Eric Lee / linux-smarc-t335x-v3.2

Download as
Browse Code ยป

Commit f19f5111c94053ba4931892f5c01c806de33942e

Authored by Rik Snel
Committed by David S. Miller
1 parent 5aaff0c8f7
Exists in master and in 4 other branches v3.2_AM335xPSP_04.06.00.11, v3.2_NEWT335xPSP_04.06.00.11, v3.2_SBC_SMARTMEN, v3.2_SMARCT335xPSP_04.06.00.11

[CRYPTO] xts: XTS blockcipher mode implementation without partial blocks 

XTS currently considered to be the successor of the LRW mode by the IEEE1619
workgroup. LRW was discarded, because it was not secure if the encyption key
itself is encrypted with LRW.

XTS does not have this problem. The implementation is pretty straightforward,
a new function was added to gf128mul to handle GF(128) elements in ble format.
Four testvectors from the specification
	http://grouper.ieee.org/groups/1619/email/pdf00086.pdf
were added, and they verify on my system.

Signed-off-by: Rik Snel <rsnel@cube.dyndns.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

Showing 7 changed files with 746 additions and 0 deletions Side-by-side Diff

... ... @@ -184,6 +184,17 @@
184 184 The first 128, 192 or 256 bits in the key are used for AES and the
185 185 rest is used to tie each cipher block to its logical position.
186 186  
  187 +config CRYPTO_XTS
  188 + tristate "XTS support (EXPERIMENTAL)"
  189 + depends on EXPERIMENTAL
  190 + select CRYPTO_BLKCIPHER
  191 + select CRYPTO_MANAGER
  192 + select CRYPTO_GF128MUL
  193 + help
  194 + XTS: IEEE1619/D16 narrow block cipher use with aes-xts-plain,
  195 + key size 256, 384 or 512 bits. This implementation currently
  196 + can't handle a sectorsize which is not a multiple of 16 bytes.
  197 +
187 198 config CRYPTO_CRYPTD
188 199 tristate "Software async crypto daemon"
189 200 select CRYPTO_ABLKCIPHER
... ... @@ -31,6 +31,7 @@
31 31 obj-$(CONFIG_CRYPTO_CBC) += cbc.o
32 32 obj-$(CONFIG_CRYPTO_PCBC) += pcbc.o
33 33 obj-$(CONFIG_CRYPTO_LRW) += lrw.o
  34 +obj-$(CONFIG_CRYPTO_XTS) += xts.o
34 35 obj-$(CONFIG_CRYPTO_CRYPTD) += cryptd.o
35 36 obj-$(CONFIG_CRYPTO_DES) += des.o
36 37 obj-$(CONFIG_CRYPTO_FCRYPT) += fcrypt.o
... ... @@ -142,6 +142,17 @@
142 142 r->b = cpu_to_be64((b << 1) ^ _tt);
143 143 }
144 144  
  145 +void gf128mul_x_ble(be128 *r, const be128 *x)
  146 +{
  147 + u64 a = le64_to_cpu(x->a);
  148 + u64 b = le64_to_cpu(x->b);
  149 + u64 _tt = gf128mul_table_bbe[b >> 63];
  150 +
  151 + r->a = cpu_to_le64((a << 1) ^ _tt);
  152 + r->b = cpu_to_le64((b << 1) | (a >> 63));
  153 +}
  154 +EXPORT_SYMBOL(gf128mul_x_ble);
  155 +
145 156 static void gf128mul_x8_lle(be128 *x)
146 157 {
147 158 u64 a = be64_to_cpu(x->a);
... ... @@ -955,6 +955,10 @@
955 955 AES_LRW_ENC_TEST_VECTORS);
956 956 test_cipher("lrw(aes)", DECRYPT, aes_lrw_dec_tv_template,
957 957 AES_LRW_DEC_TEST_VECTORS);
  958 + test_cipher("xts(aes)", ENCRYPT, aes_xts_enc_tv_template,
  959 + AES_XTS_ENC_TEST_VECTORS);
  960 + test_cipher("xts(aes)", DECRYPT, aes_xts_dec_tv_template,
  961 + AES_XTS_DEC_TEST_VECTORS);
958 962  
959 963 //CAST5
960 964 test_cipher("ecb(cast5)", ENCRYPT, cast5_enc_tv_template,
... ... @@ -1138,6 +1142,10 @@
1138 1142 AES_LRW_ENC_TEST_VECTORS);
1139 1143 test_cipher("lrw(aes)", DECRYPT, aes_lrw_dec_tv_template,
1140 1144 AES_LRW_DEC_TEST_VECTORS);
  1145 + test_cipher("xts(aes)", ENCRYPT, aes_xts_enc_tv_template,
  1146 + AES_XTS_ENC_TEST_VECTORS);
  1147 + test_cipher("xts(aes)", DECRYPT, aes_xts_dec_tv_template,
  1148 + AES_XTS_DEC_TEST_VECTORS);
1141 1149 break;
1142 1150  
1143 1151 case 11:
... ... @@ -1313,6 +1321,10 @@
1313 1321 aes_lrw_speed_template);
1314 1322 test_cipher_speed("lrw(aes)", DECRYPT, sec, NULL, 0,
1315 1323 aes_lrw_speed_template);
  1324 + test_cipher_speed("xts(aes)", ENCRYPT, sec, NULL, 0,
  1325 + aes_xts_speed_template);
  1326 + test_cipher_speed("xts(aes)", DECRYPT, sec, NULL, 0,
  1327 + aes_xts_speed_template);
1316 1328 break;
1317 1329  
1318 1330 case 201:
... ... @@ -2144,6 +2144,8 @@
2144 2144 #define AES_CBC_DEC_TEST_VECTORS 2
2145 2145 #define AES_LRW_ENC_TEST_VECTORS 8
2146 2146 #define AES_LRW_DEC_TEST_VECTORS 8
  2147 +#define AES_XTS_ENC_TEST_VECTORS 4
  2148 +#define AES_XTS_DEC_TEST_VECTORS 4
2147 2149  
2148 2150 static struct cipher_testvec aes_enc_tv_template[] = {
2149 2151 { /* From FIPS-197 */
... ... @@ -2784,6 +2786,400 @@
2784 2786 }
2785 2787 };
2786 2788  
  2789 +static struct cipher_testvec aes_xts_enc_tv_template[] = {
  2790 + /* http://grouper.ieee.org/groups/1619/email/pdf00086.pdf */
  2791 + { /* XTS-AES 1 */
  2792 + .key = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
  2793 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
  2794 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
  2795 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
  2796 + .klen = 32,
