diff options
-rw-r--r-- | crypto/Kconfig | 11 | ||||
-rw-r--r-- | crypto/Makefile | 1 | ||||
-rw-r--r-- | crypto/gf128mul.c | 11 | ||||
-rw-r--r-- | crypto/tcrypt.c | 12 | ||||
-rw-r--r-- | crypto/tcrypt.h | 417 | ||||
-rw-r--r-- | crypto/xts.c | 292 | ||||
-rw-r--r-- | include/crypto/gf128mul.h | 2 |
7 files changed, 746 insertions, 0 deletions
diff --git a/crypto/Kconfig b/crypto/Kconfig index 05f46dfdf185..083d2e1dfc21 100644 --- a/crypto/Kconfig +++ b/crypto/Kconfig | |||
@@ -184,6 +184,17 @@ config CRYPTO_LRW | |||
184 | The first 128, 192 or 256 bits in the key are used for AES and the | 184 | The first 128, 192 or 256 bits in the key are used for AES and the |
185 | rest is used to tie each cipher block to its logical position. | 185 | rest is used to tie each cipher block to its logical position. |
186 | 186 | ||
187 | config CRYPTO_XTS | ||
188 | tristate "XTS support (EXPERIMENTAL)" | ||
189 | depends on EXPERIMENTAL | ||
190 | select CRYPTO_BLKCIPHER | ||
191 | select CRYPTO_MANAGER | ||
192 | select CRYPTO_GF128MUL | ||
193 | help | ||
194 | XTS: IEEE1619/D16 narrow block cipher use with aes-xts-plain, | ||
195 | key size 256, 384 or 512 bits. This implementation currently | ||
196 | can't handle a sectorsize which is not a multiple of 16 bytes. | ||
197 | |||
187 | config CRYPTO_CRYPTD | 198 | config CRYPTO_CRYPTD |
188 | tristate "Software async crypto daemon" | 199 | tristate "Software async crypto daemon" |
189 | select CRYPTO_ABLKCIPHER | 200 | select CRYPTO_ABLKCIPHER |
diff --git a/crypto/Makefile b/crypto/Makefile index da256665aae9..e96a07e16bf2 100644 --- a/crypto/Makefile +++ b/crypto/Makefile | |||
@@ -31,6 +31,7 @@ obj-$(CONFIG_CRYPTO_ECB) += ecb.o | |||
31 | obj-$(CONFIG_CRYPTO_CBC) += cbc.o | 31 | obj-$(CONFIG_CRYPTO_CBC) += cbc.o |
32 | obj-$(CONFIG_CRYPTO_PCBC) += pcbc.o | 32 | obj-$(CONFIG_CRYPTO_PCBC) += pcbc.o |
33 | obj-$(CONFIG_CRYPTO_LRW) += lrw.o | 33 | obj-$(CONFIG_CRYPTO_LRW) += lrw.o |
34 | obj-$(CONFIG_CRYPTO_XTS) += xts.o | ||
34 | obj-$(CONFIG_CRYPTO_CRYPTD) += cryptd.o | 35 | obj-$(CONFIG_CRYPTO_CRYPTD) += cryptd.o |
35 | obj-$(CONFIG_CRYPTO_DES) += des.o | 36 | obj-$(CONFIG_CRYPTO_DES) += des.o |
36 | obj-$(CONFIG_CRYPTO_FCRYPT) += fcrypt.o | 37 | obj-$(CONFIG_CRYPTO_FCRYPT) += fcrypt.o |
diff --git a/crypto/gf128mul.c b/crypto/gf128mul.c index 0a2aadfa1d85..ecbeaa1f17e1 100644 --- a/crypto/gf128mul.c +++ b/crypto/gf128mul.c | |||
@@ -142,6 +142,17 @@ static void gf128mul_x_bbe(be128 *r, const be128 *x) | |||
142 | r->b = cpu_to_be64((b << 1) ^ _tt); | 142 | r->b = cpu_to_be64((b << 1) ^ _tt); |
143 | } | 143 | } |
144 | 144 | ||
145 | void gf128mul_x_ble(be128 *r, const be128 *x) | ||
146 | { | ||
147 | u64 a = le64_to_cpu(x->a); | ||
148 | u64 b = le64_to_cpu(x->b); | ||
149 | u64 _tt = gf128mul_table_bbe[b >> 63]; | ||
150 | |||
151 | r->a = cpu_to_le64((a << 1) ^ _tt); | ||
152 | r->b = cpu_to_le64((b << 1) | (a >> 63)); | ||
153 | } | ||
154 | EXPORT_SYMBOL(gf128mul_x_ble); | ||
155 | |||
145 | static void gf128mul_x8_lle(be128 *x) | 156 | static void gf128mul_x8_lle(be128 *x) |
146 | { | 157 | { |
147 | u64 a = be64_to_cpu(x->a); | 158 | u64 a = be64_to_cpu(x->a); |
diff --git a/crypto/tcrypt.c b/crypto/tcrypt.c index de6435ea9bf8..18d489c8b935 100644 --- a/crypto/tcrypt.c +++ b/crypto/tcrypt.c | |||
@@ -955,6 +955,10 @@ static void do_test(void) | |||
955 | AES_LRW_ENC_TEST_VECTORS); | 955 | AES_LRW_ENC_TEST_VECTORS); |
956 | test_cipher("lrw(aes)", DECRYPT, aes_lrw_dec_tv_template, | 956 | test_cipher("lrw(aes)", DECRYPT, aes_lrw_dec_tv_template, |
957 | AES_LRW_DEC_TEST_VECTORS); | 957 | AES_LRW_DEC_TEST_VECTORS); |
958 | test_cipher("xts(aes)", ENCRYPT, aes_xts_enc_tv_template, | ||
959 | AES_XTS_ENC_TEST_VECTORS); | ||
960 | test_cipher("xts(aes)", DECRYPT, aes_xts_dec_tv_template, | ||
961 | AES_XTS_DEC_TEST_VECTORS); | ||
958 | 962 | ||
959 | //CAST5 | 963 | //CAST5 |
960 | test_cipher("ecb(cast5)", ENCRYPT, cast5_enc_tv_template, | 964 | test_cipher("ecb(cast5)", ENCRYPT, cast5_enc_tv_template, |
@@ -1138,6 +1142,10 @@ static void do_test(void) | |||
1138 | AES_LRW_ENC_TEST_VECTORS); | 1142 | AES_LRW_ENC_TEST_VECTORS); |
1139 | test_cipher("lrw(aes)", DECRYPT, aes_lrw_dec_tv_template, | 1143 | test_cipher("lrw(aes)", DECRYPT, aes_lrw_dec_tv_template, |
1140 | AES_LRW_DEC_TEST_VECTORS); | 1144 | AES_LRW_DEC_TEST_VECTORS); |
1145 | test_cipher("xts(aes)", ENCRYPT, aes_xts_enc_tv_template, | ||
1146 | AES_XTS_ENC_TEST_VECTORS); | ||
1147 | test_cipher("xts(aes)", DECRYPT, aes_xts_dec_tv_template, | ||
1148 | AES_XTS_DEC_TEST_VECTORS); | ||
1141 | break; | 1149 | break; |
1142 | 1150 | ||
1143 | case 11: | 1151 | case 11: |
@@ -1313,6 +1321,10 @@ static void do_test(void) | |||
1313 | aes_lrw_speed_template); | 1321 | aes_lrw_speed_template); |
1314 | test_cipher_speed("lrw(aes)", DECRYPT, sec, NULL, 0, | 1322 | test_cipher_speed("lrw(aes)", DECRYPT, sec, NULL, 0, |
1315 | aes_lrw_speed_template); | 1323 | aes_lrw_speed_template); |
1324 | test_cipher_speed("xts(aes)", ENCRYPT, sec, NULL, 0, | ||
1325 | aes_xts_speed_template); | ||
1326 | test_cipher_speed("xts(aes)", DECRYPT, sec, NULL, 0, | ||
1327 | aes_xts_speed_template); | ||
1316 | break; | 1328 | break; |
1317 | 1329 | ||
1318 | case 201: | 1330 | case 201: |
