aboutsummaryrefslogtreecommitdiffstats
path: root/crypto
diff options
context:
space:
mode:
authorTrond Myklebust <Trond.Myklebust@netapp.com>2006-12-07 16:35:17 -0500
committerTrond Myklebust <Trond.Myklebust@netapp.com>2006-12-07 16:35:17 -0500
commit21b4e736922f546e0f1aa7b9d6c442f309a2444a (patch)
treee1be8645297f8ebe87445251743ebcc52081a20d /crypto
parent34161db6b14d984fb9b06c735b7b42f8803f6851 (diff)
parent68380b581383c028830f79ec2670f4a193854aa6 (diff)
Merge branch 'master' of /home/trondmy/kernel/linux-2.6/ into merge_linus
Diffstat (limited to 'crypto')
-rw-r--r--crypto/Kconfig34
-rw-r--r--crypto/Makefile3
-rw-r--r--crypto/api.c15
-rw-r--r--crypto/digest.c48
-rw-r--r--crypto/gf128mul.c466
-rw-r--r--crypto/lrw.c301
-rw-r--r--crypto/tcrypt.c15
-rw-r--r--crypto/tcrypt.h602
-rw-r--r--crypto/xcbc.c348
9 files changed, 1765 insertions, 67 deletions
diff --git a/crypto/Kconfig b/crypto/Kconfig
index cbae8392ce11..92ba249f3a5b 100644
--- a/crypto/Kconfig
+++ b/crypto/Kconfig
@@ -39,6 +39,17 @@ config CRYPTO_HMAC
39 HMAC: Keyed-Hashing for Message Authentication (RFC2104). 39 HMAC: Keyed-Hashing for Message Authentication (RFC2104).
40 This is required for IPSec. 40 This is required for IPSec.
41 41
42config CRYPTO_XCBC
43 tristate "XCBC support"
44 depends on EXPERIMENTAL
45 select CRYPTO_HASH
46 select CRYPTO_MANAGER
47 help
48 XCBC: Keyed-Hashing with encryption algorithm
49 http://www.ietf.org/rfc/rfc3566.txt
50 http://csrc.nist.gov/encryption/modes/proposedmodes/
51 xcbc-mac/xcbc-mac-spec.pdf
52
42config CRYPTO_NULL 53config CRYPTO_NULL
43 tristate "Null algorithms" 54 tristate "Null algorithms"
44 select CRYPTO_ALGAPI 55 select CRYPTO_ALGAPI
@@ -128,6 +139,16 @@ config CRYPTO_TGR192
128 See also: 139 See also:
129 <http://www.cs.technion.ac.il/~biham/Reports/Tiger/>. 140 <http://www.cs.technion.ac.il/~biham/Reports/Tiger/>.
130 141
142config CRYPTO_GF128MUL
143 tristate "GF(2^128) multiplication functions (EXPERIMENTAL)"
144 depends on EXPERIMENTAL
145 help
146 Efficient table driven implementation of multiplications in the
147 field GF(2^128). This is needed by some cypher modes. This
148 option will be selected automatically if you select such a
149 cipher mode. Only select this option by hand if you expect to load
150 an external module that requires these functions.
151
131config CRYPTO_ECB 152config CRYPTO_ECB
132 tristate "ECB support" 153 tristate "ECB support"
133 select CRYPTO_BLKCIPHER 154 select CRYPTO_BLKCIPHER
@@ -147,6 +168,19 @@ config CRYPTO_CBC
147 CBC: Cipher Block Chaining mode 168 CBC: Cipher Block Chaining mode
148 This block cipher algorithm is required for IPSec. 169 This block cipher algorithm is required for IPSec.
149 170
171config CRYPTO_LRW
172 tristate "LRW support (EXPERIMENTAL)"
173 depends on EXPERIMENTAL
174 select CRYPTO_BLKCIPHER
175 select CRYPTO_MANAGER
176 select CRYPTO_GF128MUL
177 help
178 LRW: Liskov Rivest Wagner, a tweakable, non malleable, non movable
179 narrow block cipher mode for dm-crypt. Use it with cipher
180 specification string aes-lrw-benbi, the key must be 256, 320 or 384.
181 The first 128, 192 or 256 bits in the key are used for AES and the
182 rest is used to tie each cipher block to its logical position.
183
150config CRYPTO_DES 184config CRYPTO_DES
151 tristate "DES and Triple DES EDE cipher algorithms" 185 tristate "DES and Triple DES EDE cipher algorithms"
152 select CRYPTO_ALGAPI 186 select CRYPTO_ALGAPI
diff --git a/crypto/Makefile b/crypto/Makefile
index 72366208e291..60e3d24f61f5 100644
--- a/crypto/Makefile
+++ b/crypto/Makefile
@@ -15,6 +15,7 @@ obj-$(CONFIG_CRYPTO_HASH) += crypto_hash.o
15 15
16obj-$(CONFIG_CRYPTO_MANAGER) += cryptomgr.o 16obj-$(CONFIG_CRYPTO_MANAGER) += cryptomgr.o
17obj-$(CONFIG_CRYPTO_HMAC) += hmac.o 17obj-$(CONFIG_CRYPTO_HMAC) += hmac.o
18obj-$(CONFIG_CRYPTO_XCBC) += xcbc.o
18obj-$(CONFIG_CRYPTO_NULL) += crypto_null.o 19obj-$(CONFIG_CRYPTO_NULL) += crypto_null.o
19obj-$(CONFIG_CRYPTO_MD4) += md4.o 20obj-$(CONFIG_CRYPTO_MD4) += md4.o
20obj-$(CONFIG_CRYPTO_MD5) += md5.o 21obj-$(CONFIG_CRYPTO_MD5) += md5.o
@@ -23,8 +24,10 @@ obj-$(CONFIG_CRYPTO_SHA256) += sha256.o
23obj-$(CONFIG_CRYPTO_SHA512) += sha512.o 24obj-$(CONFIG_CRYPTO_SHA512) += sha512.o
24obj-$(CONFIG_CRYPTO_WP512) += wp512.o 25obj-$(CONFIG_CRYPTO_WP512) += wp512.o
25obj-$(CONFIG_CRYPTO_TGR192) += tgr192.o 26obj-$(CONFIG_CRYPTO_TGR192) += tgr192.o
27obj-$(CONFIG_CRYPTO_GF128MUL) += gf128mul.o
26obj-$(CONFIG_CRYPTO_ECB) += ecb.o 28obj-$(CONFIG_CRYPTO_ECB) += ecb.o
27obj-$(CONFIG_CRYPTO_CBC) += cbc.o 29obj-$(CONFIG_CRYPTO_CBC) += cbc.o
30obj-$(CONFIG_CRYPTO_LRW) += lrw.o
28obj-$(CONFIG_CRYPTO_DES) += des.o 31obj-$(CONFIG_CRYPTO_DES) += des.o
29obj-$(CONFIG_CRYPTO_BLOWFISH) += blowfish.o 32obj-$(CONFIG_CRYPTO_BLOWFISH) += blowfish.o
30obj-$(CONFIG_CRYPTO_TWOFISH) += twofish.o 33obj-$(CONFIG_CRYPTO_TWOFISH) += twofish.o
diff --git a/crypto/api.c b/crypto/api.c
index 4fb7fa45cb0d..8c446871cd5b 100644
--- a/crypto/api.c
+++ b/crypto/api.c
@@ -466,23 +466,8 @@ void crypto_free_tfm(struct crypto_tfm *tfm)
466 kfree(tfm); 466 kfree(tfm);
467} 467}
468 468
469int crypto_alg_available(const char *name, u32 flags)
470{
471 int ret = 0;
472 struct crypto_alg *alg = crypto_alg_mod_lookup(name, 0,
473 CRYPTO_ALG_ASYNC);
474
475 if (!IS_ERR(alg)) {
476 crypto_mod_put(alg);
477 ret = 1;
478 }
479
480 return ret;
481}
482
483EXPORT_SYMBOL_GPL(crypto_alloc_tfm); 469EXPORT_SYMBOL_GPL(crypto_alloc_tfm);
484EXPORT_SYMBOL_GPL(crypto_free_tfm); 470EXPORT_SYMBOL_GPL(crypto_free_tfm);
485EXPORT_SYMBOL_GPL(crypto_alg_available);
486 471
487int crypto_has_alg(const char *name, u32 type, u32 mask) 472int crypto_has_alg(const char *name, u32 type, u32 mask)
488{ 473{
diff --git a/crypto/digest.c b/crypto/digest.c
index 0155a94e4b15..8f4593268ce0 100644
--- a/crypto/digest.c
+++ b/crypto/digest.c
@@ -21,54 +21,6 @@
21#include "internal.h" 21#include "internal.h"
22#include "scatterwalk.h" 22#include "scatterwalk.h"
23 23
24void crypto_digest_init(struct crypto_tfm *tfm)
25{
26 struct crypto_hash *hash = crypto_hash_cast(tfm);
27 struct hash_desc desc = { .tfm = hash, .flags = tfm->crt_flags };
28
29 crypto_hash_init(&desc);
30}
31EXPORT_SYMBOL_GPL(crypto_digest_init);
32
33void crypto_digest_update(struct crypto_tfm *tfm,
34 struct scatterlist *sg, unsigned int nsg)
35{
36 struct crypto_hash *hash = crypto_hash_cast(tfm);
37 struct hash_desc desc = { .tfm = hash, .flags = tfm->crt_flags };
38 unsigned int nbytes = 0;
39 unsigned int i;
40
41 for (i = 0; i < nsg; i++)
42 nbytes += sg[i].length;
43
44 crypto_hash_update(&desc, sg, nbytes);
45}
46EXPORT_SYMBOL_GPL(crypto_digest_update);
47
48void crypto_digest_final(struct crypto_tfm *tfm, u8 *out)
49{
50 struct crypto_hash *hash = crypto_hash_cast(tfm);
51 struct hash_desc desc = { .tfm = hash, .flags = tfm->crt_flags };
52
53 crypto_hash_final(&desc, out);
54}
55EXPORT_SYMBOL_GPL(crypto_digest_final);
56
57void crypto_digest_digest(struct crypto_tfm *tfm,
58 struct scatterlist *sg, unsigned int nsg, u8 *out)
59{
60 struct crypto_hash *hash = crypto_hash_cast(tfm);
61 struct hash_desc desc = { .tfm = hash, .flags = tfm->crt_flags };
62 unsigned int nbytes = 0;
63 unsigned int i;
64
65 for (i = 0; i < nsg; i++)
66 nbytes += sg[i].length;
67
68 crypto_hash_digest(&desc, sg, nbytes, out);
69}
70EXPORT_SYMBOL_GPL(crypto_digest_digest);
71
72static int init(struct hash_desc *desc) 24static int init(struct hash_desc *desc)
73{ 25{
74 struct crypto_tfm *tfm = crypto_hash_tfm(desc->tfm); 26 struct crypto_tfm *tfm = crypto_hash_tfm(desc->tfm);
diff --git a/crypto/gf128mul.c b/crypto/gf128mul.c
new file mode 100644
index 000000000000..0a2aadfa1d85
--- /dev/null
+++ b/crypto/gf128mul.c
@@ -0,0 +1,466 @@
1/* gf128mul.c - GF(2^128) multiplication functions
2 *
3 * Copyright (c) 2003, Dr Brian Gladman, Worcester, UK.
4 * Copyright (c) 2006, Rik Snel <rsnel@cube.dyndns.org>
5 *
6 * Based on Dr Brian Gladman's (GPL'd) work published at
7 * http://fp.gladman.plus.com/cryptography_technology/index.htm
8 * See the original copyright notice below.
9 *
10 * This program is free software; you can redistribute it and/or modify it
11 * under the terms of the GNU General Public License as published by the Free
12 * Software Foundation; either version 2 of the License, or (at your option)
13 * any later version.
14 */
15
16/*
17 ---------------------------------------------------------------------------
18 Copyright (c) 2003, Dr Brian Gladman, Worcester, UK. All rights reserved.
19
20 LICENSE TERMS
21
22 The free distribution and use of this software in both source and binary
23 form is allowed (with or without changes) provided that:
24
25 1. distributions of this source code include the above copyright
26 notice, this list of conditions and the following disclaimer;
27
28 2. distributions in binary form include the above copyright
29 notice, this list of conditions and the following disclaimer
30 in the documentation and/or other associated materials;
31
32 3. the copyright holder's name is not used to endorse products
33 built using this software without specific written permission.
34
35 ALTERNATIVELY, provided that this notice is retained in full, this product
36 may be distributed under the terms of the GNU General Public License (GPL),
37 in which case the provisions of the GPL apply INSTEAD OF those given above.
38
39 DISCLAIMER
40
41 This software is provided 'as is' with no explicit or implied warranties
42 in respect of its properties, including, but not limited to, correctness
43 and/or fitness for purpose.
