aboutsummaryrefslogtreecommitdiffstats
path: root/crypto
diff options
context:
space:
mode:
Diffstat (limited to 'crypto')
-rw-r--r--crypto/Kconfig292
-rw-r--r--crypto/Makefile34
-rw-r--r--crypto/aes.c451
-rw-r--r--crypto/anubis.c719
-rw-r--r--crypto/api.c233
-rw-r--r--crypto/arc4.c103
-rw-r--r--crypto/blowfish.c478
-rw-r--r--crypto/cast5.c848
-rw-r--r--crypto/cast6.c560
-rw-r--r--crypto/cipher.c341
-rw-r--r--crypto/compress.c63
-rw-r--r--crypto/crc32c.c110
-rw-r--r--crypto/crypto_null.c137
-rw-r--r--crypto/deflate.c223
-rw-r--r--crypto/des.c1299
-rw-r--r--crypto/digest.c107
-rw-r--r--crypto/hmac.c134
-rw-r--r--crypto/internal.h92
-rw-r--r--crypto/khazad.c915
-rw-r--r--crypto/md4.c250
-rw-r--r--crypto/md5.c244
-rw-r--r--crypto/michael_mic.c181
-rw-r--r--crypto/proc.c112
-rw-r--r--crypto/scatterwalk.c115
-rw-r--r--crypto/scatterwalk.h63
-rw-r--r--crypto/serpent.c593
-rw-r--r--crypto/sha1.c139
-rw-r--r--crypto/sha256.c349
-rw-r--r--crypto/sha512.c362
-rw-r--r--crypto/tcrypt.c910
-rw-r--r--crypto/tcrypt.h2746
-rw-r--r--crypto/tea.c248
-rw-r--r--crypto/tgr192.c735
-rw-r--r--crypto/twofish.c902
-rw-r--r--crypto/wp512.c1208
35 files changed, 16296 insertions, 0 deletions
diff --git a/crypto/Kconfig b/crypto/Kconfig
new file mode 100644
index 000000000000..536754faf4d2
--- /dev/null
+++ b/crypto/Kconfig
@@ -0,0 +1,292 @@
1#
2# Cryptographic API Configuration
3#
4
5menu "Cryptographic options"
6
7config CRYPTO
8 bool "Cryptographic API"
9 help
10 This option provides the core Cryptographic API.
11
12config CRYPTO_HMAC
13 bool "HMAC support"
14 depends on CRYPTO
15 help
16 HMAC: Keyed-Hashing for Message Authentication (RFC2104).
17 This is required for IPSec.
18
19config CRYPTO_NULL
20 tristate "Null algorithms"
21 depends on CRYPTO
22 help
23 These are 'Null' algorithms, used by IPsec, which do nothing.
24
25config CRYPTO_MD4
26 tristate "MD4 digest algorithm"
27 depends on CRYPTO
28 help
29 MD4 message digest algorithm (RFC1320).
30
31config CRYPTO_MD5
32 tristate "MD5 digest algorithm"
33 depends on CRYPTO
34 help
35 MD5 message digest algorithm (RFC1321).
36
37config CRYPTO_SHA1
38 tristate "SHA1 digest algorithm"
39 depends on CRYPTO
40 help
41 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2).
42
43config CRYPTO_SHA1_Z990
44 tristate "SHA1 digest algorithm for IBM zSeries z990"
45 depends on CRYPTO && ARCH_S390
46 help
47 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2).
48
49config CRYPTO_SHA256
50 tristate "SHA256 digest algorithm"
51 depends on CRYPTO
52 help
53 SHA256 secure hash standard (DFIPS 180-2).
54
55 This version of SHA implements a 256 bit hash with 128 bits of
56 security against collision attacks.
57
58config CRYPTO_SHA512
59 tristate "SHA384 and SHA512 digest algorithms"
60 depends on CRYPTO
61 help
62 SHA512 secure hash standard (DFIPS 180-2).
63
64 This version of SHA implements a 512 bit hash with 256 bits of
65 security against collision attacks.
66
67 This code also includes SHA-384, a 384 bit hash with 192 bits
68 of security against collision attacks.
69
70config CRYPTO_WP512
71 tristate "Whirlpool digest algorithms"
72 depends on CRYPTO
73 help
74 Whirlpool hash algorithm 512, 384 and 256-bit hashes
75
76 Whirlpool-512 is part of the NESSIE cryptographic primitives.
77 Whirlpool will be part of the ISO/IEC 10118-3:2003(E) standard
78
79 See also:
80 <http://planeta.terra.com.br/informatica/paulobarreto/WhirlpoolPage.html>
81
82config CRYPTO_TGR192
83 tristate "Tiger digest algorithms"
84 depends on CRYPTO
85 help
86 Tiger hash algorithm 192, 160 and 128-bit hashes
87
88 Tiger is a hash function optimized for 64-bit processors while
89 still having decent performance on 32-bit processors.
90 Tiger was developed by Ross Anderson and Eli Biham.
91
92 See also:
93 <http://www.cs.technion.ac.il/~biham/Reports/Tiger/>.
94
95config CRYPTO_DES
96 tristate "DES and Triple DES EDE cipher algorithms"
97 depends on CRYPTO
98 help
99 DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3).
100
101config CRYPTO_DES_Z990
102 tristate "DES and Triple DES cipher algorithms for IBM zSeries z990"
103 depends on CRYPTO && ARCH_S390
104 help
105 DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3).
106
107config CRYPTO_BLOWFISH
108 tristate "Blowfish cipher algorithm"
109 depends on CRYPTO
110 help
111 Blowfish cipher algorithm, by Bruce Schneier.
112
113 This is a variable key length cipher which can use keys from 32
114 bits to 448 bits in length. It's fast, simple and specifically
115 designed for use on "large microprocessors".
116
117 See also:
118 <http://www.schneier.com/blowfish.html>
119
120config CRYPTO_TWOFISH
121 tristate "Twofish cipher algorithm"
122 depends on CRYPTO
123 help
124 Twofish cipher algorithm.
125
126 Twofish was submitted as an AES (Advanced Encryption Standard)
127 candidate cipher by researchers at CounterPane Systems. It is a
128 16 round block cipher supporting key sizes of 128, 192, and 256
129 bits.
130
131 See also:
132 <http://www.schneier.com/twofish.html>
133
134config CRYPTO_SERPENT
135 tristate "Serpent cipher algorithm"
136 depends on CRYPTO
137 help
138 Serpent cipher algorithm, by Anderson, Biham & Knudsen.
139
140 Keys are allowed to be from 0 to 256 bits in length, in steps
141 of 8 bits. Also includes the 'Tnepres' algorithm, a reversed
142 variant of Serpent for compatibility with old kerneli code.
143
144 See also:
145 <http://www.cl.cam.ac.uk/~rja14/serpent.html>
146
147config CRYPTO_AES
148 tristate "AES cipher algorithms"
149 depends on CRYPTO && !(X86 && !X86_64)
150 help
151 AES cipher algorithms (FIPS-197). AES uses the Rijndael
152 algorithm.
153
154 Rijndael appears to be consistently a very good performer in
155 both hardware and software across a wide range of computing
156 environments regardless of its use in feedback or non-feedback
157 modes. Its key setup time is excellent, and its key agility is
158 good. Rijndael's very low memory requirements make it very well
159 suited for restricted-space environments, in which it also
160 demonstrates excellent performance. Rijndael's operations are
161 among the easiest to defend against power and timing attacks.
162
163 The AES specifies three key sizes: 128, 192 and 256 bits
164
165 See <http://csrc.nist.gov/CryptoToolkit/aes/> for more information.
166
167config CRYPTO_AES_586
168 tristate "AES cipher algorithms (i586)"
169 depends on CRYPTO && (X86 && !X86_64)
170 help
171 AES cipher algorithms (FIPS-197). AES uses the Rijndael
172 algorithm.
173
174 Rijndael appears to be consistently a very good performer in
175 both hardware and software across a wide range of computing
176 environments regardless of its use in feedback or non-feedback
177 modes. Its key setup time is excellent, and its key agility is
178 good. Rijndael's very low memory requirements make it very well
179 suited for restricted-space environments, in which it also
180 demonstrates excellent performance. Rijndael's operations are
181 among the easiest to defend against power and timing attacks.
182
183 The AES specifies three key sizes: 128, 192 and 256 bits
184
185 See <http://csrc.nist.gov/encryption/aes/> for more information.
186
187config CRYPTO_CAST5
188 tristate "CAST5 (CAST-128) cipher algorithm"
189 depends on CRYPTO
190 help
191 The CAST5 encryption algorithm (synonymous with CAST-128) is
192 described in RFC2144.
193
194config CRYPTO_CAST6
195 tristate "CAST6 (CAST-256) cipher algorithm"
196 depends on CRYPTO
197 help
198 The CAST6 encryption algorithm (synonymous with CAST-256) is
199 described in RFC2612.
200
201config CRYPTO_TEA
202 tristate "TEA and XTEA cipher algorithms"
203 depends on CRYPTO
204 help
205 TEA cipher algorithm.
206
207 Tiny Encryption Algorithm is a simple cipher that uses
208 many rounds for security. It is very fast and uses
209 little memory.
210
211 Xtendend Tiny Encryption Algorithm is a modification to
212 the TEA algorithm to address a potential key weakness
213 in the TEA algorithm.
214
215config CRYPTO_ARC4
216 tristate "ARC4 cipher algorithm"
217 depends on CRYPTO
218 help
219 ARC4 cipher algorithm.
220
221 ARC4 is a stream cipher using keys ranging from 8 bits to 2048
222 bits in length. This algorithm is required for driver-based
223 WEP, but it should not be for other purposes because of the
224 weakness of the algorithm.
225
226config CRYPTO_KHAZAD
227 tristate "Khazad cipher algorithm"
228 depends on CRYPTO
229 help
230 Khazad cipher algorithm.
231
232 Khazad was a finalist in the initial NESSIE competition. It is
233 an algorithm optimized for 64-bit processors with good performance
234 on 32-bit processors. Khazad uses an 128 bit key size.
235
236 See also:
237 <http://planeta.terra.com.br/informatica/paulobarreto/KhazadPage.html>
238
239config CRYPTO_ANUBIS
240 tristate "Anubis cipher algorithm"
241 depends on CRYPTO
242 help
243 Anubis cipher algorithm.
244
245 Anubis is a variable key length cipher which can use keys from
246 128 bits to 320 bits in length. It was evaluated as a entrant
247 in the NESSIE competition.
248
249 See also:
250 <https://www.cosic.esat.kuleuven.ac.be/nessie/reports/>
251 <http://planeta.terra.com.br/informatica/paulobarreto/AnubisPage.html>
252
253
254config CRYPTO_DEFLATE
255 tristate "Deflate compression algorithm"
256 depends on CRYPTO
257 select ZLIB_INFLATE
258 select ZLIB_DEFLATE
259 help
260 This is the Deflate algorithm (RFC1951), specified for use in
261 IPSec with the IPCOMP protocol (RFC3173, RFC2394).
262
263 You will most probably want this if using IPSec.
264
265config CRYPTO_MICHAEL_MIC
266 tristate "Michael MIC keyed digest algorithm"
267 depends on CRYPTO
268 help
269 Michael MIC is used for message integrity protection in TKIP
270 (IEEE 802.11i). This algorithm is required for TKIP, but it
271 should not be used for other purposes because of the weakness
272 of the algorithm.
273
274config CRYPTO_CRC32C
275 tristate "CRC32c CRC algorithm"
276 depends on CRYPTO
277 select LIBCRC32C
278 help
279 Castagnoli, et al Cyclic Redundancy-Check Algorithm. Used
280 by iSCSI for header and data digests and by others.
281 See Castagnoli93. This implementation uses lib/libcrc32c.
282 Module will be crc32c.
283
284config CRYPTO_TEST
285 tristate "Testing module"
286 depends on CRYPTO
287 help
288 Quick & dirty crypto test module.
289
290source "drivers/crypto/Kconfig"
291endmenu
292
diff --git a/crypto/Makefile b/crypto/Makefile
new file mode 100644
index 000000000000..d287b9e60c47
--- /dev/null
+++ b/crypto/Makefile
@@ -0,0 +1,34 @@
1#
2# Cryptographic API
3#
4
5proc-crypto-$(CONFIG_PROC_FS) = proc.o
6
7obj-$(CONFIG_CRYPTO) += api.o scatterwalk.o cipher.o digest.o compress.o \
8 $(proc-crypto-y)
9
10obj-$(CONFIG_CRYPTO_HMAC) += hmac.o
11obj-$(CONFIG_CRYPTO_NULL) += crypto_null.o
12obj-$(CONFIG_CRYPTO_MD4) += md4.o
13obj-$(CONFIG_CRYPTO_MD5) += md5.o
14obj-$(CONFIG_CRYPTO_SHA1) += sha1.o
15obj-$(CONFIG_CRYPTO_SHA256) += sha256.o
16obj-$(CONFIG_CRYPTO_SHA512) += sha512.o
17obj-$(CONFIG_CRYPTO_WP512) += wp512.o
18obj-$(CONFIG_CRYPTO_TGR192) += tgr192.o
19obj-$(CONFIG_CRYPTO_DES) += des.o
20obj-$(CONFIG_CRYPTO_BLOWFISH) += blowfish.o
21obj-$(CONFIG_CRYPTO_TWOFISH) += twofish.o
22obj-$(CONFIG_CRYPTO_SERPENT) += serpent.o
23obj-$(CONFIG_CRYPTO_AES) += aes.o
24obj-$(CONFIG_CRYPTO_CAST5) += cast5.o
25obj-$(CONFIG_CRYPTO_CAST6) += cast6.o
26obj-$(CONFIG_CRYPTO_ARC4) += arc4.o
27obj-$(CONFIG_CRYPTO_TEA) += tea.o
28obj-$(CONFIG_CRYPTO_KHAZAD) += khazad.o
29obj-$(CONFIG_CRYPTO_ANUBIS) += anubis.o
30obj-$(CONFIG_CRYPTO_DEFLATE) += deflate.o
31obj-$(CONFIG_CRYPTO_MICHAEL_MIC) += michael_mic.o
32obj-$(CONFIG_CRYPTO_CRC32C) += crc32c.o
33
34obj-$(CONFIG_CRYPTO_TEST) += tcrypt.o
diff --git a/crypto/aes.c b/crypto/aes.c
new file mode 100644
index 000000000000..d0dd7c3c5278
--- /dev/null
+++ b/crypto/aes.c
@@ -0,0 +1,451 @@
1/*
2 * Cryptographic API.
3 *
4 * AES Cipher Algorithm.
5 *
6 * Based on Brian Gladman's code.
7 *
8 * Linux developers:
9 * Alexander Kjeldaas <astor@fast.no>
10 * Herbert Valerio Riedel <hvr@hvrlab.org>
11 * Kyle McMartin <kyle@debian.org>
12 * Adam J. Richter <adam@yggdrasil.com> (conversion to 2.5 API).
13 *
14 * This program is free software; you can redistribute it and/or modify
15 * it under the terms of the GNU General Public License as published by
16 * the Free Software Foundation; either version 2 of the License, or
17 * (at your option) any later version.
18 *
19 * ---------------------------------------------------------------------------
20 * Copyright (c) 2002, Dr Brian Gladman <brg@gladman.me.uk>, Worcester, UK.
21 * All rights reserved.
22 *
23 * LICENSE TERMS
24 *
25 * The free distribution and use of this software in both source and binary
26 * form is allowed (with or without changes) provided that:
27 *
28 * 1. distributions of this source code include the above copyright
29 * notice, this list of conditions and the following disclaimer;
30 *
31 * 2. distributions in binary form include the above copyright
32 * notice, this list of conditions and the following disclaimer
33 * in the documentation and/or other associated materials;
34 *
35 * 3. the copyright holder's name is not used to endorse products
36 * built using this software without specific written permission.
37 *
38 * ALTERNATIVELY, provided that this notice is retained in full, this product
39 * may be distributed under the terms of the GNU General Public License (GPL),
40 * in which case the provisions of the GPL apply INSTEAD OF those given above.
41 *
42 * DISCLAIMER
43 *
44 * This software is provided 'as is' with no explicit or implied warranties
45 * in respect of its properties, including, but not limited to, correctness
46 * and/or fitness for purpose.
47 * ---------------------------------------------------------------------------
48 */
49
50/* Some changes from the Gladman version:
51 s/RIJNDAEL(e_key)/E_KEY/g
52 s/RIJNDAEL(d_key)/D_KEY/g
53*/
54
55#include <linux/module.h>
56#include <linux/init.h>
57#include <linux/types.h>
58#include <linux/errno.h>
59#include <linux/crypto.h>
60#include <asm/byteorder.h>
61
62#define AES_MIN_KEY_SIZE 16
63#define AES_MAX_KEY_SIZE 32
64
65#define AES_BLOCK_SIZE 16
66
67/*
68 * #define byte(x, nr) ((unsigned char)((x) >> (nr*8)))
69 */
70inline static u8
71byte(const u32 x, const unsigned n)
72{
73 return x >> (n << 3);
74}
75
76#define u32_in(x) le32_to_cpu(*(const u32 *)(x))
77#define u32_out(to, from) (*(u32 *)(to) = cpu_to_le32(from))
78
79struct aes_ctx {
80 int key_length;
81 u32 E[60];
82 u32 D[60];
83};
84
85#define E_KEY ctx->E
86#define D_KEY ctx->D
87
88static u8 pow_tab[256] __initdata;
89static u8 log_tab[256] __initdata;
90static u8 sbx_tab[256] __initdata;
91static u8 isb_tab[256] __initdata;
92static u32 rco_tab[10];
93static u32 ft_tab[4][256];
94static u32 it_tab[4][256];
95
96static u32 fl_tab[4][256];
97static u32 il_tab[4][256];
98
99static inline u8 __init
100f_mult (u8 a, u8 b)
101{
102 u8 aa = log_tab[a], cc = aa + log_tab[b];
103
104 return pow_tab[cc + (cc < aa ? 1 : 0)];
105}
106
107#define ff_mult(a,b) (a && b ? f_mult(a, b) : 0)
108
109#define f_rn(bo, bi, n, k) \
110 bo[n] = ft_tab[0][byte(bi[n],0)] ^ \
111 ft_tab[1][byte(bi[(n + 1) & 3],1)] ^ \
112 ft_tab[2][byte(bi[(n + 2) & 3],2)] ^ \
113 ft_tab[3][byte(bi[(n + 3) & 3],3)] ^ *(k + n)
114
115#define i_rn(bo, bi, n, k) \
116 bo[n] = it_tab[0][byte(bi[n],0)] ^ \
117 it_tab[1][byte(bi[(n + 3) & 3],1)] ^ \
118 it_tab[2][byte(bi[(n + 2) & 3],2)] ^ \
119 it_tab[3][byte(bi[(n + 1) & 3],3)] ^ *(k + n)
120
121#define ls_box(x) \
122 ( fl_tab[0][byte(x, 0)] ^ \
123 fl_tab[1][byte(x, 1)] ^ \
124 fl_tab[2][byte(x, 2)] ^ \
125 fl_tab[3][byte(x, 3)] )
126
127#define f_rl(bo, bi, n, k) \
128 bo[n] = fl_tab[0][byte(bi[n],0)] ^ \
129 fl_tab[1][byte(bi[(n + 1) & 3],1)] ^ \
130 fl_tab[2][byte(bi[(n + 2) & 3],2)] ^ \
131 fl_tab[3][byte(bi[(n + 3) & 3],3)] ^ *(k + n)
132
133#define i_rl(bo, bi, n, k) \
134 bo[n] = il_tab[0][byte(bi[n],0)] ^ \
135 il_tab[1][byte(bi[(n + 3) & 3],1)] ^ \
136 il_tab[2][byte(bi[(n + 2) & 3],2)] ^ \
137 il_tab[3][byte(bi[(n + 1) & 3],3)] ^ *(k + n)
138
139static void __init
140gen_tabs (void)
141{
142 u32 i, t;
143 u8 p, q;
144
145 /* log and power tables for GF(2**8) finite field with
146 0x011b as modular polynomial - the simplest primitive
147 root is 0x03, used here to generate the tables */
148
149 for (i = 0, p = 1; i < 256; ++i) {
150 pow_tab[i] = (u8) p;
151 log_tab[p] = (u8) i;
152
153 p ^= (p << 1) ^ (p & 0x80 ? 0x01b : 0);
154 }
155
156 log_tab[1] = 0;
157
158 for (i = 0, p = 1; i < 10; ++i) {
159 rco_tab[i] = p;
160
161 p = (p << 1) ^ (p & 0x80 ? 0x01b : 0);
162 }
163
164 for (i = 0; i < 256; ++i) {
165 p = (i ? pow_tab[255 - log_tab[i]] : 0);
166 q = ((p >> 7) | (p << 1)) ^ ((p >> 6) | (p << 2));
167 p ^= 0x63 ^ q ^ ((q >> 6) | (q << 2));
168 sbx_tab[i] = p;
169 isb_tab[p] = (u8) i;
170 }
171
172 for (i = 0; i < 256; ++i) {
173 p = sbx_tab[i];
174
175 t = p;
176 fl_tab[0][i] = t;
177 fl_tab[1][i] = rol32(t, 8);
178 fl_tab[2][i] = rol32(t, 16);
179 fl_tab[3][i] = rol32(t, 24);
180
181 t = ((u32) ff_mult (2, p)) |
182 ((u32) p << 8) |
183 ((u32) p << 16) | ((u32) ff_mult (3, p) << 24);
184
185 ft_tab[0][i] = t;
186 ft_tab[1][i] = rol32(t, 8);
187 ft_tab[2][i] = rol32(t, 16);
188 ft_tab[3][i] = rol32(t, 24);
189
190 p = isb_tab[i];
191
192 t = p;
193 il_tab[0][i] = t;
194 il_tab[1][i] = rol32(t, 8);
195 il_tab[2][i] = rol32(t, 16);
196 il_tab[3][i] = rol32(t, 24);
197
198 t = ((u32) ff_mult (14, p)) |
199 ((u32) ff_mult (9, p) << 8) |
200 ((u32) ff_mult (13, p) << 16) |
201 ((u32) ff_mult (11, p) << 24);
202
203 it_tab[0][i] = t;
204 it_tab[1][i] = rol32(t, 8);
205 it_tab[2][i] = rol32(t, 16);
206 it_tab[3][i] = rol32(t, 24);
207 }
208}
209
210#define star_x(x) (((x) & 0x7f7f7f7f) << 1) ^ ((((x) & 0x80808080) >> 7) * 0x1b)
211
212#define imix_col(y,x) \
213 u = star_x(x); \
214 v = star_x(u); \
215 w = star_x(v); \
216 t = w ^ (x); \
217 (y) = u ^ v ^ w; \
218 (y) ^= ror32(u ^ t, 8) ^ \
219 ror32(v ^ t, 16) ^ \
220 ror32(t,24)
221
222/* initialise the key schedule from the user supplied key */
223
224#define loop4(i) \
225{ t = ror32(t, 8); t = ls_box(t) ^ rco_tab[i]; \
226 t ^= E_KEY[4 * i]; E_KEY[4 * i + 4] = t; \
227 t ^= E_KEY[4 * i + 1]; E_KEY[4 * i + 5] = t; \
228 t ^= E_KEY[4 * i + 2]; E_KEY[4 * i + 6] = t; \
229 t ^= E_KEY[4 * i + 3]; E_KEY[4 * i + 7] = t; \
230}
231
232#define loop6(i) \
233{ t = ror32(t, 8); t = ls_box(t) ^ rco_tab[i]; \
234 t ^= E_KEY[6 * i]; E_KEY[6 * i + 6] = t; \
235 t ^= E_KEY[6 * i + 1]; E_KEY[6 * i + 7] = t; \
236 t ^= E_KEY[6 * i + 2]; E_KEY[6 * i + 8] = t; \
237 t ^= E_KEY[6 * i + 3]; E_KEY[6 * i + 9] = t; \
238 t ^= E_KEY[6 * i + 4]; E_KEY[6 * i + 10] = t; \
239 t ^= E_KEY[6 * i + 5]; E_KEY[6 * i + 11] = t; \
240}
241
242#define loop8(i) \
243{ t = ror32(t, 8); ; t = ls_box(t) ^ rco_tab[i]; \
244 t ^= E_KEY[8 * i]; E_KEY[8 * i + 8] = t; \
245 t ^= E_KEY[8 * i + 1]; E_KEY[8 * i + 9] = t; \
246 t ^= E_KEY[8 * i + 2]; E_KEY[8 * i + 10] = t; \
247 t ^= E_KEY[8 * i + 3]; E_KEY[8 * i + 11] = t; \
248 t = E_KEY[8 * i + 4] ^ ls_box(t); \
249 E_KEY[8 * i + 12] = t; \
250 t ^= E_KEY[8 * i + 5]; E_KEY[8 * i + 13] = t; \
251 t ^= E_KEY[8 * i + 6]; E_KEY[8 * i + 14] = t; \
252 t ^= E_KEY[8 * i + 7]; E_KEY[8 * i + 15] = t; \
253}
254
255static int
256aes_set_key(void *ctx_arg, const u8 *in_key, unsigned int key_len, u32 *flags)
257{
258 struct aes_ctx *ctx = ctx_arg;
259 u32 i, t, u, v, w;
260
261 if (key_len != 16 && key_len != 24 && key_len != 32) {
262 *flags |= CRYPTO_TFM_RES_BAD_KEY_LEN;
263 return -EINVAL;
264 }
265
266 ctx->key_length = key_len;
267
268 E_KEY[0] = u32_in (in_key);
269 E_KEY[1] = u32_in (in_key + 4);
270 E_KEY[2] = u32_in (in_key + 8);
271 E_KEY[3] = u32_in (in_key + 12);
272
273 switch (key_len) {
274 case 16:
275 t = E_KEY[3];
276 for (i = 0; i < 10; ++i)
277 loop4 (i);
278 break;
279
280 case 24:
281 E_KEY[4] = u32_in (in_key + 16);
282 t = E_KEY[5] = u32_in (in_key + 20);
283 for (i = 0; i < 8; ++i)
284 loop6 (i);
285 break;
286
287 case 32:
288 E_KEY[4] = u32_in (in_key + 16);
289 E_KEY[5] = u32_in (in_key + 20);
290 E_KEY[6] = u32_in (in_key + 24);
291 t = E_KEY[7] = u32_in (in_key + 28);
292 for (i = 0; i < 7; ++i)
293 loop8 (i);
294 break;
295 }
296
297 D_KEY[0] = E_KEY[0];
298 D_KEY[1] = E_KEY[1];
299 D_KEY[2] = E_KEY[2];
300 D_KEY[3] = E_KEY[3];
301
302 for (i = 4; i < key_len + 24; ++i) {
303 imix_col (D_KEY[i], E_KEY[i]);
304 }
305
306 return 0;
307}
308
309/* encrypt a block of text */
310
311#define f_nround(bo, bi, k) \
312 f_rn(bo, bi, 0, k); \
313 f_rn(bo, bi, 1, k); \
314 f_rn(bo, bi, 2, k); \
315 f_rn(bo, bi, 3, k); \
316 k += 4
317
318#define f_lround(bo, bi, k) \
319 f_rl(bo, bi, 0, k); \
320 f_rl(bo, bi, 1, k); \
321 f_rl(bo, bi, 2, k); \
322 f_rl(bo, bi, 3, k)
323
324static void aes_encrypt(void *ctx_arg, u8 *out, const u8 *in)
325{
326 const struct aes_ctx *ctx = ctx_arg;
327 u32 b0[4], b1[4];
328 const u32 *kp = E_KEY + 4;
329
330 b0[0] = u32_in (in) ^ E_KEY[0];
331 b0[1] = u32_in (in + 4) ^ E_KEY[1];
332 b0[2] = u32_in (in + 8) ^ E_KEY[2];
333 b0[3] = u32_in (in + 12) ^ E_KEY[3];
334
335 if (ctx->key_length > 24) {
336 f_nround (b1, b0, kp);
337 f_nround (b0, b1, kp);
338 }
339
340 if (ctx->key_length > 16) {
341 f_nround (b1, b0, kp);
342 f_nround (b0, b1, kp);
343 }
344
345 f_nround (b1, b0, kp);
346 f_nround (b0, b1, kp);
347 f_nround (b1, b0, kp);
348 f_nround (b0, b1, kp);
349 f_nround (b1, b0, kp);
350 f_nround (b0, b1, kp);
351 f_nround (b1, b0, kp);
352 f_nround (b0, b1, kp);
353 f_nround (b1, b0, kp);
354 f_lround (b0, b1, kp);
355
356 u32_out (out, b0[0]);
357 u32_out (out + 4, b0[1]);
358 u32_out (out + 8, b0[2]);
359 u32_out (out + 12, b0[3]);
360}
361
362/* decrypt a block of text */
363
364#define i_nround(bo, bi, k) \
365 i_rn(bo, bi, 0, k); \
366 i_rn(bo, bi, 1, k); \
367 i_rn(bo, bi, 2, k); \
368 i_rn(bo, bi, 3, k); \
369 k -= 4
370
371#define i_lround(bo, bi, k) \
372 i_rl(bo, bi, 0, k); \
373 i_rl(bo, bi, 1, k); \
374 i_rl(bo, bi, 2, k); \
375 i_rl(bo, bi, 3, k)
376
377static void aes_decrypt(void *ctx_arg, u8 *out, const u8 *in)
378{
379 const struct aes_ctx *ctx = ctx_arg;
380 u32 b0[4], b1[4];
381 const int key_len = ctx->key_length;
382 const u32 *kp = D_KEY + key_len + 20;
383
384 b0[0] = u32_in (in) ^ E_KEY[key_len + 24];
385 b0[1] = u32_in (in + 4) ^ E_KEY[key_len + 25];
386 b0[2] = u32_in (in + 8) ^ E_KEY[key_len + 26];
387 b0[3] = u32_in (in + 12) ^ E_KEY[key_len + 27];
388
389 if (key_len > 24) {
390 i_nround (b1, b0, kp);
391 i_nround (b0, b1, kp);
392 }
393
394 if (key_len > 16) {
395 i_nround (b1, b0, kp);
396 i_nround (b0, b1, kp);
397 }
398
399 i_nround (b1, b0, kp);
400 i_nround (b0, b1, kp);
401 i_nround (b1, b0, kp);
402 i_nround (b0, b1, kp);
403 i_nround (b1, b0, kp);
404 i_nround (b0, b1, kp);
405 i_nround (b1, b0, kp);
406 i_nround (b0, b1, kp);
407 i_nround (b1, b0, kp);
408 i_lround (b0, b1, kp);
409
410 u32_out (out, b0[0]);
411 u32_out (out + 4, b0[1]);
412 u32_out (out + 8, b0[2]);
413 u32_out (out + 12, b0[3]);
414}
415
416
417static struct crypto_alg aes_alg = {
418 .cra_name = "aes",
419 .cra_flags = CRYPTO_ALG_TYPE_CIPHER,
420 .cra_blocksize = AES_BLOCK_SIZE,
421 .cra_ctxsize = sizeof(struct aes_ctx),
422 .cra_module = THIS_MODULE,
423 .cra_list = LIST_HEAD_INIT(aes_alg.cra_list),
424 .cra_u = {
425 .cipher = {
426 .cia_min_keysize = AES_MIN_KEY_SIZE,
427 .cia_max_keysize = AES_MAX_KEY_SIZE,
428 .cia_setkey = aes_set_key,
429 .cia_encrypt = aes_encrypt,
430 .cia_decrypt = aes_decrypt
431 }
432 }
433};
434
435static int __init aes_init(void)
436{
437 gen_tabs();
438 return crypto_register_alg(&aes_alg);
439}
440
441static void __exit aes_fini(void)
442{
443 crypto_unregister_alg(&aes_alg);
444}
445
446module_init(aes_init);
447module_exit(aes_fini);
448
449MODULE_DESCRIPTION("Rijndael (AES) Cipher Algorithm");
450MODULE_LICENSE("Dual BSD/GPL");
451
diff --git a/crypto/anubis.c b/crypto/anubis.c
new file mode 100644
index 000000000000..3925eb0133cb
--- /dev/null
+++ b/crypto/anubis.c
@@ -0,0 +1,719 @@
1/*
2 * Cryptographic API.
3 *
4 * Anubis Algorithm
5 *
6 * The Anubis algorithm was developed by Paulo S. L. M. Barreto and
7 * Vincent Rijmen.
8 *
9 * See
10 *
11 * P.S.L.M. Barreto, V. Rijmen,
12 * ``The Anubis block cipher,''
13 * NESSIE submission, 2000.
14 *
15 * This software implements the "tweaked" version of Anubis.
16 * Only the S-box and (consequently) the rounds constants have been
17 * changed.
18 *
19 * The original authors have disclaimed all copyright interest in this
20 * code and thus put it in the public domain. The subsequent authors
21 * have put this under the GNU General Public License.
22 *
23 * By Aaron Grothe ajgrothe@yahoo.com, October 28, 2004
24 *
25 * This program is free software; you can redistribute it and/or modify
26 * it under the terms of the GNU General Public License as published by
27 * the Free Software Foundation; either version 2 of the License, or
28 * (at your option) any later version.
29 *
30 */
31
32#include <linux/init.h>
33#include <linux/module.h>
34#include <linux/mm.h>
35#include <asm/scatterlist.h>
36#include <linux/crypto.h>
37
38#define ANUBIS_MIN_KEY_SIZE 16
39#define ANUBIS_MAX_KEY_SIZE 40
40#define ANUBIS_BLOCK_SIZE 16
41#define ANUBIS_MAX_N 10
42#define ANUBIS_MAX_ROUNDS (8 + ANUBIS_MAX_N)
43
44struct anubis_ctx {
45 int key_len; // in bits
46 int R;
47 u32 E[ANUBIS_MAX_ROUNDS + 1][4];
48 u32 D[ANUBIS_MAX_ROUNDS + 1][4];
49};
50
51static const u32 T0[256] = {
52 0xba69d2bbU, 0x54a84de5U, 0x2f5ebce2U, 0x74e8cd25U,
53 0x53a651f7U, 0xd3bb6bd0U, 0xd2b96fd6U, 0x4d9a29b3U,
54 0x50a05dfdU, 0xac458acfU, 0x8d070e09U, 0xbf63c6a5U,
55 0x70e0dd3dU, 0x52a455f1U, 0x9a29527bU, 0x4c982db5U,
56 0xeac98f46U, 0xd5b773c4U, 0x97336655U, 0xd1bf63dcU,
57 0x3366ccaaU, 0x51a259fbU, 0x5bb671c7U, 0xa651a2f3U,
58 0xdea15ffeU, 0x48903dadU, 0xa84d9ad7U, 0x992f5e71U,
59 0xdbab4be0U, 0x3264c8acU, 0xb773e695U, 0xfce5d732U,
60 0xe3dbab70U, 0x9e214263U, 0x913f7e41U, 0x9b2b567dU,
61 0xe2d9af76U, 0xbb6bd6bdU, 0x4182199bU, 0x6edca579U,
62 0xa557aef9U, 0xcb8b0b80U, 0x6bd6b167U, 0x95376e59U,
63 0xa15fbee1U, 0xf3fbeb10U, 0xb17ffe81U, 0x0204080cU,
64 0xcc851792U, 0xc49537a2U, 0x1d3a744eU, 0x14285078U,
65 0xc39b2bb0U, 0x63c69157U, 0xdaa94fe6U, 0x5dba69d3U,
66 0x5fbe61dfU, 0xdca557f2U, 0x7dfae913U, 0xcd871394U,
67 0x7ffee11fU, 0x5ab475c1U, 0x6cd8ad75U, 0x5cb86dd5U,
68 0xf7f3fb08U, 0x264c98d4U, 0xffe3db38U, 0xedc79354U,
69 0xe8cd874aU, 0x9d274e69U, 0x6fdea17fU, 0x8e010203U,
70 0x19326456U, 0xa05dbae7U, 0xf0fde71aU, 0x890f1e11U,
71 0x0f1e3c22U, 0x070e1c12U, 0xaf4386c5U, 0xfbebcb20U,
72 0x08102030U, 0x152a547eU, 0x0d1a342eU, 0x04081018U,
73 0x01020406U, 0x64c88d45U, 0xdfa35bf8U, 0x76ecc529U,
74 0x79f2f90bU, 0xdda753f4U, 0x3d7af48eU, 0x162c5874U,
75 0x3f7efc82U, 0x376edcb2U, 0x6ddaa973U, 0x3870e090U,
76 0xb96fdeb1U, 0x73e6d137U, 0xe9cf834cU, 0x356ad4beU,
77 0x55aa49e3U, 0x71e2d93bU, 0x7bf6f107U, 0x8c050a0fU,
78 0x72e4d531U, 0x880d1a17U, 0xf6f1ff0eU, 0x2a54a8fcU,
79 0x3e7cf884U, 0x5ebc65d9U, 0x274e9cd2U, 0x468c0589U,
80 0x0c183028U, 0x65ca8943U, 0x68d0bd6dU, 0x61c2995bU,
81 0x03060c0aU, 0xc19f23bcU, 0x57ae41efU, 0xd6b17fceU,
82 0xd9af43ecU, 0x58b07dcdU, 0xd8ad47eaU, 0x66cc8549U,
83 0xd7b37bc8U, 0x3a74e89cU, 0xc88d078aU, 0x3c78f088U,
84 0xfae9cf26U, 0x96316253U, 0xa753a6f5U, 0x982d5a77U,
85 0xecc59752U, 0xb86ddab7U, 0xc7933ba8U, 0xae4182c3U,
86 0x69d2b96bU, 0x4b9631a7U, 0xab4b96ddU, 0xa94f9ed1U,
87 0x67ce814fU, 0x0a14283cU, 0x478e018fU, 0xf2f9ef16U,
88 0xb577ee99U, 0x224488ccU, 0xe5d7b364U, 0xeec19f5eU,
89 0xbe61c2a3U, 0x2b56acfaU, 0x811f3e21U, 0x1224486cU,
90 0x831b362dU, 0x1b366c5aU, 0x0e1c3824U, 0x23468ccaU,
91 0xf5f7f304U, 0x458a0983U, 0x214284c6U, 0xce811f9eU,
92 0x499239abU, 0x2c58b0e8U, 0xf9efc32cU, 0xe6d1bf6eU,
93 0xb671e293U, 0x2850a0f0U, 0x172e5c72U, 0x8219322bU,
94 0x1a34685cU, 0x8b0b161dU, 0xfee1df3eU, 0x8a09121bU,
95 0x09122436U, 0xc98f038cU, 0x87132635U, 0x4e9c25b9U,
96 0xe1dfa37cU, 0x2e5cb8e4U, 0xe4d5b762U, 0xe0dda77aU,
97 0xebcb8b40U, 0x903d7a47U, 0xa455aaffU, 0x1e3c7844U,
98 0x85172e39U, 0x60c09d5dU, 0x00000000U, 0x254a94deU,
99 0xf4f5f702U, 0xf1ffe31cU, 0x94356a5fU, 0x0b162c3aU,
100 0xe7d3bb68U, 0x75eac923U, 0xefc39b58U, 0x3468d0b8U,
101 0x3162c4a6U, 0xd4b577c2U, 0xd0bd67daU, 0x86112233U,
102 0x7efce519U, 0xad478ec9U, 0xfde7d334U, 0x2952a4f6U,
103 0x3060c0a0U, 0x3b76ec9aU, 0x9f234665U, 0xf8edc72aU,
104 0xc6913faeU, 0x13264c6aU, 0x060c1814U, 0x050a141eU,
105 0xc59733a4U, 0x11224466U, 0x77eec12fU, 0x7cf8ed15U,
106 0x7af4f501U, 0x78f0fd0dU, 0x366cd8b4U, 0x1c387048U,
107 0x3972e496U, 0x59b279cbU, 0x18306050U, 0x56ac45e9U,
108 0xb37bf68dU, 0xb07dfa87U, 0x244890d8U, 0x204080c0U,
109 0xb279f28bU, 0x9239724bU, 0xa35bb6edU, 0xc09d27baU,
110 0x44880d85U, 0x62c49551U, 0x10204060U, 0xb475ea9fU,
111 0x84152a3fU, 0x43861197U, 0x933b764dU, 0xc2992fb6U,
112 0x4a9435a1U, 0xbd67cea9U, 0x8f030605U, 0x2d5ab4eeU,
113 0xbc65caafU, 0x9c254a6fU, 0x6ad4b561U, 0x40801d9dU,
114 0xcf831b98U, 0xa259b2ebU, 0x801d3a27U, 0x4f9e21bfU,
115 0x1f3e7c42U, 0xca890f86U, 0xaa4992dbU, 0x42841591U,
116};
117
118static const u32 T1[256] = {
119 0x69babbd2U, 0xa854e54dU, 0x5e2fe2bcU, 0xe87425cdU,
120 0xa653f751U, 0xbbd3d06bU, 0xb9d2d66fU, 0x9a4db329U,
121 0xa050fd5dU, 0x45accf8aU, 0x078d090eU, 0x63bfa5c6U,
122 0xe0703dddU, 0xa452f155U, 0x299a7b52U, 0x984cb52dU,
123 0xc9ea468fU, 0xb7d5c473U, 0x33975566U, 0xbfd1dc63U,
124 0x6633aaccU, 0xa251fb59U, 0xb65bc771U, 0x51a6f3a2U,
125 0xa1defe5fU, 0x9048ad3dU, 0x4da8d79aU, 0x2f99715eU,
126 0xabdbe04bU, 0x6432acc8U, 0x73b795e6U, 0xe5fc32d7U,
127 0xdbe370abU, 0x219e6342U, 0x3f91417eU, 0x2b9b7d56U,
128 0xd9e276afU, 0x6bbbbdd6U, 0x82419b19U, 0xdc6e79a5U,
129 0x57a5f9aeU, 0x8bcb800bU, 0xd66b67b1U, 0x3795596eU,
130 0x5fa1e1beU, 0xfbf310ebU, 0x7fb181feU, 0x04020c08U,
131 0x85cc9217U, 0x95c4a237U, 0x3a1d4e74U, 0x28147850U,
132 0x9bc3b02bU, 0xc6635791U, 0xa9dae64fU, 0xba5dd369U,
133 0xbe5fdf61U, 0xa5dcf257U, 0xfa7d13e9U, 0x87cd9413U,
134 0xfe7f1fe1U, 0xb45ac175U, 0xd86c75adU, 0xb85cd56dU,
135 0xf3f708fbU, 0x4c26d498U, 0xe3ff38dbU, 0xc7ed5493U,
136 0xcde84a87U, 0x279d694eU, 0xde6f7fa1U, 0x018e0302U,
137 0x32195664U, 0x5da0e7baU, 0xfdf01ae7U, 0x0f89111eU,
138 0x1e0f223cU, 0x0e07121cU, 0x43afc586U, 0xebfb20cbU,
139 0x10083020U, 0x2a157e54U, 0x1a0d2e34U, 0x08041810U,
140 0x02010604U, 0xc864458dU, 0xa3dff85bU, 0xec7629c5U,
141 0xf2790bf9U, 0xa7ddf453U, 0x7a3d8ef4U, 0x2c167458U,
142 0x7e3f82fcU, 0x6e37b2dcU, 0xda6d73a9U, 0x703890e0U,
143 0x6fb9b1deU, 0xe67337d1U, 0xcfe94c83U, 0x6a35bed4U,
144 0xaa55e349U, 0xe2713bd9U, 0xf67b07f1U, 0x058c0f0aU,
145 0xe47231d5U, 0x0d88171aU, 0xf1f60effU, 0x542afca8U,
146 0x7c3e84f8U, 0xbc5ed965U, 0x4e27d29cU, 0x8c468905U,
147 0x180c2830U, 0xca654389U, 0xd0686dbdU, 0xc2615b99U,
148 0x06030a0cU, 0x9fc1bc23U, 0xae57ef41U, 0xb1d6ce7fU,
149 0xafd9ec43U, 0xb058cd7dU, 0xadd8ea47U, 0xcc664985U,
150 0xb3d7c87bU, 0x743a9ce8U, 0x8dc88a07U, 0x783c88f0U,
151 0xe9fa26cfU, 0x31965362U, 0x53a7f5a6U, 0x2d98775aU,
152 0xc5ec5297U, 0x6db8b7daU, 0x93c7a83bU, 0x41aec382U,
153 0xd2696bb9U, 0x964ba731U, 0x4babdd96U, 0x4fa9d19eU,
154 0xce674f81U, 0x140a3c28U, 0x8e478f01U, 0xf9f216efU,
155 0x77b599eeU, 0x4422cc88U, 0xd7e564b3U, 0xc1ee5e9fU,
156 0x61bea3c2U, 0x562bfaacU, 0x1f81213eU, 0x24126c48U,
157 0x1b832d36U, 0x361b5a6cU, 0x1c0e2438U, 0x4623ca8cU,
158 0xf7f504f3U, 0x8a458309U, 0x4221c684U, 0x81ce9e1fU,
159 0x9249ab39U, 0x582ce8b0U, 0xeff92cc3U, 0xd1e66ebfU,
160 0x71b693e2U, 0x5028f0a0U, 0x2e17725cU, 0x19822b32U,
161 0x341a5c68U, 0x0b8b1d16U, 0xe1fe3edfU, 0x098a1b12U,
162 0x12093624U, 0x8fc98c03U, 0x13873526U, 0x9c4eb925U,
163 0xdfe17ca3U, 0x5c2ee4b8U, 0xd5e462b7U, 0xdde07aa7U,
164 0xcbeb408bU, 0x3d90477aU, 0x55a4ffaaU, 0x3c1e4478U,
165 0x1785392eU, 0xc0605d9dU, 0x00000000U, 0x4a25de94U,
166 0xf5f402f7U, 0xfff11ce3U, 0x35945f6aU, 0x160b3a2cU,
167 0xd3e768bbU, 0xea7523c9U, 0xc3ef589bU, 0x6834b8d0U,
168 0x6231a6c4U, 0xb5d4c277U, 0xbdd0da67U, 0x11863322U,
169 0xfc7e19e5U, 0x47adc98eU, 0xe7fd34d3U, 0x5229f6a4U,
170 0x6030a0c0U, 0x763b9aecU, 0x239f6546U, 0xedf82ac7U,
171 0x91c6ae3fU, 0x26136a4cU, 0x0c061418U, 0x0a051e14U,
172 0x97c5a433U, 0x22116644U, 0xee772fc1U, 0xf87c15edU,
173 0xf47a01f5U, 0xf0780dfdU, 0x6c36b4d8U, 0x381c4870U,
174 0x723996e4U, 0xb259cb79U, 0x30185060U, 0xac56e945U,
175 0x7bb38df6U, 0x7db087faU, 0x4824d890U, 0x4020c080U,
176 0x79b28bf2U, 0x39924b72U, 0x5ba3edb6U, 0x9dc0ba27U,
177 0x8844850dU, 0xc4625195U, 0x20106040U, 0x75b49feaU,
178 0x15843f2aU, 0x86439711U, 0x3b934d76U, 0x99c2b62fU,
179 0x944aa135U, 0x67bda9ceU, 0x038f0506U, 0x5a2deeb4U,
180 0x65bcafcaU, 0x259c6f4aU, 0xd46a61b5U, 0x80409d1dU,
181 0x83cf981bU, 0x59a2ebb2U, 0x1d80273aU, 0x9e4fbf21U,
182 0x3e1f427cU, 0x89ca860fU, 0x49aadb92U, 0x84429115U,
183};
184
185static const u32 T2[256] = {
186 0xd2bbba69U, 0x4de554a8U, 0xbce22f5eU, 0xcd2574e8U,
187 0x51f753a6U, 0x6bd0d3bbU, 0x6fd6d2b9U, 0x29b34d9aU,
188 0x5dfd50a0U, 0x8acfac45U, 0x0e098d07U, 0xc6a5bf63U,
189 0xdd3d70e0U, 0x55f152a4U, 0x527b9a29U, 0x2db54c98U,
190 0x8f46eac9U, 0x73c4d5b7U, 0x66559733U, 0x63dcd1bfU,
191 0xccaa3366U, 0x59fb51a2U, 0x71c75bb6U, 0xa2f3a651U,
192 0x5ffedea1U, 0x3dad4890U, 0x9ad7a84dU, 0x5e71992fU,
193 0x4be0dbabU, 0xc8ac3264U, 0xe695b773U, 0xd732fce5U,
194 0xab70e3dbU, 0x42639e21U, 0x7e41913fU, 0x567d9b2bU,
195 0xaf76e2d9U, 0xd6bdbb6bU, 0x199b4182U, 0xa5796edcU,
196 0xaef9a557U, 0x0b80cb8bU, 0xb1676bd6U, 0x6e599537U,
197 0xbee1a15fU, 0xeb10f3fbU, 0xfe81b17fU, 0x080c0204U,
198 0x1792cc85U, 0x37a2c495U, 0x744e1d3aU, 0x50781428U,
199 0x2bb0c39bU, 0x915763c6U, 0x4fe6daa9U, 0x69d35dbaU,
200 0x61df5fbeU, 0x57f2dca5U, 0xe9137dfaU, 0x1394cd87U,
201 0xe11f7ffeU, 0x75c15ab4U, 0xad756cd8U, 0x6dd55cb8U,
202 0xfb08f7f3U, 0x98d4264cU, 0xdb38ffe3U, 0x9354edc7U,
203 0x874ae8cdU, 0x4e699d27U, 0xa17f6fdeU, 0x02038e01U,
204 0x64561932U, 0xbae7a05dU, 0xe71af0fdU, 0x1e11890fU,
205 0x3c220f1eU, 0x1c12070eU, 0x86c5af43U, 0xcb20fbebU,
206 0x20300810U, 0x547e152aU, 0x342e0d1aU, 0x10180408U,
207 0x04060102U, 0x8d4564c8U, 0x5bf8dfa3U, 0xc52976ecU,
208 0xf90b79f2U, 0x53f4dda7U, 0xf48e3d7aU, 0x5874162cU,
209 0xfc823f7eU, 0xdcb2376eU, 0xa9736ddaU, 0xe0903870U,
210 0xdeb1b96fU, 0xd13773e6U, 0x834ce9cfU, 0xd4be356aU,
211 0x49e355aaU, 0xd93b71e2U, 0xf1077bf6U, 0x0a0f8c05U,
212 0xd53172e4U, 0x1a17880dU, 0xff0ef6f1U, 0xa8fc2a54U,
213 0xf8843e7cU, 0x65d95ebcU, 0x9cd2274eU, 0x0589468cU,
214 0x30280c18U, 0x894365caU, 0xbd6d68d0U, 0x995b61c2U,
215 0x0c0a0306U, 0x23bcc19fU, 0x41ef57aeU, 0x7fced6b1U,
216 0x43ecd9afU, 0x7dcd58b0U, 0x47ead8adU, 0x854966ccU,
217 0x7bc8d7b3U, 0xe89c3a74U, 0x078ac88dU, 0xf0883c78U,
218 0xcf26fae9U, 0x62539631U, 0xa6f5a753U, 0x5a77982dU,
219 0x9752ecc5U, 0xdab7b86dU, 0x3ba8c793U, 0x82c3ae41U,
220 0xb96b69d2U, 0x31a74b96U, 0x96ddab4bU, 0x9ed1a94fU,
221 0x814f67ceU, 0x283c0a14U, 0x018f478eU, 0xef16f2f9U,
222 0xee99b577U, 0x88cc2244U, 0xb364e5d7U, 0x9f5eeec1U,
223 0xc2a3be61U, 0xacfa2b56U, 0x3e21811fU, 0x486c1224U,
224 0x362d831bU, 0x6c5a1b36U, 0x38240e1cU, 0x8cca2346U,
225 0xf304f5f7U, 0x0983458aU, 0x84c62142U, 0x1f9ece81U,
226 0x39ab4992U, 0xb0e82c58U, 0xc32cf9efU, 0xbf6ee6d1U,
227 0xe293b671U, 0xa0f02850U, 0x5c72172eU, 0x322b8219U,
228 0x685c1a34U, 0x161d8b0bU, 0xdf3efee1U, 0x121b8a09U,
229 0x24360912U, 0x038cc98fU, 0x26358713U, 0x25b94e9cU,
230 0xa37ce1dfU, 0xb8e42e5cU, 0xb762e4d5U, 0xa77ae0ddU,
231 0x8b40ebcbU, 0x7a47903dU, 0xaaffa455U, 0x78441e3cU,
232 0x2e398517U, 0x9d5d60c0U, 0x00000000U, 0x94de254aU,
233 0xf702f4f5U, 0xe31cf1ffU, 0x6a5f9435U, 0x2c3a0b16U,
234 0xbb68e7d3U, 0xc92375eaU, 0x9b58efc3U, 0xd0b83468U,
235 0xc4a63162U, 0x77c2d4b5U, 0x67dad0bdU, 0x22338611U,
236 0xe5197efcU, 0x8ec9ad47U, 0xd334fde7U, 0xa4f62952U,
237 0xc0a03060U, 0xec9a3b76U, 0x46659f23U, 0xc72af8edU,
238 0x3faec691U, 0x4c6a1326U, 0x1814060cU, 0x141e050aU,
239 0x33a4c597U, 0x44661122U, 0xc12f77eeU, 0xed157cf8U,
240 0xf5017af4U, 0xfd0d78f0U, 0xd8b4366cU, 0x70481c38U,
241 0xe4963972U, 0x79cb59b2U, 0x60501830U, 0x45e956acU,
242 0xf68db37bU, 0xfa87b07dU, 0x90d82448U, 0x80c02040U,
243 0xf28bb279U, 0x724b9239U, 0xb6eda35bU, 0x27bac09dU,
244 0x0d854488U, 0x955162c4U, 0x40601020U, 0xea9fb475U,
245 0x2a3f8415U, 0x11974386U, 0x764d933bU, 0x2fb6c299U,
246 0x35a14a94U, 0xcea9bd67U, 0x06058f03U, 0xb4ee2d5aU,
247 0xcaafbc65U, 0x4a6f9c25U, 0xb5616ad4U, 0x1d9d4080U,
248 0x1b98cf83U, 0xb2eba259U, 0x3a27801dU, 0x21bf4f9eU,
249 0x7c421f3eU, 0x0f86ca89U, 0x92dbaa49U, 0x15914284U,
250};
251
252static const u32 T3[256] = {
253 0xbbd269baU, 0xe54da854U, 0xe2bc5e2fU, 0x25cde874U,
254 0xf751a653U, 0xd06bbbd3U, 0xd66fb9d2U, 0xb3299a4dU,
255 0xfd5da050U, 0xcf8a45acU, 0x090e078dU, 0xa5c663bfU,
256 0x3ddde070U, 0xf155a452U, 0x7b52299aU, 0xb52d984cU,
257 0x468fc9eaU, 0xc473b7d5U, 0x55663397U, 0xdc63bfd1U,
258 0xaacc6633U, 0xfb59a251U, 0xc771b65bU, 0xf3a251a6U,
259 0xfe5fa1deU, 0xad3d9048U, 0xd79a4da8U, 0x715e2f99U,
260 0xe04babdbU, 0xacc86432U, 0x95e673b7U, 0x32d7e5fcU,
261 0x70abdbe3U, 0x6342219eU, 0x417e3f91U, 0x7d562b9bU,
262 0x76afd9e2U, 0xbdd66bbbU, 0x9b198241U, 0x79a5dc6eU,
263 0xf9ae57a5U, 0x800b8bcbU, 0x67b1d66bU, 0x596e3795U,
264 0xe1be5fa1U, 0x10ebfbf3U, 0x81fe7fb1U, 0x0c080402U,
265 0x921785ccU, 0xa23795c4U, 0x4e743a1dU, 0x78502814U,
266 0xb02b9bc3U, 0x5791c663U, 0xe64fa9daU, 0xd369ba5dU,
267 0xdf61be5fU, 0xf257a5dcU, 0x13e9fa7dU, 0x941387cdU,
268 0x1fe1fe7fU, 0xc175b45aU, 0x75add86cU, 0xd56db85cU,
269 0x08fbf3f7U, 0xd4984c26U, 0x38dbe3ffU, 0x5493c7edU,
270 0x4a87cde8U, 0x694e279dU, 0x7fa1de6fU, 0x0302018eU,
271 0x56643219U, 0xe7ba5da0U, 0x1ae7fdf0U, 0x111e0f89U,
272 0x223c1e0fU, 0x121c0e07U, 0xc58643afU, 0x20cbebfbU,
273 0x30201008U, 0x7e542a15U, 0x2e341a0dU, 0x18100804U,
274 0x06040201U, 0x458dc864U, 0xf85ba3dfU, 0x29c5ec76U,
275 0x0bf9f279U, 0xf453a7ddU, 0x8ef47a3dU, 0x74582c16U,
276 0x82fc7e3fU, 0xb2dc6e37U, 0x73a9da6dU, 0x90e07038U,
277 0xb1de6fb9U, 0x37d1e673U, 0x4c83cfe9U, 0xbed46a35U,
278 0xe349aa55U, 0x3bd9e271U, 0x07f1f67bU, 0x0f0a058cU,
279 0x31d5e472U, 0x171a0d88U, 0x0efff1f6U, 0xfca8542aU,
280 0x84f87c3eU, 0xd965bc5eU, 0xd29c4e27U, 0x89058c46U,
281 0x2830180cU, 0x4389ca65U, 0x6dbdd068U, 0x5b99c261U,
282 0x0a0c0603U, 0xbc239fc1U, 0xef41ae57U, 0xce7fb1d6U,
283 0xec43afd9U, 0xcd7db058U, 0xea47add8U, 0x4985cc66U,
284 0xc87bb3d7U, 0x9ce8743aU, 0x8a078dc8U, 0x88f0783cU,
285 0x26cfe9faU, 0x53623196U, 0xf5a653a7U, 0x775a2d98U,
286 0x5297c5ecU, 0xb7da6db8U, 0xa83b93c7U, 0xc38241aeU,
287 0x6bb9d269U, 0xa731964bU, 0xdd964babU, 0xd19e4fa9U,
288 0x4f81ce67U, 0x3c28140aU, 0x8f018e47U, 0x16eff9f2U,
289 0x99ee77b5U, 0xcc884422U, 0x64b3d7e5U, 0x5e9fc1eeU,
290 0xa3c261beU, 0xfaac562bU, 0x213e1f81U, 0x6c482412U,
291 0x2d361b83U, 0x5a6c361bU, 0x24381c0eU, 0xca8c4623U,
292 0x04f3f7f5U, 0x83098a45U, 0xc6844221U, 0x9e1f81ceU,
293 0xab399249U, 0xe8b0582cU, 0x2cc3eff9U, 0x6ebfd1e6U,
294 0x93e271b6U, 0xf0a05028U, 0x725c2e17U, 0x2b321982U,
295 0x5c68341aU, 0x1d160b8bU, 0x3edfe1feU, 0x1b12098aU,
296 0x36241209U, 0x8c038fc9U, 0x35261387U, 0xb9259c4eU,
297 0x7ca3dfe1U, 0xe4b85c2eU, 0x62b7d5e4U, 0x7aa7dde0U,
298 0x408bcbebU, 0x477a3d90U, 0xffaa55a4U, 0x44783c1eU,
299 0x392e1785U, 0x5d9dc060U, 0x00000000U, 0xde944a25U,
300 0x02f7f5f4U, 0x1ce3fff1U, 0x5f6a3594U, 0x3a2c160bU,
301 0x68bbd3e7U, 0x23c9ea75U, 0x589bc3efU, 0xb8d06834U,
302 0xa6c46231U, 0xc277b5d4U, 0xda67bdd0U, 0x33221186U,
303 0x19e5fc7eU, 0xc98e47adU, 0x34d3e7fdU, 0xf6a45229U,
304 0xa0c06030U, 0x9aec763bU, 0x6546239fU, 0x2ac7edf8U,
305 0xae3f91c6U, 0x6a4c2613U, 0x14180c06U, 0x1e140a05U,
306 0xa43397c5U, 0x66442211U, 0x2fc1ee77U, 0x15edf87cU,
307 0x01f5f47aU, 0x0dfdf078U, 0xb4d86c36U, 0x4870381cU,
308 0x96e47239U, 0xcb79b259U, 0x50603018U, 0xe945ac56U,
309 0x8df67bb3U, 0x87fa7db0U, 0xd8904824U, 0xc0804020U,
310 0x8bf279b2U, 0x4b723992U, 0xedb65ba3U, 0xba279dc0U,
311 0x850d8844U, 0x5195c462U, 0x60402010U, 0x9fea75b4U,
312 0x3f2a1584U, 0x97118643U, 0x4d763b93U, 0xb62f99c2U,
313 0xa135944aU, 0xa9ce67bdU, 0x0506038fU, 0xeeb45a2dU,
314 0xafca65bcU, 0x6f4a259cU, 0x61b5d46aU, 0x9d1d8040U,
315 0x981b83cfU, 0xebb259a2U, 0x273a1d80U, 0xbf219e4fU,
316 0x427c3e1fU, 0x860f89caU, 0xdb9249aaU, 0x91158442U,
317};
318
319static const u32 T4[256] = {
320 0xbabababaU, 0x54545454U, 0x2f2f2f2fU, 0x74747474U,
321 0x53535353U, 0xd3d3d3d3U, 0xd2d2d2d2U, 0x4d4d4d4dU,
322 0x50505050U, 0xacacacacU, 0x8d8d8d8dU, 0xbfbfbfbfU,
323 0x70707070U, 0x52525252U, 0x9a9a9a9aU, 0x4c4c4c4cU,
324 0xeaeaeaeaU, 0xd5d5d5d5U, 0x97979797U, 0xd1d1d1d1U,
325 0x33333333U, 0x51515151U, 0x5b5b5b5bU, 0xa6a6a6a6U,
326 0xdedededeU, 0x48484848U, 0xa8a8a8a8U, 0x99999999U,
327 0xdbdbdbdbU, 0x32323232U, 0xb7b7b7b7U, 0xfcfcfcfcU,
328 0xe3e3e3e3U, 0x9e9e9e9eU, 0x91919191U, 0x9b9b9b9bU,
329 0xe2e2e2e2U, 0xbbbbbbbbU, 0x41414141U, 0x6e6e6e6eU,
330 0xa5a5a5a5U, 0xcbcbcbcbU, 0x6b6b6b6bU, 0x95959595U,
331 0xa1a1a1a1U, 0xf3f3f3f3U, 0xb1b1b1b1U, 0x02020202U,
332 0xccccccccU, 0xc4c4c4c4U, 0x1d1d1d1dU, 0x14141414U,
333 0xc3c3c3c3U, 0x63636363U, 0xdadadadaU, 0x5d5d5d5dU,
334 0x5f5f5f5fU, 0xdcdcdcdcU, 0x7d7d7d7dU, 0xcdcdcdcdU,
335 0x7f7f7f7fU, 0x5a5a5a5aU, 0x6c6c6c6cU, 0x5c5c5c5cU,
336 0xf7f7f7f7U, 0x26262626U, 0xffffffffU, 0xededededU,
337 0xe8e8e8e8U, 0x9d9d9d9dU, 0x6f6f6f6fU, 0x8e8e8e8eU,
338 0x19191919U, 0xa0a0a0a0U, 0xf0f0f0f0U, 0x89898989U,
339 0x0f0f0f0fU, 0x07070707U, 0xafafafafU, 0xfbfbfbfbU,
340 0x08080808U, 0x15151515U, 0x0d0d0d0dU, 0x04040404U,
341 0x01010101U, 0x64646464U, 0xdfdfdfdfU, 0x76767676U,
342 0x79797979U, 0xddddddddU, 0x3d3d3d3dU, 0x16161616U,
343 0x3f3f3f3fU, 0x37373737U, 0x6d6d6d6dU, 0x38383838U,
344 0xb9b9b9b9U, 0x73737373U, 0xe9e9e9e9U, 0x35353535U,
345 0x55555555U, 0x71717171U, 0x7b7b7b7bU, 0x8c8c8c8cU,
346 0x72727272U, 0x88888888U, 0xf6f6f6f6U, 0x2a2a2a2aU,
347 0x3e3e3e3eU, 0x5e5e5e5eU, 0x27272727U, 0x46464646U,
348 0x0c0c0c0cU, 0x65656565U, 0x68686868U, 0x61616161U,
349 0x03030303U, 0xc1c1c1c1U, 0x57575757U, 0xd6d6d6d6U,
350 0xd9d9d9d9U, 0x58585858U, 0xd8d8d8d8U, 0x66666666U,
351 0xd7d7d7d7U, 0x3a3a3a3aU, 0xc8c8c8c8U, 0x3c3c3c3cU,
352 0xfafafafaU, 0x96969696U, 0xa7a7a7a7U, 0x98989898U,
353 0xececececU, 0xb8b8b8b8U, 0xc7c7c7c7U, 0xaeaeaeaeU,
354 0x69696969U, 0x4b4b4b4bU, 0xababababU, 0xa9a9a9a9U,
355 0x67676767U, 0x0a0a0a0aU, 0x47474747U, 0xf2f2f2f2U,
356 0xb5b5b5b5U, 0x22222222U, 0xe5e5e5e5U, 0xeeeeeeeeU,
357 0xbebebebeU, 0x2b2b2b2bU, 0x81818181U, 0x12121212U,
358 0x83838383U, 0x1b1b1b1bU, 0x0e0e0e0eU, 0x23232323U,
359 0xf5f5f5f5U, 0x45454545U, 0x21212121U, 0xcecececeU,
360 0x49494949U, 0x2c2c2c2cU, 0xf9f9f9f9U, 0xe6e6e6e6U,
361 0xb6b6b6b6U, 0x28282828U, 0x17171717U, 0x82828282U,
362 0x1a1a1a1aU, 0x8b8b8b8bU, 0xfefefefeU, 0x8a8a8a8aU,
363 0x09090909U, 0xc9c9c9c9U, 0x87878787U, 0x4e4e4e4eU,
364 0xe1e1e1e1U, 0x2e2e2e2eU, 0xe4e4e4e4U, 0xe0e0e0e0U,
365 0xebebebebU, 0x90909090U, 0xa4a4a4a4U, 0x1e1e1e1eU,
366 0x85858585U, 0x60606060U, 0x00000000U, 0x25252525U,
367 0xf4f4f4f4U, 0xf1f1f1f1U, 0x94949494U, 0x0b0b0b0bU,
368 0xe7e7e7e7U, 0x75757575U, 0xefefefefU, 0x34343434U,
369 0x31313131U, 0xd4d4d4d4U, 0xd0d0d0d0U, 0x86868686U,
370 0x7e7e7e7eU, 0xadadadadU, 0xfdfdfdfdU, 0x29292929U,
371 0x30303030U, 0x3b3b3b3bU, 0x9f9f9f9fU, 0xf8f8f8f8U,
372 0xc6c6c6c6U, 0x13131313U, 0x06060606U, 0x05050505U,
373 0xc5c5c5c5U, 0x11111111U, 0x77777777U, 0x7c7c7c7cU,
374 0x7a7a7a7aU, 0x78787878U, 0x36363636U, 0x1c1c1c1cU,
375 0x39393939U, 0x59595959U, 0x18181818U, 0x56565656U,
376 0xb3b3b3b3U, 0xb0b0b0b0U, 0x24242424U, 0x20202020U,
377 0xb2b2b2b2U, 0x92929292U, 0xa3a3a3a3U, 0xc0c0c0c0U,
378 0x44444444U, 0x62626262U, 0x10101010U, 0xb4b4b4b4U,
379 0x84848484U, 0x43434343U, 0x93939393U, 0xc2c2c2c2U,
380 0x4a4a4a4aU, 0xbdbdbdbdU, 0x8f8f8f8fU, 0x2d2d2d2dU,
381 0xbcbcbcbcU, 0x9c9c9c9cU, 0x6a6a6a6aU, 0x40404040U,
382 0xcfcfcfcfU, 0xa2a2a2a2U, 0x80808080U, 0x4f4f4f4fU,
383 0x1f1f1f1fU, 0xcacacacaU, 0xaaaaaaaaU, 0x42424242U,
384};
385
386static const u32 T5[256] = {
387 0x00000000U, 0x01020608U, 0x02040c10U, 0x03060a18U,
388 0x04081820U, 0x050a1e28U, 0x060c1430U, 0x070e1238U,
389 0x08103040U, 0x09123648U, 0x0a143c50U, 0x0b163a58U,
390 0x0c182860U, 0x0d1a2e68U, 0x0e1c2470U, 0x0f1e2278U,
391 0x10206080U, 0x11226688U, 0x12246c90U, 0x13266a98U,
392 0x142878a0U, 0x152a7ea8U, 0x162c74b0U, 0x172e72b8U,
393 0x183050c0U, 0x193256c8U, 0x1a345cd0U, 0x1b365ad8U,
394 0x1c3848e0U, 0x1d3a4ee8U, 0x1e3c44f0U, 0x1f3e42f8U,
395 0x2040c01dU, 0x2142c615U, 0x2244cc0dU, 0x2346ca05U,
396 0x2448d83dU, 0x254ade35U, 0x264cd42dU, 0x274ed225U,
397 0x2850f05dU, 0x2952f655U, 0x2a54fc4dU, 0x2b56fa45U,
398 0x2c58e87dU, 0x2d5aee75U, 0x2e5ce46dU, 0x2f5ee265U,
399 0x3060a09dU, 0x3162a695U, 0x3264ac8dU, 0x3366aa85U,
400 0x3468b8bdU, 0x356abeb5U, 0x366cb4adU, 0x376eb2a5U,
401 0x387090ddU, 0x397296d5U, 0x3a749ccdU, 0x3b769ac5U,
402 0x3c7888fdU, 0x3d7a8ef5U, 0x3e7c84edU, 0x3f7e82e5U,
403 0x40809d3aU, 0x41829b32U, 0x4284912aU, 0x43869722U,
404 0x4488851aU, 0x458a8312U, 0x468c890aU, 0x478e8f02U,
405 0x4890ad7aU, 0x4992ab72U, 0x4a94a16aU, 0x4b96a762U,
406 0x4c98b55aU, 0x4d9ab352U, 0x4e9cb94aU, 0x4f9ebf42U,
407 0x50a0fdbaU, 0x51a2fbb2U, 0x52a4f1aaU, 0x53a6f7a2U,
408 0x54a8e59aU, 0x55aae392U, 0x56ace98aU, 0x57aeef82U,
409 0x58b0cdfaU, 0x59b2cbf2U, 0x5ab4c1eaU, 0x5bb6c7e2U,
410 0x5cb8d5daU, 0x5dbad3d2U, 0x5ebcd9caU, 0x5fbedfc2U,
411 0x60c05d27U, 0x61c25b2fU, 0x62c45137U, 0x63c6573fU,
412 0x64c84507U, 0x65ca430fU, 0x66cc4917U, 0x67ce4f1fU,
413 0x68d06d67U, 0x69d26b6fU, 0x6ad46177U, 0x6bd6677fU,
414 0x6cd87547U, 0x6dda734fU, 0x6edc7957U, 0x6fde7f5fU,
415 0x70e03da7U, 0x71e23bafU, 0x72e431b7U, 0x73e637bfU,
416 0x74e82587U, 0x75ea238fU, 0x76ec2997U, 0x77ee2f9fU,
417 0x78f00de7U, 0x79f20befU, 0x7af401f7U, 0x7bf607ffU,
418 0x7cf815c7U, 0x7dfa13cfU, 0x7efc19d7U, 0x7ffe1fdfU,
419 0x801d2774U, 0x811f217cU, 0x82192b64U, 0x831b2d6cU,
420 0x84153f54U, 0x8517395cU, 0x86113344U, 0x8713354cU,
421 0x880d1734U, 0x890f113cU, 0x8a091b24U, 0x8b0b1d2cU,
422 0x8c050f14U, 0x8d07091cU, 0x8e010304U, 0x8f03050cU,
423 0x903d47f4U, 0x913f41fcU, 0x92394be4U, 0x933b4decU,
424 0x94355fd4U, 0x953759dcU, 0x963153c4U, 0x973355ccU,
425 0x982d77b4U, 0x992f71bcU, 0x9a297ba4U, 0x9b2b7dacU,
426 0x9c256f94U, 0x9d27699cU, 0x9e216384U, 0x9f23658cU,
427 0xa05de769U, 0xa15fe161U, 0xa259eb79U, 0xa35bed71U,
428 0xa455ff49U, 0xa557f941U, 0xa651f359U, 0xa753f551U,
429 0xa84dd729U, 0xa94fd121U, 0xaa49db39U, 0xab4bdd31U,
430 0xac45cf09U, 0xad47c901U, 0xae41c319U, 0xaf43c511U,
431 0xb07d87e9U, 0xb17f81e1U, 0xb2798bf9U, 0xb37b8df1U,
432 0xb4759fc9U, 0xb57799c1U, 0xb67193d9U, 0xb77395d1U,
433 0xb86db7a9U, 0xb96fb1a1U, 0xba69bbb9U, 0xbb6bbdb1U,
434 0xbc65af89U, 0xbd67a981U, 0xbe61a399U, 0xbf63a591U,
435 0xc09dba4eU, 0xc19fbc46U, 0xc299b65eU, 0xc39bb056U,
436 0xc495a26eU, 0xc597a466U, 0xc691ae7eU, 0xc793a876U,
437 0xc88d8a0eU, 0xc98f8c06U, 0xca89861eU, 0xcb8b8016U,
438 0xcc85922eU, 0xcd879426U, 0xce819e3eU, 0xcf839836U,
439 0xd0bddaceU, 0xd1bfdcc6U, 0xd2b9d6deU, 0xd3bbd0d6U,
440 0xd4b5c2eeU, 0xd5b7c4e6U, 0xd6b1cefeU, 0xd7b3c8f6U,
441 0xd8adea8eU, 0xd9afec86U, 0xdaa9e69eU, 0xdbabe096U,
442 0xdca5f2aeU, 0xdda7f4a6U, 0xdea1febeU, 0xdfa3f8b6U,
443 0xe0dd7a53U, 0xe1df7c5bU, 0xe2d97643U, 0xe3db704bU,
444 0xe4d56273U, 0xe5d7647bU, 0xe6d16e63U, 0xe7d3686bU,
445 0xe8cd4a13U, 0xe9cf4c1bU, 0xeac94603U, 0xebcb400bU,
446 0xecc55233U, 0xedc7543bU, 0xeec15e23U, 0xefc3582bU,
447 0xf0fd1ad3U, 0xf1ff1cdbU, 0xf2f916c3U, 0xf3fb10cbU,
448 0xf4f502f3U, 0xf5f704fbU, 0xf6f10ee3U, 0xf7f308ebU,
449 0xf8ed2a93U, 0xf9ef2c9bU, 0xfae92683U, 0xfbeb208bU,
450 0xfce532b3U, 0xfde734bbU, 0xfee13ea3U, 0xffe338abU,
451};
452
453static const u32 rc[] = {
454 0xba542f74U, 0x53d3d24dU, 0x50ac8dbfU, 0x70529a4cU,
455 0xead597d1U, 0x33515ba6U, 0xde48a899U, 0xdb32b7fcU,
456 0xe39e919bU, 0xe2bb416eU, 0xa5cb6b95U, 0xa1f3b102U,
457 0xccc41d14U, 0xc363da5dU, 0x5fdc7dcdU, 0x7f5a6c5cU,
458 0xf726ffedU, 0xe89d6f8eU, 0x19a0f089U,
459};
460
461static int anubis_setkey(void *ctx_arg, const u8 *in_key,
462 unsigned int key_len, u32 *flags)
463{
464
465 int N, R, i, pos, r;
466 u32 kappa[ANUBIS_MAX_N];
467 u32 inter[ANUBIS_MAX_N];
468
469 struct anubis_ctx *ctx = ctx_arg;
470
471 switch (key_len)
472 {
473 case 16: case 20: case 24: case 28:
474 case 32: case 36: case 40:
475 break;
476 default:
477 *flags |= CRYPTO_TFM_RES_BAD_KEY_LEN;
478 return - EINVAL;
479 }
480
481 ctx->key_len = key_len * 8;
482 N = ctx->key_len >> 5;
483 ctx->R = R = 8 + N;
484
485 /* * map cipher key to initial key state (mu): */
486 for (i = 0, pos = 0; i < N; i++, pos += 4) {
487 kappa[i] =
488 (in_key[pos ] << 24) ^
489 (in_key[pos + 1] << 16) ^
490 (in_key[pos + 2] << 8) ^
491 (in_key[pos + 3] );
492 }
493
494 /*
495 * generate R + 1 round keys:
496 */
497 for (r = 0; r <= R; r++) {
498 u32 K0, K1, K2, K3;
499 /*
500 * generate r-th round key K^r:
501 */
502 K0 = T4[(kappa[N - 1] >> 24) ];
503 K1 = T4[(kappa[N - 1] >> 16) & 0xff];
504 K2 = T4[(kappa[N - 1] >> 8) & 0xff];
505 K3 = T4[(kappa[N - 1] ) & 0xff];
506 for (i = N - 2; i >= 0; i--) {
507 K0 = T4[(kappa[i] >> 24) ] ^
508 (T5[(K0 >> 24) ] & 0xff000000U) ^
509 (T5[(K0 >> 16) & 0xff] & 0x00ff0000U) ^
510 (T5[(K0 >> 8) & 0xff] & 0x0000ff00U) ^
511 (T5[(K0 ) & 0xff] & 0x000000ffU);
512 K1 = T4[(kappa[i] >> 16) & 0xff] ^
513 (T5[(K1 >> 24) ] & 0xff000000U) ^
514 (T5[(K1 >> 16) & 0xff] & 0x00ff0000U) ^
515 (T5[(K1 >> 8) & 0xff] & 0x0000ff00U) ^
516 (T5[(K1 ) & 0xff] & 0x000000ffU);
517 K2 = T4[(kappa[i] >> 8) & 0xff] ^
518 (T5[(K2 >> 24) ] & 0xff000000U) ^
519 (T5[(K2 >> 16) & 0xff] & 0x00ff0000U) ^
520 (T5[(K2 >> 8) & 0xff] & 0x0000ff00U) ^
521 (T5[(K2 ) & 0xff] & 0x000000ffU);
522 K3 = T4[(kappa[i] ) & 0xff] ^
523 (T5[(K3 >> 24) ] & 0xff000000U) ^
524 (T5[(K3 >> 16) & 0xff] & 0x00ff0000U) ^
525 (T5[(K3 >> 8) & 0xff] & 0x0000ff00U) ^
526 (T5[(K3 ) & 0xff] & 0x000000ffU);
527 }
528
529 ctx->E[r][0] = K0;
530 ctx->E[r][1] = K1;
531 ctx->E[r][2] = K2;
532 ctx->E[r][3] = K3;
533
534 /*
535 * compute kappa^{r+1} from kappa^r:
536 */
537 if (r == R) {
538 break;
539 }
540 for (i = 0; i < N; i++) {
541 int j = i;
542 inter[i] = T0[(kappa[j--] >> 24) ];
543 if (j < 0) j = N - 1;
544 inter[i] ^= T1[(kappa[j--] >> 16) & 0xff];
545 if (j < 0) j = N - 1;
546 inter[i] ^= T2[(kappa[j--] >> 8) & 0xff];
547 if (j < 0) j = N - 1;
548 inter[i] ^= T3[(kappa[j ] ) & 0xff];
549 }
550 kappa[0] = inter[0] ^ rc[r];
551 for (i = 1; i < N; i++) {
552 kappa[i] = inter[i];
553 }
554 }
555
556 /*
557 * generate inverse key schedule: K'^0 = K^R, K'^R =
558 * K^0, K'^r = theta(K^{R-r}):
559 */
560 for (i = 0; i < 4; i++) {
561 ctx->D[0][i] = ctx->E[R][i];
562 ctx->D[R][i] = ctx->E[0][i];
563 }
564 for (r = 1; r < R; r++) {
565 for (i = 0; i < 4; i++) {
566 u32 v = ctx->E[R - r][i];
567 ctx->D[r][i] =
568 T0[T4[(v >> 24) ] & 0xff] ^
569 T1[T4[(v >> 16) & 0xff] & 0xff] ^
570 T2[T4[(v >> 8) & 0xff] & 0xff] ^
571 T3[T4[(v ) & 0xff] & 0xff];
572 }
573 }
574
575 return 0;
576}
577
578static void anubis_crypt(u32 roundKey[ANUBIS_MAX_ROUNDS + 1][4],
579 u8 *ciphertext, const u8 *plaintext, const int R)
580{
581 int i, pos, r;
582 u32 state[4];
583 u32 inter[4];
584
585 /*
586 * map plaintext block to cipher state (mu)
587 * and add initial round key (sigma[K^0]):
588 */
589 for (i = 0, pos = 0; i < 4; i++, pos += 4) {
590 state[i] =
591 (plaintext[pos ] << 24) ^
592 (plaintext[pos + 1] << 16) ^
593 (plaintext[pos + 2] << 8) ^
594 (plaintext[pos + 3] ) ^
595 roundKey[0][i];
596 }
597
598 /*
599 * R - 1 full rounds:
600 */
601
602 for (r = 1; r < R; r++) {
603 inter[0] =
604 T0[(state[0] >> 24) ] ^
605 T1[(state[1] >> 24) ] ^
606 T2[(state[2] >> 24) ] ^
607 T3[(state[3] >> 24) ] ^
608 roundKey[r][0];
609 inter[1] =
610 T0[(state[0] >> 16) & 0xff] ^
611 T1[(state[1] >> 16) & 0xff] ^
612 T2[(state[2] >> 16) & 0xff] ^
613 T3[(state[3] >> 16) & 0xff] ^
614 roundKey[r][1];
615 inter[2] =
616 T0[(state[0] >> 8) & 0xff] ^
617 T1[(state[1] >> 8) & 0xff] ^
618 T2[(state[2] >> 8) & 0xff] ^
619 T3[(state[3] >> 8) & 0xff] ^
620 roundKey[r][2];
621 inter[3] =
622 T0[(state[0] ) & 0xff] ^
623 T1[(state[1] ) & 0xff] ^
624 T2[(state[2] ) & 0xff] ^
625 T3[(state[3] ) & 0xff] ^
626 roundKey[r][3];
627 state[0] = inter[0];
628 state[1] = inter[1];
629 state[2] = inter[2];
630 state[3] = inter[3];
631 }
632
633 /*
634 * last round:
635 */
636
637 inter[0] =
638 (T0[(state[0] >> 24) ] & 0xff000000U) ^
639 (T1[(state[1] >> 24) ] & 0x00ff0000U) ^
640 (T2[(state[2] >> 24) ] & 0x0000ff00U) ^
641 (T3[(state[3] >> 24) ] & 0x000000ffU) ^
642 roundKey[R][0];
643 inter[1] =
644 (T0[(state[0] >> 16) & 0xff] & 0xff000000U) ^
645 (T1[(state[1] >> 16) & 0xff] & 0x00ff0000U) ^
646 (T2[(state[2] >> 16) & 0xff] & 0x0000ff00U) ^
647 (T3[(state[3] >> 16) & 0xff] & 0x000000ffU) ^
648 roundKey[R][1];
649 inter[2] =
650 (T0[(state[0] >> 8) & 0xff] & 0xff000000U) ^
651 (T1[(state[1] >> 8) & 0xff] & 0x00ff0000U) ^
652 (T2[(state[2] >> 8) & 0xff] & 0x0000ff00U) ^
653 (T3[(state[3] >> 8) & 0xff] & 0x000000ffU) ^
654 roundKey[R][2];
655 inter[3] =
656 (T0[(state[0] ) & 0xff] & 0xff000000U) ^
657 (T1[(state[1] ) & 0xff] & 0x00ff0000U) ^
658 (T2[(state[2] ) & 0xff] & 0x0000ff00U) ^
659 (T3[(state[3] ) & 0xff] & 0x000000ffU) ^
660 roundKey[R][3];
661
662 /*
663 * map cipher state to ciphertext block (mu^{-1}):
664 */
665
666 for (i = 0, pos = 0; i < 4; i++, pos += 4) {
667 u32 w = inter[i];
668 ciphertext[pos ] = (u8)(w >> 24);
669 ciphertext[pos + 1] = (u8)(w >> 16);
670 ciphertext[pos + 2] = (u8)(w >> 8);
671 ciphertext[pos + 3] = (u8)(w );
672 }
673}
674
675static void anubis_encrypt(void *ctx_arg, u8 *dst, const u8 *src)
676{
677 struct anubis_ctx *ctx = ctx_arg;
678 anubis_crypt(ctx->E, dst, src, ctx->R);
679}
680
681static void anubis_decrypt(void *ctx_arg, u8 *dst, const u8 *src)
682{
683 struct anubis_ctx *ctx = ctx_arg;
684 anubis_crypt(ctx->D, dst, src, ctx->R);
685}
686
687static struct crypto_alg anubis_alg = {
688 .cra_name = "anubis",
689 .cra_flags = CRYPTO_ALG_TYPE_CIPHER,
690 .cra_blocksize = ANUBIS_BLOCK_SIZE,
691 .cra_ctxsize = sizeof (struct anubis_ctx),
692 .cra_module = THIS_MODULE,
693 .cra_list = LIST_HEAD_INIT(anubis_alg.cra_list),
694 .cra_u = { .cipher = {
695 .cia_min_keysize = ANUBIS_MIN_KEY_SIZE,
696 .cia_max_keysize = ANUBIS_MAX_KEY_SIZE,
697 .cia_setkey = anubis_setkey,
698 .cia_encrypt = anubis_encrypt,
699 .cia_decrypt = anubis_decrypt } }
700};
701
702static int __init init(void)
703{
704 int ret = 0;
705
706 ret = crypto_register_alg(&anubis_alg);
707 return ret;
708}
709
710static void __exit fini(void)
711{
712 crypto_unregister_alg(&anubis_alg);
713}
714
715module_init(init);
716module_exit(fini);
717
718MODULE_LICENSE("GPL");
719MODULE_DESCRIPTION("Anubis Cryptographic Algorithm");
diff --git a/crypto/api.c b/crypto/api.c
new file mode 100644
index 000000000000..394169a8577d
--- /dev/null
+++ b/crypto/api.c
@@ -0,0 +1,233 @@
1/*
2 * Scatterlist Cryptographic API.
3 *
4 * Copyright (c) 2002 James Morris <jmorris@intercode.com.au>
5 * Copyright (c) 2002 David S. Miller (davem@redhat.com)
6 *
7 * Portions derived from Cryptoapi, by Alexander Kjeldaas <astor@fast.no>
8 * and Nettle, by Niels Möller.
9 *
10 * This program is free software; you can redistribute it and/or modify it
11 * under the terms of the GNU General Public License as published by the Free
12 * Software Foundation; either version 2 of the License, or (at your option)
13 * any later version.
14 *
15 */
16#include <linux/init.h>
17#include <linux/crypto.h>
18#include <linux/errno.h>
19#include <linux/rwsem.h>
20#include <linux/slab.h>
21#include "internal.h"
22
23LIST_HEAD(crypto_alg_list);
24DECLARE_RWSEM(crypto_alg_sem);
25
26static inline int crypto_alg_get(struct crypto_alg *alg)
27{
28 return try_module_get(alg->cra_module);
29}
30
31static inline void crypto_alg_put(struct crypto_alg *alg)
32{
33 module_put(alg->cra_module);
34}
35
36struct crypto_alg *crypto_alg_lookup(const char *name)
37{
38 struct crypto_alg *q, *alg = NULL;
39
40 if (!name)
41 return NULL;
42
43 down_read(&crypto_alg_sem);
44
45 list_for_each_entry(q, &crypto_alg_list, cra_list) {
46 if (!(strcmp(q->cra_name, name))) {
47 if (crypto_alg_get(q))
48 alg = q;
49 break;
50 }
51 }
52
53 up_read(&crypto_alg_sem);
54 return alg;
55}
56
57static int crypto_init_flags(struct crypto_tfm *tfm, u32 flags)
58{
59 tfm->crt_flags = 0;
60
61 switch (crypto_tfm_alg_type(tfm)) {
62 case CRYPTO_ALG_TYPE_CIPHER:
63 return crypto_init_cipher_flags(tfm, flags);
64
65 case CRYPTO_ALG_TYPE_DIGEST:
66 return crypto_init_digest_flags(tfm, flags);
67
68 case CRYPTO_ALG_TYPE_COMPRESS:
69 return crypto_init_compress_flags(tfm, flags);
70
71 default:
72 break;
73 }
74
75 BUG();
76 return -EINVAL;
77}
78
79static int crypto_init_ops(struct crypto_tfm *tfm)
80{
81 switch (crypto_tfm_alg_type(tfm)) {
82 case CRYPTO_ALG_TYPE_CIPHER:
83 return crypto_init_cipher_ops(tfm);
84
85 case CRYPTO_ALG_TYPE_DIGEST:
86 return crypto_init_digest_ops(tfm);
87
88 case CRYPTO_ALG_TYPE_COMPRESS:
89 return crypto_init_compress_ops(tfm);
90
91 default:
92 break;
93 }
94
95 BUG();
96 return -EINVAL;
97}
98
99static void crypto_exit_ops(struct crypto_tfm *tfm)
100{
101 switch (crypto_tfm_alg_type(tfm)) {
102 case CRYPTO_ALG_TYPE_CIPHER:
103 crypto_exit_cipher_ops(tfm);
104 break;
105
106 case CRYPTO_ALG_TYPE_DIGEST:
107 crypto_exit_digest_ops(tfm);
108 break;
109
110 case CRYPTO_ALG_TYPE_COMPRESS:
111 crypto_exit_compress_ops(tfm);
112 break;
113
114 default:
115 BUG();
116
117 }
118}
119
120struct crypto_tfm *crypto_alloc_tfm(const char *name, u32 flags)
121{
122 struct crypto_tfm *tfm = NULL;
123 struct crypto_alg *alg;
124
125 alg = crypto_alg_mod_lookup(name);
126 if (alg == NULL)
127 goto out;
128
129 tfm = kmalloc(sizeof(*tfm) + alg->cra_ctxsize, GFP_KERNEL);
130 if (tfm == NULL)
131 goto out_put;
132
133 memset(tfm, 0, sizeof(*tfm) + alg->cra_ctxsize);
134
135 tfm->__crt_alg = alg;
136
137 if (crypto_init_flags(tfm, flags))
138 goto out_free_tfm;
139
140 if (crypto_init_ops(tfm)) {
141 crypto_exit_ops(tfm);
142 goto out_free_tfm;
143 }
144
145 goto out;
146
147out_free_tfm:
148 kfree(tfm);
149 tfm = NULL;
150out_put:
151 crypto_alg_put(alg);
152out:
153 return tfm;
154}
155
156void crypto_free_tfm(struct crypto_tfm *tfm)
157{
158 struct crypto_alg *alg = tfm->__crt_alg;
159 int size = sizeof(*tfm) + alg->cra_ctxsize;
160
161 crypto_exit_ops(tfm);
162 crypto_alg_put(alg);
163 memset(tfm, 0, size);
164 kfree(tfm);
165}
166
167int crypto_register_alg(struct crypto_alg *alg)
168{
169 int ret = 0;
170 struct crypto_alg *q;
171
172 down_write(&crypto_alg_sem);
173
174 list_for_each_entry(q, &crypto_alg_list, cra_list) {
175 if (!(strcmp(q->cra_name, alg->cra_name))) {
176 ret = -EEXIST;
177 goto out;
178 }
179 }
180
181 list_add_tail(&alg->cra_list, &crypto_alg_list);
182out:
183 up_write(&crypto_alg_sem);
184 return ret;
185}
186
187int crypto_unregister_alg(struct crypto_alg *alg)
188{
189 int ret = -ENOENT;
190 struct crypto_alg *q;
191
192 BUG_ON(!alg->cra_module);
193
194 down_write(&crypto_alg_sem);
195 list_for_each_entry(q, &crypto_alg_list, cra_list) {
196 if (alg == q) {
197 list_del(&alg->cra_list);
198 ret = 0;
199 goto out;
200 }
201 }
202out:
203 up_write(&crypto_alg_sem);
204 return ret;
205}
206
207int crypto_alg_available(const char *name, u32 flags)
208{
209 int ret = 0;
210 struct crypto_alg *alg = crypto_alg_mod_lookup(name);
211
212 if (alg) {
213 crypto_alg_put(alg);
214 ret = 1;
215 }
216
217 return ret;
218}
219
220static int __init init_crypto(void)
221{
222 printk(KERN_INFO "Initializing Cryptographic API\n");
223 crypto_init_proc();
224 return 0;
225}
226
227__initcall(init_crypto);
228
229EXPORT_SYMBOL_GPL(crypto_register_alg);
230EXPORT_SYMBOL_GPL(crypto_unregister_alg);
231EXPORT_SYMBOL_GPL(crypto_alloc_tfm);
232EXPORT_SYMBOL_GPL(crypto_free_tfm);
233EXPORT_SYMBOL_GPL(crypto_alg_available);
diff --git a/crypto/arc4.c b/crypto/arc4.c
new file mode 100644
index 000000000000..9efbcaae88a1
--- /dev/null
+++ b/crypto/arc4.c
@@ -0,0 +1,103 @@
1/*
2 * Cryptographic API
3 *
4 * ARC4 Cipher Algorithm
5 *
6 * Jon Oberheide <jon@oberheide.org>
7 *
8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 2 of the License, or
11 * (at your option) any later version.
12 *
13 */
14#include <linux/module.h>
15#include <linux/init.h>
16#include <linux/crypto.h>
17
18#define ARC4_MIN_KEY_SIZE 1
19#define ARC4_MAX_KEY_SIZE 256
20#define ARC4_BLOCK_SIZE 1
21
22struct arc4_ctx {
23 u8 S[256];
24 u8 x, y;
25};
26
27static int arc4_set_key(void *ctx_arg, const u8 *in_key, unsigned int key_len, u32 *flags)
28{
29 struct arc4_ctx *ctx = ctx_arg;
30 int i, j = 0, k = 0;
31
32 ctx->x = 1;
33 ctx->y = 0;
34
35 for(i = 0; i < 256; i++)
36 ctx->S[i] = i;
37
38 for(i = 0; i < 256; i++)
39 {
40 u8 a = ctx->S[i];
41 j = (j + in_key[k] + a) & 0xff;
42 ctx->S[i] = ctx->S[j];
43 ctx->S[j] = a;
44 if(++k >= key_len)
45 k = 0;
46 }
47
48 return 0;
49}
50
51static void arc4_crypt(void *ctx_arg, u8 *out, const u8 *in)
52{
53 struct arc4_ctx *ctx = ctx_arg;
54
55 u8 *const S = ctx->S;
56 u8 x = ctx->x;
57 u8 y = ctx->y;
58 u8 a, b;
59
60 a = S[x];
61 y = (y + a) & 0xff;
62 b = S[y];
63 S[x] = b;
64 S[y] = a;
65 x = (x + 1) & 0xff;
66 *out++ = *in ^ S[(a + b) & 0xff];
67
68 ctx->x = x;
69 ctx->y = y;
70}
71
72static struct crypto_alg arc4_alg = {
73 .cra_name = "arc4",
74 .cra_flags = CRYPTO_ALG_TYPE_CIPHER,
75 .cra_blocksize = ARC4_BLOCK_SIZE,
76 .cra_ctxsize = sizeof(struct arc4_ctx),
77 .cra_module = THIS_MODULE,
78 .cra_list = LIST_HEAD_INIT(arc4_alg.cra_list),
79 .cra_u = { .cipher = {
80 .cia_min_keysize = ARC4_MIN_KEY_SIZE,
81 .cia_max_keysize = ARC4_MAX_KEY_SIZE,
82 .cia_setkey = arc4_set_key,
83 .cia_encrypt = arc4_crypt,
84 .cia_decrypt = arc4_crypt } }
85};
86
87static int __init arc4_init(void)
88{
89 return crypto_register_alg(&arc4_alg);
90}
91
92
93static void __exit arc4_exit(void)
94{
95 crypto_unregister_alg(&arc4_alg);
96}
97
98module_init(arc4_init);
99module_exit(arc4_exit);
100
101MODULE_LICENSE("GPL");
102MODULE_DESCRIPTION("ARC4 Cipher Algorithm");
103MODULE_AUTHOR("Jon Oberheide <jon@oberheide.org>");
diff --git a/crypto/blowfish.c b/crypto/blowfish.c
new file mode 100644
index 000000000000..a8b29d54e7d8
--- /dev/null
+++ b/crypto/blowfish.c
@@ -0,0 +1,478 @@
1/*
2 * Cryptographic API.
3 *
4 * Blowfish Cipher Algorithm, by Bruce Schneier.
5 * http://www.counterpane.com/blowfish.html
6 *
7 * Adapted from Kerneli implementation.
8 *
9 * Copyright (c) Herbert Valerio Riedel <hvr@hvrlab.org>
10 * Copyright (c) Kyle McMartin <kyle@debian.org>
11 * Copyright (c) 2002 James Morris <jmorris@intercode.com.au>
12 *
13 * This program is free software; you can redistribute it and/or modify
14 * it under the terms of the GNU General Public License as published by
15 * the Free Software Foundation; either version 2 of the License, or
16 * (at your option) any later version.
17 *
18 */
19#include <linux/init.h>
20#include <linux/module.h>
21#include <linux/mm.h>
22#include <asm/scatterlist.h>
23#include <linux/crypto.h>
24
25#define BF_BLOCK_SIZE 8
26#define BF_MIN_KEY_SIZE 4
27#define BF_MAX_KEY_SIZE 56
28
29struct bf_ctx {
30 u32 p[18];
31 u32 s[1024];
32};
33
34static const u32 bf_pbox[16 + 2] = {
35 0x243f6a88, 0x85a308d3, 0x13198a2e, 0x03707344,
36 0xa4093822, 0x299f31d0, 0x082efa98, 0xec4e6c89,
37 0x452821e6, 0x38d01377, 0xbe5466cf, 0x34e90c6c,
38 0xc0ac29b7, 0xc97c50dd, 0x3f84d5b5, 0xb5470917,
39 0x9216d5d9, 0x8979fb1b,
40};
41
42static const u32 bf_sbox[256 * 4] = {
43 0xd1310ba6, 0x98dfb5ac, 0x2ffd72db, 0xd01adfb7,
44 0xb8e1afed, 0x6a267e96, 0xba7c9045, 0xf12c7f99,
45 0x24a19947, 0xb3916cf7, 0x0801f2e2, 0x858efc16,
46 0x636920d8, 0x71574e69, 0xa458fea3, 0xf4933d7e,
47 0x0d95748f, 0x728eb658, 0x718bcd58, 0x82154aee,
48 0x7b54a41d, 0xc25a59b5, 0x9c30d539, 0x2af26013,
49 0xc5d1b023, 0x286085f0, 0xca417918, 0xb8db38ef,
50 0x8e79dcb0, 0x603a180e, 0x6c9e0e8b, 0xb01e8a3e,
51 0xd71577c1, 0xbd314b27, 0x78af2fda, 0x55605c60,
52 0xe65525f3, 0xaa55ab94, 0x57489862, 0x63e81440,
53 0x55ca396a, 0x2aab10b6, 0xb4cc5c34, 0x1141e8ce,
54 0xa15486af, 0x7c72e993, 0xb3ee1411, 0x636fbc2a,
55 0x2ba9c55d, 0x741831f6, 0xce5c3e16, 0x9b87931e,
56 0xafd6ba33, 0x6c24cf5c, 0x7a325381, 0x28958677,
57 0x3b8f4898, 0x6b4bb9af, 0xc4bfe81b, 0x66282193,
58 0x61d809cc, 0xfb21a991, 0x487cac60, 0x5dec8032,
59 0xef845d5d, 0xe98575b1, 0xdc262302, 0xeb651b88,
60 0x23893e81, 0xd396acc5, 0x0f6d6ff3, 0x83f44239,
61 0x2e0b4482, 0xa4842004, 0x69c8f04a, 0x9e1f9b5e,
62 0x21c66842, 0xf6e96c9a, 0x670c9c61, 0xabd388f0,
63 0x6a51a0d2, 0xd8542f68, 0x960fa728, 0xab5133a3,
64 0x6eef0b6c, 0x137a3be4, 0xba3bf050, 0x7efb2a98,
65 0xa1f1651d, 0x39af0176, 0x66ca593e, 0x82430e88,
66 0x8cee8619, 0x456f9fb4, 0x7d84a5c3, 0x3b8b5ebe,
67 0xe06f75d8, 0x85c12073, 0x401a449f, 0x56c16aa6,
68 0x4ed3aa62, 0x363f7706, 0x1bfedf72, 0x429b023d,
69 0x37d0d724, 0xd00a1248, 0xdb0fead3, 0x49f1c09b,
70 0x075372c9, 0x80991b7b, 0x25d479d8, 0xf6e8def7,
71 0xe3fe501a, 0xb6794c3b, 0x976ce0bd, 0x04c006ba,
72 0xc1a94fb6, 0x409f60c4, 0x5e5c9ec2, 0x196a2463,
73 0x68fb6faf, 0x3e6c53b5, 0x1339b2eb, 0x3b52ec6f,
74 0x6dfc511f, 0x9b30952c, 0xcc814544, 0xaf5ebd09,
75 0xbee3d004, 0xde334afd, 0x660f2807, 0x192e4bb3,
76 0xc0cba857, 0x45c8740f, 0xd20b5f39, 0xb9d3fbdb,
77 0x5579c0bd, 0x1a60320a, 0xd6a100c6, 0x402c7279,
78 0x679f25fe, 0xfb1fa3cc, 0x8ea5e9f8, 0xdb3222f8,
79 0x3c7516df, 0xfd616b15, 0x2f501ec8, 0xad0552ab,
80 0x323db5fa, 0xfd238760, 0x53317b48, 0x3e00df82,
81 0x9e5c57bb, 0xca6f8ca0, 0x1a87562e, 0xdf1769db,
82 0xd542a8f6, 0x287effc3, 0xac6732c6, 0x8c4f5573,
83 0x695b27b0, 0xbbca58c8, 0xe1ffa35d, 0xb8f011a0,
84 0x10fa3d98, 0xfd2183b8, 0x4afcb56c, 0x2dd1d35b,
85 0x9a53e479, 0xb6f84565, 0xd28e49bc, 0x4bfb9790,
86 0xe1ddf2da, 0xa4cb7e33, 0x62fb1341, 0xcee4c6e8,
87 0xef20cada, 0x36774c01, 0xd07e9efe, 0x2bf11fb4,
88 0x95dbda4d, 0xae909198, 0xeaad8e71, 0x6b93d5a0,
89 0xd08ed1d0, 0xafc725e0, 0x8e3c5b2f, 0x8e7594b7,
90 0x8ff6e2fb, 0xf2122b64, 0x8888b812, 0x900df01c,
91 0x4fad5ea0, 0x688fc31c, 0xd1cff191, 0xb3a8c1ad,
92 0x2f2f2218, 0xbe0e1777, 0xea752dfe, 0x8b021fa1,
93 0xe5a0cc0f, 0xb56f74e8, 0x18acf3d6, 0xce89e299,
94 0xb4a84fe0, 0xfd13e0b7, 0x7cc43b81, 0xd2ada8d9,
95 0x165fa266, 0x80957705, 0x93cc7314, 0x211a1477,
96 0xe6ad2065, 0x77b5fa86, 0xc75442f5, 0xfb9d35cf,
97 0xebcdaf0c, 0x7b3e89a0, 0xd6411bd3, 0xae1e7e49,
98 0x00250e2d, 0x2071b35e, 0x226800bb, 0x57b8e0af,
99 0x2464369b, 0xf009b91e, 0x5563911d, 0x59dfa6aa,
100 0x78c14389, 0xd95a537f, 0x207d5ba2, 0x02e5b9c5,
101 0x83260376, 0x6295cfa9, 0x11c81968, 0x4e734a41,
102 0xb3472dca, 0x7b14a94a, 0x1b510052, 0x9a532915,
103 0xd60f573f, 0xbc9bc6e4, 0x2b60a476, 0x81e67400,
104 0x08ba6fb5, 0x571be91f, 0xf296ec6b, 0x2a0dd915,
105 0xb6636521, 0xe7b9f9b6, 0xff34052e, 0xc5855664,
106 0x53b02d5d, 0xa99f8fa1, 0x08ba4799, 0x6e85076a,
107 0x4b7a70e9, 0xb5b32944, 0xdb75092e, 0xc4192623,
108 0xad6ea6b0, 0x49a7df7d, 0x9cee60b8, 0x8fedb266,
109 0xecaa8c71, 0x699a17ff, 0x5664526c, 0xc2b19ee1,
110 0x193602a5, 0x75094c29, 0xa0591340, 0xe4183a3e,
111 0x3f54989a, 0x5b429d65, 0x6b8fe4d6, 0x99f73fd6,
112 0xa1d29c07, 0xefe830f5, 0x4d2d38e6, 0xf0255dc1,
113 0x4cdd2086, 0x8470eb26, 0x6382e9c6, 0x021ecc5e,
114 0x09686b3f, 0x3ebaefc9, 0x3c971814, 0x6b6a70a1,
115 0x687f3584, 0x52a0e286, 0xb79c5305, 0xaa500737,
116 0x3e07841c, 0x7fdeae5c, 0x8e7d44ec, 0x5716f2b8,
117 0xb03ada37, 0xf0500c0d, 0xf01c1f04, 0x0200b3ff,
118 0xae0cf51a, 0x3cb574b2, 0x25837a58, 0xdc0921bd,
119 0xd19113f9, 0x7ca92ff6, 0x94324773, 0x22f54701,
120 0x3ae5e581, 0x37c2dadc, 0xc8b57634, 0x9af3dda7,
121 0xa9446146, 0x0fd0030e, 0xecc8c73e, 0xa4751e41,
122 0xe238cd99, 0x3bea0e2f, 0x3280bba1, 0x183eb331,
123 0x4e548b38, 0x4f6db908, 0x6f420d03, 0xf60a04bf,
124 0x2cb81290, 0x24977c79, 0x5679b072, 0xbcaf89af,
125 0xde9a771f, 0xd9930810, 0xb38bae12, 0xdccf3f2e,
126 0x5512721f, 0x2e6b7124, 0x501adde6, 0x9f84cd87,
127 0x7a584718, 0x7408da17, 0xbc9f9abc, 0xe94b7d8c,
128 0xec7aec3a, 0xdb851dfa, 0x63094366, 0xc464c3d2,
129 0xef1c1847, 0x3215d908, 0xdd433b37, 0x24c2ba16,
130 0x12a14d43, 0x2a65c451, 0x50940002, 0x133ae4dd,
131 0x71dff89e, 0x10314e55, 0x81ac77d6, 0x5f11199b,
132 0x043556f1, 0xd7a3c76b, 0x3c11183b, 0x5924a509,
133 0xf28fe6ed, 0x97f1fbfa, 0x9ebabf2c, 0x1e153c6e,
134 0x86e34570, 0xeae96fb1, 0x860e5e0a, 0x5a3e2ab3,
135 0x771fe71c, 0x4e3d06fa, 0x2965dcb9, 0x99e71d0f,
136 0x803e89d6, 0x5266c825, 0x2e4cc978, 0x9c10b36a,
137 0xc6150eba, 0x94e2ea78, 0xa5fc3c53, 0x1e0a2df4,
138 0xf2f74ea7, 0x361d2b3d, 0x1939260f, 0x19c27960,
139 0x5223a708, 0xf71312b6, 0xebadfe6e, 0xeac31f66,
140 0xe3bc4595, 0xa67bc883, 0xb17f37d1, 0x018cff28,
141 0xc332ddef, 0xbe6c5aa5, 0x65582185, 0x68ab9802,
142 0xeecea50f, 0xdb2f953b, 0x2aef7dad, 0x5b6e2f84,
143 0x1521b628, 0x29076170, 0xecdd4775, 0x619f1510,
144 0x13cca830, 0xeb61bd96, 0x0334fe1e, 0xaa0363cf,
145 0xb5735c90, 0x4c70a239, 0xd59e9e0b, 0xcbaade14,
146 0xeecc86bc, 0x60622ca7, 0x9cab5cab, 0xb2f3846e,
147 0x648b1eaf, 0x19bdf0ca, 0xa02369b9, 0x655abb50,
148 0x40685a32, 0x3c2ab4b3, 0x319ee9d5, 0xc021b8f7,
149 0x9b540b19, 0x875fa099, 0x95f7997e, 0x623d7da8,
150 0xf837889a, 0x97e32d77, 0x11ed935f, 0x16681281,
151 0x0e358829, 0xc7e61fd6, 0x96dedfa1, 0x7858ba99,
152 0x57f584a5, 0x1b227263, 0x9b83c3ff, 0x1ac24696,
153 0xcdb30aeb, 0x532e3054, 0x8fd948e4, 0x6dbc3128,
154 0x58ebf2ef, 0x34c6ffea, 0xfe28ed61, 0xee7c3c73,
155 0x5d4a14d9, 0xe864b7e3, 0x42105d14, 0x203e13e0,
156 0x45eee2b6, 0xa3aaabea, 0xdb6c4f15, 0xfacb4fd0,
157 0xc742f442, 0xef6abbb5, 0x654f3b1d, 0x41cd2105,
158 0xd81e799e, 0x86854dc7, 0xe44b476a, 0x3d816250,
159 0xcf62a1f2, 0x5b8d2646, 0xfc8883a0, 0xc1c7b6a3,
160 0x7f1524c3, 0x69cb7492, 0x47848a0b, 0x5692b285,
161 0x095bbf00, 0xad19489d, 0x1462b174, 0x23820e00,
162 0x58428d2a, 0x0c55f5ea, 0x1dadf43e, 0x233f7061,
163 0x3372f092, 0x8d937e41, 0xd65fecf1, 0x6c223bdb,
164 0x7cde3759, 0xcbee7460, 0x4085f2a7, 0xce77326e,
165 0xa6078084, 0x19f8509e, 0xe8efd855, 0x61d99735,
166 0xa969a7aa, 0xc50c06c2, 0x5a04abfc, 0x800bcadc,
167 0x9e447a2e, 0xc3453484, 0xfdd56705, 0x0e1e9ec9,
168 0xdb73dbd3, 0x105588cd, 0x675fda79, 0xe3674340,
169 0xc5c43465, 0x713e38d8, 0x3d28f89e, 0xf16dff20,
170 0x153e21e7, 0x8fb03d4a, 0xe6e39f2b, 0xdb83adf7,
171 0xe93d5a68, 0x948140f7, 0xf64c261c, 0x94692934,
172 0x411520f7, 0x7602d4f7, 0xbcf46b2e, 0xd4a20068,
173 0xd4082471, 0x3320f46a, 0x43b7d4b7, 0x500061af,
174 0x1e39f62e, 0x97244546, 0x14214f74, 0xbf8b8840,
175 0x4d95fc1d, 0x96b591af, 0x70f4ddd3, 0x66a02f45,
176 0xbfbc09ec, 0x03bd9785, 0x7fac6dd0, 0x31cb8504,
177 0x96eb27b3, 0x55fd3941, 0xda2547e6, 0xabca0a9a,
178 0x28507825, 0x530429f4, 0x0a2c86da, 0xe9b66dfb,
179 0x68dc1462, 0xd7486900, 0x680ec0a4, 0x27a18dee,
180 0x4f3ffea2, 0xe887ad8c, 0xb58ce006, 0x7af4d6b6,
181 0xaace1e7c, 0xd3375fec, 0xce78a399, 0x406b2a42,
182 0x20fe9e35, 0xd9f385b9, 0xee39d7ab, 0x3b124e8b,
183 0x1dc9faf7, 0x4b6d1856, 0x26a36631, 0xeae397b2,
184 0x3a6efa74, 0xdd5b4332, 0x6841e7f7, 0xca7820fb,
185 0xfb0af54e, 0xd8feb397, 0x454056ac, 0xba489527,
186 0x55533a3a, 0x20838d87, 0xfe6ba9b7, 0xd096954b,
187 0x55a867bc, 0xa1159a58, 0xcca92963, 0x99e1db33,
188 0xa62a4a56, 0x3f3125f9, 0x5ef47e1c, 0x9029317c,
189 0xfdf8e802, 0x04272f70, 0x80bb155c, 0x05282ce3,
190 0x95c11548, 0xe4c66d22, 0x48c1133f, 0xc70f86dc,
191 0x07f9c9ee, 0x41041f0f, 0x404779a4, 0x5d886e17,
192 0x325f51eb, 0xd59bc0d1, 0xf2bcc18f, 0x41113564,
193 0x257b7834, 0x602a9c60, 0xdff8e8a3, 0x1f636c1b,
194 0x0e12b4c2, 0x02e1329e, 0xaf664fd1, 0xcad18115,
195 0x6b2395e0, 0x333e92e1, 0x3b240b62, 0xeebeb922,
196 0x85b2a20e, 0xe6ba0d99, 0xde720c8c, 0x2da2f728,
197 0xd0127845, 0x95b794fd, 0x647d0862, 0xe7ccf5f0,
198 0x5449a36f, 0x877d48fa, 0xc39dfd27, 0xf33e8d1e,
199 0x0a476341, 0x992eff74, 0x3a6f6eab, 0xf4f8fd37,
200 0xa812dc60, 0xa1ebddf8, 0x991be14c, 0xdb6e6b0d,
201 0xc67b5510, 0x6d672c37, 0x2765d43b, 0xdcd0e804,
202 0xf1290dc7, 0xcc00ffa3, 0xb5390f92, 0x690fed0b,
203 0x667b9ffb, 0xcedb7d9c, 0xa091cf0b, 0xd9155ea3,
204 0xbb132f88, 0x515bad24, 0x7b9479bf, 0x763bd6eb,
205 0x37392eb3, 0xcc115979, 0x8026e297, 0xf42e312d,
206 0x6842ada7, 0xc66a2b3b, 0x12754ccc, 0x782ef11c,
207 0x6a124237, 0xb79251e7, 0x06a1bbe6, 0x4bfb6350,
208 0x1a6b1018, 0x11caedfa, 0x3d25bdd8, 0xe2e1c3c9,
209 0x44421659, 0x0a121386, 0xd90cec6e, 0xd5abea2a,
210 0x64af674e, 0xda86a85f, 0xbebfe988, 0x64e4c3fe,
211 0x9dbc8057, 0xf0f7c086, 0x60787bf8, 0x6003604d,
212 0xd1fd8346, 0xf6381fb0, 0x7745ae04, 0xd736fccc,
213 0x83426b33, 0xf01eab71, 0xb0804187, 0x3c005e5f,
214 0x77a057be, 0xbde8ae24, 0x55464299, 0xbf582e61,
215 0x4e58f48f, 0xf2ddfda2, 0xf474ef38, 0x8789bdc2,
216 0x5366f9c3, 0xc8b38e74, 0xb475f255, 0x46fcd9b9,
217 0x7aeb2661, 0x8b1ddf84, 0x846a0e79, 0x915f95e2,
218 0x466e598e, 0x20b45770, 0x8cd55591, 0xc902de4c,
219 0xb90bace1, 0xbb8205d0, 0x11a86248, 0x7574a99e,
220 0xb77f19b6, 0xe0a9dc09, 0x662d09a1, 0xc4324633,
221 0xe85a1f02, 0x09f0be8c, 0x4a99a025, 0x1d6efe10,
222 0x1ab93d1d, 0x0ba5a4df, 0xa186f20f, 0x2868f169,
223 0xdcb7da83, 0x573906fe, 0xa1e2ce9b, 0x4fcd7f52,
224 0x50115e01, 0xa70683fa, 0xa002b5c4, 0x0de6d027,
225 0x9af88c27, 0x773f8641, 0xc3604c06, 0x61a806b5,
226 0xf0177a28, 0xc0f586e0, 0x006058aa, 0x30dc7d62,
227 0x11e69ed7, 0x2338ea63, 0x53c2dd94, 0xc2c21634,
228 0xbbcbee56, 0x90bcb6de, 0xebfc7da1, 0xce591d76,
229 0x6f05e409, 0x4b7c0188, 0x39720a3d, 0x7c927c24,
230 0x86e3725f, 0x724d9db9, 0x1ac15bb4, 0xd39eb8fc,
231 0xed545578, 0x08fca5b5, 0xd83d7cd3, 0x4dad0fc4,
232 0x1e50ef5e, 0xb161e6f8, 0xa28514d9, 0x6c51133c,
233 0x6fd5c7e7, 0x56e14ec4, 0x362abfce, 0xddc6c837,
234 0xd79a3234, 0x92638212, 0x670efa8e, 0x406000e0,
235 0x3a39ce37, 0xd3faf5cf, 0xabc27737, 0x5ac52d1b,
236 0x5cb0679e, 0x4fa33742, 0xd3822740, 0x99bc9bbe,
237 0xd5118e9d, 0xbf0f7315, 0xd62d1c7e, 0xc700c47b,
238 0xb78c1b6b, 0x21a19045, 0xb26eb1be, 0x6a366eb4,
239 0x5748ab2f, 0xbc946e79, 0xc6a376d2, 0x6549c2c8,
240 0x530ff8ee, 0x468dde7d, 0xd5730a1d, 0x4cd04dc6,
241 0x2939bbdb, 0xa9ba4650, 0xac9526e8, 0xbe5ee304,
242 0xa1fad5f0, 0x6a2d519a, 0x63ef8ce2, 0x9a86ee22,
243 0xc089c2b8, 0x43242ef6, 0xa51e03aa, 0x9cf2d0a4,
244 0x83c061ba, 0x9be96a4d, 0x8fe51550, 0xba645bd6,
245 0x2826a2f9, 0xa73a3ae1, 0x4ba99586, 0xef5562e9,
246 0xc72fefd3, 0xf752f7da, 0x3f046f69, 0x77fa0a59,
247 0x80e4a915, 0x87b08601, 0x9b09e6ad, 0x3b3ee593,
248 0xe990fd5a, 0x9e34d797, 0x2cf0b7d9, 0x022b8b51,
249 0x96d5ac3a, 0x017da67d, 0xd1cf3ed6, 0x7c7d2d28,
250 0x1f9f25cf, 0xadf2b89b, 0x5ad6b472, 0x5a88f54c,
251 0xe029ac71, 0xe019a5e6, 0x47b0acfd, 0xed93fa9b,
252 0xe8d3c48d, 0x283b57cc, 0xf8d56629, 0x79132e28,
253 0x785f0191, 0xed756055, 0xf7960e44, 0xe3d35e8c,
254 0x15056dd4, 0x88f46dba, 0x03a16125, 0x0564f0bd,
255 0xc3eb9e15, 0x3c9057a2, 0x97271aec, 0xa93a072a,
256 0x1b3f6d9b, 0x1e6321f5, 0xf59c66fb, 0x26dcf319,
257 0x7533d928, 0xb155fdf5, 0x03563482, 0x8aba3cbb,
258 0x28517711, 0xc20ad9f8, 0xabcc5167, 0xccad925f,
259 0x4de81751, 0x3830dc8e, 0x379d5862, 0x9320f991,
260 0xea7a90c2, 0xfb3e7bce, 0x5121ce64, 0x774fbe32,
261 0xa8b6e37e, 0xc3293d46, 0x48de5369, 0x6413e680,
262 0xa2ae0810, 0xdd6db224, 0x69852dfd, 0x09072166,
263 0xb39a460a, 0x6445c0dd, 0x586cdecf, 0x1c20c8ae,
264 0x5bbef7dd, 0x1b588d40, 0xccd2017f, 0x6bb4e3bb,
265 0xdda26a7e, 0x3a59ff45, 0x3e350a44, 0xbcb4cdd5,
266 0x72eacea8, 0xfa6484bb, 0x8d6612ae, 0xbf3c6f47,
267 0xd29be463, 0x542f5d9e, 0xaec2771b, 0xf64e6370,
268 0x740e0d8d, 0xe75b1357, 0xf8721671, 0xaf537d5d,
269 0x4040cb08, 0x4eb4e2cc, 0x34d2466a, 0x0115af84,
270 0xe1b00428, 0x95983a1d, 0x06b89fb4, 0xce6ea048,
271 0x6f3f3b82, 0x3520ab82, 0x011a1d4b, 0x277227f8,
272 0x611560b1, 0xe7933fdc, 0xbb3a792b, 0x344525bd,
273 0xa08839e1, 0x51ce794b, 0x2f32c9b7, 0xa01fbac9,
274 0xe01cc87e, 0xbcc7d1f6, 0xcf0111c3, 0xa1e8aac7,
275 0x1a908749, 0xd44fbd9a, 0xd0dadecb, 0xd50ada38,
276 0x0339c32a, 0xc6913667, 0x8df9317c, 0xe0b12b4f,
277 0xf79e59b7, 0x43f5bb3a, 0xf2d519ff, 0x27d9459c,
278 0xbf97222c, 0x15e6fc2a, 0x0f91fc71, 0x9b941525,
279 0xfae59361, 0xceb69ceb, 0xc2a86459, 0x12baa8d1,
280 0xb6c1075e, 0xe3056a0c, 0x10d25065, 0xcb03a442,
281 0xe0ec6e0e, 0x1698db3b, 0x4c98a0be, 0x3278e964,
282 0x9f1f9532, 0xe0d392df, 0xd3a0342b, 0x8971f21e,
283 0x1b0a7441, 0x4ba3348c, 0xc5be7120, 0xc37632d8,
284 0xdf359f8d, 0x9b992f2e, 0xe60b6f47, 0x0fe3f11d,
285 0xe54cda54, 0x1edad891, 0xce6279cf, 0xcd3e7e6f,
286 0x1618b166, 0xfd2c1d05, 0x848fd2c5, 0xf6fb2299,
287 0xf523f357, 0xa6327623, 0x93a83531, 0x56cccd02,
288 0xacf08162, 0x5a75ebb5, 0x6e163697, 0x88d273cc,
289 0xde966292, 0x81b949d0, 0x4c50901b, 0x71c65614,
290 0xe6c6c7bd, 0x327a140a, 0x45e1d006, 0xc3f27b9a,
291 0xc9aa53fd, 0x62a80f00, 0xbb25bfe2, 0x35bdd2f6,
292 0x71126905, 0xb2040222, 0xb6cbcf7c, 0xcd769c2b,
293 0x53113ec0, 0x1640e3d3, 0x38abbd60, 0x2547adf0,
294 0xba38209c, 0xf746ce76, 0x77afa1c5, 0x20756060,
295 0x85cbfe4e, 0x8ae88dd8, 0x7aaaf9b0, 0x4cf9aa7e,
296 0x1948c25c, 0x02fb8a8c, 0x01c36ae4, 0xd6ebe1f9,
297 0x90d4f869, 0xa65cdea0, 0x3f09252d, 0xc208e69f,
298 0xb74e6132, 0xce77e25b, 0x578fdfe3, 0x3ac372e6,
299};
300
301/*
302 * Round loop unrolling macros, S is a pointer to a S-Box array
303 * organized in 4 unsigned longs at a row.
304 */
305#define GET32_3(x) (((x) & 0xff))
306#define GET32_2(x) (((x) >> (8)) & (0xff))
307#define GET32_1(x) (((x) >> (16)) & (0xff))
308#define GET32_0(x) (((x) >> (24)) & (0xff))
309
310#define bf_F(x) (((S[GET32_0(x)] + S[256 + GET32_1(x)]) ^ \
311 S[512 + GET32_2(x)]) + S[768 + GET32_3(x)])
312
313#define ROUND(a, b, n) b ^= P[n]; a ^= bf_F (b)
314
315/*
316 * The blowfish encipher, processes 64-bit blocks.
317 * NOTE: This function MUSTN'T respect endianess
318 */
319static void encrypt_block(struct bf_ctx *bctx, u32 *dst, u32 *src)
320{
321 const u32 *P = bctx->p;
322 const u32 *S = bctx->s;
323 u32 yl = src[0];
324 u32 yr = src[1];
325
326 ROUND(yr, yl, 0);
327 ROUND(yl, yr, 1);
328 ROUND(yr, yl, 2);
329 ROUND(yl, yr, 3);
330 ROUND(yr, yl, 4);
331 ROUND(yl, yr, 5);
332 ROUND(yr, yl, 6);
333 ROUND(yl, yr, 7);
334 ROUND(yr, yl, 8);
335 ROUND(yl, yr, 9);
336 ROUND(yr, yl, 10);
337 ROUND(yl, yr, 11);
338 ROUND(yr, yl, 12);
339 ROUND(yl, yr, 13);
340 ROUND(yr, yl, 14);
341 ROUND(yl, yr, 15);
342
343 yl ^= P[16];
344 yr ^= P[17];
345
346 dst[0] = yr;
347 dst[1] = yl;
348}
349
350static void bf_encrypt(void *ctx, u8 *dst, const u8 *src)
351{
352 const __be32 *in_blk = (const __be32 *)src;
353 __be32 *const out_blk = (__be32 *)dst;
354 u32 in32[2], out32[2];
355
356 in32[0] = be32_to_cpu(in_blk[0]);
357 in32[1] = be32_to_cpu(in_blk[1]);
358 encrypt_block(ctx, out32, in32);
359 out_blk[0] = cpu_to_be32(out32[0]);
360 out_blk[1] = cpu_to_be32(out32[1]);
361}
362
363static void bf_decrypt(void *ctx, u8 *dst, const u8 *src)
364{
365 const __be32 *in_blk = (const __be32 *)src;
366 __be32 *const out_blk = (__be32 *)dst;
367 const u32 *P = ((struct bf_ctx *)ctx)->p;
368 const u32 *S = ((struct bf_ctx *)ctx)->s;
369 u32 yl = be32_to_cpu(in_blk[0]);
370 u32 yr = be32_to_cpu(in_blk[1]);
371
372 ROUND(yr, yl, 17);
373 ROUND(yl, yr, 16);
374 ROUND(yr, yl, 15);
375 ROUND(yl, yr, 14);
376 ROUND(yr, yl, 13);
377 ROUND(yl, yr, 12);
378 ROUND(yr, yl, 11);
379 ROUND(yl, yr, 10);
380 ROUND(yr, yl, 9);
381 ROUND(yl, yr, 8);
382 ROUND(yr, yl, 7);
383 ROUND(yl, yr, 6);
384 ROUND(yr, yl, 5);
385 ROUND(yl, yr, 4);
386 ROUND(yr, yl, 3);
387 ROUND(yl, yr, 2);
388
389 yl ^= P[1];
390 yr ^= P[0];
391
392 out_blk[0] = cpu_to_be32(yr);
393 out_blk[1] = cpu_to_be32(yl);
394}
395
396/*
397 * Calculates the blowfish S and P boxes for encryption and decryption.
398 */
399static int bf_setkey(void *ctx, const u8 *key, unsigned int keylen, u32 *flags)
400{
401 short i, j, count;
402 u32 data[2], temp;
403 u32 *P = ((struct bf_ctx *)ctx)->p;
404 u32 *S = ((struct bf_ctx *)ctx)->s;
405
406 /* Copy the initialization s-boxes */
407 for (i = 0, count = 0; i < 256; i++)
408 for (j = 0; j < 4; j++, count++)
409 S[count] = bf_sbox[count];
410
411 /* Set the p-boxes */
412 for (i = 0; i < 16 + 2; i++)
413 P[i] = bf_pbox[i];
414
415 /* Actual subkey generation */
416 for (j = 0, i = 0; i < 16 + 2; i++) {
417 temp = (((u32 )key[j] << 24) |
418 ((u32 )key[(j + 1) % keylen] << 16) |
419 ((u32 )key[(j + 2) % keylen] << 8) |
420 ((u32 )key[(j + 3) % keylen]));
421
422 P[i] = P[i] ^ temp;
423 j = (j + 4) % keylen;
424 }
425
426 data[0] = 0x00000000;
427 data[1] = 0x00000000;
428
429 for (i = 0; i < 16 + 2; i += 2) {
430 encrypt_block((struct bf_ctx *)ctx, data, data);
431
432 P[i] = data[0];
433 P[i + 1] = data[1];
434 }
435
436 for (i = 0; i < 4; i++) {
437 for (j = 0, count = i * 256; j < 256; j += 2, count += 2) {
438 encrypt_block((struct bf_ctx *)ctx, data, data);
439
440 S[count] = data[0];
441 S[count + 1] = data[1];
442 }
443 }
444
445 /* Bruce says not to bother with the weak key check. */
446 return 0;
447}
448
449static struct crypto_alg alg = {
450 .cra_name = "blowfish",
451 .cra_flags = CRYPTO_ALG_TYPE_CIPHER,
452 .cra_blocksize = BF_BLOCK_SIZE,
453 .cra_ctxsize = sizeof(struct bf_ctx),
454 .cra_module = THIS_MODULE,
455 .cra_list = LIST_HEAD_INIT(alg.cra_list),
456 .cra_u = { .cipher = {
457 .cia_min_keysize = BF_MIN_KEY_SIZE,
458 .cia_max_keysize = BF_MAX_KEY_SIZE,
459 .cia_setkey = bf_setkey,
460 .cia_encrypt = bf_encrypt,
461 .cia_decrypt = bf_decrypt } }
462};
463
464static int __init init(void)
465{
466 return crypto_register_alg(&alg);
467}
468
469static void __exit fini(void)
470{
471 crypto_unregister_alg(&alg);
472}
473
474module_init(init);
475module_exit(fini);
476
477MODULE_LICENSE("GPL");
478MODULE_DESCRIPTION("Blowfish Cipher Algorithm");
diff --git a/crypto/cast5.c b/crypto/cast5.c
new file mode 100644
index 000000000000..bc42f42b4fe3
--- /dev/null
+++ b/crypto/cast5.c
@@ -0,0 +1,848 @@
1/* Kernel cryptographic api.