diff --git a/crypto/tcrypt.h b/crypto/tcrypt.h index beab3f345584..ec861388d9a0 100644 --- a/crypto/tcrypt.h +++ b/crypto/tcrypt.h | |||
@@ -2144,6 +2144,8 @@ static struct cipher_testvec cast6_dec_tv_template[] = { | |||
2144 | #define AES_CBC_DEC_TEST_VECTORS 2 | 2144 | #define AES_CBC_DEC_TEST_VECTORS 2 |
2145 | #define AES_LRW_ENC_TEST_VECTORS 8 | 2145 | #define AES_LRW_ENC_TEST_VECTORS 8 |
2146 | #define AES_LRW_DEC_TEST_VECTORS 8 | 2146 | #define AES_LRW_DEC_TEST_VECTORS 8 |
2147 | #define AES_XTS_ENC_TEST_VECTORS 4 | ||
2148 | #define AES_XTS_DEC_TEST_VECTORS 4 | ||
2147 | 2149 | ||
2148 | static struct cipher_testvec aes_enc_tv_template[] = { | 2150 | static struct cipher_testvec aes_enc_tv_template[] = { |
2149 | { /* From FIPS-197 */ | 2151 | { /* From FIPS-197 */ |
@@ -2784,6 +2786,400 @@ static struct cipher_testvec aes_lrw_dec_tv_template[] = { | |||
2784 | } | 2786 | } |
2785 | }; | 2787 | }; |
2786 | 2788 | ||
2789 | static struct cipher_testvec aes_xts_enc_tv_template[] = { | ||
2790 | /* http://grouper.ieee.org/groups/1619/email/pdf00086.pdf */ | ||
2791 | { /* XTS-AES 1 */ | ||
2792 | .key = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
2793 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
2794 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
2795 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, | ||
2796 | .klen = 32, | ||
2797 | .iv = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
2798 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, | ||
2799 | .input = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
2800 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
2801 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
2802 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, | ||
2803 | .ilen = 32, | ||
2804 | .result = { 0x91, 0x7c, 0xf6, 0x9e, 0xbd, 0x68, 0xb2, 0xec, | ||
2805 | 0x9b, 0x9f, 0xe9, 0xa3, 0xea, 0xdd, 0xa6, 0x92, | ||
2806 | 0xcd, 0x43, 0xd2, 0xf5, 0x95, 0x98, 0xed, 0x85, | ||
2807 | 0x8c, 0x02, 0xc2, 0x65, 0x2f, 0xbf, 0x92, 0x2e }, | ||
2808 | .rlen = 32, | ||
2809 | }, { /* XTS-AES 2 */ | ||
2810 | .key = { 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, | ||
2811 | 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, | ||
2812 | 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, | ||
2813 | 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22 }, | ||
2814 | .klen = 32, | ||
2815 | .iv = { 0x33, 0x33, 0x33, 0x33, 0x33, 0x00, 0x00, 0x00, | ||
2816 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, | ||
2817 | .input = { 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, | ||
2818 | 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, | ||
2819 | 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, | ||
2820 | 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44 }, | ||
2821 | .ilen = 32, | ||
2822 | .result = { 0xc4, 0x54, 0x18, 0x5e, 0x6a, 0x16, 0x93, 0x6e, | ||
2823 | 0x39, 0x33, 0x40, 0x38, 0xac, 0xef, 0x83, 0x8b, | ||
2824 | 0xfb, 0x18, 0x6f, 0xff, 0x74, 0x80, 0xad, 0xc4, | ||
2825 | 0x28, 0x93, 0x82, 0xec, 0xd6, 0xd3, 0x94, 0xf0 }, | ||
2826 | .rlen = 32, | ||
2827 | }, { /* XTS-AES 3 */ | ||
2828 | .key = { 0xff, 0xfe, 0xfd, 0xfc, 0xfb, 0xfa, 0xf9, 0xf8, | ||
2829 | 0xf7, 0xf6, 0xf5, 0xf4, 0xf3, 0xf2, 0xf1, 0xf0, | ||
2830 | 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, | ||
2831 | 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22 }, | ||
2832 | .klen = 32, | ||
2833 | .iv = { 0x33, 0x33, 0x33, 0x33, 0x33, 0x00, 0x00, 0x00, | ||
2834 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, | ||
2835 | .input = { 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, | ||
2836 | 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, | ||
2837 | 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, | ||
2838 | 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44 }, | ||
2839 | .ilen = 32, | ||
2840 | .result = { 0xaf, 0x85, 0x33, 0x6b, 0x59, 0x7a, 0xfc, 0x1a, | ||
2841 | 0x90, 0x0b, 0x2e, 0xb2, 0x1e, 0xc9, 0x49, 0xd2, | ||
2842 | 0x92, 0xdf, 0x4c, 0x04, 0x7e, 0x0b, 0x21, 0x53, | ||
2843 | 0x21, 0x86, 0xa5, 0x97, 0x1a, 0x22, 0x7a, 0x89 }, | ||
2844 | .rlen = 32, | ||
2845 | }, { /* XTS-AES 4 */ | ||
2846 | .key = { 0x27, 0x18, 0x28, 0x18, 0x28, 0x45, 0x90, 0x45, | ||
2847 | 0x23, 0x53, 0x60, 0x28, 0x74, 0x71, 0x35, 0x26, | ||
2848 | 0x31, 0x41, 0x59, 0x26, 0x53, 0x58, 0x97, 0x93, | ||
2849 | 0x23, 0x84, 0x62, 0x64, 0x33, 0x83, 0x27, 0x95 }, | ||
2850 | .klen = 32, | ||
2851 | .iv = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
2852 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, | ||
2853 | .input = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, | ||
2854 | 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, | ||
2855 | 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, | ||
2856 | 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, | ||
2857 | 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, | ||
2858 | 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, | ||
2859 | 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, | ||
2860 | 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f, | ||
2861 | 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, | ||
2862 | 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, | ||
