diff options
author | Linus Torvalds <torvalds@linux-foundation.org> | 2018-06-05 15:51:21 -0700 |
---|---|---|
committer | Linus Torvalds <torvalds@linux-foundation.org> | 2018-06-05 15:51:21 -0700 |
commit | 3e1a29b3bf66c2850ea8eba78c59c234921c0b69 (patch) | |
tree | 641a5428e3a1ef205fafede3d6a03dae85d30e92 | |
parent | fd59ccc53062964007beda8787ffd9cd93968d63 (diff) | |
parent | b268b3506d9910ca8238e92cb1dc51340574b2f2 (diff) | |
download | linux-3e1a29b3bf66c2850ea8eba78c59c234921c0b69.tar.bz2 |
Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6
Pull crypto updates from Herbert Xu:
"API:
- Decryption test vectors are now automatically generated from
encryption test vectors.
Algorithms:
- Fix unaligned access issues in crc32/crc32c.
- Add zstd compression algorithm.
- Add AEGIS.
- Add MORUS.
Drivers:
- Add accelerated AEGIS/MORUS on x86.
- Add accelerated SM4 on arm64.
- Removed x86 assembly salsa implementation as it is slower than C.
- Add authenc(hmac(sha*), cbc(aes)) support in inside-secure.
- Add ctr(aes) support in crypto4xx.
- Add hardware key support in ccree.
- Add support for new Centaur CPU in via-rng"
* 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6: (112 commits)
crypto: chtls - free beyond end rspq_skb_cache
crypto: chtls - kbuild warnings
crypto: chtls - dereference null variable
crypto: chtls - wait for memory sendmsg, sendpage
crypto: chtls - key len correction
crypto: salsa20 - Revert "crypto: salsa20 - export generic helpers"
crypto: x86/salsa20 - remove x86 salsa20 implementations
crypto: ccp - Add GET_ID SEV command
crypto: ccp - Add DOWNLOAD_FIRMWARE SEV command
crypto: qat - Add MODULE_FIRMWARE for all qat drivers
crypto: ccree - silence debug prints
crypto: ccree - better clock handling
crypto: ccree - correct host regs offset
crypto: chelsio - Remove separate buffer used for DMA map B0 block in CCM
crypt: chelsio - Send IV as Immediate for cipher algo
crypto: chelsio - Return -ENOSPC for transient busy indication.
crypto: caam/qi - fix warning in init_cgr()
crypto: caam - fix rfc4543 descriptors
crypto: caam - fix MC firmware detection
crypto: clarify licensing of OpenSSL asm code
...
141 files changed, 20656 insertions, 15349 deletions
diff --git a/arch/arm/crypto/sha1-armv4-large.S b/arch/arm/crypto/sha1-armv4-large.S index 99207c45ec10..f82cd8cf5a09 100644 --- a/arch/arm/crypto/sha1-armv4-large.S +++ b/arch/arm/crypto/sha1-armv4-large.S @@ -1,4 +1,14 @@ #define __ARM_ARCH__ __LINUX_ARM_ARCH__ +@ SPDX-License-Identifier: GPL-2.0 + +@ This code is taken from the OpenSSL project but the author (Andy Polyakov) +@ has relicensed it under the GPLv2. Therefore this program is free software; +@ you can redistribute it and/or modify it under the terms of the GNU General +@ Public License version 2 as published by the Free Software Foundation. +@ +@ The original headers, including the original license headers, are +@ included below for completeness. + @ ==================================================================== @ Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL @ project. The module is, however, dual licensed under OpenSSL and diff --git a/arch/arm/crypto/sha256-armv4.pl b/arch/arm/crypto/sha256-armv4.pl index fac0533ea633..b9ec44060ed3 100644 --- a/arch/arm/crypto/sha256-armv4.pl +++ b/arch/arm/crypto/sha256-armv4.pl @@ -1,12 +1,19 @@ #!/usr/bin/env perl +# SPDX-License-Identifier: GPL-2.0 + +# This code is taken from the OpenSSL project but the author (Andy Polyakov) +# has relicensed it under the GPLv2. Therefore this program is free software; +# you can redistribute it and/or modify it under the terms of the GNU General +# Public License version 2 as published by the Free Software Foundation. +# +# The original headers, including the original license headers, are +# included below for completeness. # ==================================================================== # Written by Andy Polyakov <appro@openssl.org> for the OpenSSL # project. The module is, however, dual licensed under OpenSSL and # CRYPTOGAMS licenses depending on where you obtain it. For further # details see http://www.openssl.org/~appro/cryptogams/. -# -# Permission to use under GPL terms is granted. # ==================================================================== # SHA256 block procedure for ARMv4. May 2007. diff --git a/arch/arm/crypto/sha256-core.S_shipped b/arch/arm/crypto/sha256-core.S_shipped index 555a1a8eec90..3b58300d611c 100644 --- a/arch/arm/crypto/sha256-core.S_shipped +++ b/arch/arm/crypto/sha256-core.S_shipped @@ -1,11 +1,18 @@ +@ SPDX-License-Identifier: GPL-2.0 + +@ This code is taken from the OpenSSL project but the author (Andy Polyakov) +@ has relicensed it under the GPLv2. Therefore this program is free software; +@ you can redistribute it and/or modify it under the terms of the GNU General +@ Public License version 2 as published by the Free Software Foundation. +@ +@ The original headers, including the original license headers, are +@ included below for completeness. @ ==================================================================== @ Written by Andy Polyakov <appro@openssl.org> for the OpenSSL @ project. The module is, however, dual licensed under OpenSSL and @ CRYPTOGAMS licenses depending on where you obtain it. For further @ details see http://www.openssl.org/~appro/cryptogams/. -@ -@ Permission to use under GPL terms is granted. @ ==================================================================== @ SHA256 block procedure for ARMv4. May 2007. diff --git a/arch/arm/crypto/sha512-armv4.pl b/arch/arm/crypto/sha512-armv4.pl index a2b11a844357..fb5d15048c0b 100644 --- a/arch/arm/crypto/sha512-armv4.pl +++ b/arch/arm/crypto/sha512-armv4.pl @@ -1,12 +1,19 @@ #!/usr/bin/env perl +# SPDX-License-Identifier: GPL-2.0 + +# This code is taken from the OpenSSL project but the author (Andy Polyakov) +# has relicensed it under the GPLv2. Therefore this program is free software; +# you can redistribute it and/or modify it under the terms of the GNU General +# Public License version 2 as published by the Free Software Foundation. +# +# The original headers, including the original license headers, are +# included below for completeness. # ==================================================================== # Written by Andy Polyakov <appro@openssl.org> for the OpenSSL # project. The module is, however, dual licensed under OpenSSL and # CRYPTOGAMS licenses depending on where you obtain it. For further # details see http://www.openssl.org/~appro/cryptogams/. -# -# Permission to use under GPL terms is granted. # ==================================================================== # SHA512 block procedure for ARMv4. September 2007. diff --git a/arch/arm/crypto/sha512-core.S_shipped b/arch/arm/crypto/sha512-core.S_shipped index 3694c4d4ca2b..b1c334a49cda 100644 --- a/arch/arm/crypto/sha512-core.S_shipped +++ b/arch/arm/crypto/sha512-core.S_shipped @@ -1,11 +1,18 @@ +@ SPDX-License-Identifier: GPL-2.0 + +@ This code is taken from the OpenSSL project but the author (Andy Polyakov) +@ has relicensed it under the GPLv2. Therefore this program is free software; +@ you can redistribute it and/or modify it under the terms of the GNU General +@ Public License version 2 as published by the Free Software Foundation. +@ +@ The original headers, including the original license headers, are +@ included below for completeness. @ ==================================================================== @ Written by Andy Polyakov <appro@openssl.org> for the OpenSSL @ project. The module is, however, dual licensed under OpenSSL and @ CRYPTOGAMS licenses depending on where you obtain it. For further @ details see http://www.openssl.org/~appro/cryptogams/. -@ -@ Permission to use under GPL terms is granted. @ ==================================================================== @ SHA512 block procedure for ARMv4. September 2007. diff --git a/arch/arm64/crypto/Kconfig b/arch/arm64/crypto/Kconfig index cb5a243110c4..e3fdb0fd6f70 100644 --- a/arch/arm64/crypto/Kconfig +++ b/arch/arm64/crypto/Kconfig @@ -47,6 +47,12 @@ config CRYPTO_SM3_ARM64_CE select CRYPTO_HASH select CRYPTO_SM3 +config CRYPTO_SM4_ARM64_CE + tristate "SM4 symmetric cipher (ARMv8.2 Crypto Extensions)" + depends on KERNEL_MODE_NEON + select CRYPTO_ALGAPI + select CRYPTO_SM4 + config CRYPTO_GHASH_ARM64_CE tristate "GHASH/AES-GCM using ARMv8 Crypto Extensions" depends on KERNEL_MODE_NEON diff --git a/arch/arm64/crypto/Makefile b/arch/arm64/crypto/Makefile index f35ac684b1c0..bcafd016618e 100644 --- a/arch/arm64/crypto/Makefile +++ b/arch/arm64/crypto/Makefile @@ -23,6 +23,9 @@ sha3-ce-y := sha3-ce-glue.o sha3-ce-core.o obj-$(CONFIG_CRYPTO_SM3_ARM64_CE) += sm3-ce.o sm3-ce-y := sm3-ce-glue.o sm3-ce-core.o +obj-$(CONFIG_CRYPTO_SM4_ARM64_CE) += sm4-ce.o +sm4-ce-y := sm4-ce-glue.o sm4-ce-core.o + obj-$(CONFIG_CRYPTO_GHASH_ARM64_CE) += ghash-ce.o ghash-ce-y := ghash-ce-glue.o ghash-ce-core.o diff --git a/arch/arm64/crypto/aes-ce-ccm-core.S b/arch/arm64/crypto/aes-ce-ccm-core.S index e3a375c4cb83..88f5aef7934c 100644 --- a/arch/arm64/crypto/aes-ce-ccm-core.S +++ b/arch/arm64/crypto/aes-ce-ccm-core.S @@ -19,24 +19,33 @@ * u32 *macp, u8 const rk[], u32 rounds); */ ENTRY(ce_aes_ccm_auth_data) - ldr w8, [x3] /* leftover from prev round? */ + frame_push 7 + + mov x19, x0 + mov x20, x1 + mov x21, x2 + mov x22, x3 + mov x23, x4 + mov x24, x5 + + ldr w25, [x22] /* leftover from prev round? */ ld1 {v0.16b}, [x0] /* load mac */ - cbz w8, 1f - sub w8, w8, #16 + cbz w25, 1f + sub w25, w25, #16 eor v1.16b, v1.16b, v1.16b -0: ldrb w7, [x1], #1 /* get 1 byte of input */ - subs w2, w2, #1 - add w8, w8, #1 +0: ldrb w7, [x20], #1 /* get 1 byte of input */ + subs w21, w21, #1 + add w25, w25, #1 ins v1.b[0], w7 ext v1.16b, v1.16b, v1.16b, #1 /* rotate in the input bytes */ beq 8f /* out of input? */ - cbnz w8, 0b + cbnz w25, 0b eor v0.16b, v0.16b, v1.16b -1: ld1 {v3.4s}, [x4] /* load first round key */ - prfm pldl1strm, [x1] - cmp w5, #12 /* which key size? */ - add x6, x4, #16 - sub w7, w5, #2 /* modified # of rounds */ +1: ld1 {v3.4s}, [x23] /* load first round key */ + prfm pldl1strm, [x20] + cmp w24, #12 /* which key size? */ + add x6, x23, #16 + sub w7, w24, #2 /* modified # of rounds */ bmi 2f bne 5f mov v5.16b, v3.16b @@ -55,33 +64,43 @@ ENTRY(ce_aes_ccm_auth_data) ld1 {v5.4s}, [x6], #16 /* load next round key */ bpl 3b aese v0.16b, v4.16b - subs w2, w2, #16 /* last data? */ + subs w21, w21, #16 /* last data? */ eor v0.16b, v0.16b, v5.16b /* final round */ bmi 6f - ld1 {v1.16b}, [x1], #16 /* load next input block */ + ld1 {v1.16b}, [x20], #16 /* load next input block */ eor v0.16b, v0.16b, v1.16b /* xor with mac */ - bne 1b -6: st1 {v0.16b}, [x0] /* store mac */ + beq 6f + + if_will_cond_yield_neon + st1 {v0.16b}, [x19] /* store mac */ + do_cond_yield_neon + ld1 {v0.16b}, [x19] /* reload mac */ + endif_yield_neon + + b 1b +6: st1 {v0.16b}, [x19] /* store mac */ beq 10f - adds w2, w2, #16 + adds w21, w21, #16 beq 10f - mov w8, w2 -7: ldrb w7, [x1], #1 + mov w25, w21 +7: ldrb w7, [x20], #1 umov w6, v0.b[0] eor w6, w6, w7 - strb w6, [x0], #1 - subs w2, w2, #1 + strb w6, [x19], #1 + subs w21, w21, #1 beq 10f ext v0.16b, v0.16b, v0.16b, #1 /* rotate out the mac bytes */ b 7b -8: mov w7, w8 - add w8, w8, #16 +8: mov w7, w25 + add w25, w25, #16 9: ext v1.16b, v1.16b, v1.16b, #1 adds w7, w7, #1 bne 9b eor v0.16b, v0.16b, v1.16b - st1 {v0.16b}, [x0] -10: str w8, [x3] + st1 {v0.16b}, [x19] +10: str w25, [x22] + + frame_pop ret ENDPROC(ce_aes_ccm_auth_data) @@ -126,19 +145,29 @@ ENTRY(ce_aes_ccm_final) ENDPROC(ce_aes_ccm_final) .macro aes_ccm_do_crypt,enc - ldr x8, [x6, #8] /* load lower ctr */ - ld1 {v0.16b}, [x5] /* load mac */ -CPU_LE( rev x8, x8 ) /* keep swabbed ctr in reg */ + frame_push 8 + + mov x19, x0 + mov x20, x1 + mov x21, x2 + mov x22, x3 + mov x23, x4 + mov x24, x5 + mov x25, x6 + + ldr x26, [x25, #8] /* load lower ctr */ + ld1 {v0.16b}, [x24] /* load mac */ +CPU_LE( rev x26, x26 ) /* keep swabbed ctr in reg */ 0: /* outer loop */ - ld1 {v1.8b}, [x6] /* load upper ctr */ - prfm pldl1strm, [x1] - add x8, x8, #1 - rev x9, x8 - cmp w4, #12 /* which key size? */ - sub w7, w4, #2 /* get modified # of rounds */ + ld1 {v1.8b}, [x25] /* load upper ctr */ + prfm pldl1strm, [x20] + add x26, x26, #1 + rev x9, x26 + cmp w23, #12 /* which key size? */ + sub w7, w23, #2 /* get modified # of rounds */ ins v1.d[1], x9 /* no carry in lower ctr */ - ld1 {v3.4s}, [x3] /* load first round key */ - add x10, x3, #16 + ld1 {v3.4s}, [x22] /* load first round key */ + add x10, x22, #16 bmi 1f bne 4f mov v5.16b, v3.16b @@ -165,9 +194,9 @@ CPU_LE( rev x8, x8 ) /* keep swabbed ctr in reg */ bpl 2b aese v0.16b, v4.16b aese v1.16b, v4.16b - subs w2, w2, #16 - bmi 6f /* partial block? */ - ld1 {v2.16b}, [x1], #16 /* load next input block */ + subs w21, w21, #16 + bmi 7f /* partial block? */ + ld1 {v2.16b}, [x20], #16 /* load next input block */ .if \enc == 1 eor v2.16b, v2.16b, v5.16b /* final round enc+mac */ eor v1.16b, v1.16b, v2.16b /* xor with crypted ctr */ @@ -176,18 +205,29 @@ CPU_LE( rev x8, x8 ) /* keep swabbed ctr in reg */ eor v1.16b, v2.16b, v5.16b /* final round enc */ .endif eor v0.16b, v0.16b, v2.16b /* xor mac with pt ^ rk[last] */ - st1 {v1.16b}, [x0], #16 /* write output block */ - bne 0b -CPU_LE( rev x8, x8 ) - st1 {v0.16b}, [x5] /* store mac */ - str x8, [x6, #8] /* store lsb end of ctr (BE) */ -5: ret - -6: eor v0.16b, v0.16b, v5.16b /* final round mac */ + st1 {v1.16b}, [x19], #16 /* write output block */ + beq 5f + + if_will_cond_yield_neon + st1 {v0.16b}, [x24] /* store mac */ + do_cond_yield_neon + ld1 {v0.16b}, [x24] /* reload mac */ + endif_yield_neon + + b 0b +5: +CPU_LE( rev x26, x26 ) + st1 {v0.16b}, [x24] /* store mac */ + str x26, [x25, #8] /* store lsb end of ctr (BE) */ + +6: frame_pop + ret + +7: eor v0.16b, v0.16b, v5.16b /* final round mac */ eor v1.16b, v1.16b, v5.16b /* final round enc */ - st1 {v0.16b}, [x5] /* store mac */ - add w2, w2, #16 /* process partial tail block */ -7: ldrb w9, [x1], #1 /* get 1 byte of input */ + st1 {v0.16b}, [x24] /* store mac */ + add w21, w21, #16 /* process partial tail block */ +8: ldrb w9, [x20], #1 /* get 1 byte of input */ umov w6, v1.b[0] /* get top crypted ctr byte */ umov w7, v0.b[0] /* get top mac byte */ .if \enc == 1 @@ -197,13 +237,13 @@ CPU_LE( rev x8, x8 ) eor w9, w9, w6 eor w7, w7, w9 .endif - strb w9, [x0], #1 /* store out byte */ - strb w7, [x5], #1 /* store mac byte */ - subs w2, w2, #1 - beq 5b + strb w9, [x19], #1 /* store out byte */ + strb w7, [x24], #1 /* store mac byte */ + subs w21, w21, #1 + beq 6b ext v0.16b, v0.16b, v0.16b, #1 /* shift out mac byte */ ext v1.16b, v1.16b, v1.16b, #1 /* shift out ctr byte */ - b 7b + b 8b .endm /* diff --git a/arch/arm64/crypto/aes-ce.S b/arch/arm64/crypto/aes-ce.S index 50330f5c3adc..623e74ed1c67 100644 --- a/arch/arm64/crypto/aes-ce.S +++ b/arch/arm64/crypto/aes-ce.S @@ -30,18 +30,21 @@ .endm /* prepare for encryption with key in rk[] */ - .macro enc_prepare, rounds, rk, ignore - load_round_keys \rounds, \rk + .macro enc_prepare, rounds, rk, temp + mov \temp, \rk + load_round_keys \rounds, \temp .endm /* prepare for encryption (again) but with new key in rk[] */ - .macro enc_switch_key, rounds, rk, ignore - load_round_keys \rounds, \rk + .macro enc_switch_key, rounds, rk, temp + mov \temp, \rk + load_round_keys \rounds, \temp .endm /* prepare for decryption with key in rk[] */ - .macro dec_prepare, rounds, rk, ignore - load_round_keys \rounds, \rk + .macro dec_prepare, rounds, rk, temp + mov \temp, \rk + load_round_keys \rounds, \temp .endm .macro do_enc_Nx, de, mc, k, i0, i1, i2, i3 diff --git a/arch/arm64/crypto/aes-modes.S b/arch/arm64/crypto/aes-modes.S index a68412e1e3a4..483a7130cf0e 100644 --- a/arch/arm64/crypto/aes-modes.S +++ b/arch/arm64/crypto/aes-modes.S @@ -14,12 +14,12 @@ .align 4 aes_encrypt_block4x: - encrypt_block4x v0, v1, v2, v3, w3, x2, x8, w7 + encrypt_block4x v0, v1, v2, v3, w22, x21, x8, w7 ret ENDPROC(aes_encrypt_block4x) aes_decrypt_block4x: - decrypt_block4x v0, v1, v2, v3, w3, x2, x8, w7 + decrypt_block4x v0, v1, v2, v3, w22, x21, x8, w7 ret ENDPROC(aes_decrypt_block4x) @@ -31,57 +31,71 @@ ENDPROC(aes_decrypt_block4x) */ AES_ENTRY(aes_ecb_encrypt) - stp x29, x30, [sp, #-16]! - mov x29, sp + frame_push 5 - enc_prepare w3, x2, x5 + mov x19, x0 + mov x20, x1 + mov x21, x2 + mov x22, x3 + mov x23, x4 + +.Lecbencrestart: + enc_prepare w22, x21, x5 .LecbencloopNx: - subs w4, w4, #4 + subs w23, w23, #4 bmi .Lecbenc1x - ld1 {v0.16b-v3.16b}, [x1], #64 /* get 4 pt blocks */ + ld1 {v0.16b-v3.16b}, [x20], #64 /* get 4 pt blocks */ bl aes_encrypt_block4x - st1 {v0.16b-v3.16b}, [x0], #64 + st1 {v0.16b-v3.16b}, [x19], #64 + cond_yield_neon .Lecbencrestart b .LecbencloopNx .Lecbenc1x: - adds w4, w4, #4 + adds w23, w23, #4 beq .Lecbencout .Lecbencloop: - ld1 {v0.16b}, [x1], #16 /* get next pt block */ - encrypt_block v0, w3, x2, x5, w6 - st1 {v0.16b}, [x0], #16 - subs w4, w4, #1 + ld1 {v0.16b}, [x20], #16 /* get next pt block */ + encrypt_block v0, w22, x21, x5, w6 + st1 {v0.16b}, [x19], #16 + subs w23, w23, #1 bne .Lecbencloop .Lecbencout: - ldp x29, x30, [sp], #16 + frame_pop ret AES_ENDPROC(aes_ecb_encrypt) AES_ENTRY(aes_ecb_decrypt) - stp x29, x30, [sp, #-16]! - mov x29, sp + frame_push 5 + + mov x19, x0 + mov x20, x1 + mov x21, x2 + mov x22, x3 + mov x23, x4 - dec_prepare w3, x2, x5 +.Lecbdecrestart: + dec_prepare w22, x21, x5 .LecbdecloopNx: - subs w4, w4, #4 + subs w23, w23, #4 bmi .Lecbdec1x - ld1 {v0.16b-v3.16b}, [x1], #64 /* get 4 ct blocks */ + ld1 {v0.16b-v3.16b}, [x20], #64 /* get 4 ct blocks */ bl aes_decrypt_block4x - st1 {v0.16b-v3.16b}, [x0], #64 + st1 {v0.16b-v3.16b}, [x19], #64 + cond_yield_neon .Lecbdecrestart b .LecbdecloopNx .Lecbdec1x: - adds w4, w4, #4 + adds w23, w23, #4 beq .Lecbdecout .Lecbdecloop: - ld1 {v0.16b}, [x1], #16 /* get next ct block */ - decrypt_block v0, w3, x2, x5, w6 - st1 {v0.16b}, [x0], #16 - subs w4, w4, #1 + ld1 {v0.16b}, [x20], #16 /* get next ct block */ + decrypt_block v0, w22, x21, x5, w6 + st1 {v0.16b}, [x19], #16 + subs w23, w23, #1 bne .Lecbdecloop .Lecbdecout: - ldp x29, x30, [sp], #16 + frame_pop ret AES_ENDPROC(aes_ecb_decrypt) @@ -94,78 +108,100 @@ AES_ENDPROC(aes_ecb_decrypt) */ AES_ENTRY(aes_cbc_encrypt) - ld1 {v4.16b}, [x5] /* get iv */ - enc_prepare w3, x2, x6 + frame_push 6 + + mov x19, x0 + mov x20, x1 + mov x21, x2 + mov x22, x3 + mov x23, x4 + mov x24, x5 + +.Lcbcencrestart: + ld1 {v4.16b}, [x24] /* get iv */ + enc_prepare w22, x21, x6 .Lcbcencloop4x: - subs w4, w4, #4 + subs w23, w23, #4 bmi .Lcbcenc1x - ld1 {v0.16b-v3.16b}, [x1], #64 /* get 4 pt blocks */ + ld1 {v0.16b-v3.16b}, [x20], #64 /* get 4 pt blocks */ eor v0.16b, v0.16b, v4.16b /* ..and xor with iv */ - encrypt_block v0, w3, x2, x6, w7 + encrypt_block v0, w22, x21, x6, w7 eor v1.16b, v1.16b, v0.16b - encrypt_block v1, w3, x2, x6, w7 + encrypt_block v1, w22, x21, x6, w7 eor v2.16b, v2.16b, v1.16b - encrypt_block v2, w3, x2, x6, w7 + encrypt_block v2, w22, x21, x6, w7 eor v3.16b, v3.16b, v2.16b - encrypt_block v3, w3, x2, x6, w7 - st1 {v0.16b-v3.16b}, [x0], #64 + encrypt_block v3, w22, x21, x6, w7 + st1 {v0.16b-v3.16b}, [x19], #64 mov v4.16b, v3.16b + st1 {v4.16b}, [x24] /* return iv */ + cond_yield_neon .Lcbcencrestart b .Lcbcencloop4x .Lcbcenc1x: - adds w4, w4, #4 + adds w23, w23, #4 beq .Lcbcencout .Lcbcencloop: - ld1 {v0.16b}, [x1], #16 /* get next pt block */ + ld1 {v0.16b}, [x20], #16 /* get next pt block */ eor v4.16b, v4.16b, v0.16b /* ..and xor with iv */ - encrypt_block v4, w3, x2, x6, w7 - st1 {v4.16b}, [x0], #16 - subs w4, w4, #1 + encrypt_block v4, w22, x21, x6, w7 + st1 {v4.16b}, [x19], #16 + subs w23, w23, #1 bne .Lcbcencloop .Lcbcencout: - st1 {v4.16b}, [x5] /* return iv */ + st1 {v4.16b}, [x24] /* return iv */ + frame_pop ret AES_ENDPROC(aes_cbc_encrypt) AES_ENTRY(aes_cbc_decrypt) - stp x29, x30, [sp, #-16]! - mov x29, sp + frame_push 6 + + mov x19, x0 + mov x20, x1 + mov x21, x2 + mov x22, x3 + mov x23, x4 + mov x24, x5 - ld1 {v7.16b}, [x5] /* get iv */ - dec_prepare w3, x2, x6 +.Lcbcdecrestart: + ld1 {v7.16b}, [x24] /* get iv */ + dec_prepare w22, x21, x6 .LcbcdecloopNx: - subs w4, w4, #4 + subs w23, w23, #4 bmi .Lcbcdec1x - ld1 {v0.16b-v3.16b}, [x1], #64 /* get 4 ct blocks */ + ld1 {v0.16b-v3.16b}, [x20], #64 /* get 4 ct blocks */ mov v4.16b, v0.16b mov v5.16b, v1.16b mov v6.16b, v2.16b bl aes_decrypt_block4x - sub x1, x1, #16 + sub x20, x20, #16 eor v0.16b, v0.16b, v7.16b eor v1.16b, v1.16b, v4.16b - ld1 {v7.16b}, [x1], #16 /* reload 1 ct block */ + ld1 {v7.16b}, [x20], #16 /* reload 1 ct block */ eor v2.16b, v2.16b, v5.16b eor v3.16b, v3.16b, v6.16b - st1 {v0.16b-v3.16b}, [x0], #64 + st1 {v0.16b-v3.16b}, [x19], #64 + st1 {v7.16b}, [x24] /* return iv */ + cond_yield_neon .Lcbcdecrestart b .LcbcdecloopNx .Lcbcdec1x: - adds w4, w4, #4 + adds w23, w23, #4 beq .Lcbcdecout .Lcbcdecloop: - ld1 {v1.16b}, [x1], #16 /* get next ct block */ + ld1 {v1.16b}, [x20], #16 /* get next ct block */ mov v0.16b, v1.16b /* ...and copy to v0 */ - decrypt_block v0, w3, x2, x6, w7 + decrypt_block v0, w22, x21, x6, w7 eor v0.16b, v0.16b, v7.16b /* xor with iv => pt */ mov v7.16b, v1.16b /* ct is next iv */ - st1 {v0.16b}, [x0], #16 - subs w4, w4, #1 + st1 {v0.16b}, [x19], #16 + subs w23, w23, #1 bne .Lcbcdecloop .Lcbcdecout: - st1 {v7.16b}, [x5] /* return iv */ - ldp x29, x30, [sp], #16 + st1 {v7.16b}, [x24] /* return iv */ + frame_pop ret AES_ENDPROC(aes_cbc_decrypt) @@ -176,19 +212,26 @@ AES_ENDPROC(aes_cbc_decrypt) */ AES_ENTRY(aes_ctr_encrypt) - stp x29, x30, [sp, #-16]! - mov x29, sp + frame_push 6 - enc_prepare w3, x2, x6 - ld1 {v4.16b}, [x5] + mov x19, x0 + mov x20, x1 + mov x21, x2 + mov x22, x3 + mov x23, x4 + mov x24, x5 + +.Lctrrestart: + enc_prepare w22, x21, x6 + ld1 {v4.16b}, [x24] umov x6, v4.d[1] /* keep swabbed ctr in reg */ rev x6, x6 - cmn w6, w4 /* 32 bit overflow? */ - bcs .Lctrloop .LctrloopNx: - subs w4, w4, #4 + subs w23, w23, #4 bmi .Lctr1x + cmn w6, #4 /* 32 bit overflow? */ + bcs .Lctr1x ldr q8, =0x30000000200000001 /* addends 1,2,3[,0] */ dup v7.4s, w6 mov v0.16b, v4.16b @@ -200,25 +243,27 @@ AES_ENTRY(aes_ctr_encrypt) mov v1.s[3], v8.s[0] mov v2.s[3], v8.s[1] mov v3.s[3], v8.s[2] - ld1 {v5.16b-v7.16b}, [x1], #48 /* get 3 input blocks */ + ld1 {v5.16b-v7.16b}, [x20], #48 /* get 3 input blocks */ bl aes_encrypt_block4x eor v0.16b, v5.16b, v0.16b - ld1 {v5.16b}, [x1], #16 /* get 1 input block */ + ld1 {v5.16b}, [x20], #16 /* get 1 input block */ eor v1.16b, v6.16b, v1.16b eor v2.16b, v7.16b, v2.16b eor v3.16b, v5.16b, v3.16b - st1 {v0.16b-v3.16b}, [x0], #64 + st1 {v0.16b-v3.16b}, [x19], #64 add x6, x6, #4 rev x7, x6 ins v4.d[1], x7 - cbz w4, .Lctrout + cbz w23, .Lctrout + st1 {v4.16b}, [x24] /* return next CTR value */ + cond_yield_neon .Lctrrestart b .LctrloopNx .Lctr1x: - adds w4, w4, #4 + adds w23, w23, #4 beq .Lctrout .Lctrloop: mov v0.16b, v4.16b - encrypt_block v0, w3, x2, x8, w7 + encrypt_block v0, w22, x21, x8, w7 adds x6, x6, #1 /* increment BE ctr */ rev x7, x6 @@ -226,22 +271,22 @@ AES_ENTRY(aes_ctr_encrypt) bcs .Lctrcarry /* overflow? */ .Lctrcarrydone: - subs w4, w4, #1 + subs w23, w23, #1 bmi .Lctrtailblock /* blocks <0 means tail block */ - ld1 {v3.16b}, [x1], #16 + ld1 {v3.16b}, [x20], #16 eor v3.16b, v0.16b, v3.16b - st1 {v3.16b}, [x0], #16 + st1 {v3.16b}, [x19], #16 bne .Lctrloop .Lctrout: - st1 {v4.16b}, [x5] /* return next CTR value */ - ldp x29, x30, [sp], #16 + st1 {v4.16b}, [x24] /* return next CTR value */ +.Lctrret: + frame_pop ret .Lctrtailblock: - st1 {v0.16b}, [x0] - ldp x29, x30, [sp], #16 - ret + st1 {v0.16b}, [x19] + b .Lctrret .Lctrcarry: umov x7, v4.d[0] /* load upper word of ctr */ @@ -274,10 +319,16 @@ CPU_LE( .quad 1, 0x87 ) CPU_BE( .quad 0x87, 1 ) AES_ENTRY(aes_xts_encrypt) - stp x29, x30, [sp, #-16]! - mov x29, sp + frame_push 6 + + mov x19, x0 + mov x20, x1 + mov x21, x2 + mov x22, x3 + mov x23, x4 + mov x24, x6 - ld1 {v4.16b}, [x6] + ld1 {v4.16b}, [x24] cbz w7, .Lxtsencnotfirst enc_prepare w3, x5, x8 @@ -286,15 +337,17 @@ AES_ENTRY(aes_xts_encrypt) ldr q7, .Lxts_mul_x b .LxtsencNx +.Lxtsencrestart: + ld1 {v4.16b}, [x24] .Lxtsencnotfirst: - enc_prepare w3, x2, x8 + enc_prepare w22, x21, x8 .LxtsencloopNx: ldr q7, .Lxts_mul_x next_tweak v4, v4, v7, v8 .LxtsencNx: - subs w4, w4, #4 + subs w23, w23, #4 bmi .Lxtsenc1x - ld1 {v0.16b-v3.16b}, [x1], #64 /* get 4 pt blocks */ + ld1 {v0.16b-v3.16b}, [x20], #64 /* get 4 pt blocks */ next_tweak v5, v4, v7, v8 eor v0.16b, v0.16b, v4.16b next_tweak v6, v5, v7, v8 @@ -307,35 +360,43 @@ AES_ENTRY(aes_xts_encrypt) eor v0.16b, v0.16b, v4.16b eor v1.16b, v1.16b, v5.16b eor v2.16b, v2.16b, v6.16b - st1 {v0.16b-v3.16b}, [x0], #64 + st1 {v0.16b-v3.16b}, [x19], #64 mov v4.16b, v7.16b - cbz w4, .Lxtsencout + cbz w23, .Lxtsencout + st1 {v4.16b}, [x24] + cond_yield_neon .Lxtsencrestart b .LxtsencloopNx .Lxtsenc1x: - adds w4, w4, #4 + adds w23, w23, #4 beq .Lxtsencout .Lxtsencloop: - ld1 {v1.16b}, [x1], #16 + ld1 {v1.16b}, [x20], #16 eor v0.16b, v1.16b, v4.16b - encrypt_block v0, w3, x2, x8, w7 + encrypt_block v0, w22, x21, x8, w7 eor v0.16b, v0.16b, v4.16b - st1 {v0.16b}, [x0], #16 - subs w4, w4, #1 + st1 {v0.16b}, [x19], #16 + subs w23, w23, #1 beq .Lxtsencout next_tweak v4, v4, v7, v8 b .Lxtsencloop .Lxtsencout: - st1 {v4.16b}, [x6] - ldp x29, x30, [sp], #16 + st1 {v4.16b}, [x24] + frame_pop ret AES_ENDPROC(aes_xts_encrypt) AES_ENTRY(aes_xts_decrypt) - stp x29, x30, [sp, #-16]! - mov x29, sp + frame_push 6 - ld1 {v4.16b}, [x6] + mov x19, x0 + mov x20, x1 + mov x21, x2 + mov x22, x3 + mov x23, x4 + mov x24, x6 + + ld1 {v4.16b}, [x24] cbz w7, .Lxtsdecnotfirst enc_prepare w3, x5, x8 @@ -344,15 +405,17 @@ AES_ENTRY(aes_xts_decrypt) ldr q7, .Lxts_mul_x b .LxtsdecNx +.Lxtsdecrestart: + ld1 {v4.16b}, [x24] .Lxtsdecnotfirst: - dec_prepare w3, x2, x8 + dec_prepare w22, x21, x8 .LxtsdecloopNx: ldr q7, .Lxts_mul_x next_tweak v4, v4, v7, v8 .LxtsdecNx: - subs w4, w4, #4 + subs w23, w23, #4 bmi .Lxtsdec1x - ld1 {v0.16b-v3.16b}, [x1], #64 /* get 4 ct blocks */ + ld1 {v0.16b-v3.16b}, [x20], #64 /* get 4 ct blocks */ next_tweak v5, v4, v7, v8 eor v0.16b, v0.16b, v4.16b next_tweak v6, v5, v7, v8 @@ -365,26 +428,28 @@ AES_ENTRY(aes_xts_decrypt) eor v0.16b, v0.16b, v4.16b eor v1.16b, v1.16b, v5.16b eor v2.16b, v2.16b, v6.16b - st1 {v0.16b-v3.16b}, [x0], #64 + st1 {v0.16b-v3.16b}, [x19], #64 mov v4.16b, v7.16b - cbz w4, .Lxtsdecout + cbz w23, .Lxtsdecout + st1 {v4.16b}, [x24] + cond_yield_neon .Lxtsdecrestart b .LxtsdecloopNx .Lxtsdec1x: - adds w4, w4, #4 + adds w23, w23, #4 beq .Lxtsdecout .Lxtsdecloop: - ld1 {v1.16b}, [x1], #16 + ld1 {v1.16b}, [x20], #16 eor v0.16b, v1.16b, v4.16b - decrypt_block v0, w3, x2, x8, w7 + decrypt_block v0, w22, x21, x8, w7 eor v0.16b, v0.16b, v4.16b - st1 {v0.16b}, [x0], #16 - subs w4, w4, #1 + st1 {v0.16b}, [x19], #16 + subs w23, w23, #1 beq .Lxtsdecout next_tweak v4, v4, v7, v8 b .Lxtsdecloop .Lxtsdecout: - st1 {v4.16b}, [x6] - ldp x29, x30, [sp], #16 + st1 {v4.16b}, [x24] + frame_pop ret AES_ENDPROC(aes_xts_decrypt) @@ -393,43 +458,61 @@ AES_ENDPROC(aes_xts_decrypt) * int blocks, u8 dg[], int enc_before, int enc_after) */ AES_ENTRY(aes_mac_update) - ld1 {v0.16b}, [x4] /* get dg */ + frame_push 6 + + mov x19, x0 + mov x20, x1 + mov x21, x2 + mov x22, x3 + mov x23, x4 + mov x24, x6 + + ld1 {v0.16b}, [x23] /* get dg */ enc_prepare w2, x1, x7 cbz w5, .Lmacloop4x encrypt_block v0, w2, x1, x7, w8 .Lmacloop4x: - subs w3, w3, #4 + subs w22, w22, #4 bmi .Lmac1x - ld1 {v1.16b-v4.16b}, [x0], #64 /* get next pt block */ + ld1 {v1.16b-v4.16b}, [x19], #64 /* get next pt block */ eor v0.16b, v0.16b, v1.16b /* ..and xor with dg */ - encrypt_block v0, w2, x1, x7, w8 + encrypt_block v0, w21, x20, x7, w8 eor v0.16b, v0.16b, v2.16b - encrypt_block v0, w2, x1, x7, w8 + encrypt_block v0, w21, x20, x7, w8 eor v0.16b, v0.16b, v3.16b - encrypt_block v0, w2, x1, x7, w8 + encrypt_block v0, w21, x20, x7, w8 eor v0.16b, v0.16b, v4.16b - cmp w3, wzr - csinv x5, x6, xzr, eq + cmp w22, wzr + csinv x5, x24, xzr, eq cbz w5, .Lmacout - encrypt_block v0, w2, x1, x7, w8 + encrypt_block v0, w21, x20, x7, w8 + st1 {v0.16b}, [x23] /* return dg */ + cond_yield_neon .Lmacrestart b .Lmacloop4x .Lmac1x: - add w3, w3, #4 + add w22, w22, #4 .Lmacloop: - cbz w3, .Lmacout - ld1 {v1.16b}, [x0], #16 /* get next pt block */ + cbz w22, .Lmacout + ld1 {v1.16b}, [x19], #16 /* get next pt block */ eor v0.16b, v0.16b, v1.16b /* ..and xor with dg */ - subs w3, w3, #1 - csinv x5, x6, xzr, eq + subs w22, w22, #1 + csinv x5, x24, xzr, eq cbz w5, .Lmacout - encrypt_block v0, w2, x1, x7, w8 +.Lmacenc: + encrypt_block v0, w21, x20, x7, w8 b .Lmacloop .Lmacout: - st1 {v0.16b}, [x4] /* return dg */ + st1 {v0.16b}, [x23] /* return dg */ + frame_pop ret + +.Lmacrestart: + ld1 {v0.16b}, [x23] /* get dg */ + enc_prepare w21, x20, x0 + b .Lmacloop4x AES_ENDPROC(aes_mac_update) diff --git a/arch/arm64/crypto/aes-neonbs-core.S b/arch/arm64/crypto/aes-neonbs-core.S index ca0472500433..e613a87f8b53 100644 --- a/arch/arm64/crypto/aes-neonbs-core.S +++ b/arch/arm64/crypto/aes-neonbs-core.S @@ -565,54 +565,61 @@ ENDPROC(aesbs_decrypt8) * int blocks) */ .macro __ecb_crypt, do8, o0, o1, o2, o3, o4, o5, o6, o7 - stp x29, x30, [sp, #-16]! - mov x29, sp + frame_push 5 + + mov x19, x0 + mov x20, x1 + mov x21, x2 + mov x22, x3 + mov x23, x4 99: mov x5, #1 - lsl x5, x5, x4 - subs w4, w4, #8 - csel x4, x4, xzr, pl + lsl x5, x5, x23 + subs w23, w23, #8 + csel x23, x23, xzr, pl csel x5, x5, xzr, mi - ld1 {v0.16b}, [x1], #16 + ld1 {v0.16b}, [x20], #16 tbnz x5, #1, 0f - ld1 {v1.16b}, [x1], #16 + ld1 {v1.16b}, [x20], #16 tbnz x5, #2, 0f - ld1 {v2.16b}, [x1], #16 + ld1 {v2.16b}, [x20], #16 tbnz x5, #3, 0f - ld1 {v3.16b}, [x1], #16 + ld1 {v3.16b}, [x20], #16 tbnz x5, #4, 0f - ld1 {v4.16b}, [x1], #16 + ld1 {v4.16b}, [x20], #16 tbnz x5, #5, 0f - ld1 {v5.16b}, [x1], #16 + ld1 {v5.16b}, [x20], #16 tbnz x5, #6, 0f - ld1 {v6.16b}, [x1], #16 + ld1 {v6.16b}, [x20], #16 tbnz x5, #7, 0f - ld1 {v7.16b}, [x1], #16 + ld1 {v7.16b}, [x20], #16 -0: mov bskey, x2 - mov rounds, x3 +0: mov bskey, x21 + mov rounds, x22 bl \do8 - st1 {\o0\().16b}, [x0], #16 + st1 {\o0\().16b}, [x19], #16 tbnz x5, #1, 1f - st1 {\o1\().16b}, [x0], #16 + st1 {\o1\().16b}, [x19], #16 tbnz x5, #2, 1f - st1 {\o2\().16b}, [x0], #16 + st1 {\o2\().16b}, [x19], #16 tbnz x5, #3, 1f - st1 {\o3\().16b}, [x0], #16 + st1 {\o3\().16b}, [x19], #16 tbnz x5, #4, 1f - st1 {\o4\().16b}, [x0], #16 + st1 {\o4\().16b}, [x19], #16 tbnz x5, #5, 1f - st1 {\o5\().16b}, [x0], #16 + st1 {\o5\().16b}, [x19], #16 tbnz x5, #6, 1f - st1 {\o6\().16b}, [x0], #16 + st1 {\o6\().16b}, [x19], #16 tbnz x5, #7, 1f - st1 {\o7\().16b}, [x0], #16 + st1 {\o7\().16b}, [x19], #16 - cbnz x4, 99b + cbz x23, 1f + cond_yield_neon + b 99b -1: ldp x29, x30, [sp], #16 +1: frame_pop ret .endm @@ -632,43 +639,49 @@ ENDPROC(aesbs_ecb_decrypt) */ .align 4 ENTRY(aesbs_cbc_decrypt) - stp x29, x30, [sp, #-16]! - mov x29, sp + frame_push 6 + + mov x19, x0 + mov x20, x1 + mov x21, x2 + mov x22, x3 + mov x23, x4 + mov x24, x5 99: mov x6, #1 - lsl x6, x6, x4 - subs w4, w4, #8 - csel x4, x4, xzr, pl + lsl x6, x6, x23 + subs w23, w23, #8 + csel x23, x23, xzr, pl csel x6, x6, xzr, mi - ld1 {v0.16b}, [x1], #16 + ld1 {v0.16b}, [x20], #16 mov v25.16b, v0.16b tbnz x6, #1, 0f - ld1 {v1.16b}, [x1], #16 + ld1 {v1.16b}, [x20], #16 mov v26.16b, v1.16b tbnz x6, #2, 0f - ld1 {v2.16b}, [x1], #16 + ld1 {v2.16b}, [x20], #16 mov v27.16b, v2.16b tbnz x6, #3, 0f - ld1 {v3.16b}, [x1], #16 + ld1 {v3.16b}, [x20], #16 mov v28.16b, v3.16b tbnz x6, #4, 0f - ld1 {v4.16b}, [x1], #16 + ld1 {v4.16b}, [x20], #16 mov v29.16b, v4.16b tbnz x6, #5, 0f - ld1 {v5.16b}, [x1], #16 + ld1 {v5.16b}, [x20], #16 mov v30.16b, v5.16b tbnz x6, #6, 0f - ld1 {v6.16b}, [x1], #16 + ld1 {v6.16b}, [x20], #16 mov v31.16b, v6.16b tbnz x6, #7, 0f - ld1 {v7.16b}, [x1] + ld1 {v7.16b}, [x20] -0: mov bskey, x2 - mov rounds, x3 +0: mov bskey, x21 + mov rounds, x22 bl aesbs_decrypt8 - ld1 {v24.16b}, [x5] // load IV + ld1 {v24.16b}, [x24] // load IV eor v1.16b, v1.16b, v25.16b eor v6.16b, v6.16b, v26.16b @@ -679,34 +692,36 @@ ENTRY(aesbs_cbc_decrypt) eor v3.16b, v3.16b, v30.16b eor v5.16b, v5.16b, v31.16b - st1 {v0.16b}, [x0], #16 + st1 {v0.16b}, [x19], #16 mov v24.16b, v25.16b tbnz x6, #1, 1f - st1 {v1.16b}, [x0], #16 + st1 {v1.16b}, [x19], #16 mov v24.16b, v26.16b tbnz x6, #2, 1f - st1 {v6.16b}, [x0], #16 + st1 {v6.16b}, [x19], #16 mov v24.16b, v27.16b tbnz x6, #3, 1f - st1 {v4.16b}, [x0], #16 + st1 {v4.16b}, [x19], #16 mov v24.16b, v28.16b tbnz x6, #4, 1f - st1 {v2.16b}, [x0], #16 + st1 {v2.16b}, [x19], #16 mov v24.16b, v29.16b tbnz x6, #5, 1f - st1 {v7.16b}, [x0], #16 + st1 {v7.16b}, [x19], #16 mov v24.16b, v30.16b tbnz x6, #6, 1f - st1 {v3.16b}, [x0], #16 + st1 {v3.16b}, [x19], #16 mov v24.16b, v31.16b tbnz x6, #7, 1f - ld1 {v24.16b}, [x1], #16 - st1 {v5.16b}, [x0], #16 -1: st1 {v24.16b}, [x5] // store IV + ld1 {v24.16b}, [x20], #16 + st1 {v5.16b}, [x19], #16 +1: st1 {v24.16b}, [x24] // store IV - cbnz x4, 99b + cbz x23, 2f + cond_yield_neon + b 99b - ldp x29, x30, [sp], #16 +2: frame_pop ret ENDPROC(aesbs_cbc_decrypt) @@ -731,87 +746,93 @@ CPU_BE( .quad 0x87, 1 ) */ __xts_crypt8: mov x6, #1 - lsl x6, x6, x4 - subs w4, w4, #8 - csel x4, x4, xzr, pl + lsl x6, x6, x23 + subs w23, w23, #8 + csel x23, x23, xzr, pl csel x6, x6, xzr, mi - ld1 {v0.16b}, [x1], #16 + ld1 {v0.16b}, [x20], #16 next_tweak v26, v25, v30, v31 eor v0.16b, v0.16b, v25.16b tbnz x6, #1, 0f - ld1 {v1.16b}, [x1], #16 + ld1 {v1.16b}, [x20], #16 next_tweak v27, v26, v30, v31 eor v1.16b, v1.16b, v26.16b tbnz x6, #2, 0f - ld1 {v2.16b}, [x1], #16 + ld1 {v2.16b}, [x20], #16 next_tweak v28, v27, v30, v31 eor v2.16b, v2.16b, v27.16b tbnz x6, #3, 0f - ld1 {v3.16b}, [x1], #16 + ld1 {v3.16b}, [x20], #16 next_tweak v29, v28, v30, v31 eor v3.16b, v3.16b, v28.16b tbnz x6, #4, 0f - ld1 {v4.16b}, [x1], #16 - str q29, [sp, #16] + ld1 {v4.16b}, [x20], #16 + str q29, [sp, #.Lframe_local_offset] eor v4.16b, v4.16b, v29.16b next_tweak v29, v29, v30, v31 tbnz x6, #5, 0f - ld1 {v5.16b}, [x1], #16 - str q29, [sp, #32] + ld1 {v5.16b}, [x20], #16 + str q29, [sp, #.Lframe_local_offset + 16] eor v5.16b, v5.16b, v29.16b next_tweak v29, v29, v30, v31 tbnz x6, #6, 0f - ld1 {v6.16b}, [x1], #16 - str q29, [sp, #48] + ld1 {v6.16b}, [x20], #16 + str q29, [sp, #.Lframe_local_offset + 32] eor v6.16b, v6.16b, v29.16b next_tweak v29, v29, v30, v31 tbnz x6, #7, 0f - ld1 {v7.16b}, [x1], #16 - str q29, [sp, #64] + ld1 {v7.16b}, [x20], #16 + str q29, [sp, #.Lframe_local_offset + 48] eor v7.16b, v7.16b, v29.16b next_tweak v29, v29, v30, v31 -0: mov bskey, x2 - mov rounds, x3 +0: mov bskey, x21 + mov rounds, x22 br x7 ENDPROC(__xts_crypt8) .macro __xts_crypt, do8, o0, o1, o2, o3, o4, o5, o6, o7 - stp x29, x30, [sp, #-80]! - mov x29, sp + frame_push 6, 64 - ldr q30, .Lxts_mul_x - ld1 {v25.16b}, [x5] + mov x19, x0 + mov x20, x1 + mov x21, x2 + mov x22, x3 + mov x23, x4 + mov x24, x5 + +0: ldr q30, .Lxts_mul_x + ld1 {v25.16b}, [x24] 99: adr x7, \do8 bl __xts_crypt8 - ldp q16, q17, [sp, #16] - ldp q18, q19, [sp, #48] + ldp q16, q17, [sp, #.Lframe_local_offset] + ldp q18, q19, [sp, #.Lframe_local_offset + 32] eor \o0\().16b, \o0\().16b, v25.16b eor \o1\().16b, \o1\().16b, v26.16b eor \o2\().16b, \o2\().16b, v27.16b eor \o3\().16b, \o3\().16b, v28.16b - st1 {\o0\().16b}, [x0], #16 + st1 {\o0\().16b}, [x19], #16 mov v25.16b, v26.16b tbnz x6, #1, 1f - st1 {\o1\().16b}, [x0], #16 + st1 {\o1\().16b}, [x19], #16 mov v25.16b, v27.16b tbnz x6, #2, 1f - st1 {\o2\().16b}, [x0], #16 + st1 {\o2\().16b}, [x19], #16 mov v25.16b, v28.16b tbnz x6, #3, 1f - st1 {\o3\().16b}, [x0], #16 + st1 {\o3\().16b}, [x19], #16 mov v25.16b, v29.16b tbnz x6, #4, 1f @@ -820,18 +841,22 @@ ENDPROC(__xts_crypt8) eor \o6\().16b, \o6\().16b, v18.16b eor \o7\().16b, \o7\().16b, v19.16b - st1 {\o4\().16b}, [x0], #16 + st1 {\o4\().16b}, [x19], #16 tbnz x6, #5, 1f - st1 {\o5\().16b}, [x0], #16 + st1 {\o5\().16b}, [x19], #16 tbnz x6, #6, 1f - st1 {\o6\().16b}, [x0], #16 + st1 {\o6\().16b}, [x19], #16 tbnz x6, #7, 1f - st1 {\o7\().16b}, [x0], #16 + st1 {\o7\().16b}, [x19], #16 + + cbz x23, 1f + st1 {v25.16b}, [x24] - cbnz x4, 99b + cond_yield_neon 0b + b 99b -1: st1 {v25.16b}, [x5] - ldp x29, x30, [sp], #80 +1: st1 {v25.16b}, [x24] + frame_pop ret .endm @@ -856,24 +881,31 @@ ENDPROC(aesbs_xts_decrypt) * int rounds, int blocks, u8 iv[], u8 final[]) */ ENTRY(aesbs_ctr_encrypt) - stp x29, x30, [sp, #-16]! - mov x29, sp - - cmp x6, #0 - cset x10, ne - add x4, x4, x10 // do one extra block if final - - ldp x7, x8, [x5] - ld1 {v0.16b}, [x5] + frame_push 8 + + mov x19, x0 + mov x20, x1 + mov x21, x2 + mov x22, x3 + mov x23, x4 + mov x24, x5 + mov x25, x6 + + cmp x25, #0 + cset x26, ne + add x23, x23, x26 // do one extra block if final + +98: ldp x7, x8, [x24] + ld1 {v0.16b}, [x24] CPU_LE( rev x7, x7 ) CPU_LE( rev x8, x8 ) adds x8, x8, #1 adc x7, x7, xzr 99: mov x9, #1 - lsl x9, x9, x4 - subs w4, w4, #8 - csel x4, x4, xzr, pl + lsl x9, x9, x23 + subs w23, w23, #8 + csel x23, x23, xzr, pl csel x9, x9, xzr, le tbnz x9, #1, 0f @@ -891,82 +923,85 @@ CPU_LE( rev x8, x8 ) tbnz x9, #7, 0f next_ctr v7 -0: mov bskey, x2 - mov rounds, x3 +0: mov bskey, x21 + mov rounds, x22 bl aesbs_encrypt8 - lsr x9, x9, x10 // disregard the extra block + lsr x9, x9, x26 // disregard the extra block tbnz x9, #0, 0f - ld1 {v8.16b}, [x1], #16 + ld1 {v8.16b}, [x20], #16 eor v0.16b, v0.16b, v8.16b - st1 {v0.16b}, [x0], #16 + st1 {v0.16b}, [x19], #16 tbnz x9, #1, 1f - ld1 {v9.16b}, [x1], #16 + ld1 {v9.16b}, [x20], #16 eor v1.16b, v1.16b, v9.16b - st1 {v1.16b}, [x0], #16 + st1 {v1.16b}, [x19], #16 tbnz x9, #2, 2f - ld1 {v10.16b}, [x1], #16 + ld1 {v10.16b}, [x20], #16 eor v4.16b, v4.16b, v10.16b - st1 {v4.16b}, [x0], #16 + st1 {v4.16b}, [x19], #16 tbnz x9, #3, 3f - ld1 {v11.16b}, [x1], #16 + ld1 {v11.16b}, [x20], #16 eor v6.16b, v6.16b, v11.16b - st1 {v6.16b}, [x0], #16 + st1 {v6.16b}, [x19], #16 tbnz x9, #4, 4f - ld1 {v12.16b}, [x1], #16 + ld1 {v12.16b}, [x20], #16 eor v3.16b, v3.16b, v12.16b - st1 {v3.16b}, [x0], #16 + st1 {v3.16b}, [x19], #16 tbnz x9, #5, 5f - ld1 {v13.16b}, [x1], #16 + ld1 {v13.16b}, [x20], #16 eor v7.16b, v7.16b, v13.16b - st1 {v7.16b}, [x0], #16 + st1 {v7.16b}, [x19], #16 tbnz x9, #6, 6f - ld1 {v14.16b}, [x1], #16 + ld1 {v14.16b}, [x20], #16 eor v2.16b, v2.16b, v14.16b - st1 {v2.16b}, [x0], #16 + st1 {v2.16b}, [x19], #16 tbnz x9, #7, 7f - ld1 {v15.16b}, [x1], #16 + ld1 {v15.16b}, [x20], #16 eor v5.16b, v5.16b, v15.16b - st1 {v5.16b}, [x0], #16 + st1 {v5.16b}, [x19], #16 8: next_ctr v0 - cbnz x4, 99b + st1 {v0.16b}, [x24] + cbz x23, 0f + + cond_yield_neon 98b + b 99b -0: st1 {v0.16b}, [x5] - ldp x29, x30, [sp], #16 +0: frame_pop ret /* * If we are handling the tail of the input (x6 != NULL), return the * final keystream block back to the caller. */ -1: cbz x6, 8b - st1 {v1.16b}, [x6] +1: cbz x25, 8b + st1 {v1.16b}, [x25] b 8b -2: cbz x6, 8b - st1 {v4.16b}, [x6] +2: cbz x25, 8b + st1 {v4.16b}, [x25] b 8b -3: cbz x6, 8b - st1 {v6.16b}, [x6] +3: cbz x25, 8b + st1 {v6.16b}, [x25] b 8b -4: cbz x6, 8b - st1 {v3.16b}, [x6] +4: cbz x25, 8b + st1 {v3.16b}, [x25] b 8b -5: cbz x6, 8b - st1 {v7.16b}, [x6] +5: cbz x25, 8b + st1 {v7.16b}, [x25] b 8b -6: cbz x6, 8b - st1 {v2.16b}, [x6] +6: cbz x25, 8b + st1 {v2.16b}, [x25] b 8b -7: cbz x6, 8b - st1 {v5.16b}, [x6] +7: cbz x25, 8b + st1 {v5.16b}, [x25] b 8b ENDPROC(aesbs_ctr_encrypt) diff --git a/arch/arm64/crypto/crc32-ce-core.S b/arch/arm64/crypto/crc32-ce-core.S index 16ed3c7ebd37..8061bf0f9c66 100644 --- a/arch/arm64/crypto/crc32-ce-core.S +++ b/arch/arm64/crypto/crc32-ce-core.S @@ -100,9 +100,10 @@ dCONSTANT .req d0 qCONSTANT .req q0 - BUF .req x0 - LEN .req x1 - CRC .req x2 + BUF .req x19 + LEN .req x20 + CRC .req x21 + CONST .req x22 vzr .req v9 @@ -123,7 +124,14 @@ ENTRY(crc32_pmull_le) ENTRY(crc32c_pmull_le) adr_l x3, .Lcrc32c_constants -0: bic LEN, LEN, #15 +0: frame_push 4, 64 + + mov BUF, x0 + mov LEN, x1 + mov CRC, x2 + mov CONST, x3 + + bic LEN, LEN, #15 ld1 {v1.16b-v4.16b}, [BUF], #0x40 movi vzr.16b, #0 fmov dCONSTANT, CRC @@ -132,7 +140,7 @@ ENTRY(crc32c_pmull_le) cmp LEN, #0x40 b.lt less_64 - ldr qCONSTANT, [x3] + ldr qCONSTANT, [CONST] loop_64: /* 64 bytes Full cache line folding */ sub LEN, LEN, #0x40 @@ -162,10 +170,21 @@ loop_64: /* 64 bytes Full cache line folding */ eor v4.16b, v4.16b, v8.16b cmp LEN, #0x40 - b.ge loop_64 + b.lt less_64 + + if_will_cond_yield_neon + stp q1, q2, [sp, #.Lframe_local_offset] + stp q3, q4, [sp, #.Lframe_local_offset + 32] + do_cond_yield_neon + ldp q1, q2, [sp, #.Lframe_local_offset] + ldp q3, q4, [sp, #.Lframe_local_offset + 32] + ldr qCONSTANT, [CONST] + movi vzr.16b, #0 + endif_yield_neon + b loop_64 less_64: /* Folding cache line into 128bit */ - ldr qCONSTANT, [x3, #16] + ldr qCONSTANT, [CONST, #16] pmull2 v5.1q, v1.2d, vCONSTANT.2d pmull v1.1q, v1.1d, vCONSTANT.1d @@ -204,8 +223,8 @@ fold_64: eor v1.16b, v1.16b, v2.16b /* final 32-bit fold */ - ldr dCONSTANT, [x3, #32] - ldr d3, [x3, #40] + ldr dCONSTANT, [CONST, #32] + ldr d3, [CONST, #40] ext v2.16b, v1.16b, vzr.16b, #4 and v1.16b, v1.16b, v3.16b @@ -213,7 +232,7 @@ fold_64: eor v1.16b, v1.16b, v2.16b /* Finish up with the bit-reversed barrett reduction 64 ==> 32 bits */ - ldr qCONSTANT, [x3, #48] + ldr qCONSTANT, [CONST, #48] and v2.16b, v1.16b, v3.16b ext v2.16b, vzr.16b, v2.16b, #8 @@ -223,6 +242,7 @@ fold_64: eor v1.16b, v1.16b, v2.16b mov w0, v1.s[1] + frame_pop ret ENDPROC(crc32_pmull_le) ENDPROC(crc32c_pmull_le) diff --git a/arch/arm64/crypto/crct10dif-ce-core.S b/arch/arm64/crypto/crct10dif-ce-core.S index f179c01bd55c..663ea71cdb38 100644 --- a/arch/arm64/crypto/crct10dif-ce-core.S +++ b/arch/arm64/crypto/crct10dif-ce-core.S @@ -74,13 +74,19 @@ .text .cpu generic+crypto - arg1_low32 .req w0 - arg2 .req x1 - arg3 .req x2 + arg1_low32 .req w19 + arg2 .req x20 + arg3 .req x21 vzr .req v13 ENTRY(crc_t10dif_pmull) + frame_push 3, 128 + + mov arg1_low32, w0 + mov arg2, x1 + mov arg3, x2 + movi vzr.16b, #0 // init zero register // adjust the 16-bit initial_crc value, scale it to 32 bits @@ -175,8 +181,25 @@ CPU_LE( ext v12.16b, v12.16b, v12.16b, #8 ) subs arg3, arg3, #128 // check if there is another 64B in the buffer to be able to fold - b.ge _fold_64_B_loop + b.lt _fold_64_B_end + + if_will_cond_yield_neon + stp q0, q1, [sp, #.Lframe_local_offset] + stp q2, q3, [sp, #.Lframe_local_offset + 32] + stp q4, q5, [sp, #.Lframe_local_offset + 64] + stp q6, q7, [sp, #.Lframe_local_offset + 96] + do_cond_yield_neon + ldp q0, q1, [sp, #.Lframe_local_offset] + ldp q2, q3, [sp, #.Lframe_local_offset + 32] + ldp q4, q5, [sp, #.Lframe_local_offset + 64] + ldp q6, q7, [sp, #.Lframe_local_offset + 96] + ldr_l q10, rk3, x8 + movi vzr.16b, #0 // init zero register + endif_yield_neon + + b _fold_64_B_loop +_fold_64_B_end: // at this point, the buffer pointer is pointing at the last y Bytes // of the buffer the 64B of folded data is in 4 of the vector // registers: v0, v1, v2, v3 @@ -304,6 +327,7 @@ _barrett: _cleanup: // scale the result back to 16 bits lsr x0, x0, #16 + frame_pop ret _less_than_128: diff --git a/arch/arm64/crypto/ghash-ce-core.S b/arch/arm64/crypto/ghash-ce-core.S index 11ebf1ae248a..dcffb9e77589 100644 --- a/arch/arm64/crypto/ghash-ce-core.S +++ b/arch/arm64/crypto/ghash-ce-core.S @@ -213,22 +213,31 @@ .endm .macro __pmull_ghash, pn - ld1 {SHASH.2d}, [x3] - ld1 {XL.2d}, [x1] + frame_push 5 + + mov x19, x0 + mov x20, x1 + mov x21, x2 + mov x22, x3 + mov x23, x4 + +0: ld1 {SHASH.2d}, [x22] + ld1 {XL.2d}, [x20] ext SHASH2.16b, SHASH.16b, SHASH.16b, #8 eor SHASH2.16b, SHASH2.16b, SHASH.16b __pmull_pre_\pn /* do the head block first, if supplied */ - cbz x4, 0f - ld1 {T1.2d}, [x4] - b 1f + cbz x23, 1f + ld1 {T1.2d}, [x23] + mov x23, xzr + b 2f -0: ld1 {T1.2d}, [x2], #16 - sub w0, w0, #1 +1: ld1 {T1.2d}, [x21], #16 + sub w19, w19, #1 -1: /* multiply XL by SHASH in GF(2^128) */ +2: /* multiply XL by SHASH in GF(2^128) */ CPU_LE( rev64 T1.16b, T1.16b ) ext T2.16b, XL.16b, XL.16b, #8 @@ -250,9 +259,18 @@ CPU_LE( rev64 T1.16b, T1.16b ) eor T2.16b, T2.16b, XH.16b eor XL.16b, XL.16b, T2.16b - cbnz w0, 0b + cbz w19, 3f + + if_will_cond_yield_neon + st1 {XL.2d}, [x20] + do_cond_yield_neon + b 0b + endif_yield_neon + + b 1b - st1 {XL.2d}, [x1] +3: st1 {XL.2d}, [x20] + frame_pop ret .endm @@ -304,38 +322,55 @@ ENDPROC(pmull_ghash_update_p8) .endm .macro pmull_gcm_do_crypt, enc - ld1 {SHASH.2d}, [x4] - ld1 {XL.2d}, [x1] - ldr x8, [x5, #8] // load lower counter + frame_push 10 + + mov x19, x0 + mov x20, x1 + mov x21, x2 + mov x22, x3 + mov x23, x4 + mov x24, x5 + mov x25, x6 + mov x26, x7 + .if \enc == 1 + ldr x27, [sp, #96] // first stacked arg + .endif + + ldr x28, [x24, #8] // load lower counter +CPU_LE( rev x28, x28 ) + +0: mov x0, x25 + load_round_keys w26, x0 + ld1 {SHASH.2d}, [x23] + ld1 {XL.2d}, [x20] movi MASK.16b, #0xe1 ext SHASH2.16b, SHASH.16b, SHASH.16b, #8 -CPU_LE( rev x8, x8 ) shl MASK.2d, MASK.2d, #57 eor SHASH2.16b, SHASH2.16b, SHASH.16b .if \enc == 1 - ld1 {KS.16b}, [x7] + ld1 {KS.16b}, [x27] .endif -0: ld1 {CTR.8b}, [x5] // load upper counter - ld1 {INP.16b}, [x3], #16 - rev x9, x8 - add x8, x8, #1 - sub w0, w0, #1 +1: ld1 {CTR.8b}, [x24] // load upper counter + ld1 {INP.16b}, [x22], #16 + rev x9, x28 + add x28, x28, #1 + sub w19, w19, #1 ins CTR.d[1], x9 // set lower counter .if \enc == 1 eor INP.16b, INP.16b, KS.16b // encrypt input - st1 {INP.16b}, [x2], #16 + st1 {INP.16b}, [x21], #16 .endif rev64 T1.16b, INP.16b - cmp w6, #12 - b.ge 2f // AES-192/256? + cmp w26, #12 + b.ge 4f // AES-192/256? -1: enc_round CTR, v21 +2: enc_round CTR, v21 ext T2.16b, XL.16b, XL.16b, #8 ext IN1.16b, T1.16b, T1.16b, #8 @@ -390,27 +425,39 @@ CPU_LE( rev x8, x8 ) .if \enc == 0 eor INP.16b, INP.16b, KS.16b - st1 {INP.16b}, [x2], #16 + st1 {INP.16b}, [x21], #16 .endif - cbnz w0, 0b + cbz w19, 3f -CPU_LE( rev x8, x8 ) - st1 {XL.2d}, [x1] - str x8, [x5, #8] // store lower counter + if_will_cond_yield_neon + st1 {XL.2d}, [x20] + .if \enc == 1 + st1 {KS.16b}, [x27] + .endif + do_cond_yield_neon + b 0b + endif_yield_neon + b 1b + +3: st1 {XL.2d}, [x20] .if \enc == 1 - st1 {KS.16b}, [x7] + st1 {KS.16b}, [x27] .endif +CPU_LE( rev x28, x28 ) + str x28, [x24, #8] // store lower counter + + frame_pop ret -2: b.eq 3f // AES-192? +4: b.eq 5f // AES-192? enc_round CTR, v17 enc_round CTR, v18 -3: enc_round CTR, v19 +5: enc_round CTR, v19 enc_round CTR, v20 - b 1b + b 2b .endm /* diff --git a/arch/arm64/crypto/ghash-ce-glue.c b/arch/arm64/crypto/ghash-ce-glue.c index cfc9c92814fd..7cf0b1aa6ea8 100644 --- a/arch/arm64/crypto/ghash-ce-glue.c +++ b/arch/arm64/crypto/ghash-ce-glue.c @@ -63,11 +63,12 @@ static void (*pmull_ghash_update)(int blocks, u64 dg[], const char *src, asmlinkage void pmull_gcm_encrypt(int blocks, u64 dg[], u8 dst[], const u8 src[], struct ghash_key const *k, - u8 ctr[], int rounds, u8 ks[]); + u8 ctr[], u32 const rk[], int rounds, + u8 ks[]); asmlinkage void pmull_gcm_decrypt(int blocks, u64 dg[], u8 dst[], const u8 src[], struct ghash_key const *k, - u8 ctr[], int rounds); + u8 ctr[], u32 const rk[], int rounds); asmlinkage void pmull_gcm_encrypt_block(u8 dst[], u8 const src[], u32 const rk[], int rounds); @@ -368,26 +369,29 @@ static int gcm_encrypt(struct aead_request *req) pmull_gcm_encrypt_block(ks, iv, NULL, num_rounds(&ctx->aes_key)); put_unaligned_be32(3, iv + GCM_IV_SIZE); + kernel_neon_end(); - err = skcipher_walk_aead_encrypt(&walk, req, true); + err = skcipher_walk_aead_encrypt(&walk, req, false); while (walk.nbytes >= AES_BLOCK_SIZE) { int blocks = walk.nbytes / AES_BLOCK_SIZE; + kernel_neon_begin(); pmull_gcm_encrypt(blocks, dg, walk.dst.virt.addr, walk.src.virt.addr, &ctx->ghash_key, - iv, num_rounds(&ctx->aes_key), ks); + iv, ctx->aes_key.key_enc, + num_rounds(&ctx->aes_key), ks); + kernel_neon_end(); err = skcipher_walk_done(&walk, walk.nbytes % AES_BLOCK_SIZE); } - kernel_neon_end(); } else { __aes_arm64_encrypt(ctx->aes_key.key_enc, tag, iv, num_rounds(&ctx->aes_key)); put_unaligned_be32(2, iv + GCM_IV_SIZE); - err = skcipher_walk_aead_encrypt(&walk, req, true); + err = skcipher_walk_aead_encrypt(&walk, req, false); while (walk.nbytes >= AES_BLOCK_SIZE) { int blocks = walk.nbytes / AES_BLOCK_SIZE; @@ -467,15 +471,19 @@ static int gcm_decrypt(struct aead_request *req) pmull_gcm_encrypt_block(tag, iv, ctx->aes_key.key_enc, num_rounds(&ctx->aes_key)); put_unaligned_be32(2, iv + GCM_IV_SIZE); + kernel_neon_end(); - err = skcipher_walk_aead_decrypt(&walk, req, true); + err = skcipher_walk_aead_decrypt(&walk, req, false); while (walk.nbytes >= AES_BLOCK_SIZE) { int blocks = walk.nbytes / AES_BLOCK_SIZE; + kernel_neon_begin(); pmull_gcm_decrypt(blocks, dg, walk.dst.virt.addr, walk.src.virt.addr, &ctx->ghash_key, - iv, num_rounds(&ctx->aes_key)); + iv, ctx->aes_key.key_enc, + num_rounds(&ctx->aes_key)); + kernel_neon_end(); err = skcipher_walk_done(&walk, walk.nbytes % AES_BLOCK_SIZE); @@ -483,14 +491,12 @@ static int gcm_decrypt(struct aead_request *req) if (walk.nbytes) pmull_gcm_encrypt_block(iv, iv, NULL, num_rounds(&ctx->aes_key)); - - kernel_neon_end(); } else { __aes_arm64_encrypt(ctx->aes_key.key_enc, tag, iv, num_rounds(&ctx->aes_key)); put_unaligned_be32(2, iv + GCM_IV_SIZE); - err = skcipher_walk_aead_decrypt(&walk, req, true); + err = skcipher_walk_aead_decrypt(&walk, req, false); while (walk.nbytes >= AES_BLOCK_SIZE) { int blocks = walk.nbytes / AES_BLOCK_SIZE; diff --git a/arch/arm64/crypto/sha1-ce-core.S b/arch/arm64/crypto/sha1-ce-core.S index 46049850727d..78eb35fb5056 100644 --- a/arch/arm64/crypto/sha1-ce-core.S +++ b/arch/arm64/crypto/sha1-ce-core.S @@ -69,30 +69,36 @@ * int blocks) */ ENTRY(sha1_ce_transform) + frame_push 3 + + mov x19, x0 + mov x20, x1 + mov x21, x2 + /* load round constants */ - loadrc k0.4s, 0x5a827999, w6 +0: loadrc k0.4s, 0x5a827999, w6 loadrc k1.4s, 0x6ed9eba1, w6 loadrc k2.4s, 0x8f1bbcdc, w6 loadrc k3.4s, 0xca62c1d6, w6 /* load state */ - ld1 {dgav.4s}, [x0] - ldr dgb, [x0, #16] + ld1 {dgav.4s}, [x19] + ldr dgb, [x19, #16] /* load sha1_ce_state::finalize */ ldr_l w4, sha1_ce_offsetof_finalize, x4 - ldr w4, [x0, x4] + ldr w4, [x19, x4] /* load input */ -0: ld1 {v8.4s-v11.4s}, [x1], #64 - sub w2, w2, #1 +1: ld1 {v8.4s-v11.4s}, [x20], #64 + sub w21, w21, #1 CPU_LE( rev32 v8.16b, v8.16b ) CPU_LE( rev32 v9.16b, v9.16b ) CPU_LE( rev32 v10.16b, v10.16b ) CPU_LE( rev32 v11.16b, v11.16b ) -1: add t0.4s, v8.4s, k0.4s +2: add t0.4s, v8.4s, k0.4s mov dg0v.16b, dgav.16b add_update c, ev, k0, 8, 9, 10, 11, dgb @@ -123,16 +129,25 @@ CPU_LE( rev32 v11.16b, v11.16b ) add dgbv.2s, dgbv.2s, dg1v.2s add dgav.4s, dgav.4s, dg0v.4s - cbnz w2, 0b + cbz w21, 3f + + if_will_cond_yield_neon + st1 {dgav.4s}, [x19] + str dgb, [x19, #16] + do_cond_yield_neon + b 0b + endif_yield_neon + + b 1b /* * Final block: add padding and total bit count. * Skip if the input size was not a round multiple of the block size, * the padding is handled by the C code in that case. */ - cbz x4, 3f +3: cbz x4, 4f ldr_l w4, sha1_ce_offsetof_count, x4 - ldr x4, [x0, x4] + ldr x4, [x19, x4] movi v9.2d, #0 mov x8, #0x80000000 movi v10.2d, #0 @@ -141,10 +156,11 @@ CPU_LE( rev32 v11.16b, v11.16b ) mov x4, #0 mov v11.d[0], xzr mov v11.d[1], x7 - b 1b + b 2b /* store new state */ -3: st1 {dgav.4s}, [x0] - str dgb, [x0, #16] +4: st1 {dgav.4s}, [x19] + str dgb, [x19, #16] + frame_pop ret ENDPROC(sha1_ce_transform) diff --git a/arch/arm64/crypto/sha2-ce-core.S b/arch/arm64/crypto/sha2-ce-core.S index 4c3c89b812ce..cd8b36412469 100644 --- a/arch/arm64/crypto/sha2-ce-core.S +++ b/arch/arm64/crypto/sha2-ce-core.S @@ -79,30 +79,36 @@ */ .text ENTRY(sha2_ce_transform) + frame_push 3 + + mov x19, x0 + mov x20, x1 + mov x21, x2 + /* load round constants */ - adr_l x8, .Lsha2_rcon +0: adr_l x8, .Lsha2_rcon ld1 { v0.4s- v3.4s}, [x8], #64 ld1 { v4.4s- v7.4s}, [x8], #64 ld1 { v8.4s-v11.4s}, [x8], #64 ld1 {v12.4s-v15.4s}, [x8] /* load state */ - ld1 {dgav.4s, dgbv.4s}, [x0] + ld1 {dgav.4s, dgbv.4s}, [x19] /* load sha256_ce_state::finalize */ ldr_l w4, sha256_ce_offsetof_finalize, x4 - ldr w4, [x0, x4] + ldr w4, [x19, x4] /* load input */ -0: ld1 {v16.4s-v19.4s}, [x1], #64 - sub w2, w2, #1 +1: ld1 {v16.4s-v19.4s}, [x20], #64 + sub w21, w21, #1 CPU_LE( rev32 v16.16b, v16.16b ) CPU_LE( rev32 v17.16b, v17.16b ) CPU_LE( rev32 v18.16b, v18.16b ) CPU_LE( rev32 v19.16b, v19.16b ) -1: add t0.4s, v16.4s, v0.4s +2: add t0.4s, v16.4s, v0.4s mov dg0v.16b, dgav.16b mov dg1v.16b, dgbv.16b @@ -131,16 +137,24 @@ CPU_LE( rev32 v19.16b, v19.16b ) add dgbv.4s, dgbv.4s, dg1v.4s /* handled all input blocks? */ - cbnz w2, 0b + cbz w21, 3f + + if_will_cond_yield_neon + st1 {dgav.4s, dgbv.4s}, [x19] + do_cond_yield_neon + b 0b + endif_yield_neon + + b 1b /* * Final block: add padding and total bit count. * Skip if the input size was not a round multiple of the block size, * the padding is handled by the C code in that case. */ - cbz x4, 3f +3: cbz x4, 4f ldr_l w4, sha256_ce_offsetof_count, x4 - ldr x4, [x0, x4] + ldr x4, [x19, x4] movi v17.2d, #0 mov x8, #0x80000000 movi v18.2d, #0 @@ -149,9 +163,10 @@ CPU_LE( rev32 v19.16b, v19.16b ) mov x4, #0 mov v19.d[0], xzr mov v19.d[1], x7 - b 1b + b 2b /* store new state */ -3: st1 {dgav.4s, dgbv.4s}, [x0] +4: st1 {dgav.4s, dgbv.4s}, [x19] + frame_pop ret ENDPROC(sha2_ce_transform) diff --git a/arch/arm64/crypto/sha256-core.S_shipped b/arch/arm64/crypto/sha256-core.S_shipped index 3ce82cc860bc..7c7ce2e3bad6 100644 --- a/arch/arm64/crypto/sha256-core.S_shipped +++ b/arch/arm64/crypto/sha256-core.S_shipped @@ -1,3 +1,13 @@ +// SPDX-License-Identifier: GPL-2.0 + +// This code is taken from the OpenSSL project but the author (Andy Polyakov) +// has relicensed it under the GPLv2. Therefore this program is free software; +// you can redistribute it and/or modify it under the terms of the GNU General +// Public License version 2 as published by the Free Software Foundation. +// +// The original headers, including the original license headers, are +// included below for completeness. + // Copyright 2014-2016 The OpenSSL Project Authors. All Rights Reserved. // // Licensed under the OpenSSL license (the "License"). You may not use @@ -10,8 +20,6 @@ // project. The module is, however, dual licensed under OpenSSL and // CRYPTOGAMS licenses depending on where you obtain it. For further // details see http://www.openssl.org/~appro/cryptogams/. -// -// Permission to use under GPLv2 terms is granted. // ==================================================================== // // SHA256/512 for ARMv8. diff --git a/arch/arm64/crypto/sha3-ce-core.S b/arch/arm64/crypto/sha3-ce-core.S index 332ad7530690..a7d587fa54f6 100644 --- a/arch/arm64/crypto/sha3-ce-core.S +++ b/arch/arm64/crypto/sha3-ce-core.S @@ -41,9 +41,16 @@ */ .text ENTRY(sha3_ce_transform) - /* load state */ - add x8, x0, #32 - ld1 { v0.1d- v3.1d}, [x0] + frame_push 4 + + mov x19, x0 + mov x20, x1 + mov x21, x2 + mov x22, x3 + +0: /* load state */ + add x8, x19, #32 + ld1 { v0.1d- v3.1d}, [x19] ld1 { v4.1d- v7.1d}, [x8], #32 ld1 { v8.1d-v11.1d}, [x8], #32 ld1 {v12.1d-v15.1d}, [x8], #32 @@ -51,13 +58,13 @@ ENTRY(sha3_ce_transform) ld1 {v20.1d-v23.1d}, [x8], #32 ld1 {v24.1d}, [x8] -0: sub w2, w2, #1 +1: sub w21, w21, #1 mov w8, #24 adr_l x9, .Lsha3_rcon /* load input */ - ld1 {v25.8b-v28.8b}, [x1], #32 - ld1 {v29.8b-v31.8b}, [x1], #24 + ld1 {v25.8b-v28.8b}, [x20], #32 + ld1 {v29.8b-v31.8b}, [x20], #24 eor v0.8b, v0.8b, v25.8b eor v1.8b, v1.8b, v26.8b eor v2.8b, v2.8b, v27.8b @@ -66,10 +73,10 @@ ENTRY(sha3_ce_transform) eor v5.8b, v5.8b, v30.8b eor v6.8b, v6.8b, v31.8b - tbnz x3, #6, 2f // SHA3-512 + tbnz x22, #6, 3f // SHA3-512 - ld1 {v25.8b-v28.8b}, [x1], #32 - ld1 {v29.8b-v30.8b}, [x1], #16 + ld1 {v25.8b-v28.8b}, [x20], #32 + ld1 {v29.8b-v30.8b}, [x20], #16 eor v7.8b, v7.8b, v25.8b eor v8.8b, v8.8b, v26.8b eor v9.8b, v9.8b, v27.8b @@ -77,34 +84,34 @@ ENTRY(sha3_ce_transform) eor v11.8b, v11.8b, v29.8b eor v12.8b, v12.8b, v30.8b - tbnz x3, #4, 1f // SHA3-384 or SHA3-224 + tbnz x22, #4, 2f // SHA3-384 or SHA3-224 // SHA3-256 - ld1 {v25.8b-v28.8b}, [x1], #32 + ld1 {v25.8b-v28.8b}, [x20], #32 eor v13.8b, v13.8b, v25.8b eor v14.8b, v14.8b, v26.8b eor v15.8b, v15.8b, v27.8b eor v16.8b, v16.8b, v28.8b - b 3f + b 4f -1: tbz x3, #2, 3f // bit 2 cleared? SHA-384 +2: tbz x22, #2, 4f // bit 2 cleared? SHA-384 // SHA3-224 - ld1 {v25.8b-v28.8b}, [x1], #32 - ld1 {v29.8b}, [x1], #8 + ld1 {v25.8b-v28.8b}, [x20], #32 + ld1 {v29.8b}, [x20], #8 eor v13.8b, v13.8b, v25.8b eor v14.8b, v14.8b, v26.8b eor v15.8b, v15.8b, v27.8b eor v16.8b, v16.8b, v28.8b eor v17.8b, v17.8b, v29.8b - b 3f + b 4f // SHA3-512 -2: ld1 {v25.8b-v26.8b}, [x1], #16 +3: ld1 {v25.8b-v26.8b}, [x20], #16 eor v7.8b, v7.8b, v25.8b eor v8.8b, v8.8b, v26.8b -3: sub w8, w8, #1 +4: sub w8, w8, #1 eor3 v29.16b, v4.16b, v9.16b, v14.16b eor3 v26.16b, v1.16b, v6.16b, v11.16b @@ -183,17 +190,33 @@ ENTRY(sha3_ce_transform) eor v0.16b, v0.16b, v31.16b - cbnz w8, 3b - cbnz w2, 0b + cbnz w8, 4b + cbz w21, 5f + + if_will_cond_yield_neon + add x8, x19, #32 + st1 { v0.1d- v3.1d}, [x19] + st1 { v4.1d- v7.1d}, [x8], #32 + st1 { v8.1d-v11.1d}, [x8], #32 + st1 {v12.1d-v15.1d}, [x8], #32 + st1 {v16.1d-v19.1d}, [x8], #32 + st1 {v20.1d-v23.1d}, [x8], #32 + st1 {v24.1d}, [x8] + do_cond_yield_neon + b 0b + endif_yield_neon + + b 1b /* save state */ - st1 { v0.1d- v3.1d}, [x0], #32 - st1 { v4.1d- v7.1d}, [x0], #32 - st1 { v8.1d-v11.1d}, [x0], #32 - st1 {v12.1d-v15.1d}, [x0], #32 - st1 {v16.1d-v19.1d}, [x0], #32 - st1 {v20.1d-v23.1d}, [x0], #32 - st1 {v24.1d}, [x0] +5: st1 { v0.1d- v3.1d}, [x19], #32 + st1 { v4.1d- v7.1d}, [x19], #32 + st1 { v8.1d-v11.1d}, [x19], #32 + st1 {v12.1d-v15.1d}, [x19], #32 + st1 {v16.1d-v19.1d}, [x19], #32 + st1 {v20.1d-v23.1d}, [x19], #32 + st1 {v24.1d}, [x19] + frame_pop ret ENDPROC(sha3_ce_transform) diff --git a/arch/arm64/crypto/sha512-armv8.pl b/arch/arm64/crypto/sha512-armv8.pl index c55efb308544..2d8655d5b1af 100644 --- a/arch/arm64/crypto/sha512-armv8.pl +++ b/arch/arm64/crypto/sha512-armv8.pl @@ -1,4 +1,14 @@ #! /usr/bin/env perl +# SPDX-License-Identifier: GPL-2.0 + +# This code is taken from the OpenSSL project but the author (Andy Polyakov) +# has relicensed it under the GPLv2. Therefore this program is free software; +# you can redistribute it and/or modify it under the terms of the GNU General +# Public License version 2 as published by the Free Software Foundation. +# +# The original headers, including the original license headers, are +# included below for completeness. + # Copyright 2014-2016 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use @@ -11,8 +21,6 @@ # project. The module is, however, dual licensed under OpenSSL and # CRYPTOGAMS licenses depending on where you obtain it. For further # details see http://www.openssl.org/~appro/cryptogams/. -# -# Permission to use under GPLv2 terms is granted. # ==================================================================== # # SHA256/512 for ARMv8. diff --git a/arch/arm64/crypto/sha512-ce-core.S b/arch/arm64/crypto/sha512-ce-core.S index 7f3bca5c59a2..ce65e3abe4f2 100644 --- a/arch/arm64/crypto/sha512-ce-core.S +++ b/arch/arm64/crypto/sha512-ce-core.S @@ -107,17 +107,23 @@ */ .text ENTRY(sha512_ce_transform) + frame_push 3 + + mov x19, x0 + mov x20, x1 + mov x21, x2 + /* load state */ - ld1 {v8.2d-v11.2d}, [x0] +0: ld1 {v8.2d-v11.2d}, [x19] /* load first 4 round constants */ adr_l x3, .Lsha512_rcon ld1 {v20.2d-v23.2d}, [x3], #64 /* load input */ -0: ld1 {v12.2d-v15.2d}, [x1], #64 - ld1 {v16.2d-v19.2d}, [x1], #64 - sub w2, w2, #1 +1: ld1 {v12.2d-v15.2d}, [x20], #64 + ld1 {v16.2d-v19.2d}, [x20], #64 + sub w21, w21, #1 CPU_LE( rev64 v12.16b, v12.16b ) CPU_LE( rev64 v13.16b, v13.16b ) @@ -196,9 +202,18 @@ CPU_LE( rev64 v19.16b, v19.16b ) add v11.2d, v11.2d, v3.2d /* handled all input blocks? */ - cbnz w2, 0b + cbz w21, 3f + + if_will_cond_yield_neon + st1 {v8.2d-v11.2d}, [x19] + do_cond_yield_neon + b 0b + endif_yield_neon + + b 1b /* store new state */ -3: st1 {v8.2d-v11.2d}, [x0] +3: st1 {v8.2d-v11.2d}, [x19] + frame_pop ret ENDPROC(sha512_ce_transform) diff --git a/arch/arm64/crypto/sha512-core.S_shipped b/arch/arm64/crypto/sha512-core.S_shipped index bd0f59f06c9d..e063a6106720 100644 --- a/arch/arm64/crypto/sha512-core.S_shipped +++ b/arch/arm64/crypto/sha512-core.S_shipped @@ -1,3 +1,13 @@ +// SPDX-License-Identifier: GPL-2.0 + +// This code is taken from the OpenSSL project but the author (Andy Polyakov) +// has relicensed it under the GPLv2. Therefore this program is free software; +// you can redistribute it and/or modify it under the terms of the GNU General +// Public License version 2 as published by the Free Software Foundation. +// +// The original headers, including the original license headers, are +// included below for completeness. + // Copyright 2014-2016 The OpenSSL Project Authors. All Rights Reserved. // // Licensed under the OpenSSL license (the "License"). You may not use @@ -10,8 +20,6 @@ // project. The module is, however, dual licensed under OpenSSL and // CRYPTOGAMS licenses depending on where you obtain it. For further // details see http://www.openssl.org/~appro/cryptogams/. -// -// Permission to use under GPLv2 terms is granted. // ==================================================================== // // SHA256/512 for ARMv8. diff --git a/arch/arm64/crypto/sm4-ce-core.S b/arch/arm64/crypto/sm4-ce-core.S new file mode 100644 index 000000000000..af3bfbc3f4d4 --- /dev/null +++ b/arch/arm64/crypto/sm4-ce-core.S @@ -0,0 +1,36 @@ +// SPDX-License-Identifier: GPL-2.0 + +#include <linux/linkage.h> +#include <asm/assembler.h> + + .irp b, 0, 1, 2, 3, 4, 5, 6, 7, 8 + .set .Lv\b\().4s, \b + .endr + + .macro sm4e, rd, rn + .inst 0xcec08400 | .L\rd | (.L\rn << 5) + .endm + + /* + * void sm4_ce_do_crypt(const u32 *rk, u32 *out, const u32 *in); + */ + .text +ENTRY(sm4_ce_do_crypt) + ld1 {v8.4s}, [x2] + ld1 {v0.4s-v3.4s}, [x0], #64 +CPU_LE( rev32 v8.16b, v8.16b ) + ld1 {v4.4s-v7.4s}, [x0] + sm4e v8.4s, v0.4s + sm4e v8.4s, v1.4s + sm4e v8.4s, v2.4s + sm4e v8.4s, v3.4s + sm4e v8.4s, v4.4s + sm4e v8.4s, v5.4s + sm4e v8.4s, v6.4s + sm4e v8.4s, v7.4s + rev64 v8.4s, v8.4s + ext v8.16b, v8.16b, v8.16b, #8 +CPU_LE( rev32 v8.16b, v8.16b ) + st1 {v8.4s}, [x1] + ret +ENDPROC(sm4_ce_do_crypt) diff --git a/arch/arm64/crypto/sm4-ce-glue.c b/arch/arm64/crypto/sm4-ce-glue.c new file mode 100644 index 000000000000..b7fb5274b250 --- /dev/null +++ b/arch/arm64/crypto/sm4-ce-glue.c @@ -0,0 +1,73 @@ +// SPDX-License-Identifier: GPL-2.0 + +#include <asm/neon.h> +#include <asm/simd.h> +#include <crypto/sm4.h> +#include <linux/module.h> +#include <linux/cpufeature.h> +#include <linux/crypto.h> +#include <linux/types.h> + +MODULE_ALIAS_CRYPTO("sm4"); +MODULE_ALIAS_CRYPTO("sm4-ce"); +MODULE_DESCRIPTION("SM4 symmetric cipher using ARMv8 Crypto Extensions"); +MODULE_AUTHOR("Ard Biesheuvel <ard.biesheuvel@linaro.org>"); +MODULE_LICENSE("GPL v2"); + +asmlinkage void sm4_ce_do_crypt(const u32 *rk, void *out, const void *in); + +static void sm4_ce_encrypt(struct crypto_tfm *tfm, u8 *out, const u8 *in) +{ + const struct crypto_sm4_ctx *ctx = crypto_tfm_ctx(tfm); + + if (!may_use_simd()) { + crypto_sm4_encrypt(tfm, out, in); + } else { + kernel_neon_begin(); + sm4_ce_do_crypt(ctx->rkey_enc, out, in); + kernel_neon_end(); + } +} + +static void sm4_ce_decrypt(struct crypto_tfm *tfm, u8 *out, const u8 *in) +{ + const struct crypto_sm4_ctx *ctx = crypto_tfm_ctx(tfm); + + if (!may_use_simd()) { + crypto_sm4_decrypt(tfm, out, in); + } else { + kernel_neon_begin(); + sm4_ce_do_crypt(ctx->rkey_dec, out, in); + kernel_neon_end(); + } +} + +static struct crypto_alg sm4_ce_alg = { + .cra_name = "sm4", + .cra_driver_name = "sm4-ce", + .cra_priority = 200, + .cra_flags = CRYPTO_ALG_TYPE_CIPHER, + .cra_blocksize = SM4_BLOCK_SIZE, + .cra_ctxsize = sizeof(struct crypto_sm4_ctx), + .cra_module = THIS_MODULE, + .cra_u.cipher = { + .cia_min_keysize = SM4_KEY_SIZE, + .cia_max_keysize = SM4_KEY_SIZE, + .cia_setkey = crypto_sm4_set_key, + .cia_encrypt = sm4_ce_encrypt, + .cia_decrypt = sm4_ce_decrypt + } +}; + +static int __init sm4_ce_mod_init(void) +{ + return crypto_register_alg(&sm4_ce_alg); +} + +static void __exit sm4_ce_mod_fini(void) +{ + crypto_unregister_alg(&sm4_ce_alg); +} + +module_cpu_feature_match(SM3, sm4_ce_mod_init); +module_exit(sm4_ce_mod_fini); diff --git a/arch/x86/crypto/Makefile b/arch/x86/crypto/Makefile index 5f07333bb224..a450ad573dcb 100644 --- a/arch/x86/crypto/Makefile +++ b/arch/x86/crypto/Makefile @@ -15,7 +15,6 @@ obj-$(CONFIG_CRYPTO_GLUE_HELPER_X86) += glue_helper.o obj-$(CONFIG_CRYPTO_AES_586) += aes-i586.o obj-$(CONFIG_CRYPTO_TWOFISH_586) += twofish-i586.o -obj-$(CONFIG_CRYPTO_SALSA20_586) += salsa20-i586.o obj-$(CONFIG_CRYPTO_SERPENT_SSE2_586) += serpent-sse2-i586.o obj-$(CONFIG_CRYPTO_AES_X86_64) += aes-x86_64.o @@ -24,7 +23,6 @@ obj-$(CONFIG_CRYPTO_CAMELLIA_X86_64) += camellia-x86_64.o obj-$(CONFIG_CRYPTO_BLOWFISH_X86_64) += blowfish-x86_64.o obj-$(CONFIG_CRYPTO_TWOFISH_X86_64) += twofish-x86_64.o obj-$(CONFIG_CRYPTO_TWOFISH_X86_64_3WAY) += twofish-x86_64-3way.o -obj-$(CONFIG_CRYPTO_SALSA20_X86_64) += salsa20-x86_64.o obj-$(CONFIG_CRYPTO_CHACHA20_X86_64) += chacha20-x86_64.o obj-$(CONFIG_CRYPTO_SERPENT_SSE2_X86_64) += serpent-sse2-x86_64.o obj-$(CONFIG_CRYPTO_AES_NI_INTEL) += aesni-intel.o @@ -38,6 +36,16 @@ obj-$(CONFIG_CRYPTO_SHA512_SSSE3) += sha512-ssse3.o obj-$(CONFIG_CRYPTO_CRCT10DIF_PCLMUL) += crct10dif-pclmul.o obj-$(CONFIG_CRYPTO_POLY1305_X86_64) += poly1305-x86_64.o +obj-$(CONFIG_CRYPTO_AEGIS128_AESNI_SSE2) += aegis128-aesni.o +obj-$(CONFIG_CRYPTO_AEGIS128L_AESNI_SSE2) += aegis128l-aesni.o +obj-$(CONFIG_CRYPTO_AEGIS256_AESNI_SSE2) += aegis256-aesni.o + +obj-$(CONFIG_CRYPTO_MORUS640_GLUE) += morus640_glue.o +obj-$(CONFIG_CRYPTO_MORUS1280_GLUE) += morus1280_glue.o + +obj-$(CONFIG_CRYPTO_MORUS640_SSE2) += morus640-sse2.o +obj-$(CONFIG_CRYPTO_MORUS1280_SSE2) += morus1280-sse2.o + # These modules require assembler to support AVX. ifeq ($(avx_supported),yes) obj-$(CONFIG_CRYPTO_CAMELLIA_AESNI_AVX_X86_64) += \ @@ -55,11 +63,12 @@ ifeq ($(avx2_supported),yes) obj-$(CONFIG_CRYPTO_SHA1_MB) += sha1-mb/ obj-$(CONFIG_CRYPTO_SHA256_MB) += sha256-mb/ obj-$(CONFIG_CRYPTO_SHA512_MB) += sha512-mb/ + + obj-$(CONFIG_CRYPTO_MORUS1280_AVX2) += morus1280-avx2.o endif aes-i586-y := aes-i586-asm_32.o aes_glue.o twofish-i586-y := twofish-i586-asm_32.o twofish_glue.o -salsa20-i586-y := salsa20-i586-asm_32.o salsa20_glue.o serpent-sse2-i586-y := serpent-sse2-i586-asm_32.o serpent_sse2_glue.o aes-x86_64-y := aes-x86_64-asm_64.o aes_glue.o @@ -68,10 +77,16 @@ camellia-x86_64-y := camellia-x86_64-asm_64.o camellia_glue.o blowfish-x86_64-y := blowfish-x86_64-asm_64.o blowfish_glue.o twofish-x86_64-y := twofish-x86_64-asm_64.o twofish_glue.o twofish-x86_64-3way-y := twofish-x86_64-asm_64-3way.o twofish_glue_3way.o -salsa20-x86_64-y := salsa20-x86_64-asm_64.o salsa20_glue.o chacha20-x86_64-y := chacha20-ssse3-x86_64.o chacha20_glue.o serpent-sse2-x86_64-y := serpent-sse2-x86_64-asm_64.o serpent_sse2_glue.o +aegis128-aesni-y := aegis128-aesni-asm.o aegis128-aesni-glue.o +aegis128l-aesni-y := aegis128l-aesni-asm.o aegis128l-aesni-glue.o +aegis256-aesni-y := aegis256-aesni-asm.o aegis256-aesni-glue.o + +morus640-sse2-y := morus640-sse2-asm.o morus640-sse2-glue.o +morus1280-sse2-y := morus1280-sse2-asm.o morus1280-sse2-glue.o + ifeq ($(avx_supported),yes) camellia-aesni-avx-x86_64-y := camellia-aesni-avx-asm_64.o \ camellia_aesni_avx_glue.o @@ -87,6 +102,8 @@ ifeq ($(avx2_supported),yes) camellia-aesni-avx2-y := camellia-aesni-avx2-asm_64.o camellia_aesni_avx2_glue.o chacha20-x86_64-y += chacha20-avx2-x86_64.o serpent-avx2-y := serpent-avx2-asm_64.o serpent_avx2_glue.o + + morus1280-avx2-y := morus1280-avx2-asm.o morus1280-avx2-glue.o endif aesni-intel-y := aesni-intel_asm.o aesni-intel_glue.o fpu.o diff --git a/arch/x86/crypto/aegis128-aesni-asm.S b/arch/x86/crypto/aegis128-aesni-asm.S new file mode 100644 index 000000000000..9254e0b6cc06 --- /dev/null +++ b/arch/x86/crypto/aegis128-aesni-asm.S @@ -0,0 +1,749 @@ +/* + * AES-NI + SSE2 implementation of AEGIS-128 + * + * Copyright (c) 2017-2018 Ondrej Mosnacek <omosnacek@gmail.com> + * Copyright (C) 2017-2018 Red Hat, Inc. All rights reserved. + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 as published + * by the Free Software Foundation. + */ + +#include <linux/linkage.h> +#include <asm/frame.h> + +#define STATE0 %xmm0 +#define STATE1 %xmm1 +#define STATE2 %xmm2 +#define STATE3 %xmm3 +#define STATE4 %xmm4 +#define KEY %xmm5 +#define MSG %xmm5 +#define T0 %xmm6 +#define T1 %xmm7 + +#define STATEP %rdi +#define LEN %rsi +#define SRC %rdx +#define DST %rcx + +.section .rodata.cst16.aegis128_const, "aM", @progbits, 32 +.align 16 +.Laegis128_const_0: + .byte 0x00, 0x01, 0x01, 0x02, 0x03, 0x05, 0x08, 0x0d + .byte 0x15, 0x22, 0x37, 0x59, 0x90, 0xe9, 0x79, 0x62 +.Laegis128_const_1: + .byte 0xdb, 0x3d, 0x18, 0x55, 0x6d, 0xc2, 0x2f, 0xf1 + .byte 0x20, 0x11, 0x31, 0x42, 0x73, 0xb5, 0x28, 0xdd + +.section .rodata.cst16.aegis128_counter, "aM", @progbits, 16 +.align 16 +.Laegis128_counter: + .byte 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07 + .byte 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f + +.text + +/* + * aegis128_update + * input: + * STATE[0-4] - input state + * output: + * STATE[0-4] - output state (shifted positions) + * changed: + * T0 + */ +.macro aegis128_update + movdqa STATE4, T0 + aesenc STATE0, STATE4 + aesenc STATE1, STATE0 + aesenc STATE2, STATE1 + aesenc STATE3, STATE2 + aesenc T0, STATE3 +.endm + +/* + * __load_partial: internal ABI + * input: + * LEN - bytes + * SRC - src + * output: + * MSG - message block + * changed: + * T0 + * %r8 + * %r9 + */ +__load_partial: + xor %r9, %r9 + pxor MSG, MSG + + mov LEN, %r8 + and $0x1, %r8 + jz .Lld_partial_1 + + mov LEN, %r8 + and $0x1E, %r8 + add SRC, %r8 + mov (%r8), %r9b + +.Lld_partial_1: + mov LEN, %r8 + and $0x2, %r8 + jz .Lld_partial_2 + + mov LEN, %r8 + and $0x1C, %r8 + add SRC, %r8 + shl $0x10, %r9 + mov (%r8), %r9w + +.Lld_partial_2: + mov LEN, %r8 + and $0x4, %r8 + jz .Lld_partial_4 + + mov LEN, %r8 + and $0x18, %r8 + add SRC, %r8 + shl $32, %r9 + mov (%r8), %r8d + xor %r8, %r9 + +.Lld_partial_4: + movq %r9, MSG + + mov LEN, %r8 + and $0x8, %r8 + jz .Lld_partial_8 + + mov LEN, %r8 + and $0x10, %r8 + add SRC, %r8 + pslldq $8, MSG + movq (%r8), T0 + pxor T0, MSG + +.Lld_partial_8: + ret +ENDPROC(__load_partial) + +/* + * __store_partial: internal ABI + * input: + * LEN - bytes + * DST - dst + * output: + * T0 - message block + * changed: + * %r8 + * %r9 + * %r10 + */ +__store_partial: + mov LEN, %r8 + mov DST, %r9 + + movq T0, %r10 + + cmp $8, %r8 + jl .Lst_partial_8 + + mov %r10, (%r9) + psrldq $8, T0 + movq T0, %r10 + + sub $8, %r8 + add $8, %r9 + +.Lst_partial_8: + cmp $4, %r8 + jl .Lst_partial_4 + + mov %r10d, (%r9) + shr $32, %r10 + + sub $4, %r8 + add $4, %r9 + +.Lst_partial_4: + cmp $2, %r8 + jl .Lst_partial_2 + + mov %r10w, (%r9) + shr $0x10, %r10 + + sub $2, %r8 + add $2, %r9 + +.Lst_partial_2: + cmp $1, %r8 + jl .Lst_partial_1 + + mov %r10b, (%r9) + +.Lst_partial_1: + ret +ENDPROC(__store_partial) + +/* + * void crypto_aegis128_aesni_init(void *state, const void *key, const void *iv); + */ +ENTRY(crypto_aegis128_aesni_init) + FRAME_BEGIN + + /* load IV: */ + movdqu (%rdx), T1 + + /* load key: */ + movdqa (%rsi), KEY + pxor KEY, T1 + movdqa T1, STATE0 + movdqa KEY, STATE3 + movdqa KEY, STATE4 + + /* load the constants: */ + movdqa .Laegis128_const_0, STATE2 + movdqa .Laegis128_const_1, STATE1 + pxor STATE2, STATE3 + pxor STATE1, STATE4 + + /* update 10 times with KEY / KEY xor IV: */ + aegis128_update; pxor KEY, STATE4 + aegis128_update; pxor T1, STATE3 + aegis128_update; pxor KEY, STATE2 + aegis128_update; pxor T1, STATE1 + aegis128_update; pxor KEY, STATE0 + aegis128_update; pxor T1, STATE4 + aegis128_update; pxor KEY, STATE3 + aegis128_update; pxor T1, STATE2 + aegis128_update; pxor KEY, STATE1 + aegis128_update; pxor T1, STATE0 + + /* store the state: */ + movdqu STATE0, 0x00(STATEP) + movdqu STATE1, 0x10(STATEP) + movdqu STATE2, 0x20(STATEP) + movdqu STATE3, 0x30(STATEP) + movdqu STATE4, 0x40(STATEP) + + FRAME_END + ret +ENDPROC(crypto_aegis128_aesni_init) + +/* + * void crypto_aegis128_aesni_ad(void *state, unsigned int length, + * const void *data); + */ +ENTRY(crypto_aegis128_aesni_ad) + FRAME_BEGIN + + cmp $0x10, LEN + jb .Lad_out + + /* load the state: */ + movdqu 0x00(STATEP), STATE0 + movdqu 0x10(STATEP), STATE1 + movdqu 0x20(STATEP), STATE2 + movdqu 0x30(STATEP), STATE3 + movdqu 0x40(STATEP), STATE4 + + mov SRC, %r8 + and $0xF, %r8 + jnz .Lad_u_loop + +.align 8 +.Lad_a_loop: + movdqa 0x00(SRC), MSG + aegis128_update + pxor MSG, STATE4 + sub $0x10, LEN + cmp $0x10, LEN + jl .Lad_out_1 + + movdqa 0x10(SRC), MSG + aegis128_update + pxor MSG, STATE3 + sub $0x10, LEN + cmp $0x10, LEN + jl .Lad_out_2 + + movdqa 0x20(SRC), MSG + aegis128_update + pxor MSG, STATE2 + sub $0x10, LEN + cmp $0x10, LEN + jl .Lad_out_3 + + movdqa 0x30(SRC), MSG + aegis128_update + pxor MSG, STATE1 + sub $0x10, LEN + cmp $0x10, LEN + jl .Lad_out_4 + + movdqa 0x40(SRC), MSG + aegis128_update + pxor MSG, STATE0 + sub $0x10, LEN + cmp $0x10, LEN + jl .Lad_out_0 + + add $0x50, SRC + jmp .Lad_a_loop + +.align 8 +.Lad_u_loop: + movdqu 0x00(SRC), MSG + aegis128_update + pxor MSG, STATE4 + sub $0x10, LEN + cmp $0x10, LEN + jl .Lad_out_1 + + movdqu 0x10(SRC), MSG + aegis128_update + pxor MSG, STATE3 + sub $0x10, LEN + cmp $0x10, LEN + jl .Lad_out_2 + + movdqu 0x20(SRC), MSG + aegis128_update + pxor MSG, STATE2 + sub $0x10, LEN + cmp $0x10, LEN + jl .Lad_out_3 + + movdqu 0x30(SRC), MSG + aegis128_update + pxor MSG, STATE1 + sub $0x10, LEN + cmp $0x10, LEN + jl .Lad_out_4 + + movdqu 0x40(SRC), MSG + aegis128_update + pxor MSG, STATE0 + sub $0x10, LEN + cmp $0x10, LEN + jl .Lad_out_0 + + add $0x50, SRC + jmp .Lad_u_loop + + /* store the state: */ +.Lad_out_0: + movdqu STATE0, 0x00(STATEP) + movdqu STATE1, 0x10(STATEP) + movdqu STATE2, 0x20(STATEP) + movdqu STATE3, 0x30(STATEP) + movdqu STATE4, 0x40(STATEP) + FRAME_END + ret + +.Lad_out_1: + movdqu STATE4, 0x00(STATEP) + movdqu STATE0, 0x10(STATEP) + movdqu STATE1, 0x20(STATEP) + movdqu STATE2, 0x30(STATEP) + movdqu STATE3, 0x40(STATEP) + FRAME_END + ret + +.Lad_out_2: + movdqu STATE3, 0x00(STATEP) + movdqu STATE4, 0x10(STATEP) + movdqu STATE0, 0x20(STATEP) + movdqu STATE1, 0x30(STATEP) + movdqu STATE2, 0x40(STATEP) + FRAME_END + ret + +.Lad_out_3: + movdqu STATE2, 0x00(STATEP) + movdqu STATE3, 0x10(STATEP) + movdqu STATE4, 0x20(STATEP) + movdqu STATE0, 0x30(STATEP) + movdqu STATE1, 0x40(STATEP) + FRAME_END + ret + +.Lad_out_4: + movdqu STATE1, 0x00(STATEP) + movdqu STATE2, 0x10(STATEP) + movdqu STATE3, 0x20(STATEP) + movdqu STATE4, 0x30(STATEP) + movdqu STATE0, 0x40(STATEP) + FRAME_END + ret + +.Lad_out: + FRAME_END + ret +ENDPROC(crypto_aegis128_aesni_ad) + +.macro encrypt_block a s0 s1 s2 s3 s4 i + movdq\a (\i * 0x10)(SRC), MSG + movdqa MSG, T0 + pxor \s1, T0 + pxor \s4, T0 + movdqa \s2, T1 + pand \s3, T1 + pxor T1, T0 + movdq\a T0, (\i * 0x10)(DST) + + aegis128_update + pxor MSG, \s4 + + sub $0x10, LEN + cmp $0x10, LEN + jl .Lenc_out_\i +.endm + +/* + * void crypto_aegis128_aesni_enc(void *state, unsigned int length, + * const void *src, void *dst); + */ +ENTRY(crypto_aegis128_aesni_enc) + FRAME_BEGIN + + cmp $0x10, LEN + jb .Lenc_out + + /* load the state: */ + movdqu 0x00(STATEP), STATE0 + movdqu 0x10(STATEP), STATE1 + movdqu 0x20(STATEP), STATE2 + movdqu 0x30(STATEP), STATE3 + movdqu 0x40(STATEP), STATE4 + + mov SRC, %r8 + or DST, %r8 + and $0xF, %r8 + jnz .Lenc_u_loop + +.align 8 +.Lenc_a_loop: + encrypt_block a STATE0 STATE1 STATE2 STATE3 STATE4 0 + encrypt_block a STATE4 STATE0 STATE1 STATE2 STATE3 1 + encrypt_block a STATE3 STATE4 STATE0 STATE1 STATE2 2 + encrypt_block a STATE2 STATE3 STATE4 STATE0 STATE1 3 + encrypt_block a STATE1 STATE2 STATE3 STATE4 STATE0 4 + + add $0x50, SRC + add $0x50, DST + jmp .Lenc_a_loop + +.align 8 +.Lenc_u_loop: + encrypt_block u STATE0 STATE1 STATE2 STATE3 STATE4 0 + encrypt_block u STATE4 STATE0 STATE1 STATE2 STATE3 1 + encrypt_block u STATE3 STATE4 STATE0 STATE1 STATE2 2 + encrypt_block u STATE2 STATE3 STATE4 STATE0 STATE1 3 + encrypt_block u STATE1 STATE2 STATE3 STATE4 STATE0 4 + + add $0x50, SRC + add $0x50, DST + jmp .Lenc_u_loop + + /* store the state: */ +.Lenc_out_0: + movdqu STATE4, 0x00(STATEP) + movdqu STATE0, 0x10(STATEP) + movdqu STATE1, 0x20(STATEP) + movdqu STATE2, 0x30(STATEP) + movdqu STATE3, 0x40(STATEP) + FRAME_END + ret + +.Lenc_out_1: + movdqu STATE3, 0x00(STATEP) + movdqu STATE4, 0x10(STATEP) + movdqu STATE0, 0x20(STATEP) + movdqu STATE1, 0x30(STATEP) + movdqu STATE2, 0x40(STATEP) + FRAME_END + ret + +.Lenc_out_2: + movdqu STATE2, 0x00(STATEP) + movdqu STATE3, 0x10(STATEP) + movdqu STATE4, 0x20(STATEP) + movdqu STATE0, 0x30(STATEP) + movdqu STATE1, 0x40(STATEP) + FRAME_END + ret + +.Lenc_out_3: + movdqu STATE1, 0x00(STATEP) + movdqu STATE2, 0x10(STATEP) + movdqu STATE3, 0x20(STATEP) + movdqu STATE4, 0x30(STATEP) + movdqu STATE0, 0x40(STATEP) + FRAME_END + ret + +.Lenc_out_4: + movdqu STATE0, 0x00(STATEP) + movdqu STATE1, 0x10(STATEP) + movdqu STATE2, 0x20(STATEP) + movdqu STATE3, 0x30(STATEP) + movdqu STATE4, 0x40(STATEP) + FRAME_END + ret + +.Lenc_out: + FRAME_END + ret +ENDPROC(crypto_aegis128_aesni_enc) + +/* + * void crypto_aegis128_aesni_enc_tail(void *state, unsigned int length, + * const void *src, void *dst); + */ +ENTRY(crypto_aegis128_aesni_enc_tail) + FRAME_BEGIN + + /* load the state: */ + movdqu 0x00(STATEP), STATE0 + movdqu 0x10(STATEP), STATE1 + movdqu 0x20(STATEP), STATE2 + movdqu 0x30(STATEP), STATE3 + movdqu 0x40(STATEP), STATE4 + + /* encrypt message: */ + call __load_partial + + movdqa MSG, T0 + pxor STATE1, T0 + pxor STATE4, T0 + movdqa STATE2, T1 + pand STATE3, T1 + pxor T1, T0 + + call __store_partial + + aegis128_update + pxor MSG, STATE4 + + /* store the state: */ + movdqu STATE4, 0x00(STATEP) + movdqu STATE0, 0x10(STATEP) + movdqu STATE1, 0x20(STATEP) + movdqu STATE2, 0x30(STATEP) + movdqu STATE3, 0x40(STATEP) + + FRAME_END +ENDPROC(crypto_aegis128_aesni_enc_tail) + +.macro decrypt_block a s0 s1 s2 s3 s4 i + movdq\a (\i * 0x10)(SRC), MSG + pxor \s1, MSG + pxor \s4, MSG + movdqa \s2, T1 + pand \s3, T1 + pxor T1, MSG + movdq\a MSG, (\i * 0x10)(DST) + + aegis128_update + pxor MSG, \s4 + + sub $0x10, LEN + cmp $0x10, LEN + jl .Ldec_out_\i +.endm + +/* + * void crypto_aegis128_aesni_dec(void *state, unsigned int length, + * const void *src, void *dst); + */ +ENTRY(crypto_aegis128_aesni_dec) + FRAME_BEGIN + + cmp $0x10, LEN + jb .Ldec_out + + /* load the state: */ + movdqu 0x00(STATEP), STATE0 + movdqu 0x10(STATEP), STATE1 + movdqu 0x20(STATEP), STATE2 + movdqu 0x30(STATEP), STATE3 + movdqu 0x40(STATEP), STATE4 + + mov SRC, %r8 + or DST, %r8 + and $0xF, %r8 + jnz .Ldec_u_loop + +.align 8 +.Ldec_a_loop: + decrypt_block a STATE0 STATE1 STATE2 STATE3 STATE4 0 + decrypt_block a STATE4 STATE0 STATE1 STATE2 STATE3 1 + decrypt_block a STATE3 STATE4 STATE0 STATE1 STATE2 2 + decrypt_block a STATE2 STATE3 STATE4 STATE0 STATE1 3 + decrypt_block a STATE1 STATE2 STATE3 STATE4 STATE0 4 + + add $0x50, SRC + add $0x50, DST + jmp .Ldec_a_loop + +.align 8 +.Ldec_u_loop: + decrypt_block u STATE0 STATE1 STATE2 STATE3 STATE4 0 + decrypt_block u STATE4 STATE0 STATE1 STATE2 STATE3 1 + decrypt_block u STATE3 STATE4 STATE0 STATE1 STATE2 2 + decrypt_block u STATE2 STATE3 STATE4 STATE0 STATE1 3 + decrypt_block u STATE1 STATE2 STATE3 STATE4 STATE0 4 + + add $0x50, SRC + add $0x50, DST + jmp .Ldec_u_loop + + /* store the state: */ +.Ldec_out_0: + movdqu STATE4, 0x00(STATEP) + movdqu STATE0, 0x10(STATEP) + movdqu STATE1, 0x20(STATEP) + movdqu STATE2, 0x30(STATEP) + movdqu STATE3, 0x40(STATEP) + FRAME_END + ret + +.Ldec_out_1: + movdqu STATE3, 0x00(STATEP) + movdqu STATE4, 0x10(STATEP) + movdqu STATE0, 0x20(STATEP) + movdqu STATE1, 0x30(STATEP) + movdqu STATE2, 0x40(STATEP) + FRAME_END + ret + +.Ldec_out_2: + movdqu STATE2, 0x00(STATEP) + movdqu STATE3, 0x10(STATEP) + movdqu STATE4, 0x20(STATEP) + movdqu STATE0, 0x30(STATEP) + movdqu STATE1, 0x40(STATEP) + FRAME_END + ret + +.Ldec_out_3: + movdqu STATE1, 0x00(STATEP) + movdqu STATE2, 0x10(STATEP) + movdqu STATE3, 0x20(STATEP) + movdqu STATE4, 0x30(STATEP) + movdqu STATE0, 0x40(STATEP) + FRAME_END + ret + +.Ldec_out_4: + movdqu STATE0, 0x00(STATEP) + movdqu STATE1, 0x10(STATEP) + movdqu STATE2, 0x20(STATEP) + movdqu STATE3, 0x30(STATEP) + movdqu STATE4, 0x40(STATEP) + FRAME_END + ret + +.Ldec_out: + FRAME_END + ret +ENDPROC(crypto_aegis128_aesni_dec) + +/* + * void crypto_aegis128_aesni_dec_tail(void *state, unsigned int length, + * const void *src, void *dst); + */ +ENTRY(crypto_aegis128_aesni_dec_tail) + FRAME_BEGIN + + /* load the state: */ + movdqu 0x00(STATEP), STATE0 + movdqu 0x10(STATEP), STATE1 + movdqu 0x20(STATEP), STATE2 + movdqu 0x30(STATEP), STATE3 + movdqu 0x40(STATEP), STATE4 + + /* decrypt message: */ + call __load_partial + + pxor STATE1, MSG + pxor STATE4, MSG + movdqa STATE2, T1 + pand STATE3, T1 + pxor T1, MSG + + movdqa MSG, T0 + call __store_partial + + /* mask with byte count: */ + movq LEN, T0 + punpcklbw T0, T0 + punpcklbw T0, T0 + punpcklbw T0, T0 + punpcklbw T0, T0 + movdqa .Laegis128_counter, T1 + pcmpgtb T1, T0 + pand T0, MSG + + aegis128_update + pxor MSG, STATE4 + + /* store the state: */ + movdqu STATE4, 0x00(STATEP) + movdqu STATE0, 0x10(STATEP) + movdqu STATE1, 0x20(STATEP) + movdqu STATE2, 0x30(STATEP) + movdqu STATE3, 0x40(STATEP) + + FRAME_END + ret +ENDPROC(crypto_aegis128_aesni_dec_tail) + +/* + * void crypto_aegis128_aesni_final(void *state, void *tag_xor, + * u64 assoclen, u64 cryptlen); + */ +ENTRY(crypto_aegis128_aesni_final) + FRAME_BEGIN + + /* load the state: */ + movdqu 0x00(STATEP), STATE0 + movdqu 0x10(STATEP), STATE1 + movdqu 0x20(STATEP), STATE2 + movdqu 0x30(STATEP), STATE3 + movdqu 0x40(STATEP), STATE4 + + /* prepare length block: */ + movq %rdx, MSG + movq %rcx, T0 + pslldq $8, T0 + pxor T0, MSG + psllq $3, MSG /* multiply by 8 (to get bit count) */ + + pxor STATE3, MSG + + /* update state: */ + aegis128_update; pxor MSG, STATE4 + aegis128_update; pxor MSG, STATE3 + aegis128_update; pxor MSG, STATE2 + aegis128_update; pxor MSG, STATE1 + aegis128_update; pxor MSG, STATE0 + aegis128_update; pxor MSG, STATE4 + aegis128_update; pxor MSG, STATE3 + + /* xor tag: */ + movdqu (%rsi), MSG + + pxor STATE0, MSG + pxor STATE1, MSG + pxor STATE2, MSG + pxor STATE3, MSG + pxor STATE4, MSG + + movdqu MSG, (%rsi) + + FRAME_END + ret +ENDPROC(crypto_aegis128_aesni_final) diff --git a/arch/x86/crypto/aegis128-aesni-glue.c b/arch/x86/crypto/aegis128-aesni-glue.c new file mode 100644 index 000000000000..5de7c0d46edf --- /dev/null +++ b/arch/x86/crypto/aegis128-aesni-glue.c @@ -0,0 +1,407 @@ +/* + * The AEGIS-128 Authenticated-Encryption Algorithm + * Glue for AES-NI + SSE2 implementation + * + * Copyright (c) 2017-2018 Ondrej Mosnacek <omosnacek@gmail.com> + * Copyright (C) 2017-2018 Red Hat, Inc. All rights reserved. + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the Free + * Software Foundation; either version 2 of the License, or (at your option) + * any later version. + */ + +#include <crypto/cryptd.h> +#include <crypto/internal/aead.h> +#include <crypto/internal/skcipher.h> +#include <crypto/scatterwalk.h> +#include <linux/module.h> +#include <asm/fpu/api.h> +#include <asm/cpu_device_id.h> + +#define AEGIS128_BLOCK_ALIGN 16 +#define AEGIS128_BLOCK_SIZE 16 +#define AEGIS128_NONCE_SIZE 16 +#define AEGIS128_STATE_BLOCKS 5 +#define AEGIS128_KEY_SIZE 16 +#define AEGIS128_MIN_AUTH_SIZE 8 +#define AEGIS128_MAX_AUTH_SIZE 16 + +asmlinkage void crypto_aegis128_aesni_init(void *state, void *key, void *iv); + +asmlinkage void crypto_aegis128_aesni_ad( + void *state, unsigned int length, const void *data); + +asmlinkage void crypto_aegis128_aesni_enc( + void *state, unsigned int length, const void *src, void *dst); + +asmlinkage void crypto_aegis128_aesni_dec( + void *state, unsigned int length, const void *src, void *dst); + +asmlinkage void crypto_aegis128_aesni_enc_tail( + void *state, unsigned int length, const void *src, void *dst); + +asmlinkage void crypto_aegis128_aesni_dec_tail( + void *state, unsigned int length, const void *src, void *dst); + +asmlinkage void crypto_aegis128_aesni_final( + void *state, void *tag_xor, unsigned int cryptlen, + unsigned int assoclen); + +struct aegis_block { + u8 bytes[AEGIS128_BLOCK_SIZE] __aligned(AEGIS128_BLOCK_ALIGN); +}; + +struct aegis_state { + struct aegis_block blocks[AEGIS128_STATE_BLOCKS]; +}; + +struct aegis_ctx { + struct aegis_block key; +}; + +struct aegis_crypt_ops { + int (*skcipher_walk_init)(struct skcipher_walk *walk, + struct aead_request *req, bool atomic); + + void (*crypt_blocks)(void *state, unsigned int length, const void *src, + void *dst); + void (*crypt_tail)(void *state, unsigned int length, const void *src, + void *dst); +}; + +static void crypto_aegis128_aesni_process_ad( + struct aegis_state *state, struct scatterlist *sg_src, + unsigned int assoclen) +{ + struct scatter_walk walk; + struct aegis_block buf; + unsigned int pos = 0; + + scatterwalk_start(&walk, sg_src); + while (assoclen != 0) { + unsigned int size = scatterwalk_clamp(&walk, assoclen); + unsigned int left = size; + void *mapped = scatterwalk_map(&walk); + const u8 *src = (const u8 *)mapped; + + if (pos + size >= AEGIS128_BLOCK_SIZE) { + if (pos > 0) { + unsigned int fill = AEGIS128_BLOCK_SIZE - pos; + memcpy(buf.bytes + pos, src, fill); + crypto_aegis128_aesni_ad(state, + AEGIS128_BLOCK_SIZE, + buf.bytes); + pos = 0; + left -= fill; + src += fill; + } + + crypto_aegis128_aesni_ad(state, left, src); + + src += left & ~(AEGIS128_BLOCK_SIZE - 1); + left &= AEGIS128_BLOCK_SIZE - 1; + } + + memcpy(buf.bytes + pos, src, left); + pos += left; + assoclen -= size; + + scatterwalk_unmap(mapped); + scatterwalk_advance(&walk, size); + scatterwalk_done(&walk, 0, assoclen); + } + + if (pos > 0) { + memset(buf.bytes + pos, 0, AEGIS128_BLOCK_SIZE - pos); + crypto_aegis128_aesni_ad(state, AEGIS128_BLOCK_SIZE, buf.bytes); + } +} + +static void crypto_aegis128_aesni_process_crypt( + struct aegis_state *state, struct aead_request *req, + const struct aegis_crypt_ops *ops) +{ + struct skcipher_walk walk; + u8 *src, *dst; + unsigned int chunksize, base; + + ops->skcipher_walk_init(&walk, req, false); + + while (walk.nbytes) { + src = walk.src.virt.addr; + dst = walk.dst.virt.addr; + chunksize = walk.nbytes; + + ops->crypt_blocks(state, chunksize, src, dst); + + base = chunksize & ~(AEGIS128_BLOCK_SIZE - 1); + src += base; + dst += base; + chunksize &= AEGIS128_BLOCK_SIZE - 1; + + if (chunksize > 0) + ops->crypt_tail(state, chunksize, src, dst); + + skcipher_walk_done(&walk, 0); + } +} + +static struct aegis_ctx *crypto_aegis128_aesni_ctx(struct crypto_aead *aead) +{ + u8 *ctx = crypto_aead_ctx(aead); + ctx = PTR_ALIGN(ctx, __alignof__(struct aegis_ctx)); + return (void *)ctx; +} + +static int crypto_aegis128_aesni_setkey(struct crypto_aead *aead, const u8 *key, + unsigned int keylen) +{ + struct aegis_ctx *ctx = crypto_aegis128_aesni_ctx(aead); + + if (keylen != AEGIS128_KEY_SIZE) { + crypto_aead_set_flags(aead, CRYPTO_TFM_RES_BAD_KEY_LEN); + return -EINVAL; + } + + memcpy(ctx->key.bytes, key, AEGIS128_KEY_SIZE); + + return 0; +} + +static int crypto_aegis128_aesni_setauthsize(struct crypto_aead *tfm, + unsigned int authsize) +{ + if (authsize > AEGIS128_MAX_AUTH_SIZE) + return -EINVAL; + if (authsize < AEGIS128_MIN_AUTH_SIZE) + return -EINVAL; + return 0; +} + +static void crypto_aegis128_aesni_crypt(struct aead_request *req, + struct aegis_block *tag_xor, + unsigned int cryptlen, + const struct aegis_crypt_ops *ops) +{ + struct crypto_aead *tfm = crypto_aead_reqtfm(req); + struct aegis_ctx *ctx = crypto_aegis128_aesni_ctx(tfm); + struct aegis_state state; + + kernel_fpu_begin(); + + crypto_aegis128_aesni_init(&state, ctx->key.bytes, req->iv); + crypto_aegis128_aesni_process_ad(&state, req->src, req->assoclen); + crypto_aegis128_aesni_process_crypt(&state, req, ops); + crypto_aegis128_aesni_final(&state, tag_xor, req->assoclen, cryptlen); + + kernel_fpu_end(); +} + +static int crypto_aegis128_aesni_encrypt(struct aead_request *req) +{ + static const struct aegis_crypt_ops OPS = { + .skcipher_walk_init = skcipher_walk_aead_encrypt, + .crypt_blocks = crypto_aegis128_aesni_enc, + .crypt_tail = crypto_aegis128_aesni_enc_tail, + }; + + struct crypto_aead *tfm = crypto_aead_reqtfm(req); + struct aegis_block tag = {}; + unsigned int authsize = crypto_aead_authsize(tfm); + unsigned int cryptlen = req->cryptlen; + + crypto_aegis128_aesni_crypt(req, &tag, cryptlen, &OPS); + + scatterwalk_map_and_copy(tag.bytes, req->dst, + req->assoclen + cryptlen, authsize, 1); + return 0; +} + +static int crypto_aegis128_aesni_decrypt(struct aead_request *req) +{ + static const struct aegis_block zeros = {}; + + static const struct aegis_crypt_ops OPS = { + .skcipher_walk_init = skcipher_walk_aead_decrypt, + .crypt_blocks = crypto_aegis128_aesni_dec, + .crypt_tail = crypto_aegis128_aesni_dec_tail, + }; + + struct crypto_aead *tfm = crypto_aead_reqtfm(req); + struct aegis_block tag; + unsigned int authsize = crypto_aead_authsize(tfm); + unsigned int cryptlen = req->cryptlen - authsize; + + scatterwalk_map_and_copy(tag.bytes, req->src, + req->assoclen + cryptlen, authsize, 0); + + crypto_aegis128_aesni_crypt(req, &tag, cryptlen, &OPS); + + return crypto_memneq(tag.bytes, zeros.bytes, authsize) ? -EBADMSG : 0; +} + +static int crypto_aegis128_aesni_init_tfm(struct crypto_aead *aead) +{ + return 0; +} + +static void crypto_aegis128_aesni_exit_tfm(struct crypto_aead *aead) +{ +} + +static int cryptd_aegis128_aesni_setkey(struct crypto_aead *aead, + const u8 *key, unsigned int keylen) +{ + struct cryptd_aead **ctx = crypto_aead_ctx(aead); + struct cryptd_aead *cryptd_tfm = *ctx; + + return crypto_aead_setkey(&cryptd_tfm->base, key, keylen); +} + +static int cryptd_aegis128_aesni_setauthsize(struct crypto_aead *aead, + unsigned int authsize) +{ + struct cryptd_aead **ctx = crypto_aead_ctx(aead); + struct cryptd_aead *cryptd_tfm = *ctx; + + return crypto_aead_setauthsize(&cryptd_tfm->base, authsize); +} + +static int cryptd_aegis128_aesni_encrypt(struct aead_request *req) +{ + struct crypto_aead *aead = crypto_aead_reqtfm(req); + struct cryptd_aead **ctx = crypto_aead_ctx(aead); + struct cryptd_aead *cryptd_tfm = *ctx; + + aead = &cryptd_tfm->base; + if (irq_fpu_usable() && (!in_atomic() || + !cryptd_aead_queued(cryptd_tfm))) + aead = cryptd_aead_child(cryptd_tfm); + + aead_request_set_tfm(req, aead); + + return crypto_aead_encrypt(req); +} + +static int cryptd_aegis128_aesni_decrypt(struct aead_request *req) +{ + struct crypto_aead *aead = crypto_aead_reqtfm(req); + struct cryptd_aead **ctx = crypto_aead_ctx(aead); + struct cryptd_aead *cryptd_tfm = *ctx; + + aead = &cryptd_tfm->base; + if (irq_fpu_usable() && (!in_atomic() || + !cryptd_aead_queued(cryptd_tfm))) + aead = cryptd_aead_child(cryptd_tfm); + + aead_request_set_tfm(req, aead); + + return crypto_aead_decrypt(req); +} + +static int cryptd_aegis128_aesni_init_tfm(struct crypto_aead *aead) +{ + struct cryptd_aead *cryptd_tfm; + struct cryptd_aead **ctx = crypto_aead_ctx(aead); + + cryptd_tfm = cryptd_alloc_aead("__aegis128-aesni", CRYPTO_ALG_INTERNAL, + CRYPTO_ALG_INTERNAL); + if (IS_ERR(cryptd_tfm)) + return PTR_ERR(cryptd_tfm); + + *ctx = cryptd_tfm; + crypto_aead_set_reqsize(aead, crypto_aead_reqsize(&cryptd_tfm->base)); + return 0; +} + +static void cryptd_aegis128_aesni_exit_tfm(struct crypto_aead *aead) +{ + struct cryptd_aead **ctx = crypto_aead_ctx(aead); + + cryptd_free_aead(*ctx); +} + +static struct aead_alg crypto_aegis128_aesni_alg[] = { + { + .setkey = crypto_aegis128_aesni_setkey, + .setauthsize = crypto_aegis128_aesni_setauthsize, + .encrypt = crypto_aegis128_aesni_encrypt, + .decrypt = crypto_aegis128_aesni_decrypt, + .init = crypto_aegis128_aesni_init_tfm, + .exit = crypto_aegis128_aesni_exit_tfm, + + .ivsize = AEGIS128_NONCE_SIZE, + .maxauthsize = AEGIS128_MAX_AUTH_SIZE, + .chunksize = AEGIS128_BLOCK_SIZE, + + .base = { + .cra_flags = CRYPTO_ALG_INTERNAL, + .cra_blocksize = 1, + .cra_ctxsize = sizeof(struct aegis_ctx) + + __alignof__(struct aegis_ctx), + .cra_alignmask = 0, + + .cra_name = "__aegis128", + .cra_driver_name = "__aegis128-aesni", + + .cra_module = THIS_MODULE, + } + }, { + .setkey = cryptd_aegis128_aesni_setkey, + .setauthsize = cryptd_aegis128_aesni_setauthsize, + .encrypt = cryptd_aegis128_aesni_encrypt, + .decrypt = cryptd_aegis128_aesni_decrypt, + .init = cryptd_aegis128_aesni_init_tfm, + .exit = cryptd_aegis128_aesni_exit_tfm, + + .ivsize = AEGIS128_NONCE_SIZE, + .maxauthsize = AEGIS128_MAX_AUTH_SIZE, + .chunksize = AEGIS128_BLOCK_SIZE, + + .base = { + .cra_flags = CRYPTO_ALG_ASYNC, + .cra_blocksize = 1, + .cra_ctxsize = sizeof(struct cryptd_aead *), + .cra_alignmask = 0, + + .cra_priority = 400, + + .cra_name = "aegis128", + .cra_driver_name = "aegis128-aesni", + + .cra_module = THIS_MODULE, + } + } +}; + +static const struct x86_cpu_id aesni_cpu_id[] = { + X86_FEATURE_MATCH(X86_FEATURE_AES), + X86_FEATURE_MATCH(X86_FEATURE_XMM2), + {} +}; +MODULE_DEVICE_TABLE(x86cpu, aesni_cpu_id); + +static int __init crypto_aegis128_aesni_module_init(void) +{ + if (!x86_match_cpu(aesni_cpu_id)) + return -ENODEV; + + return crypto_register_aeads(crypto_aegis128_aesni_alg, + ARRAY_SIZE(crypto_aegis128_aesni_alg)); +} + +static void __exit crypto_aegis128_aesni_module_exit(void) +{ + crypto_unregister_aeads(crypto_aegis128_aesni_alg, + ARRAY_SIZE(crypto_aegis128_aesni_alg)); +} + +module_init(crypto_aegis128_aesni_module_init); +module_exit(crypto_aegis128_aesni_module_exit); + +MODULE_LICENSE("GPL"); +MODULE_AUTHOR("Ondrej Mosnacek <omosnacek@gmail.com>"); +MODULE_DESCRIPTION("AEGIS-128 AEAD algorithm -- AESNI+SSE2 implementation"); +MODULE_ALIAS_CRYPTO("aegis128"); +MODULE_ALIAS_CRYPTO("aegis128-aesni"); diff --git a/arch/x86/crypto/aegis128l-aesni-asm.S b/arch/x86/crypto/aegis128l-aesni-asm.S new file mode 100644 index 000000000000..9263c344f2c7 --- /dev/null +++ b/arch/x86/crypto/aegis128l-aesni-asm.S @@ -0,0 +1,825 @@ +/* + * AES-NI + SSE2 implementation of AEGIS-128L + * + * Copyright (c) 2017-2018 Ondrej Mosnacek <omosnacek@gmail.com> + * Copyright (C) 2017-2018 Red Hat, Inc. All rights reserved. + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 as published + * by the Free Software Foundation. + */ + +#include <linux/linkage.h> +#include <asm/frame.h> + +#define STATE0 %xmm0 +#define STATE1 %xmm1 +#define STATE2 %xmm2 +#define STATE3 %xmm3 +#define STATE4 %xmm4 +#define STATE5 %xmm5 +#define STATE6 %xmm6 +#define STATE7 %xmm7 +#define MSG0 %xmm8 +#define MSG1 %xmm9 +#define T0 %xmm10 +#define T1 %xmm11 +#define T2 %xmm12 +#define T3 %xmm13 + +#define STATEP %rdi +#define LEN %rsi +#define SRC %rdx +#define DST %rcx + +.section .rodata.cst16.aegis128l_const, "aM", @progbits, 