Commit 3b8efb4c4147094652570d7791a516d07b7df8c2
1 parent
d8a5e2e9f4
Exists in
master
and in
4 other branches
crypto: rmd320 - Switch to shash
This patch changes rmd320 to the new shash interface. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Showing 2 changed files with 33 additions and 30 deletions Inline Diff
crypto/Kconfig
1 | # | 1 | # |
2 | # Generic algorithms support | 2 | # Generic algorithms support |
3 | # | 3 | # |
4 | config XOR_BLOCKS | 4 | config XOR_BLOCKS |
5 | tristate | 5 | tristate |
6 | 6 | ||
7 | # | 7 | # |
8 | # async_tx api: hardware offloaded memory transfer/transform support | 8 | # async_tx api: hardware offloaded memory transfer/transform support |
9 | # | 9 | # |
10 | source "crypto/async_tx/Kconfig" | 10 | source "crypto/async_tx/Kconfig" |
11 | 11 | ||
12 | # | 12 | # |
13 | # Cryptographic API Configuration | 13 | # Cryptographic API Configuration |
14 | # | 14 | # |
15 | menuconfig CRYPTO | 15 | menuconfig CRYPTO |
16 | tristate "Cryptographic API" | 16 | tristate "Cryptographic API" |
17 | help | 17 | help |
18 | This option provides the core Cryptographic API. | 18 | This option provides the core Cryptographic API. |
19 | 19 | ||
20 | if CRYPTO | 20 | if CRYPTO |
21 | 21 | ||
22 | comment "Crypto core or helper" | 22 | comment "Crypto core or helper" |
23 | 23 | ||
24 | config CRYPTO_FIPS | 24 | config CRYPTO_FIPS |
25 | bool "FIPS 200 compliance" | 25 | bool "FIPS 200 compliance" |
26 | help | 26 | help |
27 | This options enables the fips boot option which is | 27 | This options enables the fips boot option which is |
28 | required if you want to system to operate in a FIPS 200 | 28 | required if you want to system to operate in a FIPS 200 |
29 | certification. You should say no unless you know what | 29 | certification. You should say no unless you know what |
30 | this is. | 30 | this is. |
31 | 31 | ||
32 | config CRYPTO_ALGAPI | 32 | config CRYPTO_ALGAPI |
33 | tristate | 33 | tristate |
34 | select CRYPTO_ALGAPI2 | 34 | select CRYPTO_ALGAPI2 |
35 | help | 35 | help |
36 | This option provides the API for cryptographic algorithms. | 36 | This option provides the API for cryptographic algorithms. |
37 | 37 | ||
38 | config CRYPTO_ALGAPI2 | 38 | config CRYPTO_ALGAPI2 |
39 | tristate | 39 | tristate |
40 | 40 | ||
41 | config CRYPTO_AEAD | 41 | config CRYPTO_AEAD |
42 | tristate | 42 | tristate |
43 | select CRYPTO_AEAD2 | 43 | select CRYPTO_AEAD2 |
44 | select CRYPTO_ALGAPI | 44 | select CRYPTO_ALGAPI |
45 | 45 | ||
46 | config CRYPTO_AEAD2 | 46 | config CRYPTO_AEAD2 |
47 | tristate | 47 | tristate |
48 | select CRYPTO_ALGAPI2 | 48 | select CRYPTO_ALGAPI2 |
49 | 49 | ||
50 | config CRYPTO_BLKCIPHER | 50 | config CRYPTO_BLKCIPHER |
51 | tristate | 51 | tristate |
52 | select CRYPTO_BLKCIPHER2 | 52 | select CRYPTO_BLKCIPHER2 |
53 | select CRYPTO_ALGAPI | 53 | select CRYPTO_ALGAPI |
54 | 54 | ||
55 | config CRYPTO_BLKCIPHER2 | 55 | config CRYPTO_BLKCIPHER2 |
56 | tristate | 56 | tristate |
57 | select CRYPTO_ALGAPI2 | 57 | select CRYPTO_ALGAPI2 |
58 | select CRYPTO_RNG2 | 58 | select CRYPTO_RNG2 |
59 | 59 | ||
60 | config CRYPTO_HASH | 60 | config CRYPTO_HASH |
61 | tristate | 61 | tristate |
62 | select CRYPTO_HASH2 | 62 | select CRYPTO_HASH2 |
63 | select CRYPTO_ALGAPI | 63 | select CRYPTO_ALGAPI |
64 | 64 | ||
65 | config CRYPTO_HASH2 | 65 | config CRYPTO_HASH2 |
66 | tristate | 66 | tristate |
67 | select CRYPTO_ALGAPI2 | 67 | select CRYPTO_ALGAPI2 |
68 | 68 | ||
69 | config CRYPTO_RNG | 69 | config CRYPTO_RNG |
70 | tristate | 70 | tristate |
71 | select CRYPTO_RNG2 | 71 | select CRYPTO_RNG2 |
72 | select CRYPTO_ALGAPI | 72 | select CRYPTO_ALGAPI |
73 | 73 | ||
74 | config CRYPTO_RNG2 | 74 | config CRYPTO_RNG2 |
75 | tristate | 75 | tristate |
76 | select CRYPTO_ALGAPI2 | 76 | select CRYPTO_ALGAPI2 |
77 | 77 | ||
78 | config CRYPTO_MANAGER | 78 | config CRYPTO_MANAGER |
79 | tristate "Cryptographic algorithm manager" | 79 | tristate "Cryptographic algorithm manager" |
80 | select CRYPTO_MANAGER2 | 80 | select CRYPTO_MANAGER2 |
81 | help | 81 | help |
82 | Create default cryptographic template instantiations such as | 82 | Create default cryptographic template instantiations such as |
83 | cbc(aes). | 83 | cbc(aes). |
84 | 84 | ||
85 | config CRYPTO_MANAGER2 | 85 | config CRYPTO_MANAGER2 |
86 | def_tristate CRYPTO_MANAGER || (CRYPTO_MANAGER!=n && CRYPTO_ALGAPI=y) | 86 | def_tristate CRYPTO_MANAGER || (CRYPTO_MANAGER!=n && CRYPTO_ALGAPI=y) |
87 | select CRYPTO_AEAD2 | 87 | select CRYPTO_AEAD2 |
88 | select CRYPTO_HASH2 | 88 | select CRYPTO_HASH2 |
89 | select CRYPTO_BLKCIPHER2 | 89 | select CRYPTO_BLKCIPHER2 |
90 | 90 | ||
91 | config CRYPTO_GF128MUL | 91 | config CRYPTO_GF128MUL |
92 | tristate "GF(2^128) multiplication functions (EXPERIMENTAL)" | 92 | tristate "GF(2^128) multiplication functions (EXPERIMENTAL)" |
93 | depends on EXPERIMENTAL | 93 | depends on EXPERIMENTAL |
94 | help | 94 | help |
95 | Efficient table driven implementation of multiplications in the | 95 | Efficient table driven implementation of multiplications in the |
96 | field GF(2^128). This is needed by some cypher modes. This | 96 | field GF(2^128). This is needed by some cypher modes. This |
97 | option will be selected automatically if you select such a | 97 | option will be selected automatically if you select such a |
98 | cipher mode. Only select this option by hand if you expect to load | 98 | cipher mode. Only select this option by hand if you expect to load |
99 | an external module that requires these functions. | 99 | an external module that requires these functions. |
100 | 100 | ||
101 | config CRYPTO_NULL | 101 | config CRYPTO_NULL |
102 | tristate "Null algorithms" | 102 | tristate "Null algorithms" |
103 | select CRYPTO_ALGAPI | 103 | select CRYPTO_ALGAPI |
104 | select CRYPTO_BLKCIPHER | 104 | select CRYPTO_BLKCIPHER |
105 | select CRYPTO_HASH | 105 | select CRYPTO_HASH |
106 | help | 106 | help |
107 | These are 'Null' algorithms, used by IPsec, which do nothing. | 107 | These are 'Null' algorithms, used by IPsec, which do nothing. |
108 | 108 | ||
109 | config CRYPTO_CRYPTD | 109 | config CRYPTO_CRYPTD |
110 | tristate "Software async crypto daemon" | 110 | tristate "Software async crypto daemon" |
111 | select CRYPTO_BLKCIPHER | 111 | select CRYPTO_BLKCIPHER |
112 | select CRYPTO_HASH | 112 | select CRYPTO_HASH |
113 | select CRYPTO_MANAGER | 113 | select CRYPTO_MANAGER |
114 | help | 114 | help |
115 | This is a generic software asynchronous crypto daemon that | 115 | This is a generic software asynchronous crypto daemon that |
116 | converts an arbitrary synchronous software crypto algorithm | 116 | converts an arbitrary synchronous software crypto algorithm |
117 | into an asynchronous algorithm that executes in a kernel thread. | 117 | into an asynchronous algorithm that executes in a kernel thread. |
118 | 118 | ||
119 | config CRYPTO_AUTHENC | 119 | config CRYPTO_AUTHENC |
120 | tristate "Authenc support" | 120 | tristate "Authenc support" |
121 | select CRYPTO_AEAD | 121 | select CRYPTO_AEAD |
122 | select CRYPTO_BLKCIPHER | 122 | select CRYPTO_BLKCIPHER |
123 | select CRYPTO_MANAGER | 123 | select CRYPTO_MANAGER |
124 | select CRYPTO_HASH | 124 | select CRYPTO_HASH |
125 | help | 125 | help |
126 | Authenc: Combined mode wrapper for IPsec. | 126 | Authenc: Combined mode wrapper for IPsec. |
127 | This is required for IPSec. | 127 | This is required for IPSec. |
128 | 128 | ||
129 | config CRYPTO_TEST | 129 | config CRYPTO_TEST |
130 | tristate "Testing module" | 130 | tristate "Testing module" |
131 | depends on m | 131 | depends on m |
132 | select CRYPTO_MANAGER | 132 | select CRYPTO_MANAGER |
133 | help | 133 | help |
134 | Quick & dirty crypto test module. | 134 | Quick & dirty crypto test module. |
135 | 135 | ||
136 | comment "Authenticated Encryption with Associated Data" | 136 | comment "Authenticated Encryption with Associated Data" |
137 | 137 | ||
138 | config CRYPTO_CCM | 138 | config CRYPTO_CCM |
139 | tristate "CCM support" | 139 | tristate "CCM support" |
140 | select CRYPTO_CTR | 140 | select CRYPTO_CTR |
141 | select CRYPTO_AEAD | 141 | select CRYPTO_AEAD |
142 | help | 142 | help |
143 | Support for Counter with CBC MAC. Required for IPsec. | 143 | Support for Counter with CBC MAC. Required for IPsec. |
144 | 144 | ||
145 | config CRYPTO_GCM | 145 | config CRYPTO_GCM |
146 | tristate "GCM/GMAC support" | 146 | tristate "GCM/GMAC support" |
147 | select CRYPTO_CTR | 147 | select CRYPTO_CTR |
148 | select CRYPTO_AEAD | 148 | select CRYPTO_AEAD |
149 | select CRYPTO_GF128MUL | 149 | select CRYPTO_GF128MUL |
150 | help | 150 | help |
151 | Support for Galois/Counter Mode (GCM) and Galois Message | 151 | Support for Galois/Counter Mode (GCM) and Galois Message |
152 | Authentication Code (GMAC). Required for IPSec. | 152 | Authentication Code (GMAC). Required for IPSec. |
153 | 153 | ||
154 | config CRYPTO_SEQIV | 154 | config CRYPTO_SEQIV |
155 | tristate "Sequence Number IV Generator" | 155 | tristate "Sequence Number IV Generator" |
156 | select CRYPTO_AEAD | 156 | select CRYPTO_AEAD |
157 | select CRYPTO_BLKCIPHER | 157 | select CRYPTO_BLKCIPHER |
158 | select CRYPTO_RNG | 158 | select CRYPTO_RNG |
159 | help | 159 | help |
160 | This IV generator generates an IV based on a sequence number by | 160 | This IV generator generates an IV based on a sequence number by |
161 | xoring it with a salt. This algorithm is mainly useful for CTR | 161 | xoring it with a salt. This algorithm is mainly useful for CTR |
162 | 162 | ||
163 | comment "Block modes" | 163 | comment "Block modes" |
164 | 164 | ||
165 | config CRYPTO_CBC | 165 | config CRYPTO_CBC |
166 | tristate "CBC support" | 166 | tristate "CBC support" |
167 | select CRYPTO_BLKCIPHER | 167 | select CRYPTO_BLKCIPHER |
168 | select CRYPTO_MANAGER | 168 | select CRYPTO_MANAGER |
169 | help | 169 | help |
170 | CBC: Cipher Block Chaining mode | 170 | CBC: Cipher Block Chaining mode |
171 | This block cipher algorithm is required for IPSec. | 171 | This block cipher algorithm is required for IPSec. |
172 | 172 | ||
173 | config CRYPTO_CTR | 173 | config CRYPTO_CTR |
174 | tristate "CTR support" | 174 | tristate "CTR support" |
175 | select CRYPTO_BLKCIPHER | 175 | select CRYPTO_BLKCIPHER |
176 | select CRYPTO_SEQIV | 176 | select CRYPTO_SEQIV |
177 | select CRYPTO_MANAGER | 177 | select CRYPTO_MANAGER |
178 | help | 178 | help |
