aboutsummaryrefslogtreecommitdiffstats
path: root/crypto
diff options
context:
space:
mode:
Diffstat (limited to 'crypto')
-rw-r--r--crypto/Kconfig72
-rw-r--r--crypto/Makefile3
-rw-r--r--crypto/algapi.c15
-rw-r--r--crypto/api.c80
-rw-r--r--crypto/blkcipher.c9
-rw-r--r--crypto/camellia.c1801
-rw-r--r--crypto/cbc.c9
-rw-r--r--crypto/cipher.c447
-rw-r--r--crypto/compress.c5
-rw-r--r--crypto/digest.c24
-rw-r--r--crypto/ecb.c9
-rw-r--r--crypto/fcrypt.c423
-rw-r--r--crypto/hash.c5
-rw-r--r--crypto/hmac.c9
-rw-r--r--crypto/internal.h27
-rw-r--r--crypto/lrw.c11
-rw-r--r--crypto/pcbc.c349
-rw-r--r--crypto/proc.c2
-rw-r--r--crypto/tcrypt.c73
-rw-r--r--crypto/tcrypt.h538
-rw-r--r--crypto/xcbc.c60
21 files changed, 3334 insertions, 637 deletions
diff --git a/crypto/Kconfig b/crypto/Kconfig
index 92ba249f3a5b..086fcec44720 100644
--- a/crypto/Kconfig
+++ b/crypto/Kconfig
@@ -74,14 +74,6 @@ config CRYPTO_SHA1
74 help 74 help
75 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2). 75 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2).
76 76
77config CRYPTO_SHA1_S390
78 tristate "SHA1 digest algorithm (s390)"
79 depends on S390
80 select CRYPTO_ALGAPI
81 help
82 This is the s390 hardware accelerated implementation of the
83 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2).
84
85config CRYPTO_SHA256 77config CRYPTO_SHA256
86 tristate "SHA256 digest algorithm" 78 tristate "SHA256 digest algorithm"
87 select CRYPTO_ALGAPI 79 select CRYPTO_ALGAPI
@@ -91,17 +83,6 @@ config CRYPTO_SHA256
91 This version of SHA implements a 256 bit hash with 128 bits of 83 This version of SHA implements a 256 bit hash with 128 bits of
92 security against collision attacks. 84 security against collision attacks.
93 85
94config CRYPTO_SHA256_S390
95 tristate "SHA256 digest algorithm (s390)"
96 depends on S390
97 select CRYPTO_ALGAPI
98 help
99 This is the s390 hardware accelerated implementation of the
100 SHA256 secure hash standard (DFIPS 180-2).
101
102 This version of SHA implements a 256 bit hash with 128 bits of
103 security against collision attacks.
104
105config CRYPTO_SHA512 86config CRYPTO_SHA512
106 tristate "SHA384 and SHA512 digest algorithms" 87 tristate "SHA384 and SHA512 digest algorithms"
107 select CRYPTO_ALGAPI 88 select CRYPTO_ALGAPI
@@ -168,6 +149,15 @@ config CRYPTO_CBC
168 CBC: Cipher Block Chaining mode 149 CBC: Cipher Block Chaining mode
169 This block cipher algorithm is required for IPSec. 150 This block cipher algorithm is required for IPSec.
170 151
152config CRYPTO_PCBC
153 tristate "PCBC support"
154 select CRYPTO_BLKCIPHER
155 select CRYPTO_MANAGER
156 default m
157 help
158 PCBC: Propagating Cipher Block Chaining mode
159 This block cipher algorithm is required for RxRPC.
160
171config CRYPTO_LRW 161config CRYPTO_LRW
172 tristate "LRW support (EXPERIMENTAL)" 162 tristate "LRW support (EXPERIMENTAL)"
173 depends on EXPERIMENTAL 163 depends on EXPERIMENTAL
@@ -187,13 +177,12 @@ config CRYPTO_DES
187 help 177 help
188 DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3). 178 DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3).
189 179
190config CRYPTO_DES_S390 180config CRYPTO_FCRYPT
191 tristate "DES and Triple DES cipher algorithms (s390)" 181 tristate "FCrypt cipher algorithm"
192 depends on S390
193 select CRYPTO_ALGAPI 182 select CRYPTO_ALGAPI
194 select CRYPTO_BLKCIPHER 183 select CRYPTO_BLKCIPHER
195 help 184 help
196 DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3). 185 FCrypt algorithm used by RxRPC.
197 186
198config CRYPTO_BLOWFISH 187config CRYPTO_BLOWFISH
199 tristate "Blowfish cipher algorithm" 188 tristate "Blowfish cipher algorithm"
@@ -336,28 +325,6 @@ config CRYPTO_AES_X86_64
336 325
337 See <http://csrc.nist.gov/encryption/aes/> for more information. 326 See <http://csrc.nist.gov/encryption/aes/> for more information.
338 327
339config CRYPTO_AES_S390
340 tristate "AES cipher algorithms (s390)"
341 depends on S390
342 select CRYPTO_ALGAPI
343 select CRYPTO_BLKCIPHER
344 help
345 This is the s390 hardware accelerated implementation of the
346 AES cipher algorithms (FIPS-197). AES uses the Rijndael
347 algorithm.
348
349 Rijndael appears to be consistently a very good performer in
350 both hardware and software across a wide range of computing
351 environments regardless of its use in feedback or non-feedback
352 modes. Its key setup time is excellent, and its key agility is
353 good. Rijndael's very low memory requirements make it very well
354 suited for restricted-space environments, in which it also
355 demonstrates excellent performance. Rijndael's operations are
356 among the easiest to defend against power and timing attacks.
357
358 On s390 the System z9-109 currently only supports the key size
359 of 128 bit.
360
361config CRYPTO_CAST5 328config CRYPTO_CAST5
362 tristate "CAST5 (CAST-128) cipher algorithm" 329 tristate "CAST5 (CAST-128) cipher algorithm"
363 select CRYPTO_ALGAPI 330 select CRYPTO_ALGAPI
@@ -458,6 +425,21 @@ config CRYPTO_CRC32C
458 See Castagnoli93. This implementation uses lib/libcrc32c. 425 See Castagnoli93. This implementation uses lib/libcrc32c.
459 Module will be crc32c. 426 Module will be crc32c.
460 427
428config CRYPTO_CAMELLIA
429 tristate "Camellia cipher algorithms"
430 depends on CRYPTO
431 select CRYPTO_ALGAPI
432 help
433 Camellia cipher algorithms module.
434
435 Camellia is a symmetric key block cipher developed jointly
436 at NTT and Mitsubishi Electric Corporation.
437
438 The Camellia specifies three key sizes: 128, 192 and 256 bits.
439
440 See also:
441 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
442
461config CRYPTO_TEST 443config CRYPTO_TEST
462 tristate "Testing module" 444 tristate "Testing module"
463 depends on m 445 depends on m
diff --git a/crypto/Makefile b/crypto/Makefile
index 60e3d24f61f5..12f93f578171 100644
--- a/crypto/Makefile
+++ b/crypto/Makefile
@@ -27,13 +27,16 @@ obj-$(CONFIG_CRYPTO_TGR192) += tgr192.o
27obj-$(CONFIG_CRYPTO_GF128MUL) += gf128mul.o 27obj-$(CONFIG_CRYPTO_GF128MUL) += gf128mul.o
28obj-$(CONFIG_CRYPTO_ECB) += ecb.o 28obj-$(CONFIG_CRYPTO_ECB) += ecb.o
29obj-$(CONFIG_CRYPTO_CBC) += cbc.o 29obj-$(CONFIG_CRYPTO_CBC) += cbc.o
30obj-$(CONFIG_CRYPTO_PCBC) += pcbc.o
30obj-$(CONFIG_CRYPTO_LRW) += lrw.o 31obj-$(CONFIG_CRYPTO_LRW) += lrw.o
31obj-$(CONFIG_CRYPTO_DES) += des.o 32obj-$(CONFIG_CRYPTO_DES) += des.o
33obj-$(CONFIG_CRYPTO_FCRYPT) += fcrypt.o
32obj-$(CONFIG_CRYPTO_BLOWFISH) += blowfish.o 34obj-$(CONFIG_CRYPTO_BLOWFISH) += blowfish.o
33obj-$(CONFIG_CRYPTO_TWOFISH) += twofish.o 35obj-$(CONFIG_CRYPTO_TWOFISH) += twofish.o
34obj-$(CONFIG_CRYPTO_TWOFISH_COMMON) += twofish_common.o 36obj-$(CONFIG_CRYPTO_TWOFISH_COMMON) += twofish_common.o
35obj-$(CONFIG_CRYPTO_SERPENT) += serpent.o 37obj-$(CONFIG_CRYPTO_SERPENT) += serpent.o
36obj-$(CONFIG_CRYPTO_AES) += aes.o 38obj-$(CONFIG_CRYPTO_AES) += aes.o
39obj-$(CONFIG_CRYPTO_CAMELLIA) += camellia.o
37obj-$(CONFIG_CRYPTO_CAST5) += cast5.o 40obj-$(CONFIG_CRYPTO_CAST5) += cast5.o
38obj-$(CONFIG_CRYPTO_CAST6) += cast6.o 41obj-$(CONFIG_CRYPTO_CAST6) += cast6.o
39obj-$(CONFIG_CRYPTO_ARC4) += arc4.o 42obj-$(CONFIG_CRYPTO_ARC4) += arc4.o
diff --git a/crypto/algapi.c b/crypto/algapi.c
index c91530021e9c..f7d2185b2c8f 100644
--- a/crypto/algapi.c
+++ b/crypto/algapi.c
@@ -377,7 +377,8 @@ void crypto_drop_spawn(struct crypto_spawn *spawn)
377} 377}
378EXPORT_SYMBOL_GPL(crypto_drop_spawn); 378EXPORT_SYMBOL_GPL(crypto_drop_spawn);
379 379
380struct crypto_tfm *crypto_spawn_tfm(struct crypto_spawn *spawn) 380struct crypto_tfm *crypto_spawn_tfm(struct crypto_spawn *spawn, u32 type,
381 u32 mask)
381{ 382{
382 struct crypto_alg *alg; 383 struct crypto_alg *alg;
383 struct crypto_alg *alg2; 384 struct crypto_alg *alg2;
@@ -396,10 +397,18 @@ struct crypto_tfm *crypto_spawn_tfm(struct crypto_spawn *spawn)
396 return ERR_PTR(-EAGAIN); 397 return ERR_PTR(-EAGAIN);
397 } 398 }
398 399
399 tfm = __crypto_alloc_tfm(alg, 0); 400 tfm = ERR_PTR(-EINVAL);
401 if (unlikely((alg->cra_flags ^ type) & mask))
402 goto out_put_alg;
403
404 tfm = __crypto_alloc_tfm(alg, type, mask);
400 if (IS_ERR(tfm)) 405 if (IS_ERR(tfm))
401 crypto_mod_put(alg); 406 goto out_put_alg;
407
408 return tfm;
402 409
410out_put_alg:
411 crypto_mod_put(alg);
403 return tfm; 412 return tfm;
404} 413}
405EXPORT_SYMBOL_GPL(crypto_spawn_tfm); 414EXPORT_SYMBOL_GPL(crypto_spawn_tfm);
diff --git a/crypto/api.c b/crypto/api.c
index 8c446871cd5b..55af8bb0f050 100644
--- a/crypto/api.c
+++ b/crypto/api.c
@@ -212,31 +212,12 @@ struct crypto_alg *crypto_alg_mod_lookup(const char *name, u32 type, u32 mask)
212} 212}
213EXPORT_SYMBOL_GPL(crypto_alg_mod_lookup); 213EXPORT_SYMBOL_GPL(crypto_alg_mod_lookup);
214 214
215static int crypto_init_flags(struct crypto_tfm *tfm, u32 flags) 215static int crypto_init_ops(struct crypto_tfm *tfm, u32 type, u32 mask)
216{ 216{
217 tfm->crt_flags = flags & CRYPTO_TFM_REQ_MASK; 217 const struct crypto_type *type_obj = tfm->__crt_alg->cra_type;
218 flags &= ~CRYPTO_TFM_REQ_MASK;
219
220 switch (crypto_tfm_alg_type(tfm)) {
221 case CRYPTO_ALG_TYPE_CIPHER:
222 return crypto_init_cipher_flags(tfm, flags);
223
224 case CRYPTO_ALG_TYPE_DIGEST:
225 return crypto_init_digest_flags(tfm, flags);
226
227 case CRYPTO_ALG_TYPE_COMPRESS:
228 return crypto_init_compress_flags(tfm, flags);
229 }
230
231 return 0;
232}
233 218
234static int crypto_init_ops(struct crypto_tfm *tfm) 219 if (type_obj)
235{ 220 return type_obj->init(tfm, type, mask);
236 const struct crypto_type *type = tfm->__crt_alg->cra_type;
237
238 if (type)
239 return type->init(tfm);
240 221
241 switch (crypto_tfm_alg_type(tfm)) { 222 switch (crypto_tfm_alg_type(tfm)) {
242 case CRYPTO_ALG_TYPE_CIPHER: 223 case CRYPTO_ALG_TYPE_CIPHER:
@@ -285,29 +266,29 @@ static void crypto_exit_ops(struct crypto_tfm *tfm)
285 } 266 }
286} 267}
287 268
288static unsigned int crypto_ctxsize(struct crypto_alg *alg, int flags) 269static unsigned int crypto_ctxsize(struct crypto_alg *alg, u32 type, u32 mask)
289{ 270{
290 const struct crypto_type *type = alg->cra_type; 271 const struct crypto_type *type_obj = alg->cra_type;
291 unsigned int len; 272 unsigned int len;
292 273
293 len = alg->cra_alignmask & ~(crypto_tfm_ctx_alignment() - 1); 274 len = alg->cra_alignmask & ~(crypto_tfm_ctx_alignment() - 1);
294 if (type) 275 if (type_obj)
295 return len + type->ctxsize(alg); 276 return len + type_obj->ctxsize(alg, type, mask);
296 277
297 switch (alg->cra_flags & CRYPTO_ALG_TYPE_MASK) { 278 switch (alg->cra_flags & CRYPTO_ALG_TYPE_MASK) {
298 default: 279 default:
299 BUG(); 280 BUG();
300 281
301 case CRYPTO_ALG_TYPE_CIPHER: 282 case CRYPTO_ALG_TYPE_CIPHER:
302 len += crypto_cipher_ctxsize(alg, flags); 283 len += crypto_cipher_ctxsize(alg);
303 break; 284 break;
304 285
305 case CRYPTO_ALG_TYPE_DIGEST: 286 case CRYPTO_ALG_TYPE_DIGEST:
306 len += crypto_digest_ctxsize(alg, flags); 287 len += crypto_digest_ctxsize(alg);
307 break; 288 break;
308 289
309 case CRYPTO_ALG_TYPE_COMPRESS: 290 case CRYPTO_ALG_TYPE_COMPRESS:
310 len += crypto_compress_ctxsize(alg, flags); 291 len += crypto_compress_ctxsize(alg);
311 break; 292 break;
312 } 293 }
313 294
@@ -322,24 +303,21 @@ void crypto_shoot_alg(struct crypto_alg *alg)
322} 303}
323EXPORT_SYMBOL_GPL(crypto_shoot_alg); 304EXPORT_SYMBOL_GPL(crypto_shoot_alg);
324 305
325struct crypto_tfm *__crypto_alloc_tfm(struct crypto_alg *alg, u32 flags) 306struct crypto_tfm *__crypto_alloc_tfm(struct crypto_alg *alg, u32 type,
307 u32 mask)
326{ 308{
327 struct crypto_tfm *tfm = NULL; 309 struct crypto_tfm *tfm = NULL;
328 unsigned int tfm_size; 310 unsigned int tfm_size;
329 int err = -ENOMEM; 311 int err = -ENOMEM;
330 312
331 tfm_size = sizeof(*tfm) + crypto_ctxsize(alg, flags); 313 tfm_size = sizeof(*tfm) + crypto_ctxsize(alg, type, mask);
332 tfm = kzalloc(tfm_size, GFP_KERNEL); 314 tfm = kzalloc(tfm_size, GFP_KERNEL);
333 if (tfm == NULL) 315 if (tfm == NULL)
334 goto out_err; 316 goto out_err;
335 317
336 tfm->__crt_alg = alg; 318 tfm->__crt_alg = alg;
337 319
338 err = crypto_init_flags(tfm, flags); 320 err = crypto_init_ops(tfm, type, mask);
339 if (err)
340 goto out_free_tfm;
341
342 err = crypto_init_ops(tfm);
343 if (err) 321 if (err)
344 goto out_free_tfm; 322 goto out_free_tfm;
345 323
@@ -362,31 +340,6 @@ out:
362} 340}
363EXPORT_SYMBOL_GPL(__crypto_alloc_tfm); 341EXPORT_SYMBOL_GPL(__crypto_alloc_tfm);
364 342
365struct crypto_tfm *crypto_alloc_tfm(const char *name, u32 flags)
366{
367 struct crypto_tfm *tfm = NULL;
368 int err;
369
370 do {
371 struct crypto_alg *alg;
372
373 alg = crypto_alg_mod_lookup(name, 0, CRYPTO_ALG_ASYNC);
374 err = PTR_ERR(alg);
375 if (IS_ERR(alg))
376 continue;
377
378 tfm = __crypto_alloc_tfm(alg, flags);
379 err = 0;
380 if (IS_ERR(tfm)) {
381 crypto_mod_put(alg);
382 err = PTR_ERR(tfm);
383 tfm = NULL;
384 }
385 } while (err == -EAGAIN && !signal_pending(current));
386
387 return tfm;
388}
389
390/* 343/*
391 * crypto_alloc_base - Locate algorithm and allocate transform 344 * crypto_alloc_base - Locate algorithm and allocate transform
392 * @alg_name: Name of algorithm 345 * @alg_name: Name of algorithm
@@ -420,7 +373,7 @@ struct crypto_tfm *crypto_alloc_base(const char *alg_name, u32 type, u32 mask)
420 goto err; 373 goto err;
421 } 374 }
422 375
423 tfm = __crypto_alloc_tfm(alg, 0); 376 tfm = __crypto_alloc_tfm(alg, type, mask);
424 if (!IS_ERR(tfm)) 377 if (!IS_ERR(tfm))
425 return tfm; 378 return tfm;
426 379
@@ -466,7 +419,6 @@ void crypto_free_tfm(struct crypto_tfm *tfm)
466 kfree(tfm); 419 kfree(tfm);
467} 420}
468 421
469EXPORT_SYMBOL_GPL(crypto_alloc_tfm);
470EXPORT_SYMBOL_GPL(crypto_free_tfm); 422EXPORT_SYMBOL_GPL(crypto_free_tfm);
471 423
472int crypto_has_alg(const char *name, u32 type, u32 mask) 424int crypto_has_alg(const char *name, u32 type, u32 mask)
diff --git a/crypto/blkcipher.c b/crypto/blkcipher.c
index 6e93004f2181..b5befe8c3a96 100644
--- a/crypto/blkcipher.c
+++ b/crypto/blkcipher.c
@@ -16,6 +16,7 @@
16 16
17#include <linux/crypto.h> 17#include <linux/crypto.h>
18#include <linux/errno.h> 18#include <linux/errno.h>
19#include <linux/hardirq.h>
19#include <linux/kernel.h> 20#include <linux/kernel.h>
20#include <linux/module.h> 21#include <linux/module.h>
21#include <linux/scatterlist.h> 22#include <linux/scatterlist.h>
@@ -313,6 +314,9 @@ static int blkcipher_walk_first(struct blkcipher_desc *desc,
313 struct crypto_blkcipher *tfm = desc->tfm; 314 struct crypto_blkcipher *tfm = desc->tfm;
314 unsigned int alignmask = crypto_blkcipher_alignmask(tfm); 315 unsigned int alignmask = crypto_blkcipher_alignmask(tfm);
315 316
317 if (WARN_ON_ONCE(in_irq()))
318 return -EDEADLK;
319
316 walk->nbytes = walk->total; 320 walk->nbytes = walk->total;
317 if (unlikely(!walk->total)) 321 if (unlikely(!walk->total))
318 return 0; 322 return 0;
@@ -345,7 +349,8 @@ static int setkey(struct crypto_tfm *tfm, const u8 *key,
345 return cipher->setkey(tfm, key, keylen); 349 return cipher->setkey(tfm, key, keylen);
346} 350}
347 351
348static unsigned int crypto_blkcipher_ctxsize(struct crypto_alg *alg) 352static unsigned int crypto_blkcipher_ctxsize(struct crypto_alg *alg, u32 type,
353 u32 mask)
349{ 354{
350 struct blkcipher_alg *cipher = &alg->cra_blkcipher; 355 struct blkcipher_alg *cipher = &alg->cra_blkcipher;
351 unsigned int len = alg->cra_ctxsize; 356 unsigned int len = alg->cra_ctxsize;
@@ -358,7 +363,7 @@ static unsigned int crypto_blkcipher_ctxsize(struct crypto_alg *alg)
358 return len; 363 return len;
359} 364}
360 365
361static int crypto_init_blkcipher_ops(struct crypto_tfm *tfm) 366static int crypto_init_blkcipher_ops(struct crypto_tfm *tfm, u32 type, u32 mask)
362{ 367{
363 struct blkcipher_tfm *crt = &tfm->crt_blkcipher; 368 struct blkcipher_tfm *crt = &tfm->crt_blkcipher;
364 struct blkcipher_alg *alg = &tfm->__crt_alg->cra_blkcipher; 369 struct blkcipher_alg *alg = &tfm->__crt_alg->cra_blkcipher;
diff --git a/crypto/camellia.c b/crypto/camellia.c
new file mode 100644
index 000000000000..6877ecfd90bb
--- /dev/null
+++ b/crypto/camellia.c
@@ -0,0 +1,1801 @@
1/*
2 * Copyright (C) 2006
3 * NTT (Nippon Telegraph and Telephone Corporation).
4 *
5 * This program is free software; you can redistribute it and/or
6 * modify it under the terms of the GNU General Public License
7 * as published by the Free Software Foundation; either version 2
8 * of the License, or (at your option) any later version.
9 *
10 * This program is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 * GNU General Public License for more details.
14 *
15 * You should have received a copy of the GNU General Public License
16 * along with this program; if not, write to the Free Software
17 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
18 */
19
20/*
21 * Algorithm Specification
22 * http://info.isl.ntt.co.jp/crypt/eng/camellia/specifications.html
23 */
24
25/*
26 *
27 * NOTE --- NOTE --- NOTE --- NOTE
28 * This implementation assumes that all memory addresses passed
29 * as parameters are four-byte aligned.
30 *
31 */
32
33#include <linux/crypto.h>
34#include <linux/errno.h>
35#include <linux/init.h>
36#include <linux/kernel.h>
37#include <linux/module.h>
38
39
40#define CAMELLIA_MIN_KEY_SIZE 16
41#define CAMELLIA_MAX_KEY_SIZE 32
42#define CAMELLIA_BLOCK_SIZE 16
43#define CAMELLIA_TABLE_BYTE_LEN 272
44#define CAMELLIA_TABLE_WORD_LEN (CAMELLIA_TABLE_BYTE_LEN / 4)
45
46typedef u32 KEY_TABLE_TYPE[CAMELLIA_TABLE_WORD_LEN];
47
48
49/* key constants */
50
51#define CAMELLIA_SIGMA1L (0xA09E667FL)
52#define CAMELLIA_SIGMA1R (0x3BCC908BL)
53#define CAMELLIA_SIGMA2L (0xB67AE858L)
54#define CAMELLIA_SIGMA2R (0x4CAA73B2L)
55#define CAMELLIA_SIGMA3L (0xC6EF372FL)
56#define CAMELLIA_SIGMA3R (0xE94F82BEL)
57#define CAMELLIA_SIGMA4L (0x54FF53A5L)
58#define CAMELLIA_SIGMA4R (0xF1D36F1CL)
59#define CAMELLIA_SIGMA5L (0x10E527FAL)
60#define CAMELLIA_SIGMA5R (0xDE682D1DL)
61#define CAMELLIA_SIGMA6L (0xB05688C2L)
62#define CAMELLIA_SIGMA6R (0xB3E6C1FDL)
63
64struct camellia_ctx {
65 int key_length;
66 KEY_TABLE_TYPE key_table;
67};
68
69
70/*
71 * macros
72 */
73
74
75# define GETU32(pt) (((u32)(pt)[0] << 24) \
76 ^ ((u32)(pt)[1] << 16) \
77 ^ ((u32)(pt)[2] << 8) \
78 ^ ((u32)(pt)[3]))
79
80#define COPY4WORD(dst, src) \
81 do { \
82 (dst)[0]=(src)[0]; \
83 (dst)[1]=(src)[1]; \
84 (dst)[2]=(src)[2]; \
85 (dst)[3]=(src)[3]; \
86 }while(0)
87
88#define SWAP4WORD(word) \
89 do { \
90 CAMELLIA_SWAP4((word)[0]); \
91 CAMELLIA_SWAP4((word)[1]); \
92 CAMELLIA_SWAP4((word)[2]); \
93 CAMELLIA_SWAP4((word)[3]); \
94 }while(0)
95
96#define XOR4WORD(a, b)/* a = a ^ b */ \
97 do { \
98 (a)[0]^=(b)[0]; \
99 (a)[1]^=(b)[1]; \
100 (a)[2]^=(b)[2]; \
101 (a)[3]^=(b)[3]; \
102 }while(0)
103
104#define XOR4WORD2(a, b, c)/* a = b ^ c */ \
105 do { \
106 (a)[0]=(b)[0]^(c)[0]; \
107 (a)[1]=(b)[1]^(c)[1]; \
108 (a)[2]=(b)[2]^(c)[2]; \
109 (a)[3]=(b)[3]^(c)[3]; \
110 }while(0)
111
112#define CAMELLIA_SUBKEY_L(INDEX) (subkey[(INDEX)*2])
113#define CAMELLIA_SUBKEY_R(INDEX) (subkey[(INDEX)*2 + 1])
114
115/* rotation right shift 1byte */
116#define CAMELLIA_RR8(x) (((x) >> 8) + ((x) << 24))
117/* rotation left shift 1bit */
118#define CAMELLIA_RL1(x) (((x) << 1) + ((x) >> 31))
119/* rotation left shift 1byte */
120#define CAMELLIA_RL8(x) (((x) << 8) + ((x) >> 24))
121
122#define CAMELLIA_ROLDQ(ll, lr, rl, rr, w0, w1, bits) \
123 do { \
124 w0 = ll; \
125 ll = (ll << bits) + (lr >> (32 - bits)); \
126 lr = (lr << bits) + (rl >> (32 - bits)); \
127 rl = (rl << bits) + (rr >> (32 - bits)); \
128 rr = (rr << bits) + (w0 >> (32 - bits)); \
129 } while(0)
130
131#define CAMELLIA_ROLDQo32(ll, lr, rl, rr, w0, w1, bits) \
132 do { \
133 w0 = ll; \
134 w1 = lr; \
135 ll = (lr << (bits - 32)) + (rl >> (64 - bits)); \
136 lr = (rl << (bits - 32)) + (rr >> (64 - bits)); \
137 rl = (rr << (bits - 32)) + (w0 >> (64 - bits)); \
138 rr = (w0 << (bits - 32)) + (w1 >> (64 - bits)); \
139 } while(0)
140
141#define CAMELLIA_SP1110(INDEX) (camellia_sp1110[(INDEX)])
142#define CAMELLIA_SP0222(INDEX) (camellia_sp0222[(INDEX)])
143#define CAMELLIA_SP3033(INDEX) (camellia_sp3033[(INDEX)])
144#define CAMELLIA_SP4404(INDEX) (camellia_sp4404[(INDEX)])
145
146#define CAMELLIA_F(xl, xr, kl, kr, yl, yr, il, ir, t0, t1) \
147 do { \
148 il = xl ^ kl; \
149 ir = xr ^ kr; \
150 t0 = il >> 16; \
151 t1 = ir >> 16; \
152 yl = CAMELLIA_SP1110(ir & 0xff) \
153 ^ CAMELLIA_SP0222((t1 >> 8) & 0xff) \
154 ^ CAMELLIA_SP3033(t1 & 0xff) \
155 ^ CAMELLIA_SP4404((ir >> 8) & 0xff); \