2863 | 0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, | ||
2864 | 0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f, | ||
2865 | 0x60, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, | ||
2866 | 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f, | ||
2867 | 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, | ||
2868 | 0x78, 0x79, 0x7a, 0x7b, 0x7c, 0x7d, 0x7e, 0x7f, | ||
2869 | 0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, | ||
2870 | 0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f, | ||
2871 | 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97, | ||
2872 | 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f, | ||
2873 | 0xa0, 0xa1, 0xa2, 0xa3, 0xa4, 0xa5, 0xa6, 0xa7, | ||
2874 | 0xa8, 0xa9, 0xaa, 0xab, 0xac, 0xad, 0xae, 0xaf, | ||
2875 | 0xb0, 0xb1, 0xb2, 0xb3, 0xb4, 0xb5, 0xb6, 0xb7, | ||
2876 | 0xb8, 0xb9, 0xba, 0xbb, 0xbc, 0xbd, 0xbe, 0xbf, | ||
2877 | 0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7, | ||
2878 | 0xc8, 0xc9, 0xca, 0xcb, 0xcc, 0xcd, 0xce, 0xcf, | ||
2879 | 0xd0, 0xd1, 0xd2, 0xd3, 0xd4, 0xd5, 0xd6, 0xd7, | ||
2880 | 0xd8, 0xd9, 0xda, 0xdb, 0xdc, 0xdd, 0xde, 0xdf, | ||
2881 | 0xe0, 0xe1, 0xe2, 0xe3, 0xe4, 0xe5, 0xe6, 0xe7, | ||
2882 | 0xe8, 0xe9, 0xea, 0xeb, 0xec, 0xed, 0xee, 0xef, | ||
2883 | 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, | ||
2884 | 0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd, 0xfe, 0xff, | ||
2885 | 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, | ||
2886 | 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, | ||
2887 | 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, | ||
2888 | 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, | ||
2889 | 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, | ||
2890 | 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, | ||
2891 | 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, | ||
2892 | 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f, | ||
2893 | 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, | ||
2894 | 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, | ||
2895 | 0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, | ||
2896 | 0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f, | ||
2897 | 0x60, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, | ||
2898 | 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f, | ||
2899 | 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, | ||
2900 | 0x78, 0x79, 0x7a, 0x7b, 0x7c, 0x7d, 0x7e, 0x7f, | ||
2901 | 0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, | ||
2902 | 0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f, | ||
2903 | 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97, | ||
2904 | 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f, | ||
2905 | 0xa0, 0xa1, 0xa2, 0xa3, 0xa4, 0xa5, 0xa6, 0xa7, | ||
2906 | 0xa8, 0xa9, 0xaa, 0xab, 0xac, 0xad, 0xae, 0xaf, | ||
2907 | 0xb0, 0xb1, 0xb2, 0xb3, 0xb4, 0xb5, 0xb6, 0xb7, | ||
2908 | 0xb8, 0xb9, 0xba, 0xbb, 0xbc, 0xbd, 0xbe, 0xbf, | ||
2909 | 0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7, | ||
2910 | 0xc8, 0xc9, 0xca, 0xcb, 0xcc, 0xcd, 0xce, 0xcf, | ||
2911 | 0xd0, 0xd1, 0xd2, 0xd3, 0xd4, 0xd5, 0xd6, 0xd7, | ||
2912 | 0xd8, 0xd9, 0xda, 0xdb, 0xdc, 0xdd, 0xde, 0xdf, | ||
2913 | 0xe0, 0xe1, 0xe2, 0xe3, 0xe4, 0xe5, 0xe6, 0xe7, | ||
2914 | 0xe8, 0xe9, 0xea, 0xeb, 0xec, 0xed, 0xee, 0xef, | ||
2915 | 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, | ||
2916 | 0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd, 0xfe, 0xff }, | ||
2917 | .ilen = 512, | ||
2918 | .result = { 0x27, 0xa7, 0x47, 0x9b, 0xef, 0xa1, 0xd4, 0x76, | ||
2919 | 0x48, 0x9f, 0x30, 0x8c, 0xd4, 0xcf, 0xa6, 0xe2, | ||
2920 | 0xa9, 0x6e, 0x4b, 0xbe, 0x32, 0x08, 0xff, 0x25, | ||
2921 | 0x28, 0x7d, 0xd3, 0x81, 0x96, 0x16, 0xe8, 0x9c, | ||
2922 | 0xc7, 0x8c, 0xf7, 0xf5, 0xe5, 0x43, 0x44, 0x5f, | ||
2923 | 0x83, 0x33, 0xd8, 0xfa, 0x7f, 0x56, 0x00, 0x00, | ||
2924 | 0x05, 0x27, 0x9f, 0xa5, 0xd8, 0xb5, 0xe4, 0xad, | ||
2925 | 0x40, 0xe7, 0x36, 0xdd, 0xb4, 0xd3, 0x54, 0x12, | ||
2926 | 0x32, 0x80, 0x63, 0xfd, 0x2a, 0xab, 0x53, 0xe5, | ||
2927 | 0xea, 0x1e, 0x0a, 0x9f, 0x33, 0x25, 0x00, 0xa5, | ||
2928 | 0xdf, 0x94, 0x87, 0xd0, 0x7a, 0x5c, 0x92, 0xcc, | ||
2929 | 0x51, 0x2c, 0x88, 0x66, 0xc7, 0xe8, 0x60, 0xce, | ||
2930 | 0x93, 0xfd, 0xf1, 0x66, 0xa2, 0x49, 0x12, 0xb4, | ||
2931 | 0x22, 0x97, 0x61, 0x46, 0xae, 0x20, 0xce, 0x84, | ||
2932 | 0x6b, 0xb7, 0xdc, 0x9b, 0xa9, 0x4a, 0x76, 0x7a, | ||
2933 | 0xae, 0xf2, 0x0c, 0x0d, 0x61, 0xad, 0x02, 0x65, | ||
2934 | 0x5e, 0xa9, 0x2d, 0xc4, 0xc4, 0xe4, 0x1a, 0x89, | ||
2935 | 0x52, 0xc6, 0x51, 0xd3, 0x31, 0x74, 0xbe, 0x51, | ||
2936 | 0xa1, 0x0c, 0x42, 0x11, 0x10, 0xe6, 0xd8, 0x15, | ||
2937 | 0x88, 0xed, 0xe8, 0x21, 0x03, 0xa2, 0x52, 0xd8, | ||
2938 | 0xa7, 0x50, 0xe8, 0x76, 0x8d, 0xef, 0xff, 0xed, | ||
2939 | 0x91, 0x22, 0x81, 0x0a, 0xae, 0xb9, 0x9f, 0x91, | ||
2940 | 0x72, 0xaf, 0x82, 0xb6, 0x04, 0xdc, 0x4b, 0x8e, | ||
2941 | 0x51, 0xbc, 0xb0, 0x82, 0x35, 0xa6, 0xf4, 0x34, | ||
2942 | 0x13, 0x32, 0xe4, 0xca, 0x60, 0x48, 0x2a, 0x4b, | ||
2943 | 0xa1, 0xa0, 0x3b, 0x3e, 0x65, 0x00, 0x8f, 0xc5, | ||
2944 | 0xda, 0x76, 0xb7, 0x0b, 0xf1, 0x69, 0x0d, 0xb4, | ||
2945 | 0xea, 0xe2, 0x9c, 0x5f, 0x1b, 0xad, 0xd0, 0x3c, | ||
