ERR_PTR(-EINVAL);
700
701 ccm_name = crypto_attr_alg_name(tb[1]);
702 err = PTR_ERR(ccm_name);
703 if (IS_ERR(ccm_name))
704 return ERR_PTR(err);
705
706 inst = kzalloc(sizeof(*inst) + sizeof(*spawn), GFP_KERNEL);
707 if (!inst)
708 return ERR_PTR(-ENOMEM);
709
710 spawn = crypto_instance_ctx(inst);
711 crypto_set_aead_spawn(spawn, inst);
712 err = crypto_grab_aead(spawn, ccm_name, 0,
713 crypto_requires_sync(algt->type, algt->mask));
714 if (err)
715 goto out_free_inst;
716
717 alg = crypto_aead_spawn_alg(spawn);
718
719 err = -EINVAL;
720
721 /* We only support 16-byte blocks. */
722 if (alg->cra_aead.ivsize != 16)
723 goto out_drop_alg;
724
725 /* Not a stream cipher? */
726 if (alg->cra_blocksize != 1)
727 goto out_drop_alg;
728
729 err = -ENAMETOOLONG;
730 if (snprintf(inst->alg.cra_name, CRYPTO_MAX_ALG_NAME,
731 "rfc4106(%s)", alg->cra_name) >= CRYPTO_MAX_ALG_NAME ||
732 snprintf(inst->alg.cra_driver_name, CRYPTO_MAX_ALG_NAME,
733 "rfc4106(%s)", alg->cra_driver_name) >=
734 CRYPTO_MAX_ALG_NAME)
735 goto out_drop_alg;
736
737 inst->alg.cra_flags = CRYPTO_ALG_TYPE_AEAD;
738 inst->alg.cra_flags |= alg->cra_flags & CRYPTO_ALG_ASYNC;
739 inst->alg.cra_priority = alg->cra_priority;
740 inst->alg.cra_blocksize = 1;
741 inst->alg.cra_alignmask = alg->cra_alignmask;
742 inst->alg.cra_type = &crypto_nivaead_type;
743
744 inst->alg.cra_aead.ivsize = 8;
745 inst->alg.cra_aead.maxauthsize = 16;
746
747 inst->alg.cra_ctxsize = sizeof(struct crypto_rfc4106_ctx);
748
749 inst->alg.cra_init = crypto_rfc4106_init_tfm;
750 inst->alg.cra_exit = crypto_rfc4106_exit_tfm;
751
752 inst->alg.cra_aead.setkey = crypto_rfc4106_setkey;
753 inst->alg.cra_aead.setauthsize = crypto_rfc4106_setauthsize;
754 inst->alg.cra_aead.encrypt = crypto_rfc4106_encrypt;
755 inst->alg.cra_aead.decrypt = crypto_rfc4106_decrypt;
756
757 inst->alg.cra_aead.geniv = "seqiv";
758
759out:
760 return inst;
761
762out_drop_alg:
763 crypto_drop_aead(spawn);
764out_free_inst:
765 kfree(inst);
766 inst = ERR_PTR(err);
767 goto out;
768}
769
770static void crypto_rfc4106_free(struct crypto_instance *inst)
771{
772 crypto_drop_spawn(crypto_instance_ctx(inst));
773 kfree(inst);
774}
775
776static struct crypto_template crypto_rfc4106_tmpl = {
777 .name = "rfc4106",
778 .alloc = crypto_rfc4106_alloc,
779 .free = crypto_rfc4106_free,
780 .module = THIS_MODULE,
781};
782
783static int __init crypto_gcm_module_init(void)
784{
785 int err;
786
787 err = crypto_register_template(&crypto_gcm_base_tmpl);
788 if (err)
789 goto out;
790
791 err = crypto_register_template(&crypto_gcm_tmpl);
792 if (err)
793 goto out_undo_base;
794
795 err = crypto_register_template(&crypto_rfc4106_tmpl);
796 if (err)
797 goto out_undo_gcm;
798
799out:
800 return err;
801
802out_undo_gcm:
803 crypto_unregister_template(&crypto_gcm_tmpl);
804out_undo_base:
805 crypto_unregister_template(&crypto_gcm_base_tmpl);
806 goto out;
807}
808
809static void __exit crypto_gcm_module_exit(void)
810{
811 crypto_unregister_template(&crypto_rfc4106_tmpl);
812 crypto_unregister_template(&crypto_gcm_tmpl);
813 crypto_unregister_template(&crypto_gcm_base_tmpl);
814}
815
816module_init(crypto_gcm_module_init);
817module_exit(crypto_gcm_module_exit);
818
819MODULE_LICENSE("GPL");
820MODULE_DESCRIPTION("Galois/Counter Mode");
821MODULE_AUTHOR("Mikko Herranen <mh1@iki.fi>");
822MODULE_ALIAS("gcm_base");
823MODULE_ALIAS("rfc4106");
diff --git a/crypto/hmac.c b/crypto/hmac.c
index 0f05be769c34..a1d016a50e7d 100644
--- a/crypto/hmac.c
+++ b/crypto/hmac.c
@@ -17,6 +17,7 @@
17 */ 17 */
18 18
19#include <crypto/algapi.h> 19#include <crypto/algapi.h>
20#include <crypto/scatterwalk.h>
20#include <linux/err.h> 21#include <linux/err.h>
21#include <linux/init.h> 22#include <linux/init.h>
22#include <linux/kernel.h> 23#include <linux/kernel.h>
@@ -160,7 +161,7 @@ static int hmac_digest(struct hash_desc *pdesc, struct scatterlist *sg,
160 161
161 sg_init_table(sg1, 2); 162 sg_init_table(sg1, 2);
162 sg_set_buf(sg1, ipad, bs); 163 sg_set_buf(sg1, ipad, bs);
163 sg_set_page(&sg1[1], (void *) sg, 0, 0); 164 scatterwalk_sg_chain(sg1, 2, sg);
164 165
165 sg_init_table(sg2, 1); 166 sg_init_table(sg2, 1);
166 sg_set_buf(sg2, opad, bs + ds); 167 sg_set_buf(sg2, opad, bs + ds);
diff --git a/crypto/internal.h b/crypto/internal.h
index abb01f71f817..32f4c2145603 100644
--- a/crypto/internal.h
+++ b/crypto/internal.h
@@ -25,7 +25,6 @@
25#include <linux/notifier.h> 25#include <linux/notifier.h>
26#include <linux/rwsem.h> 26#include <linux/rwsem.h>
27#include <linux/slab.h> 27#include <linux/slab.h>
28#include <asm/kmap_types.h>
29 28
30/* Crypto notification events. */ 29/* Crypto notification events. */
31enum { 30enum {
@@ -50,34 +49,6 @@ extern struct list_head crypto_alg_list;
50extern struct rw_semaphore crypto_alg_sem; 49extern struct rw_semaphore crypto_alg_sem;
51extern struct blocking_notifier_head crypto_chain; 50extern struct blocking_notifier_head crypto_chain;
52 51
53static inline enum km_type crypto_kmap_type(int out)
54{
55 enum km_type type;
56
57 if (in_softirq())
58 type = out * (KM_SOFTIRQ1 - KM_SOFTIRQ0) + KM_SOFTIRQ0;
59 else
60 type = out * (KM_USER1 - KM_USER0) + KM_USER0;
61
62 return type;
63}
64
65static inline void *crypto_kmap(struct page *page, int out)
66{
67 return kmap_atomic(page, crypto_kmap_type(out));
68}
69
70static inline void crypto_kunmap(void *vaddr, int out)
71{
72 kunmap_atomic(vaddr, crypto_kmap_type(out));
73}
74
75static inline void crypto_yield(u32 flags)
76{
77 if (flags & CRYPTO_TFM_REQ_MAY_SLEEP)
78 cond_resched();
79}
80
81#ifdef CONFIG_PROC_FS 52#ifdef CONFIG_PROC_FS
82void __init crypto_init_proc(void); 53void __init crypto_init_proc(void);
83void __exit crypto_exit_proc(void); 54void __exit crypto_exit_proc(void);
@@ -122,6 +93,8 @@ void crypto_exit_digest_ops(struct crypto_tfm *tfm);
122void crypto_exit_cipher_ops(struct crypto_tfm *tfm); 93void crypto_exit_cipher_ops(struct crypto_tfm *tfm);
123void crypto_exit_compress_ops(struct crypto_tfm *tfm); 94void crypto_exit_compress_ops(struct crypto_tfm *tfm);
124 95
96void crypto_larval_kill(struct crypto_alg *alg);
97struct crypto_alg *crypto_larval_lookup(const char *name, u32 type, u32 mask);
125void crypto_larval_error(const char *name, u32 type, u32 mask); 98void crypto_larval_error(const char *name, u32 type, u32 mask);
126 99
127void crypto_shoot_alg(struct crypto_alg *alg); 100void crypto_shoot_alg(struct crypto_alg *alg);
diff --git a/crypto/lzo.c b/crypto/lzo.c
new file mode 100644
index 000000000000..48c32883f024
--- /dev/null
+++ b/crypto/lzo.c
@@ -0,0 +1,106 @@
1/*
2 * Cryptographic API.
3 *
4 * This program is free software; you can redistribute it and/or modify it
5 * under the terms of the GNU General Public License version 2 as published by
6 * the Free Software Foundation.
7 *
8 * This program is distributed in the hope that it will be useful, but WITHOUT
9 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
10 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
11 * more details.
12 *
13 * You should have received a copy of the GNU General Public License along with
14 * this program; if not, write to the Free Software Foundation, Inc., 51
15 * Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
16 *
17 */
18
19#include <linux/init.h>
20#include <linux/module.h>
21#include <linux/crypto.h>
22#include <linux/vmalloc.h>
23#include <linux/lzo.h>
24
25struct lzo_ctx {
26 void *lzo_comp_mem;
27};
28
29static int lzo_init(struct crypto_tfm *tfm)
30{
31 struct lzo_ctx *ctx = crypto_tfm_ctx(tfm);
32
33 ctx->lzo_comp_mem = vmalloc(LZO1X_MEM_COMPRESS);
34 if (!ctx->lzo_comp_mem)
35 return -ENOMEM;
36
37 return 0;
38}
39
40static void lzo_exit(struct crypto_tfm *tfm)
41{
42 struct lzo_ctx *ctx = crypto_tfm_ctx(tfm);
43
44 vfree(ctx->lzo_comp_mem);
45}
46
47static int lzo_compress(struct crypto_tfm *tfm, const u8 *src,
48 unsigned int slen, u8 *dst, unsigned int *dlen)
49{
50 struct lzo_ctx *ctx = crypto_tfm_ctx(tfm);
51 size_t tmp_len = *dlen; /* size_t(ulong) <-> uint on 64 bit */
52 int err;
53
54 err = lzo1x_1_compress(src, slen, dst, &tmp_len, ctx->lzo_comp_mem);
55
56 if (err != LZO_E_OK)
57 return -EINVAL;
58
59 *dlen = tmp_len;
60 return 0;
61}
62
63static int lzo_decompress(struct crypto_tfm *tfm, const u8 *src,
64 unsigned int slen, u8 *dst, unsigned int *dlen)
65{
66 int err;
67 size_t tmp_len = *dlen; /* size_t(ulong) <-> uint on 64 bit */
68
69 err = lzo1x_decompress_safe(src, slen, dst, &tmp_len);
70
71 if (err != LZO_E_OK)
72 return -EINVAL;
73
74 *dlen = tmp_len;
75 return 0;
76
77}
78
79static struct crypto_alg alg = {
80 .cra_name = "lzo",
81 .cra_flags = CRYPTO_ALG_TYPE_COMPRESS,
82 .cra_ctxsize = sizeof(struct lzo_ctx),
83 .cra_module = THIS_MODULE,
84 .cra_list = LIST_HEAD_INIT(alg.cra_list),
85 .cra_init = lzo_init,
86 .cra_exit = lzo_exit,
87 .cra_u = { .compress = {
88 .coa_compress = lzo_compress,
89 .coa_decompress = lzo_decompress } }
90};
91
92static int __init init(void)
93{
94 return crypto_register_alg(&alg);
95}
96
97static void __exit fini(void)
98{
99 crypto_unregister_alg(&alg);
100}
101
102module_init(init);
103module_exit(fini);
104
105MODULE_LICENSE("GPL");
106MODULE_DESCRIPTION("LZO Compression Algorithm");
diff --git a/crypto/pcbc.c b/crypto/pcbc.c
index c3ed8a1c9f46..fe704775f88f 100644
--- a/crypto/pcbc.c
+++ b/crypto/pcbc.c
@@ -24,7 +24,6 @@
24 24
25struct crypto_pcbc_ctx { 25struct crypto_pcbc_ctx {
26 struct crypto_cipher *child; 26 struct crypto_cipher *child;
27 void (*xor)(u8 *dst, const u8 *src, unsigned int bs);
28}; 27};
29 28
30static int crypto_pcbc_setkey(struct crypto_tfm *parent, const u8 *key, 29static int crypto_pcbc_setkey(struct crypto_tfm *parent, const u8 *key,
@@ -45,9 +44,7 @@ static int crypto_pcbc_setkey(struct crypto_tfm *parent, const u8 *key,
45 44
46static int crypto_pcbc_encrypt_segment(struct blkcipher_desc *desc, 45static int crypto_pcbc_encrypt_segment(struct blkcipher_desc *desc,
47 struct blkcipher_walk *walk, 46 struct blkcipher_walk *walk,
48 struct crypto_cipher *tfm, 47 struct crypto_cipher *tfm)
49 void (*xor)(u8 *, const u8 *,
50 unsigned int))
51{ 48{
52 void (*fn)(struct crypto_tfm *, u8 *, const u8 *) = 49 void (*fn)(struct crypto_tfm *, u8 *, const u8 *) =
53 crypto_cipher_alg(tfm)->cia_encrypt; 50 crypto_cipher_alg(tfm)->cia_encrypt;
@@ -58,10 +55,10 @@ static int crypto_pcbc_encrypt_segment(struct blkcipher_desc *desc,
58 u8 *iv = walk->iv; 55 u8 *iv = walk->iv;
59 56
60 do { 57 do {
61 xor(iv, src, bsize); 58 crypto_xor(iv, src, bsize);
62 fn(crypto_cipher_tfm(tfm), dst, iv); 59 fn(crypto_cipher_tfm(tfm), dst, iv);
63 memcpy(iv, dst, bsize); 60 memcpy(iv, dst, bsize);
64 xor(iv, src, bsize); 61 crypto_xor(iv, src, bsize);
65 62
66 src += bsize; 63 src += bsize;
67 dst += bsize; 64 dst += bsize;
@@ -72,9 +69,7 @@ static int crypto_pcbc_encrypt_segment(struct blkcipher_desc *desc,
72 69
73static int crypto_pcbc_encrypt_inplace(struct blkcipher_desc *desc, 70static int crypto_pcbc_encrypt_inplace(struct blkcipher_desc *desc,
74 struct blkcipher_walk *walk, 71 struct blkcipher_walk *walk,
75 struct crypto_cipher *tfm, 72 struct crypto_cipher *tfm)
76 void (*xor)(u8 *, const u8 *,
77 unsigned int))
78{ 73{
79 void (*fn)(struct crypto_tfm *, u8 *, const u8 *) = 74 void (*fn)(struct crypto_tfm *, u8 *, const u8 *) =
80 crypto_cipher_alg(tfm)->cia_encrypt; 75 crypto_cipher_alg(tfm)->cia_encrypt;
@@ -86,10 +81,10 @@ static int crypto_pcbc_encrypt_inplace(struct blkcipher_desc *desc,
86 81
87 do { 82 do {
88 memcpy(tmpbuf, src, bsize); 83 memcpy(tmpbuf, src, bsize);
89 xor(iv, tmpbuf, bsize); 84 crypto_xor(iv, src, bsize);
90 fn(crypto_cipher_tfm(tfm), src, iv); 85 fn(crypto_cipher_tfm(tfm), src, iv);
91 memcpy(iv, src, bsize); 86 memcpy(iv, tmpbuf, bsize);
92 xor(iv, tmpbuf, bsize); 87 crypto_xor(iv, src, bsize);
93 88
94 src += bsize; 89 src += bsize;
95 } while ((nbytes -= bsize) >= bsize); 90 } while ((nbytes -= bsize) >= bsize);
@@ -107,7 +102,6 @@ static int crypto_pcbc_encrypt(struct blkcipher_desc *desc,
107 struct crypto_blkcipher *tfm = desc->tfm; 102 struct crypto_blkcipher *tfm = desc->tfm;
108 struct crypto_pcbc_ctx *ctx = crypto_blkcipher_ctx(tfm); 103 struct crypto_pcbc_ctx *ctx = crypto_blkcipher_ctx(tfm);
109 struct crypto_cipher *child = ctx->child; 104 struct crypto_cipher *child = ctx->child;
110 void (*xor)(u8 *, const u8 *, unsigned int bs) = ctx->xor;
111 int err; 105 int err;
112 106
113 blkcipher_walk_init(&walk, dst, src, nbytes); 107 blkcipher_walk_init(&walk, dst, src, nbytes);
@@ -115,11 +109,11 @@ static int crypto_pcbc_encrypt(struct blkcipher_desc *desc,
115 109
116 while ((nbytes = walk.nbytes)) { 110 while ((nbytes = walk.nbytes)) {
117 if (walk.src.virt.addr == walk.dst.virt.addr) 111 if (walk.src.virt.addr == walk.dst.virt.addr)
118 nbytes = crypto_pcbc_encrypt_inplace(desc, &walk, child, 112 nbytes = crypto_pcbc_encrypt_inplace(desc, &walk,
119 xor); 113 child);
120 else 114 else
121 nbytes = crypto_pcbc_encrypt_segment(desc, &walk, child, 115 nbytes = crypto_pcbc_encrypt_segment(desc, &walk,
122 xor); 116 child);
123 err = blkcipher_walk_done(desc, &walk, nbytes); 117 err = blkcipher_walk_done(desc, &walk, nbytes);
124 } 118 }
125 119
@@ -128,9 +122,7 @@ static int crypto_pcbc_encrypt(struct blkcipher_desc *desc,
128 122
129static int crypto_pcbc_decrypt_segment(struct blkcipher_desc *desc, 123static int crypto_pcbc_decrypt_segment(struct blkcipher_desc *desc,
130 struct blkcipher_walk *walk, 124 struct blkcipher_walk *walk,
131 struct crypto_cipher *tfm, 125 struct crypto_cipher *tfm)
132 void (*xor)(u8 *, const u8 *,
133 unsigned int))
134{ 126{
135 void (*fn)(struct crypto_tfm *, u8 *, const u8 *) = 127 void (*fn)(struct crypto_tfm *, u8 *, const u8 *) =
136 crypto_cipher_alg(tfm)->cia_decrypt; 128 crypto_cipher_alg(tfm)->cia_decrypt;
@@ -142,9 +134,9 @@ static int crypto_pcbc_decrypt_segment(struct blkcipher_desc *desc,
142 134
143 do { 135 do {
144 fn(crypto_cipher_tfm(tfm), dst, src); 136 fn(crypto_cipher_tfm(tfm), dst, src);
145 xor(dst, iv, bsize); 137 crypto_xor(dst, iv, bsize);
146 memcpy(iv, src, bsize); 138 memcpy(iv, src, bsize);
147 xor(iv, dst, bsize); 139 crypto_xor(iv, dst, bsize);
148 140
149 src += bsize; 141 src += bsize;
150 dst += bsize; 142 dst += bsize;
@@ -157,9 +149,7 @@ static int crypto_pcbc_decrypt_segment(struct blkcipher_desc *desc,
157 149
158static int crypto_pcbc_decrypt_inplace(struct blkcipher_desc *desc, 150static int crypto_pcbc_decrypt_inplace(struct blkcipher_desc *desc,
159 struct blkcipher_walk *walk, 151 struct blkcipher_walk *walk,
160 struct crypto_cipher *tfm, 152 struct crypto_cipher *tfm)
161 void (*xor)(u8 *, const u8 *,
162 unsigned int))
163{ 153{
164 void (*fn)(struct crypto_tfm *, u8 *, const u8 *) = 154 void (*fn)(struct crypto_tfm *, u8 *, const u8 *) =
165 crypto_cipher_alg(tfm)->cia_decrypt; 155 crypto_cipher_alg(tfm)->cia_decrypt;
@@ -172,9 +162,9 @@ static int crypto_pcbc_decrypt_inplace(struct blkcipher_desc *desc,
172 do { 162 do {
173 memcpy(tmpbuf, src, bsize); 163 memcpy(tmpbuf, src, bsize);
174 fn(crypto_cipher_tfm(tfm), src, src); 164 fn(crypto_cipher_tfm(tfm), src, src);
175 xor(src, iv, bsize); 165 crypto_xor(src, iv, bsize);
176 memcpy(iv, tmpbuf, bsize); 166 memcpy(iv, tmpbuf, bsize);
177 xor(iv, src, bsize); 167 crypto_xor(iv, src, bsize);
178 168
179 src += bsize; 169 src += bsize;
180 } while ((nbytes -= bsize) >= bsize); 170 } while ((nbytes -= bsize) >= bsize);
@@ -192,7 +182,6 @@ static int crypto_pcbc_decrypt(struct blkcipher_desc *desc,
192 struct crypto_blkcipher *tfm = desc->tfm; 182 struct crypto_blkcipher *tfm = desc->tfm;
193 struct crypto_pcbc_ctx *ctx = crypto_blkcipher_ctx(tfm); 183 struct crypto_pcbc_ctx *ctx = crypto_blkcipher_ctx(tfm);
194 struct crypto_cipher *child = ctx->child; 184 struct crypto_cipher *child = ctx->child;
195 void (*xor)(u8 *, const u8 *, unsigned int bs) = ctx->xor;
196 int err; 185 int err;
197 186
198 blkcipher_walk_init(&walk, dst, src, nbytes); 187 blkcipher_walk_init(&walk, dst, src, nbytes);
@@ -200,48 +189,17 @@ static int crypto_pcbc_decrypt(struct blkcipher_desc *desc,
200 189
201 while ((nbytes = walk.nbytes)) { 190 while ((nbytes = walk.nbytes)) {
202 if (walk.src.virt.addr == walk.dst.virt.addr) 191 if (walk.src.virt.addr == walk.dst.virt.addr)
203 nbytes = crypto_pcbc_decrypt_inplace(desc, &walk, child, 192 nbytes = crypto_pcbc_decrypt_inplace(desc, &walk,
204 xor); 193 child);
205 else 194 else
206 nbytes = crypto_pcbc_decrypt_segment(desc, &walk, child, 195 nbytes = crypto_pcbc_decrypt_segment(desc, &walk,
207 xor); 196 child);
208 err = blkcipher_walk_done(desc, &walk, nbytes); 197 err = blkcipher_walk_done(desc, &walk, nbytes);
209 } 198 }
210 199
211 return err; 200 return err;
212} 201}
213 202
214static void xor_byte(u8 *a, const u8 *b, unsigned int bs)
215{
216 do {
217 *a++ ^= *b++;
218 } while (--bs);
219}
220
221static void xor_quad(u8 *dst, const u8 *src, unsigned int bs)
222{
223 u32 *a = (u32 *)dst;
224 u32 *b = (u32 *)src;
225
226 do {
227 *a++ ^= *b++;
228 } while ((bs -= 4));
229}
230
231static void xor_64(u8 *a, const u8 *b, unsigned int bs)
232{
233 ((u32 *)a)[0] ^= ((u32 *)b)[0];
234 ((u32 *)a)[1] ^= ((u32 *)b)[1];
235}
236
237static void xor_128(u8 *a, const u8 *b, unsigned int bs)
238{
239 ((u32 *)a)[0] ^= ((u32 *)b)[0];
240 ((u32 *)a)[1] ^= ((u32 *)b)[1];
241 ((u32 *)a)[2] ^= ((u32 *)b)[2];
242 ((u32 *)a)[3] ^= ((u32 *)b)[3];
243}
244
245static int crypto_pcbc_init_tfm(struct crypto_tfm *tfm) 203static int crypto_pcbc_init_tfm(struct crypto_tfm *tfm)
246{ 204{
247 struct crypto_instance *inst = (void *)tfm->__crt_alg; 205 struct crypto_instance *inst = (void *)tfm->__crt_alg;
@@ -249,22 +207,6 @@ static int crypto_pcbc_init_tfm(struct crypto_tfm *tfm)
249 struct crypto_pcbc_ctx *ctx = crypto_tfm_ctx(tfm); 207 struct crypto_pcbc_ctx *ctx = crypto_tfm_ctx(tfm);
250 struct crypto_cipher *cipher; 208 struct crypto_cipher *cipher;
251 209
252 switch (crypto_tfm_alg_blocksize(tfm)) {
253 case 8:
254 ctx->xor = xor_64;
255 break;
256
257 case 16:
258 ctx->xor = xor_128;
259 break;
260
261 default:
262 if (crypto_tfm_alg_blocksize(tfm) % 4)
263 ctx->xor = xor_byte;
264 else
265 ctx->xor = xor_quad;
266 }
267
268 cipher = crypto_spawn_cipher(spawn); 210 cipher = crypto_spawn_cipher(spawn);
269 if (IS_ERR(cipher)) 211 if (IS_ERR(cipher))
270 return PTR_ERR(cipher); 212 return PTR_ERR(cipher);
@@ -304,8 +246,9 @@ static struct crypto_instance *crypto_pcbc_alloc(struct rtattr **tb)
304 inst->alg.cra_alignmask = alg->cra_alignmask; 246 inst->alg.cra_alignmask = alg->cra_alignmask;
305 inst->alg.cra_type = &crypto_blkcipher_type; 247 inst->alg.cra_type = &crypto_blkcipher_type;
306 248
307 if (!(alg->cra_blocksize % 4)) 249 /* We access the data as u32s when xoring. */
308 inst->alg.cra_alignmask |= 3; 250 inst->alg.cra_alignmask |= __alignof__(u32) - 1;
251
309 inst->alg.cra_blkcipher.ivsize = alg->cra_blocksize; 252 inst->alg.cra_blkcipher.ivsize = alg->cra_blocksize;
310 inst->alg.cra_blkcipher.min_keysize = alg->cra_cipher.cia_min_keysize; 253 inst->alg.cra_blkcipher.min_keysize = alg->cra_cipher.cia_min_keysize;
311 inst->alg.cra_blkcipher.max_keysize = alg->cra_cipher.cia_max_keysize; 254 inst->alg.cra_blkcipher.max_keysize = alg->cra_cipher.cia_max_keysize;
diff --git a/crypto/salsa20_generic.c b/crypto/salsa20_generic.c
new file mode 100644
index 000000000000..1fa4e4ddcab5
--- /dev/null
+++ b/crypto/salsa20_generic.c
@@ -0,0 +1,255 @@
1/*
2 * Salsa20: Salsa20 stream cipher algorithm
3 *
4 * Copyright (c) 2007 Tan Swee Heng <thesweeheng@gmail.com>
5 *
6 * Derived from:
7 * - salsa20.c: Public domain C code by Daniel J. Bernstein <djb@cr.yp.to>
8 *
9 * Salsa20 is a stream cipher candidate in eSTREAM, the ECRYPT Stream
10 * Cipher Project. It is designed by Daniel J. Bernstein <djb@cr.yp.to>.
11 * More information about eSTREAM and Salsa20 can be found here:
12 * http://www.ecrypt.eu.org/stream/
13 * http://cr.yp.to/snuffle.html
14 *
15 * This program is free software; you can redistribute it and/or modify it
16 * under the terms of the GNU General Public License as published by the Free
17 * Software Foundation; either version 2 of the License, or (at your option)
18 * any later version.
19 *
20 */
21
22#include <linux/init.h>
23#include <linux/module.h>
24#include <linux/errno.h>
25#include <linux/crypto.h>
26#include <linux/types.h>
27#include <crypto/algapi.h>
28#include <asm/byteorder.h>
29
30#define SALSA20_IV_SIZE 8U
31#define SALSA20_MIN_KEY_SIZE 16U
32#define SALSA20_MAX_KEY_SIZE 32U
33
34/*
35 * Start of code taken from D. J. Bernstein's reference implementation.
36 * With some modifications and optimizations made to suit our needs.
37 */
38
39/*
40salsa20-ref.c version 20051118
41D. J. Bernstein
42Public domain.
43*/
44
45#define ROTATE(v,n) (((v) << (n)) | ((v) >> (32 - (n))))
46#define XOR(v,w) ((v) ^ (w))
47#define PLUS(v,w) (((v) + (w)))
48#define PLUSONE(v) (PLUS((v),1))
49#define U32TO8_LITTLE(p, v) \
50 { (p)[0] = (v >> 0) & 0xff; (p)[1] = (v >> 8) & 0xff; \
51 (p)[2] = (v >> 16) & 0xff; (p)[3] = (v >> 24) & 0xff; }
52#define U8TO32_LITTLE(p) \
53 (((u32)((p)[0]) ) | ((u32)((p)[1]) << 8) | \
54 ((u32)((p)[2]) << 16) | ((u32)((p)[3]) << 24) )
55
56struct salsa20_ctx
57{
58 u32 input[16];
59};
60
61static void salsa20_wordtobyte(u8 output[64], const u32 input[16])
62{
63 u32 x[16];
64 int i;
65
66 memcpy(x, input, sizeof(x));
67 for (i = 20; i > 0; i -= 2) {
68 x[ 4] = XOR(x[ 4],ROTATE(PLUS(x[ 0],x[12]), 7));
69 x[ 8] = XOR(x[ 8],ROTATE(PLUS(x[ 4],x[ 0]), 9));
70 x[12] = XOR(x[12],ROTATE(PLUS(x[ 8],x[ 4]),13));
71 x[ 0] = XOR(x[ 0],ROTATE(PLUS(x[12],x[ 8]),18));
72 x[ 9] = XOR(x[ 9],ROTATE(PLUS(x[ 5],x[ 1]), 7));
73 x[13] = XOR(x[13],ROTATE(PLUS(x[ 9],x[ 5]), 9));
74 x[ 1] = XOR(x[ 1],ROTATE(PLUS(x[13],x[ 9]),13));
75 x[ 5] = XOR(x[ 5],ROTATE(PLUS(x[ 1],x[13]),18));
76 x[14] = XOR(x[14],ROTATE(PLUS(x[10],x[ 6]), 7));
77 x[ 2] = XOR(x[ 2],ROTATE(PLUS(x[14],x[10]), 9));
78 x[ 6] = XOR(x[ 6],ROTATE(PLUS(x[ 2],x[14]),13));
79 x[10] = XOR(x[10],ROTATE(PLUS(x[ 6],x[ 2]),18));
80 x[ 3] = XOR(x[ 3],ROTATE(PLUS(x[15],x[11]), 7));
81 x[ 7] = XOR(x[ 7],ROTATE(PLUS(x[ 3],x[15]), 9));
82 x[11] = XOR(x[11],ROTATE(PLUS(x[ 7],x[ 3]),13));
83 x[15] = XOR(x[15],ROTATE(PLUS(x[11],x[ 7]),18));
84 x[ 1] = XOR(x[ 1],ROTATE(PLUS(x[ 0],x[ 3]), 7));
85 x[ 2] = XOR(x[ 2],ROTATE(PLUS(x[ 1],x[ 0]), 9));
86 x[ 3] = XOR(x[ 3],ROTATE(PLUS(x[ 2],x[ 1]),13));
87 x[ 0] = XOR(x[ 0],ROTATE(PLUS(x[ 3],x[ 2]),18));
88 x[ 6] = XOR(x[ 6],ROTATE(PLUS(x[ 5],x[ 4]), 7));
89 x[ 7] = XOR(x[ 7],ROTATE(PLUS(x[ 6],x[ 5]), 9));
90 x[ 4] = XOR(x[ 4],ROTATE(PLUS(x[ 7],x[ 6]),13));
91 x[ 5] = XOR(x[ 5],ROTATE(PLUS(x[ 4],x[ 7]),18));
92 x[11] = XOR(x[11],ROTATE(PLUS(x[10],x[ 9]), 7));
93 x[ 8] = XOR(x[ 8],ROTATE(PLUS(x[11],x[10]), 9));
94 x[ 9] = XOR(x[ 9],ROTATE(PLUS(x[ 8],x[11]),13));
95 x[10] = XOR(x[10],ROTATE(PLUS(x[ 9],x[ 8]),18));
96 x[12] = XOR(x[12],ROTATE(PLUS(x[15],x[14]), 7));
97 x[13] = XOR(x[13],ROTATE(PLUS(x[12],x[15]), 9));
98 x[14] = XOR(x[14],ROTATE(PLUS(x[13],x[12]),13));
99 x[15] = XOR(x[15],ROTATE(PLUS(x[14],x[13]),18));
100 }
101 for (i = 0; i < 16; ++i)
102 x[i] = PLUS(x[i],input[i]);
103 for (i = 0; i < 16; ++i)
104 U32TO8_LITTLE(output + 4 * i,x[i]);
105}
106
107static const char sigma[16] = "expand 32-byte k";
108static const char tau[16] = "expand 16-byte k";
109
110static void salsa20_keysetup(struct salsa20_ctx *ctx, const u8 *k, u32 kbytes)
111{
112 const char *constants;
113
114 ctx->input[1] = U8TO32_LITTLE(k + 0);
115 ctx->input[2] = U8TO32_LITTLE(k + 4);
116 ctx->input[3] = U8TO32_LITTLE(k + 8);
117 ctx->input[4] = U8TO32_LITTLE(k + 12);
118 if (kbytes == 32) { /* recommended */
119 k += 16;
120 constants = sigma;
121 } else { /* kbytes == 16 */
122 constants = tau;
123 }
124 ctx->input[11] = U8TO32_LITTLE(k + 0);
125 ctx->input[12] = U8TO32_LITTLE(k + 4);
126 ctx->input[13] = U8TO32_LITTLE(k + 8);
127 ctx->input[14] = U8TO32_LITTLE(k + 12);
128 ctx->input[0] = U8TO32_LITTLE(constants + 0);
129 ctx->input[5] = U8TO32_LITTLE(constants + 4);
130 ctx->input[10] = U8TO32_LITTLE(constants + 8);
131 ctx->input[15] = U8TO32_LITTLE(constants + 12);
132}
133
134static void salsa20_ivsetup(struct salsa20_ctx *ctx, const u8 *iv)
135{
136 ctx->input[6] = U8TO32_LITTLE(iv + 0);
137 ctx->input[7] = U8TO32_LITTLE(iv + 4);
138 ctx->input[8] = 0;
139 ctx->input[9] = 0;
140}
141
142static void salsa20_encrypt_bytes(struct salsa20_ctx *ctx, u8 *dst,
143 const u8 *src, unsigned int bytes)
144{
145 u8 buf[64];
146
147 if (dst != src)
148 memcpy(dst, src, bytes);
149
150 while (bytes) {
151 salsa20_wordtobyte(buf, ctx->input);
152
153 ctx->input[8] = PLUSONE(ctx->input[8]);
154 if (!ctx->input[8])
155 ctx->input[9] = PLUSONE(ctx->input[9]);
156
157 if (bytes <= 64) {
158 crypto_xor(dst, buf, bytes);
159 return;
160 }
161
162 crypto_xor(dst, buf, 64);
163 bytes -= 64;
164 dst += 64;
165 }
166}
167
168/*
169 * End of code taken from D. J. Bernstein's reference implementation.
170 */
171
172static int setkey(struct crypto_tfm *tfm, const u8 *key,
173 unsigned int keysize)
174{
175 struct salsa20_ctx *ctx = crypto_tfm_ctx(tfm);
176 salsa20_keysetup(ctx, key, keysize);
177 return 0;
178}
179
180static int encrypt(struct blkcipher_desc *desc,
181 struct scatterlist *dst, struct scatterlist *src,
182 unsigned int nbytes)
183{
184 struct blkcipher_walk walk;
185 struct crypto_blkcipher *tfm = desc->tfm;
186 struct salsa20_ctx *ctx = crypto_blkcipher_ctx(tfm);
187 int err;
188
189 blkcipher_walk_init(&walk, dst, src, nbytes);
190 err = blkcipher_walk_virt_block(desc, &walk, 64);
191
192 salsa20_ivsetup(ctx, walk.iv);
193
194 if (likely(walk.nbytes == nbytes))
195 {
196 salsa20_encrypt_bytes(ctx, walk.dst.virt.addr,
197 walk.src.virt.addr, nbytes);
198 return blkcipher_walk_done(desc, &walk, 0);
199 }
200
201 while (walk.nbytes >= 64) {
202 salsa20_encrypt_bytes(ctx, walk.dst.virt.addr,
203 walk.src.virt.addr,
204 walk.nbytes - (walk.nbytes % 64));
205 err = blkcipher_walk_done(desc, &walk, walk.nbytes % 64);
206 }
207
208 if (walk.nbytes) {
209 salsa20_encrypt_bytes(ctx, walk.dst.virt.addr,
210 walk.src.virt.addr, walk.nbytes);
211 err = blkcipher_walk_done(desc, &walk, 0);
212 }
213
214 return err;
215}
216
217static struct crypto_alg alg = {
218 .cra_name = "salsa20",
219 .cra_driver_name = "salsa20-generic",
220 .cra_priority = 100,
221 .cra_flags = CRYPTO_ALG_TYPE_BLKCIPHER,
222 .cra_type = &crypto_blkcipher_type,
223 .cra_blocksize = 1,
224 .cra_ctxsize = sizeof(struct salsa20_ctx),
225 .cra_alignmask = 3,
226 .cra_module = THIS_MODULE,
227 .cra_list = LIST_HEAD_INIT(alg.cra_list),
228 .cra_u = {
229 .blkcipher = {
230 .setkey = setkey,
231 .encrypt = encrypt,
232 .decrypt = encrypt,
233 .min_keysize = SALSA20_MIN_KEY_SIZE,
234 .max_keysize = SALSA20_MAX_KEY_SIZE,
235 .ivsize = SALSA20_IV_SIZE,
236 }
237 }
238};
239
240static int __init init(void)
241{
242 return crypto_register_alg(&alg);
243}
244
245static void __exit fini(void)
246{
247 crypto_unregister_alg(&alg);
248}
249
250module_init(init);
251module_exit(fini);
252
253MODULE_LICENSE("GPL");
254MODULE_DESCRIPTION ("Salsa20 stream cipher algorithm");
255MODULE_ALIAS("salsa20");
diff --git a/crypto/scatterwalk.c b/crypto/scatterwalk.c
index b9bbda0bb9f9..9aeeb52004a5 100644
--- a/crypto/scatterwalk.c
+++ b/crypto/scatterwalk.c
@@ -13,6 +13,8 @@
13 * any later version. 13 * any later version.
14 * 14 *
15 */ 15 */
16
17#include <crypto/scatterwalk.h>
16#include <linux/kernel.h> 18#include <linux/kernel.h>
17#include <linux/mm.h> 19#include <linux/mm.h>
18#include <linux/module.h> 20#include <linux/module.h>
@@ -20,9 +22,6 @@
20#include <linux/highmem.h> 22#include <linux/highmem.h>
21#include <linux/scatterlist.h> 23#include <linux/scatterlist.h>
22 24
23#include "internal.h"
24#include "scatterwalk.h"
25
26static inline void memcpy_dir(void *buf, void *sgdata, size_t nbytes, int out) 25static inline void memcpy_dir(void *buf, void *sgdata, size_t nbytes, int out)
27{ 26{
28 void *src = out ? buf : sgdata; 27 void *src = out ? buf : sgdata;
@@ -106,6 +105,9 @@ void scatterwalk_map_and_copy(void *buf, struct scatterlist *sg,
106 struct scatter_walk walk; 105 struct scatter_walk walk;
107 unsigned int offset = 0; 106 unsigned int offset = 0;
108 107
108 if (!nbytes)
109 return;
110
109 for (;;) { 111 for (;;) {
110 scatterwalk_start(&walk, sg); 112 scatterwalk_start(&walk, sg);
111 113
@@ -113,7 +115,7 @@ void scatterwalk_map_and_copy(void *buf, struct scatterlist *sg,
113 break; 115 break;
114 116
115 offset += sg->length; 117 offset += sg->length;
116 sg = sg_next(sg); 118 sg = scatterwalk_sg_next(sg);
117 } 119 }
118 120
119 scatterwalk_advance(&walk, start - offset); 121 scatterwalk_advance(&walk, start - offset);
diff --git a/crypto/scatterwalk.h b/crypto/scatterwalk.h
deleted file mode 100644
index 87ed681cceba..000000000000
--- a/crypto/scatterwalk.h
+++ /dev/null
@@ -1,80 +0,0 @@
1/*
2 * Cryptographic API.
3 *
4 * Copyright (c) 2002 James Morris <jmorris@intercode.com.au>
5 * Copyright (c) 2002 Adam J. Richter <adam@yggdrasil.com>
6 * Copyright (c) 2004 Jean-Luc Cooke <jlcooke@certainkey.com>
7 *
8 * This program is free software; you can redistribute it and/or modify it
9 * under the terms of the GNU General Public License as published by the Free
10 * Software Foundation; either version 2 of the License, or (at your option)
11 * any later version.
12 *
13 */
14
15#ifndef _CRYPTO_SCATTERWALK_H
16#define _CRYPTO_SCATTERWALK_H
17
18#include <linux/mm.h>
19#include <linux/scatterlist.h>
20
21#include "internal.h"
22
23static inline struct scatterlist *scatterwalk_sg_next(struct scatterlist *sg)
24{
25 return (++sg)->length ? sg : (void *) sg_page(sg);
26}
27
28static inline unsigned long scatterwalk_samebuf(struct scatter_walk *walk_in,
29 struct scatter_walk *walk_out)
30{
31 return !(((sg_page(walk_in->sg) - sg_page(walk_out->sg)) << PAGE_SHIFT) +
32 (int)(walk_in->offset - walk_out->offset));
33}
34
35static inline unsigned int scatterwalk_pagelen(struct scatter_walk *walk)
36{
37 unsigned int len = walk->sg->offset + walk->sg->length - walk->offset;
38 unsigned int len_this_page = offset_in_page(~walk->offset) + 1;
39 return len_this_page > len ? len : len_this_page;
40}
41
42static inline unsigned int scatterwalk_clamp(struct scatter_walk *walk,
43 unsigned int nbytes)
44{
45 unsigned int len_this_page = scatterwalk_pagelen(walk);
46 return nbytes > len_this_page ? len_this_page : nbytes;
47}
48
49static inline void scatterwalk_advance(struct scatter_walk *walk,
50 unsigned int nbytes)
51{
52 walk->offset += nbytes;
53}
54
55static inline unsigned int scatterwalk_aligned(struct scatter_walk *walk,
56 unsigned int alignmask)
57{
58 return !(walk->offset & alignmask);
59}
60
61static inline struct page *scatterwalk_page(struct scatter_walk *walk)
62{
63 return sg_page(walk->sg) + (walk->offset >> PAGE_SHIFT);
64}
65
66static inline void scatterwalk_unmap(void *vaddr, int out)
67{
68 crypto_kunmap(vaddr, out);
69}
70
71void scatterwalk_start(struct scatter_walk *walk, struct scatterlist *sg);
72void scatterwalk_copychunks(void *buf, struct scatter_walk *walk,
73 size_t nbytes, int out);
74void *scatterwalk_map(struct scatter_walk *walk, int out);
75void scatterwalk_done(struct scatter_walk *walk, int out, int more);
76
77void scatterwalk_map_and_copy(void *buf, struct scatterlist *sg,
78 unsigned int start, unsigned int nbytes, int out);
79
80#endif /* _CRYPTO_SCATTERWALK_H */
diff --git a/crypto/seqiv.c b/crypto/seqiv.c
new file mode 100644
index 000000000000..b903aab31577
--- /dev/null
+++ b/crypto/seqiv.c
@@ -0,0 +1,345 @@
1/*
2 * seqiv: Sequence Number IV Generator
3 *
4 * This generator generates an IV based on a sequence number by xoring it
5 * with a salt. This algorithm is mainly useful for CTR and similar modes.
6 *
7 * Copyright (c) 2007 Herbert Xu <herbert@gondor.apana.org.au>
8 *
9 * This program is free software; you can redistribute it and/or modify it
10 * under the terms of the GNU General Public License as published by the Free
11 * Software Foundation; either version 2 of the License, or (at your option)
12 * any later version.
13 *
14 */
15
16#include <crypto/internal/aead.h>
17#include <crypto/internal/skcipher.h>
18#include <linux/err.h>
19#include <linux/init.h>
20#include <linux/kernel.h>
21#include <linux/module.h>
22#include <linux/random.h>
23#include <linux/spinlock.h>
24#include <linux/string.h>
25
26struct seqiv_ctx {
27 spinlock_t lock;
28 u8 salt[] __attribute__ ((aligned(__alignof__(u32))));
29};
30
31static void seqiv_complete2(struct skcipher_givcrypt_request *req, int err)
32{
33 struct ablkcipher_request *subreq = skcipher_givcrypt_reqctx(req);
34 struct crypto_ablkcipher *geniv;
35
36 if (err == -EINPROGRESS)
37 return;
38
39 if (err)
40 goto out;
41
42 geniv = skcipher_givcrypt_reqtfm(req);
43 memcpy(req->creq.info, subreq->info, crypto_ablkcipher_ivsize(geniv));
44
45out:
46 kfree(subreq->info);
47}
48
49static void seqiv_complete(struct crypto_async_request *base, int err)
50{
51 struct skcipher_givcrypt_request *req = base->data;
52
53 seqiv_complete2(req, err);
54 skcipher_givcrypt_complete(req, err);
55}
56
57static void seqiv_aead_complete2(struct aead_givcrypt_request *req, int err)
58{
59 struct aead_request *subreq = aead_givcrypt_reqctx(req);
60 struct crypto_aead *geniv;
61
62 if (err == -EINPROGRESS)
63 return;
64
65 if (err)
66 goto out;
67
68 geniv = aead_givcrypt_reqtfm(req);
69 memcpy(req->areq.iv, subreq->iv, crypto_aead_ivsize(geniv));
70
71out:
72 kfree(subreq->iv);
73}
74
75static void seqiv_aead_complete(struct crypto_async_request *base, int err)
76{
77 struct aead_givcrypt_request *req = base->data;
78
79 seqiv_aead_complete2(req, err);
80 aead_givcrypt_complete(req, err);
81}
82
83static void seqiv_geniv(struct seqiv_ctx *ctx, u8 *info, u64 seq,
84 unsigned int ivsize)
85{
86 unsigned int len = ivsize;
87
88 if (ivsize > sizeof(u64)) {
89 memset(info, 0, ivsize - sizeof(u64));
90 len = sizeof(u64);
91 }
92 seq = cpu_to_be64(seq);
93 memcpy(info + ivsize - len, &seq, len);
94 crypto_xor(info, ctx->salt, ivsize);
95}
96
97static int seqiv_givencrypt(struct skcipher_givcrypt_request *req)
98{
99 struct crypto_ablkcipher *geniv = skcipher_givcrypt_reqtfm(req);
100 struct seqiv_ctx *ctx = crypto_ablkcipher_ctx(geniv);
101 struct ablkcipher_request *subreq = skcipher_givcrypt_reqctx(req);
102 crypto_completion_t complete;
103 void *data;
104 u8 *info;
105 unsigned int ivsize;
106 int err;
107
108 ablkcipher_request_set_tfm(subreq, skcipher_geniv_cipher(geniv));
109
110 complete = req->creq.base.complete;
111 data = req->creq.base.data;
112 info = req->creq.info;
113
114 ivsize = crypto_ablkcipher_ivsize(geniv);
115
116 if (unlikely(!IS_ALIGNED((unsigned long)info,
117 crypto_ablkcipher_alignmask(geniv) + 1))) {
118 info = kmalloc(ivsize, req->creq.base.flags &
119 CRYPTO_TFM_REQ_MAY_SLEEP ? GFP_KERNEL:
120 GFP_ATOMIC);
121 if (!info)
122 return -ENOMEM;
123
124 complete = seqiv_complete;
125 data = req;
126 }
127
128 ablkcipher_request_set_callback(subreq, req->creq.base.flags, complete,
129 data);
130 ablkcipher_request_set_crypt(subreq, req->creq.src, req->creq.dst,
131 req->creq.nbytes, info);
132
133 seqiv_geniv(ctx, info, req->seq, ivsize);
134 memcpy(req->giv, info, ivsize);
135
136 err = crypto_ablkcipher_encrypt(subreq);
137 if (unlikely(info != req->creq.info))
138 seqiv_complete2(req, err);
139 return err;
140}
141
142static int seqiv_aead_givencrypt(struct aead_givcrypt_request *req)
143{
144 struct crypto_aead *geniv = aead_givcrypt_reqtfm(req);
145 struct seqiv_ctx *ctx = crypto_aead_ctx(geniv);
146 struct aead_request *areq = &req->areq;
147 struct aead_request *subreq = aead_givcrypt_reqctx(req);
148 crypto_completion_t complete;
149 void *data;
150 u8 *info;
151 unsigned int ivsize;
152 int err;
153
154 aead_request_set_tfm(subreq, aead_geniv_base(geniv));
155
156 complete = areq->base.complete;
157 data = areq->base.data;
158 info = areq->iv;
159
160 ivsize = crypto_aead_ivsize(geniv);
161
162 if (unlikely(!IS_ALIGNED((unsigned long)info,
163 crypto_aead_alignmask(geniv) + 1))) {
164 info = kmalloc(ivsize, areq->base.flags &
165 CRYPTO_TFM_REQ_MAY_SLEEP ? GFP_KERNEL:
166 GFP_ATOMIC);
167 if (!info)
168 return -ENOMEM;
169
170 complete = seqiv_aead_complete;
171 data = req;
172 }
173
174 aead_request_set_callback(subreq, areq->base.flags, complete, data);
175 aead_request_set_crypt(subreq, areq->src, areq->dst, areq->cryptlen,
176 info);
177 aead_request_set_assoc(subreq, areq->assoc, areq->assoclen);
178
179 seqiv_geniv(ctx, info, req->seq, ivsize);
180 memcpy(req->giv, info, ivsize);
181
182 err = crypto_aead_encrypt(subreq);
183 if (unlikely(info != areq->iv))
184 seqiv_aead_complete2(req, err);
185 return err;
186}
187
188static int seqiv_givencrypt_first(struct skcipher_givcrypt_request *req)
189{
190 struct crypto_ablkcipher *geniv = skcipher_givcrypt_reqtfm(req);
191 struct seqiv_ctx *ctx = crypto_ablkcipher_ctx(geniv);
192
193 spin_lock_bh(&ctx->lock);
194 if (crypto_ablkcipher_crt(geniv)->givencrypt != seqiv_givencrypt_first)
195 goto unlock;
196
197 crypto_ablkcipher_crt(geniv)->givencrypt = seqiv_givencrypt;
198 get_random_bytes(ctx->salt, crypto_ablkcipher_ivsize(geniv));
199
200unlock:
201 spin_unlock_bh(&ctx->lock);
202
203 return seqiv_givencrypt(req);
204}
205
206static int seqiv_aead_givencrypt_first(struct aead_givcrypt_request *req)
207{
208 struct crypto_aead *geniv = aead_givcrypt_reqtfm(req);
209 struct seqiv_ctx *ctx = crypto_aead_ctx(geniv);
210
211 spin_lock_bh(&ctx->lock);
212 if (crypto_aead_crt(geniv)->givencrypt != seqiv_aead_givencrypt_first)
213 goto unlock;
214
215 crypto_aead_crt(geniv)->givencrypt = seqiv_aead_givencrypt;
216 get_random_bytes(ctx->salt, crypto_aead_ivsize(geniv));
217
218unlock:
219 spin_unlock_bh(&ctx->lock);
220
221 return seqiv_aead_givencrypt(req);
222}
223
224static int seqiv_init(struct crypto_tfm *tfm)
225{
226 struct crypto_ablkcipher *geniv = __crypto_ablkcipher_cast(tfm);
227 struct seqiv_ctx *ctx = crypto_ablkcipher_ctx(geniv);
228
229 spin_lock_init(&ctx->lock);
230
231 tfm->crt_ablkcipher.reqsize = sizeof(struct ablkcipher_request);
232
233 return skcipher_geniv_init(tfm);
234}
235
236static int seqiv_aead_init(struct crypto_tfm *tfm)
237{
238 struct crypto_aead *geniv = __crypto_aead_cast(tfm);
239 struct seqiv_ctx *ctx = crypto_aead_ctx(geniv);
240
241 spin_lock_init(&ctx->lock);
242
243 tfm->crt_aead.reqsize = sizeof(struct aead_request);
244
245 return aead_geniv_init(tfm);
246}
247
248static struct crypto_template seqiv_tmpl;
249
250static struct crypto_instance *seqiv_ablkcipher_alloc(struct rtattr **tb)
251{
252 struct crypto_instance *inst;
253
254 inst = skcipher_geniv_alloc(&seqiv_tmpl, tb, 0, 0);
255
256 if (IS_ERR(inst))
257 goto out;
258
259 inst->alg.cra_ablkcipher.givencrypt = seqiv_givencrypt_first;
260
261 inst->alg.cra_init = seqiv_init;
262 inst->alg.cra_exit = skcipher_geniv_exit;
263
264 inst->alg.cra_ctxsize += inst->alg.cra_ablkcipher.ivsize;
265
266out:
267 return inst;
268}
269
270static struct crypto_instance *seqiv_aead_alloc(struct rtattr **tb)
271{
272 struct crypto_instance *inst;
273
274 inst = aead_geniv_alloc(&seqiv_tmpl, tb, 0, 0);
275
276 if (IS_ERR(inst))
277 goto out;
278
279 inst->alg.cra_aead.givencrypt = seqiv_aead_givencrypt_first;
280
281 inst->alg.cra_init = seqiv_aead_init;
282 inst->alg.cra_exit = aead_geniv_exit;
283
284 inst->alg.cra_ctxsize = inst->alg.cra_aead.ivsize;
285
286out:
287 return inst;
288}
289
290static struct crypto_instance *seqiv_alloc(struct rtattr **tb)
291{
292 struct crypto_attr_type *algt;
293 struct crypto_instance *inst;
294 int err;
295
296 algt = crypto_get_attr_type(tb);
297 err = PTR_ERR(algt);
298 if (IS_ERR(algt))
299 return ERR_PTR(err);
300
301 if ((algt->type ^ CRYPTO_ALG_TYPE_AEAD) & CRYPTO_ALG_TYPE_MASK)
302 inst = seqiv_ablkcipher_alloc(tb);
303 else
304 inst = seqiv_aead_alloc(tb);
305
306 if (IS_ERR(inst))
307 goto out;
308
309 inst->alg.cra_alignmask |= __alignof__(u32) - 1;
310 inst->alg.cra_ctxsize += sizeof(struct seqiv_ctx);
311
312out:
313 return inst;
314}
315
316static void seqiv_free(struct crypto_instance *inst)
317{
318 if ((inst->alg.cra_flags ^ CRYPTO_ALG_TYPE_AEAD) & CRYPTO_ALG_TYPE_MASK)
319 skcipher_geniv_free(inst);
320 else
321 aead_geniv_free(inst);
322}
323
324static struct crypto_template seqiv_tmpl = {
325 .name = "seqiv",
326 .alloc = seqiv_alloc,
327 .free = seqiv_free,
328 .module = THIS_MODULE,
329};
330
331static int __init seqiv_module_init(void)
332{
333 return crypto_register_template(&seqiv_tmpl);
334}
335
336static void __exit seqiv_module_exit(void)
337{
338 crypto_unregister_template(&seqiv_tmpl);
339}
340
341module_init(seqiv_module_init);
342module_exit(seqiv_module_exit);
343
344MODULE_LICENSE("GPL");
345MODULE_DESCRIPTION("Sequence Number IV Generator");
diff --git a/crypto/sha256_generic.c b/crypto/sha256_generic.c
index fd3918be58b5..3cc93fd61043 100644
--- a/crypto/sha256_generic.c
+++ b/crypto/sha256_generic.c
@@ -9,6 +9,7 @@
9 * Copyright (c) Jean-Luc Cooke <jlcooke@certainkey.com> 9 * Copyright (c) Jean-Luc Cooke <jlcooke@certainkey.com>
10 * Copyright (c) Andrew McDonald <andrew@mcdonald.org.uk> 10 * Copyright (c) Andrew McDonald <andrew@mcdonald.org.uk>
11 * Copyright (c) 2002 James Morris <jmorris@intercode.com.au> 11 * Copyright (c) 2002 James Morris <jmorris@intercode.com.au>
12 * SHA224 Support Copyright 2007 Intel Corporation <jonathan.lynch@intel.com>
12 * 13 *
13 * This program is free software; you can redistribute it and/or modify it 14 * This program is free software; you can redistribute it and/or modify it
14 * under the terms of the GNU General Public License as published by the Free 15 * under the terms of the GNU General Public License as published by the Free
@@ -218,6 +219,22 @@ static void sha256_transform(u32 *state, const u8 *input)
218 memset(W, 0, 64 * sizeof(u32)); 219 memset(W, 0, 64 * sizeof(u32));
219} 220}
220 221
222
223static void sha224_init(struct crypto_tfm *tfm)
224{
225 struct sha256_ctx *sctx = crypto_tfm_ctx(tfm);
226 sctx->state[0] = SHA224_H0;
227 sctx->state[1] = SHA224_H1;
228 sctx->state[2] = SHA224_H2;
229 sctx->state[3] = SHA224_H3;
230 sctx->state[4] = SHA224_H4;
231 sctx->state[5] = SHA224_H5;
232 sctx->state[6] = SHA224_H6;
233 sctx->state[7] = SHA224_H7;
234 sctx->count[0] = 0;
235 sctx->count[1] = 0;
236}
237
221static void sha256_init(struct crypto_tfm *tfm) 238static void sha256_init(struct crypto_tfm *tfm)
222{ 239{
223 struct sha256_ctx *sctx = crypto_tfm_ctx(tfm); 240 struct sha256_ctx *sctx = crypto_tfm_ctx(tfm);
@@ -294,8 +311,17 @@ static void sha256_final(struct crypto_tfm *tfm, u8 *out)
294 memset(sctx, 0, sizeof(*sctx)); 311 memset(sctx, 0, sizeof(*sctx));
295} 312}
296 313
314static void sha224_final(struct crypto_tfm *tfm, u8 *hash)
315{
316 u8 D[SHA256_DIGEST_SIZE];
317
318 sha256_final(tfm, D);
319
320 memcpy(hash, D, SHA224_DIGEST_SIZE);
321 memset(D, 0, SHA256_DIGEST_SIZE);
322}
297 323
298static struct crypto_alg alg = { 324static struct crypto_alg sha256 = {
299 .cra_name = "sha256", 325 .cra_name = "sha256",
300 .cra_driver_name= "sha256-generic", 326 .cra_driver_name= "sha256-generic",
301 .cra_flags = CRYPTO_ALG_TYPE_DIGEST, 327 .cra_flags = CRYPTO_ALG_TYPE_DIGEST,
@@ -303,28 +329,58 @@ static struct crypto_alg alg = {
303 .cra_ctxsize = sizeof(struct sha256_ctx), 329 .cra_ctxsize = sizeof(struct sha256_ctx),
304 .cra_module = THIS_MODULE, 330 .cra_module = THIS_MODULE,
305 .cra_alignmask = 3, 331 .cra_alignmask = 3,
306 .cra_list = LIST_HEAD_INIT(alg.cra_list), 332 .cra_list = LIST_HEAD_INIT(sha256.cra_list),
307 .cra_u = { .digest = { 333 .cra_u = { .digest = {
308 .dia_digestsize = SHA256_DIGEST_SIZE, 334 .dia_digestsize = SHA256_DIGEST_SIZE,
309 .dia_init = sha256_init, 335 .dia_init = sha256_init,
310 .dia_update = sha256_update, 336 .dia_update = sha256_update,
311 .dia_final = sha256_final } } 337 .dia_final = sha256_final } }
338};
339
340static struct crypto_alg sha224 = {
341 .cra_name = "sha224",
342 .cra_driver_name = "sha224-generic",
343 .cra_flags = CRYPTO_ALG_TYPE_DIGEST,
344 .cra_blocksize = SHA224_BLOCK_SIZE,
345 .cra_ctxsize = sizeof(struct sha256_ctx),
346 .cra_module = THIS_MODULE,
347 .cra_alignmask = 3,
348 .cra_list = LIST_HEAD_INIT(sha224.cra_list),
349 .cra_u = { .digest = {
350 .dia_digestsize = SHA224_DIGEST_SIZE,
351 .dia_init = sha224_init,
352 .dia_update = sha256_update,
353 .dia_final = sha224_final } }
312}; 354};
313 355
314static int __init init(void) 356static int __init init(void)
315{ 357{
316 return crypto_register_alg(&alg); 358 int ret = 0;
359
360 ret = crypto_register_alg(&sha224);
361
362 if (ret < 0)
363 return ret;
364
365 ret = crypto_register_alg(&sha256);
366
367 if (ret < 0)
368 crypto_unregister_alg(&sha224);
369
370 return ret;
317} 371}
318 372
319static void __exit fini(void) 373static void __exit fini(void)
320{ 374{
321 crypto_unregister_alg(&alg); 375 crypto_unregister_alg(&sha224);
376 crypto_unregister_alg(&sha256);
322} 377}
323 378
324module_init(init); 379module_init(init);
325module_exit(fini); 380module_exit(fini);
326 381
327MODULE_LICENSE("GPL"); 382MODULE_LICENSE("GPL");
328MODULE_DESCRIPTION("SHA256 Secure Hash Algorithm"); 383MODULE_DESCRIPTION("SHA-224 and SHA-256 Secure Hash Algorithm");
329 384
385MODULE_ALIAS("sha224");
330MODULE_ALIAS("sha256"); 386MODULE_ALIAS("sha256");
diff --git a/crypto/tcrypt.c b/crypto/tcrypt.c
index 24141fb6f5cb..1ab8c017a011 100644
--- a/crypto/tcrypt.c
+++ b/crypto/tcrypt.c
@@ -6,12 +6,16 @@
6 * 6 *
7 * Copyright (c) 2002 James Morris <jmorris@intercode.com.au> 7 * Copyright (c) 2002 James Morris <jmorris@intercode.com.au>
8 * Copyright (c) 2002 Jean-Francois Dive <jef@linuxbe.org> 8 * Copyright (c) 2002 Jean-Francois Dive <jef@linuxbe.org>
9 * Copyright (c) 2007 Nokia Siemens Networks
9 * 10 *
10 * This program is free software; you can redistribute it and/or modify it 11 * This program is free software; you can redistribute it and/or modify it
11 * under the terms of the GNU General Public License as published by the Free 12 * under the terms of the GNU General Public License as published by the Free
12 * Software Foundation; either version 2 of the License, or (at your option) 13 * Software Foundation; either version 2 of the License, or (at your option)
13 * any later version. 14 * any later version.