2* cast5.c - Cast5 cipher algorithm (rfc2144).
3*
4* Derived from GnuPG implementation of cast5.
5*
6* Major Changes.
7* Complete conformance to rfc2144.
8* Supports key size from 40 to 128 bits.
9*
10* Copyright (C) 1998, 1999, 2000, 2001 Free Software Foundation, Inc.
11* Copyright (C) 2003 Kartikey Mahendra Bhatt <kartik_me@hotmail.com>.
12*
13* This program is free software; you can redistribute it and/or modify it
14* under the terms of GNU General Public License as published by the Free
15* Software Foundation; either version 2 of the License, or (at your option)
16* any later version.
17*
18* You should have received a copy of the GNU General Public License
19* along with this program; if not, write to the Free Software
20* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
21*/
22
23
24#include <linux/init.h>
25#include <linux/crypto.h>
26#include <linux/module.h>
27#include <linux/errno.h>
28#include <linux/string.h>
29
30#define CAST5_BLOCK_SIZE 8
31#define CAST5_MIN_KEY_SIZE 5
32#define CAST5_MAX_KEY_SIZE 16
33
34struct cast5_ctx {
35 u32 Km[16];
36 u8 Kr[16];
37 int rr; /* rr?number of rounds = 16:number of rounds = 12; (rfc 2144) */
38};
39
40
41static const u32 s1[256] = {
42 0x30fb40d4, 0x9fa0ff0b, 0x6beccd2f, 0x3f258c7a, 0x1e213f2f,
43 0x9c004dd3, 0x6003e540, 0xcf9fc949,
44 0xbfd4af27, 0x88bbbdb5, 0xe2034090, 0x98d09675, 0x6e63a0e0,
45 0x15c361d2, 0xc2e7661d, 0x22d4ff8e,
46 0x28683b6f, 0xc07fd059, 0xff2379c8, 0x775f50e2, 0x43c340d3,
47 0xdf2f8656, 0x887ca41a, 0xa2d2bd2d,
48 0xa1c9e0d6, 0x346c4819, 0x61b76d87, 0x22540f2f, 0x2abe32e1,
49 0xaa54166b, 0x22568e3a, 0xa2d341d0,
50 0x66db40c8, 0xa784392f, 0x004dff2f, 0x2db9d2de, 0x97943fac,
51 0x4a97c1d8, 0x527644b7, 0xb5f437a7,
52 0xb82cbaef, 0xd751d159, 0x6ff7f0ed, 0x5a097a1f, 0x827b68d0,
53 0x90ecf52e, 0x22b0c054, 0xbc8e5935,
54 0x4b6d2f7f, 0x50bb64a2, 0xd2664910, 0xbee5812d, 0xb7332290,
55 0xe93b159f, 0xb48ee411, 0x4bff345d,
56 0xfd45c240, 0xad31973f, 0xc4f6d02e, 0x55fc8165, 0xd5b1caad,
57 0xa1ac2dae, 0xa2d4b76d, 0xc19b0c50,
58 0x882240f2, 0x0c6e4f38, 0xa4e4bfd7, 0x4f5ba272, 0x564c1d2f,
59 0xc59c5319, 0xb949e354, 0xb04669fe,
60 0xb1b6ab8a, 0xc71358dd, 0x6385c545, 0x110f935d, 0x57538ad5,
61 0x6a390493, 0xe63d37e0, 0x2a54f6b3,
62 0x3a787d5f, 0x6276a0b5, 0x19a6fcdf, 0x7a42206a, 0x29f9d4d5,
63 0xf61b1891, 0xbb72275e, 0xaa508167,
64 0x38901091, 0xc6b505eb, 0x84c7cb8c, 0x2ad75a0f, 0x874a1427,
65 0xa2d1936b, 0x2ad286af, 0xaa56d291,
66 0xd7894360, 0x425c750d, 0x93b39e26, 0x187184c9, 0x6c00b32d,
67 0x73e2bb14, 0xa0bebc3c, 0x54623779,
68 0x64459eab, 0x3f328b82, 0x7718cf82, 0x59a2cea6, 0x04ee002e,
69 0x89fe78e6, 0x3fab0950, 0x325ff6c2,
70 0x81383f05, 0x6963c5c8, 0x76cb5ad6, 0xd49974c9, 0xca180dcf,
71 0x380782d5, 0xc7fa5cf6, 0x8ac31511,
72 0x35e79e13, 0x47da91d0, 0xf40f9086, 0xa7e2419e, 0x31366241,
73 0x051ef495, 0xaa573b04, 0x4a805d8d,
74 0x548300d0, 0x00322a3c, 0xbf64cddf, 0xba57a68e, 0x75c6372b,
75 0x50afd341, 0xa7c13275, 0x915a0bf5,
76 0x6b54bfab, 0x2b0b1426, 0xab4cc9d7, 0x449ccd82, 0xf7fbf265,
77 0xab85c5f3, 0x1b55db94, 0xaad4e324,
78 0xcfa4bd3f, 0x2deaa3e2, 0x9e204d02, 0xc8bd25ac, 0xeadf55b3,
79 0xd5bd9e98, 0xe31231b2, 0x2ad5ad6c,
80 0x954329de, 0xadbe4528, 0xd8710f69, 0xaa51c90f, 0xaa786bf6,
81 0x22513f1e, 0xaa51a79b, 0x2ad344cc,
82 0x7b5a41f0, 0xd37cfbad, 0x1b069505, 0x41ece491, 0xb4c332e6,
83 0x032268d4, 0xc9600acc, 0xce387e6d,
84 0xbf6bb16c, 0x6a70fb78, 0x0d03d9c9, 0xd4df39de, 0xe01063da,
85 0x4736f464, 0x5ad328d8, 0xb347cc96,
86 0x75bb0fc3, 0x98511bfb, 0x4ffbcc35, 0xb58bcf6a, 0xe11f0abc,
87 0xbfc5fe4a, 0xa70aec10, 0xac39570a,
88 0x3f04442f, 0x6188b153, 0xe0397a2e, 0x5727cb79, 0x9ceb418f,
89 0x1cacd68d, 0x2ad37c96, 0x0175cb9d,
90 0xc69dff09, 0xc75b65f0, 0xd9db40d8, 0xec0e7779, 0x4744ead4,
91 0xb11c3274, 0xdd24cb9e, 0x7e1c54bd,
92 0xf01144f9, 0xd2240eb1, 0x9675b3fd, 0xa3ac3755, 0xd47c27af,
93 0x51c85f4d, 0x56907596, 0xa5bb15e6,
94 0x580304f0, 0xca042cf1, 0x011a37ea, 0x8dbfaadb, 0x35ba3e4a,
95 0x3526ffa0, 0xc37b4d09, 0xbc306ed9,
96 0x98a52666, 0x5648f725, 0xff5e569d, 0x0ced63d0, 0x7c63b2cf,
97 0x700b45e1, 0xd5ea50f1, 0x85a92872,
98 0xaf1fbda7, 0xd4234870, 0xa7870bf3, 0x2d3b4d79, 0x42e04198,
99 0x0cd0ede7, 0x26470db8, 0xf881814c,
100 0x474d6ad7, 0x7c0c5e5c, 0xd1231959, 0x381b7298, 0xf5d2f4db,
101 0xab838653, 0x6e2f1e23, 0x83719c9e,
102 0xbd91e046, 0x9a56456e, 0xdc39200c, 0x20c8c571, 0x962bda1c,
103 0xe1e696ff, 0xb141ab08, 0x7cca89b9,
104 0x1a69e783, 0x02cc4843, 0xa2f7c579, 0x429ef47d, 0x427b169c,
105 0x5ac9f049, 0xdd8f0f00, 0x5c8165bf
106};
107static const u32 s2[256] = {
108 0x1f201094, 0xef0ba75b, 0x69e3cf7e, 0x393f4380, 0xfe61cf7a,
109 0xeec5207a, 0x55889c94, 0x72fc0651,
110 0xada7ef79, 0x4e1d7235, 0xd55a63ce, 0xde0436ba, 0x99c430ef,
111 0x5f0c0794, 0x18dcdb7d, 0xa1d6eff3,
112 0xa0b52f7b, 0x59e83605, 0xee15b094, 0xe9ffd909, 0xdc440086,
113 0xef944459, 0xba83ccb3, 0xe0c3cdfb,
114 0xd1da4181, 0x3b092ab1, 0xf997f1c1, 0xa5e6cf7b, 0x01420ddb,
115 0xe4e7ef5b, 0x25a1ff41, 0xe180f806,
116 0x1fc41080, 0x179bee7a, 0xd37ac6a9, 0xfe5830a4, 0x98de8b7f,
117 0x77e83f4e, 0x79929269, 0x24fa9f7b,
118 0xe113c85b, 0xacc40083, 0xd7503525, 0xf7ea615f, 0x62143154,
119 0x0d554b63, 0x5d681121, 0xc866c359,
120 0x3d63cf73, 0xcee234c0, 0xd4d87e87, 0x5c672b21, 0x071f6181,
121 0x39f7627f, 0x361e3084, 0xe4eb573b,
122 0x602f64a4, 0xd63acd9c, 0x1bbc4635, 0x9e81032d, 0x2701f50c,
123 0x99847ab4, 0xa0e3df79, 0xba6cf38c,
124 0x10843094, 0x2537a95e, 0xf46f6ffe, 0xa1ff3b1f, 0x208cfb6a,
125 0x8f458c74, 0xd9e0a227, 0x4ec73a34,
126 0xfc884f69, 0x3e4de8df, 0xef0e0088, 0x3559648d, 0x8a45388c,
127 0x1d804366, 0x721d9bfd, 0xa58684bb,
128 0xe8256333, 0x844e8212, 0x128d8098, 0xfed33fb4, 0xce280ae1,
129 0x27e19ba5, 0xd5a6c252, 0xe49754bd,
130 0xc5d655dd, 0xeb667064, 0x77840b4d, 0xa1b6a801, 0x84db26a9,
131 0xe0b56714, 0x21f043b7, 0xe5d05860,
132 0x54f03084, 0x066ff472, 0xa31aa153, 0xdadc4755, 0xb5625dbf,
133 0x68561be6, 0x83ca6b94, 0x2d6ed23b,
134 0xeccf01db, 0xa6d3d0ba, 0xb6803d5c, 0xaf77a709, 0x33b4a34c,
135 0x397bc8d6, 0x5ee22b95, 0x5f0e5304,
136 0x81ed6f61, 0x20e74364, 0xb45e1378, 0xde18639b, 0x881ca122,
137 0xb96726d1, 0x8049a7e8, 0x22b7da7b,
138 0x5e552d25, 0x5272d237, 0x79d2951c, 0xc60d894c, 0x488cb402,
139 0x1ba4fe5b, 0xa4b09f6b, 0x1ca815cf,
140 0xa20c3005, 0x8871df63, 0xb9de2fcb, 0x0cc6c9e9, 0x0beeff53,
141 0xe3214517, 0xb4542835, 0x9f63293c,
142 0xee41e729, 0x6e1d2d7c, 0x50045286, 0x1e6685f3, 0xf33401c6,
143 0x30a22c95, 0x31a70850, 0x60930f13,
144 0x73f98417, 0xa1269859, 0xec645c44, 0x52c877a9, 0xcdff33a6,
145 0xa02b1741, 0x7cbad9a2, 0x2180036f,
146 0x50d99c08, 0xcb3f4861, 0xc26bd765, 0x64a3f6ab, 0x80342676,
147 0x25a75e7b, 0xe4e6d1fc, 0x20c710e6,
148 0xcdf0b680, 0x17844d3b, 0x31eef84d, 0x7e0824e4, 0x2ccb49eb,
149 0x846a3bae, 0x8ff77888, 0xee5d60f6,
150 0x7af75673, 0x2fdd5cdb, 0xa11631c1, 0x30f66f43, 0xb3faec54,
151 0x157fd7fa, 0xef8579cc, 0xd152de58,
152 0xdb2ffd5e, 0x8f32ce19, 0x306af97a, 0x02f03ef8, 0x99319ad5,
153 0xc242fa0f, 0xa7e3ebb0, 0xc68e4906,
154 0xb8da230c, 0x80823028, 0xdcdef3c8, 0xd35fb171, 0x088a1bc8,
155 0xbec0c560, 0x61a3c9e8, 0xbca8f54d,
156 0xc72feffa, 0x22822e99, 0x82c570b4, 0xd8d94e89, 0x8b1c34bc,
157 0x301e16e6, 0x273be979, 0xb0ffeaa6,
158 0x61d9b8c6, 0x00b24869, 0xb7ffce3f, 0x08dc283b, 0x43daf65a,
159 0xf7e19798, 0x7619b72f, 0x8f1c9ba4,
160 0xdc8637a0, 0x16a7d3b1, 0x9fc393b7, 0xa7136eeb, 0xc6bcc63e,
161 0x1a513742, 0xef6828bc, 0x520365d6,
162 0x2d6a77ab, 0x3527ed4b, 0x821fd216, 0x095c6e2e, 0xdb92f2fb,
163 0x5eea29cb, 0x145892f5, 0x91584f7f,
164 0x5483697b, 0x2667a8cc, 0x85196048, 0x8c4bacea, 0x833860d4,
165 0x0d23e0f9, 0x6c387e8a, 0x0ae6d249,
166 0xb284600c, 0xd835731d, 0xdcb1c647, 0xac4c56ea, 0x3ebd81b3,
167 0x230eabb0, 0x6438bc87, 0xf0b5b1fa,
168 0x8f5ea2b3, 0xfc184642, 0x0a036b7a, 0x4fb089bd, 0x649da589,
169 0xa345415e, 0x5c038323, 0x3e5d3bb9,
170 0x43d79572, 0x7e6dd07c, 0x06dfdf1e, 0x6c6cc4ef, 0x7160a539,
171 0x73bfbe70, 0x83877605, 0x4523ecf1
172};
173static const u32 s3[256] = {
174 0x8defc240, 0x25fa5d9f, 0xeb903dbf, 0xe810c907, 0x47607fff,
175 0x369fe44b, 0x8c1fc644, 0xaececa90,
176 0xbeb1f9bf, 0xeefbcaea, 0xe8cf1950, 0x51df07ae, 0x920e8806,
177 0xf0ad0548, 0xe13c8d83, 0x927010d5,
178 0x11107d9f, 0x07647db9, 0xb2e3e4d4, 0x3d4f285e, 0xb9afa820,
179 0xfade82e0, 0xa067268b, 0x8272792e,
180 0x553fb2c0, 0x489ae22b, 0xd4ef9794, 0x125e3fbc, 0x21fffcee,
181 0x825b1bfd, 0x9255c5ed, 0x1257a240,
182 0x4e1a8302, 0xbae07fff, 0x528246e7, 0x8e57140e, 0x3373f7bf,
183 0x8c9f8188, 0xa6fc4ee8, 0xc982b5a5,
184 0xa8c01db7, 0x579fc264, 0x67094f31, 0xf2bd3f5f, 0x40fff7c1,
185 0x1fb78dfc, 0x8e6bd2c1, 0x437be59b,
186 0x99b03dbf, 0xb5dbc64b, 0x638dc0e6, 0x55819d99, 0xa197c81c,
187 0x4a012d6e, 0xc5884a28, 0xccc36f71,
188 0xb843c213, 0x6c0743f1, 0x8309893c, 0x0feddd5f, 0x2f7fe850,
189 0xd7c07f7e, 0x02507fbf, 0x5afb9a04,
190 0xa747d2d0, 0x1651192e, 0xaf70bf3e, 0x58c31380, 0x5f98302e,
191 0x727cc3c4, 0x0a0fb402, 0x0f7fef82,
192 0x8c96fdad, 0x5d2c2aae, 0x8ee99a49, 0x50da88b8, 0x8427f4a0,
193 0x1eac5790, 0x796fb449, 0x8252dc15,
194 0xefbd7d9b, 0xa672597d, 0xada840d8, 0x45f54504, 0xfa5d7403,
195 0xe83ec305, 0x4f91751a, 0x925669c2,
196 0x23efe941, 0xa903f12e, 0x60270df2, 0x0276e4b6, 0x94fd6574,
197 0x927985b2, 0x8276dbcb, 0x02778176,
198 0xf8af918d, 0x4e48f79e, 0x8f616ddf, 0xe29d840e, 0x842f7d83,
199 0x340ce5c8, 0x96bbb682, 0x93b4b148,
200 0xef303cab, 0x984faf28, 0x779faf9b, 0x92dc560d, 0x224d1e20,
201 0x8437aa88, 0x7d29dc96, 0x2756d3dc,
202 0x8b907cee, 0xb51fd240, 0xe7c07ce3, 0xe566b4a1, 0xc3e9615e,
203 0x3cf8209d, 0x6094d1e3, 0xcd9ca341,
204 0x5c76460e, 0x00ea983b, 0xd4d67881, 0xfd47572c, 0xf76cedd9,
205 0xbda8229c, 0x127dadaa, 0x438a074e,
206 0x1f97c090, 0x081bdb8a, 0x93a07ebe, 0xb938ca15, 0x97b03cff,
207 0x3dc2c0f8, 0x8d1ab2ec, 0x64380e51,
208 0x68cc7bfb, 0xd90f2788, 0x12490181, 0x5de5ffd4, 0xdd7ef86a,
209 0x76a2e214, 0xb9a40368, 0x925d958f,
210 0x4b39fffa, 0xba39aee9, 0xa4ffd30b, 0xfaf7933b, 0x6d498623,
211 0x193cbcfa, 0x27627545, 0x825cf47a,
212 0x61bd8ba0, 0xd11e42d1, 0xcead04f4, 0x127ea392, 0x10428db7,
213 0x8272a972, 0x9270c4a8, 0x127de50b,
214 0x285ba1c8, 0x3c62f44f, 0x35c0eaa5, 0xe805d231, 0x428929fb,
215 0xb4fcdf82, 0x4fb66a53, 0x0e7dc15b,
216 0x1f081fab, 0x108618ae, 0xfcfd086d, 0xf9ff2889, 0x694bcc11,
217 0x236a5cae, 0x12deca4d, 0x2c3f8cc5,
218 0xd2d02dfe, 0xf8ef5896, 0xe4cf52da, 0x95155b67, 0x494a488c,
219 0xb9b6a80c, 0x5c8f82bc, 0x89d36b45,
220 0x3a609437, 0xec00c9a9, 0x44715253, 0x0a874b49, 0xd773bc40,
221 0x7c34671c, 0x02717ef6, 0x4feb5536,
222 0xa2d02fff, 0xd2bf60c4, 0xd43f03c0, 0x50b4ef6d, 0x07478cd1,
223 0x006e1888, 0xa2e53f55, 0xb9e6d4bc,
224 0xa2048016, 0x97573833, 0xd7207d67, 0xde0f8f3d, 0x72f87b33,
225 0xabcc4f33, 0x7688c55d, 0x7b00a6b0,
226 0x947b0001, 0x570075d2, 0xf9bb88f8, 0x8942019e, 0x4264a5ff,
227 0x856302e0, 0x72dbd92b, 0xee971b69,
228 0x6ea22fde, 0x5f08ae2b, 0xaf7a616d, 0xe5c98767, 0xcf1febd2,
229 0x61efc8c2, 0xf1ac2571, 0xcc8239c2,
230 0x67214cb8, 0xb1e583d1, 0xb7dc3e62, 0x7f10bdce, 0xf90a5c38,
231 0x0ff0443d, 0x606e6dc6, 0x60543a49,
232 0x5727c148, 0x2be98a1d, 0x8ab41738, 0x20e1be24, 0xaf96da0f,
233 0x68458425, 0x99833be5, 0x600d457d,
234 0x282f9350, 0x8334b362, 0xd91d1120, 0x2b6d8da0, 0x642b1e31,
235 0x9c305a00, 0x52bce688, 0x1b03588a,
236 0xf7baefd5, 0x4142ed9c, 0xa4315c11, 0x83323ec5, 0xdfef4636,
237 0xa133c501, 0xe9d3531c, 0xee353783
238};
239static const u32 s4[256] = {
240 0x9db30420, 0x1fb6e9de, 0xa7be7bef, 0xd273a298, 0x4a4f7bdb,
241 0x64ad8c57, 0x85510443, 0xfa020ed1,
242 0x7e287aff, 0xe60fb663, 0x095f35a1, 0x79ebf120, 0xfd059d43,
243 0x6497b7b1, 0xf3641f63, 0x241e4adf,
244 0x28147f5f, 0x4fa2b8cd, 0xc9430040, 0x0cc32220, 0xfdd30b30,
245 0xc0a5374f, 0x1d2d00d9, 0x24147b15,
246 0xee4d111a, 0x0fca5167, 0x71ff904c, 0x2d195ffe, 0x1a05645f,
247 0x0c13fefe, 0x081b08ca, 0x05170121,
248 0x80530100, 0xe83e5efe, 0xac9af4f8, 0x7fe72701, 0xd2b8ee5f,
249 0x06df4261, 0xbb9e9b8a, 0x7293ea25,
250 0xce84ffdf, 0xf5718801, 0x3dd64b04, 0xa26f263b, 0x7ed48400,
251 0x547eebe6, 0x446d4ca0, 0x6cf3d6f5,
252 0x2649abdf, 0xaea0c7f5, 0x36338cc1, 0x503f7e93, 0xd3772061,
253 0x11b638e1, 0x72500e03, 0xf80eb2bb,
254 0xabe0502e, 0xec8d77de, 0x57971e81, 0xe14f6746, 0xc9335400,
255 0x6920318f, 0x081dbb99, 0xffc304a5,
256 0x4d351805, 0x7f3d5ce3, 0xa6c866c6, 0x5d5bcca9, 0xdaec6fea,
257 0x9f926f91, 0x9f46222f, 0x3991467d,
258 0xa5bf6d8e, 0x1143c44f, 0x43958302, 0xd0214eeb, 0x022083b8,
259 0x3fb6180c, 0x18f8931e, 0x281658e6,
260 0x26486e3e, 0x8bd78a70, 0x7477e4c1, 0xb506e07c, 0xf32d0a25,
261 0x79098b02, 0xe4eabb81, 0x28123b23,
262 0x69dead38, 0x1574ca16, 0xdf871b62, 0x211c40b7, 0xa51a9ef9,
263 0x0014377b, 0x041e8ac8, 0x09114003,
264 0xbd59e4d2, 0xe3d156d5, 0x4fe876d5, 0x2f91a340, 0x557be8de,
265 0x00eae4a7, 0x0ce5c2ec, 0x4db4bba6,
266 0xe756bdff, 0xdd3369ac, 0xec17b035, 0x06572327, 0x99afc8b0,
267 0x56c8c391, 0x6b65811c, 0x5e146119,
268 0x6e85cb75, 0xbe07c002, 0xc2325577, 0x893ff4ec, 0x5bbfc92d,
269 0xd0ec3b25, 0xb7801ab7, 0x8d6d3b24,
270 0x20c763ef, 0xc366a5fc, 0x9c382880, 0x0ace3205, 0xaac9548a,
271 0xeca1d7c7, 0x041afa32, 0x1d16625a,
272 0x6701902c, 0x9b757a54, 0x31d477f7, 0x9126b031, 0x36cc6fdb,
273 0xc70b8b46, 0xd9e66a48, 0x56e55a79,
274 0x026a4ceb, 0x52437eff, 0x2f8f76b4, 0x0df980a5, 0x8674cde3,
275 0xedda04eb, 0x17a9be04, 0x2c18f4df,
276 0xb7747f9d, 0xab2af7b4, 0xefc34d20, 0x2e096b7c, 0x1741a254,
277 0xe5b6a035, 0x213d42f6, 0x2c1c7c26,
278 0x61c2f50f, 0x6552daf9, 0xd2c231f8, 0x25130f69, 0xd8167fa2,
279 0x0418f2c8, 0x001a96a6, 0x0d1526ab,
280 0x63315c21, 0x5e0a72ec, 0x49bafefd, 0x187908d9, 0x8d0dbd86,
281 0x311170a7, 0x3e9b640c, 0xcc3e10d7,
282 0xd5cad3b6, 0x0caec388, 0xf73001e1, 0x6c728aff, 0x71eae2a1,
283 0x1f9af36e, 0xcfcbd12f, 0xc1de8417,
284 0xac07be6b, 0xcb44a1d8, 0x8b9b0f56, 0x013988c3, 0xb1c52fca,
285 0xb4be31cd, 0xd8782806, 0x12a3a4e2,
286 0x6f7de532, 0x58fd7eb6, 0xd01ee900, 0x24adffc2, 0xf4990fc5,
287 0x9711aac5, 0x001d7b95, 0x82e5e7d2,
288 0x109873f6, 0x00613096, 0xc32d9521, 0xada121ff, 0x29908415,
289 0x7fbb977f, 0xaf9eb3db, 0x29c9ed2a,
290 0x5ce2a465, 0xa730f32c, 0xd0aa3fe8, 0x8a5cc091, 0xd49e2ce7,
291 0x0ce454a9, 0xd60acd86, 0x015f1919,
292 0x77079103, 0xdea03af6, 0x78a8565e, 0xdee356df, 0x21f05cbe,
293 0x8b75e387, 0xb3c50651, 0xb8a5c3ef,
294 0xd8eeb6d2, 0xe523be77, 0xc2154529, 0x2f69efdf, 0xafe67afb,
295 0xf470c4b2, 0xf3e0eb5b, 0xd6cc9876,
296 0x39e4460c, 0x1fda8538, 0x1987832f, 0xca007367, 0xa99144f8,
297 0x296b299e, 0x492fc295, 0x9266beab,
298 0xb5676e69, 0x9bd3ddda, 0xdf7e052f, 0xdb25701c, 0x1b5e51ee,
299 0xf65324e6, 0x6afce36c, 0x0316cc04,
300 0x8644213e, 0xb7dc59d0, 0x7965291f, 0xccd6fd43, 0x41823979,
301 0x932bcdf6, 0xb657c34d, 0x4edfd282,
302 0x7ae5290c, 0x3cb9536b, 0x851e20fe, 0x9833557e, 0x13ecf0b0,
303 0xd3ffb372, 0x3f85c5c1, 0x0aef7ed2
304};
305static const u32 s5[256] = {
306 0x7ec90c04, 0x2c6e74b9, 0x9b0e66df, 0xa6337911, 0xb86a7fff,
307 0x1dd358f5, 0x44dd9d44, 0x1731167f,
308 0x08fbf1fa, 0xe7f511cc, 0xd2051b00, 0x735aba00, 0x2ab722d8,
309 0x386381cb, 0xacf6243a, 0x69befd7a,
310 0xe6a2e77f, 0xf0c720cd, 0xc4494816, 0xccf5c180, 0x38851640,
311 0x15b0a848, 0xe68b18cb, 0x4caadeff,
312 0x5f480a01, 0x0412b2aa, 0x259814fc, 0x41d0efe2, 0x4e40b48d,
313 0x248eb6fb, 0x8dba1cfe, 0x41a99b02,
314 0x1a550a04, 0xba8f65cb, 0x7251f4e7, 0x95a51725, 0xc106ecd7,
315 0x97a5980a, 0xc539b9aa, 0x4d79fe6a,
316 0xf2f3f763, 0x68af8040, 0xed0c9e56, 0x11b4958b, 0xe1eb5a88,
317 0x8709e6b0, 0xd7e07156, 0x4e29fea7,
318 0x6366e52d, 0x02d1c000, 0xc4ac8e05, 0x9377f571, 0x0c05372a,
319 0x578535f2, 0x2261be02, 0xd642a0c9,
320 0xdf13a280, 0x74b55bd2, 0x682199c0, 0xd421e5ec, 0x53fb3ce8,
321 0xc8adedb3, 0x28a87fc9, 0x3d959981,
322 0x5c1ff900, 0xfe38d399, 0x0c4eff0b, 0x062407ea, 0xaa2f4fb1,
323 0x4fb96976, 0x90c79505, 0xb0a8a774,
324 0xef55a1ff, 0xe59ca2c2, 0xa6b62d27, 0xe66a4263, 0xdf65001f,
325 0x0ec50966, 0xdfdd55bc, 0x29de0655,
326 0x911e739a, 0x17af8975, 0x32c7911c, 0x89f89468, 0x0d01e980,
327 0x524755f4, 0x03b63cc9, 0x0cc844b2,
328 0xbcf3f0aa, 0x87ac36e9, 0xe53a7426, 0x01b3d82b, 0x1a9e7449,
329 0x64ee2d7e, 0xcddbb1da, 0x01c94910,
330 0xb868bf80, 0x0d26f3fd, 0x9342ede7, 0x04a5c284, 0x636737b6,
331 0x50f5b616, 0xf24766e3, 0x8eca36c1,
332 0x136e05db, 0xfef18391, 0xfb887a37, 0xd6e7f7d4, 0xc7fb7dc9,
333 0x3063fcdf, 0xb6f589de, 0xec2941da,
334 0x26e46695, 0xb7566419, 0xf654efc5, 0xd08d58b7, 0x48925401,
335 0xc1bacb7f, 0xe5ff550f, 0xb6083049,
336 0x5bb5d0e8, 0x87d72e5a, 0xab6a6ee1, 0x223a66ce, 0xc62bf3cd,
337 0x9e0885f9, 0x68cb3e47, 0x086c010f,
338 0xa21de820, 0xd18b69de, 0xf3f65777, 0xfa02c3f6, 0x407edac3,
339 0xcbb3d550, 0x1793084d, 0xb0d70eba,
340 0x0ab378d5, 0xd951fb0c, 0xded7da56, 0x4124bbe4, 0x94ca0b56,
341 0x0f5755d1, 0xe0e1e56e, 0x6184b5be,
342 0x580a249f, 0x94f74bc0, 0xe327888e, 0x9f7b5561, 0xc3dc0280,
343 0x05687715, 0x646c6bd7, 0x44904db3,
344 0x66b4f0a3, 0xc0f1648a, 0x697ed5af, 0x49e92ff6, 0x309e374f,
345 0x2cb6356a, 0x85808573, 0x4991f840,
346 0x76f0ae02, 0x083be84d, 0x28421c9a, 0x44489406, 0x736e4cb8,
347 0xc1092910, 0x8bc95fc6, 0x7d869cf4,
348 0x134f616f, 0x2e77118d, 0xb31b2be1, 0xaa90b472, 0x3ca5d717,
349 0x7d161bba, 0x9cad9010, 0xaf462ba2,
350 0x9fe459d2, 0x45d34559, 0xd9f2da13, 0xdbc65487, 0xf3e4f94e,
351 0x176d486f, 0x097c13ea, 0x631da5c7,
352 0x445f7382, 0x175683f4, 0xcdc66a97, 0x70be0288, 0xb3cdcf72,
353 0x6e5dd2f3, 0x20936079, 0x459b80a5,
354 0xbe60e2db, 0xa9c23101, 0xeba5315c, 0x224e42f2, 0x1c5c1572,
355 0xf6721b2c, 0x1ad2fff3, 0x8c25404e,
356 0x324ed72f, 0x4067b7fd, 0x0523138e, 0x5ca3bc78, 0xdc0fd66e,
357 0x75922283, 0x784d6b17, 0x58ebb16e,
358 0x44094f85, 0x3f481d87, 0xfcfeae7b, 0x77b5ff76, 0x8c2302bf,
359 0xaaf47556, 0x5f46b02a, 0x2b092801,
360 0x3d38f5f7, 0x0ca81f36, 0x52af4a8a, 0x66d5e7c0, 0xdf3b0874,
361 0x95055110, 0x1b5ad7a8, 0xf61ed5ad,
362 0x6cf6e479, 0x20758184, 0xd0cefa65, 0x88f7be58, 0x4a046826,
363 0x0ff6f8f3, 0xa09c7f70, 0x5346aba0,
364 0x5ce96c28, 0xe176eda3, 0x6bac307f, 0x376829d2, 0x85360fa9,
365 0x17e3fe2a, 0x24b79767, 0xf5a96b20,
366 0xd6cd2595, 0x68ff1ebf, 0x7555442c, 0xf19f06be, 0xf9e0659a,
367 0xeeb9491d, 0x34010718, 0xbb30cab8,
368 0xe822fe15, 0x88570983, 0x750e6249, 0xda627e55, 0x5e76ffa8,
369 0xb1534546, 0x6d47de08, 0xefe9e7d4
370};
371static const u32 s6[256] = {
372 0xf6fa8f9d, 0x2cac6ce1, 0x4ca34867, 0xe2337f7c, 0x95db08e7,
373 0x016843b4, 0xeced5cbc, 0x325553ac,
374 0xbf9f0960, 0xdfa1e2ed, 0x83f0579d, 0x63ed86b9, 0x1ab6a6b8,
375 0xde5ebe39, 0xf38ff732, 0x8989b138,
376 0x33f14961, 0xc01937bd, 0xf506c6da, 0xe4625e7e, 0xa308ea99,
377 0x4e23e33c, 0x79cbd7cc, 0x48a14367,
378 0xa3149619, 0xfec94bd5, 0xa114174a, 0xeaa01866, 0xa084db2d,
379 0x09a8486f, 0xa888614a, 0x2900af98,
380 0x01665991, 0xe1992863, 0xc8f30c60, 0x2e78ef3c, 0xd0d51932,
381 0xcf0fec14, 0xf7ca07d2, 0xd0a82072,
382 0xfd41197e, 0x9305a6b0, 0xe86be3da, 0x74bed3cd, 0x372da53c,
383 0x4c7f4448, 0xdab5d440, 0x6dba0ec3,
384 0x083919a7, 0x9fbaeed9, 0x49dbcfb0, 0x4e670c53, 0x5c3d9c01,
385 0x64bdb941, 0x2c0e636a, 0xba7dd9cd,
386 0xea6f7388, 0xe70bc762, 0x35f29adb, 0x5c4cdd8d, 0xf0d48d8c,
387 0xb88153e2, 0x08a19866, 0x1ae2eac8,
388 0x284caf89, 0xaa928223, 0x9334be53, 0x3b3a21bf, 0x16434be3,
389 0x9aea3906, 0xefe8c36e, 0xf890cdd9,
390 0x80226dae, 0xc340a4a3, 0xdf7e9c09, 0xa694a807, 0x5b7c5ecc,
391 0x221db3a6, 0x9a69a02f, 0x68818a54,
392 0xceb2296f, 0x53c0843a, 0xfe893655, 0x25bfe68a, 0xb4628abc,
393 0xcf222ebf, 0x25ac6f48, 0xa9a99387,
394 0x53bddb65, 0xe76ffbe7, 0xe967fd78, 0x0ba93563, 0x8e342bc1,
395 0xe8a11be9, 0x4980740d, 0xc8087dfc,
396 0x8de4bf99, 0xa11101a0, 0x7fd37975, 0xda5a26c0, 0xe81f994f,
397 0x9528cd89, 0xfd339fed, 0xb87834bf,
398 0x5f04456d, 0x22258698, 0xc9c4c83b, 0x2dc156be, 0x4f628daa,
399 0x57f55ec5, 0xe2220abe, 0xd2916ebf,
400 0x4ec75b95, 0x24f2c3c0, 0x42d15d99, 0xcd0d7fa0, 0x7b6e27ff,
401 0xa8dc8af0, 0x7345c106, 0xf41e232f,
402 0x35162386, 0xe6ea8926, 0x3333b094, 0x157ec6f2, 0x372b74af,
403 0x692573e4, 0xe9a9d848, 0xf3160289,
404 0x3a62ef1d, 0xa787e238, 0xf3a5f676, 0x74364853, 0x20951063,
405 0x4576698d, 0xb6fad407, 0x592af950,
406 0x36f73523, 0x4cfb6e87, 0x7da4cec0, 0x6c152daa, 0xcb0396a8,
407 0xc50dfe5d, 0xfcd707ab, 0x0921c42f,
408 0x89dff0bb, 0x5fe2be78, 0x448f4f33, 0x754613c9, 0x2b05d08d,
409 0x48b9d585, 0xdc049441, 0xc8098f9b,
410 0x7dede786, 0xc39a3373, 0x42410005, 0x6a091751, 0x0ef3c8a6,
411 0x890072d6, 0x28207682, 0xa9a9f7be,
412 0xbf32679d, 0xd45b5b75, 0xb353fd00, 0xcbb0e358, 0x830f220a,
413 0x1f8fb214, 0xd372cf08, 0xcc3c4a13,
414 0x8cf63166, 0x061c87be, 0x88c98f88, 0x6062e397, 0x47cf8e7a,
415 0xb6c85283, 0x3cc2acfb, 0x3fc06976,
416 0x4e8f0252, 0x64d8314d, 0xda3870e3, 0x1e665459, 0xc10908f0,
417 0x513021a5, 0x6c5b68b7, 0x822f8aa0,
418 0x3007cd3e, 0x74719eef, 0xdc872681, 0x073340d4, 0x7e432fd9,
419 0x0c5ec241, 0x8809286c, 0xf592d891,
420 0x08a930f6, 0x957ef305, 0xb7fbffbd, 0xc266e96f, 0x6fe4ac98,
421 0xb173ecc0, 0xbc60b42a, 0x953498da,
422 0xfba1ae12, 0x2d4bd736, 0x0f25faab, 0xa4f3fceb, 0xe2969123,
423 0x257f0c3d, 0x9348af49, 0x361400bc,
424 0xe8816f4a, 0x3814f200, 0xa3f94043, 0x9c7a54c2, 0xbc704f57,
425 0xda41e7f9, 0xc25ad33a, 0x54f4a084,
426 0xb17f5505, 0x59357cbe, 0xedbd15c8, 0x7f97c5ab, 0xba5ac7b5,
427 0xb6f6deaf, 0x3a479c3a, 0x5302da25,
428 0x653d7e6a, 0x54268d49, 0x51a477ea, 0x5017d55b, 0xd7d25d88,
429 0x44136c76, 0x0404a8c8, 0xb8e5a121,
430 0xb81a928a, 0x60ed5869, 0x97c55b96, 0xeaec991b, 0x29935913,
431 0x01fdb7f1, 0x088e8dfa, 0x9ab6f6f5,
432 0x3b4cbf9f, 0x4a5de3ab, 0xe6051d35, 0xa0e1d855, 0xd36b4cf1,
433 0xf544edeb, 0xb0e93524, 0xbebb8fbd,
434 0xa2d762cf, 0x49c92f54, 0x38b5f331, 0x7128a454, 0x48392905,
435 0xa65b1db8, 0x851c97bd, 0xd675cf2f
436};
437static const u32 s7[256] = {
438 0x85e04019, 0x332bf567, 0x662dbfff, 0xcfc65693, 0x2a8d7f6f,
439 0xab9bc912, 0xde6008a1, 0x2028da1f,
440 0x0227bce7, 0x4d642916, 0x18fac300, 0x50f18b82, 0x2cb2cb11,
441 0xb232e75c, 0x4b3695f2, 0xb28707de,
442 0xa05fbcf6, 0xcd4181e9, 0xe150210c, 0xe24ef1bd, 0xb168c381,
443 0xfde4e789, 0x5c79b0d8, 0x1e8bfd43,
444 0x4d495001, 0x38be4341, 0x913cee1d, 0x92a79c3f, 0x089766be,
445 0xbaeeadf4, 0x1286becf, 0xb6eacb19,
446 0x2660c200, 0x7565bde4, 0x64241f7a, 0x8248dca9, 0xc3b3ad66,
447 0x28136086, 0x0bd8dfa8, 0x356d1cf2,
448 0x107789be, 0xb3b2e9ce, 0x0502aa8f, 0x0bc0351e, 0x166bf52a,
449 0xeb12ff82, 0xe3486911, 0xd34d7516,
450 0x4e7b3aff, 0x5f43671b, 0x9cf6e037, 0x4981ac83, 0x334266ce,
451 0x8c9341b7, 0xd0d854c0, 0xcb3a6c88,
452 0x47bc2829, 0x4725ba37, 0xa66ad22b, 0x7ad61f1e, 0x0c5cbafa,
453 0x4437f107, 0xb6e79962, 0x42d2d816,
454 0x0a961288, 0xe1a5c06e, 0x13749e67, 0x72fc081a, 0xb1d139f7,
455 0xf9583745, 0xcf19df58, 0xbec3f756,
456 0xc06eba30, 0x07211b24, 0x45c28829, 0xc95e317f, 0xbc8ec511,
457 0x38bc46e9, 0xc6e6fa14, 0xbae8584a,
458 0xad4ebc46, 0x468f508b, 0x7829435f, 0xf124183b, 0x821dba9f,
459 0xaff60ff4, 0xea2c4e6d, 0x16e39264,
460 0x92544a8b, 0x009b4fc3, 0xaba68ced, 0x9ac96f78, 0x06a5b79a,
461 0xb2856e6e, 0x1aec3ca9, 0xbe838688,
462 0x0e0804e9, 0x55f1be56, 0xe7e5363b, 0xb3a1f25d, 0xf7debb85,
463 0x61fe033c, 0x16746233, 0x3c034c28,
464 0xda6d0c74, 0x79aac56c, 0x3ce4e1ad, 0x51f0c802, 0x98f8f35a,
465 0x1626a49f, 0xeed82b29, 0x1d382fe3,
466 0x0c4fb99a, 0xbb325778, 0x3ec6d97b, 0x6e77a6a9, 0xcb658b5c,
467 0xd45230c7, 0x2bd1408b, 0x60c03eb7,
468 0xb9068d78, 0xa33754f4, 0xf430c87d, 0xc8a71302, 0xb96d8c32,
469 0xebd4e7be, 0xbe8b9d2d, 0x7979fb06,
470 0xe7225308, 0x8b75cf77, 0x11ef8da4, 0xe083c858, 0x8d6b786f,
471 0x5a6317a6, 0xfa5cf7a0, 0x5dda0033,
472 0xf28ebfb0, 0xf5b9c310, 0xa0eac280, 0x08b9767a, 0xa3d9d2b0,
473 0x79d34217, 0x021a718d, 0x9ac6336a,
474 0x2711fd60, 0x438050e3, 0x069908a8, 0x3d7fedc4, 0x826d2bef,
475 0x4eeb8476, 0x488dcf25, 0x36c9d566,
476 0x28e74e41, 0xc2610aca, 0x3d49a9cf, 0xbae3b9df, 0xb65f8de6,
477 0x92aeaf64, 0x3ac7d5e6, 0x9ea80509,
478 0xf22b017d, 0xa4173f70, 0xdd1e16c3, 0x15e0d7f9, 0x50b1b887,
479 0x2b9f4fd5, 0x625aba82, 0x6a017962,
480 0x2ec01b9c, 0x15488aa9, 0xd716e740, 0x40055a2c, 0x93d29a22,
481 0xe32dbf9a, 0x058745b9, 0x3453dc1e,
482 0xd699296e, 0x496cff6f, 0x1c9f4986, 0xdfe2ed07, 0xb87242d1,
483 0x19de7eae, 0x053e561a, 0x15ad6f8c,
484 0x66626c1c, 0x7154c24c, 0xea082b2a, 0x93eb2939, 0x17dcb0f0,
485 0x58d4f2ae, 0x9ea294fb, 0x52cf564c,
486 0x9883fe66, 0x2ec40581, 0x763953c3, 0x01d6692e, 0xd3a0c108,
487 0xa1e7160e, 0xe4f2dfa6, 0x693ed285,
488 0x74904698, 0x4c2b0edd, 0x4f757656, 0x5d393378, 0xa132234f,
489 0x3d321c5d, 0xc3f5e194, 0x4b269301,
490 0xc79f022f, 0x3c997e7e, 0x5e4f9504, 0x3ffafbbd, 0x76f7ad0e,
491 0x296693f4, 0x3d1fce6f, 0xc61e45be,
492 0xd3b5ab34, 0xf72bf9b7, 0x1b0434c0, 0x4e72b567, 0x5592a33d,
493 0xb5229301, 0xcfd2a87f, 0x60aeb767,
494 0x1814386b, 0x30bcc33d, 0x38a0c07d, 0xfd1606f2, 0xc363519b,
495 0x589dd390, 0x5479f8e6, 0x1cb8d647,
496 0x97fd61a9, 0xea7759f4, 0x2d57539d, 0x569a58cf, 0xe84e63ad,
497 0x462e1b78, 0x6580f87e, 0xf3817914,
498 0x91da55f4, 0x40a230f3, 0xd1988f35, 0xb6e318d2, 0x3ffa50bc,
499 0x3d40f021, 0xc3c0bdae, 0x4958c24c,
500 0x518f36b2, 0x84b1d370, 0x0fedce83, 0x878ddada, 0xf2a279c7,
501 0x94e01be8, 0x90716f4b, 0x954b8aa3
502};
503static const u32 sb8[256] = {
504 0xe216300d, 0xbbddfffc, 0xa7ebdabd, 0x35648095, 0x7789f8b7,
505 0xe6c1121b, 0x0e241600, 0x052ce8b5,
506 0x11a9cfb0, 0xe5952f11, 0xece7990a, 0x9386d174, 0x2a42931c,
507 0x76e38111, 0xb12def3a, 0x37ddddfc,
508 0xde9adeb1, 0x0a0cc32c, 0xbe197029, 0x84a00940, 0xbb243a0f,
509 0xb4d137cf, 0xb44e79f0, 0x049eedfd,
510 0x0b15a15d, 0x480d3168, 0x8bbbde5a, 0x669ded42, 0xc7ece831,
511 0x3f8f95e7, 0x72df191b, 0x7580330d,
512 0x94074251, 0x5c7dcdfa, 0xabbe6d63, 0xaa402164, 0xb301d40a,
513 0x02e7d1ca, 0x53571dae, 0x7a3182a2,
514 0x12a8ddec, 0xfdaa335d, 0x176f43e8, 0x71fb46d4, 0x38129022,
515 0xce949ad4, 0xb84769ad, 0x965bd862,
516 0x82f3d055, 0x66fb9767, 0x15b80b4e, 0x1d5b47a0, 0x4cfde06f,
517 0xc28ec4b8, 0x57e8726e, 0x647a78fc,
518 0x99865d44, 0x608bd593, 0x6c200e03, 0x39dc5ff6, 0x5d0b00a3,
519 0xae63aff2, 0x7e8bd632, 0x70108c0c,
520 0xbbd35049, 0x2998df04, 0x980cf42a, 0x9b6df491, 0x9e7edd53,
521 0x06918548, 0x58cb7e07, 0x3b74ef2e,
522 0x522fffb1, 0xd24708cc, 0x1c7e27cd, 0xa4eb215b, 0x3cf1d2e2,
523 0x19b47a38, 0x424f7618, 0x35856039,
524 0x9d17dee7, 0x27eb35e6, 0xc9aff67b, 0x36baf5b8, 0x09c467cd,
525 0xc18910b1, 0xe11dbf7b, 0x06cd1af8,
526 0x7170c608, 0x2d5e3354, 0xd4de495a, 0x64c6d006, 0xbcc0c62c,
527 0x3dd00db3, 0x708f8f34, 0x77d51b42,
528 0x264f620f, 0x24b8d2bf, 0x15c1b79e, 0x46a52564, 0xf8d7e54e,
529 0x3e378160, 0x7895cda5, 0x859c15a5,
530 0xe6459788, 0xc37bc75f, 0xdb07ba0c, 0x0676a3ab, 0x7f229b1e,
531 0x31842e7b, 0x24259fd7, 0xf8bef472,
532 0x835ffcb8, 0x6df4c1f2, 0x96f5b195, 0xfd0af0fc, 0xb0fe134c,
533 0xe2506d3d, 0x4f9b12ea, 0xf215f225,
534 0xa223736f, 0x9fb4c428, 0x25d04979, 0x34c713f8, 0xc4618187,
535 0xea7a6e98, 0x7cd16efc, 0x1436876c,
536 0xf1544107, 0xbedeee14, 0x56e9af27, 0xa04aa441, 0x3cf7c899,
537 0x92ecbae6, 0xdd67016d, 0x151682eb,
538 0xa842eedf, 0xfdba60b4, 0xf1907b75, 0x20e3030f, 0x24d8c29e,
539 0xe139673b, 0xefa63fb8, 0x71873054,
540 0xb6f2cf3b, 0x9f326442, 0xcb15a4cc, 0xb01a4504, 0xf1e47d8d,
541 0x844a1be5, 0xbae7dfdc, 0x42cbda70,
542 0xcd7dae0a, 0x57e85b7a, 0xd53f5af6, 0x20cf4d8c, 0xcea4d428,
543 0x79d130a4, 0x3486ebfb, 0x33d3cddc,
544 0x77853b53, 0x37effcb5, 0xc5068778, 0xe580b3e6, 0x4e68b8f4,
545 0xc5c8b37e, 0x0d809ea2, 0x398feb7c,
546 0x132a4f94, 0x43b7950e, 0x2fee7d1c, 0x223613bd, 0xdd06caa2,
547 0x37df932b, 0xc4248289, 0xacf3ebc3,
548 0x5715f6b7, 0xef3478dd, 0xf267616f, 0xc148cbe4, 0x9052815e,
549 0x5e410fab, 0xb48a2465, 0x2eda7fa4,
550 0xe87b40e4, 0xe98ea084, 0x5889e9e1, 0xefd390fc, 0xdd07d35b,
551 0xdb485694, 0x38d7e5b2, 0x57720101,
552 0x730edebc, 0x5b643113, 0x94917e4f, 0x503c2fba, 0x646f1282,
553 0x7523d24a, 0xe0779695, 0xf9c17a8f,
554 0x7a5b2121, 0xd187b896, 0x29263a4d, 0xba510cdf, 0x81f47c9f,
555 0xad1163ed, 0xea7b5965, 0x1a00726e,
556 0x11403092, 0x00da6d77, 0x4a0cdd61, 0xad1f4603, 0x605bdfb0,
557 0x9eedc364, 0x22ebe6a8, 0xcee7d28a,
558 0xa0e736a0, 0x5564a6b9, 0x10853209, 0xc7eb8f37, 0x2de705ca,
559 0x8951570f, 0xdf09822b, 0xbd691a6c,
560 0xaa12e4f2, 0x87451c0f, 0xe0f6a27a, 0x3ada4819, 0x4cf1764f,
561 0x0d771c2b, 0x67cdb156, 0x350d8384,
562 0x5938fa0f, 0x42399ef3, 0x36997b07, 0x0e84093d, 0x4aa93e61,
563 0x8360d87b, 0x1fa98b0c, 0x1149382c,
564 0xe97625a5, 0x0614d1b7, 0x0e25244b, 0x0c768347, 0x589e8d82,
565 0x0d2059d1, 0xa466bb1e, 0xf8da0a82,
566 0x04f19130, 0xba6e4ec0, 0x99265164, 0x1ee7230d, 0x50b2ad80,
567 0xeaee6801, 0x8db2a283, 0xea8bf59e
568};
569
570#define F1(D,m,r) ( (I = ((m) + (D))), (I=rol32(I,(r))), \
571 (((s1[I >> 24] ^ s2[(I>>16)&0xff]) - s3[(I>>8)&0xff]) + s4[I&0xff]) )
572#define F2(D,m,r) ( (I = ((m) ^ (D))), (I=rol32(I,(r))), \
573 (((s1[I >> 24] - s2[(I>>16)&0xff]) + s3[(I>>8)&0xff]) ^ s4[I&0xff]) )
574#define F3(D,m,r) ( (I = ((m) - (D))), (I=rol32(I,(r))), \
575 (((s1[I >> 24] + s2[(I>>16)&0xff]) ^ s3[(I>>8)&0xff]) - s4[I&0xff]) )
576
577
578static void cast5_encrypt(void *ctx, u8 * outbuf, const u8 * inbuf)
579{
580 struct cast5_ctx *c = (struct cast5_ctx *) ctx;
581 u32 l, r, t;
582 u32 I; /* used by the Fx macros */
583 u32 *Km;
584 u8 *Kr;
585
586 Km = c->Km;
587 Kr = c->Kr;
588
589 /* (L0,R0) <-- (m1...m64). (Split the plaintext into left and
590 * right 32-bit halves L0 = m1...m32 and R0 = m33...m64.)
591 */
592 l = inbuf[0] << 24 | inbuf[1] << 16 | inbuf[2] << 8 | inbuf[3];
593 r = inbuf[4] << 24 | inbuf[5] << 16 | inbuf[6] << 8 | inbuf[7];
594
595 /* (16 rounds) for i from 1 to 16, compute Li and Ri as follows:
596 * Li = Ri-1;
597 * Ri = Li-1 ^ f(Ri-1,Kmi,Kri), where f is defined in Section 2.2
598 * Rounds 1, 4, 7, 10, 13, and 16 use f function Type 1.
599 * Rounds 2, 5, 8, 11, and 14 use f function Type 2.
600 * Rounds 3, 6, 9, 12, and 15 use f function Type 3.
601 */
602
603 if (!(c->rr)) {
604 t = l; l = r; r = t ^ F1(r, Km[0], Kr[0]);
605 t = l; l = r; r = t ^ F2(r, Km[1], Kr[1]);
606 t = l; l = r; r = t ^ F3(r, Km[2], Kr[2]);
607 t = l; l = r; r = t ^ F1(r, Km[3], Kr[3]);
608 t = l; l = r; r = t ^ F2(r, Km[4], Kr[4]);
609 t = l; l = r; r = t ^ F3(r, Km[5], Kr[5]);
610 t = l; l = r; r = t ^ F1(r, Km[6], Kr[6]);
611 t = l; l = r; r = t ^ F2(r, Km[7], Kr[7]);
612 t = l; l = r; r = t ^ F3(r, Km[8], Kr[8]);
613 t = l; l = r; r = t ^ F1(r, Km[9], Kr[9]);
614 t = l; l = r; r = t ^ F2(r, Km[10], Kr[10]);
615 t = l; l = r; r = t ^ F3(r, Km[11], Kr[11]);
616 t = l; l = r; r = t ^ F1(r, Km[12], Kr[12]);
617 t = l; l = r; r = t ^ F2(r, Km[13], Kr[13]);
618 t = l; l = r; r = t ^ F3(r, Km[14], Kr[14]);
619 t = l; l = r; r = t ^ F1(r, Km[15], Kr[15]);
620 } else {
621 t = l; l = r; r = t ^ F1(r, Km[0], Kr[0]);
622 t = l; l = r; r = t ^ F2(r, Km[1], Kr[1]);
623 t = l; l = r; r = t ^ F3(r, Km[2], Kr[2]);
624 t = l; l = r; r = t ^ F1(r, Km[3], Kr[3]);
625 t = l; l = r; r = t ^ F2(r, Km[4], Kr[4]);
626 t = l; l = r; r = t ^ F3(r, Km[5], Kr[5]);
627 t = l; l = r; r = t ^ F1(r, Km[6], Kr[6]);
628 t = l; l = r; r = t ^ F2(r, Km[7], Kr[7]);
629 t = l; l = r; r = t ^ F3(r, Km[8], Kr[8]);
630 t = l; l = r; r = t ^ F1(r, Km[9], Kr[9]);
631 t = l; l = r; r = t ^ F2(r, Km[10], Kr[10]);
632 t = l; l = r; r = t ^ F3(r, Km[11], Kr[11]);
633 }
634
635 /* c1...c64 <-- (R16,L16). (Exchange final blocks L16, R16 and
636 * concatenate to form the ciphertext.) */
637 outbuf[0] = (r >> 24) & 0xff;
638 outbuf[1] = (r >> 16) & 0xff;
639 outbuf[2] = (r >> 8) & 0xff;
640 outbuf[3] = r & 0xff;
641 outbuf[4] = (l >> 24) & 0xff;
642 outbuf[5] = (l >> 16) & 0xff;
643 outbuf[6] = (l >> 8) & 0xff;
644 outbuf[7] = l & 0xff;
645}
646
647static void cast5_decrypt(void *ctx, u8 * outbuf, const u8 * inbuf)
648{
649 struct cast5_ctx *c = (struct cast5_ctx *) ctx;
650 u32 l, r, t;
651 u32 I;
652 u32 *Km;
653 u8 *Kr;
654
655 Km = c->Km;
656 Kr = c->Kr;
657
658 l = inbuf[0] << 24 | inbuf[1] << 16 | inbuf[2] << 8 | inbuf[3];
659 r = inbuf[4] << 24 | inbuf[5] << 16 | inbuf[6] << 8 | inbuf[7];
660
661 if (!(c->rr)) {
662 t = l; l = r; r = t ^ F1(r, Km[15], Kr[15]);
663 t = l; l = r; r = t ^ F3(r, Km[14], Kr[14]);
664 t = l; l = r; r = t ^ F2(r, Km[13], Kr[13]);
665 t = l; l = r; r = t ^ F1(r, Km[12], Kr[12]);
666 t = l; l = r; r = t ^ F3(r, Km[11], Kr[11]);
667 t = l; l = r; r = t ^ F2(r, Km[10], Kr[10]);
668 t = l; l = r; r = t ^ F1(r, Km[9], Kr[9]);
669 t = l; l = r; r = t ^ F3(r, Km[8], Kr[8]);
670 t = l; l = r; r = t ^ F2(r, Km[7], Kr[7]);
671 t = l; l = r; r = t ^ F1(r, Km[6], Kr[6]);
672 t = l; l = r; r = t ^ F3(r, Km[5], Kr[5]);
673 t = l; l = r; r = t ^ F2(r, Km[4], Kr[4]);
674 t = l; l = r; r = t ^ F1(r, Km[3], Kr[3]);
675 t = l; l = r; r = t ^ F3(r, Km[2], Kr[2]);
676 t = l; l = r; r = t ^ F2(r, Km[1], Kr[1]);
677 t = l; l = r; r = t ^ F1(r, Km[0], Kr[0]);
678 } else {
679 t = l; l = r; r = t ^ F3(r, Km[11], Kr[11]);
680 t = l; l = r; r = t ^ F2(r, Km[10], Kr[10]);
681 t = l; l = r; r = t ^ F1(r, Km[9], Kr[9]);
682 t = l; l = r; r = t ^ F3(r, Km[8], Kr[8]);
683 t = l; l = r; r = t ^ F2(r, Km[7], Kr[7]);
684 t = l; l = r; r = t ^ F1(r, Km[6], Kr[6]);
685 t = l; l = r; r = t ^ F3(r, Km[5], Kr[5]);
686 t = l; l = r; r = t ^ F2(r, Km[4], Kr[4]);
687 t = l; l = r; r = t ^ F1(r, Km[3], Kr[3]);
688 t = l; l = r; r = t ^ F3(r, Km[2], Kr[2]);
689 t = l; l = r; r = t ^ F2(r, Km[1], Kr[1]);
690 t = l; l = r; r = t ^ F1(r, Km[0], Kr[0]);
691 }
692
693 outbuf[0] = (r >> 24) & 0xff;
694 outbuf[1] = (r >> 16) & 0xff;
695 outbuf[2] = (r >> 8) & 0xff;
696 outbuf[3] = r & 0xff;
697 outbuf[4] = (l >> 24) & 0xff;
698 outbuf[5] = (l >> 16) & 0xff;
699 outbuf[6] = (l >> 8) & 0xff;
700 outbuf[7] = l & 0xff;
701}
702
703static void key_schedule(u32 * x, u32 * z, u32 * k)
704{
705
706#define xi(i) ((x[(i)/4] >> (8*(3-((i)%4)))) & 0xff)
707#define zi(i) ((z[(i)/4] >> (8*(3-((i)%4)))) & 0xff)
708
709 z[0] = x[0] ^ s5[xi(13)] ^ s6[xi(15)] ^ s7[xi(12)] ^ sb8[xi(14)] ^
710 s7[xi(8)];
711 z[1] = x[2] ^ s5[zi(0)] ^ s6[zi(2)] ^ s7[zi(1)] ^ sb8[zi(3)] ^
712 sb8[xi(10)];
713 z[2] = x[3] ^ s5[zi(7)] ^ s6[zi(6)] ^ s7[zi(5)] ^ sb8[zi(4)] ^
714 s5[xi(9)];
715 z[3] = x[1] ^ s5[zi(10)] ^ s6[zi(9)] ^ s7[zi(11)] ^ sb8[zi(8)] ^
716 s6[xi(11)];
717 k[0] = s5[zi(8)] ^ s6[zi(9)] ^ s7[zi(7)] ^ sb8[zi(6)] ^ s5[zi(2)];
718 k[1] = s5[zi(10)] ^ s6[zi(11)] ^ s7[zi(5)] ^ sb8[zi(4)] ^
719 s6[zi(6)];
720 k[2] = s5[zi(12)] ^ s6[zi(13)] ^ s7[zi(3)] ^ sb8[zi(2)] ^
721 s7[zi(9)];
722 k[3] = s5[zi(14)] ^ s6[zi(15)] ^ s7[zi(1)] ^ sb8[zi(0)] ^
723 sb8[zi(12)];
724
725 x[0] = z[2] ^ s5[zi(5)] ^ s6[zi(7)] ^ s7[zi(4)] ^ sb8[zi(6)] ^
726 s7[zi(0)];
727 x[1] = z[0] ^ s5[xi(0)] ^ s6[xi(2)] ^ s7[xi(1)] ^ sb8[xi(3)] ^
728 sb8[zi(2)];
729 x[2] = z[1] ^ s5[xi(7)] ^ s6[xi(6)] ^ s7[xi(5)] ^ sb8[xi(4)] ^
730 s5[zi(1)];
731 x[3] = z[3] ^ s5[xi(10)] ^ s6[xi(9)] ^ s7[xi(11)] ^ sb8[xi(8)] ^
732 s6[zi(3)];
733 k[4] = s5[xi(3)] ^ s6[xi(2)] ^ s7[xi(12)] ^ sb8[xi(13)] ^
734 s5[xi(8)];
735 k[5] = s5[xi(1)] ^ s6[xi(0)] ^ s7[xi(14)] ^ sb8[xi(15)] ^
736 s6[xi(13)];
737 k[6] = s5[xi(7)] ^ s6[xi(6)] ^ s7[xi(8)] ^ sb8[xi(9)] ^ s7[xi(3)];
738 k[7] = s5[xi(5)] ^ s6[xi(4)] ^ s7[xi(10)] ^ sb8[xi(11)] ^
739 sb8[xi(7)];
740
741 z[0] = x[0] ^ s5[xi(13)] ^ s6[xi(15)] ^ s7[xi(12)] ^ sb8[xi(14)] ^
742 s7[xi(8)];
743 z[1] = x[2] ^ s5[zi(0)] ^ s6[zi(2)] ^ s7[zi(1)] ^ sb8[zi(3)] ^
744 sb8[xi(10)];
745 z[2] = x[3] ^ s5[zi(7)] ^ s6[zi(6)] ^ s7[zi(5)] ^ sb8[zi(4)] ^
746 s5[xi(9)];
747 z[3] = x[1] ^ s5[zi(10)] ^ s6[zi(9)] ^ s7[zi(11)] ^ sb8[zi(8)] ^
748 s6[xi(11)];
749 k[8] = s5[zi(3)] ^ s6[zi(2)] ^ s7[zi(12)] ^ sb8[zi(13)] ^
750 s5[zi(9)];
751 k[9] = s5[zi(1)] ^ s6[zi(0)] ^ s7[zi(14)] ^ sb8[zi(15)] ^
752 s6[zi(12)];
753 k[10] = s5[zi(7)] ^ s6[zi(6)] ^ s7[zi(8)] ^ sb8[zi(9)] ^ s7[zi(2)];
754 k[11] = s5[zi(5)] ^ s6[zi(4)] ^ s7[zi(10)] ^ sb8[zi(11)] ^
755 sb8[zi(6)];
756
757 x[0] = z[2] ^ s5[zi(5)] ^ s6[zi(7)] ^ s7[zi(4)] ^ sb8[zi(6)] ^
758 s7[zi(0)];
759 x[1] = z[0] ^ s5[xi(0)] ^ s6[xi(2)] ^ s7[xi(1)] ^ sb8[xi(3)] ^
760 sb8[zi(2)];
761 x[2] = z[1] ^ s5[xi(7)] ^ s6[xi(6)] ^ s7[xi(5)] ^ sb8[xi(4)] ^
762 s5[zi(1)];
763 x[3] = z[3] ^ s5[xi(10)] ^ s6[xi(9)] ^ s7[xi(11)] ^ sb8[xi(8)] ^
764 s6[zi(3)];
765 k[12] = s5[xi(8)] ^ s6[xi(9)] ^ s7[xi(7)] ^ sb8[xi(6)] ^ s5[xi(3)];
766 k[13] = s5[xi(10)] ^ s6[xi(11)] ^ s7[xi(5)] ^ sb8[xi(4)] ^
767 s6[xi(7)];
768 k[14] = s5[xi(12)] ^ s6[xi(13)] ^ s7[xi(3)] ^ sb8[xi(2)] ^
769 s7[xi(8)];
770 k[15] = s5[xi(14)] ^ s6[xi(15)] ^ s7[xi(1)] ^ sb8[xi(0)] ^
771 sb8[xi(13)];
772
773#undef xi
774#undef zi
775}
776
777
778static int
779cast5_setkey(void *ctx, const u8 * key, unsigned key_len, u32 * flags)
780{
781 int i;
782 u32 x[4];
783 u32 z[4];
784 u32 k[16];
785 u8 p_key[16];
786 struct cast5_ctx *c = (struct cast5_ctx *) ctx;
787
788 if (key_len < 5 || key_len > 16) {
789 *flags |= CRYPTO_TFM_RES_BAD_KEY_LEN;
790 return -EINVAL;
791 }
792
793 c->rr = key_len <= 10 ? 1 : 0;
794
795 memset(p_key, 0, 16);
796 memcpy(p_key, key, key_len);
797
798
799 x[0] = p_key[0] << 24 | p_key[1] << 16 | p_key[2] << 8 | p_key[3];
800 x[1] = p_key[4] << 24 | p_key[5] << 16 | p_key[6] << 8 | p_key[7];
801 x[2] =
802 p_key[8] << 24 | p_key[9] << 16 | p_key[10] << 8 | p_key[11];
803 x[3] =
804 p_key[12] << 24 | p_key[13] << 16 | p_key[14] << 8 | p_key[15];
805
806 key_schedule(x, z, k);
807 for (i = 0; i < 16; i++)
808 c->Km[i] = k[i];
809 key_schedule(x, z, k);
810 for (i = 0; i < 16; i++)
811 c->Kr[i] = k[i] & 0x1f;
812 return 0;
813}
814
815static struct crypto_alg alg = {
816 .cra_name = "cast5",
817 .cra_flags = CRYPTO_ALG_TYPE_CIPHER,
818 .cra_blocksize = CAST5_BLOCK_SIZE,
819 .cra_ctxsize = sizeof(struct cast5_ctx),
820 .cra_module = THIS_MODULE,
821 .cra_list = LIST_HEAD_INIT(alg.cra_list),
822 .cra_u = {
823 .cipher = {
824 .cia_min_keysize = CAST5_MIN_KEY_SIZE,
825 .cia_max_keysize = CAST5_MAX_KEY_SIZE,
826 .cia_setkey = cast5_setkey,
827 .cia_encrypt = cast5_encrypt,
828 .cia_decrypt = cast5_decrypt
829 }
830 }
831};
832
833static int __init init(void)
834{
835 return crypto_register_alg(&alg);
836}
837
838static void __exit fini(void)
839{
840 crypto_unregister_alg(&alg);
841}
842
843module_init(init);
844module_exit(fini);
845
846MODULE_LICENSE("GPL");
847MODULE_DESCRIPTION("Cast5 Cipher Algorithm");
848
diff --git a/crypto/cast6.c b/crypto/cast6.c
new file mode 100644
index 000000000000..3eb081073423
--- /dev/null
+++ b/crypto/cast6.c
@@ -0,0 +1,560 @@
1/* Kernel cryptographic api.
2 * cast6.c - Cast6 cipher algorithm [rfc2612].
3 *
4 * CAST-256 (*cast6*) is a DES like Substitution-Permutation Network (SPN)
5 * cryptosystem built upon the CAST-128 (*cast5*) [rfc2144] encryption
6 * algorithm.
7 *
8 * Copyright (C) 2003 Kartikey Mahendra Bhatt <kartik_me@hotmail.com>.
9 *
10 * This program is free software; you can redistribute it and/or modify it
11 * under the terms of GNU General Public License as published by the Free
12 * Software Foundation; either version 2 of the License, or (at your option)
13 * any later version.
14 *
15 * You should have received a copy of the GNU General Public License
16 * along with this program; if not, write to the Free Software
17 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
18 */
19
20
21#include <linux/init.h>
22#include <linux/crypto.h>
23#include <linux/module.h>
24#include <linux/errno.h>
25#include <linux/string.h>
26
27#define CAST6_BLOCK_SIZE 16
28#define CAST6_MIN_KEY_SIZE 16
29#define CAST6_MAX_KEY_SIZE 32
30
31struct cast6_ctx {
32 u32 Km[12][4];
33 u8 Kr[12][4];
34};
35
36#define F1(D,r,m) ( (I = ((m) + (D))), (I=rol32(I,(r))), \
37 (((s1[I >> 24] ^ s2[(I>>16)&0xff]) - s3[(I>>8)&0xff]) + s4[I&0xff]) )
38#define F2(D,r,m) ( (I = ((m) ^ (D))), (I=rol32(I,(r))), \
39 (((s1[I >> 24] - s2[(I>>16)&0xff]) + s3[(I>>8)&0xff]) ^ s4[I&0xff]) )
40#define F3(D,r,m) ( (I = ((m) - (D))), (I=rol32(I,(r))), \
41 (((s1[I >> 24] + s2[(I>>16)&0xff]) ^ s3[(I>>8)&0xff]) - s4[I&0xff]) )
42
43static const u32 s1[256] = {
44 0x30fb40d4, 0x9fa0ff0b, 0x6beccd2f, 0x3f258c7a, 0x1e213f2f,
45 0x9c004dd3, 0x6003e540, 0xcf9fc949,
46 0xbfd4af27, 0x88bbbdb5, 0xe2034090, 0x98d09675, 0x6e63a0e0,
47 0x15c361d2, 0xc2e7661d, 0x22d4ff8e,
48 0x28683b6f, 0xc07fd059, 0xff2379c8, 0x775f50e2, 0x43c340d3,
49 0xdf2f8656, 0x887ca41a, 0xa2d2bd2d,
50 0xa1c9e0d6, 0x346c4819, 0x61b76d87, 0x22540f2f, 0x2abe32e1,
51 0xaa54166b, 0x22568e3a, 0xa2d341d0,
52 0x66db40c8, 0xa784392f, 0x004dff2f, 0x2db9d2de, 0x97943fac,
53 0x4a97c1d8, 0x527644b7, 0xb5f437a7,
54 0xb82cbaef, 0xd751d159, 0x6ff7f0ed, 0x5a097a1f, 0x827b68d0,
55 0x90ecf52e, 0x22b0c054, 0xbc8e5935,
56 0x4b6d2f7f, 0x50bb64a2, 0xd2664910, 0xbee5812d, 0xb7332290,
57 0xe93b159f, 0xb48ee411, 0x4bff345d,
58 0xfd45c240, 0xad31973f, 0xc4f6d02e, 0x55fc8165, 0xd5b1caad,
59 0xa1ac2dae, 0xa2d4b76d, 0xc19b0c50,
60 0x882240f2, 0x0c6e4f38, 0xa4e4bfd7, 0x4f5ba272, 0x564c1d2f,
61 0xc59c5319, 0xb949e354, 0xb04669fe,
62 0xb1b6ab8a, 0xc71358dd, 0x6385c545, 0x110f935d, 0x57538ad5,
63 0x6a390493, 0xe63d37e0, 0x2a54f6b3,
64 0x3a787d5f, 0x6276a0b5, 0x19a6fcdf, 0x7a42206a, 0x29f9d4d5,
65 0xf61b1891, 0xbb72275e, 0xaa508167,
66 0x38901091, 0xc6b505eb, 0x84c7cb8c, 0x2ad75a0f, 0x874a1427,
67 0xa2d1936b, 0x2ad286af, 0xaa56d291,
68 0xd7894360, 0x425c750d, 0x93b39e26, 0x187184c9, 0x6c00b32d,
69 0x73e2bb14, 0xa0bebc3c, 0x54623779,
70 0x64459eab, 0x3f328b82, 0x7718cf82, 0x59a2cea6, 0x04ee002e,
71 0x89fe78e6, 0x3fab0950, 0x325ff6c2,
72 0x81383f05, 0x6963c5c8, 0x76cb5ad6, 0xd49974c9, 0xca180dcf,
73 0x380782d5, 0xc7fa5cf6, 0x8ac31511,
74 0x35e79e13, 0x47da91d0, 0xf40f9086, 0xa7e2419e, 0x31366241,
75 0x051ef495, 0xaa573b04, 0x4a805d8d,
76 0x548300d0, 0x00322a3c, 0xbf64cddf, 0xba57a68e, 0x75c6372b,
77 0x50afd341, 0xa7c13275, 0x915a0bf5,
78 0x6b54bfab, 0x2b0b1426, 0xab4cc9d7, 0x449ccd82, 0xf7fbf265,
79 0xab85c5f3, 0x1b55db94, 0xaad4e324,
80 0xcfa4bd3f, 0x2deaa3e2, 0x9e204d02, 0xc8bd25ac, 0xeadf55b3,
81 0xd5bd9e98, 0xe31231b2, 0x2ad5ad6c,
82 0x954329de, 0xadbe4528, 0xd8710f69, 0xaa51c90f, 0xaa786bf6,
83 0x22513f1e, 0xaa51a79b, 0x2ad344cc,
84 0x7b5a41f0, 0xd37cfbad, 0x1b069505, 0x41ece491, 0xb4c332e6,
85 0x032268d4, 0xc9600acc, 0xce387e6d,
86 0xbf6bb16c, 0x6a70fb78, 0x0d03d9c9, 0xd4df39de, 0xe01063da,
87 0x4736f464, 0x5ad328d8, 0xb347cc96,
88 0x75bb0fc3, 0x98511bfb, 0x4ffbcc35, 0xb58bcf6a, 0xe11f0abc,
89 0xbfc5fe4a, 0xa70aec10, 0xac39570a,
90 0x3f04442f, 0x6188b153, 0xe0397a2e, 0x5727cb79, 0x9ceb418f,
91 0x1cacd68d, 0x2ad37c96, 0x0175cb9d,
92 0xc69dff09, 0xc75b65f0, 0xd9db40d8, 0xec0e7779, 0x4744ead4,
93 0xb11c3274, 0xdd24cb9e, 0x7e1c54bd,
94 0xf01144f9, 0xd2240eb1, 0x9675b3fd, 0xa3ac3755, 0xd47c27af,
95 0x51c85f4d, 0x56907596, 0xa5bb15e6,
96 0x580304f0, 0xca042cf1, 0x011a37ea, 0x8dbfaadb, 0x35ba3e4a,
97 0x3526ffa0, 0xc37b4d09, 0xbc306ed9,
98 0x98a52666, 0x5648f725, 0xff5e569d, 0x0ced63d0, 0x7c63b2cf,
99 0x700b45e1, 0xd5ea50f1, 0x85a92872,
100 0xaf1fbda7, 0xd4234870, 0xa7870bf3, 0x2d3b4d79, 0x42e04198,
101 0x0cd0ede7, 0x26470db8, 0xf881814c,
102 0x474d6ad7, 0x7c0c5e5c, 0xd1231959, 0x381b7298, 0xf5d2f4db,
103 0xab838653, 0x6e2f1e23, 0x83719c9e,
104 0xbd91e046, 0x9a56456e, 0xdc39200c, 0x20c8c571, 0x962bda1c,
105 0xe1e696ff, 0xb141ab08, 0x7cca89b9,
106 0x1a69e783, 0x02cc4843, 0xa2f7c579, 0x429ef47d, 0x427b169c,
107 0x5ac9f049, 0xdd8f0f00, 0x5c8165bf
108};
109
110static const u32 s2[256] = {
111 0x1f201094, 0xef0ba75b, 0x69e3cf7e, 0x393f4380, 0xfe61cf7a,
112 0xeec5207a, 0x55889c94, 0x72fc0651,
113 0xada7ef79, 0x4e1d7235, 0xd55a63ce, 0xde0436ba, 0x99c430ef,
114 0x5f0c0794, 0x18dcdb7d, 0xa1d6eff3,
115 0xa0b52f7b, 0x59e83605, 0xee15b094, 0xe9ffd909, 0xdc440086,
116 0xef944459, 0xba83ccb3, 0xe0c3cdfb,
117 0xd1da4181, 0x3b092ab1, 0xf997f1c1, 0xa5e6cf7b, 0x01420ddb,
118 0xe4e7ef5b, 0x25a1ff41, 0xe180f806,
119 0x1fc41080, 0x179bee7a, 0xd37ac6a9, 0xfe5830a4, 0x98de8b7f,
120 0x77e83f4e, 0x79929269, 0x24fa9f7b,
121 0xe113c85b, 0xacc40083, 0xd7503525, 0xf7ea615f, 0x62143154,
122 0x0d554b63, 0x5d681121, 0xc866c359,
123 0x3d63cf73, 0xcee234c0, 0xd4d87e87, 0x5c672b21, 0x071f6181,
124 0x39f7627f, 0x361e3084, 0xe4eb573b,
125 0x602f64a4, 0xd63acd9c, 0x1bbc4635, 0x9e81032d, 0x2701f50c,
126 0x99847ab4, 0xa0e3df79, 0xba6cf38c,
127 0x10843094, 0x2537a95e, 0xf46f6ffe, 0xa1ff3b1f, 0x208cfb6a,
128 0x8f458c74, 0xd9e0a227, 0x4ec73a34,
129 0xfc884f69, 0x3e4de8df, 0xef0e0088, 0x3559648d, 0x8a45388c,
130 0x1d804366, 0x721d9bfd, 0xa58684bb,
131 0xe8256333, 0x844e8212, 0x128d8098, 0xfed33fb4, 0xce280ae1,
132 0x27e19ba5, 0xd5a6c252, 0xe49754bd,
133 0xc5d655dd, 0xeb667064, 0x77840b4d, 0xa1b6a801, 0x84db26a9,
134 0xe0b56714, 0x21f043b7, 0xe5d05860,
135 0x54f03084, 0x066ff472, 0xa31aa153, 0xdadc4755, 0xb5625dbf,
136 0x68561be6, 0x83ca6b94, 0x2d6ed23b,
137 0xeccf01db, 0xa6d3d0ba, 0xb6803d5c, 0xaf77a709, 0x33b4a34c,
138 0x397bc8d6, 0x5ee22b95, 0x5f0e5304,
139 0x81ed6f61, 0x20e74364, 0xb45e1378, 0xde18639b, 0x881ca122,
140 0xb96726d1, 0x8049a7e8, 0x22b7da7b,
141 0x5e552d25, 0x5272d237, 0x79d2951c, 0xc60d894c, 0x488cb402,
142 0x1ba4fe5b, 0xa4b09f6b, 0x1ca815cf,
143 0xa20c3005, 0x8871df63, 0xb9de2fcb, 0x0cc6c9e9, 0x0beeff53,
144 0xe3214517, 0xb4542835, 0x9f63293c,
145 0xee41e729, 0x6e1d2d7c, 0x50045286, 0x1e6685f3, 0xf33401c6,
146 0x30a22c95, 0x31a70850, 0x60930f13,
147 0x73f98417, 0xa1269859, 0xec645c44, 0x52c877a9, 0xcdff33a6,
148 0xa02b1741, 0x7cbad9a2, 0x2180036f,
149 0x50d99c08, 0xcb3f4861, 0xc26bd765, 0x64a3f6ab, 0x80342676,
150 0x25a75e7b, 0xe4e6d1fc, 0x20c710e6,
151 0xcdf0b680, 0x17844d3b, 0x31eef84d, 0x7e0824e4, 0x2ccb49eb,
152 0x846a3bae, 0x8ff77888, 0xee5d60f6,
153 0x7af75673, 0x2fdd5cdb, 0xa11631c1, 0x30f66f43, 0xb3faec54,
154 0x157fd7fa, 0xef8579cc, 0xd152de58,
155 0xdb2ffd5e, 0x8f32ce19, 0x306af97a, 0x02f03ef8, 0x99319ad5,
156 0xc242fa0f, 0xa7e3ebb0, 0xc68e4906,
157 0xb8da230c, 0x80823028, 0xdcdef3c8, 0xd35fb171, 0x088a1bc8,
158 0xbec0c560, 0x61a3c9e8, 0xbca8f54d,
159 0xc72feffa, 0x22822e99, 0x82c570b4, 0xd8d94e89, 0x8b1c34bc,
160 0x301e16e6, 0x273be979, 0xb0ffeaa6,
161 0x61d9b8c6, 0x00b24869, 0xb7ffce3f, 0x08dc283b, 0x43daf65a,
162 0xf7e19798, 0x7619b72f, 0x8f1c9ba4,
163 0xdc8637a0, 0x16a7d3b1, 0x9fc393b7, 0xa7136eeb, 0xc6bcc63e,
164 0x1a513742, 0xef6828bc, 0x520365d6,
165 0x2d6a77ab, 0x3527ed4b, 0x821fd216, 0x095c6e2e, 0xdb92f2fb,
166 0x5eea29cb, 0x145892f5, 0x91584f7f,
167 0x5483697b, 0x2667a8cc, 0x85196048, 0x8c4bacea, 0x833860d4,
168 0x0d23e0f9, 0x6c387e8a, 0x0ae6d249,
169 0xb284600c, 0xd835731d, 0xdcb1c647, 0xac4c56ea, 0x3ebd81b3,
170 0x230eabb0, 0x6438bc87, 0xf0b5b1fa,
171 0x8f5ea2b3, 0xfc184642, 0x0a036b7a, 0x4fb089bd, 0x649da589,
172 0xa345415e, 0x5c038323, 0x3e5d3bb9,
173 0x43d79572, 0x7e6dd07c, 0x06dfdf1e, 0x6c6cc4ef, 0x7160a539,
174 0x73bfbe70, 0x83877605, 0x4523ecf1
175};
176
177static const u32 s3[256] = {
178 0x8defc240, 0x25fa5d9f, 0xeb903dbf, 0xe810c907, 0x47607fff,
179 0x369fe44b, 0x8c1fc644, 0xaececa90,
180 0xbeb1f9bf, 0xeefbcaea, 0xe8cf1950, 0x51df07ae, 0x920e8806,
181 0xf0ad0548, 0xe13c8d83, 0x927010d5,
182 0x11107d9f, 0x07647db9, 0xb2e3e4d4, 0x3d4f285e, 0xb9afa820,
183 0xfade82e0, 0xa067268b, 0x8272792e,
184 0x553fb2c0, 0x489ae22b, 0xd4ef9794, 0x125e3fbc, 0x21fffcee,
185 0x825b1bfd, 0x9255c5ed, 0x1257a240,
186 0x4e1a8302, 0xbae07fff, 0x528246e7, 0x8e57140e, 0x3373f7bf,
187 0x8c9f8188, 0xa6fc4ee8, 0xc982b5a5,
188 0xa8c01db7, 0x579fc264, 0x67094f31, 0xf2bd3f5f, 0x40fff7c1,
189 0x1fb78dfc, 0x8e6bd2c1, 0x437be59b,
190 0x99b03dbf, 0xb5dbc64b, 0x638dc0e6, 0x55819d99, 0xa197c81c,
191 0x4a012d6e, 0xc5884a28, 0xccc36f71,
192 0xb843c213, 0x6c0743f1, 0x8309893c, 0x0feddd5f, 0x2f7fe850,
193 0xd7c07f7e, 0x02507fbf, 0x5afb9a04,
194 0xa747d2d0, 0x1651192e, 0xaf70bf3e, 0x58c31380, 0x5f98302e,
195 0x727cc3c4, 0x0a0fb402, 0x0f7fef82,
196 0x8c96fdad, 0x5d2c2aae, 0x8ee99a49, 0x50da88b8, 0x8427f4a0,
197 0x1eac5790, 0x796fb449, 0x8252dc15,
198 0xefbd7d9b, 0xa672597d, 0xada840d8, 0x45f54504, 0xfa5d7403,
199 0xe83ec305, 0x4f91751a, 0x925669c2,
200 0x23efe941, 0xa903f12e, 0x60270df2, 0x0276e4b6, 0x94fd6574,
201 0x927985b2, 0x8276dbcb, 0x02778176,
202 0xf8af918d, 0x4e48f79e, 0x8f616ddf, 0xe29d840e, 0x842f7d83,
203 0x340ce5c8, 0x96bbb682, 0x93b4b148,
204 0xef303cab, 0x984faf28, 0x779faf9b, 0x92dc560d, 0x224d1e20,
205 0x8437aa88, 0x7d29dc96, 0x2756d3dc,
206 0x8b907cee, 0xb51fd240, 0xe7c07ce3, 0xe566b4a1, 0xc3e9615e,
207 0x3cf8209d, 0x6094d1e3, 0xcd9ca341,
208 0x5c76460e, 0x00ea983b, 0xd4d67881, 0xfd47572c, 0xf76cedd9,
209 0xbda8229c, 0x127dadaa, 0x438a074e,
210 0x1f97c090, 0x081bdb8a, 0x93a07ebe, 0xb938ca15, 0x97b03cff,
211 0x3dc2c0f8, 0x8d1ab2ec, 0x64380e51,
212 0x68cc7bfb, 0xd90f2788, 0x12490181, 0x5de5ffd4, 0xdd7ef86a,
213 0x76a2e214, 0xb9a40368, 0x925d958f,
214 0x4b39fffa, 0xba39aee9, 0xa4ffd30b, 0xfaf7933b, 0x6d498623,
215 0x193cbcfa, 0x27627545, 0x825cf47a,
216 0x61bd8ba0, 0xd11e42d1, 0xcead04f4, 0x127ea392, 0x10428db7,
217 0x8272a972, 0x9270c4a8, 0x127de50b,
218 0x285ba1c8, 0x3c62f44f, 0x35c0eaa5, 0xe805d231, 0x428929fb,
219 0xb4fcdf82, 0x4fb66a53, 0x0e7dc15b,
220 0x1f081fab, 0x108618ae, 0xfcfd086d, 0xf9ff2889, 0x694bcc11,
221 0x236a5cae, 0x12deca4d, 0x2c3f8cc5,
222 0xd2d02dfe, 0xf8ef5896, 0xe4cf52da, 0x95155b67, 0x494a488c,
223 0xb9b6a80c, 0x5c8f82bc, 0x89d36b45,
224 0x3a609437, 0xec00c9a9, 0x44715253, 0x0a874b49, 0xd773bc40,
225 0x7c34671c, 0x02717ef6, 0x4feb5536,
226 0xa2d02fff, 0xd2bf60c4, 0xd43f03c0, 0x50b4ef6d, 0x07478cd1,
227 0x006e1888, 0xa2e53f55, 0xb9e6d4bc,
228 0xa2048016, 0x97573833, 0xd7207d67, 0xde0f8f3d, 0x72f87b33,
229 0xabcc4f33, 0x7688c55d, 0x7b00a6b0,
230 0x947b0001, 0x570075d2, 0xf9bb88f8, 0x8942019e, 0x4264a5ff,
231 0x856302e0, 0x72dbd92b, 0xee971b69,
232 0x6ea22fde, 0x5f08ae2b, 0xaf7a616d, 0xe5c98767, 0xcf1febd2,
233 0x61efc8c2, 0xf1ac2571, 0xcc8239c2,
234 0x67214cb8, 0xb1e583d1, 0xb7dc3e62, 0x7f10bdce, 0xf90a5c38,
235 0x0ff0443d, 0x606e6dc6, 0x60543a49,
236 0x5727c148, 0x2be98a1d, 0x8ab41738, 0x20e1be24, 0xaf96da0f,
237 0x68458425, 0x99833be5, 0x600d457d,
238 0x282f9350, 0x8334b362, 0xd91d1120, 0x2b6d8da0, 0x642b1e31,
239 0x9c305a00, 0x52bce688, 0x1b03588a,
240 0xf7baefd5, 0x4142ed9c, 0xa4315c11, 0x83323ec5, 0xdfef4636,
241 0xa133c501, 0xe9d3531c, 0xee353783
242};
243
244static const u32 s4[256] = {
245 0x9db30420, 0x1fb6e9de, 0xa7be7bef, 0xd273a298, 0x4a4f7bdb,
246 0x64ad8c57, 0x85510443, 0xfa020ed1,
247 0x7e287aff, 0xe60fb663, 0x095f35a1, 0x79ebf120, 0xfd059d43,
248 0x6497b7b1, 0xf3641f63, 0x241e4adf,
249 0x28147f5f, 0x4fa2b8cd, 0xc9430040, 0x0cc32220, 0xfdd30b30,
250 0xc0a5374f, 0x1d2d00d9, 0x24147b15,
251 0xee4d111a, 0x0fca5167, 0x71ff904c, 0x2d195ffe, 0x1a05645f,
252 0x0c13fefe, 0x081b08ca, 0x05170121,
253 0x80530100, 0xe83e5efe, 0xac9af4f8, 0x7fe72701, 0xd2b8ee5f,
254 0x06df4261, 0xbb9e9b8a, 0x7293ea25,
255 0xce84ffdf, 0xf5718801, 0x3dd64b04, 0xa26f263b, 0x7ed48400,
256 0x547eebe6, 0x446d4ca0, 0x6cf3d6f5,
257 0x2649abdf, 0xaea0c7f5, 0x36338cc1, 0x503f7e93, 0xd3772061,
258 0x11b638e1, 0x72500e03, 0xf80eb2bb,
259 0xabe0502e, 0xec8d77de, 0x57971e81, 0xe14f6746, 0xc9335400,
260 0x6920318f, 0x081dbb99, 0xffc304a5,
261 0x4d351805, 0x7f3d5ce3, 0xa6c866c6, 0x5d5bcca9, 0xdaec6fea,
262 0x9f926f91, 0x9f46222f, 0x3991467d,
263 0xa5bf6d8e, 0x1143c44f, 0x43958302, 0xd0214eeb, 0x022083b8,
264 0x3fb6180c, 0x18f8931e, 0x281658e6,
265 0x26486e3e, 0x8bd78a70, 0x7477e4c1, 0xb506e07c, 0xf32d0a25,
266 0x79098b02, 0xe4eabb81, 0x28123b23,
267 0x69dead38, 0x1574ca16, 0xdf871b62, 0x211c40b7, 0xa51a9ef9,
268 0x0014377b, 0x041e8ac8, 0x09114003,
269 0xbd59e4d2, 0xe3d156d5, 0x4fe876d5, 0x2f91a340, 0x557be8de,
270 0x00eae4a7, 0x0ce5c2ec, 0x4db4bba6,
271 0xe756bdff, 0xdd3369ac, 0xec17b035, 0x06572327, 0x99afc8b0,
272 0x56c8c391, 0x6b65811c, 0x5e146119,
273 0x6e85cb75, 0xbe07c002, 0xc2325577, 0x893ff4ec, 0x5bbfc92d,
274 0xd0ec3b25, 0xb7801ab7, 0x8d6d3b24,
275 0x20c763ef, 0xc366a5fc, 0x9c382880, 0x0ace3205, 0xaac9548a,
276 0xeca1d7c7, 0x041afa32, 0x1d16625a,
277 0x6701902c, 0x9b757a54, 0x31d477f7, 0x9126b031, 0x36cc6fdb,
278 0xc70b8b46, 0xd9e66a48, 0x56e55a79,
279 0x026a4ceb, 0x52437eff, 0x2f8f76b4, 0x0df980a5, 0x8674cde3,
280 0xedda04eb, 0x17a9be04, 0x2c18f4df,
281 0xb7747f9d, 0xab2af7b4, 0xefc34d20, 0x2e096b7c, 0x1741a254,
282 0xe5b6a035, 0x213d42f6, 0x2c1c7c26,
283 0x61c2f50f, 0x6552daf9, 0xd2c231f8, 0x25130f69, 0xd8167fa2,
284 0x0418f2c8, 0x001a96a6, 0x0d1526ab,
285 0x63315c21, 0x5e0a72ec, 0x49bafefd, 0x187908d9, 0x8d0dbd86,
286 0x311170a7, 0x3e9b640c, 0xcc3e10d7,
287 0xd5cad3b6, 0x0caec388, 0xf73001e1, 0x6c728aff, 0x71eae2a1,
288 0x1f9af36e, 0xcfcbd12f, 0xc1de8417,
289 0xac07be6b, 0xcb44a1d8, 0x8b9b0f56, 0x013988c3, 0xb1c52fca,
290 0xb4be31cd, 0xd8782806, 0x12a3a4e2,
291 0x6f7de532, 0x58fd7eb6, 0xd01ee900, 0x24adffc2, 0xf4990fc5,
292 0x9711aac5, 0x001d7b95, 0x82e5e7d2,
293 0x109873f6, 0x00613096, 0xc32d9521, 0xada121ff, 0x29908415,
294 0x7fbb977f, 0xaf9eb3db, 0x29c9ed2a,
295 0x5ce2a465, 0xa730f32c, 0xd0aa3fe8, 0x8a5cc091, 0xd49e2ce7,
296 0x0ce454a9, 0xd60acd86, 0x015f1919,
297 0x77079103, 0xdea03af6, 0x78a8565e, 0xdee356df, 0x21f05cbe,
298 0x8b75e387, 0xb3c50651, 0xb8a5c3ef,
299 0xd8eeb6d2, 0xe523be77, 0xc2154529, 0x2f69efdf, 0xafe67afb,
300 0xf470c4b2, 0xf3e0eb5b, 0xd6cc9876,
301 0x39e4460c, 0x1fda8538, 0x1987832f, 0xca007367, 0xa99144f8,
302 0x296b299e, 0x492fc295, 0x9266beab,
303 0xb5676e69, 0x9bd3ddda, 0xdf7e052f, 0xdb25701c, 0x1b5e51ee,
304 0xf65324e6, 0x6afce36c, 0x0316cc04,
305 0x8644213e, 0xb7dc59d0, 0x7965291f, 0xccd6fd43, 0x41823979,
306 0x932bcdf6, 0xb657c34d, 0x4edfd282,
307 0x7ae5290c, 0x3cb9536b, 0x851e20fe, 0x9833557e, 0x13ecf0b0,
308 0xd3ffb372, 0x3f85c5c1, 0x0aef7ed2
309};
310
311static const u32 Tm[24][8] = {
312 { 0x5a827999, 0xc95c653a, 0x383650db, 0xa7103c7c, 0x15ea281d,
313 0x84c413be, 0xf39dff5f, 0x6277eb00 } ,
314 { 0xd151d6a1, 0x402bc242, 0xaf05ade3, 0x1ddf9984, 0x8cb98525,
315 0xfb9370c6, 0x6a6d5c67, 0xd9474808 } ,
316 { 0x482133a9, 0xb6fb1f4a, 0x25d50aeb, 0x94aef68c, 0x0388e22d,
317 0x7262cdce, 0xe13cb96f, 0x5016a510 } ,
318 { 0xbef090b1, 0x2dca7c52, 0x9ca467f3, 0x0b7e5394, 0x7a583f35,
319 0xe9322ad6, 0x580c1677, 0xc6e60218 } ,
320 { 0x35bfedb9, 0xa499d95a, 0x1373c4fb, 0x824db09c, 0xf1279c3d,
321 0x600187de, 0xcedb737f, 0x3db55f20 } ,
322 { 0xac8f4ac1, 0x1b693662, 0x8a432203, 0xf91d0da4, 0x67f6f945,
323 0xd6d0e4e6, 0x45aad087, 0xb484bc28 } ,
324 { 0x235ea7c9, 0x9238936a, 0x01127f0b, 0x6fec6aac, 0xdec6564d,
325 0x4da041ee, 0xbc7a2d8f, 0x2b541930 } ,
326 { 0x9a2e04d1, 0x0907f072, 0x77e1dc13, 0xe6bbc7b4, 0x5595b355,
327 0xc46f9ef6, 0x33498a97, 0xa2237638 } ,
328 { 0x10fd61d9, 0x7fd74d7a, 0xeeb1391b, 0x5d8b24bc, 0xcc65105d,
329 0x3b3efbfe, 0xaa18e79f, 0x18f2d340 } ,
330 { 0x87ccbee1, 0xf6a6aa82, 0x65809623, 0xd45a81c4, 0x43346d65,
331 0xb20e5906, 0x20e844a7, 0x8fc23048 } ,
332 { 0xfe9c1be9, 0x6d76078a, 0xdc4ff32b, 0x4b29decc, 0xba03ca6d,
333 0x28ddb60e, 0x97b7a1af, 0x06918d50 } ,
334 { 0x756b78f1, 0xe4456492, 0x531f5033, 0xc1f93bd4, 0x30d32775,
335 0x9fad1316, 0x0e86feb7, 0x7d60ea58 } ,
336 { 0xec3ad5f9, 0x5b14c19a, 0xc9eead3b, 0x38c898dc, 0xa7a2847d,
337 0x167c701e, 0x85565bbf, 0xf4304760 } ,
338 { 0x630a3301, 0xd1e41ea2, 0x40be0a43, 0xaf97f5e4, 0x1e71e185,
339 0x8d4bcd26, 0xfc25b8c7, 0x6affa468 } ,
340 { 0xd9d99009, 0x48b37baa, 0xb78d674b, 0x266752ec, 0x95413e8d,
341 0x041b2a2e, 0x72f515cf, 0xe1cf0170 } ,
342 { 0x50a8ed11, 0xbf82d8b2, 0x2e5cc453, 0x9d36aff4, 0x0c109b95,
343 0x7aea8736, 0xe9c472d7, 0x589e5e78 } ,
344 { 0xc7784a19, 0x365235ba, 0xa52c215b, 0x14060cfc, 0x82dff89d,
345 0xf1b9e43e, 0x6093cfdf, 0xcf6dbb80 } ,
346 { 0x3e47a721, 0xad2192c2, 0x1bfb7e63, 0x8ad56a04, 0xf9af55a5,
347 0x68894146, 0xd7632ce7, 0x463d1888 } ,
348 { 0xb5170429, 0x23f0efca, 0x92cadb6b, 0x01a4c70c, 0x707eb2ad,
349 0xdf589e4e, 0x4e3289ef, 0xbd0c7590 } ,
350 { 0x2be66131, 0x9ac04cd2, 0x099a3873, 0x78742414, 0xe74e0fb5,
351 0x5627fb56, 0xc501e6f7, 0x33dbd298 } ,
352 { 0xa2b5be39, 0x118fa9da, 0x8069957b, 0xef43811c, 0x5e1d6cbd,
353 0xccf7585e, 0x3bd143ff, 0xaaab2fa0 } ,
354 { 0x19851b41, 0x885f06e2, 0xf738f283, 0x6612de24, 0xd4ecc9c5,
355 0x43c6b566, 0xb2a0a107, 0x217a8ca8 } ,
356 { 0x90547849, 0xff2e63ea, 0x6e084f8b, 0xdce23b2c, 0x4bbc26cd,
357 0xba96126e, 0x296ffe0f, 0x9849e9b0 } ,
358 { 0x0723d551, 0x75fdc0f2, 0xe4d7ac93, 0x53b19834, 0xc28b83d5,
359 0x31656f76, 0xa03f5b17, 0x0f1946b8 }
360};
361
362static const u8 Tr[4][8] = {
363 { 0x13, 0x04, 0x15, 0x06, 0x17, 0x08, 0x19, 0x0a } ,
364 { 0x1b, 0x0c, 0x1d, 0x0e, 0x1f, 0x10, 0x01, 0x12 } ,
365 { 0x03, 0x14, 0x05, 0x16, 0x07, 0x18, 0x09, 0x1a } ,
366 { 0x0b, 0x1c, 0x0d, 0x1e, 0x0f, 0x00, 0x11, 0x02 }
367};
368
369/* forward octave */
370static inline void W(u32 *key, unsigned int i) {
371 u32 I;
372 key[6] ^= F1(key[7], Tr[i % 4][0], Tm[i][0]);
373 key[5] ^= F2(key[6], Tr[i % 4][1], Tm[i][1]);
374 key[4] ^= F3(key[5], Tr[i % 4][2], Tm[i][2]);
375 key[3] ^= F1(key[4], Tr[i % 4][3], Tm[i][3]);
376 key[2] ^= F2(key[3], Tr[i % 4][4], Tm[i][4]);
377 key[1] ^= F3(key[2], Tr[i % 4][5], Tm[i][5]);
378 key[0] ^= F1(key[1], Tr[i % 4][6], Tm[i][6]);
379 key[7] ^= F2(key[0], Tr[i % 4][7], Tm[i][7]);
380}
381
382static int
383cast6_setkey(void *ctx, const u8 * in_key, unsigned key_len, u32 * flags)
384{
385 int i;
386 u32 key[8];
387 u8 p_key[32]; /* padded key */
388 struct cast6_ctx *c = (struct cast6_ctx *) ctx;
389
390 if (key_len < 16 || key_len > 32 || key_len % 4 != 0) {
391 *flags |= CRYPTO_TFM_RES_BAD_KEY_LEN;
392 return -EINVAL;
393 }
394
395 memset (p_key, 0, 32);
396 memcpy (p_key, in_key, key_len);
397
398 key[0] = p_key[0] << 24 | p_key[1] << 16 | p_key[2] << 8 | p_key[3]; /* A */
399 key[1] = p_key[4] << 24 | p_key[5] << 16 | p_key[6] << 8 | p_key[7]; /* B */
400 key[2] = p_key[8] << 24 | p_key[9] << 16 | p_key[10] << 8 | p_key[11]; /* C */
401 key[3] = p_key[12] << 24 | p_key[13] << 16 | p_key[14] << 8 | p_key[15]; /* D */
402 key[4] = p_key[16] << 24 | p_key[17] << 16 | p_key[18] << 8 | p_key[19]; /* E */
403 key[5] = p_key[20] << 24 | p_key[21] << 16 | p_key[22] << 8 | p_key[23]; /* F */
404 key[6] = p_key[24] << 24 | p_key[25] << 16 | p_key[26] << 8 | p_key[27]; /* G */
405 key[7] = p_key[28] << 24 | p_key[29] << 16 | p_key[30] << 8 | p_key[31]; /* H */
406
407
408
409 for (i = 0; i < 12; i++) {
410 W (key, 2 * i);
411 W (key, 2 * i + 1);
412
413 c->Kr[i][0] = key[0] & 0x1f;
414 c->Kr[i][1] = key[2] & 0x1f;
415 c->Kr[i][2] = key[4] & 0x1f;
416 c->Kr[i][3] = key[6] & 0x1f;
417
418 c->Km[i][0] = key[7];
419 c->Km[i][1] = key[5];
420 c->Km[i][2] = key[3];
421 c->Km[i][3] = key[1];
422 }
423
424 return 0;
425}
426
427/*forward quad round*/
428static inline void Q (u32 * block, u8 * Kr, u32 * Km) {
429 u32 I;
430 block[2] ^= F1(block[3], Kr[0], Km[0]);
431 block[1] ^= F2(block[2], Kr[1], Km[1]);
432 block[0] ^= F3(block[1], Kr[2], Km[2]);
433 block[3] ^= F1(block[0], Kr[3], Km[3]);
434}
435
436/*reverse quad round*/
437static inline void QBAR (u32 * block, u8 * Kr, u32 * Km) {
438 u32 I;
439 block[3] ^= F1(block[0], Kr[3], Km[3]);
440 block[0] ^= F3(block[1], Kr[2], Km[2]);
441 block[1] ^= F2(block[2], Kr[1], Km[1]);
442 block[2] ^= F1(block[3], Kr[0], Km[0]);
443}
444
445static void cast6_encrypt (void * ctx, u8 * outbuf, const u8 * inbuf) {
446 struct cast6_ctx * c = (struct cast6_ctx *)ctx;
447 u32 block[4];
448 u32 * Km;
449 u8 * Kr;
450
451 block[0] = inbuf[0] << 24 | inbuf[1] << 16 | inbuf[2] << 8 | inbuf[3];
452 block[1] = inbuf[4] << 24 | inbuf[5] << 16 | inbuf[6] << 8 | inbuf[7];
453 block[2] = inbuf[8] << 24 | inbuf[9] << 16 | inbuf[10] << 8 | inbuf[11];
454 block[3] = inbuf[12] << 24 | inbuf[13] << 16 | inbuf[14] << 8 | inbuf[15];
455
456 Km = c->Km[0]; Kr = c->Kr[0]; Q (block, Kr, Km);
457 Km = c->Km[1]; Kr = c->Kr[1]; Q (block, Kr, Km);
458 Km = c->Km[2]; Kr = c->Kr[2]; Q (block, Kr, Km);
459 Km = c->Km[3]; Kr = c->Kr[3]; Q (block, Kr, Km);
460 Km = c->Km[4]; Kr = c->Kr[4]; Q (block, Kr, Km);
461 Km = c->Km[5]; Kr = c->Kr[5]; Q (block, Kr, Km);
462 Km = c->Km[6]; Kr = c->Kr[6]; QBAR (block, Kr, Km);
463 Km = c->Km[7]; Kr = c->Kr[7]; QBAR (block, Kr, Km);
464 Km = c->Km[8]; Kr = c->Kr[8]; QBAR (block, Kr, Km);
465 Km = c->Km[9]; Kr = c->Kr[9]; QBAR (block, Kr, Km);
466 Km = c->Km[10]; Kr = c->Kr[10]; QBAR (block, Kr, Km);
467 Km = c->Km[11]; Kr = c->Kr[11]; QBAR (block, Kr, Km);
468
469 outbuf[0] = (block[0] >> 24) & 0xff;
470 outbuf[1] = (block[0] >> 16) & 0xff;
471 outbuf[2] = (block[0] >> 8) & 0xff;
472 outbuf[3] = block[0] & 0xff;
473 outbuf[4] = (block[1] >> 24) & 0xff;
474 outbuf[5] = (block[1] >> 16) & 0xff;
475 outbuf[6] = (block[1] >> 8) & 0xff;
476 outbuf[7] = block[1] & 0xff;
477 outbuf[8] = (block[2] >> 24) & 0xff;
478 outbuf[9] = (block[2] >> 16) & 0xff;
479 outbuf[10] = (block[2] >> 8) & 0xff;
480 outbuf[11] = block[2] & 0xff;
481 outbuf[12] = (block[3] >> 24) & 0xff;
482 outbuf[13] = (block[3] >> 16) & 0xff;
483 outbuf[14] = (block[3] >> 8) & 0xff;
484 outbuf[15] = block[3] & 0xff;
485}
486
487static void cast6_decrypt (void * ctx, u8 * outbuf, const u8 * inbuf) {
488 struct cast6_ctx * c = (struct cast6_ctx *)ctx;
489 u32 block[4];
490 u32 * Km;
491 u8 * Kr;
492
493 block[0] = inbuf[0] << 24 | inbuf[1] << 16 | inbuf[2] << 8 | inbuf[3];
494 block[1] = inbuf[4] << 24 | inbuf[5] << 16 | inbuf[6] << 8 | inbuf[7];
495 block[2] = inbuf[8] << 24 | inbuf[9] << 16 | inbuf[10] << 8 | inbuf[11];
496 block[3] = inbuf[12] << 24 | inbuf[13] << 16 | inbuf[14] << 8 | inbuf[15];
497
498 Km = c->Km[11]; Kr = c->Kr[11]; Q (block, Kr, Km);
499 Km = c->Km[10]; Kr = c->Kr[10]; Q (block, Kr, Km);
500 Km = c->Km[9]; Kr = c->Kr[9]; Q (block, Kr, Km);
501 Km = c->Km[8]; Kr = c->Kr[8]; Q (block, Kr, Km);
502 Km = c->Km[7]; Kr = c->Kr[7]; Q (block, Kr, Km);
503 Km = c->Km[6]; Kr = c->Kr[6]; Q (block, Kr, Km);
504 Km = c->Km[5]; Kr = c->Kr[5]; QBAR (block, Kr, Km);
505 Km = c->Km[4]; Kr = c->Kr[4]; QBAR (block, Kr, Km);
506 Km = c->Km[3]; Kr = c->Kr[3]; QBAR (block, Kr, Km);
507 Km = c->Km[2]; Kr = c->Kr[2]; QBAR (block, Kr, Km);
508 Km = c->Km[1]; Kr = c->Kr[1]; QBAR (block, Kr, Km);
509 Km = c->Km[0]; Kr = c->Kr[0]; QBAR (block, Kr, Km);
510
511 outbuf[0] = (block[0] >> 24) & 0xff;
512 outbuf[1] = (block[0] >> 16) & 0xff;
513 outbuf[2] = (block[0] >> 8) & 0xff;
514 outbuf[3] = block[0] & 0xff;
515 outbuf[4] = (block[1] >> 24) & 0xff;
516 outbuf[5] = (block[1] >> 16) & 0xff;
517 outbuf[6] = (block[1] >> 8) & 0xff;
518 outbuf[7] = block[1] & 0xff;
519 outbuf[8] = (block[2] >> 24) & 0xff;
520 outbuf[9] = (block[2] >> 16) & 0xff;
521 outbuf[10] = (block[2] >> 8) & 0xff;
522 outbuf[11] = block[2] & 0xff;
523 outbuf[12] = (block[3] >> 24) & 0xff;
524 outbuf[13] = (block[3] >> 16) & 0xff;
525 outbuf[14] = (block[3] >> 8) & 0xff;
526 outbuf[15] = block[3] & 0xff;
527}
528
529static struct crypto_alg alg = {
530 .cra_name = "cast6",
531 .cra_flags = CRYPTO_ALG_TYPE_CIPHER,
532 .cra_blocksize = CAST6_BLOCK_SIZE,
533 .cra_ctxsize = sizeof(struct cast6_ctx),
534 .cra_module = THIS_MODULE,
535 .cra_list = LIST_HEAD_INIT(alg.cra_list),
536 .cra_u = {
537 .cipher = {
538 .cia_min_keysize = CAST6_MIN_KEY_SIZE,
539 .cia_max_keysize = CAST6_MAX_KEY_SIZE,
540 .cia_setkey = cast6_setkey,
541 .cia_encrypt = cast6_encrypt,
542 .cia_decrypt = cast6_decrypt}
543 }
544};
545
546static int __init init(void)
547{
548 return crypto_register_alg(&alg);
549}
550
551static void __exit fini(void)
552{
553 crypto_unregister_alg(&alg);
554}
555
556module_init(init);
557module_exit(fini);
558
559MODULE_LICENSE("GPL");
560MODULE_DESCRIPTION("Cast6 Cipher Algorithm");
diff --git a/crypto/cipher.c b/crypto/cipher.c
new file mode 100644
index 000000000000..f434ce7c2d0b
--- /dev/null
+++ b/crypto/cipher.c
@@ -0,0 +1,341 @@
1/*
2 * Cryptographic API.
3 *
4 * Cipher operations.
5 *
6 * Copyright (c) 2002 James Morris <jmorris@intercode.com.au>
7 *
8 * This program is free software; you can redistribute it and/or modify it
9 * under the terms of the GNU General Public License as published by the Free
10 * Software Foundation; either version 2 of the License, or (at your option)
11 * any later version.
12 *
13 */
14#include <linux/compiler.h>
15#include <linux/kernel.h>
16#include <linux/crypto.h>
17#include <linux/errno.h>
18#include <linux/mm.h>
19#include <linux/slab.h>
20#include <linux/string.h>
21#include <asm/scatterlist.h>
22#include "internal.h"
23#include "scatterwalk.h"
24
25typedef void (cryptfn_t)(void *, u8 *, const u8 *);
26typedef void (procfn_t)(struct crypto_tfm *, u8 *,
27 u8*, cryptfn_t, void *);
28
29static inline void xor_64(u8 *a, const u8 *b)
30{
31 ((u32 *)a)[0] ^= ((u32 *)b)[0];
32 ((u32 *)a)[1] ^= ((u32 *)b)[1];
33}
34
35static inline void xor_128(u8 *a, const u8 *b)
36{
37 ((u32 *)a)[0] ^= ((u32 *)b)[0];
38 ((u32 *)a)[1] ^= ((u32 *)b)[1];
39 ((u32 *)a)[2] ^= ((u32 *)b)[2];
40 ((u32 *)a)[3] ^= ((u32 *)b)[3];
41}
42
43static inline void *prepare_src(struct scatter_walk *walk, int bsize,
44 void *tmp, int in_place)
45{
46 void *src = walk->data;
47 int n = bsize;
48
49 if (unlikely(scatterwalk_across_pages(walk, bsize))) {
50 src = tmp;
51 n = scatterwalk_copychunks(src, walk, bsize, 0);
52 }
53 scatterwalk_advance(walk, n);
54 return src;
55}
56
57static inline void *prepare_dst(struct scatter_walk *walk, int bsize,
58 void *tmp, int in_place)
59{
60 void *dst = walk->data;
61
62 if (unlikely(scatterwalk_across_pages(walk, bsize)) || in_place)
63 dst = tmp;
64 return dst;
65}
66
67static inline void complete_src(struct scatter_walk *walk, int bsize,
68 void *src, int in_place)
69{
70}
71
72static inline void complete_dst(struct scatter_walk *walk, int bsize,
73 void *dst, int in_place)
74{
75 int n = bsize;
76
77 if (unlikely(scatterwalk_across_pages(walk, bsize)))
78 n = scatterwalk_copychunks(dst, walk, bsize, 1);
79 else if (in_place)
80 memcpy(walk->data, dst, bsize);
81 scatterwalk_advance(walk, n);
82}
83
84/*
85 * Generic encrypt/decrypt wrapper for ciphers, handles operations across
86 * multiple page boundaries by using temporary blocks. In user context,
87 * the kernel is given a chance to schedule us once per block.
88 */
89static int crypt(struct crypto_tfm *tfm,
90 struct scatterlist *dst,
91 struct scatterlist *src,
92 unsigned int nbytes, cryptfn_t crfn,
93 procfn_t prfn, void *info)
94{
95 struct scatter_walk walk_in, walk_out;
96 const unsigned int bsize = crypto_tfm_alg_blocksize(tfm);
97 u8 tmp_src[bsize];
98 u8 tmp_dst[bsize];
99
100 if (!nbytes)
101 return 0;
102
103 if (nbytes % bsize) {
104 tfm->crt_flags |= CRYPTO_TFM_RES_BAD_BLOCK_LEN;
105 return -EINVAL;
106 }
107
108 scatterwalk_start(&walk_in, src);
109 scatterwalk_start(&walk_out, dst);
110
111 for(;;) {
112 u8 *src_p, *dst_p;
113 int in_place;
114
115 scatterwalk_map(&walk_in, 0);
116 scatterwalk_map(&walk_out, 1);
117
118 in_place = scatterwalk_samebuf(&walk_in, &walk_out);
119
120 do {
121 src_p = prepare_src(&walk_in, bsize, tmp_src,
122 in_place);
123 dst_p = prepare_dst(&walk_out, bsize, tmp_dst,
124 in_place);
125
126 prfn(tfm, dst_p, src_p, crfn, info);
127
128 complete_src(&walk_in, bsize, src_p, in_place);
129 complete_dst(&walk_out, bsize, dst_p, in_place);
130
131 nbytes -= bsize;
132 } while (nbytes &&
133 !scatterwalk_across_pages(&walk_in, bsize) &&
134 !scatterwalk_across_pages(&walk_out, bsize));
135
136 scatterwalk_done(&walk_in, 0, nbytes);
137 scatterwalk_done(&walk_out, 1, nbytes);
138
139 if (!nbytes)
140 return 0;
141
142 crypto_yield(tfm);
143 }
144}
145
146static void cbc_process_encrypt(struct crypto_tfm *tfm, u8 *dst, u8 *src,
147 cryptfn_t fn, void *info)
148{
149 u8 *iv = info;
150
151 tfm->crt_u.cipher.cit_xor_block(iv, src);
152 fn(crypto_tfm_ctx(tfm), dst, iv);
153 memcpy(iv, dst, crypto_tfm_alg_blocksize(tfm));
154}
155
156static void cbc_process_decrypt(struct crypto_tfm *tfm, u8 *dst, u8 *src,
157 cryptfn_t fn, void *info)
158{
159 u8 *iv = info;
160
161 fn(crypto_tfm_ctx(tfm), dst, src);
162 tfm->crt_u.cipher.cit_xor_block(dst, iv);
163 memcpy(iv, src, crypto_tfm_alg_blocksize(tfm));
164}
165
166static void ecb_process(struct crypto_tfm *tfm, u8 *dst, u8 *src,
167 cryptfn_t fn, void *info)
168{
169 fn(crypto_tfm_ctx(tfm), dst, src);
170}
171
172static int setkey(struct crypto_tfm *tfm, const u8 *key, unsigned int keylen)
173{
174 struct cipher_alg *cia = &tfm->__crt_alg->cra_cipher;
175
176 if (keylen < cia->cia_min_keysize || keylen > cia->cia_max_keysize) {
177 tfm->crt_flags |= CRYPTO_TFM_RES_BAD_KEY_LEN;
178 return -EINVAL;
179 } else
180 return cia->cia_setkey(crypto_tfm_ctx(tfm), key, keylen,
181 &tfm->crt_flags);
182}
183
184static int ecb_encrypt(struct crypto_tfm *tfm,
185 struct scatterlist *dst,
186 struct scatterlist *src, unsigned int nbytes)
187{
188 return crypt(tfm, dst, src, nbytes,
189 tfm->__crt_alg->cra_cipher.cia_encrypt,
190 ecb_process, NULL);
191}
192
193static int ecb_decrypt(struct crypto_tfm *tfm,
194 struct scatterlist *dst,
195 struct scatterlist *src,
196 unsigned int nbytes)
197{
198 return crypt(tfm, dst, src, nbytes,
199 tfm->__crt_alg->cra_cipher.cia_decrypt,
200 ecb_process, NULL);
201}
202
203static int cbc_encrypt(struct crypto_tfm *tfm,
204 struct scatterlist *dst,
205 struct scatterlist *src,
206 unsigned int nbytes)
207{
208 return crypt(tfm, dst, src, nbytes,
209 tfm->__crt_alg->cra_cipher.cia_encrypt,
210 cbc_process_encrypt, tfm->crt_cipher.cit_iv);
211}
212
213static int cbc_encrypt_iv(struct crypto_tfm *tfm,
214 struct scatterlist *dst,
215 struct scatterlist *src,
216 unsigned int nbytes, u8 *iv)
217{
218 return crypt(tfm, dst, src, nbytes,
219 tfm->__crt_alg->cra_cipher.cia_encrypt,
220 cbc_process_encrypt, iv);
221}
222
223static int cbc_decrypt(struct crypto_tfm *tfm,
224 struct scatterlist *dst,
225 struct scatterlist *src,
226 unsigned int nbytes)
227{
228 return crypt(tfm, dst, src, nbytes,
229 tfm->__crt_alg->cra_cipher.cia_decrypt,
230 cbc_process_decrypt, tfm->crt_cipher.cit_iv);
231}
232
233static int cbc_decrypt_iv(struct crypto_tfm *tfm,
234 struct scatterlist *dst,
235 struct scatterlist *src,
236 unsigned int nbytes, u8 *iv)
237{
238 return crypt(tfm, dst, src, nbytes,
239 tfm->__crt_alg->cra_cipher.cia_decrypt,
240 cbc_process_decrypt, iv);
241}
242
243static int nocrypt(struct crypto_tfm *tfm,
244 struct scatterlist *dst,
245 struct scatterlist *src,
246 unsigned int nbytes)
247{
248 return -ENOSYS;
249}
250
251static int nocrypt_iv(struct crypto_tfm *tfm,
252 struct scatterlist *dst,
253 struct scatterlist *src,
254 unsigned int nbytes, u8 *iv)
255{
256 return -ENOSYS;
257}
258
259int crypto_init_cipher_flags(struct crypto_tfm *tfm, u32 flags)
260{
261 u32 mode = flags & CRYPTO_TFM_MODE_MASK;
262
263 tfm->crt_cipher.cit_mode = mode ? mode : CRYPTO_TFM_MODE_ECB;
264 if (flags & CRYPTO_TFM_REQ_WEAK_KEY)
265 tfm->crt_flags = CRYPTO_TFM_REQ_WEAK_KEY;
266
267 return 0;
268}
269
270int crypto_init_cipher_ops(struct crypto_tfm *tfm)
271{
272 int ret = 0;
273 struct cipher_tfm *ops = &tfm->crt_cipher;
274
275 ops->cit_setkey = setkey;
276
277 switch (tfm->crt_cipher.cit_mode) {
278 case CRYPTO_TFM_MODE_ECB:
279 ops->cit_encrypt = ecb_encrypt;
280 ops->cit_decrypt = ecb_decrypt;
281 break;
282
283 case CRYPTO_TFM_MODE_CBC:
284 ops->cit_encrypt = cbc_encrypt;
285 ops->cit_decrypt = cbc_decrypt;
286 ops->cit_encrypt_iv = cbc_encrypt_iv;
287 ops->cit_decrypt_iv = cbc_decrypt_iv;
288 break;
289
290 case CRYPTO_TFM_MODE_CFB:
291 ops->cit_encrypt = nocrypt;
292 ops->cit_decrypt = nocrypt;
293 ops->cit_encrypt_iv = nocrypt_iv;
294 ops->cit_decrypt_iv = nocrypt_iv;
295 break;
296
297 case CRYPTO_TFM_MODE_CTR:
298 ops->cit_encrypt = nocrypt;
299 ops->cit_decrypt = nocrypt;
300 ops->cit_encrypt_iv = nocrypt_iv;
301 ops->cit_decrypt_iv = nocrypt_iv;
302 break;
303
304 default:
305 BUG();
306 }
307
308 if (ops->cit_mode == CRYPTO_TFM_MODE_CBC) {
309
310 switch (crypto_tfm_alg_blocksize(tfm)) {
311 case 8:
312 ops->cit_xor_block = xor_64;
313 break;
314
315 case 16:
316 ops->cit_xor_block = xor_128;
317 break;
318
319 default:
320 printk(KERN_WARNING "%s: block size %u not supported\n",
321 crypto_tfm_alg_name(tfm),
322 crypto_tfm_alg_blocksize(tfm));
323 ret = -EINVAL;
324 goto out;
325 }
326
327 ops->cit_ivsize = crypto_tfm_alg_blocksize(tfm);
328 ops->cit_iv = kmalloc(ops->cit_ivsize, GFP_KERNEL);
329 if (ops->cit_iv == NULL)
330 ret = -ENOMEM;
331 }
332
333out:
334 return ret;
335}
336
337void crypto_exit_cipher_ops(struct crypto_tfm *tfm)
338{
339 if (tfm->crt_cipher.cit_iv)
340 kfree(tfm->crt_cipher.cit_iv);
341}
diff --git a/crypto/compress.c b/crypto/compress.c
new file mode 100644
index 000000000000..eb36d9364da3
--- /dev/null
+++ b/crypto/compress.c
@@ -0,0 +1,63 @@
1/*
2 * Cryptographic API.
3 *
4 * Compression operations.
5 *
6 * Copyright (c) 2002 James Morris <jmorris@intercode.com.au>
7 *
8 * This program is free software; you can redistribute it and/or modify it
9 * under the terms of the GNU General Public License as published by the Free
10 * Software Foundation; either version 2 of the License, or (at your option)
11 * any later version.
12 *
13 */
14#include <linux/types.h>
15#include <linux/crypto.h>
16#include <linux/errno.h>
17#include <asm/scatterlist.h>
18#include <linux/string.h>
19#include "internal.h"
20
21static int crypto_compress(struct crypto_tfm *tfm,
22 const u8 *src, unsigned int slen,
23 u8 *dst, unsigned int *dlen)
24{
25 return tfm->__crt_alg->cra_compress.coa_compress(crypto_tfm_ctx(tfm),
26 src, slen, dst,
27 dlen);
28}
29
30static int crypto_decompress(struct crypto_tfm *tfm,
31 const u8 *src, unsigned int slen,
32 u8 *dst, unsigned int *dlen)
33{
34 return tfm->__crt_alg->cra_compress.coa_decompress(crypto_tfm_ctx(tfm),
35 src, slen, dst,
36 dlen);
37}
38
39int crypto_init_compress_flags(struct crypto_tfm *tfm, u32 flags)
40{
41 return flags ? -EINVAL : 0;
42}
43
44int crypto_init_compress_ops(struct crypto_tfm *tfm)
45{
46 int ret = 0;
47 struct compress_tfm *ops = &tfm->crt_compress;
48
49 ret = tfm->__crt_alg->cra_compress.coa_init(crypto_tfm_ctx(tfm));
50 if (ret)
51 goto out;
52
53 ops->cot_compress = crypto_compress;
54 ops->cot_decompress = crypto_decompress;
55
56out:
57 return ret;
58}
59
60void crypto_exit_compress_ops(struct crypto_tfm *tfm)
61{
62 tfm->__crt_alg->cra_compress.coa_exit(crypto_tfm_ctx(tfm));
63}
diff --git a/crypto/crc32c.c b/crypto/crc32c.c
new file mode 100644
index 000000000000..256956cd9377
--- /dev/null
+++ b/crypto/crc32c.c
@@ -0,0 +1,110 @@
1/*
2 * Cryptographic API.
3 *
4 * CRC32C chksum
5 *
6 * This module file is a wrapper to invoke the lib/crc32c routines.
7 *
8 * This program is free software; you can redistribute it and/or modify it
9 * under the terms of the GNU General Public License as published by the Free
10 * Software Foundation; either version 2 of the License, or (at your option)
11 * any later version.
12 *
13 */
14#include <linux/init.h>
15#include <linux/module.h>
16#include <linux/string.h>
17#include <linux/crypto.h>
18#include <linux/crc32c.h>
19#include <asm/byteorder.h>
20
21#define CHKSUM_BLOCK_SIZE 32
22#define CHKSUM_DIGEST_SIZE 4
23
24struct chksum_ctx {
25 u32 crc;
26};
27
28/*
29 * Steps through buffer one byte at at time, calculates reflected
30 * crc using table.
31 */
32
33static void chksum_init(void *ctx)
34{
35 struct chksum_ctx *mctx = ctx;
36
37 mctx->crc = ~(u32)0; /* common usage */
38}
39
40/*
41 * Setting the seed allows arbitrary accumulators and flexible XOR policy
42 * If your algorithm starts with ~0, then XOR with ~0 before you set
43 * the seed.
