diff options
Diffstat (limited to 'crypto')
-rw-r--r-- | crypto/Kconfig | 72 | ||||
-rw-r--r-- | crypto/Makefile | 3 | ||||
-rw-r--r-- | crypto/algapi.c | 15 | ||||
-rw-r--r-- | crypto/api.c | 80 | ||||
-rw-r--r-- | crypto/blkcipher.c | 9 | ||||
-rw-r--r-- | crypto/camellia.c | 1801 | ||||
-rw-r--r-- | crypto/cbc.c | 9 | ||||
-rw-r--r-- | crypto/cipher.c | 447 | ||||
-rw-r--r-- | crypto/compress.c | 5 | ||||
-rw-r--r-- | crypto/digest.c | 24 | ||||
-rw-r--r-- | crypto/ecb.c | 9 | ||||
-rw-r--r-- | crypto/fcrypt.c | 423 | ||||
-rw-r--r-- | crypto/hash.c | 5 | ||||
-rw-r--r-- | crypto/hmac.c | 9 | ||||
-rw-r--r-- | crypto/internal.h | 27 | ||||
-rw-r--r-- | crypto/lrw.c | 11 | ||||
-rw-r--r-- | crypto/pcbc.c | 349 | ||||
-rw-r--r-- | crypto/proc.c | 2 | ||||
-rw-r--r-- | crypto/tcrypt.c | 73 | ||||
-rw-r--r-- | crypto/tcrypt.h | 538 | ||||
-rw-r--r-- | crypto/xcbc.c | 60 |
21 files changed, 3334 insertions, 637 deletions
diff --git a/crypto/Kconfig b/crypto/Kconfig index 92ba249f3a5b..086fcec44720 100644 --- a/crypto/Kconfig +++ b/crypto/Kconfig | |||
@@ -74,14 +74,6 @@ config CRYPTO_SHA1 | |||
74 | help | 74 | help |
75 | SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2). | 75 | SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2). |
76 | 76 | ||
77 | config CRYPTO_SHA1_S390 | ||
78 | tristate "SHA1 digest algorithm (s390)" | ||
79 | depends on S390 | ||
80 | select CRYPTO_ALGAPI | ||
81 | help | ||
82 | This is the s390 hardware accelerated implementation of the | ||
83 | SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2). | ||
84 | |||
85 | config CRYPTO_SHA256 | 77 | config CRYPTO_SHA256 |
86 | tristate "SHA256 digest algorithm" | 78 | tristate "SHA256 digest algorithm" |
87 | select CRYPTO_ALGAPI | 79 | select CRYPTO_ALGAPI |
@@ -91,17 +83,6 @@ config CRYPTO_SHA256 | |||
91 | This version of SHA implements a 256 bit hash with 128 bits of | 83 | This version of SHA implements a 256 bit hash with 128 bits of |
92 | security against collision attacks. | 84 | security against collision attacks. |
93 | 85 | ||
94 | config CRYPTO_SHA256_S390 | ||
95 | tristate "SHA256 digest algorithm (s390)" | ||
96 | depends on S390 | ||
97 | select CRYPTO_ALGAPI | ||
98 | help | ||
99 | This is the s390 hardware accelerated implementation of the | ||
100 | SHA256 secure hash standard (DFIPS 180-2). | ||
101 | |||
102 | This version of SHA implements a 256 bit hash with 128 bits of | ||
103 | security against collision attacks. | ||
104 | |||
105 | config CRYPTO_SHA512 | 86 | config CRYPTO_SHA512 |
106 | tristate "SHA384 and SHA512 digest algorithms" | 87 | tristate "SHA384 and SHA512 digest algorithms" |
107 | select CRYPTO_ALGAPI | 88 | select CRYPTO_ALGAPI |
@@ -168,6 +149,15 @@ config CRYPTO_CBC | |||
168 | CBC: Cipher Block Chaining mode | 149 | CBC: Cipher Block Chaining mode |
169 | This block cipher algorithm is required for IPSec. | 150 | This block cipher algorithm is required for IPSec. |
170 | 151 | ||
152 | config CRYPTO_PCBC | ||
153 | tristate "PCBC support" | ||
154 | select CRYPTO_BLKCIPHER | ||
155 | select CRYPTO_MANAGER | ||
156 | default m | ||
157 | help | ||
158 | PCBC: Propagating Cipher Block Chaining mode | ||
159 | This block cipher algorithm is required for RxRPC. | ||
160 | |||
171 | config CRYPTO_LRW | 161 | config CRYPTO_LRW |
172 | tristate "LRW support (EXPERIMENTAL)" | 162 | tristate "LRW support (EXPERIMENTAL)" |
173 | depends on EXPERIMENTAL | 163 | depends on EXPERIMENTAL |
@@ -187,13 +177,12 @@ config CRYPTO_DES | |||
187 | help | 177 | help |
188 | DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3). | 178 | DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3). |
189 | 179 | ||
190 | config CRYPTO_DES_S390 | 180 | config CRYPTO_FCRYPT |
191 | tristate "DES and Triple DES cipher algorithms (s390)" | 181 | tristate "FCrypt cipher algorithm" |
192 | depends on S390 | ||
193 | select CRYPTO_ALGAPI | 182 | select CRYPTO_ALGAPI |
194 | select CRYPTO_BLKCIPHER | 183 | select CRYPTO_BLKCIPHER |
195 | help | 184 | help |
196 | DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3). | 185 | FCrypt algorithm used by RxRPC. |
197 | 186 | ||
198 | config CRYPTO_BLOWFISH | 187 | config CRYPTO_BLOWFISH |
199 | tristate "Blowfish cipher algorithm" | 188 | tristate "Blowfish cipher algorithm" |
@@ -336,28 +325,6 @@ config CRYPTO_AES_X86_64 | |||
336 | 325 | ||
337 | See <http://csrc.nist.gov/encryption/aes/> for more information. | 326 | See <http://csrc.nist.gov/encryption/aes/> for more information. |
338 | 327 | ||
339 | config CRYPTO_AES_S390 | ||
340 | tristate "AES cipher algorithms (s390)" | ||
341 | depends on S390 | ||
342 | select CRYPTO_ALGAPI | ||
343 | select CRYPTO_BLKCIPHER | ||
344 | help | ||
345 | This is the s390 hardware accelerated implementation of the | ||
346 | AES cipher algorithms (FIPS-197). AES uses the Rijndael | ||
347 | algorithm. | ||
348 | |||
349 | Rijndael appears to be consistently a very good performer in | ||
350 | both hardware and software across a wide range of computing | ||
351 | environments regardless of its use in feedback or non-feedback | ||
352 | modes. Its key setup time is excellent, and its key agility is | ||
353 | good. Rijndael's very low memory requirements make it very well | ||
354 | suited for restricted-space environments, in which it also | ||
355 | demonstrates excellent performance. Rijndael's operations are | ||
356 | among the easiest to defend against power and timing attacks. | ||
357 | |||
358 | On s390 the System z9-109 currently only supports the key size | ||
359 | of 128 bit. | ||
360 | |||
361 | config CRYPTO_CAST5 | 328 | config CRYPTO_CAST5 |
362 | tristate "CAST5 (CAST-128) cipher algorithm" | 329 | tristate "CAST5 (CAST-128) cipher algorithm" |
363 | select CRYPTO_ALGAPI | 330 | select CRYPTO_ALGAPI |
@@ -458,6 +425,21 @@ config CRYPTO_CRC32C | |||
458 | See Castagnoli93. This implementation uses lib/libcrc32c. | 425 | See Castagnoli93. This implementation uses lib/libcrc32c. |
459 | Module will be crc32c. | 426 | Module will be crc32c. |
460 | 427 | ||
428 | config CRYPTO_CAMELLIA | ||
429 | tristate "Camellia cipher algorithms" | ||
430 | depends on CRYPTO | ||
431 | select CRYPTO_ALGAPI | ||
432 | help | ||
433 | Camellia cipher algorithms module. | ||
434 | |||
435 | Camellia is a symmetric key block cipher developed jointly | ||
436 | at NTT and Mitsubishi Electric Corporation. | ||
437 | |||
438 | The Camellia specifies three key sizes: 128, 192 and 256 bits. | ||
439 | |||
440 | See also: | ||
441 | <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html> | ||
442 | |||
461 | config CRYPTO_TEST | 443 | config CRYPTO_TEST |
462 | tristate "Testing module" | 444 | tristate "Testing module" |
463 | depends on m | 445 | depends on m |
diff --git a/crypto/Makefile b/crypto/Makefile index 60e3d24f61f5..12f93f578171 100644 --- a/crypto/Makefile +++ b/crypto/Makefile | |||
@@ -27,13 +27,16 @@ obj-$(CONFIG_CRYPTO_TGR192) += tgr192.o | |||
27 | obj-$(CONFIG_CRYPTO_GF128MUL) += gf128mul.o | 27 | obj-$(CONFIG_CRYPTO_GF128MUL) += gf128mul.o |
28 | obj-$(CONFIG_CRYPTO_ECB) += ecb.o | 28 | obj-$(CONFIG_CRYPTO_ECB) += ecb.o |
29 | obj-$(CONFIG_CRYPTO_CBC) += cbc.o | 29 | obj-$(CONFIG_CRYPTO_CBC) += cbc.o |
30 | obj-$(CONFIG_CRYPTO_PCBC) += pcbc.o | ||
30 | obj-$(CONFIG_CRYPTO_LRW) += lrw.o | 31 | obj-$(CONFIG_CRYPTO_LRW) += lrw.o |
31 | obj-$(CONFIG_CRYPTO_DES) += des.o | 32 | obj-$(CONFIG_CRYPTO_DES) += des.o |
33 | obj-$(CONFIG_CRYPTO_FCRYPT) += fcrypt.o | ||
32 | obj-$(CONFIG_CRYPTO_BLOWFISH) += blowfish.o | 34 | obj-$(CONFIG_CRYPTO_BLOWFISH) += blowfish.o |
33 | obj-$(CONFIG_CRYPTO_TWOFISH) += twofish.o | 35 | obj-$(CONFIG_CRYPTO_TWOFISH) += twofish.o |
34 | obj-$(CONFIG_CRYPTO_TWOFISH_COMMON) += twofish_common.o | 36 | obj-$(CONFIG_CRYPTO_TWOFISH_COMMON) += twofish_common.o |
35 | obj-$(CONFIG_CRYPTO_SERPENT) += serpent.o | 37 | obj-$(CONFIG_CRYPTO_SERPENT) += serpent.o |
36 | obj-$(CONFIG_CRYPTO_AES) += aes.o | 38 | obj-$(CONFIG_CRYPTO_AES) += aes.o |
39 | obj-$(CONFIG_CRYPTO_CAMELLIA) += camellia.o | ||
37 | obj-$(CONFIG_CRYPTO_CAST5) += cast5.o | 40 | obj-$(CONFIG_CRYPTO_CAST5) += cast5.o |
38 | obj-$(CONFIG_CRYPTO_CAST6) += cast6.o | 41 | obj-$(CONFIG_CRYPTO_CAST6) += cast6.o |
39 | obj-$(CONFIG_CRYPTO_ARC4) += arc4.o | 42 | obj-$(CONFIG_CRYPTO_ARC4) += arc4.o |
diff --git a/crypto/algapi.c b/crypto/algapi.c index c91530021e9c..f7d2185b2c8f 100644 --- a/crypto/algapi.c +++ b/crypto/algapi.c | |||
@@ -377,7 +377,8 @@ void crypto_drop_spawn(struct crypto_spawn *spawn) | |||
377 | } | 377 | } |
378 | EXPORT_SYMBOL_GPL(crypto_drop_spawn); | 378 | EXPORT_SYMBOL_GPL(crypto_drop_spawn); |
379 | 379 | ||
380 | struct crypto_tfm *crypto_spawn_tfm(struct crypto_spawn *spawn) | 380 | struct crypto_tfm *crypto_spawn_tfm(struct crypto_spawn *spawn, u32 type, |
381 | u32 mask) | ||
381 | { | 382 | { |
382 | struct crypto_alg *alg; | 383 | struct crypto_alg *alg; |
383 | struct crypto_alg *alg2; | 384 | struct crypto_alg *alg2; |
@@ -396,10 +397,18 @@ struct crypto_tfm *crypto_spawn_tfm(struct crypto_spawn *spawn) | |||
396 | return ERR_PTR(-EAGAIN); | 397 | return ERR_PTR(-EAGAIN); |
397 | } | 398 | } |
398 | 399 | ||
399 | tfm = __crypto_alloc_tfm(alg, 0); | 400 | tfm = ERR_PTR(-EINVAL); |
401 | if (unlikely((alg->cra_flags ^ type) & mask)) | ||
402 | goto out_put_alg; | ||
403 | |||
404 | tfm = __crypto_alloc_tfm(alg, type, mask); | ||
400 | if (IS_ERR(tfm)) | 405 | if (IS_ERR(tfm)) |
401 | crypto_mod_put(alg); | 406 | goto out_put_alg; |
407 | |||
408 | return tfm; | ||
402 | 409 | ||
410 | out_put_alg: | ||
411 | crypto_mod_put(alg); | ||
403 | return tfm; | 412 | return tfm; |
404 | } | 413 | } |
405 | EXPORT_SYMBOL_GPL(crypto_spawn_tfm); | 414 | EXPORT_SYMBOL_GPL(crypto_spawn_tfm); |
diff --git a/crypto/api.c b/crypto/api.c index 8c446871cd5b..55af8bb0f050 100644 --- a/crypto/api.c +++ b/crypto/api.c | |||
@@ -212,31 +212,12 @@ struct crypto_alg *crypto_alg_mod_lookup(const char *name, u32 type, u32 mask) | |||
212 | } | 212 | } |
213 | EXPORT_SYMBOL_GPL(crypto_alg_mod_lookup); | 213 | EXPORT_SYMBOL_GPL(crypto_alg_mod_lookup); |
214 | 214 | ||
215 | static int crypto_init_flags(struct crypto_tfm *tfm, u32 flags) | 215 | static int crypto_init_ops(struct crypto_tfm *tfm, u32 type, u32 mask) |
216 | { | 216 | { |
217 | tfm->crt_flags = flags & CRYPTO_TFM_REQ_MASK; | 217 | const struct crypto_type *type_obj = tfm->__crt_alg->cra_type; |
218 | flags &= ~CRYPTO_TFM_REQ_MASK; | ||
219 | |||
220 | switch (crypto_tfm_alg_type(tfm)) { | ||
221 | case CRYPTO_ALG_TYPE_CIPHER: | ||
222 | return crypto_init_cipher_flags(tfm, flags); | ||
223 | |||
224 | case CRYPTO_ALG_TYPE_DIGEST: | ||
225 | return crypto_init_digest_flags(tfm, flags); | ||
226 | |||
227 | case CRYPTO_ALG_TYPE_COMPRESS: | ||
228 | return crypto_init_compress_flags(tfm, flags); | ||
229 | } | ||
230 | |||
231 | return 0; | ||
232 | } | ||
233 | 218 | ||
234 | static int crypto_init_ops(struct crypto_tfm *tfm) | 219 | if (type_obj) |
235 | { | 220 | return type_obj->init(tfm, type, mask); |
236 | const struct crypto_type *type = tfm->__crt_alg->cra_type; | ||
237 | |||
238 | if (type) | ||
239 | return type->init(tfm); | ||
240 | 221 | ||
241 | switch (crypto_tfm_alg_type(tfm)) { | 222 | switch (crypto_tfm_alg_type(tfm)) { |
242 | case CRYPTO_ALG_TYPE_CIPHER: | 223 | case CRYPTO_ALG_TYPE_CIPHER: |
@@ -285,29 +266,29 @@ static void crypto_exit_ops(struct crypto_tfm *tfm) | |||
285 | } | 266 | } |
286 | } | 267 | } |
287 | 268 | ||
288 | static unsigned int crypto_ctxsize(struct crypto_alg *alg, int flags) | 269 | static unsigned int crypto_ctxsize(struct crypto_alg *alg, u32 type, u32 mask) |
289 | { | 270 | { |
290 | const struct crypto_type *type = alg->cra_type; | 271 | const struct crypto_type *type_obj = alg->cra_type; |
291 | unsigned int len; | 272 | unsigned int len; |
292 | 273 | ||
293 | len = alg->cra_alignmask & ~(crypto_tfm_ctx_alignment() - 1); | 274 | len = alg->cra_alignmask & ~(crypto_tfm_ctx_alignment() - 1); |
294 | if (type) | 275 | if (type_obj) |
295 | return len + type->ctxsize(alg); | 276 | return len + type_obj->ctxsize(alg, type, mask); |
296 | 277 | ||
297 | switch (alg->cra_flags & CRYPTO_ALG_TYPE_MASK) { | 278 | switch (alg->cra_flags & CRYPTO_ALG_TYPE_MASK) { |
298 | default: | 279 | default: |
299 | BUG(); | 280 | BUG(); |
300 | 281 | ||
301 | case CRYPTO_ALG_TYPE_CIPHER: | 282 | case CRYPTO_ALG_TYPE_CIPHER: |
302 | len += crypto_cipher_ctxsize(alg, flags); | 283 | len += crypto_cipher_ctxsize(alg); |
303 | break; | 284 | break; |
304 | 285 | ||
305 | case CRYPTO_ALG_TYPE_DIGEST: | 286 | case CRYPTO_ALG_TYPE_DIGEST: |
306 | len += crypto_digest_ctxsize(alg, flags); | 287 | len += crypto_digest_ctxsize(alg); |
307 | break; | 288 | break; |
308 | 289 | ||
309 | case CRYPTO_ALG_TYPE_COMPRESS: | 290 | case CRYPTO_ALG_TYPE_COMPRESS: |
310 | len += crypto_compress_ctxsize(alg, flags); | 291 | len += crypto_compress_ctxsize(alg); |
311 | break; | 292 | break; |
312 | } | 293 | } |
313 | 294 | ||
@@ -322,24 +303,21 @@ void crypto_shoot_alg(struct crypto_alg *alg) | |||
322 | } | 303 | } |
323 | EXPORT_SYMBOL_GPL(crypto_shoot_alg); | 304 | EXPORT_SYMBOL_GPL(crypto_shoot_alg); |
324 | 305 | ||
325 | struct crypto_tfm *__crypto_alloc_tfm(struct crypto_alg *alg, u32 flags) | 306 | struct crypto_tfm *__crypto_alloc_tfm(struct crypto_alg *alg, u32 type, |
307 | u32 mask) | ||
326 | { | 308 | { |
327 | struct crypto_tfm *tfm = NULL; | 309 | struct crypto_tfm *tfm = NULL; |
328 | unsigned int tfm_size; | 310 | unsigned int tfm_size; |
329 | int err = -ENOMEM; | 311 | int err = -ENOMEM; |
330 | 312 | ||
331 | tfm_size = sizeof(*tfm) + crypto_ctxsize(alg, flags); | 313 | tfm_size = sizeof(*tfm) + crypto_ctxsize(alg, type, mask); |
332 | tfm = kzalloc(tfm_size, GFP_KERNEL); | 314 | tfm = kzalloc(tfm_size, GFP_KERNEL); |
333 | if (tfm == NULL) | 315 | if (tfm == NULL) |
334 | goto out_err; | 316 | goto out_err; |
335 | 317 | ||
336 | tfm->__crt_alg = alg; | 318 | tfm->__crt_alg = alg; |
337 | 319 | ||
338 | err = crypto_init_flags(tfm, flags); | 320 | err = crypto_init_ops(tfm, type, mask); |
339 | if (err) | ||
340 | goto out_free_tfm; | ||
341 | |||
342 | err = crypto_init_ops(tfm); | ||
343 | if (err) | 321 | if (err) |
344 | goto out_free_tfm; | 322 | goto out_free_tfm; |
345 | 323 | ||
@@ -362,31 +340,6 @@ out: | |||
362 | } | 340 | } |
363 | EXPORT_SYMBOL_GPL(__crypto_alloc_tfm); | 341 | EXPORT_SYMBOL_GPL(__crypto_alloc_tfm); |
364 | 342 | ||
365 | struct crypto_tfm *crypto_alloc_tfm(const char *name, u32 flags) | ||
366 | { | ||
367 | struct crypto_tfm *tfm = NULL; | ||
368 | int err; | ||
369 | |||
370 | do { | ||
371 | struct crypto_alg *alg; | ||
372 | |||
373 | alg = crypto_alg_mod_lookup(name, 0, CRYPTO_ALG_ASYNC); | ||
374 | err = PTR_ERR(alg); | ||
375 | if (IS_ERR(alg)) | ||
376 | continue; | ||
377 | |||
378 | tfm = __crypto_alloc_tfm(alg, flags); | ||
379 | err = 0; | ||
380 | if (IS_ERR(tfm)) { | ||
381 | crypto_mod_put(alg); | ||
382 | err = PTR_ERR(tfm); | ||
383 | tfm = NULL; | ||
384 | } | ||
385 | } while (err == -EAGAIN && !signal_pending(current)); | ||
386 | |||
387 | return tfm; | ||
388 | } | ||
389 | |||
390 | /* | 343 | /* |
391 | * crypto_alloc_base - Locate algorithm and allocate transform | 344 | * crypto_alloc_base - Locate algorithm and allocate transform |
392 | * @alg_name: Name of algorithm | 345 | * @alg_name: Name of algorithm |
@@ -420,7 +373,7 @@ struct crypto_tfm *crypto_alloc_base(const char *alg_name, u32 type, u32 mask) | |||
420 | goto err; | 373 | goto err; |
421 | } | 374 | } |
422 | 375 | ||
423 | tfm = __crypto_alloc_tfm(alg, 0); | 376 | tfm = __crypto_alloc_tfm(alg, type, mask); |
424 | if (!IS_ERR(tfm)) | 377 | if (!IS_ERR(tfm)) |
425 | return tfm; | 378 | return tfm; |
426 | 379 | ||
@@ -466,7 +419,6 @@ void crypto_free_tfm(struct crypto_tfm *tfm) | |||
466 | kfree(tfm); | 419 | kfree(tfm); |
467 | } | 420 | } |
468 | 421 | ||
469 | EXPORT_SYMBOL_GPL(crypto_alloc_tfm); | ||
470 | EXPORT_SYMBOL_GPL(crypto_free_tfm); | 422 | EXPORT_SYMBOL_GPL(crypto_free_tfm); |
471 | 423 | ||
472 | int crypto_has_alg(const char *name, u32 type, u32 mask) | 424 | int crypto_has_alg(const char *name, u32 type, u32 mask) |
diff --git a/crypto/blkcipher.c b/crypto/blkcipher.c index 6e93004f2181..b5befe8c3a96 100644 --- a/crypto/blkcipher.c +++ b/crypto/blkcipher.c | |||
@@ -16,6 +16,7 @@ | |||
16 | 16 | ||
17 | #include <linux/crypto.h> | 17 | #include <linux/crypto.h> |
18 | #include <linux/errno.h> | 18 | #include <linux/errno.h> |
19 | #include <linux/hardirq.h> | ||
19 | #include <linux/kernel.h> | 20 | #include <linux/kernel.h> |
20 | #include <linux/module.h> | 21 | #include <linux/module.h> |
21 | #include <linux/scatterlist.h> | 22 | #include <linux/scatterlist.h> |
@@ -313,6 +314,9 @@ static int blkcipher_walk_first(struct blkcipher_desc *desc, | |||
313 | struct crypto_blkcipher *tfm = desc->tfm; | 314 | struct crypto_blkcipher *tfm = desc->tfm; |
314 | unsigned int alignmask = crypto_blkcipher_alignmask(tfm); | 315 | unsigned int alignmask = crypto_blkcipher_alignmask(tfm); |
315 | 316 | ||
317 | if (WARN_ON_ONCE(in_irq())) | ||
318 | return -EDEADLK; | ||
319 | |||
316 | walk->nbytes = walk->total; | 320 | walk->nbytes = walk->total; |
317 | if (unlikely(!walk->total)) | 321 | if (unlikely(!walk->total)) |
318 | return 0; | 322 | return 0; |
@@ -345,7 +349,8 @@ static int setkey(struct crypto_tfm *tfm, const u8 *key, | |||
345 | return cipher->setkey(tfm, key, keylen); | 349 | return cipher->setkey(tfm, key, keylen); |
346 | } | 350 | } |
347 | 351 | ||
348 | static unsigned int crypto_blkcipher_ctxsize(struct crypto_alg *alg) | 352 | static unsigned int crypto_blkcipher_ctxsize(struct crypto_alg *alg, u32 type, |
353 | u32 mask) | ||
349 | { | 354 | { |
350 | struct blkcipher_alg *cipher = &alg->cra_blkcipher; | 355 | struct blkcipher_alg *cipher = &alg->cra_blkcipher; |
351 | unsigned int len = alg->cra_ctxsize; | 356 | unsigned int len = alg->cra_ctxsize; |
@@ -358,7 +363,7 @@ static unsigned int crypto_blkcipher_ctxsize(struct crypto_alg *alg) | |||
358 | return len; | 363 | return len; |
359 | } | 364 | } |
360 | 365 | ||
361 | static int crypto_init_blkcipher_ops(struct crypto_tfm *tfm) | 366 | static int crypto_init_blkcipher_ops(struct crypto_tfm *tfm, u32 type, u32 mask) |
362 | { | 367 | { |
363 | struct blkcipher_tfm *crt = &tfm->crt_blkcipher; | 368 | struct blkcipher_tfm *crt = &tfm->crt_blkcipher; |
364 | struct blkcipher_alg *alg = &tfm->__crt_alg->cra_blkcipher; | 369 | struct blkcipher_alg *alg = &tfm->__crt_alg->cra_blkcipher; |
diff --git a/crypto/camellia.c b/crypto/camellia.c new file mode 100644 index 000000000000..6877ecfd90bb --- /dev/null +++ b/crypto/camellia.c | |||
@@ -0,0 +1,1801 @@ | |||
1 | /* | ||
2 | * Copyright (C) 2006 | ||
3 | * NTT (Nippon Telegraph and Telephone Corporation). | ||
4 | * | ||
5 | * This program is free software; you can redistribute it and/or | ||
6 | * modify it under the terms of the GNU General Public License | ||
7 | * as published by the Free Software Foundation; either version 2 | ||
8 | * of the License, or (at your option) any later version. | ||
9 | * | ||
10 | * This program is distributed in the hope that it will be useful, | ||
11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of | ||
12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | ||
13 | * GNU General Public License for more details. | ||
14 | * | ||
15 | * You should have received a copy of the GNU General Public License | ||
16 | * along with this program; if not, write to the Free Software | ||
17 | * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. | ||
18 | */ | ||
19 | |||
20 | /* | ||
21 | * Algorithm Specification | ||
22 | * http://info.isl.ntt.co.jp/crypt/eng/camellia/specifications.html | ||
23 | */ | ||
24 | |||
25 | /* | ||
26 | * | ||
27 | * NOTE --- NOTE --- NOTE --- NOTE | ||
28 | * This implementation assumes that all memory addresses passed | ||
29 | * as parameters are four-byte aligned. | ||
30 | * | ||
31 | */ | ||
32 | |||
33 | #include <linux/crypto.h> | ||
34 | #include <linux/errno.h> | ||
35 | #include <linux/init.h> | ||
36 | #include <linux/kernel.h> | ||
37 | #include <linux/module.h> | ||
38 | |||
39 | |||
40 | #define CAMELLIA_MIN_KEY_SIZE 16 | ||
41 | #define CAMELLIA_MAX_KEY_SIZE 32 | ||
42 | #define CAMELLIA_BLOCK_SIZE 16 | ||
43 | #define CAMELLIA_TABLE_BYTE_LEN 272 | ||
44 | #define CAMELLIA_TABLE_WORD_LEN (CAMELLIA_TABLE_BYTE_LEN / 4) | ||
45 | |||
46 | typedef u32 KEY_TABLE_TYPE[CAMELLIA_TABLE_WORD_LEN]; | ||
47 | |||
48 | |||
49 | /* key constants */ | ||
50 | |||
51 | #define CAMELLIA_SIGMA1L (0xA09E667FL) | ||
52 | #define CAMELLIA_SIGMA1R (0x3BCC908BL) | ||
53 | #define CAMELLIA_SIGMA2L (0xB67AE858L) | ||
54 | #define CAMELLIA_SIGMA2R (0x4CAA73B2L) | ||
55 | #define CAMELLIA_SIGMA3L (0xC6EF372FL) | ||
56 | #define CAMELLIA_SIGMA3R (0xE94F82BEL) | ||
57 | #define CAMELLIA_SIGMA4L (0x54FF53A5L) | ||
58 | #define CAMELLIA_SIGMA4R (0xF1D36F1CL) | ||
59 | #define CAMELLIA_SIGMA5L (0x10E527FAL) | ||
60 | #define CAMELLIA_SIGMA5R (0xDE682D1DL) | ||
61 | #define CAMELLIA_SIGMA6L (0xB05688C2L) | ||
62 | #define CAMELLIA_SIGMA6R (0xB3E6C1FDL) | ||
63 | |||
64 | struct camellia_ctx { | ||
65 | int key_length; | ||
66 | KEY_TABLE_TYPE key_table; | ||
67 | }; | ||
68 | |||
69 | |||
70 | /* | ||
71 | * macros | ||
72 | */ | ||
73 | |||
74 | |||
75 | # define GETU32(pt) (((u32)(pt)[0] << 24) \ | ||
76 | ^ ((u32)(pt)[1] << 16) \ | ||
77 | ^ ((u32)(pt)[2] << 8) \ | ||
78 | ^ ((u32)(pt)[3])) | ||
79 | |||
80 | #define COPY4WORD(dst, src) \ | ||
81 | do { \ | ||
82 | (dst)[0]=(src)[0]; \ | ||
83 | (dst)[1]=(src)[1]; \ | ||
84 | (dst)[2]=(src)[2]; \ | ||
85 | (dst)[3]=(src)[3]; \ | ||
86 | }while(0) | ||
87 | |||
88 | #define SWAP4WORD(word) \ | ||
89 | do { \ | ||
90 | CAMELLIA_SWAP4((word)[0]); \ | ||
91 | CAMELLIA_SWAP4((word)[1]); \ | ||
92 | CAMELLIA_SWAP4((word)[2]); \ | ||
93 | CAMELLIA_SWAP4((word)[3]); \ | ||
94 | }while(0) | ||
95 | |||
96 | #define XOR4WORD(a, b)/* a = a ^ b */ \ | ||
97 | do { \ | ||
98 | (a)[0]^=(b)[0]; \ | ||
99 | (a)[1]^=(b)[1]; \ | ||
100 | (a)[2]^=(b)[2]; \ | ||
101 | (a)[3]^=(b)[3]; \ | ||
102 | }while(0) | ||
103 | |||
104 | #define XOR4WORD2(a, b, c)/* a = b ^ c */ \ | ||
105 | do { \ | ||
106 | (a)[0]=(b)[0]^(c)[0]; \ | ||
107 | (a)[1]=(b)[1]^(c)[1]; \ | ||
108 | (a)[2]=(b)[2]^(c)[2]; \ | ||
109 | (a)[3]=(b)[3]^(c)[3]; \ | ||
110 | }while(0) | ||
111 | |||
112 | #define CAMELLIA_SUBKEY_L(INDEX) (subkey[(INDEX)*2]) | ||
113 | #define CAMELLIA_SUBKEY_R(INDEX) (subkey[(INDEX)*2 + 1]) | ||
114 | |||
115 | /* rotation right shift 1byte */ | ||
116 | #define CAMELLIA_RR8(x) (((x) >> 8) + ((x) << 24)) | ||
117 | /* rotation left shift 1bit */ | ||
118 | #define CAMELLIA_RL1(x) (((x) << 1) + ((x) >> 31)) | ||
119 | /* rotation left shift 1byte */ | ||
120 | #define CAMELLIA_RL8(x) (((x) << 8) + ((x) >> 24)) | ||
121 | |||
122 | #define CAMELLIA_ROLDQ(ll, lr, rl, rr, w0, w1, bits) \ | ||
123 | do { \ | ||
124 | w0 = ll; \ | ||
125 | ll = (ll << bits) + (lr >> (32 - bits)); \ | ||
126 | lr = (lr << bits) + (rl >> (32 - bits)); \ | ||
127 | rl = (rl << bits) + (rr >> (32 - bits)); \ | ||
128 | rr = (rr << bits) + (w0 >> (32 - bits)); \ | ||
129 | } while(0) | ||
130 | |||
131 | #define CAMELLIA_ROLDQo32(ll, lr, rl, rr, w0, w1, bits) \ | ||
132 | do { \ | ||
133 | w0 = ll; \ | ||
134 | w1 = lr; \ | ||
135 | ll = (lr << (bits - 32)) + (rl >> (64 - bits)); \ | ||
136 | lr = (rl << (bits - 32)) + (rr >> (64 - bits)); \ | ||
137 | rl = (rr << (bits - 32)) + (w0 >> (64 - bits)); \ | ||
138 | rr = (w0 << (bits - 32)) + (w1 >> (64 - bits)); \ | ||
139 | } while(0) | ||
140 | |||
141 | #define CAMELLIA_SP1110(INDEX) (camellia_sp1110[(INDEX)]) | ||
142 | #define CAMELLIA_SP0222(INDEX) (camellia_sp0222[(INDEX)]) | ||
143 | #define CAMELLIA_SP3033(INDEX) (camellia_sp3033[(INDEX)]) | ||
144 | #define CAMELLIA_SP4404(INDEX) (camellia_sp4404[(INDEX)]) | ||
145 | |||
146 | #define CAMELLIA_F(xl, xr, kl, kr, yl, yr, il, ir, t0, t1) \ | ||
147 | do { \ | ||
148 | il = xl ^ kl; \ | ||
149 | ir = xr ^ kr; \ | ||
150 | t0 = il >> 16; \ | ||
151 | t1 = ir >> 16; \ | ||
152 | yl = CAMELLIA_SP1110(ir & 0xff) \ | ||
153 | ^ CAMELLIA_SP0222((t1 >> 8) & 0xff) \ | ||
154 | ^ CAMELLIA_SP3033(t1 & 0xff) \ | ||
155 | ^ CAMELLIA_SP4404((ir >> 8) & 0xff); \ | ||
156 | yr = CAMELLIA_SP1110((t0 >> 8) & 0xff) \ | ||
157 | ^ CAMELLIA_SP0222(t0 & 0xff) \ | ||
158 | ^ CAMELLIA_SP3033((il >> 8) & 0xff) \ | ||
159 | ^ CAMELLIA_SP4404(il & 0xff); \ | ||
160 | yl ^= yr; \ | ||
161 | yr = CAMELLIA_RR8(yr); \ | ||
162 | yr ^= yl; \ | ||
163 | } while(0) | ||
164 | |||
165 | |||
166 | /* | ||
167 | * for speed up | ||
168 | * | ||
169 | */ | ||
170 | #define CAMELLIA_FLS(ll, lr, rl, rr, kll, klr, krl, krr, t0, t1, t2, t3) \ | ||
171 | do { \ | ||
172 | t0 = kll; \ | ||
173 | t2 = krr; \ | ||
174 | t0 &= ll; \ | ||
175 | t2 |= rr; \ | ||
176 | rl ^= t2; \ | ||
177 | lr ^= CAMELLIA_RL1(t0); \ | ||
178 | t3 = krl; \ | ||
179 | t1 = klr; \ | ||
180 | t3 &= rl; \ | ||
181 | t1 |= lr; \ | ||
182 | ll ^= t1; \ | ||
183 | rr ^= CAMELLIA_RL1(t3); \ | ||
184 | } while(0) | ||
185 | |||
186 | #define CAMELLIA_ROUNDSM(xl, xr, kl, kr, yl, yr, il, ir, t0, t1) \ | ||
187 | do { \ | ||
188 | ir = CAMELLIA_SP1110(xr & 0xff); \ | ||
189 | il = CAMELLIA_SP1110((xl>>24) & 0xff); \ | ||
190 | ir ^= CAMELLIA_SP0222((xr>>24) & 0xff); \ | ||
191 | il ^= CAMELLIA_SP0222((xl>>16) & 0xff); \ | ||
192 | ir ^= CAMELLIA_SP3033((xr>>16) & 0xff); \ | ||
193 | il ^= CAMELLIA_SP3033((xl>>8) & 0xff); \ | ||
194 | ir ^= CAMELLIA_SP4404((xr>>8) & 0xff); \ | ||
195 | il ^= CAMELLIA_SP4404(xl & 0xff); \ | ||
196 | il ^= kl; \ | ||
197 | ir ^= il ^ kr; \ | ||
198 | yl ^= ir; \ | ||
199 | yr ^= CAMELLIA_RR8(il) ^ ir; \ | ||
200 | } while(0) | ||
201 | |||
202 | /** | ||
203 | * Stuff related to the Camellia key schedule | ||
204 | */ | ||
205 | #define SUBL(x) subL[(x)] | ||
206 | #define SUBR(x) subR[(x)] | ||
207 | |||
208 | |||
209 | static const u32 camellia_sp1110[256] = { | ||
