Commit f19f5111c94053ba4931892f5c01c806de33942e
Committed by
David S. Miller
1 parent
5aaff0c8f7
Exists in
master
and in
4 other branches
[CRYPTO] xts: XTS blockcipher mode implementation without partial blocks
XTS currently considered to be the successor of the LRW mode by the IEEE1619 workgroup. LRW was discarded, because it was not secure if the encyption key itself is encrypted with LRW. XTS does not have this problem. The implementation is pretty straightforward, a new function was added to gf128mul to handle GF(128) elements in ble format. Four testvectors from the specification http://grouper.ieee.org/groups/1619/email/pdf00086.pdf were added, and they verify on my system. Signed-off-by: Rik Snel <rsnel@cube.dyndns.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Showing 7 changed files with 746 additions and 0 deletions Side-by-side Diff
crypto/Kconfig
... | ... | @@ -184,6 +184,17 @@ |
184 | 184 | The first 128, 192 or 256 bits in the key are used for AES and the |
185 | 185 | rest is used to tie each cipher block to its logical position. |
186 | 186 | |
187 | +config CRYPTO_XTS | |
188 | + tristate "XTS support (EXPERIMENTAL)" | |
189 | + depends on EXPERIMENTAL | |
190 | + select CRYPTO_BLKCIPHER | |
191 | + select CRYPTO_MANAGER | |
192 | + select CRYPTO_GF128MUL | |
193 | + help | |
194 | + XTS: IEEE1619/D16 narrow block cipher use with aes-xts-plain, | |
195 | + key size 256, 384 or 512 bits. This implementation currently | |
196 | + can't handle a sectorsize which is not a multiple of 16 bytes. | |
197 | + | |
187 | 198 | config CRYPTO_CRYPTD |
188 | 199 | tristate "Software async crypto daemon" |
189 | 200 | select CRYPTO_ABLKCIPHER |
crypto/Makefile
... | ... | @@ -31,6 +31,7 @@ |
31 | 31 | obj-$(CONFIG_CRYPTO_CBC) += cbc.o |
32 | 32 | obj-$(CONFIG_CRYPTO_PCBC) += pcbc.o |
33 | 33 | obj-$(CONFIG_CRYPTO_LRW) += lrw.o |
34 | +obj-$(CONFIG_CRYPTO_XTS) += xts.o | |
34 | 35 | obj-$(CONFIG_CRYPTO_CRYPTD) += cryptd.o |
35 | 36 | obj-$(CONFIG_CRYPTO_DES) += des.o |
36 | 37 | obj-$(CONFIG_CRYPTO_FCRYPT) += fcrypt.o |
crypto/gf128mul.c
... | ... | @@ -142,6 +142,17 @@ |
142 | 142 | r->b = cpu_to_be64((b << 1) ^ _tt); |
143 | 143 | } |
144 | 144 | |
145 | +void gf128mul_x_ble(be128 *r, const be128 *x) | |
146 | +{ | |
147 | + u64 a = le64_to_cpu(x->a); | |
148 | + u64 b = le64_to_cpu(x->b); | |
149 | + u64 _tt = gf128mul_table_bbe[b >> 63]; | |
150 | + | |
151 | + r->a = cpu_to_le64((a << 1) ^ _tt); | |
152 | + r->b = cpu_to_le64((b << 1) | (a >> 63)); | |
153 | +} | |
154 | +EXPORT_SYMBOL(gf128mul_x_ble); | |
155 | + | |
145 | 156 | static void gf128mul_x8_lle(be128 *x) |
146 | 157 | { |
147 | 158 | u64 a = be64_to_cpu(x->a); |
crypto/tcrypt.c
... | ... | @@ -955,6 +955,10 @@ |
955 | 955 | AES_LRW_ENC_TEST_VECTORS); |
956 | 956 | test_cipher("lrw(aes)", DECRYPT, aes_lrw_dec_tv_template, |
957 | 957 | AES_LRW_DEC_TEST_VECTORS); |
958 | + test_cipher("xts(aes)", ENCRYPT, aes_xts_enc_tv_template, | |
959 | + AES_XTS_ENC_TEST_VECTORS); | |
960 | + test_cipher("xts(aes)", DECRYPT, aes_xts_dec_tv_template, | |
961 | + AES_XTS_DEC_TEST_VECTORS); | |
958 | 962 | |
959 | 963 | //CAST5 |
960 | 964 | test_cipher("ecb(cast5)", ENCRYPT, cast5_enc_tv_template, |
... | ... | @@ -1138,6 +1142,10 @@ |
1138 | 1142 | AES_LRW_ENC_TEST_VECTORS); |
1139 | 1143 | test_cipher("lrw(aes)", DECRYPT, aes_lrw_dec_tv_template, |
1140 | 1144 | AES_LRW_DEC_TEST_VECTORS); |
1145 | + test_cipher("xts(aes)", ENCRYPT, aes_xts_enc_tv_template, | |
1146 | + AES_XTS_ENC_TEST_VECTORS); | |
1147 | + test_cipher("xts(aes)", DECRYPT, aes_xts_dec_tv_template, | |
1148 | + AES_XTS_DEC_TEST_VECTORS); | |
1141 | 1149 | break; |
1142 | 1150 | |
1143 | 1151 | case 11: |
... | ... | @@ -1313,6 +1321,10 @@ |
1313 | 1321 | aes_lrw_speed_template); |
1314 | 1322 | test_cipher_speed("lrw(aes)", DECRYPT, sec, NULL, 0, |
1315 | 1323 | aes_lrw_speed_template); |
1324 | + test_cipher_speed("xts(aes)", ENCRYPT, sec, NULL, 0, | |
1325 | + aes_xts_speed_template); | |
1326 | + test_cipher_speed("xts(aes)", DECRYPT, sec, NULL, 0, | |
1327 | + aes_xts_speed_template); | |
1316 | 1328 | break; |
1317 | 1329 | |
1318 | 1330 | case 201: |
crypto/tcrypt.h
... | ... | @@ -2144,6 +2144,8 @@ |
2144 | 2144 | #define AES_CBC_DEC_TEST_VECTORS 2 |
2145 | 2145 | #define AES_LRW_ENC_TEST_VECTORS 8 |
2146 | 2146 | #define AES_LRW_DEC_TEST_VECTORS 8 |
2147 | +#define AES_XTS_ENC_TEST_VECTORS 4 | |
2148 | +#define AES_XTS_DEC_TEST_VECTORS 4 | |
2147 | 2149 | |
2148 | 2150 | static struct cipher_testvec aes_enc_tv_template[] = { |
2149 | 2151 | { /* From FIPS-197 */ |
... | ... | @@ -2784,6 +2786,400 @@ |
2784 | 2786 | } |
2785 | 2787 | }; |
2786 | 2788 | |
2789 | +static struct cipher_testvec aes_xts_enc_tv_template[] = { | |
2790 | + /* http://grouper.ieee.org/groups/1619/email/pdf00086.pdf */ | |
2791 | + { /* XTS-AES 1 */ | |
2792 | + .key = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | |
2793 | + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | |
2794 | + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | |
2795 | + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, | |
2796 | + .klen = 32, | |
2797 | + .iv = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | |
2798 | + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, | |
2799 | + .input = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | |
2800 | + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | |
2801 | + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | |
2802 | + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, | |
2803 | + .ilen = 32, | |
2804 | + .result = { 0x91, 0x7c, 0xf6, 0x9e, 0xbd, 0x68, 0xb2, 0xec, | |
2805 | + 0x9b, 0x9f, 0xe9, 0xa3, 0xea, 0xdd, 0xa6, 0x92, | |
2806 | + 0xcd, 0x43, 0xd2, 0xf5, 0x95, 0x98, 0xed, 0x85, | |
2807 | + 0x8c, 0x02, 0xc2, 0x65, 0x2f, 0xbf, 0x92, 0x2e }, | |
2808 | + .rlen = 32, | |
2809 | + }, { /* XTS-AES 2 */ | |
2810 | + .key = { 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, | |
2811 | + 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, | |
2812 | + 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, | |
2813 | + 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22 }, | |
2814 | + .klen = 32, | |
2815 | + .iv = { 0x33, 0x33, 0x33, 0x33, 0x33, 0x00, 0x00, 0x00, | |
2816 | + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, | |
2817 | + .input = { 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, | |
2818 | + 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, | |
2819 | + 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, | |
2820 | + 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44 }, | |
2821 | + .ilen = 32, | |
2822 | + .result = { 0xc4, 0x54, 0x18, 0x5e, 0x6a, 0x16, 0x93, 0x6e, | |
2823 | + 0x39, 0x33, 0x40, 0x38, 0xac, 0xef, 0x83, 0x8b, | |
2824 | + 0xfb, 0x18, 0x6f, 0xff, 0x74, 0x80, 0xad, 0xc4, | |
2825 | + 0x28, 0x93, 0x82, 0xec, 0xd6, 0xd3, 0x94, 0xf0 }, | |
2826 | + .rlen = 32, | |
2827 | + }, { /* XTS-AES 3 */ | |
2828 | + .key = { 0xff, 0xfe, 0xfd, 0xfc, 0xfb, 0xfa, 0xf9, 0xf8, | |
2829 | + 0xf7, 0xf6, 0xf5, 0xf4, 0xf3, 0xf2, 0xf1, 0xf0, | |
2830 | + 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, | |
2831 | + 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22 }, | |
2832 | + .klen = 32, | |
2833 | + .iv = { 0x33, 0x33, 0x33, 0x33, 0x33, 0x00, 0x00, 0x00, | |
2834 | + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, | |
2835 | + .input = { 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, | |
2836 | + 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, | |
2837 | + 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, | |
2838 | + 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44 }, | |
2839 | + .ilen = 32, | |
2840 | + .result = { 0xaf, 0x85, 0x33, 0x6b, 0x59, 0x7a, 0xfc, 0x1a, | |
2841 | + 0x90, 0x0b, 0x2e, 0xb2, 0x1e, 0xc9, 0x49, 0xd2, | |
2842 | + 0x92, 0xdf, 0x4c, 0x04, 0x7e, 0x0b, 0x21, 0x53, | |
2843 | + 0x21, 0x86, 0xa5, 0x97, 0x1a, 0x22, 0x7a, 0x89 }, | |
2844 | + .rlen = 32, | |
2845 | + }, { /* XTS-AES 4 */ | |
2846 | + .key = { 0x27, 0x18, 0x28, 0x18, 0x28, 0x45, 0x90, 0x45, | |
2847 | + 0x23, 0x53, 0x60, 0x28, 0x74, 0x71, 0x35, 0x26, | |
2848 | + 0x31, 0x41, 0x59, 0x26, 0x53, 0x58, 0x97, 0x93, | |
2849 | + 0x23, 0x84, 0x62, 0x64, 0x33, 0x83, 0x27, 0x95 }, | |
2850 | + .klen = 32, | |
2851 | + .iv = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | |
2852 | + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, | |
2853 | + .input = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, | |
2854 | + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, | |
2855 | + 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, | |
2856 | + 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, | |
2857 | + 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, | |
2858 | + 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, | |
2859 | + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, | |
2860 | + 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f, | |
2861 | + 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, | |
2862 | + 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, | |
2863 | + 0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, | |
2864 | + 0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f, | |
2865 | + 0x60, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, | |
2866 | + 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f, | |
2867 | + 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, | |
2868 | + 0x78, 0x79, 0x7a, 0x7b, 0x7c, 0x7d, 0x7e, 0x7f, | |
2869 | + 0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, | |
2870 | + 0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f, | |
2871 | + 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97, | |
2872 | + 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f, | |
2873 | + 0xa0, 0xa1, 0xa2, 0xa3, 0xa4, 0xa5, 0xa6, 0xa7, | |
2874 | + 0xa8, 0xa9, 0xaa, 0xab, 0xac, 0xad, 0xae, 0xaf, | |
2875 | + 0xb0, 0xb1, 0xb2, 0xb3, 0xb4, 0xb5, 0xb6, 0xb7, | |
2876 | + 0xb8, 0xb9, 0xba, 0xbb, 0xbc, 0xbd, 0xbe, 0xbf, | |
