aboutsummaryrefslogtreecommitdiffstats
path: root/crypto
diff options
context:
space:
mode:
Diffstat (limited to 'crypto')
-rw-r--r--crypto/Kconfig40
-rw-r--r--crypto/Makefile16
-rw-r--r--crypto/ablkcipher.c9
-rw-r--r--crypto/aead.c101
-rw-r--r--crypto/aes_generic.c (renamed from crypto/aes.c)2
-rw-r--r--crypto/algapi.c37
-rw-r--r--crypto/authenc.c400
-rw-r--r--crypto/blkcipher.c57
-rw-r--r--crypto/cipher.c5
-rw-r--r--crypto/cryptd.c7
-rw-r--r--crypto/cryptomgr.c96
-rw-r--r--crypto/des_generic.c (renamed from crypto/des.c)1
-rw-r--r--crypto/gf128mul.c11
-rw-r--r--crypto/hash.c3
-rw-r--r--crypto/internal.h11
-rw-r--r--crypto/scatterwalk.c30
-rw-r--r--crypto/scatterwalk.h3
-rw-r--r--crypto/seed.c479
-rw-r--r--crypto/sha1_generic.c (renamed from crypto/sha1.c)10
-rw-r--r--crypto/sha256_generic.c (renamed from crypto/sha256.c)33
-rw-r--r--crypto/sha512.c63
-rw-r--r--crypto/tcrypt.c20
-rw-r--r--crypto/tcrypt.h507
-rw-r--r--crypto/xts.c292
24 files changed, 2075 insertions, 158 deletions
diff --git a/crypto/Kconfig b/crypto/Kconfig
index 3d1a1e27944f..083d2e1dfc21 100644
--- a/crypto/Kconfig
+++ b/crypto/Kconfig
@@ -28,6 +28,10 @@ config CRYPTO_ABLKCIPHER
28 tristate 28 tristate
29 select CRYPTO_BLKCIPHER 29 select CRYPTO_BLKCIPHER
30 30
31config CRYPTO_AEAD
32 tristate
33 select CRYPTO_ALGAPI
34
31config CRYPTO_BLKCIPHER 35config CRYPTO_BLKCIPHER
32 tristate 36 tristate
33 select CRYPTO_ALGAPI 37 select CRYPTO_ALGAPI
@@ -146,7 +150,6 @@ config CRYPTO_ECB
146 tristate "ECB support" 150 tristate "ECB support"
147 select CRYPTO_BLKCIPHER 151 select CRYPTO_BLKCIPHER
148 select CRYPTO_MANAGER 152 select CRYPTO_MANAGER
149 default m
150 help 153 help
151 ECB: Electronic CodeBook mode 154 ECB: Electronic CodeBook mode
152 This is the simplest block cipher algorithm. It simply encrypts 155 This is the simplest block cipher algorithm. It simply encrypts
@@ -156,7 +159,6 @@ config CRYPTO_CBC
156 tristate "CBC support" 159 tristate "CBC support"
157 select CRYPTO_BLKCIPHER 160 select CRYPTO_BLKCIPHER
158 select CRYPTO_MANAGER 161 select CRYPTO_MANAGER
159 default m
160 help 162 help
161 CBC: Cipher Block Chaining mode 163 CBC: Cipher Block Chaining mode
162 This block cipher algorithm is required for IPSec. 164 This block cipher algorithm is required for IPSec.
@@ -165,7 +167,6 @@ config CRYPTO_PCBC
165 tristate "PCBC support" 167 tristate "PCBC support"
166 select CRYPTO_BLKCIPHER 168 select CRYPTO_BLKCIPHER
167 select CRYPTO_MANAGER 169 select CRYPTO_MANAGER
168 default m
169 help 170 help
170 PCBC: Propagating Cipher Block Chaining mode 171 PCBC: Propagating Cipher Block Chaining mode
171 This block cipher algorithm is required for RxRPC. 172 This block cipher algorithm is required for RxRPC.
@@ -183,6 +184,17 @@ config CRYPTO_LRW
183 The first 128, 192 or 256 bits in the key are used for AES and the 184 The first 128, 192 or 256 bits in the key are used for AES and the
184 rest is used to tie each cipher block to its logical position. 185 rest is used to tie each cipher block to its logical position.
185 186
187config CRYPTO_XTS
188 tristate "XTS support (EXPERIMENTAL)"
189 depends on EXPERIMENTAL
190 select CRYPTO_BLKCIPHER
191 select CRYPTO_MANAGER
192 select CRYPTO_GF128MUL
193 help
194 XTS: IEEE1619/D16 narrow block cipher use with aes-xts-plain,
195 key size 256, 384 or 512 bits. This implementation currently
196 can't handle a sectorsize which is not a multiple of 16 bytes.
197
186config CRYPTO_CRYPTD 198config CRYPTO_CRYPTD
187 tristate "Software async crypto daemon" 199 tristate "Software async crypto daemon"
188 select CRYPTO_ABLKCIPHER 200 select CRYPTO_ABLKCIPHER
@@ -415,6 +427,20 @@ config CRYPTO_ANUBIS
415 <https://www.cosic.esat.kuleuven.ac.be/nessie/reports/> 427 <https://www.cosic.esat.kuleuven.ac.be/nessie/reports/>
416 <http://planeta.terra.com.br/informatica/paulobarreto/AnubisPage.html> 428 <http://planeta.terra.com.br/informatica/paulobarreto/AnubisPage.html>
417 429
430config CRYPTO_SEED
431 tristate "SEED cipher algorithm"
432 select CRYPTO_ALGAPI
433 help
434 SEED cipher algorithm (RFC4269).
435
436 SEED is a 128-bit symmetric key block cipher that has been
437 developed by KISA (Korea Information Security Agency) as a
438 national standard encryption algorithm of the Republic of Korea.
439 It is a 16 round block cipher with the key size of 128 bit.
440
441 See also:
442 <http://www.kisa.or.kr/kisa/seed/jsp/seed_eng.jsp>
443
418 444
419config CRYPTO_DEFLATE 445config CRYPTO_DEFLATE
420 tristate "Deflate compression algorithm" 446 tristate "Deflate compression algorithm"
@@ -468,6 +494,14 @@ config CRYPTO_TEST
468 help 494 help
469 Quick & dirty crypto test module. 495 Quick & dirty crypto test module.
470 496
497config CRYPTO_AUTHENC
498 tristate "Authenc support"
499 select CRYPTO_AEAD
500 select CRYPTO_MANAGER
501 help
502 Authenc: Combined mode wrapper for IPsec.
503 This is required for IPSec.
504
471source "drivers/crypto/Kconfig" 505source "drivers/crypto/Kconfig"
472 506
473endif # if CRYPTO 507endif # if CRYPTO
diff --git a/crypto/Makefile b/crypto/Makefile
index 0cf17f1ea151..43c2a0dc9936 100644
--- a/crypto/Makefile
+++ b/crypto/Makefile
@@ -2,13 +2,14 @@
2# Cryptographic API 2# Cryptographic API
3# 3#
4 4
5obj-$(CONFIG_CRYPTO) += api.o scatterwalk.o cipher.o digest.o compress.o 5obj-$(CONFIG_CRYPTO) += api.o cipher.o digest.o compress.o
6 6
7crypto_algapi-$(CONFIG_PROC_FS) += proc.o 7crypto_algapi-$(CONFIG_PROC_FS) += proc.o
8crypto_algapi-objs := algapi.o $(crypto_algapi-y) 8crypto_algapi-objs := algapi.o scatterwalk.o $(crypto_algapi-y)
9obj-$(CONFIG_CRYPTO_ALGAPI) += crypto_algapi.o 9obj-$(CONFIG_CRYPTO_ALGAPI) += crypto_algapi.o
10 10
11obj-$(CONFIG_CRYPTO_ABLKCIPHER) += ablkcipher.o 11obj-$(CONFIG_CRYPTO_ABLKCIPHER) += ablkcipher.o
12obj-$(CONFIG_CRYPTO_AEAD) += aead.o
12obj-$(CONFIG_CRYPTO_BLKCIPHER) += blkcipher.o 13obj-$(CONFIG_CRYPTO_BLKCIPHER) += blkcipher.o
13 14
14crypto_hash-objs := hash.o 15crypto_hash-objs := hash.o
@@ -20,8 +21,8 @@ obj-$(CONFIG_CRYPTO_XCBC) += xcbc.o
20obj-$(CONFIG_CRYPTO_NULL) += crypto_null.o 21obj-$(CONFIG_CRYPTO_NULL) += crypto_null.o
21obj-$(CONFIG_CRYPTO_MD4) += md4.o 22obj-$(CONFIG_CRYPTO_MD4) += md4.o
22obj-$(CONFIG_CRYPTO_MD5) += md5.o 23obj-$(CONFIG_CRYPTO_MD5) += md5.o
23obj-$(CONFIG_CRYPTO_SHA1) += sha1.o 24obj-$(CONFIG_CRYPTO_SHA1) += sha1_generic.o
24obj-$(CONFIG_CRYPTO_SHA256) += sha256.o 25obj-$(CONFIG_CRYPTO_SHA256) += sha256_generic.o
25obj-$(CONFIG_CRYPTO_SHA512) += sha512.o 26obj-$(CONFIG_CRYPTO_SHA512) += sha512.o
26obj-$(CONFIG_CRYPTO_WP512) += wp512.o 27obj-$(CONFIG_CRYPTO_WP512) += wp512.o
27obj-$(CONFIG_CRYPTO_TGR192) += tgr192.o 28obj-$(CONFIG_CRYPTO_TGR192) += tgr192.o
@@ -30,14 +31,15 @@ obj-$(CONFIG_CRYPTO_ECB) += ecb.o
30obj-$(CONFIG_CRYPTO_CBC) += cbc.o 31obj-$(CONFIG_CRYPTO_CBC) += cbc.o
31obj-$(CONFIG_CRYPTO_PCBC) += pcbc.o 32obj-$(CONFIG_CRYPTO_PCBC) += pcbc.o
32obj-$(CONFIG_CRYPTO_LRW) += lrw.o 33obj-$(CONFIG_CRYPTO_LRW) += lrw.o
34obj-$(CONFIG_CRYPTO_XTS) += xts.o
33obj-$(CONFIG_CRYPTO_CRYPTD) += cryptd.o 35obj-$(CONFIG_CRYPTO_CRYPTD) += cryptd.o
34obj-$(CONFIG_CRYPTO_DES) += des.o 36obj-$(CONFIG_CRYPTO_DES) += des_generic.o
35obj-$(CONFIG_CRYPTO_FCRYPT) += fcrypt.o 37obj-$(CONFIG_CRYPTO_FCRYPT) += fcrypt.o
36obj-$(CONFIG_CRYPTO_BLOWFISH) += blowfish.o 38obj-$(CONFIG_CRYPTO_BLOWFISH) += blowfish.o
37obj-$(CONFIG_CRYPTO_TWOFISH) += twofish.o 39obj-$(CONFIG_CRYPTO_TWOFISH) += twofish.o
38obj-$(CONFIG_CRYPTO_TWOFISH_COMMON) += twofish_common.o 40obj-$(CONFIG_CRYPTO_TWOFISH_COMMON) += twofish_common.o
39obj-$(CONFIG_CRYPTO_SERPENT) += serpent.o 41obj-$(CONFIG_CRYPTO_SERPENT) += serpent.o
40obj-$(CONFIG_CRYPTO_AES) += aes.o 42obj-$(CONFIG_CRYPTO_AES) += aes_generic.o
41obj-$(CONFIG_CRYPTO_CAMELLIA) += camellia.o 43obj-$(CONFIG_CRYPTO_CAMELLIA) += camellia.o
42obj-$(CONFIG_CRYPTO_CAST5) += cast5.o 44obj-$(CONFIG_CRYPTO_CAST5) += cast5.o
43obj-$(CONFIG_CRYPTO_CAST6) += cast6.o 45obj-$(CONFIG_CRYPTO_CAST6) += cast6.o
@@ -45,9 +47,11 @@ obj-$(CONFIG_CRYPTO_ARC4) += arc4.o
45obj-$(CONFIG_CRYPTO_TEA) += tea.o 47obj-$(CONFIG_CRYPTO_TEA) += tea.o
46obj-$(CONFIG_CRYPTO_KHAZAD) += khazad.o 48obj-$(CONFIG_CRYPTO_KHAZAD) += khazad.o
47obj-$(CONFIG_CRYPTO_ANUBIS) += anubis.o 49obj-$(CONFIG_CRYPTO_ANUBIS) += anubis.o
50obj-$(CONFIG_CRYPTO_SEED) += seed.o
48obj-$(CONFIG_CRYPTO_DEFLATE) += deflate.o 51obj-$(CONFIG_CRYPTO_DEFLATE) += deflate.o
49obj-$(CONFIG_CRYPTO_MICHAEL_MIC) += michael_mic.o 52obj-$(CONFIG_CRYPTO_MICHAEL_MIC) += michael_mic.o
50obj-$(CONFIG_CRYPTO_CRC32C) += crc32c.o 53obj-$(CONFIG_CRYPTO_CRC32C) += crc32c.o
54obj-$(CONFIG_CRYPTO_AUTHENC) += authenc.o
51 55
52obj-$(CONFIG_CRYPTO_TEST) += tcrypt.o 56obj-$(CONFIG_CRYPTO_TEST) += tcrypt.o
53 57
diff --git a/crypto/ablkcipher.c b/crypto/ablkcipher.c
index 3dbb1cc6eab5..2731acb86e7d 100644
--- a/crypto/ablkcipher.c
+++ b/crypto/ablkcipher.c
@@ -16,10 +16,13 @@
16#include <crypto/algapi.h> 16#include <crypto/algapi.h>
17#include <linux/errno.h> 17#include <linux/errno.h>
18#include <linux/init.h> 18#include <linux/init.h>
19#include <linux/kernel.h>
19#include <linux/module.h> 20#include <linux/module.h>
21#include <linux/slab.h>
20#include <linux/seq_file.h> 22#include <linux/seq_file.h>
21 23
22static int setkey_unaligned(struct crypto_ablkcipher *tfm, const u8 *key, unsigned int keylen) 24static int setkey_unaligned(struct crypto_ablkcipher *tfm, const u8 *key,
25 unsigned int keylen)
23{ 26{
24 struct ablkcipher_alg *cipher = crypto_ablkcipher_alg(tfm); 27 struct ablkcipher_alg *cipher = crypto_ablkcipher_alg(tfm);
25 unsigned long alignmask = crypto_ablkcipher_alignmask(tfm); 28 unsigned long alignmask = crypto_ablkcipher_alignmask(tfm);
@@ -91,10 +94,6 @@ static void crypto_ablkcipher_show(struct seq_file *m, struct crypto_alg *alg)
91 seq_printf(m, "min keysize : %u\n", ablkcipher->min_keysize); 94 seq_printf(m, "min keysize : %u\n", ablkcipher->min_keysize);
92 seq_printf(m, "max keysize : %u\n", ablkcipher->max_keysize); 95 seq_printf(m, "max keysize : %u\n", ablkcipher->max_keysize);
93 seq_printf(m, "ivsize : %u\n", ablkcipher->ivsize); 96 seq_printf(m, "ivsize : %u\n", ablkcipher->ivsize);
94 if (ablkcipher->queue) {
95 seq_printf(m, "qlen : %u\n", ablkcipher->queue->qlen);
96 seq_printf(m, "max qlen : %u\n", ablkcipher->queue->max_qlen);
97 }
98} 97}
99 98
100const struct crypto_type crypto_ablkcipher_type = { 99const struct crypto_type crypto_ablkcipher_type = {
diff --git a/crypto/aead.c b/crypto/aead.c
new file mode 100644
index 000000000000..84a3501fb478
--- /dev/null
+++ b/crypto/aead.c
@@ -0,0 +1,101 @@
1/*
2 * AEAD: Authenticated Encryption with Associated Data
3 *
4 * This file provides API support for AEAD algorithms.
5 *
6 * Copyright (c) 2007 Herbert Xu <herbert@gondor.apana.org.au>
7 *
8 * This program is free software; you can redistribute it and/or modify it
9 * under the terms of the GNU General Public License as published by the Free
10 * Software Foundation; either version 2 of the License, or (at your option)
11 * any later version.
12 *
13 */
14
15#include <crypto/algapi.h>
16#include <linux/errno.h>
17#include <linux/init.h>
18#include <linux/kernel.h>
19#include <linux/module.h>
20#include <linux/slab.h>
21#include <linux/seq_file.h>
22
23static int setkey_unaligned(struct crypto_aead *tfm, const u8 *key,
24 unsigned int keylen)
25{
26 struct aead_alg *aead = crypto_aead_alg(tfm);
27 unsigned long alignmask = crypto_aead_alignmask(tfm);
28 int ret;
29 u8 *buffer, *alignbuffer;
30 unsigned long absize;
31
32 absize = keylen + alignmask;
33 buffer = kmalloc(absize, GFP_ATOMIC);
34 if (!buffer)
35 return -ENOMEM;
36
37 alignbuffer = (u8 *)ALIGN((unsigned long)buffer, alignmask + 1);
38 memcpy(alignbuffer, key, keylen);
39 ret = aead->setkey(tfm, alignbuffer, keylen);
40 memset(alignbuffer, 0, keylen);
41 kfree(buffer);
42 return ret;
43}
44
45static int setkey(struct crypto_aead *tfm, const u8 *key, unsigned int keylen)
46{
47 struct aead_alg *aead = crypto_aead_alg(tfm);
48 unsigned long alignmask = crypto_aead_alignmask(tfm);
49
50 if ((unsigned long)key & alignmask)
51 return setkey_unaligned(tfm, key, keylen);
52
53 return aead->setkey(tfm, key, keylen);
54}
55
56static unsigned int crypto_aead_ctxsize(struct crypto_alg *alg, u32 type,
57 u32 mask)
58{
59 return alg->cra_ctxsize;
60}
61
62static int crypto_init_aead_ops(struct crypto_tfm *tfm, u32 type, u32 mask)
63{
64 struct aead_alg *alg = &tfm->__crt_alg->cra_aead;
65 struct aead_tfm *crt = &tfm->crt_aead;
66
67 if (max(alg->authsize, alg->ivsize) > PAGE_SIZE / 8)
68 return -EINVAL;
69
70 crt->setkey = setkey;
71 crt->encrypt = alg->encrypt;
72 crt->decrypt = alg->decrypt;
73 crt->ivsize = alg->ivsize;
74 crt->authsize = alg->authsize;
75
76 return 0;
77}
78
79static void crypto_aead_show(struct seq_file *m, struct crypto_alg *alg)
80 __attribute__ ((unused));
81static void crypto_aead_show(struct seq_file *m, struct crypto_alg *alg)
82{
83 struct aead_alg *aead = &alg->cra_aead;
84
85 seq_printf(m, "type : aead\n");
86 seq_printf(m, "blocksize : %u\n", alg->cra_blocksize);
87 seq_printf(m, "ivsize : %u\n", aead->ivsize);
88 seq_printf(m, "authsize : %u\n", aead->authsize);
89}
90
91const struct crypto_type crypto_aead_type = {
92 .ctxsize = crypto_aead_ctxsize,
93 .init = crypto_init_aead_ops,
94#ifdef CONFIG_PROC_FS
95 .show = crypto_aead_show,
96#endif
97};
98EXPORT_SYMBOL_GPL(crypto_aead_type);
99
100MODULE_LICENSE("GPL");
101MODULE_DESCRIPTION("Authenticated Encryption with Associated Data (AEAD)");
diff --git a/crypto/aes.c b/crypto/aes_generic.c
index e2440773878c..9401dca85e87 100644
--- a/crypto/aes.c
+++ b/crypto/aes_generic.c
@@ -453,4 +453,4 @@ module_exit(aes_fini);
453 453
454MODULE_DESCRIPTION("Rijndael (AES) Cipher Algorithm"); 454MODULE_DESCRIPTION("Rijndael (AES) Cipher Algorithm");
455MODULE_LICENSE("Dual BSD/GPL"); 455MODULE_LICENSE("Dual BSD/GPL");
456 456MODULE_ALIAS("aes");
diff --git a/crypto/algapi.c b/crypto/algapi.c
index 38aa9e994703..8ff8c2656d9c 100644
--- a/crypto/algapi.c
+++ b/crypto/algapi.c
@@ -63,9 +63,6 @@ static int crypto_check_alg(struct crypto_alg *alg)
63 if (alg->cra_alignmask & (alg->cra_alignmask + 1)) 63 if (alg->cra_alignmask & (alg->cra_alignmask + 1))
64 return -EINVAL; 64 return -EINVAL;
65 65
66 if (alg->cra_alignmask & alg->cra_blocksize)
67 return -EINVAL;
68
69 if (alg->cra_blocksize > PAGE_SIZE / 8) 66 if (alg->cra_blocksize > PAGE_SIZE / 8)
70 return -EINVAL; 67 return -EINVAL;
71 68
@@ -152,6 +149,11 @@ static int __crypto_register_alg(struct crypto_alg *alg,
152 if (crypto_is_larval(q)) { 149 if (crypto_is_larval(q)) {
153 struct crypto_larval *larval = (void *)q; 150 struct crypto_larval *larval = (void *)q;
154 151
152 /*
153 * Check to see if either our generic name or
154 * specific name can satisfy the name requested
155 * by the larval entry q.
