aboutsummaryrefslogtreecommitdiffstats
path: root/crypto
diff options
context:
space:
mode:
authorBruce Ashfield <bruce.ashfield@gmail.com>2020-01-14 11:07:11 -0500
committerBruce Ashfield <bruce.ashfield@gmail.com>2020-01-14 11:07:11 -0500
commitaf97e71deeb9244528b7cc6b6520b71ba0852261 (patch)
tree72c187e3ee20aded526b38308d018fc8073e289b /crypto
parentef283bb23883069e248fca8b4099c7dab9ddc8b6 (diff)
parent9d61432efb21c224b710f397809f3a4fef281f9c (diff)
downloadlinux-yocto-master.tar.gz
linux-yocto-master.tar.bz2
linux-yocto-master.zip
Merge branch 'master-5.4'HEADmaster
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Diffstat (limited to 'crypto')
-rw-r--r--crypto/Kconfig232
-rw-r--r--crypto/Makefile30
-rw-r--r--crypto/aead.c39
-rw-r--r--crypto/aegis.h39
-rw-r--r--crypto/aegis128-core.c (renamed from crypto/aegis128.c)74
-rw-r--r--crypto/aegis128-neon-inner.c212
-rw-r--r--crypto/aegis128-neon.c49
-rw-r--r--crypto/aegis128l.c522
-rw-r--r--crypto/aegis256.c473
-rw-r--r--crypto/aes_generic.c169
-rw-r--r--crypto/aes_ti.c313
-rw-r--r--crypto/af_alg.c2
-rw-r--r--crypto/algapi.c35
-rw-r--r--crypto/anubis.c1
-rw-r--r--crypto/arc4.c125
-rw-r--r--crypto/asymmetric_keys/asym_tpm.c1
-rw-r--r--crypto/asymmetric_keys/asymmetric_type.c2
-rw-r--r--crypto/asymmetric_keys/pkcs7_verify.c33
-rw-r--r--crypto/asymmetric_keys/public_key.c1
-rw-r--r--crypto/asymmetric_keys/verify_pefile.c4
-rw-r--r--crypto/ccm.c1
-rw-r--r--crypto/chacha20poly1305.c43
-rw-r--r--crypto/chacha_generic.c4
-rw-r--r--crypto/cryptd.c70
-rw-r--r--crypto/crypto_engine.c2
-rw-r--r--crypto/crypto_null.c3
-rw-r--r--crypto/crypto_user_base.c41
-rw-r--r--crypto/crypto_user_stat.c8
-rw-r--r--crypto/crypto_wq.c35
-rw-r--r--crypto/deflate.c1
-rw-r--r--crypto/des_generic.c945
-rw-r--r--crypto/drbg.c94
-rw-r--r--crypto/ecc.c3
-rw-r--r--crypto/essiv.c663
-rw-r--r--crypto/fcrypt.c1
-rw-r--r--crypto/fips.c11
-rw-r--r--crypto/gcm.c47
-rw-r--r--crypto/ghash-generic.c31
-rw-r--r--crypto/jitterentropy-kcapi.c5
-rw-r--r--crypto/jitterentropy.c305
-rw-r--r--crypto/khazad.c1
-rw-r--r--crypto/lz4.c1
-rw-r--r--crypto/lz4hc.c1
-rw-r--r--crypto/lzo-rle.c1
-rw-r--r--crypto/lzo.c1
-rw-r--r--crypto/md4.c7
-rw-r--r--crypto/md5.c7
-rw-r--r--crypto/michael_mic.c1
-rw-r--r--crypto/morus1280.c542
-rw-r--r--crypto/morus640.c533
-rw-r--r--crypto/pcrypt.c167
-rw-r--r--crypto/rmd128.c1
-rw-r--r--crypto/rmd160.c1
-rw-r--r--crypto/rmd256.c1
-rw-r--r--crypto/rmd320.c1
-rw-r--r--crypto/serpent_generic.c1
-rw-r--r--crypto/sha256_generic.c224
-rw-r--r--crypto/skcipher.c76
-rw-r--r--crypto/streebog_generic.c46
-rw-r--r--crypto/tcrypt.c16
-rw-r--r--crypto/tea.c3
-rw-r--r--crypto/testmgr.c524
-rw-r--r--crypto/testmgr.h3384
-rw-r--r--crypto/tgr192.c21
-rw-r--r--crypto/wp512.c21
-rw-r--r--crypto/xts.c152
-rw-r--r--crypto/xxhash_generic.c108
-rw-r--r--crypto/zstd.c1
68 files changed, 3084 insertions, 7428 deletions
diff --git a/crypto/Kconfig b/crypto/Kconfig
index 3d056e7da65f..29472fb795f3 100644
--- a/crypto/Kconfig
+++ b/crypto/Kconfig
@@ -61,7 +61,6 @@ config CRYPTO_BLKCIPHER2
tristate
select CRYPTO_ALGAPI2
select CRYPTO_RNG2
- select CRYPTO_WORKQUEUE
config CRYPTO_HASH
tristate
@@ -137,10 +136,11 @@ config CRYPTO_USER
Userspace configuration for cryptographic instantiations such as
cbc(aes).
+if CRYPTO_MANAGER2
+
config CRYPTO_MANAGER_DISABLE_TESTS
bool "Disable run-time self tests"
default y
- depends on CRYPTO_MANAGER2
help
Disable run-time self tests that normally take place at
algorithm registration.
@@ -155,14 +155,10 @@ config CRYPTO_MANAGER_EXTRA_TESTS
This is intended for developer use only, as these tests take much
longer to run than the normal self tests.
+endif # if CRYPTO_MANAGER2
+
config CRYPTO_GF128MUL
- tristate "GF(2^128) multiplication functions"
- help
- Efficient table driven implementation of multiplications in the
- field GF(2^128). This is needed by some cypher modes. This
- option will be selected automatically if you select such a
- cipher mode. Only select this option by hand if you expect to load
- an external module that requires these functions.
+ tristate
config CRYPTO_NULL
tristate "Null algorithms"
@@ -186,15 +182,11 @@ config CRYPTO_PCRYPT
This converts an arbitrary crypto algorithm into a parallel
algorithm that executes in kernel threads.
-config CRYPTO_WORKQUEUE
- tristate
-
config CRYPTO_CRYPTD
tristate "Software async crypto daemon"
select CRYPTO_BLKCIPHER
select CRYPTO_HASH
select CRYPTO_MANAGER
- select CRYPTO_WORKQUEUE
help
This is a generic software asynchronous crypto daemon that
converts an arbitrary synchronous software crypto algorithm
@@ -279,6 +271,7 @@ config CRYPTO_CCM
select CRYPTO_CTR
select CRYPTO_HASH
select CRYPTO_AEAD
+ select CRYPTO_MANAGER
help
Support for Counter with CBC MAC. Required for IPsec.
@@ -288,6 +281,7 @@ config CRYPTO_GCM
select CRYPTO_AEAD
select CRYPTO_GHASH
select CRYPTO_NULL
+ select CRYPTO_MANAGER
help
Support for Galois/Counter Mode (GCM) and Galois Message
Authentication Code (GMAC). Required for IPSec.
@@ -297,6 +291,7 @@ config CRYPTO_CHACHA20POLY1305
select CRYPTO_CHACHA20
select CRYPTO_POLY1305
select CRYPTO_AEAD
+ select CRYPTO_MANAGER
help
ChaCha20-Poly1305 AEAD support, RFC7539.
@@ -311,19 +306,11 @@ config CRYPTO_AEGIS128
help
Support for the AEGIS-128 dedicated AEAD algorithm.
-config CRYPTO_AEGIS128L
- tristate "AEGIS-128L AEAD algorithm"
- select CRYPTO_AEAD
- select CRYPTO_AES # for AES S-box tables
- help
- Support for the AEGIS-128L dedicated AEAD algorithm.
-
-config CRYPTO_AEGIS256
- tristate "AEGIS-256 AEAD algorithm"
- select CRYPTO_AEAD
- select CRYPTO_AES # for AES S-box tables
- help
- Support for the AEGIS-256 dedicated AEAD algorithm.
+config CRYPTO_AEGIS128_SIMD
+ bool "Support SIMD acceleration for AEGIS-128"
+ depends on CRYPTO_AEGIS128 && ((ARM || ARM64) && KERNEL_MODE_NEON)
+ depends on !ARM || CC_IS_CLANG || GCC_VERSION >= 40800
+ default y
config CRYPTO_AEGIS128_AESNI_SSE2
tristate "AEGIS-128 AEAD algorithm (x86_64 AESNI+SSE2 implementation)"
@@ -333,84 +320,13 @@ config CRYPTO_AEGIS128_AESNI_SSE2
help
AESNI+SSE2 implementation of the AEGIS-128 dedicated AEAD algorithm.
-config CRYPTO_AEGIS128L_AESNI_SSE2
- tristate "AEGIS-128L AEAD algorithm (x86_64 AESNI+SSE2 implementation)"
- depends on X86 && 64BIT
- select CRYPTO_AEAD
- select CRYPTO_SIMD
- help
- AESNI+SSE2 implementation of the AEGIS-128L dedicated AEAD algorithm.
-
-config CRYPTO_AEGIS256_AESNI_SSE2
- tristate "AEGIS-256 AEAD algorithm (x86_64 AESNI+SSE2 implementation)"
- depends on X86 && 64BIT
- select CRYPTO_AEAD
- select CRYPTO_SIMD
- help
- AESNI+SSE2 implementation of the AEGIS-256 dedicated AEAD algorithm.
-
-config CRYPTO_MORUS640
- tristate "MORUS-640 AEAD algorithm"
- select CRYPTO_AEAD
- help
- Support for the MORUS-640 dedicated AEAD algorithm.
-
-config CRYPTO_MORUS640_GLUE
- tristate
- depends on X86
- select CRYPTO_AEAD
- select CRYPTO_SIMD
- help
- Common glue for SIMD optimizations of the MORUS-640 dedicated AEAD
- algorithm.
-
-config CRYPTO_MORUS640_SSE2
- tristate "MORUS-640 AEAD algorithm (x86_64 SSE2 implementation)"
- depends on X86 && 64BIT
- select CRYPTO_AEAD
- select CRYPTO_MORUS640_GLUE
- help
- SSE2 implementation of the MORUS-640 dedicated AEAD algorithm.
-
-config CRYPTO_MORUS1280
- tristate "MORUS-1280 AEAD algorithm"
- select CRYPTO_AEAD
- help
- Support for the MORUS-1280 dedicated AEAD algorithm.
-
-config CRYPTO_MORUS1280_GLUE
- tristate
- depends on X86
- select CRYPTO_AEAD
- select CRYPTO_SIMD
- help
- Common glue for SIMD optimizations of the MORUS-1280 dedicated AEAD
- algorithm.
-
-config CRYPTO_MORUS1280_SSE2
- tristate "MORUS-1280 AEAD algorithm (x86_64 SSE2 implementation)"
- depends on X86 && 64BIT
- select CRYPTO_AEAD
- select CRYPTO_MORUS1280_GLUE
- help
- SSE2 optimizedimplementation of the MORUS-1280 dedicated AEAD
- algorithm.
-
-config CRYPTO_MORUS1280_AVX2
- tristate "MORUS-1280 AEAD algorithm (x86_64 AVX2 implementation)"
- depends on X86 && 64BIT
- select CRYPTO_AEAD
- select CRYPTO_MORUS1280_GLUE
- help
- AVX2 optimized implementation of the MORUS-1280 dedicated AEAD
- algorithm.
-
config CRYPTO_SEQIV
tristate "Sequence Number IV Generator"
select CRYPTO_AEAD
select CRYPTO_BLKCIPHER
select CRYPTO_NULL
select CRYPTO_RNG_DEFAULT
+ select CRYPTO_MANAGER
help
This IV generator generates an IV based on a sequence number by
xoring it with a salt. This algorithm is mainly useful for CTR
@@ -420,7 +336,7 @@ config CRYPTO_ECHAINIV
select CRYPTO_AEAD
select CRYPTO_NULL
select CRYPTO_RNG_DEFAULT
- default m
+ select CRYPTO_MANAGER
help
This IV generator generates an IV based on the encryption of
a sequence number xored with a salt. This is the default
@@ -456,6 +372,7 @@ config CRYPTO_CTR
config CRYPTO_CTS
tristate "CTS support"
select CRYPTO_BLKCIPHER
+ select CRYPTO_MANAGER
help
CTS: Cipher Text Stealing
This is the Cipher Text Stealing mode as described by
@@ -521,6 +438,7 @@ config CRYPTO_XTS
config CRYPTO_KEYWRAP
tristate "Key wrapping support"
select CRYPTO_BLKCIPHER
+ select CRYPTO_MANAGER
help
Support for key wrapping (NIST SP800-38F / RFC3394) without
padding.
@@ -551,6 +469,7 @@ config CRYPTO_ADIANTUM
select CRYPTO_CHACHA20
select CRYPTO_POLY1305
select CRYPTO_NHPOLY1305
+ select CRYPTO_MANAGER
help
Adiantum is a tweakable, length-preserving encryption mode
designed for fast and secure disk encryption, especially on
@@ -569,6 +488,34 @@ config CRYPTO_ADIANTUM
If unsure, say N.
+config CRYPTO_ESSIV
+ tristate "ESSIV support for block encryption"
+ select CRYPTO_AUTHENC
+ help
+ Encrypted salt-sector initialization vector (ESSIV) is an IV
+ generation method that is used in some cases by fscrypt and/or
+ dm-crypt. It uses the hash of the block encryption key as the
+ symmetric key for a block encryption pass applied to the input
+ IV, making low entropy IV sources more suitable for block
+ encryption.
+
+ This driver implements a crypto API template that can be
+ instantiated either as a skcipher or as a aead (depending on the
+ type of the first template argument), and which defers encryption
+ and decryption requests to the encapsulated cipher after applying
+ ESSIV to the input IV. Note that in the aead case, it is assumed
+ that the keys are presented in the same format used by the authenc
+ template, and that the IV appears at the end of the authenticated
+ associated data (AAD) region (which is how dm-crypt uses it.)
+
+ Note that the use of ESSIV is not recommended for new deployments,
+ and so this only needs to be enabled when interoperability with
+ existing encrypted volumes of filesystems is required, or when
+ building for a particular system that requires it (e.g., when
+ the SoC in question has accelerated CBC but not XTS, making CBC
+ combined with ESSIV the only feasible mode for h/w accelerated
+ block encryption)
+
comment "Hash modes"
config CRYPTO_CMAC
@@ -684,6 +631,14 @@ config CRYPTO_CRC32_MIPS
instructions, when available.
+config CRYPTO_XXHASH
+ tristate "xxHash hash algorithm"
+ select CRYPTO_HASH
+ select XXHASH
+ help
+ xxHash non-cryptographic hash algorithm. Extremely fast, working at
+ speeds close to RAM limits.
+
config CRYPTO_CRCT10DIF
tristate "CRCT10DIF algorithm"
select CRYPTO_HASH
@@ -721,11 +676,12 @@ config CRYPTO_VPMSUM_TESTER
Unless you are testing these algorithms, you don't need this.
config CRYPTO_GHASH
- tristate "GHASH digest algorithm"
+ tristate "GHASH hash function"
select CRYPTO_GF128MUL
select CRYPTO_HASH
help
- GHASH is message digest algorithm for GCM (Galois/Counter Mode).
+ GHASH is the hash function used in GCM (Galois/Counter Mode).
+ It is not a general-purpose cryptographic hash function.
config CRYPTO_POLY1305
tristate "Poly1305 authenticator algorithm"
@@ -922,9 +878,13 @@ config CRYPTO_SHA1_PPC_SPE
SHA-1 secure hash standard (DFIPS 180-4) implemented
using powerpc SPE SIMD instruction set.
+config CRYPTO_LIB_SHA256
+ tristate
+
config CRYPTO_SHA256
tristate "SHA224 and SHA256 digest algorithm"
select CRYPTO_HASH
+ select CRYPTO_LIB_SHA256
help
SHA256 secure hash standard (DFIPS 180-2).
@@ -1050,18 +1010,22 @@ config CRYPTO_WP512
<http://www.larc.usp.br/~pbarreto/WhirlpoolPage.html>
config CRYPTO_GHASH_CLMUL_NI_INTEL
- tristate "GHASH digest algorithm (CLMUL-NI accelerated)"
+ tristate "GHASH hash function (CLMUL-NI accelerated)"
depends on X86 && 64BIT
select CRYPTO_CRYPTD
help
- GHASH is message digest algorithm for GCM (Galois/Counter Mode).
- The implementation is accelerated by CLMUL-NI of Intel.
+ This is the x86_64 CLMUL-NI accelerated implementation of
+ GHASH, the hash function used in GCM (Galois/Counter mode).
comment "Ciphers"
+config CRYPTO_LIB_AES
+ tristate
+
config CRYPTO_AES
tristate "AES cipher algorithms"
select CRYPTO_ALGAPI
+ select CRYPTO_LIB_AES
help
AES cipher algorithms (FIPS-197). AES uses the Rijndael
algorithm.
@@ -1082,6 +1046,7 @@ config CRYPTO_AES
config CRYPTO_AES_TI
tristate "Fixed time AES cipher"
select CRYPTO_ALGAPI
+ select CRYPTO_LIB_AES
help
This is a generic implementation of AES that attempts to eliminate
data dependent latencies as much as possible without affecting
@@ -1097,56 +1062,11 @@ config CRYPTO_AES_TI
block. Interrupts are also disabled to avoid races where cachelines
are evicted when the CPU is interrupted to do something else.
-config CRYPTO_AES_586
- tristate "AES cipher algorithms (i586)"
- depends on (X86 || UML_X86) && !64BIT
- select CRYPTO_ALGAPI
- select CRYPTO_AES
- help
- AES cipher algorithms (FIPS-197). AES uses the Rijndael
- algorithm.
-
- Rijndael appears to be consistently a very good performer in
- both hardware and software across a wide range of computing
- environments regardless of its use in feedback or non-feedback
- modes. Its key setup time is excellent, and its key agility is
- good. Rijndael's very low memory requirements make it very well
- suited for restricted-space environments, in which it also
- demonstrates excellent performance. Rijndael's operations are
- among the easiest to defend against power and timing attacks.
-
- The AES specifies three key sizes: 128, 192 and 256 bits
-
- See <http://csrc.nist.gov/encryption/aes/> for more information.
-
-config CRYPTO_AES_X86_64
- tristate "AES cipher algorithms (x86_64)"
- depends on (X86 || UML_X86) && 64BIT
- select CRYPTO_ALGAPI
- select CRYPTO_AES
- help
- AES cipher algorithms (FIPS-197). AES uses the Rijndael
- algorithm.
-
- Rijndael appears to be consistently a very good performer in
- both hardware and software across a wide range of computing
- environments regardless of its use in feedback or non-feedback
- modes. Its key setup time is excellent, and its key agility is
- good. Rijndael's very low memory requirements make it very well
- suited for restricted-space environments, in which it also
- demonstrates excellent performance. Rijndael's operations are
- among the easiest to defend against power and timing attacks.
-
- The AES specifies three key sizes: 128, 192 and 256 bits
-
- See <http://csrc.nist.gov/encryption/aes/> for more information.
-
config CRYPTO_AES_NI_INTEL
tristate "AES cipher algorithms (AES-NI)"
depends on X86
select CRYPTO_AEAD
- select CRYPTO_AES_X86_64 if 64BIT
- select CRYPTO_AES_586 if !64BIT
+ select CRYPTO_LIB_AES
select CRYPTO_ALGAPI
select CRYPTO_BLKCIPHER
select CRYPTO_GLUE_HELPER_X86 if 64BIT
@@ -1230,9 +1150,13 @@ config CRYPTO_ANUBIS
<https://www.cosic.esat.kuleuven.be/nessie/reports/>
<http://www.larc.usp.br/~pbarreto/AnubisPage.html>
+config CRYPTO_LIB_ARC4
+ tristate
+
config CRYPTO_ARC4
tristate "ARC4 cipher algorithm"
select CRYPTO_BLKCIPHER
+ select CRYPTO_LIB_ARC4
help
ARC4 cipher algorithm.
@@ -1415,9 +1339,13 @@ config CRYPTO_CAST6_AVX_X86_64
This module provides the Cast6 cipher algorithm that processes
eight blocks parallel using the AVX instruction set.
+config CRYPTO_LIB_DES
+ tristate
+
config CRYPTO_DES
tristate "DES and Triple DES EDE cipher algorithms"
select CRYPTO_ALGAPI
+ select CRYPTO_LIB_DES
help
DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3).
@@ -1425,7 +1353,7 @@ config CRYPTO_DES_SPARC64
tristate "DES and Triple DES EDE cipher algorithms (SPARC64)"
depends on SPARC64
select CRYPTO_ALGAPI
- select CRYPTO_DES
+ select CRYPTO_LIB_DES
help
DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3),
optimized using SPARC64 crypto opcodes.
@@ -1434,7 +1362,7 @@ config CRYPTO_DES3_EDE_X86_64
tristate "Triple DES EDE cipher algorithm (x86-64)"
depends on X86 && 64BIT
select CRYPTO_BLKCIPHER
- select CRYPTO_DES
+ select CRYPTO_LIB_DES
help
Triple DES EDE (FIPS 46-3) algorithm.
diff --git a/crypto/Makefile b/crypto/Makefile
index 266a4cdbb9e2..aa740c8492b9 100644
--- a/crypto/Makefile
+++ b/crypto/Makefile
@@ -6,8 +6,6 @@
obj-$(CONFIG_CRYPTO) += crypto.o
crypto-y := api.o cipher.o compress.o memneq.o
-obj-$(CONFIG_CRYPTO_WORKQUEUE) += crypto_wq.o
-
obj-$(CONFIG_CRYPTO_ENGINE) += crypto_engine.o
obj-$(CONFIG_CRYPTO_FIPS) += fips.o
@@ -92,10 +90,26 @@ obj-$(CONFIG_CRYPTO_GCM) += gcm.o
obj-$(CONFIG_CRYPTO_CCM) += ccm.o
obj-$(CONFIG_CRYPTO_CHACHA20POLY1305) += chacha20poly1305.o
obj-$(CONFIG_CRYPTO_AEGIS128) += aegis128.o
-obj-$(CONFIG_CRYPTO_AEGIS128L) += aegis128l.o
-obj-$(CONFIG_CRYPTO_AEGIS256) += aegis256.o
-obj-$(CONFIG_CRYPTO_MORUS640) += morus640.o
-obj-$(CONFIG_CRYPTO_MORUS1280) += morus1280.o
+aegis128-y := aegis128-core.o
+
+ifeq ($(ARCH),arm)
+CFLAGS_aegis128-neon-inner.o += -ffreestanding -march=armv8-a -mfloat-abi=softfp
+CFLAGS_aegis128-neon-inner.o += -mfpu=crypto-neon-fp-armv8
+aegis128-$(CONFIG_CRYPTO_AEGIS128_SIMD) += aegis128-neon.o aegis128-neon-inner.o
+endif
+ifeq ($(ARCH),arm64)
+aegis128-cflags-y := -ffreestanding -mcpu=generic+crypto
+aegis128-cflags-$(CONFIG_CC_IS_GCC) += -ffixed-q16 -ffixed-q17 -ffixed-q18 \
+ -ffixed-q19 -ffixed-q20 -ffixed-q21 \
+ -ffixed-q22 -ffixed-q23 -ffixed-q24 \
+ -ffixed-q25 -ffixed-q26 -ffixed-q27 \
+ -ffixed-q28 -ffixed-q29 -ffixed-q30 \
+ -ffixed-q31
+CFLAGS_aegis128-neon-inner.o += $(aegis128-cflags-y)
+CFLAGS_REMOVE_aegis128-neon-inner.o += -mgeneral-regs-only
+aegis128-$(CONFIG_CRYPTO_AEGIS128_SIMD) += aegis128-neon.o aegis128-neon-inner.o
+endif
+
obj-$(CONFIG_CRYPTO_PCRYPT) += pcrypt.o
obj-$(CONFIG_CRYPTO_CRYPTD) += cryptd.o
obj-$(CONFIG_CRYPTO_DES) += des_generic.o
@@ -131,12 +145,15 @@ obj-$(CONFIG_CRYPTO_AUTHENC) += authenc.o authencesn.o
obj-$(CONFIG_CRYPTO_LZO) += lzo.o lzo-rle.o
obj-$(CONFIG_CRYPTO_LZ4) += lz4.o
obj-$(CONFIG_CRYPTO_LZ4HC) += lz4hc.o
+obj-$(CONFIG_CRYPTO_XXHASH) += xxhash_generic.o
obj-$(CONFIG_CRYPTO_842) += 842.o
obj-$(CONFIG_CRYPTO_RNG2) += rng.o
obj-$(CONFIG_CRYPTO_ANSI_CPRNG) += ansi_cprng.o
obj-$(CONFIG_CRYPTO_DRBG) += drbg.o
obj-$(CONFIG_CRYPTO_JITTERENTROPY) += jitterentropy_rng.o
CFLAGS_jitterentropy.o = -O0
+KASAN_SANITIZE_jitterentropy.o = n
+UBSAN_SANITIZE_jitterentropy.o = n
jitterentropy_rng-y := jitterentropy.o jitterentropy-kcapi.o
obj-$(CONFIG_CRYPTO_TEST) += tcrypt.o
obj-$(CONFIG_CRYPTO_GHASH) += ghash-generic.o
@@ -148,6 +165,7 @@ obj-$(CONFIG_CRYPTO_USER_API_AEAD) += algif_aead.o
obj-$(CONFIG_CRYPTO_ZSTD) += zstd.o
obj-$(CONFIG_CRYPTO_OFB) += ofb.o
obj-$(CONFIG_CRYPTO_ECC) += ecc.o
+obj-$(CONFIG_CRYPTO_ESSIV) += essiv.o
ecdh_generic-y += ecdh.o
ecdh_generic-y += ecdh_helper.o
diff --git a/crypto/aead.c b/crypto/aead.c
index c3c158ba9883..ce035589cf57 100644
--- a/crypto/aead.c
+++ b/crypto/aead.c
@@ -70,7 +70,8 @@ int crypto_aead_setauthsize(struct crypto_aead *tfm, unsigned int authsize)
{
int err;
- if (authsize > crypto_aead_maxauthsize(tfm))
+ if ((!authsize && crypto_aead_maxauthsize(tfm)) ||
+ authsize > crypto_aead_maxauthsize(tfm))
return -EINVAL;
if (crypto_aead_alg(tfm)->setauthsize) {
@@ -84,6 +85,42 @@ int crypto_aead_setauthsize(struct crypto_aead *tfm, unsigned int authsize)
}
EXPORT_SYMBOL_GPL(crypto_aead_setauthsize);
+int crypto_aead_encrypt(struct aead_request *req)
+{
+ struct crypto_aead *aead = crypto_aead_reqtfm(req);
+ struct crypto_alg *alg = aead->base.__crt_alg;
+ unsigned int cryptlen = req->cryptlen;
+ int ret;
+
+ crypto_stats_get(alg);
+ if (crypto_aead_get_flags(aead) & CRYPTO_TFM_NEED_KEY)
+ ret = -ENOKEY;
+ else
+ ret = crypto_aead_alg(aead)->encrypt(req);
+ crypto_stats_aead_encrypt(cryptlen, alg, ret);
+ return ret;
+}
+EXPORT_SYMBOL_GPL(crypto_aead_encrypt);
+
+int crypto_aead_decrypt(struct aead_request *req)
+{
+ struct crypto_aead *aead = crypto_aead_reqtfm(req);
+ struct crypto_alg *alg = aead->base.__crt_alg;
+ unsigned int cryptlen = req->cryptlen;
+ int ret;
+
+ crypto_stats_get(alg);
+ if (crypto_aead_get_flags(aead) & CRYPTO_TFM_NEED_KEY)
+ ret = -ENOKEY;
+ else if (req->cryptlen < crypto_aead_authsize(aead))
+ ret = -EINVAL;
+ else
+ ret = crypto_aead_alg(aead)->decrypt(req);
+ crypto_stats_aead_decrypt(cryptlen, alg, ret);
+ return ret;
+}
+EXPORT_SYMBOL_GPL(crypto_aead_decrypt);
+
static void crypto_aead_exit_tfm(struct crypto_tfm *tfm)
{
struct crypto_aead *aead = __crypto_aead_cast(tfm);
diff --git a/crypto/aegis.h b/crypto/aegis.h
index 41a3090cda8e..6920ebe77679 100644
--- a/crypto/aegis.h
+++ b/crypto/aegis.h
@@ -10,6 +10,7 @@
#define _CRYPTO_AEGIS_H
#include <crypto/aes.h>
+#include <linux/bitops.h>
#include <linux/types.h>
#define AEGIS_BLOCK_SIZE 16
@@ -23,46 +24,32 @@ union aegis_block {
#define AEGIS_BLOCK_ALIGN (__alignof__(union aegis_block))
#define AEGIS_ALIGNED(p) IS_ALIGNED((uintptr_t)p, AEGIS_BLOCK_ALIGN)
-static const union aegis_block crypto_aegis_const[2] = {
- { .words64 = {
- cpu_to_le64(U64_C(0x0d08050302010100)),
- cpu_to_le64(U64_C(0x6279e99059372215)),
- } },
- { .words64 = {
- cpu_to_le64(U64_C(0xf12fc26d55183ddb)),
- cpu_to_le64(U64_C(0xdd28b57342311120)),
- } },
-};
-
-static void crypto_aegis_block_xor(union aegis_block *dst,
- const union aegis_block *src)
+static __always_inline void crypto_aegis_block_xor(union aegis_block *dst,
+ const union aegis_block *src)
{
dst->words64[0] ^= src->words64[0];
dst->words64[1] ^= src->words64[1];
}
-static void crypto_aegis_block_and(union aegis_block *dst,
- const union aegis_block *src)
+static __always_inline void crypto_aegis_block_and(union aegis_block *dst,
+ const union aegis_block *src)
{
dst->words64[0] &= src->words64[0];
dst->words64[1] &= src->words64[1];
}
-static void crypto_aegis_aesenc(union aegis_block *dst,
- const union aegis_block *src,
- const union aegis_block *key)
+static __always_inline void crypto_aegis_aesenc(union aegis_block *dst,
+ const union aegis_block *src,
+ const union aegis_block *key)
{
const u8 *s = src->bytes;
- const u32 *t0 = crypto_ft_tab[0];
- const u32 *t1 = crypto_ft_tab[1];
- const u32 *t2 = crypto_ft_tab[2];
- const u32 *t3 = crypto_ft_tab[3];
+ const u32 *t = crypto_ft_tab[0];
u32 d0, d1, d2, d3;
- d0 = t0[s[ 0]] ^ t1[s[ 5]] ^ t2[s[10]] ^ t3[s[15]];
- d1 = t0[s[ 4]] ^ t1[s[ 9]] ^ t2[s[14]] ^ t3[s[ 3]];
- d2 = t0[s[ 8]] ^ t1[s[13]] ^ t2[s[ 2]] ^ t3[s[ 7]];
- d3 = t0[s[12]] ^ t1[s[ 1]] ^ t2[s[ 6]] ^ t3[s[11]];
+ d0 = t[s[ 0]] ^ rol32(t[s[ 5]], 8) ^ rol32(t[s[10]], 16) ^ rol32(t[s[15]], 24);
+ d1 = t[s[ 4]] ^ rol32(t[s[ 9]], 8) ^ rol32(t[s[14]], 16) ^ rol32(t[s[ 3]], 24);
+ d2 = t[s[ 8]] ^ rol32(t[s[13]], 8) ^ rol32(t[s[ 2]], 16) ^ rol32(t[s[ 7]], 24);
+ d3 = t[s[12]] ^ rol32(t[s[ 1]], 8) ^ rol32(t[s[ 6]], 16) ^ rol32(t[s[11]], 24);
dst->words32[0] = cpu_to_le32(d0) ^ key->words32[0];
dst->words32[1] = cpu_to_le32(d1) ^ key->words32[1];
diff --git a/crypto/aegis128.c b/crypto/aegis128-core.c
index d78f77fc5dd1..80e73611bd5c 100644
--- a/crypto/aegis128.c
+++ b/crypto/aegis128-core.c
@@ -8,6 +8,7 @@
#include <crypto/algapi.h>
#include <crypto/internal/aead.h>
+#include <crypto/internal/simd.h>
#include <crypto/internal/skcipher.h>
#include <crypto/scatterwalk.h>
#include <linux/err.h>
@@ -16,6 +17,8 @@
#include <linux/module.h>
#include <linux/scatterlist.h>
+#include <asm/simd.h>
+
#include "aegis.h"
#define AEGIS128_NONCE_SIZE 16
@@ -40,6 +43,35 @@ struct aegis128_ops {
const u8 *src, unsigned int size);
};
+static bool have_simd;
+
+static const union aegis_block crypto_aegis_const[2] = {
+ { .words64 = {
+ cpu_to_le64(U64_C(0x0d08050302010100)),
+ cpu_to_le64(U64_C(0x6279e99059372215)),
+ } },
+ { .words64 = {
+ cpu_to_le64(U64_C(0xf12fc26d55183ddb)),
+ cpu_to_le64(U64_C(0xdd28b57342311120)),
+ } },
+};
+
+static bool aegis128_do_simd(void)
+{
+#ifdef CONFIG_CRYPTO_AEGIS128_SIMD
+ if (have_simd)
+ return crypto_simd_usable();
+#endif
+ return false;
+}
+
+bool crypto_aegis128_have_simd(void);
+void crypto_aegis128_update_simd(struct aegis_state *state, const void *msg);
+void crypto_aegis128_encrypt_chunk_simd(struct aegis_state *state, u8 *dst,
+ const u8 *src, unsigned int size);
+void crypto_aegis128_decrypt_chunk_simd(struct aegis_state *state, u8 *dst,
+ const u8 *src, unsigned int size);
+
static void crypto_aegis128_update(struct aegis_state *state)
{
union aegis_block tmp;
@@ -55,12 +87,22 @@ static void crypto_aegis128_update(struct aegis_state *state)
static void crypto_aegis128_update_a(struct aegis_state *state,
const union aegis_block *msg)
{
+ if (aegis128_do_simd()) {
+ crypto_aegis128_update_simd(state, msg);
+ return;
+ }
+
crypto_aegis128_update(state);
crypto_aegis_block_xor(&state->blocks[0], msg);
}
static void crypto_aegis128_update_u(struct aegis_state *state, const void *msg)
{
+ if (aegis128_do_simd()) {
+ crypto_aegis128_update_simd(state, msg);
+ return;
+ }
+
crypto_aegis128_update(state);
crypto_xor(state->blocks[0].bytes, msg, AEGIS_BLOCK_SIZE);
}
@@ -365,7 +407,7 @@ static void crypto_aegis128_crypt(struct aead_request *req,
static int crypto_aegis128_encrypt(struct aead_request *req)
{
- static const struct aegis128_ops ops = {
+ const struct aegis128_ops *ops = &(struct aegis128_ops){
.skcipher_walk_init = skcipher_walk_aead_encrypt,
.crypt_chunk = crypto_aegis128_encrypt_chunk,
};
@@ -375,7 +417,12 @@ static int crypto_aegis128_encrypt(struct aead_request *req)
unsigned int authsize = crypto_aead_authsize(tfm);
unsigned int cryptlen = req->cryptlen;
- crypto_aegis128_crypt(req, &tag, cryptlen, &ops);
+ if (aegis128_do_simd())
+ ops = &(struct aegis128_ops){
+ .skcipher_walk_init = skcipher_walk_aead_encrypt,
+ .crypt_chunk = crypto_aegis128_encrypt_chunk_simd };
+
+ crypto_aegis128_crypt(req, &tag, cryptlen, ops);
scatterwalk_map_and_copy(tag.bytes, req->dst, req->assoclen + cryptlen,
authsize, 1);
@@ -384,7 +431,7 @@ static int crypto_aegis128_encrypt(struct aead_request *req)
static int crypto_aegis128_decrypt(struct aead_request *req)
{
- static const struct aegis128_ops ops = {
+ const struct aegis128_ops *ops = &(struct aegis128_ops){
.skcipher_walk_init = skcipher_walk_aead_decrypt,
.crypt_chunk = crypto_aegis128_decrypt_chunk,
};
@@ -398,18 +445,14 @@ static int crypto_aegis128_decrypt(struct aead_request *req)
scatterwalk_map_and_copy(tag.bytes, req->src, req->assoclen + cryptlen,
authsize, 0);
- crypto_aegis128_crypt(req, &tag, cryptlen, &ops);
+ if (aegis128_do_simd())
+ ops = &(struct aegis128_ops){
+ .skcipher_walk_init = skcipher_walk_aead_decrypt,
+ .crypt_chunk = crypto_aegis128_decrypt_chunk_simd };
- return crypto_memneq(tag.bytes, zeros, authsize) ? -EBADMSG : 0;
-}
-
-static int crypto_aegis128_init_tfm(struct crypto_aead *tfm)
-{
- return 0;
-}
+ crypto_aegis128_crypt(req, &tag, cryptlen, ops);
-static void crypto_aegis128_exit_tfm(struct crypto_aead *tfm)
-{
+ return crypto_memneq(tag.bytes, zeros, authsize) ? -EBADMSG : 0;
}
static struct aead_alg crypto_aegis128_alg = {
@@ -417,8 +460,6 @@ static struct aead_alg crypto_aegis128_alg = {
.setauthsize = crypto_aegis128_setauthsize,
.encrypt = crypto_aegis128_encrypt,
.decrypt = crypto_aegis128_decrypt,
- .init = crypto_aegis128_init_tfm,
- .exit = crypto_aegis128_exit_tfm,
.ivsize = AEGIS128_NONCE_SIZE,
.maxauthsize = AEGIS128_MAX_AUTH_SIZE,
@@ -440,6 +481,9 @@ static struct aead_alg crypto_aegis128_alg = {
static int __init crypto_aegis128_module_init(void)
{
+ if (IS_ENABLED(CONFIG_CRYPTO_AEGIS128_SIMD))
+ have_simd = crypto_aegis128_have_simd();
+
return crypto_register_aead(&crypto_aegis128_alg);
}
diff --git a/crypto/aegis128-neon-inner.c b/crypto/aegis128-neon-inner.c
new file mode 100644
index 000000000000..f05310ca22aa
--- /dev/null
+++ b/crypto/aegis128-neon-inner.c
@@ -0,0 +1,212 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
+/*
+ * Copyright (C) 2019 Linaro, Ltd. <ard.biesheuvel@linaro.org>
+ */
+
+#ifdef CONFIG_ARM64
+#include <asm/neon-intrinsics.h>
+
+#define AES_ROUND "aese %0.16b, %1.16b \n\t aesmc %0.16b, %0.16b"
+#else
+#include <arm_neon.h>
+
+#define AES_ROUND "aese.8 %q0, %q1 \n\t aesmc.8 %q0, %q0"
+#endif
+
+#define AEGIS_BLOCK_SIZE 16
+
+#include <stddef.h>
+
+extern int aegis128_have_aes_insn;
+
+void *memcpy(void *dest, const void *src, size_t n);
+void *memset(void *s, int c, size_t n);
+
+struct aegis128_state {
+ uint8x16_t v[5];
+};
+
+extern const uint8_t crypto_aes_sbox[];
+
+static struct aegis128_state aegis128_load_state_neon(const void *state)
+{
+ return (struct aegis128_state){ {
+ vld1q_u8(state),
+ vld1q_u8(state + 16),
+ vld1q_u8(state + 32),
+ vld1q_u8(state + 48),
+ vld1q_u8(state + 64)
+ } };
+}
+
+static void aegis128_save_state_neon(struct aegis128_state st, void *state)
+{
+ vst1q_u8(state, st.v[0]);
+ vst1q_u8(state + 16, st.v[1]);
+ vst1q_u8(state + 32, st.v[2]);
+ vst1q_u8(state + 48, st.v[3]);
+ vst1q_u8(state + 64, st.v[4]);
+}
+
+static inline __attribute__((always_inline))
+uint8x16_t aegis_aes_round(uint8x16_t w)
+{
+ uint8x16_t z = {};
+
+#ifdef CONFIG_ARM64
+ if (!__builtin_expect(aegis128_have_aes_insn, 1)) {
+ static const uint8_t shift_rows[] = {
+ 0x0, 0x5, 0xa, 0xf, 0x4, 0x9, 0xe, 0x3,
+ 0x8, 0xd, 0x2, 0x7, 0xc, 0x1, 0x6, 0xb,
+ };
+ static const uint8_t ror32by8[] = {
+ 0x1, 0x2, 0x3, 0x0, 0x5, 0x6, 0x7, 0x4,
+ 0x9, 0xa, 0xb, 0x8, 0xd, 0xe, 0xf, 0xc,
+ };
+ uint8x16_t v;
+
+ // shift rows
+ w = vqtbl1q_u8(w, vld1q_u8(shift_rows));
+
+ // sub bytes
+#ifndef CONFIG_CC_IS_GCC
+ v = vqtbl4q_u8(vld1q_u8_x4(crypto_aes_sbox), w);
+ v = vqtbx4q_u8(v, vld1q_u8_x4(crypto_aes_sbox + 0x40), w - 0x40);
+ v = vqtbx4q_u8(v, vld1q_u8_x4(crypto_aes_sbox + 0x80), w - 0x80);
+ v = vqtbx4q_u8(v, vld1q_u8_x4(crypto_aes_sbox + 0xc0), w - 0xc0);
+#else
+ asm("tbl %0.16b, {v16.16b-v19.16b}, %1.16b" : "=w"(v) : "w"(w));
+ w -= 0x40;
+ asm("tbx %0.16b, {v20.16b-v23.16b}, %1.16b" : "+w"(v) : "w"(w));
+ w -= 0x40;
+ asm("tbx %0.16b, {v24.16b-v27.16b}, %1.16b" : "+w"(v) : "w"(w));
+ w -= 0x40;
+ asm("tbx %0.16b, {v28.16b-v31.16b}, %1.16b" : "+w"(v) : "w"(w));
+#endif
+
+ // mix columns
+ w = (v << 1) ^ (uint8x16_t)(((int8x16_t)v >> 7) & 0x1b);
+ w ^= (uint8x16_t)vrev32q_u16((uint16x8_t)v);
+ w ^= vqtbl1q_u8(v ^ w, vld1q_u8(ror32by8));
+
+ return w;
+ }
+#endif
+
+ /*
+ * We use inline asm here instead of the vaeseq_u8/vaesmcq_u8 intrinsics
+ * to force the compiler to issue the aese/aesmc instructions in pairs.
+ * This is much faster on many cores, where the instruction pair can
+ * execute in a single cycle.
+ */
+ asm(AES_ROUND : "+w"(w) : "w"(z));
+ return w;
+}
+
+static inline __attribute__((always_inline))
+struct aegis128_state aegis128_update_neon(struct aegis128_state st,
+ uint8x16_t m)
+{
+ m ^= aegis_aes_round(st.v[4]);
+ st.v[4] ^= aegis_aes_round(st.v[3]);
+ st.v[3] ^= aegis_aes_round(st.v[2]);
+ st.v[2] ^= aegis_aes_round(st.v[1]);
+ st.v[1] ^= aegis_aes_round(st.v[0]);
+ st.v[0] ^= m;
+
+ return st;
+}
+
+static inline __attribute__((always_inline))
+void preload_sbox(void)
+{
+ if (!IS_ENABLED(CONFIG_ARM64) ||
+ !IS_ENABLED(CONFIG_CC_IS_GCC) ||
+ __builtin_expect(aegis128_have_aes_insn, 1))
+ return;
+
+ asm("ld1 {v16.16b-v19.16b}, [%0], #64 \n\t"
+ "ld1 {v20.16b-v23.16b}, [%0], #64 \n\t"
+ "ld1 {v24.16b-v27.16b}, [%0], #64 \n\t"
+ "ld1 {v28.16b-v31.16b}, [%0] \n\t"
+ :: "r"(crypto_aes_sbox));
+}
+
+void crypto_aegis128_update_neon(void *state, const void *msg)
+{
+ struct aegis128_state st = aegis128_load_state_neon(state);
+
+ preload_sbox();
+
+ st = aegis128_update_neon(st, vld1q_u8(msg));
+
+ aegis128_save_state_neon(st, state);
+}
+
+void crypto_aegis128_encrypt_chunk_neon(void *state, void *dst, const void *src,
+ unsigned int size)
+{
+ struct aegis128_state st = aegis128_load_state_neon(state);
+ uint8x16_t msg;
+
+ preload_sbox();
+
+ while (size >= AEGIS_BLOCK_SIZE) {
+ uint8x16_t s = st.v[1] ^ (st.v[2] & st.v[3]) ^ st.v[4];
+
+ msg = vld1q_u8(src);
+ st = aegis128_update_neon(st, msg);
+ vst1q_u8(dst, msg ^ s);
+
+ size -= AEGIS_BLOCK_SIZE;
+ src += AEGIS_BLOCK_SIZE;
+ dst += AEGIS_BLOCK_SIZE;
+ }
+
+ if (size > 0) {
+ uint8x16_t s = st.v[1] ^ (st.v[2] & st.v[3]) ^ st.v[4];
+ uint8_t buf[AEGIS_BLOCK_SIZE] = {};
+
+ memcpy(buf, src, size);
+ msg = vld1q_u8(buf);
+ st = aegis128_update_neon(st, msg);
+ vst1q_u8(buf, msg ^ s);
+ memcpy(dst, buf, size);
+ }
+
+ aegis128_save_state_neon(st, state);
+}
+
+void crypto_aegis128_decrypt_chunk_neon(void *state, void *dst, const void *src,
+ unsigned int size)
+{
+ struct aegis128_state st = aegis128_load_state_neon(state);
+ uint8x16_t msg;
+
+ preload_sbox();
+
+ while (size >= AEGIS_BLOCK_SIZE) {
+ msg = vld1q_u8(src) ^ st.v[1] ^ (st.v[2] & st.v[3]) ^ st.v[4];
+ st = aegis128_update_neon(st, msg);
+ vst1q_u8(dst, msg);
+
+ size -= AEGIS_BLOCK_SIZE;
+ src += AEGIS_BLOCK_SIZE;
+ dst += AEGIS_BLOCK_SIZE;
+ }
+
+ if (size > 0) {
+ uint8x16_t s = st.v[1] ^ (st.v[2] & st.v[3]) ^ st.v[4];
+ uint8_t buf[AEGIS_BLOCK_SIZE];
+
+ vst1q_u8(buf, s);
+ memcpy(buf, src, size);
+ msg = vld1q_u8(buf) ^ s;
+ vst1q_u8(buf, msg);
+ memcpy(dst, buf, size);
+
+ st = aegis128_update_neon(st, msg);
+ }
+
+ aegis128_save_state_neon(st, state);
+}
diff --git a/crypto/aegis128-neon.c b/crypto/aegis128-neon.c
new file mode 100644
index 000000000000..751f9c195aa4
--- /dev/null
+++ b/crypto/aegis128-neon.c
@@ -0,0 +1,49 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
+/*
+ * Copyright (C) 2019 Linaro Ltd <ard.biesheuvel@linaro.org>
+ */
+
+#include <asm/cpufeature.h>
+#include <asm/neon.h>
+
+#include "aegis.h"
+
+void crypto_aegis128_update_neon(void *state, const void *msg);
+void crypto_aegis128_encrypt_chunk_neon(void *state, void *dst, const void *src,
+ unsigned int size);
+void crypto_aegis128_decrypt_chunk_neon(void *state, void *dst, const void *src,
+ unsigned int size);
+
+int aegis128_have_aes_insn __ro_after_init;
+
+bool crypto_aegis128_have_simd(void)
+{
+ if (cpu_have_feature(cpu_feature(AES))) {
+ aegis128_have_aes_insn = 1;
+ return true;
+ }
+ return IS_ENABLED(CONFIG_ARM64);
+}
+
+void crypto_aegis128_update_simd(union aegis_block *state, const void *msg)
+{
+ kernel_neon_begin();
+ crypto_aegis128_update_neon(state, msg);
+ kernel_neon_end();
+}
+
+void crypto_aegis128_encrypt_chunk_simd(union aegis_block *state, u8 *dst,
+ const u8 *src, unsigned int size)
+{
+ kernel_neon_begin();
+ crypto_aegis128_encrypt_chunk_neon(state, dst, src, size);
+ kernel_neon_end();
+}
+
+void crypto_aegis128_decrypt_chunk_simd(union aegis_block *state, u8 *dst,
+ const u8 *src, unsigned int size)
+{
+ kernel_neon_begin();
+ crypto_aegis128_decrypt_chunk_neon(state, dst, src, size);
+ kernel_neon_end();
+}
diff --git a/crypto/aegis128l.c b/crypto/aegis128l.c
deleted file mode 100644
index 9bca3d619a22..000000000000
--- a/crypto/aegis128l.c
+++ /dev/null
@@ -1,522 +0,0 @@
-// SPDX-License-Identifier: GPL-2.0-or-later
-/*
- * The AEGIS-128L Authenticated-Encryption Algorithm
- *
- * Copyright (c) 2017-2018 Ondrej Mosnacek <omosnacek@gmail.com>
- * Copyright (C) 2017-2018 Red Hat, Inc. All rights reserved.
- */
-
-#include <crypto/algapi.h>
-#include <crypto/internal/aead.h>
-#include <crypto/internal/skcipher.h>
-#include <crypto/scatterwalk.h>
-#include <linux/err.h>
-#include <linux/init.h>
-#include <linux/kernel.h>
-#include <linux/module.h>
-#include <linux/scatterlist.h>
-
-#include "aegis.h"
-
-#define AEGIS128L_CHUNK_BLOCKS 2
-#define AEGIS128L_CHUNK_SIZE (AEGIS128L_CHUNK_BLOCKS * AEGIS_BLOCK_SIZE)
-#define AEGIS128L_NONCE_SIZE 16
-#define AEGIS128L_STATE_BLOCKS 8
-#define AEGIS128L_KEY_SIZE 16
-#define AEGIS128L_MIN_AUTH_SIZE 8
-#define AEGIS128L_MAX_AUTH_SIZE 16
-
-union aegis_chunk {
- union aegis_block blocks[AEGIS128L_CHUNK_BLOCKS];
- u8 bytes[AEGIS128L_CHUNK_SIZE];
-};
-
-struct aegis_state {
- union aegis_block blocks[AEGIS128L_STATE_BLOCKS];
-};
-
-struct aegis_ctx {
- union aegis_block key;
-};
-
-struct aegis128l_ops {
- int (*skcipher_walk_init)(struct skcipher_walk *walk,
- struct aead_request *req, bool atomic);
-
- void (*crypt_chunk)(struct aegis_state *state, u8 *dst,
- const u8 *src, unsigned int size);
-};
-
-static void crypto_aegis128l_update(struct aegis_state *state)
-{
- union aegis_block tmp;
- unsigned int i;
-
- tmp = state->blocks[AEGIS128L_STATE_BLOCKS - 1];
- for (i = AEGIS128L_STATE_BLOCKS - 1; i > 0; i--)
- crypto_aegis_aesenc(&state->blocks[i], &state->blocks[i - 1],
- &state->blocks[i]);
- crypto_aegis_aesenc(&state->blocks[0], &tmp, &state->blocks[0]);
-}
-
-static void crypto_aegis128l_update_a(struct aegis_state *state,
- const union aegis_chunk *msg)
-{
- crypto_aegis128l_update(state);
- crypto_aegis_block_xor(&state->blocks[0], &msg->blocks[0]);
- crypto_aegis_block_xor(&state->blocks[4], &msg->blocks[1]);
-}
-
-static void crypto_aegis128l_update_u(struct aegis_state *state,
- const void *msg)
-{
- crypto_aegis128l_update(state);
- crypto_xor(state->blocks[0].bytes, msg + 0 * AEGIS_BLOCK_SIZE,
- AEGIS_BLOCK_SIZE);
- crypto_xor(state->blocks[4].bytes, msg + 1 * AEGIS_BLOCK_SIZE,
- AEGIS_BLOCK_SIZE);
-}
-
-static void crypto_aegis128l_init(struct aegis_state *state,
- const union aegis_block *key,
- const u8 *iv)
-{
- union aegis_block key_iv;
- union aegis_chunk chunk;
- unsigned int i;
-
- memcpy(chunk.blocks[0].bytes, iv, AEGIS_BLOCK_SIZE);
- chunk.blocks[1] = *key;
-
- key_iv = *key;
- crypto_aegis_block_xor(&key_iv, &chunk.blocks[0]);
-
- state->blocks[0] = key_iv;
- state->blocks[1] = crypto_aegis_const[1];
- state->blocks[2] = crypto_aegis_const[0];
- state->blocks[3] = crypto_aegis_const[1];
- state->blocks[4] = key_iv;
- state->blocks[5] = *key;
- state->blocks[6] = *key;
- state->blocks[7] = *key;
-
- crypto_aegis_block_xor(&state->blocks[5], &crypto_aegis_const[0]);
- crypto_aegis_block_xor(&state->blocks[6], &crypto_aegis_const[1]);
- crypto_aegis_block_xor(&state->blocks[7], &crypto_aegis_const[0]);
-
- for (i = 0; i < 10; i++) {
- crypto_aegis128l_update_a(state, &chunk);
- }
-}
-
-static void crypto_aegis128l_ad(struct aegis_state *state,
- const u8 *src, unsigned int size)
-{
- if (AEGIS_ALIGNED(src)) {
- const union aegis_chunk *src_chunk =
- (const union aegis_chunk *)src;
-
- while (size >= AEGIS128L_CHUNK_SIZE) {
- crypto_aegis128l_update_a(state, src_chunk);
-
- size -= AEGIS128L_CHUNK_SIZE;
- src_chunk += 1;
- }
- } else {
- while (size >= AEGIS128L_CHUNK_SIZE) {
- crypto_aegis128l_update_u(state, src);
-
- size -= AEGIS128L_CHUNK_SIZE;
- src += AEGIS128L_CHUNK_SIZE;
- }
- }
-}
-
-static void crypto_aegis128l_encrypt_chunk(struct aegis_state *state, u8 *dst,
- const u8 *src, unsigned int size)
-{
- union aegis_chunk tmp;
- union aegis_block *tmp0 = &tmp.blocks[0];
- union aegis_block *tmp1 = &tmp.blocks[1];
-
- if (AEGIS_ALIGNED(src) && AEGIS_ALIGNED(dst)) {
- while (size >= AEGIS128L_CHUNK_SIZE) {
- union aegis_chunk *dst_blk =
- (union aegis_chunk *)dst;
- const union aegis_chunk *src_blk =
- (const union aegis_chunk *)src;
-
- *tmp0 = state->blocks[2];
- crypto_aegis_block_and(tmp0, &state->blocks[3]);
- crypto_aegis_block_xor(tmp0, &state->blocks[6]);
- crypto_aegis_block_xor(tmp0, &state->blocks[1]);
- crypto_aegis_block_xor(tmp0, &src_blk->blocks[0]);
-
- *tmp1 = state->blocks[6];
- crypto_aegis_block_and(tmp1, &state->blocks[7]);
- crypto_aegis_block_xor(tmp1, &state->blocks[5]);
- crypto_aegis_block_xor(tmp1, &state->blocks[2]);
- crypto_aegis_block_xor(tmp1, &src_blk->blocks[1]);
-
- crypto_aegis128l_update_a(state, src_blk);
-
- *dst_blk = tmp;
-
- size -= AEGIS128L_CHUNK_SIZE;
- src += AEGIS128L_CHUNK_SIZE;
- dst += AEGIS128L_CHUNK_SIZE;
- }
- } else {
- while (size >= AEGIS128L_CHUNK_SIZE) {
- *tmp0 = state->blocks[2];
- crypto_aegis_block_and(tmp0, &state->blocks[3]);
- crypto_aegis_block_xor(tmp0, &state->blocks[6]);
- crypto_aegis_block_xor(tmp0, &state->blocks[1]);
- crypto_xor(tmp0->bytes, src + 0 * AEGIS_BLOCK_SIZE,
- AEGIS_BLOCK_SIZE);
-
- *tmp1 = state->blocks[6];
- crypto_aegis_block_and(tmp1, &state->blocks[7]);
- crypto_aegis_block_xor(tmp1, &state->blocks[5]);
- crypto_aegis_block_xor(tmp1, &state->blocks[2]);
- crypto_xor(tmp1->bytes, src + 1 * AEGIS_BLOCK_SIZE,
- AEGIS_BLOCK_SIZE);
-
- crypto_aegis128l_update_u(state, src);
-
- memcpy(dst, tmp.bytes, AEGIS128L_CHUNK_SIZE);
-
- size -= AEGIS128L_CHUNK_SIZE;
- src += AEGIS128L_CHUNK_SIZE;
- dst += AEGIS128L_CHUNK_SIZE;
- }
- }
-
- if (size > 0) {
- union aegis_chunk msg = {};
- memcpy(msg.bytes, src, size);
-
- *tmp0 = state->blocks[2];
- crypto_aegis_block_and(tmp0, &state->blocks[3]);
- crypto_aegis_block_xor(tmp0, &state->blocks[6]);
- crypto_aegis_block_xor(tmp0, &state->blocks[1]);
-
- *tmp1 = state->blocks[6];
- crypto_aegis_block_and(tmp1, &state->blocks[7]);
- crypto_aegis_block_xor(tmp1, &state->blocks[5]);
- crypto_aegis_block_xor(tmp1, &state->blocks[2]);
-
- crypto_aegis128l_update_a(state, &msg);
-
- crypto_aegis_block_xor(&msg.blocks[0], tmp0);
- crypto_aegis_block_xor(&msg.blocks[1], tmp1);
-
- memcpy(dst, msg.bytes, size);
- }
-}
-
-static void crypto_aegis128l_decrypt_chunk(struct aegis_state *state, u8 *dst,
- const u8 *src, unsigned int size)
-{
- union aegis_chunk tmp;
- union aegis_block *tmp0 = &tmp.blocks[0];
- union aegis_block *tmp1 = &tmp.blocks[1];
-
- if (AEGIS_ALIGNED(src) && AEGIS_ALIGNED(dst)) {
- while (size >= AEGIS128L_CHUNK_SIZE) {
- union aegis_chunk *dst_blk =
- (union aegis_chunk *)dst;
- const union aegis_chunk *src_blk =
- (const union aegis_chunk *)src;
-
- *tmp0 = state->blocks[2];
- crypto_aegis_block_and(tmp0, &state->blocks[3]);
- crypto_aegis_block_xor(tmp0, &state->blocks[6]);
- crypto_aegis_block_xor(tmp0, &state->blocks[1]);
- crypto_aegis_block_xor(tmp0, &src_blk->blocks[0]);
-
- *tmp1 = state->blocks[6];
- crypto_aegis_block_and(tmp1, &state->blocks[7]);
- crypto_aegis_block_xor(tmp1, &state->blocks[5]);
- crypto_aegis_block_xor(tmp1, &state->blocks[2]);
- crypto_aegis_block_xor(tmp1, &src_blk->blocks[1]);
-
- crypto_aegis128l_update_a(state, &tmp);
-
- *dst_blk = tmp;
-
- size -= AEGIS128L_CHUNK_SIZE;
- src += AEGIS128L_CHUNK_SIZE;
- dst += AEGIS128L_CHUNK_SIZE;
- }
- } else {
- while (size >= AEGIS128L_CHUNK_SIZE) {
- *tmp0 = state->blocks[2];
- crypto_aegis_block_and(tmp0, &state->blocks[3]);
- crypto_aegis_block_xor(tmp0, &state->blocks[6]);
- crypto_aegis_block_xor(tmp0, &state->blocks[1]);
- crypto_xor(tmp0->bytes, src + 0 * AEGIS_BLOCK_SIZE,
- AEGIS_BLOCK_SIZE);
-
- *tmp1 = state->blocks[6];
- crypto_aegis_block_and(tmp1, &state->blocks[7]);
- crypto_aegis_block_xor(tmp1, &state->blocks[5]);
- crypto_aegis_block_xor(tmp1, &state->blocks[2]);
- crypto_xor(tmp1->bytes, src + 1 * AEGIS_BLOCK_SIZE,
- AEGIS_BLOCK_SIZE);
-
- crypto_aegis128l_update_a(state, &tmp);
-
- memcpy(dst, tmp.bytes, AEGIS128L_CHUNK_SIZE);
-
- size -= AEGIS128L_CHUNK_SIZE;
- src += AEGIS128L_CHUNK_SIZE;
- dst += AEGIS128L_CHUNK_SIZE;
- }
- }
-
- if (size > 0) {
- union aegis_chunk msg = {};
- memcpy(msg.bytes, src, size);
-
- *tmp0 = state->blocks[2];
- crypto_aegis_block_and(tmp0, &state->blocks[3]);
- crypto_aegis_block_xor(tmp0, &state->blocks[6]);
- crypto_aegis_block_xor(tmp0, &state->blocks[1]);
- crypto_aegis_block_xor(&msg.blocks[0], tmp0);
-
- *tmp1 = state->blocks[6];
- crypto_aegis_block_and(tmp1, &state->blocks[7]);
- crypto_aegis_block_xor(tmp1, &state->blocks[5]);
- crypto_aegis_block_xor(tmp1, &state->blocks[2]);
- crypto_aegis_block_xor(&msg.blocks[1], tmp1);
-
- memset(msg.bytes + size, 0, AEGIS128L_CHUNK_SIZE - size);
-
- crypto_aegis128l_update_a(state, &msg);
-
- memcpy(dst, msg.bytes, size);
- }
-}
-
-static void crypto_aegis128l_process_ad(struct aegis_state *state,
- struct scatterlist *sg_src,
- unsigned int assoclen)
-{
- struct scatter_walk walk;
- union aegis_chunk buf;
- unsigned int pos = 0;
-
- scatterwalk_start(&walk, sg_src);
- while (assoclen != 0) {
- unsigned int size = scatterwalk_clamp(&walk, assoclen);
- unsigned int left = size;
- void *mapped = scatterwalk_map(&walk);
- const u8 *src = (const u8 *)mapped;
-
- if (pos + size >= AEGIS128L_CHUNK_SIZE) {
- if (pos > 0) {
- unsigned int fill = AEGIS128L_CHUNK_SIZE - pos;
- memcpy(buf.bytes + pos, src, fill);
- crypto_aegis128l_update_a(state, &buf);
- pos = 0;
- left -= fill;
- src += fill;
- }
-
- crypto_aegis128l_ad(state, src, left);
- src += left & ~(AEGIS128L_CHUNK_SIZE - 1);
- left &= AEGIS128L_CHUNK_SIZE - 1;
- }
-
- memcpy(buf.bytes + pos, src, left);
-
- pos += left;
- assoclen -= size;
- scatterwalk_unmap(mapped);
- scatterwalk_advance(&walk, size);
- scatterwalk_done(&walk, 0, assoclen);
- }
-
- if (pos > 0) {
- memset(buf.bytes + pos, 0, AEGIS128L_CHUNK_SIZE - pos);
- crypto_aegis128l_update_a(state, &buf);
- }
-}
-
-static void crypto_aegis128l_process_crypt(struct aegis_state *state,
- struct aead_request *req,
- const struct aegis128l_ops *ops)
-{
- struct skcipher_walk walk;
-
- ops->skcipher_walk_init(&walk, req, false);
-
- while (walk.nbytes) {
- unsigned int nbytes = walk.nbytes;
-
- if (nbytes < walk.total)
- nbytes = round_down(nbytes, walk.stride);
-
- ops->crypt_chunk(state, walk.dst.virt.addr, walk.src.virt.addr,
- nbytes);
-
- skcipher_walk_done(&walk, walk.nbytes - nbytes);
- }
-}
-
-static void crypto_aegis128l_final(struct aegis_state *state,
- union aegis_block *tag_xor,
- u64 assoclen, u64 cryptlen)
-{
- u64 assocbits = assoclen * 8;
- u64 cryptbits = cryptlen * 8;
-
- union aegis_chunk tmp;
- unsigned int i;
-
- tmp.blocks[0].words64[0] = cpu_to_le64(assocbits);
- tmp.blocks[0].words64[1] = cpu_to_le64(cryptbits);
-
- crypto_aegis_block_xor(&tmp.blocks[0], &state->blocks[2]);
-
- tmp.blocks[1] = tmp.blocks[0];
- for (i = 0; i < 7; i++)
- crypto_aegis128l_update_a(state, &tmp);
-
- for (i = 0; i < 7; i++)
- crypto_aegis_block_xor(tag_xor, &state->blocks[i]);
-}
-
-static int crypto_aegis128l_setkey(struct crypto_aead *aead, const u8 *key,
- unsigned int keylen)
-{
- struct aegis_ctx *ctx = crypto_aead_ctx(aead);
-
- if (keylen != AEGIS128L_KEY_SIZE) {
- crypto_aead_set_flags(aead, CRYPTO_TFM_RES_BAD_KEY_LEN);
- return -EINVAL;
- }
-
- memcpy(ctx->key.bytes, key, AEGIS128L_KEY_SIZE);
- return 0;
-}
-
-static int crypto_aegis128l_setauthsize(struct crypto_aead *tfm,
- unsigned int authsize)
-{
- if (authsize > AEGIS128L_MAX_AUTH_SIZE)
- return -EINVAL;
- if (authsize < AEGIS128L_MIN_AUTH_SIZE)
- return -EINVAL;
- return 0;
-}
-
-static void crypto_aegis128l_crypt(struct aead_request *req,
- union aegis_block *tag_xor,
- unsigned int cryptlen,
- const struct aegis128l_ops *ops)
-{
- struct crypto_aead *tfm = crypto_aead_reqtfm(req);
- struct aegis_ctx *ctx = crypto_aead_ctx(tfm);
- struct aegis_state state;
-
- crypto_aegis128l_init(&state, &ctx->key, req->iv);
- crypto_aegis128l_process_ad(&state, req->src, req->assoclen);
- crypto_aegis128l_process_crypt(&state, req, ops);
- crypto_aegis128l_final(&state, tag_xor, req->assoclen, cryptlen);
-}
-
-static int crypto_aegis128l_encrypt(struct aead_request *req)
-{
- static const struct aegis128l_ops ops = {
- .skcipher_walk_init = skcipher_walk_aead_encrypt,
- .crypt_chunk = crypto_aegis128l_encrypt_chunk,
- };
-
- struct crypto_aead *tfm = crypto_aead_reqtfm(req);
- union aegis_block tag = {};
- unsigned int authsize = crypto_aead_authsize(tfm);
- unsigned int cryptlen = req->cryptlen;
-
- crypto_aegis128l_crypt(req, &tag, cryptlen, &ops);
-
- scatterwalk_map_and_copy(tag.bytes, req->dst, req->assoclen + cryptlen,
- authsize, 1);
- return 0;
-}
-
-static int crypto_aegis128l_decrypt(struct aead_request *req)
-{
- static const struct aegis128l_ops ops = {
- .skcipher_walk_init = skcipher_walk_aead_decrypt,
- .crypt_chunk = crypto_aegis128l_decrypt_chunk,
- };
- static const u8 zeros[AEGIS128L_MAX_AUTH_SIZE] = {};
-
- struct crypto_aead *tfm = crypto_aead_reqtfm(req);
- union aegis_block tag;
- unsigned int authsize = crypto_aead_authsize(tfm);
- unsigned int cryptlen = req->cryptlen - authsize;
-
- scatterwalk_map_and_copy(tag.bytes, req->src, req->assoclen + cryptlen,
- authsize, 0);
-
- crypto_aegis128l_crypt(req, &tag, cryptlen, &ops);
-
- return crypto_memneq(tag.bytes, zeros, authsize) ? -EBADMSG : 0;
-}
-
-static int crypto_aegis128l_init_tfm(struct crypto_aead *tfm)
-{
- return 0;
-}
-
-static void crypto_aegis128l_exit_tfm(struct crypto_aead *tfm)
-{
-}
-
-static struct aead_alg crypto_aegis128l_alg = {
- .setkey = crypto_aegis128l_setkey,
- .setauthsize = crypto_aegis128l_setauthsize,
- .encrypt = crypto_aegis128l_encrypt,
- .decrypt = crypto_aegis128l_decrypt,
- .init = crypto_aegis128l_init_tfm,
- .exit = crypto_aegis128l_exit_tfm,
-
- .ivsize = AEGIS128L_NONCE_SIZE,
- .maxauthsize = AEGIS128L_MAX_AUTH_SIZE,
- .chunksize = AEGIS128L_CHUNK_SIZE,
-
- .base = {
- .cra_blocksize = 1,
- .cra_ctxsize = sizeof(struct aegis_ctx),
- .cra_alignmask = 0,
-
- .cra_priority = 100,
-
- .cra_name = "aegis128l",
- .cra_driver_name = "aegis128l-generic",
-
- .cra_module = THIS_MODULE,
- }
-};
-
-static int __init crypto_aegis128l_module_init(void)
-{
- return crypto_register_aead(&crypto_aegis128l_alg);
-}
-
-static void __exit crypto_aegis128l_module_exit(void)
-{
- crypto_unregister_aead(&crypto_aegis128l_alg);
-}
-
-subsys_initcall(crypto_aegis128l_module_init);
-module_exit(crypto_aegis128l_module_exit);
-
-MODULE_LICENSE("GPL");
-MODULE_AUTHOR("Ondrej Mosnacek <omosnacek@gmail.com>");
-MODULE_DESCRIPTION("AEGIS-128L AEAD algorithm");
-MODULE_ALIAS_CRYPTO("aegis128l");
-MODULE_ALIAS_CRYPTO("aegis128l-generic");
diff --git a/crypto/aegis256.c b/crypto/aegis256.c
deleted file mode 100644
index b47fd39595ad..000000000000
--- a/crypto/aegis256.c
+++ /dev/null
@@ -1,473 +0,0 @@
-// SPDX-License-Identifier: GPL-2.0-or-later
-/*
- * The AEGIS-256 Authenticated-Encryption Algorithm
- *
- * Copyright (c) 2017-2018 Ondrej Mosnacek <omosnacek@gmail.com>
- * Copyright (C) 2017-2018 Red Hat, Inc. All rights reserved.