2946 | 0x5c, 0xcf, 0x2a, 0x55, 0xd7, 0x05, 0xdd, 0xcd, | ||
2947 | 0x86, 0xd4, 0x49, 0x51, 0x1c, 0xeb, 0x7e, 0xc3, | ||
2948 | 0x0b, 0xf1, 0x2b, 0x1f, 0xa3, 0x5b, 0x91, 0x3f, | ||
2949 | 0x9f, 0x74, 0x7a, 0x8a, 0xfd, 0x1b, 0x13, 0x0e, | ||
2950 | 0x94, 0xbf, 0xf9, 0x4e, 0xff, 0xd0, 0x1a, 0x91, | ||
2951 | 0x73, 0x5c, 0xa1, 0x72, 0x6a, 0xcd, 0x0b, 0x19, | ||
2952 | 0x7c, 0x4e, 0x5b, 0x03, 0x39, 0x36, 0x97, 0xe1, | ||
2953 | 0x26, 0x82, 0x6f, 0xb6, 0xbb, 0xde, 0x8e, 0xcc, | ||
2954 | 0x1e, 0x08, 0x29, 0x85, 0x16, 0xe2, 0xc9, 0xed, | ||
2955 | 0x03, 0xff, 0x3c, 0x1b, 0x78, 0x60, 0xf6, 0xde, | ||
2956 | 0x76, 0xd4, 0xce, 0xcd, 0x94, 0xc8, 0x11, 0x98, | ||
2957 | 0x55, 0xef, 0x52, 0x97, 0xca, 0x67, 0xe9, 0xf3, | ||
2958 | 0xe7, 0xff, 0x72, 0xb1, 0xe9, 0x97, 0x85, 0xca, | ||
2959 | 0x0a, 0x7e, 0x77, 0x20, 0xc5, 0xb3, 0x6d, 0xc6, | ||
2960 | 0xd7, 0x2c, 0xac, 0x95, 0x74, 0xc8, 0xcb, 0xbc, | ||
2961 | 0x2f, 0x80, 0x1e, 0x23, 0xe5, 0x6f, 0xd3, 0x44, | ||
2962 | 0xb0, 0x7f, 0x22, 0x15, 0x4b, 0xeb, 0xa0, 0xf0, | ||
2963 | 0x8c, 0xe8, 0x89, 0x1e, 0x64, 0x3e, 0xd9, 0x95, | ||
2964 | 0xc9, 0x4d, 0x9a, 0x69, 0xc9, 0xf1, 0xb5, 0xf4, | ||
2965 | 0x99, 0x02, 0x7a, 0x78, 0x57, 0x2a, 0xee, 0xbd, | ||
2966 | 0x74, 0xd2, 0x0c, 0xc3, 0x98, 0x81, 0xc2, 0x13, | ||
2967 | 0xee, 0x77, 0x0b, 0x10, 0x10, 0xe4, 0xbe, 0xa7, | ||
2968 | 0x18, 0x84, 0x69, 0x77, 0xae, 0x11, 0x9f, 0x7a, | ||
2969 | 0x02, 0x3a, 0xb5, 0x8c, 0xca, 0x0a, 0xd7, 0x52, | ||
2970 | 0xaf, 0xe6, 0x56, 0xbb, 0x3c, 0x17, 0x25, 0x6a, | ||
2971 | 0x9f, 0x6e, 0x9b, 0xf1, 0x9f, 0xdd, 0x5a, 0x38, | ||
2972 | 0xfc, 0x82, 0xbb, 0xe8, 0x72, 0xc5, 0x53, 0x9e, | ||
2973 | 0xdb, 0x60, 0x9e, 0xf4, 0xf7, 0x9c, 0x20, 0x3e, | ||
2974 | 0xbb, 0x14, 0x0f, 0x2e, 0x58, 0x3c, 0xb2, 0xad, | ||
2975 | 0x15, 0xb4, 0xaa, 0x5b, 0x65, 0x50, 0x16, 0xa8, | ||
2976 | 0x44, 0x92, 0x77, 0xdb, 0xd4, 0x77, 0xef, 0x2c, | ||
2977 | 0x8d, 0x6c, 0x01, 0x7d, 0xb7, 0x38, 0xb1, 0x8d, | ||
2978 | 0xeb, 0x4a, 0x42, 0x7d, 0x19, 0x23, 0xce, 0x3f, | ||
2979 | 0xf2, 0x62, 0x73, 0x57, 0x79, 0xa4, 0x18, 0xf2, | ||
2980 | 0x0a, 0x28, 0x2d, 0xf9, 0x20, 0x14, 0x7b, 0xea, | ||
2981 | 0xbe, 0x42, 0x1e, 0xe5, 0x31, 0x9d, 0x05, 0x68 }, | ||
2982 | .rlen = 512, | ||
2983 | } | ||
2984 | }; | ||
2985 | |||
2986 | static struct cipher_testvec aes_xts_dec_tv_template[] = { | ||
2987 | /* http://grouper.ieee.org/groups/1619/email/pdf00086.pdf */ | ||
2988 | { /* XTS-AES 1 */ | ||
2989 | .key = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
2990 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
2991 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
2992 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, | ||
2993 | .klen = 32, | ||
2994 | .iv = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
2995 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, | ||
2996 | .input = { 0x91, 0x7c, 0xf6, 0x9e, 0xbd, 0x68, 0xb2, 0xec, | ||
2997 | 0x9b, 0x9f, 0xe9, 0xa3, 0xea, 0xdd, 0xa6, 0x92, | ||
2998 | 0xcd, 0x43, 0xd2, 0xf5, 0x95, 0x98, 0xed, 0x85, | ||
2999 | 0x8c, 0x02, 0xc2, 0x65, 0x2f, 0xbf, 0x92, 0x2e }, | ||
3000 | .ilen = 32, | ||
3001 | .result = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
3002 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
3003 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
3004 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, | ||
3005 | .rlen = 32, | ||
3006 | }, { /* XTS-AES 2 */ | ||
3007 | .key = { 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, | ||
3008 | 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, | ||
3009 | 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, | ||
3010 | 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22 }, | ||
3011 | .klen = 32, | ||
3012 | .iv = { 0x33, 0x33, 0x33, 0x33, 0x33, 0x00, 0x00, 0x00, | ||
3013 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, | ||
3014 | .input = { 0xc4, 0x54, 0x18, 0x5e, 0x6a, 0x16, 0x93, 0x6e, | ||
3015 | 0x39, 0x33, 0x40, 0x38, 0xac, 0xef, 0x83, 0x8b, | ||
3016 | 0xfb, 0x18, 0x6f, 0xff, 0x74, 0x80, 0xad, 0xc4, | ||
3017 | 0x28, 0x93, 0x82, 0xec, 0xd6, 0xd3, 0x94, 0xf0 }, | ||
3018 | .ilen = 32, | ||
3019 | .result = { 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, | ||
3020 | 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, | ||
3021 | 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, | ||
3022 | 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44 }, | ||
3023 | .rlen = 32, | ||
3024 | }, { /* XTS-AES 3 */ | ||
3025 | .key = { 0xff, 0xfe, 0xfd, 0xfc, 0xfb, 0xfa, 0xf9, 0xf8, | ||
3026 | 0xf7, 0xf6, 0xf5, 0xf4, 0xf3, 0xf2, 0xf1, 0xf0, | ||
3027 | 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, | ||
3028 | 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22 }, | ||
3029 | .klen = 32, | ||
3030 | .iv = { 0x33, 0x33, 0x33, 0x33, 0x33, 0x00, 0x00, 0x00, | ||
3031 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, | ||
3032 | .input = { 0xaf, 0x85, 0x33, 0x6b, 0x59, 0x7a, 0xfc, 0x1a, | ||
3033 | 0x90, 0x0b, 0x2e, 0xb2, 0x1e, 0xc9, 0x49, 0xd2, | ||
3034 | 0x92, 0xdf, 0x4c, 0x04, 0x7e, 0x0b, 0x21, 0x53, | ||
3035 | 0x21, 0x86, 0xa5, 0x97, 0x1a, 0x22, 0x7a, 0x89 }, | ||
3036 | .ilen = 32, | ||
3037 | .result = { 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, | ||
3038 | 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, | ||