156 */
155 if (strcmp(alg->cra_name, q->cra_name) && 157 if (strcmp(alg->cra_name, q->cra_name) &&
156 strcmp(alg->cra_driver_name, q->cra_name)) 158 strcmp(alg->cra_driver_name, q->cra_name))
157 continue; 159 continue;
@@ -439,13 +441,15 @@ EXPORT_SYMBOL_GPL(crypto_unregister_notifier);
439 441
440struct crypto_attr_type *crypto_get_attr_type(struct rtattr **tb) 442struct crypto_attr_type *crypto_get_attr_type(struct rtattr **tb)
441{ 443{
442 struct rtattr *rta = tb[CRYPTOA_TYPE - 1]; 444 struct rtattr *rta = tb[0];
443 struct crypto_attr_type *algt; 445 struct crypto_attr_type *algt;
444 446
445 if (!rta) 447 if (!rta)
446 return ERR_PTR(-ENOENT); 448 return ERR_PTR(-ENOENT);
447 if (RTA_PAYLOAD(rta) < sizeof(*algt)) 449 if (RTA_PAYLOAD(rta) < sizeof(*algt))
448 return ERR_PTR(-EINVAL); 450 return ERR_PTR(-EINVAL);
451 if (rta->rta_type != CRYPTOA_TYPE)
452 return ERR_PTR(-EINVAL);
449 453
450 algt = RTA_DATA(rta); 454 algt = RTA_DATA(rta);
451 455
@@ -468,22 +472,41 @@ int crypto_check_attr_type(struct rtattr **tb, u32 type)
468} 472}
469EXPORT_SYMBOL_GPL(crypto_check_attr_type); 473EXPORT_SYMBOL_GPL(crypto_check_attr_type);
470 474
471struct crypto_alg *crypto_get_attr_alg(struct rtattr **tb, u32 type, u32 mask) 475struct crypto_alg *crypto_attr_alg(struct rtattr *rta, u32 type, u32 mask)
472{ 476{
473 struct rtattr *rta = tb[CRYPTOA_ALG - 1];
474 struct crypto_attr_alg *alga; 477 struct crypto_attr_alg *alga;
475 478
476 if (!rta) 479 if (!rta)
477 return ERR_PTR(-ENOENT); 480 return ERR_PTR(-ENOENT);
478 if (RTA_PAYLOAD(rta) < sizeof(*alga)) 481 if (RTA_PAYLOAD(rta) < sizeof(*alga))
479 return ERR_PTR(-EINVAL); 482 return ERR_PTR(-EINVAL);
483 if (rta->rta_type != CRYPTOA_ALG)
484 return ERR_PTR(-EINVAL);
480 485
481 alga = RTA_DATA(rta); 486 alga = RTA_DATA(rta);
482 alga->name[CRYPTO_MAX_ALG_NAME - 1] = 0; 487 alga->name[CRYPTO_MAX_ALG_NAME - 1] = 0;
483 488
484 return crypto_alg_mod_lookup(alga->name, type, mask); 489 return crypto_alg_mod_lookup(alga->name, type, mask);
485} 490}
486EXPORT_SYMBOL_GPL(crypto_get_attr_alg); 491EXPORT_SYMBOL_GPL(crypto_attr_alg);
492
493int crypto_attr_u32(struct rtattr *rta, u32 *num)
494{
495 struct crypto_attr_u32 *nu32;
496
497 if (!rta)
498 return -ENOENT;
499 if (RTA_PAYLOAD(rta) < sizeof(*nu32))
500 return -EINVAL;
501 if (rta->rta_type != CRYPTOA_U32)
502 return -EINVAL;
503
504 nu32 = RTA_DATA(rta);
505 *num = nu32->num;
506
507 return 0;
508}
509EXPORT_SYMBOL_GPL(crypto_attr_u32);
487 510
488struct crypto_instance *crypto_alloc_instance(const char *name, 511struct crypto_instance *crypto_alloc_instance(const char *name,
489 struct crypto_alg *alg) 512 struct crypto_alg *alg)
diff --git a/crypto/authenc.c b/crypto/authenc.c
new file mode 100644
index 000000000000..0b29a6ae673d
--- /dev/null
+++ b/crypto/authenc.c
@@ -0,0 +1,400 @@
1/*
2 * Authenc: Simple AEAD wrapper for IPsec
3 *
4 * Copyright (c) 2007 Herbert Xu <herbert@gondor.apana.org.au>
5 *
6 * This program is free software; you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License as published by the Free
8 * Software Foundation; either version 2 of the License, or (at your option)
9 * any later version.
10 *
11 */
12
13#include <crypto/algapi.h>
14#include <linux/err.h>
15#include <linux/init.h>
16#include <linux/kernel.h>
17#include <linux/module.h>
18#include <linux/slab.h>
19#include <linux/spinlock.h>
20
21#include "scatterwalk.h"
22
23struct authenc_instance_ctx {
24 struct crypto_spawn auth;
25 struct crypto_spawn enc;
26
27 unsigned int authsize;
28 unsigned int enckeylen;
29};
30
31struct crypto_authenc_ctx {
32 spinlock_t auth_lock;
33 struct crypto_hash *auth;
34 struct crypto_ablkcipher *enc;
35};
36
37static int crypto_authenc_setkey(struct crypto_aead *authenc, const u8 *key,
38 unsigned int keylen)
39{
40 struct authenc_instance_ctx *ictx =
41 crypto_instance_ctx(crypto_aead_alg_instance(authenc));
42 unsigned int enckeylen = ictx->enckeylen;
43 unsigned int authkeylen;
44 struct crypto_authenc_ctx *ctx = crypto_aead_ctx(authenc);
45 struct crypto_hash *auth = ctx->auth;
46 struct crypto_ablkcipher *enc = ctx->enc;
47 int err = -EINVAL;
48
49 if (keylen < enckeylen) {
50 crypto_aead_set_flags(authenc, CRYPTO_TFM_RES_BAD_KEY_LEN);
51 goto out;
52 }
53 authkeylen = keylen - enckeylen;
54
55 crypto_hash_clear_flags(auth, CRYPTO_TFM_REQ_MASK);
56 crypto_hash_set_flags(auth, crypto_aead_get_flags(authenc) &
57 CRYPTO_TFM_REQ_MASK);
58 err = crypto_hash_setkey(auth, key, authkeylen);
59 crypto_aead_set_flags(authenc, crypto_hash_get_flags(auth) &
60 CRYPTO_TFM_RES_MASK);
61
62 if (err)
63 goto out;
64
65 crypto_ablkcipher_clear_flags(enc, CRYPTO_TFM_REQ_MASK);
66 crypto_ablkcipher_set_flags(enc, crypto_aead_get_flags(authenc) &
67 CRYPTO_TFM_REQ_MASK);
68 err = crypto_ablkcipher_setkey(enc, key + authkeylen, enckeylen);
69 crypto_aead_set_flags(authenc, crypto_ablkcipher_get_flags(enc) &
70 CRYPTO_TFM_RES_MASK);
71
72out:
73 return err;
74}
75
76static int crypto_authenc_hash(struct aead_request *req)
77{
78 struct crypto_aead *authenc = crypto_aead_reqtfm(req);
79 struct authenc_instance_ctx *ictx =
80 crypto_instance_ctx(crypto_aead_alg_instance(authenc));
81 struct crypto_authenc_ctx *ctx = crypto_aead_ctx(authenc);
82 struct crypto_hash *auth = ctx->auth;
83 struct hash_desc desc = {
84 .tfm = auth,
85 };
86 u8 *hash = aead_request_ctx(req);
87 struct scatterlist *dst;
88 unsigned int cryptlen;
89 int err;
90
91 hash = (u8 *)ALIGN((unsigned long)hash + crypto_hash_alignmask(auth),
92 crypto_hash_alignmask(auth) + 1);
93
94 spin_lock_bh(&ctx->auth_lock);
95 err = crypto_hash_init(&desc);
96 if (err)
97 goto auth_unlock;
98
99 err = crypto_hash_update(&desc, req->assoc, req->assoclen);
100 if (err)
101 goto auth_unlock;
102
103 cryptlen = req->cryptlen;
104 dst = req->dst;
105 err = crypto_hash_update(&desc, dst, cryptlen);
106 if (err)
107 goto auth_unlock;
108
109 err = crypto_hash_final(&desc, hash);
110auth_unlock:
111 spin_unlock_bh(&ctx->auth_lock);
112
113 if (err)
114 return err;
115
116 scatterwalk_map_and_copy(hash, dst, cryptlen, ictx->authsize, 1);
117 return 0;
118}
119
120static void crypto_authenc_encrypt_done(struct crypto_async_request *req,
121 int err)
122{
123 if (!err)
124 err = crypto_authenc_hash(req->data);
125
126 aead_request_complete(req->data, err);
127}
128
129static int crypto_authenc_encrypt(struct aead_request *req)
130{
131 struct crypto_aead *authenc = crypto_aead_reqtfm(req);
132 struct crypto_authenc_ctx *ctx = crypto_aead_ctx(authenc);
133 struct ablkcipher_request *abreq = aead_request_ctx(req);
134 int err;
135
136 ablkcipher_request_set_tfm(abreq, ctx->enc);
137 ablkcipher_request_set_callback(abreq, aead_request_flags(req),
138 crypto_authenc_encrypt_done, req);
139 ablkcipher_request_set_crypt(abreq, req->src, req->dst, req->cryptlen,
140 req->iv);
141
142 err = crypto_ablkcipher_encrypt(abreq);
143 if (err)
144 return err;
145
146 return crypto_authenc_hash(req);
147}
148
149static int crypto_authenc_verify(struct aead_request *req)
150{
151 struct crypto_aead *authenc = crypto_aead_reqtfm(req);
152 struct authenc_instance_ctx *ictx =
153 crypto_instance_ctx(crypto_aead_alg_instance(authenc));
154 struct crypto_authenc_ctx *ctx = crypto_aead_ctx(authenc);
155 struct crypto_hash *auth = ctx->auth;
156 struct hash_desc desc = {
157 .tfm = auth,
158 .flags = aead_request_flags(req),
159 };
160 u8 *ohash = aead_request_ctx(req);
161 u8 *ihash;
162 struct scatterlist *src;
163 unsigned int cryptlen;
164 unsigned int authsize;
165 int err;
166
167 ohash = (u8 *)ALIGN((unsigned long)ohash + crypto_hash_alignmask(auth),
168 crypto_hash_alignmask(auth) + 1);
169 ihash = ohash + crypto_hash_digestsize(auth);
170
171 spin_lock_bh(&ctx->auth_lock);
172 err = crypto_hash_init(&desc);
173 if (err)
174 goto auth_unlock;
175
176 err = crypto_hash_update(&desc, req->assoc, req->assoclen);
177 if (err)
178 goto auth_unlock;
179
180 cryptlen = req->cryptlen;
181 src = req->src;
182 err = crypto_hash_update(&desc, src, cryptlen);
183 if (err)
184 goto auth_unlock;
185
186 err = crypto_hash_final(&desc, ohash);
187auth_unlock:
188 spin_unlock_bh(&ctx->auth_lock);
189
190 if (err)
191 return err;
192
193 authsize = ictx->authsize;
194 scatterwalk_map_and_copy(ihash, src, cryptlen, authsize, 0);
195 return memcmp(ihash, ohash, authsize) ? -EINVAL : 0;
196}
197
198static void crypto_authenc_decrypt_done(struct crypto_async_request *req,
199 int err)
200{
201 aead_request_complete(req->data, err);
202}
203
204static int crypto_authenc_decrypt(struct aead_request *req)
205{
206 struct crypto_aead *authenc = crypto_aead_reqtfm(req);
207 struct crypto_authenc_ctx *ctx = crypto_aead_ctx(authenc);
208 struct ablkcipher_request *abreq = aead_request_ctx(req);
209 int err;
210
211 err = crypto_authenc_verify(req);
212 if (err)
213 return err;
214
215 ablkcipher_request_set_tfm(abreq, ctx->enc);
216 ablkcipher_request_set_callback(abreq, aead_request_flags(req),
217 crypto_authenc_decrypt_done, req);
218 ablkcipher_request_set_crypt(abreq, req->src, req->dst, req->cryptlen,
219 req->iv);
220
221 return crypto_ablkcipher_decrypt(abreq);
222}
223
224static int crypto_authenc_init_tfm(struct crypto_tfm *tfm)
225{
226 struct crypto_instance *inst = (void *)tfm->__crt_alg;
227 struct authenc_instance_ctx *ictx = crypto_instance_ctx(inst);
228 struct crypto_authenc_ctx *ctx = crypto_tfm_ctx(tfm);
229 struct crypto_hash *auth;
230 struct crypto_ablkcipher *enc;
231 unsigned int digestsize;
232 int err;
233
234 auth = crypto_spawn_hash(&ictx->auth);
235 if (IS_ERR(auth))
236 return PTR_ERR(auth);
237
238 err = -EINVAL;
239 digestsize = crypto_hash_digestsize(auth);
240 if (ictx->authsize > digestsize)
241 goto err_free_hash;
242
243 enc = crypto_spawn_ablkcipher(&ictx->enc);
244 err = PTR_ERR(enc);
245 if (IS_ERR(enc))
246 goto err_free_hash;
247
248 ctx->auth = auth;
249 ctx->enc = enc;
250 tfm->crt_aead.reqsize = max_t(unsigned int,
251 (crypto_hash_alignmask(auth) &
252 ~(crypto_tfm_ctx_alignment() - 1)) +
253 digestsize * 2,
254 sizeof(struct ablkcipher_request) +
255 crypto_ablkcipher_reqsize(enc));
256
257 spin_lock_init(&ctx->auth_lock);
258
259 return 0;
260
261err_free_hash:
262 crypto_free_hash(auth);
263 return err;
264}
265
266static void crypto_authenc_exit_tfm(struct crypto_tfm *tfm)
267{
268 struct crypto_authenc_ctx *ctx = crypto_tfm_ctx(tfm);
269
270 crypto_free_hash(ctx->auth);
271 crypto_free_ablkcipher(ctx->enc);
272}
273
274static struct crypto_instance *crypto_authenc_alloc(struct rtattr **tb)
275{
276 struct crypto_instance *inst;
277 struct crypto_alg *auth;
278 struct crypto_alg *enc;
279 struct authenc_instance_ctx *ctx;
280 unsigned int authsize;
281 unsigned int enckeylen;
282 int err;
283
284 err = crypto_check_attr_type(tb, CRYPTO_ALG_TYPE_AEAD);
285 if (err)
286 return ERR_PTR(err);
287
288 auth = crypto_attr_alg(tb[1], CRYPTO_ALG_TYPE_HASH,
289 CRYPTO_ALG_TYPE_HASH_MASK);
290 if (IS_ERR(auth))
291 return ERR_PTR(PTR_ERR(auth));
292
293 err = crypto_attr_u32(tb[2], &authsize);
294 inst = ERR_PTR(err);
295 if (err)
296 goto out_put_auth;
297
298 enc = crypto_attr_alg(tb[3], CRYPTO_ALG_TYPE_BLKCIPHER,
299 CRYPTO_ALG_TYPE_MASK);
300 inst = ERR_PTR(PTR_ERR(enc));
301 if (IS_ERR(enc))
302 goto out_put_auth;
303
304 err = crypto_attr_u32(tb[4], &enckeylen);
305 if (err)
306 goto out_put_enc;
307
308 inst = kzalloc(sizeof(*inst) + sizeof(*ctx), GFP_KERNEL);
309 err = -ENOMEM;
310 if (!inst)
311 goto out_put_enc;
312
313 err = -ENAMETOOLONG;
314 if (snprintf(inst->alg.cra_name, CRYPTO_MAX_ALG_NAME,
315 "authenc(%s,%u,%s,%u)", auth->cra_name, authsize,
316 enc->cra_name, enckeylen) >= CRYPTO_MAX_ALG_NAME)
317 goto err_free_inst;
318
319 if (snprintf(inst->alg.cra_driver_name, CRYPTO_MAX_ALG_NAME,
320 "authenc(%s,%u,%s,%u)", auth->cra_driver_name,
321 authsize, enc->cra_driver_name, enckeylen) >=
322 CRYPTO_MAX_ALG_NAME)
323 goto err_free_inst;
324
325 ctx = crypto_instance_ctx(inst);
326 ctx->authsize = authsize;
327 ctx->enckeylen = enckeylen;
328
329 err = crypto_init_spawn(&ctx->auth, auth, inst, CRYPTO_ALG_TYPE_MASK);
330 if (err)
331 goto err_free_inst;
332
333 err = crypto_init_spawn(&ctx->enc, enc, inst, CRYPTO_ALG_TYPE_MASK);
334 if (err)
335 goto err_drop_auth;
336
337 inst->alg.cra_flags = CRYPTO_ALG_TYPE_AEAD | CRYPTO_ALG_ASYNC;
338 inst->alg.cra_priority = enc->cra_priority * 10 + auth->cra_priority;
339 inst->alg.cra_blocksize = enc->cra_blocksize;
340 inst->alg.cra_alignmask = max(auth->cra_alignmask, enc->cra_alignmask);
341 inst->alg.cra_type = &crypto_aead_type;
342
343 inst->alg.cra_aead.ivsize = enc->cra_blkcipher.ivsize;
344 inst->alg.cra_aead.authsize = authsize;
345
346 inst->alg.cra_ctxsize = sizeof(struct crypto_authenc_ctx);
347
348 inst->alg.cra_init = crypto_authenc_init_tfm;
349 inst->alg.cra_exit = crypto_authenc_exit_tfm;
350
351 inst->alg.cra_aead.setkey = crypto_authenc_setkey;
352 inst->alg.cra_aead.encrypt = crypto_authenc_encrypt;
353 inst->alg.cra_aead.decrypt = crypto_authenc_decrypt;
354
355out:
356 crypto_mod_put(enc);
357out_put_auth:
358 crypto_mod_put(auth);
359 return inst;
360
361err_drop_auth:
362 crypto_drop_spawn(&ctx->auth);
363err_free_inst:
364 kfree(inst);
365out_put_enc:
366 inst = ERR_PTR(err);
367 goto out;
368}
369
370static void crypto_authenc_free(struct crypto_instance *inst)
371{
372 struct authenc_instance_ctx *ctx = crypto_instance_ctx(inst);
373
374 crypto_drop_spawn(&ctx->enc);
375 crypto_drop_spawn(&ctx->auth);
376 kfree(inst);
377}
378
379static struct crypto_template crypto_authenc_tmpl = {
380 .name = "authenc",
381 .alloc = crypto_authenc_alloc,
382 .free = crypto_authenc_free,
383 .module = THIS_MODULE,
384};
385
386static int __init crypto_authenc_module_init(void)
387{
388 return crypto_register_template(&crypto_authenc_tmpl);
389}
390
391static void __exit crypto_authenc_module_exit(void)
392{
393 crypto_unregister_template(&crypto_authenc_tmpl);
394}
395
396module_init(crypto_authenc_module_init);
397module_exit(crypto_authenc_module_exit);
398
399MODULE_LICENSE("GPL");
400MODULE_DESCRIPTION("Simple AEAD wrapper for IPsec");
diff --git a/crypto/blkcipher.c b/crypto/blkcipher.c
index d8f8ec320213..f6c67f9d4e5c 100644
--- a/crypto/blkcipher.c
+++ b/crypto/blkcipher.c
@@ -65,7 +65,7 @@ static inline void blkcipher_unmap_dst(struct blkcipher_walk *walk)
65static inline u8 *blkcipher_get_spot(u8 *start, unsigned int len) 65static inline u8 *blkcipher_get_spot(u8 *start, unsigned int len)
66{ 66{
67 u8 *end_page = (u8 *)(((unsigned long)(start + len - 1)) & PAGE_MASK); 67 u8 *end_page = (u8 *)(((unsigned long)(start + len - 1)) & PAGE_MASK);
68 return start > end_page ? start : end_page; 68 return max(start, end_page);
69} 69}
70 70
71static inline unsigned int blkcipher_done_slow(struct crypto_blkcipher *tfm, 71static inline unsigned int blkcipher_done_slow(struct crypto_blkcipher *tfm,
@@ -84,8 +84,6 @@ static inline unsigned int blkcipher_done_slow(struct crypto_blkcipher *tfm,
84static inline unsigned int blkcipher_done_fast(struct blkcipher_walk *walk, 84static inline unsigned int blkcipher_done_fast(struct blkcipher_walk *walk,
85 unsigned int n) 85 unsigned int n)
86{ 86{
87 n = walk->nbytes - n;
88
89 if (walk->flags & BLKCIPHER_WALK_COPY) { 87 if (walk->flags & BLKCIPHER_WALK_COPY) {
90 blkcipher_map_dst(walk); 88 blkcipher_map_dst(walk);
91 memcpy(walk->dst.virt.addr, walk->page, n); 89 memcpy(walk->dst.virt.addr, walk->page, n);
@@ -109,13 +107,15 @@ int blkcipher_walk_done(struct blkcipher_desc *desc,
109 unsigned int nbytes = 0; 107 unsigned int nbytes = 0;
110 108
111 if (likely(err >= 0)) { 109 if (likely(err >= 0)) {
112 unsigned int bsize = crypto_blkcipher_blocksize(tfm); 110 unsigned int n = walk->nbytes - err;
113 unsigned int n;
114 111
115 if (likely(!(walk->flags & BLKCIPHER_WALK_SLOW))) 112 if (likely(!(walk->flags & BLKCIPHER_WALK_SLOW)))
116 n = blkcipher_done_fast(walk, err); 113 n = blkcipher_done_fast(walk, n);
117 else 114 else if (WARN_ON(err)) {
118 n = blkcipher_done_slow(tfm, walk, bsize); 115 err = -EINVAL;
116 goto err;
117 } else
118 n = blkcipher_done_slow(tfm, walk, n);
119 119
120 nbytes = walk->total - n; 120 nbytes = walk->total - n;
121 err = 0; 121 err = 0;
@@ -132,6 +132,7 @@ int blkcipher_walk_done(struct blkcipher_desc *desc,
132 return blkcipher_walk_next(desc, walk); 132 return blkcipher_walk_next(desc, walk);
133 } 133 }
134 134
135err:
135 if (walk->iv != desc->info) 136 if (walk->iv != desc->info)
136 memcpy(desc->info, walk->iv, crypto_blkcipher_ivsize(tfm)); 137 memcpy(desc->info, walk->iv, crypto_blkcipher_ivsize(tfm));
137 if (walk->buffer != walk->page) 138 if (walk->buffer != walk->page)
@@ -149,6 +150,7 @@ static inline int blkcipher_next_slow(struct blkcipher_desc *desc,
149 unsigned int alignmask) 150 unsigned int alignmask)
150{ 151{
151 unsigned int n; 152 unsigned int n;
153 unsigned aligned_bsize = ALIGN(bsize, alignmask + 1);
152 154
153 if (walk->buffer) 155 if (walk->buffer)
154 goto ok; 156 goto ok;
@@ -157,7 +159,7 @@ static inline int blkcipher_next_slow(struct blkcipher_desc *desc,
157 if (walk->buffer) 159 if (walk->buffer)
158 goto ok; 160 goto ok;
159 161
160 n = bsize * 3 - (alignmask + 1) + 162 n = aligned_bsize * 3 - (alignmask + 1) +
161 (alignmask & ~(crypto_tfm_ctx_alignment() - 1)); 163 (alignmask & ~(crypto_tfm_ctx_alignment() - 1));
162 walk->buffer = kmalloc(n, GFP_ATOMIC); 164 walk->buffer = kmalloc(n, GFP_ATOMIC);
163 if (!walk->buffer) 165 if (!walk->buffer)
@@ -167,8 +169,8 @@ ok:
167 walk->dst.virt.addr = (u8 *)ALIGN((unsigned long)walk->buffer, 169 walk->dst.virt.addr = (u8 *)ALIGN((unsigned long)walk->buffer,
168 alignmask + 1); 170 alignmask + 1);
