aboutsummaryrefslogtreecommitdiffstats
path: root/crypto
diff options
context:
space:
mode:
Diffstat (limited to 'crypto')
-rw-r--r--crypto/Kconfig63
-rw-r--r--crypto/Makefile4
-rw-r--r--crypto/ablkcipher.c48
-rw-r--r--crypto/aead.c48
-rw-r--r--crypto/ahash.c21
-rw-r--r--crypto/algapi.c12
-rw-r--r--crypto/blkcipher.c25
-rw-r--r--crypto/blowfish_common.c (renamed from crypto/blowfish.c)98
-rw-r--r--crypto/blowfish_generic.c142
-rw-r--r--crypto/cryptd.c2
-rw-r--r--crypto/crypto_user.c438
-rw-r--r--crypto/internal.h3
-rw-r--r--crypto/pcompress.c18
-rw-r--r--crypto/rng.c20
-rw-r--r--crypto/sha1_generic.c9
-rw-r--r--crypto/shash.c21
-rw-r--r--crypto/tcrypt.c10
-rw-r--r--crypto/testmgr.c30
-rw-r--r--crypto/testmgr.h398
-rw-r--r--crypto/wp512.c18
20 files changed, 1313 insertions, 115 deletions
diff --git a/crypto/Kconfig b/crypto/Kconfig
index ae27b7534ea7..527a857d10b6 100644
--- a/crypto/Kconfig
+++ b/crypto/Kconfig
@@ -100,6 +100,14 @@ config CRYPTO_MANAGER2
100 select CRYPTO_BLKCIPHER2 100 select CRYPTO_BLKCIPHER2
101 select CRYPTO_PCOMP2 101 select CRYPTO_PCOMP2
102 102
103config CRYPTO_USER
104 tristate "Userspace cryptographic algorithm configuration"
105 depends on NET
106 select CRYPTO_MANAGER
107 help
108 Userapace configuration for cryptographic instantiations such as
109 cbc(aes).
110
103config CRYPTO_MANAGER_DISABLE_TESTS 111config CRYPTO_MANAGER_DISABLE_TESTS
104 bool "Disable run-time self tests" 112 bool "Disable run-time self tests"
105 default y 113 default y
@@ -407,6 +415,16 @@ config CRYPTO_SHA1
407 help 415 help
408 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2). 416 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2).
409 417
418config CRYPTO_SHA1_SSSE3
419 tristate "SHA1 digest algorithm (SSSE3/AVX)"
420 depends on X86 && 64BIT
421 select CRYPTO_SHA1
422 select CRYPTO_HASH
423 help
424 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
425 using Supplemental SSE3 (SSSE3) instructions or Advanced Vector
426 Extensions (AVX), when available.
427
410config CRYPTO_SHA256 428config CRYPTO_SHA256
411 tristate "SHA224 and SHA256 digest algorithm" 429 tristate "SHA224 and SHA256 digest algorithm"
412 select CRYPTO_HASH 430 select CRYPTO_HASH
@@ -590,6 +608,7 @@ config CRYPTO_ARC4
590config CRYPTO_BLOWFISH 608config CRYPTO_BLOWFISH
591 tristate "Blowfish cipher algorithm" 609 tristate "Blowfish cipher algorithm"
592 select CRYPTO_ALGAPI 610 select CRYPTO_ALGAPI
611 select CRYPTO_BLOWFISH_COMMON
593 help 612 help
594 Blowfish cipher algorithm, by Bruce Schneier. 613 Blowfish cipher algorithm, by Bruce Schneier.
595 614
@@ -600,6 +619,30 @@ config CRYPTO_BLOWFISH
600 See also: 619 See also:
601 <http://www.schneier.com/blowfish.html> 620 <http://www.schneier.com/blowfish.html>
602 621
622config CRYPTO_BLOWFISH_COMMON
623 tristate
624 help
625 Common parts of the Blowfish cipher algorithm shared by the
626 generic c and the assembler implementations.
627
628 See also:
629 <http://www.schneier.com/blowfish.html>
630
631config CRYPTO_BLOWFISH_X86_64
632 tristate "Blowfish cipher algorithm (x86_64)"
633 depends on (X86 || UML_X86) && 64BIT
634 select CRYPTO_ALGAPI
635 select CRYPTO_BLOWFISH_COMMON
636 help
637 Blowfish cipher algorithm (x86_64), by Bruce Schneier.
638
639 This is a variable key length cipher which can use keys from 32
640 bits to 448 bits in length. It's fast, simple and specifically
641 designed for use on "large microprocessors".
642
643 See also:
644 <http://www.schneier.com/blowfish.html>
645
603config CRYPTO_CAMELLIA 646config CRYPTO_CAMELLIA
604 tristate "Camellia cipher algorithms" 647 tristate "Camellia cipher algorithms"
605 depends on CRYPTO 648 depends on CRYPTO
@@ -793,6 +836,26 @@ config CRYPTO_TWOFISH_X86_64
793 See also: 836 See also:
794 <http://www.schneier.com/twofish.html> 837 <http://www.schneier.com/twofish.html>
795 838
839config CRYPTO_TWOFISH_X86_64_3WAY
840 tristate "Twofish cipher algorithm (x86_64, 3-way parallel)"
841 depends on (X86 || UML_X86) && 64BIT
842 select CRYPTO_ALGAPI
843 select CRYPTO_TWOFISH_COMMON
844 select CRYPTO_TWOFISH_X86_64
845 help
846 Twofish cipher algorithm (x86_64, 3-way parallel).
847
848 Twofish was submitted as an AES (Advanced Encryption Standard)
849 candidate cipher by researchers at CounterPane Systems. It is a
850 16 round block cipher supporting key sizes of 128, 192, and 256
851 bits.
852
853 This module provides Twofish cipher algorithm that processes three
854 blocks parallel, utilizing resources of out-of-order CPUs better.
855
856 See also:
857 <http://www.schneier.com/twofish.html>
858
796comment "Compression" 859comment "Compression"
797 860
798config CRYPTO_DEFLATE 861config CRYPTO_DEFLATE
diff --git a/crypto/Makefile b/crypto/Makefile
index ce5a813d3639..9e6eee2c05db 100644
--- a/crypto/Makefile
+++ b/crypto/Makefile
@@ -31,6 +31,7 @@ obj-$(CONFIG_CRYPTO_PCOMP2) += pcompress.o
31cryptomgr-y := algboss.o testmgr.o 31cryptomgr-y := algboss.o testmgr.o
32 32
33obj-$(CONFIG_CRYPTO_MANAGER2) += cryptomgr.o 33obj-$(CONFIG_CRYPTO_MANAGER2) += cryptomgr.o
34obj-$(CONFIG_CRYPTO_USER) += crypto_user.o
34obj-$(CONFIG_CRYPTO_HMAC) += hmac.o 35obj-$(CONFIG_CRYPTO_HMAC) += hmac.o
35obj-$(CONFIG_CRYPTO_VMAC) += vmac.o 36obj-$(CONFIG_CRYPTO_VMAC) += vmac.o
36obj-$(CONFIG_CRYPTO_XCBC) += xcbc.o 37obj-$(CONFIG_CRYPTO_XCBC) += xcbc.o
@@ -60,7 +61,8 @@ obj-$(CONFIG_CRYPTO_PCRYPT) += pcrypt.o
60obj-$(CONFIG_CRYPTO_CRYPTD) += cryptd.o 61obj-$(CONFIG_CRYPTO_CRYPTD) += cryptd.o
61obj-$(CONFIG_CRYPTO_DES) += des_generic.o 62obj-$(CONFIG_CRYPTO_DES) += des_generic.o
62obj-$(CONFIG_CRYPTO_FCRYPT) += fcrypt.o 63obj-$(CONFIG_CRYPTO_FCRYPT) += fcrypt.o
63obj-$(CONFIG_CRYPTO_BLOWFISH) += blowfish.o 64obj-$(CONFIG_CRYPTO_BLOWFISH) += blowfish_generic.o
65obj-$(CONFIG_CRYPTO_BLOWFISH_COMMON) += blowfish_common.o
64obj-$(CONFIG_CRYPTO_TWOFISH) += twofish_generic.o 66obj-$(CONFIG_CRYPTO_TWOFISH) += twofish_generic.o
65obj-$(CONFIG_CRYPTO_TWOFISH_COMMON) += twofish_common.o 67obj-$(CONFIG_CRYPTO_TWOFISH_COMMON) += twofish_common.o
66obj-$(CONFIG_CRYPTO_SERPENT) += serpent.o 68obj-$(CONFIG_CRYPTO_SERPENT) += serpent.o
diff --git a/crypto/ablkcipher.c b/crypto/ablkcipher.c
index fdc67d38660b..a816f24f2d52 100644
--- a/crypto/ablkcipher.c
+++ b/crypto/ablkcipher.c
@@ -23,6 +23,8 @@
23#include <linux/sched.h> 23#include <linux/sched.h>
24#include <linux/slab.h> 24#include <linux/slab.h>
25#include <linux/seq_file.h> 25#include <linux/seq_file.h>
26#include <linux/cryptouser.h>
27#include <net/netlink.h>
26 28
27#include <crypto/scatterwalk.h> 29#include <crypto/scatterwalk.h>
28 30
@@ -381,6 +383,28 @@ static int crypto_init_ablkcipher_ops(struct crypto_tfm *tfm, u32 type,
381 return 0; 383 return 0;
382} 384}
383 385
386static int crypto_ablkcipher_report(struct sk_buff *skb, struct crypto_alg *alg)
387{
388 struct crypto_report_blkcipher rblkcipher;
389
390 snprintf(rblkcipher.type, CRYPTO_MAX_ALG_NAME, "%s", "ablkcipher");
391 snprintf(rblkcipher.geniv, CRYPTO_MAX_ALG_NAME, "%s",
392 alg->cra_ablkcipher.geniv ?: "<default>");
393
394 rblkcipher.blocksize = alg->cra_blocksize;
395 rblkcipher.min_keysize = alg->cra_ablkcipher.min_keysize;
396 rblkcipher.max_keysize = alg->cra_ablkcipher.max_keysize;
397 rblkcipher.ivsize = alg->cra_ablkcipher.ivsize;
398
399 NLA_PUT(skb, CRYPTOCFGA_REPORT_BLKCIPHER,
400 sizeof(struct crypto_report_blkcipher), &rblkcipher);
401
402 return 0;
403
404nla_put_failure:
405 return -EMSGSIZE;
406}
407
384static void crypto_ablkcipher_show(struct seq_file *m, struct crypto_alg *alg) 408static void crypto_ablkcipher_show(struct seq_file *m, struct crypto_alg *alg)
385 __attribute__ ((unused)); 409 __attribute__ ((unused));
386static void crypto_ablkcipher_show(struct seq_file *m, struct crypto_alg *alg) 410static void crypto_ablkcipher_show(struct seq_file *m, struct crypto_alg *alg)
@@ -403,6 +427,7 @@ const struct crypto_type crypto_ablkcipher_type = {
403#ifdef CONFIG_PROC_FS 427#ifdef CONFIG_PROC_FS
404 .show = crypto_ablkcipher_show, 428 .show = crypto_ablkcipher_show,
405#endif 429#endif
430 .report = crypto_ablkcipher_report,
406}; 431};
407EXPORT_SYMBOL_GPL(crypto_ablkcipher_type); 432EXPORT_SYMBOL_GPL(crypto_ablkcipher_type);
408 433
@@ -432,6 +457,28 @@ static int crypto_init_givcipher_ops(struct crypto_tfm *tfm, u32 type,
432 return 0; 457 return 0;
433} 458}
434 459
460static int crypto_givcipher_report(struct sk_buff *skb, struct crypto_alg *alg)
461{
462 struct crypto_report_blkcipher rblkcipher;
463
464 snprintf(rblkcipher.type, CRYPTO_MAX_ALG_NAME, "%s", "givcipher");
465 snprintf(rblkcipher.geniv, CRYPTO_MAX_ALG_NAME, "%s",
466 alg->cra_ablkcipher.geniv ?: "<built-in>");
467
468 rblkcipher.blocksize = alg->cra_blocksize;
469 rblkcipher.min_keysize = alg->cra_ablkcipher.min_keysize;
470 rblkcipher.max_keysize = alg->cra_ablkcipher.max_keysize;
471 rblkcipher.ivsize = alg->cra_ablkcipher.ivsize;
472
473 NLA_PUT(skb, CRYPTOCFGA_REPORT_BLKCIPHER,
474 sizeof(struct crypto_report_blkcipher), &rblkcipher);
475
476 return 0;
477
478nla_put_failure:
479 return -EMSGSIZE;
480}
481
435static void crypto_givcipher_show(struct seq_file *m, struct crypto_alg *alg) 482static void crypto_givcipher_show(struct seq_file *m, struct crypto_alg *alg)
436 __attribute__ ((unused)); 483 __attribute__ ((unused));
437static void crypto_givcipher_show(struct seq_file *m, struct crypto_alg *alg) 484static void crypto_givcipher_show(struct seq_file *m, struct crypto_alg *alg)
@@ -454,6 +501,7 @@ const struct crypto_type crypto_givcipher_type = {
454#ifdef CONFIG_PROC_FS 501#ifdef CONFIG_PROC_FS
455 .show = crypto_givcipher_show, 502 .show = crypto_givcipher_show,
456#endif 503#endif
504 .report = crypto_givcipher_report,
457}; 505};
458EXPORT_SYMBOL_GPL(crypto_givcipher_type); 506EXPORT_SYMBOL_GPL(crypto_givcipher_type);
459 507
diff --git a/crypto/aead.c b/crypto/aead.c
index 6729e8ff68e7..701556ffaaef 100644
--- a/crypto/aead.c
+++ b/crypto/aead.c
@@ -21,6 +21,8 @@