156 yr = CAMELLIA_SP1110((t0 >> 8) & 0xff) \
157 ^ CAMELLIA_SP0222(t0 & 0xff) \
158 ^ CAMELLIA_SP3033((il >> 8) & 0xff) \
159 ^ CAMELLIA_SP4404(il & 0xff); \
160 yl ^= yr; \
161 yr = CAMELLIA_RR8(yr); \
162 yr ^= yl; \
163 } while(0)
164
165
166/*
167 * for speed up
168 *
169 */
170#define CAMELLIA_FLS(ll, lr, rl, rr, kll, klr, krl, krr, t0, t1, t2, t3) \
171 do { \
172 t0 = kll; \
173 t2 = krr; \
174 t0 &= ll; \
175 t2 |= rr; \
176 rl ^= t2; \
177 lr ^= CAMELLIA_RL1(t0); \
178 t3 = krl; \
179 t1 = klr; \
180 t3 &= rl; \
181 t1 |= lr; \
182 ll ^= t1; \
183 rr ^= CAMELLIA_RL1(t3); \
184 } while(0)
185
186#define CAMELLIA_ROUNDSM(xl, xr, kl, kr, yl, yr, il, ir, t0, t1) \
187 do { \
188 ir = CAMELLIA_SP1110(xr & 0xff); \
189 il = CAMELLIA_SP1110((xl>>24) & 0xff); \
190 ir ^= CAMELLIA_SP0222((xr>>24) & 0xff); \
191 il ^= CAMELLIA_SP0222((xl>>16) & 0xff); \
192 ir ^= CAMELLIA_SP3033((xr>>16) & 0xff); \
193 il ^= CAMELLIA_SP3033((xl>>8) & 0xff); \
194 ir ^= CAMELLIA_SP4404((xr>>8) & 0xff); \
195 il ^= CAMELLIA_SP4404(xl & 0xff); \
196 il ^= kl; \
197 ir ^= il ^ kr; \
198 yl ^= ir; \
199 yr ^= CAMELLIA_RR8(il) ^ ir; \
200 } while(0)
201
202/**
203 * Stuff related to the Camellia key schedule
204 */
205#define SUBL(x) subL[(x)]
206#define SUBR(x) subR[(x)]
207
208
209static const u32 camellia_sp1110[256] = {
210 0x70707000,0x82828200,0x2c2c2c00,0xececec00,
211 0xb3b3b300,0x27272700,0xc0c0c000,0xe5e5e500,
212 0xe4e4e400,0x85858500,0x57575700,0x35353500,
213 0xeaeaea00,0x0c0c0c00,0xaeaeae00,0x41414100,
214 0x23232300,0xefefef00,0x6b6b6b00,0x93939300,
215 0x45454500,0x19191900,0xa5a5a500,0x21212100,
216 0xededed00,0x0e0e0e00,0x4f4f4f00,0x4e4e4e00,
217 0x1d1d1d00,0x65656500,0x92929200,0xbdbdbd00,
218 0x86868600,0xb8b8b800,0xafafaf00,0x8f8f8f00,
219 0x7c7c7c00,0xebebeb00,0x1f1f1f00,0xcecece00,
220 0x3e3e3e00,0x30303000,0xdcdcdc00,0x5f5f5f00,
221 0x5e5e5e00,0xc5c5c500,0x0b0b0b00,0x1a1a1a00,
222 0xa6a6a600,0xe1e1e100,0x39393900,0xcacaca00,
223 0xd5d5d500,0x47474700,0x5d5d5d00,0x3d3d3d00,
224 0xd9d9d900,0x01010100,0x5a5a5a00,0xd6d6d600,
225 0x51515100,0x56565600,0x6c6c6c00,0x4d4d4d00,
226 0x8b8b8b00,0x0d0d0d00,0x9a9a9a00,0x66666600,
227 0xfbfbfb00,0xcccccc00,0xb0b0b000,0x2d2d2d00,
228 0x74747400,0x12121200,0x2b2b2b00,0x20202000,
229 0xf0f0f000,0xb1b1b100,0x84848400,0x99999900,
230 0xdfdfdf00,0x4c4c4c00,0xcbcbcb00,0xc2c2c200,
231 0x34343400,0x7e7e7e00,0x76767600,0x05050500,
232 0x6d6d6d00,0xb7b7b700,0xa9a9a900,0x31313100,
233 0xd1d1d100,0x17171700,0x04040400,0xd7d7d700,
234 0x14141400,0x58585800,0x3a3a3a00,0x61616100,
235 0xdedede00,0x1b1b1b00,0x11111100,0x1c1c1c00,
236 0x32323200,0x0f0f0f00,0x9c9c9c00,0x16161600,
237 0x53535300,0x18181800,0xf2f2f200,0x22222200,
238 0xfefefe00,0x44444400,0xcfcfcf00,0xb2b2b200,
239 0xc3c3c300,0xb5b5b500,0x7a7a7a00,0x91919100,
240 0x24242400,0x08080800,0xe8e8e800,0xa8a8a800,
241 0x60606000,0xfcfcfc00,0x69696900,0x50505000,
242 0xaaaaaa00,0xd0d0d000,0xa0a0a000,0x7d7d7d00,
243 0xa1a1a100,0x89898900,0x62626200,0x97979700,
244 0x54545400,0x5b5b5b00,0x1e1e1e00,0x95959500,
245 0xe0e0e000,0xffffff00,0x64646400,0xd2d2d200,
246 0x10101000,0xc4c4c400,0x00000000,0x48484800,
247 0xa3a3a300,0xf7f7f700,0x75757500,0xdbdbdb00,
248 0x8a8a8a00,0x03030300,0xe6e6e600,0xdadada00,
249 0x09090900,0x3f3f3f00,0xdddddd00,0x94949400,
250 0x87878700,0x5c5c5c00,0x83838300,0x02020200,
251 0xcdcdcd00,0x4a4a4a00,0x90909000,0x33333300,
252 0x73737300,0x67676700,0xf6f6f600,0xf3f3f300,
253 0x9d9d9d00,0x7f7f7f00,0xbfbfbf00,0xe2e2e200,
254 0x52525200,0x9b9b9b00,0xd8d8d800,0x26262600,
255 0xc8c8c800,0x37373700,0xc6c6c600,0x3b3b3b00,
256 0x81818100,0x96969600,0x6f6f6f00,0x4b4b4b00,
257 0x13131300,0xbebebe00,0x63636300,0x2e2e2e00,
258 0xe9e9e900,0x79797900,0xa7a7a700,0x8c8c8c00,
259 0x9f9f9f00,0x6e6e6e00,0xbcbcbc00,0x8e8e8e00,
260 0x29292900,0xf5f5f500,0xf9f9f900,0xb6b6b600,
261 0x2f2f2f00,0xfdfdfd00,0xb4b4b400,0x59595900,
262 0x78787800,0x98989800,0x06060600,0x6a6a6a00,
263 0xe7e7e700,0x46464600,0x71717100,0xbababa00,
264 0xd4d4d400,0x25252500,0xababab00,0x42424200,
265 0x88888800,0xa2a2a200,0x8d8d8d00,0xfafafa00,
266 0x72727200,0x07070700,0xb9b9b900,0x55555500,
267 0xf8f8f800,0xeeeeee00,0xacacac00,0x0a0a0a00,
268 0x36363600,0x49494900,0x2a2a2a00,0x68686800,
269 0x3c3c3c00,0x38383800,0xf1f1f100,0xa4a4a400,
270 0x40404000,0x28282800,0xd3d3d300,0x7b7b7b00,
271 0xbbbbbb00,0xc9c9c900,0x43434300,0xc1c1c100,
272 0x15151500,0xe3e3e300,0xadadad00,0xf4f4f400,
273 0x77777700,0xc7c7c700,0x80808000,0x9e9e9e00,
274};
275
276static const u32 camellia_sp0222[256] = {
277 0x00e0e0e0,0x00050505,0x00585858,0x00d9d9d9,
278 0x00676767,0x004e4e4e,0x00818181,0x00cbcbcb,
279 0x00c9c9c9,0x000b0b0b,0x00aeaeae,0x006a6a6a,
280 0x00d5d5d5,0x00181818,0x005d5d5d,0x00828282,
281 0x00464646,0x00dfdfdf,0x00d6d6d6,0x00272727,
282 0x008a8a8a,0x00323232,0x004b4b4b,0x00424242,
283 0x00dbdbdb,0x001c1c1c,0x009e9e9e,0x009c9c9c,
284 0x003a3a3a,0x00cacaca,0x00252525,0x007b7b7b,
285 0x000d0d0d,0x00717171,0x005f5f5f,0x001f1f1f,
286 0x00f8f8f8,0x00d7d7d7,0x003e3e3e,0x009d9d9d,
287 0x007c7c7c,0x00606060,0x00b9b9b9,0x00bebebe,
288 0x00bcbcbc,0x008b8b8b,0x00161616,0x00343434,
289 0x004d4d4d,0x00c3c3c3,0x00727272,0x00959595,
290 0x00ababab,0x008e8e8e,0x00bababa,0x007a7a7a,
291 0x00b3b3b3,0x00020202,0x00b4b4b4,0x00adadad,
292 0x00a2a2a2,0x00acacac,0x00d8d8d8,0x009a9a9a,
293 0x00171717,0x001a1a1a,0x00353535,0x00cccccc,
294 0x00f7f7f7,0x00999999,0x00616161,0x005a5a5a,
295 0x00e8e8e8,0x00242424,0x00565656,0x00404040,
296 0x00e1e1e1,0x00636363,0x00090909,0x00333333,
297 0x00bfbfbf,0x00989898,0x00979797,0x00858585,
298 0x00686868,0x00fcfcfc,0x00ececec,0x000a0a0a,
299 0x00dadada,0x006f6f6f,0x00535353,0x00626262,
300 0x00a3a3a3,0x002e2e2e,0x00080808,0x00afafaf,
301 0x00282828,0x00b0b0b0,0x00747474,0x00c2c2c2,
302 0x00bdbdbd,0x00363636,0x00222222,0x00383838,
303 0x00646464,0x001e1e1e,0x00393939,0x002c2c2c,
304 0x00a6a6a6,0x00303030,0x00e5e5e5,0x00444444,
305 0x00fdfdfd,0x00888888,0x009f9f9f,0x00656565,
306 0x00878787,0x006b6b6b,0x00f4f4f4,0x00232323,
307 0x00484848,0x00101010,0x00d1d1d1,0x00515151,
308 0x00c0c0c0,0x00f9f9f9,0x00d2d2d2,0x00a0a0a0,
309 0x00555555,0x00a1a1a1,0x00414141,0x00fafafa,
310 0x00434343,0x00131313,0x00c4c4c4,0x002f2f2f,
311 0x00a8a8a8,0x00b6b6b6,0x003c3c3c,0x002b2b2b,
312 0x00c1c1c1,0x00ffffff,0x00c8c8c8,0x00a5a5a5,
313 0x00202020,0x00898989,0x00000000,0x00909090,
314 0x00474747,0x00efefef,0x00eaeaea,0x00b7b7b7,
315 0x00151515,0x00060606,0x00cdcdcd,0x00b5b5b5,
316 0x00121212,0x007e7e7e,0x00bbbbbb,0x00292929,
317 0x000f0f0f,0x00b8b8b8,0x00070707,0x00040404,
318 0x009b9b9b,0x00949494,0x00212121,0x00666666,
319 0x00e6e6e6,0x00cecece,0x00ededed,0x00e7e7e7,
320 0x003b3b3b,0x00fefefe,0x007f7f7f,0x00c5c5c5,
321 0x00a4a4a4,0x00373737,0x00b1b1b1,0x004c4c4c,
322 0x00919191,0x006e6e6e,0x008d8d8d,0x00767676,
323 0x00030303,0x002d2d2d,0x00dedede,0x00969696,
324 0x00262626,0x007d7d7d,0x00c6c6c6,0x005c5c5c,
325 0x00d3d3d3,0x00f2f2f2,0x004f4f4f,0x00191919,
326 0x003f3f3f,0x00dcdcdc,0x00797979,0x001d1d1d,
327 0x00525252,0x00ebebeb,0x00f3f3f3,0x006d6d6d,
328 0x005e5e5e,0x00fbfbfb,0x00696969,0x00b2b2b2,
329 0x00f0f0f0,0x00313131,0x000c0c0c,0x00d4d4d4,
330 0x00cfcfcf,0x008c8c8c,0x00e2e2e2,0x00757575,
331 0x00a9a9a9,0x004a4a4a,0x00575757,0x00848484,
332 0x00111111,0x00454545,0x001b1b1b,0x00f5f5f5,
333 0x00e4e4e4,0x000e0e0e,0x00737373,0x00aaaaaa,
334 0x00f1f1f1,0x00dddddd,0x00595959,0x00141414,
335 0x006c6c6c,0x00929292,0x00545454,0x00d0d0d0,
336 0x00787878,0x00707070,0x00e3e3e3,0x00494949,
337 0x00808080,0x00505050,0x00a7a7a7,0x00f6f6f6,
338 0x00777777,0x00939393,0x00868686,0x00838383,
339 0x002a2a2a,0x00c7c7c7,0x005b5b5b,0x00e9e9e9,
340 0x00eeeeee,0x008f8f8f,0x00010101,0x003d3d3d,
341};
342
343static const u32 camellia_sp3033[256] = {
344 0x38003838,0x41004141,0x16001616,0x76007676,
345 0xd900d9d9,0x93009393,0x60006060,0xf200f2f2,
346 0x72007272,0xc200c2c2,0xab00abab,0x9a009a9a,
347 0x75007575,0x06000606,0x57005757,0xa000a0a0,
348 0x91009191,0xf700f7f7,0xb500b5b5,0xc900c9c9,
349 0xa200a2a2,0x8c008c8c,0xd200d2d2,0x90009090,
350 0xf600f6f6,0x07000707,0xa700a7a7,0x27002727,
351 0x8e008e8e,0xb200b2b2,0x49004949,0xde00dede,
352 0x43004343,0x5c005c5c,0xd700d7d7,0xc700c7c7,
353 0x3e003e3e,0xf500f5f5,0x8f008f8f,0x67006767,
354 0x1f001f1f,0x18001818,0x6e006e6e,0xaf00afaf,
355 0x2f002f2f,0xe200e2e2,0x85008585,0x0d000d0d,
356 0x53005353,0xf000f0f0,0x9c009c9c,0x65006565,
357 0xea00eaea,0xa300a3a3,0xae00aeae,0x9e009e9e,
358 0xec00ecec,0x80008080,0x2d002d2d,0x6b006b6b,
359 0xa800a8a8,0x2b002b2b,0x36003636,0xa600a6a6,
360 0xc500c5c5,0x86008686,0x4d004d4d,0x33003333,
361 0xfd00fdfd,0x66006666,0x58005858,0x96009696,
362 0x3a003a3a,0x09000909,0x95009595,0x10001010,
363 0x78007878,0xd800d8d8,0x42004242,0xcc00cccc,
364 0xef00efef,0x26002626,0xe500e5e5,0x61006161,
365 0x1a001a1a,0x3f003f3f,0x3b003b3b,0x82008282,
366 0xb600b6b6,0xdb00dbdb,0xd400d4d4,0x98009898,
367 0xe800e8e8,0x8b008b8b,0x02000202,0xeb00ebeb,
368 0x0a000a0a,0x2c002c2c,0x1d001d1d,0xb000b0b0,
369 0x6f006f6f,0x8d008d8d,0x88008888,0x0e000e0e,
370 0x19001919,0x87008787,0x4e004e4e,0x0b000b0b,
371 0xa900a9a9,0x0c000c0c,0x79007979,0x11001111,
372 0x7f007f7f,0x22002222,0xe700e7e7,0x59005959,
373 0xe100e1e1,0xda00dada,0x3d003d3d,0xc800c8c8,
374 0x12001212,0x04000404,0x74007474,0x54005454,
375 0x30003030,0x7e007e7e,0xb400b4b4,0x28002828,
376 0x55005555,0x68006868,0x50005050,0xbe00bebe,
377 0xd000d0d0,0xc400c4c4,0x31003131,0xcb00cbcb,
378 0x2a002a2a,0xad00adad,0x0f000f0f,0xca00caca,
379 0x70007070,0xff00ffff,0x32003232,0x69006969,
380 0x08000808,0x62006262,0x00000000,0x24002424,
381 0xd100d1d1,0xfb00fbfb,0xba00baba,0xed00eded,
382 0x45004545,0x81008181,0x73007373,0x6d006d6d,
383 0x84008484,0x9f009f9f,0xee00eeee,0x4a004a4a,
384 0xc300c3c3,0x2e002e2e,0xc100c1c1,0x01000101,
385 0xe600e6e6,0x25002525,0x48004848,0x99009999,
386 0xb900b9b9,0xb300b3b3,0x7b007b7b,0xf900f9f9,
387 0xce00cece,0xbf00bfbf,0xdf00dfdf,0x71007171,
388 0x29002929,0xcd00cdcd,0x6c006c6c,0x13001313,
389 0x64006464,0x9b009b9b,0x63006363,0x9d009d9d,
390 0xc000c0c0,0x4b004b4b,0xb700b7b7,0xa500a5a5,
391 0x89008989,0x5f005f5f,0xb100b1b1,0x17001717,
392 0xf400f4f4,0xbc00bcbc,0xd300d3d3,0x46004646,
393 0xcf00cfcf,0x37003737,0x5e005e5e,0x47004747,
394 0x94009494,0xfa00fafa,0xfc00fcfc,0x5b005b5b,
395 0x97009797,0xfe00fefe,0x5a005a5a,0xac00acac,
396 0x3c003c3c,0x4c004c4c,0x03000303,0x35003535,
397 0xf300f3f3,0x23002323,0xb800b8b8,0x5d005d5d,
398 0x6a006a6a,0x92009292,0xd500d5d5,0x21002121,
399 0x44004444,0x51005151,0xc600c6c6,0x7d007d7d,
400 0x39003939,0x83008383,0xdc00dcdc,0xaa00aaaa,
401 0x7c007c7c,0x77007777,0x56005656,0x05000505,
402 0x1b001b1b,0xa400a4a4,0x15001515,0x34003434,
403 0x1e001e1e,0x1c001c1c,0xf800f8f8,0x52005252,
404 0x20002020,0x14001414,0xe900e9e9,0xbd00bdbd,
405 0xdd00dddd,0xe400e4e4,0xa100a1a1,0xe000e0e0,
406 0x8a008a8a,0xf100f1f1,0xd600d6d6,0x7a007a7a,
407 0xbb00bbbb,0xe300e3e3,0x40004040,0x4f004f4f,
408};
409
410static const u32 camellia_sp4404[256] = {
411 0x70700070,0x2c2c002c,0xb3b300b3,0xc0c000c0,
412 0xe4e400e4,0x57570057,0xeaea00ea,0xaeae00ae,
413 0x23230023,0x6b6b006b,0x45450045,0xa5a500a5,
414 0xeded00ed,0x4f4f004f,0x1d1d001d,0x92920092,
415 0x86860086,0xafaf00af,0x7c7c007c,0x1f1f001f,
416 0x3e3e003e,0xdcdc00dc,0x5e5e005e,0x0b0b000b,
417 0xa6a600a6,0x39390039,0xd5d500d5,0x5d5d005d,
418 0xd9d900d9,0x5a5a005a,0x51510051,0x6c6c006c,
419 0x8b8b008b,0x9a9a009a,0xfbfb00fb,0xb0b000b0,
420 0x74740074,0x2b2b002b,0xf0f000f0,0x84840084,
421 0xdfdf00df,0xcbcb00cb,0x34340034,0x76760076,
422 0x6d6d006d,0xa9a900a9,0xd1d100d1,0x04040004,
423 0x14140014,0x3a3a003a,0xdede00de,0x11110011,
424 0x32320032,0x9c9c009c,0x53530053,0xf2f200f2,
425 0xfefe00fe,0xcfcf00cf,0xc3c300c3,0x7a7a007a,
426 0x24240024,0xe8e800e8,0x60600060,0x69690069,
427 0xaaaa00aa,0xa0a000a0,0xa1a100a1,0x62620062,
428 0x54540054,0x1e1e001e,0xe0e000e0,0x64640064,
429 0x10100010,0x00000000,0xa3a300a3,0x75750075,
430 0x8a8a008a,0xe6e600e6,0x09090009,0xdddd00dd,
431 0x87870087,0x83830083,0xcdcd00cd,0x90900090,
432 0x73730073,0xf6f600f6,0x9d9d009d,0xbfbf00bf,
433 0x52520052,0xd8d800d8,0xc8c800c8,0xc6c600c6,
434 0x81810081,0x6f6f006f,0x13130013,0x63630063,
435 0xe9e900e9,0xa7a700a7,0x9f9f009f,0xbcbc00bc,
436 0x29290029,0xf9f900f9,0x2f2f002f,0xb4b400b4,
437 0x78780078,0x06060006,0xe7e700e7,0x71710071,
438 0xd4d400d4,0xabab00ab,0x88880088,0x8d8d008d,
439 0x72720072,0xb9b900b9,0xf8f800f8,0xacac00ac,
440 0x36360036,0x2a2a002a,0x3c3c003c,0xf1f100f1,
441 0x40400040,0xd3d300d3,0xbbbb00bb,0x43430043,
442 0x15150015,0xadad00ad,0x77770077,0x80800080,
443 0x82820082,0xecec00ec,0x27270027,0xe5e500e5,
444 0x85850085,0x35350035,0x0c0c000c,0x41410041,
445 0xefef00ef,0x93930093,0x19190019,0x21210021,
446 0x0e0e000e,0x4e4e004e,0x65650065,0xbdbd00bd,
447 0xb8b800b8,0x8f8f008f,0xebeb00eb,0xcece00ce,
448 0x30300030,0x5f5f005f,0xc5c500c5,0x1a1a001a,
449 0xe1e100e1,0xcaca00ca,0x47470047,0x3d3d003d,
450 0x01010001,0xd6d600d6,0x56560056,0x4d4d004d,
451 0x0d0d000d,0x66660066,0xcccc00cc,0x2d2d002d,
452 0x12120012,0x20200020,0xb1b100b1,0x99990099,
453 0x4c4c004c,0xc2c200c2,0x7e7e007e,0x05050005,
454 0xb7b700b7,0x31310031,0x17170017,0xd7d700d7,
455 0x58580058,0x61610061,0x1b1b001b,0x1c1c001c,
456 0x0f0f000f,0x16160016,0x18180018,0x22220022,
457 0x44440044,0xb2b200b2,0xb5b500b5,0x91910091,
458 0x08080008,0xa8a800a8,0xfcfc00fc,0x50500050,
459 0xd0d000d0,0x7d7d007d,0x89890089,0x97970097,
460 0x5b5b005b,0x95950095,0xffff00ff,0xd2d200d2,
461 0xc4c400c4,0x48480048,0xf7f700f7,0xdbdb00db,
462 0x03030003,0xdada00da,0x3f3f003f,0x94940094,
463 0x5c5c005c,0x02020002,0x4a4a004a,0x33330033,
464 0x67670067,0xf3f300f3,0x7f7f007f,0xe2e200e2,
465 0x9b9b009b,0x26260026,0x37370037,0x3b3b003b,
466 0x96960096,0x4b4b004b,0xbebe00be,0x2e2e002e,
467 0x79790079,0x8c8c008c,0x6e6e006e,0x8e8e008e,
468 0xf5f500f5,0xb6b600b6,0xfdfd00fd,0x59590059,
469 0x98980098,0x6a6a006a,0x46460046,0xbaba00ba,
470 0x25250025,0x42420042,0xa2a200a2,0xfafa00fa,
471 0x07070007,0x55550055,0xeeee00ee,0x0a0a000a,
472 0x49490049,0x68680068,0x38380038,0xa4a400a4,
473 0x28280028,0x7b7b007b,0xc9c900c9,0xc1c100c1,
474 0xe3e300e3,0xf4f400f4,0xc7c700c7,0x9e9e009e,
475};
476
477
478
479static void camellia_setup128(const unsigned char *key, u32 *subkey)
480{
481 u32 kll, klr, krl, krr;
482 u32 il, ir, t0, t1, w0, w1;
483 u32 kw4l, kw4r, dw, tl, tr;
484 u32 subL[26];
485 u32 subR[26];
486
487 /**
488 * k == kll || klr || krl || krr (|| is concatination)
489 */
490 kll = GETU32(key );
491 klr = GETU32(key + 4);
492 krl = GETU32(key + 8);
493 krr = GETU32(key + 12);
494 /**
495 * generate KL dependent subkeys
496 */
497 /* kw1 */
498 SUBL(0) = kll; SUBR(0) = klr;
499 /* kw2 */
500 SUBL(1) = krl; SUBR(1) = krr;
501 /* rotation left shift 15bit */
502 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
503 /* k3 */
504 SUBL(4) = kll; SUBR(4) = klr;
505 /* k4 */
506 SUBL(5) = krl; SUBR(5) = krr;
507 /* rotation left shift 15+30bit */
508 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 30);
509 /* k7 */
510 SUBL(10) = kll; SUBR(10) = klr;
511 /* k8 */
512 SUBL(11) = krl; SUBR(11) = krr;
513 /* rotation left shift 15+30+15bit */
514 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
515 /* k10 */
516 SUBL(13) = krl; SUBR(13) = krr;
517 /* rotation left shift 15+30+15+17 bit */
518 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);
519 /* kl3 */
520 SUBL(16) = kll; SUBR(16) = klr;
521 /* kl4 */
522 SUBL(17) = krl; SUBR(17) = krr;
523 /* rotation left shift 15+30+15+17+17 bit */
524 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);
525 /* k13 */
526 SUBL(18) = kll; SUBR(18) = klr;
527 /* k14 */
528 SUBL(19) = krl; SUBR(19) = krr;
529 /* rotation left shift 15+30+15+17+17+17 bit */
530 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);
531 /* k17 */
532 SUBL(22) = kll; SUBR(22) = klr;
533 /* k18 */
534 SUBL(23) = krl; SUBR(23) = krr;
535
536 /* generate KA */
537 kll = SUBL(0); klr = SUBR(0);
538 krl = SUBL(1); krr = SUBR(1);
539 CAMELLIA_F(kll, klr,
540 CAMELLIA_SIGMA1L, CAMELLIA_SIGMA1R,
541 w0, w1, il, ir, t0, t1);
542 krl ^= w0; krr ^= w1;
543 CAMELLIA_F(krl, krr,
544 CAMELLIA_SIGMA2L, CAMELLIA_SIGMA2R,
545 kll, klr, il, ir, t0, t1);
546 /* current status == (kll, klr, w0, w1) */
547 CAMELLIA_F(kll, klr,
548 CAMELLIA_SIGMA3L, CAMELLIA_SIGMA3R,
549 krl, krr, il, ir, t0, t1);
550 krl ^= w0; krr ^= w1;
551 CAMELLIA_F(krl, krr,
552 CAMELLIA_SIGMA4L, CAMELLIA_SIGMA4R,
553 w0, w1, il, ir, t0, t1);
554 kll ^= w0; klr ^= w1;
555
556 /* generate KA dependent subkeys */
557 /* k1, k2 */
558 SUBL(2) = kll; SUBR(2) = klr;
559 SUBL(3) = krl; SUBR(3) = krr;
560 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
561 /* k5,k6 */
562 SUBL(6) = kll; SUBR(6) = klr;
563 SUBL(7) = krl; SUBR(7) = krr;
564 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
565 /* kl1, kl2 */
566 SUBL(8) = kll; SUBR(8) = klr;
567 SUBL(9) = krl; SUBR(9) = krr;
568 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
569 /* k9 */
570 SUBL(12) = kll; SUBR(12) = klr;
571 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
572 /* k11, k12 */
573 SUBL(14) = kll; SUBR(14) = klr;
574 SUBL(15) = krl; SUBR(15) = krr;
575 CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 34);
576 /* k15, k16 */
577 SUBL(20) = kll; SUBR(20) = klr;
578 SUBL(21) = krl; SUBR(21) = krr;
579 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);
580 /* kw3, kw4 */
581 SUBL(24) = kll; SUBR(24) = klr;
582 SUBL(25) = krl; SUBR(25) = krr;
583
584
585 /* absorb kw2 to other subkeys */
586 /* round 2 */
587 SUBL(3) ^= SUBL(1); SUBR(3) ^= SUBR(1);
588 /* round 4 */
589 SUBL(5) ^= SUBL(1); SUBR(5) ^= SUBR(1);
590 /* round 6 */
591 SUBL(7) ^= SUBL(1); SUBR(7) ^= SUBR(1);
592 SUBL(1) ^= SUBR(1) & ~SUBR(9);
593 dw = SUBL(1) & SUBL(9),
594 SUBR(1) ^= CAMELLIA_RL1(dw); /* modified for FLinv(kl2) */
595 /* round 8 */
596 SUBL(11) ^= SUBL(1); SUBR(11) ^= SUBR(1);
597 /* round 10 */
598 SUBL(13) ^= SUBL(1); SUBR(13) ^= SUBR(1);
599 /* round 12 */
600 SUBL(15) ^= SUBL(1); SUBR(15) ^= SUBR(1);
601 SUBL(1) ^= SUBR(1) & ~SUBR(17);
602 dw = SUBL(1) & SUBL(17),
603 SUBR(1) ^= CAMELLIA_RL1(dw); /* modified for FLinv(kl4) */
604 /* round 14 */
605 SUBL(19) ^= SUBL(1); SUBR(19) ^= SUBR(1);
606 /* round 16 */
607 SUBL(21) ^= SUBL(1); SUBR(21) ^= SUBR(1);
608 /* round 18 */
609 SUBL(23) ^= SUBL(1); SUBR(23) ^= SUBR(1);
610 /* kw3 */
611 SUBL(24) ^= SUBL(1); SUBR(24) ^= SUBR(1);
612
613 /* absorb kw4 to other subkeys */
614 kw4l = SUBL(25); kw4r = SUBR(25);
615 /* round 17 */
616 SUBL(22) ^= kw4l; SUBR(22) ^= kw4r;
617 /* round 15 */
618 SUBL(20) ^= kw4l; SUBR(20) ^= kw4r;
619 /* round 13 */
620 SUBL(18) ^= kw4l; SUBR(18) ^= kw4r;
621 kw4l ^= kw4r & ~SUBR(16);
622 dw = kw4l & SUBL(16),
623 kw4r ^= CAMELLIA_RL1(dw); /* modified for FL(kl3) */
624 /* round 11 */
625 SUBL(14) ^= kw4l; SUBR(14) ^= kw4r;
626 /* round 9 */
627 SUBL(12) ^= kw4l; SUBR(12) ^= kw4r;
628 /* round 7 */
629 SUBL(10) ^= kw4l; SUBR(10) ^= kw4r;
630 kw4l ^= kw4r & ~SUBR(8);
631 dw = kw4l & SUBL(8),
632 kw4r ^= CAMELLIA_RL1(dw); /* modified for FL(kl1) */
633 /* round 5 */
634 SUBL(6) ^= kw4l; SUBR(6) ^= kw4r;
635 /* round 3 */
636 SUBL(4) ^= kw4l; SUBR(4) ^= kw4r;
637 /* round 1 */
638 SUBL(2) ^= kw4l; SUBR(2) ^= kw4r;
639 /* kw1 */
640 SUBL(0) ^= kw4l; SUBR(0) ^= kw4r;
641
642
643 /* key XOR is end of F-function */
644 CAMELLIA_SUBKEY_L(0) = SUBL(0) ^ SUBL(2);/* kw1 */
645 CAMELLIA_SUBKEY_R(0) = SUBR(0) ^ SUBR(2);
646 CAMELLIA_SUBKEY_L(2) = SUBL(3); /* round 1 */
647 CAMELLIA_SUBKEY_R(2) = SUBR(3);
648 CAMELLIA_SUBKEY_L(3) = SUBL(2) ^ SUBL(4); /* round 2 */
649 CAMELLIA_SUBKEY_R(3) = SUBR(2) ^ SUBR(4);
650 CAMELLIA_SUBKEY_L(4) = SUBL(3) ^ SUBL(5); /* round 3 */
651 CAMELLIA_SUBKEY_R(4) = SUBR(3) ^ SUBR(5);
652 CAMELLIA_SUBKEY_L(5) = SUBL(4) ^ SUBL(6); /* round 4 */
653 CAMELLIA_SUBKEY_R(5) = SUBR(4) ^ SUBR(6);
654 CAMELLIA_SUBKEY_L(6) = SUBL(5) ^ SUBL(7); /* round 5 */
655 CAMELLIA_SUBKEY_R(6) = SUBR(5) ^ SUBR(7);
656 tl = SUBL(10) ^ (SUBR(10) & ~SUBR(8));
657 dw = tl & SUBL(8), /* FL(kl1) */
658 tr = SUBR(10) ^ CAMELLIA_RL1(dw);
659 CAMELLIA_SUBKEY_L(7) = SUBL(6) ^ tl; /* round 6 */
660 CAMELLIA_SUBKEY_R(7) = SUBR(6) ^ tr;
661 CAMELLIA_SUBKEY_L(8) = SUBL(8); /* FL(kl1) */
662 CAMELLIA_SUBKEY_R(8) = SUBR(8);
663 CAMELLIA_SUBKEY_L(9) = SUBL(9); /* FLinv(kl2) */
664 CAMELLIA_SUBKEY_R(9) = SUBR(9);
665 tl = SUBL(7) ^ (SUBR(7) & ~SUBR(9));
666 dw = tl & SUBL(9), /* FLinv(kl2) */
667 tr = SUBR(7) ^ CAMELLIA_RL1(dw);
668 CAMELLIA_SUBKEY_L(10) = tl ^ SUBL(11); /* round 7 */
669 CAMELLIA_SUBKEY_R(10) = tr ^ SUBR(11);