2877 | + 0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7, | |
2878 | + 0xc8, 0xc9, 0xca, 0xcb, 0xcc, 0xcd, 0xce, 0xcf, | |
2879 | + 0xd0, 0xd1, 0xd2, 0xd3, 0xd4, 0xd5, 0xd6, 0xd7, | |
2880 | + 0xd8, 0xd9, 0xda, 0xdb, 0xdc, 0xdd, 0xde, 0xdf, | |
2881 | + 0xe0, 0xe1, 0xe2, 0xe3, 0xe4, 0xe5, 0xe6, 0xe7, | |
2882 | + 0xe8, 0xe9, 0xea, 0xeb, 0xec, 0xed, 0xee, 0xef, | |
2883 | + 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, | |
2884 | + 0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd, 0xfe, 0xff, | |
2885 | + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, | |
2886 | + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, | |
2887 | + 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, | |
2888 | + 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, | |
2889 | + 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, | |
2890 | + 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, | |
2891 | + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, | |
2892 | + 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f, | |
2893 | + 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, | |
2894 | + 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, | |
2895 | + 0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, | |
2896 | + 0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f, | |
2897 | + 0x60, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, | |
2898 | + 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f, | |
2899 | + 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, | |
2900 | + 0x78, 0x79, 0x7a, 0x7b, 0x7c, 0x7d, 0x7e, 0x7f, | |
2901 | + 0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, | |
2902 | + 0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f, | |
2903 | + 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97, | |
2904 | + 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f, | |
2905 | + 0xa0, 0xa1, 0xa2, 0xa3, 0xa4, 0xa5, 0xa6, 0xa7, | |
2906 | + 0xa8, 0xa9, 0xaa, 0xab, 0xac, 0xad, 0xae, 0xaf, | |
2907 | + 0xb0, 0xb1, 0xb2, 0xb3, 0xb4, 0xb5, 0xb6, 0xb7, | |
2908 | + 0xb8, 0xb9, 0xba, 0xbb, 0xbc, 0xbd, 0xbe, 0xbf, | |
2909 | + 0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7, | |
2910 | + 0xc8, 0xc9, 0xca, 0xcb, 0xcc, 0xcd, 0xce, 0xcf, | |
2911 | + 0xd0, 0xd1, 0xd2, 0xd3, 0xd4, 0xd5, 0xd6, 0xd7, | |
2912 | + 0xd8, 0xd9, 0xda, 0xdb, 0xdc, 0xdd, 0xde, 0xdf, | |
2913 | + 0xe0, 0xe1, 0xe2, 0xe3, 0xe4, 0xe5, 0xe6, 0xe7, | |
2914 | + 0xe8, 0xe9, 0xea, 0xeb, 0xec, 0xed, 0xee, 0xef, | |
2915 | + 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, | |
2916 | + 0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd, 0xfe, 0xff }, | |
2917 | + .ilen = 512, | |
2918 | + .result = { 0x27, 0xa7, 0x47, 0x9b, 0xef, 0xa1, 0xd4, 0x76, | |
2919 | + 0x48, 0x9f, 0x30, 0x8c, 0xd4, 0xcf, 0xa6, 0xe2, | |
2920 | + 0xa9, 0x6e, 0x4b, 0xbe, 0x32, 0x08, 0xff, 0x25, | |
2921 | + 0x28, 0x7d, 0xd3, 0x81, 0x96, 0x16, 0xe8, 0x9c, | |
2922 | + 0xc7, 0x8c, 0xf7, 0xf5, 0xe5, 0x43, 0x44, 0x5f, | |
2923 | + 0x83, 0x33, 0xd8, 0xfa, 0x7f, 0x56, 0x00, 0x00, | |
2924 | + 0x05, 0x27, 0x9f, 0xa5, 0xd8, 0xb5, 0xe4, 0xad, | |
2925 | + 0x40, 0xe7, 0x36, 0xdd, 0xb4, 0xd3, 0x54, 0x12, | |
2926 | + 0x32, 0x80, 0x63, 0xfd, 0x2a, 0xab, 0x53, 0xe5, | |
2927 | + 0xea, 0x1e, 0x0a, 0x9f, 0x33, 0x25, 0x00, 0xa5, | |
2928 | + 0xdf, 0x94, 0x87, 0xd0, 0x7a, 0x5c, 0x92, 0xcc, | |
2929 | + 0x51, 0x2c, 0x88, 0x66, 0xc7, 0xe8, 0x60, 0xce, | |
2930 | + 0x93, 0xfd, 0xf1, 0x66, 0xa2, 0x49, 0x12, 0xb4, | |
2931 | + 0x22, 0x97, 0x61, 0x46, 0xae, 0x20, 0xce, 0x84, | |
2932 | + 0x6b, 0xb7, 0xdc, 0x9b, 0xa9, 0x4a, 0x76, 0x7a, | |
2933 | + 0xae, 0xf2, 0x0c, 0x0d, 0x61, 0xad, 0x02, 0x65, | |
2934 | + 0x5e, 0xa9, 0x2d, 0xc4, 0xc4, 0xe4, 0x1a, 0x89, | |
2935 | + 0x52, 0xc6, 0x51, 0xd3, 0x31, 0x74, 0xbe, 0x51, | |
2936 | + 0xa1, 0x0c, 0x42, 0x11, 0x10, 0xe6, 0xd8, 0x15, | |
2937 | + 0x88, 0xed, 0xe8, 0x21, 0x03, 0xa2, 0x52, 0xd8, | |
2938 | + 0xa7, 0x50, 0xe8, 0x76, 0x8d, 0xef, 0xff, 0xed, | |
2939 | + 0x91, 0x22, 0x81, 0x0a, 0xae, 0xb9, 0x9f, 0x91, | |
2940 | + 0x72, 0xaf, 0x82, 0xb6, 0x04, 0xdc, 0x4b, 0x8e, | |
2941 | + 0x51, 0xbc, 0xb0, 0x82, 0x35, 0xa6, 0xf4, 0x34, | |
2942 | + 0x13, 0x32, 0xe4, 0xca, 0x60, 0x48, 0x2a, 0x4b, | |
2943 | + 0xa1, 0xa0, 0x3b, 0x3e, 0x65, 0x00, 0x8f, 0xc5, | |
2944 | + 0xda, 0x76, 0xb7, 0x0b, 0xf1, 0x69, 0x0d, 0xb4, | |
2945 | + 0xea, 0xe2, 0x9c, 0x5f, 0x1b, 0xad, 0xd0, 0x3c, | |
2946 | + 0x5c, 0xcf, 0x2a, 0x55, 0xd7, 0x05, 0xdd, 0xcd, | |
2947 | + 0x86, 0xd4, 0x49, 0x51, 0x1c, 0xeb, 0x7e, 0xc3, | |
2948 | + 0x0b, 0xf1, 0x2b, 0x1f, 0xa3, 0x5b, 0x91, 0x3f, | |
2949 | + 0x9f, 0x74, 0x7a, 0x8a, 0xfd, 0x1b, 0x13, 0x0e, | |
2950 | + 0x94, 0xbf, 0xf9, 0x4e, 0xff, 0xd0, 0x1a, 0x91, | |
2951 | + 0x73, 0x5c, 0xa1, 0x72, 0x6a, 0xcd, 0x0b, 0x19, | |
2952 | + 0x7c, 0x4e, 0x5b, 0x03, 0x39, 0x36, 0x97, 0xe1, | |
2953 | + 0x26, 0x82, 0x6f, 0xb6, 0xbb, 0xde, 0x8e, 0xcc, | |
2954 | + 0x1e, 0x08, 0x29, 0x85, 0x16, 0xe2, 0xc9, 0xed, | |
2955 | + 0x03, 0xff, 0x3c, 0x1b, 0x78, 0x60, 0xf6, 0xde, | |
2956 | + 0x76, 0xd4, 0xce, 0xcd, 0x94, 0xc8, 0x11, 0x98, | |