44 */
45static int chksum_setkey(void *ctx, const u8 *key, unsigned int keylen,
46 u32 *flags)
47{
48 struct chksum_ctx *mctx = ctx;
49
50 if (keylen != sizeof(mctx->crc)) {
51 if (flags)
52 *flags = CRYPTO_TFM_RES_BAD_KEY_LEN;
53 return -EINVAL;
54 }
55 mctx->crc = __cpu_to_le32(*(u32 *)key);
56 return 0;
57}
58
59static void chksum_update(void *ctx, const u8 *data, unsigned int length)
60{
61 struct chksum_ctx *mctx = ctx;
62 u32 mcrc;
63
64 mcrc = crc32c(mctx->crc, data, (size_t)length);
65
66 mctx->crc = mcrc;
67}
68
69static void chksum_final(void *ctx, u8 *out)
70{
71 struct chksum_ctx *mctx = ctx;
72 u32 mcrc = (mctx->crc ^ ~(u32)0);
73
74 *(u32 *)out = __le32_to_cpu(mcrc);
75}
76
77static struct crypto_alg alg = {
78 .cra_name = "crc32c",
79 .cra_flags = CRYPTO_ALG_TYPE_DIGEST,
80 .cra_blocksize = CHKSUM_BLOCK_SIZE,
81 .cra_ctxsize = sizeof(struct chksum_ctx),
82 .cra_module = THIS_MODULE,
83 .cra_list = LIST_HEAD_INIT(alg.cra_list),
84 .cra_u = {
85 .digest = {
86 .dia_digestsize= CHKSUM_DIGEST_SIZE,
87 .dia_setkey = chksum_setkey,
88 .dia_init = chksum_init,
89 .dia_update = chksum_update,
90 .dia_final = chksum_final
91 }
92 }
93};
94
95static int __init init(void)
96{
97 return crypto_register_alg(&alg);
98}
99
100static void __exit fini(void)
101{
102 crypto_unregister_alg(&alg);
103}
104
105module_init(init);
106module_exit(fini);
107
108MODULE_AUTHOR("Clay Haapala <chaapala@cisco.com>");
109MODULE_DESCRIPTION("CRC32c (Castagnoli) calculations wrapper for lib/crc32c");
110MODULE_LICENSE("GPL");
diff --git a/crypto/crypto_null.c b/crypto/crypto_null.c
new file mode 100644
index 000000000000..f691d31fa9ee
--- /dev/null
+++ b/crypto/crypto_null.c
@@ -0,0 +1,137 @@
1/*
2 * Cryptographic API.
3 *
4 * Null algorithms, aka Much Ado About Nothing.
5 *
6 * These are needed for IPsec, and may be useful in general for
7 * testing & debugging.
8 *
9 * The null cipher is compliant with RFC2410.
10 *
11 * Copyright (c) 2002 James Morris <jmorris@intercode.com.au>
12 *
13 * This program is free software; you can redistribute it and/or modify
14 * it under the terms of the GNU General Public License as published by
15 * the Free Software Foundation; either version 2 of the License, or
16 * (at your option) any later version.
17 *
18 */
19#include <linux/init.h>
20#include <linux/module.h>
21#include <linux/mm.h>
22#include <asm/scatterlist.h>
23#include <linux/crypto.h>
24
25#define NULL_KEY_SIZE 0
26#define NULL_BLOCK_SIZE 1
27#define NULL_DIGEST_SIZE 0
28
29static int null_compress(void *ctx, const u8 *src, unsigned int slen,
30 u8 *dst, unsigned int *dlen)
31{ return 0; }
32
33static int null_decompress(void *ctx, const u8 *src, unsigned int slen,
34 u8 *dst, unsigned int *dlen)
35{ return 0; }
36
37static void null_init(void *ctx)
38{ }
39
40static void null_update(void *ctx, const u8 *data, unsigned int len)
41{ }
42
43static void null_final(void *ctx, u8 *out)
44{ }
45
46static int null_setkey(void *ctx, const u8 *key,
47 unsigned int keylen, u32 *flags)
48{ return 0; }
49
50static void null_encrypt(void *ctx, u8 *dst, const u8 *src)
51{ }
52
53static void null_decrypt(void *ctx, u8 *dst, const u8 *src)
54{ }
55
56static struct crypto_alg compress_null = {
57 .cra_name = "compress_null",
58 .cra_flags = CRYPTO_ALG_TYPE_COMPRESS,
59 .cra_blocksize = NULL_BLOCK_SIZE,
60 .cra_ctxsize = 0,
61 .cra_module = THIS_MODULE,
62 .cra_list = LIST_HEAD_INIT(compress_null.cra_list),
63 .cra_u = { .compress = {
64 .coa_compress = null_compress,
65 .coa_decompress = null_decompress } }
66};
67
68static struct crypto_alg digest_null = {
69 .cra_name = "digest_null",
70 .cra_flags = CRYPTO_ALG_TYPE_DIGEST,
71 .cra_blocksize = NULL_BLOCK_SIZE,
72 .cra_ctxsize = 0,
73 .cra_module = THIS_MODULE,
74 .cra_list = LIST_HEAD_INIT(digest_null.cra_list),
75 .cra_u = { .digest = {
76 .dia_digestsize = NULL_DIGEST_SIZE,
77 .dia_init = null_init,
78 .dia_update = null_update,
79 .dia_final = null_final } }
80};
81
82static struct crypto_alg cipher_null = {
83 .cra_name = "cipher_null",
84 .cra_flags = CRYPTO_ALG_TYPE_CIPHER,
85 .cra_blocksize = NULL_BLOCK_SIZE,
86 .cra_ctxsize = 0,
87 .cra_module = THIS_MODULE,
88 .cra_list = LIST_HEAD_INIT(cipher_null.cra_list),
89 .cra_u = { .cipher = {
90 .cia_min_keysize = NULL_KEY_SIZE,
91 .cia_max_keysize = NULL_KEY_SIZE,
92 .cia_setkey = null_setkey,
93 .cia_encrypt = null_encrypt,
94 .cia_decrypt = null_decrypt } }
95};
96
97MODULE_ALIAS("compress_null");
98MODULE_ALIAS("digest_null");
99MODULE_ALIAS("cipher_null");
100
101static int __init init(void)
102{
103 int ret = 0;
104
105 ret = crypto_register_alg(&cipher_null);
106 if (ret < 0)
107 goto out;
108
109 ret = crypto_register_alg(&digest_null);
110 if (ret < 0) {
111 crypto_unregister_alg(&cipher_null);
112 goto out;
113 }
114
115 ret = crypto_register_alg(&compress_null);
116 if (ret < 0) {
117 crypto_unregister_alg(&digest_null);
118 crypto_unregister_alg(&cipher_null);
119 goto out;
120 }
121
122out:
123 return ret;
124}
125
126static void __exit fini(void)
127{
128 crypto_unregister_alg(&compress_null);
129 crypto_unregister_alg(&digest_null);
130 crypto_unregister_alg(&cipher_null);
131}
132
133module_init(init);
134module_exit(fini);
135
136MODULE_LICENSE("GPL");
137MODULE_DESCRIPTION("Null Cryptographic Algorithms");
diff --git a/crypto/deflate.c b/crypto/deflate.c
new file mode 100644
index 000000000000..77d7655d316a
--- /dev/null
+++ b/crypto/deflate.c
@@ -0,0 +1,223 @@
1/*
2 * Cryptographic API.
3 *
4 * Deflate algorithm (RFC 1951), implemented here primarily for use
5 * by IPCOMP (RFC 3173 & RFC 2394).
6 *
7 * Copyright (c) 2003 James Morris <jmorris@intercode.com.au>
8 *
9 * This program is free software; you can redistribute it and/or modify it
10 * under the terms of the GNU General Public License as published by the Free
11 * Software Foundation; either version 2 of the License, or (at your option)
12 * any later version.
13 *
14 * FIXME: deflate transforms will require up to a total of about 436k of kernel
15 * memory on i386 (390k for compression, the rest for decompression), as the
16 * current zlib kernel code uses a worst case pre-allocation system by default.
17 * This needs to be fixed so that the amount of memory required is properly
18 * related to the winbits and memlevel parameters.
19 *
20 * The default winbits of 11 should suit most packets, and it may be something
21 * to configure on a per-tfm basis in the future.
22 *
23 * Currently, compression history is not maintained between tfm calls, as
24 * it is not needed for IPCOMP and keeps the code simpler. It can be
25 * implemented if someone wants it.
26 */
27#include <linux/init.h>
28#include <linux/module.h>
29#include <linux/crypto.h>
30#include <linux/zlib.h>
31#include <linux/vmalloc.h>
32#include <linux/interrupt.h>
33#include <linux/mm.h>
34#include <linux/net.h>
35#include <linux/slab.h>
36
37#define DEFLATE_DEF_LEVEL Z_DEFAULT_COMPRESSION
38#define DEFLATE_DEF_WINBITS 11
39#define DEFLATE_DEF_MEMLEVEL MAX_MEM_LEVEL
40
41struct deflate_ctx {
42 struct z_stream_s comp_stream;
43 struct z_stream_s decomp_stream;
44};
45
46static int deflate_comp_init(struct deflate_ctx *ctx)
47{
48 int ret = 0;
49 struct z_stream_s *stream = &ctx->comp_stream;
50
51 stream->workspace = vmalloc(zlib_deflate_workspacesize());
52 if (!stream->workspace ) {
53 ret = -ENOMEM;
54 goto out;
55 }
56 memset(stream->workspace, 0, zlib_deflate_workspacesize());
57 ret = zlib_deflateInit2(stream, DEFLATE_DEF_LEVEL, Z_DEFLATED,
58 -DEFLATE_DEF_WINBITS, DEFLATE_DEF_MEMLEVEL,
59 Z_DEFAULT_STRATEGY);
60 if (ret != Z_OK) {
61 ret = -EINVAL;
62 goto out_free;
63 }
64out:
65 return ret;
66out_free:
67 vfree(stream->workspace);
68 goto out;
69}
70
71static int deflate_decomp_init(struct deflate_ctx *ctx)
72{
73 int ret = 0;
74 struct z_stream_s *stream = &ctx->decomp_stream;
75
76 stream->workspace = kmalloc(zlib_inflate_workspacesize(), GFP_KERNEL);
77 if (!stream->workspace ) {
78 ret = -ENOMEM;
79 goto out;
80 }
81 memset(stream->workspace, 0, zlib_inflate_workspacesize());
82 ret = zlib_inflateInit2(stream, -DEFLATE_DEF_WINBITS);
83 if (ret != Z_OK) {
84 ret = -EINVAL;
85 goto out_free;
86 }
87out:
88 return ret;
89out_free:
90 kfree(stream->workspace);
91 goto out;
92}
93
94static void deflate_comp_exit(struct deflate_ctx *ctx)
95{
96 vfree(ctx->comp_stream.workspace);
97}
98
99static void deflate_decomp_exit(struct deflate_ctx *ctx)
100{
101 kfree(ctx->decomp_stream.workspace);
102}
103
104static int deflate_init(void *ctx)
105{
106 int ret;
107
108 ret = deflate_comp_init(ctx);
109 if (ret)
110 goto out;
111 ret = deflate_decomp_init(ctx);
112 if (ret)
113 deflate_comp_exit(ctx);
114out:
115 return ret;
116}
117
118static void deflate_exit(void *ctx)
119{
120 deflate_comp_exit(ctx);
121 deflate_decomp_exit(ctx);
122}
123
124static int deflate_compress(void *ctx, const u8 *src, unsigned int slen,
125 u8 *dst, unsigned int *dlen)
126{
127 int ret = 0;
128 struct deflate_ctx *dctx = ctx;
129 struct z_stream_s *stream = &dctx->comp_stream;
130
131 ret = zlib_deflateReset(stream);
132 if (ret != Z_OK) {
133 ret = -EINVAL;
134 goto out;
135 }
136
137 stream->next_in = (u8 *)src;
138 stream->avail_in = slen;
139 stream->next_out = (u8 *)dst;
140 stream->avail_out = *dlen;
141
142 ret = zlib_deflate(stream, Z_FINISH);
143 if (ret != Z_STREAM_END) {
144 ret = -EINVAL;
145 goto out;
146 }
147 ret = 0;
148 *dlen = stream->total_out;
149out:
150 return ret;
151}
152
153static int deflate_decompress(void *ctx, const u8 *src, unsigned int slen,
154 u8 *dst, unsigned int *dlen)
155{
156
157 int ret = 0;
158 struct deflate_ctx *dctx = ctx;
159 struct z_stream_s *stream = &dctx->decomp_stream;
160
161 ret = zlib_inflateReset(stream);
162 if (ret != Z_OK) {
163 ret = -EINVAL;
164 goto out;
165 }
166
167 stream->next_in = (u8 *)src;
168 stream->avail_in = slen;
169 stream->next_out = (u8 *)dst;
170 stream->avail_out = *dlen;
171
172 ret = zlib_inflate(stream, Z_SYNC_FLUSH);
173 /*
174 * Work around a bug in zlib, which sometimes wants to taste an extra
175 * byte when being used in the (undocumented) raw deflate mode.
176 * (From USAGI).
177 */
178 if (ret == Z_OK && !stream->avail_in && stream->avail_out) {
179 u8 zerostuff = 0;
180 stream->next_in = &zerostuff;
181 stream->avail_in = 1;
182 ret = zlib_inflate(stream, Z_FINISH);
183 }
184 if (ret != Z_STREAM_END) {
185 ret = -EINVAL;
186 goto out;
187 }
188 ret = 0;
189 *dlen = stream->total_out;
190out:
191 return ret;
192}
193
194static struct crypto_alg alg = {
195 .cra_name = "deflate",
196 .cra_flags = CRYPTO_ALG_TYPE_COMPRESS,
197 .cra_ctxsize = sizeof(struct deflate_ctx),
198 .cra_module = THIS_MODULE,
199 .cra_list = LIST_HEAD_INIT(alg.cra_list),
200 .cra_u = { .compress = {
201 .coa_init = deflate_init,
202 .coa_exit = deflate_exit,
203 .coa_compress = deflate_compress,
204 .coa_decompress = deflate_decompress } }
205};
206
207static int __init init(void)
208{
209 return crypto_register_alg(&alg);
210}
211
212static void __exit fini(void)
213{
214 crypto_unregister_alg(&alg);
215}
216
217module_init(init);
218module_exit(fini);
219
220MODULE_LICENSE("GPL");
221MODULE_DESCRIPTION("Deflate Compression Algorithm for IPCOMP");
222MODULE_AUTHOR("James Morris <jmorris@intercode.com.au>");
223
diff --git a/crypto/des.c b/crypto/des.c
new file mode 100644
index 000000000000..1c7e6de9356c
--- /dev/null
+++ b/crypto/des.c
@@ -0,0 +1,1299 @@
1/*
2 * Cryptographic API.
3 *
4 * DES & Triple DES EDE Cipher Algorithms.
5 *
6 * Originally released as descore by Dana L. How <how@isl.stanford.edu>.
7 * Modified by Raimar Falke <rf13@inf.tu-dresden.de> for the Linux-Kernel.
8 * Derived from Cryptoapi and Nettle implementations, adapted for in-place
9 * scatterlist interface. Changed LGPL to GPL per section 3 of the LGPL.
10 *
11 * Copyright (c) 1992 Dana L. How.
12 * Copyright (c) Raimar Falke <rf13@inf.tu-dresden.de>
13 * Copyright (c) Gisle Sælensminde <gisle@ii.uib.no>
14 * Copyright (C) 2001 Niels Möller.
15 * Copyright (c) 2002 James Morris <jmorris@intercode.com.au>
16 *
17 * This program is free software; you can redistribute it and/or modify
18 * it under the terms of the GNU General Public License as published by
19 * the Free Software Foundation; either version 2 of the License, or
20 * (at your option) any later version.
21 *
22 */
23#include <linux/init.h>
24#include <linux/module.h>
25#include <linux/mm.h>
26#include <linux/errno.h>
27#include <asm/scatterlist.h>
28#include <linux/crypto.h>
29
30#define DES_KEY_SIZE 8
31#define DES_EXPKEY_WORDS 32
32#define DES_BLOCK_SIZE 8
33
34#define DES3_EDE_KEY_SIZE (3 * DES_KEY_SIZE)
35#define DES3_EDE_EXPKEY_WORDS (3 * DES_EXPKEY_WORDS)
36#define DES3_EDE_BLOCK_SIZE DES_BLOCK_SIZE
37
38#define ROR(d,c,o) ((d) = (d) >> (c) | (d) << (o))
39
40struct des_ctx {
41 u8 iv[DES_BLOCK_SIZE];
42 u32 expkey[DES_EXPKEY_WORDS];
43};
44
45struct des3_ede_ctx {
46 u8 iv[DES_BLOCK_SIZE];
47 u32 expkey[DES3_EDE_EXPKEY_WORDS];
48};
49
50static const u32 des_keymap[] = {
51 0x02080008, 0x02082000, 0x00002008, 0x00000000,
52 0x02002000, 0x00080008, 0x02080000, 0x02082008,
53 0x00000008, 0x02000000, 0x00082000, 0x00002008,
54 0x00082008, 0x02002008, 0x02000008, 0x02080000,
55 0x00002000, 0x00082008, 0x00080008, 0x02002000,
56 0x02082008, 0x02000008, 0x00000000, 0x00082000,
57 0x02000000, 0x00080000, 0x02002008, 0x02080008,
58 0x00080000, 0x00002000, 0x02082000, 0x00000008,
59 0x00080000, 0x00002000, 0x02000008, 0x02082008,
60 0x00002008, 0x02000000, 0x00000000, 0x00082000,
61 0x02080008, 0x02002008, 0x02002000, 0x00080008,
62 0x02082000, 0x00000008, 0x00080008, 0x02002000,
63 0x02082008, 0x00080000, 0x02080000, 0x02000008,
64 0x00082000, 0x00002008, 0x02002008, 0x02080000,
65 0x00000008, 0x02082000, 0x00082008, 0x00000000,
66 0x02000000, 0x02080008, 0x00002000, 0x00082008,
67
68 0x08000004, 0x00020004, 0x00000000, 0x08020200,
69 0x00020004, 0x00000200, 0x08000204, 0x00020000,
70 0x00000204, 0x08020204, 0x00020200, 0x08000000,
71 0x08000200, 0x08000004, 0x08020000, 0x00020204,
72 0x00020000, 0x08000204, 0x08020004, 0x00000000,
73 0x00000200, 0x00000004, 0x08020200, 0x08020004,
74 0x08020204, 0x08020000, 0x08000000, 0x00000204,
75 0x00000004, 0x00020200, 0x00020204, 0x08000200,
76 0x00000204, 0x08000000, 0x08000200, 0x00020204,
77 0x08020200, 0x00020004, 0x00000000, 0x08000200,
78 0x08000000, 0x00000200, 0x08020004, 0x00020000,
79 0x00020004, 0x08020204, 0x00020200, 0x00000004,
80 0x08020204, 0x00020200, 0x00020000, 0x08000204,
81 0x08000004, 0x08020000, 0x00020204, 0x00000000,
82 0x00000200, 0x08000004, 0x08000204, 0x08020200,
83 0x08020000, 0x00000204, 0x00000004, 0x08020004,
84
85 0x80040100, 0x01000100, 0x80000000, 0x81040100,
86 0x00000000, 0x01040000, 0x81000100, 0x80040000,
87 0x01040100, 0x81000000, 0x01000000, 0x80000100,
88 0x81000000, 0x80040100, 0x00040000, 0x01000000,
89 0x81040000, 0x00040100, 0x00000100, 0x80000000,
90 0x00040100, 0x81000100, 0x01040000, 0x00000100,
91 0x80000100, 0x00000000, 0x80040000, 0x01040100,
92 0x01000100, 0x81040000, 0x81040100, 0x00040000,
93 0x81040000, 0x80000100, 0x00040000, 0x81000000,
94 0x00040100, 0x01000100, 0x80000000, 0x01040000,
95 0x81000100, 0x00000000, 0x00000100, 0x80040000,
96 0x00000000, 0x81040000, 0x01040100, 0x00000100,
97 0x01000000, 0x81040100, 0x80040100, 0x00040000,
98 0x81040100, 0x80000000, 0x01000100, 0x80040100,
99 0x80040000, 0x00040100, 0x01040000, 0x81000100,
100 0x80000100, 0x01000000, 0x81000000, 0x01040100,
101
102 0x04010801, 0x00000000, 0x00010800, 0x04010000,
103 0x04000001, 0x00000801, 0x04000800, 0x00010800,
104 0x00000800, 0x04010001, 0x00000001, 0x04000800,
105 0x00010001, 0x04010800, 0x04010000, 0x00000001,
106 0x00010000, 0x04000801, 0x04010001, 0x00000800,
107 0x00010801, 0x04000000, 0x00000000, 0x00010001,
108 0x04000801, 0x00010801, 0x04010800, 0x04000001,
109 0x04000000, 0x00010000, 0x00000801, 0x04010801,
110 0x00010001, 0x04010800, 0x04000800, 0x00010801,
111 0x04010801, 0x00010001, 0x04000001, 0x00000000,
112 0x04000000, 0x00000801, 0x00010000, 0x04010001,
113 0x00000800, 0x04000000, 0x00010801, 0x04000801,
114 0x04010800, 0x00000800, 0x00000000, 0x04000001,
115 0x00000001, 0x04010801, 0x00010800, 0x04010000,
116 0x04010001, 0x00010000, 0x00000801, 0x04000800,
117 0x04000801, 0x00000001, 0x04010000, 0x00010800,
118
119 0x00000400, 0x00000020, 0x00100020, 0x40100000,
120 0x40100420, 0x40000400, 0x00000420, 0x00000000,
121 0x00100000, 0x40100020, 0x40000020, 0x00100400,
122 0x40000000, 0x00100420, 0x00100400, 0x40000020,
123 0x40100020, 0x00000400, 0x40000400, 0x40100420,
124 0x00000000, 0x00100020, 0x40100000, 0x00000420,
125 0x40100400, 0x40000420, 0x00100420, 0x40000000,
126 0x40000420, 0x40100400, 0x00000020, 0x00100000,
127 0x40000420, 0x00100400, 0x40100400, 0x40000020,
128 0x00000400, 0x00000020, 0x00100000, 0x40100400,
129 0x40100020, 0x40000420, 0x00000420, 0x00000000,
130 0x00000020, 0x40100000, 0x40000000, 0x00100020,
131 0x00000000, 0x40100020, 0x00100020, 0x00000420,
132 0x40000020, 0x00000400, 0x40100420, 0x00100000,
133 0x00100420, 0x40000000, 0x40000400, 0x40100420,
134 0x40100000, 0x00100420, 0x00100400, 0x40000400,
135
136 0x00800000, 0x00001000, 0x00000040, 0x00801042,
137 0x00801002, 0x00800040, 0x00001042, 0x00801000,
138 0x00001000, 0x00000002, 0x00800002, 0x00001040,
139 0x00800042, 0x00801002, 0x00801040, 0x00000000,
140 0x00001040, 0x00800000, 0x00001002, 0x00000042,
141 0x00800040, 0x00001042, 0x00000000, 0x00800002,
142 0x00000002, 0x00800042, 0x00801042, 0x00001002,
143 0x00801000, 0x00000040, 0x00000042, 0x00801040,
144 0x00801040, 0x00800042, 0x00001002, 0x00801000,
145 0x00001000, 0x00000002, 0x00800002, 0x00800040,
146 0x00800000, 0x00001040, 0x00801042, 0x00000000,
147 0x00001042, 0x00800000, 0x00000040, 0x00001002,
148 0x00800042, 0x00000040, 0x00000000, 0x00801042,
149 0x00801002, 0x00801040, 0x00000042, 0x00001000,
150 0x00001040, 0x00801002, 0x00800040, 0x00000042,
151 0x00000002, 0x00001042, 0x00801000, 0x00800002,
152
153 0x10400000, 0x00404010, 0x00000010, 0x10400010,
154 0x10004000, 0x00400000, 0x10400010, 0x00004010,
155 0x00400010, 0x00004000, 0x00404000, 0x10000000,
156 0x10404010, 0x10000010, 0x10000000, 0x10404000,
157 0x00000000, 0x10004000, 0x00404010, 0x00000010,
158 0x10000010, 0x10404010, 0x00004000, 0x10400000,
159 0x10404000, 0x00400010, 0x10004010, 0x00404000,
160 0x00004010, 0x00000000, 0x00400000, 0x10004010,
161 0x00404010, 0x00000010, 0x10000000, 0x00004000,
162 0x10000010, 0x10004000, 0x00404000, 0x10400010,
163 0x00000000, 0x00404010, 0x00004010, 0x10404000,
164 0x10004000, 0x00400000, 0x10404010, 0x10000000,
165 0x10004010, 0x10400000, 0x00400000, 0x10404010,
166 0x00004000, 0x00400010, 0x10400010, 0x00004010,
167 0x00400010, 0x00000000, 0x10404000, 0x10000010,
168 0x10400000, 0x10004010, 0x00000010, 0x00404000,
169
170 0x00208080, 0x00008000, 0x20200000, 0x20208080,
171 0x00200000, 0x20008080, 0x20008000, 0x20200000,
172 0x20008080, 0x00208080, 0x00208000, 0x20000080,
173 0x20200080, 0x00200000, 0x00000000, 0x20008000,
174 0x00008000, 0x20000000, 0x00200080, 0x00008080,
175 0x20208080, 0x00208000, 0x20000080, 0x00200080,
176 0x20000000, 0x00000080, 0x00008080, 0x20208000,
177 0x00000080, 0x20200080, 0x20208000, 0x00000000,
178 0x00000000, 0x20208080, 0x00200080, 0x20008000,
179 0x00208080, 0x00008000, 0x20000080, 0x00200080,
180 0x20208000, 0x00000080, 0x00008080, 0x20200000,
181 0x20008080, 0x20000000, 0x20200000, 0x00208000,
182 0x20208080, 0x00008080, 0x00208000, 0x20200080,
183 0x00200000, 0x20000080, 0x20008000, 0x00000000,
184 0x00008000, 0x00200000, 0x20200080, 0x00208080,
185 0x20000000, 0x20208000, 0x00000080, 0x20008080,
186};
187
188static const u8 rotors[] = {
189 34, 13, 5, 46, 47, 18, 32, 41, 11, 53, 33, 20,
190 14, 36, 30, 24, 49, 2, 15, 37, 42, 50, 0, 21,
191 38, 48, 6, 26, 39, 4, 52, 25, 12, 27, 31, 40,
192 1, 17, 28, 29, 23, 51, 35, 7, 3, 22, 9, 43,
193
194 41, 20, 12, 53, 54, 25, 39, 48, 18, 31, 40, 27,
195 21, 43, 37, 0, 1, 9, 22, 44, 49, 2, 7, 28,
196 45, 55, 13, 33, 46, 11, 6, 32, 19, 34, 38, 47,
197 8, 24, 35, 36, 30, 3, 42, 14, 10, 29, 16, 50,
198
199 55, 34, 26, 38, 11, 39, 53, 5, 32, 45, 54, 41,
200 35, 2, 51, 14, 15, 23, 36, 3, 8, 16, 21, 42,
201 6, 12, 27, 47, 31, 25, 20, 46, 33, 48, 52, 4,
202 22, 7, 49, 50, 44, 17, 1, 28, 24, 43, 30, 9,
203
204 12, 48, 40, 52, 25, 53, 38, 19, 46, 6, 11, 55,
205 49, 16, 10, 28, 29, 37, 50, 17, 22, 30, 35, 1,
206 20, 26, 41, 4, 45, 39, 34, 31, 47, 5, 13, 18,
207 36, 21, 8, 9, 3, 0, 15, 42, 7, 2, 44, 23,
208
209 26, 5, 54, 13, 39, 38, 52, 33, 31, 20, 25, 12,
210 8, 30, 24, 42, 43, 51, 9, 0, 36, 44, 49, 15,
211 34, 40, 55, 18, 6, 53, 48, 45, 4, 19, 27, 32,
212 50, 35, 22, 23, 17, 14, 29, 1, 21, 16, 3, 37,
213
214 40, 19, 11, 27, 53, 52, 13, 47, 45, 34, 39, 26,
215 22, 44, 7, 1, 2, 10, 23, 14, 50, 3, 8, 29,
216 48, 54, 12, 32, 20, 38, 5, 6, 18, 33, 41, 46,
217 9, 49, 36, 37, 0, 28, 43, 15, 35, 30, 17, 51,
218
219 54, 33, 25, 41, 38, 13, 27, 4, 6, 48, 53, 40,
220 36, 3, 21, 15, 16, 24, 37, 28, 9, 17, 22, 43,
221 5, 11, 26, 46, 34, 52, 19, 20, 32, 47, 55, 31,
222 23, 8, 50, 51, 14, 42, 2, 29, 49, 44, 0, 10,
223
224 11, 47, 39, 55, 52, 27, 41, 18, 20, 5, 38, 54,
225 50, 17, 35, 29, 30, 7, 51, 42, 23, 0, 36, 2,
226 19, 25, 40, 31, 48, 13, 33, 34, 46, 4, 12, 45,
227 37, 22, 9, 10, 28, 1, 16, 43, 8, 3, 14, 24,
228
229 18, 54, 46, 5, 6, 34, 48, 25, 27, 12, 45, 4,
230 2, 24, 42, 36, 37, 14, 3, 49, 30, 7, 43, 9,
231 26, 32, 47, 38, 55, 20, 40, 41, 53, 11, 19, 52,
232 44, 29, 16, 17, 35, 8, 23, 50, 15, 10, 21, 0,
233
234 32, 11, 31, 19, 20, 48, 5, 39, 41, 26, 6, 18,
235 16, 7, 1, 50, 51, 28, 17, 8, 44, 21, 2, 23,
236 40, 46, 4, 52, 12, 34, 54, 55, 38, 25, 33, 13,
237 3, 43, 30, 0, 49, 22, 37, 9, 29, 24, 35, 14,
238
239 46, 25, 45, 33, 34, 5, 19, 53, 55, 40, 20, 32,
240 30, 21, 15, 9, 10, 42, 0, 22, 3, 35, 16, 37,
241 54, 31, 18, 13, 26, 48, 11, 12, 52, 39, 47, 27,
242 17, 2, 44, 14, 8, 36, 51, 23, 43, 7, 49, 28,
243
244 31, 39, 6, 47, 48, 19, 33, 38, 12, 54, 34, 46,
245 44, 35, 29, 23, 24, 1, 14, 36, 17, 49, 30, 51,
246 11, 45, 32, 27, 40, 5, 25, 26, 13, 53, 4, 41,
247 0, 16, 3, 28, 22, 50, 10, 37, 2, 21, 8, 42,
248
249 45, 53, 20, 4, 5, 33, 47, 52, 26, 11, 48, 31,
250 3, 49, 43, 37, 7, 15, 28, 50, 0, 8, 44, 10,
251 25, 6, 46, 41, 54, 19, 39, 40, 27, 38, 18, 55,
252 14, 30, 17, 42, 36, 9, 24, 51, 16, 35, 22, 1,
253
254 6, 38, 34, 18, 19, 47, 4, 13, 40, 25, 5, 45,
255 17, 8, 2, 51, 21, 29, 42, 9, 14, 22, 3, 24,
256 39, 20, 31, 55, 11, 33, 53, 54, 41, 52, 32, 12,
257 28, 44, 0, 1, 50, 23, 7, 10, 30, 49, 36, 15,
258
259 20, 52, 48, 32, 33, 4, 18, 27, 54, 39, 19, 6,
260 0, 22, 16, 10, 35, 43, 1, 23, 28, 36, 17, 7,
261 53, 34, 45, 12, 25, 47, 38, 11, 55, 13, 46, 26,
262 42, 3, 14, 15, 9, 37, 21, 24, 44, 8, 50, 29,
263
264 27, 6, 55, 39, 40, 11, 25, 34, 4, 46, 26, 13,
265 7, 29, 23, 17, 42, 50, 8, 30, 35, 43, 24, 14,
266 31, 41, 52, 19, 32, 54, 45, 18, 5, 20, 53, 33,
267 49, 10, 21, 22, 16, 44, 28, 0, 51, 15, 2, 36,
268};
269
270static const u8 parity[] = {
271 8,1,0,8,0,8,8,0,0,8,8,0,8,0,2,8,0,8,8,0,8,0,0,8,8,0,0,8,0,8,8,3,
272 0,8,8,0,8,0,0,8,8,0,0,8,0,8,8,0,8,0,0,8,0,8,8,0,0,8,8,0,8,0,0,8,
273 0,8,8,0,8,0,0,8,8,0,0,8,0,8,8,0,8,0,0,8,0,8,8,0,0,8,8,0,8,0,0,8,
274 8,0,0,8,0,8,8,0,0,8,8,0,8,0,0,8,0,8,8,0,8,0,0,8,8,0,0,8,0,8,8,0,
275 0,8,8,0,8,0,0,8,8,0,0,8,0,8,8,0,8,0,0,8,0,8,8,0,0,8,8,0,8,0,0,8,
276 8,0,0,8,0,8,8,0,0,8,8,0,8,0,0,8,0,8,8,0,8,0,0,8,8,0,0,8,0,8,8,0,
277 8,0,0,8,0,8,8,0,0,8,8,0,8,0,0,8,0,8,8,0,8,0,0,8,8,0,0,8,0,8,8,0,
278 4,8,8,0,8,0,0,8,8,0,0,8,0,8,8,0,8,5,0,8,0,8,8,0,0,8,8,0,8,0,6,8,
279};
280
281
282static void des_small_fips_encrypt(u32 *expkey, u8 *dst, const u8 *src)
283{
284 u32 x, y, z;
285
286 x = src[7];
287 x <<= 8;
288 x |= src[6];
289 x <<= 8;
290 x |= src[5];
291 x <<= 8;
292 x |= src[4];
293 y = src[3];
294 y <<= 8;
295 y |= src[2];
296 y <<= 8;
297 y |= src[1];
298 y <<= 8;
299 y |= src[0];
300 z = ((x >> 004) ^ y) & 0x0F0F0F0FL;
301 x ^= z << 004;
302 y ^= z;
303 z = ((y >> 020) ^ x) & 0x0000FFFFL;
304 y ^= z << 020;
305 x ^= z;
306 z = ((x >> 002) ^ y) & 0x33333333L;
307 x ^= z << 002;
308 y ^= z;
309 z = ((y >> 010) ^ x) & 0x00FF00FFL;
310 y ^= z << 010;
311 x ^= z;
312 x = x >> 1 | x << 31;
313 z = (x ^ y) & 0x55555555L;
314 y ^= z;
315 x ^= z;
316 y = y >> 1 | y << 31;
317 z = expkey[0];
318 z ^= y;
319 x ^= * (u32 *) ((u8 *) (des_keymap + 192) + (0xFC & z));
320 z >>= 8;
321 x ^= * (u32 *) ((u8 *) (des_keymap + 128) + (0xFC & z));
322 z >>= 8;
323 x ^= * (u32 *) ((u8 *) (des_keymap + 64) + (0xFC & z));
324 z >>= 8;
325 x ^= * (u32 *) ((u8 *) des_keymap + (0xFC & z));
326 z = expkey[1];
327 z ^= y;
328 z = z << 4 | z >> 28;
329 x ^= * (u32 *) ((u8 *) (des_keymap + 448) + (0xFC & z));
330 z >>= 8;
331 x ^= * (u32 *) ((u8 *) (des_keymap + 384) + (0xFC & z));
332 z >>= 8;
333 x ^= * (u32 *) ((u8 *) (des_keymap + 320) + (0xFC & z));
334 z >>= 8;
335 x ^= * (u32 *) ((u8 *) (des_keymap + 256) + (0xFC & z));
336 z = expkey[2];
337 z ^= x;
338 y ^= * (u32 *) ((u8 *) (des_keymap + 192) + (0xFC & z));
339 z >>= 8;
340 y ^= * (u32 *) ((u8 *) (des_keymap + 128) + (0xFC & z));
341 z >>= 8;
342 y ^= * (u32 *) ((u8 *) (des_keymap + 64) + (0xFC & z));
343 z >>= 8;
344 y ^= * (u32 *) ((u8 *) des_keymap + (0xFC & z));
345 z = expkey[3];
346 z ^= x;
347 z = z << 4 | z >> 28;
348 y ^= * (u32 *) ((u8 *) (des_keymap + 448) + (0xFC & z));
349 z >>= 8;
350 y ^= * (u32 *) ((u8 *) (des_keymap + 384) + (0xFC & z));
351 z >>= 8;
352 y ^= * (u32 *) ((u8 *) (des_keymap + 320) + (0xFC & z));
353 z >>= 8;
354 y ^= * (u32 *) ((u8 *) (des_keymap + 256) + (0xFC & z));
355 z = expkey[4];
356 z ^= y;
357 x ^= * (u32 *) ((u8 *) (des_keymap + 192) + (0xFC & z));
358 z >>= 8;
359 x ^= * (u32 *) ((u8 *) (des_keymap + 128) + (0xFC & z));
360 z >>= 8;
361 x ^= * (u32 *) ((u8 *) (des_keymap + 64) + (0xFC & z));
362 z >>= 8;
363 x ^= * (u32 *) ((u8 *) des_keymap + (0xFC & z));
364 z = expkey[5];
365 z ^= y;
366 z = z << 4 | z >> 28;
367 x ^= * (u32 *) ((u8 *) (des_keymap + 448) + (0xFC & z));
368 z >>= 8;
369 x ^= * (u32 *) ((u8 *) (des_keymap + 384) + (0xFC & z));
370 z >>= 8;
371 x ^= * (u32 *) ((u8 *) (des_keymap + 320) + (0xFC & z));
372 z >>= 8;
373 x ^= * (u32 *) ((u8 *) (des_keymap + 256) + (0xFC & z));
374 z = expkey[6];
375 z ^= x;
376 y ^= * (u32 *) ((u8 *) (des_keymap + 192) + (0xFC & z));
377 z >>= 8;
378 y ^= * (u32 *) ((u8 *) (des_keymap + 128) + (0xFC & z));
379 z >>= 8;
380 y ^= * (u32 *) ((u8 *) (des_keymap + 64) + (0xFC & z));
381 z >>= 8;
382 y ^= * (u32 *) ((u8 *) des_keymap + (0xFC & z));
383 z = expkey[7];
384 z ^= x;
385 z = z << 4 | z >> 28;
386 y ^= * (u32 *) ((u8 *) (des_keymap + 448) + (0xFC & z));
387 z >>= 8;
388 y ^= * (u32 *) ((u8 *) (des_keymap + 384) + (0xFC & z));
389 z >>= 8;
390 y ^= * (u32 *) ((u8 *) (des_keymap + 320) + (0xFC & z));
391 z >>= 8;
392 y ^= * (u32 *) ((u8 *) (des_keymap + 256) + (0xFC & z));
393 z = expkey[8];
394 z ^= y;
395 x ^= * (u32 *) ((u8 *) (des_keymap + 192) + (0xFC & z));
396 z >>= 8;
397 x ^= * (u32 *) ((u8 *) (des_keymap + 128) + (0xFC & z));
398 z >>= 8;
399 x ^= * (u32 *) ((u8 *) (des_keymap + 64) + (0xFC & z));
400 z >>= 8;
401 x ^= * (u32 *) ((u8 *) des_keymap + (0xFC & z));
402 z = expkey[9];
403 z ^= y;
404 z = z << 4 | z >> 28;
405 x ^= * (u32 *) ((u8 *) (des_keymap + 448) + (0xFC & z));
406 z >>= 8;
407 x ^= * (u32 *) ((u8 *) (des_keymap + 384) + (0xFC & z));
408 z >>= 8;
409 x ^= * (u32 *) ((u8 *) (des_keymap + 320) + (0xFC & z));
410 z >>= 8;
411 x ^= * (u32 *) ((u8 *) (des_keymap + 256) + (0xFC & z));
412 z = expkey[10];
413 z ^= x;
414 y ^= * (u32 *) ((u8 *) (des_keymap + 192) + (0xFC & z));
415 z >>= 8;
416 y ^= * (u32 *) ((u8 *) (des_keymap + 128) + (0xFC & z));
417 z >>= 8;
418 y ^= * (u32 *) ((u8 *) (des_keymap + 64) + (0xFC & z));
419 z >>= 8;
420 y ^= * (u32 *) ((u8 *) des_keymap + (0xFC & z));
421 z = expkey[11];
422 z ^= x;
423 z = z << 4 | z >> 28;
424 y ^= * (u32 *) ((u8 *) (des_keymap + 448) + (0xFC & z));
425 z >>= 8;
426 y ^= * (u32 *) ((u8 *) (des_keymap + 384) + (0xFC & z));
427 z >>= 8;
428 y ^= * (u32 *) ((u8 *) (des_keymap + 320) + (0xFC & z));
429 z >>= 8;
430 y ^= * (u32 *) ((u8 *) (des_keymap + 256) + (0xFC & z));
431 z = expkey[12];
432 z ^= y;
433 x ^= * (u32 *) ((u8 *) (des_keymap + 192) + (0xFC & z));
434 z >>= 8;
435 x ^= * (u32 *) ((u8 *) (des_keymap + 128) + (0xFC & z));
436 z >>= 8;
437 x ^= * (u32 *) ((u8 *) (des_keymap + 64) + (0xFC & z));
438 z >>= 8;
439 x ^= * (u32 *) ((u8 *) des_keymap + (0xFC & z));
440 z = expkey[13];
441 z ^= y;
442 z = z << 4 | z >> 28;
443 x ^= * (u32 *) ((u8 *) (des_keymap + 448) + (0xFC & z));
444 z >>= 8;
445 x ^= * (u32 *) ((u8 *) (des_keymap + 384) + (0xFC & z));
446 z >>= 8;
447 x ^= * (u32 *) ((u8 *) (des_keymap + 320) + (0xFC & z));
448 z >>= 8;
449 x ^= * (u32 *) ((u8 *) (des_keymap + 256) + (0xFC & z));
450 z = expkey[14];
451 z ^= x;
452 y ^= * (u32 *) ((u8 *) (des_keymap + 192) + (0xFC & z));
453 z >>= 8;
454 y ^= * (u32 *) ((u8 *) (des_keymap + 128) + (0xFC & z));
455 z >>= 8;
456 y ^= * (u32 *) ((u8 *) (des_keymap + 64) + (0xFC & z));
457 z >>= 8;
458 y ^= * (u32 *) ((u8 *) des_keymap + (0xFC & z));
459 z = expkey[15];
460 z ^= x;
461 z = z << 4 | z >> 28;
462 y ^= * (u32 *) ((u8 *) (des_keymap + 448) + (0xFC & z));
463 z >>= 8;
464 y ^= * (u32 *) ((u8 *) (des_keymap + 384) + (0xFC & z));
465 z >>= 8;
466 y ^= * (u32 *) ((u8 *) (des_keymap + 320) + (0xFC & z));
467 z >>= 8;
468 y ^= * (u32 *) ((u8 *) (des_keymap + 256) + (0xFC & z));
469 z = expkey[16];
470 z ^= y;
471 x ^= * (u32 *) ((u8 *) (des_keymap + 192) + (0xFC & z));
472 z >>= 8;
473 x ^= * (u32 *) ((u8 *) (des_keymap + 128) + (0xFC & z));
474 z >>= 8;
475 x ^= * (u32 *) ((u8 *) (des_keymap + 64) + (0xFC & z));
476 z >>= 8;
477 x ^= * (u32 *) ((u8 *) des_keymap + (0xFC & z));
478 z = expkey[17];
479 z ^= y;
480 z = z << 4 | z >> 28;
481 x ^= * (u32 *) ((u8 *) (des_keymap + 448) + (0xFC & z));
482 z >>= 8;
483 x ^= * (u32 *) ((u8 *) (des_keymap + 384) + (0xFC & z));
484 z >>= 8;
485 x ^= * (u32 *) ((u8 *) (des_keymap + 320) + (0xFC & z));
486 z >>= 8;
487 x ^= * (u32 *) ((u8 *) (des_keymap + 256) + (0xFC & z));
488 z = expkey[18];
489 z ^= x;
490 y ^= * (u32 *) ((u8 *) (des_keymap + 192) + (0xFC & z));
491 z >>= 8;
492 y ^= * (u32 *) ((u8 *) (des_keymap + 128) + (0xFC & z));
493 z >>= 8;
494 y ^= * (u32 *) ((u8 *) (des_keymap + 64) + (0xFC & z));
495 z >>= 8;
496 y ^= * (u32 *) ((u8 *) des_keymap + (0xFC & z));
497 z = expkey[19];
498 z ^= x;
499 z = z << 4 | z >> 28;
500 y ^= * (u32 *) ((u8 *) (des_keymap + 448) + (0xFC & z));
501 z >>= 8;
502 y ^= * (u32 *) ((u8 *) (des_keymap + 384) + (0xFC & z));
503 z >>= 8;
504 y ^= * (u32 *) ((u8 *) (des_keymap + 320) + (0xFC & z));
505 z >>= 8;
506 y ^= * (u32 *) ((u8 *) (des_keymap + 256) + (0xFC & z));
507 z = expkey[20];
508 z ^= y;
509 x ^= * (u32 *) ((u8 *) (des_keymap + 192) + (0xFC & z));
510 z >>= 8;
511 x ^= * (u32 *) ((u8 *) (des_keymap + 128) + (0xFC & z));
512 z >>= 8;
513 x ^= * (u32 *) ((u8 *) (des_keymap + 64) + (0xFC & z));
514 z >>= 8;
515 x ^= * (u32 *) ((u8 *) des_keymap + (0xFC & z));
516 z = expkey[21];
517 z ^= y;
518 z = z << 4 | z >> 28;
519 x ^= * (u32 *) ((u8 *) (des_keymap + 448) + (0xFC & z));
520 z >>= 8;
521 x ^= * (u32 *) ((u8 *) (des_keymap + 384) + (0xFC & z));
522 z >>= 8;
523 x ^= * (u32 *) ((u8 *) (des_keymap + 320) + (0xFC & z));
524 z >>= 8;
525 x ^= * (u32 *) ((u8 *) (des_keymap + 256) + (0xFC & z));
526 z = expkey[22];
527 z ^= x;
528 y ^= * (u32 *) ((u8 *) (des_keymap + 192) + (0xFC & z));
529 z >>= 8;
530 y ^= * (u32 *) ((u8 *) (des_keymap + 128) + (0xFC & z));
531 z >>= 8;
532 y ^= * (u32 *) ((u8 *) (des_keymap + 64) + (0xFC & z));
533 z >>= 8;
534 y ^= * (u32 *) ((u8 *) des_keymap + (0xFC & z));
535 z = expkey[23];
536 z ^= x;
537 z = z << 4 | z >> 28;
538 y ^= * (u32 *) ((u8 *) (des_keymap + 448) + (0xFC & z));
539 z >>= 8;
540 y ^= * (u32 *) ((u8 *) (des_keymap + 384) + (0xFC & z));
541 z >>= 8;
542 y ^= * (u32 *) ((u8 *) (des_keymap + 320) + (0xFC & z));
543 z >>= 8;
544 y ^= * (u32 *) ((u8 *) (des_keymap + 256) + (0xFC & z));
545 z = expkey[24];
546 z ^= y;
547 x ^= * (u32 *) ((u8 *) (des_keymap + 192) + (0xFC & z));
548 z >>= 8;
549 x ^= * (u32 *) ((u8 *) (des_keymap + 128) + (0xFC & z));
550 z >>= 8;
551 x ^= * (u32 *) ((u8 *) (des_keymap + 64) + (0xFC & z));
552 z >>= 8;
553 x ^= * (u32 *) ((u8 *) des_keymap + (0xFC & z));
554 z = expkey[25];
555 z ^= y;
556 z = z << 4 | z >> 28;
557 x ^= * (u32 *) ((u8 *) (des_keymap + 448) + (0xFC & z));
558 z >>= 8;
559 x ^= * (u32 *) ((u8 *) (des_keymap + 384) + (0xFC & z));
560 z >>= 8;
561 x ^= * (u32 *) ((u8 *) (des_keymap + 320) + (0xFC & z));
562 z >>= 8;
563 x ^= * (u32 *) ((u8 *) (des_keymap + 256) + (0xFC & z));
564 z = expkey[26];
565 z ^= x;
566 y ^= * (u32 *) ((u8 *) (des_keymap + 192) + (0xFC & z));
567 z >>= 8;
568 y ^= * (u32 *) ((u8 *) (des_keymap + 128) + (0xFC & z));
569 z >>= 8;
570 y ^= * (u32 *) ((u8 *) (des_keymap + 64) + (0xFC & z));
571 z >>= 8;
572 y ^= * (u32 *) ((u8 *) des_keymap + (0xFC & z));
573 z = expkey[27];
574 z ^= x;
575 z = z << 4 | z >> 28;
576 y ^= * (u32 *) ((u8 *) (des_keymap + 448) + (0xFC & z));
577 z >>= 8;
578 y ^= * (u32 *) ((u8 *) (des_keymap + 384) + (0xFC & z));
579 z >>= 8;
580 y ^= * (u32 *) ((u8 *) (des_keymap + 320) + (0xFC & z));
581 z >>= 8;
582 y ^= * (u32 *) ((u8 *) (des_keymap + 256) + (0xFC & z));
583 z = expkey[28];
584 z ^= y;
585 x ^= * (u32 *) ((u8 *) (des_keymap + 192) + (0xFC & z));
586 z >>= 8;
587 x ^= * (u32 *) ((u8 *) (des_keymap + 128) + (0xFC & z));
588 z >>= 8;
589 x ^= * (u32 *) ((u8 *) (des_keymap + 64) + (0xFC & z));
590 z >>= 8;
591 x ^= * (u32 *) ((u8 *) des_keymap + (0xFC & z));
592 z = expkey[29];
593 z ^= y;
594 z = z << 4 | z >> 28;
595 x ^= * (u32 *) ((u8 *) (des_keymap + 448) + (0xFC & z));
596 z >>= 8;
597 x ^= * (u32 *) ((u8 *) (des_keymap + 384) + (0xFC & z));
598 z >>= 8;
599 x ^= * (u32 *) ((u8 *) (des_keymap + 320) + (0xFC & z));
600 z >>= 8;
601 x ^= * (u32 *) ((u8 *) (des_keymap + 256) + (0xFC & z));
602 z = expkey[30];
603 z ^= x;
604 y ^= * (u32 *) ((u8 *) (des_keymap + 192) + (0xFC & z));
605 z >>= 8;
606 y ^= * (u32 *) ((u8 *) (des_keymap + 128) + (0xFC & z));
607 z >>= 8;
608 y ^= * (u32 *) ((u8 *) (des_keymap + 64) + (0xFC & z));
609 z >>= 8;
610 y ^= * (u32 *) ((u8 *) des_keymap + (0xFC & z));
611 z = expkey[31];
612 z ^= x;
613 z = z << 4 | z >> 28;
614 y ^= * (u32 *) ((u8 *) (des_keymap + 448) + (0xFC & z));
615 z >>= 8;
616 y ^= * (u32 *) ((u8 *) (des_keymap + 384) + (0xFC & z));
617 z >>= 8;
618 y ^= * (u32 *) ((u8 *) (des_keymap + 320) + (0xFC & z));
619 z >>= 8;
620 y ^= * (u32 *) ((u8 *) (des_keymap + 256) + (0xFC & z));
621 x = x << 1 | x >> 31;
622 z = (x ^ y) & 0x55555555L;
623 y ^= z;
624 x ^= z;
625 y = y << 1 | y >> 31;
626 z = ((x >> 010) ^ y) & 0x00FF00FFL;
627 x ^= z << 010;
628 y ^= z;
629 z = ((y >> 002) ^ x) & 0x33333333L;
630 y ^= z << 002;
631 x ^= z;
632 z = ((x >> 020) ^ y) & 0x0000FFFFL;
633 x ^= z << 020;
634 y ^= z;
635 z = ((y >> 004) ^ x) & 0x0F0F0F0FL;
636 y ^= z << 004;
637 x ^= z;
638 dst[0] = x;
639 x >>= 8;
640 dst[1] = x;
641 x >>= 8;
642 dst[2] = x;
643 x >>= 8;
644 dst[3] = x;
645 dst[4] = y;
646 y >>= 8;
647 dst[5] = y;
648 y >>= 8;
649 dst[6] = y;
650 y >>= 8;
651 dst[7] = y;
652}
653
654static void des_small_fips_decrypt(u32 *expkey, u8 *dst, const u8 *src)
655{
656 u32 x, y, z;
657
658 x = src[7];
659 x <<= 8;
660 x |= src[6];
661 x <<= 8;
662 x |= src[5];
663 x <<= 8;
664 x |= src[4];
665 y = src[3];
666 y <<= 8;
667 y |= src[2];
668 y <<= 8;
669 y |= src[1];
670 y <<= 8;
671 y |= src[0];
672 z = ((x >> 004) ^ y) & 0x0F0F0F0FL;
673 x ^= z << 004;
674 y ^= z;
675 z = ((y >> 020) ^ x) & 0x0000FFFFL;
676 y ^= z << 020;
677 x ^= z;
678 z = ((x >> 002) ^ y) & 0x33333333L;
679 x ^= z << 002;
680 y ^= z;
681 z = ((y >> 010) ^ x) & 0x00FF00FFL;
682 y ^= z << 010;
683 x ^= z;
684 x = x >> 1 | x << 31;
685 z = (x ^ y) & 0x55555555L;
686 y ^= z;
687 x ^= z;
688 y = y >> 1 | y << 31;
689 z = expkey[31];
690 z ^= y;
691 z = z << 4 | z >> 28;
692 x ^= * (u32 *) ((u8 *) (des_keymap + 448) + (0xFC & z));
693 z >>= 8;
694 x ^= * (u32 *) ((u8 *) (des_keymap + 384) + (0xFC & z));
695 z >>= 8;
696 x ^= * (u32 *) ((u8 *) (des_keymap + 320) + (0xFC & z));
697 z >>= 8;
698 x ^= * (u32 *) ((u8 *) (des_keymap + 256) + (0xFC & z));
699 z = expkey[30];
700 z ^= y;
701 x ^= * (u32 *) ((u8 *) (des_keymap + 192) + (0xFC & z));
702 z >>= 8;
703 x ^= * (u32 *) ((u8 *) (des_keymap + 128) + (0xFC & z));
704 z >>= 8;
705 x ^= * (u32 *) ((u8 *) (des_keymap + 64) + (0xFC & z));
706 z >>= 8;
707 x ^= * (u32 *) ((u8 *) des_keymap + (0xFC & z));
708 z = expkey[29];
709 z ^= x;
710 z = z << 4 | z >> 28;
711 y ^= * (u32 *) ((u8 *) (des_keymap + 448) + (0xFC & z));
712 z >>= 8;
713 y ^= * (u32 *) ((u8 *) (des_keymap + 384) + (0xFC & z));
714 z >>= 8;
715 y ^= * (u32 *) ((u8 *) (des_keymap + 320) + (0xFC & z));
716 z >>= 8;
717 y ^= * (u32 *) ((u8 *) (des_keymap + 256) + (0xFC & z));
718 z = expkey[28];
719 z ^= x;
720 y ^= * (u32 *) ((u8 *) (des_keymap + 192) + (0xFC & z));
721 z >>= 8;
722 y ^= * (u32 *) ((u8 *) (des_keymap + 128) + (0xFC & z));
723 z >>= 8;
724 y ^= * (u32 *) ((u8 *) (des_keymap + 64) + (0xFC & z));
725 z >>= 8;
726 y ^= * (u32 *) ((u8 *) des_keymap + (0xFC & z));
727 z = expkey[27];
728 z ^= y;
729 z = z << 4 | z >> 28;
730 x ^= * (u32 *) ((u8 *) (des_keymap + 448) + (0xFC & z));
731 z >>= 8;
732 x ^= * (u32 *) ((u8 *) (des_keymap + 384) + (0xFC & z));
733 z >>= 8;
734 x ^= * (u32 *) ((u8 *) (des_keymap + 320) + (0xFC & z));
735 z >>= 8;
736 x ^= * (u32 *) ((u8 *) (des_keymap + 256) + (0xFC & z));
737 z = expkey[26];
738 z ^= y;
739 x ^= * (u32 *) ((u8 *) (des_keymap + 192) + (0xFC & z));
740 z >>= 8;
741 x ^= * (u32 *) ((u8 *) (des_keymap + 128) + (0xFC & z));
742 z >>= 8;
743 x ^= * (u32 *) ((u8 *) (des_keymap + 64) + (0xFC & z));
744 z >>= 8;
745 x ^= * (u32 *) ((u8 *) des_keymap + (0xFC & z));
746 z = expkey[25];
747 z ^= x;
748 z = z << 4 | z >> 28;
749 y ^= * (u32 *) ((u8 *) (des_keymap + 448) + (0xFC & z));
750 z >>= 8;
751 y ^= * (u32 *) ((u8 *) (des_keymap + 384) + (0xFC & z));
752 z >>= 8;
753 y ^= * (u32 *) ((u8 *) (des_keymap + 320) + (0xFC & z));
754 z >>= 8;
755 y ^= * (u32 *) ((u8 *) (des_keymap + 256) + (0xFC & z));
756 z = expkey[24];
757 z ^= x;
758 y ^= * (u32 *) ((u8 *) (des_keymap + 192) + (0xFC & z));
759 z >>= 8;
760 y ^= * (u32 *) ((u8 *) (des_keymap + 128) + (0xFC & z));
761 z >>= 8;
762 y ^= * (u32 *) ((u8 *) (des_keymap + 64) + (0xFC & z));
763 z >>= 8;
764 y ^= * (u32 *) ((u8 *) des_keymap + (0xFC & z));
765 z = expkey[23];
766 z ^= y;
767 z = z << 4 | z >> 28;
768 x ^= * (u32 *) ((u8 *) (des_keymap + 448) + (0xFC & z));
769 z >>= 8;
770 x ^= * (u32 *) ((u8 *) (des_keymap + 384) + (0xFC & z));
771 z >>= 8;
772 x ^= * (u32 *) ((u8 *) (des_keymap + 320) + (0xFC & z));
773 z >>= 8;
774 x ^= * (u32 *) ((u8 *) (des_keymap + 256) + (0xFC & z));
775 z = expkey[22];
776 z ^= y;
777 x ^= * (u32 *) ((u8 *) (des_keymap + 192) + (0xFC & z));
778 z >>= 8;
779 x ^= * (u32 *) ((u8 *) (des_keymap + 128) + (0xFC & z));
780 z >>= 8;
781 x ^= * (u32 *) ((u8 *) (des_keymap + 64) + (0xFC & z));
782 z >>= 8;
783 x ^= * (u32 *) ((u8 *) des_keymap + (0xFC & z));
784 z = expkey[21];
785 z ^= x;
786 z = z << 4 | z >> 28;
787 y ^= * (u32 *) ((u8 *) (des_keymap + 448) + (0xFC & z));
788 z >>= 8;
789 y ^= * (u32 *) ((u8 *) (des_keymap + 384) + (0xFC & z));
790 z >>= 8;
791 y ^= * (u32 *) ((u8 *) (des_keymap + 320) + (0xFC & z));
792 z >>= 8;
793 y ^= * (u32 *) ((u8 *) (des_keymap + 256) + (0xFC & z));
794 z = expkey[20];
795 z ^= x;
796 y ^= * (u32 *) ((u8 *) (des_keymap + 192) + (0xFC & z));
797 z >>= 8;
798 y ^= * (u32 *) ((u8 *) (des_keymap + 128) + (0xFC & z));
799 z >>= 8;
800 y ^= * (u32 *) ((u8 *) (des_keymap + 64) + (0xFC & z));
801 z >>= 8;
802 y ^= * (u32 *) ((u8 *) des_keymap + (0xFC & z));
803 z = expkey[19];
804 z ^= y;
805 z = z << 4 | z >> 28;
806 x ^= * (u32 *) ((u8 *) (des_keymap + 448) + (0xFC & z));
807 z >>= 8;
808 x ^= * (u32 *) ((u8 *) (des_keymap + 384) + (0xFC & z));
809 z >>= 8;
810 x ^= * (u32 *) ((u8 *) (des_keymap + 320) + (0xFC & z));
811 z >>= 8;
812 x ^= * (u32 *) ((u8 *) (des_keymap + 256) + (0xFC & z));
813 z = expkey[18];
814 z ^= y;
815 x ^= * (u32 *) ((u8 *) (des_keymap + 192) + (0xFC & z));
816 z >>= 8;
817 x ^= * (u32 *) ((u8 *) (des_keymap + 128) + (0xFC & z));
818 z >>= 8;
819 x ^= * (u32 *) ((u8 *) (des_keymap + 64) + (0xFC & z));
820 z >>= 8;
821 x ^= * (u32 *) ((u8 *) des_keymap + (0xFC & z));
822 z = expkey[17];
823 z ^= x;
824 z = z << 4 | z >> 28;
825 y ^= * (u32 *) ((u8 *) (des_keymap + 448) + (0xFC & z));
826 z >>= 8;
827 y ^= * (u32 *) ((u8 *) (des_keymap + 384) + (0xFC & z));
828 z >>= 8;
829 y ^= * (u32 *) ((u8 *) (des_keymap + 320) + (0xFC & z));
830 z >>= 8;
831 y ^= * (u32 *) ((u8 *) (des_keymap + 256) + (0xFC & z));
832 z = expkey[16];
833 z ^= x;
834 y ^= * (u32 *) ((u8 *) (des_keymap + 192) + (0xFC & z));
835 z >>= 8;
836 y ^= * (u32 *) ((u8 *) (des_keymap + 128) + (0xFC & z));
837 z >>= 8;
838 y ^= * (u32 *) ((u8 *) (des_keymap + 64) + (0xFC & z));
839 z >>= 8;
840 y ^= * (u32 *) ((u8 *) des_keymap + (0xFC & z));
841 z = expkey[15];
842 z ^= y;
843 z = z << 4 | z >> 28;
844 x ^= * (u32 *) ((u8 *) (des_keymap + 448) + (0xFC & z));
845 z >>= 8;
846 x ^= * (u32 *) ((u8 *) (des_keymap + 384) + (0xFC & z));
847 z >>= 8;
848 x ^= * (u32 *) ((u8 *) (des_keymap + 320) + (0xFC & z));
849 z >>= 8;
850 x ^= * (u32 *) ((u8 *) (des_keymap + 256) + (0xFC & z));
851 z = expkey[14];
852 z ^= y;
853 x ^= * (u32 *) ((u8 *) (des_keymap + 192) + (0xFC & z));
854 z >>= 8;
855 x ^= * (u32 *) ((u8 *) (des_keymap + 128) + (0xFC & z));
856 z >>= 8;
857 x ^= * (u32 *) ((u8 *) (des_keymap + 64) + (0xFC & z));
858 z >>= 8;
859 x ^= * (u32 *) ((u8 *) des_keymap + (0xFC & z));
860 z = expkey[13];
861 z ^= x;
862 z = z << 4 | z >> 28;
863 y ^= * (u32 *) ((u8 *) (des_keymap + 448) + (0xFC & z));
864 z >>= 8;
865 y ^= * (u32 *) ((u8 *) (des_keymap + 384) + (0xFC & z));
866 z >>= 8;
867 y ^= * (u32 *) ((u8 *) (des_keymap + 320) + (0xFC & z));
868 z >>= 8;
869 y ^= * (u32 *) ((u8 *) (des_keymap + 256) + (0xFC & z));
870 z = expkey[12];
871 z ^= x;
872 y ^= * (u32 *) ((u8 *) (des_keymap + 192) + (0xFC & z));
873 z >>= 8;
874 y ^= * (u32 *) ((u8 *) (des_keymap + 128) + (0xFC & z));
875 z >>= 8;
876 y ^= * (u32 *) ((u8 *) (des_keymap + 64) + (0xFC & z));
877 z >>= 8;
878 y ^= * (u32 *) ((u8 *) des_keymap + (0xFC & z));
879 z = expkey[11];
880 z ^= y;
881 z = z << 4 | z >> 28;
882 x ^= * (u32 *) ((u8 *) (des_keymap + 448) + (0xFC & z));
883 z >>= 8;
884 x ^= * (u32 *) ((u8 *) (des_keymap + 384) + (0xFC & z));
885 z >>= 8;
886 x ^= * (u32 *) ((u8 *) (des_keymap + 320) + (0xFC & z));
887 z >>= 8;
888 x ^= * (u32 *) ((u8 *) (des_keymap + 256) + (0xFC & z));
889 z = expkey[10];
890 z ^= y;
891 x ^= * (u32 *) ((u8 *) (des_keymap + 192) + (0xFC & z));
892 z >>= 8;
893 x ^= * (u32 *) ((u8 *) (des_keymap + 128) + (0xFC & z));
894 z >>= 8;
895 x ^= * (u32 *) ((u8 *) (des_keymap + 64) + (0xFC & z));
896 z >>= 8;
897 x ^= * (u32 *) ((u8 *) des_keymap + (0xFC & z));
898 z = expkey[9];
899 z ^= x;
900 z = z << 4 | z >> 28;
901 y ^= * (u32 *) ((u8 *) (des_keymap + 448) + (0xFC & z));
902 z >>= 8;
903 y ^= * (u32 *) ((u8 *) (des_keymap + 384) + (0xFC & z));
904 z >>= 8;
905 y ^= * (u32 *) ((u8 *) (des_keymap + 320) + (0xFC & z));
906 z >>= 8;
907 y ^= * (u32 *) ((u8 *) (des_keymap + 256) + (0xFC & z));
908 z = expkey[8];
909 z ^= x;
910 y ^= * (u32 *) ((u8 *) (des_keymap + 192) + (0xFC & z));
911 z >>= 8;
912 y ^= * (u32 *) ((u8 *) (des_keymap + 128) + (0xFC & z));
913 z >>= 8;
914 y ^= * (u32 *) ((u8 *) (des_keymap + 64) + (0xFC & z));
915 z >>= 8;
916 y ^= * (u32 *) ((u8 *) des_keymap + (0xFC & z));
917 z = expkey[7];
918 z ^= y;
919 z = z << 4 | z >> 28;
920 x ^= * (u32 *) ((u8 *) (des_keymap + 448) + (0xFC & z));
921 z >>= 8;
922 x ^= * (u32 *) ((u8 *) (des_keymap + 384) + (0xFC & z));
923 z >>= 8;
924 x ^= * (u32 *) ((u8 *) (des_keymap + 320) + (0xFC & z));
925 z >>= 8;
926 x ^= * (u32 *) ((u8 *) (des_keymap + 256) + (0xFC & z));
927 z = expkey[6];
928 z ^= y;
929 x ^= * (u32 *) ((u8 *) (des_keymap + 192) + (0xFC & z));
930 z >>= 8;
931 x ^= * (u32 *) ((u8 *) (des_keymap + 128) + (0xFC & z));
932 z >>= 8;
933 x ^= * (u32 *) ((u8 *) (des_keymap + 64) + (0xFC & z));
934 z >>= 8;
935 x ^= * (u32 *) ((u8 *) des_keymap + (0xFC & z));
936 z = expkey[5];
937 z ^= x;
938 z = z << 4 | z >> 28;
939 y ^= * (u32 *) ((u8 *) (des_keymap + 448) + (0xFC & z));
940 z >>= 8;
941 y ^= * (u32 *) ((u8 *) (des_keymap + 384) + (0xFC & z));
942 z >>= 8;
943 y ^= * (u32 *) ((u8 *) (des_keymap + 320) + (0xFC & z));
944 z >>= 8;
945 y ^= * (u32 *) ((u8 *) (des_keymap + 256) + (0xFC & z));
946 z = expkey[4];
947 z ^= x;
948 y ^= * (u32 *) ((u8 *) (des_keymap + 192) + (0xFC & z));
949 z >>= 8;
950 y ^= * (u32 *) ((u8 *) (des_keymap + 128) + (0xFC & z));
951 z >>= 8;
952 y ^= * (u32 *) ((u8 *) (des_keymap + 64) + (0xFC & z));
953 z >>= 8;
954 y ^= * (u32 *) ((u8 *) des_keymap + (0xFC & z));
955 z = expkey[3];
956 z ^= y;
957 z = z << 4 | z >> 28;
958 x ^= * (u32 *) ((u8 *) (des_keymap + 448) + (0xFC & z));
959 z >>= 8;
960 x ^= * (u32 *) ((u8 *) (des_keymap + 384) + (0xFC & z));
961 z >>= 8;
962 x ^= * (u32 *) ((u8 *) (des_keymap + 320) + (0xFC & z));
963 z >>= 8;
964 x ^= * (u32 *) ((u8 *) (des_keymap + 256) + (0xFC & z));
965 z = expkey[2];
966 z ^= y;
967 x ^= * (u32 *) ((u8 *) (des_keymap + 192) + (0xFC & z));
968 z >>= 8;
969 x ^= * (u32 *) ((u8 *) (des_keymap + 128) + (0xFC & z));
970 z >>= 8;
971 x ^= * (u32 *) ((u8 *) (des_keymap + 64) + (0xFC & z));
972 z >>= 8;
973 x ^= * (u32 *) ((u8 *) des_keymap + (0xFC & z));
974 z = expkey[1];
975 z ^= x;
976 z = z << 4 | z >> 28;
977 y ^= * (u32 *) ((u8 *) (des_keymap + 448) + (0xFC & z));
978 z >>= 8;
979 y ^= * (u32 *) ((u8 *) (des_keymap + 384) + (0xFC & z));
980 z >>= 8;
981 y ^= * (u32 *) ((u8 *) (des_keymap + 320) + (0xFC & z));
982 z >>= 8;
983 y ^= * (u32 *) ((u8 *) (des_keymap + 256) + (0xFC & z));
984 z = expkey[0];
985 z ^= x;
986 y ^= * (u32 *) ((u8 *) (des_keymap + 192) + (0xFC & z));
987 z >>= 8;
988 y ^= * (u32 *) ((u8 *) (des_keymap + 128) + (0xFC & z));
989 z >>= 8;
990 y ^= * (u32 *) ((u8 *) (des_keymap + 64) + (0xFC & z));
991 z >>= 8;
992 y ^= * (u32 *) ((u8 *) des_keymap + (0xFC & z));
993 x = x << 1 | x >> 31;
994 z = (x ^ y) & 0x55555555L;
995 y ^= z;
996 x ^= z;
997 y = y << 1 | y >> 31;
998 z = ((x >> 010) ^ y) & 0x00FF00FFL;
999 x ^= z << 010;
1000 y ^= z;
1001 z = ((y >> 002) ^ x) & 0x33333333L;
1002 y ^= z << 002;
1003 x ^= z;
1004 z = ((x >> 020) ^ y) & 0x0000FFFFL;
1005 x ^= z << 020;
1006 y ^= z;
1007 z = ((y >> 004) ^ x) & 0x0F0F0F0FL;
1008 y ^= z << 004;
1009 x ^= z;
1010 dst[0] = x;
1011 x >>= 8;
1012 dst[1] = x;
1013 x >>= 8;
1014 dst[2] = x;
1015 x >>= 8;
1016 dst[3] = x;
1017 dst[4] = y;
1018 y >>= 8;
1019 dst[5] = y;
1020 y >>= 8;
1021 dst[6] = y;
1022 y >>= 8;
1023 dst[7] = y;
1024}
1025
1026/*
1027 * RFC2451: Weak key checks SHOULD be performed.
1028 */
1029static int setkey(u32 *expkey, const u8 *key, unsigned int keylen, u32 *flags)
1030{
1031 const u8 *k;
1032 u8 *b0, *b1;
1033 u32 n, w;
1034 u8 bits0[56], bits1[56];
1035
1036 n = parity[key[0]]; n <<= 4;
1037 n |= parity[key[1]]; n <<= 4;
1038 n |= parity[key[2]]; n <<= 4;
1039 n |= parity[key[3]]; n <<= 4;
1040 n |= parity[key[4]]; n <<= 4;
1041 n |= parity[key[5]]; n <<= 4;
1042 n |= parity[key[6]]; n <<= 4;
1043 n |= parity[key[7]];
1044 w = 0x88888888L;
1045
1046 if ((*flags & CRYPTO_TFM_REQ_WEAK_KEY)
1047 && !((n - (w >> 3)) & w)) { /* 1 in 10^10 keys passes this test */
1048 if (n < 0x41415151) {
1049 if (n < 0x31312121) {
1050 if (n < 0x14141515) {
1051 /* 01 01 01 01 01 01 01 01 */
1052 if (n == 0x11111111) goto weak;
1053 /* 01 1F 01 1F 01 0E 01 0E */
1054 if (n == 0x13131212) goto weak;
1055 } else {
1056 /* 01 E0 01 E0 01 F1 01 F1 */
1057 if (n == 0x14141515) goto weak;
1058 /* 01 FE 01 FE 01 FE 01 FE */
1059 if (n == 0x16161616) goto weak;
1060 }
1061 } else {
1062 if (n < 0x34342525) {
1063 /* 1F 01 1F 01 0E 01 0E 01 */
1064 if (n == 0x31312121) goto weak;
1065 /* 1F 1F 1F 1F 0E 0E 0E 0E (?) */
1066 if (n == 0x33332222) goto weak;
1067 } else {
1068 /* 1F E0 1F E0 0E F1 0E F1 */
1069 if (n == 0x34342525) goto weak;
1070 /* 1F FE 1F FE 0E FE 0E FE */
1071 if (n == 0x36362626) goto weak;
1072 }
1073 }
1074 } else {
1075 if (n < 0x61616161) {
1076 if (n < 0x44445555) {
1077 /* E0 01 E0 01 F1 01 F1 01 */
1078 if (n == 0x41415151) goto weak;
1079 /* E0 1F E0 1F F1 0E F1 0E */
1080 if (n == 0x43435252) goto weak;
1081 } else {
1082 /* E0 E0 E0 E0 F1 F1 F1 F1 (?) */
1083 if (n == 0x44445555) goto weak;
1084 /* E0 FE E0 FE F1 FE F1 FE */
1085 if (n == 0x46465656) goto weak;
1086 }
1087 } else {
1088 if (n < 0x64646565) {
1089 /* FE 01 FE 01 FE 01 FE 01 */
1090 if (n == 0x61616161) goto weak;
1091 /* FE 1F FE 1F FE 0E FE 0E */
1092 if (n == 0x63636262) goto weak;
1093 } else {
1094 /* FE E0 FE E0 FE F1 FE F1 */
1095 if (n == 0x64646565) goto weak;
1096 /* FE FE FE FE FE FE FE FE */
1097 if (n == 0x66666666) goto weak;
1098 }
1099 }
1100 }
1101
1102 goto not_weak;
1103weak:
1104 *flags |= CRYPTO_TFM_RES_WEAK_KEY;
1105 return -EINVAL;
1106 }
1107
1108not_weak:
1109
1110 /* explode the bits */
1111 n = 56;
1112 b0 = bits0;
1113 b1 = bits1;
1114
1115 do {
1116 w = (256 | *key++) << 2;
1117 do {
1118 --n;
1119 b1[n] = 8 & w;
1120 w >>= 1;
1121 b0[n] = 4 & w;
1122 } while ( w >= 16 );
1123 } while ( n );
1124
1125 /* put the bits in the correct places */
1126 n = 16;
1127 k = rotors;
1128
1129 do {
1130 w = (b1[k[ 0 ]] | b0[k[ 1 ]]) << 4;
1131 w |= (b1[k[ 2 ]] | b0[k[ 3 ]]) << 2;
1132 w |= b1[k[ 4 ]] | b0[k[ 5 ]];
1133 w <<= 8;
1134 w |= (b1[k[ 6 ]] | b0[k[ 7 ]]) << 4;
1135 w |= (b1[k[ 8 ]] | b0[k[ 9 ]]) << 2;
1136 w |= b1[k[10 ]] | b0[k[11 ]];
1137 w <<= 8;
1138 w |= (b1[k[12 ]] | b0[k[13 ]]) << 4;
1139 w |= (b1[k[14 ]] | b0[k[15 ]]) << 2;
1140 w |= b1[k[16 ]] | b0[k[17 ]];
1141 w <<= 8;
1142 w |= (b1[k[18 ]] | b0[k[19 ]]) << 4;
1143 w |= (b1[k[20 ]] | b0[k[21 ]]) << 2;
1144 w |= b1[k[22 ]] | b0[k[23 ]];
1145 expkey[0] = w;
1146
1147 w = (b1[k[ 0+24]] | b0[k[ 1+24]]) << 4;
1148 w |= (b1[k[ 2+24]] | b0[k[ 3+24]]) << 2;
1149 w |= b1[k[ 4+24]] | b0[k[ 5+24]];
1150 w <<= 8;
1151 w |= (b1[k[ 6+24]] | b0[k[ 7+24]]) << 4;
1152 w |= (b1[k[ 8+24]] | b0[k[ 9+24]]) << 2;
1153 w |= b1[k[10+24]] | b0[k[11+24]];
1154 w <<= 8;
1155 w |= (b1[k[12+24]] | b0[k[13+24]]) << 4;
1156 w |= (b1[k[14+24]] | b0[k[15+24]]) << 2;
1157 w |= b1[k[16+24]] | b0[k[17+24]];
1158 w <<= 8;
1159 w |= (b1[k[18+24]] | b0[k[19+24]]) << 4;
1160 w |= (b1[k[20+24]] | b0[k[21+24]]) << 2;
1161 w |= b1[k[22+24]] | b0[k[23+24]];
1162
1163 ROR(w, 4, 28); /* could be eliminated */
1164 expkey[1] = w;
1165
1166 k += 48;
1167 expkey += 2;
1168 } while (--n);
1169
1170 return 0;
1171}
1172
1173static int des_setkey(void *ctx, const u8 *key, unsigned int keylen, u32 *flags)
1174{
1175 return setkey(((struct des_ctx *)ctx)->expkey, key, keylen, flags);
1176}
1177
1178static void des_encrypt(void *ctx, u8 *dst, const u8 *src)
1179{
1180 des_small_fips_encrypt(((struct des_ctx *)ctx)->expkey, dst, src);
1181}
1182
1183static void des_decrypt(void *ctx, u8 *dst, const u8 *src)
1184{
1185 des_small_fips_decrypt(((struct des_ctx *)ctx)->expkey, dst, src);
1186}
1187
1188/*
1189 * RFC2451:
1190 *
1191 * For DES-EDE3, there is no known need to reject weak or
1192 * complementation keys. Any weakness is obviated by the use of
1193 * multiple keys.
1194 *
1195 * However, if the first two or last two independent 64-bit keys are
1196 * equal (k1 == k2 or k2 == k3), then the DES3 operation is simply the
1197 * same as DES. Implementers MUST reject keys that exhibit this
1198 * property.
1199 *
1200 */
1201static int des3_ede_setkey(void *ctx, const u8 *key,
1202 unsigned int keylen, u32 *flags)
1203{
1204 unsigned int i, off;
1205 struct des3_ede_ctx *dctx = ctx;
1206
1207 if (!(memcmp(key, &key[DES_KEY_SIZE], DES_KEY_SIZE) &&
1208 memcmp(&key[DES_KEY_SIZE], &key[DES_KEY_SIZE * 2],
1209 DES_KEY_SIZE))) {
1210
1211 *flags |= CRYPTO_TFM_RES_BAD_KEY_SCHED;
1212 return -EINVAL;
1213 }
1214
1215 for (i = 0, off = 0; i < 3; i++, off += DES_EXPKEY_WORDS,
1216 key += DES_KEY_SIZE) {
1217 int ret = setkey(&dctx->expkey[off], key, DES_KEY_SIZE, flags);
1218 if (ret < 0)
1219 return ret;
1220 }
1221 return 0;
1222}
1223
1224static void des3_ede_encrypt(void *ctx, u8 *dst, const u8 *src)
1225{
1226 struct des3_ede_ctx *dctx = ctx;
1227
1228 des_small_fips_encrypt(dctx->expkey, dst, src);
1229 des_small_fips_decrypt(&dctx->expkey[DES_EXPKEY_WORDS], dst, dst);
1230 des_small_fips_encrypt(&dctx->expkey[DES_EXPKEY_WORDS * 2], dst, dst);
1231}
1232
1233static void des3_ede_decrypt(void *ctx, u8 *dst, const u8 *src)
1234{
1235 struct des3_ede_ctx *dctx = ctx;
1236
1237 des_small_fips_decrypt(&dctx->expkey[DES_EXPKEY_WORDS * 2], dst, src);
1238 des_small_fips_encrypt(&dctx->expkey[DES_EXPKEY_WORDS], dst, dst);
1239 des_small_fips_decrypt(dctx->expkey, dst, dst);
1240}
1241
1242static struct crypto_alg des_alg = {
1243 .cra_name = "des",
1244 .cra_flags = CRYPTO_ALG_TYPE_CIPHER,
1245 .cra_blocksize = DES_BLOCK_SIZE,
1246 .cra_ctxsize = sizeof(struct des_ctx),
1247 .cra_module = THIS_MODULE,
1248 .cra_list = LIST_HEAD_INIT(des_alg.cra_list),
1249 .cra_u = { .cipher = {
1250 .cia_min_keysize = DES_KEY_SIZE,
1251 .cia_max_keysize = DES_KEY_SIZE,
1252 .cia_setkey = des_setkey,
1253 .cia_encrypt = des_encrypt,
1254 .cia_decrypt = des_decrypt } }
1255};
1256
1257static struct crypto_alg des3_ede_alg = {
1258 .cra_name = "des3_ede",
1259 .cra_flags = CRYPTO_ALG_TYPE_CIPHER,
1260 .cra_blocksize = DES3_EDE_BLOCK_SIZE,
1261 .cra_ctxsize = sizeof(struct des3_ede_ctx),
1262 .cra_module = THIS_MODULE,
1263 .cra_list = LIST_HEAD_INIT(des3_ede_alg.cra_list),
1264 .cra_u = { .cipher = {
1265 .cia_min_keysize = DES3_EDE_KEY_SIZE,
1266 .cia_max_keysize = DES3_EDE_KEY_SIZE,
1267 .cia_setkey = des3_ede_setkey,
1268 .cia_encrypt = des3_ede_encrypt,
1269 .cia_decrypt = des3_ede_decrypt } }
1270};
1271
1272MODULE_ALIAS("des3_ede");
1273
1274static int __init init(void)
1275{
1276 int ret = 0;
1277
1278 ret = crypto_register_alg(&des_alg);
1279 if (ret < 0)
1280 goto out;
1281
1282 ret = crypto_register_alg(&des3_ede_alg);
1283 if (ret < 0)
1284 crypto_unregister_alg(&des_alg);
1285out:
1286 return ret;
1287}
1288
1289static void __exit fini(void)
1290{
1291 crypto_unregister_alg(&des3_ede_alg);
1292 crypto_unregister_alg(&des_alg);
1293}
1294
1295module_init(init);
1296module_exit(fini);
1297
1298MODULE_LICENSE("GPL");
1299MODULE_DESCRIPTION("DES & Triple DES EDE Cipher Algorithms");
diff --git a/crypto/digest.c b/crypto/digest.c
new file mode 100644
index 000000000000..d9b6ac9dbf8d
--- /dev/null
+++ b/crypto/digest.c
@@ -0,0 +1,107 @@
1/*
2 * Cryptographic API.
3 *
4 * Digest operations.
5 *
6 * Copyright (c) 2002 James Morris <jmorris@intercode.com.au>
7 *
8 * This program is free software; you can redistribute it and/or modify it
9 * under the terms of the GNU General Public License as published by the Free
10 * Software Foundation; either version 2 of the License, or (at your option)
11 * any later version.
12 *
13 */
14#include <linux/crypto.h>
15#include <linux/mm.h>
16#include <linux/errno.h>
17#include <linux/highmem.h>
18#include <asm/scatterlist.h>
19#include "internal.h"
20
21static void init(struct crypto_tfm *tfm)
22{
23 tfm->__crt_alg->cra_digest.dia_init(crypto_tfm_ctx(tfm));
24}
25
26static void update(struct crypto_tfm *tfm,
27 struct scatterlist *sg, unsigned int nsg)
28{
29 unsigned int i;
30
31 for (i = 0; i < nsg; i++) {
32
33 struct page *pg = sg[i].page;
34 unsigned int offset = sg[i].offset;
35 unsigned int l = sg[i].length;
36
37 do {
38 unsigned int bytes_from_page = min(l, ((unsigned int)
39 (PAGE_SIZE)) -
40 offset);
41 char *p = crypto_kmap(pg, 0) + offset;
42
43 tfm->__crt_alg->cra_digest.dia_update
44 (crypto_tfm_ctx(tfm), p,
45 bytes_from_page);
46 crypto_kunmap(p, 0);
47 crypto_yield(tfm);
48 offset = 0;
49 pg++;
50 l -= bytes_from_page;
51 } while (l > 0);
52 }
53}
54
55static void final(struct crypto_tfm *tfm, u8 *out)
56{
57 tfm->__crt_alg->cra_digest.dia_final(crypto_tfm_ctx(tfm), out);
58}
59
60static int setkey(struct crypto_tfm *tfm, const u8 *key, unsigned int keylen)
61{
62 u32 flags;
63 if (tfm->__crt_alg->cra_digest.dia_setkey == NULL)
64 return -ENOSYS;
65 return tfm->__crt_alg->cra_digest.dia_setkey(crypto_tfm_ctx(tfm),
66 key, keylen, &flags);
67}
68
69static void digest(struct crypto_tfm *tfm,
70 struct scatterlist *sg, unsigned int nsg, u8 *out)
71{
72 unsigned int i;
73
74 tfm->crt_digest.dit_init(tfm);
75
76 for (i = 0; i < nsg; i++) {
77 char *p = crypto_kmap(sg[i].page, 0) + sg[i].offset;
78 tfm->__crt_alg->cra_digest.dia_update(crypto_tfm_ctx(tfm),
79 p, sg[i].length);
80 crypto_kunmap(p, 0);
81 crypto_yield(tfm);
82 }
83 crypto_digest_final(tfm, out);
84}
85
86int crypto_init_digest_flags(struct crypto_tfm *tfm, u32 flags)
87{
88 return flags ? -EINVAL : 0;
89}
90
91int crypto_init_digest_ops(struct crypto_tfm *tfm)
92{
93 struct digest_tfm *ops = &tfm->crt_digest;
94
95 ops->dit_init = init;
96 ops->dit_update = update;
97 ops->dit_final = final;
98 ops->dit_digest = digest;
99 ops->dit_setkey = setkey;
100
101 return crypto_alloc_hmac_block(tfm);
102}
103
104void crypto_exit_digest_ops(struct crypto_tfm *tfm)
105{
106 crypto_free_hmac_block(tfm);
107}
diff --git a/crypto/hmac.c b/crypto/hmac.c
new file mode 100644
index 000000000000..847df9263e16
--- /dev/null
+++ b/crypto/hmac.c
@@ -0,0 +1,134 @@
1/*
2 * Cryptographic API.
3 *
4 * HMAC: Keyed-Hashing for Message Authentication (RFC2104).
5 *
6 * Copyright (c) 2002 James Morris <jmorris@intercode.com.au>
7 *
8 * The HMAC implementation is derived from USAGI.
9 * Copyright (c) 2002 Kazunori Miyazawa <miyazawa@linux-ipv6.org> / USAGI
10 *
11 * This program is free software; you can redistribute it and/or modify it
12 * under the terms of the GNU General Public License as published by the Free
13 * Software Foundation; either version 2 of the License, or (at your option)
14 * any later version.
15 *
16 */
17#include <linux/crypto.h>
18#include <linux/mm.h>
19#include <linux/highmem.h>
20#include <linux/slab.h>
21#include <asm/scatterlist.h>
22#include "internal.h"
23
24static void hash_key(struct crypto_tfm *tfm, u8 *key, unsigned int keylen)
25{
26 struct scatterlist tmp;
27
28 tmp.page = virt_to_page(key);
29 tmp.offset = offset_in_page(key);
30 tmp.length = keylen;
31 crypto_digest_digest(tfm, &tmp, 1, key);
32
33}
34
35int crypto_alloc_hmac_block(struct crypto_tfm *tfm)
36{
37 int ret = 0;
38
39 BUG_ON(!crypto_tfm_alg_blocksize(tfm));
40
41 tfm->crt_digest.dit_hmac_block = kmalloc(crypto_tfm_alg_blocksize(tfm),
42 GFP_KERNEL);
43 if (tfm->crt_digest.dit_hmac_block == NULL)
44 ret = -ENOMEM;
45
46 return ret;
47
48}
49
50void crypto_free_hmac_block(struct crypto_tfm *tfm)
51{
52 if (tfm->crt_digest.dit_hmac_block)
53 kfree(tfm->crt_digest.dit_hmac_block);
54}
55
56void crypto_hmac_init(struct crypto_tfm *tfm, u8 *key, unsigned int *keylen)
57{
58 unsigned int i;
59 struct scatterlist tmp;
60 char *ipad = tfm->crt_digest.dit_hmac_block;
61
62 if (*keylen > crypto_tfm_alg_blocksize(tfm)) {
63 hash_key(tfm, key, *keylen);
64 *keylen = crypto_tfm_alg_digestsize(tfm);
65 }
66
67 memset(ipad, 0, crypto_tfm_alg_blocksize(tfm));
68 memcpy(ipad, key, *keylen);
69
70 for (i = 0; i < crypto_tfm_alg_blocksize(tfm); i++)
71 ipad[i] ^= 0x36;
72
73 tmp.page = virt_to_page(ipad);
74 tmp.offset = offset_in_page(ipad);
75 tmp.length = crypto_tfm_alg_blocksize(tfm);
76
77 crypto_digest_init(tfm);
78 crypto_digest_update(tfm, &tmp, 1);
79}
80
81void crypto_hmac_update(struct crypto_tfm *tfm,
82 struct scatterlist *sg, unsigned int nsg)
83{
84 crypto_digest_update(tfm, sg, nsg);
85}
86
87void crypto_hmac_final(struct crypto_tfm *tfm, u8 *key,
88 unsigned int *keylen, u8 *out)
89{
90 unsigned int i;
91 struct scatterlist tmp;
92 char *opad = tfm->crt_digest.dit_hmac_block;
93
94 if (*keylen > crypto_tfm_alg_blocksize(tfm)) {
95 hash_key(tfm, key, *keylen);
96 *keylen = crypto_tfm_alg_digestsize(tfm);
97 }
98
99 crypto_digest_final(tfm, out);
100
101 memset(opad, 0, crypto_tfm_alg_blocksize(tfm));
102 memcpy(opad, key, *keylen);
103
104 for (i = 0; i < crypto_tfm_alg_blocksize(tfm); i++)
105 opad[i] ^= 0x5c;
106
107 tmp.page = virt_to_page(opad);
108 tmp.offset = offset_in_page(opad);
109 tmp.length = crypto_tfm_alg_blocksize(tfm);
110
111 crypto_digest_init(tfm);
112 crypto_digest_update(tfm, &tmp, 1);
113
114 tmp.page = virt_to_page(out);
115 tmp.offset = offset_in_page(out);
116 tmp.length = crypto_tfm_alg_digestsize(tfm);
117
118 crypto_digest_update(tfm, &tmp, 1);
119 crypto_digest_final(tfm, out);
120}
121
122void crypto_hmac(struct crypto_tfm *tfm, u8 *key, unsigned int *keylen,
123 struct scatterlist *sg, unsigned int nsg, u8 *out)
124{
125 crypto_hmac_init(tfm, key, keylen);
126 crypto_hmac_update(tfm, sg, nsg);
127 crypto_hmac_final(tfm, key, keylen, out);
128}
129
130EXPORT_SYMBOL_GPL(crypto_hmac_init);
131EXPORT_SYMBOL_GPL(crypto_hmac_update);
132EXPORT_SYMBOL_GPL(crypto_hmac_final);
133EXPORT_SYMBOL_GPL(crypto_hmac);
134
diff --git a/crypto/internal.h b/crypto/internal.h
new file mode 100644
index 000000000000..e68e43886d3c
--- /dev/null
+++ b/crypto/internal.h
@@ -0,0 +1,92 @@
1/*
2 * Cryptographic API.
3 *
4 * Copyright (c) 2002 James Morris <jmorris@intercode.com.au>
5 *
6 * This program is free software; you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License as published by the Free
8 * Software Foundation; either version 2 of the License, or (at your option)
9 * any later version.
10 *
11 */
12#ifndef _CRYPTO_INTERNAL_H
13#define _CRYPTO_INTERNAL_H
14#include <linux/crypto.h>
15#include <linux/mm.h>
16#include <linux/highmem.h>
17#include <linux/interrupt.h>
18#include <linux/init.h>
19#include <linux/kmod.h>
20#include <asm/kmap_types.h>
21
22extern enum km_type crypto_km_types[];
23
24static inline enum km_type crypto_kmap_type(int out)
25{
26 return crypto_km_types[(in_softirq() ? 2 : 0) + out];
27}
28
29static inline void *crypto_kmap(struct page *page, int out)
30{
31 return kmap_atomic(page, crypto_kmap_type(out));
32}
33
34static inline void crypto_kunmap(void *vaddr, int out)
35{
36 kunmap_atomic(vaddr, crypto_kmap_type(out));
37}
38
39static inline void crypto_yield(struct crypto_tfm *tfm)
40{
41 if (!in_softirq())
42 cond_resched();
43}
44
45static inline void *crypto_tfm_ctx(struct crypto_tfm *tfm)
46{
47 return (void *)&tfm[1];
48}
49
50struct crypto_alg *crypto_alg_lookup(const char *name);
51
52/* A far more intelligent version of this is planned. For now, just
53 * try an exact match on the name of the algorithm. */
54static inline struct crypto_alg *crypto_alg_mod_lookup(const char *name)
55{
56 return try_then_request_module(crypto_alg_lookup(name), name);
57}
58
59#ifdef CONFIG_CRYPTO_HMAC
60int crypto_alloc_hmac_block(struct crypto_tfm *tfm);
61void crypto_free_hmac_block(struct crypto_tfm *tfm);
62#else
63static inline int crypto_alloc_hmac_block(struct crypto_tfm *tfm)
64{
65 return 0;
66}
67
68static inline void crypto_free_hmac_block(struct crypto_tfm *tfm)
69{ }
70#endif
71
72#ifdef CONFIG_PROC_FS
73void __init crypto_init_proc(void);
74#else
75static inline void crypto_init_proc(void)
76{ }
77#endif
78
79int crypto_init_digest_flags(struct crypto_tfm *tfm, u32 flags);
80int crypto_init_cipher_flags(struct crypto_tfm *tfm, u32 flags);
81int crypto_init_compress_flags(struct crypto_tfm *tfm, u32 flags);
82
83int crypto_init_digest_ops(struct crypto_tfm *tfm);
84int crypto_init_cipher_ops(struct crypto_tfm *tfm);
85int crypto_init_compress_ops(struct crypto_tfm *tfm);
86
87void crypto_exit_digest_ops(struct crypto_tfm *tfm);
88void crypto_exit_cipher_ops(struct crypto_tfm *tfm);
89void crypto_exit_compress_ops(struct crypto_tfm *tfm);
90
91#endif /* _CRYPTO_INTERNAL_H */
92
diff --git a/crypto/khazad.c b/crypto/khazad.c
new file mode 100644
index 000000000000..738cb0dd1e7c
--- /dev/null
+++ b/crypto/khazad.c
@@ -0,0 +1,915 @@
1/*
2 * Cryptographic API.
3 *
4 * Khazad Algorithm
5 *
6 * The Khazad algorithm was developed by Paulo S. L. M. Barreto and
7 * Vincent Rijmen. It was a finalist in the NESSIE encryption contest.
8 *
9 * The original authors have disclaimed all copyright interest in this
10 * code and thus put it in the public domain. The subsequent authors
11 * have put this under the GNU General Public License.
12 *
13 * By Aaron Grothe ajgrothe@yahoo.com, August 1, 2004
14 *
15 * This program is free software; you can redistribute it and/or modify
16 * it under the terms of the GNU General Public License as published by
17 * the Free Software Foundation; either version 2 of the License, or
18 * (at your option) any later version.