169 walk->dst.virt.addr = blkcipher_get_spot(walk->dst.virt.addr, bsize); 171 walk->dst.virt.addr = blkcipher_get_spot(walk->dst.virt.addr, bsize);
170 walk->src.virt.addr = blkcipher_get_spot(walk->dst.virt.addr + bsize, 172 walk->src.virt.addr = blkcipher_get_spot(walk->dst.virt.addr +
171 bsize); 173 aligned_bsize, bsize);
172 174
173 scatterwalk_copychunks(walk->src.virt.addr, &walk->in, bsize, 0); 175 scatterwalk_copychunks(walk->src.virt.addr, &walk->in, bsize, 0);
174 176
@@ -224,12 +226,12 @@ static int blkcipher_walk_next(struct blkcipher_desc *desc,
224{ 226{
225 struct crypto_blkcipher *tfm = desc->tfm; 227 struct crypto_blkcipher *tfm = desc->tfm;
226 unsigned int alignmask = crypto_blkcipher_alignmask(tfm); 228 unsigned int alignmask = crypto_blkcipher_alignmask(tfm);
227 unsigned int bsize = crypto_blkcipher_blocksize(tfm); 229 unsigned int bsize;
228 unsigned int n; 230 unsigned int n;
229 int err; 231 int err;
230 232
231 n = walk->total; 233 n = walk->total;
232 if (unlikely(n < bsize)) { 234 if (unlikely(n < crypto_blkcipher_blocksize(tfm))) {
233 desc->flags |= CRYPTO_TFM_RES_BAD_BLOCK_LEN; 235 desc->flags |= CRYPTO_TFM_RES_BAD_BLOCK_LEN;
234 return blkcipher_walk_done(desc, walk, -EINVAL); 236 return blkcipher_walk_done(desc, walk, -EINVAL);
235 } 237 }
@@ -246,6 +248,7 @@ static int blkcipher_walk_next(struct blkcipher_desc *desc,
246 } 248 }
247 } 249 }
248 250
251 bsize = min(walk->blocksize, n);
249 n = scatterwalk_clamp(&walk->in, n); 252 n = scatterwalk_clamp(&walk->in, n);
250 n = scatterwalk_clamp(&walk->out, n); 253 n = scatterwalk_clamp(&walk->out, n);
251 254
@@ -276,9 +279,11 @@ static inline int blkcipher_copy_iv(struct blkcipher_walk *walk,
276 struct crypto_blkcipher *tfm, 279 struct crypto_blkcipher *tfm,
277 unsigned int alignmask) 280 unsigned int alignmask)
278{ 281{
279 unsigned bs = crypto_blkcipher_blocksize(tfm); 282 unsigned bs = walk->blocksize;
280 unsigned int ivsize = crypto_blkcipher_ivsize(tfm); 283 unsigned int ivsize = crypto_blkcipher_ivsize(tfm);
281 unsigned int size = bs * 2 + ivsize + max(bs, ivsize) - (alignmask + 1); 284 unsigned aligned_bs = ALIGN(bs, alignmask + 1);
285 unsigned int size = aligned_bs * 2 + ivsize + max(aligned_bs, ivsize) -
286 (alignmask + 1);
282 u8 *iv; 287 u8 *iv;
283 288
284 size += alignmask & ~(crypto_tfm_ctx_alignment() - 1); 289 size += alignmask & ~(crypto_tfm_ctx_alignment() - 1);
@@ -287,8 +292,8 @@ static inline int blkcipher_copy_iv(struct blkcipher_walk *walk,
287 return -ENOMEM; 292 return -ENOMEM;
288 293
289 iv = (u8 *)ALIGN((unsigned long)walk->buffer, alignmask + 1); 294 iv = (u8 *)ALIGN((unsigned long)walk->buffer, alignmask + 1);
290 iv = blkcipher_get_spot(iv, bs) + bs; 295 iv = blkcipher_get_spot(iv, bs) + aligned_bs;
291 iv = blkcipher_get_spot(iv, bs) + bs; 296 iv = blkcipher_get_spot(iv, bs) + aligned_bs;
292 iv = blkcipher_get_spot(iv, ivsize); 297 iv = blkcipher_get_spot(iv, ivsize);
293 298
294 walk->iv = memcpy(iv, walk->iv, ivsize); 299 walk->iv = memcpy(iv, walk->iv, ivsize);
@@ -299,6 +304,7 @@ int blkcipher_walk_virt(struct blkcipher_desc *desc,
299 struct blkcipher_walk *walk) 304 struct blkcipher_walk *walk)
300{ 305{
301 walk->flags &= ~BLKCIPHER_WALK_PHYS; 306 walk->flags &= ~BLKCIPHER_WALK_PHYS;
307 walk->blocksize = crypto_blkcipher_blocksize(desc->tfm);
302 return blkcipher_walk_first(desc, walk); 308 return blkcipher_walk_first(desc, walk);
303} 309}
304EXPORT_SYMBOL_GPL(blkcipher_walk_virt); 310EXPORT_SYMBOL_GPL(blkcipher_walk_virt);
@@ -307,6 +313,7 @@ int blkcipher_walk_phys(struct blkcipher_desc *desc,
307 struct blkcipher_walk *walk) 313 struct blkcipher_walk *walk)
308{ 314{
309 walk->flags |= BLKCIPHER_WALK_PHYS; 315 walk->flags |= BLKCIPHER_WALK_PHYS;
316 walk->blocksize = crypto_blkcipher_blocksize(desc->tfm);
310 return blkcipher_walk_first(desc, walk); 317 return blkcipher_walk_first(desc, walk);
311} 318}
312EXPORT_SYMBOL_GPL(blkcipher_walk_phys); 319EXPORT_SYMBOL_GPL(blkcipher_walk_phys);
@@ -339,7 +346,18 @@ static int blkcipher_walk_first(struct blkcipher_desc *desc,
339 return blkcipher_walk_next(desc, walk); 346 return blkcipher_walk_next(desc, walk);
340} 347}
341 348
342static int setkey_unaligned(struct crypto_tfm *tfm, const u8 *key, unsigned int keylen) 349int blkcipher_walk_virt_block(struct blkcipher_desc *desc,
350 struct blkcipher_walk *walk,
351 unsigned int blocksize)
352{
353 walk->flags &= ~BLKCIPHER_WALK_PHYS;
354 walk->blocksize = blocksize;
355 return blkcipher_walk_first(desc, walk);
356}
357EXPORT_SYMBOL_GPL(blkcipher_walk_virt_block);
358
359static int setkey_unaligned(struct crypto_tfm *tfm, const u8 *key,
360 unsigned int keylen)
343{ 361{
344 struct blkcipher_alg *cipher = &tfm->__crt_alg->cra_blkcipher; 362 struct blkcipher_alg *cipher = &tfm->__crt_alg->cra_blkcipher;
345 unsigned long alignmask = crypto_tfm_alg_alignmask(tfm); 363 unsigned long alignmask = crypto_tfm_alg_alignmask(tfm);
@@ -360,8 +378,7 @@ static int setkey_unaligned(struct crypto_tfm *tfm, const u8 *key, unsigned int
360 return ret; 378 return ret;
361} 379}
362 380
363static int setkey(struct crypto_tfm *tfm, const u8 *key, 381static int setkey(struct crypto_tfm *tfm, const u8 *key, unsigned int keylen)
364 unsigned int keylen)
365{ 382{
366 struct blkcipher_alg *cipher = &tfm->__crt_alg->cra_blkcipher; 383 struct blkcipher_alg *cipher = &tfm->__crt_alg->cra_blkcipher;
367 unsigned long alignmask = crypto_tfm_alg_alignmask(tfm); 384 unsigned long alignmask = crypto_tfm_alg_alignmask(tfm);
diff --git a/crypto/cipher.c b/crypto/cipher.c
index fc6b46f2a9b0..9a1a7316eeac 100644
--- a/crypto/cipher.c
+++ b/crypto/cipher.c
@@ -16,11 +16,12 @@
16#include <linux/kernel.h> 16#include <linux/kernel.h>
17#include <linux/crypto.h> 17#include <linux/crypto.h>
18#include <linux/errno.h> 18#include <linux/errno.h>
19#include <linux/scatterlist.h> 19#include <linux/slab.h>
20#include <linux/string.h> 20#include <linux/string.h>
21#include "internal.h" 21#include "internal.h"
22 22
23static int setkey_unaligned(struct crypto_tfm *tfm, const u8 *key, unsigned int keylen) 23static int setkey_unaligned(struct crypto_tfm *tfm, const u8 *key,
24 unsigned int keylen)
24{ 25{
25 struct cipher_alg *cia = &tfm->__crt_alg->cra_cipher; 26 struct cipher_alg *cia = &tfm->__crt_alg->cra_cipher;
26 unsigned long alignmask = crypto_tfm_alg_alignmask(tfm); 27 unsigned long alignmask = crypto_tfm_alg_alignmask(tfm);
diff --git a/crypto/cryptd.c b/crypto/cryptd.c
index ac6dce2e7596..8bf2da835f7b 100644
--- a/crypto/cryptd.c
+++ b/crypto/cryptd.c
@@ -131,7 +131,7 @@ static int cryptd_blkcipher_enqueue(struct ablkcipher_request *req,
131 req->base.complete = complete; 131 req->base.complete = complete;
132 132
133 spin_lock_bh(&state->lock); 133 spin_lock_bh(&state->lock);
134 err = ablkcipher_enqueue_request(crypto_ablkcipher_alg(tfm), req); 134 err = ablkcipher_enqueue_request(&state->queue, req);
135 spin_unlock_bh(&state->lock); 135 spin_unlock_bh(&state->lock);
136 136
137 wake_up_process(state->task); 137 wake_up_process(state->task);
@@ -173,7 +173,8 @@ static void cryptd_blkcipher_exit_tfm(struct crypto_tfm *tfm)
173 int active; 173 int active;
174 174
175 mutex_lock(&state->mutex); 175 mutex_lock(&state->mutex);
176 active = ablkcipher_tfm_in_queue(__crypto_ablkcipher_cast(tfm)); 176 active = ablkcipher_tfm_in_queue(&state->queue,
177 __crypto_ablkcipher_cast(tfm));
177 mutex_unlock(&state->mutex); 178 mutex_unlock(&state->mutex);
178 179
179 BUG_ON(active); 180 BUG_ON(active);
@@ -251,8 +252,6 @@ static struct crypto_instance *cryptd_alloc_blkcipher(
251 inst->alg.cra_ablkcipher.encrypt = cryptd_blkcipher_encrypt_enqueue; 252 inst->alg.cra_ablkcipher.encrypt = cryptd_blkcipher_encrypt_enqueue;
252 inst->alg.cra_ablkcipher.decrypt = cryptd_blkcipher_decrypt_enqueue; 253 inst->alg.cra_ablkcipher.decrypt = cryptd_blkcipher_decrypt_enqueue;
253 254
254 inst->alg.cra_ablkcipher.queue = &state->queue;
255
256out_put_alg: 255out_put_alg:
257 crypto_mod_put(alg); 256 crypto_mod_put(alg);
258 return inst; 257 return inst;
diff --git a/crypto/cryptomgr.c b/crypto/cryptomgr.c
index e5fb7cca5107..e5e3cf848d42 100644
--- a/crypto/cryptomgr.c
+++ b/crypto/cryptomgr.c
@@ -24,22 +24,26 @@
24#include "internal.h" 24#include "internal.h"
25 25
26struct cryptomgr_param { 26struct cryptomgr_param {
27 struct rtattr *tb[CRYPTOA_MAX]; 27 struct rtattr *tb[CRYPTO_MAX_ATTRS + 2];
28 28
29 struct { 29 struct {
30 struct rtattr attr; 30 struct rtattr attr;
31 struct crypto_attr_type data; 31 struct crypto_attr_type data;
32 } type; 32 } type;
33 33
34 struct { 34 union {
35 struct rtattr attr; 35 struct rtattr attr;
36 struct crypto_attr_alg data; 36 struct {
37 } alg; 37 struct rtattr attr;
38 38 struct crypto_attr_alg data;
39 struct { 39 } alg;
40 char name[CRYPTO_MAX_ALG_NAME]; 40 struct {
41 } larval; 41 struct rtattr attr;
42 42 struct crypto_attr_u32 data;
43 } nu32;
44 } attrs[CRYPTO_MAX_ATTRS];
45
46 char larval[CRYPTO_MAX_ALG_NAME];
43 char template[CRYPTO_MAX_ALG_NAME]; 47 char template[CRYPTO_MAX_ALG_NAME];
44}; 48};
45 49
@@ -72,7 +76,7 @@ out:
72 module_put_and_exit(0); 76 module_put_and_exit(0);
73 77
74err: 78err:
75 crypto_larval_error(param->larval.name, param->type.data.type, 79 crypto_larval_error(param->larval, param->type.data.type,
76 param->type.data.mask); 80 param->type.data.mask);
77 goto out; 81 goto out;
78} 82}
@@ -84,6 +88,7 @@ static int cryptomgr_schedule_probe(struct crypto_larval *larval)
84 const char *name = larval->alg.cra_name; 88 const char *name = larval->alg.cra_name;
85 const char *p; 89 const char *p;
86 unsigned int len; 90 unsigned int len;
91 int i;
87 92
88 if (!try_module_get(THIS_MODULE)) 93 if (!try_module_get(THIS_MODULE))
89 goto err; 94 goto err;
@@ -101,33 +106,74 @@ static int cryptomgr_schedule_probe(struct crypto_larval *larval)
101 106
102 memcpy(param->template, name, len); 107 memcpy(param->template, name, len);
103 108
104 name = p + 1; 109 i = 0;
105 len = 0; 110 for (;;) {
106 for (p = name; *p; p++) { 111 int notnum = 0;
107 for (; isalnum(*p) || *p == '-' || *p == '_' || *p == '('; p++)
108 ;
109 112
110 if (*p != ')') 113 name = ++p;
111 goto err_free_param; 114 len = 0;
115
116 for (; isalnum(*p) || *p == '-' || *p == '_'; p++)
117 notnum |= !isdigit(*p);
118
119 if (*p == '(') {
120 int recursion = 0;
121
122 for (;;) {
123 if (!*++p)
124 goto err_free_param;
125 if (*p == '(')
126 recursion++;
127 else if (*p == ')' && !recursion--)
128 break;
129 }
130
131 notnum = 1;
132 p++;
133 }
112 134
113 len = p - name; 135 len = p - name;
136 if (!len)
137 goto err_free_param;
138
139 if (notnum) {
140 param->attrs[i].alg.attr.rta_len =
141 sizeof(param->attrs[i].alg);
142 param->attrs[i].alg.attr.rta_type = CRYPTOA_ALG;
143 memcpy(param->attrs[i].alg.data.name, name, len);
144 } else {
145 param->attrs[i].nu32.attr.rta_len =
146 sizeof(param->attrs[i].nu32);
147 param->attrs[i].nu32.attr.rta_type = CRYPTOA_U32;
148 param->attrs[i].nu32.data.num =
149 simple_strtol(name, NULL, 0);
150 }
151
152 param->tb[i + 1] = &param->attrs[i].attr;
153 i++;
154
155 if (i >= CRYPTO_MAX_ATTRS)
156 goto err_free_param;
157
158 if (*p == ')')
159 break;
160
161 if (*p != ',')
162 goto err_free_param;
114 } 163 }
115 164
116 if (!len || name[len + 1]) 165 if (!i)
117 goto err_free_param; 166 goto err_free_param;
118 167
168 param->tb[i + 1] = NULL;
169
119 param->type.attr.rta_len = sizeof(param->type); 170 param->type.attr.rta_len = sizeof(param->type);
120 param->type.attr.rta_type = CRYPTOA_TYPE; 171 param->type.attr.rta_type = CRYPTOA_TYPE;
121 param->type.data.type = larval->alg.cra_flags; 172 param->type.data.type = larval->alg.cra_flags;
122 param->type.data.mask = larval->mask; 173 param->type.data.mask = larval->mask;
123 param->tb[CRYPTOA_TYPE - 1] = &param->type.attr; 174 param->tb[0] = &param->type.attr;
124
125 param->alg.attr.rta_len = sizeof(param->alg);
126 param->alg.attr.rta_type = CRYPTOA_ALG;
127 memcpy(param->alg.data.name, name, len);
128 param->tb[CRYPTOA_ALG - 1] = &param->alg.attr;
129 175
130 memcpy(param->larval.name, larval->alg.cra_name, CRYPTO_MAX_ALG_NAME); 176 memcpy(param->larval, larval->alg.cra_name, CRYPTO_MAX_ALG_NAME);
131 177
132 thread = kthread_run(cryptomgr_probe, param, "cryptomgr"); 178 thread = kthread_run(cryptomgr_probe, param, "cryptomgr");
133 if (IS_ERR(thread)) 179 if (IS_ERR(thread))
diff --git a/crypto/des.c b/crypto/des_generic.c
index 1df3a714fa47..59966d14b8e0 100644
--- a/crypto/des.c
+++ b/crypto/des_generic.c
@@ -1009,3 +1009,4 @@ module_exit(fini);
1009MODULE_LICENSE("GPL"); 1009MODULE_LICENSE("GPL");
1010MODULE_DESCRIPTION("DES & Triple DES EDE Cipher Algorithms"); 1010MODULE_DESCRIPTION("DES & Triple DES EDE Cipher Algorithms");
1011MODULE_AUTHOR("Dag Arne Osvik <da@osvik.no>"); 1011MODULE_AUTHOR("Dag Arne Osvik <da@osvik.no>");
1012MODULE_ALIAS("des");
diff --git a/crypto/gf128mul.c b/crypto/gf128mul.c
index 0a2aadfa1d85..ecbeaa1f17e1 100644
--- a/crypto/gf128mul.c
+++ b/crypto/gf128mul.c
@@ -142,6 +142,17 @@ static void gf128mul_x_bbe(be128 *r, const be128 *x)
142 r->b = cpu_to_be64((b << 1) ^ _tt); 142 r->b = cpu_to_be64((b << 1) ^ _tt);
143} 143}
144 144
145void gf128mul_x_ble(be128 *r, const be128 *x)
146{
147 u64 a = le64_to_cpu(x->a);
148 u64 b = le64_to_cpu(x->b);
149 u64 _tt = gf128mul_table_bbe[b >> 63];
150
151 r->a = cpu_to_le64((a << 1) ^ _tt);
152 r->b = cpu_to_le64((b << 1) | (a >> 63));
153}
154EXPORT_SYMBOL(gf128mul_x_ble);
155
145static void gf128mul_x8_lle(be128 *x) 156static void gf128mul_x8_lle(be128 *x)
146{ 157{
147 u64 a = be64_to_cpu(x->a); 158 u64 a = be64_to_cpu(x->a);
diff --git a/crypto/hash.c b/crypto/hash.c
index 4fd470bd729b..7dcff671c19b 100644
--- a/crypto/hash.c
+++ b/crypto/hash.c
@@ -12,6 +12,7 @@
12#include <linux/errno.h> 12#include <linux/errno.h>
13#include <linux/kernel.h> 13#include <linux/kernel.h>
14#include <linux/module.h> 14#include <linux/module.h>
15#include <linux/slab.h>
15#include <linux/seq_file.h> 16#include <linux/seq_file.h>
16 17
17#include "internal.h" 18#include "internal.h"
@@ -46,7 +47,7 @@ static int hash_setkey_unaligned(struct crypto_hash *crt, const u8 *key,
46} 47}
47 48
48static int hash_setkey(struct crypto_hash *crt, const u8 *key, 49static int hash_setkey(struct crypto_hash *crt, const u8 *key,
49 unsigned int keylen) 50 unsigned int keylen)
50{ 51{
51 struct crypto_tfm *tfm = crypto_hash_tfm(crt); 52 struct crypto_tfm *tfm = crypto_hash_tfm(crt);
52 struct hash_alg *alg = &tfm->__crt_alg->cra_hash; 53 struct hash_alg *alg = &tfm->__crt_alg->cra_hash;
diff --git a/crypto/internal.h b/crypto/internal.h
index 60acad9788c5..abb01f71f817 100644
--- a/crypto/internal.h
+++ b/crypto/internal.h
@@ -50,11 +50,16 @@ extern struct list_head crypto_alg_list;
50extern struct rw_semaphore crypto_alg_sem; 50extern struct rw_semaphore crypto_alg_sem;
51extern struct blocking_notifier_head crypto_chain; 51extern struct blocking_notifier_head crypto_chain;
52 52
53extern enum km_type crypto_km_types[];
54
55static inline enum km_type crypto_kmap_type(int out) 53static inline enum km_type crypto_kmap_type(int out)
56{ 54{
57 return crypto_km_types[(in_softirq() ? 2 : 0) + out]; 55 enum km_type type;
56
57 if (in_softirq())
58 type = out * (KM_SOFTIRQ1 - KM_SOFTIRQ0) + KM_SOFTIRQ0;
59 else
60 type = out * (KM_USER1 - KM_USER0) + KM_USER0;
61
62 return type;
58} 63}
59 64
60static inline void *crypto_kmap(struct page *page, int out) 65static inline void *crypto_kmap(struct page *page, int out)
diff --git a/crypto/scatterwalk.c b/crypto/scatterwalk.c
index 81afd1790a1d..3052f6507f53 100644
--- a/crypto/scatterwalk.c
+++ b/crypto/scatterwalk.c
@@ -23,14 +23,6 @@
23#include "internal.h" 23#include "internal.h"
24#include "scatterwalk.h" 24#include "scatterwalk.h"
25 25
26enum km_type crypto_km_types[] = {
27 KM_USER0,
28 KM_USER1,
29 KM_SOFTIRQ0,
30 KM_SOFTIRQ1,
31};
32EXPORT_SYMBOL_GPL(crypto_km_types);
33
34static inline void memcpy_dir(void *buf, void *sgdata, size_t nbytes, int out) 26static inline void memcpy_dir(void *buf, void *sgdata, size_t nbytes, int out)
35{ 27{
36 void *src = out ? buf : sgdata; 28 void *src = out ? buf : sgdata;
@@ -107,3 +99,25 @@ void scatterwalk_copychunks(void *buf, struct scatter_walk *walk,
107 } 99 }
108} 100}
109EXPORT_SYMBOL_GPL(scatterwalk_copychunks); 101EXPORT_SYMBOL_GPL(scatterwalk_copychunks);
102
103void scatterwalk_map_and_copy(void *buf, struct scatterlist *sg,
104 unsigned int start, unsigned int nbytes, int out)
105{
106 struct scatter_walk walk;
107 unsigned int offset = 0;
108
109 for (;;) {
110 scatterwalk_start(&walk, sg);
111
112 if (start < offset + sg->length)
113 break;
114
115 offset += sg->length;
116 sg = sg_next(sg);
117 }
118
119 scatterwalk_advance(&walk, start - offset);
120 scatterwalk_copychunks(buf, &walk, nbytes, out);
121 scatterwalk_done(&walk, out, 0);
122}
123EXPORT_SYMBOL_GPL(scatterwalk_map_and_copy);
diff --git a/crypto/scatterwalk.h b/crypto/scatterwalk.h
index f1592cc2d0f4..500a220ad908 100644
--- a/crypto/scatterwalk.h
+++ b/crypto/scatterwalk.h
@@ -74,4 +74,7 @@ void scatterwalk_copychunks(void *buf, struct scatter_walk *walk,
74void *scatterwalk_map(struct scatter_walk *walk, int out); 74void *scatterwalk_map(struct scatter_walk *walk, int out);
75void scatterwalk_done(struct scatter_walk *walk, int out, int more); 75void scatterwalk_done(struct scatter_walk *walk, int out, int more);
76 76
77void scatterwalk_map_and_copy(void *buf, struct scatterlist *sg,
78 unsigned int start, unsigned int nbytes, int out);
79
77#endif /* _CRYPTO_SCATTERWALK_H */ 80#endif /* _CRYPTO_SCATTERWALK_H */
diff --git a/crypto/seed.c b/crypto/seed.c
new file mode 100644
index 000000000000..d3e422f60556
--- /dev/null
+++ b/crypto/seed.c
@@ -0,0 +1,479 @@
1/*
2 * Cryptographic API.