3039 | 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, | ||
3040 | 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44 }, | ||
3041 | .rlen = 32, | ||
3042 | }, { /* XTS-AES 4 */ | ||
3043 | .key = { 0x27, 0x18, 0x28, 0x18, 0x28, 0x45, 0x90, 0x45, | ||
3044 | 0x23, 0x53, 0x60, 0x28, 0x74, 0x71, 0x35, 0x26, | ||
3045 | 0x31, 0x41, 0x59, 0x26, 0x53, 0x58, 0x97, 0x93, | ||
3046 | 0x23, 0x84, 0x62, 0x64, 0x33, 0x83, 0x27, 0x95 }, | ||
3047 | .klen = 32, | ||
3048 | .iv = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
3049 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, | ||
3050 | .input = { 0x27, 0xa7, 0x47, 0x9b, 0xef, 0xa1, 0xd4, 0x76, | ||
3051 | 0x48, 0x9f, 0x30, 0x8c, 0xd4, 0xcf, 0xa6, 0xe2, | ||
3052 | 0xa9, 0x6e, 0x4b, 0xbe, 0x32, 0x08, 0xff, 0x25, | ||
3053 | 0x28, 0x7d, 0xd3, 0x81, 0x96, 0x16, 0xe8, 0x9c, | ||
3054 | 0xc7, 0x8c, 0xf7, 0xf5, 0xe5, 0x43, 0x44, 0x5f, | ||
3055 | 0x83, 0x33, 0xd8, 0xfa, 0x7f, 0x56, 0x00, 0x00, | ||
3056 | 0x05, 0x27, 0x9f, 0xa5, 0xd8, 0xb5, 0xe4, 0xad, | ||
3057 | 0x40, 0xe7, 0x36, 0xdd, 0xb4, 0xd3, 0x54, 0x12, | ||
3058 | 0x32, 0x80, 0x63, 0xfd, 0x2a, 0xab, 0x53, 0xe5, | ||
3059 | 0xea, 0x1e, 0x0a, 0x9f, 0x33, 0x25, 0x00, 0xa5, | ||
3060 | 0xdf, 0x94, 0x87, 0xd0, 0x7a, 0x5c, 0x92, 0xcc, | ||
3061 | 0x51, 0x2c, 0x88, 0x66, 0xc7, 0xe8, 0x60, 0xce, | ||
3062 | 0x93, 0xfd, 0xf1, 0x66, 0xa2, 0x49, 0x12, 0xb4, | ||
3063 | 0x22, 0x97, 0x61, 0x46, 0xae, 0x20, 0xce, 0x84, | ||
3064 | 0x6b, 0xb7, 0xdc, 0x9b, 0xa9, 0x4a, 0x76, 0x7a, | ||
3065 | 0xae, 0xf2, 0x0c, 0x0d, 0x61, 0xad, 0x02, 0x65, | ||
3066 | 0x5e, 0xa9, 0x2d, 0xc4, 0xc4, 0xe4, 0x1a, 0x89, | ||
3067 | 0x52, 0xc6, 0x51, 0xd3, 0x31, 0x74, 0xbe, 0x51, | ||
3068 | 0xa1, 0x0c, 0x42, 0x11, 0x10, 0xe6, 0xd8, 0x15, | ||
3069 | 0x88, 0xed, 0xe8, 0x21, 0x03, 0xa2, 0x52, 0xd8, | ||
3070 | 0xa7, 0x50, 0xe8, 0x76, 0x8d, 0xef, 0xff, 0xed, | ||
3071 | 0x91, 0x22, 0x81, 0x0a, 0xae, 0xb9, 0x9f, 0x91, | ||
3072 | 0x72, 0xaf, 0x82, 0xb6, 0x04, 0xdc, 0x4b, 0x8e, | ||
3073 | 0x51, 0xbc, 0xb0, 0x82, 0x35, 0xa6, 0xf4, 0x34, | ||
3074 | 0x13, 0x32, 0xe4, 0xca, 0x60, 0x48, 0x2a, 0x4b, | ||
3075 | 0xa1, 0xa0, 0x3b, 0x3e, 0x65, 0x00, 0x8f, 0xc5, | ||
3076 | 0xda, 0x76, 0xb7, 0x0b, 0xf1, 0x69, 0x0d, 0xb4, | ||
3077 | 0xea, 0xe2, 0x9c, 0x5f, 0x1b, 0xad, 0xd0, 0x3c, | ||
3078 | 0x5c, 0xcf, 0x2a, 0x55, 0xd7, 0x05, 0xdd, 0xcd, | ||
3079 | 0x86, 0xd4, 0x49, 0x51, 0x1c, 0xeb, 0x7e, 0xc3, | ||
3080 | 0x0b, 0xf1, 0x2b, 0x1f, 0xa3, 0x5b, 0x91, 0x3f, | ||
3081 | 0x9f, 0x74, 0x7a, 0x8a, 0xfd, 0x1b, 0x13, 0x0e, | ||
3082 | 0x94, 0xbf, 0xf9, 0x4e, 0xff, 0xd0, 0x1a, 0x91, | ||
3083 | 0x73, 0x5c, 0xa1, 0x72, 0x6a, 0xcd, 0x0b, 0x19, | ||
3084 | 0x7c, 0x4e, 0x5b, 0x03, 0x39, 0x36, 0x97, 0xe1, | ||
3085 | 0x26, 0x82, 0x6f, 0xb6, 0xbb, 0xde, 0x8e, 0xcc, | ||
3086 | 0x1e, 0x08, 0x29, 0x85, 0x16, 0xe2, 0xc9, 0xed, | ||
3087 | 0x03, 0xff, 0x3c, 0x1b, 0x78, 0x60, 0xf6, 0xde, | ||
3088 | 0x76, 0xd4, 0xce, 0xcd, 0x94, 0xc8, 0x11, 0x98, | ||
3089 | 0x55, 0xef, 0x52, 0x97, 0xca, 0x67, 0xe9, 0xf3, | ||
3090 | 0xe7, 0xff, 0x72, 0xb1, 0xe9, 0x97, 0x85, 0xca, | ||
3091 | 0x0a, 0x7e, 0x77, 0x20, 0xc5, 0xb3, 0x6d, 0xc6, | ||
3092 | 0xd7, 0x2c, 0xac, 0x95, 0x74, 0xc8, 0xcb, 0xbc, | ||
3093 | 0x2f, 0x80, 0x1e, 0x23, 0xe5, 0x6f, 0xd3, 0x44, | ||
3094 | 0xb0, 0x7f, 0x22, 0x15, 0x4b, 0xeb, 0xa0, 0xf0, | ||
3095 | 0x8c, 0xe8, 0x89, 0x1e, 0x64, 0x3e, 0xd9, 0x95, | ||
3096 | 0xc9, 0x4d, 0x9a, 0x69, 0xc9, 0xf1, 0xb5, 0xf4, | ||
3097 | 0x99, 0x02, 0x7a, 0x78, 0x57, 0x2a, 0xee, 0xbd, | ||
3098 | 0x74, 0xd2, 0x0c, 0xc3, 0x98, 0x81, 0xc2, 0x13, | ||
3099 | 0xee, 0x77, 0x0b, 0x10, 0x10, 0xe4, 0xbe, 0xa7, | ||
3100 | 0x18, 0x84, 0x69, 0x77, 0xae, 0x11, 0x9f, 0x7a, | ||
3101 | 0x02, 0x3a, 0xb5, 0x8c, 0xca, 0x0a, 0xd7, 0x52, | ||
3102 | 0xaf, 0xe6, 0x56, 0xbb, 0x3c, 0x17, 0x25, 0x6a, | ||
3103 | 0x9f, 0x6e, 0x9b, 0xf1, 0x9f, 0xdd, 0x5a, 0x38, | ||
3104 | 0xfc, 0x82, 0xbb, 0xe8, 0x72, 0xc5, 0x53, 0x9e, | ||
3105 | 0xdb, 0x60, 0x9e, 0xf4, 0xf7, 0x9c, 0x20, 0x3e, | ||
3106 | 0xbb, 0x14, 0x0f, 0x2e, 0x58, 0x3c, 0xb2, 0xad, | ||
3107 | 0x15, 0xb4, 0xaa, 0x5b, 0x65, 0x50, 0x16, 0xa8, | ||
3108 | 0x44, 0x92, 0x77, 0xdb, 0xd4, 0x77, 0xef, 0x2c, | ||
3109 | 0x8d, 0x6c, 0x01, 0x7d, 0xb7, 0x38, 0xb1, 0x8d, | ||
3110 | 0xeb, 0x4a, 0x42, 0x7d, 0x19, 0x23, 0xce, 0x3f, | ||
3111 | 0xf2, 0x62, 0x73, 0x57, 0x79, 0xa4, 0x18, 0xf2, | ||
3112 | 0x0a, 0x28, 0x2d, 0xf9, 0x20, 0x14, 0x7b, 0xea, | ||
3113 | 0xbe, 0x42, 0x1e, 0xe5, 0x31, 0x9d, 0x05, 0x68 }, | ||
3114 | .ilen = 512, | ||
3115 | .result = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, | ||
3116 | 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, | ||
3117 | 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, | ||
3118 | 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, | ||
3119 | 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, | ||
3120 | 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, | ||
3121 | 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, | ||
3122 | 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f, | ||
3123 | 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, | ||
3124 | 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, | ||
3125 | 0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, | ||