14 * 15 *
16 * 2007-11-13 Added GCM tests
17 * 2007-11-13 Added AEAD support
18 * 2007-11-06 Added SHA-224 and SHA-224-HMAC tests
15 * 2006-12-07 Added SHA384 HMAC and SHA512 HMAC tests 19 * 2006-12-07 Added SHA384 HMAC and SHA512 HMAC tests
16 * 2004-08-09 Added cipher speed tests (Reyk Floeter <reyk@vantronix.net>) 20 * 2004-08-09 Added cipher speed tests (Reyk Floeter <reyk@vantronix.net>)
17 * 2003-09-14 Rewritten by Kartikey Mahendra Bhatt 21 * 2003-09-14 Rewritten by Kartikey Mahendra Bhatt
@@ -71,22 +75,23 @@ static unsigned int sec;
71 75
72static int mode; 76static int mode;
73static char *xbuf; 77static char *xbuf;
78static char *axbuf;
74static char *tvmem; 79static char *tvmem;
75 80
76static char *check[] = { 81static char *check[] = {
77 "des", "md5", "des3_ede", "rot13", "sha1", "sha256", "blowfish", 82 "des", "md5", "des3_ede", "rot13", "sha1", "sha224", "sha256",
78 "twofish", "serpent", "sha384", "sha512", "md4", "aes", "cast6", 83 "blowfish", "twofish", "serpent", "sha384", "sha512", "md4", "aes",
84 "cast6", "arc4", "michael_mic", "deflate", "crc32c", "tea", "xtea",
79 "arc4", "michael_mic", "deflate", "crc32c", "tea", "xtea", 85 "arc4", "michael_mic", "deflate", "crc32c", "tea", "xtea",
80 "khazad", "wp512", "wp384", "wp256", "tnepres", "xeta", "fcrypt", 86 "khazad", "wp512", "wp384", "wp256", "tnepres", "xeta", "fcrypt",
81 "camellia", "seed", NULL 87 "camellia", "seed", "salsa20", "lzo", NULL
82}; 88};
83 89
84static void hexdump(unsigned char *buf, unsigned int len) 90static void hexdump(unsigned char *buf, unsigned int len)
85{ 91{
86 while (len--) 92 print_hex_dump(KERN_CONT, "", DUMP_PREFIX_OFFSET,
87 printk("%02x", *buf++); 93 16, 1,
88 94 buf, len, false);
89 printk("\n");
90} 95}
91 96
92static void tcrypt_complete(struct crypto_async_request *req, int err) 97static void tcrypt_complete(struct crypto_async_request *req, int err)
@@ -215,6 +220,238 @@ out:
215 crypto_free_hash(tfm); 220 crypto_free_hash(tfm);
216} 221}
217 222
223static void test_aead(char *algo, int enc, struct aead_testvec *template,
224 unsigned int tcount)
225{
226 unsigned int ret, i, j, k, temp;
227 unsigned int tsize;
228 char *q;
229 struct crypto_aead *tfm;
230 char *key;
231 struct aead_testvec *aead_tv;
232 struct aead_request *req;
233 struct scatterlist sg[8];
234 struct scatterlist asg[8];
235 const char *e;
236 struct tcrypt_result result;
237 unsigned int authsize;
238
239 if (enc == ENCRYPT)
240 e = "encryption";
241 else
242 e = "decryption";
243
244 printk(KERN_INFO "\ntesting %s %s\n", algo, e);
245
246 tsize = sizeof(struct aead_testvec);
247 tsize *= tcount;
248
249 if (tsize > TVMEMSIZE) {
250 printk(KERN_INFO "template (%u) too big for tvmem (%u)\n",
251 tsize, TVMEMSIZE);
252 return;
253 }
254
255 memcpy(tvmem, template, tsize);
256 aead_tv = (void *)tvmem;
257
258 init_completion(&result.completion);
259
260 tfm = crypto_alloc_aead(algo, 0, 0);
261
262 if (IS_ERR(tfm)) {
263 printk(KERN_INFO "failed to load transform for %s: %ld\n",
264 algo, PTR_ERR(tfm));
265 return;
266 }
267
268 req = aead_request_alloc(tfm, GFP_KERNEL);
269 if (!req) {
270 printk(KERN_INFO "failed to allocate request for %s\n", algo);
271 goto out;
272 }
273
274 aead_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG,
275 tcrypt_complete, &result);
276
277 for (i = 0, j = 0; i < tcount; i++) {
278 if (!aead_tv[i].np) {
279 printk(KERN_INFO "test %u (%d bit key):\n",
280 ++j, aead_tv[i].klen * 8);
281
282 crypto_aead_clear_flags(tfm, ~0);
283 if (aead_tv[i].wk)
284 crypto_aead_set_flags(
285 tfm, CRYPTO_TFM_REQ_WEAK_KEY);
286 key = aead_tv[i].key;
287
288 ret = crypto_aead_setkey(tfm, key,
289 aead_tv[i].klen);
290 if (ret) {
291 printk(KERN_INFO "setkey() failed flags=%x\n",
292 crypto_aead_get_flags(tfm));
293
294 if (!aead_tv[i].fail)
295 goto out;
296 }
297
298 authsize = abs(aead_tv[i].rlen - aead_tv[i].ilen);
299 ret = crypto_aead_setauthsize(tfm, authsize);
300 if (ret) {
301 printk(KERN_INFO
302 "failed to set authsize = %u\n",
303 authsize);
304 goto out;
305 }
306
307 sg_init_one(&sg[0], aead_tv[i].input,
308 aead_tv[i].ilen + (enc ? authsize : 0));
309
310 sg_init_one(&asg[0], aead_tv[i].assoc,
311 aead_tv[i].alen);
312
313 aead_request_set_crypt(req, sg, sg,
314 aead_tv[i].ilen,
315 aead_tv[i].iv);
316
317 aead_request_set_assoc(req, asg, aead_tv[i].alen);
318
319 ret = enc ?
320 crypto_aead_encrypt(req) :
321 crypto_aead_decrypt(req);
322
323 switch (ret) {
324 case 0:
325 break;
326 case -EINPROGRESS:
327 case -EBUSY:
328 ret = wait_for_completion_interruptible(
329 &result.completion);
330 if (!ret && !(ret = result.err)) {
331 INIT_COMPLETION(result.completion);
332 break;
333 }
334 /* fall through */
335 default:
336 printk(KERN_INFO "%s () failed err=%d\n",
337 e, -ret);
338 goto out;
339 }
340
341 q = kmap(sg_page(&sg[0])) + sg[0].offset;
342 hexdump(q, aead_tv[i].rlen);
343
344 printk(KERN_INFO "enc/dec: %s\n",
345 memcmp(q, aead_tv[i].result,
346 aead_tv[i].rlen) ? "fail" : "pass");
347 }
348 }
349
350 printk(KERN_INFO "\ntesting %s %s across pages (chunking)\n", algo, e);
351 memset(xbuf, 0, XBUFSIZE);
352 memset(axbuf, 0, XBUFSIZE);
353
354 for (i = 0, j = 0; i < tcount; i++) {
355 if (aead_tv[i].np) {
356 printk(KERN_INFO "test %u (%d bit key):\n",
357 ++j, aead_tv[i].klen * 8);
358
359 crypto_aead_clear_flags(tfm, ~0);
360 if (aead_tv[i].wk)
361 crypto_aead_set_flags(
362 tfm, CRYPTO_TFM_REQ_WEAK_KEY);
363 key = aead_tv[i].key;
364
365 ret = crypto_aead_setkey(tfm, key, aead_tv[i].klen);
366 if (ret) {
367 printk(KERN_INFO "setkey() failed flags=%x\n",
368 crypto_aead_get_flags(tfm));
369
370 if (!aead_tv[i].fail)
371 goto out;
372 }
373
374 sg_init_table(sg, aead_tv[i].np);
375 for (k = 0, temp = 0; k < aead_tv[i].np; k++) {
376 memcpy(&xbuf[IDX[k]],
377 aead_tv[i].input + temp,
378 aead_tv[i].tap[k]);
379 temp += aead_tv[i].tap[k];
380 sg_set_buf(&sg[k], &xbuf[IDX[k]],
381 aead_tv[i].tap[k]);
382 }
383
384 authsize = abs(aead_tv[i].rlen - aead_tv[i].ilen);
385 ret = crypto_aead_setauthsize(tfm, authsize);
386 if (ret) {
387 printk(KERN_INFO
388 "failed to set authsize = %u\n",
389 authsize);
390 goto out;
391 }
392
393 if (enc)
394 sg[k - 1].length += authsize;
395
396 sg_init_table(asg, aead_tv[i].anp);
397 for (k = 0, temp = 0; k < aead_tv[i].anp; k++) {
398 memcpy(&axbuf[IDX[k]],
399 aead_tv[i].assoc + temp,
400 aead_tv[i].atap[k]);
401 temp += aead_tv[i].atap[k];
402 sg_set_buf(&asg[k], &axbuf[IDX[k]],
403 aead_tv[i].atap[k]);
404 }
405
406 aead_request_set_crypt(req, sg, sg,
407 aead_tv[i].ilen,
408 aead_tv[i].iv);
409
410 aead_request_set_assoc(req, asg, aead_tv[i].alen);
411
412 ret = enc ?
413 crypto_aead_encrypt(req) :
414 crypto_aead_decrypt(req);
415
416 switch (ret) {
417 case 0:
418 break;
419 case -EINPROGRESS:
420 case -EBUSY:
421 ret = wait_for_completion_interruptible(
422 &result.completion);
423 if (!ret && !(ret = result.err)) {
424 INIT_COMPLETION(result.completion);
425 break;
426 }
427 /* fall through */
428 default:
429 printk(KERN_INFO "%s () failed err=%d\n",
430 e, -ret);
431 goto out;
432 }
433
434 for (k = 0, temp = 0; k < aead_tv[i].np; k++) {
435 printk(KERN_INFO "page %u\n", k);
436 q = kmap(sg_page(&sg[k])) + sg[k].offset;
437 hexdump(q, aead_tv[i].tap[k]);
438 printk(KERN_INFO "%s\n",
439 memcmp(q, aead_tv[i].result + temp,
440 aead_tv[i].tap[k] -
441 (k < aead_tv[i].np - 1 || enc ?
442 0 : authsize)) ?
443 "fail" : "pass");
444
445 temp += aead_tv[i].tap[k];
446 }
447 }
448 }
449
450out:
451 crypto_free_aead(tfm);
452 aead_request_free(req);
453}
454
218static void test_cipher(char *algo, int enc, 455static void test_cipher(char *algo, int enc,
219 struct cipher_testvec *template, unsigned int tcount) 456 struct cipher_testvec *template, unsigned int tcount)
220{ 457{
@@ -237,15 +474,11 @@ static void test_cipher(char *algo, int enc,
237 printk("\ntesting %s %s\n", algo, e); 474 printk("\ntesting %s %s\n", algo, e);
238 475
239 tsize = sizeof (struct cipher_testvec); 476 tsize = sizeof (struct cipher_testvec);
240 tsize *= tcount;
241
242 if (tsize > TVMEMSIZE) { 477 if (tsize > TVMEMSIZE) {
243 printk("template (%u) too big for tvmem (%u)\n", tsize, 478 printk("template (%u) too big for tvmem (%u)\n", tsize,
244 TVMEMSIZE); 479 TVMEMSIZE);
245 return; 480 return;
246 } 481 }
247
248 memcpy(tvmem, template, tsize);
249 cipher_tv = (void *)tvmem; 482 cipher_tv = (void *)tvmem;
250 483
251 init_completion(&result.completion); 484 init_completion(&result.completion);
@@ -269,33 +502,34 @@ static void test_cipher(char *algo, int enc,
269 502
270 j = 0; 503 j = 0;
271 for (i = 0; i < tcount; i++) { 504 for (i = 0; i < tcount; i++) {
272 if (!(cipher_tv[i].np)) { 505 memcpy(cipher_tv, &template[i], tsize);
506 if (!(cipher_tv->np)) {
273 j++; 507 j++;
274 printk("test %u (%d bit key):\n", 508 printk("test %u (%d bit key):\n",
275 j, cipher_tv[i].klen * 8); 509 j, cipher_tv->klen * 8);
276 510
277 crypto_ablkcipher_clear_flags(tfm, ~0); 511 crypto_ablkcipher_clear_flags(tfm, ~0);
278 if (cipher_tv[i].wk) 512 if (cipher_tv->wk)
279 crypto_ablkcipher_set_flags( 513 crypto_ablkcipher_set_flags(
280 tfm, CRYPTO_TFM_REQ_WEAK_KEY); 514 tfm, CRYPTO_TFM_REQ_WEAK_KEY);
281 key = cipher_tv[i].key; 515 key = cipher_tv->key;
282 516
283 ret = crypto_ablkcipher_setkey(tfm, key, 517 ret = crypto_ablkcipher_setkey(tfm, key,
284 cipher_tv[i].klen); 518 cipher_tv->klen);
285 if (ret) { 519 if (ret) {
286 printk("setkey() failed flags=%x\n", 520 printk("setkey() failed flags=%x\n",
287 crypto_ablkcipher_get_flags(tfm)); 521 crypto_ablkcipher_get_flags(tfm));
288 522
289 if (!cipher_tv[i].fail) 523 if (!cipher_tv->fail)
290 goto out; 524 goto out;
291 } 525 }
292 526
293 sg_init_one(&sg[0], cipher_tv[i].input, 527 sg_init_one(&sg[0], cipher_tv->input,
294 cipher_tv[i].ilen); 528 cipher_tv->ilen);
295 529
296 ablkcipher_request_set_crypt(req, sg, sg, 530 ablkcipher_request_set_crypt(req, sg, sg,
297 cipher_tv[i].ilen, 531 cipher_tv->ilen,
298 cipher_tv[i].iv); 532 cipher_tv->iv);
299 533
300 ret = enc ? 534 ret = enc ?
301 crypto_ablkcipher_encrypt(req) : 535 crypto_ablkcipher_encrypt(req) :
@@ -319,11 +553,11 @@ static void test_cipher(char *algo, int enc,
319 } 553 }
320 554
321 q = kmap(sg_page(&sg[0])) + sg[0].offset; 555 q = kmap(sg_page(&sg[0])) + sg[0].offset;
322 hexdump(q, cipher_tv[i].rlen); 556 hexdump(q, cipher_tv->rlen);
323 557
324 printk("%s\n", 558 printk("%s\n",
325 memcmp(q, cipher_tv[i].result, 559 memcmp(q, cipher_tv->result,
326 cipher_tv[i].rlen) ? "fail" : "pass"); 560 cipher_tv->rlen) ? "fail" : "pass");
327 } 561 }
328 } 562 }
329 563
@@ -332,41 +566,42 @@ static void test_cipher(char *algo, int enc,
332 566
333 j = 0; 567 j = 0;
334 for (i = 0; i < tcount; i++) { 568 for (i = 0; i < tcount; i++) {
335 if (cipher_tv[i].np) { 569 memcpy(cipher_tv, &template[i], tsize);
570 if (cipher_tv->np) {
336 j++; 571 j++;
337 printk("test %u (%d bit key):\n", 572 printk("test %u (%d bit key):\n",
338 j, cipher_tv[i].klen * 8); 573 j, cipher_tv->klen * 8);
339 574
340 crypto_ablkcipher_clear_flags(tfm, ~0); 575 crypto_ablkcipher_clear_flags(tfm, ~0);
341 if (cipher_tv[i].wk) 576 if (cipher_tv->wk)
342 crypto_ablkcipher_set_flags( 577 crypto_ablkcipher_set_flags(
343 tfm, CRYPTO_TFM_REQ_WEAK_KEY); 578 tfm, CRYPTO_TFM_REQ_WEAK_KEY);
344 key = cipher_tv[i].key; 579 key = cipher_tv->key;
345 580
346 ret = crypto_ablkcipher_setkey(tfm, key, 581 ret = crypto_ablkcipher_setkey(tfm, key,
347 cipher_tv[i].klen); 582 cipher_tv->klen);
348 if (ret) { 583 if (ret) {
349 printk("setkey() failed flags=%x\n", 584 printk("setkey() failed flags=%x\n",
350 crypto_ablkcipher_get_flags(tfm)); 585 crypto_ablkcipher_get_flags(tfm));
351 586
352 if (!cipher_tv[i].fail) 587 if (!cipher_tv->fail)
353 goto out; 588 goto out;
354 } 589 }
355 590
356 temp = 0; 591 temp = 0;
357 sg_init_table(sg, cipher_tv[i].np); 592 sg_init_table(sg, cipher_tv->np);
358 for (k = 0; k < cipher_tv[i].np; k++) { 593 for (k = 0; k < cipher_tv->np; k++) {
359 memcpy(&xbuf[IDX[k]], 594 memcpy(&xbuf[IDX[k]],
360 cipher_tv[i].input + temp, 595 cipher_tv->input + temp,
361 cipher_tv[i].tap[k]); 596 cipher_tv->tap[k]);
362 temp += cipher_tv[i].tap[k]; 597 temp += cipher_tv->tap[k];
363 sg_set_buf(&sg[k], &xbuf[IDX[k]], 598 sg_set_buf(&sg[k], &xbuf[IDX[k]],
364 cipher_tv[i].tap[k]); 599 cipher_tv->tap[k]);
365 } 600 }
366 601
367 ablkcipher_request_set_crypt(req, sg, sg, 602 ablkcipher_request_set_crypt(req, sg, sg,
368 cipher_tv[i].ilen, 603 cipher_tv->ilen,
369 cipher_tv[i].iv); 604 cipher_tv->iv);
370 605
371 ret = enc ? 606 ret = enc ?
372 crypto_ablkcipher_encrypt(req) : 607 crypto_ablkcipher_encrypt(req) :
@@ -390,15 +625,15 @@ static void test_cipher(char *algo, int enc,
390 } 625 }
391 626
392 temp = 0; 627 temp = 0;
393 for (k = 0; k < cipher_tv[i].np; k++) { 628 for (k = 0; k < cipher_tv->np; k++) {
394 printk("page %u\n", k); 629 printk("page %u\n", k);
395 q = kmap(sg_page(&sg[k])) + sg[k].offset; 630 q = kmap(sg_page(&sg[k])) + sg[k].offset;
396 hexdump(q, cipher_tv[i].tap[k]); 631 hexdump(q, cipher_tv->tap[k]);
397 printk("%s\n", 632 printk("%s\n",
398 memcmp(q, cipher_tv[i].result + temp, 633 memcmp(q, cipher_tv->result + temp,
399 cipher_tv[i].tap[k]) ? "fail" : 634 cipher_tv->tap[k]) ? "fail" :
400 "pass"); 635 "pass");
401 temp += cipher_tv[i].tap[k]; 636 temp += cipher_tv->tap[k];
402 } 637 }
403 } 638 }
404 } 639 }
@@ -800,7 +1035,8 @@ out:
800 crypto_free_hash(tfm); 1035 crypto_free_hash(tfm);
801} 1036}
802 1037
803static void test_deflate(void) 1038static void test_comp(char *algo, struct comp_testvec *ctemplate,
1039 struct comp_testvec *dtemplate, int ctcount, int dtcount)
804{ 1040{
805 unsigned int i; 1041 unsigned int i;
806 char result[COMP_BUF_SIZE]; 1042 char result[COMP_BUF_SIZE];
@@ -808,25 +1044,26 @@ static void test_deflate(void)
808 struct comp_testvec *tv; 1044 struct comp_testvec *tv;
809 unsigned int tsize; 1045 unsigned int tsize;
810 1046
811 printk("\ntesting deflate compression\n"); 1047 printk("\ntesting %s compression\n", algo);
812 1048
813 tsize = sizeof (deflate_comp_tv_template); 1049 tsize = sizeof(struct comp_testvec);
1050 tsize *= ctcount;
814 if (tsize > TVMEMSIZE) { 1051 if (tsize > TVMEMSIZE) {
815 printk("template (%u) too big for tvmem (%u)\n", tsize, 1052 printk("template (%u) too big for tvmem (%u)\n", tsize,
816 TVMEMSIZE); 1053 TVMEMSIZE);
817 return; 1054 return;
818 } 1055 }
819 1056
820 memcpy(tvmem, deflate_comp_tv_template, tsize); 1057 memcpy(tvmem, ctemplate, tsize);
821 tv = (void *)tvmem; 1058 tv = (void *)tvmem;
822 1059
823 tfm = crypto_alloc_comp("deflate", 0, CRYPTO_ALG_ASYNC); 1060 tfm = crypto_alloc_comp(algo, 0, CRYPTO_ALG_ASYNC);
824 if (IS_ERR(tfm)) { 1061 if (IS_ERR(tfm)) {
825 printk("failed to load transform for deflate\n"); 1062 printk("failed to load transform for %s\n", algo);
826 return; 1063 return;
827 } 1064 }
828 1065
829 for (i = 0; i < DEFLATE_COMP_TEST_VECTORS; i++) { 1066 for (i = 0; i < ctcount; i++) {
830 int ilen, ret, dlen = COMP_BUF_SIZE; 1067 int ilen, ret, dlen = COMP_BUF_SIZE;
831 1068
832 printk("test %u:\n", i + 1); 1069 printk("test %u:\n", i + 1);
@@ -845,19 +1082,20 @@ static void test_deflate(void)
845 ilen, dlen); 1082 ilen, dlen);
846 } 1083 }
847 1084
848 printk("\ntesting deflate decompression\n"); 1085 printk("\ntesting %s decompression\n", algo);
849 1086
850 tsize = sizeof (deflate_decomp_tv_template); 1087 tsize = sizeof(struct comp_testvec);
1088 tsize *= dtcount;
851 if (tsize > TVMEMSIZE) { 1089 if (tsize > TVMEMSIZE) {
852 printk("template (%u) too big for tvmem (%u)\n", tsize, 1090 printk("template (%u) too big for tvmem (%u)\n", tsize,
853 TVMEMSIZE); 1091 TVMEMSIZE);
854 goto out; 1092 goto out;
855 } 1093 }
856 1094
857 memcpy(tvmem, deflate_decomp_tv_template, tsize); 1095 memcpy(tvmem, dtemplate, tsize);
858 tv = (void *)tvmem; 1096 tv = (void *)tvmem;
859 1097
860 for (i = 0; i < DEFLATE_DECOMP_TEST_VECTORS; i++) { 1098 for (i = 0; i < dtcount; i++) {
861 int ilen, ret, dlen = COMP_BUF_SIZE; 1099 int ilen, ret, dlen = COMP_BUF_SIZE;
862 1100
863 printk("test %u:\n", i + 1); 1101 printk("test %u:\n", i + 1);
@@ -918,6 +1156,8 @@ static void do_test(void)
918 1156
919 test_hash("md4", md4_tv_template, MD4_TEST_VECTORS); 1157 test_hash("md4", md4_tv_template, MD4_TEST_VECTORS);
920 1158
1159 test_hash("sha224", sha224_tv_template, SHA224_TEST_VECTORS);
1160
921 test_hash("sha256", sha256_tv_template, SHA256_TEST_VECTORS); 1161 test_hash("sha256", sha256_tv_template, SHA256_TEST_VECTORS);
922 1162
923 //BLOWFISH 1163 //BLOWFISH
@@ -969,6 +1209,18 @@ static void do_test(void)
969 AES_XTS_ENC_TEST_VECTORS); 1209 AES_XTS_ENC_TEST_VECTORS);
970 test_cipher("xts(aes)", DECRYPT, aes_xts_dec_tv_template, 1210 test_cipher("xts(aes)", DECRYPT, aes_xts_dec_tv_template,
971 AES_XTS_DEC_TEST_VECTORS); 1211 AES_XTS_DEC_TEST_VECTORS);
1212 test_cipher("rfc3686(ctr(aes))", ENCRYPT, aes_ctr_enc_tv_template,
1213 AES_CTR_ENC_TEST_VECTORS);
1214 test_cipher("rfc3686(ctr(aes))", DECRYPT, aes_ctr_dec_tv_template,
1215 AES_CTR_DEC_TEST_VECTORS);
1216 test_aead("gcm(aes)", ENCRYPT, aes_gcm_enc_tv_template,
1217 AES_GCM_ENC_TEST_VECTORS);
1218 test_aead("gcm(aes)", DECRYPT, aes_gcm_dec_tv_template,
1219 AES_GCM_DEC_TEST_VECTORS);
1220 test_aead("ccm(aes)", ENCRYPT, aes_ccm_enc_tv_template,
1221 AES_CCM_ENC_TEST_VECTORS);
1222 test_aead("ccm(aes)", DECRYPT, aes_ccm_dec_tv_template,
1223 AES_CCM_DEC_TEST_VECTORS);
972 1224
973 //CAST5 1225 //CAST5
974 test_cipher("ecb(cast5)", ENCRYPT, cast5_enc_tv_template, 1226 test_cipher("ecb(cast5)", ENCRYPT, cast5_enc_tv_template,
@@ -1057,12 +1309,18 @@ static void do_test(void)
1057 test_hash("tgr192", tgr192_tv_template, TGR192_TEST_VECTORS); 1309 test_hash("tgr192", tgr192_tv_template, TGR192_TEST_VECTORS);
1058 test_hash("tgr160", tgr160_tv_template, TGR160_TEST_VECTORS); 1310 test_hash("tgr160", tgr160_tv_template, TGR160_TEST_VECTORS);
1059 test_hash("tgr128", tgr128_tv_template, TGR128_TEST_VECTORS); 1311 test_hash("tgr128", tgr128_tv_template, TGR128_TEST_VECTORS);
1060 test_deflate(); 1312 test_comp("deflate", deflate_comp_tv_template,
1313 deflate_decomp_tv_template, DEFLATE_COMP_TEST_VECTORS,
1314 DEFLATE_DECOMP_TEST_VECTORS);
1315 test_comp("lzo", lzo_comp_tv_template, lzo_decomp_tv_template,
1316 LZO_COMP_TEST_VECTORS, LZO_DECOMP_TEST_VECTORS);
1061 test_hash("crc32c", crc32c_tv_template, CRC32C_TEST_VECTORS); 1317 test_hash("crc32c", crc32c_tv_template, CRC32C_TEST_VECTORS);
1062 test_hash("hmac(md5)", hmac_md5_tv_template, 1318 test_hash("hmac(md5)", hmac_md5_tv_template,
1063 HMAC_MD5_TEST_VECTORS); 1319 HMAC_MD5_TEST_VECTORS);
1064 test_hash("hmac(sha1)", hmac_sha1_tv_template, 1320 test_hash("hmac(sha1)", hmac_sha1_tv_template,
1065 HMAC_SHA1_TEST_VECTORS); 1321 HMAC_SHA1_TEST_VECTORS);
1322 test_hash("hmac(sha224)", hmac_sha224_tv_template,
1323 HMAC_SHA224_TEST_VECTORS);
1066 test_hash("hmac(sha256)", hmac_sha256_tv_template, 1324 test_hash("hmac(sha256)", hmac_sha256_tv_template,
1067 HMAC_SHA256_TEST_VECTORS); 1325 HMAC_SHA256_TEST_VECTORS);
1068 test_hash("hmac(sha384)", hmac_sha384_tv_template, 1326 test_hash("hmac(sha384)", hmac_sha384_tv_template,
@@ -1156,6 +1414,10 @@ static void do_test(void)
1156 AES_XTS_ENC_TEST_VECTORS); 1414 AES_XTS_ENC_TEST_VECTORS);
1157 test_cipher("xts(aes)", DECRYPT, aes_xts_dec_tv_template, 1415 test_cipher("xts(aes)", DECRYPT, aes_xts_dec_tv_template,
1158 AES_XTS_DEC_TEST_VECTORS); 1416 AES_XTS_DEC_TEST_VECTORS);
1417 test_cipher("rfc3686(ctr(aes))", ENCRYPT, aes_ctr_enc_tv_template,
1418 AES_CTR_ENC_TEST_VECTORS);
1419 test_cipher("rfc3686(ctr(aes))", DECRYPT, aes_ctr_dec_tv_template,
1420 AES_CTR_DEC_TEST_VECTORS);
1159 break; 1421 break;
1160 1422
1161 case 11: 1423 case 11:
@@ -1167,7 +1429,9 @@ static void do_test(void)
1167 break; 1429 break;
1168 1430
1169 case 13: 1431 case 13:
1170 test_deflate(); 1432 test_comp("deflate", deflate_comp_tv_template,
1433 deflate_decomp_tv_template, DEFLATE_COMP_TEST_VECTORS,
1434 DEFLATE_DECOMP_TEST_VECTORS);
1171 break; 1435 break;
1172 1436
1173 case 14: 1437 case 14:
@@ -1291,6 +1555,34 @@ static void do_test(void)
1291 camellia_cbc_dec_tv_template, 1555 camellia_cbc_dec_tv_template,
1292 CAMELLIA_CBC_DEC_TEST_VECTORS); 1556 CAMELLIA_CBC_DEC_TEST_VECTORS);
1293 break; 1557 break;
1558 case 33:
1559 test_hash("sha224", sha224_tv_template, SHA224_TEST_VECTORS);
1560 break;
1561
1562 case 34:
1563 test_cipher("salsa20", ENCRYPT,
1564 salsa20_stream_enc_tv_template,
1565 SALSA20_STREAM_ENC_TEST_VECTORS);
1566 break;
1567
1568 case 35:
1569 test_aead("gcm(aes)", ENCRYPT, aes_gcm_enc_tv_template,
1570 AES_GCM_ENC_TEST_VECTORS);
1571 test_aead("gcm(aes)", DECRYPT, aes_gcm_dec_tv_template,
1572 AES_GCM_DEC_TEST_VECTORS);
1573 break;
1574
1575 case 36:
1576 test_comp("lzo", lzo_comp_tv_template, lzo_decomp_tv_template,
1577 LZO_COMP_TEST_VECTORS, LZO_DECOMP_TEST_VECTORS);
1578 break;
1579
1580 case 37:
1581 test_aead("ccm(aes)", ENCRYPT, aes_ccm_enc_tv_template,
1582 AES_CCM_ENC_TEST_VECTORS);
1583 test_aead("ccm(aes)", DECRYPT, aes_ccm_dec_tv_template,
1584 AES_CCM_DEC_TEST_VECTORS);
1585 break;
1294 1586
1295 case 100: 1587 case 100:
1296 test_hash("hmac(md5)", hmac_md5_tv_template, 1588 test_hash("hmac(md5)", hmac_md5_tv_template,
@@ -1317,6 +1609,15 @@ static void do_test(void)
1317 HMAC_SHA512_TEST_VECTORS); 1609 HMAC_SHA512_TEST_VECTORS);
1318 break; 1610 break;
1319 1611
1612 case 105:
1613 test_hash("hmac(sha224)", hmac_sha224_tv_template,
1614 HMAC_SHA224_TEST_VECTORS);
1615 break;
1616
1617 case 106:
1618 test_hash("xcbc(aes)", aes_xcbc128_tv_template,
1619 XCBC_AES_TEST_VECTORS);
1620 break;
1320 1621
1321 case 200: 1622 case 200:
1322 test_cipher_speed("ecb(aes)", ENCRYPT, sec, NULL, 0, 1623 test_cipher_speed("ecb(aes)", ENCRYPT, sec, NULL, 0,
@@ -1400,6 +1701,11 @@ static void do_test(void)
1400 camellia_speed_template); 1701 camellia_speed_template);
1401 break; 1702 break;
1402 1703
1704 case 206:
1705 test_cipher_speed("salsa20", ENCRYPT, sec, NULL, 0,
1706 salsa20_speed_template);
1707 break;
1708
1403 case 300: 1709 case 300:
1404 /* fall through */ 1710 /* fall through */
1405 1711
@@ -1451,6 +1757,10 @@ static void do_test(void)
1451 test_hash_speed("tgr192", sec, generic_hash_speed_template); 1757 test_hash_speed("tgr192", sec, generic_hash_speed_template);
1452 if (mode > 300 && mode < 400) break; 1758 if (mode > 300 && mode < 400) break;
1453 1759
1760 case 313:
1761 test_hash_speed("sha224", sec, generic_hash_speed_template);
1762 if (mode > 300 && mode < 400) break;
1763
1454 case 399: 1764 case 399:
1455 break; 1765 break;
1456 1766
@@ -1467,20 +1777,21 @@ static void do_test(void)
1467 1777
1468static int __init init(void) 1778static int __init init(void)
1469{ 1779{
1780 int err = -ENOMEM;
1781
1470 tvmem = kmalloc(TVMEMSIZE, GFP_KERNEL); 1782 tvmem = kmalloc(TVMEMSIZE, GFP_KERNEL);
1471 if (tvmem == NULL) 1783 if (tvmem == NULL)
1472 return -ENOMEM; 1784 return err;
1473 1785
1474 xbuf = kmalloc(XBUFSIZE, GFP_KERNEL); 1786 xbuf = kmalloc(XBUFSIZE, GFP_KERNEL);
1475 if (xbuf == NULL) { 1787 if (xbuf == NULL)
1476 kfree(tvmem); 1788 goto err_free_tv;
1477 return -ENOMEM;
1478 }
1479 1789
1480 do_test(); 1790 axbuf = kmalloc(XBUFSIZE, GFP_KERNEL);
1791 if (axbuf == NULL)
1792 goto err_free_xbuf;
1481 1793
1482 kfree(xbuf); 1794 do_test();
1483 kfree(tvmem);
1484 1795
1485 /* We intentionaly return -EAGAIN to prevent keeping 1796 /* We intentionaly return -EAGAIN to prevent keeping
1486 * the module. It does all its work from init() 1797 * the module. It does all its work from init()
@@ -1488,7 +1799,15 @@ static int __init init(void)
1488 * => we don't need it in the memory, do we? 1799 * => we don't need it in the memory, do we?
1489 * -- mludvig 1800 * -- mludvig
1490 */ 1801 */
1491 return -EAGAIN; 1802 err = -EAGAIN;
1803
1804 kfree(axbuf);
1805 err_free_xbuf:
1806 kfree(xbuf);
1807 err_free_tv:
1808 kfree(tvmem);
1809
1810 return err;
1492} 1811}
1493 1812
1494/* 1813/*
diff --git a/crypto/tcrypt.h b/crypto/tcrypt.h
index ec861388d9a0..f785e5618e11 100644
--- a/crypto/tcrypt.h
+++ b/crypto/tcrypt.h
@@ -6,12 +6,15 @@
6 * 6 *
7 * Copyright (c) 2002 James Morris <jmorris@intercode.com.au> 7 * Copyright (c) 2002 James Morris <jmorris@intercode.com.au>
8 * Copyright (c) 2002 Jean-Francois Dive <jef@linuxbe.org> 8 * Copyright (c) 2002 Jean-Francois Dive <jef@linuxbe.org>
9 * Copyright (c) 2007 Nokia Siemens Networks
9 * 10 *
10 * This program is free software; you can redistribute it and/or modify it 11 * This program is free software; you can redistribute it and/or modify it
11 * under the terms of the GNU General Public License as published by the Free 12 * under the terms of the GNU General Public License as published by the Free
12 * Software Foundation; either version 2 of the License, or (at your option) 13 * Software Foundation; either version 2 of the License, or (at your option)
13 * any later version. 14 * any later version.