32 +.align 16 +.Laegis128l_const_0: + .byte 0x00, 0x01, 0x01, 0x02, 0x03, 0x05, 0x08, 0x0d + .byte 0x15, 0x22, 0x37, 0x59, 0x90, 0xe9, 0x79, 0x62 +.Laegis128l_const_1: + .byte 0xdb, 0x3d, 0x18, 0x55, 0x6d, 0xc2, 0x2f, 0xf1 + .byte 0x20, 0x11, 0x31, 0x42, 0x73, 0xb5, 0x28, 0xdd + +.section .rodata.cst16.aegis128l_counter, "aM", @progbits, 16 +.align 16 +.Laegis128l_counter0: + .byte 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07 + .byte 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f +.Laegis128l_counter1: + .byte 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17 + .byte 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f + +.text + +/* + * __load_partial: internal ABI + * input: + * LEN - bytes + * SRC - src + * output: + * MSG0 - first message block + * MSG1 - second message block + * changed: + * T0 + * %r8 + * %r9 + */ +__load_partial: + xor %r9, %r9 + pxor MSG0, MSG0 + pxor MSG1, MSG1 + + mov LEN, %r8 + and $0x1, %r8 + jz .Lld_partial_1 + + mov LEN, %r8 + and $0x1E, %r8 + add SRC, %r8 + mov (%r8), %r9b + +.Lld_partial_1: + mov LEN, %r8 + and $0x2, %r8 + jz .Lld_partial_2 + + mov LEN, %r8 + and $0x1C, %r8 + add SRC, %r8 + shl $0x10, %r9 + mov (%r8), %r9w + +.Lld_partial_2: + mov LEN, %r8 + and $0x4, %r8 + jz .Lld_partial_4 + + mov LEN, %r8 + and $0x18, %r8 + add SRC, %r8 + shl $32, %r9 + mov (%r8), %r8d + xor %r8, %r9 + +.Lld_partial_4: + movq %r9, MSG0 + + mov LEN, %r8 + and $0x8, %r8 + jz .Lld_partial_8 + + mov LEN, %r8 + and $0x10, %r8 + add SRC, %r8 + pslldq $8, MSG0 + movq (%r8), T0 + pxor T0, MSG0 + +.Lld_partial_8: + mov LEN, %r8 + and $0x10, %r8 + jz .Lld_partial_16 + + movdqa MSG0, MSG1 + movdqu (SRC), MSG0 + +.Lld_partial_16: + ret +ENDPROC(__load_partial) + +/* + * __store_partial: internal ABI + * input: + * LEN - bytes + * DST - dst + * output: + * T0 - first message block + * T1 - second message block + * changed: + * %r8 + * %r9 + * %r10 + */ +__store_partial: + mov LEN, %r8 + mov DST, %r9 + + cmp $16, %r8 + jl .Lst_partial_16 + + movdqu T0, (%r9) + movdqa T1, T0 + + sub $16, %r8 + add $16, %r9 + +.Lst_partial_16: + movq T0, %r10 + + cmp $8, %r8 + jl .Lst_partial_8 + + mov %r10, (%r9) + psrldq $8, T0 + movq T0, %r10 + + sub $8, %r8 + add $8, %r9 + +.Lst_partial_8: + cmp $4, %r8 + jl .Lst_partial_4 + + mov %r10d, (%r9) + shr $32, %r10 + + sub $4, %r8 + add $4, %r9 + +.Lst_partial_4: + cmp $2, %r8 + jl .Lst_partial_2 + + mov %r10w, (%r9) + shr $0x10, %r10 + + sub $2, %r8 + add $2, %r9 + +.Lst_partial_2: + cmp $1, %r8 + jl .Lst_partial_1 + + mov %r10b, (%r9) + +.Lst_partial_1: + ret +ENDPROC(__store_partial) + +.macro update + movdqa STATE7, T0 + aesenc STATE0, STATE7 + aesenc STATE1, STATE0 + aesenc STATE2, STATE1 + aesenc STATE3, STATE2 + aesenc STATE4, STATE3 + aesenc STATE5, STATE4 + aesenc STATE6, STATE5 + aesenc T0, STATE6 +.endm + +.macro update0 + update + pxor MSG0, STATE7 + pxor MSG1, STATE3 +.endm + +.macro update1 + update + pxor MSG0, STATE6 + pxor MSG1, STATE2 +.endm + +.macro update2 + update + pxor MSG0, STATE5 + pxor MSG1, STATE1 +.endm + +.macro update3 + update + pxor MSG0, STATE4 + pxor MSG1, STATE0 +.endm + +.macro update4 + update + pxor MSG0, STATE3 + pxor MSG1, STATE7 +.endm + +.macro update5 + update + pxor MSG0, STATE2 + pxor MSG1, STATE6 +.endm + +.macro update6 + update + pxor MSG0, STATE1 + pxor MSG1, STATE5 +.endm + +.macro update7 + update + pxor MSG0, STATE0 + pxor MSG1, STATE4 +.endm + +.macro state_load + movdqu 0x00(STATEP), STATE0 + movdqu 0x10(STATEP), STATE1 + movdqu 0x20(STATEP), STATE2 + movdqu 0x30(STATEP), STATE3 + movdqu 0x40(STATEP), STATE4 + movdqu 0x50(STATEP), STATE5 + movdqu 0x60(STATEP), STATE6 + movdqu 0x70(STATEP), STATE7 +.endm + +.macro state_store s0 s1 s2 s3 s4 s5 s6 s7 + movdqu \s7, 0x00(STATEP) + movdqu \s0, 0x10(STATEP) + movdqu \s1, 0x20(STATEP) + movdqu \s2, 0x30(STATEP) + movdqu \s3, 0x40(STATEP) + movdqu \s4, 0x50(STATEP) + movdqu \s5, 0x60(STATEP) + movdqu \s6, 0x70(STATEP) +.endm + +.macro state_store0 + state_store STATE0 STATE1 STATE2 STATE3 STATE4 STATE5 STATE6 STATE7 +.endm + +.macro state_store1 + state_store STATE7 STATE0 STATE1 STATE2 STATE3 STATE4 STATE5 STATE6 +.endm + +.macro state_store2 + state_store STATE6 STATE7 STATE0 STATE1 STATE2 STATE3 STATE4 STATE5 +.endm + +.macro state_store3 + state_store STATE5 STATE6 STATE7 STATE0 STATE1 STATE2 STATE3 STATE4 +.endm + +.macro state_store4 + state_store STATE4 STATE5 STATE6 STATE7 STATE0 STATE1 STATE2 STATE3 +.endm + +.macro state_store5 + state_store STATE3 STATE4 STATE5 STATE6 STATE7 STATE0 STATE1 STATE2 +.endm + +.macro state_store6 + state_store STATE2 STATE3 STATE4 STATE5 STATE6 STATE7 STATE0 STATE1 +.endm + +.macro state_store7 + state_store STATE1 STATE2 STATE3 STATE4 STATE5 STATE6 STATE7 STATE0 +.endm + +/* + * void crypto_aegis128l_aesni_init(void *state, const void *key, const void *iv); + */ +ENTRY(crypto_aegis128l_aesni_init) + FRAME_BEGIN + + /* load key: */ + movdqa (%rsi), MSG1 + movdqa MSG1, STATE0 + movdqa MSG1, STATE4 + movdqa MSG1, STATE5 + movdqa MSG1, STATE6 + movdqa MSG1, STATE7 + + /* load IV: */ + movdqu (%rdx), MSG0 + pxor MSG0, STATE0 + pxor MSG0, STATE4 + + /* load the constants: */ + movdqa .Laegis128l_const_0, STATE2 + movdqa .Laegis128l_const_1, STATE1 + movdqa STATE1, STATE3 + pxor STATE2, STATE5 + pxor STATE1, STATE6 + pxor STATE2, STATE7 + + /* update 10 times with IV and KEY: */ + update0 + update1 + update2 + update3 + update4 + update5 + update6 + update7 + update0 + update1 + + state_store1 + + FRAME_END + ret +ENDPROC(crypto_aegis128l_aesni_init) + +.macro ad_block a i + movdq\a (\i * 0x20 + 0x00)(SRC), MSG0 + movdq\a (\i * 0x20 + 0x10)(SRC), MSG1 + update\i + sub $0x20, LEN + cmp $0x20, LEN + jl .Lad_out_\i +.endm + +/* + * void crypto_aegis128l_aesni_ad(void *state, unsigned int length, + * const void *data); + */ +ENTRY(crypto_aegis128l_aesni_ad) + FRAME_BEGIN + + cmp $0x20, LEN + jb .Lad_out + + state_load + + mov SRC, %r8 + and $0xf, %r8 + jnz .Lad_u_loop + +.align 8 +.Lad_a_loop: + ad_block a 0 + ad_block a 1 + ad_block a 2 + ad_block a 3 + ad_block a 4 + ad_block a 5 + ad_block a 6 + ad_block a 7 + + add $0x100, SRC + jmp .Lad_a_loop + +.align 8 +.Lad_u_loop: + ad_block u 0 + ad_block u 1 + ad_block u 2 + ad_block u 3 + ad_block u 4 + ad_block u 5 + ad_block u 6 + ad_block u 7 + + add $0x100, SRC + jmp .Lad_u_loop + +.Lad_out_0: + state_store0 + FRAME_END + ret + +.Lad_out_1: + state_store1 + FRAME_END + ret + +.Lad_out_2: + state_store2 + FRAME_END + ret + +.Lad_out_3: + state_store3 + FRAME_END + ret + +.Lad_out_4: + state_store4 + FRAME_END + ret + +.Lad_out_5: + state_store5 + FRAME_END + ret + +.Lad_out_6: + state_store6 + FRAME_END + ret + +.Lad_out_7: + state_store7 + FRAME_END + ret + +.Lad_out: + FRAME_END + ret +ENDPROC(crypto_aegis128l_aesni_ad) + +.macro crypt m0 m1 s0 s1 s2 s3 s4 s5 s6 s7 + pxor \s1, \m0 + pxor \s6, \m0 + movdqa \s2, T3 + pand \s3, T3 + pxor T3, \m0 + + pxor \s2, \m1 + pxor \s5, \m1 + movdqa \s6, T3 + pand \s7, T3 + pxor T3, \m1 +.endm + +.macro crypt0 m0 m1 + crypt \m0 \m1 STATE0 STATE1 STATE2 STATE3 STATE4 STATE5 STATE6 STATE7 +.endm + +.macro crypt1 m0 m1 + crypt \m0 \m1 STATE7 STATE0 STATE1 STATE2 STATE3 STATE4 STATE5 STATE6 +.endm + +.macro crypt2 m0 m1 + crypt \m0 \m1 STATE6 STATE7 STATE0 STATE1 STATE2 STATE3 STATE4 STATE5 +.endm + +.macro crypt3 m0 m1 + crypt \m0 \m1 STATE5 STATE6 STATE7 STATE0 STATE1 STATE2 STATE3 STATE4 +.endm + +.macro crypt4 m0 m1 + crypt \m0 \m1 STATE4 STATE5 STATE6 STATE7 STATE0 STATE1 STATE2 STATE3 +.endm + +.macro crypt5 m0 m1 + crypt \m0 \m1 STATE3 STATE4 STATE5 STATE6 STATE7 STATE0 STATE1 STATE2 +.endm + +.macro crypt6 m0 m1 + crypt \m0 \m1 STATE2 STATE3 STATE4 STATE5 STATE6 STATE7 STATE0 STATE1 +.endm + +.macro crypt7 m0 m1 + crypt \m0 \m1 STATE1 STATE2 STATE3 STATE4 STATE5 STATE6 STATE7 STATE0 +.endm + +.macro encrypt_block a i + movdq\a (\i * 0x20 + 0x00)(SRC), MSG0 + movdq\a (\i * 0x20 + 0x10)(SRC), MSG1 + movdqa MSG0, T0 + movdqa MSG1, T1 + crypt\i T0, T1 + movdq\a T0, (\i * 0x20 + 0x00)(DST) + movdq\a T1, (\i * 0x20 + 0x10)(DST) + + update\i + + sub $0x20, LEN + cmp $0x20, LEN + jl .Lenc_out_\i +.endm + +.macro decrypt_block a i + movdq\a (\i * 0x20 + 0x00)(SRC), MSG0 + movdq\a (\i * 0x20 + 0x10)(SRC), MSG1 + crypt\i MSG0, MSG1 + movdq\a MSG0, (\i * 0x20 + 0x00)(DST) + movdq\a MSG1, (\i * 0x20 + 0x10)(DST) + + update\i + + sub $0x20, LEN + cmp $0x20, LEN + jl .Ldec_out_\i +.endm + +/* + * void crypto_aegis128l_aesni_enc(void *state, unsigned int length, + * const void *src, void *dst); + */ +ENTRY(crypto_aegis128l_aesni_enc) + FRAME_BEGIN + + cmp $0x20, LEN + jb .Lenc_out + + state_load + + mov SRC, %r8 + or DST, %r8 + and $0xf, %r8 + jnz .Lenc_u_loop + +.align 8 +.Lenc_a_loop: + encrypt_block a 0 + encrypt_block a 1 + encrypt_block a 2 + encrypt_block a 3 + encrypt_block a 4 + encrypt_block a 5 + encrypt_block a 6 + encrypt_block a 7 + + add $0x100, SRC + add $0x100, DST + jmp .Lenc_a_loop + +.align 8 +.Lenc_u_loop: + encrypt_block u 0 + encrypt_block u 1 + encrypt_block u 2 + encrypt_block u 3 + encrypt_block u 4 + encrypt_block u 5 + encrypt_block u 6 + encrypt_block u 7 + + add $0x100, SRC + add $0x100, DST + jmp .Lenc_u_loop + +.Lenc_out_0: + state_store0 + FRAME_END + ret + +.Lenc_out_1: + state_store1 + FRAME_END + ret + +.Lenc_out_2: + state_store2 + FRAME_END + ret + +.Lenc_out_3: + state_store3 + FRAME_END + ret + +.Lenc_out_4: + state_store4 + FRAME_END + ret + +.Lenc_out_5: + state_store5 + FRAME_END + ret + +.Lenc_out_6: + state_store6 + FRAME_END + ret + +.Lenc_out_7: + state_store7 + FRAME_END + ret + +.Lenc_out: + FRAME_END + ret +ENDPROC(crypto_aegis128l_aesni_enc) + +/* + * void crypto_aegis128l_aesni_enc_tail(void *state, unsigned int length, + * const void *src, void *dst); + */ +ENTRY(crypto_aegis128l_aesni_enc_tail) + FRAME_BEGIN + + state_load + + /* encrypt message: */ + call __load_partial + + movdqa MSG0, T0 + movdqa MSG1, T1 + crypt0 T0, T1 + + call __store_partial + + update0 + + state_store0 + + FRAME_END +ENDPROC(crypto_aegis128l_aesni_enc_tail) + +/* + * void crypto_aegis128l_aesni_dec(void *state, unsigned int length, + * const void *src, void *dst); + */ +ENTRY(crypto_aegis128l_aesni_dec) + FRAME_BEGIN + + cmp $0x20, LEN + jb .Ldec_out + + state_load + + mov SRC, %r8 + or DST, %r8 + and $0xF, %r8 + jnz .Ldec_u_loop + +.align 8 +.Ldec_a_loop: + decrypt_block a 0 + decrypt_block a 1 + decrypt_block a 2 + decrypt_block a 3 + decrypt_block a 4 + decrypt_block a 5 + decrypt_block a 6 + decrypt_block a 7 + + add $0x100, SRC + add $0x100, DST + jmp .Ldec_a_loop + +.align 8 +.Ldec_u_loop: + decrypt_block u 0 + decrypt_block u 1 + decrypt_block u 2 + decrypt_block u 3 + decrypt_block u 4 + decrypt_block u 5 + decrypt_block u 6 + decrypt_block u 7 + + add $0x100, SRC + add $0x100, DST + jmp .Ldec_u_loop + +.Ldec_out_0: + state_store0 + FRAME_END + ret + +.Ldec_out_1: + state_store1 + FRAME_END + ret + +.Ldec_out_2: + state_store2 + FRAME_END + ret + +.Ldec_out_3: + state_store3 + FRAME_END + ret + +.Ldec_out_4: + state_store4 + FRAME_END + ret + +.Ldec_out_5: + state_store5 + FRAME_END + ret + +.Ldec_out_6: + state_store6 + FRAME_END + ret + +.Ldec_out_7: + state_store7 + FRAME_END + ret + +.Ldec_out: + FRAME_END + ret +ENDPROC(crypto_aegis128l_aesni_dec) + +/* + * void crypto_aegis128l_aesni_dec_tail(void *state, unsigned int length, + * const void *src, void *dst); + */ +ENTRY(crypto_aegis128l_aesni_dec_tail) + FRAME_BEGIN + + state_load + + /* decrypt message: */ + call __load_partial + + crypt0 MSG0, MSG1 + + movdqa MSG0, T0 + movdqa MSG1, T1 + call __store_partial + + /* mask with byte count: */ + movq LEN, T0 + punpcklbw T0, T0 + punpcklbw T0, T0 + punpcklbw T0, T0 + punpcklbw T0, T0 + movdqa T0, T1 + movdqa .Laegis128l_counter0, T2 + movdqa .Laegis128l_counter1, T3 + pcmpgtb T2, T0 + pcmpgtb T3, T1 + pand T0, MSG0 + pand T1, MSG1 + + update0 + + state_store0 + + FRAME_END + ret +ENDPROC(crypto_aegis128l_aesni_dec_tail) + +/* + * void crypto_aegis128l_aesni_final(void *state, void *tag_xor, + * u64 assoclen, u64 cryptlen); + */ +ENTRY(crypto_aegis128l_aesni_final) + FRAME_BEGIN + + state_load + + /* prepare length block: */ + movq %rdx, MSG0 + movq %rcx, T0 + pslldq $8, T0 + pxor T0, MSG0 + psllq $3, MSG0 /* multiply by 8 (to get bit count) */ + + pxor STATE2, MSG0 + movdqa MSG0, MSG1 + + /* update state: */ + update0 + update1 + update2 + update3 + update4 + update5 + update6 + + /* xor tag: */ + movdqu (%rsi), T0 + + pxor STATE1, T0 + pxor STATE2, T0 + pxor STATE3, T0 + pxor STATE4, T0 + pxor STATE5, T0 + pxor STATE6, T0 + pxor STATE7, T0 + + movdqu T0, (%rsi) + + FRAME_END + ret +ENDPROC(crypto_aegis128l_aesni_final) diff --git a/arch/x86/crypto/aegis128l-aesni-glue.c b/arch/x86/crypto/aegis128l-aesni-glue.c new file mode 100644 index 000000000000..876e4866e633 --- /dev/null +++ b/arch/x86/crypto/aegis128l-aesni-glue.c @@ -0,0 +1,407 @@ +/* + * The AEGIS-128L Authenticated-Encryption Algorithm + * Glue for AES-NI + SSE2 implementation + * + * Copyright (c) 2017-2018 Ondrej Mosnacek <omosnacek@gmail.com> + * Copyright (C) 2017-2018 Red Hat, Inc. All rights reserved. + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the Free + * Software Foundation; either version 2 of the License, or (at your option) + * any later version. + */ + +#include <crypto/cryptd.h> +#include <crypto/internal/aead.h> +#include <crypto/internal/skcipher.h> +#include <crypto/scatterwalk.h> +#include <linux/module.h> +#include <asm/fpu/api.h> +#include <asm/cpu_device_id.h> + +#define AEGIS128L_BLOCK_ALIGN 16 +#define AEGIS128L_BLOCK_SIZE 32 +#define AEGIS128L_NONCE_SIZE 16 +#define AEGIS128L_STATE_BLOCKS 8 +#define AEGIS128L_KEY_SIZE 16 +#define AEGIS128L_MIN_AUTH_SIZE 8 +#define AEGIS128L_MAX_AUTH_SIZE 16 + +asmlinkage void crypto_aegis128l_aesni_init(void *state, void *key, void *iv); + +asmlinkage void crypto_aegis128l_aesni_ad( + void *state, unsigned int length, const void *data); + +asmlinkage void crypto_aegis128l_aesni_enc( + void *state, unsigned int length, const void *src, void *dst); + +asmlinkage void crypto_aegis128l_aesni_dec( + void *state, unsigned int length, const void *src, void *dst); + +asmlinkage void crypto_aegis128l_aesni_enc_tail( + void *state, unsigned int length, const void *src, void *dst); + +asmlinkage void crypto_aegis128l_aesni_dec_tail( + void *state, unsigned int length, const void *src, void *dst); + +asmlinkage void crypto_aegis128l_aesni_final( + void *state, void *tag_xor, unsigned int cryptlen, + unsigned int assoclen); + +struct aegis_block { + u8 bytes[AEGIS128L_BLOCK_SIZE] __aligned(AEGIS128L_BLOCK_ALIGN); +}; + +struct aegis_state { + struct aegis_block blocks[AEGIS128L_STATE_BLOCKS]; +}; + +struct aegis_ctx { + struct aegis_block key; +}; + +struct aegis_crypt_ops { + int (*skcipher_walk_init)(struct skcipher_walk *walk, + struct aead_request *req, bool atomic); + + void (*crypt_blocks)(void *state, unsigned int length, const void *src, + void *dst); + void (*crypt_tail)(void *state, unsigned int length, const void *src, + void *dst); +}; + +static void crypto_aegis128l_aesni_process_ad( + struct aegis_state *state, struct scatterlist *sg_src, + unsigned int assoclen) +{ + struct scatter_walk walk; + struct aegis_block buf; + unsigned int pos = 0; + + scatterwalk_start(&walk, sg_src); + while (assoclen != 0) { + unsigned int size = scatterwalk_clamp(&walk, assoclen); + unsigned int left = size; + void *mapped = scatterwalk_map(&walk); + const u8 *src = (const u8 *)mapped; + + if (pos + size >= AEGIS128L_BLOCK_SIZE) { + if (pos > 0) { + unsigned int fill = AEGIS128L_BLOCK_SIZE - pos; + memcpy(buf.bytes + pos, src, fill); + crypto_aegis128l_aesni_ad(state, + AEGIS128L_BLOCK_SIZE, + buf.bytes); + pos = 0; + left -= fill; + src += fill; + } + + crypto_aegis128l_aesni_ad(state, left, src); + + src += left & ~(AEGIS128L_BLOCK_SIZE - 1); + left &= AEGIS128L_BLOCK_SIZE - 1; + } + + memcpy(buf.bytes + pos, src, left); + pos += left; + assoclen -= size; + + scatterwalk_unmap(mapped); + scatterwalk_advance(&walk, size); + scatterwalk_done(&walk, 0, assoclen); + } + + if (pos > 0) { + memset(buf.bytes + pos, 0, AEGIS128L_BLOCK_SIZE - pos); + crypto_aegis128l_aesni_ad(state, AEGIS128L_BLOCK_SIZE, buf.bytes); + } +} + +static void crypto_aegis128l_aesni_process_crypt( + struct aegis_state *state, struct aead_request *req, + const struct aegis_crypt_ops *ops) +{ + struct skcipher_walk walk; + u8 *src, *dst; + unsigned int chunksize, base; + + ops->skcipher_walk_init(&walk, req, false); + + while (walk.nbytes) { + src = walk.src.virt.addr; + dst = walk.dst.virt.addr; + chunksize = walk.nbytes; + + ops->crypt_blocks(state, chunksize, src, dst); + + base = chunksize & ~(AEGIS128L_BLOCK_SIZE - 1); + src += base; + dst += base; + chunksize &= AEGIS128L_BLOCK_SIZE - 1; + + if (chunksize > 0) + ops->crypt_tail(state, chunksize, src, dst); + + skcipher_walk_done(&walk, 0); + } +} + +static struct aegis_ctx *crypto_aegis128l_aesni_ctx(struct crypto_aead *aead) +{ + u8 *ctx = crypto_aead_ctx(aead); + ctx = PTR_ALIGN(ctx, __alignof__(struct aegis_ctx)); + return (void *)ctx; +} + +static int crypto_aegis128l_aesni_setkey(struct crypto_aead *aead, + const u8 *key, unsigned int keylen) +{ + struct aegis_ctx *ctx = crypto_aegis128l_aesni_ctx(aead); + + if (keylen != AEGIS128L_KEY_SIZE) { + crypto_aead_set_flags(aead, CRYPTO_TFM_RES_BAD_KEY_LEN); + return -EINVAL; + } + + memcpy(ctx->key.bytes, key, AEGIS128L_KEY_SIZE); + + return 0; +} + +static int crypto_aegis128l_aesni_setauthsize(struct crypto_aead *tfm, + unsigned int authsize) +{ + if (authsize > AEGIS128L_MAX_AUTH_SIZE) + return -EINVAL; + if (authsize < AEGIS128L_MIN_AUTH_SIZE) + return -EINVAL; + return 0; +} + +static void crypto_aegis128l_aesni_crypt(struct aead_request *req, + struct aegis_block *tag_xor, + unsigned int cryptlen, + const struct aegis_crypt_ops *ops) +{ + struct crypto_aead *tfm = crypto_aead_reqtfm(req); + struct aegis_ctx *ctx = crypto_aegis128l_aesni_ctx(tfm); + struct aegis_state state; + + kernel_fpu_begin(); + + crypto_aegis128l_aesni_init(&state, ctx->key.bytes, req->iv); + crypto_aegis128l_aesni_process_ad(&state, req->src, req->assoclen); + crypto_aegis128l_aesni_process_crypt(&state, req, ops); + crypto_aegis128l_aesni_final(&state, tag_xor, req->assoclen, cryptlen); + + kernel_fpu_end(); +} + +static int crypto_aegis128l_aesni_encrypt(struct aead_request *req) +{ + static const struct aegis_crypt_ops OPS = { + .skcipher_walk_init = skcipher_walk_aead_encrypt, + .crypt_blocks = crypto_aegis128l_aesni_enc, + .crypt_tail = crypto_aegis128l_aesni_enc_tail, + }; + + struct crypto_aead *tfm = crypto_aead_reqtfm(req); + struct aegis_block tag = {}; + unsigned int authsize = crypto_aead_authsize(tfm); + unsigned int cryptlen = req->cryptlen; + + crypto_aegis128l_aesni_crypt(req, &tag, cryptlen, &OPS); + + scatterwalk_map_and_copy(tag.bytes, req->dst, + req->assoclen + cryptlen, authsize, 1); + return 0; +} + +static int crypto_aegis128l_aesni_decrypt(struct aead_request *req) +{ + static const struct aegis_block zeros = {}; + + static const struct aegis_crypt_ops OPS = { + .skcipher_walk_init = skcipher_walk_aead_decrypt, + .crypt_blocks = crypto_aegis128l_aesni_dec, + .crypt_tail = crypto_aegis128l_aesni_dec_tail, + }; + + struct crypto_aead *tfm = crypto_aead_reqtfm(req); + struct aegis_block tag; + unsigned int authsize = crypto_aead_authsize(tfm); + unsigned int cryptlen = req->cryptlen - authsize; + + scatterwalk_map_and_copy(tag.bytes, req->src, + req->assoclen + cryptlen, authsize, 0); + + crypto_aegis128l_aesni_crypt(req, &tag, cryptlen, &OPS); + + return crypto_memneq(tag.bytes, zeros.bytes, authsize) ? -EBADMSG : 0; +} + +static int crypto_aegis128l_aesni_init_tfm(struct crypto_aead *aead) +{ + return 0; +} + +static void crypto_aegis128l_aesni_exit_tfm(struct crypto_aead *aead) +{ +} + +static int cryptd_aegis128l_aesni_setkey(struct crypto_aead *aead, + const u8 *key, unsigned int keylen) +{ + struct cryptd_aead **ctx = crypto_aead_ctx(aead); + struct cryptd_aead *cryptd_tfm = *ctx; + + return crypto_aead_setkey(&cryptd_tfm->base, key, keylen); +} + +static int cryptd_aegis128l_aesni_setauthsize(struct crypto_aead *aead, + unsigned int authsize) +{ + struct cryptd_aead **ctx = crypto_aead_ctx(aead); + struct cryptd_aead *cryptd_tfm = *ctx; + + return crypto_aead_setauthsize(&cryptd_tfm->base, authsize); +} + +static int cryptd_aegis128l_aesni_encrypt(struct aead_request *req) +{ + struct crypto_aead *aead = crypto_aead_reqtfm(req); + struct cryptd_aead **ctx = crypto_aead_ctx(aead); + struct cryptd_aead *cryptd_tfm = *ctx; + + aead = &cryptd_tfm->base; + if (irq_fpu_usable() && (!in_atomic() || + !cryptd_aead_queued(cryptd_tfm))) + aead = cryptd_aead_child(cryptd_tfm); + + aead_request_set_tfm(req, aead); + + return crypto_aead_encrypt(req); +} + +static int cryptd_aegis128l_aesni_decrypt(struct aead_request *req) +{ + struct crypto_aead *aead = crypto_aead_reqtfm(req); + struct cryptd_aead **ctx = crypto_aead_ctx(aead); + struct cryptd_aead *cryptd_tfm = *ctx; + + aead = &cryptd_tfm->base; + if (irq_fpu_usable() && (!in_atomic() || + !cryptd_aead_queued(cryptd_tfm))) + aead = cryptd_aead_child(cryptd_tfm); + + aead_request_set_tfm(req, aead); + + return crypto_aead_decrypt(req); +} + +static int cryptd_aegis128l_aesni_init_tfm(struct crypto_aead *aead) +{ + struct cryptd_aead *cryptd_tfm; + struct cryptd_aead **ctx = crypto_aead_ctx(aead); + + cryptd_tfm = cryptd_alloc_aead("__aegis128l-aesni", CRYPTO_ALG_INTERNAL, + CRYPTO_ALG_INTERNAL); + if (IS_ERR(cryptd_tfm)) + return PTR_ERR(cryptd_tfm); + + *ctx = cryptd_tfm; + crypto_aead_set_reqsize(aead, crypto_aead_reqsize(&cryptd_tfm->base)); + return 0; +} + +static void cryptd_aegis128l_aesni_exit_tfm(struct crypto_aead *aead) +{ + struct cryptd_aead **ctx = crypto_aead_ctx(aead); + + cryptd_free_aead(*ctx); +} + +static struct aead_alg crypto_aegis128l_aesni_alg[] = { + { + .setkey = crypto_aegis128l_aesni_setkey, + .setauthsize = crypto_aegis128l_aesni_setauthsize, + .encrypt = crypto_aegis128l_aesni_encrypt, + .decrypt = crypto_aegis128l_aesni_decrypt, + .init = crypto_aegis128l_aesni_init_tfm, + .exit = crypto_aegis128l_aesni_exit_tfm, + + .ivsize = AEGIS128L_NONCE_SIZE, + .maxauthsize = AEGIS128L_MAX_AUTH_SIZE, + .chunksize = AEGIS128L_BLOCK_SIZE, + + .base = { + .cra_flags = CRYPTO_ALG_INTERNAL, + .cra_blocksize = 1, + .cra_ctxsize = sizeof(struct aegis_ctx) + + __alignof__(struct aegis_ctx), + .cra_alignmask = 0, + + .cra_name = "__aegis128l", + .cra_driver_name = "__aegis128l-aesni", + + .cra_module = THIS_MODULE, + } + }, { + .setkey = cryptd_aegis128l_aesni_setkey, + .setauthsize = cryptd_aegis128l_aesni_setauthsize, + .encrypt = cryptd_aegis128l_aesni_encrypt, + .decrypt = cryptd_aegis128l_aesni_decrypt, + .init = cryptd_aegis128l_aesni_init_tfm, + .exit = cryptd_aegis128l_aesni_exit_tfm, + + .ivsize = AEGIS128L_NONCE_SIZE, + .maxauthsize = AEGIS128L_MAX_AUTH_SIZE, + .chunksize = AEGIS128L_BLOCK_SIZE, + + .base = { + .cra_flags = CRYPTO_ALG_ASYNC, + .cra_blocksize = 1, + .cra_ctxsize = sizeof(struct cryptd_aead *), + .cra_alignmask = 0, + + .cra_priority = 400, + + .cra_name = "aegis128l", + .cra_driver_name = "aegis128l-aesni", + + .cra_module = THIS_MODULE, + } + } +}; + +static const struct x86_cpu_id aesni_cpu_id[] = { + X86_FEATURE_MATCH(X86_FEATURE_AES), + X86_FEATURE_MATCH(X86_FEATURE_XMM2), + {} +}; +MODULE_DEVICE_TABLE(x86cpu, aesni_cpu_id); + +static int __init crypto_aegis128l_aesni_module_init(void) +{ + if (!x86_match_cpu(aesni_cpu_id)) + return -ENODEV; + + return crypto_register_aeads(crypto_aegis128l_aesni_alg, + ARRAY_SIZE(crypto_aegis128l_aesni_alg)); +} + +static void __exit crypto_aegis128l_aesni_module_exit(void) +{ + crypto_unregister_aeads(crypto_aegis128l_aesni_alg, + ARRAY_SIZE(crypto_aegis128l_aesni_alg)); +} + +module_init(crypto_aegis128l_aesni_module_init); +module_exit(crypto_aegis128l_aesni_module_exit); + +MODULE_LICENSE("GPL"); +MODULE_AUTHOR("Ondrej Mosnacek <omosnacek@gmail.com>"); +MODULE_DESCRIPTION("AEGIS-128L AEAD algorithm -- AESNI+SSE2 implementation"); +MODULE_ALIAS_CRYPTO("aegis128l"); +MODULE_ALIAS_CRYPTO("aegis128l-aesni"); diff --git a/arch/x86/crypto/aegis256-aesni-asm.S b/arch/x86/crypto/aegis256-aesni-asm.S new file mode 100644 index 000000000000..1d977d515bf9 --- /dev/null +++ b/arch/x86/crypto/aegis256-aesni-asm.S @@ -0,0 +1,702 @@ +/* + * AES-NI + SSE2 implementation of AEGIS-128L + * + * Copyright (c) 2017-2018 Ondrej Mosnacek <omosnacek@gmail.com> + * Copyright (C) 2017-2018 Red Hat, Inc. All rights reserved. + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 as published + * by the Free Software Foundation. + */ + +#include <linux/linkage.h> +#include <asm/frame.h> + +#define STATE0 %xmm0 +#define STATE1 %xmm1 +#define STATE2 %xmm2 +#define STATE3 %xmm3 +#define STATE4 %xmm4 +#define STATE5 %xmm5 +#define MSG %xmm6 +#define T0 %xmm7 +#define T1 %xmm8 +#define T2 %xmm9 +#define T3 %xmm10 + +#define STATEP %rdi +#define LEN %rsi +#define SRC %rdx +#define DST %rcx + +.section .rodata.cst16.aegis256_const, "aM", @progbits, 32 +.align 16 +.Laegis256_const_0: + .byte 0x00, 0x01, 0x01, 0x02, 0x03, 0x05, 0x08, 0x0d + .byte 0x15, 0x22, 0x37, 0x59, 0x90, 0xe9, 0x79, 0x62 +.Laegis256_const_1: + .byte 0xdb, 0x3d, 0x18, 0x55, 0x6d, 0xc2, 0x2f, 0xf1 + .byte 0x20, 0x11, 0x31, 0x42, 0x73, 0xb5, 0x28, 0xdd + +.section .rodata.cst16.aegis256_counter, "aM", @progbits, 16 +.align 16 +.Laegis256_counter: + .byte 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07 + .byte 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f + +.text + +/* + * __load_partial: internal ABI + * input: + * LEN - bytes + * SRC - src + * output: + * MSG - message block + * changed: + * T0 + * %r8 + * %r9 + */ +__load_partial: + xor %r9, %r9 + pxor MSG, MSG + + mov LEN, %r8 + and $0x1, %r8 + jz .Lld_partial_1 + + mov LEN, %r8 + and $0x1E, %r8 + add SRC, %r8 + mov (%r8), %r9b + +.Lld_partial_1: + mov LEN, %r8 + and $0x2, %r8 + jz .Lld_partial_2 + + mov LEN, %r8 + and $0x1C, %r8 + add SRC, %r8 + shl $0x10, %r9 + mov (%r8), %r9w + +.Lld_partial_2: + mov LEN, %r8 + and $0x4, %r8 + jz .Lld_partial_4 + + mov LEN, %r8 + and $0x18, %r8 + add SRC, %r8 + shl $32, %r9 + mov (%r8), %r8d + xor %r8, %r9 + +.Lld_partial_4: + movq %r9, MSG + + mov LEN, %r8 + and $0x8, %r8 + jz .Lld_partial_8 + + mov LEN, %r8 + and $0x10, %r8 + add SRC, %r8 + pslldq $8, MSG + movq (%r8), T0 + pxor T0, MSG + +.Lld_partial_8: + ret +ENDPROC(__load_partial) + +/* + * __store_partial: internal ABI + * input: + * LEN - bytes + * DST - dst + * output: + * T0 - message block + * changed: + * %r8 + * %r9 + * %r10 + */ +__store_partial: + mov LEN, %r8 + mov DST, %r9 + + movq T0, %r10 + + cmp $8, %r8 + jl .Lst_partial_8 + + mov %r10, (%r9) + psrldq $8, T0 + movq T0, %r10 + + sub $8, %r8 + add $8, %r9 + +.Lst_partial_8: + cmp $4, %r8 + jl .Lst_partial_4 + + mov %r10d, (%r9) + shr $32, %r10 + + sub $4, %r8 + add $4, %r9 + +.Lst_partial_4: + cmp $2, %r8 + jl .Lst_partial_2 + + mov %r10w, (%r9) + shr $0x10, %r10 + + sub $2, %r8 + add $2, %r9 + +.Lst_partial_2: + cmp $1, %r8 + jl .Lst_partial_1 + + mov %r10b, (%r9) + +.Lst_partial_1: + ret +ENDPROC(__store_partial) + +.macro update + movdqa STATE5, T0 + aesenc STATE0, STATE5 + aesenc STATE1, STATE0 + aesenc STATE2, STATE1 + aesenc STATE3, STATE2 + aesenc STATE4, STATE3 + aesenc T0, STATE4 +.endm + +.macro update0 m + update + pxor \m, STATE5 +.endm + +.macro update1 m + update + pxor \m, STATE4 +.endm + +.macro update2 m + update + pxor \m, STATE3 +.endm + +.macro update3 m + update + pxor \m, STATE2 +.endm + +.macro update4 m + update + pxor \m, STATE1 +.endm + +.macro update5 m + update + pxor \m, STATE0 +.endm + +.macro state_load + movdqu 0x00(STATEP), STATE0 + movdqu 0x10(STATEP), STATE1 + movdqu 0x20(STATEP), STATE2 + movdqu 0x30(STATEP), STATE3 + movdqu 0x40(STATEP), STATE4 + movdqu 0x50(STATEP), STATE5 +.endm + +.macro state_store s0 s1 s2 s3 s4 s5 + movdqu \s5, 0x00(STATEP) + movdqu \s0, 0x10(STATEP) + movdqu \s1, 0x20(STATEP) + movdqu \s2, 0x30(STATEP) + movdqu \s3, 0x40(STATEP) + movdqu \s4, 0x50(STATEP) +.endm + +.macro state_store0 + state_store STATE0 STATE1 STATE2 STATE3 STATE4 STATE5 +.endm + +.macro state_store1 + state_store STATE5 STATE0 STATE1 STATE2 STATE3 STATE4 +.endm + +.macro state_store2 + state_store STATE4 STATE5 STATE0 STATE1 STATE2 STATE3 +.endm + +.macro state_store3 + state_store STATE3 STATE4 STATE5 STATE0 STATE1 STATE2 +.endm + +.macro state_store4 + state_store STATE2 STATE3 STATE4 STATE5 STATE0 STATE1 +.endm + +.macro state_store5 + state_store STATE1 STATE2 STATE3 STATE4 STATE5 STATE0 +.endm + +/* + * void crypto_aegis256_aesni_init(void *state, const void *key, const void *iv); + */ +ENTRY(crypto_aegis256_aesni_init) + FRAME_BEGIN + + /* load key: */ + movdqa 0x00(%rsi), MSG + movdqa 0x10(%rsi), T1 + movdqa MSG, STATE4 + movdqa T1, STATE5 + + /* load IV: */ + movdqu 0x00(%rdx), T2 + movdqu 0x10(%rdx), T3 + pxor MSG, T2 + pxor T1, T3 + movdqa T2, STATE0 + movdqa T3, STATE1 + + /* load the constants: */ + movdqa .Laegis256_const_0, STATE3 + movdqa .Laegis256_const_1, STATE2 + pxor STATE3, STATE4 + pxor STATE2, STATE5 + + /* update 10 times with IV and KEY: */ + update0 MSG + update1 T1 + update2 T2 + update3 T3 + update4 MSG + update5 T1 + update0 T2 + update1 T3 + update2 MSG + update3 T1 + update4 T2 + update5 T3 + update0 MSG + update1 T1 + update2 T2 + update3 T3 + + state_store3 + + FRAME_END + ret +ENDPROC(crypto_aegis256_aesni_init) + +.macro ad_block a i + movdq\a (\i * 0x10)(SRC), MSG + update\i MSG + sub $0x10, LEN + cmp $0x10, LEN + jl .Lad_out_\i +.endm + +/* + * void crypto_aegis256_aesni_ad(void *state, unsigned int length, + * const void *data); + */ +ENTRY(crypto_aegis256_aesni_ad) + FRAME_BEGIN + + cmp $0x10, LEN + jb .Lad_out + + state_load + + mov SRC, %r8 + and $0xf, %r8 + jnz .Lad_u_loop + +.align 8 +.Lad_a_loop: + ad_block a 0 + ad_block a 1 + ad_block a 2 + ad_block a 3 + ad_block a 4 + ad_block a 5 + + add $0x60, SRC + jmp .Lad_a_loop + +.align 8 +.Lad_u_loop: + ad_block u 0 + ad_block u 1 + ad_block u 2 + ad_block u 3 + ad_block u 4 + ad_block u 5 + + add $0x60, SRC + jmp .Lad_u_loop + +.Lad_out_0: + state_store0 + FRAME_END + ret + +.Lad_out_1: + state_store1 + FRAME_END + ret + +.Lad_out_2: + state_store2 + FRAME_END + ret + +.Lad_out_3: + state_store3 + FRAME_END + ret + +.Lad_out_4: + state_store4 + FRAME_END + ret + +.Lad_out_5: + state_store5 + FRAME_END + ret + +.Lad_out: + FRAME_END + ret +ENDPROC(crypto_aegis256_aesni_ad) + +.macro crypt m s0 s1 s2 s3 s4 s5 + pxor \s1, \m + pxor \s4, \m + pxor \s5, \m + movdqa \s2, T3 + pand \s3, T3 + pxor T3, \m +.endm + +.macro crypt0 m + crypt \m STATE0 STATE1 STATE2 STATE3 STATE4 STATE5 +.endm + +.macro crypt1 m + crypt \m STATE5 STATE0 STATE1 STATE2 STATE3 STATE4 +.endm + +.macro crypt2 m + crypt \m STATE4 STATE5 STATE0 STATE1 STATE2 STATE3 +.endm + +.macro crypt3 m + crypt \m STATE3 STATE4 STATE5 STATE0 STATE1 STATE2 +.endm + +.macro crypt4 m + crypt \m STATE2 STATE3 STATE4 STATE5 STATE0 STATE1 +.endm + +.macro crypt5 m + crypt \m STATE1 STATE2 STATE3 STATE4 STATE5 STATE0 +.endm + +.macro encrypt_block a i + movdq\a (\i * 0x10)(SRC), MSG + movdqa MSG, T0 + crypt\i T0 + movdq\a T0, (\i * 0x10)(DST) + + update\i MSG + + sub $0x10, LEN + cmp $0x10, LEN + jl .Lenc_out_\i +.endm + +.macro decrypt_block a i + movdq\a (\i * 0x10)(SRC), MSG + crypt\i MSG + movdq\a MSG, (\i * 0x10)(DST) + + update\i MSG + + sub $0x10, LEN + cmp $0x10, LEN + jl .Ldec_out_\i +.endm + +/* + * void crypto_aegis256_aesni_enc(void *state, unsigned int length, + * const void *src, void *dst); + */ +ENTRY(crypto_aegis256_aesni_enc) + FRAME_BEGIN + + cmp $0x10, LEN + jb .Lenc_out + + state_load + + mov SRC, %r8 + or DST, %r8 + and $0xf, %r8 + jnz .Lenc_u_loop + +.align 8 +.Lenc_a_loop: + encrypt_block a 0 + encrypt_block a 1 + encrypt_block a 2 + encrypt_block a 3 + encrypt_block a 4 + encrypt_block a 5 + + add $0x60, SRC + add $0x60, DST + jmp .Lenc_a_loop + +.align 8 +.Lenc_u_loop: + encrypt_block u 0 + encrypt_block u 1 + encrypt_block u 2 + encrypt_block u 3 + encrypt_block u 4 + encrypt_block u 5 + + add $0x60, SRC + add $0x60, DST + jmp .Lenc_u_loop + +.Lenc_out_0: + state_store0 + FRAME_END + ret + +.Lenc_out_1: + state_store1 + FRAME_END + ret + +.Lenc_out_2: + state_store2 + FRAME_END + ret + +.Lenc_out_3: + state_store3 + FRAME_END + ret + +.Lenc_out_4: + state_store4 + FRAME_END + ret + +.Lenc_out_5: + state_store5 + FRAME_END + ret + +.Lenc_out: + FRAME_END + ret +ENDPROC(crypto_aegis256_aesni_enc) + +/* + * void crypto_aegis256_aesni_enc_tail(void *state, unsigned int length, + * const void *src, void *dst); + */ +ENTRY(crypto_aegis256_aesni_enc_tail) + FRAME_BEGIN + + state_load + + /* encrypt message: */ + call __load_partial + + movdqa MSG, T0 + crypt0 T0 + + call __store_partial + + update0 MSG + + state_store0 + + FRAME_END +ENDPROC(crypto_aegis256_aesni_enc_tail) + +/* + * void crypto_aegis256_aesni_dec(void *state, unsigned int length, + * const void *src, void *dst); + */ +ENTRY(crypto_aegis256_aesni_dec) + FRAME_BEGIN + + cmp $0x10, LEN + jb .Ldec_out + + state_load + + mov SRC, %r8 + or DST, %r8 + and $0xF, %r8 + jnz .Ldec_u_loop + +.align 8 +.Ldec_a_loop: + decrypt_block a 0 + decrypt_block a 1 + decrypt_block a 2 + decrypt_block a 3 + decrypt_block a 4 + decrypt_block a 5 + + add $0x60, SRC + add $0x60, DST + jmp .Ldec_a_loop + +.align 8 +.Ldec_u_loop: + decrypt_block u 0 + decrypt_block u 1 + decrypt_block u 2 + decrypt_block u 3 + decrypt_block u 4 + decrypt_block u 5 + + add $0x60, SRC + add $0x60, DST + jmp .Ldec_u_loop + +.Ldec_out_0: + state_store0 + FRAME_END + ret + +.Ldec_out_1: + state_store1 + FRAME_END + ret + +.Ldec_out_2: + state_store2 + FRAME_END + ret + +.Ldec_out_3: + state_store3 + FRAME_END + ret + +.Ldec_out_4: + state_store4 + FRAME_END + ret + +.Ldec_out_5: + state_store5 + FRAME_END + ret + +.Ldec_out: + FRAME_END + ret +ENDPROC(crypto_aegis256_aesni_dec) + +/* + * void crypto_aegis256_aesni_dec_tail(void *state, unsigned int length, + * const void *src, void *dst); + */ +ENTRY(crypto_aegis256_aesni_dec_tail) + FRAME_BEGIN + + state_load + + /* decrypt message: */ + call __load_partial + + crypt0 MSG + + movdqa MSG, T0 + call __store_partial + + /* mask with byte count: */ + movq LEN, T0 + punpcklbw T0, T0 + punpcklbw T0, T0 + punpcklbw T0, T0 + punpcklbw T0, T0 + movdqa .Laegis256_counter, T1 + pcmpgtb T1, T0 + pand T0, MSG + + update0 MSG + + state_store0 + + FRAME_END + ret +ENDPROC(crypto_aegis256_aesni_dec_tail) + +/* + * void crypto_aegis256_aesni_final(void *state, void *tag_xor, + * u64 assoclen, u64 cryptlen); + */ +ENTRY(crypto_aegis256_aesni_final) + FRAME_BEGIN + + state_load + + /* prepare length block: */ + movq %rdx, MSG + movq %rcx, T0 + pslldq $8, T0 + pxor T0, MSG + psllq $3, MSG /* multiply by 8 (to get bit count) */ + + pxor STATE3, MSG + + /* update state: */ + update0 MSG + update1 MSG + update2 MSG + update3 MSG + update4 MSG + update5 MSG + update0 MSG + + /* xor tag: */ + movdqu (%rsi), MSG + + pxor STATE0, MSG + pxor STATE1, MSG + pxor STATE2, MSG + pxor STATE3, MSG + pxor STATE4, MSG + pxor STATE5, MSG + + movdqu MSG, (%rsi) + + FRAME_END + ret +ENDPROC(crypto_aegis256_aesni_final) diff --git a/arch/x86/crypto/aegis256-aesni-glue.c b/arch/x86/crypto/aegis256-aesni-glue.c new file mode 100644 index 000000000000..2b5dd3af8f4d --- /dev/null +++ b/arch/x86/crypto/aegis256-aesni-glue.c @@ -0,0 +1,407 @@ +/* + * The AEGIS-256 Authenticated-Encryption Algorithm + * Glue for AES-NI + SSE2 implementation + * + * Copyright (c) 2017-2018 Ondrej Mosnacek <omosnacek@gmail.com> + * Copyright (C) 2017-2018 Red Hat, Inc. All rights reserved. + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the Free + * Software Foundation; either version 2 of the License, or (at your option) + * any later version. + */ + +#include <crypto/cryptd.h> +#include <crypto/internal/aead.h> +#include <crypto/internal/skcipher.h> +#include <crypto/scatterwalk.h> +#include <linux/module.h> +#include <asm/fpu/api.h> +#include <asm/cpu_device_id.h> + +#define AEGIS256_BLOCK_ALIGN 16 +#define AEGIS256_BLOCK_SIZE 16 +#define AEGIS256_NONCE_SIZE 32 +#define AEGIS256_STATE_BLOCKS 6 +#define AEGIS256_KEY_SIZE 32 +#define AEGIS256_MIN_AUTH_SIZE 8 +#define AEGIS256_MAX_AUTH_SIZE 16 + +asmlinkage void crypto_aegis256_aesni_init(void *state, void *key, void *iv); + +asmlinkage void crypto_aegis256_aesni_ad( + void *state, unsigned int length, const void *data); + +asmlinkage void crypto_aegis256_aesni_enc( + void *state, unsigned int length, const void *src, void *dst); + +asmlinkage void crypto_aegis256_aesni_dec( + void *state, unsigned int length, const void *src, void *dst); + +asmlinkage void crypto_aegis256_aesni_enc_tail( + void *state, unsigned int length, const void *src, void *dst); + +asmlinkage void crypto_aegis256_aesni_dec_tail( + void *state, unsigned int length, const void *src, void *dst); + +asmlinkage void crypto_aegis256_aesni_final( + void *state, void *tag_xor, unsigned int cryptlen, + unsigned int assoclen); + +struct aegis_block { + u8 bytes[AEGIS256_BLOCK_SIZE] __aligned(AEGIS256_BLOCK_ALIGN); +}; + +struct aegis_state { + struct aegis_block blocks[AEGIS256_STATE_BLOCKS]; +}; + +struct aegis_ctx { + struct aegis_block key[AEGIS256_KEY_SIZE / AEGIS256_BLOCK_SIZE]; +}; + +struct aegis_crypt_ops { + int (*skcipher_walk_init)(struct skcipher_walk *walk, + struct aead_request *req, bool atomic); + + void (*crypt_blocks)(void *state, unsigned int length, const void *src, + void *dst); + void (*crypt_tail)(void *state, unsigned int length, const void *src, + void *dst); +}; + +static void crypto_aegis256_aesni_process_ad( + struct aegis_state *state, struct scatterlist *sg_src, + unsigned int assoclen) +{ + struct scatter_walk walk; + struct aegis_block buf; + unsigned int pos = 0; + + scatterwalk_start(&walk, sg_src); + while (assoclen != 0) { + unsigned int size = scatterwalk_clamp(&walk, assoclen); + unsigned int left = size; + void *mapped = scatterwalk_map(&walk); + const u8 *src = (const u8 *)mapped; + + if (pos + size >= AEGIS256_BLOCK_SIZE) { + if (pos > 0) { + unsigned int fill = AEGIS256_BLOCK_SIZE - pos; + memcpy(buf.bytes + pos, src, fill); + crypto_aegis256_aesni_ad(state, + AEGIS256_BLOCK_SIZE, + buf.bytes); + pos = 0; + left -= fill; + src += fill; + } + + crypto_aegis256_aesni_ad(state, left, src); + + src += left & ~(AEGIS256_BLOCK_SIZE - 1); + left &= AEGIS256_BLOCK_SIZE - 1; + } + + memcpy(buf.bytes + pos, src, left); + pos += left; + assoclen -= size; + + scatterwalk_unmap(mapped); + scatterwalk_advance(&walk, size); + scatterwalk_done(&walk, 0, assoclen); + } + + if (pos > 0) { + memset(buf.bytes + pos, 0, AEGIS256_BLOCK_SIZE - pos); + crypto_aegis256_aesni_ad(state, AEGIS256_BLOCK_SIZE, buf.bytes); + } +} + +static void crypto_aegis256_aesni_process_crypt( + struct aegis_state *state, struct aead_request *req, + const struct aegis_crypt_ops *ops) +{ + struct skcipher_walk walk; + u8 *src, *dst; + unsigned int chunksize, base; + + ops->skcipher_walk_init(&walk, req, false); + + while (walk.nbytes) { + src = walk.src.virt.addr; + dst = walk.dst.virt.addr; + chunksize = walk.nbytes; + + ops->crypt_blocks(state, chunksize, src, dst); + + base = chunksize & ~(AEGIS256_BLOCK_SIZE - 1); + src += base; + dst += base; + chunksize &= AEGIS256_BLOCK_SIZE - 1; + + if (chunksize > 0) + ops->crypt_tail(state, chunksize, src, dst); + + skcipher_walk_done(&walk, 0); + } +} + +static struct aegis_ctx *crypto_aegis256_aesni_ctx(struct crypto_aead *aead) +{ + u8 *ctx = crypto_aead_ctx(aead); + ctx = PTR_ALIGN(ctx, __alignof__(struct aegis_ctx)); + return (void *)ctx; +} + +static int crypto_aegis256_aesni_setkey(struct crypto_aead *aead, const u8 *key, + unsigned int keylen) +{ + struct aegis_ctx *ctx = crypto_aegis256_aesni_ctx(aead); + + if (keylen != AEGIS256_KEY_SIZE) { + crypto_aead_set_flags(aead, CRYPTO_TFM_RES_BAD_KEY_LEN); + return -EINVAL; + } + + memcpy(ctx->key, key, AEGIS256_KEY_SIZE); + + return 0; +} + +static int crypto_aegis256_aesni_setauthsize(struct crypto_aead *tfm, + unsigned int authsize) +{ + if (authsize > AEGIS256_MAX_AUTH_SIZE) + return -EINVAL; + if (authsize < AEGIS256_MIN_AUTH_SIZE) + return -EINVAL; + return 0; +} + +static void crypto_aegis256_aesni_crypt(struct aead_request *req, + struct aegis_block *tag_xor, + unsigned int cryptlen, + const struct aegis_crypt_ops *ops) +{ + struct crypto_aead *tfm = crypto_aead_reqtfm(req); + struct aegis_ctx *ctx = crypto_aegis256_aesni_ctx(tfm); + struct aegis_state state; + + kernel_fpu_begin(); + + crypto_aegis256_aesni_init(&state, ctx->key, req->iv); + crypto_aegis256_aesni_process_ad(&state, req->src, req->assoclen); + crypto_aegis256_aesni_process_crypt(&state, req, ops); + crypto_aegis256_aesni_final(&state, tag_xor, req->assoclen, cryptlen); + + kernel_fpu_end(); +} + +static int crypto_aegis256_aesni_encrypt(struct aead_request *req) +{ + static const struct aegis_crypt_ops OPS = { + .skcipher_walk_init = skcipher_walk_aead_encrypt, + .crypt_blocks = crypto_aegis256_aesni_enc, + .crypt_tail = crypto_aegis256_aesni_enc_tail, + }; + + struct crypto_aead *tfm = crypto_aead_reqtfm(req); + struct aegis_block tag = {}; + unsigned int authsize = crypto_aead_authsize(tfm); + unsigned int cryptlen = req->cryptlen; + + crypto_aegis256_aesni_crypt(req, &tag, cryptlen, &OPS); + + scatterwalk_map_and_copy(tag.bytes, req->dst, + req->assoclen + cryptlen, authsize, 1); + return 0; +} + +static int crypto_aegis256_aesni_decrypt(struct aead_request *req) +{ + static const struct aegis_block zeros = {}; + + static const struct aegis_crypt_ops OPS = { + .skcipher_walk_init = skcipher_walk_aead_decrypt, + .crypt_blocks = crypto_aegis256_aesni_dec, + .crypt_tail = crypto_aegis256_aesni_dec_tail, + }; + + struct crypto_aead *tfm = crypto_aead_reqtfm(req); + struct aegis_block tag; + unsigned int authsize = crypto_aead_authsize(tfm); + unsigned int cryptlen = req->cryptlen - authsize; + + scatterwalk_map_and_copy(tag.bytes, req->src, + req->assoclen + cryptlen, authsize, 0); + + crypto_aegis256_aesni_crypt(req, &tag, cryptlen, &OPS); + + return crypto_memneq(tag.bytes, zeros.bytes, authsize) ? -EBADMSG : 0; +} + +static int crypto_aegis256_aesni_init_tfm(struct crypto_aead *aead) +{ + return 0; +} + +static void crypto_aegis256_aesni_exit_tfm(struct crypto_aead *aead) +{ +} + +static int cryptd_aegis256_aesni_setkey(struct crypto_aead *aead, + const u8 *key, unsigned int keylen) +{ + struct cryptd_aead **ctx = crypto_aead_ctx(aead); + struct cryptd_aead *cryptd_tfm = *ctx; + + return crypto_aead_setkey(&cryptd_tfm->base, key, keylen); +} + +static int cryptd_aegis256_aesni_setauthsize(struct crypto_aead *aead, + unsigned int authsize) +{ + struct cryptd_aead **ctx = crypto_aead_ctx(aead); + struct cryptd_aead *cryptd_tfm = *ctx; + + return crypto_aead_setauthsize(&cryptd_tfm->base, authsize); +} + +static int cryptd_aegis256_aesni_encrypt(struct aead_request *req) +{ + struct crypto_aead *aead = crypto_aead_reqtfm(req); + struct cryptd_aead **ctx = crypto_aead_ctx(aead); + struct cryptd_aead *cryptd_tfm = *ctx; + + aead = &cryptd_tfm->base; + if (irq_fpu_usable() && (!in_atomic() || + !cryptd_aead_queued(cryptd_tfm))) + aead = cryptd_aead_child(cryptd_tfm); + + aead_request_set_tfm(req, aead); + + return crypto_aead_encrypt(req); +} + +static int cryptd_aegis256_aesni_decrypt(struct aead_request *req) +{ + struct crypto_aead *aead = crypto_aead_reqtfm(req); + struct cryptd_aead **ctx = crypto_aead_ctx(aead); + struct cryptd_aead *cryptd_tfm = *ctx; + + aead = &cryptd_tfm->base; + if (irq_fpu_usable() && (!in_atomic() || + !cryptd_aead_queued(cryptd_tfm))) + aead = cryptd_aead_child(cryptd_tfm); + + aead_request_set_tfm(req, aead); + + return crypto_aead_decrypt(req); +} + +static int cryptd_aegis256_aesni_init_tfm(struct crypto_aead *aead) +{ + struct cryptd_aead *cryptd_tfm; + struct cryptd_aead **ctx = crypto_aead_ctx(aead); + + cryptd_tfm = cryptd_alloc_aead("__aegis256-aesni", CRYPTO_ALG_INTERNAL, + CRYPTO_ALG_INTERNAL); + if (IS_ERR(cryptd_tfm)) + return PTR_ERR(cryptd_tfm); + + *ctx = cryptd_tfm; + crypto_aead_set_reqsize(aead, crypto_aead_reqsize(&cryptd_tfm->base)); + return 0; +} + +static void cryptd_aegis256_aesni_exit_tfm(struct crypto_aead *aead) +{ + struct cryptd_aead **ctx = crypto_aead_ctx(aead); + + cryptd_free_aead(*ctx); +} + +static struct aead_alg crypto_aegis256_aesni_alg[] = { + { + .setkey = crypto_aegis256_aesni_setkey, + .setauthsize = crypto_aegis256_aesni_setauthsize, + .encrypt = crypto_aegis256_aesni_encrypt, + .decrypt = crypto_aegis256_aesni_decrypt, + .init = crypto_aegis256_aesni_init_tfm, + .exit = crypto_aegis256_aesni_exit_tfm, + + .ivsize = AEGIS256_NONCE_SIZE, + .maxauthsize = AEGIS256_MAX_AUTH_SIZE, + .chunksize = AEGIS256_BLOCK_SIZE, + + .base = { + .cra_flags = CRYPTO_ALG_INTERNAL, + .cra_blocksize = 1, + .cra_ctxsize = sizeof(struct aegis_ctx) + + __alignof__(struct aegis_ctx), + .cra_alignmask = 0, + + .cra_name = "__aegis256", + .cra_driver_name = "__aegis256-aesni", + + .cra_module = THIS_MODULE, + } + }, { + .setkey = cryptd_aegis256_aesni_setkey, + .setauthsize = cryptd_aegis256_aesni_setauthsize, + .encrypt = cryptd_aegis256_aesni_encrypt, + .decrypt = cryptd_aegis256_aesni_decrypt, + .init = cryptd_aegis256_aesni_init_tfm, + .exit = cryptd_aegis256_aesni_exit_tfm, + + .ivsize = AEGIS256_NONCE_SIZE, + .maxauthsize = AEGIS256_MAX_AUTH_SIZE, + .chunksize = AEGIS256_BLOCK_SIZE, + + .base = { + .cra_flags = CRYPTO_ALG_ASYNC, + .cra_blocksize = 1, + .cra_ctxsize = sizeof(struct cryptd_aead *), + .cra_alignmask = 0, + + .cra_priority = 400, + + .cra_name = "aegis256", + .cra_driver_name = "aegis256-aesni", + + .cra_module = THIS_MODULE, + } + } +}; + +static const struct x86_cpu_id aesni_cpu_id[] = { + X86_FEATURE_MATCH(X86_FEATURE_AES), + X86_FEATURE_MATCH(X86_FEATURE_XMM2), + {} +}; +MODULE_DEVICE_TABLE(x86cpu, aesni_cpu_id); + +static int __init crypto_aegis256_aesni_module_init(void) +{ + if (!x86_match_cpu(aesni_cpu_id)) + return -ENODEV; + + return crypto_register_aeads(crypto_aegis256_aesni_alg, + ARRAY_SIZE(crypto_aegis256_aesni_alg)); +} + +static void __exit crypto_aegis256_aesni_module_exit(void) +{ + crypto_unregister_aeads(crypto_aegis256_aesni_alg, + ARRAY_SIZE(crypto_aegis256_aesni_alg)); +} + +module_init(crypto_aegis256_aesni_module_init); +module_exit(crypto_aegis256_aesni_module_exit); + +MODULE_LICENSE("GPL"); +MODULE_AUTHOR("Ondrej Mosnacek <omosnacek@gmail.com>"); +MODULE_DESCRIPTION("AEGIS-256 AEAD algorithm -- AESNI+SSE2 implementation"); +MODULE_ALIAS_CRYPTO("aegis256"); +MODULE_ALIAS_CRYPTO("aegis256-aesni"); diff --git a/arch/x86/crypto/ghash-clmulni-intel_glue.c b/arch/x86/crypto/ghash-clmulni-intel_glue.c index 0420bab19efb..2ddbe3a1868b 100644 --- a/arch/x86/crypto/ghash-clmulni-intel_glue.c +++ b/arch/x86/crypto/ghash-clmulni-intel_glue.c @@ -364,5 +364,5 @@ module_exit(ghash_pclmulqdqni_mod_exit); MODULE_LICENSE("GPL"); MODULE_DESCRIPTION("GHASH Message Digest Algorithm, " - "acclerated by PCLMULQDQ-NI"); + "accelerated by PCLMULQDQ-NI"); MODULE_ALIAS_CRYPTO("ghash"); diff --git a/arch/x86/crypto/morus1280-avx2-asm.S b/arch/x86/crypto/morus1280-avx2-asm.S new file mode 100644 index 000000000000..37d422e77931 --- /dev/null +++ b/arch/x86/crypto/morus1280-avx2-asm.S @@ -0,0 +1,621 @@ +/* + * AVX2 implementation