+2

arch/arm/mach-tegra/fuse.c

reviewed

··· 19 19 20 20 #include <linux/kernel.h> 21 21 #include <linux/io.h> 22 22 + #include <linux/module.h> 22 23 23 24 #include <mach/iomap.h> 24 25 ··· 59 58 hi = fuse_readl(FUSE_UID_HIGH); 60 59 return (hi << 32ull) | lo; 61 60 } 61 61 + EXPORT_SYMBOL(tegra_chip_uid); 62 62 63 63 int tegra_sku_id(void) 64 64 {

+2

arch/x86/crypto/Makefile

reviewed

··· 8 8 obj-$(CONFIG_CRYPTO_SERPENT_SSE2_586) += serpent-sse2-i586.o 9 9 10 10 obj-$(CONFIG_CRYPTO_AES_X86_64) += aes-x86_64.o 11 11 + obj-$(CONFIG_CRYPTO_CAMELLIA_X86_64) += camellia-x86_64.o 11 12 obj-$(CONFIG_CRYPTO_BLOWFISH_X86_64) += blowfish-x86_64.o 12 13 obj-$(CONFIG_CRYPTO_TWOFISH_X86_64) += twofish-x86_64.o 13 14 obj-$(CONFIG_CRYPTO_TWOFISH_X86_64_3WAY) += twofish-x86_64-3way.o ··· 26 25 serpent-sse2-i586-y := serpent-sse2-i586-asm_32.o serpent_sse2_glue.o 27 26 28 27 aes-x86_64-y := aes-x86_64-asm_64.o aes_glue.o 28 28 + camellia-x86_64-y := camellia-x86_64-asm_64.o camellia_glue.o 29 29 blowfish-x86_64-y := blowfish-x86_64-asm_64.o blowfish_glue.o 30 30 twofish-x86_64-y := twofish-x86_64-asm_64.o twofish_glue.o 31 31 twofish-x86_64-3way-y := twofish-x86_64-asm_64-3way.o twofish_glue_3way.o

+94 -97

arch/x86/crypto/blowfish_glue.c

reviewed

··· 25 25 * 26 26 */ 27 27 28 28 + #include <asm/processor.h> 28 29 #include <crypto/blowfish.h> 29 30 #include <linux/crypto.h> 30 31 #include <linux/init.h> ··· 76 75 { 77 76 blowfish_dec_blk(crypto_tfm_ctx(tfm), dst, src); 78 77 } 79 79 - 80 80 - static struct crypto_alg bf_alg = { 81 81 - .cra_name = "blowfish", 82 82 - .cra_driver_name = "blowfish-asm", 83 83 - .cra_priority = 200, 84 84 - .cra_flags = CRYPTO_ALG_TYPE_CIPHER, 85 85 - .cra_blocksize = BF_BLOCK_SIZE, 86 86 - .cra_ctxsize = sizeof(struct bf_ctx), 87 87 - .cra_alignmask = 3, 88 88 - .cra_module = THIS_MODULE, 89 89 - .cra_list = LIST_HEAD_INIT(bf_alg.cra_list), 90 90 - .cra_u = { 91 91 - .cipher = { 92 92 - .cia_min_keysize = BF_MIN_KEY_SIZE, 93 93 - .cia_max_keysize = BF_MAX_KEY_SIZE, 94 94 - .cia_setkey = blowfish_setkey, 95 95 - .cia_encrypt = blowfish_encrypt, 96 96 - .cia_decrypt = blowfish_decrypt, 97 97 - } 98 98 - } 99 99 - }; 100 78 101 79 static int ecb_crypt(struct blkcipher_desc *desc, struct blkcipher_walk *walk, 102 80 void (*fn)(struct bf_ctx *, u8 *, const u8 *), ··· 139 159 blkcipher_walk_init(&walk, dst, src, nbytes); 140 160 return ecb_crypt(desc, &walk, blowfish_dec_blk, blowfish_dec_blk_4way); 141 161 } 142 142 - 143 143 - static struct crypto_alg blk_ecb_alg = { 144 144 - .cra_name = "ecb(blowfish)", 145 145 - .cra_driver_name = "ecb-blowfish-asm", 146 146 - .cra_priority = 300, 147 147 - .cra_flags = CRYPTO_ALG_TYPE_BLKCIPHER, 148 148 - .cra_blocksize = BF_BLOCK_SIZE, 149 149 - .cra_ctxsize = sizeof(struct bf_ctx), 150 150 - .cra_alignmask = 0, 151 151 - .cra_type = &crypto_blkcipher_type, 152 152 - .cra_module = THIS_MODULE, 153 153 - .cra_list = LIST_HEAD_INIT(blk_ecb_alg.cra_list), 154 154 - .cra_u = { 155 155 - .blkcipher = { 156 156 - .min_keysize = BF_MIN_KEY_SIZE, 157 157 - .max_keysize = BF_MAX_KEY_SIZE, 158 158 - .setkey = blowfish_setkey, 159 159 - .encrypt = ecb_encrypt, 160 160 - .decrypt = ecb_decrypt, 161 161 - }, 162 162 - }, 163 163 - }; 164 162 165 163 static unsigned int __cbc_encrypt(struct blkcipher_desc *desc, 166 164 struct blkcipher_walk *walk) ··· 265 307 return err; 266 308 } 267 309 268 268 - static struct crypto_alg blk_cbc_alg = { 269 269 - .cra_name = "cbc(blowfish)", 270 270 - .cra_driver_name = "cbc-blowfish-asm", 271 271 - .cra_priority = 300, 272 272 - .cra_flags = CRYPTO_ALG_TYPE_BLKCIPHER, 273 273 - .cra_blocksize = BF_BLOCK_SIZE, 274 274 - .cra_ctxsize = sizeof(struct bf_ctx), 275 275 - .cra_alignmask = 0, 276 276 - .cra_type = &crypto_blkcipher_type, 277 277 - .cra_module = THIS_MODULE, 278 278 - .cra_list = LIST_HEAD_INIT(blk_cbc_alg.cra_list), 279 279 - .cra_u = { 280 280 - .blkcipher = { 281 281 - .min_keysize = BF_MIN_KEY_SIZE, 282 282 - .max_keysize = BF_MAX_KEY_SIZE, 283 283 - .ivsize = BF_BLOCK_SIZE, 284 284 - .setkey = blowfish_setkey, 285 285 - .encrypt = cbc_encrypt, 286 286 - .decrypt = cbc_decrypt, 287 287 - }, 288 288 - }, 289 289 - }; 290 290 - 291 310 static void ctr_crypt_final(struct bf_ctx *ctx, struct blkcipher_walk *walk) 292 311 { 293 312 u8 *ctrblk = walk->iv; ··· 358 423 return err; 359 424 } 360 425 361 361 - static struct crypto_alg blk_ctr_alg = { 426 426 + static struct crypto_alg bf_algs[4] = { { 427 427 + .cra_name = "blowfish", 428 428 + .cra_driver_name = "blowfish-asm", 429 429 + .cra_priority = 200, 430 430 + .cra_flags = CRYPTO_ALG_TYPE_CIPHER, 431 431 + .cra_blocksize = BF_BLOCK_SIZE, 432 432 + .cra_ctxsize = sizeof(struct bf_ctx), 433 433 + .cra_alignmask = 0, 434 434 + .cra_module = THIS_MODULE, 435 435 + .cra_list = LIST_HEAD_INIT(bf_algs[0].cra_list), 436 436 + .cra_u = { 437 437 + .cipher = { 438 438 + .cia_min_keysize = BF_MIN_KEY_SIZE, 439 439 + .cia_max_keysize = BF_MAX_KEY_SIZE, 440 440 + .cia_setkey = blowfish_setkey, 441 441 + .cia_encrypt = blowfish_encrypt, 442 442 + .cia_decrypt = blowfish_decrypt, 443 443 + } 444 444 + } 445 445 + }, { 446 446 + .cra_name = "ecb(blowfish)", 447 447 + .cra_driver_name = "ecb-blowfish-asm", 448 448 + .cra_priority = 300, 449 449 + .cra_flags = CRYPTO_ALG_TYPE_BLKCIPHER, 450 450 + .cra_blocksize = BF_BLOCK_SIZE, 451 451 + .cra_ctxsize = sizeof(struct bf_ctx), 452 452 + .cra_alignmask = 0, 453 453 + .cra_type = &crypto_blkcipher_type, 454 454 + .cra_module = THIS_MODULE, 455 455 + .cra_list = LIST_HEAD_INIT(bf_algs[1].cra_list), 456 456 + .cra_u = { 457 457 + .blkcipher = { 458 458 + .min_keysize = BF_MIN_KEY_SIZE, 459 459 + .max_keysize = BF_MAX_KEY_SIZE, 460 460 + .setkey = blowfish_setkey, 461 461 + .encrypt = ecb_encrypt, 462 462 + .decrypt = ecb_decrypt, 463 463 + }, 464 464 + }, 465 465 + }, { 466 466 + .cra_name = "cbc(blowfish)", 467 467 + .cra_driver_name = "cbc-blowfish-asm", 468 468 + .cra_priority = 300, 469 469 + .cra_flags = CRYPTO_ALG_TYPE_BLKCIPHER, 470 470 + .cra_blocksize = BF_BLOCK_SIZE, 471 471 + .cra_ctxsize = sizeof(struct bf_ctx), 472 472 + .cra_alignmask = 0, 473 473 + .cra_type = &crypto_blkcipher_type, 474 474 + .cra_module = THIS_MODULE, 475 475 + .cra_list = LIST_HEAD_INIT(bf_algs[2].cra_list), 476 476 + .cra_u = { 477 477 + .blkcipher = { 478 478 + .min_keysize = BF_MIN_KEY_SIZE, 479 479 + .max_keysize = BF_MAX_KEY_SIZE, 480 480 + .ivsize = BF_BLOCK_SIZE, 481 481 + .setkey = blowfish_setkey, 482 482 + .encrypt = cbc_encrypt, 483 483 + .decrypt = cbc_decrypt, 484 484 + }, 485 485 + }, 486 486 + }, { 362 487 .cra_name = "ctr(blowfish)", 363 488 .cra_driver_name = "ctr-blowfish-asm", 364 489 .cra_priority = 300, ··· 428 433 .cra_alignmask = 0, 429 434 .cra_type = &crypto_blkcipher_type, 430 435 .cra_module = THIS_MODULE, 431 431 - .cra_list = LIST_HEAD_INIT(blk_ctr_alg.cra_list), 436 436 + .cra_list = LIST_HEAD_INIT(bf_algs[3].cra_list), 432 437 .cra_u = { 433 438 .blkcipher = { 434 439 .min_keysize = BF_MIN_KEY_SIZE, ··· 439 444 .decrypt = ctr_crypt, 440 445 }, 441 446 }, 442 442 - }; 447 447 + } }; 448 448 + 449 449 + static bool is_blacklisted_cpu(void) 450 450 + { 451 451 + if (boot_cpu_data.x86_vendor != X86_VENDOR_INTEL) 452 452 + return false; 453 453 + 454 454 + if (boot_cpu_data.x86 == 0x0f) { 455 455 + /* 456 456 + * On Pentium 4, blowfish-x86_64 is slower than generic C 457 457 + * implementation because use of 64bit rotates (which are really 458 458 + * slow on P4). Therefore blacklist P4s. 459 459 + */ 460 460 + return true; 461 461 + } 462 462 + 463 463 + return false; 464 464 + } 465 465 + 466 466 + static int force; 467 467 + module_param(force, int, 0); 468 468 + MODULE_PARM_DESC(force, "Force module load, ignore CPU blacklist"); 443 469 444 470 static int __init init(void) 445 471 { 446 446 - int err; 472 472 + if (!force && is_blacklisted_cpu()) { 473 473 + printk(KERN_INFO 474 474 + "blowfish-x86_64: performance on this CPU " 475 475 + "would be suboptimal: disabling " 476 476 + "blowfish-x86_64.\n"); 477 477 + return -ENODEV; 478 478 + } 447 479 448 448 - err = crypto_register_alg(&bf_alg); 449 449 - if (err) 450 450 - goto bf_err; 451 451 - err = crypto_register_alg(&blk_ecb_alg); 452 452 - if (err) 453 453 - goto ecb_err; 454 454 - err = crypto_register_alg(&blk_cbc_alg); 455 455 - if (err) 456 456 - goto cbc_err; 457 457 - err = crypto_register_alg(&blk_ctr_alg); 458 458 - if (err) 459 459 - goto ctr_err; 460 460 - 461 461 - return 0; 462 462 - 463 463 - ctr_err: 464 464 - crypto_unregister_alg(&blk_cbc_alg); 465 465 - cbc_err: 466 466 - crypto_unregister_alg(&blk_ecb_alg); 467 467 - ecb_err: 468 468 - crypto_unregister_alg(&bf_alg); 469 469 - bf_err: 470 470 - return err; 480 480 + return crypto_register_algs(bf_algs, ARRAY_SIZE(bf_algs)); 471 481 } 472 482 473 483 static void __exit fini(void) 474 484 { 475 475 - crypto_unregister_alg(&blk_ctr_alg); 476 476 - crypto_unregister_alg(&blk_cbc_alg); 477 477 - crypto_unregister_alg(&blk_ecb_alg); 478 478 - crypto_unregister_alg(&bf_alg); 485 485 + crypto_unregister_algs(bf_algs, ARRAY_SIZE(bf_algs)); 479 486 } 480 487 481 488 module_init(init);

+520

arch/x86/crypto/camellia-x86_64-asm_64.S

reviewed

··· 1 1 + /* 2 2 + * Camellia Cipher Algorithm (x86_64) 3 3 + * 4 4 + * Copyright (C) 2012 Jussi Kivilinna <jussi.kivilinna@mbnet.fi> 5 5 + * 6 6 + * This program is free software; you can redistribute it and/or modify 7 7 + * it under the terms of the GNU General Public License as published by 8 8 + * the Free Software Foundation; either version 2 of the License, or 9 9 + * (at your option) any later version. 10 10 + * 11 11 + * This program is distributed in the hope that it will be useful, 12 12 + * but WITHOUT ANY WARRANTY; without even the implied warranty of 13 13 + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 14 + * GNU General Public License for more details. 15 15 + * 16 16 + * You should have received a copy of the GNU General Public License 17 17 + * along with this program; if not, write to the Free Software 18 18 + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 19 19 + * USA 20 20 + * 21 21 + */ 22 22 + 23 23 + .file "camellia-x86_64-asm_64.S" 24 24 + .text 25 25 + 26 26 + .extern camellia_sp10011110; 27 27 + .extern camellia_sp22000222; 28 28 + .extern camellia_sp03303033; 29 29 + .extern camellia_sp00444404; 30 30 + .extern camellia_sp02220222; 31 31 + .extern camellia_sp30333033; 32 32 + .extern camellia_sp44044404; 33 33 + .extern camellia_sp11101110; 34 34 + 35 35 + #define sp10011110 camellia_sp10011110 36 36 + #define sp22000222 camellia_sp22000222 37 37 + #define sp03303033 camellia_sp03303033 38 38 + #define sp00444404 camellia_sp00444404 39 39 + #define sp02220222 camellia_sp02220222 40 40 + #define sp30333033 camellia_sp30333033 41 41 + #define sp44044404 camellia_sp44044404 42 42 + #define sp11101110 camellia_sp11101110 43 43 + 44 44 + #define CAMELLIA_TABLE_BYTE_LEN 272 45 45 + 46 46 + /* struct camellia_ctx: */ 47 47 + #define key_table 0 48 48 + #define key_length CAMELLIA_TABLE_BYTE_LEN 49 49 + 50 50 + /* register macros */ 51 51 + #define CTX %rdi 52 52 + #define RIO %rsi 53 53 + #define RIOd %esi 54 54 + 55 55 + #define RAB0 %rax 56 56 + #define RCD0 %rcx 57 57 + #define RAB1 %rbx 58 58 + #define RCD1 %rdx 59 59 + 60 60 + #define RAB0d %eax 61 61 + #define RCD0d %ecx 62 62 + #define RAB1d %ebx 63 63 + #define RCD1d %edx 64 64 + 65 65 + #define RAB0bl %al 66 66 + #define RCD0bl %cl 67 67 + #define RAB1bl %bl 68 68 + #define RCD1bl %dl 69 69 + 70 70 + #define RAB0bh %ah 71 71 + #define RCD0bh %ch 72 72 + #define RAB1bh %bh 73 73 + #define RCD1bh %dh 74 74 + 75 75 + #define RT0 %rsi 76 76 + #define RT1 %rbp 77 77 + #define RT2 %r8 78 78 + 79 79 + #define RT0d %esi 80 80 + #define RT1d %ebp 81 81 + #define RT2d %r8d 82 82 + 83 83 + #define RT2bl %r8b 84 84 + 85 85 + #define RXOR %r9 86 86 + #define RRBP %r10 87 87 + #define RDST %r11 88 88 + 89 89 + #define RXORd %r9d 90 90 + #define RXORbl %r9b 91 91 + 92 92 + #define xor2ror16(T0, T1, tmp1, tmp2, ab, dst) \ 93 93 + movzbl ab ## bl, tmp2 ## d; \ 94 94 + movzbl ab ## bh, tmp1 ## d; \ 95 95 + rorq $16, ab; \ 96 96 + xorq T0(, tmp2, 8), dst; \ 97 97 + xorq T1(, tmp1, 8), dst; 98 98 + 99 99 + /********************************************************************** 100 100 + 1-way camellia 101 101 + **********************************************************************/ 102 102 + #define roundsm(ab, subkey, cd) \ 103 103 + movq (key_table + ((subkey) * 2) * 4)(CTX), RT2; \ 104 104 + \ 105 105 + xor2ror16(sp00444404, sp03303033, RT0, RT1, ab ## 0, cd ## 0); \ 106 106 + xor2ror16(sp22000222, sp10011110, RT0, RT1, ab ## 0, RT2); \ 107 107 + xor2ror16(sp11101110, sp44044404, RT0, RT1, ab ## 0, cd ## 0); \ 108 108 + xor2ror16(sp30333033, sp02220222, RT0, RT1, ab ## 0, RT2); \ 109 109 + \ 110 110 + xorq RT2, cd ## 0; 111 111 + 112 112 + #define fls(l, r, kl, kr) \ 113 113 + movl (key_table + ((kl) * 2) * 4)(CTX), RT0d; \ 114 114 + andl l ## 0d, RT0d; \ 115 115 + roll $1, RT0d; \ 116 116 + shlq $32, RT0; \ 117 117 + xorq RT0, l ## 0; \ 118 118 + movq (key_table + ((kr) * 2) * 4)(CTX), RT1; \ 119 119 + orq r ## 0, RT1; \ 120 120 + shrq $32, RT1; \ 121 121 + xorq RT1, r ## 0; \ 122 122 + \ 123 123 + movq (key_table + ((kl) * 2) * 4)(CTX), RT2; \ 124 124 + orq l ## 0, RT2; \ 125 125 + shrq $32, RT2; \ 126 126 + xorq RT2, l ## 0; \ 127 127 + movl (key_table + ((kr) * 2) * 4)(CTX), RT0d; \ 128 128 + andl r ## 0d, RT0d; \ 129 129 + roll $1, RT0d; \ 130 130 + shlq $32, RT0; \ 131 131 + xorq RT0, r ## 0; 132 132 + 133 133 + #define enc_rounds(i) \ 134 134 + roundsm(RAB, i + 2, RCD); \ 135 135 + roundsm(RCD, i + 3, RAB); \ 136 136 + roundsm(RAB, i + 4, RCD); \ 137 137 + roundsm(RCD, i + 5, RAB); \ 138 138 + roundsm(RAB, i + 6, RCD); \ 139 139 + roundsm(RCD, i + 7, RAB); 140 140 + 141 141 + #define enc_fls(i) \ 142 142 + fls(RAB, RCD, i + 0, i + 1); 143 143 + 144 144 + #define enc_inpack() \ 145 145 + movq (RIO), RAB0; \ 146 146 + bswapq RAB0; \ 147 147 + rolq $32, RAB0; \ 148 148 + movq 4*2(RIO), RCD0; \ 149 149 + bswapq RCD0; \ 150 150 + rorq $32, RCD0; \ 151 151 + xorq key_table(CTX), RAB0; 152 152 + 153 153 + #define enc_outunpack(op, max) \ 154 154 + xorq key_table(CTX, max, 8), RCD0; \ 155 155 + rorq $32, RCD0; \ 156 156 + bswapq RCD0; \ 157 157 + op ## q RCD0, (RIO); \ 158 158 + rolq $32, RAB0; \ 159 159 + bswapq RAB0; \ 160 160 + op ## q RAB0, 4*2(RIO); 161 161 + 162 162 + #define dec_rounds(i) \ 163 163 + roundsm(RAB, i + 7, RCD); \ 164 164 + roundsm(RCD, i + 6, RAB); \ 165 165 + roundsm(RAB, i + 5, RCD); \ 166 166 + roundsm(RCD, i + 4, RAB); \ 167 167 + roundsm(RAB, i + 3, RCD); \ 168 168 + roundsm(RCD, i + 2, RAB); 169 169 + 170 170 + #define dec_fls(i) \ 171 171 + fls(RAB, RCD, i + 1, i + 0); 172 172 + 173 173 + #define dec_inpack(max) \ 174 174 + movq (RIO), RAB0; \ 175 175 + bswapq RAB0; \ 176 176 + rolq $32, RAB0; \ 177 177 + movq 4*2(RIO), RCD0; \ 178 178 + bswapq RCD0; \ 179 179 + rorq $32, RCD0; \ 180 180 + xorq key_table(CTX, max, 8), RAB0; 181 181 + 182 182 + #define dec_outunpack() \ 183 183 + xorq key_table(CTX), RCD0; \ 184 184 + rorq $32, RCD0; \ 185 185 + bswapq RCD0; \ 186 186 + movq RCD0, (RIO); \ 187 187 + rolq $32, RAB0; \ 188 188 + bswapq RAB0; \ 189 189 + movq RAB0, 4*2(RIO); 190 190 + 191 191 + .global __camellia_enc_blk; 192 192 + .type __camellia_enc_blk,@function; 193 193 + 194 194 + __camellia_enc_blk: 195 195 + /* input: 196 196 + * %rdi: ctx, CTX 197 197 + * %rsi: dst 198 198 + * %rdx: src 199 199 + * %rcx: bool xor 200 200 + */ 201 201 + movq %rbp, RRBP; 202 202 + 203 203 + movq %rcx, RXOR; 204 204 + movq %rsi, RDST; 205 205 + movq %rdx, RIO; 206 206 + 207 207 + enc_inpack(); 208 208 + 209 209 + enc_rounds(0); 210 210 + enc_fls(8); 211 211 + enc_rounds(8); 212 212 + enc_fls(16); 213 213 + enc_rounds(16); 214 214 + movl $24, RT1d; /* max */ 215 215 + 216 216 + cmpb $16, key_length(CTX); 217 217 + je __enc_done; 218 218 + 219 219 + enc_fls(24); 220 220 + enc_rounds(24); 221 221 + movl $32, RT1d; /* max */ 222 222 + 223 223 + __enc_done: 224 224 + testb RXORbl, RXORbl; 225 225 + movq RDST, RIO; 226 226 + 227 227 + jnz __enc_xor; 228 228 + 229 229 + enc_outunpack(mov, RT1); 230 230 + 231 231 + movq RRBP, %rbp; 232 232 + ret; 233 233 + 234 234 + __enc_xor: 235 235 + enc_outunpack(xor, RT1); 236 236 + 237 237 + movq RRBP, %rbp; 238 238 + ret; 239 239 + 240 240 + .global camellia_dec_blk; 241 241 + .type camellia_dec_blk,@function; 242 242 + 243 243 + camellia_dec_blk: 244 244 + /* input: 245 245 + * %rdi: ctx, CTX 246 246 + * %rsi: dst 247 247 + * %rdx: src 248 248 + */ 249 249 + cmpl $16, key_length(CTX); 250 250 + movl $32, RT2d; 251 251 + movl $24, RXORd; 252 252 + cmovel RXORd, RT2d; /* max */ 253 253 + 254 254 + movq %rbp, RRBP; 255 255 + movq %rsi, RDST; 256 256 + movq %rdx, RIO; 257 257 + 258 258 + dec_inpack(RT2); 259 259 + 260 260 + cmpb $24, RT2bl; 261 261 + je __dec_rounds16; 262 262 + 263 263 + dec_rounds(24); 264 264 + dec_fls(24); 265 265 + 266 266 + __dec_rounds16: 267 267 + dec_rounds(16); 268 268 + dec_fls(16); 269 269 + dec_rounds(8); 270 270 + dec_fls(8); 271 271 + dec_rounds(0); 272 272 + 273 273 + movq RDST, RIO; 274 274 + 275 275 + dec_outunpack(); 276 276 + 277 277 + movq RRBP, %rbp; 278 278 + ret; 279 279 + 280 280 + /********************************************************************** 281 281 + 2-way camellia 282 282 + **********************************************************************/ 283 283 + #define roundsm2(ab, subkey, cd) \ 284 284 + movq (key_table + ((subkey) * 2) * 4)(CTX), RT2; \ 285 285 + xorq RT2, cd ## 1; \ 286 286 + \ 287 287 + xor2ror16(sp00444404, sp03303033, RT0, RT1, ab ## 0, cd ## 0); \ 288 288 + xor2ror16(sp22000222, sp10011110, RT0, RT1, ab ## 0, RT2); \ 289 289 + xor2ror16(sp11101110, sp44044404, RT0, RT1, ab ## 0, cd ## 0); \ 290 290 + xor2ror16(sp30333033, sp02220222, RT0, RT1, ab ## 0, RT2); \ 291 291 + \ 292 292 + xor2ror16(sp00444404, sp03303033, RT0, RT1, ab ## 1, cd ## 1); \ 293 293 + xorq RT2, cd ## 0; \ 294 294 + xor2ror16(sp22000222, sp10011110, RT0, RT1, ab ## 1, cd ## 1); \ 295 295 + xor2ror16(sp11101110, sp44044404, RT0, RT1, ab ## 1, cd ## 1); \ 296 296 + xor2ror16(sp30333033, sp02220222, RT0, RT1, ab ## 1, cd ## 1); 297 297 + 298 298 + #define fls2(l, r, kl, kr) \ 299 299 + movl (key_table + ((kl) * 2) * 4)(CTX), RT0d; \ 300 300 + andl l ## 0d, RT0d; \ 301 301 + roll $1, RT0d; \ 302 302 + shlq $32, RT0; \ 303 303 + xorq RT0, l ## 0; \ 304 304 + movq (key_table + ((kr) * 2) * 4)(CTX), RT1; \ 305 305 + orq r ## 0, RT1; \ 306 306 + shrq $32, RT1; \ 307 307 + xorq RT1, r ## 0; \ 308 308 + \ 309 309 + movl (key_table + ((kl) * 2) * 4)(CTX), RT2d; \ 310 310 + andl l ## 1d, RT2d; \ 311 311 + roll $1, RT2d; \ 312 312 + shlq $32, RT2; \ 313 313 + xorq RT2, l ## 1; \ 314 314 + movq (key_table + ((kr) * 2) * 4)(CTX), RT0; \ 315 315 + orq r ## 1, RT0; \ 316 316 + shrq $32, RT0; \ 317 317 + xorq RT0, r ## 1; \ 318 318 + \ 319 319 + movq (key_table + ((kl) * 2) * 4)(CTX), RT1; \ 320 320 + orq l ## 0, RT1; \ 321 321 + shrq $32, RT1; \ 322 322 + xorq RT1, l ## 0; \ 323 323 + movl (key_table + ((kr) * 2) * 4)(CTX), RT2d; \ 324 324 + andl r ## 0d, RT2d; \ 325 325 + roll $1, RT2d; \ 326 326 + shlq $32, RT2; \ 327 327 + xorq RT2, r ## 0; \ 328 328 + \ 329 329 + movq (key_table + ((kl) * 2) * 4)(CTX), RT0; \ 330 330 + orq l ## 1, RT0; \ 331 331 + shrq $32, RT0; \ 332 332 + xorq RT0, l ## 1; \ 333 333 + movl (key_table + ((kr) * 2) * 4)(CTX), RT1d; \ 334 334 + andl r ## 1d, RT1d; \ 335 335 + roll $1, RT1d; \ 336 336 + shlq $32, RT1; \ 337 337 + xorq RT1, r ## 1; 338 338 + 339 339 + #define enc_rounds2(i) \ 340 340 + roundsm2(RAB, i + 2, RCD); \ 341 341 + roundsm2(RCD, i + 3, RAB); \ 342 342 + roundsm2(RAB, i + 4, RCD); \ 343 343 + roundsm2(RCD, i + 5, RAB); \ 344 344 + roundsm2(RAB, i + 6, RCD); \ 345 345 + roundsm2(RCD, i + 7, RAB); 346 346 + 347 347 + #define enc_fls2(i) \ 348 348 + fls2(RAB, RCD, i + 0, i + 1); 349 349 + 350 350 + #define enc_inpack2() \ 351 351 + movq (RIO), RAB0; \ 352 352 + bswapq RAB0; \ 353 353 + rorq $32, RAB0; \ 354 354 + movq 4*2(RIO), RCD0; \ 355 355 + bswapq RCD0; \ 356 356 + rolq $32, RCD0; \ 357 357 + xorq key_table(CTX), RAB0; \ 358 358 + \ 359 359 + movq 8*2(RIO), RAB1; \ 360 360 + bswapq RAB1; \ 361 361 + rorq $32, RAB1; \ 362 362 + movq 12*2(RIO), RCD1; \ 363 363 + bswapq RCD1; \ 364 364 + rolq $32, RCD1; \ 365 365 + xorq key_table(CTX), RAB1; 366 366 + 367 367 + #define enc_outunpack2(op, max) \ 368 368 + xorq key_table(CTX, max, 8), RCD0; \ 369 369 + rolq $32, RCD0; \ 370 370 + bswapq RCD0; \ 371 371 + op ## q RCD0, (RIO); \ 372 372 + rorq $32, RAB0; \ 373 373 + bswapq RAB0; \ 374 374 + op ## q RAB0, 4*2(RIO); \ 375 375 + \ 376 376 + xorq key_table(CTX, max, 8), RCD1; \ 377 377 + rolq $32, RCD1; \ 378 378 + bswapq RCD1; \ 379 379 + op ## q RCD1, 8*2(RIO); \ 380 380 + rorq $32, RAB1; \ 381 381 + bswapq RAB1; \ 382 382 + op ## q RAB1, 12*2(RIO); 383 383 + 384 384 + #define dec_rounds2(i) \ 385 385 + roundsm2(RAB, i + 7, RCD); \ 386 386 + roundsm2(RCD, i + 6, RAB); \ 387 387 + roundsm2(RAB, i + 5, RCD); \ 388 388 + roundsm2(RCD, i + 4, RAB); \ 389 389 + roundsm2(RAB, i + 3, RCD); \ 390 390 + roundsm2(RCD, i + 2, RAB); 391 391 + 392 392 + #define dec_fls2(i) \ 393 393 + fls2(RAB, RCD, i + 1, i + 0); 394 394 + 395 395 + #define dec_inpack2(max) \ 396 396 + movq (RIO), RAB0; \ 397 397 + bswapq RAB0; \ 398 398 + rorq $32, RAB0; \ 399 399 + movq 4*2(RIO), RCD0; \ 400 400 + bswapq RCD0; \ 401 401 + rolq $32, RCD0; \ 402 402 + xorq key_table(CTX, max, 8), RAB0; \ 403 403 + \ 404 404 + movq 8*2(RIO), RAB1; \ 405 405 + bswapq RAB1; \ 406 406 + rorq $32, RAB1; \ 407 407 + movq 12*2(RIO), RCD1; \ 408 408 + bswapq RCD1; \ 409 409 + rolq $32, RCD1; \ 410 410 + xorq key_table(CTX, max, 8), RAB1; 411 411 + 412 412 + #define dec_outunpack2() \ 413 413 + xorq key_table(CTX), RCD0; \ 414 414 + rolq $32, RCD0; \ 415 415 + bswapq RCD0; \ 416 416 + movq RCD0, (RIO); \ 417 417 + rorq $32, RAB0; \ 418 418 + bswapq RAB0; \ 419 419 + movq RAB0, 4*2(RIO); \ 420 420 + \ 421 421 + xorq key_table(CTX), RCD1; \ 422 422 + rolq $32, RCD1; \ 423 423 + bswapq RCD1; \ 424 424 + movq RCD1, 8*2(RIO); \ 425 425 + rorq $32, RAB1; \ 426 426 + bswapq RAB1; \ 427 427 + movq RAB1, 12*2(RIO); 428 428 + 429 429 + .global __camellia_enc_blk_2way; 430 430 + .type __camellia_enc_blk_2way,@function; 431 431 + 432 432 + __camellia_enc_blk_2way: 433 433 + /* input: 434 434 + * %rdi: ctx, CTX 435 435 + * %rsi: dst 436 436 + * %rdx: src 437 437 + * %rcx: bool xor 438 438 + */ 439 439 + pushq %rbx; 440 440 + 441 441 + movq %rbp, RRBP; 442 442 + movq %rcx, RXOR; 443 443 + movq %rsi, RDST; 444 444 + movq %rdx, RIO; 445 445 + 446 446 + enc_inpack2(); 447 447 + 448 448 + enc_rounds2(0); 449 449 + enc_fls2(8); 450 450 + enc_rounds2(8); 451 451 + enc_fls2(16); 452 452 + enc_rounds2(16); 453 453 + movl $24, RT2d; /* max */ 454 454 + 455 455 + cmpb $16, key_length(CTX); 456 456 + je __enc2_done; 457 457 + 458 458 + enc_fls2(24); 459 459 + enc_rounds2(24); 460 460 + movl $32, RT2d; /* max */ 461 461 + 462 462 + __enc2_done: 463 463 + test RXORbl, RXORbl; 464 464 + movq RDST, RIO; 465 465 + jnz __enc2_xor; 466 466 + 467 467 + enc_outunpack2(mov, RT2); 468 468 + 469 469 + movq RRBP, %rbp; 470 470 + popq %rbx; 471 471 + ret; 472 472 + 473 473 + __enc2_xor: 474 474 + enc_outunpack2(xor, RT2); 475 475 + 476 476 + movq RRBP, %rbp; 477 477 + popq %rbx; 478 478 + ret; 479 479 + 480 480 + .global camellia_dec_blk_2way; 481 481 + .type camellia_dec_blk_2way,@function; 482 482 + 483 483 + camellia_dec_blk_2way: 484 484 + /* input: 485 485 + * %rdi: ctx, CTX 486 486 + * %rsi: dst 487 487 + * %rdx: src 488 488 + */ 489 489 + cmpl $16, key_length(CTX); 490 490 + movl $32, RT2d; 491 491 + movl $24, RXORd; 492 492 + cmovel RXORd, RT2d; /* max */ 493 493 + 494 494 + movq %rbx, RXOR; 495 495 + movq %rbp, RRBP; 496 496 + movq %rsi, RDST; 497 497 + movq %rdx, RIO; 498 498 + 499 499 + dec_inpack2(RT2); 500 500 + 501 501 + cmpb $24, RT2bl; 502 502 + je __dec2_rounds16; 503 503 + 504 504 + dec_rounds2(24); 505 505 + dec_fls2(24); 506 506 + 507 507 + __dec2_rounds16: 508 508 + dec_rounds2(16); 509 509 + dec_fls2(16); 510 510 + dec_rounds2(8); 511 511 + dec_fls2(8); 512 512 + dec_rounds2(0); 513 513 + 514 514 + movq RDST, RIO; 515 515 + 516 516 + dec_outunpack2(); 517 517 + 518 518 + movq RRBP, %rbp; 519 519 + movq RXOR, %rbx; 520 520 + ret;