210 | 0x70707000,0x82828200,0x2c2c2c00,0xececec00, | ||
211 | 0xb3b3b300,0x27272700,0xc0c0c000,0xe5e5e500, | ||
212 | 0xe4e4e400,0x85858500,0x57575700,0x35353500, | ||
213 | 0xeaeaea00,0x0c0c0c00,0xaeaeae00,0x41414100, | ||
214 | 0x23232300,0xefefef00,0x6b6b6b00,0x93939300, | ||
215 | 0x45454500,0x19191900,0xa5a5a500,0x21212100, | ||
216 | 0xededed00,0x0e0e0e00,0x4f4f4f00,0x4e4e4e00, | ||
217 | 0x1d1d1d00,0x65656500,0x92929200,0xbdbdbd00, | ||
218 | 0x86868600,0xb8b8b800,0xafafaf00,0x8f8f8f00, | ||
219 | 0x7c7c7c00,0xebebeb00,0x1f1f1f00,0xcecece00, | ||
220 | 0x3e3e3e00,0x30303000,0xdcdcdc00,0x5f5f5f00, | ||
221 | 0x5e5e5e00,0xc5c5c500,0x0b0b0b00,0x1a1a1a00, | ||
222 | 0xa6a6a600,0xe1e1e100,0x39393900,0xcacaca00, | ||
223 | 0xd5d5d500,0x47474700,0x5d5d5d00,0x3d3d3d00, | ||
224 | 0xd9d9d900,0x01010100,0x5a5a5a00,0xd6d6d600, | ||
225 | 0x51515100,0x56565600,0x6c6c6c00,0x4d4d4d00, | ||
226 | 0x8b8b8b00,0x0d0d0d00,0x9a9a9a00,0x66666600, | ||
227 | 0xfbfbfb00,0xcccccc00,0xb0b0b000,0x2d2d2d00, | ||
228 | 0x74747400,0x12121200,0x2b2b2b00,0x20202000, | ||
229 | 0xf0f0f000,0xb1b1b100,0x84848400,0x99999900, | ||
230 | 0xdfdfdf00,0x4c4c4c00,0xcbcbcb00,0xc2c2c200, | ||
231 | 0x34343400,0x7e7e7e00,0x76767600,0x05050500, | ||
232 | 0x6d6d6d00,0xb7b7b700,0xa9a9a900,0x31313100, | ||
233 | 0xd1d1d100,0x17171700,0x04040400,0xd7d7d700, | ||
234 | 0x14141400,0x58585800,0x3a3a3a00,0x61616100, | ||
235 | 0xdedede00,0x1b1b1b00,0x11111100,0x1c1c1c00, | ||
236 | 0x32323200,0x0f0f0f00,0x9c9c9c00,0x16161600, | ||
237 | 0x53535300,0x18181800,0xf2f2f200,0x22222200, | ||
238 | 0xfefefe00,0x44444400,0xcfcfcf00,0xb2b2b200, | ||
239 | 0xc3c3c300,0xb5b5b500,0x7a7a7a00,0x91919100, | ||
240 | 0x24242400,0x08080800,0xe8e8e800,0xa8a8a800, | ||
241 | 0x60606000,0xfcfcfc00,0x69696900,0x50505000, | ||
242 | 0xaaaaaa00,0xd0d0d000,0xa0a0a000,0x7d7d7d00, | ||
243 | 0xa1a1a100,0x89898900,0x62626200,0x97979700, | ||
244 | 0x54545400,0x5b5b5b00,0x1e1e1e00,0x95959500, | ||
245 | 0xe0e0e000,0xffffff00,0x64646400,0xd2d2d200, | ||
246 | 0x10101000,0xc4c4c400,0x00000000,0x48484800, | ||
247 | 0xa3a3a300,0xf7f7f700,0x75757500,0xdbdbdb00, | ||
248 | 0x8a8a8a00,0x03030300,0xe6e6e600,0xdadada00, | ||
249 | 0x09090900,0x3f3f3f00,0xdddddd00,0x94949400, | ||
250 | 0x87878700,0x5c5c5c00,0x83838300,0x02020200, | ||
251 | 0xcdcdcd00,0x4a4a4a00,0x90909000,0x33333300, | ||
252 | 0x73737300,0x67676700,0xf6f6f600,0xf3f3f300, | ||
253 | 0x9d9d9d00,0x7f7f7f00,0xbfbfbf00,0xe2e2e200, | ||
254 | 0x52525200,0x9b9b9b00,0xd8d8d800,0x26262600, | ||
255 | 0xc8c8c800,0x37373700,0xc6c6c600,0x3b3b3b00, | ||
256 | 0x81818100,0x96969600,0x6f6f6f00,0x4b4b4b00, | ||
257 | 0x13131300,0xbebebe00,0x63636300,0x2e2e2e00, | ||
258 | 0xe9e9e900,0x79797900,0xa7a7a700,0x8c8c8c00, | ||
259 | 0x9f9f9f00,0x6e6e6e00,0xbcbcbc00,0x8e8e8e00, | ||
260 | 0x29292900,0xf5f5f500,0xf9f9f900,0xb6b6b600, | ||
261 | 0x2f2f2f00,0xfdfdfd00,0xb4b4b400,0x59595900, | ||
262 | 0x78787800,0x98989800,0x06060600,0x6a6a6a00, | ||
263 | 0xe7e7e700,0x46464600,0x71717100,0xbababa00, | ||
264 | 0xd4d4d400,0x25252500,0xababab00,0x42424200, | ||
265 | 0x88888800,0xa2a2a200,0x8d8d8d00,0xfafafa00, | ||
266 | 0x72727200,0x07070700,0xb9b9b900,0x55555500, | ||
267 | 0xf8f8f800,0xeeeeee00,0xacacac00,0x0a0a0a00, | ||
268 | 0x36363600,0x49494900,0x2a2a2a00,0x68686800, | ||
269 | 0x3c3c3c00,0x38383800,0xf1f1f100,0xa4a4a400, | ||
270 | 0x40404000,0x28282800,0xd3d3d300,0x7b7b7b00, | ||
271 | 0xbbbbbb00,0xc9c9c900,0x43434300,0xc1c1c100, | ||
272 | 0x15151500,0xe3e3e300,0xadadad00,0xf4f4f400, | ||
273 | 0x77777700,0xc7c7c700,0x80808000,0x9e9e9e00, | ||
274 | }; | ||
275 | |||
276 | static const u32 camellia_sp0222[256] = { | ||
277 | 0x00e0e0e0,0x00050505,0x00585858,0x00d9d9d9, | ||
278 | 0x00676767,0x004e4e4e,0x00818181,0x00cbcbcb, | ||
279 | 0x00c9c9c9,0x000b0b0b,0x00aeaeae,0x006a6a6a, | ||
280 | 0x00d5d5d5,0x00181818,0x005d5d5d,0x00828282, | ||
281 | 0x00464646,0x00dfdfdf,0x00d6d6d6,0x00272727, | ||
282 | 0x008a8a8a,0x00323232,0x004b4b4b,0x00424242, | ||
283 | 0x00dbdbdb,0x001c1c1c,0x009e9e9e,0x009c9c9c, | ||
284 | 0x003a3a3a,0x00cacaca,0x00252525,0x007b7b7b, | ||
285 | 0x000d0d0d,0x00717171,0x005f5f5f,0x001f1f1f, | ||
286 | 0x00f8f8f8,0x00d7d7d7,0x003e3e3e,0x009d9d9d, | ||
287 | 0x007c7c7c,0x00606060,0x00b9b9b9,0x00bebebe, | ||
288 | 0x00bcbcbc,0x008b8b8b,0x00161616,0x00343434, | ||
289 | 0x004d4d4d,0x00c3c3c3,0x00727272,0x00959595, | ||
290 | 0x00ababab,0x008e8e8e,0x00bababa,0x007a7a7a, | ||
291 | 0x00b3b3b3,0x00020202,0x00b4b4b4,0x00adadad, | ||
292 | 0x00a2a2a2,0x00acacac,0x00d8d8d8,0x009a9a9a, | ||
293 | 0x00171717,0x001a1a1a,0x00353535,0x00cccccc, | ||
294 | 0x00f7f7f7,0x00999999,0x00616161,0x005a5a5a, | ||
295 | 0x00e8e8e8,0x00242424,0x00565656,0x00404040, | ||
296 | 0x00e1e1e1,0x00636363,0x00090909,0x00333333, | ||
297 | 0x00bfbfbf,0x00989898,0x00979797,0x00858585, | ||
298 | 0x00686868,0x00fcfcfc,0x00ececec,0x000a0a0a, | ||
299 | 0x00dadada,0x006f6f6f,0x00535353,0x00626262, | ||
300 | 0x00a3a3a3,0x002e2e2e,0x00080808,0x00afafaf, | ||
301 | 0x00282828,0x00b0b0b0,0x00747474,0x00c2c2c2, | ||
302 | 0x00bdbdbd,0x00363636,0x00222222,0x00383838, | ||
303 | 0x00646464,0x001e1e1e,0x00393939,0x002c2c2c, | ||
304 | 0x00a6a6a6,0x00303030,0x00e5e5e5,0x00444444, | ||
305 | 0x00fdfdfd,0x00888888,0x009f9f9f,0x00656565, | ||
306 | 0x00878787,0x006b6b6b,0x00f4f4f4,0x00232323, | ||
307 | 0x00484848,0x00101010,0x00d1d1d1,0x00515151, | ||
308 | 0x00c0c0c0,0x00f9f9f9,0x00d2d2d2,0x00a0a0a0, | ||
309 | 0x00555555,0x00a1a1a1,0x00414141,0x00fafafa, | ||
310 | 0x00434343,0x00131313,0x00c4c4c4,0x002f2f2f, | ||
311 | 0x00a8a8a8,0x00b6b6b6,0x003c3c3c,0x002b2b2b, | ||
312 | 0x00c1c1c1,0x00ffffff,0x00c8c8c8,0x00a5a5a5, | ||
313 | 0x00202020,0x00898989,0x00000000,0x00909090, | ||
314 | 0x00474747,0x00efefef,0x00eaeaea,0x00b7b7b7, | ||
315 | 0x00151515,0x00060606,0x00cdcdcd,0x00b5b5b5, | ||
316 | 0x00121212,0x007e7e7e,0x00bbbbbb,0x00292929, | ||
317 | 0x000f0f0f,0x00b8b8b8,0x00070707,0x00040404, | ||
318 | 0x009b9b9b,0x00949494,0x00212121,0x00666666, | ||
319 | 0x00e6e6e6,0x00cecece,0x00ededed,0x00e7e7e7, | ||
320 | 0x003b3b3b,0x00fefefe,0x007f7f7f,0x00c5c5c5, | ||
321 | 0x00a4a4a4,0x00373737,0x00b1b1b1,0x004c4c4c, | ||
322 | 0x00919191,0x006e6e6e,0x008d8d8d,0x00767676, | ||
323 | 0x00030303,0x002d2d2d,0x00dedede,0x00969696, | ||
324 | 0x00262626,0x007d7d7d,0x00c6c6c6,0x005c5c5c, | ||
325 | 0x00d3d3d3,0x00f2f2f2,0x004f4f4f,0x00191919, | ||
326 | 0x003f3f3f,0x00dcdcdc,0x00797979,0x001d1d1d, | ||
327 | 0x00525252,0x00ebebeb,0x00f3f3f3,0x006d6d6d, | ||
328 | 0x005e5e5e,0x00fbfbfb,0x00696969,0x00b2b2b2, | ||
329 | 0x00f0f0f0,0x00313131,0x000c0c0c,0x00d4d4d4, | ||
330 | 0x00cfcfcf,0x008c8c8c,0x00e2e2e2,0x00757575, | ||
331 | 0x00a9a9a9,0x004a4a4a,0x00575757,0x00848484, | ||
332 | 0x00111111,0x00454545,0x001b1b1b,0x00f5f5f5, | ||
333 | 0x00e4e4e4,0x000e0e0e,0x00737373,0x00aaaaaa, | ||
334 | 0x00f1f1f1,0x00dddddd,0x00595959,0x00141414, | ||
335 | 0x006c6c6c,0x00929292,0x00545454,0x00d0d0d0, | ||
336 | 0x00787878,0x00707070,0x00e3e3e3,0x00494949, | ||
337 | 0x00808080,0x00505050,0x00a7a7a7,0x00f6f6f6, | ||
338 | 0x00777777,0x00939393,0x00868686,0x00838383, | ||
339 | 0x002a2a2a,0x00c7c7c7,0x005b5b5b,0x00e9e9e9, | ||
340 | 0x00eeeeee,0x008f8f8f,0x00010101,0x003d3d3d, | ||
341 | }; | ||
342 | |||
343 | static const u32 camellia_sp3033[256] = { | ||
344 | 0x38003838,0x41004141,0x16001616,0x76007676, | ||
345 | 0xd900d9d9,0x93009393,0x60006060,0xf200f2f2, | ||
346 | 0x72007272,0xc200c2c2,0xab00abab,0x9a009a9a, | ||
347 | 0x75007575,0x06000606,0x57005757,0xa000a0a0, | ||
348 | 0x91009191,0xf700f7f7,0xb500b5b5,0xc900c9c9, | ||
349 | 0xa200a2a2,0x8c008c8c,0xd200d2d2,0x90009090, | ||
350 | 0xf600f6f6,0x07000707,0xa700a7a7,0x27002727, | ||
351 | 0x8e008e8e,0xb200b2b2,0x49004949,0xde00dede, | ||
352 | 0x43004343,0x5c005c5c,0xd700d7d7,0xc700c7c7, | ||
353 | 0x3e003e3e,0xf500f5f5,0x8f008f8f,0x67006767, | ||
354 | 0x1f001f1f,0x18001818,0x6e006e6e,0xaf00afaf, | ||
355 | 0x2f002f2f,0xe200e2e2,0x85008585,0x0d000d0d, | ||
356 | 0x53005353,0xf000f0f0,0x9c009c9c,0x65006565, | ||
357 | 0xea00eaea,0xa300a3a3,0xae00aeae,0x9e009e9e, | ||
358 | 0xec00ecec,0x80008080,0x2d002d2d,0x6b006b6b, | ||
359 | 0xa800a8a8,0x2b002b2b,0x36003636,0xa600a6a6, | ||
360 | 0xc500c5c5,0x86008686,0x4d004d4d,0x33003333, | ||
361 | 0xfd00fdfd,0x66006666,0x58005858,0x96009696, | ||
362 | 0x3a003a3a,0x09000909,0x95009595,0x10001010, | ||
363 | 0x78007878,0xd800d8d8,0x42004242,0xcc00cccc, | ||
364 | 0xef00efef,0x26002626,0xe500e5e5,0x61006161, | ||
365 | 0x1a001a1a,0x3f003f3f,0x3b003b3b,0x82008282, | ||
366 | 0xb600b6b6,0xdb00dbdb,0xd400d4d4,0x98009898, | ||
367 | 0xe800e8e8,0x8b008b8b,0x02000202,0xeb00ebeb, | ||
368 | 0x0a000a0a,0x2c002c2c,0x1d001d1d,0xb000b0b0, | ||
369 | 0x6f006f6f,0x8d008d8d,0x88008888,0x0e000e0e, | ||
370 | 0x19001919,0x87008787,0x4e004e4e,0x0b000b0b, | ||
371 | 0xa900a9a9,0x0c000c0c,0x79007979,0x11001111, | ||
372 | 0x7f007f7f,0x22002222,0xe700e7e7,0x59005959, | ||
373 | 0xe100e1e1,0xda00dada,0x3d003d3d,0xc800c8c8, | ||
374 | 0x12001212,0x04000404,0x74007474,0x54005454, | ||
375 | 0x30003030,0x7e007e7e,0xb400b4b4,0x28002828, | ||
376 | 0x55005555,0x68006868,0x50005050,0xbe00bebe, | ||
377 | 0xd000d0d0,0xc400c4c4,0x31003131,0xcb00cbcb, | ||
378 | 0x2a002a2a,0xad00adad,0x0f000f0f,0xca00caca, | ||
379 | 0x70007070,0xff00ffff,0x32003232,0x69006969, | ||
380 | 0x08000808,0x62006262,0x00000000,0x24002424, | ||
381 | 0xd100d1d1,0xfb00fbfb,0xba00baba,0xed00eded, | ||
382 | 0x45004545,0x81008181,0x73007373,0x6d006d6d, | ||
383 | 0x84008484,0x9f009f9f,0xee00eeee,0x4a004a4a, | ||
384 | 0xc300c3c3,0x2e002e2e,0xc100c1c1,0x01000101, | ||
385 | 0xe600e6e6,0x25002525,0x48004848,0x99009999, | ||
386 | 0xb900b9b9,0xb300b3b3,0x7b007b7b,0xf900f9f9, | ||
387 | 0xce00cece,0xbf00bfbf,0xdf00dfdf,0x71007171, | ||
388 | 0x29002929,0xcd00cdcd,0x6c006c6c,0x13001313, | ||
389 | 0x64006464,0x9b009b9b,0x63006363,0x9d009d9d, | ||
390 | 0xc000c0c0,0x4b004b4b,0xb700b7b7,0xa500a5a5, | ||
391 | 0x89008989,0x5f005f5f,0xb100b1b1,0x17001717, | ||
392 | 0xf400f4f4,0xbc00bcbc,0xd300d3d3,0x46004646, | ||
393 | 0xcf00cfcf,0x37003737,0x5e005e5e,0x47004747, | ||
394 | 0x94009494,0xfa00fafa,0xfc00fcfc,0x5b005b5b, | ||
395 | 0x97009797,0xfe00fefe,0x5a005a5a,0xac00acac, | ||
396 | 0x3c003c3c,0x4c004c4c,0x03000303,0x35003535, | ||
397 | 0xf300f3f3,0x23002323,0xb800b8b8,0x5d005d5d, | ||
398 | 0x6a006a6a,0x92009292,0xd500d5d5,0x21002121, | ||
399 | 0x44004444,0x51005151,0xc600c6c6,0x7d007d7d, | ||
400 | 0x39003939,0x83008383,0xdc00dcdc,0xaa00aaaa, | ||
401 | 0x7c007c7c,0x77007777,0x56005656,0x05000505, | ||
402 | 0x1b001b1b,0xa400a4a4,0x15001515,0x34003434, | ||
403 | 0x1e001e1e,0x1c001c1c,0xf800f8f8,0x52005252, | ||
404 | 0x20002020,0x14001414,0xe900e9e9,0xbd00bdbd, | ||
405 | 0xdd00dddd,0xe400e4e4,0xa100a1a1,0xe000e0e0, | ||
406 | 0x8a008a8a,0xf100f1f1,0xd600d6d6,0x7a007a7a, | ||
407 | 0xbb00bbbb,0xe300e3e3,0x40004040,0x4f004f4f, | ||
408 | }; | ||
409 | |||
410 | static const u32 camellia_sp4404[256] = { | ||
411 | 0x70700070,0x2c2c002c,0xb3b300b3,0xc0c000c0, | ||
412 | 0xe4e400e4,0x57570057,0xeaea00ea,0xaeae00ae, | ||
413 | 0x23230023,0x6b6b006b,0x45450045,0xa5a500a5, | ||
414 | 0xeded00ed,0x4f4f004f,0x1d1d001d,0x92920092, | ||
415 | 0x86860086,0xafaf00af,0x7c7c007c,0x1f1f001f, | ||
416 | 0x3e3e003e,0xdcdc00dc,0x5e5e005e,0x0b0b000b, | ||
417 | 0xa6a600a6,0x39390039,0xd5d500d5,0x5d5d005d, | ||
418 | 0xd9d900d9,0x5a5a005a,0x51510051,0x6c6c006c, | ||
419 | 0x8b8b008b,0x9a9a009a,0xfbfb00fb,0xb0b000b0, | ||
420 | 0x74740074,0x2b2b002b,0xf0f000f0,0x84840084, | ||
421 | 0xdfdf00df,0xcbcb00cb,0x34340034,0x76760076, | ||
422 | 0x6d6d006d,0xa9a900a9,0xd1d100d1,0x04040004, | ||
423 | 0x14140014,0x3a3a003a,0xdede00de,0x11110011, | ||
424 | 0x32320032,0x9c9c009c,0x53530053,0xf2f200f2, | ||
425 | 0xfefe00fe,0xcfcf00cf,0xc3c300c3,0x7a7a007a, | ||
426 | 0x24240024,0xe8e800e8,0x60600060,0x69690069, | ||
427 | 0xaaaa00aa,0xa0a000a0,0xa1a100a1,0x62620062, | ||
428 | 0x54540054,0x1e1e001e,0xe0e000e0,0x64640064, | ||
429 | 0x10100010,0x00000000,0xa3a300a3,0x75750075, | ||
430 | 0x8a8a008a,0xe6e600e6,0x09090009,0xdddd00dd, | ||
431 | 0x87870087,0x83830083,0xcdcd00cd,0x90900090, | ||
432 | 0x73730073,0xf6f600f6,0x9d9d009d,0xbfbf00bf, | ||
433 | 0x52520052,0xd8d800d8,0xc8c800c8,0xc6c600c6, | ||
434 | 0x81810081,0x6f6f006f,0x13130013,0x63630063, | ||
435 | 0xe9e900e9,0xa7a700a7,0x9f9f009f,0xbcbc00bc, | ||
436 | 0x29290029,0xf9f900f9,0x2f2f002f,0xb4b400b4, | ||
437 | 0x78780078,0x06060006,0xe7e700e7,0x71710071, | ||
438 | 0xd4d400d4,0xabab00ab,0x88880088,0x8d8d008d, | ||
439 | 0x72720072,0xb9b900b9,0xf8f800f8,0xacac00ac, | ||
440 | 0x36360036,0x2a2a002a,0x3c3c003c,0xf1f100f1, | ||
441 | 0x40400040,0xd3d300d3,0xbbbb00bb,0x43430043, | ||
442 | 0x15150015,0xadad00ad,0x77770077,0x80800080, | ||
443 | 0x82820082,0xecec00ec,0x27270027,0xe5e500e5, | ||
444 | 0x85850085,0x35350035,0x0c0c000c,0x41410041, | ||
445 | 0xefef00ef,0x93930093,0x19190019,0x21210021, | ||
446 | 0x0e0e000e,0x4e4e004e,0x65650065,0xbdbd00bd, | ||
447 | 0xb8b800b8,0x8f8f008f,0xebeb00eb,0xcece00ce, | ||
448 | 0x30300030,0x5f5f005f,0xc5c500c5,0x1a1a001a, | ||
449 | 0xe1e100e1,0xcaca00ca,0x47470047,0x3d3d003d, | ||
450 | 0x01010001,0xd6d600d6,0x56560056,0x4d4d004d, | ||
451 | 0x0d0d000d,0x66660066,0xcccc00cc,0x2d2d002d, | ||
452 | 0x12120012,0x20200020,0xb1b100b1,0x99990099, | ||
453 | 0x4c4c004c,0xc2c200c2,0x7e7e007e,0x05050005, | ||
454 | 0xb7b700b7,0x31310031,0x17170017,0xd7d700d7, | ||
455 | 0x58580058,0x61610061,0x1b1b001b,0x1c1c001c, | ||
456 | 0x0f0f000f,0x16160016,0x18180018,0x22220022, | ||
457 | 0x44440044,0xb2b200b2,0xb5b500b5,0x91910091, | ||
458 | 0x08080008,0xa8a800a8,0xfcfc00fc,0x50500050, | ||
459 | 0xd0d000d0,0x7d7d007d,0x89890089,0x97970097, | ||
460 | 0x5b5b005b,0x95950095,0xffff00ff,0xd2d200d2, | ||
461 | 0xc4c400c4,0x48480048,0xf7f700f7,0xdbdb00db, | ||
462 | 0x03030003,0xdada00da,0x3f3f003f,0x94940094, | ||
463 | 0x5c5c005c,0x02020002,0x4a4a004a,0x33330033, | ||
464 | 0x67670067,0xf3f300f3,0x7f7f007f,0xe2e200e2, | ||
465 | 0x9b9b009b,0x26260026,0x37370037,0x3b3b003b, | ||
466 | 0x96960096,0x4b4b004b,0xbebe00be,0x2e2e002e, | ||
467 | 0x79790079,0x8c8c008c,0x6e6e006e,0x8e8e008e, | ||
468 | 0xf5f500f5,0xb6b600b6,0xfdfd00fd,0x59590059, | ||
469 | 0x98980098,0x6a6a006a,0x46460046,0xbaba00ba, | ||
470 | 0x25250025,0x42420042,0xa2a200a2,0xfafa00fa, | ||
471 | 0x07070007,0x55550055,0xeeee00ee,0x0a0a000a, | ||
472 | 0x49490049,0x68680068,0x38380038,0xa4a400a4, | ||
473 | 0x28280028,0x7b7b007b,0xc9c900c9,0xc1c100c1, | ||
474 | 0xe3e300e3,0xf4f400f4,0xc7c700c7,0x9e9e009e, | ||
475 | }; | ||
476 | |||
477 | |||
478 | |||
479 | static void camellia_setup128(const unsigned char *key, u32 *subkey) | ||
480 | { | ||
481 | u32 kll, klr, krl, krr; | ||
482 | u32 il, ir, t0, t1, w0, w1; | ||
483 | u32 kw4l, kw4r, dw, tl, tr; | ||
484 | u32 subL[26]; | ||
485 | u32 subR[26]; | ||
486 | |||
487 | /** | ||
488 | * k == kll || klr || krl || krr (|| is concatination) | ||
489 | */ | ||
490 | kll = GETU32(key ); | ||
491 | klr = GETU32(key + 4); | ||
492 | krl = GETU32(key + 8); | ||
493 | krr = GETU32(key + 12); | ||
494 | /** | ||
495 | * generate KL dependent subkeys | ||
496 | */ | ||
497 | /* kw1 */ | ||
498 | SUBL(0) = kll; SUBR(0) = klr; | ||
499 | /* kw2 */ | ||
500 | SUBL(1) = krl; SUBR(1) = krr; | ||
501 | /* rotation left shift 15bit */ | ||
502 | CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15); | ||
503 | /* k3 */ | ||
504 | SUBL(4) = kll; SUBR(4) = klr; | ||
505 | /* k4 */ | ||
506 | SUBL(5) = krl; SUBR(5) = krr; | ||
507 | /* rotation left shift 15+30bit */ | ||
508 | CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 30); | ||
509 | /* k7 */ | ||
510 | SUBL(10) = kll; SUBR(10) = klr; | ||
511 | /* k8 */ | ||
512 | SUBL(11) = krl; SUBR(11) = krr; | ||
513 | /* rotation left shift 15+30+15bit */ | ||
514 | CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15); | ||
515 | /* k10 */ | ||
516 | SUBL(13) = krl; SUBR(13) = krr; | ||
517 | /* rotation left shift 15+30+15+17 bit */ | ||
518 | CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17); | ||
519 | /* kl3 */ | ||
520 | SUBL(16) = kll; SUBR(16) = klr; | ||
521 | /* kl4 */ | ||
522 | SUBL(17) = krl; SUBR(17) = krr; | ||
523 | /* rotation left shift 15+30+15+17+17 bit */ | ||
524 | CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17); | ||
525 | /* k13 */ | ||
526 | SUBL(18) = kll; SUBR(18) = klr; | ||
527 | /* k14 */ | ||
528 | SUBL(19) = krl; SUBR(19) = krr; | ||
529 | /* rotation left shift 15+30+15+17+17+17 bit */ | ||
530 | CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17); | ||
531 | /* k17 */ | ||
532 | SUBL(22) = kll; SUBR(22) = klr; | ||
533 | /* k18 */ | ||
534 | SUBL(23) = krl; SUBR(23) = krr; | ||
535 | |||
536 | /* generate KA */ | ||
537 | kll = SUBL(0); klr = SUBR(0); | ||
538 | krl = SUBL(1); krr = SUBR(1); | ||
539 | CAMELLIA_F(kll, klr, | ||
540 | CAMELLIA_SIGMA1L, CAMELLIA_SIGMA1R, | ||
541 | w0, w1, il, ir, t0, t1); | ||
542 | krl ^= w0; krr ^= w1; | ||
543 | CAMELLIA_F(krl, krr, | ||
544 | CAMELLIA_SIGMA2L, CAMELLIA_SIGMA2R, | ||
545 | kll, klr, il, ir, t0, t1); | ||
546 | /* current status == (kll, klr, w0, w1) */ | ||
547 | CAMELLIA_F(kll, klr, | ||
548 | CAMELLIA_SIGMA3L, CAMELLIA_SIGMA3R, | ||
549 | krl, krr, il, ir, t0, t1); | ||
550 | krl ^= w0; krr ^= w1; | ||
551 | CAMELLIA_F(krl, krr, | ||
552 | CAMELLIA_SIGMA4L, CAMELLIA_SIGMA4R, | ||
553 | w0, w1, il, ir, t0, t1); | ||
554 | kll ^= w0; klr ^= w1; | ||
555 | |||
556 | /* generate KA dependent subkeys */ | ||
557 | /* k1, k2 */ | ||
558 | SUBL(2) = kll; SUBR(2) = klr; | ||
559 | SUBL(3) = krl; SUBR(3) = krr; | ||
560 | CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15); | ||
561 | /* k5,k6 */ | ||
562 | SUBL(6) = kll; SUBR(6) = klr; | ||
563 | SUBL(7) = krl; SUBR(7) = krr; | ||
564 | CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15); | ||
565 | /* kl1, kl2 */ | ||
566 | SUBL(8) = kll; SUBR(8) = klr; | ||
567 | SUBL(9) = krl; SUBR(9) = krr; | ||
568 | CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15); | ||
569 | /* k9 */ | ||
570 | SUBL(12) = kll; SUBR(12) = klr; | ||
571 | CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15); | ||
572 | /* k11, k12 */ | ||
573 | SUBL(14) = kll; SUBR(14) = klr; | ||
574 | SUBL(15) = krl; SUBR(15) = krr; | ||
575 | CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 34); | ||
576 | /* k15, k16 */ | ||
577 | SUBL(20) = kll; SUBR(20) = klr; | ||
578 | SUBL(21) = krl; SUBR(21) = krr; | ||
579 | CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17); | ||
580 | /* kw3, kw4 */ | ||
581 | SUBL(24) = kll; SUBR(24) = klr; | ||
582 | SUBL(25) = krl; SUBR(25) = krr; | ||
583 | |||
584 | |||
585 | /* absorb kw2 to other subkeys */ | ||
586 | /* round 2 */ | ||
587 | SUBL(3) ^= SUBL(1); SUBR(3) ^= SUBR(1); | ||
588 | /* round 4 */ | ||
589 | SUBL(5) ^= SUBL(1); SUBR(5) ^= SUBR(1); | ||
590 | /* round 6 */ | ||
591 | SUBL(7) ^= SUBL(1); SUBR(7) ^= SUBR(1); | ||
592 | SUBL(1) ^= SUBR(1) & ~SUBR(9); | ||
593 | dw = SUBL(1) & SUBL(9), | ||
594 | SUBR(1) ^= CAMELLIA_RL1(dw); /* modified for FLinv(kl2) */ | ||
595 | /* round 8 */ | ||
596 | SUBL(11) ^= SUBL(1); SUBR(11) ^= SUBR(1); | ||
597 | /* round 10 */ | ||
598 | SUBL(13) ^= SUBL(1); SUBR(13) ^= SUBR(1); | ||
599 | /* round 12 */ | ||
600 | SUBL(15) ^= SUBL(1); SUBR(15) ^= SUBR(1); | ||
601 | SUBL(1) ^= SUBR(1) & ~SUBR(17); | ||
602 | dw = SUBL(1) & SUBL(17), | ||
603 | SUBR(1) ^= CAMELLIA_RL1(dw); /* modified for FLinv(kl4) */ | ||
604 | /* round 14 */ | ||
605 | SUBL(19) ^= SUBL(1); SUBR(19) ^= SUBR(1); | ||
606 | /* round 16 */ | ||
607 | SUBL(21) ^= SUBL(1); SUBR(21) ^= SUBR(1); | ||
608 | /* round 18 */ | ||
609 | SUBL(23) ^= SUBL(1); SUBR(23) ^= SUBR(1); | ||
610 | /* kw3 */ | ||
611 | SUBL(24) ^= SUBL(1); SUBR(24) ^= SUBR(1); | ||
612 | |||
613 | /* absorb kw4 to other subkeys */ | ||
614 | kw4l = SUBL(25); kw4r = SUBR(25); | ||
615 | /* round 17 */ | ||
616 | SUBL(22) ^= kw4l; SUBR(22) ^= kw4r; | ||
617 | /* round 15 */ | ||
618 | SUBL(20) ^= kw4l; SUBR(20) ^= kw4r; | ||
619 | /* round 13 */ | ||
620 | SUBL(18) ^= kw4l; SUBR(18) ^= kw4r; | ||
621 | kw4l ^= kw4r & ~SUBR(16); | ||
622 | dw = kw4l & SUBL(16), | ||
623 | kw4r ^= CAMELLIA_RL1(dw); /* modified for FL(kl3) */ | ||
624 | /* round 11 */ | ||
625 | SUBL(14) ^= kw4l; SUBR(14) ^= kw4r; | ||
626 | /* round 9 */ | ||
627 | SUBL(12) ^= kw4l; SUBR(12) ^= kw4r; | ||
628 | /* round 7 */ | ||
629 | SUBL(10) ^= kw4l; SUBR(10) ^= kw4r; | ||
630 | kw4l ^= kw4r & ~SUBR(8); | ||
631 | dw = kw4l & SUBL(8), | ||
632 | kw4r ^= CAMELLIA_RL1(dw); /* modified for FL(kl1) */ | ||
633 | /* round 5 */ | ||
634 | SUBL(6) ^= kw4l; SUBR(6) ^= kw4r; | ||
635 | /* round 3 */ | ||
636 | SUBL(4) ^= kw4l; SUBR(4) ^= kw4r; | ||
637 | /* round 1 */ | ||
638 | SUBL(2) ^= kw4l; SUBR(2) ^= kw4r; | ||
639 | /* kw1 */ | ||
640 | SUBL(0) ^= kw4l; SUBR(0) ^= kw4r; | ||
641 | |||
642 | |||
643 | /* key XOR is end of F-function */ | ||
644 | CAMELLIA_SUBKEY_L(0) = SUBL(0) ^ SUBL(2);/* kw1 */ | ||
645 | CAMELLIA_SUBKEY_R(0) = SUBR(0) ^ SUBR(2); | ||
646 | CAMELLIA_SUBKEY_L(2) = SUBL(3); /* round 1 */ | ||
647 | CAMELLIA_SUBKEY_R(2) = SUBR(3); | ||
648 | CAMELLIA_SUBKEY_L(3) = SUBL(2) ^ SUBL(4); /* round 2 */ | ||
649 | CAMELLIA_SUBKEY_R(3) = SUBR(2) ^ SUBR(4); | ||
650 | CAMELLIA_SUBKEY_L(4) = SUBL(3) ^ SUBL(5); /* round 3 */ | ||
651 | CAMELLIA_SUBKEY_R(4) = SUBR(3) ^ SUBR(5); | ||
652 | CAMELLIA_SUBKEY_L(5) = SUBL(4) ^ SUBL(6); /* round 4 */ | ||
653 | CAMELLIA_SUBKEY_R(5) = SUBR(4) ^ SUBR(6); | ||
654 | CAMELLIA_SUBKEY_L(6) = SUBL(5) ^ SUBL(7); /* round 5 */ | ||
655 | CAMELLIA_SUBKEY_R(6) = SUBR(5) ^ SUBR(7); | ||
656 | tl = SUBL(10) ^ (SUBR(10) & ~SUBR(8)); | ||
657 | dw = tl & SUBL(8), /* FL(kl1) */ | ||
658 | tr = SUBR(10) ^ CAMELLIA_RL1(dw); | ||
659 | CAMELLIA_SUBKEY_L(7) = SUBL(6) ^ tl; /* round 6 */ | ||
660 | CAMELLIA_SUBKEY_R(7) = SUBR(6) ^ tr; | ||
661 | CAMELLIA_SUBKEY_L(8) = SUBL(8); /* FL(kl1) */ | ||
662 | CAMELLIA_SUBKEY_R(8) = SUBR(8); | ||
663 | CAMELLIA_SUBKEY_L(9) = SUBL(9); /* FLinv(kl2) */ | ||
664 | CAMELLIA_SUBKEY_R(9) = SUBR(9); | ||
665 | tl = SUBL(7) ^ (SUBR(7) & ~SUBR(9)); | ||
666 | dw = tl & SUBL(9), /* FLinv(kl2) */ | ||
667 | tr = SUBR(7) ^ CAMELLIA_RL1(dw); | ||
668 | CAMELLIA_SUBKEY_L(10) = tl ^ SUBL(11); /* round 7 */ | ||
669 | CAMELLIA_SUBKEY_R(10) = tr ^ SUBR(11); | ||
670 | CAMELLIA_SUBKEY_L(11) = SUBL(10) ^ SUBL(12); /* round 8 */ | ||
671 | CAMELLIA_SUBKEY_R(11) = SUBR(10) ^ SUBR(12); | ||
672 | CAMELLIA_SUBKEY_L(12) = SUBL(11) ^ SUBL(13); /* round 9 */ | ||
673 | CAMELLIA_SUBKEY_R(12) = SUBR(11) ^ SUBR(13); | ||
674 | CAMELLIA_SUBKEY_L(13) = SUBL(12) ^ SUBL(14); /* round 10 */ | ||
675 | CAMELLIA_SUBKEY_R(13) = SUBR(12) ^ SUBR(14); | ||
676 | CAMELLIA_SUBKEY_L(14) = SUBL(13) ^ SUBL(15); /* round 11 */ | ||
677 | CAMELLIA_SUBKEY_R(14) = SUBR(13) ^ SUBR(15); | ||
678 | tl = SUBL(18) ^ (SUBR(18) & ~SUBR(16)); | ||
679 | dw = tl & SUBL(16), /* FL(kl3) */ | ||
680 | tr = SUBR(18) ^ CAMELLIA_RL1(dw); | ||
681 | CAMELLIA_SUBKEY_L(15) = SUBL(14) ^ tl; /* round 12 */ | ||
682 | CAMELLIA_SUBKEY_R(15) = SUBR(14) ^ tr; | ||
683 | CAMELLIA_SUBKEY_L(16) = SUBL(16); /* FL(kl3) */ | ||
684 | CAMELLIA_SUBKEY_R(16) = SUBR(16); | ||
685 | CAMELLIA_SUBKEY_L(17) = SUBL(17); /* FLinv(kl4) */ | ||
686 | CAMELLIA_SUBKEY_R(17) = SUBR(17); | ||
687 | tl = SUBL(15) ^ (SUBR(15) & ~SUBR(17)); | ||
688 | dw = tl & SUBL(17), /* FLinv(kl4) */ | ||
689 | tr = SUBR(15) ^ CAMELLIA_RL1(dw); | ||
690 | CAMELLIA_SUBKEY_L(18) = tl ^ SUBL(19); /* round 13 */ | ||
691 | CAMELLIA_SUBKEY_R(18) = tr ^ SUBR(19); | ||
692 | CAMELLIA_SUBKEY_L(19) = SUBL(18) ^ SUBL(20); /* round 14 */ | ||
693 | CAMELLIA_SUBKEY_R(19) = SUBR(18) ^ SUBR(20); | ||
694 | CAMELLIA_SUBKEY_L(20) = SUBL(19) ^ SUBL(21); /* round 15 */ | ||
695 | CAMELLIA_SUBKEY_R(20) = SUBR(19) ^ SUBR(21); | ||
696 | CAMELLIA_SUBKEY_L(21) = SUBL(20) ^ SUBL(22); /* round 16 */ | ||
697 | CAMELLIA_SUBKEY_R(21) = SUBR(20) ^ SUBR(22); | ||
698 | CAMELLIA_SUBKEY_L(22) = SUBL(21) ^ SUBL(23); /* round 17 */ | ||
699 | CAMELLIA_SUBKEY_R(22) = SUBR(21) ^ SUBR(23); | ||
700 | CAMELLIA_SUBKEY_L(23) = SUBL(22); /* round 18 */ | ||
701 | CAMELLIA_SUBKEY_R(23) = SUBR(22); | ||
702 | CAMELLIA_SUBKEY_L(24) = SUBL(24) ^ SUBL(23); /* kw3 */ | ||
703 | CAMELLIA_SUBKEY_R(24) = SUBR(24) ^ SUBR(23); | ||
704 | |||
705 | /* apply the inverse of the last half of P-function */ | ||
706 | dw = CAMELLIA_SUBKEY_L(2) ^ CAMELLIA_SUBKEY_R(2), | ||
707 | dw = CAMELLIA_RL8(dw);/* round 1 */ | ||
708 | CAMELLIA_SUBKEY_R(2) = CAMELLIA_SUBKEY_L(2) ^ dw, | ||
709 | CAMELLIA_SUBKEY_L(2) = dw; | ||
710 | dw = CAMELLIA_SUBKEY_L(3) ^ CAMELLIA_SUBKEY_R(3), | ||
711 | dw = CAMELLIA_RL8(dw);/* round 2 */ | ||
712 | CAMELLIA_SUBKEY_R(3) = CAMELLIA_SUBKEY_L(3) ^ dw, | ||
713 | CAMELLIA_SUBKEY_L(3) = dw; | ||
714 | dw = CAMELLIA_SUBKEY_L(4) ^ CAMELLIA_SUBKEY_R(4), | ||
715 | dw = CAMELLIA_RL8(dw);/* round 3 */ | ||
716 | CAMELLIA_SUBKEY_R(4) = CAMELLIA_SUBKEY_L(4) ^ dw, | ||
717 | CAMELLIA_SUBKEY_L(4) = dw; | ||
718 | dw = CAMELLIA_SUBKEY_L(5) ^ CAMELLIA_SUBKEY_R(5), | ||
719 | dw = CAMELLIA_RL8(dw);/* round 4 */ | ||
720 | CAMELLIA_SUBKEY_R(5) = CAMELLIA_SUBKEY_L(5) ^ dw, | ||
721 | CAMELLIA_SUBKEY_L(5) = dw; | ||
722 | dw = CAMELLIA_SUBKEY_L(6) ^ CAMELLIA_SUBKEY_R(6), | ||
723 | dw = CAMELLIA_RL8(dw);/* round 5 */ | ||
724 | CAMELLIA_SUBKEY_R(6) = CAMELLIA_SUBKEY_L(6) ^ dw, | ||
725 | CAMELLIA_SUBKEY_L(6) = dw; | ||
726 | dw = CAMELLIA_SUBKEY_L(7) ^ CAMELLIA_SUBKEY_R(7), | ||
727 | dw = CAMELLIA_RL8(dw);/* round 6 */ | ||
728 | CAMELLIA_SUBKEY_R(7) = CAMELLIA_SUBKEY_L(7) ^ dw, | ||
729 | CAMELLIA_SUBKEY_L(7) = dw; | ||
730 | dw = CAMELLIA_SUBKEY_L(10) ^ CAMELLIA_SUBKEY_R(10), | ||
731 | dw = CAMELLIA_RL8(dw);/* round 7 */ | ||
732 | CAMELLIA_SUBKEY_R(10) = CAMELLIA_SUBKEY_L(10) ^ dw, | ||
733 | CAMELLIA_SUBKEY_L(10) = dw; | ||
734 | dw = CAMELLIA_SUBKEY_L(11) ^ CAMELLIA_SUBKEY_R(11), | ||
735 | dw = CAMELLIA_RL8(dw);/* round 8 */ | ||
736 | CAMELLIA_SUBKEY_R(11) = CAMELLIA_SUBKEY_L(11) ^ dw, | ||
737 | CAMELLIA_SUBKEY_L(11) = dw; | ||