19 *
20 */
21
22#include <linux/init.h>
23#include <linux/module.h>
24#include <linux/mm.h>
25#include <asm/scatterlist.h>
26#include <linux/crypto.h>
27
28#define KHAZAD_KEY_SIZE 16
29#define KHAZAD_BLOCK_SIZE 8
30#define KHAZAD_ROUNDS 8
31
32struct khazad_ctx {
33 u64 E[KHAZAD_ROUNDS + 1];
34 u64 D[KHAZAD_ROUNDS + 1];
35};
36
37static const u64 T0[256] = {
38 0xbad3d268bbb96a01ULL, 0x54fc4d19e59a66b1ULL, 0x2f71bc93e26514cdULL,
39 0x749ccdb925871b51ULL, 0x53f55102f7a257a4ULL, 0xd3686bb8d0d6be03ULL,
40 0xd26b6fbdd6deb504ULL, 0x4dd72964b35285feULL, 0x50f05d0dfdba4aadULL,
41 0xace98a26cf09e063ULL, 0x8d8a0e83091c9684ULL, 0xbfdcc679a5914d1aULL,
42 0x7090ddad3da7374dULL, 0x52f65507f1aa5ca3ULL, 0x9ab352c87ba417e1ULL,
43 0x4cd42d61b55a8ef9ULL, 0xea238f65460320acULL, 0xd56273a6c4e68411ULL,
44 0x97a466f155cc68c2ULL, 0xd16e63b2dcc6a80dULL, 0x3355ccffaa85d099ULL,
45 0x51f35908fbb241aaULL, 0x5bed712ac7e20f9cULL, 0xa6f7a204f359ae55ULL,
46 0xde7f5f81febec120ULL, 0x48d83d75ad7aa2e5ULL, 0xa8e59a32d729cc7fULL,
47 0x99b65ec771bc0ae8ULL, 0xdb704b90e096e63bULL, 0x3256c8faac8ddb9eULL,
48 0xb7c4e65195d11522ULL, 0xfc19d72b32b3aaceULL, 0xe338ab48704b7393ULL,
49 0x9ebf42dc63843bfdULL, 0x91ae7eef41fc52d0ULL, 0x9bb056cd7dac1ce6ULL,
50 0xe23baf4d76437894ULL, 0xbbd0d66dbdb16106ULL, 0x41c319589b32f1daULL,
51 0x6eb2a5cb7957e517ULL, 0xa5f2ae0bf941b35cULL, 0xcb400bc08016564bULL,
52 0x6bbdb1da677fc20cULL, 0x95a26efb59dc7eccULL, 0xa1febe1fe1619f40ULL,
53 0xf308eb1810cbc3e3ULL, 0xb1cefe4f81e12f30ULL, 0x0206080a0c10160eULL,
54 0xcc4917db922e675eULL, 0xc45137f3a26e3f66ULL, 0x1d2774694ee8cf53ULL,
55 0x143c504478a09c6cULL, 0xc3582be8b0560e73ULL, 0x63a591f2573f9a34ULL,
56 0xda734f95e69eed3cULL, 0x5de76934d3d2358eULL, 0x5fe1613edfc22380ULL,
57 0xdc79578bf2aed72eULL, 0x7d87e99413cf486eULL, 0xcd4a13de94266c59ULL,
58 0x7f81e19e1fdf5e60ULL, 0x5aee752fc1ea049bULL, 0x6cb4adc17547f319ULL,
59 0x5ce46d31d5da3e89ULL, 0xf704fb0c08ebefffULL, 0x266a98bed42d47f2ULL,
60 0xff1cdb2438abb7c7ULL, 0xed2a937e543b11b9ULL, 0xe825876f4a1336a2ULL,
61 0x9dba4ed3699c26f4ULL, 0x6fb1a1ce7f5fee10ULL, 0x8e8f028c03048b8dULL,
62 0x192b647d56c8e34fULL, 0xa0fdba1ae7699447ULL, 0xf00de7171ad3deeaULL,
63 0x89861e97113cba98ULL, 0x0f113c332278692dULL, 0x07091c1b12383115ULL,
64 0xafec8629c511fd6aULL, 0xfb10cb30208b9bdbULL, 0x0818202830405838ULL,
65 0x153f54417ea8976bULL, 0x0d1734392e687f23ULL, 0x040c101418202c1cULL,
66 0x0103040506080b07ULL, 0x64ac8de94507ab21ULL, 0xdf7c5b84f8b6ca27ULL,
67 0x769ac5b329970d5fULL, 0x798bf9800bef6472ULL, 0xdd7a538ef4a6dc29ULL,
68 0x3d47f4c98ef5b2b3ULL, 0x163a584e74b08a62ULL, 0x3f41fcc382e5a4bdULL,
69 0x3759dcebb2a5fc85ULL, 0x6db7a9c4734ff81eULL, 0x3848e0d890dd95a8ULL,
70 0xb9d6de67b1a17708ULL, 0x7395d1a237bf2a44ULL, 0xe926836a4c1b3da5ULL,
71 0x355fd4e1beb5ea8bULL, 0x55ff491ce3926db6ULL, 0x7193d9a83baf3c4aULL,
72 0x7b8df18a07ff727cULL, 0x8c890a860f149d83ULL, 0x7296d5a731b72143ULL,
73 0x88851a921734b19fULL, 0xf607ff090ee3e4f8ULL, 0x2a7ea882fc4d33d6ULL,
74 0x3e42f8c684edafbaULL, 0x5ee2653bd9ca2887ULL, 0x27699cbbd2254cf5ULL,
75 0x46ca0543890ac0cfULL, 0x0c14303c28607424ULL, 0x65af89ec430fa026ULL,
76 0x68b8bdd56d67df05ULL, 0x61a399f85b2f8c3aULL, 0x03050c0f0a181d09ULL,
77 0xc15e23e2bc46187dULL, 0x57f94116ef827bb8ULL, 0xd6677fa9cefe9918ULL,
78 0xd976439aec86f035ULL, 0x58e87d25cdfa1295ULL, 0xd875479fea8efb32ULL,
79 0x66aa85e34917bd2fULL, 0xd7647bacc8f6921fULL, 0x3a4ee8d29ccd83a6ULL,
80 0xc84507cf8a0e4b42ULL, 0x3c44f0cc88fdb9b4ULL, 0xfa13cf35268390dcULL,
81 0x96a762f453c463c5ULL, 0xa7f4a601f551a552ULL, 0x98b55ac277b401efULL,
82 0xec29977b52331abeULL, 0xb8d5da62b7a97c0fULL, 0xc7543bfca876226fULL,
83 0xaeef822cc319f66dULL, 0x69bbb9d06b6fd402ULL, 0x4bdd317aa762bfecULL,
84 0xabe0963ddd31d176ULL, 0xa9e69e37d121c778ULL, 0x67a981e64f1fb628ULL,
85 0x0a1e28223c504e36ULL, 0x47c901468f02cbc8ULL, 0xf20bef1d16c3c8e4ULL,
86 0xb5c2ee5b99c1032cULL, 0x226688aacc0d6beeULL, 0xe532b356647b4981ULL,
87 0xee2f9f715e230cb0ULL, 0xbedfc27ca399461dULL, 0x2b7dac87fa4538d1ULL,
88 0x819e3ebf217ce2a0ULL, 0x1236485a6c90a67eULL, 0x839836b52d6cf4aeULL,
89 0x1b2d6c775ad8f541ULL, 0x0e1238362470622aULL, 0x23658cafca0560e9ULL,
90 0xf502f30604fbf9f1ULL, 0x45cf094c8312ddc6ULL, 0x216384a5c61576e7ULL,
91 0xce4f1fd19e3e7150ULL, 0x49db3970ab72a9e2ULL, 0x2c74b09ce87d09c4ULL,
92 0xf916c33a2c9b8dd5ULL, 0xe637bf596e635488ULL, 0xb6c7e25493d91e25ULL,
93 0x2878a088f05d25d8ULL, 0x17395c4b72b88165ULL, 0x829b32b02b64ffa9ULL,
94 0x1a2e68725cd0fe46ULL, 0x8b80169d1d2cac96ULL, 0xfe1fdf213ea3bcc0ULL,
95 0x8a8312981b24a791ULL, 0x091b242d3648533fULL, 0xc94603ca8c064045ULL,
96 0x879426a1354cd8b2ULL, 0x4ed2256bb94a98f7ULL, 0xe13ea3427c5b659dULL,
97 0x2e72b896e46d1fcaULL, 0xe431b75362734286ULL, 0xe03da7477a536e9aULL,
98 0xeb208b60400b2babULL, 0x90ad7aea47f459d7ULL, 0xa4f1aa0eff49b85bULL,
99 0x1e22786644f0d25aULL, 0x85922eab395ccebcULL, 0x60a09dfd5d27873dULL,
100 0x0000000000000000ULL, 0x256f94b1de355afbULL, 0xf401f70302f3f2f6ULL,
101 0xf10ee3121cdbd5edULL, 0x94a16afe5fd475cbULL, 0x0b1d2c273a584531ULL,
102 0xe734bb5c686b5f8fULL, 0x759fc9bc238f1056ULL, 0xef2c9b74582b07b7ULL,
103 0x345cd0e4b8bde18cULL, 0x3153c4f5a695c697ULL, 0xd46177a3c2ee8f16ULL,
104 0xd06d67b7dacea30aULL, 0x869722a43344d3b5ULL, 0x7e82e59b19d75567ULL,
105 0xadea8e23c901eb64ULL, 0xfd1ad32e34bba1c9ULL, 0x297ba48df6552edfULL,
106 0x3050c0f0a09dcd90ULL, 0x3b4decd79ac588a1ULL, 0x9fbc46d9658c30faULL,
107 0xf815c73f2a9386d2ULL, 0xc6573ff9ae7e2968ULL, 0x13354c5f6a98ad79ULL,
108 0x060a181e14303a12ULL, 0x050f14111e28271bULL, 0xc55233f6a4663461ULL,
109 0x113344556688bb77ULL, 0x7799c1b62f9f0658ULL, 0x7c84ed9115c74369ULL,
110 0x7a8ef58f01f7797bULL, 0x7888fd850de76f75ULL, 0x365ad8eeb4adf782ULL,
111 0x1c24706c48e0c454ULL, 0x394be4dd96d59eafULL, 0x59eb7920cbf21992ULL,
112 0x1828607850c0e848ULL, 0x56fa4513e98a70bfULL, 0xb3c8f6458df1393eULL,
113 0xb0cdfa4a87e92437ULL, 0x246c90b4d83d51fcULL, 0x206080a0c01d7de0ULL,
114 0xb2cbf2408bf93239ULL, 0x92ab72e04be44fd9ULL, 0xa3f8b615ed71894eULL,
115 0xc05d27e7ba4e137aULL, 0x44cc0d49851ad6c1ULL, 0x62a695f751379133ULL,
116 0x103040506080b070ULL, 0xb4c1ea5e9fc9082bULL, 0x84912aae3f54c5bbULL,
117 0x43c511529722e7d4ULL, 0x93a876e54dec44deULL, 0xc25b2fedb65e0574ULL,
118 0x4ade357fa16ab4ebULL, 0xbddace73a9815b14ULL, 0x8f8c0689050c808aULL,
119 0x2d77b499ee7502c3ULL, 0xbcd9ca76af895013ULL, 0x9cb94ad66f942df3ULL,
120 0x6abeb5df6177c90bULL, 0x40c01d5d9d3afaddULL, 0xcf4c1bd498367a57ULL,
121 0xa2fbb210eb798249ULL, 0x809d3aba2774e9a7ULL, 0x4fd1216ebf4293f0ULL,
122 0x1f217c6342f8d95dULL, 0xca430fc5861e5d4cULL, 0xaae39238db39da71ULL,
123 0x42c61557912aecd3ULL
124};
125
126static const u64 T1[256] = {
127 0xd3ba68d2b9bb016aULL, 0xfc54194d9ae5b166ULL, 0x712f93bc65e2cd14ULL,
128 0x9c74b9cd8725511bULL, 0xf5530251a2f7a457ULL, 0x68d3b86bd6d003beULL,
129 0x6bd2bd6fded604b5ULL, 0xd74d642952b3fe85ULL, 0xf0500d5dbafdad4aULL,
130 0xe9ac268a09cf63e0ULL, 0x8a8d830e1c098496ULL, 0xdcbf79c691a51a4dULL,
131 0x9070addda73d4d37ULL, 0xf6520755aaf1a35cULL, 0xb39ac852a47be117ULL,
132 0xd44c612d5ab5f98eULL, 0x23ea658f0346ac20ULL, 0x62d5a673e6c41184ULL,
133 0xa497f166cc55c268ULL, 0x6ed1b263c6dc0da8ULL, 0x5533ffcc85aa99d0ULL,
134 0xf3510859b2fbaa41ULL, 0xed5b2a71e2c79c0fULL, 0xf7a604a259f355aeULL,
135 0x7fde815fbefe20c1ULL, 0xd848753d7aade5a2ULL, 0xe5a8329a29d77fccULL,
136 0xb699c75ebc71e80aULL, 0x70db904b96e03be6ULL, 0x5632fac88dac9edbULL,
137 0xc4b751e6d1952215ULL, 0x19fc2bd7b332ceaaULL, 0x38e348ab4b709373ULL,
138 0xbf9edc428463fd3bULL, 0xae91ef7efc41d052ULL, 0xb09bcd56ac7de61cULL,
139 0x3be24daf43769478ULL, 0xd0bb6dd6b1bd0661ULL, 0xc3415819329bdaf1ULL,
140 0xb26ecba5577917e5ULL, 0xf2a50bae41f95cb3ULL, 0x40cbc00b16804b56ULL,
141 0xbd6bdab17f670cc2ULL, 0xa295fb6edc59cc7eULL, 0xfea11fbe61e1409fULL,
142 0x08f318ebcb10e3c3ULL, 0xceb14ffee181302fULL, 0x06020a08100c0e16ULL,
143 0x49ccdb172e925e67ULL, 0x51c4f3376ea2663fULL, 0x271d6974e84e53cfULL,
144 0x3c144450a0786c9cULL, 0x58c3e82b56b0730eULL, 0xa563f2913f57349aULL,
145 0x73da954f9ee63cedULL, 0xe75d3469d2d38e35ULL, 0xe15f3e61c2df8023ULL,
146 0x79dc8b57aef22ed7ULL, 0x877d94e9cf136e48ULL, 0x4acdde132694596cULL,
147 0x817f9ee1df1f605eULL, 0xee5a2f75eac19b04ULL, 0xb46cc1ad477519f3ULL,
148 0xe45c316ddad5893eULL, 0x04f70cfbeb08ffefULL, 0x6a26be982dd4f247ULL,
149 0x1cff24dbab38c7b7ULL, 0x2aed7e933b54b911ULL, 0x25e86f87134aa236ULL,
150 0xba9dd34e9c69f426ULL, 0xb16fcea15f7f10eeULL, 0x8f8e8c0204038d8bULL,
151 0x2b197d64c8564fe3ULL, 0xfda01aba69e74794ULL, 0x0df017e7d31aeadeULL,
152 0x8689971e3c1198baULL, 0x110f333c78222d69ULL, 0x09071b1c38121531ULL,
153 0xecaf298611c56afdULL, 0x10fb30cb8b20db9bULL, 0x1808282040303858ULL,
154 0x3f154154a87e6b97ULL, 0x170d3934682e237fULL, 0x0c04141020181c2cULL,
155 0x030105040806070bULL, 0xac64e98d074521abULL, 0x7cdf845bb6f827caULL,
156 0x9a76b3c597295f0dULL, 0x8b7980f9ef0b7264ULL, 0x7add8e53a6f429dcULL,
157 0x473dc9f4f58eb3b2ULL, 0x3a164e58b074628aULL, 0x413fc3fce582bda4ULL,
158 0x5937ebdca5b285fcULL, 0xb76dc4a94f731ef8ULL, 0x4838d8e0dd90a895ULL,
159 0xd6b967dea1b10877ULL, 0x9573a2d1bf37442aULL, 0x26e96a831b4ca53dULL,
160 0x5f35e1d4b5be8beaULL, 0xff551c4992e3b66dULL, 0x9371a8d9af3b4a3cULL,
161 0x8d7b8af1ff077c72ULL, 0x898c860a140f839dULL, 0x9672a7d5b7314321ULL,
162 0x8588921a34179fb1ULL, 0x07f609ffe30ef8e4ULL, 0x7e2a82a84dfcd633ULL,
163 0x423ec6f8ed84baafULL, 0xe25e3b65cad98728ULL, 0x6927bb9c25d2f54cULL,
164 0xca4643050a89cfc0ULL, 0x140c3c3060282474ULL, 0xaf65ec890f4326a0ULL,
165 0xb868d5bd676d05dfULL, 0xa361f8992f5b3a8cULL, 0x05030f0c180a091dULL,
166 0x5ec1e22346bc7d18ULL, 0xf957164182efb87bULL, 0x67d6a97ffece1899ULL,
167 0x76d99a4386ec35f0ULL, 0xe858257dfacd9512ULL, 0x75d89f478eea32fbULL,
168 0xaa66e38517492fbdULL, 0x64d7ac7bf6c81f92ULL, 0x4e3ad2e8cd9ca683ULL,
169 0x45c8cf070e8a424bULL, 0x443cccf0fd88b4b9ULL, 0x13fa35cf8326dc90ULL,
170 0xa796f462c453c563ULL, 0xf4a701a651f552a5ULL, 0xb598c25ab477ef01ULL,
171 0x29ec7b973352be1aULL, 0xd5b862daa9b70f7cULL, 0x54c7fc3b76a86f22ULL,
172 0xefae2c8219c36df6ULL, 0xbb69d0b96f6b02d4ULL, 0xdd4b7a3162a7ecbfULL,
173 0xe0ab3d9631dd76d1ULL, 0xe6a9379e21d178c7ULL, 0xa967e6811f4f28b6ULL,
174 0x1e0a2228503c364eULL, 0xc9474601028fc8cbULL, 0x0bf21defc316e4c8ULL,
175 0xc2b55beec1992c03ULL, 0x6622aa880dccee6bULL, 0x32e556b37b648149ULL,
176 0x2fee719f235eb00cULL, 0xdfbe7cc299a31d46ULL, 0x7d2b87ac45fad138ULL,
177 0x9e81bf3e7c21a0e2ULL, 0x36125a48906c7ea6ULL, 0x9883b5366c2daef4ULL,
178 0x2d1b776cd85a41f5ULL, 0x120e363870242a62ULL, 0x6523af8c05cae960ULL,
179 0x02f506f3fb04f1f9ULL, 0xcf454c091283c6ddULL, 0x6321a58415c6e776ULL,
180 0x4fced11f3e9e5071ULL, 0xdb49703972abe2a9ULL, 0x742c9cb07de8c409ULL,
181 0x16f93ac39b2cd58dULL, 0x37e659bf636e8854ULL, 0xc7b654e2d993251eULL,
182 0x782888a05df0d825ULL, 0x39174b5cb8726581ULL, 0x9b82b032642ba9ffULL,
183 0x2e1a7268d05c46feULL, 0x808b9d162c1d96acULL, 0x1ffe21dfa33ec0bcULL,
184 0x838a9812241b91a7ULL, 0x1b092d2448363f53ULL, 0x46c9ca03068c4540ULL,
185 0x9487a1264c35b2d8ULL, 0xd24e6b254ab9f798ULL, 0x3ee142a35b7c9d65ULL,
186 0x722e96b86de4ca1fULL, 0x31e453b773628642ULL, 0x3de047a7537a9a6eULL,
187 0x20eb608b0b40ab2bULL, 0xad90ea7af447d759ULL, 0xf1a40eaa49ff5bb8ULL,
188 0x221e6678f0445ad2ULL, 0x9285ab2e5c39bcceULL, 0xa060fd9d275d3d87ULL,
189 0x0000000000000000ULL, 0x6f25b19435defb5aULL, 0x01f403f7f302f6f2ULL,
190 0x0ef112e3db1cedd5ULL, 0xa194fe6ad45fcb75ULL, 0x1d0b272c583a3145ULL,
191 0x34e75cbb6b688f5fULL, 0x9f75bcc98f235610ULL, 0x2cef749b2b58b707ULL,
192 0x5c34e4d0bdb88ce1ULL, 0x5331f5c495a697c6ULL, 0x61d4a377eec2168fULL,
193 0x6dd0b767ceda0aa3ULL, 0x9786a4224433b5d3ULL, 0x827e9be5d7196755ULL,
194 0xeaad238e01c964ebULL, 0x1afd2ed3bb34c9a1ULL, 0x7b298da455f6df2eULL,
195 0x5030f0c09da090cdULL, 0x4d3bd7ecc59aa188ULL, 0xbc9fd9468c65fa30ULL,
196 0x15f83fc7932ad286ULL, 0x57c6f93f7eae6829ULL, 0x35135f4c986a79adULL,
197 0x0a061e183014123aULL, 0x0f051114281e1b27ULL, 0x52c5f63366a46134ULL,
198 0x33115544886677bbULL, 0x9977b6c19f2f5806ULL, 0x847c91edc7156943ULL,
199 0x8e7a8ff5f7017b79ULL, 0x887885fde70d756fULL, 0x5a36eed8adb482f7ULL,
200 0x241c6c70e04854c4ULL, 0x4b39dde4d596af9eULL, 0xeb592079f2cb9219ULL,
201 0x28187860c05048e8ULL, 0xfa5613458ae9bf70ULL, 0xc8b345f6f18d3e39ULL,
202 0xcdb04afae9873724ULL, 0x6c24b4903dd8fc51ULL, 0x6020a0801dc0e07dULL,
203 0xcbb240f2f98b3932ULL, 0xab92e072e44bd94fULL, 0xf8a315b671ed4e89ULL,
204 0x5dc0e7274eba7a13ULL, 0xcc44490d1a85c1d6ULL, 0xa662f79537513391ULL,
205 0x30105040806070b0ULL, 0xc1b45eeac99f2b08ULL, 0x9184ae2a543fbbc5ULL,
206 0xc54352112297d4e7ULL, 0xa893e576ec4dde44ULL, 0x5bc2ed2f5eb67405ULL,
207 0xde4a7f356aa1ebb4ULL, 0xdabd73ce81a9145bULL, 0x8c8f89060c058a80ULL,
208 0x772d99b475eec302ULL, 0xd9bc76ca89af1350ULL, 0xb99cd64a946ff32dULL,
209 0xbe6adfb577610bc9ULL, 0xc0405d1d3a9dddfaULL, 0x4ccfd41b3698577aULL,
210 0xfba210b279eb4982ULL, 0x9d80ba3a7427a7e9ULL, 0xd14f6e2142bff093ULL,
211 0x211f637cf8425dd9ULL, 0x43cac50f1e864c5dULL, 0xe3aa389239db71daULL,
212 0xc64257152a91d3ecULL
213};
214
215static const u64 T2[256] = {
216 0xd268bad36a01bbb9ULL, 0x4d1954fc66b1e59aULL, 0xbc932f7114cde265ULL,
217 0xcdb9749c1b512587ULL, 0x510253f557a4f7a2ULL, 0x6bb8d368be03d0d6ULL,
218 0x6fbdd26bb504d6deULL, 0x29644dd785feb352ULL, 0x5d0d50f04aadfdbaULL,
219 0x8a26ace9e063cf09ULL, 0x0e838d8a9684091cULL, 0xc679bfdc4d1aa591ULL,
220 0xddad7090374d3da7ULL, 0x550752f65ca3f1aaULL, 0x52c89ab317e17ba4ULL,
221 0x2d614cd48ef9b55aULL, 0x8f65ea2320ac4603ULL, 0x73a6d5628411c4e6ULL,
222 0x66f197a468c255ccULL, 0x63b2d16ea80ddcc6ULL, 0xccff3355d099aa85ULL,
223 0x590851f341aafbb2ULL, 0x712a5bed0f9cc7e2ULL, 0xa204a6f7ae55f359ULL,
224 0x5f81de7fc120febeULL, 0x3d7548d8a2e5ad7aULL, 0x9a32a8e5cc7fd729ULL,
225 0x5ec799b60ae871bcULL, 0x4b90db70e63be096ULL, 0xc8fa3256db9eac8dULL,
226 0xe651b7c4152295d1ULL, 0xd72bfc19aace32b3ULL, 0xab48e3387393704bULL,
227 0x42dc9ebf3bfd6384ULL, 0x7eef91ae52d041fcULL, 0x56cd9bb01ce67dacULL,
228 0xaf4de23b78947643ULL, 0xd66dbbd06106bdb1ULL, 0x195841c3f1da9b32ULL,
229 0xa5cb6eb2e5177957ULL, 0xae0ba5f2b35cf941ULL, 0x0bc0cb40564b8016ULL,
230 0xb1da6bbdc20c677fULL, 0x6efb95a27ecc59dcULL, 0xbe1fa1fe9f40e161ULL,
231 0xeb18f308c3e310cbULL, 0xfe4fb1ce2f3081e1ULL, 0x080a0206160e0c10ULL,
232 0x17dbcc49675e922eULL, 0x37f3c4513f66a26eULL, 0x74691d27cf534ee8ULL,
233 0x5044143c9c6c78a0ULL, 0x2be8c3580e73b056ULL, 0x91f263a59a34573fULL,
234 0x4f95da73ed3ce69eULL, 0x69345de7358ed3d2ULL, 0x613e5fe12380dfc2ULL,
235 0x578bdc79d72ef2aeULL, 0xe9947d87486e13cfULL, 0x13decd4a6c599426ULL,
236 0xe19e7f815e601fdfULL, 0x752f5aee049bc1eaULL, 0xadc16cb4f3197547ULL,
237 0x6d315ce43e89d5daULL, 0xfb0cf704efff08ebULL, 0x98be266a47f2d42dULL,
238 0xdb24ff1cb7c738abULL, 0x937eed2a11b9543bULL, 0x876fe82536a24a13ULL,
239 0x4ed39dba26f4699cULL, 0xa1ce6fb1ee107f5fULL, 0x028c8e8f8b8d0304ULL,
240 0x647d192be34f56c8ULL, 0xba1aa0fd9447e769ULL, 0xe717f00ddeea1ad3ULL,
241 0x1e978986ba98113cULL, 0x3c330f11692d2278ULL, 0x1c1b070931151238ULL,
242 0x8629afecfd6ac511ULL, 0xcb30fb109bdb208bULL, 0x2028081858383040ULL,
243 0x5441153f976b7ea8ULL, 0x34390d177f232e68ULL, 0x1014040c2c1c1820ULL,
244 0x040501030b070608ULL, 0x8de964acab214507ULL, 0x5b84df7cca27f8b6ULL,
245 0xc5b3769a0d5f2997ULL, 0xf980798b64720befULL, 0x538edd7adc29f4a6ULL,
246 0xf4c93d47b2b38ef5ULL, 0x584e163a8a6274b0ULL, 0xfcc33f41a4bd82e5ULL,
247 0xdceb3759fc85b2a5ULL, 0xa9c46db7f81e734fULL, 0xe0d8384895a890ddULL,
248 0xde67b9d67708b1a1ULL, 0xd1a273952a4437bfULL, 0x836ae9263da54c1bULL,
249 0xd4e1355fea8bbeb5ULL, 0x491c55ff6db6e392ULL, 0xd9a871933c4a3bafULL,
250 0xf18a7b8d727c07ffULL, 0x0a868c899d830f14ULL, 0xd5a77296214331b7ULL,
251 0x1a928885b19f1734ULL, 0xff09f607e4f80ee3ULL, 0xa8822a7e33d6fc4dULL,
252 0xf8c63e42afba84edULL, 0x653b5ee22887d9caULL, 0x9cbb27694cf5d225ULL,
253 0x054346cac0cf890aULL, 0x303c0c1474242860ULL, 0x89ec65afa026430fULL,
254 0xbdd568b8df056d67ULL, 0x99f861a38c3a5b2fULL, 0x0c0f03051d090a18ULL,
255 0x23e2c15e187dbc46ULL, 0x411657f97bb8ef82ULL, 0x7fa9d6679918cefeULL,
256 0x439ad976f035ec86ULL, 0x7d2558e81295cdfaULL, 0x479fd875fb32ea8eULL,
257 0x85e366aabd2f4917ULL, 0x7bacd764921fc8f6ULL, 0xe8d23a4e83a69ccdULL,
258 0x07cfc8454b428a0eULL, 0xf0cc3c44b9b488fdULL, 0xcf35fa1390dc2683ULL,
259 0x62f496a763c553c4ULL, 0xa601a7f4a552f551ULL, 0x5ac298b501ef77b4ULL,
260 0x977bec291abe5233ULL, 0xda62b8d57c0fb7a9ULL, 0x3bfcc754226fa876ULL,
261 0x822caeeff66dc319ULL, 0xb9d069bbd4026b6fULL, 0x317a4bddbfeca762ULL,
262 0x963dabe0d176dd31ULL, 0x9e37a9e6c778d121ULL, 0x81e667a9b6284f1fULL,
263 0x28220a1e4e363c50ULL, 0x014647c9cbc88f02ULL, 0xef1df20bc8e416c3ULL,
264 0xee5bb5c2032c99c1ULL, 0x88aa22666beecc0dULL, 0xb356e5324981647bULL,
265 0x9f71ee2f0cb05e23ULL, 0xc27cbedf461da399ULL, 0xac872b7d38d1fa45ULL,
266 0x3ebf819ee2a0217cULL, 0x485a1236a67e6c90ULL, 0x36b58398f4ae2d6cULL,
267 0x6c771b2df5415ad8ULL, 0x38360e12622a2470ULL, 0x8caf236560e9ca05ULL,
268 0xf306f502f9f104fbULL, 0x094c45cfddc68312ULL, 0x84a5216376e7c615ULL,
269 0x1fd1ce4f71509e3eULL, 0x397049dba9e2ab72ULL, 0xb09c2c7409c4e87dULL,
270 0xc33af9168dd52c9bULL, 0xbf59e63754886e63ULL, 0xe254b6c71e2593d9ULL,
271 0xa088287825d8f05dULL, 0x5c4b1739816572b8ULL, 0x32b0829bffa92b64ULL,
272 0x68721a2efe465cd0ULL, 0x169d8b80ac961d2cULL, 0xdf21fe1fbcc03ea3ULL,
273 0x12988a83a7911b24ULL, 0x242d091b533f3648ULL, 0x03cac94640458c06ULL,
274 0x26a18794d8b2354cULL, 0x256b4ed298f7b94aULL, 0xa342e13e659d7c5bULL,
275 0xb8962e721fcae46dULL, 0xb753e43142866273ULL, 0xa747e03d6e9a7a53ULL,
276 0x8b60eb202bab400bULL, 0x7aea90ad59d747f4ULL, 0xaa0ea4f1b85bff49ULL,
277 0x78661e22d25a44f0ULL, 0x2eab8592cebc395cULL, 0x9dfd60a0873d5d27ULL,
278 0x0000000000000000ULL, 0x94b1256f5afbde35ULL, 0xf703f401f2f602f3ULL,
279 0xe312f10ed5ed1cdbULL, 0x6afe94a175cb5fd4ULL, 0x2c270b1d45313a58ULL,
280 0xbb5ce7345f8f686bULL, 0xc9bc759f1056238fULL, 0x9b74ef2c07b7582bULL,
281 0xd0e4345ce18cb8bdULL, 0xc4f53153c697a695ULL, 0x77a3d4618f16c2eeULL,
282 0x67b7d06da30adaceULL, 0x22a48697d3b53344ULL, 0xe59b7e82556719d7ULL,
283 0x8e23adeaeb64c901ULL, 0xd32efd1aa1c934bbULL, 0xa48d297b2edff655ULL,
284 0xc0f03050cd90a09dULL, 0xecd73b4d88a19ac5ULL, 0x46d99fbc30fa658cULL,
285 0xc73ff81586d22a93ULL, 0x3ff9c6572968ae7eULL, 0x4c5f1335ad796a98ULL,
286 0x181e060a3a121430ULL, 0x1411050f271b1e28ULL, 0x33f6c5523461a466ULL,
287 0x44551133bb776688ULL, 0xc1b6779906582f9fULL, 0xed917c84436915c7ULL,
288 0xf58f7a8e797b01f7ULL, 0xfd8578886f750de7ULL, 0xd8ee365af782b4adULL,
289 0x706c1c24c45448e0ULL, 0xe4dd394b9eaf96d5ULL, 0x792059eb1992cbf2ULL,
290 0x60781828e84850c0ULL, 0x451356fa70bfe98aULL, 0xf645b3c8393e8df1ULL,
291 0xfa4ab0cd243787e9ULL, 0x90b4246c51fcd83dULL, 0x80a020607de0c01dULL,
292 0xf240b2cb32398bf9ULL, 0x72e092ab4fd94be4ULL, 0xb615a3f8894eed71ULL,
293 0x27e7c05d137aba4eULL, 0x0d4944ccd6c1851aULL, 0x95f762a691335137ULL,
294 0x40501030b0706080ULL, 0xea5eb4c1082b9fc9ULL, 0x2aae8491c5bb3f54ULL,
295 0x115243c5e7d49722ULL, 0x76e593a844de4decULL, 0x2fedc25b0574b65eULL,
296 0x357f4adeb4eba16aULL, 0xce73bdda5b14a981ULL, 0x06898f8c808a050cULL,
297 0xb4992d7702c3ee75ULL, 0xca76bcd95013af89ULL, 0x4ad69cb92df36f94ULL,
298 0xb5df6abec90b6177ULL, 0x1d5d40c0fadd9d3aULL, 0x1bd4cf4c7a579836ULL,
299 0xb210a2fb8249eb79ULL, 0x3aba809de9a72774ULL, 0x216e4fd193f0bf42ULL,
300 0x7c631f21d95d42f8ULL, 0x0fc5ca435d4c861eULL, 0x9238aae3da71db39ULL,
301 0x155742c6ecd3912aULL
302};
303
304static const u64 T3[256] = {
305 0x68d2d3ba016ab9bbULL, 0x194dfc54b1669ae5ULL, 0x93bc712fcd1465e2ULL,
306 0xb9cd9c74511b8725ULL, 0x0251f553a457a2f7ULL, 0xb86b68d303bed6d0ULL,
307 0xbd6f6bd204b5ded6ULL, 0x6429d74dfe8552b3ULL, 0x0d5df050ad4abafdULL,
308 0x268ae9ac63e009cfULL, 0x830e8a8d84961c09ULL, 0x79c6dcbf1a4d91a5ULL,
309 0xaddd90704d37a73dULL, 0x0755f652a35caaf1ULL, 0xc852b39ae117a47bULL,
310 0x612dd44cf98e5ab5ULL, 0x658f23eaac200346ULL, 0xa67362d51184e6c4ULL,
311 0xf166a497c268cc55ULL, 0xb2636ed10da8c6dcULL, 0xffcc553399d085aaULL,
312 0x0859f351aa41b2fbULL, 0x2a71ed5b9c0fe2c7ULL, 0x04a2f7a655ae59f3ULL,
313 0x815f7fde20c1befeULL, 0x753dd848e5a27aadULL, 0x329ae5a87fcc29d7ULL,
314 0xc75eb699e80abc71ULL, 0x904b70db3be696e0ULL, 0xfac856329edb8dacULL,
315 0x51e6c4b72215d195ULL, 0x2bd719fcceaab332ULL, 0x48ab38e393734b70ULL,
316 0xdc42bf9efd3b8463ULL, 0xef7eae91d052fc41ULL, 0xcd56b09be61cac7dULL,
317 0x4daf3be294784376ULL, 0x6dd6d0bb0661b1bdULL, 0x5819c341daf1329bULL,
318 0xcba5b26e17e55779ULL, 0x0baef2a55cb341f9ULL, 0xc00b40cb4b561680ULL,
319 0xdab1bd6b0cc27f67ULL, 0xfb6ea295cc7edc59ULL, 0x1fbefea1409f61e1ULL,
320 0x18eb08f3e3c3cb10ULL, 0x4ffeceb1302fe181ULL, 0x0a0806020e16100cULL,
321 0xdb1749cc5e672e92ULL, 0xf33751c4663f6ea2ULL, 0x6974271d53cfe84eULL,
322 0x44503c146c9ca078ULL, 0xe82b58c3730e56b0ULL, 0xf291a563349a3f57ULL,
323 0x954f73da3ced9ee6ULL, 0x3469e75d8e35d2d3ULL, 0x3e61e15f8023c2dfULL,
324 0x8b5779dc2ed7aef2ULL, 0x94e9877d6e48cf13ULL, 0xde134acd596c2694ULL,
325 0x9ee1817f605edf1fULL, 0x2f75ee5a9b04eac1ULL, 0xc1adb46c19f34775ULL,
326 0x316de45c893edad5ULL, 0x0cfb04f7ffefeb08ULL, 0xbe986a26f2472dd4ULL,
327 0x24db1cffc7b7ab38ULL, 0x7e932aedb9113b54ULL, 0x6f8725e8a236134aULL,
328 0xd34eba9df4269c69ULL, 0xcea1b16f10ee5f7fULL, 0x8c028f8e8d8b0403ULL,
329 0x7d642b194fe3c856ULL, 0x1abafda0479469e7ULL, 0x17e70df0eaded31aULL,
330 0x971e868998ba3c11ULL, 0x333c110f2d697822ULL, 0x1b1c090715313812ULL,
331 0x2986ecaf6afd11c5ULL, 0x30cb10fbdb9b8b20ULL, 0x2820180838584030ULL,
332 0x41543f156b97a87eULL, 0x3934170d237f682eULL, 0x14100c041c2c2018ULL,
333 0x05040301070b0806ULL, 0xe98dac6421ab0745ULL, 0x845b7cdf27cab6f8ULL,
334 0xb3c59a765f0d9729ULL, 0x80f98b797264ef0bULL, 0x8e537add29dca6f4ULL,
335 0xc9f4473db3b2f58eULL, 0x4e583a16628ab074ULL, 0xc3fc413fbda4e582ULL,
336 0xebdc593785fca5b2ULL, 0xc4a9b76d1ef84f73ULL, 0xd8e04838a895dd90ULL,
337 0x67ded6b90877a1b1ULL, 0xa2d19573442abf37ULL, 0x6a8326e9a53d1b4cULL,
338 0xe1d45f358beab5beULL, 0x1c49ff55b66d92e3ULL, 0xa8d993714a3caf3bULL,
339 0x8af18d7b7c72ff07ULL, 0x860a898c839d140fULL, 0xa7d596724321b731ULL,
340 0x921a85889fb13417ULL, 0x09ff07f6f8e4e30eULL, 0x82a87e2ad6334dfcULL,
341 0xc6f8423ebaafed84ULL, 0x3b65e25e8728cad9ULL, 0xbb9c6927f54c25d2ULL,
342 0x4305ca46cfc00a89ULL, 0x3c30140c24746028ULL, 0xec89af6526a00f43ULL,
343 0xd5bdb86805df676dULL, 0xf899a3613a8c2f5bULL, 0x0f0c0503091d180aULL,
344 0xe2235ec17d1846bcULL, 0x1641f957b87b82efULL, 0xa97f67d61899feceULL,
345 0x9a4376d935f086ecULL, 0x257de8589512facdULL, 0x9f4775d832fb8eeaULL,
346 0xe385aa662fbd1749ULL, 0xac7b64d71f92f6c8ULL, 0xd2e84e3aa683cd9cULL,
347 0xcf0745c8424b0e8aULL, 0xccf0443cb4b9fd88ULL, 0x35cf13fadc908326ULL,
348 0xf462a796c563c453ULL, 0x01a6f4a752a551f5ULL, 0xc25ab598ef01b477ULL,
349 0x7b9729ecbe1a3352ULL, 0x62dad5b80f7ca9b7ULL, 0xfc3b54c76f2276a8ULL,
350 0x2c82efae6df619c3ULL, 0xd0b9bb6902d46f6bULL, 0x7a31dd4becbf62a7ULL,
351 0x3d96e0ab76d131ddULL, 0x379ee6a978c721d1ULL, 0xe681a96728b61f4fULL,
352 0x22281e0a364e503cULL, 0x4601c947c8cb028fULL, 0x1def0bf2e4c8c316ULL,
353 0x5beec2b52c03c199ULL, 0xaa886622ee6b0dccULL, 0x56b332e581497b64ULL,
354 0x719f2feeb00c235eULL, 0x7cc2dfbe1d4699a3ULL, 0x87ac7d2bd13845faULL,
355 0xbf3e9e81a0e27c21ULL, 0x5a4836127ea6906cULL, 0xb5369883aef46c2dULL,
356 0x776c2d1b41f5d85aULL, 0x3638120e2a627024ULL, 0xaf8c6523e96005caULL,
357 0x06f302f5f1f9fb04ULL, 0x4c09cf45c6dd1283ULL, 0xa5846321e77615c6ULL,
358 0xd11f4fce50713e9eULL, 0x7039db49e2a972abULL, 0x9cb0742cc4097de8ULL,
359 0x3ac316f9d58d9b2cULL, 0x59bf37e68854636eULL, 0x54e2c7b6251ed993ULL,
360 0x88a07828d8255df0ULL, 0x4b5c39176581b872ULL, 0xb0329b82a9ff642bULL,
361 0x72682e1a46fed05cULL, 0x9d16808b96ac2c1dULL, 0x21df1ffec0bca33eULL,
362 0x9812838a91a7241bULL, 0x2d241b093f534836ULL, 0xca0346c94540068cULL,
363 0xa1269487b2d84c35ULL, 0x6b25d24ef7984ab9ULL, 0x42a33ee19d655b7cULL,
364 0x96b8722eca1f6de4ULL, 0x53b731e486427362ULL, 0x47a73de09a6e537aULL,
365 0x608b20ebab2b0b40ULL, 0xea7aad90d759f447ULL, 0x0eaaf1a45bb849ffULL,
366 0x6678221e5ad2f044ULL, 0xab2e9285bcce5c39ULL, 0xfd9da0603d87275dULL,
367 0x0000000000000000ULL, 0xb1946f25fb5a35deULL, 0x03f701f4f6f2f302ULL,
368 0x12e30ef1edd5db1cULL, 0xfe6aa194cb75d45fULL, 0x272c1d0b3145583aULL,
369 0x5cbb34e78f5f6b68ULL, 0xbcc99f7556108f23ULL, 0x749b2cefb7072b58ULL,
370 0xe4d05c348ce1bdb8ULL, 0xf5c4533197c695a6ULL, 0xa37761d4168feec2ULL,
371 0xb7676dd00aa3cedaULL, 0xa4229786b5d34433ULL, 0x9be5827e6755d719ULL,
372 0x238eeaad64eb01c9ULL, 0x2ed31afdc9a1bb34ULL, 0x8da47b29df2e55f6ULL,
373 0xf0c0503090cd9da0ULL, 0xd7ec4d3ba188c59aULL, 0xd946bc9ffa308c65ULL,
374 0x3fc715f8d286932aULL, 0xf93f57c668297eaeULL, 0x5f4c351379ad986aULL,
375 0x1e180a06123a3014ULL, 0x11140f051b27281eULL, 0xf63352c5613466a4ULL,
376 0x5544331177bb8866ULL, 0xb6c1997758069f2fULL, 0x91ed847c6943c715ULL,
377 0x8ff58e7a7b79f701ULL, 0x85fd8878756fe70dULL, 0xeed85a3682f7adb4ULL,
378 0x6c70241c54c4e048ULL, 0xdde44b39af9ed596ULL, 0x2079eb599219f2cbULL,
379 0x7860281848e8c050ULL, 0x1345fa56bf708ae9ULL, 0x45f6c8b33e39f18dULL,
380 0x4afacdb03724e987ULL, 0xb4906c24fc513dd8ULL, 0xa0806020e07d1dc0ULL,
381 0x40f2cbb23932f98bULL, 0xe072ab92d94fe44bULL, 0x15b6f8a34e8971edULL,
382 0xe7275dc07a134ebaULL, 0x490dcc44c1d61a85ULL, 0xf795a66233913751ULL,
383 0x5040301070b08060ULL, 0x5eeac1b42b08c99fULL, 0xae2a9184bbc5543fULL,
384 0x5211c543d4e72297ULL, 0xe576a893de44ec4dULL, 0xed2f5bc274055eb6ULL,
385 0x7f35de4aebb46aa1ULL, 0x73cedabd145b81a9ULL, 0x89068c8f8a800c05ULL,
386 0x99b4772dc30275eeULL, 0x76cad9bc135089afULL, 0xd64ab99cf32d946fULL,
387 0xdfb5be6a0bc97761ULL, 0x5d1dc040ddfa3a9dULL, 0xd41b4ccf577a3698ULL,
388 0x10b2fba2498279ebULL, 0xba3a9d80a7e97427ULL, 0x6e21d14ff09342bfULL,
389 0x637c211f5dd9f842ULL, 0xc50f43ca4c5d1e86ULL, 0x3892e3aa71da39dbULL,
390 0x5715c642d3ec2a91ULL
391};
392
393static const u64 T4[256] = {
394 0xbbb96a01bad3d268ULL, 0xe59a66b154fc4d19ULL, 0xe26514cd2f71bc93ULL,
395 0x25871b51749ccdb9ULL, 0xf7a257a453f55102ULL, 0xd0d6be03d3686bb8ULL,
396 0xd6deb504d26b6fbdULL, 0xb35285fe4dd72964ULL, 0xfdba4aad50f05d0dULL,
397 0xcf09e063ace98a26ULL, 0x091c96848d8a0e83ULL, 0xa5914d1abfdcc679ULL,
398 0x3da7374d7090ddadULL, 0xf1aa5ca352f65507ULL, 0x7ba417e19ab352c8ULL,
399 0xb55a8ef94cd42d61ULL, 0x460320acea238f65ULL, 0xc4e68411d56273a6ULL,
400 0x55cc68c297a466f1ULL, 0xdcc6a80dd16e63b2ULL, 0xaa85d0993355ccffULL,
401 0xfbb241aa51f35908ULL, 0xc7e20f9c5bed712aULL, 0xf359ae55a6f7a204ULL,
402 0xfebec120de7f5f81ULL, 0xad7aa2e548d83d75ULL, 0xd729cc7fa8e59a32ULL,
403 0x71bc0ae899b65ec7ULL, 0xe096e63bdb704b90ULL, 0xac8ddb9e3256c8faULL,
404 0x95d11522b7c4e651ULL, 0x32b3aacefc19d72bULL, 0x704b7393e338ab48ULL,
405 0x63843bfd9ebf42dcULL, 0x41fc52d091ae7eefULL, 0x7dac1ce69bb056cdULL,
406 0x76437894e23baf4dULL, 0xbdb16106bbd0d66dULL, 0x9b32f1da41c31958ULL,
407 0x7957e5176eb2a5cbULL, 0xf941b35ca5f2ae0bULL, 0x8016564bcb400bc0ULL,
408 0x677fc20c6bbdb1daULL, 0x59dc7ecc95a26efbULL, 0xe1619f40a1febe1fULL,
409 0x10cbc3e3f308eb18ULL, 0x81e12f30b1cefe4fULL, 0x0c10160e0206080aULL,
410 0x922e675ecc4917dbULL, 0xa26e3f66c45137f3ULL, 0x4ee8cf531d277469ULL,
411 0x78a09c6c143c5044ULL, 0xb0560e73c3582be8ULL, 0x573f9a3463a591f2ULL,
412 0xe69eed3cda734f95ULL, 0xd3d2358e5de76934ULL, 0xdfc223805fe1613eULL,
413 0xf2aed72edc79578bULL, 0x13cf486e7d87e994ULL, 0x94266c59cd4a13deULL,
414 0x1fdf5e607f81e19eULL, 0xc1ea049b5aee752fULL, 0x7547f3196cb4adc1ULL,
415 0xd5da3e895ce46d31ULL, 0x08ebeffff704fb0cULL, 0xd42d47f2266a98beULL,
416 0x38abb7c7ff1cdb24ULL, 0x543b11b9ed2a937eULL, 0x4a1336a2e825876fULL,
417 0x699c26f49dba4ed3ULL, 0x7f5fee106fb1a1ceULL, 0x03048b8d8e8f028cULL,
418 0x56c8e34f192b647dULL, 0xe7699447a0fdba1aULL, 0x1ad3deeaf00de717ULL,
419 0x113cba9889861e97ULL, 0x2278692d0f113c33ULL, 0x1238311507091c1bULL,
420 0xc511fd6aafec8629ULL, 0x208b9bdbfb10cb30ULL, 0x3040583808182028ULL,
421 0x7ea8976b153f5441ULL, 0x2e687f230d173439ULL, 0x18202c1c040c1014ULL,
422 0x06080b0701030405ULL, 0x4507ab2164ac8de9ULL, 0xf8b6ca27df7c5b84ULL,
423 0x29970d5f769ac5b3ULL, 0x0bef6472798bf980ULL, 0xf4a6dc29dd7a538eULL,
424 0x8ef5b2b33d47f4c9ULL, 0x74b08a62163a584eULL, 0x82e5a4bd3f41fcc3ULL,
425 0xb2a5fc853759dcebULL, 0x734ff81e6db7a9c4ULL, 0x90dd95a83848e0d8ULL,
426 0xb1a17708b9d6de67ULL, 0x37bf2a447395d1a2ULL, 0x4c1b3da5e926836aULL,
427 0xbeb5ea8b355fd4e1ULL, 0xe3926db655ff491cULL, 0x3baf3c4a7193d9a8ULL,
428 0x07ff727c7b8df18aULL, 0x0f149d838c890a86ULL, 0x31b721437296d5a7ULL,
429 0x1734b19f88851a92ULL, 0x0ee3e4f8f607ff09ULL, 0xfc4d33d62a7ea882ULL,
430 0x84edafba3e42f8c6ULL, 0xd9ca28875ee2653bULL, 0xd2254cf527699cbbULL,
431 0x890ac0cf46ca0543ULL, 0x286074240c14303cULL, 0x430fa02665af89ecULL,
432 0x6d67df0568b8bdd5ULL, 0x5b2f8c3a61a399f8ULL, 0x0a181d0903050c0fULL,
433 0xbc46187dc15e23e2ULL, 0xef827bb857f94116ULL, 0xcefe9918d6677fa9ULL,
434 0xec86f035d976439aULL, 0xcdfa129558e87d25ULL, 0xea8efb32d875479fULL,
435 0x4917bd2f66aa85e3ULL, 0xc8f6921fd7647bacULL, 0x9ccd83a63a4ee8d2ULL,
436 0x8a0e4b42c84507cfULL, 0x88fdb9b43c44f0ccULL, 0x268390dcfa13cf35ULL,
437 0x53c463c596a762f4ULL, 0xf551a552a7f4a601ULL, 0x77b401ef98b55ac2ULL,
438 0x52331abeec29977bULL, 0xb7a97c0fb8d5da62ULL, 0xa876226fc7543bfcULL,
439 0xc319f66daeef822cULL, 0x6b6fd40269bbb9d0ULL, 0xa762bfec4bdd317aULL,
440 0xdd31d176abe0963dULL, 0xd121c778a9e69e37ULL, 0x4f1fb62867a981e6ULL,
441 0x3c504e360a1e2822ULL, 0x8f02cbc847c90146ULL, 0x16c3c8e4f20bef1dULL,
442 0x99c1032cb5c2ee5bULL, 0xcc0d6bee226688aaULL, 0x647b4981e532b356ULL,
443 0x5e230cb0ee2f9f71ULL, 0xa399461dbedfc27cULL, 0xfa4538d12b7dac87ULL,
444 0x217ce2a0819e3ebfULL, 0x6c90a67e1236485aULL, 0x2d6cf4ae839836b5ULL,
445 0x5ad8f5411b2d6c77ULL, 0x2470622a0e123836ULL, 0xca0560e923658cafULL,
446 0x04fbf9f1f502f306ULL, 0x8312ddc645cf094cULL, 0xc61576e7216384a5ULL,
447 0x9e3e7150ce4f1fd1ULL, 0xab72a9e249db3970ULL, 0xe87d09c42c74b09cULL,
448 0x2c9b8dd5f916c33aULL, 0x6e635488e637bf59ULL, 0x93d91e25b6c7e254ULL,
449 0xf05d25d82878a088ULL, 0x72b8816517395c4bULL, 0x2b64ffa9829b32b0ULL,
450 0x5cd0fe461a2e6872ULL, 0x1d2cac968b80169dULL, 0x3ea3bcc0fe1fdf21ULL,
451 0x1b24a7918a831298ULL, 0x3648533f091b242dULL, 0x8c064045c94603caULL,
452 0x354cd8b2879426a1ULL, 0xb94a98f74ed2256bULL, 0x7c5b659de13ea342ULL,
453 0xe46d1fca2e72b896ULL, 0x62734286e431b753ULL, 0x7a536e9ae03da747ULL,
454 0x400b2babeb208b60ULL, 0x47f459d790ad7aeaULL, 0xff49b85ba4f1aa0eULL,
455 0x44f0d25a1e227866ULL, 0x395ccebc85922eabULL, 0x5d27873d60a09dfdULL,
456 0x0000000000000000ULL, 0xde355afb256f94b1ULL, 0x02f3f2f6f401f703ULL,
457 0x1cdbd5edf10ee312ULL, 0x5fd475cb94a16afeULL, 0x3a5845310b1d2c27ULL,
458 0x686b5f8fe734bb5cULL, 0x238f1056759fc9bcULL, 0x582b07b7ef2c9b74ULL,
459 0xb8bde18c345cd0e4ULL, 0xa695c6973153c4f5ULL, 0xc2ee8f16d46177a3ULL,
460 0xdacea30ad06d67b7ULL, 0x3344d3b5869722a4ULL, 0x19d755677e82e59bULL,
461 0xc901eb64adea8e23ULL, 0x34bba1c9fd1ad32eULL, 0xf6552edf297ba48dULL,
462 0xa09dcd903050c0f0ULL, 0x9ac588a13b4decd7ULL, 0x658c30fa9fbc46d9ULL,
463 0x2a9386d2f815c73fULL, 0xae7e2968c6573ff9ULL, 0x6a98ad7913354c5fULL,
464 0x14303a12060a181eULL, 0x1e28271b050f1411ULL, 0xa4663461c55233f6ULL,
465 0x6688bb7711334455ULL, 0x2f9f06587799c1b6ULL, 0x15c743697c84ed91ULL,
466 0x01f7797b7a8ef58fULL, 0x0de76f757888fd85ULL, 0xb4adf782365ad8eeULL,
467 0x48e0c4541c24706cULL, 0x96d59eaf394be4ddULL, 0xcbf2199259eb7920ULL,
468 0x50c0e84818286078ULL, 0xe98a70bf56fa4513ULL, 0x8df1393eb3c8f645ULL,
469 0x87e92437b0cdfa4aULL, 0xd83d51fc246c90b4ULL, 0xc01d7de0206080a0ULL,
470 0x8bf93239b2cbf240ULL, 0x4be44fd992ab72e0ULL, 0xed71894ea3f8b615ULL,
471 0xba4e137ac05d27e7ULL, 0x851ad6c144cc0d49ULL, 0x5137913362a695f7ULL,
472 0x6080b07010304050ULL, 0x9fc9082bb4c1ea5eULL, 0x3f54c5bb84912aaeULL,
473 0x9722e7d443c51152ULL, 0x4dec44de93a876e5ULL, 0xb65e0574c25b2fedULL,
474 0xa16ab4eb4ade357fULL, 0xa9815b14bddace73ULL, 0x050c808a8f8c0689ULL,
475 0xee7502c32d77b499ULL, 0xaf895013bcd9ca76ULL, 0x6f942df39cb94ad6ULL,
476 0x6177c90b6abeb5dfULL, 0x9d3afadd40c01d5dULL, 0x98367a57cf4c1bd4ULL,
477 0xeb798249a2fbb210ULL, 0x2774e9a7809d3abaULL, 0xbf4293f04fd1216eULL,
478 0x42f8d95d1f217c63ULL, 0x861e5d4cca430fc5ULL, 0xdb39da71aae39238ULL,
479 0x912aecd342c61557ULL
480};
481
482static const u64 T5[256] = {
483 0xb9bb016ad3ba68d2ULL, 0x9ae5b166fc54194dULL, 0x65e2cd14712f93bcULL,
484 0x8725511b9c74b9cdULL, 0xa2f7a457f5530251ULL, 0xd6d003be68d3b86bULL,
485 0xded604b56bd2bd6fULL, 0x52b3fe85d74d6429ULL, 0xbafdad4af0500d5dULL,
486 0x09cf63e0e9ac268aULL, 0x1c0984968a8d830eULL, 0x91a51a4ddcbf79c6ULL,
487 0xa73d4d379070adddULL, 0xaaf1a35cf6520755ULL, 0xa47be117b39ac852ULL,
488 0x5ab5f98ed44c612dULL, 0x0346ac2023ea658fULL, 0xe6c4118462d5a673ULL,
489 0xcc55c268a497f166ULL, 0xc6dc0da86ed1b263ULL, 0x85aa99d05533ffccULL,
490 0xb2fbaa41f3510859ULL, 0xe2c79c0fed5b2a71ULL, 0x59f355aef7a604a2ULL,
491 0xbefe20c17fde815fULL, 0x7aade5a2d848753dULL, 0x29d77fcce5a8329aULL,
492 0xbc71e80ab699c75eULL, 0x96e03be670db904bULL, 0x8dac9edb5632fac8ULL,
493 0xd1952215c4b751e6ULL, 0xb332ceaa19fc2bd7ULL, 0x4b70937338e348abULL,
494 0x8463fd3bbf9edc42ULL, 0xfc41d052ae91ef7eULL, 0xac7de61cb09bcd56ULL,
495 0x437694783be24dafULL, 0xb1bd0661d0bb6dd6ULL, 0x329bdaf1c3415819ULL,
496 0x577917e5b26ecba5ULL, 0x41f95cb3f2a50baeULL, 0x16804b5640cbc00bULL,
497 0x7f670cc2bd6bdab1ULL, 0xdc59cc7ea295fb6eULL, 0x61e1409ffea11fbeULL,
498 0xcb10e3c308f318ebULL, 0xe181302fceb14ffeULL, 0x100c0e1606020a08ULL,
499 0x2e925e6749ccdb17ULL, 0x6ea2663f51c4f337ULL, 0xe84e53cf271d6974ULL,
500 0xa0786c9c3c144450ULL, 0x56b0730e58c3e82bULL, 0x3f57349aa563f291ULL,
501 0x9ee63ced73da954fULL, 0xd2d38e35e75d3469ULL, 0xc2df8023e15f3e61ULL,
502 0xaef22ed779dc8b57ULL, 0xcf136e48877d94e9ULL, 0x2694596c4acdde13ULL,
503 0xdf1f605e817f9ee1ULL, 0xeac19b04ee5a2f75ULL, 0x477519f3b46cc1adULL,
504 0xdad5893ee45c316dULL, 0xeb08ffef04f70cfbULL, 0x2dd4f2476a26be98ULL,
505 0xab38c7b71cff24dbULL, 0x3b54b9112aed7e93ULL, 0x134aa23625e86f87ULL,
506 0x9c69f426ba9dd34eULL, 0x5f7f10eeb16fcea1ULL, 0x04038d8b8f8e8c02ULL,
507 0xc8564fe32b197d64ULL, 0x69e74794fda01abaULL, 0xd31aeade0df017e7ULL,
508 0x3c1198ba8689971eULL, 0x78222d69110f333cULL, 0x3812153109071b1cULL,
509 0x11c56afdecaf2986ULL, 0x8b20db9b10fb30cbULL, 0x4030385818082820ULL,
510 0xa87e6b973f154154ULL, 0x682e237f170d3934ULL, 0x20181c2c0c041410ULL,
511 0x0806070b03010504ULL, 0x074521abac64e98dULL, 0xb6f827ca7cdf845bULL,
512 0x97295f0d9a76b3c5ULL, 0xef0b72648b7980f9ULL, 0xa6f429dc7add8e53ULL,
513 0xf58eb3b2473dc9f4ULL, 0xb074628a3a164e58ULL, 0xe582bda4413fc3fcULL,
514 0xa5b285fc5937ebdcULL, 0x4f731ef8b76dc4a9ULL, 0xdd90a8954838d8e0ULL,
515 0xa1b10877d6b967deULL, 0xbf37442a9573a2d1ULL, 0x1b4ca53d26e96a83ULL,
516 0xb5be8bea5f35e1d4ULL, 0x92e3b66dff551c49ULL, 0xaf3b4a3c9371a8d9ULL,
517 0xff077c728d7b8af1ULL, 0x140f839d898c860aULL, 0xb73143219672a7d5ULL,
518 0x34179fb18588921aULL, 0xe30ef8e407f609ffULL, 0x4dfcd6337e2a82a8ULL,
519 0xed84baaf423ec6f8ULL, 0xcad98728e25e3b65ULL, 0x25d2f54c6927bb9cULL,
520 0x0a89cfc0ca464305ULL, 0x60282474140c3c30ULL, 0x0f4326a0af65ec89ULL,
521 0x676d05dfb868d5bdULL, 0x2f5b3a8ca361f899ULL, 0x180a091d05030f0cULL,
522 0x46bc7d185ec1e223ULL, 0x82efb87bf9571641ULL, 0xfece189967d6a97fULL,
523 0x86ec35f076d99a43ULL, 0xfacd9512e858257dULL, 0x8eea32fb75d89f47ULL,
524 0x17492fbdaa66e385ULL, 0xf6c81f9264d7ac7bULL, 0xcd9ca6834e3ad2e8ULL,
525 0x0e8a424b45c8cf07ULL, 0xfd88b4b9443cccf0ULL, 0x8326dc9013fa35cfULL,
526 0xc453c563a796f462ULL, 0x51f552a5f4a701a6ULL, 0xb477ef01b598c25aULL,
527 0x3352be1a29ec7b97ULL, 0xa9b70f7cd5b862daULL, 0x76a86f2254c7fc3bULL,
528 0x19c36df6efae2c82ULL, 0x6f6b02d4bb69d0b9ULL, 0x62a7ecbfdd4b7a31ULL,
529 0x31dd76d1e0ab3d96ULL, 0x21d178c7e6a9379eULL, 0x1f4f28b6a967e681ULL,
530 0x503c364e1e0a2228ULL, 0x028fc8cbc9474601ULL, 0xc316e4c80bf21defULL,
531 0xc1992c03c2b55beeULL, 0x0dccee6b6622aa88ULL, 0x7b64814932e556b3ULL,
532 0x235eb00c2fee719fULL, 0x99a31d46dfbe7cc2ULL, 0x45fad1387d2b87acULL,
533 0x7c21a0e29e81bf3eULL, 0x906c7ea636125a48ULL, 0x6c2daef49883b536ULL,
534 0xd85a41f52d1b776cULL, 0x70242a62120e3638ULL, 0x05cae9606523af8cULL,
535 0xfb04f1f902f506f3ULL, 0x1283c6ddcf454c09ULL, 0x15c6e7766321a584ULL,
536 0x3e9e50714fced11fULL, 0x72abe2a9db497039ULL, 0x7de8c409742c9cb0ULL,
537 0x9b2cd58d16f93ac3ULL, 0x636e885437e659bfULL, 0xd993251ec7b654e2ULL,
538 0x5df0d825782888a0ULL, 0xb872658139174b5cULL, 0x642ba9ff9b82b032ULL,
539 0xd05c46fe2e1a7268ULL, 0x2c1d96ac808b9d16ULL, 0xa33ec0bc1ffe21dfULL,
540 0x241b91a7838a9812ULL, 0x48363f531b092d24ULL, 0x068c454046c9ca03ULL,
541 0x4c35b2d89487a126ULL, 0x4ab9f798d24e6b25ULL, 0x5b7c9d653ee142a3ULL,
542 0x6de4ca1f722e96b8ULL, 0x7362864231e453b7ULL, 0x537a9a6e3de047a7ULL,
543 0x0b40ab2b20eb608bULL, 0xf447d759ad90ea7aULL, 0x49ff5bb8f1a40eaaULL,
544 0xf0445ad2221e6678ULL, 0x5c39bcce9285ab2eULL, 0x275d3d87a060fd9dULL,
545 0x0000000000000000ULL, 0x35defb5a6f25b194ULL, 0xf302f6f201f403f7ULL,
546 0xdb1cedd50ef112e3ULL, 0xd45fcb75a194fe6aULL, 0x583a31451d0b272cULL,
547 0x6b688f5f34e75cbbULL, 0x8f2356109f75bcc9ULL, 0x2b58b7072cef749bULL,
548 0xbdb88ce15c34e4d0ULL, 0x95a697c65331f5c4ULL, 0xeec2168f61d4a377ULL,
549 0xceda0aa36dd0b767ULL, 0x4433b5d39786a422ULL, 0xd7196755827e9be5ULL,
550 0x01c964ebeaad238eULL, 0xbb34c9a11afd2ed3ULL, 0x55f6df2e7b298da4ULL,
551 0x9da090cd5030f0c0ULL, 0xc59aa1884d3bd7ecULL, 0x8c65fa30bc9fd946ULL,
552 0x932ad28615f83fc7ULL, 0x7eae682957c6f93fULL, 0x986a79ad35135f4cULL,
553 0x3014123a0a061e18ULL, 0x281e1b270f051114ULL, 0x66a4613452c5f633ULL,
554 0x886677bb33115544ULL, 0x9f2f58069977b6c1ULL, 0xc7156943847c91edULL,
555 0xf7017b798e7a8ff5ULL, 0xe70d756f887885fdULL, 0xadb482f75a36eed8ULL,
556 0xe04854c4241c6c70ULL, 0xd596af9e4b39dde4ULL, 0xf2cb9219eb592079ULL,
557 0xc05048e828187860ULL, 0x8ae9bf70fa561345ULL, 0xf18d3e39c8b345f6ULL,
558 0xe9873724cdb04afaULL, 0x3dd8fc516c24b490ULL, 0x1dc0e07d6020a080ULL,
559 0xf98b3932cbb240f2ULL, 0xe44bd94fab92e072ULL, 0x71ed4e89f8a315b6ULL,
560 0x4eba7a135dc0e727ULL, 0x1a85c1d6cc44490dULL, 0x37513391a662f795ULL,
561 0x806070b030105040ULL, 0xc99f2b08c1b45eeaULL, 0x543fbbc59184ae2aULL,
562 0x2297d4e7c5435211ULL, 0xec4dde44a893e576ULL, 0x5eb674055bc2ed2fULL,
563 0x6aa1ebb4de4a7f35ULL, 0x81a9145bdabd73ceULL, 0x0c058a808c8f8906ULL,
564 0x75eec302772d99b4ULL, 0x89af1350d9bc76caULL, 0x946ff32db99cd64aULL,
565 0x77610bc9be6adfb5ULL, 0x3a9dddfac0405d1dULL, 0x3698577a4ccfd41bULL,
566 0x79eb4982fba210b2ULL, 0x7427a7e99d80ba3aULL, 0x42bff093d14f6e21ULL,
567 0xf8425dd9211f637cULL, 0x1e864c5d43cac50fULL, 0x39db71dae3aa3892ULL,
568 0x2a91d3ecc6425715ULL
569};
570
571static const u64 T6[256] = {
572 0x6a01bbb9d268bad3ULL, 0x66b1e59a4d1954fcULL, 0x14cde265bc932f71ULL,
573 0x1b512587cdb9749cULL, 0x57a4f7a2510253f5ULL, 0xbe03d0d66bb8d368ULL,
574 0xb504d6de6fbdd26bULL, 0x85feb35229644dd7ULL, 0x4aadfdba5d0d50f0ULL,
575 0xe063cf098a26ace9ULL, 0x9684091c0e838d8aULL, 0x4d1aa591c679bfdcULL,
576 0x374d3da7ddad7090ULL, 0x5ca3f1aa550752f6ULL, 0x17e17ba452c89ab3ULL,
577 0x8ef9b55a2d614cd4ULL, 0x20ac46038f65ea23ULL, 0x8411c4e673a6d562ULL,
578 0x68c255cc66f197a4ULL, 0xa80ddcc663b2d16eULL, 0xd099aa85ccff3355ULL,
579 0x41aafbb2590851f3ULL, 0x0f9cc7e2712a5bedULL, 0xae55f359a204a6f7ULL,
580 0xc120febe5f81de7fULL, 0xa2e5ad7a3d7548d8ULL, 0xcc7fd7299a32a8e5ULL,
581 0x0ae871bc5ec799b6ULL, 0xe63be0964b90db70ULL, 0xdb9eac8dc8fa3256ULL,
582 0x152295d1e651b7c4ULL, 0xaace32b3d72bfc19ULL, 0x7393704bab48e338ULL,
583 0x3bfd638442dc9ebfULL, 0x52d041fc7eef91aeULL, 0x1ce67dac56cd9bb0ULL,
584 0x78947643af4de23bULL, 0x6106bdb1d66dbbd0ULL, 0xf1da9b32195841c3ULL,
585 0xe5177957a5cb6eb2ULL, 0xb35cf941ae0ba5f2ULL, 0x564b80160bc0cb40ULL,
586 0xc20c677fb1da6bbdULL, 0x7ecc59dc6efb95a2ULL, 0x9f40e161be1fa1feULL,
587 0xc3e310cbeb18f308ULL, 0x2f3081e1fe4fb1ceULL, 0x160e0c10080a0206ULL,
588 0x675e922e17dbcc49ULL, 0x3f66a26e37f3c451ULL, 0xcf534ee874691d27ULL,
589 0x9c6c78a05044143cULL, 0x0e73b0562be8c358ULL, 0x9a34573f91f263a5ULL,
590 0xed3ce69e4f95da73ULL, 0x358ed3d269345de7ULL, 0x2380dfc2613e5fe1ULL,
591 0xd72ef2ae578bdc79ULL, 0x486e13cfe9947d87ULL, 0x6c59942613decd4aULL,
592 0x5e601fdfe19e7f81ULL, 0x049bc1ea752f5aeeULL, 0xf3197547adc16cb4ULL,
593 0x3e89d5da6d315ce4ULL, 0xefff08ebfb0cf704ULL, 0x47f2d42d98be266aULL,
594 0xb7c738abdb24ff1cULL, 0x11b9543b937eed2aULL, 0x36a24a13876fe825ULL,
595 0x26f4699c4ed39dbaULL, 0xee107f5fa1ce6fb1ULL, 0x8b8d0304028c8e8fULL,
596 0xe34f56c8647d192bULL, 0x9447e769ba1aa0fdULL, 0xdeea1ad3e717f00dULL,
597 0xba98113c1e978986ULL, 0x692d22783c330f11ULL, 0x311512381c1b0709ULL,
598 0xfd6ac5118629afecULL, 0x9bdb208bcb30fb10ULL, 0x5838304020280818ULL,
599 0x976b7ea85441153fULL, 0x7f232e6834390d17ULL, 0x2c1c18201014040cULL,
600 0x0b07060804050103ULL, 0xab2145078de964acULL, 0xca27f8b65b84df7cULL,
601 0x0d5f2997c5b3769aULL, 0x64720beff980798bULL, 0xdc29f4a6538edd7aULL,
602 0xb2b38ef5f4c93d47ULL, 0x8a6274b0584e163aULL, 0xa4bd82e5fcc33f41ULL,
603 0xfc85b2a5dceb3759ULL, 0xf81e734fa9c46db7ULL, 0x95a890dde0d83848ULL,
604 0x7708b1a1de67b9d6ULL, 0x2a4437bfd1a27395ULL, 0x3da54c1b836ae926ULL,
605 0xea8bbeb5d4e1355fULL, 0x6db6e392491c55ffULL, 0x3c4a3bafd9a87193ULL,
606 0x727c07fff18a7b8dULL, 0x9d830f140a868c89ULL, 0x214331b7d5a77296ULL,
607 0xb19f17341a928885ULL, 0xe4f80ee3ff09f607ULL, 0x33d6fc4da8822a7eULL,
608 0xafba84edf8c63e42ULL, 0x2887d9ca653b5ee2ULL, 0x4cf5d2259cbb2769ULL,
609 0xc0cf890a054346caULL, 0x74242860303c0c14ULL, 0xa026430f89ec65afULL,
610 0xdf056d67bdd568b8ULL, 0x8c3a5b2f99f861a3ULL, 0x1d090a180c0f0305ULL,
611 0x187dbc4623e2c15eULL, 0x7bb8ef82411657f9ULL, 0x9918cefe7fa9d667ULL,
612 0xf035ec86439ad976ULL, 0x1295cdfa7d2558e8ULL, 0xfb32ea8e479fd875ULL,
613 0xbd2f491785e366aaULL, 0x921fc8f67bacd764ULL, 0x83a69ccde8d23a4eULL,
614 0x4b428a0e07cfc845ULL, 0xb9b488fdf0cc3c44ULL, 0x90dc2683cf35fa13ULL,
615 0x63c553c462f496a7ULL, 0xa552f551a601a7f4ULL, 0x01ef77b45ac298b5ULL,
616 0x1abe5233977bec29ULL, 0x7c0fb7a9da62b8d5ULL, 0x226fa8763bfcc754ULL,
617 0xf66dc319822caeefULL, 0xd4026b6fb9d069bbULL, 0xbfeca762317a4bddULL,
618 0xd176dd31963dabe0ULL, 0xc778d1219e37a9e6ULL, 0xb6284f1f81e667a9ULL,
619 0x4e363c5028220a1eULL, 0xcbc88f02014647c9ULL, 0xc8e416c3ef1df20bULL,
620 0x032c99c1ee5bb5c2ULL, 0x6beecc0d88aa2266ULL, 0x4981647bb356e532ULL,
621 0x0cb05e239f71ee2fULL, 0x461da399c27cbedfULL, 0x38d1fa45ac872b7dULL,
622 0xe2a0217c3ebf819eULL, 0xa67e6c90485a1236ULL, 0xf4ae2d6c36b58398ULL,
623 0xf5415ad86c771b2dULL, 0x622a247038360e12ULL, 0x60e9ca058caf2365ULL,
624 0xf9f104fbf306f502ULL, 0xddc68312094c45cfULL, 0x76e7c61584a52163ULL,
625 0x71509e3e1fd1ce4fULL, 0xa9e2ab72397049dbULL, 0x09c4e87db09c2c74ULL,
626 0x8dd52c9bc33af916ULL, 0x54886e63bf59e637ULL, 0x1e2593d9e254b6c7ULL,
627 0x25d8f05da0882878ULL, 0x816572b85c4b1739ULL, 0xffa92b6432b0829bULL,
628 0xfe465cd068721a2eULL, 0xac961d2c169d8b80ULL, 0xbcc03ea3df21fe1fULL,
629 0xa7911b2412988a83ULL, 0x533f3648242d091bULL, 0x40458c0603cac946ULL,
630 0xd8b2354c26a18794ULL, 0x98f7b94a256b4ed2ULL, 0x659d7c5ba342e13eULL,
631 0x1fcae46db8962e72ULL, 0x42866273b753e431ULL, 0x6e9a7a53a747e03dULL,
632 0x2bab400b8b60eb20ULL, 0x59d747f47aea90adULL, 0xb85bff49aa0ea4f1ULL,
633 0xd25a44f078661e22ULL, 0xcebc395c2eab8592ULL, 0x873d5d279dfd60a0ULL,
634 0x0000000000000000ULL, 0x5afbde3594b1256fULL, 0xf2f602f3f703f401ULL,
635 0xd5ed1cdbe312f10eULL, 0x75cb5fd46afe94a1ULL, 0x45313a582c270b1dULL,
636 0x5f8f686bbb5ce734ULL, 0x1056238fc9bc759fULL, 0x07b7582b9b74ef2cULL,
637 0xe18cb8bdd0e4345cULL, 0xc697a695c4f53153ULL, 0x8f16c2ee77a3d461ULL,
638 0xa30adace67b7d06dULL, 0xd3b5334422a48697ULL, 0x556719d7e59b7e82ULL,
639 0xeb64c9018e23adeaULL, 0xa1c934bbd32efd1aULL, 0x2edff655a48d297bULL,
640 0xcd90a09dc0f03050ULL, 0x88a19ac5ecd73b4dULL, 0x30fa658c46d99fbcULL,
641 0x86d22a93c73ff815ULL, 0x2968ae7e3ff9c657ULL, 0xad796a984c5f1335ULL,
642 0x3a121430181e060aULL, 0x271b1e281411050fULL, 0x3461a46633f6c552ULL,
643 0xbb77668844551133ULL, 0x06582f9fc1b67799ULL, 0x436915c7ed917c84ULL,
644 0x797b01f7f58f7a8eULL, 0x6f750de7fd857888ULL, 0xf782b4add8ee365aULL,
645 0xc45448e0706c1c24ULL, 0x9eaf96d5e4dd394bULL, 0x1992cbf2792059ebULL,
646 0xe84850c060781828ULL, 0x70bfe98a451356faULL, 0x393e8df1f645b3c8ULL,
647 0x243787e9fa4ab0cdULL, 0x51fcd83d90b4246cULL, 0x7de0c01d80a02060ULL,
648 0x32398bf9f240b2cbULL, 0x4fd94be472e092abULL, 0x894eed71b615a3f8ULL,
649 0x137aba4e27e7c05dULL, 0xd6c1851a0d4944ccULL, 0x9133513795f762a6ULL,
650 0xb070608040501030ULL, 0x082b9fc9ea5eb4c1ULL, 0xc5bb3f542aae8491ULL,
651 0xe7d49722115243c5ULL, 0x44de4dec76e593a8ULL, 0x0574b65e2fedc25bULL,
652 0xb4eba16a357f4adeULL, 0x5b14a981ce73bddaULL, 0x808a050c06898f8cULL,
653 0x02c3ee75b4992d77ULL, 0x5013af89ca76bcd9ULL, 0x2df36f944ad69cb9ULL,
654 0xc90b6177b5df6abeULL, 0xfadd9d3a1d5d40c0ULL, 0x7a5798361bd4cf4cULL,
655 0x8249eb79b210a2fbULL, 0xe9a727743aba809dULL, 0x93f0bf42216e4fd1ULL,
656 0xd95d42f87c631f21ULL, 0x5d4c861e0fc5ca43ULL, 0xda71db399238aae3ULL,
657 0xecd3912a155742c6ULL
658};
659
660static const u64 T7[256] = {
661 0x016ab9bb68d2d3baULL, 0xb1669ae5194dfc54ULL, 0xcd1465e293bc712fULL,
662 0x511b8725b9cd9c74ULL, 0xa457a2f70251f553ULL, 0x03bed6d0b86b68d3ULL,
663 0x04b5ded6bd6f6bd2ULL, 0xfe8552b36429d74dULL, 0xad4abafd0d5df050ULL,
664 0x63e009cf268ae9acULL, 0x84961c09830e8a8dULL, 0x1a4d91a579c6dcbfULL,
665 0x4d37a73daddd9070ULL, 0xa35caaf10755f652ULL, 0xe117a47bc852b39aULL,
666 0xf98e5ab5612dd44cULL, 0xac200346658f23eaULL, 0x1184e6c4a67362d5ULL,
667 0xc268cc55f166a497ULL, 0x0da8c6dcb2636ed1ULL, 0x99d085aaffcc5533ULL,
668 0xaa41b2fb0859f351ULL, 0x9c0fe2c72a71ed5bULL, 0x55ae59f304a2f7a6ULL,
669 0x20c1befe815f7fdeULL, 0xe5a27aad753dd848ULL, 0x7fcc29d7329ae5a8ULL,
670 0xe80abc71c75eb699ULL, 0x3be696e0904b70dbULL, 0x9edb8dacfac85632ULL,
671 0x2215d19551e6c4b7ULL, 0xceaab3322bd719fcULL, 0x93734b7048ab38e3ULL,
672 0xfd3b8463dc42bf9eULL, 0xd052fc41ef7eae91ULL, 0xe61cac7dcd56b09bULL,
673 0x947843764daf3be2ULL, 0x0661b1bd6dd6d0bbULL, 0xdaf1329b5819c341ULL,
674 0x17e55779cba5b26eULL, 0x5cb341f90baef2a5ULL, 0x4b561680c00b40cbULL,
675 0x0cc27f67dab1bd6bULL, 0xcc7edc59fb6ea295ULL, 0x409f61e11fbefea1ULL,
676 0xe3c3cb1018eb08f3ULL, 0x302fe1814ffeceb1ULL, 0x0e16100c0a080602ULL,
677 0x5e672e92db1749ccULL, 0x663f6ea2f33751c4ULL, 0x53cfe84e6974271dULL,
678 0x6c9ca07844503c14ULL, 0x730e56b0e82b58c3ULL, 0x349a3f57f291a563ULL,
679 0x3ced9ee6954f73daULL, 0x8e35d2d33469e75dULL, 0x8023c2df3e61e15fULL,
680 0x2ed7aef28b5779dcULL, 0x6e48cf1394e9877dULL, 0x596c2694de134acdULL,
681 0x605edf1f9ee1817fULL, 0x9b04eac12f75ee5aULL, 0x19f34775c1adb46cULL,
682 0x893edad5316de45cULL, 0xffefeb080cfb04f7ULL, 0xf2472dd4be986a26ULL,
683 0xc7b7ab3824db1cffULL, 0xb9113b547e932aedULL, 0xa236134a6f8725e8ULL,
684 0xf4269c69d34eba9dULL, 0x10ee5f7fcea1b16fULL, 0x8d8b04038c028f8eULL,
685 0x4fe3c8567d642b19ULL, 0x479469e71abafda0ULL, 0xeaded31a17e70df0ULL,
686 0x98ba3c11971e8689ULL, 0x2d697822333c110fULL, 0x153138121b1c0907ULL,
687 0x6afd11c52986ecafULL, 0xdb9b8b2030cb10fbULL, 0x3858403028201808ULL,
688 0x6b97a87e41543f15ULL, 0x237f682e3934170dULL, 0x1c2c201814100c04ULL,
689 0x070b080605040301ULL, 0x21ab0745e98dac64ULL, 0x27cab6f8845b7cdfULL,
690 0x5f0d9729b3c59a76ULL, 0x7264ef0b80f98b79ULL, 0x29dca6f48e537addULL,
691 0xb3b2f58ec9f4473dULL, 0x628ab0744e583a16ULL, 0xbda4e582c3fc413fULL,
692 0x85fca5b2ebdc5937ULL, 0x1ef84f73c4a9b76dULL, 0xa895dd90d8e04838ULL,
693 0x0877a1b167ded6b9ULL, 0x442abf37a2d19573ULL, 0xa53d1b4c6a8326e9ULL,
694 0x8beab5bee1d45f35ULL, 0xb66d92e31c49ff55ULL, 0x4a3caf3ba8d99371ULL,
695 0x7c72ff078af18d7bULL, 0x839d140f860a898cULL, 0x4321b731a7d59672ULL,
696 0x9fb13417921a8588ULL, 0xf8e4e30e09ff07f6ULL, 0xd6334dfc82a87e2aULL,
697 0xbaafed84c6f8423eULL, 0x8728cad93b65e25eULL, 0xf54c25d2bb9c6927ULL,
698 0xcfc00a894305ca46ULL, 0x247460283c30140cULL, 0x26a00f43ec89af65ULL,
699 0x05df676dd5bdb868ULL, 0x3a8c2f5bf899a361ULL, 0x091d180a0f0c0503ULL,
700 0x7d1846bce2235ec1ULL, 0xb87b82ef1641f957ULL, 0x1899fecea97f67d6ULL,
701 0x35f086ec9a4376d9ULL, 0x9512facd257de858ULL, 0x32fb8eea9f4775d8ULL,
702 0x2fbd1749e385aa66ULL, 0x1f92f6c8ac7b64d7ULL, 0xa683cd9cd2e84e3aULL,
703 0x424b0e8acf0745c8ULL, 0xb4b9fd88ccf0443cULL, 0xdc90832635cf13faULL,
704 0xc563c453f462a796ULL, 0x52a551f501a6f4a7ULL, 0xef01b477c25ab598ULL,
705 0xbe1a33527b9729ecULL, 0x0f7ca9b762dad5b8ULL, 0x6f2276a8fc3b54c7ULL,
706 0x6df619c32c82efaeULL, 0x02d46f6bd0b9bb69ULL, 0xecbf62a77a31dd4bULL,
707 0x76d131dd3d96e0abULL, 0x78c721d1379ee6a9ULL, 0x28b61f4fe681a967ULL,
708 0x364e503c22281e0aULL, 0xc8cb028f4601c947ULL, 0xe4c8c3161def0bf2ULL,
709 0x2c03c1995beec2b5ULL, 0xee6b0dccaa886622ULL, 0x81497b6456b332e5ULL,
710 0xb00c235e719f2feeULL, 0x1d4699a37cc2dfbeULL, 0xd13845fa87ac7d2bULL,
711 0xa0e27c21bf3e9e81ULL, 0x7ea6906c5a483612ULL, 0xaef46c2db5369883ULL,
712 0x41f5d85a776c2d1bULL, 0x2a6270243638120eULL, 0xe96005caaf8c6523ULL,
713 0xf1f9fb0406f302f5ULL, 0xc6dd12834c09cf45ULL, 0xe77615c6a5846321ULL,
714 0x50713e9ed11f4fceULL, 0xe2a972ab7039db49ULL, 0xc4097de89cb0742cULL,
715 0xd58d9b2c3ac316f9ULL, 0x8854636e59bf37e6ULL, 0x251ed99354e2c7b6ULL,
716 0xd8255df088a07828ULL, 0x6581b8724b5c3917ULL, 0xa9ff642bb0329b82ULL,
717 0x46fed05c72682e1aULL, 0x96ac2c1d9d16808bULL, 0xc0bca33e21df1ffeULL,
718 0x91a7241b9812838aULL, 0x3f5348362d241b09ULL, 0x4540068cca0346c9ULL,
719 0xb2d84c35a1269487ULL, 0xf7984ab96b25d24eULL, 0x9d655b7c42a33ee1ULL,
720 0xca1f6de496b8722eULL, 0x8642736253b731e4ULL, 0x9a6e537a47a73de0ULL,
721 0xab2b0b40608b20ebULL, 0xd759f447ea7aad90ULL, 0x5bb849ff0eaaf1a4ULL,
722 0x5ad2f0446678221eULL, 0xbcce5c39ab2e9285ULL, 0x3d87275dfd9da060ULL,
723 0x0000000000000000ULL, 0xfb5a35deb1946f25ULL, 0xf6f2f30203f701f4ULL,
724 0xedd5db1c12e30ef1ULL, 0xcb75d45ffe6aa194ULL, 0x3145583a272c1d0bULL,
725 0x8f5f6b685cbb34e7ULL, 0x56108f23bcc99f75ULL, 0xb7072b58749b2cefULL,
726 0x8ce1bdb8e4d05c34ULL, 0x97c695a6f5c45331ULL, 0x168feec2a37761d4ULL,
727 0x0aa3cedab7676dd0ULL, 0xb5d34433a4229786ULL, 0x6755d7199be5827eULL,
728 0x64eb01c9238eeaadULL, 0xc9a1bb342ed31afdULL, 0xdf2e55f68da47b29ULL,
729 0x90cd9da0f0c05030ULL, 0xa188c59ad7ec4d3bULL, 0xfa308c65d946bc9fULL,
730 0xd286932a3fc715f8ULL, 0x68297eaef93f57c6ULL, 0x79ad986a5f4c3513ULL,
731 0x123a30141e180a06ULL, 0x1b27281e11140f05ULL, 0x613466a4f63352c5ULL,
732 0x77bb886655443311ULL, 0x58069f2fb6c19977ULL, 0x6943c71591ed847cULL,
733 0x7b79f7018ff58e7aULL, 0x756fe70d85fd8878ULL, 0x82f7adb4eed85a36ULL,
734 0x54c4e0486c70241cULL, 0xaf9ed596dde44b39ULL, 0x9219f2cb2079eb59ULL,
735 0x48e8c05078602818ULL, 0xbf708ae91345fa56ULL, 0x3e39f18d45f6c8b3ULL,
736 0x3724e9874afacdb0ULL, 0xfc513dd8b4906c24ULL, 0xe07d1dc0a0806020ULL,
737 0x3932f98b40f2cbb2ULL, 0xd94fe44be072ab92ULL, 0x4e8971ed15b6f8a3ULL,
738 0x7a134ebae7275dc0ULL, 0xc1d61a85490dcc44ULL, 0x33913751f795a662ULL,
739 0x70b0806050403010ULL, 0x2b08c99f5eeac1b4ULL, 0xbbc5543fae2a9184ULL,
740 0xd4e722975211c543ULL, 0xde44ec4de576a893ULL, 0x74055eb6ed2f5bc2ULL,
741 0xebb46aa17f35de4aULL, 0x145b81a973cedabdULL, 0x8a800c0589068c8fULL,
742 0xc30275ee99b4772dULL, 0x135089af76cad9bcULL, 0xf32d946fd64ab99cULL,
743 0x0bc97761dfb5be6aULL, 0xddfa3a9d5d1dc040ULL, 0x577a3698d41b4ccfULL,
744 0x498279eb10b2fba2ULL, 0xa7e97427ba3a9d80ULL, 0xf09342bf6e21d14fULL,
745 0x5dd9f842637c211fULL, 0x4c5d1e86c50f43caULL, 0x71da39db3892e3aaULL,
746 0xd3ec2a915715c642ULL
747};
748
749static const u64 c[KHAZAD_ROUNDS + 1] = {
750 0xba542f7453d3d24dULL, 0x50ac8dbf70529a4cULL, 0xead597d133515ba6ULL,
751 0xde48a899db32b7fcULL, 0xe39e919be2bb416eULL, 0xa5cb6b95a1f3b102ULL,
752 0xccc41d14c363da5dULL, 0x5fdc7dcd7f5a6c5cULL, 0xf726ffede89d6f8eULL
753};
754
755static int khazad_setkey(void *ctx_arg, const u8 *in_key,
756 unsigned int key_len, u32 *flags)
757{
758
759 struct khazad_ctx *ctx = ctx_arg;
760 int r;
761 const u64 *S = T7;
762 u64 K2, K1;
763
764 if (key_len != 16)
765 {
766 *flags |= CRYPTO_TFM_RES_BAD_KEY_LEN;
767 return -EINVAL;
768 }
769
770 K2 = ((u64)in_key[ 0] << 56) ^
771 ((u64)in_key[ 1] << 48) ^
772 ((u64)in_key[ 2] << 40) ^
773 ((u64)in_key[ 3] << 32) ^
774 ((u64)in_key[ 4] << 24) ^
775 ((u64)in_key[ 5] << 16) ^
776 ((u64)in_key[ 6] << 8) ^
777 ((u64)in_key[ 7] );
778 K1 = ((u64)in_key[ 8] << 56) ^
779 ((u64)in_key[ 9] << 48) ^
780 ((u64)in_key[10] << 40) ^
781 ((u64)in_key[11] << 32) ^
782 ((u64)in_key[12] << 24) ^
783 ((u64)in_key[13] << 16) ^
784 ((u64)in_key[14] << 8) ^
785 ((u64)in_key[15] );
786
787 /* setup the encrypt key */
788 for (r = 0; r <= KHAZAD_ROUNDS; r++) {
789 ctx->E[r] = T0[(int)(K1 >> 56) ] ^
790 T1[(int)(K1 >> 48) & 0xff] ^
791 T2[(int)(K1 >> 40) & 0xff] ^
792 T3[(int)(K1 >> 32) & 0xff] ^
793 T4[(int)(K1 >> 24) & 0xff] ^
794 T5[(int)(K1 >> 16) & 0xff] ^
795 T6[(int)(K1 >> 8) & 0xff] ^
796 T7[(int)(K1 ) & 0xff] ^
797 c[r] ^ K2;
798 K2 = K1;
799 K1 = ctx->E[r];
800 }
801 /* Setup the decrypt key */
802 ctx->D[0] = ctx->E[KHAZAD_ROUNDS];
803 for (r = 1; r < KHAZAD_ROUNDS; r++) {
804 K1 = ctx->E[KHAZAD_ROUNDS - r];
805 ctx->D[r] = T0[(int)S[(int)(K1 >> 56) ] & 0xff] ^
806 T1[(int)S[(int)(K1 >> 48) & 0xff] & 0xff] ^
807 T2[(int)S[(int)(K1 >> 40) & 0xff] & 0xff] ^
808 T3[(int)S[(int)(K1 >> 32) & 0xff] & 0xff] ^
809 T4[(int)S[(int)(K1 >> 24) & 0xff] & 0xff] ^
810 T5[(int)S[(int)(K1 >> 16) & 0xff] & 0xff] ^
811 T6[(int)S[(int)(K1 >> 8) & 0xff] & 0xff] ^
812 T7[(int)S[(int)(K1 ) & 0xff] & 0xff];
813 }
814 ctx->D[KHAZAD_ROUNDS] = ctx->E[0];
815
816 return 0;
817
818}
819
820static void khazad_crypt(const u64 roundKey[KHAZAD_ROUNDS + 1],
821 u8 *ciphertext, const u8 *plaintext)
822{
823
824 int r;
825 u64 state;
826
827 state = ((u64)plaintext[0] << 56) ^
828 ((u64)plaintext[1] << 48) ^
829 ((u64)plaintext[2] << 40) ^
830 ((u64)plaintext[3] << 32) ^
831 ((u64)plaintext[4] << 24) ^
832 ((u64)plaintext[5] << 16) ^
833 ((u64)plaintext[6] << 8) ^
834 ((u64)plaintext[7] ) ^
835 roundKey[0];
836
837 for (r = 1; r < KHAZAD_ROUNDS; r++) {
838 state = T0[(int)(state >> 56) ] ^
839 T1[(int)(state >> 48) & 0xff] ^
840 T2[(int)(state >> 40) & 0xff] ^
841 T3[(int)(state >> 32) & 0xff] ^
842 T4[(int)(state >> 24) & 0xff] ^
843 T5[(int)(state >> 16) & 0xff] ^
844 T6[(int)(state >> 8) & 0xff] ^
845 T7[(int)(state ) & 0xff] ^
846 roundKey[r];
847 }
848
849 state = (T0[(int)(state >> 56) ] & 0xff00000000000000ULL) ^
850 (T1[(int)(state >> 48) & 0xff] & 0x00ff000000000000ULL) ^
851 (T2[(int)(state >> 40) & 0xff] & 0x0000ff0000000000ULL) ^
852 (T3[(int)(state >> 32) & 0xff] & 0x000000ff00000000ULL) ^
853 (T4[(int)(state >> 24) & 0xff] & 0x00000000ff000000ULL) ^
854 (T5[(int)(state >> 16) & 0xff] & 0x0000000000ff0000ULL) ^
855 (T6[(int)(state >> 8) & 0xff] & 0x000000000000ff00ULL) ^
856 (T7[(int)(state ) & 0xff] & 0x00000000000000ffULL) ^
857 roundKey[KHAZAD_ROUNDS];
858
859 ciphertext[0] = (u8)(state >> 56);
860 ciphertext[1] = (u8)(state >> 48);
861 ciphertext[2] = (u8)(state >> 40);
862 ciphertext[3] = (u8)(state >> 32);
863 ciphertext[4] = (u8)(state >> 24);
864 ciphertext[5] = (u8)(state >> 16);
865 ciphertext[6] = (u8)(state >> 8);
866 ciphertext[7] = (u8)(state );
867
868}
869
870static void khazad_encrypt(void *ctx_arg, u8 *dst, const u8 *src)
871{
872 struct khazad_ctx *ctx = ctx_arg;
873 khazad_crypt(ctx->E, dst, src);
874}
875
876static void khazad_decrypt(void *ctx_arg, u8 *dst, const u8 *src)
877{
878 struct khazad_ctx *ctx = ctx_arg;
879 khazad_crypt(ctx->D, dst, src);
880}
881
882static struct crypto_alg khazad_alg = {
883 .cra_name = "khazad",
884 .cra_flags = CRYPTO_ALG_TYPE_CIPHER,
885 .cra_blocksize = KHAZAD_BLOCK_SIZE,
886 .cra_ctxsize = sizeof (struct khazad_ctx),
887 .cra_module = THIS_MODULE,
888 .cra_list = LIST_HEAD_INIT(khazad_alg.cra_list),
889 .cra_u = { .cipher = {
890 .cia_min_keysize = KHAZAD_KEY_SIZE,
891 .cia_max_keysize = KHAZAD_KEY_SIZE,
892 .cia_setkey = khazad_setkey,
893 .cia_encrypt = khazad_encrypt,
894 .cia_decrypt = khazad_decrypt } }
895};
896
897static int __init init(void)
898{
899 int ret = 0;
900
901 ret = crypto_register_alg(&khazad_alg);
902 return ret;
903}
904
905static void __exit fini(void)
906{
907 crypto_unregister_alg(&khazad_alg);
908}
909
910
911module_init(init);
912module_exit(fini);
913
914MODULE_LICENSE("GPL");
915MODULE_DESCRIPTION("Khazad Cryptographic Algorithm");
diff --git a/crypto/md4.c b/crypto/md4.c
new file mode 100644
index 000000000000..bef6a9e5ac9b
--- /dev/null
+++ b/crypto/md4.c
@@ -0,0 +1,250 @@
1/*
2 * Cryptographic API.
3 *
4 * MD4 Message Digest Algorithm (RFC1320).
5 *
6 * Implementation derived from Andrew Tridgell and Steve French's
7 * CIFS MD4 implementation, and the cryptoapi implementation
8 * originally based on the public domain implementation written
9 * by Colin Plumb in 1993.
10 *
11 * Copyright (c) Andrew Tridgell 1997-1998.
12 * Modified by Steve French (sfrench@us.ibm.com) 2002
13 * Copyright (c) Cryptoapi developers.
14 * Copyright (c) 2002 David S. Miller (davem@redhat.com)
15 * Copyright (c) 2002 James Morris <jmorris@intercode.com.au>
16 *
17 * This program is free software; you can redistribute it and/or modify
18 * it under the terms of the GNU General Public License as published by
19 * the Free Software Foundation; either version 2 of the License, or
20 * (at your option) any later version.
21 *
22 */
23#include <linux/init.h>
24#include <linux/crypto.h>
25#include <linux/kernel.h>
26#include <linux/string.h>
27#include <asm/byteorder.h>
28
29#define MD4_DIGEST_SIZE 16
30#define MD4_HMAC_BLOCK_SIZE 64
31#define MD4_BLOCK_WORDS 16
32#define MD4_HASH_WORDS 4
33
34struct md4_ctx {
35 u32 hash[MD4_HASH_WORDS];
36 u32 block[MD4_BLOCK_WORDS];
37 u64 byte_count;
38};
39
40static inline u32 lshift(u32 x, unsigned int s)
41{
42 x &= 0xFFFFFFFF;
43 return ((x << s) & 0xFFFFFFFF) | (x >> (32 - s));
44}
45
46static inline u32 F(u32 x, u32 y, u32 z)
47{
48 return (x & y) | ((~x) & z);
49}
50
51static inline u32 G(u32 x, u32 y, u32 z)
52{
53 return (x & y) | (x & z) | (y & z);
54}
55
56static inline u32 H(u32 x, u32 y, u32 z)
57{
58 return x ^ y ^ z;
59}
60
61#define ROUND1(a,b,c,d,k,s) (a = lshift(a + F(b,c,d) + k, s))
62#define ROUND2(a,b,c,d,k,s) (a = lshift(a + G(b,c,d) + k + (u32)0x5A827999,s))
63#define ROUND3(a,b,c,d,k,s) (a = lshift(a + H(b,c,d) + k + (u32)0x6ED9EBA1,s))
64
65/* XXX: this stuff can be optimized */
66static inline void le32_to_cpu_array(u32 *buf, unsigned int words)
67{
68 while (words--) {
69 __le32_to_cpus(buf);
70 buf++;
71 }
72}
73
74static inline void cpu_to_le32_array(u32 *buf, unsigned int words)
75{
76 while (words--) {
77 __cpu_to_le32s(buf);
78 buf++;
79 }
80}
81
82static void md4_transform(u32 *hash, u32 const *in)
83{
84 u32 a, b, c, d;
85
86 a = hash[0];
87 b = hash[1];
88 c = hash[2];
89 d = hash[3];
90
91 ROUND1(a, b, c, d, in[0], 3);
92 ROUND1(d, a, b, c, in[1], 7);
93 ROUND1(c, d, a, b, in[2], 11);
94 ROUND1(b, c, d, a, in[3], 19);
95 ROUND1(a, b, c, d, in[4], 3);
96 ROUND1(d, a, b, c, in[5], 7);
97 ROUND1(c, d, a, b, in[6], 11);
98 ROUND1(b, c, d, a, in[7], 19);
99 ROUND1(a, b, c, d, in[8], 3);
100 ROUND1(d, a, b, c, in[9], 7);
101 ROUND1(c, d, a, b, in[10], 11);
102 ROUND1(b, c, d, a, in[11], 19);
103 ROUND1(a, b, c, d, in[12], 3);
104 ROUND1(d, a, b, c, in[13], 7);
105 ROUND1(c, d, a, b, in[14], 11);
106 ROUND1(b, c, d, a, in[15], 19);
107
108 ROUND2(a, b, c, d,in[ 0], 3);
109 ROUND2(d, a, b, c, in[4], 5);
110 ROUND2(c, d, a, b, in[8], 9);
111 ROUND2(b, c, d, a, in[12], 13);
112 ROUND2(a, b, c, d, in[1], 3);
113 ROUND2(d, a, b, c, in[5], 5);
114 ROUND2(c, d, a, b, in[9], 9);
115 ROUND2(b, c, d, a, in[13], 13);
116 ROUND2(a, b, c, d, in[2], 3);
117 ROUND2(d, a, b, c, in[6], 5);
118 ROUND2(c, d, a, b, in[10], 9);
119 ROUND2(b, c, d, a, in[14], 13);
120 ROUND2(a, b, c, d, in[3], 3);
121 ROUND2(d, a, b, c, in[7], 5);
122 ROUND2(c, d, a, b, in[11], 9);
123 ROUND2(b, c, d, a, in[15], 13);
124
125 ROUND3(a, b, c, d,in[ 0], 3);
126 ROUND3(d, a, b, c, in[8], 9);
127 ROUND3(c, d, a, b, in[4], 11);
128 ROUND3(b, c, d, a, in[12], 15);
129 ROUND3(a, b, c, d, in[2], 3);
130 ROUND3(d, a, b, c, in[10], 9);
131 ROUND3(c, d, a, b, in[6], 11);
132 ROUND3(b, c, d, a, in[14], 15);
133 ROUND3(a, b, c, d, in[1], 3);
134 ROUND3(d, a, b, c, in[9], 9);
135 ROUND3(c, d, a, b, in[5], 11);
136 ROUND3(b, c, d, a, in[13], 15);
137 ROUND3(a, b, c, d, in[3], 3);
138 ROUND3(d, a, b, c, in[11], 9);
139 ROUND3(c, d, a, b, in[7], 11);
140 ROUND3(b, c, d, a, in[15], 15);
141
142 hash[0] += a;
143 hash[1] += b;
144 hash[2] += c;
145 hash[3] += d;
146}
147
148static inline void md4_transform_helper(struct md4_ctx *ctx)
149{
150 le32_to_cpu_array(ctx->block, sizeof(ctx->block) / sizeof(u32));
151 md4_transform(ctx->hash, ctx->block);
152}
153
154static void md4_init(void *ctx)
155{
156 struct md4_ctx *mctx = ctx;
157
158 mctx->hash[0] = 0x67452301;
159 mctx->hash[1] = 0xefcdab89;
160 mctx->hash[2] = 0x98badcfe;
161 mctx->hash[3] = 0x10325476;
162 mctx->byte_count = 0;
163}
164
165static void md4_update(void *ctx, const u8 *data, unsigned int len)
166{
167 struct md4_ctx *mctx = ctx;
168 const u32 avail = sizeof(mctx->block) - (mctx->byte_count & 0x3f);
169
170 mctx->byte_count += len;
171
172 if (avail > len) {
173 memcpy((char *)mctx->block + (sizeof(mctx->block) - avail),
174 data, len);
175 return;
176 }
177
178 memcpy((char *)mctx->block + (sizeof(mctx->block) - avail),
179 data, avail);
180
181 md4_transform_helper(mctx);
182 data += avail;
183 len -= avail;
184
185 while (len >= sizeof(mctx->block)) {
186 memcpy(mctx->block, data, sizeof(mctx->block));
187 md4_transform_helper(mctx);
188 data += sizeof(mctx->block);
189 len -= sizeof(mctx->block);
190 }
191
192 memcpy(mctx->block, data, len);
193}
194
195static void md4_final(void *ctx, u8 *out)
196{
197 struct md4_ctx *mctx = ctx;
198 const unsigned int offset = mctx->byte_count & 0x3f;
199 char *p = (char *)mctx->block + offset;
200 int padding = 56 - (offset + 1);
201
202 *p++ = 0x80;
203 if (padding < 0) {
204 memset(p, 0x00, padding + sizeof (u64));
205 md4_transform_helper(mctx);
206 p = (char *)mctx->block;
207 padding = 56;
208 }
209
210 memset(p, 0, padding);
211 mctx->block[14] = mctx->byte_count << 3;
212 mctx->block[15] = mctx->byte_count >> 29;
213 le32_to_cpu_array(mctx->block, (sizeof(mctx->block) -
214 sizeof(u64)) / sizeof(u32));
215 md4_transform(mctx->hash, mctx->block);
216 cpu_to_le32_array(mctx->hash, sizeof(mctx->hash) / sizeof(u32));
217 memcpy(out, mctx->hash, sizeof(mctx->hash));
218 memset(mctx, 0, sizeof(*mctx));
219}
220
221static struct crypto_alg alg = {
222 .cra_name = "md4",
223 .cra_flags = CRYPTO_ALG_TYPE_DIGEST,
224 .cra_blocksize = MD4_HMAC_BLOCK_SIZE,
225 .cra_ctxsize = sizeof(struct md4_ctx),
226 .cra_module = THIS_MODULE,
227 .cra_list = LIST_HEAD_INIT(alg.cra_list),
228 .cra_u = { .digest = {
229 .dia_digestsize = MD4_DIGEST_SIZE,
230 .dia_init = md4_init,
231 .dia_update = md4_update,
232 .dia_final = md4_final } }
233};
234
235static int __init init(void)
236{
237 return crypto_register_alg(&alg);
238}
239
240static void __exit fini(void)
241{
242 crypto_unregister_alg(&alg);
243}
244
245module_init(init);
246module_exit(fini);
247
248MODULE_LICENSE("GPL");
249MODULE_DESCRIPTION("MD4 Message Digest Algorithm");
250
diff --git a/crypto/md5.c b/crypto/md5.c
new file mode 100644
index 000000000000..1ed45f9c263e
--- /dev/null
+++ b/crypto/md5.c
@@ -0,0 +1,244 @@
1/*
2 * Cryptographic API.
3 *
4 * MD5 Message Digest Algorithm (RFC1321).
5 *
6 * Derived from cryptoapi implementation, originally based on the
7 * public domain implementation written by Colin Plumb in 1993.
8 *
9 * Copyright (c) Cryptoapi developers.
10 * Copyright (c) 2002 James Morris <jmorris@intercode.com.au>
11 *
12 * This program is free software; you can redistribute it and/or modify it
13 * under the terms of the GNU General Public License as published by the Free
14 * Software Foundation; either version 2 of the License, or (at your option)
15 * any later version.
16 *
17 */
18#include <linux/init.h>
19#include <linux/module.h>
20#include <linux/string.h>
21#include <linux/crypto.h>
22#include <asm/byteorder.h>
23
24#define MD5_DIGEST_SIZE 16
25#define MD5_HMAC_BLOCK_SIZE 64
26#define MD5_BLOCK_WORDS 16
27#define MD5_HASH_WORDS 4
28
29#define F1(x, y, z) (z ^ (x & (y ^ z)))
30#define F2(x, y, z) F1(z, x, y)
31#define F3(x, y, z) (x ^ y ^ z)
32#define F4(x, y, z) (y ^ (x | ~z))
33
34#define MD5STEP(f, w, x, y, z, in, s) \
35 (w += f(x, y, z) + in, w = (w<<s | w>>(32-s)) + x)
36
37struct md5_ctx {
38 u32 hash[MD5_HASH_WORDS];
39 u32 block[MD5_BLOCK_WORDS];
40 u64 byte_count;
41};
42
43static void md5_transform(u32 *hash, u32 const *in)
44{
45 u32 a, b, c, d;
46
47 a = hash[0];
48 b = hash[1];
49 c = hash[2];
50 d = hash[3];
51
52 MD5STEP(F1, a, b, c, d, in[0] + 0xd76aa478, 7);
53 MD5STEP(F1, d, a, b, c, in[1] + 0xe8c7b756, 12);
54 MD5STEP(F1, c, d, a, b, in[2] + 0x242070db, 17);
55 MD5STEP(F1, b, c, d, a, in[3] + 0xc1bdceee, 22);
56 MD5STEP(F1, a, b, c, d, in[4] + 0xf57c0faf, 7);
57 MD5STEP(F1, d, a, b, c, in[5] + 0x4787c62a, 12);
58 MD5STEP(F1, c, d, a, b, in[6] + 0xa8304613, 17);
59 MD5STEP(F1, b, c, d, a, in[7] + 0xfd469501, 22);
60 MD5STEP(F1, a, b, c, d, in[8] + 0x698098d8, 7);
61 MD5STEP(F1, d, a, b, c, in[9] + 0x8b44f7af, 12);
62 MD5STEP(F1, c, d, a, b, in[10] + 0xffff5bb1, 17);
63 MD5STEP(F1, b, c, d, a, in[11] + 0x895cd7be, 22);
64 MD5STEP(F1, a, b, c, d, in[12] + 0x6b901122, 7);
65 MD5STEP(F1, d, a, b, c, in[13] + 0xfd987193, 12);
66 MD5STEP(F1, c, d, a, b, in[14] + 0xa679438e, 17);
67 MD5STEP(F1, b, c, d, a, in[15] + 0x49b40821, 22);
68
69 MD5STEP(F2, a, b, c, d, in[1] + 0xf61e2562, 5);
70 MD5STEP(F2, d, a, b, c, in[6] + 0xc040b340, 9);
71 MD5STEP(F2, c, d, a, b, in[11] + 0x265e5a51, 14);
72 MD5STEP(F2, b, c, d, a, in[0] + 0xe9b6c7aa, 20);
73 MD5STEP(F2, a, b, c, d, in[5] + 0xd62f105d, 5);
74 MD5STEP(F2, d, a, b, c, in[10] + 0x02441453, 9);
75 MD5STEP(F2, c, d, a, b, in[15] + 0xd8a1e681, 14);
76 MD5STEP(F2, b, c, d, a, in[4] + 0xe7d3fbc8, 20);
77 MD5STEP(F2, a, b, c, d, in[9] + 0x21e1cde6, 5);
78 MD5STEP(F2, d, a, b, c, in[14] + 0xc33707d6, 9);
79 MD5STEP(F2, c, d, a, b, in[3] + 0xf4d50d87, 14);
80 MD5STEP(F2, b, c, d, a, in[8] + 0x455a14ed, 20);
81 MD5STEP(F2, a, b, c, d, in[13] + 0xa9e3e905, 5);
82 MD5STEP(F2, d, a, b, c, in[2] + 0xfcefa3f8, 9);
83 MD5STEP(F2, c, d, a, b, in[7] + 0x676f02d9, 14);
84 MD5STEP(F2, b, c, d, a, in[12] + 0x8d2a4c8a, 20);
85
86 MD5STEP(F3, a, b, c, d, in[5] + 0xfffa3942, 4);
87 MD5STEP(F3, d, a, b, c, in[8] + 0x8771f681, 11);
88 MD5STEP(F3, c, d, a, b, in[11] + 0x6d9d6122, 16);
89 MD5STEP(F3, b, c, d, a, in[14] + 0xfde5380c, 23);
90 MD5STEP(F3, a, b, c, d, in[1] + 0xa4beea44, 4);
91 MD5STEP(F3, d, a, b, c, in[4] + 0x4bdecfa9, 11);
92 MD5STEP(F3, c, d, a, b, in[7] + 0xf6bb4b60, 16);
93 MD5STEP(F3, b, c, d, a, in[10] + 0xbebfbc70, 23);
94 MD5STEP(F3, a, b, c, d, in[13] + 0x289b7ec6, 4);
95 MD5STEP(F3, d, a, b, c, in[0] + 0xeaa127fa, 11);
96 MD5STEP(F3, c, d, a, b, in[3] + 0xd4ef3085, 16);
97 MD5STEP(F3, b, c, d, a, in[6] + 0x04881d05, 23);
98 MD5STEP(F3, a, b, c, d, in[9] + 0xd9d4d039, 4);
99 MD5STEP(F3, d, a, b, c, in[12] + 0xe6db99e5, 11);
100 MD5STEP(F3, c, d, a, b, in[15] + 0x1fa27cf8, 16);
101 MD5STEP(F3, b, c, d, a, in[2] + 0xc4ac5665, 23);
102
103 MD5STEP(F4, a, b, c, d, in[0] + 0xf4292244, 6);
104 MD5STEP(F4, d, a, b, c, in[7] + 0x432aff97, 10);
105 MD5STEP(F4, c, d, a, b, in[14] + 0xab9423a7, 15);
106 MD5STEP(F4, b, c, d, a, in[5] + 0xfc93a039, 21);
107 MD5STEP(F4, a, b, c, d, in[12] + 0x655b59c3, 6);
108 MD5STEP(F4, d, a, b, c, in[3] + 0x8f0ccc92, 10);
109 MD5STEP(F4, c, d, a, b, in[10] + 0xffeff47d, 15);
110 MD5STEP(F4, b, c, d, a, in[1] + 0x85845dd1, 21);
111 MD5STEP(F4, a, b, c, d, in[8] + 0x6fa87e4f, 6);
112 MD5STEP(F4, d, a, b, c, in[15] + 0xfe2ce6e0, 10);
113 MD5STEP(F4, c, d, a, b, in[6] + 0xa3014314, 15);
114 MD5STEP(F4, b, c, d, a, in[13] + 0x4e0811a1, 21);
115 MD5STEP(F4, a, b, c, d, in[4] + 0xf7537e82, 6);
116 MD5STEP(F4, d, a, b, c, in[11] + 0xbd3af235, 10);
117 MD5STEP(F4, c, d, a, b, in[2] + 0x2ad7d2bb, 15);
118 MD5STEP(F4, b, c, d, a, in[9] + 0xeb86d391, 21);
119
120 hash[0] += a;
121 hash[1] += b;
122 hash[2] += c;
123 hash[3] += d;
124}
125
126/* XXX: this stuff can be optimized */
127static inline void le32_to_cpu_array(u32 *buf, unsigned int words)
128{
129 while (words--) {
130 __le32_to_cpus(buf);
131 buf++;
132 }
133}
134
135static inline void cpu_to_le32_array(u32 *buf, unsigned int words)
136{
137 while (words--) {
138 __cpu_to_le32s(buf);
139 buf++;
140 }
141}
142
143static inline void md5_transform_helper(struct md5_ctx *ctx)
144{
145 le32_to_cpu_array(ctx->block, sizeof(ctx->block) / sizeof(u32));
146 md5_transform(ctx->hash, ctx->block);
147}
148
149static void md5_init(void *ctx)
150{
151 struct md5_ctx *mctx = ctx;
152
153 mctx->hash[0] = 0x67452301;
154 mctx->hash[1] = 0xefcdab89;
155 mctx->hash[2] = 0x98badcfe;
156 mctx->hash[3] = 0x10325476;
157 mctx->byte_count = 0;
158}
159
160static void md5_update(void *ctx, const u8 *data, unsigned int len)
161{
162 struct md5_ctx *mctx = ctx;
163 const u32 avail = sizeof(mctx->block) - (mctx->byte_count & 0x3f);
164
165 mctx->byte_count += len;
166
167 if (avail > len) {
168 memcpy((char *)mctx->block + (sizeof(mctx->block) - avail),
169 data, len);
170 return;
171 }
172
173 memcpy((char *)mctx->block + (sizeof(mctx->block) - avail),
174 data, avail);
175
176 md5_transform_helper(mctx);
177 data += avail;
178 len -= avail;
179
180 while (len >= sizeof(mctx->block)) {
181 memcpy(mctx->block, data, sizeof(mctx->block));
182 md5_transform_helper(mctx);
183 data += sizeof(mctx->block);
184 len -= sizeof(mctx->block);
185 }
186
187 memcpy(mctx->block, data, len);
188}
189
190static void md5_final(void *ctx, u8 *out)
191{
192 struct md5_ctx *mctx = ctx;
193 const unsigned int offset = mctx->byte_count & 0x3f;
194 char *p = (char *)mctx->block + offset;
195 int padding = 56 - (offset + 1);
196
197 *p++ = 0x80;
198 if (padding < 0) {
199 memset(p, 0x00, padding + sizeof (u64));
200 md5_transform_helper(mctx);
201 p = (char *)mctx->block;
202 padding = 56;
203 }
204
205 memset(p, 0, padding);
206 mctx->block[14] = mctx->byte_count << 3;
207 mctx->block[15] = mctx->byte_count >> 29;
208 le32_to_cpu_array(mctx->block, (sizeof(mctx->block) -
209 sizeof(u64)) / sizeof(u32));
210 md5_transform(mctx->hash, mctx->block);
211 cpu_to_le32_array(mctx->hash, sizeof(mctx->hash) / sizeof(u32));
212 memcpy(out, mctx->hash, sizeof(mctx->hash));
213 memset(mctx, 0, sizeof(*mctx));
214}
215
216static struct crypto_alg alg = {
217 .cra_name = "md5",
218 .cra_flags = CRYPTO_ALG_TYPE_DIGEST,
219 .cra_blocksize = MD5_HMAC_BLOCK_SIZE,
220 .cra_ctxsize = sizeof(struct md5_ctx),
221 .cra_module = THIS_MODULE,
222 .cra_list = LIST_HEAD_INIT(alg.cra_list),
223 .cra_u = { .digest = {
224 .dia_digestsize = MD5_DIGEST_SIZE,
225 .dia_init = md5_init,
226 .dia_update = md5_update,
227 .dia_final = md5_final } }
228};
229
230static int __init init(void)
231{
232 return crypto_register_alg(&alg);
233}
234
235static void __exit fini(void)
236{
237 crypto_unregister_alg(&alg);
238}
239
240module_init(init);
241module_exit(fini);
242
243MODULE_LICENSE("GPL");
244MODULE_DESCRIPTION("MD5 Message Digest Algorithm");
diff --git a/crypto/michael_mic.c b/crypto/michael_mic.c
new file mode 100644
index 000000000000..a470bcb3693e
--- /dev/null
+++ b/crypto/michael_mic.c
@@ -0,0 +1,181 @@
1/*
2 * Cryptographic API
3 *
4 * Michael MIC (IEEE 802.11i/TKIP) keyed digest
5 *
6 * Copyright (c) 2004 Jouni Malinen <jkmaline@cc.hut.fi>
7 *
8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License version 2 as
10 * published by the Free Software Foundation.
11 */
12
13#include <linux/init.h>
14#include <linux/module.h>
15#include <linux/string.h>
16#include <linux/crypto.h>
17
18
19struct michael_mic_ctx {
20 u8 pending[4];
21 size_t pending_len;
22
23 u32 l, r;
24};
25
26
27static inline u32 xswap(u32 val)
28{
29 return ((val & 0x00ff00ff) << 8) | ((val & 0xff00ff00) >> 8);
30}
31
32
33#define michael_block(l, r) \
34do { \
35 r ^= rol32(l, 17); \
36 l += r; \
37 r ^= xswap(l); \
38 l += r; \
39 r ^= rol32(l, 3); \
40 l += r; \
41 r ^= ror32(l, 2); \
42 l += r; \
43} while (0)
44
45
46static inline u32 get_le32(const u8 *p)
47{
48 return p[0] | (p[1] << 8) | (p[2] << 16) | (p[3] << 24);
49}
50
51
52static inline void put_le32(u8 *p, u32 v)
53{
54 p[0] = v;
55 p[1] = v >> 8;
56 p[2] = v >> 16;
57 p[3] = v >> 24;
58}
59
60
61static void michael_init(void *ctx)
62{
63 struct michael_mic_ctx *mctx = ctx;
64 mctx->pending_len = 0;
65}
66
67
68static void michael_update(void *ctx, const u8 *data, unsigned int len)
69{
70 struct michael_mic_ctx *mctx = ctx;
71
72 if (mctx->pending_len) {
73 int flen = 4 - mctx->pending_len;
74 if (flen > len)
75 flen = len;
76 memcpy(&mctx->pending[mctx->pending_len], data, flen);
77 mctx->pending_len += flen;
78 data += flen;
79 len -= flen;
80
81 if (mctx->pending_len < 4)
82 return;
83
84 mctx->l ^= get_le32(mctx->pending);
85 michael_block(mctx->l, mctx->r);
86 mctx->pending_len = 0;
87 }
88
89 while (len >= 4) {
90 mctx->l ^= get_le32(data);
91 michael_block(mctx->l, mctx->r);
92 data += 4;
93 len -= 4;
94 }
95
96 if (len > 0) {
97 mctx->pending_len = len;
98 memcpy(mctx->pending, data, len);
99 }
100}
101
102
103static void michael_final(void *ctx, u8 *out)
104{
105 struct michael_mic_ctx *mctx = ctx;
106 u8 *data = mctx->pending;
107
108 /* Last block and padding (0x5a, 4..7 x 0) */
109 switch (mctx->pending_len) {
110 case 0:
111 mctx->l ^= 0x5a;
112 break;
113 case 1:
114 mctx->l ^= data[0] | 0x5a00;
115 break;
116 case 2:
117 mctx->l ^= data[0] | (data[1] << 8) | 0x5a0000;
118 break;
119 case 3:
120 mctx->l ^= data[0] | (data[1] << 8) | (data[2] << 16) |
121 0x5a000000;
122 break;
123 }
124 michael_block(mctx->l, mctx->r);
125 /* l ^= 0; */
126 michael_block(mctx->l, mctx->r);
127
128 put_le32(out, mctx->l);
129 put_le32(out + 4, mctx->r);
130}
131
132
133static int michael_setkey(void *ctx, const u8 *key, unsigned int keylen,
134 u32 *flags)
135{
136 struct michael_mic_ctx *mctx = ctx;
137 if (keylen != 8) {
138 if (flags)
139 *flags = CRYPTO_TFM_RES_BAD_KEY_LEN;
140 return -EINVAL;
141 }
142 mctx->l = get_le32(key);
143 mctx->r = get_le32(key + 4);
144 return 0;
145}
146
147
148static struct crypto_alg michael_mic_alg = {
149 .cra_name = "michael_mic",
150 .cra_flags = CRYPTO_ALG_TYPE_DIGEST,
151 .cra_blocksize = 8,
152 .cra_ctxsize = sizeof(struct michael_mic_ctx),
153 .cra_module = THIS_MODULE,
154 .cra_list = LIST_HEAD_INIT(michael_mic_alg.cra_list),
155 .cra_u = { .digest = {
156 .dia_digestsize = 8,
157 .dia_init = michael_init,
158 .dia_update = michael_update,
159 .dia_final = michael_final,
160 .dia_setkey = michael_setkey } }
161};
162
163
164static int __init michael_mic_init(void)
165{
166 return crypto_register_alg(&michael_mic_alg);
167}
168
169
170static void __exit michael_mic_exit(void)
171{
172 crypto_unregister_alg(&michael_mic_alg);
173}
174
175
176module_init(michael_mic_init);
177module_exit(michael_mic_exit);
178
179MODULE_LICENSE("GPL v2");
180MODULE_DESCRIPTION("Michael MIC");
181MODULE_AUTHOR("Jouni Malinen <jkmaline@cc.hut.fi>");
diff --git a/crypto/proc.c b/crypto/proc.c
new file mode 100644
index 000000000000..630ba91c08f1
--- /dev/null
+++ b/crypto/proc.c
@@ -0,0 +1,112 @@
1/*
2 * Scatterlist Cryptographic API.
3 *
4 * Procfs information.
5 *
6 * Copyright (c) 2002 James Morris <jmorris@intercode.com.au>
7 *
8 * This program is free software; you can redistribute it and/or modify it
9 * under the terms of the GNU General Public License as published by the Free
10 * Software Foundation; either version 2 of the License, or (at your option)
11 * any later version.
12 *
13 */
14#include <linux/init.h>
15#include <linux/crypto.h>
16#include <linux/rwsem.h>
17#include <linux/proc_fs.h>
18#include <linux/seq_file.h>
19#include "internal.h"
20
21extern struct list_head crypto_alg_list;
22extern struct rw_semaphore crypto_alg_sem;
23
24static void *c_start(struct seq_file *m, loff_t *pos)
25{
26 struct list_head *v;
27 loff_t n = *pos;
28
29 down_read(&crypto_alg_sem);
30 list_for_each(v, &crypto_alg_list)
31 if (!n--)
32 return list_entry(v, struct crypto_alg, cra_list);
33 return NULL;
34}
35
36static void *c_next(struct seq_file *m, void *p, loff_t *pos)
37{
38 struct list_head *v = p;
39
40 (*pos)++;
41 v = v->next;
42 return (v == &crypto_alg_list) ?
43 NULL : list_entry(v, struct crypto_alg, cra_list);
44}
45
46static void c_stop(struct seq_file *m, void *p)
47{
48 up_read(&crypto_alg_sem);
49}
50
51static int c_show(struct seq_file *m, void *p)
52{
53 struct crypto_alg *alg = (struct crypto_alg *)p;
54
55 seq_printf(m, "name : %s\n", alg->cra_name);
56 seq_printf(m, "module : %s\n", module_name(alg->cra_module));
57
58 switch (alg->cra_flags & CRYPTO_ALG_TYPE_MASK) {
59 case CRYPTO_ALG_TYPE_CIPHER:
60 seq_printf(m, "type : cipher\n");
61 seq_printf(m, "blocksize : %u\n", alg->cra_blocksize);
62 seq_printf(m, "min keysize : %u\n",
63 alg->cra_cipher.cia_min_keysize);
64 seq_printf(m, "max keysize : %u\n",
65 alg->cra_cipher.cia_max_keysize);
66 break;
67
68 case CRYPTO_ALG_TYPE_DIGEST:
69 seq_printf(m, "type : digest\n");
70 seq_printf(m, "blocksize : %u\n", alg->cra_blocksize);
71 seq_printf(m, "digestsize : %u\n",
72 alg->cra_digest.dia_digestsize);
73 break;
74 case CRYPTO_ALG_TYPE_COMPRESS:
75 seq_printf(m, "type : compression\n");
76 break;
77 default:
78 seq_printf(m, "type : unknown\n");
79 break;
80 }
81
82 seq_putc(m, '\n');
83 return 0;
84}
85
86static struct seq_operations crypto_seq_ops = {
87 .start = c_start,
88 .next = c_next,
89 .stop = c_stop,
90 .show = c_show
91};
92
93static int crypto_info_open(struct inode *inode, struct file *file)
94{
95 return seq_open(file, &crypto_seq_ops);
96}
97
98static struct file_operations proc_crypto_ops = {
99 .open = crypto_info_open,
100 .read = seq_read,
101 .llseek = seq_lseek,
102 .release = seq_release
103};
104
105void __init crypto_init_proc(void)
106{
107 struct proc_dir_entry *proc;
108
109 proc = create_proc_entry("crypto", 0, NULL);
110 if (proc)
111 proc->proc_fops = &proc_crypto_ops;
112}
diff --git a/crypto/scatterwalk.c b/crypto/scatterwalk.c
new file mode 100644
index 000000000000..50c9461e8cc6
--- /dev/null
+++ b/crypto/scatterwalk.c
@@ -0,0 +1,115 @@
1/*
2 * Cryptographic API.
3 *
4 * Cipher operations.
5 *
6 * Copyright (c) 2002 James Morris <jmorris@intercode.com.au>
7 * 2002 Adam J. Richter <adam@yggdrasil.com>
8 * 2004 Jean-Luc Cooke <jlcooke@certainkey.com>
9 *
10 * This program is free software; you can redistribute it and/or modify it
11 * under the terms of the GNU General Public License as published by the Free
12 * Software Foundation; either version 2 of the License, or (at your option)
13 * any later version.
14 *
15 */
16#include <linux/kernel.h>
17#include <linux/mm.h>
18#include <linux/pagemap.h>
19#include <linux/highmem.h>
20#include <asm/bug.h>
21#include <asm/scatterlist.h>
22#include "internal.h"
23#include "scatterwalk.h"
24
25enum km_type crypto_km_types[] = {
26 KM_USER0,
27 KM_USER1,
28 KM_SOFTIRQ0,
29 KM_SOFTIRQ1,
30};
31
32static void memcpy_dir(void *buf, void *sgdata, size_t nbytes, int out)
33{
34 if (out)
35 memcpy(sgdata, buf, nbytes);
36 else
37 memcpy(buf, sgdata, nbytes);
38}
39
40void scatterwalk_start(struct scatter_walk *walk, struct scatterlist *sg)
41{
42 unsigned int rest_of_page;
43
44 walk->sg = sg;
45
46 walk->page = sg->page;
47 walk->len_this_segment = sg->length;
48
49 BUG_ON(!sg->length);
50
51 rest_of_page = PAGE_CACHE_SIZE - (sg->offset & (PAGE_CACHE_SIZE - 1));
52 walk->len_this_page = min(sg->length, rest_of_page);
53 walk->offset = sg->offset;
54}
55
56void scatterwalk_map(struct scatter_walk *walk, int out)
57{
58 walk->data = crypto_kmap(walk->page, out) + walk->offset;
59}
60
61static inline void scatterwalk_unmap(struct scatter_walk *walk, int out)
62{
63 /* walk->data may be pointing the first byte of the next page;
64 however, we know we transfered at least one byte. So,
65 walk->data - 1 will be a virtual address in the mapped page. */
66 crypto_kunmap(walk->data - 1, out);
67}
68
69static void scatterwalk_pagedone(struct scatter_walk *walk, int out,
70 unsigned int more)
71{
72 if (out)
73 flush_dcache_page(walk->page);
74
75 if (more) {
76 walk->len_this_segment -= walk->len_this_page;
77
78 if (walk->len_this_segment) {
79 walk->page++;
80 walk->len_this_page = min(walk->len_this_segment,
81 (unsigned)PAGE_CACHE_SIZE);
82 walk->offset = 0;
83 }
84 else
85 scatterwalk_start(walk, sg_next(walk->sg));
86 }
87}
88
89void scatterwalk_done(struct scatter_walk *walk, int out, int more)
90{
91 scatterwalk_unmap(walk, out);
92 if (walk->len_this_page == 0 || !more)
93 scatterwalk_pagedone(walk, out, more);
94}
95
96/*
97 * Do not call this unless the total length of all of the fragments
98 * has been verified as multiple of the block size.
99 */
100int scatterwalk_copychunks(void *buf, struct scatter_walk *walk,
101 size_t nbytes, int out)
102{
103 do {
104 memcpy_dir(buf, walk->data, walk->len_this_page, out);
105 buf += walk->len_this_page;
106 nbytes -= walk->len_this_page;
107
108 scatterwalk_unmap(walk, out);
109 scatterwalk_pagedone(walk, out, 1);
110 scatterwalk_map(walk, out);
111 } while (nbytes > walk->len_this_page);
112
113 memcpy_dir(buf, walk->data, nbytes, out);
114 return nbytes;
115}
diff --git a/crypto/scatterwalk.h b/crypto/scatterwalk.h
new file mode 100644
index 000000000000..02aa56c649b4
--- /dev/null
+++ b/crypto/scatterwalk.h
@@ -0,0 +1,63 @@
1/*
2 * Cryptographic API.
3 *
4 * Copyright (c) 2002 James Morris <jmorris@intercode.com.au>
5 * Copyright (c) 2002 Adam J. Richter <adam@yggdrasil.com>
6 * Copyright (c) 2004 Jean-Luc Cooke <jlcooke@certainkey.com>
7 *
8 * This program is free software; you can redistribute it and/or modify it
9 * under the terms of the GNU General Public License as published by the Free
10 * Software Foundation; either version 2 of the License, or (at your option)
11 * any later version.
12 *
13 */
14
15#ifndef _CRYPTO_SCATTERWALK_H
16#define _CRYPTO_SCATTERWALK_H
17#include <linux/mm.h>
18#include <asm/scatterlist.h>
19
20struct scatter_walk {
21 struct scatterlist *sg;
22 struct page *page;
23 void *data;
24 unsigned int len_this_page;
25 unsigned int len_this_segment;
26 unsigned int offset;
27};
28
29/* Define sg_next is an inline routine now in case we want to change
30 scatterlist to a linked list later. */
31static inline struct scatterlist *sg_next(struct scatterlist *sg)
32{
33 return sg + 1;
34}
35
36static inline int scatterwalk_samebuf(struct scatter_walk *walk_in,
37 struct scatter_walk *walk_out)
38{
39 return walk_in->page == walk_out->page &&
40 walk_in->offset == walk_out->offset;
41}
42
43static inline int scatterwalk_across_pages(struct scatter_walk *walk,
44 unsigned int nbytes)
45{
46 return nbytes > walk->len_this_page;
47}
48
49static inline void scatterwalk_advance(struct scatter_walk *walk,
50 unsigned int nbytes)
51{
52 walk->data += nbytes;
53 walk->offset += nbytes;
54 walk->len_this_page -= nbytes;
55 walk->len_this_segment -= nbytes;
56}
57
58void scatterwalk_start(struct scatter_walk *walk, struct scatterlist *sg);
59int scatterwalk_copychunks(void *buf, struct scatter_walk *walk, size_t nbytes, int out);
60void scatterwalk_map(struct scatter_walk *walk, int out);
61void scatterwalk_done(struct scatter_walk *walk, int out, int more);
62
63#endif /* _CRYPTO_SCATTERWALK_H */
diff --git a/crypto/serpent.c b/crypto/serpent.c
new file mode 100644
index 000000000000..7d152e89016f
--- /dev/null
+++ b/crypto/serpent.c
@@ -0,0 +1,593 @@
1/*
2 * Cryptographic API.
3 *
4 * Serpent Cipher Algorithm.
5 *
6 * Copyright (C) 2002 Dag Arne Osvik <osvik@ii.uib.no>
7 * 2003 Herbert Valerio Riedel <hvr@gnu.org>
8 *
9 * Added tnepres support: Ruben Jesus Garcia Hernandez <ruben@ugr.es>, 18.10.2004
10 * Based on code by hvr
11 *
12 * This program is free software; you can redistribute it and/or modify
13 * it under the terms of the GNU General Public License as published by
14 * the Free Software Foundation; either version 2 of the License, or
15 * (at your option) any later version.
16 */
17
18#include <linux/init.h>
19#include <linux/module.h>
20#include <linux/errno.h>
21#include <asm/byteorder.h>
22#include <linux/crypto.h>
23
24/* Key is padded to the maximum of 256 bits before round key generation.
25 * Any key length <= 256 bits (32 bytes) is allowed by the algorithm.
26 */
27
28#define SERPENT_MIN_KEY_SIZE 0
29#define SERPENT_MAX_KEY_SIZE 32
30#define SERPENT_EXPKEY_WORDS 132
31#define SERPENT_BLOCK_SIZE 16
32
33#define PHI 0x9e3779b9UL
34
35#define keyiter(a,b,c,d,i,j) \
36 b ^= d; b ^= c; b ^= a; b ^= PHI ^ i; b = rol32(b,11); k[j] = b;
37
38#define loadkeys(x0,x1,x2,x3,i) \
39 x0=k[i]; x1=k[i+1]; x2=k[i+2]; x3=k[i+3];
40
41#define storekeys(x0,x1,x2,x3,i) \
42 k[i]=x0; k[i+1]=x1; k[i+2]=x2; k[i+3]=x3;
43
44#define K(x0,x1,x2,x3,i) \
45 x3 ^= k[4*(i)+3]; x2 ^= k[4*(i)+2]; \
46 x1 ^= k[4*(i)+1]; x0 ^= k[4*(i)+0];
47
48#define LK(x0,x1,x2,x3,x4,i) \
49 x0=rol32(x0,13);\
50 x2=rol32(x2,3); x1 ^= x0; x4 = x0 << 3; \
51 x3 ^= x2; x1 ^= x2; \
52 x1=rol32(x1,1); x3 ^= x4; \
53 x3=rol32(x3,7); x4 = x1; \
54 x0 ^= x1; x4 <<= 7; x2 ^= x3; \
55 x0 ^= x3; x2 ^= x4; x3 ^= k[4*i+3]; \
56 x1 ^= k[4*i+1]; x0=rol32(x0,5); x2=rol32(x2,22);\
57 x0 ^= k[4*i+0]; x2 ^= k[4*i+2];
58
59#define KL(x0,x1,x2,x3,x4,i) \
60 x0 ^= k[4*i+0]; x1 ^= k[4*i+1]; x2 ^= k[4*i+2]; \
61 x3 ^= k[4*i+3]; x0=ror32(x0,5); x2=ror32(x2,22);\
62 x4 = x1; x2 ^= x3; x0 ^= x3; \
63 x4 <<= 7; x0 ^= x1; x1=ror32(x1,1); \
64 x2 ^= x4; x3=ror32(x3,7); x4 = x0 << 3; \
65 x1 ^= x0; x3 ^= x4; x0=ror32(x0,13);\
66 x1 ^= x2; x3 ^= x2; x2=ror32(x2,3);
67
68#define S0(x0,x1,x2,x3,x4) \
69 x4 = x3; \
70 x3 |= x0; x0 ^= x4; x4 ^= x2; \
71 x4 =~ x4; x3 ^= x1; x1 &= x0; \
72 x1 ^= x4; x2 ^= x0; x0 ^= x3; \
73 x4 |= x0; x0 ^= x2; x2 &= x1; \
74 x3 ^= x2; x1 =~ x1; x2 ^= x4; \
75 x1 ^= x2;
76
77#define S1(x0,x1,x2,x3,x4) \
78 x4 = x1; \
79 x1 ^= x0; x0 ^= x3; x3 =~ x3; \
80 x4 &= x1; x0 |= x1; x3 ^= x2; \
81 x0 ^= x3; x1 ^= x3; x3 ^= x4; \
82 x1 |= x4; x4 ^= x2; x2 &= x0; \
83 x2 ^= x1; x1 |= x0; x0 =~ x0; \
84 x0 ^= x2; x4 ^= x1;
85
86#define S2(x0,x1,x2,x3,x4) \
87 x3 =~ x3; \
88 x1 ^= x0; x4 = x0; x0 &= x2; \
89 x0 ^= x3; x3 |= x4; x2 ^= x1; \
90 x3 ^= x1; x1 &= x0; x0 ^= x2; \
91 x2 &= x3; x3 |= x1; x0 =~ x0; \
92 x3 ^= x0; x4 ^= x0; x0 ^= x2; \
93 x1 |= x2;
94
95#define S3(x0,x1,x2,x3,x4) \
96 x4 = x1; \
97 x1 ^= x3; x3 |= x0; x4 &= x0; \
98 x0 ^= x2; x2 ^= x1; x1 &= x3; \
99 x2 ^= x3; x0 |= x4; x4 ^= x3; \
100 x1 ^= x0; x0 &= x3; x3 &= x4; \
101 x3 ^= x2; x4 |= x1; x2 &= x1; \
102 x4 ^= x3; x0 ^= x3; x3 ^= x2;
103
104#define S4(x0,x1,x2,x3,x4) \
105 x4 = x3; \
106 x3 &= x0; x0 ^= x4; \
107 x3 ^= x2; x2 |= x4; x0 ^= x1; \
108 x4 ^= x3; x2 |= x0; \
109 x2 ^= x1; x1 &= x0; \
110 x1 ^= x4; x4 &= x2; x2 ^= x3; \
111 x4 ^= x0; x3 |= x1; x1 =~ x1; \
112 x3 ^= x0;
113
114#define S5(x0,x1,x2,x3,x4) \
115 x4 = x1; x1 |= x0; \
116 x2 ^= x1; x3 =~ x3; x4 ^= x0; \
117 x0 ^= x2; x1 &= x4; x4 |= x3; \
118 x4 ^= x0; x0 &= x3; x1 ^= x3; \
119 x3 ^= x2; x0 ^= x1; x2 &= x4; \
120 x1 ^= x2; x2 &= x0; \
121 x3 ^= x2;
122
123#define S6(x0,x1,x2,x3,x4) \
124 x4 = x1; \
125 x3 ^= x0; x1 ^= x2; x2 ^= x0; \
126 x0 &= x3; x1 |= x3; x4 =~ x4; \
127 x0 ^= x1; x1 ^= x2; \
128 x3 ^= x4; x4 ^= x0; x2 &= x0; \
129 x4 ^= x1; x2 ^= x3; x3 &= x1; \
130 x3 ^= x0; x1 ^= x2;
131
132#define S7(x0,x1,x2,x3,x4) \
133 x1 =~ x1; \
134 x4 = x1; x0 =~ x0; x1 &= x2; \
135 x1 ^= x3; x3 |= x4; x4 ^= x2; \
136 x2 ^= x3; x3 ^= x0; x0 |= x1; \
137 x2 &= x0; x0 ^= x4; x4 ^= x3; \
138 x3 &= x0; x4 ^= x1; \
139 x2 ^= x4; x3 ^= x1; x4 |= x0; \
140 x4 ^= x1;
141
142#define SI0(x0,x1,x2,x3,x4) \
143 x4 = x3; x1 ^= x0; \
144 x3 |= x1; x4 ^= x1; x0 =~ x0; \
145 x2 ^= x3; x3 ^= x0; x0 &= x1; \
146 x0 ^= x2; x2 &= x3; x3 ^= x4; \
147 x2 ^= x3; x1 ^= x3; x3 &= x0; \
148 x1 ^= x0; x0 ^= x2; x4 ^= x3;
149
150#define SI1(x0,x1,x2,x3,x4) \
151 x1 ^= x3; x4 = x0; \
152 x0 ^= x2; x2 =~ x2; x4 |= x1; \
153 x4 ^= x3; x3 &= x1; x1 ^= x2; \
154 x2 &= x4; x4 ^= x1; x1 |= x3; \
155 x3 ^= x0; x2 ^= x0; x0 |= x4; \
156 x2 ^= x4; x1 ^= x0; \
157 x4 ^= x1;
158
159#define SI2(x0,x1,x2,x3,x4) \
160 x2 ^= x1; x4 = x3; x3 =~ x3; \
161 x3 |= x2; x2 ^= x4; x4 ^= x0; \
162 x3 ^= x1; x1 |= x2; x2 ^= x0; \
163 x1 ^= x4; x4 |= x3; x2 ^= x3; \
164 x4 ^= x2; x2 &= x1; \
165 x2 ^= x3; x3 ^= x4; x4 ^= x0;
166
167#define SI3(x0,x1,x2,x3,x4) \
168 x2 ^= x1; \
169 x4 = x1; x1 &= x2; \
170 x1 ^= x0; x0 |= x4; x4 ^= x3; \
171 x0 ^= x3; x3 |= x1; x1 ^= x2; \
172 x1 ^= x3; x0 ^= x2; x2 ^= x3; \
173 x3 &= x1; x1 ^= x0; x0 &= x2; \
174 x4 ^= x3; x3 ^= x0; x0 ^= x1;
175
176#define SI4(x0,x1,x2,x3,x4) \
177 x2 ^= x3; x4 = x0; x0 &= x1; \
178 x0 ^= x2; x2 |= x3; x4 =~ x4; \
179 x1 ^= x0; x0 ^= x2; x2 &= x4; \
180 x2 ^= x0; x0 |= x4; \
181 x0 ^= x3; x3 &= x2; \
182 x4 ^= x3; x3 ^= x1; x1 &= x0; \
183 x4 ^= x1; x0 ^= x3;
184
185#define SI5(x0,x1,x2,x3,x4) \
186 x4 = x1; x1 |= x2; \
187 x2 ^= x4; x1 ^= x3; x3 &= x4; \
188 x2 ^= x3; x3 |= x0; x0 =~ x0; \
189 x3 ^= x2; x2 |= x0; x4 ^= x1; \
190 x2 ^= x4; x4 &= x0; x0 ^= x1; \
191 x1 ^= x3; x0 &= x2; x2 ^= x3; \
192 x0 ^= x2; x2 ^= x4; x4 ^= x3;
193
194#define SI6(x0,x1,x2,x3,x4) \
195 x0 ^= x2; \
196 x4 = x0; x0 &= x3; x2 ^= x3; \
197 x0 ^= x2; x3 ^= x1; x2 |= x4; \
198 x2 ^= x3; x3 &= x0; x0 =~ x0; \
199 x3 ^= x1; x1 &= x2; x4 ^= x0; \
200 x3 ^= x4; x4 ^= x2; x0 ^= x1; \
201 x2 ^= x0;
202
203#define SI7(x0,x1,x2,x3,x4) \
204 x4 = x3; x3 &= x0; x0 ^= x2; \
205 x2 |= x4; x4 ^= x1; x0 =~ x0; \
206 x1 |= x3; x4 ^= x0; x0 &= x2; \
207 x0 ^= x1; x1 &= x2; x3 ^= x2; \
208 x4 ^= x3; x2 &= x3; x3 |= x0; \
209 x1 ^= x4; x3 ^= x4; x4 &= x0; \
210 x4 ^= x2;
211
212struct serpent_ctx {
213 u8 iv[SERPENT_BLOCK_SIZE];
214 u32 expkey[SERPENT_EXPKEY_WORDS];
215};
216
217
218static int serpent_setkey(void *ctx, const u8 *key, unsigned int keylen, u32 *flags)
219{
220 u32 *k = ((struct serpent_ctx *)ctx)->expkey;
221 u8 *k8 = (u8 *)k;
222 u32 r0,r1,r2,r3,r4;
223 int i;
224
225 if ((keylen < SERPENT_MIN_KEY_SIZE)
226 || (keylen > SERPENT_MAX_KEY_SIZE))
227 {
228 *flags |= CRYPTO_TFM_RES_BAD_KEY_LEN;
229 return -EINVAL;
230 }
231
232 /* Copy key, add padding */
233
234 for (i = 0; i < keylen; ++i)
235 k8[i] = key[i];
236 if (i < SERPENT_MAX_KEY_SIZE)
237 k8[i++] = 1;
238 while (i < SERPENT_MAX_KEY_SIZE)
239 k8[i++] = 0;
240
241 /* Expand key using polynomial */
242
243 r0 = le32_to_cpu(k[3]);
244 r1 = le32_to_cpu(k[4]);
245 r2 = le32_to_cpu(k[5]);
246 r3 = le32_to_cpu(k[6]);
247 r4 = le32_to_cpu(k[7]);
248
249 keyiter(le32_to_cpu(k[0]),r0,r4,r2,0,0);
250 keyiter(le32_to_cpu(k[1]),r1,r0,r3,1,1);
251 keyiter(le32_to_cpu(k[2]),r2,r1,r4,2,2);
252 keyiter(le32_to_cpu(k[3]),r3,r2,r0,3,3);
253 keyiter(le32_to_cpu(k[4]),r4,r3,r1,4,4);
254 keyiter(le32_to_cpu(k[5]),r0,r4,r2,5,5);
255 keyiter(le32_to_cpu(k[6]),r1,r0,r3,6,6);
256 keyiter(le32_to_cpu(k[7]),r2,r1,r4,7,7);
257
258 keyiter(k[ 0],r3,r2,r0, 8, 8); keyiter(k[ 1],r4,r3,r1, 9, 9);
259 keyiter(k[ 2],r0,r4,r2, 10, 10); keyiter(k[ 3],r1,r0,r3, 11, 11);
260 keyiter(k[ 4],r2,r1,r4, 12, 12); keyiter(k[ 5],r3,r2,r0, 13, 13);
261 keyiter(k[ 6],r4,r3,r1, 14, 14); keyiter(k[ 7],r0,r4,r2, 15, 15);
262 keyiter(k[ 8],r1,r0,r3, 16, 16); keyiter(k[ 9],r2,r1,r4, 17, 17);
263 keyiter(k[ 10],r3,r2,r0, 18, 18); keyiter(k[ 11],r4,r3,r1, 19, 19);
264 keyiter(k[ 12],r0,r4,r2, 20, 20); keyiter(k[ 13],r1,r0,r3, 21, 21);
265 keyiter(k[ 14],r2,r1,r4, 22, 22); keyiter(k[ 15],r3,r2,r0, 23, 23);
266 keyiter(k[ 16],r4,r3,r1, 24, 24); keyiter(k[ 17],r0,r4,r2, 25, 25);
267 keyiter(k[ 18],r1,r0,r3, 26, 26); keyiter(k[ 19],r2,r1,r4, 27, 27);
268 keyiter(k[ 20],r3,r2,r0, 28, 28); keyiter(k[ 21],r4,r3,r1, 29, 29);
269 keyiter(k[ 22],r0,r4,r2, 30, 30); keyiter(k[ 23],r1,r0,r3, 31, 31);
270
271 k += 50;
272
273 keyiter(k[-26],r2,r1,r4, 32,-18); keyiter(k[-25],r3,r2,r0, 33,-17);
274 keyiter(k[-24],r4,r3,r1, 34,-16); keyiter(k[-23],r0,r4,r2, 35,-15);
275 keyiter(k[-22],r1,r0,r3, 36,-14); keyiter(k[-21],r2,r1,r4, 37,-13);
276 keyiter(k[-20],r3,r2,r0, 38,-12); keyiter(k[-19],r4,r3,r1, 39,-11);
277 keyiter(k[-18],r0,r4,r2, 40,-10); keyiter(k[-17],r1,r0,r3, 41, -9);
278 keyiter(k[-16],r2,r1,r4, 42, -8); keyiter(k[-15],r3,r2,r0, 43, -7);
279 keyiter(k[-14],r4,r3,r1, 44, -6); keyiter(k[-13],r0,r4,r2, 45, -5);
280 keyiter(k[-12],r1,r0,r3, 46, -4); keyiter(k[-11],r2,r1,r4, 47, -3);
281 keyiter(k[-10],r3,r2,r0, 48, -2); keyiter(k[ -9],r4,r3,r1, 49, -1);
282 keyiter(k[ -8],r0,r4,r2, 50, 0); keyiter(k[ -7],r1,r0,r3, 51, 1);
283 keyiter(k[ -6],r2,r1,r4, 52, 2); keyiter(k[ -5],r3,r2,r0, 53, 3);
284 keyiter(k[ -4],r4,r3,r1, 54, 4); keyiter(k[ -3],r0,r4,r2, 55, 5);
285 keyiter(k[ -2],r1,r0,r3, 56, 6); keyiter(k[ -1],r2,r1,r4, 57, 7);
286 keyiter(k[ 0],r3,r2,r0, 58, 8); keyiter(k[ 1],r4,r3,r1, 59, 9);
287 keyiter(k[ 2],r0,r4,r2, 60, 10); keyiter(k[ 3],r1,r0,r3, 61, 11);
288 keyiter(k[ 4],r2,r1,r4, 62, 12); keyiter(k[ 5],r3,r2,r0, 63, 13);
289 keyiter(k[ 6],r4,r3,r1, 64, 14); keyiter(k[ 7],r0,r4,r2, 65, 15);
290 keyiter(k[ 8],r1,r0,r3, 66, 16); keyiter(k[ 9],r2,r1,r4, 67, 17);
291 keyiter(k[ 10],r3,r2,r0, 68, 18); keyiter(k[ 11],r4,r3,r1, 69, 19);
292 keyiter(k[ 12],r0,r4,r2, 70, 20); keyiter(k[ 13],r1,r0,r3, 71, 21);
293 keyiter(k[ 14],r2,r1,r4, 72, 22); keyiter(k[ 15],r3,r2,r0, 73, 23);
294 keyiter(k[ 16],r4,r3,r1, 74, 24); keyiter(k[ 17],r0,r4,r2, 75, 25);
295 keyiter(k[ 18],r1,r0,r3, 76, 26); keyiter(k[ 19],r2,r1,r4, 77, 27);
296 keyiter(k[ 20],r3,r2,r0, 78, 28); keyiter(k[ 21],r4,r3,r1, 79, 29);
297 keyiter(k[ 22],r0,r4,r2, 80, 30); keyiter(k[ 23],r1,r0,r3, 81, 31);
298
299 k += 50;
300
301 keyiter(k[-26],r2,r1,r4, 82,-18); keyiter(k[-25],r3,r2,r0, 83,-17);
302 keyiter(k[-24],r4,r3,r1, 84,-16); keyiter(k[-23],r0,r4,r2, 85,-15);
303 keyiter(k[-22],r1,r0,r3, 86,-14); keyiter(k[-21],r2,r1,r4, 87,-13);
304 keyiter(k[-20],r3,r2,r0, 88,-12); keyiter(k[-19],r4,r3,r1, 89,-11);
305 keyiter(k[-18],r0,r4,r2, 90,-10); keyiter(k[-17],r1,r0,r3, 91, -9);
306 keyiter(k[-16],r2,r1,r4, 92, -8); keyiter(k[-15],r3,r2,r0, 93, -7);
307 keyiter(k[-14],r4,r3,r1, 94, -6); keyiter(k[-13],r0,r4,r2, 95, -5);
308 keyiter(k[-12],r1,r0,r3, 96, -4); keyiter(k[-11],r2,r1,r4, 97, -3);
309 keyiter(k[-10],r3,r2,r0, 98, -2); keyiter(k[ -9],r4,r3,r1, 99, -1);
310 keyiter(k[ -8],r0,r4,r2,100, 0); keyiter(k[ -7],r1,r0,r3,101, 1);
311 keyiter(k[ -6],r2,r1,r4,102, 2); keyiter(k[ -5],r3,r2,r0,103, 3);
312 keyiter(k[ -4],r4,r3,r1,104, 4); keyiter(k[ -3],r0,r4,r2,105, 5);
313 keyiter(k[ -2],r1,r0,r3,106, 6); keyiter(k[ -1],r2,r1,r4,107, 7);
314 keyiter(k[ 0],r3,r2,r0,108, 8); keyiter(k[ 1],r4,r3,r1,109, 9);
315 keyiter(k[ 2],r0,r4,r2,110, 10); keyiter(k[ 3],r1,r0,r3,111, 11);
316 keyiter(k[ 4],r2,r1,r4,112, 12); keyiter(k[ 5],r3,r2,r0,113, 13);
317 keyiter(k[ 6],r4,r3,r1,114, 14); keyiter(k[ 7],r0,r4,r2,115, 15);
318 keyiter(k[ 8],r1,r0,r3,116, 16); keyiter(k[ 9],r2,r1,r4,117, 17);
319 keyiter(k[ 10],r3,r2,r0,118, 18); keyiter(k[ 11],r4,r3,r1,119, 19);
320 keyiter(k[ 12],r0,r4,r2,120, 20); keyiter(k[ 13],r1,r0,r3,121, 21);
321 keyiter(k[ 14],r2,r1,r4,122, 22); keyiter(k[ 15],r3,r2,r0,123, 23);
322 keyiter(k[ 16],r4,r3,r1,124, 24); keyiter(k[ 17],r0,r4,r2,125, 25);
323 keyiter(k[ 18],r1,r0,r3,126, 26); keyiter(k[ 19],r2,r1,r4,127, 27);
324 keyiter(k[ 20],r3,r2,r0,128, 28); keyiter(k[ 21],r4,r3,r1,129, 29);
325 keyiter(k[ 22],r0,r4,r2,130, 30); keyiter(k[ 23],r1,r0,r3,131, 31);
326
327 /* Apply S-boxes */
328
329 S3(r3,r4,r0,r1,r2); storekeys(r1,r2,r4,r3, 28); loadkeys(r1,r2,r4,r3, 24);
330 S4(r1,r2,r4,r3,r0); storekeys(r2,r4,r3,r0, 24); loadkeys(r2,r4,r3,r0, 20);
331 S5(r2,r4,r3,r0,r1); storekeys(r1,r2,r4,r0, 20); loadkeys(r1,r2,r4,r0, 16);
332 S6(r1,r2,r4,r0,r3); storekeys(r4,r3,r2,r0, 16); loadkeys(r4,r3,r2,r0, 12);
333 S7(r4,r3,r2,r0,r1); storekeys(r1,r2,r0,r4, 12); loadkeys(r1,r2,r0,r4, 8);
334 S0(r1,r2,r0,r4,r3); storekeys(r0,r2,r4,r1, 8); loadkeys(r0,r2,r4,r1, 4);
335 S1(r0,r2,r4,r1,r3); storekeys(r3,r4,r1,r0, 4); loadkeys(r3,r4,r1,r0, 0);
336 S2(r3,r4,r1,r0,r2); storekeys(r2,r4,r3,r0, 0); loadkeys(r2,r4,r3,r0, -4);
337 S3(r2,r4,r3,r0,r1); storekeys(r0,r1,r4,r2, -4); loadkeys(r0,r1,r4,r2, -8);
338 S4(r0,r1,r4,r2,r3); storekeys(r1,r4,r2,r3, -8); loadkeys(r1,r4,r2,r3,-12);
339 S5(r1,r4,r2,r3,r0); storekeys(r0,r1,r4,r3,-12); loadkeys(r0,r1,r4,r3,-16);
340 S6(r0,r1,r4,r3,r2); storekeys(r4,r2,r1,r3,-16); loadkeys(r4,r2,r1,r3,-20);
341 S7(r4,r2,r1,r3,r0); storekeys(r0,r1,r3,r4,-20); loadkeys(r0,r1,r3,r4,-24);
342 S0(r0,r1,r3,r4,r2); storekeys(r3,r1,r4,r0,-24); loadkeys(r3,r1,r4,r0,-28);
343 k -= 50;
344 S1(r3,r1,r4,r0,r2); storekeys(r2,r4,r0,r3, 22); loadkeys(r2,r4,r0,r3, 18);
345 S2(r2,r4,r0,r3,r1); storekeys(r1,r4,r2,r3, 18); loadkeys(r1,r4,r2,r3, 14);
346 S3(r1,r4,r2,r3,r0); storekeys(r3,r0,r4,r1, 14); loadkeys(r3,r0,r4,r1, 10);
347 S4(r3,r0,r4,r1,r2); storekeys(r0,r4,r1,r2, 10); loadkeys(r0,r4,r1,r2, 6);
348 S5(r0,r4,r1,r2,r3); storekeys(r3,r0,r4,r2, 6); loadkeys(r3,r0,r4,r2, 2);
349 S6(r3,r0,r4,r2,r1); storekeys(r4,r1,r0,r2, 2); loadkeys(r4,r1,r0,r2, -2);
350 S7(r4,r1,r0,r2,r3); storekeys(r3,r0,r2,r4, -2); loadkeys(r3,r0,r2,r4, -6);
351 S0(r3,r0,r2,r4,r1); storekeys(r2,r0,r4,r3, -6); loadkeys(r2,r0,r4,r3,-10);
352 S1(r2,r0,r4,r3,r1); storekeys(r1,r4,r3,r2,-10); loadkeys(r1,r4,r3,r2,-14);
353 S2(r1,r4,r3,r2,r0); storekeys(r0,r4,r1,r2,-14); loadkeys(r0,r4,r1,r2,-18);
354 S3(r0,r4,r1,r2,r3); storekeys(r2,r3,r4,r0,-18); loadkeys(r2,r3,r4,r0,-22);
355 k -= 50;
356 S4(r2,r3,r4,r0,r1); storekeys(r3,r4,r0,r1, 28); loadkeys(r3,r4,r0,r1, 24);
357 S5(r3,r4,r0,r1,r2); storekeys(r2,r3,r4,r1, 24); loadkeys(r2,r3,r4,r1, 20);
358 S6(r2,r3,r4,r1,r0); storekeys(r4,r0,r3,r1, 20); loadkeys(r4,r0,r3,r1, 16);
359 S7(r4,r0,r3,r1,r2); storekeys(r2,r3,r1,r4, 16); loadkeys(r2,r3,r1,r4, 12);
360 S0(r2,r3,r1,r4,r0); storekeys(r1,r3,r4,r2, 12); loadkeys(r1,r3,r4,r2, 8);
361 S1(r1,r3,r4,r2,r0); storekeys(r0,r4,r2,r1, 8); loadkeys(r0,r4,r2,r1, 4);
362 S2(r0,r4,r2,r1,r3); storekeys(r3,r4,r0,r1, 4); loadkeys(r3,r4,r0,r1, 0);
363 S3(r3,r4,r0,r1,r2); storekeys(r1,r2,r4,r3, 0);
364
365 return 0;
366}
367
368static void serpent_encrypt(void *ctx, u8 *dst, const u8 *src)
369{
370 const u32
371 *k = ((struct serpent_ctx *)ctx)->expkey,
372 *s = (const u32 *)src;
373 u32 *d = (u32 *)dst,
374 r0, r1, r2, r3, r4;
375
376/*
377 * Note: The conversions between u8* and u32* might cause trouble
378 * on architectures with stricter alignment rules than x86
379 */
380
381 r0 = le32_to_cpu(s[0]);
382 r1 = le32_to_cpu(s[1]);
383 r2 = le32_to_cpu(s[2]);
384 r3 = le32_to_cpu(s[3]);
385
386 K(r0,r1,r2,r3,0);
387 S0(r0,r1,r2,r3,r4); LK(r2,r1,r3,r0,r4,1);
388 S1(r2,r1,r3,r0,r4); LK(r4,r3,r0,r2,r1,2);
389 S2(r4,r3,r0,r2,r1); LK(r1,r3,r4,r2,r0,3);
390 S3(r1,r3,r4,r2,r0); LK(r2,r0,r3,r1,r4,4);
391 S4(r2,r0,r3,r1,r4); LK(r0,r3,r1,r4,r2,5);
392 S5(r0,r3,r1,r4,r2); LK(r2,r0,r3,r4,r1,6);
393 S6(r2,r0,r3,r4,r1); LK(r3,r1,r0,r4,r2,7);
394 S7(r3,r1,r0,r4,r2); LK(r2,r0,r4,r3,r1,8);
395 S0(r2,r0,r4,r3,r1); LK(r4,r0,r3,r2,r1,9);
396 S1(r4,r0,r3,r2,r1); LK(r1,r3,r2,r4,r0,10);
397 S2(r1,r3,r2,r4,r0); LK(r0,r3,r1,r4,r2,11);
398 S3(r0,r3,r1,r4,r2); LK(r4,r2,r3,r0,r1,12);
399 S4(r4,r2,r3,r0,r1); LK(r2,r3,r0,r1,r4,13);
400 S5(r2,r3,r0,r1,r4); LK(r4,r2,r3,r1,r0,14);
401 S6(r4,r2,r3,r1,r0); LK(r3,r0,r2,r1,r4,15);
402 S7(r3,r0,r2,r1,r4); LK(r4,r2,r1,r3,r0,16);
403 S0(r4,r2,r1,r3,r0); LK(r1,r2,r3,r4,r0,17);
404 S1(r1,r2,r3,r4,r0); LK(r0,r3,r4,r1,r2,18);
405 S2(r0,r3,r4,r1,r2); LK(r2,r3,r0,r1,r4,19);
406 S3(r2,r3,r0,r1,r4); LK(r1,r4,r3,r2,r0,20);
407 S4(r1,r4,r3,r2,r0); LK(r4,r3,r2,r0,r1,21);
408 S5(r4,r3,r2,r0,r1); LK(r1,r4,r3,r0,r2,22);
409 S6(r1,r4,r3,r0,r2); LK(r3,r2,r4,r0,r1,23);
410 S7(r3,r2,r4,r0,r1); LK(r1,r4,r0,r3,r2,24);
411 S0(r1,r4,r0,r3,r2); LK(r0,r4,r3,r1,r2,25);
412 S1(r0,r4,r3,r1,r2); LK(r2,r3,r1,r0,r4,26);
413 S2(r2,r3,r1,r0,r4); LK(r4,r3,r2,r0,r1,27);
414 S3(r4,r3,r2,r0,r1); LK(r0,r1,r3,r4,r2,28);
415 S4(r0,r1,r3,r4,r2); LK(r1,r3,r4,r2,r0,29);
416 S5(r1,r3,r4,r2,r0); LK(r0,r1,r3,r2,r4,30);
417 S6(r0,r1,r3,r2,r4); LK(r3,r4,r1,r2,r0,31);
418 S7(r3,r4,r1,r2,r0); K(r0,r1,r2,r3,32);
419
420 d[0] = cpu_to_le32(r0);
421 d[1] = cpu_to_le32(r1);
422 d[2] = cpu_to_le32(r2);
423 d[3] = cpu_to_le32(r3);
424}
425
426static void serpent_decrypt(void *ctx, u8 *dst, const u8 *src)
427{
428 const u32
429 *k = ((struct serpent_ctx *)ctx)->expkey,
430 *s = (const u32 *)src;
431 u32 *d = (u32 *)dst,
432 r0, r1, r2, r3, r4;
433
434 r0 = le32_to_cpu(s[0]);
435 r1 = le32_to_cpu(s[1]);
436 r2 = le32_to_cpu(s[2]);
437 r3 = le32_to_cpu(s[3]);
438
439 K(r0,r1,r2,r3,32);
440 SI7(r0,r1,r2,r3,r4); KL(r1,r3,r0,r4,r2,31);
441 SI6(r1,r3,r0,r4,r2); KL(r0,r2,r4,r1,r3,30);
442 SI5(r0,r2,r4,r1,r3); KL(r2,r3,r0,r4,r1,29);
443 SI4(r2,r3,r0,r4,r1); KL(r2,r0,r1,r4,r3,28);
444 SI3(r2,r0,r1,r4,r3); KL(r1,r2,r3,r4,r0,27);
445 SI2(r1,r2,r3,r4,r0); KL(r2,r0,r4,r3,r1,26);
446 SI1(r2,r0,r4,r3,r1); KL(r1,r0,r4,r3,r2,25);
447 SI0(r1,r0,r4,r3,r2); KL(r4,r2,r0,r1,r3,24);
448 SI7(r4,r2,r0,r1,r3); KL(r2,r1,r4,r3,r0,23);
449 SI6(r2,r1,r4,r3,r0); KL(r4,r0,r3,r2,r1,22);
450 SI5(r4,r0,r3,r2,r1); KL(r0,r1,r4,r3,r2,21);
451 SI4(r0,r1,r4,r3,r2); KL(r0,r4,r2,r3,r1,20);
452 SI3(r0,r4,r2,r3,r1); KL(r2,r0,r1,r3,r4,19);
453 SI2(r2,r0,r1,r3,r4); KL(r0,r4,r3,r1,r2,18);
454 SI1(r0,r4,r3,r1,r2); KL(r2,r4,r3,r1,r0,17);
455 SI0(r2,r4,r3,r1,r0); KL(r3,r0,r4,r2,r1,16);
456 SI7(r3,r0,r4,r2,r1); KL(r0,r2,r3,r1,r4,15);
457 SI6(r0,r2,r3,r1,r4); KL(r3,r4,r1,r0,r2,14);
458 SI5(r3,r4,r1,r0,r2); KL(r4,r2,r3,r1,r0,13);
459 SI4(r4,r2,r3,r1,r0); KL(r4,r3,r0,r1,r2,12);
460 SI3(r4,r3,r0,r1,r2); KL(r0,r4,r2,r1,r3,11);
461 SI2(r0,r4,r2,r1,r3); KL(r4,r3,r1,r2,r0,10);
462 SI1(r4,r3,r1,r2,r0); KL(r0,r3,r1,r2,r4,9);
463 SI0(r0,r3,r1,r2,r4); KL(r1,r4,r3,r0,r2,8);
464 SI7(r1,r4,r3,r0,r2); KL(r4,r0,r1,r2,r3,7);
465 SI6(r4,r0,r1,r2,r3); KL(r1,r3,r2,r4,r0,6);
466 SI5(r1,r3,r2,r4,r0); KL(r3,r0,r1,r2,r4,5);
467 SI4(r3,r0,r1,r2,r4); KL(r3,r1,r4,r2,r0,4);
468 SI3(r3,r1,r4,r2,r0); KL(r4,r3,r0,r2,r1,3);
469 SI2(r4,r3,r0,r2,r1); KL(r3,r1,r2,r0,r4,2);
470 SI1(r3,r1,r2,r0,r4); KL(r4,r1,r2,r0,r3,1);
471 SI0(r4,r1,r2,r0,r3); K(r2,r3,r1,r4,0);
472
473 d[0] = cpu_to_le32(r2);
474 d[1] = cpu_to_le32(r3);
475 d[2] = cpu_to_le32(r1);
476 d[3] = cpu_to_le32(r4);
477}
478
479static struct crypto_alg serpent_alg = {
480 .cra_name = "serpent",
481 .cra_flags = CRYPTO_ALG_TYPE_CIPHER,
482 .cra_blocksize = SERPENT_BLOCK_SIZE,
483 .cra_ctxsize = sizeof(struct serpent_ctx),
484 .cra_module = THIS_MODULE,
485 .cra_list = LIST_HEAD_INIT(serpent_alg.cra_list),
486 .cra_u = { .cipher = {
487 .cia_min_keysize = SERPENT_MIN_KEY_SIZE,
488 .cia_max_keysize = SERPENT_MAX_KEY_SIZE,
489 .cia_setkey = serpent_setkey,
490 .cia_encrypt = serpent_encrypt,
491 .cia_decrypt = serpent_decrypt } }
492};
493
494static int tnepres_setkey(void *ctx, const u8 *key, unsigned int keylen, u32 *flags)
495{
496 u8 rev_key[SERPENT_MAX_KEY_SIZE];
497 int i;
498
499 if ((keylen < SERPENT_MIN_KEY_SIZE)
500 || (keylen > SERPENT_MAX_KEY_SIZE)) {
501 *flags |= CRYPTO_TFM_RES_BAD_KEY_LEN;
502 return -EINVAL;
503 }
504
505 for (i = 0; i < keylen; ++i)
506 rev_key[keylen - i - 1] = key[i];
507
508 return serpent_setkey(ctx, rev_key, keylen, flags);
509}
510
511static void tnepres_encrypt(void *ctx, u8 *dst, const u8 *src)
512{
513 const u32 * const s = (const u32 * const)src;
514 u32 * const d = (u32 * const)dst;
515
516 u32 rs[4], rd[4];
517
518 rs[0] = swab32(s[3]);
519 rs[1] = swab32(s[2]);
520 rs[2] = swab32(s[1]);
521 rs[3] = swab32(s[0]);
522
523 serpent_encrypt(ctx, (u8 *)rd, (u8 *)rs);
524
525 d[0] = swab32(rd[3]);
526 d[1] = swab32(rd[2]);
527 d[2] = swab32(rd[1]);
528 d[3] = swab32(rd[0]);
529}
530
531static void tnepres_decrypt(void *ctx, u8 *dst, const u8 *src)
532{
533 const u32 * const s = (const u32 * const)src;
534 u32 * const d = (u32 * const)dst;
535
536 u32 rs[4], rd[4];
537
538 rs[0] = swab32(s[3]);
539 rs[1] = swab32(s[2]);
540 rs[2] = swab32(s[1]);
541 rs[3] = swab32(s[0]);
542
543 serpent_decrypt(ctx, (u8 *)rd, (u8 *)rs);
544
545 d[0] = swab32(rd[3]);
546 d[1] = swab32(rd[2]);
547 d[2] = swab32(rd[1]);
548 d[3] = swab32(rd[0]);
549}
550
551static struct crypto_alg tnepres_alg = {
552 .cra_name = "tnepres",
553 .cra_flags = CRYPTO_ALG_TYPE_CIPHER,
554 .cra_blocksize = SERPENT_BLOCK_SIZE,
555 .cra_ctxsize = sizeof(struct serpent_ctx),
556 .cra_module = THIS_MODULE,
557 .cra_list = LIST_HEAD_INIT(serpent_alg.cra_list),
558 .cra_u = { .cipher = {
559 .cia_min_keysize = SERPENT_MIN_KEY_SIZE,
560 .cia_max_keysize = SERPENT_MAX_KEY_SIZE,
561 .cia_setkey = tnepres_setkey,
562 .cia_encrypt = tnepres_encrypt,
563 .cia_decrypt = tnepres_decrypt } }
564};
565
566static int __init init(void)
567{
568 int ret = crypto_register_alg(&serpent_alg);
569
570 if (ret)
571 return ret;
572
573 ret = crypto_register_alg(&tnepres_alg);
574
575 if (ret)
576 crypto_unregister_alg(&serpent_alg);
577
578 return ret;
579}
580
581static void __exit fini(void)
582{
583 crypto_unregister_alg(&tnepres_alg);
584 crypto_unregister_alg(&serpent_alg);
585}
586
587module_init(init);
588module_exit(fini);
589
590MODULE_LICENSE("GPL");
591MODULE_DESCRIPTION("Serpent and tnepres (kerneli compatible serpent reversed) Cipher Algorithm");
592MODULE_AUTHOR("Dag Arne Osvik <osvik@ii.uib.no>");
593MODULE_ALIAS("tnepres");
diff --git a/crypto/sha1.c b/crypto/sha1.c
new file mode 100644
index 000000000000..4016f3b8ce9b
--- /dev/null
+++ b/crypto/sha1.c
@@ -0,0 +1,139 @@
1/*
2 * Cryptographic API.
