Commit 2deed786d99390d5abe06a2a300d0643305bffcb
Committed by
Herbert Xu
1 parent
7f4e3e3fa5
Exists in
master
and in
20 other branches
crypto: serpent - rename serpent.c to serpent_generic.c
Now that serpent.c has been cleaned from checkpatch warnings, we can do clean rename. Signed-off-by: Jussi Kivilinna <jussi.kivilinna@mbnet.fi> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Showing 3 changed files with 684 additions and 686 deletions Side-by-side Diff
crypto/Makefile
... | ... | @@ -65,8 +65,6 @@ |
65 | 65 | obj-$(CONFIG_CRYPTO_BLOWFISH_COMMON) += blowfish_common.o |
66 | 66 | obj-$(CONFIG_CRYPTO_TWOFISH) += twofish_generic.o |
67 | 67 | obj-$(CONFIG_CRYPTO_TWOFISH_COMMON) += twofish_common.o |
68 | - | |
69 | -serpent_generic-y := serpent.o | |
70 | 68 | obj-$(CONFIG_CRYPTO_SERPENT) += serpent_generic.o |
71 | 69 | obj-$(CONFIG_CRYPTO_AES) += aes_generic.o |
72 | 70 | obj-$(CONFIG_CRYPTO_CAMELLIA) += camellia.o |
crypto/serpent.c
1 | -/* | |
2 | - * Cryptographic API. | |
3 | - * | |
4 | - * Serpent Cipher Algorithm. | |
5 | - * | |
6 | - * Copyright (C) 2002 Dag Arne Osvik <osvik@ii.uib.no> | |
7 | - * 2003 Herbert Valerio Riedel <hvr@gnu.org> | |
8 | - * | |
9 | - * Added tnepres support: | |
10 | - * Ruben Jesus Garcia Hernandez <ruben@ugr.es>, 18.10.2004 | |
11 | - * Based on code by hvr | |
12 | - * | |
13 | - * This program is free software; you can redistribute it and/or modify | |
14 | - * it under the terms of the GNU General Public License as published by | |
15 | - * the Free Software Foundation; either version 2 of the License, or | |
16 | - * (at your option) any later version. | |
17 | - */ | |
18 | - | |
19 | -#include <linux/init.h> | |
20 | -#include <linux/module.h> | |
21 | -#include <linux/errno.h> | |
22 | -#include <asm/byteorder.h> | |
23 | -#include <linux/crypto.h> | |
24 | -#include <linux/types.h> | |
25 | -#include <crypto/serpent.h> | |
26 | - | |
27 | -/* Key is padded to the maximum of 256 bits before round key generation. | |
28 | - * Any key length <= 256 bits (32 bytes) is allowed by the algorithm. | |
29 | - */ | |
30 | - | |
31 | -#define PHI 0x9e3779b9UL | |
32 | - | |
33 | -#define keyiter(a, b, c, d, i, j) \ | |
34 | - ({ b ^= d; b ^= c; b ^= a; b ^= PHI ^ i; b = rol32(b, 11); k[j] = b; }) | |
35 | - | |
36 | -#define loadkeys(x0, x1, x2, x3, i) \ | |
37 | - ({ x0 = k[i]; x1 = k[i+1]; x2 = k[i+2]; x3 = k[i+3]; }) | |
38 | - | |
39 | -#define storekeys(x0, x1, x2, x3, i) \ | |
40 | - ({ k[i] = x0; k[i+1] = x1; k[i+2] = x2; k[i+3] = x3; }) | |
41 | - | |
42 | -#define store_and_load_keys(x0, x1, x2, x3, s, l) \ | |
43 | - ({ storekeys(x0, x1, x2, x3, s); loadkeys(x0, x1, x2, x3, l); }) | |
44 | - | |
45 | -#define K(x0, x1, x2, x3, i) ({ \ | |
46 | - x3 ^= k[4*(i)+3]; x2 ^= k[4*(i)+2]; \ | |
47 | - x1 ^= k[4*(i)+1]; x0 ^= k[4*(i)+0]; \ | |
48 | - }) | |
49 | - | |
50 | -#define LK(x0, x1, x2, x3, x4, i) ({ \ | |
51 | - x0 = rol32(x0, 13);\ | |
52 | - x2 = rol32(x2, 3); x1 ^= x0; x4 = x0 << 3; \ | |
53 | - x3 ^= x2; x1 ^= x2; \ | |
54 | - x1 = rol32(x1, 1); x3 ^= x4; \ | |
55 | - x3 = rol32(x3, 7); x4 = x1; \ | |
56 | - x0 ^= x1; x4 <<= 7; x2 ^= x3; \ | |
57 | - x0 ^= x3; x2 ^= x4; x3 ^= k[4*i+3]; \ | |
58 | - x1 ^= k[4*i+1]; x0 = rol32(x0, 5); x2 = rol32(x2, 22);\ | |
59 | - x0 ^= k[4*i+0]; x2 ^= k[4*i+2]; \ | |
60 | - }) | |
61 | - | |
62 | -#define KL(x0, x1, x2, x3, x4, i) ({ \ | |
63 | - x0 ^= k[4*i+0]; x1 ^= k[4*i+1]; x2 ^= k[4*i+2]; \ | |
64 | - x3 ^= k[4*i+3]; x0 = ror32(x0, 5); x2 = ror32(x2, 22);\ | |
65 | - x4 = x1; x2 ^= x3; x0 ^= x3; \ | |
66 | - x4 <<= 7; x0 ^= x1; x1 = ror32(x1, 1); \ | |
67 | - x2 ^= x4; x3 = ror32(x3, 7); x4 = x0 << 3; \ | |
68 | - x1 ^= x0; x3 ^= x4; x0 = ror32(x0, 13);\ | |
69 | - x1 ^= x2; x3 ^= x2; x2 = ror32(x2, 3); \ | |
70 | - }) | |
71 | - | |
72 | -#define S0(x0, x1, x2, x3, x4) ({ \ | |
73 | - x4 = x3; \ | |
74 | - x3 |= x0; x0 ^= x4; x4 ^= x2; \ | |
75 | - x4 = ~x4; x3 ^= x1; x1 &= x0; \ | |
76 | - x1 ^= x4; x2 ^= x0; x0 ^= x3; \ | |
77 | - x4 |= x0; x0 ^= x2; x2 &= x1; \ | |
78 | - x3 ^= x2; x1 = ~x1; x2 ^= x4; \ | |
79 | - x1 ^= x2; \ | |
80 | - }) | |
81 | - | |
82 | -#define S1(x0, x1, x2, x3, x4) ({ \ | |
83 | - x4 = x1; \ | |
84 | - x1 ^= x0; x0 ^= x3; x3 = ~x3; \ | |
85 | - x4 &= x1; x0 |= x1; x3 ^= x2; \ | |
86 | - x0 ^= x3; x1 ^= x3; x3 ^= x4; \ | |
87 | - x1 |= x4; x4 ^= x2; x2 &= x0; \ | |
88 | - x2 ^= x1; x1 |= x0; x0 = ~x0; \ | |
89 | - x0 ^= x2; x4 ^= x1; \ | |
90 | - }) | |
91 | - | |
92 | -#define S2(x0, x1, x2, x3, x4) ({ \ | |
93 | - x3 = ~x3; \ | |
94 | - x1 ^= x0; x4 = x0; x0 &= x2; \ | |
95 | - x0 ^= x3; x3 |= x4; x2 ^= x1; \ | |
96 | - x3 ^= x1; x1 &= x0; x0 ^= x2; \ | |
97 | - x2 &= x3; x3 |= x1; x0 = ~x0; \ | |
98 | - x3 ^= x0; x4 ^= x0; x0 ^= x2; \ | |
99 | - x1 |= x2; \ | |
100 | - }) | |
101 | - | |
102 | -#define S3(x0, x1, x2, x3, x4) ({ \ | |
103 | - x4 = x1; \ | |
104 | - x1 ^= x3; x3 |= x0; x4 &= x0; \ | |
105 | - x0 ^= x2; x2 ^= x1; x1 &= x3; \ | |
106 | - x2 ^= x3; x0 |= x4; x4 ^= x3; \ | |
107 | - x1 ^= x0; x0 &= x3; x3 &= x4; \ | |
108 | - x3 ^= x2; x4 |= x1; x2 &= x1; \ | |
109 | - x4 ^= x3; x0 ^= x3; x3 ^= x2; \ | |
110 | - }) | |
111 | - | |
112 | -#define S4(x0, x1, x2, x3, x4) ({ \ | |
113 | - x4 = x3; \ | |
114 | - x3 &= x0; x0 ^= x4; \ | |
115 | - x3 ^= x2; x2 |= x4; x0 ^= x1; \ | |
116 | - x4 ^= x3; x2 |= x0; \ | |
117 | - x2 ^= x1; x1 &= x0; \ | |
118 | - x1 ^= x4; x4 &= x2; x2 ^= x3; \ | |
119 | - x4 ^= x0; x3 |= x1; x1 = ~x1; \ | |
120 | - x3 ^= x0; \ | |
121 | - }) | |
122 | - | |
123 | -#define S5(x0, x1, x2, x3, x4) ({ \ | |
124 | - x4 = x1; x1 |= x0; \ | |
125 | - x2 ^= x1; x3 = ~x3; x4 ^= x0; \ | |
126 | - x0 ^= x2; x1 &= x4; x4 |= x3; \ | |
127 | - x4 ^= x0; x0 &= x3; x1 ^= x3; \ | |
128 | - x3 ^= x2; x0 ^= x1; x2 &= x4; \ | |
129 | - x1 ^= x2; x2 &= x0; \ | |
130 | - x3 ^= x2; \ | |
131 | - }) | |
132 | - | |
133 | -#define S6(x0, x1, x2, x3, x4) ({ \ | |
134 | - x4 = x1; \ | |
135 | - x3 ^= x0; x1 ^= x2; x2 ^= x0; \ | |
136 | - x0 &= x3; x1 |= x3; x4 = ~x4; \ | |
137 | - x0 ^= x1; x1 ^= x2; \ | |
138 | - x3 ^= x4; x4 ^= x0; x2 &= x0; \ | |
139 | - x4 ^= x1; x2 ^= x3; x3 &= x1; \ | |
140 | - x3 ^= x0; x1 ^= x2; \ | |
141 | - }) | |
142 | - | |
143 | -#define S7(x0, x1, x2, x3, x4) ({ \ | |
144 | - x1 = ~x1; \ | |
145 | - x4 = x1; x0 = ~x0; x1 &= x2; \ | |
146 | - x1 ^= x3; x3 |= x4; x4 ^= x2; \ | |
147 | - x2 ^= x3; x3 ^= x0; x0 |= x1; \ | |
148 | - x2 &= x0; x0 ^= x4; x4 ^= x3; \ | |
149 | - x3 &= x0; x4 ^= x1; \ | |
150 | - x2 ^= x4; x3 ^= x1; x4 |= x0; \ | |
151 | - x4 ^= x1; \ | |
152 | - }) | |
153 | - | |
154 | -#define SI0(x0, x1, x2, x3, x4) ({ \ | |
155 | - x4 = x3; x1 ^= x0; \ | |
156 | - x3 |= x1; x4 ^= x1; x0 = ~x0; \ | |
157 | - x2 ^= x3; x3 ^= x0; x0 &= x1; \ | |
158 | - x0 ^= x2; x2 &= x3; x3 ^= x4; \ | |
159 | - x2 ^= x3; x1 ^= x3; x3 &= x0; \ | |
160 | - x1 ^= x0; x0 ^= x2; x4 ^= x3; \ | |
161 | - }) | |
162 | - | |
163 | -#define SI1(x0, x1, x2, x3, x4) ({ \ | |
164 | - x1 ^= x3; x4 = x0; \ | |
165 | - x0 ^= x2; x2 = ~x2; x4 |= x1; \ | |
166 | - x4 ^= x3; x3 &= x1; x1 ^= x2; \ | |
167 | - x2 &= x4; x4 ^= x1; x1 |= x3; \ | |
168 | - x3 ^= x0; x2 ^= x0; x0 |= x4; \ | |
169 | - x2 ^= x4; x1 ^= x0; \ | |
170 | - x4 ^= x1; \ | |
171 | - }) | |
172 | - | |
173 | -#define SI2(x0, x1, x2, x3, x4) ({ \ | |
174 | - x2 ^= x1; x4 = x3; x3 = ~x3; \ | |
175 | - x3 |= x2; x2 ^= x4; x4 ^= x0; \ | |