738 | dw = CAMELLIA_SUBKEY_L(12) ^ CAMELLIA_SUBKEY_R(12), | ||
739 | dw = CAMELLIA_RL8(dw);/* round 9 */ | ||
740 | CAMELLIA_SUBKEY_R(12) = CAMELLIA_SUBKEY_L(12) ^ dw, | ||
741 | CAMELLIA_SUBKEY_L(12) = dw; | ||
742 | dw = CAMELLIA_SUBKEY_L(13) ^ CAMELLIA_SUBKEY_R(13), | ||
743 | dw = CAMELLIA_RL8(dw);/* round 10 */ | ||
744 | CAMELLIA_SUBKEY_R(13) = CAMELLIA_SUBKEY_L(13) ^ dw, | ||
745 | CAMELLIA_SUBKEY_L(13) = dw; | ||
746 | dw = CAMELLIA_SUBKEY_L(14) ^ CAMELLIA_SUBKEY_R(14), | ||
747 | dw = CAMELLIA_RL8(dw);/* round 11 */ | ||
748 | CAMELLIA_SUBKEY_R(14) = CAMELLIA_SUBKEY_L(14) ^ dw, | ||
749 | CAMELLIA_SUBKEY_L(14) = dw; | ||
750 | dw = CAMELLIA_SUBKEY_L(15) ^ CAMELLIA_SUBKEY_R(15), | ||
751 | dw = CAMELLIA_RL8(dw);/* round 12 */ | ||
752 | CAMELLIA_SUBKEY_R(15) = CAMELLIA_SUBKEY_L(15) ^ dw, | ||
753 | CAMELLIA_SUBKEY_L(15) = dw; | ||
754 | dw = CAMELLIA_SUBKEY_L(18) ^ CAMELLIA_SUBKEY_R(18), | ||
755 | dw = CAMELLIA_RL8(dw);/* round 13 */ | ||
756 | CAMELLIA_SUBKEY_R(18) = CAMELLIA_SUBKEY_L(18) ^ dw, | ||
757 | CAMELLIA_SUBKEY_L(18) = dw; | ||
758 | dw = CAMELLIA_SUBKEY_L(19) ^ CAMELLIA_SUBKEY_R(19), | ||
759 | dw = CAMELLIA_RL8(dw);/* round 14 */ | ||
760 | CAMELLIA_SUBKEY_R(19) = CAMELLIA_SUBKEY_L(19) ^ dw, | ||
761 | CAMELLIA_SUBKEY_L(19) = dw; | ||
762 | dw = CAMELLIA_SUBKEY_L(20) ^ CAMELLIA_SUBKEY_R(20), | ||
763 | dw = CAMELLIA_RL8(dw);/* round 15 */ | ||
764 | CAMELLIA_SUBKEY_R(20) = CAMELLIA_SUBKEY_L(20) ^ dw, | ||
765 | CAMELLIA_SUBKEY_L(20) = dw; | ||
766 | dw = CAMELLIA_SUBKEY_L(21) ^ CAMELLIA_SUBKEY_R(21), | ||
767 | dw = CAMELLIA_RL8(dw);/* round 16 */ | ||
768 | CAMELLIA_SUBKEY_R(21) = CAMELLIA_SUBKEY_L(21) ^ dw, | ||
769 | CAMELLIA_SUBKEY_L(21) = dw; | ||
770 | dw = CAMELLIA_SUBKEY_L(22) ^ CAMELLIA_SUBKEY_R(22), | ||
771 | dw = CAMELLIA_RL8(dw);/* round 17 */ | ||
772 | CAMELLIA_SUBKEY_R(22) = CAMELLIA_SUBKEY_L(22) ^ dw, | ||
773 | CAMELLIA_SUBKEY_L(22) = dw; | ||
774 | dw = CAMELLIA_SUBKEY_L(23) ^ CAMELLIA_SUBKEY_R(23), | ||
775 | dw = CAMELLIA_RL8(dw);/* round 18 */ | ||
776 | CAMELLIA_SUBKEY_R(23) = CAMELLIA_SUBKEY_L(23) ^ dw, | ||
777 | CAMELLIA_SUBKEY_L(23) = dw; | ||
778 | |||
779 | return; | ||
780 | } | ||
781 | |||
782 | |||
783 | static void camellia_setup256(const unsigned char *key, u32 *subkey) | ||
784 | { | ||
785 | u32 kll,klr,krl,krr; /* left half of key */ | ||
786 | u32 krll,krlr,krrl,krrr; /* right half of key */ | ||
787 | u32 il, ir, t0, t1, w0, w1; /* temporary variables */ | ||
788 | u32 kw4l, kw4r, dw, tl, tr; | ||
789 | u32 subL[34]; | ||
790 | u32 subR[34]; | ||
791 | |||
792 | /** | ||
793 | * key = (kll || klr || krl || krr || krll || krlr || krrl || krrr) | ||
794 | * (|| is concatination) | ||
795 | */ | ||
796 | |||
797 | kll = GETU32(key ); | ||
798 | klr = GETU32(key + 4); | ||
799 | krl = GETU32(key + 8); | ||
800 | krr = GETU32(key + 12); | ||
801 | krll = GETU32(key + 16); | ||
802 | krlr = GETU32(key + 20); | ||
803 | krrl = GETU32(key + 24); | ||
804 | krrr = GETU32(key + 28); | ||
805 | |||
806 | /* generate KL dependent subkeys */ | ||
807 | /* kw1 */ | ||
808 | SUBL(0) = kll; SUBR(0) = klr; | ||
809 | /* kw2 */ | ||
810 | SUBL(1) = krl; SUBR(1) = krr; | ||
811 | CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 45); | ||
812 | /* k9 */ | ||
813 | SUBL(12) = kll; SUBR(12) = klr; | ||
814 | /* k10 */ | ||
815 | SUBL(13) = krl; SUBR(13) = krr; | ||
816 | CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15); | ||
817 | /* kl3 */ | ||
818 | SUBL(16) = kll; SUBR(16) = klr; | ||
819 | /* kl4 */ | ||
820 | SUBL(17) = krl; SUBR(17) = krr; | ||
821 | CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17); | ||
822 | /* k17 */ | ||
823 | SUBL(22) = kll; SUBR(22) = klr; | ||
824 | /* k18 */ | ||
825 | SUBL(23) = krl; SUBR(23) = krr; | ||
826 | CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 34); | ||
827 | /* k23 */ | ||
828 | SUBL(30) = kll; SUBR(30) = klr; | ||
829 | /* k24 */ | ||
830 | SUBL(31) = krl; SUBR(31) = krr; | ||
831 | |||
832 | /* generate KR dependent subkeys */ | ||
833 | CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 15); | ||
834 | /* k3 */ | ||
835 | SUBL(4) = krll; SUBR(4) = krlr; | ||
836 | /* k4 */ | ||
837 | SUBL(5) = krrl; SUBR(5) = krrr; | ||
838 | CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 15); | ||
839 | /* kl1 */ | ||
840 | SUBL(8) = krll; SUBR(8) = krlr; | ||
841 | /* kl2 */ | ||
842 | SUBL(9) = krrl; SUBR(9) = krrr; | ||
843 | CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30); | ||
844 | /* k13 */ | ||
845 | SUBL(18) = krll; SUBR(18) = krlr; | ||
846 | /* k14 */ | ||
847 | SUBL(19) = krrl; SUBR(19) = krrr; | ||
848 | CAMELLIA_ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 34); | ||
849 | /* k19 */ | ||
850 | SUBL(26) = krll; SUBR(26) = krlr; | ||
851 | /* k20 */ | ||
852 | SUBL(27) = krrl; SUBR(27) = krrr; | ||
853 | CAMELLIA_ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 34); | ||
854 | |||
855 | /* generate KA */ | ||
856 | kll = SUBL(0) ^ krll; klr = SUBR(0) ^ krlr; | ||
857 | krl = SUBL(1) ^ krrl; krr = SUBR(1) ^ krrr; | ||
858 | CAMELLIA_F(kll, klr, | ||
859 | CAMELLIA_SIGMA1L, CAMELLIA_SIGMA1R, | ||
860 | w0, w1, il, ir, t0, t1); | ||
861 | krl ^= w0; krr ^= w1; | ||
862 | CAMELLIA_F(krl, krr, | ||
863 | CAMELLIA_SIGMA2L, CAMELLIA_SIGMA2R, | ||
864 | kll, klr, il, ir, t0, t1); | ||
865 | kll ^= krll; klr ^= krlr; | ||
866 | CAMELLIA_F(kll, klr, | ||
867 | CAMELLIA_SIGMA3L, CAMELLIA_SIGMA3R, | ||
868 | krl, krr, il, ir, t0, t1); | ||
869 | krl ^= w0 ^ krrl; krr ^= w1 ^ krrr; | ||
870 | CAMELLIA_F(krl, krr, | ||
871 | CAMELLIA_SIGMA4L, CAMELLIA_SIGMA4R, | ||
872 | w0, w1, il, ir, t0, t1); | ||
873 | kll ^= w0; klr ^= w1; | ||
874 | |||
875 | /* generate KB */ | ||
876 | krll ^= kll; krlr ^= klr; | ||
877 | krrl ^= krl; krrr ^= krr; | ||
878 | CAMELLIA_F(krll, krlr, | ||
879 | CAMELLIA_SIGMA5L, CAMELLIA_SIGMA5R, | ||
880 | w0, w1, il, ir, t0, t1); | ||
881 | krrl ^= w0; krrr ^= w1; | ||
882 | CAMELLIA_F(krrl, krrr, | ||
883 | CAMELLIA_SIGMA6L, CAMELLIA_SIGMA6R, | ||
884 | w0, w1, il, ir, t0, t1); | ||
885 | krll ^= w0; krlr ^= w1; | ||
886 | |||
887 | /* generate KA dependent subkeys */ | ||
888 | CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15); | ||
889 | /* k5 */ | ||
890 | SUBL(6) = kll; SUBR(6) = klr; | ||
891 | /* k6 */ | ||
892 | SUBL(7) = krl; SUBR(7) = krr; | ||
893 | CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 30); | ||
894 | /* k11 */ | ||
895 | SUBL(14) = kll; SUBR(14) = klr; | ||
896 | /* k12 */ | ||
897 | SUBL(15) = krl; SUBR(15) = krr; | ||
898 | /* rotation left shift 32bit */ | ||
899 | /* kl5 */ | ||
900 | SUBL(24) = klr; SUBR(24) = krl; | ||
901 | /* kl6 */ | ||
902 | SUBL(25) = krr; SUBR(25) = kll; | ||
903 | /* rotation left shift 49 from k11,k12 -> k21,k22 */ | ||
904 | CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 49); | ||
905 | /* k21 */ | ||
906 | SUBL(28) = kll; SUBR(28) = klr; | ||
907 | /* k22 */ | ||
908 | SUBL(29) = krl; SUBR(29) = krr; | ||
909 | |||
910 | /* generate KB dependent subkeys */ | ||
911 | /* k1 */ | ||
912 | SUBL(2) = krll; SUBR(2) = krlr; | ||
913 | /* k2 */ | ||
914 | SUBL(3) = krrl; SUBR(3) = krrr; | ||
915 | CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30); | ||
916 | /* k7 */ | ||
917 | SUBL(10) = krll; SUBR(10) = krlr; | ||
918 | /* k8 */ | ||
919 | SUBL(11) = krrl; SUBR(11) = krrr; | ||
920 | CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30); | ||
921 | /* k15 */ | ||
922 | SUBL(20) = krll; SUBR(20) = krlr; | ||
923 | /* k16 */ | ||
924 | SUBL(21) = krrl; SUBR(21) = krrr; | ||
925 | CAMELLIA_ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 51); | ||
926 | /* kw3 */ | ||
927 | SUBL(32) = krll; SUBR(32) = krlr; | ||
928 | /* kw4 */ | ||
929 | SUBL(33) = krrl; SUBR(33) = krrr; | ||
930 | |||
931 | /* absorb kw2 to other subkeys */ | ||
932 | /* round 2 */ | ||
933 | SUBL(3) ^= SUBL(1); SUBR(3) ^= SUBR(1); | ||
934 | /* round 4 */ | ||
935 | SUBL(5) ^= SUBL(1); SUBR(5) ^= SUBR(1); | ||
936 | /* round 6 */ | ||
937 | SUBL(7) ^= SUBL(1); SUBR(7) ^= SUBR(1); | ||
938 | SUBL(1) ^= SUBR(1) & ~SUBR(9); | ||
939 | dw = SUBL(1) & SUBL(9), | ||
940 | SUBR(1) ^= CAMELLIA_RL1(dw); /* modified for FLinv(kl2) */ | ||
941 | /* round 8 */ | ||
942 | SUBL(11) ^= SUBL(1); SUBR(11) ^= SUBR(1); | ||
943 | /* round 10 */ | ||
944 | SUBL(13) ^= SUBL(1); SUBR(13) ^= SUBR(1); | ||
945 | /* round 12 */ | ||
946 | SUBL(15) ^= SUBL(1); SUBR(15) ^= SUBR(1); | ||
947 | SUBL(1) ^= SUBR(1) & ~SUBR(17); | ||
948 | dw = SUBL(1) & SUBL(17), | ||
949 | SUBR(1) ^= CAMELLIA_RL1(dw); /* modified for FLinv(kl4) */ | ||
950 | /* round 14 */ | ||
951 | SUBL(19) ^= SUBL(1); SUBR(19) ^= SUBR(1); | ||
952 | /* round 16 */ | ||
953 | SUBL(21) ^= SUBL(1); SUBR(21) ^= SUBR(1); | ||
954 | /* round 18 */ | ||
955 | SUBL(23) ^= SUBL(1); SUBR(23) ^= SUBR(1); | ||
956 | SUBL(1) ^= SUBR(1) & ~SUBR(25); | ||
957 | dw = SUBL(1) & SUBL(25), | ||
958 | SUBR(1) ^= CAMELLIA_RL1(dw); /* modified for FLinv(kl6) */ | ||
959 | /* round 20 */ | ||
960 | SUBL(27) ^= SUBL(1); SUBR(27) ^= SUBR(1); | ||
961 | /* round 22 */ | ||
962 | SUBL(29) ^= SUBL(1); SUBR(29) ^= SUBR(1); | ||
963 | /* round 24 */ | ||
964 | SUBL(31) ^= SUBL(1); SUBR(31) ^= SUBR(1); | ||
965 | /* kw3 */ | ||
966 | SUBL(32) ^= SUBL(1); SUBR(32) ^= SUBR(1); | ||
967 | |||
968 | |||
969 | /* absorb kw4 to other subkeys */ | ||
970 | kw4l = SUBL(33); kw4r = SUBR(33); | ||
971 | /* round 23 */ | ||
972 | SUBL(30) ^= kw4l; SUBR(30) ^= kw4r; | ||
973 | /* round 21 */ | ||
974 | SUBL(28) ^= kw4l; SUBR(28) ^= kw4r; | ||
975 | /* round 19 */ | ||
976 | SUBL(26) ^= kw4l; SUBR(26) ^= kw4r; | ||
977 | kw4l ^= kw4r & ~SUBR(24); | ||
978 | dw = kw4l & SUBL(24), | ||
979 | kw4r ^= CAMELLIA_RL1(dw); /* modified for FL(kl5) */ | ||
980 | /* round 17 */ | ||
981 | SUBL(22) ^= kw4l; SUBR(22) ^= kw4r; | ||
982 | /* round 15 */ | ||
983 | SUBL(20) ^= kw4l; SUBR(20) ^= kw4r; | ||
984 | /* round 13 */ | ||
985 | SUBL(18) ^= kw4l; SUBR(18) ^= kw4r; | ||
986 | kw4l ^= kw4r & ~SUBR(16); | ||
987 | dw = kw4l & SUBL(16), | ||
988 | kw4r ^= CAMELLIA_RL1(dw); /* modified for FL(kl3) */ | ||
989 | /* round 11 */ | ||
990 | SUBL(14) ^= kw4l; SUBR(14) ^= kw4r; | ||
991 | /* round 9 */ | ||
992 | SUBL(12) ^= kw4l; SUBR(12) ^= kw4r; | ||
993 | /* round 7 */ | ||
994 | SUBL(10) ^= kw4l; SUBR(10) ^= kw4r; | ||
995 | kw4l ^= kw4r & ~SUBR(8); | ||
996 | dw = kw4l & SUBL(8), | ||
997 | kw4r ^= CAMELLIA_RL1(dw); /* modified for FL(kl1) */ | ||
998 | /* round 5 */ | ||
999 | SUBL(6) ^= kw4l; SUBR(6) ^= kw4r; | ||
1000 | /* round 3 */ | ||
1001 | SUBL(4) ^= kw4l; SUBR(4) ^= kw4r; | ||
1002 | /* round 1 */ | ||
1003 | SUBL(2) ^= kw4l; SUBR(2) ^= kw4r; | ||
1004 | /* kw1 */ | ||
1005 | SUBL(0) ^= kw4l; SUBR(0) ^= kw4r; | ||
1006 | |||
1007 | /* key XOR is end of F-function */ | ||
1008 | CAMELLIA_SUBKEY_L(0) = SUBL(0) ^ SUBL(2);/* kw1 */ | ||
1009 | CAMELLIA_SUBKEY_R(0) = SUBR(0) ^ SUBR(2); | ||
1010 | CAMELLIA_SUBKEY_L(2) = SUBL(3); /* round 1 */ | ||
1011 | CAMELLIA_SUBKEY_R(2) = SUBR(3); | ||
1012 | CAMELLIA_SUBKEY_L(3) = SUBL(2) ^ SUBL(4); /* round 2 */ | ||
1013 | CAMELLIA_SUBKEY_R(3) = SUBR(2) ^ SUBR(4); | ||
1014 | CAMELLIA_SUBKEY_L(4) = SUBL(3) ^ SUBL(5); /* round 3 */ | ||
1015 | CAMELLIA_SUBKEY_R(4) = SUBR(3) ^ SUBR(5); | ||
1016 | CAMELLIA_SUBKEY_L(5) = SUBL(4) ^ SUBL(6); /* round 4 */ | ||
1017 | CAMELLIA_SUBKEY_R(5) = SUBR(4) ^ SUBR(6); | ||
1018 | CAMELLIA_SUBKEY_L(6) = SUBL(5) ^ SUBL(7); /* round 5 */ | ||
1019 | CAMELLIA_SUBKEY_R(6) = SUBR(5) ^ SUBR(7); | ||
1020 | tl = SUBL(10) ^ (SUBR(10) & ~SUBR(8)); | ||
1021 | dw = tl & SUBL(8), /* FL(kl1) */ | ||
1022 | tr = SUBR(10) ^ CAMELLIA_RL1(dw); | ||
1023 | CAMELLIA_SUBKEY_L(7) = SUBL(6) ^ tl; /* round 6 */ | ||
1024 | CAMELLIA_SUBKEY_R(7) = SUBR(6) ^ tr; | ||
1025 | CAMELLIA_SUBKEY_L(8) = SUBL(8); /* FL(kl1) */ | ||
1026 | CAMELLIA_SUBKEY_R(8) = SUBR(8); | ||
1027 | CAMELLIA_SUBKEY_L(9) = SUBL(9); /* FLinv(kl2) */ | ||
1028 | CAMELLIA_SUBKEY_R(9) = SUBR(9); | ||
1029 | tl = SUBL(7) ^ (SUBR(7) & ~SUBR(9)); | ||
1030 | dw = tl & SUBL(9), /* FLinv(kl2) */ | ||
1031 | tr = SUBR(7) ^ CAMELLIA_RL1(dw); | ||
1032 | CAMELLIA_SUBKEY_L(10) = tl ^ SUBL(11); /* round 7 */ | ||
1033 | CAMELLIA_SUBKEY_R(10) = tr ^ SUBR(11); | ||
1034 | CAMELLIA_SUBKEY_L(11) = SUBL(10) ^ SUBL(12); /* round 8 */ | ||
1035 | CAMELLIA_SUBKEY_R(11) = SUBR(10) ^ SUBR(12); | ||
1036 | CAMELLIA_SUBKEY_L(12) = SUBL(11) ^ SUBL(13); /* round 9 */ | ||
1037 | CAMELLIA_SUBKEY_R(12) = SUBR(11) ^ SUBR(13); | ||
1038 | CAMELLIA_SUBKEY_L(13) = SUBL(12) ^ SUBL(14); /* round 10 */ | ||
1039 | CAMELLIA_SUBKEY_R(13) = SUBR(12) ^ SUBR(14); | ||
1040 | CAMELLIA_SUBKEY_L(14) = SUBL(13) ^ SUBL(15); /* round 11 */ | ||
1041 | CAMELLIA_SUBKEY_R(14) = SUBR(13) ^ SUBR(15); | ||
1042 | tl = SUBL(18) ^ (SUBR(18) & ~SUBR(16)); | ||
1043 | dw = tl & SUBL(16), /* FL(kl3) */ | ||
1044 | tr = SUBR(18) ^ CAMELLIA_RL1(dw); | ||
1045 | CAMELLIA_SUBKEY_L(15) = SUBL(14) ^ tl; /* round 12 */ | ||
1046 | CAMELLIA_SUBKEY_R(15) = SUBR(14) ^ tr; | ||
1047 | CAMELLIA_SUBKEY_L(16) = SUBL(16); /* FL(kl3) */ | ||
1048 | CAMELLIA_SUBKEY_R(16) = SUBR(16); | ||
1049 | CAMELLIA_SUBKEY_L(17) = SUBL(17); /* FLinv(kl4) */ | ||
1050 | CAMELLIA_SUBKEY_R(17) = SUBR(17); | ||
1051 | tl = SUBL(15) ^ (SUBR(15) & ~SUBR(17)); | ||
1052 | dw = tl & SUBL(17), /* FLinv(kl4) */ | ||
1053 | tr = SUBR(15) ^ CAMELLIA_RL1(dw); | ||
1054 | CAMELLIA_SUBKEY_L(18) = tl ^ SUBL(19); /* round 13 */ | ||
1055 | CAMELLIA_SUBKEY_R(18) = tr ^ SUBR(19); | ||
1056 | CAMELLIA_SUBKEY_L(19) = SUBL(18) ^ SUBL(20); /* round 14 */ | ||
1057 | CAMELLIA_SUBKEY_R(19) = SUBR(18) ^ SUBR(20); | ||
1058 | CAMELLIA_SUBKEY_L(20) = SUBL(19) ^ SUBL(21); /* round 15 */ | ||
1059 | CAMELLIA_SUBKEY_R(20) = SUBR(19) ^ SUBR(21); | ||
1060 | CAMELLIA_SUBKEY_L(21) = SUBL(20) ^ SUBL(22); /* round 16 */ | ||
1061 | CAMELLIA_SUBKEY_R(21) = SUBR(20) ^ SUBR(22); | ||
1062 | CAMELLIA_SUBKEY_L(22) = SUBL(21) ^ SUBL(23); /* round 17 */ | ||
1063 | CAMELLIA_SUBKEY_R(22) = SUBR(21) ^ SUBR(23); | ||
1064 | tl = SUBL(26) ^ (SUBR(26) | ||
1065 | & ~SUBR(24)); | ||
1066 | dw = tl & SUBL(24), /* FL(kl5) */ | ||
1067 | tr = SUBR(26) ^ CAMELLIA_RL1(dw); | ||
1068 | CAMELLIA_SUBKEY_L(23) = SUBL(22) ^ tl; /* round 18 */ | ||
1069 | CAMELLIA_SUBKEY_R(23) = SUBR(22) ^ tr; | ||
1070 | CAMELLIA_SUBKEY_L(24) = SUBL(24); /* FL(kl5) */ | ||
1071 | CAMELLIA_SUBKEY_R(24) = SUBR(24); | ||
1072 | CAMELLIA_SUBKEY_L(25) = SUBL(25); /* FLinv(kl6) */ | ||
1073 | CAMELLIA_SUBKEY_R(25) = SUBR(25); | ||
1074 | tl = SUBL(23) ^ (SUBR(23) & | ||
1075 | ~SUBR(25)); | ||
1076 | dw = tl & SUBL(25), /* FLinv(kl6) */ | ||
1077 | tr = SUBR(23) ^ CAMELLIA_RL1(dw); | ||
1078 | CAMELLIA_SUBKEY_L(26) = tl ^ SUBL(27); /* round 19 */ | ||
1079 | CAMELLIA_SUBKEY_R(26) = tr ^ SUBR(27); | ||
1080 | CAMELLIA_SUBKEY_L(27) = SUBL(26) ^ SUBL(28); /* round 20 */ | ||
1081 | CAMELLIA_SUBKEY_R(27) = SUBR(26) ^ SUBR(28); | ||
1082 | CAMELLIA_SUBKEY_L(28) = SUBL(27) ^ SUBL(29); /* round 21 */ | ||
1083 | CAMELLIA_SUBKEY_R(28) = SUBR(27) ^ SUBR(29); | ||
1084 | CAMELLIA_SUBKEY_L(29) = SUBL(28) ^ SUBL(30); /* round 22 */ | ||
1085 | CAMELLIA_SUBKEY_R(29) = SUBR(28) ^ SUBR(30); | ||
1086 | CAMELLIA_SUBKEY_L(30) = SUBL(29) ^ SUBL(31); /* round 23 */ | ||
1087 | CAMELLIA_SUBKEY_R(30) = SUBR(29) ^ SUBR(31); | ||
1088 | CAMELLIA_SUBKEY_L(31) = SUBL(30); /* round 24 */ | ||
1089 | CAMELLIA_SUBKEY_R(31) = SUBR(30); | ||
1090 | CAMELLIA_SUBKEY_L(32) = SUBL(32) ^ SUBL(31); /* kw3 */ | ||
1091 | CAMELLIA_SUBKEY_R(32) = SUBR(32) ^ SUBR(31); | ||
1092 | |||
1093 | /* apply the inverse of the last half of P-function */ | ||
1094 | dw = CAMELLIA_SUBKEY_L(2) ^ CAMELLIA_SUBKEY_R(2), | ||
1095 | dw = CAMELLIA_RL8(dw);/* round 1 */ | ||
1096 | CAMELLIA_SUBKEY_R(2) = CAMELLIA_SUBKEY_L(2) ^ dw, | ||
1097 | CAMELLIA_SUBKEY_L(2) = dw; | ||
1098 | dw = CAMELLIA_SUBKEY_L(3) ^ CAMELLIA_SUBKEY_R(3), | ||
1099 | dw = CAMELLIA_RL8(dw);/* round 2 */ | ||
1100 | CAMELLIA_SUBKEY_R(3) = CAMELLIA_SUBKEY_L(3) ^ dw, | ||
1101 | CAMELLIA_SUBKEY_L(3) = dw; | ||
1102 | dw = CAMELLIA_SUBKEY_L(4) ^ CAMELLIA_SUBKEY_R(4), | ||
1103 | dw = CAMELLIA_RL8(dw);/* round 3 */ | ||
1104 | CAMELLIA_SUBKEY_R(4) = CAMELLIA_SUBKEY_L(4) ^ dw, | ||
1105 | CAMELLIA_SUBKEY_L(4) = dw; | ||
1106 | dw = CAMELLIA_SUBKEY_L(5) ^ CAMELLIA_SUBKEY_R(5), | ||
1107 | dw = CAMELLIA_RL8(dw);/* round 4 */ | ||
1108 | CAMELLIA_SUBKEY_R(5) = CAMELLIA_SUBKEY_L(5) ^ dw, | ||
1109 | CAMELLIA_SUBKEY_L(5) = dw; | ||
1110 | dw = CAMELLIA_SUBKEY_L(6) ^ CAMELLIA_SUBKEY_R(6), | ||
1111 | dw = CAMELLIA_RL8(dw);/* round 5 */ | ||
1112 | CAMELLIA_SUBKEY_R(6) = CAMELLIA_SUBKEY_L(6) ^ dw, | ||
1113 | CAMELLIA_SUBKEY_L(6) = dw; | ||
1114 | dw = CAMELLIA_SUBKEY_L(7) ^ CAMELLIA_SUBKEY_R(7), | ||
1115 | dw = CAMELLIA_RL8(dw);/* round 6 */ | ||
1116 | CAMELLIA_SUBKEY_R(7) = CAMELLIA_SUBKEY_L(7) ^ dw, | ||
1117 | CAMELLIA_SUBKEY_L(7) = dw; | ||
1118 | dw = CAMELLIA_SUBKEY_L(10) ^ CAMELLIA_SUBKEY_R(10), | ||
1119 | dw = CAMELLIA_RL8(dw);/* round 7 */ | ||
1120 | CAMELLIA_SUBKEY_R(10) = CAMELLIA_SUBKEY_L(10) ^ dw, | ||
1121 | CAMELLIA_SUBKEY_L(10) = dw; | ||
1122 | dw = CAMELLIA_SUBKEY_L(11) ^ CAMELLIA_SUBKEY_R(11), | ||
1123 | dw = CAMELLIA_RL8(dw);/* round 8 */ | ||
1124 | CAMELLIA_SUBKEY_R(11) = CAMELLIA_SUBKEY_L(11) ^ dw, | ||
1125 | CAMELLIA_SUBKEY_L(11) = dw; | ||
1126 | dw = CAMELLIA_SUBKEY_L(12) ^ CAMELLIA_SUBKEY_R(12), | ||
1127 | dw = CAMELLIA_RL8(dw);/* round 9 */ | ||
1128 | CAMELLIA_SUBKEY_R(12) = CAMELLIA_SUBKEY_L(12) ^ dw, | ||
1129 | CAMELLIA_SUBKEY_L(12) = dw; | ||
1130 | dw = CAMELLIA_SUBKEY_L(13) ^ CAMELLIA_SUBKEY_R(13), | ||
1131 | dw = CAMELLIA_RL8(dw);/* round 10 */ | ||
1132 | CAMELLIA_SUBKEY_R(13) = CAMELLIA_SUBKEY_L(13) ^ dw, | ||
1133 | CAMELLIA_SUBKEY_L(13) = dw; | ||
1134 | dw = CAMELLIA_SUBKEY_L(14) ^ CAMELLIA_SUBKEY_R(14), | ||
1135 | dw = CAMELLIA_RL8(dw);/* round 11 */ | ||
1136 | CAMELLIA_SUBKEY_R(14) = CAMELLIA_SUBKEY_L(14) ^ dw, | ||
1137 | CAMELLIA_SUBKEY_L(14) = dw; | ||
1138 | dw = CAMELLIA_SUBKEY_L(15) ^ CAMELLIA_SUBKEY_R(15), | ||
1139 | dw = CAMELLIA_RL8(dw);/* round 12 */ | ||
1140 | CAMELLIA_SUBKEY_R(15) = CAMELLIA_SUBKEY_L(15) ^ dw, | ||
1141 | CAMELLIA_SUBKEY_L(15) = dw; | ||
1142 | dw = CAMELLIA_SUBKEY_L(18) ^ CAMELLIA_SUBKEY_R(18), | ||
1143 | dw = CAMELLIA_RL8(dw);/* round 13 */ | ||
1144 | CAMELLIA_SUBKEY_R(18) = CAMELLIA_SUBKEY_L(18) ^ dw, | ||
1145 | CAMELLIA_SUBKEY_L(18) = dw; | ||
1146 | dw = CAMELLIA_SUBKEY_L(19) ^ CAMELLIA_SUBKEY_R(19), | ||
1147 | dw = CAMELLIA_RL8(dw);/* round 14 */ | ||
1148 | CAMELLIA_SUBKEY_R(19) = CAMELLIA_SUBKEY_L(19) ^ dw, | ||
1149 | CAMELLIA_SUBKEY_L(19) = dw; | ||
1150 | dw = CAMELLIA_SUBKEY_L(20) ^ CAMELLIA_SUBKEY_R(20), | ||
1151 | dw = CAMELLIA_RL8(dw);/* round 15 */ | ||
1152 | CAMELLIA_SUBKEY_R(20) = CAMELLIA_SUBKEY_L(20) ^ dw, | ||
1153 | CAMELLIA_SUBKEY_L(20) = dw; | ||
1154 | dw = CAMELLIA_SUBKEY_L(21) ^ CAMELLIA_SUBKEY_R(21), | ||
1155 | dw = CAMELLIA_RL8(dw);/* round 16 */ | ||
1156 | CAMELLIA_SUBKEY_R(21) = CAMELLIA_SUBKEY_L(21) ^ dw, | ||
1157 | CAMELLIA_SUBKEY_L(21) = dw; | ||
1158 | dw = CAMELLIA_SUBKEY_L(22) ^ CAMELLIA_SUBKEY_R(22), | ||
1159 | dw = CAMELLIA_RL8(dw);/* round 17 */ | ||
1160 | CAMELLIA_SUBKEY_R(22) = CAMELLIA_SUBKEY_L(22) ^ dw, | ||
1161 | CAMELLIA_SUBKEY_L(22) = dw; | ||
1162 | dw = CAMELLIA_SUBKEY_L(23) ^ CAMELLIA_SUBKEY_R(23), | ||
1163 | dw = CAMELLIA_RL8(dw);/* round 18 */ | ||
1164 | CAMELLIA_SUBKEY_R(23) = CAMELLIA_SUBKEY_L(23) ^ dw, | ||
1165 | CAMELLIA_SUBKEY_L(23) = dw; | ||
1166 | dw = CAMELLIA_SUBKEY_L(26) ^ CAMELLIA_SUBKEY_R(26), | ||
1167 | dw = CAMELLIA_RL8(dw);/* round 19 */ | ||
1168 | CAMELLIA_SUBKEY_R(26) = CAMELLIA_SUBKEY_L(26) ^ dw, | ||
1169 | CAMELLIA_SUBKEY_L(26) = dw; | ||
1170 | dw = CAMELLIA_SUBKEY_L(27) ^ CAMELLIA_SUBKEY_R(27), | ||
1171 | dw = CAMELLIA_RL8(dw);/* round 20 */ | ||
1172 | CAMELLIA_SUBKEY_R(27) = CAMELLIA_SUBKEY_L(27) ^ dw, | ||
1173 | CAMELLIA_SUBKEY_L(27) = dw; | ||
1174 | dw = CAMELLIA_SUBKEY_L(28) ^ CAMELLIA_SUBKEY_R(28), | ||
1175 | dw = CAMELLIA_RL8(dw);/* round 21 */ | ||
1176 | CAMELLIA_SUBKEY_R(28) = CAMELLIA_SUBKEY_L(28) ^ dw, | ||
1177 | CAMELLIA_SUBKEY_L(28) = dw; | ||
1178 | dw = CAMELLIA_SUBKEY_L(29) ^ CAMELLIA_SUBKEY_R(29), | ||
1179 | dw = CAMELLIA_RL8(dw);/* round 22 */ | ||
1180 | CAMELLIA_SUBKEY_R(29) = CAMELLIA_SUBKEY_L(29) ^ dw, | ||
1181 | CAMELLIA_SUBKEY_L(29) = dw; | ||
1182 | dw = CAMELLIA_SUBKEY_L(30) ^ CAMELLIA_SUBKEY_R(30), | ||
1183 | dw = CAMELLIA_RL8(dw);/* round 23 */ | ||
1184 | CAMELLIA_SUBKEY_R(30) = CAMELLIA_SUBKEY_L(30) ^ dw, | ||
1185 | CAMELLIA_SUBKEY_L(30) = dw; | ||
1186 | dw = CAMELLIA_SUBKEY_L(31) ^ CAMELLIA_SUBKEY_R(31), | ||
1187 | dw = CAMELLIA_RL8(dw);/* round 24 */ | ||
1188 | CAMELLIA_SUBKEY_R(31) = CAMELLIA_SUBKEY_L(31) ^ dw, | ||
1189 | CAMELLIA_SUBKEY_L(31) = dw; | ||
1190 | |||
1191 | return; | ||
1192 | } | ||
1193 | |||
1194 | static void camellia_setup192(const unsigned char *key, u32 *subkey) | ||
1195 | { | ||
1196 | unsigned char kk[32]; | ||
1197 | u32 krll, krlr, krrl,krrr; | ||
1198 | |||
1199 | memcpy(kk, key, 24); | ||
1200 | memcpy((unsigned char *)&krll, key+16,4); | ||
1201 | memcpy((unsigned char *)&krlr, key+20,4); | ||
1202 | krrl = ~krll; | ||
1203 | krrr = ~krlr; | ||
1204 | memcpy(kk+24, (unsigned char *)&krrl, 4); | ||
1205 | memcpy(kk+28, (unsigned char *)&krrr, 4); | ||
1206 | camellia_setup256(kk, subkey); | ||
1207 | return; | ||
1208 | } | ||
1209 | |||
1210 | |||
1211 | /** | ||
1212 | * Stuff related to camellia encryption/decryption | ||
1213 | */ | ||
1214 | static void camellia_encrypt128(const u32 *subkey, __be32 *io_text) | ||
1215 | { | ||
1216 | u32 il,ir,t0,t1; /* temporary valiables */ | ||
1217 | |||
1218 | u32 io[4]; | ||
1219 | |||
1220 | io[0] = be32_to_cpu(io_text[0]); | ||
1221 | io[1] = be32_to_cpu(io_text[1]); | ||
1222 | io[2] = be32_to_cpu(io_text[2]); | ||
1223 | io[3] = be32_to_cpu(io_text[3]); | ||
1224 | |||
1225 | /* pre whitening but absorb kw2*/ | ||
1226 | io[0] ^= CAMELLIA_SUBKEY_L(0); | ||
1227 | io[1] ^= CAMELLIA_SUBKEY_R(0); | ||
1228 | /* main iteration */ | ||
1229 | |||
1230 | CAMELLIA_ROUNDSM(io[0],io[1], | ||
1231 | CAMELLIA_SUBKEY_L(2),CAMELLIA_SUBKEY_R(2), | ||
1232 | io[2],io[3],il,ir,t0,t1); | ||
1233 | CAMELLIA_ROUNDSM(io[2],io[3], | ||
1234 | CAMELLIA_SUBKEY_L(3),CAMELLIA_SUBKEY_R(3), | ||
1235 | io[0],io[1],il,ir,t0,t1); | ||
1236 | CAMELLIA_ROUNDSM(io[0],io[1], | ||
1237 | CAMELLIA_SUBKEY_L(4),CAMELLIA_SUBKEY_R(4), | ||
1238 | io[2],io[3],il,ir,t0,t1); | ||
1239 | CAMELLIA_ROUNDSM(io[2],io[3], | ||
1240 | CAMELLIA_SUBKEY_L(5),CAMELLIA_SUBKEY_R(5), | ||
1241 | io[0],io[1],il,ir,t0,t1); | ||
1242 | CAMELLIA_ROUNDSM(io[0],io[1], | ||
1243 | CAMELLIA_SUBKEY_L(6),CAMELLIA_SUBKEY_R(6), | ||
1244 | io[2],io[3],il,ir,t0,t1); | ||
1245 | CAMELLIA_ROUNDSM(io[2],io[3], | ||
1246 | CAMELLIA_SUBKEY_L(7),CAMELLIA_SUBKEY_R(7), | ||
1247 | io[0],io[1],il,ir,t0,t1); | ||
1248 | |||
1249 | CAMELLIA_FLS(io[0],io[1],io[2],io[3], | ||
1250 | CAMELLIA_SUBKEY_L(8),CAMELLIA_SUBKEY_R(8), | ||
1251 | CAMELLIA_SUBKEY_L(9),CAMELLIA_SUBKEY_R(9), | ||
1252 | t0,t1,il,ir); | ||
1253 | |||
1254 | CAMELLIA_ROUNDSM(io[0],io[1], | ||
1255 | CAMELLIA_SUBKEY_L(10),CAMELLIA_SUBKEY_R(10), | ||
1256 | io[2],io[3],il,ir,t0,t1); | ||
1257 | CAMELLIA_ROUNDSM(io[2],io[3], | ||
1258 | CAMELLIA_SUBKEY_L(11),CAMELLIA_SUBKEY_R(11), | ||
1259 | io[0],io[1],il,ir,t0,t1); | ||
1260 | CAMELLIA_ROUNDSM(io[0],io[1], | ||
1261 | CAMELLIA_SUBKEY_L(12),CAMELLIA_SUBKEY_R(12), | ||
1262 | io[2],io[3],il,ir,t0,t1); | ||
1263 | CAMELLIA_ROUNDSM(io[2],io[3], | ||
1264 | CAMELLIA_SUBKEY_L(13),CAMELLIA_SUBKEY_R(13), | ||
1265 | io[0],io[1],il,ir,t0,t1); | ||
1266 | CAMELLIA_ROUNDSM(io[0],io[1], | ||
1267 | CAMELLIA_SUBKEY_L(14),CAMELLIA_SUBKEY_R(14), | ||
1268 | io[2],io[3],il,ir,t0,t1); | ||
1269 | CAMELLIA_ROUNDSM(io[2],io[3], | ||
1270 | CAMELLIA_SUBKEY_L(15),CAMELLIA_SUBKEY_R(15), | ||
1271 | io[0],io[1],il,ir,t0,t1); | ||
1272 | |||
1273 | CAMELLIA_FLS(io[0],io[1],io[2],io[3], | ||
1274 | CAMELLIA_SUBKEY_L(16),CAMELLIA_SUBKEY_R(16), | ||
1275 | CAMELLIA_SUBKEY_L(17),CAMELLIA_SUBKEY_R(17), | ||
1276 | t0,t1,il,ir); | ||
1277 | |||
1278 | CAMELLIA_ROUNDSM(io[0],io[1], | ||
1279 | CAMELLIA_SUBKEY_L(18),CAMELLIA_SUBKEY_R(18), | ||
1280 | io[2],io[3],il,ir,t0,t1); | ||
1281 | CAMELLIA_ROUNDSM(io[2],io[3], | ||
1282 | CAMELLIA_SUBKEY_L(19),CAMELLIA_SUBKEY_R(19), | ||
1283 | io[0],io[1],il,ir,t0,t1); | ||
1284 | CAMELLIA_ROUNDSM(io[0],io[1], | ||
1285 | CAMELLIA_SUBKEY_L(20),CAMELLIA_SUBKEY_R(20), | ||
1286 | io[2],io[3],il,ir,t0,t1); | ||
1287 | CAMELLIA_ROUNDSM(io[2],io[3], | ||
1288 | CAMELLIA_SUBKEY_L(21),CAMELLIA_SUBKEY_R(21), | ||
1289 | io[0],io[1],il,ir,t0,t1); | ||
1290 | CAMELLIA_ROUNDSM(io[0],io[1], | ||
1291 | CAMELLIA_SUBKEY_L(22),CAMELLIA_SUBKEY_R(22), | ||
1292 | io[2],io[3],il,ir,t0,t1); | ||
1293 | CAMELLIA_ROUNDSM(io[2],io[3], | ||
1294 | CAMELLIA_SUBKEY_L(23),CAMELLIA_SUBKEY_R(23), | ||
1295 | io[0],io[1],il,ir,t0,t1); | ||
1296 | |||
1297 | /* post whitening but kw4 */ | ||
1298 | io[2] ^= CAMELLIA_SUBKEY_L(24); | ||
1299 | io[3] ^= CAMELLIA_SUBKEY_R(24); | ||
1300 | |||
1301 | t0 = io[0]; | ||
1302 | t1 = io[1]; | ||
1303 | io[0] = io[2]; | ||
1304 | io[1] = io[3]; | ||
1305 | io[2] = t0; | ||
1306 | io[3] = t1; | ||
1307 | |||
1308 | io_text[0] = cpu_to_be32(io[0]); | ||
1309 | io_text[1] = cpu_to_be32(io[1]); | ||
1310 | io_text[2] = cpu_to_be32(io[2]); | ||
1311 | io_text[3] = cpu_to_be32(io[3]); | ||
1312 | |||
1313 | return; | ||
1314 | } | ||
1315 | |||
1316 | static void camellia_decrypt128(const u32 *subkey, __be32 *io_text) | ||
1317 | { | ||
1318 | u32 il,ir,t0,t1; /* temporary valiables */ | ||
1319 | |||
1320 | u32 io[4]; | ||
1321 | |||
1322 | io[0] = be32_to_cpu(io_text[0]); | ||
1323 | io[1] = be32_to_cpu(io_text[1]); | ||
1324 | io[2] = be32_to_cpu(io_text[2]); | ||
1325 | io[3] = be32_to_cpu(io_text[3]); | ||
1326 | |||
1327 | /* pre whitening but absorb kw2*/ | ||
1328 | io[0] ^= CAMELLIA_SUBKEY_L(24); | ||
1329 | io[1] ^= CAMELLIA_SUBKEY_R(24); | ||
1330 | |||
1331 | /* main iteration */ | ||
1332 | CAMELLIA_ROUNDSM(io[0],io[1], | ||
1333 | CAMELLIA_SUBKEY_L(23),CAMELLIA_SUBKEY_R(23), | ||