3 *
4 * SEED Cipher Algorithm.
5 *
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 2 of the License, or
9 * (at your option) any later version.
10 *
11 * Documentation of SEED can be found in RFC 4269.
12 * Copyright (C) 2007 Korea Information Security Agency (KISA).
13 */
14
15#include <linux/module.h>
16#include <linux/init.h>
17#include <linux/types.h>
18#include <linux/errno.h>
19#include <linux/crypto.h>
20#include <asm/byteorder.h>
21
22#define SEED_NUM_KCONSTANTS 16
23#define SEED_KEY_SIZE 16
24#define SEED_BLOCK_SIZE 16
25#define SEED_KEYSCHED_LEN 32
26
27/*
28 * #define byte(x, nr) ((unsigned char)((x) >> (nr*8)))
29 */
30static inline u8
31byte(const u32 x, const unsigned n)
32{
33 return x >> (n << 3);
34}
35
36struct seed_ctx {
37 u32 keysched[SEED_KEYSCHED_LEN];
38};
39
40static const u32 SS0[256] = {
41 0x2989a1a8, 0x05858184, 0x16c6d2d4, 0x13c3d3d0,
42 0x14445054, 0x1d0d111c, 0x2c8ca0ac, 0x25052124,
43 0x1d4d515c, 0x03434340, 0x18081018, 0x1e0e121c,
44 0x11415150, 0x3cccf0fc, 0x0acac2c8, 0x23436360,
45 0x28082028, 0x04444044, 0x20002020, 0x1d8d919c,
46 0x20c0e0e0, 0x22c2e2e0, 0x08c8c0c8, 0x17071314,
47 0x2585a1a4, 0x0f8f838c, 0x03030300, 0x3b4b7378,
48 0x3b8bb3b8, 0x13031310, 0x12c2d2d0, 0x2ecee2ec,
49 0x30407070, 0x0c8c808c, 0x3f0f333c, 0x2888a0a8,
50 0x32023230, 0x1dcdd1dc, 0x36c6f2f4, 0x34447074,
51 0x2ccce0ec, 0x15859194, 0x0b0b0308, 0x17475354,
52 0x1c4c505c, 0x1b4b5358, 0x3d8db1bc, 0x01010100,
53 0x24042024, 0x1c0c101c, 0x33437370, 0x18889098,
54 0x10001010, 0x0cccc0cc, 0x32c2f2f0, 0x19c9d1d8,
55 0x2c0c202c, 0x27c7e3e4, 0x32427270, 0x03838380,
56 0x1b8b9398, 0x11c1d1d0, 0x06868284, 0x09c9c1c8,
57 0x20406060, 0x10405050, 0x2383a3a0, 0x2bcbe3e8,
58 0x0d0d010c, 0x3686b2b4, 0x1e8e929c, 0x0f4f434c,
59 0x3787b3b4, 0x1a4a5258, 0x06c6c2c4, 0x38487078,
60 0x2686a2a4, 0x12021210, 0x2f8fa3ac, 0x15c5d1d4,
61 0x21416160, 0x03c3c3c0, 0x3484b0b4, 0x01414140,
62 0x12425250, 0x3d4d717c, 0x0d8d818c, 0x08080008,
63 0x1f0f131c, 0x19899198, 0x00000000, 0x19091118,
64 0x04040004, 0x13435350, 0x37c7f3f4, 0x21c1e1e0,
65 0x3dcdf1fc, 0x36467274, 0x2f0f232c, 0x27072324,
66 0x3080b0b0, 0x0b8b8388, 0x0e0e020c, 0x2b8ba3a8,
67 0x2282a2a0, 0x2e4e626c, 0x13839390, 0x0d4d414c,
68 0x29496168, 0x3c4c707c, 0x09090108, 0x0a0a0208,
69 0x3f8fb3bc, 0x2fcfe3ec, 0x33c3f3f0, 0x05c5c1c4,
70 0x07878384, 0x14041014, 0x3ecef2fc, 0x24446064,
71 0x1eced2dc, 0x2e0e222c, 0x0b4b4348, 0x1a0a1218,
72 0x06060204, 0x21012120, 0x2b4b6368, 0x26466264,
73 0x02020200, 0x35c5f1f4, 0x12829290, 0x0a8a8288,
74 0x0c0c000c, 0x3383b3b0, 0x3e4e727c, 0x10c0d0d0,
75 0x3a4a7278, 0x07474344, 0x16869294, 0x25c5e1e4,
76 0x26062224, 0x00808080, 0x2d8da1ac, 0x1fcfd3dc,
77 0x2181a1a0, 0x30003030, 0x37073334, 0x2e8ea2ac,
78 0x36063234, 0x15051114, 0x22022220, 0x38083038,
79 0x34c4f0f4, 0x2787a3a4, 0x05454144, 0x0c4c404c,
80 0x01818180, 0x29c9e1e8, 0x04848084, 0x17879394,
81 0x35053134, 0x0bcbc3c8, 0x0ecec2cc, 0x3c0c303c,
82 0x31417170, 0x11011110, 0x07c7c3c4, 0x09898188,
83 0x35457174, 0x3bcbf3f8, 0x1acad2d8, 0x38c8f0f8,
84 0x14849094, 0x19495158, 0x02828280, 0x04c4c0c4,
85 0x3fcff3fc, 0x09494148, 0x39093138, 0x27476364,
86 0x00c0c0c0, 0x0fcfc3cc, 0x17c7d3d4, 0x3888b0b8,
87 0x0f0f030c, 0x0e8e828c, 0x02424240, 0x23032320,
88 0x11819190, 0x2c4c606c, 0x1bcbd3d8, 0x2484a0a4,
89 0x34043034, 0x31c1f1f0, 0x08484048, 0x02c2c2c0,
90 0x2f4f636c, 0x3d0d313c, 0x2d0d212c, 0x00404040,
91 0x3e8eb2bc, 0x3e0e323c, 0x3c8cb0bc, 0x01c1c1c0,
92 0x2a8aa2a8, 0x3a8ab2b8, 0x0e4e424c, 0x15455154,
93 0x3b0b3338, 0x1cccd0dc, 0x28486068, 0x3f4f737c,
94 0x1c8c909c, 0x18c8d0d8, 0x0a4a4248, 0x16465254,
95 0x37477374, 0x2080a0a0, 0x2dcde1ec, 0x06464244,
96 0x3585b1b4, 0x2b0b2328, 0x25456164, 0x3acaf2f8,
97 0x23c3e3e0, 0x3989b1b8, 0x3181b1b0, 0x1f8f939c,
98 0x1e4e525c, 0x39c9f1f8, 0x26c6e2e4, 0x3282b2b0,
99 0x31013130, 0x2acae2e8, 0x2d4d616c, 0x1f4f535c,
100 0x24c4e0e4, 0x30c0f0f0, 0x0dcdc1cc, 0x08888088,
101 0x16061214, 0x3a0a3238, 0x18485058, 0x14c4d0d4,
102 0x22426260, 0x29092128, 0x07070304, 0x33033330,
103 0x28c8e0e8, 0x1b0b1318, 0x05050104, 0x39497178,
104 0x10809090, 0x2a4a6268, 0x2a0a2228, 0x1a8a9298,
105};
106
107static const u32 SS1[256] = {
108 0x38380830, 0xe828c8e0, 0x2c2d0d21, 0xa42686a2,
109 0xcc0fcfc3, 0xdc1eced2, 0xb03383b3, 0xb83888b0,
110 0xac2f8fa3, 0x60204060, 0x54154551, 0xc407c7c3,
111 0x44044440, 0x6c2f4f63, 0x682b4b63, 0x581b4b53,
112 0xc003c3c3, 0x60224262, 0x30330333, 0xb43585b1,
113 0x28290921, 0xa02080a0, 0xe022c2e2, 0xa42787a3,
114 0xd013c3d3, 0x90118191, 0x10110111, 0x04060602,
115 0x1c1c0c10, 0xbc3c8cb0, 0x34360632, 0x480b4b43,
116 0xec2fcfe3, 0x88088880, 0x6c2c4c60, 0xa82888a0,
117 0x14170713, 0xc404c4c0, 0x14160612, 0xf434c4f0,
118 0xc002c2c2, 0x44054541, 0xe021c1e1, 0xd416c6d2,
119 0x3c3f0f33, 0x3c3d0d31, 0x8c0e8e82, 0x98188890,
120 0x28280820, 0x4c0e4e42, 0xf436c6f2, 0x3c3e0e32,
121 0xa42585a1, 0xf839c9f1, 0x0c0d0d01, 0xdc1fcfd3,
122 0xd818c8d0, 0x282b0b23, 0x64264662, 0x783a4a72,
123 0x24270723, 0x2c2f0f23, 0xf031c1f1, 0x70324272,
124 0x40024242, 0xd414c4d0, 0x40014141, 0xc000c0c0,
125 0x70334373, 0x64274763, 0xac2c8ca0, 0x880b8b83,
126 0xf437c7f3, 0xac2d8da1, 0x80008080, 0x1c1f0f13,
127 0xc80acac2, 0x2c2c0c20, 0xa82a8aa2, 0x34340430,
128 0xd012c2d2, 0x080b0b03, 0xec2ecee2, 0xe829c9e1,
129 0x5c1d4d51, 0x94148490, 0x18180810, 0xf838c8f0,
130 0x54174753, 0xac2e8ea2, 0x08080800, 0xc405c5c1,
131 0x10130313, 0xcc0dcdc1, 0x84068682, 0xb83989b1,
132 0xfc3fcff3, 0x7c3d4d71, 0xc001c1c1, 0x30310131,
133 0xf435c5f1, 0x880a8a82, 0x682a4a62, 0xb03181b1,
134 0xd011c1d1, 0x20200020, 0xd417c7d3, 0x00020202,
135 0x20220222, 0x04040400, 0x68284860, 0x70314171,
136 0x04070703, 0xd81bcbd3, 0x9c1d8d91, 0x98198991,
137 0x60214161, 0xbc3e8eb2, 0xe426c6e2, 0x58194951,
138 0xdc1dcdd1, 0x50114151, 0x90108090, 0xdc1cccd0,
139 0x981a8a92, 0xa02383a3, 0xa82b8ba3, 0xd010c0d0,
140 0x80018181, 0x0c0f0f03, 0x44074743, 0x181a0a12,
141 0xe023c3e3, 0xec2ccce0, 0x8c0d8d81, 0xbc3f8fb3,
142 0x94168692, 0x783b4b73, 0x5c1c4c50, 0xa02282a2,
143 0xa02181a1, 0x60234363, 0x20230323, 0x4c0d4d41,
144 0xc808c8c0, 0x9c1e8e92, 0x9c1c8c90, 0x383a0a32,
145 0x0c0c0c00, 0x2c2e0e22, 0xb83a8ab2, 0x6c2e4e62,
146 0x9c1f8f93, 0x581a4a52, 0xf032c2f2, 0x90128292,
147 0xf033c3f3, 0x48094941, 0x78384870, 0xcc0cccc0,
148 0x14150511, 0xf83bcbf3, 0x70304070, 0x74354571,
149 0x7c3f4f73, 0x34350531, 0x10100010, 0x00030303,
150 0x64244460, 0x6c2d4d61, 0xc406c6c2, 0x74344470,
151 0xd415c5d1, 0xb43484b0, 0xe82acae2, 0x08090901,
152 0x74364672, 0x18190911, 0xfc3ecef2, 0x40004040,
153 0x10120212, 0xe020c0e0, 0xbc3d8db1, 0x04050501,
154 0xf83acaf2, 0x00010101, 0xf030c0f0, 0x282a0a22,
155 0x5c1e4e52, 0xa82989a1, 0x54164652, 0x40034343,
156 0x84058581, 0x14140410, 0x88098981, 0x981b8b93,
157 0xb03080b0, 0xe425c5e1, 0x48084840, 0x78394971,
158 0x94178793, 0xfc3cccf0, 0x1c1e0e12, 0x80028282,
159 0x20210121, 0x8c0c8c80, 0x181b0b13, 0x5c1f4f53,
160 0x74374773, 0x54144450, 0xb03282b2, 0x1c1d0d11,
161 0x24250521, 0x4c0f4f43, 0x00000000, 0x44064642,
162 0xec2dcde1, 0x58184850, 0x50124252, 0xe82bcbe3,
163 0x7c3e4e72, 0xd81acad2, 0xc809c9c1, 0xfc3dcdf1,
164 0x30300030, 0x94158591, 0x64254561, 0x3c3c0c30,
165 0xb43686b2, 0xe424c4e0, 0xb83b8bb3, 0x7c3c4c70,
166 0x0c0e0e02, 0x50104050, 0x38390931, 0x24260622,
167 0x30320232, 0x84048480, 0x68294961, 0x90138393,
168 0x34370733, 0xe427c7e3, 0x24240420, 0xa42484a0,
169 0xc80bcbc3, 0x50134353, 0x080a0a02, 0x84078783,
170 0xd819c9d1, 0x4c0c4c40, 0x80038383, 0x8c0f8f83,
171 0xcc0ecec2, 0x383b0b33, 0x480a4a42, 0xb43787b3,
172};
173
174static const u32 SS2[256] = {
175 0xa1a82989, 0x81840585, 0xd2d416c6, 0xd3d013c3,
176 0x50541444, 0x111c1d0d, 0xa0ac2c8c, 0x21242505,
177 0x515c1d4d, 0x43400343, 0x10181808, 0x121c1e0e,
178 0x51501141, 0xf0fc3ccc, 0xc2c80aca, 0x63602343,
179 0x20282808, 0x40440444, 0x20202000, 0x919c1d8d,
180 0xe0e020c0, 0xe2e022c2, 0xc0c808c8, 0x13141707,
181 0xa1a42585, 0x838c0f8f, 0x03000303, 0x73783b4b,
182 0xb3b83b8b, 0x13101303, 0xd2d012c2, 0xe2ec2ece,
183 0x70703040, 0x808c0c8c, 0x333c3f0f, 0xa0a82888,
184 0x32303202, 0xd1dc1dcd, 0xf2f436c6, 0x70743444,
185 0xe0ec2ccc, 0x91941585, 0x03080b0b, 0x53541747,
186 0x505c1c4c, 0x53581b4b, 0xb1bc3d8d, 0x01000101,
187 0x20242404, 0x101c1c0c, 0x73703343, 0x90981888,
188 0x10101000, 0xc0cc0ccc, 0xf2f032c2, 0xd1d819c9,
189 0x202c2c0c, 0xe3e427c7, 0x72703242, 0x83800383,
190 0x93981b8b, 0xd1d011c1, 0x82840686, 0xc1c809c9,
191 0x60602040, 0x50501040, 0xa3a02383, 0xe3e82bcb,
192 0x010c0d0d, 0xb2b43686, 0x929c1e8e, 0x434c0f4f,
193 0xb3b43787, 0x52581a4a, 0xc2c406c6, 0x70783848,
194 0xa2a42686, 0x12101202, 0xa3ac2f8f, 0xd1d415c5,
195 0x61602141, 0xc3c003c3, 0xb0b43484, 0x41400141,
196 0x52501242, 0x717c3d4d, 0x818c0d8d, 0x00080808,
197 0x131c1f0f, 0x91981989, 0x00000000, 0x11181909,
198 0x00040404, 0x53501343, 0xf3f437c7, 0xe1e021c1,
199 0xf1fc3dcd, 0x72743646, 0x232c2f0f, 0x23242707,
200 0xb0b03080, 0x83880b8b, 0x020c0e0e, 0xa3a82b8b,
201 0xa2a02282, 0x626c2e4e, 0x93901383, 0x414c0d4d,
202 0x61682949, 0x707c3c4c, 0x01080909, 0x02080a0a,
203 0xb3bc3f8f, 0xe3ec2fcf, 0xf3f033c3, 0xc1c405c5,
204 0x83840787, 0x10141404, 0xf2fc3ece, 0x60642444,
205 0xd2dc1ece, 0x222c2e0e, 0x43480b4b, 0x12181a0a,
206 0x02040606, 0x21202101, 0x63682b4b, 0x62642646,
207 0x02000202, 0xf1f435c5, 0x92901282, 0x82880a8a,
208 0x000c0c0c, 0xb3b03383, 0x727c3e4e, 0xd0d010c0,
209 0x72783a4a, 0x43440747, 0x92941686, 0xe1e425c5,
210 0x22242606, 0x80800080, 0xa1ac2d8d, 0xd3dc1fcf,
211 0xa1a02181, 0x30303000, 0x33343707, 0xa2ac2e8e,
212 0x32343606, 0x11141505, 0x22202202, 0x30383808,
213 0xf0f434c4, 0xa3a42787, 0x41440545, 0x404c0c4c,
214 0x81800181, 0xe1e829c9, 0x80840484, 0x93941787,
215 0x31343505, 0xc3c80bcb, 0xc2cc0ece, 0x303c3c0c,
216 0x71703141, 0x11101101, 0xc3c407c7, 0x81880989,
217 0x71743545, 0xf3f83bcb, 0xd2d81aca, 0xf0f838c8,
218 0x90941484, 0x51581949, 0x82800282, 0xc0c404c4,
219 0xf3fc3fcf, 0x41480949, 0x31383909, 0x63642747,
220 0xc0c000c0, 0xc3cc0fcf, 0xd3d417c7, 0xb0b83888,
221 0x030c0f0f, 0x828c0e8e, 0x42400242, 0x23202303,
222 0x91901181, 0x606c2c4c, 0xd3d81bcb, 0xa0a42484,
223 0x30343404, 0xf1f031c1, 0x40480848, 0xc2c002c2,
224 0x636c2f4f, 0x313c3d0d, 0x212c2d0d, 0x40400040,
225 0xb2bc3e8e, 0x323c3e0e, 0xb0bc3c8c, 0xc1c001c1,
226 0xa2a82a8a, 0xb2b83a8a, 0x424c0e4e, 0x51541545,
227 0x33383b0b, 0xd0dc1ccc, 0x60682848, 0x737c3f4f,
228 0x909c1c8c, 0xd0d818c8, 0x42480a4a, 0x52541646,
229 0x73743747, 0xa0a02080, 0xe1ec2dcd, 0x42440646,
230 0xb1b43585, 0x23282b0b, 0x61642545, 0xf2f83aca,
231 0xe3e023c3, 0xb1b83989, 0xb1b03181, 0x939c1f8f,
232 0x525c1e4e, 0xf1f839c9, 0xe2e426c6, 0xb2b03282,
233 0x31303101, 0xe2e82aca, 0x616c2d4d, 0x535c1f4f,
234 0xe0e424c4, 0xf0f030c0, 0xc1cc0dcd, 0x80880888,
235 0x12141606, 0x32383a0a, 0x50581848, 0xd0d414c4,
236 0x62602242, 0x21282909, 0x03040707, 0x33303303,
237 0xe0e828c8, 0x13181b0b, 0x01040505, 0x71783949,
238 0x90901080, 0x62682a4a, 0x22282a0a, 0x92981a8a,
239};
240
241static const u32 SS3[256] = {
242 0x08303838, 0xc8e0e828, 0x0d212c2d, 0x86a2a426,
243 0xcfc3cc0f, 0xced2dc1e, 0x83b3b033, 0x88b0b838,
244 0x8fa3ac2f, 0x40606020, 0x45515415, 0xc7c3c407,
245 0x44404404, 0x4f636c2f, 0x4b63682b, 0x4b53581b,
246 0xc3c3c003, 0x42626022, 0x03333033, 0x85b1b435,
247 0x09212829, 0x80a0a020, 0xc2e2e022, 0x87a3a427,
248 0xc3d3d013, 0x81919011, 0x01111011, 0x06020406,
249 0x0c101c1c, 0x8cb0bc3c, 0x06323436, 0x4b43480b,
250 0xcfe3ec2f, 0x88808808, 0x4c606c2c, 0x88a0a828,
251 0x07131417, 0xc4c0c404, 0x06121416, 0xc4f0f434,
252 0xc2c2c002, 0x45414405, 0xc1e1e021, 0xc6d2d416,
253 0x0f333c3f, 0x0d313c3d, 0x8e828c0e, 0x88909818,
254 0x08202828, 0x4e424c0e, 0xc6f2f436, 0x0e323c3e,
255 0x85a1a425, 0xc9f1f839, 0x0d010c0d, 0xcfd3dc1f,
256 0xc8d0d818, 0x0b23282b, 0x46626426, 0x4a72783a,
257 0x07232427, 0x0f232c2f, 0xc1f1f031, 0x42727032,
258 0x42424002, 0xc4d0d414, 0x41414001, 0xc0c0c000,
259 0x43737033, 0x47636427, 0x8ca0ac2c, 0x8b83880b,
260 0xc7f3f437, 0x8da1ac2d, 0x80808000, 0x0f131c1f,
261 0xcac2c80a, 0x0c202c2c, 0x8aa2a82a, 0x04303434,
262 0xc2d2d012, 0x0b03080b, 0xcee2ec2e, 0xc9e1e829,
263 0x4d515c1d, 0x84909414, 0x08101818, 0xc8f0f838,
264 0x47535417, 0x8ea2ac2e, 0x08000808, 0xc5c1c405,
265 0x03131013, 0xcdc1cc0d, 0x86828406, 0x89b1b839,
266 0xcff3fc3f, 0x4d717c3d, 0xc1c1c001, 0x01313031,
267 0xc5f1f435, 0x8a82880a, 0x4a62682a, 0x81b1b031,
268 0xc1d1d011, 0x00202020, 0xc7d3d417, 0x02020002,
269 0x02222022, 0x04000404, 0x48606828, 0x41717031,
270 0x07030407, 0xcbd3d81b, 0x8d919c1d, 0x89919819,
271 0x41616021, 0x8eb2bc3e, 0xc6e2e426, 0x49515819,
272 0xcdd1dc1d, 0x41515011, 0x80909010, 0xccd0dc1c,
273 0x8a92981a, 0x83a3a023, 0x8ba3a82b, 0xc0d0d010,
274 0x81818001, 0x0f030c0f, 0x47434407, 0x0a12181a,
275 0xc3e3e023, 0xcce0ec2c, 0x8d818c0d, 0x8fb3bc3f,
276 0x86929416, 0x4b73783b, 0x4c505c1c, 0x82a2a022,
277 0x81a1a021, 0x43636023, 0x03232023, 0x4d414c0d,
278 0xc8c0c808, 0x8e929c1e, 0x8c909c1c, 0x0a32383a,
279 0x0c000c0c, 0x0e222c2e, 0x8ab2b83a, 0x4e626c2e,
280 0x8f939c1f, 0x4a52581a, 0xc2f2f032, 0x82929012,
281 0xc3f3f033, 0x49414809, 0x48707838, 0xccc0cc0c,
282 0x05111415, 0xcbf3f83b, 0x40707030, 0x45717435,
283 0x4f737c3f, 0x05313435, 0x00101010, 0x03030003,
284 0x44606424, 0x4d616c2d, 0xc6c2c406, 0x44707434,
285 0xc5d1d415, 0x84b0b434, 0xcae2e82a, 0x09010809,
286 0x46727436, 0x09111819, 0xcef2fc3e, 0x40404000,
287 0x02121012, 0xc0e0e020, 0x8db1bc3d, 0x05010405,
288 0xcaf2f83a, 0x01010001, 0xc0f0f030, 0x0a22282a,
289 0x4e525c1e, 0x89a1a829, 0x46525416, 0x43434003,