179 | CTR: Counter mode | 179 | CTR: Counter mode |
180 | This block cipher algorithm is required for IPSec. | 180 | This block cipher algorithm is required for IPSec. |
181 | 181 | ||
182 | config CRYPTO_CTS | 182 | config CRYPTO_CTS |
183 | tristate "CTS support" | 183 | tristate "CTS support" |
184 | select CRYPTO_BLKCIPHER | 184 | select CRYPTO_BLKCIPHER |
185 | help | 185 | help |
186 | CTS: Cipher Text Stealing | 186 | CTS: Cipher Text Stealing |
187 | This is the Cipher Text Stealing mode as described by | 187 | This is the Cipher Text Stealing mode as described by |
188 | Section 8 of rfc2040 and referenced by rfc3962. | 188 | Section 8 of rfc2040 and referenced by rfc3962. |
189 | (rfc3962 includes errata information in its Appendix A) | 189 | (rfc3962 includes errata information in its Appendix A) |
190 | This mode is required for Kerberos gss mechanism support | 190 | This mode is required for Kerberos gss mechanism support |
191 | for AES encryption. | 191 | for AES encryption. |
192 | 192 | ||
193 | config CRYPTO_ECB | 193 | config CRYPTO_ECB |
194 | tristate "ECB support" | 194 | tristate "ECB support" |
195 | select CRYPTO_BLKCIPHER | 195 | select CRYPTO_BLKCIPHER |
196 | select CRYPTO_MANAGER | 196 | select CRYPTO_MANAGER |
197 | help | 197 | help |
198 | ECB: Electronic CodeBook mode | 198 | ECB: Electronic CodeBook mode |
199 | This is the simplest block cipher algorithm. It simply encrypts | 199 | This is the simplest block cipher algorithm. It simply encrypts |
200 | the input block by block. | 200 | the input block by block. |
201 | 201 | ||
202 | config CRYPTO_LRW | 202 | config CRYPTO_LRW |
203 | tristate "LRW support (EXPERIMENTAL)" | 203 | tristate "LRW support (EXPERIMENTAL)" |
204 | depends on EXPERIMENTAL | 204 | depends on EXPERIMENTAL |
205 | select CRYPTO_BLKCIPHER | 205 | select CRYPTO_BLKCIPHER |
206 | select CRYPTO_MANAGER | 206 | select CRYPTO_MANAGER |
207 | select CRYPTO_GF128MUL | 207 | select CRYPTO_GF128MUL |
208 | help | 208 | help |
209 | LRW: Liskov Rivest Wagner, a tweakable, non malleable, non movable | 209 | LRW: Liskov Rivest Wagner, a tweakable, non malleable, non movable |
210 | narrow block cipher mode for dm-crypt. Use it with cipher | 210 | narrow block cipher mode for dm-crypt. Use it with cipher |
211 | specification string aes-lrw-benbi, the key must be 256, 320 or 384. | 211 | specification string aes-lrw-benbi, the key must be 256, 320 or 384. |
212 | The first 128, 192 or 256 bits in the key are used for AES and the | 212 | The first 128, 192 or 256 bits in the key are used for AES and the |
213 | rest is used to tie each cipher block to its logical position. | 213 | rest is used to tie each cipher block to its logical position. |
214 | 214 | ||
215 | config CRYPTO_PCBC | 215 | config CRYPTO_PCBC |
216 | tristate "PCBC support" | 216 | tristate "PCBC support" |
217 | select CRYPTO_BLKCIPHER | 217 | select CRYPTO_BLKCIPHER |
218 | select CRYPTO_MANAGER | 218 | select CRYPTO_MANAGER |
219 | help | 219 | help |
220 | PCBC: Propagating Cipher Block Chaining mode | 220 | PCBC: Propagating Cipher Block Chaining mode |
221 | This block cipher algorithm is required for RxRPC. | 221 | This block cipher algorithm is required for RxRPC. |
222 | 222 | ||
223 | config CRYPTO_XTS | 223 | config CRYPTO_XTS |
224 | tristate "XTS support (EXPERIMENTAL)" | 224 | tristate "XTS support (EXPERIMENTAL)" |
225 | depends on EXPERIMENTAL | 225 | depends on EXPERIMENTAL |
226 | select CRYPTO_BLKCIPHER | 226 | select CRYPTO_BLKCIPHER |
227 | select CRYPTO_MANAGER | 227 | select CRYPTO_MANAGER |
228 | select CRYPTO_GF128MUL | 228 | select CRYPTO_GF128MUL |
229 | help | 229 | help |
230 | XTS: IEEE1619/D16 narrow block cipher use with aes-xts-plain, | 230 | XTS: IEEE1619/D16 narrow block cipher use with aes-xts-plain, |
231 | key size 256, 384 or 512 bits. This implementation currently | 231 | key size 256, 384 or 512 bits. This implementation currently |
232 | can't handle a sectorsize which is not a multiple of 16 bytes. | 232 | can't handle a sectorsize which is not a multiple of 16 bytes. |
233 | 233 | ||
234 | comment "Hash modes" | 234 | comment "Hash modes" |
235 | 235 | ||
236 | config CRYPTO_HMAC | 236 | config CRYPTO_HMAC |
237 | tristate "HMAC support" | 237 | tristate "HMAC support" |
238 | select CRYPTO_HASH | 238 | select CRYPTO_HASH |
239 | select CRYPTO_MANAGER | 239 | select CRYPTO_MANAGER |
240 | help | 240 | help |
241 | HMAC: Keyed-Hashing for Message Authentication (RFC2104). | 241 | HMAC: Keyed-Hashing for Message Authentication (RFC2104). |
242 | This is required for IPSec. | 242 | This is required for IPSec. |
243 | 243 | ||
244 | config CRYPTO_XCBC | 244 | config CRYPTO_XCBC |
245 | tristate "XCBC support" | 245 | tristate "XCBC support" |
246 | depends on EXPERIMENTAL | 246 | depends on EXPERIMENTAL |
247 | select CRYPTO_HASH | 247 | select CRYPTO_HASH |
248 | select CRYPTO_MANAGER | 248 | select CRYPTO_MANAGER |
249 | help | 249 | help |
250 | XCBC: Keyed-Hashing with encryption algorithm | 250 | XCBC: Keyed-Hashing with encryption algorithm |
251 | http://www.ietf.org/rfc/rfc3566.txt | 251 | http://www.ietf.org/rfc/rfc3566.txt |
252 | http://csrc.nist.gov/encryption/modes/proposedmodes/ | 252 | http://csrc.nist.gov/encryption/modes/proposedmodes/ |
253 | xcbc-mac/xcbc-mac-spec.pdf | 253 | xcbc-mac/xcbc-mac-spec.pdf |
254 | 254 | ||
255 | comment "Digest" | 255 | comment "Digest" |
256 | 256 | ||
257 | config CRYPTO_CRC32C | 257 | config CRYPTO_CRC32C |
258 | tristate "CRC32c CRC algorithm" | 258 | tristate "CRC32c CRC algorithm" |
259 | select CRYPTO_HASH | 259 | select CRYPTO_HASH |
260 | help | 260 | help |
261 | Castagnoli, et al Cyclic Redundancy-Check Algorithm. Used | 261 | Castagnoli, et al Cyclic Redundancy-Check Algorithm. Used |
262 | by iSCSI for header and data digests and by others. | 262 | by iSCSI for header and data digests and by others. |
263 | See Castagnoli93. Module will be crc32c. | 263 | See Castagnoli93. Module will be crc32c. |
264 | 264 | ||
265 | config CRYPTO_CRC32C_INTEL | 265 | config CRYPTO_CRC32C_INTEL |
266 | tristate "CRC32c INTEL hardware acceleration" | 266 | tristate "CRC32c INTEL hardware acceleration" |
267 | depends on X86 | 267 | depends on X86 |
268 | select CRYPTO_HASH | 268 | select CRYPTO_HASH |
269 | help | 269 | help |
270 | In Intel processor with SSE4.2 supported, the processor will | 270 | In Intel processor with SSE4.2 supported, the processor will |
271 | support CRC32C implementation using hardware accelerated CRC32 | 271 | support CRC32C implementation using hardware accelerated CRC32 |
272 | instruction. This option will create 'crc32c-intel' module, | 272 | instruction. This option will create 'crc32c-intel' module, |
273 | which will enable any routine to use the CRC32 instruction to | 273 | which will enable any routine to use the CRC32 instruction to |
274 | gain performance compared with software implementation. | 274 | gain performance compared with software implementation. |
275 | Module will be crc32c-intel. | 275 | Module will be crc32c-intel. |
276 | 276 | ||
277 | config CRYPTO_MD4 | 277 | config CRYPTO_MD4 |
278 | tristate "MD4 digest algorithm" | 278 | tristate "MD4 digest algorithm" |
279 | select CRYPTO_ALGAPI | 279 | select CRYPTO_ALGAPI |
280 | help | 280 | help |
281 | MD4 message digest algorithm (RFC1320). | 281 | MD4 message digest algorithm (RFC1320). |
282 | 282 | ||
283 | config CRYPTO_MD5 | 283 | config CRYPTO_MD5 |
284 | tristate "MD5 digest algorithm" | 284 | tristate "MD5 digest algorithm" |
285 | select CRYPTO_ALGAPI | 285 | select CRYPTO_ALGAPI |
286 | help | 286 | help |
287 | MD5 message digest algorithm (RFC1321). | 287 | MD5 message digest algorithm (RFC1321). |
288 | 288 | ||
289 | config CRYPTO_MICHAEL_MIC | 289 | config CRYPTO_MICHAEL_MIC |
290 | tristate "Michael MIC keyed digest algorithm" | 290 | tristate "Michael MIC keyed digest algorithm" |
291 | select CRYPTO_ALGAPI | 291 | select CRYPTO_ALGAPI |
292 | help | 292 | help |
293 | Michael MIC is used for message integrity protection in TKIP | 293 | Michael MIC is used for message integrity protection in TKIP |
294 | (IEEE 802.11i). This algorithm is required for TKIP, but it | 294 | (IEEE 802.11i). This algorithm is required for TKIP, but it |
295 | should not be used for other purposes because of the weakness | 295 | should not be used for other purposes because of the weakness |
296 | of the algorithm. | 296 | of the algorithm. |
297 | 297 | ||
298 | config CRYPTO_RMD128 | 298 | config CRYPTO_RMD128 |
299 | tristate "RIPEMD-128 digest algorithm" | 299 | tristate "RIPEMD-128 digest algorithm" |
300 | select CRYPTO_HASH | 300 | select CRYPTO_HASH |
301 | help | 301 | help |
302 | RIPEMD-128 (ISO/IEC 10118-3:2004). | 302 | RIPEMD-128 (ISO/IEC 10118-3:2004). |
303 | 303 | ||
304 | RIPEMD-128 is a 128-bit cryptographic hash function. It should only | 304 | RIPEMD-128 is a 128-bit cryptographic hash function. It should only |
305 | to be used as a secure replacement for RIPEMD. For other use cases | 305 | to be used as a secure replacement for RIPEMD. For other use cases |
306 | RIPEMD-160 should be used. | 306 | RIPEMD-160 should be used. |
307 | 307 | ||
308 | Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel. | 308 | Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel. |
309 | See <http://home.esat.kuleuven.be/~bosselae/ripemd160.html> | 309 | See <http://home.esat.kuleuven.be/~bosselae/ripemd160.html> |
310 | 310 | ||
311 | config CRYPTO_RMD160 | 311 | config CRYPTO_RMD160 |
312 | tristate "RIPEMD-160 digest algorithm" | 312 | tristate "RIPEMD-160 digest algorithm" |
313 | select CRYPTO_HASH | 313 | select CRYPTO_HASH |
314 | help | 314 | help |
315 | RIPEMD-160 (ISO/IEC 10118-3:2004). | 315 | RIPEMD-160 (ISO/IEC 10118-3:2004). |
316 | 316 | ||
317 | RIPEMD-160 is a 160-bit cryptographic hash function. It is intended | 317 | RIPEMD-160 is a 160-bit cryptographic hash function. It is intended |
318 | to be used as a secure replacement for the 128-bit hash functions | 318 | to be used as a secure replacement for the 128-bit hash functions |
319 | MD4, MD5 and it's predecessor RIPEMD | 319 | MD4, MD5 and it's predecessor RIPEMD |
320 | (not to be confused with RIPEMD-128). | 320 | (not to be confused with RIPEMD-128). |
321 | 321 | ||
322 | It's speed is comparable to SHA1 and there are no known attacks | 322 | It's speed is comparable to SHA1 and there are no known attacks |