44 ---------------------------------------------------------------------------
45 Issue 31/01/2006
46
47 This file provides fast multiplication in GF(128) as required by several
48 cryptographic authentication modes
49*/
50
51#include <crypto/gf128mul.h>
52#include <linux/kernel.h>
53#include <linux/module.h>
54#include <linux/slab.h>
55
56#define gf128mul_dat(q) { \
57 q(0x00), q(0x01), q(0x02), q(0x03), q(0x04), q(0x05), q(0x06), q(0x07),\
58 q(0x08), q(0x09), q(0x0a), q(0x0b), q(0x0c), q(0x0d), q(0x0e), q(0x0f),\
59 q(0x10), q(0x11), q(0x12), q(0x13), q(0x14), q(0x15), q(0x16), q(0x17),\
60 q(0x18), q(0x19), q(0x1a), q(0x1b), q(0x1c), q(0x1d), q(0x1e), q(0x1f),\
61 q(0x20), q(0x21), q(0x22), q(0x23), q(0x24), q(0x25), q(0x26), q(0x27),\
62 q(0x28), q(0x29), q(0x2a), q(0x2b), q(0x2c), q(0x2d), q(0x2e), q(0x2f),\
63 q(0x30), q(0x31), q(0x32), q(0x33), q(0x34), q(0x35), q(0x36), q(0x37),\
64 q(0x38), q(0x39), q(0x3a), q(0x3b), q(0x3c), q(0x3d), q(0x3e), q(0x3f),\
65 q(0x40), q(0x41), q(0x42), q(0x43), q(0x44), q(0x45), q(0x46), q(0x47),\
66 q(0x48), q(0x49), q(0x4a), q(0x4b), q(0x4c), q(0x4d), q(0x4e), q(0x4f),\
67 q(0x50), q(0x51), q(0x52), q(0x53), q(0x54), q(0x55), q(0x56), q(0x57),\
68 q(0x58), q(0x59), q(0x5a), q(0x5b), q(0x5c), q(0x5d), q(0x5e), q(0x5f),\
69 q(0x60), q(0x61), q(0x62), q(0x63), q(0x64), q(0x65), q(0x66), q(0x67),\
70 q(0x68), q(0x69), q(0x6a), q(0x6b), q(0x6c), q(0x6d), q(0x6e), q(0x6f),\
71 q(0x70), q(0x71), q(0x72), q(0x73), q(0x74), q(0x75), q(0x76), q(0x77),\
72 q(0x78), q(0x79), q(0x7a), q(0x7b), q(0x7c), q(0x7d), q(0x7e), q(0x7f),\
73 q(0x80), q(0x81), q(0x82), q(0x83), q(0x84), q(0x85), q(0x86), q(0x87),\
74 q(0x88), q(0x89), q(0x8a), q(0x8b), q(0x8c), q(0x8d), q(0x8e), q(0x8f),\
75 q(0x90), q(0x91), q(0x92), q(0x93), q(0x94), q(0x95), q(0x96), q(0x97),\
76 q(0x98), q(0x99), q(0x9a), q(0x9b), q(0x9c), q(0x9d), q(0x9e), q(0x9f),\
77 q(0xa0), q(0xa1), q(0xa2), q(0xa3), q(0xa4), q(0xa5), q(0xa6), q(0xa7),\
78 q(0xa8), q(0xa9), q(0xaa), q(0xab), q(0xac), q(0xad), q(0xae), q(0xaf),\
79 q(0xb0), q(0xb1), q(0xb2), q(0xb3), q(0xb4), q(0xb5), q(0xb6), q(0xb7),\
80 q(0xb8), q(0xb9), q(0xba), q(0xbb), q(0xbc), q(0xbd), q(0xbe), q(0xbf),\
81 q(0xc0), q(0xc1), q(0xc2), q(0xc3), q(0xc4), q(0xc5), q(0xc6), q(0xc7),\
82 q(0xc8), q(0xc9), q(0xca), q(0xcb), q(0xcc), q(0xcd), q(0xce), q(0xcf),\
83 q(0xd0), q(0xd1), q(0xd2), q(0xd3), q(0xd4), q(0xd5), q(0xd6), q(0xd7),\
84 q(0xd8), q(0xd9), q(0xda), q(0xdb), q(0xdc), q(0xdd), q(0xde), q(0xdf),\
85 q(0xe0), q(0xe1), q(0xe2), q(0xe3), q(0xe4), q(0xe5), q(0xe6), q(0xe7),\
86 q(0xe8), q(0xe9), q(0xea), q(0xeb), q(0xec), q(0xed), q(0xee), q(0xef),\
87 q(0xf0), q(0xf1), q(0xf2), q(0xf3), q(0xf4), q(0xf5), q(0xf6), q(0xf7),\
88 q(0xf8), q(0xf9), q(0xfa), q(0xfb), q(0xfc), q(0xfd), q(0xfe), q(0xff) \
89}
90
91/* Given the value i in 0..255 as the byte overflow when a field element
92 in GHASH is multipled by x^8, this function will return the values that
93 are generated in the lo 16-bit word of the field value by applying the
94 modular polynomial. The values lo_byte and hi_byte are returned via the
95 macro xp_fun(lo_byte, hi_byte) so that the values can be assembled into
96 memory as required by a suitable definition of this macro operating on
97 the table above
98*/
99
100#define xx(p, q) 0x##p##q
101
102#define xda_bbe(i) ( \
103 (i & 0x80 ? xx(43, 80) : 0) ^ (i & 0x40 ? xx(21, c0) : 0) ^ \
104 (i & 0x20 ? xx(10, e0) : 0) ^ (i & 0x10 ? xx(08, 70) : 0) ^ \
105 (i & 0x08 ? xx(04, 38) : 0) ^ (i & 0x04 ? xx(02, 1c) : 0) ^ \
106 (i & 0x02 ? xx(01, 0e) : 0) ^ (i & 0x01 ? xx(00, 87) : 0) \
107)
108
109#define xda_lle(i) ( \
110 (i & 0x80 ? xx(e1, 00) : 0) ^ (i & 0x40 ? xx(70, 80) : 0) ^ \
111 (i & 0x20 ? xx(38, 40) : 0) ^ (i & 0x10 ? xx(1c, 20) : 0) ^ \
112 (i & 0x08 ? xx(0e, 10) : 0) ^ (i & 0x04 ? xx(07, 08) : 0) ^ \
113 (i & 0x02 ? xx(03, 84) : 0) ^ (i & 0x01 ? xx(01, c2) : 0) \
114)
115
116static const u16 gf128mul_table_lle[256] = gf128mul_dat(xda_lle);
117static const u16 gf128mul_table_bbe[256] = gf128mul_dat(xda_bbe);
118
119/* These functions multiply a field element by x, by x^4 and by x^8
120 * in the polynomial field representation. It uses 32-bit word operations
121 * to gain speed but compensates for machine endianess and hence works
122 * correctly on both styles of machine.
123 */
124
125static void gf128mul_x_lle(be128 *r, const be128 *x)
126{
127 u64 a = be64_to_cpu(x->a);
128 u64 b = be64_to_cpu(x->b);
129 u64 _tt = gf128mul_table_lle[(b << 7) & 0xff];
130
131 r->b = cpu_to_be64((b >> 1) | (a << 63));
132 r->a = cpu_to_be64((a >> 1) ^ (_tt << 48));
133}
134
135static void gf128mul_x_bbe(be128 *r, const be128 *x)
136{
137 u64 a = be64_to_cpu(x->a);
138 u64 b = be64_to_cpu(x->b);
139 u64 _tt = gf128mul_table_bbe[a >> 63];
140
141 r->a = cpu_to_be64((a << 1) | (b >> 63));
142 r->b = cpu_to_be64((b << 1) ^ _tt);
143}
144
145static void gf128mul_x8_lle(be128 *x)
146{
147 u64 a = be64_to_cpu(x->a);
148 u64 b = be64_to_cpu(x->b);
149 u64 _tt = gf128mul_table_lle[b & 0xff];
150
151 x->b = cpu_to_be64((b >> 8) | (a << 56));
152 x->a = cpu_to_be64((a >> 8) ^ (_tt << 48));
153}
154
155static void gf128mul_x8_bbe(be128 *x)
156{
157 u64 a = be64_to_cpu(x->a);
158 u64 b = be64_to_cpu(x->b);
159 u64 _tt = gf128mul_table_bbe[a >> 56];
160
161 x->a = cpu_to_be64((a << 8) | (b >> 56));
162 x->b = cpu_to_be64((b << 8) ^ _tt);
163}
164
165void gf128mul_lle(be128 *r, const be128 *b)
166{
167 be128 p[8];
168 int i;
169
170 p[0] = *r;
171 for (i = 0; i < 7; ++i)
172 gf128mul_x_lle(&p[i + 1], &p[i]);
173
174 memset(r, 0, sizeof(r));
175 for (i = 0;;) {
176 u8 ch = ((u8 *)b)[15 - i];
177
178 if (ch & 0x80)
179 be128_xor(r, r, &p[0]);
180 if (ch & 0x40)
181 be128_xor(r, r, &p[1]);
182 if (ch & 0x20)
183 be128_xor(r, r, &p[2]);
184 if (ch & 0x10)
185 be128_xor(r, r, &p[3]);
186 if (ch & 0x08)
187 be128_xor(r, r, &p[4]);
188 if (ch & 0x04)
189 be128_xor(r, r, &p[5]);
190 if (ch & 0x02)
191 be128_xor(r, r, &p[6]);
192 if (ch & 0x01)
193 be128_xor(r, r, &p[7]);
194
195 if (++i >= 16)
196 break;
197
198 gf128mul_x8_lle(r);
199 }
200}
201EXPORT_SYMBOL(gf128mul_lle);
202
203void gf128mul_bbe(be128 *r, const be128 *b)
204{
205 be128 p[8];
206 int i;
207
208 p[0] = *r;
209 for (i = 0; i < 7; ++i)
210 gf128mul_x_bbe(&p[i + 1], &p[i]);
211
212 memset(r, 0, sizeof(r));
213 for (i = 0;;) {
214 u8 ch = ((u8 *)b)[i];
215
216 if (ch & 0x80)
217 be128_xor(r, r, &p[7]);
218 if (ch & 0x40)
219 be128_xor(r, r, &p[6]);
220 if (ch & 0x20)
221 be128_xor(r, r, &p[5]);
222 if (ch & 0x10)
223 be128_xor(r, r, &p[4]);
224 if (ch & 0x08)
225 be128_xor(r, r, &p[3]);
226 if (ch & 0x04)
227 be128_xor(r, r, &p[2]);
228 if (ch & 0x02)
229 be128_xor(r, r, &p[1]);
230 if (ch & 0x01)
231 be128_xor(r, r, &p[0]);
232
233 if (++i >= 16)
234 break;
235
236 gf128mul_x8_bbe(r);
237 }
238}
239EXPORT_SYMBOL(gf128mul_bbe);
240
241/* This version uses 64k bytes of table space.
242 A 16 byte buffer has to be multiplied by a 16 byte key
243 value in GF(128). If we consider a GF(128) value in
244 the buffer's lowest byte, we can construct a table of
245 the 256 16 byte values that result from the 256 values
246 of this byte. This requires 4096 bytes. But we also
247 need tables for each of the 16 higher bytes in the
248 buffer as well, which makes 64 kbytes in total.
249*/
250/* additional explanation
251 * t[0][BYTE] contains g*BYTE
252 * t[1][BYTE] contains g*x^8*BYTE
253 * ..
254 * t[15][BYTE] contains g*x^120*BYTE */
255struct gf128mul_64k *gf128mul_init_64k_lle(const be128 *g)
256{
257 struct gf128mul_64k *t;
258 int i, j, k;
259
260 t = kzalloc(sizeof(*t), GFP_KERNEL);
261 if (!t)
262 goto out;
263
264 for (i = 0; i < 16; i++) {
265 t->t[i] = kzalloc(sizeof(*t->t[i]), GFP_KERNEL);
266 if (!t->t[i]) {
267 gf128mul_free_64k(t);
268 t = NULL;
269 goto out;
270 }
271 }
272
273 t->t[0]->t[128] = *g;
274 for (j = 64; j > 0; j >>= 1)
275 gf128mul_x_lle(&t->t[0]->t[j], &t->t[0]->t[j + j]);
276
277 for (i = 0;;) {
278 for (j = 2; j < 256; j += j)
279 for (k = 1; k < j; ++k)
280 be128_xor(&t->t[i]->t[j + k],
281 &t->t[i]->t[j], &t->t[i]->t[k]);
282
283 if (++i >= 16)
284 break;
285
286 for (j = 128; j > 0; j >>= 1) {
287 t->t[i]->t[j] = t->t[i - 1]->t[j];
288 gf128mul_x8_lle(&t->t[i]->t[j]);
289 }
290 }
291
292out:
293 return t;
294}
295EXPORT_SYMBOL(gf128mul_init_64k_lle);
296
297struct gf128mul_64k *gf128mul_init_64k_bbe(const be128 *g)
298{
299 struct gf128mul_64k *t;
300 int i, j, k;
301
302 t = kzalloc(sizeof(*t), GFP_KERNEL);
303 if (!t)
304 goto out;
305
306 for (i = 0; i < 16; i++) {
307 t->t[i] = kzalloc(sizeof(*t->t[i]), GFP_KERNEL);
308 if (!t->t[i]) {
309 gf128mul_free_64k(t);
310 t = NULL;
311 goto out;
312 }
313 }
314
315 t->t[0]->t[1] = *g;
316 for (j = 1; j <= 64; j <<= 1)
317 gf128mul_x_bbe(&t->t[0]->t[j + j], &t->t[0]->t[j]);
318
319 for (i = 0;;) {
320 for (j = 2; j < 256; j += j)
321 for (k = 1; k < j; ++k)
322 be128_xor(&t->t[i]->t[j + k],
323 &t->t[i]->t[j], &t->t[i]->t[k]);
324
325 if (++i >= 16)
326 break;
327
328 for (j = 128; j > 0; j >>= 1) {
329 t->t[i]->t[j] = t->t[i - 1]->t[j];
330 gf128mul_x8_bbe(&t->t[i]->t[j]);
331 }
332 }
333
334out:
335 return t;
336}
337EXPORT_SYMBOL(gf128mul_init_64k_bbe);
338
339void gf128mul_free_64k(struct gf128mul_64k *t)
340{
341 int i;
342
343 for (i = 0; i < 16; i++)
344 kfree(t->t[i]);
345 kfree(t);
346}
347EXPORT_SYMBOL(gf128mul_free_64k);
348
349void gf128mul_64k_lle(be128 *a, struct gf128mul_64k *t)
350{
351 u8 *ap = (u8 *)a;
352 be128 r[1];
353 int i;
354
355 *r = t->t[0]->t[ap[0]];
356 for (i = 1; i < 16; ++i)
357 be128_xor(r, r, &t->t[i]->t[ap[i]]);
358 *a = *r;
359}
360EXPORT_SYMBOL(gf128mul_64k_lle);
361
362void gf128mul_64k_bbe(be128 *a, struct gf128mul_64k *t)
363{
364 u8 *ap = (u8 *)a;
365 be128 r[1];
366 int i;
367
368 *r = t->t[0]->t[ap[15]];
369 for (i = 1; i < 16; ++i)
370 be128_xor(r, r, &t->t[i]->t[ap[15 - i]]);
371 *a = *r;
372}
373EXPORT_SYMBOL(gf128mul_64k_bbe);
374
375/* This version uses 4k bytes of table space.
376 A 16 byte buffer has to be multiplied by a 16 byte key
377 value in GF(128). If we consider a GF(128) value in a
378 single byte, we can construct a table of the 256 16 byte
379 values that result from the 256 values of this byte.