+1952

arch/x86/crypto/camellia_glue.c

reviewed

··· 1 1 + /* 2 2 + * Glue Code for assembler optimized version of Camellia 3 3 + * 4 4 + * Copyright (c) 2012 Jussi Kivilinna <jussi.kivilinna@mbnet.fi> 5 5 + * 6 6 + * Camellia parts based on code by: 7 7 + * Copyright (C) 2006 NTT (Nippon Telegraph and Telephone Corporation) 8 8 + * CBC & ECB parts based on code (crypto/cbc.c,ecb.c) by: 9 9 + * Copyright (c) 2006 Herbert Xu <herbert@gondor.apana.org.au> 10 10 + * CTR part based on code (crypto/ctr.c) by: 11 11 + * (C) Copyright IBM Corp. 2007 - Joy Latten <latten@us.ibm.com> 12 12 + * 13 13 + * This program is free software; you can redistribute it and/or modify 14 14 + * it under the terms of the GNU General Public License as published by 15 15 + * the Free Software Foundation; either version 2 of the License, or 16 16 + * (at your option) any later version. 17 17 + * 18 18 + * This program is distributed in the hope that it will be useful, 19 19 + * but WITHOUT ANY WARRANTY; without even the implied warranty of 20 20 + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 21 21 + * GNU General Public License for more details. 22 22 + * 23 23 + * You should have received a copy of the GNU General Public License 24 24 + * along with this program; if not, write to the Free Software 25 25 + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 26 26 + * USA 27 27 + * 28 28 + */ 29 29 + 30 30 + #include <asm/processor.h> 31 31 + #include <asm/unaligned.h> 32 32 + #include <linux/crypto.h> 33 33 + #include <linux/init.h> 34 34 + #include <linux/module.h> 35 35 + #include <linux/types.h> 36 36 + #include <crypto/algapi.h> 37 37 + #include <crypto/b128ops.h> 38 38 + #include <crypto/lrw.h> 39 39 + #include <crypto/xts.h> 40 40 + 41 41 + #define CAMELLIA_MIN_KEY_SIZE 16 42 42 + #define CAMELLIA_MAX_KEY_SIZE 32 43 43 + #define CAMELLIA_BLOCK_SIZE 16 44 44 + #define CAMELLIA_TABLE_BYTE_LEN 272 45 45 + 46 46 + struct camellia_ctx { 47 47 + u64 key_table[CAMELLIA_TABLE_BYTE_LEN / sizeof(u64)]; 48 48 + u32 key_length; 49 49 + }; 50 50 + 51 51 + /* regular block cipher functions */ 52 52 + asmlinkage void __camellia_enc_blk(struct camellia_ctx *ctx, u8 *dst, 53 53 + const u8 *src, bool xor); 54 54 + asmlinkage void camellia_dec_blk(struct camellia_ctx *ctx, u8 *dst, 55 55 + const u8 *src); 56 56 + 57 57 + /* 2-way parallel cipher functions */ 58 58 + asmlinkage void __camellia_enc_blk_2way(struct camellia_ctx *ctx, u8 *dst, 59 59 + const u8 *src, bool xor); 60 60 + asmlinkage void camellia_dec_blk_2way(struct camellia_ctx *ctx, u8 *dst, 61 61 + const u8 *src); 62 62 + 63 63 + static inline void camellia_enc_blk(struct camellia_ctx *ctx, u8 *dst, 64 64 + const u8 *src) 65 65 + { 66 66 + __camellia_enc_blk(ctx, dst, src, false); 67 67 + } 68 68 + 69 69 + static inline void camellia_enc_blk_xor(struct camellia_ctx *ctx, u8 *dst, 70 70 + const u8 *src) 71 71 + { 72 72 + __camellia_enc_blk(ctx, dst, src, true); 73 73 + } 74 74 + 75 75 + static inline void camellia_enc_blk_2way(struct camellia_ctx *ctx, u8 *dst, 76 76 + const u8 *src) 77 77 + { 78 78 + __camellia_enc_blk_2way(ctx, dst, src, false); 79 79 + } 80 80 + 81 81 + static inline void camellia_enc_blk_xor_2way(struct camellia_ctx *ctx, u8 *dst, 82 82 + const u8 *src) 83 83 + { 84 84 + __camellia_enc_blk_2way(ctx, dst, src, true); 85 85 + } 86 86 + 87 87 + static void camellia_encrypt(struct crypto_tfm *tfm, u8 *dst, const u8 *src) 88 88 + { 89 89 + camellia_enc_blk(crypto_tfm_ctx(tfm), dst, src); 90 90 + } 91 91 + 92 92 + static void camellia_decrypt(struct crypto_tfm *tfm, u8 *dst, const u8 *src) 93 93 + { 94 94 + camellia_dec_blk(crypto_tfm_ctx(tfm), dst, src); 95 95 + } 96 96 + 97 97 + /* camellia sboxes */ 98 98 + const u64 camellia_sp10011110[256] = { 99 99 + 0x7000007070707000, 0x8200008282828200, 0x2c00002c2c2c2c00, 100 100 + 0xec0000ecececec00, 0xb30000b3b3b3b300, 0x2700002727272700, 101 101 + 0xc00000c0c0c0c000, 0xe50000e5e5e5e500, 0xe40000e4e4e4e400, 102 102 + 0x8500008585858500, 0x5700005757575700, 0x3500003535353500, 103 103 + 0xea0000eaeaeaea00, 0x0c00000c0c0c0c00, 0xae0000aeaeaeae00, 104 104 + 0x4100004141414100, 0x2300002323232300, 0xef0000efefefef00, 105 105 + 0x6b00006b6b6b6b00, 0x9300009393939300, 0x4500004545454500, 106 106 + 0x1900001919191900, 0xa50000a5a5a5a500, 0x2100002121212100, 107 107 + 0xed0000edededed00, 0x0e00000e0e0e0e00, 0x4f00004f4f4f4f00, 108 108 + 0x4e00004e4e4e4e00, 0x1d00001d1d1d1d00, 0x6500006565656500, 109 109 + 0x9200009292929200, 0xbd0000bdbdbdbd00, 0x8600008686868600, 110 110 + 0xb80000b8b8b8b800, 0xaf0000afafafaf00, 0x8f00008f8f8f8f00, 111 111 + 0x7c00007c7c7c7c00, 0xeb0000ebebebeb00, 0x1f00001f1f1f1f00, 112 112 + 0xce0000cececece00, 0x3e00003e3e3e3e00, 0x3000003030303000, 113 113 + 0xdc0000dcdcdcdc00, 0x5f00005f5f5f5f00, 0x5e00005e5e5e5e00, 114 114 + 0xc50000c5c5c5c500, 0x0b00000b0b0b0b00, 0x1a00001a1a1a1a00, 115 115 + 0xa60000a6a6a6a600, 0xe10000e1e1e1e100, 0x3900003939393900, 116 116 + 0xca0000cacacaca00, 0xd50000d5d5d5d500, 0x4700004747474700, 117 117 + 0x5d00005d5d5d5d00, 0x3d00003d3d3d3d00, 0xd90000d9d9d9d900, 118 118 + 0x0100000101010100, 0x5a00005a5a5a5a00, 0xd60000d6d6d6d600, 119 119 + 0x5100005151515100, 0x5600005656565600, 0x6c00006c6c6c6c00, 120 120 + 0x4d00004d4d4d4d00, 0x8b00008b8b8b8b00, 0x0d00000d0d0d0d00, 121 121 + 0x9a00009a9a9a9a00, 0x6600006666666600, 0xfb0000fbfbfbfb00, 122 122 + 0xcc0000cccccccc00, 0xb00000b0b0b0b000, 0x2d00002d2d2d2d00, 123 123 + 0x7400007474747400, 0x1200001212121200, 0x2b00002b2b2b2b00, 124 124 + 0x2000002020202000, 0xf00000f0f0f0f000, 0xb10000b1b1b1b100, 125 125 + 0x8400008484848400, 0x9900009999999900, 0xdf0000dfdfdfdf00, 126 126 + 0x4c00004c4c4c4c00, 0xcb0000cbcbcbcb00, 0xc20000c2c2c2c200, 127 127 + 0x3400003434343400, 0x7e00007e7e7e7e00, 0x7600007676767600, 128 128 + 0x0500000505050500, 0x6d00006d6d6d6d00, 0xb70000b7b7b7b700, 129 129 + 0xa90000a9a9a9a900, 0x3100003131313100, 0xd10000d1d1d1d100, 130 130 + 0x1700001717171700, 0x0400000404040400, 0xd70000d7d7d7d700, 131 131 + 0x1400001414141400, 0x5800005858585800, 0x3a00003a3a3a3a00, 132 132 + 0x6100006161616100, 0xde0000dededede00, 0x1b00001b1b1b1b00, 133 133 + 0x1100001111111100, 0x1c00001c1c1c1c00, 0x3200003232323200, 134 134 + 0x0f00000f0f0f0f00, 0x9c00009c9c9c9c00, 0x1600001616161600, 135 135 + 0x5300005353535300, 0x1800001818181800, 0xf20000f2f2f2f200, 136 136 + 0x2200002222222200, 0xfe0000fefefefe00, 0x4400004444444400, 137 137 + 0xcf0000cfcfcfcf00, 0xb20000b2b2b2b200, 0xc30000c3c3c3c300, 138 138 + 0xb50000b5b5b5b500, 0x7a00007a7a7a7a00, 0x9100009191919100, 139 139 + 0x2400002424242400, 0x0800000808080800, 0xe80000e8e8e8e800, 140 140 + 0xa80000a8a8a8a800, 0x6000006060606000, 0xfc0000fcfcfcfc00, 141 141 + 0x6900006969696900, 0x5000005050505000, 0xaa0000aaaaaaaa00, 142 142 + 0xd00000d0d0d0d000, 0xa00000a0a0a0a000, 0x7d00007d7d7d7d00, 143 143 + 0xa10000a1a1a1a100, 0x8900008989898900, 0x6200006262626200, 144 144 + 0x9700009797979700, 0x5400005454545400, 0x5b00005b5b5b5b00, 145 145 + 0x1e00001e1e1e1e00, 0x9500009595959500, 0xe00000e0e0e0e000, 146 146 + 0xff0000ffffffff00, 0x6400006464646400, 0xd20000d2d2d2d200, 147 147 + 0x1000001010101000, 0xc40000c4c4c4c400, 0x0000000000000000, 148 148 + 0x4800004848484800, 0xa30000a3a3a3a300, 0xf70000f7f7f7f700, 149 149 + 0x7500007575757500, 0xdb0000dbdbdbdb00, 0x8a00008a8a8a8a00, 150 150 + 0x0300000303030300, 0xe60000e6e6e6e600, 0xda0000dadadada00, 151 151 + 0x0900000909090900, 0x3f00003f3f3f3f00, 0xdd0000dddddddd00, 152 152 + 0x9400009494949400, 0x8700008787878700, 0x5c00005c5c5c5c00, 153 153 + 0x8300008383838300, 0x0200000202020200, 0xcd0000cdcdcdcd00, 154 154 + 0x4a00004a4a4a4a00, 0x9000009090909000, 0x3300003333333300, 155 155 + 0x7300007373737300, 0x6700006767676700, 0xf60000f6f6f6f600, 156 156 + 0xf30000f3f3f3f300, 0x9d00009d9d9d9d00, 0x7f00007f7f7f7f00, 157 157 + 0xbf0000bfbfbfbf00, 0xe20000e2e2e2e200, 0x5200005252525200, 158 158 + 0x9b00009b9b9b9b00, 0xd80000d8d8d8d800, 0x2600002626262600, 159 159 + 0xc80000c8c8c8c800, 0x3700003737373700, 0xc60000c6c6c6c600, 160 160 + 0x3b00003b3b3b3b00, 0x8100008181818100, 0x9600009696969600, 161 161 + 0x6f00006f6f6f6f00, 0x4b00004b4b4b4b00, 0x1300001313131300, 162 162 + 0xbe0000bebebebe00, 0x6300006363636300, 0x2e00002e2e2e2e00, 163 163 + 0xe90000e9e9e9e900, 0x7900007979797900, 0xa70000a7a7a7a700, 164 164 + 0x8c00008c8c8c8c00, 0x9f00009f9f9f9f00, 0x6e00006e6e6e6e00, 165 165 + 0xbc0000bcbcbcbc00, 0x8e00008e8e8e8e00, 0x2900002929292900, 166 166 + 0xf50000f5f5f5f500, 0xf90000f9f9f9f900, 0xb60000b6b6b6b600, 167 167 + 0x2f00002f2f2f2f00, 0xfd0000fdfdfdfd00, 0xb40000b4b4b4b400, 168 168 + 0x5900005959595900, 0x7800007878787800, 0x9800009898989800, 169 169 + 0x0600000606060600, 0x6a00006a6a6a6a00, 0xe70000e7e7e7e700, 170 170 + 0x4600004646464600, 0x7100007171717100, 0xba0000babababa00, 171 171 + 0xd40000d4d4d4d400, 0x2500002525252500, 0xab0000abababab00, 172 172 + 0x4200004242424200, 0x8800008888888800, 0xa20000a2a2a2a200, 173 173 + 0x8d00008d8d8d8d00, 0xfa0000fafafafa00, 0x7200007272727200, 174 174 + 0x0700000707070700, 0xb90000b9b9b9b900, 0x5500005555555500, 175 175 + 0xf80000f8f8f8f800, 0xee0000eeeeeeee00, 0xac0000acacacac00, 176 176 + 0x0a00000a0a0a0a00, 0x3600003636363600, 0x4900004949494900, 177 177 + 0x2a00002a2a2a2a00, 0x6800006868686800, 0x3c00003c3c3c3c00, 178 178 + 0x3800003838383800, 0xf10000f1f1f1f100, 0xa40000a4a4a4a400, 179 179 + 0x4000004040404000, 0x2800002828282800, 0xd30000d3d3d3d300, 180 180 + 0x7b00007b7b7b7b00, 0xbb0000bbbbbbbb00, 0xc90000c9c9c9c900, 181 181 + 0x4300004343434300, 0xc10000c1c1c1c100, 0x1500001515151500, 182 182 + 0xe30000e3e3e3e300, 0xad0000adadadad00, 0xf40000f4f4f4f400, 183 183 + 0x7700007777777700, 0xc70000c7c7c7c700, 0x8000008080808000, 184 184 + 0x9e00009e9e9e9e00, 185 185 + }; 186 186 + 187 187 + const u64 camellia_sp22000222[256] = { 188 188 + 0xe0e0000000e0e0e0, 0x0505000000050505, 0x5858000000585858, 189 189 + 0xd9d9000000d9d9d9, 0x6767000000676767, 0x4e4e0000004e4e4e, 190 190 + 0x8181000000818181, 0xcbcb000000cbcbcb, 0xc9c9000000c9c9c9, 191 191 + 0x0b0b0000000b0b0b, 0xaeae000000aeaeae, 0x6a6a0000006a6a6a, 192 192 + 0xd5d5000000d5d5d5, 0x1818000000181818, 0x5d5d0000005d5d5d, 193 193 + 0x8282000000828282, 0x4646000000464646, 0xdfdf000000dfdfdf, 194 194 + 0xd6d6000000d6d6d6, 0x2727000000272727, 0x8a8a0000008a8a8a, 195 195 + 0x3232000000323232, 0x4b4b0000004b4b4b, 0x4242000000424242, 196 196 + 0xdbdb000000dbdbdb, 0x1c1c0000001c1c1c, 0x9e9e0000009e9e9e, 197 197 + 0x9c9c0000009c9c9c, 0x3a3a0000003a3a3a, 0xcaca000000cacaca, 198 198 + 0x2525000000252525, 0x7b7b0000007b7b7b, 0x0d0d0000000d0d0d, 199 199 + 0x7171000000717171, 0x5f5f0000005f5f5f, 0x1f1f0000001f1f1f, 200 200 + 0xf8f8000000f8f8f8, 0xd7d7000000d7d7d7, 0x3e3e0000003e3e3e, 201 201 + 0x9d9d0000009d9d9d, 0x7c7c0000007c7c7c, 0x6060000000606060, 202 202 + 0xb9b9000000b9b9b9, 0xbebe000000bebebe, 0xbcbc000000bcbcbc, 203 203 + 0x8b8b0000008b8b8b, 0x1616000000161616, 0x3434000000343434, 204 204 + 0x4d4d0000004d4d4d, 0xc3c3000000c3c3c3, 0x7272000000727272, 205 205 + 0x9595000000959595, 0xabab000000ababab, 0x8e8e0000008e8e8e, 206 206 + 0xbaba000000bababa, 0x7a7a0000007a7a7a, 0xb3b3000000b3b3b3, 207 207 + 0x0202000000020202, 0xb4b4000000b4b4b4, 0xadad000000adadad, 208 208 + 0xa2a2000000a2a2a2, 0xacac000000acacac, 0xd8d8000000d8d8d8, 209 209 + 0x9a9a0000009a9a9a, 0x1717000000171717, 0x1a1a0000001a1a1a, 210 210 + 0x3535000000353535, 0xcccc000000cccccc, 0xf7f7000000f7f7f7, 211 211 + 0x9999000000999999, 0x6161000000616161, 0x5a5a0000005a5a5a, 212 212 + 0xe8e8000000e8e8e8, 0x2424000000242424, 0x5656000000565656, 213 213 + 0x4040000000404040, 0xe1e1000000e1e1e1, 0x6363000000636363, 214 214 + 0x0909000000090909, 0x3333000000333333, 0xbfbf000000bfbfbf, 215 215 + 0x9898000000989898, 0x9797000000979797, 0x8585000000858585, 216 216 + 0x6868000000686868, 0xfcfc000000fcfcfc, 0xecec000000ececec, 217 217 + 0x0a0a0000000a0a0a, 0xdada000000dadada, 0x6f6f0000006f6f6f, 218 218 + 0x5353000000535353, 0x6262000000626262, 0xa3a3000000a3a3a3, 219 219 + 0x2e2e0000002e2e2e, 0x0808000000080808, 0xafaf000000afafaf, 220 220 + 0x2828000000282828, 0xb0b0000000b0b0b0, 0x7474000000747474, 221 221 + 0xc2c2000000c2c2c2, 0xbdbd000000bdbdbd, 0x3636000000363636, 222 222 + 0x2222000000222222, 0x3838000000383838, 0x6464000000646464, 223 223 + 0x1e1e0000001e1e1e, 0x3939000000393939, 0x2c2c0000002c2c2c, 224 224 + 0xa6a6000000a6a6a6, 0x3030000000303030, 0xe5e5000000e5e5e5, 225 225 + 0x4444000000444444, 0xfdfd000000fdfdfd, 0x8888000000888888, 226 226 + 0x9f9f0000009f9f9f, 0x6565000000656565, 0x8787000000878787, 227 227 + 0x6b6b0000006b6b6b, 0xf4f4000000f4f4f4, 0x2323000000232323, 228 228 + 0x4848000000484848, 0x1010000000101010, 0xd1d1000000d1d1d1, 229 229 + 0x5151000000515151, 0xc0c0000000c0c0c0, 0xf9f9000000f9f9f9, 230 230 + 0xd2d2000000d2d2d2, 0xa0a0000000a0a0a0, 0x5555000000555555, 231 231 + 0xa1a1000000a1a1a1, 0x4141000000414141, 0xfafa000000fafafa, 232 232 + 0x4343000000434343, 0x1313000000131313, 0xc4c4000000c4c4c4, 233 233 + 0x2f2f0000002f2f2f, 0xa8a8000000a8a8a8, 0xb6b6000000b6b6b6, 234 234 + 0x3c3c0000003c3c3c, 0x2b2b0000002b2b2b, 0xc1c1000000c1c1c1, 235 235 + 0xffff000000ffffff, 0xc8c8000000c8c8c8, 0xa5a5000000a5a5a5, 236 236 + 0x2020000000202020, 0x8989000000898989, 0x0000000000000000, 237 237 + 0x9090000000909090, 0x4747000000474747, 0xefef000000efefef, 238 238 + 0xeaea000000eaeaea, 0xb7b7000000b7b7b7, 0x1515000000151515, 239 239 + 0x0606000000060606, 0xcdcd000000cdcdcd, 0xb5b5000000b5b5b5, 240 240 + 0x1212000000121212, 0x7e7e0000007e7e7e, 0xbbbb000000bbbbbb, 241 241 + 0x2929000000292929, 0x0f0f0000000f0f0f, 0xb8b8000000b8b8b8, 242 242 + 0x0707000000070707, 0x0404000000040404, 0x9b9b0000009b9b9b, 243 243 + 0x9494000000949494, 0x2121000000212121, 0x6666000000666666, 244 244 + 0xe6e6000000e6e6e6, 0xcece000000cecece, 0xeded000000ededed, 245 245 + 0xe7e7000000e7e7e7, 0x3b3b0000003b3b3b, 0xfefe000000fefefe, 246 246 + 0x7f7f0000007f7f7f, 0xc5c5000000c5c5c5, 0xa4a4000000a4a4a4, 247 247 + 0x3737000000373737, 0xb1b1000000b1b1b1, 0x4c4c0000004c4c4c, 248 248 + 0x9191000000919191, 0x6e6e0000006e6e6e, 0x8d8d0000008d8d8d, 249 249 + 0x7676000000767676, 0x0303000000030303, 0x2d2d0000002d2d2d, 250 250 + 0xdede000000dedede, 0x9696000000969696, 0x2626000000262626, 251 251 + 0x7d7d0000007d7d7d, 0xc6c6000000c6c6c6, 0x5c5c0000005c5c5c, 252 252 + 0xd3d3000000d3d3d3, 0xf2f2000000f2f2f2, 0x4f4f0000004f4f4f, 253 253 + 0x1919000000191919, 0x3f3f0000003f3f3f, 0xdcdc000000dcdcdc, 254 254 + 0x7979000000797979, 0x1d1d0000001d1d1d, 0x5252000000525252, 255 255 + 0xebeb000000ebebeb, 0xf3f3000000f3f3f3, 0x6d6d0000006d6d6d, 256 256 + 0x5e5e0000005e5e5e, 0xfbfb000000fbfbfb, 0x6969000000696969, 257 257 + 0xb2b2000000b2b2b2, 0xf0f0000000f0f0f0, 0x3131000000313131, 258 258 + 0x0c0c0000000c0c0c, 0xd4d4000000d4d4d4, 0xcfcf000000cfcfcf, 259 259 + 0x8c8c0000008c8c8c, 0xe2e2000000e2e2e2, 0x7575000000757575, 260 260 + 0xa9a9000000a9a9a9, 0x4a4a0000004a4a4a, 0x5757000000575757, 261 261 + 0x8484000000848484, 0x1111000000111111, 0x4545000000454545, 262 262 + 0x1b1b0000001b1b1b, 0xf5f5000000f5f5f5, 0xe4e4000000e4e4e4, 263 263 + 0x0e0e0000000e0e0e, 0x7373000000737373, 0xaaaa000000aaaaaa, 264 264 + 0xf1f1000000f1f1f1, 0xdddd000000dddddd, 0x5959000000595959, 265 265 + 0x1414000000141414, 0x6c6c0000006c6c6c, 0x9292000000929292, 266 266 + 0x5454000000545454, 0xd0d0000000d0d0d0, 0x7878000000787878, 267 267 + 0x7070000000707070, 0xe3e3000000e3e3e3, 0x4949000000494949, 268 268 + 0x8080000000808080, 0x5050000000505050, 0xa7a7000000a7a7a7, 269 269 + 0xf6f6000000f6f6f6, 0x7777000000777777, 0x9393000000939393, 270 270 + 0x8686000000868686, 0x8383000000838383, 0x2a2a0000002a2a2a, 271 271 + 0xc7c7000000c7c7c7, 0x5b5b0000005b5b5b, 0xe9e9000000e9e9e9, 272 272 + 0xeeee000000eeeeee, 0x8f8f0000008f8f8f, 0x0101000000010101, 273 273 + 0x3d3d0000003d3d3d, 274 274 + }; 275 275 + 276 276 + const u64 camellia_sp03303033[256] = { 277 277 + 0x0038380038003838, 0x0041410041004141, 0x0016160016001616, 278 278 + 0x0076760076007676, 0x00d9d900d900d9d9, 0x0093930093009393, 279 279 + 0x0060600060006060, 0x00f2f200f200f2f2, 0x0072720072007272, 280 280 + 0x00c2c200c200c2c2, 0x00abab00ab00abab, 0x009a9a009a009a9a, 281 281 + 0x0075750075007575, 0x0006060006000606, 0x0057570057005757, 282 282 + 0x00a0a000a000a0a0, 0x0091910091009191, 0x00f7f700f700f7f7, 283 283 + 0x00b5b500b500b5b5, 0x00c9c900c900c9c9, 0x00a2a200a200a2a2, 284 284 + 0x008c8c008c008c8c, 0x00d2d200d200d2d2, 0x0090900090009090, 285 285 + 0x00f6f600f600f6f6, 0x0007070007000707, 0x00a7a700a700a7a7, 286 286 + 0x0027270027002727, 0x008e8e008e008e8e, 0x00b2b200b200b2b2, 287 287 + 0x0049490049004949, 0x00dede00de00dede, 0x0043430043004343, 288 288 + 0x005c5c005c005c5c, 0x00d7d700d700d7d7, 0x00c7c700c700c7c7, 289 289 + 0x003e3e003e003e3e, 0x00f5f500f500f5f5, 0x008f8f008f008f8f, 290 290 + 0x0067670067006767, 0x001f1f001f001f1f, 0x0018180018001818, 291 291 + 0x006e6e006e006e6e, 0x00afaf00af00afaf, 0x002f2f002f002f2f, 292 292 + 0x00e2e200e200e2e2, 0x0085850085008585, 0x000d0d000d000d0d, 293 293 + 0x0053530053005353, 0x00f0f000f000f0f0, 0x009c9c009c009c9c, 294 294 + 0x0065650065006565, 0x00eaea00ea00eaea, 0x00a3a300a300a3a3, 295 295 + 0x00aeae00ae00aeae, 0x009e9e009e009e9e, 0x00ecec00ec00ecec, 296 296 + 0x0080800080008080, 0x002d2d002d002d2d, 0x006b6b006b006b6b, 297 297 + 0x00a8a800a800a8a8, 0x002b2b002b002b2b, 0x0036360036003636, 298 298 + 0x00a6a600a600a6a6, 0x00c5c500c500c5c5, 0x0086860086008686, 299 299 + 0x004d4d004d004d4d, 0x0033330033003333, 0x00fdfd00fd00fdfd, 300 300 + 0x0066660066006666, 0x0058580058005858, 0x0096960096009696, 301 301 + 0x003a3a003a003a3a, 0x0009090009000909, 0x0095950095009595, 302 302 + 0x0010100010001010, 0x0078780078007878, 0x00d8d800d800d8d8, 303 303 + 0x0042420042004242, 0x00cccc00cc00cccc, 0x00efef00ef00efef, 304 304 + 0x0026260026002626, 0x00e5e500e500e5e5, 0x0061610061006161, 305 305 + 0x001a1a001a001a1a, 0x003f3f003f003f3f, 0x003b3b003b003b3b, 306 306 + 0x0082820082008282, 0x00b6b600b600b6b6, 0x00dbdb00db00dbdb, 307 307 + 0x00d4d400d400d4d4, 0x0098980098009898, 0x00e8e800e800e8e8, 308 308 + 0x008b8b008b008b8b, 0x0002020002000202, 0x00ebeb00eb00ebeb, 309 309 + 0x000a0a000a000a0a, 0x002c2c002c002c2c, 0x001d1d001d001d1d, 310 310 + 0x00b0b000b000b0b0, 0x006f6f006f006f6f, 0x008d8d008d008d8d, 311 311 + 0x0088880088008888, 0x000e0e000e000e0e, 0x0019190019001919, 312 312 + 0x0087870087008787, 0x004e4e004e004e4e, 0x000b0b000b000b0b, 313 313 + 0x00a9a900a900a9a9, 0x000c0c000c000c0c, 0x0079790079007979, 314 314 + 0x0011110011001111, 0x007f7f007f007f7f, 0x0022220022002222, 315 315 + 0x00e7e700e700e7e7, 0x0059590059005959, 0x00e1e100e100e1e1, 316 316 + 0x00dada00da00dada, 0x003d3d003d003d3d, 0x00c8c800c800c8c8, 317 317 + 0x0012120012001212, 0x0004040004000404, 0x0074740074007474, 318 318 + 0x0054540054005454, 0x0030300030003030, 0x007e7e007e007e7e, 319 319 + 0x00b4b400b400b4b4, 0x0028280028002828, 0x0055550055005555, 320 320 + 0x0068680068006868, 0x0050500050005050, 0x00bebe00be00bebe, 321 321 + 0x00d0d000d000d0d0, 0x00c4c400c400c4c4, 0x0031310031003131, 322 322 + 0x00cbcb00cb00cbcb, 0x002a2a002a002a2a, 0x00adad00ad00adad, 323 323 + 0x000f0f000f000f0f, 0x00caca00ca00caca, 0x0070700070007070, 324 324 + 0x00ffff00ff00ffff, 0x0032320032003232, 0x0069690069006969, 325 325 + 0x0008080008000808, 0x0062620062006262, 0x0000000000000000, 326 326 + 0x0024240024002424, 0x00d1d100d100d1d1, 0x00fbfb00fb00fbfb, 327 327 + 0x00baba00ba00baba, 0x00eded00ed00eded, 0x0045450045004545, 328 328 + 0x0081810081008181, 0x0073730073007373, 0x006d6d006d006d6d, 329 329 + 0x0084840084008484, 0x009f9f009f009f9f, 0x00eeee00ee00eeee, 330 330 + 0x004a4a004a004a4a, 0x00c3c300c300c3c3, 0x002e2e002e002e2e, 331 331 + 0x00c1c100c100c1c1, 0x0001010001000101, 0x00e6e600e600e6e6, 332 332 + 0x0025250025002525, 0x0048480048004848, 0x0099990099009999, 333 333 + 0x00b9b900b900b9b9, 0x00b3b300b300b3b3, 0x007b7b007b007b7b, 334 334 + 0x00f9f900f900f9f9, 0x00cece00ce00cece, 0x00bfbf00bf00bfbf, 335 335 + 0x00dfdf00df00dfdf, 0x0071710071007171, 0x0029290029002929, 336 336 + 0x00cdcd00cd00cdcd, 0x006c6c006c006c6c, 0x0013130013001313, 337 337 + 0x0064640064006464, 0x009b9b009b009b9b, 0x0063630063006363, 338 338 + 0x009d9d009d009d9d, 0x00c0c000c000c0c0, 0x004b4b004b004b4b, 339 339 + 0x00b7b700b700b7b7, 0x00a5a500a500a5a5, 0x0089890089008989, 340 340 + 0x005f5f005f005f5f, 0x00b1b100b100b1b1, 0x0017170017001717, 341 341 + 0x00f4f400f400f4f4, 0x00bcbc00bc00bcbc, 0x00d3d300d300d3d3, 342 342 + 0x0046460046004646, 0x00cfcf00cf00cfcf, 0x0037370037003737, 343 343 + 0x005e5e005e005e5e, 0x0047470047004747, 0x0094940094009494, 344 344 + 0x00fafa00fa00fafa, 0x00fcfc00fc00fcfc, 0x005b5b005b005b5b, 345 345 + 0x0097970097009797, 0x00fefe00fe00fefe, 0x005a5a005a005a5a, 346 346 + 0x00acac00ac00acac, 0x003c3c003c003c3c, 0x004c4c004c004c4c, 347 347 + 0x0003030003000303, 0x0035350035003535, 0x00f3f300f300f3f3, 348 348 + 0x0023230023002323, 0x00b8b800b800b8b8, 0x005d5d005d005d5d, 349 349 + 0x006a6a006a006a6a, 0x0092920092009292, 0x00d5d500d500d5d5, 350 350 + 0x0021210021002121, 0x0044440044004444, 0x0051510051005151, 351 351 + 0x00c6c600c600c6c6, 0x007d7d007d007d7d, 0x0039390039003939, 352 352 + 0x0083830083008383, 0x00dcdc00dc00dcdc, 0x00aaaa00aa00aaaa, 353 353 + 0x007c7c007c007c7c, 0x0077770077007777, 0x0056560056005656, 354 354 + 0x0005050005000505, 0x001b1b001b001b1b, 0x00a4a400a400a4a4, 355 355 + 0x0015150015001515, 0x0034340034003434, 0x001e1e001e001e1e, 356 356 + 0x001c1c001c001c1c, 0x00f8f800f800f8f8, 0x0052520052005252, 357 357 + 0x0020200020002020, 0x0014140014001414, 0x00e9e900e900e9e9, 358 358 + 0x00bdbd00bd00bdbd, 0x00dddd00dd00dddd, 0x00e4e400e400e4e4, 359 359 + 0x00a1a100a100a1a1, 0x00e0e000e000e0e0, 0x008a8a008a008a8a, 360 360 + 0x00f1f100f100f1f1, 0x00d6d600d600d6d6, 0x007a7a007a007a7a, 361 361 + 0x00bbbb00bb00bbbb, 0x00e3e300e300e3e3, 0x0040400040004040, 362 362 + 0x004f4f004f004f4f, 363 363 + }; 364 364 + 365 365 + const u64 camellia_sp00444404[256] = { 366 366 + 0x0000707070700070, 0x00002c2c2c2c002c, 0x0000b3b3b3b300b3, 367 367 + 0x0000c0c0c0c000c0, 0x0000e4e4e4e400e4, 0x0000575757570057, 368 368 + 0x0000eaeaeaea00ea, 0x0000aeaeaeae00ae, 0x0000232323230023, 369 369 + 0x00006b6b6b6b006b, 0x0000454545450045, 0x0000a5a5a5a500a5, 370 370 + 0x0000edededed00ed, 0x00004f4f4f4f004f, 0x00001d1d1d1d001d, 371 371 + 0x0000929292920092, 0x0000868686860086, 0x0000afafafaf00af, 372 372 + 0x00007c7c7c7c007c, 0x00001f1f1f1f001f, 0x00003e3e3e3e003e, 373 373 + 0x0000dcdcdcdc00dc, 0x00005e5e5e5e005e, 0x00000b0b0b0b000b, 374 374 + 0x0000a6a6a6a600a6, 0x0000393939390039, 0x0000d5d5d5d500d5, 375 375 + 0x00005d5d5d5d005d, 0x0000d9d9d9d900d9, 0x00005a5a5a5a005a, 376 376 + 0x0000515151510051, 0x00006c6c6c6c006c, 0x00008b8b8b8b008b, 377 377 + 0x00009a9a9a9a009a, 0x0000fbfbfbfb00fb, 0x0000b0b0b0b000b0, 378 378 + 0x0000747474740074, 0x00002b2b2b2b002b, 0x0000f0f0f0f000f0, 379 379 + 0x0000848484840084, 0x0000dfdfdfdf00df, 0x0000cbcbcbcb00cb, 380 380 + 0x0000343434340034, 0x0000767676760076, 0x00006d6d6d6d006d, 381 381 + 0x0000a9a9a9a900a9, 0x0000d1d1d1d100d1, 0x0000040404040004, 382 382 + 0x0000141414140014, 0x00003a3a3a3a003a, 0x0000dededede00de, 383 383 + 0x0000111111110011, 0x0000323232320032, 0x00009c9c9c9c009c, 384 384 + 0x0000535353530053, 0x0000f2f2f2f200f2, 0x0000fefefefe00fe, 385 385 + 0x0000cfcfcfcf00cf, 0x0000c3c3c3c300c3, 0x00007a7a7a7a007a, 386 386 + 0x0000242424240024, 0x0000e8e8e8e800e8, 0x0000606060600060, 387 387 + 0x0000696969690069, 0x0000aaaaaaaa00aa, 0x0000a0a0a0a000a0, 388 388 + 0x0000a1a1a1a100a1, 0x0000626262620062, 0x0000545454540054, 389 389 + 0x00001e1e1e1e001e, 0x0000e0e0e0e000e0, 0x0000646464640064, 390 390 + 0x0000101010100010, 0x0000000000000000, 0x0000a3a3a3a300a3, 391 391 + 0x0000757575750075, 0x00008a8a8a8a008a, 0x0000e6e6e6e600e6, 392 392 + 0x0000090909090009, 0x0000dddddddd00dd, 0x0000878787870087, 393 393 + 0x0000838383830083, 0x0000cdcdcdcd00cd, 0x0000909090900090, 394 394 + 0x0000737373730073, 0x0000f6f6f6f600f6, 0x00009d9d9d9d009d, 395 395 + 0x0000bfbfbfbf00bf, 0x0000525252520052, 0x0000d8d8d8d800d8, 396 396 + 0x0000c8c8c8c800c8, 0x0000c6c6c6c600c6, 0x0000818181810081, 397 397 + 0x00006f6f6f6f006f, 0x0000131313130013, 0x0000636363630063, 398 398 + 0x0000e9e9e9e900e9, 0x0000a7a7a7a700a7, 0x00009f9f9f9f009f, 399 399 + 0x0000bcbcbcbc00bc, 0x0000292929290029, 0x0000f9f9f9f900f9, 400 400 + 0x00002f2f2f2f002f, 0x0000b4b4b4b400b4, 0x0000787878780078, 401 401 + 0x0000060606060006, 0x0000e7e7e7e700e7, 0x0000717171710071, 402 402 + 0x0000d4d4d4d400d4, 0x0000abababab00ab, 0x0000888888880088, 403 403 + 0x00008d8d8d8d008d, 0x0000727272720072, 0x0000b9b9b9b900b9, 404 404 + 0x0000f8f8f8f800f8, 0x0000acacacac00ac, 0x0000363636360036, 405 405 + 0x00002a2a2a2a002a, 0x00003c3c3c3c003c, 0x0000f1f1f1f100f1, 406 406 + 0x0000404040400040, 0x0000d3d3d3d300d3, 0x0000bbbbbbbb00bb, 407 407 + 0x0000434343430043, 0x0000151515150015, 0x0000adadadad00ad, 408 408 + 0x0000777777770077, 0x0000808080800080, 0x0000828282820082, 409 409 + 0x0000ecececec00ec, 0x0000272727270027, 0x0000e5e5e5e500e5, 410 410 + 0x0000858585850085, 0x0000353535350035, 0x00000c0c0c0c000c, 411 411 + 0x0000414141410041, 0x0000efefefef00ef, 0x0000939393930093, 412 412 + 0x0000191919190019, 0x0000212121210021, 0x00000e0e0e0e000e, 413 413 + 0x00004e4e4e4e004e, 0x0000656565650065, 0x0000bdbdbdbd00bd, 414 414 + 0x0000b8b8b8b800b8, 0x00008f8f8f8f008f, 0x0000ebebebeb00eb, 415 415 + 0x0000cececece00ce, 0x0000303030300030, 0x00005f5f5f5f005f, 416 416 + 0x0000c5c5c5c500c5, 0x00001a1a1a1a001a, 0x0000e1e1e1e100e1, 417 417 + 0x0000cacacaca00ca, 0x0000474747470047, 0x00003d3d3d3d003d, 418 418 + 0x0000010101010001, 0x0000d6d6d6d600d6, 0x0000565656560056, 419 419 + 0x00004d4d4d4d004d, 0x00000d0d0d0d000d, 0x0000666666660066, 420 420 + 0x0000cccccccc00cc, 0x00002d2d2d2d002d, 0x0000121212120012, 421 421 + 0x0000202020200020, 0x0000b1b1b1b100b1, 0x0000999999990099, 422 422 + 0x00004c4c4c4c004c, 0x0000c2c2c2c200c2, 0x00007e7e7e7e007e, 423 423 + 0x0000050505050005, 0x0000b7b7b7b700b7, 0x0000313131310031, 424 424 + 0x0000171717170017, 0x0000d7d7d7d700d7, 0x0000585858580058, 425 425 + 0x0000616161610061, 0x00001b1b1b1b001b, 0x00001c1c1c1c001c, 426 426 + 0x00000f0f0f0f000f, 0x0000161616160016, 0x0000181818180018, 427 427 + 0x0000222222220022, 0x0000444444440044, 0x0000b2b2b2b200b2, 428 428 + 0x0000b5b5b5b500b5, 0x0000919191910091, 0x0000080808080008, 429 429 + 0x0000a8a8a8a800a8, 0x0000fcfcfcfc00fc, 0x0000505050500050, 430 430 + 0x0000d0d0d0d000d0, 0x00007d7d7d7d007d, 0x0000898989890089, 431 431 + 0x0000979797970097, 0x00005b5b5b5b005b, 0x0000959595950095, 432 432 + 0x0000ffffffff00ff, 0x0000d2d2d2d200d2, 0x0000c4c4c4c400c4, 433 433 + 0x0000484848480048, 0x0000f7f7f7f700f7, 0x0000dbdbdbdb00db, 434 434 + 0x0000030303030003, 0x0000dadadada00da, 0x00003f3f3f3f003f, 435 435 + 0x0000949494940094, 0x00005c5c5c5c005c, 0x0000020202020002, 436 436 + 0x00004a4a4a4a004a, 0x0000333333330033, 0x0000676767670067, 437 437 + 0x0000f3f3f3f300f3, 0x00007f7f7f7f007f, 0x0000e2e2e2e200e2, 438 438 + 0x00009b9b9b9b009b, 0x0000262626260026, 0x0000373737370037, 439 439 + 0x00003b3b3b3b003b, 0x0000969696960096, 0x00004b4b4b4b004b, 440 440 + 0x0000bebebebe00be, 0x00002e2e2e2e002e, 0x0000797979790079, 441 441 + 0x00008c8c8c8c008c, 0x00006e6e6e6e006e, 0x00008e8e8e8e008e, 442 442 + 0x0000f5f5f5f500f5, 0x0000b6b6b6b600b6, 0x0000fdfdfdfd00fd, 443 443 + 0x0000595959590059, 0x0000989898980098, 0x00006a6a6a6a006a, 444 444 + 0x0000464646460046, 0x0000babababa00ba, 0x0000252525250025, 445 445 + 0x0000424242420042, 0x0000a2a2a2a200a2, 0x0000fafafafa00fa, 446 446 + 0x0000070707070007, 0x0000555555550055, 0x0000eeeeeeee00ee, 447 447 + 0x00000a0a0a0a000a, 0x0000494949490049, 0x0000686868680068, 448 448 + 0x0000383838380038, 0x0000a4a4a4a400a4, 0x0000282828280028, 449 449 + 0x00007b7b7b7b007b, 0x0000c9c9c9c900c9, 0x0000c1c1c1c100c1, 450 450 + 0x0000e3e3e3e300e3, 0x0000f4f4f4f400f4, 0x0000c7c7c7c700c7, 451 451 + 0x00009e9e9e9e009e, 452 452 + }; 453 453 + 454 454 + const u64 camellia_sp02220222[256] = { 455 455 + 0x00e0e0e000e0e0e0, 0x0005050500050505, 0x0058585800585858, 456 456 + 0x00d9d9d900d9d9d9, 0x0067676700676767, 0x004e4e4e004e4e4e, 457 457 + 0x0081818100818181, 0x00cbcbcb00cbcbcb, 0x00c9c9c900c9c9c9, 458 458 + 0x000b0b0b000b0b0b, 0x00aeaeae00aeaeae, 0x006a6a6a006a6a6a, 459 459 + 0x00d5d5d500d5d5d5, 0x0018181800181818, 0x005d5d5d005d5d5d, 460 460 + 0x0082828200828282, 0x0046464600464646, 0x00dfdfdf00dfdfdf, 461 461 + 0x00d6d6d600d6d6d6, 0x0027272700272727, 0x008a8a8a008a8a8a, 462 462 + 0x0032323200323232, 0x004b4b4b004b4b4b, 0x0042424200424242, 463 463 + 0x00dbdbdb00dbdbdb, 0x001c1c1c001c1c1c, 0x009e9e9e009e9e9e, 464 464 + 0x009c9c9c009c9c9c, 0x003a3a3a003a3a3a, 0x00cacaca00cacaca, 465 465 + 0x0025252500252525, 0x007b7b7b007b7b7b, 0x000d0d0d000d0d0d, 466 466 + 0x0071717100717171, 0x005f5f5f005f5f5f, 0x001f1f1f001f1f1f, 467 467 + 0x00f8f8f800f8f8f8, 0x00d7d7d700d7d7d7, 0x003e3e3e003e3e3e, 468 468 + 0x009d9d9d009d9d9d, 0x007c7c7c007c7c7c, 0x0060606000606060, 469 469 + 0x00b9b9b900b9b9b9, 0x00bebebe00bebebe, 0x00bcbcbc00bcbcbc, 470 470 + 0x008b8b8b008b8b8b, 0x0016161600161616, 0x0034343400343434, 471 471 + 0x004d4d4d004d4d4d, 0x00c3c3c300c3c3c3, 0x0072727200727272, 472 472 + 0x0095959500959595, 0x00ababab00ababab, 0x008e8e8e008e8e8e, 473 473 + 0x00bababa00bababa, 0x007a7a7a007a7a7a, 0x00b3b3b300b3b3b3, 474 474 + 0x0002020200020202, 0x00b4b4b400b4b4b4, 0x00adadad00adadad, 475 475 + 0x00a2a2a200a2a2a2, 0x00acacac00acacac, 0x00d8d8d800d8d8d8, 476 476 + 0x009a9a9a009a9a9a, 0x0017171700171717, 0x001a1a1a001a1a1a, 477 477 + 0x0035353500353535, 0x00cccccc00cccccc, 0x00f7f7f700f7f7f7, 478 478 + 0x0099999900999999, 0x0061616100616161, 0x005a5a5a005a5a5a, 479 479 + 0x00e8e8e800e8e8e8, 0x0024242400242424, 0x0056565600565656, 480 480 + 0x0040404000404040, 0x00e1e1e100e1e1e1, 0x0063636300636363, 481 481 + 0x0009090900090909, 0x0033333300333333, 0x00bfbfbf00bfbfbf, 482 482 + 0x0098989800989898, 0x0097979700979797, 0x0085858500858585, 483 483 + 0x0068686800686868, 0x00fcfcfc00fcfcfc, 0x00ececec00ececec, 484 484 + 0x000a0a0a000a0a0a, 0x00dadada00dadada, 0x006f6f6f006f6f6f, 485 485 + 0x0053535300535353, 0x0062626200626262, 0x00a3a3a300a3a3a3, 486 486 + 0x002e2e2e002e2e2e, 0x0008080800080808, 0x00afafaf00afafaf, 487 487 + 0x0028282800282828, 0x00b0b0b000b0b0b0, 0x0074747400747474, 488 488 + 0x00c2c2c200c2c2c2, 0x00bdbdbd00bdbdbd, 0x0036363600363636, 489 489 + 0x0022222200222222, 0x0038383800383838, 0x0064646400646464, 490 490 + 0x001e1e1e001e1e1e, 0x0039393900393939, 0x002c2c2c002c2c2c, 491 491 + 0x00a6a6a600a6a6a6, 0x0030303000303030, 0x00e5e5e500e5e5e5, 492 492 + 0x0044444400444444, 0x00fdfdfd00fdfdfd, 0x0088888800888888, 493 493 + 0x009f9f9f009f9f9f, 0x0065656500656565, 0x0087878700878787, 494 494 + 0x006b6b6b006b6b6b, 0x00f4f4f400f4f4f4, 0x0023232300232323, 495 495 + 0x0048484800484848, 0x0010101000101010, 0x00d1d1d100d1d1d1, 496 496 + 0x0051515100515151, 0x00c0c0c000c0c0c0, 0x00f9f9f900f9f9f9, 497 497 + 0x00d2d2d200d2d2d2, 0x00a0a0a000a0a0a0, 0x0055555500555555, 498 498 + 0x00a1a1a100a1a1a1, 0x0041414100414141, 0x00fafafa00fafafa, 499 499 + 0x0043434300434343, 0x0013131300131313, 0x00c4c4c400c4c4c4, 500 500 + 0x002f2f2f002f2f2f, 0x00a8a8a800a8a8a8, 0x00b6b6b600b6b6b6, 501 501 + 0x003c3c3c003c3c3c, 0x002b2b2b002b2b2b, 0x00c1c1c100c1c1c1, 502 502 + 0x00ffffff00ffffff, 0x00c8c8c800c8c8c8, 0x00a5a5a500a5a5a5, 503 503 + 0x0020202000202020, 0x0089898900898989, 0x0000000000000000, 504 504 + 0x0090909000909090, 0x0047474700474747, 0x00efefef00efefef, 505 505 + 0x00eaeaea00eaeaea, 0x00b7b7b700b7b7b7, 0x0015151500151515, 506 506 + 0x0006060600060606, 0x00cdcdcd00cdcdcd, 0x00b5b5b500b5b5b5, 507 507 + 0x0012121200121212, 0x007e7e7e007e7e7e, 0x00bbbbbb00bbbbbb, 508 508 + 0x0029292900292929, 0x000f0f0f000f0f0f, 0x00b8b8b800b8b8b8, 509 509 + 0x0007070700070707, 0x0004040400040404, 0x009b9b9b009b9b9b, 510 510 + 0x0094949400949494, 0x0021212100212121, 0x0066666600666666, 511 511 + 0x00e6e6e600e6e6e6, 0x00cecece00cecece, 0x00ededed00ededed, 512 512 + 0x00e7e7e700e7e7e7, 0x003b3b3b003b3b3b, 0x00fefefe00fefefe, 513 513 + 0x007f7f7f007f7f7f, 0x00c5c5c500c5c5c5, 0x00a4a4a400a4a4a4, 514 514 + 0x0037373700373737, 0x00b1b1b100b1b1b1, 0x004c4c4c004c4c4c, 515 515 + 0x0091919100919191, 0x006e6e6e006e6e6e, 0x008d8d8d008d8d8d, 516 516 + 0x0076767600767676, 0x0003030300030303, 0x002d2d2d002d2d2d, 517 517 + 0x00dedede00dedede, 0x0096969600969696, 0x0026262600262626, 518 518 + 0x007d7d7d007d7d7d, 0x00c6c6c600c6c6c6, 0x005c5c5c005c5c5c, 519 519 + 0x00d3d3d300d3d3d3, 0x00f2f2f200f2f2f2, 0x004f4f4f004f4f4f, 520 520 + 0x0019191900191919, 0x003f3f3f003f3f3f, 0x00dcdcdc00dcdcdc, 521 521 + 0x0079797900797979, 0x001d1d1d001d1d1d, 0x0052525200525252, 522 522 + 0x00ebebeb00ebebeb, 0x00f3f3f300f3f3f3, 0x006d6d6d006d6d6d, 523 523 + 0x005e5e5e005e5e5e, 0x00fbfbfb00fbfbfb, 0x0069696900696969, 524 524 + 0x00b2b2b200b2b2b2, 0x00f0f0f000f0f0f0, 0x0031313100313131, 525 525 + 0x000c0c0c000c0c0c, 0x00d4d4d400d4d4d4, 0x00cfcfcf00cfcfcf, 526 526 + 0x008c8c8c008c8c8c, 0x00e2e2e200e2e2e2, 0x0075757500757575, 527 527 + 0x00a9a9a900a9a9a9, 0x004a4a4a004a4a4a, 0x0057575700575757, 528 528 + 0x0084848400848484, 0x0011111100111111, 0x0045454500454545, 529 529 + 0x001b1b1b001b1b1b, 0x00f5f5f500f5f5f5, 0x00e4e4e400e4e4e4, 530 530 + 0x000e0e0e000e0e0e, 0x0073737300737373, 0x00aaaaaa00aaaaaa, 531 531 + 0x00f1f1f100f1f1f1, 0x00dddddd00dddddd, 0x0059595900595959, 532 532 + 0x0014141400141414, 0x006c6c6c006c6c6c, 0x0092929200929292, 533 533 + 0x0054545400545454, 0x00d0d0d000d0d0d0, 0x0078787800787878, 534 534 + 0x0070707000707070, 0x00e3e3e300e3e3e3, 0x0049494900494949, 535 535 + 0x0080808000808080, 0x0050505000505050, 0x00a7a7a700a7a7a7, 536 536 + 0x00f6f6f600f6f6f6, 0x0077777700777777, 0x0093939300939393, 537 537 + 0x0086868600868686, 0x0083838300838383, 0x002a2a2a002a2a2a, 538 538 + 0x00c7c7c700c7c7c7, 0x005b5b5b005b5b5b, 0x00e9e9e900e9e9e9, 539 539 + 0x00eeeeee00eeeeee, 0x008f8f8f008f8f8f, 0x0001010100010101, 540 540 + 0x003d3d3d003d3d3d, 541 541 + }; 542 542 + 543 543 + const u64 camellia_sp30333033[256] = { 544 544 + 0x3800383838003838, 0x4100414141004141, 0x1600161616001616, 545 545 + 0x7600767676007676, 0xd900d9d9d900d9d9, 0x9300939393009393, 546 546 + 0x6000606060006060, 0xf200f2f2f200f2f2, 0x7200727272007272, 547 547 + 0xc200c2c2c200c2c2, 0xab00ababab00abab, 0x9a009a9a9a009a9a, 548 548 + 0x7500757575007575, 0x0600060606000606, 0x5700575757005757, 549 549 + 0xa000a0a0a000a0a0, 0x9100919191009191, 0xf700f7f7f700f7f7, 550 550 + 0xb500b5b5b500b5b5, 0xc900c9c9c900c9c9, 0xa200a2a2a200a2a2, 551 551 + 0x8c008c8c8c008c8c, 0xd200d2d2d200d2d2, 0x9000909090009090, 552 552 + 0xf600f6f6f600f6f6, 0x0700070707000707, 0xa700a7a7a700a7a7, 553 553 + 0x2700272727002727, 0x8e008e8e8e008e8e, 0xb200b2b2b200b2b2, 554 554 + 0x4900494949004949, 0xde00dedede00dede, 0x4300434343004343, 555 555 + 0x5c005c5c5c005c5c, 0xd700d7d7d700d7d7, 0xc700c7c7c700c7c7, 556 556 + 0x3e003e3e3e003e3e, 0xf500f5f5f500f5f5, 0x8f008f8f8f008f8f, 557 557 + 0x6700676767006767, 0x1f001f1f1f001f1f, 0x1800181818001818, 558 558 + 0x6e006e6e6e006e6e, 0xaf00afafaf00afaf, 0x2f002f2f2f002f2f, 559 559 + 0xe200e2e2e200e2e2, 0x8500858585008585, 0x0d000d0d0d000d0d, 560 560 + 0x5300535353005353, 0xf000f0f0f000f0f0, 0x9c009c9c9c009c9c, 561 561 + 0x6500656565006565, 0xea00eaeaea00eaea, 0xa300a3a3a300a3a3, 562 562 + 0xae00aeaeae00aeae, 0x9e009e9e9e009e9e, 0xec00ececec00ecec, 563 563 + 0x8000808080008080, 0x2d002d2d2d002d2d, 0x6b006b6b6b006b6b, 564 564 + 0xa800a8a8a800a8a8, 0x2b002b2b2b002b2b, 0x3600363636003636, 565 565 + 0xa600a6a6a600a6a6, 0xc500c5c5c500c5c5, 0x8600868686008686, 566 566 + 0x4d004d4d4d004d4d, 0x3300333333003333, 0xfd00fdfdfd00fdfd, 567 567 + 0x6600666666006666, 0x5800585858005858, 0x9600969696009696, 568 568 + 0x3a003a3a3a003a3a, 0x0900090909000909, 0x9500959595009595, 569 569 + 0x1000101010001010, 0x7800787878007878, 0xd800d8d8d800d8d8, 570 570 + 0x4200424242004242, 0xcc00cccccc00cccc, 0xef00efefef00efef, 571 571 + 0x2600262626002626, 0xe500e5e5e500e5e5, 0x6100616161006161, 572 572 + 0x1a001a1a1a001a1a, 0x3f003f3f3f003f3f, 0x3b003b3b3b003b3b, 573 573 + 0x8200828282008282, 0xb600b6b6b600b6b6, 0xdb00dbdbdb00dbdb, 574 574 + 0xd400d4d4d400d4d4, 0x9800989898009898, 0xe800e8e8e800e8e8, 575 575 + 0x8b008b8b8b008b8b, 0x0200020202000202, 0xeb00ebebeb00ebeb, 576 576 + 0x0a000a0a0a000a0a, 0x2c002c2c2c002c2c, 0x1d001d1d1d001d1d, 577 577 + 0xb000b0b0b000b0b0, 0x6f006f6f6f006f6f, 0x8d008d8d8d008d8d, 578 578 + 0x8800888888008888, 0x0e000e0e0e000e0e, 0x1900191919001919, 579 579 + 0x8700878787008787, 0x4e004e4e4e004e4e, 0x0b000b0b0b000b0b, 580 580 + 0xa900a9a9a900a9a9, 0x0c000c0c0c000c0c, 0x7900797979007979, 581 581 + 0x1100111111001111, 0x7f007f7f7f007f7f, 0x2200222222002222, 582 582 + 0xe700e7e7e700e7e7, 0x5900595959005959, 0xe100e1e1e100e1e1, 583 583 + 0xda00dadada00dada, 0x3d003d3d3d003d3d, 0xc800c8c8c800c8c8, 584 584 + 0x1200121212001212, 0x0400040404000404, 0x7400747474007474, 585 585 + 0x5400545454005454, 0x3000303030003030, 0x7e007e7e7e007e7e, 586 586 + 0xb400b4b4b400b4b4, 0x2800282828002828, 0x5500555555005555, 587 587 + 0x6800686868006868, 0x5000505050005050, 0xbe00bebebe00bebe, 588 588 + 0xd000d0d0d000d0d0, 0xc400c4c4c400c4c4, 0x3100313131003131, 589 589 + 0xcb00cbcbcb00cbcb, 0x2a002a2a2a002a2a, 0xad00adadad00adad, 590 590 + 0x0f000f0f0f000f0f, 0xca00cacaca00caca, 0x7000707070007070, 591 591 + 0xff00ffffff00ffff, 0x3200323232003232, 0x6900696969006969, 592 592 + 0x0800080808000808, 0x6200626262006262, 0x0000000000000000, 593 593 + 0x2400242424002424, 0xd100d1d1d100d1d1, 0xfb00fbfbfb00fbfb, 594 594 + 0xba00bababa00baba, 0xed00ededed00eded, 0x4500454545004545, 595 595 + 0x8100818181008181, 0x7300737373007373, 0x6d006d6d6d006d6d, 596 596 + 0x8400848484008484, 0x9f009f9f9f009f9f, 0xee00eeeeee00eeee, 597 597 + 0x4a004a4a4a004a4a, 0xc300c3c3c300c3c3, 0x2e002e2e2e002e2e, 598 598 + 0xc100c1c1c100c1c1, 0x0100010101000101, 0xe600e6e6e600e6e6, 599 599 + 0x2500252525002525, 0x4800484848004848, 0x9900999999009999, 600 600 + 0xb900b9b9b900b9b9, 0xb300b3b3b300b3b3, 0x7b007b7b7b007b7b, 601 601 + 0xf900f9f9f900f9f9, 0xce00cecece00cece, 0xbf00bfbfbf00bfbf, 602 602 + 0xdf00dfdfdf00dfdf, 0x7100717171007171, 0x2900292929002929, 603 603 + 0xcd00cdcdcd00cdcd, 0x6c006c6c6c006c6c, 0x1300131313001313, 604 604 + 0x6400646464006464, 0x9b009b9b9b009b9b, 0x6300636363006363, 605 605 + 0x9d009d9d9d009d9d, 0xc000c0c0c000c0c0, 0x4b004b4b4b004b4b, 606 606 + 0xb700b7b7b700b7b7, 0xa500a5a5a500a5a5, 0x8900898989008989, 607 607 + 0x5f005f5f5f005f5f, 0xb100b1b1b100b1b1, 0x1700171717001717, 608 608 + 0xf400f4f4f400f4f4, 0xbc00bcbcbc00bcbc, 0xd300d3d3d300d3d3, 609 609 + 0x4600464646004646, 0xcf00cfcfcf00cfcf, 0x3700373737003737, 610 610 + 0x5e005e5e5e005e5e, 0x4700474747004747, 0x9400949494009494, 611 611 + 0xfa00fafafa00fafa, 0xfc00fcfcfc00fcfc, 0x5b005b5b5b005b5b, 612 612 + 0x9700979797009797, 0xfe00fefefe00fefe, 0x5a005a5a5a005a5a, 613 613 + 0xac00acacac00acac, 0x3c003c3c3c003c3c, 0x4c004c4c4c004c4c, 614 614 + 0x0300030303000303, 0x3500353535003535, 0xf300f3f3f300f3f3, 615 615 + 0x2300232323002323, 0xb800b8b8b800b8b8, 0x5d005d5d5d005d5d, 616 616 + 0x6a006a6a6a006a6a, 0x9200929292009292, 0xd500d5d5d500d5d5, 617 617 + 0x2100212121002121, 0x4400444444004444, 0x5100515151005151, 618 618 + 0xc600c6c6c600c6c6, 0x7d007d7d7d007d7d, 0x3900393939003939, 619 619 + 0x8300838383008383, 0xdc00dcdcdc00dcdc, 0xaa00aaaaaa00aaaa, 620 620 + 0x7c007c7c7c007c7c, 0x7700777777007777, 0x5600565656005656, 621 621 + 0x0500050505000505, 0x1b001b1b1b001b1b, 0xa400a4a4a400a4a4, 622 622 + 0x1500151515001515, 0x3400343434003434, 0x1e001e1e1e001e1e, 623 623 + 0x1c001c1c1c001c1c, 0xf800f8f8f800f8f8, 0x5200525252005252, 624 624 + 0x2000202020002020, 0x1400141414001414, 0xe900e9e9e900e9e9, 625 625 + 0xbd00bdbdbd00bdbd, 0xdd00dddddd00dddd, 0xe400e4e4e400e4e4, 626 626 + 0xa100a1a1a100a1a1, 0xe000e0e0e000e0e0, 0x8a008a8a8a008a8a, 627 627 + 0xf100f1f1f100f1f1, 0xd600d6d6d600d6d6, 0x7a007a7a7a007a7a, 628 628 + 0xbb00bbbbbb00bbbb, 0xe300e3e3e300e3e3, 0x4000404040004040, 629 629 + 0x4f004f4f4f004f4f, 630 630 + }; 631 631 + 632 632 + const u64 camellia_sp44044404[256] = { 633 633 + 0x7070007070700070, 0x2c2c002c2c2c002c, 0xb3b300b3b3b300b3, 634 634 + 0xc0c000c0c0c000c0, 0xe4e400e4e4e400e4, 0x5757005757570057, 635 635 + 0xeaea00eaeaea00ea, 0xaeae00aeaeae00ae, 0x2323002323230023, 636 636 + 0x6b6b006b6b6b006b, 0x4545004545450045, 0xa5a500a5a5a500a5, 637 637 + 0xeded00ededed00ed, 0x4f4f004f4f4f004f, 0x1d1d001d1d1d001d, 638 638 + 0x9292009292920092, 0x8686008686860086, 0xafaf00afafaf00af, 639 639 + 0x7c7c007c7c7c007c, 0x1f1f001f1f1f001f, 0x3e3e003e3e3e003e, 640 640 + 0xdcdc00dcdcdc00dc, 0x5e5e005e5e5e005e, 0x0b0b000b0b0b000b, 641 641 + 0xa6a600a6a6a600a6, 0x3939003939390039, 0xd5d500d5d5d500d5, 642 642 + 0x5d5d005d5d5d005d, 0xd9d900d9d9d900d9, 0x5a5a005a5a5a005a, 643 643 + 0x5151005151510051, 0x6c6c006c6c6c006c, 0x8b8b008b8b8b008b, 644 644 + 0x9a9a009a9a9a009a, 0xfbfb00fbfbfb00fb, 0xb0b000b0b0b000b0, 645 645 + 0x7474007474740074, 0x2b2b002b2b2b002b, 0xf0f000f0f0f000f0, 646 646 + 0x8484008484840084, 0xdfdf00dfdfdf00df, 0xcbcb00cbcbcb00cb, 647 647 + 0x3434003434340034, 0x7676007676760076, 0x6d6d006d6d6d006d, 648 648 + 0xa9a900a9a9a900a9, 0xd1d100d1d1d100d1, 0x0404000404040004, 649 649 + 0x1414001414140014, 0x3a3a003a3a3a003a, 0xdede00dedede00de, 650 650 + 0x1111001111110011, 0x3232003232320032, 0x9c9c009c9c9c009c, 651 651 + 0x5353005353530053, 0xf2f200f2f2f200f2, 0xfefe00fefefe00fe, 652 652 + 0xcfcf00cfcfcf00cf, 0xc3c300c3c3c300c3, 0x7a7a007a7a7a007a, 653 653 + 0x2424002424240024, 0xe8e800e8e8e800e8, 0x6060006060600060, 654 654 + 0x6969006969690069, 0xaaaa00aaaaaa00aa, 0xa0a000a0a0a000a0, 655 655 + 0xa1a100a1a1a100a1, 0x6262006262620062, 0x5454005454540054, 656 656 + 0x1e1e001e1e1e001e, 0xe0e000e0e0e000e0, 0x6464006464640064, 657 657 + 0x1010001010100010, 0x0000000000000000, 0xa3a300a3a3a300a3, 658 658 + 0x7575007575750075, 0x8a8a008a8a8a008a, 0xe6e600e6e6e600e6, 659 659 + 0x0909000909090009, 0xdddd00dddddd00dd, 0x8787008787870087, 660 660 + 0x8383008383830083, 0xcdcd00cdcdcd00cd, 0x9090009090900090, 661 661 + 0x7373007373730073, 0xf6f600f6f6f600f6, 0x9d9d009d9d9d009d, 662 662 + 0xbfbf00bfbfbf00bf, 0x5252005252520052, 0xd8d800d8d8d800d8, 663 663 + 0xc8c800c8c8c800c8, 0xc6c600c6c6c600c6, 0x8181008181810081, 664 664 + 0x6f6f006f6f6f006f, 0x1313001313130013, 0x6363006363630063, 665 665 + 0xe9e900e9e9e900e9, 0xa7a700a7a7a700a7, 0x9f9f009f9f9f009f, 666 666 + 0xbcbc00bcbcbc00bc, 0x2929002929290029, 0xf9f900f9f9f900f9, 667 667 + 0x2f2f002f2f2f002f, 0xb4b400b4b4b400b4, 0x7878007878780078, 668 668 + 0x0606000606060006, 0xe7e700e7e7e700e7, 0x7171007171710071, 669 669 + 0xd4d400d4d4d400d4, 0xabab00ababab00ab, 0x8888008888880088, 670 670 + 0x8d8d008d8d8d008d, 0x7272007272720072, 0xb9b900b9b9b900b9, 671 671 + 0xf8f800f8f8f800f8, 0xacac00acacac00ac, 0x3636003636360036, 672 672 + 0x2a2a002a2a2a002a, 0x3c3c003c3c3c003c, 0xf1f100f1f1f100f1, 673 673 + 0x4040004040400040, 0xd3d300d3d3d300d3, 0xbbbb00bbbbbb00bb, 674 674 + 0x4343004343430043, 0x1515001515150015, 0xadad00adadad00ad, 675 675 + 0x7777007777770077, 0x8080008080800080, 0x8282008282820082, 676 676 + 0xecec00ececec00ec, 0x2727002727270027, 0xe5e500e5e5e500e5, 677 677 + 0x8585008585850085, 0x3535003535350035, 0x0c0c000c0c0c000c, 678 678 + 0x4141004141410041, 0xefef00efefef00ef, 0x9393009393930093, 679 679 + 0x1919001919190019, 0x2121002121210021, 0x0e0e000e0e0e000e, 680 680 + 0x4e4e004e4e4e004e, 0x6565006565650065, 0xbdbd00bdbdbd00bd, 681 681 + 0xb8b800b8b8b800b8, 0x8f8f008f8f8f008f, 0xebeb00ebebeb00eb, 682 682 + 0xcece00cecece00ce, 0x3030003030300030, 0x5f5f005f5f5f005f, 683 683 + 0xc5c500c5c5c500c5, 0x1a1a001a1a1a001a, 0xe1e100e1e1e100e1, 684 684 + 0xcaca00cacaca00ca, 0x4747004747470047, 0x3d3d003d3d3d003d, 685 685 + 0x0101000101010001, 0xd6d600d6d6d600d6, 0x5656005656560056, 686 686 + 0x4d4d004d4d4d004d, 0x0d0d000d0d0d000d, 0x6666006666660066, 687 687 + 0xcccc00cccccc00cc, 0x2d2d002d2d2d002d, 0x1212001212120012, 688 688 + 0x2020002020200020, 0xb1b100b1b1b100b1, 0x9999009999990099, 689 689 + 0x4c4c004c4c4c004c, 0xc2c200c2c2c200c2, 0x7e7e007e7e7e007e, 690 690 + 0x0505000505050005, 0xb7b700b7b7b700b7, 0x3131003131310031, 691 691 + 0x1717001717170017, 0xd7d700d7d7d700d7, 0x5858005858580058, 692 692 + 0x6161006161610061, 0x1b1b001b1b1b001b, 0x1c1c001c1c1c001c, 693 693 + 0x0f0f000f0f0f000f, 0x1616001616160016, 0x1818001818180018, 694 694 + 0x2222002222220022, 0x4444004444440044, 0xb2b200b2b2b200b2, 695 695 + 0xb5b500b5b5b500b5, 0x9191009191910091, 0x0808000808080008, 696 696 + 0xa8a800a8a8a800a8, 0xfcfc00fcfcfc00fc, 0x5050005050500050, 697 697 + 0xd0d000d0d0d000d0, 0x7d7d007d7d7d007d, 0x8989008989890089, 698 698 + 0x9797009797970097, 0x5b5b005b5b5b005b, 0x9595009595950095, 699 699 + 0xffff00ffffff00ff, 0xd2d200d2d2d200d2, 0xc4c400c4c4c400c4, 700 700 + 0x4848004848480048, 0xf7f700f7f7f700f7, 0xdbdb00dbdbdb00db, 701 701 + 0x0303000303030003, 0xdada00dadada00da, 0x3f3f003f3f3f003f, 702 702 + 0x9494009494940094, 0x5c5c005c5c5c005c, 0x0202000202020002, 703 703 + 0x4a4a004a4a4a004a, 0x3333003333330033, 0x6767006767670067, 704 704 + 0xf3f300f3f3f300f3, 0x7f7f007f7f7f007f, 0xe2e200e2e2e200e2, 705 705 + 0x9b9b009b9b9b009b, 0x2626002626260026, 0x3737003737370037, 706 706 + 0x3b3b003b3b3b003b, 0x9696009696960096, 0x4b4b004b4b4b004b, 707 707 + 0xbebe00bebebe00be, 0x2e2e002e2e2e002e, 0x7979007979790079, 708 708 + 0x8c8c008c8c8c008c, 0x6e6e006e6e6e006e, 0x8e8e008e8e8e008e, 709 709 + 0xf5f500f5f5f500f5, 0xb6b600b6b6b600b6, 0xfdfd00fdfdfd00fd, 710 710 + 0x5959005959590059, 0x9898009898980098, 0x6a6a006a6a6a006a, 711 711 + 0x4646004646460046, 0xbaba00bababa00ba, 0x2525002525250025, 712 712 + 0x4242004242420042, 0xa2a200a2a2a200a2, 0xfafa00fafafa00fa, 713 713 + 0x0707000707070007, 0x5555005555550055, 0xeeee00eeeeee00ee, 714 714 + 0x0a0a000a0a0a000a, 0x4949004949490049, 0x6868006868680068, 715 715 + 0x3838003838380038, 0xa4a400a4a4a400a4, 0x2828002828280028, 716 716 + 0x7b7b007b7b7b007b, 0xc9c900c9c9c900c9, 0xc1c100c1c1c100c1, 717 717 + 0xe3e300e3e3e300e3, 0xf4f400f4f4f400f4, 0xc7c700c7c7c700c7, 718 718 + 0x9e9e009e9e9e009e, 719 719 + }; 720 720 + 721 721 + const u64 camellia_sp11101110[256] = { 722 722 + 0x7070700070707000, 0x8282820082828200, 0x2c2c2c002c2c2c00, 723 723 + 0xececec00ececec00, 0xb3b3b300b3b3b300, 0x2727270027272700, 724 724 + 0xc0c0c000c0c0c000, 0xe5e5e500e5e5e500, 0xe4e4e400e4e4e400, 725 725 + 0x8585850085858500, 0x5757570057575700, 0x3535350035353500, 726 726 + 0xeaeaea00eaeaea00, 0x0c0c0c000c0c0c00, 0xaeaeae00aeaeae00, 727 727 + 0x4141410041414100, 0x2323230023232300, 0xefefef00efefef00, 728 728 + 0x6b6b6b006b6b6b00, 0x9393930093939300, 0x4545450045454500, 729 729 + 0x1919190019191900, 0xa5a5a500a5a5a500, 0x2121210021212100, 730 730 + 0xededed00ededed00, 0x0e0e0e000e0e0e00, 0x4f4f4f004f4f4f00, 731 731 + 0x4e4e4e004e4e4e00, 0x1d1d1d001d1d1d00, 0x6565650065656500, 732 732 + 0x9292920092929200, 0xbdbdbd00bdbdbd00, 0x8686860086868600, 733 733 + 0xb8b8b800b8b8b800, 0xafafaf00afafaf00, 0x8f8f8f008f8f8f00, 734 734 + 0x7c7c7c007c7c7c00, 0xebebeb00ebebeb00, 0x1f1f1f001f1f1f00, 735 735 + 0xcecece00cecece00, 0x3e3e3e003e3e3e00, 0x3030300030303000, 736 736 + 0xdcdcdc00dcdcdc00, 0x5f5f5f005f5f5f00, 0x5e5e5e005e5e5e00, 737 737 + 0xc5c5c500c5c5c500, 0x0b0b0b000b0b0b00, 0x1a1a1a001a1a1a00, 738 738 + 0xa6a6a600a6a6a600, 0xe1e1e100e1e1e100, 0x3939390039393900, 739 739 + 0xcacaca00cacaca00, 0xd5d5d500d5d5d500, 0x4747470047474700, 740 740 + 0x5d5d5d005d5d5d00, 0x3d3d3d003d3d3d00, 0xd9d9d900d9d9d900, 741 741 + 0x0101010001010100, 0x5a5a5a005a5a5a00, 0xd6d6d600d6d6d600, 742 742 + 0x5151510051515100, 0x5656560056565600, 0x6c6c6c006c6c6c00, 743 743 + 0x4d4d4d004d4d4d00, 0x8b8b8b008b8b8b00, 0x0d0d0d000d0d0d00, 744 744 + 0x9a9a9a009a9a9a00, 0x6666660066666600, 0xfbfbfb00fbfbfb00, 745 745 + 0xcccccc00cccccc00, 0xb0b0b000b0b0b000, 0x2d2d2d002d2d2d00, 746 746 + 0x7474740074747400, 0x1212120012121200, 0x2b2b2b002b2b2b00, 747 747 + 0x2020200020202000, 0xf0f0f000f0f0f000, 0xb1b1b100b1b1b100, 748 748 + 0x8484840084848400, 0x9999990099999900, 0xdfdfdf00dfdfdf00, 749 749 + 0x4c4c4c004c4c4c00, 0xcbcbcb00cbcbcb00, 0xc2c2c200c2c2c200, 750 750 + 0x3434340034343400, 0x7e7e7e007e7e7e00, 0x7676760076767600, 751 751 + 0x0505050005050500, 0x6d6d6d006d6d6d00, 0xb7b7b700b7b7b700, 752 752 + 0xa9a9a900a9a9a900, 0x3131310031313100, 0xd1d1d100d1d1d100, 753 753 + 0x1717170017171700, 0x0404040004040400, 0xd7d7d700d7d7d700, 754 754 + 0x1414140014141400, 0x5858580058585800, 0x3a3a3a003a3a3a00, 755 755 + 0x6161610061616100, 0xdedede00dedede00, 0x1b1b1b001b1b1b00, 756 756 + 0x1111110011111100, 0x1c1c1c001c1c1c00, 0x3232320032323200, 757 757 + 0x0f0f0f000f0f0f00, 0x9c9c9c009c9c9c00, 0x1616160016161600, 758 758 + 0x5353530053535300, 0x1818180018181800, 0xf2f2f200f2f2f200, 759 759 + 0x2222220022222200, 0xfefefe00fefefe00, 0x4444440044444400, 760 760 + 0xcfcfcf00cfcfcf00, 0xb2b2b200b2b2b200, 0xc3c3c300c3c3c300, 761 761 + 0xb5b5b500b5b5b500, 0x7a7a7a007a7a7a00, 0x9191910091919100, 762 762 + 0x2424240024242400, 0x0808080008080800, 0xe8e8e800e8e8e800, 763 763 + 0xa8a8a800a8a8a800, 0x6060600060606000, 0xfcfcfc00fcfcfc00, 764 764 + 0x6969690069696900, 0x5050500050505000, 0xaaaaaa00aaaaaa00, 765 765 + 0xd0d0d000d0d0d000, 0xa0a0a000a0a0a000, 0x7d7d7d007d7d7d00, 766 766 + 0xa1a1a100a1a1a100, 0x8989890089898900, 0x6262620062626200, 767 767 + 0x9797970097979700, 0x5454540054545400, 0x5b5b5b005b5b5b00, 768 768 + 0x1e1e1e001e1e1e00, 0x9595950095959500, 0xe0e0e000e0e0e000, 769 769 + 0xffffff00ffffff00, 0x6464640064646400, 0xd2d2d200d2d2d200, 770 770 + 0x1010100010101000, 0xc4c4c400c4c4c400, 0x0000000000000000, 771 771 + 0x4848480048484800, 0xa3a3a300a3a3a300, 0xf7f7f700f7f7f700, 772 772 + 0x7575750075757500, 0xdbdbdb00dbdbdb00, 0x8a8a8a008a8a8a00, 773 773 + 0x0303030003030300, 0xe6e6e600e6e6e600, 0xdadada00dadada00, 774 774 + 0x0909090009090900, 0x3f3f3f003f3f3f00, 0xdddddd00dddddd00, 775 775 + 0x9494940094949400, 0x8787870087878700, 0x5c5c5c005c5c5c00, 776 776 + 0x8383830083838300, 0x0202020002020200, 0xcdcdcd00cdcdcd00, 777 777 + 0x4a4a4a004a4a4a00, 0x9090900090909000, 0x3333330033333300, 778 778 + 0x7373730073737300, 0x6767670067676700, 0xf6f6f600f6f6f600, 779 779 + 0xf3f3f300f3f3f300, 0x9d9d9d009d9d9d00, 0x7f7f7f007f7f7f00, 780 780 + 0xbfbfbf00bfbfbf00, 0xe2e2e200e2e2e200, 0x5252520052525200, 781 781 + 0x9b9b9b009b9b9b00, 0xd8d8d800d8d8d800, 0x2626260026262600, 782 782 + 0xc8c8c800c8c8c800, 0x3737370037373700, 0xc6c6c600c6c6c600, 783 783 + 0x3b3b3b003b3b3b00, 0x8181810081818100, 0x9696960096969600, 784 784 + 0x6f6f6f006f6f6f00, 0x4b4b4b004b4b4b00, 0x1313130013131300, 785 785 + 0xbebebe00bebebe00, 0x6363630063636300, 0x2e2e2e002e2e2e00, 786 786 + 0xe9e9e900e9e9e900, 0x7979790079797900, 0xa7a7a700a7a7a700, 787 787 + 0x8c8c8c008c8c8c00, 0x9f9f9f009f9f9f00, 0x6e6e6e006e6e6e00, 788 788 + 0xbcbcbc00bcbcbc00, 0x8e8e8e008e8e8e00, 0x2929290029292900, 789 789 + 0xf5f5f500f5f5f500, 0xf9f9f900f9f9f900, 0xb6b6b600b6b6b600, 790 790 + 0x2f2f2f002f2f2f00, 0xfdfdfd00fdfdfd00, 0xb4b4b400b4b4b400, 791 791 + 0x5959590059595900, 0x7878780078787800, 0x9898980098989800, 792 792 + 0x0606060006060600, 0x6a6a6a006a6a6a00, 0xe7e7e700e7e7e700, 793 793 + 0x4646460046464600, 0x7171710071717100, 0xbababa00bababa00, 794 794 + 0xd4d4d400d4d4d400, 0x2525250025252500, 0xababab00ababab00, 795 795 + 0x4242420042424200, 0x8888880088888800, 0xa2a2a200a2a2a200, 796 796 + 0x8d8d8d008d8d8d00, 0xfafafa00fafafa00, 0x7272720072727200, 797 797 + 0x0707070007070700, 0xb9b9b900b9b9b900, 0x5555550055555500, 798 798 + 0xf8f8f800f8f8f800, 0xeeeeee00eeeeee00, 0xacacac00acacac00, 799 799 + 0x0a0a0a000a0a0a00, 0x3636360036363600, 0x4949490049494900, 800 800 + 0x2a2a2a002a2a2a00, 0x6868680068686800, 0x3c3c3c003c3c3c00, 801 801 + 0x3838380038383800, 0xf1f1f100f1f1f100, 0xa4a4a400a4a4a400, 802 802 + 0x4040400040404000, 0x2828280028282800, 0xd3d3d300d3d3d300, 803 803 + 0x7b7b7b007b7b7b00, 0xbbbbbb00bbbbbb00, 0xc9c9c900c9c9c900, 804 804 + 0x4343430043434300, 0xc1c1c100c1c1c100, 0x1515150015151500, 805 805 + 0xe3e3e300e3e3e300, 0xadadad00adadad00, 0xf4f4f400f4f4f400, 806 806 + 0x7777770077777700, 0xc7c7c700c7c7c700, 0x8080800080808000, 807 807 + 0x9e9e9e009e9e9e00, 808 808 + }; 809 809 + 810 810 + /* key constants */ 811 811 + #define CAMELLIA_SIGMA1L (0xA09E667FL) 812 812 + #define CAMELLIA_SIGMA1R (0x3BCC908BL) 813 813 + #define CAMELLIA_SIGMA2L (0xB67AE858L) 814 814 + #define CAMELLIA_SIGMA2R (0x4CAA73B2L) 815 815 + #define CAMELLIA_SIGMA3L (0xC6EF372FL) 816 816 + #define CAMELLIA_SIGMA3R (0xE94F82BEL) 817 817 + #define CAMELLIA_SIGMA4L (0x54FF53A5L) 818 818 + #define CAMELLIA_SIGMA4R (0xF1D36F1CL) 819 819 + #define CAMELLIA_SIGMA5L (0x10E527FAL) 820 820 + #define CAMELLIA_SIGMA5R (0xDE682D1DL) 821 821 + #define CAMELLIA_SIGMA6L (0xB05688C2L) 822 822 + #define CAMELLIA_SIGMA6R (0xB3E6C1FDL) 823 823 + 824 824 + /* macros */ 825 825 + #define ROLDQ(l, r, bits) ({ \ 826 826 + u64 t = l; \ 827 827 + l = (l << bits) | (r >> (64 - bits)); \ 828 828 + r = (r << bits) | (t >> (64 - bits)); \ 829 829 + }) 830 830 + 831 831 + #define CAMELLIA_F(x, kl, kr, y) ({ \ 832 832 + u64 ii = x ^ (((u64)kl << 32) | kr); \ 833 833 + y = camellia_sp11101110[(uint8_t)ii]; \ 834 834 + y ^= camellia_sp44044404[(uint8_t)(ii >> 8)]; \ 835 835 + ii >>= 16; \ 836 836 + y ^= camellia_sp30333033[(uint8_t)ii]; \ 837 837 + y ^= camellia_sp02220222[(uint8_t)(ii >> 8)]; \ 838 838 + ii >>= 16; \ 839 839 + y ^= camellia_sp00444404[(uint8_t)ii]; \ 840 840 + y ^= camellia_sp03303033[(uint8_t)(ii >> 8)]; \ 841 841 + ii >>= 16; \ 842 842 + y ^= camellia_sp22000222[(uint8_t)ii]; \ 843 843 + y ^= camellia_sp10011110[(uint8_t)(ii >> 8)]; \ 844 844 + y = ror64(y, 32); \ 845 845 + }) 846 846 + 847 847 + #define SET_SUBKEY_LR(INDEX, sRL) (subkey[(INDEX)] = ror64((sRL), 32)) 848 848 + 849 849 + static void camellia_setup_tail(u64 *subkey, u64 *subRL, int max) 850 850 + { 851 851 + u64 kw4, tt; 852 852 + u32 dw, tl, tr; 853 853 + 854 854 + /* absorb kw2 to other subkeys */ 855 855 + /* round 2 */ 856 856 + subRL[3] ^= subRL[1]; 857 857 + /* round 4 */ 858 858 + subRL[5] ^= subRL[1]; 859 859 + /* round 6 */ 860 860 + subRL[7] ^= subRL[1]; 861 861 + 862 862 + subRL[1] ^= (subRL[1] & ~subRL[9]) << 32; 863 863 + /* modified for FLinv(kl2) */ 864 864 + dw = (subRL[1] & subRL[9]) >> 32, 865 865 + subRL[1] ^= rol32(dw, 1); 866 866 + 867 867 + /* round 8 */ 868 868 + subRL[11] ^= subRL[1]; 869 869 + /* round 10 */ 870 870 + subRL[13] ^= subRL[1]; 871 871 + /* round 12 */ 872 872 + subRL[15] ^= subRL[1]; 873 873 + 874 874 + subRL[1] ^= (subRL[1] & ~subRL[17]) << 32; 875 875 + /* modified for FLinv(kl4) */ 876 876 + dw = (subRL[1] & subRL[17]) >> 32, 877 877 + subRL[1] ^= rol32(dw, 1); 878 878 + 879 879 + /* round 14 */ 880 880 + subRL[19] ^= subRL[1]; 881 881 + /* round 16 */ 882 882 + subRL[21] ^= subRL[1]; 883 883 + /* round 18 */ 884 884 + subRL[23] ^= subRL[1]; 885 885 + 886 886 + if (max == 24) { 887 887 + /* kw3 */ 888 888 + subRL[24] ^= subRL[1]; 889 889 + 890 890 + /* absorb kw4 to other subkeys */ 891 891 + kw4 = subRL[25]; 892 892 + } else { 893 893 + subRL[1] ^= (subRL[1] & ~subRL[25]) << 32; 894 894 + /* modified for FLinv(kl6) */ 895 895 + dw = (subRL[1] & subRL[25]) >> 32, 896 896 + subRL[1] ^= rol32(dw, 1); 897 897 + 898 898 + /* round 20 */ 899 899 + subRL[27] ^= subRL[1]; 900 900 + /* round 22 */ 901 901 + subRL[29] ^= subRL[1]; 902 902 + /* round 24 */ 903 903 + subRL[31] ^= subRL[1]; 904 904 + /* kw3 */ 905 905 + subRL[32] ^= subRL[1]; 906 906 + 907 907 + /* absorb kw4 to other subkeys */ 908 908 + kw4 = subRL[33]; 909 909 + /* round 23 */ 910 910 + subRL[30] ^= kw4; 911 911 + /* round 21 */ 912 912 + subRL[28] ^= kw4; 913 913 + /* round 19 */ 914 914 + subRL[26] ^= kw4; 915 915 + 916 916 + kw4 ^= (kw4 & ~subRL[24]) << 32; 917 917 + /* modified for FL(kl5) */ 918 918 + dw = (kw4 & subRL[24]) >> 32, 919 919 + kw4 ^= rol32(dw, 1); 920 920 + } 921 921 + 922 922 + /* round 17 */ 923 923 + subRL[22] ^= kw4; 924 924 + /* round 15 */ 925 925 + subRL[20] ^= kw4; 926 926 + /* round 13 */ 927 927 + subRL[18] ^= kw4; 928 928 + 929 929 + kw4 ^= (kw4 & ~subRL[16]) << 32; 930 930 + /* modified for FL(kl3) */ 931 931 + dw = (kw4 & subRL[16]) >> 32, 932 932 + kw4 ^= rol32(dw, 1); 933 933 + 934 934 + /* round 11 */ 935 935 + subRL[14] ^= kw4; 936 936 + /* round 9 */ 937 937 + subRL[12] ^= kw4; 938 938 + /* round 7 */ 939 939 + subRL[10] ^= kw4; 940 940 + 941 941 + kw4 ^= (kw4 & ~subRL[8]) << 32; 942 942 + /* modified for FL(kl1) */ 943 943 + dw = (kw4 & subRL[8]) >> 32, 944 944 + kw4 ^= rol32(dw, 1); 945 945 + 946 946 + /* round 5 */ 947 947 + subRL[6] ^= kw4; 948 948 + /* round 3 */ 949 949 + subRL[4] ^= kw4; 950 950 + /* round 1 */ 951 951 + subRL[2] ^= kw4; 952 952 + /* kw1 */ 953 953 + subRL[0] ^= kw4; 954 954 + 955 955 + /* key XOR is end of F-function */ 956 956 + SET_SUBKEY_LR(0, subRL[0] ^ subRL[2]); /* kw1 */ 957 957 + SET_SUBKEY_LR(2, subRL[3]); /* round 1 */ 958 958 + SET_SUBKEY_LR(3, subRL[2] ^ subRL[4]); /* round 2 */ 959 959 + SET_SUBKEY_LR(4, subRL[3] ^ subRL[5]); /* round 3 */ 960 960 + SET_SUBKEY_LR(5, subRL[4] ^ subRL[6]); /* round 4 */ 961 961 + SET_SUBKEY_LR(6, subRL[5] ^ subRL[7]); /* round 5 */ 962 962 + 963 963 + tl = (subRL[10] >> 32) ^ (subRL[10] & ~subRL[8]); 964 964 + dw = tl & (subRL[8] >> 32), /* FL(kl1) */ 965 965 + tr = subRL[10] ^ rol32(dw, 1); 966 966 + tt = (tr | ((u64)tl << 32)); 967 967 + 968 968 + SET_SUBKEY_LR(7, subRL[6] ^ tt); /* round 6 */ 969 969 + SET_SUBKEY_LR(8, subRL[8]); /* FL(kl1) */ 970 970 + SET_SUBKEY_LR(9, subRL[9]); /* FLinv(kl2) */ 971 971 + 972 972 + tl = (subRL[7] >> 32) ^ (subRL[7] & ~subRL[9]); 973 973 + dw = tl & (subRL[9] >> 32), /* FLinv(kl2) */ 974 974 + tr = subRL[7] ^ rol32(dw, 1); 975 975 + tt = (tr | ((u64)tl << 32)); 976 976 + 977 977 + SET_SUBKEY_LR(10, subRL[11] ^ tt); /* round 7 */ 978 978 + SET_SUBKEY_LR(11, subRL[10] ^ subRL[12]); /* round 8 */ 979 979 + SET_SUBKEY_LR(12, subRL[11] ^ subRL[13]); /* round 9 */ 980 980 + SET_SUBKEY_LR(13, subRL[12] ^ subRL[14]); /* round 10 */ 981 981 + SET_SUBKEY_LR(14, subRL[13] ^ subRL[15]); /* round 11 */ 982 982 + 983 983 + tl = (subRL[18] >> 32) ^ (subRL[18] & ~subRL[16]); 984 984 + dw = tl & (subRL[16] >> 32), /* FL(kl3) */ 985 985 + tr = subRL[18] ^ rol32(dw, 1); 986 986 + tt = (tr | ((u64)tl << 32)); 987 987 + 988 988 + SET_SUBKEY_LR(15, subRL[14] ^ tt); /* round 12 */ 989 989 + SET_SUBKEY_LR(16, subRL[16]); /* FL(kl3) */ 990 990 + SET_SUBKEY_LR(17, subRL[17]); /* FLinv(kl4) */ 991 991 + 992 992 + tl = (subRL[15] >> 32) ^ (subRL[15] & ~subRL[17]); 993 993 + dw = tl & (subRL[17] >> 32), /* FLinv(kl4) */ 994 994 + tr = subRL[15] ^ rol32(dw, 1); 995 995 + tt = (tr | ((u64)tl << 32)); 996 996 + 997 997 + SET_SUBKEY_LR(18, subRL[19] ^ tt); /* round 13 */ 998 998 + SET_SUBKEY_LR(19, subRL[18] ^ subRL[20]); /* round 14 */ 999 999 + SET_SUBKEY_LR(20, subRL[19] ^ subRL[21]); /* round 15 */ 1000 1000 + SET_SUBKEY_LR(21, subRL[20] ^ subRL[22]); /* round 16 */ 1001 1001 + SET_SUBKEY_LR(22, subRL[21] ^ subRL[23]); /* round 17 */ 1002 1002 + 1003 1003 + if (max == 24) { 1004 1004 + SET_SUBKEY_LR(23, subRL[22]); /* round 18 */ 1005 1005 + SET_SUBKEY_LR(24, subRL[24] ^ subRL[23]); /* kw3 */ 1006 1006 + } else { 1007 1007 + tl = (subRL[26] >> 32) ^ (subRL[26] & ~subRL[24]); 1008 1008 + dw = tl & (subRL[24] >> 32), /* FL(kl5) */ 1009 1009 + tr = subRL[26] ^ rol32(dw, 1); 1010 1010 + tt = (tr | ((u64)tl << 32)); 1011 1011 + 1012 1012 + SET_SUBKEY_LR(23, subRL[22] ^ tt); /* round 18 */ 1013 1013 + SET_SUBKEY_LR(24, subRL[24]); /* FL(kl5) */ 1014 1014 + SET_SUBKEY_LR(25, subRL[25]); /* FLinv(kl6) */ 1015 1015 + 1016 1016 + tl = (subRL[23] >> 32) ^ (subRL[23] & ~subRL[25]); 1017 1017 + dw = tl & (subRL[25] >> 32), /* FLinv(kl6) */ 1018 1018 + tr = subRL[23] ^ rol32(dw, 1); 1019 1019 + tt = (tr | ((u64)tl << 32)); 1020 1020 + 1021 1021 + SET_SUBKEY_LR(26, subRL[27] ^ tt); /* round 19 */ 1022 1022 + SET_SUBKEY_LR(27, subRL[26] ^ subRL[28]); /* round 20 */ 1023 1023 + SET_SUBKEY_LR(28, subRL[27] ^ subRL[29]); /* round 21 */ 1024 1024 + SET_SUBKEY_LR(29, subRL[28] ^ subRL[30]); /* round 22 */ 1025 1025 + SET_SUBKEY_LR(30, subRL[29] ^ subRL[31]); /* round 23 */ 1026 1026 + SET_SUBKEY_LR(31, subRL[30]); /* round 24 */ 1027 1027 + SET_SUBKEY_LR(32, subRL[32] ^ subRL[31]); /* kw3 */ 1028 1028 + } 1029 1029 + } 1030 1030 + 1031 1031 + static void camellia_setup128(const unsigned char *key, u64 *subkey) 1032 1032 + { 1033 1033 + u64 kl, kr, ww; 1034 1034 + u64 subRL[26]; 1035 1035 + 1036 1036 + /** 1037 1037 + * k == kl || kr (|| is concatenation) 1038 1038 + */ 1039 1039 + kl = get_unaligned_be64(key); 1040 1040 + kr = get_unaligned_be64(key + 8); 1041 1041 + 1042 1042 + /* generate KL dependent subkeys */ 1043 1043 + /* kw1 */ 1044 1044 + subRL[0] = kl; 1045 1045 + /* kw2 */ 1046 1046 + subRL[1] = kr; 1047 1047 + 1048 1048 + /* rotation left shift 15bit */ 1049 1049 + ROLDQ(kl, kr, 15); 1050 1050 + 1051 1051 + /* k3 */ 1052 1052 + subRL[4] = kl; 1053 1053 + /* k4 */ 1054 1054 + subRL[5] = kr; 1055 1055 + 1056 1056 + /* rotation left shift 15+30bit */ 1057 1057 + ROLDQ(kl, kr, 30); 1058 1058 + 1059 1059 + /* k7 */ 1060 1060 + subRL[10] = kl; 1061 1061 + /* k8 */ 1062 1062 + subRL[11] = kr; 1063 1063 + 1064 1064 + /* rotation left shift 15+30+15bit */ 1065 1065 + ROLDQ(kl, kr, 15); 1066 1066 + 1067 1067 + /* k10 */ 1068 1068 + subRL[13] = kr; 1069 1069 + /* rotation left shift 15+30+15+17 bit */ 1070 1070 + ROLDQ(kl, kr, 17); 1071 1071 + 1072 1072 + /* kl3 */ 1073 1073 + subRL[16] = kl; 1074 1074 + /* kl4 */ 1075 1075 + subRL[17] = kr; 1076 1076 + 1077 1077 + /* rotation left shift 15+30+15+17+17 bit */ 1078 1078 + ROLDQ(kl, kr, 17); 1079 1079 + 1080 1080 + /* k13 */ 1081 1081 + subRL[18] = kl; 1082 1082 + /* k14 */ 1083 1083 + subRL[19] = kr; 1084 1084 + 1085 1085 + /* rotation left shift 15+30+15+17+17+17 bit */ 1086 1086 + ROLDQ(kl, kr, 17); 1087 1087 + 1088 1088 + /* k17 */ 1089 1089 + subRL[22] = kl; 1090 1090 + /* k18 */ 1091 1091 + subRL[23] = kr; 1092 1092 + 1093 1093 + /* generate KA */ 1094 1094 + kl = subRL[0]; 1095 1095 + kr = subRL[1]; 1096 1096 + CAMELLIA_F(kl, CAMELLIA_SIGMA1L, CAMELLIA_SIGMA1R, ww); 1097 1097 + kr ^= ww; 1098 1098 + CAMELLIA_F(kr, CAMELLIA_SIGMA2L, CAMELLIA_SIGMA2R, kl); 1099 1099 + 1100 1100 + /* current status == (kll, klr, w0, w1) */ 1101 1101 + CAMELLIA_F(kl, CAMELLIA_SIGMA3L, CAMELLIA_SIGMA3R, kr); 1102 1102 + kr ^= ww; 1103 1103 + CAMELLIA_F(kr, CAMELLIA_SIGMA4L, CAMELLIA_SIGMA4R, ww); 1104 1104 + kl ^= ww; 1105 1105 + 1106 1106 + /* generate KA dependent subkeys */ 1107 1107 + /* k1, k2 */ 1108 1108 + subRL[2] = kl; 1109 1109 + subRL[3] = kr; 1110 1110 + ROLDQ(kl, kr, 15); 1111 1111 + /* k5,k6 */ 1112 1112 + subRL[6] = kl; 1113 1113 + subRL[7] = kr; 1114 1114 + ROLDQ(kl, kr, 15); 1115 1115 + /* kl1, kl2 */ 1116 1116 + subRL[8] = kl; 1117 1117 + subRL[9] = kr; 1118 1118 + ROLDQ(kl, kr, 15); 1119 1119 + /* k9 */ 1120 1120 + subRL[12] = kl; 1121 1121 + ROLDQ(kl, kr, 15); 1122 1122 + /* k11, k12 */ 1123 1123 + subRL[14] = kl; 1124 1124 + subRL[15] = kr; 1125 1125 + ROLDQ(kl, kr, 34); 1126 1126 + /* k15, k16 */ 1127 1127 + subRL[20] = kl; 1128 1128 + subRL[21] = kr; 1129 1129 + ROLDQ(kl, kr, 17); 1130 1130 + /* kw3, kw4 */ 1131 1131 + subRL[24] = kl; 1132 1132 + subRL[25] = kr; 1133 1133 + 1134 1134 + camellia_setup_tail(subkey, subRL, 24); 1135 1135 + } 1136 1136 + 1137 1137 + static void camellia_setup256(const unsigned char *key, u64 *subkey) 1138 1138 + { 1139 1139 + u64 kl, kr; /* left half of key */ 1140 1140 + u64 krl, krr; /* right half of key */ 1141 1141 + u64 ww; /* temporary variables */ 1142 1142 + u64 subRL[34]; 1143 1143 + 1144 1144 + /** 1145 1145 + * key = (kl || kr || krl || krr) (|| is concatenation) 1146 1146 + */ 1147 1147 + kl = get_unaligned_be64(key); 1148 1148 + kr = get_unaligned_be64(key + 8); 1149 1149 + krl = get_unaligned_be64(key + 16); 1150 1150 + krr = get_unaligned_be64(key + 24); 1151 1151 + 1152 1152 + /* generate KL dependent subkeys */ 1153 1153 + /* kw1 */ 1154 1154 + subRL[0] = kl; 1155 1155 + /* kw2 */ 1156 1156 + subRL[1] = kr; 1157 1157 + ROLDQ(kl, kr, 45); 1158 1158 + /* k9 */ 1159 1159 + subRL[12] = kl; 1160 1160 + /* k10 */ 1161 1161 + subRL[13] = kr; 1162 1162 + ROLDQ(kl, kr, 15); 1163 1163 + /* kl3 */ 1164 1164 + subRL[16] = kl; 1165 1165 + /* kl4 */ 1166 1166 + subRL[17] = kr; 1167 1167 + ROLDQ(kl, kr, 17); 1168 1168 + /* k17 */ 1169 1169 + subRL[22] = kl; 1170 1170 + /* k18 */ 1171 1171 + subRL[23] = kr; 1172 1172 + ROLDQ(kl, kr, 34); 1173 1173 + /* k23 */ 1174 1174 + subRL[30] = kl; 1175 1175 + /* k24 */ 1176 1176 + subRL[31] = kr; 1177 1177 + 1178 1178 + /* generate KR dependent subkeys */ 1179 1179 + ROLDQ(krl, krr, 15); 1180 1180 + /* k3 */ 1181 1181 + subRL[4] = krl; 1182 1182 + /* k4 */ 1183 1183 + subRL[5] = krr; 1184 1184 + ROLDQ(krl, krr, 15); 1185 1185 + /* kl1 */ 1186 1186 + subRL[8] = krl; 1187 1187 + /* kl2 */ 1188 1188 + subRL[9] = krr; 1189 1189 + ROLDQ(krl, krr, 30); 1190 1190 + /* k13 */ 1191 1191 + subRL[18] = krl; 1192 1192 + /* k14 */ 1193 1193 + subRL[19] = krr; 1194 1194 + ROLDQ(krl, krr, 34); 1195 1195 + /* k19 */ 1196 1196 + subRL[26] = krl; 1197 1197 + /* k20 */ 1198 1198 + subRL[27] = krr; 1199 1199 + ROLDQ(krl, krr, 34); 1200 1200 + 1201 1201 + /* generate KA */ 1202 1202 + kl = subRL[0] ^ krl; 1203 1203 + kr = subRL[1] ^ krr; 1204 1204 + 1205 1205 + CAMELLIA_F(kl, CAMELLIA_SIGMA1L, CAMELLIA_SIGMA1R, ww); 1206 1206 + kr ^= ww; 1207 1207 + CAMELLIA_F(kr, CAMELLIA_SIGMA2L, CAMELLIA_SIGMA2R, kl); 1208 1208 + kl ^= krl; 1209 1209 + CAMELLIA_F(kl, CAMELLIA_SIGMA3L, CAMELLIA_SIGMA3R, kr); 1210 1210 + kr ^= ww ^ krr; 1211 1211 + CAMELLIA_F(kr, CAMELLIA_SIGMA4L, CAMELLIA_SIGMA4R, ww); 1212 1212 + kl ^= ww; 1213 1213 + 1214 1214 + /* generate KB */ 1215 1215 + krl ^= kl; 1216 1216 + krr ^= kr; 1217 1217 + CAMELLIA_F(krl, CAMELLIA_SIGMA5L, CAMELLIA_SIGMA5R, ww); 1218 1218 + krr ^= ww; 1219 1219 + CAMELLIA_F(krr, CAMELLIA_SIGMA6L, CAMELLIA_SIGMA6R, ww); 1220 1220 + krl ^= ww; 1221 1221 + 1222 1222 + /* generate KA dependent subkeys */ 1223 1223 + ROLDQ(kl, kr, 15); 1224 1224 + /* k5 */ 1225 1225 + subRL[6] = kl; 1226 1226 + /* k6 */ 1227 1227 + subRL[7] = kr; 1228 1228 + ROLDQ(kl, kr, 30); 1229 1229 + /* k11 */ 1230 1230 + subRL[14] = kl; 1231 1231 + /* k12 */ 1232 1232 + subRL[15] = kr; 1233 1233 + /* rotation left shift 32bit */ 1234 1234 + ROLDQ(kl, kr, 32); 1235 1235 + /* kl5 */ 1236 1236 + subRL[24] = kl; 1237 1237 + /* kl6 */ 1238 1238 + subRL[25] = kr; 1239 1239 + /* rotation left shift 17 from k11,k12 -> k21,k22 */ 1240 1240 + ROLDQ(kl, kr, 17); 1241 1241 + /* k21 */ 1242 1242 + subRL[28] = kl; 1243 1243 + /* k22 */ 1244 1244 + subRL[29] = kr; 1245 1245 + 1246 1246 + /* generate KB dependent subkeys */ 1247 1247 + /* k1 */ 1248 1248 + subRL[2] = krl; 1249 1249 + /* k2 */ 1250 1250 + subRL[3] = krr; 1251 1251 + ROLDQ(krl, krr, 30); 1252 1252 + /* k7 */ 1253 1253 + subRL[10] = krl; 1254 1254 + /* k8 */ 1255 1255 + subRL[11] = krr; 1256 1256 + ROLDQ(krl, krr, 30); 1257 1257 + /* k15 */ 1258 1258 + subRL[20] = krl; 1259 1259 + /* k16 */ 1260 1260 + subRL[21] = krr; 1261 1261 + ROLDQ(krl, krr, 51); 1262 1262 + /* kw3 */ 1263 1263 + subRL[32] = krl; 1264 1264 + /* kw4 */ 1265 1265 + subRL[33] = krr; 1266 1266 + 1267 1267 + camellia_setup_tail(subkey, subRL, 32); 1268 1268 + } 1269 1269 + 1270 1270 + static void camellia_setup192(const unsigned char *key, u64 *subkey) 1271 1271 + { 1272 1272 + unsigned char kk[32]; 1273 1273 + u64 krl, krr; 1274 1274 + 1275 1275 + memcpy(kk, key, 24); 1276 1276 + memcpy((unsigned char *)&krl, key+16, 8); 1277 1277 + krr = ~krl; 1278 1278 + memcpy(kk+24, (unsigned char *)&krr, 8); 1279 1279 + camellia_setup256(kk, subkey); 1280 1280 + } 1281 1281 + 1282 1282 + static int __camellia_setkey(struct camellia_ctx *cctx, 1283 1283 + const unsigned char *key, 1284 1284 + unsigned int key_len, u32 *flags) 1285 1285 + { 1286 1286 + if (key_len != 16 && key_len != 24 && key_len != 32) { 1287 1287 + *flags |= CRYPTO_TFM_RES_BAD_KEY_LEN; 1288 1288 + return -EINVAL; 1289 1289 + } 1290 1290 + 1291 1291 + cctx->key_length = key_len; 1292 1292 + 1293 1293 + switch (key_len) { 1294 1294 + case 16: 1295 1295 + camellia_setup128(key, cctx->key_table); 1296 1296 + break; 1297 1297 + case 24: 1298 1298 + camellia_setup192(key, cctx->key_table); 1299 1299 + break; 1300 1300 + case 32: 1301 1301 + camellia_setup256(key, cctx->key_table); 1302 1302 + break; 1303 1303 + } 1304 1304 + 1305 1305 + return 0; 1306 1306 + } 1307 1307 + 1308 1308 + static int camellia_setkey(struct crypto_tfm *tfm, const u8 *in_key, 1309 1309 + unsigned int key_len) 1310 1310 + { 1311 1311 + return __camellia_setkey(crypto_tfm_ctx(tfm), in_key, key_len, 1312 1312 + &tfm->crt_flags); 1313 1313 + } 1314 1314 + 1315 1315 + static int ecb_crypt(struct blkcipher_desc *desc, struct blkcipher_walk *walk, 1316 1316 + void (*fn)(struct camellia_ctx *, u8 *, const u8 *), 1317 1317 + void (*fn_2way)(struct camellia_ctx *, u8 *, const u8 *)) 1318 1318 + { 1319 1319 + struct camellia_ctx *ctx = crypto_blkcipher_ctx(desc->tfm); 1320 1320 + unsigned int bsize = CAMELLIA_BLOCK_SIZE; 1321 1321 + unsigned int nbytes; 1322 1322 + int err; 1323 1323 + 1324 1324 + err = blkcipher_walk_virt(desc, walk); 1325 1325 + 1326 1326 + while ((nbytes = walk->nbytes)) { 1327 1327 + u8 *wsrc = walk->src.virt.addr; 1328 1328 + u8 *wdst = walk->dst.virt.addr; 1329 1329 + 1330 1330 + /* Process two block batch */ 1331 1331 + if (nbytes >= bsize * 2) { 1332 1332 + do { 1333 1333 + fn_2way(ctx, wdst, wsrc); 1334 1334 + 1335 1335 + wsrc += bsize * 2; 1336 1336 + wdst += bsize * 2; 1337 1337 + nbytes -= bsize * 2; 1338 1338 + } while (nbytes >= bsize * 2); 1339 1339 + 1340 1340 + if (nbytes < bsize) 1341 1341 + goto done; 1342 1342 + } 1343 1343 + 1344 1344 + /* Handle leftovers */ 1345 1345 + do { 1346 1346 + fn(ctx, wdst, wsrc); 1347 1347 + 1348 1348 + wsrc += bsize; 1349 1349 + wdst += bsize; 1350 1350 + nbytes -= bsize; 1351 1351 + } while (nbytes >= bsize); 1352 1352 + 1353 1353 + done: 1354 1354 + err = blkcipher_walk_done(desc, walk, nbytes); 1355 1355 + } 1356 1356 + 1357 1357 + return err; 1358 1358 + } 1359 1359 + 1360 1360 + static int ecb_encrypt(struct blkcipher_desc *desc, struct scatterlist *dst, 1361 1361 + struct scatterlist *src, unsigned int nbytes) 1362 1362 + { 1363 1363 + struct blkcipher_walk walk; 1364 1364 + 1365 1365 + blkcipher_walk_init(&walk, dst, src, nbytes); 1366 1366 + return ecb_crypt(desc, &walk, camellia_enc_blk, camellia_enc_blk_2way); 1367 1367 + } 1368 1368 + 1369 1369 + static int ecb_decrypt(struct blkcipher_desc *desc, struct scatterlist *dst, 1370 1370 + struct scatterlist *src, unsigned int nbytes) 1371 1371 + { 1372 1372 + struct blkcipher_walk walk; 1373 1373 + 1374 1374 + blkcipher_walk_init(&walk, dst, src, nbytes); 1375 1375 + return ecb_crypt(desc, &walk, camellia_dec_blk, camellia_dec_blk_2way); 1376 1376 + } 1377 1377 + 1378 1378 + static unsigned int __cbc_encrypt(struct blkcipher_desc *desc, 1379 1379 + struct blkcipher_walk *walk) 1380 1380 + { 1381 1381 + struct camellia_ctx *ctx = crypto_blkcipher_ctx(desc->tfm); 1382 1382 + unsigned int bsize = CAMELLIA_BLOCK_SIZE; 1383 1383 + unsigned int nbytes = walk->nbytes; 1384 1384 + u128 *src = (u128 *)walk->src.virt.addr; 1385 1385 + u128 *dst = (u128 *)walk->dst.virt.addr; 1386 1386 + u128 *iv = (u128 *)walk->iv; 1387 1387 + 1388 1388 + do { 1389 1389 + u128_xor(dst, src, iv); 1390 1390 + camellia_enc_blk(ctx, (u8 *)dst, (u8 *)dst); 1391 1391 + iv = dst; 1392 1392 + 1393 1393 + src += 1; 1394 1394 + dst += 1; 1395 1395 + nbytes -= bsize; 1396 1396 + } while (nbytes >= bsize); 1397 1397 + 1398 1398 + u128_xor((u128 *)walk->iv, (u128 *)walk->iv, iv); 1399 1399 + return nbytes; 1400 1400 + } 1401 1401 + 1402 1402 + static int cbc_encrypt(struct blkcipher_desc *desc, struct scatterlist *dst, 1403 1403 + struct scatterlist *src, unsigned int nbytes) 1404 1404 + { 1405 1405 + struct blkcipher_walk walk; 1406 1406 + int err; 1407 1407 + 1408 1408 + blkcipher_walk_init(&walk, dst, src, nbytes); 1409 1409 + err = blkcipher_walk_virt(desc, &walk); 1410 1410 + 1411 1411 + while ((nbytes = walk.nbytes)) { 1412 1412 + nbytes = __cbc_encrypt(desc, &walk); 1413 1413 + err = blkcipher_walk_done(desc, &walk, nbytes); 1414 1414 + } 1415 1415 + 1416 1416 + return err; 1417 1417 + } 1418 1418 + 1419 1419 + static unsigned int __cbc_decrypt(struct blkcipher_desc *desc, 1420 1420 + struct blkcipher_walk *walk) 1421 1421 + { 1422 1422 + struct camellia_ctx *ctx = crypto_blkcipher_ctx(desc->tfm); 1423 1423 + unsigned int bsize = CAMELLIA_BLOCK_SIZE; 1424 1424 + unsigned int nbytes = walk->nbytes; 1425 1425 + u128 *src = (u128 *)walk->src.virt.addr; 1426 1426 + u128 *dst = (u128 *)walk->dst.virt.addr; 1427 1427 + u128 ivs[2 - 1]; 1428 1428 + u128 last_iv; 1429 1429 + 1430 1430 + /* Start of the last block. */ 1431 1431 + src += nbytes / bsize - 1; 1432 1432 + dst += nbytes / bsize - 1; 1433 1433 + 1434 1434 + last_iv = *src; 1435 1435 + 1436 1436 + /* Process two block batch */ 1437 1437 + if (nbytes >= bsize * 2) { 1438 1438 + do { 1439 1439 + nbytes -= bsize * (2 - 1); 1440 1440 + src -= 2 - 1; 1441 1441 + dst -= 2 - 1; 1442 1442 + 1443 1443 + ivs[0] = src[0]; 1444 1444 + 1445 1445 + camellia_dec_blk_2way(ctx, (u8 *)dst, (u8 *)src); 1446 1446 + 1447 1447 + u128_xor(dst + 1, dst + 1, ivs + 0); 1448 1448 + 1449 1449 + nbytes -= bsize; 1450 1450 + if (nbytes < bsize) 1451 1451 + goto done; 1452 1452 + 1453 1453 + u128_xor(dst, dst, src - 1); 1454 1454 + src -= 1; 1455 1455 + dst -= 1; 1456 1456 + } while (nbytes >= bsize * 2); 1457 1457 + 1458 1458 + if (nbytes < bsize) 1459 1459 + goto done; 1460 1460 + } 1461 1461 + 1462 1462 + /* Handle leftovers */ 1463 1463 + for (;;) { 1464 1464 + camellia_dec_blk(ctx, (u8 *)dst, (u8 *)src); 1465 1465 + 1466 1466 + nbytes -= bsize; 1467 1467 + if (nbytes < bsize) 1468 1468 + break; 1469 1469 + 1470 1470 + u128_xor(dst, dst, src - 1); 1471 1471 + src -= 1; 1472 1472 + dst -= 1; 1473 1473 + } 1474 1474 + 1475 1475 + done: 1476 1476 + u128_xor(dst, dst, (u128 *)walk->iv); 1477 1477 + *(u128 *)walk->iv = last_iv; 1478 1478 + 1479 1479 + return nbytes; 1480 1480 + } 1481 1481 + 1482 1482 + static int cbc_decrypt(struct blkcipher_desc *desc, struct scatterlist *dst, 1483 1483 + struct scatterlist *src, unsigned int nbytes) 1484 1484 + { 1485 1485 + struct blkcipher_walk walk; 1486 1486 + int err; 1487 1487 + 1488 1488 + blkcipher_walk_init(&walk, dst, src, nbytes); 1489 1489 + err = blkcipher_walk_virt(desc, &walk); 1490 1490 + 1491 1491 + while ((nbytes = walk.nbytes)) { 1492 1492 + nbytes = __cbc_decrypt(desc, &walk); 1493 1493 + err = blkcipher_walk_done(desc, &walk, nbytes); 1494 1494 + } 1495 1495 + 1496 1496 + return err; 1497 1497 + } 1498 1498 + 1499 1499 + static inline void u128_to_be128(be128 *dst, const u128 *src) 1500 1500 + { 1501 1501 + dst->a = cpu_to_be64(src->a); 1502 1502 + dst->b = cpu_to_be64(src->b); 1503 1503 + } 1504 1504 + 1505 1505 + static inline void be128_to_u128(u128 *dst, const be128 *src) 1506 1506 + { 1507 1507 + dst->a = be64_to_cpu(src->a); 1508 1508 + dst->b = be64_to_cpu(src->b); 1509 1509 + } 1510 1510 + 1511 1511 + static inline void u128_inc(u128 *i) 1512 1512 + { 1513 1513 + i->b++; 1514 1514 + if (!i->b) 1515 1515 + i->a++; 1516 1516 + } 1517 1517 + 1518 1518 + static void ctr_crypt_final(struct blkcipher_desc *desc, 1519 1519 + struct blkcipher_walk *walk) 1520 1520 + { 1521 1521 + struct camellia_ctx *ctx = crypto_blkcipher_ctx(desc->tfm); 1522 1522 + u8 keystream[CAMELLIA_BLOCK_SIZE]; 1523 1523 + u8 *src = walk->src.virt.addr; 1524 1524 + u8 *dst = walk->dst.virt.addr; 1525 1525 + unsigned int nbytes = walk->nbytes; 1526 1526 + u128 ctrblk; 1527 1527 + 1528 1528 + memcpy(keystream, src, nbytes); 1529 1529 + camellia_enc_blk_xor(ctx, keystream, walk->iv); 1530 1530 + memcpy(dst, keystream, nbytes); 1531 1531 + 1532 1532 + be128_to_u128(&ctrblk, (be128 *)walk->iv); 1533 1533 + u128_inc(&ctrblk); 1534 1534 + u128_to_be128((be128 *)walk->iv, &ctrblk); 1535 1535 + } 1536 1536 + 1537 1537 + static unsigned int __ctr_crypt(struct blkcipher_desc *desc, 1538 1538 + struct blkcipher_walk *walk) 1539 1539 + { 1540 1540 + struct camellia_ctx *ctx = crypto_blkcipher_ctx(desc->tfm); 1541 1541 + unsigned int bsize = CAMELLIA_BLOCK_SIZE; 1542 1542 + unsigned int nbytes = walk->nbytes; 1543 1543 + u128 *src = (u128 *)walk->src.virt.addr; 1544 1544 + u128 *dst = (u128 *)walk->dst.virt.addr; 1545 1545 + u128 ctrblk; 1546 1546 + be128 ctrblocks[2]; 1547 1547 + 1548 1548 + be128_to_u128(&ctrblk, (be128 *)walk->iv); 1549 1549 + 1550 1550 + /* Process two block batch */ 1551 1551 + if (nbytes >= bsize * 2) { 1552 1552 + do { 1553 1553 + if (dst != src) { 1554 1554 + dst[0] = src[0]; 1555 1555 + dst[1] = src[1]; 1556 1556 + } 1557 1557 + 1558 1558 + /* create ctrblks for parallel encrypt */ 1559 1559 + u128_to_be128(&ctrblocks[0], &ctrblk); 1560 1560 + u128_inc(&ctrblk); 1561 1561 + u128_to_be128(&ctrblocks[1], &ctrblk); 1562 1562 + u128_inc(&ctrblk); 1563 1563 + 1564 1564 + camellia_enc_blk_xor_2way(ctx, (u8 *)dst, 1565 1565 + (u8 *)ctrblocks); 1566 1566 + 1567 1567 + src += 2; 1568 1568 + dst += 2; 1569 1569 + nbytes -= bsize * 2; 1570 1570 + } while (nbytes >= bsize * 2); 1571 1571 + 1572 1572 + if (nbytes < bsize) 1573 1573 + goto done; 1574 1574 + } 1575 1575 + 1576 1576 + /* Handle leftovers */ 1577 1577 + do { 1578 1578 + if (dst != src) 1579 1579 + *dst = *src; 1580 1580 + 1581 1581 + u128_to_be128(&ctrblocks[0], &ctrblk); 1582 1582 + u128_inc(&ctrblk); 1583 1583 + 1584 1584 + camellia_enc_blk_xor(ctx, (u8 *)dst, (u8 *)ctrblocks); 1585 1585 + 1586 1586 + src += 1; 1587 1587 + dst += 1; 1588 1588 + nbytes -= bsize; 1589 1589 + } while (nbytes >= bsize); 1590 1590 + 1591 1591 + done: 1592 1592 + u128_to_be128((be128 *)walk->iv, &ctrblk); 1593 1593 + return nbytes; 1594 1594 + } 1595 1595 + 1596 1596 + static int ctr_crypt(struct blkcipher_desc *desc, struct scatterlist *dst, 1597 1597 + struct scatterlist *src, unsigned int nbytes) 1598 1598 + { 1599 1599 + struct blkcipher_walk walk; 1600 1600 + int err; 1601 1601 + 1602 1602 + blkcipher_walk_init(&walk, dst, src, nbytes); 1603 1603 + err = blkcipher_walk_virt_block(desc, &walk, CAMELLIA_BLOCK_SIZE); 1604 1604 + 1605 1605 + while ((nbytes = walk.nbytes) >= CAMELLIA_BLOCK_SIZE) { 1606 1606 + nbytes = __ctr_crypt(desc, &walk); 1607 1607 + err = blkcipher_walk_done(desc, &walk, nbytes); 1608 1608 + } 1609 1609 + 1610 1610 + if (walk.nbytes) { 1611 1611 + ctr_crypt_final(desc, &walk); 1612 1612 + err = blkcipher_walk_done(desc, &walk, 0); 1613 1613 + } 1614 1614 + 1615 1615 + return err; 1616 1616 + } 1617 1617 + 1618 1618 + static void encrypt_callback(void *priv, u8 *srcdst, unsigned int nbytes) 1619 1619 + { 1620 1620 + const unsigned int bsize = CAMELLIA_BLOCK_SIZE; 1621 1621 + struct camellia_ctx *ctx = priv; 1622 1622 + int i; 1623 1623 + 1624 1624 + while (nbytes >= 2 * bsize) { 1625 1625 + camellia_enc_blk_2way(ctx, srcdst, srcdst); 1626 1626 + srcdst += bsize * 2; 1627 1627 + nbytes -= bsize * 2; 1628 1628 + } 1629 1629 + 1630 1630 + for (i = 0; i < nbytes / bsize; i++, srcdst += bsize) 1631 1631 + camellia_enc_blk(ctx, srcdst, srcdst); 1632 1632 + } 1633 1633 + 1634 1634 + static void decrypt_callback(void *priv, u8 *srcdst, unsigned int nbytes) 1635 1635 + { 1636 1636 + const unsigned int bsize = CAMELLIA_BLOCK_SIZE; 1637 1637 + struct camellia_ctx *ctx = priv; 1638 1638 + int i; 1639 1639 + 1640 1640 + while (nbytes >= 2 * bsize) { 1641 1641 + camellia_dec_blk_2way(ctx, srcdst, srcdst); 1642 1642 + srcdst += bsize * 2; 1643 1643 + nbytes -= bsize * 2; 1644 1644 + } 1645 1645 + 1646 1646 + for (i = 0; i < nbytes / bsize; i++, srcdst += bsize) 1647 1647 + camellia_dec_blk(ctx, srcdst, srcdst); 1648 1648 + } 1649 1649 + 1650 1650 + struct camellia_lrw_ctx { 1651 1651 + struct lrw_table_ctx lrw_table; 1652 1652 + struct camellia_ctx camellia_ctx; 1653 1653 + }; 1654 1654 + 1655 1655 + static int lrw_camellia_setkey(struct crypto_tfm *tfm, const u8 *key, 1656 1656 + unsigned int keylen) 1657 1657 + { 1658 1658 + struct camellia_lrw_ctx *ctx = crypto_tfm_ctx(tfm); 1659 1659 + int err; 1660 1660 + 1661 1661 + err = __camellia_setkey(&ctx->camellia_ctx, key, 1662 1662 + keylen - CAMELLIA_BLOCK_SIZE, 1663 1663 + &tfm->crt_flags); 1664 1664 + if (err) 1665 1665 + return err; 1666 1666 + 1667 1667 + return lrw_init_table(&ctx->lrw_table, 1668 1668 + key + keylen - CAMELLIA_BLOCK_SIZE); 1669 1669 + } 1670 1670 + 1671 1671 + static int lrw_encrypt(struct blkcipher_desc *desc, struct scatterlist *dst, 1672 1672 + struct scatterlist *src, unsigned int nbytes) 1673 1673 + { 1674 1674 + struct camellia_lrw_ctx *ctx = crypto_blkcipher_ctx(desc->tfm); 1675 1675 + be128 buf[2 * 4]; 1676 1676 + struct lrw_crypt_req req = { 1677 1677 + .tbuf = buf, 1678 1678 + .tbuflen = sizeof(buf), 1679 1679 + 1680 1680 + .table_ctx = &ctx->lrw_table, 1681 1681 + .crypt_ctx = &ctx->camellia_ctx, 1682 1682 + .crypt_fn = encrypt_callback, 1683 1683 + }; 1684 1684 + 1685 1685 + return lrw_crypt(desc, dst, src, nbytes, &req); 1686 1686 + } 1687 1687 + 1688 1688 + static int lrw_decrypt(struct blkcipher_desc *desc, struct scatterlist *dst, 1689 1689 + struct scatterlist *src, unsigned int nbytes) 1690 1690 + { 1691 1691 + struct camellia_lrw_ctx *ctx = crypto_blkcipher_ctx(desc->tfm); 1692 1692 + be128 buf[2 * 4]; 1693 1693 + struct lrw_crypt_req req = { 1694 1694 + .tbuf = buf, 1695 1695 + .tbuflen = sizeof(buf), 1696 1696 + 1697 1697 + .table_ctx = &ctx->lrw_table, 1698 1698 + .crypt_ctx = &ctx->camellia_ctx, 1699 1699 + .crypt_fn = decrypt_callback, 1700 1700 + }; 1701 1701 + 1702 1702 + return lrw_crypt(desc, dst, src, nbytes, &req); 1703 1703 + } 1704 1704 + 1705 1705 + static void lrw_exit_tfm(struct crypto_tfm *tfm) 1706 1706 + { 1707 1707 + struct camellia_lrw_ctx *ctx = crypto_tfm_ctx(tfm); 1708 1708 + 1709 1709 + lrw_free_table(&ctx->lrw_table); 1710 1710 + } 1711 1711 + 1712 1712 + struct camellia_xts_ctx { 1713 1713 + struct camellia_ctx tweak_ctx; 1714 1714 + struct camellia_ctx crypt_ctx; 1715 1715 + }; 1716 1716 + 1717 1717 + static int xts_camellia_setkey(struct crypto_tfm *tfm, const u8 *key, 1718 1718 + unsigned int keylen) 1719 1719 + { 1720 1720 + struct camellia_xts_ctx *ctx = crypto_tfm_ctx(tfm); 1721 1721 + u32 *flags = &tfm->crt_flags; 1722 1722 + int err; 1723 1723 + 1724 1724 + /* key consists of keys of equal size concatenated, therefore 1725 1725 + * the length must be even 1726 1726 + */ 1727 1727 + if (keylen % 2) { 1728 1728 + *flags |= CRYPTO_TFM_RES_BAD_KEY_LEN; 1729 1729 + return -EINVAL; 1730 1730 + } 1731 1731 + 1732 1732 + /* first half of xts-key is for crypt */ 1733 1733 + err = __camellia_setkey(&ctx->crypt_ctx, key, keylen / 2, flags); 1734 1734 + if (err) 1735 1735 + return err; 1736 1736 + 1737 1737 + /* second half of xts-key is for tweak */ 1738 1738 + return __camellia_setkey(&ctx->tweak_ctx, key + keylen / 2, keylen / 2, 1739 1739 + flags); 1740 1740 + } 1741 1741 + 1742 1742 + static int xts_encrypt(struct blkcipher_desc *desc, struct scatterlist *dst, 1743 1743 + struct scatterlist *src, unsigned int nbytes) 1744 1744 + { 1745 1745 + struct camellia_xts_ctx *ctx = crypto_blkcipher_ctx(desc->tfm); 1746 1746 + be128 buf[2 * 4]; 1747 1747 + struct xts_crypt_req req = { 1748 1748 + .tbuf = buf, 1749 1749 + .tbuflen = sizeof(buf), 1750 1750 + 1751 1751 + .tweak_ctx = &ctx->tweak_ctx, 1752 1752 + .tweak_fn = XTS_TWEAK_CAST(camellia_enc_blk), 1753 1753 + .crypt_ctx = &ctx->crypt_ctx, 1754 1754 + .crypt_fn = encrypt_callback, 1755 1755 + }; 1756 1756 + 1757 1757 + return xts_crypt(desc, dst, src, nbytes, &req); 1758 1758 + } 1759 1759 + 1760 1760 + static int xts_decrypt(struct blkcipher_desc *desc, struct scatterlist *dst, 1761 1761 + struct scatterlist *src, unsigned int nbytes) 1762 1762 + { 1763 1763 + struct camellia_xts_ctx *ctx = crypto_blkcipher_ctx(desc->tfm); 1764 1764 + be128 buf[2 * 4]; 1765 1765 + struct xts_crypt_req req = { 1766 1766 + .tbuf = buf, 1767 1767 + .tbuflen = sizeof(buf), 1768 1768 + 1769 1769 + .tweak_ctx = &ctx->tweak_ctx, 1770 1770 + .tweak_fn = XTS_TWEAK_CAST(camellia_enc_blk), 1771 1771 + .crypt_ctx = &ctx->crypt_ctx, 1772 1772 + .crypt_fn = decrypt_callback, 1773 1773 + }; 1774 1774 + 1775 1775 + return xts_crypt(desc, dst, src, nbytes, &req); 1776 1776 + } 1777 1777 + 1778 1778 + static struct crypto_alg camellia_algs[6] = { { 1779 1779 + .cra_name = "camellia", 1780 1780 + .cra_driver_name = "camellia-asm", 1781 1781 + .cra_priority = 200, 1782 1782 + .cra_flags = CRYPTO_ALG_TYPE_CIPHER, 1783 1783 + .cra_blocksize = CAMELLIA_BLOCK_SIZE, 1784 1784 + .cra_ctxsize = sizeof(struct camellia_ctx), 1785 1785 + .cra_alignmask = 0, 1786 1786 + .cra_module = THIS_MODULE, 1787 1787 + .cra_list = LIST_HEAD_INIT(camellia_algs[0].cra_list), 1788 1788 + .cra_u = { 1789 1789 + .cipher = { 1790 1790 + .cia_min_keysize = CAMELLIA_MIN_KEY_SIZE, 1791 1791 + .cia_max_keysize = CAMELLIA_MAX_KEY_SIZE, 1792 1792 + .cia_setkey = camellia_setkey, 1793 1793 + .cia_encrypt = camellia_encrypt, 1794 1794 + .cia_decrypt = camellia_decrypt 1795 1795 + } 1796 1796 + } 1797 1797 + }, { 1798 1798 + .cra_name = "ecb(camellia)", 1799 1799 + .cra_driver_name = "ecb-camellia-asm", 1800 1800 + .cra_priority = 300, 1801 1801 + .cra_flags = CRYPTO_ALG_TYPE_BLKCIPHER, 1802 1802 + .cra_blocksize = CAMELLIA_BLOCK_SIZE, 1803 1803 + .cra_ctxsize = sizeof(struct camellia_ctx), 1804 1804 + .cra_alignmask = 0, 1805 1805 + .cra_type = &crypto_blkcipher_type, 1806 1806 + .cra_module = THIS_MODULE, 1807 1807 + .cra_list = LIST_HEAD_INIT(camellia_algs[1].cra_list), 1808 1808 + .cra_u = { 1809 1809 + .blkcipher = { 1810 1810 + .min_keysize = CAMELLIA_MIN_KEY_SIZE, 1811 1811 + .max_keysize = CAMELLIA_MAX_KEY_SIZE, 1812 1812 + .setkey = camellia_setkey, 1813 1813 + .encrypt = ecb_encrypt, 1814 1814 + .decrypt = ecb_decrypt, 1815 1815 + }, 1816 1816 + }, 1817 1817 + }, { 1818 1818 + .cra_name = "cbc(camellia)", 1819 1819 + .cra_driver_name = "cbc-camellia-asm", 1820 1820 + .cra_priority = 300, 1821 1821 + .cra_flags = CRYPTO_ALG_TYPE_BLKCIPHER, 1822 1822 + .cra_blocksize = CAMELLIA_BLOCK_SIZE, 1823 1823 + .cra_ctxsize = sizeof(struct camellia_ctx), 1824 1824 + .cra_alignmask = 0, 1825 1825 + .cra_type = &crypto_blkcipher_type, 1826 1826 + .cra_module = THIS_MODULE, 1827 1827 + .cra_list = LIST_HEAD_INIT(camellia_algs[2].cra_list), 1828 1828 + .cra_u = { 1829 1829 + .blkcipher = { 1830 1830 + .min_keysize = CAMELLIA_MIN_KEY_SIZE, 1831 1831 + .max_keysize = CAMELLIA_MAX_KEY_SIZE, 1832 1832 + .ivsize = CAMELLIA_BLOCK_SIZE, 1833 1833 + .setkey = camellia_setkey, 1834 1834 + .encrypt = cbc_encrypt, 1835 1835 + .decrypt = cbc_decrypt, 1836 1836 + }, 1837 1837 + }, 1838 1838 + }, { 1839 1839 + .cra_name = "ctr(camellia)", 1840 1840 + .cra_driver_name = "ctr-camellia-asm", 1841 1841 + .cra_priority = 300, 1842 1842 + .cra_flags = CRYPTO_ALG_TYPE_BLKCIPHER, 1843 1843 + .cra_blocksize = 1, 1844 1844 + .cra_ctxsize = sizeof(struct camellia_ctx), 1845 1845 + .cra_alignmask = 0, 1846 1846 + .cra_type = &crypto_blkcipher_type, 1847 1847 + .cra_module = THIS_MODULE, 1848 1848 + .cra_list = LIST_HEAD_INIT(camellia_algs[3].cra_list), 1849 1849 + .cra_u = { 1850 1850 + .blkcipher = { 1851 1851 + .min_keysize = CAMELLIA_MIN_KEY_SIZE, 1852 1852 + .max_keysize = CAMELLIA_MAX_KEY_SIZE, 1853 1853 + .ivsize = CAMELLIA_BLOCK_SIZE, 1854 1854 + .setkey = camellia_setkey, 1855 1855 + .encrypt = ctr_crypt, 1856 1856 + .decrypt = ctr_crypt, 1857 1857 + }, 1858 1858 + }, 1859 1859 + }, { 1860 1860 + .cra_name = "lrw(camellia)", 1861 1861 + .cra_driver_name = "lrw-camellia-asm", 1862 1862 + .cra_priority = 300, 1863 1863 + .cra_flags = CRYPTO_ALG_TYPE_BLKCIPHER, 1864 1864 + .cra_blocksize = CAMELLIA_BLOCK_SIZE, 1865 1865 + .cra_ctxsize = sizeof(struct camellia_lrw_ctx), 1866 1866 + .cra_alignmask = 0, 1867 1867 + .cra_type = &crypto_blkcipher_type, 1868 1868 + .cra_module = THIS_MODULE, 1869 1869 + .cra_list = LIST_HEAD_INIT(camellia_algs[4].cra_list), 1870 1870 + .cra_exit = lrw_exit_tfm, 1871 1871 + .cra_u = { 1872 1872 + .blkcipher = { 1873 1873 + .min_keysize = CAMELLIA_MIN_KEY_SIZE + 1874 1874 + CAMELLIA_BLOCK_SIZE, 1875 1875 + .max_keysize = CAMELLIA_MAX_KEY_SIZE + 1876 1876 + CAMELLIA_BLOCK_SIZE, 1877 1877 + .ivsize = CAMELLIA_BLOCK_SIZE, 1878 1878 + .setkey = lrw_camellia_setkey, 1879 1879 + .encrypt = lrw_encrypt, 1880 1880 + .decrypt = lrw_decrypt, 1881 1881 + }, 1882 1882 + }, 1883 1883 + }, { 1884 1884 + .cra_name = "xts(camellia)", 1885 1885 + .cra_driver_name = "xts-camellia-asm", 1886 1886 + .cra_priority = 300, 1887 1887 + .cra_flags = CRYPTO_ALG_TYPE_BLKCIPHER, 1888 1888 + .cra_blocksize = CAMELLIA_BLOCK_SIZE, 1889 1889 + .cra_ctxsize = sizeof(struct camellia_xts_ctx), 1890 1890 + .cra_alignmask = 0, 1891 1891 + .cra_type = &crypto_blkcipher_type, 1892 1892 + .cra_module = THIS_MODULE, 1893 1893 + .cra_list = LIST_HEAD_INIT(camellia_algs[5].cra_list), 1894 1894 + .cra_u = { 1895 1895 + .blkcipher = { 1896 1896 + .min_keysize = CAMELLIA_MIN_KEY_SIZE * 2, 1897 1897 + .max_keysize = CAMELLIA_MAX_KEY_SIZE * 2, 1898 1898 + .ivsize = CAMELLIA_BLOCK_SIZE, 1899 1899 + .setkey = xts_camellia_setkey, 1900 1900 + .encrypt = xts_encrypt, 1901 1901 + .decrypt = xts_decrypt, 1902 1902 + }, 1903 1903 + }, 1904 1904 + } }; 1905 1905 + 1906 1906 + static bool is_blacklisted_cpu(void) 1907 1907 + { 1908 1908 + if (boot_cpu_data.x86_vendor != X86_VENDOR_INTEL) 1909 1909 + return false; 1910 1910 + 1911 1911 + if (boot_cpu_data.x86 == 0x0f) { 1912 1912 + /* 1913 1913 + * On Pentium 4, camellia-asm is slower than original assembler 1914 1914 + * implementation because excessive uses of 64bit rotate and 1915 1915 + * left-shifts (which are really slow on P4) needed to store and 1916 1916 + * handle 128bit block in two 64bit registers. 1917 1917 + */ 1918 1918 + return true; 1919 1919 + } 1920 1920 + 1921 1921 + return false; 1922 1922 + } 1923 1923 + 1924 1924 + static int force; 1925 1925 + module_param(force, int, 0); 1926 1926 + MODULE_PARM_DESC(force, "Force module load, ignore CPU blacklist"); 1927 1927 + 1928 1928 + int __init init(void) 1929 1929 + { 1930 1930 + if (!force && is_blacklisted_cpu()) { 1931 1931 + printk(KERN_INFO 1932 1932 + "camellia-x86_64: performance on this CPU " 1933 1933 + "would be suboptimal: disabling " 1934 1934 + "camellia-x86_64.\n"); 1935 1935 + return -ENODEV; 1936 1936 + } 1937 1937 + 1938 1938 + return crypto_register_algs(camellia_algs, ARRAY_SIZE(camellia_algs)); 1939 1939 + } 1940 1940 + 1941 1941 + void __exit fini(void) 1942 1942 + { 1943 1943 + crypto_unregister_algs(camellia_algs, ARRAY_SIZE(camellia_algs)); 1944 1944 + } 1945 1945 + 1946 1946 + module_init(init); 1947 1947 + module_exit(fini); 1948 1948 + 1949 1949 + MODULE_LICENSE("GPL"); 1950 1950 + MODULE_DESCRIPTION("Camellia Cipher Algorithm, asm optimized"); 1951 1951 + MODULE_ALIAS("camellia"); 1952 1952 + MODULE_ALIAS("camellia-asm");