21#include <linux/sched.h> 21#include <linux/sched.h>
22#include <linux/slab.h> 22#include <linux/slab.h>
23#include <linux/seq_file.h> 23#include <linux/seq_file.h>
24#include <linux/cryptouser.h>
25#include <net/netlink.h>
24 26
25#include "internal.h" 27#include "internal.h"
26 28
@@ -109,6 +111,28 @@ static int crypto_init_aead_ops(struct crypto_tfm *tfm, u32 type, u32 mask)
109 return 0; 111 return 0;
110} 112}
111 113
114static int crypto_aead_report(struct sk_buff *skb, struct crypto_alg *alg)
115{
116 struct crypto_report_aead raead;
117 struct aead_alg *aead = &alg->cra_aead;
118
119 snprintf(raead.type, CRYPTO_MAX_ALG_NAME, "%s", "aead");
120 snprintf(raead.geniv, CRYPTO_MAX_ALG_NAME, "%s",
121 aead->geniv ?: "<built-in>");
122
123 raead.blocksize = alg->cra_blocksize;
124 raead.maxauthsize = aead->maxauthsize;
125 raead.ivsize = aead->ivsize;
126
127 NLA_PUT(skb, CRYPTOCFGA_REPORT_AEAD,
128 sizeof(struct crypto_report_aead), &raead);
129
130 return 0;
131
132nla_put_failure:
133 return -EMSGSIZE;
134}
135
112static void crypto_aead_show(struct seq_file *m, struct crypto_alg *alg) 136static void crypto_aead_show(struct seq_file *m, struct crypto_alg *alg)
113 __attribute__ ((unused)); 137 __attribute__ ((unused));
114static void crypto_aead_show(struct seq_file *m, struct crypto_alg *alg) 138static void crypto_aead_show(struct seq_file *m, struct crypto_alg *alg)
@@ -130,6 +154,7 @@ const struct crypto_type crypto_aead_type = {
130#ifdef CONFIG_PROC_FS 154#ifdef CONFIG_PROC_FS
131 .show = crypto_aead_show, 155 .show = crypto_aead_show,
132#endif 156#endif
157 .report = crypto_aead_report,
133}; 158};
134EXPORT_SYMBOL_GPL(crypto_aead_type); 159EXPORT_SYMBOL_GPL(crypto_aead_type);
135 160
@@ -165,6 +190,28 @@ static int crypto_init_nivaead_ops(struct crypto_tfm *tfm, u32 type, u32 mask)
165 return 0; 190 return 0;
166} 191}
167 192
193static int crypto_nivaead_report(struct sk_buff *skb, struct crypto_alg *alg)
194{
195 struct crypto_report_aead raead;
196 struct aead_alg *aead = &alg->cra_aead;
197
198 snprintf(raead.type, CRYPTO_MAX_ALG_NAME, "%s", "nivaead");
199 snprintf(raead.geniv, CRYPTO_MAX_ALG_NAME, "%s", aead->geniv);
200
201 raead.blocksize = alg->cra_blocksize;
202 raead.maxauthsize = aead->maxauthsize;
203 raead.ivsize = aead->ivsize;
204
205 NLA_PUT(skb, CRYPTOCFGA_REPORT_AEAD,
206 sizeof(struct crypto_report_aead), &raead);
207
208 return 0;
209
210nla_put_failure:
211 return -EMSGSIZE;
212}
213
214
168static void crypto_nivaead_show(struct seq_file *m, struct crypto_alg *alg) 215static void crypto_nivaead_show(struct seq_file *m, struct crypto_alg *alg)
169 __attribute__ ((unused)); 216 __attribute__ ((unused));
170static void crypto_nivaead_show(struct seq_file *m, struct crypto_alg *alg) 217static void crypto_nivaead_show(struct seq_file *m, struct crypto_alg *alg)
@@ -186,6 +233,7 @@ const struct crypto_type crypto_nivaead_type = {
186#ifdef CONFIG_PROC_FS 233#ifdef CONFIG_PROC_FS
187 .show = crypto_nivaead_show, 234 .show = crypto_nivaead_show,
188#endif 235#endif
236 .report = crypto_nivaead_report,
189}; 237};
190EXPORT_SYMBOL_GPL(crypto_nivaead_type); 238EXPORT_SYMBOL_GPL(crypto_nivaead_type);
191 239
diff --git a/crypto/ahash.c b/crypto/ahash.c
index f669822a7a44..a3e6ef99394a 100644
--- a/crypto/ahash.c
+++ b/crypto/ahash.c
@@ -21,6 +21,8 @@
21#include <linux/sched.h> 21#include <linux/sched.h>
22#include <linux/slab.h> 22#include <linux/slab.h>
23#include <linux/seq_file.h> 23#include <linux/seq_file.h>
24#include <linux/cryptouser.h>
25#include <net/netlink.h>
24 26
25#include "internal.h" 27#include "internal.h"
26 28
@@ -397,6 +399,24 @@ static unsigned int crypto_ahash_extsize(struct crypto_alg *alg)
397 return sizeof(struct crypto_shash *); 399 return sizeof(struct crypto_shash *);
398} 400}
399 401
402static int crypto_ahash_report(struct sk_buff *skb, struct crypto_alg *alg)
403{
404 struct crypto_report_hash rhash;
405
406 snprintf(rhash.type, CRYPTO_MAX_ALG_NAME, "%s", "ahash");
407
408 rhash.blocksize = alg->cra_blocksize;
409 rhash.digestsize = __crypto_hash_alg_common(alg)->digestsize;
410
411 NLA_PUT(skb, CRYPTOCFGA_REPORT_HASH,
412 sizeof(struct crypto_report_hash), &rhash);
413
414 return 0;
415
416nla_put_failure:
417 return -EMSGSIZE;
418}
419
400static void crypto_ahash_show(struct seq_file *m, struct crypto_alg *alg) 420static void crypto_ahash_show(struct seq_file *m, struct crypto_alg *alg)
401 __attribute__ ((unused)); 421 __attribute__ ((unused));
402static void crypto_ahash_show(struct seq_file *m, struct crypto_alg *alg) 422static void crypto_ahash_show(struct seq_file *m, struct crypto_alg *alg)
@@ -415,6 +435,7 @@ const struct crypto_type crypto_ahash_type = {
415#ifdef CONFIG_PROC_FS 435#ifdef CONFIG_PROC_FS
416 .show = crypto_ahash_show, 436 .show = crypto_ahash_show,
417#endif 437#endif
438 .report = crypto_ahash_report,
418 .maskclear = ~CRYPTO_ALG_TYPE_MASK, 439 .maskclear = ~CRYPTO_ALG_TYPE_MASK,
419 .maskset = CRYPTO_ALG_TYPE_AHASH_MASK, 440 .maskset = CRYPTO_ALG_TYPE_AHASH_MASK,
420 .type = CRYPTO_ALG_TYPE_AHASH, 441 .type = CRYPTO_ALG_TYPE_AHASH,
diff --git a/crypto/algapi.c b/crypto/algapi.c
index c3cf1a69a47a..54dd4e33b5d6 100644
--- a/crypto/algapi.c
+++ b/crypto/algapi.c
@@ -22,8 +22,6 @@
22 22
23#include "internal.h" 23#include "internal.h"
24 24
25static void crypto_remove_final(struct list_head *list);
26
27static LIST_HEAD(crypto_template_list); 25static LIST_HEAD(crypto_template_list);
28 26
29void crypto_larval_error(const char *name, u32 type, u32 mask) 27void crypto_larval_error(const char *name, u32 type, u32 mask)
@@ -129,9 +127,8 @@ static void crypto_remove_spawn(struct crypto_spawn *spawn,
129 BUG_ON(!list_empty(&inst->alg.cra_users)); 127 BUG_ON(!list_empty(&inst->alg.cra_users));
130} 128}
131 129
132static void crypto_remove_spawns(struct crypto_alg *alg, 130void crypto_remove_spawns(struct crypto_alg *alg, struct list_head *list,
133 struct list_head *list, 131 struct crypto_alg *nalg)
134 struct crypto_alg *nalg)
135{ 132{
136 u32 new_type = (nalg ?: alg)->cra_flags; 133 u32 new_type = (nalg ?: alg)->cra_flags;
137 struct crypto_spawn *spawn, *n; 134 struct crypto_spawn *spawn, *n;
@@ -177,6 +174,7 @@ static void crypto_remove_spawns(struct crypto_alg *alg,
177 crypto_remove_spawn(spawn, list); 174 crypto_remove_spawn(spawn, list);
178 } 175 }
179} 176}
177EXPORT_SYMBOL_GPL(crypto_remove_spawns);
180 178
181static struct crypto_larval *__crypto_register_alg(struct crypto_alg *alg) 179static struct crypto_larval *__crypto_register_alg(struct crypto_alg *alg)
182{ 180{
@@ -321,7 +319,7 @@ unlock:
321} 319}
322EXPORT_SYMBOL_GPL(crypto_alg_tested); 320EXPORT_SYMBOL_GPL(crypto_alg_tested);
323 321
324static void crypto_remove_final(struct list_head *list) 322void crypto_remove_final(struct list_head *list)
325{ 323{
326 struct crypto_alg *alg; 324 struct crypto_alg *alg;
327 struct crypto_alg *n; 325 struct crypto_alg *n;
@@ -331,6 +329,7 @@ static void crypto_remove_final(struct list_head *list)
331 crypto_alg_put(alg); 329 crypto_alg_put(alg);
332 } 330 }
333} 331}
332EXPORT_SYMBOL_GPL(crypto_remove_final);
334 333
335static void crypto_wait_for_test(struct crypto_larval *larval) 334static void crypto_wait_for_test(struct crypto_larval *larval)
336{ 335{
@@ -493,6 +492,7 @@ int crypto_register_instance(struct crypto_template *tmpl,
493 goto err; 492 goto err;
494 493
495 inst->alg.cra_module = tmpl->module; 494 inst->alg.cra_module = tmpl->module;
495 inst->alg.cra_flags |= CRYPTO_ALG_INSTANCE;
496 496
497 down_write(&crypto_alg_sem); 497 down_write(&crypto_alg_sem);
498 498
diff --git a/crypto/blkcipher.c b/crypto/blkcipher.c
index 7a7219266e3c..2572d2600136 100644
--- a/crypto/blkcipher.c
+++ b/crypto/blkcipher.c
@@ -24,6 +24,8 @@
24#include <linux/seq_file.h> 24#include <linux/seq_file.h>
25#include <linux/slab.h> 25#include <linux/slab.h>
26#include <linux/string.h> 26#include <linux/string.h>
27#include <linux/cryptouser.h>
28#include <net/netlink.h>
27 29
28#include "internal.h" 30#include "internal.h"
29 31
@@ -492,6 +494,28 @@ static int crypto_init_blkcipher_ops(struct crypto_tfm *tfm, u32 type, u32 mask)
492 return crypto_init_blkcipher_ops_async(tfm); 494 return crypto_init_blkcipher_ops_async(tfm);
493} 495}
494 496
497static int crypto_blkcipher_report(struct sk_buff *skb, struct crypto_alg *alg)
498{
499 struct crypto_report_blkcipher rblkcipher;
500
501 snprintf(rblkcipher.type, CRYPTO_MAX_ALG_NAME, "%s", "blkcipher");
502 snprintf(rblkcipher.geniv, CRYPTO_MAX_ALG_NAME, "%s",
503 alg->cra_blkcipher.geniv ?: "<default>");
504
505 rblkcipher.blocksize = alg->cra_blocksize;
506 rblkcipher.min_keysize = alg->cra_blkcipher.min_keysize;
507 rblkcipher.max_keysize = alg->cra_blkcipher.max_keysize;
508 rblkcipher.ivsize = alg->cra_blkcipher.ivsize;
509
510 NLA_PUT(skb, CRYPTOCFGA_REPORT_BLKCIPHER,
511 sizeof(struct crypto_report_blkcipher), &rblkcipher);
512
513 return 0;
514
515nla_put_failure:
516 return -EMSGSIZE;
517}
518
495static void crypto_blkcipher_show(struct seq_file *m, struct crypto_alg *alg) 519static void crypto_blkcipher_show(struct seq_file *m, struct crypto_alg *alg)
496 __attribute__ ((unused)); 520 __attribute__ ((unused));
497static void crypto_blkcipher_show(struct seq_file *m, struct crypto_alg *alg) 521static void crypto_blkcipher_show(struct seq_file *m, struct crypto_alg *alg)
@@ -511,6 +535,7 @@ const struct crypto_type crypto_blkcipher_type = {
511#ifdef CONFIG_PROC_FS 535#ifdef CONFIG_PROC_FS
512 .show = crypto_blkcipher_show, 536 .show = crypto_blkcipher_show,
513#endif 537#endif
538 .report = crypto_blkcipher_report,
514}; 539};
515EXPORT_SYMBOL_GPL(crypto_blkcipher_type); 540EXPORT_SYMBOL_GPL(crypto_blkcipher_type);
516 541
diff --git a/crypto/blowfish.c b/crypto/blowfish_common.c
index a67d52ee0580..f636aab0209f 100644
--- a/crypto/blowfish.c
+++ b/crypto/blowfish_common.c
@@ -1,6 +1,9 @@
1/* 1/*
2 * Cryptographic API. 2 * Cryptographic API.