1334 | io[2],io[3],il,ir,t0,t1); | ||
1335 | CAMELLIA_ROUNDSM(io[2],io[3], | ||
1336 | CAMELLIA_SUBKEY_L(22),CAMELLIA_SUBKEY_R(22), | ||
1337 | io[0],io[1],il,ir,t0,t1); | ||
1338 | CAMELLIA_ROUNDSM(io[0],io[1], | ||
1339 | CAMELLIA_SUBKEY_L(21),CAMELLIA_SUBKEY_R(21), | ||
1340 | io[2],io[3],il,ir,t0,t1); | ||
1341 | CAMELLIA_ROUNDSM(io[2],io[3], | ||
1342 | CAMELLIA_SUBKEY_L(20),CAMELLIA_SUBKEY_R(20), | ||
1343 | io[0],io[1],il,ir,t0,t1); | ||
1344 | CAMELLIA_ROUNDSM(io[0],io[1], | ||
1345 | CAMELLIA_SUBKEY_L(19),CAMELLIA_SUBKEY_R(19), | ||
1346 | io[2],io[3],il,ir,t0,t1); | ||
1347 | CAMELLIA_ROUNDSM(io[2],io[3], | ||
1348 | CAMELLIA_SUBKEY_L(18),CAMELLIA_SUBKEY_R(18), | ||
1349 | io[0],io[1],il,ir,t0,t1); | ||
1350 | |||
1351 | CAMELLIA_FLS(io[0],io[1],io[2],io[3], | ||
1352 | CAMELLIA_SUBKEY_L(17),CAMELLIA_SUBKEY_R(17), | ||
1353 | CAMELLIA_SUBKEY_L(16),CAMELLIA_SUBKEY_R(16), | ||
1354 | t0,t1,il,ir); | ||
1355 | |||
1356 | CAMELLIA_ROUNDSM(io[0],io[1], | ||
1357 | CAMELLIA_SUBKEY_L(15),CAMELLIA_SUBKEY_R(15), | ||
1358 | io[2],io[3],il,ir,t0,t1); | ||
1359 | CAMELLIA_ROUNDSM(io[2],io[3], | ||
1360 | CAMELLIA_SUBKEY_L(14),CAMELLIA_SUBKEY_R(14), | ||
1361 | io[0],io[1],il,ir,t0,t1); | ||
1362 | CAMELLIA_ROUNDSM(io[0],io[1], | ||
1363 | CAMELLIA_SUBKEY_L(13),CAMELLIA_SUBKEY_R(13), | ||
1364 | io[2],io[3],il,ir,t0,t1); | ||
1365 | CAMELLIA_ROUNDSM(io[2],io[3], | ||
1366 | CAMELLIA_SUBKEY_L(12),CAMELLIA_SUBKEY_R(12), | ||
1367 | io[0],io[1],il,ir,t0,t1); | ||
1368 | CAMELLIA_ROUNDSM(io[0],io[1], | ||
1369 | CAMELLIA_SUBKEY_L(11),CAMELLIA_SUBKEY_R(11), | ||
1370 | io[2],io[3],il,ir,t0,t1); | ||
1371 | CAMELLIA_ROUNDSM(io[2],io[3], | ||
1372 | CAMELLIA_SUBKEY_L(10),CAMELLIA_SUBKEY_R(10), | ||
1373 | io[0],io[1],il,ir,t0,t1); | ||
1374 | |||
1375 | CAMELLIA_FLS(io[0],io[1],io[2],io[3], | ||
1376 | CAMELLIA_SUBKEY_L(9),CAMELLIA_SUBKEY_R(9), | ||
1377 | CAMELLIA_SUBKEY_L(8),CAMELLIA_SUBKEY_R(8), | ||
1378 | t0,t1,il,ir); | ||
1379 | |||
1380 | CAMELLIA_ROUNDSM(io[0],io[1], | ||
1381 | CAMELLIA_SUBKEY_L(7),CAMELLIA_SUBKEY_R(7), | ||
1382 | io[2],io[3],il,ir,t0,t1); | ||
1383 | CAMELLIA_ROUNDSM(io[2],io[3], | ||
1384 | CAMELLIA_SUBKEY_L(6),CAMELLIA_SUBKEY_R(6), | ||
1385 | io[0],io[1],il,ir,t0,t1); | ||
1386 | CAMELLIA_ROUNDSM(io[0],io[1], | ||
1387 | CAMELLIA_SUBKEY_L(5),CAMELLIA_SUBKEY_R(5), | ||
1388 | io[2],io[3],il,ir,t0,t1); | ||
1389 | CAMELLIA_ROUNDSM(io[2],io[3], | ||
1390 | CAMELLIA_SUBKEY_L(4),CAMELLIA_SUBKEY_R(4), | ||
1391 | io[0],io[1],il,ir,t0,t1); | ||
1392 | CAMELLIA_ROUNDSM(io[0],io[1], | ||
1393 | CAMELLIA_SUBKEY_L(3),CAMELLIA_SUBKEY_R(3), | ||
1394 | io[2],io[3],il,ir,t0,t1); | ||
1395 | CAMELLIA_ROUNDSM(io[2],io[3], | ||
1396 | CAMELLIA_SUBKEY_L(2),CAMELLIA_SUBKEY_R(2), | ||
1397 | io[0],io[1],il,ir,t0,t1); | ||
1398 | |||
1399 | /* post whitening but kw4 */ | ||
1400 | io[2] ^= CAMELLIA_SUBKEY_L(0); | ||
1401 | io[3] ^= CAMELLIA_SUBKEY_R(0); | ||
1402 | |||
1403 | t0 = io[0]; | ||
1404 | t1 = io[1]; | ||
1405 | io[0] = io[2]; | ||
1406 | io[1] = io[3]; | ||
1407 | io[2] = t0; | ||
1408 | io[3] = t1; | ||
1409 | |||
1410 | io_text[0] = cpu_to_be32(io[0]); | ||
1411 | io_text[1] = cpu_to_be32(io[1]); | ||
1412 | io_text[2] = cpu_to_be32(io[2]); | ||
1413 | io_text[3] = cpu_to_be32(io[3]); | ||
1414 | |||
1415 | return; | ||
1416 | } | ||
1417 | |||
1418 | |||
1419 | /** | ||
1420 | * stuff for 192 and 256bit encryption/decryption | ||
1421 | */ | ||
1422 | static void camellia_encrypt256(const u32 *subkey, __be32 *io_text) | ||
1423 | { | ||
1424 | u32 il,ir,t0,t1; /* temporary valiables */ | ||
1425 | |||
1426 | u32 io[4]; | ||
1427 | |||
1428 | io[0] = be32_to_cpu(io_text[0]); | ||
1429 | io[1] = be32_to_cpu(io_text[1]); | ||
1430 | io[2] = be32_to_cpu(io_text[2]); | ||
1431 | io[3] = be32_to_cpu(io_text[3]); | ||
1432 | |||
1433 | /* pre whitening but absorb kw2*/ | ||
1434 | io[0] ^= CAMELLIA_SUBKEY_L(0); | ||
1435 | io[1] ^= CAMELLIA_SUBKEY_R(0); | ||
1436 | |||
1437 | /* main iteration */ | ||
1438 | CAMELLIA_ROUNDSM(io[0],io[1], | ||
1439 | CAMELLIA_SUBKEY_L(2),CAMELLIA_SUBKEY_R(2), | ||
1440 | io[2],io[3],il,ir,t0,t1); | ||
1441 | CAMELLIA_ROUNDSM(io[2],io[3], | ||
1442 | CAMELLIA_SUBKEY_L(3),CAMELLIA_SUBKEY_R(3), | ||
1443 | io[0],io[1],il,ir,t0,t1); | ||
1444 | CAMELLIA_ROUNDSM(io[0],io[1], | ||
1445 | CAMELLIA_SUBKEY_L(4),CAMELLIA_SUBKEY_R(4), | ||
1446 | io[2],io[3],il,ir,t0,t1); | ||
1447 | CAMELLIA_ROUNDSM(io[2],io[3], | ||
1448 | CAMELLIA_SUBKEY_L(5),CAMELLIA_SUBKEY_R(5), | ||
1449 | io[0],io[1],il,ir,t0,t1); | ||
1450 | CAMELLIA_ROUNDSM(io[0],io[1], | ||
1451 | CAMELLIA_SUBKEY_L(6),CAMELLIA_SUBKEY_R(6), | ||
1452 | io[2],io[3],il,ir,t0,t1); | ||
1453 | CAMELLIA_ROUNDSM(io[2],io[3], | ||
1454 | CAMELLIA_SUBKEY_L(7),CAMELLIA_SUBKEY_R(7), | ||
1455 | io[0],io[1],il,ir,t0,t1); | ||
1456 | |||
1457 | CAMELLIA_FLS(io[0],io[1],io[2],io[3], | ||
1458 | CAMELLIA_SUBKEY_L(8),CAMELLIA_SUBKEY_R(8), | ||
1459 | CAMELLIA_SUBKEY_L(9),CAMELLIA_SUBKEY_R(9), | ||
1460 | t0,t1,il,ir); | ||
1461 | |||
1462 | CAMELLIA_ROUNDSM(io[0],io[1], | ||
1463 | CAMELLIA_SUBKEY_L(10),CAMELLIA_SUBKEY_R(10), | ||
1464 | io[2],io[3],il,ir,t0,t1); | ||
1465 | CAMELLIA_ROUNDSM(io[2],io[3], | ||
1466 | CAMELLIA_SUBKEY_L(11),CAMELLIA_SUBKEY_R(11), | ||
1467 | io[0],io[1],il,ir,t0,t1); | ||
1468 | CAMELLIA_ROUNDSM(io[0],io[1], | ||
1469 | CAMELLIA_SUBKEY_L(12),CAMELLIA_SUBKEY_R(12), | ||
1470 | io[2],io[3],il,ir,t0,t1); | ||
1471 | CAMELLIA_ROUNDSM(io[2],io[3], | ||
1472 | CAMELLIA_SUBKEY_L(13),CAMELLIA_SUBKEY_R(13), | ||
1473 | io[0],io[1],il,ir,t0,t1); | ||
1474 | CAMELLIA_ROUNDSM(io[0],io[1], | ||
1475 | CAMELLIA_SUBKEY_L(14),CAMELLIA_SUBKEY_R(14), | ||
1476 | io[2],io[3],il,ir,t0,t1); | ||
1477 | CAMELLIA_ROUNDSM(io[2],io[3], | ||
1478 | CAMELLIA_SUBKEY_L(15),CAMELLIA_SUBKEY_R(15), | ||
1479 | io[0],io[1],il,ir,t0,t1); | ||
1480 | |||
1481 | CAMELLIA_FLS(io[0],io[1],io[2],io[3], | ||
1482 | CAMELLIA_SUBKEY_L(16),CAMELLIA_SUBKEY_R(16), | ||
1483 | CAMELLIA_SUBKEY_L(17),CAMELLIA_SUBKEY_R(17), | ||
1484 | t0,t1,il,ir); | ||
1485 | |||
1486 | CAMELLIA_ROUNDSM(io[0],io[1], | ||
1487 | CAMELLIA_SUBKEY_L(18),CAMELLIA_SUBKEY_R(18), | ||
1488 | io[2],io[3],il,ir,t0,t1); | ||
1489 | CAMELLIA_ROUNDSM(io[2],io[3], | ||
1490 | CAMELLIA_SUBKEY_L(19),CAMELLIA_SUBKEY_R(19), | ||
1491 | io[0],io[1],il,ir,t0,t1); | ||
1492 | CAMELLIA_ROUNDSM(io[0],io[1], | ||
1493 | CAMELLIA_SUBKEY_L(20),CAMELLIA_SUBKEY_R(20), | ||
1494 | io[2],io[3],il,ir,t0,t1); | ||
1495 | CAMELLIA_ROUNDSM(io[2],io[3], | ||
1496 | CAMELLIA_SUBKEY_L(21),CAMELLIA_SUBKEY_R(21), | ||
1497 | io[0],io[1],il,ir,t0,t1); | ||
1498 | CAMELLIA_ROUNDSM(io[0],io[1], | ||
1499 | CAMELLIA_SUBKEY_L(22),CAMELLIA_SUBKEY_R(22), | ||
1500 | io[2],io[3],il,ir,t0,t1); | ||
1501 | CAMELLIA_ROUNDSM(io[2],io[3], | ||
1502 | CAMELLIA_SUBKEY_L(23),CAMELLIA_SUBKEY_R(23), | ||
1503 | io[0],io[1],il,ir,t0,t1); | ||
1504 | |||
1505 | CAMELLIA_FLS(io[0],io[1],io[2],io[3], | ||
1506 | CAMELLIA_SUBKEY_L(24),CAMELLIA_SUBKEY_R(24), | ||
1507 | CAMELLIA_SUBKEY_L(25),CAMELLIA_SUBKEY_R(25), | ||
1508 | t0,t1,il,ir); | ||
1509 | |||
1510 | CAMELLIA_ROUNDSM(io[0],io[1], | ||
1511 | CAMELLIA_SUBKEY_L(26),CAMELLIA_SUBKEY_R(26), | ||
1512 | io[2],io[3],il,ir,t0,t1); | ||
1513 | CAMELLIA_ROUNDSM(io[2],io[3], | ||
1514 | CAMELLIA_SUBKEY_L(27),CAMELLIA_SUBKEY_R(27), | ||
1515 | io[0],io[1],il,ir,t0,t1); | ||
1516 | CAMELLIA_ROUNDSM(io[0],io[1], | ||
1517 | CAMELLIA_SUBKEY_L(28),CAMELLIA_SUBKEY_R(28), | ||
1518 | io[2],io[3],il,ir,t0,t1); | ||
1519 | CAMELLIA_ROUNDSM(io[2],io[3], | ||
1520 | CAMELLIA_SUBKEY_L(29),CAMELLIA_SUBKEY_R(29), | ||
1521 | io[0],io[1],il,ir,t0,t1); | ||
1522 | CAMELLIA_ROUNDSM(io[0],io[1], | ||
1523 | CAMELLIA_SUBKEY_L(30),CAMELLIA_SUBKEY_R(30), | ||
1524 | io[2],io[3],il,ir,t0,t1); | ||
1525 | CAMELLIA_ROUNDSM(io[2],io[3], | ||
1526 | CAMELLIA_SUBKEY_L(31),CAMELLIA_SUBKEY_R(31), | ||
1527 | io[0],io[1],il,ir,t0,t1); | ||
1528 | |||
1529 | /* post whitening but kw4 */ | ||
1530 | io[2] ^= CAMELLIA_SUBKEY_L(32); | ||
1531 | io[3] ^= CAMELLIA_SUBKEY_R(32); | ||
1532 | |||
1533 | t0 = io[0]; | ||
1534 | t1 = io[1]; | ||
1535 | io[0] = io[2]; | ||
1536 | io[1] = io[3]; | ||
1537 | io[2] = t0; | ||
1538 | io[3] = t1; | ||
1539 | |||
1540 | io_text[0] = cpu_to_be32(io[0]); | ||
1541 | io_text[1] = cpu_to_be32(io[1]); | ||
1542 | io_text[2] = cpu_to_be32(io[2]); | ||
1543 | io_text[3] = cpu_to_be32(io[3]); | ||
1544 | |||
1545 | return; | ||
1546 | } | ||
1547 | |||
1548 | |||
1549 | static void camellia_decrypt256(const u32 *subkey, __be32 *io_text) | ||
1550 | { | ||
1551 | u32 il,ir,t0,t1; /* temporary valiables */ | ||
1552 | |||
1553 | u32 io[4]; | ||
1554 | |||
1555 | io[0] = be32_to_cpu(io_text[0]); | ||
1556 | io[1] = be32_to_cpu(io_text[1]); | ||
1557 | io[2] = be32_to_cpu(io_text[2]); | ||
1558 | io[3] = be32_to_cpu(io_text[3]); | ||
1559 | |||
1560 | /* pre whitening but absorb kw2*/ | ||
1561 | io[0] ^= CAMELLIA_SUBKEY_L(32); | ||
1562 | io[1] ^= CAMELLIA_SUBKEY_R(32); | ||
1563 | |||
1564 | /* main iteration */ | ||
1565 | CAMELLIA_ROUNDSM(io[0],io[1], | ||
1566 | CAMELLIA_SUBKEY_L(31),CAMELLIA_SUBKEY_R(31), | ||
1567 | io[2],io[3],il,ir,t0,t1); | ||
1568 | CAMELLIA_ROUNDSM(io[2],io[3], | ||
1569 | CAMELLIA_SUBKEY_L(30),CAMELLIA_SUBKEY_R(30), | ||
1570 | io[0],io[1],il,ir,t0,t1); | ||
1571 | CAMELLIA_ROUNDSM(io[0],io[1], | ||
1572 | CAMELLIA_SUBKEY_L(29),CAMELLIA_SUBKEY_R(29), | ||
1573 | io[2],io[3],il,ir,t0,t1); | ||
1574 | CAMELLIA_ROUNDSM(io[2],io[3], | ||
1575 | CAMELLIA_SUBKEY_L(28),CAMELLIA_SUBKEY_R(28), | ||
1576 | io[0],io[1],il,ir,t0,t1); | ||
1577 | CAMELLIA_ROUNDSM(io[0],io[1], | ||
1578 | CAMELLIA_SUBKEY_L(27),CAMELLIA_SUBKEY_R(27), | ||
1579 | io[2],io[3],il,ir,t0,t1); | ||
1580 | CAMELLIA_ROUNDSM(io[2],io[3], | ||
1581 | CAMELLIA_SUBKEY_L(26),CAMELLIA_SUBKEY_R(26), | ||
1582 | io[0],io[1],il,ir,t0,t1); | ||
1583 | |||
1584 | CAMELLIA_FLS(io[0],io[1],io[2],io[3], | ||
1585 | CAMELLIA_SUBKEY_L(25),CAMELLIA_SUBKEY_R(25), | ||
1586 | CAMELLIA_SUBKEY_L(24),CAMELLIA_SUBKEY_R(24), | ||
1587 | t0,t1,il,ir); | ||
1588 | |||
1589 | CAMELLIA_ROUNDSM(io[0],io[1], | ||
1590 | CAMELLIA_SUBKEY_L(23),CAMELLIA_SUBKEY_R(23), | ||
1591 | io[2],io[3],il,ir,t0,t1); | ||
1592 | CAMELLIA_ROUNDSM(io[2],io[3], | ||
1593 | CAMELLIA_SUBKEY_L(22),CAMELLIA_SUBKEY_R(22), | ||
1594 | io[0],io[1],il,ir,t0,t1); | ||
1595 | CAMELLIA_ROUNDSM(io[0],io[1], | ||
1596 | CAMELLIA_SUBKEY_L(21),CAMELLIA_SUBKEY_R(21), | ||
1597 | io[2],io[3],il,ir,t0,t1); | ||
1598 | CAMELLIA_ROUNDSM(io[2],io[3], | ||
1599 | CAMELLIA_SUBKEY_L(20),CAMELLIA_SUBKEY_R(20), | ||
1600 | io[0],io[1],il,ir,t0,t1); | ||
1601 | CAMELLIA_ROUNDSM(io[0],io[1], | ||
1602 | CAMELLIA_SUBKEY_L(19),CAMELLIA_SUBKEY_R(19), | ||
1603 | io[2],io[3],il,ir,t0,t1); | ||
1604 | CAMELLIA_ROUNDSM(io[2],io[3], | ||
1605 | CAMELLIA_SUBKEY_L(18),CAMELLIA_SUBKEY_R(18), | ||
1606 | io[0],io[1],il,ir,t0,t1); | ||
1607 | |||
1608 | CAMELLIA_FLS(io[0],io[1],io[2],io[3], | ||
1609 | CAMELLIA_SUBKEY_L(17),CAMELLIA_SUBKEY_R(17), | ||
1610 | CAMELLIA_SUBKEY_L(16),CAMELLIA_SUBKEY_R(16), | ||
1611 | t0,t1,il,ir); | ||
1612 | |||
1613 | CAMELLIA_ROUNDSM(io[0],io[1], | ||
1614 | CAMELLIA_SUBKEY_L(15),CAMELLIA_SUBKEY_R(15), | ||
1615 | io[2],io[3],il,ir,t0,t1); | ||
1616 | CAMELLIA_ROUNDSM(io[2],io[3], | ||
1617 | CAMELLIA_SUBKEY_L(14),CAMELLIA_SUBKEY_R(14), | ||
1618 | io[0],io[1],il,ir,t0,t1); | ||
1619 | CAMELLIA_ROUNDSM(io[0],io[1], | ||
1620 | CAMELLIA_SUBKEY_L(13),CAMELLIA_SUBKEY_R(13), | ||
1621 | io[2],io[3],il,ir,t0,t1); | ||
1622 | CAMELLIA_ROUNDSM(io[2],io[3], | ||
1623 | CAMELLIA_SUBKEY_L(12),CAMELLIA_SUBKEY_R(12), | ||
1624 | io[0],io[1],il,ir,t0,t1); | ||
1625 | CAMELLIA_ROUNDSM(io[0],io[1], | ||
1626 | CAMELLIA_SUBKEY_L(11),CAMELLIA_SUBKEY_R(11), | ||
1627 | io[2],io[3],il,ir,t0,t1); | ||
1628 | CAMELLIA_ROUNDSM(io[2],io[3], | ||
1629 | CAMELLIA_SUBKEY_L(10),CAMELLIA_SUBKEY_R(10), | ||
1630 | io[0],io[1],il,ir,t0,t1); | ||
1631 | |||
1632 | CAMELLIA_FLS(io[0],io[1],io[2],io[3], | ||
1633 | CAMELLIA_SUBKEY_L(9),CAMELLIA_SUBKEY_R(9), | ||
1634 | CAMELLIA_SUBKEY_L(8),CAMELLIA_SUBKEY_R(8), | ||
1635 | t0,t1,il,ir); | ||
1636 | |||
1637 | CAMELLIA_ROUNDSM(io[0],io[1], | ||
1638 | CAMELLIA_SUBKEY_L(7),CAMELLIA_SUBKEY_R(7), | ||
1639 | io[2],io[3],il,ir,t0,t1); | ||
1640 | CAMELLIA_ROUNDSM(io[2],io[3], | ||
1641 | CAMELLIA_SUBKEY_L(6),CAMELLIA_SUBKEY_R(6), | ||
1642 | io[0],io[1],il,ir,t0,t1); | ||
1643 | CAMELLIA_ROUNDSM(io[0],io[1], | ||
1644 | CAMELLIA_SUBKEY_L(5),CAMELLIA_SUBKEY_R(5), | ||
1645 | io[2],io[3],il,ir,t0,t1); | ||
1646 | CAMELLIA_ROUNDSM(io[2],io[3], | ||
1647 | CAMELLIA_SUBKEY_L(4),CAMELLIA_SUBKEY_R(4), | ||
1648 | io[0],io[1],il,ir,t0,t1); | ||
1649 | CAMELLIA_ROUNDSM(io[0],io[1], | ||
1650 | CAMELLIA_SUBKEY_L(3),CAMELLIA_SUBKEY_R(3), | ||
1651 | io[2],io[3],il,ir,t0,t1); | ||
1652 | CAMELLIA_ROUNDSM(io[2],io[3], | ||
1653 | CAMELLIA_SUBKEY_L(2),CAMELLIA_SUBKEY_R(2), | ||
1654 | io[0],io[1],il,ir,t0,t1); | ||
1655 | |||
1656 | /* post whitening but kw4 */ | ||
1657 | io[2] ^= CAMELLIA_SUBKEY_L(0); | ||
1658 | io[3] ^= CAMELLIA_SUBKEY_R(0); | ||
1659 | |||
1660 | t0 = io[0]; | ||
1661 | t1 = io[1]; | ||
1662 | io[0] = io[2]; | ||
1663 | io[1] = io[3]; | ||
1664 | io[2] = t0; | ||
1665 | io[3] = t1; | ||
1666 | |||
1667 | io_text[0] = cpu_to_be32(io[0]); | ||
1668 | io_text[1] = cpu_to_be32(io[1]); | ||
1669 | io_text[2] = cpu_to_be32(io[2]); | ||
1670 | io_text[3] = cpu_to_be32(io[3]); | ||
1671 | |||
1672 | return; | ||
1673 | } | ||
1674 | |||
1675 | |||
1676 | static int | ||
1677 | camellia_set_key(struct crypto_tfm *tfm, const u8 *in_key, | ||
1678 | unsigned int key_len) | ||
1679 | { | ||
1680 | struct camellia_ctx *cctx = crypto_tfm_ctx(tfm); | ||
1681 | const unsigned char *key = (const unsigned char *)in_key; | ||
1682 | u32 *flags = &tfm->crt_flags; | ||
1683 | |||
1684 | if (key_len != 16 && key_len != 24 && key_len != 32) { | ||
1685 | *flags |= CRYPTO_TFM_RES_BAD_KEY_LEN; | ||
1686 | return -EINVAL; | ||
1687 | } | ||
1688 | |||
1689 | cctx->key_length = key_len; | ||
1690 | |||
1691 | switch(key_len) { | ||
1692 | case 16: | ||
1693 | camellia_setup128(key, cctx->key_table); | ||
1694 | break; | ||
1695 | case 24: | ||
1696 | camellia_setup192(key, cctx->key_table); | ||
1697 | break; | ||
1698 | case 32: | ||
1699 | camellia_setup256(key, cctx->key_table); | ||
1700 | break; | ||
1701 | default: | ||
1702 | break; | ||
1703 | } | ||
1704 | |||
1705 | return 0; | ||
1706 | } | ||
1707 | |||
1708 | |||
1709 | static void camellia_encrypt(struct crypto_tfm *tfm, u8 *out, const u8 *in) | ||
1710 | { | ||
1711 | const struct camellia_ctx *cctx = crypto_tfm_ctx(tfm); | ||
1712 | const __be32 *src = (const __be32 *)in; | ||
1713 | __be32 *dst = (__be32 *)out; | ||
1714 | |||
1715 | __be32 tmp[4]; | ||
1716 | |||
1717 | memcpy(tmp, src, CAMELLIA_BLOCK_SIZE); | ||
1718 | |||
1719 | switch (cctx->key_length) { | ||
1720 | case 16: | ||
1721 | camellia_encrypt128(cctx->key_table, tmp); | ||
1722 | break; | ||
1723 | case 24: | ||
1724 | /* fall through */ | ||
1725 | case 32: | ||
1726 | camellia_encrypt256(cctx->key_table, tmp); | ||
1727 | break; | ||
1728 | default: | ||
1729 | break; | ||
1730 | } | ||
1731 | |||
1732 | memcpy(dst, tmp, CAMELLIA_BLOCK_SIZE); | ||
1733 | } | ||
1734 | |||
1735 | |||
1736 | static void camellia_decrypt(struct crypto_tfm *tfm, u8 *out, const u8 *in) | ||
1737 | { | ||
1738 | const struct camellia_ctx *cctx = crypto_tfm_ctx(tfm); | ||
1739 | const __be32 *src = (const __be32 *)in; | ||
1740 | __be32 *dst = (__be32 *)out; | ||
1741 | |||
1742 | __be32 tmp[4]; | ||
1743 | |||
1744 | memcpy(tmp, src, CAMELLIA_BLOCK_SIZE); | ||
1745 | |||
1746 | switch (cctx->key_length) { | ||
1747 | case 16: | ||
1748 | camellia_decrypt128(cctx->key_table, tmp); | ||
1749 | break; | ||
1750 | case 24: | ||
1751 | /* fall through */ | ||
1752 | case 32: | ||
1753 | camellia_decrypt256(cctx->key_table, tmp); | ||
1754 | break; | ||
1755 | default: | ||
1756 | break; | ||
1757 | } | ||
1758 | |||
1759 | memcpy(dst, tmp, CAMELLIA_BLOCK_SIZE); | ||
1760 | } | ||
1761 | |||
1762 | |||
1763 | static struct crypto_alg camellia_alg = { | ||
1764 | .cra_name = "camellia", | ||
1765 | .cra_driver_name = "camellia-generic", | ||
1766 | .cra_priority = 100, | ||
1767 | .cra_flags = CRYPTO_ALG_TYPE_CIPHER, | ||
1768 | .cra_blocksize = CAMELLIA_BLOCK_SIZE, | ||
1769 | .cra_ctxsize = sizeof(struct camellia_ctx), | ||
1770 | .cra_alignmask = 3, | ||
1771 | .cra_module = THIS_MODULE, | ||
1772 | .cra_list = LIST_HEAD_INIT(camellia_alg.cra_list), | ||
1773 | .cra_u = { | ||
1774 | .cipher = { | ||
1775 | .cia_min_keysize = CAMELLIA_MIN_KEY_SIZE, | ||
1776 | .cia_max_keysize = CAMELLIA_MAX_KEY_SIZE, | ||
1777 | .cia_setkey = camellia_set_key, | ||
1778 | .cia_encrypt = camellia_encrypt, | ||
1779 | .cia_decrypt = camellia_decrypt | ||
1780 | } | ||
1781 | } | ||
1782 | }; | ||
1783 | |||
1784 | static int __init camellia_init(void) | ||
1785 | { | ||
1786 | return crypto_register_alg(&camellia_alg); | ||
1787 | } | ||
1788 | |||
1789 | |||
1790 | static void __exit camellia_fini(void) | ||
1791 | { | ||
1792 | crypto_unregister_alg(&camellia_alg); | ||
1793 | } | ||
1794 | |||
1795 | |||
1796 | module_init(camellia_init); | ||
1797 | module_exit(camellia_fini); | ||
1798 | |||
1799 | |||
1800 | MODULE_DESCRIPTION("Camellia Cipher Algorithm"); | ||
1801 | MODULE_LICENSE("GPL"); | ||
diff --git a/crypto/cbc.c b/crypto/cbc.c index f5542b4db387..136fea7e7000 100644 --- a/crypto/cbc.c +++ b/crypto/cbc.c | |||
@@ -243,6 +243,7 @@ static int crypto_cbc_init_tfm(struct crypto_tfm *tfm) | |||
243 | struct crypto_instance *inst = (void *)tfm->__crt_alg; | 243 | struct crypto_instance *inst = (void *)tfm->__crt_alg; |
244 | struct crypto_spawn *spawn = crypto_instance_ctx(inst); | 244 | struct crypto_spawn *spawn = crypto_instance_ctx(inst); |
245 | struct crypto_cbc_ctx *ctx = crypto_tfm_ctx(tfm); | 245 | struct crypto_cbc_ctx *ctx = crypto_tfm_ctx(tfm); |
246 | struct crypto_cipher *cipher; | ||
246 | 247 | ||
247 | switch (crypto_tfm_alg_blocksize(tfm)) { | 248 | switch (crypto_tfm_alg_blocksize(tfm)) { |
248 | case 8: | 249 | case 8: |
@@ -260,11 +261,11 @@ static int crypto_cbc_init_tfm(struct crypto_tfm *tfm) | |||
260 | ctx->xor = xor_quad; | 261 | ctx->xor = xor_quad; |
261 | } | 262 | } |
262 | 263 | ||
263 | tfm = crypto_spawn_tfm(spawn); | 264 | cipher = crypto_spawn_cipher(spawn); |
264 | if (IS_ERR(tfm)) | 265 | if (IS_ERR(cipher)) |
265 | return PTR_ERR(tfm); | 266 | return PTR_ERR(cipher); |
266 | 267 | ||
267 | ctx->child = crypto_cipher_cast(tfm); | 268 | ctx->child = cipher; |
268 | return 0; | 269 | return 0; |
269 | } | 270 | } |
270 | 271 | ||
diff --git a/crypto/cipher.c b/crypto/cipher.c index 9e03701cfdcc..333aab2f0277 100644 --- a/crypto/cipher.c +++ b/crypto/cipher.c | |||
@@ -12,274 +12,13 @@ | |||
12 | * any later version. | 12 | * any later version. |
13 | * | 13 | * |
14 | */ | 14 | */ |
15 | #include <linux/compiler.h> | 15 | |
16 | #include <linux/kernel.h> | 16 | #include <linux/kernel.h> |
17 | #include <linux/crypto.h> | 17 | #include <linux/crypto.h> |
18 | #include <linux/errno.h> | 18 | #include <linux/errno.h> |
19 | #include <linux/mm.h> | 19 | #include <linux/scatterlist.h> |
20 | #include <linux/slab.h> | ||
21 | #include <linux/string.h> | 20 | #include <linux/string.h> |
22 | #include <asm/scatterlist.h> | ||
23 | #include "internal.h" | 21 | #include "internal.h" |
24 | #include "scatterwalk.h" | ||
25 | |||
26 | struct cipher_alg_compat { | ||
27 | unsigned int cia_min_keysize; | ||
28 | unsigned int cia_max_keysize; | ||
29 | int (*cia_setkey)(struct crypto_tfm *tfm, const u8 *key, | ||
30 | unsigned int keylen); | ||
31 | void (*cia_encrypt)(struct crypto_tfm *tfm, u8 *dst, const u8 *src); | ||
32 | void (*cia_decrypt)(struct crypto_tfm *tfm, u8 *dst, const u8 *src); | ||
33 | |||
34 | unsigned int (*cia_encrypt_ecb)(const struct cipher_desc *desc, | ||
35 | u8 *dst, const u8 *src, | ||
36 | unsigned int nbytes); | ||
37 | unsigned int (*cia_decrypt_ecb)(const struct cipher_desc *desc, | ||
38 | u8 *dst, const u8 *src, | ||
39 | unsigned int nbytes); | ||
40 | unsigned int (*cia_encrypt_cbc)(const struct cipher_desc *desc, | ||
41 | u8 *dst, const u8 *src, | ||
42 | unsigned int nbytes); | ||
43 | unsigned int (*cia_decrypt_cbc)(const struct cipher_desc *desc, | ||
44 | u8 *dst, const u8 *src, | ||
45 | unsigned int nbytes); | ||
46 | }; | ||
47 | |||
48 | static inline void xor_64(u8 *a, const u8 *b) | ||
49 | { | ||
50 | ((u32 *)a)[0] ^= ((u32 *)b)[0]; | ||
51 | ((u32 *)a)[1] ^= ((u32 *)b)[1]; | ||
52 | } | ||
53 | |||
54 | static inline void xor_128(u8 *a, const u8 *b) | ||
55 | { | ||
56 | ((u32 *)a)[0] ^= ((u32 *)b)[0]; | ||
57 | ((u32 *)a)[1] ^= ((u32 *)b)[1]; | ||
58 | ((u32 *)a)[2] ^= ((u32 *)b)[2]; | ||
59 | ((u32 *)a)[3] ^= ((u32 *)b)[3]; | ||
60 | } | ||
61 | |||
62 | static unsigned int crypt_slow(const struct cipher_desc *desc, | ||
63 | struct scatter_walk *in, | ||
64 | struct scatter_walk *out, unsigned int bsize) | ||
65 | { | ||
66 | unsigned long alignmask = crypto_tfm_alg_alignmask(desc->tfm); | ||
67 | u8 buffer[bsize * 2 + alignmask]; | ||
68 | u8 *src = (u8 *)ALIGN((unsigned long)buffer, alignmask + 1); | ||
69 | u8 *dst = src + bsize; | ||
70 | |||
71 | scatterwalk_copychunks(src, in, bsize, 0); | ||
72 | desc->prfn(desc, dst, src, bsize); | ||
73 | scatterwalk_copychunks(dst, out, bsize, 1); | ||
74 | |||
75 | return bsize; | ||
76 | } | ||
77 | |||
78 | static inline unsigned int crypt_fast(const struct cipher_desc *desc, | ||
79 | struct scatter_walk *in, | ||
80 | struct scatter_walk *out, | ||
81 | unsigned int nbytes, u8 *tmp) | ||
82 | { | ||
83 | u8 *src, *dst; | ||
84 | u8 *real_src, *real_dst; | ||
85 | |||
86 | real_src = scatterwalk_map(in, 0); | ||
87 | real_dst = scatterwalk_map(out, 1); | ||
88 | |||
89 | src = real_src; | ||
90 | dst = scatterwalk_samebuf(in, out) ? src : real_dst; | ||
91 | |||
92 | if (tmp) { | ||
93 | memcpy(tmp, src, nbytes); | ||
94 | src = tmp; | ||
95 | dst = tmp; | ||
96 | } | ||
97 | |||
98 | nbytes = desc->prfn(desc, dst, src, nbytes); | ||
99 | |||
100 | if (tmp) | ||
101 | memcpy(real_dst, tmp, nbytes); | ||
102 | |||
103 | scatterwalk_unmap(real_src, 0); | ||
104 | scatterwalk_unmap(real_dst, 1); | ||
105 | |||
106 | scatterwalk_advance(in, nbytes); | ||
107 | scatterwalk_advance(out, nbytes); | ||
108 | |||
109 | return nbytes; | ||
110 | } | ||
111 | |||
112 | /* | ||
113 | * Generic encrypt/decrypt wrapper for ciphers, handles operations across | ||
114 | * multiple page boundaries by using temporary blocks. In user context, | ||
115 | * the kernel is given a chance to schedule us once per page. | ||
116 | */ | ||
117 | static int crypt(const struct cipher_desc *desc, | ||
118 | struct scatterlist *dst, | ||
119 | struct scatterlist *src, | ||
120 | unsigned int nbytes) | ||
121 | { | ||
122 | struct scatter_walk walk_in, walk_out; | ||
123 | struct crypto_tfm *tfm = desc->tfm; | ||
124 | const unsigned int bsize = crypto_tfm_alg_blocksize(tfm); | ||
125 | unsigned int alignmask = crypto_tfm_alg_alignmask(tfm); | ||
126 | unsigned long buffer = 0; | ||
127 | |||
128 | if (!nbytes) | ||
129 | return 0; | ||
130 | |||
131 | if (nbytes % bsize) { | ||
132 | tfm->crt_flags |= CRYPTO_TFM_RES_BAD_BLOCK_LEN; | ||
133 | return -EINVAL; | ||
134 | } | ||
135 | |||
136 | scatterwalk_start(&walk_in, src); | ||
137 | scatterwalk_start(&walk_out, dst); | ||
138 | |||
139 | for(;;) { | ||
140 | unsigned int n = nbytes; | ||
141 | u8 *tmp = NULL; | ||
142 | |||
143 | if (!scatterwalk_aligned(&walk_in, alignmask) || | ||
144 | !scatterwalk_aligned(&walk_out, alignmask)) { | ||
145 | if (!buffer) { | ||
146 | buffer = __get_free_page(GFP_ATOMIC); | ||
147 | if (!buffer) | ||
148 | n = 0; | ||
149 | } | ||
150 | tmp = (u8 *)buffer; | ||
151 | } | ||
152 | |||
153 | n = scatterwalk_clamp(&walk_in, n); | ||
154 | n = scatterwalk_clamp(&walk_out, n); | ||
155 | |||
156 | if (likely(n >= bsize)) | ||
157 | n = crypt_fast(desc, &walk_in, &walk_out, n, tmp); | ||
158 | else | ||
159 | n = crypt_slow(desc, &walk_in, &walk_out, bsize); | ||
160 | |||
161 | nbytes -= n; | ||
162 | |||
163 | scatterwalk_done(&walk_in, 0, nbytes); | ||
164 | scatterwalk_done(&walk_out, 1, nbytes); | ||
165 | |||
166 | if (!nbytes) | ||
167 | break; | ||
168 | |||
169 | crypto_yield(tfm->crt_flags); | ||
170 | } | ||
171 | |||
172 | if (buffer) | ||
173 | free_page(buffer); | ||
174 | |||
175 | return 0; | ||
176 | } | ||
177 | |||
178 | static int crypt_iv_unaligned(struct cipher_desc *desc, | ||
179 | struct scatterlist *dst, | ||
180 | struct scatterlist *src, | ||
181 | unsigned int nbytes) | ||
182 | { | ||
183 | struct crypto_tfm *tfm = desc->tfm; | ||
184 | unsigned long alignmask = crypto_tfm_alg_alignmask(tfm); | ||
185 | u8 *iv = desc->info; | ||
186 | |||
187 | if (unlikely(((unsigned long)iv & alignmask))) { | ||
188 | unsigned int ivsize = tfm->crt_cipher.cit_ivsize; | ||
189 | u8 buffer[ivsize + alignmask]; | ||
190 | u8 *tmp = (u8 *)ALIGN((unsigned long)buffer, alignmask + 1); | ||
191 | int err; | ||
192 | |||
193 | desc->info = memcpy(tmp, iv, ivsize); | ||
194 | err = crypt(desc, dst, src, nbytes); | ||
195 | memcpy(iv, tmp, ivsize); | ||
196 | |||
197 | return err; | ||
198 | } | ||
199 | |||
200 | return crypt(desc, dst, src, nbytes); | ||
201 | } | ||
202 | |||
203 | static unsigned int cbc_process_encrypt(const struct cipher_desc *desc, | ||
204 | u8 *dst, const u8 *src, | ||
205 | unsigned int nbytes) | ||
206 | { | ||
207 | struct crypto_tfm *tfm = desc->tfm; | ||
208 | void (*xor)(u8 *, const u8 *) = tfm->crt_u.cipher.cit_xor_block; | ||
209 | int bsize = crypto_tfm_alg_blocksize(tfm); | ||
210 | |||
211 | void (*fn)(struct crypto_tfm *, u8 *, const u8 *) = desc->crfn; | ||
212 | u8 *iv = desc->info; | ||
213 | unsigned int done = 0; | ||
214 | |||
215 | nbytes -= bsize; | ||
216 | |||
217 | do { | ||
218 | xor(iv, src); | ||
219 | fn(tfm, dst, iv); | ||
220 | memcpy(iv, dst, bsize); | ||
221 | |||
222 | src += bsize; | ||