290 0x85818405, 0x04101414, 0x89818809, 0x8b93981b,
291 0x80b0b030, 0xc5e1e425, 0x48404808, 0x49717839,
292 0x87939417, 0xccf0fc3c, 0x0e121c1e, 0x82828002,
293 0x01212021, 0x8c808c0c, 0x0b13181b, 0x4f535c1f,
294 0x47737437, 0x44505414, 0x82b2b032, 0x0d111c1d,
295 0x05212425, 0x4f434c0f, 0x00000000, 0x46424406,
296 0xcde1ec2d, 0x48505818, 0x42525012, 0xcbe3e82b,
297 0x4e727c3e, 0xcad2d81a, 0xc9c1c809, 0xcdf1fc3d,
298 0x00303030, 0x85919415, 0x45616425, 0x0c303c3c,
299 0x86b2b436, 0xc4e0e424, 0x8bb3b83b, 0x4c707c3c,
300 0x0e020c0e, 0x40505010, 0x09313839, 0x06222426,
301 0x02323032, 0x84808404, 0x49616829, 0x83939013,
302 0x07333437, 0xc7e3e427, 0x04202424, 0x84a0a424,
303 0xcbc3c80b, 0x43535013, 0x0a02080a, 0x87838407,
304 0xc9d1d819, 0x4c404c0c, 0x83838003, 0x8f838c0f,
305 0xcec2cc0e, 0x0b33383b, 0x4a42480a, 0x87b3b437,
306};
307
308static const u32 KC[SEED_NUM_KCONSTANTS] = {
309 0x9e3779b9, 0x3c6ef373, 0x78dde6e6, 0xf1bbcdcc,
310 0xe3779b99, 0xc6ef3733, 0x8dde6e67, 0x1bbcdccf,
311 0x3779b99e, 0x6ef3733c, 0xdde6e678, 0xbbcdccf1,
312 0x779b99e3, 0xef3733c6, 0xde6e678d, 0xbcdccf1b,
313};
314
315#define OP(X1, X2, X3, X4, rbase) \
316 t0 = X3 ^ ks[rbase]; \
317 t1 = X4 ^ ks[rbase+1]; \
318 t1 ^= t0; \
319 t1 = SS0[byte(t1, 0)] ^ SS1[byte(t1, 1)] ^ \
320 SS2[byte(t1, 2)] ^ SS3[byte(t1, 3)]; \
321 t0 += t1; \
322 t0 = SS0[byte(t0, 0)] ^ SS1[byte(t0, 1)] ^ \
323 SS2[byte(t0, 2)] ^ SS3[byte(t0, 3)]; \
324 t1 += t0; \
325 t1 = SS0[byte(t1, 0)] ^ SS1[byte(t1, 1)] ^ \
326 SS2[byte(t1, 2)] ^ SS3[byte(t1, 3)]; \
327 t0 += t1; \
328 X1 ^= t0; \
329 X2 ^= t1;
330
331static int seed_set_key(struct crypto_tfm *tfm, const u8 *in_key,
332 unsigned int key_len)
333{
334 struct seed_ctx *ctx = crypto_tfm_ctx(tfm);
335 u32 *keyout = ctx->keysched;
336 const __be32 *key = (const __be32 *)in_key;
337 u32 i, t0, t1, x1, x2, x3, x4;
338
339 x1 = be32_to_cpu(key[0]);
340 x2 = be32_to_cpu(key[1]);
341 x3 = be32_to_cpu(key[2]);
342 x4 = be32_to_cpu(key[3]);
343
344 for (i = 0; i < SEED_NUM_KCONSTANTS; i++) {
345 t0 = x1 + x3 - KC[i];
346 t1 = x2 + KC[i] - x4;
347 *(keyout++) = SS0[byte(t0, 0)] ^ SS1[byte(t0, 1)] ^
348 SS2[byte(t0, 2)] ^ SS3[byte(t0, 3)];
349 *(keyout++) = SS0[byte(t1, 0)] ^ SS1[byte(t1, 1)] ^
350 SS2[byte(t1, 2)] ^ SS3[byte(t1, 3)];
351
352 if (i % 2 == 0) {
353 t0 = x1;
354 x1 = (x1 >> 8) ^ (x2 << 24);
355 x2 = (x2 >> 8) ^ (t0 << 24);
356 } else {
357 t0 = x3;
358 x3 = (x3 << 8) ^ (x4 >> 24);
359 x4 = (x4 << 8) ^ (t0 >> 24);
360 }
361 }
362
363 return 0;
364}
365
366/* encrypt a block of text */
367
368static void seed_encrypt(struct crypto_tfm *tfm, u8 *out, const u8 *in)
369{
370 const struct seed_ctx *ctx = crypto_tfm_ctx(tfm);
371 const __be32 *src = (const __be32 *)in;
372 __be32 *dst = (__be32 *)out;
373 u32 x1, x2, x3, x4, t0, t1;
374 const u32 *ks = ctx->keysched;
375
376 x1 = be32_to_cpu(src[0]);
377 x2 = be32_to_cpu(src[1]);
378 x3 = be32_to_cpu(src[2]);
379 x4 = be32_to_cpu(src[3]);
380
381 OP(x1, x2, x3, x4, 0);
382 OP(x3, x4, x1, x2, 2);
383 OP(x1, x2, x3, x4, 4);
384 OP(x3, x4, x1, x2, 6);
385 OP(x1, x2, x3, x4, 8);
386 OP(x3, x4, x1, x2, 10);
387 OP(x1, x2, x3, x4, 12);
388 OP(x3, x4, x1, x2, 14);
389 OP(x1, x2, x3, x4, 16);
390 OP(x3, x4, x1, x2, 18);
391 OP(x1, x2, x3, x4, 20);
392 OP(x3, x4, x1, x2, 22);
393 OP(x1, x2, x3, x4, 24);
394 OP(x3, x4, x1, x2, 26);
395 OP(x1, x2, x3, x4, 28);
396 OP(x3, x4, x1, x2, 30);
397
398 dst[0] = cpu_to_be32(x3);
399 dst[1] = cpu_to_be32(x4);
400 dst[2] = cpu_to_be32(x1);
401 dst[3] = cpu_to_be32(x2);
402}
403
404/* decrypt a block of text */
405
406static void seed_decrypt(struct crypto_tfm *tfm, u8 *out, const u8 *in)
407{
408 const struct seed_ctx *ctx = crypto_tfm_ctx(tfm);
409 const __be32 *src = (const __be32 *)in;
410 __be32 *dst = (__be32 *)out;
411 u32 x1, x2, x3, x4, t0, t1;
412 const u32 *ks = ctx->keysched;
413
414 x1 = be32_to_cpu(src[0]);
415 x2 = be32_to_cpu(src[1]);
416 x3 = be32_to_cpu(src[2]);
417 x4 = be32_to_cpu(src[3]);
418
419 OP(x1, x2, x3, x4, 30);
420 OP(x3, x4, x1, x2, 28);
421 OP(x1, x2, x3, x4, 26);
422 OP(x3, x4, x1, x2, 24);
423 OP(x1, x2, x3, x4, 22);
424 OP(x3, x4, x1, x2, 20);
425 OP(x1, x2, x3, x4, 18);
426 OP(x3, x4, x1, x2, 16);
427 OP(x1, x2, x3, x4, 14);
428 OP(x3, x4, x1, x2, 12);
429 OP(x1, x2, x3, x4, 10);
430 OP(x3, x4, x1, x2, 8);
431 OP(x1, x2, x3, x4, 6);
432 OP(x3, x4, x1, x2, 4);
433 OP(x1, x2, x3, x4, 2);
434 OP(x3, x4, x1, x2, 0);
435
436 dst[0] = cpu_to_be32(x3);
437 dst[1] = cpu_to_be32(x4);
438 dst[2] = cpu_to_be32(x1);
439 dst[3] = cpu_to_be32(x2);
440}
441
442
443static struct crypto_alg seed_alg = {
444 .cra_name = "seed",
445 .cra_driver_name = "seed-generic",
446 .cra_priority = 100,
447 .cra_flags = CRYPTO_ALG_TYPE_CIPHER,
448 .cra_blocksize = SEED_BLOCK_SIZE,
449 .cra_ctxsize = sizeof(struct seed_ctx),
450 .cra_alignmask = 3,
451 .cra_module = THIS_MODULE,
452 .cra_list = LIST_HEAD_INIT(seed_alg.cra_list),
453 .cra_u = {
454 .cipher = {
455 .cia_min_keysize = SEED_KEY_SIZE,
456 .cia_max_keysize = SEED_KEY_SIZE,
457 .cia_setkey = seed_set_key,
458 .cia_encrypt = seed_encrypt,
459 .cia_decrypt = seed_decrypt
460 }
461 }
462};
463
464static int __init seed_init(void)
465{
466 return crypto_register_alg(&seed_alg);
467}
468
469static void __exit seed_fini(void)
470{
471 crypto_unregister_alg(&seed_alg);
472}
473
474module_init(seed_init);
475module_exit(seed_fini);
476
477MODULE_DESCRIPTION("SEED Cipher Algorithm");
478MODULE_LICENSE("GPL");
479MODULE_AUTHOR("Hye-Shik Chang <perky@FreeBSD.org>, Kim Hyun <hkim@kisa.or.kr>");
diff --git a/crypto/sha1.c b/crypto/sha1_generic.c
index 1bba551e5b45..48a3c3e0bf5f 100644
--- a/crypto/sha1.c
+++ b/crypto/sha1_generic.c
@@ -22,12 +22,10 @@
22#include <linux/crypto.h> 22#include <linux/crypto.h>
23#include <linux/cryptohash.h> 23#include <linux/cryptohash.h>
24#include <linux/types.h> 24#include <linux/types.h>
25#include <crypto/sha.h>
25#include <asm/scatterlist.h> 26#include <asm/scatterlist.h>
26#include <asm/byteorder.h> 27#include <asm/byteorder.h>
27 28
28#define SHA1_DIGEST_SIZE 20
29#define SHA1_HMAC_BLOCK_SIZE 64
30
31struct sha1_ctx { 29struct sha1_ctx {
32 u64 count; 30 u64 count;
33 u32 state[5]; 31 u32 state[5];
@@ -39,7 +37,7 @@ static void sha1_init(struct crypto_tfm *tfm)
39 struct sha1_ctx *sctx = crypto_tfm_ctx(tfm); 37 struct sha1_ctx *sctx = crypto_tfm_ctx(tfm);
40 static const struct sha1_ctx initstate = { 38 static const struct sha1_ctx initstate = {
41 0, 39 0,
42 { 0x67452301, 0xEFCDAB89, 0x98BADCFE, 0x10325476, 0xC3D2E1F0 }, 40 { SHA1_H0, SHA1_H1, SHA1_H2, SHA1_H3, SHA1_H4 },
43 { 0, } 41 { 0, }
44 }; 42 };
45 43
@@ -111,7 +109,7 @@ static struct crypto_alg alg = {
111 .cra_name = "sha1", 109 .cra_name = "sha1",
112 .cra_driver_name= "sha1-generic", 110 .cra_driver_name= "sha1-generic",
113 .cra_flags = CRYPTO_ALG_TYPE_DIGEST, 111 .cra_flags = CRYPTO_ALG_TYPE_DIGEST,
114 .cra_blocksize = SHA1_HMAC_BLOCK_SIZE, 112 .cra_blocksize = SHA1_BLOCK_SIZE,
115 .cra_ctxsize = sizeof(struct sha1_ctx), 113 .cra_ctxsize = sizeof(struct sha1_ctx),
116 .cra_module = THIS_MODULE, 114 .cra_module = THIS_MODULE,
117 .cra_alignmask = 3, 115 .cra_alignmask = 3,
@@ -139,4 +137,4 @@ module_exit(fini);
139MODULE_LICENSE("GPL"); 137MODULE_LICENSE("GPL");
140MODULE_DESCRIPTION("SHA1 Secure Hash Algorithm"); 138MODULE_DESCRIPTION("SHA1 Secure Hash Algorithm");
141 139
142MODULE_ALIAS("sha1-generic"); 140MODULE_ALIAS("sha1");
diff --git a/crypto/sha256.c b/crypto/sha256_generic.c
index 716195bb54f2..5f4332edcf6b 100644
--- a/crypto/sha256.c
+++ b/crypto/sha256_generic.c
@@ -21,12 +21,10 @@
21#include <linux/mm.h> 21#include <linux/mm.h>
22#include <linux/crypto.h> 22#include <linux/crypto.h>
23#include <linux/types.h> 23#include <linux/types.h>
24#include <crypto/sha.h>
24#include <asm/scatterlist.h> 25#include <asm/scatterlist.h>
25#include <asm/byteorder.h> 26#include <asm/byteorder.h>
26 27
27#define SHA256_DIGEST_SIZE 32
28#define SHA256_HMAC_BLOCK_SIZE 64
29
30struct sha256_ctx { 28struct sha256_ctx {
31 u32 count[2]; 29 u32 count[2];
32 u32 state[8]; 30 u32 state[8];
@@ -48,15 +46,6 @@ static inline u32 Maj(u32 x, u32 y, u32 z)
48#define s0(x) (ror32(x, 7) ^ ror32(x,18) ^ (x >> 3)) 46#define s0(x) (ror32(x, 7) ^ ror32(x,18) ^ (x >> 3))
49#define s1(x) (ror32(x,17) ^ ror32(x,19) ^ (x >> 10)) 47#define s1(x) (ror32(x,17) ^ ror32(x,19) ^ (x >> 10))
50 48
51#define H0 0x6a09e667
52#define H1 0xbb67ae85
53#define H2 0x3c6ef372
54#define H3 0xa54ff53a
55#define H4 0x510e527f
56#define H5 0x9b05688c
57#define H6 0x1f83d9ab
58#define H7 0x5be0cd19
59
60static inline void LOAD_OP(int I, u32 *W, const u8 *input) 49static inline void LOAD_OP(int I, u32 *W, const u8 *input)
61{ 50{
62 W[I] = __be32_to_cpu( ((__be32*)(input))[I] ); 51 W[I] = __be32_to_cpu( ((__be32*)(input))[I] );
@@ -233,14 +222,14 @@ static void sha256_transform(u32 *state, const u8 *input)
233static void sha256_init(struct crypto_tfm *tfm) 222static void sha256_init(struct crypto_tfm *tfm)
234{ 223{
235 struct sha256_ctx *sctx = crypto_tfm_ctx(tfm); 224 struct sha256_ctx *sctx = crypto_tfm_ctx(tfm);
236 sctx->state[0] = H0; 225 sctx->state[0] = SHA256_H0;
237 sctx->state[1] = H1; 226 sctx->state[1] = SHA256_H1;
238 sctx->state[2] = H2; 227 sctx->state[2] = SHA256_H2;
239 sctx->state[3] = H3; 228 sctx->state[3] = SHA256_H3;
240 sctx->state[4] = H4; 229 sctx->state[4] = SHA256_H4;
241 sctx->state[5] = H5; 230 sctx->state[5] = SHA256_H5;
242 sctx->state[6] = H6; 231 sctx->state[6] = SHA256_H6;
243 sctx->state[7] = H7; 232 sctx->state[7] = SHA256_H7;
244 sctx->count[0] = sctx->count[1] = 0; 233 sctx->count[0] = sctx->count[1] = 0;
245} 234}
246 235
@@ -311,7 +300,7 @@ static struct crypto_alg alg = {
311 .cra_name = "sha256", 300 .cra_name = "sha256",
312 .cra_driver_name= "sha256-generic", 301 .cra_driver_name= "sha256-generic",
313 .cra_flags = CRYPTO_ALG_TYPE_DIGEST, 302 .cra_flags = CRYPTO_ALG_TYPE_DIGEST,
314 .cra_blocksize = SHA256_HMAC_BLOCK_SIZE, 303 .cra_blocksize = SHA256_BLOCK_SIZE,
315 .cra_ctxsize = sizeof(struct sha256_ctx), 304 .cra_ctxsize = sizeof(struct sha256_ctx),
316 .cra_module = THIS_MODULE, 305 .cra_module = THIS_MODULE,
317 .cra_alignmask = 3, 306 .cra_alignmask = 3,
@@ -339,4 +328,4 @@ module_exit(fini);
339MODULE_LICENSE("GPL"); 328MODULE_LICENSE("GPL");
340MODULE_DESCRIPTION("SHA256 Secure Hash Algorithm"); 329MODULE_DESCRIPTION("SHA256 Secure Hash Algorithm");
341 330
342MODULE_ALIAS("sha256-generic"); 331MODULE_ALIAS("sha256");
diff --git a/crypto/sha512.c b/crypto/sha512.c
index 15eab9db9be4..e736596ca574 100644
--- a/crypto/sha512.c
+++ b/crypto/sha512.c
@@ -13,20 +13,15 @@
13 13
14#include <linux/kernel.h> 14#include <linux/kernel.h>
15#include <linux/module.h> 15#include <linux/module.h>
16
17#include <linux/mm.h> 16#include <linux/mm.h>
18#include <linux/init.h> 17#include <linux/init.h>
19#include <linux/crypto.h> 18#include <linux/crypto.h>
20#include <linux/types.h> 19#include <linux/types.h>
20#include <crypto/sha.h>
21 21
22#include <asm/scatterlist.h> 22#include <asm/scatterlist.h>
23#include <asm/byteorder.h> 23#include <asm/byteorder.h>
24 24
25#define SHA384_DIGEST_SIZE 48
26#define SHA512_DIGEST_SIZE 64
27#define SHA384_HMAC_BLOCK_SIZE 128
28#define SHA512_HMAC_BLOCK_SIZE 128
29
30struct sha512_ctx { 25struct sha512_ctx {
31 u64 state[8]; 26 u64 state[8];
32 u32 count[4]; 27 u32 count[4];
@@ -84,26 +79,6 @@ static const u64 sha512_K[80] = {
84#define s0(x) (RORu64(x, 1) ^ RORu64(x, 8) ^ (x >> 7)) 79#define s0(x) (RORu64(x, 1) ^ RORu64(x, 8) ^ (x >> 7))
85#define s1(x) (RORu64(x,19) ^ RORu64(x,61) ^ (x >> 6)) 80#define s1(x) (RORu64(x,19) ^ RORu64(x,61) ^ (x >> 6))
86 81
87/* H* initial state for SHA-512 */
88#define H0 0x6a09e667f3bcc908ULL
89#define H1 0xbb67ae8584caa73bULL
90#define H2 0x3c6ef372fe94f82bULL
91#define H3 0xa54ff53a5f1d36f1ULL
92#define H4 0x510e527fade682d1ULL
93#define H5 0x9b05688c2b3e6c1fULL
94#define H6 0x1f83d9abfb41bd6bULL
95#define H7 0x5be0cd19137e2179ULL
96
97/* H'* initial state for SHA-384 */
98#define HP0 0xcbbb9d5dc1059ed8ULL
99#define HP1 0x629a292a367cd507ULL
100#define HP2 0x9159015a3070dd17ULL
101#define HP3 0x152fecd8f70e5939ULL
102#define HP4 0x67332667ffc00b31ULL
103#define HP5 0x8eb44a8768581511ULL
104#define HP6 0xdb0c2e0d64f98fa7ULL
105#define HP7 0x47b5481dbefa4fa4ULL
106
107static inline void LOAD_OP(int I, u64 *W, const u8 *input) 82static inline void LOAD_OP(int I, u64 *W, const u8 *input)
108{ 83{
109 W[I] = __be64_to_cpu( ((__be64*)(input))[I] ); 84 W[I] = __be64_to_cpu( ((__be64*)(input))[I] );
@@ -164,14 +139,14 @@ static void
164sha512_init(struct crypto_tfm *tfm) 139sha512_init(struct crypto_tfm *tfm)
165{ 140{
166 struct sha512_ctx *sctx = crypto_tfm_ctx(tfm); 141 struct sha512_ctx *sctx = crypto_tfm_ctx(tfm);
167 sctx->state[0] = H0; 142 sctx->state[0] = SHA512_H0;
168 sctx->state[1] = H1; 143 sctx->state[1] = SHA512_H1;
169 sctx->state[2] = H2; 144 sctx->state[2] = SHA512_H2;
170 sctx->state[3] = H3; 145 sctx->state[3] = SHA512_H3;
171 sctx->state[4] = H4; 146 sctx->state[4] = SHA512_H4;
172 sctx->state[5] = H5; 147 sctx->state[5] = SHA512_H5;
173 sctx->state[6] = H6; 148 sctx->state[6] = SHA512_H6;
174 sctx->state[7] = H7; 149 sctx->state[7] = SHA512_H7;
175 sctx->count[0] = sctx->count[1] = sctx->count[2] = sctx->count[3] = 0; 150 sctx->count[0] = sctx->count[1] = sctx->count[2] = sctx->count[3] = 0;
176} 151}
177 152
@@ -179,14 +154,14 @@ static void