176 | - x3 ^= x1; x1 |= x2; x2 ^= x0; \ | |
177 | - x1 ^= x4; x4 |= x3; x2 ^= x3; \ | |
178 | - x4 ^= x2; x2 &= x1; \ | |
179 | - x2 ^= x3; x3 ^= x4; x4 ^= x0; \ | |
180 | - }) | |
181 | - | |
182 | -#define SI3(x0, x1, x2, x3, x4) ({ \ | |
183 | - x2 ^= x1; \ | |
184 | - x4 = x1; x1 &= x2; \ | |
185 | - x1 ^= x0; x0 |= x4; x4 ^= x3; \ | |
186 | - x0 ^= x3; x3 |= x1; x1 ^= x2; \ | |
187 | - x1 ^= x3; x0 ^= x2; x2 ^= x3; \ | |
188 | - x3 &= x1; x1 ^= x0; x0 &= x2; \ | |
189 | - x4 ^= x3; x3 ^= x0; x0 ^= x1; \ | |
190 | - }) | |
191 | - | |
192 | -#define SI4(x0, x1, x2, x3, x4) ({ \ | |
193 | - x2 ^= x3; x4 = x0; x0 &= x1; \ | |
194 | - x0 ^= x2; x2 |= x3; x4 = ~x4; \ | |
195 | - x1 ^= x0; x0 ^= x2; x2 &= x4; \ | |
196 | - x2 ^= x0; x0 |= x4; \ | |
197 | - x0 ^= x3; x3 &= x2; \ | |
198 | - x4 ^= x3; x3 ^= x1; x1 &= x0; \ | |
199 | - x4 ^= x1; x0 ^= x3; \ | |
200 | - }) | |
201 | - | |
202 | -#define SI5(x0, x1, x2, x3, x4) ({ \ | |
203 | - x4 = x1; x1 |= x2; \ | |
204 | - x2 ^= x4; x1 ^= x3; x3 &= x4; \ | |
205 | - x2 ^= x3; x3 |= x0; x0 = ~x0; \ | |
206 | - x3 ^= x2; x2 |= x0; x4 ^= x1; \ | |
207 | - x2 ^= x4; x4 &= x0; x0 ^= x1; \ | |
208 | - x1 ^= x3; x0 &= x2; x2 ^= x3; \ | |
209 | - x0 ^= x2; x2 ^= x4; x4 ^= x3; \ | |
210 | - }) | |
211 | - | |
212 | -#define SI6(x0, x1, x2, x3, x4) ({ \ | |
213 | - x0 ^= x2; \ | |
214 | - x4 = x0; x0 &= x3; x2 ^= x3; \ | |
215 | - x0 ^= x2; x3 ^= x1; x2 |= x4; \ | |
216 | - x2 ^= x3; x3 &= x0; x0 = ~x0; \ | |
217 | - x3 ^= x1; x1 &= x2; x4 ^= x0; \ | |
218 | - x3 ^= x4; x4 ^= x2; x0 ^= x1; \ | |
219 | - x2 ^= x0; \ | |
220 | - }) | |
221 | - | |
222 | -#define SI7(x0, x1, x2, x3, x4) ({ \ | |
223 | - x4 = x3; x3 &= x0; x0 ^= x2; \ | |
224 | - x2 |= x4; x4 ^= x1; x0 = ~x0; \ | |
225 | - x1 |= x3; x4 ^= x0; x0 &= x2; \ | |
226 | - x0 ^= x1; x1 &= x2; x3 ^= x2; \ | |
227 | - x4 ^= x3; x2 &= x3; x3 |= x0; \ | |
228 | - x1 ^= x4; x3 ^= x4; x4 &= x0; \ | |
229 | - x4 ^= x2; \ | |
230 | - }) | |
231 | - | |
232 | -int __serpent_setkey(struct serpent_ctx *ctx, const u8 *key, | |
233 | - unsigned int keylen) | |
234 | -{ | |
235 | - u32 *k = ctx->expkey; | |
236 | - u8 *k8 = (u8 *)k; | |
237 | - u32 r0, r1, r2, r3, r4; | |
238 | - int i; | |
239 | - | |
240 | - /* Copy key, add padding */ | |
241 | - | |
242 | - for (i = 0; i < keylen; ++i) | |
243 | - k8[i] = key[i]; | |
244 | - if (i < SERPENT_MAX_KEY_SIZE) | |
245 | - k8[i++] = 1; | |
246 | - while (i < SERPENT_MAX_KEY_SIZE) | |
247 | - k8[i++] = 0; | |
248 | - | |
249 | - /* Expand key using polynomial */ | |
250 | - | |
251 | - r0 = le32_to_cpu(k[3]); | |
252 | - r1 = le32_to_cpu(k[4]); | |
253 | - r2 = le32_to_cpu(k[5]); | |
254 | - r3 = le32_to_cpu(k[6]); | |
255 | - r4 = le32_to_cpu(k[7]); | |
256 | - | |
257 | - keyiter(le32_to_cpu(k[0]), r0, r4, r2, 0, 0); | |
258 | - keyiter(le32_to_cpu(k[1]), r1, r0, r3, 1, 1); | |
259 | - keyiter(le32_to_cpu(k[2]), r2, r1, r4, 2, 2); | |
260 | - keyiter(le32_to_cpu(k[3]), r3, r2, r0, 3, 3); | |
261 | - keyiter(le32_to_cpu(k[4]), r4, r3, r1, 4, 4); | |
262 | - keyiter(le32_to_cpu(k[5]), r0, r4, r2, 5, 5); | |
263 | - keyiter(le32_to_cpu(k[6]), r1, r0, r3, 6, 6); | |
264 | - keyiter(le32_to_cpu(k[7]), r2, r1, r4, 7, 7); | |
265 | - | |
266 | - keyiter(k[0], r3, r2, r0, 8, 8); | |
267 | - keyiter(k[1], r4, r3, r1, 9, 9); | |
268 | - keyiter(k[2], r0, r4, r2, 10, 10); | |
269 | - keyiter(k[3], r1, r0, r3, 11, 11); | |
270 | - keyiter(k[4], r2, r1, r4, 12, 12); | |
271 | - keyiter(k[5], r3, r2, r0, 13, 13); | |
272 | - keyiter(k[6], r4, r3, r1, 14, 14); | |
273 | - keyiter(k[7], r0, r4, r2, 15, 15); | |
274 | - keyiter(k[8], r1, r0, r3, 16, 16); | |
275 | - keyiter(k[9], r2, r1, r4, 17, 17); | |
276 | - keyiter(k[10], r3, r2, r0, 18, 18); | |
277 | - keyiter(k[11], r4, r3, r1, 19, 19); | |
278 | - keyiter(k[12], r0, r4, r2, 20, 20); | |
279 | - keyiter(k[13], r1, r0, r3, 21, 21); | |
280 | - keyiter(k[14], r2, r1, r4, 22, 22); | |
281 | - keyiter(k[15], r3, r2, r0, 23, 23); | |
282 | - keyiter(k[16], r4, r3, r1, 24, 24); | |
283 | - keyiter(k[17], r0, r4, r2, 25, 25); | |
284 | - keyiter(k[18], r1, r0, r3, 26, 26); | |
285 | - keyiter(k[19], r2, r1, r4, 27, 27); | |
286 | - keyiter(k[20], r3, r2, r0, 28, 28); | |
287 | - keyiter(k[21], r4, r3, r1, 29, 29); | |
288 | - keyiter(k[22], r0, r4, r2, 30, 30); | |
289 | - keyiter(k[23], r1, r0, r3, 31, 31); | |
290 | - | |
291 | - k += 50; | |
292 | - | |
293 | - keyiter(k[-26], r2, r1, r4, 32, -18); | |
294 | - keyiter(k[-25], r3, r2, r0, 33, -17); | |
295 | - keyiter(k[-24], r4, r3, r1, 34, -16); | |
296 | - keyiter(k[-23], r0, r4, r2, 35, -15); | |
297 | - keyiter(k[-22], r1, r0, r3, 36, -14); | |
298 | - keyiter(k[-21], r2, r1, r4, 37, -13); | |
299 | - keyiter(k[-20], r3, r2, r0, 38, -12); | |
300 | - keyiter(k[-19], r4, r3, r1, 39, -11); | |
301 | - keyiter(k[-18], r0, r4, r2, 40, -10); | |
302 | - keyiter(k[-17], r1, r0, r3, 41, -9); | |
303 | - keyiter(k[-16], r2, r1, r4, 42, -8); | |
304 | - keyiter(k[-15], r3, r2, r0, 43, -7); | |
305 | - keyiter(k[-14], r4, r3, r1, 44, -6); | |
306 | - keyiter(k[-13], r0, r4, r2, 45, -5); | |
307 | - keyiter(k[-12], r1, r0, r3, 46, -4); | |
308 | - keyiter(k[-11], r2, r1, r4, 47, -3); | |
309 | - keyiter(k[-10], r3, r2, r0, 48, -2); | |
310 | - keyiter(k[-9], r4, r3, r1, 49, -1); | |
311 | - keyiter(k[-8], r0, r4, r2, 50, 0); | |
312 | - keyiter(k[-7], r1, r0, r3, 51, 1); | |
313 | - keyiter(k[-6], r2, r1, r4, 52, 2); | |
314 | - keyiter(k[-5], r3, r2, r0, 53, 3); | |
315 | - keyiter(k[-4], r4, r3, r1, 54, 4); | |
316 | - keyiter(k[-3], r0, r4, r2, 55, 5); | |
317 | - keyiter(k[-2], r1, r0, r3, 56, 6); | |
318 | - keyiter(k[-1], r2, r1, r4, 57, 7); | |
319 | - keyiter(k[0], r3, r2, r0, 58, 8); | |
320 | - keyiter(k[1], r4, r3, r1, 59, 9); | |
321 | - keyiter(k[2], r0, r4, r2, 60, 10); | |
322 | - keyiter(k[3], r1, r0, r3, 61, 11); | |
323 | - keyiter(k[4], r2, r1, r4, 62, 12); | |
324 | - keyiter(k[5], r3, r2, r0, 63, 13); | |
325 | - keyiter(k[6], r4, r3, r1, 64, 14); | |
326 | - keyiter(k[7], r0, r4, r2, 65, 15); | |
327 | - keyiter(k[8], r1, r0, r3, 66, 16); | |
328 | - keyiter(k[9], r2, r1, r4, 67, 17); | |
329 | - keyiter(k[10], r3, r2, r0, 68, 18); | |
330 | - keyiter(k[11], r4, r3, r1, 69, 19); | |
331 | - keyiter(k[12], r0, r4, r2, 70, 20); | |
332 | - keyiter(k[13], r1, r0, r3, 71, 21); | |
333 | - keyiter(k[14], r2, r1, r4, 72, 22); | |
334 | - keyiter(k[15], r3, r2, r0, 73, 23); | |
335 | - keyiter(k[16], r4, r3, r1, 74, 24); | |
336 | - keyiter(k[17], r0, r4, r2, 75, 25); | |
337 | - keyiter(k[18], r1, r0, r3, 76, 26); | |
338 | - keyiter(k[19], r2, r1, r4, 77, 27); | |
339 | - keyiter(k[20], r3, r2, r0, 78, 28); | |
340 | - keyiter(k[21], r4, r3, r1, 79, 29); | |
341 | - keyiter(k[22], r0, r4, r2, 80, 30); | |
342 | - keyiter(k[23], r1, r0, r3, 81, 31); | |
343 | - | |
344 | - k += 50; | |
345 | - | |
346 | - keyiter(k[-26], r2, r1, r4, 82, -18); | |
347 | - keyiter(k[-25], r3, r2, r0, 83, -17); | |
348 | - keyiter(k[-24], r4, r3, r1, 84, -16); | |
349 | - keyiter(k[-23], r0, r4, r2, 85, -15); | |
350 | - keyiter(k[-22], r1, r0, r3, 86, -14); | |
351 | - keyiter(k[-21], r2, r1, r4, 87, -13); | |
352 | - keyiter(k[-20], r3, r2, r0, 88, -12); | |
353 | - keyiter(k[-19], r4, r3, r1, 89, -11); | |
354 | - keyiter(k[-18], r0, r4, r2, 90, -10); | |
355 | - keyiter(k[-17], r1, r0, r3, 91, -9); | |