- */
-
-#include <crypto/algapi.h>
-#include <crypto/internal/aead.h>
-#include <crypto/internal/skcipher.h>
-#include <crypto/scatterwalk.h>
-#include <linux/err.h>
-#include <linux/init.h>
-#include <linux/kernel.h>
-#include <linux/module.h>
-#include <linux/scatterlist.h>
-
-#include "aegis.h"
-
-#define AEGIS256_NONCE_SIZE 32
-#define AEGIS256_STATE_BLOCKS 6
-#define AEGIS256_KEY_SIZE 32
-#define AEGIS256_MIN_AUTH_SIZE 8
-#define AEGIS256_MAX_AUTH_SIZE 16
-
-struct aegis_state {
- union aegis_block blocks[AEGIS256_STATE_BLOCKS];
-};
-
-struct aegis_ctx {
- union aegis_block key[AEGIS256_KEY_SIZE / AEGIS_BLOCK_SIZE];
-};
-
-struct aegis256_ops {
- int (*skcipher_walk_init)(struct skcipher_walk *walk,
- struct aead_request *req, bool atomic);
-
- void (*crypt_chunk)(struct aegis_state *state, u8 *dst,
- const u8 *src, unsigned int size);
-};
-
-static void crypto_aegis256_update(struct aegis_state *state)
-{
- union aegis_block tmp;
- unsigned int i;
-
- tmp = state->blocks[AEGIS256_STATE_BLOCKS - 1];
- for (i = AEGIS256_STATE_BLOCKS - 1; i > 0; i--)
- crypto_aegis_aesenc(&state->blocks[i], &state->blocks[i - 1],
- &state->blocks[i]);
- crypto_aegis_aesenc(&state->blocks[0], &tmp, &state->blocks[0]);
-}
-
-static void crypto_aegis256_update_a(struct aegis_state *state,
- const union aegis_block *msg)
-{
- crypto_aegis256_update(state);
- crypto_aegis_block_xor(&state->blocks[0], msg);
-}
-
-static void crypto_aegis256_update_u(struct aegis_state *state, const void *msg)
-{
- crypto_aegis256_update(state);
- crypto_xor(state->blocks[0].bytes, msg, AEGIS_BLOCK_SIZE);
-}
-
-static void crypto_aegis256_init(struct aegis_state *state,
- const union aegis_block *key,
- const u8 *iv)
-{
- union aegis_block key_iv[2];
- unsigned int i;
-
- key_iv[0] = key[0];
- key_iv[1] = key[1];
- crypto_xor(key_iv[0].bytes, iv + 0 * AEGIS_BLOCK_SIZE,
- AEGIS_BLOCK_SIZE);
- crypto_xor(key_iv[1].bytes, iv + 1 * AEGIS_BLOCK_SIZE,
- AEGIS_BLOCK_SIZE);
-
- state->blocks[0] = key_iv[0];
- state->blocks[1] = key_iv[1];
- state->blocks[2] = crypto_aegis_const[1];
- state->blocks[3] = crypto_aegis_const[0];
- state->blocks[4] = key[0];
- state->blocks[5] = key[1];
-
- crypto_aegis_block_xor(&state->blocks[4], &crypto_aegis_const[0]);
- crypto_aegis_block_xor(&state->blocks[5], &crypto_aegis_const[1]);
-
- for (i = 0; i < 4; i++) {
- crypto_aegis256_update_a(state, &key[0]);
- crypto_aegis256_update_a(state, &key[1]);
- crypto_aegis256_update_a(state, &key_iv[0]);
- crypto_aegis256_update_a(state, &key_iv[1]);
- }
-}
-
-static void crypto_aegis256_ad(struct aegis_state *state,
- const u8 *src, unsigned int size)
-{
- if (AEGIS_ALIGNED(src)) {
- const union aegis_block *src_blk =
- (const union aegis_block *)src;
-
- while (size >= AEGIS_BLOCK_SIZE) {
- crypto_aegis256_update_a(state, src_blk);
-
- size -= AEGIS_BLOCK_SIZE;
- src_blk++;
- }
- } else {
- while (size >= AEGIS_BLOCK_SIZE) {
- crypto_aegis256_update_u(state, src);
-
- size -= AEGIS_BLOCK_SIZE;
- src += AEGIS_BLOCK_SIZE;
- }
- }
-}
-
-static void crypto_aegis256_encrypt_chunk(struct aegis_state *state, u8 *dst,
- const u8 *src, unsigned int size)
-{
- union aegis_block tmp;
-
- if (AEGIS_ALIGNED(src) && AEGIS_ALIGNED(dst)) {
- while (size >= AEGIS_BLOCK_SIZE) {
- union aegis_block *dst_blk =
- (union aegis_block *)dst;
- const union aegis_block *src_blk =
- (const union aegis_block *)src;
-
- tmp = state->blocks[2];
- crypto_aegis_block_and(&tmp, &state->blocks[3]);
- crypto_aegis_block_xor(&tmp, &state->blocks[5]);
- crypto_aegis_block_xor(&tmp, &state->blocks[4]);
- crypto_aegis_block_xor(&tmp, &state->blocks[1]);
- crypto_aegis_block_xor(&tmp, src_blk);
-
- crypto_aegis256_update_a(state, src_blk);
-
- *dst_blk = tmp;
-
- size -= AEGIS_BLOCK_SIZE;
- src += AEGIS_BLOCK_SIZE;
- dst += AEGIS_BLOCK_SIZE;
- }
- } else {
- while (size >= AEGIS_BLOCK_SIZE) {
- tmp = state->blocks[2];
- crypto_aegis_block_and(&tmp, &state->blocks[3]);
- crypto_aegis_block_xor(&tmp, &state->blocks[5]);
- crypto_aegis_block_xor(&tmp, &state->blocks[4]);
- crypto_aegis_block_xor(&tmp, &state->blocks[1]);
- crypto_xor(tmp.bytes, src, AEGIS_BLOCK_SIZE);
-
- crypto_aegis256_update_u(state, src);
-
- memcpy(dst, tmp.bytes, AEGIS_BLOCK_SIZE);
-
- size -= AEGIS_BLOCK_SIZE;
- src += AEGIS_BLOCK_SIZE;
- dst += AEGIS_BLOCK_SIZE;
- }
- }
-
- if (size > 0) {
- union aegis_block msg = {};
- memcpy(msg.bytes, src, size);
-
- tmp = state->blocks[2];
- crypto_aegis_block_and(&tmp, &state->blocks[3]);
- crypto_aegis_block_xor(&tmp, &state->blocks[5]);
- crypto_aegis_block_xor(&tmp, &state->blocks[4]);
- crypto_aegis_block_xor(&tmp, &state->blocks[1]);
-
- crypto_aegis256_update_a(state, &msg);
-
- crypto_aegis_block_xor(&msg, &tmp);
-
- memcpy(dst, msg.bytes, size);
- }
-}
-
-static void crypto_aegis256_decrypt_chunk(struct aegis_state *state, u8 *dst,
- const u8 *src, unsigned int size)
-{
- union aegis_block tmp;
-
- if (AEGIS_ALIGNED(src) && AEGIS_ALIGNED(dst)) {
- while (size >= AEGIS_BLOCK_SIZE) {
- union aegis_block *dst_blk =
- (union aegis_block *)dst;
- const union aegis_block *src_blk =
- (const union aegis_block *)src;
-
- tmp = state->blocks[2];
- crypto_aegis_block_and(&tmp, &state->blocks[3]);
- crypto_aegis_block_xor(&tmp, &state->blocks[5]);
- crypto_aegis_block_xor(&tmp, &state->blocks[4]);
- crypto_aegis_block_xor(&tmp, &state->blocks[1]);
- crypto_aegis_block_xor(&tmp, src_blk);
-
- crypto_aegis256_update_a(state, &tmp);
-
- *dst_blk = tmp;
-
- size -= AEGIS_BLOCK_SIZE;
- src += AEGIS_BLOCK_SIZE;
- dst += AEGIS_BLOCK_SIZE;
- }
- } else {
- while (size >= AEGIS_BLOCK_SIZE) {
- tmp = state->blocks[2];
- crypto_aegis_block_and(&tmp, &state->blocks[3]);
- crypto_aegis_block_xor(&tmp, &state->blocks[5]);
- crypto_aegis_block_xor(&tmp, &state->blocks[4]);
- crypto_aegis_block_xor(&tmp, &state->blocks[1]);
- crypto_xor(tmp.bytes, src, AEGIS_BLOCK_SIZE);
-
- crypto_aegis256_update_a(state, &tmp);
-
- memcpy(dst, tmp.bytes, AEGIS_BLOCK_SIZE);
-
- size -= AEGIS_BLOCK_SIZE;
- src += AEGIS_BLOCK_SIZE;
- dst += AEGIS_BLOCK_SIZE;
- }
- }
-
- if (size > 0) {
- union aegis_block msg = {};
- memcpy(msg.bytes, src, size);
-
- tmp = state->blocks[2];
- crypto_aegis_block_and(&tmp, &state->blocks[3]);
- crypto_aegis_block_xor(&tmp, &state->blocks[5]);
- crypto_aegis_block_xor(&tmp, &state->blocks[4]);
- crypto_aegis_block_xor(&tmp, &state->blocks[1]);
- crypto_aegis_block_xor(&msg, &tmp);
-
- memset(msg.bytes + size, 0, AEGIS_BLOCK_SIZE - size);
-
- crypto_aegis256_update_a(state, &msg);
-
- memcpy(dst, msg.bytes, size);
- }
-}
-
-static void crypto_aegis256_process_ad(struct aegis_state *state,
- struct scatterlist *sg_src,
- unsigned int assoclen)
-{
- struct scatter_walk walk;
- union aegis_block buf;
- unsigned int pos = 0;
-
- scatterwalk_start(&walk, sg_src);
- while (assoclen != 0) {
- unsigned int size = scatterwalk_clamp(&walk, assoclen);
- unsigned int left = size;
- void *mapped = scatterwalk_map(&walk);
- const u8 *src = (const u8 *)mapped;
-
- if (pos + size >= AEGIS_BLOCK_SIZE) {
- if (pos > 0) {
- unsigned int fill = AEGIS_BLOCK_SIZE - pos;
- memcpy(buf.bytes + pos, src, fill);
- crypto_aegis256_update_a(state, &buf);
- pos = 0;
- left -= fill;
- src += fill;
- }
-
- crypto_aegis256_ad(state, src, left);
- src += left & ~(AEGIS_BLOCK_SIZE - 1);
- left &= AEGIS_BLOCK_SIZE - 1;
- }
-
- memcpy(buf.bytes + pos, src, left);
-
- pos += left;
- assoclen -= size;
- scatterwalk_unmap(mapped);
- scatterwalk_advance(&walk, size);
- scatterwalk_done(&walk, 0, assoclen);
- }
-
- if (pos > 0) {
- memset(buf.bytes + pos, 0, AEGIS_BLOCK_SIZE - pos);
- crypto_aegis256_update_a(state, &buf);
- }
-}
-
-static void crypto_aegis256_process_crypt(struct aegis_state *state,
- struct aead_request *req,
- const struct aegis256_ops *ops)
-{
- struct skcipher_walk walk;
-
- ops->skcipher_walk_init(&walk, req, false);
-
- while (walk.nbytes) {
- unsigned int nbytes = walk.nbytes;
-
- if (nbytes < walk.total)
- nbytes = round_down(nbytes, walk.stride);
-
- ops->crypt_chunk(state, walk.dst.virt.addr, walk.src.virt.addr,
- nbytes);
-
- skcipher_walk_done(&walk, walk.nbytes - nbytes);
- }
-}
-
-static void crypto_aegis256_final(struct aegis_state *state,
- union aegis_block *tag_xor,
- u64 assoclen, u64 cryptlen)
-{
- u64 assocbits = assoclen * 8;
- u64 cryptbits = cryptlen * 8;
-
- union aegis_block tmp;
- unsigned int i;
-
- tmp.words64[0] = cpu_to_le64(assocbits);
- tmp.words64[1] = cpu_to_le64(cryptbits);
-
- crypto_aegis_block_xor(&tmp, &state->blocks[3]);
-
- for (i = 0; i < 7; i++)
- crypto_aegis256_update_a(state, &tmp);
-
- for (i = 0; i < AEGIS256_STATE_BLOCKS; i++)
- crypto_aegis_block_xor(tag_xor, &state->blocks[i]);
-}
-
-static int crypto_aegis256_setkey(struct crypto_aead *aead, const u8 *key,
- unsigned int keylen)
-{
- struct aegis_ctx *ctx = crypto_aead_ctx(aead);
-
- if (keylen != AEGIS256_KEY_SIZE) {
- crypto_aead_set_flags(aead, CRYPTO_TFM_RES_BAD_KEY_LEN);
- return -EINVAL;
- }
-
- memcpy(ctx->key[0].bytes, key, AEGIS_BLOCK_SIZE);
- memcpy(ctx->key[1].bytes, key + AEGIS_BLOCK_SIZE,
- AEGIS_BLOCK_SIZE);
- return 0;
-}
-
-static int crypto_aegis256_setauthsize(struct crypto_aead *tfm,
- unsigned int authsize)
-{
- if (authsize > AEGIS256_MAX_AUTH_SIZE)
- return -EINVAL;
- if (authsize < AEGIS256_MIN_AUTH_SIZE)
- return -EINVAL;
- return 0;
-}
-
-static void crypto_aegis256_crypt(struct aead_request *req,
- union aegis_block *tag_xor,
- unsigned int cryptlen,
- const struct aegis256_ops *ops)
-{
- struct crypto_aead *tfm = crypto_aead_reqtfm(req);
- struct aegis_ctx *ctx = crypto_aead_ctx(tfm);
- struct aegis_state state;
-
- crypto_aegis256_init(&state, ctx->key, req->iv);
- crypto_aegis256_process_ad(&state, req->src, req->assoclen);
- crypto_aegis256_process_crypt(&state, req, ops);
- crypto_aegis256_final(&state, tag_xor, req->assoclen, cryptlen);
-}
-
-static int crypto_aegis256_encrypt(struct aead_request *req)
-{
- static const struct aegis256_ops ops = {
- .skcipher_walk_init = skcipher_walk_aead_encrypt,
- .crypt_chunk = crypto_aegis256_encrypt_chunk,
- };
-
- struct crypto_aead *tfm = crypto_aead_reqtfm(req);
- union aegis_block tag = {};
- unsigned int authsize = crypto_aead_authsize(tfm);
- unsigned int cryptlen = req->cryptlen;
-
- crypto_aegis256_crypt(req, &tag, cryptlen, &ops);
-
- scatterwalk_map_and_copy(tag.bytes, req->dst, req->assoclen + cryptlen,
- authsize, 1);
- return 0;
-}
-
-static int crypto_aegis256_decrypt(struct aead_request *req)
-{
- static const struct aegis256_ops ops = {
- .skcipher_walk_init = skcipher_walk_aead_decrypt,
- .crypt_chunk = crypto_aegis256_decrypt_chunk,
- };
- static const u8 zeros[AEGIS256_MAX_AUTH_SIZE] = {};
-
- struct crypto_aead *tfm = crypto_aead_reqtfm(req);
- union aegis_block tag;
- unsigned int authsize = crypto_aead_authsize(tfm);
- unsigned int cryptlen = req->cryptlen - authsize;
-
- scatterwalk_map_and_copy(tag.bytes, req->src, req->assoclen + cryptlen,
- authsize, 0);
-
- crypto_aegis256_crypt(req, &tag, cryptlen, &ops);
-
- return crypto_memneq(tag.bytes, zeros, authsize) ? -EBADMSG : 0;
-}
-
-static int crypto_aegis256_init_tfm(struct crypto_aead *tfm)
-{
- return 0;
-}
-
-static void crypto_aegis256_exit_tfm(struct crypto_aead *tfm)
-{
-}
-
-static struct aead_alg crypto_aegis256_alg = {
- .setkey = crypto_aegis256_setkey,
- .setauthsize = crypto_aegis256_setauthsize,
- .encrypt = crypto_aegis256_encrypt,
- .decrypt = crypto_aegis256_decrypt,
- .init = crypto_aegis256_init_tfm,
- .exit = crypto_aegis256_exit_tfm,
-
- .ivsize = AEGIS256_NONCE_SIZE,
- .maxauthsize = AEGIS256_MAX_AUTH_SIZE,
- .chunksize = AEGIS_BLOCK_SIZE,
-
- .base = {
- .cra_blocksize = 1,
- .cra_ctxsize = sizeof(struct aegis_ctx),
- .cra_alignmask = 0,
-
- .cra_priority = 100,
-
- .cra_name = "aegis256",
- .cra_driver_name = "aegis256-generic",
-
- .cra_module = THIS_MODULE,
- }
-};
-
-static int __init crypto_aegis256_module_init(void)
-{
- return crypto_register_aead(&crypto_aegis256_alg);
-}
-
-static void __exit crypto_aegis256_module_exit(void)
-{
- crypto_unregister_aead(&crypto_aegis256_alg);
-}
-
-subsys_initcall(crypto_aegis256_module_init);
-module_exit(crypto_aegis256_module_exit);
-
-MODULE_LICENSE("GPL");
-MODULE_AUTHOR("Ondrej Mosnacek <omosnacek@gmail.com>");
-MODULE_DESCRIPTION("AEGIS-256 AEAD algorithm");
-MODULE_ALIAS_CRYPTO("aegis256");
-MODULE_ALIAS_CRYPTO("aegis256-generic");
diff --git a/crypto/aes_generic.c b/crypto/aes_generic.c
index f217568917e4..22e5867177f1 100644
--- a/crypto/aes_generic.c
+++ b/crypto/aes_generic.c
@@ -61,8 +61,6 @@ static inline u8 byte(const u32 x, const unsigned n)
return x >> (n << 3);
}
-static const u32 rco_tab[10] = { 1, 2, 4, 8, 16, 32, 64, 128, 27, 54 };
-
/* cacheline-aligned to facilitate prefetching into cache */
__visible const u32 crypto_ft_tab[4][256] ____cacheline_aligned = {
{
@@ -328,7 +326,7 @@ __visible const u32 crypto_ft_tab[4][256] ____cacheline_aligned = {
}
};
-__visible const u32 crypto_fl_tab[4][256] ____cacheline_aligned = {
+static const u32 crypto_fl_tab[4][256] ____cacheline_aligned = {
{
0x00000063, 0x0000007c, 0x00000077, 0x0000007b,
0x000000f2, 0x0000006b, 0x0000006f, 0x000000c5,
@@ -856,7 +854,7 @@ __visible const u32 crypto_it_tab[4][256] ____cacheline_aligned = {
}
};
-__visible const u32 crypto_il_tab[4][256] ____cacheline_aligned = {
+static const u32 crypto_il_tab[4][256] ____cacheline_aligned = {
{
0x00000052, 0x00000009, 0x0000006a, 0x000000d5,
0x00000030, 0x00000036, 0x000000a5, 0x00000038,
@@ -1121,158 +1119,7 @@ __visible const u32 crypto_il_tab[4][256] ____cacheline_aligned = {
};
EXPORT_SYMBOL_GPL(crypto_ft_tab);
-EXPORT_SYMBOL_GPL(crypto_fl_tab);
EXPORT_SYMBOL_GPL(crypto_it_tab);
-EXPORT_SYMBOL_GPL(crypto_il_tab);
-
-/* initialise the key schedule from the user supplied key */
-
-#define star_x(x) (((x) & 0x7f7f7f7f) << 1) ^ ((((x) & 0x80808080) >> 7) * 0x1b)
-
-#define imix_col(y, x) do { \
- u = star_x(x); \
- v = star_x(u); \
- w = star_x(v); \
- t = w ^ (x); \
- (y) = u ^ v ^ w; \
- (y) ^= ror32(u ^ t, 8) ^ \
- ror32(v ^ t, 16) ^ \
- ror32(t, 24); \
-} while (0)
-
-#define ls_box(x) \
- crypto_fl_tab[0][byte(x, 0)] ^ \
- crypto_fl_tab[1][byte(x, 1)] ^ \
- crypto_fl_tab[2][byte(x, 2)] ^ \
- crypto_fl_tab[3][byte(x, 3)]
-
-#define loop4(i) do { \
- t = ror32(t, 8); \
- t = ls_box(t) ^ rco_tab[i]; \
- t ^= ctx->key_enc[4 * i]; \
- ctx->key_enc[4 * i + 4] = t; \
- t ^= ctx->key_enc[4 * i + 1]; \
- ctx->key_enc[4 * i + 5] = t; \
- t ^= ctx->key_enc[4 * i + 2]; \
- ctx->key_enc[4 * i + 6] = t; \
- t ^= ctx->key_enc[4 * i + 3]; \
- ctx->key_enc[4 * i + 7] = t; \
-} while (0)
-
-#define loop6(i) do { \
- t = ror32(t, 8); \
- t = ls_box(t) ^ rco_tab[i]; \
- t ^= ctx->key_enc[6 * i]; \
- ctx->key_enc[6 * i + 6] = t; \
- t ^= ctx->key_enc[6 * i + 1]; \
- ctx->key_enc[6 * i + 7] = t; \
- t ^= ctx->key_enc[6 * i + 2]; \
- ctx->key_enc[6 * i + 8] = t; \
- t ^= ctx->key_enc[6 * i + 3]; \
- ctx->key_enc[6 * i + 9] = t; \
- t ^= ctx->key_enc[6 * i + 4]; \
- ctx->key_enc[6 * i + 10] = t; \
- t ^= ctx->key_enc[6 * i + 5]; \
- ctx->key_enc[6 * i + 11] = t; \
-} while (0)
-
-#define loop8tophalf(i) do { \
- t = ror32(t, 8); \
- t = ls_box(t) ^ rco_tab[i]; \
- t ^= ctx->key_enc[8 * i]; \
- ctx->key_enc[8 * i + 8] = t; \
- t ^= ctx->key_enc[8 * i + 1]; \
- ctx->key_enc[8 * i + 9] = t; \
- t ^= ctx->key_enc[8 * i + 2]; \
- ctx->key_enc[8 * i + 10] = t; \
- t ^= ctx->key_enc[8 * i + 3]; \
- ctx->key_enc[8 * i + 11] = t; \
-} while (0)
-
-#define loop8(i) do { \
- loop8tophalf(i); \
- t = ctx->key_enc[8 * i + 4] ^ ls_box(t); \
- ctx->key_enc[8 * i + 12] = t; \
- t ^= ctx->key_enc[8 * i + 5]; \
- ctx->key_enc[8 * i + 13] = t; \
- t ^= ctx->key_enc[8 * i + 6]; \
- ctx->key_enc[8 * i + 14] = t; \
- t ^= ctx->key_enc[8 * i + 7]; \
- ctx->key_enc[8 * i + 15] = t; \
-} while (0)
-
-/**
- * crypto_aes_expand_key - Expands the AES key as described in FIPS-197
- * @ctx: The location where the computed key will be stored.
- * @in_key: The supplied key.
- * @key_len: The length of the supplied key.
- *
- * Returns 0 on success. The function fails only if an invalid key size (or
- * pointer) is supplied.
- * The expanded key size is 240 bytes (max of 14 rounds with a unique 16 bytes
- * key schedule plus a 16 bytes key which is used before the first round).
- * The decryption key is prepared for the "Equivalent Inverse Cipher" as
- * described in FIPS-197. The first slot (16 bytes) of each key (enc or dec) is
- * for the initial combination, the second slot for the first round and so on.
- */
-int crypto_aes_expand_key(struct crypto_aes_ctx *ctx, const u8 *in_key,
- unsigned int key_len)
-{
- u32 i, t, u, v, w, j;
-
- if (key_len != AES_KEYSIZE_128 && key_len != AES_KEYSIZE_192 &&
- key_len != AES_KEYSIZE_256)
- return -EINVAL;
-
- ctx->key_length = key_len;
-
- ctx->key_enc[0] = get_unaligned_le32(in_key);
- ctx->key_enc[1] = get_unaligned_le32(in_key + 4);
- ctx->key_enc[2] = get_unaligned_le32(in_key + 8);
- ctx->key_enc[3] = get_unaligned_le32(in_key + 12);
-
- ctx->key_dec[key_len + 24] = ctx->key_enc[0];
- ctx->key_dec[key_len + 25] = ctx->key_enc[1];
- ctx->key_dec[key_len + 26] = ctx->key_enc[2];
- ctx->key_dec[key_len + 27] = ctx->key_enc[3];
-
- switch (key_len) {
- case AES_KEYSIZE_128:
- t = ctx->key_enc[3];
- for (i = 0; i < 10; ++i)
- loop4(i);
- break;
-
- case AES_KEYSIZE_192:
- ctx->key_enc[4] = get_unaligned_le32(in_key + 16);
- t = ctx->key_enc[5] = get_unaligned_le32(in_key + 20);
- for (i = 0; i < 8; ++i)
- loop6(i);
- break;
-
- case AES_KEYSIZE_256:
- ctx->key_enc[4] = get_unaligned_le32(in_key + 16);
- ctx->key_enc[5] = get_unaligned_le32(in_key + 20);
- ctx->key_enc[6] = get_unaligned_le32(in_key + 24);
- t = ctx->key_enc[7] = get_unaligned_le32(in_key + 28);
- for (i = 0; i < 6; ++i)
- loop8(i);
- loop8tophalf(i);
- break;
- }
-
- ctx->key_dec[0] = ctx->key_enc[key_len + 24];
- ctx->key_dec[1] = ctx->key_enc[key_len + 25];
- ctx->key_dec[2] = ctx->key_enc[key_len + 26];
- ctx->key_dec[3] = ctx->key_enc[key_len + 27];
-
- for (i = 4; i < key_len + 24; ++i) {
- j = key_len + 24 - (i & ~3) + (i & 3);
- imix_col(ctx->key_dec[j], ctx->key_enc[i]);
- }
- return 0;
-}
-EXPORT_SYMBOL_GPL(crypto_aes_expand_key);
/**
* crypto_aes_set_key - Set the AES key.
@@ -1281,7 +1128,7 @@ EXPORT_SYMBOL_GPL(crypto_aes_expand_key);
* @key_len: The size of the key.
*
* Returns 0 on success, on failure the %CRYPTO_TFM_RES_BAD_KEY_LEN flag in tfm
- * is set. The function uses crypto_aes_expand_key() to expand the key.
+ * is set. The function uses aes_expand_key() to expand the key.
* &crypto_aes_ctx _must_ be the private data embedded in @tfm which is
* retrieved with crypto_tfm_ctx().
*/
@@ -1292,7 +1139,7 @@ int crypto_aes_set_key(struct crypto_tfm *tfm, const u8 *in_key,
u32 *flags = &tfm->crt_flags;
int ret;
- ret = crypto_aes_expand_key(ctx, in_key, key_len);
+ ret = aes_expandkey(ctx, in_key, key_len);
if (!ret)
return 0;
@@ -1332,7 +1179,7 @@ EXPORT_SYMBOL_GPL(crypto_aes_set_key);
f_rl(bo, bi, 3, k); \
} while (0)
-static void aes_encrypt(struct crypto_tfm *tfm, u8 *out, const u8 *in)
+static void crypto_aes_encrypt(struct crypto_tfm *tfm, u8 *out, const u8 *in)
{
const struct crypto_aes_ctx *ctx = crypto_tfm_ctx(tfm);
u32 b0[4], b1[4];
@@ -1402,7 +1249,7 @@ static void aes_encrypt(struct crypto_tfm *tfm, u8 *out, const u8 *in)
i_rl(bo, bi, 3, k); \
} while (0)
-static void aes_decrypt(struct crypto_tfm *tfm, u8 *out, const u8 *in)
+static void crypto_aes_decrypt(struct crypto_tfm *tfm, u8 *out, const u8 *in)
{
const struct crypto_aes_ctx *ctx = crypto_tfm_ctx(tfm);
u32 b0[4], b1[4];
@@ -1454,8 +1301,8 @@ static struct crypto_alg aes_alg = {
.cia_min_keysize = AES_MIN_KEY_SIZE,
.cia_max_keysize = AES_MAX_KEY_SIZE,
.cia_setkey = crypto_aes_set_key,
- .cia_encrypt = aes_encrypt,
- .cia_decrypt = aes_decrypt
+ .cia_encrypt = crypto_aes_encrypt,
+ .cia_decrypt = crypto_aes_decrypt
}
}
};
diff --git a/crypto/aes_ti.c b/crypto/aes_ti.c
index 798fc9a2c8d6..205c2c257d49 100644
--- a/crypto/aes_ti.c
+++ b/crypto/aes_ti.c
@@ -8,271 +8,19 @@
#include <crypto/aes.h>
#include <linux/crypto.h>
#include <linux/module.h>
-#include <asm/unaligned.h>
-
-/*
- * Emit the sbox as volatile const to prevent the compiler from doing
- * constant folding on sbox references involving fixed indexes.
- */
-static volatile const u8 __cacheline_aligned __aesti_sbox[] = {
- 0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5,
- 0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76,
- 0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0,
- 0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0,
- 0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc,
- 0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15,
- 0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a,
- 0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75,
- 0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0,
- 0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84,
- 0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b,
- 0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf,
- 0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85,
- 0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8,
- 0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5,
- 0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2,
- 0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17,
- 0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73,
- 0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88,
- 0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb,
- 0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c,
- 0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79,
- 0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9,
- 0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08,
- 0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6,
- 0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a,
- 0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e,
- 0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e,
- 0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94,
- 0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf,
- 0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68,
- 0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16,
-};
-
-static volatile const u8 __cacheline_aligned __aesti_inv_sbox[] = {
- 0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38,
- 0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb,
- 0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87,
- 0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb,
- 0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d,
- 0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e,
- 0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2,
- 0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25,
- 0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16,
- 0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92,
- 0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda,
- 0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84,
- 0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a,
- 0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06,
- 0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02,
- 0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b,
- 0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea,
- 0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73,
- 0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85,
- 0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e,
- 0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89,
- 0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b,
- 0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20,
- 0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4,
- 0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31,
- 0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f,
- 0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d,
- 0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef,
- 0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0,
- 0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61,
- 0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26,
- 0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d,
-};
-
-static u32 mul_by_x(u32 w)
-{
- u32 x = w & 0x7f7f7f7f;
- u32 y = w & 0x80808080;
-
- /* multiply by polynomial 'x' (0b10) in GF(2^8) */
- return (x << 1) ^ (y >> 7) * 0x1b;
-}
-
-static u32 mul_by_x2(u32 w)
-{
- u32 x = w & 0x3f3f3f3f;
- u32 y = w & 0x80808080;
- u32 z = w & 0x40404040;
-
- /* multiply by polynomial 'x^2' (0b100) in GF(2^8) */
- return (x << 2) ^ (y >> 7) * 0x36 ^ (z >> 6) * 0x1b;
-}
-
-static u32 mix_columns(u32 x)
-{
- /*
- * Perform the following matrix multiplication in GF(2^8)
- *
- * | 0x2 0x3 0x1 0x1 | | x[0] |
- * | 0x1 0x2 0x3 0x1 | | x[1] |
- * | 0x1 0x1 0x2 0x3 | x | x[2] |
- * | 0x3 0x1 0x1 0x2 | | x[3] |
- */
- u32 y = mul_by_x(x) ^ ror32(x, 16);
-
- return y ^ ror32(x ^ y, 8);
-}
-
-static u32 inv_mix_columns(u32 x)
-{
- /*
- * Perform the following matrix multiplication in GF(2^8)
- *
- * | 0xe 0xb 0xd 0x9 | | x[0] |
- * | 0x9 0xe 0xb 0xd | | x[1] |
- * | 0xd 0x9 0xe 0xb | x | x[2] |
- * | 0xb 0xd 0x9 0xe | | x[3] |
- *
- * which can conveniently be reduced to
- *
- * | 0x2 0x3 0x1 0x1 | | 0x5 0x0 0x4 0x0 | | x[0] |
- * | 0x1 0x2 0x3 0x1 | | 0x0 0x5 0x0 0x4 | | x[1] |
- * | 0x1 0x1 0x2 0x3 | x | 0x4 0x0 0x5 0x0 | x | x[2] |
- * | 0x3 0x1 0x1 0x2 | | 0x0 0x4 0x0 0x5 | | x[3] |
- */
- u32 y = mul_by_x2(x);
-
- return mix_columns(x ^ y ^ ror32(y, 16));
-}
-
-static __always_inline u32 subshift(u32 in[], int pos)
-{
- return (__aesti_sbox[in[pos] & 0xff]) ^
- (__aesti_sbox[(in[(pos + 1) % 4] >> 8) & 0xff] << 8) ^
- (__aesti_sbox[(in[(pos + 2) % 4] >> 16) & 0xff] << 16) ^
- (__aesti_sbox[(in[(pos + 3) % 4] >> 24) & 0xff] << 24);
-}
-
-static __always_inline u32 inv_subshift(u32 in[], int pos)
-{
- return (__aesti_inv_sbox[in[pos] & 0xff]) ^
- (__aesti_inv_sbox[(in[(pos + 3) % 4] >> 8) & 0xff] << 8) ^
- (__aesti_inv_sbox[(in[(pos + 2) % 4] >> 16) & 0xff] << 16) ^
- (__aesti_inv_sbox[(in[(pos + 1) % 4] >> 24) & 0xff] << 24);
-}
-
-static u32 subw(u32 in)
-{
- return (__aesti_sbox[in & 0xff]) ^
- (__aesti_sbox[(in >> 8) & 0xff] << 8) ^
- (__aesti_sbox[(in >> 16) & 0xff] << 16) ^
- (__aesti_sbox[(in >> 24) & 0xff] << 24);
-}
-
-static int aesti_expand_key(struct crypto_aes_ctx *ctx, const u8 *in_key,
- unsigned int key_len)
-{
- u32 kwords = key_len / sizeof(u32);
- u32 rc, i, j;
-
- if (key_len != AES_KEYSIZE_128 &&
- key_len != AES_KEYSIZE_192 &&
- key_len != AES_KEYSIZE_256)
- return -EINVAL;
-
- ctx->key_length = key_len;
-
- for (i = 0; i < kwords; i++)
- ctx->key_enc[i] = get_unaligned_le32(in_key + i * sizeof(u32));
-
- for (i = 0, rc = 1; i < 10; i++, rc = mul_by_x(rc)) {
- u32 *rki = ctx->key_enc + (i * kwords);
- u32 *rko = rki + kwords;
-
- rko[0] = ror32(subw(rki[kwords - 1]), 8) ^ rc ^ rki[0];
- rko[1] = rko[0] ^ rki[1];
- rko[2] = rko[1] ^ rki[2];
- rko[3] = rko[2] ^ rki[3];
-
- if (key_len == 24) {
- if (i >= 7)
- break;
- rko[4] = rko[3] ^ rki[4];
- rko[5] = rko[4] ^ rki[5];
- } else if (key_len == 32) {
- if (i >= 6)
- break;
- rko[4] = subw(rko[3]) ^ rki[4];
- rko[5] = rko[4] ^ rki[5];
- rko[6] = rko[5] ^ rki[6];
- rko[7] = rko[6] ^ rki[7];
- }
- }
-
- /*
- * Generate the decryption keys for the Equivalent Inverse Cipher.
- * This involves reversing the order of the round keys, and applying
- * the Inverse Mix Columns transformation to all but the first and
- * the last one.
- */
- ctx->key_dec[0] = ctx->key_enc[key_len + 24];
- ctx->key_dec[1] = ctx->key_enc[key_len + 25];
- ctx->key_dec[2] = ctx->key_enc[key_len + 26];
- ctx->key_dec[3] = ctx->key_enc[key_len + 27];
-
- for (i = 4, j = key_len + 20; j > 0; i += 4, j -= 4) {
- ctx->key_dec[i] = inv_mix_columns(ctx->key_enc[j]);
- ctx->key_dec[i + 1] = inv_mix_columns(ctx->key_enc[j + 1]);
- ctx->key_dec[i + 2] = inv_mix_columns(ctx->key_enc[j + 2]);
- ctx->key_dec[i + 3] = inv_mix_columns(ctx->key_enc[j + 3]);
- }
-
- ctx->key_dec[i] = ctx->key_enc[0];
- ctx->key_dec[i + 1] = ctx->key_enc[1];
- ctx->key_dec[i + 2] = ctx->key_enc[2];
- ctx->key_dec[i + 3] = ctx->key_enc[3];
-
- return 0;
-}
static int aesti_set_key(struct crypto_tfm *tfm, const u8 *in_key,
unsigned int key_len)
{
struct crypto_aes_ctx *ctx = crypto_tfm_ctx(tfm);
- int err;
-
- err = aesti_expand_key(ctx, in_key, key_len);
- if (err)
- return err;
-
- /*
- * In order to force the compiler to emit data independent Sbox lookups
- * at the start of each block, xor the first round key with values at
- * fixed indexes in the Sbox. This will need to be repeated each time
- * the key is used, which will pull the entire Sbox into the D-cache
- * before any data dependent Sbox lookups are performed.
- */
- ctx->key_enc[0] ^= __aesti_sbox[ 0] ^ __aesti_sbox[128];
- ctx->key_enc[1] ^= __aesti_sbox[32] ^ __aesti_sbox[160];
- ctx->key_enc[2] ^= __aesti_sbox[64] ^ __aesti_sbox[192];
- ctx->key_enc[3] ^= __aesti_sbox[96] ^ __aesti_sbox[224];
-
- ctx->key_dec[0] ^= __aesti_inv_sbox[ 0] ^ __aesti_inv_sbox[128];
- ctx->key_dec[1] ^= __aesti_inv_sbox[32] ^ __aesti_inv_sbox[160];
- ctx->key_dec[2] ^= __aesti_inv_sbox[64] ^ __aesti_inv_sbox[192];
- ctx->key_dec[3] ^= __aesti_inv_sbox[96] ^ __aesti_inv_sbox[224];
- return 0;
+ return aes_expandkey(ctx, in_key, key_len);
}
static void aesti_encrypt(struct crypto_tfm *tfm, u8 *out, const u8 *in)
{
const struct crypto_aes_ctx *ctx = crypto_tfm_ctx(tfm);
- const u32 *rkp = ctx->key_enc + 4;
- int rounds = 6 + ctx->key_length / 4;
- u32 st0[4], st1[4];
unsigned long flags;
- int round;
-
- st0[0] = ctx->key_enc[0] ^ get_unaligned_le32(in);
- st0[1] = ctx->key_enc[1] ^ get_unaligned_le32(in + 4);
- st0[2] = ctx->key_enc[2] ^ get_unaligned_le32(in + 8);
- st0[3] = ctx->key_enc[3] ^ get_unaligned_le32(in + 12);
/*
* Temporarily disable interrupts to avoid races where cachelines are
@@ -280,30 +28,7 @@ static void aesti_encrypt(struct crypto_tfm *tfm, u8 *out, const u8 *in)
*/
local_irq_save(flags);
- st0[0] ^= __aesti_sbox[ 0] ^ __aesti_sbox[128];
- st0[1] ^= __aesti_sbox[32] ^ __aesti_sbox[160];
- st0[2] ^= __aesti_sbox[64] ^ __aesti_sbox[192];
- st0[3] ^= __aesti_sbox[96] ^ __aesti_sbox[224];
-
- for (round = 0;; round += 2, rkp += 8) {
- st1[0] = mix_columns(subshift(st0, 0)) ^ rkp[0];
- st1[1] = mix_columns(subshift(st0, 1)) ^ rkp[1];
- st1[2] = mix_columns(subshift(st0, 2)) ^ rkp[2];
- st1[3] = mix_columns(subshift(st0, 3)) ^ rkp[3];
-
- if (round == rounds - 2)
- break;
-
- st0[0] = mix_columns(subshift(st1, 0)) ^ rkp[4];
- st0[1] = mix_columns(subshift(st1, 1)) ^ rkp[5];
- st0[2] = mix_columns(subshift(st1, 2)) ^ rkp[6];
- st0[3] = mix_columns(subshift(st1, 3)) ^ rkp[7];
- }
-
- put_unaligned_le32(subshift(st1, 0) ^ rkp[4], out);
- put_unaligned_le32(subshift(st1, 1) ^ rkp[5], out + 4);
- put_unaligned_le32(subshift(st1, 2) ^ rkp[6], out + 8);
- put_unaligned_le32(subshift(st1, 3) ^ rkp[7], out + 12);
+ aes_encrypt(ctx, out, in);
local_irq_restore(flags);
}
@@ -311,16 +36,7 @@ static void aesti_encrypt(struct crypto_tfm *tfm, u8 *out, const u8 *in)
static void aesti_decrypt(struct crypto_tfm *tfm, u8 *out, const u8 *in)
{
const struct crypto_aes_ctx *ctx = crypto_tfm_ctx(tfm);
- const u32 *rkp = ctx->key_dec + 4;
- int rounds = 6 + ctx->key_length / 4;
- u32 st0[4], st1[4];
unsigned long flags;
- int round;
-
- st0[0] = ctx->key_dec[0] ^ get_unaligned_le32(in);
- st0[1] = ctx->key_dec[1] ^ get_unaligned_le32(in + 4);
- st0[2] = ctx->key_dec[2] ^ get_unaligned_le32(in + 8);
- st0[3] = ctx->key_dec[3] ^ get_unaligned_le32(in + 12);
/*
* Temporarily disable interrupts to avoid races where cachelines are
@@ -328,30 +44,7 @@ static void aesti_decrypt(struct crypto_tfm *tfm, u8 *out, const u8 *in)
*/
local_irq_save(flags);
- st0[0] ^= __aesti_inv_sbox[ 0] ^ __aesti_inv_sbox[128];
- st0[1] ^= __aesti_inv_sbox[32] ^ __aesti_inv_sbox[160];
- st0[2] ^= __aesti_inv_sbox[64] ^ __aesti_inv_sbox[192];
- st0[3] ^= __aesti_inv_sbox[96] ^ __aesti_inv_sbox[224];
-
- for (round = 0;; round += 2, rkp += 8) {
- st1[0] = inv_mix_columns(inv_subshift(st0, 0)) ^ rkp[0];
- st1[1] = inv_mix_columns(inv_subshift(st0, 1)) ^ rkp[1];
- st1[2] = inv_mix_columns(inv_subshift(st0, 2)) ^ rkp[2];
- st1[3] = inv_mix_columns(inv_subshift(st0, 3)) ^ rkp[3];
-
- if (round == rounds - 2)
- break;
-
- st0[0] = inv_mix_columns(inv_subshift(st1, 0)) ^ rkp[4];
- st0[1] = inv_mix_columns(inv_subshift(st1, 1)) ^ rkp[5];
- st0[2] = inv_mix_columns(inv_subshift(st1, 2)) ^ rkp[6];
- st0[3] = inv_mix_columns(inv_subshift(st1, 3)) ^ rkp[7];
- }
-
- put_unaligned_le32(inv_subshift(st1, 0) ^ rkp[4], out);
- put_unaligned_le32(inv_subshift(st1, 1) ^ rkp[5], out + 4);
- put_unaligned_le32(inv_subshift(st1, 2) ^ rkp[6], out + 8);
- put_unaligned_le32(inv_subshift(st1, 3) ^ rkp[7], out + 12);
+ aes_decrypt(ctx, out, in);
local_irq_restore(flags);
}
diff --git a/crypto/af_alg.c b/crypto/af_alg.c
index 879cf23f7489..0dceaabc6321 100644
--- a/crypto/af_alg.c
+++ b/crypto/af_alg.c
@@ -1043,7 +1043,7 @@ void af_alg_async_cb(struct crypto_async_request *_req, int err)
af_alg_free_resources(areq);
sock_put(sk);
- iocb->ki_complete(iocb, err ? err : resultlen, 0);
+ iocb->ki_complete(iocb, err ? err : (int)resultlen, 0);
}
EXPORT_SYMBOL_GPL(af_alg_async_cb);
diff --git a/crypto/algapi.c b/crypto/algapi.c
index 313a7682cef1..de30ddc952d8 100644
--- a/crypto/algapi.c
+++ b/crypto/algapi.c
@@ -21,23 +21,6 @@
static LIST_HEAD(crypto_template_list);
-static inline int crypto_set_driver_name(struct crypto_alg *alg)
-{
- static const char suffix[] = "-generic";
- char *driver_name = alg->cra_driver_name;
- int len;
-
- if (*driver_name)
- return 0;
-
- len = strlcpy(driver_name, alg->cra_name, CRYPTO_MAX_ALG_NAME);
- if (len + sizeof(suffix) > CRYPTO_MAX_ALG_NAME)
- return -ENAMETOOLONG;
-
- memcpy(driver_name + len, suffix, sizeof(suffix));
- return 0;
-}
-
static inline void crypto_check_module_sig(struct module *mod)
{
if (fips_enabled && mod && !module_sig_ok(mod))
@@ -49,6 +32,9 @@ static int crypto_check_alg(struct crypto_alg *alg)
{
crypto_check_module_sig(alg->cra_module);
+ if (!alg->cra_name[0] || !alg->cra_driver_name[0])
+ return -EINVAL;
+
if (alg->cra_alignmask & (alg->cra_alignmask + 1))
return -EINVAL;
@@ -74,7 +60,7 @@ static int crypto_check_alg(struct crypto_alg *alg)
refcount_set(&alg->cra_refcnt, 1);
- return crypto_set_driver_name(alg);
+ return 0;
}
static void crypto_free_instance(struct crypto_instance *inst)
@@ -947,19 +933,6 @@ struct crypto_async_request *crypto_dequeue_request(struct crypto_queue *queue)
}
EXPORT_SYMBOL_GPL(crypto_dequeue_request);
-int crypto_tfm_in_queue(struct crypto_queue *queue, struct crypto_tfm *tfm)
-{
- struct crypto_async_request *req;
-
- list_for_each_entry(req, &queue->list, list) {
- if (req->tfm == tfm)
- return 1;
- }
-
- return 0;
-}
-EXPORT_SYMBOL_GPL(crypto_tfm_in_queue);
-
static inline void crypto_inc_byte(u8 *a, unsigned int size)
{
u8 *b = (a + size);
diff --git a/crypto/anubis.c b/crypto/anubis.c
index 673927de0eb9..f9ce78fde6ee 100644
--- a/crypto/anubis.c
+++ b/crypto/anubis.c
@@ -673,6 +673,7 @@ static void anubis_decrypt(struct crypto_tfm *tfm, u8 *dst, const u8 *src)
static struct crypto_alg anubis_alg = {
.cra_name = "anubis",
+ .cra_driver_name = "anubis-generic",
.cra_flags = CRYPTO_ALG_TYPE_CIPHER,
.cra_blocksize = ANUBIS_BLOCK_SIZE,
.cra_ctxsize = sizeof (struct anubis_ctx),
diff --git a/crypto/arc4.c b/crypto/arc4.c
index a2120e06bf84..aa79571dbd49 100644
--- a/crypto/arc4.c
+++ b/crypto/arc4.c
@@ -13,84 +13,15 @@
#include <linux/init.h>
#include <linux/module.h>
-struct arc4_ctx {
- u32 S[256];
- u32 x, y;
-};
-
-static int arc4_set_key(struct crypto_tfm *tfm, const u8 *in_key,
- unsigned int key_len)
-{
- struct arc4_ctx *ctx = crypto_tfm_ctx(tfm);
- int i, j = 0, k = 0;
-
- ctx->x = 1;
- ctx->y = 0;
-
- for (i = 0; i < 256; i++)
- ctx->S[i] = i;
-
- for (i = 0; i < 256; i++) {
- u32 a = ctx->S[i];
- j = (j + in_key[k] + a) & 0xff;
- ctx->S[i] = ctx->S[j];
- ctx->S[j] = a;
- if (++k >= key_len)
- k = 0;
- }
-
- return 0;
-}
-
-static int arc4_set_key_skcipher(struct crypto_skcipher *tfm, const u8 *in_key,
- unsigned int key_len)
+static int crypto_arc4_setkey(struct crypto_skcipher *tfm, const u8 *in_key,
+ unsigned int key_len)
{
- return arc4_set_key(&tfm->base, in_key, key_len);
-}
-
-static void arc4_crypt(struct arc4_ctx *ctx, u8 *out, const u8 *in,
- unsigned int len)
-{
- u32 *const S = ctx->S;
- u32 x, y, a, b;
- u32 ty, ta, tb;
-
- if (len == 0)
- return;
-
- x = ctx->x;
- y = ctx->y;
-
- a = S[x];
- y = (y + a) & 0xff;
- b = S[y];
-
- do {
- S[y] = a;
- a = (a + b) & 0xff;
- S[x] = b;
- x = (x + 1) & 0xff;
- ta = S[x];
- ty = (y + ta) & 0xff;
- tb = S[ty];
- *out++ = *in++ ^ S[a];
- if (--len == 0)
- break;
- y = ty;
- a = ta;
- b = tb;
- } while (true);
-
- ctx->x = x;
- ctx->y = y;
-}
+ struct arc4_ctx *ctx = crypto_skcipher_ctx(tfm);
-static void arc4_crypt_one(struct crypto_tfm *tfm, u8 *out, const u8 *in)
-{
- arc4_crypt(crypto_tfm_ctx(tfm), out, in, 1);
+ return arc4_setkey(ctx, in_key, key_len);
}
-static int ecb_arc4_crypt(struct skcipher_request *req)
+static int crypto_arc4_crypt(struct skcipher_request *req)
{
struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req);
struct arc4_ctx *ctx = crypto_skcipher_ctx(tfm);
@@ -108,54 +39,32 @@ static int ecb_arc4_crypt(struct skcipher_request *req)
return err;
}
-static struct crypto_alg arc4_cipher = {
- .cra_name = "arc4",
- .cra_flags = CRYPTO_ALG_TYPE_CIPHER,
- .cra_blocksize = ARC4_BLOCK_SIZE,
- .cra_ctxsize = sizeof(struct arc4_ctx),
- .cra_module = THIS_MODULE,
- .cra_u = {
- .cipher = {
- .cia_min_keysize = ARC4_MIN_KEY_SIZE,
- .cia_max_keysize = ARC4_MAX_KEY_SIZE,
- .cia_setkey = arc4_set_key,
- .cia_encrypt = arc4_crypt_one,
- .cia_decrypt = arc4_crypt_one,
- },
- },
-};
-
-static struct skcipher_alg arc4_skcipher = {
+static struct skcipher_alg arc4_alg = {
+ /*
+ * For legacy reasons, this is named "ecb(arc4)", not "arc4".
+ * Nevertheless it's actually a stream cipher, not a block cipher.
+ */
.base.cra_name = "ecb(arc4)",
+ .base.cra_driver_name = "ecb(arc4)-generic",
.base.cra_priority = 100,
.base.cra_blocksize = ARC4_BLOCK_SIZE,
.base.cra_ctxsize = sizeof(struct arc4_ctx),
.base.cra_module = THIS_MODULE,
.min_keysize = ARC4_MIN_KEY_SIZE,
.max_keysize = ARC4_MAX_KEY_SIZE,
- .setkey = arc4_set_key_skcipher,
- .encrypt = ecb_arc4_crypt,
- .decrypt = ecb_arc4_crypt,
+ .setkey = crypto_arc4_setkey,
+ .encrypt = crypto_arc4_crypt,
+ .decrypt = crypto_arc4_crypt,
};
static int __init arc4_init(void)
{
- int err;
-
- err = crypto_register_alg(&arc4_cipher);
- if (err)
- return err;
-
- err = crypto_register_skcipher(&arc4_skcipher);
- if (err)
- crypto_unregister_alg(&arc4_cipher);
- return err;
+ return crypto_register_skcipher(&arc4_alg);
}
static void __exit arc4_exit(void)
{
- crypto_unregister_alg(&arc4_cipher);
- crypto_unregister_skcipher(&arc4_skcipher);
+ crypto_unregister_skcipher(&arc4_alg);
}
subsys_initcall(arc4_init);
@@ -164,4 +73,4 @@ module_exit(arc4_exit);
MODULE_LICENSE("GPL");
MODULE_DESCRIPTION("ARC4 Cipher Algorithm");
MODULE_AUTHOR("Jon Oberheide <jon@oberheide.org>");
-MODULE_ALIAS_CRYPTO("arc4");
+MODULE_ALIAS_CRYPTO("ecb(arc4)");
diff --git a/crypto/asymmetric_keys/asym_tpm.c b/crypto/asymmetric_keys/asym_tpm.c
index 76d2ce3a1b5b..5154e280ada2 100644
--- a/crypto/asymmetric_keys/asym_tpm.c
+++ b/crypto/asymmetric_keys/asym_tpm.c
@@ -486,6 +486,7 @@ static int tpm_key_encrypt(struct tpm_key *tk,
if (ret < 0)
goto error_free_tfm;
+ ret = -ENOMEM;
req = akcipher_request_alloc(tfm, GFP_KERNEL);
if (!req)
goto error_free_tfm;
diff --git a/crypto/asymmetric_keys/asymmetric_type.c b/crypto/asymmetric_keys/asymmetric_type.c
index 01945ab46382..6e5fc8e31f01 100644
--- a/crypto/asymmetric_keys/asymmetric_type.c
+++ b/crypto/asymmetric_keys/asymmetric_type.c
@@ -83,7 +83,7 @@ struct key *find_asymmetric_key(struct key *keyring,
pr_debug("Look up: \"%s\"\n", req);
ref = keyring_search(make_key_ref(keyring, 1),
- &key_type_asymmetric, req);
+ &key_type_asymmetric, req, true);
if (IS_ERR(ref))
pr_debug("Request for key '%s' err %ld\n", req, PTR_ERR(ref));
kfree(req);
diff --git a/crypto/asymmetric_keys/pkcs7_verify.c b/crypto/asymmetric_keys/pkcs7_verify.c
index 11bee67fa9cc..ce49820caa97 100644
--- a/crypto/asymmetric_keys/pkcs7_verify.c
+++ b/crypto/asymmetric_keys/pkcs7_verify.c
@@ -12,6 +12,7 @@
#include <linux/err.h>
#include <linux/asn1.h>
#include <crypto/hash.h>
+#include <crypto/hash_info.h>
#include <crypto/public_key.h>
#include "pkcs7_parser.h"
@@ -29,6 +30,10 @@ static int pkcs7_digest(struct pkcs7_message *pkcs7,
kenter(",%u,%s", sinfo->index, sinfo->sig->hash_algo);
+ /* The digest was calculated already. */
+ if (sig->digest)
+ return 0;
+
if (!sinfo->sig->hash_algo)
return -ENOPKG;
@@ -117,6 +122,34 @@ error_no_desc:
return ret;
}
+int pkcs7_get_digest(struct pkcs7_message *pkcs7, const u8 **buf, u32 *len,
+ enum hash_algo *hash_algo)
+{
+ struct pkcs7_signed_info *sinfo = pkcs7->signed_infos;
+ int i, ret;
+
+ /*
+ * This function doesn't support messages with more than one signature.
+ */
+ if (sinfo == NULL || sinfo->next != NULL)
+ return -EBADMSG;
+
+ ret = pkcs7_digest(pkcs7, sinfo);
+ if (ret)
+ return ret;
+
+ *buf = sinfo->sig->digest;
+ *len = sinfo->sig->digest_size;
+
+ for (i = 0; i < HASH_ALGO__LAST; i++)
+ if (!strcmp(hash_algo_name[i], sinfo->sig->hash_algo)) {
+ *hash_algo = i;
+ break;
+ }
+
+ return 0;
+}
+
/*
* Find the key (X.509 certificate) to use to verify a PKCS#7 message. PKCS#7
* uses the issuer's name and the issuing certificate serial number for
diff --git a/crypto/asymmetric_keys/public_key.c b/crypto/asymmetric_keys/public_key.c
index 364b9df9d631..d7f43d4ea925 100644
--- a/crypto/asymmetric_keys/public_key.c
+++ b/crypto/asymmetric_keys/public_key.c
@@ -184,6 +184,7 @@ static int software_key_eds_op(struct kernel_pkey_params *params,
if (IS_ERR(tfm))
return PTR_ERR(tfm);
+ ret = -ENOMEM;
req = akcipher_request_alloc(tfm, GFP_KERNEL);
if (!req)
goto error_free_tfm;
diff --git a/crypto/asymmetric_keys/verify_pefile.c b/crypto/asymmetric_keys/verify_pefile.c
index 3b303fe2f061..cc9dbcecaaca 100644
--- a/crypto/asymmetric_keys/verify_pefile.c
+++ b/crypto/asymmetric_keys/verify_pefile.c
@@ -96,7 +96,7 @@ static int pefile_parse_binary(const void *pebuf, unsigned int pelen,
if (!ddir->certs.virtual_address || !ddir->certs.size) {
pr_debug("Unsigned PE binary\n");
- return -EKEYREJECTED;
+ return -ENODATA;
}
chkaddr(ctx->header_size, ddir->certs.virtual_address,
@@ -403,6 +403,8 @@ error_no_desc:
* (*) 0 if at least one signature chain intersects with the keys in the trust
* keyring, or:
*
+ * (*) -ENODATA if there is no signature present.
+ *
* (*) -ENOPKG if a suitable crypto module couldn't be found for a check on a
* chain.
*
diff --git a/crypto/ccm.c b/crypto/ccm.c
index 8c24605c791e..380eb619f657 100644
--- a/crypto/ccm.c
+++ b/crypto/ccm.c
@@ -1009,3 +1009,4 @@ MODULE_DESCRIPTION("Counter with CBC MAC");
MODULE_ALIAS_CRYPTO("ccm_base");
MODULE_ALIAS_CRYPTO("rfc4309");
MODULE_ALIAS_CRYPTO("ccm");
+MODULE_ALIAS_CRYPTO("cbcmac");
diff --git a/crypto/chacha20poly1305.c b/crypto/chacha20poly1305.c
index 2e2c25c62be6..74e824e537e6 100644
--- a/crypto/chacha20poly1305.c
+++ b/crypto/chacha20poly1305.c
@@ -135,14 +135,10 @@ static int chacha_decrypt(struct aead_request *req)
chacha_iv(creq->iv, req, 1);
- sg_init_table(rctx->src, 2);
src = scatterwalk_ffwd(rctx->src, req->src, req->assoclen);
dst = src;
-
- if (req->src != req->dst) {
- sg_init_table(rctx->dst, 2);
+ if (req->src != req->dst)
dst = scatterwalk_ffwd(rctx->dst, req->dst, req->assoclen);
- }
skcipher_request_set_callback(&creq->req, rctx->flags,
chacha_decrypt_done, req);
@@ -178,15 +174,11 @@ static int poly_tail(struct aead_request *req)
struct chachapoly_ctx *ctx = crypto_aead_ctx(tfm);
struct chachapoly_req_ctx *rctx = aead_request_ctx(req);
struct poly_req *preq = &rctx->u.poly;
- __le64 len;
int err;
- sg_init_table(preq->src, 1);
- len = cpu_to_le64(rctx->assoclen);
- memcpy(&preq->tail.assoclen, &len, sizeof(len));
- len = cpu_to_le64(rctx->cryptlen);
- memcpy(&preq->tail.cryptlen, &len, sizeof(len));
- sg_set_buf(preq->src, &preq->tail, sizeof(preq->tail));
+ preq->tail.assoclen = cpu_to_le64(rctx->assoclen);
+ preq->tail.cryptlen = cpu_to_le64(rctx->cryptlen);
+ sg_init_one(preq->src, &preq->tail, sizeof(preq->tail));
ahash_request_set_callback(&preq->req, rctx->flags,
poly_tail_done, req);
@@ -211,13 +203,12 @@ static int poly_cipherpad(struct aead_request *req)
struct chachapoly_ctx *ctx = crypto_aead_ctx(crypto_aead_reqtfm(req));
struct chachapoly_req_ctx *rctx = aead_request_ctx(req);
struct poly_req *preq = &rctx->u.poly;
- unsigned int padlen, bs = POLY1305_BLOCK_SIZE;
+ unsigned int padlen;
int err;
- padlen = (bs - (rctx->cryptlen % bs)) % bs;
+ padlen = -rctx->cryptlen % POLY1305_BLOCK_SIZE;
memset(preq->pad, 0, sizeof(preq->pad));
- sg_init_table(preq->src, 1);
- sg_set_buf(preq->src, &preq->pad, padlen);
+ sg_init_one(preq->src, preq->pad, padlen);
ahash_request_set_callback(&preq->req, rctx->flags,
poly_cipherpad_done, req);
@@ -247,7 +238,6 @@ static int poly_cipher(struct aead_request *req)
if (rctx->cryptlen == req->cryptlen) /* encrypting */
crypt = req->dst;
- sg_init_table(rctx->src, 2);
crypt = scatterwalk_ffwd(rctx->src, crypt, req->assoclen);
ahash_request_set_callback(&preq->req, rctx->flags,
@@ -272,13 +262,12 @@ static int poly_adpad(struct aead_request *req)
struct chachapoly_ctx *ctx = crypto_aead_ctx(crypto_aead_reqtfm(req));
struct chachapoly_req_ctx *rctx = aead_request_ctx(req);
struct poly_req *preq = &rctx->u.poly;
- unsigned int padlen, bs = POLY1305_BLOCK_SIZE;
+ unsigned int padlen;
int err;
- padlen = (bs - (rctx->assoclen % bs)) % bs;
+ padlen = -rctx->assoclen % POLY1305_BLOCK_SIZE;
memset(preq->pad, 0, sizeof(preq->pad));
- sg_init_table(preq->src, 1);
- sg_set_buf(preq->src, preq->pad, padlen);
+ sg_init_one(preq->src, preq->pad, padlen);
ahash_request_set_callback(&preq->req, rctx->flags,
poly_adpad_done, req);
@@ -328,8 +317,7 @@ static int poly_setkey(struct aead_request *req)
struct poly_req *preq = &rctx->u.poly;
int err;
- sg_init_table(preq->src, 1);
- sg_set_buf(preq->src, rctx->key, sizeof(rctx->key));
+ sg_init_one(preq->src, rctx->key, sizeof(rctx->key));
ahash_request_set_callback(&preq->req, rctx->flags,
poly_setkey_done, req);
@@ -387,9 +375,8 @@ static int poly_genkey(struct aead_request *req)
rctx->assoclen -= 8;
}
- sg_init_table(creq->src, 1);
memset(rctx->key, 0, sizeof(rctx->key));
- sg_set_buf(creq->src, rctx->key, sizeof(rctx->key));
+ sg_init_one(creq->src, rctx->key, sizeof(rctx->key));
chacha_iv(creq->iv, req, 0);
@@ -424,14 +411,10 @@ static int chacha_encrypt(struct aead_request *req)
chacha_iv(creq->iv, req, 1);
- sg_init_table(rctx->src, 2);
src = scatterwalk_ffwd(rctx->src, req->src, req->assoclen);
dst = src;
-
- if (req->src != req->dst) {
- sg_init_table(rctx->dst, 2);
+ if (req->src != req->dst)
dst = scatterwalk_ffwd(rctx->dst, req->dst, req->assoclen);
- }
skcipher_request_set_callback(&creq->req, rctx->flags,
chacha_encrypt_done, req);
diff --git a/crypto/chacha_generic.c b/crypto/chacha_generic.c
index 04404c479e68..085d8d219987 100644
--- a/crypto/chacha_generic.c
+++ b/crypto/chacha_generic.c
@@ -32,7 +32,7 @@ static void chacha_docrypt(u32 *state, u8 *dst, const u8 *src,
}
static int chacha_stream_xor(struct skcipher_request *req,
- struct chacha_ctx *ctx, u8 *iv)
+ const struct chacha_ctx *ctx, const u8 *iv)
{
struct skcipher_walk walk;
u32 state[16];
@@ -56,7 +56,7 @@ static int chacha_stream_xor(struct skcipher_request *req,
return err;
}
-void crypto_chacha_init(u32 *state, struct chacha_ctx *ctx, u8 *iv)
+void crypto_chacha_init(u32 *state, const struct chacha_ctx *ctx, const u8 *iv)
{
state[0] = 0x61707865; /* "expa" */
state[1] = 0x3320646e; /* "nd 3" */
diff --git a/crypto/cryptd.c b/crypto/cryptd.c
index 5f76c6e222c6..927760b316a4 100644
--- a/crypto/cryptd.c
+++ b/crypto/cryptd.c
@@ -16,8 +16,7 @@
#include <crypto/internal/aead.h>
#include <crypto/internal/skcipher.h>
#include <crypto/cryptd.h>
-#include <crypto/crypto_wq.h>
-#include <linux/atomic.h>
+#include <linux/refcount.h>
#include <linux/err.h>
#include <linux/init.h>
#include <linux/kernel.h>
@@ -26,11 +25,14 @@
#include <linux/scatterlist.h>
#include <linux/sched.h>
#include <linux/slab.h>
+#include <linux/workqueue.h>
static unsigned int cryptd_max_cpu_qlen = 1000;
module_param(cryptd_max_cpu_qlen, uint, 0);
MODULE_PARM_DESC(cryptd_max_cpu_qlen, "Set cryptd Max queue depth");
+static struct workqueue_struct *cryptd_wq;
+
struct cryptd_cpu_queue {
struct crypto_queue queue;
struct work_struct work;
@@ -61,7 +63,7 @@ struct aead_instance_ctx {
};
struct cryptd_skcipher_ctx {
- atomic_t refcnt;
+ refcount_t refcnt;
struct crypto_sync_skcipher *child;
};
@@ -70,7 +72,7 @@ struct cryptd_skcipher_request_ctx {
};
struct cryptd_hash_ctx {
- atomic_t refcnt;
+ refcount_t refcnt;
struct crypto_shash *child;
};
@@ -80,7 +82,7 @@ struct cryptd_hash_request_ctx {
};
struct cryptd_aead_ctx {
- atomic_t refcnt;
+ refcount_t refcnt;
struct crypto_aead *child;
};
@@ -125,7 +127,7 @@ static int cryptd_enqueue_request(struct cryptd_queue *queue,
{
int cpu, err;
struct cryptd_cpu_queue *cpu_queue;
- atomic_t *refcnt;
+ refcount_t *refcnt;
cpu = get_cpu();
cpu_queue = this_cpu_ptr(queue->cpu_queue);
@@ -136,12 +138,12 @@ static int cryptd_enqueue_request(struct cryptd_queue *queue,
if (err == -ENOSPC)
goto out_put_cpu;
- queue_work_on(cpu, kcrypto_wq, &cpu_queue->work);
+ queue_work_on(cpu, cryptd_wq, &cpu_queue->work);
- if (!atomic_read(refcnt))
+ if (!refcount_read(refcnt))
goto out_put_cpu;
- atomic_inc(refcnt);
+ refcount_inc(refcnt);
out_put_cpu:
put_cpu();
@@ -179,7 +181,7 @@ static void cryptd_queue_worker(struct work_struct *work)
req->complete(req, 0);
if (cpu_queue->queue.qlen)
- queue_work(kcrypto_wq, &cpu_queue->work);
+ queue_work(cryptd_wq, &cpu_queue->work);
}
static inline struct cryptd_queue *cryptd_get_queue(struct crypto_tfm *tfm)
@@ -268,13 +270,13 @@ static void cryptd_skcipher_complete(struct skcipher_request *req, int err)
struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req);
struct cryptd_skcipher_ctx *ctx = crypto_skcipher_ctx(tfm);
struct cryptd_skcipher_request_ctx *rctx = skcipher_request_ctx(req);
- int refcnt = atomic_read(&ctx->refcnt);
+ int refcnt = refcount_read(&ctx->refcnt);
local_bh_disable();
rctx->complete(&req->base, err);
local_bh_enable();
- if (err != -EINPROGRESS && refcnt && atomic_dec_and_test(&ctx->refcnt))
+ if (err != -EINPROGRESS && refcnt && refcount_dec_and_test(&ctx->refcnt))
crypto_free_skcipher(tfm);
}
@@ -519,13 +521,13 @@ static void cryptd_hash_complete(struct ahash_request *req, int err)
struct crypto_ahash *tfm = crypto_ahash_reqtfm(req);
struct cryptd_hash_ctx *ctx = crypto_ahash_ctx(tfm);
struct cryptd_hash_request_ctx *rctx = ahash_request_ctx(req);
- int refcnt = atomic_read(&ctx->refcnt);
+ int refcnt = refcount_read(&ctx->refcnt);
local_bh_disable();
rctx->complete(&req->base, err);
local_bh_enable();
- if (err != -EINPROGRESS && refcnt && atomic_dec_and_test(&ctx->refcnt))
+ if (err != -EINPROGRESS && refcnt && refcount_dec_and_test(&ctx->refcnt))
crypto_free_ahash(tfm);
}
@@ -770,13 +772,13 @@ static void cryptd_aead_crypt(struct aead_request *req,
out:
ctx = crypto_aead_ctx(tfm);
- refcnt = atomic_read(&ctx->refcnt);
+ refcnt = refcount_read(&ctx->refcnt);
local_bh_disable();
compl(&req->base, err);
local_bh_enable();
- if (err != -EINPROGRESS && refcnt && atomic_dec_and_test(&ctx->refcnt))
+ if (err != -EINPROGRESS && refcnt && refcount_dec_and_test(&ctx->refcnt))
crypto_free_aead(tfm);
}
@@ -919,7 +921,7 @@ static int cryptd_create(struct crypto_template *tmpl, struct rtattr **tb)
switch (algt->type & algt->mask & CRYPTO_ALG_TYPE_MASK) {
case CRYPTO_ALG_TYPE_BLKCIPHER:
return cryptd_create_skcipher(tmpl, tb, &queue);
- case CRYPTO_ALG_TYPE_DIGEST:
+ case CRYPTO_ALG_TYPE_HASH:
return cryptd_create_hash(tmpl, tb, &queue);
case CRYPTO_ALG_TYPE_AEAD:
return cryptd_create_aead(tmpl, tb, &queue);
@@ -977,7 +979,7 @@ struct cryptd_skcipher *cryptd_alloc_skcipher(const char *alg_name,
}
ctx = crypto_skcipher_ctx(tfm);
- atomic_set(&ctx->refcnt, 1);
+ refcount_set(&ctx->refcnt, 1);
return container_of(tfm, struct cryptd_skcipher, base);
}
@@ -995,7 +997,7 @@ bool cryptd_skcipher_queued(struct cryptd_skcipher *tfm)
{
struct cryptd_skcipher_ctx *ctx = crypto_skcipher_ctx(&tfm->base);
- return atomic_read(&ctx->refcnt) - 1;
+ return refcount_read(&ctx->refcnt) - 1;
}
EXPORT_SYMBOL_GPL(cryptd_skcipher_queued);
@@ -1003,7 +1005,7 @@ void cryptd_free_skcipher(struct cryptd_skcipher *tfm)
{
struct cryptd_skcipher_ctx *ctx = crypto_skcipher_ctx(&tfm->base);
- if (atomic_dec_and_test(&ctx->refcnt))
+ if (refcount_dec_and_test(&ctx->refcnt))
crypto_free_skcipher(&tfm->base);
}
EXPORT_SYMBOL_GPL(cryptd_free_skcipher);
@@ -1027,7 +1029,7 @@ struct cryptd_ahash *cryptd_alloc_ahash(const char *alg_name,
}
ctx = crypto_ahash_ctx(tfm);
- atomic_set(&ctx->refcnt, 1);
+ refcount_set(&ctx->refcnt, 1);
return __cryptd_ahash_cast(tfm);
}
@@ -1052,7 +1054,7 @@ bool cryptd_ahash_queued(struct cryptd_ahash *tfm)
{
struct cryptd_hash_ctx *ctx = crypto_ahash_ctx(&tfm->base);
- return atomic_read(&ctx->refcnt) - 1;
+ return refcount_read(&ctx->refcnt) - 1;
}
EXPORT_SYMBOL_GPL(cryptd_ahash_queued);
@@ -1060,7 +1062,7 @@ void cryptd_free_ahash(struct cryptd_ahash *tfm)
{
struct cryptd_hash_ctx *ctx = crypto_ahash_ctx(&tfm->base);
- if (atomic_dec_and_test(&ctx->refcnt))
+ if (refcount_dec_and_test(&ctx->refcnt))
crypto_free_ahash(&tfm->base);
}
EXPORT_SYMBOL_GPL(cryptd_free_ahash);
@@ -1084,7 +1086,7 @@ struct cryptd_aead *cryptd_alloc_aead(const char *alg_name,
}
ctx = crypto_aead_ctx(tfm);
- atomic_set(&ctx->refcnt, 1);
+ refcount_set(&ctx->refcnt, 1);
return __cryptd_aead_cast(tfm);
}
@@ -1102,7 +1104,7 @@ bool cryptd_aead_queued(struct cryptd_aead *tfm)
{
struct cryptd_aead_ctx *ctx = crypto_aead_ctx(&tfm->base);
- return atomic_read(&ctx->refcnt) - 1;
+ return refcount_read(&ctx->refcnt) - 1;
}
EXPORT_SYMBOL_GPL(cryptd_aead_queued);
@@ -1110,7 +1112,7 @@ void cryptd_free_aead(struct cryptd_aead *tfm)
{
struct cryptd_aead_ctx *ctx = crypto_aead_ctx(&tfm->base);
- if (atomic_dec_and_test(&ctx->refcnt))
+ if (refcount_dec_and_test(&ctx->refcnt))
crypto_free_aead(&tfm->base);
}
EXPORT_SYMBOL_GPL(cryptd_free_aead);
@@ -1119,19 +1121,31 @@ static int __init cryptd_init(void)
{
int err;
+ cryptd_wq = alloc_workqueue("cryptd", WQ_MEM_RECLAIM | WQ_CPU_INTENSIVE,
+ 1);
+ if (!cryptd_wq)
+ return -ENOMEM;
+
err = cryptd_init_queue(&queue, cryptd_max_cpu_qlen);
if (err)
- return err;
+ goto err_destroy_wq;
err = crypto_register_template(&cryptd_tmpl);
if (err)
- cryptd_fini_queue(&queue);
+ goto err_fini_queue;
+ return 0;
+
+err_fini_queue:
+ cryptd_fini_queue(&queue);
+err_destroy_wq:
+ destroy_workqueue(cryptd_wq);
return err;
}
static void __exit cryptd_exit(void)
{
+ destroy_workqueue(cryptd_wq);
cryptd_fini_queue(&queue);
crypto_unregister_template(&cryptd_tmpl);
}
diff --git a/crypto/crypto_engine.c b/crypto/crypto_engine.c
index d7502ec37f20..055d17977280 100644
--- a/crypto/crypto_engine.c
+++ b/crypto/crypto_engine.c
@@ -425,7 +425,7 @@ EXPORT_SYMBOL_GPL(crypto_engine_stop);
*/
struct crypto_engine *crypto_engine_alloc_init(struct device *dev, bool rt)
{
- struct sched_param param = { .sched_priority = MAX_RT_PRIO - 1 };
+ struct sched_param param = { .sched_priority = MAX_RT_PRIO / 2 };
struct crypto_engine *engine;
if (!dev)
diff --git a/crypto/crypto_null.c b/crypto/crypto_null.c
index 0d341ddecd54..5b84b0f7cc17 100644
--- a/crypto/crypto_null.c
+++ b/crypto/crypto_null.c
@@ -100,6 +100,7 @@ static struct shash_alg digest_null = {
.final = null_final,
.base = {
.cra_name = "digest_null",
+ .cra_driver_name = "digest_null-generic",
.cra_blocksize = NULL_BLOCK_SIZE,
.cra_module = THIS_MODULE,
}
@@ -122,6 +123,7 @@ static struct skcipher_alg skcipher_null = {
static struct crypto_alg null_algs[] = { {
.cra_name = "cipher_null",
+ .cra_driver_name = "cipher_null-generic",
.cra_flags = CRYPTO_ALG_TYPE_CIPHER,
.cra_blocksize = NULL_BLOCK_SIZE,
.cra_ctxsize = 0,
@@ -134,6 +136,7 @@ static struct crypto_alg null_algs[] = { {
.cia_decrypt = null_crypt } }
}, {
.cra_name = "compress_null",
+ .cra_driver_name = "compress_null-generic",
.cra_flags = CRYPTO_ALG_TYPE_COMPRESS,
.cra_blocksize = NULL_BLOCK_SIZE,
.cra_ctxsize = 0,
diff --git a/crypto/crypto_user_base.c b/crypto/crypto_user_base.c
index c65e39005ce2..b785c476de67 100644
--- a/crypto/crypto_user_base.c
+++ b/crypto/crypto_user_base.c
@@ -10,9 +10,10 @@
#include <linux/crypto.h>
#include <linux/cryptouser.h>
#include <linux/sched.h>
-#include <net/netlink.h>
#include <linux/security.h>
+#include <net/netlink.h>
#include <net/net_namespace.h>
+#include <net/sock.h>
#include <crypto/internal/skcipher.h>
#include <crypto/internal/rng.h>
#include <crypto/akcipher.h>
@@ -25,9 +26,6 @@
static DEFINE_MUTEX(crypto_cfg_mutex);
-/* The crypto netlink socket */
-struct sock *crypto_nlsk;
-
struct crypto_dump_info {
struct sk_buff *in_skb;
struct sk_buff *out_skb;
@@ -186,6 +184,7 @@ out:
static int crypto_report(struct sk_buff *in_skb, struct nlmsghdr *in_nlh,
struct nlattr **attrs)
{
+ struct net *net = sock_net(in_skb->sk);
struct crypto_user_alg *p = nlmsg_data(in_nlh);
struct crypto_alg *alg;
struct sk_buff *skb;
@@ -214,10 +213,12 @@ static int crypto_report(struct sk_buff *in_skb, struct nlmsghdr *in_nlh,
drop_alg:
crypto_mod_put(alg);
- if (err)
+ if (err) {
+ kfree_skb(skb);
return err;
+ }
- return nlmsg_unicast(crypto_nlsk, skb, NETLINK_CB(in_skb).portid);
+ return nlmsg_unicast(net->crypto_nlsk, skb, NETLINK_CB(in_skb).portid);
}
static int crypto_dump_report(struct sk_buff *skb, struct netlink_callback *cb)
@@ -420,6 +421,7 @@ static const struct crypto_link {
static int crypto_user_rcv_msg(struct sk_buff *skb, struct nlmsghdr *nlh,
struct netlink_ext_ack *extack)
{
+ struct net *net = sock_net(skb->sk);
struct nlattr *attrs[CRYPTOCFGA_MAX+1];
const struct crypto_link *link;
int type, err;
@@ -450,7 +452,7 @@ static int crypto_user_rcv_msg(struct sk_buff *skb, struct nlmsghdr *nlh,
.done = link->done,
.min_dump_alloc = min(dump_alloc, 65535UL),
};
- err = netlink_dump_start(crypto_nlsk, skb, nlh, &c);
+ err = netlink_dump_start(net->crypto_nlsk, skb, nlh, &c);
}
return err;
@@ -474,22 +476,35 @@ static void crypto_netlink_rcv(struct sk_buff *skb)
mutex_unlock(&crypto_cfg_mutex);
}
-static int __init crypto_user_init(void)
+static int __net_init crypto_netlink_init(struct net *net)
{
struct netlink_kernel_cfg cfg = {
.input = crypto_netlink_rcv,
};
- crypto_nlsk = netlink_kernel_create(&init_net, NETLINK_CRYPTO, &cfg);
- if (!crypto_nlsk)
- return -ENOMEM;
+ net->crypto_nlsk = netlink_kernel_create(net, NETLINK_CRYPTO, &cfg);
+ return net->crypto_nlsk == NULL ? -ENOMEM : 0;
+}
- return 0;
+static void __net_exit crypto_netlink_exit(struct net *net)
+{
+ netlink_kernel_release(net->crypto_nlsk);
+ net->crypto_nlsk = NULL;
+}
+
+static struct pernet_operations crypto_netlink_net_ops = {
+ .init = crypto_netlink_init,
+ .exit = crypto_netlink_exit,
+};
+
+static int __init crypto_user_init(void)
+{
+ return register_pernet_subsys(&crypto_netlink_net_ops);
}
static void __exit crypto_user_exit(void)
{
- netlink_kernel_release(crypto_nlsk);
+ unregister_pernet_subsys(&crypto_netlink_net_ops);
}
module_init(crypto_user_init);
diff --git a/crypto/crypto_user_stat.c b/crypto/crypto_user_stat.c
index a03f326a63d3..1be95432fa23 100644
--- a/crypto/crypto_user_stat.c
+++ b/crypto/crypto_user_stat.c
@@ -10,6 +10,7 @@
#include <linux/cryptouser.h>
#include <linux/sched.h>
#include <net/netlink.h>
+#include <net/sock.h>
#include <crypto/internal/skcipher.h>
#include <crypto/internal/rng.h>
#include <crypto/akcipher.h>
@@ -298,6 +299,7 @@ out:
int crypto_reportstat(struct sk_buff *in_skb, struct nlmsghdr *in_nlh,
struct nlattr **attrs)
{
+ struct net *net = sock_net(in_skb->sk);
struct crypto_user_alg *p = nlmsg_data(in_nlh);
struct crypto_alg *alg;
struct sk_buff *skb;
@@ -326,10 +328,12 @@ int crypto_reportstat(struct sk_buff *in_skb, struct nlmsghdr *in_nlh,
drop_alg:
crypto_mod_put(alg);
- if (err)
+ if (err) {
+ kfree_skb(skb);
return err;
+ }
- return nlmsg_unicast(crypto_nlsk, skb, NETLINK_CB(in_skb).portid);
+ return nlmsg_unicast(net->crypto_nlsk, skb, NETLINK_CB(in_skb).portid);
}
MODULE_LICENSE("GPL");
diff --git a/crypto/crypto_wq.c b/crypto/crypto_wq.c
deleted file mode 100644
index 80501928e0bb..000000000000
--- a/crypto/crypto_wq.c
+++ /dev/null
@@ -1,35 +0,0 @@
-// SPDX-License-Identifier: GPL-2.0-or-later
-/*
- * Workqueue for crypto subsystem
- *
- * Copyright (c) 2009 Intel Corp.