3 *
4 * SHA1 Secure Hash Algorithm.
5 *
6 * Derived from cryptoapi implementation, adapted for in-place
7 * scatterlist interface.
8 *
9 * Copyright (c) Alan Smithee.
10 * Copyright (c) Andrew McDonald <andrew@mcdonald.org.uk>
11 * Copyright (c) Jean-Francois Dive <jef@linuxbe.org>
12 *
13 * This program is free software; you can redistribute it and/or modify it
14 * under the terms of the GNU General Public License as published by the Free
15 * Software Foundation; either version 2 of the License, or (at your option)
16 * any later version.
17 *
18 */
19#include <linux/init.h>
20#include <linux/module.h>
21#include <linux/mm.h>
22#include <linux/crypto.h>
23#include <linux/cryptohash.h>
24#include <asm/scatterlist.h>
25#include <asm/byteorder.h>
26
27#define SHA1_DIGEST_SIZE 20
28#define SHA1_HMAC_BLOCK_SIZE 64
29
30struct sha1_ctx {
31 u64 count;
32 u32 state[5];
33 u8 buffer[64];
34};
35
36static void sha1_init(void *ctx)
37{
38 struct sha1_ctx *sctx = ctx;
39 static const struct sha1_ctx initstate = {
40 0,
41 { 0x67452301, 0xEFCDAB89, 0x98BADCFE, 0x10325476, 0xC3D2E1F0 },
42 { 0, }
43 };
44
45 *sctx = initstate;
46}
47
48static void sha1_update(void *ctx, const u8 *data, unsigned int len)
49{
50 struct sha1_ctx *sctx = ctx;
51 unsigned int i, j;
52 u32 temp[SHA_WORKSPACE_WORDS];
53
54 j = (sctx->count >> 3) & 0x3f;
55 sctx->count += len << 3;
56
57 if ((j + len) > 63) {
58 memcpy(&sctx->buffer[j], data, (i = 64-j));
59 sha_transform(sctx->state, sctx->buffer, temp);
60 for ( ; i + 63 < len; i += 64) {
61 sha_transform(sctx->state, &data[i], temp);
62 }
63 j = 0;
64 }
65 else i = 0;
66 memset(temp, 0, sizeof(temp));
67 memcpy(&sctx->buffer[j], &data[i], len - i);
68}
69
70
71/* Add padding and return the message digest. */
72static void sha1_final(void* ctx, u8 *out)
73{
74 struct sha1_ctx *sctx = ctx;
75 u32 i, j, index, padlen;
76 u64 t;
77 u8 bits[8] = { 0, };
78 static const u8 padding[64] = { 0x80, };
79
80 t = sctx->count;
81 bits[7] = 0xff & t; t>>=8;
82 bits[6] = 0xff & t; t>>=8;
83 bits[5] = 0xff & t; t>>=8;
84 bits[4] = 0xff & t; t>>=8;
85 bits[3] = 0xff & t; t>>=8;
86 bits[2] = 0xff & t; t>>=8;
87 bits[1] = 0xff & t; t>>=8;
88 bits[0] = 0xff & t;
89
90 /* Pad out to 56 mod 64 */
91 index = (sctx->count >> 3) & 0x3f;
92 padlen = (index < 56) ? (56 - index) : ((64+56) - index);
93 sha1_update(sctx, padding, padlen);
94
95 /* Append length */
96 sha1_update(sctx, bits, sizeof bits);
97
98 /* Store state in digest */
99 for (i = j = 0; i < 5; i++, j += 4) {
100 u32 t2 = sctx->state[i];
101 out[j+3] = t2 & 0xff; t2>>=8;
102 out[j+2] = t2 & 0xff; t2>>=8;
103 out[j+1] = t2 & 0xff; t2>>=8;
104 out[j ] = t2 & 0xff;
105 }
106
107 /* Wipe context */
108 memset(sctx, 0, sizeof *sctx);
109}
110
111static struct crypto_alg alg = {
112 .cra_name = "sha1",
113 .cra_flags = CRYPTO_ALG_TYPE_DIGEST,
114 .cra_blocksize = SHA1_HMAC_BLOCK_SIZE,
115 .cra_ctxsize = sizeof(struct sha1_ctx),
116 .cra_module = THIS_MODULE,
117 .cra_list = LIST_HEAD_INIT(alg.cra_list),
118 .cra_u = { .digest = {
119 .dia_digestsize = SHA1_DIGEST_SIZE,
120 .dia_init = sha1_init,
121 .dia_update = sha1_update,
122 .dia_final = sha1_final } }
123};
124
125static int __init init(void)
126{
127 return crypto_register_alg(&alg);
128}
129
130static void __exit fini(void)
131{
132 crypto_unregister_alg(&alg);
133}
134
135module_init(init);
136module_exit(fini);
137
138MODULE_LICENSE("GPL");
139MODULE_DESCRIPTION("SHA1 Secure Hash Algorithm");
diff --git a/crypto/sha256.c b/crypto/sha256.c
new file mode 100644
index 000000000000..c78da50a9b7a
--- /dev/null
+++ b/crypto/sha256.c
@@ -0,0 +1,349 @@
1/*
2 * Cryptographic API.
3 *
4 * SHA-256, as specified in
5 * http://csrc.nist.gov/cryptval/shs/sha256-384-512.pdf
6 *
7 * SHA-256 code by Jean-Luc Cooke <jlcooke@certainkey.com>.
8 *
9 * Copyright (c) Jean-Luc Cooke <jlcooke@certainkey.com>
10 * Copyright (c) Andrew McDonald <andrew@mcdonald.org.uk>
11 * Copyright (c) 2002 James Morris <jmorris@intercode.com.au>
12 *
13 * This program is free software; you can redistribute it and/or modify it
14 * under the terms of the GNU General Public License as published by the Free
15 * Software Foundation; either version 2 of the License, or (at your option)
16 * any later version.
17 *
18 */
19#include <linux/init.h>
20#include <linux/module.h>
21#include <linux/mm.h>
22#include <linux/crypto.h>
23#include <asm/scatterlist.h>
24#include <asm/byteorder.h>
25
26#define SHA256_DIGEST_SIZE 32
27#define SHA256_HMAC_BLOCK_SIZE 64
28
29struct sha256_ctx {
30 u32 count[2];
31 u32 state[8];
32 u8 buf[128];
33};
34
35static inline u32 Ch(u32 x, u32 y, u32 z)
36{
37 return z ^ (x & (y ^ z));
38}
39
40static inline u32 Maj(u32 x, u32 y, u32 z)
41{
42 return (x & y) | (z & (x | y));
43}
44
45#define e0(x) (ror32(x, 2) ^ ror32(x,13) ^ ror32(x,22))
46#define e1(x) (ror32(x, 6) ^ ror32(x,11) ^ ror32(x,25))
47#define s0(x) (ror32(x, 7) ^ ror32(x,18) ^ (x >> 3))
48#define s1(x) (ror32(x,17) ^ ror32(x,19) ^ (x >> 10))
49
50#define H0 0x6a09e667
51#define H1 0xbb67ae85
52#define H2 0x3c6ef372
53#define H3 0xa54ff53a
54#define H4 0x510e527f
55#define H5 0x9b05688c
56#define H6 0x1f83d9ab
57#define H7 0x5be0cd19
58
59static inline void LOAD_OP(int I, u32 *W, const u8 *input)
60{
61 W[I] = __be32_to_cpu( ((__be32*)(input))[I] );
62}
63
64static inline void BLEND_OP(int I, u32 *W)
65{
66 W[I] = s1(W[I-2]) + W[I-7] + s0(W[I-15]) + W[I-16];
67}
68
69static void sha256_transform(u32 *state, const u8 *input)
70{
71 u32 a, b, c, d, e, f, g, h, t1, t2;
72 u32 W[64];
73 int i;
74
75 /* load the input */
76 for (i = 0; i < 16; i++)
77 LOAD_OP(i, W, input);
78
79 /* now blend */
80 for (i = 16; i < 64; i++)
81 BLEND_OP(i, W);
82
83 /* load the state into our registers */
84 a=state[0]; b=state[1]; c=state[2]; d=state[3];
85 e=state[4]; f=state[5]; g=state[6]; h=state[7];
86
87 /* now iterate */
88 t1 = h + e1(e) + Ch(e,f,g) + 0x428a2f98 + W[ 0];
89 t2 = e0(a) + Maj(a,b,c); d+=t1; h=t1+t2;
90 t1 = g + e1(d) + Ch(d,e,f) + 0x71374491 + W[ 1];
91 t2 = e0(h) + Maj(h,a,b); c+=t1; g=t1+t2;
92 t1 = f + e1(c) + Ch(c,d,e) + 0xb5c0fbcf + W[ 2];
93 t2 = e0(g) + Maj(g,h,a); b+=t1; f=t1+t2;
94 t1 = e + e1(b) + Ch(b,c,d) + 0xe9b5dba5 + W[ 3];
95 t2 = e0(f) + Maj(f,g,h); a+=t1; e=t1+t2;
96 t1 = d + e1(a) + Ch(a,b,c) + 0x3956c25b + W[ 4];
97 t2 = e0(e) + Maj(e,f,g); h+=t1; d=t1+t2;
98 t1 = c + e1(h) + Ch(h,a,b) + 0x59f111f1 + W[ 5];
99 t2 = e0(d) + Maj(d,e,f); g+=t1; c=t1+t2;
100 t1 = b + e1(g) + Ch(g,h,a) + 0x923f82a4 + W[ 6];
101 t2 = e0(c) + Maj(c,d,e); f+=t1; b=t1+t2;
102 t1 = a + e1(f) + Ch(f,g,h) + 0xab1c5ed5 + W[ 7];
103 t2 = e0(b) + Maj(b,c,d); e+=t1; a=t1+t2;
104
105 t1 = h + e1(e) + Ch(e,f,g) + 0xd807aa98 + W[ 8];
106 t2 = e0(a) + Maj(a,b,c); d+=t1; h=t1+t2;
107 t1 = g + e1(d) + Ch(d,e,f) + 0x12835b01 + W[ 9];
108 t2 = e0(h) + Maj(h,a,b); c+=t1; g=t1+t2;
109 t1 = f + e1(c) + Ch(c,d,e) + 0x243185be + W[10];
110 t2 = e0(g) + Maj(g,h,a); b+=t1; f=t1+t2;
111 t1 = e + e1(b) + Ch(b,c,d) + 0x550c7dc3 + W[11];
112 t2 = e0(f) + Maj(f,g,h); a+=t1; e=t1+t2;
113 t1 = d + e1(a) + Ch(a,b,c) + 0x72be5d74 + W[12];
114 t2 = e0(e) + Maj(e,f,g); h+=t1; d=t1+t2;
115 t1 = c + e1(h) + Ch(h,a,b) + 0x80deb1fe + W[13];
116 t2 = e0(d) + Maj(d,e,f); g+=t1; c=t1+t2;
117 t1 = b + e1(g) + Ch(g,h,a) + 0x9bdc06a7 + W[14];
118 t2 = e0(c) + Maj(c,d,e); f+=t1; b=t1+t2;
119 t1 = a + e1(f) + Ch(f,g,h) + 0xc19bf174 + W[15];
120 t2 = e0(b) + Maj(b,c,d); e+=t1; a=t1+t2;
121
122 t1 = h + e1(e) + Ch(e,f,g) + 0xe49b69c1 + W[16];
123 t2 = e0(a) + Maj(a,b,c); d+=t1; h=t1+t2;
124 t1 = g + e1(d) + Ch(d,e,f) + 0xefbe4786 + W[17];
125 t2 = e0(h) + Maj(h,a,b); c+=t1; g=t1+t2;
126 t1 = f + e1(c) + Ch(c,d,e) + 0x0fc19dc6 + W[18];
127 t2 = e0(g) + Maj(g,h,a); b+=t1; f=t1+t2;
128 t1 = e + e1(b) + Ch(b,c,d) + 0x240ca1cc + W[19];
129 t2 = e0(f) + Maj(f,g,h); a+=t1; e=t1+t2;
130 t1 = d + e1(a) + Ch(a,b,c) + 0x2de92c6f + W[20];
131 t2 = e0(e) + Maj(e,f,g); h+=t1; d=t1+t2;
132 t1 = c + e1(h) + Ch(h,a,b) + 0x4a7484aa + W[21];
133 t2 = e0(d) + Maj(d,e,f); g+=t1; c=t1+t2;
134 t1 = b + e1(g) + Ch(g,h,a) + 0x5cb0a9dc + W[22];
135 t2 = e0(c) + Maj(c,d,e); f+=t1; b=t1+t2;
136 t1 = a + e1(f) + Ch(f,g,h) + 0x76f988da + W[23];
137 t2 = e0(b) + Maj(b,c,d); e+=t1; a=t1+t2;
138
139 t1 = h + e1(e) + Ch(e,f,g) + 0x983e5152 + W[24];
140 t2 = e0(a) + Maj(a,b,c); d+=t1; h=t1+t2;
141 t1 = g + e1(d) + Ch(d,e,f) + 0xa831c66d + W[25];
142 t2 = e0(h) + Maj(h,a,b); c+=t1; g=t1+t2;
143 t1 = f + e1(c) + Ch(c,d,e) + 0xb00327c8 + W[26];
144 t2 = e0(g) + Maj(g,h,a); b+=t1; f=t1+t2;
145 t1 = e + e1(b) + Ch(b,c,d) + 0xbf597fc7 + W[27];
146 t2 = e0(f) + Maj(f,g,h); a+=t1; e=t1+t2;
147 t1 = d + e1(a) + Ch(a,b,c) + 0xc6e00bf3 + W[28];
148 t2 = e0(e) + Maj(e,f,g); h+=t1; d=t1+t2;
149 t1 = c + e1(h) + Ch(h,a,b) + 0xd5a79147 + W[29];
150 t2 = e0(d) + Maj(d,e,f); g+=t1; c=t1+t2;
151 t1 = b + e1(g) + Ch(g,h,a) + 0x06ca6351 + W[30];
152 t2 = e0(c) + Maj(c,d,e); f+=t1; b=t1+t2;
153 t1 = a + e1(f) + Ch(f,g,h) + 0x14292967 + W[31];
154 t2 = e0(b) + Maj(b,c,d); e+=t1; a=t1+t2;
155
156 t1 = h + e1(e) + Ch(e,f,g) + 0x27b70a85 + W[32];
157 t2 = e0(a) + Maj(a,b,c); d+=t1; h=t1+t2;
158 t1 = g + e1(d) + Ch(d,e,f) + 0x2e1b2138 + W[33];
159 t2 = e0(h) + Maj(h,a,b); c+=t1; g=t1+t2;
160 t1 = f + e1(c) + Ch(c,d,e) + 0x4d2c6dfc + W[34];
161 t2 = e0(g) + Maj(g,h,a); b+=t1; f=t1+t2;
162 t1 = e + e1(b) + Ch(b,c,d) + 0x53380d13 + W[35];
163 t2 = e0(f) + Maj(f,g,h); a+=t1; e=t1+t2;
164 t1 = d + e1(a) + Ch(a,b,c) + 0x650a7354 + W[36];
165 t2 = e0(e) + Maj(e,f,g); h+=t1; d=t1+t2;
166 t1 = c + e1(h) + Ch(h,a,b) + 0x766a0abb + W[37];
167 t2 = e0(d) + Maj(d,e,f); g+=t1; c=t1+t2;
168 t1 = b + e1(g) + Ch(g,h,a) + 0x81c2c92e + W[38];
169 t2 = e0(c) + Maj(c,d,e); f+=t1; b=t1+t2;
170 t1 = a + e1(f) + Ch(f,g,h) + 0x92722c85 + W[39];
171 t2 = e0(b) + Maj(b,c,d); e+=t1; a=t1+t2;
172
173 t1 = h + e1(e) + Ch(e,f,g) + 0xa2bfe8a1 + W[40];
174 t2 = e0(a) + Maj(a,b,c); d+=t1; h=t1+t2;
175 t1 = g + e1(d) + Ch(d,e,f) + 0xa81a664b + W[41];
176 t2 = e0(h) + Maj(h,a,b); c+=t1; g=t1+t2;
177 t1 = f + e1(c) + Ch(c,d,e) + 0xc24b8b70 + W[42];
178 t2 = e0(g) + Maj(g,h,a); b+=t1; f=t1+t2;
179 t1 = e + e1(b) + Ch(b,c,d) + 0xc76c51a3 + W[43];
180 t2 = e0(f) + Maj(f,g,h); a+=t1; e=t1+t2;
181 t1 = d + e1(a) + Ch(a,b,c) + 0xd192e819 + W[44];
182 t2 = e0(e) + Maj(e,f,g); h+=t1; d=t1+t2;
183 t1 = c + e1(h) + Ch(h,a,b) + 0xd6990624 + W[45];
184 t2 = e0(d) + Maj(d,e,f); g+=t1; c=t1+t2;
185 t1 = b + e1(g) + Ch(g,h,a) + 0xf40e3585 + W[46];
186 t2 = e0(c) + Maj(c,d,e); f+=t1; b=t1+t2;
187 t1 = a + e1(f) + Ch(f,g,h) + 0x106aa070 + W[47];
188 t2 = e0(b) + Maj(b,c,d); e+=t1; a=t1+t2;
189
190 t1 = h + e1(e) + Ch(e,f,g) + 0x19a4c116 + W[48];
191 t2 = e0(a) + Maj(a,b,c); d+=t1; h=t1+t2;
192 t1 = g + e1(d) + Ch(d,e,f) + 0x1e376c08 + W[49];
193 t2 = e0(h) + Maj(h,a,b); c+=t1; g=t1+t2;
194 t1 = f + e1(c) + Ch(c,d,e) + 0x2748774c + W[50];
195 t2 = e0(g) + Maj(g,h,a); b+=t1; f=t1+t2;
196 t1 = e + e1(b) + Ch(b,c,d) + 0x34b0bcb5 + W[51];
197 t2 = e0(f) + Maj(f,g,h); a+=t1; e=t1+t2;
198 t1 = d + e1(a) + Ch(a,b,c) + 0x391c0cb3 + W[52];
199 t2 = e0(e) + Maj(e,f,g); h+=t1; d=t1+t2;
200 t1 = c + e1(h) + Ch(h,a,b) + 0x4ed8aa4a + W[53];
201 t2 = e0(d) + Maj(d,e,f); g+=t1; c=t1+t2;
202 t1 = b + e1(g) + Ch(g,h,a) + 0x5b9cca4f + W[54];
203 t2 = e0(c) + Maj(c,d,e); f+=t1; b=t1+t2;
204 t1 = a + e1(f) + Ch(f,g,h) + 0x682e6ff3 + W[55];
205 t2 = e0(b) + Maj(b,c,d); e+=t1; a=t1+t2;
206
207 t1 = h + e1(e) + Ch(e,f,g) + 0x748f82ee + W[56];
208 t2 = e0(a) + Maj(a,b,c); d+=t1; h=t1+t2;
209 t1 = g + e1(d) + Ch(d,e,f) + 0x78a5636f + W[57];
210 t2 = e0(h) + Maj(h,a,b); c+=t1; g=t1+t2;
211 t1 = f + e1(c) + Ch(c,d,e) + 0x84c87814 + W[58];
212 t2 = e0(g) + Maj(g,h,a); b+=t1; f=t1+t2;
213 t1 = e + e1(b) + Ch(b,c,d) + 0x8cc70208 + W[59];
214 t2 = e0(f) + Maj(f,g,h); a+=t1; e=t1+t2;
215 t1 = d + e1(a) + Ch(a,b,c) + 0x90befffa + W[60];
216 t2 = e0(e) + Maj(e,f,g); h+=t1; d=t1+t2;
217 t1 = c + e1(h) + Ch(h,a,b) + 0xa4506ceb + W[61];
218 t2 = e0(d) + Maj(d,e,f); g+=t1; c=t1+t2;
219 t1 = b + e1(g) + Ch(g,h,a) + 0xbef9a3f7 + W[62];
220 t2 = e0(c) + Maj(c,d,e); f+=t1; b=t1+t2;
221 t1 = a + e1(f) + Ch(f,g,h) + 0xc67178f2 + W[63];
222 t2 = e0(b) + Maj(b,c,d); e+=t1; a=t1+t2;
223
224 state[0] += a; state[1] += b; state[2] += c; state[3] += d;
225 state[4] += e; state[5] += f; state[6] += g; state[7] += h;
226
227 /* clear any sensitive info... */
228 a = b = c = d = e = f = g = h = t1 = t2 = 0;
229 memset(W, 0, 64 * sizeof(u32));
230}
231
232static void sha256_init(void *ctx)
233{
234 struct sha256_ctx *sctx = ctx;
235 sctx->state[0] = H0;
236 sctx->state[1] = H1;
237 sctx->state[2] = H2;
238 sctx->state[3] = H3;
239 sctx->state[4] = H4;
240 sctx->state[5] = H5;
241 sctx->state[6] = H6;
242 sctx->state[7] = H7;
243 sctx->count[0] = sctx->count[1] = 0;
244 memset(sctx->buf, 0, sizeof(sctx->buf));
245}
246
247static void sha256_update(void *ctx, const u8 *data, unsigned int len)
248{
249 struct sha256_ctx *sctx = ctx;
250 unsigned int i, index, part_len;
251
252 /* Compute number of bytes mod 128 */
253 index = (unsigned int)((sctx->count[0] >> 3) & 0x3f);
254
255 /* Update number of bits */
256 if ((sctx->count[0] += (len << 3)) < (len << 3)) {
257 sctx->count[1]++;
258 sctx->count[1] += (len >> 29);
259 }
260
261 part_len = 64 - index;
262
263 /* Transform as many times as possible. */
264 if (len >= part_len) {
265 memcpy(&sctx->buf[index], data, part_len);
266 sha256_transform(sctx->state, sctx->buf);
267
268 for (i = part_len; i + 63 < len; i += 64)
269 sha256_transform(sctx->state, &data[i]);
270 index = 0;
271 } else {
272 i = 0;
273 }
274
275 /* Buffer remaining input */
276 memcpy(&sctx->buf[index], &data[i], len-i);
277}
278
279static void sha256_final(void* ctx, u8 *out)
280{
281 struct sha256_ctx *sctx = ctx;
282 u8 bits[8];
283 unsigned int index, pad_len, t;
284 int i, j;
285 static const u8 padding[64] = { 0x80, };
286
287 /* Save number of bits */
288 t = sctx->count[0];
289 bits[7] = t; t >>= 8;
290 bits[6] = t; t >>= 8;
291 bits[5] = t; t >>= 8;
292 bits[4] = t;
293 t = sctx->count[1];
294 bits[3] = t; t >>= 8;
295 bits[2] = t; t >>= 8;
296 bits[1] = t; t >>= 8;
297 bits[0] = t;
298
299 /* Pad out to 56 mod 64. */
300 index = (sctx->count[0] >> 3) & 0x3f;
301 pad_len = (index < 56) ? (56 - index) : ((64+56) - index);
302 sha256_update(sctx, padding, pad_len);
303
304 /* Append length (before padding) */
305 sha256_update(sctx, bits, 8);
306
307 /* Store state in digest */
308 for (i = j = 0; i < 8; i++, j += 4) {
309 t = sctx->state[i];
310 out[j+3] = t; t >>= 8;
311 out[j+2] = t; t >>= 8;
312 out[j+1] = t; t >>= 8;
313 out[j ] = t;
314 }
315
316 /* Zeroize sensitive information. */
317 memset(sctx, 0, sizeof(*sctx));
318}
319
320
321static struct crypto_alg alg = {
322 .cra_name = "sha256",
323 .cra_flags = CRYPTO_ALG_TYPE_DIGEST,
324 .cra_blocksize = SHA256_HMAC_BLOCK_SIZE,
325 .cra_ctxsize = sizeof(struct sha256_ctx),
326 .cra_module = THIS_MODULE,
327 .cra_list = LIST_HEAD_INIT(alg.cra_list),
328 .cra_u = { .digest = {
329 .dia_digestsize = SHA256_DIGEST_SIZE,
330 .dia_init = sha256_init,
331 .dia_update = sha256_update,
332 .dia_final = sha256_final } }
333};
334
335static int __init init(void)
336{
337 return crypto_register_alg(&alg);
338}
339
340static void __exit fini(void)
341{
342 crypto_unregister_alg(&alg);
343}
344
345module_init(init);
346module_exit(fini);
347
348MODULE_LICENSE("GPL");
349MODULE_DESCRIPTION("SHA256 Secure Hash Algorithm");
diff --git a/crypto/sha512.c b/crypto/sha512.c
new file mode 100644
index 000000000000..c663438322e9
--- /dev/null
+++ b/crypto/sha512.c
@@ -0,0 +1,362 @@
1/* SHA-512 code by Jean-Luc Cooke <jlcooke@certainkey.com>
2 *
3 * Copyright (c) Jean-Luc Cooke <jlcooke@certainkey.com>
4 * Copyright (c) Andrew McDonald <andrew@mcdonald.org.uk>
5 * Copyright (c) 2003 Kyle McMartin <kyle@debian.org>
6 *
7 * This program is free software; you can redistribute it and/or modify it
8 * under the terms of the GNU General Public License as published by the
9 * Free Software Foundation; either version 2, or (at your option) any
10 * later version.
11 *
12 */
13
14#include <linux/kernel.h>
15#include <linux/module.h>
16
17#include <linux/mm.h>
18#include <linux/init.h>
19#include <linux/crypto.h>
20
21#include <asm/scatterlist.h>
22#include <asm/byteorder.h>
23
24#define SHA384_DIGEST_SIZE 48
25#define SHA512_DIGEST_SIZE 64
26#define SHA384_HMAC_BLOCK_SIZE 96
27#define SHA512_HMAC_BLOCK_SIZE 128
28
29struct sha512_ctx {
30 u64 state[8];
31 u32 count[4];
32 u8 buf[128];
33 u64 W[80];
34};
35
36static inline u64 Ch(u64 x, u64 y, u64 z)
37{
38 return z ^ (x & (y ^ z));
39}
40
41static inline u64 Maj(u64 x, u64 y, u64 z)
42{
43 return (x & y) | (z & (x | y));
44}
45
46static inline u64 RORu64(u64 x, u64 y)
47{
48 return (x >> y) | (x << (64 - y));
49}
50
51static const u64 sha512_K[80] = {
52 0x428a2f98d728ae22ULL, 0x7137449123ef65cdULL, 0xb5c0fbcfec4d3b2fULL,
53 0xe9b5dba58189dbbcULL, 0x3956c25bf348b538ULL, 0x59f111f1b605d019ULL,
54 0x923f82a4af194f9bULL, 0xab1c5ed5da6d8118ULL, 0xd807aa98a3030242ULL,
55 0x12835b0145706fbeULL, 0x243185be4ee4b28cULL, 0x550c7dc3d5ffb4e2ULL,
56 0x72be5d74f27b896fULL, 0x80deb1fe3b1696b1ULL, 0x9bdc06a725c71235ULL,
57 0xc19bf174cf692694ULL, 0xe49b69c19ef14ad2ULL, 0xefbe4786384f25e3ULL,
58 0x0fc19dc68b8cd5b5ULL, 0x240ca1cc77ac9c65ULL, 0x2de92c6f592b0275ULL,
59 0x4a7484aa6ea6e483ULL, 0x5cb0a9dcbd41fbd4ULL, 0x76f988da831153b5ULL,
60 0x983e5152ee66dfabULL, 0xa831c66d2db43210ULL, 0xb00327c898fb213fULL,
61 0xbf597fc7beef0ee4ULL, 0xc6e00bf33da88fc2ULL, 0xd5a79147930aa725ULL,
62 0x06ca6351e003826fULL, 0x142929670a0e6e70ULL, 0x27b70a8546d22ffcULL,
63 0x2e1b21385c26c926ULL, 0x4d2c6dfc5ac42aedULL, 0x53380d139d95b3dfULL,
64 0x650a73548baf63deULL, 0x766a0abb3c77b2a8ULL, 0x81c2c92e47edaee6ULL,
65 0x92722c851482353bULL, 0xa2bfe8a14cf10364ULL, 0xa81a664bbc423001ULL,
66 0xc24b8b70d0f89791ULL, 0xc76c51a30654be30ULL, 0xd192e819d6ef5218ULL,
67 0xd69906245565a910ULL, 0xf40e35855771202aULL, 0x106aa07032bbd1b8ULL,
68 0x19a4c116b8d2d0c8ULL, 0x1e376c085141ab53ULL, 0x2748774cdf8eeb99ULL,
69 0x34b0bcb5e19b48a8ULL, 0x391c0cb3c5c95a63ULL, 0x4ed8aa4ae3418acbULL,
70 0x5b9cca4f7763e373ULL, 0x682e6ff3d6b2b8a3ULL, 0x748f82ee5defb2fcULL,
71 0x78a5636f43172f60ULL, 0x84c87814a1f0ab72ULL, 0x8cc702081a6439ecULL,
72 0x90befffa23631e28ULL, 0xa4506cebde82bde9ULL, 0xbef9a3f7b2c67915ULL,
73 0xc67178f2e372532bULL, 0xca273eceea26619cULL, 0xd186b8c721c0c207ULL,
74 0xeada7dd6cde0eb1eULL, 0xf57d4f7fee6ed178ULL, 0x06f067aa72176fbaULL,
75 0x0a637dc5a2c898a6ULL, 0x113f9804bef90daeULL, 0x1b710b35131c471bULL,
76 0x28db77f523047d84ULL, 0x32caab7b40c72493ULL, 0x3c9ebe0a15c9bebcULL,
77 0x431d67c49c100d4cULL, 0x4cc5d4becb3e42b6ULL, 0x597f299cfc657e2aULL,
78 0x5fcb6fab3ad6faecULL, 0x6c44198c4a475817ULL,
79};
80
81#define e0(x) (RORu64(x,28) ^ RORu64(x,34) ^ RORu64(x,39))
82#define e1(x) (RORu64(x,14) ^ RORu64(x,18) ^ RORu64(x,41))
83#define s0(x) (RORu64(x, 1) ^ RORu64(x, 8) ^ (x >> 7))
84#define s1(x) (RORu64(x,19) ^ RORu64(x,61) ^ (x >> 6))
85
86/* H* initial state for SHA-512 */
87#define H0 0x6a09e667f3bcc908ULL
88#define H1 0xbb67ae8584caa73bULL
89#define H2 0x3c6ef372fe94f82bULL
90#define H3 0xa54ff53a5f1d36f1ULL
91#define H4 0x510e527fade682d1ULL
92#define H5 0x9b05688c2b3e6c1fULL
93#define H6 0x1f83d9abfb41bd6bULL
94#define H7 0x5be0cd19137e2179ULL
95
96/* H'* initial state for SHA-384 */
97#define HP0 0xcbbb9d5dc1059ed8ULL
98#define HP1 0x629a292a367cd507ULL
99#define HP2 0x9159015a3070dd17ULL
100#define HP3 0x152fecd8f70e5939ULL
101#define HP4 0x67332667ffc00b31ULL
102#define HP5 0x8eb44a8768581511ULL
103#define HP6 0xdb0c2e0d64f98fa7ULL
104#define HP7 0x47b5481dbefa4fa4ULL
105
106static inline void LOAD_OP(int I, u64 *W, const u8 *input)
107{
108 W[I] = __be64_to_cpu( ((__be64*)(input))[I] );
109}
110
111static inline void BLEND_OP(int I, u64 *W)
112{
113 W[I] = s1(W[I-2]) + W[I-7] + s0(W[I-15]) + W[I-16];
114}
115
116static void
117sha512_transform(u64 *state, u64 *W, const u8 *input)
118{
119 u64 a, b, c, d, e, f, g, h, t1, t2;
120
121 int i;
122
123 /* load the input */
124 for (i = 0; i < 16; i++)
125 LOAD_OP(i, W, input);
126
127 for (i = 16; i < 80; i++) {
128 BLEND_OP(i, W);
129 }
130
131 /* load the state into our registers */
132 a=state[0]; b=state[1]; c=state[2]; d=state[3];
133 e=state[4]; f=state[5]; g=state[6]; h=state[7];
134
135 /* now iterate */
136 for (i=0; i<80; i+=8) {
137 t1 = h + e1(e) + Ch(e,f,g) + sha512_K[i ] + W[i ];
138 t2 = e0(a) + Maj(a,b,c); d+=t1; h=t1+t2;
139 t1 = g + e1(d) + Ch(d,e,f) + sha512_K[i+1] + W[i+1];
140 t2 = e0(h) + Maj(h,a,b); c+=t1; g=t1+t2;
141 t1 = f + e1(c) + Ch(c,d,e) + sha512_K[i+2] + W[i+2];
142 t2 = e0(g) + Maj(g,h,a); b+=t1; f=t1+t2;
143 t1 = e + e1(b) + Ch(b,c,d) + sha512_K[i+3] + W[i+3];
144 t2 = e0(f) + Maj(f,g,h); a+=t1; e=t1+t2;
145 t1 = d + e1(a) + Ch(a,b,c) + sha512_K[i+4] + W[i+4];
146 t2 = e0(e) + Maj(e,f,g); h+=t1; d=t1+t2;
147 t1 = c + e1(h) + Ch(h,a,b) + sha512_K[i+5] + W[i+5];
148 t2 = e0(d) + Maj(d,e,f); g+=t1; c=t1+t2;
149 t1 = b + e1(g) + Ch(g,h,a) + sha512_K[i+6] + W[i+6];
150 t2 = e0(c) + Maj(c,d,e); f+=t1; b=t1+t2;
151 t1 = a + e1(f) + Ch(f,g,h) + sha512_K[i+7] + W[i+7];
152 t2 = e0(b) + Maj(b,c,d); e+=t1; a=t1+t2;
153 }
154
155 state[0] += a; state[1] += b; state[2] += c; state[3] += d;
156 state[4] += e; state[5] += f; state[6] += g; state[7] += h;
157
158 /* erase our data */
159 a = b = c = d = e = f = g = h = t1 = t2 = 0;
160}
161
162static void
163sha512_init(void *ctx)
164{
165 struct sha512_ctx *sctx = ctx;
166 sctx->state[0] = H0;
167 sctx->state[1] = H1;
168 sctx->state[2] = H2;
169 sctx->state[3] = H3;
170 sctx->state[4] = H4;
171 sctx->state[5] = H5;
172 sctx->state[6] = H6;
173 sctx->state[7] = H7;
174 sctx->count[0] = sctx->count[1] = sctx->count[2] = sctx->count[3] = 0;
175 memset(sctx->buf, 0, sizeof(sctx->buf));
176}
177
178static void
179sha384_init(void *ctx)
180{
181 struct sha512_ctx *sctx = ctx;
182 sctx->state[0] = HP0;
183 sctx->state[1] = HP1;
184 sctx->state[2] = HP2;
185 sctx->state[3] = HP3;
186 sctx->state[4] = HP4;
187 sctx->state[5] = HP5;
188 sctx->state[6] = HP6;
189 sctx->state[7] = HP7;
190 sctx->count[0] = sctx->count[1] = sctx->count[2] = sctx->count[3] = 0;
191 memset(sctx->buf, 0, sizeof(sctx->buf));
192}
193
194static void
195sha512_update(void *ctx, const u8 *data, unsigned int len)
196{
197 struct sha512_ctx *sctx = ctx;
198
199 unsigned int i, index, part_len;
200
201 /* Compute number of bytes mod 128 */
202 index = (unsigned int)((sctx->count[0] >> 3) & 0x7F);
203
204 /* Update number of bits */
205 if ((sctx->count[0] += (len << 3)) < (len << 3)) {
206 if ((sctx->count[1] += 1) < 1)
207 if ((sctx->count[2] += 1) < 1)
208 sctx->count[3]++;
209 sctx->count[1] += (len >> 29);
210 }
211
212 part_len = 128 - index;
213
214 /* Transform as many times as possible. */
215 if (len >= part_len) {
216 memcpy(&sctx->buf[index], data, part_len);
217 sha512_transform(sctx->state, sctx->W, sctx->buf);
218
219 for (i = part_len; i + 127 < len; i+=128)
220 sha512_transform(sctx->state, sctx->W, &data[i]);
221
222 index = 0;
223 } else {
224 i = 0;
225 }
226
227 /* Buffer remaining input */
228 memcpy(&sctx->buf[index], &data[i], len - i);
229
230 /* erase our data */
231 memset(sctx->W, 0, sizeof(sctx->W));
232}
233
234static void
235sha512_final(void *ctx, u8 *hash)
236{
237 struct sha512_ctx *sctx = ctx;
238
239 static u8 padding[128] = { 0x80, };
240
241 u32 t;
242 u64 t2;
243 u8 bits[128];
244 unsigned int index, pad_len;
245 int i, j;
246
247 index = pad_len = t = i = j = 0;
248 t2 = 0;
249
250 /* Save number of bits */
251 t = sctx->count[0];
252 bits[15] = t; t>>=8;
253 bits[14] = t; t>>=8;
254 bits[13] = t; t>>=8;
255 bits[12] = t;
256 t = sctx->count[1];
257 bits[11] = t; t>>=8;
258 bits[10] = t; t>>=8;
259 bits[9 ] = t; t>>=8;
260 bits[8 ] = t;
261 t = sctx->count[2];
262 bits[7 ] = t; t>>=8;
263 bits[6 ] = t; t>>=8;
264 bits[5 ] = t; t>>=8;
265 bits[4 ] = t;
266 t = sctx->count[3];
267 bits[3 ] = t; t>>=8;
268 bits[2 ] = t; t>>=8;
269 bits[1 ] = t; t>>=8;
270 bits[0 ] = t;
271
272 /* Pad out to 112 mod 128. */
273 index = (sctx->count[0] >> 3) & 0x7f;
274 pad_len = (index < 112) ? (112 - index) : ((128+112) - index);
275 sha512_update(sctx, padding, pad_len);
276
277 /* Append length (before padding) */
278 sha512_update(sctx, bits, 16);
279
280 /* Store state in digest */
281 for (i = j = 0; i < 8; i++, j += 8) {
282 t2 = sctx->state[i];
283 hash[j+7] = (char)t2 & 0xff; t2>>=8;
284 hash[j+6] = (char)t2 & 0xff; t2>>=8;
285 hash[j+5] = (char)t2 & 0xff; t2>>=8;
286 hash[j+4] = (char)t2 & 0xff; t2>>=8;
287 hash[j+3] = (char)t2 & 0xff; t2>>=8;
288 hash[j+2] = (char)t2 & 0xff; t2>>=8;
289 hash[j+1] = (char)t2 & 0xff; t2>>=8;
290 hash[j ] = (char)t2 & 0xff;
291 }
292
293 /* Zeroize sensitive information. */
294 memset(sctx, 0, sizeof(struct sha512_ctx));
295}
296
297static void sha384_final(void *ctx, u8 *hash)
298{
299 struct sha512_ctx *sctx = ctx;
300 u8 D[64];
301
302 sha512_final(sctx, D);
303
304 memcpy(hash, D, 48);
305 memset(D, 0, 64);
306}
307
308static struct crypto_alg sha512 = {
309 .cra_name = "sha512",
310 .cra_flags = CRYPTO_ALG_TYPE_DIGEST,
311 .cra_blocksize = SHA512_HMAC_BLOCK_SIZE,
312 .cra_ctxsize = sizeof(struct sha512_ctx),
313 .cra_module = THIS_MODULE,
314 .cra_list = LIST_HEAD_INIT(sha512.cra_list),
315 .cra_u = { .digest = {
316 .dia_digestsize = SHA512_DIGEST_SIZE,
317 .dia_init = sha512_init,
318 .dia_update = sha512_update,
319 .dia_final = sha512_final }
320 }
321};
322
323static struct crypto_alg sha384 = {
324 .cra_name = "sha384",
325 .cra_flags = CRYPTO_ALG_TYPE_DIGEST,
326 .cra_blocksize = SHA384_HMAC_BLOCK_SIZE,
327 .cra_ctxsize = sizeof(struct sha512_ctx),
328 .cra_module = THIS_MODULE,
329 .cra_list = LIST_HEAD_INIT(sha384.cra_list),
330 .cra_u = { .digest = {
331 .dia_digestsize = SHA384_DIGEST_SIZE,
332 .dia_init = sha384_init,
333 .dia_update = sha512_update,
334 .dia_final = sha384_final }
335 }
336};
337
338MODULE_ALIAS("sha384");
339
340static int __init init(void)
341{
342 int ret = 0;
343
344 if ((ret = crypto_register_alg(&sha384)) < 0)
345 goto out;
346 if ((ret = crypto_register_alg(&sha512)) < 0)
347 crypto_unregister_alg(&sha384);
348out:
349 return ret;
350}
351
352static void __exit fini(void)
353{
354 crypto_unregister_alg(&sha384);
355 crypto_unregister_alg(&sha512);
356}
357
358module_init(init);
359module_exit(fini);
360
361MODULE_LICENSE("GPL");
362MODULE_DESCRIPTION("SHA-512 and SHA-384 Secure Hash Algorithms");
diff --git a/crypto/tcrypt.c b/crypto/tcrypt.c
new file mode 100644
index 000000000000..92b0352c8e92
--- /dev/null
+++ b/crypto/tcrypt.c
@@ -0,0 +1,910 @@
1/*
2 * Quick & dirty crypto testing module.
3 *
4 * This will only exist until we have a better testing mechanism
5 * (e.g. a char device).
6 *
7 * Copyright (c) 2002 James Morris <jmorris@intercode.com.au>
8 * Copyright (c) 2002 Jean-Francois Dive <jef@linuxbe.org>
9 *
10 * This program is free software; you can redistribute it and/or modify it
11 * under the terms of the GNU General Public License as published by the Free
12 * Software Foundation; either version 2 of the License, or (at your option)
13 * any later version.
14 *
15 * 14 - 09 - 2003
16 * Rewritten by Kartikey Mahendra Bhatt
17 */
18
19#include <linux/init.h>
20#include <linux/module.h>
21#include <linux/mm.h>
22#include <linux/slab.h>
23#include <asm/scatterlist.h>
24#include <linux/string.h>
25#include <linux/crypto.h>
26#include <linux/highmem.h>
27#include <linux/moduleparam.h>
28#include "tcrypt.h"
29
30/*
31 * Need to kmalloc() memory for testing kmap().
32 */
33#define TVMEMSIZE 4096
34#define XBUFSIZE 32768
35
36/*
37 * Indexes into the xbuf to simulate cross-page access.
38 */
39#define IDX1 37
40#define IDX2 32400
41#define IDX3 1
42#define IDX4 8193
43#define IDX5 22222
44#define IDX6 17101
45#define IDX7 27333
46#define IDX8 3000
47
48/*
49* Used by test_cipher()
50*/
51#define ENCRYPT 1
52#define DECRYPT 0
53#define MODE_ECB 1
54#define MODE_CBC 0
55
56static unsigned int IDX[8] = { IDX1, IDX2, IDX3, IDX4, IDX5, IDX6, IDX7, IDX8 };
57
58static int mode;
59static char *xbuf;
60static char *tvmem;
61
62static char *check[] = {
63 "des", "md5", "des3_ede", "rot13", "sha1", "sha256", "blowfish",
64 "twofish", "serpent", "sha384", "sha512", "md4", "aes", "cast6",
65 "arc4", "michael_mic", "deflate", "crc32c", "tea", "xtea",
66 "khazad", "wp512", "wp384", "wp256", "tnepres", NULL
67};
68
69static void
70hexdump(unsigned char *buf, unsigned int len)
71{
72 while (len--)
73 printk("%02x", *buf++);
74
75 printk("\n");
76}
77
78static void
79test_hash (char * algo, struct hash_testvec * template, unsigned int tcount)
80{
81 char *p;
82 unsigned int i, j, k, temp;
83 struct scatterlist sg[8];
84 char result[64];
85 struct crypto_tfm *tfm;
86 struct hash_testvec *hash_tv;
87 unsigned int tsize;
88
89 printk("\ntesting %s\n", algo);
90
91 tsize = sizeof (struct hash_testvec);
92 tsize *= tcount;
93
94 if (tsize > TVMEMSIZE) {
95 printk("template (%u) too big for tvmem (%u)\n", tsize, TVMEMSIZE);
96 return;
97 }
98
99 memcpy(tvmem, template, tsize);
100 hash_tv = (void *) tvmem;
101 tfm = crypto_alloc_tfm(algo, 0);
102 if (tfm == NULL) {
103 printk("failed to load transform for %s\n", algo);
104 return;
105 }
106
107 for (i = 0; i < tcount; i++) {
108 printk ("test %u:\n", i + 1);
109 memset (result, 0, 64);
110
111 p = hash_tv[i].plaintext;
112 sg[0].page = virt_to_page (p);
113 sg[0].offset = offset_in_page (p);
114 sg[0].length = hash_tv[i].psize;
115
116 crypto_digest_init (tfm);
117 if (tfm->crt_u.digest.dit_setkey) {
118 crypto_digest_setkey (tfm, hash_tv[i].key,
119 hash_tv[i].ksize);
120 }
121 crypto_digest_update (tfm, sg, 1);
122 crypto_digest_final (tfm, result);
123
124 hexdump (result, crypto_tfm_alg_digestsize (tfm));
125 printk("%s\n",
126 memcmp(result, hash_tv[i].digest,
127 crypto_tfm_alg_digestsize(tfm)) ? "fail" :
128 "pass");
129 }
130
131 printk ("testing %s across pages\n", algo);
132
133 /* setup the dummy buffer first */
134 memset(xbuf, 0, XBUFSIZE);
135
136 j = 0;
137 for (i = 0; i < tcount; i++) {
138 if (hash_tv[i].np) {
139 j++;
140 printk ("test %u:\n", j);
141 memset (result, 0, 64);
142
143 temp = 0;
144 for (k = 0; k < hash_tv[i].np; k++) {
145 memcpy (&xbuf[IDX[k]], hash_tv[i].plaintext + temp,
146 hash_tv[i].tap[k]);
147 temp += hash_tv[i].tap[k];
148 p = &xbuf[IDX[k]];
149 sg[k].page = virt_to_page (p);
150 sg[k].offset = offset_in_page (p);
151 sg[k].length = hash_tv[i].tap[k];
152 }
153
154 crypto_digest_digest (tfm, sg, hash_tv[i].np, result);
155
156 hexdump (result, crypto_tfm_alg_digestsize (tfm));
157 printk("%s\n",
158 memcmp(result, hash_tv[i].digest,
159 crypto_tfm_alg_digestsize(tfm)) ? "fail" :
160 "pass");
161 }
162 }
163
164 crypto_free_tfm (tfm);
165}
166
167
168#ifdef CONFIG_CRYPTO_HMAC
169
170static void
171test_hmac(char *algo, struct hmac_testvec * template, unsigned int tcount)
172{
173 char *p;
174 unsigned int i, j, k, temp;
175 struct scatterlist sg[8];
176 char result[64];
177 struct crypto_tfm *tfm;
178 struct hmac_testvec *hmac_tv;
179 unsigned int tsize, klen;
180
181 tfm = crypto_alloc_tfm(algo, 0);
182 if (tfm == NULL) {
183 printk("failed to load transform for %s\n", algo);
184 return;
185 }
186
187 printk("\ntesting hmac_%s\n", algo);
188
189 tsize = sizeof (struct hmac_testvec);
190 tsize *= tcount;
191 if (tsize > TVMEMSIZE) {
192 printk("template (%u) too big for tvmem (%u)\n", tsize,
193 TVMEMSIZE);
194 goto out;
195 }
196
197 memcpy(tvmem, template, tsize);
198 hmac_tv = (void *) tvmem;
199
200 for (i = 0; i < tcount; i++) {
201 printk("test %u:\n", i + 1);
202 memset(result, 0, sizeof (result));
203
204 p = hmac_tv[i].plaintext;
205 klen = hmac_tv[i].ksize;
206 sg[0].page = virt_to_page(p);
207 sg[0].offset = offset_in_page(p);
208 sg[0].length = hmac_tv[i].psize;
209
210 crypto_hmac(tfm, hmac_tv[i].key, &klen, sg, 1, result);
211
212 hexdump(result, crypto_tfm_alg_digestsize(tfm));
213 printk("%s\n",
214 memcmp(result, hmac_tv[i].digest,
215 crypto_tfm_alg_digestsize(tfm)) ? "fail" :
216 "pass");
217 }
218
219 printk("\ntesting hmac_%s across pages\n", algo);
220
221 memset(xbuf, 0, XBUFSIZE);
222
223 j = 0;
224 for (i = 0; i < tcount; i++) {
225 if (hmac_tv[i].np) {
226 j++;
227 printk ("test %u:\n",j);
228 memset (result, 0, 64);
229
230 temp = 0;
231 klen = hmac_tv[i].ksize;
232 for (k = 0; k < hmac_tv[i].np; k++) {
233 memcpy (&xbuf[IDX[k]], hmac_tv[i].plaintext + temp,
234 hmac_tv[i].tap[k]);
235 temp += hmac_tv[i].tap[k];
236 p = &xbuf[IDX[k]];
237 sg[k].page = virt_to_page (p);
238 sg[k].offset = offset_in_page (p);
239 sg[k].length = hmac_tv[i].tap[k];
240 }
241
242 crypto_hmac(tfm, hmac_tv[i].key, &klen, sg, hmac_tv[i].np,
243 result);
244 hexdump(result, crypto_tfm_alg_digestsize(tfm));
245
246 printk("%s\n",
247 memcmp(result, hmac_tv[i].digest,
248 crypto_tfm_alg_digestsize(tfm)) ? "fail" :
249 "pass");
250 }
251 }
252out:
253 crypto_free_tfm(tfm);
254}
255
256#endif /* CONFIG_CRYPTO_HMAC */
257
258static void
259test_cipher(char * algo, int mode, int enc, struct cipher_testvec * template, unsigned int tcount)
260{
261 unsigned int ret, i, j, k, temp;
262 unsigned int tsize;
263 char *p, *q;
264 struct crypto_tfm *tfm;
265 char *key;
266 struct cipher_testvec *cipher_tv;
267 struct scatterlist sg[8];
268 char e[11], m[4];
269
270 if (enc == ENCRYPT)
271 strncpy(e, "encryption", 11);
272 else
273 strncpy(e, "decryption", 11);
274 if (mode == MODE_ECB)
275 strncpy(m, "ECB", 4);
276 else
277 strncpy(m, "CBC", 4);
278
279 printk("\ntesting %s %s %s \n", algo, m, e);
280
281 tsize = sizeof (struct cipher_testvec);
282 tsize *= tcount;
283
284 if (tsize > TVMEMSIZE) {
285 printk("template (%u) too big for tvmem (%u)\n", tsize,
286 TVMEMSIZE);
287 return;
288 }
289
290 memcpy(tvmem, template, tsize);
291 cipher_tv = (void *) tvmem;
292
293 if (mode)
294 tfm = crypto_alloc_tfm (algo, 0);
295 else
296 tfm = crypto_alloc_tfm (algo, CRYPTO_TFM_MODE_CBC);
297
298 if (tfm == NULL) {
299 printk("failed to load transform for %s %s\n", algo, m);
300 return;
301 }
302
303 j = 0;
304 for (i = 0; i < tcount; i++) {
305 if (!(cipher_tv[i].np)) {
306 j++;
307 printk("test %u (%d bit key):\n",
308 j, cipher_tv[i].klen * 8);
309
310 tfm->crt_flags = 0;
311 if (cipher_tv[i].wk)
312 tfm->crt_flags |= CRYPTO_TFM_REQ_WEAK_KEY;
313 key = cipher_tv[i].key;
314
315 ret = crypto_cipher_setkey(tfm, key, cipher_tv[i].klen);
316 if (ret) {
317 printk("setkey() failed flags=%x\n", tfm->crt_flags);
318
319 if (!cipher_tv[i].fail)
320 goto out;
321 }
322
323 p = cipher_tv[i].input;
324 sg[0].page = virt_to_page(p);
325 sg[0].offset = offset_in_page(p);
326 sg[0].length = cipher_tv[i].ilen;
327
328 if (!mode) {
329 crypto_cipher_set_iv(tfm, cipher_tv[i].iv,
330 crypto_tfm_alg_ivsize (tfm));
331 }
332
333 if (enc)
334 ret = crypto_cipher_encrypt(tfm, sg, sg, cipher_tv[i].ilen);
335 else
336 ret = crypto_cipher_decrypt(tfm, sg, sg, cipher_tv[i].ilen);
337
338
339 if (ret) {
340 printk("%s () failed flags=%x\n", e, tfm->crt_flags);
341 goto out;
342 }
343
344 q = kmap(sg[0].page) + sg[0].offset;
345 hexdump(q, cipher_tv[i].rlen);
346
347 printk("%s\n",
348 memcmp(q, cipher_tv[i].result, cipher_tv[i].rlen) ? "fail" :
349 "pass");
350 }
351 }
352
353 printk("\ntesting %s %s %s across pages (chunking) \n", algo, m, e);
354 memset(xbuf, 0, XBUFSIZE);
355
356 j = 0;
357 for (i = 0; i < tcount; i++) {
358 if (cipher_tv[i].np) {
359 j++;
360 printk("test %u (%d bit key):\n",
361 j, cipher_tv[i].klen * 8);
362
363 tfm->crt_flags = 0;
364 if (cipher_tv[i].wk)
365 tfm->crt_flags |= CRYPTO_TFM_REQ_WEAK_KEY;
366 key = cipher_tv[i].key;
367
368 ret = crypto_cipher_setkey(tfm, key, cipher_tv[i].klen);
369 if (ret) {
370 printk("setkey() failed flags=%x\n", tfm->crt_flags);
371
372 if (!cipher_tv[i].fail)
373 goto out;
374 }
375
376 temp = 0;
377 for (k = 0; k < cipher_tv[i].np; k++) {
378 memcpy (&xbuf[IDX[k]], cipher_tv[i].input + temp,
379 cipher_tv[i].tap[k]);
380 temp += cipher_tv[i].tap[k];
381 p = &xbuf[IDX[k]];
382 sg[k].page = virt_to_page (p);
383 sg[k].offset = offset_in_page (p);
384 sg[k].length = cipher_tv[i].tap[k];
385 }
386
387 if (!mode) {
388 crypto_cipher_set_iv(tfm, cipher_tv[i].iv,
389 crypto_tfm_alg_ivsize (tfm));
390 }
391
392 if (enc)
393 ret = crypto_cipher_encrypt(tfm, sg, sg, cipher_tv[i].ilen);
394 else
395 ret = crypto_cipher_decrypt(tfm, sg, sg, cipher_tv[i].ilen);
396
397 if (ret) {
398 printk("%s () failed flags=%x\n", e, tfm->crt_flags);
399 goto out;
400 }
401
402 temp = 0;
403 for (k = 0; k < cipher_tv[i].np; k++) {
404 printk("page %u\n", k);
405 q = kmap(sg[k].page) + sg[k].offset;
406 hexdump(q, cipher_tv[i].tap[k]);
407 printk("%s\n",
408 memcmp(q, cipher_tv[i].result + temp,
409 cipher_tv[i].tap[k]) ? "fail" :
410 "pass");
411 temp += cipher_tv[i].tap[k];
412 }
413 }
414 }
415
416out:
417 crypto_free_tfm(tfm);
418}
419
420static void
421test_deflate(void)
422{
423 unsigned int i;
424 char result[COMP_BUF_SIZE];
425 struct crypto_tfm *tfm;
426 struct comp_testvec *tv;
427 unsigned int tsize;
428
429 printk("\ntesting deflate compression\n");
430
431 tsize = sizeof (deflate_comp_tv_template);
432 if (tsize > TVMEMSIZE) {
433 printk("template (%u) too big for tvmem (%u)\n", tsize,
434 TVMEMSIZE);
435 return;
436 }
437
438 memcpy(tvmem, deflate_comp_tv_template, tsize);
439 tv = (void *) tvmem;
440
441 tfm = crypto_alloc_tfm("deflate", 0);
442 if (tfm == NULL) {
443 printk("failed to load transform for deflate\n");
444 return;
445 }
446
447 for (i = 0; i < DEFLATE_COMP_TEST_VECTORS; i++) {
448 int ilen, ret, dlen = COMP_BUF_SIZE;
449
450 printk("test %u:\n", i + 1);
451 memset(result, 0, sizeof (result));
452
453 ilen = tv[i].inlen;
454 ret = crypto_comp_compress(tfm, tv[i].input,
455 ilen, result, &dlen);
456 if (ret) {
457 printk("fail: ret=%d\n", ret);
458 continue;
459 }
460 hexdump(result, dlen);
461 printk("%s (ratio %d:%d)\n",
462 memcmp(result, tv[i].output, dlen) ? "fail" : "pass",
463 ilen, dlen);
464 }
465
466 printk("\ntesting deflate decompression\n");
467
468 tsize = sizeof (deflate_decomp_tv_template);
469 if (tsize > TVMEMSIZE) {
470 printk("template (%u) too big for tvmem (%u)\n", tsize,
471 TVMEMSIZE);
472 goto out;
473 }
474
475 memcpy(tvmem, deflate_decomp_tv_template, tsize);
476 tv = (void *) tvmem;
477
478 for (i = 0; i < DEFLATE_DECOMP_TEST_VECTORS; i++) {
479 int ilen, ret, dlen = COMP_BUF_SIZE;
480
481 printk("test %u:\n", i + 1);
482 memset(result, 0, sizeof (result));
483
484 ilen = tv[i].inlen;
485 ret = crypto_comp_decompress(tfm, tv[i].input,
486 ilen, result, &dlen);
487 if (ret) {
488 printk("fail: ret=%d\n", ret);
489 continue;
490 }
491 hexdump(result, dlen);
492 printk("%s (ratio %d:%d)\n",
493 memcmp(result, tv[i].output, dlen) ? "fail" : "pass",
494 ilen, dlen);
495 }
496out:
497 crypto_free_tfm(tfm);
498}
499
500static void
501test_crc32c(void)
502{
503#define NUMVEC 6
504#define VECSIZE 40
505
506 int i, j, pass;
507 u32 crc;
508 u8 b, test_vec[NUMVEC][VECSIZE];
509 static u32 vec_results[NUMVEC] = {
510 0x0e2c157f, 0xe980ebf6, 0xde74bded,
511 0xd579c862, 0xba979ad0, 0x2b29d913
512 };
513 static u32 tot_vec_results = 0x24c5d375;
514
515 struct scatterlist sg[NUMVEC];
516 struct crypto_tfm *tfm;
517 char *fmtdata = "testing crc32c initialized to %08x: %s\n";
518#define SEEDTESTVAL 0xedcba987
519 u32 seed;
520
521 printk("\ntesting crc32c\n");
522
523 tfm = crypto_alloc_tfm("crc32c", 0);
524 if (tfm == NULL) {
525 printk("failed to load transform for crc32c\n");
526 return;
527 }
528
529 crypto_digest_init(tfm);
530 crypto_digest_final(tfm, (u8*)&crc);
531 printk(fmtdata, crc, (crc == 0) ? "pass" : "ERROR");
532
533 /*
534 * stuff test_vec with known values, simple incrementing
535 * byte values.
536 */
537 b = 0;
538 for (i = 0; i < NUMVEC; i++) {
539 for (j = 0; j < VECSIZE; j++)
540 test_vec[i][j] = ++b;
541 sg[i].page = virt_to_page(test_vec[i]);
542 sg[i].offset = offset_in_page(test_vec[i]);
543 sg[i].length = VECSIZE;
544 }
545
546 seed = SEEDTESTVAL;
547 (void)crypto_digest_setkey(tfm, (const u8*)&seed, sizeof(u32));
548 crypto_digest_final(tfm, (u8*)&crc);
549 printk("testing crc32c setkey returns %08x : %s\n", crc, (crc == (SEEDTESTVAL ^ ~(u32)0)) ?
550 "pass" : "ERROR");
551
552 printk("testing crc32c using update/final:\n");
553
554 pass = 1; /* assume all is well */
555
556 for (i = 0; i < NUMVEC; i++) {
557 seed = ~(u32)0;
558 (void)crypto_digest_setkey(tfm, (const u8*)&seed, sizeof(u32));
559 crypto_digest_update(tfm, &sg[i], 1);
560 crypto_digest_final(tfm, (u8*)&crc);
561 if (crc == vec_results[i]) {
562 printk(" %08x:OK", crc);
563 } else {
564 printk(" %08x:BAD, wanted %08x\n", crc, vec_results[i]);
565 pass = 0;
566 }
567 }
568
569 printk("\ntesting crc32c using incremental accumulator:\n");
570 crc = 0;
571 for (i = 0; i < NUMVEC; i++) {
572 seed = (crc ^ ~(u32)0);
573 (void)crypto_digest_setkey(tfm, (const u8*)&seed, sizeof(u32));
574 crypto_digest_update(tfm, &sg[i], 1);
575 crypto_digest_final(tfm, (u8*)&crc);
576 }
577 if (crc == tot_vec_results) {
578 printk(" %08x:OK", crc);
579 } else {
580 printk(" %08x:BAD, wanted %08x\n", crc, tot_vec_results);
581 pass = 0;
582 }
583
584 printk("\ntesting crc32c using digest:\n");
585 seed = ~(u32)0;
586 (void)crypto_digest_setkey(tfm, (const u8*)&seed, sizeof(u32));
587 crypto_digest_digest(tfm, sg, NUMVEC, (u8*)&crc);
588 if (crc == tot_vec_results) {
589 printk(" %08x:OK", crc);
590 } else {
591 printk(" %08x:BAD, wanted %08x\n", crc, tot_vec_results);
592 pass = 0;
593 }
594
595 printk("\n%s\n", pass ? "pass" : "ERROR");
596
597 crypto_free_tfm(tfm);
598 printk("crc32c test complete\n");
599}
600
601static void
602test_available(void)
603{
604 char **name = check;
605
606 while (*name) {
607 printk("alg %s ", *name);
608 printk((crypto_alg_available(*name, 0)) ?
609 "found\n" : "not found\n");
610 name++;
611 }
612}
613
614static void
615do_test(void)
616{
617 switch (mode) {
618
619 case 0:
620 test_hash("md5", md5_tv_template, MD5_TEST_VECTORS);
621
622 test_hash("sha1", sha1_tv_template, SHA1_TEST_VECTORS);
623
624 //DES
625 test_cipher ("des", MODE_ECB, ENCRYPT, des_enc_tv_template, DES_ENC_TEST_VECTORS);
626 test_cipher ("des", MODE_ECB, DECRYPT, des_dec_tv_template, DES_DEC_TEST_VECTORS);
627 test_cipher ("des", MODE_CBC, ENCRYPT, des_cbc_enc_tv_template, DES_CBC_ENC_TEST_VECTORS);
628 test_cipher ("des", MODE_CBC, DECRYPT, des_cbc_dec_tv_template, DES_CBC_DEC_TEST_VECTORS);
629
630 //DES3_EDE
631 test_cipher ("des3_ede", MODE_ECB, ENCRYPT, des3_ede_enc_tv_template, DES3_EDE_ENC_TEST_VECTORS);
632 test_cipher ("des3_ede", MODE_ECB, DECRYPT, des3_ede_dec_tv_template, DES3_EDE_DEC_TEST_VECTORS);
633
634 test_hash("md4", md4_tv_template, MD4_TEST_VECTORS);
635
636 test_hash("sha256", sha256_tv_template, SHA256_TEST_VECTORS);
637
638 //BLOWFISH
639 test_cipher ("blowfish", MODE_ECB, ENCRYPT, bf_enc_tv_template, BF_ENC_TEST_VECTORS);
640 test_cipher ("blowfish", MODE_ECB, DECRYPT, bf_dec_tv_template, BF_DEC_TEST_VECTORS);
641 test_cipher ("blowfish", MODE_CBC, ENCRYPT, bf_cbc_enc_tv_template, BF_CBC_ENC_TEST_VECTORS);
642 test_cipher ("blowfish", MODE_CBC, DECRYPT, bf_cbc_dec_tv_template, BF_CBC_DEC_TEST_VECTORS);
643
644 //TWOFISH
645 test_cipher ("twofish", MODE_ECB, ENCRYPT, tf_enc_tv_template, TF_ENC_TEST_VECTORS);
646 test_cipher ("twofish", MODE_ECB, DECRYPT, tf_dec_tv_template, TF_DEC_TEST_VECTORS);
647 test_cipher ("twofish", MODE_CBC, ENCRYPT, tf_cbc_enc_tv_template, TF_CBC_ENC_TEST_VECTORS);
648 test_cipher ("twofish", MODE_CBC, DECRYPT, tf_cbc_dec_tv_template, TF_CBC_DEC_TEST_VECTORS);
649
650 //SERPENT
651 test_cipher ("serpent", MODE_ECB, ENCRYPT, serpent_enc_tv_template, SERPENT_ENC_TEST_VECTORS);
652 test_cipher ("serpent", MODE_ECB, DECRYPT, serpent_dec_tv_template, SERPENT_DEC_TEST_VECTORS);
653
654 //TNEPRES
655 test_cipher ("tnepres", MODE_ECB, ENCRYPT, tnepres_enc_tv_template, TNEPRES_ENC_TEST_VECTORS);
656 test_cipher ("tnepres", MODE_ECB, DECRYPT, tnepres_dec_tv_template, TNEPRES_DEC_TEST_VECTORS);
657
658 //AES
659 test_cipher ("aes", MODE_ECB, ENCRYPT, aes_enc_tv_template, AES_ENC_TEST_VECTORS);
660 test_cipher ("aes", MODE_ECB, DECRYPT, aes_dec_tv_template, AES_DEC_TEST_VECTORS);
661
662 //CAST5
663 test_cipher ("cast5", MODE_ECB, ENCRYPT, cast5_enc_tv_template, CAST5_ENC_TEST_VECTORS);
664 test_cipher ("cast5", MODE_ECB, DECRYPT, cast5_dec_tv_template, CAST5_DEC_TEST_VECTORS);
665
666 //CAST6
667 test_cipher ("cast6", MODE_ECB, ENCRYPT, cast6_enc_tv_template, CAST6_ENC_TEST_VECTORS);
668 test_cipher ("cast6", MODE_ECB, DECRYPT, cast6_dec_tv_template, CAST6_DEC_TEST_VECTORS);
669
670 //ARC4
671 test_cipher ("arc4", MODE_ECB, ENCRYPT, arc4_enc_tv_template, ARC4_ENC_TEST_VECTORS);
672 test_cipher ("arc4", MODE_ECB, DECRYPT, arc4_dec_tv_template, ARC4_DEC_TEST_VECTORS);
673
674 //TEA
675 test_cipher ("tea", MODE_ECB, ENCRYPT, tea_enc_tv_template, TEA_ENC_TEST_VECTORS);
676 test_cipher ("tea", MODE_ECB, DECRYPT, tea_dec_tv_template, TEA_DEC_TEST_VECTORS);
677
678
679 //XTEA
680 test_cipher ("xtea", MODE_ECB, ENCRYPT, xtea_enc_tv_template, XTEA_ENC_TEST_VECTORS);
681 test_cipher ("xtea", MODE_ECB, DECRYPT, xtea_dec_tv_template, XTEA_DEC_TEST_VECTORS);
682
683 //KHAZAD
684 test_cipher ("khazad", MODE_ECB, ENCRYPT, khazad_enc_tv_template, KHAZAD_ENC_TEST_VECTORS);
685 test_cipher ("khazad", MODE_ECB, DECRYPT, khazad_dec_tv_template, KHAZAD_DEC_TEST_VECTORS);
686
687 //ANUBIS
688 test_cipher ("anubis", MODE_ECB, ENCRYPT, anubis_enc_tv_template, ANUBIS_ENC_TEST_VECTORS);
689 test_cipher ("anubis", MODE_ECB, DECRYPT, anubis_dec_tv_template, ANUBIS_DEC_TEST_VECTORS);
690 test_cipher ("anubis", MODE_CBC, ENCRYPT, anubis_cbc_enc_tv_template, ANUBIS_CBC_ENC_TEST_VECTORS);
691 test_cipher ("anubis", MODE_CBC, DECRYPT, anubis_cbc_dec_tv_template, ANUBIS_CBC_ENC_TEST_VECTORS);
692
693 test_hash("sha384", sha384_tv_template, SHA384_TEST_VECTORS);
694 test_hash("sha512", sha512_tv_template, SHA512_TEST_VECTORS);
695 test_hash("wp512", wp512_tv_template, WP512_TEST_VECTORS);
696 test_hash("wp384", wp384_tv_template, WP384_TEST_VECTORS);
697 test_hash("wp256", wp256_tv_template, WP256_TEST_VECTORS);
698 test_hash("tgr192", tgr192_tv_template, TGR192_TEST_VECTORS);
699 test_hash("tgr160", tgr160_tv_template, TGR160_TEST_VECTORS);
700 test_hash("tgr128", tgr128_tv_template, TGR128_TEST_VECTORS);
701 test_deflate();
702 test_crc32c();
703#ifdef CONFIG_CRYPTO_HMAC
704 test_hmac("md5", hmac_md5_tv_template, HMAC_MD5_TEST_VECTORS);
705 test_hmac("sha1", hmac_sha1_tv_template, HMAC_SHA1_TEST_VECTORS);
706 test_hmac("sha256", hmac_sha256_tv_template, HMAC_SHA256_TEST_VECTORS);
707#endif
708
709 test_hash("michael_mic", michael_mic_tv_template, MICHAEL_MIC_TEST_VECTORS);
710 break;
711
712 case 1:
713 test_hash("md5", md5_tv_template, MD5_TEST_VECTORS);
714 break;
715
716 case 2:
717 test_hash("sha1", sha1_tv_template, SHA1_TEST_VECTORS);
718 break;
719
720 case 3:
721 test_cipher ("des", MODE_ECB, ENCRYPT, des_enc_tv_template, DES_ENC_TEST_VECTORS);
722 test_cipher ("des", MODE_ECB, DECRYPT, des_dec_tv_template, DES_DEC_TEST_VECTORS);
723 test_cipher ("des", MODE_CBC, ENCRYPT, des_cbc_enc_tv_template, DES_CBC_ENC_TEST_VECTORS);
724 test_cipher ("des", MODE_CBC, DECRYPT, des_cbc_dec_tv_template, DES_CBC_DEC_TEST_VECTORS);
725 break;
726
727 case 4:
728 test_cipher ("des3_ede", MODE_ECB, ENCRYPT, des3_ede_enc_tv_template, DES3_EDE_ENC_TEST_VECTORS);
729 test_cipher ("des3_ede", MODE_ECB, DECRYPT, des3_ede_dec_tv_template, DES3_EDE_DEC_TEST_VECTORS);
730 break;
731
732 case 5:
733 test_hash("md4", md4_tv_template, MD4_TEST_VECTORS);
734 break;
735
736 case 6:
737 test_hash("sha256", sha256_tv_template, SHA256_TEST_VECTORS);
738 break;
739
740 case 7:
741 test_cipher ("blowfish", MODE_ECB, ENCRYPT, bf_enc_tv_template, BF_ENC_TEST_VECTORS);
742 test_cipher ("blowfish", MODE_ECB, DECRYPT, bf_dec_tv_template, BF_DEC_TEST_VECTORS);
743 test_cipher ("blowfish", MODE_CBC, ENCRYPT, bf_cbc_enc_tv_template, BF_CBC_ENC_TEST_VECTORS);
744 test_cipher ("blowfish", MODE_CBC, DECRYPT, bf_cbc_dec_tv_template, BF_CBC_DEC_TEST_VECTORS);
745 break;
746
747 case 8:
748 test_cipher ("twofish", MODE_ECB, ENCRYPT, tf_enc_tv_template, TF_ENC_TEST_VECTORS);
749 test_cipher ("twofish", MODE_ECB, DECRYPT, tf_dec_tv_template, TF_DEC_TEST_VECTORS);
750 test_cipher ("twofish", MODE_CBC, ENCRYPT, tf_cbc_enc_tv_template, TF_CBC_ENC_TEST_VECTORS);
751 test_cipher ("twofish", MODE_CBC, DECRYPT, tf_cbc_dec_tv_template, TF_CBC_DEC_TEST_VECTORS);
752 break;
753
754 case 9:
755 test_cipher ("serpent", MODE_ECB, ENCRYPT, serpent_enc_tv_template, SERPENT_ENC_TEST_VECTORS);
756 test_cipher ("serpent", MODE_ECB, DECRYPT, serpent_dec_tv_template, SERPENT_DEC_TEST_VECTORS);
757 break;
758
759 case 10:
760 test_cipher ("aes", MODE_ECB, ENCRYPT, aes_enc_tv_template, AES_ENC_TEST_VECTORS);
761 test_cipher ("aes", MODE_ECB, DECRYPT, aes_dec_tv_template, AES_DEC_TEST_VECTORS);
762 break;
763
764 case 11:
765 test_hash("sha384", sha384_tv_template, SHA384_TEST_VECTORS);
766 break;
767
768 case 12:
769 test_hash("sha512", sha512_tv_template, SHA512_TEST_VECTORS);
770 break;
771
772 case 13:
773 test_deflate();
774 break;
775
776 case 14:
777 test_cipher ("cast5", MODE_ECB, ENCRYPT, cast5_enc_tv_template, CAST5_ENC_TEST_VECTORS);
778 test_cipher ("cast5", MODE_ECB, DECRYPT, cast5_dec_tv_template, CAST5_DEC_TEST_VECTORS);
779 break;
780
781 case 15:
782 test_cipher ("cast6", MODE_ECB, ENCRYPT, cast6_enc_tv_template, CAST6_ENC_TEST_VECTORS);
783 test_cipher ("cast6", MODE_ECB, DECRYPT, cast6_dec_tv_template, CAST6_DEC_TEST_VECTORS);
784 break;
785
786 case 16:
787 test_cipher ("arc4", MODE_ECB, ENCRYPT, arc4_enc_tv_template, ARC4_ENC_TEST_VECTORS);
788 test_cipher ("arc4", MODE_ECB, DECRYPT, arc4_dec_tv_template, ARC4_DEC_TEST_VECTORS);
789 break;
790
791 case 17:
792 test_hash("michael_mic", michael_mic_tv_template, MICHAEL_MIC_TEST_VECTORS);
793 break;
794
795 case 18:
796 test_crc32c();
797 break;
798
799 case 19:
800 test_cipher ("tea", MODE_ECB, ENCRYPT, tea_enc_tv_template, TEA_ENC_TEST_VECTORS);
801 test_cipher ("tea", MODE_ECB, DECRYPT, tea_dec_tv_template, TEA_DEC_TEST_VECTORS);
802 break;
803
804 case 20:
805 test_cipher ("xtea", MODE_ECB, ENCRYPT, xtea_enc_tv_template, XTEA_ENC_TEST_VECTORS);
806 test_cipher ("xtea", MODE_ECB, DECRYPT, xtea_dec_tv_template, XTEA_DEC_TEST_VECTORS);
807 break;
808
809 case 21:
810 test_cipher ("khazad", MODE_ECB, ENCRYPT, khazad_enc_tv_template, KHAZAD_ENC_TEST_VECTORS);
811 test_cipher ("khazad", MODE_ECB, DECRYPT, khazad_dec_tv_template, KHAZAD_DEC_TEST_VECTORS);
812 break;
813
814 case 22:
815 test_hash("wp512", wp512_tv_template, WP512_TEST_VECTORS);
816 break;
817
818 case 23:
819 test_hash("wp384", wp384_tv_template, WP384_TEST_VECTORS);
820 break;
821
822 case 24:
823 test_hash("wp256", wp256_tv_template, WP256_TEST_VECTORS);
824 break;
825
826 case 25:
827 test_cipher ("tnepres", MODE_ECB, ENCRYPT, tnepres_enc_tv_template, TNEPRES_ENC_TEST_VECTORS);
828 test_cipher ("tnepres", MODE_ECB, DECRYPT, tnepres_dec_tv_template, TNEPRES_DEC_TEST_VECTORS);
829 break;
830
831 case 26:
832 test_cipher ("anubis", MODE_ECB, ENCRYPT, anubis_enc_tv_template, ANUBIS_ENC_TEST_VECTORS);
833 test_cipher ("anubis", MODE_ECB, DECRYPT, anubis_dec_tv_template, ANUBIS_DEC_TEST_VECTORS);
834 test_cipher ("anubis", MODE_CBC, ENCRYPT, anubis_cbc_enc_tv_template, ANUBIS_CBC_ENC_TEST_VECTORS);
835 test_cipher ("anubis", MODE_CBC, DECRYPT, anubis_cbc_dec_tv_template, ANUBIS_CBC_ENC_TEST_VECTORS);
836 break;
837
838 case 27:
839 test_hash("tgr192", tgr192_tv_template, TGR192_TEST_VECTORS);
840 break;
841
842 case 28:
843
844 test_hash("tgr160", tgr160_tv_template, TGR160_TEST_VECTORS);
845 break;
846
847 case 29:
848 test_hash("tgr128", tgr128_tv_template, TGR128_TEST_VECTORS);
849 break;
850
851#ifdef CONFIG_CRYPTO_HMAC
852 case 100:
853 test_hmac("md5", hmac_md5_tv_template, HMAC_MD5_TEST_VECTORS);
854 break;
855
856 case 101:
857 test_hmac("sha1", hmac_sha1_tv_template, HMAC_SHA1_TEST_VECTORS);
858 break;
859
860 case 102:
861 test_hmac("sha256", hmac_sha256_tv_template, HMAC_SHA256_TEST_VECTORS);
862 break;
863
864#endif
865
866 case 1000:
867 test_available();
868 break;
869
870 default:
871 /* useful for debugging */
872 printk("not testing anything\n");
873 break;
874 }
875}
876
877static int __init
878init(void)
879{
880 tvmem = kmalloc(TVMEMSIZE, GFP_KERNEL);
881 if (tvmem == NULL)
882 return -ENOMEM;
883
884 xbuf = kmalloc(XBUFSIZE, GFP_KERNEL);
885 if (xbuf == NULL) {
886 kfree(tvmem);
887 return -ENOMEM;
888 }
889
890 do_test();
891
892 kfree(xbuf);
893 kfree(tvmem);
894 return 0;
895}
896
897/*
898 * If an init function is provided, an exit function must also be provided
899 * to allow module unload.
900 */
901static void __exit fini(void) { }
902
903module_init(init);
904module_exit(fini);
905
906module_param(mode, int, 0);
907
908MODULE_LICENSE("GPL");
909MODULE_DESCRIPTION("Quick & dirty crypto testing module");
910MODULE_AUTHOR("James Morris <jmorris@intercode.com.au>");
diff --git a/crypto/tcrypt.h b/crypto/tcrypt.h
new file mode 100644
index 000000000000..a3097afae593
--- /dev/null
+++ b/crypto/tcrypt.h
@@ -0,0 +1,2746 @@
1/*
2 * Quick & dirty crypto testing module.
3 *
4 * This will only exist until we have a better testing mechanism
5 * (e.g. a char device).
6 *
7 * Copyright (c) 2002 James Morris <jmorris@intercode.com.au>
8 * Copyright (c) 2002 Jean-Francois Dive <jef@linuxbe.org>
9 *
10 * This program is free software; you can redistribute it and/or modify it
11 * under the terms of the GNU General Public License as published by the Free
12 * Software Foundation; either version 2 of the License, or (at your option)
13 * any later version.
14 *
15 * 14 - 09 - 2003 Changes by Kartikey Mahendra Bhatt
16 *
17 */
18#ifndef _CRYPTO_TCRYPT_H
19#define _CRYPTO_TCRYPT_H
20
21#define MAX_DIGEST_SIZE 64
22#define MAX_TAP 8
23
24#define MAX_KEYLEN 56
25#define MAX_IVLEN 32
26
27struct hash_testvec {
28 char plaintext[128];
29 unsigned char psize;
30 char digest[MAX_DIGEST_SIZE];
31 unsigned char np;
32 unsigned char tap[MAX_TAP];
33 char key[128]; /* only used with keyed hash algorithms */
34 unsigned char ksize;
35};
36
37struct hmac_testvec {
38 char key[128];
39 unsigned char ksize;
40 char plaintext[128];
41 unsigned char psize;
42 char digest[MAX_DIGEST_SIZE];
43 unsigned char np;
44 unsigned char tap[MAX_TAP];
45};
46
47struct cipher_testvec {
48 unsigned char fail;
49 unsigned char wk; /* weak key flag */
50 char key[MAX_KEYLEN];
51 unsigned char klen;
52 char iv[MAX_IVLEN];
53 char input[48];
54 unsigned char ilen;
55 char result[48];
56 unsigned char rlen;
57 int np;
58 unsigned char tap[MAX_TAP];
59};
60
61/*
62 * MD4 test vectors from RFC1320
63 */
64#define MD4_TEST_VECTORS 7
65
66static struct hash_testvec md4_tv_template [] = {
67 {
68 .plaintext = "",
69 .digest = { 0x31, 0xd6, 0xcf, 0xe0, 0xd1, 0x6a, 0xe9, 0x31,
70 0xb7, 0x3c, 0x59, 0xd7, 0xe0, 0xc0, 0x89, 0xc0 },
71 }, {
72 .plaintext = "a",
73 .psize = 1,
74 .digest = { 0xbd, 0xe5, 0x2c, 0xb3, 0x1d, 0xe3, 0x3e, 0x46,
75 0x24, 0x5e, 0x05, 0xfb, 0xdb, 0xd6, 0xfb, 0x24 },
76 }, {
77 .plaintext = "abc",
78 .psize = 3,
79 .digest = { 0xa4, 0x48, 0x01, 0x7a, 0xaf, 0x21, 0xd8, 0x52,
80 0x5f, 0xc1, 0x0a, 0xe8, 0x7a, 0xa6, 0x72, 0x9d },
81 }, {
82 .plaintext = "message digest",
83 .psize = 14,
84 .digest = { 0xd9, 0x13, 0x0a, 0x81, 0x64, 0x54, 0x9f, 0xe8,
85 0x18, 0x87, 0x48, 0x06, 0xe1, 0xc7, 0x01, 0x4b },
86 }, {
87 .plaintext = "abcdefghijklmnopqrstuvwxyz",
88 .psize = 26,
89 .digest = { 0xd7, 0x9e, 0x1c, 0x30, 0x8a, 0xa5, 0xbb, 0xcd,
90 0xee, 0xa8, 0xed, 0x63, 0xdf, 0x41, 0x2d, 0xa9 },
91 .np = 2,
92 .tap = { 13, 13 },
93 }, {
94 .plaintext = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789",
95 .psize = 62,
96 .digest = { 0x04, 0x3f, 0x85, 0x82, 0xf2, 0x41, 0xdb, 0x35,
97 0x1c, 0xe6, 0x27, 0xe1, 0x53, 0xe7, 0xf0, 0xe4 },
98 }, {
99 .plaintext = "123456789012345678901234567890123456789012345678901234567890123"
100 "45678901234567890",
101 .psize = 80,
102 .digest = { 0xe3, 0x3b, 0x4d, 0xdc, 0x9c, 0x38, 0xf2, 0x19,
103 0x9c, 0x3e, 0x7b, 0x16, 0x4f, 0xcc, 0x05, 0x36 },
104 },
105};
106
107/*
108 * MD5 test vectors from RFC1321
109 */
110#define MD5_TEST_VECTORS 7
111
112static struct hash_testvec md5_tv_template[] = {
113 {
114 .digest = { 0xd4, 0x1d, 0x8c, 0xd9, 0x8f, 0x00, 0xb2, 0x04,
115 0xe9, 0x80, 0x09, 0x98, 0xec, 0xf8, 0x42, 0x7e },
116 }, {
117 .plaintext = "a",
118 .psize = 1,
119 .digest = { 0x0c, 0xc1, 0x75, 0xb9, 0xc0, 0xf1, 0xb6, 0xa8,
120 0x31, 0xc3, 0x99, 0xe2, 0x69, 0x77, 0x26, 0x61 },
121 }, {
122 .plaintext = "abc",
123 .psize = 3,
124 .digest = { 0x90, 0x01, 0x50, 0x98, 0x3c, 0xd2, 0x4f, 0xb0,
125 0xd6, 0x96, 0x3f, 0x7d, 0x28, 0xe1, 0x7f, 0x72 },
126 }, {
127 .plaintext = "message digest",
128 .psize = 14,
129 .digest = { 0xf9, 0x6b, 0x69, 0x7d, 0x7c, 0xb7, 0x93, 0x8d,
130 0x52, 0x5a, 0x2f, 0x31, 0xaa, 0xf1, 0x61, 0xd0 },
131 }, {
132 .plaintext = "abcdefghijklmnopqrstuvwxyz",
133 .psize = 26,
134 .digest = { 0xc3, 0xfc, 0xd3, 0xd7, 0x61, 0x92, 0xe4, 0x00,
135 0x7d, 0xfb, 0x49, 0x6c, 0xca, 0x67, 0xe1, 0x3b },
136 .np = 2,
137 .tap = {13, 13}
138 }, {
139 .plaintext = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789",
140 .psize = 62,
141 .digest = { 0xd1, 0x74, 0xab, 0x98, 0xd2, 0x77, 0xd9, 0xf5,
142 0xa5, 0x61, 0x1c, 0x2c, 0x9f, 0x41, 0x9d, 0x9f },
143 }, {
144 .plaintext = "12345678901234567890123456789012345678901234567890123456789012"
145 "345678901234567890",
146 .psize = 80,
147 .digest = { 0x57, 0xed, 0xf4, 0xa2, 0x2b, 0xe3, 0xc9, 0x55,
148 0xac, 0x49, 0xda, 0x2e, 0x21, 0x07, 0xb6, 0x7a },
149 }
150};
151
152/*
153 * SHA1 test vectors from from FIPS PUB 180-1
154 */
155#define SHA1_TEST_VECTORS 2
156
157static struct hash_testvec sha1_tv_template[] = {
158 {
159 .plaintext = "abc",
160 .psize = 3,
161 .digest = { 0xa9, 0x99, 0x3e, 0x36, 0x47, 0x06, 0x81, 0x6a, 0xba, 0x3e,
162 0x25, 0x71, 0x78, 0x50, 0xc2, 0x6c, 0x9c, 0xd0, 0xd8, 0x9d },
163 }, {
164 .plaintext = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq",
165 .psize = 56,
166 .digest = { 0x84, 0x98, 0x3e, 0x44, 0x1c, 0x3b, 0xd2, 0x6e, 0xba, 0xae,
167 0x4a, 0xa1, 0xf9, 0x51, 0x29, 0xe5, 0xe5, 0x46, 0x70, 0xf1 },
168 .np = 2,
169 .tap = { 28, 28 }
170 }
171};
172
173/*
174 * SHA256 test vectors from from NIST
175 */
176#define SHA256_TEST_VECTORS 2
177
178static struct hash_testvec sha256_tv_template[] = {
179 {
180 .plaintext = "abc",
181 .psize = 3,
182 .digest = { 0xba, 0x78, 0x16, 0xbf, 0x8f, 0x01, 0xcf, 0xea,
183 0x41, 0x41, 0x40, 0xde, 0x5d, 0xae, 0x22, 0x23,
184 0xb0, 0x03, 0x61, 0xa3, 0x96, 0x17, 0x7a, 0x9c,
185 0xb4, 0x10, 0xff, 0x61, 0xf2, 0x00, 0x15, 0xad },
186 }, {
187 .plaintext = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq",
188 .psize = 56,
189 .digest = { 0x24, 0x8d, 0x6a, 0x61, 0xd2, 0x06, 0x38, 0xb8,
190 0xe5, 0xc0, 0x26, 0x93, 0x0c, 0x3e, 0x60, 0x39,
191 0xa3, 0x3c, 0xe4, 0x59, 0x64, 0xff, 0x21, 0x67,
192 0xf6, 0xec, 0xed, 0xd4, 0x19, 0xdb, 0x06, 0xc1 },
193 .np = 2,
194 .tap = { 28, 28 }
195 },
196};
197
198/*
199 * SHA384 test vectors from from NIST and kerneli
200 */
201#define SHA384_TEST_VECTORS 4
202
203static struct hash_testvec sha384_tv_template[] = {
204 {
205 .plaintext= "abc",
206 .psize = 3,
207 .digest = { 0xcb, 0x00, 0x75, 0x3f, 0x45, 0xa3, 0x5e, 0x8b,
208 0xb5, 0xa0, 0x3d, 0x69, 0x9a, 0xc6, 0x50, 0x07,
209 0x27, 0x2c, 0x32, 0xab, 0x0e, 0xde, 0xd1, 0x63,
210 0x1a, 0x8b, 0x60, 0x5a, 0x43, 0xff, 0x5b, 0xed,
211 0x80, 0x86, 0x07, 0x2b, 0xa1, 0xe7, 0xcc, 0x23,
212 0x58, 0xba, 0xec, 0xa1, 0x34, 0xc8, 0x25, 0xa7 },
213 }, {
214 .plaintext = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq",
215 .psize = 56,
216 .digest = { 0x33, 0x91, 0xfd, 0xdd, 0xfc, 0x8d, 0xc7, 0x39,
217 0x37, 0x07, 0xa6, 0x5b, 0x1b, 0x47, 0x09, 0x39,
218 0x7c, 0xf8, 0xb1, 0xd1, 0x62, 0xaf, 0x05, 0xab,
219 0xfe, 0x8f, 0x45, 0x0d, 0xe5, 0xf3, 0x6b, 0xc6,
220 0xb0, 0x45, 0x5a, 0x85, 0x20, 0xbc, 0x4e, 0x6f,
221 0x5f, 0xe9, 0x5b, 0x1f, 0xe3, 0xc8, 0x45, 0x2b},
222 }, {
223 .plaintext = "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmn"
224 "hijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu",
225 .psize = 112,
226 .digest = { 0x09, 0x33, 0x0c, 0x33, 0xf7, 0x11, 0x47, 0xe8,
227 0x3d, 0x19, 0x2f, 0xc7, 0x82, 0xcd, 0x1b, 0x47,
228 0x53, 0x11, 0x1b, 0x17, 0x3b, 0x3b, 0x05, 0xd2,
229 0x2f, 0xa0, 0x80, 0x86, 0xe3, 0xb0, 0xf7, 0x12,
230 0xfc, 0xc7, 0xc7, 0x1a, 0x55, 0x7e, 0x2d, 0xb9,
231 0x66, 0xc3, 0xe9, 0xfa, 0x91, 0x74, 0x60, 0x39 },
232 }, {
233 .plaintext = "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcd"
234 "efghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyz",
235 .psize = 104,
236 .digest = { 0x3d, 0x20, 0x89, 0x73, 0xab, 0x35, 0x08, 0xdb,
237 0xbd, 0x7e, 0x2c, 0x28, 0x62, 0xba, 0x29, 0x0a,
238 0xd3, 0x01, 0x0e, 0x49, 0x78, 0xc1, 0x98, 0xdc,
239 0x4d, 0x8f, 0xd0, 0x14, 0xe5, 0x82, 0x82, 0x3a,
240 0x89, 0xe1, 0x6f, 0x9b, 0x2a, 0x7b, 0xbc, 0x1a,
241 0xc9, 0x38, 0xe2, 0xd1, 0x99, 0xe8, 0xbe, 0xa4 },
242 .np = 4,
243 .tap = { 26, 26, 26, 26 }
244 },
245};
246
247/*
248 * SHA512 test vectors from from NIST and kerneli
249 */
250#define SHA512_TEST_VECTORS 4
251
252static struct hash_testvec sha512_tv_template[] = {
253 {
254 .plaintext = "abc",
255 .psize = 3,
256 .digest = { 0xdd, 0xaf, 0x35, 0xa1, 0x93, 0x61, 0x7a, 0xba,
257 0xcc, 0x41, 0x73, 0x49, 0xae, 0x20, 0x41, 0x31,
258 0x12, 0xe6, 0xfa, 0x4e, 0x89, 0xa9, 0x7e, 0xa2,
259 0x0a, 0x9e, 0xee, 0xe6, 0x4b, 0x55, 0xd3, 0x9a,
260 0x21, 0x92, 0x99, 0x2a, 0x27, 0x4f, 0xc1, 0xa8,
261 0x36, 0xba, 0x3c, 0x23, 0xa3, 0xfe, 0xeb, 0xbd,
262 0x45, 0x4d, 0x44, 0x23, 0x64, 0x3c, 0xe8, 0x0e,
263 0x2a, 0x9a, 0xc9, 0x4f, 0xa5, 0x4c, 0xa4, 0x9f },
264 }, {
265 .plaintext = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq",
266 .psize = 56,
267 .digest = { 0x20, 0x4a, 0x8f, 0xc6, 0xdd, 0xa8, 0x2f, 0x0a,
268 0x0c, 0xed, 0x7b, 0xeb, 0x8e, 0x08, 0xa4, 0x16,
269 0x57, 0xc1, 0x6e, 0xf4, 0x68, 0xb2, 0x28, 0xa8,
270 0x27, 0x9b, 0xe3, 0x31, 0xa7, 0x03, 0xc3, 0x35,
271 0x96, 0xfd, 0x15, 0xc1, 0x3b, 0x1b, 0x07, 0xf9,
272 0xaa, 0x1d, 0x3b, 0xea, 0x57, 0x78, 0x9c, 0xa0,
273 0x31, 0xad, 0x85, 0xc7, 0xa7, 0x1d, 0xd7, 0x03,
274 0x54, 0xec, 0x63, 0x12, 0x38, 0xca, 0x34, 0x45 },
275 }, {
276 .plaintext = "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmn"
277 "hijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu",
278 .psize = 112,
279 .digest = { 0x8e, 0x95, 0x9b, 0x75, 0xda, 0xe3, 0x13, 0xda,
280 0x8c, 0xf4, 0xf7, 0x28, 0x14, 0xfc, 0x14, 0x3f,
281 0x8f, 0x77, 0x79, 0xc6, 0xeb, 0x9f, 0x7f, 0xa1,
282 0x72, 0x99, 0xae, 0xad, 0xb6, 0x88, 0x90, 0x18,
283 0x50, 0x1d, 0x28, 0x9e, 0x49, 0x00, 0xf7, 0xe4,
284 0x33, 0x1b, 0x99, 0xde, 0xc4, 0xb5, 0x43, 0x3a,
285 0xc7, 0xd3, 0x29, 0xee, 0xb6, 0xdd, 0x26, 0x54,
286 0x5e, 0x96, 0xe5, 0x5b, 0x87, 0x4b, 0xe9, 0x09 },
287 }, {
288 .plaintext = "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcd"
289 "efghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyz",
290 .psize = 104,
291 .digest = { 0x93, 0x0d, 0x0c, 0xef, 0xcb, 0x30, 0xff, 0x11,
292 0x33, 0xb6, 0x89, 0x81, 0x21, 0xf1, 0xcf, 0x3d,
293 0x27, 0x57, 0x8a, 0xfc, 0xaf, 0xe8, 0x67, 0x7c,
294 0x52, 0x57, 0xcf, 0x06, 0x99, 0x11, 0xf7, 0x5d,
295 0x8f, 0x58, 0x31, 0xb5, 0x6e, 0xbf, 0xda, 0x67,
296 0xb2, 0x78, 0xe6, 0x6d, 0xff, 0x8b, 0x84, 0xfe,
297 0x2b, 0x28, 0x70, 0xf7, 0x42, 0xa5, 0x80, 0xd8,
298 0xed, 0xb4, 0x19, 0x87, 0x23, 0x28, 0x50, 0xc9 },
299 .np = 4,
300 .tap = { 26, 26, 26, 26 }
301 },
302};
303
304
305/*
306 * WHIRLPOOL test vectors from Whirlpool package
307 * by Vincent Rijmen and Paulo S. L. M. Barreto as part of the NESSIE
308 * submission
309 */
310#define WP512_TEST_VECTORS 8
311
312static struct hash_testvec wp512_tv_template[] = {
313 {
314 .plaintext = "",
315 .psize = 0,
316 .digest = { 0x19, 0xFA, 0x61, 0xD7, 0x55, 0x22, 0xA4, 0x66,
317 0x9B, 0x44, 0xE3, 0x9C, 0x1D, 0x2E, 0x17, 0x26,
318 0xC5, 0x30, 0x23, 0x21, 0x30, 0xD4, 0x07, 0xF8,
319 0x9A, 0xFE, 0xE0, 0x96, 0x49, 0x97, 0xF7, 0xA7,
320 0x3E, 0x83, 0xBE, 0x69, 0x8B, 0x28, 0x8F, 0xEB,
321 0xCF, 0x88, 0xE3, 0xE0, 0x3C, 0x4F, 0x07, 0x57,
322 0xEA, 0x89, 0x64, 0xE5, 0x9B, 0x63, 0xD9, 0x37,
323 0x08, 0xB1, 0x38, 0xCC, 0x42, 0xA6, 0x6E, 0xB3 },
324
325
326 }, {
327 .plaintext = "a",
328 .psize = 1,
329 .digest = { 0x8A, 0xCA, 0x26, 0x02, 0x79, 0x2A, 0xEC, 0x6F,
330 0x11, 0xA6, 0x72, 0x06, 0x53, 0x1F, 0xB7, 0xD7,
331 0xF0, 0xDF, 0xF5, 0x94, 0x13, 0x14, 0x5E, 0x69,
332 0x73, 0xC4, 0x50, 0x01, 0xD0, 0x08, 0x7B, 0x42,
333 0xD1, 0x1B, 0xC6, 0x45, 0x41, 0x3A, 0xEF, 0xF6,
334 0x3A, 0x42, 0x39, 0x1A, 0x39, 0x14, 0x5A, 0x59,
335 0x1A, 0x92, 0x20, 0x0D, 0x56, 0x01, 0x95, 0xE5,
336 0x3B, 0x47, 0x85, 0x84, 0xFD, 0xAE, 0x23, 0x1A },
337 }, {
338 .plaintext = "abc",
339 .psize = 3,
340 .digest = { 0x4E, 0x24, 0x48, 0xA4, 0xC6, 0xF4, 0x86, 0xBB,
341 0x16, 0xB6, 0x56, 0x2C, 0x73, 0xB4, 0x02, 0x0B,
342 0xF3, 0x04, 0x3E, 0x3A, 0x73, 0x1B, 0xCE, 0x72,
343 0x1A, 0xE1, 0xB3, 0x03, 0xD9, 0x7E, 0x6D, 0x4C,
344 0x71, 0x81, 0xEE, 0xBD, 0xB6, 0xC5, 0x7E, 0x27,
345 0x7D, 0x0E, 0x34, 0x95, 0x71, 0x14, 0xCB, 0xD6,
346 0xC7, 0x97, 0xFC, 0x9D, 0x95, 0xD8, 0xB5, 0x82,
347 0xD2, 0x25, 0x29, 0x20, 0x76, 0xD4, 0xEE, 0xF5 },
348 }, {
349 .plaintext = "message digest",
350 .psize = 14,
351 .digest = { 0x37, 0x8C, 0x84, 0xA4, 0x12, 0x6E, 0x2D, 0xC6,
352 0xE5, 0x6D, 0xCC, 0x74, 0x58, 0x37, 0x7A, 0xAC,
353 0x83, 0x8D, 0x00, 0x03, 0x22, 0x30, 0xF5, 0x3C,
354 0xE1, 0xF5, 0x70, 0x0C, 0x0F, 0xFB, 0x4D, 0x3B,
355 0x84, 0x21, 0x55, 0x76, 0x59, 0xEF, 0x55, 0xC1,
356 0x06, 0xB4, 0xB5, 0x2A, 0xC5, 0xA4, 0xAA, 0xA6,
357 0x92, 0xED, 0x92, 0x00, 0x52, 0x83, 0x8F, 0x33,
358 0x62, 0xE8, 0x6D, 0xBD, 0x37, 0xA8, 0x90, 0x3E },
359 }, {
360 .plaintext = "abcdefghijklmnopqrstuvwxyz",
361 .psize = 26,
362 .digest = { 0xF1, 0xD7, 0x54, 0x66, 0x26, 0x36, 0xFF, 0xE9,
363 0x2C, 0x82, 0xEB, 0xB9, 0x21, 0x2A, 0x48, 0x4A,
364 0x8D, 0x38, 0x63, 0x1E, 0xAD, 0x42, 0x38, 0xF5,
365 0x44, 0x2E, 0xE1, 0x3B, 0x80, 0x54, 0xE4, 0x1B,
366 0x08, 0xBF, 0x2A, 0x92, 0x51, 0xC3, 0x0B, 0x6A,
367 0x0B, 0x8A, 0xAE, 0x86, 0x17, 0x7A, 0xB4, 0xA6,
368 0xF6, 0x8F, 0x67, 0x3E, 0x72, 0x07, 0x86, 0x5D,
369 0x5D, 0x98, 0x19, 0xA3, 0xDB, 0xA4, 0xEB, 0x3B },
370 }, {
371 .plaintext = "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
372 "abcdefghijklmnopqrstuvwxyz0123456789",
373 .psize = 62,
374 .digest = { 0xDC, 0x37, 0xE0, 0x08, 0xCF, 0x9E, 0xE6, 0x9B,
375 0xF1, 0x1F, 0x00, 0xED, 0x9A, 0xBA, 0x26, 0x90,
376 0x1D, 0xD7, 0xC2, 0x8C, 0xDE, 0xC0, 0x66, 0xCC,
377 0x6A, 0xF4, 0x2E, 0x40, 0xF8, 0x2F, 0x3A, 0x1E,
378 0x08, 0xEB, 0xA2, 0x66, 0x29, 0x12, 0x9D, 0x8F,
379 0xB7, 0xCB, 0x57, 0x21, 0x1B, 0x92, 0x81, 0xA6,
380 0x55, 0x17, 0xCC, 0x87, 0x9D, 0x7B, 0x96, 0x21,
381 0x42, 0xC6, 0x5F, 0x5A, 0x7A, 0xF0, 0x14, 0x67 },
382 }, {
383 .plaintext = "1234567890123456789012345678901234567890"
384 "1234567890123456789012345678901234567890",
385 .psize = 80,
386 .digest = { 0x46, 0x6E, 0xF1, 0x8B, 0xAB, 0xB0, 0x15, 0x4D,
387 0x25, 0xB9, 0xD3, 0x8A, 0x64, 0x14, 0xF5, 0xC0,
388 0x87, 0x84, 0x37, 0x2B, 0xCC, 0xB2, 0x04, 0xD6,
389 0x54, 0x9C, 0x4A, 0xFA, 0xDB, 0x60, 0x14, 0x29,
390 0x4D, 0x5B, 0xD8, 0xDF, 0x2A, 0x6C, 0x44, 0xE5,
391 0x38, 0xCD, 0x04, 0x7B, 0x26, 0x81, 0xA5, 0x1A,
392 0x2C, 0x60, 0x48, 0x1E, 0x88, 0xC5, 0xA2, 0x0B,
393 0x2C, 0x2A, 0x80, 0xCF, 0x3A, 0x9A, 0x08, 0x3B },
394 }, {
395 .plaintext = "abcdbcdecdefdefgefghfghighijhijk",
396 .psize = 32,
397 .digest = { 0x2A, 0x98, 0x7E, 0xA4, 0x0F, 0x91, 0x70, 0x61,
398 0xF5, 0xD6, 0xF0, 0xA0, 0xE4, 0x64, 0x4F, 0x48,
399 0x8A, 0x7A, 0x5A, 0x52, 0xDE, 0xEE, 0x65, 0x62,
400 0x07, 0xC5, 0x62, 0xF9, 0x88, 0xE9, 0x5C, 0x69,
401 0x16, 0xBD, 0xC8, 0x03, 0x1B, 0xC5, 0xBE, 0x1B,
402 0x7B, 0x94, 0x76, 0x39, 0xFE, 0x05, 0x0B, 0x56,
403 0x93, 0x9B, 0xAA, 0xA0, 0xAD, 0xFF, 0x9A, 0xE6,
404 0x74, 0x5B, 0x7B, 0x18, 0x1C, 0x3B, 0xE3, 0xFD },
405 },
406};
407
408#define WP384_TEST_VECTORS 8
409
410static struct hash_testvec wp384_tv_template[] = {
411 {
412 .plaintext = "",
413 .psize = 0,
414 .digest = { 0x19, 0xFA, 0x61, 0xD7, 0x55, 0x22, 0xA4, 0x66,
415 0x9B, 0x44, 0xE3, 0x9C, 0x1D, 0x2E, 0x17, 0x26,
416 0xC5, 0x30, 0x23, 0x21, 0x30, 0xD4, 0x07, 0xF8,
417 0x9A, 0xFE, 0xE0, 0x96, 0x49, 0x97, 0xF7, 0xA7,
418 0x3E, 0x83, 0xBE, 0x69, 0x8B, 0x28, 0x8F, 0xEB,
419 0xCF, 0x88, 0xE3, 0xE0, 0x3C, 0x4F, 0x07, 0x57 },
420
421
422 }, {
423 .plaintext = "a",
424 .psize = 1,
425 .digest = { 0x8A, 0xCA, 0x26, 0x02, 0x79, 0x2A, 0xEC, 0x6F,
426 0x11, 0xA6, 0x72, 0x06, 0x53, 0x1F, 0xB7, 0xD7,
427 0xF0, 0xDF, 0xF5, 0x94, 0x13, 0x14, 0x5E, 0x69,
428 0x73, 0xC4, 0x50, 0x01, 0xD0, 0x08, 0x7B, 0x42,
429 0xD1, 0x1B, 0xC6, 0x45, 0x41, 0x3A, 0xEF, 0xF6,
430 0x3A, 0x42, 0x39, 0x1A, 0x39, 0x14, 0x5A, 0x59 },
431 }, {
432 .plaintext = "abc",
433 .psize = 3,
434 .digest = { 0x4E, 0x24, 0x48, 0xA4, 0xC6, 0xF4, 0x86, 0xBB,
435 0x16, 0xB6, 0x56, 0x2C, 0x73, 0xB4, 0x02, 0x0B,
436 0xF3, 0x04, 0x3E, 0x3A, 0x73, 0x1B, 0xCE, 0x72,
437 0x1A, 0xE1, 0xB3, 0x03, 0xD9, 0x7E, 0x6D, 0x4C,
438 0x71, 0x81, 0xEE, 0xBD, 0xB6, 0xC5, 0x7E, 0x27,
439 0x7D, 0x0E, 0x34, 0x95, 0x71, 0x14, 0xCB, 0xD6 },
440 }, {
441 .plaintext = "message digest",
442 .psize = 14,
443 .digest = { 0x37, 0x8C, 0x84, 0xA4, 0x12, 0x6E, 0x2D, 0xC6,
444 0xE5, 0x6D, 0xCC, 0x74, 0x58, 0x37, 0x7A, 0xAC,
445 0x83, 0x8D, 0x00, 0x03, 0x22, 0x30, 0xF5, 0x3C,
446 0xE1, 0xF5, 0x70, 0x0C, 0x0F, 0xFB, 0x4D, 0x3B,
447 0x84, 0x21, 0x55, 0x76, 0x59, 0xEF, 0x55, 0xC1,
448 0x06, 0xB4, 0xB5, 0x2A, 0xC5, 0xA4, 0xAA, 0xA6 },
449 }, {
450 .plaintext = "abcdefghijklmnopqrstuvwxyz",
451 .psize = 26,
452 .digest = { 0xF1, 0xD7, 0x54, 0x66, 0x26, 0x36, 0xFF, 0xE9,
453 0x2C, 0x82, 0xEB, 0xB9, 0x21, 0x2A, 0x48, 0x4A,
454 0x8D, 0x38, 0x63, 0x1E, 0xAD, 0x42, 0x38, 0xF5,
455 0x44, 0x2E, 0xE1, 0x3B, 0x80, 0x54, 0xE4, 0x1B,
456 0x08, 0xBF, 0x2A, 0x92, 0x51, 0xC3, 0x0B, 0x6A,
457 0x0B, 0x8A, 0xAE, 0x86, 0x17, 0x7A, 0xB4, 0xA6 },
458 }, {
459 .plaintext = "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
460 "abcdefghijklmnopqrstuvwxyz0123456789",
461 .psize = 62,
462 .digest = { 0xDC, 0x37, 0xE0, 0x08, 0xCF, 0x9E, 0xE6, 0x9B,
463 0xF1, 0x1F, 0x00, 0xED, 0x9A, 0xBA, 0x26, 0x90,
464 0x1D, 0xD7, 0xC2, 0x8C, 0xDE, 0xC0, 0x66, 0xCC,
465 0x6A, 0xF4, 0x2E, 0x40, 0xF8, 0x2F, 0x3A, 0x1E,
466 0x08, 0xEB, 0xA2, 0x66, 0x29, 0x12, 0x9D, 0x8F,
467 0xB7, 0xCB, 0x57, 0x21, 0x1B, 0x92, 0x81, 0xA6 },
468 }, {
469 .plaintext = "1234567890123456789012345678901234567890"
470 "1234567890123456789012345678901234567890",
471 .psize = 80,
472 .digest = { 0x46, 0x6E, 0xF1, 0x8B, 0xAB, 0xB0, 0x15, 0x4D,
473 0x25, 0xB9, 0xD3, 0x8A, 0x64, 0x14, 0xF5, 0xC0,
474 0x87, 0x84, 0x37, 0x2B, 0xCC, 0xB2, 0x04, 0xD6,
475 0x54, 0x9C, 0x4A, 0xFA, 0xDB, 0x60, 0x14, 0x29,
476 0x4D, 0x5B, 0xD8, 0xDF, 0x2A, 0x6C, 0x44, 0xE5,
477 0x38, 0xCD, 0x04, 0x7B, 0x26, 0x81, 0xA5, 0x1A },
478 }, {
479 .plaintext = "abcdbcdecdefdefgefghfghighijhijk",
480 .psize = 32,
481 .digest = { 0x2A, 0x98, 0x7E, 0xA4, 0x0F, 0x91, 0x70, 0x61,
482 0xF5, 0xD6, 0xF0, 0xA0, 0xE4, 0x64, 0x4F, 0x48,
483 0x8A, 0x7A, 0x5A, 0x52, 0xDE, 0xEE, 0x65, 0x62,
484 0x07, 0xC5, 0x62, 0xF9, 0x88, 0xE9, 0x5C, 0x69,
485 0x16, 0xBD, 0xC8, 0x03, 0x1B, 0xC5, 0xBE, 0x1B,
486 0x7B, 0x94, 0x76, 0x39, 0xFE, 0x05, 0x0B, 0x56 },
487 },
488};
489
490#define WP256_TEST_VECTORS 8
491
492static struct hash_testvec wp256_tv_template[] = {
493 {
494 .plaintext = "",
495 .psize = 0,
496 .digest = { 0x19, 0xFA, 0x61, 0xD7, 0x55, 0x22, 0xA4, 0x66,
497 0x9B, 0x44, 0xE3, 0x9C, 0x1D, 0x2E, 0x17, 0x26,
498 0xC5, 0x30, 0x23, 0x21, 0x30, 0xD4, 0x07, 0xF8,
499 0x9A, 0xFE, 0xE0, 0x96, 0x49, 0x97, 0xF7, 0xA7 },
500
501
502 }, {
503 .plaintext = "a",
504 .psize = 1,
505 .digest = { 0x8A, 0xCA, 0x26, 0x02, 0x79, 0x2A, 0xEC, 0x6F,
506 0x11, 0xA6, 0x72, 0x06, 0x53, 0x1F, 0xB7, 0xD7,
507 0xF0, 0xDF, 0xF5, 0x94, 0x13, 0x14, 0x5E, 0x69,
508 0x73, 0xC4, 0x50, 0x01, 0xD0, 0x08, 0x7B, 0x42 },
509 }, {
510 .plaintext = "abc",
511 .psize = 3,
512 .digest = { 0x4E, 0x24, 0x48, 0xA4, 0xC6, 0xF4, 0x86, 0xBB,
513 0x16, 0xB6, 0x56, 0x2C, 0x73, 0xB4, 0x02, 0x0B,
514 0xF3, 0x04, 0x3E, 0x3A, 0x73, 0x1B, 0xCE, 0x72,
515 0x1A, 0xE1, 0xB3, 0x03, 0xD9, 0x7E, 0x6D, 0x4C },
516 }, {
517 .plaintext = "message digest",
518 .psize = 14,
519 .digest = { 0x37, 0x8C, 0x84, 0xA4, 0x12, 0x6E, 0x2D, 0xC6,
520 0xE5, 0x6D, 0xCC, 0x74, 0x58, 0x37, 0x7A, 0xAC,
521 0x83, 0x8D, 0x00, 0x03, 0x22, 0x30, 0xF5, 0x3C,
522 0xE1, 0xF5, 0x70, 0x0C, 0x0F, 0xFB, 0x4D, 0x3B },
523 }, {
524 .plaintext = "abcdefghijklmnopqrstuvwxyz",
525 .psize = 26,
526 .digest = { 0xF1, 0xD7, 0x54, 0x66, 0x26, 0x36, 0xFF, 0xE9,
527 0x2C, 0x82, 0xEB, 0xB9, 0x21, 0x2A, 0x48, 0x4A,
528 0x8D, 0x38, 0x63, 0x1E, 0xAD, 0x42, 0x38, 0xF5,
529 0x44, 0x2E, 0xE1, 0x3B, 0x80, 0x54, 0xE4, 0x1B },
530 }, {
531 .plaintext = "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
532 "abcdefghijklmnopqrstuvwxyz0123456789",
533 .psize = 62,
534 .digest = { 0xDC, 0x37, 0xE0, 0x08, 0xCF, 0x9E, 0xE6, 0x9B,
535 0xF1, 0x1F, 0x00, 0xED, 0x9A, 0xBA, 0x26, 0x90,
536 0x1D, 0xD7, 0xC2, 0x8C, 0xDE, 0xC0, 0x66, 0xCC,
537 0x6A, 0xF4, 0x2E, 0x40, 0xF8, 0x2F, 0x3A, 0x1E },
538 }, {
539 .plaintext = "1234567890123456789012345678901234567890"
540 "1234567890123456789012345678901234567890",
541 .psize = 80,
542 .digest = { 0x46, 0x6E, 0xF1, 0x8B, 0xAB, 0xB0, 0x15, 0x4D,
543 0x25, 0xB9, 0xD3, 0x8A, 0x64, 0x14, 0xF5, 0xC0,
544 0x87, 0x84, 0x37, 0x2B, 0xCC, 0xB2, 0x04, 0xD6,
545 0x54, 0x9C, 0x4A, 0xFA, 0xDB, 0x60, 0x14, 0x29 },
546 }, {
547 .plaintext = "abcdbcdecdefdefgefghfghighijhijk",
548 .psize = 32,
549 .digest = { 0x2A, 0x98, 0x7E, 0xA4, 0x0F, 0x91, 0x70, 0x61,
550 0xF5, 0xD6, 0xF0, 0xA0, 0xE4, 0x64, 0x4F, 0x48,
551 0x8A, 0x7A, 0x5A, 0x52, 0xDE, 0xEE, 0x65, 0x62,
552 0x07, 0xC5, 0x62, 0xF9, 0x88, 0xE9, 0x5C, 0x69 },
553 },
554};
555
556/*
557 * TIGER test vectors from Tiger website
558 */
559#define TGR192_TEST_VECTORS 6
560
561static struct hash_testvec tgr192_tv_template[] = {
562 {
563 .plaintext = "",
564 .psize = 0,
565 .digest = { 0x24, 0xf0, 0x13, 0x0c, 0x63, 0xac, 0x93, 0x32,
566 0x16, 0x16, 0x6e, 0x76, 0xb1, 0xbb, 0x92, 0x5f,
567 0xf3, 0x73, 0xde, 0x2d, 0x49, 0x58, 0x4e, 0x7a },
568 }, {
569 .plaintext = "abc",
570 .psize = 3,
571 .digest = { 0xf2, 0x58, 0xc1, 0xe8, 0x84, 0x14, 0xab, 0x2a,
572 0x52, 0x7a, 0xb5, 0x41, 0xff, 0xc5, 0xb8, 0xbf,
573 0x93, 0x5f, 0x7b, 0x95, 0x1c, 0x13, 0x29, 0x51 },
574 }, {
575 .plaintext = "Tiger",
576 .psize = 5,
577 .digest = { 0x9f, 0x00, 0xf5, 0x99, 0x07, 0x23, 0x00, 0xdd,
578 0x27, 0x6a, 0xbb, 0x38, 0xc8, 0xeb, 0x6d, 0xec,
579 0x37, 0x79, 0x0c, 0x11, 0x6f, 0x9d, 0x2b, 0xdf },
580 }, {
581 .plaintext = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+-",
582 .psize = 64,
583 .digest = { 0x87, 0xfb, 0x2a, 0x90, 0x83, 0x85, 0x1c, 0xf7,
584 0x47, 0x0d, 0x2c, 0xf8, 0x10, 0xe6, 0xdf, 0x9e,
585 0xb5, 0x86, 0x44, 0x50, 0x34, 0xa5, 0xa3, 0x86 },
586 }, {
587 .plaintext = "ABCDEFGHIJKLMNOPQRSTUVWXYZ=abcdefghijklmnopqrstuvwxyz+0123456789",
588 .psize = 64,
589 .digest = { 0x46, 0x7d, 0xb8, 0x08, 0x63, 0xeb, 0xce, 0x48,
590 0x8d, 0xf1, 0xcd, 0x12, 0x61, 0x65, 0x5d, 0xe9,
591 0x57, 0x89, 0x65, 0x65, 0x97, 0x5f, 0x91, 0x97 },
592 }, {
593 .plaintext = "Tiger - A Fast New Hash Function, "
594 "by Ross Anderson and Eli Biham, "
595 "proceedings of Fast Software Encryption 3, "
596 "Cambridge, 1996.",
597 .psize = 125,
598 .digest = { 0x3d, 0x9a, 0xeb, 0x03, 0xd1, 0xbd, 0x1a, 0x63,
599 0x57, 0xb2, 0x77, 0x4d, 0xfd, 0x6d, 0x5b, 0x24,
600 0xdd, 0x68, 0x15, 0x1d, 0x50, 0x39, 0x74, 0xfc },
601 },
602};
603
604#define TGR160_TEST_VECTORS 6
605
606static struct hash_testvec tgr160_tv_template[] = {
607 {
608 .plaintext = "",
609 .psize = 0,
610 .digest = { 0x24, 0xf0, 0x13, 0x0c, 0x63, 0xac, 0x93, 0x32,
611 0x16, 0x16, 0x6e, 0x76, 0xb1, 0xbb, 0x92, 0x5f,
612 0xf3, 0x73, 0xde, 0x2d },
613 }, {
614 .plaintext = "abc",
615 .psize = 3,
616 .digest = { 0xf2, 0x58, 0xc1, 0xe8, 0x84, 0x14, 0xab, 0x2a,
617 0x52, 0x7a, 0xb5, 0x41, 0xff, 0xc5, 0xb8, 0xbf,
618 0x93, 0x5f, 0x7b, 0x95 },
619 }, {
620 .plaintext = "Tiger",
621 .psize = 5,
622 .digest = { 0x9f, 0x00, 0xf5, 0x99, 0x07, 0x23, 0x00, 0xdd,
623 0x27, 0x6a, 0xbb, 0x38, 0xc8, 0xeb, 0x6d, 0xec,
624 0x37, 0x79, 0x0c, 0x11 },
625 }, {
626 .plaintext = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+-",
627 .psize = 64,
628 .digest = { 0x87, 0xfb, 0x2a, 0x90, 0x83, 0x85, 0x1c, 0xf7,
629 0x47, 0x0d, 0x2c, 0xf8, 0x10, 0xe6, 0xdf, 0x9e,
630 0xb5, 0x86, 0x44, 0x50 },
631 }, {
632 .plaintext = "ABCDEFGHIJKLMNOPQRSTUVWXYZ=abcdefghijklmnopqrstuvwxyz+0123456789",
633 .psize = 64,
634 .digest = { 0x46, 0x7d, 0xb8, 0x08, 0x63, 0xeb, 0xce, 0x48,
635 0x8d, 0xf1, 0xcd, 0x12, 0x61, 0x65, 0x5d, 0xe9,
636 0x57, 0x89, 0x65, 0x65 },
637 }, {
638 .plaintext = "Tiger - A Fast New Hash Function, "
639 "by Ross Anderson and Eli Biham, "
640 "proceedings of Fast Software Encryption 3, "
641 "Cambridge, 1996.",
642 .psize = 125,
643 .digest = { 0x3d, 0x9a, 0xeb, 0x03, 0xd1, 0xbd, 0x1a, 0x63,
644 0x57, 0xb2, 0x77, 0x4d, 0xfd, 0x6d, 0x5b, 0x24,
645 0xdd, 0x68, 0x15, 0x1d },
646 },
647};
648
649#define TGR128_TEST_VECTORS 6
650
651static struct hash_testvec tgr128_tv_template[] = {
652 {
653 .plaintext = "",
654 .psize = 0,
655 .digest = { 0x24, 0xf0, 0x13, 0x0c, 0x63, 0xac, 0x93, 0x32,
656 0x16, 0x16, 0x6e, 0x76, 0xb1, 0xbb, 0x92, 0x5f },
657 }, {
658 .plaintext = "abc",
659 .psize = 3,
660 .digest = { 0xf2, 0x58, 0xc1, 0xe8, 0x84, 0x14, 0xab, 0x2a,
661 0x52, 0x7a, 0xb5, 0x41, 0xff, 0xc5, 0xb8, 0xbf },
662 }, {
663 .plaintext = "Tiger",
664 .psize = 5,
665 .digest = { 0x9f, 0x00, 0xf5, 0x99, 0x07, 0x23, 0x00, 0xdd,
666 0x27, 0x6a, 0xbb, 0x38, 0xc8, 0xeb, 0x6d, 0xec },
667 }, {
668 .plaintext = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+-",
669 .psize = 64,
670 .digest = { 0x87, 0xfb, 0x2a, 0x90, 0x83, 0x85, 0x1c, 0xf7,
671 0x47, 0x0d, 0x2c, 0xf8, 0x10, 0xe6, 0xdf, 0x9e },
672 }, {
673 .plaintext = "ABCDEFGHIJKLMNOPQRSTUVWXYZ=abcdefghijklmnopqrstuvwxyz+0123456789",
674 .psize = 64,
675 .digest = { 0x46, 0x7d, 0xb8, 0x08, 0x63, 0xeb, 0xce, 0x48,
676 0x8d, 0xf1, 0xcd, 0x12, 0x61, 0x65, 0x5d, 0xe9 },
677 }, {
678 .plaintext = "Tiger - A Fast New Hash Function, "
679 "by Ross Anderson and Eli Biham, "
680 "proceedings of Fast Software Encryption 3, "
681 "Cambridge, 1996.",
682 .psize = 125,
683 .digest = { 0x3d, 0x9a, 0xeb, 0x03, 0xd1, 0xbd, 0x1a, 0x63,
684 0x57, 0xb2, 0x77, 0x4d, 0xfd, 0x6d, 0x5b, 0x24 },
685 },
686};
687
688#ifdef CONFIG_CRYPTO_HMAC
689/*
690 * HMAC-MD5 test vectors from RFC2202
691 * (These need to be fixed to not use strlen).