356 | - keyiter(k[-16], r2, r1, r4, 92, -8); | |
357 | - keyiter(k[-15], r3, r2, r0, 93, -7); | |
358 | - keyiter(k[-14], r4, r3, r1, 94, -6); | |
359 | - keyiter(k[-13], r0, r4, r2, 95, -5); | |
360 | - keyiter(k[-12], r1, r0, r3, 96, -4); | |
361 | - keyiter(k[-11], r2, r1, r4, 97, -3); | |
362 | - keyiter(k[-10], r3, r2, r0, 98, -2); | |
363 | - keyiter(k[-9], r4, r3, r1, 99, -1); | |
364 | - keyiter(k[-8], r0, r4, r2, 100, 0); | |
365 | - keyiter(k[-7], r1, r0, r3, 101, 1); | |
366 | - keyiter(k[-6], r2, r1, r4, 102, 2); | |
367 | - keyiter(k[-5], r3, r2, r0, 103, 3); | |
368 | - keyiter(k[-4], r4, r3, r1, 104, 4); | |
369 | - keyiter(k[-3], r0, r4, r2, 105, 5); | |
370 | - keyiter(k[-2], r1, r0, r3, 106, 6); | |
371 | - keyiter(k[-1], r2, r1, r4, 107, 7); | |
372 | - keyiter(k[0], r3, r2, r0, 108, 8); | |
373 | - keyiter(k[1], r4, r3, r1, 109, 9); | |
374 | - keyiter(k[2], r0, r4, r2, 110, 10); | |
375 | - keyiter(k[3], r1, r0, r3, 111, 11); | |
376 | - keyiter(k[4], r2, r1, r4, 112, 12); | |
377 | - keyiter(k[5], r3, r2, r0, 113, 13); | |
378 | - keyiter(k[6], r4, r3, r1, 114, 14); | |
379 | - keyiter(k[7], r0, r4, r2, 115, 15); | |
380 | - keyiter(k[8], r1, r0, r3, 116, 16); | |
381 | - keyiter(k[9], r2, r1, r4, 117, 17); | |
382 | - keyiter(k[10], r3, r2, r0, 118, 18); | |
383 | - keyiter(k[11], r4, r3, r1, 119, 19); | |
384 | - keyiter(k[12], r0, r4, r2, 120, 20); | |
385 | - keyiter(k[13], r1, r0, r3, 121, 21); | |
386 | - keyiter(k[14], r2, r1, r4, 122, 22); | |
387 | - keyiter(k[15], r3, r2, r0, 123, 23); | |
388 | - keyiter(k[16], r4, r3, r1, 124, 24); | |
389 | - keyiter(k[17], r0, r4, r2, 125, 25); | |
390 | - keyiter(k[18], r1, r0, r3, 126, 26); | |
391 | - keyiter(k[19], r2, r1, r4, 127, 27); | |
392 | - keyiter(k[20], r3, r2, r0, 128, 28); | |
393 | - keyiter(k[21], r4, r3, r1, 129, 29); | |
394 | - keyiter(k[22], r0, r4, r2, 130, 30); | |
395 | - keyiter(k[23], r1, r0, r3, 131, 31); | |
396 | - | |
397 | - /* Apply S-boxes */ | |
398 | - | |
399 | - S3(r3, r4, r0, r1, r2); store_and_load_keys(r1, r2, r4, r3, 28, 24); | |
400 | - S4(r1, r2, r4, r3, r0); store_and_load_keys(r2, r4, r3, r0, 24, 20); | |
401 | - S5(r2, r4, r3, r0, r1); store_and_load_keys(r1, r2, r4, r0, 20, 16); | |
402 | - S6(r1, r2, r4, r0, r3); store_and_load_keys(r4, r3, r2, r0, 16, 12); | |
403 | - S7(r4, r3, r2, r0, r1); store_and_load_keys(r1, r2, r0, r4, 12, 8); | |
404 | - S0(r1, r2, r0, r4, r3); store_and_load_keys(r0, r2, r4, r1, 8, 4); | |
405 | - S1(r0, r2, r4, r1, r3); store_and_load_keys(r3, r4, r1, r0, 4, 0); | |
406 | - S2(r3, r4, r1, r0, r2); store_and_load_keys(r2, r4, r3, r0, 0, -4); | |
407 | - S3(r2, r4, r3, r0, r1); store_and_load_keys(r0, r1, r4, r2, -4, -8); | |
408 | - S4(r0, r1, r4, r2, r3); store_and_load_keys(r1, r4, r2, r3, -8, -12); | |
409 | - S5(r1, r4, r2, r3, r0); store_and_load_keys(r0, r1, r4, r3, -12, -16); | |
410 | - S6(r0, r1, r4, r3, r2); store_and_load_keys(r4, r2, r1, r3, -16, -20); | |
411 | - S7(r4, r2, r1, r3, r0); store_and_load_keys(r0, r1, r3, r4, -20, -24); | |
412 | - S0(r0, r1, r3, r4, r2); store_and_load_keys(r3, r1, r4, r0, -24, -28); | |
413 | - k -= 50; | |
414 | - S1(r3, r1, r4, r0, r2); store_and_load_keys(r2, r4, r0, r3, 22, 18); | |
415 | - S2(r2, r4, r0, r3, r1); store_and_load_keys(r1, r4, r2, r3, 18, 14); | |
416 | - S3(r1, r4, r2, r3, r0); store_and_load_keys(r3, r0, r4, r1, 14, 10); | |
417 | - S4(r3, r0, r4, r1, r2); store_and_load_keys(r0, r4, r1, r2, 10, 6); | |
418 | - S5(r0, r4, r1, r2, r3); store_and_load_keys(r3, r0, r4, r2, 6, 2); | |
419 | - S6(r3, r0, r4, r2, r1); store_and_load_keys(r4, r1, r0, r2, 2, -2); | |
420 | - S7(r4, r1, r0, r2, r3); store_and_load_keys(r3, r0, r2, r4, -2, -6); | |
421 | - S0(r3, r0, r2, r4, r1); store_and_load_keys(r2, r0, r4, r3, -6, -10); | |
422 | - S1(r2, r0, r4, r3, r1); store_and_load_keys(r1, r4, r3, r2, -10, -14); | |
423 | - S2(r1, r4, r3, r2, r0); store_and_load_keys(r0, r4, r1, r2, -14, -18); | |
424 | - S3(r0, r4, r1, r2, r3); store_and_load_keys(r2, r3, r4, r0, -18, -22); | |
425 | - k -= 50; | |
426 | - S4(r2, r3, r4, r0, r1); store_and_load_keys(r3, r4, r0, r1, 28, 24); | |
427 | - S5(r3, r4, r0, r1, r2); store_and_load_keys(r2, r3, r4, r1, 24, 20); | |
428 | - S6(r2, r3, r4, r1, r0); store_and_load_keys(r4, r0, r3, r1, 20, 16); | |
429 | - S7(r4, r0, r3, r1, r2); store_and_load_keys(r2, r3, r1, r4, 16, 12); | |
430 | - S0(r2, r3, r1, r4, r0); store_and_load_keys(r1, r3, r4, r2, 12, 8); | |
431 | - S1(r1, r3, r4, r2, r0); store_and_load_keys(r0, r4, r2, r1, 8, 4); | |
432 | - S2(r0, r4, r2, r1, r3); store_and_load_keys(r3, r4, r0, r1, 4, 0); | |
433 | - S3(r3, r4, r0, r1, r2); storekeys(r1, r2, r4, r3, 0); | |
434 | - | |
435 | - return 0; | |
436 | -} | |
437 | -EXPORT_SYMBOL_GPL(__serpent_setkey); | |
438 | - | |
439 | -int serpent_setkey(struct crypto_tfm *tfm, const u8 *key, unsigned int keylen) | |
440 | -{ | |
441 | - return __serpent_setkey(crypto_tfm_ctx(tfm), key, keylen); | |
442 | -} | |
443 | -EXPORT_SYMBOL_GPL(serpent_setkey); | |
444 | - | |
445 | -void __serpent_encrypt(struct serpent_ctx *ctx, u8 *dst, const u8 *src) | |
446 | -{ | |
447 | - const u32 *k = ctx->expkey; | |
448 | - const __le32 *s = (const __le32 *)src; | |
449 | - __le32 *d = (__le32 *)dst; | |
450 | - u32 r0, r1, r2, r3, r4; | |
451 | - | |
452 | -/* | |
453 | - * Note: The conversions between u8* and u32* might cause trouble | |
454 | - * on architectures with stricter alignment rules than x86 | |
455 | - */ | |
456 | - | |
457 | - r0 = le32_to_cpu(s[0]); | |
458 | - r1 = le32_to_cpu(s[1]); | |
459 | - r2 = le32_to_cpu(s[2]); | |
460 | - r3 = le32_to_cpu(s[3]); | |
461 | - | |
462 | - K(r0, r1, r2, r3, 0); | |
463 | - S0(r0, r1, r2, r3, r4); LK(r2, r1, r3, r0, r4, 1); | |
464 | - S1(r2, r1, r3, r0, r4); LK(r4, r3, r0, r2, r1, 2); | |
465 | - S2(r4, r3, r0, r2, r1); LK(r1, r3, r4, r2, r0, 3); | |
466 | - S3(r1, r3, r4, r2, r0); LK(r2, r0, r3, r1, r4, 4); | |
467 | - S4(r2, r0, r3, r1, r4); LK(r0, r3, r1, r4, r2, 5); | |
468 | - S5(r0, r3, r1, r4, r2); LK(r2, r0, r3, r4, r1, 6); | |
469 | - S6(r2, r0, r3, r4, r1); LK(r3, r1, r0, r4, r2, 7); | |
470 | - S7(r3, r1, r0, r4, r2); LK(r2, r0, r4, r3, r1, 8); | |
471 | - S0(r2, r0, r4, r3, r1); LK(r4, r0, r3, r2, r1, 9); | |
472 | - S1(r4, r0, r3, r2, r1); LK(r1, r3, r2, r4, r0, 10); | |
473 | - S2(r1, r3, r2, r4, r0); LK(r0, r3, r1, r4, r2, 11); | |
474 | - S3(r0, r3, r1, r4, r2); LK(r4, r2, r3, r0, r1, 12); | |
475 | - S4(r4, r2, r3, r0, r1); LK(r2, r3, r0, r1, r4, 13); | |
476 | - S5(r2, r3, r0, r1, r4); LK(r4, r2, r3, r1, r0, 14); | |
477 | - S6(r4, r2, r3, r1, r0); LK(r3, r0, r2, r1, r4, 15); | |
478 | - S7(r3, r0, r2, r1, r4); LK(r4, r2, r1, r3, r0, 16); | |
479 | - S0(r4, r2, r1, r3, r0); LK(r1, r2, r3, r4, r0, 17); | |
480 | - S1(r1, r2, r3, r4, r0); LK(r0, r3, r4, r1, r2, 18); | |
481 | - S2(r0, r3, r4, r1, r2); LK(r2, r3, r0, r1, r4, 19); | |
482 | - S3(r2, r3, r0, r1, r4); LK(r1, r4, r3, r2, r0, 20); | |
483 | - S4(r1, r4, r3, r2, r0); LK(r4, r3, r2, r0, r1, 21); | |
484 | - S5(r4, r3, r2, r0, r1); LK(r1, r4, r3, r0, r2, 22); | |
485 | - S6(r1, r4, r3, r0, r2); LK(r3, r2, r4, r0, r1, 23); | |
486 | - S7(r3, r2, r4, r0, r1); LK(r1, r4, r0, r3, r2, 24); | |
487 | - S0(r1, r4, r0, r3, r2); LK(r0, r4, r3, r1, r2, 25); | |
488 | - S1(r0, r4, r3, r1, r2); LK(r2, r3, r1, r0, r4, 26); | |
489 | - S2(r2, r3, r1, r0, r4); LK(r4, r3, r2, r0, r1, 27); | |