179sha384_init(struct crypto_tfm *tfm) 154sha384_init(struct crypto_tfm *tfm)
180{ 155{
181 struct sha512_ctx *sctx = crypto_tfm_ctx(tfm); 156 struct sha512_ctx *sctx = crypto_tfm_ctx(tfm);
182 sctx->state[0] = HP0; 157 sctx->state[0] = SHA384_H0;
183 sctx->state[1] = HP1; 158 sctx->state[1] = SHA384_H1;
184 sctx->state[2] = HP2; 159 sctx->state[2] = SHA384_H2;
185 sctx->state[3] = HP3; 160 sctx->state[3] = SHA384_H3;
186 sctx->state[4] = HP4; 161 sctx->state[4] = SHA384_H4;
187 sctx->state[5] = HP5; 162 sctx->state[5] = SHA384_H5;
188 sctx->state[6] = HP6; 163 sctx->state[6] = SHA384_H6;
189 sctx->state[7] = HP7; 164 sctx->state[7] = SHA384_H7;
190 sctx->count[0] = sctx->count[1] = sctx->count[2] = sctx->count[3] = 0; 165 sctx->count[0] = sctx->count[1] = sctx->count[2] = sctx->count[3] = 0;
191} 166}
192 167
@@ -275,7 +250,7 @@ static void sha384_final(struct crypto_tfm *tfm, u8 *hash)
275static struct crypto_alg sha512 = { 250static struct crypto_alg sha512 = {
276 .cra_name = "sha512", 251 .cra_name = "sha512",
277 .cra_flags = CRYPTO_ALG_TYPE_DIGEST, 252 .cra_flags = CRYPTO_ALG_TYPE_DIGEST,
278 .cra_blocksize = SHA512_HMAC_BLOCK_SIZE, 253 .cra_blocksize = SHA512_BLOCK_SIZE,
279 .cra_ctxsize = sizeof(struct sha512_ctx), 254 .cra_ctxsize = sizeof(struct sha512_ctx),
280 .cra_module = THIS_MODULE, 255 .cra_module = THIS_MODULE,
281 .cra_alignmask = 3, 256 .cra_alignmask = 3,
@@ -291,7 +266,7 @@ static struct crypto_alg sha512 = {
291static struct crypto_alg sha384 = { 266static struct crypto_alg sha384 = {
292 .cra_name = "sha384", 267 .cra_name = "sha384",
293 .cra_flags = CRYPTO_ALG_TYPE_DIGEST, 268 .cra_flags = CRYPTO_ALG_TYPE_DIGEST,
294 .cra_blocksize = SHA384_HMAC_BLOCK_SIZE, 269 .cra_blocksize = SHA384_BLOCK_SIZE,
295 .cra_ctxsize = sizeof(struct sha512_ctx), 270 .cra_ctxsize = sizeof(struct sha512_ctx),
296 .cra_alignmask = 3, 271 .cra_alignmask = 3,
297 .cra_module = THIS_MODULE, 272 .cra_module = THIS_MODULE,
diff --git a/crypto/tcrypt.c b/crypto/tcrypt.c
index 11f935953816..18d489c8b935 100644
--- a/crypto/tcrypt.c
+++ b/crypto/tcrypt.c
@@ -78,7 +78,7 @@ static char *check[] = {
78 "twofish", "serpent", "sha384", "sha512", "md4", "aes", "cast6", 78 "twofish", "serpent", "sha384", "sha512", "md4", "aes", "cast6",
79 "arc4", "michael_mic", "deflate", "crc32c", "tea", "xtea", 79 "arc4", "michael_mic", "deflate", "crc32c", "tea", "xtea",
80 "khazad", "wp512", "wp384", "wp256", "tnepres", "xeta", "fcrypt", 80 "khazad", "wp512", "wp384", "wp256", "tnepres", "xeta", "fcrypt",
81 "camellia", NULL 81 "camellia", "seed", NULL
82}; 82};
83 83
84static void hexdump(unsigned char *buf, unsigned int len) 84static void hexdump(unsigned char *buf, unsigned int len)
@@ -955,6 +955,10 @@ static void do_test(void)
955 AES_LRW_ENC_TEST_VECTORS); 955 AES_LRW_ENC_TEST_VECTORS);
956 test_cipher("lrw(aes)", DECRYPT, aes_lrw_dec_tv_template, 956 test_cipher("lrw(aes)", DECRYPT, aes_lrw_dec_tv_template,
957 AES_LRW_DEC_TEST_VECTORS); 957 AES_LRW_DEC_TEST_VECTORS);
958 test_cipher("xts(aes)", ENCRYPT, aes_xts_enc_tv_template,
959 AES_XTS_ENC_TEST_VECTORS);
960 test_cipher("xts(aes)", DECRYPT, aes_xts_dec_tv_template,
961 AES_XTS_DEC_TEST_VECTORS);
958 962
959 //CAST5 963 //CAST5
960 test_cipher("ecb(cast5)", ENCRYPT, cast5_enc_tv_template, 964 test_cipher("ecb(cast5)", ENCRYPT, cast5_enc_tv_template,
@@ -1029,6 +1033,12 @@ static void do_test(void)
1029 camellia_cbc_dec_tv_template, 1033 camellia_cbc_dec_tv_template,
1030 CAMELLIA_CBC_DEC_TEST_VECTORS); 1034 CAMELLIA_CBC_DEC_TEST_VECTORS);
1031 1035
1036 //SEED
1037 test_cipher("ecb(seed)", ENCRYPT, seed_enc_tv_template,
1038 SEED_ENC_TEST_VECTORS);
1039 test_cipher("ecb(seed)", DECRYPT, seed_dec_tv_template,
1040 SEED_DEC_TEST_VECTORS);
1041
1032 test_hash("sha384", sha384_tv_template, SHA384_TEST_VECTORS); 1042 test_hash("sha384", sha384_tv_template, SHA384_TEST_VECTORS);
1033 test_hash("sha512", sha512_tv_template, SHA512_TEST_VECTORS); 1043 test_hash("sha512", sha512_tv_template, SHA512_TEST_VECTORS);
1034 test_hash("wp512", wp512_tv_template, WP512_TEST_VECTORS); 1044 test_hash("wp512", wp512_tv_template, WP512_TEST_VECTORS);
@@ -1132,6 +1142,10 @@ static void do_test(void)
1132 AES_LRW_ENC_TEST_VECTORS); 1142 AES_LRW_ENC_TEST_VECTORS);
1133 test_cipher("lrw(aes)", DECRYPT, aes_lrw_dec_tv_template, 1143 test_cipher("lrw(aes)", DECRYPT, aes_lrw_dec_tv_template,
1134 AES_LRW_DEC_TEST_VECTORS); 1144 AES_LRW_DEC_TEST_VECTORS);
1145 test_cipher("xts(aes)", ENCRYPT, aes_xts_enc_tv_template,
1146 AES_XTS_ENC_TEST_VECTORS);
1147 test_cipher("xts(aes)", DECRYPT, aes_xts_dec_tv_template,
1148 AES_XTS_DEC_TEST_VECTORS);
1135 break; 1149 break;
1136 1150
1137 case 11: 1151 case 11:
@@ -1307,6 +1321,10 @@ static void do_test(void)
1307 aes_lrw_speed_template); 1321 aes_lrw_speed_template);
1308 test_cipher_speed("lrw(aes)", DECRYPT, sec, NULL, 0, 1322 test_cipher_speed("lrw(aes)", DECRYPT, sec, NULL, 0,
1309 aes_lrw_speed_template); 1323 aes_lrw_speed_template);
1324 test_cipher_speed("xts(aes)", ENCRYPT, sec, NULL, 0,
1325 aes_xts_speed_template);
1326 test_cipher_speed("xts(aes)", DECRYPT, sec, NULL, 0,
1327 aes_xts_speed_template);
1310 break; 1328 break;
1311 1329
1312 case 201: 1330 case 201:
diff --git a/crypto/tcrypt.h b/crypto/tcrypt.h
index 887527bd5bc6..ec861388d9a0 100644
--- a/crypto/tcrypt.h
+++ b/crypto/tcrypt.h
@@ -2144,6 +2144,8 @@ static struct cipher_testvec cast6_dec_tv_template[] = {
2144#define AES_CBC_DEC_TEST_VECTORS 2 2144#define AES_CBC_DEC_TEST_VECTORS 2
2145#define AES_LRW_ENC_TEST_VECTORS 8 2145#define AES_LRW_ENC_TEST_VECTORS 8
2146#define AES_LRW_DEC_TEST_VECTORS 8 2146#define AES_LRW_DEC_TEST_VECTORS 8
2147#define AES_XTS_ENC_TEST_VECTORS 4
2148#define AES_XTS_DEC_TEST_VECTORS 4
2147 2149
2148static struct cipher_testvec aes_enc_tv_template[] = { 2150static struct cipher_testvec aes_enc_tv_template[] = {
2149 { /* From FIPS-197 */ 2151 { /* From FIPS-197 */
@@ -2784,6 +2786,400 @@ static struct cipher_testvec aes_lrw_dec_tv_template[] = {
2784 } 2786 }
2785}; 2787};
2786 2788
2789static struct cipher_testvec aes_xts_enc_tv_template[] = {
2790 /* http://grouper.ieee.org/groups/1619/email/pdf00086.pdf */
2791 { /* XTS-AES 1 */
2792 .key = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2793 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2794 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2795 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
2796 .klen = 32,
2797 .iv = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2798 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
2799 .input = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2800 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2801 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2802 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
2803 .ilen = 32,
2804 .result = { 0x91, 0x7c, 0xf6, 0x9e, 0xbd, 0x68, 0xb2, 0xec,
2805 0x9b, 0x9f, 0xe9, 0xa3, 0xea, 0xdd, 0xa6, 0x92,
2806 0xcd, 0x43, 0xd2, 0xf5, 0x95, 0x98, 0xed, 0x85,
2807 0x8c, 0x02, 0xc2, 0x65, 0x2f, 0xbf, 0x92, 0x2e },
2808 .rlen = 32,
2809 }, { /* XTS-AES 2 */
2810 .key = { 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11,
2811 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11,
2812 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22,
2813 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22 },
2814 .klen = 32,
2815 .iv = { 0x33, 0x33, 0x33, 0x33, 0x33, 0x00, 0x00, 0x00,
2816 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
2817 .input = { 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44,
2818 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44,
2819 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44,
2820 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44 },
2821 .ilen = 32,
2822 .result = { 0xc4, 0x54, 0x18, 0x5e, 0x6a, 0x16, 0x93, 0x6e,
2823 0x39, 0x33, 0x40, 0x38, 0xac, 0xef, 0x83, 0x8b,
2824 0xfb, 0x18, 0x6f, 0xff, 0x74, 0x80, 0xad, 0xc4,
2825 0x28, 0x93, 0x82, 0xec, 0xd6, 0xd3, 0x94, 0xf0 },
2826 .rlen = 32,
2827 }, { /* XTS-AES 3 */
2828 .key = { 0xff, 0xfe, 0xfd, 0xfc, 0xfb, 0xfa, 0xf9, 0xf8,
2829 0xf7, 0xf6, 0xf5, 0xf4, 0xf3, 0xf2, 0xf1, 0xf0,
2830 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22,
2831 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22 },
2832 .klen = 32,
2833 .iv = { 0x33, 0x33, 0x33, 0x33, 0x33, 0x00, 0x00, 0x00,
2834 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
2835 .input = { 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44,
2836 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44,
2837 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44,
2838 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44 },
2839 .ilen = 32,
2840 .result = { 0xaf, 0x85, 0x33, 0x6b, 0x59, 0x7a, 0xfc, 0x1a,
2841 0x90, 0x0b, 0x2e, 0xb2, 0x1e, 0xc9, 0x49, 0xd2,
2842 0x92, 0xdf, 0x4c, 0x04, 0x7e, 0x0b, 0x21, 0x53,
2843 0x21, 0x86, 0xa5, 0x97, 0x1a, 0x22, 0x7a, 0x89 },
2844 .rlen = 32,
2845 }, { /* XTS-AES 4 */
2846 .key = { 0x27, 0x18, 0x28, 0x18, 0x28, 0x45, 0x90, 0x45,
2847 0x23, 0x53, 0x60, 0x28, 0x74, 0x71, 0x35, 0x26,
2848 0x31, 0x41, 0x59, 0x26, 0x53, 0x58, 0x97, 0x93,
2849 0x23, 0x84, 0x62, 0x64, 0x33, 0x83, 0x27, 0x95 },
2850 .klen = 32,
2851 .iv = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2852 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
2853 .input = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
2854 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
2855 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
2856 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
2857 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
2858 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f,
2859 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
2860 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f,
2861 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47,
2862 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f,
2863 0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
2864 0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f,
2865 0x60, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67,
2866 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f,
2867 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77,
2868 0x78, 0x79, 0x7a, 0x7b, 0x7c, 0x7d, 0x7e, 0x7f,
2869 0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87,
2870 0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f,
2871 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97,
2872 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f,
2873 0xa0, 0xa1, 0xa2, 0xa3, 0xa4, 0xa5, 0xa6, 0xa7,
2874 0xa8, 0xa9, 0xaa, 0xab, 0xac, 0xad, 0xae, 0xaf,
2875 0xb0, 0xb1, 0xb2, 0xb3, 0xb4, 0xb5, 0xb6, 0xb7,
2876 0xb8, 0xb9, 0xba, 0xbb, 0xbc, 0xbd, 0xbe, 0xbf,
2877 0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7,
2878 0xc8, 0xc9, 0xca, 0xcb, 0xcc, 0xcd, 0xce, 0xcf,
2879 0xd0, 0xd1, 0xd2, 0xd3, 0xd4, 0xd5, 0xd6, 0xd7,
2880 0xd8, 0xd9, 0xda, 0xdb, 0xdc, 0xdd, 0xde, 0xdf,
2881 0xe0, 0xe1, 0xe2, 0xe3, 0xe4, 0xe5, 0xe6, 0xe7,
2882 0xe8, 0xe9, 0xea, 0xeb, 0xec, 0xed, 0xee, 0xef,
2883 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7,
2884 0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd, 0xfe, 0xff,
2885 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
2886 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
2887 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
2888 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
2889 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
2890 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f,
2891 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
2892 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f,
2893 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47,
2894 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f,
2895 0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
2896 0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f,
2897 0x60, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67,
2898 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f,
2899 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77,
2900 0x78, 0x79, 0x7a, 0x7b, 0x7c, 0x7d, 0x7e, 0x7f,
2901 0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87,
2902 0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f,
2903 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97,
2904 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f,
2905 0xa0, 0xa1, 0xa2, 0xa3, 0xa4, 0xa5, 0xa6, 0xa7,
2906 0xa8, 0xa9, 0xaa, 0xab, 0xac, 0xad, 0xae, 0xaf,
2907 0xb0, 0xb1, 0xb2, 0xb3, 0xb4, 0xb5, 0xb6, 0xb7,
2908 0xb8, 0xb9, 0xba, 0xbb, 0xbc, 0xbd, 0xbe, 0xbf,
2909 0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7,
2910 0xc8, 0xc9, 0xca, 0xcb, 0xcc, 0xcd, 0xce, 0xcf,
2911 0xd0, 0xd1, 0xd2, 0xd3, 0xd4, 0xd5, 0xd6, 0xd7,
2912 0xd8, 0xd9, 0xda, 0xdb, 0xdc, 0xdd, 0xde, 0xdf,
2913 0xe0, 0xe1, 0xe2, 0xe3, 0xe4, 0xe5, 0xe6, 0xe7,
2914 0xe8, 0xe9, 0xea, 0xeb, 0xec, 0xed, 0xee, 0xef,
2915 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7,
2916 0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd, 0xfe, 0xff },
2917 .ilen = 512,
2918 .result = { 0x27, 0xa7, 0x47, 0x9b, 0xef, 0xa1, 0xd4, 0x76,
2919 0x48, 0x9f, 0x30, 0x8c, 0xd4, 0xcf, 0xa6, 0xe2,
2920 0xa9, 0x6e, 0x4b, 0xbe, 0x32, 0x08, 0xff, 0x25,
2921 0x28, 0x7d, 0xd3, 0x81, 0x96, 0x16, 0xe8, 0x9c,