2957 | + 0x55, 0xef, 0x52, 0x97, 0xca, 0x67, 0xe9, 0xf3, | |
2958 | + 0xe7, 0xff, 0x72, 0xb1, 0xe9, 0x97, 0x85, 0xca, | |
2959 | + 0x0a, 0x7e, 0x77, 0x20, 0xc5, 0xb3, 0x6d, 0xc6, | |
2960 | + 0xd7, 0x2c, 0xac, 0x95, 0x74, 0xc8, 0xcb, 0xbc, | |
2961 | + 0x2f, 0x80, 0x1e, 0x23, 0xe5, 0x6f, 0xd3, 0x44, | |
2962 | + 0xb0, 0x7f, 0x22, 0x15, 0x4b, 0xeb, 0xa0, 0xf0, | |
2963 | + 0x8c, 0xe8, 0x89, 0x1e, 0x64, 0x3e, 0xd9, 0x95, | |
2964 | + 0xc9, 0x4d, 0x9a, 0x69, 0xc9, 0xf1, 0xb5, 0xf4, | |
2965 | + 0x99, 0x02, 0x7a, 0x78, 0x57, 0x2a, 0xee, 0xbd, | |
2966 | + 0x74, 0xd2, 0x0c, 0xc3, 0x98, 0x81, 0xc2, 0x13, | |
2967 | + 0xee, 0x77, 0x0b, 0x10, 0x10, 0xe4, 0xbe, 0xa7, | |
2968 | + 0x18, 0x84, 0x69, 0x77, 0xae, 0x11, 0x9f, 0x7a, | |
2969 | + 0x02, 0x3a, 0xb5, 0x8c, 0xca, 0x0a, 0xd7, 0x52, | |
2970 | + 0xaf, 0xe6, 0x56, 0xbb, 0x3c, 0x17, 0x25, 0x6a, | |
2971 | + 0x9f, 0x6e, 0x9b, 0xf1, 0x9f, 0xdd, 0x5a, 0x38, | |
2972 | + 0xfc, 0x82, 0xbb, 0xe8, 0x72, 0xc5, 0x53, 0x9e, | |
2973 | + 0xdb, 0x60, 0x9e, 0xf4, 0xf7, 0x9c, 0x20, 0x3e, | |
2974 | + 0xbb, 0x14, 0x0f, 0x2e, 0x58, 0x3c, 0xb2, 0xad, | |
2975 | + 0x15, 0xb4, 0xaa, 0x5b, 0x65, 0x50, 0x16, 0xa8, | |
2976 | + 0x44, 0x92, 0x77, 0xdb, 0xd4, 0x77, 0xef, 0x2c, | |
2977 | + 0x8d, 0x6c, 0x01, 0x7d, 0xb7, 0x38, 0xb1, 0x8d, | |
2978 | + 0xeb, 0x4a, 0x42, 0x7d, 0x19, 0x23, 0xce, 0x3f, | |
2979 | + 0xf2, 0x62, 0x73, 0x57, 0x79, 0xa4, 0x18, 0xf2, | |
2980 | + 0x0a, 0x28, 0x2d, 0xf9, 0x20, 0x14, 0x7b, 0xea, | |
2981 | + 0xbe, 0x42, 0x1e, 0xe5, 0x31, 0x9d, 0x05, 0x68 }, | |
2982 | + .rlen = 512, | |
2983 | + } | |
2984 | +}; | |
2985 | + | |
2986 | +static struct cipher_testvec aes_xts_dec_tv_template[] = { | |
2987 | + /* http://grouper.ieee.org/groups/1619/email/pdf00086.pdf */ | |
2988 | + { /* XTS-AES 1 */ | |
2989 | + .key = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | |
2990 | + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | |
2991 | + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | |
2992 | + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, | |
2993 | + .klen = 32, | |
2994 | + .iv = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | |
2995 | + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, | |
2996 | + .input = { 0x91, 0x7c, 0xf6, 0x9e, 0xbd, 0x68, 0xb2, 0xec, | |
2997 | + 0x9b, 0x9f, 0xe9, 0xa3, 0xea, 0xdd, 0xa6, 0x92, | |
2998 | + 0xcd, 0x43, 0xd2, 0xf5, 0x95, 0x98, 0xed, 0x85, | |
2999 | + 0x8c, 0x02, 0xc2, 0x65, 0x2f, 0xbf, 0x92, 0x2e }, | |
3000 | + .ilen = 32, | |
3001 | + .result = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | |
3002 | + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | |
3003 | + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | |
3004 | + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, | |
3005 | + .rlen = 32, | |
3006 | + }, { /* XTS-AES 2 */ | |
3007 | + .key = { 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, | |
3008 | + 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, | |
3009 | + 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, | |
3010 | + 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22 }, | |
3011 | + .klen = 32, | |
3012 | + .iv = { 0x33, 0x33, 0x33, 0x33, 0x33, 0x00, 0x00, 0x00, | |
3013 | + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, | |
3014 | + .input = { 0xc4, 0x54, 0x18, 0x5e, 0x6a, 0x16, 0x93, 0x6e, | |
3015 | + 0x39, 0x33, 0x40, 0x38, 0xac, 0xef, 0x83, 0x8b, | |
3016 | + 0xfb, 0x18, 0x6f, 0xff, 0x74, 0x80, 0xad, 0xc4, | |
3017 | + 0x28, 0x93, 0x82, 0xec, 0xd6, 0xd3, 0x94, 0xf0 }, | |
3018 | + .ilen = 32, | |
3019 | + .result = { 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, | |
3020 | + 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, | |
3021 | + 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, | |
3022 | + 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44 }, | |
3023 | + .rlen = 32, | |
3024 | + }, { /* XTS-AES 3 */ | |
3025 | + .key = { 0xff, 0xfe, 0xfd, 0xfc, 0xfb, 0xfa, 0xf9, 0xf8, | |
3026 | + 0xf7, 0xf6, 0xf5, 0xf4, 0xf3, 0xf2, 0xf1, 0xf0, | |
3027 | + 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, | |
3028 | + 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22 }, | |
3029 | + .klen = 32, | |
3030 | + .iv = { 0x33, 0x33, 0x33, 0x33, 0x33, 0x00, 0x00, 0x00, | |
3031 | + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, | |
3032 | + .input = { 0xaf, 0x85, 0x33, 0x6b, 0x59, 0x7a, 0xfc, 0x1a, | |
3033 | + 0x90, 0x0b, 0x2e, 0xb2, 0x1e, 0xc9, 0x49, 0xd2, | |
3034 | + 0x92, 0xdf, 0x4c, 0x04, 0x7e, 0x0b, 0x21, 0x53, | |
3035 | + 0x21, 0x86, 0xa5, 0x97, 0x1a, 0x22, 0x7a, 0x89 }, | |
3036 | + .ilen = 32, | |
3037 | + .result = { 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, | |
3038 | + 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, | |
3039 | + 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, | |
3040 | + 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44 }, | |
3041 | + .rlen = 32, | |
3042 | + }, { /* XTS-AES 4 */ | |
3043 | + .key = { 0x27, 0x18, 0x28, 0x18, 0x28, 0x45, 0x90, 0x45, | |