14 * 15 *
16 * 2007-11-13 Added GCM tests
17 * 2007-11-13 Added AEAD support
15 * 2006-12-07 Added SHA384 HMAC and SHA512 HMAC tests 18 * 2006-12-07 Added SHA384 HMAC and SHA512 HMAC tests
16 * 2004-08-09 Cipher speed tests by Reyk Floeter <reyk@vantronix.net> 19 * 2004-08-09 Cipher speed tests by Reyk Floeter <reyk@vantronix.net>
17 * 2003-09-14 Changes by Kartikey Mahendra Bhatt 20 * 2003-09-14 Changes by Kartikey Mahendra Bhatt
@@ -40,14 +43,32 @@ struct hash_testvec {
40struct cipher_testvec { 43struct cipher_testvec {
41 char key[MAX_KEYLEN] __attribute__ ((__aligned__(4))); 44 char key[MAX_KEYLEN] __attribute__ ((__aligned__(4)));
42 char iv[MAX_IVLEN]; 45 char iv[MAX_IVLEN];
46 char input[4100];
47 char result[4100];
48 unsigned char tap[MAX_TAP];
49 int np;
50 unsigned char fail;
51 unsigned char wk; /* weak key flag */
52 unsigned char klen;
53 unsigned short ilen;
54 unsigned short rlen;
55};
56
57struct aead_testvec {
58 char key[MAX_KEYLEN] __attribute__ ((__aligned__(4)));
59 char iv[MAX_IVLEN];
43 char input[512]; 60 char input[512];
61 char assoc[512];
44 char result[512]; 62 char result[512];
45 unsigned char tap[MAX_TAP]; 63 unsigned char tap[MAX_TAP];
64 unsigned char atap[MAX_TAP];
46 int np; 65 int np;
66 int anp;
47 unsigned char fail; 67 unsigned char fail;
48 unsigned char wk; /* weak key flag */ 68 unsigned char wk; /* weak key flag */
49 unsigned char klen; 69 unsigned char klen;
50 unsigned short ilen; 70 unsigned short ilen;
71 unsigned short alen;
51 unsigned short rlen; 72 unsigned short rlen;
52}; 73};
53 74
@@ -173,6 +194,33 @@ static struct hash_testvec sha1_tv_template[] = {
173 } 194 }
174}; 195};
175 196
197
198/*
199 * SHA224 test vectors from from FIPS PUB 180-2
200 */
201#define SHA224_TEST_VECTORS 2
202
203static struct hash_testvec sha224_tv_template[] = {
204 {
205 .plaintext = "abc",
206 .psize = 3,
207 .digest = { 0x23, 0x09, 0x7D, 0x22, 0x34, 0x05, 0xD8, 0x22,
208 0x86, 0x42, 0xA4, 0x77, 0xBD, 0xA2, 0x55, 0xB3,
209 0x2A, 0xAD, 0xBC, 0xE4, 0xBD, 0xA0, 0xB3, 0xF7,
210 0xE3, 0x6C, 0x9D, 0xA7},
211 }, {
212 .plaintext =
213 "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq",
214 .psize = 56,
215 .digest = { 0x75, 0x38, 0x8B, 0x16, 0x51, 0x27, 0x76, 0xCC,
216 0x5D, 0xBA, 0x5D, 0xA1, 0xFD, 0x89, 0x01, 0x50,
217 0xB0, 0xC6, 0x45, 0x5C, 0xB4, 0xF5, 0x8B, 0x19,
218 0x52, 0x52, 0x25, 0x25 },
219 .np = 2,
220 .tap = { 28, 28 }
221 }
222};
223
176/* 224/*
177 * SHA256 test vectors from from NIST 225 * SHA256 test vectors from from NIST
178 */ 226 */
@@ -817,6 +865,121 @@ static struct hash_testvec hmac_sha1_tv_template[] = {
817 }, 865 },
818}; 866};
819 867
868
869/*
870 * SHA224 HMAC test vectors from RFC4231
871 */
872#define HMAC_SHA224_TEST_VECTORS 4
873
874static struct hash_testvec hmac_sha224_tv_template[] = {
875 {
876 .key = { 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
877 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
878 0x0b, 0x0b, 0x0b, 0x0b },
879 .ksize = 20,
880 /* ("Hi There") */
881 .plaintext = { 0x48, 0x69, 0x20, 0x54, 0x68, 0x65, 0x72, 0x65 },
882 .psize = 8,
883 .digest = { 0x89, 0x6f, 0xb1, 0x12, 0x8a, 0xbb, 0xdf, 0x19,
884 0x68, 0x32, 0x10, 0x7c, 0xd4, 0x9d, 0xf3, 0x3f,
885 0x47, 0xb4, 0xb1, 0x16, 0x99, 0x12, 0xba, 0x4f,
886 0x53, 0x68, 0x4b, 0x22},
887 }, {
888 .key = { 0x4a, 0x65, 0x66, 0x65 }, /* ("Jefe") */
889 .ksize = 4,
890 /* ("what do ya want for nothing?") */
891 .plaintext = { 0x77, 0x68, 0x61, 0x74, 0x20, 0x64, 0x6f, 0x20,
892 0x79, 0x61, 0x20, 0x77, 0x61, 0x6e, 0x74, 0x20,
893 0x66, 0x6f, 0x72, 0x20, 0x6e, 0x6f, 0x74, 0x68,
894 0x69, 0x6e, 0x67, 0x3f },
895 .psize = 28,
896 .digest = { 0xa3, 0x0e, 0x01, 0x09, 0x8b, 0xc6, 0xdb, 0xbf,
897 0x45, 0x69, 0x0f, 0x3a, 0x7e, 0x9e, 0x6d, 0x0f,
898 0x8b, 0xbe, 0xa2, 0xa3, 0x9e, 0x61, 0x48, 0x00,
899 0x8f, 0xd0, 0x5e, 0x44 },
900 .np = 4,
901 .tap = { 7, 7, 7, 7 }
902 }, {
903 .key = { 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
904 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
905 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
906 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
907 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
908 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
909 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
910 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
911 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
912 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
913 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
914 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
915 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
916 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
917 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
918 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
919 0xaa, 0xaa, 0xaa },
920 .ksize = 131,
921 /* ("Test Using Larger Than Block-Size Key - Hash Key First") */
922 .plaintext = { 0x54, 0x65, 0x73, 0x74, 0x20, 0x55, 0x73, 0x69,
923 0x6e, 0x67, 0x20, 0x4c, 0x61, 0x72, 0x67, 0x65,
924 0x72, 0x20, 0x54, 0x68, 0x61, 0x6e, 0x20, 0x42,
925 0x6c, 0x6f, 0x63, 0x6b, 0x2d, 0x53, 0x69, 0x7a,
926 0x65, 0x20, 0x4b, 0x65, 0x79, 0x20, 0x2d, 0x20,
927 0x48, 0x61, 0x73, 0x68, 0x20, 0x4b, 0x65, 0x79,
928 0x20, 0x46, 0x69, 0x72, 0x73, 0x74 },
929 .psize = 54,
930 .digest = { 0x95, 0xe9, 0xa0, 0xdb, 0x96, 0x20, 0x95, 0xad,
931 0xae, 0xbe, 0x9b, 0x2d, 0x6f, 0x0d, 0xbc, 0xe2,
932 0xd4, 0x99, 0xf1, 0x12, 0xf2, 0xd2, 0xb7, 0x27,
933 0x3f, 0xa6, 0x87, 0x0e },
934 }, {
935 .key = { 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
936 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
937 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
938 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
939 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
940 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
941 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
942 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
943 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
944 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
945 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
946 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
947 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
948 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
949 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
950 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
951 0xaa, 0xaa, 0xaa },
952 .ksize = 131,
953 /* ("This is a test using a larger than block-size key and a")
954 (" larger than block-size data. The key needs to be")
955 (" hashed before being used by the HMAC algorithm.") */
956 .plaintext = { 0x54, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20,
957 0x61, 0x20, 0x74, 0x65, 0x73, 0x74, 0x20, 0x75,
958 0x73, 0x69, 0x6e, 0x67, 0x20, 0x61, 0x20, 0x6c,
959 0x61, 0x72, 0x67, 0x65, 0x72, 0x20, 0x74, 0x68,
960 0x61, 0x6e, 0x20, 0x62, 0x6c, 0x6f, 0x63, 0x6b,
961 0x2d, 0x73, 0x69, 0x7a, 0x65, 0x20, 0x6b, 0x65,
962 0x79, 0x20, 0x61, 0x6e, 0x64, 0x20, 0x61, 0x20,
963 0x6c, 0x61, 0x72, 0x67, 0x65, 0x72, 0x20, 0x74,
964 0x68, 0x61, 0x6e, 0x20, 0x62, 0x6c, 0x6f, 0x63,
965 0x6b, 0x2d, 0x73, 0x69, 0x7a, 0x65, 0x20, 0x64,
966 0x61, 0x74, 0x61, 0x2e, 0x20, 0x54, 0x68, 0x65,
967 0x20, 0x6b, 0x65, 0x79, 0x20, 0x6e, 0x65, 0x65,
968 0x64, 0x73, 0x20, 0x74, 0x6f, 0x20, 0x62, 0x65,
969 0x20, 0x68, 0x61, 0x73, 0x68, 0x65, 0x64, 0x20,
970 0x62, 0x65, 0x66, 0x6f, 0x72, 0x65, 0x20, 0x62,
971 0x65, 0x69, 0x6e, 0x67, 0x20, 0x75, 0x73, 0x65,
972 0x64, 0x20, 0x62, 0x79, 0x20, 0x74, 0x68, 0x65,
973 0x20, 0x48, 0x4d, 0x41, 0x43, 0x20, 0x61, 0x6c,
974 0x67, 0x6f, 0x72, 0x69, 0x74, 0x68, 0x6d, 0x2e },
975 .psize = 152,
976 .digest = { 0x3a, 0x85, 0x41, 0x66, 0xac, 0x5d, 0x9f, 0x02,
977 0x3f, 0x54, 0xd5, 0x17, 0xd0, 0xb3, 0x9d, 0xbd,
978 0x94, 0x67, 0x70, 0xdb, 0x9c, 0x2b, 0x95, 0xc9,
979 0xf6, 0xf5, 0x65, 0xd1 },
980 },
981};
982
820/* 983/*
821 * HMAC-SHA256 test vectors from 984 * HMAC-SHA256 test vectors from
822 * draft-ietf-ipsec-ciph-sha-256-01.txt 985 * draft-ietf-ipsec-ciph-sha-256-01.txt
@@ -2140,12 +2303,18 @@ static struct cipher_testvec cast6_dec_tv_template[] = {
2140 */ 2303 */
2141#define AES_ENC_TEST_VECTORS 3 2304#define AES_ENC_TEST_VECTORS 3
2142#define AES_DEC_TEST_VECTORS 3 2305#define AES_DEC_TEST_VECTORS 3
2143#define AES_CBC_ENC_TEST_VECTORS 2 2306#define AES_CBC_ENC_TEST_VECTORS 4
2144#define AES_CBC_DEC_TEST_VECTORS 2 2307#define AES_CBC_DEC_TEST_VECTORS 4
2145#define AES_LRW_ENC_TEST_VECTORS 8 2308#define AES_LRW_ENC_TEST_VECTORS 8
2146#define AES_LRW_DEC_TEST_VECTORS 8 2309#define AES_LRW_DEC_TEST_VECTORS 8
2147#define AES_XTS_ENC_TEST_VECTORS 4 2310#define AES_XTS_ENC_TEST_VECTORS 4
2148#define AES_XTS_DEC_TEST_VECTORS 4 2311#define AES_XTS_DEC_TEST_VECTORS 4
2312#define AES_CTR_ENC_TEST_VECTORS 7
2313#define AES_CTR_DEC_TEST_VECTORS 6
2314#define AES_GCM_ENC_TEST_VECTORS 9
2315#define AES_GCM_DEC_TEST_VECTORS 8
2316#define AES_CCM_ENC_TEST_VECTORS 7
2317#define AES_CCM_DEC_TEST_VECTORS 7
2149 2318
2150static struct cipher_testvec aes_enc_tv_template[] = { 2319static struct cipher_testvec aes_enc_tv_template[] = {
2151 { /* From FIPS-197 */ 2320 { /* From FIPS-197 */
@@ -2249,6 +2418,57 @@ static struct cipher_testvec aes_cbc_enc_tv_template[] = {
2249 0x75, 0x86, 0x60, 0x2d, 0x25, 0x3c, 0xff, 0xf9, 2418 0x75, 0x86, 0x60, 0x2d, 0x25, 0x3c, 0xff, 0xf9,
2250 0x1b, 0x82, 0x66, 0xbe, 0xa6, 0xd6, 0x1a, 0xb1 }, 2419 0x1b, 0x82, 0x66, 0xbe, 0xa6, 0xd6, 0x1a, 0xb1 },
2251 .rlen = 32, 2420 .rlen = 32,
2421 }, { /* From NIST SP800-38A */
2422 .key = { 0x8e, 0x73, 0xb0, 0xf7, 0xda, 0x0e, 0x64, 0x52,
2423 0xc8, 0x10, 0xf3, 0x2b, 0x80, 0x90, 0x79, 0xe5,
2424 0x62, 0xf8, 0xea, 0xd2, 0x52, 0x2c, 0x6b, 0x7b },
2425 .klen = 24,
2426 .iv = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
2427 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f },
2428 .input = { 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96,
2429 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a,
2430 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c,
2431 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51,
2432 0x30, 0xc8, 0x1c, 0x46, 0xa3, 0x5c, 0xe4, 0x11,
2433 0xe5, 0xfb, 0xc1, 0x19, 0x1a, 0x0a, 0x52, 0xef,
2434 0xf6, 0x9f, 0x24, 0x45, 0xdf, 0x4f, 0x9b, 0x17,
2435 0xad, 0x2b, 0x41, 0x7b, 0xe6, 0x6c, 0x37, 0x10 },
2436 .ilen = 64,
2437 .result = { 0x4f, 0x02, 0x1d, 0xb2, 0x43, 0xbc, 0x63, 0x3d,
2438 0x71, 0x78, 0x18, 0x3a, 0x9f, 0xa0, 0x71, 0xe8,
2439 0xb4, 0xd9, 0xad, 0xa9, 0xad, 0x7d, 0xed, 0xf4,
2440 0xe5, 0xe7, 0x38, 0x76, 0x3f, 0x69, 0x14, 0x5a,
2441 0x57, 0x1b, 0x24, 0x20, 0x12, 0xfb, 0x7a, 0xe0,
2442 0x7f, 0xa9, 0xba, 0xac, 0x3d, 0xf1, 0x02, 0xe0,
2443 0x08, 0xb0, 0xe2, 0x79, 0x88, 0x59, 0x88, 0x81,
2444 0xd9, 0x20, 0xa9, 0xe6, 0x4f, 0x56, 0x15, 0xcd },
2445 .rlen = 64,
2446 }, {
2447 .key = { 0x60, 0x3d, 0xeb, 0x10, 0x15, 0xca, 0x71, 0xbe,
2448 0x2b, 0x73, 0xae, 0xf0, 0x85, 0x7d, 0x77, 0x81,
2449 0x1f, 0x35, 0x2c, 0x07, 0x3b, 0x61, 0x08, 0xd7,
2450 0x2d, 0x98, 0x10, 0xa3, 0x09, 0x14, 0xdf, 0xf4 },
2451 .klen = 32,
2452 .iv = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
2453 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f },
2454 .input = { 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96,
2455 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a,
2456 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c,
2457 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51,
2458 0x30, 0xc8, 0x1c, 0x46, 0xa3, 0x5c, 0xe4, 0x11,
2459 0xe5, 0xfb, 0xc1, 0x19, 0x1a, 0x0a, 0x52, 0xef,
2460 0xf6, 0x9f, 0x24, 0x45, 0xdf, 0x4f, 0x9b, 0x17,
2461 0xad, 0x2b, 0x41, 0x7b, 0xe6, 0x6c, 0x37, 0x10 },
2462 .ilen = 64,
2463 .result = { 0xf5, 0x8c, 0x4c, 0x04, 0xd6, 0xe5, 0xf1, 0xba,
2464 0x77, 0x9e, 0xab, 0xfb, 0x5f, 0x7b, 0xfb, 0xd6,
2465 0x9c, 0xfc, 0x4e, 0x96, 0x7e, 0xdb, 0x80, 0x8d,
2466 0x67, 0x9f, 0x77, 0x7b, 0xc6, 0x70, 0x2c, 0x7d,
2467 0x39, 0xf2, 0x33, 0x69, 0xa9, 0xd9, 0xba, 0xcf,
2468 0xa5, 0x30, 0xe2, 0x63, 0x04, 0x23, 0x14, 0x61,
2469 0xb2, 0xeb, 0x05, 0xe2, 0xc3, 0x9b, 0xe9, 0xfc,
2470 0xda, 0x6c, 0x19, 0x07, 0x8c, 0x6a, 0x9d, 0x1b },
2471 .rlen = 64,
2252 }, 2472 },
2253}; 2473};
2254 2474
@@ -2280,6 +2500,57 @@ static struct cipher_testvec aes_cbc_dec_tv_template[] = {
2280 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 2500 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
2281 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f }, 2501 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f },
2282 .rlen = 32, 2502 .rlen = 32,
2503 }, { /* From NIST SP800-38A */
2504 .key = { 0x8e, 0x73, 0xb0, 0xf7, 0xda, 0x0e, 0x64, 0x52,
2505 0xc8, 0x10, 0xf3, 0x2b, 0x80, 0x90, 0x79, 0xe5,
2506 0x62, 0xf8, 0xea, 0xd2, 0x52, 0x2c, 0x6b, 0x7b },
2507 .klen = 24,
2508 .iv = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
2509 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f },
2510 .input = { 0x4f, 0x02, 0x1d, 0xb2, 0x43, 0xbc, 0x63, 0x3d,
2511 0x71, 0x78, 0x18, 0x3a, 0x9f, 0xa0, 0x71, 0xe8,
2512 0xb4, 0xd9, 0xad, 0xa9, 0xad, 0x7d, 0xed, 0xf4,
2513 0xe5, 0xe7, 0x38, 0x76, 0x3f, 0x69, 0x14, 0x5a,
2514 0x57, 0x1b, 0x24, 0x20, 0x12, 0xfb, 0x7a, 0xe0,
2515 0x7f, 0xa9, 0xba, 0xac, 0x3d, 0xf1, 0x02, 0xe0,
2516 0x08, 0xb0, 0xe2, 0x79, 0x88, 0x59, 0x88, 0x81,
2517 0xd9, 0x20, 0xa9, 0xe6, 0x4f, 0x56, 0x15, 0xcd },
2518 .ilen = 64,
2519 .result = { 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96,
2520 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a,
2521 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c,
2522 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51,
2523 0x30, 0xc8, 0x1c, 0x46, 0xa3, 0x5c, 0xe4, 0x11,
2524 0xe5, 0xfb, 0xc1, 0x19, 0x1a, 0x0a, 0x52, 0xef,
2525 0xf6, 0x9f, 0x24, 0x45, 0xdf, 0x4f, 0x9b, 0x17,
2526 0xad, 0x2b, 0x41, 0x7b, 0xe6, 0x6c, 0x37, 0x10 },
2527 .rlen = 64,
2528 }, {
2529 .key = { 0x60, 0x3d, 0xeb, 0x10, 0x15, 0xca, 0x71, 0xbe,
2530 0x2b, 0x73, 0xae, 0xf0, 0x85, 0x7d, 0x77, 0x81,
2531 0x1f, 0x35, 0x2c, 0x07, 0x3b, 0x61, 0x08, 0xd7,
2532 0x2d, 0x98, 0x10, 0xa3, 0x09, 0x14, 0xdf, 0xf4 },
2533 .klen = 32,
2534 .iv = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
2535 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f },
2536 .input = { 0xf5, 0x8c, 0x4c, 0x04, 0xd6, 0xe5, 0xf1, 0xba,
2537 0x77, 0x9e, 0xab, 0xfb, 0x5f, 0x7b, 0xfb, 0xd6,
2538 0x9c, 0xfc, 0x4e, 0x96, 0x7e, 0xdb, 0x80, 0x8d,
2539 0x67, 0x9f, 0x77, 0x7b, 0xc6, 0x70, 0x2c, 0x7d,
2540 0x39, 0xf2, 0x33, 0x69, 0xa9, 0xd9, 0xba, 0xcf,
2541 0xa5, 0x30, 0xe2, 0x63, 0x04, 0x23, 0x14, 0x61,
2542 0xb2, 0xeb, 0x05, 0xe2, 0xc3, 0x9b, 0xe9, 0xfc,
2543 0xda, 0x6c, 0x19, 0x07, 0x8c, 0x6a, 0x9d, 0x1b },
2544 .ilen = 64,
2545 .result = { 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96,
2546 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a,
2547 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c,
2548 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51,
2549 0x30, 0xc8, 0x1c, 0x46, 0xa3, 0x5c, 0xe4, 0x11,
2550 0xe5, 0xfb, 0xc1, 0x19, 0x1a, 0x0a, 0x52, 0xef,
2551 0xf6, 0x9f, 0x24, 0x45, 0xdf, 0x4f, 0x9b, 0x17,
2552 0xad, 0x2b, 0x41, 0x7b, 0xe6, 0x6c, 0x37, 0x10 },
2553 .rlen = 64,
2283 }, 2554 },
2284}; 2555};
2285 2556
@@ -3180,6 +3451,1843 @@ static struct cipher_testvec aes_xts_dec_tv_template[] = {
3180 } 3451 }
3181}; 3452};
3182 3453
3454
3455static struct cipher_testvec aes_ctr_enc_tv_template[] = {
3456 { /* From RFC 3686 */
3457 .key = { 0xae, 0x68, 0x52, 0xf8, 0x12, 0x10, 0x67, 0xcc,
3458 0x4b, 0xf7, 0xa5, 0x76, 0x55, 0x77, 0xf3, 0x9e,
3459 0x00, 0x00, 0x00, 0x30 },
3460 .klen = 20,
3461 .iv = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
3462 .input = { "Single block msg" },
3463 .ilen = 16,
3464 .result = { 0xe4, 0x09, 0x5d, 0x4f, 0xb7, 0xa7, 0xb3, 0x79,
3465 0x2d, 0x61, 0x75, 0xa3, 0x26, 0x13, 0x11, 0xb8 },
3466 .rlen = 16,
3467 }, {
3468 .key = { 0x7e, 0x24, 0x06, 0x78, 0x17, 0xfa, 0xe0, 0xd7,
3469 0x43, 0xd6, 0xce, 0x1f, 0x32, 0x53, 0x91, 0x63,
3470 0x00, 0x6c, 0xb6, 0xdb },
3471 .klen = 20,
3472 .iv = { 0xc0, 0x54, 0x3b, 0x59, 0xda, 0x48, 0xd9, 0x0b },
3473 .input = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
3474 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
3475 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
3476 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f },
3477 .ilen = 32,
3478 .result = { 0x51, 0x04, 0xa1, 0x06, 0x16, 0x8a, 0x72, 0xd9,
3479 0x79, 0x0d, 0x41, 0xee, 0x8e, 0xda, 0xd3, 0x88,
3480 0xeb, 0x2e, 0x1e, 0xfc, 0x46, 0xda, 0x57, 0xc8,
3481 0xfc, 0xe6, 0x30, 0xdf, 0x91, 0x41, 0xbe, 0x28 },
3482 .rlen = 32,
3483 }, {
3484 .key = { 0x16, 0xaf, 0x5b, 0x14, 0x5f, 0xc9, 0xf5, 0x79,
3485 0xc1, 0x75, 0xf9, 0x3e, 0x3b, 0xfb, 0x0e, 0xed,
3486 0x86, 0x3d, 0x06, 0xcc, 0xfd, 0xb7, 0x85, 0x15,
3487 0x00, 0x00, 0x00, 0x48 },
3488 .klen = 28,
3489 .iv = { 0x36, 0x73, 0x3c, 0x14, 0x7d, 0x6d, 0x93, 0xcb },
3490 .input = { "Single block msg" },
3491 .ilen = 16,
3492 .result = { 0x4b, 0x55, 0x38, 0x4f, 0xe2, 0x59, 0xc9, 0xc8,
3493 0x4e, 0x79, 0x35, 0xa0, 0x03, 0xcb, 0xe9, 0x28 },
3494 .rlen = 16,
3495 }, {
3496 .key = { 0x7c, 0x5c, 0xb2, 0x40, 0x1b, 0x3d, 0xc3, 0x3c,
3497 0x19, 0xe7, 0x34, 0x08, 0x19, 0xe0, 0xf6, 0x9c,
3498 0x67, 0x8c, 0x3d, 0xb8, 0xe6, 0xf6, 0xa9, 0x1a,
3499 0x00, 0x96, 0xb0, 0x3b },
3500 .klen = 28,
3501 .iv = { 0x02, 0x0c, 0x6e, 0xad, 0xc2, 0xcb, 0x50, 0x0d },
3502 .input = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
3503 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
3504 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
3505 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f },
3506 .ilen = 32,
3507 .result = { 0x45, 0x32, 0x43, 0xfc, 0x60, 0x9b, 0x23, 0x32,
3508 0x7e, 0xdf, 0xaa, 0xfa, 0x71, 0x31, 0xcd, 0x9f,
3509 0x84, 0x90, 0x70, 0x1c, 0x5a, 0xd4, 0xa7, 0x9c,
3510 0xfc, 0x1f, 0xe0, 0xff, 0x42, 0xf4, 0xfb, 0x00 },
3511 .rlen = 32,
3512 }, {
3513 .key = { 0x77, 0x6b, 0xef, 0xf2, 0x85, 0x1d, 0xb0, 0x6f,
3514 0x4c, 0x8a, 0x05, 0x42, 0xc8, 0x69, 0x6f, 0x6c,
3515 0x6a, 0x81, 0xaf, 0x1e, 0xec, 0x96, 0xb4, 0xd3,
3516 0x7f, 0xc1, 0xd6, 0x89, 0xe6, 0xc1, 0xc1, 0x04,
3517 0x00, 0x00, 0x00, 0x60 },
3518 .klen = 36,
3519 .iv = { 0xdb, 0x56, 0x72, 0xc9, 0x7a, 0xa8, 0xf0, 0xb2 },
3520 .input = { "Single block msg" },
3521 .ilen = 16,
3522 .result = { 0x14, 0x5a, 0xd0, 0x1d, 0xbf, 0x82, 0x4e, 0xc7,
3523 0x56, 0x08, 0x63, 0xdc, 0x71, 0xe3, 0xe0, 0xc0 },
3524 .rlen = 16,
3525 }, {
3526 .key = { 0xf6, 0xd6, 0x6d, 0x6b, 0xd5, 0x2d, 0x59, 0xbb,
3527 0x07, 0x96, 0x36, 0x58, 0x79, 0xef, 0xf8, 0x86,
3528 0xc6, 0x6d, 0xd5, 0x1a, 0x5b, 0x6a, 0x99, 0x74,
3529 0x4b, 0x50, 0x59, 0x0c, 0x87, 0xa2, 0x38, 0x84,
3530 0x00, 0xfa, 0xac, 0x24 },
3531 .klen = 36,
3532 .iv = { 0xc1, 0x58, 0x5e, 0xf1, 0x5a, 0x43, 0xd8, 0x75 },
3533 .input = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
3534 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
3535 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
3536 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f },
3537 .ilen = 32,
3538 .result = { 0xf0, 0x5e, 0x23, 0x1b, 0x38, 0x94, 0x61, 0x2c,
3539 0x49, 0xee, 0x00, 0x0b, 0x80, 0x4e, 0xb2, 0xa9,
3540 0xb8, 0x30, 0x6b, 0x50, 0x8f, 0x83, 0x9d, 0x6a,
3541 0x55, 0x30, 0x83, 0x1d, 0x93, 0x44, 0xaf, 0x1c },
3542 .rlen = 32,
3543 }, {
3544 // generated using Crypto++
3545 .key = {
3546 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
3547 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
3548 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
3549 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
3550 0x00, 0x00, 0x00, 0x00,
3551 },
3552 .klen = 32 + 4,
3553 .iv = {
3554 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
3555 },
3556 .input = {
3557 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
3558 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
3559 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
3560 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
3561 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
3562 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f,
3563 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
3564 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f,
3565 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47,
3566 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f,
3567 0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
3568 0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f,
3569 0x60, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67,
3570 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f,
3571 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77,
3572 0x78, 0x79, 0x7a, 0x7b, 0x7c, 0x7d, 0x7e, 0x7f,
3573 0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87,
3574 0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f,
3575 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97,
3576 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f,
3577 0xa0, 0xa1, 0xa2, 0xa3, 0xa4, 0xa5, 0xa6, 0xa7,
3578 0xa8, 0xa9, 0xaa, 0xab, 0xac, 0xad, 0xae, 0xaf,
3579 0xb0, 0xb1, 0xb2, 0xb3, 0xb4, 0xb5, 0xb6, 0xb7,
3580 0xb8, 0xb9, 0xba, 0xbb, 0xbc, 0xbd, 0xbe, 0xbf,
3581 0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7,
3582 0xc8, 0xc9, 0xca, 0xcb, 0xcc, 0xcd, 0xce, 0xcf,
3583 0xd0, 0xd1, 0xd2, 0xd3, 0xd4, 0xd5, 0xd6, 0xd7,
3584 0xd8, 0xd9, 0xda, 0xdb, 0xdc, 0xdd, 0xde, 0xdf,
3585 0xe0, 0xe1, 0xe2, 0xe3, 0xe4, 0xe5, 0xe6, 0xe7,
3586 0xe8, 0xe9, 0xea, 0xeb, 0xec, 0xed, 0xee, 0xef,
3587 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7,
3588 0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd, 0xfe, 0xff,
3589 0x00, 0x03, 0x06, 0x09, 0x0c, 0x0f, 0x12, 0x15,
3590 0x18, 0x1b, 0x1e, 0x21, 0x24, 0x27, 0x2a, 0x2d,
3591 0x30, 0x33, 0x36, 0x39, 0x3c, 0x3f, 0x42, 0x45,
3592 0x48, 0x4b, 0x4e, 0x51, 0x54, 0x57, 0x5a, 0x5d,
3593 0x60, 0x63, 0x66, 0x69, 0x6c, 0x6f, 0x72, 0x75,
3594 0x78, 0x7b, 0x7e, 0x81, 0x84, 0x87, 0x8a, 0x8d,
3595 0x90, 0x93, 0x96, 0x99, 0x9c, 0x9f, 0xa2, 0xa5,
3596 0xa8, 0xab, 0xae, 0xb1, 0xb4, 0xb7, 0xba, 0xbd,
3597 0xc0, 0xc3, 0xc6, 0xc9, 0xcc, 0xcf, 0xd2, 0xd5,
3598 0xd8, 0xdb, 0xde, 0xe1, 0xe4, 0xe7, 0xea, 0xed,
3599 0xf0, 0xf3, 0xf6, 0xf9, 0xfc, 0xff, 0x02, 0x05,
3600 0x08, 0x0b, 0x0e, 0x11, 0x14, 0x17, 0x1a, 0x1d,
3601 0x20, 0x23, 0x26, 0x29, 0x2c, 0x2f, 0x32, 0x35,
3602 0x38, 0x3b, 0x3e, 0x41, 0x44, 0x47, 0x4a, 0x4d,
3603 0x50, 0x53, 0x56, 0x59, 0x5c, 0x5f, 0x62, 0x65,
3604 0x68, 0x6b, 0x6e, 0x71, 0x74, 0x77, 0x7a, 0x7d,
3605 0x80, 0x83, 0x86, 0x89, 0x8c, 0x8f, 0x92, 0x95,
3606 0x98, 0x9b, 0x9e, 0xa1, 0xa4, 0xa7, 0xaa, 0xad,
3607 0xb0, 0xb3, 0xb6, 0xb9, 0xbc, 0xbf, 0xc2, 0xc5,
3608 0xc8, 0xcb, 0xce, 0xd1, 0xd4, 0xd7, 0xda, 0xdd,
3609 0xe0, 0xe3, 0xe6, 0xe9, 0xec, 0xef, 0xf2, 0xf5,
3610 0xf8, 0xfb, 0xfe, 0x01, 0x04, 0x07, 0x0a, 0x0d,
3611 0x10, 0x13, 0x16, 0x19, 0x1c, 0x1f, 0x22, 0x25,
3612 0x28, 0x2b, 0x2e, 0x31, 0x34, 0x37, 0x3a, 0x3d,
3613 0x40, 0x43, 0x46, 0x49, 0x4c, 0x4f, 0x52, 0x55,
3614 0x58, 0x5b, 0x5e, 0x61, 0x64, 0x67, 0x6a, 0x6d,
3615 0x70, 0x73, 0x76, 0x79, 0x7c, 0x7f, 0x82, 0x85,
3616 0x88, 0x8b, 0x8e, 0x91, 0x94, 0x97, 0x9a, 0x9d,
3617 0xa0, 0xa3, 0xa6, 0xa9, 0xac, 0xaf, 0xb2, 0xb5,
3618 0xb8, 0xbb, 0xbe, 0xc1, 0xc4, 0xc7, 0xca, 0xcd,
3619 0xd0, 0xd3, 0xd6, 0xd9, 0xdc, 0xdf, 0xe2, 0xe5,
3620 0xe8, 0xeb, 0xee, 0xf1, 0xf4, 0xf7, 0xfa, 0xfd,
3621 0x00, 0x05, 0x0a, 0x0f, 0x14, 0x19, 0x1e, 0x23,
3622 0x28, 0x2d, 0x32, 0x37, 0x3c, 0x41, 0x46, 0x4b,
3623 0x50, 0x55, 0x5a, 0x5f, 0x64, 0x69, 0x6e, 0x73,
3624 0x78, 0x7d, 0x82, 0x87, 0x8c, 0x91, 0x96, 0x9b,
3625 0xa0, 0xa5, 0xaa, 0xaf, 0xb4, 0xb9, 0xbe, 0xc3,
3626 0xc8, 0xcd, 0xd2, 0xd7, 0xdc, 0xe1, 0xe6, 0xeb,
3627 0xf0, 0xf5, 0xfa, 0xff, 0x04, 0x09, 0x0e, 0x13,
3628 0x18, 0x1d, 0x22, 0x27, 0x2c, 0x31, 0x36, 0x3b,
3629 0x40, 0x45, 0x4a, 0x4f, 0x54, 0x59, 0x5e, 0x63,
3630 0x68, 0x6d, 0x72, 0x77, 0x7c, 0x81, 0x86, 0x8b,
3631 0x90, 0x95, 0x9a, 0x9f, 0xa4, 0xa9, 0xae, 0xb3,
3632 0xb8, 0xbd, 0xc2, 0xc7, 0xcc, 0xd1, 0xd6, 0xdb,
3633 0xe0, 0xe5, 0xea, 0xef, 0xf4, 0xf9, 0xfe, 0x03,
3634 0x08, 0x0d, 0x12, 0x17, 0x1c, 0x21, 0x26, 0x2b,
3635 0x30, 0x35, 0x3a, 0x3f, 0x44, 0x49, 0x4e, 0x53,
3636 0x58, 0x5d, 0x62, 0x67, 0x6c, 0x71, 0x76, 0x7b,
3637 0x80, 0x85, 0x8a, 0x8f, 0x94, 0x99, 0x9e, 0xa3,
3638 0xa8, 0xad, 0xb2, 0xb7, 0xbc, 0xc1, 0xc6, 0xcb,
3639 0xd0, 0xd5, 0xda, 0xdf, 0xe4, 0xe9, 0xee, 0xf3,
3640 0xf8, 0xfd, 0x02, 0x07, 0x0c, 0x11, 0x16, 0x1b,
3641 0x20, 0x25, 0x2a, 0x2f, 0x34, 0x39, 0x3e, 0x43,
3642 0x48, 0x4d, 0x52, 0x57, 0x5c, 0x61, 0x66, 0x6b,
3643 0x70, 0x75, 0x7a, 0x7f, 0x84, 0x89, 0x8e, 0x93,
3644 0x98, 0x9d, 0xa2, 0xa7, 0xac, 0xb1, 0xb6, 0xbb,
3645 0xc0, 0xc5, 0xca, 0xcf, 0xd4, 0xd9, 0xde, 0xe3,
3646 0xe8, 0xed, 0xf2, 0xf7, 0xfc, 0x01, 0x06, 0x0b,
3647 0x10, 0x15, 0x1a, 0x1f, 0x24, 0x29, 0x2e, 0x33,
3648 0x38, 0x3d, 0x42, 0x47, 0x4c, 0x51, 0x56, 0x5b,
3649 0x60, 0x65, 0x6a, 0x6f, 0x74, 0x79, 0x7e, 0x83,
3650 0x88, 0x8d, 0x92, 0x97, 0x9c, 0xa1, 0xa6, 0xab,
3651 0xb0, 0xb5, 0xba, 0xbf, 0xc4, 0xc9, 0xce, 0xd3,
3652 0xd8, 0xdd, 0xe2, 0xe7, 0xec, 0xf1, 0xf6, 0xfb,
3653 0x00, 0x07, 0x0e, 0x15, 0x1c, 0x23, 0x2a, 0x31,
3654 0x38, 0x3f, 0x46, 0x4d, 0x54, 0x5b, 0x62, 0x69,
3655 0x70, 0x77, 0x7e, 0x85, 0x8c, 0x93, 0x9a, 0xa1,
3656 0xa8, 0xaf, 0xb6, 0xbd, 0xc4, 0xcb, 0xd2, 0xd9,
3657 0xe0, 0xe7, 0xee, 0xf5, 0xfc, 0x03, 0x0a, 0x11,
3658 0x18, 0x1f, 0x26, 0x2d, 0x34, 0x3b, 0x42, 0x49,
3659 0x50, 0x57, 0x5e, 0x65, 0x6c, 0x73, 0x7a, 0x81,
3660 0x88, 0x8f, 0x96, 0x9d, 0xa4, 0xab, 0xb2, 0xb9,
3661 0xc0, 0xc7, 0xce, 0xd5, 0xdc, 0xe3, 0xea, 0xf1,
3662 0xf8, 0xff, 0x06, 0x0d, 0x14, 0x1b, 0x22, 0x29,
3663 0x30, 0x37, 0x3e, 0x45, 0x4c, 0x53, 0x5a, 0x61,
3664 0x68, 0x6f, 0x76, 0x7d, 0x84, 0x8b, 0x92, 0x99,
3665 0xa0, 0xa7, 0xae, 0xb5, 0xbc, 0xc3, 0xca, 0xd1,
3666 0xd8, 0xdf, 0xe6, 0xed, 0xf4, 0xfb, 0x02, 0x09,
3667 0x10, 0x17, 0x1e, 0x25, 0x2c, 0x33, 0x3a, 0x41,
3668 0x48, 0x4f, 0x56, 0x5d, 0x64, 0x6b, 0x72, 0x79,
3669 0x80, 0x87, 0x8e, 0x95, 0x9c, 0xa3, 0xaa, 0xb1,
3670 0xb8, 0xbf, 0xc6, 0xcd, 0xd4, 0xdb, 0xe2, 0xe9,
3671 0xf0, 0xf7, 0xfe, 0x05, 0x0c, 0x13, 0x1a, 0x21,
3672 0x28, 0x2f, 0x36, 0x3d, 0x44, 0x4b, 0x52, 0x59,
3673 0x60, 0x67, 0x6e, 0x75, 0x7c, 0x83, 0x8a, 0x91,
3674 0x98, 0x9f, 0xa6, 0xad, 0xb4, 0xbb, 0xc2, 0xc9,
3675 0xd0, 0xd7, 0xde, 0xe5, 0xec, 0xf3, 0xfa, 0x01,
3676 0x08, 0x0f, 0x16, 0x1d, 0x24, 0x2b, 0x32, 0x39,
3677 0x40, 0x47, 0x4e, 0x55, 0x5c, 0x63, 0x6a, 0x71,
3678 0x78, 0x7f, 0x86, 0x8d, 0x94, 0x9b, 0xa2, 0xa9,
3679 0xb0, 0xb7, 0xbe, 0xc5, 0xcc, 0xd3, 0xda, 0xe1,
3680 0xe8, 0xef, 0xf6, 0xfd, 0x04, 0x0b, 0x12, 0x19,
3681 0x20, 0x27, 0x2e, 0x35, 0x3c, 0x43, 0x4a, 0x51,
3682 0x58, 0x5f, 0x66, 0x6d, 0x74, 0x7b, 0x82, 0x89,
3683 0x90, 0x97, 0x9e, 0xa5, 0xac, 0xb3, 0xba, 0xc1,
3684 0xc8, 0xcf, 0xd6, 0xdd, 0xe4, 0xeb, 0xf2, 0xf9,
3685 0x00, 0x09, 0x12, 0x1b, 0x24, 0x2d, 0x36, 0x3f,
3686 0x48, 0x51, 0x5a, 0x63, 0x6c, 0x75, 0x7e, 0x87,
3687 0x90, 0x99, 0xa2, 0xab, 0xb4, 0xbd, 0xc6, 0xcf,
3688 0xd8, 0xe1, 0xea, 0xf3, 0xfc, 0x05, 0x0e, 0x17,
3689 0x20, 0x29, 0x32, 0x3b, 0x44, 0x4d, 0x56, 0x5f,
3690 0x68, 0x71, 0x7a, 0x83, 0x8c, 0x95, 0x9e, 0xa7,
3691 0xb0, 0xb9, 0xc2, 0xcb, 0xd4, 0xdd, 0xe6, 0xef,
3692 0xf8, 0x01, 0x0a, 0x13, 0x1c, 0x25, 0x2e, 0x37,
3693 0x40, 0x49, 0x52, 0x5b, 0x64, 0x6d, 0x76, 0x7f,
3694 0x88, 0x91, 0x9a, 0xa3, 0xac, 0xb5, 0xbe, 0xc7,
3695 0xd0, 0xd9, 0xe2, 0xeb, 0xf4, 0xfd, 0x06, 0x0f,
3696 0x18, 0x21, 0x2a, 0x33, 0x3c, 0x45, 0x4e, 0x57,
3697 0x60, 0x69, 0x72, 0x7b, 0x84, 0x8d, 0x96, 0x9f,
3698 0xa8, 0xb1, 0xba, 0xc3, 0xcc, 0xd5, 0xde, 0xe7,
3699 0xf0, 0xf9, 0x02, 0x0b, 0x14, 0x1d, 0x26, 0x2f,
3700 0x38, 0x41, 0x4a, 0x53, 0x5c, 0x65, 0x6e, 0x77,
3701 0x80, 0x89, 0x92, 0x9b, 0xa4, 0xad, 0xb6, 0xbf,
3702 0xc8, 0xd1, 0xda, 0xe3, 0xec, 0xf5, 0xfe, 0x07,
3703 0x10, 0x19, 0x22, 0x2b, 0x34, 0x3d, 0x46, 0x4f,
3704 0x58, 0x61, 0x6a, 0x73, 0x7c, 0x85, 0x8e, 0x97,
3705 0xa0, 0xa9, 0xb2, 0xbb, 0xc4, 0xcd, 0xd6, 0xdf,
3706 0xe8, 0xf1, 0xfa, 0x03, 0x0c, 0x15, 0x1e, 0x27,
3707 0x30, 0x39, 0x42, 0x4b, 0x54, 0x5d, 0x66, 0x6f,
3708 0x78, 0x81, 0x8a, 0x93, 0x9c, 0xa5, 0xae, 0xb7,
3709 0xc0, 0xc9, 0xd2, 0xdb, 0xe4, 0xed, 0xf6, 0xff,
3710 0x08, 0x11, 0x1a, 0x23, 0x2c, 0x35, 0x3e, 0x47,
3711 0x50, 0x59, 0x62, 0x6b, 0x74, 0x7d, 0x86, 0x8f,
3712 0x98, 0xa1, 0xaa, 0xb3, 0xbc, 0xc5, 0xce, 0xd7,
3713 0xe0, 0xe9, 0xf2, 0xfb, 0x04, 0x0d, 0x16, 0x1f,
3714 0x28, 0x31, 0x3a, 0x43, 0x4c, 0x55, 0x5e, 0x67,
3715 0x70, 0x79, 0x82, 0x8b, 0x94, 0x9d, 0xa6, 0xaf,
3716 0xb8, 0xc1, 0xca, 0xd3, 0xdc, 0xe5, 0xee, 0xf7,
3717 0x00, 0x0b, 0x16, 0x21, 0x2c, 0x37, 0x42, 0x4d,
3718 0x58, 0x63, 0x6e, 0x79, 0x84, 0x8f, 0x9a, 0xa5,
3719 0xb0, 0xbb, 0xc6, 0xd1, 0xdc, 0xe7, 0xf2, 0xfd,
3720 0x08, 0x13, 0x1e, 0x29, 0x34, 0x3f, 0x4a, 0x55,
3721 0x60, 0x6b, 0x76, 0x81, 0x8c, 0x97, 0xa2, 0xad,
3722 0xb8, 0xc3, 0xce, 0xd9, 0xe4, 0xef, 0xfa, 0x05,
3723 0x10, 0x1b, 0x26, 0x31, 0x3c, 0x47, 0x52, 0x5d,
3724 0x68, 0x73, 0x7e, 0x89, 0x94, 0x9f, 0xaa, 0xb5,
3725 0xc0, 0xcb, 0xd6, 0xe1, 0xec, 0xf7, 0x02, 0x0d,
3726 0x18, 0x23, 0x2e, 0x39, 0x44, 0x4f, 0x5a, 0x65,
3727 0x70, 0x7b, 0x86, 0x91, 0x9c, 0xa7, 0xb2, 0xbd,
3728 0xc8, 0xd3, 0xde, 0xe9, 0xf4, 0xff, 0x0a, 0x15,
3729 0x20, 0x2b, 0x36, 0x41, 0x4c, 0x57, 0x62, 0x6d,
3730 0x78, 0x83, 0x8e, 0x99, 0xa4, 0xaf, 0xba, 0xc5,
3731 0xd0, 0xdb, 0xe6, 0xf1, 0xfc, 0x07, 0x12, 0x1d,
3732 0x28, 0x33, 0x3e, 0x49, 0x54, 0x5f, 0x6a, 0x75,
3733 0x80, 0x8b, 0x96, 0xa1, 0xac, 0xb7, 0xc2, 0xcd,
3734 0xd8, 0xe3, 0xee, 0xf9, 0x04, 0x0f, 0x1a, 0x25,
3735 0x30, 0x3b, 0x46, 0x51, 0x5c, 0x67, 0x72, 0x7d,
3736 0x88, 0x93, 0x9e, 0xa9, 0xb4, 0xbf, 0xca, 0xd5,
3737 0xe0, 0xeb, 0xf6, 0x01, 0x0c, 0x17, 0x22, 0x2d,
3738 0x38, 0x43, 0x4e, 0x59, 0x64, 0x6f, 0x7a, 0x85,
3739 0x90, 0x9b, 0xa6, 0xb1, 0xbc, 0xc7, 0xd2, 0xdd,
3740 0xe8, 0xf3, 0xfe, 0x09, 0x14, 0x1f, 0x2a, 0x35,
3741 0x40, 0x4b, 0x56, 0x61, 0x6c, 0x77, 0x82, 0x8d,
3742 0x98, 0xa3, 0xae, 0xb9, 0xc4, 0xcf, 0xda, 0xe5,
3743 0xf0, 0xfb, 0x06, 0x11, 0x1c, 0x27, 0x32, 0x3d,
3744 0x48, 0x53, 0x5e, 0x69, 0x74, 0x7f, 0x8a, 0x95,
3745 0xa0, 0xab, 0xb6, 0xc1, 0xcc, 0xd7, 0xe2, 0xed,
3746 0xf8, 0x03, 0x0e, 0x19, 0x24, 0x2f, 0x3a, 0x45,
3747 0x50, 0x5b, 0x66, 0x71, 0x7c, 0x87, 0x92, 0x9d,
3748 0xa8, 0xb3, 0xbe, 0xc9, 0xd4, 0xdf, 0xea, 0xf5,