3126 | 0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f, | ||
3127 | 0x60, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, | ||
3128 | 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f, | ||
3129 | 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, | ||
3130 | 0x78, 0x79, 0x7a, 0x7b, 0x7c, 0x7d, 0x7e, 0x7f, | ||
3131 | 0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, | ||
3132 | 0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f, | ||
3133 | 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97, | ||
3134 | 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f, | ||
3135 | 0xa0, 0xa1, 0xa2, 0xa3, 0xa4, 0xa5, 0xa6, 0xa7, | ||
3136 | 0xa8, 0xa9, 0xaa, 0xab, 0xac, 0xad, 0xae, 0xaf, | ||
3137 | 0xb0, 0xb1, 0xb2, 0xb3, 0xb4, 0xb5, 0xb6, 0xb7, | ||
3138 | 0xb8, 0xb9, 0xba, 0xbb, 0xbc, 0xbd, 0xbe, 0xbf, | ||
3139 | 0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7, | ||
3140 | 0xc8, 0xc9, 0xca, 0xcb, 0xcc, 0xcd, 0xce, 0xcf, | ||
3141 | 0xd0, 0xd1, 0xd2, 0xd3, 0xd4, 0xd5, 0xd6, 0xd7, | ||
3142 | 0xd8, 0xd9, 0xda, 0xdb, 0xdc, 0xdd, 0xde, 0xdf, | ||
3143 | 0xe0, 0xe1, 0xe2, 0xe3, 0xe4, 0xe5, 0xe6, 0xe7, | ||
3144 | 0xe8, 0xe9, 0xea, 0xeb, 0xec, 0xed, 0xee, 0xef, | ||
3145 | 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, | ||
3146 | 0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd, 0xfe, 0xff, | ||
3147 | 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, | ||
3148 | 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, | ||
3149 | 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, | ||
3150 | 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, | ||
3151 | 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, | ||
3152 | 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, | ||
3153 | 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, | ||
3154 | 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f, | ||
3155 | 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, | ||
3156 | 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, | ||
3157 | 0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, | ||
3158 | 0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f, | ||
3159 | 0x60, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, | ||
3160 | 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f, | ||
3161 | 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, | ||
3162 | 0x78, 0x79, 0x7a, 0x7b, 0x7c, 0x7d, 0x7e, 0x7f, | ||
3163 | 0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, | ||
3164 | 0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f, | ||
3165 | 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97, | ||
3166 | 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f, | ||
3167 | 0xa0, 0xa1, 0xa2, 0xa3, 0xa4, 0xa5, 0xa6, 0xa7, | ||
3168 | 0xa8, 0xa9, 0xaa, 0xab, 0xac, 0xad, 0xae, 0xaf, | ||
3169 | 0xb0, 0xb1, 0xb2, 0xb3, 0xb4, 0xb5, 0xb6, 0xb7, | ||
3170 | 0xb8, 0xb9, 0xba, 0xbb, 0xbc, 0xbd, 0xbe, 0xbf, | ||
3171 | 0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7, | ||
3172 | 0xc8, 0xc9, 0xca, 0xcb, 0xcc, 0xcd, 0xce, 0xcf, | ||
3173 | 0xd0, 0xd1, 0xd2, 0xd3, 0xd4, 0xd5, 0xd6, 0xd7, | ||
3174 | 0xd8, 0xd9, 0xda, 0xdb, 0xdc, 0xdd, 0xde, 0xdf, | ||
3175 | 0xe0, 0xe1, 0xe2, 0xe3, 0xe4, 0xe5, 0xe6, 0xe7, | ||
3176 | 0xe8, 0xe9, 0xea, 0xeb, 0xec, 0xed, 0xee, 0xef, | ||
3177 | 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, | ||
3178 | 0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd, 0xfe, 0xff }, | ||
3179 | .rlen = 512, | ||
3180 | } | ||
3181 | }; | ||
3182 | |||
2787 | /* Cast5 test vectors from RFC 2144 */ | 3183 | /* Cast5 test vectors from RFC 2144 */ |
2788 | #define CAST5_ENC_TEST_VECTORS 3 | 3184 | #define CAST5_ENC_TEST_VECTORS 3 |
2789 | #define CAST5_DEC_TEST_VECTORS 3 | 3185 | #define CAST5_DEC_TEST_VECTORS 3 |
@@ -4283,6 +4679,27 @@ static struct cipher_speed aes_lrw_speed_template[] = { | |||
4283 | { .klen = 0, .blen = 0, } | 4679 | { .klen = 0, .blen = 0, } |
4284 | }; | 4680 | }; |
4285 | 4681 | ||
4682 | static struct cipher_speed aes_xts_speed_template[] = { | ||
4683 | { .klen = 32, .blen = 16, }, | ||
4684 | { .klen = 32, .blen = 64, }, | ||
4685 | { .klen = 32, .blen = 256, }, | ||
4686 | { .klen = 32, .blen = 1024, }, | ||
4687 | { .klen = 32, .blen = 8192, }, | ||
4688 | { .klen = 48, .blen = 16, }, | ||
4689 | { .klen = 48, .blen = 64, }, | ||
4690 | { .klen = 48, .blen = 256, }, | ||
4691 | { .klen = 48, .blen = 1024, }, | ||
4692 | { .klen = 48, .blen = 8192, }, | ||
4693 | { .klen = 64, .blen = 16, }, | ||
4694 | { .klen = 64, .blen = 64, }, | ||
4695 | { .klen = 64, .blen = 256, }, | ||
4696 | { .klen = 64, .blen = 1024, }, | ||
4697 | { .klen = 64, .blen = 8192, }, | ||
4698 | |||
4699 | /* End marker */ | ||
4700 | { .klen = 0, .blen = 0, } | ||
4701 | }; | ||
4702 | |||
4286 | static struct cipher_speed des3_ede_speed_template[] = { | 4703 | static struct cipher_speed des3_ede_speed_template[] = { |
4287 | { .klen = 24, .blen = 16, }, | 4704 | { .klen = 24, .blen = 16, }, |
4288 | { .klen = 24, .blen = 64, }, | 4705 | { .klen = 24, .blen = 64, }, |
diff --git a/crypto/xts.c b/crypto/xts.c new file mode 100644 index 000000000000..8eb08bfaf7c0 --- /dev/null +++ b/crypto/xts.c | |||
@@ -0,0 +1,292 @@ | |||
1 | /* XTS: as defined in IEEE1619/D16 | ||