3044 | + 0x23, 0x53, 0x60, 0x28, 0x74, 0x71, 0x35, 0x26, | |
3045 | + 0x31, 0x41, 0x59, 0x26, 0x53, 0x58, 0x97, 0x93, | |
3046 | + 0x23, 0x84, 0x62, 0x64, 0x33, 0x83, 0x27, 0x95 }, | |
3047 | + .klen = 32, | |
3048 | + .iv = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | |
3049 | + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, | |
3050 | + .input = { 0x27, 0xa7, 0x47, 0x9b, 0xef, 0xa1, 0xd4, 0x76, | |
3051 | + 0x48, 0x9f, 0x30, 0x8c, 0xd4, 0xcf, 0xa6, 0xe2, | |
3052 | + 0xa9, 0x6e, 0x4b, 0xbe, 0x32, 0x08, 0xff, 0x25, | |
3053 | + 0x28, 0x7d, 0xd3, 0x81, 0x96, 0x16, 0xe8, 0x9c, | |
3054 | + 0xc7, 0x8c, 0xf7, 0xf5, 0xe5, 0x43, 0x44, 0x5f, | |
3055 | + 0x83, 0x33, 0xd8, 0xfa, 0x7f, 0x56, 0x00, 0x00, | |
3056 | + 0x05, 0x27, 0x9f, 0xa5, 0xd8, 0xb5, 0xe4, 0xad, | |
3057 | + 0x40, 0xe7, 0x36, 0xdd, 0xb4, 0xd3, 0x54, 0x12, | |
3058 | + 0x32, 0x80, 0x63, 0xfd, 0x2a, 0xab, 0x53, 0xe5, | |
3059 | + 0xea, 0x1e, 0x0a, 0x9f, 0x33, 0x25, 0x00, 0xa5, | |
3060 | + 0xdf, 0x94, 0x87, 0xd0, 0x7a, 0x5c, 0x92, 0xcc, | |
3061 | + 0x51, 0x2c, 0x88, 0x66, 0xc7, 0xe8, 0x60, 0xce, | |
3062 | + 0x93, 0xfd, 0xf1, 0x66, 0xa2, 0x49, 0x12, 0xb4, | |
3063 | + 0x22, 0x97, 0x61, 0x46, 0xae, 0x20, 0xce, 0x84, | |
3064 | + 0x6b, 0xb7, 0xdc, 0x9b, 0xa9, 0x4a, 0x76, 0x7a, | |
3065 | + 0xae, 0xf2, 0x0c, 0x0d, 0x61, 0xad, 0x02, 0x65, | |
3066 | + 0x5e, 0xa9, 0x2d, 0xc4, 0xc4, 0xe4, 0x1a, 0x89, | |
3067 | + 0x52, 0xc6, 0x51, 0xd3, 0x31, 0x74, 0xbe, 0x51, | |
3068 | + 0xa1, 0x0c, 0x42, 0x11, 0x10, 0xe6, 0xd8, 0x15, | |
3069 | + 0x88, 0xed, 0xe8, 0x21, 0x03, 0xa2, 0x52, 0xd8, | |
3070 | + 0xa7, 0x50, 0xe8, 0x76, 0x8d, 0xef, 0xff, 0xed, | |
3071 | + 0x91, 0x22, 0x81, 0x0a, 0xae, 0xb9, 0x9f, 0x91, | |
3072 | + 0x72, 0xaf, 0x82, 0xb6, 0x04, 0xdc, 0x4b, 0x8e, | |
3073 | + 0x51, 0xbc, 0xb0, 0x82, 0x35, 0xa6, 0xf4, 0x34, | |
3074 | + 0x13, 0x32, 0xe4, 0xca, 0x60, 0x48, 0x2a, 0x4b, | |
3075 | + 0xa1, 0xa0, 0x3b, 0x3e, 0x65, 0x00, 0x8f, 0xc5, | |
3076 | + 0xda, 0x76, 0xb7, 0x0b, 0xf1, 0x69, 0x0d, 0xb4, | |
3077 | + 0xea, 0xe2, 0x9c, 0x5f, 0x1b, 0xad, 0xd0, 0x3c, | |
3078 | + 0x5c, 0xcf, 0x2a, 0x55, 0xd7, 0x05, 0xdd, 0xcd, | |
3079 | + 0x86, 0xd4, 0x49, 0x51, 0x1c, 0xeb, 0x7e, 0xc3, | |
3080 | + 0x0b, 0xf1, 0x2b, 0x1f, 0xa3, 0x5b, 0x91, 0x3f, | |
3081 | + 0x9f, 0x74, 0x7a, 0x8a, 0xfd, 0x1b, 0x13, 0x0e, | |
3082 | + 0x94, 0xbf, 0xf9, 0x4e, 0xff, 0xd0, 0x1a, 0x91, | |
3083 | + 0x73, 0x5c, 0xa1, 0x72, 0x6a, 0xcd, 0x0b, 0x19, | |
3084 | + 0x7c, 0x4e, 0x5b, 0x03, 0x39, 0x36, 0x97, 0xe1, | |
3085 | + 0x26, 0x82, 0x6f, 0xb6, 0xbb, 0xde, 0x8e, 0xcc, | |
3086 | + 0x1e, 0x08, 0x29, 0x85, 0x16, 0xe2, 0xc9, 0xed, | |
3087 | + 0x03, 0xff, 0x3c, 0x1b, 0x78, 0x60, 0xf6, 0xde, | |
3088 | + 0x76, 0xd4, 0xce, 0xcd, 0x94, 0xc8, 0x11, 0x98, | |
3089 | + 0x55, 0xef, 0x52, 0x97, 0xca, 0x67, 0xe9, 0xf3, | |
3090 | + 0xe7, 0xff, 0x72, 0xb1, 0xe9, 0x97, 0x85, 0xca, | |
3091 | + 0x0a, 0x7e, 0x77, 0x20, 0xc5, 0xb3, 0x6d, 0xc6, | |
3092 | + 0xd7, 0x2c, 0xac, 0x95, 0x74, 0xc8, 0xcb, 0xbc, | |
3093 | + 0x2f, 0x80, 0x1e, 0x23, 0xe5, 0x6f, 0xd3, 0x44, | |
3094 | + 0xb0, 0x7f, 0x22, 0x15, 0x4b, 0xeb, 0xa0, 0xf0, | |
3095 | + 0x8c, 0xe8, 0x89, 0x1e, 0x64, 0x3e, 0xd9, 0x95, | |
3096 | + 0xc9, 0x4d, 0x9a, 0x69, 0xc9, 0xf1, 0xb5, 0xf4, | |
3097 | + 0x99, 0x02, 0x7a, 0x78, 0x57, 0x2a, 0xee, 0xbd, | |
3098 | + 0x74, 0xd2, 0x0c, 0xc3, 0x98, 0x81, 0xc2, 0x13, | |
3099 | + 0xee, 0x77, 0x0b, 0x10, 0x10, 0xe4, 0xbe, 0xa7, | |
3100 | + 0x18, 0x84, 0x69, 0x77, 0xae, 0x11, 0x9f, 0x7a, | |
3101 | + 0x02, 0x3a, 0xb5, 0x8c, 0xca, 0x0a, 0xd7, 0x52, | |
3102 | + 0xaf, 0xe6, 0x56, 0xbb, 0x3c, 0x17, 0x25, 0x6a, | |
3103 | + 0x9f, 0x6e, 0x9b, 0xf1, 0x9f, 0xdd, 0x5a, 0x38, | |
3104 | + 0xfc, 0x82, 0xbb, 0xe8, 0x72, 0xc5, 0x53, 0x9e, | |
3105 | + 0xdb, 0x60, 0x9e, 0xf4, 0xf7, 0x9c, 0x20, 0x3e, | |
3106 | + 0xbb, 0x14, 0x0f, 0x2e, 0x58, 0x3c, 0xb2, 0xad, | |
3107 | + 0x15, 0xb4, 0xaa, 0x5b, 0x65, 0x50, 0x16, 0xa8, | |
3108 | + 0x44, 0x92, 0x77, 0xdb, 0xd4, 0x77, 0xef, 0x2c, | |
3109 | + 0x8d, 0x6c, 0x01, 0x7d, 0xb7, 0x38, 0xb1, 0x8d, | |
3110 | + 0xeb, 0x4a, 0x42, 0x7d, 0x19, 0x23, 0xce, 0x3f, | |
3111 | + 0xf2, 0x62, 0x73, 0x57, 0x79, 0xa4, 0x18, 0xf2, | |
3112 | + 0x0a, 0x28, 0x2d, 0xf9, 0x20, 0x14, 0x7b, 0xea, | |
3113 | + 0xbe, 0x42, 0x1e, 0xe5, 0x31, 0x9d, 0x05, 0x68 }, | |
3114 | + .ilen = 512, | |
3115 | + .result = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, | |
3116 | + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, | |
3117 | + 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, | |
3118 | + 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, | |
3119 | + 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, | |
3120 | + 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, | |
3121 | + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, | |
3122 | + 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f, | |
3123 | + 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, | |
3124 | + 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, | |
3125 | + 0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, | |