670 CAMELLIA_SUBKEY_L(11) = SUBL(10) ^ SUBL(12); /* round 8 */
671 CAMELLIA_SUBKEY_R(11) = SUBR(10) ^ SUBR(12);
672 CAMELLIA_SUBKEY_L(12) = SUBL(11) ^ SUBL(13); /* round 9 */
673 CAMELLIA_SUBKEY_R(12) = SUBR(11) ^ SUBR(13);
674 CAMELLIA_SUBKEY_L(13) = SUBL(12) ^ SUBL(14); /* round 10 */
675 CAMELLIA_SUBKEY_R(13) = SUBR(12) ^ SUBR(14);
676 CAMELLIA_SUBKEY_L(14) = SUBL(13) ^ SUBL(15); /* round 11 */
677 CAMELLIA_SUBKEY_R(14) = SUBR(13) ^ SUBR(15);
678 tl = SUBL(18) ^ (SUBR(18) & ~SUBR(16));
679 dw = tl & SUBL(16), /* FL(kl3) */
680 tr = SUBR(18) ^ CAMELLIA_RL1(dw);
681 CAMELLIA_SUBKEY_L(15) = SUBL(14) ^ tl; /* round 12 */
682 CAMELLIA_SUBKEY_R(15) = SUBR(14) ^ tr;
683 CAMELLIA_SUBKEY_L(16) = SUBL(16); /* FL(kl3) */
684 CAMELLIA_SUBKEY_R(16) = SUBR(16);
685 CAMELLIA_SUBKEY_L(17) = SUBL(17); /* FLinv(kl4) */
686 CAMELLIA_SUBKEY_R(17) = SUBR(17);
687 tl = SUBL(15) ^ (SUBR(15) & ~SUBR(17));
688 dw = tl & SUBL(17), /* FLinv(kl4) */
689 tr = SUBR(15) ^ CAMELLIA_RL1(dw);
690 CAMELLIA_SUBKEY_L(18) = tl ^ SUBL(19); /* round 13 */
691 CAMELLIA_SUBKEY_R(18) = tr ^ SUBR(19);
692 CAMELLIA_SUBKEY_L(19) = SUBL(18) ^ SUBL(20); /* round 14 */
693 CAMELLIA_SUBKEY_R(19) = SUBR(18) ^ SUBR(20);
694 CAMELLIA_SUBKEY_L(20) = SUBL(19) ^ SUBL(21); /* round 15 */
695 CAMELLIA_SUBKEY_R(20) = SUBR(19) ^ SUBR(21);
696 CAMELLIA_SUBKEY_L(21) = SUBL(20) ^ SUBL(22); /* round 16 */
697 CAMELLIA_SUBKEY_R(21) = SUBR(20) ^ SUBR(22);
698 CAMELLIA_SUBKEY_L(22) = SUBL(21) ^ SUBL(23); /* round 17 */
699 CAMELLIA_SUBKEY_R(22) = SUBR(21) ^ SUBR(23);
700 CAMELLIA_SUBKEY_L(23) = SUBL(22); /* round 18 */
701 CAMELLIA_SUBKEY_R(23) = SUBR(22);
702 CAMELLIA_SUBKEY_L(24) = SUBL(24) ^ SUBL(23); /* kw3 */
703 CAMELLIA_SUBKEY_R(24) = SUBR(24) ^ SUBR(23);
704
705 /* apply the inverse of the last half of P-function */
706 dw = CAMELLIA_SUBKEY_L(2) ^ CAMELLIA_SUBKEY_R(2),
707 dw = CAMELLIA_RL8(dw);/* round 1 */
708 CAMELLIA_SUBKEY_R(2) = CAMELLIA_SUBKEY_L(2) ^ dw,
709 CAMELLIA_SUBKEY_L(2) = dw;
710 dw = CAMELLIA_SUBKEY_L(3) ^ CAMELLIA_SUBKEY_R(3),
711 dw = CAMELLIA_RL8(dw);/* round 2 */
712 CAMELLIA_SUBKEY_R(3) = CAMELLIA_SUBKEY_L(3) ^ dw,
713 CAMELLIA_SUBKEY_L(3) = dw;
714 dw = CAMELLIA_SUBKEY_L(4) ^ CAMELLIA_SUBKEY_R(4),
715 dw = CAMELLIA_RL8(dw);/* round 3 */
716 CAMELLIA_SUBKEY_R(4) = CAMELLIA_SUBKEY_L(4) ^ dw,
717 CAMELLIA_SUBKEY_L(4) = dw;
718 dw = CAMELLIA_SUBKEY_L(5) ^ CAMELLIA_SUBKEY_R(5),
719 dw = CAMELLIA_RL8(dw);/* round 4 */
720 CAMELLIA_SUBKEY_R(5) = CAMELLIA_SUBKEY_L(5) ^ dw,
721 CAMELLIA_SUBKEY_L(5) = dw;
722 dw = CAMELLIA_SUBKEY_L(6) ^ CAMELLIA_SUBKEY_R(6),
723 dw = CAMELLIA_RL8(dw);/* round 5 */
724 CAMELLIA_SUBKEY_R(6) = CAMELLIA_SUBKEY_L(6) ^ dw,
725 CAMELLIA_SUBKEY_L(6) = dw;
726 dw = CAMELLIA_SUBKEY_L(7) ^ CAMELLIA_SUBKEY_R(7),
727 dw = CAMELLIA_RL8(dw);/* round 6 */
728 CAMELLIA_SUBKEY_R(7) = CAMELLIA_SUBKEY_L(7) ^ dw,
729 CAMELLIA_SUBKEY_L(7) = dw;
730 dw = CAMELLIA_SUBKEY_L(10) ^ CAMELLIA_SUBKEY_R(10),
731 dw = CAMELLIA_RL8(dw);/* round 7 */
732 CAMELLIA_SUBKEY_R(10) = CAMELLIA_SUBKEY_L(10) ^ dw,
733 CAMELLIA_SUBKEY_L(10) = dw;
734 dw = CAMELLIA_SUBKEY_L(11) ^ CAMELLIA_SUBKEY_R(11),
735 dw = CAMELLIA_RL8(dw);/* round 8 */
736 CAMELLIA_SUBKEY_R(11) = CAMELLIA_SUBKEY_L(11) ^ dw,
737 CAMELLIA_SUBKEY_L(11) = dw;
738 dw = CAMELLIA_SUBKEY_L(12) ^ CAMELLIA_SUBKEY_R(12),
739 dw = CAMELLIA_RL8(dw);/* round 9 */
740 CAMELLIA_SUBKEY_R(12) = CAMELLIA_SUBKEY_L(12) ^ dw,
741 CAMELLIA_SUBKEY_L(12) = dw;
742 dw = CAMELLIA_SUBKEY_L(13) ^ CAMELLIA_SUBKEY_R(13),
743 dw = CAMELLIA_RL8(dw);/* round 10 */
744 CAMELLIA_SUBKEY_R(13) = CAMELLIA_SUBKEY_L(13) ^ dw,
745 CAMELLIA_SUBKEY_L(13) = dw;
746 dw = CAMELLIA_SUBKEY_L(14) ^ CAMELLIA_SUBKEY_R(14),
747 dw = CAMELLIA_RL8(dw);/* round 11 */
748 CAMELLIA_SUBKEY_R(14) = CAMELLIA_SUBKEY_L(14) ^ dw,
749 CAMELLIA_SUBKEY_L(14) = dw;
750 dw = CAMELLIA_SUBKEY_L(15) ^ CAMELLIA_SUBKEY_R(15),
751 dw = CAMELLIA_RL8(dw);/* round 12 */
752 CAMELLIA_SUBKEY_R(15) = CAMELLIA_SUBKEY_L(15) ^ dw,
753 CAMELLIA_SUBKEY_L(15) = dw;
754 dw = CAMELLIA_SUBKEY_L(18) ^ CAMELLIA_SUBKEY_R(18),
755 dw = CAMELLIA_RL8(dw);/* round 13 */
756 CAMELLIA_SUBKEY_R(18) = CAMELLIA_SUBKEY_L(18) ^ dw,
757 CAMELLIA_SUBKEY_L(18) = dw;
758 dw = CAMELLIA_SUBKEY_L(19) ^ CAMELLIA_SUBKEY_R(19),
759 dw = CAMELLIA_RL8(dw);/* round 14 */
760 CAMELLIA_SUBKEY_R(19) = CAMELLIA_SUBKEY_L(19) ^ dw,
761 CAMELLIA_SUBKEY_L(19) = dw;
762 dw = CAMELLIA_SUBKEY_L(20) ^ CAMELLIA_SUBKEY_R(20),
763 dw = CAMELLIA_RL8(dw);/* round 15 */
764 CAMELLIA_SUBKEY_R(20) = CAMELLIA_SUBKEY_L(20) ^ dw,
765 CAMELLIA_SUBKEY_L(20) = dw;
766 dw = CAMELLIA_SUBKEY_L(21) ^ CAMELLIA_SUBKEY_R(21),
767 dw = CAMELLIA_RL8(dw);/* round 16 */
768 CAMELLIA_SUBKEY_R(21) = CAMELLIA_SUBKEY_L(21) ^ dw,
769 CAMELLIA_SUBKEY_L(21) = dw;
770 dw = CAMELLIA_SUBKEY_L(22) ^ CAMELLIA_SUBKEY_R(22),
771 dw = CAMELLIA_RL8(dw);/* round 17 */
772 CAMELLIA_SUBKEY_R(22) = CAMELLIA_SUBKEY_L(22) ^ dw,
773 CAMELLIA_SUBKEY_L(22) = dw;
774 dw = CAMELLIA_SUBKEY_L(23) ^ CAMELLIA_SUBKEY_R(23),
775 dw = CAMELLIA_RL8(dw);/* round 18 */
776 CAMELLIA_SUBKEY_R(23) = CAMELLIA_SUBKEY_L(23) ^ dw,
777 CAMELLIA_SUBKEY_L(23) = dw;
778
779 return;
780}
781
782
783static void camellia_setup256(const unsigned char *key, u32 *subkey)
784{
785 u32 kll,klr,krl,krr; /* left half of key */
786 u32 krll,krlr,krrl,krrr; /* right half of key */
787 u32 il, ir, t0, t1, w0, w1; /* temporary variables */
788 u32 kw4l, kw4r, dw, tl, tr;
789 u32 subL[34];
790 u32 subR[34];
791
792 /**
793 * key = (kll || klr || krl || krr || krll || krlr || krrl || krrr)
794 * (|| is concatination)
795 */
796
797 kll = GETU32(key );
798 klr = GETU32(key + 4);
799 krl = GETU32(key + 8);
800 krr = GETU32(key + 12);
801 krll = GETU32(key + 16);
802 krlr = GETU32(key + 20);
803 krrl = GETU32(key + 24);
804 krrr = GETU32(key + 28);
805
806 /* generate KL dependent subkeys */
807 /* kw1 */
808 SUBL(0) = kll; SUBR(0) = klr;
809 /* kw2 */
810 SUBL(1) = krl; SUBR(1) = krr;
811 CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 45);
812 /* k9 */
813 SUBL(12) = kll; SUBR(12) = klr;
814 /* k10 */
815 SUBL(13) = krl; SUBR(13) = krr;
816 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
817 /* kl3 */
818 SUBL(16) = kll; SUBR(16) = klr;
819 /* kl4 */
820 SUBL(17) = krl; SUBR(17) = krr;
821 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);
822 /* k17 */
823 SUBL(22) = kll; SUBR(22) = klr;
824 /* k18 */
825 SUBL(23) = krl; SUBR(23) = krr;
826 CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 34);
827 /* k23 */
828 SUBL(30) = kll; SUBR(30) = klr;
829 /* k24 */
830 SUBL(31) = krl; SUBR(31) = krr;
831
832 /* generate KR dependent subkeys */
833 CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 15);
834 /* k3 */
835 SUBL(4) = krll; SUBR(4) = krlr;
836 /* k4 */
837 SUBL(5) = krrl; SUBR(5) = krrr;
838 CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 15);
839 /* kl1 */
840 SUBL(8) = krll; SUBR(8) = krlr;
841 /* kl2 */
842 SUBL(9) = krrl; SUBR(9) = krrr;
843 CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30);
844 /* k13 */
845 SUBL(18) = krll; SUBR(18) = krlr;
846 /* k14 */
847 SUBL(19) = krrl; SUBR(19) = krrr;
848 CAMELLIA_ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 34);
849 /* k19 */
850 SUBL(26) = krll; SUBR(26) = krlr;
851 /* k20 */
852 SUBL(27) = krrl; SUBR(27) = krrr;
853 CAMELLIA_ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 34);
854
855 /* generate KA */
856 kll = SUBL(0) ^ krll; klr = SUBR(0) ^ krlr;
857 krl = SUBL(1) ^ krrl; krr = SUBR(1) ^ krrr;
858 CAMELLIA_F(kll, klr,
859 CAMELLIA_SIGMA1L, CAMELLIA_SIGMA1R,
860 w0, w1, il, ir, t0, t1);
861 krl ^= w0; krr ^= w1;
862 CAMELLIA_F(krl, krr,
863 CAMELLIA_SIGMA2L, CAMELLIA_SIGMA2R,
864 kll, klr, il, ir, t0, t1);
865 kll ^= krll; klr ^= krlr;
866 CAMELLIA_F(kll, klr,
867 CAMELLIA_SIGMA3L, CAMELLIA_SIGMA3R,
868 krl, krr, il, ir, t0, t1);
869 krl ^= w0 ^ krrl; krr ^= w1 ^ krrr;
870 CAMELLIA_F(krl, krr,
871 CAMELLIA_SIGMA4L, CAMELLIA_SIGMA4R,
872 w0, w1, il, ir, t0, t1);
873 kll ^= w0; klr ^= w1;
874
875 /* generate KB */
876 krll ^= kll; krlr ^= klr;
877 krrl ^= krl; krrr ^= krr;
878 CAMELLIA_F(krll, krlr,
879 CAMELLIA_SIGMA5L, CAMELLIA_SIGMA5R,
880 w0, w1, il, ir, t0, t1);
881 krrl ^= w0; krrr ^= w1;
882 CAMELLIA_F(krrl, krrr,
883 CAMELLIA_SIGMA6L, CAMELLIA_SIGMA6R,
884 w0, w1, il, ir, t0, t1);
885 krll ^= w0; krlr ^= w1;
886
887 /* generate KA dependent subkeys */
888 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
889 /* k5 */
890 SUBL(6) = kll; SUBR(6) = klr;
891 /* k6 */
892 SUBL(7) = krl; SUBR(7) = krr;
893 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 30);
894 /* k11 */
895 SUBL(14) = kll; SUBR(14) = klr;
896 /* k12 */
897 SUBL(15) = krl; SUBR(15) = krr;
898 /* rotation left shift 32bit */
899 /* kl5 */
900 SUBL(24) = klr; SUBR(24) = krl;
901 /* kl6 */
902 SUBL(25) = krr; SUBR(25) = kll;
903 /* rotation left shift 49 from k11,k12 -> k21,k22 */
904 CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 49);
905 /* k21 */
906 SUBL(28) = kll; SUBR(28) = klr;
907 /* k22 */
908 SUBL(29) = krl; SUBR(29) = krr;
909
910 /* generate KB dependent subkeys */
911 /* k1 */
912 SUBL(2) = krll; SUBR(2) = krlr;
913 /* k2 */
914 SUBL(3) = krrl; SUBR(3) = krrr;
915 CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30);
916 /* k7 */
917 SUBL(10) = krll; SUBR(10) = krlr;
918 /* k8 */
919 SUBL(11) = krrl; SUBR(11) = krrr;
920 CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30);
921 /* k15 */
922 SUBL(20) = krll; SUBR(20) = krlr;
923 /* k16 */
924 SUBL(21) = krrl; SUBR(21) = krrr;
925 CAMELLIA_ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 51);
926 /* kw3 */
927 SUBL(32) = krll; SUBR(32) = krlr;
928 /* kw4 */
929 SUBL(33) = krrl; SUBR(33) = krrr;
930
931 /* absorb kw2 to other subkeys */
932 /* round 2 */
933 SUBL(3) ^= SUBL(1); SUBR(3) ^= SUBR(1);
934 /* round 4 */
935 SUBL(5) ^= SUBL(1); SUBR(5) ^= SUBR(1);
936 /* round 6 */
937 SUBL(7) ^= SUBL(1); SUBR(7) ^= SUBR(1);
938 SUBL(1) ^= SUBR(1) & ~SUBR(9);
939 dw = SUBL(1) & SUBL(9),
940 SUBR(1) ^= CAMELLIA_RL1(dw); /* modified for FLinv(kl2) */
941 /* round 8 */
942 SUBL(11) ^= SUBL(1); SUBR(11) ^= SUBR(1);
943 /* round 10 */
944 SUBL(13) ^= SUBL(1); SUBR(13) ^= SUBR(1);
945 /* round 12 */
946 SUBL(15) ^= SUBL(1); SUBR(15) ^= SUBR(1);
947 SUBL(1) ^= SUBR(1) & ~SUBR(17);
948 dw = SUBL(1) & SUBL(17),
949 SUBR(1) ^= CAMELLIA_RL1(dw); /* modified for FLinv(kl4) */
950 /* round 14 */
951 SUBL(19) ^= SUBL(1); SUBR(19) ^= SUBR(1);
952 /* round 16 */
953 SUBL(21) ^= SUBL(1); SUBR(21) ^= SUBR(1);
954 /* round 18 */
955 SUBL(23) ^= SUBL(1); SUBR(23) ^= SUBR(1);
956 SUBL(1) ^= SUBR(1) & ~SUBR(25);
957 dw = SUBL(1) & SUBL(25),
958 SUBR(1) ^= CAMELLIA_RL1(dw); /* modified for FLinv(kl6) */
959 /* round 20 */
960 SUBL(27) ^= SUBL(1); SUBR(27) ^= SUBR(1);
961 /* round 22 */
962 SUBL(29) ^= SUBL(1); SUBR(29) ^= SUBR(1);
963 /* round 24 */
964 SUBL(31) ^= SUBL(1); SUBR(31) ^= SUBR(1);
965 /* kw3 */
966 SUBL(32) ^= SUBL(1); SUBR(32) ^= SUBR(1);
967
968
969 /* absorb kw4 to other subkeys */
970 kw4l = SUBL(33); kw4r = SUBR(33);
971 /* round 23 */
972 SUBL(30) ^= kw4l; SUBR(30) ^= kw4r;
973 /* round 21 */
974 SUBL(28) ^= kw4l; SUBR(28) ^= kw4r;
975 /* round 19 */
976 SUBL(26) ^= kw4l; SUBR(26) ^= kw4r;
977 kw4l ^= kw4r & ~SUBR(24);
978 dw = kw4l & SUBL(24),
979 kw4r ^= CAMELLIA_RL1(dw); /* modified for FL(kl5) */
980 /* round 17 */
981 SUBL(22) ^= kw4l; SUBR(22) ^= kw4r;
982 /* round 15 */
983 SUBL(20) ^= kw4l; SUBR(20) ^= kw4r;
984 /* round 13 */
985 SUBL(18) ^= kw4l; SUBR(18) ^= kw4r;
986 kw4l ^= kw4r & ~SUBR(16);
987 dw = kw4l & SUBL(16),
988 kw4r ^= CAMELLIA_RL1(dw); /* modified for FL(kl3) */
989 /* round 11 */
990 SUBL(14) ^= kw4l; SUBR(14) ^= kw4r;
991 /* round 9 */
992 SUBL(12) ^= kw4l; SUBR(12) ^= kw4r;
993 /* round 7 */
994 SUBL(10) ^= kw4l; SUBR(10) ^= kw4r;
995 kw4l ^= kw4r & ~SUBR(8);
996 dw = kw4l & SUBL(8),
997 kw4r ^= CAMELLIA_RL1(dw); /* modified for FL(kl1) */
998 /* round 5 */
999 SUBL(6) ^= kw4l; SUBR(6) ^= kw4r;
1000 /* round 3 */
1001 SUBL(4) ^= kw4l; SUBR(4) ^= kw4r;
1002 /* round 1 */
1003 SUBL(2) ^= kw4l; SUBR(2) ^= kw4r;
1004 /* kw1 */
1005 SUBL(0) ^= kw4l; SUBR(0) ^= kw4r;
1006
1007 /* key XOR is end of F-function */
1008 CAMELLIA_SUBKEY_L(0) = SUBL(0) ^ SUBL(2);/* kw1 */
1009 CAMELLIA_SUBKEY_R(0) = SUBR(0) ^ SUBR(2);
1010 CAMELLIA_SUBKEY_L(2) = SUBL(3); /* round 1 */
1011 CAMELLIA_SUBKEY_R(2) = SUBR(3);
1012 CAMELLIA_SUBKEY_L(3) = SUBL(2) ^ SUBL(4); /* round 2 */
1013 CAMELLIA_SUBKEY_R(3) = SUBR(2) ^ SUBR(4);
1014 CAMELLIA_SUBKEY_L(4) = SUBL(3) ^ SUBL(5); /* round 3 */
1015 CAMELLIA_SUBKEY_R(4) = SUBR(3) ^ SUBR(5);
1016 CAMELLIA_SUBKEY_L(5) = SUBL(4) ^ SUBL(6); /* round 4 */
1017 CAMELLIA_SUBKEY_R(5) = SUBR(4) ^ SUBR(6);
1018 CAMELLIA_SUBKEY_L(6) = SUBL(5) ^ SUBL(7); /* round 5 */
1019 CAMELLIA_SUBKEY_R(6) = SUBR(5) ^ SUBR(7);
1020 tl = SUBL(10) ^ (SUBR(10) & ~SUBR(8));
1021 dw = tl & SUBL(8), /* FL(kl1) */
1022 tr = SUBR(10) ^ CAMELLIA_RL1(dw);
1023 CAMELLIA_SUBKEY_L(7) = SUBL(6) ^ tl; /* round 6 */
1024 CAMELLIA_SUBKEY_R(7) = SUBR(6) ^ tr;
1025 CAMELLIA_SUBKEY_L(8) = SUBL(8); /* FL(kl1) */
1026 CAMELLIA_SUBKEY_R(8) = SUBR(8);
1027 CAMELLIA_SUBKEY_L(9) = SUBL(9); /* FLinv(kl2) */
1028 CAMELLIA_SUBKEY_R(9) = SUBR(9);
1029 tl = SUBL(7) ^ (SUBR(7) & ~SUBR(9));
1030 dw = tl & SUBL(9), /* FLinv(kl2) */
1031 tr = SUBR(7) ^ CAMELLIA_RL1(dw);
1032 CAMELLIA_SUBKEY_L(10) = tl ^ SUBL(11); /* round 7 */
1033 CAMELLIA_SUBKEY_R(10) = tr ^ SUBR(11);
1034 CAMELLIA_SUBKEY_L(11) = SUBL(10) ^ SUBL(12); /* round 8 */
1035 CAMELLIA_SUBKEY_R(11) = SUBR(10) ^ SUBR(12);
1036 CAMELLIA_SUBKEY_L(12) = SUBL(11) ^ SUBL(13); /* round 9 */
1037 CAMELLIA_SUBKEY_R(12) = SUBR(11) ^ SUBR(13);
1038 CAMELLIA_SUBKEY_L(13) = SUBL(12) ^ SUBL(14); /* round 10 */
1039 CAMELLIA_SUBKEY_R(13) = SUBR(12) ^ SUBR(14);
1040 CAMELLIA_SUBKEY_L(14) = SUBL(13) ^ SUBL(15); /* round 11 */
1041 CAMELLIA_SUBKEY_R(14) = SUBR(13) ^ SUBR(15);
1042 tl = SUBL(18) ^ (SUBR(18) & ~SUBR(16));
1043 dw = tl & SUBL(16), /* FL(kl3) */
1044 tr = SUBR(18) ^ CAMELLIA_RL1(dw);
1045 CAMELLIA_SUBKEY_L(15) = SUBL(14) ^ tl; /* round 12 */
1046 CAMELLIA_SUBKEY_R(15) = SUBR(14) ^ tr;
1047 CAMELLIA_SUBKEY_L(16) = SUBL(16); /* FL(kl3) */
1048 CAMELLIA_SUBKEY_R(16) = SUBR(16);
1049 CAMELLIA_SUBKEY_L(17) = SUBL(17); /* FLinv(kl4) */
1050 CAMELLIA_SUBKEY_R(17) = SUBR(17);
1051 tl = SUBL(15) ^ (SUBR(15) & ~SUBR(17));
1052 dw = tl & SUBL(17), /* FLinv(kl4) */
1053 tr = SUBR(15) ^ CAMELLIA_RL1(dw);
1054 CAMELLIA_SUBKEY_L(18) = tl ^ SUBL(19); /* round 13 */
1055 CAMELLIA_SUBKEY_R(18) = tr ^ SUBR(19);
1056 CAMELLIA_SUBKEY_L(19) = SUBL(18) ^ SUBL(20); /* round 14 */
1057 CAMELLIA_SUBKEY_R(19) = SUBR(18) ^ SUBR(20);
1058 CAMELLIA_SUBKEY_L(20) = SUBL(19) ^ SUBL(21); /* round 15 */
1059 CAMELLIA_SUBKEY_R(20) = SUBR(19) ^ SUBR(21);
1060 CAMELLIA_SUBKEY_L(21) = SUBL(20) ^ SUBL(22); /* round 16 */
1061 CAMELLIA_SUBKEY_R(21) = SUBR(20) ^ SUBR(22);
1062 CAMELLIA_SUBKEY_L(22) = SUBL(21) ^ SUBL(23); /* round 17 */
1063 CAMELLIA_SUBKEY_R(22) = SUBR(21) ^ SUBR(23);
1064 tl = SUBL(26) ^ (SUBR(26)
1065 & ~SUBR(24));
1066 dw = tl & SUBL(24), /* FL(kl5) */
1067 tr = SUBR(26) ^ CAMELLIA_RL1(dw);
1068 CAMELLIA_SUBKEY_L(23) = SUBL(22) ^ tl; /* round 18 */
1069 CAMELLIA_SUBKEY_R(23) = SUBR(22) ^ tr;
1070 CAMELLIA_SUBKEY_L(24) = SUBL(24); /* FL(kl5) */
1071 CAMELLIA_SUBKEY_R(24) = SUBR(24);
1072 CAMELLIA_SUBKEY_L(25) = SUBL(25); /* FLinv(kl6) */
1073 CAMELLIA_SUBKEY_R(25) = SUBR(25);
1074 tl = SUBL(23) ^ (SUBR(23) &
1075 ~SUBR(25));
1076 dw = tl & SUBL(25), /* FLinv(kl6) */
1077 tr = SUBR(23) ^ CAMELLIA_RL1(dw);
1078 CAMELLIA_SUBKEY_L(26) = tl ^ SUBL(27); /* round 19 */
1079 CAMELLIA_SUBKEY_R(26) = tr ^ SUBR(27);
1080 CAMELLIA_SUBKEY_L(27) = SUBL(26) ^ SUBL(28); /* round 20 */
1081 CAMELLIA_SUBKEY_R(27) = SUBR(26) ^ SUBR(28);
1082 CAMELLIA_SUBKEY_L(28) = SUBL(27) ^ SUBL(29); /* round 21 */
1083 CAMELLIA_SUBKEY_R(28) = SUBR(27) ^ SUBR(29);
1084 CAMELLIA_SUBKEY_L(29) = SUBL(28) ^ SUBL(30); /* round 22 */
1085 CAMELLIA_SUBKEY_R(29) = SUBR(28) ^ SUBR(30);
1086 CAMELLIA_SUBKEY_L(30) = SUBL(29) ^ SUBL(31); /* round 23 */
1087 CAMELLIA_SUBKEY_R(30) = SUBR(29) ^ SUBR(31);
1088 CAMELLIA_SUBKEY_L(31) = SUBL(30); /* round 24 */
1089 CAMELLIA_SUBKEY_R(31) = SUBR(30);
1090 CAMELLIA_SUBKEY_L(32) = SUBL(32) ^ SUBL(31); /* kw3 */
1091 CAMELLIA_SUBKEY_R(32) = SUBR(32) ^ SUBR(31);
1092
1093 /* apply the inverse of the last half of P-function */
1094 dw = CAMELLIA_SUBKEY_L(2) ^ CAMELLIA_SUBKEY_R(2),
1095 dw = CAMELLIA_RL8(dw);/* round 1 */
1096 CAMELLIA_SUBKEY_R(2) = CAMELLIA_SUBKEY_L(2) ^ dw,
1097 CAMELLIA_SUBKEY_L(2) = dw;
1098 dw = CAMELLIA_SUBKEY_L(3) ^ CAMELLIA_SUBKEY_R(3),
1099 dw = CAMELLIA_RL8(dw);/* round 2 */
1100 CAMELLIA_SUBKEY_R(3) = CAMELLIA_SUBKEY_L(3) ^ dw,
1101 CAMELLIA_SUBKEY_L(3) = dw;
1102 dw = CAMELLIA_SUBKEY_L(4) ^ CAMELLIA_SUBKEY_R(4),
1103 dw = CAMELLIA_RL8(dw);/* round 3 */
1104 CAMELLIA_SUBKEY_R(4) = CAMELLIA_SUBKEY_L(4) ^ dw,
1105 CAMELLIA_SUBKEY_L(4) = dw;
1106 dw = CAMELLIA_SUBKEY_L(5) ^ CAMELLIA_SUBKEY_R(5),
1107 dw = CAMELLIA_RL8(dw);/* round 4 */
1108 CAMELLIA_SUBKEY_R(5) = CAMELLIA_SUBKEY_L(5) ^ dw,
1109 CAMELLIA_SUBKEY_L(5) = dw;
1110 dw = CAMELLIA_SUBKEY_L(6) ^ CAMELLIA_SUBKEY_R(6),
1111 dw = CAMELLIA_RL8(dw);/* round 5 */
1112 CAMELLIA_SUBKEY_R(6) = CAMELLIA_SUBKEY_L(6) ^ dw,
1113 CAMELLIA_SUBKEY_L(6) = dw;
1114 dw = CAMELLIA_SUBKEY_L(7) ^ CAMELLIA_SUBKEY_R(7),
1115 dw = CAMELLIA_RL8(dw);/* round 6 */
1116 CAMELLIA_SUBKEY_R(7) = CAMELLIA_SUBKEY_L(7) ^ dw,
1117 CAMELLIA_SUBKEY_L(7) = dw;
1118 dw = CAMELLIA_SUBKEY_L(10) ^ CAMELLIA_SUBKEY_R(10),
1119 dw = CAMELLIA_RL8(dw);/* round 7 */
1120 CAMELLIA_SUBKEY_R(10) = CAMELLIA_SUBKEY_L(10) ^ dw,
1121 CAMELLIA_SUBKEY_L(10) = dw;
1122 dw = CAMELLIA_SUBKEY_L(11) ^ CAMELLIA_SUBKEY_R(11),
1123 dw = CAMELLIA_RL8(dw);/* round 8 */
1124 CAMELLIA_SUBKEY_R(11) = CAMELLIA_SUBKEY_L(11) ^ dw,
1125 CAMELLIA_SUBKEY_L(11) = dw;
1126 dw = CAMELLIA_SUBKEY_L(12) ^ CAMELLIA_SUBKEY_R(12),
1127 dw = CAMELLIA_RL8(dw);/* round 9 */
1128 CAMELLIA_SUBKEY_R(12) = CAMELLIA_SUBKEY_L(12) ^ dw,
1129 CAMELLIA_SUBKEY_L(12) = dw;
1130 dw = CAMELLIA_SUBKEY_L(13) ^ CAMELLIA_SUBKEY_R(13),
1131 dw = CAMELLIA_RL8(dw);/* round 10 */
1132 CAMELLIA_SUBKEY_R(13) = CAMELLIA_SUBKEY_L(13) ^ dw,
1133 CAMELLIA_SUBKEY_L(13) = dw;
1134 dw = CAMELLIA_SUBKEY_L(14) ^ CAMELLIA_SUBKEY_R(14),
1135 dw = CAMELLIA_RL8(dw);/* round 11 */
1136 CAMELLIA_SUBKEY_R(14) = CAMELLIA_SUBKEY_L(14) ^ dw,
1137 CAMELLIA_SUBKEY_L(14) = dw;
1138 dw = CAMELLIA_SUBKEY_L(15) ^ CAMELLIA_SUBKEY_R(15),
1139 dw = CAMELLIA_RL8(dw);/* round 12 */
1140 CAMELLIA_SUBKEY_R(15) = CAMELLIA_SUBKEY_L(15) ^ dw,
1141 CAMELLIA_SUBKEY_L(15) = dw;
1142 dw = CAMELLIA_SUBKEY_L(18) ^ CAMELLIA_SUBKEY_R(18),
1143 dw = CAMELLIA_RL8(dw);/* round 13 */
1144 CAMELLIA_SUBKEY_R(18) = CAMELLIA_SUBKEY_L(18) ^ dw,
1145 CAMELLIA_SUBKEY_L(18) = dw;
1146 dw = CAMELLIA_SUBKEY_L(19) ^ CAMELLIA_SUBKEY_R(19),
1147 dw = CAMELLIA_RL8(dw);/* round 14 */
1148 CAMELLIA_SUBKEY_R(19) = CAMELLIA_SUBKEY_L(19) ^ dw,
1149 CAMELLIA_SUBKEY_L(19) = dw;
1150 dw = CAMELLIA_SUBKEY_L(20) ^ CAMELLIA_SUBKEY_R(20),
1151 dw = CAMELLIA_RL8(dw);/* round 15 */
1152 CAMELLIA_SUBKEY_R(20) = CAMELLIA_SUBKEY_L(20) ^ dw,
1153 CAMELLIA_SUBKEY_L(20) = dw;
1154 dw = CAMELLIA_SUBKEY_L(21) ^ CAMELLIA_SUBKEY_R(21),
1155 dw = CAMELLIA_RL8(dw);/* round 16 */
1156 CAMELLIA_SUBKEY_R(21) = CAMELLIA_SUBKEY_L(21) ^ dw,
1157 CAMELLIA_SUBKEY_L(21) = dw;
1158 dw = CAMELLIA_SUBKEY_L(22) ^ CAMELLIA_SUBKEY_R(22),
1159 dw = CAMELLIA_RL8(dw);/* round 17 */
1160 CAMELLIA_SUBKEY_R(22) = CAMELLIA_SUBKEY_L(22) ^ dw,
1161 CAMELLIA_SUBKEY_L(22) = dw;
1162 dw = CAMELLIA_SUBKEY_L(23) ^ CAMELLIA_SUBKEY_R(23),
1163 dw = CAMELLIA_RL8(dw);/* round 18 */
1164 CAMELLIA_SUBKEY_R(23) = CAMELLIA_SUBKEY_L(23) ^ dw,
1165 CAMELLIA_SUBKEY_L(23) = dw;
1166 dw = CAMELLIA_SUBKEY_L(26) ^ CAMELLIA_SUBKEY_R(26),
1167 dw = CAMELLIA_RL8(dw);/* round 19 */
1168 CAMELLIA_SUBKEY_R(26) = CAMELLIA_SUBKEY_L(26) ^ dw,
1169 CAMELLIA_SUBKEY_L(26) = dw;
1170 dw = CAMELLIA_SUBKEY_L(27) ^ CAMELLIA_SUBKEY_R(27),
1171 dw = CAMELLIA_RL8(dw);/* round 20 */
1172 CAMELLIA_SUBKEY_R(27) = CAMELLIA_SUBKEY_L(27) ^ dw,
1173 CAMELLIA_SUBKEY_L(27) = dw;
1174 dw = CAMELLIA_SUBKEY_L(28) ^ CAMELLIA_SUBKEY_R(28),
1175 dw = CAMELLIA_RL8(dw);/* round 21 */
1176 CAMELLIA_SUBKEY_R(28) = CAMELLIA_SUBKEY_L(28) ^ dw,
1177 CAMELLIA_SUBKEY_L(28) = dw;
1178 dw = CAMELLIA_SUBKEY_L(29) ^ CAMELLIA_SUBKEY_R(29),
1179 dw = CAMELLIA_RL8(dw);/* round 22 */
1180 CAMELLIA_SUBKEY_R(29) = CAMELLIA_SUBKEY_L(29) ^ dw,