+13 -16

arch/x86/crypto/serpent-sse2-i586-asm_32.S

reviewed

··· 463 463 pand x0, x4; \ 464 464 pxor x2, x4; 465 465 466 466 - #define transpose_4x4(x0, x1, x2, x3, t1, t2, t3) \ 467 467 - movdqa x2, t3; \ 468 468 - movdqa x0, t1; \ 469 469 - unpcklps x3, t3; \ 466 466 + #define transpose_4x4(x0, x1, x2, x3, t0, t1, t2) \ 470 467 movdqa x0, t2; \ 471 471 - unpcklps x1, t1; \ 472 472 - unpckhps x1, t2; \ 473 473 - movdqa t3, x1; \ 474 474 - unpckhps x3, x2; \ 475 475 - movdqa t1, x0; \ 476 476 - movhlps t1, x1; \ 477 477 - movdqa t2, t1; \ 478 478 - movlhps t3, x0; \ 479 479 - movlhps x2, t1; \ 480 480 - movhlps t2, x2; \ 481 481 - movdqa x2, x3; \ 482 482 - movdqa t1, x2; 468 468 + punpckldq x1, x0; \ 469 469 + punpckhdq x1, t2; \ 470 470 + movdqa x2, t1; \ 471 471 + punpckhdq x3, x2; \ 472 472 + punpckldq x3, t1; \ 473 473 + movdqa x0, x1; \ 474 474 + punpcklqdq t1, x0; \ 475 475 + punpckhqdq t1, x1; \ 476 476 + movdqa t2, x3; \ 477 477 + punpcklqdq x2, t2; \ 478 478 + punpckhqdq x2, x3; \ 479 479 + movdqa t2, x2; 483 480 484 481 #define read_blocks(in, x0, x1, x2, x3, t0, t1, t2) \ 485 482 movdqu (0*4*4)(in), x0; \