3 * 3 *
4 * Common Blowfish algorithm parts shared between the c and assembler
5 * implementations.
6 *
4 * Blowfish Cipher Algorithm, by Bruce Schneier. 7 * Blowfish Cipher Algorithm, by Bruce Schneier.
5 * http://www.counterpane.com/blowfish.html 8 * http://www.counterpane.com/blowfish.html
6 * 9 *
@@ -22,15 +25,7 @@
22#include <asm/byteorder.h> 25#include <asm/byteorder.h>
23#include <linux/crypto.h> 26#include <linux/crypto.h>
24#include <linux/types.h> 27#include <linux/types.h>
25 28#include <crypto/blowfish.h>
26#define BF_BLOCK_SIZE 8
27#define BF_MIN_KEY_SIZE 4
28#define BF_MAX_KEY_SIZE 56
29
30struct bf_ctx {
31 u32 p[18];
32 u32 s[1024];
33};
34 29
35static const u32 bf_pbox[16 + 2] = { 30static const u32 bf_pbox[16 + 2] = {
36 0x243f6a88, 0x85a308d3, 0x13198a2e, 0x03707344, 31 0x243f6a88, 0x85a308d3, 0x13198a2e, 0x03707344,
@@ -309,9 +304,9 @@ static const u32 bf_sbox[256 * 4] = {
309#define GET32_0(x) (((x) >> (24)) & (0xff)) 304#define GET32_0(x) (((x) >> (24)) & (0xff))
310 305
311#define bf_F(x) (((S[GET32_0(x)] + S[256 + GET32_1(x)]) ^ \ 306#define bf_F(x) (((S[GET32_0(x)] + S[256 + GET32_1(x)]) ^ \
312 S[512 + GET32_2(x)]) + S[768 + GET32_3(x)]) 307 S[512 + GET32_2(x)]) + S[768 + GET32_3(x)])
313 308
314#define ROUND(a, b, n) b ^= P[n]; a ^= bf_F (b) 309#define ROUND(a, b, n) ({ b ^= P[n]; a ^= bf_F(b); })
315 310
316/* 311/*
317 * The blowfish encipher, processes 64-bit blocks. 312 * The blowfish encipher, processes 64-bit blocks.
@@ -348,57 +343,10 @@ static void encrypt_block(struct bf_ctx *bctx, u32 *dst, u32 *src)
348 dst[1] = yl; 343 dst[1] = yl;
349} 344}
350 345
351static void bf_encrypt(struct crypto_tfm *tfm, u8 *dst, const u8 *src)
352{
353 const __be32 *in_blk = (const __be32 *)src;
354 __be32 *const out_blk = (__be32 *)dst;
355 u32 in32[2], out32[2];
356
357 in32[0] = be32_to_cpu(in_blk[0]);
358 in32[1] = be32_to_cpu(in_blk[1]);
359 encrypt_block(crypto_tfm_ctx(tfm), out32, in32);
360 out_blk[0] = cpu_to_be32(out32[0]);
361 out_blk[1] = cpu_to_be32(out32[1]);
362}
363
364static void bf_decrypt(struct crypto_tfm *tfm, u8 *dst, const u8 *src)
365{
366 struct bf_ctx *ctx = crypto_tfm_ctx(tfm);
367 const __be32 *in_blk = (const __be32 *)src;
368 __be32 *const out_blk = (__be32 *)dst;
369 const u32 *P = ctx->p;
370 const u32 *S = ctx->s;
371 u32 yl = be32_to_cpu(in_blk[0]);
372 u32 yr = be32_to_cpu(in_blk[1]);
373
374 ROUND(yr, yl, 17);
375 ROUND(yl, yr, 16);
376 ROUND(yr, yl, 15);
377 ROUND(yl, yr, 14);
378 ROUND(yr, yl, 13);
379 ROUND(yl, yr, 12);
380 ROUND(yr, yl, 11);
381 ROUND(yl, yr, 10);
382 ROUND(yr, yl, 9);
383 ROUND(yl, yr, 8);
384 ROUND(yr, yl, 7);
385 ROUND(yl, yr, 6);
386 ROUND(yr, yl, 5);
387 ROUND(yl, yr, 4);
388 ROUND(yr, yl, 3);
389 ROUND(yl, yr, 2);
390
391 yl ^= P[1];
392 yr ^= P[0];
393
394 out_blk[0] = cpu_to_be32(yr);
395 out_blk[1] = cpu_to_be32(yl);
396}
397
398/* 346/*
399 * Calculates the blowfish S and P boxes for encryption and decryption. 347 * Calculates the blowfish S and P boxes for encryption and decryption.
400 */ 348 */
401static int bf_setkey(struct crypto_tfm *tfm, const u8 *key, unsigned int keylen) 349int blowfish_setkey(struct crypto_tfm *tfm, const u8 *key, unsigned int keylen)
402{ 350{
403 struct bf_ctx *ctx = crypto_tfm_ctx(tfm); 351 struct bf_ctx *ctx = crypto_tfm_ctx(tfm);
404 u32 *P = ctx->p; 352 u32 *P = ctx->p;
@@ -448,35 +396,7 @@ static int bf_setkey(struct crypto_tfm *tfm, const u8 *key, unsigned int keylen)
448 /* Bruce says not to bother with the weak key check. */ 396 /* Bruce says not to bother with the weak key check. */
449 return 0; 397 return 0;
450} 398}
451 399EXPORT_SYMBOL_GPL(blowfish_setkey);
452static struct crypto_alg alg = {
453 .cra_name = "blowfish",
454 .cra_flags = CRYPTO_ALG_TYPE_CIPHER,
455 .cra_blocksize = BF_BLOCK_SIZE,
456 .cra_ctxsize = sizeof(struct bf_ctx),
457 .cra_alignmask = 3,
458 .cra_module = THIS_MODULE,
459 .cra_list = LIST_HEAD_INIT(alg.cra_list),
460 .cra_u = { .cipher = {
461 .cia_min_keysize = BF_MIN_KEY_SIZE,
462 .cia_max_keysize = BF_MAX_KEY_SIZE,
463 .cia_setkey = bf_setkey,
464 .cia_encrypt = bf_encrypt,
465 .cia_decrypt = bf_decrypt } }
466};
467
468static int __init blowfish_mod_init(void)
469{
470 return crypto_register_alg(&alg);
471}
472
473static void __exit blowfish_mod_fini(void)
474{
475 crypto_unregister_alg(&alg);
476}
477
478module_init(blowfish_mod_init);
479module_exit(blowfish_mod_fini);
480 400
481MODULE_LICENSE("GPL"); 401MODULE_LICENSE("GPL");
482MODULE_DESCRIPTION("Blowfish Cipher Algorithm"); 402MODULE_DESCRIPTION("Blowfish Cipher common functions");
diff --git a/crypto/blowfish_generic.c b/crypto/blowfish_generic.c
new file mode 100644
index 000000000000..6f269b5cfa3b
--- /dev/null
+++ b/crypto/blowfish_generic.c
@@ -0,0 +1,142 @@
1/*
2 * Cryptographic API.
3 *
4 * Blowfish Cipher Algorithm, by Bruce Schneier.
5 * http://www.counterpane.com/blowfish.html
6 *
7 * Adapted from Kerneli implementation.
8 *
9 * Copyright (c) Herbert Valerio Riedel <hvr@hvrlab.org>
10 * Copyright (c) Kyle McMartin <kyle@debian.org>
11 * Copyright (c) 2002 James Morris <jmorris@intercode.com.au>
12 *
13 * This program is free software; you can redistribute it and/or modify
14 * it under the terms of the GNU General Public License as published by
15 * the Free Software Foundation; either version 2 of the License, or
16 * (at your option) any later version.
17 *
18 */
19#include <linux/init.h>
20#include <linux/module.h>
21#include <linux/mm.h>
22#include <asm/byteorder.h>
23#include <linux/crypto.h>
24#include <linux/types.h>
25#include <crypto/blowfish.h>
26
27/*
28 * Round loop unrolling macros, S is a pointer to a S-Box array
29 * organized in 4 unsigned longs at a row.
30 */
31#define GET32_3(x) (((x) & 0xff))
32#define GET32_2(x) (((x) >> (8)) & (0xff))
33#define GET32_1(x) (((x) >> (16)) & (0xff))
34#define GET32_0(x) (((x) >> (24)) & (0xff))
35
36#define bf_F(x) (((S[GET32_0(x)] + S[256 + GET32_1(x)]) ^ \
37 S[512 + GET32_2(x)]) + S[768 + GET32_3(x)])
38
39#define ROUND(a, b, n) ({ b ^= P[n]; a ^= bf_F(b); })
40
41static void bf_encrypt(struct crypto_tfm *tfm, u8 *dst, const u8 *src)
42{
43 struct bf_ctx *ctx = crypto_tfm_ctx(tfm);
44 const __be32 *in_blk = (const __be32 *)src;
45 __be32 *const out_blk = (__be32 *)dst;
46 const u32 *P = ctx->p;
47 const u32 *S = ctx->s;
48 u32 yl = be32_to_cpu(in_blk[0]);
49 u32 yr = be32_to_cpu(in_blk[1]);
50
51 ROUND(yr, yl, 0);
52 ROUND(yl, yr, 1);
53 ROUND(yr, yl, 2);
54 ROUND(yl, yr, 3);
55 ROUND(yr, yl, 4);
56 ROUND(yl, yr, 5);
57 ROUND(yr, yl, 6);
58 ROUND(yl, yr, 7);
59 ROUND(yr, yl, 8);
60 ROUND(yl, yr, 9);
61 ROUND(yr, yl, 10);
62 ROUND(yl, yr, 11);
63 ROUND(yr, yl, 12);
64 ROUND(yl, yr, 13);
65 ROUND(yr, yl, 14);
66 ROUND(yl, yr, 15);
67
68 yl ^= P[16];
69 yr ^= P[17];
70
71 out_blk[0] = cpu_to_be32(yr);
72 out_blk[1] = cpu_to_be32(yl);
73}
74
75static void bf_decrypt(struct crypto_tfm *tfm, u8 *dst, const u8 *src)
76{
77 struct bf_ctx *ctx = crypto_tfm_ctx(tfm);
78 const __be32 *in_blk = (const __be32 *)src;
79 __be32 *const out_blk = (__be32 *)dst;
80 const u32 *P = ctx->p;
81 const u32 *S = ctx->s;
82 u32 yl = be32_to_cpu(in_blk[0]);
83 u32 yr = be32_to_cpu(in_blk[1]);
84
85 ROUND(yr, yl, 17);
86 ROUND(yl, yr, 16);
87 ROUND(yr, yl, 15);
88 ROUND(yl, yr, 14);
89 ROUND(yr, yl, 13);
90 ROUND(yl, yr, 12);
91 ROUND(yr, yl, 11);
92 ROUND(yl, yr, 10);
93 ROUND(yr, yl, 9);
94 ROUND(yl, yr, 8);
95 ROUND(yr, yl, 7);
96 ROUND(yl, yr, 6);
97 ROUND(yr, yl, 5);
98 ROUND(yl, yr, 4);
99 ROUND(yr, yl, 3);
100 ROUND(yl, yr, 2);
101
102 yl ^= P[1];
103 yr ^= P[0];
104
105 out_blk[0] = cpu_to_be32(yr);
106 out_blk[1] = cpu_to_be32(yl);
107}
108
109static struct crypto_alg alg = {
110 .cra_name = "blowfish",
111 .cra_driver_name = "blowfish-generic",
112 .cra_priority = 100,
113 .cra_flags = CRYPTO_ALG_TYPE_CIPHER,
114 .cra_blocksize = BF_BLOCK_SIZE,
115 .cra_ctxsize = sizeof(struct bf_ctx),
116 .cra_alignmask = 3,
117 .cra_module = THIS_MODULE,
118 .cra_list = LIST_HEAD_INIT(alg.cra_list),
119 .cra_u = { .cipher = {
120 .cia_min_keysize = BF_MIN_KEY_SIZE,
121 .cia_max_keysize = BF_MAX_KEY_SIZE,
122 .cia_setkey = blowfish_setkey,
123 .cia_encrypt = bf_encrypt,
124 .cia_decrypt = bf_decrypt } }
125};
126
127static int __init blowfish_mod_init(void)
128{
129 return crypto_register_alg(&alg);
130}
131
132static void __exit blowfish_mod_fini(void)
133{
134 crypto_unregister_alg(&alg);
135}
136
137module_init(blowfish_mod_init);
138module_exit(blowfish_mod_fini);
139
140MODULE_LICENSE("GPL");
141MODULE_DESCRIPTION("Blowfish Cipher Algorithm");
142MODULE_ALIAS("blowfish");
diff --git a/crypto/cryptd.c b/crypto/cryptd.c
index e46d21ae26bc..671d4d6d14df 100644
--- a/crypto/cryptd.c
+++ b/crypto/cryptd.c
@@ -945,7 +945,7 @@ static void __exit cryptd_exit(void)
945 crypto_unregister_template(&cryptd_tmpl); 945 crypto_unregister_template(&cryptd_tmpl);
946} 946}
947 947
948module_init(cryptd_init); 948subsys_initcall(cryptd_init);
949module_exit(cryptd_exit); 949module_exit(cryptd_exit);
950 950
951MODULE_LICENSE("GPL"); 951MODULE_LICENSE("GPL");
diff --git a/crypto/crypto_user.c b/crypto/crypto_user.c
new file mode 100644
index 000000000000..2abca780312d
--- /dev/null
+++ b/crypto/crypto_user.c
@@ -0,0 +1,438 @@
1/*
2 * Crypto user configuration API.
