Commit 5b04fc170382195d7d33fd08e3ccc2ad8e50e782
Committed by
Herbert Xu
1 parent
0b767f9616
Exists in
master
and in
7 other branches
crypto: twofish: Rename twofish to twofish_generic and add an alias
This fixes the broken autoloading of the corresponding twofish assembler ciphers on x86 and x86_64 if they are available. The module name of the generic implementation was in conflict with the alias in the assembler modules. The generic twofish c implementation is renamed to twofish_generic according to the other algorithms with assembler implementations and an module alias is added for 'twofish'. You can now load 'twofish' giving you the best implementation by priority, 'twofish-generic' to get the c implementation or 'twofish-asm' to get the assembler version of cipher. Signed-off-by: Joachim Fritschi <jfritschi@freenet.de> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Showing 3 changed files with 216 additions and 215 deletions Side-by-side Diff
crypto/Makefile
... | ... | @@ -61,7 +61,7 @@ |
61 | 61 | obj-$(CONFIG_CRYPTO_DES) += des_generic.o |
62 | 62 | obj-$(CONFIG_CRYPTO_FCRYPT) += fcrypt.o |
63 | 63 | obj-$(CONFIG_CRYPTO_BLOWFISH) += blowfish.o |
64 | -obj-$(CONFIG_CRYPTO_TWOFISH) += twofish.o | |
64 | +obj-$(CONFIG_CRYPTO_TWOFISH) += twofish_generic.o | |
65 | 65 | obj-$(CONFIG_CRYPTO_TWOFISH_COMMON) += twofish_common.o |
66 | 66 | obj-$(CONFIG_CRYPTO_SERPENT) += serpent.o |
67 | 67 | obj-$(CONFIG_CRYPTO_AES) += aes_generic.o |
crypto/twofish.c
1 | -/* | |
2 | - * Twofish for CryptoAPI | |
3 | - * | |
4 | - * Originally Twofish for GPG | |
5 | - * By Matthew Skala <mskala@ansuz.sooke.bc.ca>, July 26, 1998 | |
6 | - * 256-bit key length added March 20, 1999 | |
7 | - * Some modifications to reduce the text size by Werner Koch, April, 1998 | |
8 | - * Ported to the kerneli patch by Marc Mutz <Marc@Mutz.com> | |
9 | - * Ported to CryptoAPI by Colin Slater <hoho@tacomeat.net> | |
10 | - * | |
11 | - * The original author has disclaimed all copyright interest in this | |
12 | - * code and thus put it in the public domain. The subsequent authors | |
13 | - * have put this under the GNU General Public License. | |
14 | - * | |
15 | - * This program is free software; you can redistribute it and/or modify | |
16 | - * it under the terms of the GNU General Public License as published by | |
17 | - * the Free Software Foundation; either version 2 of the License, or | |
18 | - * (at your option) any later version. | |
19 | - * | |
20 | - * This program is distributed in the hope that it will be useful, | |
21 | - * but WITHOUT ANY WARRANTY; without even the implied warranty of | |
22 | - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
23 | - * GNU General Public License for more details. | |
24 | - * | |
25 | - * You should have received a copy of the GNU General Public License | |
26 | - * along with this program; if not, write to the Free Software | |
27 | - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 | |
28 | - * USA | |
29 | - * | |
30 | - * This code is a "clean room" implementation, written from the paper | |