1181 CAMELLIA_SUBKEY_L(29) = dw;
1182 dw = CAMELLIA_SUBKEY_L(30) ^ CAMELLIA_SUBKEY_R(30),
1183 dw = CAMELLIA_RL8(dw);/* round 23 */
1184 CAMELLIA_SUBKEY_R(30) = CAMELLIA_SUBKEY_L(30) ^ dw,
1185 CAMELLIA_SUBKEY_L(30) = dw;
1186 dw = CAMELLIA_SUBKEY_L(31) ^ CAMELLIA_SUBKEY_R(31),
1187 dw = CAMELLIA_RL8(dw);/* round 24 */
1188 CAMELLIA_SUBKEY_R(31) = CAMELLIA_SUBKEY_L(31) ^ dw,
1189 CAMELLIA_SUBKEY_L(31) = dw;
1190
1191 return;
1192}
1193
1194static void camellia_setup192(const unsigned char *key, u32 *subkey)
1195{
1196 unsigned char kk[32];
1197 u32 krll, krlr, krrl,krrr;
1198
1199 memcpy(kk, key, 24);
1200 memcpy((unsigned char *)&krll, key+16,4);
1201 memcpy((unsigned char *)&krlr, key+20,4);
1202 krrl = ~krll;
1203 krrr = ~krlr;
1204 memcpy(kk+24, (unsigned char *)&krrl, 4);
1205 memcpy(kk+28, (unsigned char *)&krrr, 4);
1206 camellia_setup256(kk, subkey);
1207 return;
1208}
1209
1210
1211/**
1212 * Stuff related to camellia encryption/decryption
1213 */
1214static void camellia_encrypt128(const u32 *subkey, __be32 *io_text)
1215{
1216 u32 il,ir,t0,t1; /* temporary valiables */
1217
1218 u32 io[4];
1219
1220 io[0] = be32_to_cpu(io_text[0]);
1221 io[1] = be32_to_cpu(io_text[1]);
1222 io[2] = be32_to_cpu(io_text[2]);
1223 io[3] = be32_to_cpu(io_text[3]);
1224
1225 /* pre whitening but absorb kw2*/
1226 io[0] ^= CAMELLIA_SUBKEY_L(0);
1227 io[1] ^= CAMELLIA_SUBKEY_R(0);
1228 /* main iteration */
1229
1230 CAMELLIA_ROUNDSM(io[0],io[1],
1231 CAMELLIA_SUBKEY_L(2),CAMELLIA_SUBKEY_R(2),
1232 io[2],io[3],il,ir,t0,t1);
1233 CAMELLIA_ROUNDSM(io[2],io[3],
1234 CAMELLIA_SUBKEY_L(3),CAMELLIA_SUBKEY_R(3),
1235 io[0],io[1],il,ir,t0,t1);
1236 CAMELLIA_ROUNDSM(io[0],io[1],
1237 CAMELLIA_SUBKEY_L(4),CAMELLIA_SUBKEY_R(4),
1238 io[2],io[3],il,ir,t0,t1);
1239 CAMELLIA_ROUNDSM(io[2],io[3],
1240 CAMELLIA_SUBKEY_L(5),CAMELLIA_SUBKEY_R(5),
1241 io[0],io[1],il,ir,t0,t1);
1242 CAMELLIA_ROUNDSM(io[0],io[1],
1243 CAMELLIA_SUBKEY_L(6),CAMELLIA_SUBKEY_R(6),
1244 io[2],io[3],il,ir,t0,t1);
1245 CAMELLIA_ROUNDSM(io[2],io[3],
1246 CAMELLIA_SUBKEY_L(7),CAMELLIA_SUBKEY_R(7),
1247 io[0],io[1],il,ir,t0,t1);
1248
1249 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1250 CAMELLIA_SUBKEY_L(8),CAMELLIA_SUBKEY_R(8),
1251 CAMELLIA_SUBKEY_L(9),CAMELLIA_SUBKEY_R(9),
1252 t0,t1,il,ir);
1253
1254 CAMELLIA_ROUNDSM(io[0],io[1],
1255 CAMELLIA_SUBKEY_L(10),CAMELLIA_SUBKEY_R(10),
1256 io[2],io[3],il,ir,t0,t1);
1257 CAMELLIA_ROUNDSM(io[2],io[3],
1258 CAMELLIA_SUBKEY_L(11),CAMELLIA_SUBKEY_R(11),
1259 io[0],io[1],il,ir,t0,t1);
1260 CAMELLIA_ROUNDSM(io[0],io[1],
1261 CAMELLIA_SUBKEY_L(12),CAMELLIA_SUBKEY_R(12),
1262 io[2],io[3],il,ir,t0,t1);
1263 CAMELLIA_ROUNDSM(io[2],io[3],
1264 CAMELLIA_SUBKEY_L(13),CAMELLIA_SUBKEY_R(13),
1265 io[0],io[1],il,ir,t0,t1);
1266 CAMELLIA_ROUNDSM(io[0],io[1],
1267 CAMELLIA_SUBKEY_L(14),CAMELLIA_SUBKEY_R(14),
1268 io[2],io[3],il,ir,t0,t1);
1269 CAMELLIA_ROUNDSM(io[2],io[3],
1270 CAMELLIA_SUBKEY_L(15),CAMELLIA_SUBKEY_R(15),
1271 io[0],io[1],il,ir,t0,t1);
1272
1273 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1274 CAMELLIA_SUBKEY_L(16),CAMELLIA_SUBKEY_R(16),
1275 CAMELLIA_SUBKEY_L(17),CAMELLIA_SUBKEY_R(17),
1276 t0,t1,il,ir);
1277
1278 CAMELLIA_ROUNDSM(io[0],io[1],
1279 CAMELLIA_SUBKEY_L(18),CAMELLIA_SUBKEY_R(18),
1280 io[2],io[3],il,ir,t0,t1);
1281 CAMELLIA_ROUNDSM(io[2],io[3],
1282 CAMELLIA_SUBKEY_L(19),CAMELLIA_SUBKEY_R(19),
1283 io[0],io[1],il,ir,t0,t1);
1284 CAMELLIA_ROUNDSM(io[0],io[1],
1285 CAMELLIA_SUBKEY_L(20),CAMELLIA_SUBKEY_R(20),
1286 io[2],io[3],il,ir,t0,t1);
1287 CAMELLIA_ROUNDSM(io[2],io[3],
1288 CAMELLIA_SUBKEY_L(21),CAMELLIA_SUBKEY_R(21),
1289 io[0],io[1],il,ir,t0,t1);
1290 CAMELLIA_ROUNDSM(io[0],io[1],
1291 CAMELLIA_SUBKEY_L(22),CAMELLIA_SUBKEY_R(22),
1292 io[2],io[3],il,ir,t0,t1);
1293 CAMELLIA_ROUNDSM(io[2],io[3],
1294 CAMELLIA_SUBKEY_L(23),CAMELLIA_SUBKEY_R(23),
1295 io[0],io[1],il,ir,t0,t1);
1296
1297 /* post whitening but kw4 */
1298 io[2] ^= CAMELLIA_SUBKEY_L(24);
1299 io[3] ^= CAMELLIA_SUBKEY_R(24);
1300
1301 t0 = io[0];
1302 t1 = io[1];
1303 io[0] = io[2];
1304 io[1] = io[3];
1305 io[2] = t0;
1306 io[3] = t1;
1307
1308 io_text[0] = cpu_to_be32(io[0]);
1309 io_text[1] = cpu_to_be32(io[1]);
1310 io_text[2] = cpu_to_be32(io[2]);
1311 io_text[3] = cpu_to_be32(io[3]);
1312
1313 return;
1314}
1315
1316static void camellia_decrypt128(const u32 *subkey, __be32 *io_text)
1317{
1318 u32 il,ir,t0,t1; /* temporary valiables */
1319
1320 u32 io[4];
1321
1322 io[0] = be32_to_cpu(io_text[0]);
1323 io[1] = be32_to_cpu(io_text[1]);
1324 io[2] = be32_to_cpu(io_text[2]);
1325 io[3] = be32_to_cpu(io_text[3]);
1326
1327 /* pre whitening but absorb kw2*/
1328 io[0] ^= CAMELLIA_SUBKEY_L(24);
1329 io[1] ^= CAMELLIA_SUBKEY_R(24);
1330
1331 /* main iteration */
1332 CAMELLIA_ROUNDSM(io[0],io[1],
1333 CAMELLIA_SUBKEY_L(23),CAMELLIA_SUBKEY_R(23),
1334 io[2],io[3],il,ir,t0,t1);
1335 CAMELLIA_ROUNDSM(io[2],io[3],
1336 CAMELLIA_SUBKEY_L(22),CAMELLIA_SUBKEY_R(22),
1337 io[0],io[1],il,ir,t0,t1);
1338 CAMELLIA_ROUNDSM(io[0],io[1],
1339 CAMELLIA_SUBKEY_L(21),CAMELLIA_SUBKEY_R(21),
1340 io[2],io[3],il,ir,t0,t1);
1341 CAMELLIA_ROUNDSM(io[2],io[3],
1342 CAMELLIA_SUBKEY_L(20),CAMELLIA_SUBKEY_R(20),
1343 io[0],io[1],il,ir,t0,t1);
1344 CAMELLIA_ROUNDSM(io[0],io[1],
1345 CAMELLIA_SUBKEY_L(19),CAMELLIA_SUBKEY_R(19),
1346 io[2],io[3],il,ir,t0,t1);
1347 CAMELLIA_ROUNDSM(io[2],io[3],
1348 CAMELLIA_SUBKEY_L(18),CAMELLIA_SUBKEY_R(18),
1349 io[0],io[1],il,ir,t0,t1);
1350
1351 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1352 CAMELLIA_SUBKEY_L(17),CAMELLIA_SUBKEY_R(17),
1353 CAMELLIA_SUBKEY_L(16),CAMELLIA_SUBKEY_R(16),
1354 t0,t1,il,ir);
1355
1356 CAMELLIA_ROUNDSM(io[0],io[1],
1357 CAMELLIA_SUBKEY_L(15),CAMELLIA_SUBKEY_R(15),
1358 io[2],io[3],il,ir,t0,t1);
1359 CAMELLIA_ROUNDSM(io[2],io[3],
1360 CAMELLIA_SUBKEY_L(14),CAMELLIA_SUBKEY_R(14),
1361 io[0],io[1],il,ir,t0,t1);
1362 CAMELLIA_ROUNDSM(io[0],io[1],
1363 CAMELLIA_SUBKEY_L(13),CAMELLIA_SUBKEY_R(13),
1364 io[2],io[3],il,ir,t0,t1);
1365 CAMELLIA_ROUNDSM(io[2],io[3],
1366 CAMELLIA_SUBKEY_L(12),CAMELLIA_SUBKEY_R(12),
1367 io[0],io[1],il,ir,t0,t1);
1368 CAMELLIA_ROUNDSM(io[0],io[1],
1369 CAMELLIA_SUBKEY_L(11),CAMELLIA_SUBKEY_R(11),
1370 io[2],io[3],il,ir,t0,t1);
1371 CAMELLIA_ROUNDSM(io[2],io[3],
1372 CAMELLIA_SUBKEY_L(10),CAMELLIA_SUBKEY_R(10),
1373 io[0],io[1],il,ir,t0,t1);
1374
1375 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1376 CAMELLIA_SUBKEY_L(9),CAMELLIA_SUBKEY_R(9),
1377 CAMELLIA_SUBKEY_L(8),CAMELLIA_SUBKEY_R(8),
1378 t0,t1,il,ir);
1379
1380 CAMELLIA_ROUNDSM(io[0],io[1],
1381 CAMELLIA_SUBKEY_L(7),CAMELLIA_SUBKEY_R(7),
1382 io[2],io[3],il,ir,t0,t1);
1383 CAMELLIA_ROUNDSM(io[2],io[3],
1384 CAMELLIA_SUBKEY_L(6),CAMELLIA_SUBKEY_R(6),
1385 io[0],io[1],il,ir,t0,t1);
1386 CAMELLIA_ROUNDSM(io[0],io[1],
1387 CAMELLIA_SUBKEY_L(5),CAMELLIA_SUBKEY_R(5),
1388 io[2],io[3],il,ir,t0,t1);
1389 CAMELLIA_ROUNDSM(io[2],io[3],
1390 CAMELLIA_SUBKEY_L(4),CAMELLIA_SUBKEY_R(4),
1391 io[0],io[1],il,ir,t0,t1);
1392 CAMELLIA_ROUNDSM(io[0],io[1],
1393 CAMELLIA_SUBKEY_L(3),CAMELLIA_SUBKEY_R(3),
1394 io[2],io[3],il,ir,t0,t1);
1395 CAMELLIA_ROUNDSM(io[2],io[3],
1396 CAMELLIA_SUBKEY_L(2),CAMELLIA_SUBKEY_R(2),
1397 io[0],io[1],il,ir,t0,t1);
1398
1399 /* post whitening but kw4 */
1400 io[2] ^= CAMELLIA_SUBKEY_L(0);
1401 io[3] ^= CAMELLIA_SUBKEY_R(0);
1402
1403 t0 = io[0];
1404 t1 = io[1];
1405 io[0] = io[2];
1406 io[1] = io[3];
1407 io[2] = t0;
1408 io[3] = t1;
1409
1410 io_text[0] = cpu_to_be32(io[0]);
1411 io_text[1] = cpu_to_be32(io[1]);
1412 io_text[2] = cpu_to_be32(io[2]);
1413 io_text[3] = cpu_to_be32(io[3]);
1414
1415 return;
1416}
1417
1418
1419/**
1420 * stuff for 192 and 256bit encryption/decryption
1421 */
1422static void camellia_encrypt256(const u32 *subkey, __be32 *io_text)
1423{
1424 u32 il,ir,t0,t1; /* temporary valiables */
1425
1426 u32 io[4];
1427
1428 io[0] = be32_to_cpu(io_text[0]);
1429 io[1] = be32_to_cpu(io_text[1]);
1430 io[2] = be32_to_cpu(io_text[2]);
1431 io[3] = be32_to_cpu(io_text[3]);
1432
1433 /* pre whitening but absorb kw2*/
1434 io[0] ^= CAMELLIA_SUBKEY_L(0);
1435 io[1] ^= CAMELLIA_SUBKEY_R(0);
1436
1437 /* main iteration */
1438 CAMELLIA_ROUNDSM(io[0],io[1],
1439 CAMELLIA_SUBKEY_L(2),CAMELLIA_SUBKEY_R(2),
1440 io[2],io[3],il,ir,t0,t1);
1441 CAMELLIA_ROUNDSM(io[2],io[3],
1442 CAMELLIA_SUBKEY_L(3),CAMELLIA_SUBKEY_R(3),
1443 io[0],io[1],il,ir,t0,t1);
1444 CAMELLIA_ROUNDSM(io[0],io[1],
1445 CAMELLIA_SUBKEY_L(4),CAMELLIA_SUBKEY_R(4),
1446 io[2],io[3],il,ir,t0,t1);
1447 CAMELLIA_ROUNDSM(io[2],io[3],
1448 CAMELLIA_SUBKEY_L(5),CAMELLIA_SUBKEY_R(5),
1449 io[0],io[1],il,ir,t0,t1);
1450 CAMELLIA_ROUNDSM(io[0],io[1],
1451 CAMELLIA_SUBKEY_L(6),CAMELLIA_SUBKEY_R(6),
1452 io[2],io[3],il,ir,t0,t1);
1453 CAMELLIA_ROUNDSM(io[2],io[3],
1454 CAMELLIA_SUBKEY_L(7),CAMELLIA_SUBKEY_R(7),
1455 io[0],io[1],il,ir,t0,t1);
1456
1457 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1458 CAMELLIA_SUBKEY_L(8),CAMELLIA_SUBKEY_R(8),
1459 CAMELLIA_SUBKEY_L(9),CAMELLIA_SUBKEY_R(9),
1460 t0,t1,il,ir);
1461
1462 CAMELLIA_ROUNDSM(io[0],io[1],
1463 CAMELLIA_SUBKEY_L(10),CAMELLIA_SUBKEY_R(10),
1464 io[2],io[3],il,ir,t0,t1);
1465 CAMELLIA_ROUNDSM(io[2],io[3],
1466 CAMELLIA_SUBKEY_L(11),CAMELLIA_SUBKEY_R(11),
1467 io[0],io[1],il,ir,t0,t1);
1468 CAMELLIA_ROUNDSM(io[0],io[1],
1469 CAMELLIA_SUBKEY_L(12),CAMELLIA_SUBKEY_R(12),
1470 io[2],io[3],il,ir,t0,t1);
1471 CAMELLIA_ROUNDSM(io[2],io[3],
1472 CAMELLIA_SUBKEY_L(13),CAMELLIA_SUBKEY_R(13),
1473 io[0],io[1],il,ir,t0,t1);
1474 CAMELLIA_ROUNDSM(io[0],io[1],
1475 CAMELLIA_SUBKEY_L(14),CAMELLIA_SUBKEY_R(14),
1476 io[2],io[3],il,ir,t0,t1);
1477 CAMELLIA_ROUNDSM(io[2],io[3],
1478 CAMELLIA_SUBKEY_L(15),CAMELLIA_SUBKEY_R(15),
1479 io[0],io[1],il,ir,t0,t1);
1480
1481 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1482 CAMELLIA_SUBKEY_L(16),CAMELLIA_SUBKEY_R(16),
1483 CAMELLIA_SUBKEY_L(17),CAMELLIA_SUBKEY_R(17),
1484 t0,t1,il,ir);
1485
1486 CAMELLIA_ROUNDSM(io[0],io[1],
1487 CAMELLIA_SUBKEY_L(18),CAMELLIA_SUBKEY_R(18),
1488 io[2],io[3],il,ir,t0,t1);
1489 CAMELLIA_ROUNDSM(io[2],io[3],
1490 CAMELLIA_SUBKEY_L(19),CAMELLIA_SUBKEY_R(19),
1491 io[0],io[1],il,ir,t0,t1);
1492 CAMELLIA_ROUNDSM(io[0],io[1],
1493 CAMELLIA_SUBKEY_L(20),CAMELLIA_SUBKEY_R(20),
1494 io[2],io[3],il,ir,t0,t1);
1495 CAMELLIA_ROUNDSM(io[2],io[3],
1496 CAMELLIA_SUBKEY_L(21),CAMELLIA_SUBKEY_R(21),
1497 io[0],io[1],il,ir,t0,t1);
1498 CAMELLIA_ROUNDSM(io[0],io[1],
1499 CAMELLIA_SUBKEY_L(22),CAMELLIA_SUBKEY_R(22),
1500 io[2],io[3],il,ir,t0,t1);
1501 CAMELLIA_ROUNDSM(io[2],io[3],
1502 CAMELLIA_SUBKEY_L(23),CAMELLIA_SUBKEY_R(23),
1503 io[0],io[1],il,ir,t0,t1);
1504
1505 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1506 CAMELLIA_SUBKEY_L(24),CAMELLIA_SUBKEY_R(24),
1507 CAMELLIA_SUBKEY_L(25),CAMELLIA_SUBKEY_R(25),
1508 t0,t1,il,ir);
1509
1510 CAMELLIA_ROUNDSM(io[0],io[1],
1511 CAMELLIA_SUBKEY_L(26),CAMELLIA_SUBKEY_R(26),
1512 io[2],io[3],il,ir,t0,t1);
1513 CAMELLIA_ROUNDSM(io[2],io[3],
1514 CAMELLIA_SUBKEY_L(27),CAMELLIA_SUBKEY_R(27),
1515 io[0],io[1],il,ir,t0,t1);
1516 CAMELLIA_ROUNDSM(io[0],io[1],
1517 CAMELLIA_SUBKEY_L(28),CAMELLIA_SUBKEY_R(28),
1518 io[2],io[3],il,ir,t0,t1);
1519 CAMELLIA_ROUNDSM(io[2],io[3],
1520 CAMELLIA_SUBKEY_L(29),CAMELLIA_SUBKEY_R(29),
1521 io[0],io[1],il,ir,t0,t1);
1522 CAMELLIA_ROUNDSM(io[0],io[1],
1523 CAMELLIA_SUBKEY_L(30),CAMELLIA_SUBKEY_R(30),
1524 io[2],io[3],il,ir,t0,t1);
1525 CAMELLIA_ROUNDSM(io[2],io[3],
1526 CAMELLIA_SUBKEY_L(31),CAMELLIA_SUBKEY_R(31),
1527 io[0],io[1],il,ir,t0,t1);
1528
1529 /* post whitening but kw4 */
1530 io[2] ^= CAMELLIA_SUBKEY_L(32);
1531 io[3] ^= CAMELLIA_SUBKEY_R(32);
1532
1533 t0 = io[0];
1534 t1 = io[1];
1535 io[0] = io[2];
1536 io[1] = io[3];
1537 io[2] = t0;
1538 io[3] = t1;
1539
1540 io_text[0] = cpu_to_be32(io[0]);
1541 io_text[1] = cpu_to_be32(io[1]);
1542 io_text[2] = cpu_to_be32(io[2]);
1543 io_text[3] = cpu_to_be32(io[3]);
1544
1545 return;
1546}
1547
1548
1549static void camellia_decrypt256(const u32 *subkey, __be32 *io_text)
1550{
1551 u32 il,ir,t0,t1; /* temporary valiables */
1552
1553 u32 io[4];
1554
1555 io[0] = be32_to_cpu(io_text[0]);
1556 io[1] = be32_to_cpu(io_text[1]);
1557 io[2] = be32_to_cpu(io_text[2]);
1558 io[3] = be32_to_cpu(io_text[3]);
1559
1560 /* pre whitening but absorb kw2*/
1561 io[0] ^= CAMELLIA_SUBKEY_L(32);
1562 io[1] ^= CAMELLIA_SUBKEY_R(32);
1563
1564 /* main iteration */
1565 CAMELLIA_ROUNDSM(io[0],io[1],
1566 CAMELLIA_SUBKEY_L(31),CAMELLIA_SUBKEY_R(31),
1567 io[2],io[3],il,ir,t0,t1);
1568 CAMELLIA_ROUNDSM(io[2],io[3],
1569 CAMELLIA_SUBKEY_L(30),CAMELLIA_SUBKEY_R(30),
1570 io[0],io[1],il,ir,t0,t1);
1571 CAMELLIA_ROUNDSM(io[0],io[1],
1572 CAMELLIA_SUBKEY_L(29),CAMELLIA_SUBKEY_R(29),
1573 io[2],io[3],il,ir,t0,t1);
1574 CAMELLIA_ROUNDSM(io[2],io[3],
1575 CAMELLIA_SUBKEY_L(28),CAMELLIA_SUBKEY_R(28),
1576 io[0],io[1],il,ir,t0,t1);
1577 CAMELLIA_ROUNDSM(io[0],io[1],
1578 CAMELLIA_SUBKEY_L(27),CAMELLIA_SUBKEY_R(27),
1579 io[2],io[3],il,ir,t0,t1);
1580 CAMELLIA_ROUNDSM(io[2],io[3],
1581 CAMELLIA_SUBKEY_L(26),CAMELLIA_SUBKEY_R(26),
1582 io[0],io[1],il,ir,t0,t1);
1583
1584 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1585 CAMELLIA_SUBKEY_L(25),CAMELLIA_SUBKEY_R(25),
1586 CAMELLIA_SUBKEY_L(24),CAMELLIA_SUBKEY_R(24),
1587 t0,t1,il,ir);
1588
1589 CAMELLIA_ROUNDSM(io[0],io[1],
1590 CAMELLIA_SUBKEY_L(23),CAMELLIA_SUBKEY_R(23),
1591 io[2],io[3],il,ir,t0,t1);
1592 CAMELLIA_ROUNDSM(io[2],io[3],
1593 CAMELLIA_SUBKEY_L(22),CAMELLIA_SUBKEY_R(22),
1594 io[0],io[1],il,ir,t0,t1);
1595 CAMELLIA_ROUNDSM(io[0],io[1],
1596 CAMELLIA_SUBKEY_L(21),CAMELLIA_SUBKEY_R(21),
1597 io[2],io[3],il,ir,t0,t1);
1598 CAMELLIA_ROUNDSM(io[2],io[3],
1599 CAMELLIA_SUBKEY_L(20),CAMELLIA_SUBKEY_R(20),
1600 io[0],io[1],il,ir,t0,t1);
1601 CAMELLIA_ROUNDSM(io[0],io[1],
1602 CAMELLIA_SUBKEY_L(19),CAMELLIA_SUBKEY_R(19),
1603 io[2],io[3],il,ir,t0,t1);
1604 CAMELLIA_ROUNDSM(io[2],io[3],
1605 CAMELLIA_SUBKEY_L(18),CAMELLIA_SUBKEY_R(18),
1606 io[0],io[1],il,ir,t0,t1);
1607
1608 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1609 CAMELLIA_SUBKEY_L(17),CAMELLIA_SUBKEY_R(17),
1610 CAMELLIA_SUBKEY_L(16),CAMELLIA_SUBKEY_R(16),
1611 t0,t1,il,ir);
1612
1613 CAMELLIA_ROUNDSM(io[0],io[1],
1614 CAMELLIA_SUBKEY_L(15),CAMELLIA_SUBKEY_R(15),
1615 io[2],io[3],il,ir,t0,t1);
1616 CAMELLIA_ROUNDSM(io[2],io[3],
1617 CAMELLIA_SUBKEY_L(14),CAMELLIA_SUBKEY_R(14),
1618 io[0],io[1],il,ir,t0,t1);
1619 CAMELLIA_ROUNDSM(io[0],io[1],
1620 CAMELLIA_SUBKEY_L(13),CAMELLIA_SUBKEY_R(13),
1621 io[2],io[3],il,ir,t0,t1);
1622 CAMELLIA_ROUNDSM(io[2],io[3],
1623 CAMELLIA_SUBKEY_L(12),CAMELLIA_SUBKEY_R(12),
1624 io[0],io[1],il,ir,t0,t1);
1625 CAMELLIA_ROUNDSM(io[0],io[1],
1626 CAMELLIA_SUBKEY_L(11),CAMELLIA_SUBKEY_R(11),
1627 io[2],io[3],il,ir,t0,t1);
1628 CAMELLIA_ROUNDSM(io[2],io[3],
1629 CAMELLIA_SUBKEY_L(10),CAMELLIA_SUBKEY_R(10),
1630 io[0],io[1],il,ir,t0,t1);
1631
1632 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1633 CAMELLIA_SUBKEY_L(9),CAMELLIA_SUBKEY_R(9),
1634 CAMELLIA_SUBKEY_L(8),CAMELLIA_SUBKEY_R(8),
1635 t0,t1,il,ir);
1636
1637 CAMELLIA_ROUNDSM(io[0],io[1],
1638 CAMELLIA_SUBKEY_L(7),CAMELLIA_SUBKEY_R(7),
1639 io[2],io[3],il,ir,t0,t1);
1640 CAMELLIA_ROUNDSM(io[2],io[3],
1641 CAMELLIA_SUBKEY_L(6),CAMELLIA_SUBKEY_R(6),
1642 io[0],io[1],il,ir,t0,t1);
1643 CAMELLIA_ROUNDSM(io[0],io[1],
1644 CAMELLIA_SUBKEY_L(5),CAMELLIA_SUBKEY_R(5),
1645 io[2],io[3],il,ir,t0,t1);
1646 CAMELLIA_ROUNDSM(io[2],io[3],
1647 CAMELLIA_SUBKEY_L(4),CAMELLIA_SUBKEY_R(4),
1648 io[0],io[1],il,ir,t0,t1);
1649 CAMELLIA_ROUNDSM(io[0],io[1],
1650 CAMELLIA_SUBKEY_L(3),CAMELLIA_SUBKEY_R(3),
1651 io[2],io[3],il,ir,t0,t1);
1652 CAMELLIA_ROUNDSM(io[2],io[3],
1653 CAMELLIA_SUBKEY_L(2),CAMELLIA_SUBKEY_R(2),
1654 io[0],io[1],il,ir,t0,t1);
1655
1656 /* post whitening but kw4 */
1657 io[2] ^= CAMELLIA_SUBKEY_L(0);
1658 io[3] ^= CAMELLIA_SUBKEY_R(0);
1659
1660 t0 = io[0];
1661 t1 = io[1];
1662 io[0] = io[2];
1663 io[1] = io[3];
1664 io[2] = t0;
1665 io[3] = t1;
1666
1667 io_text[0] = cpu_to_be32(io[0]);
1668 io_text[1] = cpu_to_be32(io[1]);
1669 io_text[2] = cpu_to_be32(io[2]);
1670 io_text[3] = cpu_to_be32(io[3]);
1671
1672 return;
1673}
1674
1675
1676static int
1677camellia_set_key(struct crypto_tfm *tfm, const u8 *in_key,
1678 unsigned int key_len)
1679{
1680 struct camellia_ctx *cctx = crypto_tfm_ctx(tfm);
1681 const unsigned char *key = (const unsigned char *)in_key;
1682 u32 *flags = &tfm->crt_flags;
1683
1684 if (key_len != 16 && key_len != 24 && key_len != 32) {
1685 *flags |= CRYPTO_TFM_RES_BAD_KEY_LEN;
1686 return -EINVAL;
1687 }
1688
1689 cctx->key_length = key_len;
1690
1691 switch(key_len) {
1692 case 16:
1693 camellia_setup128(key, cctx->key_table);
1694 break;
1695 case 24:
1696 camellia_setup192(key, cctx->key_table);
1697 break;
1698 case 32:
1699 camellia_setup256(key, cctx->key_table);
1700 break;
1701 default:
1702 break;
1703 }
1704
1705 return 0;
1706}
1707
1708
1709static void camellia_encrypt(struct crypto_tfm *tfm, u8 *out, const u8 *in)
1710{
1711 const struct camellia_ctx *cctx = crypto_tfm_ctx(tfm);
1712 const __be32 *src = (const __be32 *)in;
1713 __be32 *dst = (__be32 *)out;
1714
1715 __be32 tmp[4];
1716
1717 memcpy(tmp, src, CAMELLIA_BLOCK_SIZE);
1718
1719 switch (cctx->key_length) {
1720 case 16:
1721 camellia_encrypt128(cctx->key_table, tmp);
1722 break;
1723 case 24:
1724 /* fall through */
1725 case 32:
1726 camellia_encrypt256(cctx->key_table, tmp);
1727 break;
1728 default:
1729 break;
1730 }
1731
1732 memcpy(dst, tmp, CAMELLIA_BLOCK_SIZE);
1733}
1734
1735
1736static void camellia_decrypt(struct crypto_tfm *tfm, u8 *out, const u8 *in)
1737{
1738 const struct camellia_ctx *cctx = crypto_tfm_ctx(tfm);
1739 const __be32 *src = (const __be32 *)in;
1740 __be32 *dst = (__be32 *)out;
1741
1742 __be32 tmp[4];
1743
1744 memcpy(tmp, src, CAMELLIA_BLOCK_SIZE);
1745
1746 switch (cctx->key_length) {
1747 case 16:
1748 camellia_decrypt128(cctx->key_table, tmp);
1749 break;
1750 case 24:
1751 /* fall through */
1752 case 32:
1753 camellia_decrypt256(cctx->key_table, tmp);
1754 break;
1755 default:
1756 break;
1757 }
1758
1759 memcpy(dst, tmp, CAMELLIA_BLOCK_SIZE);
1760}
1761
1762
1763static struct crypto_alg camellia_alg = {
1764 .cra_name = "camellia",
1765 .cra_driver_name = "camellia-generic",
1766 .cra_priority = 100,
1767 .cra_flags = CRYPTO_ALG_TYPE_CIPHER,
1768 .cra_blocksize = CAMELLIA_BLOCK_SIZE,
1769 .cra_ctxsize = sizeof(struct camellia_ctx),
1770 .cra_alignmask = 3,
1771 .cra_module = THIS_MODULE,
1772 .cra_list = LIST_HEAD_INIT(camellia_alg.cra_list),
1773 .cra_u = {
1774 .cipher = {
1775 .cia_min_keysize = CAMELLIA_MIN_KEY_SIZE,
1776 .cia_max_keysize = CAMELLIA_MAX_KEY_SIZE,
1777 .cia_setkey = camellia_set_key,
1778 .cia_encrypt = camellia_encrypt,
1779 .cia_decrypt = camellia_decrypt
1780 }
1781 }
1782};
1783
1784static int __init camellia_init(void)
1785{
1786 return crypto_register_alg(&camellia_alg);
1787}
1788
1789
1790static void __exit camellia_fini(void)
1791{
1792 crypto_unregister_alg(&camellia_alg);
1793}
1794
1795
1796module_init(camellia_init);
1797module_exit(camellia_fini);
1798
1799
1800MODULE_DESCRIPTION("Camellia Cipher Algorithm");
1801MODULE_LICENSE("GPL");
diff --git a/crypto/cbc.c b/crypto/cbc.c
index f5542b4db387..136fea7e7000 100644
--- a/crypto/cbc.c
+++ b/crypto/cbc.c
@@ -243,6 +243,7 @@ static int crypto_cbc_init_tfm(struct crypto_tfm *tfm)
243 struct crypto_instance *inst = (void *)tfm->__crt_alg; 243 struct crypto_instance *inst = (void *)tfm->__crt_alg;
244 struct crypto_spawn *spawn = crypto_instance_ctx(inst); 244 struct crypto_spawn *spawn = crypto_instance_ctx(inst);
245 struct crypto_cbc_ctx *ctx = crypto_tfm_ctx(tfm); 245 struct crypto_cbc_ctx *ctx = crypto_tfm_ctx(tfm);
246 struct crypto_cipher *cipher;
246 247
247 switch (crypto_tfm_alg_blocksize(tfm)) { 248 switch (crypto_tfm_alg_blocksize(tfm)) {
248 case 8: 249 case 8:
@@ -260,11 +261,11 @@ static int crypto_cbc_init_tfm(struct crypto_tfm *tfm)
260 ctx->xor = xor_quad; 261 ctx->xor = xor_quad;
261 } 262 }
262 263
263 tfm = crypto_spawn_tfm(spawn); 264 cipher = crypto_spawn_cipher(spawn);
264 if (IS_ERR(tfm)) 265 if (IS_ERR(cipher))
265 return PTR_ERR(tfm); 266 return PTR_ERR(cipher);
266 267
267 ctx->child = crypto_cipher_cast(tfm); 268 ctx->child = cipher;
268 return 0; 269 return 0;
269} 270}
270 271
diff --git a/crypto/cipher.c b/crypto/cipher.c
index 9e03701cfdcc..333aab2f0277 100644
--- a/crypto/cipher.c
+++ b/crypto/cipher.c
@@ -12,274 +12,13 @@
12 * any later version. 12 * any later version.