692 */
693#define HMAC_MD5_TEST_VECTORS 7
694
695static struct hmac_testvec hmac_md5_tv_template[] =
696{
697 {
698 .key = { [0 ... 15] = 0x0b },
699 .ksize = 16,
700 .plaintext = "Hi There",
701 .psize = 8,
702 .digest = { 0x92, 0x94, 0x72, 0x7a, 0x36, 0x38, 0xbb, 0x1c,
703 0x13, 0xf4, 0x8e, 0xf8, 0x15, 0x8b, 0xfc, 0x9d },
704 }, {
705 .key = { 'J', 'e', 'f', 'e' },
706 .ksize = 4,
707 .plaintext = "what do ya want for nothing?",
708 .psize = 28,
709 .digest = { 0x75, 0x0c, 0x78, 0x3e, 0x6a, 0xb0, 0xb5, 0x03,
710 0xea, 0xa8, 0x6e, 0x31, 0x0a, 0x5d, 0xb7, 0x38 },
711 .np = 2,
712 .tap = {14, 14}
713 }, {
714 .key = { [0 ... 15] = 0xaa },
715 .ksize = 16,
716 .plaintext = { [0 ... 49] = 0xdd },
717 .psize = 50,
718 .digest = { 0x56, 0xbe, 0x34, 0x52, 0x1d, 0x14, 0x4c, 0x88,
719 0xdb, 0xb8, 0xc7, 0x33, 0xf0, 0xe8, 0xb3, 0xf6 },
720 }, {
721 .key = { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
722 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10,
723 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, },
724 .ksize = 25,
725 .plaintext = { [0 ... 49] = 0xcd },
726 .psize = 50,
727 .digest = { 0x69, 0x7e, 0xaf, 0x0a, 0xca, 0x3a, 0x3a, 0xea,
728 0x3a, 0x75, 0x16, 0x47, 0x46, 0xff, 0xaa, 0x79 },
729 }, {
730 .key = { [0 ... 15] = 0x0c },
731 .ksize = 16,
732 .plaintext = "Test With Truncation",
733 .psize = 20,
734 .digest = { 0x56, 0x46, 0x1e, 0xf2, 0x34, 0x2e, 0xdc, 0x00,
735 0xf9, 0xba, 0xb9, 0x95, 0x69, 0x0e, 0xfd, 0x4c },
736 }, {
737 .key = { [0 ... 79] = 0xaa },
738 .ksize = 80,
739 .plaintext = "Test Using Larger Than Block-Size Key - Hash Key First",
740 .psize = 54,
741 .digest = { 0x6b, 0x1a, 0xb7, 0xfe, 0x4b, 0xd7, 0xbf, 0x8f,
742 0x0b, 0x62, 0xe6, 0xce, 0x61, 0xb9, 0xd0, 0xcd },
743 }, {
744 .key = { [0 ... 79] = 0xaa },
745 .ksize = 80,
746 .plaintext = "Test Using Larger Than Block-Size Key and Larger Than One "
747 "Block-Size Data",
748 .psize = 73,
749 .digest = { 0x6f, 0x63, 0x0f, 0xad, 0x67, 0xcd, 0xa0, 0xee,
750 0x1f, 0xb1, 0xf5, 0x62, 0xdb, 0x3a, 0xa5, 0x3e },
751 },
752};
753
754/*
755 * HMAC-SHA1 test vectors from RFC2202
756 */
757#define HMAC_SHA1_TEST_VECTORS 7
758
759static struct hmac_testvec hmac_sha1_tv_template[] = {
760 {
761 .key = { [0 ... 19] = 0x0b },
762 .ksize = 20,
763 .plaintext = "Hi There",
764 .psize = 8,
765 .digest = { 0xb6, 0x17, 0x31, 0x86, 0x55, 0x05, 0x72, 0x64,
766 0xe2, 0x8b, 0xc0, 0xb6, 0xfb, 0x37, 0x8c, 0x8e, 0xf1,
767 0x46, 0xbe },
768 }, {
769 .key = { 'J', 'e', 'f', 'e' },
770 .ksize = 4,
771 .plaintext = "what do ya want for nothing?",
772 .psize = 28,
773 .digest = { 0xef, 0xfc, 0xdf, 0x6a, 0xe5, 0xeb, 0x2f, 0xa2, 0xd2, 0x74,
774 0x16, 0xd5, 0xf1, 0x84, 0xdf, 0x9c, 0x25, 0x9a, 0x7c, 0x79 },
775 .np = 2,
776 .tap = { 14, 14 }
777 }, {
778 .key = { [0 ... 19] = 0xaa },
779 .ksize = 20,
780 .plaintext = { [0 ... 49] = 0xdd },
781 .psize = 50,
782 .digest = { 0x12, 0x5d, 0x73, 0x42, 0xb9, 0xac, 0x11, 0xcd, 0x91, 0xa3,
783 0x9a, 0xf4, 0x8a, 0xa1, 0x7b, 0x4f, 0x63, 0xf1, 0x75, 0xd3 },
784 }, {
785 .key = { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
786 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10,
787 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19 },
788 .ksize = 25,
789 .plaintext = { [0 ... 49] = 0xcd },
790 .psize = 50,
791 .digest = { 0x4c, 0x90, 0x07, 0xf4, 0x02, 0x62, 0x50, 0xc6, 0xbc, 0x84,
792 0x14, 0xf9, 0xbf, 0x50, 0xc8, 0x6c, 0x2d, 0x72, 0x35, 0xda },
793 }, {
794 .key = { [0 ... 19] = 0x0c },
795 .ksize = 20,
796 .plaintext = "Test With Truncation",
797 .psize = 20,
798 .digest = { 0x4c, 0x1a, 0x03, 0x42, 0x4b, 0x55, 0xe0, 0x7f, 0xe7, 0xf2,
799 0x7b, 0xe1, 0xd5, 0x8b, 0xb9, 0x32, 0x4a, 0x9a, 0x5a, 0x04 },
800 }, {
801 .key = { [0 ... 79] = 0xaa },
802 .ksize = 80,
803 .plaintext = "Test Using Larger Than Block-Size Key - Hash Key First",
804 .psize = 54,
805 .digest = { 0xaa, 0x4a, 0xe5, 0xe1, 0x52, 0x72, 0xd0, 0x0e, 0x95, 0x70,
806 0x56, 0x37, 0xce, 0x8a, 0x3b, 0x55, 0xed, 0x40, 0x21, 0x12 },
807 }, {
808 .key = { [0 ... 79] = 0xaa },
809 .ksize = 80,
810 .plaintext = "Test Using Larger Than Block-Size Key and Larger Than One "
811 "Block-Size Data",
812 .psize = 73,
813 .digest = { 0xe8, 0xe9, 0x9d, 0x0f, 0x45, 0x23, 0x7d, 0x78, 0x6d, 0x6b,
814 0xba, 0xa7, 0x96, 0x5c, 0x78, 0x08, 0xbb, 0xff, 0x1a, 0x91 },
815 },
816};
817
818/*
819 * HMAC-SHA256 test vectors from
820 * draft-ietf-ipsec-ciph-sha-256-01.txt
821 */
822#define HMAC_SHA256_TEST_VECTORS 10
823
824static struct hmac_testvec hmac_sha256_tv_template[] = {
825 {
826 .key = { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
827 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10,
828 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18,
829 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20},
830 .ksize = 32,
831 .plaintext = "abc",
832 .psize = 3,
833 .digest = { 0xa2, 0x1b, 0x1f, 0x5d, 0x4c, 0xf4, 0xf7, 0x3a,
834 0x4d, 0xd9, 0x39, 0x75, 0x0f, 0x7a, 0x06, 0x6a,
835 0x7f, 0x98, 0xcc, 0x13, 0x1c, 0xb1, 0x6a, 0x66,
836 0x92, 0x75, 0x90, 0x21, 0xcf, 0xab, 0x81, 0x81 },
837 }, {
838 .key = { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
839 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10,
840 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18,
841 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20 },
842 .ksize = 32,
843 .plaintext = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq",
844 .psize = 56,
845 .digest = { 0x10, 0x4f, 0xdc, 0x12, 0x57, 0x32, 0x8f, 0x08,
846 0x18, 0x4b, 0xa7, 0x31, 0x31, 0xc5, 0x3c, 0xae,
847 0xe6, 0x98, 0xe3, 0x61, 0x19, 0x42, 0x11, 0x49,
848 0xea, 0x8c, 0x71, 0x24, 0x56, 0x69, 0x7d, 0x30 },
849 }, {
850 .key = { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
851 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10,
852 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18,
853 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20 },
854 .ksize = 32,
855 .plaintext = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"
856 "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq",
857 .psize = 112,
858 .digest = { 0x47, 0x03, 0x05, 0xfc, 0x7e, 0x40, 0xfe, 0x34,
859 0xd3, 0xee, 0xb3, 0xe7, 0x73, 0xd9, 0x5a, 0xab,
860 0x73, 0xac, 0xf0, 0xfd, 0x06, 0x04, 0x47, 0xa5,
861 0xeb, 0x45, 0x95, 0xbf, 0x33, 0xa9, 0xd1, 0xa3 },
862 }, {
863 .key = { [0 ... 31] = 0x0b },
864 .ksize = 32,
865 .plaintext = "Hi There",
866 .psize = 8,
867 .digest = { 0x19, 0x8a, 0x60, 0x7e, 0xb4, 0x4b, 0xfb, 0xc6,
868 0x99, 0x03, 0xa0, 0xf1, 0xcf, 0x2b, 0xbd, 0xc5,
869 0xba, 0x0a, 0xa3, 0xf3, 0xd9, 0xae, 0x3c, 0x1c,
870 0x7a, 0x3b, 0x16, 0x96, 0xa0, 0xb6, 0x8c, 0xf7 },
871 }, {
872 .key = "Jefe",
873 .ksize = 4,
874 .plaintext = "what do ya want for nothing?",
875 .psize = 28,
876 .digest = { 0x5b, 0xdc, 0xc1, 0x46, 0xbf, 0x60, 0x75, 0x4e,
877 0x6a, 0x04, 0x24, 0x26, 0x08, 0x95, 0x75, 0xc7,
878 0x5a, 0x00, 0x3f, 0x08, 0x9d, 0x27, 0x39, 0x83,
879 0x9d, 0xec, 0x58, 0xb9, 0x64, 0xec, 0x38, 0x43 },
880 .np = 2,
881 .tap = { 14, 14 }
882 }, {
883 .key = { [0 ... 31] = 0xaa },
884 .ksize = 32,
885 .plaintext = { [0 ... 49] = 0xdd },
886 .psize = 50,
887 .digest = { 0xcd, 0xcb, 0x12, 0x20, 0xd1, 0xec, 0xcc, 0xea,
888 0x91, 0xe5, 0x3a, 0xba, 0x30, 0x92, 0xf9, 0x62,
889 0xe5, 0x49, 0xfe, 0x6c, 0xe9, 0xed, 0x7f, 0xdc,
890 0x43, 0x19, 0x1f, 0xbd, 0xe4, 0x5c, 0x30, 0xb0 },
891 }, {
892 .key = { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
893 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10,
894 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18,
895 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20,
896 0x21, 0x22, 0x23, 0x24, 0x25 },
897 .ksize = 37,
898 .plaintext = { [0 ... 49] = 0xcd },
899 .psize = 50,
900 .digest = { 0xd4, 0x63, 0x3c, 0x17, 0xf6, 0xfb, 0x8d, 0x74,
901 0x4c, 0x66, 0xde, 0xe0, 0xf8, 0xf0, 0x74, 0x55,
902 0x6e, 0xc4, 0xaf, 0x55, 0xef, 0x07, 0x99, 0x85,
903 0x41, 0x46, 0x8e, 0xb4, 0x9b, 0xd2, 0xe9, 0x17 },
904 }, {
905 .key = { [0 ... 31] = 0x0c },
906 .ksize = 32,
907 .plaintext = "Test With Truncation",
908 .psize = 20,
909 .digest = { 0x75, 0x46, 0xaf, 0x01, 0x84, 0x1f, 0xc0, 0x9b,
910 0x1a, 0xb9, 0xc3, 0x74, 0x9a, 0x5f, 0x1c, 0x17,
911 0xd4, 0xf5, 0x89, 0x66, 0x8a, 0x58, 0x7b, 0x27,
912 0x00, 0xa9, 0xc9, 0x7c, 0x11, 0x93, 0xcf, 0x42 },
913 }, {
914 .key = { [0 ... 79] = 0xaa },
915 .ksize = 80,
916 .plaintext = "Test Using Larger Than Block-Size Key - Hash Key First",
917 .psize = 54,
918 .digest = { 0x69, 0x53, 0x02, 0x5e, 0xd9, 0x6f, 0x0c, 0x09,
919 0xf8, 0x0a, 0x96, 0xf7, 0x8e, 0x65, 0x38, 0xdb,
920 0xe2, 0xe7, 0xb8, 0x20, 0xe3, 0xdd, 0x97, 0x0e,
921 0x7d, 0xdd, 0x39, 0x09, 0x1b, 0x32, 0x35, 0x2f },
922 }, {
923 .key = { [0 ... 79] = 0xaa },
924 .ksize = 80,
925 .plaintext = "Test Using Larger Than Block-Size Key and Larger Than "
926 "One Block-Size Data",
927 .psize = 73,
928 .digest = { 0x63, 0x55, 0xac, 0x22, 0xe8, 0x90, 0xd0, 0xa3,
929 0xc8, 0x48, 0x1a, 0x5c, 0xa4, 0x82, 0x5b, 0xc8,
930 0x84, 0xd3, 0xe7, 0xa1, 0xff, 0x98, 0xa2, 0xfc,
931 0x2a, 0xc7, 0xd8, 0xe0, 0x64, 0xc3, 0xb2, 0xe6 },
932 },
933};
934
935#endif /* CONFIG_CRYPTO_HMAC */
936
937/*
938 * DES test vectors.
939 */
940#define DES_ENC_TEST_VECTORS 10
941#define DES_DEC_TEST_VECTORS 4
942#define DES_CBC_ENC_TEST_VECTORS 5
943#define DES_CBC_DEC_TEST_VECTORS 4
944#define DES3_EDE_ENC_TEST_VECTORS 3
945#define DES3_EDE_DEC_TEST_VECTORS 3
946
947static struct cipher_testvec des_enc_tv_template[] = {
948 { /* From Applied Cryptography */
949 .key = { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef },
950 .klen = 8,
951 .input = { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xe7 },
952 .ilen = 8,
953 .result = { 0xc9, 0x57, 0x44, 0x25, 0x6a, 0x5e, 0xd3, 0x1d },
954 .rlen = 8,
955 }, { /* Same key, different plaintext block */
956 .key = { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef },
957 .klen = 8,
958 .input = { 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99 },
959 .ilen = 8,
960 .result = { 0xf7, 0x9c, 0x89, 0x2a, 0x33, 0x8f, 0x4a, 0x8b },
961 .rlen = 8,
962 }, { /* Sbox test from NBS */
963 .key = { 0x7c, 0xa1, 0x10, 0x45, 0x4a, 0x1a, 0x6e, 0x57 },
964 .klen = 8,
965 .input = { 0x01, 0xa1, 0xd6, 0xd0, 0x39, 0x77, 0x67, 0x42 },
966 .ilen = 8,
967 .result = { 0x69, 0x0f, 0x5b, 0x0d, 0x9a, 0x26, 0x93, 0x9b },
968 .rlen = 8,
969 }, { /* Three blocks */
970 .key = { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef },
971 .klen = 8,
972 .input = { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xe7,
973 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99,
974 0xca, 0xfe, 0xba, 0xbe, 0xfe, 0xed, 0xbe, 0xef },
975 .ilen = 24,
976 .result = { 0xc9, 0x57, 0x44, 0x25, 0x6a, 0x5e, 0xd3, 0x1d,
977 0xf7, 0x9c, 0x89, 0x2a, 0x33, 0x8f, 0x4a, 0x8b,
978 0xb4, 0x99, 0x26, 0xf7, 0x1f, 0xe1, 0xd4, 0x90 },
979 .rlen = 24,
980 }, { /* Weak key */
981 .fail = 1,
982 .wk = 1,
983 .key = { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 },
984 .klen = 8,
985 .input = { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xe7 },
986 .ilen = 8,
987 .result = { 0xc9, 0x57, 0x44, 0x25, 0x6a, 0x5e, 0xd3, 0x1d },
988 .rlen = 8,
989 }, { /* Two blocks -- for testing encryption across pages */
990 .key = { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef },
991 .klen = 8,
992 .input = { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xe7,
993 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99 },
994 .ilen = 16,
995 .result = { 0xc9, 0x57, 0x44, 0x25, 0x6a, 0x5e, 0xd3, 0x1d,
996 0xf7, 0x9c, 0x89, 0x2a, 0x33, 0x8f, 0x4a, 0x8b },
997 .rlen = 16,
998 .np = 2,
999 .tap = { 8, 8 }
1000 }, { /* Four blocks -- for testing encryption with chunking */
1001 .key = { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef },
1002 .klen = 8,
1003 .input = { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xe7,
1004 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99,
1005 0xca, 0xfe, 0xba, 0xbe, 0xfe, 0xed, 0xbe, 0xef,
1006 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99 },
1007 .ilen = 32,
1008 .result = { 0xc9, 0x57, 0x44, 0x25, 0x6a, 0x5e, 0xd3, 0x1d,
1009 0xf7, 0x9c, 0x89, 0x2a, 0x33, 0x8f, 0x4a, 0x8b,
1010 0xb4, 0x99, 0x26, 0xf7, 0x1f, 0xe1, 0xd4, 0x90,
1011 0xf7, 0x9c, 0x89, 0x2a, 0x33, 0x8f, 0x4a, 0x8b },
1012 .rlen = 32,
1013 .np = 3,
1014 .tap = { 14, 10, 8 }
1015 }, {
1016 .key = { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef },
1017 .klen = 8,
1018 .input = { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xe7,
1019 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99,
1020 0xca, 0xfe, 0xba, 0xbe, 0xfe, 0xed, 0xbe, 0xef },
1021 .ilen = 24,
1022 .result = { 0xc9, 0x57, 0x44, 0x25, 0x6a, 0x5e, 0xd3, 0x1d,
1023 0xf7, 0x9c, 0x89, 0x2a, 0x33, 0x8f, 0x4a, 0x8b,
1024 0xb4, 0x99, 0x26, 0xf7, 0x1f, 0xe1, 0xd4, 0x90 },
1025 .rlen = 24,
1026 .np = 4,
1027 .tap = { 2, 1, 3, 18 }
1028 }, {
1029 .key = { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef },
1030 .klen = 8,
1031 .input = { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xe7,
1032 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99 },
1033 .ilen = 16,
1034 .result = { 0xc9, 0x57, 0x44, 0x25, 0x6a, 0x5e, 0xd3, 0x1d,
1035 0xf7, 0x9c, 0x89, 0x2a, 0x33, 0x8f, 0x4a, 0x8b },
1036 .rlen = 16,
1037 .np = 5,
1038 .tap = { 2, 2, 2, 2, 8 }
1039 }, {
1040 .key = { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef },
1041 .klen = 8,
1042 .input = { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xe7 },
1043 .ilen = 8,
1044 .result = { 0xc9, 0x57, 0x44, 0x25, 0x6a, 0x5e, 0xd3, 0x1d },
1045 .rlen = 8,
1046 .np = 8,
1047 .tap = { 1, 1, 1, 1, 1, 1, 1, 1 }
1048 },
1049};
1050
1051static struct cipher_testvec des_dec_tv_template[] = {
1052 { /* From Applied Cryptography */
1053 .key = { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef },
1054 .klen = 8,
1055 .input = { 0xc9, 0x57, 0x44, 0x25, 0x6a, 0x5e, 0xd3, 0x1d },
1056 .ilen = 8,
1057 .result = { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xe7 },
1058 .rlen = 8,
1059 }, { /* Sbox test from NBS */
1060 .key = { 0x7c, 0xa1, 0x10, 0x45, 0x4a, 0x1a, 0x6e, 0x57 },
1061 .klen = 8,
1062 .input = { 0x69, 0x0f, 0x5b, 0x0d, 0x9a, 0x26, 0x93, 0x9b },
1063 .ilen = 8,
1064 .result = { 0x01, 0xa1, 0xd6, 0xd0, 0x39, 0x77, 0x67, 0x42 },
1065 .rlen = 8,
1066 }, { /* Two blocks, for chunking test */
1067 .key = { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef },
1068 .klen = 8,
1069 .input = { 0xc9, 0x57, 0x44, 0x25, 0x6a, 0x5e, 0xd3, 0x1d,
1070 0x69, 0x0f, 0x5b, 0x0d, 0x9a, 0x26, 0x93, 0x9b },
1071 .ilen = 16,
1072 .result = { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xe7,
1073 0xa3, 0x99, 0x7b, 0xca, 0xaf, 0x69, 0xa0, 0xf5 },
1074 .rlen = 16,
1075 .np = 2,
1076 .tap = { 8, 8 }
1077 }, {
1078 .key = { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef },
1079 .klen = 8,
1080 .input = { 0xc9, 0x57, 0x44, 0x25, 0x6a, 0x5e, 0xd3, 0x1d,
1081 0x69, 0x0f, 0x5b, 0x0d, 0x9a, 0x26, 0x93, 0x9b },
1082 .ilen = 16,
1083 .result = { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xe7,
1084 0xa3, 0x99, 0x7b, 0xca, 0xaf, 0x69, 0xa0, 0xf5 },
1085 .rlen = 16,
1086 .np = 3,
1087 .tap = { 3, 12, 1 }
1088 },
1089};
1090
1091static struct cipher_testvec des_cbc_enc_tv_template[] = {
1092 { /* From OpenSSL */
1093 .key = { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef},
1094 .klen = 8,
1095 .iv = { 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10},
1096 .input = { 0x37, 0x36, 0x35, 0x34, 0x33, 0x32, 0x31, 0x20,
1097 0x4e, 0x6f, 0x77, 0x20, 0x69, 0x73, 0x20, 0x74,
1098 0x68, 0x65, 0x20, 0x74, 0x69, 0x6d, 0x65, 0x20 },
1099 .ilen = 24,
1100 .result = { 0xcc, 0xd1, 0x73, 0xff, 0xab, 0x20, 0x39, 0xf4,
1101 0xac, 0xd8, 0xae, 0xfd, 0xdf, 0xd8, 0xa1, 0xeb,
1102 0x46, 0x8e, 0x91, 0x15, 0x78, 0x88, 0xba, 0x68 },
1103 .rlen = 24,
1104 }, { /* FIPS Pub 81 */
1105 .key = { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef },
1106 .klen = 8,
1107 .iv = { 0x12, 0x34, 0x56, 0x78, 0x90, 0xab, 0xcd, 0xef },
1108 .input = { 0x4e, 0x6f, 0x77, 0x20, 0x69, 0x73, 0x20, 0x74 },
1109 .ilen = 8,
1110 .result = { 0xe5, 0xc7, 0xcd, 0xde, 0x87, 0x2b, 0xf2, 0x7c },
1111 .rlen = 8,
1112 }, {
1113 .key = { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef },
1114 .klen = 8,
1115 .iv = { 0xe5, 0xc7, 0xcd, 0xde, 0x87, 0x2b, 0xf2, 0x7c },
1116 .input = { 0x68, 0x65, 0x20, 0x74, 0x69, 0x6d, 0x65, 0x20 },
1117 .ilen = 8,
1118 .result = { 0x43, 0xe9, 0x34, 0x00, 0x8c, 0x38, 0x9c, 0x0f },
1119 .rlen = 8,
1120 }, {
1121 .key = { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef },
1122 .klen = 8,
1123 .iv = { 0x43, 0xe9, 0x34, 0x00, 0x8c, 0x38, 0x9c, 0x0f },
1124 .input = { 0x66, 0x6f, 0x72, 0x20, 0x61, 0x6c, 0x6c, 0x20 },
1125 .ilen = 8,
1126 .result = { 0x68, 0x37, 0x88, 0x49, 0x9a, 0x7c, 0x05, 0xf6 },
1127 .rlen = 8,
1128 }, { /* Copy of openssl vector for chunk testing */
1129 /* From OpenSSL */
1130 .key = { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef},
1131 .klen = 8,
1132 .iv = { 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10},
1133 .input = { 0x37, 0x36, 0x35, 0x34, 0x33, 0x32, 0x31, 0x20,
1134 0x4e, 0x6f, 0x77, 0x20, 0x69, 0x73, 0x20, 0x74,
1135 0x68, 0x65, 0x20, 0x74, 0x69, 0x6d, 0x65, 0x20 },
1136 .ilen = 24,
1137 .result = { 0xcc, 0xd1, 0x73, 0xff, 0xab, 0x20, 0x39, 0xf4,
1138 0xac, 0xd8, 0xae, 0xfd, 0xdf, 0xd8, 0xa1, 0xeb,
1139 0x46, 0x8e, 0x91, 0x15, 0x78, 0x88, 0xba, 0x68 },
1140 .rlen = 24,
1141 .np = 2,
1142 .tap = { 13, 11 }
1143 },
1144};
1145
1146static struct cipher_testvec des_cbc_dec_tv_template[] = {
1147 { /* FIPS Pub 81 */
1148 .key = { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef },
1149 .klen = 8,
1150 .iv = { 0x12, 0x34, 0x56, 0x78, 0x90, 0xab, 0xcd, 0xef },
1151 .input = { 0xe5, 0xc7, 0xcd, 0xde, 0x87, 0x2b, 0xf2, 0x7c },
1152 .ilen = 8,
1153 .result = { 0x4e, 0x6f, 0x77, 0x20, 0x69, 0x73, 0x20, 0x74 },
1154 .rlen = 8,
1155 }, {
1156 .key = { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef },
1157 .klen = 8,
1158 .iv = { 0xe5, 0xc7, 0xcd, 0xde, 0x87, 0x2b, 0xf2, 0x7c },
1159 .input = { 0x43, 0xe9, 0x34, 0x00, 0x8c, 0x38, 0x9c, 0x0f },
1160 .ilen = 8,
1161 .result = { 0x68, 0x65, 0x20, 0x74, 0x69, 0x6d, 0x65, 0x20 },
1162 .rlen = 8,
1163 }, {
1164 .key = { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef },
1165 .klen = 8,
1166 .iv = { 0x43, 0xe9, 0x34, 0x00, 0x8c, 0x38, 0x9c, 0x0f },
1167 .input = { 0x68, 0x37, 0x88, 0x49, 0x9a, 0x7c, 0x05, 0xf6 },
1168 .ilen = 8,
1169 .result = { 0x66, 0x6f, 0x72, 0x20, 0x61, 0x6c, 0x6c, 0x20 },
1170 .rlen = 8,
1171 }, { /* Copy of above, for chunk testing */
1172 .key = { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef },
1173 .klen = 8,
1174 .iv = { 0x43, 0xe9, 0x34, 0x00, 0x8c, 0x38, 0x9c, 0x0f },
1175 .input = { 0x68, 0x37, 0x88, 0x49, 0x9a, 0x7c, 0x05, 0xf6 },
1176 .ilen = 8,
1177 .result = { 0x66, 0x6f, 0x72, 0x20, 0x61, 0x6c, 0x6c, 0x20 },
1178 .rlen = 8,
1179 .np = 2,
1180 .tap = { 4, 4 }
1181 },
1182};
1183
1184/*
1185 * We really need some more test vectors, especially for DES3 CBC.
1186 */
1187static struct cipher_testvec des3_ede_enc_tv_template[] = {
1188 { /* These are from openssl */
1189 .key = { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
1190 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55,
1191 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10},
1192 .klen = 24,
1193 .input = { 0x73, 0x6f, 0x6d, 0x65, 0x64, 0x61, 0x74, 0x61 },
1194 .ilen = 8,
1195 .result = { 0x18, 0xd7, 0x48, 0xe5, 0x63, 0x62, 0x05, 0x72 },
1196 .rlen = 8,
1197 }, {
1198 .key = { 0x03, 0x52, 0x02, 0x07, 0x67, 0x20, 0x82, 0x17,
1199 0x86, 0x02, 0x87, 0x66, 0x59, 0x08, 0x21, 0x98,
1200 0x64, 0x05, 0x6a, 0xbd, 0xfe, 0xa9, 0x34, 0x57 },
1201 .klen = 24,
1202 .input = { 0x73, 0x71, 0x75, 0x69, 0x67, 0x67, 0x6c, 0x65 },
1203 .ilen = 8,
1204 .result = { 0xc0, 0x7d, 0x2a, 0x0f, 0xa5, 0x66, 0xfa, 0x30 },
1205 .rlen = 8,
1206 }, {
1207 .key = { 0x10, 0x46, 0x10, 0x34, 0x89, 0x98, 0x80, 0x20,
1208 0x91, 0x07, 0xd0, 0x15, 0x89, 0x19, 0x01, 0x01,
1209 0x19, 0x07, 0x92, 0x10, 0x98, 0x1a, 0x01, 0x01 },
1210 .klen = 24,
1211 .input = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
1212 .ilen = 8,
1213 .result = { 0xe1, 0xef, 0x62, 0xc3, 0x32, 0xfe, 0x82, 0x5b },
1214 .rlen = 8,
1215 },
1216};
1217
1218static struct cipher_testvec des3_ede_dec_tv_template[] = {
1219 { /* These are from openssl */
1220 .key = { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
1221 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55,
1222 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10},
1223 .klen = 24,
1224 .input = { 0x18, 0xd7, 0x48, 0xe5, 0x63, 0x62, 0x05, 0x72 },
1225 .ilen = 8,
1226 .result = { 0x73, 0x6f, 0x6d, 0x65, 0x64, 0x61, 0x74, 0x61 },
1227 .rlen = 8,
1228 }, {
1229 .key = { 0x03, 0x52, 0x02, 0x07, 0x67, 0x20, 0x82, 0x17,
1230 0x86, 0x02, 0x87, 0x66, 0x59, 0x08, 0x21, 0x98,
1231 0x64, 0x05, 0x6a, 0xbd, 0xfe, 0xa9, 0x34, 0x57 },
1232 .klen = 24,
1233 .input = { 0xc0, 0x7d, 0x2a, 0x0f, 0xa5, 0x66, 0xfa, 0x30 },
1234 .ilen = 8,
1235 .result = { 0x73, 0x71, 0x75, 0x69, 0x67, 0x67, 0x6c, 0x65 },
1236 .rlen = 8,
1237 }, {
1238 .key = { 0x10, 0x46, 0x10, 0x34, 0x89, 0x98, 0x80, 0x20,
1239 0x91, 0x07, 0xd0, 0x15, 0x89, 0x19, 0x01, 0x01,
1240 0x19, 0x07, 0x92, 0x10, 0x98, 0x1a, 0x01, 0x01 },
1241 .klen = 24,
1242 .input = { 0xe1, 0xef, 0x62, 0xc3, 0x32, 0xfe, 0x82, 0x5b },
1243 .ilen = 8,
1244 .result = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
1245 .rlen = 8,
1246 },
1247};
1248
1249/*
1250 * Blowfish test vectors.
1251 */
1252#define BF_ENC_TEST_VECTORS 6
1253#define BF_DEC_TEST_VECTORS 6
1254#define BF_CBC_ENC_TEST_VECTORS 1
1255#define BF_CBC_DEC_TEST_VECTORS 1
1256
1257static struct cipher_testvec bf_enc_tv_template[] = {
1258 { /* DES test vectors from OpenSSL */
1259 .key = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, },
1260 .klen = 8,
1261 .input = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
1262 .ilen = 8,
1263 .result = { 0x4e, 0xf9, 0x97, 0x45, 0x61, 0x98, 0xdd, 0x78 },
1264 .rlen = 8,
1265 }, {
1266 .key = { 0x1f, 0x1f, 0x1f, 0x1f, 0x0e, 0x0e, 0x0e, 0x0e },
1267 .klen = 8,
1268 .input = { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef },
1269 .ilen = 8,
1270 .result = { 0xa7, 0x90, 0x79, 0x51, 0x08, 0xea, 0x3c, 0xae },
1271 .rlen = 8,
1272 }, {
1273 .key = { 0xf0, 0xe1, 0xd2, 0xc3, 0xb4, 0xa5, 0x96, 0x87 },
1274 .klen = 8,
1275 .input = { 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10 },
1276 .ilen = 8,
1277 .result = { 0xe8, 0x7a, 0x24, 0x4e, 0x2c, 0xc8, 0x5e, 0x82 },
1278 .rlen = 8,
1279 }, { /* Vary the keylength... */
1280 .key = { 0xf0, 0xe1, 0xd2, 0xc3, 0xb4, 0xa5, 0x96, 0x87,
1281 0x78, 0x69, 0x5a, 0x4b, 0x3c, 0x2d, 0x1e, 0x0f },
1282 .klen = 16,
1283 .input = { 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10 },
1284 .ilen = 8,
1285 .result = { 0x93, 0x14, 0x28, 0x87, 0xee, 0x3b, 0xe1, 0x5c },
1286 .rlen = 8,
1287 }, {
1288 .key = { 0xf0, 0xe1, 0xd2, 0xc3, 0xb4, 0xa5, 0x96, 0x87,
1289 0x78, 0x69, 0x5a, 0x4b, 0x3c, 0x2d, 0x1e, 0x0f,
1290 0x00, 0x11, 0x22, 0x33, 0x44 },
1291 .klen = 21,
1292 .input = { 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10 },
1293 .ilen = 8,
1294 .result = { 0xe6, 0xf5, 0x1e, 0xd7, 0x9b, 0x9d, 0xb2, 0x1f },
1295 .rlen = 8,
1296 }, { /* Generated with bf488 */
1297 .key = { 0xf0, 0xe1, 0xd2, 0xc3, 0xb4, 0xa5, 0x96, 0x87,
1298 0x78, 0x69, 0x5a, 0x4b, 0x3c, 0x2d, 0x1e, 0x0f,
1299 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
1300 0x04, 0x68, 0x91, 0x04, 0xc2, 0xfd, 0x3b, 0x2f,
1301 0x58, 0x40, 0x23, 0x64, 0x1a, 0xba, 0x61, 0x76,
1302 0x1f, 0x1f, 0x1f, 0x1f, 0x0e, 0x0e, 0x0e, 0x0e,
1303 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff },
1304 .klen = 56,
1305 .input = { 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10 },
1306 .ilen = 8,
1307 .result = { 0xc0, 0x45, 0x04, 0x01, 0x2e, 0x4e, 0x1f, 0x53 },
1308 .rlen = 8,
1309 },
1310};
1311
1312static struct cipher_testvec bf_dec_tv_template[] = {
1313 { /* DES test vectors from OpenSSL */
1314 .key = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
1315 .klen = 8,
1316 .input = { 0x4e, 0xf9, 0x97, 0x45, 0x61, 0x98, 0xdd, 0x78 },
1317 .ilen = 8,
1318 .result = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
1319 .rlen = 8,
1320 }, {
1321 .key = { 0x1f, 0x1f, 0x1f, 0x1f, 0x0e, 0x0e, 0x0e, 0x0e },
1322 .klen = 8,
1323 .input = { 0xa7, 0x90, 0x79, 0x51, 0x08, 0xea, 0x3c, 0xae },
1324 .ilen = 8,
1325 .result = { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef },
1326 .rlen = 8,
1327 }, {
1328 .key = { 0xf0, 0xe1, 0xd2, 0xc3, 0xb4, 0xa5, 0x96, 0x87 },
1329 .klen = 8,
1330 .input = { 0xe8, 0x7a, 0x24, 0x4e, 0x2c, 0xc8, 0x5e, 0x82 },
1331 .ilen = 8,
1332 .result = { 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10 },
1333 .rlen = 8,
1334 }, { /* Vary the keylength... */
1335 .key = { 0xf0, 0xe1, 0xd2, 0xc3, 0xb4, 0xa5, 0x96, 0x87,
1336 0x78, 0x69, 0x5a, 0x4b, 0x3c, 0x2d, 0x1e, 0x0f },
1337 .klen = 16,
1338 .input = { 0x93, 0x14, 0x28, 0x87, 0xee, 0x3b, 0xe1, 0x5c },
1339 .ilen = 8,
1340 .result = { 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10 },
1341 .rlen = 8,
1342 }, {
1343 .key = { 0xf0, 0xe1, 0xd2, 0xc3, 0xb4, 0xa5, 0x96, 0x87,
1344 0x78, 0x69, 0x5a, 0x4b, 0x3c, 0x2d, 0x1e, 0x0f,
1345 0x00, 0x11, 0x22, 0x33, 0x44 },
1346 .klen = 21,
1347 .input = { 0xe6, 0xf5, 0x1e, 0xd7, 0x9b, 0x9d, 0xb2, 0x1f },
1348 .ilen = 8,
1349 .result = { 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10 },
1350 .rlen = 8,
1351 }, { /* Generated with bf488, using OpenSSL, Libgcrypt and Nettle */
1352 .key = { 0xf0, 0xe1, 0xd2, 0xc3, 0xb4, 0xa5, 0x96, 0x87,
1353 0x78, 0x69, 0x5a, 0x4b, 0x3c, 0x2d, 0x1e, 0x0f,
1354 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
1355 0x04, 0x68, 0x91, 0x04, 0xc2, 0xfd, 0x3b, 0x2f,
1356 0x58, 0x40, 0x23, 0x64, 0x1a, 0xba, 0x61, 0x76,
1357 0x1f, 0x1f, 0x1f, 0x1f, 0x0e, 0x0e, 0x0e, 0x0e,
1358 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff },
1359 .klen = 56,
1360 .input = { 0xc0, 0x45, 0x04, 0x01, 0x2e, 0x4e, 0x1f, 0x53 },
1361 .ilen = 8,
1362 .result = { 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10 },
1363 .rlen = 8,
1364 },
1365};
1366
1367static struct cipher_testvec bf_cbc_enc_tv_template[] = {
1368 { /* From OpenSSL */
1369 .key = { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
1370 0xf0, 0xe1, 0xd2, 0xc3, 0xb4, 0xa5, 0x96, 0x87 },
1371 .klen = 16,
1372 .iv = { 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10 },
1373 .input = { 0x37, 0x36, 0x35, 0x34, 0x33, 0x32, 0x31, 0x20,
1374 0x4e, 0x6f, 0x77, 0x20, 0x69, 0x73, 0x20, 0x74,
1375 0x68, 0x65, 0x20, 0x74, 0x69, 0x6d, 0x65, 0x20,
1376 0x66, 0x6f, 0x72, 0x20, 0x00, 0x00, 0x00, 0x00 },
1377 .ilen = 32,
1378 .result = { 0x6b, 0x77, 0xb4, 0xd6, 0x30, 0x06, 0xde, 0xe6,
1379 0x05, 0xb1, 0x56, 0xe2, 0x74, 0x03, 0x97, 0x93,
1380 0x58, 0xde, 0xb9, 0xe7, 0x15, 0x46, 0x16, 0xd9,
1381 0x59, 0xf1, 0x65, 0x2b, 0xd5, 0xff, 0x92, 0xcc },
1382 .rlen = 32,
1383 },
1384};
1385
1386static struct cipher_testvec bf_cbc_dec_tv_template[] = {
1387 { /* From OpenSSL */
1388 .key = { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
1389 0xf0, 0xe1, 0xd2, 0xc3, 0xb4, 0xa5, 0x96, 0x87 },
1390 .klen = 16,
1391 .iv = { 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10 },
1392 .input = { 0x6b, 0x77, 0xb4, 0xd6, 0x30, 0x06, 0xde, 0xe6,
1393 0x05, 0xb1, 0x56, 0xe2, 0x74, 0x03, 0x97, 0x93,
1394 0x58, 0xde, 0xb9, 0xe7, 0x15, 0x46, 0x16, 0xd9,
1395 0x59, 0xf1, 0x65, 0x2b, 0xd5, 0xff, 0x92, 0xcc },
1396 .ilen = 32,
1397 .result = { 0x37, 0x36, 0x35, 0x34, 0x33, 0x32, 0x31, 0x20,
1398 0x4e, 0x6f, 0x77, 0x20, 0x69, 0x73, 0x20, 0x74,
1399 0x68, 0x65, 0x20, 0x74, 0x69, 0x6d, 0x65, 0x20,
1400 0x66, 0x6f, 0x72, 0x20, 0x00, 0x00, 0x00, 0x00 },
1401 .rlen = 32,
1402 },
1403};
1404
1405/*
1406 * Twofish test vectors.
1407 */
1408#define TF_ENC_TEST_VECTORS 3
1409#define TF_DEC_TEST_VECTORS 3
1410#define TF_CBC_ENC_TEST_VECTORS 4
1411#define TF_CBC_DEC_TEST_VECTORS 4
1412
1413static struct cipher_testvec tf_enc_tv_template[] = {
1414 {
1415 .key = { [0 ... 15] = 0x00 },
1416 .klen = 16,
1417 .input = { [0 ... 15] = 0x00 },
1418 .ilen = 16,
1419 .result = { 0x9f, 0x58, 0x9f, 0x5c, 0xf6, 0x12, 0x2c, 0x32,
1420 0xb6, 0xbf, 0xec, 0x2f, 0x2a, 0xe8, 0xc3, 0x5a },
1421 .rlen = 16,
1422 }, {
1423 .key = { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
1424 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10,
1425 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77 },
1426 .klen = 24,
1427 .input = { [0 ... 15] = 0x00 },
1428 .ilen = 16,
1429 .result = { 0xcf, 0xd1, 0xd2, 0xe5, 0xa9, 0xbe, 0x9c, 0xdf,
1430 0x50, 0x1f, 0x13, 0xb8, 0x92, 0xbd, 0x22, 0x48 },
1431 .rlen = 16,
1432 }, {
1433 .key = { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
1434 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10,
1435 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
1436 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff },
1437 .klen = 32,
1438 .input = { [0 ... 15] = 0x00 },
1439 .ilen = 16,
1440 .result = { 0x37, 0x52, 0x7b, 0xe0, 0x05, 0x23, 0x34, 0xb8,
1441 0x9f, 0x0c, 0xfc, 0xca, 0xe8, 0x7c, 0xfa, 0x20 },
1442 .rlen = 16,
1443 },
1444};
1445
1446static struct cipher_testvec tf_dec_tv_template[] = {
1447 {
1448 .key = { [0 ... 15] = 0x00 },
1449 .klen = 16,
1450 .input = { 0x9f, 0x58, 0x9f, 0x5c, 0xf6, 0x12, 0x2c, 0x32,
1451 0xb6, 0xbf, 0xec, 0x2f, 0x2a, 0xe8, 0xc3, 0x5a },
1452 .ilen = 16,
1453 .result = { [0 ... 15] = 0x00 },
1454 .rlen = 16,
1455 }, {
1456 .key = { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
1457 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10,
1458 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77 },
1459 .klen = 24,
1460 .input = { 0xcf, 0xd1, 0xd2, 0xe5, 0xa9, 0xbe, 0x9c, 0xdf,
1461 0x50, 0x1f, 0x13, 0xb8, 0x92, 0xbd, 0x22, 0x48 },
1462 .ilen = 16,
1463 .result = { [0 ... 15] = 0x00 },
1464 .rlen = 16,
1465 }, {
1466 .key = { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
1467 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10,
1468 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
1469 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff },
1470 .klen = 32,
1471 .input = { 0x37, 0x52, 0x7b, 0xe0, 0x05, 0x23, 0x34, 0xb8,
1472 0x9f, 0x0c, 0xfc, 0xca, 0xe8, 0x7c, 0xfa, 0x20 },
1473 .ilen = 16,
1474 .result = { [0 ... 15] = 0x00 },
1475 .rlen = 16,
1476 },
1477};
1478
1479static struct cipher_testvec tf_cbc_enc_tv_template[] = {
1480 { /* Generated with Nettle */
1481 .key = { [0 ... 15] = 0x00 },
1482 .klen = 16,
1483 .iv = { [0 ... 15] = 0x00 },
1484 .input = { [0 ... 15] = 0x00 },
1485 .ilen = 16,
1486 .result = { 0x9f, 0x58, 0x9f, 0x5c, 0xf6, 0x12, 0x2c, 0x32,
1487 0xb6, 0xbf, 0xec, 0x2f, 0x2a, 0xe8, 0xc3, 0x5a },
1488 .rlen = 16,
1489 }, {
1490 .key = { [0 ... 15] = 0x00 },
1491 .klen = 16,
1492 .iv = { 0x9f, 0x58, 0x9f, 0x5c, 0xf6, 0x12, 0x2c, 0x32,
1493 0xb6, 0xbf, 0xec, 0x2f, 0x2a, 0xe8, 0xc3, 0x5a },
1494 .input = { [0 ... 15] = 0x00 },
1495 .ilen = 16,
1496 .result = { 0xd4, 0x91, 0xdb, 0x16, 0xe7, 0xb1, 0xc3, 0x9e,
1497 0x86, 0xcb, 0x08, 0x6b, 0x78, 0x9f, 0x54, 0x19 },
1498 .rlen = 16,
1499 }, {
1500 .key = { [0 ... 15] = 0x00 },
1501 .klen = 16,
1502 .iv = { 0xd4, 0x91, 0xdb, 0x16, 0xe7, 0xb1, 0xc3, 0x9e,
1503 0x86, 0xcb, 0x08, 0x6b, 0x78, 0x9f, 0x54, 0x19 },
1504 .input = { [0 ... 15] = 0x00 },
1505 .ilen = 16,
1506 .result = { 0x05, 0xef, 0x8c, 0x61, 0xa8, 0x11, 0x58, 0x26,
1507 0x34, 0xba, 0x5c, 0xb7, 0x10, 0x6a, 0xa6, 0x41 },
1508 .rlen = 16,
1509 }, {
1510 .key = { [0 ... 15] = 0x00 },
1511 .klen = 16,
1512 .iv = { [0 ... 15] = 0x00 },
1513 .input = { [0 ... 47] = 0x00 },
1514 .ilen = 48,
1515 .result = { 0x9f, 0x58, 0x9f, 0x5c, 0xf6, 0x12, 0x2c, 0x32,
1516 0xb6, 0xbf, 0xec, 0x2f, 0x2a, 0xe8, 0xc3, 0x5a,
1517 0xd4, 0x91, 0xdb, 0x16, 0xe7, 0xb1, 0xc3, 0x9e,
1518 0x86, 0xcb, 0x08, 0x6b, 0x78, 0x9f, 0x54, 0x19,
1519 0x05, 0xef, 0x8c, 0x61, 0xa8, 0x11, 0x58, 0x26,
1520 0x34, 0xba, 0x5c, 0xb7, 0x10, 0x6a, 0xa6, 0x41 },
1521 .rlen = 48,
1522 },
1523};
1524
1525static struct cipher_testvec tf_cbc_dec_tv_template[] = {
1526 { /* Reverse of the first four above */
1527 .key = { [0 ... 15] = 0x00 },
1528 .klen = 16,
1529 .iv = { [0 ... 15] = 0x00 },
1530 .input = { 0x9f, 0x58, 0x9f, 0x5c, 0xf6, 0x12, 0x2c, 0x32,
1531 0xb6, 0xbf, 0xec, 0x2f, 0x2a, 0xe8, 0xc3, 0x5a },
1532 .ilen = 16,
1533 .result = { [0 ... 15] = 0x00 },
1534 .rlen = 16,
1535 }, {
1536 .key = { [0 ... 15] = 0x00 },
1537 .klen = 16,
1538 .iv = { 0x9f, 0x58, 0x9f, 0x5c, 0xf6, 0x12, 0x2c, 0x32,
1539 0xb6, 0xbf, 0xec, 0x2f, 0x2a, 0xe8, 0xc3, 0x5a },
1540 .input = { 0xd4, 0x91, 0xdb, 0x16, 0xe7, 0xb1, 0xc3, 0x9e,
1541 0x86, 0xcb, 0x08, 0x6b, 0x78, 0x9f, 0x54, 0x19 },
1542 .ilen = 16,
1543 .result = { [0 ... 15] = 0x00 },
1544 .rlen = 16,
1545 }, {
1546 .key = { [0 ... 15] = 0x00 },
1547 .klen = 16,
1548 .iv = { 0xd4, 0x91, 0xdb, 0x16, 0xe7, 0xb1, 0xc3, 0x9e,
1549 0x86, 0xcb, 0x08, 0x6b, 0x78, 0x9f, 0x54, 0x19 },
1550 .input = { 0x05, 0xef, 0x8c, 0x61, 0xa8, 0x11, 0x58, 0x26,
1551 0x34, 0xba, 0x5c, 0xb7, 0x10, 0x6a, 0xa6, 0x41 },
1552 .ilen = 16,
1553 .result = { [0 ... 15] = 0x00 },
1554 .rlen = 16,
1555 }, {
1556 .key = { [0 ... 15] = 0x00 },
1557 .klen = 16,
1558 .iv = { [0 ... 15] = 0x00 },
1559 .input = { 0x9f, 0x58, 0x9f, 0x5c, 0xf6, 0x12, 0x2c, 0x32,
1560 0xb6, 0xbf, 0xec, 0x2f, 0x2a, 0xe8, 0xc3, 0x5a,
1561 0xd4, 0x91, 0xdb, 0x16, 0xe7, 0xb1, 0xc3, 0x9e,
1562 0x86, 0xcb, 0x08, 0x6b, 0x78, 0x9f, 0x54, 0x19,
1563 0x05, 0xef, 0x8c, 0x61, 0xa8, 0x11, 0x58, 0x26,
1564 0x34, 0xba, 0x5c, 0xb7, 0x10, 0x6a, 0xa6, 0x41 },
1565 .ilen = 48,
1566 .result = { [0 ... 47] = 0x00 },
1567 .rlen = 48,
1568 },
1569};
1570
1571/*
1572 * Serpent test vectors. These are backwards because Serpent writes
1573 * octet sequences in right-to-left mode.
1574 */
1575#define SERPENT_ENC_TEST_VECTORS 4
1576#define SERPENT_DEC_TEST_VECTORS 4
1577
1578#define TNEPRES_ENC_TEST_VECTORS 4
1579#define TNEPRES_DEC_TEST_VECTORS 4
1580
1581static struct cipher_testvec serpent_enc_tv_template[] =
1582{
1583 {
1584 .input = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
1585 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f },
1586 .ilen = 16,
1587 .result = { 0x12, 0x07, 0xfc, 0xce, 0x9b, 0xd0, 0xd6, 0x47,
1588 0x6a, 0xe9, 0x8f, 0xbe, 0xd1, 0x43, 0xa0, 0xe2 },
1589 .rlen = 16,
1590 }, {
1591 .key = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
1592 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f },
1593 .klen = 16,
1594 .input = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
1595 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f },
1596 .ilen = 16,
1597 .result = { 0x4c, 0x7d, 0x8a, 0x32, 0x80, 0x72, 0xa2, 0x2c,
1598 0x82, 0x3e, 0x4a, 0x1f, 0x3a, 0xcd, 0xa1, 0x6d },
1599 .rlen = 16,
1600 }, {
1601 .key = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
1602 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
1603 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
1604 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f },
1605 .klen = 32,
1606 .input = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
1607 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f },
1608 .ilen = 16,
1609 .result = { 0xde, 0x26, 0x9f, 0xf8, 0x33, 0xe4, 0x32, 0xb8,
1610 0x5b, 0x2e, 0x88, 0xd2, 0x70, 0x1c, 0xe7, 0x5c },
1611 .rlen = 16,
1612 }, {
1613 .key = { [15] = 0x80 },
1614 .klen = 16,
1615 .input = { [0 ... 15] = 0x00 },
1616 .ilen = 16,
1617 .result = { 0xdd, 0xd2, 0x6b, 0x98, 0xa5, 0xff, 0xd8, 0x2c,
1618 0x05, 0x34, 0x5a, 0x9d, 0xad, 0xbf, 0xaf, 0x49},
1619 .rlen = 16,
1620 },
1621};
1622
1623static struct cipher_testvec tnepres_enc_tv_template[] =
1624{
1625 { /* KeySize=128, PT=0, I=1 */
1626 .input = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1627 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
1628 .key = { 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1629 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
1630 .klen = 16,
1631 .ilen = 16,
1632 .result = { 0x49, 0xaf, 0xbf, 0xad, 0x9d, 0x5a, 0x34, 0x05,
1633 0x2c, 0xd8, 0xff, 0xa5, 0x98, 0x6b, 0xd2, 0xdd },
1634 .rlen = 16,
1635 }, { /* KeySize=192, PT=0, I=1 */
1636 .key = { 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1637 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1638 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
1639 .klen = 24,
1640 .input = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1641 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
1642 .ilen = 16,
1643 .result = { 0xe7, 0x8e, 0x54, 0x02, 0xc7, 0x19, 0x55, 0x68,
1644 0xac, 0x36, 0x78, 0xf7, 0xa3, 0xf6, 0x0c, 0x66 },
1645 .rlen = 16,
1646 }, { /* KeySize=256, PT=0, I=1 */
1647 .key = { 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1648 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1649 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1650 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
1651 .klen = 32,
1652 .input = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1653 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
1654 .ilen = 16,
1655 .result = { 0xab, 0xed, 0x96, 0xe7, 0x66, 0xbf, 0x28, 0xcb,
1656 0xc0, 0xeb, 0xd2, 0x1a, 0x82, 0xef, 0x08, 0x19 },
1657 .rlen = 16,
1658 }, { /* KeySize=256, I=257 */
1659 .key = { 0x1f, 0x1e, 0x1d, 0x1c, 0x1b, 0x1a, 0x19, 0x18,
1660 0x17, 0x16, 0x15, 0x14, 0x13, 0x12, 0x11, 0x10,
1661 0x0f, 0x0e, 0x0d, 0x0c, 0x0b, 0x0a, 0x09, 0x08,
1662 0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00 },
1663 .klen = 32,
1664 .input = { 0x0f, 0x0e, 0x0d, 0x0c, 0x0b, 0x0a, 0x09, 0x08,
1665 0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00 },
1666 .ilen = 16,
1667 .result = { 0x5c, 0xe7, 0x1c, 0x70, 0xd2, 0x88, 0x2e, 0x5b,
1668 0xb8, 0x32, 0xe4, 0x33, 0xf8, 0x9f, 0x26, 0xde },
1669 .rlen = 16,
1670 },
1671};
1672
1673
1674static struct cipher_testvec serpent_dec_tv_template[] =
1675{
1676 {
1677 .input = { 0x12, 0x07, 0xfc, 0xce, 0x9b, 0xd0, 0xd6, 0x47,
1678 0x6a, 0xe9, 0x8f, 0xbe, 0xd1, 0x43, 0xa0, 0xe2 },
1679 .ilen = 16,
1680 .result = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
1681 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f },
1682 .rlen = 16,
1683 }, {
1684 .key = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
1685 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f },
1686 .klen = 16,
1687 .input = { 0x4c, 0x7d, 0x8a, 0x32, 0x80, 0x72, 0xa2, 0x2c,
1688 0x82, 0x3e, 0x4a, 0x1f, 0x3a, 0xcd, 0xa1, 0x6d },
1689 .ilen = 16,
1690 .result = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
1691 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f },
1692 .rlen = 16,
1693 }, {
1694 .key = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
1695 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
1696 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
1697 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f },
1698 .klen = 32,
1699 .input = { 0xde, 0x26, 0x9f, 0xf8, 0x33, 0xe4, 0x32, 0xb8,
1700 0x5b, 0x2e, 0x88, 0xd2, 0x70, 0x1c, 0xe7, 0x5c },
1701 .ilen = 16,
1702 .result = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
1703 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f },
1704 .rlen = 16,
1705 }, {
1706 .key = { [15] = 0x80 },
1707 .klen = 16,
1708 .input = { 0xdd, 0xd2, 0x6b, 0x98, 0xa5, 0xff, 0xd8, 0x2c,
1709 0x05, 0x34, 0x5a, 0x9d, 0xad, 0xbf, 0xaf, 0x49},
1710 .ilen = 16,
1711 .result = { [0 ... 15] = 0x00 },
1712 .rlen = 16,
1713 },
1714};
1715
1716static struct cipher_testvec tnepres_dec_tv_template[] =
1717{
1718 {
1719 .input = { 0x41, 0xcc, 0x6b, 0x31, 0x59, 0x31, 0x45, 0x97,
1720 0x6d, 0x6f, 0xbb, 0x38, 0x4b, 0x37, 0x21, 0x28 },
1721 .ilen = 16,
1722 .result = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
1723 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f },
1724 .rlen = 16,
1725 }, {
1726 .key = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
1727 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f },
1728 .klen = 16,
1729 .input = { 0xea, 0xf4, 0xd7, 0xfc, 0xd8, 0x01, 0x34, 0x47,
1730 0x81, 0x45, 0x0b, 0xfa, 0x0c, 0xd6, 0xad, 0x6e },
1731 .ilen = 16,
1732 .result = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
1733 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f },
1734 .rlen = 16,
1735 }, {
1736 .key = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
1737 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
1738 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
1739 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f },
1740 .klen = 32,
1741 .input = { 0x64, 0xa9, 0x1a, 0x37, 0xed, 0x9f, 0xe7, 0x49,
1742 0xa8, 0x4e, 0x76, 0xd6, 0xf5, 0x0d, 0x78, 0xee },
1743 .ilen = 16,
1744 .result = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
1745 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f },
1746 .rlen = 16,
1747 }, { /* KeySize=128, I=121 */
1748 .key = { [15] = 0x80 },
1749 .klen = 16,
1750 .input = { 0x3d, 0xda, 0xbf, 0xc0, 0x06, 0xda, 0xab, 0x06,
1751 0x46, 0x2a, 0xf4, 0xef, 0x81, 0x54, 0x4e, 0x26 },
1752 .ilen = 16,
1753 .result = { [0 ... 15] = 0x00 },
1754 .rlen = 16,
1755 },
1756};
1757
1758
1759/* Cast6 test vectors from RFC 2612 */
1760#define CAST6_ENC_TEST_VECTORS 3
1761#define CAST6_DEC_TEST_VECTORS 3
1762
1763static struct cipher_testvec cast6_enc_tv_template[] =
1764{
1765 {
1766 .key = { 0x23, 0x42, 0xbb, 0x9e, 0xfa, 0x38, 0x54, 0x2c,
1767 0x0a, 0xf7, 0x56, 0x47, 0xf2, 0x9f, 0x61, 0x5d },
1768 .klen = 16,
1769 .input = { [0 ... 15] = 0x00 },
1770 .ilen = 16,
1771 .result = { 0xc8, 0x42, 0xa0, 0x89, 0x72, 0xb4, 0x3d, 0x20,
1772 0x83, 0x6c, 0x91, 0xd1, 0xb7, 0x53, 0x0f, 0x6b },
1773 .rlen = 16,
1774 }, {
1775 .key = { 0x23, 0x42, 0xbb, 0x9e, 0xfa, 0x38, 0x54, 0x2c,
1776 0xbe, 0xd0, 0xac, 0x83, 0x94, 0x0a, 0xc2, 0x98,
1777 0xba, 0xc7, 0x7a, 0x77, 0x17, 0x94, 0x28, 0x63 },
1778 .klen = 24,
1779 .input = { [0 ... 15] = 0x00 },
1780 .ilen = 16,
1781 .result = { 0x1b, 0x38, 0x6c, 0x02, 0x10, 0xdc, 0xad, 0xcb,
1782 0xdd, 0x0e, 0x41, 0xaa, 0x08, 0xa7, 0xa7, 0xe8 },
1783 .rlen = 16,
1784 }, {
1785 .key = { 0x23, 0x42, 0xbb, 0x9e, 0xfa, 0x38, 0x54, 0x2c,
1786 0xbe, 0xd0, 0xac, 0x83, 0x94, 0x0a, 0xc2, 0x98,
1787 0x8d, 0x7c, 0x47, 0xce, 0x26, 0x49, 0x08, 0x46,
1788 0x1c, 0xc1, 0xb5, 0x13, 0x7a, 0xe6, 0xb6, 0x04 },
1789 .klen = 32,
1790 .input = { [0 ... 15] = 0x00 },
1791 .ilen = 16,
1792 .result = { 0x4f, 0x6a, 0x20, 0x38, 0x28, 0x68, 0x97, 0xb9,
1793 0xc9, 0x87, 0x01, 0x36, 0x55, 0x33, 0x17, 0xfa },
1794 .rlen = 16,
1795 },
1796};
1797
1798static struct cipher_testvec cast6_dec_tv_template[] =
1799{
1800 {
1801 .key = { 0x23, 0x42, 0xbb, 0x9e, 0xfa, 0x38, 0x54, 0x2c,
1802 0x0a, 0xf7, 0x56, 0x47, 0xf2, 0x9f, 0x61, 0x5d },
1803 .klen = 16,
1804 .input = { 0xc8, 0x42, 0xa0, 0x89, 0x72, 0xb4, 0x3d, 0x20,
1805 0x83, 0x6c, 0x91, 0xd1, 0xb7, 0x53, 0x0f, 0x6b },
1806 .ilen = 16,
1807 .result = { [0 ... 15] = 0x00 },
1808 .rlen = 16,
1809 }, {
1810 .key = { 0x23, 0x42, 0xbb, 0x9e, 0xfa, 0x38, 0x54, 0x2c,
1811 0xbe, 0xd0, 0xac, 0x83, 0x94, 0x0a, 0xc2, 0x98,
1812 0xba, 0xc7, 0x7a, 0x77, 0x17, 0x94, 0x28, 0x63 },
1813 .klen = 24,
1814 .input = { 0x1b, 0x38, 0x6c, 0x02, 0x10, 0xdc, 0xad, 0xcb,
1815 0xdd, 0x0e, 0x41, 0xaa, 0x08, 0xa7, 0xa7, 0xe8 },
1816 .ilen = 16,
1817 .result = { [0 ... 15] = 0x00 },
1818 .rlen = 16,
1819 }, {
1820 .key = { 0x23, 0x42, 0xbb, 0x9e, 0xfa, 0x38, 0x54, 0x2c,
1821 0xbe, 0xd0, 0xac, 0x83, 0x94, 0x0a, 0xc2, 0x98,
1822 0x8d, 0x7c, 0x47, 0xce, 0x26, 0x49, 0x08, 0x46,
1823 0x1c, 0xc1, 0xb5, 0x13, 0x7a, 0xe6, 0xb6, 0x04 },
1824 .klen = 32,
1825 .input = { 0x4f, 0x6a, 0x20, 0x38, 0x28, 0x68, 0x97, 0xb9,
1826 0xc9, 0x87, 0x01, 0x36, 0x55, 0x33, 0x17, 0xfa },
1827 .ilen = 16,
1828 .result = { [0 ... 15] = 0x00 },
1829 .rlen = 16,
1830 },
1831};
1832
1833
1834/*
1835 * AES test vectors.
1836 */
1837#define AES_ENC_TEST_VECTORS 3
1838#define AES_DEC_TEST_VECTORS 3
1839
1840static struct cipher_testvec aes_enc_tv_template[] = {
1841 { /* From FIPS-197 */
1842 .key = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
1843 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f },
1844 .klen = 16,
1845 .input = { 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
1846 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff },
1847 .ilen = 16,
1848 .result = { 0x69, 0xc4, 0xe0, 0xd8, 0x6a, 0x7b, 0x04, 0x30,
1849 0xd8, 0xcd, 0xb7, 0x80, 0x70, 0xb4, 0xc5, 0x5a },
1850 .rlen = 16,
1851 }, {
1852 .key = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
1853 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
1854 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17 },
1855 .klen = 24,
1856 .input = { 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
1857 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff },
1858 .ilen = 16,
1859 .result = { 0xdd, 0xa9, 0x7c, 0xa4, 0x86, 0x4c, 0xdf, 0xe0,
1860 0x6e, 0xaf, 0x70, 0xa0, 0xec, 0x0d, 0x71, 0x91 },
1861 .rlen = 16,
1862 }, {
1863 .key = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
1864 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
1865 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
1866 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f },
1867 .klen = 32,
1868 .input = { 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
1869 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff },
1870 .ilen = 16,
1871 .result = { 0x8e, 0xa2, 0xb7, 0xca, 0x51, 0x67, 0x45, 0xbf,
1872 0xea, 0xfc, 0x49, 0x90, 0x4b, 0x49, 0x60, 0x89 },
1873 .rlen = 16,
1874 },
1875};
1876
1877static struct cipher_testvec aes_dec_tv_template[] = {
1878 { /* From FIPS-197 */
1879 .key = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
1880 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f },
1881 .klen = 16,
1882 .input = { 0x69, 0xc4, 0xe0, 0xd8, 0x6a, 0x7b, 0x04, 0x30,
1883 0xd8, 0xcd, 0xb7, 0x80, 0x70, 0xb4, 0xc5, 0x5a },
1884 .ilen = 16,
1885 .result = { 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
1886 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff },
1887 .rlen = 16,
1888 }, {
1889 .key = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
1890 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
1891 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17 },
1892 .klen = 24,
1893 .input = { 0xdd, 0xa9, 0x7c, 0xa4, 0x86, 0x4c, 0xdf, 0xe0,
1894 0x6e, 0xaf, 0x70, 0xa0, 0xec, 0x0d, 0x71, 0x91 },
1895 .ilen = 16,
1896 .result = { 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
1897 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff },
1898 .rlen = 16,
1899 }, {
1900 .key = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
1901 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
1902 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
1903 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f },
1904 .klen = 32,
1905 .input = { 0x8e, 0xa2, 0xb7, 0xca, 0x51, 0x67, 0x45, 0xbf,
1906 0xea, 0xfc, 0x49, 0x90, 0x4b, 0x49, 0x60, 0x89 },
1907 .ilen = 16,
1908 .result = { 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
1909 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff },
1910 .rlen = 16,
1911 },
1912};
1913
1914/* Cast5 test vectors from RFC 2144 */
1915#define CAST5_ENC_TEST_VECTORS 3
1916#define CAST5_DEC_TEST_VECTORS 3
1917
1918static struct cipher_testvec cast5_enc_tv_template[] =
1919{
1920 {
1921 .key = { 0x01, 0x23, 0x45, 0x67, 0x12, 0x34, 0x56, 0x78,
1922 0x23, 0x45, 0x67, 0x89, 0x34, 0x56, 0x78, 0x9a },
1923 .klen = 16,
1924 .input = { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef },
1925 .ilen = 8,
1926 .result = { 0x23, 0x8b, 0x4f, 0xe5, 0x84, 0x7e, 0x44, 0xb2 },
1927 .rlen = 8,
1928 }, {
1929 .key = { 0x01, 0x23, 0x45, 0x67, 0x12, 0x34, 0x56, 0x78,
1930 0x23, 0x45 },
1931 .klen = 10,
1932 .input = { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef },
1933 .ilen = 8,
1934 .result = { 0xeb, 0x6a, 0x71, 0x1a, 0x2c, 0x02, 0x27, 0x1b },
1935 .rlen = 8,
1936 }, {
1937 .key = { 0x01, 0x23, 0x45, 0x67, 0x12 },
1938 .klen = 5,
1939 .input = { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef },
1940 .ilen = 8,
1941 .result = { 0x7a, 0xc8, 0x16, 0xd1, 0x6e, 0x9b, 0x30, 0x2e },
1942 .rlen = 8,
1943 },
1944};
1945
1946static struct cipher_testvec cast5_dec_tv_template[] =
1947{
1948 {
1949 .key = { 0x01, 0x23, 0x45, 0x67, 0x12, 0x34, 0x56, 0x78,
1950 0x23, 0x45, 0x67, 0x89, 0x34, 0x56, 0x78, 0x9a },
1951 .klen = 16,
1952 .input = { 0x23, 0x8b, 0x4f, 0xe5, 0x84, 0x7e, 0x44, 0xb2 },
1953 .ilen = 8,
1954 .result = { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef },
1955 .rlen = 8,
1956 }, {
1957 .key = { 0x01, 0x23, 0x45, 0x67, 0x12, 0x34, 0x56, 0x78,
1958 0x23, 0x45 },
1959 .klen = 10,
1960 .input = { 0xeb, 0x6a, 0x71, 0x1a, 0x2c, 0x02, 0x27, 0x1b },
1961 .ilen = 8,
1962 .result = { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef },
1963 .rlen = 8,
1964 }, {
1965 .key = { 0x01, 0x23, 0x45, 0x67, 0x12 },
1966 .klen = 5,
1967 .input = { 0x7a, 0xc8, 0x16, 0xd1, 0x6e, 0x9b, 0x30, 0x2e },
1968 .ilen = 8,
1969 .result = { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef },
1970 .rlen = 8,
1971 },
1972};
1973
1974/*
1975 * ARC4 test vectors from OpenSSL
1976 */
1977#define ARC4_ENC_TEST_VECTORS 7
1978#define ARC4_DEC_TEST_VECTORS 7
1979
1980static struct cipher_testvec arc4_enc_tv_template[] =
1981{
1982 {
1983 .key = { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef },
1984 .klen = 8,
1985 .input = { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef },
1986 .ilen = 8,
1987 .result = { 0x75, 0xb7, 0x87, 0x80, 0x99, 0xe0, 0xc5, 0x96 },
1988 .rlen = 8,
1989 }, {
1990 .key = { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef },
1991 .klen = 8,
1992 .input = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
1993 .ilen = 8,
1994 .result = { 0x74, 0x94, 0xc2, 0xe7, 0x10, 0x4b, 0x08, 0x79 },
1995 .rlen = 8,
1996 }, {
1997 .key = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
1998 .klen = 8,
1999 .input = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
2000 .ilen = 8,
2001 .result = { 0xde, 0x18, 0x89, 0x41, 0xa3, 0x37, 0x5d, 0x3a },
2002 .rlen = 8,
2003 }, {
2004 .key = { 0xef, 0x01, 0x23, 0x45},
2005 .klen = 4,
2006 .input = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2007 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2008 0x00, 0x00, 0x00, 0x00 },
2009 .ilen = 20,
2010 .result = { 0xd6, 0xa1, 0x41, 0xa7, 0xec, 0x3c, 0x38, 0xdf,
2011 0xbd, 0x61, 0x5a, 0x11, 0x62, 0xe1, 0xc7, 0xba,
2012 0x36, 0xb6, 0x78, 0x58 },
2013 .rlen = 20,
2014 }, {
2015 .key = { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef },
2016 .klen = 8,
2017 .input = { 0x12, 0x34, 0x56, 0x78, 0x9A, 0xBC, 0xDE, 0xF0,
2018 0x12, 0x34, 0x56, 0x78, 0x9A, 0xBC, 0xDE, 0xF0,
2019 0x12, 0x34, 0x56, 0x78, 0x9A, 0xBC, 0xDE, 0xF0,
2020 0x12, 0x34, 0x56, 0x78 },
2021 .ilen = 28,
2022 .result = { 0x66, 0xa0, 0x94, 0x9f, 0x8a, 0xf7, 0xd6, 0x89,
2023 0x1f, 0x7f, 0x83, 0x2b, 0xa8, 0x33, 0xc0, 0x0c,
2024 0x89, 0x2e, 0xbe, 0x30, 0x14, 0x3c, 0xe2, 0x87,
2025 0x40, 0x01, 0x1e, 0xcf },
2026 .rlen = 28,
2027 }, {
2028 .key = { 0xef, 0x01, 0x23, 0x45 },
2029 .klen = 4,
2030 .input = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2031 0x00, 0x00 },
2032 .ilen = 10,
2033 .result = { 0xd6, 0xa1, 0x41, 0xa7, 0xec, 0x3c, 0x38, 0xdf,
2034 0xbd, 0x61 },
2035 .rlen = 10,
2036 }, {
2037 .key = { 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF,
2038 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
2039 .klen = 16,
2040 .input = { 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF },
2041 .ilen = 8,
2042 .result = { 0x69, 0x72, 0x36, 0x59, 0x1B, 0x52, 0x42, 0xB1 },
2043 .rlen = 8,
2044 },
2045};
2046
2047static struct cipher_testvec arc4_dec_tv_template[] =
2048{
2049 {
2050 .key = { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef },
2051 .klen = 8,
2052 .input = { 0x75, 0xb7, 0x87, 0x80, 0x99, 0xe0, 0xc5, 0x96 },
2053 .ilen = 8,
2054 .result = { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef },
2055 .rlen = 8,
2056 }, {
2057 .key = { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef },
2058 .klen = 8,
2059 .input = { 0x74, 0x94, 0xc2, 0xe7, 0x10, 0x4b, 0x08, 0x79 },
2060 .ilen = 8,
2061 .result = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
2062 .rlen = 8,
2063 }, {
2064 .key = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
2065 .klen = 8,
2066 .input = { 0xde, 0x18, 0x89, 0x41, 0xa3, 0x37, 0x5d, 0x3a },
2067 .ilen = 8,
2068 .result = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
2069 .rlen = 8,
2070 }, {
2071 .key = { 0xef, 0x01, 0x23, 0x45},
2072 .klen = 4,
2073 .input = { 0xd6, 0xa1, 0x41, 0xa7, 0xec, 0x3c, 0x38, 0xdf,
2074 0xbd, 0x61, 0x5a, 0x11, 0x62, 0xe1, 0xc7, 0xba,
2075 0x36, 0xb6, 0x78, 0x58 },
2076 .ilen = 20,
2077 .result = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2078 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2079 0x00, 0x00, 0x00, 0x00 },
2080 .rlen = 20,
2081 }, {
2082 .key = { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef },
2083 .klen = 8,
2084 .input = { 0x66, 0xa0, 0x94, 0x9f, 0x8a, 0xf7, 0xd6, 0x89,
2085 0x1f, 0x7f, 0x83, 0x2b, 0xa8, 0x33, 0xc0, 0x0c,
2086 0x89, 0x2e, 0xbe, 0x30, 0x14, 0x3c, 0xe2, 0x87,
2087 0x40, 0x01, 0x1e, 0xcf },
2088 .ilen = 28,
2089 .result = { 0x12, 0x34, 0x56, 0x78, 0x9A, 0xBC, 0xDE, 0xF0,
2090 0x12, 0x34, 0x56, 0x78, 0x9A, 0xBC, 0xDE, 0xF0,
2091 0x12, 0x34, 0x56, 0x78, 0x9A, 0xBC, 0xDE, 0xF0,
2092 0x12, 0x34, 0x56, 0x78 },
2093 .rlen = 28,
2094 }, {
2095 .key = { 0xef, 0x01, 0x23, 0x45 },
2096 .klen = 4,
2097 .input = { 0xd6, 0xa1, 0x41, 0xa7, 0xec, 0x3c, 0x38, 0xdf,
2098 0xbd, 0x61 },
2099 .ilen = 10,
2100 .result = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2101 0x00, 0x00 },
2102 .rlen = 10,
2103 }, {
2104 .key = { 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF,
2105 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
2106 .klen = 16,
2107 .input = { 0x69, 0x72, 0x36, 0x59, 0x1B, 0x52, 0x42, 0xB1 },
2108 .ilen = 8,
2109 .result = { 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF },
2110 .rlen = 8,
2111 },
2112};
2113
2114/*
2115 * TEA test vectors
2116 */
2117#define TEA_ENC_TEST_VECTORS 4
2118#define TEA_DEC_TEST_VECTORS 4
2119
2120static struct cipher_testvec tea_enc_tv_template[] =
2121{
2122 {
2123 .key = { [0 ... 15] = 0x00 },
2124 .klen = 16,
2125 .input = { [0 ... 8] = 0x00 },
2126 .ilen = 8,
2127 .result = { 0x0a, 0x3a, 0xea, 0x41, 0x40, 0xa9, 0xba, 0x94 },
2128 .rlen = 8,
2129 }, {
2130 .key = { 0x2b, 0x02, 0x05, 0x68, 0x06, 0x14, 0x49, 0x76,
2131 0x77, 0x5d, 0x0e, 0x26, 0x6c, 0x28, 0x78, 0x43 },
2132 .klen = 16,
2133 .input = { 0x74, 0x65, 0x73, 0x74, 0x20, 0x6d, 0x65, 0x2e },
2134 .ilen = 8,
2135 .result = { 0x77, 0x5d, 0x2a, 0x6a, 0xf6, 0xce, 0x92, 0x09 },
2136 .rlen = 8,
2137 }, {
2138 .key = { 0x09, 0x65, 0x43, 0x11, 0x66, 0x44, 0x39, 0x25,
2139 0x51, 0x3a, 0x16, 0x10, 0x0a, 0x08, 0x12, 0x6e },
2140 .klen = 16,
2141 .input = { 0x6c, 0x6f, 0x6e, 0x67, 0x65, 0x72, 0x5f, 0x74,
2142 0x65, 0x73, 0x74, 0x5f, 0x76, 0x65, 0x63, 0x74 },
2143 .ilen = 16,
2144 .result = { 0xbe, 0x7a, 0xbb, 0x81, 0x95, 0x2d, 0x1f, 0x1e,
2145 0xdd, 0x89, 0xa1, 0x25, 0x04, 0x21, 0xdf, 0x95 },
2146 .rlen = 16,
2147 }, {
2148 .key = { 0x4d, 0x76, 0x32, 0x17, 0x05, 0x3f, 0x75, 0x2c,
2149 0x5d, 0x04, 0x16, 0x36, 0x15, 0x72, 0x63, 0x2f },
2150 .klen = 16,
2151 .input = { 0x54, 0x65, 0x61, 0x20, 0x69, 0x73, 0x20, 0x67,
2152 0x6f, 0x6f, 0x64, 0x20, 0x66, 0x6f, 0x72, 0x20,
2153 0x79, 0x6f, 0x75, 0x21, 0x21, 0x21, 0x20, 0x72,
2154 0x65, 0x61, 0x6c, 0x6c, 0x79, 0x21, 0x21, 0x21 },
2155 .ilen = 32,
2156 .result = { 0xe0, 0x4d, 0x5d, 0x3c, 0xb7, 0x8c, 0x36, 0x47,
2157 0x94, 0x18, 0x95, 0x91, 0xa9, 0xfc, 0x49, 0xf8,
2158 0x44, 0xd1, 0x2d, 0xc2, 0x99, 0xb8, 0x08, 0x2a,
2159 0x07, 0x89, 0x73, 0xc2, 0x45, 0x92, 0xc6, 0x90 },
2160 .rlen = 32,
2161 }
2162};
2163
2164static struct cipher_testvec tea_dec_tv_template[] =
2165{
2166 {
2167 .key = { [0 ... 15] = 0x00 },
2168 .klen = 16,
2169 .input = { 0x0a, 0x3a, 0xea, 0x41, 0x40, 0xa9, 0xba, 0x94 },
2170 .ilen = 8,
2171 .result = { [0 ... 8] = 0x00 },
2172 .rlen = 8,
2173 }, {
2174 .key = { 0x2b, 0x02, 0x05, 0x68, 0x06, 0x14, 0x49, 0x76,
2175 0x77, 0x5d, 0x0e, 0x26, 0x6c, 0x28, 0x78, 0x43 },
2176 .klen = 16,
2177 .input = { 0x77, 0x5d, 0x2a, 0x6a, 0xf6, 0xce, 0x92, 0x09 },
2178 .ilen = 8,
2179 .result = { 0x74, 0x65, 0x73, 0x74, 0x20, 0x6d, 0x65, 0x2e },
2180 .rlen = 8,
2181 }, {
2182 .key = { 0x09, 0x65, 0x43, 0x11, 0x66, 0x44, 0x39, 0x25,
2183 0x51, 0x3a, 0x16, 0x10, 0x0a, 0x08, 0x12, 0x6e },
2184 .klen = 16,
2185 .input = { 0xbe, 0x7a, 0xbb, 0x81, 0x95, 0x2d, 0x1f, 0x1e,
2186 0xdd, 0x89, 0xa1, 0x25, 0x04, 0x21, 0xdf, 0x95 },
2187 .ilen = 16,
2188 .result = { 0x6c, 0x6f, 0x6e, 0x67, 0x65, 0x72, 0x5f, 0x74,
2189 0x65, 0x73, 0x74, 0x5f, 0x76, 0x65, 0x63, 0x74 },
2190 .rlen = 16,
2191 }, {
2192 .key = { 0x4d, 0x76, 0x32, 0x17, 0x05, 0x3f, 0x75, 0x2c,
2193 0x5d, 0x04, 0x16, 0x36, 0x15, 0x72, 0x63, 0x2f },
2194 .klen = 16,
2195 .input = { 0xe0, 0x4d, 0x5d, 0x3c, 0xb7, 0x8c, 0x36, 0x47,
2196 0x94, 0x18, 0x95, 0x91, 0xa9, 0xfc, 0x49, 0xf8,
2197 0x44, 0xd1, 0x2d, 0xc2, 0x99, 0xb8, 0x08, 0x2a,
2198 0x07, 0x89, 0x73, 0xc2, 0x45, 0x92, 0xc6, 0x90 },
2199 .ilen = 32,
2200 .result = { 0x54, 0x65, 0x61, 0x20, 0x69, 0x73, 0x20, 0x67,
2201 0x6f, 0x6f, 0x64, 0x20, 0x66, 0x6f, 0x72, 0x20,
2202 0x79, 0x6f, 0x75, 0x21, 0x21, 0x21, 0x20, 0x72,
2203 0x65, 0x61, 0x6c, 0x6c, 0x79, 0x21, 0x21, 0x21 },
2204 .rlen = 32,
2205 }
2206};
2207
2208/*
2209 * XTEA test vectors
2210 */
2211#define XTEA_ENC_TEST_VECTORS 4
2212#define XTEA_DEC_TEST_VECTORS 4
2213
2214static struct cipher_testvec xtea_enc_tv_template[] =
2215{
2216 {
2217 .key = { [0 ... 15] = 0x00 },
2218 .klen = 16,
2219 .input = { [0 ... 8] = 0x00 },
2220 .ilen = 8,
2221 .result = { 0xaa, 0x22, 0x96, 0xe5, 0x6c, 0x61, 0xf3, 0x45 },
2222 .rlen = 8,
2223 }, {
2224 .key = { 0x2b, 0x02, 0x05, 0x68, 0x06, 0x14, 0x49, 0x76,
2225 0x77, 0x5d, 0x0e, 0x26, 0x6c, 0x28, 0x78, 0x43 },
2226 .klen = 16,
2227 .input = { 0x74, 0x65, 0x73, 0x74, 0x20, 0x6d, 0x65, 0x2e },
2228 .ilen = 8,
2229 .result = { 0x82, 0x3e, 0xeb, 0x35, 0xdc, 0xdd, 0xd9, 0xc3 },
2230 .rlen = 8,
2231 }, {
2232 .key = { 0x09, 0x65, 0x43, 0x11, 0x66, 0x44, 0x39, 0x25,
2233 0x51, 0x3a, 0x16, 0x10, 0x0a, 0x08, 0x12, 0x6e },
2234 .klen = 16,
2235 .input = { 0x6c, 0x6f, 0x6e, 0x67, 0x65, 0x72, 0x5f, 0x74,
2236 0x65, 0x73, 0x74, 0x5f, 0x76, 0x65, 0x63, 0x74 },
2237 .ilen = 16,
2238 .result = { 0xe2, 0x04, 0xdb, 0xf2, 0x89, 0x85, 0x9e, 0xea,
2239 0x61, 0x35, 0xaa, 0xed, 0xb5, 0xcb, 0x71, 0x2c },
2240 .rlen = 16,
2241 }, {
2242 .key = { 0x4d, 0x76, 0x32, 0x17, 0x05, 0x3f, 0x75, 0x2c,
2243 0x5d, 0x04, 0x16, 0x36, 0x15, 0x72, 0x63, 0x2f },
2244 .klen = 16,
2245 .input = { 0x54, 0x65, 0x61, 0x20, 0x69, 0x73, 0x20, 0x67,
2246 0x6f, 0x6f, 0x64, 0x20, 0x66, 0x6f, 0x72, 0x20,
2247 0x79, 0x6f, 0x75, 0x21, 0x21, 0x21, 0x20, 0x72,
2248 0x65, 0x61, 0x6c, 0x6c, 0x79, 0x21, 0x21, 0x21 },
2249 .ilen = 32,
2250 .result = { 0x0b, 0x03, 0xcd, 0x8a, 0xbe, 0x95, 0xfd, 0xb1,
2251 0xc1, 0x44, 0x91, 0x0b, 0xa5, 0xc9, 0x1b, 0xb4,
2252 0xa9, 0xda, 0x1e, 0x9e, 0xb1, 0x3e, 0x2a, 0x8f,
2253 0xea, 0xa5, 0x6a, 0x85, 0xd1, 0xf4, 0xa8, 0xa5 },
2254 .rlen = 32,
2255 }
2256};
2257
2258static struct cipher_testvec xtea_dec_tv_template[] =
2259{
2260 {
2261 .key = { [0 ... 15] = 0x00 },
2262 .klen = 16,
2263 .input = { 0xaa, 0x22, 0x96, 0xe5, 0x6c, 0x61, 0xf3, 0x45 },
2264 .ilen = 8,
2265 .result = { [0 ... 8] = 0x00 },
2266 .rlen = 8,
2267 }, {
2268 .key = { 0x2b, 0x02, 0x05, 0x68, 0x06, 0x14, 0x49, 0x76,
2269 0x77, 0x5d, 0x0e, 0x26, 0x6c, 0x28, 0x78, 0x43 },
2270 .klen = 16,
2271 .input = { 0x82, 0x3e, 0xeb, 0x35, 0xdc, 0xdd, 0xd9, 0xc3 },
2272 .ilen = 8,
2273 .result = { 0x74, 0x65, 0x73, 0x74, 0x20, 0x6d, 0x65, 0x2e },
2274 .rlen = 8,
2275 }, {
2276 .key = { 0x09, 0x65, 0x43, 0x11, 0x66, 0x44, 0x39, 0x25,
2277 0x51, 0x3a, 0x16, 0x10, 0x0a, 0x08, 0x12, 0x6e },
2278 .klen = 16,
2279 .input = { 0xe2, 0x04, 0xdb, 0xf2, 0x89, 0x85, 0x9e, 0xea,
2280 0x61, 0x35, 0xaa, 0xed, 0xb5, 0xcb, 0x71, 0x2c },
2281 .ilen = 16,
2282 .result = { 0x6c, 0x6f, 0x6e, 0x67, 0x65, 0x72, 0x5f, 0x74,
2283 0x65, 0x73, 0x74, 0x5f, 0x76, 0x65, 0x63, 0x74 },
2284 .rlen = 16,
2285 }, {
2286 .key = { 0x4d, 0x76, 0x32, 0x17, 0x05, 0x3f, 0x75, 0x2c,
2287 0x5d, 0x04, 0x16, 0x36, 0x15, 0x72, 0x63, 0x2f },
2288 .klen = 16,
2289 .input = { 0x0b, 0x03, 0xcd, 0x8a, 0xbe, 0x95, 0xfd, 0xb1,
2290 0xc1, 0x44, 0x91, 0x0b, 0xa5, 0xc9, 0x1b, 0xb4,
2291 0xa9, 0xda, 0x1e, 0x9e, 0xb1, 0x3e, 0x2a, 0x8f,
2292 0xea, 0xa5, 0x6a, 0x85, 0xd1, 0xf4, 0xa8, 0xa5 },
2293 .ilen = 32,
2294 .result = { 0x54, 0x65, 0x61, 0x20, 0x69, 0x73, 0x20, 0x67,
2295 0x6f, 0x6f, 0x64, 0x20, 0x66, 0x6f, 0x72, 0x20,
2296 0x79, 0x6f, 0x75, 0x21, 0x21, 0x21, 0x20, 0x72,
2297 0x65, 0x61, 0x6c, 0x6c, 0x79, 0x21, 0x21, 0x21 },
2298 .rlen = 32,
2299 }
2300};
2301
2302/*
2303 * KHAZAD test vectors.
2304 */
2305#define KHAZAD_ENC_TEST_VECTORS 5
2306#define KHAZAD_DEC_TEST_VECTORS 5
2307
2308static struct cipher_testvec khazad_enc_tv_template[] = {
2309 {
2310 .key = { 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2311 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
2312 .klen = 16,
2313 .input = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
2314 .ilen = 8,
2315 .result = { 0x49, 0xa4, 0xce, 0x32, 0xac, 0x19, 0x0e, 0x3f },
2316 .rlen = 8,
2317 }, {
2318 .key = { 0x38, 0x38, 0x38, 0x38, 0x38, 0x38, 0x38, 0x38,
2319 0x38, 0x38, 0x38, 0x38, 0x38, 0x38, 0x38, 0x38 },
2320 .klen = 16,
2321 .input = { 0x38, 0x38, 0x38, 0x38, 0x38, 0x38, 0x38, 0x38 },
2322 .ilen = 8,
2323 .result = { 0x7e, 0x82, 0x12, 0xa1, 0Xd9, 0X5b, 0Xe4, 0Xf9 },
2324 .rlen = 8,
2325 }, {
2326 .key = { 0Xa2, 0Xa2, 0Xa2, 0Xa2, 0Xa2, 0Xa2, 0Xa2, 0Xa2,
2327 0Xa2, 0Xa2, 0Xa2, 0Xa2, 0Xa2, 0Xa2, 0Xa2, 0Xa2 },
2328 .klen = 16,
2329 .input = { 0Xa2, 0Xa2, 0Xa2, 0Xa2, 0Xa2, 0Xa2, 0Xa2, 0Xa2 },
2330 .ilen = 8,
2331 .result = { 0Xaa, 0Xbe, 0Xc1, 0X95, 0Xc5, 0X94, 0X1a, 0X9c },
2332 .rlen = 8,
2333 }, {
2334 .key = { 0X2f, 0X2f, 0X2f, 0X2f, 0X2f, 0X2f, 0X2f, 0X2f,
2335 0X2f, 0X2f, 0X2f, 0X2f, 0X2f, 0X2f, 0X2f, 0X2f },
2336 .klen = 16,
2337 .input = { 0X2f, 0X2f, 0X2f, 0X2f, 0X2f, 0X2f, 0X2f, 0X2f },
2338 .ilen = 8,
2339 .result = { 0X04, 0X74, 0Xf5, 0X70, 0X50, 0X16, 0Xd3, 0Xb8 },
2340 .rlen = 8,
2341 }, {
2342 .key = { 0X2f, 0X2f, 0X2f, 0X2f, 0X2f, 0X2f, 0X2f, 0X2f,
2343 0X2f, 0X2f, 0X2f, 0X2f, 0X2f, 0X2f, 0X2f, 0X2f },
2344 .klen = 16,
2345 .input = { 0X2f, 0X2f, 0X2f, 0X2f, 0X2f, 0X2f, 0X2f, 0X2f ,
2346 0X2f, 0X2f, 0X2f, 0X2f, 0X2f, 0X2f, 0X2f, 0X2f },
2347 .ilen = 16,
2348 .result = { 0X04, 0X74, 0Xf5, 0X70, 0X50, 0X16, 0Xd3, 0Xb8 ,
2349 0X04, 0X74, 0Xf5, 0X70, 0X50, 0X16, 0Xd3, 0Xb8 },
2350 .rlen = 16,
2351 },
2352};
2353
2354static struct cipher_testvec khazad_dec_tv_template[] = {
2355 {
2356 .key = { 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2357 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
2358 .klen = 16,
2359 .input = { 0X49, 0Xa4, 0Xce, 0X32, 0Xac, 0X19, 0X0e, 0X3f },
2360 .ilen = 8,
2361 .result = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
2362 .rlen = 8,
2363 }, {
2364 .key = { 0x38, 0x38, 0x38, 0x38, 0x38, 0x38, 0x38, 0x38,
2365 0x38, 0x38, 0x38, 0x38, 0x38, 0x38, 0x38, 0x38 },
2366 .klen = 16,
2367 .input = { 0X7e, 0X82, 0X12, 0Xa1, 0Xd9, 0X5b, 0Xe4, 0Xf9 },
2368 .ilen = 8,
2369 .result = { 0x38, 0x38, 0x38, 0x38, 0x38, 0x38, 0x38, 0x38 },
2370 .rlen = 8,
2371 }, {
2372 .key = { 0Xa2, 0Xa2, 0Xa2, 0Xa2, 0Xa2, 0Xa2, 0Xa2, 0Xa2,
2373 0Xa2, 0Xa2, 0Xa2, 0Xa2, 0Xa2, 0Xa2, 0Xa2, 0Xa2 },
2374 .klen = 16,
2375 .input = { 0Xaa, 0Xbe, 0Xc1, 0X95, 0Xc5, 0X94, 0X1a, 0X9c },
2376 .ilen = 8,
2377 .result = { 0Xa2, 0Xa2, 0Xa2, 0Xa2, 0Xa2, 0Xa2, 0Xa2, 0Xa2 },
2378 .rlen = 8,
2379 }, {
2380 .key = { 0x2f, 0X2f, 0X2f, 0X2f, 0X2f, 0X2f, 0X2f, 0X2f,
2381 0X2f, 0X2f, 0X2f, 0X2f, 0X2f, 0X2f, 0X2f, 0X2f },
2382 .klen = 16,
2383 .input = { 0X04, 0X74, 0Xf5, 0X70, 0X50, 0X16, 0Xd3, 0Xb8 },
2384 .ilen = 8,
2385 .result = { 0X2f, 0X2f, 0X2f, 0X2f, 0X2f, 0X2f, 0X2f, 0X2f },
2386 .rlen = 8,
2387 }, {
2388 .key = { 0X2f, 0X2f, 0X2f, 0X2f, 0X2f, 0X2f, 0X2f, 0X2f,
2389 0X2f, 0X2f, 0X2f, 0X2f, 0X2f, 0X2f, 0X2f, 0X2f },
2390 .klen = 16,
2391 .input = { 0X04, 0X74, 0Xf5, 0X70, 0X50, 0X16, 0Xd3, 0Xb8 ,
2392 0X04, 0X74, 0Xf5, 0X70, 0X50, 0X16, 0Xd3, 0Xb8 },
2393 .ilen = 16,
2394 .result = { 0X2f, 0X2f, 0X2f, 0X2f, 0X2f, 0X2f, 0X2f, 0X2f ,
2395 0X2f, 0X2f, 0X2f, 0X2f, 0X2f, 0X2f, 0X2f, 0X2f },
2396 .rlen = 16,
2397 },
2398};
2399
2400/*
2401 * Anubis test vectors.
2402 */
2403
2404#define ANUBIS_ENC_TEST_VECTORS 5
2405#define ANUBIS_DEC_TEST_VECTORS 5
2406#define ANUBIS_CBC_ENC_TEST_VECTORS 2
2407#define ANUBIS_CBC_DEC_TEST_VECTORS 2
2408
2409static struct cipher_testvec anubis_enc_tv_template[] = {
2410 {
2411 .key = { 0xfe, 0xfe, 0xfe, 0xfe, 0xfe, 0xfe, 0xfe, 0xfe,
2412 0xfe, 0xfe, 0xfe, 0xfe, 0xfe, 0xfe, 0xfe, 0xfe },
2413 .klen = 16,
2414 .input = { 0xfe, 0xfe, 0xfe, 0xfe, 0xfe, 0xfe, 0xfe, 0xfe,
2415 0xfe, 0xfe, 0xfe, 0xfe, 0xfe, 0xfe, 0xfe, 0xfe },
2416 .ilen = 16,
2417 .result = { 0x6d, 0xc5, 0xda, 0xa2, 0x26, 0x7d, 0x62, 0x6f,
2418 0x08, 0xb7, 0x52, 0x8e, 0x6e, 0x6e, 0x86, 0x90 },
2419 .rlen = 16,
2420 }, {
2421
2422 .key = { 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03,
2423 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03,
2424 0x03, 0x03, 0x03, 0x03 },
2425 .klen = 20,
2426 .input = { 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03,
2427 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03 },
2428 .ilen = 16,
2429 .result = { 0xdb, 0xf1, 0x42, 0xf4, 0xd1, 0x8a, 0xc7, 0x49,
2430 0x87, 0x41, 0x6f, 0x82, 0x0a, 0x98, 0x64, 0xae },
2431 .rlen = 16,
2432 }, {
2433 .key = { 0x24, 0x24, 0x24, 0x24, 0x24, 0x24, 0x24, 0x24,
2434 0x24, 0x24, 0x24, 0x24, 0x24, 0x24, 0x24, 0x24,
2435 0x24, 0x24, 0x24, 0x24, 0x24, 0x24, 0x24, 0x24,
2436 0x24, 0x24, 0x24, 0x24 },
2437 .klen = 28,
2438 .input = { 0x24, 0x24, 0x24, 0x24, 0x24, 0x24, 0x24, 0x24,
2439 0x24, 0x24, 0x24, 0x24, 0x24, 0x24, 0x24, 0x24 },
2440 .ilen = 16,
2441 .result = { 0xfd, 0x1b, 0x4a, 0xe3, 0xbf, 0xf0, 0xad, 0x3d,
2442 0x06, 0xd3, 0x61, 0x27, 0xfd, 0x13, 0x9e, 0xde },
2443 .rlen = 16,
2444 }, {
2445 .key = { 0x25, 0x25, 0x25, 0x25, 0x25, 0x25, 0x25, 0x25,
2446 0x25, 0x25, 0x25, 0x25, 0x25, 0x25, 0x25, 0x25,
2447 0x25, 0x25, 0x25, 0x25, 0x25, 0x25, 0x25, 0x25,
2448 0x25, 0x25, 0x25, 0x25, 0x25, 0x25, 0x25, 0x25 },
2449 .klen = 32,
2450 .input = { 0x25, 0x25, 0x25, 0x25, 0x25, 0x25, 0x25, 0x25,
2451 0x25, 0x25, 0x25, 0x25, 0x25, 0x25, 0x25, 0x25 },
2452 .ilen = 16,
2453 .result = { 0x1a, 0x91, 0xfb, 0x2b, 0xb7, 0x78, 0x6b, 0xc4,
2454 0x17, 0xd9, 0xff, 0x40, 0x3b, 0x0e, 0xe5, 0xfe },
2455 .rlen = 16,
2456 }, {
2457 .key = { 0x35, 0x35, 0x35, 0x35, 0x35, 0x35, 0x35, 0x35,
2458 0x35, 0x35, 0x35, 0x35, 0x35, 0x35, 0x35, 0x35,
2459 0x35, 0x35, 0x35, 0x35, 0x35, 0x35, 0x35, 0x35,
2460 0x35, 0x35, 0x35, 0x35, 0x35, 0x35, 0x35, 0x35,
2461 0x35, 0x35, 0x35, 0x35, 0x35, 0x35, 0x35, 0x35 },
2462 .klen = 40,
2463 .input = { 0x35, 0x35, 0x35, 0x35, 0x35, 0x35, 0x35, 0x35,
2464 0x35, 0x35, 0x35, 0x35, 0x35, 0x35, 0x35, 0x35 },
2465 .ilen = 16,
2466 .result = { 0xa5, 0x2c, 0x85, 0x6f, 0x9c, 0xba, 0xa0, 0x97,
2467 0x9e, 0xc6, 0x84, 0x0f, 0x17, 0x21, 0x07, 0xee },
2468 .rlen = 16,
2469 },
2470};
2471
2472static struct cipher_testvec anubis_dec_tv_template[] = {
2473 {
2474 .key = { 0xfe, 0xfe, 0xfe, 0xfe, 0xfe, 0xfe, 0xfe, 0xfe,
2475 0xfe, 0xfe, 0xfe, 0xfe, 0xfe, 0xfe, 0xfe, 0xfe },
2476 .klen = 16,
2477 .input = { 0x6d, 0xc5, 0xda, 0xa2, 0x26, 0x7d, 0x62, 0x6f,
2478 0x08, 0xb7, 0x52, 0x8e, 0x6e, 0x6e, 0x86, 0x90 },
2479 .ilen = 16,
2480 .result = { 0xfe, 0xfe, 0xfe, 0xfe, 0xfe, 0xfe, 0xfe, 0xfe,
2481 0xfe, 0xfe, 0xfe, 0xfe, 0xfe, 0xfe, 0xfe, 0xfe },
2482 .rlen = 16,
2483 }, {
2484
2485 .key = { 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03,
2486 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03,
2487 0x03, 0x03, 0x03, 0x03 },
2488 .klen = 20,
2489 .input = { 0xdb, 0xf1, 0x42, 0xf4, 0xd1, 0x8a, 0xc7, 0x49,
2490 0x87, 0x41, 0x6f, 0x82, 0x0a, 0x98, 0x64, 0xae },
2491 .ilen = 16,
2492 .result = { 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03,
2493 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03 },
2494 .rlen = 16,
2495 }, {
2496 .key = { 0x24, 0x24, 0x24, 0x24, 0x24, 0x24, 0x24, 0x24,
2497 0x24, 0x24, 0x24, 0x24, 0x24, 0x24, 0x24, 0x24,
2498 0x24, 0x24, 0x24, 0x24, 0x24, 0x24, 0x24, 0x24,
2499 0x24, 0x24, 0x24, 0x24 },
2500 .klen = 28,
2501 .input = { 0xfd, 0x1b, 0x4a, 0xe3, 0xbf, 0xf0, 0xad, 0x3d,
2502 0x06, 0xd3, 0x61, 0x27, 0xfd, 0x13, 0x9e, 0xde },
2503 .ilen = 16,
2504 .result = { 0x24, 0x24, 0x24, 0x24, 0x24, 0x24, 0x24, 0x24,
2505 0x24, 0x24, 0x24, 0x24, 0x24, 0x24, 0x24, 0x24 },
2506 .rlen = 16,
2507 }, {
2508 .key = { 0x25, 0x25, 0x25, 0x25, 0x25, 0x25, 0x25, 0x25,
2509 0x25, 0x25, 0x25, 0x25, 0x25, 0x25, 0x25, 0x25,
2510 0x25, 0x25, 0x25, 0x25, 0x25, 0x25, 0x25, 0x25,
2511 0x25, 0x25, 0x25, 0x25, 0x25, 0x25, 0x25, 0x25 },
2512 .klen = 32,
2513 .input = { 0x1a, 0x91, 0xfb, 0x2b, 0xb7, 0x78, 0x6b, 0xc4,
2514 0x17, 0xd9, 0xff, 0x40, 0x3b, 0x0e, 0xe5, 0xfe },
2515 .ilen = 16,
2516 .result = { 0x25, 0x25, 0x25, 0x25, 0x25, 0x25, 0x25, 0x25,
2517 0x25, 0x25, 0x25, 0x25, 0x25, 0x25, 0x25, 0x25 },
2518 .rlen = 16,
2519 }, {
2520 .key = { 0x35, 0x35, 0x35, 0x35, 0x35, 0x35, 0x35, 0x35,
2521 0x35, 0x35, 0x35, 0x35, 0x35, 0x35, 0x35, 0x35,
2522 0x35, 0x35, 0x35, 0x35, 0x35, 0x35, 0x35, 0x35,
2523 0x35, 0x35, 0x35, 0x35, 0x35, 0x35, 0x35, 0x35,
2524 0x35, 0x35, 0x35, 0x35, 0x35, 0x35, 0x35, 0x35 },
2525 .input = { 0xa5, 0x2c, 0x85, 0x6f, 0x9c, 0xba, 0xa0, 0x97,
2526 0x9e, 0xc6, 0x84, 0x0f, 0x17, 0x21, 0x07, 0xee },
2527 .klen = 40,
2528 .ilen = 16,
2529 .result = { 0x35, 0x35, 0x35, 0x35, 0x35, 0x35, 0x35, 0x35,
2530 0x35, 0x35, 0x35, 0x35, 0x35, 0x35, 0x35, 0x35 },
2531 .rlen = 16,
2532 },
2533};
2534
2535static struct cipher_testvec anubis_cbc_enc_tv_template[] = {
2536 {
2537 .key = { 0xfe, 0xfe, 0xfe, 0xfe, 0xfe, 0xfe, 0xfe, 0xfe,
2538 0xfe, 0xfe, 0xfe, 0xfe, 0xfe, 0xfe, 0xfe, 0xfe },
2539 .klen = 16,
2540 .input = { 0xfe, 0xfe, 0xfe, 0xfe, 0xfe, 0xfe, 0xfe, 0xfe,
2541 0xfe, 0xfe, 0xfe, 0xfe, 0xfe, 0xfe, 0xfe, 0xfe,
2542 0xfe, 0xfe, 0xfe, 0xfe, 0xfe, 0xfe, 0xfe, 0xfe,
2543 0xfe, 0xfe, 0xfe, 0xfe, 0xfe, 0xfe, 0xfe, 0xfe },
2544 .ilen = 32,
2545 .result = { 0x6d, 0xc5, 0xda, 0xa2, 0x26, 0x7d, 0x62, 0x6f,
2546 0x08, 0xb7, 0x52, 0x8e, 0x6e, 0x6e, 0x86, 0x90,
2547 0x86, 0xd8, 0xb5, 0x6f, 0x98, 0x5e, 0x8a, 0x66,
2548 0x4f, 0x1f, 0x78, 0xa1, 0xbb, 0x37, 0xf1, 0xbe },
2549 .rlen = 32,
2550 }, {
2551 .key = { 0x35, 0x35, 0x35, 0x35, 0x35, 0x35, 0x35, 0x35,
2552 0x35, 0x35, 0x35, 0x35, 0x35, 0x35, 0x35, 0x35,
2553 0x35, 0x35, 0x35, 0x35, 0x35, 0x35, 0x35, 0x35,
2554 0x35, 0x35, 0x35, 0x35, 0x35, 0x35, 0x35, 0x35,
2555 0x35, 0x35, 0x35, 0x35, 0x35, 0x35, 0x35, 0x35 },
2556 .klen = 40,
2557 .input = { 0x35, 0x35, 0x35, 0x35, 0x35, 0x35, 0x35, 0x35,
2558 0x35, 0x35, 0x35, 0x35, 0x35, 0x35, 0x35, 0x35,
2559 0x35, 0x35, 0x35, 0x35, 0x35, 0x35, 0x35, 0x35,
2560 0x35, 0x35, 0x35, 0x35, 0x35, 0x35, 0x35, 0x35 },
2561 .ilen = 32,
2562 .result = { 0xa5, 0x2c, 0x85, 0x6f, 0x9c, 0xba, 0xa0, 0x97,
2563 0x9e, 0xc6, 0x84, 0x0f, 0x17, 0x21, 0x07, 0xee,
2564 0xa2, 0xbc, 0x06, 0x98, 0xc6, 0x4b, 0xda, 0x75,
2565 0x2e, 0xaa, 0xbe, 0x58, 0xce, 0x01, 0x5b, 0xc7 },
2566 .rlen = 32,
2567 },
2568};
2569
2570static struct cipher_testvec anubis_cbc_dec_tv_template[] = {
2571 {
2572 .key = { 0xfe, 0xfe, 0xfe, 0xfe, 0xfe, 0xfe, 0xfe, 0xfe,
2573 0xfe, 0xfe, 0xfe, 0xfe, 0xfe, 0xfe, 0xfe, 0xfe },
2574 .klen = 16,
2575 .input = { 0x6d, 0xc5, 0xda, 0xa2, 0x26, 0x7d, 0x62, 0x6f,
2576 0x08, 0xb7, 0x52, 0x8e, 0x6e, 0x6e, 0x86, 0x90,
2577 0x86, 0xd8, 0xb5, 0x6f, 0x98, 0x5e, 0x8a, 0x66,
2578 0x4f, 0x1f, 0x78, 0xa1, 0xbb, 0x37, 0xf1, 0xbe },
2579 .ilen = 32,
2580 .result = { 0xfe, 0xfe, 0xfe, 0xfe, 0xfe, 0xfe, 0xfe, 0xfe,
2581 0xfe, 0xfe, 0xfe, 0xfe, 0xfe, 0xfe, 0xfe, 0xfe,
2582 0xfe, 0xfe, 0xfe, 0xfe, 0xfe, 0xfe, 0xfe, 0xfe,
2583 0xfe, 0xfe, 0xfe, 0xfe, 0xfe, 0xfe, 0xfe, 0xfe },
2584 .rlen = 32,
2585 }, {
2586 .key = { 0x35, 0x35, 0x35, 0x35, 0x35, 0x35, 0x35, 0x35,
2587 0x35, 0x35, 0x35, 0x35, 0x35, 0x35, 0x35, 0x35,
2588 0x35, 0x35, 0x35, 0x35, 0x35, 0x35, 0x35, 0x35,
2589 0x35, 0x35, 0x35, 0x35, 0x35, 0x35, 0x35, 0x35,
2590 0x35, 0x35, 0x35, 0x35, 0x35, 0x35, 0x35, 0x35 },
2591 .klen = 40,
2592 .input = { 0xa5, 0x2c, 0x85, 0x6f, 0x9c, 0xba, 0xa0, 0x97,
2593 0x9e, 0xc6, 0x84, 0x0f, 0x17, 0x21, 0x07, 0xee,
2594 0xa2, 0xbc, 0x06, 0x98, 0xc6, 0x4b, 0xda, 0x75,
2595 0x2e, 0xaa, 0xbe, 0x58, 0xce, 0x01, 0x5b, 0xc7 },
2596 .ilen = 32,
2597 .result = { 0x35, 0x35, 0x35, 0x35, 0x35, 0x35, 0x35, 0x35,
2598 0x35, 0x35, 0x35, 0x35, 0x35, 0x35, 0x35, 0x35,
2599 0x35, 0x35, 0x35, 0x35, 0x35, 0x35, 0x35, 0x35,
2600 0x35, 0x35, 0x35, 0x35, 0x35, 0x35, 0x35, 0x35 },
2601 .rlen = 32,
2602 },
2603};
2604
2605/*
2606 * Compression stuff.
2607 */
2608#define COMP_BUF_SIZE 512
2609
2610struct comp_testvec {
2611 int inlen, outlen;
2612 char input[COMP_BUF_SIZE];
2613 char output[COMP_BUF_SIZE];
2614};
2615
2616/*
2617 * Deflate test vectors (null-terminated strings).
2618 * Params: winbits=11, Z_DEFAULT_COMPRESSION, MAX_MEM_LEVEL.
2619 */
2620#define DEFLATE_COMP_TEST_VECTORS 2
2621#define DEFLATE_DECOMP_TEST_VECTORS 2
2622
2623static struct comp_testvec deflate_comp_tv_template[] = {
2624 {
2625 .inlen = 70,
2626 .outlen = 38,
2627 .input = "Join us now and share the software "
2628 "Join us now and share the software ",
2629 .output = { 0xf3, 0xca, 0xcf, 0xcc, 0x53, 0x28, 0x2d, 0x56,
2630 0xc8, 0xcb, 0x2f, 0x57, 0x48, 0xcc, 0x4b, 0x51,
2631 0x28, 0xce, 0x48, 0x2c, 0x4a, 0x55, 0x28, 0xc9,
2632 0x48, 0x55, 0x28, 0xce, 0x4f, 0x2b, 0x29, 0x07,
2633 0x71, 0xbc, 0x08, 0x2b, 0x01, 0x00 },
2634 }, {
2635 .inlen = 191,
2636 .outlen = 122,
2637 .input = "This document describes a compression method based on the DEFLATE"
2638 "compression algorithm. This document defines the application of "
2639 "the DEFLATE algorithm to the IP Payload Compression Protocol.",
2640 .output = { 0x5d, 0x8d, 0x31, 0x0e, 0xc2, 0x30, 0x10, 0x04,
2641 0xbf, 0xb2, 0x2f, 0xc8, 0x1f, 0x10, 0x04, 0x09,
2642 0x89, 0xc2, 0x85, 0x3f, 0x70, 0xb1, 0x2f, 0xf8,
2643 0x24, 0xdb, 0x67, 0xd9, 0x47, 0xc1, 0xef, 0x49,
2644 0x68, 0x12, 0x51, 0xae, 0x76, 0x67, 0xd6, 0x27,
2645 0x19, 0x88, 0x1a, 0xde, 0x85, 0xab, 0x21, 0xf2,
2646 0x08, 0x5d, 0x16, 0x1e, 0x20, 0x04, 0x2d, 0xad,
2647 0xf3, 0x18, 0xa2, 0x15, 0x85, 0x2d, 0x69, 0xc4,
2648 0x42, 0x83, 0x23, 0xb6, 0x6c, 0x89, 0x71, 0x9b,
2649 0xef, 0xcf, 0x8b, 0x9f, 0xcf, 0x33, 0xca, 0x2f,
2650 0xed, 0x62, 0xa9, 0x4c, 0x80, 0xff, 0x13, 0xaf,
2651 0x52, 0x37, 0xed, 0x0e, 0x52, 0x6b, 0x59, 0x02,
2652 0xd9, 0x4e, 0xe8, 0x7a, 0x76, 0x1d, 0x02, 0x98,
2653 0xfe, 0x8a, 0x87, 0x83, 0xa3, 0x4f, 0x56, 0x8a,
2654 0xb8, 0x9e, 0x8e, 0x5c, 0x57, 0xd3, 0xa0, 0x79,
2655 0xfa, 0x02 },
2656 },
2657};
2658
2659static struct comp_testvec deflate_decomp_tv_template[] = {
2660 {
2661 .inlen = 122,
2662 .outlen = 191,
2663 .input = { 0x5d, 0x8d, 0x31, 0x0e, 0xc2, 0x30, 0x10, 0x04,
2664 0xbf, 0xb2, 0x2f, 0xc8, 0x1f, 0x10, 0x04, 0x09,
2665 0x89, 0xc2, 0x85, 0x3f, 0x70, 0xb1, 0x2f, 0xf8,
2666 0x24, 0xdb, 0x67, 0xd9, 0x47, 0xc1, 0xef, 0x49,
2667 0x68, 0x12, 0x51, 0xae, 0x76, 0x67, 0xd6, 0x27,
2668 0x19, 0x88, 0x1a, 0xde, 0x85, 0xab, 0x21, 0xf2,
2669 0x08, 0x5d, 0x16, 0x1e, 0x20, 0x04, 0x2d, 0xad,
2670 0xf3, 0x18, 0xa2, 0x15, 0x85, 0x2d, 0x69, 0xc4,
2671 0x42, 0x83, 0x23, 0xb6, 0x6c, 0x89, 0x71, 0x9b,
2672 0xef, 0xcf, 0x8b, 0x9f, 0xcf, 0x33, 0xca, 0x2f,
2673 0xed, 0x62, 0xa9, 0x4c, 0x80, 0xff, 0x13, 0xaf,
2674 0x52, 0x37, 0xed, 0x0e, 0x52, 0x6b, 0x59, 0x02,
2675 0xd9, 0x4e, 0xe8, 0x7a, 0x76, 0x1d, 0x02, 0x98,
2676 0xfe, 0x8a, 0x87, 0x83, 0xa3, 0x4f, 0x56, 0x8a,
2677 0xb8, 0x9e, 0x8e, 0x5c, 0x57, 0xd3, 0xa0, 0x79,
2678 0xfa, 0x02 },
2679 .output = "This document describes a compression method based on the DEFLATE"
2680 "compression algorithm. This document defines the application of "
2681 "the DEFLATE algorithm to the IP Payload Compression Protocol.",
2682 }, {
2683 .inlen = 38,
2684 .outlen = 70,
2685 .input = { 0xf3, 0xca, 0xcf, 0xcc, 0x53, 0x28, 0x2d, 0x56,
2686 0xc8, 0xcb, 0x2f, 0x57, 0x48, 0xcc, 0x4b, 0x51,
2687 0x28, 0xce, 0x48, 0x2c, 0x4a, 0x55, 0x28, 0xc9,
2688 0x48, 0x55, 0x28, 0xce, 0x4f, 0x2b, 0x29, 0x07,
2689 0x71, 0xbc, 0x08, 0x2b, 0x01, 0x00 },
2690 .output = "Join us now and share the software "
2691 "Join us now and share the software ",
2692 },
2693};
2694
2695/*
2696 * Michael MIC test vectors from IEEE 802.11i
2697 */
2698#define MICHAEL_MIC_TEST_VECTORS 6
2699
2700static struct hash_testvec michael_mic_tv_template[] =
2701{
2702 {
2703 .key = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
2704 .ksize = 8,
2705 .plaintext = { },
2706 .psize = 0,
2707 .digest = { 0x82, 0x92, 0x5c, 0x1c, 0xa1, 0xd1, 0x30, 0xb8 }
2708 },
2709 {
2710 .key = { 0x82, 0x92, 0x5c, 0x1c, 0xa1, 0xd1, 0x30, 0xb8 },
2711 .ksize = 8,
2712 .plaintext = { 'M' },
2713 .psize = 1,
2714 .digest = { 0x43, 0x47, 0x21, 0xca, 0x40, 0x63, 0x9b, 0x3f }
2715 },
2716 {
2717 .key = { 0x43, 0x47, 0x21, 0xca, 0x40, 0x63, 0x9b, 0x3f },
2718 .ksize = 8,
2719 .plaintext = { 'M', 'i' },
2720 .psize = 2,
2721 .digest = { 0xe8, 0xf9, 0xbe, 0xca, 0xe9, 0x7e, 0x5d, 0x29 }
2722 },
2723 {
2724 .key = { 0xe8, 0xf9, 0xbe, 0xca, 0xe9, 0x7e, 0x5d, 0x29 },
2725 .ksize = 8,
2726 .plaintext = { 'M', 'i', 'c' },
2727 .psize = 3,
2728 .digest = { 0x90, 0x03, 0x8f, 0xc6, 0xcf, 0x13, 0xc1, 0xdb }
2729 },
2730 {
2731 .key = { 0x90, 0x03, 0x8f, 0xc6, 0xcf, 0x13, 0xc1, 0xdb },
2732 .ksize = 8,
2733 .plaintext = { 'M', 'i', 'c', 'h' },
2734 .psize = 4,
2735 .digest = { 0xd5, 0x5e, 0x10, 0x05, 0x10, 0x12, 0x89, 0x86 }
2736 },
2737 {
2738 .key = { 0xd5, 0x5e, 0x10, 0x05, 0x10, 0x12, 0x89, 0x86 },
2739 .ksize = 8,
2740 .plaintext = { 'M', 'i', 'c', 'h', 'a', 'e', 'l' },
2741 .psize = 7,
2742 .digest = { 0x0a, 0x94, 0x2b, 0x12, 0x4e, 0xca, 0xa5, 0x46 },
2743 }
2744};
2745
2746#endif /* _CRYPTO_TCRYPT_H */
diff --git a/crypto/tea.c b/crypto/tea.c
new file mode 100644
index 000000000000..03c23cbd3afa
--- /dev/null
+++ b/crypto/tea.c
@@ -0,0 +1,248 @@
1/*
2 * Cryptographic API.
3 *
4 * TEA and Xtended TEA Algorithms
5 *
6 * The TEA and Xtended TEA algorithms were developed by David Wheeler
7 * and Roger Needham at the Computer Laboratory of Cambridge University.
8 *
9 * Copyright (c) 2004 Aaron Grothe ajgrothe@yahoo.com
10 *
11 * This program is free software; you can redistribute it and/or modify
12 * it under the terms of the GNU General Public License as published by
13 * the Free Software Foundation; either version 2 of the License, or
14 * (at your option) any later version.