31 | - * _Twofish: A 128-Bit Block Cipher_ by Bruce Schneier, John Kelsey, | |
32 | - * Doug Whiting, David Wagner, Chris Hall, and Niels Ferguson, available | |
33 | - * through http://www.counterpane.com/twofish.html | |
34 | - * | |
35 | - * For background information on multiplication in finite fields, used for | |
36 | - * the matrix operations in the key schedule, see the book _Contemporary | |
37 | - * Abstract Algebra_ by Joseph A. Gallian, especially chapter 22 in the | |
38 | - * Third Edition. | |
39 | - */ | |
40 | - | |
41 | -#include <asm/byteorder.h> | |
42 | -#include <crypto/twofish.h> | |
43 | -#include <linux/module.h> | |
44 | -#include <linux/init.h> | |
45 | -#include <linux/types.h> | |
46 | -#include <linux/errno.h> | |
47 | -#include <linux/crypto.h> | |
48 | -#include <linux/bitops.h> | |
49 | - | |
50 | -/* Macros to compute the g() function in the encryption and decryption | |
51 | - * rounds. G1 is the straight g() function; G2 includes the 8-bit | |
52 | - * rotation for the high 32-bit word. */ | |
53 | - | |
54 | -#define G1(a) \ | |
55 | - (ctx->s[0][(a) & 0xFF]) ^ (ctx->s[1][((a) >> 8) & 0xFF]) \ | |
56 | - ^ (ctx->s[2][((a) >> 16) & 0xFF]) ^ (ctx->s[3][(a) >> 24]) | |
57 | - | |
58 | -#define G2(b) \ | |
59 | - (ctx->s[1][(b) & 0xFF]) ^ (ctx->s[2][((b) >> 8) & 0xFF]) \ | |
60 | - ^ (ctx->s[3][((b) >> 16) & 0xFF]) ^ (ctx->s[0][(b) >> 24]) | |
61 | - | |
62 | -/* Encryption and decryption Feistel rounds. Each one calls the two g() | |
63 | - * macros, does the PHT, and performs the XOR and the appropriate bit | |
64 | - * rotations. The parameters are the round number (used to select subkeys), | |
65 | - * and the four 32-bit chunks of the text. */ | |
66 | - | |
67 | -#define ENCROUND(n, a, b, c, d) \ | |
68 | - x = G1 (a); y = G2 (b); \ | |
69 | - x += y; y += x + ctx->k[2 * (n) + 1]; \ | |
70 | - (c) ^= x + ctx->k[2 * (n)]; \ | |
71 | - (c) = ror32((c), 1); \ | |
72 | - (d) = rol32((d), 1) ^ y | |
73 | - | |
74 | -#define DECROUND(n, a, b, c, d) \ | |
75 | - x = G1 (a); y = G2 (b); \ | |
76 | - x += y; y += x; \ | |
77 | - (d) ^= y + ctx->k[2 * (n) + 1]; \ | |
78 | - (d) = ror32((d), 1); \ | |
79 | - (c) = rol32((c), 1); \ | |
80 | - (c) ^= (x + ctx->k[2 * (n)]) | |
81 | - | |
82 | -/* Encryption and decryption cycles; each one is simply two Feistel rounds | |
83 | - * with the 32-bit chunks re-ordered to simulate the "swap" */ | |
84 | - | |
85 | -#define ENCCYCLE(n) \ | |
86 | - ENCROUND (2 * (n), a, b, c, d); \ | |
87 | - ENCROUND (2 * (n) + 1, c, d, a, b) | |
88 | - | |
89 | -#define DECCYCLE(n) \ | |
90 | - DECROUND (2 * (n) + 1, c, d, a, b); \ | |
91 | - DECROUND (2 * (n), a, b, c, d) | |
92 | - | |
93 | -/* Macros to convert the input and output bytes into 32-bit words, | |
94 | - * and simultaneously perform the whitening step. INPACK packs word | |
95 | - * number n into the variable named by x, using whitening subkey number m. | |
96 | - * OUTUNPACK unpacks word number n from the variable named by x, using | |
97 | - * whitening subkey number m. */ | |