323 | against RIPEMD-160. | 323 | against RIPEMD-160. |
324 | 324 | ||
325 | Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel. | 325 | Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel. |
326 | See <http://home.esat.kuleuven.be/~bosselae/ripemd160.html> | 326 | See <http://home.esat.kuleuven.be/~bosselae/ripemd160.html> |
327 | 327 | ||
328 | config CRYPTO_RMD256 | 328 | config CRYPTO_RMD256 |
329 | tristate "RIPEMD-256 digest algorithm" | 329 | tristate "RIPEMD-256 digest algorithm" |
330 | select CRYPTO_HASH | 330 | select CRYPTO_HASH |
331 | help | 331 | help |
332 | RIPEMD-256 is an optional extension of RIPEMD-128 with a | 332 | RIPEMD-256 is an optional extension of RIPEMD-128 with a |
333 | 256 bit hash. It is intended for applications that require | 333 | 256 bit hash. It is intended for applications that require |
334 | longer hash-results, without needing a larger security level | 334 | longer hash-results, without needing a larger security level |
335 | (than RIPEMD-128). | 335 | (than RIPEMD-128). |
336 | 336 | ||
337 | Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel. | 337 | Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel. |
338 | See <http://home.esat.kuleuven.be/~bosselae/ripemd160.html> | 338 | See <http://home.esat.kuleuven.be/~bosselae/ripemd160.html> |
339 | 339 | ||
340 | config CRYPTO_RMD320 | 340 | config CRYPTO_RMD320 |
341 | tristate "RIPEMD-320 digest algorithm" | 341 | tristate "RIPEMD-320 digest algorithm" |
342 | select CRYPTO_ALGAPI | 342 | select CRYPTO_HASH |
343 | help | 343 | help |
344 | RIPEMD-320 is an optional extension of RIPEMD-160 with a | 344 | RIPEMD-320 is an optional extension of RIPEMD-160 with a |
345 | 320 bit hash. It is intended for applications that require | 345 | 320 bit hash. It is intended for applications that require |
346 | longer hash-results, without needing a larger security level | 346 | longer hash-results, without needing a larger security level |
347 | (than RIPEMD-160). | 347 | (than RIPEMD-160). |
348 | 348 | ||
349 | Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel. | 349 | Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel. |
350 | See <http://home.esat.kuleuven.be/~bosselae/ripemd160.html> | 350 | See <http://home.esat.kuleuven.be/~bosselae/ripemd160.html> |
351 | 351 | ||
352 | config CRYPTO_SHA1 | 352 | config CRYPTO_SHA1 |
353 | tristate "SHA1 digest algorithm" | 353 | tristate "SHA1 digest algorithm" |
354 | select CRYPTO_ALGAPI | 354 | select CRYPTO_ALGAPI |
355 | help | 355 | help |
356 | SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2). | 356 | SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2). |
357 | 357 | ||
358 | config CRYPTO_SHA256 | 358 | config CRYPTO_SHA256 |
359 | tristate "SHA224 and SHA256 digest algorithm" | 359 | tristate "SHA224 and SHA256 digest algorithm" |
360 | select CRYPTO_ALGAPI | 360 | select CRYPTO_ALGAPI |
361 | help | 361 | help |
362 | SHA256 secure hash standard (DFIPS 180-2). | 362 | SHA256 secure hash standard (DFIPS 180-2). |
363 | 363 | ||
364 | This version of SHA implements a 256 bit hash with 128 bits of | 364 | This version of SHA implements a 256 bit hash with 128 bits of |
365 | security against collision attacks. | 365 | security against collision attacks. |
366 | 366 | ||
367 | This code also includes SHA-224, a 224 bit hash with 112 bits | 367 | This code also includes SHA-224, a 224 bit hash with 112 bits |
368 | of security against collision attacks. | 368 | of security against collision attacks. |
369 | 369 | ||
370 | config CRYPTO_SHA512 | 370 | config CRYPTO_SHA512 |
371 | tristate "SHA384 and SHA512 digest algorithms" | 371 | tristate "SHA384 and SHA512 digest algorithms" |
372 | select CRYPTO_ALGAPI | 372 | select CRYPTO_ALGAPI |
373 | help | 373 | help |
374 | SHA512 secure hash standard (DFIPS 180-2). | 374 | SHA512 secure hash standard (DFIPS 180-2). |
375 | 375 | ||
376 | This version of SHA implements a 512 bit hash with 256 bits of | 376 | This version of SHA implements a 512 bit hash with 256 bits of |
377 | security against collision attacks. | 377 | security against collision attacks. |
378 | 378 | ||
379 | This code also includes SHA-384, a 384 bit hash with 192 bits | 379 | This code also includes SHA-384, a 384 bit hash with 192 bits |
380 | of security against collision attacks. | 380 | of security against collision attacks. |
381 | 381 | ||
382 | config CRYPTO_TGR192 | 382 | config CRYPTO_TGR192 |
383 | tristate "Tiger digest algorithms" | 383 | tristate "Tiger digest algorithms" |
384 | select CRYPTO_ALGAPI | 384 | select CRYPTO_ALGAPI |
385 | help | 385 | help |
386 | Tiger hash algorithm 192, 160 and 128-bit hashes | 386 | Tiger hash algorithm 192, 160 and 128-bit hashes |
387 | 387 | ||
388 | Tiger is a hash function optimized for 64-bit processors while | 388 | Tiger is a hash function optimized for 64-bit processors while |
389 | still having decent performance on 32-bit processors. | 389 | still having decent performance on 32-bit processors. |
390 | Tiger was developed by Ross Anderson and Eli Biham. | 390 | Tiger was developed by Ross Anderson and Eli Biham. |
391 | 391 | ||
392 | See also: | 392 | See also: |
393 | <http://www.cs.technion.ac.il/~biham/Reports/Tiger/>. | 393 | <http://www.cs.technion.ac.il/~biham/Reports/Tiger/>. |
394 | 394 | ||
395 | config CRYPTO_WP512 | 395 | config CRYPTO_WP512 |
396 | tristate "Whirlpool digest algorithms" | 396 | tristate "Whirlpool digest algorithms" |
397 | select CRYPTO_ALGAPI | 397 | select CRYPTO_ALGAPI |
398 | help | 398 | help |
399 | Whirlpool hash algorithm 512, 384 and 256-bit hashes | 399 | Whirlpool hash algorithm 512, 384 and 256-bit hashes |
400 | 400 | ||
401 | Whirlpool-512 is part of the NESSIE cryptographic primitives. | 401 | Whirlpool-512 is part of the NESSIE cryptographic primitives. |
402 | Whirlpool will be part of the ISO/IEC 10118-3:2003(E) standard | 402 | Whirlpool will be part of the ISO/IEC 10118-3:2003(E) standard |
403 | 403 | ||
404 | See also: | 404 | See also: |
405 | <http://planeta.terra.com.br/informatica/paulobarreto/WhirlpoolPage.html> | 405 | <http://planeta.terra.com.br/informatica/paulobarreto/WhirlpoolPage.html> |
406 | 406 | ||
407 | comment "Ciphers" | 407 | comment "Ciphers" |
408 | 408 | ||
409 | config CRYPTO_AES | 409 | config CRYPTO_AES |
410 | tristate "AES cipher algorithms" | 410 | tristate "AES cipher algorithms" |
411 | select CRYPTO_ALGAPI | 411 | select CRYPTO_ALGAPI |
412 | help | 412 | help |
413 | AES cipher algorithms (FIPS-197). AES uses the Rijndael | 413 | AES cipher algorithms (FIPS-197). AES uses the Rijndael |
414 | algorithm. | 414 | algorithm. |
415 | 415 | ||
416 | Rijndael appears to be consistently a very good performer in | 416 | Rijndael appears to be consistently a very good performer in |
417 | both hardware and software across a wide range of computing | 417 | both hardware and software across a wide range of computing |
418 | environments regardless of its use in feedback or non-feedback | 418 | environments regardless of its use in feedback or non-feedback |
419 | modes. Its key setup time is excellent, and its key agility is | 419 | modes. Its key setup time is excellent, and its key agility is |
420 | good. Rijndael's very low memory requirements make it very well | 420 | good. Rijndael's very low memory requirements make it very well |
421 | suited for restricted-space environments, in which it also | 421 | suited for restricted-space environments, in which it also |
422 | demonstrates excellent performance. Rijndael's operations are | 422 | demonstrates excellent performance. Rijndael's operations are |
423 | among the easiest to defend against power and timing attacks. | 423 | among the easiest to defend against power and timing attacks. |
424 | 424 | ||
425 | The AES specifies three key sizes: 128, 192 and 256 bits | 425 | The AES specifies three key sizes: 128, 192 and 256 bits |
426 | 426 | ||
427 | See <http://csrc.nist.gov/CryptoToolkit/aes/> for more information. | 427 | See <http://csrc.nist.gov/CryptoToolkit/aes/> for more information. |
428 | 428 | ||
429 | config CRYPTO_AES_586 | 429 | config CRYPTO_AES_586 |
430 | tristate "AES cipher algorithms (i586)" | 430 | tristate "AES cipher algorithms (i586)" |
431 | depends on (X86 || UML_X86) && !64BIT | 431 | depends on (X86 || UML_X86) && !64BIT |
432 | select CRYPTO_ALGAPI | 432 | select CRYPTO_ALGAPI |
433 | select CRYPTO_AES | 433 | select CRYPTO_AES |
434 | help | 434 | help |
435 | AES cipher algorithms (FIPS-197). AES uses the Rijndael | 435 | AES cipher algorithms (FIPS-197). AES uses the Rijndael |
436 | algorithm. | 436 | algorithm. |
437 | 437 | ||
438 | Rijndael appears to be consistently a very good performer in | 438 | Rijndael appears to be consistently a very good performer in |
439 | both hardware and software across a wide range of computing | 439 | both hardware and software across a wide range of computing |
440 | environments regardless of its use in feedback or non-feedback | 440 | environments regardless of its use in feedback or non-feedback |
441 | modes. Its key setup time is excellent, and its key agility is | 441 | modes. Its key setup time is excellent, and its key agility is |
442 | good. Rijndael's very low memory requirements make it very well | 442 | good. Rijndael's very low memory requirements make it very well |
443 | suited for restricted-space environments, in which it also | 443 | suited for restricted-space environments, in which it also |
444 | demonstrates excellent performance. Rijndael's operations are | 444 | demonstrates excellent performance. Rijndael's operations are |
445 | among the easiest to defend against power and timing attacks. | 445 | among the easiest to defend against power and timing attacks. |
446 | 446 | ||
447 | The AES specifies three key sizes: 128, 192 and 256 bits | 447 | The AES specifies three key sizes: 128, 192 and 256 bits |
448 | 448 | ||
449 | See <http://csrc.nist.gov/encryption/aes/> for more information. | 449 | See <http://csrc.nist.gov/encryption/aes/> for more information. |
450 | 450 | ||
451 | config CRYPTO_AES_X86_64 | 451 | config CRYPTO_AES_X86_64 |
452 | tristate "AES cipher algorithms (x86_64)" | 452 | tristate "AES cipher algorithms (x86_64)" |
453 | depends on (X86 || UML_X86) && 64BIT | 453 | depends on (X86 || UML_X86) && 64BIT |