  2797 + .iv = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
  2798 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
  2799 + .input = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
  2800 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
  2801 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
  2802 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
  2803 + .ilen = 32,
  2804 + .result = { 0x91, 0x7c, 0xf6, 0x9e, 0xbd, 0x68, 0xb2, 0xec,
  2805 + 0x9b, 0x9f, 0xe9, 0xa3, 0xea, 0xdd, 0xa6, 0x92,
  2806 + 0xcd, 0x43, 0xd2, 0xf5, 0x95, 0x98, 0xed, 0x85,
  2807 + 0x8c, 0x02, 0xc2, 0x65, 0x2f, 0xbf, 0x92, 0x2e },
  2808 + .rlen = 32,
  2809 + }, { /* XTS-AES 2 */
  2810 + .key = { 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11,
  2811 + 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11,
  2812 + 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22,
  2813 + 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22 },
  2814 + .klen = 32,
  2815 + .iv = { 0x33, 0x33, 0x33, 0x33, 0x33, 0x00, 0x00, 0x00,
  2816 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
  2817 + .input = { 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44,
  2818 + 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44,
  2819 + 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44,
  2820 + 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44 },
  2821 + .ilen = 32,
  2822 + .result = { 0xc4, 0x54, 0x18, 0x5e, 0x6a, 0x16, 0x93, 0x6e,
  2823 + 0x39, 0x33, 0x40, 0x38, 0xac, 0xef, 0x83, 0x8b,
  2824 + 0xfb, 0x18, 0x6f, 0xff, 0x74, 0x80, 0xad, 0xc4,
  2825 + 0x28, 0x93, 0x82, 0xec, 0xd6, 0xd3, 0x94, 0xf0 },
  2826 + .rlen = 32,
  2827 + }, { /* XTS-AES 3 */
  2828 + .key = { 0xff, 0xfe, 0xfd, 0xfc, 0xfb, 0xfa, 0xf9, 0xf8,
  2829 + 0xf7, 0xf6, 0xf5, 0xf4, 0xf3, 0xf2, 0xf1, 0xf0,
  2830 + 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22,
  2831 + 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22 },
  2832 + .klen = 32,
  2833 + .iv = { 0x33, 0x33, 0x33, 0x33, 0x33, 0x00, 0x00, 0x00,
  2834 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
  2835 + .input = { 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44,
  2836 + 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44,
  2837 + 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44,
  2838 + 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44 },
  2839 + .ilen = 32,
  2840 + .result = { 0xaf, 0x85, 0x33, 0x6b, 0x59, 0x7a, 0xfc, 0x1a,
  2841 + 0x90, 0x0b, 0x2e, 0xb2, 0x1e, 0xc9, 0x49, 0xd2,
  2842 + 0x92, 0xdf, 0x4c, 0x04, 0x7e, 0x0b, 0x21, 0x53,
  2843 + 0x21, 0x86, 0xa5, 0x97, 0x1a, 0x22, 0x7a, 0x89 },
  2844 + .rlen = 32,
  2845 + }, { /* XTS-AES 4 */
  2846 + .key = { 0x27, 0x18, 0x28, 0x18, 0x28, 0x45, 0x90, 0x45,
  2847 + 0x23, 0x53, 0x60, 0x28, 0x74, 0x71, 0x35, 0x26,
  2848 + 0x31, 0x41, 0x59, 0x26, 0x53, 0x58, 0x97, 0x93,
  2849 + 0x23, 0x84, 0x62, 0x64, 0x33, 0x83, 0x27, 0x95 },
  2850 + .klen = 32,
  2851 + .iv = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
  2852 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
  2853 + .input = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
  2854 + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
  2855 + 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
  2856 + 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
  2857 + 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
  2858 + 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f,
  2859 + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
  2860 + 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f,
  2861 + 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47,
  2862 + 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f,
  2863 + 0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
  2864 + 0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f,
  2865 + 0x60, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67,
  2866 + 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f,
  2867 + 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77,
  2868 + 0x78, 0x79, 0x7a, 0x7b, 0x7c, 0x7d, 0x7e, 0x7f,
  2869 + 0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87,
  2870 + 0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f,
  2871 + 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97,
  2872 + 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f,
  2873 + 0xa0, 0xa1, 0xa2, 0xa3, 0xa4, 0xa5, 0xa6, 0xa7,
  2874 + 0xa8, 0xa9, 0xaa, 0xab, 0xac, 0xad, 0xae, 0xaf,
  2875 + 0xb0, 0xb1, 0xb2, 0xb3, 0xb4, 0xb5, 0xb6, 0xb7,
  2876 + 0xb8, 0xb9, 0xba, 0xbb, 0xbc, 0xbd, 0xbe, 0xbf,
  2877 + 0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7,
  2878 + 0xc8, 0xc9, 0xca, 0xcb, 0xcc, 0xcd, 0xce, 0xcf,
  2879 + 0xd0, 0xd1, 0xd2, 0xd3, 0xd4, 0xd5, 0xd6, 0xd7,