3126 | + 0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f, | |
3127 | + 0x60, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, | |
3128 | + 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f, | |
3129 | + 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, | |
3130 | + 0x78, 0x79, 0x7a, 0x7b, 0x7c, 0x7d, 0x7e, 0x7f, | |
3131 | + 0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, | |
3132 | + 0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f, | |
3133 | + 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97, | |
3134 | + 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f, | |
3135 | + 0xa0, 0xa1, 0xa2, 0xa3, 0xa4, 0xa5, 0xa6, 0xa7, | |
3136 | + 0xa8, 0xa9, 0xaa, 0xab, 0xac, 0xad, 0xae, 0xaf, | |
3137 | + 0xb0, 0xb1, 0xb2, 0xb3, 0xb4, 0xb5, 0xb6, 0xb7, | |
3138 | + 0xb8, 0xb9, 0xba, 0xbb, 0xbc, 0xbd, 0xbe, 0xbf, | |
3139 | + 0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7, | |
3140 | + 0xc8, 0xc9, 0xca, 0xcb, 0xcc, 0xcd, 0xce, 0xcf, | |
3141 | + 0xd0, 0xd1, 0xd2, 0xd3, 0xd4, 0xd5, 0xd6, 0xd7, | |
3142 | + 0xd8, 0xd9, 0xda, 0xdb, 0xdc, 0xdd, 0xde, 0xdf, | |
3143 | + 0xe0, 0xe1, 0xe2, 0xe3, 0xe4, 0xe5, 0xe6, 0xe7, | |
3144 | + 0xe8, 0xe9, 0xea, 0xeb, 0xec, 0xed, 0xee, 0xef, | |
3145 | + 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, | |
3146 | + 0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd, 0xfe, 0xff, | |
3147 | + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, | |
3148 | + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, | |
3149 | + 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, | |
3150 | + 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, | |
3151 | + 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, | |
3152 | + 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, | |
3153 | + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, | |
3154 | + 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f, | |
3155 | + 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, | |
3156 | + 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, | |
3157 | + 0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, | |
3158 | + 0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f, | |
3159 | + 0x60, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, | |
3160 | + 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f, | |
3161 | + 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, | |
3162 | + 0x78, 0x79, 0x7a, 0x7b, 0x7c, 0x7d, 0x7e, 0x7f, | |
3163 | + 0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, | |
3164 | + 0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f, | |
3165 | + 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97, | |
3166 | + 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f, | |
3167 | + 0xa0, 0xa1, 0xa2, 0xa3, 0xa4, 0xa5, 0xa6, 0xa7, | |
3168 | + 0xa8, 0xa9, 0xaa, 0xab, 0xac, 0xad, 0xae, 0xaf, | |
3169 | + 0xb0, 0xb1, 0xb2, 0xb3, 0xb4, 0xb5, 0xb6, 0xb7, | |
3170 | + 0xb8, 0xb9, 0xba, 0xbb, 0xbc, 0xbd, 0xbe, 0xbf, | |
3171 | + 0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7, | |
3172 | + 0xc8, 0xc9, 0xca, 0xcb, 0xcc, 0xcd, 0xce, 0xcf, | |
3173 | + 0xd0, 0xd1, 0xd2, 0xd3, 0xd4, 0xd5, 0xd6, 0xd7, | |
3174 | + 0xd8, 0xd9, 0xda, 0xdb, 0xdc, 0xdd, 0xde, 0xdf, | |
3175 | + 0xe0, 0xe1, 0xe2, 0xe3, 0xe4, 0xe5, 0xe6, 0xe7, | |
3176 | + 0xe8, 0xe9, 0xea, 0xeb, 0xec, 0xed, 0xee, 0xef, | |
3177 | + 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, | |
3178 | + 0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd, 0xfe, 0xff }, | |
3179 | + .rlen = 512, | |
3180 | + } | |
3181 | +}; | |
3182 | + | |
2787 | 3183 | /* Cast5 test vectors from RFC 2144 */ |
2788 | 3184 | #define CAST5_ENC_TEST_VECTORS 3 |
2789 | 3185 | #define CAST5_DEC_TEST_VECTORS 3 |
... | ... | @@ -4278,6 +4674,27 @@ |
4278 | 4674 | { .klen = 48, .blen = 256, }, |
4279 | 4675 | { .klen = 48, .blen = 1024, }, |
4280 | 4676 | { .klen = 48, .blen = 8192, }, |
4677 | + | |
4678 | + /* End marker */ | |
4679 | + { .klen = 0, .blen = 0, } | |
4680 | +}; | |
4681 | + | |
4682 | +static struct cipher_speed aes_xts_speed_template[] = { | |
4683 | + { .klen = 32, .blen = 16, }, | |
4684 | + { .klen = 32, .blen = 64, }, | |
4685 | + { .klen = 32, .blen = 256, }, | |
4686 | + { .klen = 32, .blen = 1024, }, | |
4687 | + { .klen = 32, .blen = 8192, }, | |
4688 | + { .klen = 48, .blen = 16, }, | |
4689 | + { .klen = 48, .blen = 64, }, | |
4690 | + { .klen = 48, .blen = 256, }, | |
4691 | + { .klen = 48, .blen = 1024, }, | |
4692 | + { .klen = 48, .blen = 8192, }, | |
4693 | + { .klen = 64, .blen = 16, }, | |
4694 | + { .klen = 64, .blen = 64, }, | |
4695 | + { .klen = 64, .blen = 256, }, | |
4696 | + { .klen = 64, .blen = 1024, }, | |
4697 | + { .klen = 64, .blen = 8192, }, | |
4281 | 4698 | |
4282 | 4699 | /* End marker */ |
4283 | 4700 | { .klen = 0, .blen = 0, } |
crypto/xts.c
1 | +/* XTS: as defined in IEEE1619/D16 | |
2 | + * http://grouper.ieee.org/groups/1619/email/pdf00086.pdf | |
3 | + * (sector sizes which are not a multiple of 16 bytes are, | |
4 | + * however currently unsupported) | |