3 *
4 * Copyright (C) 2011 secunet Security Networks AG
5 * Copyright (C) 2011 Steffen Klassert <steffen.klassert@secunet.com>
6 *
7 * This program is free software; you can redistribute it and/or modify it
8 * under the terms and conditions of the GNU General Public License,
9 * version 2, as published by the Free Software Foundation.
10 *
11 * This program is distributed in the hope it will be useful, but WITHOUT
12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
14 * more details.
15 *
16 * You should have received a copy of the GNU General Public License along with
17 * this program; if not, write to the Free Software Foundation, Inc.,
18 * 51 Franklin St - Fifth Floor, Boston, MA 02110-1301 USA.
19 */
20
21#include <linux/module.h>
22#include <linux/crypto.h>
23#include <linux/cryptouser.h>
24#include <net/netlink.h>
25#include <linux/security.h>
26#include <net/net_namespace.h>
27#include "internal.h"
28
29DEFINE_MUTEX(crypto_cfg_mutex);
30
31/* The crypto netlink socket */
32static struct sock *crypto_nlsk;
33
34struct crypto_dump_info {
35 struct sk_buff *in_skb;
36 struct sk_buff *out_skb;
37 u32 nlmsg_seq;
38 u16 nlmsg_flags;
39};
40
41static struct crypto_alg *crypto_alg_match(struct crypto_user_alg *p, int exact)
42{
43 struct crypto_alg *q, *alg = NULL;
44
45 down_read(&crypto_alg_sem);
46
47 if (list_empty(&crypto_alg_list))
48 return NULL;
49
50 list_for_each_entry(q, &crypto_alg_list, cra_list) {
51 int match = 0;
52
53 if ((q->cra_flags ^ p->cru_type) & p->cru_mask)
54 continue;
55
56 if (strlen(p->cru_driver_name))
57 match = !strcmp(q->cra_driver_name,
58 p->cru_driver_name);
59 else if (!exact)
60 match = !strcmp(q->cra_name, p->cru_name);
61
62 if (match) {
63 alg = q;
64 break;
65 }
66 }
67
68 up_read(&crypto_alg_sem);
69
70 return alg;
71}
72
73static int crypto_report_cipher(struct sk_buff *skb, struct crypto_alg *alg)
74{
75 struct crypto_report_cipher rcipher;
76
77 snprintf(rcipher.type, CRYPTO_MAX_ALG_NAME, "%s", "cipher");
78
79 rcipher.blocksize = alg->cra_blocksize;
80 rcipher.min_keysize = alg->cra_cipher.cia_min_keysize;
81 rcipher.max_keysize = alg->cra_cipher.cia_max_keysize;
82
83 NLA_PUT(skb, CRYPTOCFGA_REPORT_CIPHER,
84 sizeof(struct crypto_report_cipher), &rcipher);
85
86 return 0;
87
88nla_put_failure:
89 return -EMSGSIZE;
90}
91
92static int crypto_report_comp(struct sk_buff *skb, struct crypto_alg *alg)
93{
94 struct crypto_report_comp rcomp;
95
96 snprintf(rcomp.type, CRYPTO_MAX_ALG_NAME, "%s", "compression");
97
98 NLA_PUT(skb, CRYPTOCFGA_REPORT_COMPRESS,
99 sizeof(struct crypto_report_comp), &rcomp);
100
101 return 0;
102
103nla_put_failure:
104 return -EMSGSIZE;
105}
106
107static int crypto_report_one(struct crypto_alg *alg,
108 struct crypto_user_alg *ualg, struct sk_buff *skb)
109{
110 memcpy(&ualg->cru_name, &alg->cra_name, sizeof(ualg->cru_name));
111 memcpy(&ualg->cru_driver_name, &alg->cra_driver_name,
112 sizeof(ualg->cru_driver_name));
113 memcpy(&ualg->cru_module_name, module_name(alg->cra_module),
114 CRYPTO_MAX_ALG_NAME);
115
116 ualg->cru_flags = alg->cra_flags;
117 ualg->cru_refcnt = atomic_read(&alg->cra_refcnt);
118
119 NLA_PUT_U32(skb, CRYPTOCFGA_PRIORITY_VAL, alg->cra_priority);
120
121 if (alg->cra_flags & CRYPTO_ALG_LARVAL) {
122 struct crypto_report_larval rl;
123
124 snprintf(rl.type, CRYPTO_MAX_ALG_NAME, "%s", "larval");
125
126 NLA_PUT(skb, CRYPTOCFGA_REPORT_LARVAL,
127 sizeof(struct crypto_report_larval), &rl);
128
129 goto out;
130 }
131
132 if (alg->cra_type && alg->cra_type->report) {
133 if (alg->cra_type->report(skb, alg))
134 goto nla_put_failure;
135
136 goto out;
137 }
138
139 switch (alg->cra_flags & (CRYPTO_ALG_TYPE_MASK | CRYPTO_ALG_LARVAL)) {
140 case CRYPTO_ALG_TYPE_CIPHER:
141 if (crypto_report_cipher(skb, alg))
142 goto nla_put_failure;
143
144 break;
145 case CRYPTO_ALG_TYPE_COMPRESS:
146 if (crypto_report_comp(skb, alg))
147 goto nla_put_failure;
148
149 break;
150 }
151
152out:
153 return 0;
154
155nla_put_failure:
156 return -EMSGSIZE;
157}
158
159static int crypto_report_alg(struct crypto_alg *alg,
160 struct crypto_dump_info *info)
161{
162 struct sk_buff *in_skb = info->in_skb;
163 struct sk_buff *skb = info->out_skb;
164 struct nlmsghdr *nlh;
165 struct crypto_user_alg *ualg;
166 int err = 0;
167
168 nlh = nlmsg_put(skb, NETLINK_CB(in_skb).pid, info->nlmsg_seq,
169 CRYPTO_MSG_GETALG, sizeof(*ualg), info->nlmsg_flags);
170 if (!nlh) {
171 err = -EMSGSIZE;
172 goto out;
173 }
174
175 ualg = nlmsg_data(nlh);
176
177 err = crypto_report_one(alg, ualg, skb);
178 if (err) {
179 nlmsg_cancel(skb, nlh);
180 goto out;
181 }
182
183 nlmsg_end(skb, nlh);
184
185out:
186 return err;
187}
188
189static int crypto_report(struct sk_buff *in_skb, struct nlmsghdr *in_nlh,
190 struct nlattr **attrs)
191{
192 struct crypto_user_alg *p = nlmsg_data(in_nlh);
193 struct crypto_alg *alg;
194 struct sk_buff *skb;
195 struct crypto_dump_info info;
196 int err;
197
198 if (!p->cru_driver_name)
199 return -EINVAL;
200
201 alg = crypto_alg_match(p, 1);
202 if (!alg)
203 return -ENOENT;
204
205 skb = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_ATOMIC);
206 if (!skb)
207 return -ENOMEM;
208
209 info.in_skb = in_skb;
210 info.out_skb = skb;
211 info.nlmsg_seq = in_nlh->nlmsg_seq;
212 info.nlmsg_flags = 0;
213
214 err = crypto_report_alg(alg, &info);
215 if (err)
216 return err;
217
218 return nlmsg_unicast(crypto_nlsk, skb, NETLINK_CB(in_skb).pid);
219}
220
221static int crypto_dump_report(struct sk_buff *skb, struct netlink_callback *cb)
222{
223 struct crypto_alg *alg;
224 struct crypto_dump_info info;
225 int err;
226
227 if (cb->args[0])
228 goto out;
229
230 cb->args[0] = 1;
231
232 info.in_skb = cb->skb;
233 info.out_skb = skb;
234 info.nlmsg_seq = cb->nlh->nlmsg_seq;
235 info.nlmsg_flags = NLM_F_MULTI;
236
237 list_for_each_entry(alg, &crypto_alg_list, cra_list) {
238 err = crypto_report_alg(alg, &info);
239 if (err)
240 goto out_err;
241 }
242
243out:
244 return skb->len;
245out_err:
246 return err;
247}
248
249static int crypto_dump_report_done(struct netlink_callback *cb)
250{
251 return 0;
252}
253
254static int crypto_update_alg(struct sk_buff *skb, struct nlmsghdr *nlh,
255 struct nlattr **attrs)
256{
257 struct crypto_alg *alg;
258 struct crypto_user_alg *p = nlmsg_data(nlh);
259 struct nlattr *priority = attrs[CRYPTOCFGA_PRIORITY_VAL];
260 LIST_HEAD(list);
261
262 if (priority && !strlen(p->cru_driver_name))
263 return -EINVAL;
264
265 alg = crypto_alg_match(p, 1);
266 if (!alg)
267 return -ENOENT;
268
269 down_write(&crypto_alg_sem);
270
271 crypto_remove_spawns(alg, &list, NULL);
272
273 if (priority)
274 alg->cra_priority = nla_get_u32(priority);
275
276 up_write(&crypto_alg_sem);
277
278 crypto_remove_final(&list);
279
280 return 0;
281}
282
283static int crypto_del_alg(struct sk_buff *skb, struct nlmsghdr *nlh,
284 struct nlattr **attrs)
285{
286 struct crypto_alg *alg;
287 struct crypto_user_alg *p = nlmsg_data(nlh);
288
289 alg = crypto_alg_match(p, 1);
290 if (!alg)
291 return -ENOENT;
292
293 /* We can not unregister core algorithms such as aes-generic.