98 | - | |
99 | -#define INPACK(n, x, m) \ | |
100 | - x = le32_to_cpu(src[n]) ^ ctx->w[m] | |
101 | - | |
102 | -#define OUTUNPACK(n, x, m) \ | |
103 | - x ^= ctx->w[m]; \ | |
104 | - dst[n] = cpu_to_le32(x) | |
105 | - | |
106 | - | |
107 | - | |
108 | -/* Encrypt one block. in and out may be the same. */ | |
109 | -static void twofish_encrypt(struct crypto_tfm *tfm, u8 *out, const u8 *in) | |
110 | -{ | |
111 | - struct twofish_ctx *ctx = crypto_tfm_ctx(tfm); | |
112 | - const __le32 *src = (const __le32 *)in; | |
113 | - __le32 *dst = (__le32 *)out; | |
114 | - | |
115 | - /* The four 32-bit chunks of the text. */ | |
116 | - u32 a, b, c, d; | |
117 | - | |
118 | - /* Temporaries used by the round function. */ | |
119 | - u32 x, y; | |
120 | - | |
121 | - /* Input whitening and packing. */ | |
122 | - INPACK (0, a, 0); | |
123 | - INPACK (1, b, 1); | |
124 | - INPACK (2, c, 2); | |
125 | - INPACK (3, d, 3); | |
126 | - | |
127 | - /* Encryption Feistel cycles. */ | |
128 | - ENCCYCLE (0); | |
129 | - ENCCYCLE (1); | |
130 | - ENCCYCLE (2); | |
131 | - ENCCYCLE (3); | |
132 | - ENCCYCLE (4); | |
133 | - ENCCYCLE (5); | |
134 | - ENCCYCLE (6); | |
135 | - ENCCYCLE (7); | |
136 | - | |
137 | - /* Output whitening and unpacking. */ | |
138 | - OUTUNPACK (0, c, 4); | |
139 | - OUTUNPACK (1, d, 5); | |
140 | - OUTUNPACK (2, a, 6); | |
141 | - OUTUNPACK (3, b, 7); | |
142 | - | |
143 | -} | |
144 | - | |
145 | -/* Decrypt one block. in and out may be the same. */ | |
146 | -static void twofish_decrypt(struct crypto_tfm *tfm, u8 *out, const u8 *in) | |
147 | -{ | |
148 | - struct twofish_ctx *ctx = crypto_tfm_ctx(tfm); | |
149 | - const __le32 *src = (const __le32 *)in; | |
150 | - __le32 *dst = (__le32 *)out; | |
151 | - | |
152 | - /* The four 32-bit chunks of the text. */ | |
153 | - u32 a, b, c, d; | |
154 | - | |
155 | - /* Temporaries used by the round function. */ | |
156 | - u32 x, y; | |
157 | - | |
158 | - /* Input whitening and packing. */ | |
159 | - INPACK (0, c, 4); | |
160 | - INPACK (1, d, 5); | |
161 | - INPACK (2, a, 6); | |
162 | - INPACK (3, b, 7); | |
163 | - | |
164 | - /* Encryption Feistel cycles. */ | |
165 | - DECCYCLE (7); | |
166 | - DECCYCLE (6); | |
167 | - DECCYCLE (5); | |
168 | - DECCYCLE (4); | |
169 | - DECCYCLE (3); | |
170 | - DECCYCLE (2); | |
171 | - DECCYCLE (1); | |
172 | - DECCYCLE (0); | |
173 | - | |
174 | - /* Output whitening and unpacking. */ | |
175 | - OUTUNPACK (0, a, 0); | |
176 | - OUTUNPACK (1, b, 1); | |
177 | - OUTUNPACK (2, c, 2); | |
178 | - OUTUNPACK (3, d, 3); | |
179 | - | |
180 | -} | |
181 | - | |
182 | -static struct crypto_alg alg = { | |
183 | - .cra_name = "twofish", | |
184 | - .cra_driver_name = "twofish-generic", | |
185 | - .cra_priority = 100, | |
186 | - .cra_flags = CRYPTO_ALG_TYPE_CIPHER, | |
187 | - .cra_blocksize = TF_BLOCK_SIZE, | |
188 | - .cra_ctxsize = sizeof(struct twofish_ctx), | |
189 | - .cra_alignmask = 3, | |
190 | - .cra_module = THIS_MODULE, | |
191 | - .cra_list = LIST_HEAD_INIT(alg.cra_list), | |
192 | - .cra_u = { .cipher = { | |