454 | select CRYPTO_ALGAPI | 454 | select CRYPTO_ALGAPI |
455 | select CRYPTO_AES | 455 | select CRYPTO_AES |
456 | help | 456 | help |
457 | AES cipher algorithms (FIPS-197). AES uses the Rijndael | 457 | AES cipher algorithms (FIPS-197). AES uses the Rijndael |
458 | algorithm. | 458 | algorithm. |
459 | 459 | ||
460 | Rijndael appears to be consistently a very good performer in | 460 | Rijndael appears to be consistently a very good performer in |
461 | both hardware and software across a wide range of computing | 461 | both hardware and software across a wide range of computing |
462 | environments regardless of its use in feedback or non-feedback | 462 | environments regardless of its use in feedback or non-feedback |
463 | modes. Its key setup time is excellent, and its key agility is | 463 | modes. Its key setup time is excellent, and its key agility is |
464 | good. Rijndael's very low memory requirements make it very well | 464 | good. Rijndael's very low memory requirements make it very well |
465 | suited for restricted-space environments, in which it also | 465 | suited for restricted-space environments, in which it also |
466 | demonstrates excellent performance. Rijndael's operations are | 466 | demonstrates excellent performance. Rijndael's operations are |
467 | among the easiest to defend against power and timing attacks. | 467 | among the easiest to defend against power and timing attacks. |
468 | 468 | ||
469 | The AES specifies three key sizes: 128, 192 and 256 bits | 469 | The AES specifies three key sizes: 128, 192 and 256 bits |
470 | 470 | ||
471 | See <http://csrc.nist.gov/encryption/aes/> for more information. | 471 | See <http://csrc.nist.gov/encryption/aes/> for more information. |
472 | 472 | ||
473 | config CRYPTO_ANUBIS | 473 | config CRYPTO_ANUBIS |
474 | tristate "Anubis cipher algorithm" | 474 | tristate "Anubis cipher algorithm" |
475 | select CRYPTO_ALGAPI | 475 | select CRYPTO_ALGAPI |
476 | help | 476 | help |
477 | Anubis cipher algorithm. | 477 | Anubis cipher algorithm. |
478 | 478 | ||
479 | Anubis is a variable key length cipher which can use keys from | 479 | Anubis is a variable key length cipher which can use keys from |
480 | 128 bits to 320 bits in length. It was evaluated as a entrant | 480 | 128 bits to 320 bits in length. It was evaluated as a entrant |
481 | in the NESSIE competition. | 481 | in the NESSIE competition. |
482 | 482 | ||
483 | See also: | 483 | See also: |
484 | <https://www.cosic.esat.kuleuven.ac.be/nessie/reports/> | 484 | <https://www.cosic.esat.kuleuven.ac.be/nessie/reports/> |
485 | <http://planeta.terra.com.br/informatica/paulobarreto/AnubisPage.html> | 485 | <http://planeta.terra.com.br/informatica/paulobarreto/AnubisPage.html> |
486 | 486 | ||
487 | config CRYPTO_ARC4 | 487 | config CRYPTO_ARC4 |
488 | tristate "ARC4 cipher algorithm" | 488 | tristate "ARC4 cipher algorithm" |
489 | select CRYPTO_ALGAPI | 489 | select CRYPTO_ALGAPI |
490 | help | 490 | help |
491 | ARC4 cipher algorithm. | 491 | ARC4 cipher algorithm. |
492 | 492 | ||
493 | ARC4 is a stream cipher using keys ranging from 8 bits to 2048 | 493 | ARC4 is a stream cipher using keys ranging from 8 bits to 2048 |
494 | bits in length. This algorithm is required for driver-based | 494 | bits in length. This algorithm is required for driver-based |
495 | WEP, but it should not be for other purposes because of the | 495 | WEP, but it should not be for other purposes because of the |
496 | weakness of the algorithm. | 496 | weakness of the algorithm. |
497 | 497 | ||
498 | config CRYPTO_BLOWFISH | 498 | config CRYPTO_BLOWFISH |
499 | tristate "Blowfish cipher algorithm" | 499 | tristate "Blowfish cipher algorithm" |
500 | select CRYPTO_ALGAPI | 500 | select CRYPTO_ALGAPI |
501 | help | 501 | help |
502 | Blowfish cipher algorithm, by Bruce Schneier. | 502 | Blowfish cipher algorithm, by Bruce Schneier. |
503 | 503 | ||
504 | This is a variable key length cipher which can use keys from 32 | 504 | This is a variable key length cipher which can use keys from 32 |
505 | bits to 448 bits in length. It's fast, simple and specifically | 505 | bits to 448 bits in length. It's fast, simple and specifically |
506 | designed for use on "large microprocessors". | 506 | designed for use on "large microprocessors". |
507 | 507 | ||
508 | See also: | 508 | See also: |
509 | <http://www.schneier.com/blowfish.html> | 509 | <http://www.schneier.com/blowfish.html> |
510 | 510 | ||
511 | config CRYPTO_CAMELLIA | 511 | config CRYPTO_CAMELLIA |
512 | tristate "Camellia cipher algorithms" | 512 | tristate "Camellia cipher algorithms" |
513 | depends on CRYPTO | 513 | depends on CRYPTO |
514 | select CRYPTO_ALGAPI | 514 | select CRYPTO_ALGAPI |
515 | help | 515 | help |
516 | Camellia cipher algorithms module. | 516 | Camellia cipher algorithms module. |
517 | 517 | ||
518 | Camellia is a symmetric key block cipher developed jointly | 518 | Camellia is a symmetric key block cipher developed jointly |
519 | at NTT and Mitsubishi Electric Corporation. | 519 | at NTT and Mitsubishi Electric Corporation. |
520 | 520 | ||
521 | The Camellia specifies three key sizes: 128, 192 and 256 bits. | 521 | The Camellia specifies three key sizes: 128, 192 and 256 bits. |
522 | 522 | ||
523 | See also: | 523 | See also: |
524 | <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html> | 524 | <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html> |
525 | 525 | ||
526 | config CRYPTO_CAST5 | 526 | config CRYPTO_CAST5 |
527 | tristate "CAST5 (CAST-128) cipher algorithm" | 527 | tristate "CAST5 (CAST-128) cipher algorithm" |
528 | select CRYPTO_ALGAPI | 528 | select CRYPTO_ALGAPI |
529 | help | 529 | help |
530 | The CAST5 encryption algorithm (synonymous with CAST-128) is | 530 | The CAST5 encryption algorithm (synonymous with CAST-128) is |
531 | described in RFC2144. | 531 | described in RFC2144. |
532 | 532 | ||
533 | config CRYPTO_CAST6 | 533 | config CRYPTO_CAST6 |
534 | tristate "CAST6 (CAST-256) cipher algorithm" | 534 | tristate "CAST6 (CAST-256) cipher algorithm" |
535 | select CRYPTO_ALGAPI | 535 | select CRYPTO_ALGAPI |
536 | help | 536 | help |
537 | The CAST6 encryption algorithm (synonymous with CAST-256) is | 537 | The CAST6 encryption algorithm (synonymous with CAST-256) is |
538 | described in RFC2612. | 538 | described in RFC2612. |
539 | 539 | ||
540 | config CRYPTO_DES | 540 | config CRYPTO_DES |
541 | tristate "DES and Triple DES EDE cipher algorithms" | 541 | tristate "DES and Triple DES EDE cipher algorithms" |
542 | select CRYPTO_ALGAPI | 542 | select CRYPTO_ALGAPI |
543 | help | 543 | help |
544 | DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3). | 544 | DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3). |
545 | 545 | ||
546 | config CRYPTO_FCRYPT | 546 | config CRYPTO_FCRYPT |
547 | tristate "FCrypt cipher algorithm" | 547 | tristate "FCrypt cipher algorithm" |
548 | select CRYPTO_ALGAPI | 548 | select CRYPTO_ALGAPI |
549 | select CRYPTO_BLKCIPHER | 549 | select CRYPTO_BLKCIPHER |
550 | help | 550 | help |
551 | FCrypt algorithm used by RxRPC. | 551 | FCrypt algorithm used by RxRPC. |
552 | 552 | ||
553 | config CRYPTO_KHAZAD | 553 | config CRYPTO_KHAZAD |
554 | tristate "Khazad cipher algorithm" | 554 | tristate "Khazad cipher algorithm" |
555 | select CRYPTO_ALGAPI | 555 | select CRYPTO_ALGAPI |
556 | help | 556 | help |
557 | Khazad cipher algorithm. | 557 | Khazad cipher algorithm. |
558 | 558 | ||
559 | Khazad was a finalist in the initial NESSIE competition. It is | 559 | Khazad was a finalist in the initial NESSIE competition. It is |
560 | an algorithm optimized for 64-bit processors with good performance | 560 | an algorithm optimized for 64-bit processors with good performance |
561 | on 32-bit processors. Khazad uses an 128 bit key size. | 561 | on 32-bit processors. Khazad uses an 128 bit key size. |
562 | 562 | ||
563 | See also: | 563 | See also: |
564 | <http://planeta.terra.com.br/informatica/paulobarreto/KhazadPage.html> | 564 | <http://planeta.terra.com.br/informatica/paulobarreto/KhazadPage.html> |
565 | 565 | ||
566 | config CRYPTO_SALSA20 | 566 | config CRYPTO_SALSA20 |
567 | tristate "Salsa20 stream cipher algorithm (EXPERIMENTAL)" | 567 | tristate "Salsa20 stream cipher algorithm (EXPERIMENTAL)" |
568 | depends on EXPERIMENTAL | 568 | depends on EXPERIMENTAL |
569 | select CRYPTO_BLKCIPHER | 569 | select CRYPTO_BLKCIPHER |
570 | help | 570 | help |
571 | Salsa20 stream cipher algorithm. | 571 | Salsa20 stream cipher algorithm. |
572 | 572 | ||
573 | Salsa20 is a stream cipher submitted to eSTREAM, the ECRYPT | 573 | Salsa20 is a stream cipher submitted to eSTREAM, the ECRYPT |
574 | Stream Cipher Project. See <http://www.ecrypt.eu.org/stream/> | 574 | Stream Cipher Project. See <http://www.ecrypt.eu.org/stream/> |
575 | 575 | ||
576 | The Salsa20 stream cipher algorithm is designed by Daniel J. | 576 | The Salsa20 stream cipher algorithm is designed by Daniel J. |
577 | Bernstein <djb@cr.yp.to>. See <http://cr.yp.to/snuffle.html> | 577 | Bernstein <djb@cr.yp.to>. See <http://cr.yp.to/snuffle.html> |
578 | 578 | ||
579 | config CRYPTO_SALSA20_586 | 579 | config CRYPTO_SALSA20_586 |
580 | tristate "Salsa20 stream cipher algorithm (i586) (EXPERIMENTAL)" | 580 | tristate "Salsa20 stream cipher algorithm (i586) (EXPERIMENTAL)" |
581 | depends on (X86 || UML_X86) && !64BIT | 581 | depends on (X86 || UML_X86) && !64BIT |
582 | depends on EXPERIMENTAL | 582 | depends on EXPERIMENTAL |
583 | select CRYPTO_BLKCIPHER | 583 | select CRYPTO_BLKCIPHER |
584 | help | 584 | help |
585 | Salsa20 stream cipher algorithm. | 585 | Salsa20 stream cipher algorithm. |
586 | 586 | ||
587 | Salsa20 is a stream cipher submitted to eSTREAM, the ECRYPT | 587 | Salsa20 is a stream cipher submitted to eSTREAM, the ECRYPT |
588 | Stream Cipher Project. See <http://www.ecrypt.eu.org/stream/> | 588 | Stream Cipher Project. See <http://www.ecrypt.eu.org/stream/> |
589 | 589 | ||
590 | The Salsa20 stream cipher algorithm is designed by Daniel J. | 590 | The Salsa20 stream cipher algorithm is designed by Daniel J. |
591 | Bernstein <djb@cr.yp.to>. See <http://cr.yp.to/snuffle.html> | 591 | Bernstein <djb@cr.yp.to>. See <http://cr.yp.to/snuffle.html> |
592 | 592 | ||
593 | config CRYPTO_SALSA20_X86_64 | 593 | config CRYPTO_SALSA20_X86_64 |