15 *
16 */
17
18#include <linux/init.h>
19#include <linux/module.h>
20#include <linux/mm.h>
21#include <asm/scatterlist.h>
22#include <linux/crypto.h>
23
24#define TEA_KEY_SIZE 16
25#define TEA_BLOCK_SIZE 8
26#define TEA_ROUNDS 32
27#define TEA_DELTA 0x9e3779b9
28
29#define XTEA_KEY_SIZE 16
30#define XTEA_BLOCK_SIZE 8
31#define XTEA_ROUNDS 32
32#define XTEA_DELTA 0x9e3779b9
33
34#define u32_in(x) le32_to_cpu(*(const __le32 *)(x))
35#define u32_out(to, from) (*(__le32 *)(to) = cpu_to_le32(from))
36
37struct tea_ctx {
38 u32 KEY[4];
39};
40
41struct xtea_ctx {
42 u32 KEY[4];
43};
44
45static int tea_setkey(void *ctx_arg, const u8 *in_key,
46 unsigned int key_len, u32 *flags)
47{
48
49 struct tea_ctx *ctx = ctx_arg;
50
51 if (key_len != 16)
52 {
53 *flags |= CRYPTO_TFM_RES_BAD_KEY_LEN;
54 return -EINVAL;
55 }
56
57 ctx->KEY[0] = u32_in (in_key);
58 ctx->KEY[1] = u32_in (in_key + 4);
59 ctx->KEY[2] = u32_in (in_key + 8);
60 ctx->KEY[3] = u32_in (in_key + 12);
61
62 return 0;
63
64}
65
66static void tea_encrypt(void *ctx_arg, u8 *dst, const u8 *src)
67{
68 u32 y, z, n, sum = 0;
69 u32 k0, k1, k2, k3;
70
71 struct tea_ctx *ctx = ctx_arg;
72
73 y = u32_in (src);
74 z = u32_in (src + 4);
75
76 k0 = ctx->KEY[0];
77 k1 = ctx->KEY[1];
78 k2 = ctx->KEY[2];
79 k3 = ctx->KEY[3];
80
81 n = TEA_ROUNDS;
82
83 while (n-- > 0) {
84 sum += TEA_DELTA;
85 y += ((z << 4) + k0) ^ (z + sum) ^ ((z >> 5) + k1);
86 z += ((y << 4) + k2) ^ (y + sum) ^ ((y >> 5) + k3);
87 }
88
89 u32_out (dst, y);
90 u32_out (dst + 4, z);
91}
92
93static void tea_decrypt(void *ctx_arg, u8 *dst, const u8 *src)
94{
95 u32 y, z, n, sum;
96 u32 k0, k1, k2, k3;
97
98 struct tea_ctx *ctx = ctx_arg;
99
100 y = u32_in (src);
101 z = u32_in (src + 4);
102
103 k0 = ctx->KEY[0];
104 k1 = ctx->KEY[1];
105 k2 = ctx->KEY[2];
106 k3 = ctx->KEY[3];
107
108 sum = TEA_DELTA << 5;
109
110 n = TEA_ROUNDS;
111
112 while (n-- > 0) {
113 z -= ((y << 4) + k2) ^ (y + sum) ^ ((y >> 5) + k3);
114 y -= ((z << 4) + k0) ^ (z + sum) ^ ((z >> 5) + k1);
115 sum -= TEA_DELTA;
116 }
117
118 u32_out (dst, y);
119 u32_out (dst + 4, z);
120
121}
122
123static int xtea_setkey(void *ctx_arg, const u8 *in_key,
124 unsigned int key_len, u32 *flags)
125{
126
127 struct xtea_ctx *ctx = ctx_arg;
128
129 if (key_len != 16)
130 {
131 *flags |= CRYPTO_TFM_RES_BAD_KEY_LEN;
132 return -EINVAL;
133 }
134
135 ctx->KEY[0] = u32_in (in_key);
136 ctx->KEY[1] = u32_in (in_key + 4);
137 ctx->KEY[2] = u32_in (in_key + 8);
138 ctx->KEY[3] = u32_in (in_key + 12);
139
140 return 0;
141
142}
143
144static void xtea_encrypt(void *ctx_arg, u8 *dst, const u8 *src)
145{
146
147 u32 y, z, sum = 0;
148 u32 limit = XTEA_DELTA * XTEA_ROUNDS;
149
150 struct xtea_ctx *ctx = ctx_arg;
151
152 y = u32_in (src);
153 z = u32_in (src + 4);
154
155 while (sum != limit) {
156 y += (z << 4 ^ z >> 5) + (z ^ sum) + ctx->KEY[sum&3];
157 sum += XTEA_DELTA;
158 z += (y << 4 ^ y >> 5) + (y ^ sum) + ctx->KEY[sum>>11 &3];
159 }
160
161 u32_out (dst, y);
162 u32_out (dst + 4, z);
163
164}
165
166static void xtea_decrypt(void *ctx_arg, u8 *dst, const u8 *src)
167{
168
169 u32 y, z, sum;
170 struct tea_ctx *ctx = ctx_arg;
171
172 y = u32_in (src);
173 z = u32_in (src + 4);
174
175 sum = XTEA_DELTA * XTEA_ROUNDS;
176
177 while (sum) {
178 z -= (y << 4 ^ y >> 5) + (y ^ sum) + ctx->KEY[sum>>11 & 3];
179 sum -= XTEA_DELTA;
180 y -= (z << 4 ^ z >> 5) + (z ^ sum) + ctx->KEY[sum & 3];
181 }
182
183 u32_out (dst, y);
184 u32_out (dst + 4, z);
185
186}
187
188static struct crypto_alg tea_alg = {
189 .cra_name = "tea",
190 .cra_flags = CRYPTO_ALG_TYPE_CIPHER,
191 .cra_blocksize = TEA_BLOCK_SIZE,
192 .cra_ctxsize = sizeof (struct tea_ctx),
193 .cra_module = THIS_MODULE,
194 .cra_list = LIST_HEAD_INIT(tea_alg.cra_list),
195 .cra_u = { .cipher = {
196 .cia_min_keysize = TEA_KEY_SIZE,
197 .cia_max_keysize = TEA_KEY_SIZE,
198 .cia_setkey = tea_setkey,
199 .cia_encrypt = tea_encrypt,
200 .cia_decrypt = tea_decrypt } }
201};
202
203static struct crypto_alg xtea_alg = {
204 .cra_name = "xtea",
205 .cra_flags = CRYPTO_ALG_TYPE_CIPHER,
206 .cra_blocksize = XTEA_BLOCK_SIZE,
207 .cra_ctxsize = sizeof (struct xtea_ctx),
208 .cra_module = THIS_MODULE,
209 .cra_list = LIST_HEAD_INIT(xtea_alg.cra_list),
210 .cra_u = { .cipher = {
211 .cia_min_keysize = XTEA_KEY_SIZE,
212 .cia_max_keysize = XTEA_KEY_SIZE,
213 .cia_setkey = xtea_setkey,
214 .cia_encrypt = xtea_encrypt,
215 .cia_decrypt = xtea_decrypt } }
216};
217
218static int __init init(void)
219{
220 int ret = 0;
221
222 ret = crypto_register_alg(&tea_alg);
223 if (ret < 0)
224 goto out;
225
226 ret = crypto_register_alg(&xtea_alg);
227 if (ret < 0) {
228 crypto_unregister_alg(&tea_alg);
229 goto out;
230 }
231
232out:
233 return ret;
234}
235
236static void __exit fini(void)
237{
238 crypto_unregister_alg(&tea_alg);
239 crypto_unregister_alg(&xtea_alg);
240}
241
242MODULE_ALIAS("xtea");
243
244module_init(init);
245module_exit(fini);
246
247MODULE_LICENSE("GPL");
248MODULE_DESCRIPTION("TEA & XTEA Cryptographic Algorithms");
diff --git a/crypto/tgr192.c b/crypto/tgr192.c
new file mode 100644
index 000000000000..f0a45cf716d0
--- /dev/null
+++ b/crypto/tgr192.c
@@ -0,0 +1,735 @@
1/*
2 * Cryptographic API.
3 *
4 * Tiger hashing Algorithm
5 *
6 * Copyright (C) 1998 Free Software Foundation, Inc.
7 *
8 * The Tiger algorithm was developed by Ross Anderson and Eli Biham.
9 * It was optimized for 64-bit processors while still delievering
10 * decent performance on 32 and 16-bit processors.
11 *
12 * This version is derived from the GnuPG implementation and the
13 * Tiger-Perl interface written by Rafael Sevilla
14 *
15 * Adapted for Linux Kernel Crypto by Aaron Grothe
16 * ajgrothe@yahoo.com, February 22, 2005
17 *
18 * This program is free software; you can redistribute it and/or modify
19 * it under the terms of the GNU General Public License as published by
20 * the Free Software Foundation; either version 2 of the License, or
21 * (at your option) any later version.
22 *
23 */
24#include <linux/init.h>
25#include <linux/module.h>
26#include <linux/mm.h>
27#include <asm/scatterlist.h>
28#include <linux/crypto.h>
29
30#define TGR192_DIGEST_SIZE 24
31#define TGR160_DIGEST_SIZE 20
32#define TGR128_DIGEST_SIZE 16
33
34#define TGR192_BLOCK_SIZE 64
35
36struct tgr192_ctx {
37 u64 a, b, c;
38 u8 hash[64];
39 int count;
40 u32 nblocks;
41};
42
43static const u64 sbox1[256] = {
44 0x02aab17cf7e90c5eULL, 0xac424b03e243a8ecULL, 0x72cd5be30dd5fcd3ULL,
45 0x6d019b93f6f97f3aULL, 0xcd9978ffd21f9193ULL, 0x7573a1c9708029e2ULL,
46 0xb164326b922a83c3ULL, 0x46883eee04915870ULL, 0xeaace3057103ece6ULL,
47 0xc54169b808a3535cULL, 0x4ce754918ddec47cULL, 0x0aa2f4dfdc0df40cULL,
48 0x10b76f18a74dbefaULL, 0xc6ccb6235ad1ab6aULL, 0x13726121572fe2ffULL,
49 0x1a488c6f199d921eULL, 0x4bc9f9f4da0007caULL, 0x26f5e6f6e85241c7ULL,
50 0x859079dbea5947b6ULL, 0x4f1885c5c99e8c92ULL, 0xd78e761ea96f864bULL,
51 0x8e36428c52b5c17dULL, 0x69cf6827373063c1ULL, 0xb607c93d9bb4c56eULL,
52 0x7d820e760e76b5eaULL, 0x645c9cc6f07fdc42ULL, 0xbf38a078243342e0ULL,
53 0x5f6b343c9d2e7d04ULL, 0xf2c28aeb600b0ec6ULL, 0x6c0ed85f7254bcacULL,
54 0x71592281a4db4fe5ULL, 0x1967fa69ce0fed9fULL, 0xfd5293f8b96545dbULL,
55 0xc879e9d7f2a7600bULL, 0x860248920193194eULL, 0xa4f9533b2d9cc0b3ULL,
56 0x9053836c15957613ULL, 0xdb6dcf8afc357bf1ULL, 0x18beea7a7a370f57ULL,
57 0x037117ca50b99066ULL, 0x6ab30a9774424a35ULL, 0xf4e92f02e325249bULL,
58 0x7739db07061ccae1ULL, 0xd8f3b49ceca42a05ULL, 0xbd56be3f51382f73ULL,
59 0x45faed5843b0bb28ULL, 0x1c813d5c11bf1f83ULL, 0x8af0e4b6d75fa169ULL,
60 0x33ee18a487ad9999ULL, 0x3c26e8eab1c94410ULL, 0xb510102bc0a822f9ULL,
61 0x141eef310ce6123bULL, 0xfc65b90059ddb154ULL, 0xe0158640c5e0e607ULL,
62 0x884e079826c3a3cfULL, 0x930d0d9523c535fdULL, 0x35638d754e9a2b00ULL,
63 0x4085fccf40469dd5ULL, 0xc4b17ad28be23a4cULL, 0xcab2f0fc6a3e6a2eULL,
64 0x2860971a6b943fcdULL, 0x3dde6ee212e30446ULL, 0x6222f32ae01765aeULL,
65 0x5d550bb5478308feULL, 0xa9efa98da0eda22aULL, 0xc351a71686c40da7ULL,
66 0x1105586d9c867c84ULL, 0xdcffee85fda22853ULL, 0xccfbd0262c5eef76ULL,
67 0xbaf294cb8990d201ULL, 0xe69464f52afad975ULL, 0x94b013afdf133e14ULL,
68 0x06a7d1a32823c958ULL, 0x6f95fe5130f61119ULL, 0xd92ab34e462c06c0ULL,
69 0xed7bde33887c71d2ULL, 0x79746d6e6518393eULL, 0x5ba419385d713329ULL,
70 0x7c1ba6b948a97564ULL, 0x31987c197bfdac67ULL, 0xde6c23c44b053d02ULL,
71 0x581c49fed002d64dULL, 0xdd474d6338261571ULL, 0xaa4546c3e473d062ULL,
72 0x928fce349455f860ULL, 0x48161bbacaab94d9ULL, 0x63912430770e6f68ULL,
73 0x6ec8a5e602c6641cULL, 0x87282515337ddd2bULL, 0x2cda6b42034b701bULL,
74 0xb03d37c181cb096dULL, 0xe108438266c71c6fULL, 0x2b3180c7eb51b255ULL,
75 0xdf92b82f96c08bbcULL, 0x5c68c8c0a632f3baULL, 0x5504cc861c3d0556ULL,
76 0xabbfa4e55fb26b8fULL, 0x41848b0ab3baceb4ULL, 0xb334a273aa445d32ULL,
77 0xbca696f0a85ad881ULL, 0x24f6ec65b528d56cULL, 0x0ce1512e90f4524aULL,
78 0x4e9dd79d5506d35aULL, 0x258905fac6ce9779ULL, 0x2019295b3e109b33ULL,
79 0xf8a9478b73a054ccULL, 0x2924f2f934417eb0ULL, 0x3993357d536d1bc4ULL,
80 0x38a81ac21db6ff8bULL, 0x47c4fbf17d6016bfULL, 0x1e0faadd7667e3f5ULL,
81 0x7abcff62938beb96ULL, 0xa78dad948fc179c9ULL, 0x8f1f98b72911e50dULL,
82 0x61e48eae27121a91ULL, 0x4d62f7ad31859808ULL, 0xeceba345ef5ceaebULL,
83 0xf5ceb25ebc9684ceULL, 0xf633e20cb7f76221ULL, 0xa32cdf06ab8293e4ULL,
84 0x985a202ca5ee2ca4ULL, 0xcf0b8447cc8a8fb1ULL, 0x9f765244979859a3ULL,
85 0xa8d516b1a1240017ULL, 0x0bd7ba3ebb5dc726ULL, 0xe54bca55b86adb39ULL,
86 0x1d7a3afd6c478063ULL, 0x519ec608e7669eddULL, 0x0e5715a2d149aa23ULL,
87 0x177d4571848ff194ULL, 0xeeb55f3241014c22ULL, 0x0f5e5ca13a6e2ec2ULL,
88 0x8029927b75f5c361ULL, 0xad139fabc3d6e436ULL, 0x0d5df1a94ccf402fULL,
89 0x3e8bd948bea5dfc8ULL, 0xa5a0d357bd3ff77eULL, 0xa2d12e251f74f645ULL,
90 0x66fd9e525e81a082ULL, 0x2e0c90ce7f687a49ULL, 0xc2e8bcbeba973bc5ULL,
91 0x000001bce509745fULL, 0x423777bbe6dab3d6ULL, 0xd1661c7eaef06eb5ULL,
92 0xa1781f354daacfd8ULL, 0x2d11284a2b16affcULL, 0xf1fc4f67fa891d1fULL,
93 0x73ecc25dcb920adaULL, 0xae610c22c2a12651ULL, 0x96e0a810d356b78aULL,
94 0x5a9a381f2fe7870fULL, 0xd5ad62ede94e5530ULL, 0xd225e5e8368d1427ULL,
95 0x65977b70c7af4631ULL, 0x99f889b2de39d74fULL, 0x233f30bf54e1d143ULL,
96 0x9a9675d3d9a63c97ULL, 0x5470554ff334f9a8ULL, 0x166acb744a4f5688ULL,
97 0x70c74caab2e4aeadULL, 0xf0d091646f294d12ULL, 0x57b82a89684031d1ULL,
98 0xefd95a5a61be0b6bULL, 0x2fbd12e969f2f29aULL, 0x9bd37013feff9fe8ULL,
99 0x3f9b0404d6085a06ULL, 0x4940c1f3166cfe15ULL, 0x09542c4dcdf3defbULL,
100 0xb4c5218385cd5ce3ULL, 0xc935b7dc4462a641ULL, 0x3417f8a68ed3b63fULL,
101 0xb80959295b215b40ULL, 0xf99cdaef3b8c8572ULL, 0x018c0614f8fcb95dULL,
102 0x1b14accd1a3acdf3ULL, 0x84d471f200bb732dULL, 0xc1a3110e95e8da16ULL,
103 0x430a7220bf1a82b8ULL, 0xb77e090d39df210eULL, 0x5ef4bd9f3cd05e9dULL,
104 0x9d4ff6da7e57a444ULL, 0xda1d60e183d4a5f8ULL, 0xb287c38417998e47ULL,
105 0xfe3edc121bb31886ULL, 0xc7fe3ccc980ccbefULL, 0xe46fb590189bfd03ULL,
106 0x3732fd469a4c57dcULL, 0x7ef700a07cf1ad65ULL, 0x59c64468a31d8859ULL,
107 0x762fb0b4d45b61f6ULL, 0x155baed099047718ULL, 0x68755e4c3d50baa6ULL,
108 0xe9214e7f22d8b4dfULL, 0x2addbf532eac95f4ULL, 0x32ae3909b4bd0109ULL,
109 0x834df537b08e3450ULL, 0xfa209da84220728dULL, 0x9e691d9b9efe23f7ULL,
110 0x0446d288c4ae8d7fULL, 0x7b4cc524e169785bULL, 0x21d87f0135ca1385ULL,
111 0xcebb400f137b8aa5ULL, 0x272e2b66580796beULL, 0x3612264125c2b0deULL,
112 0x057702bdad1efbb2ULL, 0xd4babb8eacf84be9ULL, 0x91583139641bc67bULL,
113 0x8bdc2de08036e024ULL, 0x603c8156f49f68edULL, 0xf7d236f7dbef5111ULL,
114 0x9727c4598ad21e80ULL, 0xa08a0896670a5fd7ULL, 0xcb4a8f4309eba9cbULL,
115 0x81af564b0f7036a1ULL, 0xc0b99aa778199abdULL, 0x959f1ec83fc8e952ULL,
116 0x8c505077794a81b9ULL, 0x3acaaf8f056338f0ULL, 0x07b43f50627a6778ULL,
117 0x4a44ab49f5eccc77ULL, 0x3bc3d6e4b679ee98ULL, 0x9cc0d4d1cf14108cULL,
118 0x4406c00b206bc8a0ULL, 0x82a18854c8d72d89ULL, 0x67e366b35c3c432cULL,
119 0xb923dd61102b37f2ULL, 0x56ab2779d884271dULL, 0xbe83e1b0ff1525afULL,
120 0xfb7c65d4217e49a9ULL, 0x6bdbe0e76d48e7d4ULL, 0x08df828745d9179eULL,
121 0x22ea6a9add53bd34ULL, 0xe36e141c5622200aULL, 0x7f805d1b8cb750eeULL,
122 0xafe5c7a59f58e837ULL, 0xe27f996a4fb1c23cULL, 0xd3867dfb0775f0d0ULL,
123 0xd0e673de6e88891aULL, 0x123aeb9eafb86c25ULL, 0x30f1d5d5c145b895ULL,
124 0xbb434a2dee7269e7ULL, 0x78cb67ecf931fa38ULL, 0xf33b0372323bbf9cULL,
125 0x52d66336fb279c74ULL, 0x505f33ac0afb4eaaULL, 0xe8a5cd99a2cce187ULL,
126 0x534974801e2d30bbULL, 0x8d2d5711d5876d90ULL, 0x1f1a412891bc038eULL,
127 0xd6e2e71d82e56648ULL, 0x74036c3a497732b7ULL, 0x89b67ed96361f5abULL,
128 0xffed95d8f1ea02a2ULL, 0xe72b3bd61464d43dULL, 0xa6300f170bdc4820ULL,
129 0xebc18760ed78a77aULL
130};
131
132static const u64 sbox2[256] = {
133 0xe6a6be5a05a12138ULL, 0xb5a122a5b4f87c98ULL, 0x563c6089140b6990ULL,
134 0x4c46cb2e391f5dd5ULL, 0xd932addbc9b79434ULL, 0x08ea70e42015aff5ULL,
135 0xd765a6673e478cf1ULL, 0xc4fb757eab278d99ULL, 0xdf11c6862d6e0692ULL,
136 0xddeb84f10d7f3b16ULL, 0x6f2ef604a665ea04ULL, 0x4a8e0f0ff0e0dfb3ULL,
137 0xa5edeef83dbcba51ULL, 0xfc4f0a2a0ea4371eULL, 0xe83e1da85cb38429ULL,
138 0xdc8ff882ba1b1ce2ULL, 0xcd45505e8353e80dULL, 0x18d19a00d4db0717ULL,
139 0x34a0cfeda5f38101ULL, 0x0be77e518887caf2ULL, 0x1e341438b3c45136ULL,
140 0xe05797f49089ccf9ULL, 0xffd23f9df2591d14ULL, 0x543dda228595c5cdULL,
141 0x661f81fd99052a33ULL, 0x8736e641db0f7b76ULL, 0x15227725418e5307ULL,
142 0xe25f7f46162eb2faULL, 0x48a8b2126c13d9feULL, 0xafdc541792e76eeaULL,
143 0x03d912bfc6d1898fULL, 0x31b1aafa1b83f51bULL, 0xf1ac2796e42ab7d9ULL,
144 0x40a3a7d7fcd2ebacULL, 0x1056136d0afbbcc5ULL, 0x7889e1dd9a6d0c85ULL,
145 0xd33525782a7974aaULL, 0xa7e25d09078ac09bULL, 0xbd4138b3eac6edd0ULL,
146 0x920abfbe71eb9e70ULL, 0xa2a5d0f54fc2625cULL, 0xc054e36b0b1290a3ULL,
147 0xf6dd59ff62fe932bULL, 0x3537354511a8ac7dULL, 0xca845e9172fadcd4ULL,
148 0x84f82b60329d20dcULL, 0x79c62ce1cd672f18ULL, 0x8b09a2add124642cULL,
149 0xd0c1e96a19d9e726ULL, 0x5a786a9b4ba9500cULL, 0x0e020336634c43f3ULL,
150 0xc17b474aeb66d822ULL, 0x6a731ae3ec9baac2ULL, 0x8226667ae0840258ULL,
151 0x67d4567691caeca5ULL, 0x1d94155c4875adb5ULL, 0x6d00fd985b813fdfULL,
152 0x51286efcb774cd06ULL, 0x5e8834471fa744afULL, 0xf72ca0aee761ae2eULL,
153 0xbe40e4cdaee8e09aULL, 0xe9970bbb5118f665ULL, 0x726e4beb33df1964ULL,
154 0x703b000729199762ULL, 0x4631d816f5ef30a7ULL, 0xb880b5b51504a6beULL,
155 0x641793c37ed84b6cULL, 0x7b21ed77f6e97d96ULL, 0x776306312ef96b73ULL,
156 0xae528948e86ff3f4ULL, 0x53dbd7f286a3f8f8ULL, 0x16cadce74cfc1063ULL,
157 0x005c19bdfa52c6ddULL, 0x68868f5d64d46ad3ULL, 0x3a9d512ccf1e186aULL,
158 0x367e62c2385660aeULL, 0xe359e7ea77dcb1d7ULL, 0x526c0773749abe6eULL,
159 0x735ae5f9d09f734bULL, 0x493fc7cc8a558ba8ULL, 0xb0b9c1533041ab45ULL,
160 0x321958ba470a59bdULL, 0x852db00b5f46c393ULL, 0x91209b2bd336b0e5ULL,
161 0x6e604f7d659ef19fULL, 0xb99a8ae2782ccb24ULL, 0xccf52ab6c814c4c7ULL,
162 0x4727d9afbe11727bULL, 0x7e950d0c0121b34dULL, 0x756f435670ad471fULL,
163 0xf5add442615a6849ULL, 0x4e87e09980b9957aULL, 0x2acfa1df50aee355ULL,
164 0xd898263afd2fd556ULL, 0xc8f4924dd80c8fd6ULL, 0xcf99ca3d754a173aULL,
165 0xfe477bacaf91bf3cULL, 0xed5371f6d690c12dULL, 0x831a5c285e687094ULL,
166 0xc5d3c90a3708a0a4ULL, 0x0f7f903717d06580ULL, 0x19f9bb13b8fdf27fULL,
167 0xb1bd6f1b4d502843ULL, 0x1c761ba38fff4012ULL, 0x0d1530c4e2e21f3bULL,
168 0x8943ce69a7372c8aULL, 0xe5184e11feb5ce66ULL, 0x618bdb80bd736621ULL,
169 0x7d29bad68b574d0bULL, 0x81bb613e25e6fe5bULL, 0x071c9c10bc07913fULL,
170 0xc7beeb7909ac2d97ULL, 0xc3e58d353bc5d757ULL, 0xeb017892f38f61e8ULL,
171 0xd4effb9c9b1cc21aULL, 0x99727d26f494f7abULL, 0xa3e063a2956b3e03ULL,
172 0x9d4a8b9a4aa09c30ULL, 0x3f6ab7d500090fb4ULL, 0x9cc0f2a057268ac0ULL,
173 0x3dee9d2dedbf42d1ULL, 0x330f49c87960a972ULL, 0xc6b2720287421b41ULL,
174 0x0ac59ec07c00369cULL, 0xef4eac49cb353425ULL, 0xf450244eef0129d8ULL,
175 0x8acc46e5caf4deb6ULL, 0x2ffeab63989263f7ULL, 0x8f7cb9fe5d7a4578ULL,
176 0x5bd8f7644e634635ULL, 0x427a7315bf2dc900ULL, 0x17d0c4aa2125261cULL,
177 0x3992486c93518e50ULL, 0xb4cbfee0a2d7d4c3ULL, 0x7c75d6202c5ddd8dULL,
178 0xdbc295d8e35b6c61ULL, 0x60b369d302032b19ULL, 0xce42685fdce44132ULL,
179 0x06f3ddb9ddf65610ULL, 0x8ea4d21db5e148f0ULL, 0x20b0fce62fcd496fULL,
180 0x2c1b912358b0ee31ULL, 0xb28317b818f5a308ULL, 0xa89c1e189ca6d2cfULL,
181 0x0c6b18576aaadbc8ULL, 0xb65deaa91299fae3ULL, 0xfb2b794b7f1027e7ULL,
182 0x04e4317f443b5bebULL, 0x4b852d325939d0a6ULL, 0xd5ae6beefb207ffcULL,
183 0x309682b281c7d374ULL, 0xbae309a194c3b475ULL, 0x8cc3f97b13b49f05ULL,
184 0x98a9422ff8293967ULL, 0x244b16b01076ff7cULL, 0xf8bf571c663d67eeULL,
185 0x1f0d6758eee30da1ULL, 0xc9b611d97adeb9b7ULL, 0xb7afd5887b6c57a2ULL,
186 0x6290ae846b984fe1ULL, 0x94df4cdeacc1a5fdULL, 0x058a5bd1c5483affULL,
187 0x63166cc142ba3c37ULL, 0x8db8526eb2f76f40ULL, 0xe10880036f0d6d4eULL,
188 0x9e0523c9971d311dULL, 0x45ec2824cc7cd691ULL, 0x575b8359e62382c9ULL,
189 0xfa9e400dc4889995ULL, 0xd1823ecb45721568ULL, 0xdafd983b8206082fULL,
190 0xaa7d29082386a8cbULL, 0x269fcd4403b87588ULL, 0x1b91f5f728bdd1e0ULL,
191 0xe4669f39040201f6ULL, 0x7a1d7c218cf04adeULL, 0x65623c29d79ce5ceULL,
192 0x2368449096c00bb1ULL, 0xab9bf1879da503baULL, 0xbc23ecb1a458058eULL,
193 0x9a58df01bb401eccULL, 0xa070e868a85f143dULL, 0x4ff188307df2239eULL,
194 0x14d565b41a641183ULL, 0xee13337452701602ULL, 0x950e3dcf3f285e09ULL,
195 0x59930254b9c80953ULL, 0x3bf299408930da6dULL, 0xa955943f53691387ULL,
196 0xa15edecaa9cb8784ULL, 0x29142127352be9a0ULL, 0x76f0371fff4e7afbULL,
197 0x0239f450274f2228ULL, 0xbb073af01d5e868bULL, 0xbfc80571c10e96c1ULL,
198 0xd267088568222e23ULL, 0x9671a3d48e80b5b0ULL, 0x55b5d38ae193bb81ULL,
199 0x693ae2d0a18b04b8ULL, 0x5c48b4ecadd5335fULL, 0xfd743b194916a1caULL,
200 0x2577018134be98c4ULL, 0xe77987e83c54a4adULL, 0x28e11014da33e1b9ULL,
201 0x270cc59e226aa213ULL, 0x71495f756d1a5f60ULL, 0x9be853fb60afef77ULL,
202 0xadc786a7f7443dbfULL, 0x0904456173b29a82ULL, 0x58bc7a66c232bd5eULL,
203 0xf306558c673ac8b2ULL, 0x41f639c6b6c9772aULL, 0x216defe99fda35daULL,
204 0x11640cc71c7be615ULL, 0x93c43694565c5527ULL, 0xea038e6246777839ULL,
205 0xf9abf3ce5a3e2469ULL, 0x741e768d0fd312d2ULL, 0x0144b883ced652c6ULL,
206 0xc20b5a5ba33f8552ULL, 0x1ae69633c3435a9dULL, 0x97a28ca4088cfdecULL,
207 0x8824a43c1e96f420ULL, 0x37612fa66eeea746ULL, 0x6b4cb165f9cf0e5aULL,
208 0x43aa1c06a0abfb4aULL, 0x7f4dc26ff162796bULL, 0x6cbacc8e54ed9b0fULL,
209 0xa6b7ffefd2bb253eULL, 0x2e25bc95b0a29d4fULL, 0x86d6a58bdef1388cULL,
210 0xded74ac576b6f054ULL, 0x8030bdbc2b45805dULL, 0x3c81af70e94d9289ULL,
211 0x3eff6dda9e3100dbULL, 0xb38dc39fdfcc8847ULL, 0x123885528d17b87eULL,
212 0xf2da0ed240b1b642ULL, 0x44cefadcd54bf9a9ULL, 0x1312200e433c7ee6ULL,
213 0x9ffcc84f3a78c748ULL, 0xf0cd1f72248576bbULL, 0xec6974053638cfe4ULL,
214 0x2ba7b67c0cec4e4cULL, 0xac2f4df3e5ce32edULL, 0xcb33d14326ea4c11ULL,
215 0xa4e9044cc77e58bcULL, 0x5f513293d934fcefULL, 0x5dc9645506e55444ULL,
216 0x50de418f317de40aULL, 0x388cb31a69dde259ULL, 0x2db4a83455820a86ULL,
217 0x9010a91e84711ae9ULL, 0x4df7f0b7b1498371ULL, 0xd62a2eabc0977179ULL,
218 0x22fac097aa8d5c0eULL
219};
220
221static const u64 sbox3[256] = {
222 0xf49fcc2ff1daf39bULL, 0x487fd5c66ff29281ULL, 0xe8a30667fcdca83fULL,
223 0x2c9b4be3d2fcce63ULL, 0xda3ff74b93fbbbc2ULL, 0x2fa165d2fe70ba66ULL,
224 0xa103e279970e93d4ULL, 0xbecdec77b0e45e71ULL, 0xcfb41e723985e497ULL,
225 0xb70aaa025ef75017ULL, 0xd42309f03840b8e0ULL, 0x8efc1ad035898579ULL,
226 0x96c6920be2b2abc5ULL, 0x66af4163375a9172ULL, 0x2174abdcca7127fbULL,
227 0xb33ccea64a72ff41ULL, 0xf04a4933083066a5ULL, 0x8d970acdd7289af5ULL,
228 0x8f96e8e031c8c25eULL, 0xf3fec02276875d47ULL, 0xec7bf310056190ddULL,
229 0xf5adb0aebb0f1491ULL, 0x9b50f8850fd58892ULL, 0x4975488358b74de8ULL,
230 0xa3354ff691531c61ULL, 0x0702bbe481d2c6eeULL, 0x89fb24057deded98ULL,
231 0xac3075138596e902ULL, 0x1d2d3580172772edULL, 0xeb738fc28e6bc30dULL,
232 0x5854ef8f63044326ULL, 0x9e5c52325add3bbeULL, 0x90aa53cf325c4623ULL,
233 0xc1d24d51349dd067ULL, 0x2051cfeea69ea624ULL, 0x13220f0a862e7e4fULL,
234 0xce39399404e04864ULL, 0xd9c42ca47086fcb7ULL, 0x685ad2238a03e7ccULL,
235 0x066484b2ab2ff1dbULL, 0xfe9d5d70efbf79ecULL, 0x5b13b9dd9c481854ULL,
236 0x15f0d475ed1509adULL, 0x0bebcd060ec79851ULL, 0xd58c6791183ab7f8ULL,
237 0xd1187c5052f3eee4ULL, 0xc95d1192e54e82ffULL, 0x86eea14cb9ac6ca2ULL,
238 0x3485beb153677d5dULL, 0xdd191d781f8c492aULL, 0xf60866baa784ebf9ULL,
239 0x518f643ba2d08c74ULL, 0x8852e956e1087c22ULL, 0xa768cb8dc410ae8dULL,
240 0x38047726bfec8e1aULL, 0xa67738b4cd3b45aaULL, 0xad16691cec0dde19ULL,
241 0xc6d4319380462e07ULL, 0xc5a5876d0ba61938ULL, 0x16b9fa1fa58fd840ULL,
242 0x188ab1173ca74f18ULL, 0xabda2f98c99c021fULL, 0x3e0580ab134ae816ULL,
243 0x5f3b05b773645abbULL, 0x2501a2be5575f2f6ULL, 0x1b2f74004e7e8ba9ULL,
244 0x1cd7580371e8d953ULL, 0x7f6ed89562764e30ULL, 0xb15926ff596f003dULL,
245 0x9f65293da8c5d6b9ULL, 0x6ecef04dd690f84cULL, 0x4782275fff33af88ULL,
246 0xe41433083f820801ULL, 0xfd0dfe409a1af9b5ULL, 0x4325a3342cdb396bULL,
247 0x8ae77e62b301b252ULL, 0xc36f9e9f6655615aULL, 0x85455a2d92d32c09ULL,
248 0xf2c7dea949477485ULL, 0x63cfb4c133a39ebaULL, 0x83b040cc6ebc5462ULL,
249 0x3b9454c8fdb326b0ULL, 0x56f56a9e87ffd78cULL, 0x2dc2940d99f42bc6ULL,
250 0x98f7df096b096e2dULL, 0x19a6e01e3ad852bfULL, 0x42a99ccbdbd4b40bULL,
251 0xa59998af45e9c559ULL, 0x366295e807d93186ULL, 0x6b48181bfaa1f773ULL,
252 0x1fec57e2157a0a1dULL, 0x4667446af6201ad5ULL, 0xe615ebcacfb0f075ULL,
253 0xb8f31f4f68290778ULL, 0x22713ed6ce22d11eULL, 0x3057c1a72ec3c93bULL,
254 0xcb46acc37c3f1f2fULL, 0xdbb893fd02aaf50eULL, 0x331fd92e600b9fcfULL,
255 0xa498f96148ea3ad6ULL, 0xa8d8426e8b6a83eaULL, 0xa089b274b7735cdcULL,
256 0x87f6b3731e524a11ULL, 0x118808e5cbc96749ULL, 0x9906e4c7b19bd394ULL,
257 0xafed7f7e9b24a20cULL, 0x6509eadeeb3644a7ULL, 0x6c1ef1d3e8ef0edeULL,
258 0xb9c97d43e9798fb4ULL, 0xa2f2d784740c28a3ULL, 0x7b8496476197566fULL,
259 0x7a5be3e6b65f069dULL, 0xf96330ed78be6f10ULL, 0xeee60de77a076a15ULL,
260 0x2b4bee4aa08b9bd0ULL, 0x6a56a63ec7b8894eULL, 0x02121359ba34fef4ULL,
261 0x4cbf99f8283703fcULL, 0x398071350caf30c8ULL, 0xd0a77a89f017687aULL,
262 0xf1c1a9eb9e423569ULL, 0x8c7976282dee8199ULL, 0x5d1737a5dd1f7abdULL,
263 0x4f53433c09a9fa80ULL, 0xfa8b0c53df7ca1d9ULL, 0x3fd9dcbc886ccb77ULL,
264 0xc040917ca91b4720ULL, 0x7dd00142f9d1dcdfULL, 0x8476fc1d4f387b58ULL,
265 0x23f8e7c5f3316503ULL, 0x032a2244e7e37339ULL, 0x5c87a5d750f5a74bULL,
266 0x082b4cc43698992eULL, 0xdf917becb858f63cULL, 0x3270b8fc5bf86ddaULL,
267 0x10ae72bb29b5dd76ULL, 0x576ac94e7700362bULL, 0x1ad112dac61efb8fULL,
268 0x691bc30ec5faa427ULL, 0xff246311cc327143ULL, 0x3142368e30e53206ULL,
269 0x71380e31e02ca396ULL, 0x958d5c960aad76f1ULL, 0xf8d6f430c16da536ULL,
270 0xc8ffd13f1be7e1d2ULL, 0x7578ae66004ddbe1ULL, 0x05833f01067be646ULL,
271 0xbb34b5ad3bfe586dULL, 0x095f34c9a12b97f0ULL, 0x247ab64525d60ca8ULL,
272 0xdcdbc6f3017477d1ULL, 0x4a2e14d4decad24dULL, 0xbdb5e6d9be0a1eebULL,
273 0x2a7e70f7794301abULL, 0xdef42d8a270540fdULL, 0x01078ec0a34c22c1ULL,
274 0xe5de511af4c16387ULL, 0x7ebb3a52bd9a330aULL, 0x77697857aa7d6435ULL,
275 0x004e831603ae4c32ULL, 0xe7a21020ad78e312ULL, 0x9d41a70c6ab420f2ULL,
276 0x28e06c18ea1141e6ULL, 0xd2b28cbd984f6b28ULL, 0x26b75f6c446e9d83ULL,
277 0xba47568c4d418d7fULL, 0xd80badbfe6183d8eULL, 0x0e206d7f5f166044ULL,
278 0xe258a43911cbca3eULL, 0x723a1746b21dc0bcULL, 0xc7caa854f5d7cdd3ULL,
279 0x7cac32883d261d9cULL, 0x7690c26423ba942cULL, 0x17e55524478042b8ULL,
280 0xe0be477656a2389fULL, 0x4d289b5e67ab2da0ULL, 0x44862b9c8fbbfd31ULL,
281 0xb47cc8049d141365ULL, 0x822c1b362b91c793ULL, 0x4eb14655fb13dfd8ULL,
282 0x1ecbba0714e2a97bULL, 0x6143459d5cde5f14ULL, 0x53a8fbf1d5f0ac89ULL,
283 0x97ea04d81c5e5b00ULL, 0x622181a8d4fdb3f3ULL, 0xe9bcd341572a1208ULL,
284 0x1411258643cce58aULL, 0x9144c5fea4c6e0a4ULL, 0x0d33d06565cf620fULL,
285 0x54a48d489f219ca1ULL, 0xc43e5eac6d63c821ULL, 0xa9728b3a72770dafULL,
286 0xd7934e7b20df87efULL, 0xe35503b61a3e86e5ULL, 0xcae321fbc819d504ULL,
287 0x129a50b3ac60bfa6ULL, 0xcd5e68ea7e9fb6c3ULL, 0xb01c90199483b1c7ULL,
288 0x3de93cd5c295376cULL, 0xaed52edf2ab9ad13ULL, 0x2e60f512c0a07884ULL,
289 0xbc3d86a3e36210c9ULL, 0x35269d9b163951ceULL, 0x0c7d6e2ad0cdb5faULL,
290 0x59e86297d87f5733ULL, 0x298ef221898db0e7ULL, 0x55000029d1a5aa7eULL,
291 0x8bc08ae1b5061b45ULL, 0xc2c31c2b6c92703aULL, 0x94cc596baf25ef42ULL,
292 0x0a1d73db22540456ULL, 0x04b6a0f9d9c4179aULL, 0xeffdafa2ae3d3c60ULL,
293 0xf7c8075bb49496c4ULL, 0x9cc5c7141d1cd4e3ULL, 0x78bd1638218e5534ULL,
294 0xb2f11568f850246aULL, 0xedfabcfa9502bc29ULL, 0x796ce5f2da23051bULL,
295 0xaae128b0dc93537cULL, 0x3a493da0ee4b29aeULL, 0xb5df6b2c416895d7ULL,
296 0xfcabbd25122d7f37ULL, 0x70810b58105dc4b1ULL, 0xe10fdd37f7882a90ULL,
297 0x524dcab5518a3f5cULL, 0x3c9e85878451255bULL, 0x4029828119bd34e2ULL,
298 0x74a05b6f5d3ceccbULL, 0xb610021542e13ecaULL, 0x0ff979d12f59e2acULL,
299 0x6037da27e4f9cc50ULL, 0x5e92975a0df1847dULL, 0xd66de190d3e623feULL,
300 0x5032d6b87b568048ULL, 0x9a36b7ce8235216eULL, 0x80272a7a24f64b4aULL,
301 0x93efed8b8c6916f7ULL, 0x37ddbff44cce1555ULL, 0x4b95db5d4b99bd25ULL,
302 0x92d3fda169812fc0ULL, 0xfb1a4a9a90660bb6ULL, 0x730c196946a4b9b2ULL,
303 0x81e289aa7f49da68ULL, 0x64669a0f83b1a05fULL, 0x27b3ff7d9644f48bULL,
304 0xcc6b615c8db675b3ULL, 0x674f20b9bcebbe95ULL, 0x6f31238275655982ULL,
305 0x5ae488713e45cf05ULL, 0xbf619f9954c21157ULL, 0xeabac46040a8eae9ULL,
306 0x454c6fe9f2c0c1cdULL, 0x419cf6496412691cULL, 0xd3dc3bef265b0f70ULL,
307 0x6d0e60f5c3578a9eULL
308};
309
310static const u64 sbox4[256] = {
311 0x5b0e608526323c55ULL, 0x1a46c1a9fa1b59f5ULL, 0xa9e245a17c4c8ffaULL,
312 0x65ca5159db2955d7ULL, 0x05db0a76ce35afc2ULL, 0x81eac77ea9113d45ULL,
313 0x528ef88ab6ac0a0dULL, 0xa09ea253597be3ffULL, 0x430ddfb3ac48cd56ULL,
314 0xc4b3a67af45ce46fULL, 0x4ececfd8fbe2d05eULL, 0x3ef56f10b39935f0ULL,
315 0x0b22d6829cd619c6ULL, 0x17fd460a74df2069ULL, 0x6cf8cc8e8510ed40ULL,
316 0xd6c824bf3a6ecaa7ULL, 0x61243d581a817049ULL, 0x048bacb6bbc163a2ULL,
317 0xd9a38ac27d44cc32ULL, 0x7fddff5baaf410abULL, 0xad6d495aa804824bULL,
318 0xe1a6a74f2d8c9f94ULL, 0xd4f7851235dee8e3ULL, 0xfd4b7f886540d893ULL,
319 0x247c20042aa4bfdaULL, 0x096ea1c517d1327cULL, 0xd56966b4361a6685ULL,
320 0x277da5c31221057dULL, 0x94d59893a43acff7ULL, 0x64f0c51ccdc02281ULL,
321 0x3d33bcc4ff6189dbULL, 0xe005cb184ce66af1ULL, 0xff5ccd1d1db99beaULL,
322 0xb0b854a7fe42980fULL, 0x7bd46a6a718d4b9fULL, 0xd10fa8cc22a5fd8cULL,
323 0xd31484952be4bd31ULL, 0xc7fa975fcb243847ULL, 0x4886ed1e5846c407ULL,
324 0x28cddb791eb70b04ULL, 0xc2b00be2f573417fULL, 0x5c9590452180f877ULL,
325 0x7a6bddfff370eb00ULL, 0xce509e38d6d9d6a4ULL, 0xebeb0f00647fa702ULL,
326 0x1dcc06cf76606f06ULL, 0xe4d9f28ba286ff0aULL, 0xd85a305dc918c262ULL,
327 0x475b1d8732225f54ULL, 0x2d4fb51668ccb5feULL, 0xa679b9d9d72bba20ULL,
328 0x53841c0d912d43a5ULL, 0x3b7eaa48bf12a4e8ULL, 0x781e0e47f22f1ddfULL,
329 0xeff20ce60ab50973ULL, 0x20d261d19dffb742ULL, 0x16a12b03062a2e39ULL,
330 0x1960eb2239650495ULL, 0x251c16fed50eb8b8ULL, 0x9ac0c330f826016eULL,
331 0xed152665953e7671ULL, 0x02d63194a6369570ULL, 0x5074f08394b1c987ULL,
332 0x70ba598c90b25ce1ULL, 0x794a15810b9742f6ULL, 0x0d5925e9fcaf8c6cULL,
333 0x3067716cd868744eULL, 0x910ab077e8d7731bULL, 0x6a61bbdb5ac42f61ULL,
334 0x93513efbf0851567ULL, 0xf494724b9e83e9d5ULL, 0xe887e1985c09648dULL,
335 0x34b1d3c675370cfdULL, 0xdc35e433bc0d255dULL, 0xd0aab84234131be0ULL,
336 0x08042a50b48b7eafULL, 0x9997c4ee44a3ab35ULL, 0x829a7b49201799d0ULL,
337 0x263b8307b7c54441ULL, 0x752f95f4fd6a6ca6ULL, 0x927217402c08c6e5ULL,
338 0x2a8ab754a795d9eeULL, 0xa442f7552f72943dULL, 0x2c31334e19781208ULL,
339 0x4fa98d7ceaee6291ULL, 0x55c3862f665db309ULL, 0xbd0610175d53b1f3ULL,
340 0x46fe6cb840413f27ULL, 0x3fe03792df0cfa59ULL, 0xcfe700372eb85e8fULL,
341 0xa7be29e7adbce118ULL, 0xe544ee5cde8431ddULL, 0x8a781b1b41f1873eULL,
342 0xa5c94c78a0d2f0e7ULL, 0x39412e2877b60728ULL, 0xa1265ef3afc9a62cULL,
343 0xbcc2770c6a2506c5ULL, 0x3ab66dd5dce1ce12ULL, 0xe65499d04a675b37ULL,
344 0x7d8f523481bfd216ULL, 0x0f6f64fcec15f389ULL, 0x74efbe618b5b13c8ULL,
345 0xacdc82b714273e1dULL, 0xdd40bfe003199d17ULL, 0x37e99257e7e061f8ULL,
346 0xfa52626904775aaaULL, 0x8bbbf63a463d56f9ULL, 0xf0013f1543a26e64ULL,
347 0xa8307e9f879ec898ULL, 0xcc4c27a4150177ccULL, 0x1b432f2cca1d3348ULL,
348 0xde1d1f8f9f6fa013ULL, 0x606602a047a7ddd6ULL, 0xd237ab64cc1cb2c7ULL,
349 0x9b938e7225fcd1d3ULL, 0xec4e03708e0ff476ULL, 0xfeb2fbda3d03c12dULL,
350 0xae0bced2ee43889aULL, 0x22cb8923ebfb4f43ULL, 0x69360d013cf7396dULL,
351 0x855e3602d2d4e022ULL, 0x073805bad01f784cULL, 0x33e17a133852f546ULL,
352 0xdf4874058ac7b638ULL, 0xba92b29c678aa14aULL, 0x0ce89fc76cfaadcdULL,
353 0x5f9d4e0908339e34ULL, 0xf1afe9291f5923b9ULL, 0x6e3480f60f4a265fULL,
354 0xeebf3a2ab29b841cULL, 0xe21938a88f91b4adULL, 0x57dfeff845c6d3c3ULL,
355 0x2f006b0bf62caaf2ULL, 0x62f479ef6f75ee78ULL, 0x11a55ad41c8916a9ULL,
356 0xf229d29084fed453ULL, 0x42f1c27b16b000e6ULL, 0x2b1f76749823c074ULL,
357 0x4b76eca3c2745360ULL, 0x8c98f463b91691bdULL, 0x14bcc93cf1ade66aULL,
358 0x8885213e6d458397ULL, 0x8e177df0274d4711ULL, 0xb49b73b5503f2951ULL,
359 0x10168168c3f96b6bULL, 0x0e3d963b63cab0aeULL, 0x8dfc4b5655a1db14ULL,
360 0xf789f1356e14de5cULL, 0x683e68af4e51dac1ULL, 0xc9a84f9d8d4b0fd9ULL,
361 0x3691e03f52a0f9d1ULL, 0x5ed86e46e1878e80ULL, 0x3c711a0e99d07150ULL,
362 0x5a0865b20c4e9310ULL, 0x56fbfc1fe4f0682eULL, 0xea8d5de3105edf9bULL,
363 0x71abfdb12379187aULL, 0x2eb99de1bee77b9cULL, 0x21ecc0ea33cf4523ULL,
364 0x59a4d7521805c7a1ULL, 0x3896f5eb56ae7c72ULL, 0xaa638f3db18f75dcULL,
365 0x9f39358dabe9808eULL, 0xb7defa91c00b72acULL, 0x6b5541fd62492d92ULL,
366 0x6dc6dee8f92e4d5bULL, 0x353f57abc4beea7eULL, 0x735769d6da5690ceULL,
367 0x0a234aa642391484ULL, 0xf6f9508028f80d9dULL, 0xb8e319a27ab3f215ULL,
368 0x31ad9c1151341a4dULL, 0x773c22a57bef5805ULL, 0x45c7561a07968633ULL,
369 0xf913da9e249dbe36ULL, 0xda652d9b78a64c68ULL, 0x4c27a97f3bc334efULL,
370 0x76621220e66b17f4ULL, 0x967743899acd7d0bULL, 0xf3ee5bcae0ed6782ULL,
371 0x409f753600c879fcULL, 0x06d09a39b5926db6ULL, 0x6f83aeb0317ac588ULL,
372 0x01e6ca4a86381f21ULL, 0x66ff3462d19f3025ULL, 0x72207c24ddfd3bfbULL,
373 0x4af6b6d3e2ece2ebULL, 0x9c994dbec7ea08deULL, 0x49ace597b09a8bc4ULL,
374 0xb38c4766cf0797baULL, 0x131b9373c57c2a75ULL, 0xb1822cce61931e58ULL,
375 0x9d7555b909ba1c0cULL, 0x127fafdd937d11d2ULL, 0x29da3badc66d92e4ULL,
376 0xa2c1d57154c2ecbcULL, 0x58c5134d82f6fe24ULL, 0x1c3ae3515b62274fULL,
377 0xe907c82e01cb8126ULL, 0xf8ed091913e37fcbULL, 0x3249d8f9c80046c9ULL,
378 0x80cf9bede388fb63ULL, 0x1881539a116cf19eULL, 0x5103f3f76bd52457ULL,
379 0x15b7e6f5ae47f7a8ULL, 0xdbd7c6ded47e9ccfULL, 0x44e55c410228bb1aULL,
380 0xb647d4255edb4e99ULL, 0x5d11882bb8aafc30ULL, 0xf5098bbb29d3212aULL,
381 0x8fb5ea14e90296b3ULL, 0x677b942157dd025aULL, 0xfb58e7c0a390acb5ULL,
382 0x89d3674c83bd4a01ULL, 0x9e2da4df4bf3b93bULL, 0xfcc41e328cab4829ULL,
383 0x03f38c96ba582c52ULL, 0xcad1bdbd7fd85db2ULL, 0xbbb442c16082ae83ULL,
384 0xb95fe86ba5da9ab0ULL, 0xb22e04673771a93fULL, 0x845358c9493152d8ULL,
385 0xbe2a488697b4541eULL, 0x95a2dc2dd38e6966ULL, 0xc02c11ac923c852bULL,
386 0x2388b1990df2a87bULL, 0x7c8008fa1b4f37beULL, 0x1f70d0c84d54e503ULL,
387 0x5490adec7ece57d4ULL, 0x002b3c27d9063a3aULL, 0x7eaea3848030a2bfULL,
388 0xc602326ded2003c0ULL, 0x83a7287d69a94086ULL, 0xc57a5fcb30f57a8aULL,
389 0xb56844e479ebe779ULL, 0xa373b40f05dcbce9ULL, 0xd71a786e88570ee2ULL,
390 0x879cbacdbde8f6a0ULL, 0x976ad1bcc164a32fULL, 0xab21e25e9666d78bULL,
391 0x901063aae5e5c33cULL, 0x9818b34448698d90ULL, 0xe36487ae3e1e8abbULL,
392 0xafbdf931893bdcb4ULL, 0x6345a0dc5fbbd519ULL, 0x8628fe269b9465caULL,
393 0x1e5d01603f9c51ecULL, 0x4de44006a15049b7ULL, 0xbf6c70e5f776cbb1ULL,
394 0x411218f2ef552bedULL, 0xcb0c0708705a36a3ULL, 0xe74d14754f986044ULL,
395 0xcd56d9430ea8280eULL, 0xc12591d7535f5065ULL, 0xc83223f1720aef96ULL,
396 0xc3a0396f7363a51fULL
397};
398
399
400static void tgr192_round(u64 * ra, u64 * rb, u64 * rc, u64 x, int mul)
401{
402 u64 a = *ra;
403 u64 b = *rb;
404 u64 c = *rc;
405
406 c ^= x;
407 a -= sbox1[c & 0xff] ^ sbox2[(c >> 16) & 0xff]
408 ^ sbox3[(c >> 32) & 0xff] ^ sbox4[(c >> 48) & 0xff];
409 b += sbox4[(c >> 8) & 0xff] ^ sbox3[(c >> 24) & 0xff]
410 ^ sbox2[(c >> 40) & 0xff] ^ sbox1[(c >> 56) & 0xff];
411 b *= mul;
412
413 *ra = a;
414 *rb = b;
415 *rc = c;
416}
417
418
419static void tgr192_pass(u64 * ra, u64 * rb, u64 * rc, u64 * x, int mul)
420{
421 u64 a = *ra;
422 u64 b = *rb;
423 u64 c = *rc;
424
425 tgr192_round(&a, &b, &c, x[0], mul);
426 tgr192_round(&b, &c, &a, x[1], mul);
427 tgr192_round(&c, &a, &b, x[2], mul);
428 tgr192_round(&a, &b, &c, x[3], mul);
429 tgr192_round(&b, &c, &a, x[4], mul);
430 tgr192_round(&c, &a, &b, x[5], mul);
431 tgr192_round(&a, &b, &c, x[6], mul);
432 tgr192_round(&b, &c, &a, x[7], mul);
433
434 *ra = a;
435 *rb = b;
436 *rc = c;
437}
438
439
440static void tgr192_key_schedule(u64 * x)
441{
442 x[0] -= x[7] ^ 0xa5a5a5a5a5a5a5a5ULL;
443 x[1] ^= x[0];
444 x[2] += x[1];
445 x[3] -= x[2] ^ ((~x[1]) << 19);
446 x[4] ^= x[3];
447 x[5] += x[4];
448 x[6] -= x[5] ^ ((~x[4]) >> 23);
449 x[7] ^= x[6];
450 x[0] += x[7];
451 x[1] -= x[0] ^ ((~x[7]) << 19);
452 x[2] ^= x[1];
453 x[3] += x[2];
454 x[4] -= x[3] ^ ((~x[2]) >> 23);
455 x[5] ^= x[4];
456 x[6] += x[5];
457 x[7] -= x[6] ^ 0x0123456789abcdefULL;
458}
459
460
461/****************
462 * Transform the message DATA which consists of 512 bytes (8 words)
463 */
464
465static void tgr192_transform(struct tgr192_ctx *tctx, const u8 * data)
466{
467 u64 a, b, c, aa, bb, cc;
468 u64 x[8];
469 int i;
470 const u8 *ptr = data;
471
472 for (i = 0; i < 8; i++, ptr += 8) {
473 x[i] = (((u64)ptr[7] ) << 56) ^
474 (((u64)ptr[6] & 0xffL) << 48) ^
475 (((u64)ptr[5] & 0xffL) << 40) ^
476 (((u64)ptr[4] & 0xffL) << 32) ^
477 (((u64)ptr[3] & 0xffL) << 24) ^
478 (((u64)ptr[2] & 0xffL) << 16) ^
479 (((u64)ptr[1] & 0xffL) << 8) ^
480 (((u64)ptr[0] & 0xffL) );
481 }
482
483 /* save */
484 a = aa = tctx->a;
485 b = bb = tctx->b;
486 c = cc = tctx->c;
487
488 tgr192_pass(&a, &b, &c, x, 5);
489 tgr192_key_schedule(x);
490 tgr192_pass(&c, &a, &b, x, 7);
491 tgr192_key_schedule(x);
492 tgr192_pass(&b, &c, &a, x, 9);
493
494
495 /* feedforward */
496 a ^= aa;
497 b -= bb;
498 c += cc;
499 /* store */
500 tctx->a = a;
501 tctx->b = b;
502 tctx->c = c;
503}
504
505static void tgr192_init(void *ctx)
506{
507 struct tgr192_ctx *tctx = ctx;
508
509 memset (tctx->hash, 0, 64);
510 tctx->a = 0x0123456789abcdefULL;
511 tctx->b = 0xfedcba9876543210ULL;
512 tctx->c = 0xf096a5b4c3b2e187ULL;
513 tctx->nblocks = 0;
514 tctx->count = 0;
515}
516
517
518/* Update the message digest with the contents
519 * of INBUF with length INLEN. */
520static void tgr192_update(void *ctx, const u8 * inbuf, unsigned int len)
521{
522 struct tgr192_ctx *tctx = ctx;
523
524 if (tctx->count == 64) { /* flush the buffer */
525 tgr192_transform(tctx, tctx->hash);
526 tctx->count = 0;
527 tctx->nblocks++;
528 }
529 if (!inbuf) {
530 return;
531 }
532 if (tctx->count) {
533 for (; len && tctx->count < 64; len--) {
534 tctx->hash[tctx->count++] = *inbuf++;
535 }
536 tgr192_update(tctx, NULL, 0);
537 if (!len) {
538 return;
539 }
540
541 }
542
543 while (len >= 64) {
544 tgr192_transform(tctx, inbuf);
545 tctx->count = 0;
546 tctx->nblocks++;
547 len -= 64;
548 inbuf += 64;
549 }
550 for (; len && tctx->count < 64; len--) {
551 tctx->hash[tctx->count++] = *inbuf++;
552 }
553}
554
555
556
557/* The routine terminates the computation */
558static void tgr192_final(void *ctx, u8 * out)
559{
560 struct tgr192_ctx *tctx = ctx;
561 u32 t, msb, lsb;
562 u8 *p;
563 int i, j;
564
565 tgr192_update(tctx, NULL, 0); /* flush */ ;
566
567 msb = 0;
568 t = tctx->nblocks;
569 if ((lsb = t << 6) < t) { /* multiply by 64 to make a byte count */
570 msb++;
571 }
572 msb += t >> 26;
573 t = lsb;
574 if ((lsb = t + tctx->count) < t) { /* add the count */
575 msb++;
576 }
577 t = lsb;
578 if ((lsb = t << 3) < t) { /* multiply by 8 to make a bit count */
579 msb++;
580 }
581 msb += t >> 29;
582
583 if (tctx->count < 56) { /* enough room */
584 tctx->hash[tctx->count++] = 0x01; /* pad */
585 while (tctx->count < 56) {
586 tctx->hash[tctx->count++] = 0; /* pad */
587 }
588 } else { /* need one extra block */
589 tctx->hash[tctx->count++] = 0x01; /* pad character */
590 while (tctx->count < 64) {
591 tctx->hash[tctx->count++] = 0;
592 }
593 tgr192_update(tctx, NULL, 0); /* flush */ ;
594 memset(tctx->hash, 0, 56); /* fill next block with zeroes */
595 }
596 /* append the 64 bit count */
597 tctx->hash[56] = lsb;
598 tctx->hash[57] = lsb >> 8;
599 tctx->hash[58] = lsb >> 16;
600 tctx->hash[59] = lsb >> 24;
601 tctx->hash[60] = msb;
602 tctx->hash[61] = msb >> 8;
603 tctx->hash[62] = msb >> 16;
604 tctx->hash[63] = msb >> 24;
605 tgr192_transform(tctx, tctx->hash);
606
607 p = tctx->hash;
608 *p++ = tctx->a >> 56; *p++ = tctx->a >> 48; *p++ = tctx->a >> 40;
609 *p++ = tctx->a >> 32; *p++ = tctx->a >> 24; *p++ = tctx->a >> 16;
610 *p++ = tctx->a >> 8; *p++ = tctx->a;\
611 *p++ = tctx->b >> 56; *p++ = tctx->b >> 48; *p++ = tctx->b >> 40;
612 *p++ = tctx->b >> 32; *p++ = tctx->b >> 24; *p++ = tctx->b >> 16;
613 *p++ = tctx->b >> 8; *p++ = tctx->b;
614 *p++ = tctx->c >> 56; *p++ = tctx->c >> 48; *p++ = tctx->c >> 40;
615 *p++ = tctx->c >> 32; *p++ = tctx->c >> 24; *p++ = tctx->c >> 16;
616 *p++ = tctx->c >> 8; *p++ = tctx->c;
617
618
619 /* unpack the hash */
620 j = 7;
621 for (i = 0; i < 8; i++) {
622 out[j--] = (tctx->a >> 8 * i) & 0xff;
623 }
624 j = 15;
625 for (i = 0; i < 8; i++) {
626 out[j--] = (tctx->b >> 8 * i) & 0xff;
627 }
628 j = 23;
629 for (i = 0; i < 8; i++) {
630 out[j--] = (tctx->c >> 8 * i) & 0xff;
631 }
632}
633
634static void tgr160_final(void *ctx, u8 * out)
635{
636 struct tgr192_ctx *wctx = ctx;
637 u8 D[64];
638
639 tgr192_final(wctx, D);
640 memcpy(out, D, TGR160_DIGEST_SIZE);
641 memset(D, 0, TGR192_DIGEST_SIZE);
642}
643
644static void tgr128_final(void *ctx, u8 * out)
645{
646 struct tgr192_ctx *wctx = ctx;
647 u8 D[64];
648
649 tgr192_final(wctx, D);
650 memcpy(out, D, TGR128_DIGEST_SIZE);
651 memset(D, 0, TGR192_DIGEST_SIZE);
652}
653
654static struct crypto_alg tgr192 = {
655 .cra_name = "tgr192",
656 .cra_flags = CRYPTO_ALG_TYPE_DIGEST,
657 .cra_blocksize = TGR192_BLOCK_SIZE,
658 .cra_ctxsize = sizeof(struct tgr192_ctx),
659 .cra_module = THIS_MODULE,
660 .cra_list = LIST_HEAD_INIT(tgr192.cra_list),
661 .cra_u = {.digest = {
662 .dia_digestsize = TGR192_DIGEST_SIZE,
663 .dia_init = tgr192_init,
664 .dia_update = tgr192_update,
665 .dia_final = tgr192_final}}
666};
667
668static struct crypto_alg tgr160 = {
669 .cra_name = "tgr160",
670 .cra_flags = CRYPTO_ALG_TYPE_DIGEST,
671 .cra_blocksize = TGR192_BLOCK_SIZE,
672 .cra_ctxsize = sizeof(struct tgr192_ctx),
673 .cra_module = THIS_MODULE,
674 .cra_list = LIST_HEAD_INIT(tgr160.cra_list),
675 .cra_u = {.digest = {
676 .dia_digestsize = TGR160_DIGEST_SIZE,
677 .dia_init = tgr192_init,
678 .dia_update = tgr192_update,
679 .dia_final = tgr160_final}}
680};
681
682static struct crypto_alg tgr128 = {
683 .cra_name = "tgr128",
684 .cra_flags = CRYPTO_ALG_TYPE_DIGEST,
685 .cra_blocksize = TGR192_BLOCK_SIZE,
686 .cra_ctxsize = sizeof(struct tgr192_ctx),
687 .cra_module = THIS_MODULE,
688 .cra_list = LIST_HEAD_INIT(tgr128.cra_list),
689 .cra_u = {.digest = {
690 .dia_digestsize = TGR128_DIGEST_SIZE,
691 .dia_init = tgr192_init,
692 .dia_update = tgr192_update,
693 .dia_final = tgr128_final}}
694};
695
696static int __init init(void)
697{
698 int ret = 0;
699
700 ret = crypto_register_alg(&tgr192);
701
702 if (ret < 0) {
703 goto out;
704 }
705
706 ret = crypto_register_alg(&tgr160);
707 if (ret < 0) {
708 crypto_unregister_alg(&tgr192);
709 goto out;
710 }
711
712 ret = crypto_register_alg(&tgr128);
713 if (ret < 0) {
714 crypto_unregister_alg(&tgr192);
715 crypto_unregister_alg(&tgr160);
716 }
717 out:
718 return ret;
719}
720
721static void __exit fini(void)
722{
723 crypto_unregister_alg(&tgr192);
724 crypto_unregister_alg(&tgr160);
725 crypto_unregister_alg(&tgr128);
726}
727
728MODULE_ALIAS("tgr160");
729MODULE_ALIAS("tgr128");
730
731module_init(init);
732module_exit(fini);
733
734MODULE_LICENSE("GPL");
735MODULE_DESCRIPTION("Tiger Message Digest Algorithm");
diff --git a/crypto/twofish.c b/crypto/twofish.c
new file mode 100644
index 000000000000..4efff8cf9958
--- /dev/null
+++ b/crypto/twofish.c
@@ -0,0 +1,902 @@
1/*
2 * Twofish for CryptoAPI
3 *
4 * Originally Twofish for GPG
5 * By Matthew Skala <mskala@ansuz.sooke.bc.ca>, July 26, 1998
6 * 256-bit key length added March 20, 1999
7 * Some modifications to reduce the text size by Werner Koch, April, 1998
8 * Ported to the kerneli patch by Marc Mutz <Marc@Mutz.com>
9 * Ported to CryptoAPI by Colin Slater <hoho@tacomeat.net>
10 *
11 * The original author has disclaimed all copyright interest in this
12 * code and thus put it in the public domain. The subsequent authors
13 * have put this under the GNU General Public License.
14 *
15 * This program is free software; you can redistribute it and/or modify
16 * it under the terms of the GNU General Public License as published by
17 * the Free Software Foundation; either version 2 of the License, or
18 * (at your option) any later version.
19 *
20 * This program is distributed in the hope that it will be useful,
21 * but WITHOUT ANY WARRANTY; without even the implied warranty of
22 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
23 * GNU General Public License for more details.
24 *
25 * You should have received a copy of the GNU General Public License
26 * along with this program; if not, write to the Free Software
27 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
28 * USA
29 *
30 * This code is a "clean room" implementation, written from the paper
31 * _Twofish: A 128-Bit Block Cipher_ by Bruce Schneier, John Kelsey,
32 * Doug Whiting, David Wagner, Chris Hall, and Niels Ferguson, available
33 * through http://www.counterpane.com/twofish.html
34 *
35 * For background information on multiplication in finite fields, used for
36 * the matrix operations in the key schedule, see the book _Contemporary
37 * Abstract Algebra_ by Joseph A. Gallian, especially chapter 22 in the
38 * Third Edition.
39 */
40#include <linux/module.h>
41#include <linux/init.h>
42#include <linux/types.h>
43#include <linux/errno.h>
44#include <linux/crypto.h>
45
46
47/* The large precomputed tables for the Twofish cipher (twofish.c)
48 * Taken from the same source as twofish.c
49 * Marc Mutz <Marc@Mutz.com>
50 */
51
52/* These two tables are the q0 and q1 permutations, exactly as described in
53 * the Twofish paper. */
54
55static const u8 q0[256] = {
56 0xA9, 0x67, 0xB3, 0xE8, 0x04, 0xFD, 0xA3, 0x76, 0x9A, 0x92, 0x80, 0x78,
57 0xE4, 0xDD, 0xD1, 0x38, 0x0D, 0xC6, 0x35, 0x98, 0x18, 0xF7, 0xEC, 0x6C,
58 0x43, 0x75, 0x37, 0x26, 0xFA, 0x13, 0x94, 0x48, 0xF2, 0xD0, 0x8B, 0x30,
59 0x84, 0x54, 0xDF, 0x23, 0x19, 0x5B, 0x3D, 0x59, 0xF3, 0xAE, 0xA2, 0x82,
60 0x63, 0x01, 0x83, 0x2E, 0xD9, 0x51, 0x9B, 0x7C, 0xA6, 0xEB, 0xA5, 0xBE,
61 0x16, 0x0C, 0xE3, 0x61, 0xC0, 0x8C, 0x3A, 0xF5, 0x73, 0x2C, 0x25, 0x0B,
62 0xBB, 0x4E, 0x89, 0x6B, 0x53, 0x6A, 0xB4, 0xF1, 0xE1, 0xE6, 0xBD, 0x45,
63 0xE2, 0xF4, 0xB6, 0x66, 0xCC, 0x95, 0x03, 0x56, 0xD4, 0x1C, 0x1E, 0xD7,
64 0xFB, 0xC3, 0x8E, 0xB5, 0xE9, 0xCF, 0xBF, 0xBA, 0xEA, 0x77, 0x39, 0xAF,
65 0x33, 0xC9, 0x62, 0x71, 0x81, 0x79, 0x09, 0xAD, 0x24, 0xCD, 0xF9, 0xD8,
66 0xE5, 0xC5, 0xB9, 0x4D, 0x44, 0x08, 0x86, 0xE7, 0xA1, 0x1D, 0xAA, 0xED,
67 0x06, 0x70, 0xB2, 0xD2, 0x41, 0x7B, 0xA0, 0x11, 0x31, 0xC2, 0x27, 0x90,
68 0x20, 0xF6, 0x60, 0xFF, 0x96, 0x5C, 0xB1, 0xAB, 0x9E, 0x9C, 0x52, 0x1B,
69 0x5F, 0x93, 0x0A, 0xEF, 0x91, 0x85, 0x49, 0xEE, 0x2D, 0x4F, 0x8F, 0x3B,
70 0x47, 0x87, 0x6D, 0x46, 0xD6, 0x3E, 0x69, 0x64, 0x2A, 0xCE, 0xCB, 0x2F,
71 0xFC, 0x97, 0x05, 0x7A, 0xAC, 0x7F, 0xD5, 0x1A, 0x4B, 0x0E, 0xA7, 0x5A,
72 0x28, 0x14, 0x3F, 0x29, 0x88, 0x3C, 0x4C, 0x02, 0xB8, 0xDA, 0xB0, 0x17,
73 0x55, 0x1F, 0x8A, 0x7D, 0x57, 0xC7, 0x8D, 0x74, 0xB7, 0xC4, 0x9F, 0x72,
74 0x7E, 0x15, 0x22, 0x12, 0x58, 0x07, 0x99, 0x34, 0x6E, 0x50, 0xDE, 0x68,
75 0x65, 0xBC, 0xDB, 0xF8, 0xC8, 0xA8, 0x2B, 0x40, 0xDC, 0xFE, 0x32, 0xA4,
76 0xCA, 0x10, 0x21, 0xF0, 0xD3, 0x5D, 0x0F, 0x00, 0x6F, 0x9D, 0x36, 0x42,
77 0x4A, 0x5E, 0xC1, 0xE0
78};
79
80static const u8 q1[256] = {
81 0x75, 0xF3, 0xC6, 0xF4, 0xDB, 0x7B, 0xFB, 0xC8, 0x4A, 0xD3, 0xE6, 0x6B,
82 0x45, 0x7D, 0xE8, 0x4B, 0xD6, 0x32, 0xD8, 0xFD, 0x37, 0x71, 0xF1, 0xE1,
83 0x30, 0x0F, 0xF8, 0x1B, 0x87, 0xFA, 0x06, 0x3F, 0x5E, 0xBA, 0xAE, 0x5B,
84 0x8A, 0x00, 0xBC, 0x9D, 0x6D, 0xC1, 0xB1, 0x0E, 0x80, 0x5D, 0xD2, 0xD5,
85 0xA0, 0x84, 0x07, 0x14, 0xB5, 0x90, 0x2C, 0xA3, 0xB2, 0x73, 0x4C, 0x54,
86 0x92, 0x74, 0x36, 0x51, 0x38, 0xB0, 0xBD, 0x5A, 0xFC, 0x60, 0x62, 0x96,
87 0x6C, 0x42, 0xF7, 0x10, 0x7C, 0x28, 0x27, 0x8C, 0x13, 0x95, 0x9C, 0xC7,
88 0x24, 0x46, 0x3B, 0x70, 0xCA, 0xE3, 0x85, 0xCB, 0x11, 0xD0, 0x93, 0xB8,
89 0xA6, 0x83, 0x20, 0xFF, 0x9F, 0x77, 0xC3, 0xCC, 0x03, 0x6F, 0x08, 0xBF,
90 0x40, 0xE7, 0x2B, 0xE2, 0x79, 0x0C, 0xAA, 0x82, 0x41, 0x3A, 0xEA, 0xB9,
91 0xE4, 0x9A, 0xA4, 0x97, 0x7E, 0xDA, 0x7A, 0x17, 0x66, 0x94, 0xA1, 0x1D,
92 0x3D, 0xF0, 0xDE, 0xB3, 0x0B, 0x72, 0xA7, 0x1C, 0xEF, 0xD1, 0x53, 0x3E,
93 0x8F, 0x33, 0x26, 0x5F, 0xEC, 0x76, 0x2A, 0x49, 0x81, 0x88, 0xEE, 0x21,
94 0xC4, 0x1A, 0xEB, 0xD9, 0xC5, 0x39, 0x99, 0xCD, 0xAD, 0x31, 0x8B, 0x01,
95 0x18, 0x23, 0xDD, 0x1F, 0x4E, 0x2D, 0xF9, 0x48, 0x4F, 0xF2, 0x65, 0x8E,
96 0x78, 0x5C, 0x58, 0x19, 0x8D, 0xE5, 0x98, 0x57, 0x67, 0x7F, 0x05, 0x64,
97 0xAF, 0x63, 0xB6, 0xFE, 0xF5, 0xB7, 0x3C, 0xA5, 0xCE, 0xE9, 0x68, 0x44,
98 0xE0, 0x4D, 0x43, 0x69, 0x29, 0x2E, 0xAC, 0x15, 0x59, 0xA8, 0x0A, 0x9E,
99 0x6E, 0x47, 0xDF, 0x34, 0x35, 0x6A, 0xCF, 0xDC, 0x22, 0xC9, 0xC0, 0x9B,
100 0x89, 0xD4, 0xED, 0xAB, 0x12, 0xA2, 0x0D, 0x52, 0xBB, 0x02, 0x2F, 0xA9,
101 0xD7, 0x61, 0x1E, 0xB4, 0x50, 0x04, 0xF6, 0xC2, 0x16, 0x25, 0x86, 0x56,
102 0x55, 0x09, 0xBE, 0x91
103};
104
105/* These MDS tables are actually tables of MDS composed with q0 and q1,
106 * because it is only ever used that way and we can save some time by
107 * precomputing. Of course the main saving comes from precomputing the
108 * GF(2^8) multiplication involved in the MDS matrix multiply; by looking
109 * things up in these tables we reduce the matrix multiply to four lookups
110 * and three XORs. Semi-formally, the definition of these tables is:
111 * mds[0][i] = MDS (q1[i] 0 0 0)^T mds[1][i] = MDS (0 q0[i] 0 0)^T
112 * mds[2][i] = MDS (0 0 q1[i] 0)^T mds[3][i] = MDS (0 0 0 q0[i])^T
113 * where ^T means "transpose", the matrix multiply is performed in GF(2^8)
114 * represented as GF(2)[x]/v(x) where v(x)=x^8+x^6+x^5+x^3+1 as described
115 * by Schneier et al, and I'm casually glossing over the byte/word
116 * conversion issues. */
117
118static const u32 mds[4][256] = {
119 {0xBCBC3275, 0xECEC21F3, 0x202043C6, 0xB3B3C9F4, 0xDADA03DB, 0x02028B7B,
120 0xE2E22BFB, 0x9E9EFAC8, 0xC9C9EC4A, 0xD4D409D3, 0x18186BE6, 0x1E1E9F6B,
121 0x98980E45, 0xB2B2387D, 0xA6A6D2E8, 0x2626B74B, 0x3C3C57D6, 0x93938A32,
122 0x8282EED8, 0x525298FD, 0x7B7BD437, 0xBBBB3771, 0x5B5B97F1, 0x474783E1,
123 0x24243C30, 0x5151E20F, 0xBABAC6F8, 0x4A4AF31B, 0xBFBF4887, 0x0D0D70FA,
124 0xB0B0B306, 0x7575DE3F, 0xD2D2FD5E, 0x7D7D20BA, 0x666631AE, 0x3A3AA35B,
125 0x59591C8A, 0x00000000, 0xCDCD93BC, 0x1A1AE09D, 0xAEAE2C6D, 0x7F7FABC1,
126 0x2B2BC7B1, 0xBEBEB90E, 0xE0E0A080, 0x8A8A105D, 0x3B3B52D2, 0x6464BAD5,
127 0xD8D888A0, 0xE7E7A584, 0x5F5FE807, 0x1B1B1114, 0x2C2CC2B5, 0xFCFCB490,
128 0x3131272C, 0x808065A3, 0x73732AB2, 0x0C0C8173, 0x79795F4C, 0x6B6B4154,
129 0x4B4B0292, 0x53536974, 0x94948F36, 0x83831F51, 0x2A2A3638, 0xC4C49CB0,
130 0x2222C8BD, 0xD5D5F85A, 0xBDBDC3FC, 0x48487860, 0xFFFFCE62, 0x4C4C0796,
131 0x4141776C, 0xC7C7E642, 0xEBEB24F7, 0x1C1C1410, 0x5D5D637C, 0x36362228,
132 0x6767C027, 0xE9E9AF8C, 0x4444F913, 0x1414EA95, 0xF5F5BB9C, 0xCFCF18C7,
133 0x3F3F2D24, 0xC0C0E346, 0x7272DB3B, 0x54546C70, 0x29294CCA, 0xF0F035E3,
134 0x0808FE85, 0xC6C617CB, 0xF3F34F11, 0x8C8CE4D0, 0xA4A45993, 0xCACA96B8,
135 0x68683BA6, 0xB8B84D83, 0x38382820, 0xE5E52EFF, 0xADAD569F, 0x0B0B8477,
136 0xC8C81DC3, 0x9999FFCC, 0x5858ED03, 0x19199A6F, 0x0E0E0A08, 0x95957EBF,
137 0x70705040, 0xF7F730E7, 0x6E6ECF2B, 0x1F1F6EE2, 0xB5B53D79, 0x09090F0C,
138 0x616134AA, 0x57571682, 0x9F9F0B41, 0x9D9D803A, 0x111164EA, 0x2525CDB9,
139 0xAFAFDDE4, 0x4545089A, 0xDFDF8DA4, 0xA3A35C97, 0xEAEAD57E, 0x353558DA,
140 0xEDEDD07A, 0x4343FC17, 0xF8F8CB66, 0xFBFBB194, 0x3737D3A1, 0xFAFA401D,
141 0xC2C2683D, 0xB4B4CCF0, 0x32325DDE, 0x9C9C71B3, 0x5656E70B, 0xE3E3DA72,
142 0x878760A7, 0x15151B1C, 0xF9F93AEF, 0x6363BFD1, 0x3434A953, 0x9A9A853E,
143 0xB1B1428F, 0x7C7CD133, 0x88889B26, 0x3D3DA65F, 0xA1A1D7EC, 0xE4E4DF76,
144 0x8181942A, 0x91910149, 0x0F0FFB81, 0xEEEEAA88, 0x161661EE, 0xD7D77321,
145 0x9797F5C4, 0xA5A5A81A, 0xFEFE3FEB, 0x6D6DB5D9, 0x7878AEC5, 0xC5C56D39,
146 0x1D1DE599, 0x7676A4CD, 0x3E3EDCAD, 0xCBCB6731, 0xB6B6478B, 0xEFEF5B01,
147 0x12121E18, 0x6060C523, 0x6A6AB0DD, 0x4D4DF61F, 0xCECEE94E, 0xDEDE7C2D,
148 0x55559DF9, 0x7E7E5A48, 0x2121B24F, 0x03037AF2, 0xA0A02665, 0x5E5E198E,
149 0x5A5A6678, 0x65654B5C, 0x62624E58, 0xFDFD4519, 0x0606F48D, 0x404086E5,
150 0xF2F2BE98, 0x3333AC57, 0x17179067, 0x05058E7F, 0xE8E85E05, 0x4F4F7D64,
151 0x89896AAF, 0x10109563, 0x74742FB6, 0x0A0A75FE, 0x5C5C92F5, 0x9B9B74B7,
152 0x2D2D333C, 0x3030D6A5, 0x2E2E49CE, 0x494989E9, 0x46467268, 0x77775544,
153 0xA8A8D8E0, 0x9696044D, 0x2828BD43, 0xA9A92969, 0xD9D97929, 0x8686912E,
154 0xD1D187AC, 0xF4F44A15, 0x8D8D1559, 0xD6D682A8, 0xB9B9BC0A, 0x42420D9E,
155 0xF6F6C16E, 0x2F2FB847, 0xDDDD06DF, 0x23233934, 0xCCCC6235, 0xF1F1C46A,
156 0xC1C112CF, 0x8585EBDC, 0x8F8F9E22, 0x7171A1C9, 0x9090F0C0, 0xAAAA539B,
157 0x0101F189, 0x8B8BE1D4, 0x4E4E8CED, 0x8E8E6FAB, 0xABABA212, 0x6F6F3EA2,
158 0xE6E6540D, 0xDBDBF252, 0x92927BBB, 0xB7B7B602, 0x6969CA2F, 0x3939D9A9,
159 0xD3D30CD7, 0xA7A72361, 0xA2A2AD1E, 0xC3C399B4, 0x6C6C4450, 0x07070504,
160 0x04047FF6, 0x272746C2, 0xACACA716, 0xD0D07625, 0x50501386, 0xDCDCF756,
161 0x84841A55, 0xE1E15109, 0x7A7A25BE, 0x1313EF91},
162
163 {0xA9D93939, 0x67901717, 0xB3719C9C, 0xE8D2A6A6, 0x04050707, 0xFD985252,
164 0xA3658080, 0x76DFE4E4, 0x9A084545, 0x92024B4B, 0x80A0E0E0, 0x78665A5A,
165 0xE4DDAFAF, 0xDDB06A6A, 0xD1BF6363, 0x38362A2A, 0x0D54E6E6, 0xC6432020,
166 0x3562CCCC, 0x98BEF2F2, 0x181E1212, 0xF724EBEB, 0xECD7A1A1, 0x6C774141,
167 0x43BD2828, 0x7532BCBC, 0x37D47B7B, 0x269B8888, 0xFA700D0D, 0x13F94444,
168 0x94B1FBFB, 0x485A7E7E, 0xF27A0303, 0xD0E48C8C, 0x8B47B6B6, 0x303C2424,
169 0x84A5E7E7, 0x54416B6B, 0xDF06DDDD, 0x23C56060, 0x1945FDFD, 0x5BA33A3A,
170 0x3D68C2C2, 0x59158D8D, 0xF321ECEC, 0xAE316666, 0xA23E6F6F, 0x82165757,
171 0x63951010, 0x015BEFEF, 0x834DB8B8, 0x2E918686, 0xD9B56D6D, 0x511F8383,
172 0x9B53AAAA, 0x7C635D5D, 0xA63B6868, 0xEB3FFEFE, 0xA5D63030, 0xBE257A7A,
173 0x16A7ACAC, 0x0C0F0909, 0xE335F0F0, 0x6123A7A7, 0xC0F09090, 0x8CAFE9E9,
174 0x3A809D9D, 0xF5925C5C, 0x73810C0C, 0x2C273131, 0x2576D0D0, 0x0BE75656,
175 0xBB7B9292, 0x4EE9CECE, 0x89F10101, 0x6B9F1E1E, 0x53A93434, 0x6AC4F1F1,
176 0xB499C3C3, 0xF1975B5B, 0xE1834747, 0xE66B1818, 0xBDC82222, 0x450E9898,
177 0xE26E1F1F, 0xF4C9B3B3, 0xB62F7474, 0x66CBF8F8, 0xCCFF9999, 0x95EA1414,
178 0x03ED5858, 0x56F7DCDC, 0xD4E18B8B, 0x1C1B1515, 0x1EADA2A2, 0xD70CD3D3,
179 0xFB2BE2E2, 0xC31DC8C8, 0x8E195E5E, 0xB5C22C2C, 0xE9894949, 0xCF12C1C1,
180 0xBF7E9595, 0xBA207D7D, 0xEA641111, 0x77840B0B, 0x396DC5C5, 0xAF6A8989,
181 0x33D17C7C, 0xC9A17171, 0x62CEFFFF, 0x7137BBBB, 0x81FB0F0F, 0x793DB5B5,
182 0x0951E1E1, 0xADDC3E3E, 0x242D3F3F, 0xCDA47676, 0xF99D5555, 0xD8EE8282,
183 0xE5864040, 0xC5AE7878, 0xB9CD2525, 0x4D049696, 0x44557777, 0x080A0E0E,
184 0x86135050, 0xE730F7F7, 0xA1D33737, 0x1D40FAFA, 0xAA346161, 0xED8C4E4E,
185 0x06B3B0B0, 0x706C5454, 0xB22A7373, 0xD2523B3B, 0x410B9F9F, 0x7B8B0202,
186 0xA088D8D8, 0x114FF3F3, 0x3167CBCB, 0xC2462727, 0x27C06767, 0x90B4FCFC,
187 0x20283838, 0xF67F0404, 0x60784848, 0xFF2EE5E5, 0x96074C4C, 0x5C4B6565,
188 0xB1C72B2B, 0xAB6F8E8E, 0x9E0D4242, 0x9CBBF5F5, 0x52F2DBDB, 0x1BF34A4A,
189 0x5FA63D3D, 0x9359A4A4, 0x0ABCB9B9, 0xEF3AF9F9, 0x91EF1313, 0x85FE0808,
190 0x49019191, 0xEE611616, 0x2D7CDEDE, 0x4FB22121, 0x8F42B1B1, 0x3BDB7272,
191 0x47B82F2F, 0x8748BFBF, 0x6D2CAEAE, 0x46E3C0C0, 0xD6573C3C, 0x3E859A9A,
192 0x6929A9A9, 0x647D4F4F, 0x2A948181, 0xCE492E2E, 0xCB17C6C6, 0x2FCA6969,
193 0xFCC3BDBD, 0x975CA3A3, 0x055EE8E8, 0x7AD0EDED, 0xAC87D1D1, 0x7F8E0505,
194 0xD5BA6464, 0x1AA8A5A5, 0x4BB72626, 0x0EB9BEBE, 0xA7608787, 0x5AF8D5D5,
195 0x28223636, 0x14111B1B, 0x3FDE7575, 0x2979D9D9, 0x88AAEEEE, 0x3C332D2D,
196 0x4C5F7979, 0x02B6B7B7, 0xB896CACA, 0xDA583535, 0xB09CC4C4, 0x17FC4343,
197 0x551A8484, 0x1FF64D4D, 0x8A1C5959, 0x7D38B2B2, 0x57AC3333, 0xC718CFCF,
198 0x8DF40606, 0x74695353, 0xB7749B9B, 0xC4F59797, 0x9F56ADAD, 0x72DAE3E3,
199 0x7ED5EAEA, 0x154AF4F4, 0x229E8F8F, 0x12A2ABAB, 0x584E6262, 0x07E85F5F,
200 0x99E51D1D, 0x34392323, 0x6EC1F6F6, 0x50446C6C, 0xDE5D3232, 0x68724646,
201 0x6526A0A0, 0xBC93CDCD, 0xDB03DADA, 0xF8C6BABA, 0xC8FA9E9E, 0xA882D6D6,
202 0x2BCF6E6E, 0x40507070, 0xDCEB8585, 0xFE750A0A, 0x328A9393, 0xA48DDFDF,
203 0xCA4C2929, 0x10141C1C, 0x2173D7D7, 0xF0CCB4B4, 0xD309D4D4, 0x5D108A8A,
204 0x0FE25151, 0x00000000, 0x6F9A1919, 0x9DE01A1A, 0x368F9494, 0x42E6C7C7,
205 0x4AECC9C9, 0x5EFDD2D2, 0xC1AB7F7F, 0xE0D8A8A8},
206
207 {0xBC75BC32, 0xECF3EC21, 0x20C62043, 0xB3F4B3C9, 0xDADBDA03, 0x027B028B,
208 0xE2FBE22B, 0x9EC89EFA, 0xC94AC9EC, 0xD4D3D409, 0x18E6186B, 0x1E6B1E9F,
209 0x9845980E, 0xB27DB238, 0xA6E8A6D2, 0x264B26B7, 0x3CD63C57, 0x9332938A,
210 0x82D882EE, 0x52FD5298, 0x7B377BD4, 0xBB71BB37, 0x5BF15B97, 0x47E14783,
211 0x2430243C, 0x510F51E2, 0xBAF8BAC6, 0x4A1B4AF3, 0xBF87BF48, 0x0DFA0D70,
212 0xB006B0B3, 0x753F75DE, 0xD25ED2FD, 0x7DBA7D20, 0x66AE6631, 0x3A5B3AA3,
213 0x598A591C, 0x00000000, 0xCDBCCD93, 0x1A9D1AE0, 0xAE6DAE2C, 0x7FC17FAB,
214 0x2BB12BC7, 0xBE0EBEB9, 0xE080E0A0, 0x8A5D8A10, 0x3BD23B52, 0x64D564BA,
215 0xD8A0D888, 0xE784E7A5, 0x5F075FE8, 0x1B141B11, 0x2CB52CC2, 0xFC90FCB4,
216 0x312C3127, 0x80A38065, 0x73B2732A, 0x0C730C81, 0x794C795F, 0x6B546B41,
217 0x4B924B02, 0x53745369, 0x9436948F, 0x8351831F, 0x2A382A36, 0xC4B0C49C,
218 0x22BD22C8, 0xD55AD5F8, 0xBDFCBDC3, 0x48604878, 0xFF62FFCE, 0x4C964C07,
219 0x416C4177, 0xC742C7E6, 0xEBF7EB24, 0x1C101C14, 0x5D7C5D63, 0x36283622,
220 0x672767C0, 0xE98CE9AF, 0x441344F9, 0x149514EA, 0xF59CF5BB, 0xCFC7CF18,
221 0x3F243F2D, 0xC046C0E3, 0x723B72DB, 0x5470546C, 0x29CA294C, 0xF0E3F035,
222 0x088508FE, 0xC6CBC617, 0xF311F34F, 0x8CD08CE4, 0xA493A459, 0xCAB8CA96,
223 0x68A6683B, 0xB883B84D, 0x38203828, 0xE5FFE52E, 0xAD9FAD56, 0x0B770B84,
224 0xC8C3C81D, 0x99CC99FF, 0x580358ED, 0x196F199A, 0x0E080E0A, 0x95BF957E,
225 0x70407050, 0xF7E7F730, 0x6E2B6ECF, 0x1FE21F6E, 0xB579B53D, 0x090C090F,
226 0x61AA6134, 0x57825716, 0x9F419F0B, 0x9D3A9D80, 0x11EA1164, 0x25B925CD,
227 0xAFE4AFDD, 0x459A4508, 0xDFA4DF8D, 0xA397A35C, 0xEA7EEAD5, 0x35DA3558,
228 0xED7AEDD0, 0x431743FC, 0xF866F8CB, 0xFB94FBB1, 0x37A137D3, 0xFA1DFA40,
229 0xC23DC268, 0xB4F0B4CC, 0x32DE325D, 0x9CB39C71, 0x560B56E7, 0xE372E3DA,
230 0x87A78760, 0x151C151B, 0xF9EFF93A, 0x63D163BF, 0x345334A9, 0x9A3E9A85,
231 0xB18FB142, 0x7C337CD1, 0x8826889B, 0x3D5F3DA6, 0xA1ECA1D7, 0xE476E4DF,
232 0x812A8194, 0x91499101, 0x0F810FFB, 0xEE88EEAA, 0x16EE1661, 0xD721D773,
233 0x97C497F5, 0xA51AA5A8, 0xFEEBFE3F, 0x6DD96DB5, 0x78C578AE, 0xC539C56D,
234 0x1D991DE5, 0x76CD76A4, 0x3EAD3EDC, 0xCB31CB67, 0xB68BB647, 0xEF01EF5B,
235 0x1218121E, 0x602360C5, 0x6ADD6AB0, 0x4D1F4DF6, 0xCE4ECEE9, 0xDE2DDE7C,
236 0x55F9559D, 0x7E487E5A, 0x214F21B2, 0x03F2037A, 0xA065A026, 0x5E8E5E19,
237 0x5A785A66, 0x655C654B, 0x6258624E, 0xFD19FD45, 0x068D06F4, 0x40E54086,
238 0xF298F2BE, 0x335733AC, 0x17671790, 0x057F058E, 0xE805E85E, 0x4F644F7D,
239 0x89AF896A, 0x10631095, 0x74B6742F, 0x0AFE0A75, 0x5CF55C92, 0x9BB79B74,
240 0x2D3C2D33, 0x30A530D6, 0x2ECE2E49, 0x49E94989, 0x46684672, 0x77447755,
241 0xA8E0A8D8, 0x964D9604, 0x284328BD, 0xA969A929, 0xD929D979, 0x862E8691,
242 0xD1ACD187, 0xF415F44A, 0x8D598D15, 0xD6A8D682, 0xB90AB9BC, 0x429E420D,
243 0xF66EF6C1, 0x2F472FB8, 0xDDDFDD06, 0x23342339, 0xCC35CC62, 0xF16AF1C4,
244 0xC1CFC112, 0x85DC85EB, 0x8F228F9E, 0x71C971A1, 0x90C090F0, 0xAA9BAA53,
245 0x018901F1, 0x8BD48BE1, 0x4EED4E8C, 0x8EAB8E6F, 0xAB12ABA2, 0x6FA26F3E,
246 0xE60DE654, 0xDB52DBF2, 0x92BB927B, 0xB702B7B6, 0x692F69CA, 0x39A939D9,
247 0xD3D7D30C, 0xA761A723, 0xA21EA2AD, 0xC3B4C399, 0x6C506C44, 0x07040705,
248 0x04F6047F, 0x27C22746, 0xAC16ACA7, 0xD025D076, 0x50865013, 0xDC56DCF7,
249 0x8455841A, 0xE109E151, 0x7ABE7A25, 0x139113EF},
250
251 {0xD939A9D9, 0x90176790, 0x719CB371, 0xD2A6E8D2, 0x05070405, 0x9852FD98,
252 0x6580A365, 0xDFE476DF, 0x08459A08, 0x024B9202, 0xA0E080A0, 0x665A7866,
253 0xDDAFE4DD, 0xB06ADDB0, 0xBF63D1BF, 0x362A3836, 0x54E60D54, 0x4320C643,
254 0x62CC3562, 0xBEF298BE, 0x1E12181E, 0x24EBF724, 0xD7A1ECD7, 0x77416C77,
255 0xBD2843BD, 0x32BC7532, 0xD47B37D4, 0x9B88269B, 0x700DFA70, 0xF94413F9,
256 0xB1FB94B1, 0x5A7E485A, 0x7A03F27A, 0xE48CD0E4, 0x47B68B47, 0x3C24303C,
257 0xA5E784A5, 0x416B5441, 0x06DDDF06, 0xC56023C5, 0x45FD1945, 0xA33A5BA3,
258 0x68C23D68, 0x158D5915, 0x21ECF321, 0x3166AE31, 0x3E6FA23E, 0x16578216,
259 0x95106395, 0x5BEF015B, 0x4DB8834D, 0x91862E91, 0xB56DD9B5, 0x1F83511F,
260 0x53AA9B53, 0x635D7C63, 0x3B68A63B, 0x3FFEEB3F, 0xD630A5D6, 0x257ABE25,
261 0xA7AC16A7, 0x0F090C0F, 0x35F0E335, 0x23A76123, 0xF090C0F0, 0xAFE98CAF,
262 0x809D3A80, 0x925CF592, 0x810C7381, 0x27312C27, 0x76D02576, 0xE7560BE7,
263 0x7B92BB7B, 0xE9CE4EE9, 0xF10189F1, 0x9F1E6B9F, 0xA93453A9, 0xC4F16AC4,
264 0x99C3B499, 0x975BF197, 0x8347E183, 0x6B18E66B, 0xC822BDC8, 0x0E98450E,
265 0x6E1FE26E, 0xC9B3F4C9, 0x2F74B62F, 0xCBF866CB, 0xFF99CCFF, 0xEA1495EA,
266 0xED5803ED, 0xF7DC56F7, 0xE18BD4E1, 0x1B151C1B, 0xADA21EAD, 0x0CD3D70C,
267 0x2BE2FB2B, 0x1DC8C31D, 0x195E8E19, 0xC22CB5C2, 0x8949E989, 0x12C1CF12,
268 0x7E95BF7E, 0x207DBA20, 0x6411EA64, 0x840B7784, 0x6DC5396D, 0x6A89AF6A,
269 0xD17C33D1, 0xA171C9A1, 0xCEFF62CE, 0x37BB7137, 0xFB0F81FB, 0x3DB5793D,
270 0x51E10951, 0xDC3EADDC, 0x2D3F242D, 0xA476CDA4, 0x9D55F99D, 0xEE82D8EE,
271 0x8640E586, 0xAE78C5AE, 0xCD25B9CD, 0x04964D04, 0x55774455, 0x0A0E080A,
272 0x13508613, 0x30F7E730, 0xD337A1D3, 0x40FA1D40, 0x3461AA34, 0x8C4EED8C,
273 0xB3B006B3, 0x6C54706C, 0x2A73B22A, 0x523BD252, 0x0B9F410B, 0x8B027B8B,
274 0x88D8A088, 0x4FF3114F, 0x67CB3167, 0x4627C246, 0xC06727C0, 0xB4FC90B4,
275 0x28382028, 0x7F04F67F, 0x78486078, 0x2EE5FF2E, 0x074C9607, 0x4B655C4B,
276 0xC72BB1C7, 0x6F8EAB6F, 0x0D429E0D, 0xBBF59CBB, 0xF2DB52F2, 0xF34A1BF3,
277 0xA63D5FA6, 0x59A49359, 0xBCB90ABC, 0x3AF9EF3A, 0xEF1391EF, 0xFE0885FE,
278 0x01914901, 0x6116EE61, 0x7CDE2D7C, 0xB2214FB2, 0x42B18F42, 0xDB723BDB,
279 0xB82F47B8, 0x48BF8748, 0x2CAE6D2C, 0xE3C046E3, 0x573CD657, 0x859A3E85,
280 0x29A96929, 0x7D4F647D, 0x94812A94, 0x492ECE49, 0x17C6CB17, 0xCA692FCA,
281 0xC3BDFCC3, 0x5CA3975C, 0x5EE8055E, 0xD0ED7AD0, 0x87D1AC87, 0x8E057F8E,
282 0xBA64D5BA, 0xA8A51AA8, 0xB7264BB7, 0xB9BE0EB9, 0x6087A760, 0xF8D55AF8,
283 0x22362822, 0x111B1411, 0xDE753FDE, 0x79D92979, 0xAAEE88AA, 0x332D3C33,
284 0x5F794C5F, 0xB6B702B6, 0x96CAB896, 0x5835DA58, 0x9CC4B09C, 0xFC4317FC,
285 0x1A84551A, 0xF64D1FF6, 0x1C598A1C, 0x38B27D38, 0xAC3357AC, 0x18CFC718,
286 0xF4068DF4, 0x69537469, 0x749BB774, 0xF597C4F5, 0x56AD9F56, 0xDAE372DA,
287 0xD5EA7ED5, 0x4AF4154A, 0x9E8F229E, 0xA2AB12A2, 0x4E62584E, 0xE85F07E8,
288 0xE51D99E5, 0x39233439, 0xC1F66EC1, 0x446C5044, 0x5D32DE5D, 0x72466872,
289 0x26A06526, 0x93CDBC93, 0x03DADB03, 0xC6BAF8C6, 0xFA9EC8FA, 0x82D6A882,
290 0xCF6E2BCF, 0x50704050, 0xEB85DCEB, 0x750AFE75, 0x8A93328A, 0x8DDFA48D,
291 0x4C29CA4C, 0x141C1014, 0x73D72173, 0xCCB4F0CC, 0x09D4D309, 0x108A5D10,
292 0xE2510FE2, 0x00000000, 0x9A196F9A, 0xE01A9DE0, 0x8F94368F, 0xE6C742E6,
293 0xECC94AEC, 0xFDD25EFD, 0xAB7FC1AB, 0xD8A8E0D8}
294};
295
296/* The exp_to_poly and poly_to_exp tables are used to perform efficient
297 * operations in GF(2^8) represented as GF(2)[x]/w(x) where
298 * w(x)=x^8+x^6+x^3+x^2+1. We care about doing that because it's part of the
299 * definition of the RS matrix in the key schedule. Elements of that field
300 * are polynomials of degree not greater than 7 and all coefficients 0 or 1,
301 * which can be represented naturally by bytes (just substitute x=2). In that
302 * form, GF(2^8) addition is the same as bitwise XOR, but GF(2^8)
303 * multiplication is inefficient without hardware support. To multiply
304 * faster, I make use of the fact x is a generator for the nonzero elements,
305 * so that every element p of GF(2)[x]/w(x) is either 0 or equal to (x)^n for
306 * some n in 0..254. Note that that caret is exponentiation in GF(2^8),
307 * *not* polynomial notation. So if I want to compute pq where p and q are
308 * in GF(2^8), I can just say:
309 * 1. if p=0 or q=0 then pq=0
310 * 2. otherwise, find m and n such that p=x^m and q=x^n
311 * 3. pq=(x^m)(x^n)=x^(m+n), so add m and n and find pq
312 * The translations in steps 2 and 3 are looked up in the tables
313 * poly_to_exp (for step 2) and exp_to_poly (for step 3). To see this
314 * in action, look at the CALC_S macro. As additional wrinkles, note that
315 * one of my operands is always a constant, so the poly_to_exp lookup on it
316 * is done in advance; I included the original values in the comments so
317 * readers can have some chance of recognizing that this *is* the RS matrix
318 * from the Twofish paper. I've only included the table entries I actually
319 * need; I never do a lookup on a variable input of zero and the biggest
320 * exponents I'll ever see are 254 (variable) and 237 (constant), so they'll
321 * never sum to more than 491. I'm repeating part of the exp_to_poly table
322 * so that I don't have to do mod-255 reduction in the exponent arithmetic.
323 * Since I know my constant operands are never zero, I only have to worry
324 * about zero values in the variable operand, and I do it with a simple
325 * conditional branch. I know conditionals are expensive, but I couldn't
326 * see a non-horrible way of avoiding them, and I did manage to group the
327 * statements so that each if covers four group multiplications. */
328
329static const u8 poly_to_exp[255] = {
330 0x00, 0x01, 0x17, 0x02, 0x2E, 0x18, 0x53, 0x03, 0x6A, 0x2F, 0x93, 0x19,
331 0x34, 0x54, 0x45, 0x04, 0x5C, 0x6B, 0xB6, 0x30, 0xA6, 0x94, 0x4B, 0x1A,
332 0x8C, 0x35, 0x81, 0x55, 0xAA, 0x46, 0x0D, 0x05, 0x24, 0x5D, 0x87, 0x6C,
333 0x9B, 0xB7, 0xC1, 0x31, 0x2B, 0xA7, 0xA3, 0x95, 0x98, 0x4C, 0xCA, 0x1B,
334 0xE6, 0x8D, 0x73, 0x36, 0xCD, 0x82, 0x12, 0x56, 0x62, 0xAB, 0xF0, 0x47,
335 0x4F, 0x0E, 0xBD, 0x06, 0xD4, 0x25, 0xD2, 0x5E, 0x27, 0x88, 0x66, 0x6D,
336 0xD6, 0x9C, 0x79, 0xB8, 0x08, 0xC2, 0xDF, 0x32, 0x68, 0x2C, 0xFD, 0xA8,
337 0x8A, 0xA4, 0x5A, 0x96, 0x29, 0x99, 0x22, 0x4D, 0x60, 0xCB, 0xE4, 0x1C,
338 0x7B, 0xE7, 0x3B, 0x8E, 0x9E, 0x74, 0xF4, 0x37, 0xD8, 0xCE, 0xF9, 0x83,
339 0x6F, 0x13, 0xB2, 0x57, 0xE1, 0x63, 0xDC, 0xAC, 0xC4, 0xF1, 0xAF, 0x48,
340 0x0A, 0x50, 0x42, 0x0F, 0xBA, 0xBE, 0xC7, 0x07, 0xDE, 0xD5, 0x78, 0x26,
341 0x65, 0xD3, 0xD1, 0x5F, 0xE3, 0x28, 0x21, 0x89, 0x59, 0x67, 0xFC, 0x6E,
342 0xB1, 0xD7, 0xF8, 0x9D, 0xF3, 0x7A, 0x3A, 0xB9, 0xC6, 0x09, 0x41, 0xC3,
343 0xAE, 0xE0, 0xDB, 0x33, 0x44, 0x69, 0x92, 0x2D, 0x52, 0xFE, 0x16, 0xA9,
344 0x0C, 0x8B, 0x80, 0xA5, 0x4A, 0x5B, 0xB5, 0x97, 0xC9, 0x2A, 0xA2, 0x9A,
345 0xC0, 0x23, 0x86, 0x4E, 0xBC, 0x61, 0xEF, 0xCC, 0x11, 0xE5, 0x72, 0x1D,
346 0x3D, 0x7C, 0xEB, 0xE8, 0xE9, 0x3C, 0xEA, 0x8F, 0x7D, 0x9F, 0xEC, 0x75,
347 0x1E, 0xF5, 0x3E, 0x38, 0xF6, 0xD9, 0x3F, 0xCF, 0x76, 0xFA, 0x1F, 0x84,
348 0xA0, 0x70, 0xED, 0x14, 0x90, 0xB3, 0x7E, 0x58, 0xFB, 0xE2, 0x20, 0x64,
349 0xD0, 0xDD, 0x77, 0xAD, 0xDA, 0xC5, 0x40, 0xF2, 0x39, 0xB0, 0xF7, 0x49,
350 0xB4, 0x0B, 0x7F, 0x51, 0x15, 0x43, 0x91, 0x10, 0x71, 0xBB, 0xEE, 0xBF,
351 0x85, 0xC8, 0xA1
352};
353
354static const u8 exp_to_poly[492] = {
355 0x01, 0x02, 0x04, 0x08, 0x10, 0x20, 0x40, 0x80, 0x4D, 0x9A, 0x79, 0xF2,
356 0xA9, 0x1F, 0x3E, 0x7C, 0xF8, 0xBD, 0x37, 0x6E, 0xDC, 0xF5, 0xA7, 0x03,
357 0x06, 0x0C, 0x18, 0x30, 0x60, 0xC0, 0xCD, 0xD7, 0xE3, 0x8B, 0x5B, 0xB6,
358 0x21, 0x42, 0x84, 0x45, 0x8A, 0x59, 0xB2, 0x29, 0x52, 0xA4, 0x05, 0x0A,
359 0x14, 0x28, 0x50, 0xA0, 0x0D, 0x1A, 0x34, 0x68, 0xD0, 0xED, 0x97, 0x63,
360 0xC6, 0xC1, 0xCF, 0xD3, 0xEB, 0x9B, 0x7B, 0xF6, 0xA1, 0x0F, 0x1E, 0x3C,
361 0x78, 0xF0, 0xAD, 0x17, 0x2E, 0x5C, 0xB8, 0x3D, 0x7A, 0xF4, 0xA5, 0x07,
362 0x0E, 0x1C, 0x38, 0x70, 0xE0, 0x8D, 0x57, 0xAE, 0x11, 0x22, 0x44, 0x88,
363 0x5D, 0xBA, 0x39, 0x72, 0xE4, 0x85, 0x47, 0x8E, 0x51, 0xA2, 0x09, 0x12,
364 0x24, 0x48, 0x90, 0x6D, 0xDA, 0xF9, 0xBF, 0x33, 0x66, 0xCC, 0xD5, 0xE7,
365 0x83, 0x4B, 0x96, 0x61, 0xC2, 0xC9, 0xDF, 0xF3, 0xAB, 0x1B, 0x36, 0x6C,
366 0xD8, 0xFD, 0xB7, 0x23, 0x46, 0x8C, 0x55, 0xAA, 0x19, 0x32, 0x64, 0xC8,
367 0xDD, 0xF7, 0xA3, 0x0B, 0x16, 0x2C, 0x58, 0xB0, 0x2D, 0x5A, 0xB4, 0x25,
368 0x4A, 0x94, 0x65, 0xCA, 0xD9, 0xFF, 0xB3, 0x2B, 0x56, 0xAC, 0x15, 0x2A,
369 0x54, 0xA8, 0x1D, 0x3A, 0x74, 0xE8, 0x9D, 0x77, 0xEE, 0x91, 0x6F, 0xDE,
370 0xF1, 0xAF, 0x13, 0x26, 0x4C, 0x98, 0x7D, 0xFA, 0xB9, 0x3F, 0x7E, 0xFC,
371 0xB5, 0x27, 0x4E, 0x9C, 0x75, 0xEA, 0x99, 0x7F, 0xFE, 0xB1, 0x2F, 0x5E,
372 0xBC, 0x35, 0x6A, 0xD4, 0xE5, 0x87, 0x43, 0x86, 0x41, 0x82, 0x49, 0x92,
373 0x69, 0xD2, 0xE9, 0x9F, 0x73, 0xE6, 0x81, 0x4F, 0x9E, 0x71, 0xE2, 0x89,
374 0x5F, 0xBE, 0x31, 0x62, 0xC4, 0xC5, 0xC7, 0xC3, 0xCB, 0xDB, 0xFB, 0xBB,
375 0x3B, 0x76, 0xEC, 0x95, 0x67, 0xCE, 0xD1, 0xEF, 0x93, 0x6B, 0xD6, 0xE1,
376 0x8F, 0x53, 0xA6, 0x01, 0x02, 0x04, 0x08, 0x10, 0x20, 0x40, 0x80, 0x4D,
377 0x9A, 0x79, 0xF2, 0xA9, 0x1F, 0x3E, 0x7C, 0xF8, 0xBD, 0x37, 0x6E, 0xDC,
378 0xF5, 0xA7, 0x03, 0x06, 0x0C, 0x18, 0x30, 0x60, 0xC0, 0xCD, 0xD7, 0xE3,
379 0x8B, 0x5B, 0xB6, 0x21, 0x42, 0x84, 0x45, 0x8A, 0x59, 0xB2, 0x29, 0x52,
380 0xA4, 0x05, 0x0A, 0x14, 0x28, 0x50, 0xA0, 0x0D, 0x1A, 0x34, 0x68, 0xD0,
381 0xED, 0x97, 0x63, 0xC6, 0xC1, 0xCF, 0xD3, 0xEB, 0x9B, 0x7B, 0xF6, 0xA1,
382 0x0F, 0x1E, 0x3C, 0x78, 0xF0, 0xAD, 0x17, 0x2E, 0x5C, 0xB8, 0x3D, 0x7A,
383 0xF4, 0xA5, 0x07, 0x0E, 0x1C, 0x38, 0x70, 0xE0, 0x8D, 0x57, 0xAE, 0x11,
384 0x22, 0x44, 0x88, 0x5D, 0xBA, 0x39, 0x72, 0xE4, 0x85, 0x47, 0x8E, 0x51,
385 0xA2, 0x09, 0x12, 0x24, 0x48, 0x90, 0x6D, 0xDA, 0xF9, 0xBF, 0x33, 0x66,
386 0xCC, 0xD5, 0xE7, 0x83, 0x4B, 0x96, 0x61, 0xC2, 0xC9, 0xDF, 0xF3, 0xAB,
387 0x1B, 0x36, 0x6C, 0xD8, 0xFD, 0xB7, 0x23, 0x46, 0x8C, 0x55, 0xAA, 0x19,
388 0x32, 0x64, 0xC8, 0xDD, 0xF7, 0xA3, 0x0B, 0x16, 0x2C, 0x58, 0xB0, 0x2D,
389 0x5A, 0xB4, 0x25, 0x4A, 0x94, 0x65, 0xCA, 0xD9, 0xFF, 0xB3, 0x2B, 0x56,
390 0xAC, 0x15, 0x2A, 0x54, 0xA8, 0x1D, 0x3A, 0x74, 0xE8, 0x9D, 0x77, 0xEE,
391 0x91, 0x6F, 0xDE, 0xF1, 0xAF, 0x13, 0x26, 0x4C, 0x98, 0x7D, 0xFA, 0xB9,
392 0x3F, 0x7E, 0xFC, 0xB5, 0x27, 0x4E, 0x9C, 0x75, 0xEA, 0x99, 0x7F, 0xFE,
393 0xB1, 0x2F, 0x5E, 0xBC, 0x35, 0x6A, 0xD4, 0xE5, 0x87, 0x43, 0x86, 0x41,
394 0x82, 0x49, 0x92, 0x69, 0xD2, 0xE9, 0x9F, 0x73, 0xE6, 0x81, 0x4F, 0x9E,
395 0x71, 0xE2, 0x89, 0x5F, 0xBE, 0x31, 0x62, 0xC4, 0xC5, 0xC7, 0xC3, 0xCB
396};
397
398
399/* The table constants are indices of
400 * S-box entries, preprocessed through q0 and q1. */
401static const u8 calc_sb_tbl[512] = {
402 0xA9, 0x75, 0x67, 0xF3, 0xB3, 0xC6, 0xE8, 0xF4,
403 0x04, 0xDB, 0xFD, 0x7B, 0xA3, 0xFB, 0x76, 0xC8,
404 0x9A, 0x4A, 0x92, 0xD3, 0x80, 0xE6, 0x78, 0x6B,
405 0xE4, 0x45, 0xDD, 0x7D, 0xD1, 0xE8, 0x38, 0x4B,
406 0x0D, 0xD6, 0xC6, 0x32, 0x35, 0xD8, 0x98, 0xFD,
407 0x18, 0x37, 0xF7, 0x71, 0xEC, 0xF1, 0x6C, 0xE1,
408 0x43, 0x30, 0x75, 0x0F, 0x37, 0xF8, 0x26, 0x1B,
409 0xFA, 0x87, 0x13, 0xFA, 0x94, 0x06, 0x48, 0x3F,
410 0xF2, 0x5E, 0xD0, 0xBA, 0x8B, 0xAE, 0x30, 0x5B,
411 0x84, 0x8A, 0x54, 0x00, 0xDF, 0xBC, 0x23, 0x9D,
412 0x19, 0x6D, 0x5B, 0xC1, 0x3D, 0xB1, 0x59, 0x0E,
413 0xF3, 0x80, 0xAE, 0x5D, 0xA2, 0xD2, 0x82, 0xD5,
414 0x63, 0xA0, 0x01, 0x84, 0x83, 0x07, 0x2E, 0x14,
415 0xD9, 0xB5, 0x51, 0x90, 0x9B, 0x2C, 0x7C, 0xA3,
416 0xA6, 0xB2, 0xEB, 0x73, 0xA5, 0x4C, 0xBE, 0x54,
417 0x16, 0x92, 0x0C, 0x74, 0xE3, 0x36, 0x61, 0x51,
418 0xC0, 0x38, 0x8C, 0xB0, 0x3A, 0xBD, 0xF5, 0x5A,
419 0x73, 0xFC, 0x2C, 0x60, 0x25, 0x62, 0x0B, 0x96,
420 0xBB, 0x6C, 0x4E, 0x42, 0x89, 0xF7, 0x6B, 0x10,
421 0x53, 0x7C, 0x6A, 0x28, 0xB4, 0x27, 0xF1, 0x8C,
422 0xE1, 0x13, 0xE6, 0x95, 0xBD, 0x9C, 0x45, 0xC7,
423 0xE2, 0x24, 0xF4, 0x46, 0xB6, 0x3B, 0x66, 0x70,
424 0xCC, 0xCA, 0x95, 0xE3, 0x03, 0x85, 0x56, 0xCB,
425 0xD4, 0x11, 0x1C, 0xD0, 0x1E, 0x93, 0xD7, 0xB8,
426 0xFB, 0xA6, 0xC3, 0x83, 0x8E, 0x20, 0xB5, 0xFF,
427 0xE9, 0x9F, 0xCF, 0x77, 0xBF, 0xC3, 0xBA, 0xCC,
428 0xEA, 0x03, 0x77, 0x6F, 0x39, 0x08, 0xAF, 0xBF,
429 0x33, 0x40, 0xC9, 0xE7, 0x62, 0x2B, 0x71, 0xE2,
430 0x81, 0x79, 0x79, 0x0C, 0x09, 0xAA, 0xAD, 0x82,
431 0x24, 0x41, 0xCD, 0x3A, 0xF9, 0xEA, 0xD8, 0xB9,
432 0xE5, 0xE4, 0xC5, 0x9A, 0xB9, 0xA4, 0x4D, 0x97,
433 0x44, 0x7E, 0x08, 0xDA, 0x86, 0x7A, 0xE7, 0x17,
434 0xA1, 0x66, 0x1D, 0x94, 0xAA, 0xA1, 0xED, 0x1D,
435 0x06, 0x3D, 0x70, 0xF0, 0xB2, 0xDE, 0xD2, 0xB3,
436 0x41, 0x0B, 0x7B, 0x72, 0xA0, 0xA7, 0x11, 0x1C,
437 0x31, 0xEF, 0xC2, 0xD1, 0x27, 0x53, 0x90, 0x3E,
438 0x20, 0x8F, 0xF6, 0x33, 0x60, 0x26, 0xFF, 0x5F,
439 0x96, 0xEC, 0x5C, 0x76, 0xB1, 0x2A, 0xAB, 0x49,
440 0x9E, 0x81, 0x9C, 0x88, 0x52, 0xEE, 0x1B, 0x21,
441 0x5F, 0xC4, 0x93, 0x1A, 0x0A, 0xEB, 0xEF, 0xD9,
442 0x91, 0xC5, 0x85, 0x39, 0x49, 0x99, 0xEE, 0xCD,
443 0x2D, 0xAD, 0x4F, 0x31, 0x8F, 0x8B, 0x3B, 0x01,
444 0x47, 0x18, 0x87, 0x23, 0x6D, 0xDD, 0x46, 0x1F,
445 0xD6, 0x4E, 0x3E, 0x2D, 0x69, 0xF9, 0x64, 0x48,
446 0x2A, 0x4F, 0xCE, 0xF2, 0xCB, 0x65, 0x2F, 0x8E,
447 0xFC, 0x78, 0x97, 0x5C, 0x05, 0x58, 0x7A, 0x19,
448 0xAC, 0x8D, 0x7F, 0xE5, 0xD5, 0x98, 0x1A, 0x57,
449 0x4B, 0x67, 0x0E, 0x7F, 0xA7, 0x05, 0x5A, 0x64,
450 0x28, 0xAF, 0x14, 0x63, 0x3F, 0xB6, 0x29, 0xFE,
451 0x88, 0xF5, 0x3C, 0xB7, 0x4C, 0x3C, 0x02, 0xA5,
452 0xB8, 0xCE, 0xDA, 0xE9, 0xB0, 0x68, 0x17, 0x44,
453 0x55, 0xE0, 0x1F, 0x4D, 0x8A, 0x43, 0x7D, 0x69,
454 0x57, 0x29, 0xC7, 0x2E, 0x8D, 0xAC, 0x74, 0x15,
455 0xB7, 0x59, 0xC4, 0xA8, 0x9F, 0x0A, 0x72, 0x9E,
456 0x7E, 0x6E, 0x15, 0x47, 0x22, 0xDF, 0x12, 0x34,
457 0x58, 0x35, 0x07, 0x6A, 0x99, 0xCF, 0x34, 0xDC,
458 0x6E, 0x22, 0x50, 0xC9, 0xDE, 0xC0, 0x68, 0x9B,
459 0x65, 0x89, 0xBC, 0xD4, 0xDB, 0xED, 0xF8, 0xAB,
460 0xC8, 0x12, 0xA8, 0xA2, 0x2B, 0x0D, 0x40, 0x52,
461 0xDC, 0xBB, 0xFE, 0x02, 0x32, 0x2F, 0xA4, 0xA9,
462 0xCA, 0xD7, 0x10, 0x61, 0x21, 0x1E, 0xF0, 0xB4,
463 0xD3, 0x50, 0x5D, 0x04, 0x0F, 0xF6, 0x00, 0xC2,
464 0x6F, 0x16, 0x9D, 0x25, 0x36, 0x86, 0x42, 0x56,
465 0x4A, 0x55, 0x5E, 0x09, 0xC1, 0xBE, 0xE0, 0x91
466};
467
468/* Macro to perform one column of the RS matrix multiplication. The
469 * parameters a, b, c, and d are the four bytes of output; i is the index
470 * of the key bytes, and w, x, y, and z, are the column of constants from
471 * the RS matrix, preprocessed through the poly_to_exp table. */
472
473#define CALC_S(a, b, c, d, i, w, x, y, z) \
474 if (key[i]) { \
475 tmp = poly_to_exp[key[i] - 1]; \
476 (a) ^= exp_to_poly[tmp + (w)]; \
477 (b) ^= exp_to_poly[tmp + (x)]; \
478 (c) ^= exp_to_poly[tmp + (y)]; \
479 (d) ^= exp_to_poly[tmp + (z)]; \
480 }
481
482/* Macros to calculate the key-dependent S-boxes for a 128-bit key using
483 * the S vector from CALC_S. CALC_SB_2 computes a single entry in all
484 * four S-boxes, where i is the index of the entry to compute, and a and b
485 * are the index numbers preprocessed through the q0 and q1 tables
486 * respectively. */
487
488#define CALC_SB_2(i, a, b) \
489 ctx->s[0][i] = mds[0][q0[(a) ^ sa] ^ se]; \
490 ctx->s[1][i] = mds[1][q0[(b) ^ sb] ^ sf]; \
491 ctx->s[2][i] = mds[2][q1[(a) ^ sc] ^ sg]; \
492 ctx->s[3][i] = mds[3][q1[(b) ^ sd] ^ sh]
493
494/* Macro exactly like CALC_SB_2, but for 192-bit keys. */
495
496#define CALC_SB192_2(i, a, b) \
497 ctx->s[0][i] = mds[0][q0[q0[(b) ^ sa] ^ se] ^ si]; \
498 ctx->s[1][i] = mds[1][q0[q1[(b) ^ sb] ^ sf] ^ sj]; \
499 ctx->s[2][i] = mds[2][q1[q0[(a) ^ sc] ^ sg] ^ sk]; \
500 ctx->s[3][i] = mds[3][q1[q1[(a) ^ sd] ^ sh] ^ sl];
501
502/* Macro exactly like CALC_SB_2, but for 256-bit keys. */
503
504#define CALC_SB256_2(i, a, b) \
505 ctx->s[0][i] = mds[0][q0[q0[q1[(b) ^ sa] ^ se] ^ si] ^ sm]; \
506 ctx->s[1][i] = mds[1][q0[q1[q1[(a) ^ sb] ^ sf] ^ sj] ^ sn]; \
507 ctx->s[2][i] = mds[2][q1[q0[q0[(a) ^ sc] ^ sg] ^ sk] ^ so]; \
508 ctx->s[3][i] = mds[3][q1[q1[q0[(b) ^ sd] ^ sh] ^ sl] ^ sp];
509
510/* Macros to calculate the whitening and round subkeys. CALC_K_2 computes the
511 * last two stages of the h() function for a given index (either 2i or 2i+1).
512 * a, b, c, and d are the four bytes going into the last two stages. For
513 * 128-bit keys, this is the entire h() function and a and c are the index
514 * preprocessed through q0 and q1 respectively; for longer keys they are the
515 * output of previous stages. j is the index of the first key byte to use.
516 * CALC_K computes a pair of subkeys for 128-bit Twofish, by calling CALC_K_2
517 * twice, doing the Pseudo-Hadamard Transform, and doing the necessary
518 * rotations. Its parameters are: a, the array to write the results into,
519 * j, the index of the first output entry, k and l, the preprocessed indices
520 * for index 2i, and m and n, the preprocessed indices for index 2i+1.
521 * CALC_K192_2 expands CALC_K_2 to handle 192-bit keys, by doing an
522 * additional lookup-and-XOR stage. The parameters a, b, c and d are the
523 * four bytes going into the last three stages. For 192-bit keys, c = d
524 * are the index preprocessed through q0, and a = b are the index
525 * preprocessed through q1; j is the index of the first key byte to use.
526 * CALC_K192 is identical to CALC_K but for using the CALC_K192_2 macro
527 * instead of CALC_K_2.
528 * CALC_K256_2 expands CALC_K192_2 to handle 256-bit keys, by doing an
529 * additional lookup-and-XOR stage. The parameters a and b are the index
530 * preprocessed through q0 and q1 respectively; j is the index of the first
531 * key byte to use. CALC_K256 is identical to CALC_K but for using the
532 * CALC_K256_2 macro instead of CALC_K_2. */
533
534#define CALC_K_2(a, b, c, d, j) \
535 mds[0][q0[a ^ key[(j) + 8]] ^ key[j]] \
536 ^ mds[1][q0[b ^ key[(j) + 9]] ^ key[(j) + 1]] \
537 ^ mds[2][q1[c ^ key[(j) + 10]] ^ key[(j) + 2]] \
538 ^ mds[3][q1[d ^ key[(j) + 11]] ^ key[(j) + 3]]
539
540#define CALC_K(a, j, k, l, m, n) \
541 x = CALC_K_2 (k, l, k, l, 0); \
542 y = CALC_K_2 (m, n, m, n, 4); \
543 y = (y << 8) + (y >> 24); \
544 x += y; y += x; ctx->a[j] = x; \
545 ctx->a[(j) + 1] = (y << 9) + (y >> 23)
546
547#define CALC_K192_2(a, b, c, d, j) \
548 CALC_K_2 (q0[a ^ key[(j) + 16]], \
549 q1[b ^ key[(j) + 17]], \
550 q0[c ^ key[(j) + 18]], \
551 q1[d ^ key[(j) + 19]], j)
552
553#define CALC_K192(a, j, k, l, m, n) \
554 x = CALC_K192_2 (l, l, k, k, 0); \
555 y = CALC_K192_2 (n, n, m, m, 4); \
556 y = (y << 8) + (y >> 24); \
557 x += y; y += x; ctx->a[j] = x; \
558 ctx->a[(j) + 1] = (y << 9) + (y >> 23)
559
560#define CALC_K256_2(a, b, j) \
561 CALC_K192_2 (q1[b ^ key[(j) + 24]], \
562 q1[a ^ key[(j) + 25]], \
563 q0[a ^ key[(j) + 26]], \
564 q0[b ^ key[(j) + 27]], j)
565
566#define CALC_K256(a, j, k, l, m, n) \
567 x = CALC_K256_2 (k, l, 0); \
568 y = CALC_K256_2 (m, n, 4); \
569 y = (y << 8) + (y >> 24); \
570 x += y; y += x; ctx->a[j] = x; \
571 ctx->a[(j) + 1] = (y << 9) + (y >> 23)
572
573
574/* Macros to compute the g() function in the encryption and decryption
575 * rounds. G1 is the straight g() function; G2 includes the 8-bit
576 * rotation for the high 32-bit word. */
577
578#define G1(a) \
579 (ctx->s[0][(a) & 0xFF]) ^ (ctx->s[1][((a) >> 8) & 0xFF]) \
580 ^ (ctx->s[2][((a) >> 16) & 0xFF]) ^ (ctx->s[3][(a) >> 24])
581
582#define G2(b) \
583 (ctx->s[1][(b) & 0xFF]) ^ (ctx->s[2][((b) >> 8) & 0xFF]) \
584 ^ (ctx->s[3][((b) >> 16) & 0xFF]) ^ (ctx->s[0][(b) >> 24])
585
586/* Encryption and decryption Feistel rounds. Each one calls the two g()
587 * macros, does the PHT, and performs the XOR and the appropriate bit
588 * rotations. The parameters are the round number (used to select subkeys),
589 * and the four 32-bit chunks of the text. */
590
591#define ENCROUND(n, a, b, c, d) \
592 x = G1 (a); y = G2 (b); \
593 x += y; y += x + ctx->k[2 * (n) + 1]; \
594 (c) ^= x + ctx->k[2 * (n)]; \
595 (c) = ((c) >> 1) + ((c) << 31); \
596 (d) = (((d) << 1)+((d) >> 31)) ^ y
597
598#define DECROUND(n, a, b, c, d) \
599 x = G1 (a); y = G2 (b); \
600 x += y; y += x; \
601 (d) ^= y + ctx->k[2 * (n) + 1]; \
602 (d) = ((d) >> 1) + ((d) << 31); \
603 (c) = (((c) << 1)+((c) >> 31)); \
604 (c) ^= (x + ctx->k[2 * (n)])
605
606/* Encryption and decryption cycles; each one is simply two Feistel rounds
607 * with the 32-bit chunks re-ordered to simulate the "swap" */
608
609#define ENCCYCLE(n) \
610 ENCROUND (2 * (n), a, b, c, d); \
611 ENCROUND (2 * (n) + 1, c, d, a, b)
612
613#define DECCYCLE(n) \
614 DECROUND (2 * (n) + 1, c, d, a, b); \
615 DECROUND (2 * (n), a, b, c, d)
616
617/* Macros to convert the input and output bytes into 32-bit words,
618 * and simultaneously perform the whitening step. INPACK packs word
619 * number n into the variable named by x, using whitening subkey number m.