490 | - S3(r4, r3, r2, r0, r1); LK(r0, r1, r3, r4, r2, 28); | |
491 | - S4(r0, r1, r3, r4, r2); LK(r1, r3, r4, r2, r0, 29); | |
492 | - S5(r1, r3, r4, r2, r0); LK(r0, r1, r3, r2, r4, 30); | |
493 | - S6(r0, r1, r3, r2, r4); LK(r3, r4, r1, r2, r0, 31); | |
494 | - S7(r3, r4, r1, r2, r0); K(r0, r1, r2, r3, 32); | |
495 | - | |
496 | - d[0] = cpu_to_le32(r0); | |
497 | - d[1] = cpu_to_le32(r1); | |
498 | - d[2] = cpu_to_le32(r2); | |
499 | - d[3] = cpu_to_le32(r3); | |
500 | -} | |
501 | -EXPORT_SYMBOL_GPL(__serpent_encrypt); | |
502 | - | |
503 | -static void serpent_encrypt(struct crypto_tfm *tfm, u8 *dst, const u8 *src) | |
504 | -{ | |
505 | - struct serpent_ctx *ctx = crypto_tfm_ctx(tfm); | |
506 | - | |
507 | - __serpent_encrypt(ctx, dst, src); | |
508 | -} | |
509 | - | |
510 | -void __serpent_decrypt(struct serpent_ctx *ctx, u8 *dst, const u8 *src) | |
511 | -{ | |
512 | - const u32 *k = ctx->expkey; | |
513 | - const __le32 *s = (const __le32 *)src; | |
514 | - __le32 *d = (__le32 *)dst; | |
515 | - u32 r0, r1, r2, r3, r4; | |
516 | - | |
517 | - r0 = le32_to_cpu(s[0]); | |
518 | - r1 = le32_to_cpu(s[1]); | |
519 | - r2 = le32_to_cpu(s[2]); | |
520 | - r3 = le32_to_cpu(s[3]); | |
521 | - | |
522 | - K(r0, r1, r2, r3, 32); | |
523 | - SI7(r0, r1, r2, r3, r4); KL(r1, r3, r0, r4, r2, 31); | |
524 | - SI6(r1, r3, r0, r4, r2); KL(r0, r2, r4, r1, r3, 30); | |
525 | - SI5(r0, r2, r4, r1, r3); KL(r2, r3, r0, r4, r1, 29); | |
526 | - SI4(r2, r3, r0, r4, r1); KL(r2, r0, r1, r4, r3, 28); | |
527 | - SI3(r2, r0, r1, r4, r3); KL(r1, r2, r3, r4, r0, 27); | |
528 | - SI2(r1, r2, r3, r4, r0); KL(r2, r0, r4, r3, r1, 26); | |
529 | - SI1(r2, r0, r4, r3, r1); KL(r1, r0, r4, r3, r2, 25); | |
530 | - SI0(r1, r0, r4, r3, r2); KL(r4, r2, r0, r1, r3, 24); | |
531 | - SI7(r4, r2, r0, r1, r3); KL(r2, r1, r4, r3, r0, 23); | |
532 | - SI6(r2, r1, r4, r3, r0); KL(r4, r0, r3, r2, r1, 22); | |
533 | - SI5(r4, r0, r3, r2, r1); KL(r0, r1, r4, r3, r2, 21); | |
534 | - SI4(r0, r1, r4, r3, r2); KL(r0, r4, r2, r3, r1, 20); | |
535 | - SI3(r0, r4, r2, r3, r1); KL(r2, r0, r1, r3, r4, 19); | |
536 | - SI2(r2, r0, r1, r3, r4); KL(r0, r4, r3, r1, r2, 18); | |
537 | - SI1(r0, r4, r3, r1, r2); KL(r2, r4, r3, r1, r0, 17); | |
538 | - SI0(r2, r4, r3, r1, r0); KL(r3, r0, r4, r2, r1, 16); | |
539 | - SI7(r3, r0, r4, r2, r1); KL(r0, r2, r3, r1, r4, 15); | |
540 | - SI6(r0, r2, r3, r1, r4); KL(r3, r4, r1, r0, r2, 14); | |
541 | - SI5(r3, r4, r1, r0, r2); KL(r4, r2, r3, r1, r0, 13); | |
542 | - SI4(r4, r2, r3, r1, r0); KL(r4, r3, r0, r1, r2, 12); | |
543 | - SI3(r4, r3, r0, r1, r2); KL(r0, r4, r2, r1, r3, 11); | |
544 | - SI2(r0, r4, r2, r1, r3); KL(r4, r3, r1, r2, r0, 10); | |
545 | - SI1(r4, r3, r1, r2, r0); KL(r0, r3, r1, r2, r4, 9); | |
546 | - SI0(r0, r3, r1, r2, r4); KL(r1, r4, r3, r0, r2, 8); | |
547 | - SI7(r1, r4, r3, r0, r2); KL(r4, r0, r1, r2, r3, 7); | |
548 | - SI6(r4, r0, r1, r2, r3); KL(r1, r3, r2, r4, r0, 6); | |
549 | - SI5(r1, r3, r2, r4, r0); KL(r3, r0, r1, r2, r4, 5); | |
550 | - SI4(r3, r0, r1, r2, r4); KL(r3, r1, r4, r2, r0, 4); | |
551 | - SI3(r3, r1, r4, r2, r0); KL(r4, r3, r0, r2, r1, 3); | |
552 | - SI2(r4, r3, r0, r2, r1); KL(r3, r1, r2, r0, r4, 2); | |
553 | - SI1(r3, r1, r2, r0, r4); KL(r4, r1, r2, r0, r3, 1); | |
554 | - SI0(r4, r1, r2, r0, r3); K(r2, r3, r1, r4, 0); | |
555 | - | |
556 | - d[0] = cpu_to_le32(r2); | |
557 | - d[1] = cpu_to_le32(r3); | |
558 | - d[2] = cpu_to_le32(r1); | |
559 | - d[3] = cpu_to_le32(r4); | |
560 | -} | |
561 | -EXPORT_SYMBOL_GPL(__serpent_decrypt); | |
562 | - | |
563 | -static void serpent_decrypt(struct crypto_tfm *tfm, u8 *dst, const u8 *src) | |
564 | -{ | |
565 | - struct serpent_ctx *ctx = crypto_tfm_ctx(tfm); | |
566 | - | |
567 | - __serpent_decrypt(ctx, dst, src); | |
568 | -} | |
569 | - | |
570 | -static struct crypto_alg serpent_alg = { | |
571 | - .cra_name = "serpent", | |
572 | - .cra_driver_name = "serpent-generic", | |
573 | - .cra_priority = 100, | |
574 | - .cra_flags = CRYPTO_ALG_TYPE_CIPHER, | |
575 | - .cra_blocksize = SERPENT_BLOCK_SIZE, | |
576 | - .cra_ctxsize = sizeof(struct serpent_ctx), | |
577 | - .cra_alignmask = 3, | |
578 | - .cra_module = THIS_MODULE, | |
579 | - .cra_list = LIST_HEAD_INIT(serpent_alg.cra_list), | |
580 | - .cra_u = { .cipher = { | |
581 | - .cia_min_keysize = SERPENT_MIN_KEY_SIZE, | |
582 | - .cia_max_keysize = SERPENT_MAX_KEY_SIZE, | |
583 | - .cia_setkey = serpent_setkey, | |
584 | - .cia_encrypt = serpent_encrypt, | |
585 | - .cia_decrypt = serpent_decrypt } } | |
586 | -}; | |
587 | - | |
588 | -static int tnepres_setkey(struct crypto_tfm *tfm, const u8 *key, | |
589 | - unsigned int keylen) | |
590 | -{ | |
591 | - u8 rev_key[SERPENT_MAX_KEY_SIZE]; | |
592 | - int i; | |
593 | - | |
594 | - for (i = 0; i < keylen; ++i) | |
595 | - rev_key[keylen - i - 1] = key[i]; | |
596 | - | |
597 | - return serpent_setkey(tfm, rev_key, keylen); | |
598 | -} | |
599 | - | |
600 | -static void tnepres_encrypt(struct crypto_tfm *tfm, u8 *dst, const u8 *src) | |
601 | -{ | |
602 | - const u32 * const s = (const u32 * const)src; | |
603 | - u32 * const d = (u32 * const)dst; | |
604 | - | |
605 | - u32 rs[4], rd[4]; | |
606 | - | |
607 | - rs[0] = swab32(s[3]); | |
608 | - rs[1] = swab32(s[2]); | |
609 | - rs[2] = swab32(s[1]); | |
610 | - rs[3] = swab32(s[0]); | |
611 | - | |
612 | - serpent_encrypt(tfm, (u8 *)rd, (u8 *)rs); | |
613 | - | |
614 | - d[0] = swab32(rd[3]); | |
615 | - d[1] = swab32(rd[2]); | |
616 | - d[2] = swab32(rd[1]); | |
617 | - d[3] = swab32(rd[0]); | |
618 | -} | |
619 | - | |
620 | -static void tnepres_decrypt(struct crypto_tfm *tfm, u8 *dst, const u8 *src) | |
621 | -{ | |
622 | - const u32 * const s = (const u32 * const)src; | |
623 | - u32 * const d = (u32 * const)dst; | |
624 | - | |
625 | - u32 rs[4], rd[4]; | |
626 | - | |
627 | - rs[0] = swab32(s[3]); | |
628 | - rs[1] = swab32(s[2]); | |
629 | - rs[2] = swab32(s[1]); | |
630 | - rs[3] = swab32(s[0]); | |
631 | - | |
632 | - serpent_decrypt(tfm, (u8 *)rd, (u8 *)rs); | |
633 | - | |
634 | - d[0] = swab32(rd[3]); | |
635 | - d[1] = swab32(rd[2]); | |
636 | - d[2] = swab32(rd[1]); | |
637 | - d[3] = swab32(rd[0]); | |
638 | -} | |
639 | - | |
640 | -static struct crypto_alg tnepres_alg = { | |
641 | - .cra_name = "tnepres", | |
642 | - .cra_flags = CRYPTO_ALG_TYPE_CIPHER, | |
643 | - .cra_blocksize = SERPENT_BLOCK_SIZE, | |
644 | - .cra_ctxsize = sizeof(struct serpent_ctx), | |
645 | - .cra_alignmask = 3, | |
646 | - .cra_module = THIS_MODULE, | |
647 | - .cra_list = LIST_HEAD_INIT(serpent_alg.cra_list), | |
648 | - .cra_u = { .cipher = { | |
649 | - .cia_min_keysize = SERPENT_MIN_KEY_SIZE, | |
650 | - .cia_max_keysize = SERPENT_MAX_KEY_SIZE, | |
651 | - .cia_setkey = tnepres_setkey, | |
652 | - .cia_encrypt = tnepres_encrypt, | |
653 | - .cia_decrypt = tnepres_decrypt } } | |
654 | -}; | |
655 | - | |
656 | -static int __init serpent_mod_init(void) | |
657 | -{ | |
658 | - int ret = crypto_register_alg(&serpent_alg); | |
659 | - | |
660 | - if (ret) | |
661 | - return ret; | |
662 | - | |
663 | - ret = crypto_register_alg(&tnepres_alg); | |
664 | - | |
665 | - if (ret) | |
666 | - crypto_unregister_alg(&serpent_alg); | |
667 | - | |
668 | - return ret; | |
669 | -} | |
670 | - | |
671 | -static void __exit serpent_mod_fini(void) | |
672 | -{ | |
673 | - crypto_unregister_alg(&tnepres_alg); | |