223 | dst += bsize; | ||
224 | } while ((done += bsize) <= nbytes); | ||
225 | |||
226 | return done; | ||
227 | } | ||
228 | |||
229 | static unsigned int cbc_process_decrypt(const struct cipher_desc *desc, | ||
230 | u8 *dst, const u8 *src, | ||
231 | unsigned int nbytes) | ||
232 | { | ||
233 | struct crypto_tfm *tfm = desc->tfm; | ||
234 | void (*xor)(u8 *, const u8 *) = tfm->crt_u.cipher.cit_xor_block; | ||
235 | int bsize = crypto_tfm_alg_blocksize(tfm); | ||
236 | unsigned long alignmask = crypto_tfm_alg_alignmask(desc->tfm); | ||
237 | |||
238 | u8 stack[src == dst ? bsize + alignmask : 0]; | ||
239 | u8 *buf = (u8 *)ALIGN((unsigned long)stack, alignmask + 1); | ||
240 | u8 **dst_p = src == dst ? &buf : &dst; | ||
241 | |||
242 | void (*fn)(struct crypto_tfm *, u8 *, const u8 *) = desc->crfn; | ||
243 | u8 *iv = desc->info; | ||
244 | unsigned int done = 0; | ||
245 | |||
246 | nbytes -= bsize; | ||
247 | |||
248 | do { | ||
249 | u8 *tmp_dst = *dst_p; | ||
250 | |||
251 | fn(tfm, tmp_dst, src); | ||
252 | xor(tmp_dst, iv); | ||
253 | memcpy(iv, src, bsize); | ||
254 | if (tmp_dst != dst) | ||
255 | memcpy(dst, tmp_dst, bsize); | ||
256 | |||
257 | src += bsize; | ||
258 | dst += bsize; | ||
259 | } while ((done += bsize) <= nbytes); | ||
260 | |||
261 | return done; | ||
262 | } | ||
263 | |||
264 | static unsigned int ecb_process(const struct cipher_desc *desc, u8 *dst, | ||
265 | const u8 *src, unsigned int nbytes) | ||
266 | { | ||
267 | struct crypto_tfm *tfm = desc->tfm; | ||
268 | int bsize = crypto_tfm_alg_blocksize(tfm); | ||
269 | void (*fn)(struct crypto_tfm *, u8 *, const u8 *) = desc->crfn; | ||
270 | unsigned int done = 0; | ||
271 | |||
272 | nbytes -= bsize; | ||
273 | |||
274 | do { | ||
275 | fn(tfm, dst, src); | ||
276 | |||
277 | src += bsize; | ||
278 | dst += bsize; | ||
279 | } while ((done += bsize) <= nbytes); | ||
280 | |||
281 | return done; | ||
282 | } | ||
283 | 22 | ||
284 | static int setkey(struct crypto_tfm *tfm, const u8 *key, unsigned int keylen) | 23 | static int setkey(struct crypto_tfm *tfm, const u8 *key, unsigned int keylen) |
285 | { | 24 | { |
@@ -293,122 +32,6 @@ static int setkey(struct crypto_tfm *tfm, const u8 *key, unsigned int keylen) | |||
293 | return cia->cia_setkey(tfm, key, keylen); | 32 | return cia->cia_setkey(tfm, key, keylen); |
294 | } | 33 | } |
295 | 34 | ||
296 | static int ecb_encrypt(struct crypto_tfm *tfm, | ||
297 | struct scatterlist *dst, | ||
298 | struct scatterlist *src, unsigned int nbytes) | ||
299 | { | ||
300 | struct cipher_desc desc; | ||
301 | struct cipher_alg_compat *cipher = (void *)&tfm->__crt_alg->cra_cipher; | ||
302 | |||
303 | desc.tfm = tfm; | ||
304 | desc.crfn = cipher->cia_encrypt; | ||
305 | desc.prfn = cipher->cia_encrypt_ecb ?: ecb_process; | ||
306 | |||
307 | return crypt(&desc, dst, src, nbytes); | ||
308 | } | ||
309 | |||
310 | static int ecb_decrypt(struct crypto_tfm *tfm, | ||
311 | struct scatterlist *dst, | ||
312 | struct scatterlist *src, | ||
313 | unsigned int nbytes) | ||
314 | { | ||
315 | struct cipher_desc desc; | ||
316 | struct cipher_alg_compat *cipher = (void *)&tfm->__crt_alg->cra_cipher; | ||
317 | |||
318 | desc.tfm = tfm; | ||
319 | desc.crfn = cipher->cia_decrypt; | ||
320 | desc.prfn = cipher->cia_decrypt_ecb ?: ecb_process; | ||
321 | |||
322 | return crypt(&desc, dst, src, nbytes); | ||
323 | } | ||
324 | |||
325 | static int cbc_encrypt(struct crypto_tfm *tfm, | ||
326 | struct scatterlist *dst, | ||
327 | struct scatterlist *src, | ||
328 | unsigned int nbytes) | ||
329 | { | ||
330 | struct cipher_desc desc; | ||
331 | struct cipher_alg_compat *cipher = (void *)&tfm->__crt_alg->cra_cipher; | ||
332 | |||
333 | desc.tfm = tfm; | ||
334 | desc.crfn = cipher->cia_encrypt; | ||
335 | desc.prfn = cipher->cia_encrypt_cbc ?: cbc_process_encrypt; | ||
336 | desc.info = tfm->crt_cipher.cit_iv; | ||
337 | |||
338 | return crypt(&desc, dst, src, nbytes); | ||
339 | } | ||
340 | |||
341 | static int cbc_encrypt_iv(struct crypto_tfm *tfm, | ||
342 | struct scatterlist *dst, | ||
343 | struct scatterlist *src, | ||
344 | unsigned int nbytes, u8 *iv) | ||
345 | { | ||
346 | struct cipher_desc desc; | ||
347 | struct cipher_alg_compat *cipher = (void *)&tfm->__crt_alg->cra_cipher; | ||
348 | |||
349 | desc.tfm = tfm; | ||
350 | desc.crfn = cipher->cia_encrypt; | ||
351 | desc.prfn = cipher->cia_encrypt_cbc ?: cbc_process_encrypt; | ||
352 | desc.info = iv; | ||
353 | |||
354 | return crypt_iv_unaligned(&desc, dst, src, nbytes); | ||
355 | } | ||
356 | |||
357 | static int cbc_decrypt(struct crypto_tfm *tfm, | ||
358 | struct scatterlist *dst, | ||
359 | struct scatterlist *src, | ||
360 | unsigned int nbytes) | ||
361 | { | ||
362 | struct cipher_desc desc; | ||
363 | struct cipher_alg_compat *cipher = (void *)&tfm->__crt_alg->cra_cipher; | ||
364 | |||
365 | desc.tfm = tfm; | ||
366 | desc.crfn = cipher->cia_decrypt; | ||
367 | desc.prfn = cipher->cia_decrypt_cbc ?: cbc_process_decrypt; | ||
368 | desc.info = tfm->crt_cipher.cit_iv; | ||
369 | |||
370 | return crypt(&desc, dst, src, nbytes); | ||
371 | } | ||
372 | |||
373 | static int cbc_decrypt_iv(struct crypto_tfm *tfm, | ||
374 | struct scatterlist *dst, | ||
375 | struct scatterlist *src, | ||
376 | unsigned int nbytes, u8 *iv) | ||
377 | { | ||
378 | struct cipher_desc desc; | ||
379 | struct cipher_alg_compat *cipher = (void *)&tfm->__crt_alg->cra_cipher; | ||
380 | |||
381 | desc.tfm = tfm; | ||
382 | desc.crfn = cipher->cia_decrypt; | ||
383 | desc.prfn = cipher->cia_decrypt_cbc ?: cbc_process_decrypt; | ||
384 | desc.info = iv; | ||
385 | |||
386 | return crypt_iv_unaligned(&desc, dst, src, nbytes); | ||
387 | } | ||
388 | |||
389 | static int nocrypt(struct crypto_tfm *tfm, | ||
390 | struct scatterlist *dst, | ||
391 | struct scatterlist *src, | ||
392 | unsigned int nbytes) | ||
393 | { | ||
394 | return -ENOSYS; | ||
395 | } | ||
396 | |||
397 | static int nocrypt_iv(struct crypto_tfm *tfm, | ||
398 | struct scatterlist *dst, | ||
399 | struct scatterlist *src, | ||
400 | unsigned int nbytes, u8 *iv) | ||
401 | { | ||
402 | return -ENOSYS; | ||
403 | } | ||
404 | |||
405 | int crypto_init_cipher_flags(struct crypto_tfm *tfm, u32 flags) | ||
406 | { | ||
407 | u32 mode = flags & CRYPTO_TFM_MODE_MASK; | ||
408 | tfm->crt_cipher.cit_mode = mode ? mode : CRYPTO_TFM_MODE_ECB; | ||
409 | return 0; | ||
410 | } | ||
411 | |||
412 | static void cipher_crypt_unaligned(void (*fn)(struct crypto_tfm *, u8 *, | 35 | static void cipher_crypt_unaligned(void (*fn)(struct crypto_tfm *, u8 *, |
413 | const u8 *), | 36 | const u8 *), |
414 | struct crypto_tfm *tfm, | 37 | struct crypto_tfm *tfm, |
@@ -454,7 +77,6 @@ static void cipher_decrypt_unaligned(struct crypto_tfm *tfm, | |||
454 | 77 | ||
455 | int crypto_init_cipher_ops(struct crypto_tfm *tfm) | 78 | int crypto_init_cipher_ops(struct crypto_tfm *tfm) |
456 | { | 79 | { |
457 | int ret = 0; | ||
458 | struct cipher_tfm *ops = &tfm->crt_cipher; | 80 | struct cipher_tfm *ops = &tfm->crt_cipher; |
459 | struct cipher_alg *cipher = &tfm->__crt_alg->cra_cipher; | 81 | struct cipher_alg *cipher = &tfm->__crt_alg->cra_cipher; |
460 | 82 | ||
@@ -464,70 +86,7 @@ int crypto_init_cipher_ops(struct crypto_tfm *tfm) | |||
464 | ops->cit_decrypt_one = crypto_tfm_alg_alignmask(tfm) ? | 86 | ops->cit_decrypt_one = crypto_tfm_alg_alignmask(tfm) ? |
465 | cipher_decrypt_unaligned : cipher->cia_decrypt; | 87 | cipher_decrypt_unaligned : cipher->cia_decrypt; |
466 | 88 | ||
467 | switch (tfm->crt_cipher.cit_mode) { | 89 | return 0; |
468 | case CRYPTO_TFM_MODE_ECB: | ||
469 | ops->cit_encrypt = ecb_encrypt; | ||
470 | ops->cit_decrypt = ecb_decrypt; | ||
471 | ops->cit_encrypt_iv = nocrypt_iv; | ||
472 | ops->cit_decrypt_iv = nocrypt_iv; | ||
473 | break; | ||
474 | |||
475 | case CRYPTO_TFM_MODE_CBC: | ||
476 | ops->cit_encrypt = cbc_encrypt; | ||
477 | ops->cit_decrypt = cbc_decrypt; | ||
478 | ops->cit_encrypt_iv = cbc_encrypt_iv; | ||
479 | ops->cit_decrypt_iv = cbc_decrypt_iv; | ||
480 | break; | ||
481 | |||
482 | case CRYPTO_TFM_MODE_CFB: | ||
483 | ops->cit_encrypt = nocrypt; | ||
484 | ops->cit_decrypt = nocrypt; | ||
485 | ops->cit_encrypt_iv = nocrypt_iv; | ||
486 | ops->cit_decrypt_iv = nocrypt_iv; | ||
487 | break; | ||
488 | |||
489 | case CRYPTO_TFM_MODE_CTR: | ||
490 | ops->cit_encrypt = nocrypt; | ||
491 | ops->cit_decrypt = nocrypt; | ||
492 | ops->cit_encrypt_iv = nocrypt_iv; | ||
493 | ops->cit_decrypt_iv = nocrypt_iv; | ||
494 | break; | ||
495 | |||
496 | default: | ||
497 | BUG(); | ||
498 | } | ||
499 | |||
500 | if (ops->cit_mode == CRYPTO_TFM_MODE_CBC) { | ||
501 | unsigned long align; | ||
502 | unsigned long addr; | ||
503 | |||
504 | switch (crypto_tfm_alg_blocksize(tfm)) { | ||
505 | case 8: | ||
506 | ops->cit_xor_block = xor_64; | ||
507 | break; | ||
508 | |||
509 | case 16: | ||
510 | ops->cit_xor_block = xor_128; | ||
511 | break; | ||
512 | |||
513 | default: | ||
514 | printk(KERN_WARNING "%s: block size %u not supported\n", | ||
515 | crypto_tfm_alg_name(tfm), | ||
516 | crypto_tfm_alg_blocksize(tfm)); | ||
517 | ret = -EINVAL; | ||
518 | goto out; | ||
519 | } | ||
520 | |||
521 | ops->cit_ivsize = crypto_tfm_alg_blocksize(tfm); | ||
522 | align = crypto_tfm_alg_alignmask(tfm) + 1; | ||
523 | addr = (unsigned long)crypto_tfm_ctx(tfm); | ||
524 | addr = ALIGN(addr, align); | ||
525 | addr += ALIGN(tfm->__crt_alg->cra_ctxsize, align); | ||
526 | ops->cit_iv = (void *)addr; | ||
527 | } | ||
528 | |||
529 | out: | ||
530 | return ret; | ||
531 | } | 90 | } |
532 | 91 | ||
533 | void crypto_exit_cipher_ops(struct crypto_tfm *tfm) | 92 | void crypto_exit_cipher_ops(struct crypto_tfm *tfm) |
diff --git a/crypto/compress.c b/crypto/compress.c index eca182aa3380..0a6570048c1e 100644 --- a/crypto/compress.c +++ b/crypto/compress.c | |||
@@ -34,11 +34,6 @@ static int crypto_decompress(struct crypto_tfm *tfm, | |||
34 | dlen); | 34 | dlen); |
35 | } | 35 | } |
36 | 36 | ||
37 | int crypto_init_compress_flags(struct crypto_tfm *tfm, u32 flags) | ||
38 | { | ||
39 | return flags ? -EINVAL : 0; | ||
40 | } | ||
41 | |||
42 | int crypto_init_compress_ops(struct crypto_tfm *tfm) | 37 | int crypto_init_compress_ops(struct crypto_tfm *tfm) |
43 | { | 38 | { |
44 | struct compress_tfm *ops = &tfm->crt_compress; | 39 | struct compress_tfm *ops = &tfm->crt_compress; |
diff --git a/crypto/digest.c b/crypto/digest.c index 8f4593268ce0..1bf7414aeb9e 100644 --- a/crypto/digest.c +++ b/crypto/digest.c | |||
@@ -14,7 +14,9 @@ | |||
14 | 14 | ||
15 | #include <linux/mm.h> | 15 | #include <linux/mm.h> |
16 | #include <linux/errno.h> | 16 | #include <linux/errno.h> |
17 | #include <linux/hardirq.h> | ||
17 | #include <linux/highmem.h> | 18 | #include <linux/highmem.h> |
19 | #include <linux/kernel.h> | ||
18 | #include <linux/module.h> | 20 | #include <linux/module.h> |
19 | #include <linux/scatterlist.h> | 21 | #include <linux/scatterlist.h> |
20 | 22 | ||
@@ -29,8 +31,8 @@ static int init(struct hash_desc *desc) | |||
29 | return 0; | 31 | return 0; |
30 | } | 32 | } |
31 | 33 | ||
32 | static int update(struct hash_desc *desc, | 34 | static int update2(struct hash_desc *desc, |
33 | struct scatterlist *sg, unsigned int nbytes) | 35 | struct scatterlist *sg, unsigned int nbytes) |
34 | { | 36 | { |
35 | struct crypto_tfm *tfm = crypto_hash_tfm(desc->tfm); | 37 | struct crypto_tfm *tfm = crypto_hash_tfm(desc->tfm); |
36 | unsigned int alignmask = crypto_tfm_alg_alignmask(tfm); | 38 | unsigned int alignmask = crypto_tfm_alg_alignmask(tfm); |
@@ -81,6 +83,14 @@ static int update(struct hash_desc *desc, | |||
81 | return 0; | 83 | return 0; |
82 | } | 84 | } |
83 | 85 | ||
86 | static int update(struct hash_desc *desc, | ||
87 | struct scatterlist *sg, unsigned int nbytes) | ||
88 | { | ||
89 | if (WARN_ON_ONCE(in_irq())) | ||
90 | return -EDEADLK; | ||
91 | return update2(desc, sg, nbytes); | ||
92 | } | ||
93 | |||
84 | static int final(struct hash_desc *desc, u8 *out) | 94 | static int final(struct hash_desc *desc, u8 *out) |
85 | { | 95 | { |
86 | struct crypto_tfm *tfm = crypto_hash_tfm(desc->tfm); | 96 | struct crypto_tfm *tfm = crypto_hash_tfm(desc->tfm); |
@@ -118,16 +128,14 @@ static int setkey(struct crypto_hash *hash, const u8 *key, unsigned int keylen) | |||
118 | static int digest(struct hash_desc *desc, | 128 | static int digest(struct hash_desc *desc, |
119 | struct scatterlist *sg, unsigned int nbytes, u8 *out) | 129 | struct scatterlist *sg, unsigned int nbytes, u8 *out) |
120 | { | 130 | { |
131 | if (WARN_ON_ONCE(in_irq())) | ||
132 | return -EDEADLK; | ||
133 | |||
121 | init(desc); | 134 | init(desc); |
122 | update(desc, sg, nbytes); | 135 | update2(desc, sg, nbytes); |
123 | return final(desc, out); | 136 | return final(desc, out); |
124 | } | 137 | } |
125 | 138 | ||
126 | int crypto_init_digest_flags(struct crypto_tfm *tfm, u32 flags) | ||
127 | { | ||
128 | return flags ? -EINVAL : 0; | ||
129 | } | ||
130 | |||
131 | int crypto_init_digest_ops(struct crypto_tfm *tfm) | 139 | int crypto_init_digest_ops(struct crypto_tfm *tfm) |
132 | { | 140 | { |
133 | struct hash_tfm *ops = &tfm->crt_hash; | 141 | struct hash_tfm *ops = &tfm->crt_hash; |
diff --git a/crypto/ecb.c b/crypto/ecb.c index f239aa9c4017..839a0aed8c22 100644 --- a/crypto/ecb.c +++ b/crypto/ecb.c | |||
@@ -99,12 +99,13 @@ static int crypto_ecb_init_tfm(struct crypto_tfm *tfm) | |||
99 | struct crypto_instance *inst = (void *)tfm->__crt_alg; | 99 | struct crypto_instance *inst = (void *)tfm->__crt_alg; |
100 | struct crypto_spawn *spawn = crypto_instance_ctx(inst); | 100 | struct crypto_spawn *spawn = crypto_instance_ctx(inst); |
101 | struct crypto_ecb_ctx *ctx = crypto_tfm_ctx(tfm); | 101 | struct crypto_ecb_ctx *ctx = crypto_tfm_ctx(tfm); |
102 | struct crypto_cipher *cipher; | ||
102 | 103 | ||
103 | tfm = crypto_spawn_tfm(spawn); | 104 | cipher = crypto_spawn_cipher(spawn); |
104 | if (IS_ERR(tfm)) | 105 | if (IS_ERR(cipher)) |
105 | return PTR_ERR(tfm); | 106 | return PTR_ERR(cipher); |
106 | 107 | ||
107 | ctx->child = crypto_cipher_cast(tfm); | 108 | ctx->child = cipher; |
108 | return 0; | 109 | return 0; |
109 | } | 110 | } |
110 | 111 | ||
diff --git a/crypto/fcrypt.c b/crypto/fcrypt.c new file mode 100644 index 000000000000..9c2bb535b09a --- /dev/null +++ b/crypto/fcrypt.c | |||
@@ -0,0 +1,423 @@ | |||
1 | /* FCrypt encryption algorithm | ||
2 | * | ||
3 | * Copyright (C) 2006 Red Hat, Inc. All Rights Reserved. | ||
4 | * Written by David Howells (dhowells@redhat.com) | ||
5 | * | ||
6 | * This program is free software; you can redistribute it and/or | ||
7 | * modify it under the terms of the GNU General Public License | ||
8 | * as published by the Free Software Foundation; either version | ||
9 | * 2 of the License, or (at your option) any later version. | ||
10 | * | ||
11 | * Based on code: | ||
12 | * | ||
13 | * Copyright (c) 1995 - 2000 Kungliga Tekniska Högskolan | ||
14 | * (Royal Institute of Technology, Stockholm, Sweden). | ||
15 | * All rights reserved. | ||
16 | * | ||
17 | * Redistribution and use in source and binary forms, with or without | ||
18 | * modification, are permitted provided that the following conditions | ||
19 | * are met: | ||
20 | * | ||
21 | * 1. Redistributions of source code must retain the above copyright | ||
22 | * notice, this list of conditions and the following disclaimer. | ||
23 | * | ||
24 | * 2. Redistributions in binary form must reproduce the above copyright | ||
25 | * notice, this list of conditions and the following disclaimer in the | ||
26 | * documentation and/or other materials provided with the distribution. | ||
27 | * | ||
28 | * 3. Neither the name of the Institute nor the names of its contributors | ||
29 | * may be used to endorse or promote products derived from this software | ||
30 | * without specific prior written permission. | ||
31 | * | ||
32 | * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND | ||
33 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
34 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | ||
35 | * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE | ||
36 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | ||
37 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | ||
38 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
39 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | ||
40 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | ||
41 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | ||
42 | * SUCH DAMAGE. | ||
43 | */ | ||
44 | |||
45 | #include <asm/byteorder.h> | ||
46 | #include <linux/bitops.h> | ||
47 | #include <linux/init.h> | ||
48 | #include <linux/module.h> | ||
49 | #include <linux/crypto.h> | ||
50 | |||
51 | #define ROUNDS 16 | ||
52 | |||
53 | struct fcrypt_ctx { | ||
54 | u32 sched[ROUNDS]; | ||
55 | }; | ||
56 | |||
57 | /* Rotate right two 32 bit numbers as a 56 bit number */ | ||
58 | #define ror56(hi, lo, n) \ | ||
59 | do { \ | ||
60 | u32 t = lo & ((1 << n) - 1); \ | ||
61 | lo = (lo >> n) | ((hi & ((1 << n) - 1)) << (32 - n)); \ | ||
62 | hi = (hi >> n) | (t << (24-n)); \ | ||
63 | } while(0) | ||
64 | |||
65 | /* Rotate right one 64 bit number as a 56 bit number */ | ||
66 | #define ror56_64(k, n) \ | ||
67 | do { \ | ||
68 | k = (k >> n) | ((k & ((1 << n) - 1)) << (56 - n)); \ | ||
69 | } while(0) | ||
70 | |||
71 | /* | ||
72 | * Sboxes for Feistel network derived from | ||
73 | * /afs/transarc.com/public/afsps/afs.rel31b.export-src/rxkad/sboxes.h | ||
74 | */ | ||
75 | #undef Z | ||
76 | #define Z(x) __constant_be32_to_cpu(x << 3) | ||
77 | static const u32 sbox0[256] = { | ||
78 | Z(0xea), Z(0x7f), Z(0xb2), Z(0x64), Z(0x9d), Z(0xb0), Z(0xd9), Z(0x11), | ||
79 | Z(0xcd), Z(0x86), Z(0x86), Z(0x91), Z(0x0a), Z(0xb2), Z(0x93), Z(0x06), | ||
80 | Z(0x0e), Z(0x06), Z(0xd2), Z(0x65), Z(0x73), Z(0xc5), Z(0x28), Z(0x60), | ||
81 | Z(0xf2), Z(0x20), Z(0xb5), Z(0x38), Z(0x7e), Z(0xda), Z(0x9f), Z(0xe3), | ||
82 | Z(0xd2), Z(0xcf), Z(0xc4), Z(0x3c), Z(0x61), Z(0xff), Z(0x4a), Z(0x4a), | ||
83 | Z(0x35), Z(0xac), Z(0xaa), Z(0x5f), Z(0x2b), Z(0xbb), Z(0xbc), Z(0x53), | ||
84 | Z(0x4e), Z(0x9d), Z(0x78), Z(0xa3), Z(0xdc), Z(0x09), Z(0x32), Z(0x10), | ||
85 | Z(0xc6), Z(0x6f), Z(0x66), Z(0xd6), Z(0xab), Z(0xa9), Z(0xaf), Z(0xfd), | ||
86 | Z(0x3b), Z(0x95), Z(0xe8), Z(0x34), Z(0x9a), Z(0x81), Z(0x72), Z(0x80), | ||
87 | Z(0x9c), Z(0xf3), Z(0xec), Z(0xda), Z(0x9f), Z(0x26), Z(0x76), Z(0x15), | ||
88 | Z(0x3e), Z(0x55), Z(0x4d), Z(0xde), Z(0x84), Z(0xee), Z(0xad), Z(0xc7), | ||
89 | Z(0xf1), Z(0x6b), Z(0x3d), Z(0xd3), Z(0x04), Z(0x49), Z(0xaa), Z(0x24), | ||
90 | Z(0x0b), Z(0x8a), Z(0x83), Z(0xba), Z(0xfa), Z(0x85), Z(0xa0), Z(0xa8), | ||
91 | Z(0xb1), Z(0xd4), Z(0x01), Z(0xd8), Z(0x70), Z(0x64), Z(0xf0), Z(0x51), | ||
92 | Z(0xd2), Z(0xc3), Z(0xa7), Z(0x75), Z(0x8c), Z(0xa5), Z(0x64), Z(0xef), | ||
93 | Z(0x10), Z(0x4e), Z(0xb7), Z(0xc6), Z(0x61), Z(0x03), Z(0xeb), Z(0x44), | ||
94 | Z(0x3d), Z(0xe5), Z(0xb3), Z(0x5b), Z(0xae), Z(0xd5), Z(0xad), Z(0x1d), | ||
95 | Z(0xfa), Z(0x5a), Z(0x1e), Z(0x33), Z(0xab), Z(0x93), Z(0xa2), Z(0xb7), | ||
96 | Z(0xe7), Z(0xa8), Z(0x45), Z(0xa4), Z(0xcd), Z(0x29), Z(0x63), Z(0x44), | ||
97 | Z(0xb6), Z(0x69), Z(0x7e), Z(0x2e), Z(0x62), Z(0x03), Z(0xc8), Z(0xe0), | ||
98 | Z(0x17), Z(0xbb), Z(0xc7), Z(0xf3), Z(0x3f), Z(0x36), Z(0xba), Z(0x71), | ||
99 | Z(0x8e), Z(0x97), Z(0x65), Z(0x60), Z(0x69), Z(0xb6), Z(0xf6), Z(0xe6), | ||
100 | Z(0x6e), Z(0xe0), Z(0x81), Z(0x59), Z(0xe8), Z(0xaf), Z(0xdd), Z(0x95), | ||
101 | Z(0x22), Z(0x99), Z(0xfd), Z(0x63), Z(0x19), Z(0x74), Z(0x61), Z(0xb1), | ||
102 | Z(0xb6), Z(0x5b), Z(0xae), Z(0x54), Z(0xb3), Z(0x70), Z(0xff), Z(0xc6), | ||
103 | Z(0x3b), Z(0x3e), Z(0xc1), Z(0xd7), Z(0xe1), Z(0x0e), Z(0x76), Z(0xe5), | ||
104 | Z(0x36), Z(0x4f), Z(0x59), Z(0xc7), Z(0x08), Z(0x6e), Z(0x82), Z(0xa6), | ||
105 | Z(0x93), Z(0xc4), Z(0xaa), Z(0x26), Z(0x49), Z(0xe0), Z(0x21), Z(0x64), | ||
106 | Z(0x07), Z(0x9f), Z(0x64), Z(0x81), Z(0x9c), Z(0xbf), Z(0xf9), Z(0xd1), | ||
107 | Z(0x43), Z(0xf8), Z(0xb6), Z(0xb9), Z(0xf1), Z(0x24), Z(0x75), Z(0x03), | ||
108 | Z(0xe4), Z(0xb0), Z(0x99), Z(0x46), Z(0x3d), Z(0xf5), Z(0xd1), Z(0x39), | ||
109 | Z(0x72), Z(0x12), Z(0xf6), Z(0xba), Z(0x0c), Z(0x0d), Z(0x42), Z(0x2e) | ||
110 | }; | ||
111 | |||
112 | #undef Z | ||
113 | #define Z(x) __constant_be32_to_cpu((x << 27) | (x >> 5)) | ||
114 | static const u32 sbox1[256] = { | ||
115 | Z(0x77), Z(0x14), Z(0xa6), Z(0xfe), Z(0xb2), Z(0x5e), Z(0x8c), Z(0x3e), | ||
116 | Z(0x67), Z(0x6c), Z(0xa1), Z(0x0d), Z(0xc2), Z(0xa2), Z(0xc1), Z(0x85), | ||
117 | Z(0x6c), Z(0x7b), Z(0x67), Z(0xc6), Z(0x23), Z(0xe3), Z(0xf2), Z(0x89), | ||
118 | Z(0x50), Z(0x9c), Z(0x03), Z(0xb7), Z(0x73), Z(0xe6), Z(0xe1), Z(0x39), | ||
119 | Z(0x31), Z(0x2c), Z(0x27), Z(0x9f), Z(0xa5), Z(0x69), Z(0x44), Z(0xd6), | ||
120 | Z(0x23), Z(0x83), Z(0x98), Z(0x7d), Z(0x3c), Z(0xb4), Z(0x2d), Z(0x99), | ||
121 | Z(0x1c), Z(0x1f), Z(0x8c), Z(0x20), Z(0x03), Z(0x7c), Z(0x5f), Z(0xad), | ||
122 | Z(0xf4), Z(0xfa), Z(0x95), Z(0xca), Z(0x76), Z(0x44), Z(0xcd), Z(0xb6), | ||
123 | Z(0xb8), Z(0xa1), Z(0xa1), Z(0xbe), Z(0x9e), Z(0x54), Z(0x8f), Z(0x0b), | ||
124 | Z(0x16), Z(0x74), Z(0x31), Z(0x8a), Z(0x23), Z(0x17), Z(0x04), Z(0xfa), | ||
125 | Z(0x79), Z(0x84), Z(0xb1), Z(0xf5), Z(0x13), Z(0xab), Z(0xb5), Z(0x2e), | ||
126 | Z(0xaa), Z(0x0c), Z(0x60), Z(0x6b), Z(0x5b), Z(0xc4), Z(0x4b), Z(0xbc), | ||
127 | Z(0xe2), Z(0xaf), Z(0x45), Z(0x73), Z(0xfa), Z(0xc9), Z(0x49), Z(0xcd), | ||
128 | Z(0x00), Z(0x92), Z(0x7d), Z(0x97), Z(0x7a), Z(0x18), Z(0x60), Z(0x3d), | ||
129 | Z(0xcf), Z(0x5b), Z(0xde), Z(0xc6), Z(0xe2), Z(0xe6), Z(0xbb), Z(0x8b), | ||
130 | Z(0x06), Z(0xda), Z(0x08), Z(0x15), Z(0x1b), Z(0x88), Z(0x6a), Z(0x17), | ||
131 | Z(0x89), Z(0xd0), Z(0xa9), Z(0xc1), Z(0xc9), Z(0x70), Z(0x6b), Z(0xe5), | ||
132 | Z(0x43), Z(0xf4), Z(0x68), Z(0xc8), Z(0xd3), Z(0x84), Z(0x28), Z(0x0a), | ||
133 | Z(0x52), Z(0x66), Z(0xa3), Z(0xca), Z(0xf2), Z(0xe3), Z(0x7f), Z(0x7a), | ||
134 | Z(0x31), Z(0xf7), Z(0x88), Z(0x94), Z(0x5e), Z(0x9c), Z(0x63), Z(0xd5), | ||
135 | Z(0x24), Z(0x66), Z(0xfc), Z(0xb3), Z(0x57), Z(0x25), Z(0xbe), Z(0x89), | ||
136 | Z(0x44), Z(0xc4), Z(0xe0), Z(0x8f), Z(0x23), Z(0x3c), Z(0x12), Z(0x52), | ||
137 | Z(0xf5), Z(0x1e), Z(0xf4), Z(0xcb), Z(0x18), Z(0x33), Z(0x1f), Z(0xf8), | ||
138 | Z(0x69), Z(0x10), Z(0x9d), Z(0xd3), Z(0xf7), Z(0x28), Z(0xf8), Z(0x30), | ||
139 | Z(0x05), Z(0x5e), Z(0x32), Z(0xc0), Z(0xd5), Z(0x19), Z(0xbd), Z(0x45), | ||
140 | Z(0x8b), Z(0x5b), Z(0xfd), Z(0xbc), Z(0xe2), Z(0x5c), Z(0xa9), Z(0x96), | ||
141 | Z(0xef), Z(0x70), Z(0xcf), Z(0xc2), Z(0x2a), Z(0xb3), Z(0x61), Z(0xad), | ||
142 | Z(0x80), Z(0x48), Z(0x81), Z(0xb7), Z(0x1d), Z(0x43), Z(0xd9), Z(0xd7), | ||
143 | Z(0x45), Z(0xf0), Z(0xd8), Z(0x8a), Z(0x59), Z(0x7c), Z(0x57), Z(0xc1), | ||
144 | Z(0x79), Z(0xc7), Z(0x34), Z(0xd6), Z(0x43), Z(0xdf), Z(0xe4), Z(0x78), | ||
145 | Z(0x16), Z(0x06), Z(0xda), Z(0x92), Z(0x76), Z(0x51), Z(0xe1), Z(0xd4), | ||
146 | Z(0x70), Z(0x03), Z(0xe0), Z(0x2f), Z(0x96), Z(0x91), Z(0x82), Z(0x80) | ||
147 | }; | ||
148 | |||
149 | #undef Z | ||
150 | #define Z(x) __constant_be32_to_cpu(x << 11) | ||
151 | static const u32 sbox2[256] = { | ||
152 | Z(0xf0), Z(0x37), Z(0x24), Z(0x53), Z(0x2a), Z(0x03), Z(0x83), Z(0x86), | ||
153 | Z(0xd1), Z(0xec), Z(0x50), Z(0xf0), Z(0x42), Z(0x78), Z(0x2f), Z(0x6d), | ||
154 | Z(0xbf), Z(0x80), Z(0x87), Z(0x27), Z(0x95), Z(0xe2), Z(0xc5), Z(0x5d), | ||
155 | Z(0xf9), Z(0x6f), Z(0xdb), Z(0xb4), Z(0x65), Z(0x6e), Z(0xe7), Z(0x24), | ||
156 | Z(0xc8), Z(0x1a), Z(0xbb), Z(0x49), Z(0xb5), Z(0x0a), Z(0x7d), Z(0xb9), | ||
157 | Z(0xe8), Z(0xdc), Z(0xb7), Z(0xd9), Z(0x45), Z(0x20), Z(0x1b), Z(0xce), | ||
158 | Z(0x59), Z(0x9d), Z(0x6b), Z(0xbd), Z(0x0e), Z(0x8f), Z(0xa3), Z(0xa9), | ||
159 | Z(0xbc), Z(0x74), Z(0xa6), Z(0xf6), Z(0x7f), Z(0x5f), Z(0xb1), Z(0x68), | ||
160 | Z(0x84), Z(0xbc), Z(0xa9), Z(0xfd), Z(0x55), Z(0x50), Z(0xe9), Z(0xb6), | ||
161 | Z(0x13), Z(0x5e), Z(0x07), Z(0xb8), Z(0x95), Z(0x02), Z(0xc0), Z(0xd0), | ||
162 | Z(0x6a), Z(0x1a), Z(0x85), Z(0xbd), Z(0xb6), Z(0xfd), Z(0xfe), Z(0x17), | ||
163 | Z(0x3f), Z(0x09), Z(0xa3), Z(0x8d), Z(0xfb), Z(0xed), Z(0xda), Z(0x1d), | ||
164 | Z(0x6d), Z(0x1c), Z(0x6c), Z(0x01), Z(0x5a), Z(0xe5), Z(0x71), Z(0x3e), | ||
165 | Z(0x8b), Z(0x6b), Z(0xbe), Z(0x29), Z(0xeb), Z(0x12), Z(0x19), Z(0x34), | ||
166 | Z(0xcd), Z(0xb3), Z(0xbd), Z(0x35), Z(0xea), Z(0x4b), Z(0xd5), Z(0xae), | ||
167 | Z(0x2a), Z(0x79), Z(0x5a), Z(0xa5), Z(0x32), Z(0x12), Z(0x7b), Z(0xdc), | ||
168 | Z(0x2c), Z(0xd0), Z(0x22), Z(0x4b), Z(0xb1), Z(0x85), Z(0x59), Z(0x80), | ||
169 | Z(0xc0), Z(0x30), Z(0x9f), Z(0x73), Z(0xd3), Z(0x14), Z(0x48), Z(0x40), | ||
170 | Z(0x07), Z(0x2d), Z(0x8f), Z(0x80), Z(0x0f), Z(0xce), Z(0x0b), Z(0x5e), | ||
171 | Z(0xb7), Z(0x5e), Z(0xac), Z(0x24), Z(0x94), Z(0x4a), Z(0x18), Z(0x15), | ||
172 | Z(0x05), Z(0xe8), Z(0x02), Z(0x77), Z(0xa9), Z(0xc7), Z(0x40), Z(0x45), | ||
173 | Z(0x89), Z(0xd1), Z(0xea), Z(0xde), Z(0x0c), Z(0x79), Z(0x2a), Z(0x99), | ||
174 | Z(0x6c), Z(0x3e), Z(0x95), Z(0xdd), Z(0x8c), Z(0x7d), Z(0xad), Z(0x6f), | ||
175 | Z(0xdc), Z(0xff), Z(0xfd), Z(0x62), Z(0x47), Z(0xb3), Z(0x21), Z(0x8a), | ||
176 | Z(0xec), Z(0x8e), Z(0x19), Z(0x18), Z(0xb4), Z(0x6e), Z(0x3d), Z(0xfd), | ||
177 | Z(0x74), Z(0x54), Z(0x1e), Z(0x04), Z(0x85), Z(0xd8), Z(0xbc), Z(0x1f), | ||
178 | Z(0x56), Z(0xe7), Z(0x3a), Z(0x56), Z(0x67), Z(0xd6), Z(0xc8), Z(0xa5), | ||
179 | Z(0xf3), Z(0x8e), Z(0xde), Z(0xae), Z(0x37), Z(0x49), Z(0xb7), Z(0xfa), | ||
180 | Z(0xc8), Z(0xf4), Z(0x1f), Z(0xe0), Z(0x2a), Z(0x9b), Z(0x15), Z(0xd1), | ||
181 | Z(0x34), Z(0x0e), Z(0xb5), Z(0xe0), Z(0x44), Z(0x78), Z(0x84), Z(0x59), | ||
182 | Z(0x56), Z(0x68), Z(0x77), Z(0xa5), Z(0x14), Z(0x06), Z(0xf5), Z(0x2f), | ||
183 | Z(0x8c), Z(0x8a), Z(0x73), Z(0x80), Z(0x76), Z(0xb4), Z(0x10), Z(0x86) | ||
184 | }; | ||
185 | |||
186 | #undef Z | ||
187 | #define Z(x) __constant_be32_to_cpu(x << 19) | ||
188 | static const u32 sbox3[256] = { | ||