193 | - .cia_min_keysize = TF_MIN_KEY_SIZE, | |
194 | - .cia_max_keysize = TF_MAX_KEY_SIZE, | |
195 | - .cia_setkey = twofish_setkey, | |
196 | - .cia_encrypt = twofish_encrypt, | |
197 | - .cia_decrypt = twofish_decrypt } } | |
198 | -}; | |
199 | - | |
200 | -static int __init twofish_mod_init(void) | |
201 | -{ | |
202 | - return crypto_register_alg(&alg); | |
203 | -} | |
204 | - | |
205 | -static void __exit twofish_mod_fini(void) | |
206 | -{ | |
207 | - crypto_unregister_alg(&alg); | |
208 | -} | |
209 | - | |
210 | -module_init(twofish_mod_init); | |
211 | -module_exit(twofish_mod_fini); | |
212 | - | |
213 | -MODULE_LICENSE("GPL"); | |
214 | -MODULE_DESCRIPTION ("Twofish Cipher Algorithm"); |
crypto/twofish_generic.c
1 | +/* | |
2 | + * Twofish for CryptoAPI | |
3 | + * | |
4 | + * Originally Twofish for GPG | |
5 | + * By Matthew Skala <mskala@ansuz.sooke.bc.ca>, July 26, 1998 | |
6 | + * 256-bit key length added March 20, 1999 | |
7 | + * Some modifications to reduce the text size by Werner Koch, April, 1998 | |
8 | + * Ported to the kerneli patch by Marc Mutz <Marc@Mutz.com> | |
9 | + * Ported to CryptoAPI by Colin Slater <hoho@tacomeat.net> | |
10 | + * | |
11 | + * The original author has disclaimed all copyright interest in this | |
12 | + * code and thus put it in the public domain. The subsequent authors | |
13 | + * have put this under the GNU General Public License. | |
14 | + * | |
15 | + * This program is free software; you can redistribute it and/or modify | |
16 | + * it under the terms of the GNU General Public License as published by | |
17 | + * the Free Software Foundation; either version 2 of the License, or | |
18 | + * (at your option) any later version. | |
19 | + * | |
20 | + * This program is distributed in the hope that it will be useful, | |
21 | + * but WITHOUT ANY WARRANTY; without even the implied warranty of | |
22 | + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
23 | + * GNU General Public License for more details. | |
24 | + * | |
25 | + * You should have received a copy of the GNU General Public License | |
26 | + * along with this program; if not, write to the Free Software | |
27 | + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 | |
28 | + * USA | |
29 | + * | |
30 | + * This code is a "clean room" implementation, written from the paper | |
31 | + * _Twofish: A 128-Bit Block Cipher_ by Bruce Schneier, John Kelsey, | |
32 | + * Doug Whiting, David Wagner, Chris Hall, and Niels Ferguson, available | |
33 | + * through http://www.counterpane.com/twofish.html | |
34 | + * | |
35 | + * For background information on multiplication in finite fields, used for | |
36 | + * the matrix operations in the key schedule, see the book _Contemporary | |
37 | + * Abstract Algebra_ by Joseph A. Gallian, especially chapter 22 in the | |
38 | + * Third Edition. | |
39 | + */ | |
40 | + | |
41 | +#include <asm/byteorder.h> | |
42 | +#include <crypto/twofish.h> | |
43 | +#include <linux/module.h> | |
44 | +#include <linux/init.h> | |
45 | +#include <linux/types.h> | |