of MORUS-1280 + * + * Copyright (c) 2017-2018 Ondrej Mosnacek <omosnacek@gmail.com> + * Copyright (C) 2017-2018 Red Hat, Inc. All rights reserved. + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 as published + * by the Free Software Foundation. + */ + +#include <linux/linkage.h> +#include <asm/frame.h> + +#define SHUFFLE_MASK(i0, i1, i2, i3) \ + (i0 | (i1 << 2) | (i2 << 4) | (i3 << 6)) + +#define MASK1 SHUFFLE_MASK(3, 0, 1, 2) +#define MASK2 SHUFFLE_MASK(2, 3, 0, 1) +#define MASK3 SHUFFLE_MASK(1, 2, 3, 0) + +#define STATE0 %ymm0 +#define STATE0_LOW %xmm0 +#define STATE1 %ymm1 +#define STATE2 %ymm2 +#define STATE3 %ymm3 +#define STATE4 %ymm4 +#define KEY %ymm5 +#define MSG %ymm5 +#define MSG_LOW %xmm5 +#define T0 %ymm6 +#define T0_LOW %xmm6 +#define T1 %ymm7 + +.section .rodata.cst32.morus1280_const, "aM", @progbits, 32 +.align 32 +.Lmorus1280_const: + .byte 0x00, 0x01, 0x01, 0x02, 0x03, 0x05, 0x08, 0x0d + .byte 0x15, 0x22, 0x37, 0x59, 0x90, 0xe9, 0x79, 0x62 + .byte 0xdb, 0x3d, 0x18, 0x55, 0x6d, 0xc2, 0x2f, 0xf1 + .byte 0x20, 0x11, 0x31, 0x42, 0x73, 0xb5, 0x28, 0xdd + +.section .rodata.cst32.morus1280_counter, "aM", @progbits, 32 +.align 32 +.Lmorus1280_counter: + .byte 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07 + .byte 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f + .byte 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17 + .byte 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f + +.text + +.macro morus1280_round s0, s1, s2, s3, s4, b, w + vpand \s1, \s2, T0 + vpxor T0, \s0, \s0 + vpxor \s3, \s0, \s0 + vpsllq $\b, \s0, T0 + vpsrlq $(64 - \b), \s0, \s0 + vpxor T0, \s0, \s0 + vpermq $\w, \s3, \s3 +.endm + +/* + * __morus1280_update: internal ABI + * input: + * STATE[0-4] - input state + * MSG - message block + * output: + * STATE[0-4] - output state + * changed: + * T0 + */ +__morus1280_update: + morus1280_round STATE0, STATE1, STATE2, STATE3, STATE4, 13, MASK1 + vpxor MSG, STATE1, STATE1 + morus1280_round STATE1, STATE2, STATE3, STATE4, STATE0, 46, MASK2 + vpxor MSG, STATE2, STATE2 + morus1280_round STATE2, STATE3, STATE4, STATE0, STATE1, 38, MASK3 + vpxor MSG, STATE3, STATE3 + morus1280_round STATE3, STATE4, STATE0, STATE1, STATE2, 7, MASK2 + vpxor MSG, STATE4, STATE4 + morus1280_round STATE4, STATE0, STATE1, STATE2, STATE3, 4, MASK1 + ret +ENDPROC(__morus1280_update) + +/* + * __morus1280_update_zero: internal ABI + * input: + * STATE[0-4] - input state + * output: + * STATE[0-4] - output state + * changed: + * T0 + */ +__morus1280_update_zero: + morus1280_round STATE0, STATE1, STATE2, STATE3, STATE4, 13, MASK1 + morus1280_round STATE1, STATE2, STATE3, STATE4, STATE0, 46, MASK2 + morus1280_round STATE2, STATE3, STATE4, STATE0, STATE1, 38, MASK3 + morus1280_round STATE3, STATE4, STATE0, STATE1, STATE2, 7, MASK2 + morus1280_round STATE4, STATE0, STATE1, STATE2, STATE3, 4, MASK1 + ret +ENDPROC(__morus1280_update_zero) + +/* + * __load_partial: internal ABI + * input: + * %rsi - src + * %rcx - bytes + * output: + * MSG - message block + * changed: + * %r8 + * %r9 + */ +__load_partial: + xor %r9, %r9 + vpxor MSG, MSG, MSG + + mov %rcx, %r8 + and $0x1, %r8 + jz .Lld_partial_1 + + mov %rcx, %r8 + and $0x1E, %r8 + add %rsi, %r8 + mov (%r8), %r9b + +.Lld_partial_1: + mov %rcx, %r8 + and $0x2, %r8 + jz .Lld_partial_2 + + mov %rcx, %r8 + and $0x1C, %r8 + add %rsi, %r8 + shl $16, %r9 + mov (%r8), %r9w + +.Lld_partial_2: + mov %rcx, %r8 + and $0x4, %r8 + jz .Lld_partial_4 + + mov %rcx, %r8 + and $0x18, %r8 + add %rsi, %r8 + shl $32, %r9 + mov (%r8), %r8d + xor %r8, %r9 + +.Lld_partial_4: + movq %r9, MSG_LOW + + mov %rcx, %r8 + and $0x8, %r8 + jz .Lld_partial_8 + + mov %rcx, %r8 + and $0x10, %r8 + add %rsi, %r8 + pshufd $MASK2, MSG_LOW, MSG_LOW + pinsrq $0, (%r8), MSG_LOW + +.Lld_partial_8: + mov %rcx, %r8 + and $0x10, %r8 + jz .Lld_partial_16 + + vpermq $MASK2, MSG, MSG + movdqu (%rsi), MSG_LOW + +.Lld_partial_16: + ret +ENDPROC(__load_partial) + +/* + * __store_partial: internal ABI + * input: + * %rdx - dst + * %rcx - bytes + * output: + * T0 - message block + * changed: + * %r8 + * %r9 + * %r10 + */ +__store_partial: + mov %rcx, %r8 + mov %rdx, %r9 + + cmp $16, %r8 + jl .Lst_partial_16 + + movdqu T0_LOW, (%r9) + vpermq $MASK2, T0, T0 + + sub $16, %r8 + add $16, %r9 + +.Lst_partial_16: + movq T0_LOW, %r10 + + cmp $8, %r8 + jl .Lst_partial_8 + + mov %r10, (%r9) + pextrq $1, T0_LOW, %r10 + + sub $8, %r8 + add $8, %r9 + +.Lst_partial_8: + cmp $4, %r8 + jl .Lst_partial_4 + + mov %r10d, (%r9) + shr $32, %r10 + + sub $4, %r8 + add $4, %r9 + +.Lst_partial_4: + cmp $2, %r8 + jl .Lst_partial_2 + + mov %r10w, (%r9) + shr $16, %r10 + + sub $2, %r8 + add $2, %r9 + +.Lst_partial_2: + cmp $1, %r8 + jl .Lst_partial_1 + + mov %r10b, (%r9) + +.Lst_partial_1: + ret +ENDPROC(__store_partial) + +/* + * void crypto_morus1280_avx2_init(void *state, const void *key, + * const void *iv); + */ +ENTRY(crypto_morus1280_avx2_init) + FRAME_BEGIN + + /* load IV: */ + vpxor STATE0, STATE0, STATE0 + movdqu (%rdx), STATE0_LOW + /* load key: */ + vmovdqu (%rsi), KEY + vmovdqa KEY, STATE1 + /* load all ones: */ + vpcmpeqd STATE2, STATE2, STATE2 + /* load all zeros: */ + vpxor STATE3, STATE3, STATE3 + /* load the constant: */ + vmovdqa .Lmorus1280_const, STATE4 + + /* update 16 times with zero: */ + call __morus1280_update_zero + call __morus1280_update_zero + call __morus1280_update_zero + call __morus1280_update_zero + call __morus1280_update_zero + call __morus1280_update_zero + call __morus1280_update_zero + call __morus1280_update_zero + call __morus1280_update_zero + call __morus1280_update_zero + call __morus1280_update_zero + call __morus1280_update_zero + call __morus1280_update_zero + call __morus1280_update_zero + call __morus1280_update_zero + call __morus1280_update_zero + + /* xor-in the key again after updates: */ + vpxor KEY, STATE1, STATE1 + + /* store the state: */ + vmovdqu STATE0, (0 * 32)(%rdi) + vmovdqu STATE1, (1 * 32)(%rdi) + vmovdqu STATE2, (2 * 32)(%rdi) + vmovdqu STATE3, (3 * 32)(%rdi) + vmovdqu STATE4, (4 * 32)(%rdi) + + FRAME_END + ret +ENDPROC(crypto_morus1280_avx2_init) + +/* + * void crypto_morus1280_avx2_ad(void *state, const void *data, + * unsigned int length); + */ +ENTRY(crypto_morus1280_avx2_ad) + FRAME_BEGIN + + cmp $32, %rdx + jb .Lad_out + + /* load the state: */ + vmovdqu (0 * 32)(%rdi), STATE0 + vmovdqu (1 * 32)(%rdi), STATE1 + vmovdqu (2 * 32)(%rdi), STATE2 + vmovdqu (3 * 32)(%rdi), STATE3 + vmovdqu (4 * 32)(%rdi), STATE4 + + mov %rsi, %r8 + and $0x1F, %r8 + jnz .Lad_u_loop + +.align 4 +.Lad_a_loop: + vmovdqa (%rsi), MSG + call __morus1280_update + sub $32, %rdx + add $32, %rsi + cmp $32, %rdx + jge .Lad_a_loop + + jmp .Lad_cont +.align 4 +.Lad_u_loop: + vmovdqu (%rsi), MSG + call __morus1280_update + sub $32, %rdx + add $32, %rsi + cmp $32, %rdx + jge .Lad_u_loop + +.Lad_cont: + /* store the state: */ + vmovdqu STATE0, (0 * 32)(%rdi) + vmovdqu STATE1, (1 * 32)(%rdi) + vmovdqu STATE2, (2 * 32)(%rdi) + vmovdqu STATE3, (3 * 32)(%rdi) + vmovdqu STATE4, (4 * 32)(%rdi) + +.Lad_out: + FRAME_END + ret +ENDPROC(crypto_morus1280_avx2_ad) + +/* + * void crypto_morus1280_avx2_enc(void *state, const void *src, void *dst, + * unsigned int length); + */ +ENTRY(crypto_morus1280_avx2_enc) + FRAME_BEGIN + + cmp $32, %rcx + jb .Lenc_out + + /* load the state: */ + vmovdqu (0 * 32)(%rdi), STATE0 + vmovdqu (1 * 32)(%rdi), STATE1 + vmovdqu (2 * 32)(%rdi), STATE2 + vmovdqu (3 * 32)(%rdi), STATE3 + vmovdqu (4 * 32)(%rdi), STATE4 + + mov %rsi, %r8 + or %rdx, %r8 + and $0x1F, %r8 + jnz .Lenc_u_loop + +.align 4 +.Lenc_a_loop: + vmovdqa (%rsi), MSG + vmovdqa MSG, T0 + vpxor STATE0, T0, T0 + vpermq $MASK3, STATE1, T1 + vpxor T1, T0, T0 + vpand STATE2, STATE3, T1 + vpxor T1, T0, T0 + vmovdqa T0, (%rdx) + + call __morus1280_update + sub $32, %rcx + add $32, %rsi + add $32, %rdx + cmp $32, %rcx + jge .Lenc_a_loop + + jmp .Lenc_cont +.align 4 +.Lenc_u_loop: + vmovdqu (%rsi), MSG + vmovdqa MSG, T0 + vpxor STATE0, T0, T0 + vpermq $MASK3, STATE1, T1 + vpxor T1, T0, T0 + vpand STATE2, STATE3, T1 + vpxor T1, T0, T0 + vmovdqu T0, (%rdx) + + call __morus1280_update + sub $32, %rcx + add $32, %rsi + add $32, %rdx + cmp $32, %rcx + jge .Lenc_u_loop + +.Lenc_cont: + /* store the state: */ + vmovdqu STATE0, (0 * 32)(%rdi) + vmovdqu STATE1, (1 * 32)(%rdi) + vmovdqu STATE2, (2 * 32)(%rdi) + vmovdqu STATE3, (3 * 32)(%rdi) + vmovdqu STATE4, (4 * 32)(%rdi) + +.Lenc_out: + FRAME_END + ret +ENDPROC(crypto_morus1280_avx2_enc) + +/* + * void crypto_morus1280_avx2_enc_tail(void *state, const void *src, void *dst, + * unsigned int length); + */ +ENTRY(crypto_morus1280_avx2_enc_tail) + FRAME_BEGIN + + /* load the state: */ + vmovdqu (0 * 32)(%rdi), STATE0 + vmovdqu (1 * 32)(%rdi), STATE1 + vmovdqu (2 * 32)(%rdi), STATE2 + vmovdqu (3 * 32)(%rdi), STATE3 + vmovdqu (4 * 32)(%rdi), STATE4 + + /* encrypt message: */ + call __load_partial + + vmovdqa MSG, T0 + vpxor STATE0, T0, T0 + vpermq $MASK3, STATE1, T1 + vpxor T1, T0, T0 + vpand STATE2, STATE3, T1 + vpxor T1, T0, T0 + + call __store_partial + + call __morus1280_update + + /* store the state: */ + vmovdqu STATE0, (0 * 32)(%rdi) + vmovdqu STATE1, (1 * 32)(%rdi) + vmovdqu STATE2, (2 * 32)(%rdi) + vmovdqu STATE3, (3 * 32)(%rdi) + vmovdqu STATE4, (4 * 32)(%rdi) + + FRAME_END +ENDPROC(crypto_morus1280_avx2_enc_tail) + +/* + * void crypto_morus1280_avx2_dec(void *state, const void *src, void *dst, + * unsigned int length); + */ +ENTRY(crypto_morus1280_avx2_dec) + FRAME_BEGIN + + cmp $32, %rcx + jb .Ldec_out + + /* load the state: */ + vmovdqu (0 * 32)(%rdi), STATE0 + vmovdqu (1 * 32)(%rdi), STATE1 + vmovdqu (2 * 32)(%rdi), STATE2 + vmovdqu (3 * 32)(%rdi), STATE3 + vmovdqu (4 * 32)(%rdi), STATE4 + + mov %rsi, %r8 + or %rdx, %r8 + and $0x1F, %r8 + jnz .Ldec_u_loop + +.align 4 +.Ldec_a_loop: + vmovdqa (%rsi), MSG + vpxor STATE0, MSG, MSG + vpermq $MASK3, STATE1, T0 + vpxor T0, MSG, MSG + vpand STATE2, STATE3, T0 + vpxor T0, MSG, MSG + vmovdqa MSG, (%rdx) + + call __morus1280_update + sub $32, %rcx + add $32, %rsi + add $32, %rdx + cmp $32, %rcx + jge .Ldec_a_loop + + jmp .Ldec_cont +.align 4 +.Ldec_u_loop: + vmovdqu (%rsi), MSG + vpxor STATE0, MSG, MSG + vpermq $MASK3, STATE1, T0 + vpxor T0, MSG, MSG + vpand STATE2, STATE3, T0 + vpxor T0, MSG, MSG + vmovdqu MSG, (%rdx) + + call __morus1280_update + sub $32, %rcx + add $32, %rsi + add $32, %rdx + cmp $32, %rcx + jge .Ldec_u_loop + +.Ldec_cont: + /* store the state: */ + vmovdqu STATE0, (0 * 32)(%rdi) + vmovdqu STATE1, (1 * 32)(%rdi) + vmovdqu STATE2, (2 * 32)(%rdi) + vmovdqu STATE3, (3 * 32)(%rdi) + vmovdqu STATE4, (4 * 32)(%rdi) + +.Ldec_out: + FRAME_END + ret +ENDPROC(crypto_morus1280_avx2_dec) + +/* + * void crypto_morus1280_avx2_dec_tail(void *state, const void *src, void *dst, + * unsigned int length); + */ +ENTRY(crypto_morus1280_avx2_dec_tail) + FRAME_BEGIN + + /* load the state: */ + vmovdqu (0 * 32)(%rdi), STATE0 + vmovdqu (1 * 32)(%rdi), STATE1 + vmovdqu (2 * 32)(%rdi), STATE2 + vmovdqu (3 * 32)(%rdi), STATE3 + vmovdqu (4 * 32)(%rdi), STATE4 + + /* decrypt message: */ + call __load_partial + + vpxor STATE0, MSG, MSG + vpermq $MASK3, STATE1, T0 + vpxor T0, MSG, MSG + vpand STATE2, STATE3, T0 + vpxor T0, MSG, MSG + vmovdqa MSG, T0 + + call __store_partial + + /* mask with byte count: */ + movq %rcx, T0_LOW + vpbroadcastb T0_LOW, T0 + vmovdqa .Lmorus1280_counter, T1 + vpcmpgtb T1, T0, T0 + vpand T0, MSG, MSG + + call __morus1280_update + + /* store the state: */ + vmovdqu STATE0, (0 * 32)(%rdi) + vmovdqu STATE1, (1 * 32)(%rdi) + vmovdqu STATE2, (2 * 32)(%rdi) + vmovdqu STATE3, (3 * 32)(%rdi) + vmovdqu STATE4, (4 * 32)(%rdi) + + FRAME_END + ret +ENDPROC(crypto_morus1280_avx2_dec_tail) + +/* + * void crypto_morus1280_avx2_final(void *state, void *tag_xor, + * u64 assoclen, u64 cryptlen); + */ +ENTRY(crypto_morus1280_avx2_final) + FRAME_BEGIN + + /* load the state: */ + vmovdqu (0 * 32)(%rdi), STATE0 + vmovdqu (1 * 32)(%rdi), STATE1 + vmovdqu (2 * 32)(%rdi), STATE2 + vmovdqu (3 * 32)(%rdi), STATE3 + vmovdqu (4 * 32)(%rdi), STATE4 + + /* xor state[0] into state[4]: */ + vpxor STATE0, STATE4, STATE4 + + /* prepare length block: */ + vpxor MSG, MSG, MSG + vpinsrq $0, %rdx, MSG_LOW, MSG_LOW + vpinsrq $1, %rcx, MSG_LOW, MSG_LOW + vpsllq $3, MSG, MSG /* multiply by 8 (to get bit count) */ + + /* update state: */ + call __morus1280_update + call __morus1280_update + call __morus1280_update + call __morus1280_update + call __morus1280_update + call __morus1280_update + call __morus1280_update + call __morus1280_update + call __morus1280_update + call __morus1280_update + + /* xor tag: */ + vmovdqu (%rsi), MSG + + vpxor STATE0, MSG, MSG + vpermq $MASK3, STATE1, T0 + vpxor T0, MSG, MSG + vpand STATE2, STATE3, T0 + vpxor T0, MSG, MSG + vmovdqu MSG, (%rsi) + + FRAME_END + ret +ENDPROC(crypto_morus1280_avx2_final) diff --git a/arch/x86/crypto/morus1280-avx2-glue.c b/arch/x86/crypto/morus1280-avx2-glue.c new file mode 100644 index 000000000000..f111f36d26dc --- /dev/null +++ b/arch/x86/crypto/morus1280-avx2-glue.c @@ -0,0 +1,68 @@ +/* + * The MORUS-1280 Authenticated-Encryption Algorithm + * Glue for AVX2 implementation + * + * Copyright (c) 2016-2018 Ondrej Mosnacek <omosnacek@gmail.com> + * Copyright (C) 2017-2018 Red Hat, Inc. All rights reserved. + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the Free + * Software Foundation; either version 2 of the License, or (at your option) + * any later version. + */ + +#include <crypto/internal/aead.h> +#include <crypto/morus1280_glue.h> +#include <linux/module.h> +#include <asm/fpu/api.h> +#include <asm/cpu_device_id.h> + +asmlinkage void crypto_morus1280_avx2_init(void *state, const void *key, + const void *iv); +asmlinkage void crypto_morus1280_avx2_ad(void *state, const void *data, + unsigned int length); + +asmlinkage void crypto_morus1280_avx2_enc(void *state, const void *src, + void *dst, unsigned int length); +asmlinkage void crypto_morus1280_avx2_dec(void *state, const void *src, + void *dst, unsigned int length); + +asmlinkage void crypto_morus1280_avx2_enc_tail(void *state, const void *src, + void *dst, unsigned int length); +asmlinkage void crypto_morus1280_avx2_dec_tail(void *state, const void *src, + void *dst, unsigned int length); + +asmlinkage void crypto_morus1280_avx2_final(void *state, void *tag_xor, + u64 assoclen, u64 cryptlen); + +MORUS1280_DECLARE_ALGS(avx2, "morus1280-avx2", 400); + +static const struct x86_cpu_id avx2_cpu_id[] = { + X86_FEATURE_MATCH(X86_FEATURE_AVX2), + {} +}; +MODULE_DEVICE_TABLE(x86cpu, avx2_cpu_id); + +static int __init crypto_morus1280_avx2_module_init(void) +{ + if (!x86_match_cpu(avx2_cpu_id)) + return -ENODEV; + + return crypto_register_aeads(crypto_morus1280_avx2_algs, + ARRAY_SIZE(crypto_morus1280_avx2_algs)); +} + +static void __exit crypto_morus1280_avx2_module_exit(void) +{ + crypto_unregister_aeads(crypto_morus1280_avx2_algs, + ARRAY_SIZE(crypto_morus1280_avx2_algs)); +} + +module_init(crypto_morus1280_avx2_module_init); +module_exit(crypto_morus1280_avx2_module_exit); + +MODULE_LICENSE("GPL"); +MODULE_AUTHOR("Ondrej Mosnacek <omosnacek@gmail.com>"); +MODULE_DESCRIPTION("MORUS-1280 AEAD algorithm -- AVX2 implementation"); +MODULE_ALIAS_CRYPTO("morus1280"); +MODULE_ALIAS_CRYPTO("morus1280-avx2"); diff --git a/arch/x86/crypto/morus1280-sse2-asm.S b/arch/x86/crypto/morus1280-sse2-asm.S new file mode 100644 index 000000000000..1fe637c7be9d --- /dev/null +++ b/arch/x86/crypto/morus1280-sse2-asm.S @@ -0,0 +1,895 @@ +/* + * SSE2 implementation of MORUS-1280 + * + * Copyright (c) 2017-2018 Ondrej Mosnacek <omosnacek@gmail.com> + * Copyright (C) 2017-2018 Red Hat, Inc. All rights reserved. + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 as published + * by the Free Software Foundation. + */ + +#include <linux/linkage.h> +#include <asm/frame.h> + +#define SHUFFLE_MASK(i0, i1, i2, i3) \ + (i0 | (i1 << 2) | (i2 << 4) | (i3 << 6)) + +#define MASK2 SHUFFLE_MASK(2, 3, 0, 1) + +#define STATE0_LO %xmm0 +#define STATE0_HI %xmm1 +#define STATE1_LO %xmm2 +#define STATE1_HI %xmm3 +#define STATE2_LO %xmm4 +#define STATE2_HI %xmm5 +#define STATE3_LO %xmm6 +#define STATE3_HI %xmm7 +#define STATE4_LO %xmm8 +#define STATE4_HI %xmm9 +#define KEY_LO %xmm10 +#define KEY_HI %xmm11 +#define MSG_LO %xmm10 +#define MSG_HI %xmm11 +#define T0_LO %xmm12 +#define T0_HI %xmm13 +#define T1_LO %xmm14 +#define T1_HI %xmm15 + +.section .rodata.cst16.morus640_const, "aM", @progbits, 16 +.align 16 +.Lmorus640_const_0: + .byte 0x00, 0x01, 0x01, 0x02, 0x03, 0x05, 0x08, 0x0d + .byte 0x15, 0x22, 0x37, 0x59, 0x90, 0xe9, 0x79, 0x62 +.Lmorus640_const_1: + .byte 0xdb, 0x3d, 0x18, 0x55, 0x6d, 0xc2, 0x2f, 0xf1 + .byte 0x20, 0x11, 0x31, 0x42, 0x73, 0xb5, 0x28, 0xdd + +.section .rodata.cst16.morus640_counter, "aM", @progbits, 16 +.align 16 +.Lmorus640_counter_0: + .byte 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07 + .byte 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f +.Lmorus640_counter_1: + .byte 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17 + .byte 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f + +.text + +.macro rol1 hi, lo + /* + * HI_1 | HI_0 || LO_1 | LO_0 + * ==> + * HI_0 | HI_1 || LO_1 | LO_0 + * ==> + * HI_0 | LO_1 || LO_0 | HI_1 + */ + pshufd $MASK2, \hi, \hi + movdqa \hi, T0_LO + punpcklqdq \lo, T0_LO + punpckhqdq \hi, \lo + movdqa \lo, \hi + movdqa T0_LO, \lo +.endm + +.macro rol2 hi, lo + movdqa \lo, T0_LO + movdqa \hi, \lo + movdqa T0_LO, \hi +.endm + +.macro rol3 hi, lo + /* + * HI_1 | HI_0 || LO_1 | LO_0 + * ==> + * HI_0 | HI_1 || LO_1 | LO_0 + * ==> + * LO_0 | HI_1 || HI_0 | LO_1 + */ + pshufd $MASK2, \hi, \hi + movdqa \lo, T0_LO + punpckhqdq \hi, T0_LO + punpcklqdq \lo, \hi + movdqa T0_LO, \lo +.endm + +.macro morus1280_round s0_l, s0_h, s1_l, s1_h, s2_l, s2_h, s3_l, s3_h, s4_l, s4_h, b, w + movdqa \s1_l, T0_LO + pand \s2_l, T0_LO + pxor T0_LO, \s0_l + + movdqa \s1_h, T0_LO + pand \s2_h, T0_LO + pxor T0_LO, \s0_h + + pxor \s3_l, \s0_l + pxor \s3_h, \s0_h + + movdqa \s0_l, T0_LO + psllq $\b, T0_LO + psrlq $(64 - \b), \s0_l + pxor T0_LO, \s0_l + + movdqa \s0_h, T0_LO + psllq $\b, T0_LO + psrlq $(64 - \b), \s0_h + pxor T0_LO, \s0_h + + \w \s3_h, \s3_l +.endm + +/* + * __morus1280_update: internal ABI + * input: + * STATE[0-4] - input state + * MSG - message block + * output: + * STATE[0-4] - output state + * changed: + * T0 + */ +__morus1280_update: + morus1280_round \ + STATE0_LO, STATE0_HI, \ + STATE1_LO, STATE1_HI, \ + STATE2_LO, STATE2_HI, \ + STATE3_LO, STATE3_HI, \ + STATE4_LO, STATE4_HI, \ + 13, rol1 + pxor MSG_LO, STATE1_LO + pxor MSG_HI, STATE1_HI + morus1280_round \ + STATE1_LO, STATE1_HI, \ + STATE2_LO, STATE2_HI, \ + STATE3_LO, STATE3_HI, \ + STATE4_LO, STATE4_HI, \ + STATE0_LO, STATE0_HI, \ + 46, rol2 + pxor MSG_LO, STATE2_LO + pxor MSG_HI, STATE2_HI + morus1280_round \ + STATE2_LO, STATE2_HI, \ + STATE3_LO, STATE3_HI, \ + STATE4_LO, STATE4_HI, \ + STATE0_LO, STATE0_HI, \ + STATE1_LO, STATE1_HI, \ + 38, rol3 + pxor MSG_LO, STATE3_LO + pxor MSG_HI, STATE3_HI + morus1280_round \ + STATE3_LO, STATE3_HI, \ + STATE4_LO, STATE4_HI, \ + STATE0_LO, STATE0_HI, \ + STATE1_LO, STATE1_HI, \ + STATE2_LO, STATE2_HI, \ + 7, rol2 + pxor MSG_LO, STATE4_LO + pxor MSG_HI, STATE4_HI + morus1280_round \ + STATE4_LO, STATE4_HI, \ + STATE0_LO, STATE0_HI, \ + STATE1_LO, STATE1_HI, \ + STATE2_LO, STATE2_HI, \ + STATE3_LO, STATE3_HI, \ + 4, rol1 + ret +ENDPROC(__morus1280_update) + +/* + * __morus1280_update_zero: internal ABI + * input: + * STATE[0-4] - input state + * output: + * STATE[0-4] - output state + * changed: + * T0 + */ +__morus1280_update_zero: + morus1280_round \ + STATE0_LO, STATE0_HI, \ + STATE1_LO, STATE1_HI, \ + STATE2_LO, STATE2_HI, \ + STATE3_LO, STATE3_HI, \ + STATE4_LO, STATE4_HI, \ + 13, rol1 + morus1280_round \ + STATE1_LO, STATE1_HI, \ + STATE2_LO, STATE2_HI, \ + STATE3_LO, STATE3_HI, \ + STATE4_LO, STATE4_HI, \ + STATE0_LO, STATE0_HI, \ + 46, rol2 + morus1280_round \ + STATE2_LO, STATE2_HI, \ + STATE3_LO, STATE3_HI, \ + STATE4_LO, STATE4_HI, \ + STATE0_LO, STATE0_HI, \ + STATE1_LO, STATE1_HI, \ + 38, rol3 + morus1280_round \ + STATE3_LO, STATE3_HI, \ + STATE4_LO, STATE4_HI, \ + STATE0_LO, STATE0_HI, \ + STATE1_LO, STATE1_HI, \ + STATE2_LO, STATE2_HI, \ + 7, rol2 + morus1280_round \ + STATE4_LO, STATE4_HI, \ + STATE0_LO, STATE0_HI, \ + STATE1_LO, STATE1_HI, \ + STATE2_LO, STATE2_HI, \ + STATE3_LO, STATE3_HI, \ + 4, rol1 + ret +ENDPROC(__morus1280_update_zero) + +/* + * __load_partial: internal ABI + * input: + * %rsi - src + * %rcx - bytes + * output: + * MSG - message block + * changed: + * %r8 + * %r9 + */ +__load_partial: + xor %r9, %r9 + pxor MSG_LO, MSG_LO + pxor MSG_HI, MSG_HI + + mov %rcx, %r8 + and $0x1, %r8 + jz .Lld_partial_1 + + mov %rcx, %r8 + and $0x1E, %r8 + add %rsi, %r8 + mov (%r8), %r9b + +.Lld_partial_1: + mov %rcx, %r8 + and $0x2, %r8 + jz .Lld_partial_2 + + mov %rcx, %r8 + and $0x1C, %r8 + add %rsi, %r8 + shl $16, %r9 + mov (%r8), %r9w + +.Lld_partial_2: + mov %rcx, %r8 + and $0x4, %r8 + jz .Lld_partial_4 + + mov %rcx, %r8 + and $0x18, %r8 + add %rsi, %r8 + shl $32, %r9 + mov (%r8), %r8d + xor %r8, %r9 + +.Lld_partial_4: + movq %r9, MSG_LO + + mov %rcx, %r8 + and $0x8, %r8 + jz .Lld_partial_8 + + mov %rcx, %r8 + and $0x10, %r8 + add %rsi, %r8 + pslldq $8, MSG_LO + movq (%r8), T0_LO + pxor T0_LO, MSG_LO + +.Lld_partial_8: + mov %rcx, %r8 + and $0x10, %r8 + jz .Lld_partial_16 + + movdqa MSG_LO, MSG_HI + movdqu (%rsi), MSG_LO + +.Lld_partial_16: + ret +ENDPROC(__load_partial) + +/* + * __store_partial: internal ABI + * input: + * %rdx - dst + * %rcx - bytes + * output: + * T0 - message block + * changed: + * %r8 + * %r9 + * %r10 + */ +__store_partial: + mov %rcx, %r8 + mov %rdx, %r9 + + cmp $16, %r8 + jl .Lst_partial_16 + + movdqu T0_LO, (%r9) + movdqa T0_HI, T0_LO + + sub $16, %r8 + add $16, %r9 + +.Lst_partial_16: + movq T0_LO, %r10 + + cmp $8, %r8 + jl .Lst_partial_8 + + mov %r10, (%r9) + psrldq $8, T0_LO + movq T0_LO, %r10 + + sub $8, %r8 + add $8, %r9 + +.Lst_partial_8: + cmp $4, %r8 + jl .Lst_partial_4 + + mov %r10d, (%r9) + shr $32, %r10 + + sub $4, %r8 + add $4, %r9 + +.Lst_partial_4: + cmp $2, %r8 + jl .Lst_partial_2 + + mov %r10w, (%r9) + shr $16, %r10 + + sub $2, %r8 + add $2, %r9 + +.Lst_partial_2: + cmp $1, %r8 + jl .Lst_partial_1 + + mov %r10b, (%r9) + +.Lst_partial_1: + ret +ENDPROC(__store_partial) + +/* + * void crypto_morus1280_sse2_init(void *state, const void *key, + * const void *iv); + */ +ENTRY(crypto_morus1280_sse2_init) + FRAME_BEGIN + + /* load IV: */ + pxor STATE0_HI, STATE0_HI + movdqu (%rdx), STATE0_LO + /* load key: */ + movdqu 0(%rsi), KEY_LO + movdqu 16(%rsi), KEY_HI + movdqa KEY_LO, STATE1_LO + movdqa KEY_HI, STATE1_HI + /* load all ones: */ + pcmpeqd STATE2_LO, STATE2_LO + pcmpeqd STATE2_HI, STATE2_HI + /* load all zeros: */ + pxor STATE3_LO, STATE3_LO + pxor STATE3_HI, STATE3_HI + /* load the constant: */ + movdqa .Lmorus640_const_0, STATE4_LO + movdqa .Lmorus640_const_1, STATE4_HI + + /* update 16 times with zero: */ + call __morus1280_update_zero + call __morus1280_update_zero + call __morus1280_update_zero + call __morus1280_update_zero + call __morus1280_update_zero + call __morus1280_update_zero + call __morus1280_update_zero + call __morus1280_update_zero + call __morus1280_update_zero + call __morus1280_update_zero + call __morus1280_update_zero + call __morus1280_update_zero + call __morus1280_update_zero + call __morus1280_update_zero + call __morus1280_update_zero + call __morus1280_update_zero + + /* xor-in the key again after updates: */ + pxor KEY_LO, STATE1_LO + pxor KEY_HI, STATE1_HI + + /* store the state: */ + movdqu STATE0_LO, (0 * 16)(%rdi) + movdqu STATE0_HI, (1 * 16)(%rdi) + movdqu STATE1_LO, (2 * 16)(%rdi) + movdqu STATE1_HI, (3 * 16)(%rdi) + movdqu STATE2_LO, (4 * 16)(%rdi) + movdqu STATE2_HI, (5 * 16)(%rdi) + movdqu STATE3_LO, (6 * 16)(%rdi) + movdqu STATE3_HI, (7 * 16)(%rdi) + movdqu STATE4_LO, (8 * 16)(%rdi) + movdqu STATE4_HI, (9 * 16)(%rdi) + + FRAME_END + ret +ENDPROC(crypto_morus1280_sse2_init) + +/* + * void crypto_morus1280_sse2_ad(void *state, const void *data, + * unsigned int length); + */ +ENTRY(crypto_morus1280_sse2_ad) + FRAME_BEGIN + + cmp $32, %rdx + jb .Lad_out + + /* load the state: */ + movdqu (0 * 16)(%rdi), STATE0_LO + movdqu (1 * 16)(%rdi), STATE0_HI + movdqu (2 * 16)(%rdi), STATE1_LO + movdqu (3 * 16)(%rdi), STATE1_HI + movdqu (4 * 16)(%rdi), STATE2_LO + movdqu (5 * 16)(%rdi), STATE2_HI + movdqu (6 * 16)(%rdi), STATE3_LO + movdqu (7 * 16)(%rdi), STATE3_HI + movdqu (8 * 16)(%rdi), STATE4_LO + movdqu (9 * 16)(%rdi), STATE4_HI + + mov %rsi, %r8 + and $0xF, %r8 + jnz .Lad_u_loop + +.align 4 +.Lad_a_loop: + movdqa 0(%rsi), MSG_LO + movdqa 16(%rsi), MSG_HI + call __morus1280_update + sub $32, %rdx + add $32, %rsi + cmp $32, %rdx + jge .Lad_a_loop + + jmp .Lad_cont +.align 4 +.Lad_u_loop: + movdqu 0(%rsi), MSG_LO + movdqu 16(%rsi), MSG_HI + call __morus1280_update + sub $32, %rdx + add $32, %rsi + cmp $32, %rdx + jge .Lad_u_loop + +.Lad_cont: + /* store the state: */ + movdqu STATE0_LO, (0 * 16)(%rdi) + movdqu STATE0_HI, (1 * 16)(%rdi) + movdqu STATE1_LO, (2 * 16)(%rdi) + movdqu STATE1_HI, (3 * 16)(%rdi) + movdqu STATE2_LO, (4 * 16)(%rdi) + movdqu STATE2_HI, (5 * 16)(%rdi) + movdqu STATE3_LO, (6 * 16)(%rdi) + movdqu STATE3_HI, (7 * 16)(%rdi) + movdqu STATE4_LO, (8 * 16)(%rdi) + movdqu STATE4_HI, (9 * 16)(%rdi) + +.Lad_out: + FRAME_END + ret +ENDPROC(crypto_morus1280_sse2_ad) + +/* + * void crypto_morus1280_sse2_enc(void *state, const void *src, void *dst, + * unsigned int length); + */ +ENTRY(crypto_morus1280_sse2_enc) + FRAME_BEGIN + + cmp $32, %rcx + jb .Lenc_out + + /* load the state: */ + movdqu (0 * 16)(%rdi), STATE0_LO + movdqu (1 * 16)(%rdi), STATE0_HI + movdqu (2 * 16)(%rdi), STATE1_LO + movdqu (3 * 16)(%rdi), STATE1_HI + movdqu (4 * 16)(%rdi), STATE2_LO + movdqu (5 * 16)(%rdi), STATE2_HI + movdqu (6 * 16)(%rdi), STATE3_LO + movdqu (7 * 16)(%rdi), STATE3_HI + movdqu (8 * 16)(%rdi), STATE4_LO + movdqu (9 * 16)(%rdi), STATE4_HI + + mov %rsi, %r8 + or %rdx, %r8 + and $0xF, %r8 + jnz .Lenc_u_loop + +.align 4 +.Lenc_a_loop: + movdqa 0(%rsi), MSG_LO + movdqa 16(%rsi), MSG_HI + movdqa STATE1_LO, T1_LO + movdqa STATE1_HI, T1_HI + rol3 T1_HI, T1_LO + movdqa MSG_LO, T0_LO + movdqa MSG_HI, T0_HI + pxor T1_LO, T0_LO + pxor T1_HI, T0_HI + pxor STATE0_LO, T0_LO + pxor STATE0_HI, T0_HI + movdqa STATE2_LO, T1_LO + movdqa STATE2_HI, T1_HI + pand STATE3_LO, T1_LO + pand STATE3_HI, T1_HI + pxor T1_LO, T0_LO + pxor T1_HI, T0_HI + movdqa T0_LO, 0(%rdx) + movdqa T0_HI, 16(%rdx) + + call __morus1280_update + sub $32, %rcx + add $32, %rsi + add $32, %rdx + cmp $32, %rcx + jge .Lenc_a_loop + + jmp .Lenc_cont +.align 4 +.Lenc_u_loop: + movdqu 0(%rsi), MSG_LO + movdqu 16(%rsi), MSG_HI + movdqa STATE1_LO, T1_LO + movdqa STATE1_HI, T1_HI + rol3 T1_HI, T1_LO + movdqa MSG_LO, T0_LO + movdqa MSG_HI, T0_HI + pxor T1_LO, T0_LO + pxor T1_HI, T0_HI + pxor STATE0_LO, T0_LO + pxor STATE0_HI, T0_HI + movdqa STATE2_LO, T1_LO + movdqa STATE2_HI, T1_HI + pand STATE3_LO, T1_LO + pand STATE3_HI, T1_HI + pxor T1_LO, T0_LO + pxor T1_HI, T0_HI + movdqu T0_LO, 0(%rdx) + movdqu T0_HI, 16(%rdx) + + call __morus1280_update + sub $32, %rcx + add $32, %rsi + add $32, %rdx + cmp $32, %rcx + jge .Lenc_u_loop + +.Lenc_cont: + /* store the state: */ + movdqu STATE0_LO, (0 * 16)(%rdi) + movdqu STATE0_HI, (1 * 16)(%rdi) + movdqu STATE1_LO, (2 * 16)(%rdi) + movdqu STATE1_HI, (3 * 16)(%rdi) + movdqu STATE2_LO, (4 * 16)(%rdi) + movdqu STATE2_HI, (5 * 16)(%rdi) + movdqu STATE3_LO, (6 * 16)(%rdi) + movdqu STATE3_HI, (7 * 16)(%rdi) + movdqu STATE4_LO, (8 * 16)(%rdi) + movdqu STATE4_HI, (9 * 16)(%rdi) + +.Lenc_out: + FRAME_END + ret +ENDPROC(crypto_morus1280_sse2_enc) + +/* + * void crypto_morus1280_sse2_enc_tail(void *state, const void *src, void *dst, + * unsigned int length); + */ +ENTRY(crypto_morus1280_sse2_enc_tail) + FRAME_BEGIN + + /* load the state: */ + movdqu (0 * 16)(%rdi), STATE0_LO + movdqu (1 * 16)(%rdi), STATE0_HI + movdqu (2 * 16)(%rdi), STATE1_LO + movdqu (3 * 16)(%rdi), STATE1_HI + movdqu (4 * 16)(%rdi), STATE2_LO + movdqu (5 * 16)(%rdi), STATE2_HI + movdqu (6 * 16)(%rdi), STATE3_LO + movdqu (7 * 16)(%rdi), STATE3_HI + movdqu (8 * 16)(%rdi), STATE4_LO + movdqu (9 * 16)(%rdi), STATE4_HI + + /* encrypt message: */ + call __load_partial + + movdqa STATE1_LO, T1_LO + movdqa STATE1_HI, T1_HI + rol3 T1_HI, T1_LO + movdqa MSG_LO, T0_LO + movdqa MSG_HI, T0_HI + pxor T1_LO, T0_LO + pxor T1_HI, T0_HI + pxor STATE0_LO, T0_LO + pxor STATE0_HI, T0_HI + movdqa STATE2_LO, T1_LO + movdqa STATE2_HI, T1_HI + pand STATE3_LO, T1_LO + pand STATE3_HI, T1_HI + pxor T1_LO, T0_LO + pxor T1_HI, T0_HI + + call __store_partial + + call __morus1280_update + + /* store the state: */ + movdqu STATE0_LO, (0 * 16)(%rdi) + movdqu STATE0_HI, (1 * 16)(%rdi) + movdqu STATE1_LO, (2 * 16)(%rdi) + movdqu STATE1_HI, (3 * 16)(%rdi) + movdqu STATE2_LO, (4 * 16)(%rdi) + movdqu STATE2_HI, (5 * 16)(%rdi) + movdqu STATE3_LO, (6 * 16)(%rdi) + movdqu STATE3_HI, (7 * 16)(%rdi) + movdqu STATE4_LO, (8 * 16)(%rdi) + movdqu STATE4_HI, (9 * 16)(%rdi) + + FRAME_END +ENDPROC(crypto_morus1280_sse2_enc_tail) + +/* + * void crypto_morus1280_sse2_dec(void *state, const void *src, void *dst, + * unsigned int length); + */ +ENTRY(crypto_morus1280_sse2_dec) + FRAME_BEGIN + + cmp $32, %rcx + jb .Ldec_out + + /* load the state: */ + movdqu (0 * 16)(%rdi), STATE0_LO + movdqu (1 * 16)(%rdi), STATE0_HI + movdqu (2 * 16)(%rdi), STATE1_LO + movdqu (3 * 16)(%rdi), STATE1_HI + movdqu (4 * 16)(%rdi), STATE2_LO + movdqu (5 * 16)(%rdi), STATE2_HI + movdqu (6 * 16)(%rdi), STATE3_LO + movdqu (7 * 16)(%rdi), STATE3_HI + movdqu (8 * 16)(%rdi), STATE4_LO + movdqu (9 * 16)(%rdi), STATE4_HI + + mov %rsi, %r8 + or %rdx, %r8 + and $0xF, %r8 + jnz .Ldec_u_loop + +.align 4 +.Ldec_a_loop: + movdqa 0(%rsi), MSG_LO + movdqa 16(%rsi), MSG_HI + pxor STATE0_LO, MSG_LO + pxor STATE0_HI, MSG_HI + movdqa STATE1_LO, T1_LO + movdqa STATE1_HI, T1_HI + rol3 T1_HI, T1_LO + pxor T1_LO, MSG_LO + pxor T1_HI, MSG_HI + movdqa STATE2_LO, T1_LO + movdqa STATE2_HI, T1_HI + pand STATE3_LO, T1_LO + pand STATE3_HI, T1_HI + pxor T1_LO, MSG_LO + pxor T1_HI, MSG_HI + movdqa MSG_LO, 0(%rdx) + movdqa MSG_HI, 16(%rdx) + + call __morus1280_update + sub $32, %rcx + add $32, %rsi + add $32, %rdx + cmp $32, %rcx + jge .Ldec_a_loop + + jmp .Ldec_cont +.align 4 +.Ldec_u_loop: + movdqu 0(%rsi), MSG_LO + movdqu 16(%rsi), MSG_HI + pxor STATE0_LO, MSG_LO + pxor STATE0_HI, MSG_HI + movdqa STATE1_LO, T1_LO + movdqa STATE1_HI, T1_HI + rol3 T1_HI, T1_LO + pxor T1_LO, MSG_LO + pxor T1_HI, MSG_HI + movdqa STATE2_LO, T1_LO + movdqa STATE2_HI, T1_HI + pand STATE3_LO, T1_LO + pand STATE3_HI, T1_HI + pxor T1_LO, MSG_LO + pxor T1_HI, MSG_HI + movdqu MSG_LO, 0(%rdx) + movdqu MSG_HI, 16(%rdx) + + call __morus1280_update + sub $32, %rcx + add $32, %rsi + add $32, %rdx + cmp $32, %rcx + jge .Ldec_u_loop + +.Ldec_cont: + /* store the state: */ + movdqu STATE0_LO, (0 * 16)(%rdi) + movdqu STATE0_HI, (1 * 16)(%rdi) + movdqu STATE1_LO, (2 * 16)(%rdi) + movdqu STATE1_HI, (3 * 16)(%rdi) + movdqu STATE2_LO, (4 * 16)(%rdi) + movdqu STATE2_HI, (5 * 16)(%rdi) + movdqu STATE3_LO, (6 * 16)(%rdi) + movdqu STATE3_HI, (7 * 16)(%rdi) + movdqu STATE4_LO, (8 * 16)(%rdi) + movdqu STATE4_HI, (9 * 16)(%rdi) + +.Ldec_out: + FRAME_END + ret +ENDPROC(crypto_morus1280_sse2_dec) + +/* + * void crypto_morus1280_sse2_dec_tail(void *state, const void *src, void *dst, + * unsigned int length); + */ +ENTRY(crypto_morus1280_sse2_dec_tail) + FRAME_BEGIN + + /* load the state: */ + movdqu (0 * 16)(%rdi), STATE0_LO + movdqu (1 * 16)(%rdi), STATE0_HI + movdqu (2 * 16)(%rdi), STATE1_LO + movdqu (3 * 16)(%rdi), STATE1_HI + movdqu (4 * 16)(%rdi), STATE2_LO + movdqu (5 * 16)(%rdi), STATE2_HI + movdqu (6 * 16)(%rdi), STATE3_LO + movdqu (7 * 16)(%rdi), STATE3_HI + movdqu (8 * 16)(%rdi), STATE4_LO + movdqu (9 * 16)(%rdi), STATE4_HI + + /* decrypt message: */ + call __load_partial + + pxor STATE0_LO, MSG_LO + pxor STATE0_HI, MSG_HI + movdqa STATE1_LO, T1_LO + movdqa STATE1_HI, T1_HI + rol3 T1_HI, T1_LO + pxor T1_LO, MSG_LO + pxor T1_HI, MSG_HI + movdqa STATE2_LO, T1_LO + movdqa STATE2_HI, T1_HI + pand STATE3_LO, T1_LO + pand STATE3_HI, T1_HI + pxor T1_LO, MSG_LO + pxor T1_HI, MSG_HI + movdqa MSG_LO, T0_LO + movdqa MSG_HI, T0_HI + + call __store_partial + + /* mask with byte count: */ + movq %rcx, T0_LO + punpcklbw T0_LO, T0_LO + punpcklbw T0_LO, T0_LO + punpcklbw T0_LO, T0_LO + punpcklbw T0_LO, T0_LO + movdqa T0_LO, T0_HI + movdqa .Lmorus640_counter_0, T1_LO + movdqa .Lmorus640_counter_1, T1_HI + pcmpgtb T1_LO, T0_LO + pcmpgtb T1_HI, T0_HI + pand T0_LO, MSG_LO + pand T0_HI, MSG_HI + + call __morus1280_update + + /* store the state: */ + movdqu STATE0_LO, (0 * 16)(%rdi) + movdqu STATE0_HI, (1 * 16)(%rdi) + movdqu STATE1_LO, (2 * 16)(%rdi) + movdqu STATE1_HI, (3 * 16)(%rdi) + movdqu STATE2_LO, (4 * 16)(%rdi) + movdqu STATE2_HI, (5 * 16)(%rdi) + movdqu STATE3_LO, (6 * 16)(%rdi) + movdqu STATE3_HI, (7 * 16)(%rdi) + movdqu STATE4_LO, (8 * 16)(%rdi) + movdqu STATE4_HI, (9 * 16)(%rdi) + + FRAME_END + ret +ENDPROC(crypto_morus1280_sse2_dec_tail) + +/* + * void crypto_morus1280_sse2_final(void *state, void *tag_xor, + * u64 assoclen, u64 cryptlen); + */ +ENTRY(crypto_morus1280_sse2_final) + FRAME_BEGIN + + /* load the state: */ + movdqu (0 * 16)(%rdi), STATE0_LO + movdqu (1 * 16)(%rdi), STATE0_HI + movdqu (2 * 16)(%rdi), STATE1_LO + movdqu (3 * 16)(%rdi), STATE1_HI + movdqu (4 * 16)(%rdi), STATE2_LO + movdqu (5 * 16)(%rdi), STATE2_HI + movdqu (6 * 16)(%rdi), STATE3_LO + movdqu (7 * 16)(%rdi), STATE3_HI + movdqu (8 * 16)(%rdi), STATE4_LO + movdqu (9 * 16)(%rdi), STATE4_HI + + /* xor state[0] into state[4]: */ + pxor STATE0_LO, STATE4_LO + pxor STATE0_HI, STATE4_HI + + /* prepare length block: */ + movq %rdx, MSG_LO + movq %rcx, T0_LO + pslldq $8, T0_LO + pxor T0_LO, MSG_LO + psllq $3, MSG_LO /* multiply by 8 (to get bit count) */ + pxor MSG_HI, MSG_HI + + /* update state: */ + call __morus1280_update + call __morus1280_update + call __morus1280_update + call __morus1280_update + call __morus1280_update + call __morus1280_update + call __morus1280_update + call __morus1280_update + call __morus1280_update + call __morus1280_update + + /* xor tag: */ + movdqu 0(%rsi), MSG_LO + movdqu 16(%rsi), MSG_HI + + pxor STATE0_LO, MSG_LO + pxor STATE0_HI, MSG_HI + movdqa STATE1_LO, T0_LO + movdqa STATE1_HI, T0_HI + rol3 T0_HI, T0_LO + pxor T0_LO, MSG_LO + pxor T0_HI, MSG_HI + movdqa STATE2_LO, T0_LO + movdqa STATE2_HI, T0_HI + pand STATE3_LO, T0_LO + pand STATE3_HI, T0_HI + pxor T0_LO, MSG_LO + pxor T0_HI, MSG_HI + + movdqu MSG_LO, 0(%rsi) + movdqu MSG_HI, 16(%rsi) + + FRAME_END + ret +ENDPROC(crypto_morus1280_sse2_final) diff --git a/arch/x86/crypto/morus1280-sse2-glue.c b/arch/x86/crypto/morus1280-sse2-glue.c new file mode 100644 index 000000000000..839270aa713c --- /dev/null +++ b/arch/x86/crypto/morus1280-sse2-glue.c @@ -0,0 +1,68 @@ +/* + * The MORUS-1280 Authenticated-Encryption Algorithm + * Glue for SSE2 implementation + * + * Copyright (c) 2016-2018 Ondrej Mosnacek <omosnacek@gmail.com> + * Copyright (C) 2017-2018 Red Hat, Inc. All rights reserved. + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the Free + * Software Foundation; either version 2 of the License, or (at your option) + * any later version. + */ + +#include <crypto/internal/aead.h> +#include <crypto/morus1280_glue.h> +#include <linux/module.h> +#include <asm/fpu/api.h> +#include <asm/cpu_device_id.h> + +asmlinkage void crypto_morus1280_sse2_init(void *state, const void *key, + const void *iv); +asmlinkage void crypto_morus1280_sse2_ad(void *state, const void *data, + unsigned int length); + +asmlinkage void crypto_morus1280_sse2_enc(void *state, const void *src, + void *dst, unsigned int length); +asmlinkage void crypto_morus1280_sse2_dec(void *state, const void *src, + void *dst, unsigned int length); + +asmlinkage void crypto_morus1280_sse2_enc_tail(void *state, const void *src, + void *dst, unsigned int length); +asmlinkage void crypto_morus1280_sse2_dec_tail(void *state, const void *src, + void *dst, unsigned int length); + +asmlinkage void crypto_morus1280_sse2_final(void *state, void *tag_xor, + u64 assoclen, u64 cryptlen); + +MORUS1280_DECLARE_ALGS(sse2, "morus1280-sse2", 350); + +static const struct x86_cpu_id sse2_cpu_id[] = { + X86_FEATURE_MATCH(X86_FEATURE_XMM2), + {} +}; +MODULE_DEVICE_TABLE(x86cpu, sse2_cpu_id); + +static int __init crypto_morus1280_sse2_module_init(void) +{ + if (!x86_match_cpu(sse2_cpu_id)) + return -ENODEV; + + return crypto_register_aeads(crypto_morus1280_sse2_algs, + ARRAY_SIZE(crypto_morus1280_sse2_algs)); +} + +static void __exit crypto_morus1280_sse2_module_exit(void) +{ + crypto_unregister_aeads(crypto_morus1280_sse2_algs, + ARRAY_SIZE(crypto_morus1280_sse2_algs)); +} + +module_init(crypto_morus1280_sse2_module_init); +module_exit(crypto_morus1280_sse2_module_exit); + +MODULE_LICENSE("GPL"); +MODULE_AUTHOR("Ondrej Mosnacek <omosnacek@gmail.com>"); +MODULE_DESCRIPTION("MORUS-1280 AEAD algorithm -- SSE2 implementation"); +MODULE_ALIAS_CRYPTO("morus1280"); +MODULE_ALIAS_CRYPTO("morus1280-sse2"); diff --git a/arch/x86/crypto/morus1280_glue.c b/arch/x86/crypto/morus1280_glue.c new file mode 100644 index 000000000000..0dccdda1eb3a --- /dev/null +++ b/arch/x86/crypto/morus1280_glue.c @@ -0,0 +1,302 @@ +/* + * The MORUS-1280 Authenticated-Encryption Algorithm + * Common x86 SIMD glue skeleton + * + * Copyright (c) 2016-2018 Ondrej Mosnacek <omosnacek@gmail.com> + * Copyright (C) 2017-2018 Red Hat, Inc. All rights reserved. + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the Free + * Software Foundation; either version 2 of the License, or (at your option) + * any later version. + */ + +#include <crypto/cryptd.h> +#include <crypto/internal/aead.h> +#include <crypto/internal/skcipher.h> +#include <crypto/morus1280_glue.h> +#include <crypto/scatterwalk.h> +#include <linux/err.h> +#include <linux/init.h> +#include <linux/kernel.h> +#include <linux/module.h> +#include <linux/scatterlist.h> +#include <asm/fpu/api.h> + +struct morus1280_state { + struct morus1280_block s[MORUS_STATE_BLOCKS]; +}; + +struct morus1280_ops { + int (*skcipher_walk_init)(struct skcipher_walk *walk, + struct aead_request *req, bool atomic); + + void (*crypt_blocks)(void *state, const void *src, void *dst, + unsigned int length); + void (*crypt_tail)(void *state, const void *src, void *dst, + unsigned int length); +}; + +static void crypto_morus1280_glue_process_ad( + struct morus1280_state *state, + const struct morus1280_glue_ops *ops, + struct scatterlist *sg_src, unsigned int assoclen) +{ + struct scatter_walk walk; + struct morus1280_block buf; + unsigned int pos = 0; + + scatterwalk_start(&walk, sg_src); + while (assoclen != 0) { + unsigned int size = scatterwalk_clamp(&walk, assoclen); + unsigned int left = size; + void *mapped = scatterwalk_map(&walk); + const u8 *src = (const u8 *)mapped; + + if (pos + size >= MORUS1280_BLOCK_SIZE) { + if (pos > 0) { + unsigned int fill = MORUS1280_BLOCK_SIZE - pos; + memcpy(buf.bytes + pos, src, fill); + ops->ad(state, buf.bytes, MORUS1280_BLOCK_SIZE); + pos = 0; + left -= fill; + src += fill; + } + + ops->ad(state, src, left); + src += left & ~(MORUS1280_BLOCK_SIZE - 1); + left &= MORUS1280_BLOCK_SIZE - 1; + } + + memcpy(buf.bytes + pos, src, left); + + pos += left; + assoclen -= size; + scatterwalk_unmap(mapped); + scatterwalk_advance(&walk, size); + scatterwalk_done(&walk, 0, assoclen); + } + + if (pos > 0) { + memset(buf.bytes + pos, 0, MORUS1280_BLOCK_SIZE - pos); + ops->ad(state, buf.bytes, MORUS1280_BLOCK_SIZE); + } +} + +static void crypto_morus1280_glue_process_crypt(struct morus1280_state *state, + struct morus1280_ops ops, + struct aead_request *req) +{ + struct skcipher_walk walk; + u8 *cursor_src, *cursor_dst; + unsigned int chunksize, base; + + ops.skcipher_walk_init(&walk, req, false); + + while (walk.nbytes) { + cursor_src = walk.src.virt.addr; + cursor_dst = walk.dst.virt.addr; + chunksize = walk.nbytes; + + ops.crypt_blocks(state, cursor_src, cursor_dst, chunksize); + + base = chunksize & ~(MORUS1280_BLOCK_SIZE - 1); + cursor_src += base; + cursor_dst += base; + chunksize &= MORUS1280_BLOCK_SIZE - 1; + + if (chunksize > 0) + ops.crypt_tail(state, cursor_src, cursor_dst, + chunksize); + + skcipher_walk_done(&walk, 0); + } +} + +int crypto_morus1280_glue_setkey(struct crypto_aead *aead, const u8 *key, + unsigned int keylen) +{ + struct morus1280_ctx *ctx = crypto_aead_ctx(aead); + + if (keylen == MORUS1280_BLOCK_SIZE) { + memcpy(ctx->key.bytes, key, MORUS1280_BLOCK_SIZE); + } else if (keylen == MORUS1280_BLOCK_SIZE / 2) { + memcpy(ctx->key.bytes, key, keylen); + memcpy(ctx->key.bytes + keylen, key, keylen); + } else { + crypto_aead_set_flags(aead, CRYPTO_TFM_RES_BAD_KEY_LEN); + return -EINVAL; + } + + return 0; +} +EXPORT_SYMBOL_GPL(crypto_morus1280_glue_setkey); + +int crypto_morus1280_glue_setauthsize(struct crypto_aead *tfm, + unsigned int authsize) +{ + return (authsize <= MORUS_MAX_AUTH_SIZE) ? 