674 | - crypto_unregister_alg(&serpent_alg); | |
675 | -} | |
676 | - | |
677 | -module_init(serpent_mod_init); | |
678 | -module_exit(serpent_mod_fini); | |
679 | - | |
680 | -MODULE_LICENSE("GPL"); | |
681 | -MODULE_DESCRIPTION("Serpent and tnepres (kerneli compatible serpent reversed) Cipher Algorithm"); | |
682 | -MODULE_AUTHOR("Dag Arne Osvik <osvik@ii.uib.no>"); | |
683 | -MODULE_ALIAS("tnepres"); | |
684 | -MODULE_ALIAS("serpent"); |
crypto/serpent_generic.c
1 | +/* | |
2 | + * Cryptographic API. | |
3 | + * | |
4 | + * Serpent Cipher Algorithm. | |
5 | + * | |
6 | + * Copyright (C) 2002 Dag Arne Osvik <osvik@ii.uib.no> | |
7 | + * 2003 Herbert Valerio Riedel <hvr@gnu.org> | |
8 | + * | |
9 | + * Added tnepres support: | |
10 | + * Ruben Jesus Garcia Hernandez <ruben@ugr.es>, 18.10.2004 | |
11 | + * Based on code by hvr | |
12 | + * | |
13 | + * This program is free software; you can redistribute it and/or modify | |
14 | + * it under the terms of the GNU General Public License as published by | |
15 | + * the Free Software Foundation; either version 2 of the License, or | |
16 | + * (at your option) any later version. | |
17 | + */ | |
18 | + | |
19 | +#include <linux/init.h> | |
20 | +#include <linux/module.h> | |
21 | +#include <linux/errno.h> | |
22 | +#include <asm/byteorder.h> | |
23 | +#include <linux/crypto.h> | |
24 | +#include <linux/types.h> | |
25 | +#include <crypto/serpent.h> | |
26 | + | |
27 | +/* Key is padded to the maximum of 256 bits before round key generation. | |
28 | + * Any key length <= 256 bits (32 bytes) is allowed by the algorithm. | |
29 | + */ | |
30 | + | |
31 | +#define PHI 0x9e3779b9UL | |
32 | + | |
33 | +#define keyiter(a, b, c, d, i, j) \ | |
34 | + ({ b ^= d; b ^= c; b ^= a; b ^= PHI ^ i; b = rol32(b, 11); k[j] = b; }) | |
35 | + | |
36 | +#define loadkeys(x0, x1, x2, x3, i) \ | |
37 | + ({ x0 = k[i]; x1 = k[i+1]; x2 = k[i+2]; x3 = k[i+3]; }) | |
38 | + | |
39 | +#define storekeys(x0, x1, x2, x3, i) \ | |
40 | + ({ k[i] = x0; k[i+1] = x1; k[i+2] = x2; k[i+3] = x3; }) | |
41 | + | |
42 | +#define store_and_load_keys(x0, x1, x2, x3, s, l) \ | |
43 | + ({ storekeys(x0, x1, x2, x3, s); loadkeys(x0, x1, x2, x3, l); }) | |
44 | + | |
45 | +#define K(x0, x1, x2, x3, i) ({ \ | |
46 | + x3 ^= k[4*(i)+3]; x2 ^= k[4*(i)+2]; \ | |
47 | + x1 ^= k[4*(i)+1]; x0 ^= k[4*(i)+0]; \ | |
48 | + }) | |
49 | + | |
50 | +#define LK(x0, x1, x2, x3, x4, i) ({ \ | |
51 | + x0 = rol32(x0, 13);\ | |
52 | + x2 = rol32(x2, 3); x1 ^= x0; x4 = x0 << 3; \ | |
53 | + x3 ^= x2; x1 ^= x2; \ | |
54 | + x1 = rol32(x1, 1); x3 ^= x4; \ | |
55 | + x3 = rol32(x3, 7); x4 = x1; \ | |
56 | + x0 ^= x1; x4 <<= 7; x2 ^= x3; \ | |
57 | + x0 ^= x3; x2 ^= x4; x3 ^= k[4*i+3]; \ | |
58 | + x1 ^= k[4*i+1]; x0 = rol32(x0, 5); x2 = rol32(x2, 22);\ | |
59 | + x0 ^= k[4*i+0]; x2 ^= k[4*i+2]; \ | |
60 | + }) | |
61 | + | |
62 | +#define KL(x0, x1, x2, x3, x4, i) ({ \ | |
63 | + x0 ^= k[4*i+0]; x1 ^= k[4*i+1]; x2 ^= k[4*i+2]; \ | |
64 | + x3 ^= k[4*i+3]; x0 = ror32(x0, 5); x2 = ror32(x2, 22);\ | |
65 | + x4 = x1; x2 ^= x3; x0 ^= x3; \ | |
66 | + x4 <<= 7; x0 ^= x1; x1 = ror32(x1, 1); \ | |
67 | + x2 ^= x4; x3 = ror32(x3, 7); x4 = x0 << 3; \ | |
68 | + x1 ^= x0; x3 ^= x4; x0 = ror32(x0, 13);\ | |
69 | + x1 ^= x2; x3 ^= x2; x2 = ror32(x2, 3); \ | |
70 | + }) | |
71 | + | |
72 | +#define S0(x0, x1, x2, x3, x4) ({ \ | |
73 | + x4 = x3; \ | |
74 | + x3 |= x0; x0 ^= x4; x4 ^= x2; \ | |
75 | + x4 = ~x4; x3 ^= x1; x1 &= x0; \ | |
76 | + x1 ^= x4; x2 ^= x0; x0 ^= x3; \ | |
77 | + x4 |= x0; x0 ^= x2; x2 &= x1; \ | |
78 | + x3 ^= x2; x1 = ~x1; x2 ^= x4; \ | |
79 | + x1 ^= x2; \ | |
80 | + }) | |
81 | + | |
82 | +#define S1(x0, x1, x2, x3, x4) ({ \ | |
83 | + x4 = x1; \ | |
84 | + x1 ^= x0; x0 ^= x3; x3 = ~x3; \ | |
85 | + x4 &= x1; x0 |= x1; x3 ^= x2; \ | |
86 | + x0 ^= x3; x1 ^= x3; x3 ^= x4; \ | |
87 | + x1 |= x4; x4 ^= x2; x2 &= x0; \ | |
88 | + x2 ^= x1; x1 |= x0; x0 = ~x0; \ | |
89 | + x0 ^= x2; x4 ^= x1; \ | |
90 | + }) | |
91 | + | |
92 | +#define S2(x0, x1, x2, x3, x4) ({ \ | |
93 | + x3 = ~x3; \ | |
94 | + x1 ^= x0; x4 = x0; x0 &= x2; \ | |
95 | + x0 ^= x3; x3 |= x4; x2 ^= x1; \ | |
96 | + x3 ^= x1; x1 &= x0; x0 ^= x2; \ | |
97 | + x2 &= x3; x3 |= x1; x0 = ~x0; \ | |
98 | + x3 ^= x0; x4 ^= x0; x0 ^= x2; \ | |
99 | + x1 |= x2; \ | |
100 | + }) | |
101 | + | |
102 | +#define S3(x0, x1, x2, x3, x4) ({ \ | |
103 | + x4 = x1; \ | |
104 | + x1 ^= x3; x3 |= x0; x4 &= x0; \ | |
105 | + x0 ^= x2; x2 ^= x1; x1 &= x3; \ | |
106 | + x2 ^= x3; x0 |= x4; x4 ^= x3; \ | |
107 | + x1 ^= x0; x0 &= x3; x3 &= x4; \ | |
108 | + x3 ^= x2; x4 |= x1; x2 &= x1; \ | |
109 | + x4 ^= x3; x0 ^= x3; x3 ^= x2; \ | |
110 | + }) | |
111 | + | |
112 | +#define S4(x0, x1, x2, x3, x4) ({ \ | |
113 | + x4 = x3; \ | |
114 | + x3 &= x0; x0 ^= x4; \ | |
115 | + x3 ^= x2; x2 |= x4; x0 ^= x1; \ | |
116 | + x4 ^= x3; x2 |= x0; \ | |
117 | + x2 ^= x1; x1 &= x0; \ | |
118 | + x1 ^= x4; x4 &= x2; x2 ^= x3; \ | |
119 | + x4 ^= x0; x3 |= x1; x1 = ~x1; \ | |
120 | + x3 ^= x0; \ | |
121 | + }) | |
122 | + | |
123 | +#define S5(x0, x1, x2, x3, x4) ({ \ | |
124 | + x4 = x1; x1 |= x0; \ | |
125 | + x2 ^= x1; x3 = ~x3; x4 ^= x0; \ | |
126 | + x0 ^= x2; x1 &= x4; x4 |= x3; \ | |
127 | + x4 ^= x0; x0 &= x3; x1 ^= x3; \ | |
128 | + x3 ^= x2; x0 ^= x1; x2 &= x4; \ | |
129 | + x1 ^= x2; x2 &= x0; \ | |
130 | + x3 ^= x2; \ | |
131 | + }) | |
132 | + | |
133 | +#define S6(x0, x1, x2, x3, x4) ({ \ | |
134 | + x4 = x1; \ | |
135 | + x3 ^= x0; x1 ^= x2; x2 ^= x0; \ | |
136 | + x0 &= x3; x1 |= x3; x4 = ~x4; \ | |
137 | + x0 ^= x1; x1 ^= x2; \ | |
138 | + x3 ^= x4; x4 ^= x0; x2 &= x0; \ | |
139 | + x4 ^= x1; x2 ^= x3; x3 &= x1; \ | |
140 | + x3 ^= x0; x1 ^= x2; \ | |
141 | + }) | |
142 | + | |
143 | +#define S7(x0, x1, x2, x3, x4) ({ \ | |
144 | + x1 = ~x1; \ | |
145 | + x4 = x1; x0 = ~x0; x1 &= x2; \ | |
146 | + x1 ^= x3; x3 |= x4; x4 ^= x2; \ | |
147 | + x2 ^= x3; x3 ^= x0; x0 |= x1; \ | |
148 | + x2 &= x0; x0 ^= x4; x4 ^= x3; \ | |
149 | + x3 &= x0; x4 ^= x1; \ | |
150 | + x2 ^= x4; x3 ^= x1; x4 |= x0; \ | |
151 | + x4 ^= x1; \ | |
152 | + }) | |
153 | + | |
154 | +#define SI0(x0, x1, x2, x3, x4) ({ \ | |
155 | + x4 = x3; x1 ^= x0; \ | |
156 | + x3 |= x1; x4 ^= x1; x0 = ~x0; \ | |
157 | + x2 ^= x3; x3 ^= x0; x0 &= x1; \ | |
158 | + x0 ^= x2; x2 &= x3; x3 ^= x4; \ | |
159 | + x2 ^= x3; x1 ^= x3; x3 &= x0; \ | |
160 | + x1 ^= x0; x0 ^= x2; x4 ^= x3; \ | |
161 | + }) | |
162 | + | |
163 | +#define SI1(x0, x1, x2, x3, x4) ({ \ | |
164 | + x1 ^= x3; x4 = x0; \ | |
165 | + x0 ^= x2; x2 = ~x2; x4 |= x1; \ | |
166 | + x4 ^= x3; x3 &= x1; x1 ^= x2; \ | |
167 | + x2 &= x4; x4 ^= x1; x1 |= x3; \ | |
168 | + x3 ^= x0; x2 ^= x0; x0 |= x4; \ | |
169 | + x2 ^= x4; x1 ^= x0; \ | |
170 | + x4 ^= x1; \ | |
171 | + }) | |
172 | + | |
173 | +#define SI2(x0, x1, x2, x3, x4) ({ \ | |
174 | + x2 ^= x1; x4 = x3; x3 = ~x3; \ | |
175 | + x3 |= x2; x2 ^= x4; x4 ^= x0; \ | |
176 | + x3 ^= x1; x1 |= x2; x2 ^= x0; \ | |
177 | + x1 ^= x4; x4 |= x3; x2 ^= x3; \ | |
178 | + x4 ^= x2; x2 &= x1; \ | |
179 | + x2 ^= x3; x3 ^= x4; x4 ^= x0; \ | |
180 | + }) | |
181 | + | |
182 | +#define SI3(x0, x1, x2, x3, x4) ({ \ | |
183 | + x2 ^= x1; \ | |
184 | + x4 = x1; x1 &= x2; \ | |
185 | + x1 ^= x0; x0 |= x4; x4 ^= x3; \ | |
186 | + x0 ^= x3; x3 |= x1; x1 ^= x2; \ | |
187 | + x1 ^= x3; x0 ^= x2; x2 ^= x3; \ | |
188 | + x3 &= x1; x1 ^= x0; x0 &= x2; \ | |