380 This requires 4096 bytes. If we take the highest byte in
381 the buffer and use this table to get the result, we then
382 have to multiply by x^120 to get the final value. For the
383 next highest byte the result has to be multiplied by x^112
384 and so on. But we can do this by accumulating the result
385 in an accumulator starting with the result for the top
386 byte. We repeatedly multiply the accumulator value by
387 x^8 and then add in (i.e. xor) the 16 bytes of the next
388 lower byte in the buffer, stopping when we reach the
389 lowest byte. This requires a 4096 byte table.
390*/
391struct gf128mul_4k *gf128mul_init_4k_lle(const be128 *g)
392{
393 struct gf128mul_4k *t;
394 int j, k;
395
396 t = kzalloc(sizeof(*t), GFP_KERNEL);
397 if (!t)
398 goto out;
399
400 t->t[128] = *g;
401 for (j = 64; j > 0; j >>= 1)
402 gf128mul_x_lle(&t->t[j], &t->t[j+j]);
403
404 for (j = 2; j < 256; j += j)
405 for (k = 1; k < j; ++k)
406 be128_xor(&t->t[j + k], &t->t[j], &t->t[k]);
407
408out:
409 return t;
410}
411EXPORT_SYMBOL(gf128mul_init_4k_lle);
412
413struct gf128mul_4k *gf128mul_init_4k_bbe(const be128 *g)
414{
415 struct gf128mul_4k *t;
416 int j, k;
417
418 t = kzalloc(sizeof(*t), GFP_KERNEL);
419 if (!t)
420 goto out;
421
422 t->t[1] = *g;
423 for (j = 1; j <= 64; j <<= 1)
424 gf128mul_x_bbe(&t->t[j + j], &t->t[j]);
425
426 for (j = 2; j < 256; j += j)
427 for (k = 1; k < j; ++k)
428 be128_xor(&t->t[j + k], &t->t[j], &t->t[k]);
429
430out:
431 return t;
432}
433EXPORT_SYMBOL(gf128mul_init_4k_bbe);
434
435void gf128mul_4k_lle(be128 *a, struct gf128mul_4k *t)
436{
437 u8 *ap = (u8 *)a;
438 be128 r[1];
439 int i = 15;
440
441 *r = t->t[ap[15]];
442 while (i--) {
443 gf128mul_x8_lle(r);
444 be128_xor(r, r, &t->t[ap[i]]);
445 }
446 *a = *r;
447}
448EXPORT_SYMBOL(gf128mul_4k_lle);
449
450void gf128mul_4k_bbe(be128 *a, struct gf128mul_4k *t)
451{
452 u8 *ap = (u8 *)a;
453 be128 r[1];
454 int i = 0;
455
456 *r = t->t[ap[0]];
457 while (++i < 16) {
458 gf128mul_x8_bbe(r);
459 be128_xor(r, r, &t->t[ap[i]]);
460 }
461 *a = *r;
462}
463EXPORT_SYMBOL(gf128mul_4k_bbe);
464
465MODULE_LICENSE("GPL");
466MODULE_DESCRIPTION("Functions for multiplying elements of GF(2^128)");
diff --git a/crypto/lrw.c b/crypto/lrw.c
new file mode 100644
index 000000000000..56642586d84f
--- /dev/null
+++ b/crypto/lrw.c
@@ -0,0 +1,301 @@
1/* LRW: as defined by Cyril Guyot in
2 * http://grouper.ieee.org/groups/1619/email/pdf00017.pdf
3 *
4 * Copyright (c) 2006 Rik Snel <rsnel@cube.dyndns.org>
5 *
6 * Based om ecb.c
7 * Copyright (c) 2006 Herbert Xu <herbert@gondor.apana.org.au>
8 *
9 * This program is free software; you can redistribute it and/or modify it
10 * under the terms of the GNU General Public License as published by the Free
11 * Software Foundation; either version 2 of the License, or (at your option)
12 * any later version.
13 */
14/* This implementation is checked against the test vectors in the above
15 * document and by a test vector provided by Ken Buchanan at
16 * http://www.mail-archive.com/stds-p1619@listserv.ieee.org/msg00173.html
17 *
18 * The test vectors are included in the testing module tcrypt.[ch] */
19#include <crypto/algapi.h>
20#include <linux/err.h>
21#include <linux/init.h>
22#include <linux/kernel.h>
23#include <linux/module.h>
24#include <linux/scatterlist.h>
25#include <linux/slab.h>
26
27#include <crypto/b128ops.h>
28#include <crypto/gf128mul.h>
29
30struct priv {
31 struct crypto_cipher *child;
32 /* optimizes multiplying a random (non incrementing, as at the
33 * start of a new sector) value with key2, we could also have
34 * used 4k optimization tables or no optimization at all. In the
35 * latter case we would have to store key2 here */
36 struct gf128mul_64k *table;
37 /* stores:
38 * key2*{ 0,0,...0,0,0,0,1 }, key2*{ 0,0,...0,0,0,1,1 },
39 * key2*{ 0,0,...0,0,1,1,1 }, key2*{ 0,0,...0,1,1,1,1 }
40 * key2*{ 0,0,...1,1,1,1,1 }, etc
41 * needed for optimized multiplication of incrementing values
42 * with key2 */
43 be128 mulinc[128];
44};
45
46static inline void setbit128_bbe(void *b, int bit)
47{
48 __set_bit(bit ^ 0x78, b);
49}
50
51static int setkey(struct crypto_tfm *parent, const u8 *key,
52 unsigned int keylen)
53{
54 struct priv *ctx = crypto_tfm_ctx(parent);
55 struct crypto_cipher *child = ctx->child;
56 int err, i;
57 be128 tmp = { 0 };
58 int bsize = crypto_cipher_blocksize(child);
59
60 crypto_cipher_clear_flags(child, CRYPTO_TFM_REQ_MASK);
61 crypto_cipher_set_flags(child, crypto_tfm_get_flags(parent) &
62 CRYPTO_TFM_REQ_MASK);
63 if ((err = crypto_cipher_setkey(child, key, keylen - bsize)))
64 return err;
65 crypto_tfm_set_flags(parent, crypto_cipher_get_flags(child) &
66 CRYPTO_TFM_RES_MASK);
67
68 if (ctx->table)
69 gf128mul_free_64k(ctx->table);
70
71 /* initialize multiplication table for Key2 */
72 ctx->table = gf128mul_init_64k_bbe((be128 *)(key + keylen - bsize));
73 if (!ctx->table)
74 return -ENOMEM;
75
76 /* initialize optimization table */
77 for (i = 0; i < 128; i++) {
78 setbit128_bbe(&tmp, i);
79 ctx->mulinc[i] = tmp;
80 gf128mul_64k_bbe(&ctx->mulinc[i], ctx->table);
81 }
82
83 return 0;
84}
85
86struct sinfo {
87 be128 t;
88 struct crypto_tfm *tfm;
89 void (*fn)(struct crypto_tfm *, u8 *, const u8 *);
90};
91
92static inline void inc(be128 *iv)
93{
94 if (!(iv->b = cpu_to_be64(be64_to_cpu(iv->b) + 1)))
95 iv->a = cpu_to_be64(be64_to_cpu(iv->a) + 1);
96}
97
98static inline void lrw_round(struct sinfo *s, void *dst, const void *src)
99{
100 be128_xor(dst, &s->t, src); /* PP <- T xor P */
101 s->fn(s->tfm, dst, dst); /* CC <- E(Key2,PP) */
102 be128_xor(dst, dst, &s->t); /* C <- T xor CC */
103}
104
105/* this returns the number of consequative 1 bits starting
106 * from the right, get_index128(00 00 00 00 00 00 ... 00 00 10 FB) = 2 */
107static inline int get_index128(be128 *block)
108{
109 int x;
110 __be32 *p = (__be32 *) block;
111
112 for (p += 3, x = 0; x < 128; p--, x += 32) {
113 u32 val = be32_to_cpup(p);
114
115 if (!~val)
116 continue;
117
118 return x + ffz(val);
119 }
120
121 return x;
122}
123
124static int crypt(struct blkcipher_desc *d,
125 struct blkcipher_walk *w, struct priv *ctx,
126 void (*fn)(struct crypto_tfm *, u8 *, const u8 *))
127{
128 int err;
129 unsigned int avail;
130 const int bs = crypto_cipher_blocksize(ctx->child);
131 struct sinfo s = {
132 .tfm = crypto_cipher_tfm(ctx->child),
133 .fn = fn
134 };
135 be128 *iv;
136 u8 *wsrc;
137 u8 *wdst;
138
139 err = blkcipher_walk_virt(d, w);
140 if (!(avail = w->nbytes))
141 return err;
142
143 wsrc = w->src.virt.addr;
144 wdst = w->dst.virt.addr;
145
146 /* calculate first value of T */
147 iv = (be128 *)w->iv;
148 s.t = *iv;
149
150 /* T <- I*Key2 */
151 gf128mul_64k_bbe(&s.t, ctx->table);
152
153 goto first;
154
155 for (;;) {
156 do {
157 /* T <- I*Key2, using the optimization
158 * discussed in the specification */
159 be128_xor(&s.t, &s.t, &ctx->mulinc[get_index128(iv)]);
160 inc(iv);
161
162first:
163 lrw_round(&s, wdst, wsrc);
164
165 wsrc += bs;
166 wdst += bs;
167 } while ((avail -= bs) >= bs);
168
169 err = blkcipher_walk_done(d, w, avail);
170 if (!(avail = w->nbytes))
171 break;
172
173 wsrc = w->src.virt.addr;
174 wdst = w->dst.virt.addr;
175 }
176
177 return err;
178}
179
180static int encrypt(struct blkcipher_desc *desc, struct scatterlist *dst,
181 struct scatterlist *src, unsigned int nbytes)
182{
183 struct priv *ctx = crypto_blkcipher_ctx(desc->tfm);
184 struct blkcipher_walk w;
185
186 blkcipher_walk_init(&w, dst, src, nbytes);
187 return crypt(desc, &w, ctx,
188 crypto_cipher_alg(ctx->child)->cia_encrypt);
189}
190
191static int decrypt(struct blkcipher_desc *desc, struct scatterlist *dst,
192 struct scatterlist *src, unsigned int nbytes)
193{
194 struct priv *ctx = crypto_blkcipher_ctx(desc->tfm);
195 struct blkcipher_walk w;
196
197 blkcipher_walk_init(&w, dst, src, nbytes);
198 return crypt(desc, &w, ctx,
199 crypto_cipher_alg(ctx->child)->cia_decrypt);
200}
201
202static int init_tfm(struct crypto_tfm *tfm)
203{
204 struct crypto_instance *inst = (void *)tfm->__crt_alg;
205 struct crypto_spawn *spawn = crypto_instance_ctx(inst);
206 struct priv *ctx = crypto_tfm_ctx(tfm);
207 u32 *flags = &tfm->crt_flags;
208
209 tfm = crypto_spawn_tfm(spawn);
210 if (IS_ERR(tfm))
211 return PTR_ERR(tfm);
212
213 if (crypto_tfm_alg_blocksize(tfm) != 16) {
214 *flags |= CRYPTO_TFM_RES_BAD_BLOCK_LEN;
215 return -EINVAL;
216 }
217
218 ctx->child = crypto_cipher_cast(tfm);
219 return 0;
220}
221
222static void exit_tfm(struct crypto_tfm *tfm)
223{
224 struct priv *ctx = crypto_tfm_ctx(tfm);
225 if (ctx->table)
226 gf128mul_free_64k(ctx->table);
227 crypto_free_cipher(ctx->child);
228}
229
230static struct crypto_instance *alloc(void *param, unsigned int len)
231{
232 struct crypto_instance *inst;
233 struct crypto_alg *alg;
234
235 alg = crypto_get_attr_alg(param, len, CRYPTO_ALG_TYPE_CIPHER,
236 CRYPTO_ALG_TYPE_MASK | CRYPTO_ALG_ASYNC);
237 if (IS_ERR(alg))
238 return ERR_PTR(PTR_ERR(alg));
239