294 * We would loose the reference in the crypto_alg_list to this algorithm
295 * if we try to unregister. Unregistering such an algorithm without
296 * removing the module is not possible, so we restrict to crypto
297 * instances that are build from templates. */
298 if (!(alg->cra_flags & CRYPTO_ALG_INSTANCE))
299 return -EINVAL;
300
301 if (atomic_read(&alg->cra_refcnt) != 1)
302 return -EBUSY;
303
304 return crypto_unregister_alg(alg);
305}
306
307static int crypto_add_alg(struct sk_buff *skb, struct nlmsghdr *nlh,
308 struct nlattr **attrs)
309{
310 int exact;
311 const char *name;
312 struct crypto_alg *alg;
313 struct crypto_user_alg *p = nlmsg_data(nlh);
314 struct nlattr *priority = attrs[CRYPTOCFGA_PRIORITY_VAL];
315
316 if (strlen(p->cru_driver_name))
317 exact = 1;
318
319 if (priority && !exact)
320 return -EINVAL;
321
322 alg = crypto_alg_match(p, exact);
323 if (alg)
324 return -EEXIST;
325
326 if (strlen(p->cru_driver_name))
327 name = p->cru_driver_name;
328 else
329 name = p->cru_name;
330
331 alg = crypto_alg_mod_lookup(name, p->cru_type, p->cru_mask);
332 if (IS_ERR(alg))
333 return PTR_ERR(alg);
334
335 down_write(&crypto_alg_sem);
336
337 if (priority)
338 alg->cra_priority = nla_get_u32(priority);
339
340 up_write(&crypto_alg_sem);
341
342 crypto_mod_put(alg);
343
344 return 0;
345}
346
347#define MSGSIZE(type) sizeof(struct type)
348
349static const int crypto_msg_min[CRYPTO_NR_MSGTYPES] = {
350 [CRYPTO_MSG_NEWALG - CRYPTO_MSG_BASE] = MSGSIZE(crypto_user_alg),
351 [CRYPTO_MSG_DELALG - CRYPTO_MSG_BASE] = MSGSIZE(crypto_user_alg),
352 [CRYPTO_MSG_UPDATEALG - CRYPTO_MSG_BASE] = MSGSIZE(crypto_user_alg),
353 [CRYPTO_MSG_GETALG - CRYPTO_MSG_BASE] = MSGSIZE(crypto_user_alg),
354};
355
356static const struct nla_policy crypto_policy[CRYPTOCFGA_MAX+1] = {
357 [CRYPTOCFGA_PRIORITY_VAL] = { .type = NLA_U32},
358};
359
360#undef MSGSIZE
361
362static struct crypto_link {
363 int (*doit)(struct sk_buff *, struct nlmsghdr *, struct nlattr **);
364 int (*dump)(struct sk_buff *, struct netlink_callback *);
365 int (*done)(struct netlink_callback *);
366} crypto_dispatch[CRYPTO_NR_MSGTYPES] = {
367 [CRYPTO_MSG_NEWALG - CRYPTO_MSG_BASE] = { .doit = crypto_add_alg},
368 [CRYPTO_MSG_DELALG - CRYPTO_MSG_BASE] = { .doit = crypto_del_alg},
369 [CRYPTO_MSG_UPDATEALG - CRYPTO_MSG_BASE] = { .doit = crypto_update_alg},
370 [CRYPTO_MSG_GETALG - CRYPTO_MSG_BASE] = { .doit = crypto_report,
371 .dump = crypto_dump_report,
372 .done = crypto_dump_report_done},
373};
374
375static int crypto_user_rcv_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
376{
377 struct nlattr *attrs[CRYPTOCFGA_MAX+1];
378 struct crypto_link *link;
379 int type, err;
380
381 type = nlh->nlmsg_type;
382 if (type > CRYPTO_MSG_MAX)
383 return -EINVAL;
384
385 type -= CRYPTO_MSG_BASE;
386 link = &crypto_dispatch[type];
387
388 if (security_netlink_recv(skb, CAP_NET_ADMIN))
389 return -EPERM;
390
391 if ((type == (CRYPTO_MSG_GETALG - CRYPTO_MSG_BASE) &&
392 (nlh->nlmsg_flags & NLM_F_DUMP))) {
393 if (link->dump == NULL)
394 return -EINVAL;
395
396 return netlink_dump_start(crypto_nlsk, skb, nlh,
397 link->dump, link->done, 0);
398 }
399
400 err = nlmsg_parse(nlh, crypto_msg_min[type], attrs, CRYPTOCFGA_MAX,
401 crypto_policy);
402 if (err < 0)
403 return err;
404
405 if (link->doit == NULL)
406 return -EINVAL;
407
408 return link->doit(skb, nlh, attrs);
409}
410
411static void crypto_netlink_rcv(struct sk_buff *skb)
412{
413 mutex_lock(&crypto_cfg_mutex);
414 netlink_rcv_skb(skb, &crypto_user_rcv_msg);
415 mutex_unlock(&crypto_cfg_mutex);
416}
417
418static int __init crypto_user_init(void)
419{
420 crypto_nlsk = netlink_kernel_create(&init_net, NETLINK_CRYPTO,
421 0, crypto_netlink_rcv,
422 NULL, THIS_MODULE);
423 if (!crypto_nlsk)
424 return -ENOMEM;
425
426 return 0;
427}
428
429static void __exit crypto_user_exit(void)
430{
431 netlink_kernel_release(crypto_nlsk);
432}
433
434module_init(crypto_user_init);
435module_exit(crypto_user_exit);
436MODULE_LICENSE("GPL");
437MODULE_AUTHOR("Steffen Klassert <steffen.klassert@secunet.com>");
438MODULE_DESCRIPTION("Crypto userspace configuration API");
diff --git a/crypto/internal.h b/crypto/internal.h
index d4384b08ab29..b865ca1a8613 100644
--- a/crypto/internal.h
+++ b/crypto/internal.h
@@ -86,6 +86,9 @@ struct crypto_alg *crypto_larval_lookup(const char *name, u32 type, u32 mask);
86void crypto_larval_error(const char *name, u32 type, u32 mask); 86void crypto_larval_error(const char *name, u32 type, u32 mask);
87void crypto_alg_tested(const char *name, int err); 87void crypto_alg_tested(const char *name, int err);
88 88
89void crypto_remove_spawns(struct crypto_alg *alg, struct list_head *list,
90 struct crypto_alg *nalg);
91void crypto_remove_final(struct list_head *list);
89void crypto_shoot_alg(struct crypto_alg *alg); 92void crypto_shoot_alg(struct crypto_alg *alg);
90struct crypto_tfm *__crypto_alloc_tfm(struct crypto_alg *alg, u32 type, 93struct crypto_tfm *__crypto_alloc_tfm(struct crypto_alg *alg, u32 type,
91 u32 mask); 94 u32 mask);
diff --git a/crypto/pcompress.c b/crypto/pcompress.c
index f7c4a7d7412e..fefda78a6a2a 100644
--- a/crypto/pcompress.c
+++ b/crypto/pcompress.c
@@ -24,6 +24,8 @@
24#include <linux/module.h> 24#include <linux/module.h>
25#include <linux/seq_file.h> 25#include <linux/seq_file.h>
26#include <linux/string.h> 26#include <linux/string.h>
27#include <linux/cryptouser.h>
28#include <net/netlink.h>
27 29
28#include <crypto/compress.h> 30#include <crypto/compress.h>
29#include <crypto/internal/compress.h> 31#include <crypto/internal/compress.h>
@@ -46,6 +48,21 @@ static int crypto_pcomp_init_tfm(struct crypto_tfm *tfm)
46 return 0; 48 return 0;
47} 49}
48 50
51static int crypto_pcomp_report(struct sk_buff *skb, struct crypto_alg *alg)
52{
53 struct crypto_report_comp rpcomp;
54
55 snprintf(rpcomp.type, CRYPTO_MAX_ALG_NAME, "%s", "pcomp");
56
57 NLA_PUT(skb, CRYPTOCFGA_REPORT_COMPRESS,
58 sizeof(struct crypto_report_comp), &rpcomp);
59
60 return 0;
61
62nla_put_failure:
63 return -EMSGSIZE;
64}
65
49static void crypto_pcomp_show(struct seq_file *m, struct crypto_alg *alg) 66static void crypto_pcomp_show(struct seq_file *m, struct crypto_alg *alg)
50 __attribute__ ((unused)); 67 __attribute__ ((unused));
51static void crypto_pcomp_show(struct seq_file *m, struct crypto_alg *alg) 68static void crypto_pcomp_show(struct seq_file *m, struct crypto_alg *alg)
@@ -60,6 +77,7 @@ static const struct crypto_type crypto_pcomp_type = {
60#ifdef CONFIG_PROC_FS 77#ifdef CONFIG_PROC_FS
61 .show = crypto_pcomp_show, 78 .show = crypto_pcomp_show,
62#endif 79#endif
80 .report = crypto_pcomp_report,
63 .maskclear = ~CRYPTO_ALG_TYPE_MASK, 81 .maskclear = ~CRYPTO_ALG_TYPE_MASK,
64 .maskset = CRYPTO_ALG_TYPE_MASK, 82 .maskset = CRYPTO_ALG_TYPE_MASK,
65 .type = CRYPTO_ALG_TYPE_PCOMPRESS, 83 .type = CRYPTO_ALG_TYPE_PCOMPRESS,
diff --git a/crypto/rng.c b/crypto/rng.c
index 45229ae782be..feb7de00f437 100644
--- a/crypto/rng.c
+++ b/crypto/rng.c
@@ -21,6 +21,8 @@
21#include <linux/seq_file.h> 21#include <linux/seq_file.h>
22#include <linux/slab.h> 22#include <linux/slab.h>
23#include <linux/string.h> 23#include <linux/string.h>
24#include <linux/cryptouser.h>
25#include <net/netlink.h>
24 26
25static DEFINE_MUTEX(crypto_default_rng_lock); 27static DEFINE_MUTEX(crypto_default_rng_lock);
26struct crypto_rng *crypto_default_rng; 28struct crypto_rng *crypto_default_rng;
@@ -58,6 +60,23 @@ static int crypto_init_rng_ops(struct crypto_tfm *tfm, u32 type, u32 mask)
58 return 0; 60 return 0;
59} 61}
60 62
63static int crypto_rng_report(struct sk_buff *skb, struct crypto_alg *alg)
64{
65 struct crypto_report_rng rrng;
66
67 snprintf(rrng.type, CRYPTO_MAX_ALG_NAME, "%s", "rng");
68
69 rrng.seedsize = alg->cra_rng.seedsize;
70
71 NLA_PUT(skb, CRYPTOCFGA_REPORT_RNG,
72 sizeof(struct crypto_report_rng), &rrng);
73
74 return 0;
75
76nla_put_failure:
77 return -EMSGSIZE;
78}
79
61static void crypto_rng_show(struct seq_file *m, struct crypto_alg *alg) 80static void crypto_rng_show(struct seq_file *m, struct crypto_alg *alg)
62 __attribute__ ((unused)); 81 __attribute__ ((unused));
63static void crypto_rng_show(struct seq_file *m, struct crypto_alg *alg) 82static void crypto_rng_show(struct seq_file *m, struct crypto_alg *alg)
@@ -78,6 +97,7 @@ const struct crypto_type crypto_rng_type = {
78#ifdef CONFIG_PROC_FS 97#ifdef CONFIG_PROC_FS
79 .show = crypto_rng_show, 98 .show = crypto_rng_show,
80#endif 99#endif
100 .report = crypto_rng_report,
81}; 101};
82EXPORT_SYMBOL_GPL(crypto_rng_type); 102EXPORT_SYMBOL_GPL(crypto_rng_type);
83 103
diff --git a/crypto/sha1_generic.c b/crypto/sha1_generic.c
index 00ae60eb9254..42794803c480 100644
--- a/crypto/sha1_generic.c
+++ b/crypto/sha1_generic.c
@@ -36,7 +36,7 @@ static int sha1_init(struct shash_desc *desc)
36 return 0; 36 return 0;
37} 37}
38 38
39static int sha1_update(struct shash_desc *desc, const u8 *data, 39int crypto_sha1_update(struct shash_desc *desc, const u8 *data,
40 unsigned int len) 40 unsigned int len)
41{ 41{
42 struct sha1_state *sctx = shash_desc_ctx(desc); 42 struct sha1_state *sctx = shash_desc_ctx(desc);
@@ -71,6 +71,7 @@ static int sha1_update(struct shash_desc *desc, const u8 *data,
71 71
72 return 0; 72 return 0;
73} 73}
74EXPORT_SYMBOL(crypto_sha1_update);
74 75
75 76
76/* Add padding and return the message digest. */ 77/* Add padding and return the message digest. */
@@ -87,10 +88,10 @@ static int sha1_final(struct shash_desc *desc, u8 *out)
87 /* Pad out to 56 mod 64 */ 88 /* Pad out to 56 mod 64 */
88 index = sctx->count & 0x3f; 89 index = sctx->count & 0x3f;
89 padlen = (index < 56) ? (56 - index) : ((64+56) - index); 90 padlen = (index < 56) ? (56 - index) : ((64+56) - index);
90 sha1_update(desc, padding, padlen); 91 crypto_sha1_update(desc, padding, padlen);
91 92
92 /* Append length */ 93 /* Append length */
93 sha1_update(desc, (const u8 *)&bits, sizeof(bits)); 94 crypto_sha1_update(desc, (const u8 *)&bits, sizeof(bits));
94 95
95 /* Store state in digest */ 96 /* Store state in digest */
96 for (i = 0; i < 5; i++) 97 for (i = 0; i < 5; i++)
@@ -121,7 +122,7 @@ static int sha1_import(struct shash_desc *desc, const void *in)
121static struct shash_alg alg = { 122static struct shash_alg alg = {
122 .digestsize = SHA1_DIGEST_SIZE, 123 .digestsize = SHA1_DIGEST_SIZE,
123 .init = sha1_init, 124 .init = sha1_init,
124 .update = sha1_update, 125 .update = crypto_sha1_update,
125 .final = sha1_final, 126 .final = sha1_final,
126 .export = sha1_export, 127 .export = sha1_export,
127 .import = sha1_import, 128 .import = sha1_import,
diff --git a/crypto/shash.c b/crypto/shash.c
index 76f74b963151..ea8a9c6e21e3 100644
--- a/crypto/shash.c
+++ b/crypto/shash.c
@@ -17,6 +17,8 @@
17#include <linux/module.h> 17#include <linux/module.h>
18#include <linux/slab.h> 18#include <linux/slab.h>
19#include <linux/seq_file.h> 19#include <linux/seq_file.h>
20#include <linux/cryptouser.h>
21#include <net/netlink.h>
20 22
21#include "internal.h" 23#include "internal.h"
22 24
@@ -522,6 +524,24 @@ static unsigned int crypto_shash_extsize(struct crypto_alg *alg)
522 return alg->cra_ctxsize; 524 return alg->cra_ctxsize;
523} 525}
524 526
527static int crypto_shash_report(struct sk_buff *skb, struct crypto_alg *alg)
528{
529 struct crypto_report_hash rhash;
530 struct shash_alg *salg = __crypto_shash_alg(alg);
531
532 snprintf(rhash.type, CRYPTO_MAX_ALG_NAME, "%s", "shash");
533 rhash.blocksize = alg->cra_blocksize;
534 rhash.digestsize = salg->digestsize;
535
536 NLA_PUT(skb, CRYPTOCFGA_REPORT_HASH,
537 sizeof(struct crypto_report_hash), &rhash);
538
539 return 0;
540
541nla_put_failure:
542 return -EMSGSIZE;
543}
544
525static void crypto_shash_show(struct seq_file *m, struct crypto_alg *alg) 545static void crypto_shash_show(struct seq_file *m, struct crypto_alg *alg)
526 __attribute__ ((unused)); 546 __attribute__ ((unused));
527static void crypto_shash_show(struct seq_file *m, struct crypto_alg *alg) 547static void crypto_shash_show(struct seq_file *m, struct crypto_alg *alg)
@@ -541,6 +561,7 @@ static const struct crypto_type crypto_shash_type = {
541#ifdef CONFIG_PROC_FS 561#ifdef CONFIG_PROC_FS
542 .show = crypto_shash_show, 562 .show = crypto_shash_show,
543#endif 563#endif
564 .report = crypto_shash_report,
544 .maskclear = ~CRYPTO_ALG_TYPE_MASK, 565 .maskclear = ~CRYPTO_ALG_TYPE_MASK,
545 .maskset = CRYPTO_ALG_TYPE_MASK, 566 .maskset = CRYPTO_ALG_TYPE_MASK,
546 .type = CRYPTO_ALG_TYPE_SHASH, 567 .type = CRYPTO_ALG_TYPE_SHASH,
diff --git a/crypto/tcrypt.c b/crypto/tcrypt.c
index 2222617b3bed..0c4e80f34651 100644
--- a/crypto/tcrypt.c
+++ b/crypto/tcrypt.c
@@ -782,11 +782,13 @@ static int do_test(int m)
782 case 7: 782 case 7:
783 ret += tcrypt_test("ecb(blowfish)"); 783 ret += tcrypt_test("ecb(blowfish)");
784 ret += tcrypt_test("cbc(blowfish)"); 784 ret += tcrypt_test("cbc(blowfish)");
785 ret += tcrypt_test("ctr(blowfish)");
785 break; 786 break;
786 787
787 case 8: 788 case 8:
788 ret += tcrypt_test("ecb(twofish)"); 789 ret += tcrypt_test("ecb(twofish)");
789 ret += tcrypt_test("cbc(twofish)"); 790 ret += tcrypt_test("cbc(twofish)");
791 ret += tcrypt_test("ctr(twofish)");
790 break; 792 break;
791 793
792 case 9: 794 case 9:
@@ -1039,6 +1041,10 @@ static int do_test(int m)
1039 speed_template_16_24_32); 1041 speed_template_16_24_32);
1040 test_cipher_speed("cbc(twofish)", DECRYPT, sec, NULL, 0, 1042 test_cipher_speed("cbc(twofish)", DECRYPT, sec, NULL, 0,
1041 speed_template_16_24_32); 1043 speed_template_16_24_32);
1044 test_cipher_speed("ctr(twofish)", ENCRYPT, sec, NULL, 0,
1045 speed_template_16_24_32);
1046 test_cipher_speed("ctr(twofish)", DECRYPT, sec, NULL, 0,
1047 speed_template_16_24_32);
1042 break; 1048 break;
1043 1049
1044 case 203: 1050 case 203:
@@ -1050,6 +1056,10 @@ static int do_test(int m)
1050 speed_template_8_32); 1056 speed_template_8_32);
1051 test_cipher_speed("cbc(blowfish)", DECRYPT, sec, NULL, 0, 1057 test_cipher_speed("cbc(blowfish)", DECRYPT, sec, NULL, 0,
1052 speed_template_8_32); 1058 speed_template_8_32);
1059 test_cipher_speed("ctr(blowfish)", ENCRYPT, sec, NULL, 0,
1060 speed_template_8_32);
1061 test_cipher_speed("ctr(blowfish)", DECRYPT, sec, NULL, 0,
1062 speed_template_8_32);
1053 break; 1063 break;
1054 1064
1055 case 204: 1065 case 204:
diff --git a/crypto/testmgr.c b/crypto/testmgr.c
index b6b93d416351..e91c1eb1722a 100644
--- a/crypto/testmgr.c
+++ b/crypto/testmgr.c
@@ -1756,6 +1756,36 @@ static const struct alg_test_desc alg_test_descs[] = {
1756 } 1756 }
1757 } 1757 }
1758 }, { 1758 }, {
1759 .alg = "ctr(blowfish)",
1760 .test = alg_test_skcipher,
1761 .suite = {
1762 .cipher = {
1763 .enc = {
1764 .vecs = bf_ctr_enc_tv_template,
1765 .count = BF_CTR_ENC_TEST_VECTORS
1766 },
1767 .dec = {
1768 .vecs = bf_ctr_dec_tv_template,
1769 .count = BF_CTR_DEC_TEST_VECTORS
1770 }
1771 }
1772 }
1773 }, {
1774 .alg = "ctr(twofish)",
1775 .test = alg_test_skcipher,
1776 .suite = {
1777 .cipher = {
1778 .enc = {
1779 .vecs = tf_ctr_enc_tv_template,
1780 .count = TF_CTR_ENC_TEST_VECTORS
1781 },
1782 .dec = {
1783 .vecs = tf_ctr_dec_tv_template,
1784 .count = TF_CTR_DEC_TEST_VECTORS
1785 }
1786 }
1787 }
1788 }, {
1759 .alg = "cts(cbc(aes))", 1789 .alg = "cts(cbc(aes))",
1760 .test = alg_test_skcipher, 1790 .test = alg_test_skcipher,
1761 .suite = { 1791 .suite = {
diff --git a/crypto/testmgr.h b/crypto/testmgr.h
index 27adc92842ba..37b4d8f45447 100644
--- a/crypto/testmgr.h
+++ b/crypto/testmgr.h
@@ -2391,10 +2391,12 @@ static struct cipher_testvec des3_ede_cbc_dec_tv_template[] = {
2391/* 2391/*
2392 * Blowfish test vectors. 2392 * Blowfish test vectors.