- * Author: Huang Ying <ying.huang@intel.com>
- */
-
-#include <linux/workqueue.h>
-#include <linux/module.h>
-#include <crypto/algapi.h>
-#include <crypto/crypto_wq.h>
-
-struct workqueue_struct *kcrypto_wq;
-EXPORT_SYMBOL_GPL(kcrypto_wq);
-
-static int __init crypto_wq_init(void)
-{
- kcrypto_wq = alloc_workqueue("crypto",
- WQ_MEM_RECLAIM | WQ_CPU_INTENSIVE, 1);
- if (unlikely(!kcrypto_wq))
- return -ENOMEM;
- return 0;
-}
-
-static void __exit crypto_wq_exit(void)
-{
- destroy_workqueue(kcrypto_wq);
-}
-
-subsys_initcall(crypto_wq_init);
-module_exit(crypto_wq_exit);
-
-MODULE_LICENSE("GPL");
-MODULE_DESCRIPTION("Workqueue for crypto subsystem");
diff --git a/crypto/deflate.c b/crypto/deflate.c
index 65be51456398..4c0e6c9d942a 100644
--- a/crypto/deflate.c
+++ b/crypto/deflate.c
@@ -275,6 +275,7 @@ static int deflate_sdecompress(struct crypto_scomp *tfm, const u8 *src,
static struct crypto_alg alg = {
.cra_name = "deflate",
+ .cra_driver_name = "deflate-generic",
.cra_flags = CRYPTO_ALG_TYPE_COMPRESS,
.cra_ctxsize = sizeof(struct deflate_ctx),
.cra_module = THIS_MODULE,
diff --git a/crypto/des_generic.c b/crypto/des_generic.c
index dc085514408a..6e13a4a29ecb 100644
--- a/crypto/des_generic.c
+++ b/crypto/des_generic.c
@@ -13,934 +13,79 @@
#include <linux/module.h>
#include <linux/errno.h>
#include <linux/crypto.h>
-#include <linux/types.h>
-#include <crypto/des.h>
-
-#define ROL(x, r) ((x) = rol32((x), (r)))
-#define ROR(x, r) ((x) = ror32((x), (r)))
-
-struct des_ctx {
- u32 expkey[DES_EXPKEY_WORDS];
-};
-
-struct des3_ede_ctx {
- u32 expkey[DES3_EDE_EXPKEY_WORDS];
-};
-
-/* Lookup tables for key expansion */
-
-static const u8 pc1[256] = {
- 0x00, 0x00, 0x40, 0x04, 0x10, 0x10, 0x50, 0x14,
- 0x04, 0x40, 0x44, 0x44, 0x14, 0x50, 0x54, 0x54,
- 0x02, 0x02, 0x42, 0x06, 0x12, 0x12, 0x52, 0x16,
- 0x06, 0x42, 0x46, 0x46, 0x16, 0x52, 0x56, 0x56,
- 0x80, 0x08, 0xc0, 0x0c, 0x90, 0x18, 0xd0, 0x1c,
- 0x84, 0x48, 0xc4, 0x4c, 0x94, 0x58, 0xd4, 0x5c,
- 0x82, 0x0a, 0xc2, 0x0e, 0x92, 0x1a, 0xd2, 0x1e,
- 0x86, 0x4a, 0xc6, 0x4e, 0x96, 0x5a, 0xd6, 0x5e,
- 0x20, 0x20, 0x60, 0x24, 0x30, 0x30, 0x70, 0x34,
- 0x24, 0x60, 0x64, 0x64, 0x34, 0x70, 0x74, 0x74,
- 0x22, 0x22, 0x62, 0x26, 0x32, 0x32, 0x72, 0x36,
- 0x26, 0x62, 0x66, 0x66, 0x36, 0x72, 0x76, 0x76,
- 0xa0, 0x28, 0xe0, 0x2c, 0xb0, 0x38, 0xf0, 0x3c,
- 0xa4, 0x68, 0xe4, 0x6c, 0xb4, 0x78, 0xf4, 0x7c,
- 0xa2, 0x2a, 0xe2, 0x2e, 0xb2, 0x3a, 0xf2, 0x3e,
- 0xa6, 0x6a, 0xe6, 0x6e, 0xb6, 0x7a, 0xf6, 0x7e,
- 0x08, 0x80, 0x48, 0x84, 0x18, 0x90, 0x58, 0x94,
- 0x0c, 0xc0, 0x4c, 0xc4, 0x1c, 0xd0, 0x5c, 0xd4,
- 0x0a, 0x82, 0x4a, 0x86, 0x1a, 0x92, 0x5a, 0x96,
- 0x0e, 0xc2, 0x4e, 0xc6, 0x1e, 0xd2, 0x5e, 0xd6,
- 0x88, 0x88, 0xc8, 0x8c, 0x98, 0x98, 0xd8, 0x9c,
- 0x8c, 0xc8, 0xcc, 0xcc, 0x9c, 0xd8, 0xdc, 0xdc,
- 0x8a, 0x8a, 0xca, 0x8e, 0x9a, 0x9a, 0xda, 0x9e,
- 0x8e, 0xca, 0xce, 0xce, 0x9e, 0xda, 0xde, 0xde,
- 0x28, 0xa0, 0x68, 0xa4, 0x38, 0xb0, 0x78, 0xb4,
- 0x2c, 0xe0, 0x6c, 0xe4, 0x3c, 0xf0, 0x7c, 0xf4,
- 0x2a, 0xa2, 0x6a, 0xa6, 0x3a, 0xb2, 0x7a, 0xb6,
- 0x2e, 0xe2, 0x6e, 0xe6, 0x3e, 0xf2, 0x7e, 0xf6,
- 0xa8, 0xa8, 0xe8, 0xac, 0xb8, 0xb8, 0xf8, 0xbc,
- 0xac, 0xe8, 0xec, 0xec, 0xbc, 0xf8, 0xfc, 0xfc,
- 0xaa, 0xaa, 0xea, 0xae, 0xba, 0xba, 0xfa, 0xbe,
- 0xae, 0xea, 0xee, 0xee, 0xbe, 0xfa, 0xfe, 0xfe
-};
-
-static const u8 rs[256] = {
- 0x00, 0x00, 0x80, 0x80, 0x02, 0x02, 0x82, 0x82,
- 0x04, 0x04, 0x84, 0x84, 0x06, 0x06, 0x86, 0x86,
- 0x08, 0x08, 0x88, 0x88, 0x0a, 0x0a, 0x8a, 0x8a,
- 0x0c, 0x0c, 0x8c, 0x8c, 0x0e, 0x0e, 0x8e, 0x8e,
- 0x10, 0x10, 0x90, 0x90, 0x12, 0x12, 0x92, 0x92,
- 0x14, 0x14, 0x94, 0x94, 0x16, 0x16, 0x96, 0x96,
- 0x18, 0x18, 0x98, 0x98, 0x1a, 0x1a, 0x9a, 0x9a,
- 0x1c, 0x1c, 0x9c, 0x9c, 0x1e, 0x1e, 0x9e, 0x9e,
- 0x20, 0x20, 0xa0, 0xa0, 0x22, 0x22, 0xa2, 0xa2,
- 0x24, 0x24, 0xa4, 0xa4, 0x26, 0x26, 0xa6, 0xa6,
- 0x28, 0x28, 0xa8, 0xa8, 0x2a, 0x2a, 0xaa, 0xaa,
- 0x2c, 0x2c, 0xac, 0xac, 0x2e, 0x2e, 0xae, 0xae,
- 0x30, 0x30, 0xb0, 0xb0, 0x32, 0x32, 0xb2, 0xb2,
- 0x34, 0x34, 0xb4, 0xb4, 0x36, 0x36, 0xb6, 0xb6,
- 0x38, 0x38, 0xb8, 0xb8, 0x3a, 0x3a, 0xba, 0xba,
- 0x3c, 0x3c, 0xbc, 0xbc, 0x3e, 0x3e, 0xbe, 0xbe,
- 0x40, 0x40, 0xc0, 0xc0, 0x42, 0x42, 0xc2, 0xc2,
- 0x44, 0x44, 0xc4, 0xc4, 0x46, 0x46, 0xc6, 0xc6,
- 0x48, 0x48, 0xc8, 0xc8, 0x4a, 0x4a, 0xca, 0xca,
- 0x4c, 0x4c, 0xcc, 0xcc, 0x4e, 0x4e, 0xce, 0xce,
- 0x50, 0x50, 0xd0, 0xd0, 0x52, 0x52, 0xd2, 0xd2,
- 0x54, 0x54, 0xd4, 0xd4, 0x56, 0x56, 0xd6, 0xd6,
- 0x58, 0x58, 0xd8, 0xd8, 0x5a, 0x5a, 0xda, 0xda,
- 0x5c, 0x5c, 0xdc, 0xdc, 0x5e, 0x5e, 0xde, 0xde,
- 0x60, 0x60, 0xe0, 0xe0, 0x62, 0x62, 0xe2, 0xe2,
- 0x64, 0x64, 0xe4, 0xe4, 0x66, 0x66, 0xe6, 0xe6,
- 0x68, 0x68, 0xe8, 0xe8, 0x6a, 0x6a, 0xea, 0xea,
- 0x6c, 0x6c, 0xec, 0xec, 0x6e, 0x6e, 0xee, 0xee,
- 0x70, 0x70, 0xf0, 0xf0, 0x72, 0x72, 0xf2, 0xf2,
- 0x74, 0x74, 0xf4, 0xf4, 0x76, 0x76, 0xf6, 0xf6,
- 0x78, 0x78, 0xf8, 0xf8, 0x7a, 0x7a, 0xfa, 0xfa,
- 0x7c, 0x7c, 0xfc, 0xfc, 0x7e, 0x7e, 0xfe, 0xfe
-};
-
-static const u32 pc2[1024] = {
- 0x00000000, 0x00000000, 0x00000000, 0x00000000,
- 0x00040000, 0x00000000, 0x04000000, 0x00100000,
- 0x00400000, 0x00000008, 0x00000800, 0x40000000,
- 0x00440000, 0x00000008, 0x04000800, 0x40100000,
- 0x00000400, 0x00000020, 0x08000000, 0x00000100,
- 0x00040400, 0x00000020, 0x0c000000, 0x00100100,
- 0x00400400, 0x00000028, 0x08000800, 0x40000100,
- 0x00440400, 0x00000028, 0x0c000800, 0x40100100,
- 0x80000000, 0x00000010, 0x00000000, 0x00800000,
- 0x80040000, 0x00000010, 0x04000000, 0x00900000,
- 0x80400000, 0x00000018, 0x00000800, 0x40800000,
- 0x80440000, 0x00000018, 0x04000800, 0x40900000,
- 0x80000400, 0x00000030, 0x08000000, 0x00800100,
- 0x80040400, 0x00000030, 0x0c000000, 0x00900100,
- 0x80400400, 0x00000038, 0x08000800, 0x40800100,
- 0x80440400, 0x00000038, 0x0c000800, 0x40900100,
- 0x10000000, 0x00000000, 0x00200000, 0x00001000,
- 0x10040000, 0x00000000, 0x04200000, 0x00101000,
- 0x10400000, 0x00000008, 0x00200800, 0x40001000,
- 0x10440000, 0x00000008, 0x04200800, 0x40101000,
- 0x10000400, 0x00000020, 0x08200000, 0x00001100,
- 0x10040400, 0x00000020, 0x0c200000, 0x00101100,
- 0x10400400, 0x00000028, 0x08200800, 0x40001100,
- 0x10440400, 0x00000028, 0x0c200800, 0x40101100,
- 0x90000000, 0x00000010, 0x00200000, 0x00801000,
- 0x90040000, 0x00000010, 0x04200000, 0x00901000,
- 0x90400000, 0x00000018, 0x00200800, 0x40801000,
- 0x90440000, 0x00000018, 0x04200800, 0x40901000,
- 0x90000400, 0x00000030, 0x08200000, 0x00801100,
- 0x90040400, 0x00000030, 0x0c200000, 0x00901100,
- 0x90400400, 0x00000038, 0x08200800, 0x40801100,
- 0x90440400, 0x00000038, 0x0c200800, 0x40901100,
- 0x00000200, 0x00080000, 0x00000000, 0x00000004,
- 0x00040200, 0x00080000, 0x04000000, 0x00100004,
- 0x00400200, 0x00080008, 0x00000800, 0x40000004,
- 0x00440200, 0x00080008, 0x04000800, 0x40100004,
- 0x00000600, 0x00080020, 0x08000000, 0x00000104,
- 0x00040600, 0x00080020, 0x0c000000, 0x00100104,
- 0x00400600, 0x00080028, 0x08000800, 0x40000104,
- 0x00440600, 0x00080028, 0x0c000800, 0x40100104,
- 0x80000200, 0x00080010, 0x00000000, 0x00800004,
- 0x80040200, 0x00080010, 0x04000000, 0x00900004,
- 0x80400200, 0x00080018, 0x00000800, 0x40800004,
- 0x80440200, 0x00080018, 0x04000800, 0x40900004,
- 0x80000600, 0x00080030, 0x08000000, 0x00800104,
- 0x80040600, 0x00080030, 0x0c000000, 0x00900104,
- 0x80400600, 0x00080038, 0x08000800, 0x40800104,
- 0x80440600, 0x00080038, 0x0c000800, 0x40900104,
- 0x10000200, 0x00080000, 0x00200000, 0x00001004,
- 0x10040200, 0x00080000, 0x04200000, 0x00101004,
- 0x10400200, 0x00080008, 0x00200800, 0x40001004,
- 0x10440200, 0x00080008, 0x04200800, 0x40101004,
- 0x10000600, 0x00080020, 0x08200000, 0x00001104,
- 0x10040600, 0x00080020, 0x0c200000, 0x00101104,
- 0x10400600, 0x00080028, 0x08200800, 0x40001104,
- 0x10440600, 0x00080028, 0x0c200800, 0x40101104,
- 0x90000200, 0x00080010, 0x00200000, 0x00801004,
- 0x90040200, 0x00080010, 0x04200000, 0x00901004,
- 0x90400200, 0x00080018, 0x00200800, 0x40801004,
- 0x90440200, 0x00080018, 0x04200800, 0x40901004,
- 0x90000600, 0x00080030, 0x08200000, 0x00801104,
- 0x90040600, 0x00080030, 0x0c200000, 0x00901104,
- 0x90400600, 0x00080038, 0x08200800, 0x40801104,
- 0x90440600, 0x00080038, 0x0c200800, 0x40901104,
- 0x00000002, 0x00002000, 0x20000000, 0x00000001,
- 0x00040002, 0x00002000, 0x24000000, 0x00100001,
- 0x00400002, 0x00002008, 0x20000800, 0x40000001,
- 0x00440002, 0x00002008, 0x24000800, 0x40100001,
- 0x00000402, 0x00002020, 0x28000000, 0x00000101,
- 0x00040402, 0x00002020, 0x2c000000, 0x00100101,
- 0x00400402, 0x00002028, 0x28000800, 0x40000101,
- 0x00440402, 0x00002028, 0x2c000800, 0x40100101,
- 0x80000002, 0x00002010, 0x20000000, 0x00800001,
- 0x80040002, 0x00002010, 0x24000000, 0x00900001,
- 0x80400002, 0x00002018, 0x20000800, 0x40800001,
- 0x80440002, 0x00002018, 0x24000800, 0x40900001,
- 0x80000402, 0x00002030, 0x28000000, 0x00800101,
- 0x80040402, 0x00002030, 0x2c000000, 0x00900101,
- 0x80400402, 0x00002038, 0x28000800, 0x40800101,
- 0x80440402, 0x00002038, 0x2c000800, 0x40900101,
- 0x10000002, 0x00002000, 0x20200000, 0x00001001,
- 0x10040002, 0x00002000, 0x24200000, 0x00101001,
- 0x10400002, 0x00002008, 0x20200800, 0x40001001,
- 0x10440002, 0x00002008, 0x24200800, 0x40101001,
- 0x10000402, 0x00002020, 0x28200000, 0x00001101,
- 0x10040402, 0x00002020, 0x2c200000, 0x00101101,
- 0x10400402, 0x00002028, 0x28200800, 0x40001101,
- 0x10440402, 0x00002028, 0x2c200800, 0x40101101,
- 0x90000002, 0x00002010, 0x20200000, 0x00801001,
- 0x90040002, 0x00002010, 0x24200000, 0x00901001,
- 0x90400002, 0x00002018, 0x20200800, 0x40801001,
- 0x90440002, 0x00002018, 0x24200800, 0x40901001,
- 0x90000402, 0x00002030, 0x28200000, 0x00801101,
- 0x90040402, 0x00002030, 0x2c200000, 0x00901101,
- 0x90400402, 0x00002038, 0x28200800, 0x40801101,
- 0x90440402, 0x00002038, 0x2c200800, 0x40901101,
- 0x00000202, 0x00082000, 0x20000000, 0x00000005,
- 0x00040202, 0x00082000, 0x24000000, 0x00100005,
- 0x00400202, 0x00082008, 0x20000800, 0x40000005,
- 0x00440202, 0x00082008, 0x24000800, 0x40100005,
- 0x00000602, 0x00082020, 0x28000000, 0x00000105,
- 0x00040602, 0x00082020, 0x2c000000, 0x00100105,
- 0x00400602, 0x00082028, 0x28000800, 0x40000105,
- 0x00440602, 0x00082028, 0x2c000800, 0x40100105,
- 0x80000202, 0x00082010, 0x20000000, 0x00800005,
- 0x80040202, 0x00082010, 0x24000000, 0x00900005,
- 0x80400202, 0x00082018, 0x20000800, 0x40800005,
- 0x80440202, 0x00082018, 0x24000800, 0x40900005,
- 0x80000602, 0x00082030, 0x28000000, 0x00800105,
- 0x80040602, 0x00082030, 0x2c000000, 0x00900105,
- 0x80400602, 0x00082038, 0x28000800, 0x40800105,
- 0x80440602, 0x00082038, 0x2c000800, 0x40900105,
- 0x10000202, 0x00082000, 0x20200000, 0x00001005,
- 0x10040202, 0x00082000, 0x24200000, 0x00101005,
- 0x10400202, 0x00082008, 0x20200800, 0x40001005,
- 0x10440202, 0x00082008, 0x24200800, 0x40101005,
- 0x10000602, 0x00082020, 0x28200000, 0x00001105,
- 0x10040602, 0x00082020, 0x2c200000, 0x00101105,
- 0x10400602, 0x00082028, 0x28200800, 0x40001105,
- 0x10440602, 0x00082028, 0x2c200800, 0x40101105,
- 0x90000202, 0x00082010, 0x20200000, 0x00801005,
- 0x90040202, 0x00082010, 0x24200000, 0x00901005,
- 0x90400202, 0x00082018, 0x20200800, 0x40801005,
- 0x90440202, 0x00082018, 0x24200800, 0x40901005,
- 0x90000602, 0x00082030, 0x28200000, 0x00801105,
- 0x90040602, 0x00082030, 0x2c200000, 0x00901105,
- 0x90400602, 0x00082038, 0x28200800, 0x40801105,
- 0x90440602, 0x00082038, 0x2c200800, 0x40901105,
-
- 0x00000000, 0x00000000, 0x00000000, 0x00000000,
- 0x00000000, 0x00000008, 0x00080000, 0x10000000,
- 0x02000000, 0x00000000, 0x00000080, 0x00001000,
- 0x02000000, 0x00000008, 0x00080080, 0x10001000,
- 0x00004000, 0x00000000, 0x00000040, 0x00040000,
- 0x00004000, 0x00000008, 0x00080040, 0x10040000,
- 0x02004000, 0x00000000, 0x000000c0, 0x00041000,
- 0x02004000, 0x00000008, 0x000800c0, 0x10041000,
- 0x00020000, 0x00008000, 0x08000000, 0x00200000,
- 0x00020000, 0x00008008, 0x08080000, 0x10200000,
- 0x02020000, 0x00008000, 0x08000080, 0x00201000,
- 0x02020000, 0x00008008, 0x08080080, 0x10201000,
- 0x00024000, 0x00008000, 0x08000040, 0x00240000,
- 0x00024000, 0x00008008, 0x08080040, 0x10240000,
- 0x02024000, 0x00008000, 0x080000c0, 0x00241000,
- 0x02024000, 0x00008008, 0x080800c0, 0x10241000,
- 0x00000000, 0x01000000, 0x00002000, 0x00000020,
- 0x00000000, 0x01000008, 0x00082000, 0x10000020,
- 0x02000000, 0x01000000, 0x00002080, 0x00001020,
- 0x02000000, 0x01000008, 0x00082080, 0x10001020,
- 0x00004000, 0x01000000, 0x00002040, 0x00040020,
- 0x00004000, 0x01000008, 0x00082040, 0x10040020,
- 0x02004000, 0x01000000, 0x000020c0, 0x00041020,
- 0x02004000, 0x01000008, 0x000820c0, 0x10041020,
- 0x00020000, 0x01008000, 0x08002000, 0x00200020,
- 0x00020000, 0x01008008, 0x08082000, 0x10200020,
- 0x02020000, 0x01008000, 0x08002080, 0x00201020,
- 0x02020000, 0x01008008, 0x08082080, 0x10201020,
- 0x00024000, 0x01008000, 0x08002040, 0x00240020,
- 0x00024000, 0x01008008, 0x08082040, 0x10240020,
- 0x02024000, 0x01008000, 0x080020c0, 0x00241020,
- 0x02024000, 0x01008008, 0x080820c0, 0x10241020,
- 0x00000400, 0x04000000, 0x00100000, 0x00000004,
- 0x00000400, 0x04000008, 0x00180000, 0x10000004,
- 0x02000400, 0x04000000, 0x00100080, 0x00001004,
- 0x02000400, 0x04000008, 0x00180080, 0x10001004,
- 0x00004400, 0x04000000, 0x00100040, 0x00040004,
- 0x00004400, 0x04000008, 0x00180040, 0x10040004,
- 0x02004400, 0x04000000, 0x001000c0, 0x00041004,
- 0x02004400, 0x04000008, 0x001800c0, 0x10041004,
- 0x00020400, 0x04008000, 0x08100000, 0x00200004,
- 0x00020400, 0x04008008, 0x08180000, 0x10200004,
- 0x02020400, 0x04008000, 0x08100080, 0x00201004,
- 0x02020400, 0x04008008, 0x08180080, 0x10201004,
- 0x00024400, 0x04008000, 0x08100040, 0x00240004,
- 0x00024400, 0x04008008, 0x08180040, 0x10240004,
- 0x02024400, 0x04008000, 0x081000c0, 0x00241004,
- 0x02024400, 0x04008008, 0x081800c0, 0x10241004,
- 0x00000400, 0x05000000, 0x00102000, 0x00000024,
- 0x00000400, 0x05000008, 0x00182000, 0x10000024,
- 0x02000400, 0x05000000, 0x00102080, 0x00001024,
- 0x02000400, 0x05000008, 0x00182080, 0x10001024,
- 0x00004400, 0x05000000, 0x00102040, 0x00040024,
- 0x00004400, 0x05000008, 0x00182040, 0x10040024,
- 0x02004400, 0x05000000, 0x001020c0, 0x00041024,
- 0x02004400, 0x05000008, 0x001820c0, 0x10041024,
- 0x00020400, 0x05008000, 0x08102000, 0x00200024,
- 0x00020400, 0x05008008, 0x08182000, 0x10200024,
- 0x02020400, 0x05008000, 0x08102080, 0x00201024,
- 0x02020400, 0x05008008, 0x08182080, 0x10201024,
- 0x00024400, 0x05008000, 0x08102040, 0x00240024,
- 0x00024400, 0x05008008, 0x08182040, 0x10240024,
- 0x02024400, 0x05008000, 0x081020c0, 0x00241024,
- 0x02024400, 0x05008008, 0x081820c0, 0x10241024,
- 0x00000800, 0x00010000, 0x20000000, 0x00000010,
- 0x00000800, 0x00010008, 0x20080000, 0x10000010,
- 0x02000800, 0x00010000, 0x20000080, 0x00001010,
- 0x02000800, 0x00010008, 0x20080080, 0x10001010,
- 0x00004800, 0x00010000, 0x20000040, 0x00040010,
- 0x00004800, 0x00010008, 0x20080040, 0x10040010,
- 0x02004800, 0x00010000, 0x200000c0, 0x00041010,
- 0x02004800, 0x00010008, 0x200800c0, 0x10041010,
- 0x00020800, 0x00018000, 0x28000000, 0x00200010,
- 0x00020800, 0x00018008, 0x28080000, 0x10200010,
- 0x02020800, 0x00018000, 0x28000080, 0x00201010,
- 0x02020800, 0x00018008, 0x28080080, 0x10201010,
- 0x00024800, 0x00018000, 0x28000040, 0x00240010,
- 0x00024800, 0x00018008, 0x28080040, 0x10240010,
- 0x02024800, 0x00018000, 0x280000c0, 0x00241010,
- 0x02024800, 0x00018008, 0x280800c0, 0x10241010,
- 0x00000800, 0x01010000, 0x20002000, 0x00000030,
- 0x00000800, 0x01010008, 0x20082000, 0x10000030,
- 0x02000800, 0x01010000, 0x20002080, 0x00001030,
- 0x02000800, 0x01010008, 0x20082080, 0x10001030,
- 0x00004800, 0x01010000, 0x20002040, 0x00040030,
- 0x00004800, 0x01010008, 0x20082040, 0x10040030,
- 0x02004800, 0x01010000, 0x200020c0, 0x00041030,
- 0x02004800, 0x01010008, 0x200820c0, 0x10041030,
- 0x00020800, 0x01018000, 0x28002000, 0x00200030,
- 0x00020800, 0x01018008, 0x28082000, 0x10200030,
- 0x02020800, 0x01018000, 0x28002080, 0x00201030,
- 0x02020800, 0x01018008, 0x28082080, 0x10201030,
- 0x00024800, 0x01018000, 0x28002040, 0x00240030,
- 0x00024800, 0x01018008, 0x28082040, 0x10240030,
- 0x02024800, 0x01018000, 0x280020c0, 0x00241030,
- 0x02024800, 0x01018008, 0x280820c0, 0x10241030,
- 0x00000c00, 0x04010000, 0x20100000, 0x00000014,
- 0x00000c00, 0x04010008, 0x20180000, 0x10000014,
- 0x02000c00, 0x04010000, 0x20100080, 0x00001014,
- 0x02000c00, 0x04010008, 0x20180080, 0x10001014,
- 0x00004c00, 0x04010000, 0x20100040, 0x00040014,
- 0x00004c00, 0x04010008, 0x20180040, 0x10040014,
- 0x02004c00, 0x04010000, 0x201000c0, 0x00041014,
- 0x02004c00, 0x04010008, 0x201800c0, 0x10041014,
- 0x00020c00, 0x04018000, 0x28100000, 0x00200014,
- 0x00020c00, 0x04018008, 0x28180000, 0x10200014,
- 0x02020c00, 0x04018000, 0x28100080, 0x00201014,
- 0x02020c00, 0x04018008, 0x28180080, 0x10201014,
- 0x00024c00, 0x04018000, 0x28100040, 0x00240014,
- 0x00024c00, 0x04018008, 0x28180040, 0x10240014,
- 0x02024c00, 0x04018000, 0x281000c0, 0x00241014,
- 0x02024c00, 0x04018008, 0x281800c0, 0x10241014,
- 0x00000c00, 0x05010000, 0x20102000, 0x00000034,
- 0x00000c00, 0x05010008, 0x20182000, 0x10000034,
- 0x02000c00, 0x05010000, 0x20102080, 0x00001034,
- 0x02000c00, 0x05010008, 0x20182080, 0x10001034,
- 0x00004c00, 0x05010000, 0x20102040, 0x00040034,
- 0x00004c00, 0x05010008, 0x20182040, 0x10040034,
- 0x02004c00, 0x05010000, 0x201020c0, 0x00041034,
- 0x02004c00, 0x05010008, 0x201820c0, 0x10041034,
- 0x00020c00, 0x05018000, 0x28102000, 0x00200034,
- 0x00020c00, 0x05018008, 0x28182000, 0x10200034,
- 0x02020c00, 0x05018000, 0x28102080, 0x00201034,
- 0x02020c00, 0x05018008, 0x28182080, 0x10201034,
- 0x00024c00, 0x05018000, 0x28102040, 0x00240034,
- 0x00024c00, 0x05018008, 0x28182040, 0x10240034,
- 0x02024c00, 0x05018000, 0x281020c0, 0x00241034,
- 0x02024c00, 0x05018008, 0x281820c0, 0x10241034
-};
-
-/* S-box lookup tables */
-
-static const u32 S1[64] = {
- 0x01010400, 0x00000000, 0x00010000, 0x01010404,
- 0x01010004, 0x00010404, 0x00000004, 0x00010000,
- 0x00000400, 0x01010400, 0x01010404, 0x00000400,
- 0x01000404, 0x01010004, 0x01000000, 0x00000004,
- 0x00000404, 0x01000400, 0x01000400, 0x00010400,
- 0x00010400, 0x01010000, 0x01010000, 0x01000404,
- 0x00010004, 0x01000004, 0x01000004, 0x00010004,
- 0x00000000, 0x00000404, 0x00010404, 0x01000000,
- 0x00010000, 0x01010404, 0x00000004, 0x01010000,
- 0x01010400, 0x01000000, 0x01000000, 0x00000400,
- 0x01010004, 0x00010000, 0x00010400, 0x01000004,
- 0x00000400, 0x00000004, 0x01000404, 0x00010404,
- 0x01010404, 0x00010004, 0x01010000, 0x01000404,
- 0x01000004, 0x00000404, 0x00010404, 0x01010400,
- 0x00000404, 0x01000400, 0x01000400, 0x00000000,
- 0x00010004, 0x00010400, 0x00000000, 0x01010004
-};
-
-static const u32 S2[64] = {
- 0x80108020, 0x80008000, 0x00008000, 0x00108020,
- 0x00100000, 0x00000020, 0x80100020, 0x80008020,
- 0x80000020, 0x80108020, 0x80108000, 0x80000000,
- 0x80008000, 0x00100000, 0x00000020, 0x80100020,
- 0x00108000, 0x00100020, 0x80008020, 0x00000000,
- 0x80000000, 0x00008000, 0x00108020, 0x80100000,
- 0x00100020, 0x80000020, 0x00000000, 0x00108000,
- 0x00008020, 0x80108000, 0x80100000, 0x00008020,
- 0x00000000, 0x00108020, 0x80100020, 0x00100000,
- 0x80008020, 0x80100000, 0x80108000, 0x00008000,
- 0x80100000, 0x80008000, 0x00000020, 0x80108020,
- 0x00108020, 0x00000020, 0x00008000, 0x80000000,
- 0x00008020, 0x80108000, 0x00100000, 0x80000020,
- 0x00100020, 0x80008020, 0x80000020, 0x00100020,
- 0x00108000, 0x00000000, 0x80008000, 0x00008020,
- 0x80000000, 0x80100020, 0x80108020, 0x00108000
-};
-
-static const u32 S3[64] = {
- 0x00000208, 0x08020200, 0x00000000, 0x08020008,
- 0x08000200, 0x00000000, 0x00020208, 0x08000200,
- 0x00020008, 0x08000008, 0x08000008, 0x00020000,
- 0x08020208, 0x00020008, 0x08020000, 0x00000208,
- 0x08000000, 0x00000008, 0x08020200, 0x00000200,
- 0x00020200, 0x08020000, 0x08020008, 0x00020208,
- 0x08000208, 0x00020200, 0x00020000, 0x08000208,
- 0x00000008, 0x08020208, 0x00000200, 0x08000000,
- 0x08020200, 0x08000000, 0x00020008, 0x00000208,
- 0x00020000, 0x08020200, 0x08000200, 0x00000000,
- 0x00000200, 0x00020008, 0x08020208, 0x08000200,
- 0x08000008, 0x00000200, 0x00000000, 0x08020008,
- 0x08000208, 0x00020000, 0x08000000, 0x08020208,
- 0x00000008, 0x00020208, 0x00020200, 0x08000008,
- 0x08020000, 0x08000208, 0x00000208, 0x08020000,
- 0x00020208, 0x00000008, 0x08020008, 0x00020200
-};
-
-static const u32 S4[64] = {
- 0x00802001, 0x00002081, 0x00002081, 0x00000080,
- 0x00802080, 0x00800081, 0x00800001, 0x00002001,
- 0x00000000, 0x00802000, 0x00802000, 0x00802081,
- 0x00000081, 0x00000000, 0x00800080, 0x00800001,
- 0x00000001, 0x00002000, 0x00800000, 0x00802001,
- 0x00000080, 0x00800000, 0x00002001, 0x00002080,
- 0x00800081, 0x00000001, 0x00002080, 0x00800080,
- 0x00002000, 0x00802080, 0x00802081, 0x00000081,
- 0x00800080, 0x00800001, 0x00802000, 0x00802081,
- 0x00000081, 0x00000000, 0x00000000, 0x00802000,
- 0x00002080, 0x00800080, 0x00800081, 0x00000001,
- 0x00802001, 0x00002081, 0x00002081, 0x00000080,
- 0x00802081, 0x00000081, 0x00000001, 0x00002000,
- 0x00800001, 0x00002001, 0x00802080, 0x00800081,
- 0x00002001, 0x00002080, 0x00800000, 0x00802001,
- 0x00000080, 0x00800000, 0x00002000, 0x00802080
-};
-
-static const u32 S5[64] = {
- 0x00000100, 0x02080100, 0x02080000, 0x42000100,
- 0x00080000, 0x00000100, 0x40000000, 0x02080000,
- 0x40080100, 0x00080000, 0x02000100, 0x40080100,
- 0x42000100, 0x42080000, 0x00080100, 0x40000000,
- 0x02000000, 0x40080000, 0x40080000, 0x00000000,
- 0x40000100, 0x42080100, 0x42080100, 0x02000100,
- 0x42080000, 0x40000100, 0x00000000, 0x42000000,
- 0x02080100, 0x02000000, 0x42000000, 0x00080100,
- 0x00080000, 0x42000100, 0x00000100, 0x02000000,
- 0x40000000, 0x02080000, 0x42000100, 0x40080100,
- 0x02000100, 0x40000000, 0x42080000, 0x02080100,
- 0x40080100, 0x00000100, 0x02000000, 0x42080000,
- 0x42080100, 0x00080100, 0x42000000, 0x42080100,
- 0x02080000, 0x00000000, 0x40080000, 0x42000000,
- 0x00080100, 0x02000100, 0x40000100, 0x00080000,
- 0x00000000, 0x40080000, 0x02080100, 0x40000100
-};
-
-static const u32 S6[64] = {
- 0x20000010, 0x20400000, 0x00004000, 0x20404010,
- 0x20400000, 0x00000010, 0x20404010, 0x00400000,
- 0x20004000, 0x00404010, 0x00400000, 0x20000010,
- 0x00400010, 0x20004000, 0x20000000, 0x00004010,
- 0x00000000, 0x00400010, 0x20004010, 0x00004000,
- 0x00404000, 0x20004010, 0x00000010, 0x20400010,
- 0x20400010, 0x00000000, 0x00404010, 0x20404000,
- 0x00004010, 0x00404000, 0x20404000, 0x20000000,
- 0x20004000, 0x00000010, 0x20400010, 0x00404000,
- 0x20404010, 0x00400000, 0x00004010, 0x20000010,
- 0x00400000, 0x20004000, 0x20000000, 0x00004010,
- 0x20000010, 0x20404010, 0x00404000, 0x20400000,
- 0x00404010, 0x20404000, 0x00000000, 0x20400010,
- 0x00000010, 0x00004000, 0x20400000, 0x00404010,
- 0x00004000, 0x00400010, 0x20004010, 0x00000000,
- 0x20404000, 0x20000000, 0x00400010, 0x20004010
-};
-
-static const u32 S7[64] = {
- 0x00200000, 0x04200002, 0x04000802, 0x00000000,
- 0x00000800, 0x04000802, 0x00200802, 0x04200800,
- 0x04200802, 0x00200000, 0x00000000, 0x04000002,
- 0x00000002, 0x04000000, 0x04200002, 0x00000802,
- 0x04000800, 0x00200802, 0x00200002, 0x04000800,
- 0x04000002, 0x04200000, 0x04200800, 0x00200002,
- 0x04200000, 0x00000800, 0x00000802, 0x04200802,
- 0x00200800, 0x00000002, 0x04000000, 0x00200800,
- 0x04000000, 0x00200800, 0x00200000, 0x04000802,
- 0x04000802, 0x04200002, 0x04200002, 0x00000002,
- 0x00200002, 0x04000000, 0x04000800, 0x00200000,
- 0x04200800, 0x00000802, 0x00200802, 0x04200800,
- 0x00000802, 0x04000002, 0x04200802, 0x04200000,
- 0x00200800, 0x00000000, 0x00000002, 0x04200802,
- 0x00000000, 0x00200802, 0x04200000, 0x00000800,
- 0x04000002, 0x04000800, 0x00000800, 0x00200002
-};
-
-static const u32 S8[64] = {
- 0x10001040, 0x00001000, 0x00040000, 0x10041040,
- 0x10000000, 0x10001040, 0x00000040, 0x10000000,
- 0x00040040, 0x10040000, 0x10041040, 0x00041000,
- 0x10041000, 0x00041040, 0x00001000, 0x00000040,
- 0x10040000, 0x10000040, 0x10001000, 0x00001040,
- 0x00041000, 0x00040040, 0x10040040, 0x10041000,
- 0x00001040, 0x00000000, 0x00000000, 0x10040040,
- 0x10000040, 0x10001000, 0x00041040, 0x00040000,
- 0x00041040, 0x00040000, 0x10041000, 0x00001000,
- 0x00000040, 0x10040040, 0x00001000, 0x00041040,
- 0x10001000, 0x00000040, 0x10000040, 0x10040000,
- 0x10040040, 0x10000000, 0x00040000, 0x10001040,
- 0x00000000, 0x10041040, 0x00040040, 0x10000040,
- 0x10040000, 0x10001000, 0x10001040, 0x00000000,
- 0x10041040, 0x00041000, 0x00041000, 0x00001040,
- 0x00001040, 0x00040040, 0x10000000, 0x10041000
-};
-
-/* Encryption components: IP, FP, and round function */
-
-#define IP(L, R, T) \
- ROL(R, 4); \
- T = L; \
- L ^= R; \
- L &= 0xf0f0f0f0; \
- R ^= L; \
- L ^= T; \
- ROL(R, 12); \
- T = L; \
- L ^= R; \
- L &= 0xffff0000; \
- R ^= L; \
- L ^= T; \
- ROR(R, 14); \
- T = L; \
- L ^= R; \
- L &= 0xcccccccc; \
- R ^= L; \
- L ^= T; \
- ROL(R, 6); \
- T = L; \
- L ^= R; \
- L &= 0xff00ff00; \
- R ^= L; \
- L ^= T; \
- ROR(R, 7); \
- T = L; \
- L ^= R; \
- L &= 0xaaaaaaaa; \
- R ^= L; \
- L ^= T; \
- ROL(L, 1);
-
-#define FP(L, R, T) \
- ROR(L, 1); \
- T = L; \
- L ^= R; \
- L &= 0xaaaaaaaa; \
- R ^= L; \
- L ^= T; \
- ROL(R, 7); \
- T = L; \
- L ^= R; \
- L &= 0xff00ff00; \
- R ^= L; \
- L ^= T; \
- ROR(R, 6); \
- T = L; \
- L ^= R; \
- L &= 0xcccccccc; \
- R ^= L; \
- L ^= T; \
- ROL(R, 14); \
- T = L; \
- L ^= R; \
- L &= 0xffff0000; \
- R ^= L; \
- L ^= T; \
- ROR(R, 12); \
- T = L; \
- L ^= R; \
- L &= 0xf0f0f0f0; \
- R ^= L; \
- L ^= T; \
- ROR(R, 4);
-
-#define ROUND(L, R, A, B, K, d) \
- B = K[0]; A = K[1]; K += d; \
- B ^= R; A ^= R; \
- B &= 0x3f3f3f3f; ROR(A, 4); \
- L ^= S8[0xff & B]; A &= 0x3f3f3f3f; \
- L ^= S6[0xff & (B >> 8)]; B >>= 16; \
- L ^= S7[0xff & A]; \
- L ^= S5[0xff & (A >> 8)]; A >>= 16; \
- L ^= S4[0xff & B]; \
- L ^= S2[0xff & (B >> 8)]; \
- L ^= S3[0xff & A]; \
- L ^= S1[0xff & (A >> 8)];
-
-/*
- * PC2 lookup tables are organized as 2 consecutive sets of 4 interleaved
- * tables of 128 elements. One set is for C_i and the other for D_i, while
- * the 4 interleaved tables correspond to four 7-bit subsets of C_i or D_i.
- *
- * After PC1 each of the variables a,b,c,d contains a 7 bit subset of C_i
- * or D_i in bits 7-1 (bit 0 being the least significant).
- */
-
-#define T1(x) pt[2 * (x) + 0]
-#define T2(x) pt[2 * (x) + 1]
-#define T3(x) pt[2 * (x) + 2]
-#define T4(x) pt[2 * (x) + 3]
-
-#define DES_PC2(a, b, c, d) (T4(d) | T3(c) | T2(b) | T1(a))
-
-/*
- * Encryption key expansion
- *
- * RFC2451: Weak key checks SHOULD be performed.
- *
- * FIPS 74:
- *
- * Keys having duals are keys which produce all zeros, all ones, or
- * alternating zero-one patterns in the C and D registers after Permuted
- * Choice 1 has operated on the key.
- *
- */
-unsigned long des_ekey(u32 *pe, const u8 *k)
-{
- /* K&R: long is at least 32 bits */
- unsigned long a, b, c, d, w;
- const u32 *pt = pc2;
-
- d = k[4]; d &= 0x0e; d <<= 4; d |= k[0] & 0x1e; d = pc1[d];
- c = k[5]; c &= 0x0e; c <<= 4; c |= k[1] & 0x1e; c = pc1[c];
- b = k[6]; b &= 0x0e; b <<= 4; b |= k[2] & 0x1e; b = pc1[b];
- a = k[7]; a &= 0x0e; a <<= 4; a |= k[3] & 0x1e; a = pc1[a];
-
- pe[15 * 2 + 0] = DES_PC2(a, b, c, d); d = rs[d];
- pe[14 * 2 + 0] = DES_PC2(d, a, b, c); c = rs[c]; b = rs[b];
- pe[13 * 2 + 0] = DES_PC2(b, c, d, a); a = rs[a]; d = rs[d];
- pe[12 * 2 + 0] = DES_PC2(d, a, b, c); c = rs[c]; b = rs[b];
- pe[11 * 2 + 0] = DES_PC2(b, c, d, a); a = rs[a]; d = rs[d];
- pe[10 * 2 + 0] = DES_PC2(d, a, b, c); c = rs[c]; b = rs[b];
- pe[ 9 * 2 + 0] = DES_PC2(b, c, d, a); a = rs[a]; d = rs[d];
- pe[ 8 * 2 + 0] = DES_PC2(d, a, b, c); c = rs[c];
- pe[ 7 * 2 + 0] = DES_PC2(c, d, a, b); b = rs[b]; a = rs[a];
- pe[ 6 * 2 + 0] = DES_PC2(a, b, c, d); d = rs[d]; c = rs[c];
- pe[ 5 * 2 + 0] = DES_PC2(c, d, a, b); b = rs[b]; a = rs[a];
- pe[ 4 * 2 + 0] = DES_PC2(a, b, c, d); d = rs[d]; c = rs[c];
- pe[ 3 * 2 + 0] = DES_PC2(c, d, a, b); b = rs[b]; a = rs[a];
- pe[ 2 * 2 + 0] = DES_PC2(a, b, c, d); d = rs[d]; c = rs[c];
- pe[ 1 * 2 + 0] = DES_PC2(c, d, a, b); b = rs[b];
- pe[ 0 * 2 + 0] = DES_PC2(b, c, d, a);
-
- /* Check if first half is weak */
- w = (a ^ c) | (b ^ d) | (rs[a] ^ c) | (b ^ rs[d]);
-
- /* Skip to next table set */
- pt += 512;
-
- d = k[0]; d &= 0xe0; d >>= 4; d |= k[4] & 0xf0; d = pc1[d + 1];
- c = k[1]; c &= 0xe0; c >>= 4; c |= k[5] & 0xf0; c = pc1[c + 1];
- b = k[2]; b &= 0xe0; b >>= 4; b |= k[6] & 0xf0; b = pc1[b + 1];
- a = k[3]; a &= 0xe0; a >>= 4; a |= k[7] & 0xf0; a = pc1[a + 1];
-
- /* Check if second half is weak */
- w |= (a ^ c) | (b ^ d) | (rs[a] ^ c) | (b ^ rs[d]);
-
- pe[15 * 2 + 1] = DES_PC2(a, b, c, d); d = rs[d];
- pe[14 * 2 + 1] = DES_PC2(d, a, b, c); c = rs[c]; b = rs[b];
- pe[13 * 2 + 1] = DES_PC2(b, c, d, a); a = rs[a]; d = rs[d];
- pe[12 * 2 + 1] = DES_PC2(d, a, b, c); c = rs[c]; b = rs[b];
- pe[11 * 2 + 1] = DES_PC2(b, c, d, a); a = rs[a]; d = rs[d];
- pe[10 * 2 + 1] = DES_PC2(d, a, b, c); c = rs[c]; b = rs[b];
- pe[ 9 * 2 + 1] = DES_PC2(b, c, d, a); a = rs[a]; d = rs[d];
- pe[ 8 * 2 + 1] = DES_PC2(d, a, b, c); c = rs[c];
- pe[ 7 * 2 + 1] = DES_PC2(c, d, a, b); b = rs[b]; a = rs[a];
- pe[ 6 * 2 + 1] = DES_PC2(a, b, c, d); d = rs[d]; c = rs[c];
- pe[ 5 * 2 + 1] = DES_PC2(c, d, a, b); b = rs[b]; a = rs[a];
- pe[ 4 * 2 + 1] = DES_PC2(a, b, c, d); d = rs[d]; c = rs[c];
- pe[ 3 * 2 + 1] = DES_PC2(c, d, a, b); b = rs[b]; a = rs[a];
- pe[ 2 * 2 + 1] = DES_PC2(a, b, c, d); d = rs[d]; c = rs[c];
- pe[ 1 * 2 + 1] = DES_PC2(c, d, a, b); b = rs[b];
- pe[ 0 * 2 + 1] = DES_PC2(b, c, d, a);
-
- /* Fixup: 2413 5768 -> 1357 2468 */
- for (d = 0; d < 16; ++d) {
- a = pe[2 * d];
- b = pe[2 * d + 1];
- c = a ^ b;
- c &= 0xffff0000;
- a ^= c;
- b ^= c;
- ROL(b, 18);
- pe[2 * d] = a;
- pe[2 * d + 1] = b;
- }
-
- /* Zero if weak key */
- return w;
-}
-EXPORT_SYMBOL_GPL(des_ekey);
-
-/*
- * Decryption key expansion
- *
- * No weak key checking is performed, as this is only used by triple DES
- *
- */
-static void dkey(u32 *pe, const u8 *k)
-{
- /* K&R: long is at least 32 bits */
- unsigned long a, b, c, d;
- const u32 *pt = pc2;
-
- d = k[4]; d &= 0x0e; d <<= 4; d |= k[0] & 0x1e; d = pc1[d];
- c = k[5]; c &= 0x0e; c <<= 4; c |= k[1] & 0x1e; c = pc1[c];
- b = k[6]; b &= 0x0e; b <<= 4; b |= k[2] & 0x1e; b = pc1[b];
- a = k[7]; a &= 0x0e; a <<= 4; a |= k[3] & 0x1e; a = pc1[a];
-
- pe[ 0 * 2] = DES_PC2(a, b, c, d); d = rs[d];
- pe[ 1 * 2] = DES_PC2(d, a, b, c); c = rs[c]; b = rs[b];
- pe[ 2 * 2] = DES_PC2(b, c, d, a); a = rs[a]; d = rs[d];
- pe[ 3 * 2] = DES_PC2(d, a, b, c); c = rs[c]; b = rs[b];
- pe[ 4 * 2] = DES_PC2(b, c, d, a); a = rs[a]; d = rs[d];
- pe[ 5 * 2] = DES_PC2(d, a, b, c); c = rs[c]; b = rs[b];
- pe[ 6 * 2] = DES_PC2(b, c, d, a); a = rs[a]; d = rs[d];
- pe[ 7 * 2] = DES_PC2(d, a, b, c); c = rs[c];
- pe[ 8 * 2] = DES_PC2(c, d, a, b); b = rs[b]; a = rs[a];
- pe[ 9 * 2] = DES_PC2(a, b, c, d); d = rs[d]; c = rs[c];
- pe[10 * 2] = DES_PC2(c, d, a, b); b = rs[b]; a = rs[a];
- pe[11 * 2] = DES_PC2(a, b, c, d); d = rs[d]; c = rs[c];
- pe[12 * 2] = DES_PC2(c, d, a, b); b = rs[b]; a = rs[a];
- pe[13 * 2] = DES_PC2(a, b, c, d); d = rs[d]; c = rs[c];
- pe[14 * 2] = DES_PC2(c, d, a, b); b = rs[b];
- pe[15 * 2] = DES_PC2(b, c, d, a);
-
- /* Skip to next table set */
- pt += 512;
-
- d = k[0]; d &= 0xe0; d >>= 4; d |= k[4] & 0xf0; d = pc1[d + 1];
- c = k[1]; c &= 0xe0; c >>= 4; c |= k[5] & 0xf0; c = pc1[c + 1];
- b = k[2]; b &= 0xe0; b >>= 4; b |= k[6] & 0xf0; b = pc1[b + 1];
- a = k[3]; a &= 0xe0; a >>= 4; a |= k[7] & 0xf0; a = pc1[a + 1];
-
- pe[ 0 * 2 + 1] = DES_PC2(a, b, c, d); d = rs[d];
- pe[ 1 * 2 + 1] = DES_PC2(d, a, b, c); c = rs[c]; b = rs[b];
- pe[ 2 * 2 + 1] = DES_PC2(b, c, d, a); a = rs[a]; d = rs[d];
- pe[ 3 * 2 + 1] = DES_PC2(d, a, b, c); c = rs[c]; b = rs[b];
- pe[ 4 * 2 + 1] = DES_PC2(b, c, d, a); a = rs[a]; d = rs[d];
- pe[ 5 * 2 + 1] = DES_PC2(d, a, b, c); c = rs[c]; b = rs[b];
- pe[ 6 * 2 + 1] = DES_PC2(b, c, d, a); a = rs[a]; d = rs[d];
- pe[ 7 * 2 + 1] = DES_PC2(d, a, b, c); c = rs[c];
- pe[ 8 * 2 + 1] = DES_PC2(c, d, a, b); b = rs[b]; a = rs[a];
- pe[ 9 * 2 + 1] = DES_PC2(a, b, c, d); d = rs[d]; c = rs[c];
- pe[10 * 2 + 1] = DES_PC2(c, d, a, b); b = rs[b]; a = rs[a];
- pe[11 * 2 + 1] = DES_PC2(a, b, c, d); d = rs[d]; c = rs[c];
- pe[12 * 2 + 1] = DES_PC2(c, d, a, b); b = rs[b]; a = rs[a];
- pe[13 * 2 + 1] = DES_PC2(a, b, c, d); d = rs[d]; c = rs[c];
- pe[14 * 2 + 1] = DES_PC2(c, d, a, b); b = rs[b];
- pe[15 * 2 + 1] = DES_PC2(b, c, d, a);
-
- /* Fixup: 2413 5768 -> 1357 2468 */
- for (d = 0; d < 16; ++d) {
- a = pe[2 * d];
- b = pe[2 * d + 1];
- c = a ^ b;
- c &= 0xffff0000;
- a ^= c;
- b ^= c;
- ROL(b, 18);
- pe[2 * d] = a;
- pe[2 * d + 1] = b;
- }
-}
+#include <crypto/internal/des.h>
static int des_setkey(struct crypto_tfm *tfm, const u8 *key,
unsigned int keylen)
{
struct des_ctx *dctx = crypto_tfm_ctx(tfm);
- u32 *flags = &tfm->crt_flags;
- u32 tmp[DES_EXPKEY_WORDS];
- int ret;
-
- /* Expand to tmp */
- ret = des_ekey(tmp, key);
+ int err;
- if (unlikely(ret == 0) && (*flags & CRYPTO_TFM_REQ_FORBID_WEAK_KEYS)) {
- *flags |= CRYPTO_TFM_RES_WEAK_KEY;
- return -EINVAL;
+ err = des_expand_key(dctx, key, keylen);
+ if (err == -ENOKEY) {
+ if (crypto_tfm_get_flags(tfm) & CRYPTO_TFM_REQ_FORBID_WEAK_KEYS)
+ err = -EINVAL;
+ else
+ err = 0;
}
- /* Copy to output */
- memcpy(dctx->expkey, tmp, sizeof(dctx->expkey));
-
- return 0;
-}
-
-static void des_encrypt(struct crypto_tfm *tfm, u8 *dst, const u8 *src)
-{
- struct des_ctx *ctx = crypto_tfm_ctx(tfm);
- const u32 *K = ctx->expkey;
- const __le32 *s = (const __le32 *)src;
- __le32 *d = (__le32 *)dst;
- u32 L, R, A, B;
- int i;
-
- L = le32_to_cpu(s[0]);
- R = le32_to_cpu(s[1]);
-
- IP(L, R, A);
- for (i = 0; i < 8; i++) {
- ROUND(L, R, A, B, K, 2);
- ROUND(R, L, A, B, K, 2);
+ if (err) {
+ memset(dctx, 0, sizeof(*dctx));
+ crypto_tfm_set_flags(tfm, CRYPTO_TFM_RES_WEAK_KEY);
}
- FP(R, L, A);
-
- d[0] = cpu_to_le32(R);
- d[1] = cpu_to_le32(L);
+ return err;
}
-static void des_decrypt(struct crypto_tfm *tfm, u8 *dst, const u8 *src)
+static void crypto_des_encrypt(struct crypto_tfm *tfm, u8 *dst, const u8 *src)
{
- struct des_ctx *ctx = crypto_tfm_ctx(tfm);
- const u32 *K = ctx->expkey + DES_EXPKEY_WORDS - 2;
- const __le32 *s = (const __le32 *)src;
- __le32 *d = (__le32 *)dst;
- u32 L, R, A, B;
- int i;
-
- L = le32_to_cpu(s[0]);
- R = le32_to_cpu(s[1]);
+ const struct des_ctx *dctx = crypto_tfm_ctx(tfm);
- IP(L, R, A);
- for (i = 0; i < 8; i++) {
- ROUND(L, R, A, B, K, -2);
- ROUND(R, L, A, B, K, -2);
- }
- FP(R, L, A);
-
- d[0] = cpu_to_le32(R);
- d[1] = cpu_to_le32(L);
+ des_encrypt(dctx, dst, src);
}
-/*
- * RFC2451:
- *
- * For DES-EDE3, there is no known need to reject weak or
- * complementation keys. Any weakness is obviated by the use of
- * multiple keys.
- *
- * However, if the first two or last two independent 64-bit keys are
- * equal (k1 == k2 or k2 == k3), then the DES3 operation is simply the
- * same as DES. Implementers MUST reject keys that exhibit this
- * property.
- *
- */
-int __des3_ede_setkey(u32 *expkey, u32 *flags, const u8 *key,
- unsigned int keylen)
+static void crypto_des_decrypt(struct crypto_tfm *tfm, u8 *dst, const u8 *src)
{
- int err;
+ const struct des_ctx *dctx = crypto_tfm_ctx(tfm);
- err = __des3_verify_key(flags, key);
- if (unlikely(err))
- return err;
-
- des_ekey(expkey, key); expkey += DES_EXPKEY_WORDS; key += DES_KEY_SIZE;
- dkey(expkey, key); expkey += DES_EXPKEY_WORDS; key += DES_KEY_SIZE;
- des_ekey(expkey, key);
-
- return 0;
+ des_decrypt(dctx, dst, src);
}
-EXPORT_SYMBOL_GPL(__des3_ede_setkey);
static int des3_ede_setkey(struct crypto_tfm *tfm, const u8 *key,
unsigned int keylen)
{
struct des3_ede_ctx *dctx = crypto_tfm_ctx(tfm);
- u32 *flags = &tfm->crt_flags;
- u32 *expkey = dctx->expkey;
-
- return __des3_ede_setkey(expkey, flags, key, keylen);
-}
-
-static void des3_ede_encrypt(struct crypto_tfm *tfm, u8 *dst, const u8 *src)
-{
- struct des3_ede_ctx *dctx = crypto_tfm_ctx(tfm);
- const u32 *K = dctx->expkey;
- const __le32 *s = (const __le32 *)src;
- __le32 *d = (__le32 *)dst;
- u32 L, R, A, B;
- int i;
-
- L = le32_to_cpu(s[0]);
- R = le32_to_cpu(s[1]);
+ int err;
- IP(L, R, A);
- for (i = 0; i < 8; i++) {
- ROUND(L, R, A, B, K, 2);
- ROUND(R, L, A, B, K, 2);
+ err = des3_ede_expand_key(dctx, key, keylen);
+ if (err == -ENOKEY) {
+ if (crypto_tfm_get_flags(tfm) & CRYPTO_TFM_REQ_FORBID_WEAK_KEYS)
+ err = -EINVAL;
+ else
+ err = 0;
}
- for (i = 0; i < 8; i++) {
- ROUND(R, L, A, B, K, 2);
- ROUND(L, R, A, B, K, 2);
- }
- for (i = 0; i < 8; i++) {
- ROUND(L, R, A, B, K, 2);
- ROUND(R, L, A, B, K, 2);
- }
- FP(R, L, A);
- d[0] = cpu_to_le32(R);
- d[1] = cpu_to_le32(L);
+ if (err) {
+ memset(dctx, 0, sizeof(*dctx));
+ crypto_tfm_set_flags(tfm, CRYPTO_TFM_RES_WEAK_KEY);
+ }
+ return err;
}
-static void des3_ede_decrypt(struct crypto_tfm *tfm, u8 *dst, const u8 *src)
+static void crypto_des3_ede_encrypt(struct crypto_tfm *tfm, u8 *dst,
+ const u8 *src)
{
- struct des3_ede_ctx *dctx = crypto_tfm_ctx(tfm);
- const u32 *K = dctx->expkey + DES3_EDE_EXPKEY_WORDS - 2;
- const __le32 *s = (const __le32 *)src;
- __le32 *d = (__le32 *)dst;
- u32 L, R, A, B;
- int i;
+ const struct des3_ede_ctx *dctx = crypto_tfm_ctx(tfm);
- L = le32_to_cpu(s[0]);
- R = le32_to_cpu(s[1]);
+ des3_ede_encrypt(dctx, dst, src);
+}
- IP(L, R, A);
- for (i = 0; i < 8; i++) {
- ROUND(L, R, A, B, K, -2);
- ROUND(R, L, A, B, K, -2);
- }
- for (i = 0; i < 8; i++) {
- ROUND(R, L, A, B, K, -2);
- ROUND(L, R, A, B, K, -2);
- }
- for (i = 0; i < 8; i++) {
- ROUND(L, R, A, B, K, -2);
- ROUND(R, L, A, B, K, -2);
- }
- FP(R, L, A);
+static void crypto_des3_ede_decrypt(struct crypto_tfm *tfm, u8 *dst,
+ const u8 *src)
+{
+ const struct des3_ede_ctx *dctx = crypto_tfm_ctx(tfm);
- d[0] = cpu_to_le32(R);
- d[1] = cpu_to_le32(L);
+ des3_ede_decrypt(dctx, dst, src);
}
static struct crypto_alg des_algs[2] = { {
@@ -951,13 +96,12 @@ static struct crypto_alg des_algs[2] = { {
.cra_blocksize = DES_BLOCK_SIZE,
.cra_ctxsize = sizeof(struct des_ctx),
.cra_module = THIS_MODULE,
- .cra_alignmask = 3,
.cra_u = { .cipher = {
.cia_min_keysize = DES_KEY_SIZE,
.cia_max_keysize = DES_KEY_SIZE,
.cia_setkey = des_setkey,
- .cia_encrypt = des_encrypt,
- .cia_decrypt = des_decrypt } }
+ .cia_encrypt = crypto_des_encrypt,
+ .cia_decrypt = crypto_des_decrypt } }
}, {
.cra_name = "des3_ede",
.cra_driver_name = "des3_ede-generic",
@@ -966,13 +110,12 @@ static struct crypto_alg des_algs[2] = { {
.cra_blocksize = DES3_EDE_BLOCK_SIZE,
.cra_ctxsize = sizeof(struct des3_ede_ctx),
.cra_module = THIS_MODULE,
- .cra_alignmask = 3,
.cra_u = { .cipher = {
.cia_min_keysize = DES3_EDE_KEY_SIZE,
.cia_max_keysize = DES3_EDE_KEY_SIZE,
.cia_setkey = des3_ede_setkey,
- .cia_encrypt = des3_ede_encrypt,
- .cia_decrypt = des3_ede_decrypt } }
+ .cia_encrypt = crypto_des3_ede_encrypt,
+ .cia_decrypt = crypto_des3_ede_decrypt } }
} };
static int __init des_generic_mod_init(void)
diff --git a/crypto/drbg.c b/crypto/drbg.c
index 2a5b16bb000c..b6929eb5f565 100644
--- a/crypto/drbg.c
+++ b/crypto/drbg.c
@@ -220,6 +220,57 @@ static inline unsigned short drbg_sec_strength(drbg_flag_t flags)
}
/*
+ * FIPS 140-2 continuous self test for the noise source
+ * The test is performed on the noise source input data. Thus, the function
+ * implicitly knows the size of the buffer to be equal to the security
+ * strength.
+ *
+ * Note, this function disregards the nonce trailing the entropy data during
+ * initial seeding.
+ *
+ * drbg->drbg_mutex must have been taken.
+ *
+ * @drbg DRBG handle
+ * @entropy buffer of seed data to be checked
+ *
+ * return:
+ * 0 on success
+ * -EAGAIN on when the CTRNG is not yet primed
+ * < 0 on error
+ */
+static int drbg_fips_continuous_test(struct drbg_state *drbg,
+ const unsigned char *entropy)
+{
+ unsigned short entropylen = drbg_sec_strength(drbg->core->flags);
+ int ret = 0;
+
+ if (!IS_ENABLED(CONFIG_CRYPTO_FIPS))
+ return 0;
+
+ /* skip test if we test the overall system */
+ if (list_empty(&drbg->test_data.list))
+ return 0;
+ /* only perform test in FIPS mode */
+ if (!fips_enabled)
+ return 0;
+
+ if (!drbg->fips_primed) {
+ /* Priming of FIPS test */
+ memcpy(drbg->prev, entropy, entropylen);
+ drbg->fips_primed = true;
+ /* priming: another round is needed */
+ return -EAGAIN;
+ }
+ ret = memcmp(drbg->prev, entropy, entropylen);
+ if (!ret)
+ panic("DRBG continuous self test failed\n");
+ memcpy(drbg->prev, entropy, entropylen);
+
+ /* the test shall pass when the two values are not equal */
+ return 0;
+}
+
+/*
* Convert an integer into a byte representation of this integer.
* The byte representation is big-endian
*
@@ -998,6 +1049,22 @@ static inline int __drbg_seed(struct drbg_state *drbg, struct list_head *seed,
return ret;
}
+static inline int drbg_get_random_bytes(struct drbg_state *drbg,
+ unsigned char *entropy,
+ unsigned int entropylen)
+{
+ int ret;
+
+ do {
+ get_random_bytes(entropy, entropylen);
+ ret = drbg_fips_continuous_test(drbg, entropy);
+ if (ret && ret != -EAGAIN)
+ return ret;
+ } while (ret);
+
+ return 0;
+}
+
static void drbg_async_seed(struct work_struct *work)
{
struct drbg_string data;
@@ -1006,16 +1073,20 @@ static void drbg_async_seed(struct work_struct *work)
seed_work);
unsigned int entropylen = drbg_sec_strength(drbg->core->flags);
unsigned char entropy[32];
+ int ret;
BUG_ON(!entropylen);
BUG_ON(entropylen > sizeof(entropy));
- get_random_bytes(entropy, entropylen);
drbg_string_fill(&data, entropy, entropylen);
list_add_tail(&data.list, &seedlist);
mutex_lock(&drbg->drbg_mutex);
+ ret = drbg_get_random_bytes(drbg, entropy, entropylen);
+ if (ret)
+ goto unlock;
+
/* If nonblocking pool is initialized, deactivate Jitter RNG */
crypto_free_rng(drbg->jent);
drbg->jent = NULL;
@@ -1030,6 +1101,7 @@ static void drbg_async_seed(struct work_struct *work)
if (drbg->seeded)
drbg->reseed_threshold = drbg_max_requests(drbg);
+unlock:
mutex_unlock(&drbg->drbg_mutex);
memzero_explicit(entropy, entropylen);
@@ -1081,7 +1153,9 @@ static int drbg_seed(struct drbg_state *drbg, struct drbg_string *pers,
BUG_ON((entropylen * 2) > sizeof(entropy));
/* Get seed from in-kernel /dev/urandom */
- get_random_bytes(entropy, entropylen);
+ ret = drbg_get_random_bytes(drbg, entropy, entropylen);
+ if (ret)
+ goto out;
if (!drbg->jent) {
drbg_string_fill(&data1, entropy, entropylen);
@@ -1094,7 +1168,7 @@ static int drbg_seed(struct drbg_state *drbg, struct drbg_string *pers,
entropylen);
if (ret) {
pr_devel("DRBG: jent failed with %d\n", ret);
- return ret;
+ goto out;
}
drbg_string_fill(&data1, entropy, entropylen * 2);
@@ -1121,6 +1195,7 @@ static int drbg_seed(struct drbg_state *drbg, struct drbg_string *pers,
ret = __drbg_seed(drbg, &seedlist, reseed);
+out:
memzero_explicit(entropy, entropylen * 2);
return ret;
@@ -1142,6 +1217,11 @@ static inline void drbg_dealloc_state(struct drbg_state *drbg)
drbg->reseed_ctr = 0;
drbg->d_ops = NULL;
drbg->core = NULL;
+ if (IS_ENABLED(CONFIG_CRYPTO_FIPS)) {
+ kzfree(drbg->prev);
+ drbg->prev = NULL;
+ drbg->fips_primed = false;
+ }
}
/*
@@ -1211,6 +1291,14 @@ static inline int drbg_alloc_state(struct drbg_state *drbg)
drbg->scratchpad = PTR_ALIGN(drbg->scratchpadbuf, ret + 1);
}
+ if (IS_ENABLED(CONFIG_CRYPTO_FIPS)) {
+ drbg->prev = kzalloc(drbg_sec_strength(drbg->core->flags),
+ GFP_KERNEL);
+ if (!drbg->prev)
+ goto fini;
+ drbg->fips_primed = false;
+ }
+
return 0;
fini:
diff --git a/crypto/ecc.c b/crypto/ecc.c
index dfe114bc0c4a..8ee787723c5c 100644
--- a/crypto/ecc.c
+++ b/crypto/ecc.c
@@ -1284,10 +1284,11 @@ EXPORT_SYMBOL(ecc_point_mult_shamir);
static inline void ecc_swap_digits(const u64 *in, u64 *out,
unsigned int ndigits)
{
+ const __be64 *src = (__force __be64 *)in;
int i;
for (i = 0; i < ndigits; i++)
- out[i] = __swab64(in[ndigits - 1 - i]);
+ out[i] = be64_to_cpu(src[ndigits - 1 - i]);
}
static int __ecc_is_key_valid(const struct ecc_curve *curve,
diff --git a/crypto/essiv.c b/crypto/essiv.c
new file mode 100644
index 000000000000..a8befc8fb06e
--- /dev/null
+++ b/crypto/essiv.c
@@ -0,0 +1,663 @@
+// SPDX-License-Identifier: GPL-2.0
+/*
+ * ESSIV skcipher and aead template for block encryption
+ *
+ * This template encapsulates the ESSIV IV generation algorithm used by
+ * dm-crypt and fscrypt, which converts the initial vector for the skcipher
+ * used for block encryption, by encrypting it using the hash of the
+ * skcipher key as encryption key. Usually, the input IV is a 64-bit sector
+ * number in LE representation zero-padded to the size of the IV, but this
+ * is not assumed by this driver.
+ *
+ * The typical use of this template is to instantiate the skcipher
+ * 'essiv(cbc(aes),sha256)', which is the only instantiation used by
+ * fscrypt, and the most relevant one for dm-crypt. However, dm-crypt
+ * also permits ESSIV to be used in combination with the authenc template,
+ * e.g., 'essiv(authenc(hmac(sha256),cbc(aes)),sha256)', in which case
+ * we need to instantiate an aead that accepts the same special key format
+ * as the authenc template, and deals with the way the encrypted IV is
+ * embedded into the AAD area of the aead request. This means the AEAD
+ * flavor produced by this template is tightly coupled to the way dm-crypt
+ * happens to use it.
+ *
+ * Copyright (c) 2019 Linaro, Ltd. <ard.biesheuvel@linaro.org>
+ *
+ * Heavily based on:
+ * adiantum length-preserving encryption mode
+ *
+ * Copyright 2018 Google LLC
+ */
+
+#include <crypto/authenc.h>
+#include <crypto/internal/aead.h>
+#include <crypto/internal/hash.h>
+#include <crypto/internal/skcipher.h>
+#include <crypto/scatterwalk.h>
+#include <linux/module.h>
+
+#include "internal.h"
+
+struct essiv_instance_ctx {
+ union {
+ struct crypto_skcipher_spawn skcipher_spawn;
+ struct crypto_aead_spawn aead_spawn;
+ } u;
+ char essiv_cipher_name[CRYPTO_MAX_ALG_NAME];
+ char shash_driver_name[CRYPTO_MAX_ALG_NAME];
+};
+
+struct essiv_tfm_ctx {
+ union {
+ struct crypto_skcipher *skcipher;
+ struct crypto_aead *aead;
+ } u;
+ struct crypto_cipher *essiv_cipher;
+ struct crypto_shash *hash;
+ int ivoffset;
+};
+
+struct essiv_aead_request_ctx {
+ struct scatterlist sg[4];
+ u8 *assoc;
+ struct aead_request aead_req;
+};
+
+static int essiv_skcipher_setkey(struct crypto_skcipher *tfm,
+ const u8 *key, unsigned int keylen)
+{
+ struct essiv_tfm_ctx *tctx = crypto_skcipher_ctx(tfm);
+ SHASH_DESC_ON_STACK(desc, tctx->hash);
+ u8 salt[HASH_MAX_DIGESTSIZE];
+ int err;
+
+ crypto_skcipher_clear_flags(tctx->u.skcipher, CRYPTO_TFM_REQ_MASK);
+ crypto_skcipher_set_flags(tctx->u.skcipher,
+ crypto_skcipher_get_flags(tfm) &
+ CRYPTO_TFM_REQ_MASK);
+ err = crypto_skcipher_setkey(tctx->u.skcipher, key, keylen);
+ crypto_skcipher_set_flags(tfm,
+ crypto_skcipher_get_flags(tctx->u.skcipher) &
+ CRYPTO_TFM_RES_MASK);
+ if (err)
+ return err;
+
+ desc->tfm = tctx->hash;
+ err = crypto_shash_digest(desc, key, keylen, salt);
+ if (err)
+ return err;
+
+ crypto_cipher_clear_flags(tctx->essiv_cipher, CRYPTO_TFM_REQ_MASK);
+ crypto_cipher_set_flags(tctx->essiv_cipher,
+ crypto_skcipher_get_flags(tfm) &
+ CRYPTO_TFM_REQ_MASK);
+ err = crypto_cipher_setkey(tctx->essiv_cipher, salt,
+ crypto_shash_digestsize(tctx->hash));
+ crypto_skcipher_set_flags(tfm,
+ crypto_cipher_get_flags(tctx->essiv_cipher) &
+ CRYPTO_TFM_RES_MASK);
+
+ return err;
+}
+
+static int essiv_aead_setkey(struct crypto_aead *tfm, const u8 *key,
+ unsigned int keylen)
+{
+ struct essiv_tfm_ctx *tctx = crypto_aead_ctx(tfm);
+ SHASH_DESC_ON_STACK(desc, tctx->hash);
+ struct crypto_authenc_keys keys;
+ u8 salt[HASH_MAX_DIGESTSIZE];
+ int err;
+
+ crypto_aead_clear_flags(tctx->u.aead, CRYPTO_TFM_REQ_MASK);
+ crypto_aead_set_flags(tctx->u.aead, crypto_aead_get_flags(tfm) &
+ CRYPTO_TFM_REQ_MASK);
+ err = crypto_aead_setkey(tctx->u.aead, key, keylen);
+ crypto_aead_set_flags(tfm, crypto_aead_get_flags(tctx->u.aead) &
+ CRYPTO_TFM_RES_MASK);
+ if (err)
+ return err;
+
+ if (crypto_authenc_extractkeys(&keys, key, keylen) != 0) {
+ crypto_aead_set_flags(tfm, CRYPTO_TFM_RES_BAD_KEY_LEN);
+ return -EINVAL;
+ }
+
+ desc->tfm = tctx->hash;
+ err = crypto_shash_init(desc) ?:
+ crypto_shash_update(desc, keys.enckey, keys.enckeylen) ?:
+ crypto_shash_finup(desc, keys.authkey, keys.authkeylen, salt);
+ if (err)
+ return err;
+
+ crypto_cipher_clear_flags(tctx->essiv_cipher, CRYPTO_TFM_REQ_MASK);
+ crypto_cipher_set_flags(tctx->essiv_cipher, crypto_aead_get_flags(tfm) &
+ CRYPTO_TFM_REQ_MASK);
+ err = crypto_cipher_setkey(tctx->essiv_cipher, salt,
+ crypto_shash_digestsize(tctx->hash));
+ crypto_aead_set_flags(tfm, crypto_cipher_get_flags(tctx->essiv_cipher) &
+ CRYPTO_TFM_RES_MASK);
+
+ return err;
+}
+
+static int essiv_aead_setauthsize(struct crypto_aead *tfm,
+ unsigned int authsize)
+{
+ struct essiv_tfm_ctx *tctx = crypto_aead_ctx(tfm);
+
+ return crypto_aead_setauthsize(tctx->u.aead, authsize);
+}
+
+static void essiv_skcipher_done(struct crypto_async_request *areq, int err)
+{
+ struct skcipher_request *req = areq->data;
+
+ skcipher_request_complete(req, err);
+}
+
+static int essiv_skcipher_crypt(struct skcipher_request *req, bool enc)
+{
+ struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req);
+ const struct essiv_tfm_ctx *tctx = crypto_skcipher_ctx(tfm);
+ struct skcipher_request *subreq = skcipher_request_ctx(req);
+
+ crypto_cipher_encrypt_one(tctx->essiv_cipher, req->iv, req->iv);
+
+ skcipher_request_set_tfm(subreq, tctx->u.skcipher);
+ skcipher_request_set_crypt(subreq, req->src, req->dst, req->cryptlen,
+ req->iv);
+ skcipher_request_set_callback(subreq, skcipher_request_flags(req),
+ essiv_skcipher_done, req);
+
+ return enc ? crypto_skcipher_encrypt(subreq) :
+ crypto_skcipher_decrypt(subreq);
+}
+
+static int essiv_skcipher_encrypt(struct skcipher_request *req)
+{
+ return essiv_skcipher_crypt(req, true);
+}
+
+static int essiv_skcipher_decrypt(struct skcipher_request *req)
+{
+ return essiv_skcipher_crypt(req, false);
+}
+
+static void essiv_aead_done(struct crypto_async_request *areq, int err)
+{
+ struct aead_request *req = areq->data;
+ struct essiv_aead_request_ctx *rctx = aead_request_ctx(req);
+
+ if (rctx->assoc)
+ kfree(rctx->assoc);
+ aead_request_complete(req, err);
+}
+
+static int essiv_aead_crypt(struct aead_request *req, bool enc)
+{
+ struct crypto_aead *tfm = crypto_aead_reqtfm(req);
+ const struct essiv_tfm_ctx *tctx = crypto_aead_ctx(tfm);
+ struct essiv_aead_request_ctx *rctx = aead_request_ctx(req);
+ struct aead_request *subreq = &rctx->aead_req;
+ struct scatterlist *src = req->src;
+ int err;
+
+ crypto_cipher_encrypt_one(tctx->essiv_cipher, req->iv, req->iv);
+
+ /*
+ * dm-crypt embeds the sector number and the IV in the AAD region, so
+ * we have to copy the converted IV into the right scatterlist before
+ * we pass it on.
+ */
+ rctx->assoc = NULL;
+ if (req->src == req->dst || !enc) {
+ scatterwalk_map_and_copy(req->iv, req->dst,
+ req->assoclen - crypto_aead_ivsize(tfm),
+ crypto_aead_ivsize(tfm), 1);
+ } else {
+ u8 *iv = (u8 *)aead_request_ctx(req) + tctx->ivoffset;
+ int ivsize = crypto_aead_ivsize(tfm);
+ int ssize = req->assoclen - ivsize;
+ struct scatterlist *sg;
+ int nents;
+
+ if (ssize < 0)
+ return -EINVAL;
+
+ nents = sg_nents_for_len(req->src, ssize);
+ if (nents < 0)
+ return -EINVAL;
+
+ memcpy(iv, req->iv, ivsize);
+ sg_init_table(rctx->sg, 4);
+
+ if (unlikely(nents > 1)) {
+ /*
+ * This is a case that rarely occurs in practice, but
+ * for correctness, we have to deal with it nonetheless.