3749 0x00, 0x0d, 0x1a, 0x27, 0x34, 0x41, 0x4e, 0x5b,
3750 0x68, 0x75, 0x82, 0x8f, 0x9c, 0xa9, 0xb6, 0xc3,
3751 0xd0, 0xdd, 0xea, 0xf7, 0x04, 0x11, 0x1e, 0x2b,
3752 0x38, 0x45, 0x52, 0x5f, 0x6c, 0x79, 0x86, 0x93,
3753 0xa0, 0xad, 0xba, 0xc7, 0xd4, 0xe1, 0xee, 0xfb,
3754 0x08, 0x15, 0x22, 0x2f, 0x3c, 0x49, 0x56, 0x63,
3755 0x70, 0x7d, 0x8a, 0x97, 0xa4, 0xb1, 0xbe, 0xcb,
3756 0xd8, 0xe5, 0xf2, 0xff, 0x0c, 0x19, 0x26, 0x33,
3757 0x40, 0x4d, 0x5a, 0x67, 0x74, 0x81, 0x8e, 0x9b,
3758 0xa8, 0xb5, 0xc2, 0xcf, 0xdc, 0xe9, 0xf6, 0x03,
3759 0x10, 0x1d, 0x2a, 0x37, 0x44, 0x51, 0x5e, 0x6b,
3760 0x78, 0x85, 0x92, 0x9f, 0xac, 0xb9, 0xc6, 0xd3,
3761 0xe0, 0xed, 0xfa, 0x07, 0x14, 0x21, 0x2e, 0x3b,
3762 0x48, 0x55, 0x62, 0x6f, 0x7c, 0x89, 0x96, 0xa3,
3763 0xb0, 0xbd, 0xca, 0xd7, 0xe4, 0xf1, 0xfe, 0x0b,
3764 0x18, 0x25, 0x32, 0x3f, 0x4c, 0x59, 0x66, 0x73,
3765 0x80, 0x8d, 0x9a, 0xa7, 0xb4, 0xc1, 0xce, 0xdb,
3766 0xe8, 0xf5, 0x02, 0x0f, 0x1c, 0x29, 0x36, 0x43,
3767 0x50, 0x5d, 0x6a, 0x77, 0x84, 0x91, 0x9e, 0xab,
3768 0xb8, 0xc5, 0xd2, 0xdf, 0xec, 0xf9, 0x06, 0x13,
3769 0x20, 0x2d, 0x3a, 0x47, 0x54, 0x61, 0x6e, 0x7b,
3770 0x88, 0x95, 0xa2, 0xaf, 0xbc, 0xc9, 0xd6, 0xe3,
3771 0xf0, 0xfd, 0x0a, 0x17, 0x24, 0x31, 0x3e, 0x4b,
3772 0x58, 0x65, 0x72, 0x7f, 0x8c, 0x99, 0xa6, 0xb3,
3773 0xc0, 0xcd, 0xda, 0xe7, 0xf4, 0x01, 0x0e, 0x1b,
3774 0x28, 0x35, 0x42, 0x4f, 0x5c, 0x69, 0x76, 0x83,
3775 0x90, 0x9d, 0xaa, 0xb7, 0xc4, 0xd1, 0xde, 0xeb,
3776 0xf8, 0x05, 0x12, 0x1f, 0x2c, 0x39, 0x46, 0x53,
3777 0x60, 0x6d, 0x7a, 0x87, 0x94, 0xa1, 0xae, 0xbb,
3778 0xc8, 0xd5, 0xe2, 0xef, 0xfc, 0x09, 0x16, 0x23,
3779 0x30, 0x3d, 0x4a, 0x57, 0x64, 0x71, 0x7e, 0x8b,
3780 0x98, 0xa5, 0xb2, 0xbf, 0xcc, 0xd9, 0xe6, 0xf3,
3781 0x00, 0x0f, 0x1e, 0x2d, 0x3c, 0x4b, 0x5a, 0x69,
3782 0x78, 0x87, 0x96, 0xa5, 0xb4, 0xc3, 0xd2, 0xe1,
3783 0xf0, 0xff, 0x0e, 0x1d, 0x2c, 0x3b, 0x4a, 0x59,
3784 0x68, 0x77, 0x86, 0x95, 0xa4, 0xb3, 0xc2, 0xd1,
3785 0xe0, 0xef, 0xfe, 0x0d, 0x1c, 0x2b, 0x3a, 0x49,
3786 0x58, 0x67, 0x76, 0x85, 0x94, 0xa3, 0xb2, 0xc1,
3787 0xd0, 0xdf, 0xee, 0xfd, 0x0c, 0x1b, 0x2a, 0x39,
3788 0x48, 0x57, 0x66, 0x75, 0x84, 0x93, 0xa2, 0xb1,
3789 0xc0, 0xcf, 0xde, 0xed, 0xfc, 0x0b, 0x1a, 0x29,
3790 0x38, 0x47, 0x56, 0x65, 0x74, 0x83, 0x92, 0xa1,
3791 0xb0, 0xbf, 0xce, 0xdd, 0xec, 0xfb, 0x0a, 0x19,
3792 0x28, 0x37, 0x46, 0x55, 0x64, 0x73, 0x82, 0x91,
3793 0xa0, 0xaf, 0xbe, 0xcd, 0xdc, 0xeb, 0xfa, 0x09,
3794 0x18, 0x27, 0x36, 0x45, 0x54, 0x63, 0x72, 0x81,
3795 0x90, 0x9f, 0xae, 0xbd, 0xcc, 0xdb, 0xea, 0xf9,
3796 0x08, 0x17, 0x26, 0x35, 0x44, 0x53, 0x62, 0x71,
3797 0x80, 0x8f, 0x9e, 0xad, 0xbc, 0xcb, 0xda, 0xe9,
3798 0xf8, 0x07, 0x16, 0x25, 0x34, 0x43, 0x52, 0x61,
3799 0x70, 0x7f, 0x8e, 0x9d, 0xac, 0xbb, 0xca, 0xd9,
3800 0xe8, 0xf7, 0x06, 0x15, 0x24, 0x33, 0x42, 0x51,
3801 0x60, 0x6f, 0x7e, 0x8d, 0x9c, 0xab, 0xba, 0xc9,
3802 0xd8, 0xe7, 0xf6, 0x05, 0x14, 0x23, 0x32, 0x41,
3803 0x50, 0x5f, 0x6e, 0x7d, 0x8c, 0x9b, 0xaa, 0xb9,
3804 0xc8, 0xd7, 0xe6, 0xf5, 0x04, 0x13, 0x22, 0x31,
3805 0x40, 0x4f, 0x5e, 0x6d, 0x7c, 0x8b, 0x9a, 0xa9,
3806 0xb8, 0xc7, 0xd6, 0xe5, 0xf4, 0x03, 0x12, 0x21,
3807 0x30, 0x3f, 0x4e, 0x5d, 0x6c, 0x7b, 0x8a, 0x99,
3808 0xa8, 0xb7, 0xc6, 0xd5, 0xe4, 0xf3, 0x02, 0x11,
3809 0x20, 0x2f, 0x3e, 0x4d, 0x5c, 0x6b, 0x7a, 0x89,
3810 0x98, 0xa7, 0xb6, 0xc5, 0xd4, 0xe3, 0xf2, 0x01,
3811 0x10, 0x1f, 0x2e, 0x3d, 0x4c, 0x5b, 0x6a, 0x79,
3812 0x88, 0x97, 0xa6, 0xb5, 0xc4, 0xd3, 0xe2, 0xf1,
3813 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
3814 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff,
3815 0x10, 0x21, 0x32, 0x43, 0x54, 0x65, 0x76, 0x87,
3816 0x98, 0xa9, 0xba, 0xcb, 0xdc, 0xed, 0xfe, 0x0f,
3817 0x20, 0x31, 0x42, 0x53, 0x64, 0x75, 0x86, 0x97,
3818 0xa8, 0xb9, 0xca, 0xdb, 0xec, 0xfd, 0x0e, 0x1f,
3819 0x30, 0x41, 0x52, 0x63, 0x74, 0x85, 0x96, 0xa7,
3820 0xb8, 0xc9, 0xda, 0xeb, 0xfc, 0x0d, 0x1e, 0x2f,
3821 0x40, 0x51, 0x62, 0x73, 0x84, 0x95, 0xa6, 0xb7,
3822 0xc8, 0xd9, 0xea, 0xfb, 0x0c, 0x1d, 0x2e, 0x3f,
3823 0x50, 0x61, 0x72, 0x83, 0x94, 0xa5, 0xb6, 0xc7,
3824 0xd8, 0xe9, 0xfa, 0x0b, 0x1c, 0x2d, 0x3e, 0x4f,
3825 0x60, 0x71, 0x82, 0x93, 0xa4, 0xb5, 0xc6, 0xd7,
3826 0xe8, 0xf9, 0x0a, 0x1b, 0x2c, 0x3d, 0x4e, 0x5f,
3827 0x70, 0x81, 0x92, 0xa3, 0xb4, 0xc5, 0xd6, 0xe7,
3828 0xf8, 0x09, 0x1a, 0x2b, 0x3c, 0x4d, 0x5e, 0x6f,
3829 0x80, 0x91, 0xa2, 0xb3, 0xc4, 0xd5, 0xe6, 0xf7,
3830 0x08, 0x19, 0x2a, 0x3b, 0x4c, 0x5d, 0x6e, 0x7f,
3831 0x90, 0xa1, 0xb2, 0xc3, 0xd4, 0xe5, 0xf6, 0x07,
3832 0x18, 0x29, 0x3a, 0x4b, 0x5c, 0x6d, 0x7e, 0x8f,
3833 0xa0, 0xb1, 0xc2, 0xd3, 0xe4, 0xf5, 0x06, 0x17,
3834 0x28, 0x39, 0x4a, 0x5b, 0x6c, 0x7d, 0x8e, 0x9f,
3835 0xb0, 0xc1, 0xd2, 0xe3, 0xf4, 0x05, 0x16, 0x27,
3836 0x38, 0x49, 0x5a, 0x6b, 0x7c, 0x8d, 0x9e, 0xaf,
3837 0xc0, 0xd1, 0xe2, 0xf3, 0x04, 0x15, 0x26, 0x37,
3838 0x48, 0x59, 0x6a, 0x7b, 0x8c, 0x9d, 0xae, 0xbf,
3839 0xd0, 0xe1, 0xf2, 0x03, 0x14, 0x25, 0x36, 0x47,
3840 0x58, 0x69, 0x7a, 0x8b, 0x9c, 0xad, 0xbe, 0xcf,
3841 0xe0, 0xf1, 0x02, 0x13, 0x24, 0x35, 0x46, 0x57,
3842 0x68, 0x79, 0x8a, 0x9b, 0xac, 0xbd, 0xce, 0xdf,
3843 0xf0, 0x01, 0x12, 0x23, 0x34, 0x45, 0x56, 0x67,
3844 0x78, 0x89, 0x9a, 0xab, 0xbc, 0xcd, 0xde, 0xef,
3845 0x00, 0x13, 0x26, 0x39, 0x4c, 0x5f, 0x72, 0x85,
3846 0x98, 0xab, 0xbe, 0xd1, 0xe4, 0xf7, 0x0a, 0x1d,
3847 0x30, 0x43, 0x56, 0x69, 0x7c, 0x8f, 0xa2, 0xb5,
3848 0xc8, 0xdb, 0xee, 0x01, 0x14, 0x27, 0x3a, 0x4d,
3849 0x60, 0x73, 0x86, 0x99, 0xac, 0xbf, 0xd2, 0xe5,
3850 0xf8, 0x0b, 0x1e, 0x31, 0x44, 0x57, 0x6a, 0x7d,
3851 0x90, 0xa3, 0xb6, 0xc9, 0xdc, 0xef, 0x02, 0x15,
3852 0x28, 0x3b, 0x4e, 0x61, 0x74, 0x87, 0x9a, 0xad,
3853 0xc0, 0xd3, 0xe6, 0xf9, 0x0c, 0x1f, 0x32, 0x45,
3854 0x58, 0x6b, 0x7e, 0x91, 0xa4, 0xb7, 0xca, 0xdd,
3855 0xf0, 0x03, 0x16, 0x29, 0x3c, 0x4f, 0x62, 0x75,
3856 0x88, 0x9b, 0xae, 0xc1, 0xd4, 0xe7, 0xfa, 0x0d,
3857 0x20, 0x33, 0x46, 0x59, 0x6c, 0x7f, 0x92, 0xa5,
3858 0xb8, 0xcb, 0xde, 0xf1, 0x04, 0x17, 0x2a, 0x3d,
3859 0x50, 0x63, 0x76, 0x89, 0x9c, 0xaf, 0xc2, 0xd5,
3860 0xe8, 0xfb, 0x0e, 0x21, 0x34, 0x47, 0x5a, 0x6d,
3861 0x80, 0x93, 0xa6, 0xb9, 0xcc, 0xdf, 0xf2, 0x05,
3862 0x18, 0x2b, 0x3e, 0x51, 0x64, 0x77, 0x8a, 0x9d,
3863 0xb0, 0xc3, 0xd6, 0xe9, 0xfc, 0x0f, 0x22, 0x35,
3864 0x48, 0x5b, 0x6e, 0x81, 0x94, 0xa7, 0xba, 0xcd,
3865 0xe0, 0xf3, 0x06, 0x19, 0x2c, 0x3f, 0x52, 0x65,
3866 0x78, 0x8b, 0x9e, 0xb1, 0xc4, 0xd7, 0xea, 0xfd,
3867 0x10, 0x23, 0x36, 0x49, 0x5c, 0x6f, 0x82, 0x95,
3868 0xa8, 0xbb, 0xce, 0xe1, 0xf4, 0x07, 0x1a, 0x2d,
3869 0x40, 0x53, 0x66, 0x79, 0x8c, 0x9f, 0xb2, 0xc5,
3870 0xd8, 0xeb, 0xfe, 0x11, 0x24, 0x37, 0x4a, 0x5d,
3871 0x70, 0x83, 0x96, 0xa9, 0xbc, 0xcf, 0xe2, 0xf5,
3872 0x08, 0x1b, 0x2e, 0x41, 0x54, 0x67, 0x7a, 0x8d,
3873 0xa0, 0xb3, 0xc6, 0xd9, 0xec, 0xff, 0x12, 0x25,
3874 0x38, 0x4b, 0x5e, 0x71, 0x84, 0x97, 0xaa, 0xbd,
3875 0xd0, 0xe3, 0xf6, 0x09, 0x1c, 0x2f, 0x42, 0x55,
3876 0x68, 0x7b, 0x8e, 0xa1, 0xb4, 0xc7, 0xda, 0xed,
3877 0x00, 0x15, 0x2a, 0x3f, 0x54, 0x69, 0x7e, 0x93,
3878 0xa8, 0xbd, 0xd2, 0xe7, 0xfc, 0x11, 0x26, 0x3b,
3879 0x50, 0x65, 0x7a, 0x8f, 0xa4, 0xb9, 0xce, 0xe3,
3880 0xf8, 0x0d, 0x22, 0x37, 0x4c, 0x61, 0x76, 0x8b,
3881 0xa0, 0xb5, 0xca, 0xdf, 0xf4, 0x09, 0x1e, 0x33,
3882 0x48, 0x5d, 0x72, 0x87, 0x9c, 0xb1, 0xc6, 0xdb,
3883 0xf0, 0x05, 0x1a, 0x2f, 0x44, 0x59, 0x6e, 0x83,
3884 0x98, 0xad, 0xc2, 0xd7, 0xec, 0x01, 0x16, 0x2b,
3885 0x40, 0x55, 0x6a, 0x7f, 0x94, 0xa9, 0xbe, 0xd3,
3886 0xe8, 0xfd, 0x12, 0x27, 0x3c, 0x51, 0x66, 0x7b,
3887 0x90, 0xa5, 0xba, 0xcf, 0xe4, 0xf9, 0x0e, 0x23,
3888 0x38, 0x4d, 0x62, 0x77, 0x8c, 0xa1, 0xb6, 0xcb,
3889 0xe0, 0xf5, 0x0a, 0x1f, 0x34, 0x49, 0x5e, 0x73,
3890 0x88, 0x9d, 0xb2, 0xc7, 0xdc, 0xf1, 0x06, 0x1b,
3891 0x30, 0x45, 0x5a, 0x6f, 0x84, 0x99, 0xae, 0xc3,
3892 0xd8, 0xed, 0x02, 0x17, 0x2c, 0x41, 0x56, 0x6b,
3893 0x80, 0x95, 0xaa, 0xbf, 0xd4, 0xe9, 0xfe, 0x13,
3894 0x28, 0x3d, 0x52, 0x67, 0x7c, 0x91, 0xa6, 0xbb,
3895 0xd0, 0xe5, 0xfa, 0x0f, 0x24, 0x39, 0x4e, 0x63,
3896 0x78, 0x8d, 0xa2, 0xb7, 0xcc, 0xe1, 0xf6, 0x0b,
3897 0x20, 0x35, 0x4a, 0x5f, 0x74, 0x89, 0x9e, 0xb3,
3898 0xc8, 0xdd, 0xf2, 0x07, 0x1c, 0x31, 0x46, 0x5b,
3899 0x70, 0x85, 0x9a, 0xaf, 0xc4, 0xd9, 0xee, 0x03,
3900 0x18, 0x2d, 0x42, 0x57, 0x6c, 0x81, 0x96, 0xab,
3901 0xc0, 0xd5, 0xea, 0xff, 0x14, 0x29, 0x3e, 0x53,
3902 0x68, 0x7d, 0x92, 0xa7, 0xbc, 0xd1, 0xe6, 0xfb,
3903 0x10, 0x25, 0x3a, 0x4f, 0x64, 0x79, 0x8e, 0xa3,
3904 0xb8, 0xcd, 0xe2, 0xf7, 0x0c, 0x21, 0x36, 0x4b,
3905 0x60, 0x75, 0x8a, 0x9f, 0xb4, 0xc9, 0xde, 0xf3,
3906 0x08, 0x1d, 0x32, 0x47, 0x5c, 0x71, 0x86, 0x9b,
3907 0xb0, 0xc5, 0xda, 0xef, 0x04, 0x19, 0x2e, 0x43,
3908 0x58, 0x6d, 0x82, 0x97, 0xac, 0xc1, 0xd6, 0xeb,
3909 0x00, 0x17, 0x2e, 0x45, 0x5c, 0x73, 0x8a, 0xa1,
3910 0xb8, 0xcf, 0xe6, 0xfd, 0x14, 0x2b, 0x42, 0x59,
3911 0x70, 0x87, 0x9e, 0xb5, 0xcc, 0xe3, 0xfa, 0x11,
3912 0x28, 0x3f, 0x56, 0x6d, 0x84, 0x9b, 0xb2, 0xc9,
3913 0xe0, 0xf7, 0x0e, 0x25, 0x3c, 0x53, 0x6a, 0x81,
3914 0x98, 0xaf, 0xc6, 0xdd, 0xf4, 0x0b, 0x22, 0x39,
3915 0x50, 0x67, 0x7e, 0x95, 0xac, 0xc3, 0xda, 0xf1,
3916 0x08, 0x1f, 0x36, 0x4d, 0x64, 0x7b, 0x92, 0xa9,
3917 0xc0, 0xd7, 0xee, 0x05, 0x1c, 0x33, 0x4a, 0x61,
3918 0x78, 0x8f, 0xa6, 0xbd, 0xd4, 0xeb, 0x02, 0x19,
3919 0x30, 0x47, 0x5e, 0x75, 0x8c, 0xa3, 0xba, 0xd1,
3920 0xe8, 0xff, 0x16, 0x2d, 0x44, 0x5b, 0x72, 0x89,
3921 0xa0, 0xb7, 0xce, 0xe5, 0xfc, 0x13, 0x2a, 0x41,
3922 0x58, 0x6f, 0x86, 0x9d, 0xb4, 0xcb, 0xe2, 0xf9,
3923 0x10, 0x27, 0x3e, 0x55, 0x6c, 0x83, 0x9a, 0xb1,
3924 0xc8, 0xdf, 0xf6, 0x0d, 0x24, 0x3b, 0x52, 0x69,
3925 0x80, 0x97, 0xae, 0xc5, 0xdc, 0xf3, 0x0a, 0x21,
3926 0x38, 0x4f, 0x66, 0x7d, 0x94, 0xab, 0xc2, 0xd9,
3927 0xf0, 0x07, 0x1e, 0x35, 0x4c, 0x63, 0x7a, 0x91,
3928 0xa8, 0xbf, 0xd6, 0xed, 0x04, 0x1b, 0x32, 0x49,
3929 0x60, 0x77, 0x8e, 0xa5, 0xbc, 0xd3, 0xea, 0x01,
3930 0x18, 0x2f, 0x46, 0x5d, 0x74, 0x8b, 0xa2, 0xb9,
3931 0xd0, 0xe7, 0xfe, 0x15, 0x2c, 0x43, 0x5a, 0x71,
3932 0x88, 0x9f, 0xb6, 0xcd, 0xe4, 0xfb, 0x12, 0x29,
3933 0x40, 0x57, 0x6e, 0x85, 0x9c, 0xb3, 0xca, 0xe1,
3934 0xf8, 0x0f, 0x26, 0x3d, 0x54, 0x6b, 0x82, 0x99,
3935 0xb0, 0xc7, 0xde, 0xf5, 0x0c, 0x23, 0x3a, 0x51,
3936 0x68, 0x7f, 0x96, 0xad, 0xc4, 0xdb, 0xf2, 0x09,
3937 0x20, 0x37, 0x4e, 0x65, 0x7c, 0x93, 0xaa, 0xc1,
3938 0xd8, 0xef, 0x06, 0x1d, 0x34, 0x4b, 0x62, 0x79,
3939 0x90, 0xa7, 0xbe, 0xd5, 0xec, 0x03, 0x1a, 0x31,
3940 0x48, 0x5f, 0x76, 0x8d, 0xa4, 0xbb, 0xd2, 0xe9,
3941 0x00, 0x19, 0x32, 0x4b, 0x64, 0x7d, 0x96, 0xaf,
3942 0xc8, 0xe1, 0xfa, 0x13, 0x2c, 0x45, 0x5e, 0x77,
3943 0x90, 0xa9, 0xc2, 0xdb, 0xf4, 0x0d, 0x26, 0x3f,
3944 0x58, 0x71, 0x8a, 0xa3, 0xbc, 0xd5, 0xee, 0x07,
3945 0x20, 0x39, 0x52, 0x6b, 0x84, 0x9d, 0xb6, 0xcf,
3946 0xe8, 0x01, 0x1a, 0x33, 0x4c, 0x65, 0x7e, 0x97,
3947 0xb0, 0xc9, 0xe2, 0xfb, 0x14, 0x2d, 0x46, 0x5f,
3948 0x78, 0x91, 0xaa, 0xc3, 0xdc, 0xf5, 0x0e, 0x27,
3949 0x40, 0x59, 0x72, 0x8b, 0xa4, 0xbd, 0xd6, 0xef,
3950 0x08, 0x21, 0x3a, 0x53, 0x6c, 0x85, 0x9e, 0xb7,
3951 0xd0, 0xe9, 0x02, 0x1b, 0x34, 0x4d, 0x66, 0x7f,
3952 0x98, 0xb1, 0xca, 0xe3, 0xfc, 0x15, 0x2e, 0x47,
3953 0x60, 0x79, 0x92, 0xab, 0xc4, 0xdd, 0xf6, 0x0f,
3954 0x28, 0x41, 0x5a, 0x73, 0x8c, 0xa5, 0xbe, 0xd7,
3955 0xf0, 0x09, 0x22, 0x3b, 0x54, 0x6d, 0x86, 0x9f,
3956 0xb8, 0xd1, 0xea, 0x03, 0x1c, 0x35, 0x4e, 0x67,
3957 0x80, 0x99, 0xb2, 0xcb, 0xe4, 0xfd, 0x16, 0x2f,
3958 0x48, 0x61, 0x7a, 0x93, 0xac, 0xc5, 0xde, 0xf7,
3959 0x10, 0x29, 0x42, 0x5b, 0x74, 0x8d, 0xa6, 0xbf,
3960 0xd8, 0xf1, 0x0a, 0x23, 0x3c, 0x55, 0x6e, 0x87,
3961 0xa0, 0xb9, 0xd2, 0xeb, 0x04, 0x1d, 0x36, 0x4f,
3962 0x68, 0x81, 0x9a, 0xb3, 0xcc, 0xe5, 0xfe, 0x17,
3963 0x30, 0x49, 0x62, 0x7b, 0x94, 0xad, 0xc6, 0xdf,
3964 0xf8, 0x11, 0x2a, 0x43, 0x5c, 0x75, 0x8e, 0xa7,
3965 0xc0, 0xd9, 0xf2, 0x0b, 0x24, 0x3d, 0x56, 0x6f,
3966 0x88, 0xa1, 0xba, 0xd3, 0xec, 0x05, 0x1e, 0x37,
3967 0x50, 0x69, 0x82, 0x9b, 0xb4, 0xcd, 0xe6, 0xff,
3968 0x18, 0x31, 0x4a, 0x63, 0x7c, 0x95, 0xae, 0xc7,
3969 0xe0, 0xf9, 0x12, 0x2b, 0x44, 0x5d, 0x76, 0x8f,
3970 0xa8, 0xc1, 0xda, 0xf3, 0x0c, 0x25, 0x3e, 0x57,
3971 0x70, 0x89, 0xa2, 0xbb, 0xd4, 0xed, 0x06, 0x1f,
3972 0x38, 0x51, 0x6a, 0x83, 0x9c, 0xb5, 0xce, 0xe7,
3973 0x00, 0x1b, 0x36, 0x51, 0x6c, 0x87, 0xa2, 0xbd,
3974 0xd8, 0xf3, 0x0e, 0x29, 0x44, 0x5f, 0x7a, 0x95,
3975 0xb0, 0xcb, 0xe6, 0x01, 0x1c, 0x37, 0x52, 0x6d,
3976 0x88, 0xa3, 0xbe, 0xd9, 0xf4, 0x0f, 0x2a, 0x45,
3977 0x60, 0x7b, 0x96, 0xb1, 0xcc, 0xe7, 0x02, 0x1d,
3978 0x38, 0x53, 0x6e, 0x89, 0xa4, 0xbf, 0xda, 0xf5,
3979 0x10, 0x2b, 0x46, 0x61, 0x7c, 0x97, 0xb2, 0xcd,
3980 0xe8, 0x03, 0x1e, 0x39, 0x54, 0x6f, 0x8a, 0xa5,
3981 0xc0, 0xdb, 0xf6, 0x11, 0x2c, 0x47, 0x62, 0x7d,
3982 0x98, 0xb3, 0xce, 0xe9, 0x04, 0x1f, 0x3a, 0x55,
3983 0x70, 0x8b, 0xa6, 0xc1, 0xdc, 0xf7, 0x12, 0x2d,
3984 0x48, 0x63, 0x7e, 0x99, 0xb4, 0xcf, 0xea, 0x05,
3985 0x20, 0x3b, 0x56, 0x71, 0x8c, 0xa7, 0xc2, 0xdd,
3986 0xf8, 0x13, 0x2e, 0x49, 0x64, 0x7f, 0x9a, 0xb5,
3987 0xd0, 0xeb, 0x06, 0x21, 0x3c, 0x57, 0x72, 0x8d,
3988 0xa8, 0xc3, 0xde, 0xf9, 0x14, 0x2f, 0x4a, 0x65,
3989 0x80, 0x9b, 0xb6, 0xd1, 0xec, 0x07, 0x22, 0x3d,
3990 0x58, 0x73, 0x8e, 0xa9, 0xc4, 0xdf, 0xfa, 0x15,
3991 0x30, 0x4b, 0x66, 0x81, 0x9c, 0xb7, 0xd2, 0xed,
3992 0x08, 0x23, 0x3e, 0x59, 0x74, 0x8f, 0xaa, 0xc5,
3993 0xe0, 0xfb, 0x16, 0x31, 0x4c, 0x67, 0x82, 0x9d,
3994 0xb8, 0xd3, 0xee, 0x09, 0x24, 0x3f, 0x5a, 0x75,
3995 0x90, 0xab, 0xc6, 0xe1, 0xfc, 0x17, 0x32, 0x4d,
3996 0x68, 0x83, 0x9e, 0xb9, 0xd4, 0xef, 0x0a, 0x25,
3997 0x40, 0x5b, 0x76, 0x91, 0xac, 0xc7, 0xe2, 0xfd,
3998 0x18, 0x33, 0x4e, 0x69, 0x84, 0x9f, 0xba, 0xd5,
3999 0xf0, 0x0b, 0x26, 0x41, 0x5c, 0x77, 0x92, 0xad,
4000 0xc8, 0xe3, 0xfe, 0x19, 0x34, 0x4f, 0x6a, 0x85,
4001 0xa0, 0xbb, 0xd6, 0xf1, 0x0c, 0x27, 0x42, 0x5d,
4002 0x78, 0x93, 0xae, 0xc9, 0xe4, 0xff, 0x1a, 0x35,
4003 0x50, 0x6b, 0x86, 0xa1, 0xbc, 0xd7, 0xf2, 0x0d,
4004 0x28, 0x43, 0x5e, 0x79, 0x94, 0xaf, 0xca, 0xe5,
4005 0x00, 0x1d, 0x3a, 0x57, 0x74, 0x91, 0xae, 0xcb,
4006 0xe8, 0x05, 0x22, 0x3f, 0x5c, 0x79, 0x96, 0xb3,
4007 0xd0, 0xed, 0x0a, 0x27, 0x44, 0x61, 0x7e, 0x9b,
4008 0xb8, 0xd5, 0xf2, 0x0f, 0x2c, 0x49, 0x66, 0x83,
4009 0xa0, 0xbd, 0xda, 0xf7, 0x14, 0x31, 0x4e, 0x6b,
4010 0x88, 0xa5, 0xc2, 0xdf, 0xfc, 0x19, 0x36, 0x53,
4011 0x70, 0x8d, 0xaa, 0xc7, 0xe4, 0x01, 0x1e, 0x3b,
4012 0x58, 0x75, 0x92, 0xaf, 0xcc, 0xe9, 0x06, 0x23,
4013 0x40, 0x5d, 0x7a, 0x97, 0xb4, 0xd1, 0xee, 0x0b,
4014 0x28, 0x45, 0x62, 0x7f, 0x9c, 0xb9, 0xd6, 0xf3,
4015 0x10, 0x2d, 0x4a, 0x67, 0x84, 0xa1, 0xbe, 0xdb,
4016 0xf8, 0x15, 0x32, 0x4f, 0x6c, 0x89, 0xa6, 0xc3,
4017 0xe0, 0xfd, 0x1a, 0x37, 0x54, 0x71, 0x8e, 0xab,
4018 0xc8, 0xe5, 0x02, 0x1f, 0x3c, 0x59, 0x76, 0x93,
4019 0xb0, 0xcd, 0xea, 0x07, 0x24, 0x41, 0x5e, 0x7b,
4020 0x98, 0xb5, 0xd2, 0xef, 0x0c, 0x29, 0x46, 0x63,
4021 0x80, 0x9d, 0xba, 0xd7, 0xf4, 0x11, 0x2e, 0x4b,
4022 0x68, 0x85, 0xa2, 0xbf, 0xdc, 0xf9, 0x16, 0x33,
4023 0x50, 0x6d, 0x8a, 0xa7, 0xc4, 0xe1, 0xfe, 0x1b,
4024 0x38, 0x55, 0x72, 0x8f, 0xac, 0xc9, 0xe6, 0x03,
4025 0x20, 0x3d, 0x5a, 0x77, 0x94, 0xb1, 0xce, 0xeb,
4026 0x08, 0x25, 0x42, 0x5f, 0x7c, 0x99, 0xb6, 0xd3,
4027 0xf0, 0x0d, 0x2a, 0x47, 0x64, 0x81, 0x9e, 0xbb,
4028 0xd8, 0xf5, 0x12, 0x2f, 0x4c, 0x69, 0x86, 0xa3,
4029 0xc0, 0xdd, 0xfa, 0x17, 0x34, 0x51, 0x6e, 0x8b,
4030 0xa8, 0xc5, 0xe2, 0xff, 0x1c, 0x39, 0x56, 0x73,
4031 0x90, 0xad, 0xca, 0xe7, 0x04, 0x21, 0x3e, 0x5b,
4032 0x78, 0x95, 0xb2, 0xcf, 0xec, 0x09, 0x26, 0x43,
4033 0x60, 0x7d, 0x9a, 0xb7, 0xd4, 0xf1, 0x0e, 0x2b,
4034 0x48, 0x65, 0x82, 0x9f, 0xbc, 0xd9, 0xf6, 0x13,
4035 0x30, 0x4d, 0x6a, 0x87, 0xa4, 0xc1, 0xde, 0xfb,
4036 0x18, 0x35, 0x52, 0x6f, 0x8c, 0xa9, 0xc6, 0xe3,
4037 0x00, 0x1f, 0x3e, 0x5d, 0x7c, 0x9b, 0xba, 0xd9,
4038 0xf8, 0x17, 0x36, 0x55, 0x74, 0x93, 0xb2, 0xd1,
4039 0xf0, 0x0f, 0x2e, 0x4d, 0x6c, 0x8b, 0xaa, 0xc9,
4040 0xe8, 0x07, 0x26, 0x45, 0x64, 0x83, 0xa2, 0xc1,
4041 0xe0, 0xff, 0x1e, 0x3d, 0x5c, 0x7b, 0x9a, 0xb9,
4042 0xd8, 0xf7, 0x16, 0x35, 0x54, 0x73, 0x92, 0xb1,
4043 0xd0, 0xef, 0x0e, 0x2d, 0x4c, 0x6b, 0x8a, 0xa9,
4044 0xc8, 0xe7, 0x06, 0x25, 0x44, 0x63, 0x82, 0xa1,
4045 0xc0, 0xdf, 0xfe, 0x1d, 0x3c, 0x5b, 0x7a, 0x99,
4046 0xb8, 0xd7, 0xf6, 0x15, 0x34, 0x53, 0x72, 0x91,
4047 0xb0, 0xcf, 0xee, 0x0d, 0x2c, 0x4b, 0x6a, 0x89,
4048 0xa8, 0xc7, 0xe6, 0x05, 0x24, 0x43, 0x62, 0x81,
4049 0xa0, 0xbf, 0xde, 0xfd, 0x1c, 0x3b, 0x5a, 0x79,
4050 0x98, 0xb7, 0xd6, 0xf5, 0x14, 0x33, 0x52, 0x71,
4051 0x90, 0xaf, 0xce, 0xed, 0x0c, 0x2b, 0x4a, 0x69,
4052 0x88, 0xa7, 0xc6, 0xe5, 0x04, 0x23, 0x42, 0x61,
4053 0x80, 0x9f, 0xbe, 0xdd, 0xfc, 0x1b, 0x3a, 0x59,
4054 0x78, 0x97, 0xb6, 0xd5, 0xf4, 0x13, 0x32, 0x51,
4055 0x70, 0x8f, 0xae, 0xcd, 0xec, 0x0b, 0x2a, 0x49,
4056 0x68, 0x87, 0xa6, 0xc5, 0xe4, 0x03, 0x22, 0x41,
4057 0x60, 0x7f, 0x9e, 0xbd, 0xdc, 0xfb, 0x1a, 0x39,
4058 0x58, 0x77, 0x96, 0xb5, 0xd4, 0xf3, 0x12, 0x31,
4059 0x50, 0x6f, 0x8e, 0xad, 0xcc, 0xeb, 0x0a, 0x29,
4060 0x48, 0x67, 0x86, 0xa5, 0xc4, 0xe3, 0x02, 0x21,
4061 0x40, 0x5f, 0x7e, 0x9d, 0xbc, 0xdb, 0xfa, 0x19,
4062 0x38, 0x57, 0x76, 0x95, 0xb4, 0xd3, 0xf2, 0x11,
4063 0x30, 0x4f, 0x6e, 0x8d, 0xac, 0xcb, 0xea, 0x09,
4064 0x28, 0x47, 0x66, 0x85, 0xa4, 0xc3, 0xe2, 0x01,
4065 0x20, 0x3f, 0x5e, 0x7d, 0x9c, 0xbb, 0xda, 0xf9,
4066 0x18, 0x37, 0x56, 0x75, 0x94, 0xb3, 0xd2, 0xf1,
4067 0x10, 0x2f, 0x4e, 0x6d, 0x8c, 0xab, 0xca, 0xe9,
4068 0x08, 0x27, 0x46, 0x65, 0x84, 0xa3, 0xc2, 0xe1,
4069 0x00, 0x21, 0x42, 0x63,
4070 },
4071 .ilen = 4100,
4072 .result = {
4073 0xf0, 0x5c, 0x74, 0xad, 0x4e, 0xbc, 0x99, 0xe2,
4074 0xae, 0xff, 0x91, 0x3a, 0x44, 0xcf, 0x38, 0x32,
4075 0x1e, 0xad, 0xa7, 0xcd, 0xa1, 0x39, 0x95, 0xaa,
4076 0x10, 0xb1, 0xb3, 0x2e, 0x04, 0x31, 0x8f, 0x86,
4077 0xf2, 0x62, 0x74, 0x70, 0x0c, 0xa4, 0x46, 0x08,
4078 0xa8, 0xb7, 0x99, 0xa8, 0xe9, 0xd2, 0x73, 0x79,
4079 0x7e, 0x6e, 0xd4, 0x8f, 0x1e, 0xc7, 0x8e, 0x31,
4080 0x0b, 0xfa, 0x4b, 0xce, 0xfd, 0xf3, 0x57, 0x71,
4081 0xe9, 0x46, 0x03, 0xa5, 0x3d, 0x34, 0x00, 0xe2,
4082 0x18, 0xff, 0x75, 0x6d, 0x06, 0x2d, 0x00, 0xab,
4083 0xb9, 0x3e, 0x6c, 0x59, 0xc5, 0x84, 0x06, 0xb5,
4084 0x8b, 0xd0, 0x89, 0x9c, 0x4a, 0x79, 0x16, 0xc6,
4085 0x3d, 0x74, 0x54, 0xfa, 0x44, 0xcd, 0x23, 0x26,
4086 0x5c, 0xcf, 0x7e, 0x28, 0x92, 0x32, 0xbf, 0xdf,
4087 0xa7, 0x20, 0x3c, 0x74, 0x58, 0x2a, 0x9a, 0xde,
4088 0x61, 0x00, 0x1c, 0x4f, 0xff, 0x59, 0xc4, 0x22,
4089 0xac, 0x3c, 0xd0, 0xe8, 0x6c, 0xf9, 0x97, 0x1b,
4090 0x58, 0x9b, 0xad, 0x71, 0xe8, 0xa9, 0xb5, 0x0d,
4091 0xee, 0x2f, 0x04, 0x1f, 0x7f, 0xbc, 0x99, 0xee,
4092 0x84, 0xff, 0x42, 0x60, 0xdc, 0x3a, 0x18, 0xa5,
4093 0x81, 0xf9, 0xef, 0xdc, 0x7a, 0x0f, 0x65, 0x41,
4094 0x2f, 0xa3, 0xd3, 0xf9, 0xc2, 0xcb, 0xc0, 0x4d,
4095 0x8f, 0xd3, 0x76, 0x96, 0xad, 0x49, 0x6d, 0x38,
4096 0x3d, 0x39, 0x0b, 0x6c, 0x80, 0xb7, 0x54, 0x69,
4097 0xf0, 0x2c, 0x90, 0x02, 0x29, 0x0d, 0x1c, 0x12,
4098 0xad, 0x55, 0xc3, 0x8b, 0x68, 0xd9, 0xcc, 0xb3,
4099 0xb2, 0x64, 0x33, 0x90, 0x5e, 0xca, 0x4b, 0xe2,
4100 0xfb, 0x75, 0xdc, 0x63, 0xf7, 0x9f, 0x82, 0x74,
4101 0xf0, 0xc9, 0xaa, 0x7f, 0xe9, 0x2a, 0x9b, 0x33,
4102 0xbc, 0x88, 0x00, 0x7f, 0xca, 0xb2, 0x1f, 0x14,
4103 0xdb, 0xc5, 0x8e, 0x7b, 0x11, 0x3c, 0x3e, 0x08,
4104 0xf3, 0x83, 0xe8, 0xe0, 0x94, 0x86, 0x2e, 0x92,
4105 0x78, 0x6b, 0x01, 0xc9, 0xc7, 0x83, 0xba, 0x21,
4106 0x6a, 0x25, 0x15, 0x33, 0x4e, 0x45, 0x08, 0xec,
4107 0x35, 0xdb, 0xe0, 0x6e, 0x31, 0x51, 0x79, 0xa9,
4108 0x42, 0x44, 0x65, 0xc1, 0xa0, 0xf1, 0xf9, 0x2a,
4109 0x70, 0xd5, 0xb6, 0xc6, 0xc1, 0x8c, 0x39, 0xfc,
4110 0x25, 0xa6, 0x55, 0xd9, 0xdd, 0x2d, 0x4c, 0xec,
4111 0x49, 0xc6, 0xeb, 0x0e, 0xa8, 0x25, 0x2a, 0x16,
4112 0x1b, 0x66, 0x84, 0xda, 0xe2, 0x92, 0xe5, 0xc0,
4113 0xc8, 0x53, 0x07, 0xaf, 0x80, 0x84, 0xec, 0xfd,
4114 0xcd, 0xd1, 0x6e, 0xcd, 0x6f, 0x6a, 0xf5, 0x36,
4115 0xc5, 0x15, 0xe5, 0x25, 0x7d, 0x77, 0xd1, 0x1a,
4116 0x93, 0x36, 0xa9, 0xcf, 0x7c, 0xa4, 0x54, 0x4a,
4117 0x06, 0x51, 0x48, 0x4e, 0xf6, 0x59, 0x87, 0xd2,
4118 0x04, 0x02, 0xef, 0xd3, 0x44, 0xde, 0x76, 0x31,
4119 0xb3, 0x34, 0x17, 0x1b, 0x9d, 0x66, 0x11, 0x9f,
4120 0x1e, 0xcc, 0x17, 0xe9, 0xc7, 0x3c, 0x1b, 0xe7,
4121 0xcb, 0x50, 0x08, 0xfc, 0xdc, 0x2b, 0x24, 0xdb,
4122 0x65, 0x83, 0xd0, 0x3b, 0xe3, 0x30, 0xea, 0x94,
4123 0x6c, 0xe7, 0xe8, 0x35, 0x32, 0xc7, 0xdb, 0x64,
4124 0xb4, 0x01, 0xab, 0x36, 0x2c, 0x77, 0x13, 0xaf,
4125 0xf8, 0x2b, 0x88, 0x3f, 0x54, 0x39, 0xc4, 0x44,
4126 0xfe, 0xef, 0x6f, 0x68, 0x34, 0xbe, 0x0f, 0x05,
4127 0x16, 0x6d, 0xf6, 0x0a, 0x30, 0xe7, 0xe3, 0xed,
4128 0xc4, 0xde, 0x3c, 0x1b, 0x13, 0xd8, 0xdb, 0xfe,
4129 0x41, 0x62, 0xe5, 0x28, 0xd4, 0x8d, 0xa3, 0xc7,
4130 0x93, 0x97, 0xc6, 0x48, 0x45, 0x1d, 0x9f, 0x83,
4131 0xdf, 0x4b, 0x40, 0x3e, 0x42, 0x25, 0x87, 0x80,
4132 0x4c, 0x7d, 0xa8, 0xd4, 0x98, 0x23, 0x95, 0x75,
4133 0x41, 0x8c, 0xda, 0x41, 0x9b, 0xd4, 0xa7, 0x06,
4134 0xb5, 0xf1, 0x71, 0x09, 0x53, 0xbe, 0xca, 0xbf,
4135 0x32, 0x03, 0xed, 0xf0, 0x50, 0x1c, 0x56, 0x39,
4136 0x5b, 0xa4, 0x75, 0x18, 0xf7, 0x9b, 0x58, 0xef,
4137 0x53, 0xfc, 0x2a, 0x38, 0x23, 0x15, 0x75, 0xcd,
4138 0x45, 0xe5, 0x5a, 0x82, 0x55, 0xba, 0x21, 0xfa,
4139 0xd4, 0xbd, 0xc6, 0x94, 0x7c, 0xc5, 0x80, 0x12,
4140 0xf7, 0x4b, 0x32, 0xc4, 0x9a, 0x82, 0xd8, 0x28,
4141 0x8f, 0xd9, 0xc2, 0x0f, 0x60, 0x03, 0xbe, 0x5e,
4142 0x21, 0xd6, 0x5f, 0x58, 0xbf, 0x5c, 0xb1, 0x32,
4143 0x82, 0x8d, 0xa9, 0xe5, 0xf2, 0x66, 0x1a, 0xc0,
4144 0xa0, 0xbc, 0x58, 0x2f, 0x71, 0xf5, 0x2f, 0xed,
4145 0xd1, 0x26, 0xb9, 0xd8, 0x49, 0x5a, 0x07, 0x19,
4146 0x01, 0x7c, 0x59, 0xb0, 0xf8, 0xa4, 0xb7, 0xd3,
4147 0x7b, 0x1a, 0x8c, 0x38, 0xf4, 0x50, 0xa4, 0x59,
4148 0xb0, 0xcc, 0x41, 0x0b, 0x88, 0x7f, 0xe5, 0x31,
4149 0xb3, 0x42, 0xba, 0xa2, 0x7e, 0xd4, 0x32, 0x71,
4150 0x45, 0x87, 0x48, 0xa9, 0xc2, 0xf2, 0x89, 0xb3,
4151 0xe4, 0xa7, 0x7e, 0x52, 0x15, 0x61, 0xfa, 0xfe,
4152 0xc9, 0xdd, 0x81, 0xeb, 0x13, 0xab, 0xab, 0xc3,
4153 0x98, 0x59, 0xd8, 0x16, 0x3d, 0x14, 0x7a, 0x1c,
4154 0x3c, 0x41, 0x9a, 0x16, 0x16, 0x9b, 0xd2, 0xd2,
4155 0x69, 0x3a, 0x29, 0x23, 0xac, 0x86, 0x32, 0xa5,
4156 0x48, 0x9c, 0x9e, 0xf3, 0x47, 0x77, 0x81, 0x70,
4157 0x24, 0xe8, 0x85, 0xd2, 0xf5, 0xb5, 0xfa, 0xff,
4158 0x59, 0x6a, 0xd3, 0x50, 0x59, 0x43, 0x59, 0xde,
4159 0xd9, 0xf1, 0x55, 0xa5, 0x0c, 0xc3, 0x1a, 0x1a,
4160 0x18, 0x34, 0x0d, 0x1a, 0x63, 0x33, 0xed, 0x10,
4161 0xe0, 0x1d, 0x2a, 0x18, 0xd2, 0xc0, 0x54, 0xa8,
4162 0xca, 0xb5, 0x9a, 0xd3, 0xdd, 0xca, 0x45, 0x84,
4163 0x50, 0xe7, 0x0f, 0xfe, 0xa4, 0x99, 0x5a, 0xbe,
4164 0x43, 0x2d, 0x9a, 0xcb, 0x92, 0x3f, 0x5a, 0x1d,
4165 0x85, 0xd8, 0xc9, 0xdf, 0x68, 0xc9, 0x12, 0x80,
4166 0x56, 0x0c, 0xdc, 0x00, 0xdc, 0x3a, 0x7d, 0x9d,
4167 0xa3, 0xa2, 0xe8, 0x4d, 0xbf, 0xf9, 0x70, 0xa0,
4168 0xa4, 0x13, 0x4f, 0x6b, 0xaf, 0x0a, 0x89, 0x7f,
4169 0xda, 0xf0, 0xbf, 0x9b, 0xc8, 0x1d, 0xe5, 0xf8,
4170 0x2e, 0x8b, 0x07, 0xb5, 0x73, 0x1b, 0xcc, 0xa2,
4171 0xa6, 0xad, 0x30, 0xbc, 0x78, 0x3c, 0x5b, 0x10,
4172 0xfa, 0x5e, 0x62, 0x2d, 0x9e, 0x64, 0xb3, 0x33,
4173 0xce, 0xf9, 0x1f, 0x86, 0xe7, 0x8b, 0xa2, 0xb8,
4174 0xe8, 0x99, 0x57, 0x8c, 0x11, 0xed, 0x66, 0xd9,
4175 0x3c, 0x72, 0xb9, 0xc3, 0xe6, 0x4e, 0x17, 0x3a,
4176 0x6a, 0xcb, 0x42, 0x24, 0x06, 0xed, 0x3e, 0x4e,
4177 0xa3, 0xe8, 0x6a, 0x94, 0xda, 0x0d, 0x4e, 0xd5,
4178 0x14, 0x19, 0xcf, 0xb6, 0x26, 0xd8, 0x2e, 0xcc,
4179 0x64, 0x76, 0x38, 0x49, 0x4d, 0xfe, 0x30, 0x6d,
4180 0xe4, 0xc8, 0x8c, 0x7b, 0xc4, 0xe0, 0x35, 0xba,
4181 0x22, 0x6e, 0x76, 0xe1, 0x1a, 0xf2, 0x53, 0xc3,
4182 0x28, 0xa2, 0x82, 0x1f, 0x61, 0x69, 0xad, 0xc1,
4183 0x7b, 0x28, 0x4b, 0x1e, 0x6c, 0x85, 0x95, 0x9b,
4184 0x51, 0xb5, 0x17, 0x7f, 0x12, 0x69, 0x8c, 0x24,
4185 0xd5, 0xc7, 0x5a, 0x5a, 0x11, 0x54, 0xff, 0x5a,
4186 0xf7, 0x16, 0xc3, 0x91, 0xa6, 0xf0, 0xdc, 0x0a,
4187 0xb6, 0xa7, 0x4a, 0x0d, 0x7a, 0x58, 0xfe, 0xa5,
4188 0xf5, 0xcb, 0x8f, 0x7b, 0x0e, 0xea, 0x57, 0xe7,
4189 0xbd, 0x79, 0xd6, 0x1c, 0x88, 0x23, 0x6c, 0xf2,
4190 0x4d, 0x29, 0x77, 0x53, 0x35, 0x6a, 0x00, 0x8d,
4191 0xcd, 0xa3, 0x58, 0xbe, 0x77, 0x99, 0x18, 0xf8,
4192 0xe6, 0xe1, 0x8f, 0xe9, 0x37, 0x8f, 0xe3, 0xe2,
4193 0x5a, 0x8a, 0x93, 0x25, 0xaf, 0xf3, 0x78, 0x80,
4194 0xbe, 0xa6, 0x1b, 0xc6, 0xac, 0x8b, 0x1c, 0x91,
4195 0x58, 0xe1, 0x9f, 0x89, 0x35, 0x9d, 0x1d, 0x21,
4196 0x29, 0x9f, 0xf4, 0x99, 0x02, 0x27, 0x0f, 0xa8,
4197 0x4f, 0x79, 0x94, 0x2b, 0x33, 0x2c, 0xda, 0xa2,
4198 0x26, 0x39, 0x83, 0x94, 0xef, 0x27, 0xd8, 0x53,
4199 0x8f, 0x66, 0x0d, 0xe4, 0x41, 0x7d, 0x34, 0xcd,
4200 0x43, 0x7c, 0x95, 0x0a, 0x53, 0xef, 0x66, 0xda,
4201 0x7e, 0x9b, 0xf3, 0x93, 0xaf, 0xd0, 0x73, 0x71,
4202 0xba, 0x40, 0x9b, 0x74, 0xf8, 0xd7, 0xd7, 0x41,
4203 0x6d, 0xaf, 0x72, 0x9c, 0x8d, 0x21, 0x87, 0x3c,
4204 0xfd, 0x0a, 0x90, 0xa9, 0x47, 0x96, 0x9e, 0xd3,
4205 0x88, 0xee, 0x73, 0xcf, 0x66, 0x2f, 0x52, 0x56,
4206 0x6d, 0xa9, 0x80, 0x4c, 0xe2, 0x6f, 0x62, 0x88,
4207 0x3f, 0x0e, 0x54, 0x17, 0x48, 0x80, 0x5d, 0xd3,
4208 0xc3, 0xda, 0x25, 0x3d, 0xa1, 0xc8, 0xcb, 0x9f,
4209 0x9b, 0x70, 0xb3, 0xa1, 0xeb, 0x04, 0x52, 0xa1,
4210 0xf2, 0x22, 0x0f, 0xfc, 0xc8, 0x18, 0xfa, 0xf9,
4211 0x85, 0x9c, 0xf1, 0xac, 0xeb, 0x0c, 0x02, 0x46,
4212 0x75, 0xd2, 0xf5, 0x2c, 0xe3, 0xd2, 0x59, 0x94,
4213 0x12, 0xf3, 0x3c, 0xfc, 0xd7, 0x92, 0xfa, 0x36,
4214 0xba, 0x61, 0x34, 0x38, 0x7c, 0xda, 0x48, 0x3e,
4215 0x08, 0xc9, 0x39, 0x23, 0x5e, 0x02, 0x2c, 0x1a,
4216 0x18, 0x7e, 0xb4, 0xd9, 0xfd, 0x9e, 0x40, 0x02,
4217 0xb1, 0x33, 0x37, 0x32, 0xe7, 0xde, 0xd6, 0xd0,
4218 0x7c, 0x58, 0x65, 0x4b, 0xf8, 0x34, 0x27, 0x9c,
4219 0x44, 0xb4, 0xbd, 0xe9, 0xe9, 0x4c, 0x78, 0x7d,
4220 0x4b, 0x9f, 0xce, 0xb1, 0xcd, 0x47, 0xa5, 0x37,
4221 0xe5, 0x6d, 0xbd, 0xb9, 0x43, 0x94, 0x0a, 0xd4,
4222 0xd6, 0xf9, 0x04, 0x5f, 0xb5, 0x66, 0x6c, 0x1a,
4223 0x35, 0x12, 0xe3, 0x36, 0x28, 0x27, 0x36, 0x58,
4224 0x01, 0x2b, 0x79, 0xe4, 0xba, 0x6d, 0x10, 0x7d,
4225 0x65, 0xdf, 0x84, 0x95, 0xf4, 0xd5, 0xb6, 0x8f,
4226 0x2b, 0x9f, 0x96, 0x00, 0x86, 0x60, 0xf0, 0x21,
4227 0x76, 0xa8, 0x6a, 0x8c, 0x28, 0x1c, 0xb3, 0x6b,
4228 0x97, 0xd7, 0xb6, 0x53, 0x2a, 0xcc, 0xab, 0x40,
4229 0x9d, 0x62, 0x79, 0x58, 0x52, 0xe6, 0x65, 0xb7,
4230 0xab, 0x55, 0x67, 0x9c, 0x89, 0x7c, 0x03, 0xb0,
4231 0x73, 0x59, 0xc5, 0x81, 0xf5, 0x18, 0x17, 0x5c,
4232 0x89, 0xf3, 0x78, 0x35, 0x44, 0x62, 0x78, 0x72,
4233 0xd0, 0x96, 0xeb, 0x31, 0xe7, 0x87, 0x77, 0x14,
4234 0x99, 0x51, 0xf2, 0x59, 0x26, 0x9e, 0xb5, 0xa6,
4235 0x45, 0xfe, 0x6e, 0xbd, 0x07, 0x4c, 0x94, 0x5a,
4236 0xa5, 0x7d, 0xfc, 0xf1, 0x2b, 0x77, 0xe2, 0xfe,
4237 0x17, 0xd4, 0x84, 0xa0, 0xac, 0xb5, 0xc7, 0xda,
4238 0xa9, 0x1a, 0xb6, 0xf3, 0x74, 0x11, 0xb4, 0x9d,
4239 0xfb, 0x79, 0x2e, 0x04, 0x2d, 0x50, 0x28, 0x83,
4240 0xbf, 0xc6, 0x52, 0xd3, 0x34, 0xd6, 0xe8, 0x7a,
4241 0xb6, 0xea, 0xe7, 0xa8, 0x6c, 0x15, 0x1e, 0x2c,
4242 0x57, 0xbc, 0x48, 0x4e, 0x5f, 0x5c, 0xb6, 0x92,
4243 0xd2, 0x49, 0x77, 0x81, 0x6d, 0x90, 0x70, 0xae,
4244 0x98, 0xa1, 0x03, 0x0d, 0x6b, 0xb9, 0x77, 0x14,
4245 0xf1, 0x4e, 0x23, 0xd3, 0xf8, 0x68, 0xbd, 0xc2,
4246 0xfe, 0x04, 0xb7, 0x5c, 0xc5, 0x17, 0x60, 0x8f,
4247 0x65, 0x54, 0xa4, 0x7a, 0x42, 0xdc, 0x18, 0x0d,
4248 0xb5, 0xcf, 0x0f, 0xd3, 0xc7, 0x91, 0x66, 0x1b,
4249 0x45, 0x42, 0x27, 0x75, 0x50, 0xe5, 0xee, 0xb8,
4250 0x7f, 0x33, 0x2c, 0xba, 0x4a, 0x92, 0x4d, 0x2c,
4251 0x3c, 0xe3, 0x0d, 0x80, 0x01, 0xba, 0x0d, 0x29,
4252 0xd8, 0x3c, 0xe9, 0x13, 0x16, 0x57, 0xe6, 0xea,
4253 0x94, 0x52, 0xe7, 0x00, 0x4d, 0x30, 0xb0, 0x0f,
4254 0x35, 0xb8, 0xb8, 0xa7, 0xb1, 0xb5, 0x3b, 0x44,
4255 0xe1, 0x2f, 0xfd, 0x88, 0xed, 0x43, 0xe7, 0x52,
4256 0x10, 0x93, 0xb3, 0x8a, 0x30, 0x6b, 0x0a, 0xf7,
4257 0x23, 0xc6, 0x50, 0x9d, 0x4a, 0xb0, 0xde, 0xc3,
4258 0xdc, 0x9b, 0x2f, 0x01, 0x56, 0x36, 0x09, 0xc5,
4259 0x2f, 0x6b, 0xfe, 0xf1, 0xd8, 0x27, 0x45, 0x03,
4260 0x30, 0x5e, 0x5c, 0x5b, 0xb4, 0x62, 0x0e, 0x1a,
4261 0xa9, 0x21, 0x2b, 0x92, 0x94, 0x87, 0x62, 0x57,
4262 0x4c, 0x10, 0x74, 0x1a, 0xf1, 0x0a, 0xc5, 0x84,
4263 0x3b, 0x9e, 0x72, 0x02, 0xd7, 0xcc, 0x09, 0x56,
4264 0xbd, 0x54, 0xc1, 0xf0, 0xc3, 0xe3, 0xb3, 0xf8,
4265 0xd2, 0x0d, 0x61, 0xcb, 0xef, 0xce, 0x0d, 0x05,
4266 0xb0, 0x98, 0xd9, 0x8e, 0x4f, 0xf9, 0xbc, 0x93,
4267 0xa6, 0xea, 0xc8, 0xcf, 0x10, 0x53, 0x4b, 0xf1,
4268 0xec, 0xfc, 0x89, 0xf9, 0x64, 0xb0, 0x22, 0xbf,
4269 0x9e, 0x55, 0x46, 0x9f, 0x7c, 0x50, 0x8e, 0x84,
4270 0x54, 0x20, 0x98, 0xd7, 0x6c, 0x40, 0x1e, 0xdb,
4271 0x69, 0x34, 0x78, 0x61, 0x24, 0x21, 0x9c, 0x8a,
4272 0xb3, 0x62, 0x31, 0x8b, 0x6e, 0xf5, 0x2a, 0x35,
4273 0x86, 0x13, 0xb1, 0x6c, 0x64, 0x2e, 0x41, 0xa5,
4274 0x05, 0xf2, 0x42, 0xba, 0xd2, 0x3a, 0x0d, 0x8e,
4275 0x8a, 0x59, 0x94, 0x3c, 0xcf, 0x36, 0x27, 0x82,
4276 0xc2, 0x45, 0xee, 0x58, 0xcd, 0x88, 0xb4, 0xec,
4277 0xde, 0xb2, 0x96, 0x0a, 0xaf, 0x38, 0x6f, 0x88,
4278 0xd7, 0xd8, 0xe1, 0xdf, 0xb9, 0x96, 0xa9, 0x0a,
4279 0xb1, 0x95, 0x28, 0x86, 0x20, 0xe9, 0x17, 0x49,
4280 0xa2, 0x29, 0x38, 0xaa, 0xa5, 0xe9, 0x6e, 0xf1,
4281 0x19, 0x27, 0xc0, 0xd5, 0x2a, 0x22, 0xc3, 0x0b,
4282 0xdb, 0x7c, 0x73, 0x10, 0xb9, 0xba, 0x89, 0x76,
4283 0x54, 0xae, 0x7d, 0x71, 0xb3, 0x93, 0xf6, 0x32,
4284 0xe6, 0x47, 0x43, 0x55, 0xac, 0xa0, 0x0d, 0xc2,
4285 0x93, 0x27, 0x4a, 0x8e, 0x0e, 0x74, 0x15, 0xc7,
4286 0x0b, 0x85, 0xd9, 0x0c, 0xa9, 0x30, 0x7a, 0x3e,
4287 0xea, 0x8f, 0x85, 0x6d, 0x3a, 0x12, 0x4f, 0x72,
4288 0x69, 0x58, 0x7a, 0x80, 0xbb, 0xb5, 0x97, 0xf3,
4289 0xcf, 0x70, 0xd2, 0x5d, 0xdd, 0x4d, 0x21, 0x79,
4290 0x54, 0x4d, 0xe4, 0x05, 0xe8, 0xbd, 0xc2, 0x62,
4291 0xb1, 0x3b, 0x77, 0x1c, 0xd6, 0x5c, 0xf3, 0xa0,
4292 0x79, 0x00, 0xa8, 0x6c, 0x29, 0xd9, 0x18, 0x24,
4293 0x36, 0xa2, 0x46, 0xc0, 0x96, 0x65, 0x7f, 0xbd,
4294 0x2a, 0xed, 0x36, 0x16, 0x0c, 0xaa, 0x9f, 0xf4,
4295 0xc5, 0xb4, 0xe2, 0x12, 0xed, 0x69, 0xed, 0x4f,
4296 0x26, 0x2c, 0x39, 0x52, 0x89, 0x98, 0xe7, 0x2c,
4297 0x99, 0xa4, 0x9e, 0xa3, 0x9b, 0x99, 0x46, 0x7a,
4298 0x3a, 0xdc, 0xa8, 0x59, 0xa3, 0xdb, 0xc3, 0x3b,
4299 0x95, 0x0d, 0x3b, 0x09, 0x6e, 0xee, 0x83, 0x5d,
4300 0x32, 0x4d, 0xed, 0xab, 0xfa, 0x98, 0x14, 0x4e,
4301 0xc3, 0x15, 0x45, 0x53, 0x61, 0xc4, 0x93, 0xbd,
4302 0x90, 0xf4, 0x99, 0x95, 0x4c, 0xe6, 0x76, 0x92,
4303 0x29, 0x90, 0x46, 0x30, 0x92, 0x69, 0x7d, 0x13,
4304 0xf2, 0xa5, 0xcd, 0x69, 0x49, 0x44, 0xb2, 0x0f,
4305 0x63, 0x40, 0x36, 0x5f, 0x09, 0xe2, 0x78, 0xf8,
4306 0x91, 0xe3, 0xe2, 0xfa, 0x10, 0xf7, 0xc8, 0x24,
4307 0xa8, 0x89, 0x32, 0x5c, 0x37, 0x25, 0x1d, 0xb2,
4308 0xea, 0x17, 0x8a, 0x0a, 0xa9, 0x64, 0xc3, 0x7c,
4309 0x3c, 0x7c, 0xbd, 0xc6, 0x79, 0x34, 0xe7, 0xe2,
4310 0x85, 0x8e, 0xbf, 0xf8, 0xde, 0x92, 0xa0, 0xae,
4311 0x20, 0xc4, 0xf6, 0xbb, 0x1f, 0x38, 0x19, 0x0e,
4312 0xe8, 0x79, 0x9c, 0xa1, 0x23, 0xe9, 0x54, 0x7e,
4313 0x37, 0x2f, 0xe2, 0x94, 0x32, 0xaf, 0xa0, 0x23,
4314 0x49, 0xe4, 0xc0, 0xb3, 0xac, 0x00, 0x8f, 0x36,
4315 0x05, 0xc4, 0xa6, 0x96, 0xec, 0x05, 0x98, 0x4f,
4316 0x96, 0x67, 0x57, 0x1f, 0x20, 0x86, 0x1b, 0x2d,
4317 0x69, 0xe4, 0x29, 0x93, 0x66, 0x5f, 0xaf, 0x6b,
4318 0x88, 0x26, 0x2c, 0x67, 0x02, 0x4b, 0x52, 0xd0,