+13 -16

arch/x86/crypto/serpent-sse2-x86_64-asm_64.S

reviewed

··· 585 585 get_key(i, 1, RK1); \ 586 586 SBOX ## _2(x0 ## 2, x1 ## 2, x2 ## 2, x3 ## 2, x4 ## 2); \ 587 587 588 588 - #define transpose_4x4(x0, x1, x2, x3, t1, t2, t3) \ 589 589 - movdqa x2, t3; \ 590 590 - movdqa x0, t1; \ 591 591 - unpcklps x3, t3; \ 588 588 + #define transpose_4x4(x0, x1, x2, x3, t0, t1, t2) \ 592 589 movdqa x0, t2; \ 593 593 - unpcklps x1, t1; \ 594 594 - unpckhps x1, t2; \ 595 595 - movdqa t3, x1; \ 596 596 - unpckhps x3, x2; \ 597 597 - movdqa t1, x0; \ 598 598 - movhlps t1, x1; \ 599 599 - movdqa t2, t1; \ 600 600 - movlhps t3, x0; \ 601 601 - movlhps x2, t1; \ 602 602 - movhlps t2, x2; \ 603 603 - movdqa x2, x3; \ 604 604 - movdqa t1, x2; 590 590 + punpckldq x1, x0; \ 591 591 + punpckhdq x1, t2; \ 592 592 + movdqa x2, t1; \ 593 593 + punpckhdq x3, x2; \ 594 594 + punpckldq x3, t1; \ 595 595 + movdqa x0, x1; \ 596 596 + punpcklqdq t1, x0; \ 597 597 + punpckhqdq t1, x1; \ 598 598 + movdqa t2, x3; \ 599 599 + punpcklqdq x2, t2; \ 600 600 + punpckhqdq x2, x3; \ 601 601 + movdqa t2, x2; 605 602 606 603 #define read_blocks(in, x0, x1, x2, x3, t0, t1, t2) \ 607 604 movdqu (0*4*4)(in), x0; \

+134 -260

arch/x86/crypto/serpent_sse2_glue.c

reviewed

··· 145 145 return ecb_crypt(desc, &walk, false); 146 146 } 147 147 148 148 - static struct crypto_alg blk_ecb_alg = { 149 149 - .cra_name = "__ecb-serpent-sse2", 150 150 - .cra_driver_name = "__driver-ecb-serpent-sse2", 151 151 - .cra_priority = 0, 152 152 - .cra_flags = CRYPTO_ALG_TYPE_BLKCIPHER, 153 153 - .cra_blocksize = SERPENT_BLOCK_SIZE, 154 154 - .cra_ctxsize = sizeof(struct serpent_ctx), 155 155 - .cra_alignmask = 0, 156 156 - .cra_type = &crypto_blkcipher_type, 157 157 - .cra_module = THIS_MODULE, 158 158 - .cra_list = LIST_HEAD_INIT(blk_ecb_alg.cra_list), 159 159 - .cra_u = { 160 160 - .blkcipher = { 161 161 - .min_keysize = SERPENT_MIN_KEY_SIZE, 162 162 - .max_keysize = SERPENT_MAX_KEY_SIZE, 163 163 - .setkey = serpent_setkey, 164 164 - .encrypt = ecb_encrypt, 165 165 - .decrypt = ecb_decrypt, 166 166 - }, 167 167 - }, 168 168 - }; 169 169 - 170 148 static unsigned int __cbc_encrypt(struct blkcipher_desc *desc, 171 149 struct blkcipher_walk *walk) 172 150 { ··· 273 295 return err; 274 296 } 275 297 276 276 - static struct crypto_alg blk_cbc_alg = { 277 277 - .cra_name = "__cbc-serpent-sse2", 278 278 - .cra_driver_name = "__driver-cbc-serpent-sse2", 279 279 - .cra_priority = 0, 280 280 - .cra_flags = CRYPTO_ALG_TYPE_BLKCIPHER, 281 281 - .cra_blocksize = SERPENT_BLOCK_SIZE, 282 282 - .cra_ctxsize = sizeof(struct serpent_ctx), 283 283 - .cra_alignmask = 0, 284 284 - .cra_type = &crypto_blkcipher_type, 285 285 - .cra_module = THIS_MODULE, 286 286 - .cra_list = LIST_HEAD_INIT(blk_cbc_alg.cra_list), 287 287 - .cra_u = { 288 288 - .blkcipher = { 289 289 - .min_keysize = SERPENT_MIN_KEY_SIZE, 290 290 - .max_keysize = SERPENT_MAX_KEY_SIZE, 291 291 - .setkey = serpent_setkey, 292 292 - .encrypt = cbc_encrypt, 293 293 - .decrypt = cbc_decrypt, 294 294 - }, 295 295 - }, 296 296 - }; 297 297 - 298 298 static inline void u128_to_be128(be128 *dst, const u128 *src) 299 299 { 300 300 dst->a = cpu_to_be64(src->a); ··· 395 439 return err; 396 440 } 397 441 398 398 - static struct crypto_alg blk_ctr_alg = { 399 399 - .cra_name = "__ctr-serpent-sse2", 400 400 - .cra_driver_name = "__driver-ctr-serpent-sse2", 401 401 - .cra_priority = 0, 402 402 - .cra_flags = CRYPTO_ALG_TYPE_BLKCIPHER, 403 403 - .cra_blocksize = 1, 404 404 - .cra_ctxsize = sizeof(struct serpent_ctx), 405 405 - .cra_alignmask = 0, 406 406 - .cra_type = &crypto_blkcipher_type, 407 407 - .cra_module = THIS_MODULE, 408 408 - .cra_list = LIST_HEAD_INIT(blk_ctr_alg.cra_list), 409 409 - .cra_u = { 410 410 - .blkcipher = { 411 411 - .min_keysize = SERPENT_MIN_KEY_SIZE, 412 412 - .max_keysize = SERPENT_MAX_KEY_SIZE, 413 413 - .ivsize = SERPENT_BLOCK_SIZE, 414 414 - .setkey = serpent_setkey, 415 415 - .encrypt = ctr_crypt, 416 416 - .decrypt = ctr_crypt, 417 417 - }, 418 418 - }, 419 419 - }; 420 420 - 421 442 struct crypt_priv { 422 443 struct serpent_ctx *ctx; 423 444 bool fpu_enabled; ··· 513 580 lrw_free_table(&ctx->lrw_table); 514 581 } 515 582 516 516 - static struct crypto_alg blk_lrw_alg = { 517 517 - .cra_name = "__lrw-serpent-sse2", 518 518 - .cra_driver_name = "__driver-lrw-serpent-sse2", 519 519 - .cra_priority = 0, 520 520 - .cra_flags = CRYPTO_ALG_TYPE_BLKCIPHER, 521 521 - .cra_blocksize = SERPENT_BLOCK_SIZE, 522 522 - .cra_ctxsize = sizeof(struct serpent_lrw_ctx), 523 523 - .cra_alignmask = 0, 524 524 - .cra_type = &crypto_blkcipher_type, 525 525 - .cra_module = THIS_MODULE, 526 526 - .cra_list = LIST_HEAD_INIT(blk_lrw_alg.cra_list), 527 527 - .cra_exit = lrw_exit_tfm, 528 528 - .cra_u = { 529 529 - .blkcipher = { 530 530 - .min_keysize = SERPENT_MIN_KEY_SIZE + 531 531 - SERPENT_BLOCK_SIZE, 532 532 - .max_keysize = SERPENT_MAX_KEY_SIZE + 533 533 - SERPENT_BLOCK_SIZE, 534 534 - .ivsize = SERPENT_BLOCK_SIZE, 535 535 - .setkey = lrw_serpent_setkey, 536 536 - .encrypt = lrw_encrypt, 537 537 - .decrypt = lrw_decrypt, 538 538 - }, 539 539 - }, 540 540 - }; 541 541 - 542 583 struct serpent_xts_ctx { 543 584 struct serpent_ctx tweak_ctx; 544 585 struct serpent_ctx crypt_ctx; ··· 596 689 return ret; 597 690 } 598 691 599 599 - static struct crypto_alg blk_xts_alg = { 600 600 - .cra_name = "__xts-serpent-sse2", 601 601 - .cra_driver_name = "__driver-xts-serpent-sse2", 602 602 - .cra_priority = 0, 603 603 - .cra_flags = CRYPTO_ALG_TYPE_BLKCIPHER, 604 604 - .cra_blocksize = SERPENT_BLOCK_SIZE, 605 605 - .cra_ctxsize = sizeof(struct serpent_xts_ctx), 606 606 - .cra_alignmask = 0, 607 607 - .cra_type = &crypto_blkcipher_type, 608 608 - .cra_module = THIS_MODULE, 609 609 - .cra_list = LIST_HEAD_INIT(blk_xts_alg.cra_list), 610 610 - .cra_u = { 611 611 - .blkcipher = { 612 612 - .min_keysize = SERPENT_MIN_KEY_SIZE * 2, 613 613 - .max_keysize = SERPENT_MAX_KEY_SIZE * 2, 614 614 - .ivsize = SERPENT_BLOCK_SIZE, 615 615 - .setkey = xts_serpent_setkey, 616 616 - .encrypt = xts_encrypt, 617 617 - .decrypt = xts_decrypt, 618 618 - }, 619 619 - }, 620 620 - }; 621 621 - 622 692 static int ablk_set_key(struct crypto_ablkcipher *tfm, const u8 *key, 623 693 unsigned int key_len) 624 694 { ··· 676 792 cryptd_free_ablkcipher(ctx->cryptd_tfm); 677 793 } 678 794 679 679 - static void ablk_init_common(struct crypto_tfm *tfm, 680 680 - struct cryptd_ablkcipher *cryptd_tfm) 795 795 + static int ablk_init(struct crypto_tfm *tfm) 681 796 { 682 797 struct async_serpent_ctx *ctx = crypto_tfm_ctx(tfm); 798 798 + struct cryptd_ablkcipher *cryptd_tfm; 799 799 + char drv_name[CRYPTO_MAX_ALG_NAME]; 800 800 + 801 801 + snprintf(drv_name, sizeof(drv_name), "__driver-%s", 802 802 + crypto_tfm_alg_driver_name(tfm)); 803 803 + 804 804 + cryptd_tfm = cryptd_alloc_ablkcipher(drv_name, 0, 0); 805 805 + if (IS_ERR(cryptd_tfm)) 806 806 + return PTR_ERR(cryptd_tfm); 683 807 684 808 ctx->cryptd_tfm = cryptd_tfm; 685 809 tfm->crt_ablkcipher.reqsize = sizeof(struct ablkcipher_request) + 686 810 crypto_ablkcipher_reqsize(&cryptd_tfm->base); 687 687 - } 688 811 689 689 - static int ablk_ecb_init(struct crypto_tfm *tfm) 690 690 - { 691 691 - struct cryptd_ablkcipher *cryptd_tfm; 692 692 - 693 693 - cryptd_tfm = cryptd_alloc_ablkcipher("__driver-ecb-serpent-sse2", 0, 0); 694 694 - if (IS_ERR(cryptd_tfm)) 695 695 - return PTR_ERR(cryptd_tfm); 696 696 - ablk_init_common(tfm, cryptd_tfm); 697 812 return 0; 698 813 } 699 814 700 700 - static struct crypto_alg ablk_ecb_alg = { 815 815 + static struct crypto_alg serpent_algs[10] = { { 816 816 + .cra_name = "__ecb-serpent-sse2", 817 817 + .cra_driver_name = "__driver-ecb-serpent-sse2", 818 818 + .cra_priority = 0, 819 819 + .cra_flags = CRYPTO_ALG_TYPE_BLKCIPHER, 820 820 + .cra_blocksize = SERPENT_BLOCK_SIZE, 821 821 + .cra_ctxsize = sizeof(struct serpent_ctx), 822 822 + .cra_alignmask = 0, 823 823 + .cra_type = &crypto_blkcipher_type, 824 824 + .cra_module = THIS_MODULE, 825 825 + .cra_list = LIST_HEAD_INIT(serpent_algs[0].cra_list), 826 826 + .cra_u = { 827 827 + .blkcipher = { 828 828 + .min_keysize = SERPENT_MIN_KEY_SIZE, 829 829 + .max_keysize = SERPENT_MAX_KEY_SIZE, 830 830 + .setkey = serpent_setkey, 831 831 + .encrypt = ecb_encrypt, 832 832 + .decrypt = ecb_decrypt, 833 833 + }, 834 834 + }, 835 835 + }, { 836 836 + .cra_name = "__cbc-serpent-sse2", 837 837 + .cra_driver_name = "__driver-cbc-serpent-sse2", 838 838 + .cra_priority = 0, 839 839 + .cra_flags = CRYPTO_ALG_TYPE_BLKCIPHER, 840 840 + .cra_blocksize = SERPENT_BLOCK_SIZE, 841 841 + .cra_ctxsize = sizeof(struct serpent_ctx), 842 842 + .cra_alignmask = 0, 843 843 + .cra_type = &crypto_blkcipher_type, 844 844 + .cra_module = THIS_MODULE, 845 845 + .cra_list = LIST_HEAD_INIT(serpent_algs[1].cra_list), 846 846 + .cra_u = { 847 847 + .blkcipher = { 848 848 + .min_keysize = SERPENT_MIN_KEY_SIZE, 849 849 + .max_keysize = SERPENT_MAX_KEY_SIZE, 850 850 + .setkey = serpent_setkey, 851 851 + .encrypt = cbc_encrypt, 852 852 + .decrypt = cbc_decrypt, 853 853 + }, 854 854 + }, 855 855 + }, { 856 856 + .cra_name = "__ctr-serpent-sse2", 857 857 + .cra_driver_name = "__driver-ctr-serpent-sse2", 858 858 + .cra_priority = 0, 859 859 + .cra_flags = CRYPTO_ALG_TYPE_BLKCIPHER, 860 860 + .cra_blocksize = 1, 861 861 + .cra_ctxsize = sizeof(struct serpent_ctx), 862 862 + .cra_alignmask = 0, 863 863 + .cra_type = &crypto_blkcipher_type, 864 864 + .cra_module = THIS_MODULE, 865 865 + .cra_list = LIST_HEAD_INIT(serpent_algs[2].cra_list), 866 866 + .cra_u = { 867 867 + .blkcipher = { 868 868 + .min_keysize = SERPENT_MIN_KEY_SIZE, 869 869 + .max_keysize = SERPENT_MAX_KEY_SIZE, 870 870 + .ivsize = SERPENT_BLOCK_SIZE, 871 871 + .setkey = serpent_setkey, 872 872 + .encrypt = ctr_crypt, 873 873 + .decrypt = ctr_crypt, 874 874 + }, 875 875 + }, 876 876 + }, { 877 877 + .cra_name = "__lrw-serpent-sse2", 878 878 + .cra_driver_name = "__driver-lrw-serpent-sse2", 879 879 + .cra_priority = 0, 880 880 + .cra_flags = CRYPTO_ALG_TYPE_BLKCIPHER, 881 881 + .cra_blocksize = SERPENT_BLOCK_SIZE, 882 882 + .cra_ctxsize = sizeof(struct serpent_lrw_ctx), 883 883 + .cra_alignmask = 0, 884 884 + .cra_type = &crypto_blkcipher_type, 885 885 + .cra_module = THIS_MODULE, 886 886 + .cra_list = LIST_HEAD_INIT(serpent_algs[3].cra_list), 887 887 + .cra_exit = lrw_exit_tfm, 888 888 + .cra_u = { 889 889 + .blkcipher = { 890 890 + .min_keysize = SERPENT_MIN_KEY_SIZE + 891 891 + SERPENT_BLOCK_SIZE, 892 892 + .max_keysize = SERPENT_MAX_KEY_SIZE + 893 893 + SERPENT_BLOCK_SIZE, 894 894 + .ivsize = SERPENT_BLOCK_SIZE, 895 895 + .setkey = lrw_serpent_setkey, 896 896 + .encrypt = lrw_encrypt, 897 897 + .decrypt = lrw_decrypt, 898 898 + }, 899 899 + }, 900 900 + }, { 901 901 + .cra_name = "__xts-serpent-sse2", 902 902 + .cra_driver_name = "__driver-xts-serpent-sse2", 903 903 + .cra_priority = 0, 904 904 + .cra_flags = CRYPTO_ALG_TYPE_BLKCIPHER, 905 905 + .cra_blocksize = SERPENT_BLOCK_SIZE, 906 906 + .cra_ctxsize = sizeof(struct serpent_xts_ctx), 907 907 + .cra_alignmask = 0, 908 908 + .cra_type = &crypto_blkcipher_type, 909 909 + .cra_module = THIS_MODULE, 910 910 + .cra_list = LIST_HEAD_INIT(serpent_algs[4].cra_list), 911 911 + .cra_u = { 912 912 + .blkcipher = { 913 913 + .min_keysize = SERPENT_MIN_KEY_SIZE * 2, 914 914 + .max_keysize = SERPENT_MAX_KEY_SIZE * 2, 915 915 + .ivsize = SERPENT_BLOCK_SIZE, 916 916 + .setkey = xts_serpent_setkey, 917 917 + .encrypt = xts_encrypt, 918 918 + .decrypt = xts_decrypt, 919 919 + }, 920 920 + }, 921 921 + }, { 701 922 .cra_name = "ecb(serpent)", 702 923 .cra_driver_name = "ecb-serpent-sse2", 703 924 .cra_priority = 400, ··· 812 823 .cra_alignmask = 0, 813 824 .cra_type = &crypto_ablkcipher_type, 814 825 .cra_module = THIS_MODULE, 815 815 - .cra_list = LIST_HEAD_INIT(ablk_ecb_alg.cra_list), 816 816 - .cra_init = ablk_ecb_init, 826 826 + .cra_list = LIST_HEAD_INIT(serpent_algs[5].cra_list), 827 827 + .cra_init = ablk_init, 817 828 .cra_exit = ablk_exit, 818 829 .cra_u = { 819 830 .ablkcipher = { ··· 824 835 .decrypt = ablk_decrypt, 825 836 }, 826 837 }, 827 827 - }; 828 828 - 829 829 - static int ablk_cbc_init(struct crypto_tfm *tfm) 830 830 - { 831 831 - struct cryptd_ablkcipher *cryptd_tfm; 832 832 - 833 833 - cryptd_tfm = cryptd_alloc_ablkcipher("__driver-cbc-serpent-sse2", 0, 0); 834 834 - if (IS_ERR(cryptd_tfm)) 835 835 - return PTR_ERR(cryptd_tfm); 836 836 - ablk_init_common(tfm, cryptd_tfm); 837 837 - return 0; 838 838 - } 839 839 - 840 840 - static struct crypto_alg ablk_cbc_alg = { 838 838 + }, { 841 839 .cra_name = "cbc(serpent)", 842 840 .cra_driver_name = "cbc-serpent-sse2", 843 841 .cra_priority = 400, ··· 834 858 .cra_alignmask = 0, 835 859 .cra_type = &crypto_ablkcipher_type, 836 860 .cra_module = THIS_MODULE, 837 837 - .cra_list = LIST_HEAD_INIT(ablk_cbc_alg.cra_list), 838 838 - .cra_init = ablk_cbc_init, 861 861 + .cra_list = LIST_HEAD_INIT(serpent_algs[6].cra_list), 862 862 + .cra_init = ablk_init, 839 863 .cra_exit = ablk_exit, 840 864 .cra_u = { 841 865 .ablkcipher = { ··· 847 871 .decrypt = ablk_decrypt, 848 872 }, 849 873 }, 850 850 - }; 851 851 - 852 852 - static int ablk_ctr_init(struct crypto_tfm *tfm) 853 853 - { 854 854 - struct cryptd_ablkcipher *cryptd_tfm; 855 855 - 856 856 - cryptd_tfm = cryptd_alloc_ablkcipher("__driver-ctr-serpent-sse2", 0, 0); 857 857 - if (IS_ERR(cryptd_tfm)) 858 858 - return PTR_ERR(cryptd_tfm); 859 859 - ablk_init_common(tfm, cryptd_tfm); 860 860 - return 0; 861 861 - } 862 862 - 863 863 - static struct crypto_alg ablk_ctr_alg = { 874 874 + }, { 864 875 .cra_name = "ctr(serpent)", 865 876 .cra_driver_name = "ctr-serpent-sse2", 866 877 .cra_priority = 400, ··· 857 894 .cra_alignmask = 0, 858 895 .cra_type = &crypto_ablkcipher_type, 859 896 .cra_module = THIS_MODULE, 860 860 - .cra_list = LIST_HEAD_INIT(ablk_ctr_alg.cra_list), 861 861 - .cra_init = ablk_ctr_init, 897 897 + .cra_list = LIST_HEAD_INIT(serpent_algs[7].cra_list), 898 898 + .cra_init = ablk_init, 862 899 .cra_exit = ablk_exit, 863 900 .cra_u = { 864 901 .ablkcipher = { ··· 871 908 .geniv = "chainiv", 872 909 }, 873 910 }, 874 874 - }; 875 875 - 876 876 - static int ablk_lrw_init(struct crypto_tfm *tfm) 877 877 - { 878 878 - struct cryptd_ablkcipher *cryptd_tfm; 879 879 - 880 880 - cryptd_tfm = cryptd_alloc_ablkcipher("__driver-lrw-serpent-sse2", 0, 0); 881 881 - if (IS_ERR(cryptd_tfm)) 882 882 - return PTR_ERR(cryptd_tfm); 883 883 - ablk_init_common(tfm, cryptd_tfm); 884 884 - return 0; 885 885 - } 886 886 - 887 887 - static struct crypto_alg ablk_lrw_alg = { 911 911 + }, { 888 912 .cra_name = "lrw(serpent)", 889 913 .cra_driver_name = "lrw-serpent-sse2", 890 914 .cra_priority = 400, ··· 881 931 .cra_alignmask = 0, 882 932 .cra_type = &crypto_ablkcipher_type, 883 933 .cra_module = THIS_MODULE, 884 884 - .cra_list = LIST_HEAD_INIT(ablk_lrw_alg.cra_list), 885 885 - .cra_init = ablk_lrw_init, 934 934 + .cra_list = LIST_HEAD_INIT(serpent_algs[8].cra_list), 935 935 + .cra_init = ablk_init, 886 936 .cra_exit = ablk_exit, 887 937 .cra_u = { 888 938 .ablkcipher = { ··· 896 946 .decrypt = ablk_decrypt, 897 947 }, 898 948 }, 899 899 - }; 900 900 - 901 901 - static int ablk_xts_init(struct crypto_tfm *tfm) 902 902 - { 903 903 - struct cryptd_ablkcipher *cryptd_tfm; 904 904 - 905 905 - cryptd_tfm = cryptd_alloc_ablkcipher("__driver-xts-serpent-sse2", 0, 0); 906 906 - if (IS_ERR(cryptd_tfm)) 907 907 - return PTR_ERR(cryptd_tfm); 908 908 - ablk_init_common(tfm, cryptd_tfm); 909 909 - return 0; 910 910 - } 911 911 - 912 912 - static struct crypto_alg ablk_xts_alg = { 949 949 + }, { 913 950 .cra_name = "xts(serpent)", 914 951 .cra_driver_name = "xts-serpent-sse2", 915 952 .cra_priority = 400, ··· 906 969 .cra_alignmask = 0, 907 970 .cra_type = &crypto_ablkcipher_type, 908 971 .cra_module = THIS_MODULE, 909 909 - .cra_list = LIST_HEAD_INIT(ablk_xts_alg.cra_list), 910 910 - .cra_init = ablk_xts_init, 972 972 + .cra_list = LIST_HEAD_INIT(serpent_algs[9].cra_list), 973 973 + .cra_init = ablk_init, 911 974 .cra_exit = ablk_exit, 912 975 .cra_u = { 913 976 .ablkcipher = { ··· 919 982 .decrypt = ablk_decrypt, 920 983 }, 921 984 }, 922 922 - }; 985 985 + } }; 923 986 924 987 static int __init serpent_sse2_init(void) 925 988 { 926 926 - int err; 927 927 - 928 989 if (!cpu_has_xmm2) { 929 990 printk(KERN_INFO "SSE2 instructions are not detected.\n"); 930 991 return -ENODEV; 931 992 } 932 993 933 933 - err = crypto_register_alg(&blk_ecb_alg); 934 934 - if (err) 935 935 - goto blk_ecb_err; 936 936 - err = crypto_register_alg(&blk_cbc_alg); 937 937 - if (err) 938 938 - goto blk_cbc_err; 939 939 - err = crypto_register_alg(&blk_ctr_alg); 940 940 - if (err) 941 941 - goto blk_ctr_err; 942 942 - err = crypto_register_alg(&ablk_ecb_alg); 943 943 - if (err) 944 944 - goto ablk_ecb_err; 945 945 - err = crypto_register_alg(&ablk_cbc_alg); 946 946 - if (err) 947 947 - goto ablk_cbc_err; 948 948 - err = crypto_register_alg(&ablk_ctr_alg); 949 949 - if (err) 950 950 - goto ablk_ctr_err; 951 951 - err = crypto_register_alg(&blk_lrw_alg); 952 952 - if (err) 953 953 - goto blk_lrw_err; 954 954 - err = crypto_register_alg(&ablk_lrw_alg); 955 955 - if (err) 956 956 - goto ablk_lrw_err; 957 957 - err = crypto_register_alg(&blk_xts_alg); 958 958 - if (err) 959 959 - goto blk_xts_err; 960 960 - err = crypto_register_alg(&ablk_xts_alg); 961 961 - if (err) 962 962 - goto ablk_xts_err; 963 963 - return err; 964 964 - 965 965 - crypto_unregister_alg(&ablk_xts_alg); 966 966 - ablk_xts_err: 967 967 - crypto_unregister_alg(&blk_xts_alg); 968 968 - blk_xts_err: 969 969 - crypto_unregister_alg(&ablk_lrw_alg); 970 970 - ablk_lrw_err: 971 971 - crypto_unregister_alg(&blk_lrw_alg); 972 972 - blk_lrw_err: 973 973 - crypto_unregister_alg(&ablk_ctr_alg); 974 974 - ablk_ctr_err: 975 975 - crypto_unregister_alg(&ablk_cbc_alg); 976 976 - ablk_cbc_err: 977 977 - crypto_unregister_alg(&ablk_ecb_alg); 978 978 - ablk_ecb_err: 979 979 - crypto_unregister_alg(&blk_ctr_alg); 980 980 - blk_ctr_err: 981 981 - crypto_unregister_alg(&blk_cbc_alg); 982 982 - blk_cbc_err: 983 983 - crypto_unregister_alg(&blk_ecb_alg); 984 984 - blk_ecb_err: 985 985 - return err; 994 994 + return crypto_register_algs(serpent_algs, ARRAY_SIZE(serpent_algs)); 986 995 } 987 996 988 997 static void __exit serpent_sse2_exit(void) 989 998 { 990 990 - crypto_unregister_alg(&ablk_xts_alg); 991 991 - crypto_unregister_alg(&blk_xts_alg); 992 992 - crypto_unregister_alg(&ablk_lrw_alg); 993 993 - crypto_unregister_alg(&blk_lrw_alg); 994 994 - crypto_unregister_alg(&ablk_ctr_alg); 995 995 - crypto_unregister_alg(&ablk_cbc_alg); 996 996 - crypto_unregister_alg(&ablk_ecb_alg); 997 997 - crypto_unregister_alg(&blk_ctr_alg); 998 998 - crypto_unregister_alg(&blk_cbc_alg); 999 999 - crypto_unregister_alg(&blk_ecb_alg); 999 999 + crypto_unregister_algs(serpent_algs, ARRAY_SIZE(serpent_algs)); 1000 1000 } 1001 1001 1002 1002 module_init(serpent_sse2_init);

+1 -1

arch/x86/crypto/twofish_glue.c

reviewed

··· 68 68 .cra_flags = CRYPTO_ALG_TYPE_CIPHER, 69 69 .cra_blocksize = TF_BLOCK_SIZE, 70 70 .cra_ctxsize = sizeof(struct twofish_ctx), 71 71 - .cra_alignmask = 3, 71 71 + .cra_alignmask = 0, 72 72 .cra_module = THIS_MODULE, 73 73 .cra_list = LIST_HEAD_INIT(alg.cra_list), 74 74 .cra_u = {

+135 -130

arch/x86/crypto/twofish_glue_3way.c

reviewed

··· 25 25 * 26 26 */ 27 27 28 28 + #include <asm/processor.h> 28 29 #include <linux/crypto.h> 29 30 #include <linux/init.h> 30 31 #include <linux/module.h> ··· 122 121 blkcipher_walk_init(&walk, dst, src, nbytes); 123 122 return ecb_crypt(desc, &walk, twofish_dec_blk, twofish_dec_blk_3way); 124 123 } 125 125 - 126 126 - static struct crypto_alg blk_ecb_alg = { 127 127 - .cra_name = "ecb(twofish)", 128 128 - .cra_driver_name = "ecb-twofish-3way", 129 129 - .cra_priority = 300, 130 130 - .cra_flags = CRYPTO_ALG_TYPE_BLKCIPHER, 131 131 - .cra_blocksize = TF_BLOCK_SIZE, 132 132 - .cra_ctxsize = sizeof(struct twofish_ctx), 133 133 - .cra_alignmask = 0, 134 134 - .cra_type = &crypto_blkcipher_type, 135 135 - .cra_module = THIS_MODULE, 136 136 - .cra_list = LIST_HEAD_INIT(blk_ecb_alg.cra_list), 137 137 - .cra_u = { 138 138 - .blkcipher = { 139 139 - .min_keysize = TF_MIN_KEY_SIZE, 140 140 - .max_keysize = TF_MAX_KEY_SIZE, 141 141 - .setkey = twofish_setkey, 142 142 - .encrypt = ecb_encrypt, 143 143 - .decrypt = ecb_decrypt, 144 144 - }, 145 145 - }, 146 146 - }; 147 124 148 125 static unsigned int __cbc_encrypt(struct blkcipher_desc *desc, 149 126 struct blkcipher_walk *walk) ··· 246 267 return err; 247 268 } 248 269 249 249 - static struct crypto_alg blk_cbc_alg = { 250 250 - .cra_name = "cbc(twofish)", 251 251 - .cra_driver_name = "cbc-twofish-3way", 252 252 - .cra_priority = 300, 253 253 - .cra_flags = CRYPTO_ALG_TYPE_BLKCIPHER, 254 254 - .cra_blocksize = TF_BLOCK_SIZE, 255 255 - .cra_ctxsize = sizeof(struct twofish_ctx), 256 256 - .cra_alignmask = 0, 257 257 - .cra_type = &crypto_blkcipher_type, 258 258 - .cra_module = THIS_MODULE, 259 259 - .cra_list = LIST_HEAD_INIT(blk_cbc_alg.cra_list), 260 260 - .cra_u = { 261 261 - .blkcipher = { 262 262 - .min_keysize = TF_MIN_KEY_SIZE, 263 263 - .max_keysize = TF_MAX_KEY_SIZE, 264 264 - .ivsize = TF_BLOCK_SIZE, 265 265 - .setkey = twofish_setkey, 266 266 - .encrypt = cbc_encrypt, 267 267 - .decrypt = cbc_decrypt, 268 268 - }, 269 269 - }, 270 270 - }; 271 271 - 272 270 static inline void u128_to_be128(be128 *dst, const u128 *src) 273 271 { 274 272 dst->a = cpu_to_be64(src->a); ··· 367 411 return err; 368 412 } 369 413 370 370 - static struct crypto_alg blk_ctr_alg = { 371 371 - .cra_name = "ctr(twofish)", 372 372 - .cra_driver_name = "ctr-twofish-3way", 373 373 - .cra_priority = 300, 374 374 - .cra_flags = CRYPTO_ALG_TYPE_BLKCIPHER, 375 375 - .cra_blocksize = 1, 376 376 - .cra_ctxsize = sizeof(struct twofish_ctx), 377 377 - .cra_alignmask = 0, 378 378 - .cra_type = &crypto_blkcipher_type, 379 379 - .cra_module = THIS_MODULE, 380 380 - .cra_list = LIST_HEAD_INIT(blk_ctr_alg.cra_list), 381 381 - .cra_u = { 382 382 - .blkcipher = { 383 383 - .min_keysize = TF_MIN_KEY_SIZE, 384 384 - .max_keysize = TF_MAX_KEY_SIZE, 385 385 - .ivsize = TF_BLOCK_SIZE, 386 386 - .setkey = twofish_setkey, 387 387 - .encrypt = ctr_crypt, 388 388 - .decrypt = ctr_crypt, 389 389 - }, 390 390 - }, 391 391 - }; 392 392 - 393 414 static void encrypt_callback(void *priv, u8 *srcdst, unsigned int nbytes) 394 415 { 395 416 const unsigned int bsize = TF_BLOCK_SIZE; ··· 457 524 lrw_free_table(&ctx->lrw_table); 458 525 } 459 526 460 460 - static struct crypto_alg blk_lrw_alg = { 461 461 - .cra_name = "lrw(twofish)", 462 462 - .cra_driver_name = "lrw-twofish-3way", 463 463 - .cra_priority = 300, 464 464 - .cra_flags = CRYPTO_ALG_TYPE_BLKCIPHER, 465 465 - .cra_blocksize = TF_BLOCK_SIZE, 466 466 - .cra_ctxsize = sizeof(struct twofish_lrw_ctx), 467 467 - .cra_alignmask = 0, 468 468 - .cra_type = &crypto_blkcipher_type, 469 469 - .cra_module = THIS_MODULE, 470 470 - .cra_list = LIST_HEAD_INIT(blk_lrw_alg.cra_list), 471 471 - .cra_exit = lrw_exit_tfm, 472 472 - .cra_u = { 473 473 - .blkcipher = { 474 474 - .min_keysize = TF_MIN_KEY_SIZE + TF_BLOCK_SIZE, 475 475 - .max_keysize = TF_MAX_KEY_SIZE + TF_BLOCK_SIZE, 476 476 - .ivsize = TF_BLOCK_SIZE, 477 477 - .setkey = lrw_twofish_setkey, 478 478 - .encrypt = lrw_encrypt, 479 479 - .decrypt = lrw_decrypt, 480 480 - }, 481 481 - }, 482 482 - }; 483 483 - 484 527 struct twofish_xts_ctx { 485 528 struct twofish_ctx tweak_ctx; 486 529 struct twofish_ctx crypt_ctx; ··· 523 614 return xts_crypt(desc, dst, src, nbytes, &req); 524 615 } 525 616 526 526 - static struct crypto_alg blk_xts_alg = { 617 617 + static struct crypto_alg tf_algs[5] = { { 618 618 + .cra_name = "ecb(twofish)", 619 619 + .cra_driver_name = "ecb-twofish-3way", 620 620 + .cra_priority = 300, 621 621 + .cra_flags = CRYPTO_ALG_TYPE_BLKCIPHER, 622 622 + .cra_blocksize = TF_BLOCK_SIZE, 623 623 + .cra_ctxsize = sizeof(struct twofish_ctx), 624 624 + .cra_alignmask = 0, 625 625 + .cra_type = &crypto_blkcipher_type, 626 626 + .cra_module = THIS_MODULE, 627 627 + .cra_list = LIST_HEAD_INIT(tf_algs[0].cra_list), 628 628 + .cra_u = { 629 629 + .blkcipher = { 630 630 + .min_keysize = TF_MIN_KEY_SIZE, 631 631 + .max_keysize = TF_MAX_KEY_SIZE, 632 632 + .setkey = twofish_setkey, 633 633 + .encrypt = ecb_encrypt, 634 634 + .decrypt = ecb_decrypt, 635 635 + }, 636 636 + }, 637 637 + }, { 638 638 + .cra_name = "cbc(twofish)", 639 639 + .cra_driver_name = "cbc-twofish-3way", 640 640 + .cra_priority = 300, 641 641 + .cra_flags = CRYPTO_ALG_TYPE_BLKCIPHER, 642 642 + .cra_blocksize = TF_BLOCK_SIZE, 643 643 + .cra_ctxsize = sizeof(struct twofish_ctx), 644 644 + .cra_alignmask = 0, 645 645 + .cra_type = &crypto_blkcipher_type, 646 646 + .cra_module = THIS_MODULE, 647 647 + .cra_list = LIST_HEAD_INIT(tf_algs[1].cra_list), 648 648 + .cra_u = { 649 649 + .blkcipher = { 650 650 + .min_keysize = TF_MIN_KEY_SIZE, 651 651 + .max_keysize = TF_MAX_KEY_SIZE, 652 652 + .ivsize = TF_BLOCK_SIZE, 653 653 + .setkey = twofish_setkey, 654 654 + .encrypt = cbc_encrypt, 655 655 + .decrypt = cbc_decrypt, 656 656 + }, 657 657 + }, 658 658 + }, { 659 659 + .cra_name = "ctr(twofish)", 660 660 + .cra_driver_name = "ctr-twofish-3way", 661 661 + .cra_priority = 300, 662 662 + .cra_flags = CRYPTO_ALG_TYPE_BLKCIPHER, 663 663 + .cra_blocksize = 1, 664 664 + .cra_ctxsize = sizeof(struct twofish_ctx), 665 665 + .cra_alignmask = 0, 666 666 + .cra_type = &crypto_blkcipher_type, 667 667 + .cra_module = THIS_MODULE, 668 668 + .cra_list = LIST_HEAD_INIT(tf_algs[2].cra_list), 669 669 + .cra_u = { 670 670 + .blkcipher = { 671 671 + .min_keysize = TF_MIN_KEY_SIZE, 672 672 + .max_keysize = TF_MAX_KEY_SIZE, 673 673 + .ivsize = TF_BLOCK_SIZE, 674 674 + .setkey = twofish_setkey, 675 675 + .encrypt = ctr_crypt, 676 676 + .decrypt = ctr_crypt, 677 677 + }, 678 678 + }, 679 679 + }, { 680 680 + .cra_name = "lrw(twofish)", 681 681 + .cra_driver_name = "lrw-twofish-3way", 682 682 + .cra_priority = 300, 683 683 + .cra_flags = CRYPTO_ALG_TYPE_BLKCIPHER, 684 684 + .cra_blocksize = TF_BLOCK_SIZE, 685 685 + .cra_ctxsize = sizeof(struct twofish_lrw_ctx), 686 686 + .cra_alignmask = 0, 687 687 + .cra_type = &crypto_blkcipher_type, 688 688 + .cra_module = THIS_MODULE, 689 689 + .cra_list = LIST_HEAD_INIT(tf_algs[3].cra_list), 690 690 + .cra_exit = lrw_exit_tfm, 691 691 + .cra_u = { 692 692 + .blkcipher = { 693 693 + .min_keysize = TF_MIN_KEY_SIZE + TF_BLOCK_SIZE, 694 694 + .max_keysize = TF_MAX_KEY_SIZE + TF_BLOCK_SIZE, 695 695 + .ivsize = TF_BLOCK_SIZE, 696 696 + .setkey = lrw_twofish_setkey, 697 697 + .encrypt = lrw_encrypt, 698 698 + .decrypt = lrw_decrypt, 699 699 + }, 700 700 + }, 701 701 + }, { 527 702 .cra_name = "xts(twofish)", 528 703 .cra_driver_name = "xts-twofish-3way", 529 704 .cra_priority = 300, ··· 617 624 .cra_alignmask = 0, 618 625 .cra_type = &crypto_blkcipher_type, 619 626 .cra_module = THIS_MODULE, 620 620 - .cra_list = LIST_HEAD_INIT(blk_xts_alg.cra_list), 627 627 + .cra_list = LIST_HEAD_INIT(tf_algs[4].cra_list), 621 628 .cra_u = { 622 629 .blkcipher = { 623 630 .min_keysize = TF_MIN_KEY_SIZE * 2, ··· 628 635 .decrypt = xts_decrypt, 629 636 }, 630 637 }, 631 631 - }; 638 638 + } }; 639 639 + 640 640 + static bool is_blacklisted_cpu(void) 641 641 + { 642 642 + if (boot_cpu_data.x86_vendor != X86_VENDOR_INTEL) 643 643 + return false; 644 644 + 645 645 + if (boot_cpu_data.x86 == 0x06 && 646 646 + (boot_cpu_data.x86_model == 0x1c || 647 647 + boot_cpu_data.x86_model == 0x26 || 648 648 + boot_cpu_data.x86_model == 0x36)) { 649 649 + /* 650 650 + * On Atom, twofish-3way is slower than original assembler 651 651 + * implementation. Twofish-3way trades off some performance in 652 652 + * storing blocks in 64bit registers to allow three blocks to 653 653 + * be processed parallel. Parallel operation then allows gaining 654 654 + * more performance than was trade off, on out-of-order CPUs. 655 655 + * However Atom does not benefit from this parallellism and 656 656 + * should be blacklisted. 657 657 + */ 658 658 + return true; 659 659 + } 660 660 + 661 661 + if (boot_cpu_data.x86 == 0x0f) { 662 662 + /* 663 663 + * On Pentium 4, twofish-3way is slower than original assembler 664 664 + * implementation because excessive uses of 64bit rotate and 665 665 + * left-shifts (which are really slow on P4) needed to store and 666 666 + * handle 128bit block in two 64bit registers. 667 667 + */ 668 668 + return true; 669 669 + } 670 670 + 671 671 + return false; 672 672 + } 673 673 + 674 674 + static int force; 675 675 + module_param(force, int, 0); 676 676 + MODULE_PARM_DESC(force, "Force module load, ignore CPU blacklist"); 632 677 633 678 int __init init(void) 634 679 { 635 635 - int err; 680 680 + if (!force && is_blacklisted_cpu()) { 681 681 + printk(KERN_INFO 682 682 + "twofish-x86_64-3way: performance on this CPU " 683 683 + "would be suboptimal: disabling " 684 684 + "twofish-x86_64-3way.\n"); 685 685 + return -ENODEV; 686 686 + } 636 687 637 637 - err = crypto_register_alg(&blk_ecb_alg); 638 638 - if (err) 639 639 - goto ecb_err; 640 640 - err = crypto_register_alg(&blk_cbc_alg); 641 641 - if (err) 642 642 - goto cbc_err; 643 643 - err = crypto_register_alg(&blk_ctr_alg); 644 644 - if (err) 645 645 - goto ctr_err; 646 646 - err = crypto_register_alg(&blk_lrw_alg); 647 647 - if (err) 648 648 - goto blk_lrw_err; 649 649 - err = crypto_register_alg(&blk_xts_alg); 650 650 - if (err) 651 651 - goto blk_xts_err; 652 652 - 653 653 - return 0; 654 654 - 655 655 - crypto_unregister_alg(&blk_xts_alg); 656 656 - blk_xts_err: 657 657 - crypto_unregister_alg(&blk_lrw_alg); 658 658 - blk_lrw_err: 659 659 - crypto_unregister_alg(&blk_ctr_alg); 660 660 - ctr_err: 661 661 - crypto_unregister_alg(&blk_cbc_alg); 662 662 - cbc_err: 663 663 - crypto_unregister_alg(&blk_ecb_alg); 664 664 - ecb_err: 665 665 - return err; 688 688 + return crypto_register_algs(tf_algs, ARRAY_SIZE(tf_algs)); 666 689 } 667 690 668 691 void __exit fini(void) 669 692 { 670 670 - crypto_unregister_alg(&blk_xts_alg); 671 671 - crypto_unregister_alg(&blk_lrw_alg); 672 672 - crypto_unregister_alg(&blk_ctr_alg); 673 673 - crypto_unregister_alg(&blk_cbc_alg); 674 674 - crypto_unregister_alg(&blk_ecb_alg); 693 693 + crypto_unregister_algs(tf_algs, ARRAY_SIZE(tf_algs)); 675 694 } 676 695 677 696 module_init(init);

+18

crypto/Kconfig

reviewed

··· 654 654 See also: 655 655 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html> 656 656 657 657 + config CRYPTO_CAMELLIA_X86_64 658 658 + tristate "Camellia cipher algorithm (x86_64)" 659 659 + depends on (X86 || UML_X86) && 64BIT 660 660 + depends on CRYPTO 661 661 + select CRYPTO_ALGAPI 662 662 + select CRYPTO_LRW 663 663 + select CRYPTO_XTS 664 664 + help 665 665 + Camellia cipher algorithm module (x86_64). 666 666 + 667 667 + Camellia is a symmetric key block cipher developed jointly 668 668 + at NTT and Mitsubishi Electric Corporation. 669 669 + 670 670 + The Camellia specifies three key sizes: 128, 192 and 256 bits. 671 671 + 672 672 + See also: 673 673 + <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html> 674 674 + 657 675 config CRYPTO_CAST5 658 676 tristate "CAST5 (CAST-128) cipher algorithm" 659 677 select CRYPTO_ALGAPI

+1 -1

crypto/Makefile

reviewed

··· 67 67 obj-$(CONFIG_CRYPTO_TWOFISH_COMMON) += twofish_common.o 68 68 obj-$(CONFIG_CRYPTO_SERPENT) += serpent_generic.o 69 69 obj-$(CONFIG_CRYPTO_AES) += aes_generic.o 70 70 - obj-$(CONFIG_CRYPTO_CAMELLIA) += camellia.o 70 70 + obj-$(CONFIG_CRYPTO_CAMELLIA) += camellia_generic.o 71 71 obj-$(CONFIG_CRYPTO_CAST5) += cast5.o 72 72 obj-$(CONFIG_CRYPTO_CAST6) += cast6.o 73 73 obj-$(CONFIG_CRYPTO_ARC4) += arc4.o

+35

crypto/algapi.c

reviewed

··· 405 405 } 406 406 EXPORT_SYMBOL_GPL(crypto_unregister_alg); 407 407 408 408 + int crypto_register_algs(struct crypto_alg *algs, int count) 409 409 + { 410 410 + int i, ret; 411 411 + 412 412 + for (i = 0; i < count; i++) { 413 413 + ret = crypto_register_alg(&algs[i]); 414 414 + if (ret) 415 415 + goto err; 416 416 + } 417 417 + 418 418 + return 0; 419 419 + 420 420 + err: 421 421 + for (--i; i >= 0; --i) 422 422 + crypto_unregister_alg(&algs[i]); 423 423 + 424 424 + return ret; 425 425 + } 426 426 + EXPORT_SYMBOL_GPL(crypto_register_algs); 427 427 + 428 428 + int crypto_unregister_algs(struct crypto_alg *algs, int count) 429 429 + { 430 430 + int i, ret; 431 431 + 432 432 + for (i = 0; i < count; i++) { 433 433 + ret = crypto_unregister_alg(&algs[i]); 434 434 + if (ret) 435 435 + pr_err("Failed to unregister %s %s: %d\n", 436 436 + algs[i].cra_driver_name, algs[i].cra_name, ret); 437 437 + } 438 438 + 439 439 + return 0; 440 440 + } 441 441 + EXPORT_SYMBOL_GPL(crypto_unregister_algs); 442 442 + 408 443 int crypto_register_template(struct crypto_template *tmpl) 409 444 { 410 445 struct crypto_template *q;