  2880 + 0xd8, 0xd9, 0xda, 0xdb, 0xdc, 0xdd, 0xde, 0xdf,
  2881 + 0xe0, 0xe1, 0xe2, 0xe3, 0xe4, 0xe5, 0xe6, 0xe7,
  2882 + 0xe8, 0xe9, 0xea, 0xeb, 0xec, 0xed, 0xee, 0xef,
  2883 + 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7,
  2884 + 0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd, 0xfe, 0xff,
  2885 + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
  2886 + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
  2887 + 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
  2888 + 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
  2889 + 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
  2890 + 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f,
  2891 + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
  2892 + 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f,
  2893 + 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47,
  2894 + 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f,
  2895 + 0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
  2896 + 0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f,
  2897 + 0x60, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67,
  2898 + 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f,
  2899 + 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77,
  2900 + 0x78, 0x79, 0x7a, 0x7b, 0x7c, 0x7d, 0x7e, 0x7f,
  2901 + 0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87,
  2902 + 0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f,
  2903 + 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97,
  2904 + 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f,
  2905 + 0xa0, 0xa1, 0xa2, 0xa3, 0xa4, 0xa5, 0xa6, 0xa7,
  2906 + 0xa8, 0xa9, 0xaa, 0xab, 0xac, 0xad, 0xae, 0xaf,
  2907 + 0xb0, 0xb1, 0xb2, 0xb3, 0xb4, 0xb5, 0xb6, 0xb7,
  2908 + 0xb8, 0xb9, 0xba, 0xbb, 0xbc, 0xbd, 0xbe, 0xbf,
  2909 + 0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7,
  2910 + 0xc8, 0xc9, 0xca, 0xcb, 0xcc, 0xcd, 0xce, 0xcf,
  2911 + 0xd0, 0xd1, 0xd2, 0xd3, 0xd4, 0xd5, 0xd6, 0xd7,
  2912 + 0xd8, 0xd9, 0xda, 0xdb, 0xdc, 0xdd, 0xde, 0xdf,
  2913 + 0xe0, 0xe1, 0xe2, 0xe3, 0xe4, 0xe5, 0xe6, 0xe7,
  2914 + 0xe8, 0xe9, 0xea, 0xeb, 0xec, 0xed, 0xee, 0xef,
  2915 + 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7,
  2916 + 0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd, 0xfe, 0xff },
  2917 + .ilen = 512,
  2918 + .result = { 0x27, 0xa7, 0x47, 0x9b, 0xef, 0xa1, 0xd4, 0x76,
  2919 + 0x48, 0x9f, 0x30, 0x8c, 0xd4, 0xcf, 0xa6, 0xe2,
  2920 + 0xa9, 0x6e, 0x4b, 0xbe, 0x32, 0x08, 0xff, 0x25,
  2921 + 0x28, 0x7d, 0xd3, 0x81, 0x96, 0x16, 0xe8, 0x9c,
  2922 + 0xc7, 0x8c, 0xf7, 0xf5, 0xe5, 0x43, 0x44, 0x5f,
  2923 + 0x83, 0x33, 0xd8, 0xfa, 0x7f, 0x56, 0x00, 0x00,
  2924 + 0x05, 0x27, 0x9f, 0xa5, 0xd8, 0xb5, 0xe4, 0xad,
  2925 + 0x40, 0xe7, 0x36, 0xdd, 0xb4, 0xd3, 0x54, 0x12,
  2926 + 0x32, 0x80, 0x63, 0xfd, 0x2a, 0xab, 0x53, 0xe5,
  2927 + 0xea, 0x1e, 0x0a, 0x9f, 0x33, 0x25, 0x00, 0xa5,
  2928 + 0xdf, 0x94, 0x87, 0xd0, 0x7a, 0x5c, 0x92, 0xcc,
  2929 + 0x51, 0x2c, 0x88, 0x66, 0xc7, 0xe8, 0x60, 0xce,
  2930 + 0x93, 0xfd, 0xf1, 0x66, 0xa2, 0x49, 0x12, 0xb4,
  2931 + 0x22, 0x97, 0x61, 0x46, 0xae, 0x20, 0xce, 0x84,
  2932 + 0x6b, 0xb7, 0xdc, 0x9b, 0xa9, 0x4a, 0x76, 0x7a,
  2933 + 0xae, 0xf2, 0x0c, 0x0d, 0x61, 0xad, 0x02, 0x65,
  2934 + 0x5e, 0xa9, 0x2d, 0xc4, 0xc4, 0xe4, 0x1a, 0x89,
  2935 + 0x52, 0xc6, 0x51, 0xd3, 0x31, 0x74, 0xbe, 0x51,
  2936 + 0xa1, 0x0c, 0x42, 0x11, 0x10, 0xe6, 0xd8, 0x15,
  2937 + 0x88, 0xed, 0xe8, 0x21, 0x03, 0xa2, 0x52, 0xd8,
  2938 + 0xa7, 0x50, 0xe8, 0x76, 0x8d, 0xef, 0xff, 0xed,
  2939 + 0x91, 0x22, 0x81, 0x0a, 0xae, 0xb9, 0x9f, 0x91,
  2940 + 0x72, 0xaf, 0x82, 0xb6, 0x04, 0xdc, 0x4b, 0x8e,
  2941 + 0x51, 0xbc, 0xb0, 0x82, 0x35, 0xa6, 0xf4, 0x34,
  2942 + 0x13, 0x32, 0xe4, 0xca, 0x60, 0x48, 0x2a, 0x4b,
  2943 + 0xa1, 0xa0, 0x3b, 0x3e, 0x65, 0x00, 0x8f, 0xc5,
  2944 + 0xda, 0x76, 0xb7, 0x0b, 0xf1, 0x69, 0x0d, 0xb4,
  2945 + 0xea, 0xe2, 0x9c, 0x5f, 0x1b, 0xad, 0xd0, 0x3c,
  2946 + 0x5c, 0xcf, 0x2a, 0x55, 0xd7, 0x05, 0xdd, 0xcd,
  2947 + 0x86, 0xd4, 0x49, 0x51, 0x1c, 0xeb, 0x7e, 0xc3,
  2948 + 0x0b, 0xf1, 0x2b, 0x1f, 0xa3, 0x5b, 0x91, 0x3f,
  2949 + 0x9f, 0x74, 0x7a, 0x8a, 0xfd, 0x1b, 0x13, 0x0e,
  2950 + 0x94, 0xbf, 0xf9, 0x4e, 0xff, 0xd0, 0x1a, 0x91,
  2951 + 0x73, 0x5c, 0xa1, 0x72, 0x6a, 0xcd, 0x0b, 0x19,
  2952 + 0x7c, 0x4e, 0x5b, 0x03, 0x39, 0x36, 0x97, 0xe1,
  2953 + 0x26, 0x82, 0x6f, 0xb6, 0xbb, 0xde, 0x8e, 0xcc,
  2954 + 0x1e, 0x08, 0x29, 0x85, 0x16, 0xe2, 0xc9, 0xed,
  2955 + 0x03, 0xff, 0x3c, 0x1b, 0x78, 0x60, 0xf6, 0xde,
  2956 + 0x76, 0xd4, 0xce, 0xcd, 0x94, 0xc8, 0x11, 0x98,
  2957 + 0x55, 0xef, 0x52, 0x97, 0xca, 0x67, 0xe9, 0xf3,
  2958 + 0xe7, 0xff, 0x72, 0xb1, 0xe9, 0x97, 0x85, 0xca,
  2959 + 0x0a, 0x7e, 0x77, 0x20, 0xc5, 0xb3, 0x6d, 0xc6,