2922 0xc7, 0x8c, 0xf7, 0xf5, 0xe5, 0x43, 0x44, 0x5f,
2923 0x83, 0x33, 0xd8, 0xfa, 0x7f, 0x56, 0x00, 0x00,
2924 0x05, 0x27, 0x9f, 0xa5, 0xd8, 0xb5, 0xe4, 0xad,
2925 0x40, 0xe7, 0x36, 0xdd, 0xb4, 0xd3, 0x54, 0x12,
2926 0x32, 0x80, 0x63, 0xfd, 0x2a, 0xab, 0x53, 0xe5,
2927 0xea, 0x1e, 0x0a, 0x9f, 0x33, 0x25, 0x00, 0xa5,
2928 0xdf, 0x94, 0x87, 0xd0, 0x7a, 0x5c, 0x92, 0xcc,
2929 0x51, 0x2c, 0x88, 0x66, 0xc7, 0xe8, 0x60, 0xce,
2930 0x93, 0xfd, 0xf1, 0x66, 0xa2, 0x49, 0x12, 0xb4,
2931 0x22, 0x97, 0x61, 0x46, 0xae, 0x20, 0xce, 0x84,
2932 0x6b, 0xb7, 0xdc, 0x9b, 0xa9, 0x4a, 0x76, 0x7a,
2933 0xae, 0xf2, 0x0c, 0x0d, 0x61, 0xad, 0x02, 0x65,
2934 0x5e, 0xa9, 0x2d, 0xc4, 0xc4, 0xe4, 0x1a, 0x89,
2935 0x52, 0xc6, 0x51, 0xd3, 0x31, 0x74, 0xbe, 0x51,
2936 0xa1, 0x0c, 0x42, 0x11, 0x10, 0xe6, 0xd8, 0x15,
2937 0x88, 0xed, 0xe8, 0x21, 0x03, 0xa2, 0x52, 0xd8,
2938 0xa7, 0x50, 0xe8, 0x76, 0x8d, 0xef, 0xff, 0xed,
2939 0x91, 0x22, 0x81, 0x0a, 0xae, 0xb9, 0x9f, 0x91,
2940 0x72, 0xaf, 0x82, 0xb6, 0x04, 0xdc, 0x4b, 0x8e,
2941 0x51, 0xbc, 0xb0, 0x82, 0x35, 0xa6, 0xf4, 0x34,
2942 0x13, 0x32, 0xe4, 0xca, 0x60, 0x48, 0x2a, 0x4b,
2943 0xa1, 0xa0, 0x3b, 0x3e, 0x65, 0x00, 0x8f, 0xc5,
2944 0xda, 0x76, 0xb7, 0x0b, 0xf1, 0x69, 0x0d, 0xb4,
2945 0xea, 0xe2, 0x9c, 0x5f, 0x1b, 0xad, 0xd0, 0x3c,
2946 0x5c, 0xcf, 0x2a, 0x55, 0xd7, 0x05, 0xdd, 0xcd,
2947 0x86, 0xd4, 0x49, 0x51, 0x1c, 0xeb, 0x7e, 0xc3,
2948 0x0b, 0xf1, 0x2b, 0x1f, 0xa3, 0x5b, 0x91, 0x3f,
2949 0x9f, 0x74, 0x7a, 0x8a, 0xfd, 0x1b, 0x13, 0x0e,
2950 0x94, 0xbf, 0xf9, 0x4e, 0xff, 0xd0, 0x1a, 0x91,
2951 0x73, 0x5c, 0xa1, 0x72, 0x6a, 0xcd, 0x0b, 0x19,
2952 0x7c, 0x4e, 0x5b, 0x03, 0x39, 0x36, 0x97, 0xe1,
2953 0x26, 0x82, 0x6f, 0xb6, 0xbb, 0xde, 0x8e, 0xcc,
2954 0x1e, 0x08, 0x29, 0x85, 0x16, 0xe2, 0xc9, 0xed,
2955 0x03, 0xff, 0x3c, 0x1b, 0x78, 0x60, 0xf6, 0xde,
2956 0x76, 0xd4, 0xce, 0xcd, 0x94, 0xc8, 0x11, 0x98,
2957 0x55, 0xef, 0x52, 0x97, 0xca, 0x67, 0xe9, 0xf3,
2958 0xe7, 0xff, 0x72, 0xb1, 0xe9, 0x97, 0x85, 0xca,
2959 0x0a, 0x7e, 0x77, 0x20, 0xc5, 0xb3, 0x6d, 0xc6,
2960 0xd7, 0x2c, 0xac, 0x95, 0x74, 0xc8, 0xcb, 0xbc,
2961 0x2f, 0x80, 0x1e, 0x23, 0xe5, 0x6f, 0xd3, 0x44,
2962 0xb0, 0x7f, 0x22, 0x15, 0x4b, 0xeb, 0xa0, 0xf0,
2963 0x8c, 0xe8, 0x89, 0x1e, 0x64, 0x3e, 0xd9, 0x95,
2964 0xc9, 0x4d, 0x9a, 0x69, 0xc9, 0xf1, 0xb5, 0xf4,
2965 0x99, 0x02, 0x7a, 0x78, 0x57, 0x2a, 0xee, 0xbd,
2966 0x74, 0xd2, 0x0c, 0xc3, 0x98, 0x81, 0xc2, 0x13,
2967 0xee, 0x77, 0x0b, 0x10, 0x10, 0xe4, 0xbe, 0xa7,
2968 0x18, 0x84, 0x69, 0x77, 0xae, 0x11, 0x9f, 0x7a,
2969 0x02, 0x3a, 0xb5, 0x8c, 0xca, 0x0a, 0xd7, 0x52,
2970 0xaf, 0xe6, 0x56, 0xbb, 0x3c, 0x17, 0x25, 0x6a,
2971 0x9f, 0x6e, 0x9b, 0xf1, 0x9f, 0xdd, 0x5a, 0x38,
2972 0xfc, 0x82, 0xbb, 0xe8, 0x72, 0xc5, 0x53, 0x9e,
2973 0xdb, 0x60, 0x9e, 0xf4, 0xf7, 0x9c, 0x20, 0x3e,
2974 0xbb, 0x14, 0x0f, 0x2e, 0x58, 0x3c, 0xb2, 0xad,
2975 0x15, 0xb4, 0xaa, 0x5b, 0x65, 0x50, 0x16, 0xa8,
2976 0x44, 0x92, 0x77, 0xdb, 0xd4, 0x77, 0xef, 0x2c,
2977 0x8d, 0x6c, 0x01, 0x7d, 0xb7, 0x38, 0xb1, 0x8d,
2978 0xeb, 0x4a, 0x42, 0x7d, 0x19, 0x23, 0xce, 0x3f,
2979 0xf2, 0x62, 0x73, 0x57, 0x79, 0xa4, 0x18, 0xf2,
2980 0x0a, 0x28, 0x2d, 0xf9, 0x20, 0x14, 0x7b, 0xea,
2981 0xbe, 0x42, 0x1e, 0xe5, 0x31, 0x9d, 0x05, 0x68 },
2982 .rlen = 512,
2983 }
2984};
2985
2986static struct cipher_testvec aes_xts_dec_tv_template[] = {
2987 /* http://grouper.ieee.org/groups/1619/email/pdf00086.pdf */
2988 { /* XTS-AES 1 */
2989 .key = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2990 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2991 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2992 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
2993 .klen = 32,
2994 .iv = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2995 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
2996 .input = { 0x91, 0x7c, 0xf6, 0x9e, 0xbd, 0x68, 0xb2, 0xec,
2997 0x9b, 0x9f, 0xe9, 0xa3, 0xea, 0xdd, 0xa6, 0x92,
2998 0xcd, 0x43, 0xd2, 0xf5, 0x95, 0x98, 0xed, 0x85,
2999 0x8c, 0x02, 0xc2, 0x65, 0x2f, 0xbf, 0x92, 0x2e },
3000 .ilen = 32,
3001 .result = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
3002 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
3003 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
3004 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
3005 .rlen = 32,
3006 }, { /* XTS-AES 2 */
3007 .key = { 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11,
3008 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11,
3009 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22,
3010 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22 },
3011 .klen = 32,
3012 .iv = { 0x33, 0x33, 0x33, 0x33, 0x33, 0x00, 0x00, 0x00,
3013 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
3014 .input = { 0xc4, 0x54, 0x18, 0x5e, 0x6a, 0x16, 0x93, 0x6e,
3015 0x39, 0x33, 0x40, 0x38, 0xac, 0xef, 0x83, 0x8b,
3016 0xfb, 0x18, 0x6f, 0xff, 0x74, 0x80, 0xad, 0xc4,
3017 0x28, 0x93, 0x82, 0xec, 0xd6, 0xd3, 0x94, 0xf0 },
3018 .ilen = 32,
3019 .result = { 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44,
3020 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44,
3021 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44,
3022 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44 },
3023 .rlen = 32,
3024 }, { /* XTS-AES 3 */
3025 .key = { 0xff, 0xfe, 0xfd, 0xfc, 0xfb, 0xfa, 0xf9, 0xf8,
3026 0xf7, 0xf6, 0xf5, 0xf4, 0xf3, 0xf2, 0xf1, 0xf0,
3027 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22,
3028 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22 },
3029 .klen = 32,
3030 .iv = { 0x33, 0x33, 0x33, 0x33, 0x33, 0x00, 0x00, 0x00,
3031 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
3032 .input = { 0xaf, 0x85, 0x33, 0x6b, 0x59, 0x7a, 0xfc, 0x1a,
3033 0x90, 0x0b, 0x2e, 0xb2, 0x1e, 0xc9, 0x49, 0xd2,
3034 0x92, 0xdf, 0x4c, 0x04, 0x7e, 0x0b, 0x21, 0x53,
3035 0x21, 0x86, 0xa5, 0x97, 0x1a, 0x22, 0x7a, 0x89 },
3036 .ilen = 32,
3037 .result = { 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44,
3038 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44,
3039 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44,
3040 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44 },
3041 .rlen = 32,
3042 }, { /* XTS-AES 4 */
3043 .key = { 0x27, 0x18, 0x28, 0x18, 0x28, 0x45, 0x90, 0x45,
3044 0x23, 0x53, 0x60, 0x28, 0x74, 0x71, 0x35, 0x26,
3045 0x31, 0x41, 0x59, 0x26, 0x53, 0x58, 0x97, 0x93,
3046 0x23, 0x84, 0x62, 0x64, 0x33, 0x83, 0x27, 0x95 },
3047 .klen = 32,
3048 .iv = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
3049 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
3050 .input = { 0x27, 0xa7, 0x47, 0x9b, 0xef, 0xa1, 0xd4, 0x76,
3051 0x48, 0x9f, 0x30, 0x8c, 0xd4, 0xcf, 0xa6, 0xe2,
3052 0xa9, 0x6e, 0x4b, 0xbe, 0x32, 0x08, 0xff, 0x25,
3053 0x28, 0x7d, 0xd3, 0x81, 0x96, 0x16, 0xe8, 0x9c,
3054 0xc7, 0x8c, 0xf7, 0xf5, 0xe5, 0x43, 0x44, 0x5f,
3055 0x83, 0x33, 0xd8, 0xfa, 0x7f, 0x56, 0x00, 0x00,
3056 0x05, 0x27, 0x9f, 0xa5, 0xd8, 0xb5, 0xe4, 0xad,
3057 0x40, 0xe7, 0x36, 0xdd, 0xb4, 0xd3, 0x54, 0x12,
3058 0x32, 0x80, 0x63, 0xfd, 0x2a, 0xab, 0x53, 0xe5,
3059 0xea, 0x1e, 0x0a, 0x9f, 0x33, 0x25, 0x00, 0xa5,
3060 0xdf, 0x94, 0x87, 0xd0, 0x7a, 0x5c, 0x92, 0xcc,
3061 0x51, 0x2c, 0x88, 0x66, 0xc7, 0xe8, 0x60, 0xce,
3062 0x93, 0xfd, 0xf1, 0x66, 0xa2, 0x49, 0x12, 0xb4,
3063 0x22, 0x97, 0x61, 0x46, 0xae, 0x20, 0xce, 0x84,
3064 0x6b, 0xb7, 0xdc, 0x9b, 0xa9, 0x4a, 0x76, 0x7a,
3065 0xae, 0xf2, 0x0c, 0x0d, 0x61, 0xad, 0x02, 0x65,
3066 0x5e, 0xa9, 0x2d, 0xc4, 0xc4, 0xe4, 0x1a, 0x89,
3067 0x52, 0xc6, 0x51, 0xd3, 0x31, 0x74, 0xbe, 0x51,
3068 0xa1, 0x0c, 0x42, 0x11, 0x10, 0xe6, 0xd8, 0x15,
3069 0x88, 0xed, 0xe8, 0x21, 0x03, 0xa2, 0x52, 0xd8,
3070 0xa7, 0x50, 0xe8, 0x76, 0x8d, 0xef, 0xff, 0xed,
3071 0x91, 0x22, 0x81, 0x0a, 0xae, 0xb9, 0x9f, 0x91,
3072 0x72, 0xaf, 0x82, 0xb6, 0x04, 0xdc, 0x4b, 0x8e,
3073 0x51, 0xbc, 0xb0, 0x82, 0x35, 0xa6, 0xf4, 0x34,
3074 0x13, 0x32, 0xe4, 0xca, 0x60, 0x48, 0x2a, 0x4b,
3075 0xa1, 0xa0, 0x3b, 0x3e, 0x65, 0x00, 0x8f, 0xc5,
3076 0xda, 0x76, 0xb7, 0x0b, 0xf1, 0x69, 0x0d, 0xb4,
3077 0xea, 0xe2, 0x9c, 0x5f, 0x1b, 0xad, 0xd0, 0x3c,
3078 0x5c, 0xcf, 0x2a, 0x55, 0xd7, 0x05, 0xdd, 0xcd,
3079 0x86, 0xd4, 0x49, 0x51, 0x1c, 0xeb, 0x7e, 0xc3,
3080 0x0b, 0xf1, 0x2b, 0x1f, 0xa3, 0x5b, 0x91, 0x3f,
3081 0x9f, 0x74, 0x7a, 0x8a, 0xfd, 0x1b, 0x13, 0x0e,
3082 0x94, 0xbf, 0xf9, 0x4e, 0xff, 0xd0, 0x1a, 0x91,
3083 0x73, 0x5c, 0xa1, 0x72, 0x6a, 0xcd, 0x0b, 0x19,
3084 0x7c, 0x4e, 0x5b, 0x03, 0x39, 0x36, 0x97, 0xe1,
3085 0x26, 0x82, 0x6f, 0xb6, 0xbb, 0xde, 0x8e, 0xcc,
3086 0x1e, 0x08, 0x29, 0x85, 0x16, 0xe2, 0xc9, 0xed,
3087 0x03, 0xff, 0x3c, 0x1b, 0x78, 0x60, 0xf6, 0xde,
3088 0x76, 0xd4, 0xce, 0xcd, 0x94, 0xc8, 0x11, 0x98,
3089 0x55, 0xef, 0x52, 0x97, 0xca, 0x67, 0xe9, 0xf3,
3090 0xe7, 0xff, 0x72, 0xb1, 0xe9, 0x97, 0x85, 0xca,
3091 0x0a, 0x7e, 0x77, 0x20, 0xc5, 0xb3, 0x6d, 0xc6,
3092 0xd7, 0x2c, 0xac, 0x95, 0x74, 0xc8, 0xcb, 0xbc,
3093 0x2f, 0x80, 0x1e, 0x23, 0xe5, 0x6f, 0xd3, 0x44,
3094 0xb0, 0x7f, 0x22, 0x15, 0x4b, 0xeb, 0xa0, 0xf0,
3095 0x8c, 0xe8, 0x89, 0x1e, 0x64, 0x3e, 0xd9, 0x95,
3096 0xc9, 0x4d, 0x9a, 0x69, 0xc9, 0xf1, 0xb5, 0xf4,
3097 0x99, 0x02, 0x7a, 0x78, 0x57, 0x2a, 0xee, 0xbd,
3098 0x74, 0xd2, 0x0c, 0xc3, 0x98, 0x81, 0xc2, 0x13,
3099 0xee, 0x77, 0x0b, 0x10, 0x10, 0xe4, 0xbe, 0xa7,
3100 0x18, 0x84, 0x69, 0x77, 0xae, 0x11, 0x9f, 0x7a,
3101 0x02, 0x3a, 0xb5, 0x8c, 0xca, 0x0a, 0xd7, 0x52,
3102 0xaf, 0xe6, 0x56, 0xbb, 0x3c, 0x17, 0x25, 0x6a,
3103 0x9f, 0x6e, 0x9b, 0xf1, 0x9f, 0xdd, 0x5a, 0x38,
3104 0xfc, 0x82, 0xbb, 0xe8, 0x72, 0xc5, 0x53, 0x9e,
3105 0xdb, 0x60, 0x9e, 0xf4, 0xf7, 0x9c, 0x20, 0x3e,
3106 0xbb, 0x14, 0x0f, 0x2e, 0x58, 0x3c, 0xb2, 0xad,
3107 0x15, 0xb4, 0xaa, 0x5b, 0x65, 0x50, 0x16, 0xa8,
3108 0x44, 0x92, 0x77, 0xdb, 0xd4, 0x77, 0xef, 0x2c,
3109 0x8d, 0x6c, 0x01, 0x7d, 0xb7, 0x38, 0xb1, 0x8d,
3110 0xeb, 0x4a, 0x42, 0x7d, 0x19, 0x23, 0xce, 0x3f,
3111 0xf2, 0x62, 0x73, 0x57, 0x79, 0xa4, 0x18, 0xf2,
3112 0x0a, 0x28, 0x2d, 0xf9, 0x20, 0x14, 0x7b, 0xea,
3113 0xbe, 0x42, 0x1e, 0xe5, 0x31, 0x9d, 0x05, 0x68 },
3114 .ilen = 512,
3115 .result = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
3116 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
3117 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
3118 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
3119 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
3120 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f,
3121 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
3122 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f,
3123 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47,
3124 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f,
3125 0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
3126 0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f,
3127 0x60, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67,
3128 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f,
3129 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77,
3130 0x78, 0x79, 0x7a, 0x7b, 0x7c, 0x7d, 0x7e, 0x7f,
3131 0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87,
3132 0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f,
3133 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97,
3134 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f,
3135 0xa0, 0xa1, 0xa2, 0xa3, 0xa4, 0xa5, 0xa6, 0xa7,
3136 0xa8, 0xa9, 0xaa, 0xab, 0xac, 0xad, 0xae, 0xaf,
3137 0xb0, 0xb1, 0xb2, 0xb3, 0xb4, 0xb5, 0xb6, 0xb7,
3138 0xb8, 0xb9, 0xba, 0xbb, 0xbc, 0xbd, 0xbe, 0xbf,
3139 0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7,
3140 0xc8, 0xc9, 0xca, 0xcb, 0xcc, 0xcd, 0xce, 0xcf,
3141 0xd0, 0xd1, 0xd2, 0xd3, 0xd4, 0xd5, 0xd6, 0xd7,
3142 0xd8, 0xd9, 0xda, 0xdb, 0xdc, 0xdd, 0xde, 0xdf,
3143 0xe0, 0xe1, 0xe2, 0xe3, 0xe4, 0xe5, 0xe6, 0xe7,
3144 0xe8, 0xe9, 0xea, 0xeb, 0xec, 0xed, 0xee, 0xef,
3145 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7,
3146 0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd, 0xfe, 0xff,
3147 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
3148 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
3149 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
3150 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
3151 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
3152 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f,
3153 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
3154 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f,
3155 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47,
3156 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f,
3157 0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
3158 0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f,
3159 0x60, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67,
3160 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f,
3161 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77,
3162 0x78, 0x79, 0x7a, 0x7b, 0x7c, 0x7d, 0x7e, 0x7f,
3163 0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87,
3164 0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f,
3165 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97,
3166 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f,
3167 0xa0, 0xa1, 0xa2, 0xa3, 0xa4, 0xa5, 0xa6, 0xa7,
3168 0xa8, 0xa9, 0xaa, 0xab, 0xac, 0xad, 0xae, 0xaf,
3169 0xb0, 0xb1, 0xb2, 0xb3, 0xb4, 0xb5, 0xb6, 0xb7,
3170 0xb8, 0xb9, 0xba, 0xbb, 0xbc, 0xbd, 0xbe, 0xbf,
3171 0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7,
3172 0xc8, 0xc9, 0xca, 0xcb, 0xcc, 0xcd, 0xce, 0xcf,
3173 0xd0, 0xd1, 0xd2, 0xd3, 0xd4, 0xd5, 0xd6, 0xd7,