+45 -59

crypto/camellia.c crypto/camellia_generic.c

reviewed

··· 337 337 /* 338 338 * macros 339 339 */ 340 340 - #define ROLDQ(ll, lr, rl, rr, w0, w1, bits) \ 341 341 - do { \ 340 340 + #define ROLDQ(ll, lr, rl, rr, w0, w1, bits) ({ \ 342 341 w0 = ll; \ 343 342 ll = (ll << bits) + (lr >> (32 - bits)); \ 344 343 lr = (lr << bits) + (rl >> (32 - bits)); \ 345 344 rl = (rl << bits) + (rr >> (32 - bits)); \ 346 345 rr = (rr << bits) + (w0 >> (32 - bits)); \ 347 347 - } while (0) 346 346 + }) 348 347 349 349 - #define ROLDQo32(ll, lr, rl, rr, w0, w1, bits) \ 350 350 - do { \ 348 348 + #define ROLDQo32(ll, lr, rl, rr, w0, w1, bits) ({ \ 351 349 w0 = ll; \ 352 350 w1 = lr; \ 353 351 ll = (lr << (bits - 32)) + (rl >> (64 - bits)); \ 354 352 lr = (rl << (bits - 32)) + (rr >> (64 - bits)); \ 355 353 rl = (rr << (bits - 32)) + (w0 >> (64 - bits)); \ 356 354 rr = (w0 << (bits - 32)) + (w1 >> (64 - bits)); \ 357 357 - } while (0) 355 355 + }) 358 356 359 359 - #define CAMELLIA_F(xl, xr, kl, kr, yl, yr, il, ir, t0, t1) \ 360 360 - do { \ 357 357 + #define CAMELLIA_F(xl, xr, kl, kr, yl, yr, il, ir, t0, t1) ({ \ 361 358 il = xl ^ kl; \ 362 359 ir = xr ^ kr; \ 363 360 t0 = il >> 16; \ 364 361 t1 = ir >> 16; \ 365 365 - yl = camellia_sp1110[(u8)(ir )] \ 366 366 - ^ camellia_sp0222[ (t1 >> 8)] \ 367 367 - ^ camellia_sp3033[(u8)(t1 )] \ 362 362 + yl = camellia_sp1110[(u8)(ir)] \ 363 363 + ^ camellia_sp0222[(u8)(t1 >> 8)] \ 364 364 + ^ camellia_sp3033[(u8)(t1)] \ 368 365 ^ camellia_sp4404[(u8)(ir >> 8)]; \ 369 369 - yr = camellia_sp1110[ (t0 >> 8)] \ 370 370 - ^ camellia_sp0222[(u8)(t0 )] \ 366 366 + yr = camellia_sp1110[(u8)(t0 >> 8)] \ 367 367 + ^ camellia_sp0222[(u8)(t0)] \ 371 368 ^ camellia_sp3033[(u8)(il >> 8)] \ 372 372 - ^ camellia_sp4404[(u8)(il )]; \ 369 369 + ^ camellia_sp4404[(u8)(il)]; \ 373 370 yl ^= yr; \ 374 371 yr = ror32(yr, 8); \ 375 372 yr ^= yl; \ 376 376 - } while (0) 373 373 + }) 377 374 378 375 #define SUBKEY_L(INDEX) (subkey[(INDEX)*2]) 379 376 #define SUBKEY_R(INDEX) (subkey[(INDEX)*2 + 1]) ··· 379 382 { 380 383 u32 dw, tl, tr; 381 384 u32 kw4l, kw4r; 382 382 - int i; 383 385 384 386 /* absorb kw2 to other subkeys */ 385 387 /* round 2 */ ··· 553 557 SUBKEY_L(32) = subL[32] ^ subL[31]; /* kw3 */ 554 558 SUBKEY_R(32) = subR[32] ^ subR[31]; 555 559 } 556 556 - 557 557 - /* apply the inverse of the last half of P-function */ 558 558 - i = 2; 559 559 - do { 560 560 - dw = SUBKEY_L(i + 0) ^ SUBKEY_R(i + 0); dw = rol32(dw, 8);/* round 1 */ 561 561 - SUBKEY_R(i + 0) = SUBKEY_L(i + 0) ^ dw; SUBKEY_L(i + 0) = dw; 562 562 - dw = SUBKEY_L(i + 1) ^ SUBKEY_R(i + 1); dw = rol32(dw, 8);/* round 2 */ 563 563 - SUBKEY_R(i + 1) = SUBKEY_L(i + 1) ^ dw; SUBKEY_L(i + 1) = dw; 564 564 - dw = SUBKEY_L(i + 2) ^ SUBKEY_R(i + 2); dw = rol32(dw, 8);/* round 3 */ 565 565 - SUBKEY_R(i + 2) = SUBKEY_L(i + 2) ^ dw; SUBKEY_L(i + 2) = dw; 566 566 - dw = SUBKEY_L(i + 3) ^ SUBKEY_R(i + 3); dw = rol32(dw, 8);/* round 4 */ 567 567 - SUBKEY_R(i + 3) = SUBKEY_L(i + 3) ^ dw; SUBKEY_L(i + 3) = dw; 568 568 - dw = SUBKEY_L(i + 4) ^ SUBKEY_R(i + 4); dw = rol32(dw, 8);/* round 5 */ 569 569 - SUBKEY_R(i + 4) = SUBKEY_L(i + 4) ^ dw; SUBKEY_L(i + 4) = dw; 570 570 - dw = SUBKEY_L(i + 5) ^ SUBKEY_R(i + 5); dw = rol32(dw, 8);/* round 6 */ 571 571 - SUBKEY_R(i + 5) = SUBKEY_L(i + 5) ^ dw; SUBKEY_L(i + 5) = dw; 572 572 - i += 8; 573 573 - } while (i < max); 574 560 } 575 561 576 562 static void camellia_setup128(const unsigned char *key, u32 *subkey) ··· 829 851 /* 830 852 * Encrypt/decrypt 831 853 */ 832 832 - #define CAMELLIA_FLS(ll, lr, rl, rr, kll, klr, krl, krr, t0, t1, t2, t3) \ 833 833 - do { \ 854 854 + #define CAMELLIA_FLS(ll, lr, rl, rr, kll, klr, krl, krr, t0, t1, t2, t3) ({ \ 834 855 t0 = kll; \ 835 856 t2 = krr; \ 836 857 t0 &= ll; \ ··· 842 865 t1 |= lr; \ 843 866 ll ^= t1; \ 844 867 rr ^= rol32(t3, 1); \ 845 845 - } while (0) 868 868 + }) 846 869 847 847 - #define CAMELLIA_ROUNDSM(xl, xr, kl, kr, yl, yr, il, ir) \ 848 848 - do { \ 870 870 + #define CAMELLIA_ROUNDSM(xl, xr, kl, kr, yl, yr, il, ir) ({ \ 871 871 + yl ^= kl; \ 872 872 + yr ^= kr; \ 849 873 ir = camellia_sp1110[(u8)xr]; \ 850 850 - il = camellia_sp1110[ (xl >> 24)]; \ 851 851 - ir ^= camellia_sp0222[ (xr >> 24)]; \ 874 874 + il = camellia_sp1110[(u8)(xl >> 24)]; \ 875 875 + ir ^= camellia_sp0222[(u8)(xr >> 24)]; \ 852 876 il ^= camellia_sp0222[(u8)(xl >> 16)]; \ 853 877 ir ^= camellia_sp3033[(u8)(xr >> 16)]; \ 854 878 il ^= camellia_sp3033[(u8)(xl >> 8)]; \ 855 879 ir ^= camellia_sp4404[(u8)(xr >> 8)]; \ 856 880 il ^= camellia_sp4404[(u8)xl]; \ 857 857 - il ^= kl; \ 858 858 - ir ^= il ^ kr; \ 881 881 + ir ^= il; \ 859 882 yl ^= ir; \ 860 860 - yr ^= ror32(il, 8) ^ ir; \ 861 861 - } while (0) 883 883 + yr ^= ror32(il, 8) ^ ir; \ 884 884 + }) 862 885 863 886 /* max = 24: 128bit encrypt, max = 32: 256bit encrypt */ 864 887 static void camellia_do_encrypt(const u32 *subkey, u32 *io, unsigned max) ··· 870 893 io[1] ^= SUBKEY_R(0); 871 894 872 895 /* main iteration */ 873 873 - #define ROUNDS(i) do { \ 896 896 + #define ROUNDS(i) ({ \ 874 897 CAMELLIA_ROUNDSM(io[0], io[1], \ 875 898 SUBKEY_L(i + 2), SUBKEY_R(i + 2), \ 876 899 io[2], io[3], il, ir); \ ··· 889 912 CAMELLIA_ROUNDSM(io[2], io[3], \ 890 913 SUBKEY_L(i + 7), SUBKEY_R(i + 7), \ 891 914 io[0], io[1], il, ir); \ 892 892 - } while (0) 893 893 - #define FLS(i) do { \ 915 915 + }) 916 916 + #define FLS(i) ({ \ 894 917 CAMELLIA_FLS(io[0], io[1], io[2], io[3], \ 895 918 SUBKEY_L(i + 0), SUBKEY_R(i + 0), \ 896 919 SUBKEY_L(i + 1), SUBKEY_R(i + 1), \ 897 920 t0, t1, il, ir); \ 898 898 - } while (0) 921 921 + }) 899 922 900 923 ROUNDS(0); 901 924 FLS(8); ··· 925 948 io[1] ^= SUBKEY_R(i); 926 949 927 950 /* main iteration */ 928 928 - #define ROUNDS(i) do { \ 951 951 + #define ROUNDS(i) ({ \ 929 952 CAMELLIA_ROUNDSM(io[0], io[1], \ 930 953 SUBKEY_L(i + 7), SUBKEY_R(i + 7), \ 931 954 io[2], io[3], il, ir); \ ··· 944 967 CAMELLIA_ROUNDSM(io[2], io[3], \ 945 968 SUBKEY_L(i + 2), SUBKEY_R(i + 2), \ 946 969 io[0], io[1], il, ir); \ 947 947 - } while (0) 948 948 - #define FLS(i) do { \ 970 970 + }) 971 971 + #define FLS(i) ({ \ 949 972 CAMELLIA_FLS(io[0], io[1], io[2], io[3], \ 950 973 SUBKEY_L(i + 1), SUBKEY_R(i + 1), \ 951 974 SUBKEY_L(i + 0), SUBKEY_R(i + 0), \ 952 975 t0, t1, il, ir); \ 953 953 - } while (0) 976 976 + }) 954 977 955 978 if (i == 32) { 956 979 ROUNDS(24); ··· 1012 1035 const struct camellia_ctx *cctx = crypto_tfm_ctx(tfm); 1013 1036 const __be32 *src = (const __be32 *)in; 1014 1037 __be32 *dst = (__be32 *)out; 1038 1038 + unsigned int max; 1015 1039 1016 1040 u32 tmp[4]; 1017 1041 ··· 1021 1043 tmp[2] = be32_to_cpu(src[2]); 1022 1044 tmp[3] = be32_to_cpu(src[3]); 1023 1045 1024 1024 - camellia_do_encrypt(cctx->key_table, tmp, 1025 1025 - cctx->key_length == 16 ? 24 : 32 /* for key lengths of 24 and 32 */ 1026 1026 - ); 1046 1046 + if (cctx->key_length == 16) 1047 1047 + max = 24; 1048 1048 + else 1049 1049 + max = 32; /* for key lengths of 24 and 32 */ 1050 1050 + 1051 1051 + camellia_do_encrypt(cctx->key_table, tmp, max); 1027 1052 1028 1053 /* do_encrypt returns 0,1 swapped with 2,3 */ 1029 1054 dst[0] = cpu_to_be32(tmp[2]); ··· 1040 1059 const struct camellia_ctx *cctx = crypto_tfm_ctx(tfm); 1041 1060 const __be32 *src = (const __be32 *)in; 1042 1061 __be32 *dst = (__be32 *)out; 1062 1062 + unsigned int max; 1043 1063 1044 1064 u32 tmp[4]; 1045 1065 ··· 1049 1067 tmp[2] = be32_to_cpu(src[2]); 1050 1068 tmp[3] = be32_to_cpu(src[3]); 1051 1069 1052 1052 - camellia_do_decrypt(cctx->key_table, tmp, 1053 1053 - cctx->key_length == 16 ? 24 : 32 /* for key lengths of 24 and 32 */ 1054 1054 - ); 1070 1070 + if (cctx->key_length == 16) 1071 1071 + max = 24; 1072 1072 + else 1073 1073 + max = 32; /* for key lengths of 24 and 32 */ 1074 1074 + 1075 1075 + camellia_do_decrypt(cctx->key_table, tmp, max); 1055 1076 1056 1077 /* do_decrypt returns 0,1 swapped with 2,3 */ 1057 1078 dst[0] = cpu_to_be32(tmp[2]); ··· 1099 1114 1100 1115 MODULE_DESCRIPTION("Camellia Cipher Algorithm"); 1101 1116 MODULE_LICENSE("GPL"); 1117 1117 + MODULE_ALIAS("camellia");

+1 -1

crypto/crypto_user.c

reviewed

··· 304 304 static int crypto_add_alg(struct sk_buff *skb, struct nlmsghdr *nlh, 305 305 struct nlattr **attrs) 306 306 { 307 307 - int exact; 307 307 + int exact = 0; 308 308 const char *name; 309 309 struct crypto_alg *alg; 310 310 struct crypto_user_alg *p = nlmsg_data(nlh);

+12

crypto/tcrypt.c

reviewed

··· 1297 1297 speed_template_16_24_32); 1298 1298 test_cipher_speed("cbc(camellia)", DECRYPT, sec, NULL, 0, 1299 1299 speed_template_16_24_32); 1300 1300 + test_cipher_speed("ctr(camellia)", ENCRYPT, sec, NULL, 0, 1301 1301 + speed_template_16_24_32); 1302 1302 + test_cipher_speed("ctr(camellia)", DECRYPT, sec, NULL, 0, 1303 1303 + speed_template_16_24_32); 1304 1304 + test_cipher_speed("lrw(camellia)", ENCRYPT, sec, NULL, 0, 1305 1305 + speed_template_32_40_48); 1306 1306 + test_cipher_speed("lrw(camellia)", DECRYPT, sec, NULL, 0, 1307 1307 + speed_template_32_40_48); 1308 1308 + test_cipher_speed("xts(camellia)", ENCRYPT, sec, NULL, 0, 1309 1309 + speed_template_32_48_64); 1310 1310 + test_cipher_speed("xts(camellia)", DECRYPT, sec, NULL, 0, 1311 1311 + speed_template_32_48_64); 1300 1312 break; 1301 1313 1302 1314 case 206:

+45

crypto/testmgr.c

reviewed

··· 1846 1846 } 1847 1847 } 1848 1848 }, { 1849 1849 + .alg = "ctr(camellia)", 1850 1850 + .test = alg_test_skcipher, 1851 1851 + .suite = { 1852 1852 + .cipher = { 1853 1853 + .enc = { 1854 1854 + .vecs = camellia_ctr_enc_tv_template, 1855 1855 + .count = CAMELLIA_CTR_ENC_TEST_VECTORS 1856 1856 + }, 1857 1857 + .dec = { 1858 1858 + .vecs = camellia_ctr_dec_tv_template, 1859 1859 + .count = CAMELLIA_CTR_DEC_TEST_VECTORS 1860 1860 + } 1861 1861 + } 1862 1862 + } 1863 1863 + }, { 1849 1864 .alg = "ctr(serpent)", 1850 1865 .test = alg_test_skcipher, 1851 1866 .suite = { ··· 2312 2297 } 2313 2298 } 2314 2299 }, { 2300 2300 + .alg = "lrw(camellia)", 2301 2301 + .test = alg_test_skcipher, 2302 2302 + .suite = { 2303 2303 + .cipher = { 2304 2304 + .enc = { 2305 2305 + .vecs = camellia_lrw_enc_tv_template, 2306 2306 + .count = CAMELLIA_LRW_ENC_TEST_VECTORS 2307 2307 + }, 2308 2308 + .dec = { 2309 2309 + .vecs = camellia_lrw_dec_tv_template, 2310 2310 + .count = CAMELLIA_LRW_DEC_TEST_VECTORS 2311 2311 + } 2312 2312 + } 2313 2313 + } 2314 2314 + }, { 2315 2315 .alg = "lrw(serpent)", 2316 2316 .test = alg_test_skcipher, 2317 2317 .suite = { ··· 2660 2630 .dec = { 2661 2631 .vecs = aes_xts_dec_tv_template, 2662 2632 .count = AES_XTS_DEC_TEST_VECTORS 2633 2633 + } 2634 2634 + } 2635 2635 + } 2636 2636 + }, { 2637 2637 + .alg = "xts(camellia)", 2638 2638 + .test = alg_test_skcipher, 2639 2639 + .suite = { 2640 2640 + .cipher = { 2641 2641 + .enc = { 2642 2642 + .vecs = camellia_xts_enc_tv_template, 2643 2643 + .count = CAMELLIA_XTS_ENC_TEST_VECTORS 2644 2644 + }, 2645 2645 + .dec = { 2646 2646 + .vecs = camellia_xts_dec_tv_template, 2647 2647 + .count = CAMELLIA_XTS_DEC_TEST_VECTORS 2663 2648 } 2664 2649 } 2665 2650 }