594 | tristate "Salsa20 stream cipher algorithm (x86_64) (EXPERIMENTAL)" | 594 | tristate "Salsa20 stream cipher algorithm (x86_64) (EXPERIMENTAL)" |
595 | depends on (X86 || UML_X86) && 64BIT | 595 | depends on (X86 || UML_X86) && 64BIT |
596 | depends on EXPERIMENTAL | 596 | depends on EXPERIMENTAL |
597 | select CRYPTO_BLKCIPHER | 597 | select CRYPTO_BLKCIPHER |
598 | help | 598 | help |
599 | Salsa20 stream cipher algorithm. | 599 | Salsa20 stream cipher algorithm. |
600 | 600 | ||
601 | Salsa20 is a stream cipher submitted to eSTREAM, the ECRYPT | 601 | Salsa20 is a stream cipher submitted to eSTREAM, the ECRYPT |
602 | Stream Cipher Project. See <http://www.ecrypt.eu.org/stream/> | 602 | Stream Cipher Project. See <http://www.ecrypt.eu.org/stream/> |
603 | 603 | ||
604 | The Salsa20 stream cipher algorithm is designed by Daniel J. | 604 | The Salsa20 stream cipher algorithm is designed by Daniel J. |
605 | Bernstein <djb@cr.yp.to>. See <http://cr.yp.to/snuffle.html> | 605 | Bernstein <djb@cr.yp.to>. See <http://cr.yp.to/snuffle.html> |
606 | 606 | ||
607 | config CRYPTO_SEED | 607 | config CRYPTO_SEED |
608 | tristate "SEED cipher algorithm" | 608 | tristate "SEED cipher algorithm" |
609 | select CRYPTO_ALGAPI | 609 | select CRYPTO_ALGAPI |
610 | help | 610 | help |
611 | SEED cipher algorithm (RFC4269). | 611 | SEED cipher algorithm (RFC4269). |
612 | 612 | ||
613 | SEED is a 128-bit symmetric key block cipher that has been | 613 | SEED is a 128-bit symmetric key block cipher that has been |
614 | developed by KISA (Korea Information Security Agency) as a | 614 | developed by KISA (Korea Information Security Agency) as a |
615 | national standard encryption algorithm of the Republic of Korea. | 615 | national standard encryption algorithm of the Republic of Korea. |
616 | It is a 16 round block cipher with the key size of 128 bit. | 616 | It is a 16 round block cipher with the key size of 128 bit. |
617 | 617 | ||
618 | See also: | 618 | See also: |
619 | <http://www.kisa.or.kr/kisa/seed/jsp/seed_eng.jsp> | 619 | <http://www.kisa.or.kr/kisa/seed/jsp/seed_eng.jsp> |
620 | 620 | ||
621 | config CRYPTO_SERPENT | 621 | config CRYPTO_SERPENT |
622 | tristate "Serpent cipher algorithm" | 622 | tristate "Serpent cipher algorithm" |
623 | select CRYPTO_ALGAPI | 623 | select CRYPTO_ALGAPI |
624 | help | 624 | help |
625 | Serpent cipher algorithm, by Anderson, Biham & Knudsen. | 625 | Serpent cipher algorithm, by Anderson, Biham & Knudsen. |
626 | 626 | ||
627 | Keys are allowed to be from 0 to 256 bits in length, in steps | 627 | Keys are allowed to be from 0 to 256 bits in length, in steps |
628 | of 8 bits. Also includes the 'Tnepres' algorithm, a reversed | 628 | of 8 bits. Also includes the 'Tnepres' algorithm, a reversed |
629 | variant of Serpent for compatibility with old kerneli.org code. | 629 | variant of Serpent for compatibility with old kerneli.org code. |
630 | 630 | ||
631 | See also: | 631 | See also: |
632 | <http://www.cl.cam.ac.uk/~rja14/serpent.html> | 632 | <http://www.cl.cam.ac.uk/~rja14/serpent.html> |
633 | 633 | ||
634 | config CRYPTO_TEA | 634 | config CRYPTO_TEA |
635 | tristate "TEA, XTEA and XETA cipher algorithms" | 635 | tristate "TEA, XTEA and XETA cipher algorithms" |
636 | select CRYPTO_ALGAPI | 636 | select CRYPTO_ALGAPI |
637 | help | 637 | help |
638 | TEA cipher algorithm. | 638 | TEA cipher algorithm. |
639 | 639 | ||
640 | Tiny Encryption Algorithm is a simple cipher that uses | 640 | Tiny Encryption Algorithm is a simple cipher that uses |
641 | many rounds for security. It is very fast and uses | 641 | many rounds for security. It is very fast and uses |
642 | little memory. | 642 | little memory. |
643 | 643 | ||
644 | Xtendend Tiny Encryption Algorithm is a modification to | 644 | Xtendend Tiny Encryption Algorithm is a modification to |
645 | the TEA algorithm to address a potential key weakness | 645 | the TEA algorithm to address a potential key weakness |
646 | in the TEA algorithm. | 646 | in the TEA algorithm. |
647 | 647 | ||
648 | Xtendend Encryption Tiny Algorithm is a mis-implementation | 648 | Xtendend Encryption Tiny Algorithm is a mis-implementation |
649 | of the XTEA algorithm for compatibility purposes. | 649 | of the XTEA algorithm for compatibility purposes. |
650 | 650 | ||
651 | config CRYPTO_TWOFISH | 651 | config CRYPTO_TWOFISH |
652 | tristate "Twofish cipher algorithm" | 652 | tristate "Twofish cipher algorithm" |
653 | select CRYPTO_ALGAPI | 653 | select CRYPTO_ALGAPI |
654 | select CRYPTO_TWOFISH_COMMON | 654 | select CRYPTO_TWOFISH_COMMON |
655 | help | 655 | help |
656 | Twofish cipher algorithm. | 656 | Twofish cipher algorithm. |
657 | 657 | ||
658 | Twofish was submitted as an AES (Advanced Encryption Standard) | 658 | Twofish was submitted as an AES (Advanced Encryption Standard) |
659 | candidate cipher by researchers at CounterPane Systems. It is a | 659 | candidate cipher by researchers at CounterPane Systems. It is a |
660 | 16 round block cipher supporting key sizes of 128, 192, and 256 | 660 | 16 round block cipher supporting key sizes of 128, 192, and 256 |
661 | bits. | 661 | bits. |
662 | 662 | ||
663 | See also: | 663 | See also: |
664 | <http://www.schneier.com/twofish.html> | 664 | <http://www.schneier.com/twofish.html> |
665 | 665 | ||
666 | config CRYPTO_TWOFISH_COMMON | 666 | config CRYPTO_TWOFISH_COMMON |
667 | tristate | 667 | tristate |
668 | help | 668 | help |
669 | Common parts of the Twofish cipher algorithm shared by the | 669 | Common parts of the Twofish cipher algorithm shared by the |
670 | generic c and the assembler implementations. | 670 | generic c and the assembler implementations. |
671 | 671 | ||
672 | config CRYPTO_TWOFISH_586 | 672 | config CRYPTO_TWOFISH_586 |
673 | tristate "Twofish cipher algorithms (i586)" | 673 | tristate "Twofish cipher algorithms (i586)" |
674 | depends on (X86 || UML_X86) && !64BIT | 674 | depends on (X86 || UML_X86) && !64BIT |
675 | select CRYPTO_ALGAPI | 675 | select CRYPTO_ALGAPI |
676 | select CRYPTO_TWOFISH_COMMON | 676 | select CRYPTO_TWOFISH_COMMON |
677 | help | 677 | help |
678 | Twofish cipher algorithm. | 678 | Twofish cipher algorithm. |
679 | 679 | ||
680 | Twofish was submitted as an AES (Advanced Encryption Standard) | 680 | Twofish was submitted as an AES (Advanced Encryption Standard) |
681 | candidate cipher by researchers at CounterPane Systems. It is a | 681 | candidate cipher by researchers at CounterPane Systems. It is a |
682 | 16 round block cipher supporting key sizes of 128, 192, and 256 | 682 | 16 round block cipher supporting key sizes of 128, 192, and 256 |
683 | bits. | 683 | bits. |
684 | 684 | ||
685 | See also: | 685 | See also: |
686 | <http://www.schneier.com/twofish.html> | 686 | <http://www.schneier.com/twofish.html> |
687 | 687 | ||
688 | config CRYPTO_TWOFISH_X86_64 | 688 | config CRYPTO_TWOFISH_X86_64 |
689 | tristate "Twofish cipher algorithm (x86_64)" | 689 | tristate "Twofish cipher algorithm (x86_64)" |
690 | depends on (X86 || UML_X86) && 64BIT | 690 | depends on (X86 || UML_X86) && 64BIT |
691 | select CRYPTO_ALGAPI | 691 | select CRYPTO_ALGAPI |
692 | select CRYPTO_TWOFISH_COMMON | 692 | select CRYPTO_TWOFISH_COMMON |
693 | help | 693 | help |
694 | Twofish cipher algorithm (x86_64). | 694 | Twofish cipher algorithm (x86_64). |
695 | 695 | ||
696 | Twofish was submitted as an AES (Advanced Encryption Standard) | 696 | Twofish was submitted as an AES (Advanced Encryption Standard) |
697 | candidate cipher by researchers at CounterPane Systems. It is a | 697 | candidate cipher by researchers at CounterPane Systems. It is a |
698 | 16 round block cipher supporting key sizes of 128, 192, and 256 | 698 | 16 round block cipher supporting key sizes of 128, 192, and 256 |
699 | bits. | 699 | bits. |
700 | 700 | ||
701 | See also: | 701 | See also: |
702 | <http://www.schneier.com/twofish.html> | 702 | <http://www.schneier.com/twofish.html> |
703 | 703 | ||
704 | comment "Compression" | 704 | comment "Compression" |
705 | 705 | ||
706 | config CRYPTO_DEFLATE | 706 | config CRYPTO_DEFLATE |
707 | tristate "Deflate compression algorithm" | 707 | tristate "Deflate compression algorithm" |
708 | select CRYPTO_ALGAPI | 708 | select CRYPTO_ALGAPI |
709 | select ZLIB_INFLATE | 709 | select ZLIB_INFLATE |
710 | select ZLIB_DEFLATE | 710 | select ZLIB_DEFLATE |
711 | help | 711 | help |
712 | This is the Deflate algorithm (RFC1951), specified for use in | 712 | This is the Deflate algorithm (RFC1951), specified for use in |
713 | IPSec with the IPCOMP protocol (RFC3173, RFC2394). | 713 | IPSec with the IPCOMP protocol (RFC3173, RFC2394). |
714 | 714 | ||
715 | You will most probably want this if using IPSec. | 715 | You will most probably want this if using IPSec. |
716 | 716 | ||
717 | config CRYPTO_LZO | 717 | config CRYPTO_LZO |
718 | tristate "LZO compression algorithm" | 718 | tristate "LZO compression algorithm" |
719 | select CRYPTO_ALGAPI | 719 | select CRYPTO_ALGAPI |
720 | select LZO_COMPRESS | 720 | select LZO_COMPRESS |
721 | select LZO_DECOMPRESS | 721 | select LZO_DECOMPRESS |
722 | help | 722 | help |
723 | This is the LZO algorithm. | 723 | This is the LZO algorithm. |
724 | 724 | ||
725 | comment "Random Number Generation" | 725 | comment "Random Number Generation" |
726 | 726 | ||
727 | config CRYPTO_ANSI_CPRNG | 727 | config CRYPTO_ANSI_CPRNG |
728 | tristate "Pseudo Random Number Generation for Cryptographic modules" | 728 | tristate "Pseudo Random Number Generation for Cryptographic modules" |
729 | select CRYPTO_AES | 729 | select CRYPTO_AES |
730 | select CRYPTO_RNG | 730 | select CRYPTO_RNG |
731 | select CRYPTO_FIPS | 731 | select CRYPTO_FIPS |
732 | help | 732 | help |
733 | This option enables the generic pseudo random number generator | 733 | This option enables the generic pseudo random number generator |
734 | for cryptographic modules. Uses the Algorithm specified in | 734 | for cryptographic modules. Uses the Algorithm specified in |
735 | ANSI X9.31 A.2.4 | 735 | ANSI X9.31 A.2.4 |
736 | 736 | ||
737 | source "drivers/crypto/Kconfig" | 737 | source "drivers/crypto/Kconfig" |
738 | 738 | ||
739 | endif # if CRYPTO | 739 | endif # if CRYPTO |
740 | 740 |
crypto/rmd320.c
1 | /* | 1 | /* |
2 | * Cryptographic API. | 2 | * Cryptographic API. |
3 | * | 3 | * |
4 | * RIPEMD-320 - RACE Integrity Primitives Evaluation Message Digest. | 4 | * RIPEMD-320 - RACE Integrity Primitives Evaluation Message Digest. |