189 | Z(0xa9), Z(0x2a), Z(0x48), Z(0x51), Z(0x84), Z(0x7e), Z(0x49), Z(0xe2), | ||
190 | Z(0xb5), Z(0xb7), Z(0x42), Z(0x33), Z(0x7d), Z(0x5d), Z(0xa6), Z(0x12), | ||
191 | Z(0x44), Z(0x48), Z(0x6d), Z(0x28), Z(0xaa), Z(0x20), Z(0x6d), Z(0x57), | ||
192 | Z(0xd6), Z(0x6b), Z(0x5d), Z(0x72), Z(0xf0), Z(0x92), Z(0x5a), Z(0x1b), | ||
193 | Z(0x53), Z(0x80), Z(0x24), Z(0x70), Z(0x9a), Z(0xcc), Z(0xa7), Z(0x66), | ||
194 | Z(0xa1), Z(0x01), Z(0xa5), Z(0x41), Z(0x97), Z(0x41), Z(0x31), Z(0x82), | ||
195 | Z(0xf1), Z(0x14), Z(0xcf), Z(0x53), Z(0x0d), Z(0xa0), Z(0x10), Z(0xcc), | ||
196 | Z(0x2a), Z(0x7d), Z(0xd2), Z(0xbf), Z(0x4b), Z(0x1a), Z(0xdb), Z(0x16), | ||
197 | Z(0x47), Z(0xf6), Z(0x51), Z(0x36), Z(0xed), Z(0xf3), Z(0xb9), Z(0x1a), | ||
198 | Z(0xa7), Z(0xdf), Z(0x29), Z(0x43), Z(0x01), Z(0x54), Z(0x70), Z(0xa4), | ||
199 | Z(0xbf), Z(0xd4), Z(0x0b), Z(0x53), Z(0x44), Z(0x60), Z(0x9e), Z(0x23), | ||
200 | Z(0xa1), Z(0x18), Z(0x68), Z(0x4f), Z(0xf0), Z(0x2f), Z(0x82), Z(0xc2), | ||
201 | Z(0x2a), Z(0x41), Z(0xb2), Z(0x42), Z(0x0c), Z(0xed), Z(0x0c), Z(0x1d), | ||
202 | Z(0x13), Z(0x3a), Z(0x3c), Z(0x6e), Z(0x35), Z(0xdc), Z(0x60), Z(0x65), | ||
203 | Z(0x85), Z(0xe9), Z(0x64), Z(0x02), Z(0x9a), Z(0x3f), Z(0x9f), Z(0x87), | ||
204 | Z(0x96), Z(0xdf), Z(0xbe), Z(0xf2), Z(0xcb), Z(0xe5), Z(0x6c), Z(0xd4), | ||
205 | Z(0x5a), Z(0x83), Z(0xbf), Z(0x92), Z(0x1b), Z(0x94), Z(0x00), Z(0x42), | ||
206 | Z(0xcf), Z(0x4b), Z(0x00), Z(0x75), Z(0xba), Z(0x8f), Z(0x76), Z(0x5f), | ||
207 | Z(0x5d), Z(0x3a), Z(0x4d), Z(0x09), Z(0x12), Z(0x08), Z(0x38), Z(0x95), | ||
208 | Z(0x17), Z(0xe4), Z(0x01), Z(0x1d), Z(0x4c), Z(0xa9), Z(0xcc), Z(0x85), | ||
209 | Z(0x82), Z(0x4c), Z(0x9d), Z(0x2f), Z(0x3b), Z(0x66), Z(0xa1), Z(0x34), | ||
210 | Z(0x10), Z(0xcd), Z(0x59), Z(0x89), Z(0xa5), Z(0x31), Z(0xcf), Z(0x05), | ||
211 | Z(0xc8), Z(0x84), Z(0xfa), Z(0xc7), Z(0xba), Z(0x4e), Z(0x8b), Z(0x1a), | ||
212 | Z(0x19), Z(0xf1), Z(0xa1), Z(0x3b), Z(0x18), Z(0x12), Z(0x17), Z(0xb0), | ||
213 | Z(0x98), Z(0x8d), Z(0x0b), Z(0x23), Z(0xc3), Z(0x3a), Z(0x2d), Z(0x20), | ||
214 | Z(0xdf), Z(0x13), Z(0xa0), Z(0xa8), Z(0x4c), Z(0x0d), Z(0x6c), Z(0x2f), | ||
215 | Z(0x47), Z(0x13), Z(0x13), Z(0x52), Z(0x1f), Z(0x2d), Z(0xf5), Z(0x79), | ||
216 | Z(0x3d), Z(0xa2), Z(0x54), Z(0xbd), Z(0x69), Z(0xc8), Z(0x6b), Z(0xf3), | ||
217 | Z(0x05), Z(0x28), Z(0xf1), Z(0x16), Z(0x46), Z(0x40), Z(0xb0), Z(0x11), | ||
218 | Z(0xd3), Z(0xb7), Z(0x95), Z(0x49), Z(0xcf), Z(0xc3), Z(0x1d), Z(0x8f), | ||
219 | Z(0xd8), Z(0xe1), Z(0x73), Z(0xdb), Z(0xad), Z(0xc8), Z(0xc9), Z(0xa9), | ||
220 | Z(0xa1), Z(0xc2), Z(0xc5), Z(0xe3), Z(0xba), Z(0xfc), Z(0x0e), Z(0x25) | ||
221 | }; | ||
222 | |||
223 | /* | ||
224 | * This is a 16 round Feistel network with permutation F_ENCRYPT | ||
225 | */ | ||
226 | #define F_ENCRYPT(R, L, sched) \ | ||
227 | do { \ | ||
228 | union lc4 { u32 l; u8 c[4]; } u; \ | ||
229 | u.l = sched ^ R; \ | ||
230 | L ^= sbox0[u.c[0]] ^ sbox1[u.c[1]] ^ sbox2[u.c[2]] ^ sbox3[u.c[3]]; \ | ||
231 | } while(0) | ||
232 | |||
233 | /* | ||
234 | * encryptor | ||
235 | */ | ||
236 | static void fcrypt_encrypt(struct crypto_tfm *tfm, u8 *dst, const u8 *src) | ||
237 | { | ||
238 | const struct fcrypt_ctx *ctx = crypto_tfm_ctx(tfm); | ||
239 | struct { | ||
240 | u32 l, r; | ||
241 | } X; | ||
242 | |||
243 | memcpy(&X, src, sizeof(X)); | ||
244 | |||
245 | F_ENCRYPT(X.r, X.l, ctx->sched[0x0]); | ||
246 | F_ENCRYPT(X.l, X.r, ctx->sched[0x1]); | ||
247 | F_ENCRYPT(X.r, X.l, ctx->sched[0x2]); | ||
248 | F_ENCRYPT(X.l, X.r, ctx->sched[0x3]); | ||
249 | F_ENCRYPT(X.r, X.l, ctx->sched[0x4]); | ||
250 | F_ENCRYPT(X.l, X.r, ctx->sched[0x5]); | ||
251 | F_ENCRYPT(X.r, X.l, ctx->sched[0x6]); | ||
252 | F_ENCRYPT(X.l, X.r, ctx->sched[0x7]); | ||
253 | F_ENCRYPT(X.r, X.l, ctx->sched[0x8]); | ||
254 | F_ENCRYPT(X.l, X.r, ctx->sched[0x9]); | ||
255 | F_ENCRYPT(X.r, X.l, ctx->sched[0xa]); | ||
256 | F_ENCRYPT(X.l, X.r, ctx->sched[0xb]); | ||
257 | F_ENCRYPT(X.r, X.l, ctx->sched[0xc]); | ||
258 | F_ENCRYPT(X.l, X.r, ctx->sched[0xd]); | ||
259 | F_ENCRYPT(X.r, X.l, ctx->sched[0xe]); | ||
260 | F_ENCRYPT(X.l, X.r, ctx->sched[0xf]); | ||
261 | |||
262 | memcpy(dst, &X, sizeof(X)); | ||
263 | } | ||
264 | |||
265 | /* | ||
266 | * decryptor | ||
267 | */ | ||
268 | static void fcrypt_decrypt(struct crypto_tfm *tfm, u8 *dst, const u8 *src) | ||
269 | { | ||
270 | const struct fcrypt_ctx *ctx = crypto_tfm_ctx(tfm); | ||
271 | struct { | ||
272 | u32 l, r; | ||
273 | } X; | ||
274 | |||
275 | memcpy(&X, src, sizeof(X)); | ||
276 | |||
277 | F_ENCRYPT(X.l, X.r, ctx->sched[0xf]); | ||
278 | F_ENCRYPT(X.r, X.l, ctx->sched[0xe]); | ||
279 | F_ENCRYPT(X.l, X.r, ctx->sched[0xd]); | ||
280 | F_ENCRYPT(X.r, X.l, ctx->sched[0xc]); | ||
281 | F_ENCRYPT(X.l, X.r, ctx->sched[0xb]); | ||
282 | F_ENCRYPT(X.r, X.l, ctx->sched[0xa]); | ||
283 | F_ENCRYPT(X.l, X.r, ctx->sched[0x9]); | ||
284 | F_ENCRYPT(X.r, X.l, ctx->sched[0x8]); | ||
285 | F_ENCRYPT(X.l, X.r, ctx->sched[0x7]); | ||
286 | F_ENCRYPT(X.r, X.l, ctx->sched[0x6]); | ||
287 | F_ENCRYPT(X.l, X.r, ctx->sched[0x5]); | ||
288 | F_ENCRYPT(X.r, X.l, ctx->sched[0x4]); | ||
289 | F_ENCRYPT(X.l, X.r, ctx->sched[0x3]); | ||
290 | F_ENCRYPT(X.r, X.l, ctx->sched[0x2]); | ||
291 | F_ENCRYPT(X.l, X.r, ctx->sched[0x1]); | ||
292 | F_ENCRYPT(X.r, X.l, ctx->sched[0x0]); | ||
293 | |||
294 | memcpy(dst, &X, sizeof(X)); | ||
295 | } | ||
296 | |||
297 | /* | ||
298 | * Generate a key schedule from key, the least significant bit in each key byte | ||
299 | * is parity and shall be ignored. This leaves 56 significant bits in the key | ||
300 | * to scatter over the 16 key schedules. For each schedule extract the low | ||
301 | * order 32 bits and use as schedule, then rotate right by 11 bits. | ||
302 | */ | ||
303 | static int fcrypt_setkey(struct crypto_tfm *tfm, const u8 *key, unsigned int keylen) | ||
304 | { | ||
305 | struct fcrypt_ctx *ctx = crypto_tfm_ctx(tfm); | ||
306 | |||
307 | #if BITS_PER_LONG == 64 /* the 64-bit version can also be used for 32-bit | ||
308 | * kernels - it seems to be faster but the code is | ||
309 | * larger */ | ||
310 | |||
311 | u64 k; /* k holds all 56 non-parity bits */ | ||
312 | |||
313 | /* discard the parity bits */ | ||
314 | k = (*key++) >> 1; | ||
315 | k <<= 7; | ||
316 | k |= (*key++) >> 1; | ||
317 | k <<= 7; | ||
318 | k |= (*key++) >> 1; | ||
319 | k <<= 7; | ||
320 | k |= (*key++) >> 1; | ||
321 | k <<= 7; | ||
322 | k |= (*key++) >> 1; | ||
323 | k <<= 7; | ||
324 | k |= (*key++) >> 1; | ||
325 | k <<= 7; | ||
326 | k |= (*key++) >> 1; | ||
327 | k <<= 7; | ||
328 | k |= (*key) >> 1; | ||
329 | |||
330 | /* Use lower 32 bits for schedule, rotate by 11 each round (16 times) */ | ||
331 | ctx->sched[0x0] = be32_to_cpu(k); ror56_64(k, 11); | ||
332 | ctx->sched[0x1] = be32_to_cpu(k); ror56_64(k, 11); | ||
333 | ctx->sched[0x2] = be32_to_cpu(k); ror56_64(k, 11); | ||
334 | ctx->sched[0x3] = be32_to_cpu(k); ror56_64(k, 11); | ||
335 | ctx->sched[0x4] = be32_to_cpu(k); ror56_64(k, 11); | ||
336 | ctx->sched[0x5] = be32_to_cpu(k); ror56_64(k, 11); | ||
337 | ctx->sched[0x6] = be32_to_cpu(k); ror56_64(k, 11); | ||
338 | ctx->sched[0x7] = be32_to_cpu(k); ror56_64(k, 11); | ||
339 | ctx->sched[0x8] = be32_to_cpu(k); ror56_64(k, 11); | ||
340 | ctx->sched[0x9] = be32_to_cpu(k); ror56_64(k, 11); | ||
341 | ctx->sched[0xa] = be32_to_cpu(k); ror56_64(k, 11); | ||
342 | ctx->sched[0xb] = be32_to_cpu(k); ror56_64(k, 11); | ||
343 | ctx->sched[0xc] = be32_to_cpu(k); ror56_64(k, 11); | ||
344 | ctx->sched[0xd] = be32_to_cpu(k); ror56_64(k, 11); | ||
345 | ctx->sched[0xe] = be32_to_cpu(k); ror56_64(k, 11); | ||
346 | ctx->sched[0xf] = be32_to_cpu(k); | ||
347 | |||
348 | return 0; | ||
349 | #else | ||
350 | u32 hi, lo; /* hi is upper 24 bits and lo lower 32, total 56 */ | ||
351 | |||
352 | /* discard the parity bits */ | ||
353 | lo = (*key++) >> 1; | ||
354 | lo <<= 7; | ||
355 | lo |= (*key++) >> 1; | ||
356 | lo <<= 7; | ||
357 | lo |= (*key++) >> 1; | ||
358 | lo <<= 7; | ||
359 | lo |= (*key++) >> 1; | ||
360 | hi = lo >> 4; | ||
361 | lo &= 0xf; | ||
362 | lo <<= 7; | ||
363 | lo |= (*key++) >> 1; | ||
364 | lo <<= 7; | ||
365 | lo |= (*key++) >> 1; | ||
366 | lo <<= 7; | ||
367 | lo |= (*key++) >> 1; | ||
368 | lo <<= 7; | ||
369 | lo |= (*key) >> 1; | ||
370 | |||
371 | /* Use lower 32 bits for schedule, rotate by 11 each round (16 times) */ | ||
372 | ctx->sched[0x0] = be32_to_cpu(lo); ror56(hi, lo, 11); | ||
373 | ctx->sched[0x1] = be32_to_cpu(lo); ror56(hi, lo, 11); | ||
374 | ctx->sched[0x2] = be32_to_cpu(lo); ror56(hi, lo, 11); | ||
375 | ctx->sched[0x3] = be32_to_cpu(lo); ror56(hi, lo, 11); | ||
376 | ctx->sched[0x4] = be32_to_cpu(lo); ror56(hi, lo, 11); | ||
377 | ctx->sched[0x5] = be32_to_cpu(lo); ror56(hi, lo, 11); | ||
378 | ctx->sched[0x6] = be32_to_cpu(lo); ror56(hi, lo, 11); | ||
379 | ctx->sched[0x7] = be32_to_cpu(lo); ror56(hi, lo, 11); | ||
380 | ctx->sched[0x8] = be32_to_cpu(lo); ror56(hi, lo, 11); | ||
381 | ctx->sched[0x9] = be32_to_cpu(lo); ror56(hi, lo, 11); | ||
382 | ctx->sched[0xa] = be32_to_cpu(lo); ror56(hi, lo, 11); | ||
383 | ctx->sched[0xb] = be32_to_cpu(lo); ror56(hi, lo, 11); | ||
384 | ctx->sched[0xc] = be32_to_cpu(lo); ror56(hi, lo, 11); | ||
385 | ctx->sched[0xd] = be32_to_cpu(lo); ror56(hi, lo, 11); | ||
386 | ctx->sched[0xe] = be32_to_cpu(lo); ror56(hi, lo, 11); | ||
387 | ctx->sched[0xf] = be32_to_cpu(lo); | ||
388 | return 0; | ||
389 | #endif | ||
390 | } | ||
391 | |||
392 | static struct crypto_alg fcrypt_alg = { | ||
393 | .cra_name = "fcrypt", | ||
394 | .cra_flags = CRYPTO_ALG_TYPE_CIPHER, | ||
395 | .cra_blocksize = 8, | ||
396 | .cra_ctxsize = sizeof(struct fcrypt_ctx), | ||
397 | .cra_module = THIS_MODULE, | ||
398 | .cra_alignmask = 3, | ||
399 | .cra_list = LIST_HEAD_INIT(fcrypt_alg.cra_list), | ||
400 | .cra_u = { .cipher = { | ||
401 | .cia_min_keysize = 8, | ||
402 | .cia_max_keysize = 8, | ||
403 | .cia_setkey = fcrypt_setkey, | ||
404 | .cia_encrypt = fcrypt_encrypt, | ||
405 | .cia_decrypt = fcrypt_decrypt } } | ||
406 | }; | ||
407 | |||
408 | static int __init init(void) | ||
409 | { | ||
410 | return crypto_register_alg(&fcrypt_alg); | ||
411 | } | ||
412 | |||
413 | static void __exit fini(void) | ||
414 | { | ||
415 | crypto_unregister_alg(&fcrypt_alg); | ||
416 | } | ||
417 | |||
418 | module_init(init); | ||
419 | module_exit(fini); | ||
420 | |||
421 | MODULE_LICENSE("Dual BSD/GPL"); | ||
422 | MODULE_DESCRIPTION("FCrypt Cipher Algorithm"); | ||
423 | MODULE_AUTHOR("David Howells <dhowells@redhat.com>"); | ||
diff --git a/crypto/hash.c b/crypto/hash.c index cdec23d885fe..12c4514f3478 100644 --- a/crypto/hash.c +++ b/crypto/hash.c | |||
@@ -16,12 +16,13 @@ | |||
16 | 16 | ||
17 | #include "internal.h" | 17 | #include "internal.h" |
18 | 18 | ||
19 | static unsigned int crypto_hash_ctxsize(struct crypto_alg *alg) | 19 | static unsigned int crypto_hash_ctxsize(struct crypto_alg *alg, u32 type, |
20 | u32 mask) | ||
20 | { | 21 | { |
21 | return alg->cra_ctxsize; | 22 | return alg->cra_ctxsize; |
22 | } | 23 | } |
23 | 24 | ||
24 | static int crypto_init_hash_ops(struct crypto_tfm *tfm) | 25 | static int crypto_init_hash_ops(struct crypto_tfm *tfm, u32 type, u32 mask) |
25 | { | 26 | { |
26 | struct hash_tfm *crt = &tfm->crt_hash; | 27 | struct hash_tfm *crt = &tfm->crt_hash; |
27 | struct hash_alg *alg = &tfm->__crt_alg->cra_hash; | 28 | struct hash_alg *alg = &tfm->__crt_alg->cra_hash; |
diff --git a/crypto/hmac.c b/crypto/hmac.c index b521bcd2b2c6..44187c5ee593 100644 --- a/crypto/hmac.c +++ b/crypto/hmac.c | |||
@@ -172,15 +172,16 @@ static int hmac_digest(struct hash_desc *pdesc, struct scatterlist *sg, | |||
172 | 172 | ||
173 | static int hmac_init_tfm(struct crypto_tfm *tfm) | 173 | static int hmac_init_tfm(struct crypto_tfm *tfm) |
174 | { | 174 | { |
175 | struct crypto_hash *hash; | ||
175 | struct crypto_instance *inst = (void *)tfm->__crt_alg; | 176 | struct crypto_instance *inst = (void *)tfm->__crt_alg; |
176 | struct crypto_spawn *spawn = crypto_instance_ctx(inst); | 177 | struct crypto_spawn *spawn = crypto_instance_ctx(inst); |
177 | struct hmac_ctx *ctx = hmac_ctx(__crypto_hash_cast(tfm)); | 178 | struct hmac_ctx *ctx = hmac_ctx(__crypto_hash_cast(tfm)); |
178 | 179 | ||
179 | tfm = crypto_spawn_tfm(spawn); | 180 | hash = crypto_spawn_hash(spawn); |
180 | if (IS_ERR(tfm)) | 181 | if (IS_ERR(hash)) |
181 | return PTR_ERR(tfm); | 182 | return PTR_ERR(hash); |
182 | 183 | ||
183 | ctx->child = crypto_hash_cast(tfm); | 184 | ctx->child = hash; |
184 | return 0; | 185 | return 0; |
185 | } | 186 | } |
186 | 187 | ||
diff --git a/crypto/internal.h b/crypto/internal.h index 2da6ad4f3593..60acad9788c5 100644 --- a/crypto/internal.h +++ b/crypto/internal.h | |||
@@ -83,8 +83,7 @@ static inline void crypto_exit_proc(void) | |||
83 | { } | 83 | { } |
84 | #endif | 84 | #endif |
85 | 85 | ||
86 | static inline unsigned int crypto_digest_ctxsize(struct crypto_alg *alg, | 86 | static inline unsigned int crypto_digest_ctxsize(struct crypto_alg *alg) |
87 | int flags) | ||
88 | { | 87 | { |
89 | unsigned int len = alg->cra_ctxsize; | 88 | unsigned int len = alg->cra_ctxsize; |
90 | 89 | ||
@@ -96,23 +95,12 @@ static inline unsigned int crypto_digest_ctxsize(struct crypto_alg *alg, | |||
96 | return len; | 95 | return len; |
97 | } | 96 | } |
98 | 97 | ||
99 | static inline unsigned int crypto_cipher_ctxsize(struct crypto_alg *alg, | 98 | static inline unsigned int crypto_cipher_ctxsize(struct crypto_alg *alg) |
100 | int flags) | ||
101 | { | 99 | { |
102 | unsigned int len = alg->cra_ctxsize; | 100 | return alg->cra_ctxsize; |
103 | |||
104 | switch (flags & CRYPTO_TFM_MODE_MASK) { | ||
105 | case CRYPTO_TFM_MODE_CBC: | ||
106 | len = ALIGN(len, (unsigned long)alg->cra_alignmask + 1); | ||
107 | len += alg->cra_blocksize; | ||
108 | break; | ||
109 | } | ||
110 | |||
111 | return len; | ||
112 | } | 101 | } |
113 | 102 | ||
114 | static inline unsigned int crypto_compress_ctxsize(struct crypto_alg *alg, | 103 | static inline unsigned int crypto_compress_ctxsize(struct crypto_alg *alg) |
115 | int flags) | ||
116 | { | 104 | { |
117 | return alg->cra_ctxsize; | 105 | return alg->cra_ctxsize; |
118 | } | 106 | } |
@@ -121,10 +109,6 @@ struct crypto_alg *crypto_mod_get(struct crypto_alg *alg); | |||
121 | struct crypto_alg *__crypto_alg_lookup(const char *name, u32 type, u32 mask); | 109 | struct crypto_alg *__crypto_alg_lookup(const char *name, u32 type, u32 mask); |
122 | struct crypto_alg *crypto_alg_mod_lookup(const char *name, u32 type, u32 mask); | 110 | struct crypto_alg *crypto_alg_mod_lookup(const char *name, u32 type, u32 mask); |
123 | 111 | ||
124 | int crypto_init_digest_flags(struct crypto_tfm *tfm, u32 flags); | ||
125 | int crypto_init_cipher_flags(struct crypto_tfm *tfm, u32 flags); | ||
126 | int crypto_init_compress_flags(struct crypto_tfm *tfm, u32 flags); | ||
127 | |||
128 | int crypto_init_digest_ops(struct crypto_tfm *tfm); | 112 | int crypto_init_digest_ops(struct crypto_tfm *tfm); |
129 | int crypto_init_cipher_ops(struct crypto_tfm *tfm); | 113 | int crypto_init_cipher_ops(struct crypto_tfm *tfm); |
130 | int crypto_init_compress_ops(struct crypto_tfm *tfm); | 114 | int crypto_init_compress_ops(struct crypto_tfm *tfm); |
@@ -136,7 +120,8 @@ void crypto_exit_compress_ops(struct crypto_tfm *tfm); | |||
136 | void crypto_larval_error(const char *name, u32 type, u32 mask); | 120 | void crypto_larval_error(const char *name, u32 type, u32 mask); |
137 | 121 | ||
138 | void crypto_shoot_alg(struct crypto_alg *alg); | 122 | void crypto_shoot_alg(struct crypto_alg *alg); |
139 | struct crypto_tfm *__crypto_alloc_tfm(struct crypto_alg *alg, u32 flags); | 123 | struct crypto_tfm *__crypto_alloc_tfm(struct crypto_alg *alg, u32 type, |
124 | u32 mask); | ||
140 | 125 | ||
141 | int crypto_register_instance(struct crypto_template *tmpl, | 126 | int crypto_register_instance(struct crypto_template *tmpl, |
142 | struct crypto_instance *inst); | 127 | struct crypto_instance *inst); |
diff --git a/crypto/lrw.c b/crypto/lrw.c index 56642586d84f..b4105080ac7a 100644 --- a/crypto/lrw.c +++ b/crypto/lrw.c | |||
@@ -201,21 +201,22 @@ static int decrypt(struct blkcipher_desc *desc, struct scatterlist *dst, | |||
201 | 201 | ||
202 | static int init_tfm(struct crypto_tfm *tfm) | 202 | static int init_tfm(struct crypto_tfm *tfm) |
203 | { | 203 | { |
204 | struct crypto_cipher *cipher; | ||
204 | struct crypto_instance *inst = (void *)tfm->__crt_alg; | 205 | struct crypto_instance *inst = (void *)tfm->__crt_alg; |
205 | struct crypto_spawn *spawn = crypto_instance_ctx(inst); | 206 | struct crypto_spawn *spawn = crypto_instance_ctx(inst); |
206 | struct priv *ctx = crypto_tfm_ctx(tfm); | 207 | struct priv *ctx = crypto_tfm_ctx(tfm); |
207 | u32 *flags = &tfm->crt_flags; | 208 | u32 *flags = &tfm->crt_flags; |
208 | 209 | ||
209 | tfm = crypto_spawn_tfm(spawn); | 210 | cipher = crypto_spawn_cipher(spawn); |
210 | if (IS_ERR(tfm)) | 211 | if (IS_ERR(cipher)) |
211 | return PTR_ERR(tfm); | 212 | return PTR_ERR(cipher); |
212 | 213 | ||
213 | if (crypto_tfm_alg_blocksize(tfm) != 16) { | 214 | if (crypto_cipher_blocksize(cipher) != 16) { |
214 | *flags |= CRYPTO_TFM_RES_BAD_BLOCK_LEN; | 215 | *flags |= CRYPTO_TFM_RES_BAD_BLOCK_LEN; |
215 | return -EINVAL; | 216 | return -EINVAL; |
216 | } | 217 | } |
217 | 218 | ||
218 | ctx->child = crypto_cipher_cast(tfm); | 219 | ctx->child = cipher; |
219 | return 0; | 220 | return 0; |
220 | } | 221 | } |
221 | 222 | ||
diff --git a/crypto/pcbc.c b/crypto/pcbc.c new file mode 100644 index 000000000000..5174d7fdad6e --- /dev/null +++ b/crypto/pcbc.c | |||
@@ -0,0 +1,349 @@ | |||
1 | /* | ||
2 | * PCBC: Propagating Cipher Block Chaining mode | ||
3 | * | ||
4 | * Copyright (C) 2006 Red Hat, Inc. All Rights Reserved. | ||
5 | * Written by David Howells (dhowells@redhat.com) | ||
6 | * | ||
7 | * Derived from cbc.c | ||
8 | * - Copyright (c) 2006 Herbert Xu <herbert@gondor.apana.org.au> | ||
9 | * | ||
10 | * This program is free software; you can redistribute it and/or modify it | ||
11 | * under the terms of the GNU General Public License as published by the Free | ||
12 | * Software Foundation; either version 2 of the License, or (at your option) | ||
13 | * any later version. | ||
14 | * | ||
15 | */ | ||
16 | |||
17 | #include <crypto/algapi.h> | ||
18 | #include <linux/err.h> | ||
19 | #include <linux/init.h> | ||
20 | #include <linux/kernel.h> | ||
21 | #include <linux/module.h> | ||
22 | #include <linux/scatterlist.h> | ||
23 | #include <linux/slab.h> | ||
24 | |||
25 | struct crypto_pcbc_ctx { | ||
26 | struct crypto_cipher *child; | ||
27 | void (*xor)(u8 *dst, const u8 *src, unsigned int bs); | ||
28 | }; | ||
29 | |||
30 | static int crypto_pcbc_setkey(struct crypto_tfm *parent, const u8 *key, | ||
31 | unsigned int keylen) | ||
32 | { | ||
33 | struct crypto_pcbc_ctx *ctx = crypto_tfm_ctx(parent); | ||
34 | struct crypto_cipher *child = ctx->child; | ||
35 | int err; | ||
36 | |||
37 | crypto_cipher_clear_flags(child, CRYPTO_TFM_REQ_MASK); | ||
38 | crypto_cipher_set_flags(child, crypto_tfm_get_flags(parent) & | ||
39 | CRYPTO_TFM_REQ_MASK); | ||
40 | err = crypto_cipher_setkey(child, key, keylen); | ||
41 | crypto_tfm_set_flags(parent, crypto_cipher_get_flags(child) & | ||
42 | CRYPTO_TFM_RES_MASK); | ||
43 | return err; | ||
44 | } | ||
45 | |||
46 | static int crypto_pcbc_encrypt_segment(struct blkcipher_desc *desc, | ||
47 | struct blkcipher_walk *walk, | ||
48 | struct crypto_cipher *tfm, | ||
49 | void (*xor)(u8 *, const u8 *, | ||
50 | unsigned int)) | ||
51 | { | ||
52 | void (*fn)(struct crypto_tfm *, u8 *, const u8 *) = | ||
53 | crypto_cipher_alg(tfm)->cia_encrypt; | ||
54 | int bsize = crypto_cipher_blocksize(tfm); | ||
55 | unsigned int nbytes = walk->nbytes; | ||
56 | u8 *src = walk->src.virt.addr; | ||
57 | u8 *dst = walk->dst.virt.addr; | ||
58 | u8 *iv = walk->iv; | ||
59 | |||
60 | do { | ||
61 | xor(iv, src, bsize); | ||
62 | fn(crypto_cipher_tfm(tfm), dst, iv); | ||
63 | memcpy(iv, dst, bsize); | ||
64 | xor(iv, src, bsize); | ||
65 | |||
66 | src += bsize; | ||
67 | dst += bsize; | ||
68 | } while ((nbytes -= bsize) >= bsize); | ||
69 | |||
70 | return nbytes; | ||
71 | } | ||
72 | |||
73 | static int crypto_pcbc_encrypt_inplace(struct blkcipher_desc *desc, | ||
74 | struct blkcipher_walk *walk, | ||
75 | struct crypto_cipher *tfm, | ||
76 | void (*xor)(u8 *, const u8 *, | ||
77 | unsigned int)) | ||
78 | { | ||
79 | void (*fn)(struct crypto_tfm *, u8 *, const u8 *) = | ||
80 | crypto_cipher_alg(tfm)->cia_encrypt; | ||
81 | int bsize = crypto_cipher_blocksize(tfm); | ||
82 | unsigned int nbytes = walk->nbytes; | ||
83 | u8 *src = walk->src.virt.addr; | ||
84 | u8 *iv = walk->iv; | ||
85 | u8 tmpbuf[bsize]; | ||
86 | |||
87 | do { | ||
88 | memcpy(tmpbuf, src, bsize); | ||
89 | xor(iv, tmpbuf, bsize); | ||
90 | fn(crypto_cipher_tfm(tfm), src, iv); | ||
91 | memcpy(iv, src, bsize); | ||
92 | xor(iv, tmpbuf, bsize); | ||
93 | |||
94 | src += bsize; | ||
95 | } while ((nbytes -= bsize) >= bsize); | ||
96 | |||
97 | memcpy(walk->iv, iv, bsize); | ||
98 | |||
99 | return nbytes; | ||
100 | } | ||
101 | |||
102 | static int crypto_pcbc_encrypt(struct blkcipher_desc *desc, | ||
103 | struct scatterlist *dst, struct scatterlist *src, | ||
104 | unsigned int nbytes) | ||
105 | { | ||
106 | struct blkcipher_walk walk; | ||
107 | struct crypto_blkcipher *tfm = desc->tfm; | ||
108 | struct crypto_pcbc_ctx *ctx = crypto_blkcipher_ctx(tfm); | ||
109 | struct crypto_cipher *child = ctx->child; | ||
110 | void (*xor)(u8 *, const u8 *, unsigned int bs) = ctx->xor; | ||
111 | int err; | ||
112 | |||
113 | blkcipher_walk_init(&walk, dst, src, nbytes); | ||
114 | err = blkcipher_walk_virt(desc, &walk); | ||
115 | |||
116 | while ((nbytes = walk.nbytes)) { | ||
117 | if (walk.src.virt.addr == walk.dst.virt.addr) | ||
118 | nbytes = crypto_pcbc_encrypt_inplace(desc, &walk, child, | ||
119 | xor); | ||
120 | else | ||
121 | nbytes = crypto_pcbc_encrypt_segment(desc, &walk, child, | ||
122 | xor); | ||
123 | err = blkcipher_walk_done(desc, &walk, nbytes); | ||
124 | } | ||
125 | |||
126 | return err; | ||
127 | } | ||
128 | |||
129 | static int crypto_pcbc_decrypt_segment(struct blkcipher_desc *desc, | ||
130 | struct blkcipher_walk *walk, | ||
131 | struct crypto_cipher *tfm, | ||
132 | void (*xor)(u8 *, const u8 *, | ||
133 | unsigned int)) | ||
134 | { | ||
135 | void (*fn)(struct crypto_tfm *, u8 *, const u8 *) = | ||
136 | crypto_cipher_alg(tfm)->cia_decrypt; | ||
137 | int bsize = crypto_cipher_blocksize(tfm); | ||
138 | unsigned int nbytes = walk->nbytes; | ||
139 | u8 *src = walk->src.virt.addr; | ||
140 | u8 *dst = walk->dst.virt.addr; | ||
141 | u8 *iv = walk->iv; | ||
142 | |||
143 | do { | ||
144 | fn(crypto_cipher_tfm(tfm), dst, src); | ||
145 | xor(dst, iv, bsize); | ||
146 | memcpy(iv, src, bsize); | ||
147 | xor(iv, dst, bsize); | ||
148 | |||
149 | src += bsize; | ||
150 | dst += bsize; | ||
151 | } while ((nbytes -= bsize) >= bsize); | ||
152 | |||
153 | memcpy(walk->iv, iv, bsize); | ||
154 | |||
155 | return nbytes; | ||
156 | } | ||
157 | |||
158 | static int crypto_pcbc_decrypt_inplace(struct blkcipher_desc *desc, | ||
159 | struct blkcipher_walk *walk, | ||
160 | struct crypto_cipher *tfm, | ||
161 | void (*xor)(u8 *, const u8 *, | ||
162 | unsigned int)) | ||
163 | { | ||
164 | void (*fn)(struct crypto_tfm *, u8 *, const u8 *) = | ||
165 | crypto_cipher_alg(tfm)->cia_decrypt; | ||
166 | int bsize = crypto_cipher_blocksize(tfm); | ||
167 | unsigned int nbytes = walk->nbytes; | ||
168 | u8 *src = walk->src.virt.addr; | ||
169 | u8 *iv = walk->iv; | ||
170 | u8 tmpbuf[bsize]; | ||
171 | |||
172 | do { | ||
173 | memcpy(tmpbuf, src, bsize); | ||
174 | fn(crypto_cipher_tfm(tfm), src, src); | ||
175 | xor(src, iv, bsize); | ||
176 | memcpy(iv, tmpbuf, bsize); | ||
177 | xor(iv, src, bsize); | ||
178 | |||
179 | src += bsize; | ||
180 | } while ((nbytes -= bsize) >= bsize); | ||
181 | |||
182 | memcpy(walk->iv, iv, bsize); | ||
183 | |||
184 | return nbytes; | ||
185 | } | ||
186 | |||
187 | static int crypto_pcbc_decrypt(struct blkcipher_desc *desc, | ||
188 | struct scatterlist *dst, struct scatterlist *src, | ||
189 | unsigned int nbytes) | ||
190 | { | ||
191 | struct blkcipher_walk walk; | ||
192 | struct crypto_blkcipher *tfm = desc->tfm; | ||
193 | struct crypto_pcbc_ctx *ctx = crypto_blkcipher_ctx(tfm); | ||
194 | struct crypto_cipher *child = ctx->child; | ||
195 | void (*xor)(u8 *, const u8 *, unsigned int bs) = ctx->xor; | ||
196 | int err; | ||
197 | |||
198 | blkcipher_walk_init(&walk, dst, src, nbytes); | ||
199 | err = blkcipher_walk_virt(desc, &walk); | ||
200 | |||
201 | while ((nbytes = walk.nbytes)) { | ||
202 | if (walk.src.virt.addr == walk.dst.virt.addr) | ||
203 | nbytes = crypto_pcbc_decrypt_inplace(desc, &walk, child, | ||
204 | xor); | ||
205 | else | ||
206 | nbytes = crypto_pcbc_decrypt_segment(desc, &walk, child, | ||
207 | xor); | ||
208 | err = blkcipher_walk_done(desc, &walk, nbytes); | ||
209 | } | ||
210 | |||
211 | return err; | ||
212 | } | ||
213 | |||
214 | static void xor_byte(u8 *a, const u8 *b, unsigned int bs) | ||
215 | { | ||
216 | do { | ||
217 | *a++ ^= *b++; | ||
218 | } while (--bs); | ||
219 | } | ||
220 | |||
221 | static void xor_quad(u8 *dst, const u8 *src, unsigned int bs) | ||
222 | { | ||
223 | u32 *a = (u32 *)dst; | ||
224 | u32 *b = (u32 *)src; | ||
225 | |||
226 | do { | ||
227 | *a++ ^= *b++; | ||
228 | } while ((bs -= 4)); | ||
229 | } | ||
230 | |||
231 | static void xor_64(u8 *a, const u8 *b, unsigned int bs) | ||
232 | { | ||
233 | ((u32 *)a)[0] ^= ((u32 *)b)[0]; | ||
234 | ((u32 *)a)[1] ^= ((u32 *)b)[1]; | ||
235 | } | ||
236 | |||
237 | static void xor_128(u8 *a, const u8 *b, unsigned int bs) | ||
238 | { | ||
239 | ((u32 *)a)[0] ^= ((u32 *)b)[0]; | ||
240 | ((u32 *)a)[1] ^= ((u32 *)b)[1]; | ||
241 | ((u32 *)a)[2] ^= ((u32 *)b)[2]; | ||
242 | ((u32 *)a)[3] ^= ((u32 *)b)[3]; | ||
243 | } | ||
244 | |||