+1379 -4

crypto/testmgr.h

reviewed

··· 11332 11332 /* 11333 11333 * CAMELLIA test vectors. 11334 11334 */ 11335 11335 - #define CAMELLIA_ENC_TEST_VECTORS 3 11336 11336 - #define CAMELLIA_DEC_TEST_VECTORS 3 11337 11337 - #define CAMELLIA_CBC_ENC_TEST_VECTORS 2 11338 11338 - #define CAMELLIA_CBC_DEC_TEST_VECTORS 2 11335 11335 + #define CAMELLIA_ENC_TEST_VECTORS 4 11336 11336 + #define CAMELLIA_DEC_TEST_VECTORS 4 11337 11337 + #define CAMELLIA_CBC_ENC_TEST_VECTORS 3 11338 11338 + #define CAMELLIA_CBC_DEC_TEST_VECTORS 3 11339 11339 + #define CAMELLIA_CTR_ENC_TEST_VECTORS 2 11340 11340 + #define CAMELLIA_CTR_DEC_TEST_VECTORS 2 11341 11341 + #define CAMELLIA_LRW_ENC_TEST_VECTORS 8 11342 11342 + #define CAMELLIA_LRW_DEC_TEST_VECTORS 8 11343 11343 + #define CAMELLIA_XTS_ENC_TEST_VECTORS 5 11344 11344 + #define CAMELLIA_XTS_DEC_TEST_VECTORS 5 11339 11345 11340 11346 static struct cipher_testvec camellia_enc_tv_template[] = { 11341 11347 { ··· 11377 11371 .result = "\x9a\xcc\x23\x7d\xff\x16\xd7\x6c" 11378 11372 "\x20\xef\x7c\x91\x9e\x3a\x75\x09", 11379 11373 .rlen = 16, 11374 11374 + }, 11375 11375 + { /* Generated with Crypto++ */ 11376 11376 + .key = "\x3F\x85\x62\x3F\x1C\xF9\xD6\x1C" 11377 11377 + "\xF9\xD6\xB3\x90\x6D\x4A\x90\x6D" 11378 11378 + "\x4A\x27\x04\xE1\x27\x04\xE1\xBE" 11379 11379 + "\x9B\x78\xBE\x9B\x78\x55\x32\x0F", 11380 11380 + .klen = 32, 11381 11381 + .input = "\x56\xED\x84\x1B\x8F\x26\xBD\x31" 11382 11382 + "\xC8\x5F\xF6\x6A\x01\x98\x0C\xA3" 11383 11383 + "\x3A\xD1\x45\xDC\x73\x0A\x7E\x15" 11384 11384 + "\xAC\x20\xB7\x4E\xE5\x59\xF0\x87" 11385 11385 + "\x1E\x92\x29\xC0\x34\xCB\x62\xF9" 11386 11386 + "\x6D\x04\x9B\x0F\xA6\x3D\xD4\x48", 11387 11387 + .ilen = 48, 11388 11388 + .result = "\xED\xCD\xDB\xB8\x68\xCE\xBD\xEA" 11389 11389 + "\x9D\x9D\xCD\x9F\x4F\xFC\x4D\xB7" 11390 11390 + "\xA5\xFF\x6F\x43\x0F\xBA\x32\x04" 11391 11391 + "\xB3\xC2\xB9\x03\xAA\x91\x56\x29" 11392 11392 + "\x0D\xD0\xFD\xC4\x65\xA5\x69\xB9" 11393 11393 + "\xF1\xF6\xB1\xA5\xB2\x75\x4F\x8A", 11394 11394 + .rlen = 48, 11380 11395 }, 11381 11396 }; 11382 11397 ··· 11436 11409 "\xfe\xdc\xba\x98\x76\x54\x32\x10", 11437 11410 .rlen = 16, 11438 11411 }, 11412 11412 + { /* Generated with Crypto++ */ 11413 11413 + .key = "\x3F\x85\x62\x3F\x1C\xF9\xD6\x1C" 11414 11414 + "\xF9\xD6\xB3\x90\x6D\x4A\x90\x6D" 11415 11415 + "\x4A\x27\x04\xE1\x27\x04\xE1\xBE" 11416 11416 + "\x9B\x78\xBE\x9B\x78\x55\x32\x0F", 11417 11417 + .klen = 32, 11418 11418 + .input = "\xED\xCD\xDB\xB8\x68\xCE\xBD\xEA" 11419 11419 + "\x9D\x9D\xCD\x9F\x4F\xFC\x4D\xB7" 11420 11420 + "\xA5\xFF\x6F\x43\x0F\xBA\x32\x04" 11421 11421 + "\xB3\xC2\xB9\x03\xAA\x91\x56\x29" 11422 11422 + "\x0D\xD0\xFD\xC4\x65\xA5\x69\xB9" 11423 11423 + "\xF1\xF6\xB1\xA5\xB2\x75\x4F\x8A", 11424 11424 + .ilen = 48, 11425 11425 + .result = "\x56\xED\x84\x1B\x8F\x26\xBD\x31" 11426 11426 + "\xC8\x5F\xF6\x6A\x01\x98\x0C\xA3" 11427 11427 + "\x3A\xD1\x45\xDC\x73\x0A\x7E\x15" 11428 11428 + "\xAC\x20\xB7\x4E\xE5\x59\xF0\x87" 11429 11429 + "\x1E\x92\x29\xC0\x34\xCB\x62\xF9" 11430 11430 + "\x6D\x04\x9B\x0F\xA6\x3D\xD4\x48", 11431 11431 + .rlen = 48, 11432 11432 + }, 11439 11433 }; 11440 11434 11441 11435 static struct cipher_testvec camellia_cbc_enc_tv_template[] = { ··· 11488 11440 "\x15\x78\xe0\x5e\xf2\xcb\x87\x16", 11489 11441 .rlen = 32, 11490 11442 }, 11443 11443 + { /* Generated with Crypto++ */ 11444 11444 + .key = "\x85\x62\x3F\x1C\xF9\xD6\x1C\xF9" 11445 11445 + "\xD6\xB3\x90\x6D\x4A\x90\x6D\x4A" 11446 11446 + "\x27\x04\xE1\x27\x04\xE1\xBE\x9B" 11447 11447 + "\x78\xBE\x9B\x78\x55\x32\x0F\x55", 11448 11448 + .klen = 32, 11449 11449 + .iv = "\xE2\x24\x89\xEE\x53\xB8\x1D\x5F" 11450 11450 + "\xC4\x29\x8E\xF3\x35\x9A\xFF\x64", 11451 11451 + .input = "\x56\xED\x84\x1B\x8F\x26\xBD\x31" 11452 11452 + "\xC8\x5F\xF6\x6A\x01\x98\x0C\xA3" 11453 11453 + "\x3A\xD1\x45\xDC\x73\x0A\x7E\x15" 11454 11454 + "\xAC\x20\xB7\x4E\xE5\x59\xF0\x87" 11455 11455 + "\x1E\x92\x29\xC0\x34\xCB\x62\xF9" 11456 11456 + "\x6D\x04\x9B\x0F\xA6\x3D\xD4\x48", 11457 11457 + .ilen = 48, 11458 11458 + .result = "\xCD\x3E\x2A\x3B\x3E\x94\xC5\x77" 11459 11459 + "\xBA\xBB\x5B\xB1\xDE\x7B\xA4\x40" 11460 11460 + "\x88\x39\xE3\xFD\x94\x4B\x25\x58" 11461 11461 + "\xE1\x4B\xC4\x18\x7A\xFD\x17\x2B" 11462 11462 + "\xB9\xF9\xC2\x27\x6A\xB6\x31\x27" 11463 11463 + "\xA6\xAD\xEF\xE5\x5D\xE4\x02\x01", 11464 11464 + .rlen = 48, 11465 11465 + }, 11491 11466 }; 11492 11467 11493 11468 static struct cipher_testvec camellia_cbc_dec_tv_template[] = { ··· 11541 11470 "\x10\x11\x12\x13\x14\x15\x16\x17" 11542 11471 "\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f", 11543 11472 .rlen = 32, 11473 11473 + }, 11474 11474 + { /* Generated with Crypto++ */ 11475 11475 + .key = "\x85\x62\x3F\x1C\xF9\xD6\x1C\xF9" 11476 11476 + "\xD6\xB3\x90\x6D\x4A\x90\x6D\x4A" 11477 11477 + "\x27\x04\xE1\x27\x04\xE1\xBE\x9B" 11478 11478 + "\x78\xBE\x9B\x78\x55\x32\x0F\x55", 11479 11479 + .klen = 32, 11480 11480 + .iv = "\xE2\x24\x89\xEE\x53\xB8\x1D\x5F" 11481 11481 + "\xC4\x29\x8E\xF3\x35\x9A\xFF\x64", 11482 11482 + .input = "\xCD\x3E\x2A\x3B\x3E\x94\xC5\x77" 11483 11483 + "\xBA\xBB\x5B\xB1\xDE\x7B\xA4\x40" 11484 11484 + "\x88\x39\xE3\xFD\x94\x4B\x25\x58" 11485 11485 + "\xE1\x4B\xC4\x18\x7A\xFD\x17\x2B" 11486 11486 + "\xB9\xF9\xC2\x27\x6A\xB6\x31\x27" 11487 11487 + "\xA6\xAD\xEF\xE5\x5D\xE4\x02\x01", 11488 11488 + .ilen = 48, 11489 11489 + .result = "\x56\xED\x84\x1B\x8F\x26\xBD\x31" 11490 11490 + "\xC8\x5F\xF6\x6A\x01\x98\x0C\xA3" 11491 11491 + "\x3A\xD1\x45\xDC\x73\x0A\x7E\x15" 11492 11492 + "\xAC\x20\xB7\x4E\xE5\x59\xF0\x87" 11493 11493 + "\x1E\x92\x29\xC0\x34\xCB\x62\xF9" 11494 11494 + "\x6D\x04\x9B\x0F\xA6\x3D\xD4\x48", 11495 11495 + .rlen = 48, 11496 11496 + }, 11497 11497 + }; 11498 11498 + 11499 11499 + static struct cipher_testvec camellia_ctr_enc_tv_template[] = { 11500 11500 + { /* Generated with Crypto++ */ 11501 11501 + .key = "\x85\x62\x3F\x1C\xF9\xD6\x1C\xF9" 11502 11502 + "\xD6\xB3\x90\x6D\x4A\x90\x6D\x4A" 11503 11503 + "\x27\x04\xE1\x27\x04\xE1\xBE\x9B" 11504 11504 + "\x78\xBE\x9B\x78\x55\x32\x0F\x55", 11505 11505 + .klen = 32, 11506 11506 + .iv = "\xE2\x24\x89\xEE\x53\xB8\x1D\x5F" 11507 11507 + "\xC4\x29\x8E\xF3\x35\x9A\xFF\x64", 11508 11508 + .input = "\x56\xED\x84\x1B\x8F\x26\xBD\x31" 11509 11509 + "\xC8\x5F\xF6\x6A\x01\x98\x0C\xA3" 11510 11510 + "\x3A\xD1\x45\xDC\x73\x0A\x7E\x15" 11511 11511 + "\xAC\x20\xB7\x4E\xE5\x59\xF0\x87" 11512 11512 + "\x1E\x92\x29\xC0\x34\xCB\x62\xF9" 11513 11513 + "\x6D\x04\x9B\x0F\xA6\x3D\xD4\x48", 11514 11514 + .ilen = 48, 11515 11515 + .result = "\xF3\x06\x3A\x84\xCD\xBA\x8E\x11" 11516 11516 + "\xB7\x74\x6F\x5C\x97\xFB\x36\xFE" 11517 11517 + "\xDE\x71\x58\xD4\x15\xD1\xC1\xA4" 11518 11518 + "\xC9\x28\x74\xA6\x6B\xC7\x95\xA6" 11519 11519 + "\x6C\x77\xF7\x2F\xDF\xC7\xBB\x85" 11520 11520 + "\x60\xFC\xE8\x94\xE8\xB5\x09\x2C", 11521 11521 + .rlen = 48, 11522 11522 + }, 11523 11523 + { /* Generated with Crypto++ */ 11524 11524 + .key = "\x85\x62\x3F\x1C\xF9\xD6\x1C\xF9" 11525 11525 + "\xD6\xB3\x90\x6D\x4A\x90\x6D\x4A" 11526 11526 + "\x27\x04\xE1\x27\x04\xE1\xBE\x9B" 11527 11527 + "\x78\xBE\x9B\x78\x55\x32\x0F\x55", 11528 11528 + .klen = 32, 11529 11529 + .iv = "\xE2\x24\x89\xEE\x53\xB8\x1D\x5F" 11530 11530 + "\xC4\x29\x8E\xF3\x35\x9A\xFF\x64", 11531 11531 + .input = "\x56\xED\x84\x1B\x8F\x26\xBD\x31" 11532 11532 + "\xC8\x5F\xF6\x6A\x01\x98\x0C\xA3" 11533 11533 + "\x3A\xD1\x45\xDC\x73\x0A\x7E\x15" 11534 11534 + "\xAC\x20\xB7\x4E\xE5\x59\xF0\x87" 11535 11535 + "\x1E\x92\x29\xC0\x34\xCB\x62\xF9" 11536 11536 + "\x6D\x04\x9B\x0F\xA6\x3D\xD4\x48" 11537 11537 + "\xDF\x76\x0D", 11538 11538 + .ilen = 51, 11539 11539 + .result = "\xF3\x06\x3A\x84\xCD\xBA\x8E\x11" 11540 11540 + "\xB7\x74\x6F\x5C\x97\xFB\x36\xFE" 11541 11541 + "\xDE\x71\x58\xD4\x15\xD1\xC1\xA4" 11542 11542 + "\xC9\x28\x74\xA6\x6B\xC7\x95\xA6" 11543 11543 + "\x6C\x77\xF7\x2F\xDF\xC7\xBB\x85" 11544 11544 + "\x60\xFC\xE8\x94\xE8\xB5\x09\x2C" 11545 11545 + "\x1E\x43\xEF", 11546 11546 + .rlen = 51, 11547 11547 + }, 11548 11548 + }; 11549 11549 + 11550 11550 + static struct cipher_testvec camellia_ctr_dec_tv_template[] = { 11551 11551 + { /* Generated with Crypto++ */ 11552 11552 + .key = "\x85\x62\x3F\x1C\xF9\xD6\x1C\xF9" 11553 11553 + "\xD6\xB3\x90\x6D\x4A\x90\x6D\x4A" 11554 11554 + "\x27\x04\xE1\x27\x04\xE1\xBE\x9B" 11555 11555 + "\x78\xBE\x9B\x78\x55\x32\x0F\x55", 11556 11556 + .klen = 32, 11557 11557 + .iv = "\xE2\x24\x89\xEE\x53\xB8\x1D\x5F" 11558 11558 + "\xC4\x29\x8E\xF3\x35\x9A\xFF\x64", 11559 11559 + .input = "\xF3\x06\x3A\x84\xCD\xBA\x8E\x11" 11560 11560 + "\xB7\x74\x6F\x5C\x97\xFB\x36\xFE" 11561 11561 + "\xDE\x71\x58\xD4\x15\xD1\xC1\xA4" 11562 11562 + "\xC9\x28\x74\xA6\x6B\xC7\x95\xA6" 11563 11563 + "\x6C\x77\xF7\x2F\xDF\xC7\xBB\x85" 11564 11564 + "\x60\xFC\xE8\x94\xE8\xB5\x09\x2C", 11565 11565 + .ilen = 48, 11566 11566 + .result = "\x56\xED\x84\x1B\x8F\x26\xBD\x31" 11567 11567 + "\xC8\x5F\xF6\x6A\x01\x98\x0C\xA3" 11568 11568 + "\x3A\xD1\x45\xDC\x73\x0A\x7E\x15" 11569 11569 + "\xAC\x20\xB7\x4E\xE5\x59\xF0\x87" 11570 11570 + "\x1E\x92\x29\xC0\x34\xCB\x62\xF9" 11571 11571 + "\x6D\x04\x9B\x0F\xA6\x3D\xD4\x48", 11572 11572 + .rlen = 48, 11573 11573 + }, 11574 11574 + { /* Generated with Crypto++ */ 11575 11575 + .key = "\x85\x62\x3F\x1C\xF9\xD6\x1C\xF9" 11576 11576 + "\xD6\xB3\x90\x6D\x4A\x90\x6D\x4A" 11577 11577 + "\x27\x04\xE1\x27\x04\xE1\xBE\x9B" 11578 11578 + "\x78\xBE\x9B\x78\x55\x32\x0F\x55", 11579 11579 + .klen = 32, 11580 11580 + .iv = "\xE2\x24\x89\xEE\x53\xB8\x1D\x5F" 11581 11581 + "\xC4\x29\x8E\xF3\x35\x9A\xFF\x64", 11582 11582 + .input = "\xF3\x06\x3A\x84\xCD\xBA\x8E\x11" 11583 11583 + "\xB7\x74\x6F\x5C\x97\xFB\x36\xFE" 11584 11584 + "\xDE\x71\x58\xD4\x15\xD1\xC1\xA4" 11585 11585 + "\xC9\x28\x74\xA6\x6B\xC7\x95\xA6" 11586 11586 + "\x6C\x77\xF7\x2F\xDF\xC7\xBB\x85" 11587 11587 + "\x60\xFC\xE8\x94\xE8\xB5\x09\x2C" 11588 11588 + "\x1E\x43\xEF", 11589 11589 + .ilen = 51, 11590 11590 + .result = "\x56\xED\x84\x1B\x8F\x26\xBD\x31" 11591 11591 + "\xC8\x5F\xF6\x6A\x01\x98\x0C\xA3" 11592 11592 + "\x3A\xD1\x45\xDC\x73\x0A\x7E\x15" 11593 11593 + "\xAC\x20\xB7\x4E\xE5\x59\xF0\x87" 11594 11594 + "\x1E\x92\x29\xC0\x34\xCB\x62\xF9" 11595 11595 + "\x6D\x04\x9B\x0F\xA6\x3D\xD4\x48" 11596 11596 + "\xDF\x76\x0D", 11597 11597 + .rlen = 51, 11598 11598 + }, 11599 11599 + 11600 11600 + }; 11601 11601 + 11602 11602 + static struct cipher_testvec camellia_lrw_enc_tv_template[] = { 11603 11603 + /* Generated from AES-LRW test vectors */ 11604 11604 + { 11605 11605 + .key = "\x45\x62\xac\x25\xf8\x28\x17\x6d" 11606 11606 + "\x4c\x26\x84\x14\xb5\x68\x01\x85" 11607 11607 + "\x25\x8e\x2a\x05\xe7\x3e\x9d\x03" 11608 11608 + "\xee\x5a\x83\x0c\xcc\x09\x4c\x87", 11609 11609 + .klen = 32, 11610 11610 + .iv = "\x00\x00\x00\x00\x00\x00\x00\x00" 11611 11611 + "\x00\x00\x00\x00\x00\x00\x00\x01", 11612 11612 + .input = "\x30\x31\x32\x33\x34\x35\x36\x37" 11613 11613 + "\x38\x39\x41\x42\x43\x44\x45\x46", 11614 11614 + .ilen = 16, 11615 11615 + .result = "\x92\x68\x19\xd7\xb7\x5b\x0a\x31" 11616 11616 + "\x97\xcc\x72\xbe\x99\x17\xeb\x3e", 11617 11617 + .rlen = 16, 11618 11618 + }, { 11619 11619 + .key = "\x59\x70\x47\x14\xf5\x57\x47\x8c" 11620 11620 + "\xd7\x79\xe8\x0f\x54\x88\x79\x44" 11621 11621 + "\x0d\x48\xf0\xb7\xb1\x5a\x53\xea" 11622 11622 + "\x1c\xaa\x6b\x29\xc2\xca\xfb\xaf", 11623 11623 + .klen = 32, 11624 11624 + .iv = "\x00\x00\x00\x00\x00\x00\x00\x00" 11625 11625 + "\x00\x00\x00\x00\x00\x00\x00\x02", 11626 11626 + .input = "\x30\x31\x32\x33\x34\x35\x36\x37" 11627 11627 + "\x38\x39\x41\x42\x43\x44\x45\x46", 11628 11628 + .ilen = 16, 11629 11629 + .result = "\x73\x09\xb7\x50\xb6\x77\x30\x50" 11630 11630 + "\x5c\x8a\x9c\x26\x77\x9d\xfc\x4a", 11631 11631 + .rlen = 16, 11632 11632 + }, { 11633 11633 + .key = "\xd8\x2a\x91\x34\xb2\x6a\x56\x50" 11634 11634 + "\x30\xfe\x69\xe2\x37\x7f\x98\x47" 11635 11635 + "\xcd\xf9\x0b\x16\x0c\x64\x8f\xb6" 11636 11636 + "\xb0\x0d\x0d\x1b\xae\x85\x87\x1f", 11637 11637 + .klen = 32, 11638 11638 + .iv = "\x00\x00\x00\x00\x00\x00\x00\x00" 11639 11639 + "\x00\x00\x00\x02\x00\x00\x00\x00", 11640 11640 + .input = "\x30\x31\x32\x33\x34\x35\x36\x37" 11641 11641 + "\x38\x39\x41\x42\x43\x44\x45\x46", 11642 11642 + .ilen = 16, 11643 11643 + .result = "\x90\xae\x83\xe0\x22\xb9\x60\x91" 11644 11644 + "\xfa\xa9\xb7\x98\xe3\xed\x87\x01", 11645 11645 + .rlen = 16, 11646 11646 + }, { 11647 11647 + .key = "\x0f\x6a\xef\xf8\xd3\xd2\xbb\x15" 11648 11648 + "\x25\x83\xf7\x3c\x1f\x01\x28\x74" 11649 11649 + "\xca\xc6\xbc\x35\x4d\x4a\x65\x54" 11650 11650 + "\x90\xae\x61\xcf\x7b\xae\xbd\xcc" 11651 11651 + "\xad\xe4\x94\xc5\x4a\x29\xae\x70", 11652 11652 + .klen = 40, 11653 11653 + .iv = "\x00\x00\x00\x00\x00\x00\x00\x00" 11654 11654 + "\x00\x00\x00\x00\x00\x00\x00\x01", 11655 11655 + .input = "\x30\x31\x32\x33\x34\x35\x36\x37" 11656 11656 + "\x38\x39\x41\x42\x43\x44\x45\x46", 11657 11657 + .ilen = 16, 11658 11658 + .result = "\x99\xe9\x6e\xd4\xc9\x21\xa5\xf0" 11659 11659 + "\xd8\x83\xef\xd9\x07\x16\x5f\x35", 11660 11660 + .rlen = 16, 11661 11661 + }, { 11662 11662 + .key = "\x8a\xd4\xee\x10\x2f\xbd\x81\xff" 11663 11663 + "\xf8\x86\xce\xac\x93\xc5\xad\xc6" 11664 11664 + "\xa0\x19\x07\xc0\x9d\xf7\xbb\xdd" 11665 11665 + "\x52\x13\xb2\xb7\xf0\xff\x11\xd8" 11666 11666 + "\xd6\x08\xd0\xcd\x2e\xb1\x17\x6f", 11667 11667 + .klen = 40, 11668 11668 + .iv = "\x00\x00\x00\x00\x00\x00\x00\x00" 11669 11669 + "\x00\x00\x00\x02\x00\x00\x00\x00", 11670 11670 + .input = "\x30\x31\x32\x33\x34\x35\x36\x37" 11671 11671 + "\x38\x39\x41\x42\x43\x44\x45\x46", 11672 11672 + .ilen = 16, 11673 11673 + .result = "\x42\x88\xf4\xcb\x21\x11\x6d\x8e" 11674 11674 + "\xde\x1a\xf2\x29\xf1\x4a\xe0\x15", 11675 11675 + .rlen = 16, 11676 11676 + }, { 11677 11677 + .key = "\xf8\xd4\x76\xff\xd6\x46\xee\x6c" 11678 11678 + "\x23\x84\xcb\x1c\x77\xd6\x19\x5d" 11679 11679 + "\xfe\xf1\xa9\xf3\x7b\xbc\x8d\x21" 11680 11680 + "\xa7\x9c\x21\xf8\xcb\x90\x02\x89" 11681 11681 + "\xa8\x45\x34\x8e\xc8\xc5\xb5\xf1" 11682 11682 + "\x26\xf5\x0e\x76\xfe\xfd\x1b\x1e", 11683 11683 + .klen = 48, 11684 11684 + .iv = "\x00\x00\x00\x00\x00\x00\x00\x00" 11685 11685 + "\x00\x00\x00\x00\x00\x00\x00\x01", 11686 11686 + .input = "\x30\x31\x32\x33\x34\x35\x36\x37" 11687 11687 + "\x38\x39\x41\x42\x43\x44\x45\x46", 11688 11688 + .ilen = 16, 11689 11689 + .result = "\x40\xaa\x34\x86\x4a\x8f\x78\xb9" 11690 11690 + "\xdb\xdb\x0f\x3d\x48\x70\xbe\x8d", 11691 11691 + .rlen = 16, 11692 11692 + }, { 11693 11693 + .key = "\xfb\x76\x15\xb2\x3d\x80\x89\x1d" 11694 11694 + "\xd4\x70\x98\x0b\xc7\x95\x84\xc8" 11695 11695 + "\xb2\xfb\x64\xce\x60\x97\x87\x8d" 11696 11696 + "\x17\xfc\xe4\x5a\x49\xe8\x30\xb7" 11697 11697 + "\x6e\x78\x17\xe7\x2d\x5e\x12\xd4" 11698 11698 + "\x60\x64\x04\x7a\xf1\x2f\x9e\x0c", 11699 11699 + .klen = 48, 11700 11700 + .iv = "\x00\x00\x00\x00\x00\x00\x00\x00" 11701 11701 + "\x00\x00\x00\x02\x00\x00\x00\x00", 11702 11702 + .input = "\x30\x31\x32\x33\x34\x35\x36\x37" 11703 11703 + "\x38\x39\x41\x42\x43\x44\x45\x46", 11704 11704 + .ilen = 16, 11705 11705 + .result = "\x04\xab\x28\x37\x31\x7a\x26\xab" 11706 11706 + "\xa1\x70\x1b\x9c\xe7\xdd\x83\xff", 11707 11707 + .rlen = 16, 11708 11708 + }, { 11709 11709 + .key = "\xf8\xd4\x76\xff\xd6\x46\xee\x6c" 11710 11710 + "\x23\x84\xcb\x1c\x77\xd6\x19\x5d" 11711 11711 + "\xfe\xf1\xa9\xf3\x7b\xbc\x8d\x21" 11712 11712 + "\xa7\x9c\x21\xf8\xcb\x90\x02\x89" 11713 11713 + "\xa8\x45\x34\x8e\xc8\xc5\xb5\xf1" 11714 11714 + "\x26\xf5\x0e\x76\xfe\xfd\x1b\x1e", 11715 11715 + .klen = 48, 11716 11716 + .iv = "\x00\x00\x00\x00\x00\x00\x00\x00" 11717 11717 + "\x00\x00\x00\x00\x00\x00\x00\x01", 11718 11718 + .input = "\x05\x11\xb7\x18\xab\xc6\x2d\xac" 11719 11719 + "\x70\x5d\xf6\x22\x94\xcd\xe5\x6c" 11720 11720 + "\x17\x6b\xf6\x1c\xf0\xf3\x6e\xf8" 11721 11721 + "\x50\x38\x1f\x71\x49\xb6\x57\xd6" 11722 11722 + "\x8f\xcb\x8d\x6b\xe3\xa6\x29\x90" 11723 11723 + "\xfe\x2a\x62\x82\xae\x6d\x8b\xf6" 11724 11724 + "\xad\x1e\x9e\x20\x5f\x38\xbe\x04" 11725 11725 + "\xda\x10\x8e\xed\xa2\xa4\x87\xab" 11726 11726 + "\xda\x6b\xb4\x0c\x75\xba\xd3\x7c" 11727 11727 + "\xc9\xac\x42\x31\x95\x7c\xc9\x04" 11728 11728 + "\xeb\xd5\x6e\x32\x69\x8a\xdb\xa6" 11729 11729 + "\x15\xd7\x3f\x4f\x2f\x66\x69\x03" 11730 11730 + "\x9c\x1f\x54\x0f\xde\x1f\xf3\x65" 11731 11731 + "\x4c\x96\x12\xed\x7c\x92\x03\x01" 11732 11732 + "\x6f\xbc\x35\x93\xac\xf1\x27\xf1" 11733 11733 + "\xb4\x96\x82\x5a\x5f\xb0\xa0\x50" 11734 11734 + "\x89\xa4\x8e\x66\x44\x85\xcc\xfd" 11735 11735 + "\x33\x14\x70\xe3\x96\xb2\xc3\xd3" 11736 11736 + "\xbb\x54\x5a\x1a\xf9\x74\xa2\xc5" 11737 11737 + "\x2d\x64\x75\xdd\xb4\x54\xe6\x74" 11738 11738 + "\x8c\xd3\x9d\x9e\x86\xab\x51\x53" 11739 11739 + "\xb7\x93\x3e\x6f\xd0\x4e\x2c\x40" 11740 11740 + "\xf6\xa8\x2e\x3e\x9d\xf4\x66\xa5" 11741 11741 + "\x76\x12\x73\x44\x1a\x56\xd7\x72" 11742 11742 + "\x88\xcd\x21\x8c\x4c\x0f\xfe\xda" 11743 11743 + "\x95\xe0\x3a\xa6\xa5\x84\x46\xcd" 11744 11744 + "\xd5\x3e\x9d\x3a\xe2\x67\xe6\x60" 11745 11745 + "\x1a\xe2\x70\x85\x58\xc2\x1b\x09" 11746 11746 + "\xe1\xd7\x2c\xca\xad\xa8\x8f\xf9" 11747 11747 + "\xac\xb3\x0e\xdb\xca\x2e\xe2\xb8" 11748 11748 + "\x51\x71\xd9\x3c\x6c\xf1\x56\xf8" 11749 11749 + "\xea\x9c\xf1\xfb\x0c\xe6\xb7\x10" 11750 11750 + "\x1c\xf8\xa9\x7c\xe8\x53\x35\xc1" 11751 11751 + "\x90\x3e\x76\x4a\x74\xa4\x21\x2c" 11752 11752 + "\xf6\x2c\x4e\x0f\x94\x3a\x88\x2e" 11753 11753 + "\x41\x09\x6a\x33\x7d\xf6\xdd\x3f" 11754 11754 + "\x8d\x23\x31\x74\x84\xeb\x88\x6e" 11755 11755 + "\xcc\xb9\xbc\x22\x83\x19\x07\x22" 11756 11756 + "\xa5\x2d\xdf\xa5\xf3\x80\x85\x78" 11757 11757 + "\x84\x39\x6a\x6d\x6a\x99\x4f\xa5" 11758 11758 + "\x15\xfe\x46\xb0\xe4\x6c\xa5\x41" 11759 11759 + "\x3c\xce\x8f\x42\x60\x71\xa7\x75" 11760 11760 + "\x08\x40\x65\x8a\x82\xbf\xf5\x43" 11761 11761 + "\x71\x96\xa9\x4d\x44\x8a\x20\xbe" 11762 11762 + "\xfa\x4d\xbb\xc0\x7d\x31\x96\x65" 11763 11763 + "\xe7\x75\xe5\x3e\xfd\x92\x3b\xc9" 11764 11764 + "\x55\xbb\x16\x7e\xf7\xc2\x8c\xa4" 11765 11765 + "\x40\x1d\xe5\xef\x0e\xdf\xe4\x9a" 11766 11766 + "\x62\x73\x65\xfd\x46\x63\x25\x3d" 11767 11767 + "\x2b\xaf\xe5\x64\xfe\xa5\x5c\xcf" 11768 11768 + "\x24\xf3\xb4\xac\x64\xba\xdf\x4b" 11769 11769 + "\xc6\x96\x7d\x81\x2d\x8d\x97\xf7" 11770 11770 + "\xc5\x68\x77\x84\x32\x2b\xcc\x85" 11771 11771 + "\x74\x96\xf0\x12\x77\x61\xb9\xeb" 11772 11772 + "\x71\xaa\x82\xcb\x1c\xdb\x89\xc8" 11773 11773 + "\xc6\xb5\xe3\x5c\x7d\x39\x07\x24" 11774 11774 + "\xda\x39\x87\x45\xc0\x2b\xbb\x01" 11775 11775 + "\xac\xbc\x2a\x5c\x7f\xfc\xe8\xce" 11776 11776 + "\x6d\x9c\x6f\xed\xd3\xc1\xa1\xd6" 11777 11777 + "\xc5\x55\xa9\x66\x2f\xe1\xc8\x32" 11778 11778 + "\xa6\x5d\xa4\x3a\x98\x73\xe8\x45" 11779 11779 + "\xa4\xc7\xa8\xb4\xf6\x13\x03\xf6" 11780 11780 + "\xe9\x2e\xc4\x29\x0f\x84\xdb\xc4" 11781 11781 + "\x21\xc4\xc2\x75\x67\x89\x37\x0a", 11782 11782 + .ilen = 512, 11783 11783 + .result = "\x90\x69\x8e\xf2\x14\x86\x59\xf9" 11784 11784 + "\xec\xe7\xfa\x3f\x48\x9d\x7f\x96" 11785 11785 + "\x67\x76\xac\x2c\xd2\x63\x18\x93" 11786 11786 + "\x13\xf8\xf1\xf6\x71\x77\xb3\xee" 11787 11787 + "\x93\xb2\xcc\xf3\x26\xc1\x16\x4f" 11788 11788 + "\xd4\xe8\x43\xc1\x68\xa3\x3e\x06" 11789 11789 + "\x38\x51\xff\xa8\xb9\xa4\xeb\xb1" 11790 11790 + "\x62\xdd\x78\x81\xea\x1d\xef\x04" 11791 11791 + "\x1d\x07\xc1\x67\xc8\xd6\x77\xa1" 11792 11792 + "\x84\x95\xf4\x9a\xd9\xbc\x2d\xe2" 11793 11793 + "\xf6\x80\xfc\x91\x2a\xbc\x42\xa0" 11794 11794 + "\x40\x41\x69\xaa\x71\xc0\x37\xec" 11795 11795 + "\x39\xf3\xf2\xec\x82\xc3\x88\x79" 11796 11796 + "\xbc\xc3\xaa\xb7\xcf\x6a\x72\x80" 11797 11797 + "\x4c\xf4\x84\x8f\x13\x9e\x94\x5c" 11798 11798 + "\xe5\xb2\x91\xbb\x92\x51\x4d\xf1" 11799 11799 + "\xd6\x0d\x71\x6b\x7a\xc2\x2f\x12" 11800 11800 + "\x6f\x75\xc7\x80\x99\x50\x84\xcf" 11801 11801 + "\xa8\xeb\xd6\xe1\x1c\x59\x81\x7e" 11802 11802 + "\xb9\xb3\xde\x7a\x93\x14\x12\xa2" 11803 11803 + "\xf7\x43\xb3\x9d\x1a\x87\x65\x91" 11804 11804 + "\x42\x08\x40\x82\x06\x1c\x2d\x55" 11805 11805 + "\x6e\x48\xd5\x74\x07\x6e\x9d\x80" 11806 11806 + "\xeb\xb4\x97\xa1\x36\xdf\xfa\x74" 11807 11807 + "\x79\x7f\x5a\x75\xe7\x71\xc8\x8c" 11808 11808 + "\x7e\xf8\x3a\x77\xcd\x32\x05\xf9" 11809 11809 + "\x3d\xd4\xe9\xa2\xbb\xc4\x8b\x83" 11810 11810 + "\x42\x5c\x82\xfa\xe9\x4b\x96\x3b" 11811 11811 + "\x7f\x89\x8b\xf9\xf1\x87\xda\xf0" 11812 11812 + "\x87\xef\x13\x5d\xf0\xe2\xc5\xc1" 11813 11813 + "\xed\x14\xa9\x57\x19\x63\x40\x04" 11814 11814 + "\x24\xeb\x6e\x19\xd1\x3d\x70\x78" 11815 11815 + "\xeb\xda\x55\x70\x2c\x4f\x41\x5b" 11816 11816 + "\x56\x9f\x1a\xd3\xac\xf1\xc0\xc3" 11817 11817 + "\x21\xec\xd7\xd2\x55\x32\x7c\x2e" 11818 11818 + "\x3c\x48\x8e\xb4\x85\x35\x47\xfe" 11819 11819 + "\xe2\x88\x79\x98\x6a\xc9\x8d\xff" 11820 11820 + "\xe9\x89\x6e\xb8\xe2\x97\x00\xbd" 11821 11821 + "\xa4\x8f\xba\xd0\x8c\xcb\x79\x99" 11822 11822 + "\xb3\xb2\xb2\x7a\xc3\xb7\xef\x75" 11823 11823 + "\x23\x52\x76\xc3\x50\x6e\x66\xf8" 11824 11824 + "\xa2\xe2\xce\xba\x40\x21\x3f\xc9" 11825 11825 + "\x0a\x32\x7f\xf7\x08\x8c\x66\xcf" 11826 11826 + "\xd3\xdf\x57\x59\x83\xb8\xe1\x85" 11827 11827 + "\xd6\x8f\xfb\x48\x1f\x3a\xc4\x2f" 11828 11828 + "\xb4\x2d\x58\xab\xd8\x7f\x5e\x3a" 11829 11829 + "\xbc\x62\x3e\xe2\x6a\x52\x0d\x76" 11830 11830 + "\x2f\x1c\x1a\x30\xed\x95\x2a\x44" 11831 11831 + "\x35\xa5\x83\x04\x84\x01\x99\x56" 11832 11832 + "\xb7\xe3\x10\x96\xfa\xdc\x19\xdd" 11833 11833 + "\xe2\x7f\xcb\xa0\x49\x1b\xff\x4c" 11834 11834 + "\x73\xf6\xbb\x94\x00\xe8\xa9\x3d" 11835 11835 + "\xe2\x20\xe9\x3f\xfa\x07\x5d\x77" 11836 11836 + "\x06\xd5\x4f\x4d\x02\xb8\x40\x1b" 11837 11837 + "\x30\xed\x1a\x50\x19\xef\xc4\x2c" 11838 11838 + "\x02\xd9\xc5\xd3\x11\x33\x37\xe5" 11839 11839 + "\x2b\xa3\x95\xa6\xee\xd8\x74\x1d" 11840 11840 + "\x68\xa0\xeb\xbf\xdd\x5e\x99\x96" 11841 11841 + "\x91\xc3\x94\x24\xa5\x12\xa2\x37" 11842 11842 + "\xb3\xac\xcf\x2a\xfd\x55\x34\xfe" 11843 11843 + "\x79\x92\x3e\xe6\x1b\x49\x57\x5d" 11844 11844 + "\x93\x6c\x01\xf7\xcc\x4e\x20\xd1" 11845 11845 + "\xb2\x1a\xd8\x4c\xbd\x1d\x10\xe9" 11846 11846 + "\x5a\xa8\x92\x7f\xba\xe6\x0c\x95", 11847 11847 + .rlen = 512, 11848 11848 + }, 11849 11849 + }; 11850 11850 + 11851 11851 + static struct cipher_testvec camellia_lrw_dec_tv_template[] = { 11852 11852 + /* Generated from AES-LRW test vectors */ 11853 11853 + /* same as enc vectors with input and result reversed */ 11854 11854 + { 11855 11855 + .key = "\x45\x62\xac\x25\xf8\x28\x17\x6d" 11856 11856 + "\x4c\x26\x84\x14\xb5\x68\x01\x85" 11857 11857 + "\x25\x8e\x2a\x05\xe7\x3e\x9d\x03" 11858 11858 + "\xee\x5a\x83\x0c\xcc\x09\x4c\x87", 11859 11859 + .klen = 32, 11860 11860 + .iv = "\x00\x00\x00\x00\x00\x00\x00\x00" 11861 11861 + "\x00\x00\x00\x00\x00\x00\x00\x01", 11862 11862 + .input = "\x92\x68\x19\xd7\xb7\x5b\x0a\x31" 11863 11863 + "\x97\xcc\x72\xbe\x99\x17\xeb\x3e", 11864 11864 + .ilen = 16, 11865 11865 + .result = "\x30\x31\x32\x33\x34\x35\x36\x37" 11866 11866 + "\x38\x39\x41\x42\x43\x44\x45\x46", 11867 11867 + .rlen = 16, 11868 11868 + }, { 11869 11869 + .key = "\x59\x70\x47\x14\xf5\x57\x47\x8c" 11870 11870 + "\xd7\x79\xe8\x0f\x54\x88\x79\x44" 11871 11871 + "\x0d\x48\xf0\xb7\xb1\x5a\x53\xea" 11872 11872 + "\x1c\xaa\x6b\x29\xc2\xca\xfb\xaf", 11873 11873 + .klen = 32, 11874 11874 + .iv = "\x00\x00\x00\x00\x00\x00\x00\x00" 11875 11875 + "\x00\x00\x00\x00\x00\x00\x00\x02", 11876 11876 + .input = "\x73\x09\xb7\x50\xb6\x77\x30\x50" 11877 11877 + "\x5c\x8a\x9c\x26\x77\x9d\xfc\x4a", 11878 11878 + .ilen = 16, 11879 11879 + .result = "\x30\x31\x32\x33\x34\x35\x36\x37" 11880 11880 + "\x38\x39\x41\x42\x43\x44\x45\x46", 11881 11881 + .rlen = 16, 11882 11882 + }, { 11883 11883 + .key = "\xd8\x2a\x91\x34\xb2\x6a\x56\x50" 11884 11884 + "\x30\xfe\x69\xe2\x37\x7f\x98\x47" 11885 11885 + "\xcd\xf9\x0b\x16\x0c\x64\x8f\xb6" 11886 11886 + "\xb0\x0d\x0d\x1b\xae\x85\x87\x1f", 11887 11887 + .klen = 32, 11888 11888 + .iv = "\x00\x00\x00\x00\x00\x00\x00\x00" 11889 11889 + "\x00\x00\x00\x02\x00\x00\x00\x00", 11890 11890 + .input = "\x90\xae\x83\xe0\x22\xb9\x60\x91" 11891 11891 + "\xfa\xa9\xb7\x98\xe3\xed\x87\x01", 11892 11892 + .ilen = 16, 11893 11893 + .result = "\x30\x31\x32\x33\x34\x35\x36\x37" 11894 11894 + "\x38\x39\x41\x42\x43\x44\x45\x46", 11895 11895 + .rlen = 16, 11896 11896 + }, { 11897 11897 + .key = "\x0f\x6a\xef\xf8\xd3\xd2\xbb\x15" 11898 11898 + "\x25\x83\xf7\x3c\x1f\x01\x28\x74" 11899 11899 + "\xca\xc6\xbc\x35\x4d\x4a\x65\x54" 11900 11900 + "\x90\xae\x61\xcf\x7b\xae\xbd\xcc" 11901 11901 + "\xad\xe4\x94\xc5\x4a\x29\xae\x70", 11902 11902 + .klen = 40, 11903 11903 + .iv = "\x00\x00\x00\x00\x00\x00\x00\x00" 11904 11904 + "\x00\x00\x00\x00\x00\x00\x00\x01", 11905 11905 + .input = "\x99\xe9\x6e\xd4\xc9\x21\xa5\xf0" 11906 11906 + "\xd8\x83\xef\xd9\x07\x16\x5f\x35", 11907 11907 + .ilen = 16, 11908 11908 + .result = "\x30\x31\x32\x33\x34\x35\x36\x37" 11909 11909 + "\x38\x39\x41\x42\x43\x44\x45\x46", 11910 11910 + .rlen = 16, 11911 11911 + }, { 11912 11912 + .key = "\x8a\xd4\xee\x10\x2f\xbd\x81\xff" 11913 11913 + "\xf8\x86\xce\xac\x93\xc5\xad\xc6" 11914 11914 + "\xa0\x19\x07\xc0\x9d\xf7\xbb\xdd" 11915 11915 + "\x52\x13\xb2\xb7\xf0\xff\x11\xd8" 11916 11916 + "\xd6\x08\xd0\xcd\x2e\xb1\x17\x6f", 11917 11917 + .klen = 40, 11918 11918 + .iv = "\x00\x00\x00\x00\x00\x00\x00\x00" 11919 11919 + "\x00\x00\x00\x02\x00\x00\x00\x00", 11920 11920 + .input = "\x42\x88\xf4\xcb\x21\x11\x6d\x8e" 11921 11921 + "\xde\x1a\xf2\x29\xf1\x4a\xe0\x15", 11922 11922 + .ilen = 16, 11923 11923 + .result = "\x30\x31\x32\x33\x34\x35\x36\x37" 11924 11924 + "\x38\x39\x41\x42\x43\x44\x45\x46", 11925 11925 + .rlen = 16, 11926 11926 + }, { 11927 11927 + .key = "\xf8\xd4\x76\xff\xd6\x46\xee\x6c" 11928 11928 + "\x23\x84\xcb\x1c\x77\xd6\x19\x5d" 11929 11929 + "\xfe\xf1\xa9\xf3\x7b\xbc\x8d\x21" 11930 11930 + "\xa7\x9c\x21\xf8\xcb\x90\x02\x89" 11931 11931 + "\xa8\x45\x34\x8e\xc8\xc5\xb5\xf1" 11932 11932 + "\x26\xf5\x0e\x76\xfe\xfd\x1b\x1e", 11933 11933 + .klen = 48, 11934 11934 + .iv = "\x00\x00\x00\x00\x00\x00\x00\x00" 11935 11935 + "\x00\x00\x00\x00\x00\x00\x00\x01", 11936 11936 + .input = "\x40\xaa\x34\x86\x4a\x8f\x78\xb9" 11937 11937 + "\xdb\xdb\x0f\x3d\x48\x70\xbe\x8d", 11938 11938 + .ilen = 16, 11939 11939 + .result = "\x30\x31\x32\x33\x34\x35\x36\x37" 11940 11940 + "\x38\x39\x41\x42\x43\x44\x45\x46", 11941 11941 + .rlen = 16, 11942 11942 + }, { 11943 11943 + .key = "\xfb\x76\x15\xb2\x3d\x80\x89\x1d" 11944 11944 + "\xd4\x70\x98\x0b\xc7\x95\x84\xc8" 11945 11945 + "\xb2\xfb\x64\xce\x60\x97\x87\x8d" 11946 11946 + "\x17\xfc\xe4\x5a\x49\xe8\x30\xb7" 11947 11947 + "\x6e\x78\x17\xe7\x2d\x5e\x12\xd4" 11948 11948 + "\x60\x64\x04\x7a\xf1\x2f\x9e\x0c", 11949 11949 + .klen = 48, 11950 11950 + .iv = "\x00\x00\x00\x00\x00\x00\x00\x00" 11951 11951 + "\x00\x00\x00\x02\x00\x00\x00\x00", 11952 11952 + .input = "\x04\xab\x28\x37\x31\x7a\x26\xab" 11953 11953 + "\xa1\x70\x1b\x9c\xe7\xdd\x83\xff", 11954 11954 + .ilen = 16, 11955 11955 + .result = "\x30\x31\x32\x33\x34\x35\x36\x37" 11956 11956 + "\x38\x39\x41\x42\x43\x44\x45\x46", 11957 11957 + .rlen = 16, 11958 11958 + }, { 11959 11959 + .key = "\xf8\xd4\x76\xff\xd6\x46\xee\x6c" 11960 11960 + "\x23\x84\xcb\x1c\x77\xd6\x19\x5d" 11961 11961 + "\xfe\xf1\xa9\xf3\x7b\xbc\x8d\x21" 11962 11962 + "\xa7\x9c\x21\xf8\xcb\x90\x02\x89" 11963 11963 + "\xa8\x45\x34\x8e\xc8\xc5\xb5\xf1" 11964 11964 + "\x26\xf5\x0e\x76\xfe\xfd\x1b\x1e", 11965 11965 + .klen = 48, 11966 11966 + .iv = "\x00\x00\x00\x00\x00\x00\x00\x00" 11967 11967 + "\x00\x00\x00\x00\x00\x00\x00\x01", 11968 11968 + .input = "\x90\x69\x8e\xf2\x14\x86\x59\xf9" 11969 11969 + "\xec\xe7\xfa\x3f\x48\x9d\x7f\x96" 11970 11970 + "\x67\x76\xac\x2c\xd2\x63\x18\x93" 11971 11971 + "\x13\xf8\xf1\xf6\x71\x77\xb3\xee" 11972 11972 + "\x93\xb2\xcc\xf3\x26\xc1\x16\x4f" 11973 11973 + "\xd4\xe8\x43\xc1\x68\xa3\x3e\x06" 11974 11974 + "\x38\x51\xff\xa8\xb9\xa4\xeb\xb1" 11975 11975 + "\x62\xdd\x78\x81\xea\x1d\xef\x04" 11976 11976 + "\x1d\x07\xc1\x67\xc8\xd6\x77\xa1" 11977 11977 + "\x84\x95\xf4\x9a\xd9\xbc\x2d\xe2" 11978 11978 + "\xf6\x80\xfc\x91\x2a\xbc\x42\xa0" 11979 11979 + "\x40\x41\x69\xaa\x71\xc0\x37\xec" 11980 11980 + "\x39\xf3\xf2\xec\x82\xc3\x88\x79" 11981 11981 + "\xbc\xc3\xaa\xb7\xcf\x6a\x72\x80" 11982 11982 + "\x4c\xf4\x84\x8f\x13\x9e\x94\x5c" 11983 11983 + "\xe5\xb2\x91\xbb\x92\x51\x4d\xf1" 11984 11984 + "\xd6\x0d\x71\x6b\x7a\xc2\x2f\x12" 11985 11985 + "\x6f\x75\xc7\x80\x99\x50\x84\xcf" 11986 11986 + "\xa8\xeb\xd6\xe1\x1c\x59\x81\x7e" 11987 11987 + "\xb9\xb3\xde\x7a\x93\x14\x12\xa2" 11988 11988 + "\xf7\x43\xb3\x9d\x1a\x87\x65\x91" 11989 11989 + "\x42\x08\x40\x82\x06\x1c\x2d\x55" 11990 11990 + "\x6e\x48\xd5\x74\x07\x6e\x9d\x80" 11991 11991 + "\xeb\xb4\x97\xa1\x36\xdf\xfa\x74" 11992 11992 + "\x79\x7f\x5a\x75\xe7\x71\xc8\x8c" 11993 11993 + "\x7e\xf8\x3a\x77\xcd\x32\x05\xf9" 11994 11994 + "\x3d\xd4\xe9\xa2\xbb\xc4\x8b\x83" 11995 11995 + "\x42\x5c\x82\xfa\xe9\x4b\x96\x3b" 11996 11996 + "\x7f\x89\x8b\xf9\xf1\x87\xda\xf0" 11997 11997 + "\x87\xef\x13\x5d\xf0\xe2\xc5\xc1" 11998 11998 + "\xed\x14\xa9\x57\x19\x63\x40\x04" 11999 11999 + "\x24\xeb\x6e\x19\xd1\x3d\x70\x78" 12000 12000 + "\xeb\xda\x55\x70\x2c\x4f\x41\x5b" 12001 12001 + "\x56\x9f\x1a\xd3\xac\xf1\xc0\xc3" 12002 12002 + "\x21\xec\xd7\xd2\x55\x32\x7c\x2e" 12003 12003 + "\x3c\x48\x8e\xb4\x85\x35\x47\xfe" 12004 12004 + "\xe2\x88\x79\x98\x6a\xc9\x8d\xff" 12005 12005 + "\xe9\x89\x6e\xb8\xe2\x97\x00\xbd" 12006 12006 + "\xa4\x8f\xba\xd0\x8c\xcb\x79\x99" 12007 12007 + "\xb3\xb2\xb2\x7a\xc3\xb7\xef\x75" 12008 12008 + "\x23\x52\x76\xc3\x50\x6e\x66\xf8" 12009 12009 + "\xa2\xe2\xce\xba\x40\x21\x3f\xc9" 12010 12010 + "\x0a\x32\x7f\xf7\x08\x8c\x66\xcf" 12011 12011 + "\xd3\xdf\x57\x59\x83\xb8\xe1\x85" 12012 12012 + "\xd6\x8f\xfb\x48\x1f\x3a\xc4\x2f" 12013 12013 + "\xb4\x2d\x58\xab\xd8\x7f\x5e\x3a" 12014 12014 + "\xbc\x62\x3e\xe2\x6a\x52\x0d\x76" 12015 12015 + "\x2f\x1c\x1a\x30\xed\x95\x2a\x44" 12016 12016 + "\x35\xa5\x83\x04\x84\x01\x99\x56" 12017 12017 + "\xb7\xe3\x10\x96\xfa\xdc\x19\xdd" 12018 12018 + "\xe2\x7f\xcb\xa0\x49\x1b\xff\x4c" 12019 12019 + "\x73\xf6\xbb\x94\x00\xe8\xa9\x3d" 12020 12020 + "\xe2\x20\xe9\x3f\xfa\x07\x5d\x77" 12021 12021 + "\x06\xd5\x4f\x4d\x02\xb8\x40\x1b" 12022 12022 + "\x30\xed\x1a\x50\x19\xef\xc4\x2c" 12023 12023 + "\x02\xd9\xc5\xd3\x11\x33\x37\xe5" 12024 12024 + "\x2b\xa3\x95\xa6\xee\xd8\x74\x1d" 12025 12025 + "\x68\xa0\xeb\xbf\xdd\x5e\x99\x96" 12026 12026 + "\x91\xc3\x94\x24\xa5\x12\xa2\x37" 12027 12027 + "\xb3\xac\xcf\x2a\xfd\x55\x34\xfe" 12028 12028 + "\x79\x92\x3e\xe6\x1b\x49\x57\x5d" 12029 12029 + "\x93\x6c\x01\xf7\xcc\x4e\x20\xd1" 12030 12030 + "\xb2\x1a\xd8\x4c\xbd\x1d\x10\xe9" 12031 12031 + "\x5a\xa8\x92\x7f\xba\xe6\x0c\x95", 12032 12032 + .ilen = 512, 12033 12033 + .result = "\x05\x11\xb7\x18\xab\xc6\x2d\xac" 12034 12034 + "\x70\x5d\xf6\x22\x94\xcd\xe5\x6c" 12035 12035 + "\x17\x6b\xf6\x1c\xf0\xf3\x6e\xf8" 12036 12036 + "\x50\x38\x1f\x71\x49\xb6\x57\xd6" 12037 12037 + "\x8f\xcb\x8d\x6b\xe3\xa6\x29\x90" 12038 12038 + "\xfe\x2a\x62\x82\xae\x6d\x8b\xf6" 12039 12039 + "\xad\x1e\x9e\x20\x5f\x38\xbe\x04" 12040 12040 + "\xda\x10\x8e\xed\xa2\xa4\x87\xab" 12041 12041 + "\xda\x6b\xb4\x0c\x75\xba\xd3\x7c" 12042 12042 + "\xc9\xac\x42\x31\x95\x7c\xc9\x04" 12043 12043 + "\xeb\xd5\x6e\x32\x69\x8a\xdb\xa6" 12044 12044 + "\x15\xd7\x3f\x4f\x2f\x66\x69\x03" 12045 12045 + "\x9c\x1f\x54\x0f\xde\x1f\xf3\x65" 12046 12046 + "\x4c\x96\x12\xed\x7c\x92\x03\x01" 12047 12047 + "\x6f\xbc\x35\x93\xac\xf1\x27\xf1" 12048 12048 + "\xb4\x96\x82\x5a\x5f\xb0\xa0\x50" 12049 12049 + "\x89\xa4\x8e\x66\x44\x85\xcc\xfd" 12050 12050 + "\x33\x14\x70\xe3\x96\xb2\xc3\xd3" 12051 12051 + "\xbb\x54\x5a\x1a\xf9\x74\xa2\xc5" 12052 12052 + "\x2d\x64\x75\xdd\xb4\x54\xe6\x74" 12053 12053 + "\x8c\xd3\x9d\x9e\x86\xab\x51\x53" 12054 12054 + "\xb7\x93\x3e\x6f\xd0\x4e\x2c\x40" 12055 12055 + "\xf6\xa8\x2e\x3e\x9d\xf4\x66\xa5" 12056 12056 + "\x76\x12\x73\x44\x1a\x56\xd7\x72" 12057 12057 + "\x88\xcd\x21\x8c\x4c\x0f\xfe\xda" 12058 12058 + "\x95\xe0\x3a\xa6\xa5\x84\x46\xcd" 12059 12059 + "\xd5\x3e\x9d\x3a\xe2\x67\xe6\x60" 12060 12060 + "\x1a\xe2\x70\x85\x58\xc2\x1b\x09" 12061 12061 + "\xe1\xd7\x2c\xca\xad\xa8\x8f\xf9" 12062 12062 + "\xac\xb3\x0e\xdb\xca\x2e\xe2\xb8" 12063 12063 + "\x51\x71\xd9\x3c\x6c\xf1\x56\xf8" 12064 12064 + "\xea\x9c\xf1\xfb\x0c\xe6\xb7\x10" 12065 12065 + "\x1c\xf8\xa9\x7c\xe8\x53\x35\xc1" 12066 12066 + "\x90\x3e\x76\x4a\x74\xa4\x21\x2c" 12067 12067 + "\xf6\x2c\x4e\x0f\x94\x3a\x88\x2e" 12068 12068 + "\x41\x09\x6a\x33\x7d\xf6\xdd\x3f" 12069 12069 + "\x8d\x23\x31\x74\x84\xeb\x88\x6e" 12070 12070 + "\xcc\xb9\xbc\x22\x83\x19\x07\x22" 12071 12071 + "\xa5\x2d\xdf\xa5\xf3\x80\x85\x78" 12072 12072 + "\x84\x39\x6a\x6d\x6a\x99\x4f\xa5" 12073 12073 + "\x15\xfe\x46\xb0\xe4\x6c\xa5\x41" 12074 12074 + "\x3c\xce\x8f\x42\x60\x71\xa7\x75" 12075 12075 + "\x08\x40\x65\x8a\x82\xbf\xf5\x43" 12076 12076 + "\x71\x96\xa9\x4d\x44\x8a\x20\xbe" 12077 12077 + "\xfa\x4d\xbb\xc0\x7d\x31\x96\x65" 12078 12078 + "\xe7\x75\xe5\x3e\xfd\x92\x3b\xc9" 12079 12079 + "\x55\xbb\x16\x7e\xf7\xc2\x8c\xa4" 12080 12080 + "\x40\x1d\xe5\xef\x0e\xdf\xe4\x9a" 12081 12081 + "\x62\x73\x65\xfd\x46\x63\x25\x3d" 12082 12082 + "\x2b\xaf\xe5\x64\xfe\xa5\x5c\xcf" 12083 12083 + "\x24\xf3\xb4\xac\x64\xba\xdf\x4b" 12084 12084 + "\xc6\x96\x7d\x81\x2d\x8d\x97\xf7" 12085 12085 + "\xc5\x68\x77\x84\x32\x2b\xcc\x85" 12086 12086 + "\x74\x96\xf0\x12\x77\x61\xb9\xeb" 12087 12087 + "\x71\xaa\x82\xcb\x1c\xdb\x89\xc8" 12088 12088 + "\xc6\xb5\xe3\x5c\x7d\x39\x07\x24" 12089 12089 + "\xda\x39\x87\x45\xc0\x2b\xbb\x01" 12090 12090 + "\xac\xbc\x2a\x5c\x7f\xfc\xe8\xce" 12091 12091 + "\x6d\x9c\x6f\xed\xd3\xc1\xa1\xd6" 12092 12092 + "\xc5\x55\xa9\x66\x2f\xe1\xc8\x32" 12093 12093 + "\xa6\x5d\xa4\x3a\x98\x73\xe8\x45" 12094 12094 + "\xa4\xc7\xa8\xb4\xf6\x13\x03\xf6" 12095 12095 + "\xe9\x2e\xc4\x29\x0f\x84\xdb\xc4" 12096 12096 + "\x21\xc4\xc2\x75\x67\x89\x37\x0a", 12097 12097 + .rlen = 512, 12098 12098 + }, 12099 12099 + }; 12100 12100 + 12101 12101 + static struct cipher_testvec camellia_xts_enc_tv_template[] = { 12102 12102 + /* Generated from AES-XTS test vectors */ 12103 12103 + { 12104 12104 + .key = "\x00\x00\x00\x00\x00\x00\x00\x00" 12105 12105 + "\x00\x00\x00\x00\x00\x00\x00\x00" 12106 12106 + "\x00\x00\x00\x00\x00\x00\x00\x00" 12107 12107 + "\x00\x00\x00\x00\x00\x00\x00\x00", 12108 12108 + .klen = 32, 12109 12109 + .iv = "\x00\x00\x00\x00\x00\x00\x00\x00" 12110 12110 + "\x00\x00\x00\x00\x00\x00\x00\x00", 12111 12111 + .input = "\x00\x00\x00\x00\x00\x00\x00\x00" 12112 12112 + "\x00\x00\x00\x00\x00\x00\x00\x00" 12113 12113 + "\x00\x00\x00\x00\x00\x00\x00\x00" 12114 12114 + "\x00\x00\x00\x00\x00\x00\x00\x00", 12115 12115 + .ilen = 32, 12116 12116 + .result = "\x06\xcb\xa5\xf1\x04\x63\xb2\x41" 12117 12117 + "\xdc\xca\xfa\x09\xba\x74\xb9\x05" 12118 12118 + "\x78\xba\xa4\xf8\x67\x4d\x7e\xad" 12119 12119 + "\x20\x18\xf5\x0c\x41\x16\x2a\x61", 12120 12120 + .rlen = 32, 12121 12121 + }, { 12122 12122 + .key = "\x11\x11\x11\x11\x11\x11\x11\x11" 12123 12123 + "\x11\x11\x11\x11\x11\x11\x11\x11" 12124 12124 + "\x22\x22\x22\x22\x22\x22\x22\x22" 12125 12125 + "\x22\x22\x22\x22\x22\x22\x22\x22", 12126 12126 + .klen = 32, 12127 12127 + .iv = "\x33\x33\x33\x33\x33\x00\x00\x00" 12128 12128 + "\x00\x00\x00\x00\x00\x00\x00\x00", 12129 12129 + .input = "\x44\x44\x44\x44\x44\x44\x44\x44" 12130 12130 + "\x44\x44\x44\x44\x44\x44\x44\x44" 12131 12131 + "\x44\x44\x44\x44\x44\x44\x44\x44" 12132 12132 + "\x44\x44\x44\x44\x44\x44\x44\x44", 12133 12133 + .ilen = 32, 12134 12134 + .result = "\xc2\xb9\xdc\x44\x1d\xdf\xf2\x86" 12135 12135 + "\x8d\x35\x42\x0a\xa5\x5e\x3d\x4f" 12136 12136 + "\xb5\x37\x06\xff\xbd\xd4\x91\x70" 12137 12137 + "\x80\x1f\xb2\x39\x10\x89\x44\xf5", 12138 12138 + .rlen = 32, 12139 12139 + }, { 12140 12140 + .key = "\xff\xfe\xfd\xfc\xfb\xfa\xf9\xf8" 12141 12141 + "\xf7\xf6\xf5\xf4\xf3\xf2\xf1\xf0" 12142 12142 + "\x22\x22\x22\x22\x22\x22\x22\x22" 12143 12143 + "\x22\x22\x22\x22\x22\x22\x22\x22", 12144 12144 + .klen = 32, 12145 12145 + .iv = "\x33\x33\x33\x33\x33\x00\x00\x00" 12146 12146 + "\x00\x00\x00\x00\x00\x00\x00\x00", 12147 12147 + .input = "\x44\x44\x44\x44\x44\x44\x44\x44" 12148 12148 + "\x44\x44\x44\x44\x44\x44\x44\x44" 12149 12149 + "\x44\x44\x44\x44\x44\x44\x44\x44" 12150 12150 + "\x44\x44\x44\x44\x44\x44\x44\x44", 12151 12151 + .ilen = 32, 12152 12152 + .result = "\x52\x1f\x9d\xf5\x5a\x58\x5a\x7e" 12153 12153 + "\x9f\xd0\x8e\x02\x9c\x9a\x6a\xa7" 12154 12154 + "\xb4\x3b\xce\xe7\x17\xaa\x89\x6a" 12155 12155 + "\x35\x3c\x6b\xb5\x61\x1c\x79\x38", 12156 12156 + .rlen = 32, 12157 12157 + }, { 12158 12158 + .key = "\x27\x18\x28\x18\x28\x45\x90\x45" 12159 12159 + "\x23\x53\x60\x28\x74\x71\x35\x26" 12160 12160 + "\x31\x41\x59\x26\x53\x58\x97\x93" 12161 12161 + "\x23\x84\x62\x64\x33\x83\x27\x95", 12162 12162 + .klen = 32, 12163 12163 + .iv = "\x00\x00\x00\x00\x00\x00\x00\x00" 12164 12164 + "\x00\x00\x00\x00\x00\x00\x00\x00", 12165 12165 + .input = "\x00\x01\x02\x03\x04\x05\x06\x07" 12166 12166 + "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f" 12167 12167 + "\x10\x11\x12\x13\x14\x15\x16\x17" 12168 12168 + "\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f" 12169 12169 + "\x20\x21\x22\x23\x24\x25\x26\x27" 12170 12170 + "\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f" 12171 12171 + "\x30\x31\x32\x33\x34\x35\x36\x37" 12172 12172 + "\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f" 12173 12173 + "\x40\x41\x42\x43\x44\x45\x46\x47" 12174 12174 + "\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f" 12175 12175 + "\x50\x51\x52\x53\x54\x55\x56\x57" 12176 12176 + "\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f" 12177 12177 + "\x60\x61\x62\x63\x64\x65\x66\x67" 12178 12178 + "\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f" 12179 12179 + "\x70\x71\x72\x73\x74\x75\x76\x77" 12180 12180 + "\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f" 12181 12181 + "\x80\x81\x82\x83\x84\x85\x86\x87" 12182 12182 + "\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f" 12183 12183 + "\x90\x91\x92\x93\x94\x95\x96\x97" 12184 12184 + "\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f" 12185 12185 + "\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7" 12186 12186 + "\xa8\xa9\xaa\xab\xac\xad\xae\xaf" 12187 12187 + "\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7" 12188 12188 + "\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf" 12189 12189 + "\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7" 12190 12190 + "\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf" 12191 12191 + "\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7" 12192 12192 + "\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf" 12193 12193 + "\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7" 12194 12194 + "\xe8\xe9\xea\xeb\xec\xed\xee\xef" 12195 12195 + "\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7" 12196 12196 + "\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff" 12197 12197 + "\x00\x01\x02\x03\x04\x05\x06\x07" 12198 12198 + "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f" 12199 12199 + "\x10\x11\x12\x13\x14\x15\x16\x17" 12200 12200 + "\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f" 12201 12201 + "\x20\x21\x22\x23\x24\x25\x26\x27" 12202 12202 + "\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f" 12203 12203 + "\x30\x31\x32\x33\x34\x35\x36\x37" 12204 12204 + "\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f" 12205 12205 + "\x40\x41\x42\x43\x44\x45\x46\x47" 12206 12206 + "\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f" 12207 12207 + "\x50\x51\x52\x53\x54\x55\x56\x57" 12208 12208 + "\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f" 12209 12209 + "\x60\x61\x62\x63\x64\x65\x66\x67" 12210 12210 + "\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f" 12211 12211 + "\x70\x71\x72\x73\x74\x75\x76\x77" 12212 12212 + "\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f" 12213 12213 + "\x80\x81\x82\x83\x84\x85\x86\x87" 12214 12214 + "\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f" 12215 12215 + "\x90\x91\x92\x93\x94\x95\x96\x97" 12216 12216 + "\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f" 12217 12217 + "\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7" 12218 12218 + "\xa8\xa9\xaa\xab\xac\xad\xae\xaf" 12219 12219 + "\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7" 12220 12220 + "\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf" 12221 12221 + "\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7" 12222 12222 + "\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf" 12223 12223 + "\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7" 12224 12224 + "\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf" 12225 12225 + "\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7" 12226 12226 + "\xe8\xe9\xea\xeb\xec\xed\xee\xef" 12227 12227 + "\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7" 12228 12228 + "\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff", 12229 12229 + .ilen = 512, 12230 12230 + .result = "\xc7\xf9\x0a\xaa\xcb\xb5\x8f\x33" 12231 12231 + "\x60\xc3\xe9\x47\x90\xb7\x50\x57" 12232 12232 + "\xa3\xad\x81\x2f\xf5\x22\x96\x02" 12233 12233 + "\xaa\x7f\xea\xac\x29\x78\xca\x2a" 12234 12234 + "\x7c\xcd\x31\x1a\x3c\x40\x0a\x73" 12235 12235 + "\x09\x66\xad\x72\x0e\x4d\x5d\x77" 12236 12236 + "\xbc\xb8\x76\x80\x37\x59\xa9\x01" 12237 12237 + "\x9e\xfb\xdb\x6c\x93\xef\xb6\x8d" 12238 12238 + "\x1e\xc1\x94\xa8\xd4\xb5\xb0\x01" 12239 12239 + "\xd5\x01\x97\x28\xcd\x7a\x1f\xe8" 12240 12240 + "\x08\xda\x76\x00\x65\xcf\x7b\x31" 12241 12241 + "\xc6\xfa\xf2\x3b\x00\xa7\x6a\x9e" 12242 12242 + "\x6c\x43\x80\x87\xe0\xbb\x4e\xe5" 12243 12243 + "\xdc\x8a\xdf\xc3\x1d\x1b\x41\x04" 12244 12244 + "\xfb\x54\xdd\x29\x27\xc2\x65\x17" 12245 12245 + "\x36\x88\xb0\x85\x8d\x73\x7e\x4b" 12246 12246 + "\x1d\x16\x8a\x52\xbc\xa6\xbc\xa4" 12247 12247 + "\x8c\xd1\x04\x16\xbf\x8c\x01\x0f" 12248 12248 + "\x7e\x6b\x59\x15\x29\xd1\x9b\xd3" 12249 12249 + "\x6c\xee\xac\xdc\x45\x58\xca\x5b" 12250 12250 + "\x70\x0e\x6a\x12\x86\x82\x79\x9f" 12251 12251 + "\x16\xd4\x9d\x67\xcd\x70\x65\x26" 12252 12252 + "\x21\x72\x1e\xa1\x94\x8a\x83\x0c" 12253 12253 + "\x92\x42\x58\x5e\xa2\xc5\x31\xf3" 12254 12254 + "\x7b\xd1\x31\xd4\x15\x80\x31\x61" 12255 12255 + "\x5c\x53\x10\xdd\xea\xc8\x83\x5c" 12256 12256 + "\x7d\xa7\x05\x66\xcc\x1e\xbb\x05" 12257 12257 + "\x47\xae\xb4\x0f\x84\xd8\xf6\xb5" 12258 12258 + "\xa1\xc6\x52\x00\x52\xe8\xdc\xd9" 12259 12259 + "\x16\x31\xb2\x47\x91\x67\xaa\x28" 12260 12260 + "\x2c\x29\x85\xa3\xf7\xf2\x24\x93" 12261 12261 + "\x23\x80\x1f\xa8\x1b\x82\x8d\xdc" 12262 12262 + "\x9f\x0b\xcd\xb4\x3c\x20\xbc\xec" 12263 12263 + "\x4f\xc7\xee\xf8\xfd\xd9\xfb\x7e" 12264 12264 + "\x3f\x0d\x23\xfa\x3f\xa7\xcc\x66" 12265 12265 + "\x1c\xfe\xa6\x86\xf6\xf7\x85\xc7" 12266 12266 + "\x43\xc1\xd4\xfc\xe4\x79\xc9\x1d" 12267 12267 + "\xf8\x89\xcd\x20\x27\x84\x5d\x5c" 12268 12268 + "\x8e\x4f\x1f\xeb\x08\x21\x4f\xa3" 12269 12269 + "\xe0\x7e\x0b\x9c\xe7\x42\xcf\xb7" 12270 12270 + "\x3f\x43\xcc\x86\x71\x34\x6a\xd9" 12271 12271 + "\x5e\xec\x8f\x36\xc9\x0a\x03\xfe" 12272 12272 + "\x18\x41\xdc\x9e\x2e\x75\x20\x3e" 12273 12273 + "\xcc\x77\xe0\x8f\xe8\x43\x37\x4c" 12274 12274 + "\xed\x1a\x5a\xb3\xfa\x43\xc9\x71" 12275 12275 + "\x9f\xc5\xce\xcf\xff\xe7\x77\x1e" 12276 12276 + "\x35\x93\xde\x6b\xc0\x6a\x7e\xa9" 12277 12277 + "\x34\xb8\x27\x74\x08\xda\xf2\x4a" 12278 12278 + "\x23\x5b\x9f\x55\x3a\x57\x82\x52" 12279 12279 + "\xea\x6d\xc3\xc7\xf2\xc8\xb5\xdc" 12280 12280 + "\xc5\xb9\xbb\xaa\xf2\x29\x9f\x49" 12281 12281 + "\x7a\xef\xfe\xdc\x9f\xc9\x28\xe2" 12282 12282 + "\x96\x0b\x35\x84\x05\x0d\xd6\x2a" 12283 12283 + "\xea\x5a\xbf\x69\xde\xee\x4f\x8f" 12284 12284 + "\x84\xb9\xcf\xa7\x57\xea\xe0\xe8" 12285 12285 + "\x96\xef\x0f\x0e\xec\xc7\xa6\x74" 12286 12286 + "\xb1\xfe\x7a\x6d\x11\xdd\x0e\x15" 12287 12287 + "\x4a\x1e\x73\x7f\x55\xea\xf6\xe1" 12288 12288 + "\x5b\xb6\x71\xda\xb0\x0c\xba\x26" 12289 12289 + "\x5c\x48\x38\x6d\x1c\x32\xb2\x7d" 12290 12290 + "\x05\x87\xc2\x1e\x7e\x2d\xd4\x33" 12291 12291 + "\xcc\x06\xdb\xe7\x82\x29\x63\xd1" 12292 12292 + "\x52\x84\x4f\xee\x27\xe8\x02\xd4" 12293 12293 + "\x34\x3c\x69\xc2\xbd\x20\xe6\x7a", 12294 12294 + .rlen = 512, 12295 12295 + }, { 12296 12296 + .key = "\x27\x18\x28\x18\x28\x45\x90\x45" 12297 12297 + "\x23\x53\x60\x28\x74\x71\x35\x26" 12298 12298 + "\x62\x49\x77\x57\x24\x70\x93\x69" 12299 12299 + "\x99\x59\x57\x49\x66\x96\x76\x27" 12300 12300 + "\x31\x41\x59\x26\x53\x58\x97\x93" 12301 12301 + "\x23\x84\x62\x64\x33\x83\x27\x95" 12302 12302 + "\x02\x88\x41\x97\x16\x93\x99\x37" 12303 12303 + "\x51\x05\x82\x09\x74\x94\x45\x92", 12304 12304 + .klen = 64, 12305 12305 + .iv = "\xff\x00\x00\x00\x00\x00\x00\x00" 12306 12306 + "\x00\x00\x00\x00\x00\x00\x00\x00", 12307 12307 + .input = "\x00\x01\x02\x03\x04\x05\x06\x07" 12308 12308 + "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f" 12309 12309 + "\x10\x11\x12\x13\x14\x15\x16\x17" 12310 12310 + "\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f" 12311 12311 + "\x20\x21\x22\x23\x24\x25\x26\x27" 12312 12312 + "\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f" 12313 12313 + "\x30\x31\x32\x33\x34\x35\x36\x37" 12314 12314 + "\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f" 12315 12315 + "\x40\x41\x42\x43\x44\x45\x46\x47" 12316 12316 + "\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f" 12317 12317 + "\x50\x51\x52\x53\x54\x55\x56\x57" 12318 12318 + "\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f" 12319 12319 + "\x60\x61\x62\x63\x64\x65\x66\x67" 12320 12320 + "\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f" 12321 12321 + "\x70\x71\x72\x73\x74\x75\x76\x77" 12322 12322 + "\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f" 12323 12323 + "\x80\x81\x82\x83\x84\x85\x86\x87" 12324 12324 + "\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f" 12325 12325 + "\x90\x91\x92\x93\x94\x95\x96\x97" 12326 12326 + "\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f" 12327 12327 + "\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7" 12328 12328 + "\xa8\xa9\xaa\xab\xac\xad\xae\xaf" 12329 12329 + "\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7" 12330 12330 + "\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf" 12331 12331 + "\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7" 12332 12332 + "\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf" 12333 12333 + "\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7" 12334 12334 + "\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf" 12335 12335 + "\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7" 12336 12336 + "\xe8\xe9\xea\xeb\xec\xed\xee\xef" 12337 12337 + "\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7" 12338 12338 + "\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff" 12339 12339 + "\x00\x01\x02\x03\x04\x05\x06\x07" 12340 12340 + "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f" 12341 12341 + "\x10\x11\x12\x13\x14\x15\x16\x17" 12342 12342 + "\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f" 12343 12343 + "\x20\x21\x22\x23\x24\x25\x26\x27" 12344 12344 + "\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f" 12345 12345 + "\x30\x31\x32\x33\x34\x35\x36\x37" 12346 12346 + "\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f" 12347 12347 + "\x40\x41\x42\x43\x44\x45\x46\x47" 12348 12348 + "\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f" 12349 12349 + "\x50\x51\x52\x53\x54\x55\x56\x57" 12350 12350 + "\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f" 12351 12351 + "\x60\x61\x62\x63\x64\x65\x66\x67" 12352 12352 + "\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f" 12353 12353 + "\x70\x71\x72\x73\x74\x75\x76\x77" 12354 12354 + "\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f" 12355 12355 + "\x80\x81\x82\x83\x84\x85\x86\x87" 12356 12356 + "\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f" 12357 12357 + "\x90\x91\x92\x93\x94\x95\x96\x97" 12358 12358 + "\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f" 12359 12359 + "\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7" 12360 12360 + "\xa8\xa9\xaa\xab\xac\xad\xae\xaf" 12361 12361 + "\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7" 12362 12362 + "\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf" 12363 12363 + "\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7" 12364 12364 + "\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf" 12365 12365 + "\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7" 12366 12366 + "\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf" 12367 12367 + "\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7" 12368 12368 + "\xe8\xe9\xea\xeb\xec\xed\xee\xef" 12369 12369 + "\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7" 12370 12370 + "\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff", 12371 12371 + .ilen = 512, 12372 12372 + .result = "\x49\xcd\xb8\xbf\x2f\x73\x37\x28" 12373 12373 + "\x9a\x7f\x6e\x57\x55\xb8\x07\x88" 12374 12374 + "\x4a\x0d\x8b\x55\x60\xed\xb6\x7b" 12375 12375 + "\xf1\x74\xac\x96\x05\x7b\x32\xca" 12376 12376 + "\xd1\x4e\xf1\x58\x29\x16\x24\x6c" 12377 12377 + "\xf2\xb3\xe4\x88\x84\xac\x4d\xee" 12378 12378 + "\x97\x07\x82\xf0\x07\x12\x38\x0a" 12379 12379 + "\x67\x62\xaf\xfd\x85\x9f\x0a\x55" 12380 12380 + "\xa5\x20\xc5\x60\xe4\x68\x53\xa4" 12381 12381 + "\x0e\x2e\x65\xe3\xe4\x0c\x30\x7c" 12382 12382 + "\x1c\x01\x4f\x55\xa9\x13\xeb\x25" 12383 12383 + "\x21\x87\xbc\xd3\xe7\x67\x4f\x38" 12384 12384 + "\xa8\x14\x25\x71\xe9\x2e\x4c\x21" 12385 12385 + "\x41\x82\x0c\x45\x39\x35\xa8\x75" 12386 12386 + "\x03\x29\x01\x84\x8c\xab\x48\xbe" 12387 12387 + "\x11\x56\x22\x67\xb7\x67\x1a\x09" 12388 12388 + "\xa1\x72\x25\x41\x3c\x39\x65\x80" 12389 12389 + "\x7d\x2f\xf8\x2c\x73\x04\x58\x9d" 12390 12390 + "\xdd\x16\x8b\x63\x70\x4e\xc5\x17" 12391 12391 + "\x21\xe0\x84\x51\x4b\x6f\x05\x52" 12392 12392 + "\xe3\x63\x34\xfa\xa4\xaf\x33\x20" 12393 12393 + "\xc1\xae\x32\xc4\xb8\x2b\xdb\x76" 12394 12394 + "\xd9\x02\x31\x2f\xa3\xc6\xd0\x7b" 12395 12395 + "\xaf\x1b\x84\xe3\x9b\xbf\xa6\xe0" 12396 12396 + "\xb8\x8a\x13\x88\x71\xf4\x11\xa5" 12397 12397 + "\xe9\xa9\x10\x33\xe0\xbe\x49\x89" 12398 12398 + "\x41\x22\xf5\x9d\x80\x3e\x3b\x76" 12399 12399 + "\x01\x16\x50\x6e\x7c\x6a\x81\xe9" 12400 12400 + "\x13\x2c\xde\xb2\x5f\x79\xba\xb2" 12401 12401 + "\xb1\x75\xae\xd2\x07\x98\x4b\x69" 12402 12402 + "\xae\x7d\x5b\x90\xc2\x6c\xe6\x98" 12403 12403 + "\xd3\x4c\xa1\xa3\x9c\xc9\x33\x6a" 12404 12404 + "\x0d\x23\xb1\x79\x25\x13\x4b\xe5" 12405 12405 + "\xaf\x93\x20\x5c\x7f\x06\x7a\x34" 12406 12406 + "\x0b\x78\xe3\x67\x26\xe0\xad\x95" 12407 12407 + "\xc5\x4e\x26\x22\xcf\x73\x77\x62" 12408 12408 + "\x3e\x10\xd7\x90\x4b\x52\x1c\xc9" 12409 12409 + "\xef\x38\x52\x18\x0e\x29\x7e\xef" 12410 12410 + "\x34\xfe\x31\x95\xc5\xbc\xa8\xe2" 12411 12411 + "\xa8\x4e\x9f\xea\xa6\xf0\xfe\x5d" 12412 12412 + "\xc5\x39\x86\xed\x2f\x6d\xa0\xfe" 12413 12413 + "\x96\xcd\x41\x10\x78\x4e\x0c\xc9" 12414 12414 + "\xc3\x6d\x0f\xb7\xe8\xe0\x62\xab" 12415 12415 + "\x8b\xf1\x21\x89\xa1\x12\xaa\xfa" 12416 12416 + "\x9d\x70\xbe\x4c\xa8\x98\x89\x01" 12417 12417 + "\xb9\xe2\x61\xde\x0c\x4a\x0b\xaa" 12418 12418 + "\x89\xf5\x14\x79\x18\x8f\x3b\x0d" 12419 12419 + "\x21\x17\xf8\x59\x15\x24\x64\x22" 12420 12420 + "\x57\x48\x80\xd5\x3d\x92\x30\x07" 12421 12421 + "\xd9\xa1\x4a\x23\x16\x43\x48\x0e" 12422 12422 + "\x2b\x2d\x1b\x87\xef\x7e\xbd\xfa" 12423 12423 + "\x49\xbc\x7e\x68\x6e\xa8\x46\x95" 12424 12424 + "\xad\x5e\xfe\x0a\xa8\xd3\x1a\x5d" 12425 12425 + "\x6b\x84\xf3\x00\xba\x52\x05\x02" 12426 12426 + "\xe3\x96\x4e\xb6\x79\x3f\x43\xd3" 12427 12427 + "\x4d\x3f\xd6\xab\x0a\xc4\x75\x2d" 12428 12428 + "\xd1\x08\xc3\x6a\xc8\x37\x29\xa0" 12429 12429 + "\xcc\x9a\x05\xdd\x5c\xe1\xff\x66" 12430 12430 + "\xf2\x7a\x1d\xf2\xaf\xa9\x48\x89" 12431 12431 + "\xf5\x21\x0f\x02\x48\x83\x74\xbf" 12432 12432 + "\x2e\xe6\x93\x7b\xa0\xf4\xb1\x2b" 12433 12433 + "\xb1\x02\x0a\x5c\x79\x19\x3b\x75" 12434 12434 + "\xb7\x16\xd8\x12\x5c\xcd\x7d\x4e" 12435 12435 + "\xd5\xc6\x99\xcc\x4e\x6c\x94\x95", 12436 12436 + .rlen = 512, 12437 12437 + }, 12438 12438 + }; 12439 12439 + 12440 12440 + static struct cipher_testvec camellia_xts_dec_tv_template[] = { 12441 12441 + /* Generated from AES-XTS test vectors */ 12442 12442 + /* same as enc vectors with input and result reversed */ 12443 12443 + { 12444 12444 + .key = "\x00\x00\x00\x00\x00\x00\x00\x00" 12445 12445 + "\x00\x00\x00\x00\x00\x00\x00\x00" 12446 12446 + "\x00\x00\x00\x00\x00\x00\x00\x00" 12447 12447 + "\x00\x00\x00\x00\x00\x00\x00\x00", 12448 12448 + .klen = 32, 12449 12449 + .iv = "\x00\x00\x00\x00\x00\x00\x00\x00" 12450 12450 + "\x00\x00\x00\x00\x00\x00\x00\x00", 12451 12451 + .input = "\x06\xcb\xa5\xf1\x04\x63\xb2\x41" 12452 12452 + "\xdc\xca\xfa\x09\xba\x74\xb9\x05" 12453 12453 + "\x78\xba\xa4\xf8\x67\x4d\x7e\xad" 12454 12454 + "\x20\x18\xf5\x0c\x41\x16\x2a\x61", 12455 12455 + .ilen = 32, 12456 12456 + .result = "\x00\x00\x00\x00\x00\x00\x00\x00" 12457 12457 + "\x00\x00\x00\x00\x00\x00\x00\x00" 12458 12458 + "\x00\x00\x00\x00\x00\x00\x00\x00" 12459 12459 + "\x00\x00\x00\x00\x00\x00\x00\x00", 12460 12460 + .rlen = 32, 12461 12461 + }, { 12462 12462 + .key = "\x11\x11\x11\x11\x11\x11\x11\x11" 12463 12463 + "\x11\x11\x11\x11\x11\x11\x11\x11" 12464 12464 + "\x22\x22\x22\x22\x22\x22\x22\x22" 12465 12465 + "\x22\x22\x22\x22\x22\x22\x22\x22", 12466 12466 + .klen = 32, 12467 12467 + .iv = "\x33\x33\x33\x33\x33\x00\x00\x00" 12468 12468 + "\x00\x00\x00\x00\x00\x00\x00\x00", 12469 12469 + .input = "\xc2\xb9\xdc\x44\x1d\xdf\xf2\x86" 12470 12470 + "\x8d\x35\x42\x0a\xa5\x5e\x3d\x4f" 12471 12471 + "\xb5\x37\x06\xff\xbd\xd4\x91\x70" 12472 12472 + "\x80\x1f\xb2\x39\x10\x89\x44\xf5", 12473 12473 + .ilen = 32, 12474 12474 + .result = "\x44\x44\x44\x44\x44\x44\x44\x44" 12475 12475 + "\x44\x44\x44\x44\x44\x44\x44\x44" 12476 12476 + "\x44\x44\x44\x44\x44\x44\x44\x44" 12477 12477 + "\x44\x44\x44\x44\x44\x44\x44\x44", 12478 12478 + .rlen = 32, 12479 12479 + }, { 12480 12480 + .key = "\xff\xfe\xfd\xfc\xfb\xfa\xf9\xf8" 12481 12481 + "\xf7\xf6\xf5\xf4\xf3\xf2\xf1\xf0" 12482 12482 + "\x22\x22\x22\x22\x22\x22\x22\x22" 12483 12483 + "\x22\x22\x22\x22\x22\x22\x22\x22", 12484 12484 + .klen = 32, 12485 12485 + .iv = "\x33\x33\x33\x33\x33\x00\x00\x00" 12486 12486 + "\x00\x00\x00\x00\x00\x00\x00\x00", 12487 12487 + .input = "\x52\x1f\x9d\xf5\x5a\x58\x5a\x7e" 12488 12488 + "\x9f\xd0\x8e\x02\x9c\x9a\x6a\xa7" 12489 12489 + "\xb4\x3b\xce\xe7\x17\xaa\x89\x6a" 12490 12490 + "\x35\x3c\x6b\xb5\x61\x1c\x79\x38", 12491 12491 + .ilen = 32, 12492 12492 + .result = "\x44\x44\x44\x44\x44\x44\x44\x44" 12493 12493 + "\x44\x44\x44\x44\x44\x44\x44\x44" 12494 12494 + "\x44\x44\x44\x44\x44\x44\x44\x44" 12495 12495 + "\x44\x44\x44\x44\x44\x44\x44\x44", 12496 12496 + .rlen = 32, 12497 12497 + }, { 12498 12498 + .key = "\x27\x18\x28\x18\x28\x45\x90\x45" 12499 12499 + "\x23\x53\x60\x28\x74\x71\x35\x26" 12500 12500 + "\x31\x41\x59\x26\x53\x58\x97\x93" 12501 12501 + "\x23\x84\x62\x64\x33\x83\x27\x95", 12502 12502 + .klen = 32, 12503 12503 + .iv = "\x00\x00\x00\x00\x00\x00\x00\x00" 12504 12504 + "\x00\x00\x00\x00\x00\x00\x00\x00", 12505 12505 + .input = "\xc7\xf9\x0a\xaa\xcb\xb5\x8f\x33" 12506 12506 + "\x60\xc3\xe9\x47\x90\xb7\x50\x57" 12507 12507 + "\xa3\xad\x81\x2f\xf5\x22\x96\x02" 12508 12508 + "\xaa\x7f\xea\xac\x29\x78\xca\x2a" 12509 12509 + "\x7c\xcd\x31\x1a\x3c\x40\x0a\x73" 12510 12510 + "\x09\x66\xad\x72\x0e\x4d\x5d\x77" 12511 12511 + "\xbc\xb8\x76\x80\x37\x59\xa9\x01" 12512 12512 + "\x9e\xfb\xdb\x6c\x93\xef\xb6\x8d" 12513 12513 + "\x1e\xc1\x94\xa8\xd4\xb5\xb0\x01" 12514 12514 + "\xd5\x01\x97\x28\xcd\x7a\x1f\xe8" 12515 12515 + "\x08\xda\x76\x00\x65\xcf\x7b\x31" 12516 12516 + "\xc6\xfa\xf2\x3b\x00\xa7\x6a\x9e" 12517 12517 + "\x6c\x43\x80\x87\xe0\xbb\x4e\xe5" 12518 12518 + "\xdc\x8a\xdf\xc3\x1d\x1b\x41\x04" 12519 12519 + "\xfb\x54\xdd\x29\x27\xc2\x65\x17" 12520 12520 + "\x36\x88\xb0\x85\x8d\x73\x7e\x4b" 12521 12521 + "\x1d\x16\x8a\x52\xbc\xa6\xbc\xa4" 12522 12522 + "\x8c\xd1\x04\x16\xbf\x8c\x01\x0f" 12523 12523 + "\x7e\x6b\x59\x15\x29\xd1\x9b\xd3" 12524 12524 + "\x6c\xee\xac\xdc\x45\x58\xca\x5b" 12525 12525 + "\x70\x0e\x6a\x12\x86\x82\x79\x9f" 12526 12526 + "\x16\xd4\x9d\x67\xcd\x70\x65\x26" 12527 12527 + "\x21\x72\x1e\xa1\x94\x8a\x83\x0c" 12528 12528 + "\x92\x42\x58\x5e\xa2\xc5\x31\xf3" 12529 12529 + "\x7b\xd1\x31\xd4\x15\x80\x31\x61" 12530 12530 + "\x5c\x53\x10\xdd\xea\xc8\x83\x5c" 12531 12531 + "\x7d\xa7\x05\x66\xcc\x1e\xbb\x05" 12532 12532 + "\x47\xae\xb4\x0f\x84\xd8\xf6\xb5" 12533 12533 + "\xa1\xc6\x52\x00\x52\xe8\xdc\xd9" 12534 12534 + "\x16\x31\xb2\x47\x91\x67\xaa\x28" 12535 12535 + "\x2c\x29\x85\xa3\xf7\xf2\x24\x93" 12536 12536 + "\x23\x80\x1f\xa8\x1b\x82\x8d\xdc" 12537 12537 + "\x9f\x0b\xcd\xb4\x3c\x20\xbc\xec" 12538 12538 + "\x4f\xc7\xee\xf8\xfd\xd9\xfb\x7e" 12539 12539 + "\x3f\x0d\x23\xfa\x3f\xa7\xcc\x66" 12540 12540 + "\x1c\xfe\xa6\x86\xf6\xf7\x85\xc7" 12541 12541 + "\x43\xc1\xd4\xfc\xe4\x79\xc9\x1d" 12542 12542 + "\xf8\x89\xcd\x20\x27\x84\x5d\x5c" 12543 12543 + "\x8e\x4f\x1f\xeb\x08\x21\x4f\xa3" 12544 12544 + "\xe0\x7e\x0b\x9c\xe7\x42\xcf\xb7" 12545 12545 + "\x3f\x43\xcc\x86\x71\x34\x6a\xd9" 12546 12546 + "\x5e\xec\x8f\x36\xc9\x0a\x03\xfe" 12547 12547 + "\x18\x41\xdc\x9e\x2e\x75\x20\x3e" 12548 12548 + "\xcc\x77\xe0\x8f\xe8\x43\x37\x4c" 12549 12549 + "\xed\x1a\x5a\xb3\xfa\x43\xc9\x71" 12550 12550 + "\x9f\xc5\xce\xcf\xff\xe7\x77\x1e" 12551 12551 + "\x35\x93\xde\x6b\xc0\x6a\x7e\xa9" 12552 12552 + "\x34\xb8\x27\x74\x08\xda\xf2\x4a" 12553 12553 + "\x23\x5b\x9f\x55\x3a\x57\x82\x52" 12554 12554 + "\xea\x6d\xc3\xc7\xf2\xc8\xb5\xdc" 12555 12555 + "\xc5\xb9\xbb\xaa\xf2\x29\x9f\x49" 12556 12556 + "\x7a\xef\xfe\xdc\x9f\xc9\x28\xe2" 12557 12557 + "\x96\x0b\x35\x84\x05\x0d\xd6\x2a" 12558 12558 + "\xea\x5a\xbf\x69\xde\xee\x4f\x8f" 12559 12559 + "\x84\xb9\xcf\xa7\x57\xea\xe0\xe8" 12560 12560 + "\x96\xef\x0f\x0e\xec\xc7\xa6\x74" 12561 12561 + "\xb1\xfe\x7a\x6d\x11\xdd\x0e\x15" 12562 12562 + "\x4a\x1e\x73\x7f\x55\xea\xf6\xe1" 12563 12563 + "\x5b\xb6\x71\xda\xb0\x0c\xba\x26" 12564 12564 + "\x5c\x48\x38\x6d\x1c\x32\xb2\x7d" 12565 12565 + "\x05\x87\xc2\x1e\x7e\x2d\xd4\x33" 12566 12566 + "\xcc\x06\xdb\xe7\x82\x29\x63\xd1" 12567 12567 + "\x52\x84\x4f\xee\x27\xe8\x02\xd4" 12568 12568 + "\x34\x3c\x69\xc2\xbd\x20\xe6\x7a", 12569 12569 + .ilen = 512, 12570 12570 + .result = "\x00\x01\x02\x03\x04\x05\x06\x07" 12571 12571 + "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f" 12572 12572 + "\x10\x11\x12\x13\x14\x15\x16\x17" 12573 12573 + "\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f" 12574 12574 + "\x20\x21\x22\x23\x24\x25\x26\x27" 12575 12575 + "\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f" 12576 12576 + "\x30\x31\x32\x33\x34\x35\x36\x37" 12577 12577 + "\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f" 12578 12578 + "\x40\x41\x42\x43\x44\x45\x46\x47" 12579 12579 + "\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f" 12580 12580 + "\x50\x51\x52\x53\x54\x55\x56\x57" 12581 12581 + "\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f" 12582 12582 + "\x60\x61\x62\x63\x64\x65\x66\x67" 12583 12583 + "\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f" 12584 12584 + "\x70\x71\x72\x73\x74\x75\x76\x77" 12585 12585 + "\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f" 12586 12586 + "\x80\x81\x82\x83\x84\x85\x86\x87" 12587 12587 + "\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f" 12588 12588 + "\x90\x91\x92\x93\x94\x95\x96\x97" 12589 12589 + "\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f" 12590 12590 + "\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7" 12591 12591 + "\xa8\xa9\xaa\xab\xac\xad\xae\xaf" 12592 12592 + "\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7" 12593 12593 + "\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf" 12594 12594 + "\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7" 12595 12595 + "\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf" 12596 12596 + "\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7" 12597 12597 + "\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf" 12598 12598 + "\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7" 12599 12599 + "\xe8\xe9\xea\xeb\xec\xed\xee\xef" 12600 12600 + "\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7" 12601 12601 + "\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff" 12602 12602 + "\x00\x01\x02\x03\x04\x05\x06\x07" 12603 12603 + "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f" 12604 12604 + "\x10\x11\x12\x13\x14\x15\x16\x17" 12605 12605 + "\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f" 12606 12606 + "\x20\x21\x22\x23\x24\x25\x26\x27" 12607 12607 + "\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f" 12608 12608 + "\x30\x31\x32\x33\x34\x35\x36\x37" 12609 12609 + "\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f" 12610 12610 + "\x40\x41\x42\x43\x44\x45\x46\x47" 12611 12611 + "\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f" 12612 12612 + "\x50\x51\x52\x53\x54\x55\x56\x57" 12613 12613 + "\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f" 12614 12614 + "\x60\x61\x62\x63\x64\x65\x66\x67" 12615 12615 + "\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f" 12616 12616 + "\x70\x71\x72\x73\x74\x75\x76\x77" 12617 12617 + "\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f" 12618 12618 + "\x80\x81\x82\x83\x84\x85\x86\x87" 12619 12619 + "\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f" 12620 12620 + "\x90\x91\x92\x93\x94\x95\x96\x97" 12621 12621 + "\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f" 12622 12622 + "\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7" 12623 12623 + "\xa8\xa9\xaa\xab\xac\xad\xae\xaf" 12624 12624 + "\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7" 12625 12625 + "\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf" 12626 12626 + "\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7" 12627 12627 + "\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf" 12628 12628 + "\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7" 12629 12629 + "\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf" 12630 12630 + "\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7" 12631 12631 + "\xe8\xe9\xea\xeb\xec\xed\xee\xef" 12632 12632 + "\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7" 12633 12633 + "\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff", 12634 12634 + .rlen = 512, 12635 12635 + }, { 12636 12636 + .key = "\x27\x18\x28\x18\x28\x45\x90\x45" 12637 12637 + "\x23\x53\x60\x28\x74\x71\x35\x26" 12638 12638 + "\x62\x49\x77\x57\x24\x70\x93\x69" 12639 12639 + "\x99\x59\x57\x49\x66\x96\x76\x27" 12640 12640 + "\x31\x41\x59\x26\x53\x58\x97\x93" 12641 12641 + "\x23\x84\x62\x64\x33\x83\x27\x95" 12642 12642 + "\x02\x88\x41\x97\x16\x93\x99\x37" 12643 12643 + "\x51\x05\x82\x09\x74\x94\x45\x92", 12644 12644 + .klen = 64, 12645 12645 + .iv = "\xff\x00\x00\x00\x00\x00\x00\x00" 12646 12646 + "\x00\x00\x00\x00\x00\x00\x00\x00", 12647 12647 + .input = "\x49\xcd\xb8\xbf\x2f\x73\x37\x28" 12648 12648 + "\x9a\x7f\x6e\x57\x55\xb8\x07\x88" 12649 12649 + "\x4a\x0d\x8b\x55\x60\xed\xb6\x7b" 12650 12650 + "\xf1\x74\xac\x96\x05\x7b\x32\xca" 12651 12651 + "\xd1\x4e\xf1\x58\x29\x16\x24\x6c" 12652 12652 + "\xf2\xb3\xe4\x88\x84\xac\x4d\xee" 12653 12653 + "\x97\x07\x82\xf0\x07\x12\x38\x0a" 12654 12654 + "\x67\x62\xaf\xfd\x85\x9f\x0a\x55" 12655 12655 + "\xa5\x20\xc5\x60\xe4\x68\x53\xa4" 12656 12656 + "\x0e\x2e\x65\xe3\xe4\x0c\x30\x7c" 12657 12657 + "\x1c\x01\x4f\x55\xa9\x13\xeb\x25" 12658 12658 + "\x21\x87\xbc\xd3\xe7\x67\x4f\x38" 12659 12659 + "\xa8\x14\x25\x71\xe9\x2e\x4c\x21" 12660 12660 + "\x41\x82\x0c\x45\x39\x35\xa8\x75" 12661 12661 + "\x03\x29\x01\x84\x8c\xab\x48\xbe" 12662 12662 + "\x11\x56\x22\x67\xb7\x67\x1a\x09" 12663 12663 + "\xa1\x72\x25\x41\x3c\x39\x65\x80" 12664 12664 + "\x7d\x2f\xf8\x2c\x73\x04\x58\x9d" 12665 12665 + "\xdd\x16\x8b\x63\x70\x4e\xc5\x17" 12666 12666 + "\x21\xe0\x84\x51\x4b\x6f\x05\x52" 12667 12667 + "\xe3\x63\x34\xfa\xa4\xaf\x33\x20" 12668 12668 + "\xc1\xae\x32\xc4\xb8\x2b\xdb\x76" 12669 12669 + "\xd9\x02\x31\x2f\xa3\xc6\xd0\x7b" 12670 12670 + "\xaf\x1b\x84\xe3\x9b\xbf\xa6\xe0" 12671 12671 + "\xb8\x8a\x13\x88\x71\xf4\x11\xa5" 12672 12672 + "\xe9\xa9\x10\x33\xe0\xbe\x49\x89" 12673 12673 + "\x41\x22\xf5\x9d\x80\x3e\x3b\x76" 12674 12674 + "\x01\x16\x50\x6e\x7c\x6a\x81\xe9" 12675 12675 + "\x13\x2c\xde\xb2\x5f\x79\xba\xb2" 12676 12676 + "\xb1\x75\xae\xd2\x07\x98\x4b\x69" 12677 12677 + "\xae\x7d\x5b\x90\xc2\x6c\xe6\x98" 12678 12678 + "\xd3\x4c\xa1\xa3\x9c\xc9\x33\x6a" 12679 12679 + "\x0d\x23\xb1\x79\x25\x13\x4b\xe5" 12680 12680 + "\xaf\x93\x20\x5c\x7f\x06\x7a\x34" 12681 12681 + "\x0b\x78\xe3\x67\x26\xe0\xad\x95" 12682 12682 + "\xc5\x4e\x26\x22\xcf\x73\x77\x62" 12683 12683 + "\x3e\x10\xd7\x90\x4b\x52\x1c\xc9" 12684 12684 + "\xef\x38\x52\x18\x0e\x29\x7e\xef" 12685 12685 + "\x34\xfe\x31\x95\xc5\xbc\xa8\xe2" 12686 12686 + "\xa8\x4e\x9f\xea\xa6\xf0\xfe\x5d" 12687 12687 + "\xc5\x39\x86\xed\x2f\x6d\xa0\xfe" 12688 12688 + "\x96\xcd\x41\x10\x78\x4e\x0c\xc9" 12689 12689 + "\xc3\x6d\x0f\xb7\xe8\xe0\x62\xab" 12690 12690 + "\x8b\xf1\x21\x89\xa1\x12\xaa\xfa" 12691 12691 + "\x9d\x70\xbe\x4c\xa8\x98\x89\x01" 12692 12692 + "\xb9\xe2\x61\xde\x0c\x4a\x0b\xaa" 12693 12693 + "\x89\xf5\x14\x79\x18\x8f\x3b\x0d" 12694 12694 + "\x21\x17\xf8\x59\x15\x24\x64\x22" 12695 12695 + "\x57\x48\x80\xd5\x3d\x92\x30\x07" 12696 12696 + "\xd9\xa1\x4a\x23\x16\x43\x48\x0e" 12697 12697 + "\x2b\x2d\x1b\x87\xef\x7e\xbd\xfa" 12698 12698 + "\x49\xbc\x7e\x68\x6e\xa8\x46\x95" 12699 12699 + "\xad\x5e\xfe\x0a\xa8\xd3\x1a\x5d" 12700 12700 + "\x6b\x84\xf3\x00\xba\x52\x05\x02" 12701 12701 + "\xe3\x96\x4e\xb6\x79\x3f\x43\xd3" 12702 12702 + "\x4d\x3f\xd6\xab\x0a\xc4\x75\x2d" 12703 12703 + "\xd1\x08\xc3\x6a\xc8\x37\x29\xa0" 12704 12704 + "\xcc\x9a\x05\xdd\x5c\xe1\xff\x66" 12705 12705 + "\xf2\x7a\x1d\xf2\xaf\xa9\x48\x89" 12706 12706 + "\xf5\x21\x0f\x02\x48\x83\x74\xbf" 12707 12707 + "\x2e\xe6\x93\x7b\xa0\xf4\xb1\x2b" 12708 12708 + "\xb1\x02\x0a\x5c\x79\x19\x3b\x75" 12709 12709 + "\xb7\x16\xd8\x12\x5c\xcd\x7d\x4e" 12710 12710 + "\xd5\xc6\x99\xcc\x4e\x6c\x94\x95", 12711 12711 + .ilen = 512, 12712 12712 + .result = "\x00\x01\x02\x03\x04\x05\x06\x07" 12713 12713 + "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f" 12714 12714 + "\x10\x11\x12\x13\x14\x15\x16\x17" 12715 12715 + "\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f" 12716 12716 + "\x20\x21\x22\x23\x24\x25\x26\x27" 12717 12717 + "\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f" 12718 12718 + "\x30\x31\x32\x33\x34\x35\x36\x37" 12719 12719 + "\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f" 12720 12720 + "\x40\x41\x42\x43\x44\x45\x46\x47" 12721 12721 + "\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f" 12722 12722 + "\x50\x51\x52\x53\x54\x55\x56\x57" 12723 12723 + "\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f" 12724 12724 + "\x60\x61\x62\x63\x64\x65\x66\x67" 12725 12725 + "\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f" 12726 12726 + "\x70\x71\x72\x73\x74\x75\x76\x77" 12727 12727 + "\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f" 12728 12728 + "\x80\x81\x82\x83\x84\x85\x86\x87" 12729 12729 + "\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f" 12730 12730 + "\x90\x91\x92\x93\x94\x95\x96\x97" 12731 12731 + "\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f" 12732 12732 + "\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7" 12733 12733 + "\xa8\xa9\xaa\xab\xac\xad\xae\xaf" 12734 12734 + "\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7" 12735 12735 + "\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf" 12736 12736 + "\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7" 12737 12737 + "\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf" 12738 12738 + "\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7" 12739 12739 + "\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf" 12740 12740 + "\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7" 12741 12741 + "\xe8\xe9\xea\xeb\xec\xed\xee\xef" 12742 12742 + "\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7" 12743 12743 + "\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff" 12744 12744 + "\x00\x01\x02\x03\x04\x05\x06\x07" 12745 12745 + "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f" 12746 12746 + "\x10\x11\x12\x13\x14\x15\x16\x17" 12747 12747 + "\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f" 12748 12748 + "\x20\x21\x22\x23\x24\x25\x26\x27" 12749 12749 + "\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f" 12750 12750 + "\x30\x31\x32\x33\x34\x35\x36\x37" 12751 12751 + "\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f" 12752 12752 + "\x40\x41\x42\x43\x44\x45\x46\x47" 12753 12753 + "\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f" 12754 12754 + "\x50\x51\x52\x53\x54\x55\x56\x57" 12755 12755 + "\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f" 12756 12756 + "\x60\x61\x62\x63\x64\x65\x66\x67" 12757 12757 + "\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f" 12758 12758 + "\x70\x71\x72\x73\x74\x75\x76\x77" 12759 12759 + "\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f" 12760 12760 + "\x80\x81\x82\x83\x84\x85\x86\x87" 12761 12761 + "\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f" 12762 12762 + "\x90\x91\x92\x93\x94\x95\x96\x97" 12763 12763 + "\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f" 12764 12764 + "\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7" 12765 12765 + "\xa8\xa9\xaa\xab\xac\xad\xae\xaf" 12766 12766 + "\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7" 12767 12767 + "\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf" 12768 12768 + "\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7" 12769 12769 + "\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf" 12770 12770 + "\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7" 12771 12771 + "\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf" 12772 12772 + "\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7" 12773 12773 + "\xe8\xe9\xea\xeb\xec\xed\xee\xef" 12774 12774 + "\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7" 12775 12775 + "\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff", 12776 12776 + .rlen = 512, 11544 12777 }, 11545 12778 }; 11546 12779