5 | * | 5 | * |
6 | * Based on the reference implementation by Antoon Bosselaers, ESAT-COSIC | 6 | * Based on the reference implementation by Antoon Bosselaers, ESAT-COSIC |
7 | * | 7 | * |
8 | * Copyright (c) 2008 Adrian-Ken Rueegsegger <rueegsegger (at) swiss-it.ch> | 8 | * Copyright (c) 2008 Adrian-Ken Rueegsegger <rueegsegger (at) swiss-it.ch> |
9 | * | 9 | * |
10 | * This program is free software; you can redistribute it and/or modify it | 10 | * This program is free software; you can redistribute it and/or modify it |
11 | * under the terms of the GNU General Public License as published by the Free | 11 | * under the terms of the GNU General Public License as published by the Free |
12 | * Software Foundation; either version 2 of the License, or (at your option) | 12 | * Software Foundation; either version 2 of the License, or (at your option) |
13 | * any later version. | 13 | * any later version. |
14 | * | 14 | * |
15 | */ | 15 | */ |
16 | #include <crypto/internal/hash.h> | ||
16 | #include <linux/init.h> | 17 | #include <linux/init.h> |
17 | #include <linux/module.h> | 18 | #include <linux/module.h> |
18 | #include <linux/mm.h> | 19 | #include <linux/mm.h> |
19 | #include <linux/crypto.h> | ||
20 | #include <linux/cryptohash.h> | ||
21 | #include <linux/types.h> | 20 | #include <linux/types.h> |
22 | #include <asm/byteorder.h> | 21 | #include <asm/byteorder.h> |
23 | 22 | ||
24 | #include "ripemd.h" | 23 | #include "ripemd.h" |
25 | 24 | ||
26 | struct rmd320_ctx { | 25 | struct rmd320_ctx { |
27 | u64 byte_count; | 26 | u64 byte_count; |
28 | u32 state[10]; | 27 | u32 state[10]; |
29 | __le32 buffer[16]; | 28 | __le32 buffer[16]; |
30 | }; | 29 | }; |
31 | 30 | ||
32 | #define K1 RMD_K1 | 31 | #define K1 RMD_K1 |
33 | #define K2 RMD_K2 | 32 | #define K2 RMD_K2 |
34 | #define K3 RMD_K3 | 33 | #define K3 RMD_K3 |
35 | #define K4 RMD_K4 | 34 | #define K4 RMD_K4 |
36 | #define K5 RMD_K5 | 35 | #define K5 RMD_K5 |
37 | #define KK1 RMD_K6 | 36 | #define KK1 RMD_K6 |
38 | #define KK2 RMD_K7 | 37 | #define KK2 RMD_K7 |
39 | #define KK3 RMD_K8 | 38 | #define KK3 RMD_K8 |
40 | #define KK4 RMD_K9 | 39 | #define KK4 RMD_K9 |
41 | #define KK5 RMD_K1 | 40 | #define KK5 RMD_K1 |
42 | 41 | ||
43 | #define F1(x, y, z) (x ^ y ^ z) /* XOR */ | 42 | #define F1(x, y, z) (x ^ y ^ z) /* XOR */ |
44 | #define F2(x, y, z) (z ^ (x & (y ^ z))) /* x ? y : z */ | 43 | #define F2(x, y, z) (z ^ (x & (y ^ z))) /* x ? y : z */ |
45 | #define F3(x, y, z) ((x | ~y) ^ z) | 44 | #define F3(x, y, z) ((x | ~y) ^ z) |
46 | #define F4(x, y, z) (y ^ (z & (x ^ y))) /* z ? x : y */ | 45 | #define F4(x, y, z) (y ^ (z & (x ^ y))) /* z ? x : y */ |
47 | #define F5(x, y, z) (x ^ (y | ~z)) | 46 | #define F5(x, y, z) (x ^ (y | ~z)) |
48 | 47 | ||
49 | #define ROUND(a, b, c, d, e, f, k, x, s) { \ | 48 | #define ROUND(a, b, c, d, e, f, k, x, s) { \ |
50 | (a) += f((b), (c), (d)) + le32_to_cpup(&(x)) + (k); \ | 49 | (a) += f((b), (c), (d)) + le32_to_cpup(&(x)) + (k); \ |
51 | (a) = rol32((a), (s)) + (e); \ | 50 | (a) = rol32((a), (s)) + (e); \ |
52 | (c) = rol32((c), 10); \ | 51 | (c) = rol32((c), 10); \ |
53 | } | 52 | } |
54 | 53 | ||
55 | static void rmd320_transform(u32 *state, const __le32 *in) | 54 | static void rmd320_transform(u32 *state, const __le32 *in) |
56 | { | 55 | { |
57 | u32 aa, bb, cc, dd, ee, aaa, bbb, ccc, ddd, eee, tmp; | 56 | u32 aa, bb, cc, dd, ee, aaa, bbb, ccc, ddd, eee, tmp; |
58 | 57 | ||
59 | /* Initialize left lane */ | 58 | /* Initialize left lane */ |
60 | aa = state[0]; | 59 | aa = state[0]; |
61 | bb = state[1]; | 60 | bb = state[1]; |
62 | cc = state[2]; | 61 | cc = state[2]; |
63 | dd = state[3]; | 62 | dd = state[3]; |
64 | ee = state[4]; | 63 | ee = state[4]; |
65 | 64 | ||
66 | /* Initialize right lane */ | 65 | /* Initialize right lane */ |
67 | aaa = state[5]; | 66 | aaa = state[5]; |
68 | bbb = state[6]; | 67 | bbb = state[6]; |
69 | ccc = state[7]; | 68 | ccc = state[7]; |
70 | ddd = state[8]; | 69 | ddd = state[8]; |
71 | eee = state[9]; | 70 | eee = state[9]; |
72 | 71 | ||
73 | /* round 1: left lane */ | 72 | /* round 1: left lane */ |
74 | ROUND(aa, bb, cc, dd, ee, F1, K1, in[0], 11); | 73 | ROUND(aa, bb, cc, dd, ee, F1, K1, in[0], 11); |
75 | ROUND(ee, aa, bb, cc, dd, F1, K1, in[1], 14); | 74 | ROUND(ee, aa, bb, cc, dd, F1, K1, in[1], 14); |
76 | ROUND(dd, ee, aa, bb, cc, F1, K1, in[2], 15); | 75 | ROUND(dd, ee, aa, bb, cc, F1, K1, in[2], 15); |
77 | ROUND(cc, dd, ee, aa, bb, F1, K1, in[3], 12); | 76 | ROUND(cc, dd, ee, aa, bb, F1, K1, in[3], 12); |
78 | ROUND(bb, cc, dd, ee, aa, F1, K1, in[4], 5); | 77 | ROUND(bb, cc, dd, ee, aa, F1, K1, in[4], 5); |
79 | ROUND(aa, bb, cc, dd, ee, F1, K1, in[5], 8); | 78 | ROUND(aa, bb, cc, dd, ee, F1, K1, in[5], 8); |
80 | ROUND(ee, aa, bb, cc, dd, F1, K1, in[6], 7); | 79 | ROUND(ee, aa, bb, cc, dd, F1, K1, in[6], 7); |
81 | ROUND(dd, ee, aa, bb, cc, F1, K1, in[7], 9); | 80 | ROUND(dd, ee, aa, bb, cc, F1, K1, in[7], 9); |
82 | ROUND(cc, dd, ee, aa, bb, F1, K1, in[8], 11); | 81 | ROUND(cc, dd, ee, aa, bb, F1, K1, in[8], 11); |
83 | ROUND(bb, cc, dd, ee, aa, F1, K1, in[9], 13); | 82 | ROUND(bb, cc, dd, ee, aa, F1, K1, in[9], 13); |
84 | ROUND(aa, bb, cc, dd, ee, F1, K1, in[10], 14); | 83 | ROUND(aa, bb, cc, dd, ee, F1, K1, in[10], 14); |
85 | ROUND(ee, aa, bb, cc, dd, F1, K1, in[11], 15); | 84 | ROUND(ee, aa, bb, cc, dd, F1, K1, in[11], 15); |
86 | ROUND(dd, ee, aa, bb, cc, F1, K1, in[12], 6); | 85 | ROUND(dd, ee, aa, bb, cc, F1, K1, in[12], 6); |
87 | ROUND(cc, dd, ee, aa, bb, F1, K1, in[13], 7); | 86 | ROUND(cc, dd, ee, aa, bb, F1, K1, in[13], 7); |
88 | ROUND(bb, cc, dd, ee, aa, F1, K1, in[14], 9); | 87 | ROUND(bb, cc, dd, ee, aa, F1, K1, in[14], 9); |
89 | ROUND(aa, bb, cc, dd, ee, F1, K1, in[15], 8); | 88 | ROUND(aa, bb, cc, dd, ee, F1, K1, in[15], 8); |
90 | 89 | ||
91 | /* round 1: right lane */ | 90 | /* round 1: right lane */ |
92 | ROUND(aaa, bbb, ccc, ddd, eee, F5, KK1, in[5], 8); | 91 | ROUND(aaa, bbb, ccc, ddd, eee, F5, KK1, in[5], 8); |
93 | ROUND(eee, aaa, bbb, ccc, ddd, F5, KK1, in[14], 9); | 92 | ROUND(eee, aaa, bbb, ccc, ddd, F5, KK1, in[14], 9); |
94 | ROUND(ddd, eee, aaa, bbb, ccc, F5, KK1, in[7], 9); | 93 | ROUND(ddd, eee, aaa, bbb, ccc, F5, KK1, in[7], 9); |
95 | ROUND(ccc, ddd, eee, aaa, bbb, F5, KK1, in[0], 11); | 94 | ROUND(ccc, ddd, eee, aaa, bbb, F5, KK1, in[0], 11); |
96 | ROUND(bbb, ccc, ddd, eee, aaa, F5, KK1, in[9], 13); | 95 | ROUND(bbb, ccc, ddd, eee, aaa, F5, KK1, in[9], 13); |
97 | ROUND(aaa, bbb, ccc, ddd, eee, F5, KK1, in[2], 15); | 96 | ROUND(aaa, bbb, ccc, ddd, eee, F5, KK1, in[2], 15); |
98 | ROUND(eee, aaa, bbb, ccc, ddd, F5, KK1, in[11], 15); | 97 | ROUND(eee, aaa, bbb, ccc, ddd, F5, KK1, in[11], 15); |
99 | ROUND(ddd, eee, aaa, bbb, ccc, F5, KK1, in[4], 5); | 98 | ROUND(ddd, eee, aaa, bbb, ccc, F5, KK1, in[4], 5); |
100 | ROUND(ccc, ddd, eee, aaa, bbb, F5, KK1, in[13], 7); | 99 | ROUND(ccc, ddd, eee, aaa, bbb, F5, KK1, in[13], 7); |
101 | ROUND(bbb, ccc, ddd, eee, aaa, F5, KK1, in[6], 7); | 100 | ROUND(bbb, ccc, ddd, eee, aaa, F5, KK1, in[6], 7); |
102 | ROUND(aaa, bbb, ccc, ddd, eee, F5, KK1, in[15], 8); | 101 | ROUND(aaa, bbb, ccc, ddd, eee, F5, KK1, in[15], 8); |
103 | ROUND(eee, aaa, bbb, ccc, ddd, F5, KK1, in[8], 11); | 102 | ROUND(eee, aaa, bbb, ccc, ddd, F5, KK1, in[8], 11); |
104 | ROUND(ddd, eee, aaa, bbb, ccc, F5, KK1, in[1], 14); | 103 | ROUND(ddd, eee, aaa, bbb, ccc, F5, KK1, in[1], 14); |
105 | ROUND(ccc, ddd, eee, aaa, bbb, F5, KK1, in[10], 14); | 104 | ROUND(ccc, ddd, eee, aaa, bbb, F5, KK1, in[10], 14); |
106 | ROUND(bbb, ccc, ddd, eee, aaa, F5, KK1, in[3], 12); | 105 | ROUND(bbb, ccc, ddd, eee, aaa, F5, KK1, in[3], 12); |
107 | ROUND(aaa, bbb, ccc, ddd, eee, F5, KK1, in[12], 6); | 106 | ROUND(aaa, bbb, ccc, ddd, eee, F5, KK1, in[12], 6); |
108 | 107 | ||
109 | /* Swap contents of "a" registers */ | 108 | /* Swap contents of "a" registers */ |
110 | tmp = aa; aa = aaa; aaa = tmp; | 109 | tmp = aa; aa = aaa; aaa = tmp; |
111 | 110 | ||
112 | /* round 2: left lane" */ | 111 | /* round 2: left lane" */ |
113 | ROUND(ee, aa, bb, cc, dd, F2, K2, in[7], 7); | 112 | ROUND(ee, aa, bb, cc, dd, F2, K2, in[7], 7); |
114 | ROUND(dd, ee, aa, bb, cc, F2, K2, in[4], 6); | 113 | ROUND(dd, ee, aa, bb, cc, F2, K2, in[4], 6); |
115 | ROUND(cc, dd, ee, aa, bb, F2, K2, in[13], 8); | 114 | ROUND(cc, dd, ee, aa, bb, F2, K2, in[13], 8); |
116 | ROUND(bb, cc, dd, ee, aa, F2, K2, in[1], 13); | 115 | ROUND(bb, cc, dd, ee, aa, F2, K2, in[1], 13); |
117 | ROUND(aa, bb, cc, dd, ee, F2, K2, in[10], 11); | 116 | ROUND(aa, bb, cc, dd, ee, F2, K2, in[10], 11); |
118 | ROUND(ee, aa, bb, cc, dd, F2, K2, in[6], 9); | 117 | ROUND(ee, aa, bb, cc, dd, F2, K2, in[6], 9); |
119 | ROUND(dd, ee, aa, bb, cc, F2, K2, in[15], 7); | 118 | ROUND(dd, ee, aa, bb, cc, F2, K2, in[15], 7); |
120 | ROUND(cc, dd, ee, aa, bb, F2, K2, in[3], 15); | 119 | ROUND(cc, dd, ee, aa, bb, F2, K2, in[3], 15); |
121 | ROUND(bb, cc, dd, ee, aa, F2, K2, in[12], 7); | 120 | ROUND(bb, cc, dd, ee, aa, F2, K2, in[12], 7); |
122 | ROUND(aa, bb, cc, dd, ee, F2, K2, in[0], 12); | 121 | ROUND(aa, bb, cc, dd, ee, F2, K2, in[0], 12); |
123 | ROUND(ee, aa, bb, cc, dd, F2, K2, in[9], 15); | 122 | ROUND(ee, aa, bb, cc, dd, F2, K2, in[9], 15); |
124 | ROUND(dd, ee, aa, bb, cc, F2, K2, in[5], 9); | 123 | ROUND(dd, ee, aa, bb, cc, F2, K2, in[5], 9); |
125 | ROUND(cc, dd, ee, aa, bb, F2, K2, in[2], 11); | 124 | ROUND(cc, dd, ee, aa, bb, F2, K2, in[2], 11); |
126 | ROUND(bb, cc, dd, ee, aa, F2, K2, in[14], 7); | 125 | ROUND(bb, cc, dd, ee, aa, F2, K2, in[14], 7); |
127 | ROUND(aa, bb, cc, dd, ee, F2, K2, in[11], 13); | 126 | ROUND(aa, bb, cc, dd, ee, F2, K2, in[11], 13); |
128 | ROUND(ee, aa, bb, cc, dd, F2, K2, in[8], 12); | 127 | ROUND(ee, aa, bb, cc, dd, F2, K2, in[8], 12); |
129 | 128 | ||
130 | /* round 2: right lane */ | 129 | /* round 2: right lane */ |
131 | ROUND(eee, aaa, bbb, ccc, ddd, F4, KK2, in[6], 9); | 130 | ROUND(eee, aaa, bbb, ccc, ddd, F4, KK2, in[6], 9); |
132 | ROUND(ddd, eee, aaa, bbb, ccc, F4, KK2, in[11], 13); | 131 | ROUND(ddd, eee, aaa, bbb, ccc, F4, KK2, in[11], 13); |
133 | ROUND(ccc, ddd, eee, aaa, bbb, F4, KK2, in[3], 15); | 132 | ROUND(ccc, ddd, eee, aaa, bbb, F4, KK2, in[3], 15); |
134 | ROUND(bbb, ccc, ddd, eee, aaa, F4, KK2, in[7], 7); | 133 | ROUND(bbb, ccc, ddd, eee, aaa, F4, KK2, in[7], 7); |