245 | static int crypto_pcbc_init_tfm(struct crypto_tfm *tfm) | ||
246 | { | ||
247 | struct crypto_instance *inst = (void *)tfm->__crt_alg; | ||
248 | struct crypto_spawn *spawn = crypto_instance_ctx(inst); | ||
249 | struct crypto_pcbc_ctx *ctx = crypto_tfm_ctx(tfm); | ||
250 | struct crypto_cipher *cipher; | ||
251 | |||
252 | switch (crypto_tfm_alg_blocksize(tfm)) { | ||
253 | case 8: | ||
254 | ctx->xor = xor_64; | ||
255 | break; | ||
256 | |||
257 | case 16: | ||
258 | ctx->xor = xor_128; | ||
259 | break; | ||
260 | |||
261 | default: | ||
262 | if (crypto_tfm_alg_blocksize(tfm) % 4) | ||
263 | ctx->xor = xor_byte; | ||
264 | else | ||
265 | ctx->xor = xor_quad; | ||
266 | } | ||
267 | |||
268 | cipher = crypto_spawn_cipher(spawn); | ||
269 | if (IS_ERR(cipher)) | ||
270 | return PTR_ERR(cipher); | ||
271 | |||
272 | ctx->child = cipher; | ||
273 | return 0; | ||
274 | } | ||
275 | |||
276 | static void crypto_pcbc_exit_tfm(struct crypto_tfm *tfm) | ||
277 | { | ||
278 | struct crypto_pcbc_ctx *ctx = crypto_tfm_ctx(tfm); | ||
279 | crypto_free_cipher(ctx->child); | ||
280 | } | ||
281 | |||
282 | static struct crypto_instance *crypto_pcbc_alloc(void *param, unsigned int len) | ||
283 | { | ||
284 | struct crypto_instance *inst; | ||
285 | struct crypto_alg *alg; | ||
286 | |||
287 | alg = crypto_get_attr_alg(param, len, CRYPTO_ALG_TYPE_CIPHER, | ||
288 | CRYPTO_ALG_TYPE_MASK | CRYPTO_ALG_ASYNC); | ||
289 | if (IS_ERR(alg)) | ||
290 | return ERR_PTR(PTR_ERR(alg)); | ||
291 | |||
292 | inst = crypto_alloc_instance("pcbc", alg); | ||
293 | if (IS_ERR(inst)) | ||
294 | goto out_put_alg; | ||
295 | |||
296 | inst->alg.cra_flags = CRYPTO_ALG_TYPE_BLKCIPHER; | ||
297 | inst->alg.cra_priority = alg->cra_priority; | ||
298 | inst->alg.cra_blocksize = alg->cra_blocksize; | ||
299 | inst->alg.cra_alignmask = alg->cra_alignmask; | ||
300 | inst->alg.cra_type = &crypto_blkcipher_type; | ||
301 | |||
302 | if (!(alg->cra_blocksize % 4)) | ||
303 | inst->alg.cra_alignmask |= 3; | ||
304 | inst->alg.cra_blkcipher.ivsize = alg->cra_blocksize; | ||
305 | inst->alg.cra_blkcipher.min_keysize = alg->cra_cipher.cia_min_keysize; | ||
306 | inst->alg.cra_blkcipher.max_keysize = alg->cra_cipher.cia_max_keysize; | ||
307 | |||
308 | inst->alg.cra_ctxsize = sizeof(struct crypto_pcbc_ctx); | ||
309 | |||
310 | inst->alg.cra_init = crypto_pcbc_init_tfm; | ||
311 | inst->alg.cra_exit = crypto_pcbc_exit_tfm; | ||
312 | |||
313 | inst->alg.cra_blkcipher.setkey = crypto_pcbc_setkey; | ||
314 | inst->alg.cra_blkcipher.encrypt = crypto_pcbc_encrypt; | ||
315 | inst->alg.cra_blkcipher.decrypt = crypto_pcbc_decrypt; | ||
316 | |||
317 | out_put_alg: | ||
318 | crypto_mod_put(alg); | ||
319 | return inst; | ||
320 | } | ||
321 | |||
322 | static void crypto_pcbc_free(struct crypto_instance *inst) | ||
323 | { | ||
324 | crypto_drop_spawn(crypto_instance_ctx(inst)); | ||
325 | kfree(inst); | ||
326 | } | ||
327 | |||
328 | static struct crypto_template crypto_pcbc_tmpl = { | ||
329 | .name = "pcbc", | ||
330 | .alloc = crypto_pcbc_alloc, | ||
331 | .free = crypto_pcbc_free, | ||
332 | .module = THIS_MODULE, | ||
333 | }; | ||
334 | |||
335 | static int __init crypto_pcbc_module_init(void) | ||
336 | { | ||
337 | return crypto_register_template(&crypto_pcbc_tmpl); | ||
338 | } | ||
339 | |||
340 | static void __exit crypto_pcbc_module_exit(void) | ||
341 | { | ||
342 | crypto_unregister_template(&crypto_pcbc_tmpl); | ||
343 | } | ||
344 | |||
345 | module_init(crypto_pcbc_module_init); | ||
346 | module_exit(crypto_pcbc_module_exit); | ||
347 | |||
348 | MODULE_LICENSE("GPL"); | ||
349 | MODULE_DESCRIPTION("PCBC block cipher algorithm"); | ||
diff --git a/crypto/proc.c b/crypto/proc.c index dabce0676f63..102c751a124c 100644 --- a/crypto/proc.c +++ b/crypto/proc.c | |||
@@ -101,7 +101,7 @@ static int crypto_info_open(struct inode *inode, struct file *file) | |||
101 | return seq_open(file, &crypto_seq_ops); | 101 | return seq_open(file, &crypto_seq_ops); |
102 | } | 102 | } |
103 | 103 | ||
104 | static struct file_operations proc_crypto_ops = { | 104 | static const struct file_operations proc_crypto_ops = { |
105 | .open = crypto_info_open, | 105 | .open = crypto_info_open, |
106 | .read = seq_read, | 106 | .read = seq_read, |
107 | .llseek = seq_lseek, | 107 | .llseek = seq_lseek, |
diff --git a/crypto/tcrypt.c b/crypto/tcrypt.c index d671e8942b1f..f5e9da319ece 100644 --- a/crypto/tcrypt.c +++ b/crypto/tcrypt.c | |||
@@ -12,6 +12,7 @@ | |||
12 | * Software Foundation; either version 2 of the License, or (at your option) | 12 | * Software Foundation; either version 2 of the License, or (at your option) |
13 | * any later version. | 13 | * any later version. |
14 | * | 14 | * |
15 | * 2006-12-07 Added SHA384 HMAC and SHA512 HMAC tests | ||
15 | * 2004-08-09 Added cipher speed tests (Reyk Floeter <reyk@vantronix.net>) | 16 | * 2004-08-09 Added cipher speed tests (Reyk Floeter <reyk@vantronix.net>) |
16 | * 2003-09-14 Rewritten by Kartikey Mahendra Bhatt | 17 | * 2003-09-14 Rewritten by Kartikey Mahendra Bhatt |
17 | * | 18 | * |
@@ -71,7 +72,8 @@ static char *check[] = { | |||
71 | "des", "md5", "des3_ede", "rot13", "sha1", "sha256", "blowfish", | 72 | "des", "md5", "des3_ede", "rot13", "sha1", "sha256", "blowfish", |
72 | "twofish", "serpent", "sha384", "sha512", "md4", "aes", "cast6", | 73 | "twofish", "serpent", "sha384", "sha512", "md4", "aes", "cast6", |
73 | "arc4", "michael_mic", "deflate", "crc32c", "tea", "xtea", | 74 | "arc4", "michael_mic", "deflate", "crc32c", "tea", "xtea", |
74 | "khazad", "wp512", "wp384", "wp256", "tnepres", "xeta", NULL | 75 | "khazad", "wp512", "wp384", "wp256", "tnepres", "xeta", "fcrypt", |
76 | "camellia", NULL | ||
75 | }; | 77 | }; |
76 | 78 | ||
77 | static void hexdump(unsigned char *buf, unsigned int len) | 79 | static void hexdump(unsigned char *buf, unsigned int len) |
@@ -765,7 +767,7 @@ static void test_deflate(void) | |||
765 | memcpy(tvmem, deflate_comp_tv_template, tsize); | 767 | memcpy(tvmem, deflate_comp_tv_template, tsize); |
766 | tv = (void *)tvmem; | 768 | tv = (void *)tvmem; |
767 | 769 | ||
768 | tfm = crypto_alloc_tfm("deflate", 0); | 770 | tfm = crypto_alloc_comp("deflate", 0, CRYPTO_ALG_ASYNC); |
769 | if (tfm == NULL) { | 771 | if (tfm == NULL) { |
770 | printk("failed to load transform for deflate\n"); | 772 | printk("failed to load transform for deflate\n"); |
771 | return; | 773 | return; |
@@ -964,6 +966,26 @@ static void do_test(void) | |||
964 | test_cipher("ecb(xeta)", DECRYPT, xeta_dec_tv_template, | 966 | test_cipher("ecb(xeta)", DECRYPT, xeta_dec_tv_template, |
965 | XETA_DEC_TEST_VECTORS); | 967 | XETA_DEC_TEST_VECTORS); |
966 | 968 | ||
969 | //FCrypt | ||
970 | test_cipher("pcbc(fcrypt)", ENCRYPT, fcrypt_pcbc_enc_tv_template, | ||
971 | FCRYPT_ENC_TEST_VECTORS); | ||
972 | test_cipher("pcbc(fcrypt)", DECRYPT, fcrypt_pcbc_dec_tv_template, | ||
973 | FCRYPT_DEC_TEST_VECTORS); | ||
974 | |||
975 | //CAMELLIA | ||
976 | test_cipher("ecb(camellia)", ENCRYPT, | ||
977 | camellia_enc_tv_template, | ||
978 | CAMELLIA_ENC_TEST_VECTORS); | ||
979 | test_cipher("ecb(camellia)", DECRYPT, | ||
980 | camellia_dec_tv_template, | ||
981 | CAMELLIA_DEC_TEST_VECTORS); | ||
982 | test_cipher("cbc(camellia)", ENCRYPT, | ||
983 | camellia_cbc_enc_tv_template, | ||
984 | CAMELLIA_CBC_ENC_TEST_VECTORS); | ||
985 | test_cipher("cbc(camellia)", DECRYPT, | ||
986 | camellia_cbc_dec_tv_template, | ||
987 | CAMELLIA_CBC_DEC_TEST_VECTORS); | ||
988 | |||
967 | test_hash("sha384", sha384_tv_template, SHA384_TEST_VECTORS); | 989 | test_hash("sha384", sha384_tv_template, SHA384_TEST_VECTORS); |
968 | test_hash("sha512", sha512_tv_template, SHA512_TEST_VECTORS); | 990 | test_hash("sha512", sha512_tv_template, SHA512_TEST_VECTORS); |
969 | test_hash("wp512", wp512_tv_template, WP512_TEST_VECTORS); | 991 | test_hash("wp512", wp512_tv_template, WP512_TEST_VECTORS); |
@@ -980,6 +1002,10 @@ static void do_test(void) | |||
980 | HMAC_SHA1_TEST_VECTORS); | 1002 | HMAC_SHA1_TEST_VECTORS); |
981 | test_hash("hmac(sha256)", hmac_sha256_tv_template, | 1003 | test_hash("hmac(sha256)", hmac_sha256_tv_template, |
982 | HMAC_SHA256_TEST_VECTORS); | 1004 | HMAC_SHA256_TEST_VECTORS); |
1005 | test_hash("hmac(sha384)", hmac_sha384_tv_template, | ||
1006 | HMAC_SHA384_TEST_VECTORS); | ||
1007 | test_hash("hmac(sha512)", hmac_sha512_tv_template, | ||
1008 | HMAC_SHA512_TEST_VECTORS); | ||
983 | 1009 | ||
984 | test_hash("xcbc(aes)", aes_xcbc128_tv_template, | 1010 | test_hash("xcbc(aes)", aes_xcbc128_tv_template, |
985 | XCBC_AES_TEST_VECTORS); | 1011 | XCBC_AES_TEST_VECTORS); |
@@ -1177,6 +1203,28 @@ static void do_test(void) | |||
1177 | XETA_DEC_TEST_VECTORS); | 1203 | XETA_DEC_TEST_VECTORS); |
1178 | break; | 1204 | break; |
1179 | 1205 | ||
1206 | case 31: | ||
1207 | test_cipher("pcbc(fcrypt)", ENCRYPT, fcrypt_pcbc_enc_tv_template, | ||
1208 | FCRYPT_ENC_TEST_VECTORS); | ||
1209 | test_cipher("pcbc(fcrypt)", DECRYPT, fcrypt_pcbc_dec_tv_template, | ||
1210 | FCRYPT_DEC_TEST_VECTORS); | ||
1211 | break; | ||
1212 | |||
1213 | case 32: | ||
1214 | test_cipher("ecb(camellia)", ENCRYPT, | ||
1215 | camellia_enc_tv_template, | ||
1216 | CAMELLIA_ENC_TEST_VECTORS); | ||
1217 | test_cipher("ecb(camellia)", DECRYPT, | ||
1218 | camellia_dec_tv_template, | ||
1219 | CAMELLIA_DEC_TEST_VECTORS); | ||
1220 | test_cipher("cbc(camellia)", ENCRYPT, | ||
1221 | camellia_cbc_enc_tv_template, | ||
1222 | CAMELLIA_CBC_ENC_TEST_VECTORS); | ||
1223 | test_cipher("cbc(camellia)", DECRYPT, | ||
1224 | camellia_cbc_dec_tv_template, | ||
1225 | CAMELLIA_CBC_DEC_TEST_VECTORS); | ||
1226 | break; | ||
1227 | |||
1180 | case 100: | 1228 | case 100: |
1181 | test_hash("hmac(md5)", hmac_md5_tv_template, | 1229 | test_hash("hmac(md5)", hmac_md5_tv_template, |
1182 | HMAC_MD5_TEST_VECTORS); | 1230 | HMAC_MD5_TEST_VECTORS); |
@@ -1192,6 +1240,16 @@ static void do_test(void) | |||
1192 | HMAC_SHA256_TEST_VECTORS); | 1240 | HMAC_SHA256_TEST_VECTORS); |
1193 | break; | 1241 | break; |
1194 | 1242 | ||
1243 | case 103: | ||
1244 | test_hash("hmac(sha384)", hmac_sha384_tv_template, | ||
1245 | HMAC_SHA384_TEST_VECTORS); | ||
1246 | break; | ||
1247 | |||
1248 | case 104: | ||
1249 | test_hash("hmac(sha512)", hmac_sha512_tv_template, | ||
1250 | HMAC_SHA512_TEST_VECTORS); | ||
1251 | break; | ||
1252 | |||
1195 | 1253 | ||
1196 | case 200: | 1254 | case 200: |
1197 | test_cipher_speed("ecb(aes)", ENCRYPT, sec, NULL, 0, | 1255 | test_cipher_speed("ecb(aes)", ENCRYPT, sec, NULL, 0, |
@@ -1260,6 +1318,17 @@ static void do_test(void) | |||
1260 | des_speed_template); | 1318 | des_speed_template); |
1261 | break; | 1319 | break; |
1262 | 1320 | ||
1321 | case 205: | ||
1322 | test_cipher_speed("ecb(camellia)", ENCRYPT, sec, NULL, 0, | ||
1323 | camellia_speed_template); | ||
1324 | test_cipher_speed("ecb(camellia)", DECRYPT, sec, NULL, 0, | ||
1325 | camellia_speed_template); | ||
1326 | test_cipher_speed("cbc(camellia)", ENCRYPT, sec, NULL, 0, | ||
1327 | camellia_speed_template); | ||
1328 | test_cipher_speed("cbc(camellia)", DECRYPT, sec, NULL, 0, | ||
1329 | camellia_speed_template); | ||
1330 | break; | ||
1331 | |||
1263 | case 300: | 1332 | case 300: |
1264 | /* fall through */ | 1333 | /* fall through */ |
1265 | 1334 | ||
diff --git a/crypto/tcrypt.h b/crypto/tcrypt.h index 48a81362cb85..887527bd5bc6 100644 --- a/crypto/tcrypt.h +++ b/crypto/tcrypt.h | |||
@@ -12,6 +12,7 @@ | |||
12 | * Software Foundation; either version 2 of the License, or (at your option) | 12 | * Software Foundation; either version 2 of the License, or (at your option) |
13 | * any later version. | 13 | * any later version. |
14 | * | 14 | * |
15 | * 2006-12-07 Added SHA384 HMAC and SHA512 HMAC tests | ||
15 | * 2004-08-09 Cipher speed tests by Reyk Floeter <reyk@vantronix.net> | 16 | * 2004-08-09 Cipher speed tests by Reyk Floeter <reyk@vantronix.net> |
16 | * 2003-09-14 Changes by Kartikey Mahendra Bhatt | 17 | * 2003-09-14 Changes by Kartikey Mahendra Bhatt |
17 | * | 18 | * |
@@ -27,7 +28,7 @@ | |||
27 | 28 | ||
28 | struct hash_testvec { | 29 | struct hash_testvec { |
29 | /* only used with keyed hash algorithms */ | 30 | /* only used with keyed hash algorithms */ |
30 | char key[128] __attribute__ ((__aligned__(4))); | 31 | char key[132] __attribute__ ((__aligned__(4))); |
31 | char plaintext[240]; | 32 | char plaintext[240]; |
32 | char digest[MAX_DIGEST_SIZE]; | 33 | char digest[MAX_DIGEST_SIZE]; |
33 | unsigned char tap[MAX_TAP]; | 34 | unsigned char tap[MAX_TAP]; |
@@ -1002,6 +1003,248 @@ static struct hash_testvec aes_xcbc128_tv_template[] = { | |||
1002 | }; | 1003 | }; |
1003 | 1004 | ||
1004 | /* | 1005 | /* |
1006 | * SHA384 HMAC test vectors from RFC4231 | ||
1007 | */ | ||
1008 | |||
1009 | #define HMAC_SHA384_TEST_VECTORS 4 | ||
1010 | |||
1011 | static struct hash_testvec hmac_sha384_tv_template[] = { | ||
1012 | { | ||
1013 | .key = { 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, | ||
1014 | 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, | ||
1015 | 0x0b, 0x0b, 0x0b, 0x0b }, // (20 bytes) | ||
1016 | .ksize = 20, | ||
1017 | .plaintext = { 0x48, 0x69, 0x20, 0x54, 0x68, 0x65, 0x72, 0x65 }, // ("Hi There") | ||
1018 | .psize = 8, | ||
1019 | .digest = { 0xaf, 0xd0, 0x39, 0x44, 0xd8, 0x48, 0x95, 0x62, | ||
1020 | 0x6b, 0x08, 0x25, 0xf4, 0xab, 0x46, 0x90, 0x7f, | ||
1021 | 0x15, 0xf9, 0xda, 0xdb, 0xe4, 0x10, 0x1e, 0xc6, | ||
1022 | 0x82, 0xaa, 0x03, 0x4c, 0x7c, 0xeb, 0xc5, 0x9c, | ||
1023 | 0xfa, 0xea, 0x9e, 0xa9, 0x07, 0x6e, 0xde, 0x7f, | ||
1024 | 0x4a, 0xf1, 0x52, 0xe8, 0xb2, 0xfa, 0x9c, 0xb6 }, | ||
1025 | }, { | ||
1026 | .key = { 0x4a, 0x65, 0x66, 0x65 }, // ("Jefe") | ||
1027 | .ksize = 4, | ||
1028 | .plaintext = { 0x77, 0x68, 0x61, 0x74, 0x20, 0x64, 0x6f, 0x20, | ||
1029 | 0x79, 0x61, 0x20, 0x77, 0x61, 0x6e, 0x74, 0x20, // ("what do ya want ") | ||
1030 | 0x66, 0x6f, 0x72, 0x20, 0x6e, 0x6f, 0x74, 0x68, | ||
1031 | 0x69, 0x6e, 0x67, 0x3f }, // ("for nothing?") | ||
1032 | .psize = 28, | ||
1033 | .digest = { 0xaf, 0x45, 0xd2, 0xe3, 0x76, 0x48, 0x40, 0x31, | ||
1034 | 0x61, 0x7f, 0x78, 0xd2, 0xb5, 0x8a, 0x6b, 0x1b, | ||
1035 | 0x9c, 0x7e, 0xf4, 0x64, 0xf5, 0xa0, 0x1b, 0x47, | ||
1036 | 0xe4, 0x2e, 0xc3, 0x73, 0x63, 0x22, 0x44, 0x5e, | ||
1037 | 0x8e, 0x22, 0x40, 0xca, 0x5e, 0x69, 0xe2, 0xc7, | ||
1038 | 0x8b, 0x32, 0x39, 0xec, 0xfa, 0xb2, 0x16, 0x49 }, | ||
1039 | .np = 4, | ||
1040 | .tap = { 7, 7, 7, 7 } | ||
1041 | }, { | ||
1042 | .key = { 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, | ||
1043 | 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, | ||
1044 | 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, | ||
1045 | 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, | ||
1046 | 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, | ||
1047 | 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, | ||
1048 | 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, | ||
1049 | 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, | ||
1050 | 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, | ||
1051 | 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, | ||
1052 | 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, | ||
1053 | 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, | ||
1054 | 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, | ||
1055 | 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, | ||
1056 | 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, | ||
1057 | 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, | ||
1058 | 0xaa, 0xaa, 0xaa }, // (131 bytes) | ||
1059 | .ksize = 131, | ||
1060 | .plaintext = { 0x54, 0x65, 0x73, 0x74, 0x20, 0x55, 0x73, 0x69, | ||
1061 | 0x6e, 0x67, 0x20, 0x4c, 0x61, 0x72, 0x67, 0x65, // ("Test Using Large") | ||
1062 | 0x72, 0x20, 0x54, 0x68, 0x61, 0x6e, 0x20, 0x42, | ||
1063 | 0x6c, 0x6f, 0x63, 0x6b, 0x2d, 0x53, 0x69, 0x7a, // ("r Than Block-Siz") | ||
1064 | 0x65, 0x20, 0x4b, 0x65, 0x79, 0x20, 0x2d, 0x20, | ||
1065 | 0x48, 0x61, 0x73, 0x68, 0x20, 0x4b, 0x65, 0x79, // ("e Key - Hash Key") | ||
1066 | 0x20, 0x46, 0x69, 0x72, 0x73, 0x74 }, // (" First") | ||
1067 | .psize = 54, | ||
1068 | .digest = { 0x4e, 0xce, 0x08, 0x44, 0x85, 0x81, 0x3e, 0x90, | ||
1069 | 0x88, 0xd2, 0xc6, 0x3a, 0x04, 0x1b, 0xc5, 0xb4, | ||
1070 | 0x4f, 0x9e, 0xf1, 0x01, 0x2a, 0x2b, 0x58, 0x8f, | ||
1071 | 0x3c, 0xd1, 0x1f, 0x05, 0x03, 0x3a, 0xc4, 0xc6, | ||
1072 | 0x0c, 0x2e, 0xf6, 0xab, 0x40, 0x30, 0xfe, 0x82, | ||
1073 | 0x96, 0x24, 0x8d, 0xf1, 0x63, 0xf4, 0x49, 0x52 }, | ||
1074 | }, { | ||
1075 | .key = { 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, | ||
1076 | 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, | ||
1077 | 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, | ||
1078 | 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, | ||
1079 | 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, | ||
1080 | 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, | ||
1081 | 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, | ||
1082 | 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, | ||
1083 | 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, | ||
1084 | 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, | ||
1085 | 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, | ||
1086 | 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, | ||
1087 | 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, | ||
1088 | 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, | ||
1089 | 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, | ||
1090 | 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, | ||
1091 | 0xaa, 0xaa, 0xaa }, // (131 bytes) | ||
1092 | .ksize = 131, | ||
1093 | .plaintext = { 0x54, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, | ||
1094 | 0x61, 0x20, 0x74, 0x65, 0x73, 0x74, 0x20, 0x75, // ("This is a test u") | ||
1095 | 0x73, 0x69, 0x6e, 0x67, 0x20, 0x61, 0x20, 0x6c, | ||
1096 | 0x61, 0x72, 0x67, 0x65, 0x72, 0x20, 0x74, 0x68, // ("sing a larger th") | ||
1097 | 0x61, 0x6e, 0x20, 0x62, 0x6c, 0x6f, 0x63, 0x6b, | ||
1098 | 0x2d, 0x73, 0x69, 0x7a, 0x65, 0x20, 0x6b, 0x65, // ("an block-size ke") | ||
1099 | 0x79, 0x20, 0x61, 0x6e, 0x64, 0x20, 0x61, 0x20, | ||
1100 | 0x6c, 0x61, 0x72, 0x67, 0x65, 0x72, 0x20, 0x74, // ("y and a larger t") | ||
1101 | 0x68, 0x61, 0x6e, 0x20, 0x62, 0x6c, 0x6f, 0x63, | ||
1102 | 0x6b, 0x2d, 0x73, 0x69, 0x7a, 0x65, 0x20, 0x64, // ("han block-size d") | ||
1103 | 0x61, 0x74, 0x61, 0x2e, 0x20, 0x54, 0x68, 0x65, | ||
1104 | 0x20, 0x6b, 0x65, 0x79, 0x20, 0x6e, 0x65, 0x65, // ("ata. The key nee") | ||
1105 | 0x64, 0x73, 0x20, 0x74, 0x6f, 0x20, 0x62, 0x65, | ||
1106 | 0x20, 0x68, 0x61, 0x73, 0x68, 0x65, 0x64, 0x20, // ("ds to be hashed ") | ||
1107 | 0x62, 0x65, 0x66, 0x6f, 0x72, 0x65, 0x20, 0x62, | ||
1108 | 0x65, 0x69, 0x6e, 0x67, 0x20, 0x75, 0x73, 0x65, // ("before being use") | ||
1109 | 0x64, 0x20, 0x62, 0x79, 0x20, 0x74, 0x68, 0x65, | ||
1110 | 0x20, 0x48, 0x4d, 0x41, 0x43, 0x20, 0x61, 0x6c, // ("d by the HMAC al") | ||
1111 | 0x67, 0x6f, 0x72, 0x69, 0x74, 0x68, 0x6d, 0x2e }, // ("gorithm.") | ||
1112 | .psize = 152, | ||
1113 | .digest = { 0x66, 0x17, 0x17, 0x8e, 0x94, 0x1f, 0x02, 0x0d, | ||
1114 | 0x35, 0x1e, 0x2f, 0x25, 0x4e, 0x8f, 0xd3, 0x2c, | ||
1115 | 0x60, 0x24, 0x20, 0xfe, 0xb0, 0xb8, 0xfb, 0x9a, | ||
1116 | 0xdc, 0xce, 0xbb, 0x82, 0x46, 0x1e, 0x99, 0xc5, | ||
1117 | 0xa6, 0x78, 0xcc, 0x31, 0xe7, 0x99, 0x17, 0x6d, | ||
1118 | 0x38, 0x60, 0xe6, 0x11, 0x0c, 0x46, 0x52, 0x3e }, | ||
1119 | }, | ||
1120 | }; | ||
1121 | |||
1122 | /* | ||
1123 | * SHA512 HMAC test vectors from RFC4231 | ||
1124 | */ | ||
1125 | |||
1126 | #define HMAC_SHA512_TEST_VECTORS 4 | ||
1127 | |||
1128 | static struct hash_testvec hmac_sha512_tv_template[] = { | ||
1129 | { | ||
1130 | .key = { 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, | ||
1131 | 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, | ||
1132 | 0x0b, 0x0b, 0x0b, 0x0b }, // (20 bytes) | ||
1133 | .ksize = 20, | ||
1134 | .plaintext = { 0x48, 0x69, 0x20, 0x54, 0x68, 0x65, 0x72, 0x65 }, // ("Hi There") | ||
1135 | .psize = 8, | ||
1136 | .digest = { 0x87, 0xaa, 0x7c, 0xde, 0xa5, 0xef, 0x61, 0x9d, | ||
1137 | 0x4f, 0xf0, 0xb4, 0x24, 0x1a, 0x1d, 0x6c, 0xb0, | ||
1138 | 0x23, 0x79, 0xf4, 0xe2, 0xce, 0x4e, 0xc2, 0x78, | ||
1139 | 0x7a, 0xd0, 0xb3, 0x05, 0x45, 0xe1, 0x7c, 0xde, | ||
1140 | 0xda, 0xa8, 0x33, 0xb7, 0xd6, 0xb8, 0xa7, 0x02, | ||
1141 | 0x03, 0x8b, 0x27, 0x4e, 0xae, 0xa3, 0xf4, 0xe4, | ||
1142 | 0xbe, 0x9d, 0x91, 0x4e, 0xeb, 0x61, 0xf1, 0x70, | ||
1143 | 0x2e, 0x69, 0x6c, 0x20, 0x3a, 0x12, 0x68, 0x54 }, | ||
1144 | }, { | ||
1145 | .key = { 0x4a, 0x65, 0x66, 0x65 }, // ("Jefe") | ||
1146 | .ksize = 4, | ||
1147 | .plaintext = { 0x77, 0x68, 0x61, 0x74, 0x20, 0x64, 0x6f, 0x20, | ||
1148 | 0x79, 0x61, 0x20, 0x77, 0x61, 0x6e, 0x74, 0x20, // ("what do ya want ") | ||
1149 | 0x66, 0x6f, 0x72, 0x20, 0x6e, 0x6f, 0x74, 0x68, | ||
1150 | 0x69, 0x6e, 0x67, 0x3f }, // ("for nothing?") | ||
1151 | .psize = 28, | ||
1152 | .digest = { 0x16, 0x4b, 0x7a, 0x7b, 0xfc, 0xf8, 0x19, 0xe2, | ||
1153 | 0xe3, 0x95, 0xfb, 0xe7, 0x3b, 0x56, 0xe0, 0xa3, | ||
1154 | 0x87, 0xbd, 0x64, 0x22, 0x2e, 0x83, 0x1f, 0xd6, | ||
1155 | 0x10, 0x27, 0x0c, 0xd7, 0xea, 0x25, 0x05, 0x54, | ||
1156 | 0x97, 0x58, 0xbf, 0x75, 0xc0, 0x5a, 0x99, 0x4a, | ||
1157 | 0x6d, 0x03, 0x4f, 0x65, 0xf8, 0xf0, 0xe6, 0xfd, | ||
1158 | 0xca, 0xea, 0xb1, 0xa3, 0x4d, 0x4a, 0x6b, 0x4b, | ||
1159 | 0x63, 0x6e, 0x07, 0x0a, 0x38, 0xbc, 0xe7, 0x37 }, | ||
1160 | .np = 4, | ||
1161 | .tap = { 7, 7, 7, 7 } | ||
1162 | }, { | ||
1163 | .key = { 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, | ||
1164 | 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, | ||
1165 | 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, | ||
1166 | 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, | ||
1167 | 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, | ||
1168 | 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, | ||
1169 | 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, | ||
1170 | 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, | ||
1171 | 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, | ||
1172 | 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, | ||
1173 | 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, | ||
1174 | 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, | ||
1175 | 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, | ||
1176 | 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, | ||
1177 | 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, | ||
1178 | 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, | ||
1179 | 0xaa, 0xaa, 0xaa }, // (131 bytes) | ||
1180 | .ksize = 131, | ||
1181 | .plaintext = { 0x54, 0x65, 0x73, 0x74, 0x20, 0x55, 0x73, 0x69, | ||
1182 | 0x6e, 0x67, 0x20, 0x4c, 0x61, 0x72, 0x67, 0x65, // ("Test Using Large") | ||
1183 | 0x72, 0x20, 0x54, 0x68, 0x61, 0x6e, 0x20, 0x42, | ||
1184 | 0x6c, 0x6f, 0x63, 0x6b, 0x2d, 0x53, 0x69, 0x7a, // ("r Than Block-Siz") | ||
1185 | 0x65, 0x20, 0x4b, 0x65, 0x79, 0x20, 0x2d, 0x20, | ||
1186 | 0x48, 0x61, 0x73, 0x68, 0x20, 0x4b, 0x65, 0x79, // ("e Key - Hash Key") | ||
1187 | 0x20, 0x46, 0x69, 0x72, 0x73, 0x74 }, // (" First") | ||
1188 | .psize = 54, | ||
1189 | .digest = { 0x80, 0xb2, 0x42, 0x63, 0xc7, 0xc1, 0xa3, 0xeb, | ||
1190 | 0xb7, 0x14, 0x93, 0xc1, 0xdd, 0x7b, 0xe8, 0xb4, | ||
1191 | 0x9b, 0x46, 0xd1, 0xf4, 0x1b, 0x4a, 0xee, 0xc1, | ||
1192 | 0x12, 0x1b, 0x01, 0x37, 0x83, 0xf8, 0xf3, 0x52, | ||
1193 | 0x6b, 0x56, 0xd0, 0x37, 0xe0, 0x5f, 0x25, 0x98, | ||
1194 | 0xbd, 0x0f, 0xd2, 0x21, 0x5d, 0x6a, 0x1e, 0x52, | ||
1195 | 0x95, 0xe6, 0x4f, 0x73, 0xf6, 0x3f, 0x0a, 0xec, | ||
1196 | 0x8b, 0x91, 0x5a, 0x98, 0x5d, 0x78, 0x65, 0x98 }, | ||
1197 | }, { | ||
1198 | .key = { 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, | ||
1199 | 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, | ||
1200 | 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, | ||
1201 | 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, | ||
1202 | 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, | ||
1203 | 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, | ||
1204 | 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, | ||
1205 | 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, | ||
1206 | 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, | ||
1207 | 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, | ||
1208 | 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, | ||
1209 | 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, | ||
1210 | 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, | ||
1211 | 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, | ||
1212 | 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, | ||
1213 | 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, | ||
1214 | 0xaa, 0xaa, 0xaa }, // (131 bytes) | ||
1215 | .ksize = 131, | ||
1216 | .plaintext = { 0x54, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, | ||
1217 | 0x61, 0x20, 0x74, 0x65, 0x73, 0x74, 0x20, 0x75, // ("This is a test u") | ||
1218 | 0x73, 0x69, 0x6e, 0x67, 0x20, 0x61, 0x20, 0x6c, | ||
1219 | 0x61, 0x72, 0x67, 0x65, 0x72, 0x20, 0x74, 0x68, // ("sing a larger th") | ||
1220 | 0x61, 0x6e, 0x20, 0x62, 0x6c, 0x6f, 0x63, 0x6b, | ||
1221 | 0x2d, 0x73, 0x69, 0x7a, 0x65, 0x20, 0x6b, 0x65, // ("an block-size ke") | ||
1222 | 0x79, 0x20, 0x61, 0x6e, 0x64, 0x20, 0x61, 0x20, | ||
1223 | 0x6c, 0x61, 0x72, 0x67, 0x65, 0x72, 0x20, 0x74, // ("y and a larger t") | ||
1224 | 0x68, 0x61, 0x6e, 0x20, 0x62, 0x6c, 0x6f, 0x63, | ||
1225 | 0x6b, 0x2d, 0x73, 0x69, 0x7a, 0x65, 0x20, 0x64, // ("han block-size d") | ||
1226 | 0x61, 0x74, 0x61, 0x2e, 0x20, 0x54, 0x68, 0x65, | ||
1227 | 0x20, 0x6b, 0x65, 0x79, 0x20, 0x6e, 0x65, 0x65, // ("ata. The key nee") | ||
1228 | 0x64, 0x73, 0x20, 0x74, 0x6f, 0x20, 0x62, 0x65, | ||
1229 | 0x20, 0x68, 0x61, 0x73, 0x68, 0x65, 0x64, 0x20, // ("ds to be hashed ") | ||
1230 | 0x62, 0x65, 0x66, 0x6f, 0x72, 0x65, 0x20, 0x62, | ||
1231 | 0x65, 0x69, 0x6e, 0x67, 0x20, 0x75, 0x73, 0x65, // ("before being use") | ||