  2960 + 0xd7, 0x2c, 0xac, 0x95, 0x74, 0xc8, 0xcb, 0xbc,
  2961 + 0x2f, 0x80, 0x1e, 0x23, 0xe5, 0x6f, 0xd3, 0x44,
  2962 + 0xb0, 0x7f, 0x22, 0x15, 0x4b, 0xeb, 0xa0, 0xf0,
  2963 + 0x8c, 0xe8, 0x89, 0x1e, 0x64, 0x3e, 0xd9, 0x95,
  2964 + 0xc9, 0x4d, 0x9a, 0x69, 0xc9, 0xf1, 0xb5, 0xf4,
  2965 + 0x99, 0x02, 0x7a, 0x78, 0x57, 0x2a, 0xee, 0xbd,
  2966 + 0x74, 0xd2, 0x0c, 0xc3, 0x98, 0x81, 0xc2, 0x13,
  2967 + 0xee, 0x77, 0x0b, 0x10, 0x10, 0xe4, 0xbe, 0xa7,
  2968 + 0x18, 0x84, 0x69, 0x77, 0xae, 0x11, 0x9f, 0x7a,
  2969 + 0x02, 0x3a, 0xb5, 0x8c, 0xca, 0x0a, 0xd7, 0x52,
  2970 + 0xaf, 0xe6, 0x56, 0xbb, 0x3c, 0x17, 0x25, 0x6a,
  2971 + 0x9f, 0x6e, 0x9b, 0xf1, 0x9f, 0xdd, 0x5a, 0x38,
  2972 + 0xfc, 0x82, 0xbb, 0xe8, 0x72, 0xc5, 0x53, 0x9e,
  2973 + 0xdb, 0x60, 0x9e, 0xf4, 0xf7, 0x9c, 0x20, 0x3e,
  2974 + 0xbb, 0x14, 0x0f, 0x2e, 0x58, 0x3c, 0xb2, 0xad,
  2975 + 0x15, 0xb4, 0xaa, 0x5b, 0x65, 0x50, 0x16, 0xa8,
  2976 + 0x44, 0x92, 0x77, 0xdb, 0xd4, 0x77, 0xef, 0x2c,
  2977 + 0x8d, 0x6c, 0x01, 0x7d, 0xb7, 0x38, 0xb1, 0x8d,
  2978 + 0xeb, 0x4a, 0x42, 0x7d, 0x19, 0x23, 0xce, 0x3f,
  2979 + 0xf2, 0x62, 0x73, 0x57, 0x79, 0xa4, 0x18, 0xf2,
  2980 + 0x0a, 0x28, 0x2d, 0xf9, 0x20, 0x14, 0x7b, 0xea,
  2981 + 0xbe, 0x42, 0x1e, 0xe5, 0x31, 0x9d, 0x05, 0x68 },
  2982 + .rlen = 512,
  2983 + }
  2984 +};
  2985 +
  2986 +static struct cipher_testvec aes_xts_dec_tv_template[] = {
  2987 + /* http://grouper.ieee.org/groups/1619/email/pdf00086.pdf */
  2988 + { /* XTS-AES 1 */
  2989 + .key = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
  2990 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
  2991 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
  2992 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
  2993 + .klen = 32,
  2994 + .iv = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
  2995 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
  2996 + .input = { 0x91, 0x7c, 0xf6, 0x9e, 0xbd, 0x68, 0xb2, 0xec,
  2997 + 0x9b, 0x9f, 0xe9, 0xa3, 0xea, 0xdd, 0xa6, 0x92,
  2998 + 0xcd, 0x43, 0xd2, 0xf5, 0x95, 0x98, 0xed, 0x85,
  2999 + 0x8c, 0x02, 0xc2, 0x65, 0x2f, 0xbf, 0x92, 0x2e },
  3000 + .ilen = 32,
  3001 + .result = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
  3002 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
  3003 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
  3004 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
  3005 + .rlen = 32,
  3006 + }, { /* XTS-AES 2 */
  3007 + .key = { 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11,
  3008 + 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11,
  3009 + 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22,
  3010 + 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22 },
  3011 + .klen = 32,
  3012 + .iv = { 0x33, 0x33, 0x33, 0x33, 0x33, 0x00, 0x00, 0x00,
  3013 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
  3014 + .input = { 0xc4, 0x54, 0x18, 0x5e, 0x6a, 0x16, 0x93, 0x6e,
  3015 + 0x39, 0x33, 0x40, 0x38, 0xac, 0xef, 0x83, 0x8b,
  3016 + 0xfb, 0x18, 0x6f, 0xff, 0x74, 0x80, 0xad, 0xc4,
  3017 + 0x28, 0x93, 0x82, 0xec, 0xd6, 0xd3, 0x94, 0xf0 },
  3018 + .ilen = 32,
  3019 + .result = { 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44,
  3020 + 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44,
  3021 + 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44,
  3022 + 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44 },
  3023 + .rlen = 32,
  3024 + }, { /* XTS-AES 3 */
  3025 + .key = { 0xff, 0xfe, 0xfd, 0xfc, 0xfb, 0xfa, 0xf9, 0xf8,
  3026 + 0xf7, 0xf6, 0xf5, 0xf4, 0xf3, 0xf2, 0xf1, 0xf0,
  3027 + 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22,
  3028 + 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22 },
  3029 + .klen = 32,
  3030 + .iv = { 0x33, 0x33, 0x33, 0x33, 0x33, 0x00, 0x00, 0x00,
  3031 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
  3032 + .input = { 0xaf, 0x85, 0x33, 0x6b, 0x59, 0x7a, 0xfc, 0x1a,
  3033 + 0x90, 0x0b, 0x2e, 0xb2, 0x1e, 0xc9, 0x49, 0xd2,
  3034 + 0x92, 0xdf, 0x4c, 0x04, 0x7e, 0x0b, 0x21, 0x53,
  3035 + 0x21, 0x86, 0xa5, 0x97, 0x1a, 0x22, 0x7a, 0x89 },
  3036 + .ilen = 32,
  3037 + .result = { 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44,
  3038 + 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44,
  3039 + 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44,
  3040 + 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44 },
  3041 + .rlen = 32,
  3042 + }, { /* XTS-AES 4 */
  3043 + .key = { 0x27, 0x18, 0x28, 0x18, 0x28, 0x45, 0x90, 0x45,
  3044 + 0x23, 0x53, 0x60, 0x28, 0x74, 0x71, 0x35, 0x26,
  3045 + 0x31, 0x41, 0x59, 0x26, 0x53, 0x58, 0x97, 0x93,
  3046 + 0x23, 0x84, 0x62, 0x64, 0x33, 0x83, 0x27, 0x95 },
  3047 + .klen = 32,
  3048 + .iv = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