+ */
+ rctx->assoc = kmalloc(ssize, GFP_ATOMIC);
+ if (!rctx->assoc)
+ return -ENOMEM;
+
+ scatterwalk_map_and_copy(rctx->assoc, req->src, 0,
+ ssize, 0);
+ sg_set_buf(rctx->sg, rctx->assoc, ssize);
+ } else {
+ sg_set_page(rctx->sg, sg_page(req->src), ssize,
+ req->src->offset);
+ }
+
+ sg_set_buf(rctx->sg + 1, iv, ivsize);
+ sg = scatterwalk_ffwd(rctx->sg + 2, req->src, req->assoclen);
+ if (sg != rctx->sg + 2)
+ sg_chain(rctx->sg, 3, sg);
+
+ src = rctx->sg;
+ }
+
+ aead_request_set_tfm(subreq, tctx->u.aead);
+ aead_request_set_ad(subreq, req->assoclen);
+ aead_request_set_callback(subreq, aead_request_flags(req),
+ essiv_aead_done, req);
+ aead_request_set_crypt(subreq, src, req->dst, req->cryptlen, req->iv);
+
+ err = enc ? crypto_aead_encrypt(subreq) :
+ crypto_aead_decrypt(subreq);
+
+ if (rctx->assoc && err != -EINPROGRESS)
+ kfree(rctx->assoc);
+ return err;
+}
+
+static int essiv_aead_encrypt(struct aead_request *req)
+{
+ return essiv_aead_crypt(req, true);
+}
+
+static int essiv_aead_decrypt(struct aead_request *req)
+{
+ return essiv_aead_crypt(req, false);
+}
+
+static int essiv_init_tfm(struct essiv_instance_ctx *ictx,
+ struct essiv_tfm_ctx *tctx)
+{
+ struct crypto_cipher *essiv_cipher;
+ struct crypto_shash *hash;
+ int err;
+
+ essiv_cipher = crypto_alloc_cipher(ictx->essiv_cipher_name, 0, 0);
+ if (IS_ERR(essiv_cipher))
+ return PTR_ERR(essiv_cipher);
+
+ hash = crypto_alloc_shash(ictx->shash_driver_name, 0, 0);
+ if (IS_ERR(hash)) {
+ err = PTR_ERR(hash);
+ goto err_free_essiv_cipher;
+ }
+
+ tctx->essiv_cipher = essiv_cipher;
+ tctx->hash = hash;
+
+ return 0;
+
+err_free_essiv_cipher:
+ crypto_free_cipher(essiv_cipher);
+ return err;
+}
+
+static int essiv_skcipher_init_tfm(struct crypto_skcipher *tfm)
+{
+ struct skcipher_instance *inst = skcipher_alg_instance(tfm);
+ struct essiv_instance_ctx *ictx = skcipher_instance_ctx(inst);
+ struct essiv_tfm_ctx *tctx = crypto_skcipher_ctx(tfm);
+ struct crypto_skcipher *skcipher;
+ int err;
+
+ skcipher = crypto_spawn_skcipher(&ictx->u.skcipher_spawn);
+ if (IS_ERR(skcipher))
+ return PTR_ERR(skcipher);
+
+ crypto_skcipher_set_reqsize(tfm, sizeof(struct skcipher_request) +
+ crypto_skcipher_reqsize(skcipher));
+
+ err = essiv_init_tfm(ictx, tctx);
+ if (err) {
+ crypto_free_skcipher(skcipher);
+ return err;
+ }
+
+ tctx->u.skcipher = skcipher;
+ return 0;
+}
+
+static int essiv_aead_init_tfm(struct crypto_aead *tfm)
+{
+ struct aead_instance *inst = aead_alg_instance(tfm);
+ struct essiv_instance_ctx *ictx = aead_instance_ctx(inst);
+ struct essiv_tfm_ctx *tctx = crypto_aead_ctx(tfm);
+ struct crypto_aead *aead;
+ unsigned int subreq_size;
+ int err;
+
+ BUILD_BUG_ON(offsetofend(struct essiv_aead_request_ctx, aead_req) !=
+ sizeof(struct essiv_aead_request_ctx));
+
+ aead = crypto_spawn_aead(&ictx->u.aead_spawn);
+ if (IS_ERR(aead))
+ return PTR_ERR(aead);
+
+ subreq_size = FIELD_SIZEOF(struct essiv_aead_request_ctx, aead_req) +
+ crypto_aead_reqsize(aead);
+
+ tctx->ivoffset = offsetof(struct essiv_aead_request_ctx, aead_req) +
+ subreq_size;
+ crypto_aead_set_reqsize(tfm, tctx->ivoffset + crypto_aead_ivsize(aead));
+
+ err = essiv_init_tfm(ictx, tctx);
+ if (err) {
+ crypto_free_aead(aead);
+ return err;
+ }
+
+ tctx->u.aead = aead;
+ return 0;
+}
+
+static void essiv_skcipher_exit_tfm(struct crypto_skcipher *tfm)
+{
+ struct essiv_tfm_ctx *tctx = crypto_skcipher_ctx(tfm);
+
+ crypto_free_skcipher(tctx->u.skcipher);
+ crypto_free_cipher(tctx->essiv_cipher);
+ crypto_free_shash(tctx->hash);
+}
+
+static void essiv_aead_exit_tfm(struct crypto_aead *tfm)
+{
+ struct essiv_tfm_ctx *tctx = crypto_aead_ctx(tfm);
+
+ crypto_free_aead(tctx->u.aead);
+ crypto_free_cipher(tctx->essiv_cipher);
+ crypto_free_shash(tctx->hash);
+}
+
+static void essiv_skcipher_free_instance(struct skcipher_instance *inst)
+{
+ struct essiv_instance_ctx *ictx = skcipher_instance_ctx(inst);
+
+ crypto_drop_skcipher(&ictx->u.skcipher_spawn);
+ kfree(inst);
+}
+
+static void essiv_aead_free_instance(struct aead_instance *inst)
+{
+ struct essiv_instance_ctx *ictx = aead_instance_ctx(inst);
+
+ crypto_drop_aead(&ictx->u.aead_spawn);
+ kfree(inst);
+}
+
+static bool parse_cipher_name(char *essiv_cipher_name, const char *cra_name)
+{
+ const char *p, *q;
+ int len;
+
+ /* find the last opening parens */
+ p = strrchr(cra_name, '(');
+ if (!p++)
+ return false;
+
+ /* find the first closing parens in the tail of the string */
+ q = strchr(p, ')');
+ if (!q)
+ return false;
+
+ len = q - p;
+ if (len >= CRYPTO_MAX_ALG_NAME)
+ return false;
+
+ memcpy(essiv_cipher_name, p, len);
+ essiv_cipher_name[len] = '\0';
+ return true;
+}
+
+static bool essiv_supported_algorithms(const char *essiv_cipher_name,
+ struct shash_alg *hash_alg,
+ int ivsize)
+{
+ struct crypto_alg *alg;
+ bool ret = false;
+
+ alg = crypto_alg_mod_lookup(essiv_cipher_name,
+ CRYPTO_ALG_TYPE_CIPHER,
+ CRYPTO_ALG_TYPE_MASK);
+ if (IS_ERR(alg))
+ return false;
+
+ if (hash_alg->digestsize < alg->cra_cipher.cia_min_keysize ||
+ hash_alg->digestsize > alg->cra_cipher.cia_max_keysize)
+ goto out;
+
+ if (ivsize != alg->cra_blocksize)
+ goto out;
+
+ if (crypto_shash_alg_has_setkey(hash_alg))
+ goto out;
+
+ ret = true;
+
+out:
+ crypto_mod_put(alg);
+ return ret;
+}
+
+static int essiv_create(struct crypto_template *tmpl, struct rtattr **tb)
+{
+ struct crypto_attr_type *algt;
+ const char *inner_cipher_name;
+ const char *shash_name;
+ struct skcipher_instance *skcipher_inst = NULL;
+ struct aead_instance *aead_inst = NULL;
+ struct crypto_instance *inst;
+ struct crypto_alg *base, *block_base;
+ struct essiv_instance_ctx *ictx;
+ struct skcipher_alg *skcipher_alg = NULL;
+ struct aead_alg *aead_alg = NULL;
+ struct crypto_alg *_hash_alg;
+ struct shash_alg *hash_alg;
+ int ivsize;
+ u32 type;
+ int err;
+
+ algt = crypto_get_attr_type(tb);
+ if (IS_ERR(algt))
+ return PTR_ERR(algt);
+
+ inner_cipher_name = crypto_attr_alg_name(tb[1]);
+ if (IS_ERR(inner_cipher_name))
+ return PTR_ERR(inner_cipher_name);
+
+ shash_name = crypto_attr_alg_name(tb[2]);
+ if (IS_ERR(shash_name))
+ return PTR_ERR(shash_name);
+
+ type = algt->type & algt->mask;
+
+ switch (type) {
+ case CRYPTO_ALG_TYPE_BLKCIPHER:
+ skcipher_inst = kzalloc(sizeof(*skcipher_inst) +
+ sizeof(*ictx), GFP_KERNEL);
+ if (!skcipher_inst)
+ return -ENOMEM;
+ inst = skcipher_crypto_instance(skcipher_inst);
+ base = &skcipher_inst->alg.base;
+ ictx = crypto_instance_ctx(inst);
+
+ /* Symmetric cipher, e.g., "cbc(aes)" */
+ crypto_set_skcipher_spawn(&ictx->u.skcipher_spawn, inst);
+ err = crypto_grab_skcipher(&ictx->u.skcipher_spawn,
+ inner_cipher_name, 0,
+ crypto_requires_sync(algt->type,
+ algt->mask));
+ if (err)
+ goto out_free_inst;
+ skcipher_alg = crypto_spawn_skcipher_alg(&ictx->u.skcipher_spawn);
+ block_base = &skcipher_alg->base;
+ ivsize = crypto_skcipher_alg_ivsize(skcipher_alg);
+ break;
+
+ case CRYPTO_ALG_TYPE_AEAD:
+ aead_inst = kzalloc(sizeof(*aead_inst) +
+ sizeof(*ictx), GFP_KERNEL);
+ if (!aead_inst)
+ return -ENOMEM;
+ inst = aead_crypto_instance(aead_inst);
+ base = &aead_inst->alg.base;
+ ictx = crypto_instance_ctx(inst);
+
+ /* AEAD cipher, e.g., "authenc(hmac(sha256),cbc(aes))" */
+ crypto_set_aead_spawn(&ictx->u.aead_spawn, inst);
+ err = crypto_grab_aead(&ictx->u.aead_spawn,
+ inner_cipher_name, 0,
+ crypto_requires_sync(algt->type,
+ algt->mask));
+ if (err)
+ goto out_free_inst;
+ aead_alg = crypto_spawn_aead_alg(&ictx->u.aead_spawn);
+ block_base = &aead_alg->base;
+ if (!strstarts(block_base->cra_name, "authenc(")) {
+ pr_warn("Only authenc() type AEADs are supported by ESSIV\n");
+ err = -EINVAL;
+ goto out_drop_skcipher;
+ }
+ ivsize = aead_alg->ivsize;
+ break;
+
+ default:
+ return -EINVAL;
+ }
+
+ if (!parse_cipher_name(ictx->essiv_cipher_name, block_base->cra_name)) {
+ pr_warn("Failed to parse ESSIV cipher name from skcipher cra_name\n");
+ err = -EINVAL;
+ goto out_drop_skcipher;
+ }
+
+ /* Synchronous hash, e.g., "sha256" */
+ _hash_alg = crypto_alg_mod_lookup(shash_name,
+ CRYPTO_ALG_TYPE_SHASH,
+ CRYPTO_ALG_TYPE_MASK);
+ if (IS_ERR(_hash_alg)) {
+ err = PTR_ERR(_hash_alg);
+ goto out_drop_skcipher;
+ }
+ hash_alg = __crypto_shash_alg(_hash_alg);
+
+ /* Check the set of algorithms */
+ if (!essiv_supported_algorithms(ictx->essiv_cipher_name, hash_alg,
+ ivsize)) {
+ pr_warn("Unsupported essiv instantiation: essiv(%s,%s)\n",
+ block_base->cra_name, hash_alg->base.cra_name);
+ err = -EINVAL;
+ goto out_free_hash;
+ }
+
+ /* record the driver name so we can instantiate this exact algo later */
+ strlcpy(ictx->shash_driver_name, hash_alg->base.cra_driver_name,
+ CRYPTO_MAX_ALG_NAME);
+
+ /* Instance fields */
+
+ err = -ENAMETOOLONG;
+ if (snprintf(base->cra_name, CRYPTO_MAX_ALG_NAME,
+ "essiv(%s,%s)", block_base->cra_name,
+ hash_alg->base.cra_name) >= CRYPTO_MAX_ALG_NAME)
+ goto out_free_hash;
+ if (snprintf(base->cra_driver_name, CRYPTO_MAX_ALG_NAME,
+ "essiv(%s,%s)", block_base->cra_driver_name,
+ hash_alg->base.cra_driver_name) >= CRYPTO_MAX_ALG_NAME)
+ goto out_free_hash;
+
+ base->cra_flags = block_base->cra_flags & CRYPTO_ALG_ASYNC;
+ base->cra_blocksize = block_base->cra_blocksize;
+ base->cra_ctxsize = sizeof(struct essiv_tfm_ctx);
+ base->cra_alignmask = block_base->cra_alignmask;
+ base->cra_priority = block_base->cra_priority;
+
+ if (type == CRYPTO_ALG_TYPE_BLKCIPHER) {
+ skcipher_inst->alg.setkey = essiv_skcipher_setkey;
+ skcipher_inst->alg.encrypt = essiv_skcipher_encrypt;
+ skcipher_inst->alg.decrypt = essiv_skcipher_decrypt;
+ skcipher_inst->alg.init = essiv_skcipher_init_tfm;
+ skcipher_inst->alg.exit = essiv_skcipher_exit_tfm;
+
+ skcipher_inst->alg.min_keysize = crypto_skcipher_alg_min_keysize(skcipher_alg);
+ skcipher_inst->alg.max_keysize = crypto_skcipher_alg_max_keysize(skcipher_alg);
+ skcipher_inst->alg.ivsize = ivsize;
+ skcipher_inst->alg.chunksize = crypto_skcipher_alg_chunksize(skcipher_alg);
+ skcipher_inst->alg.walksize = crypto_skcipher_alg_walksize(skcipher_alg);
+
+ skcipher_inst->free = essiv_skcipher_free_instance;
+
+ err = skcipher_register_instance(tmpl, skcipher_inst);
+ } else {
+ aead_inst->alg.setkey = essiv_aead_setkey;
+ aead_inst->alg.setauthsize = essiv_aead_setauthsize;
+ aead_inst->alg.encrypt = essiv_aead_encrypt;
+ aead_inst->alg.decrypt = essiv_aead_decrypt;
+ aead_inst->alg.init = essiv_aead_init_tfm;
+ aead_inst->alg.exit = essiv_aead_exit_tfm;
+
+ aead_inst->alg.ivsize = ivsize;
+ aead_inst->alg.maxauthsize = crypto_aead_alg_maxauthsize(aead_alg);
+ aead_inst->alg.chunksize = crypto_aead_alg_chunksize(aead_alg);
+
+ aead_inst->free = essiv_aead_free_instance;
+
+ err = aead_register_instance(tmpl, aead_inst);
+ }
+
+ if (err)
+ goto out_free_hash;
+
+ crypto_mod_put(_hash_alg);
+ return 0;
+
+out_free_hash:
+ crypto_mod_put(_hash_alg);
+out_drop_skcipher:
+ if (type == CRYPTO_ALG_TYPE_BLKCIPHER)
+ crypto_drop_skcipher(&ictx->u.skcipher_spawn);
+ else
+ crypto_drop_aead(&ictx->u.aead_spawn);
+out_free_inst:
+ kfree(skcipher_inst);
+ kfree(aead_inst);
+ return err;
+}
+
+/* essiv(cipher_name, shash_name) */
+static struct crypto_template essiv_tmpl = {
+ .name = "essiv",
+ .create = essiv_create,
+ .module = THIS_MODULE,
+};
+
+static int __init essiv_module_init(void)
+{
+ return crypto_register_template(&essiv_tmpl);
+}
+
+static void __exit essiv_module_exit(void)
+{
+ crypto_unregister_template(&essiv_tmpl);
+}
+
+subsys_initcall(essiv_module_init);
+module_exit(essiv_module_exit);
+
+MODULE_DESCRIPTION("ESSIV skcipher/aead wrapper for block encryption");
+MODULE_LICENSE("GPL v2");
+MODULE_ALIAS_CRYPTO("essiv");
diff --git a/crypto/fcrypt.c b/crypto/fcrypt.c
index 4e8704405a3b..58f935315cf8 100644
--- a/crypto/fcrypt.c
+++ b/crypto/fcrypt.c
@@ -391,6 +391,7 @@ static int fcrypt_setkey(struct crypto_tfm *tfm, const u8 *key, unsigned int key
static struct crypto_alg fcrypt_alg = {
.cra_name = "fcrypt",
+ .cra_driver_name = "fcrypt-generic",
.cra_flags = CRYPTO_ALG_TYPE_CIPHER,
.cra_blocksize = 8,
.cra_ctxsize = sizeof(struct fcrypt_ctx),
diff --git a/crypto/fips.c b/crypto/fips.c
index c0b3a3c3452d..7b1d8caee669 100644
--- a/crypto/fips.c
+++ b/crypto/fips.c
@@ -11,10 +11,14 @@
#include <linux/module.h>
#include <linux/kernel.h>
#include <linux/sysctl.h>
+#include <linux/notifier.h>
int fips_enabled;
EXPORT_SYMBOL_GPL(fips_enabled);
+ATOMIC_NOTIFIER_HEAD(fips_fail_notif_chain);
+EXPORT_SYMBOL_GPL(fips_fail_notif_chain);
+
/* Process kernel command-line parameter at boot time. fips=0 or fips=1 */
static int fips_enable(char *str)
{
@@ -58,6 +62,13 @@ static void crypto_proc_fips_exit(void)
unregister_sysctl_table(crypto_sysctls);
}
+void fips_fail_notify(void)
+{
+ if (fips_enabled)
+ atomic_notifier_call_chain(&fips_fail_notif_chain, 0, NULL);
+}
+EXPORT_SYMBOL_GPL(fips_fail_notify);
+
static int __init fips_init(void)
{
crypto_proc_fips_init();
diff --git a/crypto/gcm.c b/crypto/gcm.c
index f254e2d4c206..73884208f075 100644
--- a/crypto/gcm.c
+++ b/crypto/gcm.c
@@ -152,20 +152,7 @@ out:
static int crypto_gcm_setauthsize(struct crypto_aead *tfm,
unsigned int authsize)
{
- switch (authsize) {
- case 4:
- case 8:
- case 12:
- case 13:
- case 14:
- case 15:
- case 16:
- break;
- default:
- return -EINVAL;
- }
-
- return 0;
+ return crypto_gcm_check_authsize(authsize);
}
static void crypto_gcm_init_common(struct aead_request *req)
@@ -762,15 +749,11 @@ static int crypto_rfc4106_setauthsize(struct crypto_aead *parent,
unsigned int authsize)
{
struct crypto_rfc4106_ctx *ctx = crypto_aead_ctx(parent);
+ int err;
- switch (authsize) {
- case 8:
- case 12:
- case 16:
- break;
- default:
- return -EINVAL;
- }
+ err = crypto_rfc4106_check_authsize(authsize);
+ if (err)
+ return err;
return crypto_aead_setauthsize(ctx->child, authsize);
}
@@ -818,8 +801,11 @@ static struct aead_request *crypto_rfc4106_crypt(struct aead_request *req)
static int crypto_rfc4106_encrypt(struct aead_request *req)
{
- if (req->assoclen != 16 && req->assoclen != 20)
- return -EINVAL;
+ int err;
+
+ err = crypto_ipsec_check_assoclen(req->assoclen);
+ if (err)
+ return err;
req = crypto_rfc4106_crypt(req);
@@ -828,8 +814,11 @@ static int crypto_rfc4106_encrypt(struct aead_request *req)
static int crypto_rfc4106_decrypt(struct aead_request *req)
{
- if (req->assoclen != 16 && req->assoclen != 20)
- return -EINVAL;
+ int err;
+
+ err = crypto_ipsec_check_assoclen(req->assoclen);
+ if (err)
+ return err;
req = crypto_rfc4106_crypt(req);
@@ -1045,12 +1034,14 @@ static int crypto_rfc4543_copy_src_to_dst(struct aead_request *req, bool enc)
static int crypto_rfc4543_encrypt(struct aead_request *req)
{
- return crypto_rfc4543_crypt(req, true);
+ return crypto_ipsec_check_assoclen(req->assoclen) ?:
+ crypto_rfc4543_crypt(req, true);
}
static int crypto_rfc4543_decrypt(struct aead_request *req)
{
- return crypto_rfc4543_crypt(req, false);
+ return crypto_ipsec_check_assoclen(req->assoclen) ?:
+ crypto_rfc4543_crypt(req, false);
}
static int crypto_rfc4543_init_tfm(struct crypto_aead *tfm)
diff --git a/crypto/ghash-generic.c b/crypto/ghash-generic.c
index dad9e1f91a78..5027b3461c92 100644
--- a/crypto/ghash-generic.c
+++ b/crypto/ghash-generic.c
@@ -1,12 +1,37 @@
// SPDX-License-Identifier: GPL-2.0-only
/*
- * GHASH: digest algorithm for GCM (Galois/Counter Mode).
+ * GHASH: hash function for GCM (Galois/Counter Mode).
*
* Copyright (c) 2007 Nokia Siemens Networks - Mikko Herranen <mh1@iki.fi>
* Copyright (c) 2009 Intel Corp.
* Author: Huang Ying <ying.huang@intel.com>
+ */
+
+/*
+ * GHASH is a keyed hash function used in GCM authentication tag generation.
+ *
+ * The original GCM paper [1] presents GHASH as a function GHASH(H, A, C) which
+ * takes a 16-byte hash key H, additional authenticated data A, and a ciphertext
+ * C. It formats A and C into a single byte string X, interprets X as a
+ * polynomial over GF(2^128), and evaluates this polynomial at the point H.
+ *
+ * However, the NIST standard for GCM [2] presents GHASH as GHASH(H, X) where X
+ * is the already-formatted byte string containing both A and C.
+ *
+ * "ghash" in the Linux crypto API uses the 'X' (pre-formatted) convention,
+ * since the API supports only a single data stream per hash. Thus, the
+ * formatting of 'A' and 'C' is done in the "gcm" template, not in "ghash".
+ *
+ * The reason "ghash" is separate from "gcm" is to allow "gcm" to use an
+ * accelerated "ghash" when a standalone accelerated "gcm(aes)" is unavailable.
+ * It is generally inappropriate to use "ghash" for other purposes, since it is
+ * an "ε-almost-XOR-universal hash function", not a cryptographic hash function.
+ * It can only be used securely in crypto modes specially designed to use it.
*
- * The algorithm implementation is copied from gcm.c.
+ * [1] The Galois/Counter Mode of Operation (GCM)
+ * (http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.694.695&rep=rep1&type=pdf)
+ * [2] Recommendation for Block Cipher Modes of Operation: Galois/Counter Mode (GCM) and GMAC
+ * (https://csrc.nist.gov/publications/detail/sp/800-38d/final)
*/
#include <crypto/algapi.h>
@@ -156,6 +181,6 @@ subsys_initcall(ghash_mod_init);
module_exit(ghash_mod_exit);
MODULE_LICENSE("GPL");
-MODULE_DESCRIPTION("GHASH Message Digest Algorithm");
+MODULE_DESCRIPTION("GHASH hash function");
MODULE_ALIAS_CRYPTO("ghash");
MODULE_ALIAS_CRYPTO("ghash-generic");
diff --git a/crypto/jitterentropy-kcapi.c b/crypto/jitterentropy-kcapi.c
index 787dccca3715..701b8d86ab49 100644
--- a/crypto/jitterentropy-kcapi.c
+++ b/crypto/jitterentropy-kcapi.c
@@ -56,11 +56,6 @@ void jent_entropy_collector_free(struct rand_data *entropy_collector);
* Helper function
***************************************************************************/
-__u64 jent_rol64(__u64 word, unsigned int shift)
-{
- return rol64(word, shift);
-}
-
void *jent_zalloc(unsigned int len)
{
return kzalloc(len, GFP_KERNEL);
diff --git a/crypto/jitterentropy.c b/crypto/jitterentropy.c
index acf44b2d2d1d..77fa2120fe0c 100644
--- a/crypto/jitterentropy.c
+++ b/crypto/jitterentropy.c
@@ -2,7 +2,7 @@
* Non-physical true random number generator based on timing jitter --
* Jitter RNG standalone code.
*
- * Copyright Stephan Mueller <smueller@chronox.de>, 2015
+ * Copyright Stephan Mueller <smueller@chronox.de>, 2015 - 2019
*
* Design
* ======
@@ -47,7 +47,7 @@
/*
* This Jitterentropy RNG is based on the jitterentropy library
- * version 1.1.0 provided at http://www.chronox.de/jent.html
+ * version 2.1.2 provided at http://www.chronox.de/jent.html
*/
#ifdef __OPTIMIZE__
@@ -71,10 +71,7 @@ struct rand_data {
#define DATA_SIZE_BITS ((sizeof(__u64)) * 8)
__u64 last_delta; /* SENSITIVE stuck test */
__s64 last_delta2; /* SENSITIVE stuck test */
- unsigned int stuck:1; /* Time measurement stuck */
unsigned int osr; /* Oversample rate */
- unsigned int stir:1; /* Post-processing stirring */
- unsigned int disable_unbias:1; /* Deactivate Von-Neuman unbias */
#define JENT_MEMORY_BLOCKS 64
#define JENT_MEMORY_BLOCKSIZE 32
#define JENT_MEMORY_ACCESSLOOPS 128
@@ -89,8 +86,6 @@ struct rand_data {
};
/* Flags that can be used to initialize the RNG */
-#define JENT_DISABLE_STIR (1<<0) /* Disable stirring the entropy pool */
-#define JENT_DISABLE_UNBIAS (1<<1) /* Disable the Von-Neuman Unbiaser */
#define JENT_DISABLE_MEMORY_ACCESS (1<<2) /* Disable memory access for more
* entropy, saves MEMORY_SIZE RAM for
* entropy collector */
@@ -99,19 +94,16 @@ struct rand_data {
#define JENT_ENOTIME 1 /* Timer service not available */
#define JENT_ECOARSETIME 2 /* Timer too coarse for RNG */
#define JENT_ENOMONOTONIC 3 /* Timer is not monotonic increasing */
-#define JENT_EMINVARIATION 4 /* Timer variations too small for RNG */
#define JENT_EVARVAR 5 /* Timer does not produce variations of
* variations (2nd derivation of time is
* zero). */
-#define JENT_EMINVARVAR 6 /* Timer variations of variations is tooi
- * small. */
+#define JENT_ESTUCK 8 /* Too many stuck results during init. */
/***************************************************************************
* Helper functions
***************************************************************************/
void jent_get_nstime(__u64 *out);
-__u64 jent_rol64(__u64 word, unsigned int shift);
void *jent_zalloc(unsigned int len);
void jent_zfree(void *ptr);
int jent_fips_enabled(void);
@@ -140,16 +132,16 @@ static __u64 jent_loop_shuffle(struct rand_data *ec,
jent_get_nstime(&time);
/*
- * mix the current state of the random number into the shuffle
- * calculation to balance that shuffle a bit more
+ * Mix the current state of the random number into the shuffle
+ * calculation to balance that shuffle a bit more.
*/
if (ec)
time ^= ec->data;
/*
- * we fold the time value as much as possible to ensure that as many
- * bits of the time stamp are included as possible
+ * We fold the time value as much as possible to ensure that as many
+ * bits of the time stamp are included as possible.
*/
- for (i = 0; (DATA_SIZE_BITS / bits) > i; i++) {
+ for (i = 0; ((DATA_SIZE_BITS + bits - 1) / bits) > i; i++) {
shuffle ^= time & mask;
time = time >> bits;
}
@@ -169,38 +161,28 @@ static __u64 jent_loop_shuffle(struct rand_data *ec,
* CPU Jitter noise source -- this is the noise source based on the CPU
* execution time jitter
*
- * This function folds the time into one bit units by iterating
- * through the DATA_SIZE_BITS bit time value as follows: assume our time value
- * is 0xabcd
- * 1st loop, 1st shift generates 0xd000
- * 1st loop, 2nd shift generates 0x000d
- * 2nd loop, 1st shift generates 0xcd00
- * 2nd loop, 2nd shift generates 0x000c
- * 3rd loop, 1st shift generates 0xbcd0
- * 3rd loop, 2nd shift generates 0x000b
- * 4th loop, 1st shift generates 0xabcd
- * 4th loop, 2nd shift generates 0x000a
- * Now, the values at the end of the 2nd shifts are XORed together.
+ * This function injects the individual bits of the time value into the
+ * entropy pool using an LFSR.
*
- * The code is deliberately inefficient and shall stay that way. This function
- * is the root cause why the code shall be compiled without optimization. This
- * function not only acts as folding operation, but this function's execution
- * is used to measure the CPU execution time jitter. Any change to the loop in
- * this function implies that careful retesting must be done.
+ * The code is deliberately inefficient with respect to the bit shifting
+ * and shall stay that way. This function is the root cause why the code
+ * shall be compiled without optimization. This function not only acts as
+ * folding operation, but this function's execution is used to measure
+ * the CPU execution time jitter. Any change to the loop in this function
+ * implies that careful retesting must be done.
*
* Input:
* @ec entropy collector struct -- may be NULL
- * @time time stamp to be folded
+ * @time time stamp to be injected
* @loop_cnt if a value not equal to 0 is set, use the given value as number of
* loops to perform the folding
*
* Output:
- * @folded result of folding operation
+ * updated ec->data
*
* @return Number of loops the folding operation is performed
*/
-static __u64 jent_fold_time(struct rand_data *ec, __u64 time,
- __u64 *folded, __u64 loop_cnt)
+static __u64 jent_lfsr_time(struct rand_data *ec, __u64 time, __u64 loop_cnt)
{
unsigned int i;
__u64 j = 0;
@@ -217,15 +199,34 @@ static __u64 jent_fold_time(struct rand_data *ec, __u64 time,
if (loop_cnt)
fold_loop_cnt = loop_cnt;
for (j = 0; j < fold_loop_cnt; j++) {
- new = 0;
+ new = ec->data;
for (i = 1; (DATA_SIZE_BITS) >= i; i++) {
__u64 tmp = time << (DATA_SIZE_BITS - i);
tmp = tmp >> (DATA_SIZE_BITS - 1);
+
+ /*
+ * Fibonacci LSFR with polynomial of
+ * x^64 + x^61 + x^56 + x^31 + x^28 + x^23 + 1 which is
+ * primitive according to
+ * http://poincare.matf.bg.ac.rs/~ezivkovm/publications/primpol1.pdf
+ * (the shift values are the polynomial values minus one
+ * due to counting bits from 0 to 63). As the current
+ * position is always the LSB, the polynomial only needs
+ * to shift data in from the left without wrap.
+ */
+ tmp ^= ((new >> 63) & 1);
+ tmp ^= ((new >> 60) & 1);
+ tmp ^= ((new >> 55) & 1);
+ tmp ^= ((new >> 30) & 1);
+ tmp ^= ((new >> 27) & 1);
+ tmp ^= ((new >> 22) & 1);
+ new <<= 1;
new ^= tmp;
}
}
- *folded = new;
+ ec->data = new;
+
return fold_loop_cnt;
}
@@ -258,7 +259,6 @@ static __u64 jent_fold_time(struct rand_data *ec, __u64 time,
*/
static unsigned int jent_memaccess(struct rand_data *ec, __u64 loop_cnt)
{
- unsigned char *tmpval = NULL;
unsigned int wrap = 0;
__u64 i = 0;
#define MAX_ACC_LOOP_BIT 7
@@ -278,7 +278,7 @@ static unsigned int jent_memaccess(struct rand_data *ec, __u64 loop_cnt)
acc_loop_cnt = loop_cnt;
for (i = 0; i < (ec->memaccessloops + acc_loop_cnt); i++) {
- tmpval = ec->mem + ec->memlocation;
+ unsigned char *tmpval = ec->mem + ec->memlocation;
/*
* memory access: just add 1 to one byte,
* wrap at 255 -- memory access implies read
@@ -316,7 +316,7 @@ static unsigned int jent_memaccess(struct rand_data *ec, __u64 loop_cnt)
* 0 jitter measurement not stuck (good bit)
* 1 jitter measurement stuck (reject bit)
*/
-static void jent_stuck(struct rand_data *ec, __u64 current_delta)
+static int jent_stuck(struct rand_data *ec, __u64 current_delta)
{
__s64 delta2 = ec->last_delta - current_delta;
__s64 delta3 = delta2 - ec->last_delta2;
@@ -325,14 +325,15 @@ static void jent_stuck(struct rand_data *ec, __u64 current_delta)
ec->last_delta2 = delta2;
if (!current_delta || !delta2 || !delta3)
- ec->stuck = 1;
+ return 1;
+
+ return 0;
}
/**
* This is the heart of the entropy generation: calculate time deltas and
- * use the CPU jitter in the time deltas. The jitter is folded into one
- * bit. You can call this function the "random bit generator" as it
- * produces one random bit per invocation.
+ * use the CPU jitter in the time deltas. The jitter is injected into the
+ * entropy pool.
*
* WARNING: ensure that ->prev_time is primed before using the output
* of this function! This can be done by calling this function
@@ -341,12 +342,11 @@ static void jent_stuck(struct rand_data *ec, __u64 current_delta)
* Input:
* @entropy_collector Reference to entropy collector
*
- * @return One random bit
+ * @return result of stuck test
*/
-static __u64 jent_measure_jitter(struct rand_data *ec)
+static int jent_measure_jitter(struct rand_data *ec)
{
__u64 time = 0;
- __u64 data = 0;
__u64 current_delta = 0;
/* Invoke one noise source before time measurement to add variations */
@@ -360,109 +360,11 @@ static __u64 jent_measure_jitter(struct rand_data *ec)
current_delta = time - ec->prev_time;
ec->prev_time = time;
- /* Now call the next noise sources which also folds the data */
- jent_fold_time(ec, current_delta, &data, 0);
-
- /*
- * Check whether we have a stuck measurement. The enforcement
- * is performed after the stuck value has been mixed into the
- * entropy pool.
- */
- jent_stuck(ec, current_delta);
-
- return data;
-}
-
-/**
- * Von Neuman unbias as explained in RFC 4086 section 4.2. As shown in the
- * documentation of that RNG, the bits from jent_measure_jitter are considered
- * independent which implies that the Von Neuman unbias operation is applicable.
- * A proof of the Von-Neumann unbias operation to remove skews is given in the
- * document "A proposal for: Functionality classes for random number
- * generators", version 2.0 by Werner Schindler, section 5.4.1.
- *
- * Input:
- * @entropy_collector Reference to entropy collector
- *
- * @return One random bit
- */
-static __u64 jent_unbiased_bit(struct rand_data *entropy_collector)
-{
- do {
- __u64 a = jent_measure_jitter(entropy_collector);
- __u64 b = jent_measure_jitter(entropy_collector);
-
- if (a == b)
- continue;
- if (1 == a)
- return 1;
- else
- return 0;
- } while (1);
-}
-
-/**
- * Shuffle the pool a bit by mixing some value with a bijective function (XOR)
- * into the pool.
- *
- * The function generates a mixer value that depends on the bits set and the
- * location of the set bits in the random number generated by the entropy
- * source. Therefore, based on the generated random number, this mixer value
- * can have 2**64 different values. That mixer value is initialized with the
- * first two SHA-1 constants. After obtaining the mixer value, it is XORed into
- * the random number.
- *
- * The mixer value is not assumed to contain any entropy. But due to the XOR
- * operation, it can also not destroy any entropy present in the entropy pool.
- *
- * Input:
- * @entropy_collector Reference to entropy collector
- */
-static void jent_stir_pool(struct rand_data *entropy_collector)
-{
- /*
- * to shut up GCC on 32 bit, we have to initialize the 64 variable
- * with two 32 bit variables
- */
- union c {
- __u64 u64;
- __u32 u32[2];
- };
- /*
- * This constant is derived from the first two 32 bit initialization
- * vectors of SHA-1 as defined in FIPS 180-4 section 5.3.1
- */
- union c constant;
- /*
- * The start value of the mixer variable is derived from the third
- * and fourth 32 bit initialization vector of SHA-1 as defined in
- * FIPS 180-4 section 5.3.1
- */
- union c mixer;
- unsigned int i = 0;
-
- /*
- * Store the SHA-1 constants in reverse order to make up the 64 bit
- * value -- this applies to a little endian system, on a big endian
- * system, it reverses as expected. But this really does not matter
- * as we do not rely on the specific numbers. We just pick the SHA-1
- * constants as they have a good mix of bit set and unset.
- */
- constant.u32[1] = 0x67452301;
- constant.u32[0] = 0xefcdab89;
- mixer.u32[1] = 0x98badcfe;
- mixer.u32[0] = 0x10325476;
+ /* Now call the next noise sources which also injects the data */
+ jent_lfsr_time(ec, current_delta, 0);
- for (i = 0; i < DATA_SIZE_BITS; i++) {
- /*
- * get the i-th bit of the input random number and only XOR
- * the constant into the mixer value when that bit is set
- */
- if ((entropy_collector->data >> i) & 1)
- mixer.u64 ^= constant.u64;
- mixer.u64 = jent_rol64(mixer.u64, 1);
- }
- entropy_collector->data ^= mixer.u64;
+ /* Check whether we have a stuck measurement. */
+ return jent_stuck(ec, current_delta);
}
/**
@@ -480,48 +382,9 @@ static void jent_gen_entropy(struct rand_data *ec)
jent_measure_jitter(ec);
while (1) {
- __u64 data = 0;
-
- if (ec->disable_unbias == 1)
- data = jent_measure_jitter(ec);
- else
- data = jent_unbiased_bit(ec);
-
- /* enforcement of the jent_stuck test */
- if (ec->stuck) {
- /*
- * We only mix in the bit considered not appropriate
- * without the LSFR. The reason is that if we apply
- * the LSFR and we do not rotate, the 2nd bit with LSFR
- * will cancel out the first LSFR application on the
- * bad bit.
- *
- * And we do not rotate as we apply the next bit to the
- * current bit location again.
- */
- ec->data ^= data;
- ec->stuck = 0;
+ /* If a stuck measurement is received, repeat measurement */
+ if (jent_measure_jitter(ec))
continue;
- }
-
- /*
- * Fibonacci LSFR with polynom of
- * x^64 + x^61 + x^56 + x^31 + x^28 + x^23 + 1 which is
- * primitive according to
- * http://poincare.matf.bg.ac.rs/~ezivkovm/publications/primpol1.pdf
- * (the shift values are the polynom values minus one
- * due to counting bits from 0 to 63). As the current
- * position is always the LSB, the polynom only needs
- * to shift data in from the left without wrap.
- */
- ec->data ^= data;
- ec->data ^= ((ec->data >> 63) & 1);
- ec->data ^= ((ec->data >> 60) & 1);
- ec->data ^= ((ec->data >> 55) & 1);
- ec->data ^= ((ec->data >> 30) & 1);
- ec->data ^= ((ec->data >> 27) & 1);
- ec->data ^= ((ec->data >> 22) & 1);
- ec->data = jent_rol64(ec->data, 1);
/*
* We multiply the loop value with ->osr to obtain the
@@ -530,8 +393,6 @@ static void jent_gen_entropy(struct rand_data *ec)
if (++k >= (DATA_SIZE_BITS * ec->osr))
break;
}
- if (ec->stir)
- jent_stir_pool(ec);
}
/**
@@ -639,12 +500,6 @@ struct rand_data *jent_entropy_collector_alloc(unsigned int osr,
osr = 1; /* minimum sampling rate is 1 */
entropy_collector->osr = osr;
- entropy_collector->stir = 1;
- if (flags & JENT_DISABLE_STIR)
- entropy_collector->stir = 0;
- if (flags & JENT_DISABLE_UNBIAS)
- entropy_collector->disable_unbias = 1;
-
/* fill the data pad with non-zero values */
jent_gen_entropy(entropy_collector);
@@ -656,7 +511,6 @@ void jent_entropy_collector_free(struct rand_data *entropy_collector)
jent_zfree(entropy_collector->mem);
entropy_collector->mem = NULL;
jent_zfree(entropy_collector);
- entropy_collector = NULL;
}
int jent_entropy_init(void)
@@ -665,8 +519,9 @@ int jent_entropy_init(void)
__u64 delta_sum = 0;
__u64 old_delta = 0;
int time_backwards = 0;
- int count_var = 0;
int count_mod = 0;
+ int count_stuck = 0;
+ struct rand_data ec = { 0 };
/* We could perform statistical tests here, but the problem is
* that we only have a few loop counts to do testing. These
@@ -695,12 +550,14 @@ int jent_entropy_init(void)
for (i = 0; (TESTLOOPCOUNT + CLEARCACHE) > i; i++) {
__u64 time = 0;
__u64 time2 = 0;
- __u64 folded = 0;
__u64 delta = 0;
unsigned int lowdelta = 0;
+ int stuck;
+ /* Invoke core entropy collection logic */
jent_get_nstime(&time);
- jent_fold_time(NULL, time, &folded, 1<<MIN_FOLD_LOOP_BIT);
+ ec.prev_time = time;
+ jent_lfsr_time(&ec, time, 0);
jent_get_nstime(&time2);
/* test whether timer works */
@@ -715,6 +572,8 @@ int jent_entropy_init(void)
if (!delta)
return JENT_ECOARSETIME;
+ stuck = jent_stuck(&ec, delta);
+
/*
* up to here we did not modify any variable that will be
* evaluated later, but we already performed some work. Thus we
@@ -725,14 +584,14 @@ int jent_entropy_init(void)
if (CLEARCACHE > i)
continue;
+ if (stuck)
+ count_stuck++;
+
/* test whether we have an increasing timer */
if (!(time2 > time))
time_backwards++;
- /*
- * Avoid modulo of 64 bit integer to allow code to compile
- * on 32 bit architectures.
- */
+ /* use 32 bit value to ensure compilation on 32 bit arches */
lowdelta = time2 - time;
if (!(lowdelta % 100))
count_mod++;
@@ -743,14 +602,10 @@ int jent_entropy_init(void)
* only after the first loop is executed as we need to prime
* the old_data value
*/
- if (i) {
- if (delta != old_delta)
- count_var++;
- if (delta > old_delta)
- delta_sum += (delta - old_delta);
- else
- delta_sum += (old_delta - delta);
- }
+ if (delta > old_delta)
+ delta_sum += (delta - old_delta);
+ else
+ delta_sum += (old_delta - delta);
old_delta = delta;
}
@@ -763,25 +618,29 @@ int jent_entropy_init(void)
*/
if (3 < time_backwards)
return JENT_ENOMONOTONIC;
- /* Error if the time variances are always identical */
- if (!delta_sum)
- return JENT_EVARVAR;
/*
* Variations of deltas of time must on average be larger
* than 1 to ensure the entropy estimation
* implied with 1 is preserved
*/
- if (delta_sum <= 1)
- return JENT_EMINVARVAR;
+ if ((delta_sum) <= 1)
+ return JENT_EVARVAR;
/*
* Ensure that we have variations in the time stamp below 10 for at
- * least 10% of all checks -- on some platforms, the counter
- * increments in multiples of 100, but not always
+ * least 10% of all checks -- on some platforms, the counter increments
+ * in multiples of 100, but not always
*/
if ((TESTLOOPCOUNT/10 * 9) < count_mod)
return JENT_ECOARSETIME;
+ /*
+ * If we have more than 90% stuck results, then this Jitter RNG is
+ * likely to not work well.
+ */
+ if ((TESTLOOPCOUNT/10 * 9) < count_stuck)
+ return JENT_ESTUCK;
+
return 0;
}
diff --git a/crypto/khazad.c b/crypto/khazad.c
index b50aa8a3ab4c..14ca7f1631c7 100644
--- a/crypto/khazad.c
+++ b/crypto/khazad.c
@@ -848,6 +848,7 @@ static void khazad_decrypt(struct crypto_tfm *tfm, u8 *dst, const u8 *src)
static struct crypto_alg khazad_alg = {
.cra_name = "khazad",
+ .cra_driver_name = "khazad-generic",
.cra_flags = CRYPTO_ALG_TYPE_CIPHER,
.cra_blocksize = KHAZAD_BLOCK_SIZE,
.cra_ctxsize = sizeof (struct khazad_ctx),
diff --git a/crypto/lz4.c b/crypto/lz4.c
index 54673cf88385..0606f8862e78 100644
--- a/crypto/lz4.c
+++ b/crypto/lz4.c
@@ -106,6 +106,7 @@ static int lz4_decompress_crypto(struct crypto_tfm *tfm, const u8 *src,
static struct crypto_alg alg_lz4 = {
.cra_name = "lz4",
+ .cra_driver_name = "lz4-generic",
.cra_flags = CRYPTO_ALG_TYPE_COMPRESS,
.cra_ctxsize = sizeof(struct lz4_ctx),
.cra_module = THIS_MODULE,
diff --git a/crypto/lz4hc.c b/crypto/lz4hc.c
index daae7bfb385d..d7cc94aa2fcf 100644
--- a/crypto/lz4hc.c
+++ b/crypto/lz4hc.c
@@ -107,6 +107,7 @@ static int lz4hc_decompress_crypto(struct crypto_tfm *tfm, const u8 *src,
static struct crypto_alg alg_lz4hc = {
.cra_name = "lz4hc",
+ .cra_driver_name = "lz4hc-generic",
.cra_flags = CRYPTO_ALG_TYPE_COMPRESS,
.cra_ctxsize = sizeof(struct lz4hc_ctx),
.cra_module = THIS_MODULE,
diff --git a/crypto/lzo-rle.c b/crypto/lzo-rle.c
index c4303e96f2b1..0631d975bfac 100644
--- a/crypto/lzo-rle.c
+++ b/crypto/lzo-rle.c
@@ -109,6 +109,7 @@ static int lzorle_sdecompress(struct crypto_scomp *tfm, const u8 *src,
static struct crypto_alg alg = {
.cra_name = "lzo-rle",
+ .cra_driver_name = "lzo-rle-generic",
.cra_flags = CRYPTO_ALG_TYPE_COMPRESS,
.cra_ctxsize = sizeof(struct lzorle_ctx),
.cra_module = THIS_MODULE,
diff --git a/crypto/lzo.c b/crypto/lzo.c
index 97051a2ca08e..ebda132dd22b 100644
--- a/crypto/lzo.c
+++ b/crypto/lzo.c
@@ -109,6 +109,7 @@ static int lzo_sdecompress(struct crypto_scomp *tfm, const u8 *src,
static struct crypto_alg alg = {
.cra_name = "lzo",
+ .cra_driver_name = "lzo-generic",
.cra_flags = CRYPTO_ALG_TYPE_COMPRESS,
.cra_ctxsize = sizeof(struct lzo_ctx),
.cra_module = THIS_MODULE,
diff --git a/crypto/md4.c b/crypto/md4.c
index 9a1a228a0c69..2e7f2f319f95 100644
--- a/crypto/md4.c
+++ b/crypto/md4.c
@@ -216,9 +216,10 @@ static struct shash_alg alg = {
.final = md4_final,
.descsize = sizeof(struct md4_ctx),
.base = {
- .cra_name = "md4",
- .cra_blocksize = MD4_HMAC_BLOCK_SIZE,
- .cra_module = THIS_MODULE,
+ .cra_name = "md4",
+ .cra_driver_name = "md4-generic",
+ .cra_blocksize = MD4_HMAC_BLOCK_SIZE,
+ .cra_module = THIS_MODULE,
}
};
diff --git a/crypto/md5.c b/crypto/md5.c
index 221c2c0932f8..22dc60bc0437 100644
--- a/crypto/md5.c
+++ b/crypto/md5.c
@@ -228,9 +228,10 @@ static struct shash_alg alg = {
.descsize = sizeof(struct md5_state),
.statesize = sizeof(struct md5_state),
.base = {
- .cra_name = "md5",
- .cra_blocksize = MD5_HMAC_BLOCK_SIZE,
- .cra_module = THIS_MODULE,
+ .cra_name = "md5",
+ .cra_driver_name = "md5-generic",
+ .cra_blocksize = MD5_HMAC_BLOCK_SIZE,
+ .cra_module = THIS_MODULE,
}
};
diff --git a/crypto/michael_mic.c b/crypto/michael_mic.c
index b3d83ff709d3..20e6220f46f6 100644
--- a/crypto/michael_mic.c
+++ b/crypto/michael_mic.c
@@ -156,6 +156,7 @@ static struct shash_alg alg = {
.descsize = sizeof(struct michael_mic_desc_ctx),
.base = {
.cra_name = "michael_mic",
+ .cra_driver_name = "michael_mic-generic",
.cra_blocksize = 8,
.cra_alignmask = 3,
.cra_ctxsize = sizeof(struct michael_mic_ctx),
diff --git a/crypto/morus1280.c b/crypto/morus1280.c
deleted file mode 100644
index f8734c6576af..000000000000
--- a/crypto/morus1280.c
+++ /dev/null
@@ -1,542 +0,0 @@
-// SPDX-License-Identifier: GPL-2.0-or-later
-/*
- * The MORUS-1280 Authenticated-Encryption Algorithm
- *
- * Copyright (c) 2016-2018 Ondrej Mosnacek <omosnacek@gmail.com>
- * Copyright (C) 2017-2018 Red Hat, Inc. All rights reserved.
- */
-
-#include <asm/unaligned.h>
-#include <crypto/algapi.h>
-#include <crypto/internal/aead.h>
-#include <crypto/internal/skcipher.h>
-#include <crypto/morus_common.h>
-#include <crypto/scatterwalk.h>
-#include <linux/err.h>
-#include <linux/init.h>
-#include <linux/kernel.h>
-#include <linux/module.h>
-#include <linux/scatterlist.h>
-
-#define MORUS1280_WORD_SIZE 8
-#define MORUS1280_BLOCK_SIZE (MORUS_BLOCK_WORDS * MORUS1280_WORD_SIZE)
-#define MORUS1280_BLOCK_ALIGN (__alignof__(__le64))
-#define MORUS1280_ALIGNED(p) IS_ALIGNED((uintptr_t)p, MORUS1280_BLOCK_ALIGN)
-
-struct morus1280_block {
- u64 words[MORUS_BLOCK_WORDS];
-};
-
-union morus1280_block_in {
- __le64 words[MORUS_BLOCK_WORDS];
- u8 bytes[MORUS1280_BLOCK_SIZE];
-};
-
-struct morus1280_state {
- struct morus1280_block s[MORUS_STATE_BLOCKS];
-};
-
-struct morus1280_ctx {
- struct morus1280_block key;
-};
-
-struct morus1280_ops {
- int (*skcipher_walk_init)(struct skcipher_walk *walk,
- struct aead_request *req, bool atomic);
-
- void (*crypt_chunk)(struct morus1280_state *state,
- u8 *dst, const u8 *src, unsigned int size);
-};
-
-static const struct morus1280_block crypto_morus1280_const[1] = {
- { .words = {
- U64_C(0x0d08050302010100),
- U64_C(0x6279e99059372215),
- U64_C(0xf12fc26d55183ddb),
- U64_C(0xdd28b57342311120),
- } },
-};
-
-static void crypto_morus1280_round(struct morus1280_block *b0,
- struct morus1280_block *b1,
- struct morus1280_block *b2,
- struct morus1280_block *b3,
- struct morus1280_block *b4,
- const struct morus1280_block *m,
- unsigned int b, unsigned int w)
-{
- unsigned int i;
- struct morus1280_block tmp;
-
- for (i = 0; i < MORUS_BLOCK_WORDS; i++) {
- b0->words[i] ^= b1->words[i] & b2->words[i];
- b0->words[i] ^= b3->words[i];
- b0->words[i] ^= m->words[i];
- b0->words[i] = rol64(b0->words[i], b);
- }
-
- tmp = *b3;
- for (i = 0; i < MORUS_BLOCK_WORDS; i++)
- b3->words[(i + w) % MORUS_BLOCK_WORDS] = tmp.words[i];
-}
-
-static void crypto_morus1280_update(struct morus1280_state *state,
- const struct morus1280_block *m)
-{
- static const struct morus1280_block z = {};
-
- struct morus1280_block *s = state->s;
-
- crypto_morus1280_round(&s[0], &s[1], &s[2], &s[3], &s[4], &z, 13, 1);
- crypto_morus1280_round(&s[1], &s[2], &s[3], &s[4], &s[0], m, 46, 2);
- crypto_morus1280_round(&s[2], &s[3], &s[4], &s[0], &s[1], m, 38, 3);
- crypto_morus1280_round(&s[3], &s[4], &s[0], &s[1], &s[2], m, 7, 2);
- crypto_morus1280_round(&s[4], &s[0], &s[1], &s[2], &s[3], m, 4, 1);
-}
-
-static void crypto_morus1280_load_a(struct morus1280_block *dst, const u8 *src)
-{
- unsigned int i;
- for (i = 0; i < MORUS_BLOCK_WORDS; i++) {
- dst->words[i] = le64_to_cpu(*(const __le64 *)src);
- src += MORUS1280_WORD_SIZE;
- }
-}
-
-static void crypto_morus1280_load_u(struct morus1280_block *dst, const u8 *src)
-{
- unsigned int i;
- for (i = 0; i < MORUS_BLOCK_WORDS; i++) {
- dst->words[i] = get_unaligned_le64(src);
- src += MORUS1280_WORD_SIZE;
- }
-}
-
-static void crypto_morus1280_load(struct morus1280_block *dst, const u8 *src)
-{
- if (MORUS1280_ALIGNED(src))
- crypto_morus1280_load_a(dst, src);
- else
- crypto_morus1280_load_u(dst, src);
-}
-
-static void crypto_morus1280_store_a(u8 *dst, const struct morus1280_block *src)
-{
- unsigned int i;
- for (i = 0; i < MORUS_BLOCK_WORDS; i++) {
- *(__le64 *)dst = cpu_to_le64(src->words[i]);
- dst += MORUS1280_WORD_SIZE;
- }
-}
-
-static void crypto_morus1280_store_u(u8 *dst, const struct morus1280_block *src)
-{
- unsigned int i;
- for (i = 0; i < MORUS_BLOCK_WORDS; i++) {
- put_unaligned_le64(src->words[i], dst);
- dst += MORUS1280_WORD_SIZE;
- }
-}
-
-static void crypto_morus1280_store(u8 *dst, const struct morus1280_block *src)
-{
- if (MORUS1280_ALIGNED(dst))
- crypto_morus1280_store_a(dst, src);
- else
- crypto_morus1280_store_u(dst, src);
-}
-
-static void crypto_morus1280_ad(struct morus1280_state *state, const u8 *src,
- unsigned int size)
-{
- struct morus1280_block m;
-
- if (MORUS1280_ALIGNED(src)) {
- while (size >= MORUS1280_BLOCK_SIZE) {
- crypto_morus1280_load_a(&m, src);
- crypto_morus1280_update(state, &m);
-
- size -= MORUS1280_BLOCK_SIZE;
- src += MORUS1280_BLOCK_SIZE;
- }
- } else {
- while (size >= MORUS1280_BLOCK_SIZE) {
- crypto_morus1280_load_u(&m, src);
- crypto_morus1280_update(state, &m);
-
- size -= MORUS1280_BLOCK_SIZE;
- src += MORUS1280_BLOCK_SIZE;
- }
- }
-}
-
-static void crypto_morus1280_core(const struct morus1280_state *state,
- struct morus1280_block *blk)
-{
- unsigned int i;
-
- for (i = 0; i < MORUS_BLOCK_WORDS; i++)
- blk->words[(i + 3) % MORUS_BLOCK_WORDS] ^= state->s[1].words[i];
-
- for (i = 0; i < MORUS_BLOCK_WORDS; i++) {
- blk->words[i] ^= state->s[0].words[i];
- blk->words[i] ^= state->s[2].words[i] & state->s[3].words[i];
- }
-}
-
-static void crypto_morus1280_encrypt_chunk(struct morus1280_state *state,
- u8 *dst, const u8 *src,
- unsigned int size)
-{
- struct morus1280_block c, m;
-
- if (MORUS1280_ALIGNED(src) && MORUS1280_ALIGNED(dst)) {
- while (size >= MORUS1280_BLOCK_SIZE) {
- crypto_morus1280_load_a(&m, src);
- c = m;
- crypto_morus1280_core(state, &c);
- crypto_morus1280_store_a(dst, &c);
- crypto_morus1280_update(state, &m);
-
- src += MORUS1280_BLOCK_SIZE;
- dst += MORUS1280_BLOCK_SIZE;
- size -= MORUS1280_BLOCK_SIZE;
- }
- } else {
- while (size >= MORUS1280_BLOCK_SIZE) {
- crypto_morus1280_load_u(&m, src);
- c = m;
- crypto_morus1280_core(state, &c);
- crypto_morus1280_store_u(dst, &c);
- crypto_morus1280_update(state, &m);
-
- src += MORUS1280_BLOCK_SIZE;
- dst += MORUS1280_BLOCK_SIZE;
- size -= MORUS1280_BLOCK_SIZE;
- }
- }
-
- if (size > 0) {
- union morus1280_block_in tail;
-
- memcpy(tail.bytes, src, size);
- memset(tail.bytes + size, 0, MORUS1280_BLOCK_SIZE - size);
-
- crypto_morus1280_load_a(&m, tail.bytes);
- c = m;
- crypto_morus1280_core(state, &c);
- crypto_morus1280_store_a(tail.bytes, &c);
- crypto_morus1280_update(state, &m);
-
- memcpy(dst, tail.bytes, size);
- }
-}
-
-static void crypto_morus1280_decrypt_chunk(struct morus1280_state *state,
- u8 *dst, const u8 *src,
- unsigned int size)
-{
- struct morus1280_block m;
-
- if (MORUS1280_ALIGNED(src) && MORUS1280_ALIGNED(dst)) {
- while (size >= MORUS1280_BLOCK_SIZE) {
- crypto_morus1280_load_a(&m, src);
- crypto_morus1280_core(state, &m);
- crypto_morus1280_store_a(dst, &m);
- crypto_morus1280_update(state, &m);
-
- src += MORUS1280_BLOCK_SIZE;
- dst += MORUS1280_BLOCK_SIZE;
- size -= MORUS1280_BLOCK_SIZE;
- }
- } else {
- while (size >= MORUS1280_BLOCK_SIZE) {
- crypto_morus1280_load_u(&m, src);
- crypto_morus1280_core(state, &m);
- crypto_morus1280_store_u(dst, &m);
- crypto_morus1280_update(state, &m);
-
- src += MORUS1280_BLOCK_SIZE;
- dst += MORUS1280_BLOCK_SIZE;
- size -= MORUS1280_BLOCK_SIZE;
- }
- }
-
- if (size > 0) {
- union morus1280_block_in tail;
-
- memcpy(tail.bytes, src, size);
- memset(tail.bytes + size, 0, MORUS1280_BLOCK_SIZE - size);
-
- crypto_morus1280_load_a(&m, tail.bytes);
- crypto_morus1280_core(state, &m);
- crypto_morus1280_store_a(tail.bytes, &m);
- memset(tail.bytes + size, 0, MORUS1280_BLOCK_SIZE - size);
- crypto_morus1280_load_a(&m, tail.bytes);
- crypto_morus1280_update(state, &m);
-
- memcpy(dst, tail.bytes, size);
- }
-}
-
-static void crypto_morus1280_init(struct morus1280_state *state,
- const struct morus1280_block *key,
- const u8 *iv)
-{
- static const struct morus1280_block z = {};
-
- union morus1280_block_in tmp;
- unsigned int i;
-
- memcpy(tmp.bytes, iv, MORUS_NONCE_SIZE);
- memset(tmp.bytes + MORUS_NONCE_SIZE, 0,
- MORUS1280_BLOCK_SIZE - MORUS_NONCE_SIZE);
-
- crypto_morus1280_load(&state->s[0], tmp.bytes);
- state->s[1] = *key;
- for (i = 0; i < MORUS_BLOCK_WORDS; i++)
- state->s[2].words[i] = U64_C(0xFFFFFFFFFFFFFFFF);
- state->s[3] = z;
- state->s[4] = crypto_morus1280_const[0];
-
- for (i = 0; i < 16; i++)
- crypto_morus1280_update(state, &z);
-
- for (i = 0; i < MORUS_BLOCK_WORDS; i++)
- state->s[1].words[i] ^= key->words[i];
-}
-
-static void crypto_morus1280_process_ad(struct morus1280_state *state,
- struct scatterlist *sg_src,
- unsigned int assoclen)
-{
- struct scatter_walk walk;
- struct morus1280_block m;
- union morus1280_block_in buf;
- unsigned int pos = 0;
-
- scatterwalk_start(&walk, sg_src);
- while (assoclen != 0) {
- unsigned int size = scatterwalk_clamp(&walk, assoclen);
- unsigned int left = size;
- void *mapped = scatterwalk_map(&walk);
- const u8 *src = (const u8 *)mapped;
-
- if (pos + size >= MORUS1280_BLOCK_SIZE) {
- if (pos > 0) {
- unsigned int fill = MORUS1280_BLOCK_SIZE - pos;
- memcpy(buf.bytes + pos, src, fill);
-
- crypto_morus1280_load_a(&m, buf.bytes);
- crypto_morus1280_update(state, &m);
-
- pos = 0;
- left -= fill;
- src += fill;
- }
-
- crypto_morus1280_ad(state, src, left);
- src += left & ~(MORUS1280_BLOCK_SIZE - 1);
- left &= MORUS1280_BLOCK_SIZE - 1;
- }
-
- memcpy(buf.bytes + pos, src, left);
-
- pos += left;
- assoclen -= size;
- scatterwalk_unmap(mapped);
- scatterwalk_advance(&walk, size);
- scatterwalk_done(&walk, 0, assoclen);
- }
-
- if (pos > 0) {
- memset(buf.bytes + pos, 0, MORUS1280_BLOCK_SIZE - pos);
-
- crypto_morus1280_load_a(&m, buf.bytes);
- crypto_morus1280_update(state, &m);
- }
-}
-
-static void crypto_morus1280_process_crypt(struct morus1280_state *state,
- struct aead_request *req,
- const struct morus1280_ops *ops)
-{
- struct skcipher_walk walk;
-
- ops->skcipher_walk_init(&walk, req, false);
-
- while (walk.nbytes) {
- unsigned int nbytes = walk.nbytes;
-
- if (nbytes < walk.total)
- nbytes = round_down(nbytes, walk.stride);
-
- ops->crypt_chunk(state, walk.dst.virt.addr, walk.src.virt.addr,
- nbytes);
-
- skcipher_walk_done(&walk, walk.nbytes - nbytes);
- }
-}
-
-static void crypto_morus1280_final(struct morus1280_state *state,
- struct morus1280_block *tag_xor,
- u64 assoclen, u64 cryptlen)
-{
- struct morus1280_block tmp;
- unsigned int i;
-
- tmp.words[0] = assoclen * 8;
- tmp.words[1] = cryptlen * 8;
- tmp.words[2] = 0;
- tmp.words[3] = 0;
-
- for (i = 0; i < MORUS_BLOCK_WORDS; i++)
- state->s[4].words[i] ^= state->s[0].words[i];
-
- for (i = 0; i < 10; i++)
- crypto_morus1280_update(state, &tmp);
-
- crypto_morus1280_core(state, tag_xor);
-}
-
-static int crypto_morus1280_setkey(struct crypto_aead *aead, const u8 *key,
- unsigned int keylen)
-{
- struct morus1280_ctx *ctx = crypto_aead_ctx(aead);
- union morus1280_block_in tmp;
-
- if (keylen == MORUS1280_BLOCK_SIZE)
- crypto_morus1280_load(&ctx->key, key);
- else if (keylen == MORUS1280_BLOCK_SIZE / 2) {
- memcpy(tmp.bytes, key, keylen);
- memcpy(tmp.bytes + keylen, key, keylen);
-
- crypto_morus1280_load(&ctx->key, tmp.bytes);
- } else {
- crypto_aead_set_flags(aead, CRYPTO_TFM_RES_BAD_KEY_LEN);
- return -EINVAL;
- }
-
- return 0;
-}
-
-static int crypto_morus1280_setauthsize(struct crypto_aead *tfm,
- unsigned int authsize)
-{
- return (authsize <= MORUS_MAX_AUTH_SIZE) ? 0 : -EINVAL;
-}
-
-static void crypto_morus1280_crypt(struct aead_request *req,
- struct morus1280_block *tag_xor,
- unsigned int cryptlen,
- const struct morus1280_ops *ops)
-{
- struct crypto_aead *tfm = crypto_aead_reqtfm(req);
- struct morus1280_ctx *ctx = crypto_aead_ctx(tfm);
- struct morus1280_state state;
-
- crypto_morus1280_init(&state, &ctx->key, req->iv);
- crypto_morus1280_process_ad(&state, req->src, req->assoclen);
- crypto_morus1280_process_crypt(&state, req, ops);
- crypto_morus1280_final(&state, tag_xor, req->assoclen, cryptlen);
-}
-
-static int crypto_morus1280_encrypt(struct aead_request *req)
-{
- static const struct morus1280_ops ops = {
- .skcipher_walk_init = skcipher_walk_aead_encrypt,
- .crypt_chunk = crypto_morus1280_encrypt_chunk,
- };
-
- struct crypto_aead *tfm = crypto_aead_reqtfm(req);
- struct morus1280_block tag = {};
- union morus1280_block_in tag_out;
- unsigned int authsize = crypto_aead_authsize(tfm);
- unsigned int cryptlen = req->cryptlen;
-
- crypto_morus1280_crypt(req, &tag, cryptlen, &ops);
- crypto_morus1280_store(tag_out.bytes, &tag);
-
- scatterwalk_map_and_copy(tag_out.bytes, req->dst,
- req->assoclen + cryptlen, authsize, 1);
- return 0;
-}
-
-static int crypto_morus1280_decrypt(struct aead_request *req)
-{
- static const struct morus1280_ops ops = {
- .skcipher_walk_init = skcipher_walk_aead_decrypt,
- .crypt_chunk = crypto_morus1280_decrypt_chunk,
- };
- static const u8 zeros[MORUS1280_BLOCK_SIZE] = {};
-
- struct crypto_aead *tfm = crypto_aead_reqtfm(req);
- union morus1280_block_in tag_in;
- struct morus1280_block tag;
- unsigned int authsize = crypto_aead_authsize(tfm);
- unsigned int cryptlen = req->cryptlen - authsize;
-
- scatterwalk_map_and_copy(tag_in.bytes, req->src,
- req->assoclen + cryptlen, authsize, 0);
-
- crypto_morus1280_load(&tag, tag_in.bytes);
- crypto_morus1280_crypt(req, &tag, cryptlen, &ops);
- crypto_morus1280_store(tag_in.bytes, &tag);
-
- return crypto_memneq(tag_in.bytes, zeros, authsize) ? -EBADMSG : 0;
-}
-
-static int crypto_morus1280_init_tfm(struct crypto_aead *tfm)
-{
- return 0;
-}
-
-static void crypto_morus1280_exit_tfm(struct crypto_aead *tfm)
-{
-}
-
-static struct aead_alg crypto_morus1280_alg = {
- .setkey = crypto_morus1280_setkey,
- .setauthsize = crypto_morus1280_setauthsize,
- .encrypt = crypto_morus1280_encrypt,
- .decrypt = crypto_morus1280_decrypt,
- .init = crypto_morus1280_init_tfm,
- .exit = crypto_morus1280_exit_tfm,
-
- .ivsize = MORUS_NONCE_SIZE,
- .maxauthsize = MORUS_MAX_AUTH_SIZE,
- .chunksize = MORUS1280_BLOCK_SIZE,
-
- .base = {
- .cra_blocksize = 1,
- .cra_ctxsize = sizeof(struct morus1280_ctx),
- .cra_alignmask = 0,
-
- .cra_priority = 100,
-
- .cra_name = "morus1280",
- .cra_driver_name = "morus1280-generic",
-
- .cra_module = THIS_MODULE,
- }
-};
-
-
-static int __init crypto_morus1280_module_init(void)
-{
- return crypto_register_aead(&crypto_morus1280_alg);
-}
-
-static void __exit crypto_morus1280_module_exit(void)
-{
- crypto_unregister_aead(&crypto_morus1280_alg);
-}
-
-subsys_initcall(crypto_morus1280_module_init);
-module_exit(crypto_morus1280_module_exit);
-
-MODULE_LICENSE("GPL");
-MODULE_AUTHOR("Ondrej Mosnacek <omosnacek@gmail.com>");
-MODULE_DESCRIPTION("MORUS-1280 AEAD algorithm");
-MODULE_ALIAS_CRYPTO("morus1280");
-MODULE_ALIAS_CRYPTO("morus1280-generic");
diff --git a/crypto/morus640.c b/crypto/morus640.c
deleted file mode 100644
index ae5aa9482cb4..000000000000
--- a/crypto/morus640.c
+++ /dev/null
@@ -1,533 +0,0 @@
-// SPDX-License-Identifier: GPL-2.0-or-later
-/*
- * The MORUS-640 Authenticated-Encryption Algorithm
- *
- * Copyright (c) 2016-2018 Ondrej Mosnacek <omosnacek@gmail.com>
- * Copyright (C) 2017-2018 Red Hat, Inc. All rights reserved.
- */
-
-#include <asm/unaligned.h>
-#include <crypto/algapi.h>
-#include <crypto/internal/aead.h>
-#include <crypto/internal/skcipher.h>
-#include <crypto/morus_common.h>
-#include <crypto/scatterwalk.h>
-#include <linux/err.h>
-#include <linux/init.h>
-#include <linux/kernel.h>
-#include <linux/module.h>
-#include <linux/scatterlist.h>
-
-#define MORUS640_WORD_SIZE 4
-#define MORUS640_BLOCK_SIZE (MORUS_BLOCK_WORDS * MORUS640_WORD_SIZE)
-#define MORUS640_BLOCK_ALIGN (__alignof__(__le32))
-#define MORUS640_ALIGNED(p) IS_ALIGNED((uintptr_t)p, MORUS640_BLOCK_ALIGN)
-
-struct morus640_block {
- u32 words[MORUS_BLOCK_WORDS];
-};
-
-union morus640_block_in {
- __le32 words[MORUS_BLOCK_WORDS];
- u8 bytes[MORUS640_BLOCK_SIZE];
-};
-
-struct morus640_state {
- struct morus640_block s[MORUS_STATE_BLOCKS];
-};
-
-struct morus640_ctx {
- struct morus640_block key;
-};
-
-struct morus640_ops {
- int (*skcipher_walk_init)(struct skcipher_walk *walk,
- struct aead_request *req, bool atomic);
-
- void (*crypt_chunk)(struct morus640_state *state,
- u8 *dst, const u8 *src, unsigned int size);
-};
-
-static const struct morus640_block crypto_morus640_const[2] = {
- { .words = {
- U32_C(0x02010100),
- U32_C(0x0d080503),
- U32_C(0x59372215),
- U32_C(0x6279e990),
- } },
- { .words = {
- U32_C(0x55183ddb),
- U32_C(0xf12fc26d),
- U32_C(0x42311120),
- U32_C(0xdd28b573),
- } },
-};
-
-static void crypto_morus640_round(struct morus640_block *b0,
- struct morus640_block *b1,
- struct morus640_block *b2,
- struct morus640_block *b3,
- struct morus640_block *b4,
- const struct morus640_block *m,
- unsigned int b, unsigned int w)
-{
- unsigned int i;
- struct morus640_block tmp;
-
- for (i = 0; i < MORUS_BLOCK_WORDS; i++) {
- b0->words[i] ^= b1->words[i] & b2->words[i];
- b0->words[i] ^= b3->words[i];
- b0->words[i] ^= m->words[i];
- b0->words[i] = rol32(b0->words[i], b);
- }
-
- tmp = *b3;
- for (i = 0; i < MORUS_BLOCK_WORDS; i++)
- b3->words[(i + w) % MORUS_BLOCK_WORDS] = tmp.words[i];
-}
-
-static void crypto_morus640_update(struct morus640_state *state,
- const struct morus640_block *m)
-{
- static const struct morus640_block z = {};
-
- struct morus640_block *s = state->s;
-
- crypto_morus640_round(&s[0], &s[1], &s[2], &s[3], &s[4], &z, 5, 1);
- crypto_morus640_round(&s[1], &s[2], &s[3], &s[4], &s[0], m, 31, 2);
- crypto_morus640_round(&s[2], &s[3], &s[4], &s[0], &s[1], m, 7, 3);
- crypto_morus640_round(&s[3], &s[4], &s[0], &s[1], &s[2], m, 22, 2);
- crypto_morus640_round(&s[4], &s[0], &s[1], &s[2], &s[3], m, 13, 1);
-}
-
-static void crypto_morus640_load_a(struct morus640_block *dst, const u8 *src)
-{
- unsigned int i;
- for (i = 0; i < MORUS_BLOCK_WORDS; i++) {
- dst->words[i] = le32_to_cpu(*(const __le32 *)src);
- src += MORUS640_WORD_SIZE;
- }
-}
-
-static void crypto_morus640_load_u(struct morus640_block *dst, const u8 *src)
-{
- unsigned int i;
- for (i = 0; i < MORUS_BLOCK_WORDS; i++) {
- dst->words[i] = get_unaligned_le32(src);
- src += MORUS640_WORD_SIZE;
- }
-}
-
-static void crypto_morus640_load(struct morus640_block *dst, const u8 *src)
-{
- if (MORUS640_ALIGNED(src))
- crypto_morus640_load_a(dst, src);
- else
- crypto_morus640_load_u(dst, src);
-}
-
-static void crypto_morus640_store_a(u8 *dst, const struct morus640_block *src)
-{
- unsigned int i;
- for (i = 0; i < MORUS_BLOCK_WORDS; i++) {
- *(__le32 *)dst = cpu_to_le32(src->words[i]);
- dst += MORUS640_WORD_SIZE;
- }
-}
-
-static void crypto_morus640_store_u(u8 *dst, const struct morus640_block *src)
-{
- unsigned int i;
- for (i = 0; i < MORUS_BLOCK_WORDS; i++) {
- put_unaligned_le32(src->words[i], dst);
- dst += MORUS640_WORD_SIZE;
- }
-}
-
-static void crypto_morus640_store(u8 *dst, const struct morus640_block *src)
-{
- if (MORUS640_ALIGNED(dst))
- crypto_morus640_store_a(dst, src);
- else
- crypto_morus640_store_u(dst, src);
-}
-
-static void crypto_morus640_ad(struct morus640_state *state, const u8 *src,
- unsigned int size)
-{
- struct morus640_block m;
-
- if (MORUS640_ALIGNED(src)) {
- while (size >= MORUS640_BLOCK_SIZE) {
- crypto_morus640_load_a(&m, src);
- crypto_morus640_update(state, &m);
-
- size -= MORUS640_BLOCK_SIZE;
- src += MORUS640_BLOCK_SIZE;
- }
- } else {
- while (size >= MORUS640_BLOCK_SIZE) {
- crypto_morus640_load_u(&m, src);
- crypto_morus640_update(state, &m);
-
- size -= MORUS640_BLOCK_SIZE;
- src += MORUS640_BLOCK_SIZE;
- }
- }
-}
-
-static void crypto_morus640_core(const struct morus640_state *state,
- struct morus640_block *blk)
-{
- unsigned int i;
-
- for (i = 0; i < MORUS_BLOCK_WORDS; i++)
- blk->words[(i + 3) % MORUS_BLOCK_WORDS] ^= state->s[1].words[i];
-
- for (i = 0; i < MORUS_BLOCK_WORDS; i++) {
- blk->words[i] ^= state->s[0].words[i];
- blk->words[i] ^= state->s[2].words[i] & state->s[3].words[i];
- }
-}
-
-static void crypto_morus640_encrypt_chunk(struct morus640_state *state, u8 *dst,
- const u8 *src, unsigned int size)
-{
- struct morus640_block c, m;
-
- if (MORUS640_ALIGNED(src) && MORUS640_ALIGNED(dst)) {
- while (size >= MORUS640_BLOCK_SIZE) {
- crypto_morus640_load_a(&m, src);
- c = m;
- crypto_morus640_core(state, &c);
- crypto_morus640_store_a(dst, &c);
- crypto_morus640_update(state, &m);
-
- src += MORUS640_BLOCK_SIZE;
- dst += MORUS640_BLOCK_SIZE;
- size -= MORUS640_BLOCK_SIZE;
- }
- } else {
- while (size >= MORUS640_BLOCK_SIZE) {
- crypto_morus640_load_u(&m, src);
- c = m;
- crypto_morus640_core(state, &c);
- crypto_morus640_store_u(dst, &c);
- crypto_morus640_update(state, &m);
-
- src += MORUS640_BLOCK_SIZE;
- dst += MORUS640_BLOCK_SIZE;
- size -= MORUS640_BLOCK_SIZE;
- }
- }
-
- if (size > 0) {
- union morus640_block_in tail;
-
- memcpy(tail.bytes, src, size);
- memset(tail.bytes + size, 0, MORUS640_BLOCK_SIZE - size);
-
- crypto_morus640_load_a(&m, tail.bytes);
- c = m;
- crypto_morus640_core(state, &c);
- crypto_morus640_store_a(tail.bytes, &c);
- crypto_morus640_update(state, &m);
-
- memcpy(dst, tail.bytes, size);
- }
-}
-
-static void crypto_morus640_decrypt_chunk(struct morus640_state *state, u8 *dst,
- const u8 *src, unsigned int size)
-{
- struct morus640_block m;
-
- if (MORUS640_ALIGNED(src) && MORUS640_ALIGNED(dst)) {
- while (size >= MORUS640_BLOCK_SIZE) {
- crypto_morus640_load_a(&m, src);
- crypto_morus640_core(state, &m);
- crypto_morus640_store_a(dst, &m);
- crypto_morus640_update(state, &m);
-
- src += MORUS640_BLOCK_SIZE;
- dst += MORUS640_BLOCK_SIZE;
- size -= MORUS640_BLOCK_SIZE;
- }
- } else {
- while (size >= MORUS640_BLOCK_SIZE) {
- crypto_morus640_load_u(&m, src);
- crypto_morus640_core(state, &m);
- crypto_morus640_store_u(dst, &m);
- crypto_morus640_update(state, &m);
-
- src += MORUS640_BLOCK_SIZE;
- dst += MORUS640_BLOCK_SIZE;
- size -= MORUS640_BLOCK_SIZE;
- }
- }
-
- if (size > 0) {
- union morus640_block_in tail;
-
- memcpy(tail.bytes, src, size);
- memset(tail.bytes + size, 0, MORUS640_BLOCK_SIZE - size);
-
- crypto_morus640_load_a(&m, tail.bytes);
- crypto_morus640_core(state, &m);
- crypto_morus640_store_a(tail.bytes, &m);
- memset(tail.bytes + size, 0, MORUS640_BLOCK_SIZE - size);
- crypto_morus640_load_a(&m, tail.bytes);
- crypto_morus640_update(state, &m);
-
- memcpy(dst, tail.bytes, size);
- }
-}
-
-static void crypto_morus640_init(struct morus640_state *state,
- const struct morus640_block *key,
- const u8 *iv)
-{
- static const struct morus640_block z = {};
-
- unsigned int i;
-
- crypto_morus640_load(&state->s[0], iv);
- state->s[1] = *key;
- for (i = 0; i < MORUS_BLOCK_WORDS; i++)
- state->s[2].words[i] = U32_C(0xFFFFFFFF);
- state->s[3] = crypto_morus640_const[0];
- state->s[4] = crypto_morus640_const[1];
-
- for (i = 0; i < 16; i++)
- crypto_morus640_update(state, &z);
-
- for (i = 0; i < MORUS_BLOCK_WORDS; i++)
- state->s[1].words[i] ^= key->words[i];
-}
-
-static void crypto_morus640_process_ad(struct morus640_state *state,
- struct scatterlist *sg_src,
- unsigned int assoclen)
-{
- struct scatter_walk walk;
- struct morus640_block m;
- union morus640_block_in buf;
- unsigned int pos = 0;
-
- scatterwalk_start(&walk, sg_src);
- while (assoclen != 0) {
- unsigned int size = scatterwalk_clamp(&walk, assoclen);
- unsigned int left = size;
- void *mapped = scatterwalk_map(&walk);
- const u8 *src = (const u8 *)mapped;
-
- if (pos + size >= MORUS640_BLOCK_SIZE) {
- if (pos > 0) {
- unsigned int fill = MORUS640_BLOCK_SIZE - pos;
- memcpy(buf.bytes + pos, src, fill);
-
- crypto_morus640_load_a(&m, buf.bytes);
- crypto_morus640_update(state, &m);
-
- pos = 0;
- left -= fill;
- src += fill;
- }
-
- crypto_morus640_ad(state, src, left);
- src += left & ~(MORUS640_BLOCK_SIZE - 1);
- left &= MORUS640_BLOCK_SIZE - 1;
- }
-
- memcpy(buf.bytes + pos, src, left);
-
- pos += left;
- assoclen -= size;
- scatterwalk_unmap(mapped);
- scatterwalk_advance(&walk, size);
- scatterwalk_done(&walk, 0, assoclen);
- }
-
- if (pos > 0) {
- memset(buf.bytes + pos, 0, MORUS640_BLOCK_SIZE - pos);
-
- crypto_morus640_load_a(&m, buf.bytes);
- crypto_morus640_update(state, &m);
- }
-}
-
-static void crypto_morus640_process_crypt(struct morus640_state *state,
- struct aead_request *req,
- const struct morus640_ops *ops)
-{
- struct skcipher_walk walk;
-
- ops->skcipher_walk_init(&walk, req, false);
-
- while (walk.nbytes) {
- unsigned int nbytes = walk.nbytes;
-
- if (nbytes < walk.total)
- nbytes = round_down(nbytes, walk.stride);
-
- ops->crypt_chunk(state, walk.dst.virt.addr, walk.src.virt.addr,
- nbytes);
-
- skcipher_walk_done(&walk, walk.nbytes - nbytes);
- }
-}
-
-static void crypto_morus640_final(struct morus640_state *state,
- struct morus640_block *tag_xor,
- u64 assoclen, u64 cryptlen)
-{
- struct morus640_block tmp;
- unsigned int i;
-
- tmp.words[0] = lower_32_bits(assoclen * 8);
- tmp.words[1] = upper_32_bits(assoclen * 8);
- tmp.words[2] = lower_32_bits(cryptlen * 8);
- tmp.words[3] = upper_32_bits(cryptlen * 8);
-
- for (i = 0; i < MORUS_BLOCK_WORDS; i++)
- state->s[4].words[i] ^= state->s[0].words[i];
-
- for (i = 0; i < 10; i++)
- crypto_morus640_update(state, &tmp);
-
- crypto_morus640_core(state, tag_xor);
-}
-
-static int crypto_morus640_setkey(struct crypto_aead *aead, const u8 *key,
- unsigned int keylen)
-{
- struct morus640_ctx *ctx = crypto_aead_ctx(aead);
-
- if (keylen != MORUS640_BLOCK_SIZE) {
- crypto_aead_set_flags(aead, CRYPTO_TFM_RES_BAD_KEY_LEN);
- return -EINVAL;
- }
-
- crypto_morus640_load(&ctx->key, key);
- return 0;
-}
-
-static int crypto_morus640_setauthsize(struct crypto_aead *tfm,
- unsigned int authsize)
-{
- return (authsize <= MORUS_MAX_AUTH_SIZE) ? 0 : -EINVAL;
-}
-
-static void crypto_morus640_crypt(struct aead_request *req,
- struct morus640_block *tag_xor,
- unsigned int cryptlen,
- const struct morus640_ops *ops)
-{
- struct crypto_aead *tfm = crypto_aead_reqtfm(req);
- struct morus640_ctx *ctx = crypto_aead_ctx(tfm);
- struct morus640_state state;
-
- crypto_morus640_init(&state, &ctx->key, req->iv);
- crypto_morus640_process_ad(&state, req->src, req->assoclen);
- crypto_morus640_process_crypt(&state, req, ops);
- crypto_morus640_final(&state, tag_xor, req->assoclen, cryptlen);
-}
-
-static int crypto_morus640_encrypt(struct aead_request *req)
-{
- static const struct morus640_ops ops = {
- .skcipher_walk_init = skcipher_walk_aead_encrypt,
- .crypt_chunk = crypto_morus640_encrypt_chunk,
- };
-
- struct crypto_aead *tfm = crypto_aead_reqtfm(req);
- struct morus640_block tag = {};
- union morus640_block_in tag_out;
- unsigned int authsize = crypto_aead_authsize(tfm);
- unsigned int cryptlen = req->cryptlen;
-
- crypto_morus640_crypt(req, &tag, cryptlen, &ops);
- crypto_morus640_store(tag_out.bytes, &tag);
-
- scatterwalk_map_and_copy(tag_out.bytes, req->dst,
- req->assoclen + cryptlen, authsize, 1);
- return 0;
-}
-
-static int crypto_morus640_decrypt(struct aead_request *req)
-{
- static const struct morus640_ops ops = {
- .skcipher_walk_init = skcipher_walk_aead_decrypt,
- .crypt_chunk = crypto_morus640_decrypt_chunk,
- };
- static const u8 zeros[MORUS640_BLOCK_SIZE] = {};
-
- struct crypto_aead *tfm = crypto_aead_reqtfm(req);
- union morus640_block_in tag_in;
- struct morus640_block tag;
- unsigned int authsize = crypto_aead_authsize(tfm);
- unsigned int cryptlen = req->cryptlen - authsize;
-
- scatterwalk_map_and_copy(tag_in.bytes, req->src,
- req->assoclen + cryptlen, authsize, 0);
-
- crypto_morus640_load(&tag, tag_in.bytes);
- crypto_morus640_crypt(req, &tag, cryptlen, &ops);
- crypto_morus640_store(tag_in.bytes, &tag);
-
- return crypto_memneq(tag_in.bytes, zeros, authsize) ? -EBADMSG : 0;
-}
-
-static int crypto_morus640_init_tfm(struct crypto_aead *tfm)
-{
- return 0;
-}
-
-static void crypto_morus640_exit_tfm(struct crypto_aead *tfm)
-{
-}
-
-static struct aead_alg crypto_morus640_alg = {
- .setkey = crypto_morus640_setkey,
- .setauthsize = crypto_morus640_setauthsize,
- .encrypt = crypto_morus640_encrypt,
- .decrypt = crypto_morus640_decrypt,
- .init = crypto_morus640_init_tfm,
- .exit = crypto_morus640_exit_tfm,
-
- .ivsize = MORUS_NONCE_SIZE,
- .maxauthsize = MORUS_MAX_AUTH_SIZE,
- .chunksize = MORUS640_BLOCK_SIZE,
-
- .base = {
- .cra_blocksize = 1,
- .cra_ctxsize = sizeof(struct morus640_ctx),
- .cra_alignmask = 0,
-
- .cra_priority = 100,
-
- .cra_name = "morus640",
- .cra_driver_name = "morus640-generic",
-
- .cra_module = THIS_MODULE,
- }
-};
-
-static int __init crypto_morus640_module_init(void)
-{
- return crypto_register_aead(&crypto_morus640_alg);
-}
-
-static void __exit crypto_morus640_module_exit(void)
-{
- crypto_unregister_aead(&crypto_morus640_alg);
-}
-
-subsys_initcall(crypto_morus640_module_init);
-module_exit(crypto_morus640_module_exit);
-
-MODULE_LICENSE("GPL");
-MODULE_AUTHOR("Ondrej Mosnacek <omosnacek@gmail.com>");
-MODULE_DESCRIPTION("MORUS-640 AEAD algorithm");
-MODULE_ALIAS_CRYPTO("morus640");
-MODULE_ALIAS_CRYPTO("morus640-generic");
diff --git a/crypto/pcrypt.c b/crypto/pcrypt.c
index 0edf5b54fc77..543792e0ebf0 100644
--- a/crypto/pcrypt.c
+++ b/crypto/pcrypt.c
@@ -18,34 +18,8 @@
#include <linux/cpu.h>
#include <crypto/pcrypt.h>
-struct padata_pcrypt {
- struct padata_instance *pinst;
- struct workqueue_struct *wq;
-
- /*
- * Cpumask for callback CPUs. It should be
- * equal to serial cpumask of corresponding padata instance,
- * so it is updated when padata notifies us about serial
- * cpumask change.