+1 -4

drivers/char/hw_random/tx4939-rng.c

reviewed

··· 115 115 rngdev = devm_kzalloc(&dev->dev, sizeof(*rngdev), GFP_KERNEL); 116 116 if (!rngdev) 117 117 return -ENOMEM; 118 118 - if (!devm_request_mem_region(&dev->dev, r->start, resource_size(r), 119 119 - dev_name(&dev->dev))) 120 120 - return -EBUSY; 121 121 - rngdev->base = devm_ioremap(&dev->dev, r->start, resource_size(r)); 118 118 + rngdev->base = devm_request_and_ioremap(&dev->dev, r); 122 119 if (!rngdev->base) 123 120 return -EBUSY; 124 121

+11

drivers/crypto/Kconfig

reviewed

··· 293 293 Select this to offload Samsung S5PV210 or S5PC110 from AES 294 294 algorithms execution. 295 295 296 296 + config CRYPTO_DEV_TEGRA_AES 297 297 + tristate "Support for TEGRA AES hw engine" 298 298 + depends on ARCH_TEGRA 299 299 + select CRYPTO_AES 300 300 + help 301 301 + TEGRA processors have AES module accelerator. Select this if you 302 302 + want to use the TEGRA module for AES algorithms. 303 303 + 304 304 + To compile this driver as a module, choose M here: the module 305 305 + will be called tegra-aes. 306 306 + 296 307 endif # CRYPTO_HW

+1

drivers/crypto/Makefile

reviewed

··· 13 13 obj-$(CONFIG_CRYPTO_DEV_OMAP_AES) += omap-aes.o 14 14 obj-$(CONFIG_CRYPTO_DEV_PICOXCELL) += picoxcell_crypto.o 15 15 obj-$(CONFIG_CRYPTO_DEV_S5P) += s5p-sss.o 16 16 + obj-$(CONFIG_CRYPTO_DEV_TEGRA_AES) += tegra-aes.o

+121 -5

drivers/crypto/caam/caamalg.c

reviewed

··· 1844 1844 .alg_op = OP_ALG_ALGSEL_SHA1 | OP_ALG_AAI_HMAC, 1845 1845 }, 1846 1846 { 1847 1847 + .name = "authenc(hmac(sha224),cbc(aes))", 1848 1848 + .driver_name = "authenc-hmac-sha224-cbc-aes-caam", 1849 1849 + .blocksize = AES_BLOCK_SIZE, 1850 1850 + .template_aead = { 1851 1851 + .setkey = aead_setkey, 1852 1852 + .setauthsize = aead_setauthsize, 1853 1853 + .encrypt = aead_encrypt, 1854 1854 + .decrypt = aead_decrypt, 1855 1855 + .givencrypt = aead_givencrypt, 1856 1856 + .geniv = "<built-in>", 1857 1857 + .ivsize = AES_BLOCK_SIZE, 1858 1858 + .maxauthsize = SHA224_DIGEST_SIZE, 1859 1859 + }, 1860 1860 + .class1_alg_type = OP_ALG_ALGSEL_AES | OP_ALG_AAI_CBC, 1861 1861 + .class2_alg_type = OP_ALG_ALGSEL_SHA224 | 1862 1862 + OP_ALG_AAI_HMAC_PRECOMP, 1863 1863 + .alg_op = OP_ALG_ALGSEL_SHA224 | OP_ALG_AAI_HMAC, 1864 1864 + }, 1865 1865 + { 1847 1866 .name = "authenc(hmac(sha256),cbc(aes))", 1848 1867 .driver_name = "authenc-hmac-sha256-cbc-aes-caam", 1849 1868 .blocksize = AES_BLOCK_SIZE, ··· 1882 1863 OP_ALG_AAI_HMAC_PRECOMP, 1883 1864 .alg_op = OP_ALG_ALGSEL_SHA256 | OP_ALG_AAI_HMAC, 1884 1865 }, 1866 1866 + { 1867 1867 + .name = "authenc(hmac(sha384),cbc(aes))", 1868 1868 + .driver_name = "authenc-hmac-sha384-cbc-aes-caam", 1869 1869 + .blocksize = AES_BLOCK_SIZE, 1870 1870 + .template_aead = { 1871 1871 + .setkey = aead_setkey, 1872 1872 + .setauthsize = aead_setauthsize, 1873 1873 + .encrypt = aead_encrypt, 1874 1874 + .decrypt = aead_decrypt, 1875 1875 + .givencrypt = aead_givencrypt, 1876 1876 + .geniv = "<built-in>", 1877 1877 + .ivsize = AES_BLOCK_SIZE, 1878 1878 + .maxauthsize = SHA384_DIGEST_SIZE, 1879 1879 + }, 1880 1880 + .class1_alg_type = OP_ALG_ALGSEL_AES | OP_ALG_AAI_CBC, 1881 1881 + .class2_alg_type = OP_ALG_ALGSEL_SHA384 | 1882 1882 + OP_ALG_AAI_HMAC_PRECOMP, 1883 1883 + .alg_op = OP_ALG_ALGSEL_SHA384 | OP_ALG_AAI_HMAC, 1884 1884 + }, 1885 1885 + 1885 1886 { 1886 1887 .name = "authenc(hmac(sha512),cbc(aes))", 1887 1888 .driver_name = "authenc-hmac-sha512-cbc-aes-caam", ··· 1961 1922 .alg_op = OP_ALG_ALGSEL_SHA1 | OP_ALG_AAI_HMAC, 1962 1923 }, 1963 1924 { 1925 1925 + .name = "authenc(hmac(sha224),cbc(des3_ede))", 1926 1926 + .driver_name = "authenc-hmac-sha224-cbc-des3_ede-caam", 1927 1927 + .blocksize = DES3_EDE_BLOCK_SIZE, 1928 1928 + .template_aead = { 1929 1929 + .setkey = aead_setkey, 1930 1930 + .setauthsize = aead_setauthsize, 1931 1931 + .encrypt = aead_encrypt, 1932 1932 + .decrypt = aead_decrypt, 1933 1933 + .givencrypt = aead_givencrypt, 1934 1934 + .geniv = "<built-in>", 1935 1935 + .ivsize = DES3_EDE_BLOCK_SIZE, 1936 1936 + .maxauthsize = SHA224_DIGEST_SIZE, 1937 1937 + }, 1938 1938 + .class1_alg_type = OP_ALG_ALGSEL_3DES | OP_ALG_AAI_CBC, 1939 1939 + .class2_alg_type = OP_ALG_ALGSEL_SHA224 | 1940 1940 + OP_ALG_AAI_HMAC_PRECOMP, 1941 1941 + .alg_op = OP_ALG_ALGSEL_SHA224 | OP_ALG_AAI_HMAC, 1942 1942 + }, 1943 1943 + { 1964 1944 .name = "authenc(hmac(sha256),cbc(des3_ede))", 1965 1945 .driver_name = "authenc-hmac-sha256-cbc-des3_ede-caam", 1966 1946 .blocksize = DES3_EDE_BLOCK_SIZE, ··· 1998 1940 .class2_alg_type = OP_ALG_ALGSEL_SHA256 | 1999 1941 OP_ALG_AAI_HMAC_PRECOMP, 2000 1942 .alg_op = OP_ALG_ALGSEL_SHA256 | OP_ALG_AAI_HMAC, 1943 1943 + }, 1944 1944 + { 1945 1945 + .name = "authenc(hmac(sha384),cbc(des3_ede))", 1946 1946 + .driver_name = "authenc-hmac-sha384-cbc-des3_ede-caam", 1947 1947 + .blocksize = DES3_EDE_BLOCK_SIZE, 1948 1948 + .template_aead = { 1949 1949 + .setkey = aead_setkey, 1950 1950 + .setauthsize = aead_setauthsize, 1951 1951 + .encrypt = aead_encrypt, 1952 1952 + .decrypt = aead_decrypt, 1953 1953 + .givencrypt = aead_givencrypt, 1954 1954 + .geniv = "<built-in>", 1955 1955 + .ivsize = DES3_EDE_BLOCK_SIZE, 1956 1956 + .maxauthsize = SHA384_DIGEST_SIZE, 1957 1957 + }, 1958 1958 + .class1_alg_type = OP_ALG_ALGSEL_3DES | OP_ALG_AAI_CBC, 1959 1959 + .class2_alg_type = OP_ALG_ALGSEL_SHA384 | 1960 1960 + OP_ALG_AAI_HMAC_PRECOMP, 1961 1961 + .alg_op = OP_ALG_ALGSEL_SHA384 | OP_ALG_AAI_HMAC, 2001 1962 }, 2002 1963 { 2003 1964 .name = "authenc(hmac(sha512),cbc(des3_ede))", ··· 2077 2000 .alg_op = OP_ALG_ALGSEL_SHA1 | OP_ALG_AAI_HMAC, 2078 2001 }, 2079 2002 { 2003 2003 + .name = "authenc(hmac(sha224),cbc(des))", 2004 2004 + .driver_name = "authenc-hmac-sha224-cbc-des-caam", 2005 2005 + .blocksize = DES_BLOCK_SIZE, 2006 2006 + .template_aead = { 2007 2007 + .setkey = aead_setkey, 2008 2008 + .setauthsize = aead_setauthsize, 2009 2009 + .encrypt = aead_encrypt, 2010 2010 + .decrypt = aead_decrypt, 2011 2011 + .givencrypt = aead_givencrypt, 2012 2012 + .geniv = "<built-in>", 2013 2013 + .ivsize = DES_BLOCK_SIZE, 2014 2014 + .maxauthsize = SHA224_DIGEST_SIZE, 2015 2015 + }, 2016 2016 + .class1_alg_type = OP_ALG_ALGSEL_DES | OP_ALG_AAI_CBC, 2017 2017 + .class2_alg_type = OP_ALG_ALGSEL_SHA224 | 2018 2018 + OP_ALG_AAI_HMAC_PRECOMP, 2019 2019 + .alg_op = OP_ALG_ALGSEL_SHA224 | OP_ALG_AAI_HMAC, 2020 2020 + }, 2021 2021 + { 2080 2022 .name = "authenc(hmac(sha256),cbc(des))", 2081 2023 .driver_name = "authenc-hmac-sha256-cbc-des-caam", 2082 2024 .blocksize = DES_BLOCK_SIZE, ··· 2114 2018 .class2_alg_type = OP_ALG_ALGSEL_SHA256 | 2115 2019 OP_ALG_AAI_HMAC_PRECOMP, 2116 2020 .alg_op = OP_ALG_ALGSEL_SHA256 | OP_ALG_AAI_HMAC, 2021 2021 + }, 2022 2022 + { 2023 2023 + .name = "authenc(hmac(sha384),cbc(des))", 2024 2024 + .driver_name = "authenc-hmac-sha384-cbc-des-caam", 2025 2025 + .blocksize = DES_BLOCK_SIZE, 2026 2026 + .template_aead = { 2027 2027 + .setkey = aead_setkey, 2028 2028 + .setauthsize = aead_setauthsize, 2029 2029 + .encrypt = aead_encrypt, 2030 2030 + .decrypt = aead_decrypt, 2031 2031 + .givencrypt = aead_givencrypt, 2032 2032 + .geniv = "<built-in>", 2033 2033 + .ivsize = DES_BLOCK_SIZE, 2034 2034 + .maxauthsize = SHA384_DIGEST_SIZE, 2035 2035 + }, 2036 2036 + .class1_alg_type = OP_ALG_ALGSEL_DES | OP_ALG_AAI_CBC, 2037 2037 + .class2_alg_type = OP_ALG_ALGSEL_SHA384 | 2038 2038 + OP_ALG_AAI_HMAC_PRECOMP, 2039 2039 + .alg_op = OP_ALG_ALGSEL_SHA384 | OP_ALG_AAI_HMAC, 2117 2040 }, 2118 2041 { 2119 2042 .name = "authenc(hmac(sha512),cbc(des))", ··· 2320 2205 alg->cra_blocksize = template->blocksize; 2321 2206 alg->cra_alignmask = 0; 2322 2207 alg->cra_ctxsize = sizeof(struct caam_ctx); 2323 2323 - alg->cra_flags = CRYPTO_ALG_ASYNC | template->type; 2208 2208 + alg->cra_flags = CRYPTO_ALG_ASYNC | CRYPTO_ALG_KERN_DRIVER_ONLY | 2209 2209 + template->type; 2324 2210 switch (template->type) { 2325 2211 case CRYPTO_ALG_TYPE_ABLKCIPHER: 2326 2212 alg->cra_type = &crypto_ablkcipher_type; ··· 2401 2285 dev_warn(ctrldev, "%s alg registration failed\n", 2402 2286 t_alg->crypto_alg.cra_driver_name); 2403 2287 kfree(t_alg); 2404 2404 - } else { 2288 2288 + } else 2405 2289 list_add_tail(&t_alg->entry, &priv->alg_list); 2406 2406 - dev_info(ctrldev, "%s\n", 2407 2407 - t_alg->crypto_alg.cra_driver_name); 2408 2408 - } 2409 2290 } 2291 2291 + if (!list_empty(&priv->alg_list)) 2292 2292 + dev_info(ctrldev, "%s algorithms registered in /proc/crypto\n", 2293 2293 + (char *)of_get_property(dev_node, "compatible", NULL)); 2410 2294 2411 2295 return err; 2412 2296 }

+1 -1

drivers/crypto/caam/ctrl.c

reviewed

··· 46 46 /* Probe routine for CAAM top (controller) level */ 47 47 static int caam_probe(struct platform_device *pdev) 48 48 { 49 49 - int d, ring, rspec; 49 49 + int ring, rspec; 50 50 struct device *dev; 51 51 struct device_node *nprop, *np; 52 52 struct caam_ctrl __iomem *ctrl;

+4 -2

drivers/crypto/geode-aes.c

reviewed

··· 393 393 .cra_driver_name = "cbc-aes-geode", 394 394 .cra_priority = 400, 395 395 .cra_flags = CRYPTO_ALG_TYPE_BLKCIPHER | 396 396 - CRYPTO_ALG_NEED_FALLBACK, 396 396 + CRYPTO_ALG_KERN_DRIVER_ONLY | 397 397 + CRYPTO_ALG_NEED_FALLBACK, 397 398 .cra_init = fallback_init_blk, 398 399 .cra_exit = fallback_exit_blk, 399 400 .cra_blocksize = AES_MIN_BLOCK_SIZE, ··· 480 479 .cra_driver_name = "ecb-aes-geode", 481 480 .cra_priority = 400, 482 481 .cra_flags = CRYPTO_ALG_TYPE_BLKCIPHER | 483 483 - CRYPTO_ALG_NEED_FALLBACK, 482 482 + CRYPTO_ALG_KERN_DRIVER_ONLY | 483 483 + CRYPTO_ALG_NEED_FALLBACK, 484 484 .cra_init = fallback_init_blk, 485 485 .cra_exit = fallback_exit_blk, 486 486 .cra_blocksize = AES_MIN_BLOCK_SIZE,

+2 -1

drivers/crypto/hifn_795x.c

reviewed

··· 2494 2494 t->drv_name, dev->name); 2495 2495 2496 2496 alg->alg.cra_priority = 300; 2497 2497 - alg->alg.cra_flags = CRYPTO_ALG_TYPE_ABLKCIPHER | CRYPTO_ALG_ASYNC; 2497 2497 + alg->alg.cra_flags = CRYPTO_ALG_TYPE_ABLKCIPHER | 2498 2498 + CRYPTO_ALG_KERN_DRIVER_ONLY | CRYPTO_ALG_ASYNC; 2498 2499 alg->alg.cra_blocksize = t->bsize; 2499 2500 alg->alg.cra_ctxsize = sizeof(struct hifn_context); 2500 2501 alg->alg.cra_alignmask = 0;

+3 -1

drivers/crypto/ixp4xx_crypto.c

reviewed

··· 265 265 BUILD_BUG_ON(sizeof(struct crypt_ctl) != 64); 266 266 crypt_virt = dma_alloc_coherent(dev, 267 267 NPE_QLEN * sizeof(struct crypt_ctl), 268 268 - &crypt_phys, GFP_KERNEL); 268 268 + &crypt_phys, GFP_ATOMIC); 269 269 if (!crypt_virt) 270 270 return -ENOMEM; 271 271 memset(crypt_virt, 0, NPE_QLEN * sizeof(struct crypt_ctl)); ··· 1449 1449 /* block ciphers */ 1450 1450 cra->cra_type = &crypto_ablkcipher_type; 1451 1451 cra->cra_flags = CRYPTO_ALG_TYPE_ABLKCIPHER | 1452 1452 + CRYPTO_ALG_KERN_DRIVER_ONLY | 1452 1453 CRYPTO_ALG_ASYNC; 1453 1454 if (!cra->cra_ablkcipher.setkey) 1454 1455 cra->cra_ablkcipher.setkey = ablk_setkey; ··· 1462 1461 /* authenc */ 1463 1462 cra->cra_type = &crypto_aead_type; 1464 1463 cra->cra_flags = CRYPTO_ALG_TYPE_AEAD | 1464 1464 + CRYPTO_ALG_KERN_DRIVER_ONLY | 1465 1465 CRYPTO_ALG_ASYNC; 1466 1466 cra->cra_aead.setkey = aead_setkey; 1467 1467 cra->cra_aead.setauthsize = aead_setauthsize;

+8 -4

drivers/crypto/mv_cesa.c

reviewed

··· 899 899 .cra_name = "ecb(aes)", 900 900 .cra_driver_name = "mv-ecb-aes", 901 901 .cra_priority = 300, 902 902 - .cra_flags = CRYPTO_ALG_TYPE_ABLKCIPHER | CRYPTO_ALG_ASYNC, 902 902 + .cra_flags = CRYPTO_ALG_TYPE_ABLKCIPHER | 903 903 + CRYPTO_ALG_KERN_DRIVER_ONLY | CRYPTO_ALG_ASYNC, 903 904 .cra_blocksize = 16, 904 905 .cra_ctxsize = sizeof(struct mv_ctx), 905 906 .cra_alignmask = 0, ··· 922 921 .cra_name = "cbc(aes)", 923 922 .cra_driver_name = "mv-cbc-aes", 924 923 .cra_priority = 300, 925 925 - .cra_flags = CRYPTO_ALG_TYPE_ABLKCIPHER | CRYPTO_ALG_ASYNC, 924 924 + .cra_flags = CRYPTO_ALG_TYPE_ABLKCIPHER | 925 925 + CRYPTO_ALG_KERN_DRIVER_ONLY | CRYPTO_ALG_ASYNC, 926 926 .cra_blocksize = AES_BLOCK_SIZE, 927 927 .cra_ctxsize = sizeof(struct mv_ctx), 928 928 .cra_alignmask = 0, ··· 955 953 .cra_driver_name = "mv-sha1", 956 954 .cra_priority = 300, 957 955 .cra_flags = 958 958 - CRYPTO_ALG_ASYNC | CRYPTO_ALG_NEED_FALLBACK, 956 956 + CRYPTO_ALG_ASYNC | CRYPTO_ALG_KERN_DRIVER_ONLY | 957 957 + CRYPTO_ALG_NEED_FALLBACK, 959 958 .cra_blocksize = SHA1_BLOCK_SIZE, 960 959 .cra_ctxsize = sizeof(struct mv_tfm_hash_ctx), 961 960 .cra_init = mv_cra_hash_sha1_init, ··· 980 977 .cra_driver_name = "mv-hmac-sha1", 981 978 .cra_priority = 300, 982 979 .cra_flags = 983 983 - CRYPTO_ALG_ASYNC | CRYPTO_ALG_NEED_FALLBACK, 980 980 + CRYPTO_ALG_ASYNC | CRYPTO_ALG_KERN_DRIVER_ONLY | 981 981 + CRYPTO_ALG_NEED_FALLBACK, 984 982 .cra_blocksize = SHA1_BLOCK_SIZE, 985 983 .cra_ctxsize = sizeof(struct mv_tfm_hash_ctx), 986 984 .cra_init = mv_cra_hash_hmac_sha1_init,

+5 -2

drivers/crypto/n2_core.c

reviewed

··· 1402 1402 snprintf(alg->cra_name, CRYPTO_MAX_ALG_NAME, "%s", tmpl->name); 1403 1403 snprintf(alg->cra_driver_name, CRYPTO_MAX_ALG_NAME, "%s-n2", tmpl->drv_name); 1404 1404 alg->cra_priority = N2_CRA_PRIORITY; 1405 1405 - alg->cra_flags = CRYPTO_ALG_TYPE_ABLKCIPHER | CRYPTO_ALG_ASYNC; 1405 1405 + alg->cra_flags = CRYPTO_ALG_TYPE_ABLKCIPHER | 1406 1406 + CRYPTO_ALG_KERN_DRIVER_ONLY | CRYPTO_ALG_ASYNC; 1406 1407 alg->cra_blocksize = tmpl->block_size; 1407 1408 p->enc_type = tmpl->enc_type; 1408 1409 alg->cra_ctxsize = sizeof(struct n2_cipher_context); ··· 1494 1493 snprintf(base->cra_name, CRYPTO_MAX_ALG_NAME, "%s", tmpl->name); 1495 1494 snprintf(base->cra_driver_name, CRYPTO_MAX_ALG_NAME, "%s-n2", tmpl->name); 1496 1495 base->cra_priority = N2_CRA_PRIORITY; 1497 1497 - base->cra_flags = CRYPTO_ALG_TYPE_AHASH | CRYPTO_ALG_NEED_FALLBACK; 1496 1496 + base->cra_flags = CRYPTO_ALG_TYPE_AHASH | 1497 1497 + CRYPTO_ALG_KERN_DRIVER_ONLY | 1498 1498 + CRYPTO_ALG_NEED_FALLBACK; 1498 1499 base->cra_blocksize = tmpl->block_size; 1499 1500 base->cra_ctxsize = sizeof(struct n2_hash_ctx); 1500 1501 base->cra_module = THIS_MODULE;

+6 -2

drivers/crypto/omap-aes.c

reviewed

··· 756 756 .cra_name = "ecb(aes)", 757 757 .cra_driver_name = "ecb-aes-omap", 758 758 .cra_priority = 100, 759 759 - .cra_flags = CRYPTO_ALG_TYPE_ABLKCIPHER | CRYPTO_ALG_ASYNC, 759 759 + .cra_flags = CRYPTO_ALG_TYPE_ABLKCIPHER | 760 760 + CRYPTO_ALG_KERN_DRIVER_ONLY | 761 761 + CRYPTO_ALG_ASYNC, 760 762 .cra_blocksize = AES_BLOCK_SIZE, 761 763 .cra_ctxsize = sizeof(struct omap_aes_ctx), 762 764 .cra_alignmask = 0, ··· 778 776 .cra_name = "cbc(aes)", 779 777 .cra_driver_name = "cbc-aes-omap", 780 778 .cra_priority = 100, 781 781 - .cra_flags = CRYPTO_ALG_TYPE_ABLKCIPHER | CRYPTO_ALG_ASYNC, 779 779 + .cra_flags = CRYPTO_ALG_TYPE_ABLKCIPHER | 780 780 + CRYPTO_ALG_KERN_DRIVER_ONLY | 781 781 + CRYPTO_ALG_ASYNC, 782 782 .cra_blocksize = AES_BLOCK_SIZE, 783 783 .cra_ctxsize = sizeof(struct omap_aes_ctx), 784 784 .cra_alignmask = 0,

+4

drivers/crypto/omap-sham.c

reviewed

··· 953 953 .cra_driver_name = "omap-sha1", 954 954 .cra_priority = 100, 955 955 .cra_flags = CRYPTO_ALG_TYPE_AHASH | 956 956 + CRYPTO_ALG_KERN_DRIVER_ONLY | 956 957 CRYPTO_ALG_ASYNC | 957 958 CRYPTO_ALG_NEED_FALLBACK, 958 959 .cra_blocksize = SHA1_BLOCK_SIZE, ··· 976 975 .cra_driver_name = "omap-md5", 977 976 .cra_priority = 100, 978 977 .cra_flags = CRYPTO_ALG_TYPE_AHASH | 978 978 + CRYPTO_ALG_KERN_DRIVER_ONLY | 979 979 CRYPTO_ALG_ASYNC | 980 980 CRYPTO_ALG_NEED_FALLBACK, 981 981 .cra_blocksize = SHA1_BLOCK_SIZE, ··· 1000 998 .cra_driver_name = "omap-hmac-sha1", 1001 999 .cra_priority = 100, 1002 1000 .cra_flags = CRYPTO_ALG_TYPE_AHASH | 1001 1001 + CRYPTO_ALG_KERN_DRIVER_ONLY | 1003 1002 CRYPTO_ALG_ASYNC | 1004 1003 CRYPTO_ALG_NEED_FALLBACK, 1005 1004 .cra_blocksize = SHA1_BLOCK_SIZE, ··· 1025 1022 .cra_driver_name = "omap-hmac-md5", 1026 1023 .cra_priority = 100, 1027 1024 .cra_flags = CRYPTO_ALG_TYPE_AHASH | 1025 1025 + CRYPTO_ALG_KERN_DRIVER_ONLY | 1028 1026 CRYPTO_ALG_ASYNC | 1029 1027 CRYPTO_ALG_NEED_FALLBACK, 1030 1028 .cra_blocksize = SHA1_BLOCK_SIZE,

+35 -11

drivers/crypto/picoxcell_crypto.c

reviewed

··· 1322 1322 .cra_driver_name = "cbc-aes-picoxcell", 1323 1323 .cra_priority = SPACC_CRYPTO_ALG_PRIORITY, 1324 1324 .cra_flags = CRYPTO_ALG_TYPE_ABLKCIPHER | 1325 1325 + CRYPTO_ALG_KERN_DRIVER_ONLY | 1325 1326 CRYPTO_ALG_ASYNC | 1326 1327 CRYPTO_ALG_NEED_FALLBACK, 1327 1328 .cra_blocksize = AES_BLOCK_SIZE, ··· 1350 1349 .cra_driver_name = "ecb-aes-picoxcell", 1351 1350 .cra_priority = SPACC_CRYPTO_ALG_PRIORITY, 1352 1351 .cra_flags = CRYPTO_ALG_TYPE_ABLKCIPHER | 1352 1352 + CRYPTO_ALG_KERN_DRIVER_ONLY | 1353 1353 CRYPTO_ALG_ASYNC | CRYPTO_ALG_NEED_FALLBACK, 1354 1354 .cra_blocksize = AES_BLOCK_SIZE, 1355 1355 .cra_ctxsize = sizeof(struct spacc_ablk_ctx), ··· 1375 1373 .cra_name = "cbc(des)", 1376 1374 .cra_driver_name = "cbc-des-picoxcell", 1377 1375 .cra_priority = SPACC_CRYPTO_ALG_PRIORITY, 1378 1378 - .cra_flags = CRYPTO_ALG_TYPE_ABLKCIPHER | CRYPTO_ALG_ASYNC, 1376 1376 + .cra_flags = CRYPTO_ALG_TYPE_ABLKCIPHER | 1377 1377 + CRYPTO_ALG_ASYNC | 1378 1378 + CRYPTO_ALG_KERN_DRIVER_ONLY, 1379 1379 .cra_blocksize = DES_BLOCK_SIZE, 1380 1380 .cra_ctxsize = sizeof(struct spacc_ablk_ctx), 1381 1381 .cra_type = &crypto_ablkcipher_type, ··· 1402 1398 .cra_name = "ecb(des)", 1403 1399 .cra_driver_name = "ecb-des-picoxcell", 1404 1400 .cra_priority = SPACC_CRYPTO_ALG_PRIORITY, 1405 1405 - .cra_flags = CRYPTO_ALG_TYPE_ABLKCIPHER | CRYPTO_ALG_ASYNC, 1401 1401 + .cra_flags = CRYPTO_ALG_TYPE_ABLKCIPHER | 1402 1402 + CRYPTO_ALG_ASYNC | 1403 1403 + CRYPTO_ALG_KERN_DRIVER_ONLY, 1406 1404 .cra_blocksize = DES_BLOCK_SIZE, 1407 1405 .cra_ctxsize = sizeof(struct spacc_ablk_ctx), 1408 1406 .cra_type = &crypto_ablkcipher_type, ··· 1428 1422 .cra_name = "cbc(des3_ede)", 1429 1423 .cra_driver_name = "cbc-des3-ede-picoxcell", 1430 1424 .cra_priority = SPACC_CRYPTO_ALG_PRIORITY, 1431 1431 - .cra_flags = CRYPTO_ALG_TYPE_ABLKCIPHER | CRYPTO_ALG_ASYNC, 1425 1425 + .cra_flags = CRYPTO_ALG_TYPE_ABLKCIPHER | 1426 1426 + CRYPTO_ALG_ASYNC | 1427 1427 + CRYPTO_ALG_KERN_DRIVER_ONLY, 1432 1428 .cra_blocksize = DES3_EDE_BLOCK_SIZE, 1433 1429 .cra_ctxsize = sizeof(struct spacc_ablk_ctx), 1434 1430 .cra_type = &crypto_ablkcipher_type, ··· 1455 1447 .cra_name = "ecb(des3_ede)", 1456 1448 .cra_driver_name = "ecb-des3-ede-picoxcell", 1457 1449 .cra_priority = SPACC_CRYPTO_ALG_PRIORITY, 1458 1458 - .cra_flags = CRYPTO_ALG_TYPE_ABLKCIPHER | CRYPTO_ALG_ASYNC, 1450 1450 + .cra_flags = CRYPTO_ALG_TYPE_ABLKCIPHER | 1451 1451 + CRYPTO_ALG_ASYNC | 1452 1452 + CRYPTO_ALG_KERN_DRIVER_ONLY, 1459 1453 .cra_blocksize = DES3_EDE_BLOCK_SIZE, 1460 1454 .cra_ctxsize = sizeof(struct spacc_ablk_ctx), 1461 1455 .cra_type = &crypto_ablkcipher_type, ··· 1482 1472 .cra_name = "authenc(hmac(sha1),cbc(aes))", 1483 1473 .cra_driver_name = "authenc-hmac-sha1-cbc-aes-picoxcell", 1484 1474 .cra_priority = SPACC_CRYPTO_ALG_PRIORITY, 1485 1485 - .cra_flags = CRYPTO_ALG_TYPE_AEAD | CRYPTO_ALG_ASYNC, 1475 1475 + .cra_flags = CRYPTO_ALG_TYPE_AEAD | 1476 1476 + CRYPTO_ALG_ASYNC | 1477 1477 + CRYPTO_ALG_KERN_DRIVER_ONLY, 1486 1478 .cra_blocksize = AES_BLOCK_SIZE, 1487 1479 .cra_ctxsize = sizeof(struct spacc_aead_ctx), 1488 1480 .cra_type = &crypto_aead_type, ··· 1512 1500 .cra_name = "authenc(hmac(sha256),cbc(aes))", 1513 1501 .cra_driver_name = "authenc-hmac-sha256-cbc-aes-picoxcell", 1514 1502 .cra_priority = SPACC_CRYPTO_ALG_PRIORITY, 1515 1515 - .cra_flags = CRYPTO_ALG_TYPE_AEAD | CRYPTO_ALG_ASYNC, 1503 1503 + .cra_flags = CRYPTO_ALG_TYPE_AEAD | 1504 1504 + CRYPTO_ALG_ASYNC | 1505 1505 + CRYPTO_ALG_KERN_DRIVER_ONLY, 1516 1506 .cra_blocksize = AES_BLOCK_SIZE, 1517 1507 .cra_ctxsize = sizeof(struct spacc_aead_ctx), 1518 1508 .cra_type = &crypto_aead_type, ··· 1541 1527 .cra_name = "authenc(hmac(md5),cbc(aes))", 1542 1528 .cra_driver_name = "authenc-hmac-md5-cbc-aes-picoxcell", 1543 1529 .cra_priority = SPACC_CRYPTO_ALG_PRIORITY, 1544 1544 - .cra_flags = CRYPTO_ALG_TYPE_AEAD | CRYPTO_ALG_ASYNC, 1530 1530 + .cra_flags = CRYPTO_ALG_TYPE_AEAD | 1531 1531 + CRYPTO_ALG_ASYNC | 1532 1532 + CRYPTO_ALG_KERN_DRIVER_ONLY, 1545 1533 .cra_blocksize = AES_BLOCK_SIZE, 1546 1534 .cra_ctxsize = sizeof(struct spacc_aead_ctx), 1547 1535 .cra_type = &crypto_aead_type, ··· 1570 1554 .cra_name = "authenc(hmac(sha1),cbc(des3_ede))", 1571 1555 .cra_driver_name = "authenc-hmac-sha1-cbc-3des-picoxcell", 1572 1556 .cra_priority = SPACC_CRYPTO_ALG_PRIORITY, 1573 1573 - .cra_flags = CRYPTO_ALG_TYPE_AEAD | CRYPTO_ALG_ASYNC, 1557 1557 + .cra_flags = CRYPTO_ALG_TYPE_AEAD | 1558 1558 + CRYPTO_ALG_ASYNC | 1559 1559 + CRYPTO_ALG_KERN_DRIVER_ONLY, 1574 1560 .cra_blocksize = DES3_EDE_BLOCK_SIZE, 1575 1561 .cra_ctxsize = sizeof(struct spacc_aead_ctx), 1576 1562 .cra_type = &crypto_aead_type, ··· 1600 1582 .cra_name = "authenc(hmac(sha256),cbc(des3_ede))", 1601 1583 .cra_driver_name = "authenc-hmac-sha256-cbc-3des-picoxcell", 1602 1584 .cra_priority = SPACC_CRYPTO_ALG_PRIORITY, 1603 1603 - .cra_flags = CRYPTO_ALG_TYPE_AEAD | CRYPTO_ALG_ASYNC, 1585 1585 + .cra_flags = CRYPTO_ALG_TYPE_AEAD | 1586 1586 + CRYPTO_ALG_ASYNC | 1587 1587 + CRYPTO_ALG_KERN_DRIVER_ONLY, 1604 1588 .cra_blocksize = DES3_EDE_BLOCK_SIZE, 1605 1589 .cra_ctxsize = sizeof(struct spacc_aead_ctx), 1606 1590 .cra_type = &crypto_aead_type, ··· 1629 1609 .cra_name = "authenc(hmac(md5),cbc(des3_ede))", 1630 1610 .cra_driver_name = "authenc-hmac-md5-cbc-3des-picoxcell", 1631 1611 .cra_priority = SPACC_CRYPTO_ALG_PRIORITY, 1632 1632 - .cra_flags = CRYPTO_ALG_TYPE_AEAD | CRYPTO_ALG_ASYNC, 1612 1612 + .cra_flags = CRYPTO_ALG_TYPE_AEAD | 1613 1613 + CRYPTO_ALG_ASYNC | 1614 1614 + CRYPTO_ALG_KERN_DRIVER_ONLY, 1633 1615 .cra_blocksize = DES3_EDE_BLOCK_SIZE, 1634 1616 .cra_ctxsize = sizeof(struct spacc_aead_ctx), 1635 1617 .cra_type = &crypto_aead_type, ··· 1661 1639 .cra_name = "f8(kasumi)", 1662 1640 .cra_driver_name = "f8-kasumi-picoxcell", 1663 1641 .cra_priority = SPACC_CRYPTO_ALG_PRIORITY, 1664 1664 - .cra_flags = CRYPTO_ALG_TYPE_GIVCIPHER | CRYPTO_ALG_ASYNC, 1642 1642 + .cra_flags = CRYPTO_ALG_TYPE_GIVCIPHER | 1643 1643 + CRYPTO_ALG_ASYNC | 1644 1644 + CRYPTO_ALG_KERN_DRIVER_ONLY, 1665 1645 .cra_blocksize = 8, 1666 1646 .cra_ctxsize = sizeof(struct spacc_ablk_ctx), 1667 1647 .cra_type = &crypto_ablkcipher_type,

+4 -2

drivers/crypto/s5p-sss.c

reviewed

··· 518 518 .cra_driver_name = "ecb-aes-s5p", 519 519 .cra_priority = 100, 520 520 .cra_flags = CRYPTO_ALG_TYPE_ABLKCIPHER | 521 521 - CRYPTO_ALG_ASYNC, 521 521 + CRYPTO_ALG_ASYNC | 522 522 + CRYPTO_ALG_KERN_DRIVER_ONLY, 522 523 .cra_blocksize = AES_BLOCK_SIZE, 523 524 .cra_ctxsize = sizeof(struct s5p_aes_ctx), 524 525 .cra_alignmask = 0x0f, ··· 539 538 .cra_driver_name = "cbc-aes-s5p", 540 539 .cra_priority = 100, 541 540 .cra_flags = CRYPTO_ALG_TYPE_ABLKCIPHER | 542 542 - CRYPTO_ALG_ASYNC, 541 541 + CRYPTO_ALG_ASYNC | 542 542 + CRYPTO_ALG_KERN_DRIVER_ONLY, 543 543 .cra_blocksize = AES_BLOCK_SIZE, 544 544 .cra_ctxsize = sizeof(struct s5p_aes_ctx), 545 545 .cra_alignmask = 0x0f,

+1

drivers/crypto/talitos.c

reviewed

··· 2648 2648 alg->cra_priority = TALITOS_CRA_PRIORITY; 2649 2649 alg->cra_alignmask = 0; 2650 2650 alg->cra_ctxsize = sizeof(struct talitos_ctx); 2651 2651 + alg->cra_flags |= CRYPTO_ALG_KERN_DRIVER_ONLY; 2651 2652 2652 2653 t_alg->dev = dev; 2653 2654