135 | ROUND(aaa, bbb, ccc, ddd, eee, F4, KK2, in[0], 12); | 134 | ROUND(aaa, bbb, ccc, ddd, eee, F4, KK2, in[0], 12); |
136 | ROUND(eee, aaa, bbb, ccc, ddd, F4, KK2, in[13], 8); | 135 | ROUND(eee, aaa, bbb, ccc, ddd, F4, KK2, in[13], 8); |
137 | ROUND(ddd, eee, aaa, bbb, ccc, F4, KK2, in[5], 9); | 136 | ROUND(ddd, eee, aaa, bbb, ccc, F4, KK2, in[5], 9); |
138 | ROUND(ccc, ddd, eee, aaa, bbb, F4, KK2, in[10], 11); | 137 | ROUND(ccc, ddd, eee, aaa, bbb, F4, KK2, in[10], 11); |
139 | ROUND(bbb, ccc, ddd, eee, aaa, F4, KK2, in[14], 7); | 138 | ROUND(bbb, ccc, ddd, eee, aaa, F4, KK2, in[14], 7); |
140 | ROUND(aaa, bbb, ccc, ddd, eee, F4, KK2, in[15], 7); | 139 | ROUND(aaa, bbb, ccc, ddd, eee, F4, KK2, in[15], 7); |
141 | ROUND(eee, aaa, bbb, ccc, ddd, F4, KK2, in[8], 12); | 140 | ROUND(eee, aaa, bbb, ccc, ddd, F4, KK2, in[8], 12); |
142 | ROUND(ddd, eee, aaa, bbb, ccc, F4, KK2, in[12], 7); | 141 | ROUND(ddd, eee, aaa, bbb, ccc, F4, KK2, in[12], 7); |
143 | ROUND(ccc, ddd, eee, aaa, bbb, F4, KK2, in[4], 6); | 142 | ROUND(ccc, ddd, eee, aaa, bbb, F4, KK2, in[4], 6); |
144 | ROUND(bbb, ccc, ddd, eee, aaa, F4, KK2, in[9], 15); | 143 | ROUND(bbb, ccc, ddd, eee, aaa, F4, KK2, in[9], 15); |
145 | ROUND(aaa, bbb, ccc, ddd, eee, F4, KK2, in[1], 13); | 144 | ROUND(aaa, bbb, ccc, ddd, eee, F4, KK2, in[1], 13); |
146 | ROUND(eee, aaa, bbb, ccc, ddd, F4, KK2, in[2], 11); | 145 | ROUND(eee, aaa, bbb, ccc, ddd, F4, KK2, in[2], 11); |
147 | 146 | ||
148 | /* Swap contents of "b" registers */ | 147 | /* Swap contents of "b" registers */ |
149 | tmp = bb; bb = bbb; bbb = tmp; | 148 | tmp = bb; bb = bbb; bbb = tmp; |
150 | 149 | ||
151 | /* round 3: left lane" */ | 150 | /* round 3: left lane" */ |
152 | ROUND(dd, ee, aa, bb, cc, F3, K3, in[3], 11); | 151 | ROUND(dd, ee, aa, bb, cc, F3, K3, in[3], 11); |
153 | ROUND(cc, dd, ee, aa, bb, F3, K3, in[10], 13); | 152 | ROUND(cc, dd, ee, aa, bb, F3, K3, in[10], 13); |
154 | ROUND(bb, cc, dd, ee, aa, F3, K3, in[14], 6); | 153 | ROUND(bb, cc, dd, ee, aa, F3, K3, in[14], 6); |
155 | ROUND(aa, bb, cc, dd, ee, F3, K3, in[4], 7); | 154 | ROUND(aa, bb, cc, dd, ee, F3, K3, in[4], 7); |
156 | ROUND(ee, aa, bb, cc, dd, F3, K3, in[9], 14); | 155 | ROUND(ee, aa, bb, cc, dd, F3, K3, in[9], 14); |
157 | ROUND(dd, ee, aa, bb, cc, F3, K3, in[15], 9); | 156 | ROUND(dd, ee, aa, bb, cc, F3, K3, in[15], 9); |
158 | ROUND(cc, dd, ee, aa, bb, F3, K3, in[8], 13); | 157 | ROUND(cc, dd, ee, aa, bb, F3, K3, in[8], 13); |
159 | ROUND(bb, cc, dd, ee, aa, F3, K3, in[1], 15); | 158 | ROUND(bb, cc, dd, ee, aa, F3, K3, in[1], 15); |
160 | ROUND(aa, bb, cc, dd, ee, F3, K3, in[2], 14); | 159 | ROUND(aa, bb, cc, dd, ee, F3, K3, in[2], 14); |
161 | ROUND(ee, aa, bb, cc, dd, F3, K3, in[7], 8); | 160 | ROUND(ee, aa, bb, cc, dd, F3, K3, in[7], 8); |
162 | ROUND(dd, ee, aa, bb, cc, F3, K3, in[0], 13); | 161 | ROUND(dd, ee, aa, bb, cc, F3, K3, in[0], 13); |
163 | ROUND(cc, dd, ee, aa, bb, F3, K3, in[6], 6); | 162 | ROUND(cc, dd, ee, aa, bb, F3, K3, in[6], 6); |
164 | ROUND(bb, cc, dd, ee, aa, F3, K3, in[13], 5); | 163 | ROUND(bb, cc, dd, ee, aa, F3, K3, in[13], 5); |
165 | ROUND(aa, bb, cc, dd, ee, F3, K3, in[11], 12); | 164 | ROUND(aa, bb, cc, dd, ee, F3, K3, in[11], 12); |
166 | ROUND(ee, aa, bb, cc, dd, F3, K3, in[5], 7); | 165 | ROUND(ee, aa, bb, cc, dd, F3, K3, in[5], 7); |
167 | ROUND(dd, ee, aa, bb, cc, F3, K3, in[12], 5); | 166 | ROUND(dd, ee, aa, bb, cc, F3, K3, in[12], 5); |
168 | 167 | ||
169 | /* round 3: right lane */ | 168 | /* round 3: right lane */ |
170 | ROUND(ddd, eee, aaa, bbb, ccc, F3, KK3, in[15], 9); | 169 | ROUND(ddd, eee, aaa, bbb, ccc, F3, KK3, in[15], 9); |
171 | ROUND(ccc, ddd, eee, aaa, bbb, F3, KK3, in[5], 7); | 170 | ROUND(ccc, ddd, eee, aaa, bbb, F3, KK3, in[5], 7); |
172 | ROUND(bbb, ccc, ddd, eee, aaa, F3, KK3, in[1], 15); | 171 | ROUND(bbb, ccc, ddd, eee, aaa, F3, KK3, in[1], 15); |
173 | ROUND(aaa, bbb, ccc, ddd, eee, F3, KK3, in[3], 11); | 172 | ROUND(aaa, bbb, ccc, ddd, eee, F3, KK3, in[3], 11); |
174 | ROUND(eee, aaa, bbb, ccc, ddd, F3, KK3, in[7], 8); | 173 | ROUND(eee, aaa, bbb, ccc, ddd, F3, KK3, in[7], 8); |
175 | ROUND(ddd, eee, aaa, bbb, ccc, F3, KK3, in[14], 6); | 174 | ROUND(ddd, eee, aaa, bbb, ccc, F3, KK3, in[14], 6); |
176 | ROUND(ccc, ddd, eee, aaa, bbb, F3, KK3, in[6], 6); | 175 | ROUND(ccc, ddd, eee, aaa, bbb, F3, KK3, in[6], 6); |
177 | ROUND(bbb, ccc, ddd, eee, aaa, F3, KK3, in[9], 14); | 176 | ROUND(bbb, ccc, ddd, eee, aaa, F3, KK3, in[9], 14); |
178 | ROUND(aaa, bbb, ccc, ddd, eee, F3, KK3, in[11], 12); | 177 | ROUND(aaa, bbb, ccc, ddd, eee, F3, KK3, in[11], 12); |
179 | ROUND(eee, aaa, bbb, ccc, ddd, F3, KK3, in[8], 13); | 178 | ROUND(eee, aaa, bbb, ccc, ddd, F3, KK3, in[8], 13); |
180 | ROUND(ddd, eee, aaa, bbb, ccc, F3, KK3, in[12], 5); | 179 | ROUND(ddd, eee, aaa, bbb, ccc, F3, KK3, in[12], 5); |
181 | ROUND(ccc, ddd, eee, aaa, bbb, F3, KK3, in[2], 14); | 180 | ROUND(ccc, ddd, eee, aaa, bbb, F3, KK3, in[2], 14); |
182 | ROUND(bbb, ccc, ddd, eee, aaa, F3, KK3, in[10], 13); | 181 | ROUND(bbb, ccc, ddd, eee, aaa, F3, KK3, in[10], 13); |
183 | ROUND(aaa, bbb, ccc, ddd, eee, F3, KK3, in[0], 13); | 182 | ROUND(aaa, bbb, ccc, ddd, eee, F3, KK3, in[0], 13); |
184 | ROUND(eee, aaa, bbb, ccc, ddd, F3, KK3, in[4], 7); | 183 | ROUND(eee, aaa, bbb, ccc, ddd, F3, KK3, in[4], 7); |
185 | ROUND(ddd, eee, aaa, bbb, ccc, F3, KK3, in[13], 5); | 184 | ROUND(ddd, eee, aaa, bbb, ccc, F3, KK3, in[13], 5); |
186 | 185 | ||
187 | /* Swap contents of "c" registers */ | 186 | /* Swap contents of "c" registers */ |
188 | tmp = cc; cc = ccc; ccc = tmp; | 187 | tmp = cc; cc = ccc; ccc = tmp; |
189 | 188 | ||
190 | /* round 4: left lane" */ | 189 | /* round 4: left lane" */ |
191 | ROUND(cc, dd, ee, aa, bb, F4, K4, in[1], 11); | 190 | ROUND(cc, dd, ee, aa, bb, F4, K4, in[1], 11); |
192 | ROUND(bb, cc, dd, ee, aa, F4, K4, in[9], 12); | 191 | ROUND(bb, cc, dd, ee, aa, F4, K4, in[9], 12); |
193 | ROUND(aa, bb, cc, dd, ee, F4, K4, in[11], 14); | 192 | ROUND(aa, bb, cc, dd, ee, F4, K4, in[11], 14); |
194 | ROUND(ee, aa, bb, cc, dd, F4, K4, in[10], 15); | 193 | ROUND(ee, aa, bb, cc, dd, F4, K4, in[10], 15); |
195 | ROUND(dd, ee, aa, bb, cc, F4, K4, in[0], 14); | 194 | ROUND(dd, ee, aa, bb, cc, F4, K4, in[0], 14); |
196 | ROUND(cc, dd, ee, aa, bb, F4, K4, in[8], 15); | 195 | ROUND(cc, dd, ee, aa, bb, F4, K4, in[8], 15); |
197 | ROUND(bb, cc, dd, ee, aa, F4, K4, in[12], 9); | 196 | ROUND(bb, cc, dd, ee, aa, F4, K4, in[12], 9); |
198 | ROUND(aa, bb, cc, dd, ee, F4, K4, in[4], 8); | 197 | ROUND(aa, bb, cc, dd, ee, F4, K4, in[4], 8); |
199 | ROUND(ee, aa, bb, cc, dd, F4, K4, in[13], 9); | 198 | ROUND(ee, aa, bb, cc, dd, F4, K4, in[13], 9); |
200 | ROUND(dd, ee, aa, bb, cc, F4, K4, in[3], 14); | 199 | ROUND(dd, ee, aa, bb, cc, F4, K4, in[3], 14); |
201 | ROUND(cc, dd, ee, aa, bb, F4, K4, in[7], 5); | 200 | ROUND(cc, dd, ee, aa, bb, F4, K4, in[7], 5); |
202 | ROUND(bb, cc, dd, ee, aa, F4, K4, in[15], 6); | 201 | ROUND(bb, cc, dd, ee, aa, F4, K4, in[15], 6); |
203 | ROUND(aa, bb, cc, dd, ee, F4, K4, in[14], 8); | 202 | ROUND(aa, bb, cc, dd, ee, F4, K4, in[14], 8); |
204 | ROUND(ee, aa, bb, cc, dd, F4, K4, in[5], 6); | 203 | ROUND(ee, aa, bb, cc, dd, F4, K4, in[5], 6); |
205 | ROUND(dd, ee, aa, bb, cc, F4, K4, in[6], 5); | 204 | ROUND(dd, ee, aa, bb, cc, F4, K4, in[6], 5); |
206 | ROUND(cc, dd, ee, aa, bb, F4, K4, in[2], 12); | 205 | ROUND(cc, dd, ee, aa, bb, F4, K4, in[2], 12); |
207 | 206 | ||
208 | /* round 4: right lane */ | 207 | /* round 4: right lane */ |
209 | ROUND(ccc, ddd, eee, aaa, bbb, F2, KK4, in[8], 15); | 208 | ROUND(ccc, ddd, eee, aaa, bbb, F2, KK4, in[8], 15); |
210 | ROUND(bbb, ccc, ddd, eee, aaa, F2, KK4, in[6], 5); | 209 | ROUND(bbb, ccc, ddd, eee, aaa, F2, KK4, in[6], 5); |
211 | ROUND(aaa, bbb, ccc, ddd, eee, F2, KK4, in[4], 8); | 210 | ROUND(aaa, bbb, ccc, ddd, eee, F2, KK4, in[4], 8); |
212 | ROUND(eee, aaa, bbb, ccc, ddd, F2, KK4, in[1], 11); | 211 | ROUND(eee, aaa, bbb, ccc, ddd, F2, KK4, in[1], 11); |
213 | ROUND(ddd, eee, aaa, bbb, ccc, F2, KK4, in[3], 14); | 212 | ROUND(ddd, eee, aaa, bbb, ccc, F2, KK4, in[3], 14); |
214 | ROUND(ccc, ddd, eee, aaa, bbb, F2, KK4, in[11], 14); | 213 | ROUND(ccc, ddd, eee, aaa, bbb, F2, KK4, in[11], 14); |
215 | ROUND(bbb, ccc, ddd, eee, aaa, F2, KK4, in[15], 6); | 214 | ROUND(bbb, ccc, ddd, eee, aaa, F2, KK4, in[15], 6); |
216 | ROUND(aaa, bbb, ccc, ddd, eee, F2, KK4, in[0], 14); | 215 | ROUND(aaa, bbb, ccc, ddd, eee, F2, KK4, in[0], 14); |
217 | ROUND(eee, aaa, bbb, ccc, ddd, F2, KK4, in[5], 6); | 216 | ROUND(eee, aaa, bbb, ccc, ddd, F2, KK4, in[5], 6); |
218 | ROUND(ddd, eee, aaa, bbb, ccc, F2, KK4, in[12], 9); | 217 | ROUND(ddd, eee, aaa, bbb, ccc, F2, KK4, in[12], 9); |
219 | ROUND(ccc, ddd, eee, aaa, bbb, F2, KK4, in[2], 12); | 218 | ROUND(ccc, ddd, eee, aaa, bbb, F2, KK4, in[2], 12); |
220 | ROUND(bbb, ccc, ddd, eee, aaa, F2, KK4, in[13], 9); | 219 | ROUND(bbb, ccc, ddd, eee, aaa, F2, KK4, in[13], 9); |
221 | ROUND(aaa, bbb, ccc, ddd, eee, F2, KK4, in[9], 12); | 220 | ROUND(aaa, bbb, ccc, ddd, eee, F2, KK4, in[9], 12); |
222 | ROUND(eee, aaa, bbb, ccc, ddd, F2, KK4, in[7], 5); | 221 | ROUND(eee, aaa, bbb, ccc, ddd, F2, KK4, in[7], 5); |
223 | ROUND(ddd, eee, aaa, bbb, ccc, F2, KK4, in[10], 15); | 222 | ROUND(ddd, eee, aaa, bbb, ccc, F2, KK4, in[10], 15); |
224 | ROUND(ccc, ddd, eee, aaa, bbb, F2, KK4, in[14], 8); | 223 | ROUND(ccc, ddd, eee, aaa, bbb, F2, KK4, in[14], 8); |
225 | 224 | ||
226 | /* Swap contents of "d" registers */ | 225 | /* Swap contents of "d" registers */ |
227 | tmp = dd; dd = ddd; ddd = tmp; | 226 | tmp = dd; dd = ddd; ddd = tmp; |
228 | 227 | ||
229 | /* round 5: left lane" */ | 228 | /* round 5: left lane" */ |
230 | ROUND(bb, cc, dd, ee, aa, F5, K5, in[4], 9); | 229 | ROUND(bb, cc, dd, ee, aa, F5, K5, in[4], 9); |
231 | ROUND(aa, bb, cc, dd, ee, F5, K5, in[0], 15); | 230 | ROUND(aa, bb, cc, dd, ee, F5, K5, in[0], 15); |
232 | ROUND(ee, aa, bb, cc, dd, F5, K5, in[5], 5); | 231 | ROUND(ee, aa, bb, cc, dd, F5, K5, in[5], 5); |
233 | ROUND(dd, ee, aa, bb, cc, F5, K5, in[9], 11); | 232 | ROUND(dd, ee, aa, bb, cc, F5, K5, in[9], 11); |
234 | ROUND(cc, dd, ee, aa, bb, F5, K5, in[7], 6); | 233 | ROUND(cc, dd, ee, aa, bb, F5, K5, in[7], 6); |
235 | ROUND(bb, cc, dd, ee, aa, F5, K5, in[12], 8); | 234 | ROUND(bb, cc, dd, ee, aa, F5, K5, in[12], 8); |
236 | ROUND(aa, bb, cc, dd, ee, F5, K5, in[2], 13); | 235 | ROUND(aa, bb, cc, dd, ee, F5, K5, in[2], 13); |