0 : -EINVAL; +} +EXPORT_SYMBOL_GPL(crypto_morus1280_glue_setauthsize); + +static void crypto_morus1280_glue_crypt(struct aead_request *req, + struct morus1280_ops ops, + unsigned int cryptlen, + struct morus1280_block *tag_xor) +{ + struct crypto_aead *tfm = crypto_aead_reqtfm(req); + struct morus1280_ctx *ctx = crypto_aead_ctx(tfm); + struct morus1280_state state; + + kernel_fpu_begin(); + + ctx->ops->init(&state, &ctx->key, req->iv); + crypto_morus1280_glue_process_ad(&state, ctx->ops, req->src, req->assoclen); + crypto_morus1280_glue_process_crypt(&state, ops, req); + ctx->ops->final(&state, tag_xor, req->assoclen, cryptlen); + + kernel_fpu_end(); +} + +int crypto_morus1280_glue_encrypt(struct aead_request *req) +{ + struct crypto_aead *tfm = crypto_aead_reqtfm(req); + struct morus1280_ctx *ctx = crypto_aead_ctx(tfm); + struct morus1280_ops OPS = { + .skcipher_walk_init = skcipher_walk_aead_encrypt, + .crypt_blocks = ctx->ops->enc, + .crypt_tail = ctx->ops->enc_tail, + }; + + struct morus1280_block tag = {}; + unsigned int authsize = crypto_aead_authsize(tfm); + unsigned int cryptlen = req->cryptlen; + + crypto_morus1280_glue_crypt(req, OPS, cryptlen, &tag); + + scatterwalk_map_and_copy(tag.bytes, req->dst, + req->assoclen + cryptlen, authsize, 1); + return 0; +} +EXPORT_SYMBOL_GPL(crypto_morus1280_glue_encrypt); + +int crypto_morus1280_glue_decrypt(struct aead_request *req) +{ + static const u8 zeros[MORUS1280_BLOCK_SIZE] = {}; + + struct crypto_aead *tfm = crypto_aead_reqtfm(req); + struct morus1280_ctx *ctx = crypto_aead_ctx(tfm); + struct morus1280_ops OPS = { + .skcipher_walk_init = skcipher_walk_aead_decrypt, + .crypt_blocks = ctx->ops->dec, + .crypt_tail = ctx->ops->dec_tail, + }; + + struct morus1280_block tag; + unsigned int authsize = crypto_aead_authsize(tfm); + unsigned int cryptlen = req->cryptlen - authsize; + + scatterwalk_map_and_copy(tag.bytes, req->src, + req->assoclen + cryptlen, authsize, 0); + + crypto_morus1280_glue_crypt(req, OPS, cryptlen, &tag); + + return crypto_memneq(tag.bytes, zeros, authsize) ? -EBADMSG : 0; +} +EXPORT_SYMBOL_GPL(crypto_morus1280_glue_decrypt); + +void crypto_morus1280_glue_init_ops(struct crypto_aead *aead, + const struct morus1280_glue_ops *ops) +{ + struct morus1280_ctx *ctx = crypto_aead_ctx(aead); + ctx->ops = ops; +} +EXPORT_SYMBOL_GPL(crypto_morus1280_glue_init_ops); + +int cryptd_morus1280_glue_setkey(struct crypto_aead *aead, const u8 *key, + unsigned int keylen) +{ + struct cryptd_aead **ctx = crypto_aead_ctx(aead); + struct cryptd_aead *cryptd_tfm = *ctx; + + return crypto_aead_setkey(&cryptd_tfm->base, key, keylen); +} +EXPORT_SYMBOL_GPL(cryptd_morus1280_glue_setkey); + +int cryptd_morus1280_glue_setauthsize(struct crypto_aead *aead, + unsigned int authsize) +{ + struct cryptd_aead **ctx = crypto_aead_ctx(aead); + struct cryptd_aead *cryptd_tfm = *ctx; + + return crypto_aead_setauthsize(&cryptd_tfm->base, authsize); +} +EXPORT_SYMBOL_GPL(cryptd_morus1280_glue_setauthsize); + +int cryptd_morus1280_glue_encrypt(struct aead_request *req) +{ + struct crypto_aead *aead = crypto_aead_reqtfm(req); + struct cryptd_aead **ctx = crypto_aead_ctx(aead); + struct cryptd_aead *cryptd_tfm = *ctx; + + aead = &cryptd_tfm->base; + if (irq_fpu_usable() && (!in_atomic() || + !cryptd_aead_queued(cryptd_tfm))) + aead = cryptd_aead_child(cryptd_tfm); + + aead_request_set_tfm(req, aead); + + return crypto_aead_encrypt(req); +} +EXPORT_SYMBOL_GPL(cryptd_morus1280_glue_encrypt); + +int cryptd_morus1280_glue_decrypt(struct aead_request *req) +{ + struct crypto_aead *aead = crypto_aead_reqtfm(req); + struct cryptd_aead **ctx = crypto_aead_ctx(aead); + struct cryptd_aead *cryptd_tfm = *ctx; + + aead = &cryptd_tfm->base; + if (irq_fpu_usable() && (!in_atomic() || + !cryptd_aead_queued(cryptd_tfm))) + aead = cryptd_aead_child(cryptd_tfm); + + aead_request_set_tfm(req, aead); + + return crypto_aead_decrypt(req); +} +EXPORT_SYMBOL_GPL(cryptd_morus1280_glue_decrypt); + +int cryptd_morus1280_glue_init_tfm(struct crypto_aead *aead) +{ + struct cryptd_aead *cryptd_tfm; + struct cryptd_aead **ctx = crypto_aead_ctx(aead); + const char *name = crypto_aead_alg(aead)->base.cra_driver_name; + char internal_name[CRYPTO_MAX_ALG_NAME]; + + if (snprintf(internal_name, CRYPTO_MAX_ALG_NAME, "__%s", name) + >= CRYPTO_MAX_ALG_NAME) + return -ENAMETOOLONG; + + cryptd_tfm = cryptd_alloc_aead(internal_name, CRYPTO_ALG_INTERNAL, + CRYPTO_ALG_INTERNAL); + if (IS_ERR(cryptd_tfm)) + return PTR_ERR(cryptd_tfm); + + *ctx = cryptd_tfm; + crypto_aead_set_reqsize(aead, crypto_aead_reqsize(&cryptd_tfm->base)); + return 0; +} +EXPORT_SYMBOL_GPL(cryptd_morus1280_glue_init_tfm); + +void cryptd_morus1280_glue_exit_tfm(struct crypto_aead *aead) +{ + struct cryptd_aead **ctx = crypto_aead_ctx(aead); + + cryptd_free_aead(*ctx); +} +EXPORT_SYMBOL_GPL(cryptd_morus1280_glue_exit_tfm); + +MODULE_LICENSE("GPL"); +MODULE_AUTHOR("Ondrej Mosnacek <omosnacek@gmail.com>"); +MODULE_DESCRIPTION("MORUS-1280 AEAD mode -- glue for x86 optimizations"); diff --git a/arch/x86/crypto/morus640-sse2-asm.S b/arch/x86/crypto/morus640-sse2-asm.S new file mode 100644 index 000000000000..71c72a0a0862 --- /dev/null +++ b/arch/x86/crypto/morus640-sse2-asm.S @@ -0,0 +1,614 @@ +/* + * SSE2 implementation of MORUS-640 + * + * Copyright (c) 2017-2018 Ondrej Mosnacek <omosnacek@gmail.com> + * Copyright (C) 2017-2018 Red Hat, Inc. All rights reserved. + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 as published + * by the Free Software Foundation. + */ + +#include <linux/linkage.h> +#include <asm/frame.h> + +#define SHUFFLE_MASK(i0, i1, i2, i3) \ + (i0 | (i1 << 2) | (i2 << 4) | (i3 << 6)) + +#define MASK1 SHUFFLE_MASK(3, 0, 1, 2) +#define MASK2 SHUFFLE_MASK(2, 3, 0, 1) +#define MASK3 SHUFFLE_MASK(1, 2, 3, 0) + +#define STATE0 %xmm0 +#define STATE1 %xmm1 +#define STATE2 %xmm2 +#define STATE3 %xmm3 +#define STATE4 %xmm4 +#define KEY %xmm5 +#define MSG %xmm5 +#define T0 %xmm6 +#define T1 %xmm7 + +.section .rodata.cst16.morus640_const, "aM", @progbits, 32 +.align 16 +.Lmorus640_const_0: + .byte 0x00, 0x01, 0x01, 0x02, 0x03, 0x05, 0x08, 0x0d + .byte 0x15, 0x22, 0x37, 0x59, 0x90, 0xe9, 0x79, 0x62 +.Lmorus640_const_1: + .byte 0xdb, 0x3d, 0x18, 0x55, 0x6d, 0xc2, 0x2f, 0xf1 + .byte 0x20, 0x11, 0x31, 0x42, 0x73, 0xb5, 0x28, 0xdd + +.section .rodata.cst16.morus640_counter, "aM", @progbits, 16 +.align 16 +.Lmorus640_counter: + .byte 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07 + .byte 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f + +.text + +.macro morus640_round s0, s1, s2, s3, s4, b, w + movdqa \s1, T0 + pand \s2, T0 + pxor T0, \s0 + pxor \s3, \s0 + movdqa \s0, T0 + pslld $\b, T0 + psrld $(32 - \b), \s0 + pxor T0, \s0 + pshufd $\w, \s3, \s3 +.endm + +/* + * __morus640_update: internal ABI + * input: + * STATE[0-4] - input state + * MSG - message block + * output: + * STATE[0-4] - output state + * changed: + * T0 + */ +__morus640_update: + morus640_round STATE0, STATE1, STATE2, STATE3, STATE4, 5, MASK1 + pxor MSG, STATE1 + morus640_round STATE1, STATE2, STATE3, STATE4, STATE0, 31, MASK2 + pxor MSG, STATE2 + morus640_round STATE2, STATE3, STATE4, STATE0, STATE1, 7, MASK3 + pxor MSG, STATE3 + morus640_round STATE3, STATE4, STATE0, STATE1, STATE2, 22, MASK2 + pxor MSG, STATE4 + morus640_round STATE4, STATE0, STATE1, STATE2, STATE3, 13, MASK1 + ret +ENDPROC(__morus640_update) + + +/* + * __morus640_update_zero: internal ABI + * input: + * STATE[0-4] - input state + * output: + * STATE[0-4] - output state + * changed: + * T0 + */ +__morus640_update_zero: + morus640_round STATE0, STATE1, STATE2, STATE3, STATE4, 5, MASK1 + morus640_round STATE1, STATE2, STATE3, STATE4, STATE0, 31, MASK2 + morus640_round STATE2, STATE3, STATE4, STATE0, STATE1, 7, MASK3 + morus640_round STATE3, STATE4, STATE0, STATE1, STATE2, 22, MASK2 + morus640_round STATE4, STATE0, STATE1, STATE2, STATE3, 13, MASK1 + ret +ENDPROC(__morus640_update_zero) + +/* + * __load_partial: internal ABI + * input: + * %rsi - src + * %rcx - bytes + * output: + * MSG - message block + * changed: + * T0 + * %r8 + * %r9 + */ +__load_partial: + xor %r9, %r9 + pxor MSG, MSG + + mov %rcx, %r8 + and $0x1, %r8 + jz .Lld_partial_1 + + mov %rcx, %r8 + and $0x1E, %r8 + add %rsi, %r8 + mov (%r8), %r9b + +.Lld_partial_1: + mov %rcx, %r8 + and $0x2, %r8 + jz .Lld_partial_2 + + mov %rcx, %r8 + and $0x1C, %r8 + add %rsi, %r8 + shl $16, %r9 + mov (%r8), %r9w + +.Lld_partial_2: + mov %rcx, %r8 + and $0x4, %r8 + jz .Lld_partial_4 + + mov %rcx, %r8 + and $0x18, %r8 + add %rsi, %r8 + shl $32, %r9 + mov (%r8), %r8d + xor %r8, %r9 + +.Lld_partial_4: + movq %r9, MSG + + mov %rcx, %r8 + and $0x8, %r8 + jz .Lld_partial_8 + + mov %rcx, %r8 + and $0x10, %r8 + add %rsi, %r8 + pslldq $8, MSG + movq (%r8), T0 + pxor T0, MSG + +.Lld_partial_8: + ret +ENDPROC(__load_partial) + +/* + * __store_partial: internal ABI + * input: + * %rdx - dst + * %rcx - bytes + * output: + * T0 - message block + * changed: + * %r8 + * %r9 + * %r10 + */ +__store_partial: + mov %rcx, %r8 + mov %rdx, %r9 + + movq T0, %r10 + + cmp $8, %r8 + jl .Lst_partial_8 + + mov %r10, (%r9) + psrldq $8, T0 + movq T0, %r10 + + sub $8, %r8 + add $8, %r9 + +.Lst_partial_8: + cmp $4, %r8 + jl .Lst_partial_4 + + mov %r10d, (%r9) + shr $32, %r10 + + sub $4, %r8 + add $4, %r9 + +.Lst_partial_4: + cmp $2, %r8 + jl .Lst_partial_2 + + mov %r10w, (%r9) + shr $16, %r10 + + sub $2, %r8 + add $2, %r9 + +.Lst_partial_2: + cmp $1, %r8 + jl .Lst_partial_1 + + mov %r10b, (%r9) + +.Lst_partial_1: + ret +ENDPROC(__store_partial) + +/* + * void crypto_morus640_sse2_init(void *state, const void *key, const void *iv); + */ +ENTRY(crypto_morus640_sse2_init) + FRAME_BEGIN + + /* load IV: */ + movdqu (%rdx), STATE0 + /* load key: */ + movdqu (%rsi), KEY + movdqa KEY, STATE1 + /* load all ones: */ + pcmpeqd STATE2, STATE2 + /* load the constants: */ + movdqa .Lmorus640_const_0, STATE3 + movdqa .Lmorus640_const_1, STATE4 + + /* update 16 times with zero: */ + call __morus640_update_zero + call __morus640_update_zero + call __morus640_update_zero + call __morus640_update_zero + call __morus640_update_zero + call __morus640_update_zero + call __morus640_update_zero + call __morus640_update_zero + call __morus640_update_zero + call __morus640_update_zero + call __morus640_update_zero + call __morus640_update_zero + call __morus640_update_zero + call __morus640_update_zero + call __morus640_update_zero + call __morus640_update_zero + + /* xor-in the key again after updates: */ + pxor KEY, STATE1 + + /* store the state: */ + movdqu STATE0, (0 * 16)(%rdi) + movdqu STATE1, (1 * 16)(%rdi) + movdqu STATE2, (2 * 16)(%rdi) + movdqu STATE3, (3 * 16)(%rdi) + movdqu STATE4, (4 * 16)(%rdi) + + FRAME_END + ret +ENDPROC(crypto_morus640_sse2_init) + +/* + * void crypto_morus640_sse2_ad(void *state, const void *data, + * unsigned int length); + */ +ENTRY(crypto_morus640_sse2_ad) + FRAME_BEGIN + + cmp $16, %rdx + jb .Lad_out + + /* load the state: */ + movdqu (0 * 16)(%rdi), STATE0 + movdqu (1 * 16)(%rdi), STATE1 + movdqu (2 * 16)(%rdi), STATE2 + movdqu (3 * 16)(%rdi), STATE3 + movdqu (4 * 16)(%rdi), STATE4 + + mov %rsi, %r8 + and $0xF, %r8 + jnz .Lad_u_loop + +.align 4 +.Lad_a_loop: + movdqa (%rsi), MSG + call __morus640_update + sub $16, %rdx + add $16, %rsi + cmp $16, %rdx + jge .Lad_a_loop + + jmp .Lad_cont +.align 4 +.Lad_u_loop: + movdqu (%rsi), MSG + call __morus640_update + sub $16, %rdx + add $16, %rsi + cmp $16, %rdx + jge .Lad_u_loop + +.Lad_cont: + /* store the state: */ + movdqu STATE0, (0 * 16)(%rdi) + movdqu STATE1, (1 * 16)(%rdi) + movdqu STATE2, (2 * 16)(%rdi) + movdqu STATE3, (3 * 16)(%rdi) + movdqu STATE4, (4 * 16)(%rdi) + +.Lad_out: + FRAME_END + ret +ENDPROC(crypto_morus640_sse2_ad) + +/* + * void crypto_morus640_sse2_enc(void *state, const void *src, void *dst, + * unsigned int length); + */ +ENTRY(crypto_morus640_sse2_enc) + FRAME_BEGIN + + cmp $16, %rcx + jb .Lenc_out + + /* load the state: */ + movdqu (0 * 16)(%rdi), STATE0 + movdqu (1 * 16)(%rdi), STATE1 + movdqu (2 * 16)(%rdi), STATE2 + movdqu (3 * 16)(%rdi), STATE3 + movdqu (4 * 16)(%rdi), STATE4 + + mov %rsi, %r8 + or %rdx, %r8 + and $0xF, %r8 + jnz .Lenc_u_loop + +.align 4 +.Lenc_a_loop: + movdqa (%rsi), MSG + movdqa MSG, T0 + pxor STATE0, T0 + pshufd $MASK3, STATE1, T1 + pxor T1, T0 + movdqa STATE2, T1 + pand STATE3, T1 + pxor T1, T0 + movdqa T0, (%rdx) + + call __morus640_update + sub $16, %rcx + add $16, %rsi + add $16, %rdx + cmp $16, %rcx + jge .Lenc_a_loop + + jmp .Lenc_cont +.align 4 +.Lenc_u_loop: + movdqu (%rsi), MSG + movdqa MSG, T0 + pxor STATE0, T0 + pshufd $MASK3, STATE1, T1 + pxor T1, T0 + movdqa STATE2, T1 + pand STATE3, T1 + pxor T1, T0 + movdqu T0, (%rdx) + + call __morus640_update + sub $16, %rcx + add $16, %rsi + add $16, %rdx + cmp $16, %rcx + jge .Lenc_u_loop + +.Lenc_cont: + /* store the state: */ + movdqu STATE0, (0 * 16)(%rdi) + movdqu STATE1, (1 * 16)(%rdi) + movdqu STATE2, (2 * 16)(%rdi) + movdqu STATE3, (3 * 16)(%rdi) + movdqu STATE4, (4 * 16)(%rdi) + +.Lenc_out: + FRAME_END + ret +ENDPROC(crypto_morus640_sse2_enc) + +/* + * void crypto_morus640_sse2_enc_tail(void *state, const void *src, void *dst, + * unsigned int length); + */ +ENTRY(crypto_morus640_sse2_enc_tail) + FRAME_BEGIN + + /* load the state: */ + movdqu (0 * 16)(%rdi), STATE0 + movdqu (1 * 16)(%rdi), STATE1 + movdqu (2 * 16)(%rdi), STATE2 + movdqu (3 * 16)(%rdi), STATE3 + movdqu (4 * 16)(%rdi), STATE4 + + /* encrypt message: */ + call __load_partial + + movdqa MSG, T0 + pxor STATE0, T0 + pshufd $MASK3, STATE1, T1 + pxor T1, T0 + movdqa STATE2, T1 + pand STATE3, T1 + pxor T1, T0 + + call __store_partial + + call __morus640_update + + /* store the state: */ + movdqu STATE0, (0 * 16)(%rdi) + movdqu STATE1, (1 * 16)(%rdi) + movdqu STATE2, (2 * 16)(%rdi) + movdqu STATE3, (3 * 16)(%rdi) + movdqu STATE4, (4 * 16)(%rdi) + + FRAME_END +ENDPROC(crypto_morus640_sse2_enc_tail) + +/* + * void crypto_morus640_sse2_dec(void *state, const void *src, void *dst, + * unsigned int length); + */ +ENTRY(crypto_morus640_sse2_dec) + FRAME_BEGIN + + cmp $16, %rcx + jb .Ldec_out + + /* load the state: */ + movdqu (0 * 16)(%rdi), STATE0 + movdqu (1 * 16)(%rdi), STATE1 + movdqu (2 * 16)(%rdi), STATE2 + movdqu (3 * 16)(%rdi), STATE3 + movdqu (4 * 16)(%rdi), STATE4 + + mov %rsi, %r8 + or %rdx, %r8 + and $0xF, %r8 + jnz .Ldec_u_loop + +.align 4 +.Ldec_a_loop: + movdqa (%rsi), MSG + pxor STATE0, MSG + pshufd $MASK3, STATE1, T0 + pxor T0, MSG + movdqa STATE2, T0 + pand STATE3, T0 + pxor T0, MSG + movdqa MSG, (%rdx) + + call __morus640_update + sub $16, %rcx + add $16, %rsi + add $16, %rdx + cmp $16, %rcx + jge .Ldec_a_loop + + jmp .Ldec_cont +.align 4 +.Ldec_u_loop: + movdqu (%rsi), MSG + pxor STATE0, MSG + pshufd $MASK3, STATE1, T0 + pxor T0, MSG + movdqa STATE2, T0 + pand STATE3, T0 + pxor T0, MSG + movdqu MSG, (%rdx) + + call __morus640_update + sub $16, %rcx + add $16, %rsi + add $16, %rdx + cmp $16, %rcx + jge .Ldec_u_loop + +.Ldec_cont: + /* store the state: */ + movdqu STATE0, (0 * 16)(%rdi) + movdqu STATE1, (1 * 16)(%rdi) + movdqu STATE2, (2 * 16)(%rdi) + movdqu STATE3, (3 * 16)(%rdi) + movdqu STATE4, (4 * 16)(%rdi) + +.Ldec_out: + FRAME_END + ret +ENDPROC(crypto_morus640_sse2_dec) + +/* + * void crypto_morus640_sse2_dec_tail(void *state, const void *src, void *dst, + * unsigned int length); + */ +ENTRY(crypto_morus640_sse2_dec_tail) + FRAME_BEGIN + + /* load the state: */ + movdqu (0 * 16)(%rdi), STATE0 + movdqu (1 * 16)(%rdi), STATE1 + movdqu (2 * 16)(%rdi), STATE2 + movdqu (3 * 16)(%rdi), STATE3 + movdqu (4 * 16)(%rdi), STATE4 + + /* decrypt message: */ + call __load_partial + + pxor STATE0, MSG + pshufd $MASK3, STATE1, T0 + pxor T0, MSG + movdqa STATE2, T0 + pand STATE3, T0 + pxor T0, MSG + movdqa MSG, T0 + + call __store_partial + + /* mask with byte count: */ + movq %rcx, T0 + punpcklbw T0, T0 + punpcklbw T0, T0 + punpcklbw T0, T0 + punpcklbw T0, T0 + movdqa .Lmorus640_counter, T1 + pcmpgtb T1, T0 + pand T0, MSG + + call __morus640_update + + /* store the state: */ + movdqu STATE0, (0 * 16)(%rdi) + movdqu STATE1, (1 * 16)(%rdi) + movdqu STATE2, (2 * 16)(%rdi) + movdqu STATE3, (3 * 16)(%rdi) + movdqu STATE4, (4 * 16)(%rdi) + + FRAME_END + ret +ENDPROC(crypto_morus640_sse2_dec_tail) + +/* + * void crypto_morus640_sse2_final(void *state, void *tag_xor, + * u64 assoclen, u64 cryptlen); + */ +ENTRY(crypto_morus640_sse2_final) + FRAME_BEGIN + + /* load the state: */ + movdqu (0 * 16)(%rdi), STATE0 + movdqu (1 * 16)(%rdi), STATE1 + movdqu (2 * 16)(%rdi), STATE2 + movdqu (3 * 16)(%rdi), STATE3 + movdqu (4 * 16)(%rdi), STATE4 + + /* xor state[0] into state[4]: */ + pxor STATE0, STATE4 + + /* prepare length block: */ + movq %rdx, MSG + movq %rcx, T0 + pslldq $8, T0 + pxor T0, MSG + psllq $3, MSG /* multiply by 8 (to get bit count) */ + + /* update state: */ + call __morus640_update + call __morus640_update + call __morus640_update + call __morus640_update + call __morus640_update + call __morus640_update + call __morus640_update + call __morus640_update + call __morus640_update + call __morus640_update + + /* xor tag: */ + movdqu (%rsi), MSG + + pxor STATE0, MSG + pshufd $MASK3, STATE1, T0 + pxor T0, MSG + movdqa STATE2, T0 + pand STATE3, T0 + pxor T0, MSG + + movdqu MSG, (%rsi) + + FRAME_END + ret +ENDPROC(crypto_morus640_sse2_final) diff --git a/arch/x86/crypto/morus640-sse2-glue.c b/arch/x86/crypto/morus640-sse2-glue.c new file mode 100644 index 000000000000..26b47e2db8d2 --- /dev/null +++ b/arch/x86/crypto/morus640-sse2-glue.c @@ -0,0 +1,68 @@ +/* + * The MORUS-640 Authenticated-Encryption Algorithm + * Glue for SSE2 implementation + * + * Copyright (c) 2016-2018 Ondrej Mosnacek <omosnacek@gmail.com> + * Copyright (C) 2017-2018 Red Hat, Inc. All rights reserved. + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the Free + * Software Foundation; either version 2 of the License, or (at your option) + * any later version. + */ + +#include <crypto/internal/aead.h> +#include <crypto/morus640_glue.h> +#include <linux/module.h> +#include <asm/fpu/api.h> +#include <asm/cpu_device_id.h> + +asmlinkage void crypto_morus640_sse2_init(void *state, const void *key, + const void *iv); +asmlinkage void crypto_morus640_sse2_ad(void *state, const void *data, + unsigned int length); + +asmlinkage void crypto_morus640_sse2_enc(void *state, const void *src, + void *dst, unsigned int length); +asmlinkage void crypto_morus640_sse2_dec(void *state, const void *src, + void *dst, unsigned int length); + +asmlinkage void crypto_morus640_sse2_enc_tail(void *state, const void *src, + void *dst, unsigned int length); +asmlinkage void crypto_morus640_sse2_dec_tail(void *state, const void *src, + void *dst, unsigned int length); + +asmlinkage void crypto_morus640_sse2_final(void *state, void *tag_xor, + u64 assoclen, u64 cryptlen); + +MORUS640_DECLARE_ALGS(sse2, "morus640-sse2", 400); + +static const struct x86_cpu_id sse2_cpu_id[] = { + X86_FEATURE_MATCH(X86_FEATURE_XMM2), + {} +}; +MODULE_DEVICE_TABLE(x86cpu, sse2_cpu_id); + +static int __init crypto_morus640_sse2_module_init(void) +{ + if (!x86_match_cpu(sse2_cpu_id)) + return -ENODEV; + + return crypto_register_aeads(crypto_morus640_sse2_algs, + ARRAY_SIZE(crypto_morus640_sse2_algs)); +} + +static void __exit crypto_morus640_sse2_module_exit(void) +{ + crypto_unregister_aeads(crypto_morus640_sse2_algs, + ARRAY_SIZE(crypto_morus640_sse2_algs)); +} + +module_init(crypto_morus640_sse2_module_init); +module_exit(crypto_morus640_sse2_module_exit); + +MODULE_LICENSE("GPL"); +MODULE_AUTHOR("Ondrej Mosnacek <omosnacek@gmail.com>"); +MODULE_DESCRIPTION("MORUS-640 AEAD algorithm -- SSE2 implementation"); +MODULE_ALIAS_CRYPTO("morus640"); +MODULE_ALIAS_CRYPTO("morus640-sse2"); diff --git a/arch/x86/crypto/morus640_glue.c b/arch/x86/crypto/morus640_glue.c new file mode 100644 index 000000000000..7b58fe4d9bd1 --- /dev/null +++ b/arch/x86/crypto/morus640_glue.c @@ -0,0 +1,298 @@ +/* + * The MORUS-640 Authenticated-Encryption Algorithm + * Common x86 SIMD glue skeleton + * + * Copyright (c) 2016-2018 Ondrej Mosnacek <omosnacek@gmail.com> + * Copyright (C) 2017-2018 Red Hat, Inc. All rights reserved. + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the Free + * Software Foundation; either version 2 of the License, or (at your option) + * any later version. + */ + +#include <crypto/cryptd.h> +#include <crypto/internal/aead.h> +#include <crypto/internal/skcipher.h> +#include <crypto/morus640_glue.h> +#include <crypto/scatterwalk.h> +#include <linux/err.h> +#include <linux/init.h> +#include <linux/kernel.h> +#include <linux/module.h> +#include <linux/scatterlist.h> +#include <asm/fpu/api.h> + +struct morus640_state { + struct morus640_block s[MORUS_STATE_BLOCKS]; +}; + +struct morus640_ops { + int (*skcipher_walk_init)(struct skcipher_walk *walk, + struct aead_request *req, bool atomic); + + void (*crypt_blocks)(void *state, const void *src, void *dst, + unsigned int length); + void (*crypt_tail)(void *state, const void *src, void *dst, + unsigned int length); +}; + +static void crypto_morus640_glue_process_ad( + struct morus640_state *state, + const struct morus640_glue_ops *ops, + struct scatterlist *sg_src, unsigned int assoclen) +{ + struct scatter_walk walk; + struct morus640_block buf; + unsigned int pos = 0; + + scatterwalk_start(&walk, sg_src); + while (assoclen != 0) { + unsigned int size = scatterwalk_clamp(&walk, assoclen); + unsigned int left = size; + void *mapped = scatterwalk_map(&walk); + const u8 *src = (const u8 *)mapped; + + if (pos + size >= MORUS640_BLOCK_SIZE) { + if (pos > 0) { + unsigned int fill = MORUS640_BLOCK_SIZE - pos; + memcpy(buf.bytes + pos, src, fill); + ops->ad(state, buf.bytes, MORUS640_BLOCK_SIZE); + pos = 0; + left -= fill; + src += fill; + } + + ops->ad(state, src, left); + src += left & ~(MORUS640_BLOCK_SIZE - 1); + left &= MORUS640_BLOCK_SIZE - 1; + } + + memcpy(buf.bytes + pos, src, left); + + pos += left; + assoclen -= size; + scatterwalk_unmap(mapped); + scatterwalk_advance(&walk, size); + scatterwalk_done(&walk, 0, assoclen); + } + + if (pos > 0) { + memset(buf.bytes + pos, 0, MORUS640_BLOCK_SIZE - pos); + ops->ad(state, buf.bytes, MORUS640_BLOCK_SIZE); + } +} + +static void crypto_morus640_glue_process_crypt(struct morus640_state *state, + struct morus640_ops ops, + struct aead_request *req) +{ + struct skcipher_walk walk; + u8 *cursor_src, *cursor_dst; + unsigned int chunksize, base; + + ops.skcipher_walk_init(&walk, req, false); + + while (walk.nbytes) { + cursor_src = walk.src.virt.addr; + cursor_dst = walk.dst.virt.addr; + chunksize = walk.nbytes; + + ops.crypt_blocks(state, cursor_src, cursor_dst, chunksize); + + base = chunksize & ~(MORUS640_BLOCK_SIZE - 1); + cursor_src += base; + cursor_dst += base; + chunksize &= MORUS640_BLOCK_SIZE - 1; + + if (chunksize > 0) + ops.crypt_tail(state, cursor_src, cursor_dst, + chunksize); + + skcipher_walk_done(&walk, 0); + } +} + +int crypto_morus640_glue_setkey(struct crypto_aead *aead, const u8 *key, + unsigned int keylen) +{ + struct morus640_ctx *ctx = crypto_aead_ctx(aead); + + if (keylen != MORUS640_BLOCK_SIZE) { + crypto_aead_set_flags(aead, CRYPTO_TFM_RES_BAD_KEY_LEN); + return -EINVAL; + } + + memcpy(ctx->key.bytes, key, MORUS640_BLOCK_SIZE); + return 0; +} +EXPORT_SYMBOL_GPL(crypto_morus640_glue_setkey); + +int crypto_morus640_glue_setauthsize(struct crypto_aead *tfm, + unsigned int authsize) +{ + return (authsize <= MORUS_MAX_AUTH_SIZE) ? 0 : -EINVAL; +} +EXPORT_SYMBOL_GPL(crypto_morus640_glue_setauthsize); + +static void crypto_morus640_glue_crypt(struct aead_request *req, + struct morus640_ops ops, + unsigned int cryptlen, + struct morus640_block *tag_xor) +{ + struct crypto_aead *tfm = crypto_aead_reqtfm(req); + struct morus640_ctx *ctx = crypto_aead_ctx(tfm); + struct morus640_state state; + + kernel_fpu_begin(); + + ctx->ops->init(&state, &ctx->key, req->iv); + crypto_morus640_glue_process_ad(&state, ctx->ops, req->src, req->assoclen); + crypto_morus640_glue_process_crypt(&state, ops, req); + ctx->ops->final(&state, tag_xor, req->assoclen, cryptlen); + + kernel_fpu_end(); +} + +int crypto_morus640_glue_encrypt(struct aead_request *req) +{ + struct crypto_aead *tfm = crypto_aead_reqtfm(req); + struct morus640_ctx *ctx = crypto_aead_ctx(tfm); + struct morus640_ops OPS = { + .skcipher_walk_init = skcipher_walk_aead_encrypt, + .crypt_blocks = ctx->ops->enc, + .crypt_tail = ctx->ops->enc_tail, + }; + + struct morus640_block tag = {}; + unsigned int authsize = crypto_aead_authsize(tfm); + unsigned int cryptlen = req->cryptlen; + + crypto_morus640_glue_crypt(req, OPS, cryptlen, &tag); + + scatterwalk_map_and_copy(tag.bytes, req->dst, + req->assoclen + cryptlen, authsize, 1); + return 0; +} +EXPORT_SYMBOL_GPL(crypto_morus640_glue_encrypt); + +int crypto_morus640_glue_decrypt(struct aead_request *req) +{ + static const u8 zeros[MORUS640_BLOCK_SIZE] = {}; + + struct crypto_aead *tfm = crypto_aead_reqtfm(req); + struct morus640_ctx *ctx = crypto_aead_ctx(tfm); + struct morus640_ops OPS = { + .skcipher_walk_init = skcipher_walk_aead_decrypt, + .crypt_blocks = ctx->ops->dec, + .crypt_tail = ctx->ops->dec_tail, + }; + + struct morus640_block tag; + unsigned int authsize = crypto_aead_authsize(tfm); + unsigned int cryptlen = req->cryptlen - authsize; + + scatterwalk_map_and_copy(tag.bytes, req->src, + req->assoclen + cryptlen, authsize, 0); + + crypto_morus640_glue_crypt(req, OPS, cryptlen, &tag); + + return crypto_memneq(tag.bytes, zeros, authsize) ? -EBADMSG : 0; +} +EXPORT_SYMBOL_GPL(crypto_morus640_glue_decrypt); + +void crypto_morus640_glue_init_ops(struct crypto_aead *aead, + const struct morus640_glue_ops *ops) +{ + struct morus640_ctx *ctx = crypto_aead_ctx(aead); + ctx->ops = ops; +} +EXPORT_SYMBOL_GPL(crypto_morus640_glue_init_ops); + +int cryptd_morus640_glue_setkey(struct crypto_aead *aead, const u8 *key, + unsigned int keylen) +{ + struct cryptd_aead **ctx = crypto_aead_ctx(aead); + struct cryptd_aead *cryptd_tfm = *ctx; + + return crypto_aead_setkey(&cryptd_tfm->base, key, keylen); +} +EXPORT_SYMBOL_GPL(cryptd_morus640_glue_setkey); + +int cryptd_morus640_glue_setauthsize(struct crypto_aead *aead, + unsigned int authsize) +{ + struct cryptd_aead **ctx = crypto_aead_ctx(aead); + struct cryptd_aead *cryptd_tfm = *ctx; + + return crypto_aead_setauthsize(&cryptd_tfm->base, authsize); +} +EXPORT_SYMBOL_GPL(cryptd_morus640_glue_setauthsize); + +int cryptd_morus640_glue_encrypt(struct aead_request *req) +{ + struct crypto_aead *aead = crypto_aead_reqtfm(req); + struct cryptd_aead **ctx = crypto_aead_ctx(aead); + struct cryptd_aead *cryptd_tfm = *ctx; + + aead = &cryptd_tfm->base; + if (irq_fpu_usable() && (!in_atomic() || + !cryptd_aead_queued(cryptd_tfm))) + aead = cryptd_aead_child(cryptd_tfm); + + aead_request_set_tfm(req, aead); + + return crypto_aead_encrypt(req); +} +EXPORT_SYMBOL_GPL(cryptd_morus640_glue_encrypt); + +int cryptd_morus640_glue_decrypt(struct aead_request *req) +{ + struct crypto_aead *aead = crypto_aead_reqtfm(req); + struct cryptd_aead **ctx = crypto_aead_ctx(aead); + struct cryptd_aead *cryptd_tfm = *ctx; + + aead = &cryptd_tfm->base; + if (irq_fpu_usable() && (!in_atomic() || + !cryptd_aead_queued(cryptd_tfm))) + aead = cryptd_aead_child(cryptd_tfm); + + aead_request_set_tfm(req, aead); + + return crypto_aead_decrypt(req); +} +EXPORT_SYMBOL_GPL(cryptd_morus640_glue_decrypt); + +int cryptd_morus640_glue_init_tfm(struct crypto_aead *aead) +{ + struct cryptd_aead *cryptd_tfm; + struct cryptd_aead **ctx = crypto_aead_ctx(aead); + const char *name = crypto_aead_alg(aead)->base.cra_driver_name; + char internal_name[CRYPTO_MAX_ALG_NAME]; + + if (snprintf(internal_name, CRYPTO_MAX_ALG_NAME, "__%s", name) + >= CRYPTO_MAX_ALG_NAME) + return -ENAMETOOLONG; + + cryptd_tfm = cryptd_alloc_aead(internal_name, CRYPTO_ALG_INTERNAL, + CRYPTO_ALG_INTERNAL); + if (IS_ERR(cryptd_tfm)) + return PTR_ERR(cryptd_tfm); + + *ctx = cryptd_tfm; + crypto_aead_set_reqsize(aead, crypto_aead_reqsize(&cryptd_tfm->base)); + return 0; +} +EXPORT_SYMBOL_GPL(cryptd_morus640_glue_init_tfm); + +void cryptd_morus640_glue_exit_tfm(struct crypto_aead *aead) +{ + struct cryptd_aead **ctx = crypto_aead_ctx(aead); + + cryptd_free_aead(*ctx); +} +EXPORT_SYMBOL_GPL(cryptd_morus640_glue_exit_tfm); + +MODULE_LICENSE("GPL"); +MODULE_AUTHOR("Ondrej Mosnacek <omosnacek@gmail.com>"); +MODULE_DESCRIPTION("MORUS-640 AEAD mode -- glue for x86 optimizations"); diff --git a/arch/x86/crypto/salsa20-i586-asm_32.S b/arch/x86/crypto/salsa20-i586-asm_32.S deleted file mode 100644 index 6014b7b9e52a..000000000000 --- a/arch/x86/crypto/salsa20-i586-asm_32.S +++ /dev/null @@ -1,938 +0,0 @@ -# Derived from: -# salsa20_pm.s version 20051229 -# D. J. Bernstein -# Public domain. - -#include <linux/linkage.h> - -.text - -# enter salsa20_encrypt_bytes -ENTRY(salsa20_encrypt_bytes) - mov %esp,%eax - and $31,%eax - add $256,%eax - sub %eax,%esp - # eax_stack = eax - movl %eax,80(%esp) - # ebx_stack = ebx - movl %ebx,84(%esp) - # esi_stack = esi - movl %esi,88(%esp) - # edi_stack = edi - movl %edi,92(%esp) - # ebp_stack = ebp - movl %ebp,96(%esp) - # x = arg1 - movl 4(%esp,%eax),%edx - # m = arg2 - movl 8(%esp,%eax),%esi - # out = arg3 - movl 12(%esp,%eax),%edi - # bytes = arg4 - movl 16(%esp,%eax),%ebx - # bytes -= 0 - sub $0,%ebx - # goto done if unsigned<= - jbe ._done -._start: - # in0 = *(uint32 *) (x + 0) - movl 0(%edx),%eax - # in1 = *(uint32 *) (x + 4) - movl 4(%edx),%ecx - # in2 = *(uint32 *) (x + 8) - movl 8(%edx),%ebp - # j0 = in0 - movl %eax,164(%esp) - # in3 = *(uint32 *) (x + 12) - movl 12(%edx),%eax - # j1 = in1 - movl %ecx,168(%esp) - # in4 = *(uint32 *) (x + 16) - movl 16(%edx),%ecx - # j2 = in2 - movl %ebp,172(%esp) - # in5 = *(uint32 *) (x + 20) - movl 20(%edx),%ebp - # j3 = in3 - movl %eax,176(%esp) - # in6 = *(uint32 *) (x + 24) - movl 24(%edx),%eax - # j4 = in4 - movl %ecx,180(%esp) - # in7 = *(uint32 *) (x + 28) - movl 28(%edx),%ecx - # j5 = in5 - movl %ebp,184(%esp) - # in8 = *(uint32 *) (x + 32) - movl 32(%edx),%ebp - # j6 = in6 - movl %eax,188(%esp) - # in9 = *(uint32 *) (x + 36) - movl 36(%edx),%eax - # j7 = in7 - movl %ecx,192(%esp) - # in10 = *(uint32 *) (x + 40) - movl 40(%edx),%ecx - # j8 = in8 - movl %ebp,196(%esp) - # in11 = *(uint32 *) (x + 44) - movl 44(%edx),%ebp - # j9 = in9 - movl %eax,200(%esp) - # in12 = *(uint32 *) (x + 48) - movl 48(%edx),%eax - # j10 = in10 - movl %ecx,204(%esp) - # in13 = *(uint32 *) (x + 52) - movl 52(%edx),%ecx - # j11 = in11 - movl %ebp,208(%esp) - # in14 = *(uint32 *) (x + 56) - movl 56(%edx),%ebp - # j12 = in12 - movl %eax,212(%esp) - # in15 = *(uint32 *) (x + 60) - movl 60(%edx),%eax - # j13 = in13 - movl %ecx,216(%esp) - # j14 = in14 - movl %ebp,220(%esp) - # j15 = in15 - movl %eax,224(%esp) - # x_backup = x - movl %edx,64(%esp) -._bytesatleast1: - # bytes - 64 - cmp $64,%ebx - # goto nocopy if unsigned>= - jae ._nocopy - # ctarget = out - movl %edi,228(%esp) - # out = &tmp - leal 0(%esp),%edi - # i = bytes - mov %ebx,%ecx - # while (i) { *out++ = *m++; --i } - rep movsb - # out = &tmp - leal 0(%esp),%edi - # m = &tmp - leal 0(%esp),%esi -._nocopy: - # out_backup = out - movl %edi,72(%esp) - # m_backup = m - movl %esi,68(%esp) - # bytes_backup = bytes - movl %ebx,76(%esp) - # in0 = j0 - movl 164(%esp),%eax - # in1 = j1 - movl 168(%esp),%ecx - # in2 = j2 - movl 172(%esp),%edx - # in3 = j3 - movl 176(%esp),%ebx - # x0 = in0 - movl %eax,100(%esp) - # x1 = in1 - movl %ecx,104(%esp) - # x2 = in2 - movl %edx,108(%esp) - # x3 = in3 - movl %ebx,112(%esp) - # in4 = j4 - movl 180(%esp),%eax - # in5 = j5 - movl 184(%esp),%ecx - # in6 = j6 - movl 188(%esp),%edx - # in7 = j7 - movl 192(%esp),%ebx - # x4 = in4 - movl %eax,116(%esp) - # x5 = in5 - movl %ecx,120(%esp) - # x6 = in6 - movl %edx,124(%esp) - # x7 = in7 - movl %ebx,128(%esp) - # in8 = j8 - movl 196(%esp),%eax - # in9 = j9 - movl 200(%esp),%ecx - # in10 = j10 - movl 204(%esp),%edx - # in11 = j11 - movl 208(%esp),%ebx - # x8 = in8 - movl %eax,132(%esp) - # x9 = in9 - movl %ecx,136(%esp) - # x10 = in10 - movl %edx,140(%esp) - # x11 = in11 - movl %ebx,144(%esp) - # in12 = j12 - movl 212(%esp),%eax - # in13 = j13 - movl 216(%esp),%ecx - # in14 = j14 - movl 220(%esp),%edx - # in15 = j15 - movl 224(%esp),%ebx - # x12 = in12 - movl %eax,148(%esp) - # x13 = in13 - movl %ecx,152(%esp) - # x14 = in14 - movl %edx,156(%esp) - # x15 = in15 - movl %ebx,160(%esp) - # i = 20 - mov $20,%ebp - # p = x0 - movl 100(%esp),%eax - # s = x5 - movl 120(%esp),%ecx - # t = x10 - movl 140(%esp),%edx - # w = x15 - movl 160(%esp),%ebx -._mainloop: - # x0 = p - movl %eax,100(%esp) - # x10 = t - movl %edx,140(%esp) - # p += x12 - addl 148(%esp),%eax - # x5 = s - movl %ecx,120(%esp) - # t += x6 - addl 124(%esp),%edx - # x15 = w - movl %ebx,160(%esp) - # r = x1 - movl 104(%esp),%esi - # r += s - add %ecx,%esi - # v = x11 - movl 144(%esp),%edi - # v += w - add %ebx,%edi - # p <<<= 7 - rol $7,%eax - # p ^= x4 - xorl 116(%esp),%eax - # t <<<= 7 - rol $7,%edx - # t ^= x14 - xorl 156(%esp),%edx - # r <<<= 7 - rol $7,%esi - # r ^= x9 - xorl 136(%esp),%esi - # v <<<= 7 - rol $7,%edi - # v ^= x3 - xorl 112(%esp),%edi - # x4 = p - movl %eax,116(%esp) - # x14 = t - movl %edx,156(%esp) - # p += x0 - addl 100(%esp),%eax - # x9 = r - movl %esi,136(%esp) - # t += x10 - addl 140(%esp),%edx - # x3 = v - movl %edi,112(%esp) - # p <<<= 9 - rol $9,%eax - # p ^= x8 - xorl 132(%esp),%eax - # t <<<= 9 - rol $9,%edx - # t ^= x2 - xorl 108(%esp),%edx - # s += r - add %esi,%ecx - # s <<<= 9 - rol $9,%ecx - # s ^= x13 - xorl 152(%esp),%ecx - # w += v - add %edi,%ebx - # w <<<= 9 - rol $9,%ebx - # w ^= x7 - xorl 128(%esp),%ebx - # x8 = p - movl %eax,132(%esp) - # x2 = t - movl %edx,108(%esp) - # p += x4 - addl 116(%esp),%eax - # x13 = s - movl %ecx,152(%esp) - # t += x14 - addl 156(%esp),%edx - # x7 = w - movl %ebx,128(%esp) - # p <<<= 13 - rol $13,%eax - # p ^= x12 - xorl 148(%esp),%eax - # t <<<= 13 - rol $13,%edx - # t ^= x6 - xorl 124(%esp),%edx - # r += s - add %ecx,%esi - # r <<<= 13 - rol $13,%esi - # r ^= x1 - xorl 104(%esp),%esi - # v += w - add %ebx,%edi - # v <<<= 13 - rol $13,%edi - # v ^= x11 - xorl 144(%esp),%edi - # x12 = p - movl %eax,148(%esp) - # x6 = t - movl %edx,124(%esp) - # p += x8 - addl 132(%esp),%eax - # x1 = r - movl %esi,104(%esp) - # t += x2 - addl 108(%esp),%edx - # x11 = v - movl %edi,144(%esp) - # p <<<= 18 - rol $18,%eax - # p ^= x0 - xorl 100(%esp),%eax - # t <<<= 18 - rol $18,%edx - # t ^= x10 - xorl 140(%esp),%edx - # s += r - add %esi,%ecx - # s <<<= 18 - rol $18,%ecx - # s ^= x5 - xorl 120(%esp),%ecx - # w += v - add %edi,%ebx - # w <<<= 18 - rol $18,%ebx - # w ^= x15 - xorl 160(%esp),%ebx - # x0 = p - movl %eax,100(%esp) - # x10 = t - movl %edx,140(%esp) - # p += x3 - addl 112(%esp),%eax - # p <<<= 7 - rol $7,%eax - # x5 = s - movl %ecx,120(%esp) - # t += x9 - addl 136(%esp),%edx - # x15 = w - movl %ebx,160(%esp) - # r = x4 - movl 116(%esp),%esi - # r += s - add %ecx,%esi - # v = x14 - movl 156(%esp),%edi - # v += w - add %ebx,%edi - # p ^= x1 - xorl 104(%esp),%eax - # t <<<= 7 - rol $7,%edx - # t ^= x11 - xorl 144(%esp),%edx - # r <<<= 7 - rol $7,%esi - # r ^= x6 - xorl 124(%esp),%esi - # v <<<= 7 - rol $7,%edi - # v ^= x12 - xorl 148(%esp),%edi - # x1 = p - movl %eax,104(%esp) - # x11 = t - movl %edx,144(%esp) - # p += x0 - addl 100(%esp),%eax - # x6 = r - movl %esi,124(%esp) - # t += x10 - addl 140(%esp),%edx - # x12 = v - movl %edi,148(%esp) - # p <<<= 9 - rol $9,%eax - # p ^= x2 - xorl 108(%esp),%eax - # t <<<= 9 - rol $9,%edx - # t ^= x8 - xorl 132(%esp),%edx - # s += r - add %esi,%ecx - # s <<<= 9 - rol $9,%ecx - # s ^= x7 - xorl 128(%esp),%ecx - # w += v - add %edi,%ebx - # w <<<= 9 - rol $9,%ebx - # w ^= x13 - xorl 152(%esp),%ebx - # x2 = p - movl %eax,108(%esp) - # x8 = t - movl %edx,132(%esp) - # p += x1 - addl 104(%esp),%eax - # x7 = s - movl %ecx,128(%esp) - # t += x11 - addl 144(%esp),%edx - # x13 = w - movl %ebx,152(%esp) - # p <<<= 13 - rol $13,%eax - # p ^= x3 - xorl 112(%esp),%eax - # t <<<= 13 - rol $13,%edx - # t ^= x9 - xorl 136(%esp),%edx - # r += s - add %ecx,%esi - # r <<<= 13 - rol $13,%esi - # r ^= x4 - xorl 116(%esp),%esi - # v += w - add %ebx,%edi - # v <<<= 13 - rol $13,%edi - # v ^= x14 - xorl 156(%esp),%edi - # x3 = p - movl %eax,112(%esp) - # x9 = t - movl %edx,136(%esp) - # p += x2 - addl 108(%esp),%eax - # x4 = r - movl %esi,116(%esp) - # t += x8 - addl 132(%esp),%edx - # x14 = v - movl %edi,156(%esp) - # p <<<= 18 - rol $18,%eax - # p ^= x0 - xorl 100(%esp),%eax - # t <<<= 18 - rol $18,%edx - # t ^= x10 - xorl 140(%esp),%edx - # s += r - add %esi,%ecx - # s <<<= 18 - rol $18,%ecx - # s ^= x5 - xorl 120(%esp),%ecx - # w += v - add %edi,%ebx - # w <<<= 18 - rol $18,%ebx - # w ^= x15 - xorl 160(%esp),%ebx - # x0 = p - movl %eax,100(%esp) - # x10 = t - movl %edx,140(%esp) - # p += x12 - addl 148(%esp),%eax - # x5 = s - movl %ecx,120(%esp) - # t += x6 - addl 124(%esp),%edx - # x15 = w - movl %ebx,160(%esp) - # r = x1 - movl 104(%esp),%esi - # r += s - add %ecx,%esi - # v = x11 - movl 144(%esp),%edi - # v += w - add %ebx,%edi - # p <<<= 7 - rol $7,%eax - # p ^= x4 - xorl 116(%esp),%eax - # t <<<= 7 - rol $7,%edx - # t ^= x14 - xorl 156(%esp),%edx - # r <<<= 7 - rol $7,%esi - # r ^= x9 - xorl 136(%esp),%esi - # v <<<= 7 - rol $7,%edi - # v ^= x3 - xorl 112(%esp),%edi - # x4 = p - movl %eax,116(%esp) - # x14 = t - movl %edx,156(%esp) - # p += x0 - addl 100(%esp),%eax - # x9 = r - movl %esi,136(%esp) - # t += x10 - addl 140(%esp),%edx - # x3 = v - movl %edi,112(%esp) - # p <<<= 9 - rol $9,%eax - # p ^= x8 - xorl 132(%esp),%eax - # t <<<= 9 - rol $9,%edx - # t ^= x2 - xorl 108(%esp),%edx - # s += r - add %esi,%ecx - # s <<<= 9 - rol $9,%ecx - # s ^= x13 - xorl 152(%esp),%ecx - # w += v - add %edi,%ebx - # w <<<= 9 - rol $9,%ebx - # w ^= x7 - xorl 128(%esp),%ebx - # x8 = p - movl %eax,132(%esp) - # x2 = t - movl %edx,108(%esp) - # p += x4 - addl 116(%esp),%eax - # x13 = s - movl %ecx,152(%esp) - # t += x14 - addl 156(%esp),%edx - # x7 = w - movl %ebx,128(%esp) - # p <<<= 13 - rol $13,%eax - # p ^= x12 - xorl 148(%esp),%eax - # t <<<= 13 - rol $13,%edx - # t ^= x6 - xorl 124(%esp),%edx - # r += s - add %ecx,%esi - # r <<<= 13 - rol $13,%esi - # r ^= x1 - xorl 104(%esp),%esi - # v += w - add %ebx,%edi - # v <<<= 13 - rol $13,%edi - # v ^= x11 - xorl 144(%esp),%edi - # x12 = p - movl %eax,148(%esp) - # x6 = t - movl %edx,124(%esp) - # p += x8 - addl 132(%esp),%eax - # x1 = r - movl %esi,104(%esp) - # t += x2 - addl 108(%esp),%edx - # x11 = v - movl %edi,144(%esp) - # p <<<= 18 - rol $18,%eax - # p ^= x0 - xorl 100(%esp),%eax - # t <<<= 18 - rol $18,%edx - # t ^= x10 - xorl 140(%esp),%edx - # s += r - add %esi,%ecx - # s <<<= 18 - rol $18,%ecx - # s ^= x5 - xorl 120(%esp),%ecx - # w += v - add %edi,%ebx - # w <<<= 18 - rol $18,%ebx - # w ^= x15 - xorl 160(%esp),%ebx - # x0 = p - movl %eax,100(%esp) - # x10 = t - movl %edx,140(%esp) - # p += x3 - addl 112(%esp),%eax - # p <<<= 7 - rol $7,%eax - # x5 = s - movl %ecx,120(%esp) - # t += x9 - addl 136(%esp),%edx - # x15 = w - movl %ebx,160(%esp) - # r = x4 - movl 116(%esp),%esi - # r += s - add %ecx,%esi - # v = x14 - movl 156(%esp),%edi - # v += w - add %ebx,%edi - # p ^= x1 - xorl 104(%esp),%eax - # t <<<= 7 - rol $7,%edx - # t ^= x11 - xorl 144(%esp),%edx - # r <<<= 7 - rol $7,%esi - # r ^= x6 - xorl 124(%esp),%esi - # v <<<= 7 - rol $7,%edi - # v ^= x12 - xorl 148(%esp),%edi - # x1 = p - movl %eax,104(%esp) - # x11 = t - movl %edx,144(%esp) - # p += x0 - addl 100(%esp),%eax - # x6 = r - movl %esi,124(%esp) - # t += x10 - addl 140(%esp),%edx - # x12 = v - movl %edi,148(%esp) - # p <<<= 9 - rol $9,%eax - # p ^= x2 - xorl 108(%esp),%eax - # t <<<= 9 - rol $9,%edx - # t ^= x8 - xorl 132(%esp),%edx - # s += r - add %esi,%ecx - # s <<<= 9 - rol $9,%ecx - # s ^= x7 - xorl 128(%esp),%ecx - # w += v - add %edi,%ebx - # w <<<= 9 - rol $9,%ebx - # w ^= x13 - xorl 152(%esp),%ebx - # x2 = p - movl %eax,108(%esp) - # x8 = t - movl %edx,132(%esp) - # p += x1 - addl 104(%esp),%eax - # x7 = s - movl %ecx,128(%esp) - # t += x11 - addl 144(%esp),%edx - # x13 = w - movl %ebx,152(%esp) - # p <<<= 13 - rol $13,%eax - # p ^= x3 - xorl 112(%esp),%eax - # t <<<= 13 - rol $13,%edx - # t ^= x9 - xorl 136(%esp),%edx - # r += s - add %ecx,%esi - # r <<<= 13 - rol $13,%esi - # r ^= x4 - xorl 116(%esp),%esi - # v += w - add %ebx,%edi - # v <<<= 13 - rol $13,%edi - # v ^= x14 - xorl 156(%esp),%edi - # x3 = p - movl %eax,112(%esp) - # x9 = t - movl %edx,136(%esp) - # p += x2 - addl 108(%esp),%eax - # x4 = r - movl %esi,116(%esp) - # t += x8 - addl 132(%esp),%edx - # x14 = v - movl %edi,156(%esp) - # p <<<= 18 - rol $18,%eax - # p ^= x0 - xorl 100(%esp),%eax - # t <<<= 18 - rol $18,%edx - # t ^= x10 - xorl 140(%esp),%edx - # s += r - add %esi,%ecx - # s <<<= 18 - rol $18,%ecx - # s ^= x5 - xorl 120(%esp),%ecx - # w += v - add %edi,%ebx - # w <<<= 18 - rol $18,%ebx - # w ^= x15 - xorl 160(%esp),%ebx - # i -= 4 - sub $4,%ebp - # goto mainloop if unsigned > - ja ._mainloop - # x0 = p - movl %eax,100(%esp) - # x5 = s - movl %ecx,120(%esp) - # x10 = t - movl %edx,140(%esp) - # x15 = w - movl %ebx,160(%esp) - # out = out_backup - movl 72(%esp),%edi - # m = m_backup - movl 68(%esp),%esi - # in0 = x0 - movl 100(%esp),%eax - # in1 = x1 - movl 104(%esp),%ecx - # in0 += j0 - addl 164(%esp),%eax - # in1 += j1 - addl 168(%esp),%ecx - # in0 ^= *(uint32 *) (m + 0) - xorl 0(%esi),%eax - # in1 ^= *(uint32 *) (m + 4) - xorl 4(%esi),%ecx - # *(uint32 *) (out + 0) = in0 - movl %eax,0(%edi) - # *(uint32 *) (out + 4) = in1 - movl %ecx,4(%edi) - # in2 = x2 - movl 108(%esp),%eax - # in3 = x3 - movl 112(%esp),%ecx - # in2 += j2 - addl 172(%esp),%eax - # in3 += j3 - addl 176(%esp),%ecx - # in2 ^= *(uint32 *) (m + 8) - xorl 8(%esi),%eax - # in3 ^= *(uint32 *) (m + 12) - xorl 12(%esi),%ecx - # *(uint32 *) (out + 8) = in2 - movl %eax,8(%edi) - # *(uint32 *) (out + 12) = in3 - movl %ecx,12(%edi) - # in4 = x4 - movl 116(%esp),%eax - # in5 = x5 - movl 120(%esp),%ecx - # in4 += j4 - addl 180(%esp),%eax - # in5 += j5 - addl 184(%esp),%ecx - # in4 ^= *(uint32 *) (m + 16) - xorl 16(%esi),%eax - # in5 ^= *(uint32 *) (m + 20) - xorl 20(%esi),%ecx - # *(uint32 *) (out + 16) = in4 - movl %eax,16(%edi) - # *(uint32 *) (out + 20) = in5 - movl %ecx,20(%edi) - # in6 = x6 - movl 124(%esp),%eax - # in7 = x7 - movl 128(%esp),%ecx - # in6 += j6 - addl 188(%esp),%eax - # in7 += j7 - addl 192(%esp),%ecx - # in6 ^= *(uint32 *) (m + 24) - xorl 24(%esi),%eax - # in7 ^= *(uint32 *) (m + 28) - xorl 28(%esi),%ecx - # *(uint32 *) (out + 24) = in6 - movl %eax,24(%edi) - # *(uint32 *) (out + 28) = in7 - movl %ecx,28(%edi) - # in8 = x8 - movl 132(%esp),%eax - # in9 = x9 - movl 136(%esp),%ecx - # in8 += j8 - addl 196(%esp),%eax - # in9 += j9 - addl 200(%esp),%ecx - # in8 ^= *(uint32 *) (m + 32) - xorl 32(%esi),%eax - # in9 ^= *(uint32 *) (m + 36) - xorl 36(%esi),%ecx - # *(uint32 *) (out + 32) = in8 - movl %eax,32(%edi) - # *(uint32 *) (out + 36) = in9 - movl %ecx,36(%edi) - # in10 = x10 - movl 140(%esp),%eax - # in11 = x11 - movl 144(%esp),%ecx - # in10 += j10 - addl 204(%esp),%eax - # in11 += j11 - addl 208(%esp),%ecx - # in10 ^= *(uint32 *) (m + 40) - xorl 40(%esi),%eax - # in11 ^= *(uint32 *) (m + 44) - xorl 44(%esi),%ecx - # *(uint32 *) (out + 40) = in10 - movl %eax,40(%edi) - # *(uint32 *) (out + 44) = in11 - movl %ecx,44(%edi) - # in12 = x12 - movl 148(%esp),%eax - # in13 = x13 - movl 152(%esp),%ecx - # in12 += j12 - addl 212(%esp),%eax - # in13 += j13 - addl 216(%esp),%ecx - # in12 ^= *(uint32 *) (m + 48) - xorl 48(%esi),%eax - # in13 ^= *(uint32 *) (m + 52) - xorl 52(%esi),%ecx - # *(uint32 *) (out + 48) = in12 - movl %eax,48(%edi) - # *(uint32 *) (out + 52) = in13 - movl %ecx,52(%edi) - # in14 = x14 - movl 156(%esp),%eax - # in15 = x15 - movl 160(%esp),%ecx - # in14 += j14 - addl 220(%esp),%eax - # in15 += j15 - addl 224(%esp),%ecx - # in14 ^= *(uint32 *) (m + 56) - xorl 56(%esi),%eax - # in15 ^= *(uint32 *) (m + 60) - xorl 60(%esi),%ecx - # *(uint32 *) (out + 56) = in14 - movl %eax,56(%edi) - # *(uint32 *) (out + 60) = in15 - movl %ecx,60(%edi) - # bytes = bytes_backup - movl 76(%esp),%ebx - # in8 = j8 - movl 196(%esp),%eax - # in9 = j9 - movl 200(%esp),%ecx - # in8 += 1 - add $1,%eax - # in9 += 0 + carry - adc $0,%ecx - # j8 = in8 - movl %eax,196(%esp) - # j9 = in9 - movl %ecx,200(%esp) - # bytes - 64 - cmp $64,%ebx - # goto bytesatleast65 if unsigned> - ja ._bytesatleast65 - # goto bytesatleast64 if unsigned>= - jae ._bytesatleast64 - # m = out - mov %edi,%esi - # out = ctarget - movl 228(%esp),%edi - # i = bytes - mov %ebx,%ecx - # while (i) { *out++ = *m++; --i } - rep movsb -._bytesatleast64: - # x = x_backup - movl 64(%esp),%eax - # in8 = j8 - movl 196(%esp),%ecx - # in9 = j9 - movl 200(%esp),%edx - # *(uint32 *) (x + 32) = in8 - movl %ecx,32(%eax) - # *(uint32 *) (x + 36) = in9 - movl %edx,36(%eax) -._done: - # eax = eax_stack - movl 80(%esp),%eax - # ebx = ebx_stack - movl 84(%esp),%ebx - # esi = esi_stack - movl 88(%esp),%esi - # edi = edi_stack - movl 92(%esp),%edi - # ebp = ebp_stack - movl 96(%esp),%ebp - # leave - add %eax,%esp - ret -._bytesatleast65: - # bytes -= 64 - sub $64,%ebx - # out += 64 - add $64,%edi - # m += 64 - add $64,%esi - # goto bytesatleast1 - jmp ._bytesatleast1 -ENDPROC(salsa20_encrypt_bytes) diff --git a/arch/x86/crypto/salsa20-x86_64-asm_64.S b/arch/x86/crypto/salsa20-x86_64-asm_64.S deleted file mode 100644 index 03a4918f41ee..000000000000 --- a/arch/x86/crypto/salsa20-x86_64-asm_64.S +++ /dev/null @@ -1,805 +0,0 @@ -/* SPDX-License-Identifier: GPL-2.0 */ -#include <linux/linkage.h> - -# enter salsa20_encrypt_bytes -ENTRY(salsa20_encrypt_bytes) - mov %rsp,%r11 - and $31,%r11 - add $256,%r11 - sub %r11,%rsp - # x = arg1 - mov %rdi,%r8 - # m = arg2 - mov %rsi,%rsi - # out = arg3 - mov %rdx,%rdi - # bytes = arg4 - mov %rcx,%rdx - # unsigned>? bytes - 0 - cmp $0,%rdx - # comment:fp stack unchanged by jump - # goto done if !unsigned> - jbe ._done - # comment:fp stack unchanged by fallthrough -# start: -._start: - # r11_stack = r11 - movq %r11,0(%rsp) - # r12_stack = r12 - movq %r12,8(%rsp) - # r13_stack = r13 - movq %r13,16(%rsp) - # r14_stack = r14 - movq %r14,24(%rsp) - # r15_stack = r15 - movq %r15,32(%rsp) - # rbx_stack = rbx - movq %rbx,40(%rsp) - # rbp_stack = rbp - movq %rbp,48(%rsp) - # in0 = *(uint64 *) (x + 0) - movq 0(%r8),%rcx - # in2 = *(uint64 *) (x + 8) - movq 8(%r8),%r9 - # in4 = *(uint64 *) (x + 16) - movq 16(%r8),%rax - # in6 = *(uint64 *) (x + 24) - movq 24(%r8),%r10 - # in8 = *(uint64 *) (x + 32) - movq 32(%r8),%r11 - # in10 = *(uint64 *) (x + 40) - movq 40(%r8),%r12 - # in12 = *(uint64 *) (x + 48) - movq 48(%r8),%r13 - # in14 = *(uint64 *) (x + 56) - movq 56(%r8),%r14 - # j0 = in0 - movq %rcx,56(%rsp) - # j2 = in2 - movq %r9,64(%rsp) - # j4 = in4 - movq %rax,72(%rsp) - # j6 = in6 - movq %r10,80(%rsp) - # j8 = in8 - movq %r11,88(%rsp) - # j10 = in10 - movq %r12,96(%rsp) - # j12 = in12 - movq %r13,104(%rsp) - # j14 = in14 - movq %r14,112(%rsp) - # x_backup = x - movq %r8,120(%rsp) -# bytesatleast1: -._bytesatleast1: - # unsigned<? bytes - 64 - cmp $64,%rdx - # comment:fp stack unchanged by jump - # goto nocopy if !unsigned< - jae ._nocopy - # ctarget = out - movq %rdi,128(%rsp) - # out = &tmp - leaq 192(%rsp),%rdi - # i = bytes - mov %rdx,%rcx - # while (i) { *out++ = *m++; --i } - rep movsb - # out = &tmp - leaq 192(%rsp),%rdi - # m = &tmp - leaq 192(%rsp),%rsi - # comment:fp stack unchanged by fallthrough -# nocopy: -._nocopy: - # out_backup = out - movq %rdi,136(%rsp) - # m_backup = m - movq %rsi,144(%rsp) - # bytes_backup = bytes - movq %rdx,152(%rsp) - # x1 = j0 - movq 56(%rsp),%rdi - # x0 = x1 - mov %rdi,%rdx - # (uint64) x1 >>= 32 - shr $32,%rdi - # x3 = j2 - movq 64(%rsp),%rsi - # x2 = x3 - mov %rsi,%rcx - # (uint64) x3 >>= 32 - shr $32,%rsi - # x5 = j4 - movq 72(%rsp),%r8 - # x4 = x5 - mov %r8,%r9 - # (uint64) x5 >>= 32 - shr $32,%r8 - # x5_stack = x5 - movq %r8,160(%rsp) - # x7 = j6 - movq 80(%rsp),%r8 - # x6 = x7 - mov %r8,%rax - # (uint64) x7 >>= 32 - shr $32,%r8 - # x9 = j8 - movq 88(%rsp),%r10 - # x8 = x9 - mov %r10,%r11 - # (uint64) x9 >>= 32 - shr $32,%r10 - # x11 = j10 - movq 96(%rsp),%r12 - # x10 = x11 - mov %r12,%r13 - # x10_stack = x10 - movq %r13,168(%rsp) - # (uint64) x11 >>= 32 - shr $32,%r12 - # x13 = j12 - movq 104(%rsp),%r13 - # x12 = x13 - mov %r13,%r14 - # (uint64) x13 >>= 32 - shr $32,%r13 - # x15 = j14 - movq 112(%rsp),%r15 - # x14 = x15 - mov %r15,%rbx - # (uint64) x15 >>= 32 - shr $32,%r15 - # x15_stack = x15 - movq %r15,176(%rsp) - # i = 20 - mov $20,%r15 -# mainloop: -._mainloop: - # i_backup = i - movq %r15,184(%rsp) - # x5 = x5_stack - movq 160(%rsp),%r15 - # a = x12 + x0 - lea (%r14,%rdx),%rbp - # (uint32) a <<<= 7 - rol $7,%ebp - # x4 ^= a - xor %rbp,%r9 - # b = x1 + x5 - lea (%rdi,%r15),%rbp - # (uint32) b <<<= 7 - rol $7,%ebp - # x9 ^= b - xor %rbp,%r10 - # a = x0 + x4 - lea (%rdx,%r9),%rbp - # (uint32) a <<<= 9 - rol $9,%ebp - # x8 ^= a - xor %rbp,%r11 - # b = x5 + x9 - lea (%r15,%r10),%rbp - # (uint32) b <<<= 9 - rol $9,%ebp - # x13 ^= b - xor %rbp,%r13 - # a = x4 + x8 - lea (%r9,%r11),%rbp - # (uint32) a <<<= 13 - rol $13,%ebp - # x12 ^= a - xor %rbp,%r14 - # b = x9 + x13 - lea (%r10,%r13),%rbp - # (uint32) b <<<= 13 - rol $13,%ebp - # x1 ^= b - xor %rbp,%rdi - # a = x8 + x12 - lea (%r11,%r14),%rbp - # (uint32) a <<<= 18 - rol $18,%ebp - # x0 ^= a - xor %rbp,%rdx - # b = x13 + x1 - lea (%r13,%rdi),%rbp - # (uint32) b <<<= 18 - rol $18,%ebp - # x5 ^= b - xor %rbp,%r15 - # x10 = x10_stack - movq 168(%rsp),%rbp - # x5_stack = x5 - movq %r15,160(%rsp) - # c = x6 + x10 - lea (%rax,%rbp),%r15 - # (uint32) c <<<= 7 - rol $7,%r15d - # x14 ^= c - xor %r15,%rbx - # c = x10 + x14 - lea (%rbp,%rbx),%r15 - # (uint32) c <<<= 9 - rol $9,%r15d - # x2 ^= c - xor %r15,%rcx - # c = x14 + x2 - lea (%rbx,%rcx),%r15 - # (uint32) c <<<= 13 - rol $13,%r15d - # x6 ^= c - xor %r15,%rax - # c = x2 + x6 - lea (%rcx,%rax),%r15 - # (uint32) c <<<= 18 - rol $18,%r15d - # x10 ^= c - xor %r15,%rbp - # x15 = x15_stack - movq 176(%rsp),%r15 - # x10_stack = x10 - movq %rbp,168(%rsp) - # d = x11 + x15 - lea (%r12,%r15),%rbp - # (uint32) d <<<= 7 - rol $7,%ebp - # x3 ^= d - xor %rbp,%rsi - # d = x15 + x3 - lea (%r15,%rsi),%rbp - # (uint32) d <<<= 9 - rol $9,%ebp - # x7 ^= d - xor %rbp,%r8 - # d = x3 + x7 - lea (%rsi,%r8),%rbp - # (uint32) d <<<= 13 - rol $13,%ebp - # x11 ^= d - xor %rbp,%r12 - # d = x7 + x11 - lea (%r8,%r12),%rbp - # (uint32) d <<<= 18 - rol $18,%ebp - # x15 ^= d - xor %rbp,%r15 - # x15_stack = x15 - movq %r15,176(%rsp) - # x5 = x5_stack - movq 160(%rsp),%r15 - # a = x3 + x0 - lea (%rsi,%rdx),%rbp - # (uint32) a <<<= 7 - rol $7,%ebp - # x1 ^= a - xor %rbp,%rdi - # b = x4 + x5 - lea (%r9,%r15),%rbp - # (uint32) b <<<= 7 - rol $7,%ebp - # x6 ^= b - xor %rbp,%rax - # a = x0 + x1 - lea (%rdx,%rdi),%rbp - # (uint32) a <<<= 9 - rol $9,%ebp - # x2 ^= a - xor %rbp,%rcx - # b = x5 + x6 - lea (%r15,%rax),%rbp - # (uint32) b <<<= 9 - rol $9,%ebp - # x7 ^= b - xor %rbp,%r8 - # a = x1 + x2 - lea (%rdi,%rcx),%rbp - # (uint32) a <<<= 13 - rol $13,%ebp - # x3 ^= a - xor %rbp,%rsi - # b = x6 + x7 - lea (%rax,%r8),%rbp - # (uint32) b <<<= 13 - rol $13,%ebp - # x4 ^= b - xor %rbp,%r9 - # a = x2 + x3 - lea (%rcx,%rsi),%rbp - # (uint32) a <<<= 18 - rol $18,%ebp - # x0 ^= a - xor %rbp,%rdx - # b = x7 + x4 - lea (%r8,%r9),%rbp - # (uint32) b <<<= 18 - rol $18,%ebp - # x5 ^= b - xor %rbp,%r15 - # x10 = x10_stack - movq 168(%rsp),%rbp - # x5_stack = x5 - movq %r15,160(%rsp) - # c = x9 + x10 - lea (%r10,%rbp),%r15 - # (uint32) c <<<= 7 - rol $7,%r15d - # x11 ^= c - xor %r15,%r12 - # c = x10 + x11 - lea (%rbp,%r12),%r15 - # (uint32) c <<<= 9 - rol $9,%r15d - # x8 ^= c - xor %r15,%r11 - # c = x11 + x8 - lea (%r12,%r11),%r15 - # (uint32) c <<<= 13 - rol $13,%r15d - # x9 ^= c - xor %r15,%r10 - # c = x8 + x9 - lea (%r11,%r10),%r15 - # (uint32) c <<<= 18 - rol $18,%r15d - # x10 ^= c - xor %r15,%rbp - # x15 = x15_stack - movq 176(%rsp),%r15 - # x10_stack = x10 - movq %rbp,168(%rsp) - # d = x14 + x15 - lea (%rbx,%r15),%rbp - # (uint32) d <<<= 7 - rol $7,%ebp - # x12 ^= d - xor %rbp,%r14 - # d = x15 + x12 - lea (%r15,%r14),%rbp - # (uint32) d <<<= 9 - rol $9,%ebp - # x13 ^= d - xor %rbp,%r13 - # d = x12 + x13 - lea (%r14,%r13),%rbp - # (uint32) d <<<= 13 - rol $13,%ebp - # x14 ^= d - xor %rbp,%rbx - # d = x13 + x14 - lea (%r13,%rbx),%rbp - # (uint32) d <<<= 18 - rol $18,%ebp - # x15 ^= d - xor %rbp,%r15 - # x15_stack = x15 - movq %r15,176(%rsp) - # x5 = x5_stack - movq 160(%rsp),%r15 - # a = x12 + x0 - lea (%r14,%rdx),%rbp - # (uint32) a <<<= 7 - rol $7,%ebp - # x4 ^= a - xor %rbp,%r9 - # b = x1 + x5 - lea (%rdi,%r15),%rbp - # (uint32) b <<<= 7 - rol $7,%ebp - # x9 ^= b - xor %rbp,%r10 - # a = x0 + x4 - lea (%rdx,%r9),%rbp - # (uint32) a <<<= 9 - rol $9,%ebp - # x8 ^= a - xor %rbp,%r11 - # b = x5 + x9 - lea (%r15,%r10),%rbp - # (uint32) b <<<= 9 - rol $9,%ebp - # x13 ^= b - xor %rbp,%r13 - # a = x4 + x8 - lea (%r9,%r11),%rbp - # (uint32) a <<<= 13 - rol $13,%ebp - # x12 ^= a - xor %rbp,%r14 - # b = x9 + x13 - lea (%r10,%r13),%rbp - # (uint32) b <<<= 13 - rol $13,%ebp - # x1 ^= b - xor %rbp,%rdi - # a = x8 + x12 - lea (%r11,%r14),%rbp - # (uint32) a <<<= 18 - rol $18,%ebp - # x0 ^= a - xor %rbp,%rdx - # b = x13 + x1 - lea (%r13,%rdi),%rbp - # (uint32) b <<<= 18 - rol $18,%ebp - # x5 ^= b - xor %rbp,%r15 - # x10 = x10_stack - movq 168(%rsp),%rbp - # x5_stack = x5 - movq %r15,160(%rsp) - # c = x6 + x10 - lea (%rax,%rbp),%r15 - # (uint32) c <<<= 7 - rol $7,%r15d - # x14 ^= c - xor %r15,%rbx - # c = x10 + x14 - lea (%rbp,%rbx),%r15 - # (uint32) c <<<= 9 - rol $9,%r15d - # x2 ^= c - xor %r15,%rcx - # c = x14 + x2 - lea (%rbx,%rcx),%r15 - # (uint32) c <<<= 13 - rol $13,%r15d - # x6 ^= c - xor %r15,%rax - # c = x2 + x6 - lea (%rcx,%rax),%r15 - # (uint32) c <<<= 18 - rol $18,%r15d - # x10 ^= c - xor %r15,%rbp - # x15 = x15_stack - movq 176(%rsp),%r15 - # x10_stack = x10 - movq %rbp,168(%rsp) - # d = x11 + x15 - lea (%r12,%r15),%rbp - # (uint32) d <<<= 7 - rol $7,%ebp - # x3 ^= d - xor %rbp,%rsi - # d = x15 + x3 - lea (%r15,%rsi),%rbp - # (uint32) d <<<= 9 - rol $9,%ebp - # x7 ^= d - xor %rbp,%r8 - # d = x3 + x7 - lea (%rsi,%r8),%rbp - # (uint32) d <<<= 13 - rol $13,%ebp - # x11 ^= d - xor %rbp,%r12 - # d = x7 + x11 - lea (%r8,%r12),%rbp - # (uint32) d <<<= 18 - rol $18,%ebp - # x15 ^= d - xor %rbp,%r15 - # x15_stack = x15 - movq %r15,176(%rsp) - # x5 = x5_stack - movq 160(%rsp),%r15 - # a = x3 + x0 - lea (%rsi,%rdx),%rbp - # (uint32) a <<<= 7 - rol $7,%ebp - # x1 ^= a - xor %rbp,%rdi - # b = x4 + x5 - lea (%r9,%r15),%rbp - # (uint32) b <<<= 7 - rol $7,%ebp - # x6 ^= b - xor %rbp,%rax - # a = x0 + x1 - lea (%rdx,%rdi),%rbp - # (uint32) a <<<= 9 - rol $9,%ebp - # x2 ^= a - xor %rbp,%rcx - # b = x5 + x6 - lea (%r15,%rax),%rbp - # (uint32) b <<<= 9 - rol $9,%ebp - # x7 ^= b - xor %rbp,%r8 - # a = x1 + x2 - lea (%rdi,%rcx),%rbp - # (uint32) a <<<= 13 - rol $13,%ebp - # x3 ^= a - xor %rbp,%rsi - # b = x6 + x7 - lea (%rax,%r8),%rbp - # (uint32) b <<<= 13 - rol $13,%ebp - # x4 ^= b - xor %rbp,%r9 - # a = x2 + x3 - lea (%rcx,%rsi),%rbp - # (uint32) a <<<= 18 - rol $18,%ebp - # x0 ^= a - xor %rbp,%rdx - # b = x7 + x4 - lea (%r8,%r9),%rbp - # (uint32) b <<<= 18 - rol $18,%ebp - # x5 ^= b - xor %rbp,%r15 - # x10 = x10_stack - movq 168(%rsp),%rbp - # x5_stack = x5 - movq %r15,160(%rsp) - # c = x9 + x10 - lea (%r10,%rbp),%r15 - # (uint32) c <<<= 7 - rol $7,%r15d - # x11 ^= c - xor %r15,%r12 - # c = x10 + x11 - lea (%rbp,%r12),%r15 - # (uint32) c <<<= 9 - rol $9,%r15d - # x8 ^= c - xor %r15,%r11 - # c = x11 + x8 - lea (%r12,%r11),%r15 - # (uint32) c <<<= 13 - rol $13,%r15d - # x9 ^= c - xor %r15,%r10 - # c = x8 + x9 - lea (%r11,%r10),%r15 - # (uint32) c <<<= 18 - rol $18,%r15d - # x10 ^= c - xor %r15,%rbp - # x15 = x15_stack - movq 176(%rsp),%r15 - # x10_stack = x10 - movq %rbp,168(%rsp) - # d = x14 + x15 - lea (%rbx,%r15),%rbp - # (uint32) d <<<= 7 - rol $7,%ebp - # x12 ^= d - xor %rbp,%r14 - # d = x15 + x12 - lea (%r15,%r14),%rbp - # (uint32) d <<<= 9 - rol $9,%ebp - # x13 ^= d - xor %rbp,%r13 - # d = x12 + x13 - lea (%r14,%r13),%rbp - # (uint32) d <<<= 13 - rol $13,%ebp - # x14 ^= d - xor %rbp,%rbx - # d = x13 + x14 - lea (%r13,%rbx),%rbp - # (uint32) d <<<= 18 - rol $18,%ebp - # x15 ^= d - xor %rbp,%r15 - # x15_stack = x15 - movq %r15,176(%rsp) - # i = i_backup - movq 184(%rsp),%r15 - # unsigned>? i -= 4 - sub $4,%r15 - # comment:fp stack unchanged by jump - # goto mainloop if unsigned> - ja ._mainloop - # (uint32) x2 += j2 - addl 64(%rsp),%ecx - # x3 <<= 32 - shl $32,%rsi - # x3 += j2 - addq 64(%rsp),%rsi - # (uint64) x3 >>= 32 - shr $32,%rsi - # x3 <<= 32 - shl $32,%rsi - # x2 += x3 - add %rsi,%rcx - # (uint32) x6 += j6 - addl 80(%rsp),%eax - # x7 <<= 32 - shl $32,%r8 - # x7 += j6 - addq 80(%rsp),%r8 - # (uint64) x7 >>= 32 - shr $32,%r8 - # x7 <<= 32 - shl $32,%r8 - # x6 += x7 - add %r8,%rax - # (uint32) x8 += j8 - addl 88(%rsp),%r11d - # x9 <<= 32 - shl $32,%r10 - # x9 += j8 - addq 88(%rsp),%r10 - # (uint64) x9 >>= 32 - shr $32,%r10 - # x9 <<= 32 - shl $32,%r10 - # x8 += x9 - add %r10,%r11 - # (uint32) x12 += j12 - addl 104(%rsp),%r14d - # x13 <<= 32 - shl $32,%r13 - # x13 += j12 - addq 104(%rsp),%r13 - # (uint64) x13 >>= 32 - shr $32,%r13 - # x13 <<= 32 - shl $32,%r13 - # x12 += x13 - add %r13,%r14 - # (uint32) x0 += j0 - addl 56(%rsp),%edx - # x1 <<= 32 - shl $32,%rdi - # x1 += j0 - addq 56(%rsp),%rdi - # (uint64) x1 >>= 32 - shr $32,%rdi - # x1 <<= 32 - shl $32,%rdi - # x0 += x1 - add %rdi,%rdx - # x5 = x5_stack - movq 160(%rsp),%rdi - # (uint32) x4 += j4 - addl 72(%rsp),%r9d - # x5 <<= 32 - shl $32,%rdi - # x5 += j4 - addq 72(%rsp),%rdi - # (uint64) x5 >>= 32 - shr $32,%rdi - # x5 <<= 32 - shl $32,%rdi - # x4 += x5 - add %rdi,%r9 - # x10 = x10_stack - movq 168(%rsp),%r8 - # (uint32) x10 += j10 - addl 96(%rsp),%r8d - # x11 <<= 32 - shl $32,%r12 - # x11 += j10 - addq 96(%rsp),%r12 - # (uint64) x11 >>= 32 - shr $32,%r12 - # x11 <<= 32 - shl $32,%r12 - # x10 += x11 - add %r12,%r8 - # x15 = x15_stack - movq 176(%rsp),%rdi - # (uint32) x14 += j14 - addl 112(%rsp),%ebx - # x15 <<= 32 - shl $32,%rdi - # x15 += j14 - addq 112(%rsp),%rdi - # (uint64) x15 >>= 32 - shr $32,%rdi - # x15 <<= 32 - shl $32,%rdi - # x14 += x15 - add %rdi,%rbx - # out = out_backup - movq 136(%rsp),%rdi - # m = m_backup - movq 144(%rsp),%rsi - # x0 ^= *(uint64 *) (m + 0) - xorq 0(%rsi),%rdx - # *(uint64 *) (out + 0) = x0 - movq %rdx,0(%rdi) - # x2 ^= *(uint64 *) (m + 8) - xorq 8(%rsi),%rcx - # *(uint64 *) (out + 8) = x2 - movq %rcx,8(%rdi) - # x4 ^= *(uint64 *) (m + 16) - xorq 16(%rsi),%r9 - # *(uint64 *) (out + 16) = x4 - movq %r9,16(%rdi) - # x6 ^= *(uint64 *) (m + 24) - xorq 24(%rsi),%rax - # *(uint64 *) (out + 24) = x6 - movq %rax,24(%rdi) - # x8 ^= *(uint64 *) (m + 32) - xorq 32(%rsi),%r11 - # *(uint64 *) (out + 32) = x8 - movq %r11,32(%rdi) - # x10 ^= *(uint64 *) (m + 40) - xorq 40(%rsi),%r8 - # *(uint64 *) (out + 40) = x10 - movq %r8,40(%rdi) - # x12 ^= *(uint64 *) (m + 48) - xorq 48(%rsi),%r14 - # *(uint64 *) (out + 48) = x12 - movq %r14,48(%rdi) - # x14 ^= *(uint64 *) (m + 56) - xorq 56(%rsi),%rbx - # *(uint64 *) (out + 56) = x14 - movq %rbx,56(%rdi) - # bytes = bytes_backup - movq 152(%rsp),%rdx - # in8 = j8 - movq 88(%rsp),%rcx - # in8 += 1 - add $1,%rcx - # j8 = in8 - movq %rcx,88(%rsp) - # unsigned>? unsigned<? bytes - 64 - cmp $64,%rdx - # comment:fp stack unchanged by jump - # goto bytesatleast65 if unsigned> - ja ._bytesatleast65 - # comment:fp stack unchanged by jump - # goto bytesatleast64 if !unsigned< - jae ._bytesatleast64 - # m = out - mov %rdi,%rsi - # out = ctarget - movq 128(%rsp),%rdi - # i = bytes - mov %rdx,%rcx - # while (i) { *out++ = *m++; --i } - rep movsb - # comment:fp stack unchanged by fallthrough -# bytesatleast64: -._bytesatleast64: - # x = x_backup - movq 120(%rsp),%rdi - # in8 = j8 - movq 88(%rsp),%rsi - # *(uint64 *) (x + 32) = in8 - movq %rsi,32(%rdi) - # r11 = r11_stack - movq 0(%rsp),%r11 - # r12 = r12_stack - movq 8(%rsp),%r12 - # r13 = r13_stack - movq 16(%rsp),%r13 - # r14 = r14_stack - movq 24(%rsp),%r14 - # r15 = r15_stack - movq 32(%rsp),%r15 - # rbx = rbx_stack - movq 40(%rsp),%rbx - # rbp = rbp_stack - movq 48(%rsp),%rbp - # comment:fp stack unchanged by fallthrough -# done: -._done: - # leave - add %r11,%rsp - mov %rdi,%rax - mov %rsi,%rdx - ret -# bytesatleast65: -._bytesatleast65: - # bytes -= 64 - sub $64,%rdx - # out += 64 - add $64,%rdi - # m += 64 - add $64,%rsi - # comment:fp stack unchanged by jump - # goto bytesatleast1 - jmp ._bytesatleast1 -ENDPROC(salsa20_encrypt_bytes) diff --git a/arch/x86/crypto/salsa20_glue.c b/arch/x86/crypto/salsa20_glue.c deleted file mode 100644 index b07d7d959806..000000000000 --- a/arch/x86/crypto/salsa20_glue.c +++ /dev/null @@ -1,91 +0,0 @@ -/* - * Glue code for optimized assembly version of Salsa20. - * - * Copyright (c) 2007 Tan Swee Heng <thesweeheng@gmail.com> - * - * The assembly codes are public domain assembly codes written by Daniel. J. - * Bernstein <djb@cr.yp.to>. The codes are modified to include indentation - * and to remove extraneous comments and functions that are not needed. - * - i586 version, renamed as salsa20-i586-asm_32.S - * available from <http://cr.yp.to/snuffle/salsa20/x86-pm/salsa20.s> - * - x86-64 version, renamed as salsa20-x86_64-asm_64.S - * available from <http://cr.yp.to/snuffle/salsa20/amd64-3/salsa20.s> - * - * Also modified to set up the initial state using the generic C code rather - * than in assembly. - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the Free - * Software Foundation; either version 2 of the License, or (at your option) - * any later version. - * - */ - -#include <asm/unaligned.h> -#include <crypto/internal/skcipher.h> -#include <crypto/salsa20.h> -#include <linux/module.h> - -asmlinkage void salsa20_encrypt_bytes(u32 state[16], const u8 *src, u8 *dst, - u32 bytes); - -static int salsa20_asm_crypt(struct skcipher_request *req) -{ - struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req); - const struct salsa20_ctx *ctx = crypto_skcipher_ctx(tfm); - struct skcipher_walk walk; - u32 state[16]; - int err; - - err = skcipher_walk_virt(&walk, req, true); - - crypto_salsa20_init(state, ctx, walk.iv); - - while (walk.nbytes > 0) { - unsigned int nbytes = walk.nbytes; - - if (nbytes < walk.total) - nbytes = round_down(nbytes, walk.stride); - - salsa20_encrypt_bytes(state, walk.src.virt.addr, - walk.dst.virt.addr, nbytes); - err = skcipher_walk_done(&walk, walk.nbytes - nbytes); - } - - return err; -} - -static struct skcipher_alg alg = { - .base.cra_name = "salsa20", - .base.cra_driver_name = "salsa20-asm", - .base.cra_priority = 200, - .base.cra_blocksize = 1, - .base.cra_ctxsize = sizeof(struct salsa20_ctx), - .base.cra_module = THIS_MODULE, - - .min_keysize = SALSA20_MIN_KEY_SIZE, - .max_keysize = SALSA20_MAX_KEY_SIZE, - .ivsize = SALSA20_IV_SIZE, - .chunksize = SALSA20_BLOCK_SIZE, - .setkey = crypto_salsa20_setkey, - .encrypt = salsa20_asm_crypt, - .decrypt = salsa20_asm_crypt, -}; - -static int __init init(void) -{ - return crypto_register_skcipher(&alg); -} - -static void __exit fini(void) -{ - crypto_unregister_skcipher(&alg); -} - -module_init(init); -module_exit(fini); - -MODULE_LICENSE("GPL"); -MODULE_DESCRIPTION ("Salsa20 stream cipher algorithm (optimized assembly version)"); -MODULE_ALIAS_CRYPTO("salsa20"); -MODULE_ALIAS_CRYPTO("salsa20-asm"); diff --git a/crypto/Kconfig b/crypto/Kconfig index 76e8c88c97b4..f3e40ac56d93 100644 --- a/crypto/Kconfig +++ b/crypto/Kconfig @@ -289,6 +289,107 @@ config CRYPTO_CHACHA20POLY1305 with the Poly1305 authenticator. It is defined in RFC7539 for use in IETF protocols. +config CRYPTO_AEGIS128 + tristate "AEGIS-128 AEAD algorithm" + select CRYPTO_AEAD + select CRYPTO_AES # for AES S-box tables + help + Support for the AEGIS-128 dedicated AEAD algorithm. + +config CRYPTO_AEGIS128L + tristate "AEGIS-128L AEAD algorithm" + select CRYPTO_AEAD + select CRYPTO_AES # for AES S-box tables + help + Support for the AEGIS-128L dedicated AEAD algorithm. + +config CRYPTO_AEGIS256 + tristate "AEGIS-256 AEAD algorithm" + select CRYPTO_AEAD + select CRYPTO_AES # for AES S-box tables + help + Support for the AEGIS-256 dedicated AEAD algorithm. + +config CRYPTO_AEGIS128_AESNI_SSE2 + tristate "AEGIS-128 AEAD algorithm (x86_64 AESNI+SSE2 implementation)" + depends on X86 && 64BIT + select CRYPTO_AEAD + select CRYPTO_CRYPTD + help + AESNI+SSE2 implementation of the AEGSI-128 dedicated AEAD algorithm. + +config CRYPTO_AEGIS128L_AESNI_SSE2 + tristate "AEGIS-128L AEAD algorithm (x86_64 AESNI+SSE2 implementation)" + depends on X86 && 64BIT + select CRYPTO_AEAD + select CRYPTO_CRYPTD + help + AESNI+SSE2 implementation of the AEGSI-128L dedicated AEAD algorithm. + +config CRYPTO_AEGIS256_AESNI_SSE2 + tristate "AEGIS-256 AEAD algorithm (x86_64 AESNI+SSE2 implementation)" + depends on X86 && 64BIT + select CRYPTO_AEAD + select CRYPTO_CRYPTD + help + AESNI+SSE2 implementation of the AEGSI-256 dedicated AEAD algorithm. + +config CRYPTO_MORUS640 + tristate "MORUS-640 AEAD algorithm" + select CRYPTO_AEAD + help + Support for the MORUS-640 dedicated AEAD algorithm. + +config CRYPTO_MORUS640_GLUE + tristate + depends on X86 + select CRYPTO_AEAD + select CRYPTO_CRYPTD + help + Common glue for SIMD optimizations of the MORUS-640 dedicated AEAD + algorithm. + +config CRYPTO_MORUS640_SSE2 + tristate "MORUS-640 AEAD algorithm (x86_64 SSE2 implementation)" + depends on X86 && 64BIT + select CRYPTO_AEAD + select CRYPTO_MORUS640_GLUE + help + SSE2 implementation of the MORUS-640 dedicated AEAD algorithm. + +config CRYPTO_MORUS1280 + tristate "MORUS-1280 AEAD algorithm" + select CRYPTO_AEAD + help + Support for the MORUS-1280 dedicated AEAD algorithm. + +config CRYPTO_MORUS1280_GLUE + tristate + depends on X86 + select CRYPTO_AEAD + select CRYPTO_CRYPTD + help + Common glue for SIMD optimizations of the MORUS-1280 dedicated AEAD + algorithm. + +config CRYPTO_MORUS1280_SSE2 + tristate "MORUS-1280 AEAD algorithm (x86_64 SSE2 implementation)" + depends on X86 && 64BIT + select CRYPTO_AEAD + select CRYPTO_MORUS1280_GLUE + help + SSE2 optimizedimplementation of the MORUS-1280 dedicated AEAD + algorithm. + +config CRYPTO_MORUS1280_AVX2 + tristate "MORUS-1280 AEAD algorithm (x86_64 AVX2 implementation)" + depends on X86 && 64BIT + select CRYPTO_AEAD + select CRYPTO_MORUS1280_GLUE + help + AVX2 optimized implementation of the MORUS-1280 dedicated AEAD + algorithm. + config CRYPTO_SEQIV tristate "Sequence Number IV Generator" select CRYPTO_AEAD @@ -1335,34 +1436,6 @@ config CRYPTO_SALSA20 The Salsa20 stream cipher algorithm is designed by Daniel J. Bernstein <djb@cr.yp.to>. See <http://cr.yp.to/snuffle.html> -config CRYPTO_SALSA20_586 - tristate "Salsa20 stream cipher algorithm (i586)" - depends on (X86 || UML_X86) && !64BIT - select CRYPTO_BLKCIPHER - select CRYPTO_SALSA20 - help - Salsa20 stream cipher algorithm. - - Salsa20 is a stream cipher submitted to eSTREAM, the ECRYPT - Stream Cipher Project. See <http://www.ecrypt.eu.org/stream/> - - The Salsa20 stream cipher algorithm is designed by Daniel J. - Bernstein <djb@cr.yp.to>. See <http://cr.yp.to/snuffle.html> - -config CRYPTO_SALSA20_X86_64 - tristate "Salsa20 stream cipher algorithm (x86_64)" - depends on (X86 || UML_X86) && 64BIT - select CRYPTO_BLKCIPHER - select CRYPTO_SALSA20 - help - Salsa20 stream cipher algorithm. - - Salsa20 is a stream cipher submitted to eSTREAM, the ECRYPT - Stream Cipher Project. See <http://www.ecrypt.eu.org/stream/> - - The Salsa20 stream cipher algorithm is designed by Daniel J. - Bernstein <djb@cr.yp.to>. See <http://cr.yp.to/snuffle.html> - config CRYPTO_CHACHA20 tristate "ChaCha20 cipher algorithm" select CRYPTO_BLKCIPHER @@ -1695,6 +1768,15 @@ config CRYPTO_LZ4HC help This is the LZ4 high compression mode algorithm. +config CRYPTO_ZSTD + tristate "Zstd compression algorithm" + select CRYPTO_ALGAPI + select CRYPTO_ACOMP2 + select ZSTD_COMPRESS + select ZSTD_DECOMPRESS + help + This is the zstd algorithm. + comment "Random Number Generation" config CRYPTO_ANSI_CPRNG diff --git a/crypto/Makefile b/crypto/Makefile index 3a5f01616f74..6d1d40eeb964 100644 --- a/crypto/Makefile +++ b/crypto/Makefile @@ -86,6 +86,11 @@ obj-$(CONFIG_CRYPTO_KEYWRAP) += keywrap.o obj-$(CONFIG_CRYPTO_GCM) += gcm.o obj-$(CONFIG_CRYPTO_CCM) += ccm.o obj-$(CONFIG_CRYPTO_CHACHA20POLY1305) += chacha20poly1305.o +obj-$(CONFIG_CRYPTO_AEGIS128) += aegis128.o +obj-$(CONFIG_CRYPTO_AEGIS128L) += aegis128l.o +obj-$(CONFIG_CRYPTO_AEGIS256) += aegis256.o +obj-$(CONFIG_CRYPTO_MORUS640) += morus640.o +obj-$(CONFIG_CRYPTO_MORUS1280) += morus1280.o obj-$(CONFIG_CRYPTO_PCRYPT) += pcrypt.o obj-$(CONFIG_CRYPTO_CRYPTD) += cryptd.o obj-$(CONFIG_CRYPTO_MCRYPTD) += mcryptd.o @@ -137,6 +142,7 @@ obj-$(CONFIG_CRYPTO_USER_API_HASH) += algif_hash.o obj-$(CONFIG_CRYPTO_USER_API_SKCIPHER) += algif_skcipher.o obj-$(CONFIG_CRYPTO_USER_API_RNG) += algif_rng.o obj-$(CONFIG_CRYPTO_USER_API_AEAD) += algif_aead.o +obj-$(CONFIG_CRYPTO_ZSTD) += zstd.o ecdh_generic-y := ecc.o ecdh_generic-y += ecdh.o diff --git a/crypto/aegis.h b/crypto/aegis.h new file mode 100644 index 000000000000..f1c6900ddb80 --- /dev/null +++ b/crypto/aegis.h @@ -0,0 +1,80 @@ +/* SPDX-License-Identifier: GPL-2.0 */ +/* + * AEGIS common definitions + * + * Copyright (c) 2018 Ondrej Mosnacek <omosnacek@gmail.com> + * Copyright (c) 2018 Red Hat, Inc. All rights reserved. + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the Free + * Software Foundation; either version 2 of the License, or (at your option) + * any later version. + */ + +#ifndef _CRYPTO_AEGIS_H +#define _CRYPTO_AEGIS_H + +#include <crypto/aes.h> +#include <linux/types.h> + +#define AEGIS_BLOCK_SIZE 16 + +union aegis_block { + __le64 words64[AEGIS_BLOCK_SIZE / sizeof(__le64)]; + u32 words32[AEGIS_BLOCK_SIZE / sizeof(u32)]; + u8 bytes[AEGIS_BLOCK_SIZE]; +}; + +#define AEGIS_BLOCK_ALIGN (__alignof__(union aegis_block)) +#define AEGIS_ALIGNED(p) IS_ALIGNED((uintptr_t)p, AEGIS_BLOCK_ALIGN) + +static const union aegis_block crypto_aegis_const[2] = { + { .words64 = { + cpu_to_le64(U64_C(0x0d08050302010100)), + cpu_to_le64(U64_C(0x6279e99059372215)), + } }, + { .words64 = { + cpu_to_le64(U64_C(0xf12fc26d55183ddb)), + cpu_to_le64(U64_C(0xdd28b57342311120)), + } }, +}; + +static void crypto_aegis_block_xor(union aegis_block *dst, + const union aegis_block *src) +{ + dst->words64[0] ^= src->words64[0]; + dst->words64[1] ^= src->words64[1]; +} + +static void crypto_aegis_block_and(union aegis_block *dst, + const union aegis_block *src) +{ + dst->words64[0] &= src->words64[0]; + dst->words64[1] &= src->words64[1]; +} + +static void crypto_aegis_aesenc(union aegis_block *dst, + const union aegis_block *src, + const union aegis_block *key) +{ + u32 *d = dst->words32; + const u8 *s = src->bytes; + const u32 *k = key->words32; + const u32 *t0 = crypto_ft_tab[0]; + const u32 *t1 = crypto_ft_tab[1]; + const u32 *t2 = crypto_ft_tab[2]; + const u32 *t3 = crypto_ft_tab[3]; + u32 d0, d1, d2, d3; + + d0 = t0[s[ 0]] ^ t1[s[ 5]] ^ t2[s[10]] ^ t3[s[15]] ^ k[0]; + d1 = t0[s[ 4]] ^ t1[s[ 9]] ^ t2[s[14]] ^ t3[s[ 3]] ^ k[1]; + d2 = t0[s[ 8]] ^ t1[s[13]] ^ t2[s[ 2]] ^ t3[s[ 7]] ^ k[2]; + d3 = t0[s[12]] ^ t1[s[ 1]] ^ t2[s[ 6]] ^ t3[s[11]] ^ k[3]; + + d[0] = d0; + d[1] = d1; + d[2] = d2; + d[3] = d3; +} + +#endif /* _CRYPTO_AEGIS_H */ diff --git a/crypto/aegis128.c b/crypto/aegis128.c new file mode 100644 index 000000000000..38271303ce16 --- /dev/null +++ b/crypto/aegis128.c @@ -0,0 +1,463 @@ +/* + * The AEGIS-128 Authenticated-Encryption Algorithm + * + * Copyright (c) 2017-2018 Ondrej Mosnacek <omosnacek@gmail.com> + * Copyright (C) 2017-2018 Red Hat, Inc. All rights reserved. + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the Free + * Software Foundation; either version 2 of the License, or (at your option) + * any later version. + */ + +#include <crypto/algapi.h> +#include <crypto/internal/aead.h> +#include <crypto/internal/skcipher.h> +#include <crypto/scatterwalk.h> +#include <linux/err.h> +#include <linux/init.h> +#include <linux/kernel.h> +#include <linux/module.h> +#include <linux/scatterlist.h> + +#include "aegis.h" + +#define AEGIS128_NONCE_SIZE 16 +#define AEGIS128_STATE_BLOCKS 5 +#define AEGIS128_KEY_SIZE 16 +#define AEGIS128_MIN_AUTH_SIZE 8 +#define AEGIS128_MAX_AUTH_SIZE 16 + +struct aegis_state { + union aegis_block blocks[AEGIS128_STATE_BLOCKS]; +}; + +struct aegis_ctx { + union aegis_block key; +}; + +struct aegis128_ops { + int (*skcipher_walk_init)(struct skcipher_walk *walk, + struct aead_request *req, bool atomic); + + void (*crypt_chunk)(struct aegis_state *state, u8 *dst, + const u8 *src, unsigned int size); +}; + +static void crypto_aegis128_update(struct aegis_state *state) +{ + union aegis_block tmp; + unsigned int i; + + tmp = state->blocks[AEGIS128_STATE_BLOCKS - 1]; + for (i = AEGIS128_STATE_BLOCKS - 1; i > 0; i--) + crypto_aegis_aesenc(&state->blocks[i], &state->blocks[i - 1], + &state->blocks[i]); + crypto_aegis_aesenc(&state->blocks[0], &tmp, &state->blocks[0]); +} + +static void crypto_aegis128_update_a(struct aegis_state *state, + const union aegis_block *msg) +{ + crypto_aegis128_update(state); + crypto_aegis_block_xor(&state->blocks[0], msg); +} + +static void crypto_aegis128_update_u(struct aegis_state *state, const void *msg) +{ + crypto_aegis128_update(state); + crypto_xor(state->blocks[0].bytes, msg, AEGIS_BLOCK_SIZE); +} + +static void crypto_aegis128_init(struct aegis_state *state, + const union aegis_block *key, + const u8 *iv) +{ + union aegis_block key_iv; + unsigned int i; + + key_iv = *key; + crypto_xor(key_iv.bytes, iv, AEGIS_BLOCK_SIZE); + + state->blocks[0] = key_iv; + state->blocks[1] = crypto_aegis_const[1]; + state->blocks[2] = crypto_aegis_const[0]; + state->blocks[3] = *key; + state->blocks[4] = *key; + + crypto_aegis_block_xor(&state->blocks[3], &crypto_aegis_const[0]); + crypto_aegis_block_xor(&state->blocks[4], &crypto_aegis_const[1]); + + for (i = 0; i < 5; i++) { + crypto_aegis128_update_a(state, key); + crypto_aegis128_update_a(state, &key_iv); + } +} + +static void crypto_aegis128_ad(struct aegis_state *state, + const u8 *src, unsigned int size) +{ + if (AEGIS_ALIGNED(src)) { + const union aegis_block *src_blk = + (const union aegis_block *)src; + + while (size >= AEGIS_BLOCK_SIZE) { + crypto_aegis128_update_a(state, src_blk); + + size -= AEGIS_BLOCK_SIZE; + src_blk++; + } + } else { + while (size >= AEGIS_BLOCK_SIZE) { + crypto_aegis128_update_u(state, src); + + size -= AEGIS_BLOCK_SIZE; + src += AEGIS_BLOCK_SIZE; + } + } +} + +static void crypto_aegis128_encrypt_chunk(struct aegis_state *state, u8 *dst, + const u8 *src, unsigned int size) +{ + union aegis_block tmp; + + if (AEGIS_ALIGNED(src) && AEGIS_ALIGNED(dst)) { + while (size >= AEGIS_BLOCK_SIZE) { + union aegis_block *dst_blk = + (union aegis_block *)dst; + const union aegis_block *src_blk = + (const union aegis_block *)src; + + tmp = state->blocks[2]; + crypto_aegis_block_and(&tmp, &state->blocks[3]); + crypto_aegis_block_xor(&tmp, &state->blocks[4]); + crypto_aegis_block_xor(&tmp, &state->blocks[1]); + crypto_aegis_block_xor(&tmp, src_blk); + + crypto_aegis128_update_a(state, src_blk); + + *dst_blk = tmp; + + size -= AEGIS_BLOCK_SIZE; + src += AEGIS_BLOCK_SIZE; + dst += AEGIS_BLOCK_SIZE; + } + } else { + while (size >= AEGIS_BLOCK_SIZE) { + tmp = state->blocks[2]; + crypto_aegis_block_and(&tmp, &state->blocks[3]); + crypto_aegis_block_xor(&tmp, &state->blocks[4]); + crypto_aegis_block_xor(&tmp, &state->blocks[1]); + crypto_xor(tmp.bytes, src, AEGIS_BLOCK_SIZE); + + crypto_aegis128_update_u(state, src); + + memcpy(dst, tmp.bytes, AEGIS_BLOCK_SIZE); + + size -= AEGIS_BLOCK_SIZE; + src += AEGIS_BLOCK_SIZE; + dst += AEGIS_BLOCK_SIZE; + } + } + + if (size > 0) { + union aegis_block msg = {}; + memcpy(msg.bytes, src, size); + + tmp = state->blocks[2]; + crypto_aegis_block_and(&tmp, &state->blocks[3]); + crypto_aegis_block_xor(&tmp, &state->blocks[4]); + crypto_aegis_block_xor(&tmp, &state->blocks[1]); + + crypto_aegis128_update_a(state, &msg); + + crypto_aegis_block_xor(&msg, &tmp); + + memcpy(dst, msg.bytes, size); + } +} + +static void crypto_aegis128_decrypt_chunk(struct aegis_state *state, u8 *dst, + const u8 *src, unsigned int size) +{ + union aegis_block tmp; + + if (AEGIS_ALIGNED(src) && AEGIS_ALIGNED(dst)) { + while (size >= AEGIS_BLOCK_SIZE) { + union aegis_block *dst_blk = + (union aegis_block *)dst; + const union aegis_block *src_blk = + (const union aegis_block *)src; + + tmp = state->blocks[2]; + crypto_aegis_block_and(&tmp, &state->blocks[3]); + crypto_aegis_block_xor(&tmp, &state->blocks[4]); + crypto_aegis_block_xor(&tmp, &state->blocks[1]); + crypto_aegis_block_xor(&tmp, src_blk); + + crypto_aegis128_update_a(state, &tmp); + + *dst_blk = tmp; + + size -= AEGIS_BLOCK_SIZE; + src += AEGIS_BLOCK_SIZE; + dst += AEGIS_BLOCK_SIZE; + } + } else { + while (size >= AEGIS_BLOCK_SIZE) { + tmp = state->blocks[2]; + crypto_aegis_block_and(&tmp, &state->blocks[3]); + crypto_aegis_block_xor(&tmp, &state->blocks[4]); + crypto_aegis_block_xor(&tmp, &state->blocks[1]); + crypto_xor(tmp.bytes, src, AEGIS_BLOCK_SIZE); + + crypto_aegis128_update_a(state, &tmp); + + memcpy(dst, tmp.bytes, AEGIS_BLOCK_SIZE); + + size -= AEGIS_BLOCK_SIZE; + src += AEGIS_BLOCK_SIZE; + dst += AEGIS_BLOCK_SIZE; + } + } + + if (size > 0) { + union aegis_block msg = {}; + memcpy(msg.bytes, src, size); + + tmp = state->blocks[2]; + crypto_aegis_block_and(&tmp, &state->blocks[3]); + crypto_aegis_block_xor(&tmp, &state->blocks[4]); + crypto_aegis_block_xor(&tmp, &state->blocks[1]); + crypto_aegis_block_xor(&msg, &tmp); + + memset(msg.bytes + size, 0, AEGIS_BLOCK_SIZE - size); + + crypto_aegis128_update_a(state, &msg); + + memcpy(dst, msg.bytes, size); + } +} + +static void crypto_aegis128_process_ad(struct aegis_state *state, + struct scatterlist *sg_src, + unsigned int assoclen) +{ + struct scatter_walk walk; + union aegis_block buf; + unsigned int pos = 0; + + scatterwalk_start(&walk, sg_src); + while (assoclen != 0) { + unsigned int size = scatterwalk_clamp(&walk, assoclen); + unsigned int left = size; + void *mapped = scatterwalk_map(&walk); + const u8 *src = (const u8 *)mapped; + + if (pos + size >= AEGIS_BLOCK_SIZE) { + if (pos > 0) { + unsigned int fill = AEGIS_BLOCK_SIZE - pos; + memcpy(buf.bytes + pos, src, fill); + crypto_aegis128_update_a(state, &buf); + pos = 0; + left -= fill; + src += fill; + } + + crypto_aegis128_ad(state, src, left); + src += left & ~(AEGIS_BLOCK_SIZE - 1); + left &= AEGIS_BLOCK_SIZE - 1; + } + + memcpy(buf.bytes + pos, src, left); + + pos += left; + assoclen -= size; + scatterwalk_unmap(mapped); + scatterwalk_advance(&walk, size); + scatterwalk_done(&walk, 0, assoclen); + } + + if (pos > 0) { + memset(buf.bytes + pos, 0, AEGIS_BLOCK_SIZE - pos); + crypto_aegis128_update_a(state, &buf); + } +} + +static void crypto_aegis128_process_crypt(struct aegis_state *state, + struct aead_request *req, + const struct aegis128_ops *ops) +{ + struct skcipher_walk walk; + u8 *src, *dst; + unsigned int chunksize; + + ops->skcipher_walk_init(&walk, req, false); + + while (walk.nbytes) { + src = walk.src.virt.addr; + dst = walk.dst.virt.addr; + chunksize = walk.nbytes; + + ops->crypt_chunk(state, dst, src, chunksize); + + skcipher_walk_done(&walk, 0); + } +} + +static void crypto_aegis128_final(struct aegis_state *state, + union aegis_block *tag_xor, + u64 assoclen, u64 cryptlen) +{ + u64 assocbits = assoclen * 8; + u64 cryptbits = cryptlen * 8; + + union aegis_block tmp; + unsigned int i; + + tmp.words64[0] = cpu_to_le64(assocbits); + tmp.words64[1] = cpu_to_le64(cryptbits); + + crypto_aegis_block_xor(&tmp, &state->blocks[3]); + + for (i = 0; i < 7; i++) + crypto_aegis128_update_a(state, &tmp); + + for (i = 0; i < AEGIS128_STATE_BLOCKS; i++) + crypto_aegis_block_xor(tag_xor, &state->blocks[i]); +} + +static int crypto_aegis128_setkey(struct crypto_aead *aead, const u8 *key, + unsigned int keylen) +{ + struct aegis_ctx *ctx = crypto_aead_ctx(aead); + + if (keylen != AEGIS128_KEY_SIZE) { + crypto_aead_set_flags(aead, CRYPTO_TFM_RES_BAD_KEY_LEN); + return -EINVAL; + } + + memcpy(ctx->key.bytes, key, AEGIS128_KEY_SIZE); + return 0; +} + +static int crypto_aegis128_setauthsize(struct crypto_aead *tfm, + unsigned int authsize) +{ + if (authsize > AEGIS128_MAX_AUTH_SIZE) + return -EINVAL; + if (authsize < AEGIS128_MIN_AUTH_SIZE) + return -EINVAL; + return 0; +} + +static void crypto_aegis128_crypt(struct aead_request *req, + union aegis_block *tag_xor, + unsigned int cryptlen, + const struct aegis128_ops *ops) +{ + struct crypto_aead *tfm = crypto_aead_reqtfm(req); + struct aegis_ctx *ctx = crypto_aead_ctx(tfm); + struct aegis_state state; + + crypto_aegis128_init(&state, &ctx->key, req->iv); + crypto_aegis128_process_ad(&state, req->src, req->assoclen); + crypto_aegis128_process_crypt(&state, req, ops); + crypto_aegis128_final(&state, tag_xor, req->assoclen, cryptlen); +} + +static int crypto_aegis128_encrypt(struct aead_request *req) +{ + static const struct aegis128_ops ops = { + .skcipher_walk_init = skcipher_walk_aead_encrypt, + .crypt_chunk = crypto_aegis128_encrypt_chunk, + }; + + struct crypto_aead *tfm = crypto_aead_reqtfm(req); + union aegis_block tag = {}; + unsigned int authsize = crypto_aead_authsize(tfm); + unsigned int cryptlen = req->cryptlen; + + crypto_aegis128_crypt(req, &tag, cryptlen, &ops); + + scatterwalk_map_and_copy(tag.bytes, req->dst, req->assoclen + cryptlen, + authsize, 1); + return 0; +} + +static int crypto_aegis128_decrypt(struct aead_request *req) +{ + static const struct aegis128_ops ops = { + .skcipher_walk_init = skcipher_walk_aead_decrypt, + .crypt_chunk = crypto_aegis128_decrypt_chunk, + }; + static const u8 zeros[AEGIS128_MAX_AUTH_SIZE] = {}; + + struct crypto_aead *tfm = crypto_aead_reqtfm(req); + union aegis_block tag; + unsigned int authsize = crypto_aead_authsize(tfm); + unsigned int cryptlen = req->cryptlen - authsize; + + scatterwalk_map_and_copy(tag.bytes, req->src, req->assoclen + cryptlen, + authsize, 0); + + crypto_aegis128_crypt(req, &tag, cryptlen, &ops); + + return crypto_memneq(tag.bytes, zeros, authsize) ? -EBADMSG : 0; +} + +static int crypto_aegis128_init_tfm(struct crypto_aead *tfm) +{ + return 0; +} + +static void crypto_aegis128_exit_tfm(struct crypto_aead *tfm) +{ +} + +static struct aead_alg crypto_aegis128_alg = { + .setkey = crypto_aegis128_setkey, + .setauthsize = crypto_aegis128_setauthsize, + .encrypt = crypto_aegis128_encrypt, + .decrypt = crypto_aegis128_decrypt, + .init = crypto_aegis128_init_tfm, + .exit = crypto_aegis128_exit_tfm, + + .ivsize = AEGIS128_NONCE_SIZE, + .maxauthsize = AEGIS128_MAX_AUTH_SIZE, + .chunksize = AEGIS_BLOCK_SIZE, + + .base = { + .cra_flags = CRYPTO_ALG_TYPE_AEAD, + .cra_blocksize = 1, + .cra_ctxsize = sizeof(struct aegis_ctx), + .cra_alignmask = 0, + + .cra_priority = 100, + + .cra_name = "aegis128", + .cra_driver_name = "aegis128-generic", + + .cra_module = THIS_MODULE, + } +}; + +static int __init crypto_aegis128_module_init(void) +{ + return crypto_register_aead(&crypto_aegis128_alg); +} + +static void __exit crypto_aegis128_module_exit(void) +{ + crypto_unregister_aead(&crypto_aegis128_alg); +} + +module_init(crypto_aegis128_module_init); +module_exit(crypto_aegis128_module_exit); + +MODULE_LICENSE("GPL"); +MODULE_AUTHOR("Ondrej Mosnacek <omosnacek@gmail.com>"); +MODULE_DESCRIPTION("AEGIS-128 AEAD algorithm"); +MODULE_ALIAS_CRYPTO("aegis128"); +MODULE_ALIAS_CRYPTO("aegis128-generic"); diff --git a/crypto/aegis128l.c b/crypto/aegis128l.c new file mode 100644 index 000000000000..0cc1a7525c85 --- /dev/null +++ b/crypto/aegis128l.c @@ -0,0 +1,527 @@ +/* + * The AEGIS-128L Authenticated-Encryption Algorithm + * + * Copyright (c) 2017-2018 Ondrej Mosnacek <omosnacek@gmail.com> + * Copyright (C) 2017-2018 Red Hat, Inc. All rights reserved. + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the Free + * Software Foundation; either version 2 of the License, or (at your option) + * any later version. + */ + +#include <crypto/algapi.h> +#include <crypto/internal/aead.h> +#include <crypto/internal/skcipher.h> +#include <crypto/scatterwalk.h> +#include <linux/err.h> +#include <linux/init.h> +#include <linux/kernel.h> +#include <linux/module.h> +#include <linux/scatterlist.h> + +#include "aegis.h" + +#define AEGIS128L_CHUNK_BLOCKS 2 +#define AEGIS128L_CHUNK_SIZE (AEGIS128L_CHUNK_BLOCKS * AEGIS_BLOCK_SIZE) +#define AEGIS128L_NONCE_SIZE 16 +#define AEGIS128L_STATE_BLOCKS 8 +#define AEGIS128L_KEY_SIZE 16 +#define AEGIS128L_MIN_AUTH_SIZE 8 +#define AEGIS128L_MAX_AUTH_SIZE 16 + +union aegis_chunk { + union aegis_block blocks[AEGIS128L_CHUNK_BLOCKS]; + u8 bytes[AEGIS128L_CHUNK_SIZE]; +}; + +struct aegis_state { + union aegis_block blocks[AEGIS128L_STATE_BLOCKS]; +}; + +struct aegis_ctx { + union aegis_block key; +}; + +struct aegis128l_ops { + int (*skcipher_walk_init)(struct skcipher_walk *walk, + struct aead_request *req, bool atomic); + + void (*crypt_chunk)(struct aegis_state *state, u8 *dst, + const u8 *src, unsigned int size); +}; + +static void crypto_aegis128l_update(struct aegis_state *state) +{ + union aegis_block tmp; + unsigned int i; + + tmp = state->blocks[AEGIS128L_STATE_BLOCKS - 1]; + for (i = AEGIS128L_STATE_BLOCKS - 1; i > 0; i--) + crypto_aegis_aesenc(&state->blocks[i], &state->blocks[i - 1], + &state->blocks[i]); + crypto_aegis_aesenc(&state->blocks[0], &tmp, &state->blocks[0]); +} + +static void crypto_aegis128l_update_a(struct aegis_state *state, + const union aegis_chunk *msg) +{ + crypto_aegis128l_update(state); + crypto_aegis_block_xor(&state->blocks[0], &msg->blocks[0]); + crypto_aegis_block_xor(&state->blocks[4], &msg->blocks[1]); +} + +static void crypto_aegis128l_update_u(struct aegis_state *state, + const void *msg) +{ + crypto_aegis128l_update(state); + crypto_xor(state->blocks[0].bytes, msg + 0 * AEGIS_BLOCK_SIZE, + AEGIS_BLOCK_SIZE); + crypto_xor(state->blocks[4].bytes, msg + 1 * AEGIS_BLOCK_SIZE, + AEGIS_BLOCK_SIZE); +} + +static void crypto_aegis128l_init(struct aegis_state *state, + const union aegis_block *key, + const u8 *iv) +{ + union aegis_block key_iv; + union aegis_chunk chunk; + unsigned int i; + + memcpy(chunk.blocks[0].bytes, iv, AEGIS_BLOCK_SIZE); + chunk.blocks[1] = *key; + + key_iv = *key; + crypto_aegis_block_xor(&key_iv, &chunk.blocks[0]); + + state->blocks[0] = key_iv; + state->blocks[1] = crypto_aegis_const[1]; + state->blocks[2] = crypto_aegis_const[0]; + state->blocks[3] = crypto_aegis_const[1]; + state->blocks[4] = key_iv; + state->blocks[5] = *key; + state->blocks[6] = *key; + state->blocks[7] = *key; + + crypto_aegis_block_xor(&state->blocks[5], &crypto_aegis_const[0]); + crypto_aegis_block_xor(&state->blocks[6], &crypto_aegis_const[1]); + crypto_aegis_block_xor(&state->blocks[7], &crypto_aegis_const[0]); + + for (i = 0; i < 10; i++) { + crypto_aegis128l_update_a(state, &chunk); + } +} + +static void crypto_aegis128l_ad(struct aegis_state *state, + const u8 *src, unsigned int size) +{ + if (AEGIS_ALIGNED(src)) { + const union aegis_chunk *src_chunk = + (const union aegis_chunk *)src; + + while (size >= AEGIS128L_CHUNK_SIZE) { + crypto_aegis128l_update_a(state, src_chunk); + + size -= AEGIS128L_CHUNK_SIZE; + src_chunk += 1; + } + } else { + while (size >= AEGIS128L_CHUNK_SIZE) { + crypto_aegis128l_update_u(state, src); + + size -= AEGIS128L_CHUNK_SIZE; + src += AEGIS128L_CHUNK_SIZE; + } + } +} + +static void crypto_aegis128l_encrypt_chunk(struct aegis_state *state, u8 *dst, + const u8 *src, unsigned int size) +{ + union aegis_chunk tmp; + union aegis_block *tmp0 = &tmp.blocks[0]; + union aegis_block *tmp1 = &tmp.blocks[1]; + + if (AEGIS_ALIGNED(src) && AEGIS_ALIGNED(dst)) { + while (size >= AEGIS128L_CHUNK_SIZE) { + union aegis_chunk *dst_blk = + (union aegis_chunk *)dst; + const union aegis_chunk *src_blk = + (const union aegis_chunk *)src; + + *tmp0 = state->blocks[2]; + crypto_aegis_block_and(tmp0, &state->blocks[3]); + crypto_aegis_block_xor(tmp0, &state->blocks[6]); + crypto_aegis_block_xor(tmp0, &state->blocks[1]); + crypto_aegis_block_xor(tmp0, &src_blk->blocks[0]); + + *tmp1 = state->blocks[6]; + crypto_aegis_block_and(tmp1, &state->blocks[7]); + crypto_aegis_block_xor(tmp1, &state->blocks[5]); + crypto_aegis_block_xor(tmp1, &state->blocks[2]); + crypto_aegis_block_xor(tmp1, &src_blk->blocks[1]); + + crypto_aegis128l_update_a(state, src_blk); + + *dst_blk = tmp; + + size -= AEGIS128L_CHUNK_SIZE; + src += AEGIS128L_CHUNK_SIZE; + dst += AEGIS128L_CHUNK_SIZE; + } + } else { + while (size >= AEGIS128L_CHUNK_SIZE) { + *tmp0 = state->blocks[2]; + crypto_aegis_block_and(tmp0, &state->blocks[3]); + crypto_aegis_block_xor(tmp0, &state->blocks[6]); + crypto_aegis_block_xor(tmp0, &state->blocks[1]); + crypto_xor(tmp0->bytes, src + 0 * AEGIS_BLOCK_SIZE, + AEGIS_BLOCK_SIZE); + + *tmp1 = state->blocks[6]; + crypto_aegis_block_and(tmp1, &state->blocks[7]); + crypto_aegis_block_xor(tmp1, &state->blocks[5]); + crypto_aegis_block_xor(tmp1, &state->blocks[2]); + crypto_xor(tmp1->bytes, src + 1 * AEGIS_BLOCK_SIZE, + AEGIS_BLOCK_SIZE); + + crypto_aegis128l_update_u(state, src); + + memcpy(dst, tmp.bytes, AEGIS128L_CHUNK_SIZE); + + size -= AEGIS128L_CHUNK_SIZE; + src += AEGIS128L_CHUNK_SIZE; + dst += AEGIS128L_CHUNK_SIZE; + } + } + + if (size > 0) { + union aegis_chunk msg = {}; + memcpy(msg.bytes, src, size); + + *tmp0 = state->blocks[2]; + crypto_aegis_block_and(tmp0, &state->blocks[3]); + crypto_aegis_block_xor(tmp0, &state->blocks[6]); + crypto_aegis_block_xor(tmp0, &state->blocks[1]); + + *tmp1 = state->blocks[6]; + crypto_aegis_block_and(tmp1, &state->blocks[7]); + crypto_aegis_block_xor(tmp1, &state->blocks[5]); + crypto_aegis_block_xor(tmp1, &state->blocks[2]); + + crypto_aegis128l_update_a(state, &msg); + + crypto_aegis_block_xor(&msg.blocks[0], tmp0); + crypto_aegis_block_xor(&msg.blocks[1], tmp1); + + memcpy(dst, msg.bytes, size); + } +} + +static void crypto_aegis128l_decrypt_chunk(struct aegis_state *state, u8 *dst, + const u8 *src, unsigned int size) +{ + union aegis_chunk tmp; + union aegis_block *tmp0 = &tmp.blocks[0]; + union aegis_block *tmp1 = &tmp.blocks[1]; + + if (AEGIS_ALIGNED(src) && AEGIS_ALIGNED(dst)) { + while (size >= AEGIS128L_CHUNK_SIZE) { + union aegis_chunk *dst_blk = + (union aegis_chunk *)dst; + const union aegis_chunk *src_blk = + (const union aegis_chunk *)src; + + *tmp0 = state->blocks[2]; + crypto_aegis_block_and(tmp0, &state->blocks[3]); + crypto_aegis_block_xor(tmp0, &state->blocks[6]); + crypto_aegis_block_xor(tmp0, &state->blocks[1]); + crypto_aegis_block_xor(tmp0, &src_blk->blocks[0]); + + *tmp1 = state->blocks[6]; + crypto_aegis_block_and(tmp1, &state->blocks[7]); + crypto_aegis_block_xor(tmp1, &state->blocks[5]); + crypto_aegis_block_xor(tmp1, &state->blocks[2]); + crypto_aegis_block_xor(tmp1, &src_blk->blocks[1]); + + crypto_aegis128l_update_a(state, &tmp); + + *dst_blk = tmp; + + size -= AEGIS128L_CHUNK_SIZE; + src += AEGIS128L_CHUNK_SIZE; + dst += AEGIS128L_CHUNK_SIZE; + } + } else { + while (size >= AEGIS128L_CHUNK_SIZE) { + *tmp0 = state->blocks[2]; + crypto_aegis_block_and(tmp0, &state->blocks[3]); + crypto_aegis_block_xor(tmp0, &state->blocks[6]); + crypto_aegis_block_xor(tmp0, &state->blocks[1]); + crypto_xor(tmp0->bytes, src + 0 * AEGIS_BLOCK_SIZE, + AEGIS_BLOCK_SIZE); + + *tmp1 = state->blocks[6]; + crypto_aegis_block_and(tmp1, &state->blocks[7]); + crypto_aegis_block_xor(tmp1, &state->blocks[5]); + crypto_aegis_block_xor(tmp1, &state->blocks[2]); + crypto_xor(tmp1->bytes, src + 1 * AEGIS_BLOCK_SIZE, + AEGIS_BLOCK_SIZE); + + crypto_aegis128l_update_a(state, &tmp); + + memcpy(dst, tmp.bytes, AEGIS128L_CHUNK_SIZE); + + size -= AEGIS128L_CHUNK_SIZE; + src += AEGIS128L_CHUNK_SIZE; + dst += AEGIS128L_CHUNK_SIZE; + } + } + + if (size > 0) { + union aegis_chunk msg = {}; + memcpy(msg.bytes, src, size); + + *tmp0 = state->blocks[2]; + crypto_aegis_block_and(tmp0, &state->blocks[3]); + crypto_aegis_block_xor(tmp0, &state->blocks[6]); + crypto_aegis_block_xor(tmp0, &state->blocks[1]); + crypto_aegis_block_xor(&msg.blocks[0], tmp0); + + *tmp1 = state->blocks[6]; + crypto_aegis_block_and(tmp1, &state->blocks[7]); + crypto_aegis_block_xor(tmp1, &state->blocks[5]); + crypto_aegis_block_xor(tmp1, &state->blocks[2]); + crypto_aegis_block_xor(&msg.blocks[1], tmp1); + + memset(msg.bytes + size, 0, AEGIS128L_CHUNK_SIZE - size); + + crypto_aegis128l_update_a(state, &msg); + + memcpy(dst, msg.bytes, size); + } +} + +static void crypto_aegis128l_process_ad(struct aegis_state *state, + struct scatterlist *sg_src, + unsigned int assoclen) +{ + struct scatter_walk walk; + union aegis_chunk buf; + unsigned int pos = 0; + + scatterwalk_start(&walk, sg_src); + while (assoclen != 0) { + unsigned int size = scatterwalk_clamp(&walk, assoclen); + unsigned int left = size; + void *mapped = scatterwalk_map(&walk); + const u8 *src = (const u8 *)mapped; + + if (pos + size >= AEGIS128L_CHUNK_SIZE) { + if (pos > 0) { + unsigned int fill = AEGIS128L_CHUNK_SIZE - pos; + memcpy(buf.bytes + pos, src, fill); + crypto_aegis128l_update_a(state, &buf); + pos = 0; + left -= fill; + src += fill; + } + + crypto_aegis128l_ad(state, src, left); + src += left & ~(AEGIS128L_CHUNK_SIZE - 1); + left &= AEGIS128L_CHUNK_SIZE - 1; + } + + memcpy(buf.bytes + pos, src, left); + + pos += left; + assoclen -= size; + scatterwalk_unmap(mapped); + scatterwalk_advance(&walk, size); + scatterwalk_done(&walk, 0, assoclen); + } + + if (pos > 0) { + memset(buf.bytes + pos, 0, AEGIS128L_CHUNK_SIZE - pos); + crypto_aegis128l_update_a(state, &buf); + } +} + +static void crypto_aegis128l_process_crypt(struct aegis_state *state, + struct aead_request *req, + const struct aegis128l_ops *ops) +{ + struct skcipher_walk walk; + u8 *src, *dst; + unsigned int chunksize; + + ops->skcipher_walk_init(&walk, req, false); + + while (walk.nbytes) { + src = walk.src.virt.addr; + dst = walk.dst.virt.addr; + chunksize = walk.nbytes; + + ops->crypt_chunk(state, dst, src, chunksize); + + skcipher_walk_done(&walk, 0); + } +} + +static void crypto_aegis128l_final(struct aegis_state *state, + union aegis_block *tag_xor, + u64 assoclen, u64 cryptlen) +{ + u64 assocbits = assoclen * 8; + u64 cryptbits = cryptlen * 8; + + union aegis_chunk tmp; + unsigned int i; + + tmp.blocks[0].words64[0] = cpu_to_le64(assocbits); + tmp.blocks[0].words64[1] = cpu_to_le64(cryptbits); + + crypto_aegis_block_xor(&tmp.blocks[0], &state->blocks[2]); + + tmp.blocks[1] = tmp.blocks[0]; + for (i = 0; i < 7; i++) + crypto_aegis128l_update_a(state, &tmp); + + for (i = 0; i < 7; i++) + crypto_aegis_block_xor(tag_xor, &state->blocks[i]); +} + +static int crypto_aegis128l_setkey(struct crypto_aead *aead, const u8 *key, + unsigned int keylen) +{ + struct aegis_ctx *ctx = crypto_aead_ctx(aead); + + if (keylen != AEGIS128L_KEY_SIZE) { + crypto_aead_set_flags(aead, CRYPTO_TFM_RES_BAD_KEY_LEN); + return -EINVAL; + } + + memcpy(ctx->key.bytes, key, AEGIS128L_KEY_SIZE); + return 0; +} + +static int crypto_aegis128l_setauthsize(struct crypto_aead *tfm, + unsigned int authsize) +{ + if (authsize > AEGIS128L_MAX_AUTH_SIZE) + return -EINVAL; + if (authsize < AEGIS128L_MIN_AUTH_SIZE) + return -EINVAL; + return 0; +} + +static void crypto_aegis128l_crypt(struct aead_request *req, + union aegis_block *tag_xor, + unsigned int cryptlen, + const struct aegis128l_ops *ops) +{ + struct crypto_aead *tfm = crypto_aead_reqtfm(req); + struct aegis_ctx *ctx = crypto_aead_ctx(tfm); + struct aegis_state state; + + crypto_aegis128l_init(&state, &ctx->key, req->iv); + crypto_aegis128l_process_ad(&state, req->src, req->assoclen); + crypto_aegis128l_process_crypt(&state, req, ops); + crypto_aegis128l_final(&state, tag_xor, req->assoclen, cryptlen); +} + +static int crypto_aegis128l_encrypt(struct aead_request *req) +{ + static const struct aegis128l_ops ops = { + .skcipher_walk_init = skcipher_walk_aead_encrypt, + .crypt_chunk = crypto_aegis128l_encrypt_chunk, + }; + + struct crypto_aead *tfm = crypto_aead_reqtfm(req); + union aegis_block tag = {}; + unsigned int authsize = crypto_aead_authsize(tfm); + unsigned int cryptlen = req->cryptlen; + + crypto_aegis128l_crypt(req, &tag, cryptlen, &ops); + + scatterwalk_map_and_copy(tag.bytes, req->dst, req->assoclen + cryptlen, + authsize, 1); + return 0; +} + +static int crypto_aegis128l_decrypt(struct aead_request *req) +{ + static const struct aegis128l_ops ops = { + .skcipher_walk_init = skcipher_walk_aead_decrypt, + .crypt_chunk = crypto_aegis128l_decrypt_chunk, + }; + static const u8 zeros[AEGIS128L_MAX_AUTH_SIZE] = {}; + + struct crypto_aead *tfm = crypto_aead_reqtfm(req); + union aegis_block tag; + unsigned int authsize = crypto_aead_authsize(tfm); + unsigned int cryptlen = req->cryptlen - authsize; + + scatterwalk_map_and_copy(tag.bytes, req->src, req->assoclen + cryptlen, + authsize, 0); + + crypto_aegis128l_crypt(req, &tag, cryptlen, &ops); + + return crypto_memneq(tag.bytes, zeros, authsize) ? -EBADMSG : 0; +} + +static int crypto_aegis128l_init_tfm(struct crypto_aead *tfm) +{ + return 0; +} + +static void crypto_aegis128l_exit_tfm(struct crypto_aead *tfm) +{ +} + +static struct aead_alg crypto_aegis128l_alg = { + .setkey = crypto_aegis128l_setkey, + .setauthsize = crypto_aegis128l_setauthsize, + .encrypt = crypto_aegis128l_encrypt, + .decrypt = crypto_aegis128l_decrypt, + .init = crypto_aegis128l_init_tfm, + .exit = crypto_aegis128l_exit_tfm, + + .ivsize = AEGIS128L_NONCE_SIZE, + .maxauthsize = AEGIS128L_MAX_AUTH_SIZE, + .chunksize = AEGIS128L_CHUNK_SIZE, + + .base = { + .cra_flags = CRYPTO_ALG_TYPE_AEAD, + .cra_blocksize = 1, + .cra_ctxsize = sizeof(struct aegis_ctx), + .cra_alignmask = 0, + + .cra_priority = 100, + + .cra_name = "aegis128l", + .cra_driver_name = "aegis128l-generic", + + .cra_module = THIS_MODULE, + } +}; + +static int __init crypto_aegis128l_module_init(void) +{ + return crypto_register_aead(&crypto_aegis128l_alg); +} + +static void __exit crypto_aegis128l_module_exit(void) +{ + crypto_unregister_aead(&crypto_aegis128l_alg); +} + +module_init(crypto_aegis128l_module_init); +module_exit(crypto_aegis128l_module_exit); + +MODULE_LICENSE("GPL"); +MODULE_AUTHOR("Ondrej Mosnacek <omosnacek@gmail.com>"); +MODULE_DESCRIPTION("AEGIS-128L AEAD algorithm"); +MODULE_ALIAS_CRYPTO("aegis128l"); +MODULE_ALIAS_CRYPTO("aegis128l-generic"); diff --git a/crypto/aegis256.c b/crypto/aegis256.c new file mode 100644 index 000000000000..a489d741d33a --- /dev/null +++ b/crypto/aegis256.c @@ -0,0 +1,478 @@ +/* + * The AEGIS-256 Authenticated-Encryption Algorithm + * + * Copyright (c) 2017-2018 Ondrej Mosnacek <omosnacek@gmail.com> + * Copyright (C) 2017-2018 Red Hat, Inc. All rights reserved. + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the Free + * Software Foundation; either version 2 of the License, or (at your option) + * any later version. + */ + +#include <crypto/algapi.h> +#include <crypto/internal/aead.h> +#include <crypto/internal/skcipher.h> +#include <crypto/scatterwalk.h> +#include <linux/err.h> +#include <linux/init.h> +#include <linux/kernel.h> +#include <linux/module.h> +#include <linux/scatterlist.h> + +#include "aegis.h" + +#define AEGIS256_NONCE_SIZE 32 +#define AEGIS256_STATE_BLOCKS 6 +#define AEGIS256_KEY_SIZE 32 +#define AEGIS256_MIN_AUTH_SIZE 8 +#define AEGIS256_MAX_AUTH_SIZE 16 + +struct aegis_state { + union aegis_block blocks[AEGIS256_STATE_BLOCKS]; +}; + +struct aegis_ctx { + union aegis_block key[AEGIS256_KEY_SIZE / AEGIS_BLOCK_SIZE]; +}; + +struct aegis256_ops { + int (*skcipher_walk_init)(struct skcipher_walk *walk, + struct aead_request *req, bool atomic); + + void (*crypt_chunk)(struct aegis_state *state, u8 *dst, + const u8 *src, unsigned int size); +}; + +static void crypto_aegis256_update(struct aegis_state *state) +{ + union aegis_block tmp; + unsigned int i; + + tmp = state->blocks[AEGIS256_STATE_BLOCKS - 1]; + for (i = AEGIS256_STATE_BLOCKS - 1; i > 0; i--) + crypto_aegis_aesenc(&state->blocks[i], &state->blocks[i - 1], + &state->blocks[i]); + crypto_aegis_aesenc(&state->blocks[0], &tmp, &state->blocks[0]); +} + +static void crypto_aegis256_update_a(struct aegis_state *state, + const union aegis_block *msg) +{ + crypto_aegis256_update(state); + crypto_aegis_block_xor(&state->blocks[0], msg); +} + +static void crypto_aegis256_update_u(struct aegis_state *state, const void *msg) +{ + crypto_aegis256_update(state); + crypto_xor(state->blocks[0].bytes, msg, AEGIS_BLOCK_SIZE); +} + +static void crypto_aegis256_init(struct aegis_state *state, + const union aegis_block *key, + const u8 *iv) +{ + union aegis_block key_iv[2]; + unsigned int i; + + key_iv[0] = key[0]; + key_iv[1] = key[1]; + crypto_xor(key_iv[0].bytes, iv + 0 * AEGIS_BLOCK_SIZE, + AEGIS_BLOCK_SIZE); + crypto_xor(key_iv[1].bytes, iv + 1 * AEGIS_BLOCK_SIZE, + AEGIS_BLOCK_SIZE); + + state->blocks[0] = key_iv[0]; + state->blocks[1] = key_iv[1]; + state->blocks[2] = crypto_aegis_const[1]; + state->blocks[3] = crypto_aegis_const[0]; + state->blocks[4] = key[0]; + state->blocks[5] = key[1]; + + crypto_aegis_block_xor(&state->blocks[4], &crypto_aegis_const[0]); + crypto_aegis_block_xor(&state->blocks[5], &crypto_aegis_const[1]); + + for (i = 0; i < 