4319 0x83, 0x7a, 0x43, 0x1f, 0xc0, 0x71, 0x15, 0x25,
4320 0x77, 0x65, 0x08, 0x60, 0x11, 0x76, 0x4c, 0x8d,
4321 0xed, 0xa9, 0x27, 0xc6, 0xb1, 0x2a, 0x2c, 0x6a,
4322 0x4a, 0x97, 0xf5, 0xc6, 0xb7, 0x70, 0x42, 0xd3,
4323 0x03, 0xd1, 0x24, 0x95, 0xec, 0x6d, 0xab, 0x38,
4324 0x72, 0xce, 0xe2, 0x8b, 0x33, 0xd7, 0x51, 0x09,
4325 0xdc, 0x45, 0xe0, 0x09, 0x96, 0x32, 0xf3, 0xc4,
4326 0x84, 0xdc, 0x73, 0x73, 0x2d, 0x1b, 0x11, 0x98,
4327 0xc5, 0x0e, 0x69, 0x28, 0x94, 0xc7, 0xb5, 0x4d,
4328 0xc8, 0x8a, 0xd0, 0xaa, 0x13, 0x2e, 0x18, 0x74,
4329 0xdd, 0xd1, 0x1e, 0xf3, 0x90, 0xe8, 0xfc, 0x9a,
4330 0x72, 0x4a, 0x0e, 0xd1, 0xe4, 0xfb, 0x0d, 0x96,
4331 0xd1, 0x0c, 0x79, 0x85, 0x1b, 0x1c, 0xfe, 0xe1,
4332 0x62, 0x8f, 0x7a, 0x73, 0x32, 0xab, 0xc8, 0x18,
4333 0x69, 0xe3, 0x34, 0x30, 0xdf, 0x13, 0xa6, 0xe5,
4334 0xe8, 0x0e, 0x67, 0x7f, 0x81, 0x11, 0xb4, 0x60,
4335 0xc7, 0xbd, 0x79, 0x65, 0x50, 0xdc, 0xc4, 0x5b,
4336 0xde, 0x39, 0xa4, 0x01, 0x72, 0x63, 0xf3, 0xd1,
4337 0x64, 0x4e, 0xdf, 0xfc, 0x27, 0x92, 0x37, 0x0d,
4338 0x57, 0xcd, 0x11, 0x4f, 0x11, 0x04, 0x8e, 0x1d,
4339 0x16, 0xf7, 0xcd, 0x92, 0x9a, 0x99, 0x30, 0x14,
4340 0xf1, 0x7c, 0x67, 0x1b, 0x1f, 0x41, 0x0b, 0xe8,
4341 0x32, 0xe8, 0xb8, 0xc1, 0x4f, 0x54, 0x86, 0x4f,
4342 0xe5, 0x79, 0x81, 0x73, 0xcd, 0x43, 0x59, 0x68,
4343 0x73, 0x02, 0x3b, 0x78, 0x21, 0x72, 0x43, 0x00,
4344 0x49, 0x17, 0xf7, 0x00, 0xaf, 0x68, 0x24, 0x53,
4345 0x05, 0x0a, 0xc3, 0x33, 0xe0, 0x33, 0x3f, 0x69,
4346 0xd2, 0x84, 0x2f, 0x0b, 0xed, 0xde, 0x04, 0xf4,
4347 0x11, 0x94, 0x13, 0x69, 0x51, 0x09, 0x28, 0xde,
4348 0x57, 0x5c, 0xef, 0xdc, 0x9a, 0x49, 0x1c, 0x17,
4349 0x97, 0xf3, 0x96, 0xc1, 0x7f, 0x5d, 0x2e, 0x7d,
4350 0x55, 0xb8, 0xb3, 0x02, 0x09, 0xb3, 0x1f, 0xe7,
4351 0xc9, 0x8d, 0xa3, 0x36, 0x34, 0x8a, 0x77, 0x13,
4352 0x30, 0x63, 0x4c, 0xa5, 0xcd, 0xc3, 0xe0, 0x7e,
4353 0x05, 0xa1, 0x7b, 0x0c, 0xcb, 0x74, 0x47, 0x31,
4354 0x62, 0x03, 0x43, 0xf1, 0x87, 0xb4, 0xb0, 0x85,
4355 0x87, 0x8e, 0x4b, 0x25, 0xc7, 0xcf, 0xae, 0x4b,
4356 0x36, 0x46, 0x3e, 0x62, 0xbc, 0x6f, 0xeb, 0x5f,
4357 0x73, 0xac, 0xe6, 0x07, 0xee, 0xc1, 0xa1, 0xd6,
4358 0xc4, 0xab, 0xc9, 0xd6, 0x89, 0x45, 0xe1, 0xf1,
4359 0x04, 0x4e, 0x1a, 0x6f, 0xbb, 0x4f, 0x3a, 0xa3,
4360 0xa0, 0xcb, 0xa3, 0x0a, 0xd8, 0x71, 0x35, 0x55,
4361 0xe4, 0xbc, 0x2e, 0x04, 0x06, 0xe6, 0xff, 0x5b,
4362 0x1c, 0xc0, 0x11, 0x7c, 0xc5, 0x17, 0xf3, 0x38,
4363 0xcf, 0xe9, 0xba, 0x0f, 0x0e, 0xef, 0x02, 0xc2,
4364 0x8d, 0xc6, 0xbc, 0x4b, 0x67, 0x20, 0x95, 0xd7,
4365 0x2c, 0x45, 0x5b, 0x86, 0x44, 0x8c, 0x6f, 0x2e,
4366 0x7e, 0x9f, 0x1c, 0x77, 0xba, 0x6b, 0x0e, 0xa3,
4367 0x69, 0xdc, 0xab, 0x24, 0x57, 0x60, 0x47, 0xc1,
4368 0xd1, 0xa5, 0x9d, 0x23, 0xe6, 0xb1, 0x37, 0xfe,
4369 0x93, 0xd2, 0x4c, 0x46, 0xf9, 0x0c, 0xc6, 0xfb,
4370 0xd6, 0x9d, 0x99, 0x69, 0xab, 0x7a, 0x07, 0x0c,
4371 0x65, 0xe7, 0xc4, 0x08, 0x96, 0xe2, 0xa5, 0x01,
4372 0x3f, 0x46, 0x07, 0x05, 0x7e, 0xe8, 0x9a, 0x90,
4373 0x50, 0xdc, 0xe9, 0x7a, 0xea, 0xa1, 0x39, 0x6e,
4374 0x66, 0xe4, 0x6f, 0xa5, 0x5f, 0xb2, 0xd9, 0x5b,
4375 0xf5, 0xdb, 0x2a, 0x32, 0xf0, 0x11, 0x6f, 0x7c,
4376 0x26, 0x10, 0x8f, 0x3d, 0x80, 0xe9, 0x58, 0xf7,
4377 0xe0, 0xa8, 0x57, 0xf8, 0xdb, 0x0e, 0xce, 0x99,
4378 0x63, 0x19, 0x3d, 0xd5, 0xec, 0x1b, 0x77, 0x69,
4379 0x98, 0xf6, 0xe4, 0x5f, 0x67, 0x17, 0x4b, 0x09,
4380 0x85, 0x62, 0x82, 0x70, 0x18, 0xe2, 0x9a, 0x78,
4381 0xe2, 0x62, 0xbd, 0xb4, 0xf1, 0x42, 0xc6, 0xfb,
4382 0x08, 0xd0, 0xbd, 0xeb, 0x4e, 0x09, 0xf2, 0xc8,
4383 0x1e, 0xdc, 0x3d, 0x32, 0x21, 0x56, 0x9c, 0x4f,
4384 0x35, 0xf3, 0x61, 0x06, 0x72, 0x84, 0xc4, 0x32,
4385 0xf2, 0xf1, 0xfa, 0x0b, 0x2f, 0xc3, 0xdb, 0x02,
4386 0x04, 0xc2, 0xde, 0x57, 0x64, 0x60, 0x8d, 0xcf,
4387 0xcb, 0x86, 0x5d, 0x97, 0x3e, 0xb1, 0x9c, 0x01,
4388 0xd6, 0x28, 0x8f, 0x99, 0xbc, 0x46, 0xeb, 0x05,
4389 0xaf, 0x7e, 0xb8, 0x21, 0x2a, 0x56, 0x85, 0x1c,
4390 0xb3, 0x71, 0xa0, 0xde, 0xca, 0x96, 0xf1, 0x78,
4391 0x49, 0xa2, 0x99, 0x81, 0x80, 0x5c, 0x01, 0xf5,
4392 0xa0, 0xa2, 0x56, 0x63, 0xe2, 0x70, 0x07, 0xa5,
4393 0x95, 0xd6, 0x85, 0xeb, 0x36, 0x9e, 0xa9, 0x51,
4394 0x66, 0x56, 0x5f, 0x1d, 0x02, 0x19, 0xe2, 0xf6,
4395 0x4f, 0x73, 0x38, 0x09, 0x75, 0x64, 0x48, 0xe0,
4396 0xf1, 0x7e, 0x0e, 0xe8, 0x9d, 0xf9, 0xed, 0x94,
4397 0xfe, 0x16, 0x26, 0x62, 0x49, 0x74, 0xf4, 0xb0,
4398 0xd4, 0xa9, 0x6c, 0xb0, 0xfd, 0x53, 0xe9, 0x81,
4399 0xe0, 0x7a, 0xbf, 0xcf, 0xb5, 0xc4, 0x01, 0x81,
4400 0x79, 0x99, 0x77, 0x01, 0x3b, 0xe9, 0xa2, 0xb6,
4401 0xe6, 0x6a, 0x8a, 0x9e, 0x56, 0x1c, 0x8d, 0x1e,
4402 0x8f, 0x06, 0x55, 0x2c, 0x6c, 0xdc, 0x92, 0x87,
4403 0x64, 0x3b, 0x4b, 0x19, 0xa1, 0x13, 0x64, 0x1d,
4404 0x4a, 0xe9, 0xc0, 0x00, 0xb8, 0x95, 0xef, 0x6b,
4405 0x1a, 0x86, 0x6d, 0x37, 0x52, 0x02, 0xc2, 0xe0,
4406 0xc8, 0xbb, 0x42, 0x0c, 0x02, 0x21, 0x4a, 0xc9,
4407 0xef, 0xa0, 0x54, 0xe4, 0x5e, 0x16, 0x53, 0x81,
4408 0x70, 0x62, 0x10, 0xaf, 0xde, 0xb8, 0xb5, 0xd3,
4409 0xe8, 0x5e, 0x6c, 0xc3, 0x8a, 0x3e, 0x18, 0x07,
4410 0xf2, 0x2f, 0x7d, 0xa7, 0xe1, 0x3d, 0x4e, 0xb4,
4411 0x26, 0xa7, 0xa3, 0x93, 0x86, 0xb2, 0x04, 0x1e,
4412 0x53, 0x5d, 0x86, 0xd6, 0xde, 0x65, 0xca, 0xe3,
4413 0x4e, 0xc1, 0xcf, 0xef, 0xc8, 0x70, 0x1b, 0x83,
4414 0x13, 0xdd, 0x18, 0x8b, 0x0d, 0x76, 0xd2, 0xf6,
4415 0x37, 0x7a, 0x93, 0x7a, 0x50, 0x11, 0x9f, 0x96,
4416 0x86, 0x25, 0xfd, 0xac, 0xdc, 0xbe, 0x18, 0x93,
4417 0x19, 0x6b, 0xec, 0x58, 0x4f, 0xb9, 0x75, 0xa7,
4418 0xdd, 0x3f, 0x2f, 0xec, 0xc8, 0x5a, 0x84, 0xab,
4419 0xd5, 0xe4, 0x8a, 0x07, 0xf6, 0x4d, 0x23, 0xd6,
4420 0x03, 0xfb, 0x03, 0x6a, 0xea, 0x66, 0xbf, 0xd4,
4421 0xb1, 0x34, 0xfb, 0x78, 0xe9, 0x55, 0xdc, 0x7c,
4422 0x3d, 0x9c, 0xe5, 0x9a, 0xac, 0xc3, 0x7a, 0x80,
4423 0x24, 0x6d, 0xa0, 0xef, 0x25, 0x7c, 0xb7, 0xea,
4424 0xce, 0x4d, 0x5f, 0x18, 0x60, 0xce, 0x87, 0x22,
4425 0x66, 0x2f, 0xd5, 0xdd, 0xdd, 0x02, 0x21, 0x75,
4426 0x82, 0xa0, 0x1f, 0x58, 0xc6, 0xd3, 0x62, 0xf7,
4427 0x32, 0xd8, 0xaf, 0x1e, 0x07, 0x77, 0x51, 0x96,
4428 0xd5, 0x6b, 0x1e, 0x7e, 0x80, 0x02, 0xe8, 0x67,
4429 0xea, 0x17, 0x0b, 0x10, 0xd2, 0x3f, 0x28, 0x25,
4430 0x4f, 0x05, 0x77, 0x02, 0x14, 0x69, 0xf0, 0x2c,
4431 0xbe, 0x0c, 0xf1, 0x74, 0x30, 0xd1, 0xb9, 0x9b,
4432 0xfc, 0x8c, 0xbb, 0x04, 0x16, 0xd9, 0xba, 0xc3,
4433 0xbc, 0x91, 0x8a, 0xc4, 0x30, 0xa4, 0xb0, 0x12,
4434 0x4c, 0x21, 0x87, 0xcb, 0xc9, 0x1d, 0x16, 0x96,
4435 0x07, 0x6f, 0x23, 0x54, 0xb9, 0x6f, 0x79, 0xe5,
4436 0x64, 0xc0, 0x64, 0xda, 0xb1, 0xae, 0xdd, 0x60,
4437 0x6c, 0x1a, 0x9d, 0xd3, 0x04, 0x8e, 0x45, 0xb0,
4438 0x92, 0x61, 0xd0, 0x48, 0x81, 0xed, 0x5e, 0x1d,
4439 0xa0, 0xc9, 0xa4, 0x33, 0xc7, 0x13, 0x51, 0x5d,
4440 0x7f, 0x83, 0x73, 0xb6, 0x70, 0x18, 0x65, 0x3e,
4441 0x2f, 0x0e, 0x7a, 0x12, 0x39, 0x98, 0xab, 0xd8,
4442 0x7e, 0x6f, 0xa3, 0xd1, 0xba, 0x56, 0xad, 0xbd,
4443 0xf0, 0x03, 0x01, 0x1c, 0x85, 0x35, 0x9f, 0xeb,
4444 0x19, 0x63, 0xa1, 0xaf, 0xfe, 0x2d, 0x35, 0x50,
4445 0x39, 0xa0, 0x65, 0x7c, 0x95, 0x7e, 0x6b, 0xfe,
4446 0xc1, 0xac, 0x07, 0x7c, 0x98, 0x4f, 0xbe, 0x57,
4447 0xa7, 0x22, 0xec, 0xe2, 0x7e, 0x29, 0x09, 0x53,
4448 0xe8, 0xbf, 0xb4, 0x7e, 0x3f, 0x8f, 0xfc, 0x14,
4449 0xce, 0x54, 0xf9, 0x18, 0x58, 0xb5, 0xff, 0x44,
4450 0x05, 0x9d, 0xce, 0x1b, 0xb6, 0x82, 0x23, 0xc8,
4451 0x2e, 0xbc, 0x69, 0xbb, 0x4a, 0x29, 0x0f, 0x65,
4452 0x94, 0xf0, 0x63, 0x06, 0x0e, 0xef, 0x8c, 0xbd,
4453 0xff, 0xfd, 0xb0, 0x21, 0x6e, 0x57, 0x05, 0x75,
4454 0xda, 0xd5, 0xc4, 0xeb, 0x8d, 0x32, 0xf7, 0x50,
4455 0xd3, 0x6f, 0x22, 0xed, 0x5f, 0x8e, 0xa2, 0x5b,
4456 0x80, 0x8c, 0xc8, 0x78, 0x40, 0x24, 0x4b, 0x89,
4457 0x30, 0xce, 0x7a, 0x97, 0x0e, 0xc4, 0xaf, 0xef,
4458 0x9b, 0xb4, 0xcd, 0x66, 0x74, 0x14, 0x04, 0x2b,
4459 0xf7, 0xce, 0x0b, 0x1c, 0x6e, 0xc2, 0x78, 0x8c,
4460 0xca, 0xc5, 0xd0, 0x1c, 0x95, 0x4a, 0x91, 0x2d,
4461 0xa7, 0x20, 0xeb, 0x86, 0x52, 0xb7, 0x67, 0xd8,
4462 0x0c, 0xd6, 0x04, 0x14, 0xde, 0x51, 0x74, 0x75,
4463 0xe7, 0x11, 0xb4, 0x87, 0xa3, 0x3d, 0x2d, 0xad,
4464 0x4f, 0xef, 0xa0, 0x0f, 0x70, 0x00, 0x6d, 0x13,
4465 0x19, 0x1d, 0x41, 0x50, 0xe9, 0xd8, 0xf0, 0x32,
4466 0x71, 0xbc, 0xd3, 0x11, 0xf2, 0xac, 0xbe, 0xaf,
4467 0x75, 0x46, 0x65, 0x4e, 0x07, 0x34, 0x37, 0xa3,
4468 0x89, 0xfe, 0x75, 0xd4, 0x70, 0x4c, 0xc6, 0x3f,
4469 0x69, 0x24, 0x0e, 0x38, 0x67, 0x43, 0x8c, 0xde,
4470 0x06, 0xb5, 0xb8, 0xe7, 0xc4, 0xf0, 0x41, 0x8f,
4471 0xf0, 0xbd, 0x2f, 0x0b, 0xb9, 0x18, 0xf8, 0xde,
4472 0x64, 0xb1, 0xdb, 0xee, 0x00, 0x50, 0x77, 0xe1,
4473 0xc7, 0xff, 0xa6, 0xfa, 0xdd, 0x70, 0xf4, 0xe3,
4474 0x93, 0xe9, 0x77, 0x35, 0x3d, 0x4b, 0x2f, 0x2b,
4475 0x6d, 0x55, 0xf0, 0xfc, 0x88, 0x54, 0x4e, 0x89,
4476 0xc1, 0x8a, 0x23, 0x31, 0x2d, 0x14, 0x2a, 0xb8,
4477 0x1b, 0x15, 0xdd, 0x9e, 0x6e, 0x7b, 0xda, 0x05,
4478 0x91, 0x7d, 0x62, 0x64, 0x96, 0x72, 0xde, 0xfc,
4479 0xc1, 0xec, 0xf0, 0x23, 0x51, 0x6f, 0xdb, 0x5b,
4480 0x1d, 0x08, 0x57, 0xce, 0x09, 0xb8, 0xf6, 0xcd,
4481 0x8d, 0x95, 0xf2, 0x20, 0xbf, 0x0f, 0x20, 0x57,
4482 0x98, 0x81, 0x84, 0x4f, 0x15, 0x5c, 0x76, 0xe7,
4483 0x3e, 0x0a, 0x3a, 0x6c, 0xc4, 0x8a, 0xbe, 0x78,
4484 0x74, 0x77, 0xc3, 0x09, 0x4b, 0x5d, 0x48, 0xe4,
4485 0xc8, 0xcb, 0x0b, 0xea, 0x17, 0x28, 0xcf, 0xcf,
4486 0x31, 0x32, 0x44, 0xa4, 0xe5, 0x0e, 0x1a, 0x98,
4487 0x94, 0xc4, 0xf0, 0xff, 0xae, 0x3e, 0x44, 0xe8,
4488 0xa5, 0xb3, 0xb5, 0x37, 0x2f, 0xe8, 0xaf, 0x6f,
4489 0x28, 0xc1, 0x37, 0x5f, 0x31, 0xd2, 0xb9, 0x33,
4490 0xb1, 0xb2, 0x52, 0x94, 0x75, 0x2c, 0x29, 0x59,
4491 0x06, 0xc2, 0x25, 0xe8, 0x71, 0x65, 0x4e, 0xed,
4492 0xc0, 0x9c, 0xb1, 0xbb, 0x25, 0xdc, 0x6c, 0xe7,
4493 0x4b, 0xa5, 0x7a, 0x54, 0x7a, 0x60, 0xff, 0x7a,
4494 0xe0, 0x50, 0x40, 0x96, 0x35, 0x63, 0xe4, 0x0b,
4495 0x76, 0xbd, 0xa4, 0x65, 0x00, 0x1b, 0x57, 0x88,
4496 0xae, 0xed, 0x39, 0x88, 0x42, 0x11, 0x3c, 0xed,
4497 0x85, 0x67, 0x7d, 0xb9, 0x68, 0x82, 0xe9, 0x43,
4498 0x3c, 0x47, 0x53, 0xfa, 0xe8, 0xf8, 0x9f, 0x1f,
4499 0x9f, 0xef, 0x0f, 0xf7, 0x30, 0xd9, 0x30, 0x0e,
4500 0xb9, 0x9f, 0x69, 0x18, 0x2f, 0x7e, 0xf8, 0xf8,
4501 0xf8, 0x8c, 0x0f, 0xd4, 0x02, 0x4d, 0xea, 0xcd,
4502 0x0a, 0x9c, 0x6f, 0x71, 0x6d, 0x5a, 0x4c, 0x60,
4503 0xce, 0x20, 0x56, 0x32, 0xc6, 0xc5, 0x99, 0x1f,
4504 0x09, 0xe6, 0x4e, 0x18, 0x1a, 0x15, 0x13, 0xa8,
4505 0x7d, 0xb1, 0x6b, 0xc0, 0xb2, 0x6d, 0xf8, 0x26,
4506 0x66, 0xf8, 0x3d, 0x18, 0x74, 0x70, 0x66, 0x7a,
4507 0x34, 0x17, 0xde, 0xba, 0x47, 0xf1, 0x06, 0x18,
4508 0xcb, 0xaf, 0xeb, 0x4a, 0x1e, 0x8f, 0xa7, 0x77,
4509 0xe0, 0x3b, 0x78, 0x62, 0x66, 0xc9, 0x10, 0xea,
4510 0x1f, 0xb7, 0x29, 0x0a, 0x45, 0xa1, 0x1d, 0x1e,
4511 0x1d, 0xe2, 0x65, 0x61, 0x50, 0x9c, 0xd7, 0x05,
4512 0xf2, 0x0b, 0x5b, 0x12, 0x61, 0x02, 0xc8, 0xe5,
4513 0x63, 0x4f, 0x20, 0x0c, 0x07, 0x17, 0x33, 0x5e,
4514 0x03, 0x9a, 0x53, 0x0f, 0x2e, 0x55, 0xfe, 0x50,
4515 0x43, 0x7d, 0xd0, 0xb6, 0x7e, 0x5a, 0xda, 0xae,
4516 0x58, 0xef, 0x15, 0xa9, 0x83, 0xd9, 0x46, 0xb1,
4517 0x42, 0xaa, 0xf5, 0x02, 0x6c, 0xce, 0x92, 0x06,
4518 0x1b, 0xdb, 0x66, 0x45, 0x91, 0x79, 0xc2, 0x2d,
4519 0xe6, 0x53, 0xd3, 0x14, 0xfd, 0xbb, 0x44, 0x63,
4520 0xc6, 0xd7, 0x3d, 0x7a, 0x0c, 0x75, 0x78, 0x9d,
4521 0x5c, 0xa6, 0x39, 0xb3, 0xe5, 0x63, 0xca, 0x8b,
4522 0xfe, 0xd3, 0xef, 0x60, 0x83, 0xf6, 0x8e, 0x70,
4523 0xb6, 0x67, 0xc7, 0x77, 0xed, 0x23, 0xef, 0x4c,
4524 0xf0, 0xed, 0x2d, 0x07, 0x59, 0x6f, 0xc1, 0x01,
4525 0x34, 0x37, 0x08, 0xab, 0xd9, 0x1f, 0x09, 0xb1,
4526 0xce, 0x5b, 0x17, 0xff, 0x74, 0xf8, 0x9c, 0xd5,
4527 0x2c, 0x56, 0x39, 0x79, 0x0f, 0x69, 0x44, 0x75,
4528 0x58, 0x27, 0x01, 0xc4, 0xbf, 0xa7, 0xa1, 0x1d,
4529 0x90, 0x17, 0x77, 0x86, 0x5a, 0x3f, 0xd9, 0xd1,
4530 0x0e, 0xa0, 0x10, 0xf8, 0xec, 0x1e, 0xa5, 0x7f,
4531 0x5e, 0x36, 0xd1, 0xe3, 0x04, 0x2c, 0x70, 0xf7,
4532 0x8e, 0xc0, 0x98, 0x2f, 0x6c, 0x94, 0x2b, 0x41,
4533 0xb7, 0x60, 0x00, 0xb7, 0x2e, 0xb8, 0x02, 0x8d,
4534 0xb8, 0xb0, 0xd3, 0x86, 0xba, 0x1d, 0xd7, 0x90,
4535 0xd6, 0xb6, 0xe1, 0xfc, 0xd7, 0xd8, 0x28, 0x06,
4536 0x63, 0x9b, 0xce, 0x61, 0x24, 0x79, 0xc0, 0x70,
4537 0x52, 0xd0, 0xb6, 0xd4, 0x28, 0x95, 0x24, 0x87,
4538 0x03, 0x1f, 0xb7, 0x9a, 0xda, 0xa3, 0xfb, 0x52,
4539 0x5b, 0x68, 0xe7, 0x4c, 0x8c, 0x24, 0xe1, 0x42,
4540 0xf7, 0xd5, 0xfd, 0xad, 0x06, 0x32, 0x9f, 0xba,
4541 0xc1, 0xfc, 0xdd, 0xc6, 0xfc, 0xfc, 0xb3, 0x38,
4542 0x74, 0x56, 0x58, 0x40, 0x02, 0x37, 0x52, 0x2c,
4543 0x55, 0xcc, 0xb3, 0x9e, 0x7a, 0xe9, 0xd4, 0x38,
4544 0x41, 0x5e, 0x0c, 0x35, 0xe2, 0x11, 0xd1, 0x13,
4545 0xf8, 0xb7, 0x8d, 0x72, 0x6b, 0x22, 0x2a, 0xb0,
4546 0xdb, 0x08, 0xba, 0x35, 0xb9, 0x3f, 0xc8, 0xd3,
4547 0x24, 0x90, 0xec, 0x58, 0xd2, 0x09, 0xc7, 0x2d,
4548 0xed, 0x38, 0x80, 0x36, 0x72, 0x43, 0x27, 0x49,
4549 0x4a, 0x80, 0x8a, 0xa2, 0xe8, 0xd3, 0xda, 0x30,
4550 0x7d, 0xb6, 0x82, 0x37, 0x86, 0x92, 0x86, 0x3e,
4551 0x08, 0xb2, 0x28, 0x5a, 0x55, 0x44, 0x24, 0x7d,
4552 0x40, 0x48, 0x8a, 0xb6, 0x89, 0x58, 0x08, 0xa0,
4553 0xd6, 0x6d, 0x3a, 0x17, 0xbf, 0xf6, 0x54, 0xa2,
4554 0xf5, 0xd3, 0x8c, 0x0f, 0x78, 0x12, 0x57, 0x8b,
4555 0xd5, 0xc2, 0xfd, 0x58, 0x5b, 0x7f, 0x38, 0xe3,
4556 0xcc, 0xb7, 0x7c, 0x48, 0xb3, 0x20, 0xe8, 0x81,
4557 0x14, 0x32, 0x45, 0x05, 0xe0, 0xdb, 0x9f, 0x75,
4558 0x85, 0xb4, 0x6a, 0xfc, 0x95, 0xe3, 0x54, 0x22,
4559 0x12, 0xee, 0x30, 0xfe, 0xd8, 0x30, 0xef, 0x34,
4560 0x50, 0xab, 0x46, 0x30, 0x98, 0x2f, 0xb7, 0xc0,
4561 0x15, 0xa2, 0x83, 0xb6, 0xf2, 0x06, 0x21, 0xa2,
4562 0xc3, 0x26, 0x37, 0x14, 0xd1, 0x4d, 0xb5, 0x10,
4563 0x52, 0x76, 0x4d, 0x6a, 0xee, 0xb5, 0x2b, 0x15,
4564 0xb7, 0xf9, 0x51, 0xe8, 0x2a, 0xaf, 0xc7, 0xfa,
4565 0x77, 0xaf, 0xb0, 0x05, 0x4d, 0xd1, 0x68, 0x8e,
4566 0x74, 0x05, 0x9f, 0x9d, 0x93, 0xa5, 0x3e, 0x7f,
4567 0x4e, 0x5f, 0x9d, 0xcb, 0x09, 0xc7, 0x83, 0xe3,
4568 0x02, 0x9d, 0x27, 0x1f, 0xef, 0x85, 0x05, 0x8d,
4569 0xec, 0x55, 0x88, 0x0f, 0x0d, 0x7c, 0x4c, 0xe8,
4570 0xa1, 0x75, 0xa0, 0xd8, 0x06, 0x47, 0x14, 0xef,
4571 0xaa, 0x61, 0xcf, 0x26, 0x15, 0xad, 0xd8, 0xa3,
4572 0xaa, 0x75, 0xf2, 0x78, 0x4a, 0x5a, 0x61, 0xdf,
4573 0x8b, 0xc7, 0x04, 0xbc, 0xb2, 0x32, 0xd2, 0x7e,
4574 0x42, 0xee, 0xb4, 0x2f, 0x51, 0xff, 0x7b, 0x2e,
4575 0xd3, 0x02, 0xe8, 0xdc, 0x5d, 0x0d, 0x50, 0xdc,
4576 0xae, 0xb7, 0x46, 0xf9, 0xa8, 0xe6, 0xd0, 0x16,
4577 0xcc, 0xe6, 0x2c, 0x81, 0xc7, 0xad, 0xe9, 0xf0,
4578 0x05, 0x72, 0x6d, 0x3d, 0x0a, 0x7a, 0xa9, 0x02,
4579 0xac, 0x82, 0x93, 0x6e, 0xb6, 0x1c, 0x28, 0xfc,
4580 0x44, 0x12, 0xfb, 0x73, 0x77, 0xd4, 0x13, 0x39,
4581 0x29, 0x88, 0x8a, 0xf3, 0x5c, 0xa6, 0x36, 0xa0,
4582 0x2a, 0xed, 0x7e, 0xb1, 0x1d, 0xd6, 0x4c, 0x6b,
4583 0x41, 0x01, 0x18, 0x5d, 0x5d, 0x07, 0x97, 0xa6,
4584 0x4b, 0xef, 0x31, 0x18, 0xea, 0xac, 0xb1, 0x84,
4585 0x21, 0xed, 0xda, 0x86,
4586 },
4587 .rlen = 4100,
4588 },
4589};
4590
4591static struct cipher_testvec aes_ctr_dec_tv_template[] = {
4592 { /* From RFC 3686 */
4593 .key = { 0xae, 0x68, 0x52, 0xf8, 0x12, 0x10, 0x67, 0xcc,
4594 0x4b, 0xf7, 0xa5, 0x76, 0x55, 0x77, 0xf3, 0x9e,
4595 0x00, 0x00, 0x00, 0x30 },
4596 .klen = 20,
4597 .iv = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
4598 .input = { 0xe4, 0x09, 0x5d, 0x4f, 0xb7, 0xa7, 0xb3, 0x79,
4599 0x2d, 0x61, 0x75, 0xa3, 0x26, 0x13, 0x11, 0xb8 },
4600 .ilen = 16,
4601 .result = { "Single block msg" },
4602 .rlen = 16,
4603 }, {
4604 .key = { 0x7e, 0x24, 0x06, 0x78, 0x17, 0xfa, 0xe0, 0xd7,
4605 0x43, 0xd6, 0xce, 0x1f, 0x32, 0x53, 0x91, 0x63,
4606 0x00, 0x6c, 0xb6, 0xdb },
4607 .klen = 20,
4608 .iv = { 0xc0, 0x54, 0x3b, 0x59, 0xda, 0x48, 0xd9, 0x0b },
4609 .input = { 0x51, 0x04, 0xa1, 0x06, 0x16, 0x8a, 0x72, 0xd9,
4610 0x79, 0x0d, 0x41, 0xee, 0x8e, 0xda, 0xd3, 0x88,
4611 0xeb, 0x2e, 0x1e, 0xfc, 0x46, 0xda, 0x57, 0xc8,
4612 0xfc, 0xe6, 0x30, 0xdf, 0x91, 0x41, 0xbe, 0x28 },
4613 .ilen = 32,
4614 .result = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
4615 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
4616 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
4617 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f },
4618 .rlen = 32,
4619 }, {
4620 .key = { 0x16, 0xaf, 0x5b, 0x14, 0x5f, 0xc9, 0xf5, 0x79,
4621 0xc1, 0x75, 0xf9, 0x3e, 0x3b, 0xfb, 0x0e, 0xed,
4622 0x86, 0x3d, 0x06, 0xcc, 0xfd, 0xb7, 0x85, 0x15,
4623 0x00, 0x00, 0x00, 0x48 },
4624 .klen = 28,
4625 .iv = { 0x36, 0x73, 0x3c, 0x14, 0x7d, 0x6d, 0x93, 0xcb },
4626 .input = { 0x4b, 0x55, 0x38, 0x4f, 0xe2, 0x59, 0xc9, 0xc8,
4627 0x4e, 0x79, 0x35, 0xa0, 0x03, 0xcb, 0xe9, 0x28 },
4628 .ilen = 16,
4629 .result = { "Single block msg" },
4630 .rlen = 16,
4631 }, {
4632 .key = { 0x7c, 0x5c, 0xb2, 0x40, 0x1b, 0x3d, 0xc3, 0x3c,
4633 0x19, 0xe7, 0x34, 0x08, 0x19, 0xe0, 0xf6, 0x9c,
4634 0x67, 0x8c, 0x3d, 0xb8, 0xe6, 0xf6, 0xa9, 0x1a,
4635 0x00, 0x96, 0xb0, 0x3b },
4636 .klen = 28,
4637 .iv = { 0x02, 0x0c, 0x6e, 0xad, 0xc2, 0xcb, 0x50, 0x0d },
4638 .input = { 0x45, 0x32, 0x43, 0xfc, 0x60, 0x9b, 0x23, 0x32,
4639 0x7e, 0xdf, 0xaa, 0xfa, 0x71, 0x31, 0xcd, 0x9f,
4640 0x84, 0x90, 0x70, 0x1c, 0x5a, 0xd4, 0xa7, 0x9c,
4641 0xfc, 0x1f, 0xe0, 0xff, 0x42, 0xf4, 0xfb, 0x00 },
4642 .ilen = 32,
4643 .result = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
4644 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
4645 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
4646 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f },
4647 .rlen = 32,
4648 }, {
4649 .key = { 0x77, 0x6b, 0xef, 0xf2, 0x85, 0x1d, 0xb0, 0x6f,
4650 0x4c, 0x8a, 0x05, 0x42, 0xc8, 0x69, 0x6f, 0x6c,
4651 0x6a, 0x81, 0xaf, 0x1e, 0xec, 0x96, 0xb4, 0xd3,
4652 0x7f, 0xc1, 0xd6, 0x89, 0xe6, 0xc1, 0xc1, 0x04,
4653 0x00, 0x00, 0x00, 0x60 },
4654 .klen = 36,
4655 .iv = { 0xdb, 0x56, 0x72, 0xc9, 0x7a, 0xa8, 0xf0, 0xb2 },
4656 .input = { 0x14, 0x5a, 0xd0, 0x1d, 0xbf, 0x82, 0x4e, 0xc7,
4657 0x56, 0x08, 0x63, 0xdc, 0x71, 0xe3, 0xe0, 0xc0 },
4658 .ilen = 16,
4659 .result = { "Single block msg" },
4660 .rlen = 16,
4661 }, {
4662 .key = { 0xf6, 0xd6, 0x6d, 0x6b, 0xd5, 0x2d, 0x59, 0xbb,
4663 0x07, 0x96, 0x36, 0x58, 0x79, 0xef, 0xf8, 0x86,
4664 0xc6, 0x6d, 0xd5, 0x1a, 0x5b, 0x6a, 0x99, 0x74,
4665 0x4b, 0x50, 0x59, 0x0c, 0x87, 0xa2, 0x38, 0x84,
4666 0x00, 0xfa, 0xac, 0x24 },
4667 .klen = 36,
4668 .iv = { 0xc1, 0x58, 0x5e, 0xf1, 0x5a, 0x43, 0xd8, 0x75 },
4669 .input = { 0xf0, 0x5e, 0x23, 0x1b, 0x38, 0x94, 0x61, 0x2c,
4670 0x49, 0xee, 0x00, 0x0b, 0x80, 0x4e, 0xb2, 0xa9,
4671 0xb8, 0x30, 0x6b, 0x50, 0x8f, 0x83, 0x9d, 0x6a,
4672 0x55, 0x30, 0x83, 0x1d, 0x93, 0x44, 0xaf, 0x1c },
4673 .ilen = 32,
4674 .result = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
4675 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
4676 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
4677 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f },
4678 .rlen = 32,
4679 },
4680};
4681
4682static struct aead_testvec aes_gcm_enc_tv_template[] = {
4683 { /* From McGrew & Viega - http://citeseer.ist.psu.edu/656989.html */
4684 .klen = 16,
4685 .result = { 0x58, 0xe2, 0xfc, 0xce, 0xfa, 0x7e, 0x30, 0x61,
4686 0x36, 0x7f, 0x1d, 0x57, 0xa4, 0xe7, 0x45, 0x5a },
4687 .rlen = 16,
4688 }, {
4689 .klen = 16,
4690 .ilen = 16,
4691 .result = { 0x03, 0x88, 0xda, 0xce, 0x60, 0xb6, 0xa3, 0x92,
4692 0xf3, 0x28, 0xc2, 0xb9, 0x71, 0xb2, 0xfe, 0x78,
4693 0xab, 0x6e, 0x47, 0xd4, 0x2c, 0xec, 0x13, 0xbd,
4694 0xf5, 0x3a, 0x67, 0xb2, 0x12, 0x57, 0xbd, 0xdf },
4695 .rlen = 32,
4696 }, {
4697 .key = { 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
4698 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08 },
4699 .klen = 16,
4700 .iv = { 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad,
4701 0xde, 0xca, 0xf8, 0x88 },
4702 .input = { 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5,
4703 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a,
4704 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
4705 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72,
4706 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53,
4707 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
4708 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57,
4709 0xba, 0x63, 0x7b, 0x39, 0x1a, 0xaf, 0xd2, 0x55 },
4710 .ilen = 64,
4711 .result = { 0x42, 0x83, 0x1e, 0xc2, 0x21, 0x77, 0x74, 0x24,
4712 0x4b, 0x72, 0x21, 0xb7, 0x84, 0xd0, 0xd4, 0x9c,
4713 0xe3, 0xaa, 0x21, 0x2f, 0x2c, 0x02, 0xa4, 0xe0,
4714 0x35, 0xc1, 0x7e, 0x23, 0x29, 0xac, 0xa1, 0x2e,
4715 0x21, 0xd5, 0x14, 0xb2, 0x54, 0x66, 0x93, 0x1c,
4716 0x7d, 0x8f, 0x6a, 0x5a, 0xac, 0x84, 0xaa, 0x05,
4717 0x1b, 0xa3, 0x0b, 0x39, 0x6a, 0x0a, 0xac, 0x97,
4718 0x3d, 0x58, 0xe0, 0x91, 0x47, 0x3f, 0x59, 0x85,
4719 0x4d, 0x5c, 0x2a, 0xf3, 0x27, 0xcd, 0x64, 0xa6,
4720 0x2c, 0xf3, 0x5a, 0xbd, 0x2b, 0xa6, 0xfa, 0xb4 },
4721 .rlen = 80,
4722 }, {
4723 .key = { 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
4724 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08 },
4725 .klen = 16,
4726 .iv = { 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad,
4727 0xde, 0xca, 0xf8, 0x88 },
4728 .input = { 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5,
4729 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a,
4730 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
4731 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72,
4732 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53,
4733 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
4734 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57,
4735 0xba, 0x63, 0x7b, 0x39 },
4736 .ilen = 60,
4737 .assoc = { 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
4738 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
4739 0xab, 0xad, 0xda, 0xd2 },
4740 .alen = 20,
4741 .result = { 0x42, 0x83, 0x1e, 0xc2, 0x21, 0x77, 0x74, 0x24,
4742 0x4b, 0x72, 0x21, 0xb7, 0x84, 0xd0, 0xd4, 0x9c,
4743 0xe3, 0xaa, 0x21, 0x2f, 0x2c, 0x02, 0xa4, 0xe0,
4744 0x35, 0xc1, 0x7e, 0x23, 0x29, 0xac, 0xa1, 0x2e,
4745 0x21, 0xd5, 0x14, 0xb2, 0x54, 0x66, 0x93, 0x1c,
4746 0x7d, 0x8f, 0x6a, 0x5a, 0xac, 0x84, 0xaa, 0x05,
4747 0x1b, 0xa3, 0x0b, 0x39, 0x6a, 0x0a, 0xac, 0x97,
4748 0x3d, 0x58, 0xe0, 0x91,
4749 0x5b, 0xc9, 0x4f, 0xbc, 0x32, 0x21, 0xa5, 0xdb,
4750 0x94, 0xfa, 0xe9, 0x5a, 0xe7, 0x12, 0x1a, 0x47 },
4751 .rlen = 76,
4752 }, {
4753 .klen = 24,
4754 .result = { 0xcd, 0x33, 0xb2, 0x8a, 0xc7, 0x73, 0xf7, 0x4b,
4755 0xa0, 0x0e, 0xd1, 0xf3, 0x12, 0x57, 0x24, 0x35 },
4756 .rlen = 16,
4757 }, {
4758 .klen = 24,
4759 .ilen = 16,
4760 .result = { 0x98, 0xe7, 0x24, 0x7c, 0x07, 0xf0, 0xfe, 0x41,
4761 0x1c, 0x26, 0x7e, 0x43, 0x84, 0xb0, 0xf6, 0x00,
4762 0x2f, 0xf5, 0x8d, 0x80, 0x03, 0x39, 0x27, 0xab,
4763 0x8e, 0xf4, 0xd4, 0x58, 0x75, 0x14, 0xf0, 0xfb },
4764 .rlen = 32,
4765 }, {
4766 .key = { 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
4767 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08,
4768 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c },
4769 .klen = 24,
4770 .iv = { 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad,
4771 0xde, 0xca, 0xf8, 0x88 },
4772 .input = { 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5,
4773 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a,
4774 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
4775 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72,
4776 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53,
4777 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
4778 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57,
4779 0xba, 0x63, 0x7b, 0x39, 0x1a, 0xaf, 0xd2, 0x55 },
4780 .ilen = 64,
4781 .result = { 0x39, 0x80, 0xca, 0x0b, 0x3c, 0x00, 0xe8, 0x41,
4782 0xeb, 0x06, 0xfa, 0xc4, 0x87, 0x2a, 0x27, 0x57,
4783 0x85, 0x9e, 0x1c, 0xea, 0xa6, 0xef, 0xd9, 0x84,
4784 0x62, 0x85, 0x93, 0xb4, 0x0c, 0xa1, 0xe1, 0x9c,
4785 0x7d, 0x77, 0x3d, 0x00, 0xc1, 0x44, 0xc5, 0x25,
4786 0xac, 0x61, 0x9d, 0x18, 0xc8, 0x4a, 0x3f, 0x47,
4787 0x18, 0xe2, 0x44, 0x8b, 0x2f, 0xe3, 0x24, 0xd9,
4788 0xcc, 0xda, 0x27, 0x10, 0xac, 0xad, 0xe2, 0x56,
4789 0x99, 0x24, 0xa7, 0xc8, 0x58, 0x73, 0x36, 0xbf,
4790 0xb1, 0x18, 0x02, 0x4d, 0xb8, 0x67, 0x4a, 0x14 },
4791 .rlen = 80,
4792 }, {
4793 .key = { 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
4794 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08,
4795 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c },
4796 .klen = 24,
4797 .iv = { 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad,
4798 0xde, 0xca, 0xf8, 0x88 },
4799 .input = { 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5,
4800 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a,
4801 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
4802 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72,
4803 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53,
4804 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
4805 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57,
4806 0xba, 0x63, 0x7b, 0x39 },
4807 .ilen = 60,
4808 .assoc = { 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
4809 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
4810 0xab, 0xad, 0xda, 0xd2 },
4811 .alen = 20,
4812 .result = { 0x39, 0x80, 0xca, 0x0b, 0x3c, 0x00, 0xe8, 0x41,
4813 0xeb, 0x06, 0xfa, 0xc4, 0x87, 0x2a, 0x27, 0x57,
4814 0x85, 0x9e, 0x1c, 0xea, 0xa6, 0xef, 0xd9, 0x84,
4815 0x62, 0x85, 0x93, 0xb4, 0x0c, 0xa1, 0xe1, 0x9c,
4816 0x7d, 0x77, 0x3d, 0x00, 0xc1, 0x44, 0xc5, 0x25,
4817 0xac, 0x61, 0x9d, 0x18, 0xc8, 0x4a, 0x3f, 0x47,
4818 0x18, 0xe2, 0x44, 0x8b, 0x2f, 0xe3, 0x24, 0xd9,
4819 0xcc, 0xda, 0x27, 0x10,
4820 0x25, 0x19, 0x49, 0x8e, 0x80, 0xf1, 0x47, 0x8f,
4821 0x37, 0xba, 0x55, 0xbd, 0x6d, 0x27, 0x61, 0x8c },
4822 .rlen = 76,
4823 .np = 2,
4824 .tap = { 32, 28 },
4825 .anp = 2,
4826 .atap = { 8, 12 }
4827 }, {
4828 .klen = 32,
4829 .result = { 0x53, 0x0f, 0x8a, 0xfb, 0xc7, 0x45, 0x36, 0xb9,
4830 0xa9, 0x63, 0xb4, 0xf1, 0xc4, 0xcb, 0x73, 0x8b },
4831 .rlen = 16,
4832 }
4833};
4834
4835static struct aead_testvec aes_gcm_dec_tv_template[] = {
4836 { /* From McGrew & Viega - http://citeseer.ist.psu.edu/656989.html */
4837 .klen = 32,
4838 .input = { 0xce, 0xa7, 0x40, 0x3d, 0x4d, 0x60, 0x6b, 0x6e,
4839 0x07, 0x4e, 0xc5, 0xd3, 0xba, 0xf3, 0x9d, 0x18,
4840 0xd0, 0xd1, 0xc8, 0xa7, 0x99, 0x99, 0x6b, 0xf0,
4841 0x26, 0x5b, 0x98, 0xb5, 0xd4, 0x8a, 0xb9, 0x19 },
4842 .ilen = 32,
4843 .rlen = 16,
4844 }, {
4845 .key = { 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
4846 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08,
4847 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
4848 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08 },
4849 .klen = 32,
4850 .iv = { 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad,
4851 0xde, 0xca, 0xf8, 0x88 },
4852 .input = { 0x52, 0x2d, 0xc1, 0xf0, 0x99, 0x56, 0x7d, 0x07,
4853 0xf4, 0x7f, 0x37, 0xa3, 0x2a, 0x84, 0x42, 0x7d,
4854 0x64, 0x3a, 0x8c, 0xdc, 0xbf, 0xe5, 0xc0, 0xc9,
4855 0x75, 0x98, 0xa2, 0xbd, 0x25, 0x55, 0xd1, 0xaa,
4856 0x8c, 0xb0, 0x8e, 0x48, 0x59, 0x0d, 0xbb, 0x3d,
4857 0xa7, 0xb0, 0x8b, 0x10, 0x56, 0x82, 0x88, 0x38,
4858 0xc5, 0xf6, 0x1e, 0x63, 0x93, 0xba, 0x7a, 0x0a,
4859 0xbc, 0xc9, 0xf6, 0x62, 0x89, 0x80, 0x15, 0xad,
4860 0xb0, 0x94, 0xda, 0xc5, 0xd9, 0x34, 0x71, 0xbd,
4861 0xec, 0x1a, 0x50, 0x22, 0x70, 0xe3, 0xcc, 0x6c },
4862 .ilen = 80,
4863 .result = { 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5,
4864 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a,
4865 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
4866 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72,
4867 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53,
4868 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
4869 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57,
4870 0xba, 0x63, 0x7b, 0x39, 0x1a, 0xaf, 0xd2, 0x55 },
4871 .rlen = 64,
4872 }, {
4873 .key = { 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
4874 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08,
4875 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
4876 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08 },
4877 .klen = 32,
4878 .iv = { 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad,
4879 0xde, 0xca, 0xf8, 0x88 },
4880 .input = { 0x52, 0x2d, 0xc1, 0xf0, 0x99, 0x56, 0x7d, 0x07,
4881 0xf4, 0x7f, 0x37, 0xa3, 0x2a, 0x84, 0x42, 0x7d,
4882 0x64, 0x3a, 0x8c, 0xdc, 0xbf, 0xe5, 0xc0, 0xc9,
4883 0x75, 0x98, 0xa2, 0xbd, 0x25, 0x55, 0xd1, 0xaa,
4884 0x8c, 0xb0, 0x8e, 0x48, 0x59, 0x0d, 0xbb, 0x3d,
4885 0xa7, 0xb0, 0x8b, 0x10, 0x56, 0x82, 0x88, 0x38,
4886 0xc5, 0xf6, 0x1e, 0x63, 0x93, 0xba, 0x7a, 0x0a,
4887 0xbc, 0xc9, 0xf6, 0x62,
4888 0x76, 0xfc, 0x6e, 0xce, 0x0f, 0x4e, 0x17, 0x68,
4889 0xcd, 0xdf, 0x88, 0x53, 0xbb, 0x2d, 0x55, 0x1b },
4890 .ilen = 76,
4891 .assoc = { 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
4892 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
4893 0xab, 0xad, 0xda, 0xd2 },
4894 .alen = 20,
4895 .result = { 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5,
4896 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a,
4897 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
4898 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72,
4899 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53,
4900 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
4901 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57,
4902 0xba, 0x63, 0x7b, 0x39 },
4903 .rlen = 60,
4904 .np = 2,
4905 .tap = { 48, 28 },
4906 .anp = 3,
4907 .atap = { 8, 8, 4 }
4908 }, {
4909 .key = { 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
4910 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08 },
4911 .klen = 16,
4912 .iv = { 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad,
4913 0xde, 0xca, 0xf8, 0x88 },
4914 .input = { 0x42, 0x83, 0x1e, 0xc2, 0x21, 0x77, 0x74, 0x24,
4915 0x4b, 0x72, 0x21, 0xb7, 0x84, 0xd0, 0xd4, 0x9c,
4916 0xe3, 0xaa, 0x21, 0x2f, 0x2c, 0x02, 0xa4, 0xe0,
4917 0x35, 0xc1, 0x7e, 0x23, 0x29, 0xac, 0xa1, 0x2e,
4918 0x21, 0xd5, 0x14, 0xb2, 0x54, 0x66, 0x93, 0x1c,
4919 0x7d, 0x8f, 0x6a, 0x5a, 0xac, 0x84, 0xaa, 0x05,
4920 0x1b, 0xa3, 0x0b, 0x39, 0x6a, 0x0a, 0xac, 0x97,
4921 0x3d, 0x58, 0xe0, 0x91, 0x47, 0x3f, 0x59, 0x85,
4922 0x4d, 0x5c, 0x2a, 0xf3, 0x27, 0xcd, 0x64, 0xa6,
4923 0x2c, 0xf3, 0x5a, 0xbd, 0x2b, 0xa6, 0xfa, 0xb4 },
4924 .ilen = 80,
4925 .result = { 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5,
4926 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a,
4927 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
4928 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72,
4929 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53,
4930 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
4931 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57,
4932 0xba, 0x63, 0x7b, 0x39, 0x1a, 0xaf, 0xd2, 0x55 },
4933 .rlen = 64,
4934 }, {
4935 .key = { 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
4936 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08 },