237 | ROUND(ee, aa, bb, cc, dd, F5, K5, in[10], 12); | 236 | ROUND(ee, aa, bb, cc, dd, F5, K5, in[10], 12); |
238 | ROUND(dd, ee, aa, bb, cc, F5, K5, in[14], 5); | 237 | ROUND(dd, ee, aa, bb, cc, F5, K5, in[14], 5); |
239 | ROUND(cc, dd, ee, aa, bb, F5, K5, in[1], 12); | 238 | ROUND(cc, dd, ee, aa, bb, F5, K5, in[1], 12); |
240 | ROUND(bb, cc, dd, ee, aa, F5, K5, in[3], 13); | 239 | ROUND(bb, cc, dd, ee, aa, F5, K5, in[3], 13); |
241 | ROUND(aa, bb, cc, dd, ee, F5, K5, in[8], 14); | 240 | ROUND(aa, bb, cc, dd, ee, F5, K5, in[8], 14); |
242 | ROUND(ee, aa, bb, cc, dd, F5, K5, in[11], 11); | 241 | ROUND(ee, aa, bb, cc, dd, F5, K5, in[11], 11); |
243 | ROUND(dd, ee, aa, bb, cc, F5, K5, in[6], 8); | 242 | ROUND(dd, ee, aa, bb, cc, F5, K5, in[6], 8); |
244 | ROUND(cc, dd, ee, aa, bb, F5, K5, in[15], 5); | 243 | ROUND(cc, dd, ee, aa, bb, F5, K5, in[15], 5); |
245 | ROUND(bb, cc, dd, ee, aa, F5, K5, in[13], 6); | 244 | ROUND(bb, cc, dd, ee, aa, F5, K5, in[13], 6); |
246 | 245 | ||
247 | /* round 5: right lane */ | 246 | /* round 5: right lane */ |
248 | ROUND(bbb, ccc, ddd, eee, aaa, F1, KK5, in[12], 8); | 247 | ROUND(bbb, ccc, ddd, eee, aaa, F1, KK5, in[12], 8); |
249 | ROUND(aaa, bbb, ccc, ddd, eee, F1, KK5, in[15], 5); | 248 | ROUND(aaa, bbb, ccc, ddd, eee, F1, KK5, in[15], 5); |
250 | ROUND(eee, aaa, bbb, ccc, ddd, F1, KK5, in[10], 12); | 249 | ROUND(eee, aaa, bbb, ccc, ddd, F1, KK5, in[10], 12); |
251 | ROUND(ddd, eee, aaa, bbb, ccc, F1, KK5, in[4], 9); | 250 | ROUND(ddd, eee, aaa, bbb, ccc, F1, KK5, in[4], 9); |
252 | ROUND(ccc, ddd, eee, aaa, bbb, F1, KK5, in[1], 12); | 251 | ROUND(ccc, ddd, eee, aaa, bbb, F1, KK5, in[1], 12); |
253 | ROUND(bbb, ccc, ddd, eee, aaa, F1, KK5, in[5], 5); | 252 | ROUND(bbb, ccc, ddd, eee, aaa, F1, KK5, in[5], 5); |
254 | ROUND(aaa, bbb, ccc, ddd, eee, F1, KK5, in[8], 14); | 253 | ROUND(aaa, bbb, ccc, ddd, eee, F1, KK5, in[8], 14); |
255 | ROUND(eee, aaa, bbb, ccc, ddd, F1, KK5, in[7], 6); | 254 | ROUND(eee, aaa, bbb, ccc, ddd, F1, KK5, in[7], 6); |
256 | ROUND(ddd, eee, aaa, bbb, ccc, F1, KK5, in[6], 8); | 255 | ROUND(ddd, eee, aaa, bbb, ccc, F1, KK5, in[6], 8); |
257 | ROUND(ccc, ddd, eee, aaa, bbb, F1, KK5, in[2], 13); | 256 | ROUND(ccc, ddd, eee, aaa, bbb, F1, KK5, in[2], 13); |
258 | ROUND(bbb, ccc, ddd, eee, aaa, F1, KK5, in[13], 6); | 257 | ROUND(bbb, ccc, ddd, eee, aaa, F1, KK5, in[13], 6); |
259 | ROUND(aaa, bbb, ccc, ddd, eee, F1, KK5, in[14], 5); | 258 | ROUND(aaa, bbb, ccc, ddd, eee, F1, KK5, in[14], 5); |
260 | ROUND(eee, aaa, bbb, ccc, ddd, F1, KK5, in[0], 15); | 259 | ROUND(eee, aaa, bbb, ccc, ddd, F1, KK5, in[0], 15); |
261 | ROUND(ddd, eee, aaa, bbb, ccc, F1, KK5, in[3], 13); | 260 | ROUND(ddd, eee, aaa, bbb, ccc, F1, KK5, in[3], 13); |
262 | ROUND(ccc, ddd, eee, aaa, bbb, F1, KK5, in[9], 11); | 261 | ROUND(ccc, ddd, eee, aaa, bbb, F1, KK5, in[9], 11); |
263 | ROUND(bbb, ccc, ddd, eee, aaa, F1, KK5, in[11], 11); | 262 | ROUND(bbb, ccc, ddd, eee, aaa, F1, KK5, in[11], 11); |
264 | 263 | ||
265 | /* Swap contents of "e" registers */ | 264 | /* Swap contents of "e" registers */ |
266 | tmp = ee; ee = eee; eee = tmp; | 265 | tmp = ee; ee = eee; eee = tmp; |
267 | 266 | ||
268 | /* combine results */ | 267 | /* combine results */ |
269 | state[0] += aa; | 268 | state[0] += aa; |
270 | state[1] += bb; | 269 | state[1] += bb; |
271 | state[2] += cc; | 270 | state[2] += cc; |
272 | state[3] += dd; | 271 | state[3] += dd; |
273 | state[4] += ee; | 272 | state[4] += ee; |
274 | state[5] += aaa; | 273 | state[5] += aaa; |
275 | state[6] += bbb; | 274 | state[6] += bbb; |
276 | state[7] += ccc; | 275 | state[7] += ccc; |
277 | state[8] += ddd; | 276 | state[8] += ddd; |
278 | state[9] += eee; | 277 | state[9] += eee; |
279 | 278 | ||
280 | return; | 279 | return; |
281 | } | 280 | } |
282 | 281 | ||
283 | static void rmd320_init(struct crypto_tfm *tfm) | 282 | static int rmd320_init(struct shash_desc *desc) |
284 | { | 283 | { |
285 | struct rmd320_ctx *rctx = crypto_tfm_ctx(tfm); | 284 | struct rmd320_ctx *rctx = shash_desc_ctx(desc); |
286 | 285 | ||
287 | rctx->byte_count = 0; | 286 | rctx->byte_count = 0; |
288 | 287 | ||
289 | rctx->state[0] = RMD_H0; | 288 | rctx->state[0] = RMD_H0; |
290 | rctx->state[1] = RMD_H1; | 289 | rctx->state[1] = RMD_H1; |
291 | rctx->state[2] = RMD_H2; | 290 | rctx->state[2] = RMD_H2; |
292 | rctx->state[3] = RMD_H3; | 291 | rctx->state[3] = RMD_H3; |
293 | rctx->state[4] = RMD_H4; | 292 | rctx->state[4] = RMD_H4; |
294 | rctx->state[5] = RMD_H5; | 293 | rctx->state[5] = RMD_H5; |
295 | rctx->state[6] = RMD_H6; | 294 | rctx->state[6] = RMD_H6; |
296 | rctx->state[7] = RMD_H7; | 295 | rctx->state[7] = RMD_H7; |
297 | rctx->state[8] = RMD_H8; | 296 | rctx->state[8] = RMD_H8; |
298 | rctx->state[9] = RMD_H9; | 297 | rctx->state[9] = RMD_H9; |
299 | 298 | ||
300 | memset(rctx->buffer, 0, sizeof(rctx->buffer)); | 299 | memset(rctx->buffer, 0, sizeof(rctx->buffer)); |
300 | |||
301 | return 0; | ||
301 | } | 302 | } |
302 | 303 | ||
303 | static void rmd320_update(struct crypto_tfm *tfm, const u8 *data, | 304 | static int rmd320_update(struct shash_desc *desc, const u8 *data, |
304 | unsigned int len) | 305 | unsigned int len) |
305 | { | 306 | { |
306 | struct rmd320_ctx *rctx = crypto_tfm_ctx(tfm); | 307 | struct rmd320_ctx *rctx = shash_desc_ctx(desc); |
307 | const u32 avail = sizeof(rctx->buffer) - (rctx->byte_count & 0x3f); | 308 | const u32 avail = sizeof(rctx->buffer) - (rctx->byte_count & 0x3f); |
308 | 309 | ||
309 | rctx->byte_count += len; | 310 | rctx->byte_count += len; |
310 | 311 | ||
311 | /* Enough space in buffer? If so copy and we're done */ | 312 | /* Enough space in buffer? If so copy and we're done */ |
312 | if (avail > len) { | 313 | if (avail > len) { |
313 | memcpy((char *)rctx->buffer + (sizeof(rctx->buffer) - avail), | 314 | memcpy((char *)rctx->buffer + (sizeof(rctx->buffer) - avail), |
314 | data, len); | 315 | data, len); |
315 | return; | 316 | goto out; |
316 | } | 317 | } |
317 | 318 | ||
318 | memcpy((char *)rctx->buffer + (sizeof(rctx->buffer) - avail), | 319 | memcpy((char *)rctx->buffer + (sizeof(rctx->buffer) - avail), |
319 | data, avail); | 320 | data, avail); |
320 | 321 | ||
321 | rmd320_transform(rctx->state, rctx->buffer); | 322 | rmd320_transform(rctx->state, rctx->buffer); |
322 | data += avail; | 323 | data += avail; |
323 | len -= avail; | 324 | len -= avail; |
324 | 325 | ||
325 | while (len >= sizeof(rctx->buffer)) { | 326 | while (len >= sizeof(rctx->buffer)) { |
326 | memcpy(rctx->buffer, data, sizeof(rctx->buffer)); | 327 | memcpy(rctx->buffer, data, sizeof(rctx->buffer)); |
327 | rmd320_transform(rctx->state, rctx->buffer); | 328 | rmd320_transform(rctx->state, rctx->buffer); |
328 | data += sizeof(rctx->buffer); | 329 | data += sizeof(rctx->buffer); |
329 | len -= sizeof(rctx->buffer); | 330 | len -= sizeof(rctx->buffer); |
330 | } | 331 | } |
331 | 332 | ||
332 | memcpy(rctx->buffer, data, len); | 333 | memcpy(rctx->buffer, data, len); |
334 | |||
335 | out: | ||
336 | return 0; | ||
333 | } | 337 | } |
334 | 338 | ||
335 | /* Add padding and return the message digest. */ | 339 | /* Add padding and return the message digest. */ |
336 | static void rmd320_final(struct crypto_tfm *tfm, u8 *out) | 340 | static int rmd320_final(struct shash_desc *desc, u8 *out) |
337 | { | 341 | { |
338 | struct rmd320_ctx *rctx = crypto_tfm_ctx(tfm); | 342 | struct rmd320_ctx *rctx = shash_desc_ctx(desc); |
339 | u32 i, index, padlen; | 343 | u32 i, index, padlen; |
340 | __le64 bits; | 344 | __le64 bits; |
341 | __le32 *dst = (__le32 *)out; | 345 | __le32 *dst = (__le32 *)out; |
342 | static const u8 padding[64] = { 0x80, }; | 346 | static const u8 padding[64] = { 0x80, }; |
343 | 347 | ||
344 | bits = cpu_to_le64(rctx->byte_count << 3); | 348 | bits = cpu_to_le64(rctx->byte_count << 3); |
345 | 349 | ||
346 | /* Pad out to 56 mod 64 */ | 350 | /* Pad out to 56 mod 64 */ |
347 | index = rctx->byte_count & 0x3f; | 351 | index = rctx->byte_count & 0x3f; |
348 | padlen = (index < 56) ? (56 - index) : ((64+56) - index); | 352 | padlen = (index < 56) ? (56 - index) : ((64+56) - index); |
349 | rmd320_update(tfm, padding, padlen); | 353 | rmd320_update(desc, padding, padlen); |
350 | 354 | ||
351 | /* Append length */ | 355 | /* Append length */ |
352 | rmd320_update(tfm, (const u8 *)&bits, sizeof(bits)); | 356 | rmd320_update(desc, (const u8 *)&bits, sizeof(bits)); |
353 | 357 | ||
354 | /* Store state in digest */ | 358 | /* Store state in digest */ |
355 | for (i = 0; i < 10; i++) | 359 | for (i = 0; i < 10; i++) |
356 | dst[i] = cpu_to_le32p(&rctx->state[i]); | 360 | dst[i] = cpu_to_le32p(&rctx->state[i]); |
357 | 361 | ||
358 | /* Wipe context */ | 362 | /* Wipe context */ |
359 | memset(rctx, 0, sizeof(*rctx)); | 363 | memset(rctx, 0, sizeof(*rctx)); |
364 | |||
365 | return 0; | ||
360 | } | 366 | } |
361 | 367 | ||
362 | static struct crypto_alg alg = { | 368 | static struct shash_alg alg = { |
363 | .cra_name = "rmd320", | 369 | .digestsize = RMD320_DIGEST_SIZE, |
364 | .cra_driver_name = "rmd320", | 370 | .init = rmd320_init, |
365 | .cra_flags = CRYPTO_ALG_TYPE_DIGEST, | 371 | .update = rmd320_update, |
366 | .cra_blocksize = RMD320_BLOCK_SIZE, | 372 | .final = rmd320_final, |
367 | .cra_ctxsize = sizeof(struct rmd320_ctx), | 373 | .descsize = sizeof(struct rmd320_ctx), |
368 | .cra_module = THIS_MODULE, | 374 | .base = { |
369 | .cra_list = LIST_HEAD_INIT(alg.cra_list), | 375 | .cra_name = "rmd320", |
370 | .cra_u = { .digest = { | 376 | .cra_flags = CRYPTO_ALG_TYPE_SHASH, |
371 | .dia_digestsize = RMD320_DIGEST_SIZE, | 377 | .cra_blocksize = RMD320_BLOCK_SIZE, |
372 | .dia_init = rmd320_init, | 378 | .cra_module = THIS_MODULE, |
373 | .dia_update = rmd320_update, | 379 | } |
374 | .dia_final = rmd320_final } } | ||
375 | }; | 380 | }; |
376 | 381 | ||
377 | static int __init rmd320_mod_init(void) | 382 | static int __init rmd320_mod_init(void) |
378 | { | 383 | { |
379 | return crypto_register_alg(&alg); | 384 | return crypto_register_shash(&alg); |
380 | } | 385 | } |
381 | 386 | ||
382 | static void __exit rmd320_mod_fini(void) | 387 | static void __exit rmd320_mod_fini(void) |
383 | { | 388 | { |
384 | crypto_unregister_alg(&alg); | 389 | crypto_unregister_shash(&alg); |
385 | } | 390 | } |
386 | 391 | ||
387 | module_init(rmd320_mod_init); | 392 | module_init(rmd320_mod_init); |
388 | module_exit(rmd320_mod_fini); | 393 | module_exit(rmd320_mod_fini); |
389 | 394 |