3174 0xd8, 0xd9, 0xda, 0xdb, 0xdc, 0xdd, 0xde, 0xdf,
3175 0xe0, 0xe1, 0xe2, 0xe3, 0xe4, 0xe5, 0xe6, 0xe7,
3176 0xe8, 0xe9, 0xea, 0xeb, 0xec, 0xed, 0xee, 0xef,
3177 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7,
3178 0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd, 0xfe, 0xff },
3179 .rlen = 512,
3180 }
3181};
3182
2787/* Cast5 test vectors from RFC 2144 */ 3183/* Cast5 test vectors from RFC 2144 */
2788#define CAST5_ENC_TEST_VECTORS 3 3184#define CAST5_ENC_TEST_VECTORS 3
2789#define CAST5_DEC_TEST_VECTORS 3 3185#define CAST5_DEC_TEST_VECTORS 3
@@ -3832,6 +4228,96 @@ static struct cipher_testvec camellia_cbc_dec_tv_template[] = {
3832}; 4228};
3833 4229
3834/* 4230/*
4231 * SEED test vectors
4232 */
4233#define SEED_ENC_TEST_VECTORS 4
4234#define SEED_DEC_TEST_VECTORS 4
4235
4236static struct cipher_testvec seed_enc_tv_template[] = {
4237 {
4238 .key = { [0 ... 15] = 0x00 },
4239 .klen = 16,
4240 .input = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
4241 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f },
4242 .ilen = 16,
4243 .result = { 0x5e, 0xba, 0xc6, 0xe0, 0x05, 0x4e, 0x16, 0x68,
4244 0x19, 0xaf, 0xf1, 0xcc, 0x6d, 0x34, 0x6c, 0xdb },
4245 .rlen = 16,
4246 }, {
4247 .key = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
4248 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f },
4249 .klen = 16,
4250 .input = { [0 ... 15] = 0x00 },
4251 .ilen = 16,
4252 .result = { 0xc1, 0x1f, 0x22, 0xf2, 0x01, 0x40, 0x50, 0x50,
4253 0x84, 0x48, 0x35, 0x97, 0xe4, 0x37, 0x0f, 0x43 },
4254 .rlen = 16,
4255 }, {
4256 .key = { 0x47, 0x06, 0x48, 0x08, 0x51, 0xe6, 0x1b, 0xe8,
4257 0x5d, 0x74, 0xbf, 0xb3, 0xfd, 0x95, 0x61, 0x85 },
4258 .klen = 16,
4259 .input = { 0x83, 0xa2, 0xf8, 0xa2, 0x88, 0x64, 0x1f, 0xb9,
4260 0xa4, 0xe9, 0xa5, 0xcc, 0x2f, 0x13, 0x1c, 0x7d },
4261 .ilen = 16,
4262 .result = { 0xee, 0x54, 0xd1, 0x3e, 0xbc, 0xae, 0x70, 0x6d,
4263 0x22, 0x6b, 0xc3, 0x14, 0x2c, 0xd4, 0x0d, 0x4a },
4264 .rlen = 16,
4265 }, {
4266 .key = { 0x28, 0xdb, 0xc3, 0xbc, 0x49, 0xff, 0xd8, 0x7d,
4267 0xcf, 0xa5, 0x09, 0xb1, 0x1d, 0x42, 0x2b, 0xe7 },
4268 .klen = 16,
4269 .input = { 0xb4, 0x1e, 0x6b, 0xe2, 0xeb, 0xa8, 0x4a, 0x14,
4270 0x8e, 0x2e, 0xed, 0x84, 0x59, 0x3c, 0x5e, 0xc7 },
4271 .ilen = 16,
4272 .result = { 0x9b, 0x9b, 0x7b, 0xfc, 0xd1, 0x81, 0x3c, 0xb9,
4273 0x5d, 0x0b, 0x36, 0x18, 0xf4, 0x0f, 0x51, 0x22 },
4274 .rlen = 16,
4275 }
4276};
4277
4278static struct cipher_testvec seed_dec_tv_template[] = {
4279 {
4280 .key = { [0 ... 15] = 0x00 },
4281 .klen = 16,
4282 .input = { 0x5e, 0xba, 0xc6, 0xe0, 0x05, 0x4e, 0x16, 0x68,
4283 0x19, 0xaf, 0xf1, 0xcc, 0x6d, 0x34, 0x6c, 0xdb },
4284 .ilen = 16,
4285 .result = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
4286 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f },
4287 .rlen = 16,
4288 }, {
4289 .key = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
4290 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f },
4291 .klen = 16,
4292 .input = { 0xc1, 0x1f, 0x22, 0xf2, 0x01, 0x40, 0x50, 0x50,
4293 0x84, 0x48, 0x35, 0x97, 0xe4, 0x37, 0x0f, 0x43 },
4294 .ilen = 16,
4295 .result = { [0 ... 15] = 0x00 },
4296 .rlen = 16,
4297 }, {
4298 .key = { 0x47, 0x06, 0x48, 0x08, 0x51, 0xe6, 0x1b, 0xe8,
4299 0x5d, 0x74, 0xbf, 0xb3, 0xfd, 0x95, 0x61, 0x85 },
4300 .klen = 16,
4301 .input = { 0xee, 0x54, 0xd1, 0x3e, 0xbc, 0xae, 0x70, 0x6d,
4302 0x22, 0x6b, 0xc3, 0x14, 0x2c, 0xd4, 0x0d, 0x4a },
4303 .ilen = 16,
4304 .result = { 0x83, 0xa2, 0xf8, 0xa2, 0x88, 0x64, 0x1f, 0xb9,
4305 0xa4, 0xe9, 0xa5, 0xcc, 0x2f, 0x13, 0x1c, 0x7d },
4306 .rlen = 16,
4307 }, {
4308 .key = { 0x28, 0xdb, 0xc3, 0xbc, 0x49, 0xff, 0xd8, 0x7d,
4309 0xcf, 0xa5, 0x09, 0xb1, 0x1d, 0x42, 0x2b, 0xe7 },
4310 .klen = 16,
4311 .input = { 0x9b, 0x9b, 0x7b, 0xfc, 0xd1, 0x81, 0x3c, 0xb9,
4312 0x5d, 0x0b, 0x36, 0x18, 0xf4, 0x0f, 0x51, 0x22 },
4313 .ilen = 16,
4314 .result = { 0xb4, 0x1e, 0x6b, 0xe2, 0xeb, 0xa8, 0x4a, 0x14,
4315 0x8e, 0x2e, 0xed, 0x84, 0x59, 0x3c, 0x5e, 0xc7 },
4316 .rlen = 16,
4317 }
4318};
4319
4320/*
3835 * Compression stuff. 4321 * Compression stuff.
3836 */ 4322 */
3837#define COMP_BUF_SIZE 512 4323#define COMP_BUF_SIZE 512
@@ -4193,6 +4679,27 @@ static struct cipher_speed aes_lrw_speed_template[] = {
4193 { .klen = 0, .blen = 0, } 4679 { .klen = 0, .blen = 0, }
4194}; 4680};
4195 4681
4682static struct cipher_speed aes_xts_speed_template[] = {
4683 { .klen = 32, .blen = 16, },
4684 { .klen = 32, .blen = 64, },
4685 { .klen = 32, .blen = 256, },
4686 { .klen = 32, .blen = 1024, },
4687 { .klen = 32, .blen = 8192, },
4688 { .klen = 48, .blen = 16, },
4689 { .klen = 48, .blen = 64, },
4690 { .klen = 48, .blen = 256, },
4691 { .klen = 48, .blen = 1024, },
4692 { .klen = 48, .blen = 8192, },
4693 { .klen = 64, .blen = 16, },
4694 { .klen = 64, .blen = 64, },
4695 { .klen = 64, .blen = 256, },
4696 { .klen = 64, .blen = 1024, },
4697 { .klen = 64, .blen = 8192, },
4698
4699 /* End marker */
4700 { .klen = 0, .blen = 0, }
4701};
4702
4196static struct cipher_speed des3_ede_speed_template[] = { 4703static struct cipher_speed des3_ede_speed_template[] = {
4197 { .klen = 24, .blen = 16, }, 4704 { .klen = 24, .blen = 16, },
4198 { .klen = 24, .blen = 64, }, 4705 { .klen = 24, .blen = 64, },
diff --git a/crypto/xts.c b/crypto/xts.c
new file mode 100644
index 000000000000..8eb08bfaf7c0
--- /dev/null
+++ b/crypto/xts.c
@@ -0,0 +1,292 @@
1/* XTS: as defined in IEEE1619/D16
2 * http://grouper.ieee.org/groups/1619/email/pdf00086.pdf
3 * (sector sizes which are not a multiple of 16 bytes are,
4 * however currently unsupported)
5 *
6 * Copyright (c) 2007 Rik Snel <rsnel@cube.dyndns.org>
7 *
8 * Based om ecb.c
9 * Copyright (c) 2006 Herbert Xu <herbert@gondor.apana.org.au>
10 *
11 * This program is free software; you can redistribute it and/or modify it
12 * under the terms of the GNU General Public License as published by the Free
13 * Software Foundation; either version 2 of the License, or (at your option)
14 * any later version.
15 */
16#include <crypto/algapi.h>
17#include <linux/err.h>
18#include <linux/init.h>
19#include <linux/kernel.h>
20#include <linux/module.h>
21#include <linux/scatterlist.h>
22#include <linux/slab.h>
23
24#include <crypto/b128ops.h>
25#include <crypto/gf128mul.h>
26
27struct priv {
28 struct crypto_cipher *child;
29 struct crypto_cipher *tweak;
30};
31
32static int setkey(struct crypto_tfm *parent, const u8 *key,
33 unsigned int keylen)
34{
35 struct priv *ctx = crypto_tfm_ctx(parent);
36 struct crypto_cipher *child = ctx->tweak;
37 u32 *flags = &parent->crt_flags;
38 int err;
39
40 /* key consists of keys of equal size concatenated, therefore
41 * the length must be even */
42 if (keylen % 2) {
43 /* tell the user why there was an error */
44 *flags |= CRYPTO_TFM_RES_BAD_KEY_LEN;
45 return -EINVAL;
46 }
47
48 /* we need two cipher instances: one to compute the inital 'tweak'
49 * by encrypting the IV (usually the 'plain' iv) and the other
50 * one to encrypt and decrypt the data */
51
52 /* tweak cipher, uses Key2 i.e. the second half of *key */
53 crypto_cipher_clear_flags(child, CRYPTO_TFM_REQ_MASK);
54 crypto_cipher_set_flags(child, crypto_tfm_get_flags(parent) &
55 CRYPTO_TFM_REQ_MASK);
56 err = crypto_cipher_setkey(child, key + keylen/2, keylen/2);
57 if (err)
58 return err;
59
60 crypto_tfm_set_flags(parent, crypto_cipher_get_flags(child) &
61 CRYPTO_TFM_RES_MASK);
62
63 child = ctx->child;
64
65 /* data cipher, uses Key1 i.e. the first half of *key */
66 crypto_cipher_clear_flags(child, CRYPTO_TFM_REQ_MASK);
67 crypto_cipher_set_flags(child, crypto_tfm_get_flags(parent) &
68 CRYPTO_TFM_REQ_MASK);
69 err = crypto_cipher_setkey(child, key, keylen/2);
70 if (err)
71 return err;
72
73 crypto_tfm_set_flags(parent, crypto_cipher_get_flags(child) &
74 CRYPTO_TFM_RES_MASK);
75
76 return 0;
77}
78
79struct sinfo {
80 be128 t;
81 struct crypto_tfm *tfm;
82 void (*fn)(struct crypto_tfm *, u8 *, const u8 *);
83};
84
85static inline void xts_round(struct sinfo *s, void *dst, const void *src)
86{
87 be128_xor(dst, &s->t, src); /* PP <- T xor P */
88 s->fn(s->tfm, dst, dst); /* CC <- E(Key1,PP) */
89 be128_xor(dst, dst, &s->t); /* C <- T xor CC */
90}
91
92static int crypt(struct blkcipher_desc *d,
93 struct blkcipher_walk *w, struct priv *ctx,
94 void (*tw)(struct crypto_tfm *, u8 *, const u8 *),
95 void (*fn)(struct crypto_tfm *, u8 *, const u8 *))
96{
97 int err;
98 unsigned int avail;
99 const int bs = crypto_cipher_blocksize(ctx->child);
100 struct sinfo s = {
101 .tfm = crypto_cipher_tfm(ctx->child),
102 .fn = fn
103 };
104 be128 *iv;
105 u8 *wsrc;
106 u8 *wdst;
107
108 err = blkcipher_walk_virt(d, w);
109 if (!w->nbytes)
110 return err;
111
112 avail = w->nbytes;
113
114 wsrc = w->src.virt.addr;
115 wdst = w->dst.virt.addr;
116
117 /* calculate first value of T */
118 iv = (be128 *)w->iv;
119 tw(crypto_cipher_tfm(ctx->tweak), (void *)&s.t, w->iv);
120
121 goto first;
122
123 for (;;) {
124 do {
125 gf128mul_x_ble(&s.t, &s.t);
126
127first:
128 xts_round(&s, wdst, wsrc);
129
130 wsrc += bs;
131 wdst += bs;
132 } while ((avail -= bs) >= bs);
133
134 err = blkcipher_walk_done(d, w, avail);
135 if (!w->nbytes)
136 break;
137
138 avail = w->nbytes;
139
140 wsrc = w->src.virt.addr;
141 wdst = w->dst.virt.addr;
142 }
143
144 return err;
145}
146
147static int encrypt(struct blkcipher_desc *desc, struct scatterlist *dst,
148 struct scatterlist *src, unsigned int nbytes)
149{
150 struct priv *ctx = crypto_blkcipher_ctx(desc->tfm);
151 struct blkcipher_walk w;
152
153 blkcipher_walk_init(&w, dst, src, nbytes);
154 return crypt(desc, &w, ctx, crypto_cipher_alg(ctx->tweak)->cia_encrypt,
155 crypto_cipher_alg(ctx->child)->cia_encrypt);
156}
157
158static int decrypt(struct blkcipher_desc *desc, struct scatterlist *dst,
159 struct scatterlist *src, unsigned int nbytes)
160{
161 struct priv *ctx = crypto_blkcipher_ctx(desc->tfm);
162 struct blkcipher_walk w;
163
164 blkcipher_walk_init(&w, dst, src, nbytes);
165 return crypt(desc, &w, ctx, crypto_cipher_alg(ctx->tweak)->cia_encrypt,
166 crypto_cipher_alg(ctx->child)->cia_decrypt);
167}
168
169static int init_tfm(struct crypto_tfm *tfm)
170{
171 struct crypto_cipher *cipher;
172 struct crypto_instance *inst = (void *)tfm->__crt_alg;
173 struct crypto_spawn *spawn = crypto_instance_ctx(inst);
174 struct priv *ctx = crypto_tfm_ctx(tfm);
175 u32 *flags = &tfm->crt_flags;
176
177 cipher = crypto_spawn_cipher(spawn);
178 if (IS_ERR(cipher))
179 return PTR_ERR(cipher);
180
181 if (crypto_cipher_blocksize(cipher) != 16) {
182 *flags |= CRYPTO_TFM_RES_BAD_BLOCK_LEN;
183 crypto_free_cipher(cipher);
184 return -EINVAL;
185 }
186
187 ctx->child = cipher;
188
189 cipher = crypto_spawn_cipher(spawn);
190 if (IS_ERR(cipher)) {
191 crypto_free_cipher(ctx->child);
192 return PTR_ERR(cipher);
193 }
194
195 /* this check isn't really needed, leave it here just in case */
196 if (crypto_cipher_blocksize(cipher) != 16) {
197 crypto_free_cipher(cipher);
198 crypto_free_cipher(ctx->child);
199 *flags |= CRYPTO_TFM_RES_BAD_BLOCK_LEN;
200 return -EINVAL;
201 }
202
203 ctx->tweak = cipher;
204
205 return 0;
206}
207
208static void exit_tfm(struct crypto_tfm *tfm)
209{
210 struct priv *ctx = crypto_tfm_ctx(tfm);
211 crypto_free_cipher(ctx->child);
212 crypto_free_cipher(ctx->tweak);
213}
214
215static struct crypto_instance *alloc(struct rtattr **tb)
216{
217 struct crypto_instance *inst;
218 struct crypto_alg *alg;
219 int err;
220
221 err = crypto_check_attr_type(tb, CRYPTO_ALG_TYPE_BLKCIPHER);
222 if (err)
223 return ERR_PTR(err);
224
225 alg = crypto_get_attr_alg(tb, CRYPTO_ALG_TYPE_CIPHER,
226 CRYPTO_ALG_TYPE_MASK);
227 if (IS_ERR(alg))
228 return ERR_PTR(PTR_ERR(alg));
229
230 inst = crypto_alloc_instance("xts", alg);
231 if (IS_ERR(inst))
232 goto out_put_alg;
233
234 inst->alg.cra_flags = CRYPTO_ALG_TYPE_BLKCIPHER;
235 inst->alg.cra_priority = alg->cra_priority;
236 inst->alg.cra_blocksize = alg->cra_blocksize;
237
238 if (alg->cra_alignmask < 7)
239 inst->alg.cra_alignmask = 7;
240 else
241 inst->alg.cra_alignmask = alg->cra_alignmask;
242
243 inst->alg.cra_type = &crypto_blkcipher_type;
244
245 inst->alg.cra_blkcipher.ivsize = alg->cra_blocksize;
246 inst->alg.cra_blkcipher.min_keysize =
247 2 * alg->cra_cipher.cia_min_keysize;
248 inst->alg.cra_blkcipher.max_keysize =
249 2 * alg->cra_cipher.cia_max_keysize;
250
251 inst->alg.cra_ctxsize = sizeof(struct priv);
252
253 inst->alg.cra_init = init_tfm;
254 inst->alg.cra_exit = exit_tfm;
255
256 inst->alg.cra_blkcipher.setkey = setkey;
257 inst->alg.cra_blkcipher.encrypt = encrypt;
258 inst->alg.cra_blkcipher.decrypt = decrypt;
259
260out_put_alg:
261 crypto_mod_put(alg);
262 return inst;
263}
264
265static void free(struct crypto_instance *inst)
266{
267 crypto_drop_spawn(crypto_instance_ctx(inst));
268 kfree(inst);
269}
270
271static struct crypto_template crypto_tmpl = {
272 .name = "xts",
273 .alloc = alloc,
274 .free = free,
275 .module = THIS_MODULE,
276};
277
278static int __init crypto_module_init(void)
279{
280 return crypto_register_template(&crypto_tmpl);
281}
282
283static void __exit crypto_module_exit(void)
284{
285 crypto_unregister_template(&crypto_tmpl);
286}
287
288module_init(crypto_module_init);
289module_exit(crypto_module_exit);
290
291MODULE_LICENSE("GPL");
292MODULE_DESCRIPTION("XTS block cipher mode");
generated by cgit v1.2.2 (git 2.25.0) at 2025-03-08 03:13:30 -0500