4937 .klen = 16,
4938 .iv = { 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad,
4939 0xde, 0xca, 0xf8, 0x88 },
4940 .input = { 0x42, 0x83, 0x1e, 0xc2, 0x21, 0x77, 0x74, 0x24,
4941 0x4b, 0x72, 0x21, 0xb7, 0x84, 0xd0, 0xd4, 0x9c,
4942 0xe3, 0xaa, 0x21, 0x2f, 0x2c, 0x02, 0xa4, 0xe0,
4943 0x35, 0xc1, 0x7e, 0x23, 0x29, 0xac, 0xa1, 0x2e,
4944 0x21, 0xd5, 0x14, 0xb2, 0x54, 0x66, 0x93, 0x1c,
4945 0x7d, 0x8f, 0x6a, 0x5a, 0xac, 0x84, 0xaa, 0x05,
4946 0x1b, 0xa3, 0x0b, 0x39, 0x6a, 0x0a, 0xac, 0x97,
4947 0x3d, 0x58, 0xe0, 0x91,
4948 0x5b, 0xc9, 0x4f, 0xbc, 0x32, 0x21, 0xa5, 0xdb,
4949 0x94, 0xfa, 0xe9, 0x5a, 0xe7, 0x12, 0x1a, 0x47 },
4950 .ilen = 76,
4951 .assoc = { 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
4952 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
4953 0xab, 0xad, 0xda, 0xd2 },
4954 .alen = 20,
4955 .result = { 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5,
4956 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a,
4957 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
4958 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72,
4959 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53,
4960 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
4961 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57,
4962 0xba, 0x63, 0x7b, 0x39 },
4963 .rlen = 60,
4964 }, {
4965 .klen = 24,
4966 .input = { 0x98, 0xe7, 0x24, 0x7c, 0x07, 0xf0, 0xfe, 0x41,
4967 0x1c, 0x26, 0x7e, 0x43, 0x84, 0xb0, 0xf6, 0x00,
4968 0x2f, 0xf5, 0x8d, 0x80, 0x03, 0x39, 0x27, 0xab,
4969 0x8e, 0xf4, 0xd4, 0x58, 0x75, 0x14, 0xf0, 0xfb },
4970 .ilen = 32,
4971 .rlen = 16,
4972 }, {
4973 .key = { 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
4974 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08,
4975 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c },
4976 .klen = 24,
4977 .iv = { 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad,
4978 0xde, 0xca, 0xf8, 0x88 },
4979 .input = { 0x39, 0x80, 0xca, 0x0b, 0x3c, 0x00, 0xe8, 0x41,
4980 0xeb, 0x06, 0xfa, 0xc4, 0x87, 0x2a, 0x27, 0x57,
4981 0x85, 0x9e, 0x1c, 0xea, 0xa6, 0xef, 0xd9, 0x84,
4982 0x62, 0x85, 0x93, 0xb4, 0x0c, 0xa1, 0xe1, 0x9c,
4983 0x7d, 0x77, 0x3d, 0x00, 0xc1, 0x44, 0xc5, 0x25,
4984 0xac, 0x61, 0x9d, 0x18, 0xc8, 0x4a, 0x3f, 0x47,
4985 0x18, 0xe2, 0x44, 0x8b, 0x2f, 0xe3, 0x24, 0xd9,
4986 0xcc, 0xda, 0x27, 0x10, 0xac, 0xad, 0xe2, 0x56,
4987 0x99, 0x24, 0xa7, 0xc8, 0x58, 0x73, 0x36, 0xbf,
4988 0xb1, 0x18, 0x02, 0x4d, 0xb8, 0x67, 0x4a, 0x14 },
4989 .ilen = 80,
4990 .result = { 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5,
4991 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a,
4992 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
4993 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72,
4994 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53,
4995 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
4996 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57,
4997 0xba, 0x63, 0x7b, 0x39, 0x1a, 0xaf, 0xd2, 0x55 },
4998 .rlen = 64,
4999 }, {
5000 .key = { 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
5001 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08,
5002 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c },
5003 .klen = 24,
5004 .iv = { 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad,
5005 0xde, 0xca, 0xf8, 0x88 },
5006 .input = { 0x39, 0x80, 0xca, 0x0b, 0x3c, 0x00, 0xe8, 0x41,
5007 0xeb, 0x06, 0xfa, 0xc4, 0x87, 0x2a, 0x27, 0x57,
5008 0x85, 0x9e, 0x1c, 0xea, 0xa6, 0xef, 0xd9, 0x84,
5009 0x62, 0x85, 0x93, 0xb4, 0x0c, 0xa1, 0xe1, 0x9c,
5010 0x7d, 0x77, 0x3d, 0x00, 0xc1, 0x44, 0xc5, 0x25,
5011 0xac, 0x61, 0x9d, 0x18, 0xc8, 0x4a, 0x3f, 0x47,
5012 0x18, 0xe2, 0x44, 0x8b, 0x2f, 0xe3, 0x24, 0xd9,
5013 0xcc, 0xda, 0x27, 0x10,
5014 0x25, 0x19, 0x49, 0x8e, 0x80, 0xf1, 0x47, 0x8f,
5015 0x37, 0xba, 0x55, 0xbd, 0x6d, 0x27, 0x61, 0x8c },
5016 .ilen = 76,
5017 .assoc = { 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
5018 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
5019 0xab, 0xad, 0xda, 0xd2 },
5020 .alen = 20,
5021 .result = { 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5,
5022 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a,
5023 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
5024 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72,
5025 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53,
5026 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
5027 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57,
5028 0xba, 0x63, 0x7b, 0x39 },
5029 .rlen = 60,
5030 }
5031};
5032
5033static struct aead_testvec aes_ccm_enc_tv_template[] = {
5034 { /* From RFC 3610 */
5035 .key = { 0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7,
5036 0xc8, 0xc9, 0xca, 0xcb, 0xcc, 0xcd, 0xce, 0xcf },
5037 .klen = 16,
5038 .iv = { 0x01, 0x00, 0x00, 0x00, 0x03, 0x02, 0x01, 0x00,
5039 0xa0, 0xa1, 0xa2, 0xa3, 0xa4, 0xa5, 0x00, 0x00 },
5040 .assoc = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07 },
5041 .alen = 8,
5042 .input = { 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
5043 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
5044 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e },
5045 .ilen = 23,
5046 .result = { 0x58, 0x8c, 0x97, 0x9a, 0x61, 0xc6, 0x63, 0xd2,
5047 0xf0, 0x66, 0xd0, 0xc2, 0xc0, 0xf9, 0x89, 0x80,
5048 0x6d, 0x5f, 0x6b, 0x61, 0xda, 0xc3, 0x84, 0x17,
5049 0xe8, 0xd1, 0x2c, 0xfd, 0xf9, 0x26, 0xe0 },
5050 .rlen = 31,
5051 }, {
5052 .key = { 0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7,
5053 0xc8, 0xc9, 0xca, 0xcb, 0xcc, 0xcd, 0xce, 0xcf },
5054 .klen = 16,
5055 .iv = { 0x01, 0x00, 0x00, 0x00, 0x07, 0x06, 0x05, 0x04,
5056 0xa0, 0xa1, 0xa2, 0xa3, 0xa4, 0xa5, 0x00, 0x00 },
5057 .assoc = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
5058 0x08, 0x09, 0x0a, 0x0b },
5059 .alen = 12,
5060 .input = { 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13,
5061 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b,
5062 0x1c, 0x1d, 0x1e, 0x1f },
5063 .ilen = 20,
5064 .result = { 0xdc, 0xf1, 0xfb, 0x7b, 0x5d, 0x9e, 0x23, 0xfb,
5065 0x9d, 0x4e, 0x13, 0x12, 0x53, 0x65, 0x8a, 0xd8,
5066 0x6e, 0xbd, 0xca, 0x3e, 0x51, 0xe8, 0x3f, 0x07,
5067 0x7d, 0x9c, 0x2d, 0x93 },
5068 .rlen = 28,
5069 }, {
5070 .key = { 0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7,
5071 0xc8, 0xc9, 0xca, 0xcb, 0xcc, 0xcd, 0xce, 0xcf },
5072 .klen = 16,
5073 .iv = { 0x01, 0x00, 0x00, 0x00, 0x0b, 0x0a, 0x09, 0x08,
5074 0xa0, 0xa1, 0xa2, 0xa3, 0xa4, 0xa5, 0x00, 0x00 },
5075 .assoc = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07 },
5076 .alen = 8,
5077 .input = { 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
5078 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
5079 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
5080 0x20 },
5081 .ilen = 25,
5082 .result = { 0x82, 0x53, 0x1a, 0x60, 0xcc, 0x24, 0x94, 0x5a,
5083 0x4b, 0x82, 0x79, 0x18, 0x1a, 0xb5, 0xc8, 0x4d,
5084 0xf2, 0x1c, 0xe7, 0xf9, 0xb7, 0x3f, 0x42, 0xe1,
5085 0x97, 0xea, 0x9c, 0x07, 0xe5, 0x6b, 0x5e, 0xb1,
5086 0x7e, 0x5f, 0x4e },
5087 .rlen = 35,
5088 }, {
5089 .key = { 0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7,
5090 0xc8, 0xc9, 0xca, 0xcb, 0xcc, 0xcd, 0xce, 0xcf },
5091 .klen = 16,
5092 .iv = { 0x01, 0x00, 0x00, 0x00, 0x0c, 0x0b, 0x0a, 0x09,
5093 0xa0, 0xa1, 0xa2, 0xa3, 0xa4, 0xa5, 0x00, 0x00 },
5094 .assoc = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
5095 0x08, 0x09, 0x0a, 0x0b },
5096 .alen = 12,
5097 .input = { 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13,
5098 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b,
5099 0x1c, 0x1d, 0x1e },
5100 .ilen = 19,
5101 .result = { 0x07, 0x34, 0x25, 0x94, 0x15, 0x77, 0x85, 0x15,
5102 0x2b, 0x07, 0x40, 0x98, 0x33, 0x0a, 0xbb, 0x14,
5103 0x1b, 0x94, 0x7b, 0x56, 0x6a, 0xa9, 0x40, 0x6b,
5104 0x4d, 0x99, 0x99, 0x88, 0xdd },
5105 .rlen = 29,
5106 }, {
5107 .key = { 0xd7, 0x82, 0x8d, 0x13, 0xb2, 0xb0, 0xbd, 0xc3,
5108 0x25, 0xa7, 0x62, 0x36, 0xdf, 0x93, 0xcc, 0x6b },
5109 .klen = 16,
5110 .iv = { 0x01, 0x00, 0x33, 0x56, 0x8e, 0xf7, 0xb2, 0x63,
5111 0x3c, 0x96, 0x96, 0x76, 0x6c, 0xfa, 0x00, 0x00 },
5112 .assoc = { 0x63, 0x01, 0x8f, 0x76, 0xdc, 0x8a, 0x1b, 0xcb },
5113 .alen = 8,
5114 .input = { 0x90, 0x20, 0xea, 0x6f, 0x91, 0xbd, 0xd8, 0x5a,
5115 0xfa, 0x00, 0x39, 0xba, 0x4b, 0xaf, 0xf9, 0xbf,
5116 0xb7, 0x9c, 0x70, 0x28, 0x94, 0x9c, 0xd0, 0xec },
5117 .ilen = 24,
5118 .result = { 0x4c, 0xcb, 0x1e, 0x7c, 0xa9, 0x81, 0xbe, 0xfa,
5119 0xa0, 0x72, 0x6c, 0x55, 0xd3, 0x78, 0x06, 0x12,
5120 0x98, 0xc8, 0x5c, 0x92, 0x81, 0x4a, 0xbc, 0x33,
5121 0xc5, 0x2e, 0xe8, 0x1d, 0x7d, 0x77, 0xc0, 0x8a },
5122 .rlen = 32,
5123 }, {
5124 .key = { 0xd7, 0x82, 0x8d, 0x13, 0xb2, 0xb0, 0xbd, 0xc3,
5125 0x25, 0xa7, 0x62, 0x36, 0xdf, 0x93, 0xcc, 0x6b },
5126 .klen = 16,
5127 .iv = { 0x01, 0x00, 0xd5, 0x60, 0x91, 0x2d, 0x3f, 0x70,
5128 0x3c, 0x96, 0x96, 0x76, 0x6c, 0xfa, 0x00, 0x00 },
5129 .assoc = { 0xcd, 0x90, 0x44, 0xd2, 0xb7, 0x1f, 0xdb, 0x81,
5130 0x20, 0xea, 0x60, 0xc0 },
5131 .alen = 12,
5132 .input = { 0x64, 0x35, 0xac, 0xba, 0xfb, 0x11, 0xa8, 0x2e,
5133 0x2f, 0x07, 0x1d, 0x7c, 0xa4, 0xa5, 0xeb, 0xd9,
5134 0x3a, 0x80, 0x3b, 0xa8, 0x7f },
5135 .ilen = 21,
5136 .result = { 0x00, 0x97, 0x69, 0xec, 0xab, 0xdf, 0x48, 0x62,
5137 0x55, 0x94, 0xc5, 0x92, 0x51, 0xe6, 0x03, 0x57,
5138 0x22, 0x67, 0x5e, 0x04, 0xc8, 0x47, 0x09, 0x9e,
5139 0x5a, 0xe0, 0x70, 0x45, 0x51 },
5140 .rlen = 29,
5141 }, {
5142 .key = { 0xd7, 0x82, 0x8d, 0x13, 0xb2, 0xb0, 0xbd, 0xc3,
5143 0x25, 0xa7, 0x62, 0x36, 0xdf, 0x93, 0xcc, 0x6b },
5144 .klen = 16,
5145 .iv = { 0x01, 0x00, 0x42, 0xff, 0xf8, 0xf1, 0x95, 0x1c,
5146 0x3c, 0x96, 0x96, 0x76, 0x6c, 0xfa, 0x00, 0x00 },
5147 .assoc = { 0xd8, 0x5b, 0xc7, 0xe6, 0x9f, 0x94, 0x4f, 0xb8 },
5148 .alen = 8,
5149 .input = { 0x8a, 0x19, 0xb9, 0x50, 0xbc, 0xf7, 0x1a, 0x01,
5150 0x8e, 0x5e, 0x67, 0x01, 0xc9, 0x17, 0x87, 0x65,
5151 0x98, 0x09, 0xd6, 0x7d, 0xbe, 0xdd, 0x18 },
5152 .ilen = 23,
5153 .result = { 0xbc, 0x21, 0x8d, 0xaa, 0x94, 0x74, 0x27, 0xb6,
5154 0xdb, 0x38, 0x6a, 0x99, 0xac, 0x1a, 0xef, 0x23,
5155 0xad, 0xe0, 0xb5, 0x29, 0x39, 0xcb, 0x6a, 0x63,
5156 0x7c, 0xf9, 0xbe, 0xc2, 0x40, 0x88, 0x97, 0xc6,
5157 0xba },
5158 .rlen = 33,
5159 },
5160};
5161
5162static struct aead_testvec aes_ccm_dec_tv_template[] = {
5163 { /* From RFC 3610 */
5164 .key = { 0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7,
5165 0xc8, 0xc9, 0xca, 0xcb, 0xcc, 0xcd, 0xce, 0xcf },
5166 .klen = 16,
5167 .iv = { 0x01, 0x00, 0x00, 0x00, 0x03, 0x02, 0x01, 0x00,
5168 0xa0, 0xa1, 0xa2, 0xa3, 0xa4, 0xa5, 0x00, 0x00 },
5169 .assoc = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07 },
5170 .alen = 8,
5171 .input = { 0x58, 0x8c, 0x97, 0x9a, 0x61, 0xc6, 0x63, 0xd2,
5172 0xf0, 0x66, 0xd0, 0xc2, 0xc0, 0xf9, 0x89, 0x80,
5173 0x6d, 0x5f, 0x6b, 0x61, 0xda, 0xc3, 0x84, 0x17,
5174 0xe8, 0xd1, 0x2c, 0xfd, 0xf9, 0x26, 0xe0 },
5175 .ilen = 31,
5176 .result = { 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
5177 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
5178 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e },
5179 .rlen = 23,
5180 }, {
5181 .key = { 0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7,
5182 0xc8, 0xc9, 0xca, 0xcb, 0xcc, 0xcd, 0xce, 0xcf },
5183 .klen = 16,
5184 .iv = { 0x01, 0x00, 0x00, 0x00, 0x07, 0x06, 0x05, 0x04,
5185 0xa0, 0xa1, 0xa2, 0xa3, 0xa4, 0xa5, 0x00, 0x00 },
5186 .assoc = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
5187 0x08, 0x09, 0x0a, 0x0b },
5188 .alen = 12,
5189 .input = { 0xdc, 0xf1, 0xfb, 0x7b, 0x5d, 0x9e, 0x23, 0xfb,
5190 0x9d, 0x4e, 0x13, 0x12, 0x53, 0x65, 0x8a, 0xd8,
5191 0x6e, 0xbd, 0xca, 0x3e, 0x51, 0xe8, 0x3f, 0x07,
5192 0x7d, 0x9c, 0x2d, 0x93 },
5193 .ilen = 28,
5194 .result = { 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13,
5195 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b,
5196 0x1c, 0x1d, 0x1e, 0x1f },
5197 .rlen = 20,
5198 }, {
5199 .key = { 0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7,
5200 0xc8, 0xc9, 0xca, 0xcb, 0xcc, 0xcd, 0xce, 0xcf },
5201 .klen = 16,
5202 .iv = { 0x01, 0x00, 0x00, 0x00, 0x0b, 0x0a, 0x09, 0x08,
5203 0xa0, 0xa1, 0xa2, 0xa3, 0xa4, 0xa5, 0x00, 0x00 },
5204 .assoc = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07 },
5205 .alen = 8,
5206 .input = { 0x82, 0x53, 0x1a, 0x60, 0xcc, 0x24, 0x94, 0x5a,
5207 0x4b, 0x82, 0x79, 0x18, 0x1a, 0xb5, 0xc8, 0x4d,
5208 0xf2, 0x1c, 0xe7, 0xf9, 0xb7, 0x3f, 0x42, 0xe1,
5209 0x97, 0xea, 0x9c, 0x07, 0xe5, 0x6b, 0x5e, 0xb1,
5210 0x7e, 0x5f, 0x4e },
5211 .ilen = 35,
5212 .result = { 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
5213 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
5214 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
5215 0x20 },
5216 .rlen = 25,
5217 }, {
5218 .key = { 0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7,
5219 0xc8, 0xc9, 0xca, 0xcb, 0xcc, 0xcd, 0xce, 0xcf },
5220 .klen = 16,
5221 .iv = { 0x01, 0x00, 0x00, 0x00, 0x0c, 0x0b, 0x0a, 0x09,
5222 0xa0, 0xa1, 0xa2, 0xa3, 0xa4, 0xa5, 0x00, 0x00 },
5223 .assoc = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
5224 0x08, 0x09, 0x0a, 0x0b },
5225 .alen = 12,
5226 .input = { 0x07, 0x34, 0x25, 0x94, 0x15, 0x77, 0x85, 0x15,
5227 0x2b, 0x07, 0x40, 0x98, 0x33, 0x0a, 0xbb, 0x14,
5228 0x1b, 0x94, 0x7b, 0x56, 0x6a, 0xa9, 0x40, 0x6b,
5229 0x4d, 0x99, 0x99, 0x88, 0xdd },
5230 .ilen = 29,
5231 .result = { 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13,
5232 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b,
5233 0x1c, 0x1d, 0x1e },
5234 .rlen = 19,
5235 }, {
5236 .key = { 0xd7, 0x82, 0x8d, 0x13, 0xb2, 0xb0, 0xbd, 0xc3,
5237 0x25, 0xa7, 0x62, 0x36, 0xdf, 0x93, 0xcc, 0x6b },
5238 .klen = 16,
5239 .iv = { 0x01, 0x00, 0x33, 0x56, 0x8e, 0xf7, 0xb2, 0x63,
5240 0x3c, 0x96, 0x96, 0x76, 0x6c, 0xfa, 0x00, 0x00 },
5241 .assoc = { 0x63, 0x01, 0x8f, 0x76, 0xdc, 0x8a, 0x1b, 0xcb },
5242 .alen = 8,
5243 .input = { 0x4c, 0xcb, 0x1e, 0x7c, 0xa9, 0x81, 0xbe, 0xfa,
5244 0xa0, 0x72, 0x6c, 0x55, 0xd3, 0x78, 0x06, 0x12,
5245 0x98, 0xc8, 0x5c, 0x92, 0x81, 0x4a, 0xbc, 0x33,
5246 0xc5, 0x2e, 0xe8, 0x1d, 0x7d, 0x77, 0xc0, 0x8a },
5247 .ilen = 32,
5248 .result = { 0x90, 0x20, 0xea, 0x6f, 0x91, 0xbd, 0xd8, 0x5a,
5249 0xfa, 0x00, 0x39, 0xba, 0x4b, 0xaf, 0xf9, 0xbf,
5250 0xb7, 0x9c, 0x70, 0x28, 0x94, 0x9c, 0xd0, 0xec },
5251 .rlen = 24,
5252 }, {
5253 .key = { 0xd7, 0x82, 0x8d, 0x13, 0xb2, 0xb0, 0xbd, 0xc3,
5254 0x25, 0xa7, 0x62, 0x36, 0xdf, 0x93, 0xcc, 0x6b },
5255 .klen = 16,
5256 .iv = { 0x01, 0x00, 0xd5, 0x60, 0x91, 0x2d, 0x3f, 0x70,
5257 0x3c, 0x96, 0x96, 0x76, 0x6c, 0xfa, 0x00, 0x00 },
5258 .assoc = { 0xcd, 0x90, 0x44, 0xd2, 0xb7, 0x1f, 0xdb, 0x81,
5259 0x20, 0xea, 0x60, 0xc0 },
5260 .alen = 12,
5261 .input = { 0x00, 0x97, 0x69, 0xec, 0xab, 0xdf, 0x48, 0x62,
5262 0x55, 0x94, 0xc5, 0x92, 0x51, 0xe6, 0x03, 0x57,
5263 0x22, 0x67, 0x5e, 0x04, 0xc8, 0x47, 0x09, 0x9e,
5264 0x5a, 0xe0, 0x70, 0x45, 0x51 },
5265 .ilen = 29,
5266 .result = { 0x64, 0x35, 0xac, 0xba, 0xfb, 0x11, 0xa8, 0x2e,
5267 0x2f, 0x07, 0x1d, 0x7c, 0xa4, 0xa5, 0xeb, 0xd9,
5268 0x3a, 0x80, 0x3b, 0xa8, 0x7f },
5269 .rlen = 21,
5270 }, {
5271 .key = { 0xd7, 0x82, 0x8d, 0x13, 0xb2, 0xb0, 0xbd, 0xc3,
5272 0x25, 0xa7, 0x62, 0x36, 0xdf, 0x93, 0xcc, 0x6b },
5273 .klen = 16,
5274 .iv = { 0x01, 0x00, 0x42, 0xff, 0xf8, 0xf1, 0x95, 0x1c,
5275 0x3c, 0x96, 0x96, 0x76, 0x6c, 0xfa, 0x00, 0x00 },
5276 .assoc = { 0xd8, 0x5b, 0xc7, 0xe6, 0x9f, 0x94, 0x4f, 0xb8 },
5277 .alen = 8,
5278 .input = { 0xbc, 0x21, 0x8d, 0xaa, 0x94, 0x74, 0x27, 0xb6,
5279 0xdb, 0x38, 0x6a, 0x99, 0xac, 0x1a, 0xef, 0x23,
5280 0xad, 0xe0, 0xb5, 0x29, 0x39, 0xcb, 0x6a, 0x63,
5281 0x7c, 0xf9, 0xbe, 0xc2, 0x40, 0x88, 0x97, 0xc6,
5282 0xba },
5283 .ilen = 33,
5284 .result = { 0x8a, 0x19, 0xb9, 0x50, 0xbc, 0xf7, 0x1a, 0x01,
5285 0x8e, 0x5e, 0x67, 0x01, 0xc9, 0x17, 0x87, 0x65,
5286 0x98, 0x09, 0xd6, 0x7d, 0xbe, 0xdd, 0x18 },
5287 .rlen = 23,
5288 },
5289};
5290
3183/* Cast5 test vectors from RFC 2144 */ 5291/* Cast5 test vectors from RFC 2144 */
3184#define CAST5_ENC_TEST_VECTORS 3 5292#define CAST5_ENC_TEST_VECTORS 3
3185#define CAST5_DEC_TEST_VECTORS 3 5293#define CAST5_DEC_TEST_VECTORS 3
@@ -4317,6 +6425,1211 @@ static struct cipher_testvec seed_dec_tv_template[] = {
4317 } 6425 }
4318}; 6426};
4319 6427
6428#define SALSA20_STREAM_ENC_TEST_VECTORS 5
6429static struct cipher_testvec salsa20_stream_enc_tv_template[] = {
6430 /*
6431 * Testvectors from verified.test-vectors submitted to ECRYPT.
6432 * They are truncated to size 39, 64, 111, 129 to test a variety
6433 * of input length.
6434 */
6435 { /* Set 3, vector 0 */
6436 .key = {
6437 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
6438 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F
6439 },
6440 .klen = 16,
6441 .iv = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
6442 .input = {
6443 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
6444 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
6445 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
6446 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
6447 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
6448 },
6449 .ilen = 39,
6450 .result = {
6451 0x2D, 0xD5, 0xC3, 0xF7, 0xBA, 0x2B, 0x20, 0xF7,
6452 0x68, 0x02, 0x41, 0x0C, 0x68, 0x86, 0x88, 0x89,
6453 0x5A, 0xD8, 0xC1, 0xBD, 0x4E, 0xA6, 0xC9, 0xB1,
6454 0x40, 0xFB, 0x9B, 0x90, 0xE2, 0x10, 0x49, 0xBF,
6455 0x58, 0x3F, 0x52, 0x79, 0x70, 0xEB, 0xC1,
6456 },
6457 .rlen = 39,
6458 }, { /* Set 5, vector 0 */
6459 .key = {
6460 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
6461 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
6462 },
6463 .klen = 16,
6464 .iv = { 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
6465 .input = {
6466 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
6467 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
6468 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
6469 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
6470 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
6471 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
6472 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
6473 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
6474 },
6475 .ilen = 64,
6476 .result = {
6477 0xB6, 0x6C, 0x1E, 0x44, 0x46, 0xDD, 0x95, 0x57,
6478 0xE5, 0x78, 0xE2, 0x23, 0xB0, 0xB7, 0x68, 0x01,
6479 0x7B, 0x23, 0xB2, 0x67, 0xBB, 0x02, 0x34, 0xAE,
6480 0x46, 0x26, 0xBF, 0x44, 0x3F, 0x21, 0x97, 0x76,
6481 0x43, 0x6F, 0xB1, 0x9F, 0xD0, 0xE8, 0x86, 0x6F,
6482 0xCD, 0x0D, 0xE9, 0xA9, 0x53, 0x8F, 0x4A, 0x09,
6483 0xCA, 0x9A, 0xC0, 0x73, 0x2E, 0x30, 0xBC, 0xF9,
6484 0x8E, 0x4F, 0x13, 0xE4, 0xB9, 0xE2, 0x01, 0xD9,
6485 },
6486 .rlen = 64,
6487 }, { /* Set 3, vector 27 */
6488 .key = {
6489 0x1B, 0x1C, 0x1D, 0x1E, 0x1F, 0x20, 0x21, 0x22,
6490 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2A,
6491 0x2B, 0x2C, 0x2D, 0x2E, 0x2F, 0x30, 0x31, 0x32,
6492 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x3A
6493 },
6494 .klen = 32,
6495 .iv = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
6496 .input = {
6497 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
6498 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
6499 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
6500 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
6501 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
6502 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
6503 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
6504 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
6505
6506 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
6507 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
6508 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
6509 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
6510 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
6511 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
6512 },
6513 .ilen = 111,
6514 .result = {
6515 0xAE, 0x39, 0x50, 0x8E, 0xAC, 0x9A, 0xEC, 0xE7,
6516 0xBF, 0x97, 0xBB, 0x20, 0xB9, 0xDE, 0xE4, 0x1F,
6517 0x87, 0xD9, 0x47, 0xF8, 0x28, 0x91, 0x35, 0x98,
6518 0xDB, 0x72, 0xCC, 0x23, 0x29, 0x48, 0x56, 0x5E,
6519 0x83, 0x7E, 0x0B, 0xF3, 0x7D, 0x5D, 0x38, 0x7B,
6520 0x2D, 0x71, 0x02, 0xB4, 0x3B, 0xB5, 0xD8, 0x23,
6521 0xB0, 0x4A, 0xDF, 0x3C, 0xEC, 0xB6, 0xD9, 0x3B,
6522 0x9B, 0xA7, 0x52, 0xBE, 0xC5, 0xD4, 0x50, 0x59,
6523
6524 0x15, 0x14, 0xB4, 0x0E, 0x40, 0xE6, 0x53, 0xD1,
6525 0x83, 0x9C, 0x5B, 0xA0, 0x92, 0x29, 0x6B, 0x5E,
6526 0x96, 0x5B, 0x1E, 0x2F, 0xD3, 0xAC, 0xC1, 0x92,
6527 0xB1, 0x41, 0x3F, 0x19, 0x2F, 0xC4, 0x3B, 0xC6,
6528 0x95, 0x46, 0x45, 0x54, 0xE9, 0x75, 0x03, 0x08,
6529 0x44, 0xAF, 0xE5, 0x8A, 0x81, 0x12, 0x09,
6530 },
6531 .rlen = 111,
6532
6533 }, { /* Set 5, vector 27 */
6534 .key = {
6535 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
6536 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
6537 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
6538 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
6539 },
6540 .klen = 32,
6541 .iv = { 0x00, 0x00, 0x00, 0x10, 0x00, 0x00, 0x00, 0x00 },
6542 .input = {
6543 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
6544 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
6545 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
6546 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
6547 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
6548 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
6549 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
6550 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
6551
6552 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
6553 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
6554 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
6555 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
6556 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
6557 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
6558 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
6559 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
6560
6561 0x00,
6562 },
6563 .ilen = 129,
6564 .result = {
6565 0xD2, 0xDB, 0x1A, 0x5C, 0xF1, 0xC1, 0xAC, 0xDB,
6566 0xE8, 0x1A, 0x7A, 0x43, 0x40, 0xEF, 0x53, 0x43,
6567 0x5E, 0x7F, 0x4B, 0x1A, 0x50, 0x52, 0x3F, 0x8D,
6568 0x28, 0x3D, 0xCF, 0x85, 0x1D, 0x69, 0x6E, 0x60,
6569 0xF2, 0xDE, 0x74, 0x56, 0x18, 0x1B, 0x84, 0x10,
6570 0xD4, 0x62, 0xBA, 0x60, 0x50, 0xF0, 0x61, 0xF2,
6571 0x1C, 0x78, 0x7F, 0xC1, 0x24, 0x34, 0xAF, 0x58,
6572 0xBF, 0x2C, 0x59, 0xCA, 0x90, 0x77, 0xF3, 0xB0,
6573
6574 0x5B, 0x4A, 0xDF, 0x89, 0xCE, 0x2C, 0x2F, 0xFC,
6575 0x67, 0xF0, 0xE3, 0x45, 0xE8, 0xB3, 0xB3, 0x75,
6576 0xA0, 0x95, 0x71, 0xA1, 0x29, 0x39, 0x94, 0xCA,
6577 0x45, 0x2F, 0xBD, 0xCB, 0x10, 0xB6, 0xBE, 0x9F,
6578 0x8E, 0xF9, 0xB2, 0x01, 0x0A, 0x5A, 0x0A, 0xB7,
6579 0x6B, 0x9D, 0x70, 0x8E, 0x4B, 0xD6, 0x2F, 0xCD,
6580 0x2E, 0x40, 0x48, 0x75, 0xE9, 0xE2, 0x21, 0x45,
6581 0x0B, 0xC9, 0xB6, 0xB5, 0x66, 0xBC, 0x9A, 0x59,
6582
6583 0x5A,
6584 },
6585 .rlen = 129,
6586 }, { /* large test vector generated using Crypto++ */
6587 .key = {
6588 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
6589 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
6590 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
6591 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
6592 },
6593 .klen = 32,
6594 .iv = {
6595 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
6596 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
6597 },
6598 .input = {
6599 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
6600 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
6601 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
6602 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
6603 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
6604 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f,
6605 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
6606 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f,
6607 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47,
6608 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f,
6609 0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
6610 0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f,
6611 0x60, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67,
6612 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f,
6613 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77,
6614 0x78, 0x79, 0x7a, 0x7b, 0x7c, 0x7d, 0x7e, 0x7f,
6615 0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87,
6616 0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f,
6617 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97,
6618 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f,
6619 0xa0, 0xa1, 0xa2, 0xa3, 0xa4, 0xa5, 0xa6, 0xa7,
6620 0xa8, 0xa9, 0xaa, 0xab, 0xac, 0xad, 0xae, 0xaf,
6621 0xb0, 0xb1, 0xb2, 0xb3, 0xb4, 0xb5, 0xb6, 0xb7,
6622 0xb8, 0xb9, 0xba, 0xbb, 0xbc, 0xbd, 0xbe, 0xbf,
6623 0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7,
6624 0xc8, 0xc9, 0xca, 0xcb, 0xcc, 0xcd, 0xce, 0xcf,
6625 0xd0, 0xd1, 0xd2, 0xd3, 0xd4, 0xd5, 0xd6, 0xd7,
6626 0xd8, 0xd9, 0xda, 0xdb, 0xdc, 0xdd, 0xde, 0xdf,
6627 0xe0, 0xe1, 0xe2, 0xe3, 0xe4, 0xe5, 0xe6, 0xe7,
6628 0xe8, 0xe9, 0xea, 0xeb, 0xec, 0xed, 0xee, 0xef,
6629 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7,
6630 0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd, 0xfe, 0xff,
6631 0x00, 0x03, 0x06, 0x09, 0x0c, 0x0f, 0x12, 0x15,
6632 0x18, 0x1b, 0x1e, 0x21, 0x24, 0x27, 0x2a, 0x2d,
6633 0x30, 0x33, 0x36, 0x39, 0x3c, 0x3f, 0x42, 0x45,
6634 0x48, 0x4b, 0x4e, 0x51, 0x54, 0x57, 0x5a, 0x5d,
6635 0x60, 0x63, 0x66, 0x69, 0x6c, 0x6f, 0x72, 0x75,
6636 0x78, 0x7b, 0x7e, 0x81, 0x84, 0x87, 0x8a, 0x8d,
6637 0x90, 0x93, 0x96, 0x99, 0x9c, 0x9f, 0xa2, 0xa5,
6638 0xa8, 0xab, 0xae, 0xb1, 0xb4, 0xb7, 0xba, 0xbd,
6639 0xc0, 0xc3, 0xc6, 0xc9, 0xcc, 0xcf, 0xd2, 0xd5,
6640 0xd8, 0xdb, 0xde, 0xe1, 0xe4, 0xe7, 0xea, 0xed,
6641 0xf0, 0xf3, 0xf6, 0xf9, 0xfc, 0xff, 0x02, 0x05,
6642 0x08, 0x0b, 0x0e, 0x11, 0x14, 0x17, 0x1a, 0x1d,
6643 0x20, 0x23, 0x26, 0x29, 0x2c, 0x2f, 0x32, 0x35,
6644 0x38, 0x3b, 0x3e, 0x41, 0x44, 0x47, 0x4a, 0x4d,
6645 0x50, 0x53, 0x56, 0x59, 0x5c, 0x5f, 0x62, 0x65,
6646 0x68, 0x6b, 0x6e, 0x71, 0x74, 0x77, 0x7a, 0x7d,
6647 0x80, 0x83, 0x86, 0x89, 0x8c, 0x8f, 0x92, 0x95,
6648 0x98, 0x9b, 0x9e, 0xa1, 0xa4, 0xa7, 0xaa, 0xad,
6649 0xb0, 0xb3, 0xb6, 0xb9, 0xbc, 0xbf, 0xc2, 0xc5,
6650 0xc8, 0xcb, 0xce, 0xd1, 0xd4, 0xd7, 0xda, 0xdd,
6651 0xe0, 0xe3, 0xe6, 0xe9, 0xec, 0xef, 0xf2, 0xf5,
6652 0xf8, 0xfb, 0xfe, 0x01, 0x04, 0x07, 0x0a, 0x0d,
6653 0x10, 0x13, 0x16, 0x19, 0x1c, 0x1f, 0x22, 0x25,
6654 0x28, 0x2b, 0x2e, 0x31, 0x34, 0x37, 0x3a, 0x3d,
6655 0x40, 0x43, 0x46, 0x49, 0x4c, 0x4f, 0x52, 0x55,
6656 0x58, 0x5b, 0x5e, 0x61, 0x64, 0x67, 0x6a, 0x6d,
6657 0x70, 0x73, 0x76, 0x79, 0x7c, 0x7f, 0x82, 0x85,
6658 0x88, 0x8b, 0x8e, 0x91, 0x94, 0x97, 0x9a, 0x9d,
6659 0xa0, 0xa3, 0xa6, 0xa9, 0xac, 0xaf, 0xb2, 0xb5,
6660 0xb8, 0xbb, 0xbe, 0xc1, 0xc4, 0xc7, 0xca, 0xcd,
6661 0xd0, 0xd3, 0xd6, 0xd9, 0xdc, 0xdf, 0xe2, 0xe5,
6662 0xe8, 0xeb, 0xee, 0xf1, 0xf4, 0xf7, 0xfa, 0xfd,
6663 0x00, 0x05, 0x0a, 0x0f, 0x14, 0x19, 0x1e, 0x23,
6664 0x28, 0x2d, 0x32, 0x37, 0x3c, 0x41, 0x46, 0x4b,
6665 0x50, 0x55, 0x5a, 0x5f, 0x64, 0x69, 0x6e, 0x73,
6666 0x78, 0x7d, 0x82, 0x87, 0x8c, 0x91, 0x96, 0x9b,
6667 0xa0, 0xa5, 0xaa, 0xaf, 0xb4, 0xb9, 0xbe, 0xc3,
6668 0xc8, 0xcd, 0xd2, 0xd7, 0xdc, 0xe1, 0xe6, 0xeb,
6669 0xf0, 0xf5, 0xfa, 0xff, 0x04, 0x09, 0x0e, 0x13,
6670 0x18, 0x1d, 0x22, 0x27, 0x2c, 0x31, 0x36, 0x3b,
6671 0x40, 0x45, 0x4a, 0x4f, 0x54, 0x59, 0x5e, 0x63,
6672 0x68, 0x6d, 0x72, 0x77, 0x7c, 0x81, 0x86, 0x8b,
6673 0x90, 0x95, 0x9a, 0x9f, 0xa4, 0xa9, 0xae, 0xb3,
6674 0xb8, 0xbd, 0xc2, 0xc7, 0xcc, 0xd1, 0xd6, 0xdb,
6675 0xe0, 0xe5, 0xea, 0xef, 0xf4, 0xf9, 0xfe, 0x03,
6676 0x08, 0x0d, 0x12, 0x17, 0x1c, 0x21, 0x26, 0x2b,
6677 0x30, 0x35, 0x3a, 0x3f, 0x44, 0x49, 0x4e, 0x53,
6678 0x58, 0x5d, 0x62, 0x67, 0x6c, 0x71, 0x76, 0x7b,
6679 0x80, 0x85, 0x8a, 0x8f, 0x94, 0x99, 0x9e, 0xa3,
6680 0xa8, 0xad, 0xb2, 0xb7, 0xbc, 0xc1, 0xc6, 0xcb,
6681 0xd0, 0xd5, 0xda, 0xdf, 0xe4, 0xe9, 0xee, 0xf3,
6682 0xf8, 0xfd, 0x02, 0x07, 0x0c, 0x11, 0x16, 0x1b,
6683 0x20, 0x25, 0x2a, 0x2f, 0x34, 0x39, 0x3e, 0x43,
6684 0x48, 0x4d, 0x52, 0x57, 0x5c, 0x61, 0x66, 0x6b,
6685 0x70, 0x75, 0x7a, 0x7f, 0x84, 0x89, 0x8e, 0x93,
6686 0x98, 0x9d, 0xa2, 0xa7, 0xac, 0xb1, 0xb6, 0xbb,
6687 0xc0, 0xc5, 0xca, 0xcf, 0xd4, 0xd9, 0xde, 0xe3,
6688 0xe8, 0xed, 0xf2, 0xf7, 0xfc, 0x01, 0x06, 0x0b,
6689 0x10, 0x15, 0x1a, 0x1f, 0x24, 0x29, 0x2e, 0x33,
6690 0x38, 0x3d, 0x42, 0x47, 0x4c, 0x51, 0x56, 0x5b,
6691 0x60, 0x65, 0x6a, 0x6f, 0x74, 0x79, 0x7e, 0x83,
6692 0x88, 0x8d, 0x92, 0x97, 0x9c, 0xa1, 0xa6, 0xab,
6693 0xb0, 0xb5, 0xba, 0xbf, 0xc4, 0xc9, 0xce, 0xd3,
6694 0xd8, 0xdd, 0xe2, 0xe7, 0xec, 0xf1, 0xf6, 0xfb,
6695 0x00, 0x07, 0x0e, 0x15, 0x1c, 0x23, 0x2a, 0x31,
6696 0x38, 0x3f, 0x46, 0x4d, 0x54, 0x5b, 0x62, 0x69,
6697 0x70, 0x77, 0x7e, 0x85, 0x8c, 0x93, 0x9a, 0xa1,
6698 0xa8, 0xaf, 0xb6, 0xbd, 0xc4, 0xcb, 0xd2, 0xd9,
6699 0xe0, 0xe7, 0xee, 0xf5, 0xfc, 0x03, 0x0a, 0x11,
6700 0x18, 0x1f, 0x26, 0x2d, 0x34, 0x3b, 0x42, 0x49,
6701 0x50, 0x57, 0x5e, 0x65, 0x6c, 0x73, 0x7a, 0x81,
6702 0x88, 0x8f, 0x96, 0x9d, 0xa4, 0xab, 0xb2, 0xb9,
6703 0xc0, 0xc7, 0xce, 0xd5, 0xdc, 0xe3, 0xea, 0xf1,
6704 0xf8, 0xff, 0x06, 0x0d, 0x14, 0x1b, 0x22, 0x29,
6705 0x30, 0x37, 0x3e, 0x45, 0x4c, 0x53, 0x5a, 0x61,
6706 0x68, 0x6f, 0x76, 0x7d, 0x84, 0x8b, 0x92, 0x99,
6707 0xa0, 0xa7, 0xae, 0xb5, 0xbc, 0xc3, 0xca, 0xd1,
6708 0xd8, 0xdf, 0xe6, 0xed, 0xf4, 0xfb, 0x02, 0x09,
6709 0x10, 0x17, 0x1e, 0x25, 0x2c, 0x33, 0x3a, 0x41,
6710 0x48, 0x4f, 0x56, 0x5d, 0x64, 0x6b, 0x72, 0x79,
6711 0x80, 0x87, 0x8e, 0x95, 0x9c, 0xa3, 0xaa, 0xb1,
6712 0xb8, 0xbf, 0xc6, 0xcd, 0xd4, 0xdb, 0xe2, 0xe9,
6713 0xf0, 0xf7, 0xfe, 0x05, 0x0c, 0x13, 0x1a, 0x21,
6714 0x28, 0x2f, 0x36, 0x3d, 0x44, 0x4b, 0x52, 0x59,
6715 0x60, 0x67, 0x6e, 0x75, 0x7c, 0x83, 0x8a, 0x91,
6716 0x98, 0x9f, 0xa6, 0xad, 0xb4, 0xbb, 0xc2, 0xc9,
6717 0xd0, 0xd7, 0xde, 0xe5, 0xec, 0xf3, 0xfa, 0x01,
6718 0x08, 0x0f, 0x16, 0x1d, 0x24, 0x2b, 0x32, 0x39,
6719 0x40, 0x47, 0x4e, 0x55, 0x5c, 0x63, 0x6a, 0x71,
6720 0x78, 0x7f, 0x86, 0x8d, 0x94, 0x9b, 0xa2, 0xa9,
6721 0xb0, 0xb7, 0xbe, 0xc5, 0xcc, 0xd3, 0xda, 0xe1,