46 | +#include <linux/errno.h> | |
47 | +#include <linux/crypto.h> | |
48 | +#include <linux/bitops.h> | |
49 | + | |
50 | +/* Macros to compute the g() function in the encryption and decryption | |
51 | + * rounds. G1 is the straight g() function; G2 includes the 8-bit | |
52 | + * rotation for the high 32-bit word. */ | |
53 | + | |
54 | +#define G1(a) \ | |
55 | + (ctx->s[0][(a) & 0xFF]) ^ (ctx->s[1][((a) >> 8) & 0xFF]) \ | |
56 | + ^ (ctx->s[2][((a) >> 16) & 0xFF]) ^ (ctx->s[3][(a) >> 24]) | |
57 | + | |
58 | +#define G2(b) \ | |
59 | + (ctx->s[1][(b) & 0xFF]) ^ (ctx->s[2][((b) >> 8) & 0xFF]) \ | |
60 | + ^ (ctx->s[3][((b) >> 16) & 0xFF]) ^ (ctx->s[0][(b) >> 24]) | |
61 | + | |
62 | +/* Encryption and decryption Feistel rounds. Each one calls the two g() | |
63 | + * macros, does the PHT, and performs the XOR and the appropriate bit | |
64 | + * rotations. The parameters are the round number (used to select subkeys), | |
65 | + * and the four 32-bit chunks of the text. */ | |
66 | + | |
67 | +#define ENCROUND(n, a, b, c, d) \ | |
68 | + x = G1 (a); y = G2 (b); \ | |
69 | + x += y; y += x + ctx->k[2 * (n) + 1]; \ | |
70 | + (c) ^= x + ctx->k[2 * (n)]; \ | |
71 | + (c) = ror32((c), 1); \ | |
72 | + (d) = rol32((d), 1) ^ y | |
73 | + | |
74 | +#define DECROUND(n, a, b, c, d) \ | |
75 | + x = G1 (a); y = G2 (b); \ | |
76 | + x += y; y += x; \ | |
77 | + (d) ^= y + ctx->k[2 * (n) + 1]; \ | |
78 | + (d) = ror32((d), 1); \ | |
79 | + (c) = rol32((c), 1); \ | |
80 | + (c) ^= (x + ctx->k[2 * (n)]) | |
81 | + | |
82 | +/* Encryption and decryption cycles; each one is simply two Feistel rounds | |
83 | + * with the 32-bit chunks re-ordered to simulate the "swap" */ | |
84 | + | |
85 | +#define ENCCYCLE(n) \ | |
86 | + ENCROUND (2 * (n), a, b, c, d); \ | |
87 | + ENCROUND (2 * (n) + 1, c, d, a, b) | |
88 | + | |
89 | +#define DECCYCLE(n) \ | |
90 | + DECROUND (2 * (n) + 1, c, d, a, b); \ | |
91 | + DECROUND (2 * (n), a, b, c, d) | |
92 | + | |
93 | +/* Macros to convert the input and output bytes into 32-bit words, | |
94 | + * and simultaneously perform the whitening step. INPACK packs word | |
95 | + * number n into the variable named by x, using whitening subkey number m. | |
96 | + * OUTUNPACK unpacks word number n from the variable named by x, using | |
97 | + * whitening subkey number m. */ | |
98 | + | |
99 | +#define INPACK(n, x, m) \ | |
100 | + x = le32_to_cpu(src[n]) ^ ctx->w[m] | |
101 | + | |
102 | +#define OUTUNPACK(n, x, m) \ | |
103 | + x ^= ctx->w[m]; \ | |
104 | + dst[n] = cpu_to_le32(x) | |
105 | + | |
106 | + | |
107 | + | |
108 | +/* Encrypt one block. in and out may be the same. */ | |
109 | +static void twofish_encrypt(struct crypto_tfm *tfm, u8 *out, const u8 *in) | |
110 | +{ | |
111 | + struct twofish_ctx *ctx = crypto_tfm_ctx(tfm); | |
112 | + const __le32 *src = (const __le32 *)in; | |
113 | + __le32 *dst = (__le32 *)out; | |
114 | + | |
115 | + /* The four 32-bit chunks of the text. */ | |
116 | + u32 a, b, c, d; | |
117 | + | |
118 | + /* Temporaries used by the round function. */ | |
119 | + u32 x, y; | |