13 * 13 *
14 */ 14 */
15#include <linux/compiler.h> 15
16#include <linux/kernel.h> 16#include <linux/kernel.h>
17#include <linux/crypto.h> 17#include <linux/crypto.h>
18#include <linux/errno.h> 18#include <linux/errno.h>
19#include <linux/mm.h> 19#include <linux/scatterlist.h>
20#include <linux/slab.h>
21#include <linux/string.h> 20#include <linux/string.h>
22#include <asm/scatterlist.h>
23#include "internal.h" 21#include "internal.h"
24#include "scatterwalk.h"
25
26struct cipher_alg_compat {
27 unsigned int cia_min_keysize;
28 unsigned int cia_max_keysize;
29 int (*cia_setkey)(struct crypto_tfm *tfm, const u8 *key,
30 unsigned int keylen);
31 void (*cia_encrypt)(struct crypto_tfm *tfm, u8 *dst, const u8 *src);
32 void (*cia_decrypt)(struct crypto_tfm *tfm, u8 *dst, const u8 *src);
33
34 unsigned int (*cia_encrypt_ecb)(const struct cipher_desc *desc,
35 u8 *dst, const u8 *src,
36 unsigned int nbytes);
37 unsigned int (*cia_decrypt_ecb)(const struct cipher_desc *desc,
38 u8 *dst, const u8 *src,
39 unsigned int nbytes);
40 unsigned int (*cia_encrypt_cbc)(const struct cipher_desc *desc,
41 u8 *dst, const u8 *src,
42 unsigned int nbytes);
43 unsigned int (*cia_decrypt_cbc)(const struct cipher_desc *desc,
44 u8 *dst, const u8 *src,
45 unsigned int nbytes);
46};
47
48static inline void xor_64(u8 *a, const u8 *b)
49{
50 ((u32 *)a)[0] ^= ((u32 *)b)[0];
51 ((u32 *)a)[1] ^= ((u32 *)b)[1];
52}
53
54static inline void xor_128(u8 *a, const u8 *b)
55{
56 ((u32 *)a)[0] ^= ((u32 *)b)[0];
57 ((u32 *)a)[1] ^= ((u32 *)b)[1];
58 ((u32 *)a)[2] ^= ((u32 *)b)[2];
59 ((u32 *)a)[3] ^= ((u32 *)b)[3];
60}
61
62static unsigned int crypt_slow(const struct cipher_desc *desc,
63 struct scatter_walk *in,
64 struct scatter_walk *out, unsigned int bsize)
65{
66 unsigned long alignmask = crypto_tfm_alg_alignmask(desc->tfm);
67 u8 buffer[bsize * 2 + alignmask];
68 u8 *src = (u8 *)ALIGN((unsigned long)buffer, alignmask + 1);
69 u8 *dst = src + bsize;
70
71 scatterwalk_copychunks(src, in, bsize, 0);
72 desc->prfn(desc, dst, src, bsize);
73 scatterwalk_copychunks(dst, out, bsize, 1);
74
75 return bsize;
76}
77
78static inline unsigned int crypt_fast(const struct cipher_desc *desc,
79 struct scatter_walk *in,
80 struct scatter_walk *out,
81 unsigned int nbytes, u8 *tmp)
82{
83 u8 *src, *dst;
84 u8 *real_src, *real_dst;
85
86 real_src = scatterwalk_map(in, 0);
87 real_dst = scatterwalk_map(out, 1);
88
89 src = real_src;
90 dst = scatterwalk_samebuf(in, out) ? src : real_dst;
91
92 if (tmp) {
93 memcpy(tmp, src, nbytes);
94 src = tmp;
95 dst = tmp;
96 }
97
98 nbytes = desc->prfn(desc, dst, src, nbytes);
99
100 if (tmp)
101 memcpy(real_dst, tmp, nbytes);
102
103 scatterwalk_unmap(real_src, 0);
104 scatterwalk_unmap(real_dst, 1);
105
106 scatterwalk_advance(in, nbytes);
107 scatterwalk_advance(out, nbytes);
108
109 return nbytes;
110}
111
112/*
113 * Generic encrypt/decrypt wrapper for ciphers, handles operations across
114 * multiple page boundaries by using temporary blocks. In user context,
115 * the kernel is given a chance to schedule us once per page.
116 */
117static int crypt(const struct cipher_desc *desc,
118 struct scatterlist *dst,
119 struct scatterlist *src,
120 unsigned int nbytes)
121{
122 struct scatter_walk walk_in, walk_out;
123 struct crypto_tfm *tfm = desc->tfm;
124 const unsigned int bsize = crypto_tfm_alg_blocksize(tfm);
125 unsigned int alignmask = crypto_tfm_alg_alignmask(tfm);
126 unsigned long buffer = 0;
127
128 if (!nbytes)
129 return 0;
130
131 if (nbytes % bsize) {
132 tfm->crt_flags |= CRYPTO_TFM_RES_BAD_BLOCK_LEN;
133 return -EINVAL;
134 }
135
136 scatterwalk_start(&walk_in, src);
137 scatterwalk_start(&walk_out, dst);
138
139 for(;;) {
140 unsigned int n = nbytes;
141 u8 *tmp = NULL;
142
143 if (!scatterwalk_aligned(&walk_in, alignmask) ||
144 !scatterwalk_aligned(&walk_out, alignmask)) {
145 if (!buffer) {
146 buffer = __get_free_page(GFP_ATOMIC);
147 if (!buffer)
148 n = 0;
149 }
150 tmp = (u8 *)buffer;
151 }
152
153 n = scatterwalk_clamp(&walk_in, n);
154 n = scatterwalk_clamp(&walk_out, n);
155
156 if (likely(n >= bsize))
157 n = crypt_fast(desc, &walk_in, &walk_out, n, tmp);
158 else
159 n = crypt_slow(desc, &walk_in, &walk_out, bsize);
160
161 nbytes -= n;
162
163 scatterwalk_done(&walk_in, 0, nbytes);
164 scatterwalk_done(&walk_out, 1, nbytes);
165
166 if (!nbytes)
167 break;
168
169 crypto_yield(tfm->crt_flags);
170 }
171
172 if (buffer)
173 free_page(buffer);
174
175 return 0;
176}
177
178static int crypt_iv_unaligned(struct cipher_desc *desc,
179 struct scatterlist *dst,
180 struct scatterlist *src,
181 unsigned int nbytes)
182{
183 struct crypto_tfm *tfm = desc->tfm;
184 unsigned long alignmask = crypto_tfm_alg_alignmask(tfm);
185 u8 *iv = desc->info;
186
187 if (unlikely(((unsigned long)iv & alignmask))) {
188 unsigned int ivsize = tfm->crt_cipher.cit_ivsize;
189 u8 buffer[ivsize + alignmask];
190 u8 *tmp = (u8 *)ALIGN((unsigned long)buffer, alignmask + 1);
191 int err;
192
193 desc->info = memcpy(tmp, iv, ivsize);
194 err = crypt(desc, dst, src, nbytes);
195 memcpy(iv, tmp, ivsize);
196
197 return err;
198 }
199
200 return crypt(desc, dst, src, nbytes);
201}
202
203static unsigned int cbc_process_encrypt(const struct cipher_desc *desc,
204 u8 *dst, const u8 *src,
205 unsigned int nbytes)
206{
207 struct crypto_tfm *tfm = desc->tfm;
208 void (*xor)(u8 *, const u8 *) = tfm->crt_u.cipher.cit_xor_block;
209 int bsize = crypto_tfm_alg_blocksize(tfm);
210
211 void (*fn)(struct crypto_tfm *, u8 *, const u8 *) = desc->crfn;
212 u8 *iv = desc->info;
213 unsigned int done = 0;
214
215 nbytes -= bsize;
216
217 do {
218 xor(iv, src);
219 fn(tfm, dst, iv);
220 memcpy(iv, dst, bsize);
221
222 src += bsize;
223 dst += bsize;
224 } while ((done += bsize) <= nbytes);
225
226 return done;
227}
228
229static unsigned int cbc_process_decrypt(const struct cipher_desc *desc,
230 u8 *dst, const u8 *src,
231 unsigned int nbytes)
232{
233 struct crypto_tfm *tfm = desc->tfm;
234 void (*xor)(u8 *, const u8 *) = tfm->crt_u.cipher.cit_xor_block;
235 int bsize = crypto_tfm_alg_blocksize(tfm);
236 unsigned long alignmask = crypto_tfm_alg_alignmask(desc->tfm);
237
238 u8 stack[src == dst ? bsize + alignmask : 0];
239 u8 *buf = (u8 *)ALIGN((unsigned long)stack, alignmask + 1);
240 u8 **dst_p = src == dst ? &buf : &dst;
241
242 void (*fn)(struct crypto_tfm *, u8 *, const u8 *) = desc->crfn;
243 u8 *iv = desc->info;
244 unsigned int done = 0;
245
246 nbytes -= bsize;
247
248 do {
249 u8 *tmp_dst = *dst_p;
250
251 fn(tfm, tmp_dst, src);
252 xor(tmp_dst, iv);
253 memcpy(iv, src, bsize);
254 if (tmp_dst != dst)
255 memcpy(dst, tmp_dst, bsize);
256
257 src += bsize;
258 dst += bsize;
259 } while ((done += bsize) <= nbytes);
260
261 return done;
262}
263
264static unsigned int ecb_process(const struct cipher_desc *desc, u8 *dst,
265 const u8 *src, unsigned int nbytes)
266{
267 struct crypto_tfm *tfm = desc->tfm;
268 int bsize = crypto_tfm_alg_blocksize(tfm);
269 void (*fn)(struct crypto_tfm *, u8 *, const u8 *) = desc->crfn;
270 unsigned int done = 0;
271
272 nbytes -= bsize;
273
274 do {
275 fn(tfm, dst, src);
276
277 src += bsize;
278 dst += bsize;
279 } while ((done += bsize) <= nbytes);
280
281 return done;
282}
283 22
284static int setkey(struct crypto_tfm *tfm, const u8 *key, unsigned int keylen) 23static int setkey(struct crypto_tfm *tfm, const u8 *key, unsigned int keylen)
285{ 24{
@@ -293,122 +32,6 @@ static int setkey(struct crypto_tfm *tfm, const u8 *key, unsigned int keylen)
293 return cia->cia_setkey(tfm, key, keylen); 32 return cia->cia_setkey(tfm, key, keylen);
294} 33}
295 34
296static int ecb_encrypt(struct crypto_tfm *tfm,
297 struct scatterlist *dst,
298 struct scatterlist *src, unsigned int nbytes)
299{
300 struct cipher_desc desc;
301 struct cipher_alg_compat *cipher = (void *)&tfm->__crt_alg->cra_cipher;
302
303 desc.tfm = tfm;
304 desc.crfn = cipher->cia_encrypt;
305 desc.prfn = cipher->cia_encrypt_ecb ?: ecb_process;
306
307 return crypt(&desc, dst, src, nbytes);
308}
309
310static int ecb_decrypt(struct crypto_tfm *tfm,
311 struct scatterlist *dst,
312 struct scatterlist *src,
313 unsigned int nbytes)
314{
315 struct cipher_desc desc;
316 struct cipher_alg_compat *cipher = (void *)&tfm->__crt_alg->cra_cipher;
317
318 desc.tfm = tfm;
319 desc.crfn = cipher->cia_decrypt;
320 desc.prfn = cipher->cia_decrypt_ecb ?: ecb_process;
321
322 return crypt(&desc, dst, src, nbytes);
323}
324
325static int cbc_encrypt(struct crypto_tfm *tfm,
326 struct scatterlist *dst,
327 struct scatterlist *src,
328 unsigned int nbytes)
329{
330 struct cipher_desc desc;
331 struct cipher_alg_compat *cipher = (void *)&tfm->__crt_alg->cra_cipher;
332
333 desc.tfm = tfm;
334 desc.crfn = cipher->cia_encrypt;
335 desc.prfn = cipher->cia_encrypt_cbc ?: cbc_process_encrypt;
336 desc.info = tfm->crt_cipher.cit_iv;
337
338 return crypt(&desc, dst, src, nbytes);
339}
340
341static int cbc_encrypt_iv(struct crypto_tfm *tfm,
342 struct scatterlist *dst,
343 struct scatterlist *src,
344 unsigned int nbytes, u8 *iv)
345{
346 struct cipher_desc desc;
347 struct cipher_alg_compat *cipher = (void *)&tfm->__crt_alg->cra_cipher;
348
349 desc.tfm = tfm;
350 desc.crfn = cipher->cia_encrypt;
351 desc.prfn = cipher->cia_encrypt_cbc ?: cbc_process_encrypt;
352 desc.info = iv;
353
354 return crypt_iv_unaligned(&desc, dst, src, nbytes);
355}
356
357static int cbc_decrypt(struct crypto_tfm *tfm,
358 struct scatterlist *dst,
359 struct scatterlist *src,
360 unsigned int nbytes)
361{
362 struct cipher_desc desc;
363 struct cipher_alg_compat *cipher = (void *)&tfm->__crt_alg->cra_cipher;
364
365 desc.tfm = tfm;
366 desc.crfn = cipher->cia_decrypt;
367 desc.prfn = cipher->cia_decrypt_cbc ?: cbc_process_decrypt;
368 desc.info = tfm->crt_cipher.cit_iv;
369
370 return crypt(&desc, dst, src, nbytes);
371}
372
373static int cbc_decrypt_iv(struct crypto_tfm *tfm,
374 struct scatterlist *dst,
375 struct scatterlist *src,
376 unsigned int nbytes, u8 *iv)
377{
378 struct cipher_desc desc;
379 struct cipher_alg_compat *cipher = (void *)&tfm->__crt_alg->cra_cipher;
380
381 desc.tfm = tfm;
382 desc.crfn = cipher->cia_decrypt;
383 desc.prfn = cipher->cia_decrypt_cbc ?: cbc_process_decrypt;
384 desc.info = iv;
385
386 return crypt_iv_unaligned(&desc, dst, src, nbytes);
387}
388
389static int nocrypt(struct crypto_tfm *tfm,
390 struct scatterlist *dst,
391 struct scatterlist *src,
392 unsigned int nbytes)
393{
394 return -ENOSYS;
395}
396
397static int nocrypt_iv(struct crypto_tfm *tfm,
398 struct scatterlist *dst,
399 struct scatterlist *src,
400 unsigned int nbytes, u8 *iv)
401{
402 return -ENOSYS;
403}
404
405int crypto_init_cipher_flags(struct crypto_tfm *tfm, u32 flags)
406{
407 u32 mode = flags & CRYPTO_TFM_MODE_MASK;
408 tfm->crt_cipher.cit_mode = mode ? mode : CRYPTO_TFM_MODE_ECB;
409 return 0;
410}
411
412static void cipher_crypt_unaligned(void (*fn)(struct crypto_tfm *, u8 *, 35static void cipher_crypt_unaligned(void (*fn)(struct crypto_tfm *, u8 *,
413 const u8 *), 36 const u8 *),
414 struct crypto_tfm *tfm, 37 struct crypto_tfm *tfm,
@@ -454,7 +77,6 @@ static void cipher_decrypt_unaligned(struct crypto_tfm *tfm,
454 77
455int crypto_init_cipher_ops(struct crypto_tfm *tfm) 78int crypto_init_cipher_ops(struct crypto_tfm *tfm)
456{ 79{
457 int ret = 0;
458 struct cipher_tfm *ops = &tfm->crt_cipher; 80 struct cipher_tfm *ops = &tfm->crt_cipher;
459 struct cipher_alg *cipher = &tfm->__crt_alg->cra_cipher; 81 struct cipher_alg *cipher = &tfm->__crt_alg->cra_cipher;
460 82
@@ -464,70 +86,7 @@ int crypto_init_cipher_ops(struct crypto_tfm *tfm)
464 ops->cit_decrypt_one = crypto_tfm_alg_alignmask(tfm) ? 86 ops->cit_decrypt_one = crypto_tfm_alg_alignmask(tfm) ?
465 cipher_decrypt_unaligned : cipher->cia_decrypt; 87 cipher_decrypt_unaligned : cipher->cia_decrypt;
466 88
467 switch (tfm->crt_cipher.cit_mode) { 89 return 0;
468 case CRYPTO_TFM_MODE_ECB:
469 ops->cit_encrypt = ecb_encrypt;
470 ops->cit_decrypt = ecb_decrypt;
471 ops->cit_encrypt_iv = nocrypt_iv;
472 ops->cit_decrypt_iv = nocrypt_iv;
473 break;
474
475 case CRYPTO_TFM_MODE_CBC:
476 ops->cit_encrypt = cbc_encrypt;
477 ops->cit_decrypt = cbc_decrypt;
478 ops->cit_encrypt_iv = cbc_encrypt_iv;
479 ops->cit_decrypt_iv = cbc_decrypt_iv;
480 break;
481
482 case CRYPTO_TFM_MODE_CFB:
483 ops->cit_encrypt = nocrypt;
484 ops->cit_decrypt = nocrypt;
485 ops->cit_encrypt_iv = nocrypt_iv;
486 ops->cit_decrypt_iv = nocrypt_iv;
487 break;
488
489 case CRYPTO_TFM_MODE_CTR:
490 ops->cit_encrypt = nocrypt;
491 ops->cit_decrypt = nocrypt;
492 ops->cit_encrypt_iv = nocrypt_iv;
493 ops->cit_decrypt_iv = nocrypt_iv;
494 break;
495
496 default:
497 BUG();
498 }
499
500 if (ops->cit_mode == CRYPTO_TFM_MODE_CBC) {
501 unsigned long align;
502 unsigned long addr;
503
504 switch (crypto_tfm_alg_blocksize(tfm)) {
505 case 8:
506 ops->cit_xor_block = xor_64;
507 break;
508
509 case 16:
510 ops->cit_xor_block = xor_128;
511 break;
512
513 default:
514 printk(KERN_WARNING "%s: block size %u not supported\n",
515 crypto_tfm_alg_name(tfm),
516 crypto_tfm_alg_blocksize(tfm));
517 ret = -EINVAL;
518 goto out;
519 }
520
521 ops->cit_ivsize = crypto_tfm_alg_blocksize(tfm);
522 align = crypto_tfm_alg_alignmask(tfm) + 1;
523 addr = (unsigned long)crypto_tfm_ctx(tfm);
524 addr = ALIGN(addr, align);
525 addr += ALIGN(tfm->__crt_alg->cra_ctxsize, align);
526 ops->cit_iv = (void *)addr;
527 }
528
529out:
530 return ret;
531} 90}
532 91
533void crypto_exit_cipher_ops(struct crypto_tfm *tfm) 92void crypto_exit_cipher_ops(struct crypto_tfm *tfm)
diff --git a/crypto/compress.c b/crypto/compress.c
index eca182aa3380..0a6570048c1e 100644
--- a/crypto/compress.c
+++ b/crypto/compress.c
@@ -34,11 +34,6 @@ static int crypto_decompress(struct crypto_tfm *tfm,
34 dlen); 34 dlen);
35} 35}
36 36
37int crypto_init_compress_flags(struct crypto_tfm *tfm, u32 flags)
38{
39 return flags ? -EINVAL : 0;
40}
41
42int crypto_init_compress_ops(struct crypto_tfm *tfm) 37int crypto_init_compress_ops(struct crypto_tfm *tfm)
43{ 38{
44 struct compress_tfm *ops = &tfm->crt_compress; 39 struct compress_tfm *ops = &tfm->crt_compress;
diff --git a/crypto/digest.c b/crypto/digest.c
index 8f4593268ce0..1bf7414aeb9e 100644
--- a/crypto/digest.c
+++ b/crypto/digest.c
@@ -14,7 +14,9 @@
14 14
15#include <linux/mm.h> 15#include <linux/mm.h>
16#include <linux/errno.h> 16#include <linux/errno.h>
17#include <linux/hardirq.h>
17#include <linux/highmem.h> 18#include <linux/highmem.h>
19#include <linux/kernel.h>
18#include <linux/module.h> 20#include <linux/module.h>
19#include <linux/scatterlist.h> 21#include <linux/scatterlist.h>
20 22
@@ -29,8 +31,8 @@ static int init(struct hash_desc *desc)
29 return 0; 31 return 0;
30} 32}
31 33
32static int update(struct hash_desc *desc, 34static int update2(struct hash_desc *desc,
33 struct scatterlist *sg, unsigned int nbytes) 35 struct scatterlist *sg, unsigned int nbytes)
34{ 36{
35 struct crypto_tfm *tfm = crypto_hash_tfm(desc->tfm); 37 struct crypto_tfm *tfm = crypto_hash_tfm(desc->tfm);
36 unsigned int alignmask = crypto_tfm_alg_alignmask(tfm); 38 unsigned int alignmask = crypto_tfm_alg_alignmask(tfm);
@@ -81,6 +83,14 @@ static int update(struct hash_desc *desc,
81 return 0; 83 return 0;
82} 84}
83 85
86static int update(struct hash_desc *desc,
87 struct scatterlist *sg, unsigned int nbytes)
88{
89 if (WARN_ON_ONCE(in_irq()))
90 return -EDEADLK;
91 return update2(desc, sg, nbytes);
92}
93
84static int final(struct hash_desc *desc, u8 *out) 94static int final(struct hash_desc *desc, u8 *out)
85{ 95{
86 struct crypto_tfm *tfm = crypto_hash_tfm(desc->tfm); 96 struct crypto_tfm *tfm = crypto_hash_tfm(desc->tfm);
@@ -118,16 +128,14 @@ static int setkey(struct crypto_hash *hash, const u8 *key, unsigned int keylen)
118static int digest(struct hash_desc *desc, 128static int digest(struct hash_desc *desc,
119 struct scatterlist *sg, unsigned int nbytes, u8 *out) 129 struct scatterlist *sg, unsigned int nbytes, u8 *out)
120{ 130{
131 if (WARN_ON_ONCE(in_irq()))
132 return -EDEADLK;
133
121 init(desc); 134 init(desc);
122 update(desc, sg, nbytes); 135 update2(desc, sg, nbytes);
123 return final(desc, out); 136 return final(desc, out);
124} 137}
125 138
126int crypto_init_digest_flags(struct crypto_tfm *tfm, u32 flags)
127{
128 return flags ? -EINVAL : 0;
129}
130
131int crypto_init_digest_ops(struct crypto_tfm *tfm) 139int crypto_init_digest_ops(struct crypto_tfm *tfm)
132{ 140{
133 struct hash_tfm *ops = &tfm->crt_hash; 141 struct hash_tfm *ops = &tfm->crt_hash;
diff --git a/crypto/ecb.c b/crypto/ecb.c
index f239aa9c4017..839a0aed8c22 100644
--- a/crypto/ecb.c
+++ b/crypto/ecb.c
@@ -99,12 +99,13 @@ static int crypto_ecb_init_tfm(struct crypto_tfm *tfm)
99 struct crypto_instance *inst = (void *)tfm->__crt_alg; 99 struct crypto_instance *inst = (void *)tfm->__crt_alg;
100 struct crypto_spawn *spawn = crypto_instance_ctx(inst); 100 struct crypto_spawn *spawn = crypto_instance_ctx(inst);
101 struct crypto_ecb_ctx *ctx = crypto_tfm_ctx(tfm); 101 struct crypto_ecb_ctx *ctx = crypto_tfm_ctx(tfm);
102 struct crypto_cipher *cipher;
102 103
103 tfm = crypto_spawn_tfm(spawn); 104 cipher = crypto_spawn_cipher(spawn);
104 if (IS_ERR(tfm)) 105 if (IS_ERR(cipher))
105 return PTR_ERR(tfm); 106 return PTR_ERR(cipher);
106 107
107 ctx->child = crypto_cipher_cast(tfm); 108 ctx->child = cipher;
108 return 0; 109 return 0;
109} 110}
110 111
diff --git a/crypto/fcrypt.c b/crypto/fcrypt.c
new file mode 100644
index 000000000000..9c2bb535b09a
--- /dev/null
+++ b/crypto/fcrypt.c
@@ -0,0 +1,423 @@
1/* FCrypt encryption algorithm
2 *
3 * Copyright (C) 2006 Red Hat, Inc. All Rights Reserved.
4 * Written by David Howells (dhowells@redhat.com)
5 *
6 * This program is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU General Public License
8 * as published by the Free Software Foundation; either version
9 * 2 of the License, or (at your option) any later version.
10 *
11 * Based on code:
12 *
13 * Copyright (c) 1995 - 2000 Kungliga Tekniska Högskolan
14 * (Royal Institute of Technology, Stockholm, Sweden).
15 * All rights reserved.
16 *
17 * Redistribution and use in source and binary forms, with or without
18 * modification, are permitted provided that the following conditions
19 * are met:
20 *
21 * 1. Redistributions of source code must retain the above copyright
22 * notice, this list of conditions and the following disclaimer.
23 *
24 * 2. Redistributions in binary form must reproduce the above copyright
25 * notice, this list of conditions and the following disclaimer in the
26 * documentation and/or other materials provided with the distribution.
27 *
28 * 3. Neither the name of the Institute nor the names of its contributors
29 * may be used to endorse or promote products derived from this software
30 * without specific prior written permission.
31 *
32 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
33 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
34 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
35 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
36 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
37 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
38 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
39 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
40 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
41 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
42 * SUCH DAMAGE.
43 */
44
45#include <asm/byteorder.h>
46#include <linux/bitops.h>
47#include <linux/init.h>
48#include <linux/module.h>
49#include <linux/crypto.h>
50
51#define ROUNDS 16
52
53struct fcrypt_ctx {
54 u32 sched[ROUNDS];
55};
56
57/* Rotate right two 32 bit numbers as a 56 bit number */
58#define ror56(hi, lo, n) \
59do { \
60 u32 t = lo & ((1 << n) - 1); \
61 lo = (lo >> n) | ((hi & ((1 << n) - 1)) << (32 - n)); \
62 hi = (hi >> n) | (t << (24-n)); \
63} while(0)
64
65/* Rotate right one 64 bit number as a 56 bit number */
66#define ror56_64(k, n) \
67do { \
68 k = (k >> n) | ((k & ((1 << n) - 1)) << (56 - n)); \
69} while(0)
70
71/*
72 * Sboxes for Feistel network derived from
73 * /afs/transarc.com/public/afsps/afs.rel31b.export-src/rxkad/sboxes.h
74 */
75#undef Z
76#define Z(x) __constant_be32_to_cpu(x << 3)
77static const u32 sbox0[256] = {
78 Z(0xea), Z(0x7f), Z(0xb2), Z(0x64), Z(0x9d), Z(0xb0), Z(0xd9), Z(0x11),
79 Z(0xcd), Z(0x86), Z(0x86), Z(0x91), Z(0x0a), Z(0xb2), Z(0x93), Z(0x06),
80 Z(0x0e), Z(0x06), Z(0xd2), Z(0x65), Z(0x73), Z(0xc5), Z(0x28), Z(0x60),
81 Z(0xf2), Z(0x20), Z(0xb5), Z(0x38), Z(0x7e), Z(0xda), Z(0x9f), Z(0xe3),
82 Z(0xd2), Z(0xcf), Z(0xc4), Z(0x3c), Z(0x61), Z(0xff), Z(0x4a), Z(0x4a),
83 Z(0x35), Z(0xac), Z(0xaa), Z(0x5f), Z(0x2b), Z(0xbb), Z(0xbc), Z(0x53),
84 Z(0x4e), Z(0x9d), Z(0x78), Z(0xa3), Z(0xdc), Z(0x09), Z(0x32), Z(0x10),
85 Z(0xc6), Z(0x6f), Z(0x66), Z(0xd6), Z(0xab), Z(0xa9), Z(0xaf), Z(0xfd),
86 Z(0x3b), Z(0x95), Z(0xe8), Z(0x34), Z(0x9a), Z(0x81), Z(0x72), Z(0x80),
87 Z(0x9c), Z(0xf3), Z(0xec), Z(0xda), Z(0x9f), Z(0x26), Z(0x76), Z(0x15),
88 Z(0x3e), Z(0x55), Z(0x4d), Z(0xde), Z(0x84), Z(0xee), Z(0xad), Z(0xc7),
89 Z(0xf1), Z(0x6b), Z(0x3d), Z(0xd3), Z(0x04), Z(0x49), Z(0xaa), Z(0x24),
90 Z(0x0b), Z(0x8a), Z(0x83), Z(0xba), Z(0xfa), Z(0x85), Z(0xa0), Z(0xa8),
91 Z(0xb1), Z(0xd4), Z(0x01), Z(0xd8), Z(0x70), Z(0x64), Z(0xf0), Z(0x51),
92 Z(0xd2), Z(0xc3), Z(0xa7), Z(0x75), Z(0x8c), Z(0xa5), Z(0x64), Z(0xef),
93 Z(0x10), Z(0x4e), Z(0xb7), Z(0xc6), Z(0x61), Z(0x03), Z(0xeb), Z(0x44),
94 Z(0x3d), Z(0xe5), Z(0xb3), Z(0x5b), Z(0xae), Z(0xd5), Z(0xad), Z(0x1d),
95 Z(0xfa), Z(0x5a), Z(0x1e), Z(0x33), Z(0xab), Z(0x93), Z(0xa2), Z(0xb7),
96 Z(0xe7), Z(0xa8), Z(0x45), Z(0xa4), Z(0xcd), Z(0x29), Z(0x63), Z(0x44),
97 Z(0xb6), Z(0x69), Z(0x7e), Z(0x2e), Z(0x62), Z(0x03), Z(0xc8), Z(0xe0),