240 inst = crypto_alloc_instance("lrw", alg);
241 if (IS_ERR(inst))
242 goto out_put_alg;
243
244 inst->alg.cra_flags = CRYPTO_ALG_TYPE_BLKCIPHER;
245 inst->alg.cra_priority = alg->cra_priority;
246 inst->alg.cra_blocksize = alg->cra_blocksize;
247
248 if (alg->cra_alignmask < 7) inst->alg.cra_alignmask = 7;
249 else inst->alg.cra_alignmask = alg->cra_alignmask;
250 inst->alg.cra_type = &crypto_blkcipher_type;
251
252 if (!(alg->cra_blocksize % 4))
253 inst->alg.cra_alignmask |= 3;
254 inst->alg.cra_blkcipher.ivsize = alg->cra_blocksize;
255 inst->alg.cra_blkcipher.min_keysize =
256 alg->cra_cipher.cia_min_keysize + alg->cra_blocksize;
257 inst->alg.cra_blkcipher.max_keysize =
258 alg->cra_cipher.cia_max_keysize + alg->cra_blocksize;
259
260 inst->alg.cra_ctxsize = sizeof(struct priv);
261
262 inst->alg.cra_init = init_tfm;
263 inst->alg.cra_exit = exit_tfm;
264
265 inst->alg.cra_blkcipher.setkey = setkey;
266 inst->alg.cra_blkcipher.encrypt = encrypt;
267 inst->alg.cra_blkcipher.decrypt = decrypt;
268
269out_put_alg:
270 crypto_mod_put(alg);
271 return inst;
272}
273
274static void free(struct crypto_instance *inst)
275{
276 crypto_drop_spawn(crypto_instance_ctx(inst));
277 kfree(inst);
278}
279
280static struct crypto_template crypto_tmpl = {
281 .name = "lrw",
282 .alloc = alloc,
283 .free = free,
284 .module = THIS_MODULE,
285};
286
287static int __init crypto_module_init(void)
288{
289 return crypto_register_template(&crypto_tmpl);
290}
291
292static void __exit crypto_module_exit(void)
293{
294 crypto_unregister_template(&crypto_tmpl);
295}
296
297module_init(crypto_module_init);
298module_exit(crypto_module_exit);
299
300MODULE_LICENSE("GPL");
301MODULE_DESCRIPTION("LRW block cipher mode");
diff --git a/crypto/tcrypt.c b/crypto/tcrypt.c
index 83307420d31c..d671e8942b1f 100644
--- a/crypto/tcrypt.c
+++ b/crypto/tcrypt.c
@@ -906,6 +906,10 @@ static void do_test(void)
906 AES_CBC_ENC_TEST_VECTORS); 906 AES_CBC_ENC_TEST_VECTORS);
907 test_cipher("cbc(aes)", DECRYPT, aes_cbc_dec_tv_template, 907 test_cipher("cbc(aes)", DECRYPT, aes_cbc_dec_tv_template,
908 AES_CBC_DEC_TEST_VECTORS); 908 AES_CBC_DEC_TEST_VECTORS);
909 test_cipher("lrw(aes)", ENCRYPT, aes_lrw_enc_tv_template,
910 AES_LRW_ENC_TEST_VECTORS);
911 test_cipher("lrw(aes)", DECRYPT, aes_lrw_dec_tv_template,
912 AES_LRW_DEC_TEST_VECTORS);
909 913
910 //CAST5 914 //CAST5
911 test_cipher("ecb(cast5)", ENCRYPT, cast5_enc_tv_template, 915 test_cipher("ecb(cast5)", ENCRYPT, cast5_enc_tv_template,
@@ -977,6 +981,9 @@ static void do_test(void)
977 test_hash("hmac(sha256)", hmac_sha256_tv_template, 981 test_hash("hmac(sha256)", hmac_sha256_tv_template,
978 HMAC_SHA256_TEST_VECTORS); 982 HMAC_SHA256_TEST_VECTORS);
979 983
984 test_hash("xcbc(aes)", aes_xcbc128_tv_template,
985 XCBC_AES_TEST_VECTORS);
986
980 test_hash("michael_mic", michael_mic_tv_template, MICHAEL_MIC_TEST_VECTORS); 987 test_hash("michael_mic", michael_mic_tv_template, MICHAEL_MIC_TEST_VECTORS);
981 break; 988 break;
982 989
@@ -1052,6 +1059,10 @@ static void do_test(void)
1052 AES_CBC_ENC_TEST_VECTORS); 1059 AES_CBC_ENC_TEST_VECTORS);
1053 test_cipher("cbc(aes)", DECRYPT, aes_cbc_dec_tv_template, 1060 test_cipher("cbc(aes)", DECRYPT, aes_cbc_dec_tv_template,
1054 AES_CBC_DEC_TEST_VECTORS); 1061 AES_CBC_DEC_TEST_VECTORS);
1062 test_cipher("lrw(aes)", ENCRYPT, aes_lrw_enc_tv_template,
1063 AES_LRW_ENC_TEST_VECTORS);
1064 test_cipher("lrw(aes)", DECRYPT, aes_lrw_dec_tv_template,
1065 AES_LRW_DEC_TEST_VECTORS);
1055 break; 1066 break;
1056 1067
1057 case 11: 1068 case 11:
@@ -1191,6 +1202,10 @@ static void do_test(void)
1191 aes_speed_template); 1202 aes_speed_template);
1192 test_cipher_speed("cbc(aes)", DECRYPT, sec, NULL, 0, 1203 test_cipher_speed("cbc(aes)", DECRYPT, sec, NULL, 0,
1193 aes_speed_template); 1204 aes_speed_template);
1205 test_cipher_speed("lrw(aes)", ENCRYPT, sec, NULL, 0,
1206 aes_lrw_speed_template);
1207 test_cipher_speed("lrw(aes)", DECRYPT, sec, NULL, 0,
1208 aes_lrw_speed_template);
1194 break; 1209 break;
1195 1210
1196 case 201: 1211 case 201:
diff --git a/crypto/tcrypt.h b/crypto/tcrypt.h
index a40c4411729e..48a81362cb85 100644
--- a/crypto/tcrypt.h
+++ b/crypto/tcrypt.h
@@ -39,15 +39,15 @@ struct hash_testvec {
39struct cipher_testvec { 39struct cipher_testvec {
40 char key[MAX_KEYLEN] __attribute__ ((__aligned__(4))); 40 char key[MAX_KEYLEN] __attribute__ ((__aligned__(4)));
41 char iv[MAX_IVLEN]; 41 char iv[MAX_IVLEN];
42 char input[48]; 42 char input[512];
43 char result[48]; 43 char result[512];
44 unsigned char tap[MAX_TAP]; 44 unsigned char tap[MAX_TAP];
45 int np; 45 int np;
46 unsigned char fail; 46 unsigned char fail;
47 unsigned char wk; /* weak key flag */ 47 unsigned char wk; /* weak key flag */
48 unsigned char klen; 48 unsigned char klen;
49 unsigned char ilen; 49 unsigned short ilen;
50 unsigned char rlen; 50 unsigned short rlen;
51}; 51};
52 52
53struct cipher_speed { 53struct cipher_speed {
@@ -933,6 +933,74 @@ static struct hash_testvec hmac_sha256_tv_template[] = {
933 }, 933 },
934}; 934};
935 935
936#define XCBC_AES_TEST_VECTORS 6
937
938static struct hash_testvec aes_xcbc128_tv_template[] = {
939 {
940 .key = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
941 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f },
942 .plaintext = { [0 ... 15] = 0 },
943 .digest = { 0x75, 0xf0, 0x25, 0x1d, 0x52, 0x8a, 0xc0, 0x1c,
944 0x45, 0x73, 0xdf, 0xd5, 0x84, 0xd7, 0x9f, 0x29 },
945 .psize = 0,
946 .ksize = 16,
947 }, {
948 .key = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
949 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f },
950 .plaintext = { 0x00, 0x01, 0x02 },
951 .digest = { 0x5b, 0x37, 0x65, 0x80, 0xae, 0x2f, 0x19, 0xaf,
952 0xe7, 0x21, 0x9c, 0xee, 0xf1, 0x72, 0x75, 0x6f },
953 .psize = 3,
954 .ksize = 16,
955 } , {
956 .key = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
957 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f },
958 .plaintext = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
959 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f },
960 .digest = { 0xd2, 0xa2, 0x46, 0xfa, 0x34, 0x9b, 0x68, 0xa7,
961 0x99, 0x98, 0xa4, 0x39, 0x4f, 0xf7, 0xa2, 0x63 },
962 .psize = 16,
963 .ksize = 16,
964 }, {
965 .key = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
966 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f },
967 .plaintext = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
968 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
969 0x10, 0x11, 0x12, 0x13 },
970 .digest = { 0x47, 0xf5, 0x1b, 0x45, 0x64, 0x96, 0x62, 0x15,
971 0xb8, 0x98, 0x5c, 0x63, 0x05, 0x5e, 0xd3, 0x08 },
972 .tap = { 10, 10 },
973 .psize = 20,
974 .np = 2,
975 .ksize = 16,
976 }, {
977 .key = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
978 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f },
979 .plaintext = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
980 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
981 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
982 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f },
983 .digest = { 0xf5, 0x4f, 0x0e, 0xc8, 0xd2, 0xb9, 0xf3, 0xd3,
984 0x68, 0x07, 0x73, 0x4b, 0xd5, 0x28, 0x3f, 0xd4 },
985 .psize = 32,
986 .ksize = 16,
987 }, {
988 .key = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
989 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f },
990 .plaintext = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
991 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
992 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
993 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
994 0x20, 0x21 },
995 .digest = { 0xbe, 0xcb, 0xb3, 0xbc, 0xcd, 0xb5, 0x18, 0xa3,
996 0x06, 0x77, 0xd5, 0x48, 0x1f, 0xb6, 0xb4, 0xd8 },
997 .tap = { 17, 17 },
998 .psize = 34,
999 .np = 2,
1000 .ksize = 16,
1001 }
1002};
1003
936/* 1004/*
937 * DES test vectors. 1005 * DES test vectors.
938 */ 1006 */
@@ -1831,6 +1899,8 @@ static struct cipher_testvec cast6_dec_tv_template[] = {
1831#define AES_DEC_TEST_VECTORS 3 1899#define AES_DEC_TEST_VECTORS 3
1832#define AES_CBC_ENC_TEST_VECTORS 2 1900#define AES_CBC_ENC_TEST_VECTORS 2
1833#define AES_CBC_DEC_TEST_VECTORS 2 1901#define AES_CBC_DEC_TEST_VECTORS 2
1902#define AES_LRW_ENC_TEST_VECTORS 8
1903#define AES_LRW_DEC_TEST_VECTORS 8
1834 1904
1835static struct cipher_testvec aes_enc_tv_template[] = { 1905static struct cipher_testvec aes_enc_tv_template[] = {
1836 { /* From FIPS-197 */ 1906 { /* From FIPS-197 */
@@ -1968,6 +2038,509 @@ static struct cipher_testvec aes_cbc_dec_tv_template[] = {
1968 }, 2038 },
1969}; 2039};
1970 2040
2041static struct cipher_testvec aes_lrw_enc_tv_template[] = {
2042 /* from http://grouper.ieee.org/groups/1619/email/pdf00017.pdf */
2043 { /* LRW-32-AES 1 */
2044 .key = { 0x45, 0x62, 0xac, 0x25, 0xf8, 0x28, 0x17, 0x6d,
2045 0x4c, 0x26, 0x84, 0x14, 0xb5, 0x68, 0x01, 0x85,
2046 0x25, 0x8e, 0x2a, 0x05, 0xe7, 0x3e, 0x9d, 0x03,
2047 0xee, 0x5a, 0x83, 0x0c, 0xcc, 0x09, 0x4c, 0x87 },