2 | * http://grouper.ieee.org/groups/1619/email/pdf00086.pdf | ||
3 | * (sector sizes which are not a multiple of 16 bytes are, | ||
4 | * however currently unsupported) | ||
5 | * | ||
6 | * Copyright (c) 2007 Rik Snel <rsnel@cube.dyndns.org> | ||
7 | * | ||
8 | * Based om ecb.c | ||
9 | * Copyright (c) 2006 Herbert Xu <herbert@gondor.apana.org.au> | ||
10 | * | ||
11 | * This program is free software; you can redistribute it and/or modify it | ||
12 | * under the terms of the GNU General Public License as published by the Free | ||
13 | * Software Foundation; either version 2 of the License, or (at your option) | ||
14 | * any later version. | ||
15 | */ | ||
16 | #include <crypto/algapi.h> | ||
17 | #include <linux/err.h> | ||
18 | #include <linux/init.h> | ||
19 | #include <linux/kernel.h> | ||
20 | #include <linux/module.h> | ||
21 | #include <linux/scatterlist.h> | ||
22 | #include <linux/slab.h> | ||
23 | |||
24 | #include <crypto/b128ops.h> | ||
25 | #include <crypto/gf128mul.h> | ||
26 | |||
27 | struct priv { | ||
28 | struct crypto_cipher *child; | ||
29 | struct crypto_cipher *tweak; | ||
30 | }; | ||
31 | |||
32 | static int setkey(struct crypto_tfm *parent, const u8 *key, | ||
33 | unsigned int keylen) | ||
34 | { | ||
35 | struct priv *ctx = crypto_tfm_ctx(parent); | ||
36 | struct crypto_cipher *child = ctx->tweak; | ||
37 | u32 *flags = &parent->crt_flags; | ||
38 | int err; | ||
39 | |||
40 | /* key consists of keys of equal size concatenated, therefore | ||
41 | * the length must be even */ | ||
42 | if (keylen % 2) { | ||
43 | /* tell the user why there was an error */ | ||
44 | *flags |= CRYPTO_TFM_RES_BAD_KEY_LEN; | ||
45 | return -EINVAL; | ||
46 | } | ||
47 | |||
48 | /* we need two cipher instances: one to compute the inital 'tweak' | ||
49 | * by encrypting the IV (usually the 'plain' iv) and the other | ||
50 | * one to encrypt and decrypt the data */ | ||
51 | |||
52 | /* tweak cipher, uses Key2 i.e. the second half of *key */ | ||
53 | crypto_cipher_clear_flags(child, CRYPTO_TFM_REQ_MASK); | ||
54 | crypto_cipher_set_flags(child, crypto_tfm_get_flags(parent) & | ||
55 | CRYPTO_TFM_REQ_MASK); | ||
56 | err = crypto_cipher_setkey(child, key + keylen/2, keylen/2); | ||
57 | if (err) | ||
58 | return err; | ||
59 | |||
60 | crypto_tfm_set_flags(parent, crypto_cipher_get_flags(child) & | ||
61 | CRYPTO_TFM_RES_MASK); | ||
62 | |||
63 | child = ctx->child; | ||
64 | |||
65 | /* data cipher, uses Key1 i.e. the first half of *key */ | ||
66 | crypto_cipher_clear_flags(child, CRYPTO_TFM_REQ_MASK); | ||
67 | crypto_cipher_set_flags(child, crypto_tfm_get_flags(parent) & | ||
68 | CRYPTO_TFM_REQ_MASK); | ||
69 | err = crypto_cipher_setkey(child, key, keylen/2); | ||
70 | if (err) | ||
71 | return err; | ||
72 | |||
73 | crypto_tfm_set_flags(parent, crypto_cipher_get_flags(child) & | ||
74 | CRYPTO_TFM_RES_MASK); | ||
75 | |||
76 | return 0; | ||
77 | } | ||
78 | |||
79 | struct sinfo { | ||
80 | be128 t; | ||
81 | struct crypto_tfm *tfm; | ||
82 | void (*fn)(struct crypto_tfm *, u8 *, const u8 *); | ||
83 | }; | ||
84 | |||
85 | static inline void xts_round(struct sinfo *s, void *dst, const void *src) | ||
86 | { | ||
87 | be128_xor(dst, &s->t, src); /* PP <- T xor P */ | ||
88 | s->fn(s->tfm, dst, dst); /* CC <- E(Key1,PP) */ | ||
89 | be128_xor(dst, dst, &s->t); /* C <- T xor CC */ | ||
90 | } | ||
91 | |||
92 | static int crypt(struct blkcipher_desc *d, | ||
93 | struct blkcipher_walk *w, struct priv *ctx, | ||
94 | void (*tw)(struct crypto_tfm *, u8 *, const u8 *), | ||
95 | void (*fn)(struct crypto_tfm *, u8 *, const u8 *)) | ||
96 | { | ||
97 | int err; | ||
98 | unsigned int avail; | ||
99 | const int bs = crypto_cipher_blocksize(ctx->child); | ||
100 | struct sinfo s = { | ||
101 | .tfm = crypto_cipher_tfm(ctx->child), | ||
102 | .fn = fn | ||
103 | }; | ||
104 | be128 *iv; | ||
105 | u8 *wsrc; | ||
106 | u8 *wdst; | ||
107 | |||
108 | err = blkcipher_walk_virt(d, w); | ||
109 | if (!w->nbytes) | ||
110 | return err; | ||
111 | |||
112 | avail = w->nbytes; | ||
113 | |||
114 | wsrc = w->src.virt.addr; | ||
115 | wdst = w->dst.virt.addr; | ||
116 | |||
117 | /* calculate first value of T */ | ||
118 | iv = (be128 *)w->iv; | ||
119 | tw(crypto_cipher_tfm(ctx->tweak), (void *)&s.t, w->iv); | ||
120 | |||
121 | goto first; | ||
122 | |||
123 | for (;;) { | ||
124 | do { | ||
125 | gf128mul_x_ble(&s.t, &s.t); | ||
126 | |||
127 | first: | ||
128 | xts_round(&s, wdst, wsrc); | ||
129 | |||
130 | wsrc += bs; | ||
131 | wdst += bs; | ||
132 | } while ((avail -= bs) >= bs); | ||
133 | |||
134 | err = blkcipher_walk_done(d, w, avail); | ||
135 | if (!w->nbytes) | ||
136 | break; | ||
137 | |||
138 | avail = w->nbytes; | ||
139 | |||
140 | wsrc = w->src.virt.addr; | ||
141 | wdst = w->dst.virt.addr; | ||
142 | } | ||
143 | |||
144 | return err; | ||
145 | } | ||
146 | |||
147 | static int encrypt(struct blkcipher_desc *desc, struct scatterlist *dst, | ||
148 | struct scatterlist *src, unsigned int nbytes) | ||
149 | { | ||
150 | struct priv *ctx = crypto_blkcipher_ctx(desc->tfm); | ||
151 | struct blkcipher_walk w; | ||
152 | |||
153 | blkcipher_walk_init(&w, dst, src, nbytes); | ||
154 | return crypt(desc, &w, ctx, crypto_cipher_alg(ctx->tweak)->cia_encrypt, | ||