98 Z(0x17), Z(0xbb), Z(0xc7), Z(0xf3), Z(0x3f), Z(0x36), Z(0xba), Z(0x71),
99 Z(0x8e), Z(0x97), Z(0x65), Z(0x60), Z(0x69), Z(0xb6), Z(0xf6), Z(0xe6),
100 Z(0x6e), Z(0xe0), Z(0x81), Z(0x59), Z(0xe8), Z(0xaf), Z(0xdd), Z(0x95),
101 Z(0x22), Z(0x99), Z(0xfd), Z(0x63), Z(0x19), Z(0x74), Z(0x61), Z(0xb1),
102 Z(0xb6), Z(0x5b), Z(0xae), Z(0x54), Z(0xb3), Z(0x70), Z(0xff), Z(0xc6),
103 Z(0x3b), Z(0x3e), Z(0xc1), Z(0xd7), Z(0xe1), Z(0x0e), Z(0x76), Z(0xe5),
104 Z(0x36), Z(0x4f), Z(0x59), Z(0xc7), Z(0x08), Z(0x6e), Z(0x82), Z(0xa6),
105 Z(0x93), Z(0xc4), Z(0xaa), Z(0x26), Z(0x49), Z(0xe0), Z(0x21), Z(0x64),
106 Z(0x07), Z(0x9f), Z(0x64), Z(0x81), Z(0x9c), Z(0xbf), Z(0xf9), Z(0xd1),
107 Z(0x43), Z(0xf8), Z(0xb6), Z(0xb9), Z(0xf1), Z(0x24), Z(0x75), Z(0x03),
108 Z(0xe4), Z(0xb0), Z(0x99), Z(0x46), Z(0x3d), Z(0xf5), Z(0xd1), Z(0x39),
109 Z(0x72), Z(0x12), Z(0xf6), Z(0xba), Z(0x0c), Z(0x0d), Z(0x42), Z(0x2e)
110};
111
112#undef Z
113#define Z(x) __constant_be32_to_cpu((x << 27) | (x >> 5))
114static const u32 sbox1[256] = {
115 Z(0x77), Z(0x14), Z(0xa6), Z(0xfe), Z(0xb2), Z(0x5e), Z(0x8c), Z(0x3e),
116 Z(0x67), Z(0x6c), Z(0xa1), Z(0x0d), Z(0xc2), Z(0xa2), Z(0xc1), Z(0x85),
117 Z(0x6c), Z(0x7b), Z(0x67), Z(0xc6), Z(0x23), Z(0xe3), Z(0xf2), Z(0x89),
118 Z(0x50), Z(0x9c), Z(0x03), Z(0xb7), Z(0x73), Z(0xe6), Z(0xe1), Z(0x39),
119 Z(0x31), Z(0x2c), Z(0x27), Z(0x9f), Z(0xa5), Z(0x69), Z(0x44), Z(0xd6),
120 Z(0x23), Z(0x83), Z(0x98), Z(0x7d), Z(0x3c), Z(0xb4), Z(0x2d), Z(0x99),
121 Z(0x1c), Z(0x1f), Z(0x8c), Z(0x20), Z(0x03), Z(0x7c), Z(0x5f), Z(0xad),
122 Z(0xf4), Z(0xfa), Z(0x95), Z(0xca), Z(0x76), Z(0x44), Z(0xcd), Z(0xb6),
123 Z(0xb8), Z(0xa1), Z(0xa1), Z(0xbe), Z(0x9e), Z(0x54), Z(0x8f), Z(0x0b),
124 Z(0x16), Z(0x74), Z(0x31), Z(0x8a), Z(0x23), Z(0x17), Z(0x04), Z(0xfa),
125 Z(0x79), Z(0x84), Z(0xb1), Z(0xf5), Z(0x13), Z(0xab), Z(0xb5), Z(0x2e),
126 Z(0xaa), Z(0x0c), Z(0x60), Z(0x6b), Z(0x5b), Z(0xc4), Z(0x4b), Z(0xbc),
127 Z(0xe2), Z(0xaf), Z(0x45), Z(0x73), Z(0xfa), Z(0xc9), Z(0x49), Z(0xcd),
128 Z(0x00), Z(0x92), Z(0x7d), Z(0x97), Z(0x7a), Z(0x18), Z(0x60), Z(0x3d),
129 Z(0xcf), Z(0x5b), Z(0xde), Z(0xc6), Z(0xe2), Z(0xe6), Z(0xbb), Z(0x8b),
130 Z(0x06), Z(0xda), Z(0x08), Z(0x15), Z(0x1b), Z(0x88), Z(0x6a), Z(0x17),
131 Z(0x89), Z(0xd0), Z(0xa9), Z(0xc1), Z(0xc9), Z(0x70), Z(0x6b), Z(0xe5),
132 Z(0x43), Z(0xf4), Z(0x68), Z(0xc8), Z(0xd3), Z(0x84), Z(0x28), Z(0x0a),
133 Z(0x52), Z(0x66), Z(0xa3), Z(0xca), Z(0xf2), Z(0xe3), Z(0x7f), Z(0x7a),
134 Z(0x31), Z(0xf7), Z(0x88), Z(0x94), Z(0x5e), Z(0x9c), Z(0x63), Z(0xd5),
135 Z(0x24), Z(0x66), Z(0xfc), Z(0xb3), Z(0x57), Z(0x25), Z(0xbe), Z(0x89),
136 Z(0x44), Z(0xc4), Z(0xe0), Z(0x8f), Z(0x23), Z(0x3c), Z(0x12), Z(0x52),
137 Z(0xf5), Z(0x1e), Z(0xf4), Z(0xcb), Z(0x18), Z(0x33), Z(0x1f), Z(0xf8),
138 Z(0x69), Z(0x10), Z(0x9d), Z(0xd3), Z(0xf7), Z(0x28), Z(0xf8), Z(0x30),
139 Z(0x05), Z(0x5e), Z(0x32), Z(0xc0), Z(0xd5), Z(0x19), Z(0xbd), Z(0x45),
140 Z(0x8b), Z(0x5b), Z(0xfd), Z(0xbc), Z(0xe2), Z(0x5c), Z(0xa9), Z(0x96),
141 Z(0xef), Z(0x70), Z(0xcf), Z(0xc2), Z(0x2a), Z(0xb3), Z(0x61), Z(0xad),
142 Z(0x80), Z(0x48), Z(0x81), Z(0xb7), Z(0x1d), Z(0x43), Z(0xd9), Z(0xd7),
143 Z(0x45), Z(0xf0), Z(0xd8), Z(0x8a), Z(0x59), Z(0x7c), Z(0x57), Z(0xc1),
144 Z(0x79), Z(0xc7), Z(0x34), Z(0xd6), Z(0x43), Z(0xdf), Z(0xe4), Z(0x78),
145 Z(0x16), Z(0x06), Z(0xda), Z(0x92), Z(0x76), Z(0x51), Z(0xe1), Z(0xd4),
146 Z(0x70), Z(0x03), Z(0xe0), Z(0x2f), Z(0x96), Z(0x91), Z(0x82), Z(0x80)
147};
148
149#undef Z
150#define Z(x) __constant_be32_to_cpu(x << 11)
151static const u32 sbox2[256] = {
152 Z(0xf0), Z(0x37), Z(0x24), Z(0x53), Z(0x2a), Z(0x03), Z(0x83), Z(0x86),
153 Z(0xd1), Z(0xec), Z(0x50), Z(0xf0), Z(0x42), Z(0x78), Z(0x2f), Z(0x6d),
154 Z(0xbf), Z(0x80), Z(0x87), Z(0x27), Z(0x95), Z(0xe2), Z(0xc5), Z(0x5d),
155 Z(0xf9), Z(0x6f), Z(0xdb), Z(0xb4), Z(0x65), Z(0x6e), Z(0xe7), Z(0x24),
156 Z(0xc8), Z(0x1a), Z(0xbb), Z(0x49), Z(0xb5), Z(0x0a), Z(0x7d), Z(0xb9),
157 Z(0xe8), Z(0xdc), Z(0xb7), Z(0xd9), Z(0x45), Z(0x20), Z(0x1b), Z(0xce),
158 Z(0x59), Z(0x9d), Z(0x6b), Z(0xbd), Z(0x0e), Z(0x8f), Z(0xa3), Z(0xa9),
159 Z(0xbc), Z(0x74), Z(0xa6), Z(0xf6), Z(0x7f), Z(0x5f), Z(0xb1), Z(0x68),
160 Z(0x84), Z(0xbc), Z(0xa9), Z(0xfd), Z(0x55), Z(0x50), Z(0xe9), Z(0xb6),
161 Z(0x13), Z(0x5e), Z(0x07), Z(0xb8), Z(0x95), Z(0x02), Z(0xc0), Z(0xd0),
162 Z(0x6a), Z(0x1a), Z(0x85), Z(0xbd), Z(0xb6), Z(0xfd), Z(0xfe), Z(0x17),
163 Z(0x3f), Z(0x09), Z(0xa3), Z(0x8d), Z(0xfb), Z(0xed), Z(0xda), Z(0x1d),
164 Z(0x6d), Z(0x1c), Z(0x6c), Z(0x01), Z(0x5a), Z(0xe5), Z(0x71), Z(0x3e),
165 Z(0x8b), Z(0x6b), Z(0xbe), Z(0x29), Z(0xeb), Z(0x12), Z(0x19), Z(0x34),
166 Z(0xcd), Z(0xb3), Z(0xbd), Z(0x35), Z(0xea), Z(0x4b), Z(0xd5), Z(0xae),
167 Z(0x2a), Z(0x79), Z(0x5a), Z(0xa5), Z(0x32), Z(0x12), Z(0x7b), Z(0xdc),
168 Z(0x2c), Z(0xd0), Z(0x22), Z(0x4b), Z(0xb1), Z(0x85), Z(0x59), Z(0x80),
169 Z(0xc0), Z(0x30), Z(0x9f), Z(0x73), Z(0xd3), Z(0x14), Z(0x48), Z(0x40),
170 Z(0x07), Z(0x2d), Z(0x8f), Z(0x80), Z(0x0f), Z(0xce), Z(0x0b), Z(0x5e),
171 Z(0xb7), Z(0x5e), Z(0xac), Z(0x24), Z(0x94), Z(0x4a), Z(0x18), Z(0x15),
172 Z(0x05), Z(0xe8), Z(0x02), Z(0x77), Z(0xa9), Z(0xc7), Z(0x40), Z(0x45),
173 Z(0x89), Z(0xd1), Z(0xea), Z(0xde), Z(0x0c), Z(0x79), Z(0x2a), Z(0x99),
174 Z(0x6c), Z(0x3e), Z(0x95), Z(0xdd), Z(0x8c), Z(0x7d), Z(0xad), Z(0x6f),
175 Z(0xdc), Z(0xff), Z(0xfd), Z(0x62), Z(0x47), Z(0xb3), Z(0x21), Z(0x8a),
176 Z(0xec), Z(0x8e), Z(0x19), Z(0x18), Z(0xb4), Z(0x6e), Z(0x3d), Z(0xfd),
177 Z(0x74), Z(0x54), Z(0x1e), Z(0x04), Z(0x85), Z(0xd8), Z(0xbc), Z(0x1f),
178 Z(0x56), Z(0xe7), Z(0x3a), Z(0x56), Z(0x67), Z(0xd6), Z(0xc8), Z(0xa5),
179 Z(0xf3), Z(0x8e), Z(0xde), Z(0xae), Z(0x37), Z(0x49), Z(0xb7), Z(0xfa),
180 Z(0xc8), Z(0xf4), Z(0x1f), Z(0xe0), Z(0x2a), Z(0x9b), Z(0x15), Z(0xd1),
181 Z(0x34), Z(0x0e), Z(0xb5), Z(0xe0), Z(0x44), Z(0x78), Z(0x84), Z(0x59),
182 Z(0x56), Z(0x68), Z(0x77), Z(0xa5), Z(0x14), Z(0x06), Z(0xf5), Z(0x2f),
183 Z(0x8c), Z(0x8a), Z(0x73), Z(0x80), Z(0x76), Z(0xb4), Z(0x10), Z(0x86)
184};
185
186#undef Z
187#define Z(x) __constant_be32_to_cpu(x << 19)
188static const u32 sbox3[256] = {
189 Z(0xa9), Z(0x2a), Z(0x48), Z(0x51), Z(0x84), Z(0x7e), Z(0x49), Z(0xe2),
190 Z(0xb5), Z(0xb7), Z(0x42), Z(0x33), Z(0x7d), Z(0x5d), Z(0xa6), Z(0x12),
191 Z(0x44), Z(0x48), Z(0x6d), Z(0x28), Z(0xaa), Z(0x20), Z(0x6d), Z(0x57),
192 Z(0xd6), Z(0x6b), Z(0x5d), Z(0x72), Z(0xf0), Z(0x92), Z(0x5a), Z(0x1b),
193 Z(0x53), Z(0x80), Z(0x24), Z(0x70), Z(0x9a), Z(0xcc), Z(0xa7), Z(0x66),
194 Z(0xa1), Z(0x01), Z(0xa5), Z(0x41), Z(0x97), Z(0x41), Z(0x31), Z(0x82),
195 Z(0xf1), Z(0x14), Z(0xcf), Z(0x53), Z(0x0d), Z(0xa0), Z(0x10), Z(0xcc),
196 Z(0x2a), Z(0x7d), Z(0xd2), Z(0xbf), Z(0x4b), Z(0x1a), Z(0xdb), Z(0x16),
197 Z(0x47), Z(0xf6), Z(0x51), Z(0x36), Z(0xed), Z(0xf3), Z(0xb9), Z(0x1a),
198 Z(0xa7), Z(0xdf), Z(0x29), Z(0x43), Z(0x01), Z(0x54), Z(0x70), Z(0xa4),
199 Z(0xbf), Z(0xd4), Z(0x0b), Z(0x53), Z(0x44), Z(0x60), Z(0x9e), Z(0x23),
200 Z(0xa1), Z(0x18), Z(0x68), Z(0x4f), Z(0xf0), Z(0x2f), Z(0x82), Z(0xc2),
201 Z(0x2a), Z(0x41), Z(0xb2), Z(0x42), Z(0x0c), Z(0xed), Z(0x0c), Z(0x1d),
202 Z(0x13), Z(0x3a), Z(0x3c), Z(0x6e), Z(0x35), Z(0xdc), Z(0x60), Z(0x65),
203 Z(0x85), Z(0xe9), Z(0x64), Z(0x02), Z(0x9a), Z(0x3f), Z(0x9f), Z(0x87),
204 Z(0x96), Z(0xdf), Z(0xbe), Z(0xf2), Z(0xcb), Z(0xe5), Z(0x6c), Z(0xd4),
205 Z(0x5a), Z(0x83), Z(0xbf), Z(0x92), Z(0x1b), Z(0x94), Z(0x00), Z(0x42),
206 Z(0xcf), Z(0x4b), Z(0x00), Z(0x75), Z(0xba), Z(0x8f), Z(0x76), Z(0x5f),
207 Z(0x5d), Z(0x3a), Z(0x4d), Z(0x09), Z(0x12), Z(0x08), Z(0x38), Z(0x95),
208 Z(0x17), Z(0xe4), Z(0x01), Z(0x1d), Z(0x4c), Z(0xa9), Z(0xcc), Z(0x85),
209 Z(0x82), Z(0x4c), Z(0x9d), Z(0x2f), Z(0x3b), Z(0x66), Z(0xa1), Z(0x34),
210 Z(0x10), Z(0xcd), Z(0x59), Z(0x89), Z(0xa5), Z(0x31), Z(0xcf), Z(0x05),
211 Z(0xc8), Z(0x84), Z(0xfa), Z(0xc7), Z(0xba), Z(0x4e), Z(0x8b), Z(0x1a),
212 Z(0x19), Z(0xf1), Z(0xa1), Z(0x3b), Z(0x18), Z(0x12), Z(0x17), Z(0xb0),
213 Z(0x98), Z(0x8d), Z(0x0b), Z(0x23), Z(0xc3), Z(0x3a), Z(0x2d), Z(0x20),
214 Z(0xdf), Z(0x13), Z(0xa0), Z(0xa8), Z(0x4c), Z(0x0d), Z(0x6c), Z(0x2f),
215 Z(0x47), Z(0x13), Z(0x13), Z(0x52), Z(0x1f), Z(0x2d), Z(0xf5), Z(0x79),
216 Z(0x3d), Z(0xa2), Z(0x54), Z(0xbd), Z(0x69), Z(0xc8), Z(0x6b), Z(0xf3),
217 Z(0x05), Z(0x28), Z(0xf1), Z(0x16), Z(0x46), Z(0x40), Z(0xb0), Z(0x11),
218 Z(0xd3), Z(0xb7), Z(0x95), Z(0x49), Z(0xcf), Z(0xc3), Z(0x1d), Z(0x8f),
219 Z(0xd8), Z(0xe1), Z(0x73), Z(0xdb), Z(0xad), Z(0xc8), Z(0xc9), Z(0xa9),
220 Z(0xa1), Z(0xc2), Z(0xc5), Z(0xe3), Z(0xba), Z(0xfc), Z(0x0e), Z(0x25)
221};
222
223/*
224 * This is a 16 round Feistel network with permutation F_ENCRYPT
225 */
226#define F_ENCRYPT(R, L, sched) \
227do { \
228 union lc4 { u32 l; u8 c[4]; } u; \
229 u.l = sched ^ R; \
230 L ^= sbox0[u.c[0]] ^ sbox1[u.c[1]] ^ sbox2[u.c[2]] ^ sbox3[u.c[3]]; \
231} while(0)
232
233/*
234 * encryptor
235 */
236static void fcrypt_encrypt(struct crypto_tfm *tfm, u8 *dst, const u8 *src)
237{
238 const struct fcrypt_ctx *ctx = crypto_tfm_ctx(tfm);
239 struct {
240 u32 l, r;
241 } X;
242
243 memcpy(&X, src, sizeof(X));
244
245 F_ENCRYPT(X.r, X.l, ctx->sched[0x0]);
246 F_ENCRYPT(X.l, X.r, ctx->sched[0x1]);
247 F_ENCRYPT(X.r, X.l, ctx->sched[0x2]);
248 F_ENCRYPT(X.l, X.r, ctx->sched[0x3]);
249 F_ENCRYPT(X.r, X.l, ctx->sched[0x4]);
250 F_ENCRYPT(X.l, X.r, ctx->sched[0x5]);
251 F_ENCRYPT(X.r, X.l, ctx->sched[0x6]);
252 F_ENCRYPT(X.l, X.r, ctx->sched[0x7]);
253 F_ENCRYPT(X.r, X.l, ctx->sched[0x8]);
254 F_ENCRYPT(X.l, X.r, ctx->sched[0x9]);
255 F_ENCRYPT(X.r, X.l, ctx->sched[0xa]);
256 F_ENCRYPT(X.l, X.r, ctx->sched[0xb]);
257 F_ENCRYPT(X.r, X.l, ctx->sched[0xc]);
258 F_ENCRYPT(X.l, X.r, ctx->sched[0xd]);
259 F_ENCRYPT(X.r, X.l, ctx->sched[0xe]);
260 F_ENCRYPT(X.l, X.r, ctx->sched[0xf]);
261
262 memcpy(dst, &X, sizeof(X));
263}
264
265/*
266 * decryptor
267 */
268static void fcrypt_decrypt(struct crypto_tfm *tfm, u8 *dst, const u8 *src)
269{
270 const struct fcrypt_ctx *ctx = crypto_tfm_ctx(tfm);
271 struct {
272 u32 l, r;
273 } X;
274
275 memcpy(&X, src, sizeof(X));
276
277 F_ENCRYPT(X.l, X.r, ctx->sched[0xf]);
278 F_ENCRYPT(X.r, X.l, ctx->sched[0xe]);
279 F_ENCRYPT(X.l, X.r, ctx->sched[0xd]);
280 F_ENCRYPT(X.r, X.l, ctx->sched[0xc]);
281 F_ENCRYPT(X.l, X.r, ctx->sched[0xb]);
282 F_ENCRYPT(X.r, X.l, ctx->sched[0xa]);
283 F_ENCRYPT(X.l, X.r, ctx->sched[0x9]);
284 F_ENCRYPT(X.r, X.l, ctx->sched[0x8]);
285 F_ENCRYPT(X.l, X.r, ctx->sched[0x7]);
286 F_ENCRYPT(X.r, X.l, ctx->sched[0x6]);
287 F_ENCRYPT(X.l, X.r, ctx->sched[0x5]);
288 F_ENCRYPT(X.r, X.l, ctx->sched[0x4]);
289 F_ENCRYPT(X.l, X.r, ctx->sched[0x3]);
290 F_ENCRYPT(X.r, X.l, ctx->sched[0x2]);
291 F_ENCRYPT(X.l, X.r, ctx->sched[0x1]);
292 F_ENCRYPT(X.r, X.l, ctx->sched[0x0]);
293
294 memcpy(dst, &X, sizeof(X));
295}
296
297/*
298 * Generate a key schedule from key, the least significant bit in each key byte
299 * is parity and shall be ignored. This leaves 56 significant bits in the key
300 * to scatter over the 16 key schedules. For each schedule extract the low
301 * order 32 bits and use as schedule, then rotate right by 11 bits.
302 */
303static int fcrypt_setkey(struct crypto_tfm *tfm, const u8 *key, unsigned int keylen)
304{
305 struct fcrypt_ctx *ctx = crypto_tfm_ctx(tfm);
306
307#if BITS_PER_LONG == 64 /* the 64-bit version can also be used for 32-bit
308 * kernels - it seems to be faster but the code is
309 * larger */
310
311 u64 k; /* k holds all 56 non-parity bits */
312
313 /* discard the parity bits */
314 k = (*key++) >> 1;
315 k <<= 7;
316 k |= (*key++) >> 1;
317 k <<= 7;
318 k |= (*key++) >> 1;
319 k <<= 7;
320 k |= (*key++) >> 1;
321 k <<= 7;
322 k |= (*key++) >> 1;
323 k <<= 7;
324 k |= (*key++) >> 1;
325 k <<= 7;
326 k |= (*key++) >> 1;
327 k <<= 7;
328 k |= (*key) >> 1;
329
330 /* Use lower 32 bits for schedule, rotate by 11 each round (16 times) */
331 ctx->sched[0x0] = be32_to_cpu(k); ror56_64(k, 11);
332 ctx->sched[0x1] = be32_to_cpu(k); ror56_64(k, 11);
333 ctx->sched[0x2] = be32_to_cpu(k); ror56_64(k, 11);
334 ctx->sched[0x3] = be32_to_cpu(k); ror56_64(k, 11);
335 ctx->sched[0x4] = be32_to_cpu(k); ror56_64(k, 11);
336 ctx->sched[0x5] = be32_to_cpu(k); ror56_64(k, 11);
337 ctx->sched[0x6] = be32_to_cpu(k); ror56_64(k, 11);
338 ctx->sched[0x7] = be32_to_cpu(k); ror56_64(k, 11);
339 ctx->sched[0x8] = be32_to_cpu(k); ror56_64(k, 11);
340 ctx->sched[0x9] = be32_to_cpu(k); ror56_64(k, 11);
341 ctx->sched[0xa] = be32_to_cpu(k); ror56_64(k, 11);
342 ctx->sched[0xb] = be32_to_cpu(k); ror56_64(k, 11);
343 ctx->sched[0xc] = be32_to_cpu(k); ror56_64(k, 11);
344 ctx->sched[0xd] = be32_to_cpu(k); ror56_64(k, 11);
345 ctx->sched[0xe] = be32_to_cpu(k); ror56_64(k, 11);
346 ctx->sched[0xf] = be32_to_cpu(k);
347
348 return 0;
349#else
350 u32 hi, lo; /* hi is upper 24 bits and lo lower 32, total 56 */
351
352 /* discard the parity bits */
353 lo = (*key++) >> 1;
354 lo <<= 7;
355 lo |= (*key++) >> 1;
356 lo <<= 7;
357 lo |= (*key++) >> 1;
358 lo <<= 7;
359 lo |= (*key++) >> 1;
360 hi = lo >> 4;
361 lo &= 0xf;
362 lo <<= 7;
363 lo |= (*key++) >> 1;
364 lo <<= 7;
365 lo |= (*key++) >> 1;
366 lo <<= 7;
367 lo |= (*key++) >> 1;
368 lo <<= 7;
369 lo |= (*key) >> 1;
370
371 /* Use lower 32 bits for schedule, rotate by 11 each round (16 times) */
372 ctx->sched[0x0] = be32_to_cpu(lo); ror56(hi, lo, 11);
373 ctx->sched[0x1] = be32_to_cpu(lo); ror56(hi, lo, 11);
374 ctx->sched[0x2] = be32_to_cpu(lo); ror56(hi, lo, 11);
375 ctx->sched[0x3] = be32_to_cpu(lo); ror56(hi, lo, 11);
376 ctx->sched[0x4] = be32_to_cpu(lo); ror56(hi, lo, 11);
377 ctx->sched[0x5] = be32_to_cpu(lo); ror56(hi, lo, 11);
378 ctx->sched[0x6] = be32_to_cpu(lo); ror56(hi, lo, 11);
379 ctx->sched[0x7] = be32_to_cpu(lo); ror56(hi, lo, 11);
380 ctx->sched[0x8] = be32_to_cpu(lo); ror56(hi, lo, 11);
381 ctx->sched[0x9] = be32_to_cpu(lo); ror56(hi, lo, 11);
382 ctx->sched[0xa] = be32_to_cpu(lo); ror56(hi, lo, 11);
383 ctx->sched[0xb] = be32_to_cpu(lo); ror56(hi, lo, 11);
384 ctx->sched[0xc] = be32_to_cpu(lo); ror56(hi, lo, 11);
385 ctx->sched[0xd] = be32_to_cpu(lo); ror56(hi, lo, 11);
386 ctx->sched[0xe] = be32_to_cpu(lo); ror56(hi, lo, 11);
387 ctx->sched[0xf] = be32_to_cpu(lo);
388 return 0;
389#endif
390}
391
392static struct crypto_alg fcrypt_alg = {
393 .cra_name = "fcrypt",
394 .cra_flags = CRYPTO_ALG_TYPE_CIPHER,
395 .cra_blocksize = 8,
396 .cra_ctxsize = sizeof(struct fcrypt_ctx),
397 .cra_module = THIS_MODULE,
398 .cra_alignmask = 3,
399 .cra_list = LIST_HEAD_INIT(fcrypt_alg.cra_list),
400 .cra_u = { .cipher = {
401 .cia_min_keysize = 8,
402 .cia_max_keysize = 8,
403 .cia_setkey = fcrypt_setkey,
404 .cia_encrypt = fcrypt_encrypt,
405 .cia_decrypt = fcrypt_decrypt } }
406};
407
408static int __init init(void)
409{
410 return crypto_register_alg(&fcrypt_alg);
411}
412
413static void __exit fini(void)
414{
415 crypto_unregister_alg(&fcrypt_alg);
416}
417
418module_init(init);
419module_exit(fini);
420
421MODULE_LICENSE("Dual BSD/GPL");
422MODULE_DESCRIPTION("FCrypt Cipher Algorithm");
423MODULE_AUTHOR("David Howells <dhowells@redhat.com>");
diff --git a/crypto/hash.c b/crypto/hash.c
index cdec23d885fe..12c4514f3478 100644
--- a/crypto/hash.c
+++ b/crypto/hash.c
@@ -16,12 +16,13 @@
16 16
17#include "internal.h" 17#include "internal.h"
18 18
19static unsigned int crypto_hash_ctxsize(struct crypto_alg *alg) 19static unsigned int crypto_hash_ctxsize(struct crypto_alg *alg, u32 type,
20 u32 mask)
20{ 21{
21 return alg->cra_ctxsize; 22 return alg->cra_ctxsize;
22} 23}
23 24
24static int crypto_init_hash_ops(struct crypto_tfm *tfm) 25static int crypto_init_hash_ops(struct crypto_tfm *tfm, u32 type, u32 mask)
25{ 26{
26 struct hash_tfm *crt = &tfm->crt_hash; 27 struct hash_tfm *crt = &tfm->crt_hash;
27 struct hash_alg *alg = &tfm->__crt_alg->cra_hash; 28 struct hash_alg *alg = &tfm->__crt_alg->cra_hash;
diff --git a/crypto/hmac.c b/crypto/hmac.c
index b521bcd2b2c6..44187c5ee593 100644
--- a/crypto/hmac.c
+++ b/crypto/hmac.c
@@ -172,15 +172,16 @@ static int hmac_digest(struct hash_desc *pdesc, struct scatterlist *sg,
172 172
173static int hmac_init_tfm(struct crypto_tfm *tfm) 173static int hmac_init_tfm(struct crypto_tfm *tfm)
174{ 174{
175 struct crypto_hash *hash;
175 struct crypto_instance *inst = (void *)tfm->__crt_alg; 176 struct crypto_instance *inst = (void *)tfm->__crt_alg;
176 struct crypto_spawn *spawn = crypto_instance_ctx(inst); 177 struct crypto_spawn *spawn = crypto_instance_ctx(inst);
177 struct hmac_ctx *ctx = hmac_ctx(__crypto_hash_cast(tfm)); 178 struct hmac_ctx *ctx = hmac_ctx(__crypto_hash_cast(tfm));
178 179
179 tfm = crypto_spawn_tfm(spawn); 180 hash = crypto_spawn_hash(spawn);
180 if (IS_ERR(tfm)) 181 if (IS_ERR(hash))
181 return PTR_ERR(tfm); 182 return PTR_ERR(hash);
182 183
183 ctx->child = crypto_hash_cast(tfm); 184 ctx->child = hash;
184 return 0; 185 return 0;
185} 186}
186 187
diff --git a/crypto/internal.h b/crypto/internal.h
index 2da6ad4f3593..60acad9788c5 100644
--- a/crypto/internal.h
+++ b/crypto/internal.h
@@ -83,8 +83,7 @@ static inline void crypto_exit_proc(void)
83{ } 83{ }
84#endif 84#endif
85 85
86static inline unsigned int crypto_digest_ctxsize(struct crypto_alg *alg, 86static inline unsigned int crypto_digest_ctxsize(struct crypto_alg *alg)
87 int flags)
88{ 87{
89 unsigned int len = alg->cra_ctxsize; 88 unsigned int len = alg->cra_ctxsize;
90 89
@@ -96,23 +95,12 @@ static inline unsigned int crypto_digest_ctxsize(struct crypto_alg *alg,
96 return len; 95 return len;
97} 96}
98 97
99static inline unsigned int crypto_cipher_ctxsize(struct crypto_alg *alg, 98static inline unsigned int crypto_cipher_ctxsize(struct crypto_alg *alg)
100 int flags)
101{ 99{
102 unsigned int len = alg->cra_ctxsize; 100 return alg->cra_ctxsize;
103
104 switch (flags & CRYPTO_TFM_MODE_MASK) {
105 case CRYPTO_TFM_MODE_CBC:
106 len = ALIGN(len, (unsigned long)alg->cra_alignmask + 1);
107 len += alg->cra_blocksize;
108 break;
109 }
110
111 return len;
112} 101}
113 102
114static inline unsigned int crypto_compress_ctxsize(struct crypto_alg *alg, 103static inline unsigned int crypto_compress_ctxsize(struct crypto_alg *alg)
115 int flags)
116{ 104{
117 return alg->cra_ctxsize; 105 return alg->cra_ctxsize;
118} 106}
@@ -121,10 +109,6 @@ struct crypto_alg *crypto_mod_get(struct crypto_alg *alg);
121struct crypto_alg *__crypto_alg_lookup(const char *name, u32 type, u32 mask); 109struct crypto_alg *__crypto_alg_lookup(const char *name, u32 type, u32 mask);
122struct crypto_alg *crypto_alg_mod_lookup(const char *name, u32 type, u32 mask); 110struct crypto_alg *crypto_alg_mod_lookup(const char *name, u32 type, u32 mask);
123 111
124int crypto_init_digest_flags(struct crypto_tfm *tfm, u32 flags);
125int crypto_init_cipher_flags(struct crypto_tfm *tfm, u32 flags);
126int crypto_init_compress_flags(struct crypto_tfm *tfm, u32 flags);
127
128int crypto_init_digest_ops(struct crypto_tfm *tfm); 112int crypto_init_digest_ops(struct crypto_tfm *tfm);
129int crypto_init_cipher_ops(struct crypto_tfm *tfm); 113int crypto_init_cipher_ops(struct crypto_tfm *tfm);
130int crypto_init_compress_ops(struct crypto_tfm *tfm); 114int crypto_init_compress_ops(struct crypto_tfm *tfm);
@@ -136,7 +120,8 @@ void crypto_exit_compress_ops(struct crypto_tfm *tfm);
136void crypto_larval_error(const char *name, u32 type, u32 mask); 120void crypto_larval_error(const char *name, u32 type, u32 mask);
137 121
138void crypto_shoot_alg(struct crypto_alg *alg); 122void crypto_shoot_alg(struct crypto_alg *alg);
139struct crypto_tfm *__crypto_alloc_tfm(struct crypto_alg *alg, u32 flags); 123struct crypto_tfm *__crypto_alloc_tfm(struct crypto_alg *alg, u32 type,
124 u32 mask);
140 125
141int crypto_register_instance(struct crypto_template *tmpl, 126int crypto_register_instance(struct crypto_template *tmpl,
142 struct crypto_instance *inst); 127 struct crypto_instance *inst);
diff --git a/crypto/lrw.c b/crypto/lrw.c
index 56642586d84f..b4105080ac7a 100644
--- a/crypto/lrw.c
+++ b/crypto/lrw.c
@@ -201,21 +201,22 @@ static int decrypt(struct blkcipher_desc *desc, struct scatterlist *dst,
201 201
202static int init_tfm(struct crypto_tfm *tfm) 202static int init_tfm(struct crypto_tfm *tfm)
203{ 203{
204 struct crypto_cipher *cipher;
204 struct crypto_instance *inst = (void *)tfm->__crt_alg; 205 struct crypto_instance *inst = (void *)tfm->__crt_alg;
205 struct crypto_spawn *spawn = crypto_instance_ctx(inst); 206 struct crypto_spawn *spawn = crypto_instance_ctx(inst);
206 struct priv *ctx = crypto_tfm_ctx(tfm); 207 struct priv *ctx = crypto_tfm_ctx(tfm);
207 u32 *flags = &tfm->crt_flags; 208 u32 *flags = &tfm->crt_flags;
208 209
209 tfm = crypto_spawn_tfm(spawn); 210 cipher = crypto_spawn_cipher(spawn);
210 if (IS_ERR(tfm)) 211 if (IS_ERR(cipher))
211 return PTR_ERR(tfm); 212 return PTR_ERR(cipher);
212 213
213 if (crypto_tfm_alg_blocksize(tfm) != 16) { 214 if (crypto_cipher_blocksize(cipher) != 16) {
214 *flags |= CRYPTO_TFM_RES_BAD_BLOCK_LEN; 215 *flags |= CRYPTO_TFM_RES_BAD_BLOCK_LEN;
215 return -EINVAL; 216 return -EINVAL;
216 } 217 }
217 218
218 ctx->child = crypto_cipher_cast(tfm); 219 ctx->child = cipher;
219 return 0; 220 return 0;
220} 221}
221 222
diff --git a/crypto/pcbc.c b/crypto/pcbc.c
new file mode 100644
index 000000000000..5174d7fdad6e
--- /dev/null
+++ b/crypto/pcbc.c
@@ -0,0 +1,349 @@
1/*
2 * PCBC: Propagating Cipher Block Chaining mode
3 *
4 * Copyright (C) 2006 Red Hat, Inc. All Rights Reserved.
5 * Written by David Howells (dhowells@redhat.com)
6 *
7 * Derived from cbc.c
8 * - Copyright (c) 2006 Herbert Xu <herbert@gondor.apana.org.au>
9 *
10 * This program is free software; you can redistribute it and/or modify it
11 * under the terms of the GNU General Public License as published by the Free
12 * Software Foundation; either version 2 of the License, or (at your option)
13 * any later version.