2048 .klen = 32,
2049 .iv = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2050 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 },
2051 .input = { 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
2052 0x38, 0x39, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46 },
2053 .ilen = 16,
2054 .result = { 0xf1, 0xb2, 0x73, 0xcd, 0x65, 0xa3, 0xdf, 0x5f,
2055 0xe9, 0x5d, 0x48, 0x92, 0x54, 0x63, 0x4e, 0xb8 },
2056 .rlen = 16,
2057 }, { /* LRW-32-AES 2 */
2058 .key = { 0x59, 0x70, 0x47, 0x14, 0xf5, 0x57, 0x47, 0x8c,
2059 0xd7, 0x79, 0xe8, 0x0f, 0x54, 0x88, 0x79, 0x44,
2060 0x0d, 0x48, 0xf0, 0xb7, 0xb1, 0x5a, 0x53, 0xea,
2061 0x1c, 0xaa, 0x6b, 0x29, 0xc2, 0xca, 0xfb, 0xaf
2062 },
2063 .klen = 32,
2064 .iv = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2065 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02 },
2066 .input = { 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
2067 0x38, 0x39, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46 },
2068 .ilen = 16,
2069 .result = { 0x00, 0xc8, 0x2b, 0xae, 0x95, 0xbb, 0xcd, 0xe5,
2070 0x27, 0x4f, 0x07, 0x69, 0xb2, 0x60, 0xe1, 0x36 },
2071 .rlen = 16,
2072 }, { /* LRW-32-AES 3 */
2073 .key = { 0xd8, 0x2a, 0x91, 0x34, 0xb2, 0x6a, 0x56, 0x50,
2074 0x30, 0xfe, 0x69, 0xe2, 0x37, 0x7f, 0x98, 0x47,
2075 0xcd, 0xf9, 0x0b, 0x16, 0x0c, 0x64, 0x8f, 0xb6,
2076 0xb0, 0x0d, 0x0d, 0x1b, 0xae, 0x85, 0x87, 0x1f },
2077 .klen = 32,
2078 .iv = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2079 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00 },
2080 .input = { 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
2081 0x38, 0x39, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46 },
2082 .ilen = 16,
2083 .result = { 0x76, 0x32, 0x21, 0x83, 0xed, 0x8f, 0xf1, 0x82,
2084 0xf9, 0x59, 0x62, 0x03, 0x69, 0x0e, 0x5e, 0x01 },
2085 .rlen = 16,
2086 }, { /* LRW-32-AES 4 */
2087 .key = { 0x0f, 0x6a, 0xef, 0xf8, 0xd3, 0xd2, 0xbb, 0x15,
2088 0x25, 0x83, 0xf7, 0x3c, 0x1f, 0x01, 0x28, 0x74,
2089 0xca, 0xc6, 0xbc, 0x35, 0x4d, 0x4a, 0x65, 0x54,
2090 0x90, 0xae, 0x61, 0xcf, 0x7b, 0xae, 0xbd, 0xcc,
2091 0xad, 0xe4, 0x94, 0xc5, 0x4a, 0x29, 0xae, 0x70 },
2092 .klen = 40,
2093 .iv = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2094 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 },
2095 .input = { 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
2096 0x38, 0x39, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46 },
2097 .ilen = 16,
2098 .result = { 0x9c, 0x0f, 0x15, 0x2f, 0x55, 0xa2, 0xd8, 0xf0,
2099 0xd6, 0x7b, 0x8f, 0x9e, 0x28, 0x22, 0xbc, 0x41 },
2100 .rlen = 16,
2101 }, { /* LRW-32-AES 5 */
2102 .key = { 0x8a, 0xd4, 0xee, 0x10, 0x2f, 0xbd, 0x81, 0xff,
2103 0xf8, 0x86, 0xce, 0xac, 0x93, 0xc5, 0xad, 0xc6,
2104 0xa0, 0x19, 0x07, 0xc0, 0x9d, 0xf7, 0xbb, 0xdd,
2105 0x52, 0x13, 0xb2, 0xb7, 0xf0, 0xff, 0x11, 0xd8,
2106 0xd6, 0x08, 0xd0, 0xcd, 0x2e, 0xb1, 0x17, 0x6f },
2107 .klen = 40,
2108 .iv = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2109 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00 },
2110 .input = { 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
2111 0x38, 0x39, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46 },
2112 .ilen = 16,
2113 .result = { 0xd4, 0x27, 0x6a, 0x7f, 0x14, 0x91, 0x3d, 0x65,
2114 0xc8, 0x60, 0x48, 0x02, 0x87, 0xe3, 0x34, 0x06 },
2115 .rlen = 16,
2116 }, { /* LRW-32-AES 6 */
2117 .key = { 0xf8, 0xd4, 0x76, 0xff, 0xd6, 0x46, 0xee, 0x6c,
2118 0x23, 0x84, 0xcb, 0x1c, 0x77, 0xd6, 0x19, 0x5d,
2119 0xfe, 0xf1, 0xa9, 0xf3, 0x7b, 0xbc, 0x8d, 0x21,
2120 0xa7, 0x9c, 0x21, 0xf8, 0xcb, 0x90, 0x02, 0x89,
2121 0xa8, 0x45, 0x34, 0x8e, 0xc8, 0xc5, 0xb5, 0xf1,
2122 0x26, 0xf5, 0x0e, 0x76, 0xfe, 0xfd, 0x1b, 0x1e },
2123 .klen = 48,
2124 .iv = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2125 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 },
2126 .input = { 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
2127 0x38, 0x39, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46 },
2128 .ilen = 16,
2129 .result = { 0xbd, 0x06, 0xb8, 0xe1, 0xdb, 0x98, 0x89, 0x9e,
2130 0xc4, 0x98, 0xe4, 0x91, 0xcf, 0x1c, 0x70, 0x2b },
2131 .rlen = 16,
2132 }, { /* LRW-32-AES 7 */
2133 .key = { 0xfb, 0x76, 0x15, 0xb2, 0x3d, 0x80, 0x89, 0x1d,
2134 0xd4, 0x70, 0x98, 0x0b, 0xc7, 0x95, 0x84, 0xc8,
2135 0xb2, 0xfb, 0x64, 0xce, 0x60, 0x97, 0x87, 0x8d,
2136 0x17, 0xfc, 0xe4, 0x5a, 0x49, 0xe8, 0x30, 0xb7,
2137 0x6e, 0x78, 0x17, 0xe7, 0x2d, 0x5e, 0x12, 0xd4,
2138 0x60, 0x64, 0x04, 0x7a, 0xf1, 0x2f, 0x9e, 0x0c },
2139 .klen = 48,
2140 .iv = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2141 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00 },
2142 .input = { 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
2143 0x38, 0x39, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46 },
2144 .ilen = 16,
2145 .result = { 0x5b, 0x90, 0x8e, 0xc1, 0xab, 0xdd, 0x67, 0x5f,
2146 0x3d, 0x69, 0x8a, 0x95, 0x53, 0xc8, 0x9c, 0xe5 },
2147 .rlen = 16,
2148 }, {
2149/* http://www.mail-archive.com/stds-p1619@listserv.ieee.org/msg00173.html */
2150 .key = { 0xf8, 0xd4, 0x76, 0xff, 0xd6, 0x46, 0xee, 0x6c,
2151 0x23, 0x84, 0xcb, 0x1c, 0x77, 0xd6, 0x19, 0x5d,
2152 0xfe, 0xf1, 0xa9, 0xf3, 0x7b, 0xbc, 0x8d, 0x21,
2153 0xa7, 0x9c, 0x21, 0xf8, 0xcb, 0x90, 0x02, 0x89,
2154 0xa8, 0x45, 0x34, 0x8e, 0xc8, 0xc5, 0xb5, 0xf1,
2155 0x26, 0xf5, 0x0e, 0x76, 0xfe, 0xfd, 0x1b, 0x1e },
2156 .klen = 48,
2157 .iv = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2158 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 },
2159 .input = { 0x05, 0x11, 0xb7, 0x18, 0xab, 0xc6, 0x2d, 0xac,
2160 0x70, 0x5d, 0xf6, 0x22, 0x94, 0xcd, 0xe5, 0x6c,
2161 0x17, 0x6b, 0xf6, 0x1c, 0xf0, 0xf3, 0x6e, 0xf8,
2162 0x50, 0x38, 0x1f, 0x71, 0x49, 0xb6, 0x57, 0xd6,
2163 0x8f, 0xcb, 0x8d, 0x6b, 0xe3, 0xa6, 0x29, 0x90,
2164 0xfe, 0x2a, 0x62, 0x82, 0xae, 0x6d, 0x8b, 0xf6,
2165 0xad, 0x1e, 0x9e, 0x20, 0x5f, 0x38, 0xbe, 0x04,
2166 0xda, 0x10, 0x8e, 0xed, 0xa2, 0xa4, 0x87, 0xab,
2167 0xda, 0x6b, 0xb4, 0x0c, 0x75, 0xba, 0xd3, 0x7c,
2168 0xc9, 0xac, 0x42, 0x31, 0x95, 0x7c, 0xc9, 0x04,
2169 0xeb, 0xd5, 0x6e, 0x32, 0x69, 0x8a, 0xdb, 0xa6,
2170 0x15, 0xd7, 0x3f, 0x4f, 0x2f, 0x66, 0x69, 0x03,
2171 0x9c, 0x1f, 0x54, 0x0f, 0xde, 0x1f, 0xf3, 0x65,
2172 0x4c, 0x96, 0x12, 0xed, 0x7c, 0x92, 0x03, 0x01,
2173 0x6f, 0xbc, 0x35, 0x93, 0xac, 0xf1, 0x27, 0xf1,
2174 0xb4, 0x96, 0x82, 0x5a, 0x5f, 0xb0, 0xa0, 0x50,
2175 0x89, 0xa4, 0x8e, 0x66, 0x44, 0x85, 0xcc, 0xfd,
2176 0x33, 0x14, 0x70, 0xe3, 0x96, 0xb2, 0xc3, 0xd3,
2177 0xbb, 0x54, 0x5a, 0x1a, 0xf9, 0x74, 0xa2, 0xc5,
2178 0x2d, 0x64, 0x75, 0xdd, 0xb4, 0x54, 0xe6, 0x74,
2179 0x8c, 0xd3, 0x9d, 0x9e, 0x86, 0xab, 0x51, 0x53,
2180 0xb7, 0x93, 0x3e, 0x6f, 0xd0, 0x4e, 0x2c, 0x40,
2181 0xf6, 0xa8, 0x2e, 0x3e, 0x9d, 0xf4, 0x66, 0xa5,
2182 0x76, 0x12, 0x73, 0x44, 0x1a, 0x56, 0xd7, 0x72,
2183 0x88, 0xcd, 0x21, 0x8c, 0x4c, 0x0f, 0xfe, 0xda,
2184 0x95, 0xe0, 0x3a, 0xa6, 0xa5, 0x84, 0x46, 0xcd,
2185 0xd5, 0x3e, 0x9d, 0x3a, 0xe2, 0x67, 0xe6, 0x60,
2186 0x1a, 0xe2, 0x70, 0x85, 0x58, 0xc2, 0x1b, 0x09,
2187 0xe1, 0xd7, 0x2c, 0xca, 0xad, 0xa8, 0x8f, 0xf9,
2188 0xac, 0xb3, 0x0e, 0xdb, 0xca, 0x2e, 0xe2, 0xb8,
2189 0x51, 0x71, 0xd9, 0x3c, 0x6c, 0xf1, 0x56, 0xf8,
2190 0xea, 0x9c, 0xf1, 0xfb, 0x0c, 0xe6, 0xb7, 0x10,
2191 0x1c, 0xf8, 0xa9, 0x7c, 0xe8, 0x53, 0x35, 0xc1,
2192 0x90, 0x3e, 0x76, 0x4a, 0x74, 0xa4, 0x21, 0x2c,
2193 0xf6, 0x2c, 0x4e, 0x0f, 0x94, 0x3a, 0x88, 0x2e,
2194 0x41, 0x09, 0x6a, 0x33, 0x7d, 0xf6, 0xdd, 0x3f,
2195 0x8d, 0x23, 0x31, 0x74, 0x84, 0xeb, 0x88, 0x6e,
2196 0xcc, 0xb9, 0xbc, 0x22, 0x83, 0x19, 0x07, 0x22,
2197 0xa5, 0x2d, 0xdf, 0xa5, 0xf3, 0x80, 0x85, 0x78,
2198 0x84, 0x39, 0x6a, 0x6d, 0x6a, 0x99, 0x4f, 0xa5,
2199 0x15, 0xfe, 0x46, 0xb0, 0xe4, 0x6c, 0xa5, 0x41,
2200 0x3c, 0xce, 0x8f, 0x42, 0x60, 0x71, 0xa7, 0x75,
2201 0x08, 0x40, 0x65, 0x8a, 0x82, 0xbf, 0xf5, 0x43,
2202 0x71, 0x96, 0xa9, 0x4d, 0x44, 0x8a, 0x20, 0xbe,
2203 0xfa, 0x4d, 0xbb, 0xc0, 0x7d, 0x31, 0x96, 0x65,
2204 0xe7, 0x75, 0xe5, 0x3e, 0xfd, 0x92, 0x3b, 0xc9,
2205 0x55, 0xbb, 0x16, 0x7e, 0xf7, 0xc2, 0x8c, 0xa4,
2206 0x40, 0x1d, 0xe5, 0xef, 0x0e, 0xdf, 0xe4, 0x9a,
2207 0x62, 0x73, 0x65, 0xfd, 0x46, 0x63, 0x25, 0x3d,
2208 0x2b, 0xaf, 0xe5, 0x64, 0xfe, 0xa5, 0x5c, 0xcf,
2209 0x24, 0xf3, 0xb4, 0xac, 0x64, 0xba, 0xdf, 0x4b,
2210 0xc6, 0x96, 0x7d, 0x81, 0x2d, 0x8d, 0x97, 0xf7,
2211 0xc5, 0x68, 0x77, 0x84, 0x32, 0x2b, 0xcc, 0x85,
2212 0x74, 0x96, 0xf0, 0x12, 0x77, 0x61, 0xb9, 0xeb,
2213 0x71, 0xaa, 0x82, 0xcb, 0x1c, 0xdb, 0x89, 0xc8,
2214 0xc6, 0xb5, 0xe3, 0x5c, 0x7d, 0x39, 0x07, 0x24,
2215 0xda, 0x39, 0x87, 0x45, 0xc0, 0x2b, 0xbb, 0x01,
2216 0xac, 0xbc, 0x2a, 0x5c, 0x7f, 0xfc, 0xe8, 0xce,
2217 0x6d, 0x9c, 0x6f, 0xed, 0xd3, 0xc1, 0xa1, 0xd6,
2218 0xc5, 0x55, 0xa9, 0x66, 0x2f, 0xe1, 0xc8, 0x32,
2219 0xa6, 0x5d, 0xa4, 0x3a, 0x98, 0x73, 0xe8, 0x45,
2220 0xa4, 0xc7, 0xa8, 0xb4, 0xf6, 0x13, 0x03, 0xf6,
2221 0xe9, 0x2e, 0xc4, 0x29, 0x0f, 0x84, 0xdb, 0xc4,
2222 0x21, 0xc4, 0xc2, 0x75, 0x67, 0x89, 0x37, 0x0a },
2223 .ilen = 512,
2224 .result = { 0x1a, 0x1d, 0xa9, 0x30, 0xad, 0xf9, 0x2f, 0x9b,