- *
- * cb_cpumask is protected by RCU. This fact prevents us from
- * using cpumask_var_t directly because the actual type of
- * cpumsak_var_t depends on kernel configuration(particularly on
- * CONFIG_CPUMASK_OFFSTACK macro). Depending on the configuration
- * cpumask_var_t may be either a pointer to the struct cpumask
- * or a variable allocated on the stack. Thus we can not safely use
- * cpumask_var_t with RCU operations such as rcu_assign_pointer or
- * rcu_dereference. So cpumask_var_t is wrapped with struct
- * pcrypt_cpumask which makes possible to use it with RCU.
- */
- struct pcrypt_cpumask {
- cpumask_var_t mask;
- } *cb_cpumask;
- struct notifier_block nblock;
-};
-
-static struct padata_pcrypt pencrypt;
-static struct padata_pcrypt pdecrypt;
+static struct padata_instance *pencrypt;
+static struct padata_instance *pdecrypt;
static struct kset *pcrypt_kset;
struct pcrypt_instance_ctx {
@@ -58,35 +32,6 @@ struct pcrypt_aead_ctx {
unsigned int cb_cpu;
};
-static int pcrypt_do_parallel(struct padata_priv *padata, unsigned int *cb_cpu,
- struct padata_pcrypt *pcrypt)
-{
- unsigned int cpu_index, cpu, i;
- struct pcrypt_cpumask *cpumask;
-
- cpu = *cb_cpu;
-
- rcu_read_lock_bh();
- cpumask = rcu_dereference_bh(pcrypt->cb_cpumask);
- if (cpumask_test_cpu(cpu, cpumask->mask))
- goto out;
-
- if (!cpumask_weight(cpumask->mask))
- goto out;
-
- cpu_index = cpu % cpumask_weight(cpumask->mask);
-
- cpu = cpumask_first(cpumask->mask);
- for (i = 0; i < cpu_index; i++)
- cpu = cpumask_next(cpu, cpumask->mask);
-
- *cb_cpu = cpu;
-
-out:
- rcu_read_unlock_bh();
- return padata_do_parallel(pcrypt->pinst, padata, cpu);
-}
-
static int pcrypt_aead_setkey(struct crypto_aead *parent,
const u8 *key, unsigned int keylen)
{
@@ -158,7 +103,7 @@ static int pcrypt_aead_encrypt(struct aead_request *req)
req->cryptlen, req->iv);
aead_request_set_ad(creq, req->assoclen);
- err = pcrypt_do_parallel(padata, &ctx->cb_cpu, &pencrypt);
+ err = padata_do_parallel(pencrypt, padata, &ctx->cb_cpu);
if (!err)
return -EINPROGRESS;
@@ -200,7 +145,7 @@ static int pcrypt_aead_decrypt(struct aead_request *req)
req->cryptlen, req->iv);
aead_request_set_ad(creq, req->assoclen);
- err = pcrypt_do_parallel(padata, &ctx->cb_cpu, &pdecrypt);
+ err = padata_do_parallel(pdecrypt, padata, &ctx->cb_cpu);
if (!err)
return -EINPROGRESS;
@@ -347,36 +292,6 @@ static int pcrypt_create(struct crypto_template *tmpl, struct rtattr **tb)
return -EINVAL;
}
-static int pcrypt_cpumask_change_notify(struct notifier_block *self,
- unsigned long val, void *data)
-{
- struct padata_pcrypt *pcrypt;
- struct pcrypt_cpumask *new_mask, *old_mask;
- struct padata_cpumask *cpumask = (struct padata_cpumask *)data;
-
- if (!(val & PADATA_CPU_SERIAL))
- return 0;
-
- pcrypt = container_of(self, struct padata_pcrypt, nblock);
- new_mask = kmalloc(sizeof(*new_mask), GFP_KERNEL);
- if (!new_mask)
- return -ENOMEM;
- if (!alloc_cpumask_var(&new_mask->mask, GFP_KERNEL)) {
- kfree(new_mask);
- return -ENOMEM;
- }
-
- old_mask = pcrypt->cb_cpumask;
-
- cpumask_copy(new_mask->mask, cpumask->cbcpu);
- rcu_assign_pointer(pcrypt->cb_cpumask, new_mask);
- synchronize_rcu();
-
- free_cpumask_var(old_mask->mask);
- kfree(old_mask);
- return 0;
-}
-
static int pcrypt_sysfs_add(struct padata_instance *pinst, const char *name)
{
int ret;
@@ -389,71 +304,25 @@ static int pcrypt_sysfs_add(struct padata_instance *pinst, const char *name)
return ret;
}
-static int pcrypt_init_padata(struct padata_pcrypt *pcrypt,
- const char *name)
+static int pcrypt_init_padata(struct padata_instance **pinst, const char *name)
{
int ret = -ENOMEM;
- struct pcrypt_cpumask *mask;
- get_online_cpus();
-
- pcrypt->wq = alloc_workqueue("%s", WQ_MEM_RECLAIM | WQ_CPU_INTENSIVE,
- 1, name);
- if (!pcrypt->wq)
- goto err;
-
- pcrypt->pinst = padata_alloc_possible(pcrypt->wq);
- if (!pcrypt->pinst)
- goto err_destroy_workqueue;
-
- mask = kmalloc(sizeof(*mask), GFP_KERNEL);
- if (!mask)
- goto err_free_padata;
- if (!alloc_cpumask_var(&mask->mask, GFP_KERNEL)) {
- kfree(mask);
- goto err_free_padata;
- }
+ *pinst = padata_alloc_possible(name);
+ if (!*pinst)
+ return ret;
- cpumask_and(mask->mask, cpu_possible_mask, cpu_online_mask);
- rcu_assign_pointer(pcrypt->cb_cpumask, mask);
-
- pcrypt->nblock.notifier_call = pcrypt_cpumask_change_notify;
- ret = padata_register_cpumask_notifier(pcrypt->pinst, &pcrypt->nblock);
- if (ret)
- goto err_free_cpumask;
-
- ret = pcrypt_sysfs_add(pcrypt->pinst, name);
+ ret = pcrypt_sysfs_add(*pinst, name);
if (ret)
- goto err_unregister_notifier;
-
- put_online_cpus();
-
- return ret;
-
-err_unregister_notifier:
- padata_unregister_cpumask_notifier(pcrypt->pinst, &pcrypt->nblock);
-err_free_cpumask:
- free_cpumask_var(mask->mask);
- kfree(mask);
-err_free_padata:
- padata_free(pcrypt->pinst);
-err_destroy_workqueue:
- destroy_workqueue(pcrypt->wq);
-err:
- put_online_cpus();
+ padata_free(*pinst);
return ret;
}
-static void pcrypt_fini_padata(struct padata_pcrypt *pcrypt)
+static void pcrypt_fini_padata(struct padata_instance *pinst)
{
- free_cpumask_var(pcrypt->cb_cpumask->mask);
- kfree(pcrypt->cb_cpumask);
-
- padata_stop(pcrypt->pinst);
- padata_unregister_cpumask_notifier(pcrypt->pinst, &pcrypt->nblock);
- destroy_workqueue(pcrypt->wq);
- padata_free(pcrypt->pinst);
+ padata_stop(pinst);
+ padata_free(pinst);
}
static struct crypto_template pcrypt_tmpl = {
@@ -478,13 +347,13 @@ static int __init pcrypt_init(void)
if (err)
goto err_deinit_pencrypt;
- padata_start(pencrypt.pinst);
- padata_start(pdecrypt.pinst);
+ padata_start(pencrypt);
+ padata_start(pdecrypt);
return crypto_register_template(&pcrypt_tmpl);
err_deinit_pencrypt:
- pcrypt_fini_padata(&pencrypt);
+ pcrypt_fini_padata(pencrypt);
err_unreg_kset:
kset_unregister(pcrypt_kset);
err:
@@ -493,8 +362,8 @@ err:
static void __exit pcrypt_exit(void)
{
- pcrypt_fini_padata(&pencrypt);
- pcrypt_fini_padata(&pdecrypt);
+ pcrypt_fini_padata(pencrypt);
+ pcrypt_fini_padata(pdecrypt);
kset_unregister(pcrypt_kset);
crypto_unregister_template(&pcrypt_tmpl);
diff --git a/crypto/rmd128.c b/crypto/rmd128.c
index d6c031a9fd14..29308fb97e7e 100644
--- a/crypto/rmd128.c
+++ b/crypto/rmd128.c
@@ -298,6 +298,7 @@ static struct shash_alg alg = {
.descsize = sizeof(struct rmd128_ctx),
.base = {
.cra_name = "rmd128",
+ .cra_driver_name = "rmd128-generic",
.cra_blocksize = RMD128_BLOCK_SIZE,
.cra_module = THIS_MODULE,
}
diff --git a/crypto/rmd160.c b/crypto/rmd160.c
index f3add4d54a22..c5fe4034b153 100644
--- a/crypto/rmd160.c
+++ b/crypto/rmd160.c
@@ -342,6 +342,7 @@ static struct shash_alg alg = {
.descsize = sizeof(struct rmd160_ctx),
.base = {
.cra_name = "rmd160",
+ .cra_driver_name = "rmd160-generic",
.cra_blocksize = RMD160_BLOCK_SIZE,
.cra_module = THIS_MODULE,
}
diff --git a/crypto/rmd256.c b/crypto/rmd256.c
index 79ca3029848f..3c730e9de5fd 100644
--- a/crypto/rmd256.c
+++ b/crypto/rmd256.c
@@ -317,6 +317,7 @@ static struct shash_alg alg = {
.descsize = sizeof(struct rmd256_ctx),
.base = {
.cra_name = "rmd256",
+ .cra_driver_name = "rmd256-generic",
.cra_blocksize = RMD256_BLOCK_SIZE,
.cra_module = THIS_MODULE,
}
diff --git a/crypto/rmd320.c b/crypto/rmd320.c
index b2392ef7467b..c919ad6c4705 100644
--- a/crypto/rmd320.c
+++ b/crypto/rmd320.c
@@ -366,6 +366,7 @@ static struct shash_alg alg = {
.descsize = sizeof(struct rmd320_ctx),
.base = {
.cra_name = "rmd320",
+ .cra_driver_name = "rmd320-generic",
.cra_blocksize = RMD320_BLOCK_SIZE,
.cra_module = THIS_MODULE,
}
diff --git a/crypto/serpent_generic.c b/crypto/serpent_generic.c
index a9cc0b2aa0d6..56fa665a4f01 100644
--- a/crypto/serpent_generic.c
+++ b/crypto/serpent_generic.c
@@ -643,6 +643,7 @@ static struct crypto_alg srp_algs[2] = { {
.cia_decrypt = serpent_decrypt } }
}, {
.cra_name = "tnepres",
+ .cra_driver_name = "tnepres-generic",
.cra_flags = CRYPTO_ALG_TYPE_CIPHER,
.cra_blocksize = SERPENT_BLOCK_SIZE,
.cra_ctxsize = sizeof(struct serpent_ctx),
diff --git a/crypto/sha256_generic.c b/crypto/sha256_generic.c
index b7502a96a0d4..f2d7095d4f2d 100644
--- a/crypto/sha256_generic.c
+++ b/crypto/sha256_generic.c
@@ -1,11 +1,6 @@
// SPDX-License-Identifier: GPL-2.0-or-later
/*
- * Cryptographic API.
- *
- * SHA-256, as specified in
- * http://csrc.nist.gov/groups/STM/cavp/documents/shs/sha256-384-512.pdf
- *
- * SHA-256 code by Jean-Luc Cooke <jlcooke@certainkey.com>.
+ * Crypto API wrapper for the generic SHA256 code from lib/crypto/sha256.c
*
* Copyright (c) Jean-Luc Cooke <jlcooke@certainkey.com>
* Copyright (c) Andrew McDonald <andrew@mcdonald.org.uk>
@@ -38,229 +33,44 @@ const u8 sha256_zero_message_hash[SHA256_DIGEST_SIZE] = {
};
EXPORT_SYMBOL_GPL(sha256_zero_message_hash);
-static inline u32 Ch(u32 x, u32 y, u32 z)
-{
- return z ^ (x & (y ^ z));
-}
-
-static inline u32 Maj(u32 x, u32 y, u32 z)
+static int crypto_sha256_init(struct shash_desc *desc)
{
- return (x & y) | (z & (x | y));
+ return sha256_init(shash_desc_ctx(desc));
}
-#define e0(x) (ror32(x, 2) ^ ror32(x,13) ^ ror32(x,22))
-#define e1(x) (ror32(x, 6) ^ ror32(x,11) ^ ror32(x,25))
-#define s0(x) (ror32(x, 7) ^ ror32(x,18) ^ (x >> 3))
-#define s1(x) (ror32(x,17) ^ ror32(x,19) ^ (x >> 10))
-
-static inline void LOAD_OP(int I, u32 *W, const u8 *input)
+static int crypto_sha224_init(struct shash_desc *desc)
{
- W[I] = get_unaligned_be32((__u32 *)input + I);
-}
-
-static inline void BLEND_OP(int I, u32 *W)
-{
- W[I] = s1(W[I-2]) + W[I-7] + s0(W[I-15]) + W[I-16];
-}
-
-static void sha256_transform(u32 *state, const u8 *input)
-{
- u32 a, b, c, d, e, f, g, h, t1, t2;
- u32 W[64];
- int i;
-
- /* load the input */
- for (i = 0; i < 16; i++)
- LOAD_OP(i, W, input);
-
- /* now blend */
- for (i = 16; i < 64; i++)
- BLEND_OP(i, W);
-
- /* load the state into our registers */
- a=state[0]; b=state[1]; c=state[2]; d=state[3];
- e=state[4]; f=state[5]; g=state[6]; h=state[7];
-
- /* now iterate */
- t1 = h + e1(e) + Ch(e,f,g) + 0x428a2f98 + W[ 0];
- t2 = e0(a) + Maj(a,b,c); d+=t1; h=t1+t2;
- t1 = g + e1(d) + Ch(d,e,f) + 0x71374491 + W[ 1];
- t2 = e0(h) + Maj(h,a,b); c+=t1; g=t1+t2;
- t1 = f + e1(c) + Ch(c,d,e) + 0xb5c0fbcf + W[ 2];
- t2 = e0(g) + Maj(g,h,a); b+=t1; f=t1+t2;
- t1 = e + e1(b) + Ch(b,c,d) + 0xe9b5dba5 + W[ 3];
- t2 = e0(f) + Maj(f,g,h); a+=t1; e=t1+t2;
- t1 = d + e1(a) + Ch(a,b,c) + 0x3956c25b + W[ 4];
- t2 = e0(e) + Maj(e,f,g); h+=t1; d=t1+t2;
- t1 = c + e1(h) + Ch(h,a,b) + 0x59f111f1 + W[ 5];
- t2 = e0(d) + Maj(d,e,f); g+=t1; c=t1+t2;
- t1 = b + e1(g) + Ch(g,h,a) + 0x923f82a4 + W[ 6];
- t2 = e0(c) + Maj(c,d,e); f+=t1; b=t1+t2;
- t1 = a + e1(f) + Ch(f,g,h) + 0xab1c5ed5 + W[ 7];
- t2 = e0(b) + Maj(b,c,d); e+=t1; a=t1+t2;
-
- t1 = h + e1(e) + Ch(e,f,g) + 0xd807aa98 + W[ 8];
- t2 = e0(a) + Maj(a,b,c); d+=t1; h=t1+t2;
- t1 = g + e1(d) + Ch(d,e,f) + 0x12835b01 + W[ 9];
- t2 = e0(h) + Maj(h,a,b); c+=t1; g=t1+t2;
- t1 = f + e1(c) + Ch(c,d,e) + 0x243185be + W[10];
- t2 = e0(g) + Maj(g,h,a); b+=t1; f=t1+t2;
- t1 = e + e1(b) + Ch(b,c,d) + 0x550c7dc3 + W[11];
- t2 = e0(f) + Maj(f,g,h); a+=t1; e=t1+t2;
- t1 = d + e1(a) + Ch(a,b,c) + 0x72be5d74 + W[12];
- t2 = e0(e) + Maj(e,f,g); h+=t1; d=t1+t2;
- t1 = c + e1(h) + Ch(h,a,b) + 0x80deb1fe + W[13];
- t2 = e0(d) + Maj(d,e,f); g+=t1; c=t1+t2;
- t1 = b + e1(g) + Ch(g,h,a) + 0x9bdc06a7 + W[14];
- t2 = e0(c) + Maj(c,d,e); f+=t1; b=t1+t2;
- t1 = a + e1(f) + Ch(f,g,h) + 0xc19bf174 + W[15];
- t2 = e0(b) + Maj(b,c,d); e+=t1; a=t1+t2;
-
- t1 = h + e1(e) + Ch(e,f,g) + 0xe49b69c1 + W[16];
- t2 = e0(a) + Maj(a,b,c); d+=t1; h=t1+t2;
- t1 = g + e1(d) + Ch(d,e,f) + 0xefbe4786 + W[17];
- t2 = e0(h) + Maj(h,a,b); c+=t1; g=t1+t2;
- t1 = f + e1(c) + Ch(c,d,e) + 0x0fc19dc6 + W[18];
- t2 = e0(g) + Maj(g,h,a); b+=t1; f=t1+t2;
- t1 = e + e1(b) + Ch(b,c,d) + 0x240ca1cc + W[19];
- t2 = e0(f) + Maj(f,g,h); a+=t1; e=t1+t2;
- t1 = d + e1(a) + Ch(a,b,c) + 0x2de92c6f + W[20];
- t2 = e0(e) + Maj(e,f,g); h+=t1; d=t1+t2;
- t1 = c + e1(h) + Ch(h,a,b) + 0x4a7484aa + W[21];
- t2 = e0(d) + Maj(d,e,f); g+=t1; c=t1+t2;
- t1 = b + e1(g) + Ch(g,h,a) + 0x5cb0a9dc + W[22];
- t2 = e0(c) + Maj(c,d,e); f+=t1; b=t1+t2;
- t1 = a + e1(f) + Ch(f,g,h) + 0x76f988da + W[23];
- t2 = e0(b) + Maj(b,c,d); e+=t1; a=t1+t2;
-
- t1 = h + e1(e) + Ch(e,f,g) + 0x983e5152 + W[24];
- t2 = e0(a) + Maj(a,b,c); d+=t1; h=t1+t2;
- t1 = g + e1(d) + Ch(d,e,f) + 0xa831c66d + W[25];
- t2 = e0(h) + Maj(h,a,b); c+=t1; g=t1+t2;
- t1 = f + e1(c) + Ch(c,d,e) + 0xb00327c8 + W[26];
- t2 = e0(g) + Maj(g,h,a); b+=t1; f=t1+t2;
- t1 = e + e1(b) + Ch(b,c,d) + 0xbf597fc7 + W[27];
- t2 = e0(f) + Maj(f,g,h); a+=t1; e=t1+t2;
- t1 = d + e1(a) + Ch(a,b,c) + 0xc6e00bf3 + W[28];
- t2 = e0(e) + Maj(e,f,g); h+=t1; d=t1+t2;
- t1 = c + e1(h) + Ch(h,a,b) + 0xd5a79147 + W[29];
- t2 = e0(d) + Maj(d,e,f); g+=t1; c=t1+t2;
- t1 = b + e1(g) + Ch(g,h,a) + 0x06ca6351 + W[30];
- t2 = e0(c) + Maj(c,d,e); f+=t1; b=t1+t2;
- t1 = a + e1(f) + Ch(f,g,h) + 0x14292967 + W[31];
- t2 = e0(b) + Maj(b,c,d); e+=t1; a=t1+t2;
-
- t1 = h + e1(e) + Ch(e,f,g) + 0x27b70a85 + W[32];
- t2 = e0(a) + Maj(a,b,c); d+=t1; h=t1+t2;
- t1 = g + e1(d) + Ch(d,e,f) + 0x2e1b2138 + W[33];
- t2 = e0(h) + Maj(h,a,b); c+=t1; g=t1+t2;
- t1 = f + e1(c) + Ch(c,d,e) + 0x4d2c6dfc + W[34];
- t2 = e0(g) + Maj(g,h,a); b+=t1; f=t1+t2;
- t1 = e + e1(b) + Ch(b,c,d) + 0x53380d13 + W[35];
- t2 = e0(f) + Maj(f,g,h); a+=t1; e=t1+t2;
- t1 = d + e1(a) + Ch(a,b,c) + 0x650a7354 + W[36];
- t2 = e0(e) + Maj(e,f,g); h+=t1; d=t1+t2;
- t1 = c + e1(h) + Ch(h,a,b) + 0x766a0abb + W[37];
- t2 = e0(d) + Maj(d,e,f); g+=t1; c=t1+t2;
- t1 = b + e1(g) + Ch(g,h,a) + 0x81c2c92e + W[38];
- t2 = e0(c) + Maj(c,d,e); f+=t1; b=t1+t2;
- t1 = a + e1(f) + Ch(f,g,h) + 0x92722c85 + W[39];
- t2 = e0(b) + Maj(b,c,d); e+=t1; a=t1+t2;
-
- t1 = h + e1(e) + Ch(e,f,g) + 0xa2bfe8a1 + W[40];
- t2 = e0(a) + Maj(a,b,c); d+=t1; h=t1+t2;
- t1 = g + e1(d) + Ch(d,e,f) + 0xa81a664b + W[41];
- t2 = e0(h) + Maj(h,a,b); c+=t1; g=t1+t2;
- t1 = f + e1(c) + Ch(c,d,e) + 0xc24b8b70 + W[42];
- t2 = e0(g) + Maj(g,h,a); b+=t1; f=t1+t2;
- t1 = e + e1(b) + Ch(b,c,d) + 0xc76c51a3 + W[43];
- t2 = e0(f) + Maj(f,g,h); a+=t1; e=t1+t2;
- t1 = d + e1(a) + Ch(a,b,c) + 0xd192e819 + W[44];
- t2 = e0(e) + Maj(e,f,g); h+=t1; d=t1+t2;
- t1 = c + e1(h) + Ch(h,a,b) + 0xd6990624 + W[45];
- t2 = e0(d) + Maj(d,e,f); g+=t1; c=t1+t2;
- t1 = b + e1(g) + Ch(g,h,a) + 0xf40e3585 + W[46];
- t2 = e0(c) + Maj(c,d,e); f+=t1; b=t1+t2;
- t1 = a + e1(f) + Ch(f,g,h) + 0x106aa070 + W[47];
- t2 = e0(b) + Maj(b,c,d); e+=t1; a=t1+t2;
-
- t1 = h + e1(e) + Ch(e,f,g) + 0x19a4c116 + W[48];
- t2 = e0(a) + Maj(a,b,c); d+=t1; h=t1+t2;
- t1 = g + e1(d) + Ch(d,e,f) + 0x1e376c08 + W[49];
- t2 = e0(h) + Maj(h,a,b); c+=t1; g=t1+t2;
- t1 = f + e1(c) + Ch(c,d,e) + 0x2748774c + W[50];
- t2 = e0(g) + Maj(g,h,a); b+=t1; f=t1+t2;
- t1 = e + e1(b) + Ch(b,c,d) + 0x34b0bcb5 + W[51];
- t2 = e0(f) + Maj(f,g,h); a+=t1; e=t1+t2;
- t1 = d + e1(a) + Ch(a,b,c) + 0x391c0cb3 + W[52];
- t2 = e0(e) + Maj(e,f,g); h+=t1; d=t1+t2;
- t1 = c + e1(h) + Ch(h,a,b) + 0x4ed8aa4a + W[53];
- t2 = e0(d) + Maj(d,e,f); g+=t1; c=t1+t2;
- t1 = b + e1(g) + Ch(g,h,a) + 0x5b9cca4f + W[54];
- t2 = e0(c) + Maj(c,d,e); f+=t1; b=t1+t2;
- t1 = a + e1(f) + Ch(f,g,h) + 0x682e6ff3 + W[55];
- t2 = e0(b) + Maj(b,c,d); e+=t1; a=t1+t2;
-
- t1 = h + e1(e) + Ch(e,f,g) + 0x748f82ee + W[56];
- t2 = e0(a) + Maj(a,b,c); d+=t1; h=t1+t2;
- t1 = g + e1(d) + Ch(d,e,f) + 0x78a5636f + W[57];
- t2 = e0(h) + Maj(h,a,b); c+=t1; g=t1+t2;
- t1 = f + e1(c) + Ch(c,d,e) + 0x84c87814 + W[58];
- t2 = e0(g) + Maj(g,h,a); b+=t1; f=t1+t2;
- t1 = e + e1(b) + Ch(b,c,d) + 0x8cc70208 + W[59];
- t2 = e0(f) + Maj(f,g,h); a+=t1; e=t1+t2;
- t1 = d + e1(a) + Ch(a,b,c) + 0x90befffa + W[60];
- t2 = e0(e) + Maj(e,f,g); h+=t1; d=t1+t2;
- t1 = c + e1(h) + Ch(h,a,b) + 0xa4506ceb + W[61];
- t2 = e0(d) + Maj(d,e,f); g+=t1; c=t1+t2;
- t1 = b + e1(g) + Ch(g,h,a) + 0xbef9a3f7 + W[62];
- t2 = e0(c) + Maj(c,d,e); f+=t1; b=t1+t2;
- t1 = a + e1(f) + Ch(f,g,h) + 0xc67178f2 + W[63];
- t2 = e0(b) + Maj(b,c,d); e+=t1; a=t1+t2;
-
- state[0] += a; state[1] += b; state[2] += c; state[3] += d;
- state[4] += e; state[5] += f; state[6] += g; state[7] += h;
-
- /* clear any sensitive info... */
- a = b = c = d = e = f = g = h = t1 = t2 = 0;
- memzero_explicit(W, 64 * sizeof(u32));
-}
-
-static void sha256_generic_block_fn(struct sha256_state *sst, u8 const *src,
- int blocks)
-{
- while (blocks--) {
- sha256_transform(sst->state, src);
- src += SHA256_BLOCK_SIZE;
- }
+ return sha224_init(shash_desc_ctx(desc));
}
int crypto_sha256_update(struct shash_desc *desc, const u8 *data,
unsigned int len)
{
- return sha256_base_do_update(desc, data, len, sha256_generic_block_fn);
+ return sha256_update(shash_desc_ctx(desc), data, len);
}
EXPORT_SYMBOL(crypto_sha256_update);
-static int sha256_final(struct shash_desc *desc, u8 *out)
+static int crypto_sha256_final(struct shash_desc *desc, u8 *out)
{
- sha256_base_do_finalize(desc, sha256_generic_block_fn);
- return sha256_base_finish(desc, out);
+ if (crypto_shash_digestsize(desc->tfm) == SHA224_DIGEST_SIZE)
+ return sha224_final(shash_desc_ctx(desc), out);
+ else
+ return sha256_final(shash_desc_ctx(desc), out);
}
int crypto_sha256_finup(struct shash_desc *desc, const u8 *data,
unsigned int len, u8 *hash)
{
- sha256_base_do_update(desc, data, len, sha256_generic_block_fn);
- return sha256_final(desc, hash);
+ sha256_update(shash_desc_ctx(desc), data, len);
+ return crypto_sha256_final(desc, hash);
}
EXPORT_SYMBOL(crypto_sha256_finup);
static struct shash_alg sha256_algs[2] = { {
.digestsize = SHA256_DIGEST_SIZE,
- .init = sha256_base_init,
+ .init = crypto_sha256_init,
.update = crypto_sha256_update,
- .final = sha256_final,
+ .final = crypto_sha256_final,
.finup = crypto_sha256_finup,
.descsize = sizeof(struct sha256_state),
.base = {
@@ -272,9 +82,9 @@ static struct shash_alg sha256_algs[2] = { {
}
}, {
.digestsize = SHA224_DIGEST_SIZE,
- .init = sha224_base_init,
+ .init = crypto_sha224_init,
.update = crypto_sha256_update,
- .final = sha256_final,
+ .final = crypto_sha256_final,
.finup = crypto_sha256_finup,
.descsize = sizeof(struct sha256_state),
.base = {
diff --git a/crypto/skcipher.c b/crypto/skcipher.c
index df735148000f..22753c1c7202 100644
--- a/crypto/skcipher.c
+++ b/crypto/skcipher.c
@@ -90,7 +90,7 @@ static inline u8 *skcipher_get_spot(u8 *start, unsigned int len)
return max(start, end_page);
}
-static void skcipher_done_slow(struct skcipher_walk *walk, unsigned int bsize)
+static int skcipher_done_slow(struct skcipher_walk *walk, unsigned int bsize)
{
u8 *addr;
@@ -98,19 +98,21 @@ static void skcipher_done_slow(struct skcipher_walk *walk, unsigned int bsize)
addr = skcipher_get_spot(addr, bsize);
scatterwalk_copychunks(addr, &walk->out, bsize,
(walk->flags & SKCIPHER_WALK_PHYS) ? 2 : 1);
+ return 0;
}
int skcipher_walk_done(struct skcipher_walk *walk, int err)
{
- unsigned int n; /* bytes processed */
- bool more;
+ unsigned int n = walk->nbytes;
+ unsigned int nbytes = 0;
- if (unlikely(err < 0))
+ if (!n)
goto finish;
- n = walk->nbytes - err;
- walk->total -= n;
- more = (walk->total != 0);
+ if (likely(err >= 0)) {
+ n -= err;
+ nbytes = walk->total - n;
+ }
if (likely(!(walk->flags & (SKCIPHER_WALK_PHYS |
SKCIPHER_WALK_SLOW |
@@ -126,7 +128,7 @@ unmap_src:
memcpy(walk->dst.virt.addr, walk->page, n);
skcipher_unmap_dst(walk);
} else if (unlikely(walk->flags & SKCIPHER_WALK_SLOW)) {
- if (err) {
+ if (err > 0) {
/*
* Didn't process all bytes. Either the algorithm is
* broken, or this was the last step and it turned out
@@ -134,27 +136,29 @@ unmap_src:
* the algorithm requires it.
*/
err = -EINVAL;
- goto finish;
- }
- skcipher_done_slow(walk, n);
- goto already_advanced;
+ nbytes = 0;
+ } else
+ n = skcipher_done_slow(walk, n);
}
+ if (err > 0)
+ err = 0;
+
+ walk->total = nbytes;
+ walk->nbytes = 0;
+
scatterwalk_advance(&walk->in, n);
scatterwalk_advance(&walk->out, n);
-already_advanced:
- scatterwalk_done(&walk->in, 0, more);
- scatterwalk_done(&walk->out, 1, more);
+ scatterwalk_done(&walk->in, 0, nbytes);
+ scatterwalk_done(&walk->out, 1, nbytes);
- if (more) {
+ if (nbytes) {
crypto_yield(walk->flags & SKCIPHER_WALK_SLEEP ?
CRYPTO_TFM_REQ_MAY_SLEEP : 0);
return skcipher_walk_next(walk);
}
- err = 0;
-finish:
- walk->nbytes = 0;
+finish:
/* Short-circuit for the common/fast path. */
if (!((unsigned long)walk->buffer | (unsigned long)walk->page))
goto out;
@@ -837,6 +841,40 @@ static int skcipher_setkey(struct crypto_skcipher *tfm, const u8 *key,
return 0;
}
+int crypto_skcipher_encrypt(struct skcipher_request *req)
+{
+ struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req);
+ struct crypto_alg *alg = tfm->base.__crt_alg;
+ unsigned int cryptlen = req->cryptlen;
+ int ret;
+
+ crypto_stats_get(alg);
+ if (crypto_skcipher_get_flags(tfm) & CRYPTO_TFM_NEED_KEY)
+ ret = -ENOKEY;
+ else
+ ret = tfm->encrypt(req);
+ crypto_stats_skcipher_encrypt(cryptlen, ret, alg);
+ return ret;
+}
+EXPORT_SYMBOL_GPL(crypto_skcipher_encrypt);
+
+int crypto_skcipher_decrypt(struct skcipher_request *req)
+{
+ struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req);
+ struct crypto_alg *alg = tfm->base.__crt_alg;
+ unsigned int cryptlen = req->cryptlen;
+ int ret;
+
+ crypto_stats_get(alg);
+ if (crypto_skcipher_get_flags(tfm) & CRYPTO_TFM_NEED_KEY)
+ ret = -ENOKEY;
+ else
+ ret = tfm->decrypt(req);
+ crypto_stats_skcipher_decrypt(cryptlen, ret, alg);
+ return ret;
+}
+EXPORT_SYMBOL_GPL(crypto_skcipher_decrypt);
+
static void crypto_skcipher_exit_tfm(struct crypto_tfm *tfm)
{
struct crypto_skcipher *skcipher = __crypto_skcipher_cast(tfm);
diff --git a/crypto/streebog_generic.c b/crypto/streebog_generic.c
index 63663c3bab7e..dc625ffc54ad 100644
--- a/crypto/streebog_generic.c
+++ b/crypto/streebog_generic.c
@@ -148,52 +148,6 @@ static const struct streebog_uint512 C[12] = {
} }
};
-static const u8 Tau[64] = {
- 0, 8, 16, 24, 32, 40, 48, 56,
- 1, 9, 17, 25, 33, 41, 49, 57,
- 2, 10, 18, 26, 34, 42, 50, 58,
- 3, 11, 19, 27, 35, 43, 51, 59,
- 4, 12, 20, 28, 36, 44, 52, 60,
- 5, 13, 21, 29, 37, 45, 53, 61,
- 6, 14, 22, 30, 38, 46, 54, 62,
- 7, 15, 23, 31, 39, 47, 55, 63
-};
-
-static const u8 Pi[256] = {
- 252, 238, 221, 17, 207, 110, 49, 22,
- 251, 196, 250, 218, 35, 197, 4, 77,
- 233, 119, 240, 219, 147, 46, 153, 186,
- 23, 54, 241, 187, 20, 205, 95, 193,
- 249, 24, 101, 90, 226, 92, 239, 33,
- 129, 28, 60, 66, 139, 1, 142, 79,
- 5, 132, 2, 174, 227, 106, 143, 160,
- 6, 11, 237, 152, 127, 212, 211, 31,
- 235, 52, 44, 81, 234, 200, 72, 171,
- 242, 42, 104, 162, 253, 58, 206, 204,
- 181, 112, 14, 86, 8, 12, 118, 18,
- 191, 114, 19, 71, 156, 183, 93, 135,
- 21, 161, 150, 41, 16, 123, 154, 199,
- 243, 145, 120, 111, 157, 158, 178, 177,
- 50, 117, 25, 61, 255, 53, 138, 126,
- 109, 84, 198, 128, 195, 189, 13, 87,
- 223, 245, 36, 169, 62, 168, 67, 201,
- 215, 121, 214, 246, 124, 34, 185, 3,
- 224, 15, 236, 222, 122, 148, 176, 188,
- 220, 232, 40, 80, 78, 51, 10, 74,
- 167, 151, 96, 115, 30, 0, 98, 68,
- 26, 184, 56, 130, 100, 159, 38, 65,
- 173, 69, 70, 146, 39, 94, 85, 47,
- 140, 163, 165, 125, 105, 213, 149, 59,
- 7, 88, 179, 64, 134, 172, 29, 247,
- 48, 55, 107, 228, 136, 217, 231, 137,
- 225, 27, 131, 73, 76, 63, 248, 254,
- 141, 83, 170, 144, 202, 216, 133, 97,
- 32, 113, 103, 164, 45, 43, 9, 91,
- 203, 155, 37, 208, 190, 229, 108, 82,
- 89, 166, 116, 210, 230, 244, 180, 192,
- 209, 102, 175, 194, 57, 75, 99, 182
-};
-
static const unsigned long long Ax[8][256] = {
{
0xd01f715b5c7ef8e6ULL, 0x16fa240980778325ULL, 0xa8a42e857ee049c8ULL,
diff --git a/crypto/tcrypt.c b/crypto/tcrypt.c
index ad78ab5b93cb..83ad0b1fab30 100644
--- a/crypto/tcrypt.c
+++ b/crypto/tcrypt.c
@@ -2327,6 +2327,22 @@ static int do_test(const char *alg, u32 type, u32 mask, int m, u32 num_mb)
0, speed_template_32);
break;
+ case 220:
+ test_acipher_speed("essiv(cbc(aes),sha256)",
+ ENCRYPT, sec, NULL, 0,
+ speed_template_16_24_32);
+ test_acipher_speed("essiv(cbc(aes),sha256)",
+ DECRYPT, sec, NULL, 0,
+ speed_template_16_24_32);
+ break;
+
+ case 221:
+ test_aead_speed("aegis128", ENCRYPT, sec,
+ NULL, 0, 16, 8, speed_template_16);
+ test_aead_speed("aegis128", DECRYPT, sec,
+ NULL, 0, 16, 8, speed_template_16);
+ break;
+
case 300:
if (alg) {
test_hash_speed(alg, sec, generic_hash_speed_template);
diff --git a/crypto/tea.c b/crypto/tea.c
index 37a18a9be2f4..02efc5d81690 100644
--- a/crypto/tea.c
+++ b/crypto/tea.c
@@ -216,6 +216,7 @@ static void xeta_decrypt(struct crypto_tfm *tfm, u8 *dst, const u8 *src)
static struct crypto_alg tea_algs[3] = { {
.cra_name = "tea",
+ .cra_driver_name = "tea-generic",
.cra_flags = CRYPTO_ALG_TYPE_CIPHER,
.cra_blocksize = TEA_BLOCK_SIZE,
.cra_ctxsize = sizeof (struct tea_ctx),
@@ -229,6 +230,7 @@ static struct crypto_alg tea_algs[3] = { {
.cia_decrypt = tea_decrypt } }
}, {
.cra_name = "xtea",
+ .cra_driver_name = "xtea-generic",
.cra_flags = CRYPTO_ALG_TYPE_CIPHER,
.cra_blocksize = XTEA_BLOCK_SIZE,
.cra_ctxsize = sizeof (struct xtea_ctx),
@@ -242,6 +244,7 @@ static struct crypto_alg tea_algs[3] = { {
.cia_decrypt = xtea_decrypt } }
}, {
.cra_name = "xeta",
+ .cra_driver_name = "xeta-generic",
.cra_flags = CRYPTO_ALG_TYPE_CIPHER,
.cra_blocksize = XTEA_BLOCK_SIZE,
.cra_ctxsize = sizeof (struct xtea_ctx),
diff --git a/crypto/testmgr.c b/crypto/testmgr.c
index 292d28caf00f..c39e39e55dc2 100644
--- a/crypto/testmgr.c
+++ b/crypto/testmgr.c
@@ -1032,6 +1032,205 @@ static void crypto_reenable_simd_for_test(void)
}
#endif /* !CONFIG_CRYPTO_MANAGER_EXTRA_TESTS */
+static int build_hash_sglist(struct test_sglist *tsgl,
+ const struct hash_testvec *vec,
+ const struct testvec_config *cfg,
+ unsigned int alignmask,
+ const struct test_sg_division *divs[XBUFSIZE])
+{
+ struct kvec kv;
+ struct iov_iter input;
+
+ kv.iov_base = (void *)vec->plaintext;
+ kv.iov_len = vec->psize;
+ iov_iter_kvec(&input, WRITE, &kv, 1, vec->psize);
+ return build_test_sglist(tsgl, cfg->src_divs, alignmask, vec->psize,
+ &input, divs);
+}
+
+static int check_hash_result(const char *type,
+ const u8 *result, unsigned int digestsize,
+ const struct hash_testvec *vec,
+ const char *vec_name,
+ const char *driver,
+ const struct testvec_config *cfg)
+{
+ if (memcmp(result, vec->digest, digestsize) != 0) {
+ pr_err("alg: %s: %s test failed (wrong result) on test vector %s, cfg=\"%s\"\n",
+ type, driver, vec_name, cfg->name);
+ return -EINVAL;
+ }
+ if (!testmgr_is_poison(&result[digestsize], TESTMGR_POISON_LEN)) {
+ pr_err("alg: %s: %s overran result buffer on test vector %s, cfg=\"%s\"\n",
+ type, driver, vec_name, cfg->name);
+ return -EOVERFLOW;
+ }
+ return 0;
+}
+
+static inline int check_shash_op(const char *op, int err,
+ const char *driver, const char *vec_name,
+ const struct testvec_config *cfg)
+{
+ if (err)
+ pr_err("alg: shash: %s %s() failed with err %d on test vector %s, cfg=\"%s\"\n",
+ driver, op, err, vec_name, cfg->name);
+ return err;
+}
+
+static inline const void *sg_data(struct scatterlist *sg)
+{
+ return page_address(sg_page(sg)) + sg->offset;
+}
+
+/* Test one hash test vector in one configuration, using the shash API */
+static int test_shash_vec_cfg(const char *driver,
+ const struct hash_testvec *vec,
+ const char *vec_name,
+ const struct testvec_config *cfg,
+ struct shash_desc *desc,
+ struct test_sglist *tsgl,
+ u8 *hashstate)
+{
+ struct crypto_shash *tfm = desc->tfm;
+ const unsigned int alignmask = crypto_shash_alignmask(tfm);
+ const unsigned int digestsize = crypto_shash_digestsize(tfm);
+ const unsigned int statesize = crypto_shash_statesize(tfm);
+ const struct test_sg_division *divs[XBUFSIZE];
+ unsigned int i;
+ u8 result[HASH_MAX_DIGESTSIZE + TESTMGR_POISON_LEN];
+ int err;
+
+ /* Set the key, if specified */
+ if (vec->ksize) {
+ err = crypto_shash_setkey(tfm, vec->key, vec->ksize);
+ if (err) {
+ if (err == vec->setkey_error)
+ return 0;
+ pr_err("alg: shash: %s setkey failed on test vector %s; expected_error=%d, actual_error=%d, flags=%#x\n",
+ driver, vec_name, vec->setkey_error, err,
+ crypto_shash_get_flags(tfm));
+ return err;
+ }
+ if (vec->setkey_error) {
+ pr_err("alg: shash: %s setkey unexpectedly succeeded on test vector %s; expected_error=%d\n",
+ driver, vec_name, vec->setkey_error);
+ return -EINVAL;
+ }
+ }
+
+ /* Build the scatterlist for the source data */
+ err = build_hash_sglist(tsgl, vec, cfg, alignmask, divs);
+ if (err) {
+ pr_err("alg: shash: %s: error preparing scatterlist for test vector %s, cfg=\"%s\"\n",
+ driver, vec_name, cfg->name);
+ return err;
+ }
+
+ /* Do the actual hashing */
+
+ testmgr_poison(desc->__ctx, crypto_shash_descsize(tfm));
+ testmgr_poison(result, digestsize + TESTMGR_POISON_LEN);
+
+ if (cfg->finalization_type == FINALIZATION_TYPE_DIGEST ||
+ vec->digest_error) {
+ /* Just using digest() */
+ if (tsgl->nents != 1)
+ return 0;
+ if (cfg->nosimd)
+ crypto_disable_simd_for_test();
+ err = crypto_shash_digest(desc, sg_data(&tsgl->sgl[0]),
+ tsgl->sgl[0].length, result);
+ if (cfg->nosimd)
+ crypto_reenable_simd_for_test();
+ if (err) {
+ if (err == vec->digest_error)
+ return 0;
+ pr_err("alg: shash: %s digest() failed on test vector %s; expected_error=%d, actual_error=%d, cfg=\"%s\"\n",
+ driver, vec_name, vec->digest_error, err,
+ cfg->name);
+ return err;
+ }
+ if (vec->digest_error) {
+ pr_err("alg: shash: %s digest() unexpectedly succeeded on test vector %s; expected_error=%d, cfg=\"%s\"\n",
+ driver, vec_name, vec->digest_error, cfg->name);
+ return -EINVAL;
+ }
+ goto result_ready;
+ }
+
+ /* Using init(), zero or more update(), then final() or finup() */
+
+ if (cfg->nosimd)
+ crypto_disable_simd_for_test();
+ err = crypto_shash_init(desc);
+ if (cfg->nosimd)
+ crypto_reenable_simd_for_test();
+ err = check_shash_op("init", err, driver, vec_name, cfg);
+ if (err)
+ return err;
+
+ for (i = 0; i < tsgl->nents; i++) {
+ if (i + 1 == tsgl->nents &&
+ cfg->finalization_type == FINALIZATION_TYPE_FINUP) {
+ if (divs[i]->nosimd)
+ crypto_disable_simd_for_test();
+ err = crypto_shash_finup(desc, sg_data(&tsgl->sgl[i]),
+ tsgl->sgl[i].length, result);
+ if (divs[i]->nosimd)
+ crypto_reenable_simd_for_test();
+ err = check_shash_op("finup", err, driver, vec_name,
+ cfg);
+ if (err)
+ return err;
+ goto result_ready;
+ }
+ if (divs[i]->nosimd)
+ crypto_disable_simd_for_test();
+ err = crypto_shash_update(desc, sg_data(&tsgl->sgl[i]),
+ tsgl->sgl[i].length);
+ if (divs[i]->nosimd)
+ crypto_reenable_simd_for_test();
+ err = check_shash_op("update", err, driver, vec_name, cfg);
+ if (err)
+ return err;
+ if (divs[i]->flush_type == FLUSH_TYPE_REIMPORT) {
+ /* Test ->export() and ->import() */
+ testmgr_poison(hashstate + statesize,
+ TESTMGR_POISON_LEN);
+ err = crypto_shash_export(desc, hashstate);
+ err = check_shash_op("export", err, driver, vec_name,
+ cfg);
+ if (err)
+ return err;
+ if (!testmgr_is_poison(hashstate + statesize,
+ TESTMGR_POISON_LEN)) {
+ pr_err("alg: shash: %s export() overran state buffer on test vector %s, cfg=\"%s\"\n",
+ driver, vec_name, cfg->name);
+ return -EOVERFLOW;
+ }
+ testmgr_poison(desc->__ctx, crypto_shash_descsize(tfm));
+ err = crypto_shash_import(desc, hashstate);
+ err = check_shash_op("import", err, driver, vec_name,
+ cfg);
+ if (err)
+ return err;
+ }
+ }
+
+ if (cfg->nosimd)
+ crypto_disable_simd_for_test();
+ err = crypto_shash_final(desc, result);
+ if (cfg->nosimd)
+ crypto_reenable_simd_for_test();
+ err = check_shash_op("final", err, driver, vec_name, cfg);
+ if (err)
+ return err;
+result_ready:
+ return check_hash_result("shash", result, digestsize, vec, vec_name,
+ driver, cfg);
+}
+
static int do_ahash_op(int (*op)(struct ahash_request *req),
struct ahash_request *req,
struct crypto_wait *wait, bool nosimd)
@@ -1049,31 +1248,32 @@ static int do_ahash_op(int (*op)(struct ahash_request *req),
return crypto_wait_req(err, wait);
}
-static int check_nonfinal_hash_op(const char *op, int err,
- u8 *result, unsigned int digestsize,
- const char *driver, const char *vec_name,
- const struct testvec_config *cfg)
+static int check_nonfinal_ahash_op(const char *op, int err,
+ u8 *result, unsigned int digestsize,
+ const char *driver, const char *vec_name,
+ const struct testvec_config *cfg)
{
if (err) {
- pr_err("alg: hash: %s %s() failed with err %d on test vector %s, cfg=\"%s\"\n",
+ pr_err("alg: ahash: %s %s() failed with err %d on test vector %s, cfg=\"%s\"\n",
driver, op, err, vec_name, cfg->name);
return err;
}
if (!testmgr_is_poison(result, digestsize)) {
- pr_err("alg: hash: %s %s() used result buffer on test vector %s, cfg=\"%s\"\n",
+ pr_err("alg: ahash: %s %s() used result buffer on test vector %s, cfg=\"%s\"\n",
driver, op, vec_name, cfg->name);
return -EINVAL;
}
return 0;
}
-static int test_hash_vec_cfg(const char *driver,
- const struct hash_testvec *vec,
- const char *vec_name,
- const struct testvec_config *cfg,
- struct ahash_request *req,
- struct test_sglist *tsgl,
- u8 *hashstate)
+/* Test one hash test vector in one configuration, using the ahash API */
+static int test_ahash_vec_cfg(const char *driver,
+ const struct hash_testvec *vec,
+ const char *vec_name,
+ const struct testvec_config *cfg,
+ struct ahash_request *req,
+ struct test_sglist *tsgl,
+ u8 *hashstate)
{
struct crypto_ahash *tfm = crypto_ahash_reqtfm(req);
const unsigned int alignmask = crypto_ahash_alignmask(tfm);
@@ -1082,8 +1282,6 @@ static int test_hash_vec_cfg(const char *driver,
const u32 req_flags = CRYPTO_TFM_REQ_MAY_BACKLOG | cfg->req_flags;
const struct test_sg_division *divs[XBUFSIZE];
DECLARE_CRYPTO_WAIT(wait);
- struct kvec _input;
- struct iov_iter input;
unsigned int i;
struct scatterlist *pending_sgl;
unsigned int pending_len;
@@ -1096,26 +1294,22 @@ static int test_hash_vec_cfg(const char *driver,
if (err) {
if (err == vec->setkey_error)
return 0;
- pr_err("alg: hash: %s setkey failed on test vector %s; expected_error=%d, actual_error=%d, flags=%#x\n",
+ pr_err("alg: ahash: %s setkey failed on test vector %s; expected_error=%d, actual_error=%d, flags=%#x\n",
driver, vec_name, vec->setkey_error, err,
crypto_ahash_get_flags(tfm));
return err;
}
if (vec->setkey_error) {
- pr_err("alg: hash: %s setkey unexpectedly succeeded on test vector %s; expected_error=%d\n",
+ pr_err("alg: ahash: %s setkey unexpectedly succeeded on test vector %s; expected_error=%d\n",
driver, vec_name, vec->setkey_error);
return -EINVAL;
}
}
/* Build the scatterlist for the source data */
- _input.iov_base = (void *)vec->plaintext;
- _input.iov_len = vec->psize;
- iov_iter_kvec(&input, WRITE, &_input, 1, vec->psize);
- err = build_test_sglist(tsgl, cfg->src_divs, alignmask, vec->psize,
- &input, divs);
+ err = build_hash_sglist(tsgl, vec, cfg, alignmask, divs);
if (err) {
- pr_err("alg: hash: %s: error preparing scatterlist for test vector %s, cfg=\"%s\"\n",
+ pr_err("alg: ahash: %s: error preparing scatterlist for test vector %s, cfg=\"%s\"\n",
driver, vec_name, cfg->name);
return err;
}
@@ -1135,13 +1329,13 @@ static int test_hash_vec_cfg(const char *driver,
if (err) {
if (err == vec->digest_error)
return 0;
- pr_err("alg: hash: %s digest() failed on test vector %s; expected_error=%d, actual_error=%d, cfg=\"%s\"\n",
+ pr_err("alg: ahash: %s digest() failed on test vector %s; expected_error=%d, actual_error=%d, cfg=\"%s\"\n",
driver, vec_name, vec->digest_error, err,
cfg->name);
return err;
}
if (vec->digest_error) {
- pr_err("alg: hash: %s digest() unexpectedly succeeded on test vector %s; expected_error=%d, cfg=\"%s\"\n",
+ pr_err("alg: ahash: %s digest() unexpectedly succeeded on test vector %s; expected_error=%d, cfg=\"%s\"\n",
driver, vec_name, vec->digest_error, cfg->name);
return -EINVAL;
}
@@ -1153,8 +1347,8 @@ static int test_hash_vec_cfg(const char *driver,
ahash_request_set_callback(req, req_flags, crypto_req_done, &wait);
ahash_request_set_crypt(req, NULL, result, 0);
err = do_ahash_op(crypto_ahash_init, req, &wait, cfg->nosimd);
- err = check_nonfinal_hash_op("init", err, result, digestsize,
- driver, vec_name, cfg);
+ err = check_nonfinal_ahash_op("init", err, result, digestsize,
+ driver, vec_name, cfg);
if (err)
return err;
@@ -1170,9 +1364,9 @@ static int test_hash_vec_cfg(const char *driver,
pending_len);
err = do_ahash_op(crypto_ahash_update, req, &wait,
divs[i]->nosimd);
- err = check_nonfinal_hash_op("update", err,
- result, digestsize,
- driver, vec_name, cfg);
+ err = check_nonfinal_ahash_op("update", err,
+ result, digestsize,
+ driver, vec_name, cfg);
if (err)
return err;
pending_sgl = NULL;
@@ -1183,23 +1377,23 @@ static int test_hash_vec_cfg(const char *driver,
testmgr_poison(hashstate + statesize,
TESTMGR_POISON_LEN);
err = crypto_ahash_export(req, hashstate);
- err = check_nonfinal_hash_op("export", err,
- result, digestsize,
- driver, vec_name, cfg);
+ err = check_nonfinal_ahash_op("export", err,
+ result, digestsize,
+ driver, vec_name, cfg);
if (err)
return err;
if (!testmgr_is_poison(hashstate + statesize,
TESTMGR_POISON_LEN)) {
- pr_err("alg: hash: %s export() overran state buffer on test vector %s, cfg=\"%s\"\n",
+ pr_err("alg: ahash: %s export() overran state buffer on test vector %s, cfg=\"%s\"\n",
driver, vec_name, cfg->name);
return -EOVERFLOW;
}
testmgr_poison(req->__ctx, crypto_ahash_reqsize(tfm));
err = crypto_ahash_import(req, hashstate);
- err = check_nonfinal_hash_op("import", err,
- result, digestsize,
- driver, vec_name, cfg);
+ err = check_nonfinal_ahash_op("import", err,
+ result, digestsize,
+ driver, vec_name, cfg);
if (err)
return err;
}
@@ -1213,13 +1407,13 @@ static int test_hash_vec_cfg(const char *driver,
if (cfg->finalization_type == FINALIZATION_TYPE_FINAL) {
/* finish with update() and final() */
err = do_ahash_op(crypto_ahash_update, req, &wait, cfg->nosimd);
- err = check_nonfinal_hash_op("update", err, result, digestsize,
- driver, vec_name, cfg);
+ err = check_nonfinal_ahash_op("update", err, result, digestsize,
+ driver, vec_name, cfg);
if (err)
return err;
err = do_ahash_op(crypto_ahash_final, req, &wait, cfg->nosimd);
if (err) {
- pr_err("alg: hash: %s final() failed with err %d on test vector %s, cfg=\"%s\"\n",
+ pr_err("alg: ahash: %s final() failed with err %d on test vector %s, cfg=\"%s\"\n",
driver, err, vec_name, cfg->name);
return err;
}
@@ -1227,31 +1421,49 @@ static int test_hash_vec_cfg(const char *driver,
/* finish with finup() */
err = do_ahash_op(crypto_ahash_finup, req, &wait, cfg->nosimd);
if (err) {
- pr_err("alg: hash: %s finup() failed with err %d on test vector %s, cfg=\"%s\"\n",
+ pr_err("alg: ahash: %s finup() failed with err %d on test vector %s, cfg=\"%s\"\n",
driver, err, vec_name, cfg->name);
return err;
}
}
result_ready:
- /* Check that the algorithm produced the correct digest */
- if (memcmp(result, vec->digest, digestsize) != 0) {
- pr_err("alg: hash: %s test failed (wrong result) on test vector %s, cfg=\"%s\"\n",
- driver, vec_name, cfg->name);
- return -EINVAL;
- }
- if (!testmgr_is_poison(&result[digestsize], TESTMGR_POISON_LEN)) {
- pr_err("alg: hash: %s overran result buffer on test vector %s, cfg=\"%s\"\n",
- driver, vec_name, cfg->name);
- return -EOVERFLOW;
+ return check_hash_result("ahash", result, digestsize, vec, vec_name,
+ driver, cfg);
+}
+
+static int test_hash_vec_cfg(const char *driver,
+ const struct hash_testvec *vec,
+ const char *vec_name,
+ const struct testvec_config *cfg,
+ struct ahash_request *req,
+ struct shash_desc *desc,
+ struct test_sglist *tsgl,
+ u8 *hashstate)
+{
+ int err;
+
+ /*
+ * For algorithms implemented as "shash", most bugs will be detected by
+ * both the shash and ahash tests. Test the shash API first so that the
+ * failures involve less indirection, so are easier to debug.
+ */
+
+ if (desc) {
+ err = test_shash_vec_cfg(driver, vec, vec_name, cfg, desc, tsgl,
+ hashstate);
+ if (err)
+ return err;
}
- return 0;
+ return test_ahash_vec_cfg(driver, vec, vec_name, cfg, req, tsgl,
+ hashstate);
}
static int test_hash_vec(const char *driver, const struct hash_testvec *vec,
unsigned int vec_num, struct ahash_request *req,
- struct test_sglist *tsgl, u8 *hashstate)
+ struct shash_desc *desc, struct test_sglist *tsgl,
+ u8 *hashstate)
{
char vec_name[16];
unsigned int i;
@@ -1262,7 +1474,7 @@ static int test_hash_vec(const char *driver, const struct hash_testvec *vec,
for (i = 0; i < ARRAY_SIZE(default_hash_testvec_configs); i++) {
err = test_hash_vec_cfg(driver, vec, vec_name,
&default_hash_testvec_configs[i],
- req, tsgl, hashstate);
+ req, desc, tsgl, hashstate);
if (err)
return err;
}
@@ -1276,7 +1488,7 @@ static int test_hash_vec(const char *driver, const struct hash_testvec *vec,
generate_random_testvec_config(&cfg, cfgname,
sizeof(cfgname));
err = test_hash_vec_cfg(driver, vec, vec_name, &cfg,
- req, tsgl, hashstate);
+ req, desc, tsgl, hashstate);
if (err)
return err;
cond_resched();
@@ -1291,14 +1503,12 @@ static int test_hash_vec(const char *driver, const struct hash_testvec *vec,
* Generate a hash test vector from the given implementation.
* Assumes the buffers in 'vec' were already allocated.
*/
-static void generate_random_hash_testvec(struct crypto_shash *tfm,
+static void generate_random_hash_testvec(struct shash_desc *desc,
struct hash_testvec *vec,
unsigned int maxkeysize,
unsigned int maxdatasize,
char *name, size_t max_namelen)
{
- SHASH_DESC_ON_STACK(desc, tfm);
-
/* Data */
vec->psize = generate_random_length(maxdatasize);
generate_random_bytes((u8 *)vec->plaintext, vec->psize);
@@ -1315,7 +1525,7 @@ static void generate_random_hash_testvec(struct crypto_shash *tfm,
vec->ksize = 1 + (prandom_u32() % maxkeysize);
generate_random_bytes((u8 *)vec->key, vec->ksize);
- vec->setkey_error = crypto_shash_setkey(tfm, vec->key,
+ vec->setkey_error = crypto_shash_setkey(desc->tfm, vec->key,
vec->ksize);
/* If the key couldn't be set, no need to continue to digest. */
if (vec->setkey_error)
@@ -1323,7 +1533,6 @@ static void generate_random_hash_testvec(struct crypto_shash *tfm,
}
/* Digest */
- desc->tfm = tfm;
vec->digest_error = crypto_shash_digest(desc, vec->plaintext,
vec->psize, (u8 *)vec->digest);
done:
@@ -1339,6 +1548,7 @@ static int test_hash_vs_generic_impl(const char *driver,
const char *generic_driver,
unsigned int maxkeysize,
struct ahash_request *req,
+ struct shash_desc *desc,
struct test_sglist *tsgl,
u8 *hashstate)
{
@@ -1349,10 +1559,11 @@ static int test_hash_vs_generic_impl(const char *driver,
const char *algname = crypto_hash_alg_common(tfm)->base.cra_name;
char _generic_driver[CRYPTO_MAX_ALG_NAME];
struct crypto_shash *generic_tfm = NULL;
+ struct shash_desc *generic_desc = NULL;
unsigned int i;
struct hash_testvec vec = { 0 };
char vec_name[64];
- struct testvec_config cfg;
+ struct testvec_config *cfg;
char cfgname[TESTVEC_CONFIG_NAMELEN];
int err;
@@ -1382,6 +1593,20 @@ static int test_hash_vs_generic_impl(const char *driver,
return err;
}
+ cfg = kzalloc(sizeof(*cfg), GFP_KERNEL);
+ if (!cfg) {
+ err = -ENOMEM;
+ goto out;
+ }
+
+ generic_desc = kzalloc(sizeof(*desc) +
+ crypto_shash_descsize(generic_tfm), GFP_KERNEL);
+ if (!generic_desc) {
+ err = -ENOMEM;
+ goto out;
+ }
+ generic_desc->tfm = generic_tfm;
+
/* Check the algorithm properties for consistency. */
if (digestsize != crypto_shash_digestsize(generic_tfm)) {
@@ -1413,23 +1638,25 @@ static int test_hash_vs_generic_impl(const char *driver,
}
for (i = 0; i < fuzz_iterations * 8; i++) {
- generate_random_hash_testvec(generic_tfm, &vec,
+ generate_random_hash_testvec(generic_desc, &vec,
maxkeysize, maxdatasize,
vec_name, sizeof(vec_name));
- generate_random_testvec_config(&cfg, cfgname, sizeof(cfgname));
+ generate_random_testvec_config(cfg, cfgname, sizeof(cfgname));
- err = test_hash_vec_cfg(driver, &vec, vec_name, &cfg,
- req, tsgl, hashstate);
+ err = test_hash_vec_cfg(driver, &vec, vec_name, cfg,
+ req, desc, tsgl, hashstate);
if (err)
goto out;
cond_resched();
}
err = 0;
out:
+ kfree(cfg);
kfree(vec.key);
kfree(vec.plaintext);
kfree(vec.digest);
crypto_free_shash(generic_tfm);
+ kzfree(generic_desc);
return err;
}
#else /* !CONFIG_CRYPTO_MANAGER_EXTRA_TESTS */
@@ -1437,6 +1664,7 @@ static int test_hash_vs_generic_impl(const char *driver,
const char *generic_driver,
unsigned int maxkeysize,
struct ahash_request *req,
+ struct shash_desc *desc,
struct test_sglist *tsgl,
u8 *hashstate)
{
@@ -1444,26 +1672,67 @@ static int test_hash_vs_generic_impl(const char *driver,
}
#endif /* !CONFIG_CRYPTO_MANAGER_EXTRA_TESTS */
+static int alloc_shash(const char *driver, u32 type, u32 mask,
+ struct crypto_shash **tfm_ret,
+ struct shash_desc **desc_ret)
+{
+ struct crypto_shash *tfm;
+ struct shash_desc *desc;
+
+ tfm = crypto_alloc_shash(driver, type, mask);
+ if (IS_ERR(tfm)) {
+ if (PTR_ERR(tfm) == -ENOENT) {
+ /*
+ * This algorithm is only available through the ahash
+ * API, not the shash API, so skip the shash tests.
+ */
+ return 0;
+ }
+ pr_err("alg: hash: failed to allocate shash transform for %s: %ld\n",
+ driver, PTR_ERR(tfm));
+ return PTR_ERR(tfm);
+ }
+
+ desc = kmalloc(sizeof(*desc) + crypto_shash_descsize(tfm), GFP_KERNEL);
+ if (!desc) {
+ crypto_free_shash(tfm);
+ return -ENOMEM;
+ }
+ desc->tfm = tfm;
+
+ *tfm_ret = tfm;
+ *desc_ret = desc;
+ return 0;
+}
+
static int __alg_test_hash(const struct hash_testvec *vecs,
unsigned int num_vecs, const char *driver,
u32 type, u32 mask,
const char *generic_driver, unsigned int maxkeysize)
{
- struct crypto_ahash *tfm;
+ struct crypto_ahash *atfm = NULL;
struct ahash_request *req = NULL;
+ struct crypto_shash *stfm = NULL;
+ struct shash_desc *desc = NULL;
struct test_sglist *tsgl = NULL;
u8 *hashstate = NULL;
+ unsigned int statesize;
unsigned int i;
int err;
- tfm = crypto_alloc_ahash(driver, type, mask);
- if (IS_ERR(tfm)) {
+ /*
+ * Always test the ahash API. This works regardless of whether the
+ * algorithm is implemented as ahash or shash.
+ */
+
+ atfm = crypto_alloc_ahash(driver, type, mask);
+ if (IS_ERR(atfm)) {
pr_err("alg: hash: failed to allocate transform for %s: %ld\n",
- driver, PTR_ERR(tfm));
- return PTR_ERR(tfm);
+ driver, PTR_ERR(atfm));
+ return PTR_ERR(atfm);
}
- req = ahash_request_alloc(tfm, GFP_KERNEL);
+ req = ahash_request_alloc(atfm, GFP_KERNEL);
if (!req) {
pr_err("alg: hash: failed to allocate request for %s\n",
driver);
@@ -1471,6 +1740,14 @@ static int __alg_test_hash(const struct hash_testvec *vecs,
goto out;
}
+ /*
+ * If available also test the shash API, to cover corner cases that may
+ * be missed by testing the ahash API only.