4; i++) { + crypto_aegis256_update_a(state, &key[0]); + crypto_aegis256_update_a(state, &key[1]); + crypto_aegis256_update_a(state, &key_iv[0]); + crypto_aegis256_update_a(state, &key_iv[1]); + } +} + +static void crypto_aegis256_ad(struct aegis_state *state, + const u8 *src, unsigned int size) +{ + if (AEGIS_ALIGNED(src)) { + const union aegis_block *src_blk = + (const union aegis_block *)src; + + while (size >= AEGIS_BLOCK_SIZE) { + crypto_aegis256_update_a(state, src_blk); + + size -= AEGIS_BLOCK_SIZE; + src_blk++; + } + } else { + while (size >= AEGIS_BLOCK_SIZE) { + crypto_aegis256_update_u(state, src); + + size -= AEGIS_BLOCK_SIZE; + src += AEGIS_BLOCK_SIZE; + } + } +} + +static void crypto_aegis256_encrypt_chunk(struct aegis_state *state, u8 *dst, + const u8 *src, unsigned int size) +{ + union aegis_block tmp; + + if (AEGIS_ALIGNED(src) && AEGIS_ALIGNED(dst)) { + while (size >= AEGIS_BLOCK_SIZE) { + union aegis_block *dst_blk = + (union aegis_block *)dst; + const union aegis_block *src_blk = + (const union aegis_block *)src; + + tmp = state->blocks[2]; + crypto_aegis_block_and(&tmp, &state->blocks[3]); + crypto_aegis_block_xor(&tmp, &state->blocks[5]); + crypto_aegis_block_xor(&tmp, &state->blocks[4]); + crypto_aegis_block_xor(&tmp, &state->blocks[1]); + crypto_aegis_block_xor(&tmp, src_blk); + + crypto_aegis256_update_a(state, src_blk); + + *dst_blk = tmp; + + size -= AEGIS_BLOCK_SIZE; + src += AEGIS_BLOCK_SIZE; + dst += AEGIS_BLOCK_SIZE; + } + } else { + while (size >= AEGIS_BLOCK_SIZE) { + tmp = state->blocks[2]; + crypto_aegis_block_and(&tmp, &state->blocks[3]); + crypto_aegis_block_xor(&tmp, &state->blocks[5]); + crypto_aegis_block_xor(&tmp, &state->blocks[4]); + crypto_aegis_block_xor(&tmp, &state->blocks[1]); + crypto_xor(tmp.bytes, src, AEGIS_BLOCK_SIZE); + + crypto_aegis256_update_u(state, src); + + memcpy(dst, tmp.bytes, AEGIS_BLOCK_SIZE); + + size -= AEGIS_BLOCK_SIZE; + src += AEGIS_BLOCK_SIZE; + dst += AEGIS_BLOCK_SIZE; + } + } + + if (size > 0) { + union aegis_block msg = {}; + memcpy(msg.bytes, src, size); + + tmp = state->blocks[2]; + crypto_aegis_block_and(&tmp, &state->blocks[3]); + crypto_aegis_block_xor(&tmp, &state->blocks[5]); + crypto_aegis_block_xor(&tmp, &state->blocks[4]); + crypto_aegis_block_xor(&tmp, &state->blocks[1]); + + crypto_aegis256_update_a(state, &msg); + + crypto_aegis_block_xor(&msg, &tmp); + + memcpy(dst, msg.bytes, size); + } +} + +static void crypto_aegis256_decrypt_chunk(struct aegis_state *state, u8 *dst, + const u8 *src, unsigned int size) +{ + union aegis_block tmp; + + if (AEGIS_ALIGNED(src) && AEGIS_ALIGNED(dst)) { + while (size >= AEGIS_BLOCK_SIZE) { + union aegis_block *dst_blk = + (union aegis_block *)dst; + const union aegis_block *src_blk = + (const union aegis_block *)src; + + tmp = state->blocks[2]; + crypto_aegis_block_and(&tmp, &state->blocks[3]); + crypto_aegis_block_xor(&tmp, &state->blocks[5]); + crypto_aegis_block_xor(&tmp, &state->blocks[4]); + crypto_aegis_block_xor(&tmp, &state->blocks[1]); + crypto_aegis_block_xor(&tmp, src_blk); + + crypto_aegis256_update_a(state, &tmp); + + *dst_blk = tmp; + + size -= AEGIS_BLOCK_SIZE; + src += AEGIS_BLOCK_SIZE; + dst += AEGIS_BLOCK_SIZE; + } + } else { + while (size >= AEGIS_BLOCK_SIZE) { + tmp = state->blocks[2]; + crypto_aegis_block_and(&tmp, &state->blocks[3]); + crypto_aegis_block_xor(&tmp, &state->blocks[5]); + crypto_aegis_block_xor(&tmp, &state->blocks[4]); + crypto_aegis_block_xor(&tmp, &state->blocks[1]); + crypto_xor(tmp.bytes, src, AEGIS_BLOCK_SIZE); + + crypto_aegis256_update_a(state, &tmp); + + memcpy(dst, tmp.bytes, AEGIS_BLOCK_SIZE); + + size -= AEGIS_BLOCK_SIZE; + src += AEGIS_BLOCK_SIZE; + dst += AEGIS_BLOCK_SIZE; + } + } + + if (size > 0) { + union aegis_block msg = {}; + memcpy(msg.bytes, src, size); + + tmp = state->blocks[2]; + crypto_aegis_block_and(&tmp, &state->blocks[3]); + crypto_aegis_block_xor(&tmp, &state->blocks[5]); + crypto_aegis_block_xor(&tmp, &state->blocks[4]); + crypto_aegis_block_xor(&tmp, &state->blocks[1]); + crypto_aegis_block_xor(&msg, &tmp); + + memset(msg.bytes + size, 0, AEGIS_BLOCK_SIZE - size); + + crypto_aegis256_update_a(state, &msg); + + memcpy(dst, msg.bytes, size); + } +} + +static void crypto_aegis256_process_ad(struct aegis_state *state, + struct scatterlist *sg_src, + unsigned int assoclen) +{ + struct scatter_walk walk; + union aegis_block buf; + unsigned int pos = 0; + + scatterwalk_start(&walk, sg_src); + while (assoclen != 0) { + unsigned int size = scatterwalk_clamp(&walk, assoclen); + unsigned int left = size; + void *mapped = scatterwalk_map(&walk); + const u8 *src = (const u8 *)mapped; + + if (pos + size >= AEGIS_BLOCK_SIZE) { + if (pos > 0) { + unsigned int fill = AEGIS_BLOCK_SIZE - pos; + memcpy(buf.bytes + pos, src, fill); + crypto_aegis256_update_a(state, &buf); + pos = 0; + left -= fill; + src += fill; + } + + crypto_aegis256_ad(state, src, left); + src += left & ~(AEGIS_BLOCK_SIZE - 1); + left &= AEGIS_BLOCK_SIZE - 1; + } + + memcpy(buf.bytes + pos, src, left); + + pos += left; + assoclen -= size; + scatterwalk_unmap(mapped); + scatterwalk_advance(&walk, size); + scatterwalk_done(&walk, 0, assoclen); + } + + if (pos > 0) { + memset(buf.bytes + pos, 0, AEGIS_BLOCK_SIZE - pos); + crypto_aegis256_update_a(state, &buf); + } +} + +static void crypto_aegis256_process_crypt(struct aegis_state *state, + struct aead_request *req, + const struct aegis256_ops *ops) +{ + struct skcipher_walk walk; + u8 *src, *dst; + unsigned int chunksize; + + ops->skcipher_walk_init(&walk, req, false); + + while (walk.nbytes) { + src = walk.src.virt.addr; + dst = walk.dst.virt.addr; + chunksize = walk.nbytes; + + ops->crypt_chunk(state, dst, src, chunksize); + + skcipher_walk_done(&walk, 0); + } +} + +static void crypto_aegis256_final(struct aegis_state *state, + union aegis_block *tag_xor, + u64 assoclen, u64 cryptlen) +{ + u64 assocbits = assoclen * 8; + u64 cryptbits = cryptlen * 8; + + union aegis_block tmp; + unsigned int i; + + tmp.words64[0] = cpu_to_le64(assocbits); + tmp.words64[1] = cpu_to_le64(cryptbits); + + crypto_aegis_block_xor(&tmp, &state->blocks[3]); + + for (i = 0; i < 7; i++) + crypto_aegis256_update_a(state, &tmp); + + for (i = 0; i < AEGIS256_STATE_BLOCKS; i++) + crypto_aegis_block_xor(tag_xor, &state->blocks[i]); +} + +static int crypto_aegis256_setkey(struct crypto_aead *aead, const u8 *key, + unsigned int keylen) +{ + struct aegis_ctx *ctx = crypto_aead_ctx(aead); + + if (keylen != AEGIS256_KEY_SIZE) { + crypto_aead_set_flags(aead, CRYPTO_TFM_RES_BAD_KEY_LEN); + return -EINVAL; + } + + memcpy(ctx->key[0].bytes, key, AEGIS_BLOCK_SIZE); + memcpy(ctx->key[1].bytes, key + AEGIS_BLOCK_SIZE, + AEGIS_BLOCK_SIZE); + return 0; +} + +static int crypto_aegis256_setauthsize(struct crypto_aead *tfm, + unsigned int authsize) +{ + if (authsize > AEGIS256_MAX_AUTH_SIZE) + return -EINVAL; + if (authsize < AEGIS256_MIN_AUTH_SIZE) + return -EINVAL; + return 0; +} + +static void crypto_aegis256_crypt(struct aead_request *req, + union aegis_block *tag_xor, + unsigned int cryptlen, + const struct aegis256_ops *ops) +{ + struct crypto_aead *tfm = crypto_aead_reqtfm(req); + struct aegis_ctx *ctx = crypto_aead_ctx(tfm); + struct aegis_state state; + + crypto_aegis256_init(&state, ctx->key, req->iv); + crypto_aegis256_process_ad(&state, req->src, req->assoclen); + crypto_aegis256_process_crypt(&state, req, ops); + crypto_aegis256_final(&state, tag_xor, req->assoclen, cryptlen); +} + +static int crypto_aegis256_encrypt(struct aead_request *req) +{ + static const struct aegis256_ops ops = { + .skcipher_walk_init = skcipher_walk_aead_encrypt, + .crypt_chunk = crypto_aegis256_encrypt_chunk, + }; + + struct crypto_aead *tfm = crypto_aead_reqtfm(req); + union aegis_block tag = {}; + unsigned int authsize = crypto_aead_authsize(tfm); + unsigned int cryptlen = req->cryptlen; + + crypto_aegis256_crypt(req, &tag, cryptlen, &ops); + + scatterwalk_map_and_copy(tag.bytes, req->dst, req->assoclen + cryptlen, + authsize, 1); + return 0; +} + +static int crypto_aegis256_decrypt(struct aead_request *req) +{ + static const struct aegis256_ops ops = { + .skcipher_walk_init = skcipher_walk_aead_decrypt, + .crypt_chunk = crypto_aegis256_decrypt_chunk, + }; + static const u8 zeros[AEGIS256_MAX_AUTH_SIZE] = {}; + + struct crypto_aead *tfm = crypto_aead_reqtfm(req); + union aegis_block tag; + unsigned int authsize = crypto_aead_authsize(tfm); + unsigned int cryptlen = req->cryptlen - authsize; + + scatterwalk_map_and_copy(tag.bytes, req->src, req->assoclen + cryptlen, + authsize, 0); + + crypto_aegis256_crypt(req, &tag, cryptlen, &ops); + + return crypto_memneq(tag.bytes, zeros, authsize) ? -EBADMSG : 0; +} + +static int crypto_aegis256_init_tfm(struct crypto_aead *tfm) +{ + return 0; +} + +static void crypto_aegis256_exit_tfm(struct crypto_aead *tfm) +{ +} + +static struct aead_alg crypto_aegis256_alg = { + .setkey = crypto_aegis256_setkey, + .setauthsize = crypto_aegis256_setauthsize, + .encrypt = crypto_aegis256_encrypt, + .decrypt = crypto_aegis256_decrypt, + .init = crypto_aegis256_init_tfm, + .exit = crypto_aegis256_exit_tfm, + + .ivsize = AEGIS256_NONCE_SIZE, + .maxauthsize = AEGIS256_MAX_AUTH_SIZE, + .chunksize = AEGIS_BLOCK_SIZE, + + .base = { + .cra_flags = CRYPTO_ALG_TYPE_AEAD, + .cra_blocksize = 1, + .cra_ctxsize = sizeof(struct aegis_ctx), + .cra_alignmask = 0, + + .cra_priority = 100, + + .cra_name = "aegis256", + .cra_driver_name = "aegis256-generic", + + .cra_module = THIS_MODULE, + } +}; + +static int __init crypto_aegis256_module_init(void) +{ + return crypto_register_aead(&crypto_aegis256_alg); +} + +static void __exit crypto_aegis256_module_exit(void) +{ + crypto_unregister_aead(&crypto_aegis256_alg); +} + +module_init(crypto_aegis256_module_init); +module_exit(crypto_aegis256_module_exit); + +MODULE_LICENSE("GPL"); +MODULE_AUTHOR("Ondrej Mosnacek <omosnacek@gmail.com>"); +MODULE_DESCRIPTION("AEGIS-256 AEAD algorithm"); +MODULE_ALIAS_CRYPTO("aegis256"); +MODULE_ALIAS_CRYPTO("aegis256-generic"); diff --git a/crypto/algapi.c b/crypto/algapi.c index 2a0271b5f62a..c0755cf4f53f 100644 --- a/crypto/algapi.c +++ b/crypto/algapi.c @@ -10,6 +10,7 @@ * */ +#include <crypto/algapi.h> #include <linux/err.h> #include <linux/errno.h> #include <linux/fips.h> @@ -59,6 +60,15 @@ static int crypto_check_alg(struct crypto_alg *alg) if (alg->cra_blocksize > PAGE_SIZE / 8) return -EINVAL; + if (!alg->cra_type && (alg->cra_flags & CRYPTO_ALG_TYPE_MASK) == + CRYPTO_ALG_TYPE_CIPHER) { + if (alg->cra_alignmask > MAX_CIPHER_ALIGNMASK) + return -EINVAL; + + if (alg->cra_blocksize > MAX_CIPHER_BLOCKSIZE) + return -EINVAL; + } + if (alg->cra_priority < 0) return -EINVAL; diff --git a/crypto/authenc.c b/crypto/authenc.c index d3d6d72fe649..4fa8d40d947b 100644 --- a/crypto/authenc.c +++ b/crypto/authenc.c @@ -108,6 +108,7 @@ static int crypto_authenc_setkey(struct crypto_aead *authenc, const u8 *key, CRYPTO_TFM_RES_MASK); out: + memzero_explicit(&keys, sizeof(keys)); return err; badkey: diff --git a/crypto/authencesn.c b/crypto/authencesn.c index 15f91ddd7f0e..50b804747e20 100644 --- a/crypto/authencesn.c +++ b/crypto/authencesn.c @@ -90,6 +90,7 @@ static int crypto_authenc_esn_setkey(struct crypto_aead *authenc_esn, const u8 * CRYPTO_TFM_RES_MASK); out: + memzero_explicit(&keys, sizeof(keys)); return err; badkey: diff --git a/crypto/cfb.c b/crypto/cfb.c index 94ee39bed758..a0d68c09e1b9 100644 --- a/crypto/cfb.c +++ b/crypto/cfb.c @@ -53,9 +53,8 @@ static void crypto_cfb_encrypt_one(struct crypto_skcipher *tfm, static void crypto_cfb_final(struct skcipher_walk *walk, struct crypto_skcipher *tfm) { - const unsigned int bsize = crypto_cfb_bsize(tfm); const unsigned long alignmask = crypto_skcipher_alignmask(tfm); - u8 tmp[bsize + alignmask]; + u8 tmp[MAX_CIPHER_BLOCKSIZE + MAX_CIPHER_ALIGNMASK]; u8 *stream = PTR_ALIGN(tmp + 0, alignmask + 1); u8 *src = walk->src.virt.addr; u8 *dst = walk->dst.virt.addr; @@ -94,7 +93,7 @@ static int crypto_cfb_encrypt_inplace(struct skcipher_walk *walk, unsigned int nbytes = walk->nbytes; u8 *src = walk->src.virt.addr; u8 *iv = walk->iv; - u8 tmp[bsize]; + u8 tmp[MAX_CIPHER_BLOCKSIZE]; do { crypto_cfb_encrypt_one(tfm, iv, tmp); @@ -164,7 +163,7 @@ static int crypto_cfb_decrypt_inplace(struct skcipher_walk *walk, unsigned int nbytes = walk->nbytes; u8 *src = walk->src.virt.addr; u8 *iv = walk->iv; - u8 tmp[bsize]; + u8 tmp[MAX_CIPHER_BLOCKSIZE]; do { crypto_cfb_encrypt_one(tfm, iv, tmp); diff --git a/crypto/cipher.c b/crypto/cipher.c index 94fa3551476b..57836c30a49a 100644 --- a/crypto/cipher.c +++ b/crypto/cipher.c @@ -13,6 +13,7 @@ * */ +#include <crypto/algapi.h> #include <linux/kernel.h> #include <linux/crypto.h> #include <linux/errno.h> @@ -67,7 +68,7 @@ static void cipher_crypt_unaligned(void (*fn)(struct crypto_tfm *, u8 *, { unsigned long alignmask = crypto_tfm_alg_alignmask(tfm); unsigned int size = crypto_tfm_alg_blocksize(tfm); - u8 buffer[size + alignmask]; + u8 buffer[MAX_CIPHER_BLOCKSIZE + MAX_CIPHER_ALIGNMASK]; u8 *tmp = (u8 *)ALIGN((unsigned long)buffer, alignmask + 1); memcpy(tmp, src, size); diff --git a/crypto/crc32_generic.c b/crypto/crc32_generic.c index 718cbce8d169..00facd27bcc2 100644 --- a/crypto/crc32_generic.c +++ b/crypto/crc32_generic.c @@ -29,6 +29,7 @@ * This is crypto api shash wrappers to crc32_le. */ +#include <asm/unaligned.h> #include <linux/crc32.h> #include <crypto/internal/hash.h> #include <linux/init.h> @@ -39,11 +40,6 @@ #define CHKSUM_BLOCK_SIZE 1 #define CHKSUM_DIGEST_SIZE 4 -static u32 __crc32_le(u32 crc, unsigned char const *p, size_t len) -{ - return crc32_le(crc, p, len); -} - /** No default init with ~0 */ static int crc32_cra_init(struct crypto_tfm *tfm) { @@ -54,7 +50,6 @@ static int crc32_cra_init(struct crypto_tfm *tfm) return 0; } - /* * Setting the seed allows arbitrary accumulators and flexible XOR policy * If your algorithm starts with ~0, then XOR with ~0 before you set @@ -69,7 +64,7 @@ static int crc32_setkey(struct crypto_shash *hash, const u8 *key, crypto_shash_set_flags(hash, CRYPTO_TFM_RES_BAD_KEY_LEN); return -EINVAL; } - *mctx = le32_to_cpup((__le32 *)key); + *mctx = get_unaligned_le32(key); return 0; } @@ -88,7 +83,7 @@ static int crc32_update(struct shash_desc *desc, const u8 *data, { u32 *crcp = shash_desc_ctx(desc); - *crcp = __crc32_le(*crcp, data, len); + *crcp = crc32_le(*crcp, data, len); return 0; } @@ -96,7 +91,7 @@ static int crc32_update(struct shash_desc *desc, const u8 *data, static int __crc32_finup(u32 *crcp, const u8 *data, unsigned int len, u8 *out) { - *(__le32 *)out = cpu_to_le32(__crc32_le(*crcp, data, len)); + put_unaligned_le32(crc32_le(*crcp, data, len), out); return 0; } @@ -110,7 +105,7 @@ static int crc32_final(struct shash_desc *desc, u8 *out) { u32 *crcp = shash_desc_ctx(desc); - *(__le32 *)out = cpu_to_le32p(crcp); + put_unaligned_le32(*crcp, out); return 0; } diff --git a/crypto/crc32c_generic.c b/crypto/crc32c_generic.c index 372320399622..7283066ecc98 100644 --- a/crypto/crc32c_generic.c +++ b/crypto/crc32c_generic.c @@ -35,6 +35,7 @@ * */ +#include <asm/unaligned.h> #include <crypto/internal/hash.h> #include <linux/init.h> #include <linux/module.h> @@ -82,7 +83,7 @@ static int chksum_setkey(struct crypto_shash *tfm, const u8 *key, crypto_shash_set_flags(tfm, CRYPTO_TFM_RES_BAD_KEY_LEN); return -EINVAL; } - mctx->key = le32_to_cpu(*(__le32 *)key); + mctx->key = get_unaligned_le32(key); return 0; } @@ -99,13 +100,13 @@ static int chksum_final(struct shash_desc *desc, u8 *out) { struct chksum_desc_ctx *ctx = shash_desc_ctx(desc); - *(__le32 *)out = ~cpu_to_le32p(&ctx->crc); + put_unaligned_le32(~ctx->crc, out); return 0; } static int __chksum_finup(u32 *crcp, const u8 *data, unsigned int len, u8 *out) { - *(__le32 *)out = ~cpu_to_le32(__crc32c_le(*crcp, data, len)); + put_unaligned_le32(~__crc32c_le(*crcp, data, len), out); return 0; } @@ -148,7 +149,6 @@ static struct shash_alg alg = { .cra_priority = 100, .cra_flags = CRYPTO_ALG_OPTIONAL_KEY, .cra_blocksize = CHKSUM_BLOCK_SIZE, - .cra_alignmask = 3, .cra_ctxsize = sizeof(struct chksum_ctx), .cra_module = THIS_MODULE, .cra_init = crc32c_cra_init, diff --git a/crypto/ctr.c b/crypto/ctr.c index 854d924f9d8e..435b75bd619e 100644 --- a/crypto/ctr.c +++ b/crypto/ctr.c @@ -58,7 +58,7 @@ static void crypto_ctr_crypt_final(struct blkcipher_walk *walk, unsigned int bsize = crypto_cipher_blocksize(tfm); unsigned long alignmask = crypto_cipher_alignmask(tfm); u8 *ctrblk = walk->iv; - u8 tmp[bsize + alignmask]; + u8 tmp[MAX_CIPHER_BLOCKSIZE + MAX_CIPHER_ALIGNMASK]; u8 *keystream = PTR_ALIGN(tmp + 0, alignmask + 1); u8 *src = walk->src.virt.addr; u8 *dst = walk->dst.virt.addr; @@ -106,7 +106,7 @@ static int crypto_ctr_crypt_inplace(struct blkcipher_walk *walk, unsigned int nbytes = walk->nbytes; u8 *ctrblk = walk->iv; u8 *src = walk->src.virt.addr; - u8 tmp[bsize + alignmask]; + u8 tmp[MAX_CIPHER_BLOCKSIZE + MAX_CIPHER_ALIGNMASK]; u8 *keystream = PTR_ALIGN(tmp + 0, alignmask + 1); do { diff --git a/crypto/cts.c b/crypto/cts.c index 4773c188e6d9..4e28d83ae37d 100644 --- a/crypto/cts.c +++ b/crypto/cts.c @@ -40,6 +40,7 @@ * rfc3962 includes errata information in its Appendix A. */ +#include <crypto/algapi.h> #include <crypto/internal/skcipher.h> #include <linux/err.h> #include <linux/init.h> @@ -104,7 +105,7 @@ static int cts_cbc_encrypt(struct skcipher_request *req) struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req); struct skcipher_request *subreq = &rctx->subreq; int bsize = crypto_skcipher_blocksize(tfm); - u8 d[bsize * 2] __aligned(__alignof__(u32)); + u8 d[MAX_CIPHER_BLOCKSIZE * 2] __aligned(__alignof__(u32)); struct scatterlist *sg; unsigned int offset; int lastn; @@ -183,7 +184,7 @@ static int cts_cbc_decrypt(struct skcipher_request *req) struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req); struct skcipher_request *subreq = &rctx->subreq; int bsize = crypto_skcipher_blocksize(tfm); - u8 d[bsize * 2] __aligned(__alignof__(u32)); + u8 d[MAX_CIPHER_BLOCKSIZE * 2] __aligned(__alignof__(u32)); struct scatterlist *sg; unsigned int offset; u8 *space; diff --git a/crypto/ecc.c b/crypto/ecc.c index 9c066b5ac12d..815541309a95 100644 --- a/crypto/ecc.c +++ b/crypto/ecc.c @@ -515,7 +515,7 @@ static void vli_mmod_fast_256(u64 *result, const u64 *product, static bool vli_mmod_fast(u64 *result, u64 *product, const u64 *curve_prime, unsigned int ndigits) { - u64 tmp[2 * ndigits]; + u64 tmp[2 * ECC_MAX_DIGITS]; switch (ndigits) { case 3: @@ -536,7 +536,7 @@ static bool vli_mmod_fast(u64 *result, u64 *product, static void vli_mod_mult_fast(u64 *result, const u64 *left, const u64 *right, const u64 *curve_prime, unsigned int ndigits) { - u64 product[2 * ndigits]; + u64 product[2 * ECC_MAX_DIGITS]; vli_mult(product, left, right, ndigits); vli_mmod_fast(result, product, curve_prime, ndigits); @@ -546,7 +546,7 @@ static void vli_mod_mult_fast(u64 *result, const u64 *left, const u64 *right, static void vli_mod_square_fast(u64 *result, const u64 *left, const u64 *curve_prime, unsigned int ndigits) { - u64 product[2 * ndigits]; + u64 product[2 * ECC_MAX_DIGITS]; vli_square(product, left, ndigits); vli_mmod_fast(result, product, curve_prime, ndigits); @@ -560,8 +560,8 @@ static void vli_mod_square_fast(u64 *result, const u64 *left, static void vli_mod_inv(u64 *result, const u64 *input, const u64 *mod, unsigned int ndigits) { - u64 a[ndigits], b[ndigits]; - u64 u[ndigits], v[ndigits]; + u64 a[ECC_MAX_DIGITS], b[ECC_MAX_DIGITS]; + u64 u[ECC_MAX_DIGITS], v[ECC_MAX_DIGITS]; u64 carry; int cmp_result; @@ -649,8 +649,8 @@ static void ecc_point_double_jacobian(u64 *x1, u64 *y1, u64 *z1, u64 *curve_prime, unsigned int ndigits) { /* t1 = x, t2 = y, t3 = z */ - u64 t4[ndigits]; - u64 t5[ndigits]; + u64 t4[ECC_MAX_DIGITS]; + u64 t5[ECC_MAX_DIGITS]; if (vli_is_zero(z1, ndigits)) return; @@ -711,7 +711,7 @@ static void ecc_point_double_jacobian(u64 *x1, u64 *y1, u64 *z1, static void apply_z(u64 *x1, u64 *y1, u64 *z, u64 *curve_prime, unsigned int ndigits) { - u64 t1[ndigits]; + u64 t1[ECC_MAX_DIGITS]; vli_mod_square_fast(t1, z, curve_prime, ndigits); /* z^2 */ vli_mod_mult_fast(x1, x1, t1, curve_prime, ndigits); /* x1 * z^2 */ @@ -724,7 +724,7 @@ static void xycz_initial_double(u64 *x1, u64 *y1, u64 *x2, u64 *y2, u64 *p_initial_z, u64 *curve_prime, unsigned int ndigits) { - u64 z[ndigits]; + u64 z[ECC_MAX_DIGITS]; vli_set(x2, x1, ndigits); vli_set(y2, y1, ndigits); @@ -750,7 +750,7 @@ static void xycz_add(u64 *x1, u64 *y1, u64 *x2, u64 *y2, u64 *curve_prime, unsigned int ndigits) { /* t1 = X1, t2 = Y1, t3 = X2, t4 = Y2 */ - u64 t5[ndigits]; + u64 t5[ECC_MAX_DIGITS]; /* t5 = x2 - x1 */ vli_mod_sub(t5, x2, x1, curve_prime, ndigits); @@ -791,9 +791,9 @@ static void xycz_add_c(u64 *x1, u64 *y1, u64 *x2, u64 *y2, u64 *curve_prime, unsigned int ndigits) { /* t1 = X1, t2 = Y1, t3 = X2, t4 = Y2 */ - u64 t5[ndigits]; - u64 t6[ndigits]; - u64 t7[ndigits]; + u64 t5[ECC_MAX_DIGITS]; + u64 t6[ECC_MAX_DIGITS]; + u64 t7[ECC_MAX_DIGITS]; /* t5 = x2 - x1 */ vli_mod_sub(t5, x2, x1, curve_prime, ndigits); @@ -846,9 +846,9 @@ static void ecc_point_mult(struct ecc_point *result, unsigned int ndigits) { /* R0 and R1 */ - u64 rx[2][ndigits]; - u64 ry[2][ndigits]; - u64 z[ndigits]; + u64 rx[2][ECC_MAX_DIGITS]; + u64 ry[2][ECC_MAX_DIGITS]; + u64 z[ECC_MAX_DIGITS]; int i, nb; int num_bits = vli_num_bits(scalar, ndigits); @@ -943,13 +943,13 @@ int ecc_is_key_valid(unsigned int curve_id, unsigned int ndigits, int ecc_gen_privkey(unsigned int curve_id, unsigned int ndigits, u64 *privkey) { const struct ecc_curve *curve = ecc_get_curve(curve_id); - u64 priv[ndigits]; + u64 priv[ECC_MAX_DIGITS]; unsigned int nbytes = ndigits << ECC_DIGITS_TO_BYTES_SHIFT; unsigned int nbits = vli_num_bits(curve->n, ndigits); int err; /* Check that N is included in Table 1 of FIPS 186-4, section 6.1.1 */ - if (nbits < 160) + if (nbits < 160 || ndigits > ARRAY_SIZE(priv)) return -EINVAL; /* @@ -988,10 +988,10 @@ int ecc_make_pub_key(unsigned int curve_id, unsigned int ndigits, { int ret = 0; struct ecc_point *pk; - u64 priv[ndigits]; + u64 priv[ECC_MAX_DIGITS]; const struct ecc_curve *curve = ecc_get_curve(curve_id); - if (!private_key || !curve) { + if (!private_key || !curve || ndigits > ARRAY_SIZE(priv)) { ret = -EINVAL; goto out; } @@ -1025,30 +1025,25 @@ int crypto_ecdh_shared_secret(unsigned int curve_id, unsigned int ndigits, { int ret = 0; struct ecc_point *product, *pk; - u64 *priv, *rand_z; + u64 priv[ECC_MAX_DIGITS]; + u64 rand_z[ECC_MAX_DIGITS]; + unsigned int nbytes; const struct ecc_curve *curve = ecc_get_curve(curve_id); - if (!private_key || !public_key || !curve) { + if (!private_key || !public_key || !curve || + ndigits > ARRAY_SIZE(priv) || ndigits > ARRAY_SIZE(rand_z)) { ret = -EINVAL; goto out; } - priv = kmalloc_array(ndigits, sizeof(*priv), GFP_KERNEL); - if (!priv) { - ret = -ENOMEM; - goto out; - } + nbytes = ndigits << ECC_DIGITS_TO_BYTES_SHIFT; - rand_z = kmalloc_array(ndigits, sizeof(*rand_z), GFP_KERNEL); - if (!rand_z) { - ret = -ENOMEM; - goto kfree_out; - } + get_random_bytes(rand_z, nbytes); pk = ecc_alloc_point(ndigits); if (!pk) { ret = -ENOMEM; - goto kfree_out; + goto out; } product = ecc_alloc_point(ndigits); @@ -1057,8 +1052,6 @@ int crypto_ecdh_shared_secret(unsigned int curve_id, unsigned int ndigits, goto err_alloc_product; } - get_random_bytes(rand_z, ndigits << ECC_DIGITS_TO_BYTES_SHIFT); - ecc_swap_digits(public_key, pk->x, ndigits); ecc_swap_digits(&public_key[ndigits], pk->y, ndigits); ecc_swap_digits(private_key, priv, ndigits); @@ -1073,9 +1066,6 @@ int crypto_ecdh_shared_secret(unsigned int curve_id, unsigned int ndigits, ecc_free_point(product); err_alloc_product: ecc_free_point(pk); -kfree_out: - kzfree(priv); - kzfree(rand_z); out: return ret; } diff --git a/crypto/ecc.h b/crypto/ecc.h index e4fd4492c765..f75a86baa3bd 100644 --- a/crypto/ecc.h +++ b/crypto/ecc.h @@ -26,7 +26,9 @@ #ifndef _CRYPTO_ECC_H #define _CRYPTO_ECC_H -#define ECC_MAX_DIGITS 4 /* 256 */ +#define ECC_CURVE_NIST_P192_DIGITS 3 +#define ECC_CURVE_NIST_P256_DIGITS 4 +#define ECC_MAX_DIGITS ECC_CURVE_NIST_P256_DIGITS #define ECC_DIGITS_TO_BYTES_SHIFT 3 diff --git a/crypto/ecdh.c b/crypto/ecdh.c index d2ec33f0e098..bf6300175b9c 100644 --- a/crypto/ecdh.c +++ b/crypto/ecdh.c @@ -30,8 +30,8 @@ static inline struct ecdh_ctx *ecdh_get_ctx(struct crypto_kpp *tfm) static unsigned int ecdh_supported_curve(unsigned int curve_id) { switch (curve_id) { - case ECC_CURVE_NIST_P192: return 3; - case ECC_CURVE_NIST_P256: return 4; + case ECC_CURVE_NIST_P192: return ECC_CURVE_NIST_P192_DIGITS; + case ECC_CURVE_NIST_P256: return ECC_CURVE_NIST_P256_DIGITS; default: return 0; } } diff --git a/crypto/morus1280.c b/crypto/morus1280.c new file mode 100644 index 000000000000..6180b2557836 --- /dev/null +++ b/crypto/morus1280.c @@ -0,0 +1,549 @@ +/* + * The MORUS-1280 Authenticated-Encryption Algorithm + * + * Copyright (c) 2016-2018 Ondrej Mosnacek <omosnacek@gmail.com> + * Copyright (C) 2017-2018 Red Hat, Inc. All rights reserved. + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the Free + * Software Foundation; either version 2 of the License, or (at your option) + * any later version. + */ + +#include <asm/unaligned.h> +#include <crypto/algapi.h> +#include <crypto/internal/aead.h> +#include <crypto/internal/skcipher.h> +#include <crypto/morus_common.h> +#include <crypto/scatterwalk.h> +#include <linux/err.h> +#include <linux/init.h> +#include <linux/kernel.h> +#include <linux/module.h> +#include <linux/scatterlist.h> + +#define MORUS1280_WORD_SIZE 8 +#define MORUS1280_BLOCK_SIZE (MORUS_BLOCK_WORDS * MORUS1280_WORD_SIZE) +#define MORUS1280_BLOCK_ALIGN (__alignof__(__le64)) +#define MORUS1280_ALIGNED(p) IS_ALIGNED((uintptr_t)p, MORUS1280_BLOCK_ALIGN) + +struct morus1280_block { + u64 words[MORUS_BLOCK_WORDS]; +}; + +union morus1280_block_in { + __le64 words[MORUS_BLOCK_WORDS]; + u8 bytes[MORUS1280_BLOCK_SIZE]; +}; + +struct morus1280_state { + struct morus1280_block s[MORUS_STATE_BLOCKS]; +}; + +struct morus1280_ctx { + struct morus1280_block key; +}; + +struct morus1280_ops { + int (*skcipher_walk_init)(struct skcipher_walk *walk, + struct aead_request *req, bool atomic); + + void (*crypt_chunk)(struct morus1280_state *state, + u8 *dst, const u8 *src, unsigned int size); +}; + +static const struct morus1280_block crypto_morus1280_const[1] = { + { .words = { + U64_C(0x0d08050302010100), + U64_C(0x6279e99059372215), + U64_C(0xf12fc26d55183ddb), + U64_C(0xdd28b57342311120), + } }, +}; + +static void crypto_morus1280_round(struct morus1280_block *b0, + struct morus1280_block *b1, + struct morus1280_block *b2, + struct morus1280_block *b3, + struct morus1280_block *b4, + const struct morus1280_block *m, + unsigned int b, unsigned int w) +{ + unsigned int i; + struct morus1280_block tmp; + + for (i = 0; i < MORUS_BLOCK_WORDS; i++) { + b0->words[i] ^= b1->words[i] & b2->words[i]; + b0->words[i] ^= b3->words[i]; + b0->words[i] ^= m->words[i]; + b0->words[i] = rol64(b0->words[i], b); + } + + tmp = *b3; + for (i = 0; i < MORUS_BLOCK_WORDS; i++) + b3->words[(i + w) % MORUS_BLOCK_WORDS] = tmp.words[i]; +} + +static void crypto_morus1280_update(struct morus1280_state *state, + const struct morus1280_block *m) +{ + static const struct morus1280_block z = {}; + + struct morus1280_block *s = state->s; + + crypto_morus1280_round(&s[0], &s[1], &s[2], &s[3], &s[4], &z, 13, 1); + crypto_morus1280_round(&s[1], &s[2], &s[3], &s[4], &s[0], m, 46, 2); + crypto_morus1280_round(&s[2], &s[3], &s[4], &s[0], &s[1], m, 38, 3); + crypto_morus1280_round(&s[3], &s[4], &s[0], &s[1], &s[2], m, 7, 2); + crypto_morus1280_round(&s[4], &s[0], &s[1], &s[2], &s[3], m, 4, 1); +} + +static void crypto_morus1280_load_a(struct morus1280_block *dst, const u8 *src) +{ + unsigned int i; + for (i = 0; i < MORUS_BLOCK_WORDS; i++) { + dst->words[i] = le64_to_cpu(*(const __le64 *)src); + src += MORUS1280_WORD_SIZE; + } +} + +static void crypto_morus1280_load_u(struct morus1280_block *dst, const u8 *src) +{ + unsigned int i; + for (i = 0; i < MORUS_BLOCK_WORDS; i++) { + dst->words[i] = get_unaligned_le64(src); + src += MORUS1280_WORD_SIZE; + } +} + +static void crypto_morus1280_load(struct morus1280_block *dst, const u8 *src) +{ + if (MORUS1280_ALIGNED(src)) + crypto_morus1280_load_a(dst, src); + else + crypto_morus1280_load_u(dst, src); +} + +static void crypto_morus1280_store_a(u8 *dst, const struct morus1280_block *src) +{ + unsigned int i; + for (i = 0; i < MORUS_BLOCK_WORDS; i++) { + *(__le64 *)dst = cpu_to_le64(src->words[i]); + dst += MORUS1280_WORD_SIZE; + } +} + +static void crypto_morus1280_store_u(u8 *dst, const struct morus1280_block *src) +{ + unsigned int i; + for (i = 0; i < MORUS_BLOCK_WORDS; i++) { + put_unaligned_le64(src->words[i], dst); + dst += MORUS1280_WORD_SIZE; + } +} + +static void crypto_morus1280_store(u8 *dst, const struct morus1280_block *src) +{ + if (MORUS1280_ALIGNED(dst)) + crypto_morus1280_store_a(dst, src); + else + crypto_morus1280_store_u(dst, src); +} + +static void crypto_morus1280_ad(struct morus1280_state *state, const u8 *src, + unsigned int size) +{ + struct morus1280_block m; + + if (MORUS1280_ALIGNED(src)) { + while (size >= MORUS1280_BLOCK_SIZE) { + crypto_morus1280_load_a(&m, src); + crypto_morus1280_update(state, &m); + + size -= MORUS1280_BLOCK_SIZE; + src += MORUS1280_BLOCK_SIZE; + } + } else { + while (size >= MORUS1280_BLOCK_SIZE) { + crypto_morus1280_load_u(&m, src); + crypto_morus1280_update(state, &m); + + size -= MORUS1280_BLOCK_SIZE; + src += MORUS1280_BLOCK_SIZE; + } + } +} + +static void crypto_morus1280_core(const struct morus1280_state *state, + struct morus1280_block *blk) +{ + unsigned int i; + + for (i = 0; i < MORUS_BLOCK_WORDS; i++) + blk->words[(i + 3) % MORUS_BLOCK_WORDS] ^= state->s[1].words[i]; + + for (i = 0; i < MORUS_BLOCK_WORDS; i++) { + blk->words[i] ^= state->s[0].words[i]; + blk->words[i] ^= state->s[2].words[i] & state->s[3].words[i]; + } +} + +static void crypto_morus1280_encrypt_chunk(struct morus1280_state *state, + u8 *dst, const u8 *src, + unsigned int size) +{ + struct morus1280_block c, m; + + if (MORUS1280_ALIGNED(src) && MORUS1280_ALIGNED(dst)) { + while (size >= MORUS1280_BLOCK_SIZE) { + crypto_morus1280_load_a(&m, src); + c = m; + crypto_morus1280_core(state, &c); + crypto_morus1280_store_a(dst, &c); + crypto_morus1280_update(state, &m); + + src += MORUS1280_BLOCK_SIZE; + dst += MORUS1280_BLOCK_SIZE; + size -= MORUS1280_BLOCK_SIZE; + } + } else { + while (size >= MORUS1280_BLOCK_SIZE) { + crypto_morus1280_load_u(&m, src); + c = m; + crypto_morus1280_core(state, &c); + crypto_morus1280_store_u(dst, &c); + crypto_morus1280_update(state, &m); + + src += MORUS1280_BLOCK_SIZE; + dst += MORUS1280_BLOCK_SIZE; + size -= MORUS1280_BLOCK_SIZE; + } + } + + if (size > 0) { + union morus1280_block_in tail; + + memcpy(tail.bytes, src, size); + memset(tail.bytes + size, 0, MORUS1280_BLOCK_SIZE - size); + + crypto_morus1280_load_a(&m, tail.bytes); + c = m; + crypto_morus1280_core(state, &c); + crypto_morus1280_store_a(tail.bytes, &c); + crypto_morus1280_update(state, &m); + + memcpy(dst, tail.bytes, size); + } +} + +static void crypto_morus1280_decrypt_chunk(struct morus1280_state *state, + u8 *dst, const u8 *src, + unsigned int size) +{ + struct morus1280_block m; + + if (MORUS1280_ALIGNED(src) && MORUS1280_ALIGNED(dst)) { + while (size >= MORUS1280_BLOCK_SIZE) { + crypto_morus1280_load_a(&m, src); + crypto_morus1280_core(state, &m); + crypto_morus1280_store_a(dst, &m); + crypto_morus1280_update(state, &m); + + src += MORUS1280_BLOCK_SIZE; + dst += MORUS1280_BLOCK_SIZE; + size -= MORUS1280_BLOCK_SIZE; + } + } else { + while (size >= MORUS1280_BLOCK_SIZE) { + crypto_morus1280_load_u(&m, src); + crypto_morus1280_core(state, &m); + crypto_morus1280_store_u(dst, &m); + crypto_morus1280_update(state, &m); + + src += MORUS1280_BLOCK_SIZE; + dst += MORUS1280_BLOCK_SIZE; + size -= MORUS1280_BLOCK_SIZE; + } + } + + if (size > 0) { + union morus1280_block_in tail; + + memcpy(tail.bytes, src, size); + memset(tail.bytes + size, 0, MORUS1280_BLOCK_SIZE - size); + + crypto_morus1280_load_a(&m, tail.bytes); + crypto_morus1280_core(state, &m); + crypto_morus1280_store_a(tail.bytes, &m); + memset(tail.bytes + size, 0, MORUS1280_BLOCK_SIZE - size); + crypto_morus1280_load_a(&m, tail.bytes); + crypto_morus1280_update(state, &m); + + memcpy(dst, tail.bytes, size); + } +} + +static void crypto_morus1280_init(struct morus1280_state *state, + const struct morus1280_block *key, + const u8 *iv) +{ + static const struct morus1280_block z = {}; + + union morus1280_block_in tmp; + unsigned int i; + + memcpy(tmp.bytes, iv, MORUS_NONCE_SIZE); + memset(tmp.bytes + MORUS_NONCE_SIZE, 0, + MORUS1280_BLOCK_SIZE - MORUS_NONCE_SIZE); + + crypto_morus1280_load(&state->s[0], tmp.bytes); + state->s[1] = *key; + for (i = 0; i < MORUS_BLOCK_WORDS; i++) + state->s[2].words[i] = U64_C(0xFFFFFFFFFFFFFFFF); + state->s[3] = z; + state->s[4] = crypto_morus1280_const[0]; + + for (i = 0; i < 16; i++) + crypto_morus1280_update(state, &z); + + for (i = 0; i < MORUS_BLOCK_WORDS; i++) + state->s[1].words[i] ^= key->words[i]; +} + +static void crypto_morus1280_process_ad(struct morus1280_state *state, + struct scatterlist *sg_src, + unsigned int assoclen) +{ + struct scatter_walk walk; + struct morus1280_block m; + union morus1280_block_in buf; + unsigned int pos = 0; + + scatterwalk_start(&walk, sg_src); + while (assoclen != 0) { + unsigned int size = scatterwalk_clamp(&walk, assoclen); + unsigned int left = size; + void *mapped = scatterwalk_map(&walk); + const u8 *src = (const u8 *)mapped; + + if (pos + size >= MORUS1280_BLOCK_SIZE) { + if (pos > 0) { + unsigned int fill = MORUS1280_BLOCK_SIZE - pos; + memcpy(buf.bytes + pos, src, fill); + + crypto_morus1280_load_a(&m, buf.bytes); + crypto_morus1280_update(state, &m); + + pos = 0; + left -= fill; + src += fill; + } + + crypto_morus1280_ad(state, src, left); + src += left & ~(MORUS1280_BLOCK_SIZE - 1); + left &= MORUS1280_BLOCK_SIZE - 1; + } + + memcpy(buf.bytes + pos, src, left); + + pos += left; + assoclen -= size; + scatterwalk_unmap(mapped); + scatterwalk_advance(&walk, size); + scatterwalk_done(&walk, 0, assoclen); + } + + if (pos > 0) { + memset(buf.bytes + pos, 0, MORUS1280_BLOCK_SIZE - pos); + + crypto_morus1280_load_a(&m, buf.bytes); + crypto_morus1280_update(state, &m); + } +} + +static void crypto_morus1280_process_crypt(struct morus1280_state *state, + struct aead_request *req, + const struct morus1280_ops *ops) +{ + struct skcipher_walk walk; + u8 *dst; + const u8 *src; + + ops->skcipher_walk_init(&walk, req, false); + + while (walk.nbytes) { + src = walk.src.virt.addr; + dst = walk.dst.virt.addr; + + ops->crypt_chunk(state, dst, src, walk.nbytes); + + skcipher_walk_done(&walk, 0); + } +} + +static void crypto_morus1280_final(struct morus1280_state *state, + struct morus1280_block *tag_xor, + u64 assoclen, u64 cryptlen) +{ + u64 assocbits = assoclen * 8; + u64 cryptbits = cryptlen * 8; + + struct morus1280_block tmp; + unsigned int i; + + tmp.words[0] = cpu_to_le64(assocbits); + tmp.words[1] = cpu_to_le64(cryptbits); + tmp.words[2] = 0; + tmp.words[3] = 0; + + for (i = 0; i < MORUS_BLOCK_WORDS; i++) + state->s[4].words[i] ^= state->s[0].words[i]; + + for (i = 0; i < 10; i++) + crypto_morus1280_update(state, &tmp); + + crypto_morus1280_core(state, tag_xor); +} + +static int crypto_morus1280_setkey(struct crypto_aead *aead, const u8 *key, + unsigned int keylen) +{ + struct morus1280_ctx *ctx = crypto_aead_ctx(aead); + union morus1280_block_in tmp; + + if (keylen == MORUS1280_BLOCK_SIZE) + crypto_morus1280_load(&ctx->key, key); + else if (keylen == MORUS1280_BLOCK_SIZE / 2) { + memcpy(tmp.bytes, key, keylen); + memcpy(tmp.bytes + keylen, key, keylen); + + crypto_morus1280_load(&ctx->key, tmp.bytes); + } else { + crypto_aead_set_flags(aead, CRYPTO_TFM_RES_BAD_KEY_LEN); + return -EINVAL; + } + + return 0; +} + +static int crypto_morus1280_setauthsize(struct crypto_aead *tfm, + unsigned int authsize) +{ + return (authsize <= MORUS_MAX_AUTH_SIZE) ? 0 : -EINVAL; +} + +static void crypto_morus1280_crypt(struct aead_request *req, + struct morus1280_block *tag_xor, + unsigned int cryptlen, + const struct morus1280_ops *ops) +{ + struct crypto_aead *tfm = crypto_aead_reqtfm(req); + struct morus1280_ctx *ctx = crypto_aead_ctx(tfm); + struct morus1280_state state; + + crypto_morus1280_init(&state, &ctx->key, req->iv); + crypto_morus1280_process_ad(&state, req->src, req->assoclen); + crypto_morus1280_process_crypt(&state, req, ops); + crypto_morus1280_final(&state, tag_xor, req->assoclen, cryptlen); +} + +static int crypto_morus1280_encrypt(struct aead_request *req) +{ + static const struct morus1280_ops ops = { + .skcipher_walk_init = skcipher_walk_aead_encrypt, + .crypt_chunk = crypto_morus1280_encrypt_chunk, + }; + + struct crypto_aead *tfm = crypto_aead_reqtfm(req); + struct morus1280_block tag = {}; + union morus1280_block_in tag_out; + unsigned int authsize = crypto_aead_authsize(tfm); + unsigned int cryptlen = req->cryptlen; + + crypto_morus1280_crypt(req, &tag, cryptlen, &ops); + crypto_morus1280_store(tag_out.bytes, &tag); + + scatterwalk_map_and_copy(tag_out.bytes, req->dst, + req->assoclen + cryptlen, authsize, 1); + return 0; +} + +static int crypto_morus1280_decrypt(struct aead_request *req) +{ + static const struct morus1280_ops ops = { + .skcipher_walk_init = skcipher_walk_aead_decrypt, + .crypt_chunk = crypto_morus1280_decrypt_chunk, + }; + static const u8 zeros[MORUS1280_BLOCK_SIZE] = {}; + + struct crypto_aead *tfm = crypto_aead_reqtfm(req); + union morus1280_block_in tag_in; + struct morus1280_block tag; + unsigned int authsize = crypto_aead_authsize(tfm); + unsigned int cryptlen = req->cryptlen - authsize; + + scatterwalk_map_and_copy(tag_in.bytes, req->src, + req->assoclen + cryptlen, authsize, 0); + + crypto_morus1280_load(&tag, tag_in.bytes); + crypto_morus1280_crypt(req, &tag, cryptlen, &ops); + crypto_morus1280_store(tag_in.bytes, &tag); + + return crypto_memneq(tag_in.bytes, zeros, authsize) ? -EBADMSG : 0; +} + +static int crypto_morus1280_init_tfm(struct crypto_aead *tfm) +{ + return 0; +} + +static void crypto_morus1280_exit_tfm(struct crypto_aead *tfm) +{ +} + +static struct aead_alg crypto_morus1280_alg = { + .setkey = crypto_morus1280_setkey, + .setauthsize = crypto_morus1280_setauthsize, + .encrypt = crypto_morus1280_encrypt, + .decrypt = crypto_morus1280_decrypt, + .init = crypto_morus1280_init_tfm, + .exit = crypto_morus1280_exit_tfm, + + .ivsize = MORUS_NONCE_SIZE, + .maxauthsize = MORUS_MAX_AUTH_SIZE, + .chunksize = MORUS1280_BLOCK_SIZE, + + .base = { + .cra_flags = CRYPTO_ALG_TYPE_AEAD, + .cra_blocksize = 1, + .cra_ctxsize = sizeof(struct morus1280_ctx), + .cra_alignmask = 0, + + .cra_priority = 100, + + .cra_name = "morus1280", + .cra_driver_name = "morus1280-generic", + + .cra_module = THIS_MODULE, + } +}; + + +static int __init crypto_morus1280_module_init(void) +{ + return crypto_register_aead(&crypto_morus1280_alg); +} + +static void __exit crypto_morus1280_module_exit(void) +{ + crypto_unregister_aead(&crypto_morus1280_alg); +} + +module_init(crypto_morus1280_module_init); +module_exit(crypto_morus1280_module_exit); + +MODULE_LICENSE("GPL"); +MODULE_AUTHOR("Ondrej Mosnacek <omosnacek@gmail.com>"); +MODULE_DESCRIPTION("MORUS-1280 AEAD algorithm"); +MODULE_ALIAS_CRYPTO("morus1280"); +MODULE_ALIAS_CRYPTO("morus1280-generic"); diff --git a/crypto/morus640.c b/crypto/morus640.c new file mode 100644 index 000000000000..9fbcde307daf --- /dev/null +++ b/crypto/morus640.c @@ -0,0 +1,544 @@ +/* + * The MORUS-640 Authenticated-Encryption Algorithm + * + * Copyright (c) 2016-2018 Ondrej Mosnacek <omosnacek@gmail.com> + * Copyright (C) 2017-2018 Red Hat, Inc. All rights reserved. + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the Free + * Software Foundation; either version 2 of the License, or (at your option) + * any later version. + */ + +#include <asm/unaligned.h> +#include <crypto/algapi.h> +#include <crypto/internal/aead.h> +#include <crypto/internal/skcipher.h> +#include <crypto/morus_common.h> +#include <crypto/scatterwalk.h> +#include <linux/err.h> +#include <linux/init.h> +#include <linux/kernel.h> +#include <linux/module.h> +#include <linux/scatterlist.h> + +#define MORUS640_WORD_SIZE 4 +#define MORUS640_BLOCK_SIZE (MORUS_BLOCK_WORDS * MORUS640_WORD_SIZE) +#define MORUS640_BLOCK_ALIGN (__alignof__(__le32)) +#define MORUS640_ALIGNED(p) IS_ALIGNED((uintptr_t)p, MORUS640_BLOCK_ALIGN) + +struct morus640_block { + u32 words[MORUS_BLOCK_WORDS]; +}; + +union morus640_block_in { + __le32 words[MORUS_BLOCK_WORDS]; + u8 bytes[MORUS640_BLOCK_SIZE]; +}; + +struct morus640_state { + struct morus640_block s[MORUS_STATE_BLOCKS]; +}; + +struct morus640_ctx { + struct morus640_block key; +}; + +struct morus640_ops { + int (*skcipher_walk_init)(struct skcipher_walk *walk, + struct aead_request *req, bool atomic); + + void (*crypt_chunk)(struct morus640_state *state, + u8 *dst, const u8 *src, unsigned int size); +}; + +static const struct morus640_block crypto_morus640_const[2] = { + { .words = { + U32_C(0x02010100), + U32_C(0x0d080503), + U32_C(0x59372215), + U32_C(0x6279e990), + } }, + { .words = { + U32_C(0x55183ddb), + U32_C(0xf12fc26d), + U32_C(0x42311120), + U32_C(0xdd28b573), + } }, +}; + +static void crypto_morus640_round(struct morus640_block *b0, + struct morus640_block *b1, + struct morus640_block *b2, + struct morus640_block *b3, + struct morus640_block *b4, + const struct morus640_block *m, + unsigned int b, unsigned int w) +{ + unsigned int i; + struct morus640_block tmp; + + for (i = 0; i < MORUS_BLOCK_WORDS; i++) { + b0->words[i] ^= b1->words[i] & b2->words[i]; + b0->words[i] ^= b3->words[i]; + b0->words[i] ^= m->words[i]; + b0->words[i] = rol32(b0->words[i], b); + } + + tmp = *b3; + for (i = 0; i < MORUS_BLOCK_WORDS; i++) + b3->words[(i + w) % MORUS_BLOCK_WORDS] = tmp.words[i]; +} + +static void crypto_morus640_update(struct morus640_state *state, + const struct morus640_block *m) +{ + static const struct morus640_block z = {}; + + struct morus640_block *s = state->s; + + crypto_morus640_round(&s[0], &s[1], &s[2], &s[3], &s[4], &z, 5, 1); + crypto_morus640_round(&s[1], &s[2], &s[3], &s[4], &s[0], m, 31, 2); + crypto_morus640_round(&s[2], &s[3], &s[4], &s[0], &s[1], m, 7, 3); + crypto_morus640_round(&s[3], &s[4], &s[0], &s[1], &s[2], m, 22, 2); + crypto_morus640_round(&s[4], &s[0], &s[1], &s[2], &s[3], m, 13, 1); +} + +static void crypto_morus640_load_a(struct morus640_block *dst, const u8 *src) +{ + unsigned int i; + for (i = 0; i < MORUS_BLOCK_WORDS; i++) { + dst->words[i] = le32_to_cpu(*(const __le32 *)src); + src += MORUS640_WORD_SIZE; + } +} + +static void crypto_morus640_load_u(struct morus640_block *dst, const u8 *src) +{ + unsigned int i; + for (i = 0; i < MORUS_BLOCK_WORDS; i++) { + dst->words[i] = get_unaligned_le32(src); + src += MORUS640_WORD_SIZE; + } +} + +static void crypto_morus640_load(struct morus640_block *dst, const u8 *src) +{ + if (MORUS640_ALIGNED(src)) + crypto_morus640_load_a(dst, src); + else + crypto_morus640_load_u(dst, src); +} + +static void crypto_morus640_store_a(u8 *dst, const struct morus640_block *src) +{ + unsigned int i; + for (i = 0; i < MORUS_BLOCK_WORDS; i++) { + *(__le32 *)dst = cpu_to_le32(src->words[i]); + dst += MORUS640_WORD_SIZE; + } +} + +static void crypto_morus640_store_u(u8 *dst, const struct morus640_block *src) +{ + unsigned int i; + for (i = 0; i < MORUS_BLOCK_WORDS; i++) { + put_unaligned_le32(src->words[i], dst); + dst += MORUS640_WORD_SIZE; + } +} + +static void crypto_morus640_store(u8 *dst, const struct morus640_block *src) +{ + if (MORUS640_ALIGNED(dst)) + crypto_morus640_store_a(dst, src); + else + crypto_morus640_store_u(dst, src); +} + +static void crypto_morus640_ad(struct morus640_state *state, const u8 *src, + unsigned int size) +{ + struct morus640_block m; + + if (MORUS640_ALIGNED(src)) { + while (size >= MORUS640_BLOCK_SIZE) { + crypto_morus640_load_a(&m, src); + crypto_morus640_update(state, &m); + + size -= MORUS640_BLOCK_SIZE; + src += MORUS640_BLOCK_SIZE; + } + } else { + while (size >= MORUS640_BLOCK_SIZE) { + crypto_morus640_load_u(&m, src); + crypto_morus640_update(state, &m); + + size -= MORUS640_BLOCK_SIZE; + src += MORUS640_BLOCK_SIZE; + } + } +} + +static void crypto_morus640_core(const struct morus640_state *state, + struct morus640_block *blk) +{ + unsigned int i; + + for (i = 0; i < MORUS_BLOCK_WORDS; i++) + blk->words[(i + 3) % MORUS_BLOCK_WORDS] ^= state->s[1].words[i]; + + for (i = 0; i < MORUS_BLOCK_WORDS; i++) { + blk->words[i] ^= state->s[0].words[i]; + blk->words[i] ^= state->s[2].words[i] & state->s[3].words[i]; + } +} + +static void crypto_morus640_encrypt_chunk(struct morus640_state *state, u8 *dst, + const u8 *src, unsigned int size) +{ + struct morus640_block c, m; + + if (MORUS640_ALIGNED(src) && MORUS640_ALIGNED(dst)) { + while (size >= MORUS640_BLOCK_SIZE) { + crypto_morus640_load_a(&m, src); + c = m; + crypto_morus640_core(state, &c); + crypto_morus640_store_a(dst, &c); + crypto_morus640_update(state, &m); + + src += MORUS640_BLOCK_SIZE; + dst += MORUS640_BLOCK_SIZE; + size -= MORUS640_BLOCK_SIZE; + } + } else { + while (size >= MORUS640_BLOCK_SIZE) { + crypto_morus640_load_u(&m, src); + c = m; + crypto_morus640_core(state, &c); + crypto_morus640_store_u(dst, &c); + crypto_morus640_update(state, &m); + + src += MORUS640_BLOCK_SIZE; + dst += MORUS640_BLOCK_SIZE; + size -= MORUS640_BLOCK_SIZE; + } + } + + if (size > 0) { + union morus640_block_in tail; + + memcpy(tail.bytes, src, size); + memset(tail.bytes + size, 0, MORUS640_BLOCK_SIZE - size); + + crypto_morus640_load_a(&m, tail.bytes); + c = m; + crypto_morus640_core(state, &c); + crypto_morus640_store_a(tail.bytes, &c); + crypto_morus640_update(state, &m); + + memcpy(dst, tail.bytes, size); + } +} + +static void crypto_morus640_decrypt_chunk(struct morus640_state *state, u8 *dst, + const u8 *src, unsigned int size) +{ + struct morus640_block m; + + if (MORUS640_ALIGNED(src) && MORUS640_ALIGNED(dst)) { + while (size >= MORUS640_BLOCK_SIZE) { + crypto_morus640_load_a(&m, src); + crypto_morus640_core(state, &m); + crypto_morus640_store_a(dst, &m); + crypto_morus640_update(state, &m); + + src += MORUS640_BLOCK_SIZE; + dst += MORUS640_BLOCK_SIZE; + size -= MORUS640_BLOCK_SIZE; + } + } else { + while (size >= MORUS640_BLOCK_SIZE) { + crypto_morus640_load_u(&m, src); + crypto_morus640_core(state, &m); + crypto_morus640_store_u(dst, &m); + crypto_morus640_update(state, &m); + + src += MORUS640_BLOCK_SIZE; + dst += MORUS640_BLOCK_SIZE; + size -= MORUS640_BLOCK_SIZE; + } + } + + if (size > 0) { + union morus640_block_in tail; + + memcpy(tail.bytes, src, size); + + crypto_morus640_load_a(&m, src); + crypto_morus640_core(state, &m); + crypto_morus640_store_a(tail.bytes, &m); + memset(tail.bytes + size, 0, MORUS640_BLOCK_SIZE - size); + crypto_morus640_load_a(&m, tail.bytes); + crypto_morus640_update(state, &m); + + memcpy(dst, tail.bytes, size); + } +} + +static void crypto_morus640_init(struct morus640_state *state, + const struct morus640_block *key, + const u8 *iv) +{ + static const struct morus640_block z = {}; + + unsigned int i; + + crypto_morus640_load(&state->s[0], iv); + state->s[1] = *key; + for (i = 0; i < MORUS_BLOCK_WORDS; i++) + state->s[2].words[i] = U32_C(0xFFFFFFFF); + state->s[3] = crypto_morus640_const[0]; + state->s[4] = crypto_morus640_const[1]; + + for (i = 0; i < 16; i++) + crypto_morus640_update(state, &z); + + for (i = 0; i < MORUS_BLOCK_WORDS; i++) + state->s[1].words[i] ^= key->words[i]; +} + +static void crypto_morus640_process_ad(struct morus640_state *state, + struct scatterlist *sg_src, + unsigned int assoclen) +{ + struct scatter_walk walk; + struct morus640_block m; + union morus640_block_in buf; + unsigned int pos = 0; + + scatterwalk_start(&walk, sg_src); + while (assoclen != 0) { + unsigned int size = scatterwalk_clamp(&walk, assoclen); + unsigned int left = size; + void *mapped = scatterwalk_map(&walk); + const u8 *src = (const u8 *)mapped; + + if (pos + size >= MORUS640_BLOCK_SIZE) { + if (pos > 0) { + unsigned int fill = MORUS640_BLOCK_SIZE - pos; + memcpy(buf.bytes + pos, src, fill); + + crypto_morus640_load_a(&m, buf.bytes); + crypto_morus640_update(state, &m); + + pos = 0; + left -= fill; + src += fill; + } + + crypto_morus640_ad(state, src, left); + src += left & ~(MORUS640_BLOCK_SIZE - 1); + left &= MORUS640_BLOCK_SIZE - 1; + } + + memcpy(buf.bytes + pos, src, left); + + pos += left; + assoclen -= size; + scatterwalk_unmap(mapped); + scatterwalk_advance(&walk, size); + scatterwalk_done(&walk, 0, assoclen); + } + + if (pos > 0) { + memset(buf.bytes + pos, 0, MORUS640_BLOCK_SIZE - pos); + + crypto_morus640_load_a(&m, buf.bytes); + crypto_morus640_update(state, &m); + } +} + +static void crypto_morus640_process_crypt(struct morus640_state *state, + struct aead_request *req, + const struct morus640_ops *ops) +{ + struct skcipher_walk walk; + u8 *dst; + const u8 *src; + + ops->skcipher_walk_init(&walk, req, false); + + while (walk.nbytes) { + src = walk.src.virt.addr; + dst = walk.dst.virt.addr; + + ops->crypt_chunk(state, dst, src, walk.nbytes); + + skcipher_walk_done(&walk, 0); + } +} + +static void crypto_morus640_final(struct morus640_state *state, + struct morus640_block *tag_xor, + u64 assoclen, u64 cryptlen) +{ + u64 assocbits = assoclen * 8; + u64 cryptbits = cryptlen * 8; + + u32 assocbits_lo = (u32)assocbits; + u32 assocbits_hi = (u32)(assocbits >> 32); + u32 cryptbits_lo = (u32)cryptbits; + u32 cryptbits_hi = (u32)(cryptbits >> 32); + + struct morus640_block tmp; + unsigned int i; + + tmp.words[0] = cpu_to_le32(assocbits_lo); + tmp.words[1] = cpu_to_le32(assocbits_hi); + tmp.words[2] = cpu_to_le32(cryptbits_lo); + tmp.words[3] = cpu_to_le32(cryptbits_hi); + + for (i = 0; i < MORUS_BLOCK_WORDS; i++) + state->s[4].words[i] ^= state->s[0].words[i]; + + for (i = 0; i < 10; i++) + crypto_morus640_update(state, &tmp); + + crypto_morus640_core(state, tag_xor); +} + +static int crypto_morus640_setkey(struct crypto_aead *aead, const u8 *key, + unsigned int keylen) +{ + struct morus640_ctx *ctx = crypto_aead_ctx(aead); + + if (keylen != MORUS640_BLOCK_SIZE) { + crypto_aead_set_flags(aead, CRYPTO_TFM_RES_BAD_KEY_LEN); + return -EINVAL; + } + + crypto_morus640_load(&ctx->key, key); + return 0; +} + +static int crypto_morus640_setauthsize(struct crypto_aead *tfm, + unsigned int authsize) +{ + return (authsize <= MORUS_MAX_AUTH_SIZE) ? 