2225 0xb6, 0x1d, 0xae, 0xef, 0xf0, 0x2f, 0xf8, 0x5a,
2226 0x39, 0x3c, 0xbf, 0x2a, 0xb2, 0x45, 0xb2, 0x23,
2227 0x1b, 0x63, 0x3c, 0xcf, 0xaa, 0xbe, 0xcf, 0x4e,
2228 0xfa, 0xe8, 0x29, 0xc2, 0x20, 0x68, 0x2b, 0x3c,
2229 0x2e, 0x8b, 0xf7, 0x6e, 0x25, 0xbd, 0xe3, 0x3d,
2230 0x66, 0x27, 0xd6, 0xaf, 0xd6, 0x64, 0x3e, 0xe3,
2231 0xe8, 0x58, 0x46, 0x97, 0x39, 0x51, 0x07, 0xde,
2232 0xcb, 0x37, 0xbc, 0xa9, 0xc0, 0x5f, 0x75, 0xc3,
2233 0x0e, 0x84, 0x23, 0x1d, 0x16, 0xd4, 0x1c, 0x59,
2234 0x9c, 0x1a, 0x02, 0x55, 0xab, 0x3a, 0x97, 0x1d,
2235 0xdf, 0xdd, 0xc7, 0x06, 0x51, 0xd7, 0x70, 0xae,
2236 0x23, 0xc6, 0x8c, 0xf5, 0x1e, 0xa0, 0xe5, 0x82,
2237 0xb8, 0xb2, 0xbf, 0x04, 0xa0, 0x32, 0x8e, 0x68,
2238 0xeb, 0xaf, 0x6e, 0x2d, 0x94, 0x22, 0x2f, 0xce,
2239 0x4c, 0xb5, 0x59, 0xe2, 0xa2, 0x2f, 0xa0, 0x98,
2240 0x1a, 0x97, 0xc6, 0xd4, 0xb5, 0x00, 0x59, 0xf2,
2241 0x84, 0x14, 0x72, 0xb1, 0x9a, 0x6e, 0xa3, 0x7f,
2242 0xea, 0x20, 0xe7, 0xcb, 0x65, 0x77, 0x3a, 0xdf,
2243 0xc8, 0x97, 0x67, 0x15, 0xc2, 0x2a, 0x27, 0xcc,
2244 0x18, 0x55, 0xa1, 0x24, 0x0b, 0x24, 0x24, 0xaf,
2245 0x5b, 0xec, 0x68, 0xb8, 0xc8, 0xf5, 0xba, 0x63,
2246 0xff, 0xed, 0x89, 0xce, 0xd5, 0x3d, 0x88, 0xf3,
2247 0x25, 0xef, 0x05, 0x7c, 0x3a, 0xef, 0xeb, 0xd8,
2248 0x7a, 0x32, 0x0d, 0xd1, 0x1e, 0x58, 0x59, 0x99,
2249 0x90, 0x25, 0xb5, 0x26, 0xb0, 0xe3, 0x2b, 0x6c,
2250 0x4c, 0xa9, 0x8b, 0x84, 0x4f, 0x5e, 0x01, 0x50,
2251 0x41, 0x30, 0x58, 0xc5, 0x62, 0x74, 0x52, 0x1d,
2252 0x45, 0x24, 0x6a, 0x42, 0x64, 0x4f, 0x97, 0x1c,
2253 0xa8, 0x66, 0xb5, 0x6d, 0x79, 0xd4, 0x0d, 0x48,
2254 0xc5, 0x5f, 0xf3, 0x90, 0x32, 0xdd, 0xdd, 0xe1,
2255 0xe4, 0xa9, 0x9f, 0xfc, 0xc3, 0x52, 0x5a, 0x46,
2256 0xe4, 0x81, 0x84, 0x95, 0x36, 0x59, 0x7a, 0x6b,
2257 0xaa, 0xb3, 0x60, 0xad, 0xce, 0x9f, 0x9f, 0x28,
2258 0xe0, 0x01, 0x75, 0x22, 0xc4, 0x4e, 0xa9, 0x62,
2259 0x5c, 0x62, 0x0d, 0x00, 0xcb, 0x13, 0xe8, 0x43,
2260 0x72, 0xd4, 0x2d, 0x53, 0x46, 0xb5, 0xd1, 0x16,
2261 0x22, 0x18, 0xdf, 0x34, 0x33, 0xf5, 0xd6, 0x1c,
2262 0xb8, 0x79, 0x78, 0x97, 0x94, 0xff, 0x72, 0x13,
2263 0x4c, 0x27, 0xfc, 0xcb, 0xbf, 0x01, 0x53, 0xa6,
2264 0xb4, 0x50, 0x6e, 0xde, 0xdf, 0xb5, 0x43, 0xa4,
2265 0x59, 0xdf, 0x52, 0xf9, 0x7c, 0xe0, 0x11, 0x6f,
2266 0x2d, 0x14, 0x8e, 0x24, 0x61, 0x2c, 0xe1, 0x17,
2267 0xcc, 0xce, 0x51, 0x0c, 0x19, 0x8a, 0x82, 0x30,
2268 0x94, 0xd5, 0x3d, 0x6a, 0x53, 0x06, 0x5e, 0xbd,
2269 0xb7, 0xeb, 0xfa, 0xfd, 0x27, 0x51, 0xde, 0x85,
2270 0x1e, 0x86, 0x53, 0x11, 0x53, 0x94, 0x00, 0xee,
2271 0x2b, 0x8c, 0x08, 0x2a, 0xbf, 0xdd, 0xae, 0x11,
2272 0xcb, 0x1e, 0xa2, 0x07, 0x9a, 0x80, 0xcf, 0x62,
2273 0x9b, 0x09, 0xdc, 0x95, 0x3c, 0x96, 0x8e, 0xb1,
2274 0x09, 0xbd, 0xe4, 0xeb, 0xdb, 0xca, 0x70, 0x7a,
2275 0x9e, 0xfa, 0x31, 0x18, 0x45, 0x3c, 0x21, 0x33,
2276 0xb0, 0xb3, 0x2b, 0xea, 0xf3, 0x71, 0x2d, 0xe1,
2277 0x03, 0xad, 0x1b, 0x48, 0xd4, 0x67, 0x27, 0xf0,
2278 0x62, 0xe4, 0x3d, 0xfb, 0x9b, 0x08, 0x76, 0xe7,
2279 0xdd, 0x2b, 0x01, 0x39, 0x04, 0x5a, 0x58, 0x7a,
2280 0xf7, 0x11, 0x90, 0xec, 0xbd, 0x51, 0x5c, 0x32,
2281 0x6b, 0xd7, 0x35, 0x39, 0x02, 0x6b, 0xf2, 0xa6,
2282 0xd0, 0x0d, 0x07, 0xe1, 0x06, 0xc4, 0x5b, 0x7d,
2283 0xe4, 0x6a, 0xd7, 0xee, 0x15, 0x1f, 0x83, 0xb4,
2284 0xa3, 0xa7, 0x5e, 0xc3, 0x90, 0xb7, 0xef, 0xd3,
2285 0xb7, 0x4f, 0xf8, 0x92, 0x4c, 0xb7, 0x3c, 0x29,
2286 0xcd, 0x7e, 0x2b, 0x5d, 0x43, 0xea, 0x42, 0xe7,
2287 0x74, 0x3f, 0x7d, 0x58, 0x88, 0x75, 0xde, 0x3e },
2288 .rlen = 512,
2289 }
2290};
2291
2292static struct cipher_testvec aes_lrw_dec_tv_template[] = {
2293 /* from http://grouper.ieee.org/groups/1619/email/pdf00017.pdf */
2294 /* same as enc vectors with input and result reversed */
2295 { /* LRW-32-AES 1 */
2296 .key = { 0x45, 0x62, 0xac, 0x25, 0xf8, 0x28, 0x17, 0x6d,
2297 0x4c, 0x26, 0x84, 0x14, 0xb5, 0x68, 0x01, 0x85,
2298 0x25, 0x8e, 0x2a, 0x05, 0xe7, 0x3e, 0x9d, 0x03,
2299 0xee, 0x5a, 0x83, 0x0c, 0xcc, 0x09, 0x4c, 0x87 },
2300 .klen = 32,
2301 .iv = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2302 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 },
2303 .input = { 0xf1, 0xb2, 0x73, 0xcd, 0x65, 0xa3, 0xdf, 0x5f,
2304 0xe9, 0x5d, 0x48, 0x92, 0x54, 0x63, 0x4e, 0xb8 },
2305 .ilen = 16,
2306 .result = { 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
2307 0x38, 0x39, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46 },
2308 .rlen = 16,
2309 }, { /* LRW-32-AES 2 */
2310 .key = { 0x59, 0x70, 0x47, 0x14, 0xf5, 0x57, 0x47, 0x8c,
2311 0xd7, 0x79, 0xe8, 0x0f, 0x54, 0x88, 0x79, 0x44,
2312 0x0d, 0x48, 0xf0, 0xb7, 0xb1, 0x5a, 0x53, 0xea,
2313 0x1c, 0xaa, 0x6b, 0x29, 0xc2, 0xca, 0xfb, 0xaf
2314 },
2315 .klen = 32,
2316 .iv = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2317 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02 },
2318 .input = { 0x00, 0xc8, 0x2b, 0xae, 0x95, 0xbb, 0xcd, 0xe5,
2319 0x27, 0x4f, 0x07, 0x69, 0xb2, 0x60, 0xe1, 0x36 },
2320 .ilen = 16,
2321 .result = { 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
2322 0x38, 0x39, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46 },
2323 .rlen = 16,
2324 }, { /* LRW-32-AES 3 */
2325 .key = { 0xd8, 0x2a, 0x91, 0x34, 0xb2, 0x6a, 0x56, 0x50,
2326 0x30, 0xfe, 0x69, 0xe2, 0x37, 0x7f, 0x98, 0x47,
2327 0xcd, 0xf9, 0x0b, 0x16, 0x0c, 0x64, 0x8f, 0xb6,
2328 0xb0, 0x0d, 0x0d, 0x1b, 0xae, 0x85, 0x87, 0x1f },
2329 .klen = 32,
2330 .iv = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2331 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00 },
2332 .input = { 0x76, 0x32, 0x21, 0x83, 0xed, 0x8f, 0xf1, 0x82,
2333 0xf9, 0x59, 0x62, 0x03, 0x69, 0x0e, 0x5e, 0x01 },
2334 .ilen = 16,
2335 .result = { 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
2336 0x38, 0x39, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46 },
2337 .rlen = 16,
2338 }, { /* LRW-32-AES 4 */
2339 .key = { 0x0f, 0x6a, 0xef, 0xf8, 0xd3, 0xd2, 0xbb, 0x15,
2340 0x25, 0x83, 0xf7, 0x3c, 0x1f, 0x01, 0x28, 0x74,
2341 0xca, 0xc6, 0xbc, 0x35, 0x4d, 0x4a, 0x65, 0x54,
2342 0x90, 0xae, 0x61, 0xcf, 0x7b, 0xae, 0xbd, 0xcc,
2343 0xad, 0xe4, 0x94, 0xc5, 0x4a, 0x29, 0xae, 0x70 },
2344 .klen = 40,
2345 .iv = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2346 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 },
2347 .input = { 0x9c, 0x0f, 0x15, 0x2f, 0x55, 0xa2, 0xd8, 0xf0,
2348 0xd6, 0x7b, 0x8f, 0x9e, 0x28, 0x22, 0xbc, 0x41 },
2349 .ilen = 16,
2350 .result = { 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
2351 0x38, 0x39, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46 },
2352 .rlen = 16,
2353 }, { /* LRW-32-AES 5 */
2354 .key = { 0x8a, 0xd4, 0xee, 0x10, 0x2f, 0xbd, 0x81, 0xff,
2355 0xf8, 0x86, 0xce, 0xac, 0x93, 0xc5, 0xad, 0xc6,
2356 0xa0, 0x19, 0x07, 0xc0, 0x9d, 0xf7, 0xbb, 0xdd,
2357 0x52, 0x13, 0xb2, 0xb7, 0xf0, 0xff, 0x11, 0xd8,
2358 0xd6, 0x08, 0xd0, 0xcd, 0x2e, 0xb1, 0x17, 0x6f },
2359 .klen = 40,
2360 .iv = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2361 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00 },
2362 .input = { 0xd4, 0x27, 0x6a, 0x7f, 0x14, 0x91, 0x3d, 0x65,
2363 0xc8, 0x60, 0x48, 0x02, 0x87, 0xe3, 0x34, 0x06 },
2364 .ilen = 16,
2365 .result = { 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
2366 0x38, 0x39, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46 },
2367 .rlen = 16,
2368 }, { /* LRW-32-AES 6 */
2369 .key = { 0xf8, 0xd4, 0x76, 0xff, 0xd6, 0x46, 0xee, 0x6c,
2370 0x23, 0x84, 0xcb, 0x1c, 0x77, 0xd6, 0x19, 0x5d,
2371 0xfe, 0xf1, 0xa9, 0xf3, 0x7b, 0xbc, 0x8d, 0x21,
2372 0xa7, 0x9c, 0x21, 0xf8, 0xcb, 0x90, 0x02, 0x89,
2373 0xa8, 0x45, 0x34, 0x8e, 0xc8, 0xc5, 0xb5, 0xf1,
2374 0x26, 0xf5, 0x0e, 0x76, 0xfe, 0xfd, 0x1b, 0x1e },
2375 .klen = 48,
2376 .iv = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2377 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 },
2378 .input = { 0xbd, 0x06, 0xb8, 0xe1, 0xdb, 0x98, 0x89, 0x9e,
2379 0xc4, 0x98, 0xe4, 0x91, 0xcf, 0x1c, 0x70, 0x2b },
2380 .ilen = 16,
2381 .result = { 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
2382 0x38, 0x39, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46 },
2383 .rlen = 16,
2384 }, { /* LRW-32-AES 7 */
2385 .key = { 0xfb, 0x76, 0x15, 0xb2, 0x3d, 0x80, 0x89, 0x1d,
2386 0xd4, 0x70, 0x98, 0x0b, 0xc7, 0x95, 0x84, 0xc8,
2387 0xb2, 0xfb, 0x64, 0xce, 0x60, 0x97, 0x87, 0x8d,
2388 0x17, 0xfc, 0xe4, 0x5a, 0x49, 0xe8, 0x30, 0xb7,
2389 0x6e, 0x78, 0x17, 0xe7, 0x2d, 0x5e, 0x12, 0xd4,
2390 0x60, 0x64, 0x04, 0x7a, 0xf1, 0x2f, 0x9e, 0x0c },
2391 .klen = 48,
2392 .iv = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2393 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00 },
2394 .input = { 0x5b, 0x90, 0x8e, 0xc1, 0xab, 0xdd, 0x67, 0x5f,
2395 0x3d, 0x69, 0x8a, 0x95, 0x53, 0xc8, 0x9c, 0xe5 },
2396 .ilen = 16,
2397 .result = { 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
2398 0x38, 0x39, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46 },
2399 .rlen = 16,
2400 }, {
2401/* http://www.mail-archive.com/stds-p1619@listserv.ieee.org/msg00173.html */
2402 .key = { 0xf8, 0xd4, 0x76, 0xff, 0xd6, 0x46, 0xee, 0x6c,
2403 0x23, 0x84, 0xcb, 0x1c, 0x77, 0xd6, 0x19, 0x5d,