  3049 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
  3050 + .input = { 0x27, 0xa7, 0x47, 0x9b, 0xef, 0xa1, 0xd4, 0x76,
  3051 + 0x48, 0x9f, 0x30, 0x8c, 0xd4, 0xcf, 0xa6, 0xe2,
  3052 + 0xa9, 0x6e, 0x4b, 0xbe, 0x32, 0x08, 0xff, 0x25,
  3053 + 0x28, 0x7d, 0xd3, 0x81, 0x96, 0x16, 0xe8, 0x9c,
  3054 + 0xc7, 0x8c, 0xf7, 0xf5, 0xe5, 0x43, 0x44, 0x5f,
  3055 + 0x83, 0x33, 0xd8, 0xfa, 0x7f, 0x56, 0x00, 0x00,
  3056 + 0x05, 0x27, 0x9f, 0xa5, 0xd8, 0xb5, 0xe4, 0xad,
  3057 + 0x40, 0xe7, 0x36, 0xdd, 0xb4, 0xd3, 0x54, 0x12,
  3058 + 0x32, 0x80, 0x63, 0xfd, 0x2a, 0xab, 0x53, 0xe5,
  3059 + 0xea, 0x1e, 0x0a, 0x9f, 0x33, 0x25, 0x00, 0xa5,
  3060 + 0xdf, 0x94, 0x87, 0xd0, 0x7a, 0x5c, 0x92, 0xcc,
  3061 + 0x51, 0x2c, 0x88, 0x66, 0xc7, 0xe8, 0x60, 0xce,
  3062 + 0x93, 0xfd, 0xf1, 0x66, 0xa2, 0x49, 0x12, 0xb4,
  3063 + 0x22, 0x97, 0x61, 0x46, 0xae, 0x20, 0xce, 0x84,
  3064 + 0x6b, 0xb7, 0xdc, 0x9b, 0xa9, 0x4a, 0x76, 0x7a,
  3065 + 0xae, 0xf2, 0x0c, 0x0d, 0x61, 0xad, 0x02, 0x65,
  3066 + 0x5e, 0xa9, 0x2d, 0xc4, 0xc4, 0xe4, 0x1a, 0x89,
  3067 + 0x52, 0xc6, 0x51, 0xd3, 0x31, 0x74, 0xbe, 0x51,
  3068 + 0xa1, 0x0c, 0x42, 0x11, 0x10, 0xe6, 0xd8, 0x15,
  3069 + 0x88, 0xed, 0xe8, 0x21, 0x03, 0xa2, 0x52, 0xd8,
  3070 + 0xa7, 0x50, 0xe8, 0x76, 0x8d, 0xef, 0xff, 0xed,
  3071 + 0x91, 0x22, 0x81, 0x0a, 0xae, 0xb9, 0x9f, 0x91,
  3072 + 0x72, 0xaf, 0x82, 0xb6, 0x04, 0xdc, 0x4b, 0x8e,
  3073 + 0x51, 0xbc, 0xb0, 0x82, 0x35, 0xa6, 0xf4, 0x34,
  3074 + 0x13, 0x32, 0xe4, 0xca, 0x60, 0x48, 0x2a, 0x4b,
  3075 + 0xa1, 0xa0, 0x3b, 0x3e, 0x65, 0x00, 0x8f, 0xc5,
  3076 + 0xda, 0x76, 0xb7, 0x0b, 0xf1, 0x69, 0x0d, 0xb4,
  3077 + 0xea, 0xe2, 0x9c, 0x5f, 0x1b, 0xad, 0xd0, 0x3c,
  3078 + 0x5c, 0xcf, 0x2a, 0x55, 0xd7, 0x05, 0xdd, 0xcd,
  3079 + 0x86, 0xd4, 0x49, 0x51, 0x1c, 0xeb, 0x7e, 0xc3,
  3080 + 0x0b, 0xf1, 0x2b, 0x1f, 0xa3, 0x5b, 0x91, 0x3f,
  3081 + 0x9f, 0x74, 0x7a, 0x8a, 0xfd, 0x1b, 0x13, 0x0e,
  3082 + 0x94, 0xbf, 0xf9, 0x4e, 0xff, 0xd0, 0x1a, 0x91,
  3083 + 0x73, 0x5c, 0xa1, 0x72, 0x6a, 0xcd, 0x0b, 0x19,
  3084 + 0x7c, 0x4e, 0x5b, 0x03, 0x39, 0x36, 0x97, 0xe1,
  3085 + 0x26, 0x82, 0x6f, 0xb6, 0xbb, 0xde, 0x8e, 0xcc,
  3086 + 0x1e, 0x08, 0x29, 0x85, 0x16, 0xe2, 0xc9, 0xed,
  3087 + 0x03, 0xff, 0x3c, 0x1b, 0x78, 0x60, 0xf6, 0xde,
  3088 + 0x76, 0xd4, 0xce, 0xcd, 0x94, 0xc8, 0x11, 0x98,
  3089 + 0x55, 0xef, 0x52, 0x97, 0xca, 0x67, 0xe9, 0xf3,
  3090 + 0xe7, 0xff, 0x72, 0xb1, 0xe9, 0x97, 0x85, 0xca,
  3091 + 0x0a, 0x7e, 0x77, 0x20, 0xc5, 0xb3, 0x6d, 0xc6,
  3092 + 0xd7, 0x2c, 0xac, 0x95, 0x74, 0xc8, 0xcb, 0xbc,
  3093 + 0x2f, 0x80, 0x1e, 0x23, 0xe5, 0x6f, 0xd3, 0x44,
  3094 + 0xb0, 0x7f, 0x22, 0x15, 0x4b, 0xeb, 0xa0, 0xf0,
  3095 + 0x8c, 0xe8, 0x89, 0x1e, 0x64, 0x3e, 0xd9, 0x95,
  3096 + 0xc9, 0x4d, 0x9a, 0x69, 0xc9, 0xf1, 0xb5, 0xf4,
  3097 + 0x99, 0x02, 0x7a, 0x78, 0x57, 0x2a, 0xee, 0xbd,
  3098 + 0x74, 0xd2, 0x0c, 0xc3, 0x98, 0x81, 0xc2, 0x13,
  3099 + 0xee, 0x77, 0x0b, 0x10, 0x10, 0xe4, 0xbe, 0xa7,
  3100 + 0x18, 0x84, 0x69, 0x77, 0xae, 0x11, 0x9f, 0x7a,
  3101 + 0x02, 0x3a, 0xb5, 0x8c, 0xca, 0x0a, 0xd7, 0x52,
  3102 + 0xaf, 0xe6, 0x56, 0xbb, 0x3c, 0x17, 0x25, 0x6a,
  3103 + 0x9f, 0x6e, 0x9b, 0xf1, 0x9f, 0xdd, 0x5a, 0x38,
  3104 + 0xfc, 0x82, 0xbb, 0xe8, 0x72, 0xc5, 0x53, 0x9e,
  3105 + 0xdb, 0x60, 0x9e, 0xf4, 0xf7, 0x9c, 0x20, 0x3e,
  3106 + 0xbb, 0x14, 0x0f, 0x2e, 0x58, 0x3c, 0xb2, 0xad,
  3107 + 0x15, 0xb4, 0xaa, 0x5b, 0x65, 0x50, 0x16, 0xa8,
  3108 + 0x44, 0x92, 0x77, 0xdb, 0xd4, 0x77, 0xef, 0x2c,
  3109 + 0x8d, 0x6c, 0x01, 0x7d, 0xb7, 0x38, 0xb1, 0x8d,
  3110 + 0xeb, 0x4a, 0x42, 0x7d, 0x19, 0x23, 0xce, 0x3f,
  3111 + 0xf2, 0x62, 0x73, 0x57, 0x79, 0xa4, 0x18, 0xf2,
  3112 + 0x0a, 0x28, 0x2d, 0xf9, 0x20, 0x14, 0x7b, 0xea,
  3113 + 0xbe, 0x42, 0x1e, 0xe5, 0x31, 0x9d, 0x05, 0x68 },
  3114 + .ilen = 512,
  3115 + .result = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
  3116 + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
  3117 + 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
  3118 + 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
  3119 + 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
  3120 + 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f,
  3121 + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
  3122 + 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f,
  3123 + 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47,
  3124 + 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f,
  3125 + 0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
  3126 + 0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f,
  3127 + 0x60, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67,
  3128 + 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f,
  3129 + 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77,
  3130 + 0x78, 0x79, 0x7a, 0x7b, 0x7c, 0x7d, 0x7e, 0x7f,