14 *
15 */
16
17#include <crypto/algapi.h>
18#include <linux/err.h>
19#include <linux/init.h>
20#include <linux/kernel.h>
21#include <linux/module.h>
22#include <linux/scatterlist.h>
23#include <linux/slab.h>
24
25struct crypto_pcbc_ctx {
26 struct crypto_cipher *child;
27 void (*xor)(u8 *dst, const u8 *src, unsigned int bs);
28};
29
30static int crypto_pcbc_setkey(struct crypto_tfm *parent, const u8 *key,
31 unsigned int keylen)
32{
33 struct crypto_pcbc_ctx *ctx = crypto_tfm_ctx(parent);
34 struct crypto_cipher *child = ctx->child;
35 int err;
36
37 crypto_cipher_clear_flags(child, CRYPTO_TFM_REQ_MASK);
38 crypto_cipher_set_flags(child, crypto_tfm_get_flags(parent) &
39 CRYPTO_TFM_REQ_MASK);
40 err = crypto_cipher_setkey(child, key, keylen);
41 crypto_tfm_set_flags(parent, crypto_cipher_get_flags(child) &
42 CRYPTO_TFM_RES_MASK);
43 return err;
44}
45
46static int crypto_pcbc_encrypt_segment(struct blkcipher_desc *desc,
47 struct blkcipher_walk *walk,
48 struct crypto_cipher *tfm,
49 void (*xor)(u8 *, const u8 *,
50 unsigned int))
51{
52 void (*fn)(struct crypto_tfm *, u8 *, const u8 *) =
53 crypto_cipher_alg(tfm)->cia_encrypt;
54 int bsize = crypto_cipher_blocksize(tfm);
55 unsigned int nbytes = walk->nbytes;
56 u8 *src = walk->src.virt.addr;
57 u8 *dst = walk->dst.virt.addr;
58 u8 *iv = walk->iv;
59
60 do {
61 xor(iv, src, bsize);
62 fn(crypto_cipher_tfm(tfm), dst, iv);
63 memcpy(iv, dst, bsize);
64 xor(iv, src, bsize);
65
66 src += bsize;
67 dst += bsize;
68 } while ((nbytes -= bsize) >= bsize);
69
70 return nbytes;
71}
72
73static int crypto_pcbc_encrypt_inplace(struct blkcipher_desc *desc,
74 struct blkcipher_walk *walk,
75 struct crypto_cipher *tfm,
76 void (*xor)(u8 *, const u8 *,
77 unsigned int))
78{
79 void (*fn)(struct crypto_tfm *, u8 *, const u8 *) =
80 crypto_cipher_alg(tfm)->cia_encrypt;
81 int bsize = crypto_cipher_blocksize(tfm);
82 unsigned int nbytes = walk->nbytes;
83 u8 *src = walk->src.virt.addr;
84 u8 *iv = walk->iv;
85 u8 tmpbuf[bsize];
86
87 do {
88 memcpy(tmpbuf, src, bsize);
89 xor(iv, tmpbuf, bsize);
90 fn(crypto_cipher_tfm(tfm), src, iv);
91 memcpy(iv, src, bsize);
92 xor(iv, tmpbuf, bsize);
93
94 src += bsize;
95 } while ((nbytes -= bsize) >= bsize);
96
97 memcpy(walk->iv, iv, bsize);
98
99 return nbytes;
100}
101
102static int crypto_pcbc_encrypt(struct blkcipher_desc *desc,
103 struct scatterlist *dst, struct scatterlist *src,
104 unsigned int nbytes)
105{
106 struct blkcipher_walk walk;
107 struct crypto_blkcipher *tfm = desc->tfm;
108 struct crypto_pcbc_ctx *ctx = crypto_blkcipher_ctx(tfm);
109 struct crypto_cipher *child = ctx->child;
110 void (*xor)(u8 *, const u8 *, unsigned int bs) = ctx->xor;
111 int err;
112
113 blkcipher_walk_init(&walk, dst, src, nbytes);
114 err = blkcipher_walk_virt(desc, &walk);
115
116 while ((nbytes = walk.nbytes)) {
117 if (walk.src.virt.addr == walk.dst.virt.addr)
118 nbytes = crypto_pcbc_encrypt_inplace(desc, &walk, child,
119 xor);
120 else
121 nbytes = crypto_pcbc_encrypt_segment(desc, &walk, child,
122 xor);
123 err = blkcipher_walk_done(desc, &walk, nbytes);
124 }
125
126 return err;
127}
128
129static int crypto_pcbc_decrypt_segment(struct blkcipher_desc *desc,
130 struct blkcipher_walk *walk,
131 struct crypto_cipher *tfm,
132 void (*xor)(u8 *, const u8 *,
133 unsigned int))
134{
135 void (*fn)(struct crypto_tfm *, u8 *, const u8 *) =
136 crypto_cipher_alg(tfm)->cia_decrypt;
137 int bsize = crypto_cipher_blocksize(tfm);
138 unsigned int nbytes = walk->nbytes;
139 u8 *src = walk->src.virt.addr;
140 u8 *dst = walk->dst.virt.addr;
141 u8 *iv = walk->iv;
142
143 do {
144 fn(crypto_cipher_tfm(tfm), dst, src);
145 xor(dst, iv, bsize);
146 memcpy(iv, src, bsize);
147 xor(iv, dst, bsize);
148
149 src += bsize;
150 dst += bsize;
151 } while ((nbytes -= bsize) >= bsize);
152
153 memcpy(walk->iv, iv, bsize);
154
155 return nbytes;
156}
157
158static int crypto_pcbc_decrypt_inplace(struct blkcipher_desc *desc,
159 struct blkcipher_walk *walk,
160 struct crypto_cipher *tfm,
161 void (*xor)(u8 *, const u8 *,
162 unsigned int))
163{
164 void (*fn)(struct crypto_tfm *, u8 *, const u8 *) =
165 crypto_cipher_alg(tfm)->cia_decrypt;
166 int bsize = crypto_cipher_blocksize(tfm);
167 unsigned int nbytes = walk->nbytes;
168 u8 *src = walk->src.virt.addr;
169 u8 *iv = walk->iv;
170 u8 tmpbuf[bsize];
171
172 do {
173 memcpy(tmpbuf, src, bsize);
174 fn(crypto_cipher_tfm(tfm), src, src);
175 xor(src, iv, bsize);
176 memcpy(iv, tmpbuf, bsize);
177 xor(iv, src, bsize);
178
179 src += bsize;
180 } while ((nbytes -= bsize) >= bsize);
181
182 memcpy(walk->iv, iv, bsize);
183
184 return nbytes;
185}
186
187static int crypto_pcbc_decrypt(struct blkcipher_desc *desc,
188 struct scatterlist *dst, struct scatterlist *src,
189 unsigned int nbytes)
190{
191 struct blkcipher_walk walk;
192 struct crypto_blkcipher *tfm = desc->tfm;
193 struct crypto_pcbc_ctx *ctx = crypto_blkcipher_ctx(tfm);
194 struct crypto_cipher *child = ctx->child;
195 void (*xor)(u8 *, const u8 *, unsigned int bs) = ctx->xor;
196 int err;
197
198 blkcipher_walk_init(&walk, dst, src, nbytes);
199 err = blkcipher_walk_virt(desc, &walk);
200
201 while ((nbytes = walk.nbytes)) {
202 if (walk.src.virt.addr == walk.dst.virt.addr)
203 nbytes = crypto_pcbc_decrypt_inplace(desc, &walk, child,
204 xor);
205 else
206 nbytes = crypto_pcbc_decrypt_segment(desc, &walk, child,
207 xor);
208 err = blkcipher_walk_done(desc, &walk, nbytes);
209 }
210
211 return err;
212}
213
214static void xor_byte(u8 *a, const u8 *b, unsigned int bs)
215{
216 do {
217 *a++ ^= *b++;
218 } while (--bs);
219}
220
221static void xor_quad(u8 *dst, const u8 *src, unsigned int bs)
222{
223 u32 *a = (u32 *)dst;
224 u32 *b = (u32 *)src;
225
226 do {
227 *a++ ^= *b++;
228 } while ((bs -= 4));
229}
230
231static void xor_64(u8 *a, const u8 *b, unsigned int bs)
232{
233 ((u32 *)a)[0] ^= ((u32 *)b)[0];
234 ((u32 *)a)[1] ^= ((u32 *)b)[1];
235}
236
237static void xor_128(u8 *a, const u8 *b, unsigned int bs)
238{
239 ((u32 *)a)[0] ^= ((u32 *)b)[0];
240 ((u32 *)a)[1] ^= ((u32 *)b)[1];
241 ((u32 *)a)[2] ^= ((u32 *)b)[2];
242 ((u32 *)a)[3] ^= ((u32 *)b)[3];
243}
244
245static int crypto_pcbc_init_tfm(struct crypto_tfm *tfm)
246{
247 struct crypto_instance *inst = (void *)tfm->__crt_alg;
248 struct crypto_spawn *spawn = crypto_instance_ctx(inst);
249 struct crypto_pcbc_ctx *ctx = crypto_tfm_ctx(tfm);
250 struct crypto_cipher *cipher;
251
252 switch (crypto_tfm_alg_blocksize(tfm)) {
253 case 8:
254 ctx->xor = xor_64;
255 break;
256
257 case 16:
258 ctx->xor = xor_128;
259 break;
260
261 default:
262 if (crypto_tfm_alg_blocksize(tfm) % 4)
263 ctx->xor = xor_byte;
264 else
265 ctx->xor = xor_quad;
266 }
267
268 cipher = crypto_spawn_cipher(spawn);
269 if (IS_ERR(cipher))
270 return PTR_ERR(cipher);
271
272 ctx->child = cipher;
273 return 0;
274}
275
276static void crypto_pcbc_exit_tfm(struct crypto_tfm *tfm)
277{
278 struct crypto_pcbc_ctx *ctx = crypto_tfm_ctx(tfm);
279 crypto_free_cipher(ctx->child);
280}
281
282static struct crypto_instance *crypto_pcbc_alloc(void *param, unsigned int len)
283{
284 struct crypto_instance *inst;
285 struct crypto_alg *alg;
286
287 alg = crypto_get_attr_alg(param, len, CRYPTO_ALG_TYPE_CIPHER,
288 CRYPTO_ALG_TYPE_MASK | CRYPTO_ALG_ASYNC);
289 if (IS_ERR(alg))
290 return ERR_PTR(PTR_ERR(alg));
291
292 inst = crypto_alloc_instance("pcbc", alg);
293 if (IS_ERR(inst))
294 goto out_put_alg;
295
296 inst->alg.cra_flags = CRYPTO_ALG_TYPE_BLKCIPHER;
297 inst->alg.cra_priority = alg->cra_priority;
298 inst->alg.cra_blocksize = alg->cra_blocksize;
299 inst->alg.cra_alignmask = alg->cra_alignmask;
300 inst->alg.cra_type = &crypto_blkcipher_type;
301
302 if (!(alg->cra_blocksize % 4))
303 inst->alg.cra_alignmask |= 3;
304 inst->alg.cra_blkcipher.ivsize = alg->cra_blocksize;
305 inst->alg.cra_blkcipher.min_keysize = alg->cra_cipher.cia_min_keysize;
306 inst->alg.cra_blkcipher.max_keysize = alg->cra_cipher.cia_max_keysize;
307
308 inst->alg.cra_ctxsize = sizeof(struct crypto_pcbc_ctx);
309
310 inst->alg.cra_init = crypto_pcbc_init_tfm;
311 inst->alg.cra_exit = crypto_pcbc_exit_tfm;
312
313 inst->alg.cra_blkcipher.setkey = crypto_pcbc_setkey;
314 inst->alg.cra_blkcipher.encrypt = crypto_pcbc_encrypt;
315 inst->alg.cra_blkcipher.decrypt = crypto_pcbc_decrypt;
316
317out_put_alg:
318 crypto_mod_put(alg);
319 return inst;
320}
321
322static void crypto_pcbc_free(struct crypto_instance *inst)
323{
324 crypto_drop_spawn(crypto_instance_ctx(inst));
325 kfree(inst);
326}
327
328static struct crypto_template crypto_pcbc_tmpl = {
329 .name = "pcbc",
330 .alloc = crypto_pcbc_alloc,
331 .free = crypto_pcbc_free,
332 .module = THIS_MODULE,
333};
334
335static int __init crypto_pcbc_module_init(void)
336{
337 return crypto_register_template(&crypto_pcbc_tmpl);
338}
339
340static void __exit crypto_pcbc_module_exit(void)
341{
342 crypto_unregister_template(&crypto_pcbc_tmpl);
343}
344
345module_init(crypto_pcbc_module_init);
346module_exit(crypto_pcbc_module_exit);
347
348MODULE_LICENSE("GPL");
349MODULE_DESCRIPTION("PCBC block cipher algorithm");
diff --git a/crypto/proc.c b/crypto/proc.c
index dabce0676f63..102c751a124c 100644
--- a/crypto/proc.c
+++ b/crypto/proc.c
@@ -101,7 +101,7 @@ static int crypto_info_open(struct inode *inode, struct file *file)
101 return seq_open(file, &crypto_seq_ops); 101 return seq_open(file, &crypto_seq_ops);
102} 102}
103 103
104static struct file_operations proc_crypto_ops = { 104static const struct file_operations proc_crypto_ops = {
105 .open = crypto_info_open, 105 .open = crypto_info_open,
106 .read = seq_read, 106 .read = seq_read,
107 .llseek = seq_lseek, 107 .llseek = seq_lseek,
diff --git a/crypto/tcrypt.c b/crypto/tcrypt.c
index d671e8942b1f..f5e9da319ece 100644
--- a/crypto/tcrypt.c
+++ b/crypto/tcrypt.c
@@ -12,6 +12,7 @@
12 * Software Foundation; either version 2 of the License, or (at your option) 12 * Software Foundation; either version 2 of the License, or (at your option)
13 * any later version. 13 * any later version.
14 * 14 *
15 * 2006-12-07 Added SHA384 HMAC and SHA512 HMAC tests
15 * 2004-08-09 Added cipher speed tests (Reyk Floeter <reyk@vantronix.net>) 16 * 2004-08-09 Added cipher speed tests (Reyk Floeter <reyk@vantronix.net>)
16 * 2003-09-14 Rewritten by Kartikey Mahendra Bhatt 17 * 2003-09-14 Rewritten by Kartikey Mahendra Bhatt
17 * 18 *
@@ -71,7 +72,8 @@ static char *check[] = {
71 "des", "md5", "des3_ede", "rot13", "sha1", "sha256", "blowfish", 72 "des", "md5", "des3_ede", "rot13", "sha1", "sha256", "blowfish",
72 "twofish", "serpent", "sha384", "sha512", "md4", "aes", "cast6", 73 "twofish", "serpent", "sha384", "sha512", "md4", "aes", "cast6",
73 "arc4", "michael_mic", "deflate", "crc32c", "tea", "xtea", 74 "arc4", "michael_mic", "deflate", "crc32c", "tea", "xtea",
74 "khazad", "wp512", "wp384", "wp256", "tnepres", "xeta", NULL 75 "khazad", "wp512", "wp384", "wp256", "tnepres", "xeta", "fcrypt",
76 "camellia", NULL
75}; 77};
76 78
77static void hexdump(unsigned char *buf, unsigned int len) 79static void hexdump(unsigned char *buf, unsigned int len)
@@ -765,7 +767,7 @@ static void test_deflate(void)
765 memcpy(tvmem, deflate_comp_tv_template, tsize); 767 memcpy(tvmem, deflate_comp_tv_template, tsize);
766 tv = (void *)tvmem; 768 tv = (void *)tvmem;
767 769
768 tfm = crypto_alloc_tfm("deflate", 0); 770 tfm = crypto_alloc_comp("deflate", 0, CRYPTO_ALG_ASYNC);
769 if (tfm == NULL) { 771 if (tfm == NULL) {
770 printk("failed to load transform for deflate\n"); 772 printk("failed to load transform for deflate\n");
771 return; 773 return;
@@ -964,6 +966,26 @@ static void do_test(void)
964 test_cipher("ecb(xeta)", DECRYPT, xeta_dec_tv_template, 966 test_cipher("ecb(xeta)", DECRYPT, xeta_dec_tv_template,
965 XETA_DEC_TEST_VECTORS); 967 XETA_DEC_TEST_VECTORS);
966 968
969 //FCrypt
970 test_cipher("pcbc(fcrypt)", ENCRYPT, fcrypt_pcbc_enc_tv_template,
971 FCRYPT_ENC_TEST_VECTORS);
972 test_cipher("pcbc(fcrypt)", DECRYPT, fcrypt_pcbc_dec_tv_template,
973 FCRYPT_DEC_TEST_VECTORS);
974
975 //CAMELLIA
976 test_cipher("ecb(camellia)", ENCRYPT,
977 camellia_enc_tv_template,
978 CAMELLIA_ENC_TEST_VECTORS);
979 test_cipher("ecb(camellia)", DECRYPT,
980 camellia_dec_tv_template,
981 CAMELLIA_DEC_TEST_VECTORS);
982 test_cipher("cbc(camellia)", ENCRYPT,
983 camellia_cbc_enc_tv_template,
984 CAMELLIA_CBC_ENC_TEST_VECTORS);
985 test_cipher("cbc(camellia)", DECRYPT,
986 camellia_cbc_dec_tv_template,
987 CAMELLIA_CBC_DEC_TEST_VECTORS);
988
967 test_hash("sha384", sha384_tv_template, SHA384_TEST_VECTORS); 989 test_hash("sha384", sha384_tv_template, SHA384_TEST_VECTORS);
968 test_hash("sha512", sha512_tv_template, SHA512_TEST_VECTORS); 990 test_hash("sha512", sha512_tv_template, SHA512_TEST_VECTORS);
969 test_hash("wp512", wp512_tv_template, WP512_TEST_VECTORS); 991 test_hash("wp512", wp512_tv_template, WP512_TEST_VECTORS);
@@ -980,6 +1002,10 @@ static void do_test(void)
980 HMAC_SHA1_TEST_VECTORS); 1002 HMAC_SHA1_TEST_VECTORS);
981 test_hash("hmac(sha256)", hmac_sha256_tv_template, 1003 test_hash("hmac(sha256)", hmac_sha256_tv_template,
982 HMAC_SHA256_TEST_VECTORS); 1004 HMAC_SHA256_TEST_VECTORS);
1005 test_hash("hmac(sha384)", hmac_sha384_tv_template,
1006 HMAC_SHA384_TEST_VECTORS);
1007 test_hash("hmac(sha512)", hmac_sha512_tv_template,
1008 HMAC_SHA512_TEST_VECTORS);
983 1009
984 test_hash("xcbc(aes)", aes_xcbc128_tv_template, 1010 test_hash("xcbc(aes)", aes_xcbc128_tv_template,
985 XCBC_AES_TEST_VECTORS); 1011 XCBC_AES_TEST_VECTORS);
@@ -1177,6 +1203,28 @@ static void do_test(void)
1177 XETA_DEC_TEST_VECTORS); 1203 XETA_DEC_TEST_VECTORS);
1178 break; 1204 break;
1179 1205
1206 case 31:
1207 test_cipher("pcbc(fcrypt)", ENCRYPT, fcrypt_pcbc_enc_tv_template,
1208 FCRYPT_ENC_TEST_VECTORS);
1209 test_cipher("pcbc(fcrypt)", DECRYPT, fcrypt_pcbc_dec_tv_template,
1210 FCRYPT_DEC_TEST_VECTORS);
1211 break;
1212
1213 case 32:
1214 test_cipher("ecb(camellia)", ENCRYPT,
1215 camellia_enc_tv_template,
1216 CAMELLIA_ENC_TEST_VECTORS);
1217 test_cipher("ecb(camellia)", DECRYPT,
1218 camellia_dec_tv_template,
1219 CAMELLIA_DEC_TEST_VECTORS);
1220 test_cipher("cbc(camellia)", ENCRYPT,
1221 camellia_cbc_enc_tv_template,
1222 CAMELLIA_CBC_ENC_TEST_VECTORS);
1223 test_cipher("cbc(camellia)", DECRYPT,
1224 camellia_cbc_dec_tv_template,
1225 CAMELLIA_CBC_DEC_TEST_VECTORS);
1226 break;
1227
1180 case 100: 1228 case 100:
1181 test_hash("hmac(md5)", hmac_md5_tv_template, 1229 test_hash("hmac(md5)", hmac_md5_tv_template,
1182 HMAC_MD5_TEST_VECTORS); 1230 HMAC_MD5_TEST_VECTORS);
@@ -1192,6 +1240,16 @@ static void do_test(void)
1192 HMAC_SHA256_TEST_VECTORS); 1240 HMAC_SHA256_TEST_VECTORS);
1193 break; 1241 break;
1194 1242
1243 case 103:
1244 test_hash("hmac(sha384)", hmac_sha384_tv_template,
1245 HMAC_SHA384_TEST_VECTORS);
1246 break;
1247
1248 case 104:
1249 test_hash("hmac(sha512)", hmac_sha512_tv_template,
1250 HMAC_SHA512_TEST_VECTORS);
1251 break;
1252
1195 1253
1196 case 200: 1254 case 200:
1197 test_cipher_speed("ecb(aes)", ENCRYPT, sec, NULL, 0, 1255 test_cipher_speed("ecb(aes)", ENCRYPT, sec, NULL, 0,
@@ -1260,6 +1318,17 @@ static void do_test(void)
1260 des_speed_template); 1318 des_speed_template);
1261 break; 1319 break;
1262 1320
1321 case 205:
1322 test_cipher_speed("ecb(camellia)", ENCRYPT, sec, NULL, 0,
1323 camellia_speed_template);
1324 test_cipher_speed("ecb(camellia)", DECRYPT, sec, NULL, 0,
1325 camellia_speed_template);
1326 test_cipher_speed("cbc(camellia)", ENCRYPT, sec, NULL, 0,
1327 camellia_speed_template);
1328 test_cipher_speed("cbc(camellia)", DECRYPT, sec, NULL, 0,
1329 camellia_speed_template);
1330 break;
1331
1263 case 300: 1332 case 300:
1264 /* fall through */ 1333 /* fall through */
1265 1334
diff --git a/crypto/tcrypt.h b/crypto/tcrypt.h
index 48a81362cb85..887527bd5bc6 100644
--- a/crypto/tcrypt.h
+++ b/crypto/tcrypt.h
@@ -12,6 +12,7 @@
12 * Software Foundation; either version 2 of the License, or (at your option) 12 * Software Foundation; either version 2 of the License, or (at your option)
13 * any later version. 13 * any later version.
14 * 14 *
15 * 2006-12-07 Added SHA384 HMAC and SHA512 HMAC tests
15 * 2004-08-09 Cipher speed tests by Reyk Floeter <reyk@vantronix.net> 16 * 2004-08-09 Cipher speed tests by Reyk Floeter <reyk@vantronix.net>
16 * 2003-09-14 Changes by Kartikey Mahendra Bhatt 17 * 2003-09-14 Changes by Kartikey Mahendra Bhatt
17 * 18 *
@@ -27,7 +28,7 @@
27 28
28struct hash_testvec { 29struct hash_testvec {
29 /* only used with keyed hash algorithms */ 30 /* only used with keyed hash algorithms */
30 char key[128] __attribute__ ((__aligned__(4))); 31 char key[132] __attribute__ ((__aligned__(4)));
31 char plaintext[240]; 32 char plaintext[240];
32 char digest[MAX_DIGEST_SIZE]; 33 char digest[MAX_DIGEST_SIZE];
33 unsigned char tap[MAX_TAP]; 34 unsigned char tap[MAX_TAP];
@@ -1002,6 +1003,248 @@ static struct hash_testvec aes_xcbc128_tv_template[] = {
1002}; 1003};
1003 1004
1004/* 1005/*
1006 * SHA384 HMAC test vectors from RFC4231
1007 */
1008
1009#define HMAC_SHA384_TEST_VECTORS 4
1010
1011static struct hash_testvec hmac_sha384_tv_template[] = {
1012 {
1013 .key = { 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
1014 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
1015 0x0b, 0x0b, 0x0b, 0x0b }, // (20 bytes)
1016 .ksize = 20,
1017 .plaintext = { 0x48, 0x69, 0x20, 0x54, 0x68, 0x65, 0x72, 0x65 }, // ("Hi There")
1018 .psize = 8,
1019 .digest = { 0xaf, 0xd0, 0x39, 0x44, 0xd8, 0x48, 0x95, 0x62,
1020 0x6b, 0x08, 0x25, 0xf4, 0xab, 0x46, 0x90, 0x7f,
1021 0x15, 0xf9, 0xda, 0xdb, 0xe4, 0x10, 0x1e, 0xc6,
1022 0x82, 0xaa, 0x03, 0x4c, 0x7c, 0xeb, 0xc5, 0x9c,
1023 0xfa, 0xea, 0x9e, 0xa9, 0x07, 0x6e, 0xde, 0x7f,
1024 0x4a, 0xf1, 0x52, 0xe8, 0xb2, 0xfa, 0x9c, 0xb6 },
1025 }, {
1026 .key = { 0x4a, 0x65, 0x66, 0x65 }, // ("Jefe")
1027 .ksize = 4,
1028 .plaintext = { 0x77, 0x68, 0x61, 0x74, 0x20, 0x64, 0x6f, 0x20,
1029 0x79, 0x61, 0x20, 0x77, 0x61, 0x6e, 0x74, 0x20, // ("what do ya want ")
1030 0x66, 0x6f, 0x72, 0x20, 0x6e, 0x6f, 0x74, 0x68,
1031 0x69, 0x6e, 0x67, 0x3f }, // ("for nothing?")
1032 .psize = 28,
1033 .digest = { 0xaf, 0x45, 0xd2, 0xe3, 0x76, 0x48, 0x40, 0x31,
1034 0x61, 0x7f, 0x78, 0xd2, 0xb5, 0x8a, 0x6b, 0x1b,
1035 0x9c, 0x7e, 0xf4, 0x64, 0xf5, 0xa0, 0x1b, 0x47,
1036 0xe4, 0x2e, 0xc3, 0x73, 0x63, 0x22, 0x44, 0x5e,
1037 0x8e, 0x22, 0x40, 0xca, 0x5e, 0x69, 0xe2, 0xc7,
1038 0x8b, 0x32, 0x39, 0xec, 0xfa, 0xb2, 0x16, 0x49 },
1039 .np = 4,
1040 .tap = { 7, 7, 7, 7 }
1041 }, {
1042 .key = { 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1043 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1044 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1045 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1046 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1047 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1048 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1049 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1050 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1051 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1052 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1053 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1054 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1055 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1056 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1057 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1058 0xaa, 0xaa, 0xaa }, // (131 bytes)
1059 .ksize = 131,
1060 .plaintext = { 0x54, 0x65, 0x73, 0x74, 0x20, 0x55, 0x73, 0x69,
1061 0x6e, 0x67, 0x20, 0x4c, 0x61, 0x72, 0x67, 0x65, // ("Test Using Large")
1062 0x72, 0x20, 0x54, 0x68, 0x61, 0x6e, 0x20, 0x42,
1063 0x6c, 0x6f, 0x63, 0x6b, 0x2d, 0x53, 0x69, 0x7a, // ("r Than Block-Siz")
1064 0x65, 0x20, 0x4b, 0x65, 0x79, 0x20, 0x2d, 0x20,
1065 0x48, 0x61, 0x73, 0x68, 0x20, 0x4b, 0x65, 0x79, // ("e Key - Hash Key")
1066 0x20, 0x46, 0x69, 0x72, 0x73, 0x74 }, // (" First")
1067 .psize = 54,
1068 .digest = { 0x4e, 0xce, 0x08, 0x44, 0x85, 0x81, 0x3e, 0x90,
1069 0x88, 0xd2, 0xc6, 0x3a, 0x04, 0x1b, 0xc5, 0xb4,
1070 0x4f, 0x9e, 0xf1, 0x01, 0x2a, 0x2b, 0x58, 0x8f,
1071 0x3c, 0xd1, 0x1f, 0x05, 0x03, 0x3a, 0xc4, 0xc6,
1072 0x0c, 0x2e, 0xf6, 0xab, 0x40, 0x30, 0xfe, 0x82,
1073 0x96, 0x24, 0x8d, 0xf1, 0x63, 0xf4, 0x49, 0x52 },
1074 }, {
1075 .key = { 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1076 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1077 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1078 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1079 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1080 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1081 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1082 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1083 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1084 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1085 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1086 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1087 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1088 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1089 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1090 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1091 0xaa, 0xaa, 0xaa }, // (131 bytes)
1092 .ksize = 131,
1093 .plaintext = { 0x54, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20,
1094 0x61, 0x20, 0x74, 0x65, 0x73, 0x74, 0x20, 0x75, // ("This is a test u")
1095 0x73, 0x69, 0x6e, 0x67, 0x20, 0x61, 0x20, 0x6c,
1096 0x61, 0x72, 0x67, 0x65, 0x72, 0x20, 0x74, 0x68, // ("sing a larger th")
1097 0x61, 0x6e, 0x20, 0x62, 0x6c, 0x6f, 0x63, 0x6b,
1098 0x2d, 0x73, 0x69, 0x7a, 0x65, 0x20, 0x6b, 0x65, // ("an block-size ke")
1099 0x79, 0x20, 0x61, 0x6e, 0x64, 0x20, 0x61, 0x20,
1100 0x6c, 0x61, 0x72, 0x67, 0x65, 0x72, 0x20, 0x74, // ("y and a larger t")
1101 0x68, 0x61, 0x6e, 0x20, 0x62, 0x6c, 0x6f, 0x63,
1102 0x6b, 0x2d, 0x73, 0x69, 0x7a, 0x65, 0x20, 0x64, // ("han block-size d")
1103 0x61, 0x74, 0x61, 0x2e, 0x20, 0x54, 0x68, 0x65,
1104 0x20, 0x6b, 0x65, 0x79, 0x20, 0x6e, 0x65, 0x65, // ("ata. The key nee")
1105 0x64, 0x73, 0x20, 0x74, 0x6f, 0x20, 0x62, 0x65,
1106 0x20, 0x68, 0x61, 0x73, 0x68, 0x65, 0x64, 0x20, // ("ds to be hashed ")
1107 0x62, 0x65, 0x66, 0x6f, 0x72, 0x65, 0x20, 0x62,
1108 0x65, 0x69, 0x6e, 0x67, 0x20, 0x75, 0x73, 0x65, // ("before being use")
1109 0x64, 0x20, 0x62, 0x79, 0x20, 0x74, 0x68, 0x65,
1110 0x20, 0x48, 0x4d, 0x41, 0x43, 0x20, 0x61, 0x6c, // ("d by the HMAC al")
1111 0x67, 0x6f, 0x72, 0x69, 0x74, 0x68, 0x6d, 0x2e }, // ("gorithm.")
1112 .psize = 152,
1113 .digest = { 0x66, 0x17, 0x17, 0x8e, 0x94, 0x1f, 0x02, 0x0d,
1114 0x35, 0x1e, 0x2f, 0x25, 0x4e, 0x8f, 0xd3, 0x2c,
1115 0x60, 0x24, 0x20, 0xfe, 0xb0, 0xb8, 0xfb, 0x9a,
1116 0xdc, 0xce, 0xbb, 0x82, 0x46, 0x1e, 0x99, 0xc5,
1117 0xa6, 0x78, 0xcc, 0x31, 0xe7, 0x99, 0x17, 0x6d,
1118 0x38, 0x60, 0xe6, 0x11, 0x0c, 0x46, 0x52, 0x3e },
1119 },
1120};
1121
1122/*
1123 * SHA512 HMAC test vectors from RFC4231
1124 */
1125
1126#define HMAC_SHA512_TEST_VECTORS 4
1127
1128static struct hash_testvec hmac_sha512_tv_template[] = {
1129 {
1130 .key = { 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
1131 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
1132 0x0b, 0x0b, 0x0b, 0x0b }, // (20 bytes)
1133 .ksize = 20,
1134 .plaintext = { 0x48, 0x69, 0x20, 0x54, 0x68, 0x65, 0x72, 0x65 }, // ("Hi There")
1135 .psize = 8,
1136 .digest = { 0x87, 0xaa, 0x7c, 0xde, 0xa5, 0xef, 0x61, 0x9d,
1137 0x4f, 0xf0, 0xb4, 0x24, 0x1a, 0x1d, 0x6c, 0xb0,
1138 0x23, 0x79, 0xf4, 0xe2, 0xce, 0x4e, 0xc2, 0x78,
1139 0x7a, 0xd0, 0xb3, 0x05, 0x45, 0xe1, 0x7c, 0xde,
1140 0xda, 0xa8, 0x33, 0xb7, 0xd6, 0xb8, 0xa7, 0x02,
1141 0x03, 0x8b, 0x27, 0x4e, 0xae, 0xa3, 0xf4, 0xe4,
1142 0xbe, 0x9d, 0x91, 0x4e, 0xeb, 0x61, 0xf1, 0x70,
1143 0x2e, 0x69, 0x6c, 0x20, 0x3a, 0x12, 0x68, 0x54 },
1144 }, {
1145 .key = { 0x4a, 0x65, 0x66, 0x65 }, // ("Jefe")
1146 .ksize = 4,
1147 .plaintext = { 0x77, 0x68, 0x61, 0x74, 0x20, 0x64, 0x6f, 0x20,
1148 0x79, 0x61, 0x20, 0x77, 0x61, 0x6e, 0x74, 0x20, // ("what do ya want ")
1149 0x66, 0x6f, 0x72, 0x20, 0x6e, 0x6f, 0x74, 0x68,
1150 0x69, 0x6e, 0x67, 0x3f }, // ("for nothing?")
1151 .psize = 28,
1152 .digest = { 0x16, 0x4b, 0x7a, 0x7b, 0xfc, 0xf8, 0x19, 0xe2,
1153 0xe3, 0x95, 0xfb, 0xe7, 0x3b, 0x56, 0xe0, 0xa3,
1154 0x87, 0xbd, 0x64, 0x22, 0x2e, 0x83, 0x1f, 0xd6,
1155 0x10, 0x27, 0x0c, 0xd7, 0xea, 0x25, 0x05, 0x54,
1156 0x97, 0x58, 0xbf, 0x75, 0xc0, 0x5a, 0x99, 0x4a,
1157 0x6d, 0x03, 0x4f, 0x65, 0xf8, 0xf0, 0xe6, 0xfd,
1158 0xca, 0xea, 0xb1, 0xa3, 0x4d, 0x4a, 0x6b, 0x4b,
1159 0x63, 0x6e, 0x07, 0x0a, 0x38, 0xbc, 0xe7, 0x37 },
1160 .np = 4,
1161 .tap = { 7, 7, 7, 7 }
1162 }, {
1163 .key = { 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1164 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1165 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1166 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1167 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1168 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1169 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1170 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1171 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1172 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1173 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1174 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1175 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1176 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1177 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1178 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1179 0xaa, 0xaa, 0xaa }, // (131 bytes)
1180 .ksize = 131,
1181 .plaintext = { 0x54, 0x65, 0x73, 0x74, 0x20, 0x55, 0x73, 0x69,
1182 0x6e, 0x67, 0x20, 0x4c, 0x61, 0x72, 0x67, 0x65, // ("Test Using Large")
1183 0x72, 0x20, 0x54, 0x68, 0x61, 0x6e, 0x20, 0x42,
1184 0x6c, 0x6f, 0x63, 0x6b, 0x2d, 0x53, 0x69, 0x7a, // ("r Than Block-Siz")
1185 0x65, 0x20, 0x4b, 0x65, 0x79, 0x20, 0x2d, 0x20,
1186 0x48, 0x61, 0x73, 0x68, 0x20, 0x4b, 0x65, 0x79, // ("e Key - Hash Key")
1187 0x20, 0x46, 0x69, 0x72, 0x73, 0x74 }, // (" First")
1188 .psize = 54,
1189 .digest = { 0x80, 0xb2, 0x42, 0x63, 0xc7, 0xc1, 0xa3, 0xeb,
1190 0xb7, 0x14, 0x93, 0xc1, 0xdd, 0x7b, 0xe8, 0xb4,
1191 0x9b, 0x46, 0xd1, 0xf4, 0x1b, 0x4a, 0xee, 0xc1,
1192 0x12, 0x1b, 0x01, 0x37, 0x83, 0xf8, 0xf3, 0x52,
1193 0x6b, 0x56, 0xd0, 0x37, 0xe0, 0x5f, 0x25, 0x98,
1194 0xbd, 0x0f, 0xd2, 0x21, 0x5d, 0x6a, 0x1e, 0x52,
1195 0x95, 0xe6, 0x4f, 0x73, 0xf6, 0x3f, 0x0a, 0xec,
1196 0x8b, 0x91, 0x5a, 0x98, 0x5d, 0x78, 0x65, 0x98 },
1197 }, {
1198 .key = { 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1199 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1200 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1201 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1202 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1203 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1204 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1205 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1206 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1207 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1208 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1209 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1210 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1211 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1212 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1213 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1214 0xaa, 0xaa, 0xaa }, // (131 bytes)
1215 .ksize = 131,
1216 .plaintext = { 0x54, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20,
1217 0x61, 0x20, 0x74, 0x65, 0x73, 0x74, 0x20, 0x75, // ("This is a test u")
1218 0x73, 0x69, 0x6e, 0x67, 0x20, 0x61, 0x20, 0x6c,
1219 0x61, 0x72, 0x67, 0x65, 0x72, 0x20, 0x74, 0x68, // ("sing a larger th")
1220 0x61, 0x6e, 0x20, 0x62, 0x6c, 0x6f, 0x63, 0x6b,
1221 0x2d, 0x73, 0x69, 0x7a, 0x65, 0x20, 0x6b, 0x65, // ("an block-size ke")
1222 0x79, 0x20, 0x61, 0x6e, 0x64, 0x20, 0x61, 0x20,
1223 0x6c, 0x61, 0x72, 0x67, 0x65, 0x72, 0x20, 0x74, // ("y and a larger t")
1224 0x68, 0x61, 0x6e, 0x20, 0x62, 0x6c, 0x6f, 0x63,
1225 0x6b, 0x2d, 0x73, 0x69, 0x7a, 0x65, 0x20, 0x64, // ("han block-size d")
1226 0x61, 0x74, 0x61, 0x2e, 0x20, 0x54, 0x68, 0x65,
1227 0x20, 0x6b, 0x65, 0x79, 0x20, 0x6e, 0x65, 0x65, // ("ata. The key nee")
1228 0x64, 0x73, 0x20, 0x74, 0x6f, 0x20, 0x62, 0x65,
1229 0x20, 0x68, 0x61, 0x73, 0x68, 0x65, 0x64, 0x20, // ("ds to be hashed ")
1230 0x62, 0x65, 0x66, 0x6f, 0x72, 0x65, 0x20, 0x62,
1231 0x65, 0x69, 0x6e, 0x67, 0x20, 0x75, 0x73, 0x65, // ("before being use")
1232 0x64, 0x20, 0x62, 0x79, 0x20, 0x74, 0x68, 0x65,
1233 0x20, 0x48, 0x4d, 0x41, 0x43, 0x20, 0x61, 0x6c, // ("d by the HMAC al")
1234 0x67, 0x6f, 0x72, 0x69, 0x74, 0x68, 0x6d, 0x2e }, // ("gorithm.")