2404 0xfe, 0xf1, 0xa9, 0xf3, 0x7b, 0xbc, 0x8d, 0x21,
2405 0xa7, 0x9c, 0x21, 0xf8, 0xcb, 0x90, 0x02, 0x89,
2406 0xa8, 0x45, 0x34, 0x8e, 0xc8, 0xc5, 0xb5, 0xf1,
2407 0x26, 0xf5, 0x0e, 0x76, 0xfe, 0xfd, 0x1b, 0x1e },
2408 .klen = 48,
2409 .iv = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2410 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 },
2411 .input = { 0x1a, 0x1d, 0xa9, 0x30, 0xad, 0xf9, 0x2f, 0x9b,
2412 0xb6, 0x1d, 0xae, 0xef, 0xf0, 0x2f, 0xf8, 0x5a,
2413 0x39, 0x3c, 0xbf, 0x2a, 0xb2, 0x45, 0xb2, 0x23,
2414 0x1b, 0x63, 0x3c, 0xcf, 0xaa, 0xbe, 0xcf, 0x4e,
2415 0xfa, 0xe8, 0x29, 0xc2, 0x20, 0x68, 0x2b, 0x3c,
2416 0x2e, 0x8b, 0xf7, 0x6e, 0x25, 0xbd, 0xe3, 0x3d,
2417 0x66, 0x27, 0xd6, 0xaf, 0xd6, 0x64, 0x3e, 0xe3,
2418 0xe8, 0x58, 0x46, 0x97, 0x39, 0x51, 0x07, 0xde,
2419 0xcb, 0x37, 0xbc, 0xa9, 0xc0, 0x5f, 0x75, 0xc3,
2420 0x0e, 0x84, 0x23, 0x1d, 0x16, 0xd4, 0x1c, 0x59,
2421 0x9c, 0x1a, 0x02, 0x55, 0xab, 0x3a, 0x97, 0x1d,
2422 0xdf, 0xdd, 0xc7, 0x06, 0x51, 0xd7, 0x70, 0xae,
2423 0x23, 0xc6, 0x8c, 0xf5, 0x1e, 0xa0, 0xe5, 0x82,
2424 0xb8, 0xb2, 0xbf, 0x04, 0xa0, 0x32, 0x8e, 0x68,
2425 0xeb, 0xaf, 0x6e, 0x2d, 0x94, 0x22, 0x2f, 0xce,
2426 0x4c, 0xb5, 0x59, 0xe2, 0xa2, 0x2f, 0xa0, 0x98,
2427 0x1a, 0x97, 0xc6, 0xd4, 0xb5, 0x00, 0x59, 0xf2,
2428 0x84, 0x14, 0x72, 0xb1, 0x9a, 0x6e, 0xa3, 0x7f,
2429 0xea, 0x20, 0xe7, 0xcb, 0x65, 0x77, 0x3a, 0xdf,
2430 0xc8, 0x97, 0x67, 0x15, 0xc2, 0x2a, 0x27, 0xcc,
2431 0x18, 0x55, 0xa1, 0x24, 0x0b, 0x24, 0x24, 0xaf,
2432 0x5b, 0xec, 0x68, 0xb8, 0xc8, 0xf5, 0xba, 0x63,
2433 0xff, 0xed, 0x89, 0xce, 0xd5, 0x3d, 0x88, 0xf3,
2434 0x25, 0xef, 0x05, 0x7c, 0x3a, 0xef, 0xeb, 0xd8,
2435 0x7a, 0x32, 0x0d, 0xd1, 0x1e, 0x58, 0x59, 0x99,
2436 0x90, 0x25, 0xb5, 0x26, 0xb0, 0xe3, 0x2b, 0x6c,
2437 0x4c, 0xa9, 0x8b, 0x84, 0x4f, 0x5e, 0x01, 0x50,
2438 0x41, 0x30, 0x58, 0xc5, 0x62, 0x74, 0x52, 0x1d,
2439 0x45, 0x24, 0x6a, 0x42, 0x64, 0x4f, 0x97, 0x1c,
2440 0xa8, 0x66, 0xb5, 0x6d, 0x79, 0xd4, 0x0d, 0x48,
2441 0xc5, 0x5f, 0xf3, 0x90, 0x32, 0xdd, 0xdd, 0xe1,
2442 0xe4, 0xa9, 0x9f, 0xfc, 0xc3, 0x52, 0x5a, 0x46,
2443 0xe4, 0x81, 0x84, 0x95, 0x36, 0x59, 0x7a, 0x6b,
2444 0xaa, 0xb3, 0x60, 0xad, 0xce, 0x9f, 0x9f, 0x28,
2445 0xe0, 0x01, 0x75, 0x22, 0xc4, 0x4e, 0xa9, 0x62,
2446 0x5c, 0x62, 0x0d, 0x00, 0xcb, 0x13, 0xe8, 0x43,
2447 0x72, 0xd4, 0x2d, 0x53, 0x46, 0xb5, 0xd1, 0x16,
2448 0x22, 0x18, 0xdf, 0x34, 0x33, 0xf5, 0xd6, 0x1c,
2449 0xb8, 0x79, 0x78, 0x97, 0x94, 0xff, 0x72, 0x13,
2450 0x4c, 0x27, 0xfc, 0xcb, 0xbf, 0x01, 0x53, 0xa6,
2451 0xb4, 0x50, 0x6e, 0xde, 0xdf, 0xb5, 0x43, 0xa4,
2452 0x59, 0xdf, 0x52, 0xf9, 0x7c, 0xe0, 0x11, 0x6f,
2453 0x2d, 0x14, 0x8e, 0x24, 0x61, 0x2c, 0xe1, 0x17,
2454 0xcc, 0xce, 0x51, 0x0c, 0x19, 0x8a, 0x82, 0x30,
2455 0x94, 0xd5, 0x3d, 0x6a, 0x53, 0x06, 0x5e, 0xbd,
2456 0xb7, 0xeb, 0xfa, 0xfd, 0x27, 0x51, 0xde, 0x85,
2457 0x1e, 0x86, 0x53, 0x11, 0x53, 0x94, 0x00, 0xee,
2458 0x2b, 0x8c, 0x08, 0x2a, 0xbf, 0xdd, 0xae, 0x11,
2459 0xcb, 0x1e, 0xa2, 0x07, 0x9a, 0x80, 0xcf, 0x62,
2460 0x9b, 0x09, 0xdc, 0x95, 0x3c, 0x96, 0x8e, 0xb1,
2461 0x09, 0xbd, 0xe4, 0xeb, 0xdb, 0xca, 0x70, 0x7a,
2462 0x9e, 0xfa, 0x31, 0x18, 0x45, 0x3c, 0x21, 0x33,
2463 0xb0, 0xb3, 0x2b, 0xea, 0xf3, 0x71, 0x2d, 0xe1,
2464 0x03, 0xad, 0x1b, 0x48, 0xd4, 0x67, 0x27, 0xf0,
2465 0x62, 0xe4, 0x3d, 0xfb, 0x9b, 0x08, 0x76, 0xe7,
2466 0xdd, 0x2b, 0x01, 0x39, 0x04, 0x5a, 0x58, 0x7a,
2467 0xf7, 0x11, 0x90, 0xec, 0xbd, 0x51, 0x5c, 0x32,
2468 0x6b, 0xd7, 0x35, 0x39, 0x02, 0x6b, 0xf2, 0xa6,
2469 0xd0, 0x0d, 0x07, 0xe1, 0x06, 0xc4, 0x5b, 0x7d,
2470 0xe4, 0x6a, 0xd7, 0xee, 0x15, 0x1f, 0x83, 0xb4,
2471 0xa3, 0xa7, 0x5e, 0xc3, 0x90, 0xb7, 0xef, 0xd3,
2472 0xb7, 0x4f, 0xf8, 0x92, 0x4c, 0xb7, 0x3c, 0x29,
2473 0xcd, 0x7e, 0x2b, 0x5d, 0x43, 0xea, 0x42, 0xe7,
2474 0x74, 0x3f, 0x7d, 0x58, 0x88, 0x75, 0xde, 0x3e },
2475 .ilen = 512,
2476 .result = { 0x05, 0x11, 0xb7, 0x18, 0xab, 0xc6, 0x2d, 0xac,
2477 0x70, 0x5d, 0xf6, 0x22, 0x94, 0xcd, 0xe5, 0x6c,
2478 0x17, 0x6b, 0xf6, 0x1c, 0xf0, 0xf3, 0x6e, 0xf8,
2479 0x50, 0x38, 0x1f, 0x71, 0x49, 0xb6, 0x57, 0xd6,
2480 0x8f, 0xcb, 0x8d, 0x6b, 0xe3, 0xa6, 0x29, 0x90,
2481 0xfe, 0x2a, 0x62, 0x82, 0xae, 0x6d, 0x8b, 0xf6,
2482 0xad, 0x1e, 0x9e, 0x20, 0x5f, 0x38, 0xbe, 0x04,
2483 0xda, 0x10, 0x8e, 0xed, 0xa2, 0xa4, 0x87, 0xab,
2484 0xda, 0x6b, 0xb4, 0x0c, 0x75, 0xba, 0xd3, 0x7c,
2485 0xc9, 0xac, 0x42, 0x31, 0x95, 0x7c, 0xc9, 0x04,
2486 0xeb, 0xd5, 0x6e, 0x32, 0x69, 0x8a, 0xdb, 0xa6,
2487 0x15, 0xd7, 0x3f, 0x4f, 0x2f, 0x66, 0x69, 0x03,
2488 0x9c, 0x1f, 0x54, 0x0f, 0xde, 0x1f, 0xf3, 0x65,
2489 0x4c, 0x96, 0x12, 0xed, 0x7c, 0x92, 0x03, 0x01,
2490 0x6f, 0xbc, 0x35, 0x93, 0xac, 0xf1, 0x27, 0xf1,
2491 0xb4, 0x96, 0x82, 0x5a, 0x5f, 0xb0, 0xa0, 0x50,
2492 0x89, 0xa4, 0x8e, 0x66, 0x44, 0x85, 0xcc, 0xfd,
2493 0x33, 0x14, 0x70, 0xe3, 0x96, 0xb2, 0xc3, 0xd3,
2494 0xbb, 0x54, 0x5a, 0x1a, 0xf9, 0x74, 0xa2, 0xc5,
2495 0x2d, 0x64, 0x75, 0xdd, 0xb4, 0x54, 0xe6, 0x74,
2496 0x8c, 0xd3, 0x9d, 0x9e, 0x86, 0xab, 0x51, 0x53,
2497 0xb7, 0x93, 0x3e, 0x6f, 0xd0, 0x4e, 0x2c, 0x40,
2498 0xf6, 0xa8, 0x2e, 0x3e, 0x9d, 0xf4, 0x66, 0xa5,
2499 0x76, 0x12, 0x73, 0x44, 0x1a, 0x56, 0xd7, 0x72,
2500 0x88, 0xcd, 0x21, 0x8c, 0x4c, 0x0f, 0xfe, 0xda,
2501 0x95, 0xe0, 0x3a, 0xa6, 0xa5, 0x84, 0x46, 0xcd,
2502 0xd5, 0x3e, 0x9d, 0x3a, 0xe2, 0x67, 0xe6, 0x60,
2503 0x1a, 0xe2, 0x70, 0x85, 0x58, 0xc2, 0x1b, 0x09,
2504 0xe1, 0xd7, 0x2c, 0xca, 0xad, 0xa8, 0x8f, 0xf9,
2505 0xac, 0xb3, 0x0e, 0xdb, 0xca, 0x2e, 0xe2, 0xb8,
2506 0x51, 0x71, 0xd9, 0x3c, 0x6c, 0xf1, 0x56, 0xf8,
2507 0xea, 0x9c, 0xf1, 0xfb, 0x0c, 0xe6, 0xb7, 0x10,
2508 0x1c, 0xf8, 0xa9, 0x7c, 0xe8, 0x53, 0x35, 0xc1,
2509 0x90, 0x3e, 0x76, 0x4a, 0x74, 0xa4, 0x21, 0x2c,
2510 0xf6, 0x2c, 0x4e, 0x0f, 0x94, 0x3a, 0x88, 0x2e,
2511 0x41, 0x09, 0x6a, 0x33, 0x7d, 0xf6, 0xdd, 0x3f,
2512 0x8d, 0x23, 0x31, 0x74, 0x84, 0xeb, 0x88, 0x6e,
2513 0xcc, 0xb9, 0xbc, 0x22, 0x83, 0x19, 0x07, 0x22,
2514 0xa5, 0x2d, 0xdf, 0xa5, 0xf3, 0x80, 0x85, 0x78,
2515 0x84, 0x39, 0x6a, 0x6d, 0x6a, 0x99, 0x4f, 0xa5,
2516 0x15, 0xfe, 0x46, 0xb0, 0xe4, 0x6c, 0xa5, 0x41,
2517 0x3c, 0xce, 0x8f, 0x42, 0x60, 0x71, 0xa7, 0x75,
2518 0x08, 0x40, 0x65, 0x8a, 0x82, 0xbf, 0xf5, 0x43,
2519 0x71, 0x96, 0xa9, 0x4d, 0x44, 0x8a, 0x20, 0xbe,
2520 0xfa, 0x4d, 0xbb, 0xc0, 0x7d, 0x31, 0x96, 0x65,
2521 0xe7, 0x75, 0xe5, 0x3e, 0xfd, 0x92, 0x3b, 0xc9,
2522 0x55, 0xbb, 0x16, 0x7e, 0xf7, 0xc2, 0x8c, 0xa4,
2523 0x40, 0x1d, 0xe5, 0xef, 0x0e, 0xdf, 0xe4, 0x9a,
2524 0x62, 0x73, 0x65, 0xfd, 0x46, 0x63, 0x25, 0x3d,
2525 0x2b, 0xaf, 0xe5, 0x64, 0xfe, 0xa5, 0x5c, 0xcf,
2526 0x24, 0xf3, 0xb4, 0xac, 0x64, 0xba, 0xdf, 0x4b,
2527 0xc6, 0x96, 0x7d, 0x81, 0x2d, 0x8d, 0x97, 0xf7,
2528 0xc5, 0x68, 0x77, 0x84, 0x32, 0x2b, 0xcc, 0x85,
2529 0x74, 0x96, 0xf0, 0x12, 0x77, 0x61, 0xb9, 0xeb,
2530 0x71, 0xaa, 0x82, 0xcb, 0x1c, 0xdb, 0x89, 0xc8,
2531 0xc6, 0xb5, 0xe3, 0x5c, 0x7d, 0x39, 0x07, 0x24,
2532 0xda, 0x39, 0x87, 0x45, 0xc0, 0x2b, 0xbb, 0x01,
2533 0xac, 0xbc, 0x2a, 0x5c, 0x7f, 0xfc, 0xe8, 0xce,
2534 0x6d, 0x9c, 0x6f, 0xed, 0xd3, 0xc1, 0xa1, 0xd6,
2535 0xc5, 0x55, 0xa9, 0x66, 0x2f, 0xe1, 0xc8, 0x32,
2536 0xa6, 0x5d, 0xa4, 0x3a, 0x98, 0x73, 0xe8, 0x45,
2537 0xa4, 0xc7, 0xa8, 0xb4, 0xf6, 0x13, 0x03, 0xf6,
2538 0xe9, 0x2e, 0xc4, 0x29, 0x0f, 0x84, 0xdb, 0xc4,
2539 0x21, 0xc4, 0xc2, 0x75, 0x67, 0x89, 0x37, 0x0a },
2540 .rlen = 512,
2541 }
2542};
2543
1971/* Cast5 test vectors from RFC 2144 */ 2544/* Cast5 test vectors from RFC 2144 */
1972#define CAST5_ENC_TEST_VECTORS 3 2545#define CAST5_ENC_TEST_VECTORS 3
1973#define CAST5_DEC_TEST_VECTORS 3 2546#define CAST5_DEC_TEST_VECTORS 3
@@ -3084,6 +3657,27 @@ static struct cipher_speed aes_speed_template[] = {
3084 { .klen = 0, .blen = 0, } 3657 { .klen = 0, .blen = 0, }
3085}; 3658};
3086 3659
3660static struct cipher_speed aes_lrw_speed_template[] = {
3661 { .klen = 32, .blen = 16, },
3662 { .klen = 32, .blen = 64, },
3663 { .klen = 32, .blen = 256, },
3664 { .klen = 32, .blen = 1024, },
3665 { .klen = 32, .blen = 8192, },
3666 { .klen = 40, .blen = 16, },
3667 { .klen = 40, .blen = 64, },
3668 { .klen = 40, .blen = 256, },
3669 { .klen = 40, .blen = 1024, },
3670 { .klen = 40, .blen = 8192, },
3671 { .klen = 48, .blen = 16, },
3672 { .klen = 48, .blen = 64, },
3673 { .klen = 48, .blen = 256, },
3674 { .klen = 48, .blen = 1024, },
3675 { .klen = 48, .blen = 8192, },
3676
3677 /* End marker */
3678 { .klen = 0, .blen = 0, }
3679};
3680
3087static struct cipher_speed des3_ede_speed_template[] = { 3681static struct cipher_speed des3_ede_speed_template[] = {
3088 { .klen = 24, .blen = 16, }, 3682 { .klen = 24, .blen = 16, },
3089 { .klen = 24, .blen = 64, }, 3683 { .klen = 24, .blen = 64, },
diff --git a/crypto/xcbc.c b/crypto/xcbc.c
new file mode 100644
index 000000000000..9347eb6bcf69
--- /dev/null
+++ b/crypto/xcbc.c
@@ -0,0 +1,348 @@
1/*
2 * Copyright (C)2006 USAGI/WIDE Project
3 *
4 * This program is free software; you can redistribute it and/or modify
5 * it under the terms of the GNU General Public License as published by
6 * the Free Software Foundation; either version 2 of the License, or
7 * (at your option) any later version.