6722 0xe8, 0xef, 0xf6, 0xfd, 0x04, 0x0b, 0x12, 0x19,
6723 0x20, 0x27, 0x2e, 0x35, 0x3c, 0x43, 0x4a, 0x51,
6724 0x58, 0x5f, 0x66, 0x6d, 0x74, 0x7b, 0x82, 0x89,
6725 0x90, 0x97, 0x9e, 0xa5, 0xac, 0xb3, 0xba, 0xc1,
6726 0xc8, 0xcf, 0xd6, 0xdd, 0xe4, 0xeb, 0xf2, 0xf9,
6727 0x00, 0x09, 0x12, 0x1b, 0x24, 0x2d, 0x36, 0x3f,
6728 0x48, 0x51, 0x5a, 0x63, 0x6c, 0x75, 0x7e, 0x87,
6729 0x90, 0x99, 0xa2, 0xab, 0xb4, 0xbd, 0xc6, 0xcf,
6730 0xd8, 0xe1, 0xea, 0xf3, 0xfc, 0x05, 0x0e, 0x17,
6731 0x20, 0x29, 0x32, 0x3b, 0x44, 0x4d, 0x56, 0x5f,
6732 0x68, 0x71, 0x7a, 0x83, 0x8c, 0x95, 0x9e, 0xa7,
6733 0xb0, 0xb9, 0xc2, 0xcb, 0xd4, 0xdd, 0xe6, 0xef,
6734 0xf8, 0x01, 0x0a, 0x13, 0x1c, 0x25, 0x2e, 0x37,
6735 0x40, 0x49, 0x52, 0x5b, 0x64, 0x6d, 0x76, 0x7f,
6736 0x88, 0x91, 0x9a, 0xa3, 0xac, 0xb5, 0xbe, 0xc7,
6737 0xd0, 0xd9, 0xe2, 0xeb, 0xf4, 0xfd, 0x06, 0x0f,
6738 0x18, 0x21, 0x2a, 0x33, 0x3c, 0x45, 0x4e, 0x57,
6739 0x60, 0x69, 0x72, 0x7b, 0x84, 0x8d, 0x96, 0x9f,
6740 0xa8, 0xb1, 0xba, 0xc3, 0xcc, 0xd5, 0xde, 0xe7,
6741 0xf0, 0xf9, 0x02, 0x0b, 0x14, 0x1d, 0x26, 0x2f,
6742 0x38, 0x41, 0x4a, 0x53, 0x5c, 0x65, 0x6e, 0x77,
6743 0x80, 0x89, 0x92, 0x9b, 0xa4, 0xad, 0xb6, 0xbf,
6744 0xc8, 0xd1, 0xda, 0xe3, 0xec, 0xf5, 0xfe, 0x07,
6745 0x10, 0x19, 0x22, 0x2b, 0x34, 0x3d, 0x46, 0x4f,
6746 0x58, 0x61, 0x6a, 0x73, 0x7c, 0x85, 0x8e, 0x97,
6747 0xa0, 0xa9, 0xb2, 0xbb, 0xc4, 0xcd, 0xd6, 0xdf,
6748 0xe8, 0xf1, 0xfa, 0x03, 0x0c, 0x15, 0x1e, 0x27,
6749 0x30, 0x39, 0x42, 0x4b, 0x54, 0x5d, 0x66, 0x6f,
6750 0x78, 0x81, 0x8a, 0x93, 0x9c, 0xa5, 0xae, 0xb7,
6751 0xc0, 0xc9, 0xd2, 0xdb, 0xe4, 0xed, 0xf6, 0xff,
6752 0x08, 0x11, 0x1a, 0x23, 0x2c, 0x35, 0x3e, 0x47,
6753 0x50, 0x59, 0x62, 0x6b, 0x74, 0x7d, 0x86, 0x8f,
6754 0x98, 0xa1, 0xaa, 0xb3, 0xbc, 0xc5, 0xce, 0xd7,
6755 0xe0, 0xe9, 0xf2, 0xfb, 0x04, 0x0d, 0x16, 0x1f,
6756 0x28, 0x31, 0x3a, 0x43, 0x4c, 0x55, 0x5e, 0x67,
6757 0x70, 0x79, 0x82, 0x8b, 0x94, 0x9d, 0xa6, 0xaf,
6758 0xb8, 0xc1, 0xca, 0xd3, 0xdc, 0xe5, 0xee, 0xf7,
6759 0x00, 0x0b, 0x16, 0x21, 0x2c, 0x37, 0x42, 0x4d,
6760 0x58, 0x63, 0x6e, 0x79, 0x84, 0x8f, 0x9a, 0xa5,
6761 0xb0, 0xbb, 0xc6, 0xd1, 0xdc, 0xe7, 0xf2, 0xfd,
6762 0x08, 0x13, 0x1e, 0x29, 0x34, 0x3f, 0x4a, 0x55,
6763 0x60, 0x6b, 0x76, 0x81, 0x8c, 0x97, 0xa2, 0xad,
6764 0xb8, 0xc3, 0xce, 0xd9, 0xe4, 0xef, 0xfa, 0x05,
6765 0x10, 0x1b, 0x26, 0x31, 0x3c, 0x47, 0x52, 0x5d,
6766 0x68, 0x73, 0x7e, 0x89, 0x94, 0x9f, 0xaa, 0xb5,
6767 0xc0, 0xcb, 0xd6, 0xe1, 0xec, 0xf7, 0x02, 0x0d,
6768 0x18, 0x23, 0x2e, 0x39, 0x44, 0x4f, 0x5a, 0x65,
6769 0x70, 0x7b, 0x86, 0x91, 0x9c, 0xa7, 0xb2, 0xbd,
6770 0xc8, 0xd3, 0xde, 0xe9, 0xf4, 0xff, 0x0a, 0x15,
6771 0x20, 0x2b, 0x36, 0x41, 0x4c, 0x57, 0x62, 0x6d,
6772 0x78, 0x83, 0x8e, 0x99, 0xa4, 0xaf, 0xba, 0xc5,
6773 0xd0, 0xdb, 0xe6, 0xf1, 0xfc, 0x07, 0x12, 0x1d,
6774 0x28, 0x33, 0x3e, 0x49, 0x54, 0x5f, 0x6a, 0x75,
6775 0x80, 0x8b, 0x96, 0xa1, 0xac, 0xb7, 0xc2, 0xcd,
6776 0xd8, 0xe3, 0xee, 0xf9, 0x04, 0x0f, 0x1a, 0x25,
6777 0x30, 0x3b, 0x46, 0x51, 0x5c, 0x67, 0x72, 0x7d,
6778 0x88, 0x93, 0x9e, 0xa9, 0xb4, 0xbf, 0xca, 0xd5,
6779 0xe0, 0xeb, 0xf6, 0x01, 0x0c, 0x17, 0x22, 0x2d,
6780 0x38, 0x43, 0x4e, 0x59, 0x64, 0x6f, 0x7a, 0x85,
6781 0x90, 0x9b, 0xa6, 0xb1, 0xbc, 0xc7, 0xd2, 0xdd,
6782 0xe8, 0xf3, 0xfe, 0x09, 0x14, 0x1f, 0x2a, 0x35,
6783 0x40, 0x4b, 0x56, 0x61, 0x6c, 0x77, 0x82, 0x8d,
6784 0x98, 0xa3, 0xae, 0xb9, 0xc4, 0xcf, 0xda, 0xe5,
6785 0xf0, 0xfb, 0x06, 0x11, 0x1c, 0x27, 0x32, 0x3d,
6786 0x48, 0x53, 0x5e, 0x69, 0x74, 0x7f, 0x8a, 0x95,
6787 0xa0, 0xab, 0xb6, 0xc1, 0xcc, 0xd7, 0xe2, 0xed,
6788 0xf8, 0x03, 0x0e, 0x19, 0x24, 0x2f, 0x3a, 0x45,
6789 0x50, 0x5b, 0x66, 0x71, 0x7c, 0x87, 0x92, 0x9d,
6790 0xa8, 0xb3, 0xbe, 0xc9, 0xd4, 0xdf, 0xea, 0xf5,
6791 0x00, 0x0d, 0x1a, 0x27, 0x34, 0x41, 0x4e, 0x5b,
6792 0x68, 0x75, 0x82, 0x8f, 0x9c, 0xa9, 0xb6, 0xc3,
6793 0xd0, 0xdd, 0xea, 0xf7, 0x04, 0x11, 0x1e, 0x2b,
6794 0x38, 0x45, 0x52, 0x5f, 0x6c, 0x79, 0x86, 0x93,
6795 0xa0, 0xad, 0xba, 0xc7, 0xd4, 0xe1, 0xee, 0xfb,
6796 0x08, 0x15, 0x22, 0x2f, 0x3c, 0x49, 0x56, 0x63,
6797 0x70, 0x7d, 0x8a, 0x97, 0xa4, 0xb1, 0xbe, 0xcb,
6798 0xd8, 0xe5, 0xf2, 0xff, 0x0c, 0x19, 0x26, 0x33,
6799 0x40, 0x4d, 0x5a, 0x67, 0x74, 0x81, 0x8e, 0x9b,
6800 0xa8, 0xb5, 0xc2, 0xcf, 0xdc, 0xe9, 0xf6, 0x03,
6801 0x10, 0x1d, 0x2a, 0x37, 0x44, 0x51, 0x5e, 0x6b,
6802 0x78, 0x85, 0x92, 0x9f, 0xac, 0xb9, 0xc6, 0xd3,
6803 0xe0, 0xed, 0xfa, 0x07, 0x14, 0x21, 0x2e, 0x3b,
6804 0x48, 0x55, 0x62, 0x6f, 0x7c, 0x89, 0x96, 0xa3,
6805 0xb0, 0xbd, 0xca, 0xd7, 0xe4, 0xf1, 0xfe, 0x0b,
6806 0x18, 0x25, 0x32, 0x3f, 0x4c, 0x59, 0x66, 0x73,
6807 0x80, 0x8d, 0x9a, 0xa7, 0xb4, 0xc1, 0xce, 0xdb,
6808 0xe8, 0xf5, 0x02, 0x0f, 0x1c, 0x29, 0x36, 0x43,
6809 0x50, 0x5d, 0x6a, 0x77, 0x84, 0x91, 0x9e, 0xab,
6810 0xb8, 0xc5, 0xd2, 0xdf, 0xec, 0xf9, 0x06, 0x13,
6811 0x20, 0x2d, 0x3a, 0x47, 0x54, 0x61, 0x6e, 0x7b,
6812 0x88, 0x95, 0xa2, 0xaf, 0xbc, 0xc9, 0xd6, 0xe3,
6813 0xf0, 0xfd, 0x0a, 0x17, 0x24, 0x31, 0x3e, 0x4b,
6814 0x58, 0x65, 0x72, 0x7f, 0x8c, 0x99, 0xa6, 0xb3,
6815 0xc0, 0xcd, 0xda, 0xe7, 0xf4, 0x01, 0x0e, 0x1b,
6816 0x28, 0x35, 0x42, 0x4f, 0x5c, 0x69, 0x76, 0x83,
6817 0x90, 0x9d, 0xaa, 0xb7, 0xc4, 0xd1, 0xde, 0xeb,
6818 0xf8, 0x05, 0x12, 0x1f, 0x2c, 0x39, 0x46, 0x53,
6819 0x60, 0x6d, 0x7a, 0x87, 0x94, 0xa1, 0xae, 0xbb,
6820 0xc8, 0xd5, 0xe2, 0xef, 0xfc, 0x09, 0x16, 0x23,
6821 0x30, 0x3d, 0x4a, 0x57, 0x64, 0x71, 0x7e, 0x8b,
6822 0x98, 0xa5, 0xb2, 0xbf, 0xcc, 0xd9, 0xe6, 0xf3,
6823 0x00, 0x0f, 0x1e, 0x2d, 0x3c, 0x4b, 0x5a, 0x69,
6824 0x78, 0x87, 0x96, 0xa5, 0xb4, 0xc3, 0xd2, 0xe1,
6825 0xf0, 0xff, 0x0e, 0x1d, 0x2c, 0x3b, 0x4a, 0x59,
6826 0x68, 0x77, 0x86, 0x95, 0xa4, 0xb3, 0xc2, 0xd1,
6827 0xe0, 0xef, 0xfe, 0x0d, 0x1c, 0x2b, 0x3a, 0x49,
6828 0x58, 0x67, 0x76, 0x85, 0x94, 0xa3, 0xb2, 0xc1,
6829 0xd0, 0xdf, 0xee, 0xfd, 0x0c, 0x1b, 0x2a, 0x39,
6830 0x48, 0x57, 0x66, 0x75, 0x84, 0x93, 0xa2, 0xb1,
6831 0xc0, 0xcf, 0xde, 0xed, 0xfc, 0x0b, 0x1a, 0x29,
6832 0x38, 0x47, 0x56, 0x65, 0x74, 0x83, 0x92, 0xa1,
6833 0xb0, 0xbf, 0xce, 0xdd, 0xec, 0xfb, 0x0a, 0x19,
6834 0x28, 0x37, 0x46, 0x55, 0x64, 0x73, 0x82, 0x91,
6835 0xa0, 0xaf, 0xbe, 0xcd, 0xdc, 0xeb, 0xfa, 0x09,
6836 0x18, 0x27, 0x36, 0x45, 0x54, 0x63, 0x72, 0x81,
6837 0x90, 0x9f, 0xae, 0xbd, 0xcc, 0xdb, 0xea, 0xf9,
6838 0x08, 0x17, 0x26, 0x35, 0x44, 0x53, 0x62, 0x71,
6839 0x80, 0x8f, 0x9e, 0xad, 0xbc, 0xcb, 0xda, 0xe9,
6840 0xf8, 0x07, 0x16, 0x25, 0x34, 0x43, 0x52, 0x61,
6841 0x70, 0x7f, 0x8e, 0x9d, 0xac, 0xbb, 0xca, 0xd9,
6842 0xe8, 0xf7, 0x06, 0x15, 0x24, 0x33, 0x42, 0x51,
6843 0x60, 0x6f, 0x7e, 0x8d, 0x9c, 0xab, 0xba, 0xc9,
6844 0xd8, 0xe7, 0xf6, 0x05, 0x14, 0x23, 0x32, 0x41,
6845 0x50, 0x5f, 0x6e, 0x7d, 0x8c, 0x9b, 0xaa, 0xb9,
6846 0xc8, 0xd7, 0xe6, 0xf5, 0x04, 0x13, 0x22, 0x31,
6847 0x40, 0x4f, 0x5e, 0x6d, 0x7c, 0x8b, 0x9a, 0xa9,
6848 0xb8, 0xc7, 0xd6, 0xe5, 0xf4, 0x03, 0x12, 0x21,
6849 0x30, 0x3f, 0x4e, 0x5d, 0x6c, 0x7b, 0x8a, 0x99,
6850 0xa8, 0xb7, 0xc6, 0xd5, 0xe4, 0xf3, 0x02, 0x11,
6851 0x20, 0x2f, 0x3e, 0x4d, 0x5c, 0x6b, 0x7a, 0x89,
6852 0x98, 0xa7, 0xb6, 0xc5, 0xd4, 0xe3, 0xf2, 0x01,
6853 0x10, 0x1f, 0x2e, 0x3d, 0x4c, 0x5b, 0x6a, 0x79,
6854 0x88, 0x97, 0xa6, 0xb5, 0xc4, 0xd3, 0xe2, 0xf1,
6855 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
6856 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff,
6857 0x10, 0x21, 0x32, 0x43, 0x54, 0x65, 0x76, 0x87,
6858 0x98, 0xa9, 0xba, 0xcb, 0xdc, 0xed, 0xfe, 0x0f,
6859 0x20, 0x31, 0x42, 0x53, 0x64, 0x75, 0x86, 0x97,
6860 0xa8, 0xb9, 0xca, 0xdb, 0xec, 0xfd, 0x0e, 0x1f,
6861 0x30, 0x41, 0x52, 0x63, 0x74, 0x85, 0x96, 0xa7,
6862 0xb8, 0xc9, 0xda, 0xeb, 0xfc, 0x0d, 0x1e, 0x2f,
6863 0x40, 0x51, 0x62, 0x73, 0x84, 0x95, 0xa6, 0xb7,
6864 0xc8, 0xd9, 0xea, 0xfb, 0x0c, 0x1d, 0x2e, 0x3f,
6865 0x50, 0x61, 0x72, 0x83, 0x94, 0xa5, 0xb6, 0xc7,
6866 0xd8, 0xe9, 0xfa, 0x0b, 0x1c, 0x2d, 0x3e, 0x4f,
6867 0x60, 0x71, 0x82, 0x93, 0xa4, 0xb5, 0xc6, 0xd7,
6868 0xe8, 0xf9, 0x0a, 0x1b, 0x2c, 0x3d, 0x4e, 0x5f,
6869 0x70, 0x81, 0x92, 0xa3, 0xb4, 0xc5, 0xd6, 0xe7,
6870 0xf8, 0x09, 0x1a, 0x2b, 0x3c, 0x4d, 0x5e, 0x6f,
6871 0x80, 0x91, 0xa2, 0xb3, 0xc4, 0xd5, 0xe6, 0xf7,
6872 0x08, 0x19, 0x2a, 0x3b, 0x4c, 0x5d, 0x6e, 0x7f,
6873 0x90, 0xa1, 0xb2, 0xc3, 0xd4, 0xe5, 0xf6, 0x07,
6874 0x18, 0x29, 0x3a, 0x4b, 0x5c, 0x6d, 0x7e, 0x8f,
6875 0xa0, 0xb1, 0xc2, 0xd3, 0xe4, 0xf5, 0x06, 0x17,
6876 0x28, 0x39, 0x4a, 0x5b, 0x6c, 0x7d, 0x8e, 0x9f,
6877 0xb0, 0xc1, 0xd2, 0xe3, 0xf4, 0x05, 0x16, 0x27,
6878 0x38, 0x49, 0x5a, 0x6b, 0x7c, 0x8d, 0x9e, 0xaf,
6879 0xc0, 0xd1, 0xe2, 0xf3, 0x04, 0x15, 0x26, 0x37,
6880 0x48, 0x59, 0x6a, 0x7b, 0x8c, 0x9d, 0xae, 0xbf,
6881 0xd0, 0xe1, 0xf2, 0x03, 0x14, 0x25, 0x36, 0x47,
6882 0x58, 0x69, 0x7a, 0x8b, 0x9c, 0xad, 0xbe, 0xcf,
6883 0xe0, 0xf1, 0x02, 0x13, 0x24, 0x35, 0x46, 0x57,
6884 0x68, 0x79, 0x8a, 0x9b, 0xac, 0xbd, 0xce, 0xdf,
6885 0xf0, 0x01, 0x12, 0x23, 0x34, 0x45, 0x56, 0x67,
6886 0x78, 0x89, 0x9a, 0xab, 0xbc, 0xcd, 0xde, 0xef,
6887 0x00, 0x13, 0x26, 0x39, 0x4c, 0x5f, 0x72, 0x85,
6888 0x98, 0xab, 0xbe, 0xd1, 0xe4, 0xf7, 0x0a, 0x1d,
6889 0x30, 0x43, 0x56, 0x69, 0x7c, 0x8f, 0xa2, 0xb5,
6890 0xc8, 0xdb, 0xee, 0x01, 0x14, 0x27, 0x3a, 0x4d,
6891 0x60, 0x73, 0x86, 0x99, 0xac, 0xbf, 0xd2, 0xe5,
6892 0xf8, 0x0b, 0x1e, 0x31, 0x44, 0x57, 0x6a, 0x7d,
6893 0x90, 0xa3, 0xb6, 0xc9, 0xdc, 0xef, 0x02, 0x15,
6894 0x28, 0x3b, 0x4e, 0x61, 0x74, 0x87, 0x9a, 0xad,
6895 0xc0, 0xd3, 0xe6, 0xf9, 0x0c, 0x1f, 0x32, 0x45,
6896 0x58, 0x6b, 0x7e, 0x91, 0xa4, 0xb7, 0xca, 0xdd,
6897 0xf0, 0x03, 0x16, 0x29, 0x3c, 0x4f, 0x62, 0x75,
6898 0x88, 0x9b, 0xae, 0xc1, 0xd4, 0xe7, 0xfa, 0x0d,
6899 0x20, 0x33, 0x46, 0x59, 0x6c, 0x7f, 0x92, 0xa5,
6900 0xb8, 0xcb, 0xde, 0xf1, 0x04, 0x17, 0x2a, 0x3d,
6901 0x50, 0x63, 0x76, 0x89, 0x9c, 0xaf, 0xc2, 0xd5,
6902 0xe8, 0xfb, 0x0e, 0x21, 0x34, 0x47, 0x5a, 0x6d,
6903 0x80, 0x93, 0xa6, 0xb9, 0xcc, 0xdf, 0xf2, 0x05,
6904 0x18, 0x2b, 0x3e, 0x51, 0x64, 0x77, 0x8a, 0x9d,
6905 0xb0, 0xc3, 0xd6, 0xe9, 0xfc, 0x0f, 0x22, 0x35,
6906 0x48, 0x5b, 0x6e, 0x81, 0x94, 0xa7, 0xba, 0xcd,
6907 0xe0, 0xf3, 0x06, 0x19, 0x2c, 0x3f, 0x52, 0x65,
6908 0x78, 0x8b, 0x9e, 0xb1, 0xc4, 0xd7, 0xea, 0xfd,
6909 0x10, 0x23, 0x36, 0x49, 0x5c, 0x6f, 0x82, 0x95,
6910 0xa8, 0xbb, 0xce, 0xe1, 0xf4, 0x07, 0x1a, 0x2d,
6911 0x40, 0x53, 0x66, 0x79, 0x8c, 0x9f, 0xb2, 0xc5,
6912 0xd8, 0xeb, 0xfe, 0x11, 0x24, 0x37, 0x4a, 0x5d,
6913 0x70, 0x83, 0x96, 0xa9, 0xbc, 0xcf, 0xe2, 0xf5,
6914 0x08, 0x1b, 0x2e, 0x41, 0x54, 0x67, 0x7a, 0x8d,
6915 0xa0, 0xb3, 0xc6, 0xd9, 0xec, 0xff, 0x12, 0x25,
6916 0x38, 0x4b, 0x5e, 0x71, 0x84, 0x97, 0xaa, 0xbd,
6917 0xd0, 0xe3, 0xf6, 0x09, 0x1c, 0x2f, 0x42, 0x55,
6918 0x68, 0x7b, 0x8e, 0xa1, 0xb4, 0xc7, 0xda, 0xed,
6919 0x00, 0x15, 0x2a, 0x3f, 0x54, 0x69, 0x7e, 0x93,
6920 0xa8, 0xbd, 0xd2, 0xe7, 0xfc, 0x11, 0x26, 0x3b,
6921 0x50, 0x65, 0x7a, 0x8f, 0xa4, 0xb9, 0xce, 0xe3,
6922 0xf8, 0x0d, 0x22, 0x37, 0x4c, 0x61, 0x76, 0x8b,
6923 0xa0, 0xb5, 0xca, 0xdf, 0xf4, 0x09, 0x1e, 0x33,
6924 0x48, 0x5d, 0x72, 0x87, 0x9c, 0xb1, 0xc6, 0xdb,
6925 0xf0, 0x05, 0x1a, 0x2f, 0x44, 0x59, 0x6e, 0x83,
6926 0x98, 0xad, 0xc2, 0xd7, 0xec, 0x01, 0x16, 0x2b,
6927 0x40, 0x55, 0x6a, 0x7f, 0x94, 0xa9, 0xbe, 0xd3,
6928 0xe8, 0xfd, 0x12, 0x27, 0x3c, 0x51, 0x66, 0x7b,
6929 0x90, 0xa5, 0xba, 0xcf, 0xe4, 0xf9, 0x0e, 0x23,
6930 0x38, 0x4d, 0x62, 0x77, 0x8c, 0xa1, 0xb6, 0xcb,
6931 0xe0, 0xf5, 0x0a, 0x1f, 0x34, 0x49, 0x5e, 0x73,
6932 0x88, 0x9d, 0xb2, 0xc7, 0xdc, 0xf1, 0x06, 0x1b,
6933 0x30, 0x45, 0x5a, 0x6f, 0x84, 0x99, 0xae, 0xc3,
6934 0xd8, 0xed, 0x02, 0x17, 0x2c, 0x41, 0x56, 0x6b,
6935 0x80, 0x95, 0xaa, 0xbf, 0xd4, 0xe9, 0xfe, 0x13,
6936 0x28, 0x3d, 0x52, 0x67, 0x7c, 0x91, 0xa6, 0xbb,
6937 0xd0, 0xe5, 0xfa, 0x0f, 0x24, 0x39, 0x4e, 0x63,
6938 0x78, 0x8d, 0xa2, 0xb7, 0xcc, 0xe1, 0xf6, 0x0b,
6939 0x20, 0x35, 0x4a, 0x5f, 0x74, 0x89, 0x9e, 0xb3,
6940 0xc8, 0xdd, 0xf2, 0x07, 0x1c, 0x31, 0x46, 0x5b,
6941 0x70, 0x85, 0x9a, 0xaf, 0xc4, 0xd9, 0xee, 0x03,
6942 0x18, 0x2d, 0x42, 0x57, 0x6c, 0x81, 0x96, 0xab,
6943 0xc0, 0xd5, 0xea, 0xff, 0x14, 0x29, 0x3e, 0x53,
6944 0x68, 0x7d, 0x92, 0xa7, 0xbc, 0xd1, 0xe6, 0xfb,
6945 0x10, 0x25, 0x3a, 0x4f, 0x64, 0x79, 0x8e, 0xa3,
6946 0xb8, 0xcd, 0xe2, 0xf7, 0x0c, 0x21, 0x36, 0x4b,
6947 0x60, 0x75, 0x8a, 0x9f, 0xb4, 0xc9, 0xde, 0xf3,
6948 0x08, 0x1d, 0x32, 0x47, 0x5c, 0x71, 0x86, 0x9b,
6949 0xb0, 0xc5, 0xda, 0xef, 0x04, 0x19, 0x2e, 0x43,
6950 0x58, 0x6d, 0x82, 0x97, 0xac, 0xc1, 0xd6, 0xeb,
6951 0x00, 0x17, 0x2e, 0x45, 0x5c, 0x73, 0x8a, 0xa1,
6952 0xb8, 0xcf, 0xe6, 0xfd, 0x14, 0x2b, 0x42, 0x59,
6953 0x70, 0x87, 0x9e, 0xb5, 0xcc, 0xe3, 0xfa, 0x11,
6954 0x28, 0x3f, 0x56, 0x6d, 0x84, 0x9b, 0xb2, 0xc9,
6955 0xe0, 0xf7, 0x0e, 0x25, 0x3c, 0x53, 0x6a, 0x81,
6956 0x98, 0xaf, 0xc6, 0xdd, 0xf4, 0x0b, 0x22, 0x39,
6957 0x50, 0x67, 0x7e, 0x95, 0xac, 0xc3, 0xda, 0xf1,
6958 0x08, 0x1f, 0x36, 0x4d, 0x64, 0x7b, 0x92, 0xa9,
6959 0xc0, 0xd7, 0xee, 0x05, 0x1c, 0x33, 0x4a, 0x61,
6960 0x78, 0x8f, 0xa6, 0xbd, 0xd4, 0xeb, 0x02, 0x19,
6961 0x30, 0x47, 0x5e, 0x75, 0x8c, 0xa3, 0xba, 0xd1,
6962 0xe8, 0xff, 0x16, 0x2d, 0x44, 0x5b, 0x72, 0x89,
6963 0xa0, 0xb7, 0xce, 0xe5, 0xfc, 0x13, 0x2a, 0x41,
6964 0x58, 0x6f, 0x86, 0x9d, 0xb4, 0xcb, 0xe2, 0xf9,
6965 0x10, 0x27, 0x3e, 0x55, 0x6c, 0x83, 0x9a, 0xb1,
6966 0xc8, 0xdf, 0xf6, 0x0d, 0x24, 0x3b, 0x52, 0x69,
6967 0x80, 0x97, 0xae, 0xc5, 0xdc, 0xf3, 0x0a, 0x21,
6968 0x38, 0x4f, 0x66, 0x7d, 0x94, 0xab, 0xc2, 0xd9,
6969 0xf0, 0x07, 0x1e, 0x35, 0x4c, 0x63, 0x7a, 0x91,
6970 0xa8, 0xbf, 0xd6, 0xed, 0x04, 0x1b, 0x32, 0x49,
6971 0x60, 0x77, 0x8e, 0xa5, 0xbc, 0xd3, 0xea, 0x01,
6972 0x18, 0x2f, 0x46, 0x5d, 0x74, 0x8b, 0xa2, 0xb9,
6973 0xd0, 0xe7, 0xfe, 0x15, 0x2c, 0x43, 0x5a, 0x71,
6974 0x88, 0x9f, 0xb6, 0xcd, 0xe4, 0xfb, 0x12, 0x29,
6975 0x40, 0x57, 0x6e, 0x85, 0x9c, 0xb3, 0xca, 0xe1,
6976 0xf8, 0x0f, 0x26, 0x3d, 0x54, 0x6b, 0x82, 0x99,
6977 0xb0, 0xc7, 0xde, 0xf5, 0x0c, 0x23, 0x3a, 0x51,
6978 0x68, 0x7f, 0x96, 0xad, 0xc4, 0xdb, 0xf2, 0x09,
6979 0x20, 0x37, 0x4e, 0x65, 0x7c, 0x93, 0xaa, 0xc1,
6980 0xd8, 0xef, 0x06, 0x1d, 0x34, 0x4b, 0x62, 0x79,
6981 0x90, 0xa7, 0xbe, 0xd5, 0xec, 0x03, 0x1a, 0x31,
6982 0x48, 0x5f, 0x76, 0x8d, 0xa4, 0xbb, 0xd2, 0xe9,
6983 0x00, 0x19, 0x32, 0x4b, 0x64, 0x7d, 0x96, 0xaf,
6984 0xc8, 0xe1, 0xfa, 0x13, 0x2c, 0x45, 0x5e, 0x77,
6985 0x90, 0xa9, 0xc2, 0xdb, 0xf4, 0x0d, 0x26, 0x3f,
6986 0x58, 0x71, 0x8a, 0xa3, 0xbc, 0xd5, 0xee, 0x07,
6987 0x20, 0x39, 0x52, 0x6b, 0x84, 0x9d, 0xb6, 0xcf,
6988 0xe8, 0x01, 0x1a, 0x33, 0x4c, 0x65, 0x7e, 0x97,
6989 0xb0, 0xc9, 0xe2, 0xfb, 0x14, 0x2d, 0x46, 0x5f,
6990 0x78, 0x91, 0xaa, 0xc3, 0xdc, 0xf5, 0x0e, 0x27,
6991 0x40, 0x59, 0x72, 0x8b, 0xa4, 0xbd, 0xd6, 0xef,
6992 0x08, 0x21, 0x3a, 0x53, 0x6c, 0x85, 0x9e, 0xb7,
6993 0xd0, 0xe9, 0x02, 0x1b, 0x34, 0x4d, 0x66, 0x7f,
6994 0x98, 0xb1, 0xca, 0xe3, 0xfc, 0x15, 0x2e, 0x47,
6995 0x60, 0x79, 0x92, 0xab, 0xc4, 0xdd, 0xf6, 0x0f,
6996 0x28, 0x41, 0x5a, 0x73, 0x8c, 0xa5, 0xbe, 0xd7,
6997 0xf0, 0x09, 0x22, 0x3b, 0x54, 0x6d, 0x86, 0x9f,
6998 0xb8, 0xd1, 0xea, 0x03, 0x1c, 0x35, 0x4e, 0x67,
6999 0x80, 0x99, 0xb2, 0xcb, 0xe4, 0xfd, 0x16, 0x2f,
7000 0x48, 0x61, 0x7a, 0x93, 0xac, 0xc5, 0xde, 0xf7,
7001 0x10, 0x29, 0x42, 0x5b, 0x74, 0x8d, 0xa6, 0xbf,
7002 0xd8, 0xf1, 0x0a, 0x23, 0x3c, 0x55, 0x6e, 0x87,
7003 0xa0, 0xb9, 0xd2, 0xeb, 0x04, 0x1d, 0x36, 0x4f,
7004 0x68, 0x81, 0x9a, 0xb3, 0xcc, 0xe5, 0xfe, 0x17,
7005 0x30, 0x49, 0x62, 0x7b, 0x94, 0xad, 0xc6, 0xdf,
7006 0xf8, 0x11, 0x2a, 0x43, 0x5c, 0x75, 0x8e, 0xa7,
7007 0xc0, 0xd9, 0xf2, 0x0b, 0x24, 0x3d, 0x56, 0x6f,
7008 0x88, 0xa1, 0xba, 0xd3, 0xec, 0x05, 0x1e, 0x37,
7009 0x50, 0x69, 0x82, 0x9b, 0xb4, 0xcd, 0xe6, 0xff,
7010 0x18, 0x31, 0x4a, 0x63, 0x7c, 0x95, 0xae, 0xc7,
7011 0xe0, 0xf9, 0x12, 0x2b, 0x44, 0x5d, 0x76, 0x8f,
7012 0xa8, 0xc1, 0xda, 0xf3, 0x0c, 0x25, 0x3e, 0x57,
7013 0x70, 0x89, 0xa2, 0xbb, 0xd4, 0xed, 0x06, 0x1f,
7014 0x38, 0x51, 0x6a, 0x83, 0x9c, 0xb5, 0xce, 0xe7,
7015 0x00, 0x1b, 0x36, 0x51, 0x6c, 0x87, 0xa2, 0xbd,
7016 0xd8, 0xf3, 0x0e, 0x29, 0x44, 0x5f, 0x7a, 0x95,
7017 0xb0, 0xcb, 0xe6, 0x01, 0x1c, 0x37, 0x52, 0x6d,
7018 0x88, 0xa3, 0xbe, 0xd9, 0xf4, 0x0f, 0x2a, 0x45,
7019 0x60, 0x7b, 0x96, 0xb1, 0xcc, 0xe7, 0x02, 0x1d,
7020 0x38, 0x53, 0x6e, 0x89, 0xa4, 0xbf, 0xda, 0xf5,
7021 0x10, 0x2b, 0x46, 0x61, 0x7c, 0x97, 0xb2, 0xcd,
7022 0xe8, 0x03, 0x1e, 0x39, 0x54, 0x6f, 0x8a, 0xa5,
7023 0xc0, 0xdb, 0xf6, 0x11, 0x2c, 0x47, 0x62, 0x7d,
7024 0x98, 0xb3, 0xce, 0xe9, 0x04, 0x1f, 0x3a, 0x55,
7025 0x70, 0x8b, 0xa6, 0xc1, 0xdc, 0xf7, 0x12, 0x2d,
7026 0x48, 0x63, 0x7e, 0x99, 0xb4, 0xcf, 0xea, 0x05,
7027 0x20, 0x3b, 0x56, 0x71, 0x8c, 0xa7, 0xc2, 0xdd,
7028 0xf8, 0x13, 0x2e, 0x49, 0x64, 0x7f, 0x9a, 0xb5,
7029 0xd0, 0xeb, 0x06, 0x21, 0x3c, 0x57, 0x72, 0x8d,
7030 0xa8, 0xc3, 0xde, 0xf9, 0x14, 0x2f, 0x4a, 0x65,
7031 0x80, 0x9b, 0xb6, 0xd1, 0xec, 0x07, 0x22, 0x3d,
7032 0x58, 0x73, 0x8e, 0xa9, 0xc4, 0xdf, 0xfa, 0x15,
7033 0x30, 0x4b, 0x66, 0x81, 0x9c, 0xb7, 0xd2, 0xed,
7034 0x08, 0x23, 0x3e, 0x59, 0x74, 0x8f, 0xaa, 0xc5,
7035 0xe0, 0xfb, 0x16, 0x31, 0x4c, 0x67, 0x82, 0x9d,
7036 0xb8, 0xd3, 0xee, 0x09, 0x24, 0x3f, 0x5a, 0x75,
7037 0x90, 0xab, 0xc6, 0xe1, 0xfc, 0x17, 0x32, 0x4d,
7038 0x68, 0x83, 0x9e, 0xb9, 0xd4, 0xef, 0x0a, 0x25,
7039 0x40, 0x5b, 0x76, 0x91, 0xac, 0xc7, 0xe2, 0xfd,
7040 0x18, 0x33, 0x4e, 0x69, 0x84, 0x9f, 0xba, 0xd5,
7041 0xf0, 0x0b, 0x26, 0x41, 0x5c, 0x77, 0x92, 0xad,
7042 0xc8, 0xe3, 0xfe, 0x19, 0x34, 0x4f, 0x6a, 0x85,
7043 0xa0, 0xbb, 0xd6, 0xf1, 0x0c, 0x27, 0x42, 0x5d,
7044 0x78, 0x93, 0xae, 0xc9, 0xe4, 0xff, 0x1a, 0x35,
7045 0x50, 0x6b, 0x86, 0xa1, 0xbc, 0xd7, 0xf2, 0x0d,
7046 0x28, 0x43, 0x5e, 0x79, 0x94, 0xaf, 0xca, 0xe5,
7047 0x00, 0x1d, 0x3a, 0x57, 0x74, 0x91, 0xae, 0xcb,
7048 0xe8, 0x05, 0x22, 0x3f, 0x5c, 0x79, 0x96, 0xb3,
7049 0xd0, 0xed, 0x0a, 0x27, 0x44, 0x61, 0x7e, 0x9b,
7050 0xb8, 0xd5, 0xf2, 0x0f, 0x2c, 0x49, 0x66, 0x83,
7051 0xa0, 0xbd, 0xda, 0xf7, 0x14, 0x31, 0x4e, 0x6b,
7052 0x88, 0xa5, 0xc2, 0xdf, 0xfc, 0x19, 0x36, 0x53,
7053 0x70, 0x8d, 0xaa, 0xc7, 0xe4, 0x01, 0x1e, 0x3b,
7054 0x58, 0x75, 0x92, 0xaf, 0xcc, 0xe9, 0x06, 0x23,
7055 0x40, 0x5d, 0x7a, 0x97, 0xb4, 0xd1, 0xee, 0x0b,
7056 0x28, 0x45, 0x62, 0x7f, 0x9c, 0xb9, 0xd6, 0xf3,
7057 0x10, 0x2d, 0x4a, 0x67, 0x84, 0xa1, 0xbe, 0xdb,
7058 0xf8, 0x15, 0x32, 0x4f, 0x6c, 0x89, 0xa6, 0xc3,
7059 0xe0, 0xfd, 0x1a, 0x37, 0x54, 0x71, 0x8e, 0xab,
7060 0xc8, 0xe5, 0x02, 0x1f, 0x3c, 0x59, 0x76, 0x93,
7061 0xb0, 0xcd, 0xea, 0x07, 0x24, 0x41, 0x5e, 0x7b,
7062 0x98, 0xb5, 0xd2, 0xef, 0x0c, 0x29, 0x46, 0x63,
7063 0x80, 0x9d, 0xba, 0xd7, 0xf4, 0x11, 0x2e, 0x4b,
7064 0x68, 0x85, 0xa2, 0xbf, 0xdc, 0xf9, 0x16, 0x33,
7065 0x50, 0x6d, 0x8a, 0xa7, 0xc4, 0xe1, 0xfe, 0x1b,
7066 0x38, 0x55, 0x72, 0x8f, 0xac, 0xc9, 0xe6, 0x03,
7067 0x20, 0x3d, 0x5a, 0x77, 0x94, 0xb1, 0xce, 0xeb,
7068 0x08, 0x25, 0x42, 0x5f, 0x7c, 0x99, 0xb6, 0xd3,
7069 0xf0, 0x0d, 0x2a, 0x47, 0x64, 0x81, 0x9e, 0xbb,
7070 0xd8, 0xf5, 0x12, 0x2f, 0x4c, 0x69, 0x86, 0xa3,
7071 0xc0, 0xdd, 0xfa, 0x17, 0x34, 0x51, 0x6e, 0x8b,
7072 0xa8, 0xc5, 0xe2, 0xff, 0x1c, 0x39, 0x56, 0x73,
7073 0x90, 0xad, 0xca, 0xe7, 0x04, 0x21, 0x3e, 0x5b,
7074 0x78, 0x95, 0xb2, 0xcf, 0xec, 0x09, 0x26, 0x43,
7075 0x60, 0x7d, 0x9a, 0xb7, 0xd4, 0xf1, 0x0e, 0x2b,
7076 0x48, 0x65, 0x82, 0x9f, 0xbc, 0xd9, 0xf6, 0x13,
7077 0x30, 0x4d, 0x6a, 0x87, 0xa4, 0xc1, 0xde, 0xfb,
7078 0x18, 0x35, 0x52, 0x6f, 0x8c, 0xa9, 0xc6, 0xe3,
7079 0x00, 0x1f, 0x3e, 0x5d, 0x7c, 0x9b, 0xba, 0xd9,
7080 0xf8, 0x17, 0x36, 0x55, 0x74, 0x93, 0xb2, 0xd1,
7081 0xf0, 0x0f, 0x2e, 0x4d, 0x6c, 0x8b, 0xaa, 0xc9,
7082 0xe8, 0x07, 0x26, 0x45, 0x64, 0x83, 0xa2, 0xc1,
7083 0xe0, 0xff, 0x1e, 0x3d, 0x5c, 0x7b, 0x9a, 0xb9,
7084 0xd8, 0xf7, 0x16, 0x35, 0x54, 0x73, 0x92, 0xb1,
7085 0xd0, 0xef, 0x0e, 0x2d, 0x4c, 0x6b, 0x8a, 0xa9,
7086 0xc8, 0xe7, 0x06, 0x25, 0x44, 0x63, 0x82, 0xa1,
7087 0xc0, 0xdf, 0xfe, 0x1d, 0x3c, 0x5b, 0x7a, 0x99,
7088 0xb8, 0xd7, 0xf6, 0x15, 0x34, 0x53, 0x72, 0x91,
7089 0xb0, 0xcf, 0xee, 0x0d, 0x2c, 0x4b, 0x6a, 0x89,
7090 0xa8, 0xc7, 0xe6, 0x05, 0x24, 0x43, 0x62, 0x81,
7091 0xa0, 0xbf, 0xde, 0xfd, 0x1c, 0x3b, 0x5a, 0x79,
7092 0x98, 0xb7, 0xd6, 0xf5, 0x14, 0x33, 0x52, 0x71,
7093 0x90, 0xaf, 0xce, 0xed, 0x0c, 0x2b, 0x4a, 0x69,
7094 0x88, 0xa7, 0xc6, 0xe5, 0x04, 0x23, 0x42, 0x61,
7095 0x80, 0x9f, 0xbe, 0xdd, 0xfc, 0x1b, 0x3a, 0x59,
7096 0x78, 0x97, 0xb6, 0xd5, 0xf4, 0x13, 0x32, 0x51,
7097 0x70, 0x8f, 0xae, 0xcd, 0xec, 0x0b, 0x2a, 0x49,
7098 0x68, 0x87, 0xa6, 0xc5, 0xe4, 0x03, 0x22, 0x41,
7099 0x60, 0x7f, 0x9e, 0xbd, 0xdc, 0xfb, 0x1a, 0x39,
7100 0x58, 0x77, 0x96, 0xb5, 0xd4, 0xf3, 0x12, 0x31,
7101 0x50, 0x6f, 0x8e, 0xad, 0xcc, 0xeb, 0x0a, 0x29,
7102 0x48, 0x67, 0x86, 0xa5, 0xc4, 0xe3, 0x02, 0x21,
7103 0x40, 0x5f, 0x7e, 0x9d, 0xbc, 0xdb, 0xfa, 0x19,
7104 0x38, 0x57, 0x76, 0x95, 0xb4, 0xd3, 0xf2, 0x11,
7105 0x30, 0x4f, 0x6e, 0x8d, 0xac, 0xcb, 0xea, 0x09,
7106 0x28, 0x47, 0x66, 0x85, 0xa4, 0xc3, 0xe2, 0x01,
7107 0x20, 0x3f, 0x5e, 0x7d, 0x9c, 0xbb, 0xda, 0xf9,
7108 0x18, 0x37, 0x56, 0x75, 0x94, 0xb3, 0xd2, 0xf1,
7109 0x10, 0x2f, 0x4e, 0x6d, 0x8c, 0xab, 0xca, 0xe9,
7110 0x08, 0x27, 0x46, 0x65, 0x84, 0xa3, 0xc2, 0xe1,
7111 0x00, 0x21, 0x42, 0x63,
7112 },
7113 .ilen = 4100,
7114 .result = {
7115 0xb5, 0x81, 0xf5, 0x64, 0x18, 0x73, 0xe3, 0xf0,
7116 0x4c, 0x13, 0xf2, 0x77, 0x18, 0x60, 0x65, 0x5e,
7117 0x29, 0x01, 0xce, 0x98, 0x55, 0x53, 0xf9, 0x0c,
7118 0x2a, 0x08, 0xd5, 0x09, 0xb3, 0x57, 0x55, 0x56,
7119 0xc5, 0xe9, 0x56, 0x90, 0xcb, 0x6a, 0xa3, 0xc0,
7120 0xff, 0xc4, 0x79, 0xb4, 0xd2, 0x97, 0x5d, 0xc4,
7121 0x43, 0xd1, 0xfe, 0x94, 0x7b, 0x88, 0x06, 0x5a,
7122 0xb2, 0x9e, 0x2c, 0xfc, 0x44, 0x03, 0xb7, 0x90,
7123 0xa0, 0xc1, 0xba, 0x6a, 0x33, 0xb8, 0xc7, 0xb2,
7124 0x9d, 0xe1, 0x12, 0x4f, 0xc0, 0x64, 0xd4, 0x01,
7125 0xfe, 0x8c, 0x7a, 0x66, 0xf7, 0xe6, 0x5a, 0x91,
7126 0xbb, 0xde, 0x56, 0x86, 0xab, 0x65, 0x21, 0x30,
7127 0x00, 0x84, 0x65, 0x24, 0xa5, 0x7d, 0x85, 0xb4,
7128 0xe3, 0x17, 0xed, 0x3a, 0xb7, 0x6f, 0xb4, 0x0b,
7129 0x0b, 0xaf, 0x15, 0xae, 0x5a, 0x8f, 0xf2, 0x0c,
7130 0x2f, 0x27, 0xf4, 0x09, 0xd8, 0xd2, 0x96, 0xb7,
7131 0x71, 0xf2, 0xc5, 0x99, 0x4d, 0x7e, 0x7f, 0x75,
7132 0x77, 0x89, 0x30, 0x8b, 0x59, 0xdb, 0xa2, 0xb2,
7133 0xa0, 0xf3, 0x19, 0x39, 0x2b, 0xc5, 0x7e, 0x3f,
7134 0x4f, 0xd9, 0xd3, 0x56, 0x28, 0x97, 0x44, 0xdc,
7135 0xc0, 0x8b, 0x77, 0x24, 0xd9, 0x52, 0xe7, 0xc5,
7136 0xaf, 0xf6, 0x7d, 0x59, 0xb2, 0x44, 0x05, 0x1d,
7137 0xb1, 0xb0, 0x11, 0xa5, 0x0f, 0xec, 0x33, 0xe1,
7138 0x6d, 0x1b, 0x4e, 0x1f, 0xff, 0x57, 0x91, 0xb4,
7139 0x5b, 0x9a, 0x96, 0xc5, 0x53, 0xbc, 0xae, 0x20,
7140 0x3c, 0xbb, 0x14, 0xe2, 0xe8, 0x22, 0x33, 0xc1,
7141 0x5e, 0x76, 0x9e, 0x46, 0x99, 0xf6, 0x2a, 0x15,
7142 0xc6, 0x97, 0x02, 0xa0, 0x66, 0x43, 0xd1, 0xa6,
7143 0x31, 0xa6, 0x9f, 0xfb, 0xf4, 0xd3, 0x69, 0xe5,
7144 0xcd, 0x76, 0x95, 0xb8, 0x7a, 0x82, 0x7f, 0x21,
7145 0x45, 0xff, 0x3f, 0xce, 0x55, 0xf6, 0x95, 0x10,
7146 0x08, 0x77, 0x10, 0x43, 0xc6, 0xf3, 0x09, 0xe5,
7147 0x68, 0xe7, 0x3c, 0xad, 0x00, 0x52, 0x45, 0x0d,
7148 0xfe, 0x2d, 0xc6, 0xc2, 0x94, 0x8c, 0x12, 0x1d,
7149 0xe6, 0x25, 0xae, 0x98, 0x12, 0x8e, 0x19, 0x9c,
7150 0x81, 0x68, 0xb1, 0x11, 0xf6, 0x69, 0xda, 0xe3,
7151 0x62, 0x08, 0x18, 0x7a, 0x25, 0x49, 0x28, 0xac,
7152 0xba, 0x71, 0x12, 0x0b, 0xe4, 0xa2, 0xe5, 0xc7,
7153 0x5d, 0x8e, 0xec, 0x49, 0x40, 0x21, 0xbf, 0x5a,
7154 0x98, 0xf3, 0x02, 0x68, 0x55, 0x03, 0x7f, 0x8a,
7155 0xe5, 0x94, 0x0c, 0x32, 0x5c, 0x07, 0x82, 0x63,
7156 0xaf, 0x6f, 0x91, 0x40, 0x84, 0x8e, 0x52, 0x25,
7157 0xd0, 0xb0, 0x29, 0x53, 0x05, 0xe2, 0x50, 0x7a,
7158 0x34, 0xeb, 0xc9, 0x46, 0x20, 0xa8, 0x3d, 0xde,
7159 0x7f, 0x16, 0x5f, 0x36, 0xc5, 0x2e, 0xdc, 0xd1,
7160 0x15, 0x47, 0xc7, 0x50, 0x40, 0x6d, 0x91, 0xc5,
7161 0xe7, 0x93, 0x95, 0x1a, 0xd3, 0x57, 0xbc, 0x52,
7162 0x33, 0xee, 0x14, 0x19, 0x22, 0x52, 0x89, 0xa7,
7163 0x4a, 0x25, 0x56, 0x77, 0x4b, 0xca, 0xcf, 0x0a,
7164 0xe1, 0xf5, 0x35, 0x85, 0x30, 0x7e, 0x59, 0x4a,
7165 0xbd, 0x14, 0x5b, 0xdf, 0xe3, 0x46, 0xcb, 0xac,
7166 0x1f, 0x6c, 0x96, 0x0e, 0xf4, 0x81, 0xd1, 0x99,
7167 0xca, 0x88, 0x63, 0x3d, 0x02, 0x58, 0x6b, 0xa9,
7168 0xe5, 0x9f, 0xb3, 0x00, 0xb2, 0x54, 0xc6, 0x74,
7169 0x1c, 0xbf, 0x46, 0xab, 0x97, 0xcc, 0xf8, 0x54,
7170 0x04, 0x07, 0x08, 0x52, 0xe6, 0xc0, 0xda, 0x93,
7171 0x74, 0x7d, 0x93, 0x99, 0x5d, 0x78, 0x68, 0xa6,
7172 0x2e, 0x6b, 0xd3, 0x6a, 0x69, 0xcc, 0x12, 0x6b,
7173 0xd4, 0xc7, 0xa5, 0xc6, 0xe7, 0xf6, 0x03, 0x04,
7174 0x5d, 0xcd, 0x61, 0x5e, 0x17, 0x40, 0xdc, 0xd1,
7175 0x5c, 0xf5, 0x08, 0xdf, 0x5c, 0x90, 0x85, 0xa4,
7176 0xaf, 0xf6, 0x78, 0xbb, 0x0d, 0xf1, 0xf4, 0xa4,
7177 0x54, 0x26, 0x72, 0x9e, 0x61, 0xfa, 0x86, 0xcf,
7178 0xe8, 0x9e, 0xa1, 0xe0, 0xc7, 0x48, 0x23, 0xae,
7179 0x5a, 0x90, 0xae, 0x75, 0x0a, 0x74, 0x18, 0x89,
7180 0x05, 0xb1, 0x92, 0xb2, 0x7f, 0xd0, 0x1b, 0xa6,
7181 0x62, 0x07, 0x25, 0x01, 0xc7, 0xc2, 0x4f, 0xf9,
7182 0xe8, 0xfe, 0x63, 0x95, 0x80, 0x07, 0xb4, 0x26,
7183 0xcc, 0xd1, 0x26, 0xb6, 0xc4, 0x3f, 0x9e, 0xcb,
7184 0x8e, 0x3b, 0x2e, 0x44, 0x16, 0xd3, 0x10, 0x9a,
7185 0x95, 0x08, 0xeb, 0xc8, 0xcb, 0xeb, 0xbf, 0x6f,
7186 0x0b, 0xcd, 0x1f, 0xc8, 0xca, 0x86, 0xaa, 0xec,
7187 0x33, 0xe6, 0x69, 0xf4, 0x45, 0x25, 0x86, 0x3a,
7188 0x22, 0x94, 0x4f, 0x00, 0x23, 0x6a, 0x44, 0xc2,
7189 0x49, 0x97, 0x33, 0xab, 0x36, 0x14, 0x0a, 0x70,
7190 0x24, 0xc3, 0xbe, 0x04, 0x3b, 0x79, 0xa0, 0xf9,
7191 0xb8, 0xe7, 0x76, 0x29, 0x22, 0x83, 0xd7, 0xf2,
7192 0x94, 0xf4, 0x41, 0x49, 0xba, 0x5f, 0x7b, 0x07,
7193 0xb5, 0xfb, 0xdb, 0x03, 0x1a, 0x9f, 0xb6, 0x4c,
7194 0xc2, 0x2e, 0x37, 0x40, 0x49, 0xc3, 0x38, 0x16,
7195 0xe2, 0x4f, 0x77, 0x82, 0xb0, 0x68, 0x4c, 0x71,
7196 0x1d, 0x57, 0x61, 0x9c, 0xd9, 0x4e, 0x54, 0x99,
7197 0x47, 0x13, 0x28, 0x73, 0x3c, 0xbb, 0x00, 0x90,
7198 0xf3, 0x4d, 0xc9, 0x0e, 0xfd, 0xe7, 0xb1, 0x71,
7199 0xd3, 0x15, 0x79, 0xbf, 0xcc, 0x26, 0x2f, 0xbd,
7200 0xad, 0x6c, 0x50, 0x69, 0x6c, 0x3e, 0x6d, 0x80,
7201 0x9a, 0xea, 0x78, 0xaf, 0x19, 0xb2, 0x0d, 0x4d,
7202 0xad, 0x04, 0x07, 0xae, 0x22, 0x90, 0x4a, 0x93,
7203 0x32, 0x0e, 0x36, 0x9b, 0x1b, 0x46, 0xba, 0x3b,
7204 0xb4, 0xac, 0xc6, 0xd1, 0xa2, 0x31, 0x53, 0x3b,
7205 0x2a, 0x3d, 0x45, 0xfe, 0x03, 0x61, 0x10, 0x85,
7206 0x17, 0x69, 0xa6, 0x78, 0xcc, 0x6c, 0x87, 0x49,
7207 0x53, 0xf9, 0x80, 0x10, 0xde, 0x80, 0xa2, 0x41,
7208 0x6a, 0xc3, 0x32, 0x02, 0xad, 0x6d, 0x3c, 0x56,
7209 0x00, 0x71, 0x51, 0x06, 0xa7, 0xbd, 0xfb, 0xef,
7210 0x3c, 0xb5, 0x9f, 0xfc, 0x48, 0x7d, 0x53, 0x7c,
7211 0x66, 0xb0, 0x49, 0x23, 0xc4, 0x47, 0x10, 0x0e,
7212 0xe5, 0x6c, 0x74, 0x13, 0xe6, 0xc5, 0x3f, 0xaa,
7213 0xde, 0xff, 0x07, 0x44, 0xdd, 0x56, 0x1b, 0xad,
7214 0x09, 0x77, 0xfb, 0x5b, 0x12, 0xb8, 0x0d, 0x38,
7215 0x17, 0x37, 0x35, 0x7b, 0x9b, 0xbc, 0xfe, 0xd4,
7216 0x7e, 0x8b, 0xda, 0x7e, 0x5b, 0x04, 0xa7, 0x22,
7217 0xa7, 0x31, 0xa1, 0x20, 0x86, 0xc7, 0x1b, 0x99,
7218 0xdb, 0xd1, 0x89, 0xf4, 0x94, 0xa3, 0x53, 0x69,
7219 0x8d, 0xe7, 0xe8, 0x74, 0x11, 0x8d, 0x74, 0xd6,
7220 0x07, 0x37, 0x91, 0x9f, 0xfd, 0x67, 0x50, 0x3a,
7221 0xc9, 0xe1, 0xf4, 0x36, 0xd5, 0xa0, 0x47, 0xd1,
7222 0xf9, 0xe5, 0x39, 0xa3, 0x31, 0xac, 0x07, 0x36,
7223 0x23, 0xf8, 0x66, 0x18, 0x14, 0x28, 0x34, 0x0f,
7224 0xb8, 0xd0, 0xe7, 0x29, 0xb3, 0x04, 0x4b, 0x55,
7225 0x01, 0x41, 0xb2, 0x75, 0x8d, 0xcb, 0x96, 0x85,
7226 0x3a, 0xfb, 0xab, 0x2b, 0x9e, 0xfa, 0x58, 0x20,
7227 0x44, 0x1f, 0xc0, 0x14, 0x22, 0x75, 0x61, 0xe8,
7228 0xaa, 0x19, 0xcf, 0xf1, 0x82, 0x56, 0xf4, 0xd7,
7229 0x78, 0x7b, 0x3d, 0x5f, 0xb3, 0x9e, 0x0b, 0x8a,
7230 0x57, 0x50, 0xdb, 0x17, 0x41, 0x65, 0x4d, 0xa3,
7231 0x02, 0xc9, 0x9c, 0x9c, 0x53, 0xfb, 0x39, 0x39,
7232 0x9b, 0x1d, 0x72, 0x24, 0xda, 0xb7, 0x39, 0xbe,
7233 0x13, 0x3b, 0xfa, 0x29, 0xda, 0x9e, 0x54, 0x64,
7234 0x6e, 0xba, 0xd8, 0xa1, 0xcb, 0xb3, 0x36, 0xfa,
7235 0xcb, 0x47, 0x85, 0xe9, 0x61, 0x38, 0xbc, 0xbe,
7236 0xc5, 0x00, 0x38, 0x2a, 0x54, 0xf7, 0xc4, 0xb9,
7237 0xb3, 0xd3, 0x7b, 0xa0, 0xa0, 0xf8, 0x72, 0x7f,
7238 0x8c, 0x8e, 0x82, 0x0e, 0xc6, 0x1c, 0x75, 0x9d,
7239 0xca, 0x8e, 0x61, 0x87, 0xde, 0xad, 0x80, 0xd2,
7240 0xf5, 0xf9, 0x80, 0xef, 0x15, 0x75, 0xaf, 0xf5,
7241 0x80, 0xfb, 0xff, 0x6d, 0x1e, 0x25, 0xb7, 0x40,
7242 0x61, 0x6a, 0x39, 0x5a, 0x6a, 0xb5, 0x31, 0xab,
7243 0x97, 0x8a, 0x19, 0x89, 0x44, 0x40, 0xc0, 0xa6,
7244 0xb4, 0x4e, 0x30, 0x32, 0x7b, 0x13, 0xe7, 0x67,
7245 0xa9, 0x8b, 0x57, 0x04, 0xc2, 0x01, 0xa6, 0xf4,
7246 0x28, 0x99, 0xad, 0x2c, 0x76, 0xa3, 0x78, 0xc2,
7247 0x4a, 0xe6, 0xca, 0x5c, 0x50, 0x6a, 0xc1, 0xb0,
7248 0x62, 0x4b, 0x10, 0x8e, 0x7c, 0x17, 0x43, 0xb3,
7249 0x17, 0x66, 0x1c, 0x3e, 0x8d, 0x69, 0xf0, 0x5a,
7250 0x71, 0xf5, 0x97, 0xdc, 0xd1, 0x45, 0xdd, 0x28,
7251 0xf3, 0x5d, 0xdf, 0x53, 0x7b, 0x11, 0xe5, 0xbc,
7252 0x4c, 0xdb, 0x1b, 0x51, 0x6b, 0xe9, 0xfb, 0x3d,
7253 0xc1, 0xc3, 0x2c, 0xb9, 0x71, 0xf5, 0xb6, 0xb2,
7254 0x13, 0x36, 0x79, 0x80, 0x53, 0xe8, 0xd3, 0xa6,
7255 0x0a, 0xaf, 0xfd, 0x56, 0x97, 0xf7, 0x40, 0x8e,
7256 0x45, 0xce, 0xf8, 0xb0, 0x9e, 0x5c, 0x33, 0x82,
7257 0xb0, 0x44, 0x56, 0xfc, 0x05, 0x09, 0xe9, 0x2a,
7258 0xac, 0x26, 0x80, 0x14, 0x1d, 0xc8, 0x3a, 0x35,
7259 0x4c, 0x82, 0x97, 0xfd, 0x76, 0xb7, 0xa9, 0x0a,
7260 0x35, 0x58, 0x79, 0x8e, 0x0f, 0x66, 0xea, 0xaf,
7261 0x51, 0x6c, 0x09, 0xa9, 0x6e, 0x9b, 0xcb, 0x9a,
7262 0x31, 0x47, 0xa0, 0x2f, 0x7c, 0x71, 0xb4, 0x4a,
7263 0x11, 0xaa, 0x8c, 0x66, 0xc5, 0x64, 0xe6, 0x3a,
7264 0x54, 0xda, 0x24, 0x6a, 0xc4, 0x41, 0x65, 0x46,
7265 0x82, 0xa0, 0x0a, 0x0f, 0x5f, 0xfb, 0x25, 0xd0,
7266 0x2c, 0x91, 0xa7, 0xee, 0xc4, 0x81, 0x07, 0x86,
7267 0x75, 0x5e, 0x33, 0x69, 0x97, 0xe4, 0x2c, 0xa8,
7268 0x9d, 0x9f, 0x0b, 0x6a, 0xbe, 0xad, 0x98, 0xda,
7269 0x6d, 0x94, 0x41, 0xda, 0x2c, 0x1e, 0x89, 0xc4,
7270 0xc2, 0xaf, 0x1e, 0x00, 0x05, 0x0b, 0x83, 0x60,
7271 0xbd, 0x43, 0xea, 0x15, 0x23, 0x7f, 0xb9, 0xac,
7272 0xee, 0x4f, 0x2c, 0xaf, 0x2a, 0xf3, 0xdf, 0xd0,
7273 0xf3, 0x19, 0x31, 0xbb, 0x4a, 0x74, 0x84, 0x17,
7274 0x52, 0x32, 0x2c, 0x7d, 0x61, 0xe4, 0xcb, 0xeb,
7275 0x80, 0x38, 0x15, 0x52, 0xcb, 0x6f, 0xea, 0xe5,
7276 0x73, 0x9c, 0xd9, 0x24, 0x69, 0xc6, 0x95, 0x32,
7277 0x21, 0xc8, 0x11, 0xe4, 0xdc, 0x36, 0xd7, 0x93,
7278 0x38, 0x66, 0xfb, 0xb2, 0x7f, 0x3a, 0xb9, 0xaf,
7279 0x31, 0xdd, 0x93, 0x75, 0x78, 0x8a, 0x2c, 0x94,
7280 0x87, 0x1a, 0x58, 0xec, 0x9e, 0x7d, 0x4d, 0xba,
7281 0xe1, 0xe5, 0x4d, 0xfc, 0xbc, 0xa4, 0x2a, 0x14,
7282 0xef, 0xcc, 0xa7, 0xec, 0xab, 0x43, 0x09, 0x18,
7283 0xd3, 0xab, 0x68, 0xd1, 0x07, 0x99, 0x44, 0x47,
7284 0xd6, 0x83, 0x85, 0x3b, 0x30, 0xea, 0xa9, 0x6b,
7285 0x63, 0xea, 0xc4, 0x07, 0xfb, 0x43, 0x2f, 0xa4,
7286 0xaa, 0xb0, 0xab, 0x03, 0x89, 0xce, 0x3f, 0x8c,
7287 0x02, 0x7c, 0x86, 0x54, 0xbc, 0x88, 0xaf, 0x75,
7288 0xd2, 0xdc, 0x63, 0x17, 0xd3, 0x26, 0xf6, 0x96,
7289 0xa9, 0x3c, 0xf1, 0x61, 0x8c, 0x11, 0x18, 0xcc,
7290 0xd6, 0xea, 0x5b, 0xe2, 0xcd, 0xf0, 0xf1, 0xb2,
7291 0xe5, 0x35, 0x90, 0x1f, 0x85, 0x4c, 0x76, 0x5b,