  3131 + 0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87,
  3132 + 0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f,
  3133 + 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97,
  3134 + 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f,
  3135 + 0xa0, 0xa1, 0xa2, 0xa3, 0xa4, 0xa5, 0xa6, 0xa7,
  3136 + 0xa8, 0xa9, 0xaa, 0xab, 0xac, 0xad, 0xae, 0xaf,
  3137 + 0xb0, 0xb1, 0xb2, 0xb3, 0xb4, 0xb5, 0xb6, 0xb7,
  3138 + 0xb8, 0xb9, 0xba, 0xbb, 0xbc, 0xbd, 0xbe, 0xbf,
  3139 + 0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7,
  3140 + 0xc8, 0xc9, 0xca, 0xcb, 0xcc, 0xcd, 0xce, 0xcf,
  3141 + 0xd0, 0xd1, 0xd2, 0xd3, 0xd4, 0xd5, 0xd6, 0xd7,
  3142 + 0xd8, 0xd9, 0xda, 0xdb, 0xdc, 0xdd, 0xde, 0xdf,
  3143 + 0xe0, 0xe1, 0xe2, 0xe3, 0xe4, 0xe5, 0xe6, 0xe7,
  3144 + 0xe8, 0xe9, 0xea, 0xeb, 0xec, 0xed, 0xee, 0xef,
  3145 + 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7,
  3146 + 0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd, 0xfe, 0xff,
  3147 + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
  3148 + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
  3149 + 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
  3150 + 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
  3151 + 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
  3152 + 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f,
  3153 + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
  3154 + 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f,
  3155 + 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47,
  3156 + 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f,
  3157 + 0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
  3158 + 0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f,
  3159 + 0x60, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67,
  3160 + 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f,
  3161 + 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77,
  3162 + 0x78, 0x79, 0x7a, 0x7b, 0x7c, 0x7d, 0x7e, 0x7f,
  3163 + 0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87,
  3164 + 0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f,
  3165 + 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97,
  3166 + 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f,
  3167 + 0xa0, 0xa1, 0xa2, 0xa3, 0xa4, 0xa5, 0xa6, 0xa7,
  3168 + 0xa8, 0xa9, 0xaa, 0xab, 0xac, 0xad, 0xae, 0xaf,
  3169 + 0xb0, 0xb1, 0xb2, 0xb3, 0xb4, 0xb5, 0xb6, 0xb7,
  3170 + 0xb8, 0xb9, 0xba, 0xbb, 0xbc, 0xbd, 0xbe, 0xbf,
  3171 + 0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7,
  3172 + 0xc8, 0xc9, 0xca, 0xcb, 0xcc, 0xcd, 0xce, 0xcf,
  3173 + 0xd0, 0xd1, 0xd2, 0xd3, 0xd4, 0xd5, 0xd6, 0xd7,
  3174 + 0xd8, 0xd9, 0xda, 0xdb, 0xdc, 0xdd, 0xde, 0xdf,
  3175 + 0xe0, 0xe1, 0xe2, 0xe3, 0xe4, 0xe5, 0xe6, 0xe7,
  3176 + 0xe8, 0xe9, 0xea, 0xeb, 0xec, 0xed, 0xee, 0xef,
  3177 + 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7,
  3178 + 0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd, 0xfe, 0xff },
  3179 + .rlen = 512,
  3180 + }
  3181 +};
  3182 +
2787 3183 /* Cast5 test vectors from RFC 2144 */
2788 3184 #define CAST5_ENC_TEST_VECTORS 3
2789 3185 #define CAST5_DEC_TEST_VECTORS 3
... ... @@ -4278,6 +4674,27 @@
4278 4674 { .klen = 48, .blen = 256, },
4279 4675 { .klen = 48, .blen = 1024, },
4280 4676 { .klen = 48, .blen = 8192, },
  4677 +
  4678 + /* End marker */
  4679 + { .klen = 0, .blen = 0, }
  4680 +};
  4681 +
  4682 +static struct cipher_speed aes_xts_speed_template[] = {
  4683 + { .klen = 32, .blen = 16, },
  4684 + { .klen = 32, .blen = 64, },
  4685 + { .klen = 32, .blen = 256, },
  4686 + { .klen = 32, .blen = 1024, },
  4687 + { .klen = 32, .blen = 8192, },
  4688 + { .klen = 48, .blen = 16, },
  4689 + { .klen = 48, .blen = 64, },
  4690 + { .klen = 48, .blen = 256, },
  4691 + { .klen = 48, .blen = 1024, },
  4692 + { .klen = 48, .blen = 8192, },
  4693 + { .klen = 64, .blen = 16, },
  4694 + { .klen = 64, .blen = 64, },
  4695 + { .klen = 64, .blen = 256, },
  4696 + { .klen = 64, .blen = 1024, },
  4697 + { .klen = 64, .blen = 8192, },
4281 4698  
4282 4699 /* End marker */
4283 4700 { .klen = 0, .blen = 0, }
  1 +/* XTS: as defined in IEEE1619/D16
  2 + * http://grouper.ieee.org/groups/1619/email/pdf00086.pdf
  3 + * (sector sizes which are not a multiple of 16 bytes are,
  4 + * however currently unsupported)
  5 + *
  6 + * Copyright (c) 2007 Rik Snel <rsnel@cube.dyndns.org>
  7 + *
  8 + * Based om ecb.c
  9 + * Copyright (c) 2006 Herbert Xu <herbert@gondor.apana.org.au>
  10 + *
  11 + * This program is free software; you can redistribute it and/or modify it
  12 + * under the terms of the GNU General Public License as published by the Free
  13 + * Software Foundation; either version 2 of the License, or (at your option)
  14 + * any later version.