189 | + x4 ^= x3; x3 ^= x0; x0 ^= x1; \ | |
190 | + }) | |
191 | + | |
192 | +#define SI4(x0, x1, x2, x3, x4) ({ \ | |
193 | + x2 ^= x3; x4 = x0; x0 &= x1; \ | |
194 | + x0 ^= x2; x2 |= x3; x4 = ~x4; \ | |
195 | + x1 ^= x0; x0 ^= x2; x2 &= x4; \ | |
196 | + x2 ^= x0; x0 |= x4; \ | |
197 | + x0 ^= x3; x3 &= x2; \ | |
198 | + x4 ^= x3; x3 ^= x1; x1 &= x0; \ | |
199 | + x4 ^= x1; x0 ^= x3; \ | |
200 | + }) | |
201 | + | |
202 | +#define SI5(x0, x1, x2, x3, x4) ({ \ | |
203 | + x4 = x1; x1 |= x2; \ | |
204 | + x2 ^= x4; x1 ^= x3; x3 &= x4; \ | |
205 | + x2 ^= x3; x3 |= x0; x0 = ~x0; \ | |
206 | + x3 ^= x2; x2 |= x0; x4 ^= x1; \ | |
207 | + x2 ^= x4; x4 &= x0; x0 ^= x1; \ | |
208 | + x1 ^= x3; x0 &= x2; x2 ^= x3; \ | |
209 | + x0 ^= x2; x2 ^= x4; x4 ^= x3; \ | |
210 | + }) | |
211 | + | |
212 | +#define SI6(x0, x1, x2, x3, x4) ({ \ | |
213 | + x0 ^= x2; \ | |
214 | + x4 = x0; x0 &= x3; x2 ^= x3; \ | |
215 | + x0 ^= x2; x3 ^= x1; x2 |= x4; \ | |
216 | + x2 ^= x3; x3 &= x0; x0 = ~x0; \ | |
217 | + x3 ^= x1; x1 &= x2; x4 ^= x0; \ | |
218 | + x3 ^= x4; x4 ^= x2; x0 ^= x1; \ | |
219 | + x2 ^= x0; \ | |
220 | + }) | |
221 | + | |
222 | +#define SI7(x0, x1, x2, x3, x4) ({ \ | |
223 | + x4 = x3; x3 &= x0; x0 ^= x2; \ | |
224 | + x2 |= x4; x4 ^= x1; x0 = ~x0; \ | |
225 | + x1 |= x3; x4 ^= x0; x0 &= x2; \ | |
226 | + x0 ^= x1; x1 &= x2; x3 ^= x2; \ | |
227 | + x4 ^= x3; x2 &= x3; x3 |= x0; \ | |
228 | + x1 ^= x4; x3 ^= x4; x4 &= x0; \ | |
229 | + x4 ^= x2; \ | |
230 | + }) | |
231 | + | |
232 | +int __serpent_setkey(struct serpent_ctx *ctx, const u8 *key, | |
233 | + unsigned int keylen) | |
234 | +{ | |
235 | + u32 *k = ctx->expkey; | |
236 | + u8 *k8 = (u8 *)k; | |
237 | + u32 r0, r1, r2, r3, r4; | |
238 | + int i; | |
239 | + | |
240 | + /* Copy key, add padding */ | |
241 | + | |
242 | + for (i = 0; i < keylen; ++i) | |
243 | + k8[i] = key[i]; | |
244 | + if (i < SERPENT_MAX_KEY_SIZE) | |
245 | + k8[i++] = 1; | |
246 | + while (i < SERPENT_MAX_KEY_SIZE) | |
247 | + k8[i++] = 0; | |
248 | + | |
249 | + /* Expand key using polynomial */ | |
250 | + | |
251 | + r0 = le32_to_cpu(k[3]); | |
252 | + r1 = le32_to_cpu(k[4]); | |
253 | + r2 = le32_to_cpu(k[5]); | |
254 | + r3 = le32_to_cpu(k[6]); | |
255 | + r4 = le32_to_cpu(k[7]); | |
256 | + | |
257 | + keyiter(le32_to_cpu(k[0]), r0, r4, r2, 0, 0); | |
258 | + keyiter(le32_to_cpu(k[1]), r1, r0, r3, 1, 1); | |
259 | + keyiter(le32_to_cpu(k[2]), r2, r1, r4, 2, 2); | |
260 | + keyiter(le32_to_cpu(k[3]), r3, r2, r0, 3, 3); | |
261 | + keyiter(le32_to_cpu(k[4]), r4, r3, r1, 4, 4); | |
262 | + keyiter(le32_to_cpu(k[5]), r0, r4, r2, 5, 5); | |
263 | + keyiter(le32_to_cpu(k[6]), r1, r0, r3, 6, 6); | |
264 | + keyiter(le32_to_cpu(k[7]), r2, r1, r4, 7, 7); | |
265 | + | |
266 | + keyiter(k[0], r3, r2, r0, 8, 8); | |
267 | + keyiter(k[1], r4, r3, r1, 9, 9); | |
268 | + keyiter(k[2], r0, r4, r2, 10, 10); | |
269 | + keyiter(k[3], r1, r0, r3, 11, 11); | |
270 | + keyiter(k[4], r2, r1, r4, 12, 12); | |
271 | + keyiter(k[5], r3, r2, r0, 13, 13); | |
272 | + keyiter(k[6], r4, r3, r1, 14, 14); | |
273 | + keyiter(k[7], r0, r4, r2, 15, 15); | |
274 | + keyiter(k[8], r1, r0, r3, 16, 16); | |
275 | + keyiter(k[9], r2, r1, r4, 17, 17); | |
276 | + keyiter(k[10], r3, r2, r0, 18, 18); | |
277 | + keyiter(k[11], r4, r3, r1, 19, 19); | |
278 | + keyiter(k[12], r0, r4, r2, 20, 20); | |
279 | + keyiter(k[13], r1, r0, r3, 21, 21); | |
280 | + keyiter(k[14], r2, r1, r4, 22, 22); | |
281 | + keyiter(k[15], r3, r2, r0, 23, 23); | |
282 | + keyiter(k[16], r4, r3, r1, 24, 24); | |
283 | + keyiter(k[17], r0, r4, r2, 25, 25); | |
284 | + keyiter(k[18], r1, r0, r3, 26, 26); | |
285 | + keyiter(k[19], r2, r1, r4, 27, 27); | |
286 | + keyiter(k[20], r3, r2, r0, 28, 28); | |
287 | + keyiter(k[21], r4, r3, r1, 29, 29); | |
288 | + keyiter(k[22], r0, r4, r2, 30, 30); | |
289 | + keyiter(k[23], r1, r0, r3, 31, 31); | |
290 | + | |
291 | + k += 50; | |
292 | + | |
293 | + keyiter(k[-26], r2, r1, r4, 32, -18); | |
294 | + keyiter(k[-25], r3, r2, r0, 33, -17); | |
295 | + keyiter(k[-24], r4, r3, r1, 34, -16); | |
296 | + keyiter(k[-23], r0, r4, r2, 35, -15); | |
297 | + keyiter(k[-22], r1, r0, r3, 36, -14); | |
298 | + keyiter(k[-21], r2, r1, r4, 37, -13); | |
299 | + keyiter(k[-20], r3, r2, r0, 38, -12); | |
300 | + keyiter(k[-19], r4, r3, r1, 39, -11); | |
301 | + keyiter(k[-18], r0, r4, r2, 40, -10); | |
302 | + keyiter(k[-17], r1, r0, r3, 41, -9); | |
303 | + keyiter(k[-16], r2, r1, r4, 42, -8); | |
304 | + keyiter(k[-15], r3, r2, r0, 43, -7); | |
305 | + keyiter(k[-14], r4, r3, r1, 44, -6); | |
306 | + keyiter(k[-13], r0, r4, r2, 45, -5); | |
307 | + keyiter(k[-12], r1, r0, r3, 46, -4); | |
308 | + keyiter(k[-11], r2, r1, r4, 47, -3); | |
309 | + keyiter(k[-10], r3, r2, r0, 48, -2); | |
310 | + keyiter(k[-9], r4, r3, r1, 49, -1); | |
311 | + keyiter(k[-8], r0, r4, r2, 50, 0); | |
312 | + keyiter(k[-7], r1, r0, r3, 51, 1); | |
313 | + keyiter(k[-6], r2, r1, r4, 52, 2); | |
314 | + keyiter(k[-5], r3, r2, r0, 53, 3); | |
315 | + keyiter(k[-4], r4, r3, r1, 54, 4); | |
316 | + keyiter(k[-3], r0, r4, r2, 55, 5); | |
317 | + keyiter(k[-2], r1, r0, r3, 56, 6); | |
318 | + keyiter(k[-1], r2, r1, r4, 57, 7); | |
319 | + keyiter(k[0], r3, r2, r0, 58, 8); | |
320 | + keyiter(k[1], r4, r3, r1, 59, 9); | |
321 | + keyiter(k[2], r0, r4, r2, 60, 10); | |
322 | + keyiter(k[3], r1, r0, r3, 61, 11); | |
323 | + keyiter(k[4], r2, r1, r4, 62, 12); | |
324 | + keyiter(k[5], r3, r2, r0, 63, 13); | |
325 | + keyiter(k[6], r4, r3, r1, 64, 14); | |
326 | + keyiter(k[7], r0, r4, r2, 65, 15); | |
327 | + keyiter(k[8], r1, r0, r3, 66, 16); | |
328 | + keyiter(k[9], r2, r1, r4, 67, 17); | |
329 | + keyiter(k[10], r3, r2, r0, 68, 18); | |
330 | + keyiter(k[11], r4, r3, r1, 69, 19); | |
331 | + keyiter(k[12], r0, r4, r2, 70, 20); | |
332 | + keyiter(k[13], r1, r0, r3, 71, 21); | |
333 | + keyiter(k[14], r2, r1, r4, 72, 22); | |
334 | + keyiter(k[15], r3, r2, r0, 73, 23); | |
335 | + keyiter(k[16], r4, r3, r1, 74, 24); | |
336 | + keyiter(k[17], r0, r4, r2, 75, 25); | |
337 | + keyiter(k[18], r1, r0, r3, 76, 26); | |
338 | + keyiter(k[19], r2, r1, r4, 77, 27); | |
339 | + keyiter(k[20], r3, r2, r0, 78, 28); | |
340 | + keyiter(k[21], r4, r3, r1, 79, 29); | |
341 | + keyiter(k[22], r0, r4, r2, 80, 30); | |
342 | + keyiter(k[23], r1, r0, r3, 81, 31); | |
343 | + | |
344 | + k += 50; | |
345 | + | |
346 | + keyiter(k[-26], r2, r1, r4, 82, -18); | |
347 | + keyiter(k[-25], r3, r2, r0, 83, -17); | |
348 | + keyiter(k[-24], r4, r3, r1, 84, -16); | |
349 | + keyiter(k[-23], r0, r4, r2, 85, -15); | |
350 | + keyiter(k[-22], r1, r0, r3, 86, -14); | |
351 | + keyiter(k[-21], r2, r1, r4, 87, -13); | |
352 | + keyiter(k[-20], r3, r2, r0, 88, -12); | |
353 | + keyiter(k[-19], r4, r3, r1, 89, -11); | |
354 | + keyiter(k[-18], r0, r4, r2, 90, -10); | |
355 | + keyiter(k[-17], r1, r0, r3, 91, -9); | |
356 | + keyiter(k[-16], r2, r1, r4, 92, -8); | |
357 | + keyiter(k[-15], r3, r2, r0, 93, -7); | |
358 | + keyiter(k[-14], r4, r3, r1, 94, -6); | |
359 | + keyiter(k[-13], r0, r4, r2, 95, -5); | |
360 | + keyiter(k[-12], r1, r0, r3, 96, -4); | |
361 | + keyiter(k[-11], r2, r1, r4, 97, -3); | |
362 | + keyiter(k[-10], r3, r2, r0, 98, -2); | |
363 | + keyiter(k[-9], r4, r3, r1, 99, -1); | |
364 | + keyiter(k[-8], r0, r4, r2, 100, 0); | |
365 | + keyiter(k[-7], r1, r0, r3, 101, 1); | |