7292 0x66, 0xce, 0x44, 0xa4, 0x32, 0x9f, 0xe6, 0x7b,
7293 0x71, 0x6e, 0x9f, 0x58, 0x15, 0x67, 0x72, 0x87,
7294 0x64, 0x8e, 0x3a, 0x44, 0x45, 0xd4, 0x76, 0xfa,
7295 0xc2, 0xf6, 0xef, 0x85, 0x05, 0x18, 0x7a, 0x9b,
7296 0xba, 0x41, 0x54, 0xac, 0xf0, 0xfc, 0x59, 0x12,
7297 0x3f, 0xdf, 0xa0, 0xe5, 0x8a, 0x65, 0xfd, 0x3a,
7298 0x62, 0x8d, 0x83, 0x2c, 0x03, 0xbe, 0x05, 0x76,
7299 0x2e, 0x53, 0x49, 0x97, 0x94, 0x33, 0xae, 0x40,
7300 0x81, 0x15, 0xdb, 0x6e, 0xad, 0xaa, 0xf5, 0x4b,
7301 0xe3, 0x98, 0x70, 0xdf, 0xe0, 0x7c, 0xcd, 0xdb,
7302 0x02, 0xd4, 0x7d, 0x2f, 0xc1, 0xe6, 0xb4, 0xf3,
7303 0xd7, 0x0d, 0x7a, 0xd9, 0x23, 0x9e, 0x87, 0x2d,
7304 0xce, 0x87, 0xad, 0xcc, 0x72, 0x05, 0x00, 0x29,
7305 0xdc, 0x73, 0x7f, 0x64, 0xc1, 0x15, 0x0e, 0xc2,
7306 0xdf, 0xa7, 0x5f, 0xeb, 0x41, 0xa1, 0xcd, 0xef,
7307 0x5c, 0x50, 0x79, 0x2a, 0x56, 0x56, 0x71, 0x8c,
7308 0xac, 0xc0, 0x79, 0x50, 0x69, 0xca, 0x59, 0x32,
7309 0x65, 0xf2, 0x54, 0xe4, 0x52, 0x38, 0x76, 0xd1,
7310 0x5e, 0xde, 0x26, 0x9e, 0xfb, 0x75, 0x2e, 0x11,
7311 0xb5, 0x10, 0xf4, 0x17, 0x73, 0xf5, 0x89, 0xc7,
7312 0x4f, 0x43, 0x5c, 0x8e, 0x7c, 0xb9, 0x05, 0x52,
7313 0x24, 0x40, 0x99, 0xfe, 0x9b, 0x85, 0x0b, 0x6c,
7314 0x22, 0x3e, 0x8b, 0xae, 0x86, 0xa1, 0xd2, 0x79,
7315 0x05, 0x68, 0x6b, 0xab, 0xe3, 0x41, 0x49, 0xed,
7316 0x15, 0xa1, 0x8d, 0x40, 0x2d, 0x61, 0xdf, 0x1a,
7317 0x59, 0xc9, 0x26, 0x8b, 0xef, 0x30, 0x4c, 0x88,
7318 0x4b, 0x10, 0xf8, 0x8d, 0xa6, 0x92, 0x9f, 0x4b,
7319 0xf3, 0xc4, 0x53, 0x0b, 0x89, 0x5d, 0x28, 0x92,
7320 0xcf, 0x78, 0xb2, 0xc0, 0x5d, 0xed, 0x7e, 0xfc,
7321 0xc0, 0x12, 0x23, 0x5f, 0x5a, 0x78, 0x86, 0x43,
7322 0x6e, 0x27, 0xf7, 0x5a, 0xa7, 0x6a, 0xed, 0x19,
7323 0x04, 0xf0, 0xb3, 0x12, 0xd1, 0xbd, 0x0e, 0x89,
7324 0x6e, 0xbc, 0x96, 0xa8, 0xd8, 0x49, 0x39, 0x9f,
7325 0x7e, 0x67, 0xf0, 0x2e, 0x3e, 0x01, 0xa9, 0xba,
7326 0xec, 0x8b, 0x62, 0x8e, 0xcb, 0x4a, 0x70, 0x43,
7327 0xc7, 0xc2, 0xc4, 0xca, 0x82, 0x03, 0x73, 0xe9,
7328 0x11, 0xdf, 0xcf, 0x54, 0xea, 0xc9, 0xb0, 0x95,
7329 0x51, 0xc0, 0x13, 0x3d, 0x92, 0x05, 0xfa, 0xf4,
7330 0xa9, 0x34, 0xc8, 0xce, 0x6c, 0x3d, 0x54, 0xcc,
7331 0xc4, 0xaf, 0xf1, 0xdc, 0x11, 0x44, 0x26, 0xa2,
7332 0xaf, 0xf1, 0x85, 0x75, 0x7d, 0x03, 0x61, 0x68,
7333 0x4e, 0x78, 0xc6, 0x92, 0x7d, 0x86, 0x7d, 0x77,
7334 0xdc, 0x71, 0x72, 0xdb, 0xc6, 0xae, 0xa1, 0xcb,
7335 0x70, 0x9a, 0x0b, 0x19, 0xbe, 0x4a, 0x6c, 0x2a,
7336 0xe2, 0xba, 0x6c, 0x64, 0x9a, 0x13, 0x28, 0xdf,
7337 0x85, 0x75, 0xe6, 0x43, 0xf6, 0x87, 0x08, 0x68,
7338 0x6e, 0xba, 0x6e, 0x79, 0x9f, 0x04, 0xbc, 0x23,
7339 0x50, 0xf6, 0x33, 0x5c, 0x1f, 0x24, 0x25, 0xbe,
7340 0x33, 0x47, 0x80, 0x45, 0x56, 0xa3, 0xa7, 0xd7,
7341 0x7a, 0xb1, 0x34, 0x0b, 0x90, 0x3c, 0x9c, 0xad,
7342 0x44, 0x5f, 0x9e, 0x0e, 0x9d, 0xd4, 0xbd, 0x93,
7343 0x5e, 0xfa, 0x3c, 0xe0, 0xb0, 0xd9, 0xed, 0xf3,
7344 0xd6, 0x2e, 0xff, 0x24, 0xd8, 0x71, 0x6c, 0xed,
7345 0xaf, 0x55, 0xeb, 0x22, 0xac, 0x93, 0x68, 0x32,
7346 0x05, 0x5b, 0x47, 0xdd, 0xc6, 0x4a, 0xcb, 0xc7,
7347 0x10, 0xe1, 0x3c, 0x92, 0x1a, 0xf3, 0x23, 0x78,
7348 0x2b, 0xa1, 0xd2, 0x80, 0xf4, 0x12, 0xb1, 0x20,
7349 0x8f, 0xff, 0x26, 0x35, 0xdd, 0xfb, 0xc7, 0x4e,
7350 0x78, 0xf1, 0x2d, 0x50, 0x12, 0x77, 0xa8, 0x60,
7351 0x7c, 0x0f, 0xf5, 0x16, 0x2f, 0x63, 0x70, 0x2a,
7352 0xc0, 0x96, 0x80, 0x4e, 0x0a, 0xb4, 0x93, 0x35,
7353 0x5d, 0x1d, 0x3f, 0x56, 0xf7, 0x2f, 0xbb, 0x90,
7354 0x11, 0x16, 0x8f, 0xa2, 0xec, 0x47, 0xbe, 0xac,
7355 0x56, 0x01, 0x26, 0x56, 0xb1, 0x8c, 0xb2, 0x10,
7356 0xf9, 0x1a, 0xca, 0xf5, 0xd1, 0xb7, 0x39, 0x20,
7357 0x63, 0xf1, 0x69, 0x20, 0x4f, 0x13, 0x12, 0x1f,
7358 0x5b, 0x65, 0xfc, 0x98, 0xf7, 0xc4, 0x7a, 0xbe,
7359 0xf7, 0x26, 0x4d, 0x2b, 0x84, 0x7b, 0x42, 0xad,
7360 0xd8, 0x7a, 0x0a, 0xb4, 0xd8, 0x74, 0xbf, 0xc1,
7361 0xf0, 0x6e, 0xb4, 0x29, 0xa3, 0xbb, 0xca, 0x46,
7362 0x67, 0x70, 0x6a, 0x2d, 0xce, 0x0e, 0xa2, 0x8a,
7363 0xa9, 0x87, 0xbf, 0x05, 0xc4, 0xc1, 0x04, 0xa3,
7364 0xab, 0xd4, 0x45, 0x43, 0x8c, 0xb6, 0x02, 0xb0,
7365 0x41, 0xc8, 0xfc, 0x44, 0x3d, 0x59, 0xaa, 0x2e,
7366 0x44, 0x21, 0x2a, 0x8d, 0x88, 0x9d, 0x57, 0xf4,
7367 0xa0, 0x02, 0x77, 0xb8, 0xa6, 0xa0, 0xe6, 0x75,
7368 0x5c, 0x82, 0x65, 0x3e, 0x03, 0x5c, 0x29, 0x8f,
7369 0x38, 0x55, 0xab, 0x33, 0x26, 0xef, 0x9f, 0x43,
7370 0x52, 0xfd, 0x68, 0xaf, 0x36, 0xb4, 0xbb, 0x9a,
7371 0x58, 0x09, 0x09, 0x1b, 0xc3, 0x65, 0x46, 0x46,
7372 0x1d, 0xa7, 0x94, 0x18, 0x23, 0x50, 0x2c, 0xca,
7373 0x2c, 0x55, 0x19, 0x97, 0x01, 0x9d, 0x93, 0x3b,
7374 0x63, 0x86, 0xf2, 0x03, 0x67, 0x45, 0xd2, 0x72,
7375 0x28, 0x52, 0x6c, 0xf4, 0xe3, 0x1c, 0xb5, 0x11,
7376 0x13, 0xf1, 0xeb, 0x21, 0xc7, 0xd9, 0x56, 0x82,
7377 0x2b, 0x82, 0x39, 0xbd, 0x69, 0x54, 0xed, 0x62,
7378 0xc3, 0xe2, 0xde, 0x73, 0xd4, 0x6a, 0x12, 0xae,
7379 0x13, 0x21, 0x7f, 0x4b, 0x5b, 0xfc, 0xbf, 0xe8,
7380 0x2b, 0xbe, 0x56, 0xba, 0x68, 0x8b, 0x9a, 0xb1,
7381 0x6e, 0xfa, 0xbf, 0x7e, 0x5a, 0x4b, 0xf1, 0xac,
7382 0x98, 0x65, 0x85, 0xd1, 0x93, 0x53, 0xd3, 0x7b,
7383 0x09, 0xdd, 0x4b, 0x10, 0x6d, 0x84, 0xb0, 0x13,
7384 0x65, 0xbd, 0xcf, 0x52, 0x09, 0xc4, 0x85, 0xe2,
7385 0x84, 0x74, 0x15, 0x65, 0xb7, 0xf7, 0x51, 0xaf,
7386 0x55, 0xad, 0xa4, 0xd1, 0x22, 0x54, 0x70, 0x94,
7387 0xa0, 0x1c, 0x90, 0x41, 0xfd, 0x99, 0xd7, 0x5a,
7388 0x31, 0xef, 0xaa, 0x25, 0xd0, 0x7f, 0x4f, 0xea,
7389 0x1d, 0x55, 0x42, 0xe5, 0x49, 0xb0, 0xd0, 0x46,
7390 0x62, 0x36, 0x43, 0xb2, 0x82, 0x15, 0x75, 0x50,
7391 0xa4, 0x72, 0xeb, 0x54, 0x27, 0x1f, 0x8a, 0xe4,
7392 0x7d, 0xe9, 0x66, 0xc5, 0xf1, 0x53, 0xa4, 0xd1,
7393 0x0c, 0xeb, 0xb8, 0xf8, 0xbc, 0xd4, 0xe2, 0xe7,
7394 0xe1, 0xf8, 0x4b, 0xcb, 0xa9, 0xa1, 0xaf, 0x15,
7395 0x83, 0xcb, 0x72, 0xd0, 0x33, 0x79, 0x00, 0x2d,
7396 0x9f, 0xd7, 0xf1, 0x2e, 0x1e, 0x10, 0xe4, 0x45,
7397 0xc0, 0x75, 0x3a, 0x39, 0xea, 0x68, 0xf7, 0x5d,
7398 0x1b, 0x73, 0x8f, 0xe9, 0x8e, 0x0f, 0x72, 0x47,
7399 0xae, 0x35, 0x0a, 0x31, 0x7a, 0x14, 0x4d, 0x4a,
7400 0x6f, 0x47, 0xf7, 0x7e, 0x91, 0x6e, 0x74, 0x8b,
7401 0x26, 0x47, 0xf9, 0xc3, 0xf9, 0xde, 0x70, 0xf5,
7402 0x61, 0xab, 0xa9, 0x27, 0x9f, 0x82, 0xe4, 0x9c,
7403 0x89, 0x91, 0x3f, 0x2e, 0x6a, 0xfd, 0xb5, 0x49,
7404 0xe9, 0xfd, 0x59, 0x14, 0x36, 0x49, 0x40, 0x6d,
7405 0x32, 0xd8, 0x85, 0x42, 0xf3, 0xa5, 0xdf, 0x0c,
7406 0xa8, 0x27, 0xd7, 0x54, 0xe2, 0x63, 0x2f, 0xf2,
7407 0x7e, 0x8b, 0x8b, 0xe7, 0xf1, 0x9a, 0x95, 0x35,
7408 0x43, 0xdc, 0x3a, 0xe4, 0xb6, 0xf4, 0xd0, 0xdf,
7409 0x9c, 0xcb, 0x94, 0xf3, 0x21, 0xa0, 0x77, 0x50,
7410 0xe2, 0xc6, 0xc4, 0xc6, 0x5f, 0x09, 0x64, 0x5b,
7411 0x92, 0x90, 0xd8, 0xe1, 0xd1, 0xed, 0x4b, 0x42,
7412 0xd7, 0x37, 0xaf, 0x65, 0x3d, 0x11, 0x39, 0xb6,
7413 0x24, 0x8a, 0x60, 0xae, 0xd6, 0x1e, 0xbf, 0x0e,
7414 0x0d, 0xd7, 0xdc, 0x96, 0x0e, 0x65, 0x75, 0x4e,
7415 0x29, 0x06, 0x9d, 0xa4, 0x51, 0x3a, 0x10, 0x63,
7416 0x8f, 0x17, 0x07, 0xd5, 0x8e, 0x3c, 0xf4, 0x28,
7417 0x00, 0x5a, 0x5b, 0x05, 0x19, 0xd8, 0xc0, 0x6c,
7418 0xe5, 0x15, 0xe4, 0x9c, 0x9d, 0x71, 0x9d, 0x5e,
7419 0x94, 0x29, 0x1a, 0xa7, 0x80, 0xfa, 0x0e, 0x33,
7420 0x03, 0xdd, 0xb7, 0x3e, 0x9a, 0xa9, 0x26, 0x18,
7421 0x37, 0xa9, 0x64, 0x08, 0x4d, 0x94, 0x5a, 0x88,
7422 0xca, 0x35, 0xce, 0x81, 0x02, 0xe3, 0x1f, 0x1b,
7423 0x89, 0x1a, 0x77, 0x85, 0xe3, 0x41, 0x6d, 0x32,
7424 0x42, 0x19, 0x23, 0x7d, 0xc8, 0x73, 0xee, 0x25,
7425 0x85, 0x0d, 0xf8, 0x31, 0x25, 0x79, 0x1b, 0x6f,
7426 0x79, 0x25, 0xd2, 0xd8, 0xd4, 0x23, 0xfd, 0xf7,
7427 0x82, 0x36, 0x6a, 0x0c, 0x46, 0x22, 0x15, 0xe9,
7428 0xff, 0x72, 0x41, 0x91, 0x91, 0x7d, 0x3a, 0xb7,
7429 0xdd, 0x65, 0x99, 0x70, 0xf6, 0x8d, 0x84, 0xf8,
7430 0x67, 0x15, 0x20, 0x11, 0xd6, 0xb2, 0x55, 0x7b,
7431 0xdb, 0x87, 0xee, 0xef, 0x55, 0x89, 0x2a, 0x59,
7432 0x2b, 0x07, 0x8f, 0x43, 0x8a, 0x59, 0x3c, 0x01,
7433 0x8b, 0x65, 0x54, 0xa1, 0x66, 0xd5, 0x38, 0xbd,
7434 0xc6, 0x30, 0xa9, 0xcc, 0x49, 0xb6, 0xa8, 0x1b,
7435 0xb8, 0xc0, 0x0e, 0xe3, 0x45, 0x28, 0xe2, 0xff,
7436 0x41, 0x9f, 0x7e, 0x7c, 0xd1, 0xae, 0x9e, 0x25,
7437 0x3f, 0x4c, 0x7c, 0x7c, 0xf4, 0xa8, 0x26, 0x4d,
7438 0x5c, 0xfd, 0x4b, 0x27, 0x18, 0xf9, 0x61, 0x76,
7439 0x48, 0xba, 0x0c, 0x6b, 0xa9, 0x4d, 0xfc, 0xf5,
7440 0x3b, 0x35, 0x7e, 0x2f, 0x4a, 0xa9, 0xc2, 0x9a,
7441 0xae, 0xab, 0x86, 0x09, 0x89, 0xc9, 0xc2, 0x40,
7442 0x39, 0x2c, 0x81, 0xb3, 0xb8, 0x17, 0x67, 0xc2,
7443 0x0d, 0x32, 0x4a, 0x3a, 0x67, 0x81, 0xd7, 0x1a,
7444 0x34, 0x52, 0xc5, 0xdb, 0x0a, 0xf5, 0x63, 0x39,
7445 0xea, 0x1f, 0xe1, 0x7c, 0xa1, 0x9e, 0xc1, 0x35,
7446 0xe3, 0xb1, 0x18, 0x45, 0x67, 0xf9, 0x22, 0x38,
7447 0x95, 0xd9, 0x34, 0x34, 0x86, 0xc6, 0x41, 0x94,
7448 0x15, 0xf9, 0x5b, 0x41, 0xa6, 0x87, 0x8b, 0xf8,
7449 0xd5, 0xe1, 0x1b, 0xe2, 0x5b, 0xf3, 0x86, 0x10,
7450 0xff, 0xe6, 0xae, 0x69, 0x76, 0xbc, 0x0d, 0xb4,
7451 0x09, 0x90, 0x0c, 0xa2, 0x65, 0x0c, 0xad, 0x74,
7452 0xf5, 0xd7, 0xff, 0xda, 0xc1, 0xce, 0x85, 0xbe,
7453 0x00, 0xa7, 0xff, 0x4d, 0x2f, 0x65, 0xd3, 0x8c,
7454 0x86, 0x2d, 0x05, 0xe8, 0xed, 0x3e, 0x6b, 0x8b,
7455 0x0f, 0x3d, 0x83, 0x8c, 0xf1, 0x1d, 0x5b, 0x96,
7456 0x2e, 0xb1, 0x9c, 0xc2, 0x98, 0xe1, 0x70, 0xb9,
7457 0xba, 0x5c, 0x8a, 0x43, 0xd6, 0x34, 0xa7, 0x2d,
7458 0xc9, 0x92, 0xae, 0xf2, 0xa5, 0x7b, 0x05, 0x49,
7459 0xa7, 0x33, 0x34, 0x86, 0xca, 0xe4, 0x96, 0x23,
7460 0x76, 0x5b, 0xf2, 0xc6, 0xf1, 0x51, 0x28, 0x42,
7461 0x7b, 0xcc, 0x76, 0x8f, 0xfa, 0xa2, 0xad, 0x31,
7462 0xd4, 0xd6, 0x7a, 0x6d, 0x25, 0x25, 0x54, 0xe4,
7463 0x3f, 0x50, 0x59, 0xe1, 0x5c, 0x05, 0xb7, 0x27,
7464 0x48, 0xbf, 0x07, 0xec, 0x1b, 0x13, 0xbe, 0x2b,
7465 0xa1, 0x57, 0x2b, 0xd5, 0xab, 0xd7, 0xd0, 0x4c,
7466 0x1e, 0xcb, 0x71, 0x9b, 0xc5, 0x90, 0x85, 0xd3,
7467 0xde, 0x59, 0xec, 0x71, 0xeb, 0x89, 0xbb, 0xd0,
7468 0x09, 0x50, 0xe1, 0x16, 0x3f, 0xfd, 0x1c, 0x34,
7469 0xc3, 0x1c, 0xa1, 0x10, 0x77, 0x53, 0x98, 0xef,
7470 0xf2, 0xfd, 0xa5, 0x01, 0x59, 0xc2, 0x9b, 0x26,
7471 0xc7, 0x42, 0xd9, 0x49, 0xda, 0x58, 0x2b, 0x6e,
7472 0x9f, 0x53, 0x19, 0x76, 0x7e, 0xd9, 0xc9, 0x0e,
7473 0x68, 0xc8, 0x7f, 0x51, 0x22, 0x42, 0xef, 0x49,
7474 0xa4, 0x55, 0xb6, 0x36, 0xac, 0x09, 0xc7, 0x31,
7475 0x88, 0x15, 0x4b, 0x2e, 0x8f, 0x3a, 0x08, 0xf7,
7476 0xd8, 0xf7, 0xa8, 0xc5, 0xa9, 0x33, 0xa6, 0x45,
7477 0xe4, 0xc4, 0x94, 0x76, 0xf3, 0x0d, 0x8f, 0x7e,
7478 0xc8, 0xf6, 0xbc, 0x23, 0x0a, 0xb6, 0x4c, 0xd3,
7479 0x6a, 0xcd, 0x36, 0xc2, 0x90, 0x5c, 0x5c, 0x3c,
7480 0x65, 0x7b, 0xc2, 0xd6, 0xcc, 0xe6, 0x0d, 0x87,
7481 0x73, 0x2e, 0x71, 0x79, 0x16, 0x06, 0x63, 0x28,
7482 0x09, 0x15, 0xd8, 0x89, 0x38, 0x38, 0x3d, 0xb5,
7483 0x42, 0x1c, 0x08, 0x24, 0xf7, 0x2a, 0xd2, 0x9d,
7484 0xc8, 0xca, 0xef, 0xf9, 0x27, 0xd8, 0x07, 0x86,
7485 0xf7, 0x43, 0x0b, 0x55, 0x15, 0x3f, 0x9f, 0x83,
7486 0xef, 0xdc, 0x49, 0x9d, 0x2a, 0xc1, 0x54, 0x62,
7487 0xbd, 0x9b, 0x66, 0x55, 0x9f, 0xb7, 0x12, 0xf3,
7488 0x1b, 0x4d, 0x9d, 0x2a, 0x5c, 0xed, 0x87, 0x75,
7489 0x87, 0x26, 0xec, 0x61, 0x2c, 0xb4, 0x0f, 0x89,
7490 0xb0, 0xfb, 0x2e, 0x68, 0x5d, 0x15, 0xc7, 0x8d,
7491 0x2e, 0xc0, 0xd9, 0xec, 0xaf, 0x4f, 0xd2, 0x25,
7492 0x29, 0xe8, 0xd2, 0x26, 0x2b, 0x67, 0xe9, 0xfc,
7493 0x2b, 0xa8, 0x67, 0x96, 0x12, 0x1f, 0x5b, 0x96,
7494 0xc6, 0x14, 0x53, 0xaf, 0x44, 0xea, 0xd6, 0xe2,
7495 0x94, 0x98, 0xe4, 0x12, 0x93, 0x4c, 0x92, 0xe0,
7496 0x18, 0xa5, 0x8d, 0x2d, 0xe4, 0x71, 0x3c, 0x47,
7497 0x4c, 0xf7, 0xe6, 0x47, 0x9e, 0xc0, 0x68, 0xdf,
7498 0xd4, 0xf5, 0x5a, 0x74, 0xb1, 0x2b, 0x29, 0x03,
7499 0x19, 0x07, 0xaf, 0x90, 0x62, 0x5c, 0x68, 0x98,
7500 0x48, 0x16, 0x11, 0x02, 0x9d, 0xee, 0xb4, 0x9b,
7501 0xe5, 0x42, 0x7f, 0x08, 0xfd, 0x16, 0x32, 0x0b,
7502 0xd0, 0xb3, 0xfa, 0x2b, 0xb7, 0x99, 0xf9, 0x29,
7503 0xcd, 0x20, 0x45, 0x9f, 0xb3, 0x1a, 0x5d, 0xa2,
7504 0xaf, 0x4d, 0xe0, 0xbd, 0x42, 0x0d, 0xbc, 0x74,
7505 0x99, 0x9c, 0x8e, 0x53, 0x1a, 0xb4, 0x3e, 0xbd,
7506 0xa2, 0x9a, 0x2d, 0xf7, 0xf8, 0x39, 0x0f, 0x67,
7507 0x63, 0xfc, 0x6b, 0xc0, 0xaf, 0xb3, 0x4b, 0x4f,
7508 0x55, 0xc4, 0xcf, 0xa7, 0xc8, 0x04, 0x11, 0x3e,
7509 0x14, 0x32, 0xbb, 0x1b, 0x38, 0x77, 0xd6, 0x7f,
7510 0x54, 0x4c, 0xdf, 0x75, 0xf3, 0x07, 0x2d, 0x33,
7511 0x9b, 0xa8, 0x20, 0xe1, 0x7b, 0x12, 0xb5, 0xf3,
7512 0xef, 0x2f, 0xce, 0x72, 0xe5, 0x24, 0x60, 0xc1,
7513 0x30, 0xe2, 0xab, 0xa1, 0x8e, 0x11, 0x09, 0xa8,
7514 0x21, 0x33, 0x44, 0xfe, 0x7f, 0x35, 0x32, 0x93,
7515 0x39, 0xa7, 0xad, 0x8b, 0x79, 0x06, 0xb2, 0xcb,
7516 0x4e, 0xa9, 0x5f, 0xc7, 0xba, 0x74, 0x29, 0xec,
7517 0x93, 0xa0, 0x4e, 0x54, 0x93, 0xc0, 0xbc, 0x55,
7518 0x64, 0xf0, 0x48, 0xe5, 0x57, 0x99, 0xee, 0x75,
7519 0xd6, 0x79, 0x0f, 0x66, 0xb7, 0xc6, 0x57, 0x76,
7520 0xf7, 0xb7, 0xf3, 0x9c, 0xc5, 0x60, 0xe8, 0x7f,
7521 0x83, 0x76, 0xd6, 0x0e, 0xaa, 0xe6, 0x90, 0x39,
7522 0x1d, 0xa6, 0x32, 0x6a, 0x34, 0xe3, 0x55, 0xf8,
7523 0x58, 0xa0, 0x58, 0x7d, 0x33, 0xe0, 0x22, 0x39,
7524 0x44, 0x64, 0x87, 0x86, 0x5a, 0x2f, 0xa7, 0x7e,
7525 0x0f, 0x38, 0xea, 0xb0, 0x30, 0xcc, 0x61, 0xa5,
7526 0x6a, 0x32, 0xae, 0x1e, 0xf7, 0xe9, 0xd0, 0xa9,
7527 0x0c, 0x32, 0x4b, 0xb5, 0x49, 0x28, 0xab, 0x85,
7528 0x2f, 0x8e, 0x01, 0x36, 0x38, 0x52, 0xd0, 0xba,
7529 0xd6, 0x02, 0x78, 0xf8, 0x0e, 0x3e, 0x9c, 0x8b,
7530 0x6b, 0x45, 0x99, 0x3f, 0x5c, 0xfe, 0x58, 0xf1,
7531 0x5c, 0x94, 0x04, 0xe1, 0xf5, 0x18, 0x6d, 0x51,
7532 0xb2, 0x5d, 0x18, 0x20, 0xb6, 0xc2, 0x9a, 0x42,
7533 0x1d, 0xb3, 0xab, 0x3c, 0xb6, 0x3a, 0x13, 0x03,
7534 0xb2, 0x46, 0x82, 0x4f, 0xfc, 0x64, 0xbc, 0x4f,
7535 0xca, 0xfa, 0x9c, 0xc0, 0xd5, 0xa7, 0xbd, 0x11,
7536 0xb7, 0xe4, 0x5a, 0xf6, 0x6f, 0x4d, 0x4d, 0x54,
7537 0xea, 0xa4, 0x98, 0x66, 0xd4, 0x22, 0x3b, 0xd3,
7538 0x8f, 0x34, 0x47, 0xd9, 0x7c, 0xf4, 0x72, 0x3b,
7539 0x4d, 0x02, 0x77, 0xf6, 0xd6, 0xdd, 0x08, 0x0a,
7540 0x81, 0xe1, 0x86, 0x89, 0x3e, 0x56, 0x10, 0x3c,
7541 0xba, 0xd7, 0x81, 0x8c, 0x08, 0xbc, 0x8b, 0xe2,
7542 0x53, 0xec, 0xa7, 0x89, 0xee, 0xc8, 0x56, 0xb5,
7543 0x36, 0x2c, 0xb2, 0x03, 0xba, 0x99, 0xdd, 0x7c,
7544 0x48, 0xa0, 0xb0, 0xbc, 0x91, 0x33, 0xe9, 0xa8,
7545 0xcb, 0xcd, 0xcf, 0x59, 0x5f, 0x1f, 0x15, 0xe2,
7546 0x56, 0xf5, 0x4e, 0x01, 0x35, 0x27, 0x45, 0x77,
7547 0x47, 0xc8, 0xbc, 0xcb, 0x7e, 0x39, 0xc1, 0x97,
7548 0x28, 0xd3, 0x84, 0xfc, 0x2c, 0x3e, 0xc8, 0xad,
7549 0x9c, 0xf8, 0x8a, 0x61, 0x9c, 0x28, 0xaa, 0xc5,
7550 0x99, 0x20, 0x43, 0x85, 0x9d, 0xa5, 0xe2, 0x8b,
7551 0xb8, 0xae, 0xeb, 0xd0, 0x32, 0x0d, 0x52, 0x78,
7552 0x09, 0x56, 0x3f, 0xc7, 0xd8, 0x7e, 0x26, 0xfc,
7553 0x37, 0xfb, 0x6f, 0x04, 0xfc, 0xfa, 0x92, 0x10,
7554 0xac, 0xf8, 0x3e, 0x21, 0xdc, 0x8c, 0x21, 0x16,
7555 0x7d, 0x67, 0x6e, 0xf6, 0xcd, 0xda, 0xb6, 0x98,
7556 0x23, 0xab, 0x23, 0x3c, 0xb2, 0x10, 0xa0, 0x53,
7557 0x5a, 0x56, 0x9f, 0xc5, 0xd0, 0xff, 0xbb, 0xe4,
7558 0x98, 0x3c, 0x69, 0x1e, 0xdb, 0x38, 0x8f, 0x7e,
7559 0x0f, 0xd2, 0x98, 0x88, 0x81, 0x8b, 0x45, 0x67,
7560 0xea, 0x33, 0xf1, 0xeb, 0xe9, 0x97, 0x55, 0x2e,
7561 0xd9, 0xaa, 0xeb, 0x5a, 0xec, 0xda, 0xe1, 0x68,
7562 0xa8, 0x9d, 0x3c, 0x84, 0x7c, 0x05, 0x3d, 0x62,
7563 0x87, 0x8f, 0x03, 0x21, 0x28, 0x95, 0x0c, 0x89,
7564 0x25, 0x22, 0x4a, 0xb0, 0x93, 0xa9, 0x50, 0xa2,
7565 0x2f, 0x57, 0x6e, 0x18, 0x42, 0x19, 0x54, 0x0c,
7566 0x55, 0x67, 0xc6, 0x11, 0x49, 0xf4, 0x5c, 0xd2,
7567 0xe9, 0x3d, 0xdd, 0x8b, 0x48, 0x71, 0x21, 0x00,
7568 0xc3, 0x9a, 0x6c, 0x85, 0x74, 0x28, 0x83, 0x4a,
7569 0x1b, 0x31, 0x05, 0xe1, 0x06, 0x92, 0xe7, 0xda,
7570 0x85, 0x73, 0x78, 0x45, 0x20, 0x7f, 0xae, 0x13,
7571 0x7c, 0x33, 0x06, 0x22, 0xf4, 0x83, 0xf9, 0x35,
7572 0x3f, 0x6c, 0x71, 0xa8, 0x4e, 0x48, 0xbe, 0x9b,
7573 0xce, 0x8a, 0xba, 0xda, 0xbe, 0x28, 0x08, 0xf7,
7574 0xe2, 0x14, 0x8c, 0x71, 0xea, 0x72, 0xf9, 0x33,
7575 0xf2, 0x88, 0x3f, 0xd7, 0xbb, 0x69, 0x6c, 0x29,
7576 0x19, 0xdc, 0x84, 0xce, 0x1f, 0x12, 0x4f, 0xc8,
7577 0xaf, 0xa5, 0x04, 0xba, 0x5a, 0xab, 0xb0, 0xd9,
7578 0x14, 0x1f, 0x6c, 0x68, 0x98, 0x39, 0x89, 0x7a,
7579 0xd9, 0xd8, 0x2f, 0xdf, 0xa8, 0x47, 0x4a, 0x25,
7580 0xe2, 0xfb, 0x33, 0xf4, 0x59, 0x78, 0xe1, 0x68,
7581 0x85, 0xcf, 0xfe, 0x59, 0x20, 0xd4, 0x05, 0x1d,
7582 0x80, 0x99, 0xae, 0xbc, 0xca, 0xae, 0x0f, 0x2f,
7583 0x65, 0x43, 0x34, 0x8e, 0x7e, 0xac, 0xd3, 0x93,
7584 0x2f, 0xac, 0x6d, 0x14, 0x3d, 0x02, 0x07, 0x70,
7585 0x9d, 0xa4, 0xf3, 0x1b, 0x5c, 0x36, 0xfc, 0x01,
7586 0x73, 0x34, 0x85, 0x0c, 0x6c, 0xd6, 0xf1, 0xbd,
7587 0x3f, 0xdf, 0xee, 0xf5, 0xd9, 0xba, 0x56, 0xef,
7588 0xf4, 0x9b, 0x6b, 0xee, 0x9f, 0x5a, 0x78, 0x6d,
7589 0x32, 0x19, 0xf4, 0xf7, 0xf8, 0x4c, 0x69, 0x0b,
7590 0x4b, 0xbc, 0xbb, 0xb7, 0xf2, 0x85, 0xaf, 0x70,
7591 0x75, 0x24, 0x6c, 0x54, 0xa7, 0x0e, 0x4d, 0x1d,
7592 0x01, 0xbf, 0x08, 0xac, 0xcf, 0x7f, 0x2c, 0xe3,
7593 0x14, 0x89, 0x5e, 0x70, 0x5a, 0x99, 0x92, 0xcd,
7594 0x01, 0x84, 0xc8, 0xd2, 0xab, 0xe5, 0x4f, 0x58,
7595 0xe7, 0x0f, 0x2f, 0x0e, 0xff, 0x68, 0xea, 0xfd,
7596 0x15, 0xb3, 0x17, 0xe6, 0xb0, 0xe7, 0x85, 0xd8,
7597 0x23, 0x2e, 0x05, 0xc7, 0xc9, 0xc4, 0x46, 0x1f,
7598 0xe1, 0x9e, 0x49, 0x20, 0x23, 0x24, 0x4d, 0x7e,
7599 0x29, 0x65, 0xff, 0xf4, 0xb6, 0xfd, 0x1a, 0x85,
7600 0xc4, 0x16, 0xec, 0xfc, 0xea, 0x7b, 0xd6, 0x2c,
7601 0x43, 0xf8, 0xb7, 0xbf, 0x79, 0xc0, 0x85, 0xcd,
7602 0xef, 0xe1, 0x98, 0xd3, 0xa5, 0xf7, 0x90, 0x8c,
7603 0xe9, 0x7f, 0x80, 0x6b, 0xd2, 0xac, 0x4c, 0x30,
7604 0xa7, 0xc6, 0x61, 0x6c, 0xd2, 0xf9, 0x2c, 0xff,
7605 0x30, 0xbc, 0x22, 0x81, 0x7d, 0x93, 0x12, 0xe4,
7606 0x0a, 0xcd, 0xaf, 0xdd, 0xe8, 0xab, 0x0a, 0x1e,
7607 0x13, 0xa4, 0x27, 0xc3, 0x5f, 0xf7, 0x4b, 0xbb,
7608 0x37, 0x09, 0x4b, 0x91, 0x6f, 0x92, 0x4f, 0xaf,
7609 0x52, 0xee, 0xdf, 0xef, 0x09, 0x6f, 0xf7, 0x5c,
7610 0x6e, 0x12, 0x17, 0x72, 0x63, 0x57, 0xc7, 0xba,
7611 0x3b, 0x6b, 0x38, 0x32, 0x73, 0x1b, 0x9c, 0x80,
7612 0xc1, 0x7a, 0xc6, 0xcf, 0xcd, 0x35, 0xc0, 0x6b,
7613 0x31, 0x1a, 0x6b, 0xe9, 0xd8, 0x2c, 0x29, 0x3f,
7614 0x96, 0xfb, 0xb6, 0xcd, 0x13, 0x91, 0x3b, 0xc2,
7615 0xd2, 0xa3, 0x31, 0x8d, 0xa4, 0xcd, 0x57, 0xcd,
7616 0x13, 0x3d, 0x64, 0xfd, 0x06, 0xce, 0xe6, 0xdc,
7617 0x0c, 0x24, 0x43, 0x31, 0x40, 0x57, 0xf1, 0x72,
7618 0x17, 0xe3, 0x3a, 0x63, 0x6d, 0x35, 0xcf, 0x5d,
7619 0x97, 0x40, 0x59, 0xdd, 0xf7, 0x3c, 0x02, 0xf7,
7620 0x1c, 0x7e, 0x05, 0xbb, 0xa9, 0x0d, 0x01, 0xb1,
7621 0x8e, 0xc0, 0x30, 0xa9, 0x53, 0x24, 0xc9, 0x89,
7622 0x84, 0x6d, 0xaa, 0xd0, 0xcd, 0x91, 0xc2, 0x4d,
7623 0x91, 0xb0, 0x89, 0xe2, 0xbf, 0x83, 0x44, 0xaa,
7624 0x28, 0x72, 0x23, 0xa0, 0xc2, 0xad, 0xad, 0x1c,
7625 0xfc, 0x3f, 0x09, 0x7a, 0x0b, 0xdc, 0xc5, 0x1b,
7626 0x87, 0x13, 0xc6, 0x5b, 0x59, 0x8d, 0xf2, 0xc8,
7627 0xaf, 0xdf, 0x11, 0x95,
7628 },
7629 .rlen = 4100,
7630 },
7631};
7632
4320/* 7633/*
4321 * Compression stuff. 7634 * Compression stuff.
4322 */ 7635 */
@@ -4408,6 +7721,88 @@ static struct comp_testvec deflate_decomp_tv_template[] = {
4408}; 7721};
4409 7722
4410/* 7723/*
7724 * LZO test vectors (null-terminated strings).
7725 */
7726#define LZO_COMP_TEST_VECTORS 2
7727#define LZO_DECOMP_TEST_VECTORS 2
7728
7729static struct comp_testvec lzo_comp_tv_template[] = {
7730 {
7731 .inlen = 70,
7732 .outlen = 46,
7733 .input = "Join us now and share the software "
7734 "Join us now and share the software ",
7735 .output = { 0x00, 0x0d, 0x4a, 0x6f, 0x69, 0x6e, 0x20, 0x75,
7736 0x73, 0x20, 0x6e, 0x6f, 0x77, 0x20, 0x61, 0x6e,
7737 0x64, 0x20, 0x73, 0x68, 0x61, 0x72, 0x65, 0x20,
7738 0x74, 0x68, 0x65, 0x20, 0x73, 0x6f, 0x66, 0x74,
7739 0x77, 0x70, 0x01, 0x01, 0x4a, 0x6f, 0x69, 0x6e,
7740 0x3d, 0x88, 0x00, 0x11, 0x00, 0x00 },
7741 }, {
7742 .inlen = 159,
7743 .outlen = 133,
7744 .input = "This document describes a compression method based on the LZO "
7745 "compression algorithm. This document defines the application of "
7746 "the LZO algorithm used in UBIFS.",
7747 .output = { 0x00, 0x2b, 0x54, 0x68, 0x69, 0x73, 0x20, 0x64,
7748 0x6f, 0x63, 0x75, 0x6d, 0x65, 0x6e, 0x74, 0x20,
7749 0x64, 0x65, 0x73, 0x63, 0x72, 0x69, 0x62, 0x65,
7750 0x73, 0x20, 0x61, 0x20, 0x63, 0x6f, 0x6d, 0x70,
7751 0x72, 0x65, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x20,
7752 0x6d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x20, 0x62,
7753 0x61, 0x73, 0x65, 0x64, 0x20, 0x6f, 0x6e, 0x20,
7754 0x74, 0x68, 0x65, 0x20, 0x4c, 0x5a, 0x4f, 0x2b,
7755 0x8c, 0x00, 0x0d, 0x61, 0x6c, 0x67, 0x6f, 0x72,
7756 0x69, 0x74, 0x68, 0x6d, 0x2e, 0x20, 0x20, 0x54,
7757 0x68, 0x69, 0x73, 0x2a, 0x54, 0x01, 0x02, 0x66,
7758 0x69, 0x6e, 0x65, 0x73, 0x94, 0x06, 0x05, 0x61,
7759 0x70, 0x70, 0x6c, 0x69, 0x63, 0x61, 0x74, 0x76,
7760 0x0a, 0x6f, 0x66, 0x88, 0x02, 0x60, 0x09, 0x27,
7761 0xf0, 0x00, 0x0c, 0x20, 0x75, 0x73, 0x65, 0x64,
7762 0x20, 0x69, 0x6e, 0x20, 0x55, 0x42, 0x49, 0x46,
7763 0x53, 0x2e, 0x11, 0x00, 0x00 },
7764 },
7765};
7766
7767static struct comp_testvec lzo_decomp_tv_template[] = {
7768 {
7769 .inlen = 133,
7770 .outlen = 159,
7771 .input = { 0x00, 0x2b, 0x54, 0x68, 0x69, 0x73, 0x20, 0x64,
7772 0x6f, 0x63, 0x75, 0x6d, 0x65, 0x6e, 0x74, 0x20,
7773 0x64, 0x65, 0x73, 0x63, 0x72, 0x69, 0x62, 0x65,
7774 0x73, 0x20, 0x61, 0x20, 0x63, 0x6f, 0x6d, 0x70,
7775 0x72, 0x65, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x20,
7776 0x6d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x20, 0x62,
7777 0x61, 0x73, 0x65, 0x64, 0x20, 0x6f, 0x6e, 0x20,
7778 0x74, 0x68, 0x65, 0x20, 0x4c, 0x5a, 0x4f, 0x2b,
7779 0x8c, 0x00, 0x0d, 0x61, 0x6c, 0x67, 0x6f, 0x72,
7780 0x69, 0x74, 0x68, 0x6d, 0x2e, 0x20, 0x20, 0x54,
7781 0x68, 0x69, 0x73, 0x2a, 0x54, 0x01, 0x02, 0x66,
7782 0x69, 0x6e, 0x65, 0x73, 0x94, 0x06, 0x05, 0x61,
7783 0x70, 0x70, 0x6c, 0x69, 0x63, 0x61, 0x74, 0x76,
7784 0x0a, 0x6f, 0x66, 0x88, 0x02, 0x60, 0x09, 0x27,
7785 0xf0, 0x00, 0x0c, 0x20, 0x75, 0x73, 0x65, 0x64,
7786 0x20, 0x69, 0x6e, 0x20, 0x55, 0x42, 0x49, 0x46,
7787 0x53, 0x2e, 0x11, 0x00, 0x00 },
7788 .output = "This document describes a compression method based on the LZO "
7789 "compression algorithm. This document defines the application of "
7790 "the LZO algorithm used in UBIFS.",
7791 }, {
7792 .inlen = 46,
7793 .outlen = 70,
7794 .input = { 0x00, 0x0d, 0x4a, 0x6f, 0x69, 0x6e, 0x20, 0x75,
7795 0x73, 0x20, 0x6e, 0x6f, 0x77, 0x20, 0x61, 0x6e,
7796 0x64, 0x20, 0x73, 0x68, 0x61, 0x72, 0x65, 0x20,
7797 0x74, 0x68, 0x65, 0x20, 0x73, 0x6f, 0x66, 0x74,
7798 0x77, 0x70, 0x01, 0x01, 0x4a, 0x6f, 0x69, 0x6e,
7799 0x3d, 0x88, 0x00, 0x11, 0x00, 0x00 },
7800 .output = "Join us now and share the software "
7801 "Join us now and share the software ",
7802 },
7803};
7804
7805/*
4411 * Michael MIC test vectors from IEEE 802.11i 7806 * Michael MIC test vectors from IEEE 802.11i
4412 */ 7807 */
4413#define MICHAEL_MIC_TEST_VECTORS 6 7808#define MICHAEL_MIC_TEST_VECTORS 6
@@ -4812,4 +8207,20 @@ static struct cipher_speed camellia_speed_template[] = {
4812 { .klen = 0, .blen = 0, } 8207 { .klen = 0, .blen = 0, }
4813}; 8208};
4814 8209
8210static struct cipher_speed salsa20_speed_template[] = {
8211 { .klen = 16, .blen = 16, },
8212 { .klen = 16, .blen = 64, },
8213 { .klen = 16, .blen = 256, },
8214 { .klen = 16, .blen = 1024, },
8215 { .klen = 16, .blen = 8192, },
8216 { .klen = 32, .blen = 16, },
8217 { .klen = 32, .blen = 64, },
8218 { .klen = 32, .blen = 256, },
8219 { .klen = 32, .blen = 1024, },
8220 { .klen = 32, .blen = 8192, },
8221
8222 /* End marker */
8223 { .klen = 0, .blen = 0, }
8224};
8225
4815#endif /* _CRYPTO_TCRYPT_H */ 8226#endif /* _CRYPTO_TCRYPT_H */
diff --git a/crypto/twofish_common.c b/crypto/twofish_common.c
index b4b9c0c3f4ae..0af216c75d7e 100644
--- a/crypto/twofish_common.c
+++ b/crypto/twofish_common.c
@@ -655,84 +655,48 @@ int twofish_setkey(struct crypto_tfm *tfm, const u8 *key, unsigned int key_len)
655 CALC_SB256_2( i, calc_sb_tbl[j], calc_sb_tbl[k] ); 655 CALC_SB256_2( i, calc_sb_tbl[j], calc_sb_tbl[k] );
656 } 656 }
657 657
658 /* Calculate whitening and round subkeys. The constants are 658 /* CALC_K256/CALC_K192/CALC_K loops were unrolled.
659 * indices of subkeys, preprocessed through q0 and q1. */ 659 * Unrolling produced x2.5 more code (+18k on i386),
660 CALC_K256 (w, 0, 0xA9, 0x75, 0x67, 0xF3); 660 * and speeded up key setup by 7%:
661 CALC_K256 (w, 2, 0xB3, 0xC6, 0xE8, 0xF4); 661 * unrolled: twofish_setkey/sec: 41128
662 CALC_K256 (w, 4, 0x04, 0xDB, 0xFD, 0x7B); 662 * loop: twofish_setkey/sec: 38148
663 CALC_K256 (w, 6, 0xA3, 0xFB, 0x76, 0xC8); 663 * CALC_K256: ~100 insns each
664 CALC_K256 (k, 0, 0x9A, 0x4A, 0x92, 0xD3); 664 * CALC_K192: ~90 insns
665 CALC_K256 (k, 2, 0x80, 0xE6, 0x78, 0x6B); 665 * CALC_K: ~70 insns
666 CALC_K256 (k, 4, 0xE4, 0x45, 0xDD, 0x7D); 666 */
667 CALC_K256 (k, 6, 0xD1, 0xE8, 0x38, 0x4B); 667 /* Calculate whitening and round subkeys */
668 CALC_K256 (k, 8, 0x0D, 0xD6, 0xC6, 0x32); 668 for ( i = 0; i < 8; i += 2 ) {
669 CALC_K256 (k, 10, 0x35, 0xD8, 0x98, 0xFD); 669 CALC_K256 (w, i, q0[i], q1[i], q0[i+1], q1[i+1]);
670 CALC_K256 (k, 12, 0x18, 0x37, 0xF7, 0x71); 670 }
671 CALC_K256 (k, 14, 0xEC, 0xF1, 0x6C, 0xE1); 671 for ( i = 0; i < 32; i += 2 ) {
672 CALC_K256 (k, 16, 0x43, 0x30, 0x75, 0x0F); 672 CALC_K256 (k, i, q0[i+8], q1[i+8], q0[i+9], q1[i+9]);
673 CALC_K256 (k, 18, 0x37, 0xF8, 0x26, 0x1B); 673 }
674 CALC_K256 (k, 20, 0xFA, 0x87, 0x13, 0xFA);
675 CALC_K256 (k, 22, 0x94, 0x06, 0x48, 0x3F);
676 CALC_K256 (k, 24, 0xF2, 0x5E, 0xD0, 0xBA);
677 CALC_K256 (k, 26, 0x8B, 0xAE, 0x30, 0x5B);
678 CALC_K256 (k, 28, 0x84, 0x8A, 0x54, 0x00);
679 CALC_K256 (k, 30, 0xDF, 0xBC, 0x23, 0x9D);
680 } else if (key_len == 24) { /* 192-bit key */ 674 } else if (key_len == 24) { /* 192-bit key */
681 /* Compute the S-boxes. */ 675 /* Compute the S-boxes. */
682 for ( i = j = 0, k = 1; i < 256; i++, j += 2, k += 2 ) { 676 for ( i = j = 0, k = 1; i < 256; i++, j += 2, k += 2 ) {
683 CALC_SB192_2( i, calc_sb_tbl[j], calc_sb_tbl[k] ); 677 CALC_SB192_2( i, calc_sb_tbl[j], calc_sb_tbl[k] );
684 } 678 }
685 679
686 /* Calculate whitening and round subkeys. The constants are 680 /* Calculate whitening and round subkeys */
687 * indices of subkeys, preprocessed through q0 and q1. */ 681 for ( i = 0; i < 8; i += 2 ) {
688 CALC_K192 (w, 0, 0xA9, 0x75, 0x67, 0xF3); 682 CALC_K192 (w, i, q0[i], q1[i], q0[i+1], q1[i+1]);
689 CALC_K192 (w, 2, 0xB3, 0xC6, 0xE8, 0xF4); 683 }
690 CALC_K192 (w, 4, 0x04, 0xDB, 0xFD, 0x7B); 684 for ( i = 0; i < 32; i += 2 ) {
691 CALC_K192 (w, 6, 0xA3, 0xFB, 0x76, 0xC8); 685 CALC_K192 (k, i, q0[i+8], q1[i+8], q0[i+9], q1[i+9]);
692 CALC_K192 (k, 0, 0x9A, 0x4A, 0x92, 0xD3); 686 }
693 CALC_K192 (k, 2, 0x80, 0xE6, 0x78, 0x6B);
694 CALC_K192 (k, 4, 0xE4, 0x45, 0xDD, 0x7D);
695 CALC_K192 (k, 6, 0xD1, 0xE8, 0x38, 0x4B);
696 CALC_K192 (k, 8, 0x0D, 0xD6, 0xC6, 0x32);
697 CALC_K192 (k, 10, 0x35, 0xD8, 0x98, 0xFD);
698 CALC_K192 (k, 12, 0x18, 0x37, 0xF7, 0x71);
699 CALC_K192 (k, 14, 0xEC, 0xF1, 0x6C, 0xE1);
700 CALC_K192 (k, 16, 0x43, 0x30, 0x75, 0x0F);
701 CALC_K192 (k, 18, 0x37, 0xF8, 0x26, 0x1B);
702 CALC_K192 (k, 20, 0xFA, 0x87, 0x13, 0xFA);
703 CALC_K192 (k, 22, 0x94, 0x06, 0x48, 0x3F);
704 CALC_K192 (k, 24, 0xF2, 0x5E, 0xD0, 0xBA);
705 CALC_K192 (k, 26, 0x8B, 0xAE, 0x30, 0x5B);
706 CALC_K192 (k, 28, 0x84, 0x8A, 0x54, 0x00);
707 CALC_K192 (k, 30, 0xDF, 0xBC, 0x23, 0x9D);
708 } else { /* 128-bit key */ 687 } else { /* 128-bit key */
709 /* Compute the S-boxes. */ 688 /* Compute the S-boxes. */
710 for ( i = j = 0, k = 1; i < 256; i++, j += 2, k += 2 ) { 689 for ( i = j = 0, k = 1; i < 256; i++, j += 2, k += 2 ) {
711 CALC_SB_2( i, calc_sb_tbl[j], calc_sb_tbl[k] ); 690 CALC_SB_2( i, calc_sb_tbl[j], calc_sb_tbl[k] );
712 } 691 }
713 692
714 /* Calculate whitening and round subkeys. The constants are 693 /* Calculate whitening and round subkeys */
715 * indices of subkeys, preprocessed through q0 and q1. */ 694 for ( i = 0; i < 8; i += 2 ) {
716 CALC_K (w, 0, 0xA9, 0x75, 0x67, 0xF3); 695 CALC_K (w, i, q0[i], q1[i], q0[i+1], q1[i+1]);
717 CALC_K (w, 2, 0xB3, 0xC6, 0xE8, 0xF4); 696 }
718 CALC_K (w, 4, 0x04, 0xDB, 0xFD, 0x7B); 697 for ( i = 0; i < 32; i += 2 ) {
719 CALC_K (w, 6, 0xA3, 0xFB, 0x76, 0xC8); 698 CALC_K (k, i, q0[i+8], q1[i+8], q0[i+9], q1[i+9]);
720 CALC_K (k, 0, 0x9A, 0x4A, 0x92, 0xD3); 699 }
721 CALC_K (k, 2, 0x80, 0xE6, 0x78, 0x6B);
722 CALC_K (k, 4, 0xE4, 0x45, 0xDD, 0x7D);
723 CALC_K (k, 6, 0xD1, 0xE8, 0x38, 0x4B);
724 CALC_K (k, 8, 0x0D, 0xD6, 0xC6, 0x32);
725 CALC_K (k, 10, 0x35, 0xD8, 0x98, 0xFD);
726 CALC_K (k, 12, 0x18, 0x37, 0xF7, 0x71);
727 CALC_K (k, 14, 0xEC, 0xF1, 0x6C, 0xE1);
728 CALC_K (k, 16, 0x43, 0x30, 0x75, 0x0F);
729 CALC_K (k, 18, 0x37, 0xF8, 0x26, 0x1B);
730 CALC_K (k, 20, 0xFA, 0x87, 0x13, 0xFA);
731 CALC_K (k, 22, 0x94, 0x06, 0x48, 0x3F);
732 CALC_K (k, 24, 0xF2, 0x5E, 0xD0, 0xBA);
733 CALC_K (k, 26, 0x8B, 0xAE, 0x30, 0x5B);
734 CALC_K (k, 28, 0x84, 0x8A, 0x54, 0x00);
735 CALC_K (k, 30, 0xDF, 0xBC, 0x23, 0x9D);
736 } 700 }
737 701
738 return 0; 702 return 0;
diff --git a/crypto/xcbc.c b/crypto/xcbc.c
index ac68f3b62fde..a82959df678c 100644
--- a/crypto/xcbc.c
+++ b/crypto/xcbc.c
@@ -19,6 +19,7 @@
19 * Kazunori Miyazawa <miyazawa@linux-ipv6.org> 19 * Kazunori Miyazawa <miyazawa@linux-ipv6.org>
20 */ 20 */
21 21
22#include <crypto/scatterwalk.h>
22#include <linux/crypto.h> 23#include <linux/crypto.h>
23#include <linux/err.h> 24#include <linux/err.h>
24#include <linux/hardirq.h> 25#include <linux/hardirq.h>
@@ -27,7 +28,6 @@
27#include <linux/rtnetlink.h> 28#include <linux/rtnetlink.h>
28#include <linux/slab.h> 29#include <linux/slab.h>
29#include <linux/scatterlist.h> 30#include <linux/scatterlist.h>
30#include "internal.h"
31 31
32static u_int32_t ks[12] = {0x01010101, 0x01010101, 0x01010101, 0x01010101, 32static u_int32_t ks[12] = {0x01010101, 0x01010101, 0x01010101, 0x01010101,
33 0x02020202, 0x02020202, 0x02020202, 0x02020202, 33 0x02020202, 0x02020202, 0x02020202, 0x02020202,
@@ -307,7 +307,8 @@ static struct crypto_instance *xcbc_alloc(struct rtattr **tb)
307 case 16: 307 case 16:
308 break; 308 break;
309 default: 309 default:
310 return ERR_PTR(PTR_ERR(alg)); 310 inst = ERR_PTR(-EINVAL);
311 goto out_put_alg;
311 } 312 }
312 313
313 inst = crypto_alloc_instance("xcbc", alg); 314 inst = crypto_alloc_instance("xcbc", alg);
@@ -320,10 +321,7 @@ static struct crypto_instance *xcbc_alloc(struct rtattr **tb)
320 inst->alg.cra_alignmask = alg->cra_alignmask; 321 inst->alg.cra_alignmask = alg->cra_alignmask;
321 inst->alg.cra_type = &crypto_hash_type; 322 inst->alg.cra_type = &crypto_hash_type;
322 323
323 inst->alg.cra_hash.digestsize = 324 inst->alg.cra_hash.digestsize = alg->cra_blocksize;
324 (alg->cra_flags & CRYPTO_ALG_TYPE_MASK) ==
325 CRYPTO_ALG_TYPE_HASH ? alg->cra_hash.digestsize :
326 alg->cra_blocksize;
327 inst->alg.cra_ctxsize = sizeof(struct crypto_xcbc_ctx) + 325 inst->alg.cra_ctxsize = sizeof(struct crypto_xcbc_ctx) +
328 ALIGN(inst->alg.cra_blocksize * 3, sizeof(void *)); 326 ALIGN(inst->alg.cra_blocksize * 3, sizeof(void *));
329 inst->alg.cra_init = xcbc_init_tfm; 327 inst->alg.cra_init = xcbc_init_tfm;
generated by cgit v1.2.2 (git 2.25.0) at 2024-11-12 08:24:05 -0500