2393 */ 2393 */
2394#define BF_ENC_TEST_VECTORS 6 2394#define BF_ENC_TEST_VECTORS 7
2395#define BF_DEC_TEST_VECTORS 6 2395#define BF_DEC_TEST_VECTORS 7
2396#define BF_CBC_ENC_TEST_VECTORS 1 2396#define BF_CBC_ENC_TEST_VECTORS 2
2397#define BF_CBC_DEC_TEST_VECTORS 1 2397#define BF_CBC_DEC_TEST_VECTORS 2
2398#define BF_CTR_ENC_TEST_VECTORS 2
2399#define BF_CTR_DEC_TEST_VECTORS 2
2398 2400
2399static struct cipher_testvec bf_enc_tv_template[] = { 2401static struct cipher_testvec bf_enc_tv_template[] = {
2400 { /* DES test vectors from OpenSSL */ 2402 { /* DES test vectors from OpenSSL */
@@ -2448,6 +2450,24 @@ static struct cipher_testvec bf_enc_tv_template[] = {
2448 .ilen = 8, 2450 .ilen = 8,
2449 .result = "\xc0\x45\x04\x01\x2e\x4e\x1f\x53", 2451 .result = "\xc0\x45\x04\x01\x2e\x4e\x1f\x53",
2450 .rlen = 8, 2452 .rlen = 8,
2453 }, { /* Generated with Crypto++ */
2454 .key = "\x85\x62\x3F\x1C\xF9\xD6\x1C\xF9"
2455 "\xD6\xB3\x90\x6D\x4A\x90\x6D\x4A"
2456 "\x27\x04\xE1\x27\x04\xE1\xBE\x9B"
2457 "\x78\xBE\x9B\x78\x55\x32\x0F\x55",
2458 .klen = 32,
2459 .input = "\x56\xED\x84\x1B\x8F\x26\xBD\x31"
2460 "\xC8\x5F\xF6\x6A\x01\x98\x0C\xA3"
2461 "\x3A\xD1\x45\xDC\x73\x0A\x7E\x15"
2462 "\xAC\x20\xB7\x4E\xE5\x59\xF0\x87"
2463 "\x1E\x92\x29\xC0\x34\xCB\x62\xF9",
2464 .ilen = 40,
2465 .result = "\x96\x87\x3D\x0C\x7B\xFB\xBD\x1F"
2466 "\xE3\xC1\x99\x6D\x39\xD4\xC2\x7D"
2467 "\xD7\x87\xA1\xF2\xDF\x51\x71\x26"
2468 "\xC2\xF4\x6D\xFF\xF6\xCD\x6B\x40"
2469 "\xE1\xB3\xBF\xD4\x38\x2B\xC8\x3B",
2470 .rlen = 40,
2451 }, 2471 },
2452}; 2472};
2453 2473
@@ -2503,6 +2523,24 @@ static struct cipher_testvec bf_dec_tv_template[] = {
2503 .ilen = 8, 2523 .ilen = 8,
2504 .result = "\xfe\xdc\xba\x98\x76\x54\x32\x10", 2524 .result = "\xfe\xdc\xba\x98\x76\x54\x32\x10",
2505 .rlen = 8, 2525 .rlen = 8,
2526 }, { /* Generated with Crypto++ */
2527 .key = "\x85\x62\x3F\x1C\xF9\xD6\x1C\xF9"
2528 "\xD6\xB3\x90\x6D\x4A\x90\x6D\x4A"
2529 "\x27\x04\xE1\x27\x04\xE1\xBE\x9B"
2530 "\x78\xBE\x9B\x78\x55\x32\x0F\x55",
2531 .klen = 32,
2532 .input = "\x96\x87\x3D\x0C\x7B\xFB\xBD\x1F"
2533 "\xE3\xC1\x99\x6D\x39\xD4\xC2\x7D"
2534 "\xD7\x87\xA1\xF2\xDF\x51\x71\x26"
2535 "\xC2\xF4\x6D\xFF\xF6\xCD\x6B\x40"
2536 "\xE1\xB3\xBF\xD4\x38\x2B\xC8\x3B",
2537 .ilen = 40,
2538 .result = "\x56\xED\x84\x1B\x8F\x26\xBD\x31"
2539 "\xC8\x5F\xF6\x6A\x01\x98\x0C\xA3"
2540 "\x3A\xD1\x45\xDC\x73\x0A\x7E\x15"
2541 "\xAC\x20\xB7\x4E\xE5\x59\xF0\x87"
2542 "\x1E\x92\x29\xC0\x34\xCB\x62\xF9",
2543 .rlen = 40,
2506 }, 2544 },
2507}; 2545};
2508 2546
@@ -2522,6 +2560,25 @@ static struct cipher_testvec bf_cbc_enc_tv_template[] = {
2522 "\x58\xde\xb9\xe7\x15\x46\x16\xd9" 2560 "\x58\xde\xb9\xe7\x15\x46\x16\xd9"
2523 "\x59\xf1\x65\x2b\xd5\xff\x92\xcc", 2561 "\x59\xf1\x65\x2b\xd5\xff\x92\xcc",
2524 .rlen = 32, 2562 .rlen = 32,
2563 }, { /* Generated with Crypto++ */
2564 .key = "\x85\x62\x3F\x1C\xF9\xD6\x1C\xF9"
2565 "\xD6\xB3\x90\x6D\x4A\x90\x6D\x4A"
2566 "\x27\x04\xE1\x27\x04\xE1\xBE\x9B"
2567 "\x78\xBE\x9B\x78\x55\x32\x0F\x55",
2568 .klen = 32,
2569 .iv = "\xE2\x24\x89\xEE\x53\xB8\x1D\x5F",
2570 .input = "\x56\xED\x84\x1B\x8F\x26\xBD\x31"
2571 "\xC8\x5F\xF6\x6A\x01\x98\x0C\xA3"
2572 "\x3A\xD1\x45\xDC\x73\x0A\x7E\x15"
2573 "\xAC\x20\xB7\x4E\xE5\x59\xF0\x87"
2574 "\x1E\x92\x29\xC0\x34\xCB\x62\xF9",
2575 .ilen = 40,
2576 .result = "\xB4\xFE\xA5\xBB\x3D\x2C\x27\x06"
2577 "\x06\x2B\x3A\x92\xB2\xF5\x5E\x62"
2578 "\x84\xCD\xF7\x66\x7E\x41\x6C\x8E"
2579 "\x1B\xD9\x02\xB6\x48\xB0\x87\x25"
2580 "\x01\x9C\x93\x63\x51\x60\x82\xD2",
2581 .rlen = 40,
2525 }, 2582 },
2526}; 2583};
2527 2584
@@ -2541,16 +2598,125 @@ static struct cipher_testvec bf_cbc_dec_tv_template[] = {
2541 "\x68\x65\x20\x74\x69\x6d\x65\x20" 2598 "\x68\x65\x20\x74\x69\x6d\x65\x20"
2542 "\x66\x6f\x72\x20\x00\x00\x00\x00", 2599 "\x66\x6f\x72\x20\x00\x00\x00\x00",
2543 .rlen = 32, 2600 .rlen = 32,
2601 }, { /* Generated with Crypto++ */
2602 .key = "\x85\x62\x3F\x1C\xF9\xD6\x1C\xF9"
2603 "\xD6\xB3\x90\x6D\x4A\x90\x6D\x4A"
2604 "\x27\x04\xE1\x27\x04\xE1\xBE\x9B"
2605 "\x78\xBE\x9B\x78\x55\x32\x0F\x55",
2606 .klen = 32,
2607 .iv = "\xE2\x24\x89\xEE\x53\xB8\x1D\x5F",
2608 .input = "\xB4\xFE\xA5\xBB\x3D\x2C\x27\x06"
2609 "\x06\x2B\x3A\x92\xB2\xF5\x5E\x62"
2610 "\x84\xCD\xF7\x66\x7E\x41\x6C\x8E"
2611 "\x1B\xD9\x02\xB6\x48\xB0\x87\x25"
2612 "\x01\x9C\x93\x63\x51\x60\x82\xD2",
2613 .ilen = 40,
2614 .result = "\x56\xED\x84\x1B\x8F\x26\xBD\x31"
2615 "\xC8\x5F\xF6\x6A\x01\x98\x0C\xA3"
2616 "\x3A\xD1\x45\xDC\x73\x0A\x7E\x15"
2617 "\xAC\x20\xB7\x4E\xE5\x59\xF0\x87"
2618 "\x1E\x92\x29\xC0\x34\xCB\x62\xF9",
2619 .rlen = 40,
2620 },
2621};
2622
2623static struct cipher_testvec bf_ctr_enc_tv_template[] = {
2624 { /* Generated with Crypto++ */
2625 .key = "\x85\x62\x3F\x1C\xF9\xD6\x1C\xF9"
2626 "\xD6\xB3\x90\x6D\x4A\x90\x6D\x4A"
2627 "\x27\x04\xE1\x27\x04\xE1\xBE\x9B"
2628 "\x78\xBE\x9B\x78\x55\x32\x0F\x55",
2629 .klen = 32,
2630 .iv = "\xE2\x24\x89\xEE\x53\xB8\x1D\x5F",
2631 .input = "\x56\xED\x84\x1B\x8F\x26\xBD\x31"
2632 "\xC8\x5F\xF6\x6A\x01\x98\x0C\xA3"
2633 "\x3A\xD1\x45\xDC\x73\x0A\x7E\x15"
2634 "\xAC\x20\xB7\x4E\xE5\x59\xF0\x87"
2635 "\x1E\x92\x29\xC0\x34\xCB\x62\xF9",
2636 .ilen = 40,
2637 .result = "\xC7\xA3\xDF\xB9\x05\xF4\x9E\x8D"
2638 "\x9E\xDF\x38\x18\x83\x07\xEF\xC1"
2639 "\x93\x3C\xAA\xAA\xFE\x06\x42\xCC"
2640 "\x0D\x70\x86\x5A\x44\xAD\x85\x17"
2641 "\xE4\x1F\x5E\xA5\x89\xAC\x32\xBC",
2642 .rlen = 40,
2643 }, { /* Generated with Crypto++ */
2644 .key = "\x85\x62\x3F\x1C\xF9\xD6\x1C\xF9"
2645 "\xD6\xB3\x90\x6D\x4A\x90\x6D\x4A"
2646 "\x27\x04\xE1\x27\x04\xE1\xBE\x9B"
2647 "\x78\xBE\x9B\x78\x55\x32\x0F\x55",
2648 .klen = 32,
2649 .iv = "\xE2\x24\x89\xEE\x53\xB8\x1D\x5F",
2650 .input = "\x56\xED\x84\x1B\x8F\x26\xBD\x31"
2651 "\xC8\x5F\xF6\x6A\x01\x98\x0C\xA3"
2652 "\x3A\xD1\x45\xDC\x73\x0A\x7E\x15"
2653 "\xAC\x20\xB7\x4E\xE5\x59\xF0\x87"
2654 "\x1E\x92\x29\xC0\x34\xCB\x62\xF9"
2655 "\x6D\x04\x9B",
2656 .ilen = 43,
2657 .result = "\xC7\xA3\xDF\xB9\x05\xF4\x9E\x8D"
2658 "\x9E\xDF\x38\x18\x83\x07\xEF\xC1"
2659 "\x93\x3C\xAA\xAA\xFE\x06\x42\xCC"
2660 "\x0D\x70\x86\x5A\x44\xAD\x85\x17"
2661 "\xE4\x1F\x5E\xA5\x89\xAC\x32\xBC"
2662 "\x3D\xA7\xE9",
2663 .rlen = 43,
2664 },
2665};
2666
2667static struct cipher_testvec bf_ctr_dec_tv_template[] = {
2668 { /* Generated with Crypto++ */
2669 .key = "\x85\x62\x3F\x1C\xF9\xD6\x1C\xF9"
2670 "\xD6\xB3\x90\x6D\x4A\x90\x6D\x4A"
2671 "\x27\x04\xE1\x27\x04\xE1\xBE\x9B"