+ */
+ err = alloc_shash(driver, type, mask, &stfm, &desc);
+ if (err)
+ goto out;
+
tsgl = kmalloc(sizeof(*tsgl), GFP_KERNEL);
if (!tsgl || init_test_sglist(tsgl) != 0) {
pr_err("alg: hash: failed to allocate test buffers for %s\n",
@@ -1481,8 +1758,10 @@ static int __alg_test_hash(const struct hash_testvec *vecs,
goto out;
}
- hashstate = kmalloc(crypto_ahash_statesize(tfm) + TESTMGR_POISON_LEN,
- GFP_KERNEL);
+ statesize = crypto_ahash_statesize(atfm);
+ if (stfm)
+ statesize = max(statesize, crypto_shash_statesize(stfm));
+ hashstate = kmalloc(statesize + TESTMGR_POISON_LEN, GFP_KERNEL);
if (!hashstate) {
pr_err("alg: hash: failed to allocate hash state buffer for %s\n",
driver);
@@ -1491,21 +1770,24 @@ static int __alg_test_hash(const struct hash_testvec *vecs,
}
for (i = 0; i < num_vecs; i++) {
- err = test_hash_vec(driver, &vecs[i], i, req, tsgl, hashstate);
+ err = test_hash_vec(driver, &vecs[i], i, req, desc, tsgl,
+ hashstate);
if (err)
goto out;
cond_resched();
}
err = test_hash_vs_generic_impl(driver, generic_driver, maxkeysize, req,
- tsgl, hashstate);
+ desc, tsgl, hashstate);
out:
kfree(hashstate);
if (tsgl) {
destroy_test_sglist(tsgl);
kfree(tsgl);
}
+ kfree(desc);
+ crypto_free_shash(stfm);
ahash_request_free(req);
- crypto_free_ahash(tfm);
+ crypto_free_ahash(atfm);
return err;
}
@@ -1867,7 +2149,7 @@ static int test_aead_vs_generic_impl(const char *driver,
unsigned int i;
struct aead_testvec vec = { 0 };
char vec_name[64];
- struct testvec_config cfg;
+ struct testvec_config *cfg;
char cfgname[TESTVEC_CONFIG_NAMELEN];
int err;
@@ -1897,6 +2179,12 @@ static int test_aead_vs_generic_impl(const char *driver,
return err;
}
+ cfg = kzalloc(sizeof(*cfg), GFP_KERNEL);
+ if (!cfg) {
+ err = -ENOMEM;
+ goto out;
+ }
+
generic_req = aead_request_alloc(generic_tfm, GFP_KERNEL);
if (!generic_req) {
err = -ENOMEM;
@@ -1951,13 +2239,13 @@ static int test_aead_vs_generic_impl(const char *driver,
generate_random_aead_testvec(generic_req, &vec,
maxkeysize, maxdatasize,
vec_name, sizeof(vec_name));
- generate_random_testvec_config(&cfg, cfgname, sizeof(cfgname));
+ generate_random_testvec_config(cfg, cfgname, sizeof(cfgname));
- err = test_aead_vec_cfg(driver, ENCRYPT, &vec, vec_name, &cfg,
+ err = test_aead_vec_cfg(driver, ENCRYPT, &vec, vec_name, cfg,
req, tsgls);
if (err)
goto out;
- err = test_aead_vec_cfg(driver, DECRYPT, &vec, vec_name, &cfg,
+ err = test_aead_vec_cfg(driver, DECRYPT, &vec, vec_name, cfg,
req, tsgls);
if (err)
goto out;
@@ -1965,6 +2253,7 @@ static int test_aead_vs_generic_impl(const char *driver,
}
err = 0;
out:
+ kfree(cfg);
kfree(vec.key);
kfree(vec.iv);
kfree(vec.assoc);
@@ -2414,7 +2703,7 @@ static int test_skcipher_vs_generic_impl(const char *driver,
unsigned int i;
struct cipher_testvec vec = { 0 };
char vec_name[64];
- struct testvec_config cfg;
+ struct testvec_config *cfg;
char cfgname[TESTVEC_CONFIG_NAMELEN];
int err;
@@ -2448,6 +2737,12 @@ static int test_skcipher_vs_generic_impl(const char *driver,
return err;
}
+ cfg = kzalloc(sizeof(*cfg), GFP_KERNEL);
+ if (!cfg) {
+ err = -ENOMEM;
+ goto out;
+ }
+
generic_req = skcipher_request_alloc(generic_tfm, GFP_KERNEL);
if (!generic_req) {
err = -ENOMEM;
@@ -2495,20 +2790,21 @@ static int test_skcipher_vs_generic_impl(const char *driver,
for (i = 0; i < fuzz_iterations * 8; i++) {
generate_random_cipher_testvec(generic_req, &vec, maxdatasize,
vec_name, sizeof(vec_name));
- generate_random_testvec_config(&cfg, cfgname, sizeof(cfgname));
+ generate_random_testvec_config(cfg, cfgname, sizeof(cfgname));
err = test_skcipher_vec_cfg(driver, ENCRYPT, &vec, vec_name,
- &cfg, req, tsgls);
+ cfg, req, tsgls);
if (err)
goto out;
err = test_skcipher_vec_cfg(driver, DECRYPT, &vec, vec_name,
- &cfg, req, tsgls);
+ cfg, req, tsgls);
if (err)
goto out;
cond_resched();
}
err = 0;
out:
+ kfree(cfg);
kfree(vec.key);
kfree(vec.iv);
kfree(vec.ptext);
@@ -3591,18 +3887,6 @@ static const struct alg_test_desc alg_test_descs[] = {
.aead = __VECS(aegis128_tv_template)
}
}, {
- .alg = "aegis128l",
- .test = alg_test_aead,
- .suite = {
- .aead = __VECS(aegis128l_tv_template)
- }
- }, {
- .alg = "aegis256",
- .test = alg_test_aead,
- .suite = {
- .aead = __VECS(aegis256_tv_template)
- }
- }, {
.alg = "ansi_cprng",
.test = alg_test_cprng,
.suite = {
@@ -4131,6 +4415,7 @@ static const struct alg_test_desc alg_test_descs[] = {
}
}, {
.alg = "ecb(arc4)",
+ .generic_driver = "ecb(arc4)-generic",
.test = alg_test_skcipher,
.suite = {
.cipher = __VECS(arc4_tv_template)
@@ -4260,6 +4545,20 @@ static const struct alg_test_desc alg_test_descs[] = {
.akcipher = __VECS(ecrdsa_tv_template)
}
}, {
+ .alg = "essiv(authenc(hmac(sha256),cbc(aes)),sha256)",
+ .test = alg_test_aead,
+ .fips_allowed = 1,
+ .suite = {
+ .aead = __VECS(essiv_hmac_sha256_aes_cbc_tv_temp)
+ }
+ }, {
+ .alg = "essiv(cbc(aes),sha256)",
+ .test = alg_test_skcipher,
+ .fips_allowed = 1,
+ .suite = {
+ .cipher = __VECS(essiv_aes_cbc_tv_template)
+ }
+ }, {
.alg = "gcm(aes)",
.generic_driver = "gcm_base(ctr(aes-generic),ghash-generic)",
.test = alg_test_aead,
@@ -4444,6 +4743,16 @@ static const struct alg_test_desc alg_test_descs[] = {
}
}
}, {
+ .alg = "lzo-rle",
+ .test = alg_test_comp,
+ .fips_allowed = 1,
+ .suite = {
+ .comp = {
+ .comp = __VECS(lzorle_comp_tv_template),
+ .decomp = __VECS(lzorle_decomp_tv_template)
+ }
+ }
+ }, {
.alg = "md4",
.test = alg_test_hash,
.suite = {
@@ -4462,18 +4771,6 @@ static const struct alg_test_desc alg_test_descs[] = {
.hash = __VECS(michael_mic_tv_template)
}
}, {
- .alg = "morus1280",
- .test = alg_test_aead,
- .suite = {
- .aead = __VECS(morus1280_tv_template)
- }
- }, {
- .alg = "morus640",
- .test = alg_test_aead,
- .suite = {
- .aead = __VECS(morus640_tv_template)
- }
- }, {
.alg = "nhpoly1305",
.test = alg_test_hash,
.suite = {
@@ -4796,6 +5093,13 @@ static const struct alg_test_desc alg_test_descs[] = {
.test = alg_test_null,
.fips_allowed = 1,
}, {
+ .alg = "xxhash64",
+ .test = alg_test_hash,
+ .fips_allowed = 1,
+ .suite = {
+ .hash = __VECS(xxhash64_tv_template)
+ }
+ }, {
.alg = "zlib-deflate",
.test = alg_test_comp,
.fips_allowed = 1,
@@ -4936,9 +5240,11 @@ int alg_test(const char *driver, const char *alg, u32 type, u32 mask)
type, mask);
test_done:
- if (rc && (fips_enabled || panic_on_fail))
+ if (rc && (fips_enabled || panic_on_fail)) {
+ fips_fail_notify();
panic("alg: self-tests for %s (%s) failed in %s mode!\n",
driver, alg, fips_enabled ? "fips" : "panic_on_fail");
+ }
if (fips_enabled && !rc)
pr_info("alg: self-tests for %s (%s) passed\n", driver, alg);
diff --git a/crypto/testmgr.h b/crypto/testmgr.h
index 1fdae5993bc3..ef7d21f39d4a 100644
--- a/crypto/testmgr.h
+++ b/crypto/testmgr.h
@@ -38,7 +38,7 @@ struct hash_testvec {
const char *key;
const char *plaintext;
const char *digest;
- unsigned short psize;
+ unsigned int psize;
unsigned short ksize;
int setkey_error;
int digest_error;
@@ -69,7 +69,7 @@ struct cipher_testvec {
const char *ctext;
unsigned char wk; /* weak key flag */
unsigned short klen;
- unsigned short len;
+ unsigned int len;
bool fips_skip;
bool generates_iv;
int setkey_error;
@@ -105,9 +105,9 @@ struct aead_testvec {
unsigned char novrfy;
unsigned char wk;
unsigned char klen;
- unsigned short plen;
- unsigned short clen;
- unsigned short alen;
+ unsigned int plen;
+ unsigned int clen;
+ unsigned int alen;
int setkey_error;
int setauthsize_error;
int crypt_error;
@@ -19489,2697 +19489,6 @@ static const struct aead_testvec aegis128_tv_template[] = {
};
/*
- * AEGIS-128L test vectors - generated via reference implementation from
- * SUPERCOP (https://bench.cr.yp.to/supercop.html):
- *
- * https://bench.cr.yp.to/supercop/supercop-20170228.tar.xz
- * (see crypto_aead/aegis128l/)
- */
-static const struct aead_testvec aegis128l_tv_template[] = {
- {
- .key = "\x0f\xc9\x8e\x67\x44\x9e\xaa\x86"
- "\x20\x36\x2c\x24\xfe\xc9\x30\x81",
- .klen = 16,
- .iv = "\x1e\x92\x1c\xcf\x88\x3d\x54\x0d"
- "\x40\x6d\x59\x48\xfc\x92\x61\x03",
- .assoc = "",
- .alen = 0,
- .ptext = "",
- .plen = 0,
- .ctext = "\x30\x4f\xf3\xe9\xb1\xfa\x81\xa6"
- "\x20\x72\x78\xdd\x93\xc8\x57\xef",
- .clen = 16,
- }, {
- .key = "\x4b\xed\xc8\x07\x54\x1a\x52\xa2"
- "\xa1\x10\xde\xb5\xf8\xed\xf3\x87",
- .klen = 16,
- .iv = "\x5a\xb7\x56\x6e\x98\xb9\xfd\x29"
- "\xc1\x47\x0b\xda\xf6\xb6\x23\x09",
- .assoc = "",
- .alen = 0,
- .ptext = "\x79",
- .plen = 1,
- .ctext = "\xa9\x24\xa0\xb6\x2d\xdd\x29\xdb"
- "\x40\xb3\x71\xc5\x22\x58\x31\x77"
- "\x6d",
- .clen = 17,
- }, {
- .key = "\x88\x12\x01\xa6\x64\x96\xfb\xbe"
- "\x22\xea\x90\x47\xf2\x11\xb5\x8e",
- .klen = 16,
- .iv = "\x97\xdb\x90\x0e\xa8\x35\xa5\x45"
- "\x42\x21\xbd\x6b\xf0\xda\xe6\x0f",
- .assoc = "",
- .alen = 0,
- .ptext = "\xb5\x6e\xad\xdd\x30\x72\xfa\x53"
- "\x82\x8e\x16\xb4\xed\x6d\x47",
- .plen = 15,
- .ctext = "\xbb\x0a\x53\xc4\xaa\x7e\xa4\x03"
- "\x2b\xee\x62\x99\x7b\x98\x13\x1f"
- "\xe0\x76\x4c\x2e\x53\x99\x4f\xbe"
- "\xe1\xa8\x04\x7f\xe1\x71\xbe",
- .clen = 31,
- }, {
- .key = "\xc4\x37\x3b\x45\x74\x11\xa4\xda"
- "\xa2\xc5\x42\xd8\xec\x36\x78\x94",
- .klen = 16,
- .iv = "\xd3\x00\xc9\xad\xb8\xb0\x4e\x61"
- "\xc3\xfb\x6f\xfd\xea\xff\xa9\x15",
- .assoc = "",
- .alen = 0,
- .ptext = "\xf2\x92\xe6\x7d\x40\xee\xa3\x6f"
- "\x03\x68\xc8\x45\xe7\x91\x0a\x18",
- .plen = 16,
- .ctext = "\x66\xdf\x6e\x71\xc0\x6e\xa4\x4c"
- "\x9d\xb7\x8c\x9a\xdb\x1f\xd2\x2e"
- "\x23\xb6\xa4\xfb\xd3\x86\xdd\xbb"
- "\xde\x54\x9b\xf5\x92\x8b\x93\xc5",
- .clen = 32,
- }, {
- .key = "\x01\x5c\x75\xe5\x84\x8d\x4d\xf6"
- "\x23\x9f\xf4\x6a\xe6\x5a\x3b\x9a",
- .klen = 16,
- .iv = "\x10\x25\x03\x4c\xc8\x2c\xf7\x7d"
- "\x44\xd5\x21\x8e\xe4\x23\x6b\x1c",
- .assoc = "",
- .alen = 0,
- .ptext = "\x2e\xb7\x20\x1c\x50\x6a\x4b\x8b"
- "\x84\x42\x7a\xd7\xe1\xb5\xcd\x1f"
- "\xd3",
- .plen = 17,
- .ctext = "\x4f\xc3\x69\xb6\xd3\xa4\x64\x8b"
- "\x71\xc3\x8a\x91\x22\x4f\x1b\xd2"
- "\x33\x6d\x86\xbc\xf8\x2f\x06\xf9"
- "\x82\x64\xc7\x72\x00\x30\xfc\xf0"
- "\xf8",
- .clen = 33,
- }, {
- .key = "\x3d\x80\xae\x84\x94\x09\xf6\x12"
- "\xa4\x79\xa6\xfb\xe0\x7f\xfd\xa0",
- .klen = 16,
- .iv = "\x4c\x49\x3d\xec\xd8\xa8\xa0\x98"
- "\xc5\xb0\xd3\x1f\xde\x48\x2e\x22",
- .assoc = "",
- .alen = 0,
- .ptext = "\x6b\xdc\x5a\xbb\x60\xe5\xf4\xa6"
- "\x05\x1d\x2c\x68\xdb\xda\x8f\x25"
- "\xfe\x8d\x45\x19\x1e\xc0\x0b\x99"
- "\x88\x11\x39\x12\x1c\x3a\xbb",
- .plen = 31,
- .ctext = "\xe3\x93\x15\xae\x5f\x9d\x3c\xb5"
- "\xd6\x9d\xee\xee\xcf\xaa\xaf\xe1"
- "\x45\x10\x96\xe0\xbf\x55\x0f\x4c"
- "\x1a\xfd\xf4\xda\x4e\x10\xde\xc9"
- "\x0e\x6f\xc7\x3c\x49\x94\x41\xfc"
- "\x59\x28\x88\x3c\x79\x10\x6b",
- .clen = 47,
- }, {
- .key = "\x7a\xa5\xe8\x23\xa4\x84\x9e\x2d"
- "\x25\x53\x58\x8c\xda\xa3\xc0\xa6",
- .klen = 16,
- .iv = "\x89\x6e\x77\x8b\xe8\x23\x49\xb4"
- "\x45\x8a\x85\xb1\xd8\x6c\xf1\x28",
- .assoc = "",
- .alen = 0,
- .ptext = "\xa7\x00\x93\x5b\x70\x61\x9d\xc2"
- "\x86\xf7\xde\xfa\xd5\xfe\x52\x2b"
- "\x28\x50\x51\x9d\x24\x60\x8d\xb3"
- "\x49\x3e\x17\xea\xf6\x99\x5a\xdd",
- .plen = 32,
- .ctext = "\x1c\x8e\x22\x34\xfd\xab\xe6\x0d"
- "\x1c\x9f\x06\x54\x8b\x0b\xb4\x40"
- "\xde\x11\x59\x3e\xfd\x74\xf6\x42"
- "\x97\x17\xf7\x24\xb6\x7e\xc4\xc6"
- "\x06\xa3\x94\xda\x3d\x7f\x55\x0a"
- "\x92\x07\x2f\xa6\xf3\x6b\x2c\xfc",
- .clen = 48,
- }, {
- .key = "\xb6\xca\x22\xc3\xb4\x00\x47\x49"
- "\xa6\x2d\x0a\x1e\xd4\xc7\x83\xad",
- .klen = 16,
- .iv = "\xc5\x93\xb0\x2a\xf8\x9f\xf1\xd0"
- "\xc6\x64\x37\x42\xd2\x90\xb3\x2e",
- .assoc = "\xd5",
- .alen = 1,
- .ptext = "",
- .plen = 0,
- .ctext = "\xa0\x2a\xb4\x9a\x91\x00\x15\xb8"
- "\x0f\x9a\x15\x60\x0e\x9b\x13\x8f",
- .clen = 16,
- }, {
- .key = "\xf3\xee\x5c\x62\xc4\x7c\xf0\x65"
- "\x27\x08\xbd\xaf\xce\xec\x45\xb3",
- .klen = 16,
- .iv = "\x02\xb8\xea\xca\x09\x1b\x9a\xec"
- "\x47\x3e\xe9\xd4\xcc\xb5\x76\x34",
- .assoc = "\x11\x81\x78\x32\x4d\xb9\x44\x73"
- "\x68\x75\x16\xf8\xcb\x7e\xa7",
- .alen = 15,
- .ptext = "",
- .plen = 0,
- .ctext = "\x4c\x26\xad\x9c\x14\xfd\x9c\x8c"
- "\x84\xfb\x26\xfb\xd5\xca\x62\x39",
- .clen = 16,
- }, {
- .key = "\x2f\x13\x95\x01\xd5\xf7\x99\x81"
- "\xa8\xe2\x6f\x41\xc8\x10\x08\xb9",
- .klen = 16,
- .iv = "\x3f\xdc\x24\x69\x19\x96\x43\x08"
- "\xc8\x18\x9b\x65\xc6\xd9\x39\x3b",
- .assoc = "\x4e\xa5\xb2\xd1\x5d\x35\xed\x8f"
- "\xe8\x4f\xc8\x89\xc5\xa2\x69\xbc",
- .alen = 16,
- .ptext = "",
- .plen = 0,
- .ctext = "\x45\x85\x0e\x0f\xf4\xae\x96\xa1"
- "\x99\x4d\x6d\xb4\x67\x32\xb0\x3a",
- .clen = 16,
- }, {
- .key = "\x6c\x38\xcf\xa1\xe5\x73\x41\x9d"
- "\x29\xbc\x21\xd2\xc2\x35\xcb\xbf",
- .klen = 16,
- .iv = "\x7b\x01\x5d\x08\x29\x12\xec\x24"
- "\x49\xf3\x4d\xf7\xc0\xfe\xfb\x41",
- .assoc = "\x8a\xca\xec\x70\x6d\xb1\x96\xab"
- "\x69\x29\x7a\x1b\xbf\xc7\x2c\xc2"
- "\x07",
- .alen = 17,
- .ptext = "",
- .plen = 0,
- .ctext = "\x33\xb1\x42\x97\x8e\x16\x7b\x63"
- "\x06\xba\x5b\xcb\xae\x6d\x8b\x56",
- .clen = 16,
- }, {
- .key = "\xa8\x5c\x09\x40\xf5\xef\xea\xb8"
- "\xaa\x96\xd3\x64\xbc\x59\x8d\xc6",
- .klen = 16,
- .iv = "\xb8\x26\x97\xa8\x39\x8e\x94\x3f"
- "\xca\xcd\xff\x88\xba\x22\xbe\x47",
- .assoc = "\xc7\xef\x26\x10\x7d\x2c\x3f\xc6"
- "\xea\x03\x2c\xac\xb9\xeb\xef\xc9"
- "\x31\x6b\x08\x12\xfc\xd8\x37\x2d"
- "\xe0\x17\x3a\x2e\x83\x5c\x8f",
- .alen = 31,
- .ptext = "",
- .plen = 0,
- .ctext = "\xda\x44\x08\x8c\x2a\xa5\x07\x35"
- "\x0b\x54\x4e\x6d\xe3\xfd\xc4\x5f",
- .clen = 16,
- }, {
- .key = "\xe5\x81\x42\xdf\x05\x6a\x93\xd4"
- "\x2b\x70\x85\xf5\xb6\x7d\x50\xcc",
- .klen = 16,
- .iv = "\xf4\x4a\xd1\x47\x49\x09\x3d\x5b"
- "\x4b\xa7\xb1\x19\xb4\x46\x81\x4d",
- .assoc = "\x03\x14\x5f\xaf\x8d\xa8\xe7\xe2"
- "\x6b\xde\xde\x3e\xb3\x10\xb1\xcf"
- "\x5c\x2d\x14\x96\x01\x78\xb9\x47"
- "\xa1\x44\x19\x06\x5d\xbb\x2e\x2f",
- .alen = 32,
- .ptext = "",
- .plen = 0,
- .ctext = "\x1b\xb1\xf1\xa8\x9e\xc2\xb2\x88"
- "\x40\x7f\x7b\x19\x7a\x52\x8c\xf0",
- .clen = 16,
- }, {
- .key = "\x22\xa6\x7c\x7f\x15\xe6\x3c\xf0"
- "\xac\x4b\x37\x86\xb0\xa2\x13\xd2",
- .klen = 16,
- .iv = "\x31\x6f\x0b\xe6\x59\x85\xe6\x77"
- "\xcc\x81\x63\xab\xae\x6b\x43\x54",
- .assoc = "\x40",
- .alen = 1,
- .ptext = "\x4f",
- .plen = 1,
- .ctext = "\x6e\xc8\xfb\x15\x9d\x98\x49\xc9"
- "\xa0\x98\x09\x85\xbe\x56\x8e\x79"
- "\xf4",
- .clen = 17,
- }, {
- .key = "\x5e\xcb\xb6\x1e\x25\x62\xe4\x0c"
- "\x2d\x25\xe9\x18\xaa\xc6\xd5\xd8",
- .klen = 16,
- .iv = "\x6d\x94\x44\x86\x69\x00\x8f\x93"
- "\x4d\x5b\x15\x3c\xa8\x8f\x06\x5a",
- .assoc = "\x7c\x5d\xd3\xee\xad\x9f\x39\x1a"
- "\x6d\x92\x42\x61\xa7\x58\x37",
- .alen = 15,
- .ptext = "\x8b\x26\x61\x55\xf1\x3e\xe3\xa1"
- "\x8d\xc8\x6e\x85\xa5\x21\x67",
- .plen = 15,
- .ctext = "\x99\x2e\x84\x50\x64\x5c\xab\x29"
- "\x20\xba\xb9\x2f\x62\x3a\xce\x2a"
- "\x75\x25\x3b\xe3\x40\xe0\x1d\xfc"
- "\x20\x63\x0b\x49\x7e\x97\x08",
- .clen = 31,
- }, {
- .key = "\x9b\xef\xf0\xbd\x35\xdd\x8d\x28"
- "\xad\xff\x9b\xa9\xa4\xeb\x98\xdf",
- .klen = 16,
- .iv = "\xaa\xb8\x7e\x25\x79\x7c\x37\xaf"
- "\xce\x36\xc7\xce\xa2\xb4\xc9\x60",
- .assoc = "\xb9\x82\x0c\x8d\xbd\x1b\xe2\x36"
- "\xee\x6c\xf4\xf2\xa1\x7d\xf9\xe2",
- .alen = 16,
- .ptext = "\xc8\x4b\x9b\xf5\x01\xba\x8c\xbd"
- "\x0e\xa3\x21\x16\x9f\x46\x2a\x63",
- .plen = 16,
- .ctext = "\xd9\x8e\xfd\x50\x8f\x02\x9f\xee"
- "\x78\x08\x12\xec\x09\xaf\x53\x14"
- "\x90\x3e\x3d\x76\xad\x71\x21\x08"
- "\x77\xe5\x4b\x15\xc2\xe6\xbc\xdb",
- .clen = 32,
- }, {
- .key = "\xd7\x14\x29\x5d\x45\x59\x36\x44"
- "\x2e\xd9\x4d\x3b\x9e\x0f\x5b\xe5",
- .klen = 16,
- .iv = "\xe6\xdd\xb8\xc4\x89\xf8\xe0\xca"
- "\x4f\x10\x7a\x5f\x9c\xd8\x8b\x66",
- .assoc = "\xf5\xa6\x46\x2c\xce\x97\x8a\x51"
- "\x6f\x46\xa6\x83\x9b\xa1\xbc\xe8"
- "\x05",
- .alen = 17,
- .ptext = "\x05\x70\xd5\x94\x12\x36\x35\xd8"
- "\x8f\x7d\xd3\xa8\x99\x6a\xed\x69"
- "\xd0",
- .plen = 17,
- .ctext = "\xf3\xe7\x95\x86\xcf\x34\x95\x96"
- "\x17\xfe\x1b\xae\x1b\x31\xf2\x1a"
- "\xbd\xbc\xc9\x4e\x11\x29\x09\x5c"
- "\x05\xd3\xb4\x2e\x4a\x74\x59\x49"
- "\x7d",
- .clen = 33,
- }, {
- .key = "\x14\x39\x63\xfc\x56\xd5\xdf\x5f"
- "\xaf\xb3\xff\xcc\x98\x33\x1d\xeb",
- .klen = 16,
- .iv = "\x23\x02\xf1\x64\x9a\x73\x89\xe6"
- "\xd0\xea\x2c\xf1\x96\xfc\x4e\x6d",
- .assoc = "\x32\xcb\x80\xcc\xde\x12\x33\x6d"
- "\xf0\x20\x58\x15\x95\xc6\x7f\xee"
- "\x2f\xf9\x4e\x2c\x1b\x98\x43\xc7"
- "\x68\x28\x73\x40\x9f\x96\x4a",
- .alen = 31,
- .ptext = "\x41\x94\x0e\x33\x22\xb1\xdd\xf4"
- "\x10\x57\x85\x39\x93\x8f\xaf\x70"
- "\xfa\xa9\xd0\x4d\x5c\x40\x23\xcd"
- "\x98\x34\xab\x37\x56\xae\x32",
- .plen = 31,
- .ctext = "\x06\x96\xb2\xbf\x63\xf4\x1e\x24"
- "\x0d\x19\x15\x61\x65\x3b\x06\x26"
- "\x71\xe8\x7e\x16\xdb\x96\x01\x01"
- "\x52\xcd\x49\x5b\x07\x33\x4e\xe7"
- "\xaa\x91\xf5\xd5\xc6\xfe\x41\xb5"
- "\xed\x90\xce\xb9\xcd\xcc\xa1",
- .clen = 47,
- }, {
- .key = "\x50\x5d\x9d\x9b\x66\x50\x88\x7b"
- "\x30\x8e\xb1\x5e\x92\x58\xe0\xf1",
- .klen = 16,
- .iv = "\x5f\x27\x2b\x03\xaa\xef\x32\x02"
- "\x50\xc4\xde\x82\x90\x21\x11\x73",
- .assoc = "\x6e\xf0\xba\x6b\xee\x8e\xdc\x89"
- "\x71\xfb\x0a\xa6\x8f\xea\x41\xf4"
- "\x5a\xbb\x59\xb0\x20\x38\xc5\xe0"
- "\x29\x56\x52\x19\x79\xf5\xe9\x37",
- .alen = 32,
- .ptext = "\x7e\xb9\x48\xd3\x32\x2d\x86\x10"
- "\x91\x31\x37\xcb\x8d\xb3\x72\x76"
- "\x24\x6b\xdc\xd1\x61\xe0\xa5\xe7"
- "\x5a\x61\x8a\x0f\x30\x0d\xd1\xec",
- .plen = 32,
- .ctext = "\xf9\xd7\xee\x17\xfd\x24\xcd\xf1"
- "\xbc\x0f\x35\x97\x97\x0c\x4b\x18"
- "\xce\x58\xc8\x3b\xd4\x85\x93\x79"
- "\xcc\x9c\xea\xc1\x73\x13\x0b\x4c"
- "\xcc\x6f\x28\xf8\xa4\x4e\xb8\x56"
- "\x64\x4e\x47\xce\xb2\xb4\x92\xb4",
- .clen = 48,
- }, {
- .key = "\x8d\x82\xd6\x3b\x76\xcc\x30\x97"
- "\xb1\x68\x63\xef\x8c\x7c\xa3\xf7",
- .klen = 16,
- .iv = "\x9c\x4b\x65\xa2\xba\x6b\xdb\x1e"
- "\xd1\x9e\x90\x13\x8a\x45\xd3\x79",
- .assoc = "\xab\x14\xf3\x0a\xfe\x0a\x85\xa5"
- "\xf2\xd5\xbc\x38\x89\x0e\x04\xfb"
- "\x84\x7d\x65\x34\x25\xd8\x47\xfa"
- "\xeb\x83\x31\xf1\x54\x54\x89\x0d"
- "\x9d",
- .alen = 33,
- .ptext = "\xba\xde\x82\x72\x42\xa9\x2f\x2c"
- "\x12\x0b\xe9\x5c\x87\xd7\x35\x7c"
- "\x4f\x2e\xe8\x55\x66\x80\x27\x00"
- "\x1b\x8f\x68\xe7\x0a\x6c\x71\xc3"
- "\x21\x78\x55\x9d\x9c\x65\x7b\xcd"
- "\x0a\x34\x97\xff\x47\x37\xb0\x2a"
- "\x80\x0d\x19\x98\x33\xa9\x7a\xe3"
- "\x2e\x4c\xc6\xf3\x8c\x88\x42\x01"
- "\xbd",
- .plen = 65,
- .ctext = "\x58\xfa\x3a\x3d\xd9\x88\x63\xe8"
- "\xc5\x78\x50\x8b\x4a\xc9\xdf\x7f"
- "\x4b\xfa\xc8\x2e\x67\x43\xf3\x63"
- "\x42\x8e\x99\x5a\x9c\x0b\x84\x77"
- "\xbc\x46\x76\x48\x82\xc7\x57\x96"
- "\xe1\x65\xd1\xed\x1d\xdd\x80\x24"
- "\xa6\x4d\xa9\xf1\x53\x8b\x5e\x0e"
- "\x26\xb9\xcc\x37\xe5\x43\xe1\x5a"
- "\x8a\xd6\x8c\x5a\xe4\x95\xd1\x8d"
- "\xf7\x33\x64\xc1\xd3\xf2\xfc\x35"
- "\x01",
- .clen = 81,
- }, {
- .key = "\xc9\xa7\x10\xda\x86\x48\xd9\xb3"
- "\x32\x42\x15\x80\x85\xa1\x65\xfe",
- .klen = 16,
- .iv = "\xd8\x70\x9f\x42\xca\xe6\x83\x3a"
- "\x52\x79\x42\xa5\x84\x6a\x96\x7f",
- .assoc = "\xe8\x39\x2d\xaa\x0e\x85\x2d\xc1"
- "\x72\xaf\x6e\xc9\x82\x33\xc7\x01"
- "\xaf\x40\x70\xb8\x2a\x78\xc9\x14"
- "\xac\xb1\x10\xca\x2e\xb3\x28\xe4"
- "\xac\xfa\x58\x7f\xe5\x73\x09\x8c"
- "\x1d\x40\x87\x8c\xd9\x75\xc0\x55"
- "\xa2\xda\x07\xd1\xc2\xa9\xd1\xbb"
- "\x09\x4f\x77\x62\x88\x2d\xf2\x68"
- "\x54",
- .alen = 65,
- .ptext = "\xf7\x02\xbb\x11\x52\x24\xd8\x48"
- "\x93\xe6\x9b\xee\x81\xfc\xf7\x82"
- "\x79\xf0\xf3\xd9\x6c\x20\xa9\x1a"
- "\xdc\xbc\x47\xc0\xe4\xcb\x10\x99"
- "\x2f",
- .plen = 33,
- .ctext = "\x4c\xa9\xac\x71\xed\x10\xa6\x24"
- "\xb7\xa7\xdf\x8b\xf5\xc2\x41\xcb"
- "\x05\xc9\xd6\x97\xb6\x10\x7f\x17"
- "\xc2\xc0\x93\xcf\xe0\x94\xfd\x99"
- "\xf2\x62\x25\x28\x01\x23\x6f\x8b"
- "\x04\x52\xbc\xb0\x3e\x66\x52\x90"
- "\x9f",
- .clen = 49,
- }, {
- .key = "\x06\xcc\x4a\x79\x96\xc3\x82\xcf"
- "\xb3\x1c\xc7\x12\x7f\xc5\x28\x04",
- .klen = 16,
- .iv = "\x15\x95\xd8\xe1\xda\x62\x2c\x56"
- "\xd3\x53\xf4\x36\x7e\x8e\x59\x85",
- .assoc = "\x24\x5e\x67\x49\x1e\x01\xd6\xdd"
- "\xf3\x89\x20\x5b\x7c\x57\x89\x07",
- .alen = 16,
- .ptext = "\x33\x27\xf5\xb1\x62\xa0\x80\x63"
- "\x14\xc0\x4d\x7f\x7b\x20\xba\x89",
- .plen = 16,
- .ctext = "\x6d\xed\x04\x7a\x2f\x0c\x30\xa5"
- "\x96\xe6\x97\xe4\x10\xeb\x40\x95"
- "\xc5\x9a\xdf\x31\xd5\xa5\xa6\xec"
- "\x05\xa8\x31\x50\x11\x19\x44",
- .clen = 31,
- }, {
- .key = "\x42\xf0\x84\x19\xa6\x3f\x2b\xea"
- "\x34\xf6\x79\xa3\x79\xe9\xeb\x0a",
- .klen = 16,
- .iv = "\x51\xb9\x12\x80\xea\xde\xd5\x71"
- "\x54\x2d\xa6\xc8\x78\xb2\x1b\x8c",
- .assoc = "\x61\x83\xa0\xe8\x2e\x7d\x7f\xf8"
- "\x74\x63\xd2\xec\x76\x7c\x4c\x0d",
- .alen = 16,
- .ptext = "\x70\x4c\x2f\x50\x72\x1c\x29\x7f"
- "\x95\x9a\xff\x10\x75\x45\x7d\x8f",
- .plen = 16,
- .ctext = "\x30\x95\x7d\xea\xdc\x62\xc0\x88"
- "\xa1\xe3\x8d\x8c\xac\x04\x10\xa7"
- "\xfa\xfa\x07\xbd\xa0\xf0\x36\xeb"
- "\x21\x93\x2e\x31\x84\x83",
- .clen = 30,
- }, {
- .key = "\x7f\x15\xbd\xb8\xb6\xba\xd3\x06"
- "\xb5\xd1\x2b\x35\x73\x0e\xad\x10",
- .klen = 16,
- .iv = "\x8e\xde\x4c\x20\xfa\x59\x7e\x8d"
- "\xd5\x07\x58\x59\x72\xd7\xde\x92",
- .assoc = "\x9d\xa7\xda\x88\x3e\xf8\x28\x14"
- "\xf5\x3e\x85\x7d\x70\xa0\x0f\x13",
- .alen = 16,
- .ptext = "\xac\x70\x69\xef\x82\x97\xd2\x9b"
- "\x15\x74\xb1\xa2\x6f\x69\x3f\x95",
- .plen = 16,
- .ctext = "\x93\xcd\xee\xd4\xcb\x9d\x8d\x16"
- "\x63\x0d\x43\xd5\x49\xca\xa8\x85"
- "\x49\xc0\xae\x13\xbc\x26\x1d\x4b",
- .clen = 24,
- },
-};
-
-/*
- * AEGIS-256 test vectors - generated via reference implementation from
- * SUPERCOP (https://bench.cr.yp.to/supercop.html):
- *
- * https://bench.cr.yp.to/supercop/supercop-20170228.tar.xz
- * (see crypto_aead/aegis256/)
- */
-static const struct aead_testvec aegis256_tv_template[] = {
- {
- .key = "\x0f\xc9\x8e\x67\x44\x9e\xaa\x86"
- "\x20\x36\x2c\x24\xfe\xc9\x30\x81"
- "\xca\xb0\x82\x21\x41\xa8\xe0\x06"
- "\x30\x0b\x37\xf6\xb6\x17\xe7\xb5",
- .klen = 32,
- .iv = "\x1e\x92\x1c\xcf\x88\x3d\x54\x0d"
- "\x40\x6d\x59\x48\xfc\x92\x61\x03"
- "\x95\x61\x05\x42\x82\x50\xc0\x0c"
- "\x60\x16\x6f\xec\x6d\x2f\xcf\x6b",
- .assoc = "",
- .alen = 0,
- .ptext = "",
- .plen = 0,
- .ctext = "\xd5\x65\x3a\xa9\x03\x51\xd7\xaa"
- "\xfa\x4b\xd8\xa2\x41\x9b\xc1\xb2",
- .clen = 16,
- }, {
- .key = "\x4b\xed\xc8\x07\x54\x1a\x52\xa2"
- "\xa1\x10\xde\xb5\xf8\xed\xf3\x87"
- "\xf4\x72\x8e\xa5\x46\x48\x62\x20"
- "\xf1\x38\x16\xce\x90\x76\x87\x8c",
- .klen = 32,
- .iv = "\x5a\xb7\x56\x6e\x98\xb9\xfd\x29"
- "\xc1\x47\x0b\xda\xf6\xb6\x23\x09"
- "\xbf\x23\x11\xc6\x87\xf0\x42\x26"
- "\x22\x44\x4e\xc4\x47\x8e\x6e\x41",
- .assoc = "",
- .alen = 0,
- .ptext = "\x79",
- .plen = 1,
- .ctext = "\x84\xa2\x8f\xad\xdb\x8d\x2c\x16"
- "\x9e\x89\xd9\x06\xa6\xa8\x14\x29"
- "\x8b",
- .clen = 17,
- }, {
- .key = "\x88\x12\x01\xa6\x64\x96\xfb\xbe"
- "\x22\xea\x90\x47\xf2\x11\xb5\x8e"
- "\x1f\x35\x9a\x29\x4b\xe8\xe4\x39"
- "\xb3\x66\xf5\xa6\x6a\xd5\x26\x62",
- .klen = 32,
- .iv = "\x97\xdb\x90\x0e\xa8\x35\xa5\x45"
- "\x42\x21\xbd\x6b\xf0\xda\xe6\x0f"
- "\xe9\xe5\x1d\x4a\x8c\x90\xc4\x40"
- "\xe3\x71\x2d\x9c\x21\xed\x0e\x18",
- .assoc = "",
- .alen = 0,
- .ptext = "\xb5\x6e\xad\xdd\x30\x72\xfa\x53"
- "\x82\x8e\x16\xb4\xed\x6d\x47",
- .plen = 15,
- .ctext = "\x09\x94\x1f\xa6\x13\xc3\x74\x75"
- "\x17\xad\x8a\x0e\xd8\x66\x9a\x28"
- "\xd7\x30\x66\x09\x2a\xdc\xfa\x2a"
- "\x9f\x3b\xd7\xdd\x66\xd1\x2b",
- .clen = 31,
- }, {
- .key = "\xc4\x37\x3b\x45\x74\x11\xa4\xda"
- "\xa2\xc5\x42\xd8\xec\x36\x78\x94"
- "\x49\xf7\xa5\xad\x50\x88\x66\x53"
- "\x74\x94\xd4\x7f\x44\x34\xc5\x39",
- .klen = 32,
- .iv = "\xd3\x00\xc9\xad\xb8\xb0\x4e\x61"
- "\xc3\xfb\x6f\xfd\xea\xff\xa9\x15"
- "\x14\xa8\x28\xce\x92\x30\x46\x59"
- "\xa4\x9f\x0b\x75\xfb\x4c\xad\xee",
- .assoc = "",
- .alen = 0,
- .ptext = "\xf2\x92\xe6\x7d\x40\xee\xa3\x6f"
- "\x03\x68\xc8\x45\xe7\x91\x0a\x18",
- .plen = 16,
- .ctext = "\x8a\x46\xa2\x22\x8c\x03\xab\x6f"
- "\x54\x63\x4e\x7f\xc9\x8e\xfa\x70"
- "\x7b\xe5\x8d\x78\xbc\xe9\xb6\xa1"
- "\x29\x17\xc8\x3b\x52\xa4\x98\x72",
- .clen = 32,
- }, {
- .key = "\x01\x5c\x75\xe5\x84\x8d\x4d\xf6"
- "\x23\x9f\xf4\x6a\xe6\x5a\x3b\x9a"
- "\x74\xb9\xb1\x32\x55\x28\xe8\x6d"
- "\x35\xc1\xb3\x57\x1f\x93\x64\x0f",
- .klen = 32,
- .iv = "\x10\x25\x03\x4c\xc8\x2c\xf7\x7d"
- "\x44\xd5\x21\x8e\xe4\x23\x6b\x1c"
- "\x3e\x6a\x34\x53\x97\xd0\xc8\x73"
- "\x66\xcd\xea\x4d\xd5\xab\x4c\xc5",
- .assoc = "",
- .alen = 0,
- .ptext = "\x2e\xb7\x20\x1c\x50\x6a\x4b\x8b"
- "\x84\x42\x7a\xd7\xe1\xb5\xcd\x1f"
- "\xd3",
- .plen = 17,
- .ctext = "\x71\x6b\x37\x0b\x02\x61\x28\x12"
- "\x83\xab\x66\x90\x84\xc7\xd1\xc5"
- "\xb2\x7a\xb4\x7b\xb4\xfe\x02\xb2"
- "\xc0\x00\x39\x13\xb5\x51\x68\x44"
- "\xad",
- .clen = 33,
- }, {
- .key = "\x3d\x80\xae\x84\x94\x09\xf6\x12"
- "\xa4\x79\xa6\xfb\xe0\x7f\xfd\xa0"
- "\x9e\x7c\xbc\xb6\x5b\xc8\x6a\x86"
- "\xf7\xef\x91\x30\xf9\xf2\x04\xe6",
- .klen = 32,
- .iv = "\x4c\x49\x3d\xec\xd8\xa8\xa0\x98"
- "\xc5\xb0\xd3\x1f\xde\x48\x2e\x22"
- "\x69\x2c\x3f\xd7\x9c\x70\x4a\x8d"
- "\x27\xfa\xc9\x26\xaf\x0a\xeb\x9c",
- .assoc = "",
- .alen = 0,
- .ptext = "\x6b\xdc\x5a\xbb\x60\xe5\xf4\xa6"
- "\x05\x1d\x2c\x68\xdb\xda\x8f\x25"
- "\xfe\x8d\x45\x19\x1e\xc0\x0b\x99"
- "\x88\x11\x39\x12\x1c\x3a\xbb",
- .plen = 31,
- .ctext = "\xaf\xa4\x34\x0d\x59\xe6\x1c\x2f"
- "\x06\x3b\x52\x18\x49\x75\x1b\xf0"
- "\x53\x09\x72\x7b\x45\x79\xe0\xbe"
- "\x89\x85\x23\x15\xb8\x79\x07\x4c"
- "\x53\x7a\x15\x37\x0a\xee\xb7\xfb"
- "\xc4\x1f\x12\x27\xcf\x77\x90",
- .clen = 47,
- }, {
- .key = "\x7a\xa5\xe8\x23\xa4\x84\x9e\x2d"
- "\x25\x53\x58\x8c\xda\xa3\xc0\xa6"
- "\xc8\x3e\xc8\x3a\x60\x68\xec\xa0"
- "\xb8\x1c\x70\x08\xd3\x51\xa3\xbd",
- .klen = 32,
- .iv = "\x89\x6e\x77\x8b\xe8\x23\x49\xb4"
- "\x45\x8a\x85\xb1\xd8\x6c\xf1\x28"
- "\x93\xef\x4b\x5b\xa1\x10\xcc\xa6"
- "\xe8\x28\xa8\xfe\x89\x69\x8b\x72",
- .assoc = "",
- .alen = 0,
- .ptext = "\xa7\x00\x93\x5b\x70\x61\x9d\xc2"
- "\x86\xf7\xde\xfa\xd5\xfe\x52\x2b"
- "\x28\x50\x51\x9d\x24\x60\x8d\xb3"
- "\x49\x3e\x17\xea\xf6\x99\x5a\xdd",
- .plen = 32,
- .ctext = "\xe2\xc9\x0b\x33\x31\x02\xb3\xb4"
- "\x33\xfe\xeb\xa8\xb7\x9b\xb2\xd7"
- "\xeb\x0f\x05\x2b\xba\xb3\xca\xef"
- "\xf6\xd1\xb6\xc0\xb9\x9b\x85\xc5"
- "\xbf\x7a\x3e\xcc\x31\x76\x09\x80"
- "\x32\x5d\xbb\xe8\x38\x0e\x77\xd3",
- .clen = 48,
- }, {
- .key = "\xb6\xca\x22\xc3\xb4\x00\x47\x49"
- "\xa6\x2d\x0a\x1e\xd4\xc7\x83\xad"
- "\xf3\x00\xd4\xbf\x65\x08\x6e\xb9"
- "\x7a\x4a\x4f\xe0\xad\xb0\x42\x93",
- .klen = 32,
- .iv = "\xc5\x93\xb0\x2a\xf8\x9f\xf1\xd0"
- "\xc6\x64\x37\x42\xd2\x90\xb3\x2e"
- "\xbd\xb1\x57\xe0\xa6\xb0\x4e\xc0"
- "\xaa\x55\x87\xd6\x63\xc8\x2a\x49",
- .assoc = "\xd5",
- .alen = 1,
- .ptext = "",
- .plen = 0,
- .ctext = "\x96\x43\x30\xca\x6c\x4f\xd7\x12"
- "\xba\xd9\xb3\x18\x86\xdf\xc3\x52",
- .clen = 16,
- }, {
- .key = "\xf3\xee\x5c\x62\xc4\x7c\xf0\x65"
- "\x27\x08\xbd\xaf\xce\xec\x45\xb3"
- "\x1d\xc3\xdf\x43\x6a\xa8\xf0\xd3"
- "\x3b\x77\x2e\xb9\x87\x0f\xe1\x6a",
- .klen = 32,
- .iv = "\x02\xb8\xea\xca\x09\x1b\x9a\xec"
- "\x47\x3e\xe9\xd4\xcc\xb5\x76\x34"
- "\xe8\x73\x62\x64\xab\x50\xd0\xda"
- "\x6b\x83\x66\xaf\x3e\x27\xc9\x1f",
- .assoc = "\x11\x81\x78\x32\x4d\xb9\x44\x73"
- "\x68\x75\x16\xf8\xcb\x7e\xa7",
- .alen = 15,
- .ptext = "",
- .plen = 0,
- .ctext = "\x2f\xab\x45\xe2\xa7\x46\xc5\x83"
- "\x11\x9f\xb0\x74\xee\xc7\x03\xdd",
- .clen = 16,
- }, {
- .key = "\x2f\x13\x95\x01\xd5\xf7\x99\x81"
- "\xa8\xe2\x6f\x41\xc8\x10\x08\xb9"
- "\x47\x85\xeb\xc7\x6f\x48\x72\xed"
- "\xfc\xa5\x0d\x91\x61\x6e\x81\x40",
- .klen = 32,
- .iv = "\x3f\xdc\x24\x69\x19\x96\x43\x08"
- "\xc8\x18\x9b\x65\xc6\xd9\x39\x3b"
- "\x12\x35\x6e\xe8\xb0\xf0\x52\xf3"
- "\x2d\xb0\x45\x87\x18\x86\x68\xf6",
- .assoc = "\x4e\xa5\xb2\xd1\x5d\x35\xed\x8f"
- "\xe8\x4f\xc8\x89\xc5\xa2\x69\xbc",
- .alen = 16,
- .ptext = "",
- .plen = 0,
- .ctext = "\x16\x44\x73\x33\x5d\xf2\xb9\x04"
- "\x6b\x79\x98\xef\xdb\xd5\xc5\xf1",
- .clen = 16,
- }, {
- .key = "\x6c\x38\xcf\xa1\xe5\x73\x41\x9d"
- "\x29\xbc\x21\xd2\xc2\x35\xcb\xbf"
- "\x72\x47\xf6\x4b\x74\xe8\xf4\x06"
- "\xbe\xd3\xec\x6a\x3b\xcd\x20\x17",
- .klen = 32,
- .iv = "\x7b\x01\x5d\x08\x29\x12\xec\x24"
- "\x49\xf3\x4d\xf7\xc0\xfe\xfb\x41"
- "\x3c\xf8\x79\x6c\xb6\x90\xd4\x0d"
- "\xee\xde\x23\x60\xf2\xe5\x08\xcc",
- .assoc = "\x8a\xca\xec\x70\x6d\xb1\x96\xab"
- "\x69\x29\x7a\x1b\xbf\xc7\x2c\xc2"
- "\x07",
- .alen = 17,
- .ptext = "",
- .plen = 0,
- .ctext = "\xa4\x9b\xb8\x47\xc0\xed\x7a\x45"
- "\x98\x54\x8c\xed\x3d\x17\xf0\xdd",
- .clen = 16,
- }, {
- .key = "\xa8\x5c\x09\x40\xf5\xef\xea\xb8"
- "\xaa\x96\xd3\x64\xbc\x59\x8d\xc6"
- "\x9c\x0a\x02\xd0\x79\x88\x76\x20"
- "\x7f\x00\xca\x42\x15\x2c\xbf\xed",
- .klen = 32,
- .iv = "\xb8\x26\x97\xa8\x39\x8e\x94\x3f"
- "\xca\xcd\xff\x88\xba\x22\xbe\x47"
- "\x67\xba\x85\xf1\xbb\x30\x56\x26"
- "\xaf\x0b\x02\x38\xcc\x44\xa7\xa3",
- .assoc = "\xc7\xef\x26\x10\x7d\x2c\x3f\xc6"
- "\xea\x03\x2c\xac\xb9\xeb\xef\xc9"
- "\x31\x6b\x08\x12\xfc\xd8\x37\x2d"
- "\xe0\x17\x3a\x2e\x83\x5c\x8f",
- .alen = 31,
- .ptext = "",
- .plen = 0,
- .ctext = "\x20\x24\xe2\x33\x5c\x60\xc9\xf0"
- "\xa4\x96\x2f\x0d\x53\xc2\xf8\xfc",
- .clen = 16,
- }, {
- .key = "\xe5\x81\x42\xdf\x05\x6a\x93\xd4"
- "\x2b\x70\x85\xf5\xb6\x7d\x50\xcc"
- "\xc6\xcc\x0e\x54\x7f\x28\xf8\x3a"
- "\x40\x2e\xa9\x1a\xf0\x8b\x5e\xc4",
- .klen = 32,
- .iv = "\xf4\x4a\xd1\x47\x49\x09\x3d\x5b"
- "\x4b\xa7\xb1\x19\xb4\x46\x81\x4d"
- "\x91\x7c\x91\x75\xc0\xd0\xd8\x40"
- "\x71\x39\xe1\x10\xa6\xa3\x46\x7a",
- .assoc = "\x03\x14\x5f\xaf\x8d\xa8\xe7\xe2"
- "\x6b\xde\xde\x3e\xb3\x10\xb1\xcf"
- "\x5c\x2d\x14\x96\x01\x78\xb9\x47"
- "\xa1\x44\x19\x06\x5d\xbb\x2e\x2f",
- .alen = 32,
- .ptext = "",
- .plen = 0,
- .ctext = "\x6f\x4a\xb9\xe0\xff\x51\xa3\xf1"
- "\xd2\x64\x3e\x66\x6a\xb2\x03\xc0",
- .clen = 16,
- }, {
- .key = "\x22\xa6\x7c\x7f\x15\xe6\x3c\xf0"
- "\xac\x4b\x37\x86\xb0\xa2\x13\xd2"
- "\xf1\x8e\x19\xd8\x84\xc8\x7a\x53"
- "\x02\x5b\x88\xf3\xca\xea\xfe\x9b",
- .klen = 32,
- .iv = "\x31\x6f\x0b\xe6\x59\x85\xe6\x77"
- "\xcc\x81\x63\xab\xae\x6b\x43\x54"
- "\xbb\x3f\x9c\xf9\xc5\x70\x5a\x5a"
- "\x32\x67\xc0\xe9\x80\x02\xe5\x50",
- .assoc = "\x40",
- .alen = 1,
- .ptext = "\x4f",
- .plen = 1,
- .ctext = "\x2c\xfb\xad\x7e\xbe\xa0\x9a\x5b"
- "\x7a\x3f\x81\xf7\xfc\x1b\x79\x83"
- "\xc7",
- .clen = 17,
- }, {
- .key = "\x5e\xcb\xb6\x1e\x25\x62\xe4\x0c"
- "\x2d\x25\xe9\x18\xaa\xc6\xd5\xd8"
- "\x1b\x50\x25\x5d\x89\x68\xfc\x6d"
- "\xc3\x89\x67\xcb\xa4\x49\x9d\x71",
- .klen = 32,
- .iv = "\x6d\x94\x44\x86\x69\x00\x8f\x93"
- "\x4d\x5b\x15\x3c\xa8\x8f\x06\x5a"
- "\xe6\x01\xa8\x7e\xca\x10\xdc\x73"
- "\xf4\x94\x9f\xc1\x5a\x61\x85\x27",
- .assoc = "\x7c\x5d\xd3\xee\xad\x9f\x39\x1a"
- "\x6d\x92\x42\x61\xa7\x58\x37",
- .alen = 15,
- .ptext = "\x8b\x26\x61\x55\xf1\x3e\xe3\xa1"
- "\x8d\xc8\x6e\x85\xa5\x21\x67",
- .plen = 15,
- .ctext = "\x1f\x7f\xca\x3c\x2b\xe7\x27\xba"
- "\x7e\x98\x83\x02\x34\x23\xf7\x94"
- "\xde\x35\xe6\x1d\x14\x18\xe5\x38"
- "\x14\x80\x6a\xa7\x1b\xae\x1d",
- .clen = 31,
- }, {
- .key = "\x9b\xef\xf0\xbd\x35\xdd\x8d\x28"
- "\xad\xff\x9b\xa9\xa4\xeb\x98\xdf"
- "\x46\x13\x31\xe1\x8e\x08\x7e\x87"
- "\x85\xb6\x46\xa3\x7e\xa8\x3c\x48",
- .klen = 32,
- .iv = "\xaa\xb8\x7e\x25\x79\x7c\x37\xaf"
- "\xce\x36\xc7\xce\xa2\xb4\xc9\x60"
- "\x10\xc3\xb3\x02\xcf\xb0\x5e\x8d"
- "\xb5\xc2\x7e\x9a\x35\xc0\x24\xfd",
- .assoc = "\xb9\x82\x0c\x8d\xbd\x1b\xe2\x36"
- "\xee\x6c\xf4\xf2\xa1\x7d\xf9\xe2",
- .alen = 16,
- .ptext = "\xc8\x4b\x9b\xf5\x01\xba\x8c\xbd"
- "\x0e\xa3\x21\x16\x9f\x46\x2a\x63",
- .plen = 16,
- .ctext = "\x05\x86\x9e\xd7\x2b\xa3\x97\x01"
- "\xbe\x28\x98\x10\x6f\xe9\x61\x32"
- "\x96\xbb\xb1\x2e\x8f\x0c\x44\xb9"
- "\x46\x2d\x55\xe3\x42\x67\xf2\xaf",
- .clen = 32,
- }, {
- .key = "\xd7\x14\x29\x5d\x45\x59\x36\x44"
- "\x2e\xd9\x4d\x3b\x9e\x0f\x5b\xe5"
- "\x70\xd5\x3c\x65\x93\xa8\x00\xa0"
- "\x46\xe4\x25\x7c\x58\x08\xdb\x1e",
- .klen = 32,
- .iv = "\xe6\xdd\xb8\xc4\x89\xf8\xe0\xca"
- "\x4f\x10\x7a\x5f\x9c\xd8\x8b\x66"
- "\x3b\x86\xbf\x86\xd4\x50\xe0\xa7"
- "\x76\xef\x5c\x72\x0f\x1f\xc3\xd4",
- .assoc = "\xf5\xa6\x46\x2c\xce\x97\x8a\x51"
- "\x6f\x46\xa6\x83\x9b\xa1\xbc\xe8"
- "\x05",
- .alen = 17,
- .ptext = "\x05\x70\xd5\x94\x12\x36\x35\xd8"
- "\x8f\x7d\xd3\xa8\x99\x6a\xed\x69"
- "\xd0",
- .plen = 17,
- .ctext = "\x9c\xe0\x06\x7b\x86\xcf\x2e\xd8"
- "\x45\x65\x1b\x72\x9b\xaa\xa3\x1e"
- "\x87\x9d\x26\xdf\xff\x81\x11\xd2"
- "\x47\x41\xb9\x24\xc1\x8a\xa3\x8b"
- "\x55",
- .clen = 33,
- }, {
- .key = "\x14\x39\x63\xfc\x56\xd5\xdf\x5f"
- "\xaf\xb3\xff\xcc\x98\x33\x1d\xeb"
- "\x9a\x97\x48\xe9\x98\x48\x82\xba"
- "\x07\x11\x04\x54\x32\x67\x7b\xf5",
- .klen = 32,
- .iv = "\x23\x02\xf1\x64\x9a\x73\x89\xe6"
- "\xd0\xea\x2c\xf1\x96\xfc\x4e\x6d"
- "\x65\x48\xcb\x0a\xda\xf0\x62\xc0"
- "\x38\x1d\x3b\x4a\xe9\x7e\x62\xaa",
- .assoc = "\x32\xcb\x80\xcc\xde\x12\x33\x6d"
- "\xf0\x20\x58\x15\x95\xc6\x7f\xee"
- "\x2f\xf9\x4e\x2c\x1b\x98\x43\xc7"
- "\x68\x28\x73\x40\x9f\x96\x4a",
- .alen = 31,
- .ptext = "\x41\x94\x0e\x33\x22\xb1\xdd\xf4"
- "\x10\x57\x85\x39\x93\x8f\xaf\x70"
- "\xfa\xa9\xd0\x4d\x5c\x40\x23\xcd"
- "\x98\x34\xab\x37\x56\xae\x32",
- .plen = 31,
- .ctext = "\xa0\xc8\xde\x83\x0d\xc3\x4e\xd5"
- "\x69\x7f\x7a\xdd\x8c\x46\xda\xba"
- "\x0a\x5c\x0e\x7f\xac\xee\x02\xd2"
- "\xe5\x4b\x0a\xba\xb8\xa4\x7b\x66"
- "\xde\xae\xdb\xc2\xc0\x0b\xf7\x2b"
- "\xdf\xb8\xea\xd8\xa9\x38\xed",
- .clen = 47,
- }, {
- .key = "\x50\x5d\x9d\x9b\x66\x50\x88\x7b"
- "\x30\x8e\xb1\x5e\x92\x58\xe0\xf1"
- "\xc5\x5a\x53\x6e\x9d\xe8\x04\xd4"
- "\xc9\x3f\xe2\x2d\x0c\xc6\x1a\xcb",
- .klen = 32,
- .iv = "\x5f\x27\x2b\x03\xaa\xef\x32\x02"
- "\x50\xc4\xde\x82\x90\x21\x11\x73"
- "\x8f\x0a\xd6\x8f\xdf\x90\xe4\xda"
- "\xf9\x4a\x1a\x23\xc3\xdd\x02\x81",
- .assoc = "\x6e\xf0\xba\x6b\xee\x8e\xdc\x89"
- "\x71\xfb\x0a\xa6\x8f\xea\x41\xf4"
- "\x5a\xbb\x59\xb0\x20\x38\xc5\xe0"
- "\x29\x56\x52\x19\x79\xf5\xe9\x37",
- .alen = 32,
- .ptext = "\x7e\xb9\x48\xd3\x32\x2d\x86\x10"
- "\x91\x31\x37\xcb\x8d\xb3\x72\x76"
- "\x24\x6b\xdc\xd1\x61\xe0\xa5\xe7"
- "\x5a\x61\x8a\x0f\x30\x0d\xd1\xec",
- .plen = 32,
- .ctext = "\xd3\x68\x14\x70\x3c\x01\x43\x86"
- "\x02\xab\xbe\x75\xaa\xe7\xf5\x53"
- "\x5c\x05\xbd\x9b\x19\xbb\x2a\x61"
- "\x8f\x69\x05\x75\x8e\xca\x60\x0c"
- "\x5b\xa2\x48\x61\x32\x74\x11\x2b"
- "\xf6\xcf\x06\x78\x6f\x78\x1a\x4a",
- .clen = 48,
- }, {
- .key = "\x8d\x82\xd6\x3b\x76\xcc\x30\x97"
- "\xb1\x68\x63\xef\x8c\x7c\xa3\xf7"
- "\xef\x1c\x5f\xf2\xa3\x88\x86\xed"
- "\x8a\x6d\xc1\x05\xe7\x25\xb9\xa2",
- .klen = 32,
- .iv = "\x9c\x4b\x65\xa2\xba\x6b\xdb\x1e"
- "\xd1\x9e\x90\x13\x8a\x45\xd3\x79"
- "\xba\xcd\xe2\x13\xe4\x30\x66\xf4"
- "\xba\x78\xf9\xfb\x9d\x3c\xa1\x58",
- .assoc = "\xab\x14\xf3\x0a\xfe\x0a\x85\xa5"
- "\xf2\xd5\xbc\x38\x89\x0e\x04\xfb"
- "\x84\x7d\x65\x34\x25\xd8\x47\xfa"
- "\xeb\x83\x31\xf1\x54\x54\x89\x0d"
- "\x9d",
- .alen = 33,
- .ptext = "\xba\xde\x82\x72\x42\xa9\x2f\x2c"
- "\x12\x0b\xe9\x5c\x87\xd7\x35\x7c"
- "\x4f\x2e\xe8\x55\x66\x80\x27\x00"
- "\x1b\x8f\x68\xe7\x0a\x6c\x71\xc3"
- "\x21\x78\x55\x9d\x9c\x65\x7b\xcd"
- "\x0a\x34\x97\xff\x47\x37\xb0\x2a"
- "\x80\x0d\x19\x98\x33\xa9\x7a\xe3"
- "\x2e\x4c\xc6\xf3\x8c\x88\x42\x01"
- "\xbd",
- .plen = 65,
- .ctext = "\x07\x0a\x35\xb0\x82\x03\x5a\xd2"
- "\x15\x3a\x6c\x72\x83\x9b\xb1\x75"
- "\xea\xf2\xfc\xff\xc6\xf1\x13\xa4"
- "\x1a\x93\x33\x79\x97\x82\x81\xc0"
- "\x96\xc2\x00\xab\x39\xae\xa1\x62"
- "\x53\xa3\x86\xc9\x07\x8c\xaf\x22"
- "\x47\x31\x29\xca\x4a\x95\xf5\xd5"
- "\x20\x63\x5a\x54\x80\x2c\x4a\x63"
- "\xfb\x18\x73\x31\x4f\x08\x21\x5d"
- "\x20\xe9\xc3\x7e\xea\x25\x77\x3a"
- "\x65",
- .clen = 81,
- }, {
- .key = "\xc9\xa7\x10\xda\x86\x48\xd9\xb3"
- "\x32\x42\x15\x80\x85\xa1\x65\xfe"
- "\x19\xde\x6b\x76\xa8\x28\x08\x07"
- "\x4b\x9a\xa0\xdd\xc1\x84\x58\x79",
- .klen = 32,
- .iv = "\xd8\x70\x9f\x42\xca\xe6\x83\x3a"
- "\x52\x79\x42\xa5\x84\x6a\x96\x7f"
- "\xe4\x8f\xed\x97\xe9\xd0\xe8\x0d"
- "\x7c\xa6\xd8\xd4\x77\x9b\x40\x2e",
- .assoc = "\xe8\x39\x2d\xaa\x0e\x85\x2d\xc1"
- "\x72\xaf\x6e\xc9\x82\x33\xc7\x01"
- "\xaf\x40\x70\xb8\x2a\x78\xc9\x14"
- "\xac\xb1\x10\xca\x2e\xb3\x28\xe4"
- "\xac\xfa\x58\x7f\xe5\x73\x09\x8c"
- "\x1d\x40\x87\x8c\xd9\x75\xc0\x55"
- "\xa2\xda\x07\xd1\xc2\xa9\xd1\xbb"
- "\x09\x4f\x77\x62\x88\x2d\xf2\x68"
- "\x54",
- .alen = 65,
- .ptext = "\xf7\x02\xbb\x11\x52\x24\xd8\x48"
- "\x93\xe6\x9b\xee\x81\xfc\xf7\x82"
- "\x79\xf0\xf3\xd9\x6c\x20\xa9\x1a"
- "\xdc\xbc\x47\xc0\xe4\xcb\x10\x99"
- "\x2f",
- .plen = 33,
- .ctext = "\x33\xc1\xda\xfa\x15\x21\x07\x8e"
- "\x93\x68\xea\x64\x7b\x3d\x4b\x6b"
- "\x71\x5e\x5e\x6b\x92\xaa\x65\xc2"
- "\x7a\x2a\xc1\xa9\x0a\xa1\x24\x81"
- "\x26\x3a\x5a\x09\xe8\xce\x73\x72"
- "\xde\x7b\x58\x9e\x85\xb9\xa4\x28"
- "\xda",
- .clen = 49,
- }, {
- .key = "\x06\xcc\x4a\x79\x96\xc3\x82\xcf"
- "\xb3\x1c\xc7\x12\x7f\xc5\x28\x04"
- "\x44\xa1\x76\xfb\xad\xc8\x8a\x21"
- "\x0d\xc8\x7f\xb6\x9b\xe3\xf8\x4f",
- .klen = 32,
- .iv = "\x15\x95\xd8\xe1\xda\x62\x2c\x56"
- "\xd3\x53\xf4\x36\x7e\x8e\x59\x85"
- "\x0e\x51\xf9\x1c\xee\x70\x6a\x27"
- "\x3d\xd3\xb7\xac\x51\xfa\xdf\x05",
- .assoc = "\x24\x5e\x67\x49\x1e\x01\xd6\xdd"
- "\xf3\x89\x20\x5b\x7c\x57\x89\x07",
- .alen = 16,
- .ptext = "\x33\x27\xf5\xb1\x62\xa0\x80\x63"
- "\x14\xc0\x4d\x7f\x7b\x20\xba\x89",
- .plen = 16,
- .ctext = "\x3e\xf8\x86\x3d\x39\xf8\x96\x02"
- "\x0f\xdf\xc9\x6e\x37\x1e\x57\x99"
- "\x07\x2a\x1a\xac\xd1\xda\xfd\x3b"
- "\xc7\xff\xbd\xbc\x85\x09\x0b",
- .clen = 31,
- }, {
- .key = "\x42\xf0\x84\x19\xa6\x3f\x2b\xea"
- "\x34\xf6\x79\xa3\x79\xe9\xeb\x0a"
- "\x6e\x63\x82\x7f\xb2\x68\x0c\x3a"
- "\xce\xf5\x5e\x8e\x75\x42\x97\x26",
- .klen = 32,
- .iv = "\x51\xb9\x12\x80\xea\xde\xd5\x71"
- "\x54\x2d\xa6\xc8\x78\xb2\x1b\x8c"
- "\x39\x14\x05\xa0\xf3\x10\xec\x41"
- "\xff\x01\x95\x84\x2b\x59\x7f\xdb",
- .assoc = "\x61\x83\xa0\xe8\x2e\x7d\x7f\xf8"
- "\x74\x63\xd2\xec\x76\x7c\x4c\x0d",
- .alen = 16,
- .ptext = "\x70\x4c\x2f\x50\x72\x1c\x29\x7f"
- "\x95\x9a\xff\x10\x75\x45\x7d\x8f",
- .plen = 16,
- .ctext = "\x2f\xc4\xd8\x0d\xa6\x07\xef\x2e"
- "\x6c\xd9\x84\x63\x70\x97\x61\x37"
- "\x08\x2f\x16\x90\x9e\x62\x30\x0d"
- "\x62\xd5\xc8\xf0\x46\x1a",
- .clen = 30,
- }, {
- .key = "\x7f\x15\xbd\xb8\xb6\xba\xd3\x06"
- "\xb5\xd1\x2b\x35\x73\x0e\xad\x10"
- "\x98\x25\x8d\x03\xb7\x08\x8e\x54"
- "\x90\x23\x3d\x67\x4f\xa1\x36\xfc",
- .klen = 32,
- .iv = "\x8e\xde\x4c\x20\xfa\x59\x7e\x8d"
- "\xd5\x07\x58\x59\x72\xd7\xde\x92"
- "\x63\xd6\x10\x24\xf8\xb0\x6e\x5a"
- "\xc0\x2e\x74\x5d\x06\xb8\x1e\xb2",
- .assoc = "\x9d\xa7\xda\x88\x3e\xf8\x28\x14"
- "\xf5\x3e\x85\x7d\x70\xa0\x0f\x13",
- .alen = 16,
- .ptext = "\xac\x70\x69\xef\x82\x97\xd2\x9b"
- "\x15\x74\xb1\xa2\x6f\x69\x3f\x95",
- .plen = 16,
- .ctext = "\xce\xf3\x17\x87\x49\xc2\x00\x46"
- "\xc6\x12\x5c\x8f\x81\x38\xaa\x55"
- "\xf8\x67\x75\xf1\x75\xe3\x2a\x24",
- .clen = 24,
- },
-};
-
-/*
- * MORUS-640 test vectors - generated via reference implementation from
- * SUPERCOP (https://bench.cr.yp.to/supercop.html):
- *
- * https://bench.cr.yp.to/supercop/supercop-20170228.tar.xz
- * (see crypto_aead/morus640128v2/)
- */
-static const struct aead_testvec morus640_tv_template[] = {
- {
- .key = "\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00",
- .klen = 16,
- .iv = "\x0f\xc9\x8e\x67\x44\x9e\xaa\x86"
- "\x20\x36\x2c\x24\xfe\xc9\x30\x81",
- .assoc = "",
- .alen = 0,
- .ptext = "",
- .plen = 0,
- .ctext = "\x89\x62\x7d\xf3\x07\x9d\x52\x05"
- "\x53\xc3\x04\x60\x93\xb4\x37\x9a",
- .clen = 16,
- }, {
- .key = "\x3c\x24\x39\x9f\x10\x7b\xa8\x1b"
- "\x80\xda\xb2\x91\xf9\x24\xc2\x06",
- .klen = 16,
- .iv = "\x4b\xed\xc8\x07\x54\x1a\x52\xa2"
- "\xa1\x10\xde\xb5\xf8\xed\xf3\x87",
- .assoc = "",
- .alen = 0,
- .ptext = "\x69",
- .plen = 1,
- .ctext = "\xa8\x8d\xe4\x90\xb5\x50\x8f\x78"
- "\xb6\x10\x9a\x59\x5f\x61\x37\x70"
- "\x09",
- .clen = 17,
- }, {
- .key = "\x79\x49\x73\x3e\x20\xf7\x51\x37"
- "\x01\xb4\x64\x22\xf3\x48\x85\x0c",
- .klen = 16,
- .iv = "\x88\x12\x01\xa6\x64\x96\xfb\xbe"
- "\x22\xea\x90\x47\xf2\x11\xb5\x8e",
- .assoc = "",
- .alen = 0,
- .ptext = "\xa6\xa4\x1e\x76\xec\xd4\x50\xcc"
- "\x62\x58\xe9\x8f\xef\xa4\x17",
- .plen = 15,
- .ctext = "\x76\xdd\xb9\x05\x3d\xce\x61\x38"
- "\xf3\xef\xf7\xe5\xd7\xfd\x70\xa5"
- "\xcf\x9d\x64\xb8\x0a\x9f\xfd\x8b"
- "\xd4\x6e\xfe\xd9\xc8\x63\x4b",
- .clen = 31,
- }, {
- .key = "\xb5\x6e\xad\xdd\x30\x72\xfa\x53"
- "\x82\x8e\x16\xb4\xed\x6d\x47\x12",
- .klen = 16,
- .iv = "\xc4\x37\x3b\x45\x74\x11\xa4\xda"
- "\xa2\xc5\x42\xd8\xec\x36\x78\x94",
- .assoc = "",
- .alen = 0,
- .ptext = "\xe2\xc9\x58\x15\xfc\x4f\xf8\xe8"
- "\xe3\x32\x9b\x21\xe9\xc8\xd9\x97",
- .plen = 16,
- .ctext = "\xdc\x72\xe8\x14\xfb\x63\xad\x72"
- "\x1f\x57\x9a\x1f\x88\x81\xdb\xd6"
- "\xc1\x91\x9d\xb9\x25\xc4\x99\x4c"
- "\x97\xcd\x8a\x0c\x9d\x68\x00\x1c",
- .clen = 32,
- }, {
- .key = "\xf2\x92\xe6\x7d\x40\xee\xa3\x6f"
- "\x03\x68\xc8\x45\xe7\x91\x0a\x18",
- .klen = 16,
- .iv = "\x01\x5c\x75\xe5\x84\x8d\x4d\xf6"
- "\x23\x9f\xf4\x6a\xe6\x5a\x3b\x9a",
- .assoc = "",
- .alen = 0,
- .ptext = "\x1f\xee\x92\xb4\x0c\xcb\xa1\x04"
- "\x64\x0c\x4d\xb2\xe3\xec\x9c\x9d"
- "\x09",
- .plen = 17,
- .ctext = "\x6b\x4f\x3b\x90\x9a\xa2\xb3\x82"
- "\x0a\xb8\x55\xee\xeb\x73\x4d\x7f"
- "\x54\x11\x3a\x8a\x31\xa3\xb5\xf2"
- "\xcd\x49\xdb\xf3\xee\x26\xbd\xa2"
- "\x0d",
- .clen = 33,
- }, {
- .key = "\x2e\xb7\x20\x1c\x50\x6a\x4b\x8b"
- "\x84\x42\x7a\xd7\xe1\xb5\xcd\x1f",
- .klen = 16,
- .iv = "\x3d\x80\xae\x84\x94\x09\xf6\x12"
- "\xa4\x79\xa6\xfb\xe0\x7f\xfd\xa0",
- .assoc = "",
- .alen = 0,
- .ptext = "\x5c\x13\xcb\x54\x1c\x47\x4a\x1f"
- "\xe5\xe6\xff\x44\xdd\x11\x5f\xa3"
- "\x33\xdd\xc2\xf8\xdd\x18\x2b\x93"
- "\x57\x05\x01\x1c\x66\x22\xd3",
- .plen = 31,
- .ctext = "\x59\xd1\x0f\x6b\xee\x27\x84\x92"
- "\xb7\xa9\xb5\xdd\x02\xa4\x12\xa5"
- "\x50\x32\xb4\x9a\x2e\x35\x83\x55"
- "\x36\x12\x12\xed\xa3\x31\xc5\x30"
- "\xa7\xe2\x4a\x6d\x05\x59\x43\x91"
- "\x75\xfa\x6c\x17\xc6\x73\xca",
- .clen = 47,
- }, {
- .key = "\x6b\xdc\x5a\xbb\x60\xe5\xf4\xa6"
- "\x05\x1d\x2c\x68\xdb\xda\x8f\x25",
- .klen = 16,
- .iv = "\x7a\xa5\xe8\x23\xa4\x84\x9e\x2d"
- "\x25\x53\x58\x8c\xda\xa3\xc0\xa6",
- .assoc = "",
- .alen = 0,
- .ptext = "\x98\x37\x05\xf3\x2c\xc2\xf3\x3b"
- "\x66\xc0\xb1\xd5\xd7\x35\x21\xaa"
- "\x5d\x9f\xce\x7c\xe2\xb8\xad\xad"
- "\x19\x33\xe0\xf4\x40\x81\x72\x28",
- .plen = 32,
- .ctext = "\xdb\x49\x68\x0f\x91\x5b\x21\xb1"
- "\xcf\x50\xb2\x4c\x32\xe1\xa6\x69"
- "\xc0\xfb\x44\x1f\xa0\x9a\xeb\x39"
- "\x1b\xde\x68\x38\xcc\x27\x52\xc5"
- "\xf6\x3e\x74\xea\x66\x5b\x5f\x0c"
- "\x65\x9e\x58\xe6\x52\xa2\xfe\x59",
- .clen = 48,
- }, {
- .key = "\xa7\x00\x93\x5b\x70\x61\x9d\xc2"
- "\x86\xf7\xde\xfa\xd5\xfe\x52\x2b",
- .klen = 16,
- .iv = "\xb6\xca\x22\xc3\xb4\x00\x47\x49"
- "\xa6\x2d\x0a\x1e\xd4\xc7\x83\xad",
- .assoc = "\xc5",
- .alen = 1,
- .ptext = "",
- .plen = 0,
- .ctext = "\x56\xe7\x24\x52\xdd\x95\x60\x5b"
- "\x09\x48\x39\x69\x9c\xb3\x62\x46",
- .clen = 16,
- }, {
- .key = "\xe4\x25\xcd\xfa\x80\xdd\x46\xde"
- "\x07\xd1\x90\x8b\xcf\x23\x15\x31",
- .klen = 16,
- .iv = "\xf3\xee\x5c\x62\xc4\x7c\xf0\x65"
- "\x27\x08\xbd\xaf\xce\xec\x45\xb3",
- .assoc = "\x02\xb8\xea\xca\x09\x1b\x9a\xec"
- "\x47\x3e\xe9\xd4\xcc\xb5\x76",
- .alen = 15,
- .ptext = "",
- .plen = 0,
- .ctext = "\xdd\xfa\x6c\x1f\x5d\x86\x87\x01"
- "\x13\xe5\x73\x46\x46\xf2\x5c\xe1",
- .clen = 16,
- }, {
- .key = "\x20\x4a\x07\x99\x91\x58\xee\xfa"
- "\x88\xab\x42\x1c\xc9\x47\xd7\x38",
- .klen = 16,
- .iv = "\x2f\x13\x95\x01\xd5\xf7\x99\x81"
- "\xa8\xe2\x6f\x41\xc8\x10\x08\xb9",
- .assoc = "\x3f\xdc\x24\x69\x19\x96\x43\x08"
- "\xc8\x18\x9b\x65\xc6\xd9\x39\x3b",
- .alen = 16,
- .ptext = "",
- .plen = 0,
- .ctext = "\xa6\x1b\xb9\xd7\x5e\x3c\xcf\xac"
- "\xa9\x21\x45\x0b\x16\x52\xf7\xe1",
- .clen = 16,
- }, {