120 | + | |
121 | + /* Input whitening and packing. */ | |
122 | + INPACK (0, a, 0); | |
123 | + INPACK (1, b, 1); | |
124 | + INPACK (2, c, 2); | |
125 | + INPACK (3, d, 3); | |
126 | + | |
127 | + /* Encryption Feistel cycles. */ | |
128 | + ENCCYCLE (0); | |
129 | + ENCCYCLE (1); | |
130 | + ENCCYCLE (2); | |
131 | + ENCCYCLE (3); | |
132 | + ENCCYCLE (4); | |
133 | + ENCCYCLE (5); | |
134 | + ENCCYCLE (6); | |
135 | + ENCCYCLE (7); | |
136 | + | |
137 | + /* Output whitening and unpacking. */ | |
138 | + OUTUNPACK (0, c, 4); | |
139 | + OUTUNPACK (1, d, 5); | |
140 | + OUTUNPACK (2, a, 6); | |
141 | + OUTUNPACK (3, b, 7); | |
142 | + | |
143 | +} | |
144 | + | |
145 | +/* Decrypt one block. in and out may be the same. */ | |
146 | +static void twofish_decrypt(struct crypto_tfm *tfm, u8 *out, const u8 *in) | |
147 | +{ | |
148 | + struct twofish_ctx *ctx = crypto_tfm_ctx(tfm); | |
149 | + const __le32 *src = (const __le32 *)in; | |
150 | + __le32 *dst = (__le32 *)out; | |
151 | + | |
152 | + /* The four 32-bit chunks of the text. */ | |
153 | + u32 a, b, c, d; | |
154 | + | |
155 | + /* Temporaries used by the round function. */ | |
156 | + u32 x, y; | |
157 | + | |
158 | + /* Input whitening and packing. */ | |
159 | + INPACK (0, c, 4); | |
160 | + INPACK (1, d, 5); | |
161 | + INPACK (2, a, 6); | |
162 | + INPACK (3, b, 7); | |
163 | + | |
164 | + /* Encryption Feistel cycles. */ | |
165 | + DECCYCLE (7); | |
166 | + DECCYCLE (6); | |
167 | + DECCYCLE (5); | |
168 | + DECCYCLE (4); | |
169 | + DECCYCLE (3); | |
170 | + DECCYCLE (2); | |
171 | + DECCYCLE (1); | |
172 | + DECCYCLE (0); | |
173 | + | |
174 | + /* Output whitening and unpacking. */ | |
175 | + OUTUNPACK (0, a, 0); | |
176 | + OUTUNPACK (1, b, 1); | |
177 | + OUTUNPACK (2, c, 2); | |
178 | + OUTUNPACK (3, d, 3); | |
179 | + | |
180 | +} | |
181 | + | |
182 | +static struct crypto_alg alg = { | |
183 | + .cra_name = "twofish", | |
184 | + .cra_driver_name = "twofish-generic", | |
185 | + .cra_priority = 100, | |
186 | + .cra_flags = CRYPTO_ALG_TYPE_CIPHER, | |
187 | + .cra_blocksize = TF_BLOCK_SIZE, | |
188 | + .cra_ctxsize = sizeof(struct twofish_ctx), | |
189 | + .cra_alignmask = 3, | |
190 | + .cra_module = THIS_MODULE, | |
191 | + .cra_list = LIST_HEAD_INIT(alg.cra_list), | |
192 | + .cra_u = { .cipher = { | |
193 | + .cia_min_keysize = TF_MIN_KEY_SIZE, | |
194 | + .cia_max_keysize = TF_MAX_KEY_SIZE, | |
195 | + .cia_setkey = twofish_setkey, | |
196 | + .cia_encrypt = twofish_encrypt, | |
197 | + .cia_decrypt = twofish_decrypt } } | |
198 | +}; | |
199 | + | |
200 | +static int __init twofish_mod_init(void) | |
201 | +{ | |
202 | + return crypto_register_alg(&alg); | |
203 | +} | |
204 | + | |
205 | +static void __exit twofish_mod_fini(void) | |
206 | +{ | |
207 | + crypto_unregister_alg(&alg); | |
208 | +} | |
209 | + | |
210 | +module_init(twofish_mod_init); | |
211 | +module_exit(twofish_mod_fini); | |
212 | + | |
213 | +MODULE_LICENSE("GPL"); | |
214 | +MODULE_DESCRIPTION ("Twofish Cipher Algorithm"); | |
215 | +MODULE_ALIAS("twofish"); |