620 * OUTUNPACK unpacks word number n from the variable named by x, using
621 * whitening subkey number m. */
622
623#define INPACK(n, x, m) \
624 x = in[4 * (n)] ^ (in[4 * (n) + 1] << 8) \
625 ^ (in[4 * (n) + 2] << 16) ^ (in[4 * (n) + 3] << 24) ^ ctx->w[m]
626
627#define OUTUNPACK(n, x, m) \
628 x ^= ctx->w[m]; \
629 out[4 * (n)] = x; out[4 * (n) + 1] = x >> 8; \
630 out[4 * (n) + 2] = x >> 16; out[4 * (n) + 3] = x >> 24
631
632#define TF_MIN_KEY_SIZE 16
633#define TF_MAX_KEY_SIZE 32
634#define TF_BLOCK_SIZE 16
635
636/* Structure for an expanded Twofish key. s contains the key-dependent
637 * S-boxes composed with the MDS matrix; w contains the eight "whitening"
638 * subkeys, K[0] through K[7]. k holds the remaining, "round" subkeys. Note
639 * that k[i] corresponds to what the Twofish paper calls K[i+8]. */
640struct twofish_ctx {
641 u32 s[4][256], w[8], k[32];
642};
643
644/* Perform the key setup. */
645static int twofish_setkey(void *cx, const u8 *key,
646 unsigned int key_len, u32 *flags)
647{
648
649 struct twofish_ctx *ctx = cx;
650
651 int i, j, k;
652
653 /* Temporaries for CALC_K. */
654 u32 x, y;
655
656 /* The S vector used to key the S-boxes, split up into individual bytes.
657 * 128-bit keys use only sa through sh; 256-bit use all of them. */
658 u8 sa = 0, sb = 0, sc = 0, sd = 0, se = 0, sf = 0, sg = 0, sh = 0;
659 u8 si = 0, sj = 0, sk = 0, sl = 0, sm = 0, sn = 0, so = 0, sp = 0;
660
661 /* Temporary for CALC_S. */
662 u8 tmp;
663
664 /* Check key length. */
665 if (key_len != 16 && key_len != 24 && key_len != 32)
666 {
667 *flags |= CRYPTO_TFM_RES_BAD_KEY_LEN;
668 return -EINVAL; /* unsupported key length */
669 }
670
671 /* Compute the first two words of the S vector. The magic numbers are
672 * the entries of the RS matrix, preprocessed through poly_to_exp. The
673 * numbers in the comments are the original (polynomial form) matrix
674 * entries. */
675 CALC_S (sa, sb, sc, sd, 0, 0x00, 0x2D, 0x01, 0x2D); /* 01 A4 02 A4 */
676 CALC_S (sa, sb, sc, sd, 1, 0x2D, 0xA4, 0x44, 0x8A); /* A4 56 A1 55 */
677 CALC_S (sa, sb, sc, sd, 2, 0x8A, 0xD5, 0xBF, 0xD1); /* 55 82 FC 87 */
678 CALC_S (sa, sb, sc, sd, 3, 0xD1, 0x7F, 0x3D, 0x99); /* 87 F3 C1 5A */
679 CALC_S (sa, sb, sc, sd, 4, 0x99, 0x46, 0x66, 0x96); /* 5A 1E 47 58 */
680 CALC_S (sa, sb, sc, sd, 5, 0x96, 0x3C, 0x5B, 0xED); /* 58 C6 AE DB */
681 CALC_S (sa, sb, sc, sd, 6, 0xED, 0x37, 0x4F, 0xE0); /* DB 68 3D 9E */
682 CALC_S (sa, sb, sc, sd, 7, 0xE0, 0xD0, 0x8C, 0x17); /* 9E E5 19 03 */
683 CALC_S (se, sf, sg, sh, 8, 0x00, 0x2D, 0x01, 0x2D); /* 01 A4 02 A4 */
684 CALC_S (se, sf, sg, sh, 9, 0x2D, 0xA4, 0x44, 0x8A); /* A4 56 A1 55 */
685 CALC_S (se, sf, sg, sh, 10, 0x8A, 0xD5, 0xBF, 0xD1); /* 55 82 FC 87 */
686 CALC_S (se, sf, sg, sh, 11, 0xD1, 0x7F, 0x3D, 0x99); /* 87 F3 C1 5A */
687 CALC_S (se, sf, sg, sh, 12, 0x99, 0x46, 0x66, 0x96); /* 5A 1E 47 58 */
688 CALC_S (se, sf, sg, sh, 13, 0x96, 0x3C, 0x5B, 0xED); /* 58 C6 AE DB */
689 CALC_S (se, sf, sg, sh, 14, 0xED, 0x37, 0x4F, 0xE0); /* DB 68 3D 9E */
690 CALC_S (se, sf, sg, sh, 15, 0xE0, 0xD0, 0x8C, 0x17); /* 9E E5 19 03 */
691
692 if (key_len == 24 || key_len == 32) { /* 192- or 256-bit key */
693 /* Calculate the third word of the S vector */
694 CALC_S (si, sj, sk, sl, 16, 0x00, 0x2D, 0x01, 0x2D); /* 01 A4 02 A4 */
695 CALC_S (si, sj, sk, sl, 17, 0x2D, 0xA4, 0x44, 0x8A); /* A4 56 A1 55 */
696 CALC_S (si, sj, sk, sl, 18, 0x8A, 0xD5, 0xBF, 0xD1); /* 55 82 FC 87 */
697 CALC_S (si, sj, sk, sl, 19, 0xD1, 0x7F, 0x3D, 0x99); /* 87 F3 C1 5A */
698 CALC_S (si, sj, sk, sl, 20, 0x99, 0x46, 0x66, 0x96); /* 5A 1E 47 58 */
699 CALC_S (si, sj, sk, sl, 21, 0x96, 0x3C, 0x5B, 0xED); /* 58 C6 AE DB */
700 CALC_S (si, sj, sk, sl, 22, 0xED, 0x37, 0x4F, 0xE0); /* DB 68 3D 9E */
701 CALC_S (si, sj, sk, sl, 23, 0xE0, 0xD0, 0x8C, 0x17); /* 9E E5 19 03 */
702 }
703
704 if (key_len == 32) { /* 256-bit key */
705 /* Calculate the fourth word of the S vector */
706 CALC_S (sm, sn, so, sp, 24, 0x00, 0x2D, 0x01, 0x2D); /* 01 A4 02 A4 */
707 CALC_S (sm, sn, so, sp, 25, 0x2D, 0xA4, 0x44, 0x8A); /* A4 56 A1 55 */
708 CALC_S (sm, sn, so, sp, 26, 0x8A, 0xD5, 0xBF, 0xD1); /* 55 82 FC 87 */
709 CALC_S (sm, sn, so, sp, 27, 0xD1, 0x7F, 0x3D, 0x99); /* 87 F3 C1 5A */
710 CALC_S (sm, sn, so, sp, 28, 0x99, 0x46, 0x66, 0x96); /* 5A 1E 47 58 */
711 CALC_S (sm, sn, so, sp, 29, 0x96, 0x3C, 0x5B, 0xED); /* 58 C6 AE DB */
712 CALC_S (sm, sn, so, sp, 30, 0xED, 0x37, 0x4F, 0xE0); /* DB 68 3D 9E */
713 CALC_S (sm, sn, so, sp, 31, 0xE0, 0xD0, 0x8C, 0x17); /* 9E E5 19 03 */
714
715 /* Compute the S-boxes. */
716 for ( i = j = 0, k = 1; i < 256; i++, j += 2, k += 2 ) {
717 CALC_SB256_2( i, calc_sb_tbl[j], calc_sb_tbl[k] );
718 }
719
720 /* Calculate whitening and round subkeys. The constants are
721 * indices of subkeys, preprocessed through q0 and q1. */
722 CALC_K256 (w, 0, 0xA9, 0x75, 0x67, 0xF3);
723 CALC_K256 (w, 2, 0xB3, 0xC6, 0xE8, 0xF4);
724 CALC_K256 (w, 4, 0x04, 0xDB, 0xFD, 0x7B);
725 CALC_K256 (w, 6, 0xA3, 0xFB, 0x76, 0xC8);
726 CALC_K256 (k, 0, 0x9A, 0x4A, 0x92, 0xD3);
727 CALC_K256 (k, 2, 0x80, 0xE6, 0x78, 0x6B);
728 CALC_K256 (k, 4, 0xE4, 0x45, 0xDD, 0x7D);
729 CALC_K256 (k, 6, 0xD1, 0xE8, 0x38, 0x4B);
730 CALC_K256 (k, 8, 0x0D, 0xD6, 0xC6, 0x32);
731 CALC_K256 (k, 10, 0x35, 0xD8, 0x98, 0xFD);
732 CALC_K256 (k, 12, 0x18, 0x37, 0xF7, 0x71);
733 CALC_K256 (k, 14, 0xEC, 0xF1, 0x6C, 0xE1);
734 CALC_K256 (k, 16, 0x43, 0x30, 0x75, 0x0F);
735 CALC_K256 (k, 18, 0x37, 0xF8, 0x26, 0x1B);
736 CALC_K256 (k, 20, 0xFA, 0x87, 0x13, 0xFA);
737 CALC_K256 (k, 22, 0x94, 0x06, 0x48, 0x3F);
738 CALC_K256 (k, 24, 0xF2, 0x5E, 0xD0, 0xBA);
739 CALC_K256 (k, 26, 0x8B, 0xAE, 0x30, 0x5B);
740 CALC_K256 (k, 28, 0x84, 0x8A, 0x54, 0x00);
741 CALC_K256 (k, 30, 0xDF, 0xBC, 0x23, 0x9D);
742 } else if (key_len == 24) { /* 192-bit key */
743 /* Compute the S-boxes. */
744 for ( i = j = 0, k = 1; i < 256; i++, j += 2, k += 2 ) {
745 CALC_SB192_2( i, calc_sb_tbl[j], calc_sb_tbl[k] );
746 }
747
748 /* Calculate whitening and round subkeys. The constants are
749 * indices of subkeys, preprocessed through q0 and q1. */
750 CALC_K192 (w, 0, 0xA9, 0x75, 0x67, 0xF3);
751 CALC_K192 (w, 2, 0xB3, 0xC6, 0xE8, 0xF4);
752 CALC_K192 (w, 4, 0x04, 0xDB, 0xFD, 0x7B);
753 CALC_K192 (w, 6, 0xA3, 0xFB, 0x76, 0xC8);
754 CALC_K192 (k, 0, 0x9A, 0x4A, 0x92, 0xD3);
755 CALC_K192 (k, 2, 0x80, 0xE6, 0x78, 0x6B);
756 CALC_K192 (k, 4, 0xE4, 0x45, 0xDD, 0x7D);
757 CALC_K192 (k, 6, 0xD1, 0xE8, 0x38, 0x4B);
758 CALC_K192 (k, 8, 0x0D, 0xD6, 0xC6, 0x32);
759 CALC_K192 (k, 10, 0x35, 0xD8, 0x98, 0xFD);
760 CALC_K192 (k, 12, 0x18, 0x37, 0xF7, 0x71);
761 CALC_K192 (k, 14, 0xEC, 0xF1, 0x6C, 0xE1);
762 CALC_K192 (k, 16, 0x43, 0x30, 0x75, 0x0F);
763 CALC_K192 (k, 18, 0x37, 0xF8, 0x26, 0x1B);
764 CALC_K192 (k, 20, 0xFA, 0x87, 0x13, 0xFA);
765 CALC_K192 (k, 22, 0x94, 0x06, 0x48, 0x3F);
766 CALC_K192 (k, 24, 0xF2, 0x5E, 0xD0, 0xBA);
767 CALC_K192 (k, 26, 0x8B, 0xAE, 0x30, 0x5B);
768 CALC_K192 (k, 28, 0x84, 0x8A, 0x54, 0x00);
769 CALC_K192 (k, 30, 0xDF, 0xBC, 0x23, 0x9D);
770 } else { /* 128-bit key */
771 /* Compute the S-boxes. */
772 for ( i = j = 0, k = 1; i < 256; i++, j += 2, k += 2 ) {
773 CALC_SB_2( i, calc_sb_tbl[j], calc_sb_tbl[k] );
774 }
775
776 /* Calculate whitening and round subkeys. The constants are
777 * indices of subkeys, preprocessed through q0 and q1. */
778 CALC_K (w, 0, 0xA9, 0x75, 0x67, 0xF3);
779 CALC_K (w, 2, 0xB3, 0xC6, 0xE8, 0xF4);
780 CALC_K (w, 4, 0x04, 0xDB, 0xFD, 0x7B);
781 CALC_K (w, 6, 0xA3, 0xFB, 0x76, 0xC8);
782 CALC_K (k, 0, 0x9A, 0x4A, 0x92, 0xD3);
783 CALC_K (k, 2, 0x80, 0xE6, 0x78, 0x6B);
784 CALC_K (k, 4, 0xE4, 0x45, 0xDD, 0x7D);
785 CALC_K (k, 6, 0xD1, 0xE8, 0x38, 0x4B);
786 CALC_K (k, 8, 0x0D, 0xD6, 0xC6, 0x32);
787 CALC_K (k, 10, 0x35, 0xD8, 0x98, 0xFD);
788 CALC_K (k, 12, 0x18, 0x37, 0xF7, 0x71);
789 CALC_K (k, 14, 0xEC, 0xF1, 0x6C, 0xE1);
790 CALC_K (k, 16, 0x43, 0x30, 0x75, 0x0F);
791 CALC_K (k, 18, 0x37, 0xF8, 0x26, 0x1B);
792 CALC_K (k, 20, 0xFA, 0x87, 0x13, 0xFA);
793 CALC_K (k, 22, 0x94, 0x06, 0x48, 0x3F);
794 CALC_K (k, 24, 0xF2, 0x5E, 0xD0, 0xBA);
795 CALC_K (k, 26, 0x8B, 0xAE, 0x30, 0x5B);
796 CALC_K (k, 28, 0x84, 0x8A, 0x54, 0x00);
797 CALC_K (k, 30, 0xDF, 0xBC, 0x23, 0x9D);
798 }
799
800 return 0;
801}
802
803/* Encrypt one block. in and out may be the same. */
804static void twofish_encrypt(void *cx, u8 *out, const u8 *in)
805{
806 struct twofish_ctx *ctx = cx;
807
808 /* The four 32-bit chunks of the text. */
809 u32 a, b, c, d;
810
811 /* Temporaries used by the round function. */
812 u32 x, y;
813
814 /* Input whitening and packing. */
815 INPACK (0, a, 0);
816 INPACK (1, b, 1);
817 INPACK (2, c, 2);
818 INPACK (3, d, 3);
819
820 /* Encryption Feistel cycles. */
821 ENCCYCLE (0);
822 ENCCYCLE (1);
823 ENCCYCLE (2);
824 ENCCYCLE (3);
825 ENCCYCLE (4);
826 ENCCYCLE (5);
827 ENCCYCLE (6);
828 ENCCYCLE (7);
829
830 /* Output whitening and unpacking. */
831 OUTUNPACK (0, c, 4);
832 OUTUNPACK (1, d, 5);
833 OUTUNPACK (2, a, 6);
834 OUTUNPACK (3, b, 7);
835
836}
837
838/* Decrypt one block. in and out may be the same. */
839static void twofish_decrypt(void *cx, u8 *out, const u8 *in)
840{
841 struct twofish_ctx *ctx = cx;
842
843 /* The four 32-bit chunks of the text. */
844 u32 a, b, c, d;
845
846 /* Temporaries used by the round function. */
847 u32 x, y;
848
849 /* Input whitening and packing. */
850 INPACK (0, c, 4);
851 INPACK (1, d, 5);
852 INPACK (2, a, 6);
853 INPACK (3, b, 7);
854
855 /* Encryption Feistel cycles. */
856 DECCYCLE (7);
857 DECCYCLE (6);
858 DECCYCLE (5);
859 DECCYCLE (4);
860 DECCYCLE (3);
861 DECCYCLE (2);
862 DECCYCLE (1);
863 DECCYCLE (0);
864
865 /* Output whitening and unpacking. */
866 OUTUNPACK (0, a, 0);
867 OUTUNPACK (1, b, 1);
868 OUTUNPACK (2, c, 2);
869 OUTUNPACK (3, d, 3);
870
871}
872
873static struct crypto_alg alg = {
874 .cra_name = "twofish",
875 .cra_flags = CRYPTO_ALG_TYPE_CIPHER,
876 .cra_blocksize = TF_BLOCK_SIZE,
877 .cra_ctxsize = sizeof(struct twofish_ctx),
878 .cra_module = THIS_MODULE,
879 .cra_list = LIST_HEAD_INIT(alg.cra_list),
880 .cra_u = { .cipher = {
881 .cia_min_keysize = TF_MIN_KEY_SIZE,
882 .cia_max_keysize = TF_MAX_KEY_SIZE,
883 .cia_setkey = twofish_setkey,
884 .cia_encrypt = twofish_encrypt,
885 .cia_decrypt = twofish_decrypt } }
886};
887
888static int __init init(void)
889{
890 return crypto_register_alg(&alg);
891}
892
893static void __exit fini(void)
894{
895 crypto_unregister_alg(&alg);
896}
897
898module_init(init);
899module_exit(fini);
900
901MODULE_LICENSE("GPL");
902MODULE_DESCRIPTION ("Twofish Cipher Algorithm");
diff --git a/crypto/wp512.c b/crypto/wp512.c
new file mode 100644
index 000000000000..fd6e20e1f291
--- /dev/null
+++ b/crypto/wp512.c
@@ -0,0 +1,1208 @@
1/*
2 * Cryptographic API.
3 *
4 * Whirlpool hashing Algorithm
5 *
6 * The Whirlpool algorithm was developed by Paulo S. L. M. Barreto and
7 * Vincent Rijmen. It has been selected as one of cryptographic
8 * primitives by the NESSIE project http://www.cryptonessie.org/
9 *
10 * The original authors have disclaimed all copyright interest in this
11 * code and thus put it in the public domain. The subsequent authors
12 * have put this under the GNU General Public License.
13 *
14 * By Aaron Grothe ajgrothe@yahoo.com, August 23, 2004
15 *
16 * This program is free software; you can redistribute it and/or modify
17 * it under the terms of the GNU General Public License as published by
18 * the Free Software Foundation; either version 2 of the License, or
19 * (at your option) any later version.
20 *
21 */
22#include <linux/init.h>
23#include <linux/module.h>
24#include <linux/mm.h>
25#include <asm/scatterlist.h>
26#include <linux/crypto.h>
27
28#define WP512_DIGEST_SIZE 64
29#define WP384_DIGEST_SIZE 48
30#define WP256_DIGEST_SIZE 32
31
32#define WP512_BLOCK_SIZE 64
33#define WP512_LENGTHBYTES 32
34
35#define WHIRLPOOL_ROUNDS 10
36
37struct wp512_ctx {
38 u8 bitLength[WP512_LENGTHBYTES];
39 u8 buffer[WP512_BLOCK_SIZE];
40 int bufferBits;
41 int bufferPos;
42 u64 hash[WP512_DIGEST_SIZE/8];
43};
44
45/*
46 * Though Whirlpool is endianness-neutral, the encryption tables are listed
47 * in BIG-ENDIAN format, which is adopted throughout this implementation
48 * (but little-endian notation would be equally suitable if consistently
49 * employed).
50 */
51
52static const u64 C0[256] = {
53 0x18186018c07830d8ULL, 0x23238c2305af4626ULL, 0xc6c63fc67ef991b8ULL,
54 0xe8e887e8136fcdfbULL, 0x878726874ca113cbULL, 0xb8b8dab8a9626d11ULL,
55 0x0101040108050209ULL, 0x4f4f214f426e9e0dULL, 0x3636d836adee6c9bULL,
56 0xa6a6a2a6590451ffULL, 0xd2d26fd2debdb90cULL, 0xf5f5f3f5fb06f70eULL,
57 0x7979f979ef80f296ULL, 0x6f6fa16f5fcede30ULL, 0x91917e91fcef3f6dULL,
58 0x52525552aa07a4f8ULL, 0x60609d6027fdc047ULL, 0xbcbccabc89766535ULL,
59 0x9b9b569baccd2b37ULL, 0x8e8e028e048c018aULL, 0xa3a3b6a371155bd2ULL,
60 0x0c0c300c603c186cULL, 0x7b7bf17bff8af684ULL, 0x3535d435b5e16a80ULL,
61 0x1d1d741de8693af5ULL, 0xe0e0a7e05347ddb3ULL, 0xd7d77bd7f6acb321ULL,
62 0xc2c22fc25eed999cULL, 0x2e2eb82e6d965c43ULL, 0x4b4b314b627a9629ULL,
63 0xfefedffea321e15dULL, 0x575741578216aed5ULL, 0x15155415a8412abdULL,
64 0x7777c1779fb6eee8ULL, 0x3737dc37a5eb6e92ULL, 0xe5e5b3e57b56d79eULL,
65 0x9f9f469f8cd92313ULL, 0xf0f0e7f0d317fd23ULL, 0x4a4a354a6a7f9420ULL,
66 0xdada4fda9e95a944ULL, 0x58587d58fa25b0a2ULL, 0xc9c903c906ca8fcfULL,
67 0x2929a429558d527cULL, 0x0a0a280a5022145aULL, 0xb1b1feb1e14f7f50ULL,
68 0xa0a0baa0691a5dc9ULL, 0x6b6bb16b7fdad614ULL, 0x85852e855cab17d9ULL,
69 0xbdbdcebd8173673cULL, 0x5d5d695dd234ba8fULL, 0x1010401080502090ULL,
70 0xf4f4f7f4f303f507ULL, 0xcbcb0bcb16c08bddULL, 0x3e3ef83eedc67cd3ULL,
71 0x0505140528110a2dULL, 0x676781671fe6ce78ULL, 0xe4e4b7e47353d597ULL,
72 0x27279c2725bb4e02ULL, 0x4141194132588273ULL, 0x8b8b168b2c9d0ba7ULL,
73 0xa7a7a6a7510153f6ULL, 0x7d7de97dcf94fab2ULL, 0x95956e95dcfb3749ULL,
74 0xd8d847d88e9fad56ULL, 0xfbfbcbfb8b30eb70ULL, 0xeeee9fee2371c1cdULL,
75 0x7c7ced7cc791f8bbULL, 0x6666856617e3cc71ULL, 0xdddd53dda68ea77bULL,
76 0x17175c17b84b2eafULL, 0x4747014702468e45ULL, 0x9e9e429e84dc211aULL,
77 0xcaca0fca1ec589d4ULL, 0x2d2db42d75995a58ULL, 0xbfbfc6bf9179632eULL,
78 0x07071c07381b0e3fULL, 0xadad8ead012347acULL, 0x5a5a755aea2fb4b0ULL,
79 0x838336836cb51befULL, 0x3333cc3385ff66b6ULL, 0x636391633ff2c65cULL,
80 0x02020802100a0412ULL, 0xaaaa92aa39384993ULL, 0x7171d971afa8e2deULL,
81 0xc8c807c80ecf8dc6ULL, 0x19196419c87d32d1ULL, 0x494939497270923bULL,
82 0xd9d943d9869aaf5fULL, 0xf2f2eff2c31df931ULL, 0xe3e3abe34b48dba8ULL,
83 0x5b5b715be22ab6b9ULL, 0x88881a8834920dbcULL, 0x9a9a529aa4c8293eULL,
84 0x262698262dbe4c0bULL, 0x3232c8328dfa64bfULL, 0xb0b0fab0e94a7d59ULL,
85 0xe9e983e91b6acff2ULL, 0x0f0f3c0f78331e77ULL, 0xd5d573d5e6a6b733ULL,
86 0x80803a8074ba1df4ULL, 0xbebec2be997c6127ULL, 0xcdcd13cd26de87ebULL,
87 0x3434d034bde46889ULL, 0x48483d487a759032ULL, 0xffffdbffab24e354ULL,
88 0x7a7af57af78ff48dULL, 0x90907a90f4ea3d64ULL, 0x5f5f615fc23ebe9dULL,
89 0x202080201da0403dULL, 0x6868bd6867d5d00fULL, 0x1a1a681ad07234caULL,
90 0xaeae82ae192c41b7ULL, 0xb4b4eab4c95e757dULL, 0x54544d549a19a8ceULL,
91 0x93937693ece53b7fULL, 0x222288220daa442fULL, 0x64648d6407e9c863ULL,
92 0xf1f1e3f1db12ff2aULL, 0x7373d173bfa2e6ccULL, 0x12124812905a2482ULL,
93 0x40401d403a5d807aULL, 0x0808200840281048ULL, 0xc3c32bc356e89b95ULL,
94 0xecec97ec337bc5dfULL, 0xdbdb4bdb9690ab4dULL, 0xa1a1bea1611f5fc0ULL,
95 0x8d8d0e8d1c830791ULL, 0x3d3df43df5c97ac8ULL, 0x97976697ccf1335bULL,
96 0x0000000000000000ULL, 0xcfcf1bcf36d483f9ULL, 0x2b2bac2b4587566eULL,
97 0x7676c57697b3ece1ULL, 0x8282328264b019e6ULL, 0xd6d67fd6fea9b128ULL,
98 0x1b1b6c1bd87736c3ULL, 0xb5b5eeb5c15b7774ULL, 0xafaf86af112943beULL,
99 0x6a6ab56a77dfd41dULL, 0x50505d50ba0da0eaULL, 0x45450945124c8a57ULL,
100 0xf3f3ebf3cb18fb38ULL, 0x3030c0309df060adULL, 0xefef9bef2b74c3c4ULL,
101 0x3f3ffc3fe5c37edaULL, 0x55554955921caac7ULL, 0xa2a2b2a2791059dbULL,
102 0xeaea8fea0365c9e9ULL, 0x656589650fecca6aULL, 0xbabad2bab9686903ULL,
103 0x2f2fbc2f65935e4aULL, 0xc0c027c04ee79d8eULL, 0xdede5fdebe81a160ULL,
104 0x1c1c701ce06c38fcULL, 0xfdfdd3fdbb2ee746ULL, 0x4d4d294d52649a1fULL,
105 0x92927292e4e03976ULL, 0x7575c9758fbceafaULL, 0x06061806301e0c36ULL,
106 0x8a8a128a249809aeULL, 0xb2b2f2b2f940794bULL, 0xe6e6bfe66359d185ULL,
107 0x0e0e380e70361c7eULL, 0x1f1f7c1ff8633ee7ULL, 0x6262956237f7c455ULL,
108 0xd4d477d4eea3b53aULL, 0xa8a89aa829324d81ULL, 0x96966296c4f43152ULL,
109 0xf9f9c3f99b3aef62ULL, 0xc5c533c566f697a3ULL, 0x2525942535b14a10ULL,
110 0x59597959f220b2abULL, 0x84842a8454ae15d0ULL, 0x7272d572b7a7e4c5ULL,
111 0x3939e439d5dd72ecULL, 0x4c4c2d4c5a619816ULL, 0x5e5e655eca3bbc94ULL,
112 0x7878fd78e785f09fULL, 0x3838e038ddd870e5ULL, 0x8c8c0a8c14860598ULL,
113 0xd1d163d1c6b2bf17ULL, 0xa5a5aea5410b57e4ULL, 0xe2e2afe2434dd9a1ULL,
114 0x616199612ff8c24eULL, 0xb3b3f6b3f1457b42ULL, 0x2121842115a54234ULL,
115 0x9c9c4a9c94d62508ULL, 0x1e1e781ef0663ceeULL, 0x4343114322528661ULL,
116 0xc7c73bc776fc93b1ULL, 0xfcfcd7fcb32be54fULL, 0x0404100420140824ULL,
117 0x51515951b208a2e3ULL, 0x99995e99bcc72f25ULL, 0x6d6da96d4fc4da22ULL,
118 0x0d0d340d68391a65ULL, 0xfafacffa8335e979ULL, 0xdfdf5bdfb684a369ULL,
119 0x7e7ee57ed79bfca9ULL, 0x242490243db44819ULL, 0x3b3bec3bc5d776feULL,
120 0xabab96ab313d4b9aULL, 0xcece1fce3ed181f0ULL, 0x1111441188552299ULL,
121 0x8f8f068f0c890383ULL, 0x4e4e254e4a6b9c04ULL, 0xb7b7e6b7d1517366ULL,
122 0xebeb8beb0b60cbe0ULL, 0x3c3cf03cfdcc78c1ULL, 0x81813e817cbf1ffdULL,
123 0x94946a94d4fe3540ULL, 0xf7f7fbf7eb0cf31cULL, 0xb9b9deb9a1676f18ULL,
124 0x13134c13985f268bULL, 0x2c2cb02c7d9c5851ULL, 0xd3d36bd3d6b8bb05ULL,
125 0xe7e7bbe76b5cd38cULL, 0x6e6ea56e57cbdc39ULL, 0xc4c437c46ef395aaULL,
126 0x03030c03180f061bULL, 0x565645568a13acdcULL, 0x44440d441a49885eULL,
127 0x7f7fe17fdf9efea0ULL, 0xa9a99ea921374f88ULL, 0x2a2aa82a4d825467ULL,
128 0xbbbbd6bbb16d6b0aULL, 0xc1c123c146e29f87ULL, 0x53535153a202a6f1ULL,
129 0xdcdc57dcae8ba572ULL, 0x0b0b2c0b58271653ULL, 0x9d9d4e9d9cd32701ULL,
130 0x6c6cad6c47c1d82bULL, 0x3131c43195f562a4ULL, 0x7474cd7487b9e8f3ULL,
131 0xf6f6fff6e309f115ULL, 0x464605460a438c4cULL, 0xacac8aac092645a5ULL,
132 0x89891e893c970fb5ULL, 0x14145014a04428b4ULL, 0xe1e1a3e15b42dfbaULL,
133 0x16165816b04e2ca6ULL, 0x3a3ae83acdd274f7ULL, 0x6969b9696fd0d206ULL,
134 0x09092409482d1241ULL, 0x7070dd70a7ade0d7ULL, 0xb6b6e2b6d954716fULL,
135 0xd0d067d0ceb7bd1eULL, 0xeded93ed3b7ec7d6ULL, 0xcccc17cc2edb85e2ULL,
136 0x424215422a578468ULL, 0x98985a98b4c22d2cULL, 0xa4a4aaa4490e55edULL,
137 0x2828a0285d885075ULL, 0x5c5c6d5cda31b886ULL, 0xf8f8c7f8933fed6bULL,
138 0x8686228644a411c2ULL,
139};
140
141static const u64 C1[256] = {
142 0xd818186018c07830ULL, 0x2623238c2305af46ULL, 0xb8c6c63fc67ef991ULL,
143 0xfbe8e887e8136fcdULL, 0xcb878726874ca113ULL, 0x11b8b8dab8a9626dULL,
144 0x0901010401080502ULL, 0x0d4f4f214f426e9eULL, 0x9b3636d836adee6cULL,
145 0xffa6a6a2a6590451ULL, 0x0cd2d26fd2debdb9ULL, 0x0ef5f5f3f5fb06f7ULL,
146 0x967979f979ef80f2ULL, 0x306f6fa16f5fcedeULL, 0x6d91917e91fcef3fULL,
147 0xf852525552aa07a4ULL, 0x4760609d6027fdc0ULL, 0x35bcbccabc897665ULL,
148 0x379b9b569baccd2bULL, 0x8a8e8e028e048c01ULL, 0xd2a3a3b6a371155bULL,
149 0x6c0c0c300c603c18ULL, 0x847b7bf17bff8af6ULL, 0x803535d435b5e16aULL,
150 0xf51d1d741de8693aULL, 0xb3e0e0a7e05347ddULL, 0x21d7d77bd7f6acb3ULL,
151 0x9cc2c22fc25eed99ULL, 0x432e2eb82e6d965cULL, 0x294b4b314b627a96ULL,
152 0x5dfefedffea321e1ULL, 0xd5575741578216aeULL, 0xbd15155415a8412aULL,
153 0xe87777c1779fb6eeULL, 0x923737dc37a5eb6eULL, 0x9ee5e5b3e57b56d7ULL,
154 0x139f9f469f8cd923ULL, 0x23f0f0e7f0d317fdULL, 0x204a4a354a6a7f94ULL,
155 0x44dada4fda9e95a9ULL, 0xa258587d58fa25b0ULL, 0xcfc9c903c906ca8fULL,
156 0x7c2929a429558d52ULL, 0x5a0a0a280a502214ULL, 0x50b1b1feb1e14f7fULL,
157 0xc9a0a0baa0691a5dULL, 0x146b6bb16b7fdad6ULL, 0xd985852e855cab17ULL,
158 0x3cbdbdcebd817367ULL, 0x8f5d5d695dd234baULL, 0x9010104010805020ULL,
159 0x07f4f4f7f4f303f5ULL, 0xddcbcb0bcb16c08bULL, 0xd33e3ef83eedc67cULL,
160 0x2d0505140528110aULL, 0x78676781671fe6ceULL, 0x97e4e4b7e47353d5ULL,
161 0x0227279c2725bb4eULL, 0x7341411941325882ULL, 0xa78b8b168b2c9d0bULL,
162 0xf6a7a7a6a7510153ULL, 0xb27d7de97dcf94faULL, 0x4995956e95dcfb37ULL,
163 0x56d8d847d88e9fadULL, 0x70fbfbcbfb8b30ebULL, 0xcdeeee9fee2371c1ULL,
164 0xbb7c7ced7cc791f8ULL, 0x716666856617e3ccULL, 0x7bdddd53dda68ea7ULL,
165 0xaf17175c17b84b2eULL, 0x454747014702468eULL, 0x1a9e9e429e84dc21ULL,
166 0xd4caca0fca1ec589ULL, 0x582d2db42d75995aULL, 0x2ebfbfc6bf917963ULL,
167 0x3f07071c07381b0eULL, 0xacadad8ead012347ULL, 0xb05a5a755aea2fb4ULL,
168 0xef838336836cb51bULL, 0xb63333cc3385ff66ULL, 0x5c636391633ff2c6ULL,
169 0x1202020802100a04ULL, 0x93aaaa92aa393849ULL, 0xde7171d971afa8e2ULL,
170 0xc6c8c807c80ecf8dULL, 0xd119196419c87d32ULL, 0x3b49493949727092ULL,
171 0x5fd9d943d9869aafULL, 0x31f2f2eff2c31df9ULL, 0xa8e3e3abe34b48dbULL,
172 0xb95b5b715be22ab6ULL, 0xbc88881a8834920dULL, 0x3e9a9a529aa4c829ULL,
173 0x0b262698262dbe4cULL, 0xbf3232c8328dfa64ULL, 0x59b0b0fab0e94a7dULL,
174 0xf2e9e983e91b6acfULL, 0x770f0f3c0f78331eULL, 0x33d5d573d5e6a6b7ULL,
175 0xf480803a8074ba1dULL, 0x27bebec2be997c61ULL, 0xebcdcd13cd26de87ULL,
176 0x893434d034bde468ULL, 0x3248483d487a7590ULL, 0x54ffffdbffab24e3ULL,
177 0x8d7a7af57af78ff4ULL, 0x6490907a90f4ea3dULL, 0x9d5f5f615fc23ebeULL,
178 0x3d202080201da040ULL, 0x0f6868bd6867d5d0ULL, 0xca1a1a681ad07234ULL,
179 0xb7aeae82ae192c41ULL, 0x7db4b4eab4c95e75ULL, 0xce54544d549a19a8ULL,
180 0x7f93937693ece53bULL, 0x2f222288220daa44ULL, 0x6364648d6407e9c8ULL,
181 0x2af1f1e3f1db12ffULL, 0xcc7373d173bfa2e6ULL, 0x8212124812905a24ULL,
182 0x7a40401d403a5d80ULL, 0x4808082008402810ULL, 0x95c3c32bc356e89bULL,
183 0xdfecec97ec337bc5ULL, 0x4ddbdb4bdb9690abULL, 0xc0a1a1bea1611f5fULL,
184 0x918d8d0e8d1c8307ULL, 0xc83d3df43df5c97aULL, 0x5b97976697ccf133ULL,
185 0x0000000000000000ULL, 0xf9cfcf1bcf36d483ULL, 0x6e2b2bac2b458756ULL,
186 0xe17676c57697b3ecULL, 0xe68282328264b019ULL, 0x28d6d67fd6fea9b1ULL,
187 0xc31b1b6c1bd87736ULL, 0x74b5b5eeb5c15b77ULL, 0xbeafaf86af112943ULL,
188 0x1d6a6ab56a77dfd4ULL, 0xea50505d50ba0da0ULL, 0x5745450945124c8aULL,
189 0x38f3f3ebf3cb18fbULL, 0xad3030c0309df060ULL, 0xc4efef9bef2b74c3ULL,
190 0xda3f3ffc3fe5c37eULL, 0xc755554955921caaULL, 0xdba2a2b2a2791059ULL,
191 0xe9eaea8fea0365c9ULL, 0x6a656589650feccaULL, 0x03babad2bab96869ULL,
192 0x4a2f2fbc2f65935eULL, 0x8ec0c027c04ee79dULL, 0x60dede5fdebe81a1ULL,
193 0xfc1c1c701ce06c38ULL, 0x46fdfdd3fdbb2ee7ULL, 0x1f4d4d294d52649aULL,
194 0x7692927292e4e039ULL, 0xfa7575c9758fbceaULL, 0x3606061806301e0cULL,
195 0xae8a8a128a249809ULL, 0x4bb2b2f2b2f94079ULL, 0x85e6e6bfe66359d1ULL,
196 0x7e0e0e380e70361cULL, 0xe71f1f7c1ff8633eULL, 0x556262956237f7c4ULL,
197 0x3ad4d477d4eea3b5ULL, 0x81a8a89aa829324dULL, 0x5296966296c4f431ULL,
198 0x62f9f9c3f99b3aefULL, 0xa3c5c533c566f697ULL, 0x102525942535b14aULL,
199 0xab59597959f220b2ULL, 0xd084842a8454ae15ULL, 0xc57272d572b7a7e4ULL,
200 0xec3939e439d5dd72ULL, 0x164c4c2d4c5a6198ULL, 0x945e5e655eca3bbcULL,
201 0x9f7878fd78e785f0ULL, 0xe53838e038ddd870ULL, 0x988c8c0a8c148605ULL,
202 0x17d1d163d1c6b2bfULL, 0xe4a5a5aea5410b57ULL, 0xa1e2e2afe2434dd9ULL,
203 0x4e616199612ff8c2ULL, 0x42b3b3f6b3f1457bULL, 0x342121842115a542ULL,
204 0x089c9c4a9c94d625ULL, 0xee1e1e781ef0663cULL, 0x6143431143225286ULL,
205 0xb1c7c73bc776fc93ULL, 0x4ffcfcd7fcb32be5ULL, 0x2404041004201408ULL,
206 0xe351515951b208a2ULL, 0x2599995e99bcc72fULL, 0x226d6da96d4fc4daULL,
207 0x650d0d340d68391aULL, 0x79fafacffa8335e9ULL, 0x69dfdf5bdfb684a3ULL,
208 0xa97e7ee57ed79bfcULL, 0x19242490243db448ULL, 0xfe3b3bec3bc5d776ULL,
209 0x9aabab96ab313d4bULL, 0xf0cece1fce3ed181ULL, 0x9911114411885522ULL,
210 0x838f8f068f0c8903ULL, 0x044e4e254e4a6b9cULL, 0x66b7b7e6b7d15173ULL,
211 0xe0ebeb8beb0b60cbULL, 0xc13c3cf03cfdcc78ULL, 0xfd81813e817cbf1fULL,
212 0x4094946a94d4fe35ULL, 0x1cf7f7fbf7eb0cf3ULL, 0x18b9b9deb9a1676fULL,
213 0x8b13134c13985f26ULL, 0x512c2cb02c7d9c58ULL, 0x05d3d36bd3d6b8bbULL,
214 0x8ce7e7bbe76b5cd3ULL, 0x396e6ea56e57cbdcULL, 0xaac4c437c46ef395ULL,
215 0x1b03030c03180f06ULL, 0xdc565645568a13acULL, 0x5e44440d441a4988ULL,
216 0xa07f7fe17fdf9efeULL, 0x88a9a99ea921374fULL, 0x672a2aa82a4d8254ULL,
217 0x0abbbbd6bbb16d6bULL, 0x87c1c123c146e29fULL, 0xf153535153a202a6ULL,
218 0x72dcdc57dcae8ba5ULL, 0x530b0b2c0b582716ULL, 0x019d9d4e9d9cd327ULL,
219 0x2b6c6cad6c47c1d8ULL, 0xa43131c43195f562ULL, 0xf37474cd7487b9e8ULL,
220 0x15f6f6fff6e309f1ULL, 0x4c464605460a438cULL, 0xa5acac8aac092645ULL,
221 0xb589891e893c970fULL, 0xb414145014a04428ULL, 0xbae1e1a3e15b42dfULL,
222 0xa616165816b04e2cULL, 0xf73a3ae83acdd274ULL, 0x066969b9696fd0d2ULL,
223 0x4109092409482d12ULL, 0xd77070dd70a7ade0ULL, 0x6fb6b6e2b6d95471ULL,
224 0x1ed0d067d0ceb7bdULL, 0xd6eded93ed3b7ec7ULL, 0xe2cccc17cc2edb85ULL,
225 0x68424215422a5784ULL, 0x2c98985a98b4c22dULL, 0xeda4a4aaa4490e55ULL,
226 0x752828a0285d8850ULL, 0x865c5c6d5cda31b8ULL, 0x6bf8f8c7f8933fedULL,
227 0xc28686228644a411ULL,
228};
229
230static const u64 C2[256] = {
231 0x30d818186018c078ULL, 0x462623238c2305afULL, 0x91b8c6c63fc67ef9ULL,
232 0xcdfbe8e887e8136fULL, 0x13cb878726874ca1ULL, 0x6d11b8b8dab8a962ULL,
233 0x0209010104010805ULL, 0x9e0d4f4f214f426eULL, 0x6c9b3636d836adeeULL,
234 0x51ffa6a6a2a65904ULL, 0xb90cd2d26fd2debdULL, 0xf70ef5f5f3f5fb06ULL,
235 0xf2967979f979ef80ULL, 0xde306f6fa16f5fceULL, 0x3f6d91917e91fcefULL,
236 0xa4f852525552aa07ULL, 0xc04760609d6027fdULL, 0x6535bcbccabc8976ULL,
237 0x2b379b9b569baccdULL, 0x018a8e8e028e048cULL, 0x5bd2a3a3b6a37115ULL,
238 0x186c0c0c300c603cULL, 0xf6847b7bf17bff8aULL, 0x6a803535d435b5e1ULL,
239 0x3af51d1d741de869ULL, 0xddb3e0e0a7e05347ULL, 0xb321d7d77bd7f6acULL,
240 0x999cc2c22fc25eedULL, 0x5c432e2eb82e6d96ULL, 0x96294b4b314b627aULL,
241 0xe15dfefedffea321ULL, 0xaed5575741578216ULL, 0x2abd15155415a841ULL,
242 0xeee87777c1779fb6ULL, 0x6e923737dc37a5ebULL, 0xd79ee5e5b3e57b56ULL,
243 0x23139f9f469f8cd9ULL, 0xfd23f0f0e7f0d317ULL, 0x94204a4a354a6a7fULL,
244 0xa944dada4fda9e95ULL, 0xb0a258587d58fa25ULL, 0x8fcfc9c903c906caULL,
245 0x527c2929a429558dULL, 0x145a0a0a280a5022ULL, 0x7f50b1b1feb1e14fULL,
246 0x5dc9a0a0baa0691aULL, 0xd6146b6bb16b7fdaULL, 0x17d985852e855cabULL,
247 0x673cbdbdcebd8173ULL, 0xba8f5d5d695dd234ULL, 0x2090101040108050ULL,
248 0xf507f4f4f7f4f303ULL, 0x8bddcbcb0bcb16c0ULL, 0x7cd33e3ef83eedc6ULL,
249 0x0a2d050514052811ULL, 0xce78676781671fe6ULL, 0xd597e4e4b7e47353ULL,
250 0x4e0227279c2725bbULL, 0x8273414119413258ULL, 0x0ba78b8b168b2c9dULL,
251 0x53f6a7a7a6a75101ULL, 0xfab27d7de97dcf94ULL, 0x374995956e95dcfbULL,
252 0xad56d8d847d88e9fULL, 0xeb70fbfbcbfb8b30ULL, 0xc1cdeeee9fee2371ULL,
253 0xf8bb7c7ced7cc791ULL, 0xcc716666856617e3ULL, 0xa77bdddd53dda68eULL,
254 0x2eaf17175c17b84bULL, 0x8e45474701470246ULL, 0x211a9e9e429e84dcULL,
255 0x89d4caca0fca1ec5ULL, 0x5a582d2db42d7599ULL, 0x632ebfbfc6bf9179ULL,
256 0x0e3f07071c07381bULL, 0x47acadad8ead0123ULL, 0xb4b05a5a755aea2fULL,
257 0x1bef838336836cb5ULL, 0x66b63333cc3385ffULL, 0xc65c636391633ff2ULL,
258 0x041202020802100aULL, 0x4993aaaa92aa3938ULL, 0xe2de7171d971afa8ULL,
259 0x8dc6c8c807c80ecfULL, 0x32d119196419c87dULL, 0x923b494939497270ULL,
260 0xaf5fd9d943d9869aULL, 0xf931f2f2eff2c31dULL, 0xdba8e3e3abe34b48ULL,
261 0xb6b95b5b715be22aULL, 0x0dbc88881a883492ULL, 0x293e9a9a529aa4c8ULL,
262 0x4c0b262698262dbeULL, 0x64bf3232c8328dfaULL, 0x7d59b0b0fab0e94aULL,
263 0xcff2e9e983e91b6aULL, 0x1e770f0f3c0f7833ULL, 0xb733d5d573d5e6a6ULL,
264 0x1df480803a8074baULL, 0x6127bebec2be997cULL, 0x87ebcdcd13cd26deULL,
265 0x68893434d034bde4ULL, 0x903248483d487a75ULL, 0xe354ffffdbffab24ULL,
266 0xf48d7a7af57af78fULL, 0x3d6490907a90f4eaULL, 0xbe9d5f5f615fc23eULL,
267 0x403d202080201da0ULL, 0xd00f6868bd6867d5ULL, 0x34ca1a1a681ad072ULL,
268 0x41b7aeae82ae192cULL, 0x757db4b4eab4c95eULL, 0xa8ce54544d549a19ULL,
269 0x3b7f93937693ece5ULL, 0x442f222288220daaULL, 0xc86364648d6407e9ULL,
270 0xff2af1f1e3f1db12ULL, 0xe6cc7373d173bfa2ULL, 0x248212124812905aULL,
271 0x807a40401d403a5dULL, 0x1048080820084028ULL, 0x9b95c3c32bc356e8ULL,
272 0xc5dfecec97ec337bULL, 0xab4ddbdb4bdb9690ULL, 0x5fc0a1a1bea1611fULL,
273 0x07918d8d0e8d1c83ULL, 0x7ac83d3df43df5c9ULL, 0x335b97976697ccf1ULL,
274 0x0000000000000000ULL, 0x83f9cfcf1bcf36d4ULL, 0x566e2b2bac2b4587ULL,
275 0xece17676c57697b3ULL, 0x19e68282328264b0ULL, 0xb128d6d67fd6fea9ULL,
276 0x36c31b1b6c1bd877ULL, 0x7774b5b5eeb5c15bULL, 0x43beafaf86af1129ULL,
277 0xd41d6a6ab56a77dfULL, 0xa0ea50505d50ba0dULL, 0x8a5745450945124cULL,
278 0xfb38f3f3ebf3cb18ULL, 0x60ad3030c0309df0ULL, 0xc3c4efef9bef2b74ULL,
279 0x7eda3f3ffc3fe5c3ULL, 0xaac755554955921cULL, 0x59dba2a2b2a27910ULL,
280 0xc9e9eaea8fea0365ULL, 0xca6a656589650fecULL, 0x6903babad2bab968ULL,
281 0x5e4a2f2fbc2f6593ULL, 0x9d8ec0c027c04ee7ULL, 0xa160dede5fdebe81ULL,
282 0x38fc1c1c701ce06cULL, 0xe746fdfdd3fdbb2eULL, 0x9a1f4d4d294d5264ULL,
283 0x397692927292e4e0ULL, 0xeafa7575c9758fbcULL, 0x0c3606061806301eULL,
284 0x09ae8a8a128a2498ULL, 0x794bb2b2f2b2f940ULL, 0xd185e6e6bfe66359ULL,
285 0x1c7e0e0e380e7036ULL, 0x3ee71f1f7c1ff863ULL, 0xc4556262956237f7ULL,
286 0xb53ad4d477d4eea3ULL, 0x4d81a8a89aa82932ULL, 0x315296966296c4f4ULL,
287 0xef62f9f9c3f99b3aULL, 0x97a3c5c533c566f6ULL, 0x4a102525942535b1ULL,
288 0xb2ab59597959f220ULL, 0x15d084842a8454aeULL, 0xe4c57272d572b7a7ULL,
289 0x72ec3939e439d5ddULL, 0x98164c4c2d4c5a61ULL, 0xbc945e5e655eca3bULL,
290 0xf09f7878fd78e785ULL, 0x70e53838e038ddd8ULL, 0x05988c8c0a8c1486ULL,
291 0xbf17d1d163d1c6b2ULL, 0x57e4a5a5aea5410bULL, 0xd9a1e2e2afe2434dULL,
292 0xc24e616199612ff8ULL, 0x7b42b3b3f6b3f145ULL, 0x42342121842115a5ULL,
293 0x25089c9c4a9c94d6ULL, 0x3cee1e1e781ef066ULL, 0x8661434311432252ULL,
294 0x93b1c7c73bc776fcULL, 0xe54ffcfcd7fcb32bULL, 0x0824040410042014ULL,
295 0xa2e351515951b208ULL, 0x2f2599995e99bcc7ULL, 0xda226d6da96d4fc4ULL,
296 0x1a650d0d340d6839ULL, 0xe979fafacffa8335ULL, 0xa369dfdf5bdfb684ULL,
297 0xfca97e7ee57ed79bULL, 0x4819242490243db4ULL, 0x76fe3b3bec3bc5d7ULL,
298 0x4b9aabab96ab313dULL, 0x81f0cece1fce3ed1ULL, 0x2299111144118855ULL,
299 0x03838f8f068f0c89ULL, 0x9c044e4e254e4a6bULL, 0x7366b7b7e6b7d151ULL,
300 0xcbe0ebeb8beb0b60ULL, 0x78c13c3cf03cfdccULL, 0x1ffd81813e817cbfULL,
301 0x354094946a94d4feULL, 0xf31cf7f7fbf7eb0cULL, 0x6f18b9b9deb9a167ULL,
302 0x268b13134c13985fULL, 0x58512c2cb02c7d9cULL, 0xbb05d3d36bd3d6b8ULL,
303 0xd38ce7e7bbe76b5cULL, 0xdc396e6ea56e57cbULL, 0x95aac4c437c46ef3ULL,
304 0x061b03030c03180fULL, 0xacdc565645568a13ULL, 0x885e44440d441a49ULL,
305 0xfea07f7fe17fdf9eULL, 0x4f88a9a99ea92137ULL, 0x54672a2aa82a4d82ULL,
306 0x6b0abbbbd6bbb16dULL, 0x9f87c1c123c146e2ULL, 0xa6f153535153a202ULL,
307 0xa572dcdc57dcae8bULL, 0x16530b0b2c0b5827ULL, 0x27019d9d4e9d9cd3ULL,
308 0xd82b6c6cad6c47c1ULL, 0x62a43131c43195f5ULL, 0xe8f37474cd7487b9ULL,
309 0xf115f6f6fff6e309ULL, 0x8c4c464605460a43ULL, 0x45a5acac8aac0926ULL,
310 0x0fb589891e893c97ULL, 0x28b414145014a044ULL, 0xdfbae1e1a3e15b42ULL,
311 0x2ca616165816b04eULL, 0x74f73a3ae83acdd2ULL, 0xd2066969b9696fd0ULL,
312 0x124109092409482dULL, 0xe0d77070dd70a7adULL, 0x716fb6b6e2b6d954ULL,
313 0xbd1ed0d067d0ceb7ULL, 0xc7d6eded93ed3b7eULL, 0x85e2cccc17cc2edbULL,
314 0x8468424215422a57ULL, 0x2d2c98985a98b4c2ULL, 0x55eda4a4aaa4490eULL,
315 0x50752828a0285d88ULL, 0xb8865c5c6d5cda31ULL, 0xed6bf8f8c7f8933fULL,
316 0x11c28686228644a4ULL,
317};
318
319static const u64 C3[256] = {
320 0x7830d818186018c0ULL, 0xaf462623238c2305ULL, 0xf991b8c6c63fc67eULL,
321 0x6fcdfbe8e887e813ULL, 0xa113cb878726874cULL, 0x626d11b8b8dab8a9ULL,
322 0x0502090101040108ULL, 0x6e9e0d4f4f214f42ULL, 0xee6c9b3636d836adULL,
323 0x0451ffa6a6a2a659ULL, 0xbdb90cd2d26fd2deULL, 0x06f70ef5f5f3f5fbULL,
324 0x80f2967979f979efULL, 0xcede306f6fa16f5fULL, 0xef3f6d91917e91fcULL,
325 0x07a4f852525552aaULL, 0xfdc04760609d6027ULL, 0x766535bcbccabc89ULL,
326 0xcd2b379b9b569bacULL, 0x8c018a8e8e028e04ULL, 0x155bd2a3a3b6a371ULL,
327 0x3c186c0c0c300c60ULL, 0x8af6847b7bf17bffULL, 0xe16a803535d435b5ULL,
328 0x693af51d1d741de8ULL, 0x47ddb3e0e0a7e053ULL, 0xacb321d7d77bd7f6ULL,
329 0xed999cc2c22fc25eULL, 0x965c432e2eb82e6dULL, 0x7a96294b4b314b62ULL,
330 0x21e15dfefedffea3ULL, 0x16aed55757415782ULL, 0x412abd15155415a8ULL,
331 0xb6eee87777c1779fULL, 0xeb6e923737dc37a5ULL, 0x56d79ee5e5b3e57bULL,
332 0xd923139f9f469f8cULL, 0x17fd23f0f0e7f0d3ULL, 0x7f94204a4a354a6aULL,
333 0x95a944dada4fda9eULL, 0x25b0a258587d58faULL, 0xca8fcfc9c903c906ULL,
334 0x8d527c2929a42955ULL, 0x22145a0a0a280a50ULL, 0x4f7f50b1b1feb1e1ULL,
335 0x1a5dc9a0a0baa069ULL, 0xdad6146b6bb16b7fULL, 0xab17d985852e855cULL,
336 0x73673cbdbdcebd81ULL, 0x34ba8f5d5d695dd2ULL, 0x5020901010401080ULL,
337 0x03f507f4f4f7f4f3ULL, 0xc08bddcbcb0bcb16ULL, 0xc67cd33e3ef83eedULL,
338 0x110a2d0505140528ULL, 0xe6ce78676781671fULL, 0x53d597e4e4b7e473ULL,
339 0xbb4e0227279c2725ULL, 0x5882734141194132ULL, 0x9d0ba78b8b168b2cULL,
340 0x0153f6a7a7a6a751ULL, 0x94fab27d7de97dcfULL, 0xfb374995956e95dcULL,
341 0x9fad56d8d847d88eULL, 0x30eb70fbfbcbfb8bULL, 0x71c1cdeeee9fee23ULL,
342 0x91f8bb7c7ced7cc7ULL, 0xe3cc716666856617ULL, 0x8ea77bdddd53dda6ULL,
343 0x4b2eaf17175c17b8ULL, 0x468e454747014702ULL, 0xdc211a9e9e429e84ULL,
344 0xc589d4caca0fca1eULL, 0x995a582d2db42d75ULL, 0x79632ebfbfc6bf91ULL,
345 0x1b0e3f07071c0738ULL, 0x2347acadad8ead01ULL, 0x2fb4b05a5a755aeaULL,
346 0xb51bef838336836cULL, 0xff66b63333cc3385ULL, 0xf2c65c636391633fULL,
347 0x0a04120202080210ULL, 0x384993aaaa92aa39ULL, 0xa8e2de7171d971afULL,
348 0xcf8dc6c8c807c80eULL, 0x7d32d119196419c8ULL, 0x70923b4949394972ULL,
349 0x9aaf5fd9d943d986ULL, 0x1df931f2f2eff2c3ULL, 0x48dba8e3e3abe34bULL,
350 0x2ab6b95b5b715be2ULL, 0x920dbc88881a8834ULL, 0xc8293e9a9a529aa4ULL,
351 0xbe4c0b262698262dULL, 0xfa64bf3232c8328dULL, 0x4a7d59b0b0fab0e9ULL,
352 0x6acff2e9e983e91bULL, 0x331e770f0f3c0f78ULL, 0xa6b733d5d573d5e6ULL,
353 0xba1df480803a8074ULL, 0x7c6127bebec2be99ULL, 0xde87ebcdcd13cd26ULL,
354 0xe468893434d034bdULL, 0x75903248483d487aULL, 0x24e354ffffdbffabULL,
355 0x8ff48d7a7af57af7ULL, 0xea3d6490907a90f4ULL, 0x3ebe9d5f5f615fc2ULL,
356 0xa0403d202080201dULL, 0xd5d00f6868bd6867ULL, 0x7234ca1a1a681ad0ULL,
357 0x2c41b7aeae82ae19ULL, 0x5e757db4b4eab4c9ULL, 0x19a8ce54544d549aULL,
358 0xe53b7f93937693ecULL, 0xaa442f222288220dULL, 0xe9c86364648d6407ULL,
359 0x12ff2af1f1e3f1dbULL, 0xa2e6cc7373d173bfULL, 0x5a24821212481290ULL,
360 0x5d807a40401d403aULL, 0x2810480808200840ULL, 0xe89b95c3c32bc356ULL,
361 0x7bc5dfecec97ec33ULL, 0x90ab4ddbdb4bdb96ULL, 0x1f5fc0a1a1bea161ULL,
362 0x8307918d8d0e8d1cULL, 0xc97ac83d3df43df5ULL, 0xf1335b97976697ccULL,
363 0x0000000000000000ULL, 0xd483f9cfcf1bcf36ULL, 0x87566e2b2bac2b45ULL,
364 0xb3ece17676c57697ULL, 0xb019e68282328264ULL, 0xa9b128d6d67fd6feULL,
365 0x7736c31b1b6c1bd8ULL, 0x5b7774b5b5eeb5c1ULL, 0x2943beafaf86af11ULL,
366 0xdfd41d6a6ab56a77ULL, 0x0da0ea50505d50baULL, 0x4c8a574545094512ULL,
367 0x18fb38f3f3ebf3cbULL, 0xf060ad3030c0309dULL, 0x74c3c4efef9bef2bULL,
368 0xc37eda3f3ffc3fe5ULL, 0x1caac75555495592ULL, 0x1059dba2a2b2a279ULL,
369 0x65c9e9eaea8fea03ULL, 0xecca6a656589650fULL, 0x686903babad2bab9ULL,
370 0x935e4a2f2fbc2f65ULL, 0xe79d8ec0c027c04eULL, 0x81a160dede5fdebeULL,
371 0x6c38fc1c1c701ce0ULL, 0x2ee746fdfdd3fdbbULL, 0x649a1f4d4d294d52ULL,
372 0xe0397692927292e4ULL, 0xbceafa7575c9758fULL, 0x1e0c360606180630ULL,
373 0x9809ae8a8a128a24ULL, 0x40794bb2b2f2b2f9ULL, 0x59d185e6e6bfe663ULL,
374 0x361c7e0e0e380e70ULL, 0x633ee71f1f7c1ff8ULL, 0xf7c4556262956237ULL,
375 0xa3b53ad4d477d4eeULL, 0x324d81a8a89aa829ULL, 0xf4315296966296c4ULL,
376 0x3aef62f9f9c3f99bULL, 0xf697a3c5c533c566ULL, 0xb14a102525942535ULL,
377 0x20b2ab59597959f2ULL, 0xae15d084842a8454ULL, 0xa7e4c57272d572b7ULL,
378 0xdd72ec3939e439d5ULL, 0x6198164c4c2d4c5aULL, 0x3bbc945e5e655ecaULL,
379 0x85f09f7878fd78e7ULL, 0xd870e53838e038ddULL, 0x8605988c8c0a8c14ULL,
380 0xb2bf17d1d163d1c6ULL, 0x0b57e4a5a5aea541ULL, 0x4dd9a1e2e2afe243ULL,
381 0xf8c24e616199612fULL, 0x457b42b3b3f6b3f1ULL, 0xa542342121842115ULL,
382 0xd625089c9c4a9c94ULL, 0x663cee1e1e781ef0ULL, 0x5286614343114322ULL,
383 0xfc93b1c7c73bc776ULL, 0x2be54ffcfcd7fcb3ULL, 0x1408240404100420ULL,
384 0x08a2e351515951b2ULL, 0xc72f2599995e99bcULL, 0xc4da226d6da96d4fULL,
385 0x391a650d0d340d68ULL, 0x35e979fafacffa83ULL, 0x84a369dfdf5bdfb6ULL,
386 0x9bfca97e7ee57ed7ULL, 0xb44819242490243dULL, 0xd776fe3b3bec3bc5ULL,
387 0x3d4b9aabab96ab31ULL, 0xd181f0cece1fce3eULL, 0x5522991111441188ULL,
388 0x8903838f8f068f0cULL, 0x6b9c044e4e254e4aULL, 0x517366b7b7e6b7d1ULL,
389 0x60cbe0ebeb8beb0bULL, 0xcc78c13c3cf03cfdULL, 0xbf1ffd81813e817cULL,
390 0xfe354094946a94d4ULL, 0x0cf31cf7f7fbf7ebULL, 0x676f18b9b9deb9a1ULL,
391 0x5f268b13134c1398ULL, 0x9c58512c2cb02c7dULL, 0xb8bb05d3d36bd3d6ULL,
392 0x5cd38ce7e7bbe76bULL, 0xcbdc396e6ea56e57ULL, 0xf395aac4c437c46eULL,
393 0x0f061b03030c0318ULL, 0x13acdc565645568aULL, 0x49885e44440d441aULL,
394 0x9efea07f7fe17fdfULL, 0x374f88a9a99ea921ULL, 0x8254672a2aa82a4dULL,
395 0x6d6b0abbbbd6bbb1ULL, 0xe29f87c1c123c146ULL, 0x02a6f153535153a2ULL,
396 0x8ba572dcdc57dcaeULL, 0x2716530b0b2c0b58ULL, 0xd327019d9d4e9d9cULL,
397 0xc1d82b6c6cad6c47ULL, 0xf562a43131c43195ULL, 0xb9e8f37474cd7487ULL,
398 0x09f115f6f6fff6e3ULL, 0x438c4c464605460aULL, 0x2645a5acac8aac09ULL,
399 0x970fb589891e893cULL, 0x4428b414145014a0ULL, 0x42dfbae1e1a3e15bULL,
400 0x4e2ca616165816b0ULL, 0xd274f73a3ae83acdULL, 0xd0d2066969b9696fULL,
401 0x2d12410909240948ULL, 0xade0d77070dd70a7ULL, 0x54716fb6b6e2b6d9ULL,
402 0xb7bd1ed0d067d0ceULL, 0x7ec7d6eded93ed3bULL, 0xdb85e2cccc17cc2eULL,
403 0x578468424215422aULL, 0xc22d2c98985a98b4ULL, 0x0e55eda4a4aaa449ULL,
404 0x8850752828a0285dULL, 0x31b8865c5c6d5cdaULL, 0x3fed6bf8f8c7f893ULL,
405 0xa411c28686228644ULL,
406};
407
408static const u64 C4[256] = {
409 0xc07830d818186018ULL, 0x05af462623238c23ULL, 0x7ef991b8c6c63fc6ULL,
410 0x136fcdfbe8e887e8ULL, 0x4ca113cb87872687ULL, 0xa9626d11b8b8dab8ULL,
411 0x0805020901010401ULL, 0x426e9e0d4f4f214fULL, 0xadee6c9b3636d836ULL,
412 0x590451ffa6a6a2a6ULL, 0xdebdb90cd2d26fd2ULL, 0xfb06f70ef5f5f3f5ULL,
413 0xef80f2967979f979ULL, 0x5fcede306f6fa16fULL, 0xfcef3f6d91917e91ULL,
414 0xaa07a4f852525552ULL, 0x27fdc04760609d60ULL, 0x89766535bcbccabcULL,
415 0xaccd2b379b9b569bULL, 0x048c018a8e8e028eULL, 0x71155bd2a3a3b6a3ULL,
416 0x603c186c0c0c300cULL, 0xff8af6847b7bf17bULL, 0xb5e16a803535d435ULL,
417 0xe8693af51d1d741dULL, 0x5347ddb3e0e0a7e0ULL, 0xf6acb321d7d77bd7ULL,
418 0x5eed999cc2c22fc2ULL, 0x6d965c432e2eb82eULL, 0x627a96294b4b314bULL,
419 0xa321e15dfefedffeULL, 0x8216aed557574157ULL, 0xa8412abd15155415ULL,
420 0x9fb6eee87777c177ULL, 0xa5eb6e923737dc37ULL, 0x7b56d79ee5e5b3e5ULL,
421 0x8cd923139f9f469fULL, 0xd317fd23f0f0e7f0ULL, 0x6a7f94204a4a354aULL,
422 0x9e95a944dada4fdaULL, 0xfa25b0a258587d58ULL, 0x06ca8fcfc9c903c9ULL,
423 0x558d527c2929a429ULL, 0x5022145a0a0a280aULL, 0xe14f7f50b1b1feb1ULL,
424 0x691a5dc9a0a0baa0ULL, 0x7fdad6146b6bb16bULL, 0x5cab17d985852e85ULL,
425 0x8173673cbdbdcebdULL, 0xd234ba8f5d5d695dULL, 0x8050209010104010ULL,
426 0xf303f507f4f4f7f4ULL, 0x16c08bddcbcb0bcbULL, 0xedc67cd33e3ef83eULL,
427 0x28110a2d05051405ULL, 0x1fe6ce7867678167ULL, 0x7353d597e4e4b7e4ULL,
428 0x25bb4e0227279c27ULL, 0x3258827341411941ULL, 0x2c9d0ba78b8b168bULL,
429 0x510153f6a7a7a6a7ULL, 0xcf94fab27d7de97dULL, 0xdcfb374995956e95ULL,
430 0x8e9fad56d8d847d8ULL, 0x8b30eb70fbfbcbfbULL, 0x2371c1cdeeee9feeULL,
431 0xc791f8bb7c7ced7cULL, 0x17e3cc7166668566ULL, 0xa68ea77bdddd53ddULL,
432 0xb84b2eaf17175c17ULL, 0x02468e4547470147ULL, 0x84dc211a9e9e429eULL,
433 0x1ec589d4caca0fcaULL, 0x75995a582d2db42dULL, 0x9179632ebfbfc6bfULL,
434 0x381b0e3f07071c07ULL, 0x012347acadad8eadULL, 0xea2fb4b05a5a755aULL,
435 0x6cb51bef83833683ULL, 0x85ff66b63333cc33ULL, 0x3ff2c65c63639163ULL,
436 0x100a041202020802ULL, 0x39384993aaaa92aaULL, 0xafa8e2de7171d971ULL,
437 0x0ecf8dc6c8c807c8ULL, 0xc87d32d119196419ULL, 0x7270923b49493949ULL,
438 0x869aaf5fd9d943d9ULL, 0xc31df931f2f2eff2ULL, 0x4b48dba8e3e3abe3ULL,
439 0xe22ab6b95b5b715bULL, 0x34920dbc88881a88ULL, 0xa4c8293e9a9a529aULL,
440 0x2dbe4c0b26269826ULL, 0x8dfa64bf3232c832ULL, 0xe94a7d59b0b0fab0ULL,
441 0x1b6acff2e9e983e9ULL, 0x78331e770f0f3c0fULL, 0xe6a6b733d5d573d5ULL,
442 0x74ba1df480803a80ULL, 0x997c6127bebec2beULL, 0x26de87ebcdcd13cdULL,
443 0xbde468893434d034ULL, 0x7a75903248483d48ULL, 0xab24e354ffffdbffULL,
444 0xf78ff48d7a7af57aULL, 0xf4ea3d6490907a90ULL, 0xc23ebe9d5f5f615fULL,
445 0x1da0403d20208020ULL, 0x67d5d00f6868bd68ULL, 0xd07234ca1a1a681aULL,
446 0x192c41b7aeae82aeULL, 0xc95e757db4b4eab4ULL, 0x9a19a8ce54544d54ULL,
447 0xece53b7f93937693ULL, 0x0daa442f22228822ULL, 0x07e9c86364648d64ULL,
448 0xdb12ff2af1f1e3f1ULL, 0xbfa2e6cc7373d173ULL, 0x905a248212124812ULL,
449 0x3a5d807a40401d40ULL, 0x4028104808082008ULL, 0x56e89b95c3c32bc3ULL,
450 0x337bc5dfecec97ecULL, 0x9690ab4ddbdb4bdbULL, 0x611f5fc0a1a1bea1ULL,
451 0x1c8307918d8d0e8dULL, 0xf5c97ac83d3df43dULL, 0xccf1335b97976697ULL,
452 0x0000000000000000ULL, 0x36d483f9cfcf1bcfULL, 0x4587566e2b2bac2bULL,
453 0x97b3ece17676c576ULL, 0x64b019e682823282ULL, 0xfea9b128d6d67fd6ULL,
454 0xd87736c31b1b6c1bULL, 0xc15b7774b5b5eeb5ULL, 0x112943beafaf86afULL,
455 0x77dfd41d6a6ab56aULL, 0xba0da0ea50505d50ULL, 0x124c8a5745450945ULL,
456 0xcb18fb38f3f3ebf3ULL, 0x9df060ad3030c030ULL, 0x2b74c3c4efef9befULL,
457 0xe5c37eda3f3ffc3fULL, 0x921caac755554955ULL, 0x791059dba2a2b2a2ULL,
458 0x0365c9e9eaea8feaULL, 0x0fecca6a65658965ULL, 0xb9686903babad2baULL,
459 0x65935e4a2f2fbc2fULL, 0x4ee79d8ec0c027c0ULL, 0xbe81a160dede5fdeULL,
460 0xe06c38fc1c1c701cULL, 0xbb2ee746fdfdd3fdULL, 0x52649a1f4d4d294dULL,
461 0xe4e0397692927292ULL, 0x8fbceafa7575c975ULL, 0x301e0c3606061806ULL,
462 0x249809ae8a8a128aULL, 0xf940794bb2b2f2b2ULL, 0x6359d185e6e6bfe6ULL,
463 0x70361c7e0e0e380eULL, 0xf8633ee71f1f7c1fULL, 0x37f7c45562629562ULL,
464 0xeea3b53ad4d477d4ULL, 0x29324d81a8a89aa8ULL, 0xc4f4315296966296ULL,
465 0x9b3aef62f9f9c3f9ULL, 0x66f697a3c5c533c5ULL, 0x35b14a1025259425ULL,
466 0xf220b2ab59597959ULL, 0x54ae15d084842a84ULL, 0xb7a7e4c57272d572ULL,
467 0xd5dd72ec3939e439ULL, 0x5a6198164c4c2d4cULL, 0xca3bbc945e5e655eULL,
468 0xe785f09f7878fd78ULL, 0xddd870e53838e038ULL, 0x148605988c8c0a8cULL,
469 0xc6b2bf17d1d163d1ULL, 0x410b57e4a5a5aea5ULL, 0x434dd9a1e2e2afe2ULL,
470 0x2ff8c24e61619961ULL, 0xf1457b42b3b3f6b3ULL, 0x15a5423421218421ULL,
471 0x94d625089c9c4a9cULL, 0xf0663cee1e1e781eULL, 0x2252866143431143ULL,
472 0x76fc93b1c7c73bc7ULL, 0xb32be54ffcfcd7fcULL, 0x2014082404041004ULL,
473 0xb208a2e351515951ULL, 0xbcc72f2599995e99ULL, 0x4fc4da226d6da96dULL,
474 0x68391a650d0d340dULL, 0x8335e979fafacffaULL, 0xb684a369dfdf5bdfULL,
475 0xd79bfca97e7ee57eULL, 0x3db4481924249024ULL, 0xc5d776fe3b3bec3bULL,
476 0x313d4b9aabab96abULL, 0x3ed181f0cece1fceULL, 0x8855229911114411ULL,
477 0x0c8903838f8f068fULL, 0x4a6b9c044e4e254eULL, 0xd1517366b7b7e6b7ULL,
478 0x0b60cbe0ebeb8bebULL, 0xfdcc78c13c3cf03cULL, 0x7cbf1ffd81813e81ULL,
479 0xd4fe354094946a94ULL, 0xeb0cf31cf7f7fbf7ULL, 0xa1676f18b9b9deb9ULL,
480 0x985f268b13134c13ULL, 0x7d9c58512c2cb02cULL, 0xd6b8bb05d3d36bd3ULL,
481 0x6b5cd38ce7e7bbe7ULL, 0x57cbdc396e6ea56eULL, 0x6ef395aac4c437c4ULL,
482 0x180f061b03030c03ULL, 0x8a13acdc56564556ULL, 0x1a49885e44440d44ULL,
483 0xdf9efea07f7fe17fULL, 0x21374f88a9a99ea9ULL, 0x4d8254672a2aa82aULL,
484 0xb16d6b0abbbbd6bbULL, 0x46e29f87c1c123c1ULL, 0xa202a6f153535153ULL,
485 0xae8ba572dcdc57dcULL, 0x582716530b0b2c0bULL, 0x9cd327019d9d4e9dULL,
486 0x47c1d82b6c6cad6cULL, 0x95f562a43131c431ULL, 0x87b9e8f37474cd74ULL,
487 0xe309f115f6f6fff6ULL, 0x0a438c4c46460546ULL, 0x092645a5acac8aacULL,
488 0x3c970fb589891e89ULL, 0xa04428b414145014ULL, 0x5b42dfbae1e1a3e1ULL,
489 0xb04e2ca616165816ULL, 0xcdd274f73a3ae83aULL, 0x6fd0d2066969b969ULL,
490 0x482d124109092409ULL, 0xa7ade0d77070dd70ULL, 0xd954716fb6b6e2b6ULL,
491 0xceb7bd1ed0d067d0ULL, 0x3b7ec7d6eded93edULL, 0x2edb85e2cccc17ccULL,
492 0x2a57846842421542ULL, 0xb4c22d2c98985a98ULL, 0x490e55eda4a4aaa4ULL,
493 0x5d8850752828a028ULL, 0xda31b8865c5c6d5cULL, 0x933fed6bf8f8c7f8ULL,
494 0x44a411c286862286ULL,
495};
496
497static const u64 C5[256] = {
498 0x18c07830d8181860ULL, 0x2305af462623238cULL, 0xc67ef991b8c6c63fULL,
499 0xe8136fcdfbe8e887ULL, 0x874ca113cb878726ULL, 0xb8a9626d11b8b8daULL,
500 0x0108050209010104ULL, 0x4f426e9e0d4f4f21ULL, 0x36adee6c9b3636d8ULL,
501 0xa6590451ffa6a6a2ULL, 0xd2debdb90cd2d26fULL, 0xf5fb06f70ef5f5f3ULL,
502 0x79ef80f2967979f9ULL, 0x6f5fcede306f6fa1ULL, 0x91fcef3f6d91917eULL,
503 0x52aa07a4f8525255ULL, 0x6027fdc04760609dULL, 0xbc89766535bcbccaULL,
504 0x9baccd2b379b9b56ULL, 0x8e048c018a8e8e02ULL, 0xa371155bd2a3a3b6ULL,
505 0x0c603c186c0c0c30ULL, 0x7bff8af6847b7bf1ULL, 0x35b5e16a803535d4ULL,
506 0x1de8693af51d1d74ULL, 0xe05347ddb3e0e0a7ULL, 0xd7f6acb321d7d77bULL,
507 0xc25eed999cc2c22fULL, 0x2e6d965c432e2eb8ULL, 0x4b627a96294b4b31ULL,
508 0xfea321e15dfefedfULL, 0x578216aed5575741ULL, 0x15a8412abd151554ULL,
509 0x779fb6eee87777c1ULL, 0x37a5eb6e923737dcULL, 0xe57b56d79ee5e5b3ULL,
510 0x9f8cd923139f9f46ULL, 0xf0d317fd23f0f0e7ULL, 0x4a6a7f94204a4a35ULL,
511 0xda9e95a944dada4fULL, 0x58fa25b0a258587dULL, 0xc906ca8fcfc9c903ULL,
512 0x29558d527c2929a4ULL, 0x0a5022145a0a0a28ULL, 0xb1e14f7f50b1b1feULL,
513 0xa0691a5dc9a0a0baULL, 0x6b7fdad6146b6bb1ULL, 0x855cab17d985852eULL,
514 0xbd8173673cbdbdceULL, 0x5dd234ba8f5d5d69ULL, 0x1080502090101040ULL,
515 0xf4f303f507f4f4f7ULL, 0xcb16c08bddcbcb0bULL, 0x3eedc67cd33e3ef8ULL,
516 0x0528110a2d050514ULL, 0x671fe6ce78676781ULL, 0xe47353d597e4e4b7ULL,
517 0x2725bb4e0227279cULL, 0x4132588273414119ULL, 0x8b2c9d0ba78b8b16ULL,
518 0xa7510153f6a7a7a6ULL, 0x7dcf94fab27d7de9ULL, 0x95dcfb374995956eULL,
519 0xd88e9fad56d8d847ULL, 0xfb8b30eb70fbfbcbULL, 0xee2371c1cdeeee9fULL,
520 0x7cc791f8bb7c7cedULL, 0x6617e3cc71666685ULL, 0xdda68ea77bdddd53ULL,
521 0x17b84b2eaf17175cULL, 0x4702468e45474701ULL, 0x9e84dc211a9e9e42ULL,
522 0xca1ec589d4caca0fULL, 0x2d75995a582d2db4ULL, 0xbf9179632ebfbfc6ULL,
523 0x07381b0e3f07071cULL, 0xad012347acadad8eULL, 0x5aea2fb4b05a5a75ULL,
524 0x836cb51bef838336ULL, 0x3385ff66b63333ccULL, 0x633ff2c65c636391ULL,
525 0x02100a0412020208ULL, 0xaa39384993aaaa92ULL, 0x71afa8e2de7171d9ULL,
526 0xc80ecf8dc6c8c807ULL, 0x19c87d32d1191964ULL, 0x497270923b494939ULL,
527 0xd9869aaf5fd9d943ULL, 0xf2c31df931f2f2efULL, 0xe34b48dba8e3e3abULL,
528 0x5be22ab6b95b5b71ULL, 0x8834920dbc88881aULL, 0x9aa4c8293e9a9a52ULL,
529 0x262dbe4c0b262698ULL, 0x328dfa64bf3232c8ULL, 0xb0e94a7d59b0b0faULL,
530 0xe91b6acff2e9e983ULL, 0x0f78331e770f0f3cULL, 0xd5e6a6b733d5d573ULL,
531 0x8074ba1df480803aULL, 0xbe997c6127bebec2ULL, 0xcd26de87ebcdcd13ULL,
532 0x34bde468893434d0ULL, 0x487a75903248483dULL, 0xffab24e354ffffdbULL,
533 0x7af78ff48d7a7af5ULL, 0x90f4ea3d6490907aULL, 0x5fc23ebe9d5f5f61ULL,
534 0x201da0403d202080ULL, 0x6867d5d00f6868bdULL, 0x1ad07234ca1a1a68ULL,
535 0xae192c41b7aeae82ULL, 0xb4c95e757db4b4eaULL, 0x549a19a8ce54544dULL,
536 0x93ece53b7f939376ULL, 0x220daa442f222288ULL, 0x6407e9c86364648dULL,
537 0xf1db12ff2af1f1e3ULL, 0x73bfa2e6cc7373d1ULL, 0x12905a2482121248ULL,
538 0x403a5d807a40401dULL, 0x0840281048080820ULL, 0xc356e89b95c3c32bULL,
539 0xec337bc5dfecec97ULL, 0xdb9690ab4ddbdb4bULL, 0xa1611f5fc0a1a1beULL,
540 0x8d1c8307918d8d0eULL, 0x3df5c97ac83d3df4ULL, 0x97ccf1335b979766ULL,
541 0x0000000000000000ULL, 0xcf36d483f9cfcf1bULL, 0x2b4587566e2b2bacULL,
542 0x7697b3ece17676c5ULL, 0x8264b019e6828232ULL, 0xd6fea9b128d6d67fULL,
543 0x1bd87736c31b1b6cULL, 0xb5c15b7774b5b5eeULL, 0xaf112943beafaf86ULL,
544 0x6a77dfd41d6a6ab5ULL, 0x50ba0da0ea50505dULL, 0x45124c8a57454509ULL,
545 0xf3cb18fb38f3f3ebULL, 0x309df060ad3030c0ULL, 0xef2b74c3c4efef9bULL,
546 0x3fe5c37eda3f3ffcULL, 0x55921caac7555549ULL, 0xa2791059dba2a2b2ULL,
547 0xea0365c9e9eaea8fULL, 0x650fecca6a656589ULL, 0xbab9686903babad2ULL,
548 0x2f65935e4a2f2fbcULL, 0xc04ee79d8ec0c027ULL, 0xdebe81a160dede5fULL,
549 0x1ce06c38fc1c1c70ULL, 0xfdbb2ee746fdfdd3ULL, 0x4d52649a1f4d4d29ULL,
550 0x92e4e03976929272ULL, 0x758fbceafa7575c9ULL, 0x06301e0c36060618ULL,
551 0x8a249809ae8a8a12ULL, 0xb2f940794bb2b2f2ULL, 0xe66359d185e6e6bfULL,
552 0x0e70361c7e0e0e38ULL, 0x1ff8633ee71f1f7cULL, 0x6237f7c455626295ULL,
553 0xd4eea3b53ad4d477ULL, 0xa829324d81a8a89aULL, 0x96c4f43152969662ULL,
554 0xf99b3aef62f9f9c3ULL, 0xc566f697a3c5c533ULL, 0x2535b14a10252594ULL,
555 0x59f220b2ab595979ULL, 0x8454ae15d084842aULL, 0x72b7a7e4c57272d5ULL,
556 0x39d5dd72ec3939e4ULL, 0x4c5a6198164c4c2dULL, 0x5eca3bbc945e5e65ULL,
557 0x78e785f09f7878fdULL, 0x38ddd870e53838e0ULL, 0x8c148605988c8c0aULL,
558 0xd1c6b2bf17d1d163ULL, 0xa5410b57e4a5a5aeULL, 0xe2434dd9a1e2e2afULL,
559 0x612ff8c24e616199ULL, 0xb3f1457b42b3b3f6ULL, 0x2115a54234212184ULL,
560 0x9c94d625089c9c4aULL, 0x1ef0663cee1e1e78ULL, 0x4322528661434311ULL,
561 0xc776fc93b1c7c73bULL, 0xfcb32be54ffcfcd7ULL, 0x0420140824040410ULL,
562 0x51b208a2e3515159ULL, 0x99bcc72f2599995eULL, 0x6d4fc4da226d6da9ULL,
563 0x0d68391a650d0d34ULL, 0xfa8335e979fafacfULL, 0xdfb684a369dfdf5bULL,
564 0x7ed79bfca97e7ee5ULL, 0x243db44819242490ULL, 0x3bc5d776fe3b3becULL,
565 0xab313d4b9aabab96ULL, 0xce3ed181f0cece1fULL, 0x1188552299111144ULL,
566 0x8f0c8903838f8f06ULL, 0x4e4a6b9c044e4e25ULL, 0xb7d1517366b7b7e6ULL,
567 0xeb0b60cbe0ebeb8bULL, 0x3cfdcc78c13c3cf0ULL, 0x817cbf1ffd81813eULL,
568 0x94d4fe354094946aULL, 0xf7eb0cf31cf7f7fbULL, 0xb9a1676f18b9b9deULL,
569 0x13985f268b13134cULL, 0x2c7d9c58512c2cb0ULL, 0xd3d6b8bb05d3d36bULL,
570 0xe76b5cd38ce7e7bbULL, 0x6e57cbdc396e6ea5ULL, 0xc46ef395aac4c437ULL,
571 0x03180f061b03030cULL, 0x568a13acdc565645ULL, 0x441a49885e44440dULL,
572 0x7fdf9efea07f7fe1ULL, 0xa921374f88a9a99eULL, 0x2a4d8254672a2aa8ULL,
573 0xbbb16d6b0abbbbd6ULL, 0xc146e29f87c1c123ULL, 0x53a202a6f1535351ULL,
574 0xdcae8ba572dcdc57ULL, 0x0b582716530b0b2cULL, 0x9d9cd327019d9d4eULL,
575 0x6c47c1d82b6c6cadULL, 0x3195f562a43131c4ULL, 0x7487b9e8f37474cdULL,
576 0xf6e309f115f6f6ffULL, 0x460a438c4c464605ULL, 0xac092645a5acac8aULL,
577 0x893c970fb589891eULL, 0x14a04428b4141450ULL, 0xe15b42dfbae1e1a3ULL,
578 0x16b04e2ca6161658ULL, 0x3acdd274f73a3ae8ULL, 0x696fd0d2066969b9ULL,
579 0x09482d1241090924ULL, 0x70a7ade0d77070ddULL, 0xb6d954716fb6b6e2ULL,
580 0xd0ceb7bd1ed0d067ULL, 0xed3b7ec7d6eded93ULL, 0xcc2edb85e2cccc17ULL,
581 0x422a578468424215ULL, 0x98b4c22d2c98985aULL, 0xa4490e55eda4a4aaULL,
582 0x285d8850752828a0ULL, 0x5cda31b8865c5c6dULL, 0xf8933fed6bf8f8c7ULL,
583 0x8644a411c2868622ULL,
584};
585
586static const u64 C6[256] = {
587 0x6018c07830d81818ULL, 0x8c2305af46262323ULL, 0x3fc67ef991b8c6c6ULL,
588 0x87e8136fcdfbe8e8ULL, 0x26874ca113cb8787ULL, 0xdab8a9626d11b8b8ULL,
589 0x0401080502090101ULL, 0x214f426e9e0d4f4fULL, 0xd836adee6c9b3636ULL,
590 0xa2a6590451ffa6a6ULL, 0x6fd2debdb90cd2d2ULL, 0xf3f5fb06f70ef5f5ULL,
591 0xf979ef80f2967979ULL, 0xa16f5fcede306f6fULL, 0x7e91fcef3f6d9191ULL,
592 0x5552aa07a4f85252ULL, 0x9d6027fdc0476060ULL, 0xcabc89766535bcbcULL,
593 0x569baccd2b379b9bULL, 0x028e048c018a8e8eULL, 0xb6a371155bd2a3a3ULL,
594 0x300c603c186c0c0cULL, 0xf17bff8af6847b7bULL, 0xd435b5e16a803535ULL,
595 0x741de8693af51d1dULL, 0xa7e05347ddb3e0e0ULL, 0x7bd7f6acb321d7d7ULL,
596 0x2fc25eed999cc2c2ULL, 0xb82e6d965c432e2eULL, 0x314b627a96294b4bULL,
597 0xdffea321e15dfefeULL, 0x41578216aed55757ULL, 0x5415a8412abd1515ULL,
598 0xc1779fb6eee87777ULL, 0xdc37a5eb6e923737ULL, 0xb3e57b56d79ee5e5ULL,
599 0x469f8cd923139f9fULL, 0xe7f0d317fd23f0f0ULL, 0x354a6a7f94204a4aULL,
600 0x4fda9e95a944dadaULL, 0x7d58fa25b0a25858ULL, 0x03c906ca8fcfc9c9ULL,
601 0xa429558d527c2929ULL, 0x280a5022145a0a0aULL, 0xfeb1e14f7f50b1b1ULL,
602 0xbaa0691a5dc9a0a0ULL, 0xb16b7fdad6146b6bULL, 0x2e855cab17d98585ULL,
603 0xcebd8173673cbdbdULL, 0x695dd234ba8f5d5dULL, 0x4010805020901010ULL,
604 0xf7f4f303f507f4f4ULL, 0x0bcb16c08bddcbcbULL, 0xf83eedc67cd33e3eULL,
605 0x140528110a2d0505ULL, 0x81671fe6ce786767ULL, 0xb7e47353d597e4e4ULL,
606 0x9c2725bb4e022727ULL, 0x1941325882734141ULL, 0x168b2c9d0ba78b8bULL,
607 0xa6a7510153f6a7a7ULL, 0xe97dcf94fab27d7dULL, 0x6e95dcfb37499595ULL,
608 0x47d88e9fad56d8d8ULL, 0xcbfb8b30eb70fbfbULL, 0x9fee2371c1cdeeeeULL,
609 0xed7cc791f8bb7c7cULL, 0x856617e3cc716666ULL, 0x53dda68ea77bddddULL,
610 0x5c17b84b2eaf1717ULL, 0x014702468e454747ULL, 0x429e84dc211a9e9eULL,
611 0x0fca1ec589d4cacaULL, 0xb42d75995a582d2dULL, 0xc6bf9179632ebfbfULL,
612 0x1c07381b0e3f0707ULL, 0x8ead012347acadadULL, 0x755aea2fb4b05a5aULL,
613 0x36836cb51bef8383ULL, 0xcc3385ff66b63333ULL, 0x91633ff2c65c6363ULL,
614 0x0802100a04120202ULL, 0x92aa39384993aaaaULL, 0xd971afa8e2de7171ULL,
615 0x07c80ecf8dc6c8c8ULL, 0x6419c87d32d11919ULL, 0x39497270923b4949ULL,
616 0x43d9869aaf5fd9d9ULL, 0xeff2c31df931f2f2ULL, 0xabe34b48dba8e3e3ULL,
617 0x715be22ab6b95b5bULL, 0x1a8834920dbc8888ULL, 0x529aa4c8293e9a9aULL,
618 0x98262dbe4c0b2626ULL, 0xc8328dfa64bf3232ULL, 0xfab0e94a7d59b0b0ULL,
619 0x83e91b6acff2e9e9ULL, 0x3c0f78331e770f0fULL, 0x73d5e6a6b733d5d5ULL,
620 0x3a8074ba1df48080ULL, 0xc2be997c6127bebeULL, 0x13cd26de87ebcdcdULL,
621 0xd034bde468893434ULL, 0x3d487a7590324848ULL, 0xdbffab24e354ffffULL,
622 0xf57af78ff48d7a7aULL, 0x7a90f4ea3d649090ULL, 0x615fc23ebe9d5f5fULL,
623 0x80201da0403d2020ULL, 0xbd6867d5d00f6868ULL, 0x681ad07234ca1a1aULL,
624 0x82ae192c41b7aeaeULL, 0xeab4c95e757db4b4ULL, 0x4d549a19a8ce5454ULL,
625 0x7693ece53b7f9393ULL, 0x88220daa442f2222ULL, 0x8d6407e9c8636464ULL,
626 0xe3f1db12ff2af1f1ULL, 0xd173bfa2e6cc7373ULL, 0x4812905a24821212ULL,
627 0x1d403a5d807a4040ULL, 0x2008402810480808ULL, 0x2bc356e89b95c3c3ULL,
628 0x97ec337bc5dfececULL, 0x4bdb9690ab4ddbdbULL, 0xbea1611f5fc0a1a1ULL,
629 0x0e8d1c8307918d8dULL, 0xf43df5c97ac83d3dULL, 0x6697ccf1335b9797ULL,
630 0x0000000000000000ULL, 0x1bcf36d483f9cfcfULL, 0xac2b4587566e2b2bULL,
631 0xc57697b3ece17676ULL, 0x328264b019e68282ULL, 0x7fd6fea9b128d6d6ULL,
632 0x6c1bd87736c31b1bULL, 0xeeb5c15b7774b5b5ULL, 0x86af112943beafafULL,
633 0xb56a77dfd41d6a6aULL, 0x5d50ba0da0ea5050ULL, 0x0945124c8a574545ULL,
634 0xebf3cb18fb38f3f3ULL, 0xc0309df060ad3030ULL, 0x9bef2b74c3c4efefULL,
635 0xfc3fe5c37eda3f3fULL, 0x4955921caac75555ULL, 0xb2a2791059dba2a2ULL,
636 0x8fea0365c9e9eaeaULL, 0x89650fecca6a6565ULL, 0xd2bab9686903babaULL,
637 0xbc2f65935e4a2f2fULL, 0x27c04ee79d8ec0c0ULL, 0x5fdebe81a160dedeULL,
638 0x701ce06c38fc1c1cULL, 0xd3fdbb2ee746fdfdULL, 0x294d52649a1f4d4dULL,
639 0x7292e4e039769292ULL, 0xc9758fbceafa7575ULL, 0x1806301e0c360606ULL,
640 0x128a249809ae8a8aULL, 0xf2b2f940794bb2b2ULL, 0xbfe66359d185e6e6ULL,
641 0x380e70361c7e0e0eULL, 0x7c1ff8633ee71f1fULL, 0x956237f7c4556262ULL,
642 0x77d4eea3b53ad4d4ULL, 0x9aa829324d81a8a8ULL, 0x6296c4f431529696ULL,
643 0xc3f99b3aef62f9f9ULL, 0x33c566f697a3c5c5ULL, 0x942535b14a102525ULL,
644 0x7959f220b2ab5959ULL, 0x2a8454ae15d08484ULL, 0xd572b7a7e4c57272ULL,
645 0xe439d5dd72ec3939ULL, 0x2d4c5a6198164c4cULL, 0x655eca3bbc945e5eULL,
646 0xfd78e785f09f7878ULL, 0xe038ddd870e53838ULL, 0x0a8c148605988c8cULL,
647 0x63d1c6b2bf17d1d1ULL, 0xaea5410b57e4a5a5ULL, 0xafe2434dd9a1e2e2ULL,
648 0x99612ff8c24e6161ULL, 0xf6b3f1457b42b3b3ULL, 0x842115a542342121ULL,
649 0x4a9c94d625089c9cULL, 0x781ef0663cee1e1eULL, 0x1143225286614343ULL,
650 0x3bc776fc93b1c7c7ULL, 0xd7fcb32be54ffcfcULL, 0x1004201408240404ULL,
651 0x5951b208a2e35151ULL, 0x5e99bcc72f259999ULL, 0xa96d4fc4da226d6dULL,
652 0x340d68391a650d0dULL, 0xcffa8335e979fafaULL, 0x5bdfb684a369dfdfULL,
653 0xe57ed79bfca97e7eULL, 0x90243db448192424ULL, 0xec3bc5d776fe3b3bULL,
654 0x96ab313d4b9aababULL, 0x1fce3ed181f0ceceULL, 0x4411885522991111ULL,
655 0x068f0c8903838f8fULL, 0x254e4a6b9c044e4eULL, 0xe6b7d1517366b7b7ULL,
656 0x8beb0b60cbe0ebebULL, 0xf03cfdcc78c13c3cULL, 0x3e817cbf1ffd8181ULL,
657 0x6a94d4fe35409494ULL, 0xfbf7eb0cf31cf7f7ULL, 0xdeb9a1676f18b9b9ULL,
658 0x4c13985f268b1313ULL, 0xb02c7d9c58512c2cULL, 0x6bd3d6b8bb05d3d3ULL,
659 0xbbe76b5cd38ce7e7ULL, 0xa56e57cbdc396e6eULL, 0x37c46ef395aac4c4ULL,
660 0x0c03180f061b0303ULL, 0x45568a13acdc5656ULL, 0x0d441a49885e4444ULL,
661 0xe17fdf9efea07f7fULL, 0x9ea921374f88a9a9ULL, 0xa82a4d8254672a2aULL,
662 0xd6bbb16d6b0abbbbULL, 0x23c146e29f87c1c1ULL, 0x5153a202a6f15353ULL,
663 0x57dcae8ba572dcdcULL, 0x2c0b582716530b0bULL, 0x4e9d9cd327019d9dULL,
664 0xad6c47c1d82b6c6cULL, 0xc43195f562a43131ULL, 0xcd7487b9e8f37474ULL,
665 0xfff6e309f115f6f6ULL, 0x05460a438c4c4646ULL, 0x8aac092645a5acacULL,
666 0x1e893c970fb58989ULL, 0x5014a04428b41414ULL, 0xa3e15b42dfbae1e1ULL,
667 0x5816b04e2ca61616ULL, 0xe83acdd274f73a3aULL, 0xb9696fd0d2066969ULL,
668 0x2409482d12410909ULL, 0xdd70a7ade0d77070ULL, 0xe2b6d954716fb6b6ULL,
669 0x67d0ceb7bd1ed0d0ULL, 0x93ed3b7ec7d6ededULL, 0x17cc2edb85e2ccccULL,
670 0x15422a5784684242ULL, 0x5a98b4c22d2c9898ULL, 0xaaa4490e55eda4a4ULL,
671 0xa0285d8850752828ULL, 0x6d5cda31b8865c5cULL, 0xc7f8933fed6bf8f8ULL,
672 0x228644a411c28686ULL,
673};
674
675static const u64 C7[256] = {
676 0x186018c07830d818ULL, 0x238c2305af462623ULL, 0xc63fc67ef991b8c6ULL,
677 0xe887e8136fcdfbe8ULL, 0x8726874ca113cb87ULL, 0xb8dab8a9626d11b8ULL,
678 0x0104010805020901ULL, 0x4f214f426e9e0d4fULL, 0x36d836adee6c9b36ULL,
679 0xa6a2a6590451ffa6ULL, 0xd26fd2debdb90cd2ULL, 0xf5f3f5fb06f70ef5ULL,
680 0x79f979ef80f29679ULL, 0x6fa16f5fcede306fULL, 0x917e91fcef3f6d91ULL,
681 0x525552aa07a4f852ULL, 0x609d6027fdc04760ULL, 0xbccabc89766535bcULL,
682 0x9b569baccd2b379bULL, 0x8e028e048c018a8eULL, 0xa3b6a371155bd2a3ULL,
683 0x0c300c603c186c0cULL, 0x7bf17bff8af6847bULL, 0x35d435b5e16a8035ULL,
684 0x1d741de8693af51dULL, 0xe0a7e05347ddb3e0ULL, 0xd77bd7f6acb321d7ULL,
685 0xc22fc25eed999cc2ULL, 0x2eb82e6d965c432eULL, 0x4b314b627a96294bULL,
686 0xfedffea321e15dfeULL, 0x5741578216aed557ULL, 0x155415a8412abd15ULL,
687 0x77c1779fb6eee877ULL, 0x37dc37a5eb6e9237ULL, 0xe5b3e57b56d79ee5ULL,
688 0x9f469f8cd923139fULL, 0xf0e7f0d317fd23f0ULL, 0x4a354a6a7f94204aULL,
689 0xda4fda9e95a944daULL, 0x587d58fa25b0a258ULL, 0xc903c906ca8fcfc9ULL,
690 0x29a429558d527c29ULL, 0x0a280a5022145a0aULL, 0xb1feb1e14f7f50b1ULL,
691 0xa0baa0691a5dc9a0ULL, 0x6bb16b7fdad6146bULL, 0x852e855cab17d985ULL,
692 0xbdcebd8173673cbdULL, 0x5d695dd234ba8f5dULL, 0x1040108050209010ULL,
693 0xf4f7f4f303f507f4ULL, 0xcb0bcb16c08bddcbULL, 0x3ef83eedc67cd33eULL,
694 0x05140528110a2d05ULL, 0x6781671fe6ce7867ULL, 0xe4b7e47353d597e4ULL,
695 0x279c2725bb4e0227ULL, 0x4119413258827341ULL, 0x8b168b2c9d0ba78bULL,
696 0xa7a6a7510153f6a7ULL, 0x7de97dcf94fab27dULL, 0x956e95dcfb374995ULL,
697 0xd847d88e9fad56d8ULL, 0xfbcbfb8b30eb70fbULL, 0xee9fee2371c1cdeeULL,
698 0x7ced7cc791f8bb7cULL, 0x66856617e3cc7166ULL, 0xdd53dda68ea77bddULL,
699 0x175c17b84b2eaf17ULL, 0x47014702468e4547ULL, 0x9e429e84dc211a9eULL,
700 0xca0fca1ec589d4caULL, 0x2db42d75995a582dULL, 0xbfc6bf9179632ebfULL,
701 0x071c07381b0e3f07ULL, 0xad8ead012347acadULL, 0x5a755aea2fb4b05aULL,
702 0x8336836cb51bef83ULL, 0x33cc3385ff66b633ULL, 0x6391633ff2c65c63ULL,
703 0x020802100a041202ULL, 0xaa92aa39384993aaULL, 0x71d971afa8e2de71ULL,
704 0xc807c80ecf8dc6c8ULL, 0x196419c87d32d119ULL, 0x4939497270923b49ULL,
705 0xd943d9869aaf5fd9ULL, 0xf2eff2c31df931f2ULL, 0xe3abe34b48dba8e3ULL,
706 0x5b715be22ab6b95bULL, 0x881a8834920dbc88ULL, 0x9a529aa4c8293e9aULL,
707 0x2698262dbe4c0b26ULL, 0x32c8328dfa64bf32ULL, 0xb0fab0e94a7d59b0ULL,
708 0xe983e91b6acff2e9ULL, 0x0f3c0f78331e770fULL, 0xd573d5e6a6b733d5ULL,
709 0x803a8074ba1df480ULL, 0xbec2be997c6127beULL, 0xcd13cd26de87ebcdULL,
710 0x34d034bde4688934ULL, 0x483d487a75903248ULL, 0xffdbffab24e354ffULL,
711 0x7af57af78ff48d7aULL, 0x907a90f4ea3d6490ULL, 0x5f615fc23ebe9d5fULL,
712 0x2080201da0403d20ULL, 0x68bd6867d5d00f68ULL, 0x1a681ad07234ca1aULL,
713 0xae82ae192c41b7aeULL, 0xb4eab4c95e757db4ULL, 0x544d549a19a8ce54ULL,
714 0x937693ece53b7f93ULL, 0x2288220daa442f22ULL, 0x648d6407e9c86364ULL,
715 0xf1e3f1db12ff2af1ULL, 0x73d173bfa2e6cc73ULL, 0x124812905a248212ULL,
716 0x401d403a5d807a40ULL, 0x0820084028104808ULL, 0xc32bc356e89b95c3ULL,
717 0xec97ec337bc5dfecULL, 0xdb4bdb9690ab4ddbULL, 0xa1bea1611f5fc0a1ULL,
718 0x8d0e8d1c8307918dULL, 0x3df43df5c97ac83dULL, 0x976697ccf1335b97ULL,
719 0x0000000000000000ULL, 0xcf1bcf36d483f9cfULL, 0x2bac2b4587566e2bULL,
720 0x76c57697b3ece176ULL, 0x82328264b019e682ULL, 0xd67fd6fea9b128d6ULL,
721 0x1b6c1bd87736c31bULL, 0xb5eeb5c15b7774b5ULL, 0xaf86af112943beafULL,
722 0x6ab56a77dfd41d6aULL, 0x505d50ba0da0ea50ULL, 0x450945124c8a5745ULL,
723 0xf3ebf3cb18fb38f3ULL, 0x30c0309df060ad30ULL, 0xef9bef2b74c3c4efULL,
724 0x3ffc3fe5c37eda3fULL, 0x554955921caac755ULL, 0xa2b2a2791059dba2ULL,
725 0xea8fea0365c9e9eaULL, 0x6589650fecca6a65ULL, 0xbad2bab9686903baULL,
726 0x2fbc2f65935e4a2fULL, 0xc027c04ee79d8ec0ULL, 0xde5fdebe81a160deULL,
727 0x1c701ce06c38fc1cULL, 0xfdd3fdbb2ee746fdULL, 0x4d294d52649a1f4dULL,
728 0x927292e4e0397692ULL, 0x75c9758fbceafa75ULL, 0x061806301e0c3606ULL,
729 0x8a128a249809ae8aULL, 0xb2f2b2f940794bb2ULL, 0xe6bfe66359d185e6ULL,
730 0x0e380e70361c7e0eULL, 0x1f7c1ff8633ee71fULL, 0x62956237f7c45562ULL,
731 0xd477d4eea3b53ad4ULL, 0xa89aa829324d81a8ULL, 0x966296c4f4315296ULL,
732 0xf9c3f99b3aef62f9ULL, 0xc533c566f697a3c5ULL, 0x25942535b14a1025ULL,
733 0x597959f220b2ab59ULL, 0x842a8454ae15d084ULL, 0x72d572b7a7e4c572ULL,
734 0x39e439d5dd72ec39ULL, 0x4c2d4c5a6198164cULL, 0x5e655eca3bbc945eULL,
735 0x78fd78e785f09f78ULL, 0x38e038ddd870e538ULL, 0x8c0a8c148605988cULL,
736 0xd163d1c6b2bf17d1ULL, 0xa5aea5410b57e4a5ULL, 0xe2afe2434dd9a1e2ULL,
737 0x6199612ff8c24e61ULL, 0xb3f6b3f1457b42b3ULL, 0x21842115a5423421ULL,
738 0x9c4a9c94d625089cULL, 0x1e781ef0663cee1eULL, 0x4311432252866143ULL,
739 0xc73bc776fc93b1c7ULL, 0xfcd7fcb32be54ffcULL, 0x0410042014082404ULL,
740 0x515951b208a2e351ULL, 0x995e99bcc72f2599ULL, 0x6da96d4fc4da226dULL,
741 0x0d340d68391a650dULL, 0xfacffa8335e979faULL, 0xdf5bdfb684a369dfULL,
742 0x7ee57ed79bfca97eULL, 0x2490243db4481924ULL, 0x3bec3bc5d776fe3bULL,
743 0xab96ab313d4b9aabULL, 0xce1fce3ed181f0ceULL, 0x1144118855229911ULL,
744 0x8f068f0c8903838fULL, 0x4e254e4a6b9c044eULL, 0xb7e6b7d1517366b7ULL,
745 0xeb8beb0b60cbe0ebULL, 0x3cf03cfdcc78c13cULL, 0x813e817cbf1ffd81ULL,
746 0x946a94d4fe354094ULL, 0xf7fbf7eb0cf31cf7ULL, 0xb9deb9a1676f18b9ULL,
747 0x134c13985f268b13ULL, 0x2cb02c7d9c58512cULL, 0xd36bd3d6b8bb05d3ULL,
748 0xe7bbe76b5cd38ce7ULL, 0x6ea56e57cbdc396eULL, 0xc437c46ef395aac4ULL,
749 0x030c03180f061b03ULL, 0x5645568a13acdc56ULL, 0x440d441a49885e44ULL,
750 0x7fe17fdf9efea07fULL, 0xa99ea921374f88a9ULL, 0x2aa82a4d8254672aULL,
751 0xbbd6bbb16d6b0abbULL, 0xc123c146e29f87c1ULL, 0x535153a202a6f153ULL,
752 0xdc57dcae8ba572dcULL, 0x0b2c0b582716530bULL, 0x9d4e9d9cd327019dULL,
753 0x6cad6c47c1d82b6cULL, 0x31c43195f562a431ULL, 0x74cd7487b9e8f374ULL,
754 0xf6fff6e309f115f6ULL, 0x4605460a438c4c46ULL, 0xac8aac092645a5acULL,
755 0x891e893c970fb589ULL, 0x145014a04428b414ULL, 0xe1a3e15b42dfbae1ULL,
756 0x165816b04e2ca616ULL, 0x3ae83acdd274f73aULL, 0x69b9696fd0d20669ULL,
757 0x092409482d124109ULL, 0x70dd70a7ade0d770ULL, 0xb6e2b6d954716fb6ULL,
758 0xd067d0ceb7bd1ed0ULL, 0xed93ed3b7ec7d6edULL, 0xcc17cc2edb85e2ccULL,
759 0x4215422a57846842ULL, 0x985a98b4c22d2c98ULL, 0xa4aaa4490e55eda4ULL,
760 0x28a0285d88507528ULL, 0x5c6d5cda31b8865cULL, 0xf8c7f8933fed6bf8ULL,
761 0x86228644a411c286ULL,
762};
763
764static const u64 rc[WHIRLPOOL_ROUNDS + 1] = {
765 0x0000000000000000ULL, 0x1823c6e887b8014fULL, 0x36a6d2f5796f9152ULL,
766 0x60bc9b8ea30c7b35ULL, 0x1de0d7c22e4bfe57ULL, 0x157737e59ff04adaULL,
767 0x58c9290ab1a06b85ULL, 0xbd5d10f4cb3e0567ULL, 0xe427418ba77d95d8ULL,
768 0xfbee7c66dd17479eULL, 0xca2dbf07ad5a8333ULL,
769};
770
771/**
772 * The core Whirlpool transform.
773 */
774
775static void wp512_process_buffer(struct wp512_ctx *wctx) {
776 int i, r;
777 u64 K[8]; /* the round key */
778 u64 block[8]; /* mu(buffer) */
779 u64 state[8]; /* the cipher state */
780 u64 L[8];
781 u8 *buffer = wctx->buffer;
782
783 for (i = 0; i < 8; i++, buffer += 8) {
784 block[i] =
785 (((u64)buffer[0] ) << 56) ^
786 (((u64)buffer[1] & 0xffL) << 48) ^
787 (((u64)buffer[2] & 0xffL) << 40) ^
788 (((u64)buffer[3] & 0xffL) << 32) ^
789 (((u64)buffer[4] & 0xffL) << 24) ^
790 (((u64)buffer[5] & 0xffL) << 16) ^
791 (((u64)buffer[6] & 0xffL) << 8) ^
792 (((u64)buffer[7] & 0xffL) );
793 }
794
795 state[0] = block[0] ^ (K[0] = wctx->hash[0]);
796 state[1] = block[1] ^ (K[1] = wctx->hash[1]);
797 state[2] = block[2] ^ (K[2] = wctx->hash[2]);
798 state[3] = block[3] ^ (K[3] = wctx->hash[3]);
799 state[4] = block[4] ^ (K[4] = wctx->hash[4]);
800 state[5] = block[5] ^ (K[5] = wctx->hash[5]);
801 state[6] = block[6] ^ (K[6] = wctx->hash[6]);
802 state[7] = block[7] ^ (K[7] = wctx->hash[7]);
803
804 for (r = 1; r <= WHIRLPOOL_ROUNDS; r++) {
805
806 L[0] = C0[(int)(K[0] >> 56) ] ^
807 C1[(int)(K[7] >> 48) & 0xff] ^
808 C2[(int)(K[6] >> 40) & 0xff] ^
809 C3[(int)(K[5] >> 32) & 0xff] ^
810 C4[(int)(K[4] >> 24) & 0xff] ^
811 C5[(int)(K[3] >> 16) & 0xff] ^
812 C6[(int)(K[2] >> 8) & 0xff] ^
813 C7[(int)(K[1] ) & 0xff] ^
814 rc[r];
815
816 L[1] = C0[(int)(K[1] >> 56) ] ^
817 C1[(int)(K[0] >> 48) & 0xff] ^
818 C2[(int)(K[7] >> 40) & 0xff] ^
819 C3[(int)(K[6] >> 32) & 0xff] ^
820 C4[(int)(K[5] >> 24) & 0xff] ^
821 C5[(int)(K[4] >> 16) & 0xff] ^
822 C6[(int)(K[3] >> 8) & 0xff] ^
823 C7[(int)(K[2] ) & 0xff];
824
825 L[2] = C0[(int)(K[2] >> 56) ] ^
826 C1[(int)(K[1] >> 48) & 0xff] ^
827 C2[(int)(K[0] >> 40) & 0xff] ^
828 C3[(int)(K[7] >> 32) & 0xff] ^
829 C4[(int)(K[6] >> 24) & 0xff] ^
830 C5[(int)(K[5] >> 16) & 0xff] ^
831 C6[(int)(K[4] >> 8) & 0xff] ^
832 C7[(int)(K[3] ) & 0xff];
833
834 L[3] = C0[(int)(K[3] >> 56) ] ^
835 C1[(int)(K[2] >> 48) & 0xff] ^
836 C2[(int)(K[1] >> 40) & 0xff] ^
837 C3[(int)(K[0] >> 32) & 0xff] ^
838 C4[(int)(K[7] >> 24) & 0xff] ^
839 C5[(int)(K[6] >> 16) & 0xff] ^
840 C6[(int)(K[5] >> 8) & 0xff] ^
841 C7[(int)(K[4] ) & 0xff];
842
843 L[4] = C0[(int)(K[4] >> 56) ] ^
844 C1[(int)(K[3] >> 48) & 0xff] ^
845 C2[(int)(K[2] >> 40) & 0xff] ^
846 C3[(int)(K[1] >> 32) & 0xff] ^
847 C4[(int)(K[0] >> 24) & 0xff] ^
848 C5[(int)(K[7] >> 16) & 0xff] ^
849 C6[(int)(K[6] >> 8) & 0xff] ^
850 C7[(int)(K[5] ) & 0xff];
851
852 L[5] = C0[(int)(K[5] >> 56) ] ^
853 C1[(int)(K[4] >> 48) & 0xff] ^
854 C2[(int)(K[3] >> 40) & 0xff] ^
855 C3[(int)(K[2] >> 32) & 0xff] ^
856 C4[(int)(K[1] >> 24) & 0xff] ^
857 C5[(int)(K[0] >> 16) & 0xff] ^
858 C6[(int)(K[7] >> 8) & 0xff] ^
859 C7[(int)(K[6] ) & 0xff];
860
861 L[6] = C0[(int)(K[6] >> 56) ] ^
862 C1[(int)(K[5] >> 48) & 0xff] ^
863 C2[(int)(K[4] >> 40) & 0xff] ^
864 C3[(int)(K[3] >> 32) & 0xff] ^
865 C4[(int)(K[2] >> 24) & 0xff] ^
866 C5[(int)(K[1] >> 16) & 0xff] ^
867 C6[(int)(K[0] >> 8) & 0xff] ^
868 C7[(int)(K[7] ) & 0xff];
869
870 L[7] = C0[(int)(K[7] >> 56) ] ^
871 C1[(int)(K[6] >> 48) & 0xff] ^
872 C2[(int)(K[5] >> 40) & 0xff] ^
873 C3[(int)(K[4] >> 32) & 0xff] ^
874 C4[(int)(K[3] >> 24) & 0xff] ^
875 C5[(int)(K[2] >> 16) & 0xff] ^
876 C6[(int)(K[1] >> 8) & 0xff] ^
877 C7[(int)(K[0] ) & 0xff];
878
879 K[0] = L[0];
880 K[1] = L[1];
881 K[2] = L[2];
882 K[3] = L[3];
883 K[4] = L[4];
884 K[5] = L[5];
885 K[6] = L[6];
886 K[7] = L[7];
887
888 L[0] = C0[(int)(state[0] >> 56) ] ^
889 C1[(int)(state[7] >> 48) & 0xff] ^
890 C2[(int)(state[6] >> 40) & 0xff] ^
891 C3[(int)(state[5] >> 32) & 0xff] ^
892 C4[(int)(state[4] >> 24) & 0xff] ^
893 C5[(int)(state[3] >> 16) & 0xff] ^
894 C6[(int)(state[2] >> 8) & 0xff] ^
895 C7[(int)(state[1] ) & 0xff] ^
896 K[0];
897
898 L[1] = C0[(int)(state[1] >> 56) ] ^
899 C1[(int)(state[0] >> 48) & 0xff] ^
900 C2[(int)(state[7] >> 40) & 0xff] ^
901 C3[(int)(state[6] >> 32) & 0xff] ^
902 C4[(int)(state[5] >> 24) & 0xff] ^
903 C5[(int)(state[4] >> 16) & 0xff] ^
904 C6[(int)(state[3] >> 8) & 0xff] ^
905 C7[(int)(state[2] ) & 0xff] ^
906 K[1];
907
908 L[2] = C0[(int)(state[2] >> 56) ] ^
909 C1[(int)(state[1] >> 48) & 0xff] ^
910 C2[(int)(state[0] >> 40) & 0xff] ^
911 C3[(int)(state[7] >> 32) & 0xff] ^
912 C4[(int)(state[6] >> 24) & 0xff] ^
913 C5[(int)(state[5] >> 16) & 0xff] ^
914 C6[(int)(state[4] >> 8) & 0xff] ^
915 C7[(int)(state[3] ) & 0xff] ^
916 K[2];
917
918 L[3] = C0[(int)(state[3] >> 56) ] ^
919 C1[(int)(state[2] >> 48) & 0xff] ^
920 C2[(int)(state[1] >> 40) & 0xff] ^
921 C3[(int)(state[0] >> 32) & 0xff] ^
922 C4[(int)(state[7] >> 24) & 0xff] ^
923 C5[(int)(state[6] >> 16) & 0xff] ^
924 C6[(int)(state[5] >> 8) & 0xff] ^
925 C7[(int)(state[4] ) & 0xff] ^
926 K[3];
927
928 L[4] = C0[(int)(state[4] >> 56) ] ^
929 C1[(int)(state[3] >> 48) & 0xff] ^
930 C2[(int)(state[2] >> 40) & 0xff] ^
931 C3[(int)(state[1] >> 32) & 0xff] ^
932 C4[(int)(state[0] >> 24) & 0xff] ^
933 C5[(int)(state[7] >> 16) & 0xff] ^
934 C6[(int)(state[6] >> 8) & 0xff] ^
935 C7[(int)(state[5] ) & 0xff] ^
936 K[4];
937
938 L[5] = C0[(int)(state[5] >> 56) ] ^
939 C1[(int)(state[4] >> 48) & 0xff] ^
940 C2[(int)(state[3] >> 40) & 0xff] ^
941 C3[(int)(state[2] >> 32) & 0xff] ^
942 C4[(int)(state[1] >> 24) & 0xff] ^
943 C5[(int)(state[0] >> 16) & 0xff] ^
944 C6[(int)(state[7] >> 8) & 0xff] ^
945 C7[(int)(state[6] ) & 0xff] ^
946 K[5];
947
948 L[6] = C0[(int)(state[6] >> 56) ] ^
949 C1[(int)(state[5] >> 48) & 0xff] ^
950 C2[(int)(state[4] >> 40) & 0xff] ^
951 C3[(int)(state[3] >> 32) & 0xff] ^
952 C4[(int)(state[2] >> 24) & 0xff] ^
953 C5[(int)(state[1] >> 16) & 0xff] ^
954 C6[(int)(state[0] >> 8) & 0xff] ^
955 C7[(int)(state[7] ) & 0xff] ^
956 K[6];
957
958 L[7] = C0[(int)(state[7] >> 56) ] ^
959 C1[(int)(state[6] >> 48) & 0xff] ^
960 C2[(int)(state[5] >> 40) & 0xff] ^
961 C3[(int)(state[4] >> 32) & 0xff] ^
962 C4[(int)(state[3] >> 24) & 0xff] ^
963 C5[(int)(state[2] >> 16) & 0xff] ^
964 C6[(int)(state[1] >> 8) & 0xff] ^
965 C7[(int)(state[0] ) & 0xff] ^
966 K[7];
967
968 state[0] = L[0];
969 state[1] = L[1];
970 state[2] = L[2];
971 state[3] = L[3];
972 state[4] = L[4];
973 state[5] = L[5];
974 state[6] = L[6];
975 state[7] = L[7];
976 }
977 /*
978 * apply the Miyaguchi-Preneel compression function:
979 */
980 wctx->hash[0] ^= state[0] ^ block[0];
981 wctx->hash[1] ^= state[1] ^ block[1];
982 wctx->hash[2] ^= state[2] ^ block[2];
983 wctx->hash[3] ^= state[3] ^ block[3];
984 wctx->hash[4] ^= state[4] ^ block[4];
985 wctx->hash[5] ^= state[5] ^ block[5];
986 wctx->hash[6] ^= state[6] ^ block[6];
987 wctx->hash[7] ^= state[7] ^ block[7];
988
989}
990
991static void wp512_init (void *ctx) {
992 int i;
993 struct wp512_ctx *wctx = ctx;
994
995 memset(wctx->bitLength, 0, 32);
996 wctx->bufferBits = wctx->bufferPos = 0;
997 wctx->buffer[0] = 0;
998 for (i = 0; i < 8; i++) {
999 wctx->hash[i] = 0L;
1000 }
1001}
1002
1003static void wp512_update(void *ctx, const u8 *source, unsigned int len)
1004{
1005
1006 struct wp512_ctx *wctx = ctx;
1007 int sourcePos = 0;
1008 unsigned int bits_len = len * 8; // convert to number of bits
1009 int sourceGap = (8 - ((int)bits_len & 7)) & 7;
1010 int bufferRem = wctx->bufferBits & 7;
1011 int i;
1012 u32 b, carry;
1013 u8 *buffer = wctx->buffer;
1014 u8 *bitLength = wctx->bitLength;
1015 int bufferBits = wctx->bufferBits;
1016 int bufferPos = wctx->bufferPos;
1017
1018 u64 value = bits_len;
1019 for (i = 31, carry = 0; i >= 0 && (carry != 0 || value != 0ULL); i--) {
1020 carry += bitLength[i] + ((u32)value & 0xff);
1021 bitLength[i] = (u8)carry;
1022 carry >>= 8;
1023 value >>= 8;
1024 }
1025 while (bits_len > 8) {
1026 b = ((source[sourcePos] << sourceGap) & 0xff) |
1027 ((source[sourcePos + 1] & 0xff) >> (8 - sourceGap));
1028 buffer[bufferPos++] |= (u8)(b >> bufferRem);
1029 bufferBits += 8 - bufferRem;
1030 if (bufferBits == WP512_BLOCK_SIZE * 8) {
1031 wp512_process_buffer(wctx);
1032 bufferBits = bufferPos = 0;
1033 }
1034 buffer[bufferPos] = b << (8 - bufferRem);
1035 bufferBits += bufferRem;
1036 bits_len -= 8;
1037 sourcePos++;
1038 }
1039 if (bits_len > 0) {
1040 b = (source[sourcePos] << sourceGap) & 0xff;
1041 buffer[bufferPos] |= b >> bufferRem;
1042 } else {
1043 b = 0;
1044 }
1045 if (bufferRem + bits_len < 8) {
1046 bufferBits += bits_len;
1047 } else {
1048 bufferPos++;
1049 bufferBits += 8 - bufferRem;
1050 bits_len -= 8 - bufferRem;
1051 if (bufferBits == WP512_BLOCK_SIZE * 8) {
1052 wp512_process_buffer(wctx);
1053 bufferBits = bufferPos = 0;
1054 }
1055 buffer[bufferPos] = b << (8 - bufferRem);
1056 bufferBits += (int)bits_len;
1057 }
1058
1059 wctx->bufferBits = bufferBits;
1060 wctx->bufferPos = bufferPos;
1061
1062}
1063
1064static void wp512_final(void *ctx, u8 *out)
1065{
1066 struct wp512_ctx *wctx = ctx;
1067 int i;
1068 u8 *buffer = wctx->buffer;
1069 u8 *bitLength = wctx->bitLength;
1070 int bufferBits = wctx->bufferBits;
1071 int bufferPos = wctx->bufferPos;
1072 u8 *digest = out;
1073
1074 buffer[bufferPos] |= 0x80U >> (bufferBits & 7);
1075 bufferPos++;
1076 if (bufferPos > WP512_BLOCK_SIZE - WP512_LENGTHBYTES) {
1077 if (bufferPos < WP512_BLOCK_SIZE) {
1078 memset(&buffer[bufferPos], 0, WP512_BLOCK_SIZE - bufferPos);
1079 }
1080 wp512_process_buffer(wctx);
1081 bufferPos = 0;
1082 }
1083 if (bufferPos < WP512_BLOCK_SIZE - WP512_LENGTHBYTES) {
1084 memset(&buffer[bufferPos], 0,
1085 (WP512_BLOCK_SIZE - WP512_LENGTHBYTES) - bufferPos);
1086 }
1087 bufferPos = WP512_BLOCK_SIZE - WP512_LENGTHBYTES;
1088 memcpy(&buffer[WP512_BLOCK_SIZE - WP512_LENGTHBYTES],
1089 bitLength, WP512_LENGTHBYTES);
1090 wp512_process_buffer(wctx);
1091 for (i = 0; i < WP512_DIGEST_SIZE/8; i++) {
1092 digest[0] = (u8)(wctx->hash[i] >> 56);
1093 digest[1] = (u8)(wctx->hash[i] >> 48);
1094 digest[2] = (u8)(wctx->hash[i] >> 40);
1095 digest[3] = (u8)(wctx->hash[i] >> 32);
1096 digest[4] = (u8)(wctx->hash[i] >> 24);
1097 digest[5] = (u8)(wctx->hash[i] >> 16);
1098 digest[6] = (u8)(wctx->hash[i] >> 8);
1099 digest[7] = (u8)(wctx->hash[i] );
1100 digest += 8;
1101 }
1102 wctx->bufferBits = bufferBits;
1103 wctx->bufferPos = bufferPos;
1104}
1105
1106static void wp384_final(void *ctx, u8 *out)
1107{
1108 struct wp512_ctx *wctx = ctx;
1109 u8 D[64];
1110
1111 wp512_final (wctx, D);
1112 memcpy (out, D, WP384_DIGEST_SIZE);
1113 memset (D, 0, WP512_DIGEST_SIZE);
1114}
1115
1116static void wp256_final(void *ctx, u8 *out)
1117{
1118 struct wp512_ctx *wctx = ctx;
1119 u8 D[64];
1120
1121 wp512_final (wctx, D);
1122 memcpy (out, D, WP256_DIGEST_SIZE);
1123 memset (D, 0, WP512_DIGEST_SIZE);
1124}
1125
1126static struct crypto_alg wp512 = {
1127 .cra_name = "wp512",
1128 .cra_flags = CRYPTO_ALG_TYPE_DIGEST,
1129 .cra_blocksize = WP512_BLOCK_SIZE,
1130 .cra_ctxsize = sizeof(struct wp512_ctx),
1131 .cra_module = THIS_MODULE,
1132 .cra_list = LIST_HEAD_INIT(wp512.cra_list),
1133 .cra_u = { .digest = {
1134 .dia_digestsize = WP512_DIGEST_SIZE,
1135 .dia_init = wp512_init,
1136 .dia_update = wp512_update,
1137 .dia_final = wp512_final } }
1138};
1139
1140static struct crypto_alg wp384 = {
1141 .cra_name = "wp384",
1142 .cra_flags = CRYPTO_ALG_TYPE_DIGEST,
1143 .cra_blocksize = WP512_BLOCK_SIZE,
1144 .cra_ctxsize = sizeof(struct wp512_ctx),
1145 .cra_module = THIS_MODULE,
1146 .cra_list = LIST_HEAD_INIT(wp384.cra_list),
1147 .cra_u = { .digest = {
1148 .dia_digestsize = WP384_DIGEST_SIZE,
1149 .dia_init = wp512_init,
1150 .dia_update = wp512_update,
1151 .dia_final = wp384_final } }
1152};
1153
1154static struct crypto_alg wp256 = {
1155 .cra_name = "wp256",
1156 .cra_flags = CRYPTO_ALG_TYPE_DIGEST,
1157 .cra_blocksize = WP512_BLOCK_SIZE,
1158 .cra_ctxsize = sizeof(struct wp512_ctx),
1159 .cra_module = THIS_MODULE,
1160 .cra_list = LIST_HEAD_INIT(wp256.cra_list),
1161 .cra_u = { .digest = {
1162 .dia_digestsize = WP256_DIGEST_SIZE,
1163 .dia_init = wp512_init,
1164 .dia_update = wp512_update,
1165 .dia_final = wp256_final } }
1166};
1167
1168static int __init init(void)
1169{
1170 int ret = 0;
1171
1172 ret = crypto_register_alg(&wp512);
1173
1174 if (ret < 0)
1175 goto out;
1176
1177 ret = crypto_register_alg(&wp384);
1178 if (ret < 0)
1179 {
1180 crypto_unregister_alg(&wp512);
1181 goto out;
1182 }
1183
1184 ret = crypto_register_alg(&wp256);
1185 if (ret < 0)
1186 {
1187 crypto_unregister_alg(&wp512);
1188 crypto_unregister_alg(&wp384);
1189 }
1190out:
1191 return ret;
1192}
1193
1194static void __exit fini(void)
1195{
1196 crypto_unregister_alg(&wp512);
1197 crypto_unregister_alg(&wp384);
1198 crypto_unregister_alg(&wp256);
1199}
1200
1201MODULE_ALIAS("wp384");
1202MODULE_ALIAS("wp256");
1203
1204module_init(init);
1205module_exit(fini);
1206
1207MODULE_LICENSE("GPL");
1208MODULE_DESCRIPTION("Whirlpool Message Digest Algorithm");