+1096

drivers/crypto/tegra-aes.c

reviewed

··· 1 1 + /* 2 2 + * drivers/crypto/tegra-aes.c 3 3 + * 4 4 + * Driver for NVIDIA Tegra AES hardware engine residing inside the 5 5 + * Bit Stream Engine for Video (BSEV) hardware block. 6 6 + * 7 7 + * The programming sequence for this engine is with the help 8 8 + * of commands which travel via a command queue residing between the 9 9 + * CPU and the BSEV block. The BSEV engine has an internal RAM (VRAM) 10 10 + * where the final input plaintext, keys and the IV have to be copied 11 11 + * before starting the encrypt/decrypt operation. 12 12 + * 13 13 + * Copyright (c) 2010, NVIDIA Corporation. 14 14 + * 15 15 + * This program is free software; you can redistribute it and/or modify 16 16 + * it under the terms of the GNU General Public License as published by 17 17 + * the Free Software Foundation; either version 2 of the License, or 18 18 + * (at your option) any later version. 19 19 + * 20 20 + * This program is distributed in the hope that it will be useful, but WITHOUT 21 21 + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 22 22 + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for 23 23 + * more details. 24 24 + * 25 25 + * You should have received a copy of the GNU General Public License along 26 26 + * with this program; if not, write to the Free Software Foundation, Inc., 27 27 + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 28 28 + */ 29 29 + 30 30 + #include <linux/module.h> 31 31 + #include <linux/init.h> 32 32 + #include <linux/errno.h> 33 33 + #include <linux/kernel.h> 34 34 + #include <linux/clk.h> 35 35 + #include <linux/platform_device.h> 36 36 + #include <linux/scatterlist.h> 37 37 + #include <linux/dma-mapping.h> 38 38 + #include <linux/io.h> 39 39 + #include <linux/mutex.h> 40 40 + #include <linux/interrupt.h> 41 41 + #include <linux/completion.h> 42 42 + #include <linux/workqueue.h> 43 43 + 44 44 + #include <mach/clk.h> 45 45 + 46 46 + #include <crypto/scatterwalk.h> 47 47 + #include <crypto/aes.h> 48 48 + #include <crypto/internal/rng.h> 49 49 + 50 50 + #include "tegra-aes.h" 51 51 + 52 52 + #define FLAGS_MODE_MASK 0x00FF 53 53 + #define FLAGS_ENCRYPT BIT(0) 54 54 + #define FLAGS_CBC BIT(1) 55 55 + #define FLAGS_GIV BIT(2) 56 56 + #define FLAGS_RNG BIT(3) 57 57 + #define FLAGS_OFB BIT(4) 58 58 + #define FLAGS_NEW_KEY BIT(5) 59 59 + #define FLAGS_NEW_IV BIT(6) 60 60 + #define FLAGS_INIT BIT(7) 61 61 + #define FLAGS_FAST BIT(8) 62 62 + #define FLAGS_BUSY 9 63 63 + 64 64 + /* 65 65 + * Defines AES engine Max process bytes size in one go, which takes 1 msec. 66 66 + * AES engine spends about 176 cycles/16-bytes or 11 cycles/byte 67 67 + * The duration CPU can use the BSE to 1 msec, then the number of available 68 68 + * cycles of AVP/BSE is 216K. In this duration, AES can process 216/11 ~= 19KB 69 69 + * Based on this AES_HW_DMA_BUFFER_SIZE_BYTES is configured to 16KB. 70 70 + */ 71 71 + #define AES_HW_DMA_BUFFER_SIZE_BYTES 0x4000 72 72 + 73 73 + /* 74 74 + * The key table length is 64 bytes 75 75 + * (This includes first upto 32 bytes key + 16 bytes original initial vector 76 76 + * and 16 bytes updated initial vector) 77 77 + */ 78 78 + #define AES_HW_KEY_TABLE_LENGTH_BYTES 64 79 79 + 80 80 + /* 81 81 + * The memory being used is divides as follows: 82 82 + * 1. Key - 32 bytes 83 83 + * 2. Original IV - 16 bytes 84 84 + * 3. Updated IV - 16 bytes 85 85 + * 4. Key schedule - 256 bytes 86 86 + * 87 87 + * 1+2+3 constitute the hw key table. 88 88 + */ 89 89 + #define AES_HW_IV_SIZE 16 90 90 + #define AES_HW_KEYSCHEDULE_LEN 256 91 91 + #define AES_IVKEY_SIZE (AES_HW_KEY_TABLE_LENGTH_BYTES + AES_HW_KEYSCHEDULE_LEN) 92 92 + 93 93 + /* Define commands required for AES operation */ 94 94 + enum { 95 95 + CMD_BLKSTARTENGINE = 0x0E, 96 96 + CMD_DMASETUP = 0x10, 97 97 + CMD_DMACOMPLETE = 0x11, 98 98 + CMD_SETTABLE = 0x15, 99 99 + CMD_MEMDMAVD = 0x22, 100 100 + }; 101 101 + 102 102 + /* Define sub-commands */ 103 103 + enum { 104 104 + SUBCMD_VRAM_SEL = 0x1, 105 105 + SUBCMD_CRYPTO_TABLE_SEL = 0x3, 106 106 + SUBCMD_KEY_TABLE_SEL = 0x8, 107 107 + }; 108 108 + 109 109 + /* memdma_vd command */ 110 110 + #define MEMDMA_DIR_DTOVRAM 0 /* sdram -> vram */ 111 111 + #define MEMDMA_DIR_VTODRAM 1 /* vram -> sdram */ 112 112 + #define MEMDMA_DIR_SHIFT 25 113 113 + #define MEMDMA_NUM_WORDS_SHIFT 12 114 114 + 115 115 + /* command queue bit shifts */ 116 116 + enum { 117 117 + CMDQ_KEYTABLEADDR_SHIFT = 0, 118 118 + CMDQ_KEYTABLEID_SHIFT = 17, 119 119 + CMDQ_VRAMSEL_SHIFT = 23, 120 120 + CMDQ_TABLESEL_SHIFT = 24, 121 121 + CMDQ_OPCODE_SHIFT = 26, 122 122 + }; 123 123 + 124 124 + /* 125 125 + * The secure key slot contains a unique secure key generated 126 126 + * and loaded by the bootloader. This slot is marked as non-accessible 127 127 + * to the kernel. 128 128 + */ 129 129 + #define SSK_SLOT_NUM 4 130 130 + 131 131 + #define AES_NR_KEYSLOTS 8 132 132 + #define TEGRA_AES_QUEUE_LENGTH 50 133 133 + #define DEFAULT_RNG_BLK_SZ 16 134 134 + 135 135 + /* The command queue depth */ 136 136 + #define AES_HW_MAX_ICQ_LENGTH 5 137 137 + 138 138 + struct tegra_aes_slot { 139 139 + struct list_head node; 140 140 + int slot_num; 141 141 + }; 142 142 + 143 143 + static struct tegra_aes_slot ssk = { 144 144 + .slot_num = SSK_SLOT_NUM, 145 145 + }; 146 146 + 147 147 + struct tegra_aes_reqctx { 148 148 + unsigned long mode; 149 149 + }; 150 150 + 151 151 + struct tegra_aes_dev { 152 152 + struct device *dev; 153 153 + void __iomem *io_base; 154 154 + dma_addr_t ivkey_phys_base; 155 155 + void __iomem *ivkey_base; 156 156 + struct clk *aes_clk; 157 157 + struct tegra_aes_ctx *ctx; 158 158 + int irq; 159 159 + unsigned long flags; 160 160 + struct completion op_complete; 161 161 + u32 *buf_in; 162 162 + dma_addr_t dma_buf_in; 163 163 + u32 *buf_out; 164 164 + dma_addr_t dma_buf_out; 165 165 + u8 *iv; 166 166 + u8 dt[DEFAULT_RNG_BLK_SZ]; 167 167 + int ivlen; 168 168 + u64 ctr; 169 169 + spinlock_t lock; 170 170 + struct crypto_queue queue; 171 171 + struct tegra_aes_slot *slots; 172 172 + struct ablkcipher_request *req; 173 173 + size_t total; 174 174 + struct scatterlist *in_sg; 175 175 + size_t in_offset; 176 176 + struct scatterlist *out_sg; 177 177 + size_t out_offset; 178 178 + }; 179 179 + 180 180 + static struct tegra_aes_dev *aes_dev; 181 181 + 182 182 + struct tegra_aes_ctx { 183 183 + struct tegra_aes_dev *dd; 184 184 + unsigned long flags; 185 185 + struct tegra_aes_slot *slot; 186 186 + u8 key[AES_MAX_KEY_SIZE]; 187 187 + size_t keylen; 188 188 + }; 189 189 + 190 190 + static struct tegra_aes_ctx rng_ctx = { 191 191 + .flags = FLAGS_NEW_KEY, 192 192 + .keylen = AES_KEYSIZE_128, 193 193 + }; 194 194 + 195 195 + /* keep registered devices data here */ 196 196 + static struct list_head dev_list; 197 197 + static DEFINE_SPINLOCK(list_lock); 198 198 + static DEFINE_MUTEX(aes_lock); 199 199 + 200 200 + static void aes_workqueue_handler(struct work_struct *work); 201 201 + static DECLARE_WORK(aes_work, aes_workqueue_handler); 202 202 + static struct workqueue_struct *aes_wq; 203 203 + 204 204 + extern unsigned long long tegra_chip_uid(void); 205 205 + 206 206 + static inline u32 aes_readl(struct tegra_aes_dev *dd, u32 offset) 207 207 + { 208 208 + return readl(dd->io_base + offset); 209 209 + } 210 210 + 211 211 + static inline void aes_writel(struct tegra_aes_dev *dd, u32 val, u32 offset) 212 212 + { 213 213 + writel(val, dd->io_base + offset); 214 214 + } 215 215 + 216 216 + static int aes_start_crypt(struct tegra_aes_dev *dd, u32 in_addr, u32 out_addr, 217 217 + int nblocks, int mode, bool upd_iv) 218 218 + { 219 219 + u32 cmdq[AES_HW_MAX_ICQ_LENGTH]; 220 220 + int i, eng_busy, icq_empty, ret; 221 221 + u32 value; 222 222 + 223 223 + /* reset all the interrupt bits */ 224 224 + aes_writel(dd, 0xFFFFFFFF, TEGRA_AES_INTR_STATUS); 225 225 + 226 226 + /* enable error, dma xfer complete interrupts */ 227 227 + aes_writel(dd, 0x33, TEGRA_AES_INT_ENB); 228 228 + 229 229 + cmdq[0] = CMD_DMASETUP << CMDQ_OPCODE_SHIFT; 230 230 + cmdq[1] = in_addr; 231 231 + cmdq[2] = CMD_BLKSTARTENGINE << CMDQ_OPCODE_SHIFT | (nblocks-1); 232 232 + cmdq[3] = CMD_DMACOMPLETE << CMDQ_OPCODE_SHIFT; 233 233 + 234 234 + value = aes_readl(dd, TEGRA_AES_CMDQUE_CONTROL); 235 235 + /* access SDRAM through AHB */ 236 236 + value &= ~TEGRA_AES_CMDQ_CTRL_SRC_STM_SEL_FIELD; 237 237 + value &= ~TEGRA_AES_CMDQ_CTRL_DST_STM_SEL_FIELD; 238 238 + value |= TEGRA_AES_CMDQ_CTRL_SRC_STM_SEL_FIELD | 239 239 + TEGRA_AES_CMDQ_CTRL_DST_STM_SEL_FIELD | 240 240 + TEGRA_AES_CMDQ_CTRL_ICMDQEN_FIELD; 241 241 + aes_writel(dd, value, TEGRA_AES_CMDQUE_CONTROL); 242 242 + dev_dbg(dd->dev, "cmd_q_ctrl=0x%x", value); 243 243 + 244 244 + value = (0x1 << TEGRA_AES_SECURE_INPUT_ALG_SEL_SHIFT) | 245 245 + ((dd->ctx->keylen * 8) << 246 246 + TEGRA_AES_SECURE_INPUT_KEY_LEN_SHIFT) | 247 247 + ((u32)upd_iv << TEGRA_AES_SECURE_IV_SELECT_SHIFT); 248 248 + 249 249 + if (mode & FLAGS_CBC) { 250 250 + value |= ((((mode & FLAGS_ENCRYPT) ? 2 : 3) 251 251 + << TEGRA_AES_SECURE_XOR_POS_SHIFT) | 252 252 + (((mode & FLAGS_ENCRYPT) ? 2 : 3) 253 253 + << TEGRA_AES_SECURE_VCTRAM_SEL_SHIFT) | 254 254 + ((mode & FLAGS_ENCRYPT) ? 1 : 0) 255 255 + << TEGRA_AES_SECURE_CORE_SEL_SHIFT); 256 256 + } else if (mode & FLAGS_OFB) { 257 257 + value |= ((TEGRA_AES_SECURE_XOR_POS_FIELD) | 258 258 + (2 << TEGRA_AES_SECURE_INPUT_SEL_SHIFT) | 259 259 + (TEGRA_AES_SECURE_CORE_SEL_FIELD)); 260 260 + } else if (mode & FLAGS_RNG) { 261 261 + value |= (((mode & FLAGS_ENCRYPT) ? 1 : 0) 262 262 + << TEGRA_AES_SECURE_CORE_SEL_SHIFT | 263 263 + TEGRA_AES_SECURE_RNG_ENB_FIELD); 264 264 + } else { 265 265 + value |= (((mode & FLAGS_ENCRYPT) ? 1 : 0) 266 266 + << TEGRA_AES_SECURE_CORE_SEL_SHIFT); 267 267 + } 268 268 + 269 269 + dev_dbg(dd->dev, "secure_in_sel=0x%x", value); 270 270 + aes_writel(dd, value, TEGRA_AES_SECURE_INPUT_SELECT); 271 271 + 272 272 + aes_writel(dd, out_addr, TEGRA_AES_SECURE_DEST_ADDR); 273 273 + INIT_COMPLETION(dd->op_complete); 274 274 + 275 275 + for (i = 0; i < AES_HW_MAX_ICQ_LENGTH - 1; i++) { 276 276 + do { 277 277 + value = aes_readl(dd, TEGRA_AES_INTR_STATUS); 278 278 + eng_busy = value & TEGRA_AES_ENGINE_BUSY_FIELD; 279 279 + icq_empty = value & TEGRA_AES_ICQ_EMPTY_FIELD; 280 280 + } while (eng_busy & (!icq_empty)); 281 281 + aes_writel(dd, cmdq[i], TEGRA_AES_ICMDQUE_WR); 282 282 + } 283 283 + 284 284 + ret = wait_for_completion_timeout(&dd->op_complete, 285 285 + msecs_to_jiffies(150)); 286 286 + if (ret == 0) { 287 287 + dev_err(dd->dev, "timed out (0x%x)\n", 288 288 + aes_readl(dd, TEGRA_AES_INTR_STATUS)); 289 289 + return -ETIMEDOUT; 290 290 + } 291 291 + 292 292 + aes_writel(dd, cmdq[AES_HW_MAX_ICQ_LENGTH - 1], TEGRA_AES_ICMDQUE_WR); 293 293 + return 0; 294 294 + } 295 295 + 296 296 + static void aes_release_key_slot(struct tegra_aes_slot *slot) 297 297 + { 298 298 + if (slot->slot_num == SSK_SLOT_NUM) 299 299 + return; 300 300 + 301 301 + spin_lock(&list_lock); 302 302 + list_add_tail(&slot->node, &dev_list); 303 303 + slot = NULL; 304 304 + spin_unlock(&list_lock); 305 305 + } 306 306 + 307 307 + static struct tegra_aes_slot *aes_find_key_slot(void) 308 308 + { 309 309 + struct tegra_aes_slot *slot = NULL; 310 310 + struct list_head *new_head; 311 311 + int empty; 312 312 + 313 313 + spin_lock(&list_lock); 314 314 + empty = list_empty(&dev_list); 315 315 + if (!empty) { 316 316 + slot = list_entry(&dev_list, struct tegra_aes_slot, node); 317 317 + new_head = dev_list.next; 318 318 + list_del(&dev_list); 319 319 + dev_list.next = new_head->next; 320 320 + dev_list.prev = NULL; 321 321 + } 322 322 + spin_unlock(&list_lock); 323 323 + 324 324 + return slot; 325 325 + } 326 326 + 327 327 + static int aes_set_key(struct tegra_aes_dev *dd) 328 328 + { 329 329 + u32 value, cmdq[2]; 330 330 + struct tegra_aes_ctx *ctx = dd->ctx; 331 331 + int eng_busy, icq_empty, dma_busy; 332 332 + bool use_ssk = false; 333 333 + 334 334 + /* use ssk? */ 335 335 + if (!dd->ctx->slot) { 336 336 + dev_dbg(dd->dev, "using ssk"); 337 337 + dd->ctx->slot = &ssk; 338 338 + use_ssk = true; 339 339 + } 340 340 + 341 341 + /* enable key schedule generation in hardware */ 342 342 + value = aes_readl(dd, TEGRA_AES_SECURE_CONFIG_EXT); 343 343 + value &= ~TEGRA_AES_SECURE_KEY_SCH_DIS_FIELD; 344 344 + aes_writel(dd, value, TEGRA_AES_SECURE_CONFIG_EXT); 345 345 + 346 346 + /* select the key slot */ 347 347 + value = aes_readl(dd, TEGRA_AES_SECURE_CONFIG); 348 348 + value &= ~TEGRA_AES_SECURE_KEY_INDEX_FIELD; 349 349 + value |= (ctx->slot->slot_num << TEGRA_AES_SECURE_KEY_INDEX_SHIFT); 350 350 + aes_writel(dd, value, TEGRA_AES_SECURE_CONFIG); 351 351 + 352 352 + if (use_ssk) 353 353 + return 0; 354 354 + 355 355 + /* copy the key table from sdram to vram */ 356 356 + cmdq[0] = CMD_MEMDMAVD << CMDQ_OPCODE_SHIFT | 357 357 + MEMDMA_DIR_DTOVRAM << MEMDMA_DIR_SHIFT | 358 358 + AES_HW_KEY_TABLE_LENGTH_BYTES / sizeof(u32) << 359 359 + MEMDMA_NUM_WORDS_SHIFT; 360 360 + cmdq[1] = (u32)dd->ivkey_phys_base; 361 361 + 362 362 + aes_writel(dd, cmdq[0], TEGRA_AES_ICMDQUE_WR); 363 363 + aes_writel(dd, cmdq[1], TEGRA_AES_ICMDQUE_WR); 364 364 + 365 365 + do { 366 366 + value = aes_readl(dd, TEGRA_AES_INTR_STATUS); 367 367 + eng_busy = value & TEGRA_AES_ENGINE_BUSY_FIELD; 368 368 + icq_empty = value & TEGRA_AES_ICQ_EMPTY_FIELD; 369 369 + dma_busy = value & TEGRA_AES_DMA_BUSY_FIELD; 370 370 + } while (eng_busy & (!icq_empty) & dma_busy); 371 371 + 372 372 + /* settable command to get key into internal registers */ 373 373 + value = CMD_SETTABLE << CMDQ_OPCODE_SHIFT | 374 374 + SUBCMD_CRYPTO_TABLE_SEL << CMDQ_TABLESEL_SHIFT | 375 375 + SUBCMD_VRAM_SEL << CMDQ_VRAMSEL_SHIFT | 376 376 + (SUBCMD_KEY_TABLE_SEL | ctx->slot->slot_num) << 377 377 + CMDQ_KEYTABLEID_SHIFT; 378 378 + aes_writel(dd, value, TEGRA_AES_ICMDQUE_WR); 379 379 + 380 380 + do { 381 381 + value = aes_readl(dd, TEGRA_AES_INTR_STATUS); 382 382 + eng_busy = value & TEGRA_AES_ENGINE_BUSY_FIELD; 383 383 + icq_empty = value & TEGRA_AES_ICQ_EMPTY_FIELD; 384 384 + } while (eng_busy & (!icq_empty)); 385 385 + 386 386 + return 0; 387 387 + } 388 388 + 389 389 + static int tegra_aes_handle_req(struct tegra_aes_dev *dd) 390 390 + { 391 391 + struct crypto_async_request *async_req, *backlog; 392 392 + struct crypto_ablkcipher *tfm; 393 393 + struct tegra_aes_ctx *ctx; 394 394 + struct tegra_aes_reqctx *rctx; 395 395 + struct ablkcipher_request *req; 396 396 + unsigned long flags; 397 397 + int dma_max = AES_HW_DMA_BUFFER_SIZE_BYTES; 398 398 + int ret = 0, nblocks, total; 399 399 + int count = 0; 400 400 + dma_addr_t addr_in, addr_out; 401 401 + struct scatterlist *in_sg, *out_sg; 402 402 + 403 403 + if (!dd) 404 404 + return -EINVAL; 405 405 + 406 406 + spin_lock_irqsave(&dd->lock, flags); 407 407 + backlog = crypto_get_backlog(&dd->queue); 408 408 + async_req = crypto_dequeue_request(&dd->queue); 409 409 + if (!async_req) 410 410 + clear_bit(FLAGS_BUSY, &dd->flags); 411 411 + spin_unlock_irqrestore(&dd->lock, flags); 412 412 + 413 413 + if (!async_req) 414 414 + return -ENODATA; 415 415 + 416 416 + if (backlog) 417 417 + backlog->complete(backlog, -EINPROGRESS); 418 418 + 419 419 + req = ablkcipher_request_cast(async_req); 420 420 + 421 421 + dev_dbg(dd->dev, "%s: get new req\n", __func__); 422 422 + 423 423 + if (!req->src || !req->dst) 424 424 + return -EINVAL; 425 425 + 426 426 + /* take mutex to access the aes hw */ 427 427 + mutex_lock(&aes_lock); 428 428 + 429 429 + /* assign new request to device */ 430 430 + dd->req = req; 431 431 + dd->total = req->nbytes; 432 432 + dd->in_offset = 0; 433 433 + dd->in_sg = req->src; 434 434 + dd->out_offset = 0; 435 435 + dd->out_sg = req->dst; 436 436 + 437 437 + in_sg = dd->in_sg; 438 438 + out_sg = dd->out_sg; 439 439 + 440 440 + total = dd->total; 441 441 + 442 442 + tfm = crypto_ablkcipher_reqtfm(req); 443 443 + rctx = ablkcipher_request_ctx(req); 444 444 + ctx = crypto_ablkcipher_ctx(tfm); 445 445 + rctx->mode &= FLAGS_MODE_MASK; 446 446 + dd->flags = (dd->flags & ~FLAGS_MODE_MASK) | rctx->mode; 447 447 + 448 448 + dd->iv = (u8 *)req->info; 449 449 + dd->ivlen = crypto_ablkcipher_ivsize(tfm); 450 450 + 451 451 + /* assign new context to device */ 452 452 + ctx->dd = dd; 453 453 + dd->ctx = ctx; 454 454 + 455 455 + if (ctx->flags & FLAGS_NEW_KEY) { 456 456 + /* copy the key */ 457 457 + memcpy(dd->ivkey_base, ctx->key, ctx->keylen); 458 458 + memset(dd->ivkey_base + ctx->keylen, 0, AES_HW_KEY_TABLE_LENGTH_BYTES - ctx->keylen); 459 459 + aes_set_key(dd); 460 460 + ctx->flags &= ~FLAGS_NEW_KEY; 461 461 + } 462 462 + 463 463 + if (((dd->flags & FLAGS_CBC) || (dd->flags & FLAGS_OFB)) && dd->iv) { 464 464 + /* set iv to the aes hw slot 465 465 + * Hw generates updated iv only after iv is set in slot. 466 466 + * So key and iv is passed asynchronously. 467 467 + */ 468 468 + memcpy(dd->buf_in, dd->iv, dd->ivlen); 469 469 + 470 470 + ret = aes_start_crypt(dd, (u32)dd->dma_buf_in, 471 471 + dd->dma_buf_out, 1, FLAGS_CBC, false); 472 472 + if (ret < 0) { 473 473 + dev_err(dd->dev, "aes_start_crypt fail(%d)\n", ret); 474 474 + goto out; 475 475 + } 476 476 + } 477 477 + 478 478 + while (total) { 479 479 + dev_dbg(dd->dev, "remain: %d\n", total); 480 480 + ret = dma_map_sg(dd->dev, in_sg, 1, DMA_TO_DEVICE); 481 481 + if (!ret) { 482 482 + dev_err(dd->dev, "dma_map_sg() error\n"); 483 483 + goto out; 484 484 + } 485 485 + 486 486 + ret = dma_map_sg(dd->dev, out_sg, 1, DMA_FROM_DEVICE); 487 487 + if (!ret) { 488 488 + dev_err(dd->dev, "dma_map_sg() error\n"); 489 489 + dma_unmap_sg(dd->dev, dd->in_sg, 490 490 + 1, DMA_TO_DEVICE); 491 491 + goto out; 492 492 + } 493 493 + 494 494 + addr_in = sg_dma_address(in_sg); 495 495 + addr_out = sg_dma_address(out_sg); 496 496 + dd->flags |= FLAGS_FAST; 497 497 + count = min_t(int, sg_dma_len(in_sg), dma_max); 498 498 + WARN_ON(sg_dma_len(in_sg) != sg_dma_len(out_sg)); 499 499 + nblocks = DIV_ROUND_UP(count, AES_BLOCK_SIZE); 500 500 + 501 501 + ret = aes_start_crypt(dd, addr_in, addr_out, nblocks, 502 502 + dd->flags, true); 503 503 + 504 504 + dma_unmap_sg(dd->dev, out_sg, 1, DMA_FROM_DEVICE); 505 505 + dma_unmap_sg(dd->dev, in_sg, 1, DMA_TO_DEVICE); 506 506 + 507 507 + if (ret < 0) { 508 508 + dev_err(dd->dev, "aes_start_crypt fail(%d)\n", ret); 509 509 + goto out; 510 510 + } 511 511 + dd->flags &= ~FLAGS_FAST; 512 512 + 513 513 + dev_dbg(dd->dev, "out: copied %d\n", count); 514 514 + total -= count; 515 515 + in_sg = sg_next(in_sg); 516 516 + out_sg = sg_next(out_sg); 517 517 + WARN_ON(((total != 0) && (!in_sg || !out_sg))); 518 518 + } 519 519 + 520 520 + out: 521 521 + mutex_unlock(&aes_lock); 522 522 + 523 523 + dd->total = total; 524 524 + 525 525 + if (dd->req->base.complete) 526 526 + dd->req->base.complete(&dd->req->base, ret); 527 527 + 528 528 + dev_dbg(dd->dev, "%s: exit\n", __func__); 529 529 + return ret; 530 530 + } 531 531 + 532 532 + static int tegra_aes_setkey(struct crypto_ablkcipher *tfm, const u8 *key, 533 533 + unsigned int keylen) 534 534 + { 535 535 + struct tegra_aes_ctx *ctx = crypto_ablkcipher_ctx(tfm); 536 536 + struct tegra_aes_dev *dd = aes_dev; 537 537 + struct tegra_aes_slot *key_slot; 538 538 + 539 539 + if ((keylen != AES_KEYSIZE_128) && (keylen != AES_KEYSIZE_192) && 540 540 + (keylen != AES_KEYSIZE_256)) { 541 541 + dev_err(dd->dev, "unsupported key size\n"); 542 542 + crypto_ablkcipher_set_flags(tfm, CRYPTO_TFM_RES_BAD_KEY_LEN); 543 543 + return -EINVAL; 544 544 + } 545 545 + 546 546 + dev_dbg(dd->dev, "keylen: %d\n", keylen); 547 547 + 548 548 + ctx->dd = dd; 549 549 + 550 550 + if (key) { 551 551 + if (!ctx->slot) { 552 552 + key_slot = aes_find_key_slot(); 553 553 + if (!key_slot) { 554 554 + dev_err(dd->dev, "no empty slot\n"); 555 555 + return -ENOMEM; 556 556 + } 557 557 + 558 558 + ctx->slot = key_slot; 559 559 + } 560 560 + 561 561 + memcpy(ctx->key, key, keylen); 562 562 + ctx->keylen = keylen; 563 563 + } 564 564 + 565 565 + ctx->flags |= FLAGS_NEW_KEY; 566 566 + dev_dbg(dd->dev, "done\n"); 567 567 + return 0; 568 568 + } 569 569 + 570 570 + static void aes_workqueue_handler(struct work_struct *work) 571 571 + { 572 572 + struct tegra_aes_dev *dd = aes_dev; 573 573 + int ret; 574 574 + 575 575 + ret = clk_enable(dd->aes_clk); 576 576 + if (ret) 577 577 + BUG_ON("clock enable failed"); 578 578 + 579 579 + /* empty the crypto queue and then return */ 580 580 + do { 581 581 + ret = tegra_aes_handle_req(dd); 582 582 + } while (!ret); 583 583 + 584 584 + clk_disable(dd->aes_clk); 585 585 + } 586 586 + 587 587 + static irqreturn_t aes_irq(int irq, void *dev_id) 588 588 + { 589 589 + struct tegra_aes_dev *dd = (struct tegra_aes_dev *)dev_id; 590 590 + u32 value = aes_readl(dd, TEGRA_AES_INTR_STATUS); 591 591 + int busy = test_bit(FLAGS_BUSY, &dd->flags); 592 592 + 593 593 + if (!busy) { 594 594 + dev_dbg(dd->dev, "spurious interrupt\n"); 595 595 + return IRQ_NONE; 596 596 + } 597 597 + 598 598 + dev_dbg(dd->dev, "irq_stat: 0x%x\n", value); 599 599 + if (value & TEGRA_AES_INT_ERROR_MASK) 600 600 + aes_writel(dd, TEGRA_AES_INT_ERROR_MASK, TEGRA_AES_INTR_STATUS); 601 601 + 602 602 + if (!(value & TEGRA_AES_ENGINE_BUSY_FIELD)) 603 603 + complete(&dd->op_complete); 604 604 + else 605 605 + return IRQ_NONE; 606 606 + 607 607 + return IRQ_HANDLED; 608 608 + } 609 609 + 610 610 + static int tegra_aes_crypt(struct ablkcipher_request *req, unsigned long mode) 611 611 + { 612 612 + struct tegra_aes_reqctx *rctx = ablkcipher_request_ctx(req); 613 613 + struct tegra_aes_dev *dd = aes_dev; 614 614 + unsigned long flags; 615 615 + int err = 0; 616 616 + int busy; 617 617 + 618 618 + dev_dbg(dd->dev, "nbytes: %d, enc: %d, cbc: %d, ofb: %d\n", 619 619 + req->nbytes, !!(mode & FLAGS_ENCRYPT), 620 620 + !!(mode & FLAGS_CBC), !!(mode & FLAGS_OFB)); 621 621 + 622 622 + rctx->mode = mode; 623 623 + 624 624 + spin_lock_irqsave(&dd->lock, flags); 625 625 + err = ablkcipher_enqueue_request(&dd->queue, req); 626 626 + busy = test_and_set_bit(FLAGS_BUSY, &dd->flags); 627 627 + spin_unlock_irqrestore(&dd->lock, flags); 628 628 + 629 629 + if (!busy) 630 630 + queue_work(aes_wq, &aes_work); 631 631 + 632 632 + return err; 633 633 + } 634 634 + 635 635 + static int tegra_aes_ecb_encrypt(struct ablkcipher_request *req) 636 636 + { 637 637 + return tegra_aes_crypt(req, FLAGS_ENCRYPT); 638 638 + } 639 639 + 640 640 + static int tegra_aes_ecb_decrypt(struct ablkcipher_request *req) 641 641 + { 642 642 + return tegra_aes_crypt(req, 0); 643 643 + } 644 644 + 645 645 + static int tegra_aes_cbc_encrypt(struct ablkcipher_request *req) 646 646 + { 647 647 + return tegra_aes_crypt(req, FLAGS_ENCRYPT | FLAGS_CBC); 648 648 + } 649 649 + 650 650 + static int tegra_aes_cbc_decrypt(struct ablkcipher_request *req) 651 651 + { 652 652 + return tegra_aes_crypt(req, FLAGS_CBC); 653 653 + } 654 654 + 655 655 + static int tegra_aes_ofb_encrypt(struct ablkcipher_request *req) 656 656 + { 657 657 + return tegra_aes_crypt(req, FLAGS_ENCRYPT | FLAGS_OFB); 658 658 + } 659 659 + 660 660 + static int tegra_aes_ofb_decrypt(struct ablkcipher_request *req) 661 661 + { 662 662 + return tegra_aes_crypt(req, FLAGS_OFB); 663 663 + } 664 664 + 665 665 + static int tegra_aes_get_random(struct crypto_rng *tfm, u8 *rdata, 666 666 + unsigned int dlen) 667 667 + { 668 668 + struct tegra_aes_dev *dd = aes_dev; 669 669 + struct tegra_aes_ctx *ctx = &rng_ctx; 670 670 + int ret, i; 671 671 + u8 *dest = rdata, *dt = dd->dt; 672 672 + 673 673 + /* take mutex to access the aes hw */ 674 674 + mutex_lock(&aes_lock); 675 675 + 676 676 + ret = clk_enable(dd->aes_clk); 677 677 + if (ret) 678 678 + return ret; 679 679 + 680 680 + ctx->dd = dd; 681 681 + dd->ctx = ctx; 682 682 + dd->flags = FLAGS_ENCRYPT | FLAGS_RNG; 683 683 + 684 684 + memcpy(dd->buf_in, dt, DEFAULT_RNG_BLK_SZ); 685 685 + 686 686 + ret = aes_start_crypt(dd, (u32)dd->dma_buf_in, 687 687 + (u32)dd->dma_buf_out, 1, dd->flags, true); 688 688 + if (ret < 0) { 689 689 + dev_err(dd->dev, "aes_start_crypt fail(%d)\n", ret); 690 690 + dlen = ret; 691 691 + goto out; 692 692 + } 693 693 + memcpy(dest, dd->buf_out, dlen); 694 694 + 695 695 + /* update the DT */ 696 696 + for (i = DEFAULT_RNG_BLK_SZ - 1; i >= 0; i--) { 697 697 + dt[i] += 1; 698 698 + if (dt[i] != 0) 699 699 + break; 700 700 + } 701 701 + 702 702 + out: 703 703 + clk_disable(dd->aes_clk); 704 704 + mutex_unlock(&aes_lock); 705 705 + 706 706 + dev_dbg(dd->dev, "%s: done\n", __func__); 707 707 + return dlen; 708 708 + } 709 709 + 710 710 + static int tegra_aes_rng_reset(struct crypto_rng *tfm, u8 *seed, 711 711 + unsigned int slen) 712 712 + { 713 713 + struct tegra_aes_dev *dd = aes_dev; 714 714 + struct tegra_aes_ctx *ctx = &rng_ctx; 715 715 + struct tegra_aes_slot *key_slot; 716 716 + struct timespec ts; 717 717 + int ret = 0; 718 718 + u64 nsec, tmp[2]; 719 719 + u8 *dt; 720 720 + 721 721 + if (!ctx || !dd) { 722 722 + dev_err(dd->dev, "ctx=0x%x, dd=0x%x\n", 723 723 + (unsigned int)ctx, (unsigned int)dd); 724 724 + return -EINVAL; 725 725 + } 726 726 + 727 727 + if (slen < (DEFAULT_RNG_BLK_SZ + AES_KEYSIZE_128)) { 728 728 + dev_err(dd->dev, "seed size invalid"); 729 729 + return -ENOMEM; 730 730 + } 731 731 + 732 732 + /* take mutex to access the aes hw */ 733 733 + mutex_lock(&aes_lock); 734 734 + 735 735 + if (!ctx->slot) { 736 736 + key_slot = aes_find_key_slot(); 737 737 + if (!key_slot) { 738 738 + dev_err(dd->dev, "no empty slot\n"); 739 739 + mutex_unlock(&aes_lock); 740 740 + return -ENOMEM; 741 741 + } 742 742 + ctx->slot = key_slot; 743 743 + } 744 744 + 745 745 + ctx->dd = dd; 746 746 + dd->ctx = ctx; 747 747 + dd->ctr = 0; 748 748 + 749 749 + ctx->keylen = AES_KEYSIZE_128; 750 750 + ctx->flags |= FLAGS_NEW_KEY; 751 751 + 752 752 + /* copy the key to the key slot */ 753 753 + memcpy(dd->ivkey_base, seed + DEFAULT_RNG_BLK_SZ, AES_KEYSIZE_128); 754 754 + memset(dd->ivkey_base + AES_KEYSIZE_128, 0, AES_HW_KEY_TABLE_LENGTH_BYTES - AES_KEYSIZE_128); 755 755 + 756 756 + dd->iv = seed; 757 757 + dd->ivlen = slen; 758 758 + 759 759 + dd->flags = FLAGS_ENCRYPT | FLAGS_RNG; 760 760 + 761 761 + ret = clk_enable(dd->aes_clk); 762 762 + if (ret) 763 763 + return ret; 764 764 + 765 765 + aes_set_key(dd); 766 766 + 767 767 + /* set seed to the aes hw slot */ 768 768 + memcpy(dd->buf_in, dd->iv, DEFAULT_RNG_BLK_SZ); 769 769 + ret = aes_start_crypt(dd, (u32)dd->dma_buf_in, 770 770 + dd->dma_buf_out, 1, FLAGS_CBC, false); 771 771 + if (ret < 0) { 772 772 + dev_err(dd->dev, "aes_start_crypt fail(%d)\n", ret); 773 773 + goto out; 774 774 + } 775 775 + 776 776 + if (dd->ivlen >= (2 * DEFAULT_RNG_BLK_SZ + AES_KEYSIZE_128)) { 777 777 + dt = dd->iv + DEFAULT_RNG_BLK_SZ + AES_KEYSIZE_128; 778 778 + } else { 779 779 + getnstimeofday(&ts); 780 780 + nsec = timespec_to_ns(&ts); 781 781 + do_div(nsec, 1000); 782 782 + nsec ^= dd->ctr << 56; 783 783 + dd->ctr++; 784 784 + tmp[0] = nsec; 785 785 + tmp[1] = tegra_chip_uid(); 786 786 + dt = (u8 *)tmp; 787 787 + } 788 788 + memcpy(dd->dt, dt, DEFAULT_RNG_BLK_SZ); 789 789 + 790 790 + out: 791 791 + clk_disable(dd->aes_clk); 792 792 + mutex_unlock(&aes_lock); 793 793 + 794 794 + dev_dbg(dd->dev, "%s: done\n", __func__); 795 795 + return ret; 796 796 + } 797 797 + 798 798 + static int tegra_aes_cra_init(struct crypto_tfm *tfm) 799 799 + { 800 800 + tfm->crt_ablkcipher.reqsize = sizeof(struct tegra_aes_reqctx); 801 801 + 802 802 + return 0; 803 803 + } 804 804 + 805 805 + void tegra_aes_cra_exit(struct crypto_tfm *tfm) 806 806 + { 807 807 + struct tegra_aes_ctx *ctx = 808 808 + crypto_ablkcipher_ctx((struct crypto_ablkcipher *)tfm); 809 809 + 810 810 + if (ctx && ctx->slot) 811 811 + aes_release_key_slot(ctx->slot); 812 812 + } 813 813 + 814 814 + static struct crypto_alg algs[] = { 815 815 + { 816 816 + .cra_name = "ecb(aes)", 817 817 + .cra_driver_name = "ecb-aes-tegra", 818 818 + .cra_priority = 300, 819 819 + .cra_flags = CRYPTO_ALG_TYPE_ABLKCIPHER | CRYPTO_ALG_ASYNC, 820 820 + .cra_blocksize = AES_BLOCK_SIZE, 821 821 + .cra_alignmask = 3, 822 822 + .cra_type = &crypto_ablkcipher_type, 823 823 + .cra_u.ablkcipher = { 824 824 + .min_keysize = AES_MIN_KEY_SIZE, 825 825 + .max_keysize = AES_MAX_KEY_SIZE, 826 826 + .setkey = tegra_aes_setkey, 827 827 + .encrypt = tegra_aes_ecb_encrypt, 828 828 + .decrypt = tegra_aes_ecb_decrypt, 829 829 + }, 830 830 + }, { 831 831 + .cra_name = "cbc(aes)", 832 832 + .cra_driver_name = "cbc-aes-tegra", 833 833 + .cra_priority = 300, 834 834 + .cra_flags = CRYPTO_ALG_TYPE_ABLKCIPHER | CRYPTO_ALG_ASYNC, 835 835 + .cra_blocksize = AES_BLOCK_SIZE, 836 836 + .cra_alignmask = 3, 837 837 + .cra_type = &crypto_ablkcipher_type, 838 838 + .cra_u.ablkcipher = { 839 839 + .min_keysize = AES_MIN_KEY_SIZE, 840 840 + .max_keysize = AES_MAX_KEY_SIZE, 841 841 + .ivsize = AES_MIN_KEY_SIZE, 842 842 + .setkey = tegra_aes_setkey, 843 843 + .encrypt = tegra_aes_cbc_encrypt, 844 844 + .decrypt = tegra_aes_cbc_decrypt, 845 845 + } 846 846 + }, { 847 847 + .cra_name = "ofb(aes)", 848 848 + .cra_driver_name = "ofb-aes-tegra", 849 849 + .cra_priority = 300, 850 850 + .cra_flags = CRYPTO_ALG_TYPE_ABLKCIPHER | CRYPTO_ALG_ASYNC, 851 851 + .cra_blocksize = AES_BLOCK_SIZE, 852 852 + .cra_alignmask = 3, 853 853 + .cra_type = &crypto_ablkcipher_type, 854 854 + .cra_u.ablkcipher = { 855 855 + .min_keysize = AES_MIN_KEY_SIZE, 856 856 + .max_keysize = AES_MAX_KEY_SIZE, 857 857 + .ivsize = AES_MIN_KEY_SIZE, 858 858 + .setkey = tegra_aes_setkey, 859 859 + .encrypt = tegra_aes_ofb_encrypt, 860 860 + .decrypt = tegra_aes_ofb_decrypt, 861 861 + } 862 862 + }, { 863 863 + .cra_name = "ansi_cprng", 864 864 + .cra_driver_name = "rng-aes-tegra", 865 865 + .cra_flags = CRYPTO_ALG_TYPE_RNG, 866 866 + .cra_ctxsize = sizeof(struct tegra_aes_ctx), 867 867 + .cra_type = &crypto_rng_type, 868 868 + .cra_u.rng = { 869 869 + .rng_make_random = tegra_aes_get_random, 870 870 + .rng_reset = tegra_aes_rng_reset, 871 871 + .seedsize = AES_KEYSIZE_128 + (2 * DEFAULT_RNG_BLK_SZ), 872 872 + } 873 873 + } 874 874 + }; 875 875 + 876 876 + static int tegra_aes_probe(struct platform_device *pdev) 877 877 + { 878 878 + struct device *dev = &pdev->dev; 879 879 + struct tegra_aes_dev *dd; 880 880 + struct resource *res; 881 881 + int err = -ENOMEM, i = 0, j; 882 882 + 883 883 + dd = devm_kzalloc(dev, sizeof(struct tegra_aes_dev), GFP_KERNEL); 884 884 + if (dd == NULL) { 885 885 + dev_err(dev, "unable to alloc data struct.\n"); 886 886 + return err; 887 887 + } 888 888 + 889 889 + dd->dev = dev; 890 890 + platform_set_drvdata(pdev, dd); 891 891 + 892 892 + dd->slots = devm_kzalloc(dev, sizeof(struct tegra_aes_slot) * 893 893 + AES_NR_KEYSLOTS, GFP_KERNEL); 894 894 + if (dd->slots == NULL) { 895 895 + dev_err(dev, "unable to alloc slot struct.\n"); 896 896 + goto out; 897 897 + } 898 898 + 899 899 + spin_lock_init(&dd->lock); 900 900 + crypto_init_queue(&dd->queue, TEGRA_AES_QUEUE_LENGTH); 901 901 + 902 902 + /* Get the module base address */ 903 903 + res = platform_get_resource(pdev, IORESOURCE_MEM, 0); 904 904 + if (!res) { 905 905 + dev_err(dev, "invalid resource type: base\n"); 906 906 + err = -ENODEV; 907 907 + goto out; 908 908 + } 909 909 + 910 910 + if (!devm_request_mem_region(&pdev->dev, res->start, 911 911 + resource_size(res), 912 912 + dev_name(&pdev->dev))) { 913 913 + dev_err(&pdev->dev, "Couldn't request MEM resource\n"); 914 914 + return -ENODEV; 915 915 + } 916 916 + 917 917 + dd->io_base = devm_ioremap(dev, res->start, resource_size(res)); 918 918 + if (!dd->io_base) { 919 919 + dev_err(dev, "can't ioremap register space\n"); 920 920 + err = -ENOMEM; 921 921 + goto out; 922 922 + } 923 923 + 924 924 + /* Initialize the vde clock */ 925 925 + dd->aes_clk = clk_get(dev, "vde"); 926 926 + if (IS_ERR(dd->aes_clk)) { 927 927 + dev_err(dev, "iclock intialization failed.\n"); 928 928 + err = -ENODEV; 929 929 + goto out; 930 930 + } 931 931 + 932 932 + err = clk_set_rate(dd->aes_clk, ULONG_MAX); 933 933 + if (err) { 934 934 + dev_err(dd->dev, "iclk set_rate fail(%d)\n", err); 935 935 + goto out; 936 936 + } 937 937 + 938 938 + /* 939 939 + * the foll contiguous memory is allocated as follows - 940 940 + * - hardware key table 941 941 + * - key schedule 942 942 + */ 943 943 + dd->ivkey_base = dma_alloc_coherent(dev, AES_HW_KEY_TABLE_LENGTH_BYTES, 944 944 + &dd->ivkey_phys_base, 945 945 + GFP_KERNEL); 946 946 + if (!dd->ivkey_base) { 947 947 + dev_err(dev, "can not allocate iv/key buffer\n"); 948 948 + err = -ENOMEM; 949 949 + goto out; 950 950 + } 951 951 + 952 952 + dd->buf_in = dma_alloc_coherent(dev, AES_HW_DMA_BUFFER_SIZE_BYTES, 953 953 + &dd->dma_buf_in, GFP_KERNEL); 954 954 + if (!dd->buf_in) { 955 955 + dev_err(dev, "can not allocate dma-in buffer\n"); 956 956 + err = -ENOMEM; 957 957 + goto out; 958 958 + } 959 959 + 960 960 + dd->buf_out = dma_alloc_coherent(dev, AES_HW_DMA_BUFFER_SIZE_BYTES, 961 961 + &dd->dma_buf_out, GFP_KERNEL); 962 962 + if (!dd->buf_out) { 963 963 + dev_err(dev, "can not allocate dma-out buffer\n"); 964 964 + err = -ENOMEM; 965 965 + goto out; 966 966 + } 967 967 + 968 968 + init_completion(&dd->op_complete); 969 969 + aes_wq = alloc_workqueue("tegra_aes_wq", WQ_HIGHPRI | WQ_UNBOUND, 1); 970 970 + if (!aes_wq) { 971 971 + dev_err(dev, "alloc_workqueue failed\n"); 972 972 + goto out; 973 973 + } 974 974 + 975 975 + /* get the irq */ 976 976 + res = platform_get_resource(pdev, IORESOURCE_IRQ, 0); 977 977 + if (!res) { 978 978 + dev_err(dev, "invalid resource type: base\n"); 979 979 + err = -ENODEV; 980 980 + goto out; 981 981 + } 982 982 + dd->irq = res->start; 983 983 + 984 984 + err = devm_request_irq(dev, dd->irq, aes_irq, IRQF_TRIGGER_HIGH | 985 985 + IRQF_SHARED, "tegra-aes", dd); 986 986 + if (err) { 987 987 + dev_err(dev, "request_irq failed\n"); 988 988 + goto out; 989 989 + } 990 990 + 991 991 + mutex_init(&aes_lock); 992 992 + INIT_LIST_HEAD(&dev_list); 993 993 + 994 994 + spin_lock_init(&list_lock); 995 995 + spin_lock(&list_lock); 996 996 + for (i = 0; i < AES_NR_KEYSLOTS; i++) { 997 997 + if (i == SSK_SLOT_NUM) 998 998 + continue; 999 999 + dd->slots[i].slot_num = i; 1000 1000 + INIT_LIST_HEAD(&dd->slots[i].node); 1001 1001 + list_add_tail(&dd->slots[i].node, &dev_list); 1002 1002 + } 1003 1003 + spin_unlock(&list_lock); 1004 1004 + 1005 1005 + aes_dev = dd; 1006 1006 + for (i = 0; i < ARRAY_SIZE(algs); i++) { 1007 1007 + INIT_LIST_HEAD(&algs[i].cra_list); 1008 1008 + 1009 1009 + algs[i].cra_priority = 300; 1010 1010 + algs[i].cra_ctxsize = sizeof(struct tegra_aes_ctx); 1011 1011 + algs[i].cra_module = THIS_MODULE; 1012 1012 + algs[i].cra_init = tegra_aes_cra_init; 1013 1013 + algs[i].cra_exit = tegra_aes_cra_exit; 1014 1014 + 1015 1015 + err = crypto_register_alg(&algs[i]); 1016 1016 + if (err) 1017 1017 + goto out; 1018 1018 + } 1019 1019 + 1020 1020 + dev_info(dev, "registered"); 1021 1021 + return 0; 1022 1022 + 1023 1023 + out: 1024 1024 + for (j = 0; j < i; j++) 1025 1025 + crypto_unregister_alg(&algs[j]); 1026 1026 + if (dd->ivkey_base) 1027 1027 + dma_free_coherent(dev, AES_HW_KEY_TABLE_LENGTH_BYTES, 1028 1028 + dd->ivkey_base, dd->ivkey_phys_base); 1029 1029 + if (dd->buf_in) 1030 1030 + dma_free_coherent(dev, AES_HW_DMA_BUFFER_SIZE_BYTES, 1031 1031 + dd->buf_in, dd->dma_buf_in); 1032 1032 + if (dd->buf_out) 1033 1033 + dma_free_coherent(dev, AES_HW_DMA_BUFFER_SIZE_BYTES, 1034 1034 + dd->buf_out, dd->dma_buf_out); 1035 1035 + if (IS_ERR(dd->aes_clk)) 1036 1036 + clk_put(dd->aes_clk); 1037 1037 + if (aes_wq) 1038 1038 + destroy_workqueue(aes_wq); 1039 1039 + spin_lock(&list_lock); 1040 1040 + list_del(&dev_list); 1041 1041 + spin_unlock(&list_lock); 1042 1042 + 1043 1043 + aes_dev = NULL; 1044 1044 + 1045 1045 + dev_err(dev, "%s: initialization failed.\n", __func__); 1046 1046 + return err; 1047 1047 + } 1048 1048 + 1049 1049 + static int __devexit tegra_aes_remove(struct platform_device *pdev) 1050 1050 + { 1051 1051 + struct device *dev = &pdev->dev; 1052 1052 + struct tegra_aes_dev *dd = platform_get_drvdata(pdev); 1053 1053 + int i; 1054 1054 + 1055 1055 + for (i = 0; i < ARRAY_SIZE(algs); i++) 1056 1056 + crypto_unregister_alg(&algs[i]); 1057 1057 + 1058 1058 + cancel_work_sync(&aes_work); 1059 1059 + destroy_workqueue(aes_wq); 1060 1060 + spin_lock(&list_lock); 1061 1061 + list_del(&dev_list); 1062 1062 + spin_unlock(&list_lock); 1063 1063 + 1064 1064 + dma_free_coherent(dev, AES_HW_KEY_TABLE_LENGTH_BYTES, 1065 1065 + dd->ivkey_base, dd->ivkey_phys_base); 1066 1066 + dma_free_coherent(dev, AES_HW_DMA_BUFFER_SIZE_BYTES, 1067 1067 + dd->buf_in, dd->dma_buf_in); 1068 1068 + dma_free_coherent(dev, AES_HW_DMA_BUFFER_SIZE_BYTES, 1069 1069 + dd->buf_out, dd->dma_buf_out); 1070 1070 + clk_put(dd->aes_clk); 1071 1071 + aes_dev = NULL; 1072 1072 + 1073 1073 + return 0; 1074 1074 + } 1075 1075 + 1076 1076 + static struct of_device_id tegra_aes_of_match[] __devinitdata = { 1077 1077 + { .compatible = "nvidia,tegra20-aes", }, 1078 1078 + { .compatible = "nvidia,tegra30-aes", }, 1079 1079 + { }, 1080 1080 + }; 1081 1081 + 1082 1082 + static struct platform_driver tegra_aes_driver = { 1083 1083 + .probe = tegra_aes_probe, 1084 1084 + .remove = __devexit_p(tegra_aes_remove), 1085 1085 + .driver = { 1086 1086 + .name = "tegra-aes", 1087 1087 + .owner = THIS_MODULE, 1088 1088 + .of_match_table = tegra_aes_of_match, 1089 1089 + }, 1090 1090 + }; 1091 1091 + 1092 1092 + module_platform_driver(tegra_aes_driver); 1093 1093 + 1094 1094 + MODULE_DESCRIPTION("Tegra AES/OFB/CPRNG hw acceleration support."); 1095 1095 + MODULE_AUTHOR("NVIDIA Corporation"); 1096 1096 + MODULE_LICENSE("GPL v2");

+103

drivers/crypto/tegra-aes.h

reviewed

··· 1 1 + /* 2 2 + * Copyright (c) 2010, NVIDIA Corporation. 3 3 + * 4 4 + * This program is free software; you can redistribute it and/or modify 5 5 + * it under the terms of the GNU General Public License as published by 6 6 + * the Free Software Foundation; either version 2 of the License, or 7 7 + * (at your option) any later version. 8 8 + * 9 9 + * This program is distributed in the hope that it will be useful, but WITHOUT 10 10 + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 11 11 + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for 12 12 + * more details. 13 13 + * 14 14 + * You should have received a copy of the GNU General Public License along 15 15 + * with this program; if not, write to the Free Software Foundation, Inc., 16 16 + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 17 17 + */ 18 18 + 19 19 + #ifndef __CRYPTODEV_TEGRA_AES_H 20 20 + #define __CRYPTODEV_TEGRA_AES_H 21 21 + 22 22 + #define TEGRA_AES_ICMDQUE_WR 0x1000 23 23 + #define TEGRA_AES_CMDQUE_CONTROL 0x1008 24 24 + #define TEGRA_AES_INTR_STATUS 0x1018 25 25 + #define TEGRA_AES_INT_ENB 0x1040 26 26 + #define TEGRA_AES_CONFIG 0x1044 27 27 + #define TEGRA_AES_IRAM_ACCESS_CFG 0x10A0 28 28 + #define TEGRA_AES_SECURE_DEST_ADDR 0x1100 29 29 + #define TEGRA_AES_SECURE_INPUT_SELECT 0x1104 30 30 + #define TEGRA_AES_SECURE_CONFIG 0x1108 31 31 + #define TEGRA_AES_SECURE_CONFIG_EXT 0x110C 32 32 + #define TEGRA_AES_SECURE_SECURITY 0x1110 33 33 + #define TEGRA_AES_SECURE_HASH_RESULT0 0x1120 34 34 + #define TEGRA_AES_SECURE_HASH_RESULT1 0x1124 35 35 + #define TEGRA_AES_SECURE_HASH_RESULT2 0x1128 36 36 + #define TEGRA_AES_SECURE_HASH_RESULT3 0x112C 37 37 + #define TEGRA_AES_SECURE_SEC_SEL0 0x1140 38 38 + #define TEGRA_AES_SECURE_SEC_SEL1 0x1144 39 39 + #define TEGRA_AES_SECURE_SEC_SEL2 0x1148 40 40 + #define TEGRA_AES_SECURE_SEC_SEL3 0x114C 41 41 + #define TEGRA_AES_SECURE_SEC_SEL4 0x1150 42 42 + #define TEGRA_AES_SECURE_SEC_SEL5 0x1154 43 43 + #define TEGRA_AES_SECURE_SEC_SEL6 0x1158 44 44 + #define TEGRA_AES_SECURE_SEC_SEL7 0x115C 45 45 + 46 46 + /* interrupt status reg masks and shifts */ 47 47 + #define TEGRA_AES_ENGINE_BUSY_FIELD BIT(0) 48 48 + #define TEGRA_AES_ICQ_EMPTY_FIELD BIT(3) 49 49 + #define TEGRA_AES_DMA_BUSY_FIELD BIT(23) 50 50 + 51 51 + /* secure select reg masks and shifts */ 52 52 + #define TEGRA_AES_SECURE_SEL0_KEYREAD_ENB0_FIELD BIT(0) 53 53 + 54 54 + /* secure config ext masks and shifts */ 55 55 + #define TEGRA_AES_SECURE_KEY_SCH_DIS_FIELD BIT(15) 56 56 + 57 57 + /* secure config masks and shifts */ 58 58 + #define TEGRA_AES_SECURE_KEY_INDEX_SHIFT 20 59 59 + #define TEGRA_AES_SECURE_KEY_INDEX_FIELD (0x1F << TEGRA_AES_SECURE_KEY_INDEX_SHIFT) 60 60 + #define TEGRA_AES_SECURE_BLOCK_CNT_SHIFT 0 61 61 + #define TEGRA_AES_SECURE_BLOCK_CNT_FIELD (0xFFFFF << TEGRA_AES_SECURE_BLOCK_CNT_SHIFT) 62 62 + 63 63 + /* stream interface select masks and shifts */ 64 64 + #define TEGRA_AES_CMDQ_CTRL_UCMDQEN_FIELD BIT(0) 65 65 + #define TEGRA_AES_CMDQ_CTRL_ICMDQEN_FIELD BIT(1) 66 66 + #define TEGRA_AES_CMDQ_CTRL_SRC_STM_SEL_FIELD BIT(4) 67 67 + #define TEGRA_AES_CMDQ_CTRL_DST_STM_SEL_FIELD BIT(5) 68 68 + 69 69 + /* config register masks and shifts */ 70 70 + #define TEGRA_AES_CONFIG_ENDIAN_ENB_FIELD BIT(10) 71 71 + #define TEGRA_AES_CONFIG_MODE_SEL_SHIFT 0 72 72 + #define TEGRA_AES_CONFIG_MODE_SEL_FIELD (0x1F << TEGRA_AES_CONFIG_MODE_SEL_SHIFT) 73 73 + 74 74 + /* extended config */ 75 75 + #define TEGRA_AES_SECURE_OFFSET_CNT_SHIFT 24 76 76 + #define TEGRA_AES_SECURE_OFFSET_CNT_FIELD (0xFF << TEGRA_AES_SECURE_OFFSET_CNT_SHIFT) 77 77 + #define TEGRA_AES_SECURE_KEYSCHED_GEN_FIELD BIT(15) 78 78 + 79 79 + /* init vector select */ 80 80 + #define TEGRA_AES_SECURE_IV_SELECT_SHIFT 10 81 81 + #define TEGRA_AES_SECURE_IV_SELECT_FIELD BIT(10) 82 82 + 83 83 + /* secure engine input */ 84 84 + #define TEGRA_AES_SECURE_INPUT_ALG_SEL_SHIFT 28 85 85 + #define TEGRA_AES_SECURE_INPUT_ALG_SEL_FIELD (0xF << TEGRA_AES_SECURE_INPUT_ALG_SEL_SHIFT) 86 86 + #define TEGRA_AES_SECURE_INPUT_KEY_LEN_SHIFT 16 87 87 + #define TEGRA_AES_SECURE_INPUT_KEY_LEN_FIELD (0xFFF << TEGRA_AES_SECURE_INPUT_KEY_LEN_SHIFT) 88 88 + #define TEGRA_AES_SECURE_RNG_ENB_FIELD BIT(11) 89 89 + #define TEGRA_AES_SECURE_CORE_SEL_SHIFT 9 90 90 + #define TEGRA_AES_SECURE_CORE_SEL_FIELD BIT(9) 91 91 + #define TEGRA_AES_SECURE_VCTRAM_SEL_SHIFT 7 92 92 + #define TEGRA_AES_SECURE_VCTRAM_SEL_FIELD (0x3 << TEGRA_AES_SECURE_VCTRAM_SEL_SHIFT) 93 93 + #define TEGRA_AES_SECURE_INPUT_SEL_SHIFT 5 94 94 + #define TEGRA_AES_SECURE_INPUT_SEL_FIELD (0x3 << TEGRA_AES_SECURE_INPUT_SEL_SHIFT) 95 95 + #define TEGRA_AES_SECURE_XOR_POS_SHIFT 3 96 96 + #define TEGRA_AES_SECURE_XOR_POS_FIELD (0x3 << TEGRA_AES_SECURE_XOR_POS_SHIFT) 97 97 + #define TEGRA_AES_SECURE_HASH_ENB_FIELD BIT(2) 98 98 + #define TEGRA_AES_SECURE_ON_THE_FLY_FIELD BIT(0) 99 99 + 100 100 + /* interrupt error mask */ 101 101 + #define TEGRA_AES_INT_ERROR_MASK 0xFFF000 102 102 + 103 103 + #endif

+7

include/linux/crypto.h

reviewed

··· 75 75 */ 76 76 #define CRYPTO_ALG_INSTANCE 0x00000800 77 77 78 78 + /* Set this bit if the algorithm provided is hardware accelerated but 79 79 + * not available to userspace via instruction set or so. 80 80 + */ 81 81 + #define CRYPTO_ALG_KERN_DRIVER_ONLY 0x00001000 82 82 + 78 83 /* 79 84 * Transform masks and values (for crt_flags). 80 85 */ ··· 314 309 */ 315 310 int crypto_register_alg(struct crypto_alg *alg); 316 311 int crypto_unregister_alg(struct crypto_alg *alg); 312 312 + int crypto_register_algs(struct crypto_alg *algs, int count); 313 313 + int crypto_unregister_algs(struct crypto_alg *algs, int count); 317 314 318 315 /* 319 316 * Algorithm query interface.

+2 -4

include/linux/padata.h

reviewed

··· 46 46 struct list_head list; 47 47 struct parallel_data *pd; 48 48 int cb_cpu; 49 49 - int seq_nr; 50 49 int info; 51 50 void (*parallel)(struct padata_priv *padata); 52 51 void (*serial)(struct padata_priv *padata); ··· 115 116 * @pinst: padata instance. 116 117 * @pqueue: percpu padata queues used for parallelization. 117 118 * @squeue: percpu padata queues used for serialuzation. 118 118 - * @seq_nr: The sequence number that will be attached to the next object. 119 119 * @reorder_objects: Number of objects waiting in the reorder queues. 120 120 * @refcnt: Number of objects holding a reference on this parallel_data. 121 121 * @max_seq_nr: Maximal used sequence number. ··· 127 129 struct padata_instance *pinst; 128 130 struct padata_parallel_queue __percpu *pqueue; 129 131 struct padata_serial_queue __percpu *squeue; 130 130 - atomic_t seq_nr; 131 132 atomic_t reorder_objects; 132 133 atomic_t refcnt; 133 133 - unsigned int max_seq_nr; 134 134 struct padata_cpumask cpumask; 135 135 spinlock_t lock ____cacheline_aligned; 136 136 + spinlock_t seq_lock; 137 137 + unsigned int seq_nr; 136 138 unsigned int processed; 137 139 struct timer_list timer; 138 140 };

+14 -30

kernel/padata.c

reviewed

··· 29 29 #include <linux/sysfs.h> 30 30 #include <linux/rcupdate.h> 31 31 32 32 - #define MAX_SEQ_NR (INT_MAX - NR_CPUS) 33 32 #define MAX_OBJ_NUM 1000 34 33 35 34 static int padata_index_to_cpu(struct parallel_data *pd, int cpu_index) ··· 42 43 return target_cpu; 43 44 } 44 45 45 45 - static int padata_cpu_hash(struct padata_priv *padata) 46 46 + static int padata_cpu_hash(struct parallel_data *pd) 46 47 { 47 48 int cpu_index; 48 48 - struct parallel_data *pd; 49 49 - 50 50 - pd = padata->pd; 51 49 52 50 /* 53 51 * Hash the sequence numbers to the cpus by taking 54 52 * seq_nr mod. number of cpus in use. 55 53 */ 56 56 - cpu_index = padata->seq_nr % cpumask_weight(pd->cpumask.pcpu); 54 54 + 55 55 + spin_lock(&pd->seq_lock); 56 56 + cpu_index = pd->seq_nr % cpumask_weight(pd->cpumask.pcpu); 57 57 + pd->seq_nr++; 58 58 + spin_unlock(&pd->seq_lock); 57 59 58 60 return padata_index_to_cpu(pd, cpu_index); 59 61 } ··· 132 132 padata->pd = pd; 133 133 padata->cb_cpu = cb_cpu; 134 134 135 135 - if (unlikely(atomic_read(&pd->seq_nr) == pd->max_seq_nr)) 136 136 - atomic_set(&pd->seq_nr, -1); 137 137 - 138 138 - padata->seq_nr = atomic_inc_return(&pd->seq_nr); 139 139 - 140 140 - target_cpu = padata_cpu_hash(padata); 135 135 + target_cpu = padata_cpu_hash(pd); 141 136 queue = per_cpu_ptr(pd->pqueue, target_cpu); 142 137 143 138 spin_lock(&queue->parallel.lock); ··· 168 173 static struct padata_priv *padata_get_next(struct parallel_data *pd) 169 174 { 170 175 int cpu, num_cpus; 171 171 - int next_nr, next_index; 176 176 + unsigned int next_nr, next_index; 172 177 struct padata_parallel_queue *queue, *next_queue; 173 178 struct padata_priv *padata; 174 179 struct padata_list *reorder; ··· 184 189 cpu = padata_index_to_cpu(pd, next_index); 185 190 next_queue = per_cpu_ptr(pd->pqueue, cpu); 186 191 187 187 - if (unlikely(next_nr > pd->max_seq_nr)) { 188 188 - next_nr = next_nr - pd->max_seq_nr - 1; 189 189 - next_index = next_nr % num_cpus; 190 190 - cpu = padata_index_to_cpu(pd, next_index); 191 191 - next_queue = per_cpu_ptr(pd->pqueue, cpu); 192 192 - pd->processed = 0; 193 193 - } 194 194 - 195 192 padata = NULL; 196 193 197 194 reorder = &next_queue->reorder; ··· 191 204 if (!list_empty(&reorder->list)) { 192 205 padata = list_entry(reorder->list.next, 193 206 struct padata_priv, list); 194 194 - 195 195 - BUG_ON(next_nr != padata->seq_nr); 196 207 197 208 spin_lock(&reorder->lock); 198 209 list_del_init(&padata->list); ··· 215 230 216 231 static void padata_reorder(struct parallel_data *pd) 217 232 { 233 233 + int cb_cpu; 218 234 struct padata_priv *padata; 219 235 struct padata_serial_queue *squeue; 220 236 struct padata_instance *pinst = pd->pinst; ··· 256 270 return; 257 271 } 258 272 259 259 - squeue = per_cpu_ptr(pd->squeue, padata->cb_cpu); 273 273 + cb_cpu = padata->cb_cpu; 274 274 + squeue = per_cpu_ptr(pd->squeue, cb_cpu); 260 275 261 276 spin_lock(&squeue->serial.lock); 262 277 list_add_tail(&padata->list, &squeue->serial.list); 263 278 spin_unlock(&squeue->serial.lock); 264 279 265 265 - queue_work_on(padata->cb_cpu, pinst->wq, &squeue->work); 280 280 + queue_work_on(cb_cpu, pinst->wq, &squeue->work); 266 281 } 267 282 268 283 spin_unlock_bh(&pd->lock); ··· 387 400 /* Initialize all percpu queues used by parallel workers */ 388 401 static void padata_init_pqueues(struct parallel_data *pd) 389 402 { 390 390 - int cpu_index, num_cpus, cpu; 403 403 + int cpu_index, cpu; 391 404 struct padata_parallel_queue *pqueue; 392 405 393 406 cpu_index = 0; ··· 402 415 INIT_WORK(&pqueue->work, padata_parallel_worker); 403 416 atomic_set(&pqueue->num_obj, 0); 404 417 } 405 405 - 406 406 - num_cpus = cpumask_weight(pd->cpumask.pcpu); 407 407 - pd->max_seq_nr = num_cpus ? (MAX_SEQ_NR / num_cpus) * num_cpus - 1 : 0; 408 418 } 409 419 410 420 /* Allocate and initialize the internal cpumask dependend resources. */ ··· 428 444 padata_init_pqueues(pd); 429 445 padata_init_squeues(pd); 430 446 setup_timer(&pd->timer, padata_reorder_timer, (unsigned long)pd); 431 431 - atomic_set(&pd->seq_nr, -1); 447 447 + pd->seq_nr = 0; 432 448 atomic_set(&pd->reorder_objects, 0); 433 449 atomic_set(&pd->refcnt, 0); 434 450 pd->pinst = pinst;