366 | + keyiter(k[-6], r2, r1, r4, 102, 2); | |
367 | + keyiter(k[-5], r3, r2, r0, 103, 3); | |
368 | + keyiter(k[-4], r4, r3, r1, 104, 4); | |
369 | + keyiter(k[-3], r0, r4, r2, 105, 5); | |
370 | + keyiter(k[-2], r1, r0, r3, 106, 6); | |
371 | + keyiter(k[-1], r2, r1, r4, 107, 7); | |
372 | + keyiter(k[0], r3, r2, r0, 108, 8); | |
373 | + keyiter(k[1], r4, r3, r1, 109, 9); | |
374 | + keyiter(k[2], r0, r4, r2, 110, 10); | |
375 | + keyiter(k[3], r1, r0, r3, 111, 11); | |
376 | + keyiter(k[4], r2, r1, r4, 112, 12); | |
377 | + keyiter(k[5], r3, r2, r0, 113, 13); | |
378 | + keyiter(k[6], r4, r3, r1, 114, 14); | |
379 | + keyiter(k[7], r0, r4, r2, 115, 15); | |
380 | + keyiter(k[8], r1, r0, r3, 116, 16); | |
381 | + keyiter(k[9], r2, r1, r4, 117, 17); | |
382 | + keyiter(k[10], r3, r2, r0, 118, 18); | |
383 | + keyiter(k[11], r4, r3, r1, 119, 19); | |
384 | + keyiter(k[12], r0, r4, r2, 120, 20); | |
385 | + keyiter(k[13], r1, r0, r3, 121, 21); | |
386 | + keyiter(k[14], r2, r1, r4, 122, 22); | |
387 | + keyiter(k[15], r3, r2, r0, 123, 23); | |
388 | + keyiter(k[16], r4, r3, r1, 124, 24); | |
389 | + keyiter(k[17], r0, r4, r2, 125, 25); | |
390 | + keyiter(k[18], r1, r0, r3, 126, 26); | |
391 | + keyiter(k[19], r2, r1, r4, 127, 27); | |
392 | + keyiter(k[20], r3, r2, r0, 128, 28); | |
393 | + keyiter(k[21], r4, r3, r1, 129, 29); | |
394 | + keyiter(k[22], r0, r4, r2, 130, 30); | |
395 | + keyiter(k[23], r1, r0, r3, 131, 31); | |
396 | + | |
397 | + /* Apply S-boxes */ | |
398 | + | |
399 | + S3(r3, r4, r0, r1, r2); store_and_load_keys(r1, r2, r4, r3, 28, 24); | |
400 | + S4(r1, r2, r4, r3, r0); store_and_load_keys(r2, r4, r3, r0, 24, 20); | |
401 | + S5(r2, r4, r3, r0, r1); store_and_load_keys(r1, r2, r4, r0, 20, 16); | |
402 | + S6(r1, r2, r4, r0, r3); store_and_load_keys(r4, r3, r2, r0, 16, 12); | |
403 | + S7(r4, r3, r2, r0, r1); store_and_load_keys(r1, r2, r0, r4, 12, 8); | |
404 | + S0(r1, r2, r0, r4, r3); store_and_load_keys(r0, r2, r4, r1, 8, 4); | |
405 | + S1(r0, r2, r4, r1, r3); store_and_load_keys(r3, r4, r1, r0, 4, 0); | |
406 | + S2(r3, r4, r1, r0, r2); store_and_load_keys(r2, r4, r3, r0, 0, -4); | |
407 | + S3(r2, r4, r3, r0, r1); store_and_load_keys(r0, r1, r4, r2, -4, -8); | |
408 | + S4(r0, r1, r4, r2, r3); store_and_load_keys(r1, r4, r2, r3, -8, -12); | |
409 | + S5(r1, r4, r2, r3, r0); store_and_load_keys(r0, r1, r4, r3, -12, -16); | |
410 | + S6(r0, r1, r4, r3, r2); store_and_load_keys(r4, r2, r1, r3, -16, -20); | |
411 | + S7(r4, r2, r1, r3, r0); store_and_load_keys(r0, r1, r3, r4, -20, -24); | |
412 | + S0(r0, r1, r3, r4, r2); store_and_load_keys(r3, r1, r4, r0, -24, -28); | |
413 | + k -= 50; | |
414 | + S1(r3, r1, r4, r0, r2); store_and_load_keys(r2, r4, r0, r3, 22, 18); | |
415 | + S2(r2, r4, r0, r3, r1); store_and_load_keys(r1, r4, r2, r3, 18, 14); | |
416 | + S3(r1, r4, r2, r3, r0); store_and_load_keys(r3, r0, r4, r1, 14, 10); | |
417 | + S4(r3, r0, r4, r1, r2); store_and_load_keys(r0, r4, r1, r2, 10, 6); | |
418 | + S5(r0, r4, r1, r2, r3); store_and_load_keys(r3, r0, r4, r2, 6, 2); | |
419 | + S6(r3, r0, r4, r2, r1); store_and_load_keys(r4, r1, r0, r2, 2, -2); | |
420 | + S7(r4, r1, r0, r2, r3); store_and_load_keys(r3, r0, r2, r4, -2, -6); | |
421 | + S0(r3, r0, r2, r4, r1); store_and_load_keys(r2, r0, r4, r3, -6, -10); | |
422 | + S1(r2, r0, r4, r3, r1); store_and_load_keys(r1, r4, r3, r2, -10, -14); | |
423 | + S2(r1, r4, r3, r2, r0); store_and_load_keys(r0, r4, r1, r2, -14, -18); | |
424 | + S3(r0, r4, r1, r2, r3); store_and_load_keys(r2, r3, r4, r0, -18, -22); | |
425 | + k -= 50; | |
426 | + S4(r2, r3, r4, r0, r1); store_and_load_keys(r3, r4, r0, r1, 28, 24); | |
427 | + S5(r3, r4, r0, r1, r2); store_and_load_keys(r2, r3, r4, r1, 24, 20); | |
428 | + S6(r2, r3, r4, r1, r0); store_and_load_keys(r4, r0, r3, r1, 20, 16); | |
429 | + S7(r4, r0, r3, r1, r2); store_and_load_keys(r2, r3, r1, r4, 16, 12); | |
430 | + S0(r2, r3, r1, r4, r0); store_and_load_keys(r1, r3, r4, r2, 12, 8); | |
431 | + S1(r1, r3, r4, r2, r0); store_and_load_keys(r0, r4, r2, r1, 8, 4); | |
432 | + S2(r0, r4, r2, r1, r3); store_and_load_keys(r3, r4, r0, r1, 4, 0); | |
433 | + S3(r3, r4, r0, r1, r2); storekeys(r1, r2, r4, r3, 0); | |
434 | + | |
435 | + return 0; | |
436 | +} | |
437 | +EXPORT_SYMBOL_GPL(__serpent_setkey); | |
438 | + | |
439 | +int serpent_setkey(struct crypto_tfm *tfm, const u8 *key, unsigned int keylen) | |
440 | +{ | |
441 | + return __serpent_setkey(crypto_tfm_ctx(tfm), key, keylen); | |
442 | +} | |
443 | +EXPORT_SYMBOL_GPL(serpent_setkey); | |
444 | + | |
445 | +void __serpent_encrypt(struct serpent_ctx *ctx, u8 *dst, const u8 *src) | |
446 | +{ | |
447 | + const u32 *k = ctx->expkey; | |
448 | + const __le32 *s = (const __le32 *)src; | |
449 | + __le32 *d = (__le32 *)dst; | |
450 | + u32 r0, r1, r2, r3, r4; | |
451 | + | |
452 | +/* | |
453 | + * Note: The conversions between u8* and u32* might cause trouble | |
454 | + * on architectures with stricter alignment rules than x86 | |
455 | + */ | |
456 | + | |
457 | + r0 = le32_to_cpu(s[0]); | |
458 | + r1 = le32_to_cpu(s[1]); | |
459 | + r2 = le32_to_cpu(s[2]); | |
460 | + r3 = le32_to_cpu(s[3]); | |
461 | + | |
462 | + K(r0, r1, r2, r3, 0); | |
463 | + S0(r0, r1, r2, r3, r4); LK(r2, r1, r3, r0, r4, 1); | |
464 | + S1(r2, r1, r3, r0, r4); LK(r4, r3, r0, r2, r1, 2); | |
465 | + S2(r4, r3, r0, r2, r1); LK(r1, r3, r4, r2, r0, 3); | |
466 | + S3(r1, r3, r4, r2, r0); LK(r2, r0, r3, r1, r4, 4); | |
467 | + S4(r2, r0, r3, r1, r4); LK(r0, r3, r1, r4, r2, 5); | |
468 | + S5(r0, r3, r1, r4, r2); LK(r2, r0, r3, r4, r1, 6); | |
469 | + S6(r2, r0, r3, r4, r1); LK(r3, r1, r0, r4, r2, 7); | |
470 | + S7(r3, r1, r0, r4, r2); LK(r2, r0, r4, r3, r1, 8); | |
471 | + S0(r2, r0, r4, r3, r1); LK(r4, r0, r3, r2, r1, 9); | |
472 | + S1(r4, r0, r3, r2, r1); LK(r1, r3, r2, r4, r0, 10); | |
473 | + S2(r1, r3, r2, r4, r0); LK(r0, r3, r1, r4, r2, 11); | |
474 | + S3(r0, r3, r1, r4, r2); LK(r4, r2, r3, r0, r1, 12); | |
475 | + S4(r4, r2, r3, r0, r1); LK(r2, r3, r0, r1, r4, 13); | |
476 | + S5(r2, r3, r0, r1, r4); LK(r4, r2, r3, r1, r0, 14); | |
477 | + S6(r4, r2, r3, r1, r0); LK(r3, r0, r2, r1, r4, 15); | |
478 | + S7(r3, r0, r2, r1, r4); LK(r4, r2, r1, r3, r0, 16); | |
479 | + S0(r4, r2, r1, r3, r0); LK(r1, r2, r3, r4, r0, 17); | |
480 | + S1(r1, r2, r3, r4, r0); LK(r0, r3, r4, r1, r2, 18); | |
481 | + S2(r0, r3, r4, r1, r2); LK(r2, r3, r0, r1, r4, 19); | |
482 | + S3(r2, r3, r0, r1, r4); LK(r1, r4, r3, r2, r0, 20); | |
483 | + S4(r1, r4, r3, r2, r0); LK(r4, r3, r2, r0, r1, 21); | |
484 | + S5(r4, r3, r2, r0, r1); LK(r1, r4, r3, r0, r2, 22); | |
485 | + S6(r1, r4, r3, r0, r2); LK(r3, r2, r4, r0, r1, 23); | |
486 | + S7(r3, r2, r4, r0, r1); LK(r1, r4, r0, r3, r2, 24); | |
487 | + S0(r1, r4, r0, r3, r2); LK(r0, r4, r3, r1, r2, 25); | |
488 | + S1(r0, r4, r3, r1, r2); LK(r2, r3, r1, r0, r4, 26); | |
489 | + S2(r2, r3, r1, r0, r4); LK(r4, r3, r2, r0, r1, 27); | |
490 | + S3(r4, r3, r2, r0, r1); LK(r0, r1, r3, r4, r2, 28); | |
491 | + S4(r0, r1, r3, r4, r2); LK(r1, r3, r4, r2, r0, 29); | |
492 | + S5(r1, r3, r4, r2, r0); LK(r0, r1, r3, r2, r4, 30); | |
493 | + S6(r0, r1, r3, r2, r4); LK(r3, r4, r1, r2, r0, 31); | |
494 | + S7(r3, r4, r1, r2, r0); K(r0, r1, r2, r3, 32); | |
495 | + | |
496 | + d[0] = cpu_to_le32(r0); | |
497 | + d[1] = cpu_to_le32(r1); | |
498 | + d[2] = cpu_to_le32(r2); | |