155 | crypto_cipher_alg(ctx->child)->cia_encrypt); | ||
156 | } | ||
157 | |||
158 | static int decrypt(struct blkcipher_desc *desc, struct scatterlist *dst, | ||
159 | struct scatterlist *src, unsigned int nbytes) | ||
160 | { | ||
161 | struct priv *ctx = crypto_blkcipher_ctx(desc->tfm); | ||
162 | struct blkcipher_walk w; | ||
163 | |||
164 | blkcipher_walk_init(&w, dst, src, nbytes); | ||
165 | return crypt(desc, &w, ctx, crypto_cipher_alg(ctx->tweak)->cia_encrypt, | ||
166 | crypto_cipher_alg(ctx->child)->cia_decrypt); | ||
167 | } | ||
168 | |||
169 | static int init_tfm(struct crypto_tfm *tfm) | ||
170 | { | ||
171 | struct crypto_cipher *cipher; | ||
172 | struct crypto_instance *inst = (void *)tfm->__crt_alg; | ||
173 | struct crypto_spawn *spawn = crypto_instance_ctx(inst); | ||
174 | struct priv *ctx = crypto_tfm_ctx(tfm); | ||
175 | u32 *flags = &tfm->crt_flags; | ||
176 | |||
177 | cipher = crypto_spawn_cipher(spawn); | ||
178 | if (IS_ERR(cipher)) | ||
179 | return PTR_ERR(cipher); | ||
180 | |||
181 | if (crypto_cipher_blocksize(cipher) != 16) { | ||
182 | *flags |= CRYPTO_TFM_RES_BAD_BLOCK_LEN; | ||
183 | crypto_free_cipher(cipher); | ||
184 | return -EINVAL; | ||
185 | } | ||
186 | |||
187 | ctx->child = cipher; | ||
188 | |||
189 | cipher = crypto_spawn_cipher(spawn); | ||
190 | if (IS_ERR(cipher)) { | ||
191 | crypto_free_cipher(ctx->child); | ||
192 | return PTR_ERR(cipher); | ||
193 | } | ||
194 | |||
195 | /* this check isn't really needed, leave it here just in case */ | ||
196 | if (crypto_cipher_blocksize(cipher) != 16) { | ||
197 | crypto_free_cipher(cipher); | ||
198 | crypto_free_cipher(ctx->child); | ||
199 | *flags |= CRYPTO_TFM_RES_BAD_BLOCK_LEN; | ||
200 | return -EINVAL; | ||
201 | } | ||
202 | |||
203 | ctx->tweak = cipher; | ||
204 | |||
205 | return 0; | ||
206 | } | ||
207 | |||
208 | static void exit_tfm(struct crypto_tfm *tfm) | ||
209 | { | ||
210 | struct priv *ctx = crypto_tfm_ctx(tfm); | ||
211 | crypto_free_cipher(ctx->child); | ||
212 | crypto_free_cipher(ctx->tweak); | ||
213 | } | ||
214 | |||
215 | static struct crypto_instance *alloc(struct rtattr **tb) | ||
216 | { | ||
217 | struct crypto_instance *inst; | ||
218 | struct crypto_alg *alg; | ||
219 | int err; | ||
220 | |||
221 | err = crypto_check_attr_type(tb, CRYPTO_ALG_TYPE_BLKCIPHER); | ||
222 | if (err) | ||
223 | return ERR_PTR(err); | ||
224 | |||
225 | alg = crypto_get_attr_alg(tb, CRYPTO_ALG_TYPE_CIPHER, | ||
226 | CRYPTO_ALG_TYPE_MASK); | ||
227 | if (IS_ERR(alg)) | ||
228 | return ERR_PTR(PTR_ERR(alg)); | ||
229 | |||
230 | inst = crypto_alloc_instance("xts", alg); | ||
231 | if (IS_ERR(inst)) | ||
232 | goto out_put_alg; | ||
233 | |||
234 | inst->alg.cra_flags = CRYPTO_ALG_TYPE_BLKCIPHER; | ||
235 | inst->alg.cra_priority = alg->cra_priority; | ||
236 | inst->alg.cra_blocksize = alg->cra_blocksize; | ||
237 | |||
238 | if (alg->cra_alignmask < 7) | ||
239 | inst->alg.cra_alignmask = 7; | ||
240 | else | ||
241 | inst->alg.cra_alignmask = alg->cra_alignmask; | ||
242 | |||
243 | inst->alg.cra_type = &crypto_blkcipher_type; | ||
244 | |||
245 | inst->alg.cra_blkcipher.ivsize = alg->cra_blocksize; | ||
246 | inst->alg.cra_blkcipher.min_keysize = | ||
247 | 2 * alg->cra_cipher.cia_min_keysize; | ||
248 | inst->alg.cra_blkcipher.max_keysize = | ||
249 | 2 * alg->cra_cipher.cia_max_keysize; | ||
250 | |||
251 | inst->alg.cra_ctxsize = sizeof(struct priv); | ||
252 | |||
253 | inst->alg.cra_init = init_tfm; | ||
254 | inst->alg.cra_exit = exit_tfm; | ||
255 | |||
256 | inst->alg.cra_blkcipher.setkey = setkey; | ||
257 | inst->alg.cra_blkcipher.encrypt = encrypt; | ||
258 | inst->alg.cra_blkcipher.decrypt = decrypt; | ||
259 | |||
260 | out_put_alg: | ||
261 | crypto_mod_put(alg); | ||
262 | return inst; | ||
263 | } | ||
264 | |||
265 | static void free(struct crypto_instance *inst) | ||
266 | { | ||
267 | crypto_drop_spawn(crypto_instance_ctx(inst)); | ||
268 | kfree(inst); | ||
269 | } | ||
270 | |||
271 | static struct crypto_template crypto_tmpl = { | ||
272 | .name = "xts", | ||
273 | .alloc = alloc, | ||
274 | .free = free, | ||
275 | .module = THIS_MODULE, | ||
276 | }; | ||
277 | |||
278 | static int __init crypto_module_init(void) | ||
279 | { | ||
280 | return crypto_register_template(&crypto_tmpl); | ||
281 | } | ||
282 | |||
283 | static void __exit crypto_module_exit(void) | ||
284 | { | ||
285 | crypto_unregister_template(&crypto_tmpl); | ||
286 | } | ||
287 | |||
288 | module_init(crypto_module_init); | ||
289 | module_exit(crypto_module_exit); | ||
290 | |||
291 | MODULE_LICENSE("GPL"); | ||
292 | MODULE_DESCRIPTION("XTS block cipher mode"); | ||
diff --git a/include/crypto/gf128mul.h b/include/crypto/gf128mul.h index 4fd315202442..4086b8ebfafe 100644 --- a/include/crypto/gf128mul.h +++ b/include/crypto/gf128mul.h | |||
@@ -161,6 +161,8 @@ void gf128mul_lle(be128 *a, const be128 *b); | |||
161 | 161 | ||
162 | void gf128mul_bbe(be128 *a, const be128 *b); | 162 | void gf128mul_bbe(be128 *a, const be128 *b); |
163 | 163 | ||
164 | /* multiply by x in ble format, needed by XTS */ | ||
165 | void gf128mul_x_ble(be128 *a, const be128 *b); | ||
164 | 166 | ||
165 | /* 4k table optimization */ | 167 | /* 4k table optimization */ |
166 | 168 | ||