  15 + */
  16 +#include <crypto/algapi.h>
  17 +#include <linux/err.h>
  18 +#include <linux/init.h>
  19 +#include <linux/kernel.h>
  20 +#include <linux/module.h>
  21 +#include <linux/scatterlist.h>
  22 +#include <linux/slab.h>
  23 +
  24 +#include <crypto/b128ops.h>
  25 +#include <crypto/gf128mul.h>
  26 +
  27 +struct priv {
  28 + struct crypto_cipher *child;
  29 + struct crypto_cipher *tweak;
  30 +};
  31 +
  32 +static int setkey(struct crypto_tfm *parent, const u8 *key,
  33 + unsigned int keylen)
  34 +{
  35 + struct priv *ctx = crypto_tfm_ctx(parent);
  36 + struct crypto_cipher *child = ctx->tweak;
  37 + u32 *flags = &parent->crt_flags;
  38 + int err;
  39 +
  40 + /* key consists of keys of equal size concatenated, therefore
  41 + * the length must be even */
  42 + if (keylen % 2) {
  43 + /* tell the user why there was an error */
  44 + *flags |= CRYPTO_TFM_RES_BAD_KEY_LEN;
  45 + return -EINVAL;
  46 + }
  47 +
  48 + /* we need two cipher instances: one to compute the inital 'tweak'
  49 + * by encrypting the IV (usually the 'plain' iv) and the other
  50 + * one to encrypt and decrypt the data */
  51 +
  52 + /* tweak cipher, uses Key2 i.e. the second half of *key */
  53 + crypto_cipher_clear_flags(child, CRYPTO_TFM_REQ_MASK);
  54 + crypto_cipher_set_flags(child, crypto_tfm_get_flags(parent) &
  55 + CRYPTO_TFM_REQ_MASK);
  56 + err = crypto_cipher_setkey(child, key + keylen/2, keylen/2);
  57 + if (err)
  58 + return err;
  59 +
  60 + crypto_tfm_set_flags(parent, crypto_cipher_get_flags(child) &
  61 + CRYPTO_TFM_RES_MASK);
  62 +
  63 + child = ctx->child;
  64 +
  65 + /* data cipher, uses Key1 i.e. the first half of *key */
  66 + crypto_cipher_clear_flags(child, CRYPTO_TFM_REQ_MASK);
  67 + crypto_cipher_set_flags(child, crypto_tfm_get_flags(parent) &
  68 + CRYPTO_TFM_REQ_MASK);
  69 + err = crypto_cipher_setkey(child, key, keylen/2);
  70 + if (err)
  71 + return err;
  72 +
  73 + crypto_tfm_set_flags(parent, crypto_cipher_get_flags(child) &
  74 + CRYPTO_TFM_RES_MASK);
  75 +
  76 + return 0;
  77 +}
  78 +
  79 +struct sinfo {
  80 + be128 t;
  81 + struct crypto_tfm *tfm;
  82 + void (*fn)(struct crypto_tfm *, u8 *, const u8 *);
  83 +};
  84 +
  85 +static inline void xts_round(struct sinfo *s, void *dst, const void *src)
  86 +{
  87 + be128_xor(dst, &s->t, src); /* PP <- T xor P */
  88 + s->fn(s->tfm, dst, dst); /* CC <- E(Key1,PP) */
  89 + be128_xor(dst, dst, &s->t); /* C <- T xor CC */
  90 +}
  91 +
  92 +static int crypt(struct blkcipher_desc *d,
  93 + struct blkcipher_walk *w, struct priv *ctx,
  94 + void (*tw)(struct crypto_tfm *, u8 *, const u8 *),
  95 + void (*fn)(struct crypto_tfm *, u8 *, const u8 *))
  96 +{
  97 + int err;
  98 + unsigned int avail;
  99 + const int bs = crypto_cipher_blocksize(ctx->child);
  100 + struct sinfo s = {
  101 + .tfm = crypto_cipher_tfm(ctx->child),
  102 + .fn = fn
  103 + };
  104 + be128 *iv;
  105 + u8 *wsrc;
  106 + u8 *wdst;
  107 +
  108 + err = blkcipher_walk_virt(d, w);
  109 + if (!w->nbytes)
  110 + return err;
  111 +
  112 + avail = w->nbytes;
  113 +
  114 + wsrc = w->src.virt.addr;
  115 + wdst = w->dst.virt.addr;
  116 +
  117 + /* calculate first value of T */
  118 + iv = (be128 *)w->iv;
  119 + tw(crypto_cipher_tfm(ctx->tweak), (void *)&s.t, w->iv);
  120 +
  121 + goto first;
  122 +
  123 + for (;;) {
  124 + do {
  125 + gf128mul_x_ble(&s.t, &s.t);
  126 +
  127 +first:
  128 + xts_round(&s, wdst, wsrc);
  129 +
  130 + wsrc += bs;
  131 + wdst += bs;
  132 + } while ((avail -= bs) >= bs);
  133 +
  134 + err = blkcipher_walk_done(d, w, avail);
  135 + if (!w->nbytes)
  136 + break;
  137 +
  138 + avail = w->nbytes;
  139 +
  140 + wsrc = w->src.virt.addr;
  141 + wdst = w->dst.virt.addr;
  142 + }
  143 +
  144 + return err;
  145 +}
  146 +
  147 +static int encrypt(struct blkcipher_desc *desc, struct scatterlist *dst,
  148 + struct scatterlist *src, unsigned int nbytes)
  149 +{
  150 + struct priv *ctx = crypto_blkcipher_ctx(desc->tfm);
  151 + struct blkcipher_walk w;
  152 +
  153 + blkcipher_walk_init(&w, dst, src, nbytes);
  154 + return crypt(desc, &w, ctx, crypto_cipher_alg(ctx->tweak)->cia_encrypt,
  155 + crypto_cipher_alg(ctx->child)->cia_encrypt);
  156 +}
  157 +
  158 +static int decrypt(struct blkcipher_desc *desc, struct scatterlist *dst,
  159 + struct scatterlist *src, unsigned int nbytes)