2672 "\x78\xBE\x9B\x78\x55\x32\x0F\x55",
2673 .klen = 32,
2674 .iv = "\xE2\x24\x89\xEE\x53\xB8\x1D\x5F",
2675 .input = "\xC7\xA3\xDF\xB9\x05\xF4\x9E\x8D"
2676 "\x9E\xDF\x38\x18\x83\x07\xEF\xC1"
2677 "\x93\x3C\xAA\xAA\xFE\x06\x42\xCC"
2678 "\x0D\x70\x86\x5A\x44\xAD\x85\x17"
2679 "\xE4\x1F\x5E\xA5\x89\xAC\x32\xBC",
2680 .ilen = 40,
2681 .result = "\x56\xED\x84\x1B\x8F\x26\xBD\x31"
2682 "\xC8\x5F\xF6\x6A\x01\x98\x0C\xA3"
2683 "\x3A\xD1\x45\xDC\x73\x0A\x7E\x15"
2684 "\xAC\x20\xB7\x4E\xE5\x59\xF0\x87"
2685 "\x1E\x92\x29\xC0\x34\xCB\x62\xF9",
2686 .rlen = 40,
2687 }, { /* Generated with Crypto++ */
2688 .key = "\x85\x62\x3F\x1C\xF9\xD6\x1C\xF9"
2689 "\xD6\xB3\x90\x6D\x4A\x90\x6D\x4A"
2690 "\x27\x04\xE1\x27\x04\xE1\xBE\x9B"
2691 "\x78\xBE\x9B\x78\x55\x32\x0F\x55",
2692 .klen = 32,
2693 .iv = "\xE2\x24\x89\xEE\x53\xB8\x1D\x5F",
2694 .input = "\xC7\xA3\xDF\xB9\x05\xF4\x9E\x8D"
2695 "\x9E\xDF\x38\x18\x83\x07\xEF\xC1"
2696 "\x93\x3C\xAA\xAA\xFE\x06\x42\xCC"
2697 "\x0D\x70\x86\x5A\x44\xAD\x85\x17"
2698 "\xE4\x1F\x5E\xA5\x89\xAC\x32\xBC"
2699 "\x3D\xA7\xE9",
2700 .ilen = 43,
2701 .result = "\x56\xED\x84\x1B\x8F\x26\xBD\x31"
2702 "\xC8\x5F\xF6\x6A\x01\x98\x0C\xA3"
2703 "\x3A\xD1\x45\xDC\x73\x0A\x7E\x15"
2704 "\xAC\x20\xB7\x4E\xE5\x59\xF0\x87"
2705 "\x1E\x92\x29\xC0\x34\xCB\x62\xF9"
2706 "\x6D\x04\x9B",
2707 .rlen = 43,
2544 }, 2708 },
2545}; 2709};
2546 2710
2547/* 2711/*
2548 * Twofish test vectors. 2712 * Twofish test vectors.
2549 */ 2713 */
2550#define TF_ENC_TEST_VECTORS 3 2714#define TF_ENC_TEST_VECTORS 4
2551#define TF_DEC_TEST_VECTORS 3 2715#define TF_DEC_TEST_VECTORS 4
2552#define TF_CBC_ENC_TEST_VECTORS 4 2716#define TF_CBC_ENC_TEST_VECTORS 5
2553#define TF_CBC_DEC_TEST_VECTORS 4 2717#define TF_CBC_DEC_TEST_VECTORS 5
2718#define TF_CTR_ENC_TEST_VECTORS 2
2719#define TF_CTR_DEC_TEST_VECTORS 2
2554 2720
2555static struct cipher_testvec tf_enc_tv_template[] = { 2721static struct cipher_testvec tf_enc_tv_template[] = {
2556 { 2722 {
@@ -2582,6 +2748,30 @@ static struct cipher_testvec tf_enc_tv_template[] = {
2582 .result = "\x37\x52\x7b\xe0\x05\x23\x34\xb8" 2748 .result = "\x37\x52\x7b\xe0\x05\x23\x34\xb8"
2583 "\x9f\x0c\xfc\xca\xe8\x7c\xfa\x20", 2749 "\x9f\x0c\xfc\xca\xe8\x7c\xfa\x20",
2584 .rlen = 16, 2750 .rlen = 16,
2751 }, { /* Generated with Crypto++ */
2752 .key = "\x3F\x85\x62\x3F\x1C\xF9\xD6\x1C"
2753 "\xF9\xD6\xB3\x90\x6D\x4A\x90\x6D"
2754 "\x4A\x27\x04\xE1\x27\x04\xE1\xBE"
2755 "\x9B\x78\xBE\x9B\x78\x55\x32\x0F",
2756 .klen = 32,
2757 .input = "\x56\xED\x84\x1B\x8F\x26\xBD\x31"
2758 "\xC8\x5F\xF6\x6A\x01\x98\x0C\xA3"
2759 "\x3A\xD1\x45\xDC\x73\x0A\x7E\x15"
2760 "\xAC\x20\xB7\x4E\xE5\x59\xF0\x87"
2761 "\x1E\x92\x29\xC0\x34\xCB\x62\xF9"
2762 "\x6D\x04\x9B\x0F\xA6\x3D\xD4\x48"
2763 "\xDF\x76\x0D\x81\x18\xAF\x23\xBA"
2764 "\x51\xE8\x5C\xF3\x8A\x21\x95\x2C",
2765 .ilen = 64,
2766 .result = "\x88\xCB\x1E\xC2\xAF\x8A\x97\xFF"
2767 "\xF6\x90\x46\x9C\x4A\x0F\x08\xDC"
2768 "\xDE\xAB\xAD\xFA\xFC\xA8\xC2\x3D"
2769 "\xE0\xE4\x8B\x3F\xD5\xA3\xF7\x14"
2770 "\x34\x9E\xB6\x08\xB2\xDD\xA8\xF5"
2771 "\xDF\xFA\xC7\xE8\x09\x50\x76\x08"
2772 "\xA2\xB6\x6A\x59\xC0\x2B\x6D\x05"
2773 "\x89\xF6\x82\xF0\xD3\xDB\x06\x02",
2774 .rlen = 64,
2585 }, 2775 },
2586}; 2776};
2587 2777
@@ -2615,6 +2805,30 @@ static struct cipher_testvec tf_dec_tv_template[] = {
2615 .ilen = 16, 2805 .ilen = 16,
2616 .result = zeroed_string, 2806 .result = zeroed_string,
2617 .rlen = 16, 2807 .rlen = 16,
2808 }, { /* Generated with Crypto++ */
2809 .key = "\x3F\x85\x62\x3F\x1C\xF9\xD6\x1C"
2810 "\xF9\xD6\xB3\x90\x6D\x4A\x90\x6D"
2811 "\x4A\x27\x04\xE1\x27\x04\xE1\xBE"
2812 "\x9B\x78\xBE\x9B\x78\x55\x32\x0F",
2813 .klen = 32,
2814 .input = "\x88\xCB\x1E\xC2\xAF\x8A\x97\xFF"
2815 "\xF6\x90\x46\x9C\x4A\x0F\x08\xDC"
2816 "\xDE\xAB\xAD\xFA\xFC\xA8\xC2\x3D"
2817 "\xE0\xE4\x8B\x3F\xD5\xA3\xF7\x14"
2818 "\x34\x9E\xB6\x08\xB2\xDD\xA8\xF5"
2819 "\xDF\xFA\xC7\xE8\x09\x50\x76\x08"
2820 "\xA2\xB6\x6A\x59\xC0\x2B\x6D\x05"
2821 "\x89\xF6\x82\xF0\xD3\xDB\x06\x02",
2822 .ilen = 64,
2823 .result = "\x56\xED\x84\x1B\x8F\x26\xBD\x31"
2824 "\xC8\x5F\xF6\x6A\x01\x98\x0C\xA3"
2825 "\x3A\xD1\x45\xDC\x73\x0A\x7E\x15"
2826 "\xAC\x20\xB7\x4E\xE5\x59\xF0\x87"
2827 "\x1E\x92\x29\xC0\x34\xCB\x62\xF9"
2828 "\x6D\x04\x9B\x0F\xA6\x3D\xD4\x48"
2829 "\xDF\x76\x0D\x81\x18\xAF\x23\xBA"
2830 "\x51\xE8\x5C\xF3\x8A\x21\x95\x2C",
2831 .rlen = 64,
2618 }, 2832 },
2619}; 2833};
2620 2834
@@ -2661,6 +2875,32 @@ static struct cipher_testvec tf_cbc_enc_tv_template[] = {
2661 "\x05\xef\x8c\x61\xa8\x11\x58\x26" 2875 "\x05\xef\x8c\x61\xa8\x11\x58\x26"
2662 "\x34\xba\x5c\xb7\x10\x6a\xa6\x41", 2876 "\x34\xba\x5c\xb7\x10\x6a\xa6\x41",
2663 .rlen = 48, 2877 .rlen = 48,
2878 }, { /* Generated with Crypto++ */
2879 .key = "\x85\x62\x3F\x1C\xF9\xD6\x1C\xF9"
2880 "\xD6\xB3\x90\x6D\x4A\x90\x6D\x4A"
2881 "\x27\x04\xE1\x27\x04\xE1\xBE\x9B"
2882 "\x78\xBE\x9B\x78\x55\x32\x0F\x55",
2883 .klen = 32,
2884 .iv = "\xE2\x24\x89\xEE\x53\xB8\x1D\x5F"
2885 "\xC4\x29\x8E\xF3\x35\x9A\xFF\x64",
2886 .input = "\x56\xED\x84\x1B\x8F\x26\xBD\x31"
2887 "\xC8\x5F\xF6\x6A\x01\x98\x0C\xA3"
2888 "\x3A\xD1\x45\xDC\x73\x0A\x7E\x15"
2889 "\xAC\x20\xB7\x4E\xE5\x59\xF0\x87"
2890 "\x1E\x92\x29\xC0\x34\xCB\x62\xF9"
2891 "\x6D\x04\x9B\x0F\xA6\x3D\xD4\x48"
2892 "\xDF\x76\x0D\x81\x18\xAF\x23\xBA"
2893 "\x51\xE8\x5C\xF3\x8A\x21\x95\x2C",
2894 .ilen = 64,
2895 .result = "\xC8\xFF\xF2\x53\xA6\x27\x09\xD1"
2896 "\x33\x38\xC2\xC0\x0C\x14\x7E\xB5"
2897 "\x26\x1B\x05\x0C\x05\x12\x3F\xC0"
2898 "\xF9\x1C\x02\x28\x40\x96\x6F\xD0"
2899 "\x3D\x32\xDF\xDA\x56\x00\x6E\xEE"
2900 "\x5B\x2A\x72\x9D\xC2\x4D\x19\xBC"
2901 "\x8C\x53\xFA\x87\x6F\xDD\x81\xA3"
2902 "\xB1\xD3\x44\x65\xDF\xE7\x63\x38",
2903 .rlen = 64,
2664 }, 2904 },
2665}; 2905};
2666 2906
@@ -2707,6 +2947,148 @@ static struct cipher_testvec tf_cbc_dec_tv_template[] = {
2707 .ilen = 48, 2947 .ilen = 48,
2708 .result = zeroed_string, 2948 .result = zeroed_string,
2709 .rlen = 48, 2949 .rlen = 48,
2950 }, { /* Generated with Crypto++ */
2951 .key = "\x85\x62\x3F\x1C\xF9\xD6\x1C\xF9"
2952 "\xD6\xB3\x90\x6D\x4A\x90\x6D\x4A"
2953 "\x27\x04\xE1\x27\x04\xE1\xBE\x9B"
2954 "\x78\xBE\x9B\x78\x55\x32\x0F\x55",
2955 .klen = 32,
2956 .iv = "\xE2\x24\x89\xEE\x53\xB8\x1D\x5F"
2957 "\xC4\x29\x8E\xF3\x35\x9A\xFF\x64",
2958 .input = "\xC8\xFF\xF2\x53\xA6\x27\x09\xD1"
2959 "\x33\x38\xC2\xC0\x0C\x14\x7E\xB5"
2960 "\x26\x1B\x05\x0C\x05\x12\x3F\xC0"