- .key = "\x5d\x6f\x41\x39\xa1\xd4\x97\x16"
- "\x09\x85\xf4\xae\xc3\x6b\x9a\x3e",
- .klen = 16,
- .iv = "\x6c\x38\xcf\xa1\xe5\x73\x41\x9d"
- "\x29\xbc\x21\xd2\xc2\x35\xcb\xbf",
- .assoc = "\x7b\x01\x5d\x08\x29\x12\xec\x24"
- "\x49\xf3\x4d\xf7\xc0\xfe\xfb\x41"
- "\x3c",
- .alen = 17,
- .ptext = "",
- .plen = 0,
- .ctext = "\x15\xff\xde\x3b\x34\xfc\xf6\xf9"
- "\xbb\xa8\x62\xad\x0a\xf5\x48\x60",
- .clen = 16,
- }, {
- .key = "\x99\x93\x7a\xd8\xb1\x50\x40\x31"
- "\x8a\x60\xa6\x3f\xbd\x90\x5d\x44",
- .klen = 16,
- .iv = "\xa8\x5c\x09\x40\xf5\xef\xea\xb8"
- "\xaa\x96\xd3\x64\xbc\x59\x8d\xc6",
- .assoc = "\xb8\x26\x97\xa8\x39\x8e\x94\x3f"
- "\xca\xcd\xff\x88\xba\x22\xbe\x47"
- "\x67\xba\x85\xf1\xbb\x30\x56\x26"
- "\xaf\x0b\x02\x38\xcc\x44\xa7",
- .alen = 31,
- .ptext = "",
- .plen = 0,
- .ctext = "\xd2\x9d\xf8\x3b\xd7\x84\xe9\x2d"
- "\x4b\xef\x75\x16\x0a\x99\xae\x6b",
- .clen = 16,
- }, {
- .key = "\xd6\xb8\xb4\x77\xc1\xcb\xe9\x4d"
- "\x0a\x3a\x58\xd1\xb7\xb4\x1f\x4a",
- .klen = 16,
- .iv = "\xe5\x81\x42\xdf\x05\x6a\x93\xd4"
- "\x2b\x70\x85\xf5\xb6\x7d\x50\xcc",
- .assoc = "\xf4\x4a\xd1\x47\x49\x09\x3d\x5b"
- "\x4b\xa7\xb1\x19\xb4\x46\x81\x4d"
- "\x91\x7c\x91\x75\xc0\xd0\xd8\x40"
- "\x71\x39\xe1\x10\xa6\xa3\x46\x7a",
- .alen = 32,
- .ptext = "",
- .plen = 0,
- .ctext = "\xe4\x8d\xa7\xa7\x45\xc1\x31\x4f"
- "\xce\xfb\xaf\xd6\xc2\xe6\xee\xc0",
- .clen = 16,
- }, {
- .key = "\x12\xdd\xee\x17\xd1\x47\x92\x69"
- "\x8b\x14\x0a\x62\xb1\xd9\xe2\x50",
- .klen = 16,
- .iv = "\x22\xa6\x7c\x7f\x15\xe6\x3c\xf0"
- "\xac\x4b\x37\x86\xb0\xa2\x13\xd2",
- .assoc = "\x31",
- .alen = 1,
- .ptext = "\x40",
- .plen = 1,
- .ctext = "\xe2\x67\x38\x4f\xb9\xad\x7d\x38"
- "\x01\xfe\x84\x14\x85\xf8\xd1\xe3"
- "\x22",
- .clen = 17,
- }, {
- .key = "\x4f\x01\x27\xb6\xe1\xc3\x3a\x85"
- "\x0c\xee\xbc\xf4\xab\xfd\xa5\x57",
- .klen = 16,
- .iv = "\x5e\xcb\xb6\x1e\x25\x62\xe4\x0c"
- "\x2d\x25\xe9\x18\xaa\xc6\xd5\xd8",
- .assoc = "\x6d\x94\x44\x86\x69\x00\x8f\x93"
- "\x4d\x5b\x15\x3c\xa8\x8f\x06",
- .alen = 15,
- .ptext = "\x7c\x5d\xd3\xee\xad\x9f\x39\x1a"
- "\x6d\x92\x42\x61\xa7\x58\x37",
- .plen = 15,
- .ctext = "\x77\x32\x61\xeb\xb4\x33\x29\x92"
- "\x29\x95\xc5\x8e\x85\x76\xab\xfc"
- "\x07\x95\xa7\x44\x74\xf7\x22\xff"
- "\xd8\xd8\x36\x3d\x8a\x7f\x9e",
- .clen = 31,
- }, {
- .key = "\x8b\x26\x61\x55\xf1\x3e\xe3\xa1"
- "\x8d\xc8\x6e\x85\xa5\x21\x67\x5d",
- .klen = 16,
- .iv = "\x9b\xef\xf0\xbd\x35\xdd\x8d\x28"
- "\xad\xff\x9b\xa9\xa4\xeb\x98\xdf",
- .assoc = "\xaa\xb8\x7e\x25\x79\x7c\x37\xaf"
- "\xce\x36\xc7\xce\xa2\xb4\xc9\x60",
- .alen = 16,
- .ptext = "\xb9\x82\x0c\x8d\xbd\x1b\xe2\x36"
- "\xee\x6c\xf4\xf2\xa1\x7d\xf9\xe2",
- .plen = 16,
- .ctext = "\xd8\xfd\x44\x45\xf6\x42\x12\x38"
- "\xf2\x0b\xea\x4f\x9e\x11\x61\x07"
- "\x48\x67\x98\x18\x9b\xd0\x0c\x59"
- "\x67\xa4\x11\xb3\x2b\xd6\xc1\x70",
- .clen = 32,
- }, {
- .key = "\xc8\x4b\x9b\xf5\x01\xba\x8c\xbd"
- "\x0e\xa3\x21\x16\x9f\x46\x2a\x63",
- .klen = 16,
- .iv = "\xd7\x14\x29\x5d\x45\x59\x36\x44"
- "\x2e\xd9\x4d\x3b\x9e\x0f\x5b\xe5",
- .assoc = "\xe6\xdd\xb8\xc4\x89\xf8\xe0\xca"
- "\x4f\x10\x7a\x5f\x9c\xd8\x8b\x66"
- "\x3b",
- .alen = 17,
- .ptext = "\xf5\xa6\x46\x2c\xce\x97\x8a\x51"
- "\x6f\x46\xa6\x83\x9b\xa1\xbc\xe8"
- "\x05",
- .plen = 17,
- .ctext = "\xb1\xab\x53\x4e\xc7\x40\x16\xb6"
- "\x71\x3a\x00\x9f\x41\x88\xb0\xb2"
- "\x71\x83\x85\x5f\xc8\x79\x0a\x99"
- "\x99\xdc\x89\x1c\x88\xd2\x3e\xf9"
- "\x83",
- .clen = 33,
- }, {
- .key = "\x05\x70\xd5\x94\x12\x36\x35\xd8"
- "\x8f\x7d\xd3\xa8\x99\x6a\xed\x69",
- .klen = 16,
- .iv = "\x14\x39\x63\xfc\x56\xd5\xdf\x5f"
- "\xaf\xb3\xff\xcc\x98\x33\x1d\xeb",
- .assoc = "\x23\x02\xf1\x64\x9a\x73\x89\xe6"
- "\xd0\xea\x2c\xf1\x96\xfc\x4e\x6d"
- "\x65\x48\xcb\x0a\xda\xf0\x62\xc0"
- "\x38\x1d\x3b\x4a\xe9\x7e\x62",
- .alen = 31,
- .ptext = "\x32\xcb\x80\xcc\xde\x12\x33\x6d"
- "\xf0\x20\x58\x15\x95\xc6\x7f\xee"
- "\x2f\xf9\x4e\x2c\x1b\x98\x43\xc7"
- "\x68\x28\x73\x40\x9f\x96\x4a",
- .plen = 31,
- .ctext = "\x29\xc4\xf0\x03\xc1\x86\xdf\x06"
- "\x5c\x7b\xef\x64\x87\x00\xd1\x37"
- "\xa7\x08\xbc\x7f\x8f\x41\x54\xd0"
- "\x3e\xf1\xc3\xa2\x96\x84\xdd\x2a"
- "\x2d\x21\x30\xf9\x02\xdb\x06\x0c"
- "\xf1\x5a\x66\x69\xe0\xca\x83",
- .clen = 47,
- }, {
- .key = "\x41\x94\x0e\x33\x22\xb1\xdd\xf4"
- "\x10\x57\x85\x39\x93\x8f\xaf\x70",
- .klen = 16,
- .iv = "\x50\x5d\x9d\x9b\x66\x50\x88\x7b"
- "\x30\x8e\xb1\x5e\x92\x58\xe0\xf1",
- .assoc = "\x5f\x27\x2b\x03\xaa\xef\x32\x02"
- "\x50\xc4\xde\x82\x90\x21\x11\x73"
- "\x8f\x0a\xd6\x8f\xdf\x90\xe4\xda"
- "\xf9\x4a\x1a\x23\xc3\xdd\x02\x81",
- .alen = 32,
- .ptext = "\x6e\xf0\xba\x6b\xee\x8e\xdc\x89"
- "\x71\xfb\x0a\xa6\x8f\xea\x41\xf4"
- "\x5a\xbb\x59\xb0\x20\x38\xc5\xe0"
- "\x29\x56\x52\x19\x79\xf5\xe9\x37",
- .plen = 32,
- .ctext = "\xe2\x2e\x44\xdf\xd3\x60\x6d\xb2"
- "\x70\x57\x37\xc5\xc2\x4f\x8d\x14"
- "\xc6\xbf\x8b\xec\xf5\x62\x67\xf2"
- "\x2f\xa1\xe6\xd6\xa7\xb1\x8c\x54"
- "\xe5\x6b\x49\xf9\x6e\x90\xc3\xaa"
- "\x7a\x00\x2e\x4d\x7f\x31\x2e\x81",
- .clen = 48,
- }, {
- .key = "\x7e\xb9\x48\xd3\x32\x2d\x86\x10"
- "\x91\x31\x37\xcb\x8d\xb3\x72\x76",
- .klen = 16,
- .iv = "\x8d\x82\xd6\x3b\x76\xcc\x30\x97"
- "\xb1\x68\x63\xef\x8c\x7c\xa3\xf7",
- .assoc = "\x9c\x4b\x65\xa2\xba\x6b\xdb\x1e"
- "\xd1\x9e\x90\x13\x8a\x45\xd3\x79"
- "\xba\xcd\xe2\x13\xe4\x30\x66\xf4"
- "\xba\x78\xf9\xfb\x9d\x3c\xa1\x58"
- "\x1a",
- .alen = 33,
- .ptext = "\xab\x14\xf3\x0a\xfe\x0a\x85\xa5"
- "\xf2\xd5\xbc\x38\x89\x0e\x04\xfb"
- "\x84\x7d\x65\x34\x25\xd8\x47\xfa"
- "\xeb\x83\x31\xf1\x54\x54\x89\x0d"
- "\x9d\x4d\x54\x51\x84\x61\xf6\x8e"
- "\x03\x31\xf2\x25\x16\xcc\xaa\xc6"
- "\x75\x73\x20\x30\x59\x54\xb2\xf0"
- "\x3a\x4b\xe0\x23\x8e\xa6\x08\x35"
- "\x8a",
- .plen = 65,
- .ctext = "\xc7\xca\x26\x61\x57\xee\xa2\xb9"
- "\xb1\x37\xde\x95\x06\x90\x11\x08"
- "\x4d\x30\x9f\x24\xc0\x56\xb7\xe1"
- "\x0b\x9f\xd2\x57\xe9\xd2\xb1\x76"
- "\x56\x9a\xb4\x58\xc5\x08\xfc\xb5"
- "\xf2\x31\x9b\xc9\xcd\xb3\x64\xdb"
- "\x6f\x50\xbf\xf4\x73\x9d\xfb\x6b"
- "\xef\x35\x25\x48\xed\xcf\x29\xa8"
- "\xac\xc3\xb9\xcb\x61\x8f\x73\x92"
- "\x2c\x7a\x6f\xda\xf9\x09\x6f\xe1"
- "\xc4",
- .clen = 81,
- }, {
- .key = "\xba\xde\x82\x72\x42\xa9\x2f\x2c"
- "\x12\x0b\xe9\x5c\x87\xd7\x35\x7c",
- .klen = 16,
- .iv = "\xc9\xa7\x10\xda\x86\x48\xd9\xb3"
- "\x32\x42\x15\x80\x85\xa1\x65\xfe",
- .assoc = "\xd8\x70\x9f\x42\xca\xe6\x83\x3a"
- "\x52\x79\x42\xa5\x84\x6a\x96\x7f"
- "\xe4\x8f\xed\x97\xe9\xd0\xe8\x0d"
- "\x7c\xa6\xd8\xd4\x77\x9b\x40\x2e"
- "\x28\xce\x57\x34\xcd\x6e\x84\x4c"
- "\x17\x3c\xe1\xb2\xa8\x0b\xbb\xf1"
- "\x96\x41\x0d\x69\xe8\x54\x0a\xc8"
- "\x15\x4e\x91\x92\x89\x4b\xb7\x9b"
- "\x21",
- .alen = 65,
- .ptext = "\xe8\x39\x2d\xaa\x0e\x85\x2d\xc1"
- "\x72\xaf\x6e\xc9\x82\x33\xc7\x01"
- "\xaf\x40\x70\xb8\x2a\x78\xc9\x14"
- "\xac\xb1\x10\xca\x2e\xb3\x28\xe4"
- "\xac",
- .plen = 33,
- .ctext = "\x57\xcd\x3d\x46\xc5\xf9\x68\x3b"
- "\x2c\x0f\xb4\x7e\x7b\x64\x3e\x40"
- "\xf3\x78\x63\x34\x89\x79\x39\x6b"
- "\x61\x64\x4a\x9a\xfa\x70\xa4\xd3"
- "\x54\x0b\xea\x05\xa6\x95\x64\xed"
- "\x3d\x69\xa2\x0c\x27\x56\x2f\x34"
- "\x66",
- .clen = 49,
- }, {
- .key = "\xf7\x02\xbb\x11\x52\x24\xd8\x48"
- "\x93\xe6\x9b\xee\x81\xfc\xf7\x82",
- .klen = 16,
- .iv = "\x06\xcc\x4a\x79\x96\xc3\x82\xcf"
- "\xb3\x1c\xc7\x12\x7f\xc5\x28\x04",
- .assoc = "\x15\x95\xd8\xe1\xda\x62\x2c\x56"
- "\xd3\x53\xf4\x36\x7e\x8e\x59\x85",
- .alen = 16,
- .ptext = "\x24\x5e\x67\x49\x1e\x01\xd6\xdd"
- "\xf3\x89\x20\x5b\x7c\x57\x89\x07",
- .plen = 16,
- .ctext = "\xfc\x85\x06\x28\x8f\xe8\x23\x1f"
- "\x33\x98\x87\xde\x08\xb6\xb6\xae"
- "\x3e\xa4\xf8\x19\xf1\x92\x60\x39"
- "\xb9\x6b\x3f\xdf\xc8\xcb\x30",
- .clen = 31,
- }, {
- .key = "\x33\x27\xf5\xb1\x62\xa0\x80\x63"
- "\x14\xc0\x4d\x7f\x7b\x20\xba\x89",
- .klen = 16,
- .iv = "\x42\xf0\x84\x19\xa6\x3f\x2b\xea"
- "\x34\xf6\x79\xa3\x79\xe9\xeb\x0a",
- .assoc = "\x51\xb9\x12\x80\xea\xde\xd5\x71"
- "\x54\x2d\xa6\xc8\x78\xb2\x1b\x8c",
- .alen = 16,
- .ptext = "\x61\x83\xa0\xe8\x2e\x7d\x7f\xf8"
- "\x74\x63\xd2\xec\x76\x7c\x4c\x0d",
- .plen = 16,
- .ctext = "\x74\x7d\x70\x07\xe9\xba\x01\xee"
- "\x6c\xc6\x6f\x50\x25\x33\xbe\x50"
- "\x17\xb8\x17\x62\xed\x80\xa2\xf5"
- "\x03\xde\x85\x71\x5d\x34",
- .clen = 30,
- }, {
- .key = "\x70\x4c\x2f\x50\x72\x1c\x29\x7f"
- "\x95\x9a\xff\x10\x75\x45\x7d\x8f",
- .klen = 16,
- .iv = "\x7f\x15\xbd\xb8\xb6\xba\xd3\x06"
- "\xb5\xd1\x2b\x35\x73\x0e\xad\x10",
- .assoc = "\x8e\xde\x4c\x20\xfa\x59\x7e\x8d"
- "\xd5\x07\x58\x59\x72\xd7\xde\x92",
- .alen = 16,
- .ptext = "\x9d\xa7\xda\x88\x3e\xf8\x28\x14"
- "\xf5\x3e\x85\x7d\x70\xa0\x0f\x13",
- .plen = 16,
- .ctext = "\xf4\xb3\x85\xf9\xac\xde\xb1\x38"
- "\x29\xfd\x6c\x7c\x49\xe5\x1d\xaf"
- "\xba\xea\xd4\xfa\x3f\x11\x33\x98",
- .clen = 24,
- }, {
- .key = "\xac\x70\x69\xef\x82\x97\xd2\x9b"
- "\x15\x74\xb1\xa2\x6f\x69\x3f\x95",
- .klen = 16,
- .iv = "\xbb\x3a\xf7\x57\xc6\x36\x7c\x22"
- "\x36\xab\xde\xc6\x6d\x32\x70\x17",
- .assoc = "\xcb\x03\x85\xbf\x0a\xd5\x26\xa9"
- "\x56\xe1\x0a\xeb\x6c\xfb\xa1\x98",
- .alen = 16,
- .ptext = "\xda\xcc\x14\x27\x4e\x74\xd1\x30"
- "\x76\x18\x37\x0f\x6a\xc4\xd1\x1a",
- .plen = 16,
- .ctext = "\xe6\x5c\x49\x4f\x78\xf3\x62\x86"
- "\xe1\xb7\xa5\xc3\x32\x88\x3c\x8c"
- "\x6e",
- .clen = 17,
- },
-};
-
-/*
- * MORUS-1280 test vectors - generated via reference implementation from
- * SUPERCOP (https://bench.cr.yp.to/supercop.html):
- *
- * https://bench.cr.yp.to/supercop/supercop-20170228.tar.xz
- * (see crypto_aead/morus1280128v2/ and crypto_aead/morus1280256v2/ )
- */
-static const struct aead_testvec morus1280_tv_template[] = {
- {
- .key = "\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00",
- .klen = 16,
- .iv = "\x0f\xc9\x8e\x67\x44\x9e\xaa\x86"
- "\x20\x36\x2c\x24\xfe\xc9\x30\x81",
- .assoc = "",
- .alen = 0,
- .ptext = "",
- .plen = 0,
- .ctext = "\x91\x85\x0f\xf5\x52\x9e\xce\xce"
- "\x65\x99\xc7\xbf\xd3\x76\xe8\x98",
- .clen = 16,
- }, {
- .key = "\x3c\x24\x39\x9f\x10\x7b\xa8\x1b"
- "\x80\xda\xb2\x91\xf9\x24\xc2\x06",
- .klen = 16,
- .iv = "\x4b\xed\xc8\x07\x54\x1a\x52\xa2"
- "\xa1\x10\xde\xb5\xf8\xed\xf3\x87",
- .assoc = "",
- .alen = 0,
- .ptext = "\x69",
- .plen = 1,
- .ctext = "\x88\xc3\x4c\xf0\x2f\x43\x76\x13"
- "\x96\xda\x76\x34\x33\x4e\xd5\x39"
- "\x73",
- .clen = 17,
- }, {
- .key = "\x79\x49\x73\x3e\x20\xf7\x51\x37"
- "\x01\xb4\x64\x22\xf3\x48\x85\x0c",
- .klen = 16,
- .iv = "\x88\x12\x01\xa6\x64\x96\xfb\xbe"
- "\x22\xea\x90\x47\xf2\x11\xb5\x8e",
- .assoc = "",
- .alen = 0,
- .ptext = "\xa6\xa4\x1e\x76\xec\xd4\x50\xcc"
- "\x62\x58\xe9\x8f\xef\xa4\x17\x91"
- "\xb4\x96\x9f\x6b\xce\x38\xa5\x46"
- "\x13\x7d\x64\x93\xd7\x05\xf5",
- .plen = 31,
- .ctext = "\x3e\x5c\x3b\x58\x3b\x7d\x2a\x22"
- "\x75\x0b\x24\xa6\x0e\xc3\xde\x52"
- "\x97\x0b\x64\xd4\xce\x90\x52\xf7"
- "\xef\xdb\x6a\x38\xd2\xa8\xa1\x0d"
- "\xe0\x61\x33\x24\xc6\x4d\x51\xbc"
- "\xa4\x21\x74\xcf\x19\x16\x59",
- .clen = 47,
- }, {
- .key = "\xb5\x6e\xad\xdd\x30\x72\xfa\x53"
- "\x82\x8e\x16\xb4\xed\x6d\x47\x12",
- .klen = 16,
- .iv = "\xc4\x37\x3b\x45\x74\x11\xa4\xda"
- "\xa2\xc5\x42\xd8\xec\x36\x78\x94",
- .assoc = "",
- .alen = 0,
- .ptext = "\xe2\xc9\x58\x15\xfc\x4f\xf8\xe8"
- "\xe3\x32\x9b\x21\xe9\xc8\xd9\x97"
- "\xde\x58\xab\xf0\xd3\xd8\x27\x60"
- "\xd5\xaa\x43\x6b\xb1\x64\x95\xa4",
- .plen = 32,
- .ctext = "\x30\x82\x9c\x2b\x67\xcb\xf9\x1f"
- "\xde\x9f\x77\xb2\xda\x92\x61\x5c"
- "\x09\x0b\x2d\x9a\x26\xaa\x1c\x06"
- "\xab\x74\xb7\x2b\x95\x5f\x9f\xa1"
- "\x9a\xff\x50\xa0\xa2\xff\xc5\xad"
- "\x21\x8e\x84\x5c\x12\x61\xb2\xae",
- .clen = 48,
- }, {
- .key = "\xf2\x92\xe6\x7d\x40\xee\xa3\x6f"
- "\x03\x68\xc8\x45\xe7\x91\x0a\x18",
- .klen = 16,
- .iv = "\x01\x5c\x75\xe5\x84\x8d\x4d\xf6"
- "\x23\x9f\xf4\x6a\xe6\x5a\x3b\x9a",
- .assoc = "",
- .alen = 0,
- .ptext = "\x1f\xee\x92\xb4\x0c\xcb\xa1\x04"
- "\x64\x0c\x4d\xb2\xe3\xec\x9c\x9d"
- "\x09\x1a\xb7\x74\xd8\x78\xa9\x79"
- "\x96\xd8\x22\x43\x8c\xc3\x34\x7b"
- "\xc4",
- .plen = 33,
- .ctext = "\x67\x5d\x8e\x45\xc8\x39\xf5\x17"
- "\xc1\x1d\x2a\xdd\x88\x67\xda\x1f"
- "\x6d\xe8\x37\x28\x5a\xc1\x5e\x9f"
- "\xa6\xec\xc6\x92\x05\x4b\xc0\xa3"
- "\x63\xef\x88\xa4\x9b\x0a\x5c\xed"
- "\x2b\x6a\xac\x63\x52\xaa\x10\x94"
- "\xd0",
- .clen = 49,
- }, {
- .key = "\x2e\xb7\x20\x1c\x50\x6a\x4b\x8b"
- "\x84\x42\x7a\xd7\xe1\xb5\xcd\x1f",
- .klen = 16,
- .iv = "\x3d\x80\xae\x84\x94\x09\xf6\x12"
- "\xa4\x79\xa6\xfb\xe0\x7f\xfd\xa0",
- .assoc = "",
- .alen = 0,
- .ptext = "\x5c\x13\xcb\x54\x1c\x47\x4a\x1f"
- "\xe5\xe6\xff\x44\xdd\x11\x5f\xa3"
- "\x33\xdd\xc2\xf8\xdd\x18\x2b\x93"
- "\x57\x05\x01\x1c\x66\x22\xd3\x51"
- "\xd3\xdf\x18\xc9\x30\x66\xed\xb1"
- "\x96\x58\xd5\x8c\x64\x8c\x7c\xf5"
- "\x01\xd0\x74\x5f\x9b\xaa\xf6\xd1"
- "\xe6\x16\xa2\xac\xde\x47\x40",
- .plen = 63,
- .ctext = "\x7d\x61\x1a\x35\x20\xcc\x07\x88"
- "\x03\x98\x87\xcf\xc0\x6e\x4d\x19"
- "\xe3\xd4\x0b\xfb\x29\x8f\x49\x1a"
- "\x3a\x06\x77\xce\x71\x2c\xcd\xdd"
- "\xed\xf6\xc9\xbe\xa6\x3b\xb8\xfc"
- "\x6c\xbe\x77\xed\x74\x0e\x20\x85"
- "\xd0\x65\xde\x24\x6f\xe3\x25\xc5"
- "\xdf\x5b\x0f\xbd\x8a\x88\x78\xc9"
- "\xe5\x81\x37\xde\x84\x7a\xf6\x84"
- "\x99\x7a\x72\x9c\x54\x31\xa1",
- .clen = 79,
- }, {
- .key = "\x6b\xdc\x5a\xbb\x60\xe5\xf4\xa6"
- "\x05\x1d\x2c\x68\xdb\xda\x8f\x25",
- .klen = 16,
- .iv = "\x7a\xa5\xe8\x23\xa4\x84\x9e\x2d"
- "\x25\x53\x58\x8c\xda\xa3\xc0\xa6",
- .assoc = "",
- .alen = 0,
- .ptext = "\x98\x37\x05\xf3\x2c\xc2\xf3\x3b"
- "\x66\xc0\xb1\xd5\xd7\x35\x21\xaa"
- "\x5d\x9f\xce\x7c\xe2\xb8\xad\xad"
- "\x19\x33\xe0\xf4\x40\x81\x72\x28"
- "\xe1\x8b\x1c\xf8\x91\x78\xff\xaf"
- "\xb0\x68\x69\xf2\x27\x35\x91\x84"
- "\x2e\x37\x5b\x00\x04\xff\x16\x9c"
- "\xb5\x19\x39\xeb\xd9\xcd\x29\x9a",
- .plen = 64,
- .ctext = "\x05\xc5\xb1\xf9\x1b\xb9\xab\x2c"
- "\xa5\x07\x12\xa7\x12\x39\x60\x66"
- "\x30\x81\x4a\x03\x78\x28\x45\x52"
- "\xd2\x2b\x24\xfd\x8b\xa5\xb7\x66"
- "\x6f\x45\xd7\x3b\x67\x6f\x51\xb9"
- "\xc0\x3d\x6c\xca\x1e\xae\xff\xb6"
- "\x79\xa9\xe4\x82\x5d\x4c\x2d\xdf"
- "\xeb\x71\x40\xc9\x2c\x40\x45\x6d"
- "\x73\x77\x01\xf3\x4f\xf3\x9d\x2a"
- "\x5d\x57\xa8\xa1\x18\xa2\xad\xcb",
- .clen = 80,
- }, {
- .key = "\xa7\x00\x93\x5b\x70\x61\x9d\xc2"
- "\x86\xf7\xde\xfa\xd5\xfe\x52\x2b",
- .klen = 16,
- .iv = "\xb6\xca\x22\xc3\xb4\x00\x47\x49"
- "\xa6\x2d\x0a\x1e\xd4\xc7\x83\xad",
- .assoc = "\xc5",
- .alen = 1,
- .ptext = "",
- .plen = 0,
- .ctext = "\x4d\xbf\x11\xac\x7f\x97\x0b\x2e"
- "\x89\x3b\x9d\x0f\x83\x1c\x08\xc3",
- .clen = 16,
- }, {
- .key = "\xe4\x25\xcd\xfa\x80\xdd\x46\xde"
- "\x07\xd1\x90\x8b\xcf\x23\x15\x31",
- .klen = 16,
- .iv = "\xf3\xee\x5c\x62\xc4\x7c\xf0\x65"
- "\x27\x08\xbd\xaf\xce\xec\x45\xb3",
- .assoc = "\x02\xb8\xea\xca\x09\x1b\x9a\xec"
- "\x47\x3e\xe9\xd4\xcc\xb5\x76\x34"
- "\xe8\x73\x62\x64\xab\x50\xd0\xda"
- "\x6b\x83\x66\xaf\x3e\x27\xc9",
- .alen = 31,
- .ptext = "",
- .plen = 0,
- .ctext = "\x5b\xc0\x8d\x54\xe4\xec\xbe\x38"
- "\x03\x12\xf9\xcc\x9e\x46\x42\x92",
- .clen = 16,
- }, {
- .key = "\x20\x4a\x07\x99\x91\x58\xee\xfa"
- "\x88\xab\x42\x1c\xc9\x47\xd7\x38",
- .klen = 16,
- .iv = "\x2f\x13\x95\x01\xd5\xf7\x99\x81"
- "\xa8\xe2\x6f\x41\xc8\x10\x08\xb9",
- .assoc = "\x3f\xdc\x24\x69\x19\x96\x43\x08"
- "\xc8\x18\x9b\x65\xc6\xd9\x39\x3b"
- "\x12\x35\x6e\xe8\xb0\xf0\x52\xf3"
- "\x2d\xb0\x45\x87\x18\x86\x68\xf6",
- .alen = 32,
- .ptext = "",
- .plen = 0,
- .ctext = "\x48\xc5\xc3\x4c\x40\x2e\x2f\xc2"
- "\x6d\x65\xe0\x67\x9c\x1d\xa0\xf0",
- .clen = 16,
- }, {
- .key = "\x5d\x6f\x41\x39\xa1\xd4\x97\x16"
- "\x09\x85\xf4\xae\xc3\x6b\x9a\x3e",
- .klen = 16,
- .iv = "\x6c\x38\xcf\xa1\xe5\x73\x41\x9d"
- "\x29\xbc\x21\xd2\xc2\x35\xcb\xbf",
- .assoc = "\x7b\x01\x5d\x08\x29\x12\xec\x24"
- "\x49\xf3\x4d\xf7\xc0\xfe\xfb\x41"
- "\x3c\xf8\x79\x6c\xb6\x90\xd4\x0d"
- "\xee\xde\x23\x60\xf2\xe5\x08\xcc"
- "\x97",
- .alen = 33,
- .ptext = "",
- .plen = 0,
- .ctext = "\x28\x64\x78\x51\x55\xd8\x56\x4a"
- "\x58\x3e\xf7\xbe\xee\x21\xfe\x94",
- .clen = 16,
- }, {
- .key = "\x99\x93\x7a\xd8\xb1\x50\x40\x31"
- "\x8a\x60\xa6\x3f\xbd\x90\x5d\x44",
- .klen = 16,
- .iv = "\xa8\x5c\x09\x40\xf5\xef\xea\xb8"
- "\xaa\x96\xd3\x64\xbc\x59\x8d\xc6",
- .assoc = "\xb8\x26\x97\xa8\x39\x8e\x94\x3f"
- "\xca\xcd\xff\x88\xba\x22\xbe\x47"
- "\x67\xba\x85\xf1\xbb\x30\x56\x26"
- "\xaf\x0b\x02\x38\xcc\x44\xa7\xa3"
- "\xa6\xbf\x31\x93\x60\xcd\xda\x63"
- "\x2c\xb1\xaa\x19\xc8\x19\xf8\xeb"
- "\x03\xa1\xe8\xbe\x37\x54\xec\xa2"
- "\xcd\x2c\x45\x58\xbd\x8e\x80",
- .alen = 63,
- .ptext = "",
- .plen = 0,
- .ctext = "\xb3\xa6\x00\x4e\x09\x20\xac\x21"
- "\x77\x72\x69\x76\x2d\x36\xe5\xc8",
- .clen = 16,
- }, {
- .key = "\xd6\xb8\xb4\x77\xc1\xcb\xe9\x4d"
- "\x0a\x3a\x58\xd1\xb7\xb4\x1f\x4a",
- .klen = 16,
- .iv = "\xe5\x81\x42\xdf\x05\x6a\x93\xd4"
- "\x2b\x70\x85\xf5\xb6\x7d\x50\xcc",
- .assoc = "\xf4\x4a\xd1\x47\x49\x09\x3d\x5b"
- "\x4b\xa7\xb1\x19\xb4\x46\x81\x4d"
- "\x91\x7c\x91\x75\xc0\xd0\xd8\x40"
- "\x71\x39\xe1\x10\xa6\xa3\x46\x7a"
- "\xb4\x6b\x35\xc2\xc1\xdf\xed\x60"
- "\x46\xc1\x3e\x7f\x8c\xc2\x0e\x7a"
- "\x30\x08\xd0\x5f\xa0\xaa\x0c\x6d"
- "\x9c\x2f\xdb\x97\xb8\x15\x69\x01",
- .alen = 64,
- .ptext = "",
- .plen = 0,
- .ctext = "\x65\x33\x7b\xa1\x63\xf4\x20\xdd"
- "\xe4\xb9\x4a\xaa\x9a\x21\xaa\x14",
- .clen = 16,
- }, {
- .key = "\x12\xdd\xee\x17\xd1\x47\x92\x69"
- "\x8b\x14\x0a\x62\xb1\xd9\xe2\x50",
- .klen = 16,
- .iv = "\x22\xa6\x7c\x7f\x15\xe6\x3c\xf0"
- "\xac\x4b\x37\x86\xb0\xa2\x13\xd2",
- .assoc = "\x31",
- .alen = 1,
- .ptext = "\x40",
- .plen = 1,
- .ctext = "\x1d\x47\x17\x34\x86\xf5\x54\x1a"
- "\x6d\x28\xb8\x5d\x6c\xcf\xa0\xb9"
- "\xbf",
- .clen = 17,
- }, {
- .key = "\x4f\x01\x27\xb6\xe1\xc3\x3a\x85"
- "\x0c\xee\xbc\xf4\xab\xfd\xa5\x57",
- .klen = 16,
- .iv = "\x5e\xcb\xb6\x1e\x25\x62\xe4\x0c"
- "\x2d\x25\xe9\x18\xaa\xc6\xd5\xd8",
- .assoc = "\x6d\x94\x44\x86\x69\x00\x8f\x93"
- "\x4d\x5b\x15\x3c\xa8\x8f\x06\x5a"
- "\xe6\x01\xa8\x7e\xca\x10\xdc\x73"
- "\xf4\x94\x9f\xc1\x5a\x61\x85",
- .alen = 31,
- .ptext = "\x7c\x5d\xd3\xee\xad\x9f\x39\x1a"
- "\x6d\x92\x42\x61\xa7\x58\x37\xdb"
- "\xb0\xb2\x2b\x9f\x0b\xb8\xbd\x7a"
- "\x24\xa0\xd6\xb7\x11\x79\x6c",
- .plen = 31,
- .ctext = "\x78\x90\x52\xae\x0f\xf7\x2e\xef"
- "\x63\x09\x08\x58\xb5\x56\xbd\x72"
- "\x6e\x42\xcf\x27\x04\x7c\xdb\x92"
- "\x18\xe9\xa4\x33\x90\xba\x62\xb5"
- "\x70\xd3\x88\x9b\x4f\x05\xa7\x51"
- "\x85\x87\x17\x09\x42\xed\x4e",
- .clen = 47,
- }, {
- .key = "\x8b\x26\x61\x55\xf1\x3e\xe3\xa1"
- "\x8d\xc8\x6e\x85\xa5\x21\x67\x5d",
- .klen = 16,
- .iv = "\x9b\xef\xf0\xbd\x35\xdd\x8d\x28"
- "\xad\xff\x9b\xa9\xa4\xeb\x98\xdf",
- .assoc = "\xaa\xb8\x7e\x25\x79\x7c\x37\xaf"
- "\xce\x36\xc7\xce\xa2\xb4\xc9\x60"
- "\x10\xc3\xb3\x02\xcf\xb0\x5e\x8d"
- "\xb5\xc2\x7e\x9a\x35\xc0\x24\xfd",
- .alen = 32,
- .ptext = "\xb9\x82\x0c\x8d\xbd\x1b\xe2\x36"
- "\xee\x6c\xf4\xf2\xa1\x7d\xf9\xe2"
- "\xdb\x74\x36\x23\x11\x58\x3f\x93"
- "\xe5\xcd\xb5\x90\xeb\xd8\x0c\xb3",
- .plen = 32,
- .ctext = "\x1d\x2c\x57\xe0\x50\x38\x3d\x41"
- "\x2e\x71\xc8\x3b\x92\x43\x58\xaf"
- "\x5a\xfb\xad\x8f\xd9\xd5\x8a\x5e"
- "\xdb\xf3\xcd\x3a\x2b\xe1\x2c\x1a"
- "\xb0\xed\xe3\x0c\x6e\xf9\xf2\xd6"
- "\x90\xe6\xb1\x0e\xa5\x8a\xac\xb7",
- .clen = 48,
- }, {
- .key = "\xc8\x4b\x9b\xf5\x01\xba\x8c\xbd"
- "\x0e\xa3\x21\x16\x9f\x46\x2a\x63",
- .klen = 16,
- .iv = "\xd7\x14\x29\x5d\x45\x59\x36\x44"
- "\x2e\xd9\x4d\x3b\x9e\x0f\x5b\xe5",
- .assoc = "\xe6\xdd\xb8\xc4\x89\xf8\xe0\xca"
- "\x4f\x10\x7a\x5f\x9c\xd8\x8b\x66"
- "\x3b\x86\xbf\x86\xd4\x50\xe0\xa7"
- "\x76\xef\x5c\x72\x0f\x1f\xc3\xd4"
- "\xee",
- .alen = 33,
- .ptext = "\xf5\xa6\x46\x2c\xce\x97\x8a\x51"
- "\x6f\x46\xa6\x83\x9b\xa1\xbc\xe8"
- "\x05\x36\x42\xa7\x16\xf8\xc1\xad"
- "\xa7\xfb\x94\x68\xc5\x37\xab\x8a"
- "\x72",
- .plen = 33,
- .ctext = "\x59\x10\x84\x1c\x83\x4c\x8b\xfc"
- "\xfd\x2e\x4b\x46\x84\xff\x78\x4e"
- "\x50\xda\x5c\xb9\x61\x1d\xf5\xb9"
- "\xfe\xbb\x7f\xae\x8c\xc1\x24\xbd"
- "\x8c\x6f\x1f\x9b\xce\xc6\xc1\x37"
- "\x08\x06\x5a\xe5\x96\x10\x95\xc2"
- "\x5e",
- .clen = 49,
- }, {
- .key = "\x05\x70\xd5\x94\x12\x36\x35\xd8"
- "\x8f\x7d\xd3\xa8\x99\x6a\xed\x69",
- .klen = 16,
- .iv = "\x14\x39\x63\xfc\x56\xd5\xdf\x5f"
- "\xaf\xb3\xff\xcc\x98\x33\x1d\xeb",
- .assoc = "\x23\x02\xf1\x64\x9a\x73\x89\xe6"
- "\xd0\xea\x2c\xf1\x96\xfc\x4e\x6d"
- "\x65\x48\xcb\x0a\xda\xf0\x62\xc0"
- "\x38\x1d\x3b\x4a\xe9\x7e\x62\xaa"
- "\xfd\xc9\x4a\xa9\xa9\x39\x4b\x54"
- "\xc8\x0e\x24\x7f\x5e\x10\x7a\x45"
- "\x10\x0b\x56\x85\xad\x54\xaa\x66"
- "\xa8\x43\xcd\xd4\x9b\xb7\xfa",
- .alen = 63,
- .ptext = "\x32\xcb\x80\xcc\xde\x12\x33\x6d"
- "\xf0\x20\x58\x15\x95\xc6\x7f\xee"
- "\x2f\xf9\x4e\x2c\x1b\x98\x43\xc7"
- "\x68\x28\x73\x40\x9f\x96\x4a\x60"
- "\x80\xf4\x4b\xf4\xc1\x3d\xd0\x93"
- "\xcf\x12\xc9\x59\x8f\x7a\x7f\xa8"
- "\x1b\xa5\x50\xed\x87\xa9\x72\x59"
- "\x9c\x44\xb2\xa4\x99\x98\x34",
- .plen = 63,
- .ctext = "\x9a\x12\xbc\xdf\x72\xa8\x56\x22"
- "\x49\x2d\x07\x92\xfc\x3d\x6d\x5f"
- "\xef\x36\x19\xae\x91\xfa\xd6\x63"
- "\x46\xea\x8a\x39\x14\x21\xa6\x37"
- "\x18\xfc\x97\x3e\x16\xa5\x4d\x39"
- "\x45\x2e\x69\xcc\x9c\x5f\xdf\x6d"
- "\x5e\xa2\xbf\xac\x83\x32\x72\x52"
- "\x58\x58\x23\x40\xfd\xa5\xc2\xe6"
- "\xe9\x5a\x50\x98\x00\x58\xc9\x86"
- "\x4f\x20\x37\xdb\x7b\x22\xa3",
- .clen = 79,
- }, {
- .key = "\x41\x94\x0e\x33\x22\xb1\xdd\xf4"
- "\x10\x57\x85\x39\x93\x8f\xaf\x70",
- .klen = 16,
- .iv = "\x50\x5d\x9d\x9b\x66\x50\x88\x7b"
- "\x30\x8e\xb1\x5e\x92\x58\xe0\xf1",
- .assoc = "\x5f\x27\x2b\x03\xaa\xef\x32\x02"
- "\x50\xc4\xde\x82\x90\x21\x11\x73"
- "\x8f\x0a\xd6\x8f\xdf\x90\xe4\xda"
- "\xf9\x4a\x1a\x23\xc3\xdd\x02\x81"
- "\x0b\x76\x4f\xd7\x0a\x4b\x5e\x51"
- "\xe3\x1d\xb9\xe5\x21\xb9\x8f\xd4"
- "\x3d\x72\x3e\x26\x16\xa9\xca\x32"
- "\x77\x47\x63\x14\x95\x3d\xe4\x34",
- .alen = 64,
- .ptext = "\x6e\xf0\xba\x6b\xee\x8e\xdc\x89"
- "\x71\xfb\x0a\xa6\x8f\xea\x41\xf4"
- "\x5a\xbb\x59\xb0\x20\x38\xc5\xe0"
- "\x29\x56\x52\x19\x79\xf5\xe9\x37"
- "\x8f\xa1\x50\x23\x22\x4f\xe3\x91"
- "\xe9\x21\x5e\xbf\x52\x23\x95\x37"
- "\x48\x0c\x38\x8f\xf0\xff\x92\x24"
- "\x6b\x47\x49\xe3\x94\x1f\x1e\x01",
- .plen = 64,
- .ctext = "\xe6\xeb\x92\x5a\x5b\xf0\x2d\xbb"
- "\x23\xec\x35\xe3\xae\xc9\xfb\x0b"
- "\x90\x14\x46\xeb\xa8\x8d\xb0\x9b"
- "\x39\xda\x8b\x48\xec\xb2\x00\x4e"
- "\x80\x6f\x46\x4f\x9b\x1e\xbb\x35"
- "\xea\x5a\xbc\xa2\x36\xa5\x89\x45"
- "\xc2\xd6\xd7\x15\x0b\xf6\x6c\x56"
- "\xec\x99\x7d\x61\xb3\x15\x93\xed"
- "\x83\x1e\xd9\x48\x84\x0b\x37\xfe"
- "\x95\x74\x44\xd5\x54\xa6\x27\x06",
- .clen = 80,
- }, {
- .key = "\x7e\xb9\x48\xd3\x32\x2d\x86\x10"
- "\x91\x31\x37\xcb\x8d\xb3\x72\x76",
- .klen = 16,
- .iv = "\x8d\x82\xd6\x3b\x76\xcc\x30\x97"
- "\xb1\x68\x63\xef\x8c\x7c\xa3\xf7",
- .assoc = "\x9c\x4b\x65\xa2\xba\x6b\xdb\x1e"
- "\xd1\x9e\x90\x13\x8a\x45\xd3\x79"
- "\xba\xcd\xe2\x13\xe4\x30\x66\xf4"
- "\xba\x78\xf9\xfb\x9d\x3c\xa1\x58"
- "\x1a\x22\x53\x05\x6b\x5c\x71\x4f"
- "\xfd\x2d\x4d\x4c\xe5\x62\xa5\x63"
- "\x6a\xda\x26\xc8\x7f\xff\xea\xfd"
- "\x46\x4a\xfa\x53\x8f\xc4\xcd\x68"
- "\x58",
- .alen = 65,
- .ptext = "\xab\x14\xf3\x0a\xfe\x0a\x85\xa5"
- "\xf2\xd5\xbc\x38\x89\x0e\x04\xfb"
- "\x84\x7d\x65\x34\x25\xd8\x47\xfa"
- "\xeb\x83\x31\xf1\x54\x54\x89\x0d"
- "\x9d\x4d\x54\x51\x84\x61\xf6\x8e"
- "\x03\x31\xf2\x25\x16\xcc\xaa\xc6"
- "\x75\x73\x20\x30\x59\x54\xb2\xf0"
- "\x3a\x4b\xe0\x23\x8e\xa6\x08\x35"
- "\x8a\xdf\x27\xa0\xe4\x60\x99\xae"
- "\x8e\x43\xd9\x39\x7b\x10\x40\x67"
- "\x5c\x7e\xc9\x70\x63\x34\xca\x59"
- "\xfe\x86\xbc\xb7\x9c\x39\xf3\x6d"
- "\x6a\x41\x64\x6f\x16\x7f\x65\x7e"
- "\x89\x84\x68\xeb\xb0\x51\xbe\x55"
- "\x33\x16\x59\x6c\x3b\xef\x88\xad"
- "\x2f\xab\xbc\x25\x76\x87\x41\x2f"
- "\x36",
- .plen = 129,
- .ctext = "\x89\x24\x27\x86\xdc\xd7\x6b\xd9"
- "\xd1\xcd\xdc\x16\xdd\x2c\xc1\xfb"
- "\x52\xb5\xb3\xab\x50\x99\x3f\xa0"
- "\x38\xa4\x74\xa5\x04\x15\x63\x05"
- "\x8f\x54\x81\x06\x5a\x6b\xa4\x63"
- "\x6d\xa7\x21\xcb\xff\x42\x30\x8e"
- "\x3b\xd1\xca\x3f\x4b\x1a\xb8\xc3"
- "\x42\x01\xe6\xbc\x75\x15\x87\xee"
- "\xc9\x8e\x65\x01\xd9\xd8\xb5\x9f"
- "\x48\x86\xa6\x5f\x2c\xc7\xb5\xb0"
- "\xed\x5d\x14\x7c\x3f\x40\xb1\x0b"
- "\x72\xef\x94\x8d\x7a\x85\x56\xe5"
- "\x56\x08\x15\x56\xba\xaf\xbd\xf0"
- "\x20\xef\xa0\xf6\xa9\xad\xa2\xc9"
- "\x1c\x3b\x28\x51\x7e\x77\xb2\x18"
- "\x4f\x61\x64\x37\x22\x36\x6d\x78"
- "\xed\xed\x35\xe8\x83\xa5\xec\x25"
- "\x6b\xff\x5f\x1a\x09\x96\x3d\xdc"
- "\x20",
- .clen = 145,
- }, {
- .key = "\xba\xde\x82\x72\x42\xa9\x2f\x2c"
- "\x12\x0b\xe9\x5c\x87\xd7\x35\x7c",
- .klen = 16,
- .iv = "\xc9\xa7\x10\xda\x86\x48\xd9\xb3"
- "\x32\x42\x15\x80\x85\xa1\x65\xfe",
- .assoc = "\xd8\x70\x9f\x42\xca\xe6\x83\x3a"
- "\x52\x79\x42\xa5\x84\x6a\x96\x7f"
- "\xe4\x8f\xed\x97\xe9\xd0\xe8\x0d"
- "\x7c\xa6\xd8\xd4\x77\x9b\x40\x2e"
- "\x28\xce\x57\x34\xcd\x6e\x84\x4c"
- "\x17\x3c\xe1\xb2\xa8\x0b\xbb\xf1"
- "\x96\x41\x0d\x69\xe8\x54\x0a\xc8"
- "\x15\x4e\x91\x92\x89\x4b\xb7\x9b"
- "\x21\xf7\x42\x89\xac\x12\x2a\x54"
- "\x69\xee\x18\xc7\x8d\xed\xe8\xfd"
- "\xbb\x04\x28\xe6\x8a\x3c\x98\xc1"
- "\x04\x2d\xa9\xa1\x24\x83\xff\xe9"
- "\x55\x7a\xf0\xd1\xf6\x63\x05\xe1"
- "\xd9\x1e\x75\x72\xc1\x9f\xae\x32"
- "\xe1\x6b\xcd\x9e\x61\x19\x23\x86"
- "\xd9\xd2\xaf\x8e\xd5\xd3\xa8\xa9"
- "\x51",
- .alen = 129,
- .ptext = "\xe8\x39\x2d\xaa\x0e\x85\x2d\xc1"
- "\x72\xaf\x6e\xc9\x82\x33\xc7\x01"
- "\xaf\x40\x70\xb8\x2a\x78\xc9\x14"
- "\xac\xb1\x10\xca\x2e\xb3\x28\xe4"
- "\xac\xfa\x58\x7f\xe5\x73\x09\x8c"
- "\x1d\x40\x87\x8c\xd9\x75\xc0\x55"
- "\xa2\xda\x07\xd1\xc2\xa9\xd1\xbb"
- "\x09\x4f\x77\x62\x88\x2d\xf2\x68"
- "\x54",
- .plen = 65,
- .ctext = "\x36\x78\xb9\x22\xde\x62\x35\x55"
- "\x1a\x7a\xf5\x45\xbc\xd7\x15\x82"
- "\x01\xe9\x5a\x07\xea\x46\xaf\x91"
- "\xcb\x73\xa5\xee\xe1\xb4\xbf\xc2"
- "\xdb\xd2\x9d\x59\xde\xfc\x83\x00"
- "\xf5\x46\xac\x97\xd5\x57\xa9\xb9"
- "\x1f\x8c\xe8\xca\x68\x8b\x91\x0c"
- "\x01\xbe\x0a\xaf\x7c\xf6\x67\xa4"
- "\xbf\xbc\x88\x3f\x5d\xd1\xf9\x19"
- "\x0f\x9d\xb2\xaf\xb9\x6e\x17\xdf"
- "\xa2",
- .clen = 81,
- }, {
- .key = "\xf7\x02\xbb\x11\x52\x24\xd8\x48"
- "\x93\xe6\x9b\xee\x81\xfc\xf7\x82",
- .klen = 16,
- .iv = "\x06\xcc\x4a\x79\x96\xc3\x82\xcf"
- "\xb3\x1c\xc7\x12\x7f\xc5\x28\x04",
- .assoc = "\x15\x95\xd8\xe1\xda\x62\x2c\x56"
- "\xd3\x53\xf4\x36\x7e\x8e\x59\x85"
- "\x0e\x51\xf9\x1c\xee\x70\x6a\x27"
- "\x3d\xd3\xb7\xac\x51\xfa\xdf\x05",
- .alen = 32,
- .ptext = "\x24\x5e\x67\x49\x1e\x01\xd6\xdd"
- "\xf3\x89\x20\x5b\x7c\x57\x89\x07"
- "\xd9\x02\x7c\x3d\x2f\x18\x4b\x2d"
- "\x6e\xde\xee\xa2\x08\x12\xc7\xba",
- .plen = 32,
- .ctext = "\x08\x1b\x95\x0e\x41\x95\x02\x4b"
- "\x9c\xbb\xa8\xd0\x7c\xd3\x44\x6e"
- "\x89\x14\x33\x70\x0a\xbc\xea\x39"
- "\x88\xaa\x2b\xd5\x73\x11\x55\xf5"
- "\x33\x33\x9c\xd7\x42\x34\x49\x8e"
- "\x2f\x03\x30\x05\x47\xaf\x34",
- .clen = 47,
- }, {
- .key = "\x33\x27\xf5\xb1\x62\xa0\x80\x63"
- "\x14\xc0\x4d\x7f\x7b\x20\xba\x89",
- .klen = 16,
- .iv = "\x42\xf0\x84\x19\xa6\x3f\x2b\xea"
- "\x34\xf6\x79\xa3\x79\xe9\xeb\x0a",
- .assoc = "\x51\xb9\x12\x80\xea\xde\xd5\x71"
- "\x54\x2d\xa6\xc8\x78\xb2\x1b\x8c"
- "\x39\x14\x05\xa0\xf3\x10\xec\x41"
- "\xff\x01\x95\x84\x2b\x59\x7f\xdb",
- .alen = 32,
- .ptext = "\x61\x83\xa0\xe8\x2e\x7d\x7f\xf8"
- "\x74\x63\xd2\xec\x76\x7c\x4c\x0d"
- "\x03\xc4\x88\xc1\x35\xb8\xcd\x47"
- "\x2f\x0c\xcd\x7a\xe2\x71\x66\x91",
- .plen = 32,
- .ctext = "\x97\xca\xf4\xe0\x8d\x89\xbf\x68"
- "\x0c\x60\xb9\x27\xdf\xaa\x41\xc6"
- "\x25\xd8\xf7\x1f\x10\x15\x48\x61"
- "\x4c\x95\x00\xdf\x51\x9b\x7f\xe6"
- "\x24\x40\x9e\xbe\x3b\xeb\x1b\x98"
- "\xb9\x9c\xe5\xef\xf2\x05",
- .clen = 46,
- }, {
- .key = "\x70\x4c\x2f\x50\x72\x1c\x29\x7f"
- "\x95\x9a\xff\x10\x75\x45\x7d\x8f",
- .klen = 16,
- .iv = "\x7f\x15\xbd\xb8\xb6\xba\xd3\x06"
- "\xb5\xd1\x2b\x35\x73\x0e\xad\x10",
- .assoc = "\x8e\xde\x4c\x20\xfa\x59\x7e\x8d"
- "\xd5\x07\x58\x59\x72\xd7\xde\x92"
- "\x63\xd6\x10\x24\xf8\xb0\x6e\x5a"
- "\xc0\x2e\x74\x5d\x06\xb8\x1e\xb2",
- .alen = 32,
- .ptext = "\x9d\xa7\xda\x88\x3e\xf8\x28\x14"
- "\xf5\x3e\x85\x7d\x70\xa0\x0f\x13"
- "\x2e\x86\x93\x45\x3a\x58\x4f\x61"
- "\xf0\x3a\xac\x53\xbc\xd0\x06\x68",
- .plen = 32,
- .ctext = "\x63\x4c\x2a\x8e\xb4\x6b\x63\x0d"
- "\xb5\xec\x9b\x4e\x12\x23\xa3\xcf"
- "\x1a\x5a\x70\x15\x5a\x10\x40\x51"
- "\xca\x47\x4c\x9d\xc9\x97\xf4\x77"
- "\xdb\xc8\x10\x2d\xdc\x65\x20\x3f",
- .clen = 40,
- }, {
- .key = "\xac\x70\x69\xef\x82\x97\xd2\x9b"
- "\x15\x74\xb1\xa2\x6f\x69\x3f\x95",
- .klen = 16,
- .iv = "\xbb\x3a\xf7\x57\xc6\x36\x7c\x22"
- "\x36\xab\xde\xc6\x6d\x32\x70\x17",
- .assoc = "\xcb\x03\x85\xbf\x0a\xd5\x26\xa9"
- "\x56\xe1\x0a\xeb\x6c\xfb\xa1\x98"
- "\x8d\x98\x1c\xa8\xfe\x50\xf0\x74"
- "\x81\x5c\x53\x35\xe0\x17\xbd\x88",
- .alen = 32,
- .ptext = "\xda\xcc\x14\x27\x4e\x74\xd1\x30"
- "\x76\x18\x37\x0f\x6a\xc4\xd1\x1a"
- "\x58\x49\x9f\xc9\x3f\xf8\xd1\x7a"
- "\xb2\x67\x8b\x2b\x96\x2f\xa5\x3e",
- .plen = 32,
- .ctext = "\xf1\x62\x44\xc7\x5f\x19\xca\x43"
- "\x47\x2c\xaf\x68\x82\xbd\x51\xef"
- "\x3d\x65\xd8\x45\x2d\x06\x07\x78"
- "\x08\x2e\xb3\x23\xcd\x81\x12\x55"
- "\x1a",
- .clen = 33,
- }, {
- .key = "\xe9\x95\xa2\x8f\x93\x13\x7b\xb7"
- "\x96\x4e\x63\x33\x69\x8d\x02\x9b"
- "\x23\xf9\x22\xeb\x80\xa0\xb1\x81"
- "\xe2\x73\xc3\x21\x4d\x47\x8d\xf4",
- .klen = 32,
- .iv = "\xf8\x5e\x31\xf7\xd7\xb2\x25\x3e"
- "\xb7\x85\x90\x58\x67\x57\x33\x1d",
- .assoc = "",
- .alen = 0,
- .ptext = "",
- .plen = 0,
- .ctext = "\xdf\x2f\x83\xc0\x45\x4a\x2c\xcf"
- "\xb9\xd2\x41\xf6\x80\xa1\x52\x70",
- .clen = 16,
- }, {
- .key = "\x25\xba\xdc\x2e\xa3\x8f\x24\xd3"
- "\x17\x29\x15\xc5\x63\xb2\xc5\xa1"
- "\x4d\xbc\x2d\x6f\x85\x40\x33\x9a"
- "\xa3\xa0\xa1\xfa\x27\xa6\x2c\xca",
- .klen = 32,
- .iv = "\x34\x83\x6a\x96\xe7\x2d\xce\x5a"
- "\x38\x5f\x42\xe9\x61\x7b\xf5\x23",
- .assoc = "",
- .alen = 0,
- .ptext = "\x53",
- .plen = 1,
- .ctext = "\x01\xd8\x55\x3c\xc0\x5a\x4b\xc7"
- "\x01\xf4\x08\xe3\x0d\xf7\xf0\x78"
- "\x53",
- .clen = 17,
- }, {
- .key = "\x62\xdf\x16\xcd\xb3\x0a\xcc\xef"
- "\x98\x03\xc7\x56\x5d\xd6\x87\xa8"
- "\x77\x7e\x39\xf3\x8a\xe0\xb5\xb4"
- "\x65\xce\x80\xd2\x01\x05\xcb\xa1",
- .klen = 32,
- .iv = "\x71\xa8\xa4\x35\xf7\xa9\x76\x75"
- "\xb8\x39\xf4\x7a\x5b\x9f\xb8\x29",
- .assoc = "",
- .alen = 0,
- .ptext = "\x8f\x3a\xc1\x05\x7f\xe7\xcb\x83"
- "\xf9\xa6\x4d\xc3\x58\x31\x19\x2c"
- "\xd7\x90\xc2\x56\x4e\xd8\x57\xc7"
- "\xf6\xf0\x27\xb4\x25\x4c\x83",
- .plen = 31,
- .ctext = "\xc2\x4b\x41\x0f\x2d\xb9\x62\x07"
- "\xff\x8e\x74\xf8\xa1\xa6\xd5\x37"
- "\xa5\x64\x31\x5c\xca\x73\x9b\x43"
- "\xe6\x70\x63\x46\x95\xcb\xf7\xb5"
- "\x20\x8c\x75\x7a\x2a\x17\x2f\xa9"
- "\xb8\x4d\x11\x42\xd1\xf8\xf1",
- .clen = 47,
- }, {
- .key = "\x9e\x03\x4f\x6d\xc3\x86\x75\x0a"
- "\x19\xdd\x79\xe8\x57\xfb\x4a\xae"
- "\xa2\x40\x45\x77\x90\x80\x37\xce"
- "\x26\xfb\x5f\xaa\xdb\x64\x6b\x77",
- .klen = 32,
- .iv = "\xae\xcc\xde\xd5\x07\x25\x1f\x91"
- "\x39\x14\xa6\x0c\x55\xc4\x7b\x30",
- .assoc = "",
- .alen = 0,
- .ptext = "\xcc\x5f\xfb\xa4\x8f\x63\x74\x9f"
- "\x7a\x81\xff\x55\x52\x56\xdc\x33"
- "\x01\x52\xcd\xdb\x53\x78\xd9\xe1"
- "\xb7\x1d\x06\x8d\xff\xab\x22\x98",
- .plen = 32,
- .ctext = "\xbb\x01\x7c\xd1\x2c\x33\x7b\x37"
- "\x0a\xee\xc4\x30\x19\xd7\x3a\x6f"
- "\xf8\x2b\x67\xf5\x3b\x84\x87\x2a"
- "\xfb\x07\x7a\x82\xb5\xe4\x85\x26"
- "\x1e\xa8\xe5\x04\x54\xce\xe5\x5f"
- "\xb5\x3f\xc1\xd5\x7f\xbd\xd2\xa6",
- .clen = 48,
- }, {
- .key = "\xdb\x28\x89\x0c\xd3\x01\x1e\x26"
- "\x9a\xb7\x2b\x79\x51\x1f\x0d\xb4"
- "\xcc\x03\x50\xfc\x95\x20\xb9\xe7"
- "\xe8\x29\x3e\x83\xb5\xc3\x0a\x4e",
- .klen = 32,
- .iv = "\xea\xf1\x18\x74\x17\xa0\xc8\xad"
- "\xba\xee\x58\x9d\x4f\xe8\x3d\x36",
- .assoc = "",
- .alen = 0,
- .ptext = "\x08\x84\x34\x44\x9f\xde\x1c\xbb"
- "\xfb\x5b\xb1\xe6\x4c\x7a\x9f\x39"
- "\x2c\x14\xd9\x5f\x59\x18\x5b\xfb"
- "\x79\x4b\xe5\x65\xd9\x0a\xc1\x6f"
- "\x2e",
- .plen = 33,
- .ctext = "\xc2\xf4\x40\x55\xf9\x59\xff\x73"
- "\x08\xf5\x98\x92\x0c\x7b\x35\x9a"
- "\xa8\xf4\x42\x7e\x6f\x93\xca\x22"
- "\x23\x06\x1e\xf8\x89\x22\xf4\x46"
- "\x7c\x7c\x67\x75\xab\xe5\x75\xaa"
- "\x15\xd7\x83\x19\xfd\x31\x59\x5b"
- "\x32",
- .clen = 49,
- }, {
- .key = "\x17\x4d\xc3\xab\xe3\x7d\xc7\x42"
- "\x1b\x91\xdd\x0a\x4b\x43\xcf\xba"
- "\xf6\xc5\x5c\x80\x9a\xc0\x3b\x01"
- "\xa9\x56\x1d\x5b\x8f\x22\xa9\x25",
- .klen = 32,
- .iv = "\x27\x16\x51\x13\x27\x1c\x71\xc9"
- "\x3b\xc8\x0a\x2f\x49\x0c\x00\x3c",
- .assoc = "",
- .alen = 0,
- .ptext = "\x45\xa8\x6e\xe3\xaf\x5a\xc5\xd7"
- "\x7c\x35\x63\x77\x46\x9f\x61\x3f"
- "\x56\xd7\xe4\xe3\x5e\xb8\xdc\x14"
- "\x3a\x79\xc4\x3e\xb3\x69\x61\x46"
- "\x3c\xb6\x83\x4e\xb4\x26\xc7\x73"
- "\x22\xda\x52\x8b\x7d\x11\x98\xea"
- "\x62\xe1\x14\x1e\xdc\xfe\x0f\xad"
- "\x20\x76\x5a\xdc\x4e\x71\x13",
- .plen = 63,
- .ctext = "\xc9\x82\x3b\x4b\x87\x84\xa5\xdb"
- "\xa0\x8c\xd3\x3e\x7f\x8d\xe8\x28"
- "\x2a\xdc\xfa\x01\x84\x87\x9a\x70"
- "\x81\x75\x37\x0a\xd2\x75\xa9\xb6"
- "\x21\x72\xee\x7e\x65\x95\xe5\xcc"
- "\x01\xb7\x39\xa6\x51\x15\xca\xff"
- "\x61\xdc\x97\x38\xcc\xf4\xca\xc7"
- "\x83\x9b\x05\x11\x72\x60\xf0\xb4"
- "\x7e\x06\xab\x0a\xc0\xbb\x59\x23"
- "\xaa\x2d\xfc\x4e\x35\x05\x59",
- .clen = 79,
- }, {
- .key = "\x54\x71\xfd\x4b\xf3\xf9\x6f\x5e"
- "\x9c\x6c\x8f\x9c\x45\x68\x92\xc1"
- "\x21\x87\x67\x04\x9f\x60\xbd\x1b"
- "\x6a\x84\xfc\x34\x6a\x81\x48\xfb",
- .klen = 32,
- .iv = "\x63\x3b\x8b\xb3\x37\x98\x1a\xe5"
- "\xbc\xa2\xbc\xc0\x43\x31\xc2\x42",
- .assoc = "",
- .alen = 0,
- .ptext = "\x81\xcd\xa8\x82\xbf\xd6\x6e\xf3"
- "\xfd\x0f\x15\x09\x40\xc3\x24\x45"
- "\x81\x99\xf0\x67\x63\x58\x5e\x2e"
- "\xfb\xa6\xa3\x16\x8d\xc8\x00\x1c"
- "\x4b\x62\x87\x7c\x15\x38\xda\x70"
- "\x3d\xea\xe7\xf2\x40\xba\xae\x79"
- "\x8f\x48\xfc\xbf\x45\x53\x2e\x78"
- "\xef\x79\xf0\x1b\x49\xf7\xfd\x9c",
- .plen = 64,
- .ctext = "\x11\x7c\x7d\xef\xce\x29\x95\xec"
- "\x7e\x9f\x42\xa6\x26\x07\xa1\x75"
- "\x2f\x4e\x09\x9a\xf6\x6b\xc2\xfa"
- "\x0d\xd0\x17\xdc\x25\x1e\x9b\xdc"
- "\x5f\x8c\x1c\x60\x15\x4f\x9b\x20"
- "\x7b\xff\xcd\x82\x60\x84\xf4\xa5"
- "\x20\x9a\x05\x19\x5b\x02\x0a\x72"
- "\x43\x11\x26\x58\xcf\xc5\x41\xcf"
- "\x13\xcc\xde\x32\x92\xfa\x86\xf2"
- "\xaf\x16\xe8\x8f\xca\xb6\xfd\x54",
- .clen = 80,
- }, {
- .key = "\x90\x96\x36\xea\x03\x74\x18\x7a"
- "\x1d\x46\x42\x2d\x3f\x8c\x54\xc7"
- "\x4b\x4a\x73\x89\xa4\x00\x3f\x34"
- "\x2c\xb1\xdb\x0c\x44\xe0\xe8\xd2",
- .klen = 32,
- .iv = "\xa0\x5f\xc5\x52\x47\x13\xc2\x01"
- "\x3d\x7c\x6e\x52\x3d\x55\x85\x48",
- .assoc = "\xaf",
- .alen = 1,
- .ptext = "",
- .plen = 0,
- .ctext = "\x9b\xc5\x3b\x20\x0a\x88\x56\xbe"
- "\x69\xdf\xc4\xc4\x02\x46\x3a\xf0",
- .clen = 16,
- }, {
- .key = "\xcd\xbb\x70\x89\x13\xf0\xc1\x95"
- "\x9e\x20\xf4\xbf\x39\xb1\x17\xcd"
- "\x76\x0c\x7f\x0d\xa9\xa0\xc1\x4e"
- "\xed\xdf\xb9\xe4\x1e\x3f\x87\xa8",
- .klen = 32,
- .iv = "\xdc\x84\xfe\xf1\x58\x8f\x6b\x1c"
- "\xbe\x57\x20\xe3\x37\x7a\x48\x4f",
- .assoc = "\xeb\x4d\x8d\x59\x9c\x2e\x15\xa3"
- "\xde\x8d\x4d\x07\x36\x43\x78\xd0"
- "\x0b\x6d\x84\x4f\x2c\xf0\x82\x5b"
- "\x4e\xf6\x29\xd1\x8b\x6f\x56",
- .alen = 31,
- .ptext = "",
- .plen = 0,
- .ctext = "\xe0\x6d\xa1\x07\x98\x2f\x40\x2d"
- "\x2e\x9a\xd6\x61\x43\xc0\x74\x69",
- .clen = 16,
- }, {
- .key = "\x0a\xe0\xaa\x29\x24\x6c\x6a\xb1"
- "\x1f\xfa\xa6\x50\x33\xd5\xda\xd3"
- "\xa0\xce\x8a\x91\xae\x40\x43\x68"
- "\xae\x0d\x98\xbd\xf8\x9e\x26\x7f",
- .klen = 32,
- .iv = "\x19\xa9\x38\x91\x68\x0b\x14\x38"
- "\x3f\x31\xd2\x74\x31\x9e\x0a\x55",
- .assoc = "\x28\x72\xc7\xf8\xac\xaa\xbe\xbf"
- "\x5f\x67\xff\x99\x30\x67\x3b\xd6"
- "\x35\x2f\x90\xd3\x31\x90\x04\x74"
- "\x0f\x23\x08\xa9\x65\xce\xf6\xea",
- .alen = 32,
- .ptext = "",
- .plen = 0,
- .ctext = "\xb9\x57\x13\x3e\x82\x31\x61\x65"
- "\x0d\x7f\x6c\x96\x93\x5c\x50\xe2",
- .clen = 16,
- }, {
- .key = "\x46\x04\xe3\xc8\x34\xe7\x12\xcd"
- "\xa0\xd4\x58\xe2\x2d\xf9\x9c\xda"
- "\xca\x91\x96\x15\xb4\xe0\xc5\x81"
- "\x70\x3a\x77\x95\xd2\xfd\xc5\x55",
- .klen = 32,
- .iv = "\x55\xcd\x72\x30\x78\x86\xbd\x54"
- "\xc0\x0b\x84\x06\x2b\xc2\xcd\x5b",
- .assoc = "\x64\x97\x00\x98\xbc\x25\x67\xdb"
- "\xe0\x41\xb1\x2a\x2a\x8c\xfe\xdd"
- "\x5f\xf2\x9c\x58\x36\x30\x86\x8e"
- "\xd1\x51\xe6\x81\x3f\x2d\x95\xc1"
- "\x01",
- .alen = 33,
- .ptext = "",
- .plen = 0,
- .ctext = "\x81\x96\x34\xde\xbb\x36\xdd\x3e"
- "\x4e\x5e\xcb\x44\x21\xb8\x3f\xf1",
- .clen = 16,
- }, {
- .key = "\x83\x29\x1d\x67\x44\x63\xbb\xe9"
- "\x20\xaf\x0a\x73\x27\x1e\x5f\xe0"
- "\xf5\x53\xa1\x9a\xb9\x80\x47\x9b"
- "\x31\x68\x56\x6e\xac\x5c\x65\x2c",
- .klen = 32,
- .iv = "\x92\xf2\xac\xcf\x88\x02\x65\x70"
- "\x41\xe5\x36\x97\x25\xe7\x90\x61",
- .assoc = "\xa1\xbb\x3a\x37\xcc\xa1\x10\xf7"
- "\x61\x1c\x63\xbc\x24\xb0\xc0\xe3"
- "\x8a\xb4\xa7\xdc\x3b\xd0\x08\xa8"
- "\x92\x7f\xc5\x5a\x19\x8c\x34\x97"
- "\x0f\x95\x9b\x18\xe4\x8d\xb4\x24"
- "\xb9\x33\x28\x18\xe1\x9d\x14\xe0"
- "\x64\xb2\x89\x7d\x78\xa8\x05\x7e"
- "\x07\x8c\xfc\x88\x2d\xb8\x53",
- .alen = 63,
- .ptext = "",
- .plen = 0,
- .ctext = "\x2e\x99\xb6\x79\x57\x56\x80\x36"
- "\x8e\xc4\x1c\x12\x7d\x71\x36\x0c",
- .clen = 16,
- }, {
- .key = "\xbf\x4e\x57\x07\x54\xdf\x64\x05"
- "\xa1\x89\xbc\x04\x21\x42\x22\xe6"
- "\x1f\x15\xad\x1e\xbe\x20\xc9\xb4"
- "\xf3\x95\x35\x46\x86\xbb\x04\x03",
- .klen = 32,
- .iv = "\xce\x17\xe5\x6f\x98\x7e\x0e\x8c"
- "\xc2\xbf\xe8\x29\x1f\x0b\x52\x68",
- .assoc = "\xdd\xe0\x74\xd6\xdc\x1d\xb8\x13"
- "\xe2\xf6\x15\x4d\x1e\xd4\x83\xe9"
- "\xb4\x76\xb3\x60\x40\x70\x8a\xc1"
- "\x53\xac\xa4\x32\xf3\xeb\xd3\x6e"
- "\x1e\x42\xa0\x46\x45\x9f\xc7\x22"
- "\xd3\x43\xbc\x7e\xa5\x47\x2a\x6f"
- "\x91\x19\x70\x1e\xe1\xfe\x25\x49"
- "\xd6\x8f\x93\xc7\x28\x3f\x3d\x03",
- .alen = 64,
- .ptext = "",
- .plen = 0,
- .ctext = "\x7b\x25\x3d\x47\xd4\xa7\x08\xce"
- "\x3b\x89\x40\x36\xba\x6d\x0e\xa2",
- .clen = 16,
- }, {
- .key = "\xfc\x72\x90\xa6\x64\x5a\x0d\x21"
- "\x22\x63\x6e\x96\x1b\x67\xe4\xec"
- "\x49\xd7\xb9\xa2\xc3\xc0\x4b\xce"
- "\xb4\xc3\x14\x1e\x61\x1a\xa3\xd9",
- .klen = 32,
- .iv = "\x0b\x3c\x1f\x0e\xa8\xf9\xb7\xa7"
- "\x42\x9a\x9a\xba\x19\x30\x15\x6e",
- .assoc = "\x1a",
- .alen = 1,
- .ptext = "\x29",
- .plen = 1,
- .ctext = "\xe6\x09\x6f\x95\x9a\x18\xc8\xf6"
- "\x17\x75\x81\x16\xdf\x26\xff\x67"
- "\x92",
- .clen = 17,
- }, {
- .key = "\x38\x97\xca\x45\x74\xd6\xb6\x3c"
- "\xa3\x3d\x20\x27\x15\x8b\xa7\xf2"
- "\x74\x9a\xc4\x27\xc8\x60\xcd\xe8"
- "\x75\xf0\xf2\xf7\x3b\x79\x42\xb0",
- .klen = 32,
- .iv = "\x47\x60\x59\xad\xb8\x75\x60\xc3"
- "\xc3\x74\x4c\x4c\x13\x54\xd8\x74",
- .assoc = "\x56\x29\xe7\x15\xfc\x14\x0a\x4a"
- "\xe4\xaa\x79\x70\x12\x1d\x08\xf6"
- "\x09\xfb\xca\x69\x4b\xb0\x8e\xf5"
- "\xd6\x07\x62\xe3\xa8\xa9\x12",
- .alen = 31,
- .ptext = "\x66\xf3\x75\x7d\x40\xb3\xb4\xd1"
- "\x04\xe1\xa6\x94\x10\xe6\x39\x77"
- "\xd3\xac\x4d\x8a\x8c\x58\x6e\xfb"
- "\x06\x13\x9a\xd9\x5e\xc0\xfa",
- .plen = 31,
- .ctext = "\x82\xc0\x56\xf0\xd7\xc4\xc9\xfd"
- "\x3c\xd1\x2a\xd4\x15\x86\x9d\xda"
- "\xea\x6c\x6f\xa1\x33\xb0\x7a\x01"
- "\x57\xe7\xf3\x7b\x73\xe7\x54\x10"
- "\xc6\x91\xe2\xc6\xa0\x69\xe7\xe6"
- "\x76\xc3\xf5\x3a\x76\xfd\x4a",
- .clen = 47,
- }, {
- .key = "\x75\xbc\x04\xe5\x84\x52\x5e\x58"
- "\x24\x17\xd2\xb9\x0e\xaf\x6a\xf9"
- "\x9e\x5c\xd0\xab\xcd\x00\x4f\x01"
- "\x37\x1e\xd1\xcf\x15\xd8\xe2\x86",
- .klen = 32,
- .iv = "\x84\x85\x92\x4d\xc8\xf1\x08\xdf"
- "\x44\x4e\xff\xdd\x0d\x78\x9a\x7a",
- .assoc = "\x93\x4e\x21\xb4\x0c\x90\xb3\x66"
- "\x65\x84\x2b\x01\x0b\x42\xcb\xfc"
- "\x33\xbd\xd6\xed\x50\x50\x10\x0e"
- "\x97\x35\x41\xbb\x82\x08\xb1\xf2",
- .alen = 32,
- .ptext = "\xa2\x17\xaf\x1c\x50\x2e\x5d\xed"
- "\x85\xbb\x58\x26\x0a\x0b\xfc\x7d"
- "\xfe\x6e\x59\x0e\x91\xf8\xf0\x15"
- "\xc8\x40\x78\xb1\x38\x1f\x99\xa7",
- .plen = 32,
- .ctext = "\x01\x47\x8e\x6c\xf6\x64\x89\x3a"
- "\x71\xce\xe4\xaa\x45\x70\xe6\x84"
- "\x62\x48\x08\x64\x86\x6a\xdf\xec"
- "\xb4\xa0\xfb\x34\x03\x0c\x19\xf4"
- "\x2b\x7b\x36\x73\xec\x54\xa9\x1e"
- "\x30\x85\xdb\xe4\xac\xe9\x2c\xca",
- .clen = 48,
- }, {
- .key = "\xb1\xe1\x3e\x84\x94\xcd\x07\x74"
- "\xa5\xf2\x84\x4a\x08\xd4\x2c\xff"
- "\xc8\x1e\xdb\x2f\xd2\xa0\xd1\x1b"
- "\xf8\x4c\xb0\xa8\xef\x37\x81\x5d",
- .klen = 32,
- .iv = "\xc0\xaa\xcc\xec\xd8\x6c\xb1\xfb"
- "\xc5\x28\xb1\x6e\x07\x9d\x5d\x81",
- .assoc = "\xd0\x73\x5a\x54\x1d\x0b\x5b\x82"
- "\xe5\x5f\xdd\x93\x05\x66\x8e\x02"
- "\x5e\x80\xe1\x71\x55\xf0\x92\x28"
- "\x59\x62\x20\x94\x5c\x67\x50\xc8"
- "\x58",
- .alen = 33,
- .ptext = "\xdf\x3c\xe9\xbc\x61\xaa\x06\x09"
- "\x06\x95\x0a\xb7\x04\x2f\xbe\x84"
- "\x28\x30\x64\x92\x96\x98\x72\x2e"
- "\x89\x6e\x57\x8a\x13\x7e\x38\x7e"
- "\xdb",
- .plen = 33,
- .ctext = "\x85\xe0\xf8\x0f\x8e\x49\xe3\x60"
- "\xcb\x4a\x54\x94\xcf\xf5\x7e\x34"
- "\xe9\xf8\x80\x65\x53\xd0\x72\x70"
- "\x4f\x7d\x9d\xd1\x15\x6f\xb9\x2c"
- "\xfa\xe8\xdd\xac\x2e\xe1\x3f\x67"
- "\x63\x0f\x1a\x59\xb7\x89\xdb\xf4"
- "\xc3",
- .clen = 49,
- }, {
- .key = "\xee\x05\x77\x23\xa5\x49\xb0\x90"
- "\x26\xcc\x36\xdc\x02\xf8\xef\x05"
- "\xf3\xe1\xe7\xb3\xd8\x40\x53\x35"
- "\xb9\x79\x8f\x80\xc9\x96\x20\x33",
- .klen = 32,
- .iv = "\xfd\xce\x06\x8b\xe9\xe8\x5a\x17"
- "\x46\x02\x63\x00\x01\xc1\x20\x87",
- .assoc = "\x0c\x98\x94\xf3\x2d\x87\x04\x9e"
- "\x66\x39\x8f\x24\xff\x8a\x50\x08"
- "\x88\x42\xed\xf6\x5a\x90\x14\x42"
- "\x1a\x90\xfe\x6c\x36\xc6\xf0\x9f"
- "\x66\xa0\xb5\x2d\x2c\xf8\x25\x15"
- "\x55\x90\xa2\x7e\x77\x94\x96\x3a"
- "\x71\x1c\xf7\x44\xee\xa8\xc3\x42"
- "\xe2\xa3\x84\x04\x0b\xe1\xce",
- .alen = 63,
- .ptext = "\x1b\x61\x23\x5b\x71\x26\xae\x25"
- "\x87\x6f\xbc\x49\xfe\x53\x81\x8a"
- "\x53\xf2\x70\x17\x9b\x38\xf4\x48"
- "\x4b\x9b\x36\x62\xed\xdd\xd8\x54"
- "\xea\xcb\xb6\x79\x45\xfc\xaa\x54"
- "\x5c\x94\x47\x58\xa7\xff\x9c\x9e"
- "\x7c\xb6\xf1\xac\xc8\xfd\x8b\x35"
- "\xd5\xa4\x6a\xd4\x09\xc2\x08",
- .plen = 63,
- .ctext = "\x00\xe5\x5b\x87\x5c\x20\x22\x8a"
- "\xda\x1f\xd3\xff\xbb\xb2\xb0\xf8"
- "\xef\xe9\xeb\x9e\x7c\x80\xf4\x2b"
- "\x59\xc0\x79\xbc\x17\xa0\x15\x01"
- "\xf5\x72\xfb\x5a\xe7\xaf\x07\xe3"
- "\x1b\x49\x21\x34\x23\x63\x55\x5e"
- "\xee\x4f\x34\x17\xfa\xfe\xa5\x0c"
- "\xed\x0b\x23\xea\x9b\xda\x57\x2f"
- "\xf6\xa9\xae\x0d\x4e\x40\x96\x45"
- "\x7f\xfa\xf0\xbf\xc4\x98\x78",
- .clen = 79,
- }, {
- .key = "\x2a\x2a\xb1\xc3\xb5\xc5\x59\xac"
- "\xa7\xa6\xe8\x6d\xfc\x1d\xb2\x0b"
- "\x1d\xa3\xf3\x38\xdd\xe0\xd5\x4e"
- "\x7b\xa7\x6e\x58\xa3\xf5\xbf\x0a",
- .klen = 32,
- .iv = "\x39\xf3\x3f\x2b\xf9\x64\x03\x33"
- "\xc7\xdd\x15\x91\xfb\xe6\xe2\x8d",
- .assoc = "\x49\xbc\xce\x92\x3d\x02\xad\xba"
- "\xe7\x13\x41\xb6\xf9\xaf\x13\x0f"
- "\xb2\x04\xf8\x7a\x5f\x30\x96\x5b"
- "\xdc\xbd\xdd\x44\x10\x25\x8f\x75"
- "\x75\x4d\xb9\x5b\x8e\x0a\x38\x13"
- "\x6f\x9f\x36\xe4\x3a\x3e\xac\xc9"
- "\x9d\x83\xde\xe5\x57\xfd\xe3\x0e"
- "\xb1\xa7\x1b\x44\x05\x67\xb7\x37",
- .alen = 64,
- .ptext = "\x58\x85\x5c\xfa\x81\xa1\x57\x40"
- "\x08\x4a\x6e\xda\xf8\x78\x44\x90"
- "\x7d\xb5\x7b\x9b\xa1\xd8\x76\x62"
- "\x0c\xc9\x15\x3b\xc7\x3c\x77\x2b"
- "\xf8\x78\xba\xa7\xa6\x0e\xbd\x52"
- "\x76\xa3\xdc\xbe\x6b\xa8\xb1\x2d"
- "\xa9\x1d\xd8\x4e\x31\x53\xab\x00"
- "\xa5\xa7\x01\x13\x04\x49\xf2\x04",
- .plen = 64,
- .ctext = "\x28\xdd\xb9\x4a\x12\xc7\x0a\xe1"
- "\x58\x06\x1a\x9b\x8c\x67\xdf\xeb"
- "\x35\x35\x60\x9d\x06\x40\x65\xc1"
- "\x93\xe8\xb3\x82\x50\x29\xdd\xb5"
- "\x2b\xcb\xde\x18\x78\x6b\x42\xbe"
- "\x6d\x24\xd0\xb2\x7d\xd7\x08\x8f"
- "\x4a\x18\x98\xad\x8c\xf2\x97\xb4"
- "\xf4\x77\xe4\xbf\x41\x3b\xc4\x06"
- "\xce\x9e\x34\x81\xf0\x89\x11\x13"
- "\x02\x65\xa1\x7c\xdf\x07\x33\x06",
- .clen = 80,
- }, {
- .key = "\x67\x4f\xeb\x62\xc5\x40\x01\xc7"
- "\x28\x80\x9a\xfe\xf6\x41\x74\x12"
- "\x48\x65\xfe\xbc\xe2\x80\x57\x68"
- "\x3c\xd4\x4d\x31\x7d\x54\x5f\xe1",
- .klen = 32,
- .iv = "\x76\x18\x79\xca\x09\xdf\xac\x4e"
- "\x48\xb7\xc7\x23\xf5\x0a\xa5\x93",
- .assoc = "\x85\xe1\x08\x32\x4d\x7e\x56\xd5"
- "\x68\xed\xf3\x47\xf3\xd3\xd6\x15"
- "\xdd\xc7\x04\xfe\x64\xd0\x18\x75"