  160 +{
  161 + struct priv *ctx = crypto_blkcipher_ctx(desc->tfm);
  162 + struct blkcipher_walk w;
  163 +
  164 + blkcipher_walk_init(&w, dst, src, nbytes);
  165 + return crypt(desc, &w, ctx, crypto_cipher_alg(ctx->tweak)->cia_encrypt,
  166 + crypto_cipher_alg(ctx->child)->cia_decrypt);
  167 +}
  168 +
  169 +static int init_tfm(struct crypto_tfm *tfm)
  170 +{
  171 + struct crypto_cipher *cipher;
  172 + struct crypto_instance *inst = (void *)tfm->__crt_alg;
  173 + struct crypto_spawn *spawn = crypto_instance_ctx(inst);
  174 + struct priv *ctx = crypto_tfm_ctx(tfm);
  175 + u32 *flags = &tfm->crt_flags;
  176 +
  177 + cipher = crypto_spawn_cipher(spawn);
  178 + if (IS_ERR(cipher))
  179 + return PTR_ERR(cipher);
  180 +
  181 + if (crypto_cipher_blocksize(cipher) != 16) {
  182 + *flags |= CRYPTO_TFM_RES_BAD_BLOCK_LEN;
  183 + crypto_free_cipher(cipher);
  184 + return -EINVAL;
  185 + }
  186 +
  187 + ctx->child = cipher;
  188 +
  189 + cipher = crypto_spawn_cipher(spawn);
  190 + if (IS_ERR(cipher)) {
  191 + crypto_free_cipher(ctx->child);
  192 + return PTR_ERR(cipher);
  193 + }
  194 +
  195 + /* this check isn't really needed, leave it here just in case */
  196 + if (crypto_cipher_blocksize(cipher) != 16) {
  197 + crypto_free_cipher(cipher);
  198 + crypto_free_cipher(ctx->child);
  199 + *flags |= CRYPTO_TFM_RES_BAD_BLOCK_LEN;
  200 + return -EINVAL;
  201 + }
  202 +
  203 + ctx->tweak = cipher;
  204 +
  205 + return 0;
  206 +}
  207 +
  208 +static void exit_tfm(struct crypto_tfm *tfm)
  209 +{
  210 + struct priv *ctx = crypto_tfm_ctx(tfm);
  211 + crypto_free_cipher(ctx->child);
  212 + crypto_free_cipher(ctx->tweak);
  213 +}
  214 +
  215 +static struct crypto_instance *alloc(struct rtattr **tb)
  216 +{
  217 + struct crypto_instance *inst;
  218 + struct crypto_alg *alg;
  219 + int err;
  220 +
  221 + err = crypto_check_attr_type(tb, CRYPTO_ALG_TYPE_BLKCIPHER);
  222 + if (err)
  223 + return ERR_PTR(err);
  224 +
  225 + alg = crypto_get_attr_alg(tb, CRYPTO_ALG_TYPE_CIPHER,
  226 + CRYPTO_ALG_TYPE_MASK);
  227 + if (IS_ERR(alg))
  228 + return ERR_PTR(PTR_ERR(alg));
  229 +
  230 + inst = crypto_alloc_instance("xts", alg);
  231 + if (IS_ERR(inst))
  232 + goto out_put_alg;
  233 +
  234 + inst->alg.cra_flags = CRYPTO_ALG_TYPE_BLKCIPHER;
  235 + inst->alg.cra_priority = alg->cra_priority;
  236 + inst->alg.cra_blocksize = alg->cra_blocksize;
  237 +
  238 + if (alg->cra_alignmask < 7)
  239 + inst->alg.cra_alignmask = 7;
  240 + else
  241 + inst->alg.cra_alignmask = alg->cra_alignmask;
  242 +
  243 + inst->alg.cra_type = &crypto_blkcipher_type;
  244 +
  245 + inst->alg.cra_blkcipher.ivsize = alg->cra_blocksize;
  246 + inst->alg.cra_blkcipher.min_keysize =
  247 + 2 * alg->cra_cipher.cia_min_keysize;
  248 + inst->alg.cra_blkcipher.max_keysize =
  249 + 2 * alg->cra_cipher.cia_max_keysize;
  250 +
  251 + inst->alg.cra_ctxsize = sizeof(struct priv);
  252 +
  253 + inst->alg.cra_init = init_tfm;
  254 + inst->alg.cra_exit = exit_tfm;
  255 +
  256 + inst->alg.cra_blkcipher.setkey = setkey;
  257 + inst->alg.cra_blkcipher.encrypt = encrypt;
  258 + inst->alg.cra_blkcipher.decrypt = decrypt;
  259 +
  260 +out_put_alg:
  261 + crypto_mod_put(alg);
  262 + return inst;
  263 +}
  264 +
  265 +static void free(struct crypto_instance *inst)
  266 +{
  267 + crypto_drop_spawn(crypto_instance_ctx(inst));
  268 + kfree(inst);
  269 +}
  270 +
  271 +static struct crypto_template crypto_tmpl = {
  272 + .name = "xts",
  273 + .alloc = alloc,
  274 + .free = free,
  275 + .module = THIS_MODULE,
  276 +};
  277 +
  278 +static int __init crypto_module_init(void)
  279 +{
  280 + return crypto_register_template(&crypto_tmpl);
  281 +}
  282 +
  283 +static void __exit crypto_module_exit(void)
  284 +{
  285 + crypto_unregister_template(&crypto_tmpl);
  286 +}
  287 +
  288 +module_init(crypto_module_init);
  289 +module_exit(crypto_module_exit);
  290 +
  291 +MODULE_LICENSE("GPL");
  292 +MODULE_DESCRIPTION("XTS block cipher mode");
include/crypto/gf128mul.h
Diff comments   View file @ f19f511
... ... @@ -161,6 +161,8 @@
161 161  
162 162 void gf128mul_bbe(be128 *a, const be128 *b);
163 163  
  164 +/* multiply by x in ble format, needed by XTS */
  165 +void gf128mul_x_ble(be128 *a, const be128 *b);
164 166  
165 167 /* 4k table optimization */
166 168