499 | + d[3] = cpu_to_le32(r3); | |
500 | +} | |
501 | +EXPORT_SYMBOL_GPL(__serpent_encrypt); | |
502 | + | |
503 | +static void serpent_encrypt(struct crypto_tfm *tfm, u8 *dst, const u8 *src) | |
504 | +{ | |
505 | + struct serpent_ctx *ctx = crypto_tfm_ctx(tfm); | |
506 | + | |
507 | + __serpent_encrypt(ctx, dst, src); | |
508 | +} | |
509 | + | |
510 | +void __serpent_decrypt(struct serpent_ctx *ctx, u8 *dst, const u8 *src) | |
511 | +{ | |
512 | + const u32 *k = ctx->expkey; | |
513 | + const __le32 *s = (const __le32 *)src; | |
514 | + __le32 *d = (__le32 *)dst; | |
515 | + u32 r0, r1, r2, r3, r4; | |
516 | + | |
517 | + r0 = le32_to_cpu(s[0]); | |
518 | + r1 = le32_to_cpu(s[1]); | |
519 | + r2 = le32_to_cpu(s[2]); | |
520 | + r3 = le32_to_cpu(s[3]); | |
521 | + | |
522 | + K(r0, r1, r2, r3, 32); | |
523 | + SI7(r0, r1, r2, r3, r4); KL(r1, r3, r0, r4, r2, 31); | |
524 | + SI6(r1, r3, r0, r4, r2); KL(r0, r2, r4, r1, r3, 30); | |
525 | + SI5(r0, r2, r4, r1, r3); KL(r2, r3, r0, r4, r1, 29); | |
526 | + SI4(r2, r3, r0, r4, r1); KL(r2, r0, r1, r4, r3, 28); | |
527 | + SI3(r2, r0, r1, r4, r3); KL(r1, r2, r3, r4, r0, 27); | |
528 | + SI2(r1, r2, r3, r4, r0); KL(r2, r0, r4, r3, r1, 26); | |
529 | + SI1(r2, r0, r4, r3, r1); KL(r1, r0, r4, r3, r2, 25); | |
530 | + SI0(r1, r0, r4, r3, r2); KL(r4, r2, r0, r1, r3, 24); | |
531 | + SI7(r4, r2, r0, r1, r3); KL(r2, r1, r4, r3, r0, 23); | |
532 | + SI6(r2, r1, r4, r3, r0); KL(r4, r0, r3, r2, r1, 22); | |
533 | + SI5(r4, r0, r3, r2, r1); KL(r0, r1, r4, r3, r2, 21); | |
534 | + SI4(r0, r1, r4, r3, r2); KL(r0, r4, r2, r3, r1, 20); | |
535 | + SI3(r0, r4, r2, r3, r1); KL(r2, r0, r1, r3, r4, 19); | |
536 | + SI2(r2, r0, r1, r3, r4); KL(r0, r4, r3, r1, r2, 18); | |
537 | + SI1(r0, r4, r3, r1, r2); KL(r2, r4, r3, r1, r0, 17); | |
538 | + SI0(r2, r4, r3, r1, r0); KL(r3, r0, r4, r2, r1, 16); | |
539 | + SI7(r3, r0, r4, r2, r1); KL(r0, r2, r3, r1, r4, 15); | |
540 | + SI6(r0, r2, r3, r1, r4); KL(r3, r4, r1, r0, r2, 14); | |
541 | + SI5(r3, r4, r1, r0, r2); KL(r4, r2, r3, r1, r0, 13); | |
542 | + SI4(r4, r2, r3, r1, r0); KL(r4, r3, r0, r1, r2, 12); | |
543 | + SI3(r4, r3, r0, r1, r2); KL(r0, r4, r2, r1, r3, 11); | |
544 | + SI2(r0, r4, r2, r1, r3); KL(r4, r3, r1, r2, r0, 10); | |
545 | + SI1(r4, r3, r1, r2, r0); KL(r0, r3, r1, r2, r4, 9); | |
546 | + SI0(r0, r3, r1, r2, r4); KL(r1, r4, r3, r0, r2, 8); | |
547 | + SI7(r1, r4, r3, r0, r2); KL(r4, r0, r1, r2, r3, 7); | |
548 | + SI6(r4, r0, r1, r2, r3); KL(r1, r3, r2, r4, r0, 6); | |
549 | + SI5(r1, r3, r2, r4, r0); KL(r3, r0, r1, r2, r4, 5); | |
550 | + SI4(r3, r0, r1, r2, r4); KL(r3, r1, r4, r2, r0, 4); | |
551 | + SI3(r3, r1, r4, r2, r0); KL(r4, r3, r0, r2, r1, 3); | |
552 | + SI2(r4, r3, r0, r2, r1); KL(r3, r1, r2, r0, r4, 2); | |
553 | + SI1(r3, r1, r2, r0, r4); KL(r4, r1, r2, r0, r3, 1); | |
554 | + SI0(r4, r1, r2, r0, r3); K(r2, r3, r1, r4, 0); | |
555 | + | |
556 | + d[0] = cpu_to_le32(r2); | |
557 | + d[1] = cpu_to_le32(r3); | |
558 | + d[2] = cpu_to_le32(r1); | |
559 | + d[3] = cpu_to_le32(r4); | |
560 | +} | |
561 | +EXPORT_SYMBOL_GPL(__serpent_decrypt); | |
562 | + | |
563 | +static void serpent_decrypt(struct crypto_tfm *tfm, u8 *dst, const u8 *src) | |
564 | +{ | |
565 | + struct serpent_ctx *ctx = crypto_tfm_ctx(tfm); | |
566 | + | |
567 | + __serpent_decrypt(ctx, dst, src); | |
568 | +} | |
569 | + | |
570 | +static struct crypto_alg serpent_alg = { | |
571 | + .cra_name = "serpent", | |
572 | + .cra_driver_name = "serpent-generic", | |
573 | + .cra_priority = 100, | |
574 | + .cra_flags = CRYPTO_ALG_TYPE_CIPHER, | |
575 | + .cra_blocksize = SERPENT_BLOCK_SIZE, | |
576 | + .cra_ctxsize = sizeof(struct serpent_ctx), | |
577 | + .cra_alignmask = 3, | |
578 | + .cra_module = THIS_MODULE, | |
579 | + .cra_list = LIST_HEAD_INIT(serpent_alg.cra_list), | |
580 | + .cra_u = { .cipher = { | |
581 | + .cia_min_keysize = SERPENT_MIN_KEY_SIZE, | |
582 | + .cia_max_keysize = SERPENT_MAX_KEY_SIZE, | |
583 | + .cia_setkey = serpent_setkey, | |
584 | + .cia_encrypt = serpent_encrypt, | |
585 | + .cia_decrypt = serpent_decrypt } } | |
586 | +}; | |
587 | + | |
588 | +static int tnepres_setkey(struct crypto_tfm *tfm, const u8 *key, | |
589 | + unsigned int keylen) | |
590 | +{ | |
591 | + u8 rev_key[SERPENT_MAX_KEY_SIZE]; | |
592 | + int i; | |
593 | + | |
594 | + for (i = 0; i < keylen; ++i) | |
595 | + rev_key[keylen - i - 1] = key[i]; | |
596 | + | |
597 | + return serpent_setkey(tfm, rev_key, keylen); | |
598 | +} | |
599 | + | |
600 | +static void tnepres_encrypt(struct crypto_tfm *tfm, u8 *dst, const u8 *src) | |
601 | +{ | |
602 | + const u32 * const s = (const u32 * const)src; | |
603 | + u32 * const d = (u32 * const)dst; | |
604 | + | |
605 | + u32 rs[4], rd[4]; | |
606 | + | |
607 | + rs[0] = swab32(s[3]); | |
608 | + rs[1] = swab32(s[2]); | |
609 | + rs[2] = swab32(s[1]); | |
610 | + rs[3] = swab32(s[0]); | |
611 | + | |
612 | + serpent_encrypt(tfm, (u8 *)rd, (u8 *)rs); | |
613 | + | |
614 | + d[0] = swab32(rd[3]); | |
615 | + d[1] = swab32(rd[2]); | |
616 | + d[2] = swab32(rd[1]); | |
617 | + d[3] = swab32(rd[0]); | |
618 | +} | |
619 | + | |
620 | +static void tnepres_decrypt(struct crypto_tfm *tfm, u8 *dst, const u8 *src) | |
621 | +{ | |
622 | + const u32 * const s = (const u32 * const)src; | |
623 | + u32 * const d = (u32 * const)dst; | |
624 | + | |
625 | + u32 rs[4], rd[4]; | |
626 | + | |
627 | + rs[0] = swab32(s[3]); | |
628 | + rs[1] = swab32(s[2]); | |
629 | + rs[2] = swab32(s[1]); | |
630 | + rs[3] = swab32(s[0]); | |
631 | + | |
632 | + serpent_decrypt(tfm, (u8 *)rd, (u8 *)rs); | |
633 | + | |
634 | + d[0] = swab32(rd[3]); | |
635 | + d[1] = swab32(rd[2]); | |
636 | + d[2] = swab32(rd[1]); | |
637 | + d[3] = swab32(rd[0]); | |
638 | +} | |
639 | + | |
640 | +static struct crypto_alg tnepres_alg = { | |
641 | + .cra_name = "tnepres", | |
642 | + .cra_flags = CRYPTO_ALG_TYPE_CIPHER, | |
643 | + .cra_blocksize = SERPENT_BLOCK_SIZE, | |
644 | + .cra_ctxsize = sizeof(struct serpent_ctx), | |
645 | + .cra_alignmask = 3, | |
646 | + .cra_module = THIS_MODULE, | |
647 | + .cra_list = LIST_HEAD_INIT(serpent_alg.cra_list), | |
648 | + .cra_u = { .cipher = { | |
649 | + .cia_min_keysize = SERPENT_MIN_KEY_SIZE, | |
650 | + .cia_max_keysize = SERPENT_MAX_KEY_SIZE, | |
651 | + .cia_setkey = tnepres_setkey, | |
652 | + .cia_encrypt = tnepres_encrypt, | |
653 | + .cia_decrypt = tnepres_decrypt } } | |
654 | +}; | |
655 | + | |
656 | +static int __init serpent_mod_init(void) | |
657 | +{ | |
658 | + int ret = crypto_register_alg(&serpent_alg); | |
659 | + | |
660 | + if (ret) | |
661 | + return ret; | |
662 | + | |
663 | + ret = crypto_register_alg(&tnepres_alg); | |
664 | + | |
665 | + if (ret) | |
666 | + crypto_unregister_alg(&serpent_alg); | |
667 | + | |
668 | + return ret; | |
669 | +} | |
670 | + | |
671 | +static void __exit serpent_mod_fini(void) | |
672 | +{ | |
673 | + crypto_unregister_alg(&tnepres_alg); | |
674 | + crypto_unregister_alg(&serpent_alg); | |
675 | +} | |
676 | + | |
677 | +module_init(serpent_mod_init); | |
678 | +module_exit(serpent_mod_fini); | |
679 | + | |
680 | +MODULE_LICENSE("GPL"); | |
681 | +MODULE_DESCRIPTION("Serpent and tnepres (kerneli compatible serpent reversed) Cipher Algorithm"); | |
682 | +MODULE_AUTHOR("Dag Arne Osvik <osvik@ii.uib.no>"); | |
683 | +MODULE_ALIAS("tnepres"); | |
684 | +MODULE_ALIAS("serpent"); |