- "\x9d\xeb\xbc\x1d\xea\x84\x2e\x4c"
- "\x83\xf9\xbe\x8a\xef\x1c\x4b\x10"
- "\x89\xaf\xcb\x4b\xfe\xe7\xc1\x58"
- "\xca\xea\xc6\x87\xc0\x53\x03\xd9"
- "\x80\xaa\xb2\x83\xff\xee\xa1\x6a"
- "\x04",
- .alen = 65,
- .ptext = "\x94\xaa\x96\x9a\x91\x1d\x00\x5c"
- "\x88\x24\x20\x6b\xf2\x9c\x06\x96"
- "\xa7\x77\x87\x1f\xa6\x78\xf8\x7b"
- "\xcd\xf6\xf4\x13\xa1\x9b\x16\x02"
- "\x07\x24\xbf\xd5\x08\x20\xd0\x4f"
- "\x90\xb3\x70\x24\x2f\x51\xc7\xbb"
- "\xd6\x84\xc0\xef\x9a\xa8\xca\xcc"
- "\x74\xab\x97\x53\xfe\xd0\xdb\x37"
- "\x37\x6a\x0e\x9f\x3f\xa3\x2a\xe3"
- "\x1b\x34\x6d\x51\x72\x2b\x17\xe7"
- "\x4d\xaa\x2c\x18\xda\xa3\x33\x89"
- "\x2a\x9f\xf4\xd2\xed\x76\x3d\x3f"
- "\x3c\x15\x9d\x8e\x4f\x3c\x27\xb0"
- "\x42\x3f\x2f\x8a\xd4\xc2\x10\xb2"
- "\x27\x7f\xe3\x34\x80\x02\x49\x4b"
- "\x07\x68\x22\x2a\x88\x25\x53\xb2"
- "\x2f",
- .plen = 129,
- .ctext = "\x85\x39\x69\x35\xfb\xf9\xb0\xa6"
- "\x85\x43\x88\xd0\xd7\x78\x60\x19"
- "\x3e\x1f\xb1\xa4\xd6\xc5\x96\xec"
- "\xf7\x84\x85\xc7\x27\x0f\x74\x57"
- "\x28\x9e\xdd\x90\x3c\x43\x12\xc5"
- "\x51\x3d\x39\x8f\xa5\xf4\xe0\x0b"
- "\x57\x04\xf1\x6d\xfe\x9b\x84\x27"
- "\xe8\xeb\x4d\xda\x02\x0a\xc5\x49"
- "\x1a\x55\x5e\x50\x56\x4d\x94\xda"
- "\x20\xf8\x12\x54\x50\xb3\x11\xda"
- "\xed\x44\x27\x67\xd5\xd1\x8b\x4b"
- "\x38\x67\x56\x65\x59\xda\xe6\x97"
- "\x81\xae\x2f\x92\x3b\xae\x22\x1c"
- "\x91\x59\x38\x18\x00\xe8\xba\x92"
- "\x04\x19\x56\xdf\xb0\x82\xeb\x6f"
- "\x2e\xdb\x54\x3c\x4b\xbb\x60\x90"
- "\x4c\x50\x10\x62\xba\x7a\xb1\x68"
- "\x37\xd7\x87\x4e\xe4\x66\x09\x1f"
- "\xa5",
- .clen = 145,
- }, {
- .key = "\xa3\x73\x24\x01\xd5\xbc\xaa\xe3"
- "\xa9\x5a\x4c\x90\xf0\x65\x37\x18"
- "\x72\x28\x0a\x40\xe7\x20\xd9\x82"
- "\xfe\x02\x2b\x09\x57\xb3\xfe\xb7",
- .klen = 32,
- .iv = "\xb3\x3d\xb3\x69\x19\x5b\x54\x6a"
- "\xc9\x91\x79\xb4\xef\x2e\x68\x99",
- .assoc = "\xc2\x06\x41\xd1\x5d\xfa\xff\xf1"
- "\xe9\xc7\xa5\xd9\xed\xf8\x98\x1b"
- "\x07\x89\x10\x82\x6a\x70\x9a\x8f"
- "\x5e\x19\x9b\xf5\xc5\xe3\xcd\x22"
- "\x92\xa5\xc2\xb8\x51\x2e\x5e\x0e"
- "\xa4\xbe\x5f\xb1\xc1\x90\xd7\xe7"
- "\xf7\x52\xae\x28\x29\xa8\x22\xa4"
- "\x4f\xae\x48\xc2\xfa\x75\x8b\x9e"
- "\xce\x83\x2a\x88\x07\x55\xbb\x89"
- "\xf6\xdf\xac\xdf\x83\x08\xbf\x7d"
- "\xac\x30\x8b\x8e\x02\xac\x00\xf1"
- "\x30\x46\xe1\xbc\x75\xbf\x49\xbb"
- "\x26\x4e\x29\xf0\x2f\x21\xc6\x13"
- "\x92\xd9\x3d\x11\xe4\x10\x00\x8e"
- "\xd4\xd4\x58\x65\xa6\x2b\xe3\x25"
- "\xb1\x8f\x15\x93\xe7\x71\xb9\x2c"
- "\x4b",
- .alen = 129,
- .ptext = "\xd1\xcf\xd0\x39\xa1\x99\xa9\x78"
- "\x09\xfe\xd2\xfd\xec\xc1\xc9\x9d"
- "\xd2\x39\x93\xa3\xab\x18\x7a\x95"
- "\x8f\x24\xd3\xeb\x7b\xfa\xb5\xd8"
- "\x15\xd1\xc3\x04\x69\x32\xe3\x4d"
- "\xaa\xc2\x04\x8b\xf2\xfa\xdc\x4a"
- "\x02\xeb\xa8\x90\x03\xfd\xea\x97"
- "\x43\xaf\x2e\x92\xf8\x57\xc5\x6a"
- "\x00",
- .plen = 65,
- .ctext = "\x7d\xde\x53\x22\xe4\x23\x3b\x30"
- "\x78\xde\x35\x90\x7a\xd9\x0b\x93"
- "\xf6\x0e\x0b\xed\x40\xee\x10\x9c"
- "\x96\x3a\xd3\x34\xb2\xd0\x67\xcf"
- "\x63\x7f\x2d\x0c\xcf\x96\xec\x64"
- "\x1a\x87\xcc\x7d\x2c\x5e\x81\x4b"
- "\xd2\x8f\x4c\x7c\x00\xb1\xb4\xe0"
- "\x87\x4d\xb1\xbc\xd8\x78\x2c\x17"
- "\xf2\x3b\xd8\x28\x40\xe2\x76\xf6"
- "\x20\x13\x83\x46\xaf\xff\xe3\x0f"
- "\x72",
- .clen = 81,
- }, {
- .key = "\xe0\x98\x5e\xa1\xe5\x38\x53\xff"
- "\x2a\x35\xfe\x21\xea\x8a\xfa\x1e"
- "\x9c\xea\x15\xc5\xec\xc0\x5b\x9b"
- "\xbf\x2f\x0a\xe1\x32\x12\x9d\x8e",
- .klen = 32,
- .iv = "\xef\x61\xed\x08\x29\xd7\xfd\x86"
- "\x4a\x6b\x2b\x46\xe9\x53\x2a\xa0",
- .assoc = "\xfe\x2a\x7b\x70\x6d\x75\xa7\x0d"
- "\x6a\xa2\x57\x6a\xe7\x1c\x5b\x21"
- "\x31\x4b\x1b\x07\x6f\x10\x1c\xa8"
- "\x20\x46\x7a\xce\x9f\x42\x6d\xf9",
- .alen = 32,
- .ptext = "\x0d\xf4\x09\xd8\xb1\x14\x51\x94"
- "\x8a\xd8\x84\x8e\xe6\xe5\x8c\xa3"
- "\xfc\xfc\x9e\x28\xb0\xb8\xfc\xaf"
- "\x50\x52\xb1\xc4\x55\x59\x55\xaf",
- .plen = 32,
- .ctext = "\x5a\xcd\x8c\x57\xf2\x6a\xb6\xbe"
- "\x53\xc7\xaa\x9a\x60\x74\x9c\xc4"
- "\xa2\xc2\xd0\x6d\xe1\x03\x63\xdc"
- "\xbb\x51\x7e\x9c\x89\x73\xde\x4e"
- "\x24\xf8\x52\x7c\x15\x41\x0e\xba"
- "\x69\x0e\x36\x5f\x2f\x22\x8c",
- .clen = 47,
- }, {
- .key = "\x1c\xbd\x98\x40\xf5\xb3\xfc\x1b"
- "\xaa\x0f\xb0\xb3\xe4\xae\xbc\x24"
- "\xc7\xac\x21\x49\xf1\x60\xdd\xb5"
- "\x80\x5d\xe9\xba\x0c\x71\x3c\x64",
- .klen = 32,
- .iv = "\x2c\x86\x26\xa8\x39\x52\xa6\xa2"
- "\xcb\x45\xdd\xd7\xe3\x77\xed\xa6",
- .assoc = "\x3b\x4f\xb5\x10\x7d\xf1\x50\x29"
- "\xeb\x7c\x0a\xfb\xe1\x40\x1e\x27"
- "\x5c\x0d\x27\x8b\x74\xb0\x9e\xc2"
- "\xe1\x74\x59\xa6\x79\xa1\x0c\xd0",
- .alen = 32,
- .ptext = "\x4a\x18\x43\x77\xc1\x90\xfa\xb0"
- "\x0b\xb2\x36\x20\xe0\x09\x4e\xa9"
- "\x26\xbe\xaa\xac\xb5\x58\x7e\xc8"
- "\x11\x7f\x90\x9c\x2f\xb8\xf4\x85",
- .plen = 32,
- .ctext = "\x47\xd6\xce\x78\xd6\xbf\x4a\x51"
- "\xb8\xda\x92\x3c\xfd\xda\xac\x8e"
- "\x8d\x88\xd7\x4d\x90\xe5\xeb\xa1"
- "\xab\xd6\x7c\x76\xad\xea\x7d\x76"
- "\x53\xee\xb0\xcd\xd0\x02\xbb\x70"
- "\x5b\x6f\x7b\xe2\x8c\xe8",
- .clen = 46,
- }, {
- .key = "\x59\xe1\xd2\xdf\x05\x2f\xa4\x37"
- "\x2b\xe9\x63\x44\xde\xd3\x7f\x2b"
- "\xf1\x6f\x2d\xcd\xf6\x00\x5f\xcf"
- "\x42\x8a\xc8\x92\xe6\xd0\xdc\x3b",
- .klen = 32,
- .iv = "\x68\xab\x60\x47\x49\xce\x4f\xbe"
- "\x4c\x20\x8f\x68\xdd\x9c\xb0\xac",
- .assoc = "\x77\x74\xee\xaf\x8d\x6d\xf9\x45"
- "\x6c\x56\xbc\x8d\xdb\x65\xe0\x2e"
- "\x86\xd0\x32\x0f\x79\x50\x20\xdb"
- "\xa2\xa1\x37\x7e\x53\x00\xab\xa6",
- .alen = 32,
- .ptext = "\x86\x3d\x7d\x17\xd1\x0c\xa3\xcc"
- "\x8c\x8d\xe8\xb1\xda\x2e\x11\xaf"
- "\x51\x80\xb5\x30\xba\xf8\x00\xe2"
- "\xd3\xad\x6f\x75\x09\x18\x93\x5c",
- .plen = 32,
- .ctext = "\x9f\xa9\x2b\xa4\x8f\x00\x05\x2b"
- "\xe7\x68\x81\x51\xbb\xfb\xdf\x60"
- "\xbb\xac\xe8\xc1\xdc\x68\xae\x68"
- "\x3a\xcd\x7a\x06\x49\xfe\x80\x11"
- "\xe6\x61\x99\xe2\xdd\xbe\x2c\xbf",
- .clen = 40,
- }, {
- .key = "\x96\x06\x0b\x7f\x15\xab\x4d\x53"
- "\xac\xc3\x15\xd6\xd8\xf7\x42\x31"
- "\x1b\x31\x38\x51\xfc\xa0\xe1\xe8"
- "\x03\xb8\xa7\x6b\xc0\x2f\x7b\x11",
- .klen = 32,
- .iv = "\xa5\xcf\x9a\xe6\x59\x4a\xf7\xd9"
- "\xcd\xfa\x41\xfa\xd7\xc0\x72\xb2",
- .assoc = "\xb4\x99\x28\x4e\x9d\xe8\xa2\x60"
- "\xed\x30\x6e\x1e\xd5\x89\xa3\x34"
- "\xb1\x92\x3e\x93\x7e\xf0\xa2\xf5"
- "\x64\xcf\x16\x57\x2d\x5f\x4a\x7d",
- .alen = 32,
- .ptext = "\xc3\x62\xb7\xb6\xe2\x87\x4c\xe7"
- "\x0d\x67\x9a\x43\xd4\x52\xd4\xb5"
- "\x7b\x43\xc1\xb5\xbf\x98\x82\xfc"
- "\x94\xda\x4e\x4d\xe4\x77\x32\x32",
- .plen = 32,
- .ctext = "\xe2\x34\xfa\x25\xfd\xfb\x89\x5e"
- "\x5b\x4e\x0b\x15\x6e\x39\xfb\x0c"
- "\x73\xc7\xd9\x6b\xbe\xce\x9b\x70"
- "\xc7\x4f\x96\x16\x03\xfc\xea\xfb"
- "\x56",
- .clen = 33,
- },
-};
-
-/*
* All key wrapping test vectors taken from
* http://csrc.nist.gov/groups/STM/cavp/documents/mac/kwtestvectors.zip
*
@@ -32454,6 +29763,86 @@ static const struct comp_testvec lzo_decomp_tv_template[] = {
},
};
+static const struct comp_testvec lzorle_comp_tv_template[] = {
+ {
+ .inlen = 70,
+ .outlen = 59,
+ .input = "Join us now and share the software "
+ "Join us now and share the software ",
+ .output = "\x11\x01\x00\x0d\x4a\x6f\x69\x6e"
+ "\x20\x75\x73\x20\x6e\x6f\x77\x20"
+ "\x61\x6e\x64\x20\x73\x68\x61\x72"
+ "\x65\x20\x74\x68\x65\x20\x73\x6f"
+ "\x66\x74\x77\x70\x01\x32\x88\x00"
+ "\x0c\x65\x20\x74\x68\x65\x20\x73"
+ "\x6f\x66\x74\x77\x61\x72\x65\x20"
+ "\x11\x00\x00",
+ }, {
+ .inlen = 159,
+ .outlen = 133,
+ .input = "This document describes a compression method based on the LZO "
+ "compression algorithm. This document defines the application of "
+ "the LZO algorithm used in UBIFS.",
+ .output = "\x11\x01\x00\x2c\x54\x68\x69\x73"
+ "\x20\x64\x6f\x63\x75\x6d\x65\x6e"
+ "\x74\x20\x64\x65\x73\x63\x72\x69"
+ "\x62\x65\x73\x20\x61\x20\x63\x6f"
+ "\x6d\x70\x72\x65\x73\x73\x69\x6f"
+ "\x6e\x20\x6d\x65\x74\x68\x6f\x64"
+ "\x20\x62\x61\x73\x65\x64\x20\x6f"
+ "\x6e\x20\x74\x68\x65\x20\x4c\x5a"
+ "\x4f\x20\x2a\x8c\x00\x09\x61\x6c"
+ "\x67\x6f\x72\x69\x74\x68\x6d\x2e"
+ "\x20\x20\x2e\x54\x01\x03\x66\x69"
+ "\x6e\x65\x73\x20\x74\x06\x05\x61"
+ "\x70\x70\x6c\x69\x63\x61\x74\x76"
+ "\x0a\x6f\x66\x88\x02\x60\x09\x27"
+ "\xf0\x00\x0c\x20\x75\x73\x65\x64"
+ "\x20\x69\x6e\x20\x55\x42\x49\x46"
+ "\x53\x2e\x11\x00\x00",
+ },
+};
+
+static const struct comp_testvec lzorle_decomp_tv_template[] = {
+ {
+ .inlen = 133,
+ .outlen = 159,
+ .input = "\x00\x2b\x54\x68\x69\x73\x20\x64"
+ "\x6f\x63\x75\x6d\x65\x6e\x74\x20"
+ "\x64\x65\x73\x63\x72\x69\x62\x65"
+ "\x73\x20\x61\x20\x63\x6f\x6d\x70"
+ "\x72\x65\x73\x73\x69\x6f\x6e\x20"
+ "\x6d\x65\x74\x68\x6f\x64\x20\x62"
+ "\x61\x73\x65\x64\x20\x6f\x6e\x20"
+ "\x74\x68\x65\x20\x4c\x5a\x4f\x2b"
+ "\x8c\x00\x0d\x61\x6c\x67\x6f\x72"
+ "\x69\x74\x68\x6d\x2e\x20\x20\x54"
+ "\x68\x69\x73\x2a\x54\x01\x02\x66"
+ "\x69\x6e\x65\x73\x94\x06\x05\x61"
+ "\x70\x70\x6c\x69\x63\x61\x74\x76"
+ "\x0a\x6f\x66\x88\x02\x60\x09\x27"
+ "\xf0\x00\x0c\x20\x75\x73\x65\x64"
+ "\x20\x69\x6e\x20\x55\x42\x49\x46"
+ "\x53\x2e\x11\x00\x00",
+ .output = "This document describes a compression method based on the LZO "
+ "compression algorithm. This document defines the application of "
+ "the LZO algorithm used in UBIFS.",
+ }, {
+ .inlen = 59,
+ .outlen = 70,
+ .input = "\x11\x01\x00\x0d\x4a\x6f\x69\x6e"
+ "\x20\x75\x73\x20\x6e\x6f\x77\x20"
+ "\x61\x6e\x64\x20\x73\x68\x61\x72"
+ "\x65\x20\x74\x68\x65\x20\x73\x6f"
+ "\x66\x74\x77\x70\x01\x32\x88\x00"
+ "\x0c\x65\x20\x74\x68\x65\x20\x73"
+ "\x6f\x66\x74\x77\x61\x72\x65\x20"
+ "\x11\x00\x00",
+ .output = "Join us now and share the software "
+ "Join us now and share the software ",
+ },
+};
+
/*
* Michael MIC test vectors from IEEE 802.11i
*/
@@ -33382,6 +30771,112 @@ static const struct hash_testvec crc32c_tv_template[] = {
}
};
+static const struct hash_testvec xxhash64_tv_template[] = {
+ {
+ .psize = 0,
+ .digest = "\x99\xe9\xd8\x51\x37\xdb\x46\xef",
+ },
+ {
+ .plaintext = "\x40",
+ .psize = 1,
+ .digest = "\x20\x5c\x91\xaa\x88\xeb\x59\xd0",
+ },
+ {
+ .plaintext = "\x40\x8b\xb8\x41\xe4\x42\x15\x2d"
+ "\x88\xc7\x9a\x09\x1a\x9b",
+ .psize = 14,
+ .digest = "\xa8\xe8\x2b\xa9\x92\xa1\x37\x4a",
+ },
+ {
+ .plaintext = "\x40\x8b\xb8\x41\xe4\x42\x15\x2d"
+ "\x88\xc7\x9a\x09\x1a\x9b\x42\xe0"
+ "\xd4\x38\xa5\x2a\x26\xa5\x19\x4b"
+ "\x57\x65\x7f\xad\xc3\x7d\xca\x40"
+ "\x31\x65\x05\xbb\x31\xae\x51\x11"
+ "\xa8\xc0\xb3\x28\x42\xeb\x3c\x46"
+ "\xc8\xed\xed\x0f\x8d\x0b\xfa\x6e"
+ "\xbc\xe3\x88\x53\xca\x8f\xc8\xd9"
+ "\x41\x26\x7a\x3d\x21\xdb\x1a\x3c"
+ "\x01\x1d\xc9\xe9\xb7\x3a\x78\x67"
+ "\x57\x20\x94\xf1\x1e\xfd\xce\x39"
+ "\x99\x57\x69\x39\xa5\xd0\x8d\xd9"
+ "\x43\xfe\x1d\x66\x04\x3c\x27\x6a"
+ "\xe1\x0d\xe7\xc9\xfa\xc9\x07\x56"
+ "\xa5\xb3\xec\xd9\x1f\x42\x65\x66"
+ "\xaa\xbf\x87\x9b\xc5\x41\x9c\x27"
+ "\x3f\x2f\xa9\x55\x93\x01\x27\x33"
+ "\x43\x99\x4d\x81\x85\xae\x82\x00"
+ "\x6c\xd0\xd1\xa3\x57\x18\x06\xcc"
+ "\xec\x72\xf7\x8e\x87\x2d\x1f\x5e"
+ "\xd7\x5b\x1f\x36\x4c\xfa\xfd\x18"
+ "\x89\x76\xd3\x5e\xb5\x5a\xc0\x01"
+ "\xd2\xa1\x9a\x50\xe6\x08\xb4\x76"
+ "\x56\x4f\x0e\xbc\x54\xfc\x67\xe6"
+ "\xb9\xc0\x28\x4b\xb5\xc3\xff\x79"
+ "\x52\xea\xa1\x90\xc3\xaf\x08\x70"
+ "\x12\x02\x0c\xdb\x94\x00\x38\x95"
+ "\xed\xfd\x08\xf7\xe8\x04",
+ .psize = 222,
+ .digest = "\x41\xfc\xd4\x29\xfe\xe7\x85\x17",
+ },
+ {
+ .psize = 0,
+ .key = "\xb1\x79\x37\x9e\x00\x00\x00\x00",
+ .ksize = 8,
+ .digest = "\xef\x17\x9b\x92\xa2\xfd\x75\xac",
+ },
+
+ {
+ .plaintext = "\x40",
+ .psize = 1,
+ .key = "\xb1\x79\x37\x9e\x00\x00\x00\x00",
+ .ksize = 8,
+ .digest = "\xd1\x70\x4f\x14\x02\xc4\x9e\x71",
+ },
+ {
+ .plaintext = "\x40\x8b\xb8\x41\xe4\x42\x15\x2d"
+ "\x88\xc7\x9a\x09\x1a\x9b",
+ .psize = 14,
+ .key = "\xb1\x79\x37\x9e\x00\x00\x00\x00",
+ .ksize = 8,
+ .digest = "\xa4\xcd\xfe\x8e\x37\xe2\x1c\x64"
+ },
+ {
+ .plaintext = "\x40\x8b\xb8\x41\xe4\x42\x15\x2d"
+ "\x88\xc7\x9a\x09\x1a\x9b\x42\xe0"
+ "\xd4\x38\xa5\x2a\x26\xa5\x19\x4b"
+ "\x57\x65\x7f\xad\xc3\x7d\xca\x40"
+ "\x31\x65\x05\xbb\x31\xae\x51\x11"
+ "\xa8\xc0\xb3\x28\x42\xeb\x3c\x46"
+ "\xc8\xed\xed\x0f\x8d\x0b\xfa\x6e"
+ "\xbc\xe3\x88\x53\xca\x8f\xc8\xd9"
+ "\x41\x26\x7a\x3d\x21\xdb\x1a\x3c"
+ "\x01\x1d\xc9\xe9\xb7\x3a\x78\x67"
+ "\x57\x20\x94\xf1\x1e\xfd\xce\x39"
+ "\x99\x57\x69\x39\xa5\xd0\x8d\xd9"
+ "\x43\xfe\x1d\x66\x04\x3c\x27\x6a"
+ "\xe1\x0d\xe7\xc9\xfa\xc9\x07\x56"
+ "\xa5\xb3\xec\xd9\x1f\x42\x65\x66"
+ "\xaa\xbf\x87\x9b\xc5\x41\x9c\x27"
+ "\x3f\x2f\xa9\x55\x93\x01\x27\x33"
+ "\x43\x99\x4d\x81\x85\xae\x82\x00"
+ "\x6c\xd0\xd1\xa3\x57\x18\x06\xcc"
+ "\xec\x72\xf7\x8e\x87\x2d\x1f\x5e"
+ "\xd7\x5b\x1f\x36\x4c\xfa\xfd\x18"
+ "\x89\x76\xd3\x5e\xb5\x5a\xc0\x01"
+ "\xd2\xa1\x9a\x50\xe6\x08\xb4\x76"
+ "\x56\x4f\x0e\xbc\x54\xfc\x67\xe6"
+ "\xb9\xc0\x28\x4b\xb5\xc3\xff\x79"
+ "\x52\xea\xa1\x90\xc3\xaf\x08\x70"
+ "\x12\x02\x0c\xdb\x94\x00\x38\x95"
+ "\xed\xfd\x08\xf7\xe8\x04",
+ .psize = 222,
+ .key = "\xb1\x79\x37\x9e\x00\x00\x00\x00",
+ .ksize = 8,
+ .digest = "\x58\xbc\x55\xf2\x42\x81\x5c\xf0"
+ },
+};
+
static const struct comp_testvec lz4_comp_tv_template[] = {
{
.inlen = 255,
@@ -33575,4 +31070,501 @@ static const struct comp_testvec zstd_decomp_tv_template[] = {
"functions.",
},
};
+
+/* based on aes_cbc_tv_template */
+static const struct cipher_testvec essiv_aes_cbc_tv_template[] = {
+ {
+ .key = "\x06\xa9\x21\x40\x36\xb8\xa1\x5b"
+ "\x51\x2e\x03\xd5\x34\x12\x00\x06",
+ .klen = 16,
+ .iv = "\x3d\xaf\xba\x42\x9d\x9e\xb4\x30"
+ "\x00\x00\x00\x00\x00\x00\x00\x00",
+ .ptext = "Single block msg",
+ .ctext = "\xfa\x59\xe7\x5f\x41\x56\x65\xc3"
+ "\x36\xca\x6b\x72\x10\x9f\x8c\xd4",
+ .len = 16,
+ }, {
+ .key = "\xc2\x86\x69\x6d\x88\x7c\x9a\xa0"
+ "\x61\x1b\xbb\x3e\x20\x25\xa4\x5a",
+ .klen = 16,
+ .iv = "\x56\x2e\x17\x99\x6d\x09\x3d\x28"
+ "\x00\x00\x00\x00\x00\x00\x00\x00",
+ .ptext = "\x00\x01\x02\x03\x04\x05\x06\x07"
+ "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f"
+ "\x10\x11\x12\x13\x14\x15\x16\x17"
+ "\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f",
+ .ctext = "\xc8\x59\x9a\xfe\x79\xe6\x7b\x20"
+ "\x06\x7d\x55\x0a\x5e\xc7\xb5\xa7"
+ "\x0b\x9c\x80\xd2\x15\xa1\xb8\x6d"
+ "\xc6\xab\x7b\x65\xd9\xfd\x88\xeb",
+ .len = 32,
+ }, {
+ .key = "\x8e\x73\xb0\xf7\xda\x0e\x64\x52"
+ "\xc8\x10\xf3\x2b\x80\x90\x79\xe5"
+ "\x62\xf8\xea\xd2\x52\x2c\x6b\x7b",
+ .klen = 24,
+ .iv = "\x00\x01\x02\x03\x04\x05\x06\x07"
+ "\x00\x00\x00\x00\x00\x00\x00\x00",
+ .ptext = "\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96"
+ "\xe9\x3d\x7e\x11\x73\x93\x17\x2a"
+ "\xae\x2d\x8a\x57\x1e\x03\xac\x9c"
+ "\x9e\xb7\x6f\xac\x45\xaf\x8e\x51"
+ "\x30\xc8\x1c\x46\xa3\x5c\xe4\x11"
+ "\xe5\xfb\xc1\x19\x1a\x0a\x52\xef"
+ "\xf6\x9f\x24\x45\xdf\x4f\x9b\x17"
+ "\xad\x2b\x41\x7b\xe6\x6c\x37\x10",
+ .ctext = "\x96\x6d\xa9\x7a\x42\xe6\x01\xc7"
+ "\x17\xfc\xa7\x41\xd3\x38\x0b\xe5"
+ "\x51\x48\xf7\x7e\x5e\x26\xa9\xfe"
+ "\x45\x72\x1c\xd9\xde\xab\xf3\x4d"
+ "\x39\x47\xc5\x4f\x97\x3a\x55\x63"
+ "\x80\x29\x64\x4c\x33\xe8\x21\x8a"
+ "\x6a\xef\x6b\x6a\x8f\x43\xc0\xcb"
+ "\xf0\xf3\x6e\x74\x54\x44\x92\x44",
+ .len = 64,
+ }, {
+ .key = "\x60\x3d\xeb\x10\x15\xca\x71\xbe"
+ "\x2b\x73\xae\xf0\x85\x7d\x77\x81"
+ "\x1f\x35\x2c\x07\x3b\x61\x08\xd7"
+ "\x2d\x98\x10\xa3\x09\x14\xdf\xf4",
+ .klen = 32,
+ .iv = "\x00\x01\x02\x03\x04\x05\x06\x07"
+ "\x00\x00\x00\x00\x00\x00\x00\x00",
+ .ptext = "\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96"
+ "\xe9\x3d\x7e\x11\x73\x93\x17\x2a"
+ "\xae\x2d\x8a\x57\x1e\x03\xac\x9c"
+ "\x9e\xb7\x6f\xac\x45\xaf\x8e\x51"
+ "\x30\xc8\x1c\x46\xa3\x5c\xe4\x11"
+ "\xe5\xfb\xc1\x19\x1a\x0a\x52\xef"
+ "\xf6\x9f\x24\x45\xdf\x4f\x9b\x17"
+ "\xad\x2b\x41\x7b\xe6\x6c\x37\x10",
+ .ctext = "\x24\x52\xf1\x48\x74\xd0\xa7\x93"
+ "\x75\x9b\x63\x46\xc0\x1c\x1e\x17"
+ "\x4d\xdc\x5b\x3a\x27\x93\x2a\x63"
+ "\xf7\xf1\xc7\xb3\x54\x56\x5b\x50"
+ "\xa3\x31\xa5\x8b\xd6\xfd\xb6\x3c"
+ "\x8b\xf6\xf2\x45\x05\x0c\xc8\xbb"
+ "\x32\x0b\x26\x1c\xe9\x8b\x02\xc0"
+ "\xb2\x6f\x37\xa7\x5b\xa8\xa9\x42",
+ .len = 64,
+ }, {
+ .key = "\xC9\x83\xA6\xC9\xEC\x0F\x32\x55"
+ "\x0F\x32\x55\x78\x9B\xBE\x78\x9B"
+ "\xBE\xE1\x04\x27\xE1\x04\x27\x4A"
+ "\x6D\x90\x4A\x6D\x90\xB3\xD6\xF9",
+ .klen = 32,
+ .iv = "\xE7\x82\x1D\xB8\x53\x11\xAC\x47"
+ "\x00\x00\x00\x00\x00\x00\x00\x00",
+ .ptext = "\x50\xB9\x22\xAE\x17\x80\x0C\x75"
+ "\xDE\x47\xD3\x3C\xA5\x0E\x9A\x03"
+ "\x6C\xF8\x61\xCA\x33\xBF\x28\x91"
+ "\x1D\x86\xEF\x58\xE4\x4D\xB6\x1F"
+ "\xAB\x14\x7D\x09\x72\xDB\x44\xD0"
+ "\x39\xA2\x0B\x97\x00\x69\xF5\x5E"
+ "\xC7\x30\xBC\x25\x8E\x1A\x83\xEC"
+ "\x55\xE1\x4A\xB3\x1C\xA8\x11\x7A"
+ "\x06\x6F\xD8\x41\xCD\x36\x9F\x08"
+ "\x94\xFD\x66\xF2\x5B\xC4\x2D\xB9"
+ "\x22\x8B\x17\x80\xE9\x52\xDE\x47"
+ "\xB0\x19\xA5\x0E\x77\x03\x6C\xD5"
+ "\x3E\xCA\x33\x9C\x05\x91\xFA\x63"
+ "\xEF\x58\xC1\x2A\xB6\x1F\x88\x14"
+ "\x7D\xE6\x4F\xDB\x44\xAD\x16\xA2"
+ "\x0B\x74\x00\x69\xD2\x3B\xC7\x30"
+ "\x99\x02\x8E\xF7\x60\xEC\x55\xBE"
+ "\x27\xB3\x1C\x85\x11\x7A\xE3\x4C"
+ "\xD8\x41\xAA\x13\x9F\x08\x71\xFD"
+ "\x66\xCF\x38\xC4\x2D\x96\x22\x8B"
+ "\xF4\x5D\xE9\x52\xBB\x24\xB0\x19"
+ "\x82\x0E\x77\xE0\x49\xD5\x3E\xA7"
+ "\x10\x9C\x05\x6E\xFA\x63\xCC\x35"
+ "\xC1\x2A\x93\x1F\x88\xF1\x5A\xE6"
+ "\x4F\xB8\x21\xAD\x16\x7F\x0B\x74"
+ "\xDD\x46\xD2\x3B\xA4\x0D\x99\x02"
+ "\x6B\xF7\x60\xC9\x32\xBE\x27\x90"
+ "\x1C\x85\xEE\x57\xE3\x4C\xB5\x1E"
+ "\xAA\x13\x7C\x08\x71\xDA\x43\xCF"
+ "\x38\xA1\x0A\x96\xFF\x68\xF4\x5D"
+ "\xC6\x2F\xBB\x24\x8D\x19\x82\xEB"
+ "\x54\xE0\x49\xB2\x1B\xA7\x10\x79"
+ "\x05\x6E\xD7\x40\xCC\x35\x9E\x07"
+ "\x93\xFC\x65\xF1\x5A\xC3\x2C\xB8"
+ "\x21\x8A\x16\x7F\xE8\x51\xDD\x46"
+ "\xAF\x18\xA4\x0D\x76\x02\x6B\xD4"
+ "\x3D\xC9\x32\x9B\x04\x90\xF9\x62"
+ "\xEE\x57\xC0\x29\xB5\x1E\x87\x13"
+ "\x7C\xE5\x4E\xDA\x43\xAC\x15\xA1"
+ "\x0A\x73\xFF\x68\xD1\x3A\xC6\x2F"
+ "\x98\x01\x8D\xF6\x5F\xEB\x54\xBD"
+ "\x26\xB2\x1B\x84\x10\x79\xE2\x4B"
+ "\xD7\x40\xA9\x12\x9E\x07\x70\xFC"
+ "\x65\xCE\x37\xC3\x2C\x95\x21\x8A"
+ "\xF3\x5C\xE8\x51\xBA\x23\xAF\x18"
+ "\x81\x0D\x76\xDF\x48\xD4\x3D\xA6"
+ "\x0F\x9B\x04\x6D\xF9\x62\xCB\x34"
+ "\xC0\x29\x92\x1E\x87\xF0\x59\xE5"
+ "\x4E\xB7\x20\xAC\x15\x7E\x0A\x73"
+ "\xDC\x45\xD1\x3A\xA3\x0C\x98\x01"
+ "\x6A\xF6\x5F\xC8\x31\xBD\x26\x8F"
+ "\x1B\x84\xED\x56\xE2\x4B\xB4\x1D"
+ "\xA9\x12\x7B\x07\x70\xD9\x42\xCE"
+ "\x37\xA0\x09\x95\xFE\x67\xF3\x5C"
+ "\xC5\x2E\xBA\x23\x8C\x18\x81\xEA"
+ "\x53\xDF\x48\xB1\x1A\xA6\x0F\x78"
+ "\x04\x6D\xD6\x3F\xCB\x34\x9D\x06"
+ "\x92\xFB\x64\xF0\x59\xC2\x2B\xB7"
+ "\x20\x89\x15\x7E\xE7\x50\xDC\x45"
+ "\xAE\x17\xA3\x0C\x75\x01\x6A\xD3"
+ "\x3C\xC8\x31\x9A\x03\x8F\xF8\x61"
+ "\xED\x56\xBF\x28\xB4\x1D\x86\x12",
+ .ctext = "\x97\x7f\x69\x0f\x0f\x34\xa6\x33"
+ "\x66\x49\x7e\xd0\x4d\x1b\xc9\x64"
+ "\xf9\x61\x95\x98\x11\x00\x88\xf8"
+ "\x2e\x88\x01\x0f\x2b\xe1\xae\x3e"
+ "\xfe\xd6\x47\x30\x11\x68\x7d\x99"
+ "\xad\x69\x6a\xe8\x41\x5f\x1e\x16"
+ "\x00\x3a\x47\xdf\x8e\x7d\x23\x1c"
+ "\x19\x5b\x32\x76\x60\x03\x05\xc1"
+ "\xa0\xff\xcf\xcc\x74\x39\x46\x63"
+ "\xfe\x5f\xa6\x35\xa7\xb4\xc1\xf9"
+ "\x4b\x5e\x38\xcc\x8c\xc1\xa2\xcf"
+ "\x9a\xc3\xae\x55\x42\x46\x93\xd9"
+ "\xbd\x22\xd3\x8a\x19\x96\xc3\xb3"
+ "\x7d\x03\x18\xf9\x45\x09\x9c\xc8"
+ "\x90\xf3\x22\xb3\x25\x83\x9a\x75"
+ "\xbb\x04\x48\x97\x3a\x63\x08\x04"
+ "\xa0\x69\xf6\x52\xd4\x89\x93\x69"
+ "\xb4\x33\xa2\x16\x58\xec\x4b\x26"
+ "\x76\x54\x10\x0b\x6e\x53\x1e\xbc"
+ "\x16\x18\x42\xb1\xb1\xd3\x4b\xda"
+ "\x06\x9f\x8b\x77\xf7\xab\xd6\xed"
+ "\xa3\x1d\x90\xda\x49\x38\x20\xb8"
+ "\x6c\xee\xae\x3e\xae\x6c\x03\xb8"
+ "\x0b\xed\xc8\xaa\x0e\xc5\x1f\x90"
+ "\x60\xe2\xec\x1b\x76\xd0\xcf\xda"
+ "\x29\x1b\xb8\x5a\xbc\xf4\xba\x13"
+ "\x91\xa6\xcb\x83\x3f\xeb\xe9\x7b"
+ "\x03\xba\x40\x9e\xe6\x7a\xb2\x4a"
+ "\x73\x49\xfc\xed\xfb\x55\xa4\x24"
+ "\xc7\xa4\xd7\x4b\xf5\xf7\x16\x62"
+ "\x80\xd3\x19\x31\x52\x25\xa8\x69"
+ "\xda\x9a\x87\xf5\xf2\xee\x5d\x61"
+ "\xc1\x12\x72\x3e\x52\x26\x45\x3a"
+ "\xd8\x9d\x57\xfa\x14\xe2\x9b\x2f"
+ "\xd4\xaa\x5e\x31\xf4\x84\x89\xa4"
+ "\xe3\x0e\xb0\x58\x41\x75\x6a\xcb"
+ "\x30\x01\x98\x90\x15\x80\xf5\x27"
+ "\x92\x13\x81\xf0\x1c\x1e\xfc\xb1"
+ "\x33\xf7\x63\xb0\x67\xec\x2e\x5c"
+ "\x85\xe3\x5b\xd0\x43\x8a\xb8\x5f"
+ "\x44\x9f\xec\x19\xc9\x8f\xde\xdf"
+ "\x79\xef\xf8\xee\x14\x87\xb3\x34"
+ "\x76\x00\x3a\x9b\xc7\xed\xb1\x3d"
+ "\xef\x07\xb0\xe4\xfd\x68\x9e\xeb"
+ "\xc2\xb4\x1a\x85\x9a\x7d\x11\x88"
+ "\xf8\xab\x43\x55\x2b\x8a\x4f\x60"
+ "\x85\x9a\xf4\xba\xae\x48\x81\xeb"
+ "\x93\x07\x97\x9e\xde\x2a\xfc\x4e"
+ "\x31\xde\xaa\x44\xf7\x2a\xc3\xee"
+ "\x60\xa2\x98\x2c\x0a\x88\x50\xc5"
+ "\x6d\x89\xd3\xe4\xb6\xa7\xf4\xb0"
+ "\xcf\x0e\x89\xe3\x5e\x8f\x82\xf4"
+ "\x9d\xd1\xa9\x51\x50\x8a\xd2\x18"
+ "\x07\xb2\xaa\x3b\x7f\x58\x9b\xf4"
+ "\xb7\x24\x39\xd3\x66\x2f\x1e\xc0"
+ "\x11\xa3\x56\x56\x2a\x10\x73\xbc"
+ "\xe1\x23\xbf\xa9\x37\x07\x9c\xc3"
+ "\xb2\xc9\xa8\x1c\x5b\x5c\x58\xa4"
+ "\x77\x02\x26\xad\xc3\x40\x11\x53"
+ "\x93\x68\x72\xde\x05\x8b\x10\xbc"
+ "\xa6\xd4\x1b\xd9\x27\xd8\x16\x12"
+ "\x61\x2b\x31\x2a\x44\x87\x96\x58",
+ .len = 496,
+ },
+};
+
+/* based on hmac_sha256_aes_cbc_tv_temp */
+static const struct aead_testvec essiv_hmac_sha256_aes_cbc_tv_temp[] = {
+ {
+#ifdef __LITTLE_ENDIAN
+ .key = "\x08\x00" /* rta length */
+ "\x01\x00" /* rta type */
+#else
+ .key = "\x00\x08" /* rta length */
+ "\x00\x01" /* rta type */
+#endif
+ "\x00\x00\x00\x10" /* enc key length */
+ "\x00\x00\x00\x00\x00\x00\x00\x00"
+ "\x00\x00\x00\x00\x00\x00\x00\x00"
+ "\x00\x00\x00\x00\x00\x00\x00\x00"
+ "\x00\x00\x00\x00\x00\x00\x00\x00"
+ "\x06\xa9\x21\x40\x36\xb8\xa1\x5b"
+ "\x51\x2e\x03\xd5\x34\x12\x00\x06",
+ .klen = 8 + 32 + 16,
+ .iv = "\xb3\x0c\x5a\x11\x41\xad\xc1\x04"
+ "\xbc\x1e\x7e\x35\xb0\x5d\x78\x29",
+ .assoc = "\x3d\xaf\xba\x42\x9d\x9e\xb4\x30"
+ "\xb4\x22\xda\x80\x2c\x9f\xac\x41",
+ .alen = 16,
+ .ptext = "Single block msg",
+ .plen = 16,
+ .ctext = "\xe3\x53\x77\x9c\x10\x79\xae\xb8"
+ "\x27\x08\x94\x2d\xbe\x77\x18\x1a"
+ "\xcc\xde\x2d\x6a\xae\xf1\x0b\xcc"
+ "\x38\x06\x38\x51\xb4\xb8\xf3\x5b"
+ "\x5c\x34\xa6\xa3\x6e\x0b\x05\xe5"
+ "\x6a\x6d\x44\xaa\x26\xa8\x44\xa5",
+ .clen = 16 + 32,
+ }, {
+#ifdef __LITTLE_ENDIAN
+ .key = "\x08\x00" /* rta length */
+ "\x01\x00" /* rta type */
+#else
+ .key = "\x00\x08" /* rta length */
+ "\x00\x01" /* rta type */
+#endif
+ "\x00\x00\x00\x10" /* enc key length */
+ "\x20\x21\x22\x23\x24\x25\x26\x27"
+ "\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f"
+ "\x30\x31\x32\x33\x34\x35\x36\x37"
+ "\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f"
+ "\xc2\x86\x69\x6d\x88\x7c\x9a\xa0"
+ "\x61\x1b\xbb\x3e\x20\x25\xa4\x5a",
+ .klen = 8 + 32 + 16,
+ .iv = "\x56\xe8\x14\xa5\x74\x18\x75\x13"
+ "\x2f\x79\xe7\xc8\x65\xe3\x48\x45",
+ .assoc = "\x56\x2e\x17\x99\x6d\x09\x3d\x28"
+ "\xdd\xb3\xba\x69\x5a\x2e\x6f\x58",
+ .alen = 16,
+ .ptext = "\x00\x01\x02\x03\x04\x05\x06\x07"
+ "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f"
+ "\x10\x11\x12\x13\x14\x15\x16\x17"
+ "\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f",
+ .plen = 32,
+ .ctext = "\xd2\x96\xcd\x94\xc2\xcc\xcf\x8a"
+ "\x3a\x86\x30\x28\xb5\xe1\xdc\x0a"
+ "\x75\x86\x60\x2d\x25\x3c\xff\xf9"
+ "\x1b\x82\x66\xbe\xa6\xd6\x1a\xb1"
+ "\xf5\x33\x53\xf3\x68\x85\x2a\x99"
+ "\x0e\x06\x58\x8f\xba\xf6\x06\xda"
+ "\x49\x69\x0d\x5b\xd4\x36\x06\x62"
+ "\x35\x5e\x54\x58\x53\x4d\xdf\xbf",
+ .clen = 32 + 32,
+ }, {
+#ifdef __LITTLE_ENDIAN
+ .key = "\x08\x00" /* rta length */
+ "\x01\x00" /* rta type */
+#else
+ .key = "\x00\x08" /* rta length */
+ "\x00\x01" /* rta type */
+#endif
+ "\x00\x00\x00\x10" /* enc key length */
+ "\x11\x22\x33\x44\x55\x66\x77\x88"
+ "\x99\xaa\xbb\xcc\xdd\xee\xff\x11"
+ "\x22\x33\x44\x55\x66\x77\x88\x99"
+ "\xaa\xbb\xcc\xdd\xee\xff\x11\x22"
+ "\x6c\x3e\xa0\x47\x76\x30\xce\x21"
+ "\xa2\xce\x33\x4a\xa7\x46\xc2\xcd",
+ .klen = 8 + 32 + 16,
+ .iv = "\x1f\x6b\xfb\xd6\x6b\x72\x2f\xc9"
+ "\xb6\x9f\x8c\x10\xa8\x96\x15\x64",
+ .assoc = "\xc7\x82\xdc\x4c\x09\x8c\x66\xcb"
+ "\xd9\xcd\x27\xd8\x25\x68\x2c\x81",
+ .alen = 16,
+ .ptext = "This is a 48-byte message (exactly 3 AES blocks)",
+ .plen = 48,
+ .ctext = "\xd0\xa0\x2b\x38\x36\x45\x17\x53"
+ "\xd4\x93\x66\x5d\x33\xf0\xe8\x86"
+ "\x2d\xea\x54\xcd\xb2\x93\xab\xc7"
+ "\x50\x69\x39\x27\x67\x72\xf8\xd5"
+ "\x02\x1c\x19\x21\x6b\xad\x52\x5c"
+ "\x85\x79\x69\x5d\x83\xba\x26\x84"
+ "\x68\xb9\x3e\x90\x38\xa0\x88\x01"
+ "\xe7\xc6\xce\x10\x31\x2f\x9b\x1d"
+ "\x24\x78\xfb\xbe\x02\xe0\x4f\x40"
+ "\x10\xbd\xaa\xc6\xa7\x79\xe0\x1a",
+ .clen = 48 + 32,
+ }, {
+#ifdef __LITTLE_ENDIAN
+ .key = "\x08\x00" /* rta length */
+ "\x01\x00" /* rta type */
+#else
+ .key = "\x00\x08" /* rta length */
+ "\x00\x01" /* rta type */
+#endif
+ "\x00\x00\x00\x10" /* enc key length */
+ "\x11\x22\x33\x44\x55\x66\x77\x88"
+ "\x99\xaa\xbb\xcc\xdd\xee\xff\x11"
+ "\x22\x33\x44\x55\x66\x77\x88\x99"
+ "\xaa\xbb\xcc\xdd\xee\xff\x11\x22"
+ "\x56\xe4\x7a\x38\xc5\x59\x89\x74"
+ "\xbc\x46\x90\x3d\xba\x29\x03\x49",
+ .klen = 8 + 32 + 16,
+ .iv = "\x13\xe5\xf2\xef\x61\x97\x59\x35"
+ "\x9b\x36\x84\x46\x4e\x63\xd1\x41",
+ .assoc = "\x8c\xe8\x2e\xef\xbe\xa0\xda\x3c"
+ "\x44\x69\x9e\xd7\xdb\x51\xb7\xd9",
+ .alen = 16,
+ .ptext = "\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7"
+ "\xa8\xa9\xaa\xab\xac\xad\xae\xaf"
+ "\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7"
+ "\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf"
+ "\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7"
+ "\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf"
+ "\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7"
+ "\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf",
+ .plen = 64,
+ .ctext = "\xc3\x0e\x32\xff\xed\xc0\x77\x4e"
+ "\x6a\xff\x6a\xf0\x86\x9f\x71\xaa"
+ "\x0f\x3a\xf0\x7a\x9a\x31\xa9\xc6"
+ "\x84\xdb\x20\x7e\xb0\xef\x8e\x4e"
+ "\x35\x90\x7a\xa6\x32\xc3\xff\xdf"
+ "\x86\x8b\xb7\xb2\x9d\x3d\x46\xad"
+ "\x83\xce\x9f\x9a\x10\x2e\xe9\x9d"
+ "\x49\xa5\x3e\x87\xf4\xc3\xda\x55"
+ "\x7a\x1b\xd4\x3c\xdb\x17\x95\xe2"
+ "\xe0\x93\xec\xc9\x9f\xf7\xce\xd8"
+ "\x3f\x54\xe2\x49\x39\xe3\x71\x25"
+ "\x2b\x6c\xe9\x5d\xec\xec\x2b\x64",
+ .clen = 64 + 32,
+ }, {
+#ifdef __LITTLE_ENDIAN
+ .key = "\x08\x00" /* rta length */
+ "\x01\x00" /* rta type */
+#else
+ .key = "\x00\x08" /* rta length */
+ "\x00\x01" /* rta type */
+#endif
+ "\x00\x00\x00\x10" /* enc key length */
+ "\x11\x22\x33\x44\x55\x66\x77\x88"
+ "\x99\xaa\xbb\xcc\xdd\xee\xff\x11"
+ "\x22\x33\x44\x55\x66\x77\x88\x99"
+ "\xaa\xbb\xcc\xdd\xee\xff\x11\x22"
+ "\x90\xd3\x82\xb4\x10\xee\xba\x7a"
+ "\xd9\x38\xc4\x6c\xec\x1a\x82\xbf",
+ .klen = 8 + 32 + 16,
+ .iv = "\xe4\x13\xa1\x15\xe9\x6b\xb8\x23"
+ "\x81\x7a\x94\x29\xab\xfd\xd2\x2c",
+ .assoc = "\x00\x00\x43\x21\x00\x00\x00\x01"
+ "\xe9\x6e\x8c\x08\xab\x46\x57\x63"
+ "\xfd\x09\x8d\x45\xdd\x3f\xf8\x93",
+ .alen = 24,
+ .ptext = "\x08\x00\x0e\xbd\xa7\x0a\x00\x00"
+ "\x8e\x9c\x08\x3d\xb9\x5b\x07\x00"
+ "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f"
+ "\x10\x11\x12\x13\x14\x15\x16\x17"
+ "\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f"
+ "\x20\x21\x22\x23\x24\x25\x26\x27"
+ "\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f"
+ "\x30\x31\x32\x33\x34\x35\x36\x37"
+ "\x01\x02\x03\x04\x05\x06\x07\x08"
+ "\x09\x0a\x0b\x0c\x0d\x0e\x0e\x01",
+ .plen = 80,
+ .ctext = "\xf6\x63\xc2\x5d\x32\x5c\x18\xc6"
+ "\xa9\x45\x3e\x19\x4e\x12\x08\x49"
+ "\xa4\x87\x0b\x66\xcc\x6b\x99\x65"
+ "\x33\x00\x13\xb4\x89\x8d\xc8\x56"
+ "\xa4\x69\x9e\x52\x3a\x55\xdb\x08"
+ "\x0b\x59\xec\x3a\x8e\x4b\x7e\x52"
+ "\x77\x5b\x07\xd1\xdb\x34\xed\x9c"
+ "\x53\x8a\xb5\x0c\x55\x1b\x87\x4a"
+ "\xa2\x69\xad\xd0\x47\xad\x2d\x59"
+ "\x13\xac\x19\xb7\xcf\xba\xd4\xa6"
+ "\xbb\xd4\x0f\xbe\xa3\x3b\x4c\xb8"
+ "\x3a\xd2\xe1\x03\x86\xa5\x59\xb7"
+ "\x73\xc3\x46\x20\x2c\xb1\xef\x68"
+ "\xbb\x8a\x32\x7e\x12\x8c\x69\xcf",
+ .clen = 80 + 32,
+ }, {
+#ifdef __LITTLE_ENDIAN
+ .key = "\x08\x00" /* rta length */
+ "\x01\x00" /* rta type */
+#else
+ .key = "\x00\x08" /* rta length */
+ "\x00\x01" /* rta type */
+#endif
+ "\x00\x00\x00\x18" /* enc key length */
+ "\x11\x22\x33\x44\x55\x66\x77\x88"
+ "\x99\xaa\xbb\xcc\xdd\xee\xff\x11"
+ "\x22\x33\x44\x55\x66\x77\x88\x99"
+ "\xaa\xbb\xcc\xdd\xee\xff\x11\x22"
+ "\x8e\x73\xb0\xf7\xda\x0e\x64\x52"
+ "\xc8\x10\xf3\x2b\x80\x90\x79\xe5"
+ "\x62\xf8\xea\xd2\x52\x2c\x6b\x7b",
+ .klen = 8 + 32 + 24,
+ .iv = "\x49\xca\x41\xc9\x6b\xbf\x6c\x98"
+ "\x38\x2f\xa7\x3d\x4d\x80\x49\xb0",
+ .assoc = "\x00\x01\x02\x03\x04\x05\x06\x07"
+ "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f",
+ .alen = 16,
+ .ptext = "\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96"
+ "\xe9\x3d\x7e\x11\x73\x93\x17\x2a"
+ "\xae\x2d\x8a\x57\x1e\x03\xac\x9c"
+ "\x9e\xb7\x6f\xac\x45\xaf\x8e\x51"
+ "\x30\xc8\x1c\x46\xa3\x5c\xe4\x11"
+ "\xe5\xfb\xc1\x19\x1a\x0a\x52\xef"
+ "\xf6\x9f\x24\x45\xdf\x4f\x9b\x17"
+ "\xad\x2b\x41\x7b\xe6\x6c\x37\x10",
+ .plen = 64,
+ .ctext = "\x4f\x02\x1d\xb2\x43\xbc\x63\x3d"
+ "\x71\x78\x18\x3a\x9f\xa0\x71\xe8"
+ "\xb4\xd9\xad\xa9\xad\x7d\xed\xf4"
+ "\xe5\xe7\x38\x76\x3f\x69\x14\x5a"
+ "\x57\x1b\x24\x20\x12\xfb\x7a\xe0"
+ "\x7f\xa9\xba\xac\x3d\xf1\x02\xe0"
+ "\x08\xb0\xe2\x79\x88\x59\x88\x81"
+ "\xd9\x20\xa9\xe6\x4f\x56\x15\xcd"
+ "\x2f\xee\x5f\xdb\x66\xfe\x79\x09"
+ "\x61\x81\x31\xea\x5b\x3d\x8e\xfb"
+ "\xca\x71\x85\x93\xf7\x85\x55\x8b"
+ "\x7a\xe4\x94\xca\x8b\xba\x19\x33",
+ .clen = 64 + 32,
+ }, {
+#ifdef __LITTLE_ENDIAN
+ .key = "\x08\x00" /* rta length */
+ "\x01\x00" /* rta type */
+#else
+ .key = "\x00\x08" /* rta length */
+ "\x00\x01" /* rta type */
+#endif
+ "\x00\x00\x00\x20" /* enc key length */
+ "\x11\x22\x33\x44\x55\x66\x77\x88"
+ "\x99\xaa\xbb\xcc\xdd\xee\xff\x11"
+ "\x22\x33\x44\x55\x66\x77\x88\x99"
+ "\xaa\xbb\xcc\xdd\xee\xff\x11\x22"
+ "\x60\x3d\xeb\x10\x15\xca\x71\xbe"
+ "\x2b\x73\xae\xf0\x85\x7d\x77\x81"
+ "\x1f\x35\x2c\x07\x3b\x61\x08\xd7"
+ "\x2d\x98\x10\xa3\x09\x14\xdf\xf4",
+ .klen = 8 + 32 + 32,
+ .iv = "\xdf\xab\xf2\x7c\xdc\xe0\x33\x4c"
+ "\xf9\x75\xaf\xf9\x2f\x60\x3a\x9b",
+ .assoc = "\x00\x01\x02\x03\x04\x05\x06\x07"
+ "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f",
+ .alen = 16,
+ .ptext = "\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96"
+ "\xe9\x3d\x7e\x11\x73\x93\x17\x2a"
+ "\xae\x2d\x8a\x57\x1e\x03\xac\x9c"
+ "\x9e\xb7\x6f\xac\x45\xaf\x8e\x51"
+ "\x30\xc8\x1c\x46\xa3\x5c\xe4\x11"
+ "\xe5\xfb\xc1\x19\x1a\x0a\x52\xef"
+ "\xf6\x9f\x24\x45\xdf\x4f\x9b\x17"
+ "\xad\x2b\x41\x7b\xe6\x6c\x37\x10",
+ .plen = 64,
+ .ctext = "\xf5\x8c\x4c\x04\xd6\xe5\xf1\xba"
+ "\x77\x9e\xab\xfb\x5f\x7b\xfb\xd6"
+ "\x9c\xfc\x4e\x96\x7e\xdb\x80\x8d"
+ "\x67\x9f\x77\x7b\xc6\x70\x2c\x7d"
+ "\x39\xf2\x33\x69\xa9\xd9\xba\xcf"
+ "\xa5\x30\xe2\x63\x04\x23\x14\x61"
+ "\xb2\xeb\x05\xe2\xc3\x9b\xe9\xfc"
+ "\xda\x6c\x19\x07\x8c\x6a\x9d\x1b"
+ "\x24\x29\xed\xc2\x31\x49\xdb\xb1"
+ "\x8f\x74\xbd\x17\x92\x03\xbe\x8f"
+ "\xf3\x61\xde\x1c\xe9\xdb\xcd\xd0"
+ "\xcc\xce\xe9\x85\x57\xcf\x6f\x5f",
+ .clen = 64 + 32,
+ },
+};
+
#endif /* _CRYPTO_TESTMGR_H */
diff --git a/crypto/tgr192.c b/crypto/tgr192.c
index 702c2c89c7a1..052648e24909 100644
--- a/crypto/tgr192.c
+++ b/crypto/tgr192.c
@@ -630,9 +630,10 @@ static struct shash_alg tgr_algs[3] = { {
.final = tgr192_final,
.descsize = sizeof(struct tgr192_ctx),
.base = {
- .cra_name = "tgr192",
- .cra_blocksize = TGR192_BLOCK_SIZE,
- .cra_module = THIS_MODULE,
+ .cra_name = "tgr192",
+ .cra_driver_name = "tgr192-generic",
+ .cra_blocksize = TGR192_BLOCK_SIZE,
+ .cra_module = THIS_MODULE,
}
}, {
.digestsize = TGR160_DIGEST_SIZE,
@@ -641,9 +642,10 @@ static struct shash_alg tgr_algs[3] = { {
.final = tgr160_final,
.descsize = sizeof(struct tgr192_ctx),
.base = {
- .cra_name = "tgr160",
- .cra_blocksize = TGR192_BLOCK_SIZE,
- .cra_module = THIS_MODULE,
+ .cra_name = "tgr160",
+ .cra_driver_name = "tgr160-generic",
+ .cra_blocksize = TGR192_BLOCK_SIZE,
+ .cra_module = THIS_MODULE,
}
}, {
.digestsize = TGR128_DIGEST_SIZE,
@@ -652,9 +654,10 @@ static struct shash_alg tgr_algs[3] = { {
.final = tgr128_final,
.descsize = sizeof(struct tgr192_ctx),
.base = {
- .cra_name = "tgr128",
- .cra_blocksize = TGR192_BLOCK_SIZE,
- .cra_module = THIS_MODULE,
+ .cra_name = "tgr128",
+ .cra_driver_name = "tgr128-generic",
+ .cra_blocksize = TGR192_BLOCK_SIZE,
+ .cra_module = THIS_MODULE,
}
} };
diff --git a/crypto/wp512.c b/crypto/wp512.c
index 1b8e502d999f..feadc13ccae0 100644
--- a/crypto/wp512.c
+++ b/crypto/wp512.c
@@ -1126,9 +1126,10 @@ static struct shash_alg wp_algs[3] = { {
.final = wp512_final,
.descsize = sizeof(struct wp512_ctx),
.base = {
- .cra_name = "wp512",
- .cra_blocksize = WP512_BLOCK_SIZE,
- .cra_module = THIS_MODULE,
+ .cra_name = "wp512",
+ .cra_driver_name = "wp512-generic",
+ .cra_blocksize = WP512_BLOCK_SIZE,
+ .cra_module = THIS_MODULE,
}
}, {
.digestsize = WP384_DIGEST_SIZE,
@@ -1137,9 +1138,10 @@ static struct shash_alg wp_algs[3] = { {
.final = wp384_final,
.descsize = sizeof(struct wp512_ctx),
.base = {
- .cra_name = "wp384",
- .cra_blocksize = WP512_BLOCK_SIZE,
- .cra_module = THIS_MODULE,
+ .cra_name = "wp384",
+ .cra_driver_name = "wp384-generic",
+ .cra_blocksize = WP512_BLOCK_SIZE,
+ .cra_module = THIS_MODULE,
}
}, {
.digestsize = WP256_DIGEST_SIZE,
@@ -1148,9 +1150,10 @@ static struct shash_alg wp_algs[3] = { {
.final = wp256_final,
.descsize = sizeof(struct wp512_ctx),
.base = {
- .cra_name = "wp256",
- .cra_blocksize = WP512_BLOCK_SIZE,
- .cra_module = THIS_MODULE,
+ .cra_name = "wp256",
+ .cra_driver_name = "wp256-generic",
+ .cra_blocksize = WP512_BLOCK_SIZE,
+ .cra_module = THIS_MODULE,
}
} };
diff --git a/crypto/xts.c b/crypto/xts.c
index 11211003db7e..ab117633d64e 100644
--- a/crypto/xts.c
+++ b/crypto/xts.c
@@ -1,8 +1,6 @@
// SPDX-License-Identifier: GPL-2.0-or-later
/* XTS: as defined in IEEE1619/D16
* http://grouper.ieee.org/groups/1619/email/pdf00086.pdf
- * (sector sizes which are not a multiple of 16 bytes are,
- * however currently unsupported)
*
* Copyright (c) 2007 Rik Snel <rsnel@cube.dyndns.org>
*
@@ -34,6 +32,8 @@ struct xts_instance_ctx {
struct rctx {
le128 t;
+ struct scatterlist *tail;
+ struct scatterlist sg[2];
struct skcipher_request subreq;
};
@@ -84,10 +84,11 @@ static int setkey(struct crypto_skcipher *parent, const u8 *key,
* mutliple calls to the 'ecb(..)' instance, which usually would be slower than
* just doing the gf128mul_x_ble() calls again.
*/
-static int xor_tweak(struct skcipher_request *req, bool second_pass)
+static int xor_tweak(struct skcipher_request *req, bool second_pass, bool enc)
{
struct rctx *rctx = skcipher_request_ctx(req);
struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req);
+ const bool cts = (req->cryptlen % XTS_BLOCK_SIZE);
const int bs = XTS_BLOCK_SIZE;
struct skcipher_walk w;
le128 t = rctx->t;
@@ -109,6 +110,20 @@ static int xor_tweak(struct skcipher_request *req, bool second_pass)
wdst = w.dst.virt.addr;
do {
+ if (unlikely(cts) &&
+ w.total - w.nbytes + avail < 2 * XTS_BLOCK_SIZE) {
+ if (!enc) {
+ if (second_pass)
+ rctx->t = t;
+ gf128mul_x_ble(&t, &t);
+ }
+ le128_xor(wdst, &t, wsrc);
+ if (enc && second_pass)
+ gf128mul_x_ble(&rctx->t, &t);
+ skcipher_walk_done(&w, avail - bs);
+ return 0;
+ }
+
le128_xor(wdst++, &t, wsrc++);
gf128mul_x_ble(&t, &t);
} while ((avail -= bs) >= bs);
@@ -119,17 +134,71 @@ static int xor_tweak(struct skcipher_request *req, bool second_pass)
return err;
}
-static int xor_tweak_pre(struct skcipher_request *req)
+static int xor_tweak_pre(struct skcipher_request *req, bool enc)
{
- return xor_tweak(req, false);
+ return xor_tweak(req, false, enc);
}
-static int xor_tweak_post(struct skcipher_request *req)
+static int xor_tweak_post(struct skcipher_request *req, bool enc)
{
- return xor_tweak(req, true);
+ return xor_tweak(req, true, enc);
}
-static void crypt_done(struct crypto_async_request *areq, int err)
+static void cts_done(struct crypto_async_request *areq, int err)
+{
+ struct skcipher_request *req = areq->data;
+ le128 b;
+
+ if (!err) {
+ struct rctx *rctx = skcipher_request_ctx(req);
+
+ scatterwalk_map_and_copy(&b, rctx->tail, 0, XTS_BLOCK_SIZE, 0);
+ le128_xor(&b, &rctx->t, &b);
+ scatterwalk_map_and_copy(&b, rctx->tail, 0, XTS_BLOCK_SIZE, 1);
+ }
+
+ skcipher_request_complete(req, err);
+}
+
+static int cts_final(struct skcipher_request *req,
+ int (*crypt)(struct skcipher_request *req))
+{
+ struct priv *ctx = crypto_skcipher_ctx(crypto_skcipher_reqtfm(req));
+ int offset = req->cryptlen & ~(XTS_BLOCK_SIZE - 1);
+ struct rctx *rctx = skcipher_request_ctx(req);
+ struct skcipher_request *subreq = &rctx->subreq;
+ int tail = req->cryptlen % XTS_BLOCK_SIZE;
+ le128 b[2];
+ int err;
+
+ rctx->tail = scatterwalk_ffwd(rctx->sg, req->dst,
+ offset - XTS_BLOCK_SIZE);
+
+ scatterwalk_map_and_copy(b, rctx->tail, 0, XTS_BLOCK_SIZE, 0);
+ memcpy(b + 1, b, tail);
+ scatterwalk_map_and_copy(b, req->src, offset, tail, 0);
+
+ le128_xor(b, &rctx->t, b);
+
+ scatterwalk_map_and_copy(b, rctx->tail, 0, XTS_BLOCK_SIZE + tail, 1);
+
+ skcipher_request_set_tfm(subreq, ctx->child);
+ skcipher_request_set_callback(subreq, req->base.flags, cts_done, req);
+ skcipher_request_set_crypt(subreq, rctx->tail, rctx->tail,
+ XTS_BLOCK_SIZE, NULL);
+
+ err = crypt(subreq);
+ if (err)
+ return err;
+
+ scatterwalk_map_and_copy(b, rctx->tail, 0, XTS_BLOCK_SIZE, 0);
+ le128_xor(b, &rctx->t, b);
+ scatterwalk_map_and_copy(b, rctx->tail, 0, XTS_BLOCK_SIZE, 1);
+
+ return 0;
+}
+
+static void encrypt_done(struct crypto_async_request *areq, int err)
{
struct skcipher_request *req = areq->data;
@@ -137,47 +206,90 @@ static void crypt_done(struct crypto_async_request *areq, int err)
struct rctx *rctx = skcipher_request_ctx(req);
rctx->subreq.base.flags &= ~CRYPTO_TFM_REQ_MAY_SLEEP;
- err = xor_tweak_post(req);
+ err = xor_tweak_post(req, true);
+
+ if (!err && unlikely(req->cryptlen % XTS_BLOCK_SIZE)) {
+ err = cts_final(req, crypto_skcipher_encrypt);
+ if (err == -EINPROGRESS)
+ return;
+ }
}
skcipher_request_complete(req, err);
}
-static void init_crypt(struct skcipher_request *req)
+static void decrypt_done(struct crypto_async_request *areq, int err)
+{
+ struct skcipher_request *req = areq->data;
+
+ if (!err) {
+ struct rctx *rctx = skcipher_request_ctx(req);
+
+ rctx->subreq.base.flags &= ~CRYPTO_TFM_REQ_MAY_SLEEP;
+ err = xor_tweak_post(req, false);
+
+ if (!err && unlikely(req->cryptlen % XTS_BLOCK_SIZE)) {
+ err = cts_final(req, crypto_skcipher_decrypt);
+ if (err == -EINPROGRESS)
+ return;
+ }
+ }
+
+ skcipher_request_complete(req, err);
+}
+
+static int init_crypt(struct skcipher_request *req, crypto_completion_t compl)
{
struct priv *ctx = crypto_skcipher_ctx(crypto_skcipher_reqtfm(req));
struct rctx *rctx = skcipher_request_ctx(req);
struct skcipher_request *subreq = &rctx->subreq;
+ if (req->cryptlen < XTS_BLOCK_SIZE)
+ return -EINVAL;
+
skcipher_request_set_tfm(subreq, ctx->child);
- skcipher_request_set_callback(subreq, req->base.flags, crypt_done, req);
+ skcipher_request_set_callback(subreq, req->base.flags, compl, req);
skcipher_request_set_crypt(subreq, req->dst, req->dst,
- req->cryptlen, NULL);
+ req->cryptlen & ~(XTS_BLOCK_SIZE - 1), NULL);
/* calculate first value of T */
crypto_cipher_encrypt_one(ctx->tweak, (u8 *)&rctx->t, req->iv);
+
+ return 0;
}
static int encrypt(struct skcipher_request *req)
{
struct rctx *rctx = skcipher_request_ctx(req);
struct skcipher_request *subreq = &rctx->subreq;
+ int err;
- init_crypt(req);
- return xor_tweak_pre(req) ?:
- crypto_skcipher_encrypt(subreq) ?:
- xor_tweak_post(req);
+ err = init_crypt(req, encrypt_done) ?:
+ xor_tweak_pre(req, true) ?:
+ crypto_skcipher_encrypt(subreq) ?:
+ xor_tweak_post(req, true);
+
+ if (err || likely((req->cryptlen % XTS_BLOCK_SIZE) == 0))
+ return err;
+
+ return cts_final(req, crypto_skcipher_encrypt);
}
static int decrypt(struct skcipher_request *req)
{
struct rctx *rctx = skcipher_request_ctx(req);
struct skcipher_request *subreq = &rctx->subreq;
+ int err;
+
+ err = init_crypt(req, decrypt_done) ?:
+ xor_tweak_pre(req, false) ?:
+ crypto_skcipher_decrypt(subreq) ?:
+ xor_tweak_post(req, false);
+
+ if (err || likely((req->cryptlen % XTS_BLOCK_SIZE) == 0))
+ return err;
- init_crypt(req);
- return xor_tweak_pre(req) ?:
- crypto_skcipher_decrypt(subreq) ?:
- xor_tweak_post(req);
+ return cts_final(req, crypto_skcipher_decrypt);
}
static int init_tfm(struct crypto_skcipher *tfm)
diff --git a/crypto/xxhash_generic.c b/crypto/xxhash_generic.c
new file mode 100644
index 000000000000..4aad2c0f40a9
--- /dev/null
+++ b/crypto/xxhash_generic.c
@@ -0,0 +1,108 @@
+// SPDX-License-Identifier: GPL-2.0
+
+#include <crypto/internal/hash.h>
+#include <linux/init.h>
+#include <linux/module.h>
+#include <linux/xxhash.h>
+#include <asm/unaligned.h>
+
+#define XXHASH64_BLOCK_SIZE 32
+#define XXHASH64_DIGEST_SIZE 8
+
+struct xxhash64_tfm_ctx {
+ u64 seed;
+};
+
+struct xxhash64_desc_ctx {
+ struct xxh64_state xxhstate;
+};
+
+static int xxhash64_setkey(struct crypto_shash *tfm, const u8 *key,
+ unsigned int keylen)
+{
+ struct xxhash64_tfm_ctx *tctx = crypto_shash_ctx(tfm);
+
+ if (keylen != sizeof(tctx->seed)) {
+ crypto_shash_set_flags(tfm, CRYPTO_TFM_RES_BAD_KEY_LEN);
+ return -EINVAL;
+ }
+ tctx->seed = get_unaligned_le64(key);
+ return 0;
+}
+
+static int xxhash64_init(struct shash_desc *desc)
+{
+ struct xxhash64_tfm_ctx *tctx = crypto_shash_ctx(desc->tfm);
+ struct xxhash64_desc_ctx *dctx = shash_desc_ctx(desc);
+
+ xxh64_reset(&dctx->xxhstate, tctx->seed);
+
+ return 0;
+}
+
+static int xxhash64_update(struct shash_desc *desc, const u8 *data,
+ unsigned int length)
+{
+ struct xxhash64_desc_ctx *dctx = shash_desc_ctx(desc);
+
+ xxh64_update(&dctx->xxhstate, data, length);
+
+ return 0;
+}
+
+static int xxhash64_final(struct shash_desc *desc, u8 *out)
+{
+ struct xxhash64_desc_ctx *dctx = shash_desc_ctx(desc);
+
+ put_unaligned_le64(xxh64_digest(&dctx->xxhstate), out);
+
+ return 0;
+}
+
+static int xxhash64_digest(struct shash_desc *desc, const u8 *data,
+ unsigned int length, u8 *out)
+{
+ struct xxhash64_tfm_ctx *tctx = crypto_shash_ctx(desc->tfm);
+
+ put_unaligned_le64(xxh64(data, length, tctx->seed), out);
+
+ return 0;
+}
+
+static struct shash_alg alg = {
+ .digestsize = XXHASH64_DIGEST_SIZE,
+ .setkey = xxhash64_setkey,
+ .init = xxhash64_init,
+ .update = xxhash64_update,
+ .final = xxhash64_final,
+ .digest = xxhash64_digest,
+ .descsize = sizeof(struct xxhash64_desc_ctx),
+ .base = {
+ .cra_name = "xxhash64",
+ .cra_driver_name = "xxhash64-generic",
+ .cra_priority = 100,
+ .cra_flags = CRYPTO_ALG_OPTIONAL_KEY,
+ .cra_blocksize = XXHASH64_BLOCK_SIZE,
+ .cra_ctxsize = sizeof(struct xxhash64_tfm_ctx),
+ .cra_module = THIS_MODULE,
+ }
+};
+
+static int __init xxhash_mod_init(void)
+{
+ return crypto_register_shash(&alg);
+}
+
+static void __exit xxhash_mod_fini(void)
+{
+ crypto_unregister_shash(&alg);
+}
+
+subsys_initcall(xxhash_mod_init);
+module_exit(xxhash_mod_fini);
+
+MODULE_AUTHOR("Nikolay Borisov <nborisov@suse.com>");
+MODULE_DESCRIPTION("xxhash calculations wrapper for lib/xxhash.c");
+MODULE_LICENSE("GPL");
+MODULE_ALIAS_CRYPTO("xxhash64");
+MODULE_ALIAS_CRYPTO("xxhash64-generic");
diff --git a/crypto/zstd.c b/crypto/zstd.c
index f1e4c70c9d24..5a3ff258d8f7 100644
--- a/crypto/zstd.c
+++ b/crypto/zstd.c
@@ -206,6 +206,7 @@ static int zstd_sdecompress(struct crypto_scomp *tfm, const u8 *src,
static struct crypto_alg alg = {
.cra_name = "zstd",
+ .cra_driver_name = "zstd-generic",
.cra_flags = CRYPTO_ALG_TYPE_COMPRESS,
.cra_ctxsize = sizeof(struct zstd_ctx),
.cra_module = THIS_MODULE,