1235 .psize = 152,
1236 .digest = { 0xe3, 0x7b, 0x6a, 0x77, 0x5d, 0xc8, 0x7d, 0xba,
1237 0xa4, 0xdf, 0xa9, 0xf9, 0x6e, 0x5e, 0x3f, 0xfd,
1238 0xde, 0xbd, 0x71, 0xf8, 0x86, 0x72, 0x89, 0x86,
1239 0x5d, 0xf5, 0xa3, 0x2d, 0x20, 0xcd, 0xc9, 0x44,
1240 0xb6, 0x02, 0x2c, 0xac, 0x3c, 0x49, 0x82, 0xb1,
1241 0x0d, 0x5e, 0xeb, 0x55, 0xc3, 0xe4, 0xde, 0x15,
1242 0x13, 0x46, 0x76, 0xfb, 0x6d, 0xe0, 0x44, 0x60,
1243 0x65, 0xc9, 0x74, 0x40, 0xfa, 0x8c, 0x6a, 0x58 },
1244 },
1245};
1246
1247/*
1005 * DES test vectors. 1248 * DES test vectors.
1006 */ 1249 */
1007#define DES_ENC_TEST_VECTORS 10 1250#define DES_ENC_TEST_VECTORS 10
@@ -3316,6 +3559,278 @@ static struct cipher_testvec xeta_dec_tv_template[] = {
3316 } 3559 }
3317}; 3560};
3318 3561
3562/*
3563 * FCrypt test vectors
3564 */
3565#define FCRYPT_ENC_TEST_VECTORS ARRAY_SIZE(fcrypt_pcbc_enc_tv_template)
3566#define FCRYPT_DEC_TEST_VECTORS ARRAY_SIZE(fcrypt_pcbc_dec_tv_template)
3567
3568static struct cipher_testvec fcrypt_pcbc_enc_tv_template[] = {
3569 { /* http://www.openafs.org/pipermail/openafs-devel/2000-December/005320.html */
3570 .key = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
3571 .klen = 8,
3572 .iv = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
3573 .input = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
3574 .ilen = 8,
3575 .result = { 0x0E, 0x09, 0x00, 0xC7, 0x3E, 0xF7, 0xED, 0x41 },
3576 .rlen = 8,
3577 }, {
3578 .key = { 0x11, 0x44, 0x77, 0xAA, 0xDD, 0x00, 0x33, 0x66 },
3579 .klen = 8,
3580 .iv = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
3581 .input = { 0x12, 0x34, 0x56, 0x78, 0x9A, 0xBC, 0xDE, 0xF0 },
3582 .ilen = 8,
3583 .result = { 0xD8, 0xED, 0x78, 0x74, 0x77, 0xEC, 0x06, 0x80 },
3584 .rlen = 8,
3585 }, { /* From Arla */
3586 .key = { 0xf0, 0xe1, 0xd2, 0xc3, 0xb4, 0xa5, 0x96, 0x87 },
3587 .klen = 8,
3588 .iv = { 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10 },
3589 .input = "The quick brown fox jumps over the lazy dogs.\0\0",
3590 .ilen = 48,
3591 .result = { 0x00, 0xf0, 0xe, 0x11, 0x75, 0xe6, 0x23, 0x82,
3592 0xee, 0xac, 0x98, 0x62, 0x44, 0x51, 0xe4, 0x84,
3593 0xc3, 0x59, 0xd8, 0xaa, 0x64, 0x60, 0xae, 0xf7,
3594 0xd2, 0xd9, 0x13, 0x79, 0x72, 0xa3, 0x45, 0x03,
3595 0x23, 0xb5, 0x62, 0xd7, 0x0c, 0xf5, 0x27, 0xd1,
3596 0xf8, 0x91, 0x3c, 0xac, 0x44, 0x22, 0x92, 0xef },
3597 .rlen = 48,
3598 }, {
3599 .key = { 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10 },
3600 .klen = 8,
3601 .iv = { 0xf0, 0xe1, 0xd2, 0xc3, 0xb4, 0xa5, 0x96, 0x87 },
3602 .input = "The quick brown fox jumps over the lazy dogs.\0\0",
3603 .ilen = 48,
3604 .result = { 0xca, 0x90, 0xf5, 0x9d, 0xcb, 0xd4, 0xd2, 0x3c,
3605 0x01, 0x88, 0x7f, 0x3e, 0x31, 0x6e, 0x62, 0x9d,
3606 0xd8, 0xe0, 0x57, 0xa3, 0x06, 0x3a, 0x42, 0x58,
3607 0x2a, 0x28, 0xfe, 0x72, 0x52, 0x2f, 0xdd, 0xe0,
3608 0x19, 0x89, 0x09, 0x1c, 0x2a, 0x8e, 0x8c, 0x94,
3609 0xfc, 0xc7, 0x68, 0xe4, 0x88, 0xaa, 0xde, 0x0f },
3610 .rlen = 48,
3611 }, { /* split-page version */
3612 .key = { 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10 },
3613 .klen = 8,
3614 .iv = { 0xf0, 0xe1, 0xd2, 0xc3, 0xb4, 0xa5, 0x96, 0x87 },
3615 .input = "The quick brown fox jumps over the lazy dogs.\0\0",
3616 .ilen = 48,
3617 .result = { 0xca, 0x90, 0xf5, 0x9d, 0xcb, 0xd4, 0xd2, 0x3c,
3618 0x01, 0x88, 0x7f, 0x3e, 0x31, 0x6e, 0x62, 0x9d,
3619 0xd8, 0xe0, 0x57, 0xa3, 0x06, 0x3a, 0x42, 0x58,
3620 0x2a, 0x28, 0xfe, 0x72, 0x52, 0x2f, 0xdd, 0xe0,
3621 0x19, 0x89, 0x09, 0x1c, 0x2a, 0x8e, 0x8c, 0x94,
3622 0xfc, 0xc7, 0x68, 0xe4, 0x88, 0xaa, 0xde, 0x0f },
3623 .rlen = 48,
3624 .np = 2,
3625 .tap = { 20, 28 },
3626 }
3627};
3628
3629static struct cipher_testvec fcrypt_pcbc_dec_tv_template[] = {
3630 { /* http://www.openafs.org/pipermail/openafs-devel/2000-December/005320.html */
3631 .key = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
3632 .klen = 8,
3633 .iv = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
3634 .input = { 0x0E, 0x09, 0x00, 0xC7, 0x3E, 0xF7, 0xED, 0x41 },
3635 .ilen = 8,
3636 .result = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
3637 .rlen = 8,
3638 }, {
3639 .key = { 0x11, 0x44, 0x77, 0xAA, 0xDD, 0x00, 0x33, 0x66 },
3640 .klen = 8,
3641 .iv = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
3642 .input = { 0xD8, 0xED, 0x78, 0x74, 0x77, 0xEC, 0x06, 0x80 },
3643 .ilen = 8,
3644 .result = { 0x12, 0x34, 0x56, 0x78, 0x9A, 0xBC, 0xDE, 0xF0 },
3645 .rlen = 8,
3646 }, { /* From Arla */
3647 .key = { 0xf0, 0xe1, 0xd2, 0xc3, 0xb4, 0xa5, 0x96, 0x87 },
3648 .klen = 8,
3649 .iv = { 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10 },
3650 .input = { 0x00, 0xf0, 0xe, 0x11, 0x75, 0xe6, 0x23, 0x82,
3651 0xee, 0xac, 0x98, 0x62, 0x44, 0x51, 0xe4, 0x84,
3652 0xc3, 0x59, 0xd8, 0xaa, 0x64, 0x60, 0xae, 0xf7,
3653 0xd2, 0xd9, 0x13, 0x79, 0x72, 0xa3, 0x45, 0x03,
3654 0x23, 0xb5, 0x62, 0xd7, 0x0c, 0xf5, 0x27, 0xd1,
3655 0xf8, 0x91, 0x3c, 0xac, 0x44, 0x22, 0x92, 0xef },
3656 .ilen = 48,
3657 .result = "The quick brown fox jumps over the lazy dogs.\0\0",
3658 .rlen = 48,
3659 }, {
3660 .key = { 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10 },
3661 .klen = 8,
3662 .iv = { 0xf0, 0xe1, 0xd2, 0xc3, 0xb4, 0xa5, 0x96, 0x87 },
3663 .input = { 0xca, 0x90, 0xf5, 0x9d, 0xcb, 0xd4, 0xd2, 0x3c,
3664 0x01, 0x88, 0x7f, 0x3e, 0x31, 0x6e, 0x62, 0x9d,
3665 0xd8, 0xe0, 0x57, 0xa3, 0x06, 0x3a, 0x42, 0x58,
3666 0x2a, 0x28, 0xfe, 0x72, 0x52, 0x2f, 0xdd, 0xe0,
3667 0x19, 0x89, 0x09, 0x1c, 0x2a, 0x8e, 0x8c, 0x94,
3668 0xfc, 0xc7, 0x68, 0xe4, 0x88, 0xaa, 0xde, 0x0f },
3669 .ilen = 48,
3670 .result = "The quick brown fox jumps over the lazy dogs.\0\0",
3671 .rlen = 48,
3672 }, { /* split-page version */
3673 .key = { 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10 },
3674 .klen = 8,
3675 .iv = { 0xf0, 0xe1, 0xd2, 0xc3, 0xb4, 0xa5, 0x96, 0x87 },
3676 .input = { 0xca, 0x90, 0xf5, 0x9d, 0xcb, 0xd4, 0xd2, 0x3c,
3677 0x01, 0x88, 0x7f, 0x3e, 0x31, 0x6e, 0x62, 0x9d,
3678 0xd8, 0xe0, 0x57, 0xa3, 0x06, 0x3a, 0x42, 0x58,
3679 0x2a, 0x28, 0xfe, 0x72, 0x52, 0x2f, 0xdd, 0xe0,
3680 0x19, 0x89, 0x09, 0x1c, 0x2a, 0x8e, 0x8c, 0x94,
3681 0xfc, 0xc7, 0x68, 0xe4, 0x88, 0xaa, 0xde, 0x0f },
3682 .ilen = 48,
3683 .result = "The quick brown fox jumps over the lazy dogs.\0\0",
3684 .rlen = 48,
3685 .np = 2,
3686 .tap = { 20, 28 },
3687 }
3688};
3689
3690/*
3691 * CAMELLIA test vectors.
3692 */
3693#define CAMELLIA_ENC_TEST_VECTORS 3
3694#define CAMELLIA_DEC_TEST_VECTORS 3
3695#define CAMELLIA_CBC_ENC_TEST_VECTORS 2
3696#define CAMELLIA_CBC_DEC_TEST_VECTORS 2
3697
3698static struct cipher_testvec camellia_enc_tv_template[] = {
3699 {
3700 .key = { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
3701 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10 },
3702 .klen = 16,
3703 .input = { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
3704 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10 },
3705 .ilen = 16,
3706 .result = { 0x67, 0x67, 0x31, 0x38, 0x54, 0x96, 0x69, 0x73,
3707 0x08, 0x57, 0x06, 0x56, 0x48, 0xea, 0xbe, 0x43 },
3708 .rlen = 16,
3709 }, {
3710 .key = { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
3711 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10,
3712 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77 },
3713 .klen = 24,
3714 .input = { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
3715 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10 },
3716 .ilen = 16,
3717 .result = { 0xb4, 0x99, 0x34, 0x01, 0xb3, 0xe9, 0x96, 0xf8,
3718 0x4e, 0xe5, 0xce, 0xe7, 0xd7, 0x9b, 0x09, 0xb9 },
3719 .rlen = 16,
3720 }, {
3721 .key = { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
3722 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10,
3723 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
3724 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff },
3725 .klen = 32,
3726 .input = { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
3727 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10 },
3728 .ilen = 16,
3729 .result = { 0x9a, 0xcc, 0x23, 0x7d, 0xff, 0x16, 0xd7, 0x6c,
3730 0x20, 0xef, 0x7c, 0x91, 0x9e, 0x3a, 0x75, 0x09 },
3731 .rlen = 16,
3732 },
3733};
3734
3735static struct cipher_testvec camellia_dec_tv_template[] = {
3736 {
3737 .key = { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
3738 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10 },
3739 .klen = 16,
3740 .input = { 0x67, 0x67, 0x31, 0x38, 0x54, 0x96, 0x69, 0x73,
3741 0x08, 0x57, 0x06, 0x56, 0x48, 0xea, 0xbe, 0x43 },
3742 .ilen = 16,
3743 .result = { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
3744 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10 },
3745 .rlen = 16,
3746 }, {
3747 .key = { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
3748 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10,
3749 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77 },
3750 .klen = 24,
3751 .input = { 0xb4, 0x99, 0x34, 0x01, 0xb3, 0xe9, 0x96, 0xf8,
3752 0x4e, 0xe5, 0xce, 0xe7, 0xd7, 0x9b, 0x09, 0xb9 },
3753 .ilen = 16,
3754 .result = { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
3755 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10 },
3756 .rlen = 16,
3757 }, {
3758 .key = { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
3759 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10,
3760 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
3761 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff },
3762 .klen = 32,
3763 .input = { 0x9a, 0xcc, 0x23, 0x7d, 0xff, 0x16, 0xd7, 0x6c,
3764 0x20, 0xef, 0x7c, 0x91, 0x9e, 0x3a, 0x75, 0x09 },
3765 .ilen = 16,
3766 .result = { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
3767 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10 },
3768 .rlen = 16,
3769 },
3770};
3771
3772static struct cipher_testvec camellia_cbc_enc_tv_template[] = {
3773 {
3774 .key = { 0x06, 0xa9, 0x21, 0x40, 0x36, 0xb8, 0xa1, 0x5b,
3775 0x51, 0x2e, 0x03, 0xd5, 0x34, 0x12, 0x00, 0x06 },
3776 .klen = 16,
3777 .iv = { 0x3d, 0xaf, 0xba, 0x42, 0x9d, 0x9e, 0xb4, 0x30,
3778 0xb4, 0x22, 0xda, 0x80, 0x2c, 0x9f, 0xac, 0x41 },
3779 .input = { "Single block msg" },
3780 .ilen = 16,
3781 .result = { 0xea, 0x32, 0x12, 0x76, 0x3b, 0x50, 0x10, 0xe7,
3782 0x18, 0xf6, 0xfd, 0x5d, 0xf6, 0x8f, 0x13, 0x51 },
3783 .rlen = 16,
3784 }, {
3785 .key = { 0xc2, 0x86, 0x69, 0x6d, 0x88, 0x7c, 0x9a, 0xa0,
3786 0x61, 0x1b, 0xbb, 0x3e, 0x20, 0x25, 0xa4, 0x5a },
3787 .klen = 16,
3788 .iv = { 0x56, 0x2e, 0x17, 0x99, 0x6d, 0x09, 0x3d, 0x28,
3789 0xdd, 0xb3, 0xba, 0x69, 0x5a, 0x2e, 0x6f, 0x58 },
3790 .input = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
3791 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
3792 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
3793 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f },
3794 .ilen = 32,
3795 .result = { 0xa5, 0xdf, 0x6e, 0x50, 0xda, 0x70, 0x6c, 0x01,
3796 0x4a, 0xab, 0xf3, 0xf2, 0xd6, 0xfc, 0x6c, 0xfd,
3797 0x19, 0xb4, 0x3e, 0x57, 0x1c, 0x02, 0x5e, 0xa0,
3798 0x15, 0x78, 0xe0, 0x5e, 0xf2, 0xcb, 0x87, 0x16 },
3799 .rlen = 32,
3800 },
3801};
3802
3803static struct cipher_testvec camellia_cbc_dec_tv_template[] = {
3804 {
3805 .key = { 0x06, 0xa9, 0x21, 0x40, 0x36, 0xb8, 0xa1, 0x5b,
3806 0x51, 0x2e, 0x03, 0xd5, 0x34, 0x12, 0x00, 0x06 },
3807 .klen = 16,
3808 .iv = { 0x3d, 0xaf, 0xba, 0x42, 0x9d, 0x9e, 0xb4, 0x30,
3809 0xb4, 0x22, 0xda, 0x80, 0x2c, 0x9f, 0xac, 0x41 },
3810 .input = { 0xea, 0x32, 0x12, 0x76, 0x3b, 0x50, 0x10, 0xe7,
3811 0x18, 0xf6, 0xfd, 0x5d, 0xf6, 0x8f, 0x13, 0x51 },
3812 .ilen = 16,
3813 .result = { "Single block msg" },
3814 .rlen = 16,
3815 }, {
3816 .key = { 0xc2, 0x86, 0x69, 0x6d, 0x88, 0x7c, 0x9a, 0xa0,
3817 0x61, 0x1b, 0xbb, 0x3e, 0x20, 0x25, 0xa4, 0x5a },
3818 .klen = 16,
3819 .iv = { 0x56, 0x2e, 0x17, 0x99, 0x6d, 0x09, 0x3d, 0x28,
3820 0xdd, 0xb3, 0xba, 0x69, 0x5a, 0x2e, 0x6f, 0x58 },
3821 .input = { 0xa5, 0xdf, 0x6e, 0x50, 0xda, 0x70, 0x6c, 0x01,
3822 0x4a, 0xab, 0xf3, 0xf2, 0xd6, 0xfc, 0x6c, 0xfd,
3823 0x19, 0xb4, 0x3e, 0x57, 0x1c, 0x02, 0x5e, 0xa0,
3824 0x15, 0x78, 0xe0, 0x5e, 0xf2, 0xcb, 0x87, 0x16 },
3825 .ilen = 32,
3826 .result = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
3827 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
3828 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
3829 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f },
3830 .rlen = 32,
3831 },
3832};
3833
3319/* 3834/*
3320 * Compression stuff. 3835 * Compression stuff.
3321 */ 3836 */
@@ -3769,4 +4284,25 @@ static struct hash_speed generic_hash_speed_template[] = {
3769 { .blen = 0, .plen = 0, } 4284 { .blen = 0, .plen = 0, }
3770}; 4285};
3771 4286
4287static struct cipher_speed camellia_speed_template[] = {
4288 { .klen = 16, .blen = 16, },
4289 { .klen = 16, .blen = 64, },
4290 { .klen = 16, .blen = 256, },
4291 { .klen = 16, .blen = 1024, },
4292 { .klen = 16, .blen = 8192, },
4293 { .klen = 24, .blen = 16, },
4294 { .klen = 24, .blen = 64, },
4295 { .klen = 24, .blen = 256, },
4296 { .klen = 24, .blen = 1024, },
4297 { .klen = 24, .blen = 8192, },
4298 { .klen = 32, .blen = 16, },
4299 { .klen = 32, .blen = 64, },
4300 { .klen = 32, .blen = 256, },
4301 { .klen = 32, .blen = 1024, },
4302 { .klen = 32, .blen = 8192, },
4303
4304 /* End marker */
4305 { .klen = 0, .blen = 0, }
4306};
4307
3772#endif /* _CRYPTO_TCRYPT_H */ 4308#endif /* _CRYPTO_TCRYPT_H */
diff --git a/crypto/xcbc.c b/crypto/xcbc.c
index 9347eb6bcf69..53e8ccbf0f5f 100644
--- a/crypto/xcbc.c
+++ b/crypto/xcbc.c
@@ -21,6 +21,7 @@
21 21
22#include <linux/crypto.h> 22#include <linux/crypto.h>
23#include <linux/err.h> 23#include <linux/err.h>
24#include <linux/hardirq.h>
24#include <linux/kernel.h> 25#include <linux/kernel.h>
25#include <linux/mm.h> 26#include <linux/mm.h>
26#include <linux/rtnetlink.h> 27#include <linux/rtnetlink.h>
@@ -47,7 +48,7 @@ static u_int32_t ks[12] = {0x01010101, 0x01010101, 0x01010101, 0x01010101,
47 * +------------------------ 48 * +------------------------
48 */ 49 */
49struct crypto_xcbc_ctx { 50struct crypto_xcbc_ctx {
50 struct crypto_tfm *child; 51 struct crypto_cipher *child;
51 u8 *odds; 52 u8 *odds;
52 u8 *prev; 53 u8 *prev;
53 u8 *key; 54 u8 *key;
@@ -75,8 +76,7 @@ static int _crypto_xcbc_digest_setkey(struct crypto_hash *parent,
75 if ((err = crypto_cipher_setkey(ctx->child, ctx->key, ctx->keylen))) 76 if ((err = crypto_cipher_setkey(ctx->child, ctx->key, ctx->keylen)))
76 return err; 77 return err;
77 78
78 ctx->child->__crt_alg->cra_cipher.cia_encrypt(ctx->child, key1, 79 crypto_cipher_encrypt_one(ctx->child, key1, ctx->consts);
79 ctx->consts);
80 80
81 return crypto_cipher_setkey(ctx->child, key1, bs); 81 return crypto_cipher_setkey(ctx->child, key1, bs);
82} 82}
@@ -86,7 +86,7 @@ static int crypto_xcbc_digest_setkey(struct crypto_hash *parent,
86{ 86{
87 struct crypto_xcbc_ctx *ctx = crypto_hash_ctx_aligned(parent); 87 struct crypto_xcbc_ctx *ctx = crypto_hash_ctx_aligned(parent);
88 88
89 if (keylen != crypto_tfm_alg_blocksize(ctx->child)) 89 if (keylen != crypto_cipher_blocksize(ctx->child))
90 return -EINVAL; 90 return -EINVAL;
91 91
92 ctx->keylen = keylen; 92 ctx->keylen = keylen;
@@ -108,13 +108,13 @@ static int crypto_xcbc_digest_init(struct hash_desc *pdesc)
108 return 0; 108 return 0;
109} 109}
110 110
111static int crypto_xcbc_digest_update(struct hash_desc *pdesc, 111static int crypto_xcbc_digest_update2(struct hash_desc *pdesc,
112 struct scatterlist *sg, 112 struct scatterlist *sg,
113 unsigned int nbytes) 113 unsigned int nbytes)
114{ 114{
115 struct crypto_hash *parent = pdesc->tfm; 115 struct crypto_hash *parent = pdesc->tfm;
116 struct crypto_xcbc_ctx *ctx = crypto_hash_ctx_aligned(parent); 116 struct crypto_xcbc_ctx *ctx = crypto_hash_ctx_aligned(parent);
117 struct crypto_tfm *tfm = ctx->child; 117 struct crypto_cipher *tfm = ctx->child;
118 int bs = crypto_hash_blocksize(parent); 118 int bs = crypto_hash_blocksize(parent);
119 unsigned int i = 0; 119 unsigned int i = 0;
120 120
@@ -142,7 +142,7 @@ static int crypto_xcbc_digest_update(struct hash_desc *pdesc,
142 offset += len; 142 offset += len;
143 143
144 crypto_kunmap(p, 0); 144 crypto_kunmap(p, 0);
145 crypto_yield(tfm->crt_flags); 145 crypto_yield(pdesc->flags);
146 continue; 146 continue;
147 } 147 }
148 148
@@ -152,7 +152,7 @@ static int crypto_xcbc_digest_update(struct hash_desc *pdesc,
152 p += bs - ctx->len; 152 p += bs - ctx->len;
153 153
154 ctx->xor(ctx->prev, ctx->odds, bs); 154 ctx->xor(ctx->prev, ctx->odds, bs);
155 tfm->__crt_alg->cra_cipher.cia_encrypt(tfm, ctx->prev, ctx->prev); 155 crypto_cipher_encrypt_one(tfm, ctx->prev, ctx->prev);
156 156
157 /* clearing the length */ 157 /* clearing the length */
158 ctx->len = 0; 158 ctx->len = 0;
@@ -160,7 +160,8 @@ static int crypto_xcbc_digest_update(struct hash_desc *pdesc,
160 /* encrypting the rest of data */ 160 /* encrypting the rest of data */
161 while (len > bs) { 161 while (len > bs) {
162 ctx->xor(ctx->prev, p, bs); 162 ctx->xor(ctx->prev, p, bs);
163 tfm->__crt_alg->cra_cipher.cia_encrypt(tfm, ctx->prev, ctx->prev); 163 crypto_cipher_encrypt_one(tfm, ctx->prev,
164 ctx->prev);
164 p += bs; 165 p += bs;
165 len -= bs; 166 len -= bs;
166 } 167 }
@@ -171,7 +172,7 @@ static int crypto_xcbc_digest_update(struct hash_desc *pdesc,
171 ctx->len = len; 172 ctx->len = len;
172 } 173 }
173 crypto_kunmap(p, 0); 174 crypto_kunmap(p, 0);
174 crypto_yield(tfm->crt_flags); 175 crypto_yield(pdesc->flags);
175 slen -= min(slen, ((unsigned int)(PAGE_SIZE)) - offset); 176 slen -= min(slen, ((unsigned int)(PAGE_SIZE)) - offset);
176 offset = 0; 177 offset = 0;
177 pg++; 178 pg++;
@@ -183,11 +184,20 @@ static int crypto_xcbc_digest_update(struct hash_desc *pdesc,
183 return 0; 184 return 0;
184} 185}
185 186
187static int crypto_xcbc_digest_update(struct hash_desc *pdesc,
188 struct scatterlist *sg,
189 unsigned int nbytes)
190{
191 if (WARN_ON_ONCE(in_irq()))
192 return -EDEADLK;
193 return crypto_xcbc_digest_update2(pdesc, sg, nbytes);
194}
195
186static int crypto_xcbc_digest_final(struct hash_desc *pdesc, u8 *out) 196static int crypto_xcbc_digest_final(struct hash_desc *pdesc, u8 *out)
187{ 197{
188 struct crypto_hash *parent = pdesc->tfm; 198 struct crypto_hash *parent = pdesc->tfm;
189 struct crypto_xcbc_ctx *ctx = crypto_hash_ctx_aligned(parent); 199 struct crypto_xcbc_ctx *ctx = crypto_hash_ctx_aligned(parent);
190 struct crypto_tfm *tfm = ctx->child; 200 struct crypto_cipher *tfm = ctx->child;
191 int bs = crypto_hash_blocksize(parent); 201 int bs = crypto_hash_blocksize(parent);
192 int err = 0; 202 int err = 0;
193 203
@@ -197,13 +207,14 @@ static int crypto_xcbc_digest_final(struct hash_desc *pdesc, u8 *out)
197 if ((err = crypto_cipher_setkey(tfm, ctx->key, ctx->keylen)) != 0) 207 if ((err = crypto_cipher_setkey(tfm, ctx->key, ctx->keylen)) != 0)
198 return err; 208 return err;
199 209
200 tfm->__crt_alg->cra_cipher.cia_encrypt(tfm, key2, (const u8*)(ctx->consts+bs)); 210 crypto_cipher_encrypt_one(tfm, key2,
211 (u8 *)(ctx->consts + bs));
201 212
202 ctx->xor(ctx->prev, ctx->odds, bs); 213 ctx->xor(ctx->prev, ctx->odds, bs);
203 ctx->xor(ctx->prev, key2, bs); 214 ctx->xor(ctx->prev, key2, bs);
204 _crypto_xcbc_digest_setkey(parent, ctx); 215 _crypto_xcbc_digest_setkey(parent, ctx);
205 216
206 tfm->__crt_alg->cra_cipher.cia_encrypt(tfm, out, ctx->prev); 217 crypto_cipher_encrypt_one(tfm, out, ctx->prev);
207 } else { 218 } else {
208 u8 key3[bs]; 219 u8 key3[bs];
209 unsigned int rlen; 220 unsigned int rlen;
@@ -218,14 +229,15 @@ static int crypto_xcbc_digest_final(struct hash_desc *pdesc, u8 *out)
218 if ((err = crypto_cipher_setkey(tfm, ctx->key, ctx->keylen)) != 0) 229 if ((err = crypto_cipher_setkey(tfm, ctx->key, ctx->keylen)) != 0)
219 return err; 230 return err;
220 231
221 tfm->__crt_alg->cra_cipher.cia_encrypt(tfm, key3, (const u8*)(ctx->consts+bs*2)); 232 crypto_cipher_encrypt_one(tfm, key3,
233 (u8 *)(ctx->consts + bs * 2));
222 234
223 ctx->xor(ctx->prev, ctx->odds, bs); 235 ctx->xor(ctx->prev, ctx->odds, bs);
224 ctx->xor(ctx->prev, key3, bs); 236 ctx->xor(ctx->prev, key3, bs);
225 237
226 _crypto_xcbc_digest_setkey(parent, ctx); 238 _crypto_xcbc_digest_setkey(parent, ctx);
227 239
228 tfm->__crt_alg->cra_cipher.cia_encrypt(tfm, out, ctx->prev); 240 crypto_cipher_encrypt_one(tfm, out, ctx->prev);
229 } 241 }
230 242
231 return 0; 243 return 0;
@@ -234,21 +246,25 @@ static int crypto_xcbc_digest_final(struct hash_desc *pdesc, u8 *out)
234static int crypto_xcbc_digest(struct hash_desc *pdesc, 246static int crypto_xcbc_digest(struct hash_desc *pdesc,
235 struct scatterlist *sg, unsigned int nbytes, u8 *out) 247 struct scatterlist *sg, unsigned int nbytes, u8 *out)
236{ 248{
249 if (WARN_ON_ONCE(in_irq()))
250 return -EDEADLK;
251
237 crypto_xcbc_digest_init(pdesc); 252 crypto_xcbc_digest_init(pdesc);
238 crypto_xcbc_digest_update(pdesc, sg, nbytes); 253 crypto_xcbc_digest_update2(pdesc, sg, nbytes);
239 return crypto_xcbc_digest_final(pdesc, out); 254 return crypto_xcbc_digest_final(pdesc, out);
240} 255}
241 256
242static int xcbc_init_tfm(struct crypto_tfm *tfm) 257static int xcbc_init_tfm(struct crypto_tfm *tfm)
243{ 258{
259 struct crypto_cipher *cipher;
244 struct crypto_instance *inst = (void *)tfm->__crt_alg; 260 struct crypto_instance *inst = (void *)tfm->__crt_alg;
245 struct crypto_spawn *spawn = crypto_instance_ctx(inst); 261 struct crypto_spawn *spawn = crypto_instance_ctx(inst);
246 struct crypto_xcbc_ctx *ctx = crypto_hash_ctx_aligned(__crypto_hash_cast(tfm)); 262 struct crypto_xcbc_ctx *ctx = crypto_hash_ctx_aligned(__crypto_hash_cast(tfm));
247 int bs = crypto_hash_blocksize(__crypto_hash_cast(tfm)); 263 int bs = crypto_hash_blocksize(__crypto_hash_cast(tfm));
248 264
249 tfm = crypto_spawn_tfm(spawn); 265 cipher = crypto_spawn_cipher(spawn);
250 if (IS_ERR(tfm)) 266 if (IS_ERR(cipher))
251 return PTR_ERR(tfm); 267 return PTR_ERR(cipher);
252 268
253 switch(bs) { 269 switch(bs) {
254 case 16: 270 case 16:
@@ -258,7 +274,7 @@ static int xcbc_init_tfm(struct crypto_tfm *tfm)
258 return -EINVAL; 274 return -EINVAL;
259 } 275 }
260 276
261 ctx->child = crypto_cipher_cast(tfm); 277 ctx->child = cipher;
262 ctx->odds = (u8*)(ctx+1); 278 ctx->odds = (u8*)(ctx+1);
263 ctx->prev = ctx->odds + bs; 279 ctx->prev = ctx->odds + bs;
264 ctx->key = ctx->prev + bs; 280 ctx->key = ctx->prev + bs;