5 | + * | |
6 | + * Copyright (c) 2007 Rik Snel <rsnel@cube.dyndns.org> | |
7 | + * | |
8 | + * Based om ecb.c | |
9 | + * Copyright (c) 2006 Herbert Xu <herbert@gondor.apana.org.au> | |
10 | + * | |
11 | + * This program is free software; you can redistribute it and/or modify it | |
12 | + * under the terms of the GNU General Public License as published by the Free | |
13 | + * Software Foundation; either version 2 of the License, or (at your option) | |
14 | + * any later version. | |
15 | + */ | |
16 | +#include <crypto/algapi.h> | |
17 | +#include <linux/err.h> | |
18 | +#include <linux/init.h> | |
19 | +#include <linux/kernel.h> | |
20 | +#include <linux/module.h> | |
21 | +#include <linux/scatterlist.h> | |
22 | +#include <linux/slab.h> | |
23 | + | |
24 | +#include <crypto/b128ops.h> | |
25 | +#include <crypto/gf128mul.h> | |
26 | + | |
27 | +struct priv { | |
28 | + struct crypto_cipher *child; | |
29 | + struct crypto_cipher *tweak; | |
30 | +}; | |
31 | + | |
32 | +static int setkey(struct crypto_tfm *parent, const u8 *key, | |
33 | + unsigned int keylen) | |
34 | +{ | |
35 | + struct priv *ctx = crypto_tfm_ctx(parent); | |
36 | + struct crypto_cipher *child = ctx->tweak; | |
37 | + u32 *flags = &parent->crt_flags; | |
38 | + int err; | |
39 | + | |
40 | + /* key consists of keys of equal size concatenated, therefore | |
41 | + * the length must be even */ | |
42 | + if (keylen % 2) { | |
43 | + /* tell the user why there was an error */ | |
44 | + *flags |= CRYPTO_TFM_RES_BAD_KEY_LEN; | |
45 | + return -EINVAL; | |
46 | + } | |
47 | + | |
48 | + /* we need two cipher instances: one to compute the inital 'tweak' | |
49 | + * by encrypting the IV (usually the 'plain' iv) and the other | |
50 | + * one to encrypt and decrypt the data */ | |
51 | + | |
52 | + /* tweak cipher, uses Key2 i.e. the second half of *key */ | |
53 | + crypto_cipher_clear_flags(child, CRYPTO_TFM_REQ_MASK); | |
54 | + crypto_cipher_set_flags(child, crypto_tfm_get_flags(parent) & | |
55 | + CRYPTO_TFM_REQ_MASK); | |
56 | + err = crypto_cipher_setkey(child, key + keylen/2, keylen/2); | |
57 | + if (err) | |
58 | + return err; | |
59 | + | |
60 | + crypto_tfm_set_flags(parent, crypto_cipher_get_flags(child) & | |
61 | + CRYPTO_TFM_RES_MASK); | |
62 | + | |
63 | + child = ctx->child; | |
64 | + | |
65 | + /* data cipher, uses Key1 i.e. the first half of *key */ | |
66 | + crypto_cipher_clear_flags(child, CRYPTO_TFM_REQ_MASK); | |
67 | + crypto_cipher_set_flags(child, crypto_tfm_get_flags(parent) & | |
68 | + CRYPTO_TFM_REQ_MASK); | |
69 | + err = crypto_cipher_setkey(child, key, keylen/2); | |
70 | + if (err) | |
71 | + return err; | |
72 | + | |
73 | + crypto_tfm_set_flags(parent, crypto_cipher_get_flags(child) & | |
74 | + CRYPTO_TFM_RES_MASK); | |
75 | + | |
76 | + return 0; | |
77 | +} | |
78 | + | |
79 | +struct sinfo { | |
80 | + be128 t; | |
81 | + struct crypto_tfm *tfm; | |
82 | + void (*fn)(struct crypto_tfm *, u8 *, const u8 *); | |
83 | +}; | |
84 | + | |
85 | +static inline void xts_round(struct sinfo *s, void *dst, const void *src) | |
86 | +{ | |
87 | + be128_xor(dst, &s->t, src); /* PP <- T xor P */ | |
88 | + s->fn(s->tfm, dst, dst); /* CC <- E(Key1,PP) */ | |
89 | + be128_xor(dst, dst, &s->t); /* C <- T xor CC */ | |
90 | +} | |
91 | + | |
92 | +static int crypt(struct blkcipher_desc *d, | |
93 | + struct blkcipher_walk *w, struct priv *ctx, | |
94 | + void (*tw)(struct crypto_tfm *, u8 *, const u8 *), | |
95 | + void (*fn)(struct crypto_tfm *, u8 *, const u8 *)) | |
96 | +{ | |
97 | + int err; | |
98 | + unsigned int avail; | |
99 | + const int bs = crypto_cipher_blocksize(ctx->child); | |
100 | + struct sinfo s = { | |
101 | + .tfm = crypto_cipher_tfm(ctx->child), | |
102 | + .fn = fn | |
103 | + }; | |
104 | + be128 *iv; | |
105 | + u8 *wsrc; | |
106 | + u8 *wdst; | |
107 | + | |
108 | + err = blkcipher_walk_virt(d, w); | |
109 | + if (!w->nbytes) | |
110 | + return err; | |
111 | + | |
112 | + avail = w->nbytes; | |
113 | + | |
114 | + wsrc = w->src.virt.addr; | |
115 | + wdst = w->dst.virt.addr; | |
116 | + | |
117 | + /* calculate first value of T */ | |
118 | + iv = (be128 *)w->iv; | |
119 | + tw(crypto_cipher_tfm(ctx->tweak), (void *)&s.t, w->iv); | |
120 | + | |
121 | + goto first; | |
122 | + | |
123 | + for (;;) { | |
124 | + do { | |
125 | + gf128mul_x_ble(&s.t, &s.t); | |
126 | + | |
127 | +first: | |
128 | + xts_round(&s, wdst, wsrc); | |
129 | + | |
130 | + wsrc += bs; | |
131 | + wdst += bs; | |
132 | + } while ((avail -= bs) >= bs); | |
133 | + | |
134 | + err = blkcipher_walk_done(d, w, avail); | |
135 | + if (!w->nbytes) | |
136 | + break; | |
137 | + | |
138 | + avail = w->nbytes; | |
139 | + | |
140 | + wsrc = w->src.virt.addr; | |
141 | + wdst = w->dst.virt.addr; | |
142 | + } | |
143 | + | |
144 | + return err; | |
145 | +} | |
146 | + | |
147 | +static int encrypt(struct blkcipher_desc *desc, struct scatterlist *dst, | |
148 | + struct scatterlist *src, unsigned int nbytes) | |
149 | +{ | |