1232 | 0x64, 0x20, 0x62, 0x79, 0x20, 0x74, 0x68, 0x65, | ||
1233 | 0x20, 0x48, 0x4d, 0x41, 0x43, 0x20, 0x61, 0x6c, // ("d by the HMAC al") | ||
1234 | 0x67, 0x6f, 0x72, 0x69, 0x74, 0x68, 0x6d, 0x2e }, // ("gorithm.") | ||
1235 | .psize = 152, | ||
1236 | .digest = { 0xe3, 0x7b, 0x6a, 0x77, 0x5d, 0xc8, 0x7d, 0xba, | ||
1237 | 0xa4, 0xdf, 0xa9, 0xf9, 0x6e, 0x5e, 0x3f, 0xfd, | ||
1238 | 0xde, 0xbd, 0x71, 0xf8, 0x86, 0x72, 0x89, 0x86, | ||
1239 | 0x5d, 0xf5, 0xa3, 0x2d, 0x20, 0xcd, 0xc9, 0x44, | ||
1240 | 0xb6, 0x02, 0x2c, 0xac, 0x3c, 0x49, 0x82, 0xb1, | ||
1241 | 0x0d, 0x5e, 0xeb, 0x55, 0xc3, 0xe4, 0xde, 0x15, | ||
1242 | 0x13, 0x46, 0x76, 0xfb, 0x6d, 0xe0, 0x44, 0x60, | ||
1243 | 0x65, 0xc9, 0x74, 0x40, 0xfa, 0x8c, 0x6a, 0x58 }, | ||
1244 | }, | ||
1245 | }; | ||
1246 | |||
1247 | /* | ||
1005 | * DES test vectors. | 1248 | * DES test vectors. |
1006 | */ | 1249 | */ |
1007 | #define DES_ENC_TEST_VECTORS 10 | 1250 | #define DES_ENC_TEST_VECTORS 10 |
@@ -3316,6 +3559,278 @@ static struct cipher_testvec xeta_dec_tv_template[] = { | |||
3316 | } | 3559 | } |
3317 | }; | 3560 | }; |
3318 | 3561 | ||
3562 | /* | ||
3563 | * FCrypt test vectors | ||
3564 | */ | ||
3565 | #define FCRYPT_ENC_TEST_VECTORS ARRAY_SIZE(fcrypt_pcbc_enc_tv_template) | ||
3566 | #define FCRYPT_DEC_TEST_VECTORS ARRAY_SIZE(fcrypt_pcbc_dec_tv_template) | ||
3567 | |||
3568 | static struct cipher_testvec fcrypt_pcbc_enc_tv_template[] = { | ||
3569 | { /* http://www.openafs.org/pipermail/openafs-devel/2000-December/005320.html */ | ||
3570 | .key = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, | ||
3571 | .klen = 8, | ||
3572 | .iv = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, | ||
3573 | .input = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, | ||
3574 | .ilen = 8, | ||
3575 | .result = { 0x0E, 0x09, 0x00, 0xC7, 0x3E, 0xF7, 0xED, 0x41 }, | ||
3576 | .rlen = 8, | ||
3577 | }, { | ||
3578 | .key = { 0x11, 0x44, 0x77, 0xAA, 0xDD, 0x00, 0x33, 0x66 }, | ||
3579 | .klen = 8, | ||
3580 | .iv = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, | ||
3581 | .input = { 0x12, 0x34, 0x56, 0x78, 0x9A, 0xBC, 0xDE, 0xF0 }, | ||
3582 | .ilen = 8, | ||
3583 | .result = { 0xD8, 0xED, 0x78, 0x74, 0x77, 0xEC, 0x06, 0x80 }, | ||
3584 | .rlen = 8, | ||
3585 | }, { /* From Arla */ | ||
3586 | .key = { 0xf0, 0xe1, 0xd2, 0xc3, 0xb4, 0xa5, 0x96, 0x87 }, | ||
3587 | .klen = 8, | ||
3588 | .iv = { 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10 }, | ||
3589 | .input = "The quick brown fox jumps over the lazy dogs.\0\0", | ||
3590 | .ilen = 48, | ||
3591 | .result = { 0x00, 0xf0, 0xe, 0x11, 0x75, 0xe6, 0x23, 0x82, | ||
3592 | 0xee, 0xac, 0x98, 0x62, 0x44, 0x51, 0xe4, 0x84, | ||
3593 | 0xc3, 0x59, 0xd8, 0xaa, 0x64, 0x60, 0xae, 0xf7, | ||
3594 | 0xd2, 0xd9, 0x13, 0x79, 0x72, 0xa3, 0x45, 0x03, | ||
3595 | 0x23, 0xb5, 0x62, 0xd7, 0x0c, 0xf5, 0x27, 0xd1, | ||
3596 | 0xf8, 0x91, 0x3c, 0xac, 0x44, 0x22, 0x92, 0xef }, | ||
3597 | .rlen = 48, | ||
3598 | }, { | ||
3599 | .key = { 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10 }, | ||
3600 | .klen = 8, | ||
3601 | .iv = { 0xf0, 0xe1, 0xd2, 0xc3, 0xb4, 0xa5, 0x96, 0x87 }, | ||
3602 | .input = "The quick brown fox jumps over the lazy dogs.\0\0", | ||
3603 | .ilen = 48, | ||
3604 | .result = { 0xca, 0x90, 0xf5, 0x9d, 0xcb, 0xd4, 0xd2, 0x3c, | ||
3605 | 0x01, 0x88, 0x7f, 0x3e, 0x31, 0x6e, 0x62, 0x9d, | ||
3606 | 0xd8, 0xe0, 0x57, 0xa3, 0x06, 0x3a, 0x42, 0x58, | ||
3607 | 0x2a, 0x28, 0xfe, 0x72, 0x52, 0x2f, 0xdd, 0xe0, | ||
3608 | 0x19, 0x89, 0x09, 0x1c, 0x2a, 0x8e, 0x8c, 0x94, | ||
3609 | 0xfc, 0xc7, 0x68, 0xe4, 0x88, 0xaa, 0xde, 0x0f }, | ||
3610 | .rlen = 48, | ||
3611 | }, { /* split-page version */ | ||
3612 | .key = { 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10 }, | ||
3613 | .klen = 8, | ||
3614 | .iv = { 0xf0, 0xe1, 0xd2, 0xc3, 0xb4, 0xa5, 0x96, 0x87 }, | ||
3615 | .input = "The quick brown fox jumps over the lazy dogs.\0\0", | ||
3616 | .ilen = 48, | ||
3617 | .result = { 0xca, 0x90, 0xf5, 0x9d, 0xcb, 0xd4, 0xd2, 0x3c, | ||
3618 | 0x01, 0x88, 0x7f, 0x3e, 0x31, 0x6e, 0x62, 0x9d, | ||
3619 | 0xd8, 0xe0, 0x57, 0xa3, 0x06, 0x3a, 0x42, 0x58, | ||
3620 | 0x2a, 0x28, 0xfe, 0x72, 0x52, 0x2f, 0xdd, 0xe0, | ||
3621 | 0x19, 0x89, 0x09, 0x1c, 0x2a, 0x8e, 0x8c, 0x94, | ||
3622 | 0xfc, 0xc7, 0x68, 0xe4, 0x88, 0xaa, 0xde, 0x0f }, | ||
3623 | .rlen = 48, | ||
3624 | .np = 2, | ||
3625 | .tap = { 20, 28 }, | ||
3626 | } | ||
3627 | }; | ||
3628 | |||
3629 | static struct cipher_testvec fcrypt_pcbc_dec_tv_template[] = { | ||
3630 | { /* http://www.openafs.org/pipermail/openafs-devel/2000-December/005320.html */ | ||
3631 | .key = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, | ||
3632 | .klen = 8, | ||
3633 | .iv = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, | ||
3634 | .input = { 0x0E, 0x09, 0x00, 0xC7, 0x3E, 0xF7, 0xED, 0x41 }, | ||
3635 | .ilen = 8, | ||
3636 | .result = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, | ||
3637 | .rlen = 8, | ||
3638 | }, { | ||
3639 | .key = { 0x11, 0x44, 0x77, 0xAA, 0xDD, 0x00, 0x33, 0x66 }, | ||
3640 | .klen = 8, | ||
3641 | .iv = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, | ||
3642 | .input = { 0xD8, 0xED, 0x78, 0x74, 0x77, 0xEC, 0x06, 0x80 }, | ||
3643 | .ilen = 8, | ||
3644 | .result = { 0x12, 0x34, 0x56, 0x78, 0x9A, 0xBC, 0xDE, 0xF0 }, | ||
3645 | .rlen = 8, | ||
3646 | }, { /* From Arla */ | ||
3647 | .key = { 0xf0, 0xe1, 0xd2, 0xc3, 0xb4, 0xa5, 0x96, 0x87 }, | ||
3648 | .klen = 8, | ||
3649 | .iv = { 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10 }, | ||
3650 | .input = { 0x00, 0xf0, 0xe, 0x11, 0x75, 0xe6, 0x23, 0x82, | ||
3651 | 0xee, 0xac, 0x98, 0x62, 0x44, 0x51, 0xe4, 0x84, | ||
3652 | 0xc3, 0x59, 0xd8, 0xaa, 0x64, 0x60, 0xae, 0xf7, | ||
3653 | 0xd2, 0xd9, 0x13, 0x79, 0x72, 0xa3, 0x45, 0x03, | ||
3654 | 0x23, 0xb5, 0x62, 0xd7, 0x0c, 0xf5, 0x27, 0xd1, | ||
3655 | 0xf8, 0x91, 0x3c, 0xac, 0x44, 0x22, 0x92, 0xef }, | ||
3656 | .ilen = 48, | ||
3657 | .result = "The quick brown fox jumps over the lazy dogs.\0\0", | ||
3658 | .rlen = 48, | ||
3659 | }, { | ||
3660 | .key = { 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10 }, | ||
3661 | .klen = 8, | ||
3662 | .iv = { 0xf0, 0xe1, 0xd2, 0xc3, 0xb4, 0xa5, 0x96, 0x87 }, | ||
3663 | .input = { 0xca, 0x90, 0xf5, 0x9d, 0xcb, 0xd4, 0xd2, 0x3c, | ||
3664 | 0x01, 0x88, 0x7f, 0x3e, 0x31, 0x6e, 0x62, 0x9d, | ||
3665 | 0xd8, 0xe0, 0x57, 0xa3, 0x06, 0x3a, 0x42, 0x58, | ||
3666 | 0x2a, 0x28, 0xfe, 0x72, 0x52, 0x2f, 0xdd, 0xe0, | ||
3667 | 0x19, 0x89, 0x09, 0x1c, 0x2a, 0x8e, 0x8c, 0x94, | ||
3668 | 0xfc, 0xc7, 0x68, 0xe4, 0x88, 0xaa, 0xde, 0x0f }, | ||
3669 | .ilen = 48, | ||
3670 | .result = "The quick brown fox jumps over the lazy dogs.\0\0", | ||
3671 | .rlen = 48, | ||
3672 | }, { /* split-page version */ | ||
3673 | .key = { 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10 }, | ||
3674 | .klen = 8, | ||
3675 | .iv = { 0xf0, 0xe1, 0xd2, 0xc3, 0xb4, 0xa5, 0x96, 0x87 }, | ||
3676 | .input = { 0xca, 0x90, 0xf5, 0x9d, 0xcb, 0xd4, 0xd2, 0x3c, | ||
3677 | 0x01, 0x88, 0x7f, 0x3e, 0x31, 0x6e, 0x62, 0x9d, | ||
3678 | 0xd8, 0xe0, 0x57, 0xa3, 0x06, 0x3a, 0x42, 0x58, | ||
3679 | 0x2a, 0x28, 0xfe, 0x72, 0x52, 0x2f, 0xdd, 0xe0, | ||
3680 | 0x19, 0x89, 0x09, 0x1c, 0x2a, 0x8e, 0x8c, 0x94, | ||
3681 | 0xfc, 0xc7, 0x68, 0xe4, 0x88, 0xaa, 0xde, 0x0f }, | ||
3682 | .ilen = 48, | ||
3683 | .result = "The quick brown fox jumps over the lazy dogs.\0\0", | ||
3684 | .rlen = 48, | ||
3685 | .np = 2, | ||
3686 | .tap = { 20, 28 }, | ||
3687 | } | ||
3688 | }; | ||
3689 | |||
3690 | /* | ||
3691 | * CAMELLIA test vectors. | ||
3692 | */ | ||
3693 | #define CAMELLIA_ENC_TEST_VECTORS 3 | ||
3694 | #define CAMELLIA_DEC_TEST_VECTORS 3 | ||
3695 | #define CAMELLIA_CBC_ENC_TEST_VECTORS 2 | ||
3696 | #define CAMELLIA_CBC_DEC_TEST_VECTORS 2 | ||
3697 | |||
3698 | static struct cipher_testvec camellia_enc_tv_template[] = { | ||
3699 | { | ||
3700 | .key = { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, | ||
3701 | 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10 }, | ||
3702 | .klen = 16, | ||
3703 | .input = { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, | ||
3704 | 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10 }, | ||
3705 | .ilen = 16, | ||
3706 | .result = { 0x67, 0x67, 0x31, 0x38, 0x54, 0x96, 0x69, 0x73, | ||
3707 | 0x08, 0x57, 0x06, 0x56, 0x48, 0xea, 0xbe, 0x43 }, | ||
3708 | .rlen = 16, | ||
3709 | }, { | ||
3710 | .key = { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, | ||
3711 | 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10, | ||
3712 | 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77 }, | ||
3713 | .klen = 24, | ||
3714 | .input = { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, | ||
3715 | 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10 }, | ||
3716 | .ilen = 16, | ||
3717 | .result = { 0xb4, 0x99, 0x34, 0x01, 0xb3, 0xe9, 0x96, 0xf8, | ||
3718 | 0x4e, 0xe5, 0xce, 0xe7, 0xd7, 0x9b, 0x09, 0xb9 }, | ||
3719 | .rlen = 16, | ||
3720 | }, { | ||
3721 | .key = { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, | ||
3722 | 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10, | ||
3723 | 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, | ||
3724 | 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff }, | ||
3725 | .klen = 32, | ||
3726 | .input = { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, | ||
3727 | 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10 }, | ||
3728 | .ilen = 16, | ||
3729 | .result = { 0x9a, 0xcc, 0x23, 0x7d, 0xff, 0x16, 0xd7, 0x6c, | ||
3730 | 0x20, 0xef, 0x7c, 0x91, 0x9e, 0x3a, 0x75, 0x09 }, | ||
3731 | .rlen = 16, | ||
3732 | }, | ||
3733 | }; | ||
3734 | |||
3735 | static struct cipher_testvec camellia_dec_tv_template[] = { | ||
3736 | { | ||
3737 | .key = { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, | ||
3738 | 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10 }, | ||
3739 | .klen = 16, | ||
3740 | .input = { 0x67, 0x67, 0x31, 0x38, 0x54, 0x96, 0x69, 0x73, | ||
3741 | 0x08, 0x57, 0x06, 0x56, 0x48, 0xea, 0xbe, 0x43 }, | ||
3742 | .ilen = 16, | ||
3743 | .result = { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, | ||
3744 | 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10 }, | ||
3745 | .rlen = 16, | ||
3746 | }, { | ||
3747 | .key = { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, | ||
3748 | 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10, | ||
3749 | 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77 }, | ||
3750 | .klen = 24, | ||
3751 | .input = { 0xb4, 0x99, 0x34, 0x01, 0xb3, 0xe9, 0x96, 0xf8, | ||
3752 | 0x4e, 0xe5, 0xce, 0xe7, 0xd7, 0x9b, 0x09, 0xb9 }, | ||
3753 | .ilen = 16, | ||
3754 | .result = { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, | ||
3755 | 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10 }, | ||
3756 | .rlen = 16, | ||
3757 | }, { | ||
3758 | .key = { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, | ||
3759 | 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10, | ||
3760 | 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, | ||
3761 | 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff }, | ||
3762 | .klen = 32, | ||
3763 | .input = { 0x9a, 0xcc, 0x23, 0x7d, 0xff, 0x16, 0xd7, 0x6c, | ||
3764 | 0x20, 0xef, 0x7c, 0x91, 0x9e, 0x3a, 0x75, 0x09 }, | ||
3765 | .ilen = 16, | ||
3766 | .result = { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, | ||
3767 | 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10 }, | ||
3768 | .rlen = 16, | ||
3769 | }, | ||
3770 | }; | ||
3771 | |||
3772 | static struct cipher_testvec camellia_cbc_enc_tv_template[] = { | ||
3773 | { | ||
3774 | .key = { 0x06, 0xa9, 0x21, 0x40, 0x36, 0xb8, 0xa1, 0x5b, | ||
3775 | 0x51, 0x2e, 0x03, 0xd5, 0x34, 0x12, 0x00, 0x06 }, | ||
3776 | .klen = 16, | ||
3777 | .iv = { 0x3d, 0xaf, 0xba, 0x42, 0x9d, 0x9e, 0xb4, 0x30, | ||
3778 | 0xb4, 0x22, 0xda, 0x80, 0x2c, 0x9f, 0xac, 0x41 }, | ||
3779 | .input = { "Single block msg" }, | ||
3780 | .ilen = 16, | ||
3781 | .result = { 0xea, 0x32, 0x12, 0x76, 0x3b, 0x50, 0x10, 0xe7, | ||
3782 | 0x18, 0xf6, 0xfd, 0x5d, 0xf6, 0x8f, 0x13, 0x51 }, | ||
3783 | .rlen = 16, | ||
3784 | }, { | ||
3785 | .key = { 0xc2, 0x86, 0x69, 0x6d, 0x88, 0x7c, 0x9a, 0xa0, | ||
3786 | 0x61, 0x1b, 0xbb, 0x3e, 0x20, 0x25, 0xa4, 0x5a }, | ||
3787 | .klen = 16, | ||
3788 | .iv = { 0x56, 0x2e, 0x17, 0x99, 0x6d, 0x09, 0x3d, 0x28, | ||
3789 | 0xdd, 0xb3, 0xba, 0x69, 0x5a, 0x2e, 0x6f, 0x58 }, | ||
3790 | .input = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, | ||
3791 | 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, | ||
3792 | 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, | ||
3793 | 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f }, | ||
3794 | .ilen = 32, | ||
3795 | .result = { 0xa5, 0xdf, 0x6e, 0x50, 0xda, 0x70, 0x6c, 0x01, | ||
3796 | 0x4a, 0xab, 0xf3, 0xf2, 0xd6, 0xfc, 0x6c, 0xfd, | ||
3797 | 0x19, 0xb4, 0x3e, 0x57, 0x1c, 0x02, 0x5e, 0xa0, | ||
3798 | 0x15, 0x78, 0xe0, 0x5e, 0xf2, 0xcb, 0x87, 0x16 }, | ||
3799 | .rlen = 32, | ||
3800 | }, | ||
3801 | }; | ||
3802 | |||
3803 | static struct cipher_testvec camellia_cbc_dec_tv_template[] = { | ||
3804 | { | ||
3805 | .key = { 0x06, 0xa9, 0x21, 0x40, 0x36, 0xb8, 0xa1, 0x5b, | ||
3806 | 0x51, 0x2e, 0x03, 0xd5, 0x34, 0x12, 0x00, 0x06 }, | ||
3807 | .klen = 16, | ||
3808 | .iv = { 0x3d, 0xaf, 0xba, 0x42, 0x9d, 0x9e, 0xb4, 0x30, | ||
3809 | 0xb4, 0x22, 0xda, 0x80, 0x2c, 0x9f, 0xac, 0x41 }, | ||
3810 | .input = { 0xea, 0x32, 0x12, 0x76, 0x3b, 0x50, 0x10, 0xe7, | ||
3811 | 0x18, 0xf6, 0xfd, 0x5d, 0xf6, 0x8f, 0x13, 0x51 }, | ||
3812 | .ilen = 16, | ||
3813 | .result = { "Single block msg" }, | ||
3814 | .rlen = 16, | ||
3815 | }, { | ||
3816 | .key = { 0xc2, 0x86, 0x69, 0x6d, 0x88, 0x7c, 0x9a, 0xa0, | ||
3817 | 0x61, 0x1b, 0xbb, 0x3e, 0x20, 0x25, 0xa4, 0x5a }, | ||
3818 | .klen = 16, | ||
3819 | .iv = { 0x56, 0x2e, 0x17, 0x99, 0x6d, 0x09, 0x3d, 0x28, | ||
3820 | 0xdd, 0xb3, 0xba, 0x69, 0x5a, 0x2e, 0x6f, 0x58 }, | ||
3821 | .input = { 0xa5, 0xdf, 0x6e, 0x50, 0xda, 0x70, 0x6c, 0x01, | ||
3822 | 0x4a, 0xab, 0xf3, 0xf2, 0xd6, 0xfc, 0x6c, 0xfd, | ||
3823 | 0x19, 0xb4, 0x3e, 0x57, 0x1c, 0x02, 0x5e, 0xa0, | ||
3824 | 0x15, 0x78, 0xe0, 0x5e, 0xf2, 0xcb, 0x87, 0x16 }, | ||
3825 | .ilen = 32, | ||
3826 | .result = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, | ||
3827 | 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, | ||
3828 | 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, | ||
3829 | 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f }, | ||
3830 | .rlen = 32, | ||
3831 | }, | ||
3832 | }; | ||
3833 | |||
3319 | /* | 3834 | /* |
3320 | * Compression stuff. | 3835 | * Compression stuff. |
3321 | */ | 3836 | */ |
@@ -3769,4 +4284,25 @@ static struct hash_speed generic_hash_speed_template[] = { | |||
3769 | { .blen = 0, .plen = 0, } | 4284 | { .blen = 0, .plen = 0, } |
3770 | }; | 4285 | }; |
3771 | 4286 | ||
4287 | static struct cipher_speed camellia_speed_template[] = { | ||
4288 | { .klen = 16, .blen = 16, }, | ||
4289 | { .klen = 16, .blen = 64, }, | ||
4290 | { .klen = 16, .blen = 256, }, | ||
4291 | { .klen = 16, .blen = 1024, }, | ||
4292 | { .klen = 16, .blen = 8192, }, | ||
4293 | { .klen = 24, .blen = 16, }, | ||
4294 | { .klen = 24, .blen = 64, }, | ||
4295 | { .klen = 24, .blen = 256, }, | ||
4296 | { .klen = 24, .blen = 1024, }, | ||
4297 | { .klen = 24, .blen = 8192, }, | ||
4298 | { .klen = 32, .blen = 16, }, | ||
4299 | { .klen = 32, .blen = 64, }, | ||
4300 | { .klen = 32, .blen = 256, }, | ||
4301 | { .klen = 32, .blen = 1024, }, | ||
4302 | { .klen = 32, .blen = 8192, }, | ||
4303 | |||
4304 | /* End marker */ | ||
4305 | { .klen = 0, .blen = 0, } | ||
4306 | }; | ||
4307 | |||
3772 | #endif /* _CRYPTO_TCRYPT_H */ | 4308 | #endif /* _CRYPTO_TCRYPT_H */ |
diff --git a/crypto/xcbc.c b/crypto/xcbc.c index 9347eb6bcf69..53e8ccbf0f5f 100644 --- a/crypto/xcbc.c +++ b/crypto/xcbc.c | |||
@@ -21,6 +21,7 @@ | |||
21 | 21 | ||
22 | #include <linux/crypto.h> | 22 | #include <linux/crypto.h> |
23 | #include <linux/err.h> | 23 | #include <linux/err.h> |
24 | #include <linux/hardirq.h> | ||
24 | #include <linux/kernel.h> | 25 | #include <linux/kernel.h> |
25 | #include <linux/mm.h> | 26 | #include <linux/mm.h> |
26 | #include <linux/rtnetlink.h> | 27 | #include <linux/rtnetlink.h> |
@@ -47,7 +48,7 @@ static u_int32_t ks[12] = {0x01010101, 0x01010101, 0x01010101, 0x01010101, | |||
47 | * +------------------------ | 48 | * +------------------------ |
48 | */ | 49 | */ |
49 | struct crypto_xcbc_ctx { | 50 | struct crypto_xcbc_ctx { |
50 | struct crypto_tfm *child; | 51 | struct crypto_cipher *child; |
51 | u8 *odds; | 52 | u8 *odds; |
52 | u8 *prev; | 53 | u8 *prev; |
53 | u8 *key; | 54 | u8 *key; |
@@ -75,8 +76,7 @@ static int _crypto_xcbc_digest_setkey(struct crypto_hash *parent, | |||
75 | if ((err = crypto_cipher_setkey(ctx->child, ctx->key, ctx->keylen))) | 76 | if ((err = crypto_cipher_setkey(ctx->child, ctx->key, ctx->keylen))) |
76 | return err; | 77 | return err; |
77 | 78 | ||
78 | ctx->child->__crt_alg->cra_cipher.cia_encrypt(ctx->child, key1, | 79 | crypto_cipher_encrypt_one(ctx->child, key1, ctx->consts); |
79 | ctx->consts); | ||
80 | 80 | ||
81 | return crypto_cipher_setkey(ctx->child, key1, bs); | 81 | return crypto_cipher_setkey(ctx->child, key1, bs); |
82 | } | 82 | } |
@@ -86,7 +86,7 @@ static int crypto_xcbc_digest_setkey(struct crypto_hash *parent, | |||
86 | { | 86 | { |
87 | struct crypto_xcbc_ctx *ctx = crypto_hash_ctx_aligned(parent); | 87 | struct crypto_xcbc_ctx *ctx = crypto_hash_ctx_aligned(parent); |
88 | 88 | ||
89 | if (keylen != crypto_tfm_alg_blocksize(ctx->child)) | 89 | if (keylen != crypto_cipher_blocksize(ctx->child)) |
90 | return -EINVAL; | 90 | return -EINVAL; |
91 | 91 | ||
92 | ctx->keylen = keylen; | 92 | ctx->keylen = keylen; |
@@ -108,13 +108,13 @@ static int crypto_xcbc_digest_init(struct hash_desc *pdesc) | |||
108 | return 0; | 108 | return 0; |
109 | } | 109 | } |
110 | 110 | ||
111 | static int crypto_xcbc_digest_update(struct hash_desc *pdesc, | 111 | static int crypto_xcbc_digest_update2(struct hash_desc *pdesc, |
112 | struct scatterlist *sg, | 112 | struct scatterlist *sg, |
113 | unsigned int nbytes) | 113 | unsigned int nbytes) |
114 | { | 114 | { |
115 | struct crypto_hash *parent = pdesc->tfm; | 115 | struct crypto_hash *parent = pdesc->tfm; |
116 | struct crypto_xcbc_ctx *ctx = crypto_hash_ctx_aligned(parent); | 116 | struct crypto_xcbc_ctx *ctx = crypto_hash_ctx_aligned(parent); |
117 | struct crypto_tfm *tfm = ctx->child; | 117 | struct crypto_cipher *tfm = ctx->child; |
118 | int bs = crypto_hash_blocksize(parent); | 118 | int bs = crypto_hash_blocksize(parent); |
119 | unsigned int i = 0; | 119 | unsigned int i = 0; |
120 | 120 | ||
@@ -142,7 +142,7 @@ static int crypto_xcbc_digest_update(struct hash_desc *pdesc, | |||
142 | offset += len; | 142 | offset += len; |
143 | 143 | ||
144 | crypto_kunmap(p, 0); | 144 | crypto_kunmap(p, 0); |
145 | crypto_yield(tfm->crt_flags); | 145 | crypto_yield(pdesc->flags); |
146 | continue; | 146 | continue; |
147 | } | 147 | } |
148 | 148 | ||
@@ -152,7 +152,7 @@ static int crypto_xcbc_digest_update(struct hash_desc *pdesc, | |||
152 | p += bs - ctx->len; | 152 | p += bs - ctx->len; |
153 | 153 | ||
154 | ctx->xor(ctx->prev, ctx->odds, bs); | 154 | ctx->xor(ctx->prev, ctx->odds, bs); |
155 | tfm->__crt_alg->cra_cipher.cia_encrypt(tfm, ctx->prev, ctx->prev); | 155 | crypto_cipher_encrypt_one(tfm, ctx->prev, ctx->prev); |
156 | 156 | ||
157 | /* clearing the length */ | 157 | /* clearing the length */ |
158 | ctx->len = 0; | 158 | ctx->len = 0; |
@@ -160,7 +160,8 @@ static int crypto_xcbc_digest_update(struct hash_desc *pdesc, | |||
160 | /* encrypting the rest of data */ | 160 | /* encrypting the rest of data */ |
161 | while (len > bs) { | 161 | while (len > bs) { |
162 | ctx->xor(ctx->prev, p, bs); | 162 | ctx->xor(ctx->prev, p, bs); |
163 | tfm->__crt_alg->cra_cipher.cia_encrypt(tfm, ctx->prev, ctx->prev); | 163 | crypto_cipher_encrypt_one(tfm, ctx->prev, |
164 | ctx->prev); | ||
164 | p += bs; | 165 | p += bs; |
165 | len -= bs; | 166 | len -= bs; |
166 | } | 167 | } |
@@ -171,7 +172,7 @@ static int crypto_xcbc_digest_update(struct hash_desc *pdesc, | |||
171 | ctx->len = len; | 172 | ctx->len = len; |
172 | } | 173 | } |
173 | crypto_kunmap(p, 0); | 174 | crypto_kunmap(p, 0); |
174 | crypto_yield(tfm->crt_flags); | 175 | crypto_yield(pdesc->flags); |
175 | slen -= min(slen, ((unsigned int)(PAGE_SIZE)) - offset); | 176 | slen -= min(slen, ((unsigned int)(PAGE_SIZE)) - offset); |
176 | offset = 0; | 177 | offset = 0; |
177 | pg++; | 178 | pg++; |
@@ -183,11 +184,20 @@ static int crypto_xcbc_digest_update(struct hash_desc *pdesc, | |||
183 | return 0; | 184 | return 0; |
184 | } | 185 | } |
185 | 186 | ||
187 | static int crypto_xcbc_digest_update(struct hash_desc *pdesc, | ||
188 | struct scatterlist *sg, | ||
189 | unsigned int nbytes) | ||
190 | { | ||
191 | if (WARN_ON_ONCE(in_irq())) | ||
192 | return -EDEADLK; | ||
193 | return crypto_xcbc_digest_update2(pdesc, sg, nbytes); | ||
194 | } | ||
195 | |||
186 | static int crypto_xcbc_digest_final(struct hash_desc *pdesc, u8 *out) | 196 | static int crypto_xcbc_digest_final(struct hash_desc *pdesc, u8 *out) |
187 | { | 197 | { |
188 | struct crypto_hash *parent = pdesc->tfm; | 198 | struct crypto_hash *parent = pdesc->tfm; |
189 | struct crypto_xcbc_ctx *ctx = crypto_hash_ctx_aligned(parent); | 199 | struct crypto_xcbc_ctx *ctx = crypto_hash_ctx_aligned(parent); |
190 | struct crypto_tfm *tfm = ctx->child; | 200 | struct crypto_cipher *tfm = ctx->child; |
191 | int bs = crypto_hash_blocksize(parent); | 201 | int bs = crypto_hash_blocksize(parent); |
192 | int err = 0; | 202 | int err = 0; |
193 | 203 | ||
@@ -197,13 +207,14 @@ static int crypto_xcbc_digest_final(struct hash_desc *pdesc, u8 *out) | |||
197 | if ((err = crypto_cipher_setkey(tfm, ctx->key, ctx->keylen)) != 0) | 207 | if ((err = crypto_cipher_setkey(tfm, ctx->key, ctx->keylen)) != 0) |
198 | return err; | 208 | return err; |
199 | 209 | ||
200 | tfm->__crt_alg->cra_cipher.cia_encrypt(tfm, key2, (const u8*)(ctx->consts+bs)); | 210 | crypto_cipher_encrypt_one(tfm, key2, |
211 | (u8 *)(ctx->consts + bs)); | ||
201 | 212 | ||
202 | ctx->xor(ctx->prev, ctx->odds, bs); | 213 | ctx->xor(ctx->prev, ctx->odds, bs); |
203 | ctx->xor(ctx->prev, key2, bs); | 214 | ctx->xor(ctx->prev, key2, bs); |
204 | _crypto_xcbc_digest_setkey(parent, ctx); | 215 | _crypto_xcbc_digest_setkey(parent, ctx); |
205 | 216 | ||
206 | tfm->__crt_alg->cra_cipher.cia_encrypt(tfm, out, ctx->prev); | 217 | crypto_cipher_encrypt_one(tfm, out, ctx->prev); |
207 | } else { | 218 | } else { |
208 | u8 key3[bs]; | 219 | u8 key3[bs]; |
209 | unsigned int rlen; | 220 | unsigned int rlen; |
@@ -218,14 +229,15 @@ static int crypto_xcbc_digest_final(struct hash_desc *pdesc, u8 *out) | |||
218 | if ((err = crypto_cipher_setkey(tfm, ctx->key, ctx->keylen)) != 0) | 229 | if ((err = crypto_cipher_setkey(tfm, ctx->key, ctx->keylen)) != 0) |
219 | return err; | 230 | return err; |
220 | 231 | ||
221 | tfm->__crt_alg->cra_cipher.cia_encrypt(tfm, key3, (const u8*)(ctx->consts+bs*2)); | 232 | crypto_cipher_encrypt_one(tfm, key3, |
233 | (u8 *)(ctx->consts + bs * 2)); | ||
222 | 234 | ||
223 | ctx->xor(ctx->prev, ctx->odds, bs); | 235 | ctx->xor(ctx->prev, ctx->odds, bs); |
224 | ctx->xor(ctx->prev, key3, bs); | 236 | ctx->xor(ctx->prev, key3, bs); |
225 | 237 | ||
226 | _crypto_xcbc_digest_setkey(parent, ctx); | 238 | _crypto_xcbc_digest_setkey(parent, ctx); |
227 | 239 | ||
228 | tfm->__crt_alg->cra_cipher.cia_encrypt(tfm, out, ctx->prev); | 240 | crypto_cipher_encrypt_one(tfm, out, ctx->prev); |
229 | } | 241 | } |
230 | 242 | ||
231 | return 0; | 243 | return 0; |
@@ -234,21 +246,25 @@ static int crypto_xcbc_digest_final(struct hash_desc *pdesc, u8 *out) | |||
234 | static int crypto_xcbc_digest(struct hash_desc *pdesc, | 246 | static int crypto_xcbc_digest(struct hash_desc *pdesc, |
235 | struct scatterlist *sg, unsigned int nbytes, u8 *out) | 247 | struct scatterlist *sg, unsigned int nbytes, u8 *out) |
236 | { | 248 | { |
249 | if (WARN_ON_ONCE(in_irq())) | ||
250 | return -EDEADLK; | ||
251 | |||
237 | crypto_xcbc_digest_init(pdesc); | 252 | crypto_xcbc_digest_init(pdesc); |
238 | crypto_xcbc_digest_update(pdesc, sg, nbytes); | 253 | crypto_xcbc_digest_update2(pdesc, sg, nbytes); |
239 | return crypto_xcbc_digest_final(pdesc, out); | 254 | return crypto_xcbc_digest_final(pdesc, out); |
240 | } | 255 | } |
241 | 256 | ||
242 | static int xcbc_init_tfm(struct crypto_tfm *tfm) | 257 | static int xcbc_init_tfm(struct crypto_tfm *tfm) |
243 | { | 258 | { |
259 | struct crypto_cipher *cipher; | ||
244 | struct crypto_instance *inst = (void *)tfm->__crt_alg; | 260 | struct crypto_instance *inst = (void *)tfm->__crt_alg; |
245 | struct crypto_spawn *spawn = crypto_instance_ctx(inst); | 261 | struct crypto_spawn *spawn = crypto_instance_ctx(inst); |
246 | struct crypto_xcbc_ctx *ctx = crypto_hash_ctx_aligned(__crypto_hash_cast(tfm)); | 262 | struct crypto_xcbc_ctx *ctx = crypto_hash_ctx_aligned(__crypto_hash_cast(tfm)); |
247 | int bs = crypto_hash_blocksize(__crypto_hash_cast(tfm)); | 263 | int bs = crypto_hash_blocksize(__crypto_hash_cast(tfm)); |
248 | 264 | ||
249 | tfm = crypto_spawn_tfm(spawn); | 265 | cipher = crypto_spawn_cipher(spawn); |
250 | if (IS_ERR(tfm)) | 266 | if (IS_ERR(cipher)) |
251 | return PTR_ERR(tfm); | 267 | return PTR_ERR(cipher); |
252 | 268 | ||
253 | switch(bs) { | 269 | switch(bs) { |
254 | case 16: | 270 | case 16: |
@@ -258,7 +274,7 @@ static int xcbc_init_tfm(struct crypto_tfm *tfm) | |||
258 | return -EINVAL; | 274 | return -EINVAL; |
259 | } | 275 | } |
260 | 276 | ||
261 | ctx->child = crypto_cipher_cast(tfm); | 277 | ctx->child = cipher; |
262 | ctx->odds = (u8*)(ctx+1); | 278 | ctx->odds = (u8*)(ctx+1); |
263 | ctx->prev = ctx->odds + bs; | 279 | ctx->prev = ctx->odds + bs; |
264 | ctx->key = ctx->prev + bs; | 280 | ctx->key = ctx->prev + bs; |