8 *
9 * This program is distributed in the hope that it will be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 * GNU General Public License for more details.
13 *
14 * You should have received a copy of the GNU General Public License
15 * along with this program; if not, write to the Free Software
16 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
17 *
18 * Author:
19 * Kazunori Miyazawa <miyazawa@linux-ipv6.org>
20 */
21
22#include <linux/crypto.h>
23#include <linux/err.h>
24#include <linux/kernel.h>
25#include <linux/mm.h>
26#include <linux/rtnetlink.h>
27#include <linux/slab.h>
28#include <linux/scatterlist.h>
29#include "internal.h"
30
31static u_int32_t ks[12] = {0x01010101, 0x01010101, 0x01010101, 0x01010101,
32 0x02020202, 0x02020202, 0x02020202, 0x02020202,
33 0x03030303, 0x03030303, 0x03030303, 0x03030303};
34/*
35 * +------------------------
36 * | <parent tfm>
37 * +------------------------
38 * | crypto_xcbc_ctx
39 * +------------------------
40 * | odds (block size)
41 * +------------------------
42 * | prev (block size)
43 * +------------------------
44 * | key (block size)
45 * +------------------------
46 * | consts (block size * 3)
47 * +------------------------
48 */
49struct crypto_xcbc_ctx {
50 struct crypto_tfm *child;
51 u8 *odds;
52 u8 *prev;
53 u8 *key;
54 u8 *consts;
55 void (*xor)(u8 *a, const u8 *b, unsigned int bs);
56 unsigned int keylen;
57 unsigned int len;
58};
59
60static void xor_128(u8 *a, const u8 *b, unsigned int bs)
61{
62 ((u32 *)a)[0] ^= ((u32 *)b)[0];
63 ((u32 *)a)[1] ^= ((u32 *)b)[1];
64 ((u32 *)a)[2] ^= ((u32 *)b)[2];
65 ((u32 *)a)[3] ^= ((u32 *)b)[3];
66}
67
68static int _crypto_xcbc_digest_setkey(struct crypto_hash *parent,
69 struct crypto_xcbc_ctx *ctx)
70{
71 int bs = crypto_hash_blocksize(parent);
72 int err = 0;
73 u8 key1[bs];
74
75 if ((err = crypto_cipher_setkey(ctx->child, ctx->key, ctx->keylen)))
76 return err;
77
78 ctx->child->__crt_alg->cra_cipher.cia_encrypt(ctx->child, key1,
79 ctx->consts);
80
81 return crypto_cipher_setkey(ctx->child, key1, bs);
82}
83
84static int crypto_xcbc_digest_setkey(struct crypto_hash *parent,
85 const u8 *inkey, unsigned int keylen)
86{
87 struct crypto_xcbc_ctx *ctx = crypto_hash_ctx_aligned(parent);
88
89 if (keylen != crypto_tfm_alg_blocksize(ctx->child))
90 return -EINVAL;
91
92 ctx->keylen = keylen;
93 memcpy(ctx->key, inkey, keylen);
94 ctx->consts = (u8*)ks;
95
96 return _crypto_xcbc_digest_setkey(parent, ctx);
97}
98
99static int crypto_xcbc_digest_init(struct hash_desc *pdesc)
100{
101 struct crypto_xcbc_ctx *ctx = crypto_hash_ctx_aligned(pdesc->tfm);
102 int bs = crypto_hash_blocksize(pdesc->tfm);
103
104 ctx->len = 0;
105 memset(ctx->odds, 0, bs);
106 memset(ctx->prev, 0, bs);
107
108 return 0;
109}
110
111static int crypto_xcbc_digest_update(struct hash_desc *pdesc,
112 struct scatterlist *sg,
113 unsigned int nbytes)
114{
115 struct crypto_hash *parent = pdesc->tfm;
116 struct crypto_xcbc_ctx *ctx = crypto_hash_ctx_aligned(parent);
117 struct crypto_tfm *tfm = ctx->child;
118 int bs = crypto_hash_blocksize(parent);
119 unsigned int i = 0;
120
121 do {
122
123 struct page *pg = sg[i].page;
124 unsigned int offset = sg[i].offset;
125 unsigned int slen = sg[i].length;
126
127 while (slen > 0) {
128 unsigned int len = min(slen, ((unsigned int)(PAGE_SIZE)) - offset);
129 char *p = crypto_kmap(pg, 0) + offset;
130
131 /* checking the data can fill the block */
132 if ((ctx->len + len) <= bs) {
133 memcpy(ctx->odds + ctx->len, p, len);
134 ctx->len += len;
135 slen -= len;
136
137 /* checking the rest of the page */
138 if (len + offset >= PAGE_SIZE) {
139 offset = 0;
140 pg++;
141 } else
142 offset += len;
143
144 crypto_kunmap(p, 0);
145 crypto_yield(tfm->crt_flags);
146 continue;
147 }
148
149 /* filling odds with new data and encrypting it */
150 memcpy(ctx->odds + ctx->len, p, bs - ctx->len);
151 len -= bs - ctx->len;
152 p += bs - ctx->len;
153
154 ctx->xor(ctx->prev, ctx->odds, bs);
155 tfm->__crt_alg->cra_cipher.cia_encrypt(tfm, ctx->prev, ctx->prev);
156
157 /* clearing the length */
158 ctx->len = 0;
159
160 /* encrypting the rest of data */
161 while (len > bs) {
162 ctx->xor(ctx->prev, p, bs);
163 tfm->__crt_alg->cra_cipher.cia_encrypt(tfm, ctx->prev, ctx->prev);
164 p += bs;
165 len -= bs;
166 }
167
168 /* keeping the surplus of blocksize */
169 if (len) {
170 memcpy(ctx->odds, p, len);
171 ctx->len = len;
172 }
173 crypto_kunmap(p, 0);
174 crypto_yield(tfm->crt_flags);
175 slen -= min(slen, ((unsigned int)(PAGE_SIZE)) - offset);
176 offset = 0;
177 pg++;
178 }
179 nbytes-=sg[i].length;
180 i++;
181 } while (nbytes>0);
182
183 return 0;
184}
185
186static int crypto_xcbc_digest_final(struct hash_desc *pdesc, u8 *out)
187{
188 struct crypto_hash *parent = pdesc->tfm;
189 struct crypto_xcbc_ctx *ctx = crypto_hash_ctx_aligned(parent);
190 struct crypto_tfm *tfm = ctx->child;
191 int bs = crypto_hash_blocksize(parent);
192 int err = 0;
193
194 if (ctx->len == bs) {
195 u8 key2[bs];
196
197 if ((err = crypto_cipher_setkey(tfm, ctx->key, ctx->keylen)) != 0)
198 return err;
199
200 tfm->__crt_alg->cra_cipher.cia_encrypt(tfm, key2, (const u8*)(ctx->consts+bs));
201
202 ctx->xor(ctx->prev, ctx->odds, bs);
203 ctx->xor(ctx->prev, key2, bs);
204 _crypto_xcbc_digest_setkey(parent, ctx);
205
206 tfm->__crt_alg->cra_cipher.cia_encrypt(tfm, out, ctx->prev);
207 } else {
208 u8 key3[bs];
209 unsigned int rlen;
210 u8 *p = ctx->odds + ctx->len;
211 *p = 0x80;
212 p++;
213
214 rlen = bs - ctx->len -1;
215 if (rlen)
216 memset(p, 0, rlen);
217
218 if ((err = crypto_cipher_setkey(tfm, ctx->key, ctx->keylen)) != 0)
219 return err;
220
221 tfm->__crt_alg->cra_cipher.cia_encrypt(tfm, key3, (const u8*)(ctx->consts+bs*2));
222
223 ctx->xor(ctx->prev, ctx->odds, bs);
224 ctx->xor(ctx->prev, key3, bs);
225
226 _crypto_xcbc_digest_setkey(parent, ctx);
227
228 tfm->__crt_alg->cra_cipher.cia_encrypt(tfm, out, ctx->prev);
229 }
230
231 return 0;
232}
233
234static int crypto_xcbc_digest(struct hash_desc *pdesc,
235 struct scatterlist *sg, unsigned int nbytes, u8 *out)
236{
237 crypto_xcbc_digest_init(pdesc);
238 crypto_xcbc_digest_update(pdesc, sg, nbytes);
239 return crypto_xcbc_digest_final(pdesc, out);
240}
241
242static int xcbc_init_tfm(struct crypto_tfm *tfm)
243{
244 struct crypto_instance *inst = (void *)tfm->__crt_alg;
245 struct crypto_spawn *spawn = crypto_instance_ctx(inst);
246 struct crypto_xcbc_ctx *ctx = crypto_hash_ctx_aligned(__crypto_hash_cast(tfm));
247 int bs = crypto_hash_blocksize(__crypto_hash_cast(tfm));
248
249 tfm = crypto_spawn_tfm(spawn);
250 if (IS_ERR(tfm))
251 return PTR_ERR(tfm);
252
253 switch(bs) {
254 case 16:
255 ctx->xor = xor_128;
256 break;
257 default:
258 return -EINVAL;
259 }
260
261 ctx->child = crypto_cipher_cast(tfm);
262 ctx->odds = (u8*)(ctx+1);
263 ctx->prev = ctx->odds + bs;
264 ctx->key = ctx->prev + bs;
265
266 return 0;
267};
268
269static void xcbc_exit_tfm(struct crypto_tfm *tfm)
270{
271 struct crypto_xcbc_ctx *ctx = crypto_hash_ctx_aligned(__crypto_hash_cast(tfm));
272 crypto_free_cipher(ctx->child);
273}
274
275static struct crypto_instance *xcbc_alloc(void *param, unsigned int len)
276{
277 struct crypto_instance *inst;
278 struct crypto_alg *alg;
279 alg = crypto_get_attr_alg(param, len, CRYPTO_ALG_TYPE_CIPHER,
280 CRYPTO_ALG_TYPE_HASH_MASK | CRYPTO_ALG_ASYNC);
281 if (IS_ERR(alg))
282 return ERR_PTR(PTR_ERR(alg));
283
284 switch(alg->cra_blocksize) {
285 case 16:
286 break;
287 default:
288 return ERR_PTR(PTR_ERR(alg));
289 }
290
291 inst = crypto_alloc_instance("xcbc", alg);
292 if (IS_ERR(inst))
293 goto out_put_alg;
294
295 inst->alg.cra_flags = CRYPTO_ALG_TYPE_HASH;
296 inst->alg.cra_priority = alg->cra_priority;
297 inst->alg.cra_blocksize = alg->cra_blocksize;
298 inst->alg.cra_alignmask = alg->cra_alignmask;
299 inst->alg.cra_type = &crypto_hash_type;
300
301 inst->alg.cra_hash.digestsize =
302 (alg->cra_flags & CRYPTO_ALG_TYPE_MASK) ==
303 CRYPTO_ALG_TYPE_HASH ? alg->cra_hash.digestsize :
304 alg->cra_blocksize;
305 inst->alg.cra_ctxsize = sizeof(struct crypto_xcbc_ctx) +
306 ALIGN(inst->alg.cra_blocksize * 3, sizeof(void *));
307 inst->alg.cra_init = xcbc_init_tfm;
308 inst->alg.cra_exit = xcbc_exit_tfm;
309
310 inst->alg.cra_hash.init = crypto_xcbc_digest_init;
311 inst->alg.cra_hash.update = crypto_xcbc_digest_update;
312 inst->alg.cra_hash.final = crypto_xcbc_digest_final;
313 inst->alg.cra_hash.digest = crypto_xcbc_digest;
314 inst->alg.cra_hash.setkey = crypto_xcbc_digest_setkey;
315
316out_put_alg:
317 crypto_mod_put(alg);
318 return inst;
319}
320
321static void xcbc_free(struct crypto_instance *inst)
322{
323 crypto_drop_spawn(crypto_instance_ctx(inst));
324 kfree(inst);
325}
326
327static struct crypto_template crypto_xcbc_tmpl = {
328 .name = "xcbc",
329 .alloc = xcbc_alloc,
330 .free = xcbc_free,
331 .module = THIS_MODULE,
332};
333
334static int __init crypto_xcbc_module_init(void)
335{
336 return crypto_register_template(&crypto_xcbc_tmpl);
337}
338
339static void __exit crypto_xcbc_module_exit(void)
340{
341 crypto_unregister_template(&crypto_xcbc_tmpl);
342}
343
344module_init(crypto_xcbc_module_init);
345module_exit(crypto_xcbc_module_exit);
346
347MODULE_LICENSE("GPL");
348MODULE_DESCRIPTION("XCBC keyed hash algorithm");
generated by cgit v1.2.2 (git 2.25.0) at 2024-12-30 00:10:03 -0500