150 | + struct priv *ctx = crypto_blkcipher_ctx(desc->tfm); | |
151 | + struct blkcipher_walk w; | |
152 | + | |
153 | + blkcipher_walk_init(&w, dst, src, nbytes); | |
154 | + return crypt(desc, &w, ctx, crypto_cipher_alg(ctx->tweak)->cia_encrypt, | |
155 | + crypto_cipher_alg(ctx->child)->cia_encrypt); | |
156 | +} | |
157 | + | |
158 | +static int decrypt(struct blkcipher_desc *desc, struct scatterlist *dst, | |
159 | + struct scatterlist *src, unsigned int nbytes) | |
160 | +{ | |
161 | + struct priv *ctx = crypto_blkcipher_ctx(desc->tfm); | |
162 | + struct blkcipher_walk w; | |
163 | + | |
164 | + blkcipher_walk_init(&w, dst, src, nbytes); | |
165 | + return crypt(desc, &w, ctx, crypto_cipher_alg(ctx->tweak)->cia_encrypt, | |
166 | + crypto_cipher_alg(ctx->child)->cia_decrypt); | |
167 | +} | |
168 | + | |
169 | +static int init_tfm(struct crypto_tfm *tfm) | |
170 | +{ | |
171 | + struct crypto_cipher *cipher; | |
172 | + struct crypto_instance *inst = (void *)tfm->__crt_alg; | |
173 | + struct crypto_spawn *spawn = crypto_instance_ctx(inst); | |
174 | + struct priv *ctx = crypto_tfm_ctx(tfm); | |
175 | + u32 *flags = &tfm->crt_flags; | |
176 | + | |
177 | + cipher = crypto_spawn_cipher(spawn); | |
178 | + if (IS_ERR(cipher)) | |
179 | + return PTR_ERR(cipher); | |
180 | + | |
181 | + if (crypto_cipher_blocksize(cipher) != 16) { | |
182 | + *flags |= CRYPTO_TFM_RES_BAD_BLOCK_LEN; | |
183 | + crypto_free_cipher(cipher); | |
184 | + return -EINVAL; | |
185 | + } | |
186 | + | |
187 | + ctx->child = cipher; | |
188 | + | |
189 | + cipher = crypto_spawn_cipher(spawn); | |
190 | + if (IS_ERR(cipher)) { | |
191 | + crypto_free_cipher(ctx->child); | |
192 | + return PTR_ERR(cipher); | |
193 | + } | |
194 | + | |
195 | + /* this check isn't really needed, leave it here just in case */ | |
196 | + if (crypto_cipher_blocksize(cipher) != 16) { | |
197 | + crypto_free_cipher(cipher); | |
198 | + crypto_free_cipher(ctx->child); | |
199 | + *flags |= CRYPTO_TFM_RES_BAD_BLOCK_LEN; | |
200 | + return -EINVAL; | |
201 | + } | |
202 | + | |
203 | + ctx->tweak = cipher; | |
204 | + | |
205 | + return 0; | |
206 | +} | |
207 | + | |
208 | +static void exit_tfm(struct crypto_tfm *tfm) | |
209 | +{ | |
210 | + struct priv *ctx = crypto_tfm_ctx(tfm); | |
211 | + crypto_free_cipher(ctx->child); | |
212 | + crypto_free_cipher(ctx->tweak); | |
213 | +} | |
214 | + | |
215 | +static struct crypto_instance *alloc(struct rtattr **tb) | |
216 | +{ | |
217 | + struct crypto_instance *inst; | |
218 | + struct crypto_alg *alg; | |
219 | + int err; | |
220 | + | |
221 | + err = crypto_check_attr_type(tb, CRYPTO_ALG_TYPE_BLKCIPHER); | |
222 | + if (err) | |
223 | + return ERR_PTR(err); | |
224 | + | |
225 | + alg = crypto_get_attr_alg(tb, CRYPTO_ALG_TYPE_CIPHER, | |
226 | + CRYPTO_ALG_TYPE_MASK); | |
227 | + if (IS_ERR(alg)) | |
228 | + return ERR_PTR(PTR_ERR(alg)); | |
229 | + | |
230 | + inst = crypto_alloc_instance("xts", alg); | |
231 | + if (IS_ERR(inst)) | |
232 | + goto out_put_alg; | |
233 | + | |
234 | + inst->alg.cra_flags = CRYPTO_ALG_TYPE_BLKCIPHER; | |
235 | + inst->alg.cra_priority = alg->cra_priority; | |
236 | + inst->alg.cra_blocksize = alg->cra_blocksize; | |
237 | + | |
238 | + if (alg->cra_alignmask < 7) | |
239 | + inst->alg.cra_alignmask = 7; | |
240 | + else | |
241 | + inst->alg.cra_alignmask = alg->cra_alignmask; | |
242 | + | |
243 | + inst->alg.cra_type = &crypto_blkcipher_type; | |
244 | + | |
245 | + inst->alg.cra_blkcipher.ivsize = alg->cra_blocksize; | |
246 | + inst->alg.cra_blkcipher.min_keysize = | |
247 | + 2 * alg->cra_cipher.cia_min_keysize; | |
248 | + inst->alg.cra_blkcipher.max_keysize = | |
249 | + 2 * alg->cra_cipher.cia_max_keysize; | |
250 | + | |
251 | + inst->alg.cra_ctxsize = sizeof(struct priv); | |
252 | + | |
253 | + inst->alg.cra_init = init_tfm; | |
254 | + inst->alg.cra_exit = exit_tfm; | |
255 | + | |
256 | + inst->alg.cra_blkcipher.setkey = setkey; | |
257 | + inst->alg.cra_blkcipher.encrypt = encrypt; | |
258 | + inst->alg.cra_blkcipher.decrypt = decrypt; | |
259 | + | |
260 | +out_put_alg: | |
261 | + crypto_mod_put(alg); | |
262 | + return inst; | |
263 | +} | |
264 | + | |
265 | +static void free(struct crypto_instance *inst) | |
266 | +{ | |
267 | + crypto_drop_spawn(crypto_instance_ctx(inst)); | |
268 | + kfree(inst); | |
269 | +} | |
270 | + | |
271 | +static struct crypto_template crypto_tmpl = { | |
272 | + .name = "xts", | |
273 | + .alloc = alloc, | |
274 | + .free = free, | |
275 | + .module = THIS_MODULE, | |
276 | +}; | |
277 | + | |
278 | +static int __init crypto_module_init(void) | |
279 | +{ | |
280 | + return crypto_register_template(&crypto_tmpl); | |
281 | +} | |
282 | + | |
283 | +static void __exit crypto_module_exit(void) | |
284 | +{ | |
285 | + crypto_unregister_template(&crypto_tmpl); | |
286 | +} | |
287 | + | |
288 | +module_init(crypto_module_init); | |
289 | +module_exit(crypto_module_exit); | |
290 | + | |
291 | +MODULE_LICENSE("GPL"); | |
292 | +MODULE_DESCRIPTION("XTS block cipher mode"); |
include/crypto/gf128mul.h