2961 "\xF9\x1C\x02\x28\x40\x96\x6F\xD0"
2962 "\x3D\x32\xDF\xDA\x56\x00\x6E\xEE"
2963 "\x5B\x2A\x72\x9D\xC2\x4D\x19\xBC"
2964 "\x8C\x53\xFA\x87\x6F\xDD\x81\xA3"
2965 "\xB1\xD3\x44\x65\xDF\xE7\x63\x38",
2966 .ilen = 64,
2967 .result = "\x56\xED\x84\x1B\x8F\x26\xBD\x31"
2968 "\xC8\x5F\xF6\x6A\x01\x98\x0C\xA3"
2969 "\x3A\xD1\x45\xDC\x73\x0A\x7E\x15"
2970 "\xAC\x20\xB7\x4E\xE5\x59\xF0\x87"
2971 "\x1E\x92\x29\xC0\x34\xCB\x62\xF9"
2972 "\x6D\x04\x9B\x0F\xA6\x3D\xD4\x48"
2973 "\xDF\x76\x0D\x81\x18\xAF\x23\xBA"
2974 "\x51\xE8\x5C\xF3\x8A\x21\x95\x2C",
2975 .rlen = 64,
2976 },
2977};
2978
2979static struct cipher_testvec tf_ctr_enc_tv_template[] = {
2980 { /* Generated with Crypto++ */
2981 .key = "\x85\x62\x3F\x1C\xF9\xD6\x1C\xF9"
2982 "\xD6\xB3\x90\x6D\x4A\x90\x6D\x4A"
2983 "\x27\x04\xE1\x27\x04\xE1\xBE\x9B"
2984 "\x78\xBE\x9B\x78\x55\x32\x0F\x55",
2985 .klen = 32,
2986 .iv = "\xE2\x24\x89\xEE\x53\xB8\x1D\x5F"
2987 "\xC4\x29\x8E\xF3\x35\x9A\xFF\x64",
2988 .input = "\x56\xED\x84\x1B\x8F\x26\xBD\x31"
2989 "\xC8\x5F\xF6\x6A\x01\x98\x0C\xA3"
2990 "\x3A\xD1\x45\xDC\x73\x0A\x7E\x15"
2991 "\xAC\x20\xB7\x4E\xE5\x59\xF0\x87"
2992 "\x1E\x92\x29\xC0\x34\xCB\x62\xF9"
2993 "\x6D\x04\x9B\x0F\xA6\x3D\xD4\x48"
2994 "\xDF\x76\x0D\x81\x18\xAF\x23\xBA"
2995 "\x51\xE8\x5C\xF3\x8A\x21\x95\x2C",
2996 .ilen = 64,
2997 .result = "\xDF\xDD\x69\xFA\xB0\x2E\xFD\xFE"
2998 "\x70\x9E\xC5\x4B\xC9\xD4\xA1\x30"
2999 "\x26\x9B\x89\xA1\xEE\x43\xE0\x52"
3000 "\x55\x17\x4E\xC7\x0E\x33\x1F\xF1"
3001 "\x9F\x8D\x40\x9F\x24\xFD\x92\xA0"
3002 "\xBC\x8F\x35\xDD\x67\x38\xD8\xAA"
3003 "\xCF\xF8\x48\xCA\xFB\xE4\x5C\x60"
3004 "\x01\x41\x21\x12\x38\xAB\x52\x4F",
3005 .rlen = 64,
3006 }, { /* Generated with Crypto++ */
3007 .key = "\x85\x62\x3F\x1C\xF9\xD6\x1C\xF9"
3008 "\xD6\xB3\x90\x6D\x4A\x90\x6D\x4A"
3009 "\x27\x04\xE1\x27\x04\xE1\xBE\x9B"
3010 "\x78\xBE\x9B\x78\x55\x32\x0F\x55",
3011 .klen = 32,
3012 .iv = "\xE2\x24\x89\xEE\x53\xB8\x1D\x5F"
3013 "\xC4\x29\x8E\xF3\x35\x9A\xFF\x64",
3014 .input = "\x56\xED\x84\x1B\x8F\x26\xBD\x31"
3015 "\xC8\x5F\xF6\x6A\x01\x98\x0C\xA3"
3016 "\x3A\xD1\x45\xDC\x73\x0A\x7E\x15"
3017 "\xAC\x20\xB7\x4E\xE5\x59\xF0\x87"
3018 "\x1E\x92\x29\xC0\x34\xCB\x62\xF9"
3019 "\x6D\x04\x9B\x0F\xA6\x3D\xD4\x48"
3020 "\xDF\x76\x0D\x81\x18\xAF\x23\xBA"
3021 "\x51\xE8\x5C\xF3\x8A\x21\x95\x2C"
3022 "\xC3\x37\xCE",
3023 .ilen = 67,
3024 .result = "\xDF\xDD\x69\xFA\xB0\x2E\xFD\xFE"
3025 "\x70\x9E\xC5\x4B\xC9\xD4\xA1\x30"
3026 "\x26\x9B\x89\xA1\xEE\x43\xE0\x52"
3027 "\x55\x17\x4E\xC7\x0E\x33\x1F\xF1"
3028 "\x9F\x8D\x40\x9F\x24\xFD\x92\xA0"
3029 "\xBC\x8F\x35\xDD\x67\x38\xD8\xAA"
3030 "\xCF\xF8\x48\xCA\xFB\xE4\x5C\x60"
3031 "\x01\x41\x21\x12\x38\xAB\x52\x4F"
3032 "\xA8\x57\x20",
3033 .rlen = 67,
3034 },
3035};
3036
3037static struct cipher_testvec tf_ctr_dec_tv_template[] = {
3038 { /* Generated with Crypto++ */
3039 .key = "\x85\x62\x3F\x1C\xF9\xD6\x1C\xF9"
3040 "\xD6\xB3\x90\x6D\x4A\x90\x6D\x4A"
3041 "\x27\x04\xE1\x27\x04\xE1\xBE\x9B"
3042 "\x78\xBE\x9B\x78\x55\x32\x0F\x55",
3043 .klen = 32,
3044 .iv = "\xE2\x24\x89\xEE\x53\xB8\x1D\x5F"
3045 "\xC4\x29\x8E\xF3\x35\x9A\xFF\x64",
3046 .input = "\xDF\xDD\x69\xFA\xB0\x2E\xFD\xFE"
3047 "\x70\x9E\xC5\x4B\xC9\xD4\xA1\x30"
3048 "\x26\x9B\x89\xA1\xEE\x43\xE0\x52"
3049 "\x55\x17\x4E\xC7\x0E\x33\x1F\xF1"
3050 "\x9F\x8D\x40\x9F\x24\xFD\x92\xA0"
3051 "\xBC\x8F\x35\xDD\x67\x38\xD8\xAA"
3052 "\xCF\xF8\x48\xCA\xFB\xE4\x5C\x60"
3053 "\x01\x41\x21\x12\x38\xAB\x52\x4F",
3054 .ilen = 64,
3055 .result = "\x56\xED\x84\x1B\x8F\x26\xBD\x31"
3056 "\xC8\x5F\xF6\x6A\x01\x98\x0C\xA3"
3057 "\x3A\xD1\x45\xDC\x73\x0A\x7E\x15"
3058 "\xAC\x20\xB7\x4E\xE5\x59\xF0\x87"
3059 "\x1E\x92\x29\xC0\x34\xCB\x62\xF9"
3060 "\x6D\x04\x9B\x0F\xA6\x3D\xD4\x48"
3061 "\xDF\x76\x0D\x81\x18\xAF\x23\xBA"
3062 "\x51\xE8\x5C\xF3\x8A\x21\x95\x2C",
3063 .rlen = 64,
3064 }, { /* Generated with Crypto++ */
3065 .key = "\x85\x62\x3F\x1C\xF9\xD6\x1C\xF9"
3066 "\xD6\xB3\x90\x6D\x4A\x90\x6D\x4A"
3067 "\x27\x04\xE1\x27\x04\xE1\xBE\x9B"
3068 "\x78\xBE\x9B\x78\x55\x32\x0F\x55",
3069 .klen = 32,
3070 .iv = "\xE2\x24\x89\xEE\x53\xB8\x1D\x5F"
3071 "\xC4\x29\x8E\xF3\x35\x9A\xFF\x64",
3072 .input = "\xDF\xDD\x69\xFA\xB0\x2E\xFD\xFE"
3073 "\x70\x9E\xC5\x4B\xC9\xD4\xA1\x30"
3074 "\x26\x9B\x89\xA1\xEE\x43\xE0\x52"
3075 "\x55\x17\x4E\xC7\x0E\x33\x1F\xF1"
3076 "\x9F\x8D\x40\x9F\x24\xFD\x92\xA0"
3077 "\xBC\x8F\x35\xDD\x67\x38\xD8\xAA"
3078 "\xCF\xF8\x48\xCA\xFB\xE4\x5C\x60"
3079 "\x01\x41\x21\x12\x38\xAB\x52\x4F"
3080 "\xA8\x57\x20",
3081 .ilen = 67,
3082 .result = "\x56\xED\x84\x1B\x8F\x26\xBD\x31"
3083 "\xC8\x5F\xF6\x6A\x01\x98\x0C\xA3"
3084 "\x3A\xD1\x45\xDC\x73\x0A\x7E\x15"
3085 "\xAC\x20\xB7\x4E\xE5\x59\xF0\x87"
3086 "\x1E\x92\x29\xC0\x34\xCB\x62\xF9"
3087 "\x6D\x04\x9B\x0F\xA6\x3D\xD4\x48"
3088 "\xDF\x76\x0D\x81\x18\xAF\x23\xBA"
3089 "\x51\xE8\x5C\xF3\x8A\x21\x95\x2C"
3090 "\xC3\x37\xCE",
3091 .rlen = 67,
2710 }, 3092 },
2711}; 3093};
2712 3094
diff --git a/crypto/wp512.c b/crypto/wp512.c
index 723427273687..71719a2be25a 100644
--- a/crypto/wp512.c
+++ b/crypto/wp512.c
@@ -762,11 +762,17 @@ static const u64 C7[256] = {
762 0x86228644a411c286ULL, 762 0x86228644a411c286ULL,
763}; 763};
764 764
765static const u64 rc[WHIRLPOOL_ROUNDS + 1] = { 765static const u64 rc[WHIRLPOOL_ROUNDS] = {
766 0x0000000000000000ULL, 0x1823c6e887b8014fULL, 0x36a6d2f5796f9152ULL, 766 0x1823c6e887b8014fULL,
767 0x60bc9b8ea30c7b35ULL, 0x1de0d7c22e4bfe57ULL, 0x157737e59ff04adaULL, 767 0x36a6d2f5796f9152ULL,
768 0x58c9290ab1a06b85ULL, 0xbd5d10f4cb3e0567ULL, 0xe427418ba77d95d8ULL, 768 0x60bc9b8ea30c7b35ULL,
769 0xfbee7c66dd17479eULL, 0xca2dbf07ad5a8333ULL, 769 0x1de0d7c22e4bfe57ULL,
770 0x157737e59ff04adaULL,
771 0x58c9290ab1a06b85ULL,
772 0xbd5d10f4cb3e0567ULL,
773 0xe427418ba77d95d8ULL,
774 0xfbee7c66dd17479eULL,
775 0xca2dbf07ad5a8333ULL,
770}; 776};
771 777
772/** 778/**
@@ -793,7 +799,7 @@ static void wp512_process_buffer(struct wp512_ctx *wctx) {
793 state[6] = block[6] ^ (K[6] = wctx->hash[6]); 799 state[6] = block[6] ^ (K[6] = wctx->hash[6]);
794 state[7] = block[7] ^ (K[7] = wctx->hash[7]); 800 state[7] = block[7] ^ (K[7] = wctx->hash[7]);
795 801
796 for (r = 1; r <= WHIRLPOOL_ROUNDS; r++) { 802 for (r = 0; r < WHIRLPOOL_ROUNDS; r++) {
797 803
798 L[0] = C0[(int)(K[0] >> 56) ] ^ 804 L[0] = C0[(int)(K[0] >> 56) ] ^
799 C1[(int)(K[7] >> 48) & 0xff] ^ 805 C1[(int)(K[7] >> 48) & 0xff] ^
generated by cgit v1.2.2 (git 2.25.0) at 2025-02-27 00:55:24 -0500