0 : -EINVAL; +} + +static void crypto_morus640_crypt(struct aead_request *req, + struct morus640_block *tag_xor, + unsigned int cryptlen, + const struct morus640_ops *ops) +{ + struct crypto_aead *tfm = crypto_aead_reqtfm(req); + struct morus640_ctx *ctx = crypto_aead_ctx(tfm); + struct morus640_state state; + + crypto_morus640_init(&state, &ctx->key, req->iv); + crypto_morus640_process_ad(&state, req->src, req->assoclen); + crypto_morus640_process_crypt(&state, req, ops); + crypto_morus640_final(&state, tag_xor, req->assoclen, cryptlen); +} + +static int crypto_morus640_encrypt(struct aead_request *req) +{ + static const struct morus640_ops ops = { + .skcipher_walk_init = skcipher_walk_aead_encrypt, + .crypt_chunk = crypto_morus640_encrypt_chunk, + }; + + struct crypto_aead *tfm = crypto_aead_reqtfm(req); + struct morus640_block tag = {}; + union morus640_block_in tag_out; + unsigned int authsize = crypto_aead_authsize(tfm); + unsigned int cryptlen = req->cryptlen; + + crypto_morus640_crypt(req, &tag, cryptlen, &ops); + crypto_morus640_store(tag_out.bytes, &tag); + + scatterwalk_map_and_copy(tag_out.bytes, req->dst, + req->assoclen + cryptlen, authsize, 1); + return 0; +} + +static int crypto_morus640_decrypt(struct aead_request *req) +{ + static const struct morus640_ops ops = { + .skcipher_walk_init = skcipher_walk_aead_decrypt, + .crypt_chunk = crypto_morus640_decrypt_chunk, + }; + static const u8 zeros[MORUS640_BLOCK_SIZE] = {}; + + struct crypto_aead *tfm = crypto_aead_reqtfm(req); + union morus640_block_in tag_in; + struct morus640_block tag; + unsigned int authsize = crypto_aead_authsize(tfm); + unsigned int cryptlen = req->cryptlen - authsize; + + scatterwalk_map_and_copy(tag_in.bytes, req->src, + req->assoclen + cryptlen, authsize, 0); + + crypto_morus640_load(&tag, tag_in.bytes); + crypto_morus640_crypt(req, &tag, cryptlen, &ops); + crypto_morus640_store(tag_in.bytes, &tag); + + return crypto_memneq(tag_in.bytes, zeros, authsize) ? -EBADMSG : 0; +} + +static int crypto_morus640_init_tfm(struct crypto_aead *tfm) +{ + return 0; +} + +static void crypto_morus640_exit_tfm(struct crypto_aead *tfm) +{ +} + +static struct aead_alg crypto_morus640_alg = { + .setkey = crypto_morus640_setkey, + .setauthsize = crypto_morus640_setauthsize, + .encrypt = crypto_morus640_encrypt, + .decrypt = crypto_morus640_decrypt, + .init = crypto_morus640_init_tfm, + .exit = crypto_morus640_exit_tfm, + + .ivsize = MORUS_NONCE_SIZE, + .maxauthsize = MORUS_MAX_AUTH_SIZE, + .chunksize = MORUS640_BLOCK_SIZE, + + .base = { + .cra_flags = CRYPTO_ALG_TYPE_AEAD, + .cra_blocksize = 1, + .cra_ctxsize = sizeof(struct morus640_ctx), + .cra_alignmask = 0, + + .cra_priority = 100, + + .cra_name = "morus640", + .cra_driver_name = "morus640-generic", + + .cra_module = THIS_MODULE, + } +}; + +static int __init crypto_morus640_module_init(void) +{ + return crypto_register_aead(&crypto_morus640_alg); +} + +static void __exit crypto_morus640_module_exit(void) +{ + crypto_unregister_aead(&crypto_morus640_alg); +} + +module_init(crypto_morus640_module_init); +module_exit(crypto_morus640_module_exit); + +MODULE_LICENSE("GPL"); +MODULE_AUTHOR("Ondrej Mosnacek <omosnacek@gmail.com>"); +MODULE_DESCRIPTION("MORUS-640 AEAD algorithm"); +MODULE_ALIAS_CRYPTO("morus640"); +MODULE_ALIAS_CRYPTO("morus640-generic"); diff --git a/crypto/pcbc.c b/crypto/pcbc.c index d9e45a958720..ef802f6e9642 100644 --- a/crypto/pcbc.c +++ b/crypto/pcbc.c @@ -14,6 +14,7 @@ * */ +#include <crypto/algapi.h> #include <crypto/internal/skcipher.h> #include <linux/err.h> #include <linux/init.h> @@ -72,7 +73,7 @@ static int crypto_pcbc_encrypt_inplace(struct skcipher_request *req, unsigned int nbytes = walk->nbytes; u8 *src = walk->src.virt.addr; u8 *iv = walk->iv; - u8 tmpbuf[bsize]; + u8 tmpbuf[MAX_CIPHER_BLOCKSIZE]; do { memcpy(tmpbuf, src, bsize); @@ -144,7 +145,7 @@ static int crypto_pcbc_decrypt_inplace(struct skcipher_request *req, unsigned int nbytes = walk->nbytes; u8 *src = walk->src.virt.addr; u8 *iv = walk->iv; - u8 tmpbuf[bsize] __aligned(__alignof__(u32)); + u8 tmpbuf[MAX_CIPHER_BLOCKSIZE] __aligned(__alignof__(u32)); do { memcpy(tmpbuf, src, bsize); diff --git a/crypto/rsa.c b/crypto/rsa.c index b067f3a93880..4167980c243d 100644 --- a/crypto/rsa.c +++ b/crypto/rsa.c @@ -215,7 +215,6 @@ static int rsa_verify(struct akcipher_request *req) goto err_free_m; } - ret = -ENOMEM; s = mpi_read_raw_from_sgl(req->src, req->src_len); if (!s) { ret = -ENOMEM; diff --git a/crypto/salsa20_generic.c b/crypto/salsa20_generic.c index 5074006a56c3..8c77bc78a09f 100644 --- a/crypto/salsa20_generic.c +++ b/crypto/salsa20_generic.c @@ -21,9 +21,17 @@ #include <asm/unaligned.h> #include <crypto/internal/skcipher.h> -#include <crypto/salsa20.h> #include <linux/module.h> +#define SALSA20_IV_SIZE 8 +#define SALSA20_MIN_KEY_SIZE 16 +#define SALSA20_MAX_KEY_SIZE 32 +#define SALSA20_BLOCK_SIZE 64 + +struct salsa20_ctx { + u32 initial_state[16]; +}; + static void salsa20_block(u32 *state, __le32 *stream) { u32 x[16]; @@ -93,16 +101,15 @@ static void salsa20_docrypt(u32 *state, u8 *dst, const u8 *src, } } -void crypto_salsa20_init(u32 *state, const struct salsa20_ctx *ctx, +static void salsa20_init(u32 *state, const struct salsa20_ctx *ctx, const u8 *iv) { memcpy(state, ctx->initial_state, sizeof(ctx->initial_state)); state[6] = get_unaligned_le32(iv + 0); state[7] = get_unaligned_le32(iv + 4); } -EXPORT_SYMBOL_GPL(crypto_salsa20_init); -int crypto_salsa20_setkey(struct crypto_skcipher *tfm, const u8 *key, +static int salsa20_setkey(struct crypto_skcipher *tfm, const u8 *key, unsigned int keysize) { static const char sigma[16] = "expand 32-byte k"; @@ -143,7 +150,6 @@ int crypto_salsa20_setkey(struct crypto_skcipher *tfm, const u8 *key, return 0; } -EXPORT_SYMBOL_GPL(crypto_salsa20_setkey); static int salsa20_crypt(struct skcipher_request *req) { @@ -155,7 +161,7 @@ static int salsa20_crypt(struct skcipher_request *req) err = skcipher_walk_virt(&walk, req, true); - crypto_salsa20_init(state, ctx, walk.iv); + salsa20_init(state, ctx, walk.iv); while (walk.nbytes > 0) { unsigned int nbytes = walk.nbytes; @@ -183,7 +189,7 @@ static struct skcipher_alg alg = { .max_keysize = SALSA20_MAX_KEY_SIZE, .ivsize = SALSA20_IV_SIZE, .chunksize = SALSA20_BLOCK_SIZE, - .setkey = crypto_salsa20_setkey, + .setkey = salsa20_setkey, .encrypt = salsa20_crypt, .decrypt = salsa20_crypt, }; diff --git a/crypto/sm4_generic.c b/crypto/sm4_generic.c index f537a2766c55..c18eebfd5edd 100644 --- a/crypto/sm4_generic.c +++ b/crypto/sm4_generic.c @@ -190,21 +190,23 @@ static void sm4_do_crypt(const u32 *rk, u32 *out, const u32 *in) /* encrypt a block of text */ -static void sm4_encrypt(struct crypto_tfm *tfm, u8 *out, const u8 *in) +void crypto_sm4_encrypt(struct crypto_tfm *tfm, u8 *out, const u8 *in) { const struct crypto_sm4_ctx *ctx = crypto_tfm_ctx(tfm); sm4_do_crypt(ctx->rkey_enc, (u32 *)out, (u32 *)in); } +EXPORT_SYMBOL_GPL(crypto_sm4_encrypt); /* decrypt a block of text */ -static void sm4_decrypt(struct crypto_tfm *tfm, u8 *out, const u8 *in) +void crypto_sm4_decrypt(struct crypto_tfm *tfm, u8 *out, const u8 *in) { const struct crypto_sm4_ctx *ctx = crypto_tfm_ctx(tfm); sm4_do_crypt(ctx->rkey_dec, (u32 *)out, (u32 *)in); } +EXPORT_SYMBOL_GPL(crypto_sm4_decrypt); static struct crypto_alg sm4_alg = { .cra_name = "sm4", @@ -219,8 +221,8 @@ static struct crypto_alg sm4_alg = { .cia_min_keysize = SM4_KEY_SIZE, .cia_max_keysize = SM4_KEY_SIZE, .cia_setkey = crypto_sm4_set_key, - .cia_encrypt = sm4_encrypt, - .cia_decrypt = sm4_decrypt + .cia_encrypt = crypto_sm4_encrypt, + .cia_decrypt = crypto_sm4_decrypt } } }; diff --git a/crypto/tcrypt.c b/crypto/tcrypt.c index 51fe7c8744ae..d5bcdd905007 100644 --- a/crypto/tcrypt.c +++ b/crypto/tcrypt.c @@ -158,9 +158,9 @@ struct test_mb_aead_data { }; static int do_mult_aead_op(struct test_mb_aead_data *data, int enc, - u32 num_mb) + u32 num_mb, int *rc) { - int i, rc[num_mb], err = 0; + int i, err = 0; /* Fire up a bunch of concurrent requests */ for (i = 0; i < num_mb; i++) { @@ -188,18 +188,26 @@ static int test_mb_aead_jiffies(struct test_mb_aead_data *data, int enc, { unsigned long start, end; int bcount; - int ret; + int ret = 0; + int *rc; + + rc = kcalloc(num_mb, sizeof(*rc), GFP_KERNEL); + if (!rc) + return -ENOMEM; for (start = jiffies, end = start + secs * HZ, bcount = 0; time_before(jiffies, end); bcount++) { - ret = do_mult_aead_op(data, enc, num_mb); + ret = do_mult_aead_op(data, enc, num_mb, rc); if (ret) - return ret; + goto out; } pr_cont("%d operations in %d seconds (%ld bytes)\n", bcount * num_mb, secs, (long)bcount * blen * num_mb); - return 0; + +out: + kfree(rc); + return ret; } static int test_mb_aead_cycles(struct test_mb_aead_data *data, int enc, @@ -208,10 +216,15 @@ static int test_mb_aead_cycles(struct test_mb_aead_data *data, int enc, unsigned long cycles = 0; int ret = 0; int i; + int *rc; + + rc = kcalloc(num_mb, sizeof(*rc), GFP_KERNEL); + if (!rc) + return -ENOMEM; /* Warm-up run. */ for (i = 0; i < 4; i++) { - ret = do_mult_aead_op(data, enc, num_mb); + ret = do_mult_aead_op(data, enc, num_mb, rc); if (ret) goto out; } @@ -221,7 +234,7 @@ static int test_mb_aead_cycles(struct test_mb_aead_data *data, int enc, cycles_t start, end; start = get_cycles(); - ret = do_mult_aead_op(data, enc, num_mb); + ret = do_mult_aead_op(data, enc, num_mb, rc); end = get_cycles(); if (ret) @@ -230,11 +243,11 @@ static int test_mb_aead_cycles(struct test_mb_aead_data *data, int enc, cycles += end - start; } -out: - if (ret == 0) - pr_cont("1 operation in %lu cycles (%d bytes)\n", - (cycles + 4) / (8 * num_mb), blen); + pr_cont("1 operation in %lu cycles (%d bytes)\n", + (cycles + 4) / (8 * num_mb), blen); +out: + kfree(rc); return ret; } @@ -705,9 +718,10 @@ struct test_mb_ahash_data { char *xbuf[XBUFSIZE]; }; -static inline int do_mult_ahash_op(struct test_mb_ahash_data *data, u32 num_mb) +static inline int do_mult_ahash_op(struct test_mb_ahash_data *data, u32 num_mb, + int *rc) { - int i, rc[num_mb], err = 0; + int i, err = 0; /* Fire up a bunch of concurrent requests */ for (i = 0; i < num_mb; i++) @@ -731,18 +745,26 @@ static int test_mb_ahash_jiffies(struct test_mb_ahash_data *data, int blen, { unsigned long start, end; int bcount; - int ret; + int ret = 0; + int *rc; + + rc = kcalloc(num_mb, sizeof(*rc), GFP_KERNEL); + if (!rc) + return -ENOMEM; for (start = jiffies, end = start + secs * HZ, bcount = 0; time_before(jiffies, end); bcount++) { - ret = do_mult_ahash_op(data, num_mb); + ret = do_mult_ahash_op(data, num_mb, rc); if (ret) - return ret; + goto out; } pr_cont("%d operations in %d seconds (%ld bytes)\n", bcount * num_mb, secs, (long)bcount * blen * num_mb); - return 0; + +out: + kfree(rc); + return ret; } static int test_mb_ahash_cycles(struct test_mb_ahash_data *data, int blen, @@ -751,10 +773,15 @@ static int test_mb_ahash_cycles(struct test_mb_ahash_data *data, int blen, unsigned long cycles = 0; int ret = 0; int i; + int *rc; + + rc = kcalloc(num_mb, sizeof(*rc), GFP_KERNEL); + if (!rc) + return -ENOMEM; /* Warm-up run. */ for (i = 0; i < 4; i++) { - ret = do_mult_ahash_op(data, num_mb); + ret = do_mult_ahash_op(data, num_mb, rc); if (ret) goto out; } @@ -764,7 +791,7 @@ static int test_mb_ahash_cycles(struct test_mb_ahash_data *data, int blen, cycles_t start, end; start = get_cycles(); - ret = do_mult_ahash_op(data, num_mb); + ret = do_mult_ahash_op(data, num_mb, rc); end = get_cycles(); if (ret) @@ -773,11 +800,11 @@ static int test_mb_ahash_cycles(struct test_mb_ahash_data *data, int blen, cycles += end - start; } -out: - if (ret == 0) - pr_cont("1 operation in %lu cycles (%d bytes)\n", - (cycles + 4) / (8 * num_mb), blen); + pr_cont("1 operation in %lu cycles (%d bytes)\n", + (cycles + 4) / (8 * num_mb), blen); +out: + kfree(rc); return ret; } @@ -1118,9 +1145,9 @@ struct test_mb_skcipher_data { }; static int do_mult_acipher_op(struct test_mb_skcipher_data *data, int enc, - u32 num_mb) + u32 num_mb, int *rc) { - int i, rc[num_mb], err = 0; + int i, err = 0; /* Fire up a bunch of concurrent requests */ for (i = 0; i < num_mb; i++) { @@ -1148,18 +1175,26 @@ static int test_mb_acipher_jiffies(struct test_mb_skcipher_data *data, int enc, { unsigned long start, end; int bcount; - int ret; + int ret = 0; + int *rc; + + rc = kcalloc(num_mb, sizeof(*rc), GFP_KERNEL); + if (!rc) + return -ENOMEM; for (start = jiffies, end = start + secs * HZ, bcount = 0; time_before(jiffies, end); bcount++) { - ret = do_mult_acipher_op(data, enc, num_mb); + ret = do_mult_acipher_op(data, enc, num_mb, rc); if (ret) - return ret; + goto out; } pr_cont("%d operations in %d seconds (%ld bytes)\n", bcount * num_mb, secs, (long)bcount * blen * num_mb); - return 0; + +out: + kfree(rc); + return ret; } static int test_mb_acipher_cycles(struct test_mb_skcipher_data *data, int enc, @@ -1168,10 +1203,15 @@ static int test_mb_acipher_cycles(struct test_mb_skcipher_data *data, int enc, unsigned long cycles = 0; int ret = 0; int i; + int *rc; + + rc = kcalloc(num_mb, sizeof(*rc), GFP_KERNEL); + if (!rc) + return -ENOMEM; /* Warm-up run. */ for (i = 0; i < 4; i++) { - ret = do_mult_acipher_op(data, enc, num_mb); + ret = do_mult_acipher_op(data, enc, num_mb, rc); if (ret) goto out; } @@ -1181,7 +1221,7 @@ static int test_mb_acipher_cycles(struct test_mb_skcipher_data *data, int enc, cycles_t start, end; start = get_cycles(); - ret = do_mult_acipher_op(data, enc, num_mb); + ret = do_mult_acipher_op(data, enc, num_mb, rc); end = get_cycles(); if (ret) @@ -1190,11 +1230,11 @@ static int test_mb_acipher_cycles(struct test_mb_skcipher_data *data, int enc, cycles += end - start; } -out: - if (ret == 0) - pr_cont("1 operation in %lu cycles (%d bytes)\n", - (cycles + 4) / (8 * num_mb), blen); + pr_cont("1 operation in %lu cycles (%d bytes)\n", + (cycles + 4) / (8 * num_mb), blen); +out: + kfree(rc); return ret; } @@ -1606,7 +1646,7 @@ static inline int tcrypt_test(const char *alg) return ret; } -static int do_test(const char *alg, u32 type, u32 mask, int m) +static int do_test(const char *alg, u32 type, u32 mask, int m, u32 num_mb) { int i; int ret = 0; @@ -1621,7 +1661,7 @@ static int do_test(const char *alg, u32 type, u32 mask, int m) } for (i = 1; i < 200; i++) - ret += do_test(NULL, 0, 0, i); + ret += do_test(NULL, 0, 0, i, num_mb); break; case 1: @@ -1902,10 +1942,6 @@ static int do_test(const char *alg, u32 type, u32 mask, int m) ret += tcrypt_test("vmac(aes)"); break; - case 110: - ret += tcrypt_test("hmac(crc32)"); - break; - case 111: ret += tcrypt_test("hmac(sha3-224)"); break; @@ -2903,7 +2939,7 @@ static int __init tcrypt_mod_init(void) goto err_free_tv; } - err = do_test(alg, type, mask, mode); + err = do_test(alg, type, mask, mode, num_mb); if (err) { printk(KERN_ERR "tcrypt: one or more tests failed!\n"); diff --git a/crypto/testmgr.c b/crypto/testmgr.c index af4a01c5037b..d1d99843cce4 100644 --- a/crypto/testmgr.c +++ b/crypto/testmgr.c @@ -84,10 +84,8 @@ struct aead_test_suite { }; struct cipher_test_suite { - struct { - const struct cipher_testvec *vecs; - unsigned int count; - } enc, dec; + const struct cipher_testvec *vecs; + unsigned int count; }; struct comp_test_suite { @@ -988,6 +986,7 @@ static int test_cipher(struct crypto_cipher *tfm, int enc, unsigned int i, j, k; char *q; const char *e; + const char *input, *result; void *data; char *xbuf[XBUFSIZE]; int ret = -ENOMEM; @@ -1008,14 +1007,16 @@ static int test_cipher(struct crypto_cipher *tfm, int enc, if (fips_enabled && template[i].fips_skip) continue; + input = enc ? template[i].ptext : template[i].ctext; + result = enc ? template[i].ctext : template[i].ptext; j++; ret = -EINVAL; - if (WARN_ON(template[i].ilen > PAGE_SIZE)) + if (WARN_ON(template[i].len > PAGE_SIZE)) goto out; data = xbuf[0]; - memcpy(data, template[i].input, template[i].ilen); + memcpy(data, input, template[i].len); crypto_cipher_clear_flags(tfm, ~0); if (template[i].wk) @@ -1031,7 +1032,7 @@ static int test_cipher(struct crypto_cipher *tfm, int enc, } else if (ret) continue; - for (k = 0; k < template[i].ilen; + for (k = 0; k < template[i].len; k += crypto_cipher_blocksize(tfm)) { if (enc) crypto_cipher_encrypt_one(tfm, data + k, @@ -1042,10 +1043,10 @@ static int test_cipher(struct crypto_cipher *tfm, int enc, } q = data; - if (memcmp(q, template[i].result, template[i].rlen)) { + if (memcmp(q, result, template[i].len)) { printk(KERN_ERR "alg: cipher: Test %d failed " "on %s for %s\n", j, e, algo); - hexdump(q, template[i].rlen); + hexdump(q, template[i].len); ret = -EINVAL; goto out; } @@ -1073,6 +1074,7 @@ static int __test_skcipher(struct crypto_skcipher *tfm, int enc, struct scatterlist sgout[8]; const char *e, *d; struct crypto_wait wait; + const char *input, *result; void *data; char iv[MAX_IVLEN]; char *xbuf[XBUFSIZE]; @@ -1116,19 +1118,21 @@ static int __test_skcipher(struct crypto_skcipher *tfm, int enc, if (fips_enabled && template[i].fips_skip) continue; - if (template[i].iv) + if (template[i].iv && !(template[i].generates_iv && enc)) memcpy(iv, template[i].iv, ivsize); else memset(iv, 0, MAX_IVLEN); + input = enc ? template[i].ptext : template[i].ctext; + result = enc ? template[i].ctext : template[i].ptext; j++; ret = -EINVAL; - if (WARN_ON(align_offset + template[i].ilen > PAGE_SIZE)) + if (WARN_ON(align_offset + template[i].len > PAGE_SIZE)) goto out; data = xbuf[0]; data += align_offset; - memcpy(data, template[i].input, template[i].ilen); + memcpy(data, input, template[i].len); crypto_skcipher_clear_flags(tfm, ~0); if (template[i].wk) @@ -1144,15 +1148,15 @@ static int __test_skcipher(struct crypto_skcipher *tfm, int enc, } else if (ret) continue; - sg_init_one(&sg[0], data, template[i].ilen); + sg_init_one(&sg[0], data, template[i].len); if (diff_dst) { data = xoutbuf[0]; data += align_offset; - sg_init_one(&sgout[0], data, template[i].ilen); + sg_init_one(&sgout[0], data, template[i].len); } skcipher_request_set_crypt(req, sg, (diff_dst) ? sgout : sg, - template[i].ilen, iv); + template[i].len, iv); ret = crypto_wait_req(enc ? crypto_skcipher_encrypt(req) : crypto_skcipher_decrypt(req), &wait); @@ -1163,17 +1167,16 @@ static int __test_skcipher(struct crypto_skcipher *tfm, int enc, } q = data; - if (memcmp(q, template[i].result, template[i].rlen)) { + if (memcmp(q, result, template[i].len)) { pr_err("alg: skcipher%s: Test %d failed (invalid result) on %s for %s\n", d, j, e, algo); - hexdump(q, template[i].rlen); + hexdump(q, template[i].len); ret = -EINVAL; goto out; } - if (template[i].iv_out && - memcmp(iv, template[i].iv_out, - crypto_skcipher_ivsize(tfm))) { + if (template[i].generates_iv && enc && + memcmp(iv, template[i].iv, crypto_skcipher_ivsize(tfm))) { pr_err("alg: skcipher%s: Test %d failed (invalid output IV) on %s for %s\n", d, j, e, algo); hexdump(iv, crypto_skcipher_ivsize(tfm)); @@ -1194,11 +1197,13 @@ static int __test_skcipher(struct crypto_skcipher *tfm, int enc, if (fips_enabled && template[i].fips_skip) continue; - if (template[i].iv) + if (template[i].iv && !(template[i].generates_iv && enc)) memcpy(iv, template[i].iv, ivsize); else memset(iv, 0, MAX_IVLEN); + input = enc ? template[i].ptext : template[i].ctext; + result = enc ? template[i].ctext : template[i].ptext; j++; crypto_skcipher_clear_flags(tfm, ~0); if (template[i].wk) @@ -1226,7 +1231,7 @@ static int __test_skcipher(struct crypto_skcipher *tfm, int enc, q = xbuf[IDX[k] >> PAGE_SHIFT] + offset_in_page(IDX[k]); - memcpy(q, template[i].input + temp, template[i].tap[k]); + memcpy(q, input + temp, template[i].tap[k]); if (offset_in_page(q) + template[i].tap[k] < PAGE_SIZE) q[template[i].tap[k]] = 0; @@ -1248,7 +1253,7 @@ static int __test_skcipher(struct crypto_skcipher *tfm, int enc, } skcipher_request_set_crypt(req, sg, (diff_dst) ? sgout : sg, - template[i].ilen, iv); + template[i].len, iv); ret = crypto_wait_req(enc ? crypto_skcipher_encrypt(req) : crypto_skcipher_decrypt(req), &wait); @@ -1269,8 +1274,7 @@ static int __test_skcipher(struct crypto_skcipher *tfm, int enc, q = xbuf[IDX[k] >> PAGE_SHIFT] + offset_in_page(IDX[k]); - if (memcmp(q, template[i].result + temp, - template[i].tap[k])) { + if (memcmp(q, result + temp, template[i].tap[k])) { pr_err("alg: skcipher%s: Chunk test %d failed on %s at page %u for %s\n", d, j, e, k, algo); hexdump(q, template[i].tap[k]); @@ -1342,19 +1346,30 @@ static int test_comp(struct crypto_comp *tfm, int ctcount, int dtcount) { const char *algo = crypto_tfm_alg_driver_name(crypto_comp_tfm(tfm)); + char *output, *decomp_output; unsigned int i; - char result[COMP_BUF_SIZE]; int ret; + output = kmalloc(COMP_BUF_SIZE, GFP_KERNEL); + if (!output) + return -ENOMEM; + + decomp_output = kmalloc(COMP_BUF_SIZE, GFP_KERNEL); + if (!decomp_output) { + kfree(output); + return -ENOMEM; + } + for (i = 0; i < ctcount; i++) { int ilen; unsigned int dlen = COMP_BUF_SIZE; - memset(result, 0, sizeof (result)); + memset(output, 0, sizeof(COMP_BUF_SIZE)); + memset(decomp_output, 0, sizeof(COMP_BUF_SIZE)); ilen = ctemplate[i].inlen; ret = crypto_comp_compress(tfm, ctemplate[i].input, - ilen, result, &dlen); + ilen, output, &dlen); if (ret) { printk(KERN_ERR "alg: comp: compression failed " "on test %d for %s: ret=%d\n", i + 1, algo, @@ -1362,7 +1377,17 @@ static int test_comp(struct crypto_comp *tfm, goto out; } - if (dlen != ctemplate[i].outlen) { + ilen = dlen; + dlen = COMP_BUF_SIZE; + ret = crypto_comp_decompress(tfm, output, + ilen, decomp_output, &dlen); + if (ret) { + pr_err("alg: comp: compression failed: decompress: on test %d for %s failed: ret=%d\n", + i + 1, algo, -ret); + goto out; + } + + if (dlen != ctemplate[i].inlen) { printk(KERN_ERR "alg: comp: Compression test %d " "failed for %s: output len = %d\n", i + 1, algo, dlen); @@ -1370,10 +1395,11 @@ static int test_comp(struct crypto_comp *tfm, goto out; } - if (memcmp(result, ctemplate[i].output, dlen)) { - printk(KERN_ERR "alg: comp: Compression test %d " - "failed for %s\n", i + 1, algo); - hexdump(result, dlen); + if (memcmp(decomp_output, ctemplate[i].input, + ctemplate[i].inlen)) { + pr_err("alg: comp: compression failed: output differs: on test %d for %s\n", + i + 1, algo); + hexdump(decomp_output, dlen); ret = -EINVAL; goto out; } @@ -1383,11 +1409,11 @@ static int test_comp(struct crypto_comp *tfm, int ilen; unsigned int dlen = COMP_BUF_SIZE; - memset(result, 0, sizeof (result)); + memset(decomp_output, 0, sizeof(COMP_BUF_SIZE)); ilen = dtemplate[i].inlen; ret = crypto_comp_decompress(tfm, dtemplate[i].input, - ilen, result, &dlen); + ilen, decomp_output, &dlen); if (ret) { printk(KERN_ERR "alg: comp: decompression failed " "on test %d for %s: ret=%d\n", i + 1, algo, @@ -1403,10 +1429,10 @@ static int test_comp(struct crypto_comp *tfm, goto out; } - if (memcmp(result, dtemplate[i].output, dlen)) { + if (memcmp(decomp_output, dtemplate[i].output, dlen)) { printk(KERN_ERR "alg: comp: Decompression test %d " "failed for %s\n", i + 1, algo); - hexdump(result, dlen); + hexdump(decomp_output, dlen); ret = -EINVAL; goto out; } @@ -1415,11 +1441,13 @@ static int test_comp(struct crypto_comp *tfm, ret = 0; out: + kfree(decomp_output); + kfree(output); return ret; } static int test_acomp(struct crypto_acomp *tfm, - const struct comp_testvec *ctemplate, + const struct comp_testvec *ctemplate, const struct comp_testvec *dtemplate, int ctcount, int dtcount) { @@ -1681,8 +1709,9 @@ out: static int alg_test_cipher(const struct alg_test_desc *desc, const char *driver, u32 type, u32 mask) { + const struct cipher_test_suite *suite = &desc->suite.cipher; struct crypto_cipher *tfm; - int err = 0; + int err; tfm = crypto_alloc_cipher(driver, type, mask); if (IS_ERR(tfm)) { @@ -1691,18 +1720,10 @@ static int alg_test_cipher(const struct alg_test_desc *desc, return PTR_ERR(tfm); } - if (desc->suite.cipher.enc.vecs) { - err = test_cipher(tfm, ENCRYPT, desc->suite.cipher.enc.vecs, - desc->suite.cipher.enc.count); - if (err) - goto out; - } - - if (desc->suite.cipher.dec.vecs) - err = test_cipher(tfm, DECRYPT, desc->suite.cipher.dec.vecs, - desc->suite.cipher.dec.count); + err = test_cipher(tfm, ENCRYPT, suite->vecs, suite->count); + if (!err) + err = test_cipher(tfm, DECRYPT, suite->vecs, suite->count); -out: crypto_free_cipher(tfm); return err; } @@ -1710,8 +1731,9 @@ out: static int alg_test_skcipher(const struct alg_test_desc *desc, const char *driver, u32 type, u32 mask) { + const struct cipher_test_suite *suite = &desc->suite.cipher; struct crypto_skcipher *tfm; - int err = 0; + int err; tfm = crypto_alloc_skcipher(driver, type, mask); if (IS_ERR(tfm)) { @@ -1720,18 +1742,10 @@ static int alg_test_skcipher(const struct alg_test_desc *desc, return PTR_ERR(tfm); } - if (desc->suite.cipher.enc.vecs) { - err = test_skcipher(tfm, ENCRYPT, desc->suite.cipher.enc.vecs, - desc->suite.cipher.enc.count); - if (err) - goto out; - } - - if (desc->suite.cipher.dec.vecs) - err = test_skcipher(tfm, DECRYPT, desc->suite.cipher.dec.vecs, - desc->suite.cipher.dec.count); + err = test_skcipher(tfm, ENCRYPT, suite->vecs, suite->count); + if (!err) + err = test_skcipher(tfm, DECRYPT, suite->vecs, suite->count); -out: crypto_free_skcipher(tfm); return err; } @@ -1774,8 +1788,9 @@ static int alg_test_comp(const struct alg_test_desc *desc, const char *driver, return err; } -static int alg_test_hash(const struct alg_test_desc *desc, const char *driver, - u32 type, u32 mask) +static int __alg_test_hash(const struct hash_testvec *template, + unsigned int tcount, const char *driver, + u32 type, u32 mask) { struct crypto_ahash *tfm; int err; @@ -1787,16 +1802,51 @@ static int alg_test_hash(const struct alg_test_desc *desc, const char *driver, return PTR_ERR(tfm); } - err = test_hash(tfm, desc->suite.hash.vecs, - desc->suite.hash.count, true); + err = test_hash(tfm, template, tcount, true); if (!err) - err = test_hash(tfm, desc->suite.hash.vecs, - desc->suite.hash.count, false); - + err = test_hash(tfm, template, tcount, false); crypto_free_ahash(tfm); return err; } +static int alg_test_hash(const struct alg_test_desc *desc, const char *driver, + u32 type, u32 mask) +{ + const struct hash_testvec *template = desc->suite.hash.vecs; + unsigned int tcount = desc->suite.hash.count; + unsigned int nr_unkeyed, nr_keyed; + int err; + + /* + * For OPTIONAL_KEY algorithms, we have to do all the unkeyed tests + * first, before setting a key on the tfm. To make this easier, we + * require that the unkeyed test vectors (if any) are listed first. + */ + + for (nr_unkeyed = 0; nr_unkeyed < tcount; nr_unkeyed++) { + if (template[nr_unkeyed].ksize) + break; + } + for (nr_keyed = 0; nr_unkeyed + nr_keyed < tcount; nr_keyed++) { + if (!template[nr_unkeyed + nr_keyed].ksize) { + pr_err("alg: hash: test vectors for %s out of order, " + "unkeyed ones must come first\n", desc->alg); + return -EINVAL; + } + } + + err = 0; + if (nr_unkeyed) { + err = __alg_test_hash(template, nr_unkeyed, driver, type, mask); + template += nr_unkeyed; + } + + if (!err && nr_keyed) + err = __alg_test_hash(template, nr_keyed, driver, type, mask); + + return err; +} + static int alg_test_crc32c(const struct alg_test_desc *desc, const char *driver, u32 type, u32 mask) { @@ -2316,6 +2366,33 @@ static int alg_test_null(const struct alg_test_desc *desc, /* Please keep this list sorted by algorithm name. */ static const struct alg_test_desc alg_test_descs[] = { { + .alg = "aegis128", + .test = alg_test_aead, + .suite = { + .aead = { + .enc = __VECS(aegis128_enc_tv_template), + .dec = __VECS(aegis128_dec_tv_template), + } + } + }, { + .alg = "aegis128l", + .test = alg_test_aead, + .suite = { + .aead = { + .enc = __VECS(aegis128l_enc_tv_template), + .dec = __VECS(aegis128l_dec_tv_template), + } + } + }, { + .alg = "aegis256", + .test = alg_test_aead, + .suite = { + .aead = { + .enc = __VECS(aegis256_enc_tv_template), + .dec = __VECS(aegis256_dec_tv_template), + } + } + }, { .alg = "ansi_cprng", .test = alg_test_cprng, .suite = { @@ -2488,93 +2565,70 @@ static const struct alg_test_desc alg_test_descs[] = { .test = alg_test_skcipher, .fips_allowed = 1, .suite = { - .cipher = { - .enc = __VECS(aes_cbc_enc_tv_template), - .dec = __VECS(aes_cbc_dec_tv_template) - } - } + .cipher = __VECS(aes_cbc_tv_template) + }, }, { .alg = "cbc(anubis)", .test = alg_test_skcipher, .suite = { - .cipher = { - .enc = __VECS(anubis_cbc_enc_tv_template), - .dec = __VECS(anubis_cbc_dec_tv_template) - } - } + .cipher = __VECS(anubis_cbc_tv_template) + }, }, { .alg = "cbc(blowfish)", .test = alg_test_skcipher, .suite = { - .cipher = { - .enc = __VECS(bf_cbc_enc_tv_template), - .dec = __VECS(bf_cbc_dec_tv_template) - } - } + .cipher = __VECS(bf_cbc_tv_template) + }, }, { .alg = "cbc(camellia)", .test = alg_test_skcipher, .suite = { - .cipher = { - .enc = __VECS(camellia_cbc_enc_tv_template), - .dec = __VECS(camellia_cbc_dec_tv_template) - } - } + .cipher = __VECS(camellia_cbc_tv_template) + }, }, { .alg = "cbc(cast5)", .test = alg_test_skcipher, .suite = { - .cipher = { - .enc = __VECS(cast5_cbc_enc_tv_template), - .dec = __VECS(cast5_cbc_dec_tv_template) - } - } + .cipher = __VECS(cast5_cbc_tv_template) + }, }, { .alg = "cbc(cast6)", .test = alg_test_skcipher, .suite = { - .cipher = { - .enc = __VECS(cast6_cbc_enc_tv_template), - .dec = __VECS(cast6_cbc_dec_tv_template) - } - } + .cipher = __VECS(cast6_cbc_tv_template) + }, }, { .alg = "cbc(des)", .test = alg_test_skcipher, .suite = { - .cipher = { - .enc = __VECS(des_cbc_enc_tv_template), - .dec = __VECS(des_cbc_dec_tv_template) - } - } + .cipher = __VECS(des_cbc_tv_template) + }, }, { .alg = "cbc(des3_ede)", .test = alg_test_skcipher, .fips_allowed = 1, .suite = { - .cipher = { - .enc = __VECS(des3_ede_cbc_enc_tv_template), - .dec = __VECS(des3_ede_cbc_dec_tv_template) - } - } + .cipher = __VECS(des3_ede_cbc_tv_template) + }, + }, { + /* Same as cbc(aes) except the key is stored in + * hardware secure memory which we reference by index + */ + .alg = "cbc(paes)", + .test = alg_test_null, + .fips_allowed = 1, }, { .alg = "cbc(serpent)", .test = alg_test_skcipher, .suite = { - .cipher = { - .enc = __VECS(serpent_cbc_enc_tv_template), - .dec = __VECS(serpent_cbc_dec_tv_template) - } - } + .cipher = __VECS(serpent_cbc_tv_template) + }, }, { .alg = "cbc(twofish)", .test = alg_test_skcipher, .suite = { - .cipher = { - .enc = __VECS(tf_cbc_enc_tv_template), - .dec = __VECS(tf_cbc_dec_tv_template) - } - } + .cipher = __VECS(tf_cbc_tv_template) + }, }, { .alg = "cbcmac(aes)", .fips_allowed = 1, @@ -2596,11 +2650,8 @@ static const struct alg_test_desc alg_test_descs[] = { .alg = "chacha20", .test = alg_test_skcipher, .suite = { - .cipher = { - .enc = __VECS(chacha20_enc_tv_template), - .dec = __VECS(chacha20_enc_tv_template), - } - } + .cipher = __VECS(chacha20_tv_template) + }, }, { .alg = "cmac(aes)", .fips_allowed = 1, @@ -2643,92 +2694,69 @@ static const struct alg_test_desc alg_test_descs[] = { .test = alg_test_skcipher, .fips_allowed = 1, .suite = { - .cipher = { - .enc = __VECS(aes_ctr_enc_tv_template), - .dec = __VECS(aes_ctr_dec_tv_template) - } + .cipher = __VECS(aes_ctr_tv_template) } }, { .alg = "ctr(blowfish)", .test = alg_test_skcipher, .suite = { - .cipher = { - .enc = __VECS(bf_ctr_enc_tv_template), - .dec = __VECS(bf_ctr_dec_tv_template) - } + .cipher = __VECS(bf_ctr_tv_template) } }, { .alg = "ctr(camellia)", .test = alg_test_skcipher, .suite = { - .cipher = { - .enc = __VECS(camellia_ctr_enc_tv_template), - .dec = __VECS(camellia_ctr_dec_tv_template) - } + .cipher = __VECS(camellia_ctr_tv_template) } }, { .alg = "ctr(cast5)", .test = alg_test_skcipher, .suite = { - .cipher = { - .enc = __VECS(cast5_ctr_enc_tv_template), - .dec = __VECS(cast5_ctr_dec_tv_template) - } + .cipher = __VECS(cast5_ctr_tv_template) } }, { .alg = "ctr(cast6)", .test = alg_test_skcipher, .suite = { - .cipher = { - .enc = __VECS(cast6_ctr_enc_tv_template), - .dec = __VECS(cast6_ctr_dec_tv_template) - } + .cipher = __VECS(cast6_ctr_tv_template) } }, { .alg = "ctr(des)", .test = alg_test_skcipher, .suite = { - .cipher = { - .enc = __VECS(des_ctr_enc_tv_template), - .dec = __VECS(des_ctr_dec_tv_template) - } + .cipher = __VECS(des_ctr_tv_template) } }, { .alg = "ctr(des3_ede)", .test = alg_test_skcipher, .fips_allowed = 1, .suite = { - .cipher = { - .enc = __VECS(des3_ede_ctr_enc_tv_template), - .dec = __VECS(des3_ede_ctr_dec_tv_template) - } + .cipher = __VECS(des3_ede_ctr_tv_template) } }, { + /* Same as ctr(aes) except the key is stored in + * hardware secure memory which we reference by index + */ + .alg = "ctr(paes)", + .test = alg_test_null, + .fips_allowed = 1, + }, { .alg = "ctr(serpent)", .test = alg_test_skcipher, .suite = { - .cipher = { - .enc = __VECS(serpent_ctr_enc_tv_template), - .dec = __VECS(serpent_ctr_dec_tv_template) - } + .cipher = __VECS(serpent_ctr_tv_template) } }, { .alg = "ctr(twofish)", .test = alg_test_skcipher, .suite = { - .cipher = { - .enc = __VECS(tf_ctr_enc_tv_template), - .dec = __VECS(tf_ctr_dec_tv_template) - } + .cipher = __VECS(tf_ctr_tv_template) } }, { .alg = "cts(cbc(aes))", .test = alg_test_skcipher, .suite = { - .cipher = { - .enc = __VECS(cts_mode_enc_tv_template), - .dec = __VECS(cts_mode_dec_tv_template) - } + .cipher = __VECS(cts_mode_tv_template) } }, { .alg = "deflate", @@ -2876,64 +2904,43 @@ static const struct alg_test_desc alg_test_descs[] = { .test = alg_test_skcipher, .fips_allowed = 1, .suite = { - .cipher = { - .enc = __VECS(aes_enc_tv_template), - .dec = __VECS(aes_dec_tv_template) - } + .cipher = __VECS(aes_tv_template) } }, { .alg = "ecb(anubis)", .test = alg_test_skcipher, .suite = { - .cipher = { - .enc = __VECS(anubis_enc_tv_template), - .dec = __VECS(anubis_dec_tv_template) - } + .cipher = __VECS(anubis_tv_template) } }, { .alg = "ecb(arc4)", .test = alg_test_skcipher, .suite = { - .cipher = { - .enc = __VECS(arc4_enc_tv_template), - .dec = __VECS(arc4_dec_tv_template) - } + .cipher = __VECS(arc4_tv_template) } }, { .alg = "ecb(blowfish)", .test = alg_test_skcipher, .suite = { - .cipher = { - .enc = __VECS(bf_enc_tv_template), - .dec = __VECS(bf_dec_tv_template) - } + .cipher = __VECS(bf_tv_template) } }, { .alg = "ecb(camellia)", .test = alg_test_skcipher, .suite = { - .cipher = { - .enc = __VECS(camellia_enc_tv_template), - .dec = __VECS(camellia_dec_tv_template) - } + .cipher = __VECS(camellia_tv_template) } }, { .alg = "ecb(cast5)", .test = alg_test_skcipher, .suite = { - .cipher = { - .enc = __VECS(cast5_enc_tv_template), - .dec = __VECS(cast5_dec_tv_template) - } + .cipher = __VECS(cast5_tv_template) } }, { .alg = "ecb(cast6)", .test = alg_test_skcipher, .suite = { - .cipher = { - .enc = __VECS(cast6_enc_tv_template), - .dec = __VECS(cast6_dec_tv_template) - } + .cipher = __VECS(cast6_tv_template) } }, { .alg = "ecb(cipher_null)", @@ -2943,134 +2950,96 @@ static const struct alg_test_desc alg_test_descs[] = { .alg = "ecb(des)", .test = alg_test_skcipher, .suite = { - .cipher = { - .enc = __VECS(des_enc_tv_template), - .dec = __VECS(des_dec_tv_template) - } + .cipher = __VECS(des_tv_template) } }, { .alg = "ecb(des3_ede)", .test = alg_test_skcipher, .fips_allowed = 1, .suite = { - .cipher = { - .enc = __VECS(des3_ede_enc_tv_template), - .dec = __VECS(des3_ede_dec_tv_template) - } + .cipher = __VECS(des3_ede_tv_template) } }, { .alg = "ecb(fcrypt)", .test = alg_test_skcipher, .suite = { .cipher = { - .enc = { - .vecs = fcrypt_pcbc_enc_tv_template, - .count = 1 - }, - .dec = { - .vecs = fcrypt_pcbc_dec_tv_template, - .count = 1 - } + .vecs = fcrypt_pcbc_tv_template, + .count = 1 } } }, { .alg = "ecb(khazad)", .test = alg_test_skcipher, .suite = { - .cipher = { - .enc = __VECS(khazad_enc_tv_template), - .dec = __VECS(khazad_dec_tv_template) - } + .cipher = __VECS(khazad_tv_template) } }, { + /* Same as ecb(aes) except the key is stored in + * hardware secure memory which we reference by index + */ + .alg = "ecb(paes)", + .test = alg_test_null, + .fips_allowed = 1, + }, { .alg = "ecb(seed)", .test = alg_test_skcipher, .suite = { - .cipher = { - .enc = __VECS(seed_enc_tv_template), - .dec = __VECS(seed_dec_tv_template) - } + .cipher = __VECS(seed_tv_template) } }, { .alg = "ecb(serpent)", .test = alg_test_skcipher, .suite = { - .cipher = { - .enc = __VECS(serpent_enc_tv_template), - .dec = __VECS(serpent_dec_tv_template) - } + .cipher = __VECS(serpent_tv_template) } }, { .alg = "ecb(sm4)", .test = alg_test_skcipher, .suite = { - .cipher = { - .enc = __VECS(sm4_enc_tv_template), - .dec = __VECS(sm4_dec_tv_template) - } + .cipher = __VECS(sm4_tv_template) } }, { .alg = "ecb(speck128)", .test = alg_test_skcipher, .suite = { - .cipher = { - .enc = __VECS(speck128_enc_tv_template), - .dec = __VECS(speck128_dec_tv_template) - } + .cipher = __VECS(speck128_tv_template) } }, { .alg = "ecb(speck64)", .test = alg_test_skcipher, .suite = { - .cipher = { - .enc = __VECS(speck64_enc_tv_template), - .dec = __VECS(speck64_dec_tv_template) - } + .cipher = __VECS(speck64_tv_template) } }, { .alg = "ecb(tea)", .test = alg_test_skcipher, .suite = { - .cipher = { - .enc = __VECS(tea_enc_tv_template), - .dec = __VECS(tea_dec_tv_template) - } + .cipher = __VECS(tea_tv_template) } }, { .alg = "ecb(tnepres)", .test = alg_test_skcipher, .suite = { - .cipher = { - .enc = __VECS(tnepres_enc_tv_template), - .dec = __VECS(tnepres_dec_tv_template) - } + .cipher = __VECS(tnepres_tv_template) } }, { .alg = "ecb(twofish)", .test = alg_test_skcipher, .suite = { - .cipher = { - .enc = __VECS(tf_enc_tv_template), - .dec = __VECS(tf_dec_tv_template) - } + .cipher = __VECS(tf_tv_template) } }, { .alg = "ecb(xeta)", .test = alg_test_skcipher, .suite = { - .cipher = { - .enc = __VECS(xeta_enc_tv_template), - .dec = __VECS(xeta_dec_tv_template) - } + .cipher = __VECS(xeta_tv_template) } }, { .alg = "ecb(xtea)", .test = alg_test_skcipher, .suite = { - .cipher = { - .enc = __VECS(xtea_enc_tv_template), - .dec = __VECS(xtea_dec_tv_template) - } + .cipher = __VECS(xtea_tv_template) } }, { .alg = "ecdh", @@ -3097,12 +3066,6 @@ static const struct alg_test_desc alg_test_descs[] = { .hash = __VECS(ghash_tv_template) } }, { - .alg = "hmac(crc32)", - .test = alg_test_hash, - .suite = { - .hash = __VECS(bfin_crc_tv_template) - } - }, { .alg = "hmac(md5)", .test = alg_test_hash, .suite = { @@ -3192,55 +3155,37 @@ static const struct alg_test_desc alg_test_descs[] = { .test = alg_test_skcipher, .fips_allowed = 1, .suite = { - .cipher = { - .enc = __VECS(aes_kw_enc_tv_template), - .dec = __VECS(aes_kw_dec_tv_template) - } + .cipher = __VECS(aes_kw_tv_template) } }, { .alg = "lrw(aes)", .test = alg_test_skcipher, .suite = { - .cipher = { - .enc = __VECS(aes_lrw_enc_tv_template), - .dec = __VECS(aes_lrw_dec_tv_template) - } + .cipher = __VECS(aes_lrw_tv_template) } }, { .alg = "lrw(camellia)", .test = alg_test_skcipher, .suite = { - .cipher = { - .enc = __VECS(camellia_lrw_enc_tv_template), - .dec = __VECS(camellia_lrw_dec_tv_template) - } + .cipher = __VECS(camellia_lrw_tv_template) } }, { .alg = "lrw(cast6)", .test = alg_test_skcipher, .suite = { - .cipher = { - .enc = __VECS(cast6_lrw_enc_tv_template), - .dec = __VECS(cast6_lrw_dec_tv_template) - } + .cipher = __VECS(cast6_lrw_tv_template) } }, { .alg = "lrw(serpent)", .test = alg_test_skcipher, .suite = { - .cipher = { - .enc = __VECS(serpent_lrw_enc_tv_template), - .dec = __VECS(serpent_lrw_dec_tv_template) - } + .cipher = __VECS(serpent_lrw_tv_template) } }, { .alg = "lrw(twofish)", .test = alg_test_skcipher, .suite = { - .cipher = { - .enc = __VECS(tf_lrw_enc_tv_template), - .dec = __VECS(tf_lrw_dec_tv_template) - } + .cipher = __VECS(tf_lrw_tv_template) } }, { .alg = "lz4", @@ -3291,23 +3236,42 @@ static const struct alg_test_desc alg_test_descs[] = { .hash = __VECS(michael_mic_tv_template) } }, { + .alg = "morus1280", + .test = alg_test_aead, + .suite = { + .aead = { + .enc = __VECS(morus1280_enc_tv_template), + .dec = __VECS(morus1280_dec_tv_template), + } + } + }, { + .alg = "morus640", + .test = alg_test_aead, + .suite = { + .aead = { + .enc = __VECS(morus640_enc_tv_template), + .dec = __VECS(morus640_dec_tv_template), + } + } + }, { .alg = "ofb(aes)", .test = alg_test_skcipher, .fips_allowed = 1, .suite = { - .cipher = { - .enc = __VECS(aes_ofb_enc_tv_template), - .dec = __VECS(aes_ofb_dec_tv_template) - } + .cipher = __VECS(aes_ofb_tv_template) } }, { + /* Same as ofb(aes) except the key is stored in + * hardware secure memory which we reference by index + */ + .alg = "ofb(paes)", + .test = alg_test_null, + .fips_allowed = 1, + }, { .alg = "pcbc(fcrypt)", .test = alg_test_skcipher, .suite = { - .cipher = { - .enc = __VECS(fcrypt_pcbc_enc_tv_template), - .dec = __VECS(fcrypt_pcbc_dec_tv_template) - } + .cipher = __VECS(fcrypt_pcbc_tv_template) } }, { .alg = "pkcs1pad(rsa,sha224)", @@ -3339,10 +3303,7 @@ static const struct alg_test_desc alg_test_descs[] = { .test = alg_test_skcipher, .fips_allowed = 1, .suite = { - .cipher = { - .enc = __VECS(aes_ctr_rfc3686_enc_tv_template), - .dec = __VECS(aes_ctr_rfc3686_dec_tv_template) - } + .cipher = __VECS(aes_ctr_rfc3686_tv_template) } }, { .alg = "rfc4106(gcm(aes))", @@ -3426,9 +3387,7 @@ static const struct alg_test_desc alg_test_descs[] = { .alg = "salsa20", .test = alg_test_skcipher, .suite = { - .cipher = { - .enc = __VECS(salsa20_stream_enc_tv_template) - } + .cipher = __VECS(salsa20_stream_tv_template) } }, { .alg = "sha1", @@ -3552,66 +3511,60 @@ static const struct alg_test_desc alg_test_descs[] = { .test = alg_test_skcipher, .fips_allowed = 1, .suite = { - .cipher = { - .enc = __VECS(aes_xts_enc_tv_template), - .dec = __VECS(aes_xts_dec_tv_template) - } + .cipher = __VECS(aes_xts_tv_template) } }, { .alg = "xts(camellia)", .test = alg_test_skcipher, .suite = { - .cipher = { - .enc = __VECS(camellia_xts_enc_tv_template), - .dec = __VECS(camellia_xts_dec_tv_template) - } + .cipher = __VECS(camellia_xts_tv_template) } }, { .alg = "xts(cast6)", .test = alg_test_skcipher, .suite = { - .cipher = { - .enc = __VECS(cast6_xts_enc_tv_template), - .dec = __VECS(cast6_xts_dec_tv_template) - } + .cipher = __VECS(cast6_xts_tv_template) } }, { + /* Same as xts(aes) except the key is stored in + * hardware secure memory which we reference by index + */ + .alg = "xts(paes)", + .test = alg_test_null, + .fips_allowed = 1, + }, { .alg = "xts(serpent)", .test = alg_test_skcipher, .suite = { - .cipher = { - .enc = __VECS(serpent_xts_enc_tv_template), - .dec = __VECS(serpent_xts_dec_tv_template) - } + .cipher = __VECS(serpent_xts_tv_template) } }, { .alg = "xts(speck128)", .test = alg_test_skcipher, .suite = { - .cipher = { - .enc = __VECS(speck128_xts_enc_tv_template), - .dec = __VECS(speck128_xts_dec_tv_template) - } + .cipher = __VECS(speck128_xts_tv_template) } }, { .alg = "xts(speck64)", .test = alg_test_skcipher, .suite = { - .cipher = { - .enc = __VECS(speck64_xts_enc_tv_template), - .dec = __VECS(speck64_xts_dec_tv_template) - } + .cipher = __VECS(speck64_xts_tv_template) } }, { .alg = "xts(twofish)", .test = alg_test_skcipher, .suite = { - .cipher = { - .enc = __VECS(tf_xts_enc_tv_template), - .dec = __VECS(tf_xts_dec_tv_template) - } + .cipher = __VECS(tf_xts_tv_template) } }, { + .alg = "xts4096(paes)", + .test = alg_test_null, + .fips_allowed = 1, + }, { + .alg = "xts512(paes)", + .test = alg_test_null, + .fips_allowed = 1, + }, { .alg = "zlib-deflate", .test = alg_test_comp, .fips_allowed = 1, @@ -3621,6 +3574,16 @@ static const struct alg_test_desc alg_test_descs[] = { .decomp = __VECS(zlib_deflate_decomp_tv_template) } } + }, { + .alg = "zstd", + .test = alg_test_comp, + .fips_allowed = 1, + .suite = { + .comp = { + .comp = __VECS(zstd_comp_tv_template), + .decomp = __VECS(zstd_decomp_tv_template) + } + } } }; diff --git a/crypto/testmgr.h b/crypto/testmgr.h index 004c0a0f8004..b950aa234e43 100644 --- a/crypto/testmgr.h +++ b/crypto/testmgr.h @@ -44,14 +44,13 @@ struct hash_testvec { }; /* - * cipher_testvec: structure to describe a cipher test - * @key: A pointer to a key used by the test - * @klen: The length of @key - * @iv: A pointer to the IV used by the test - * @input: A pointer to data used as input - * @ilen The length of data in @input - * @result: A pointer to what the test need to produce - * @rlen: The length of data in @result + * cipher_testvec: structure to describe a symmetric cipher test + * @key: Pointer to key + * @klen: Length of @key in bytes + * @iv: Pointer to IV (optional for some ciphers) + * @ptext: Pointer to plaintext + * @ctext: Pointer to ciphertext + * @len: Length of @ptext and @ctext in bytes * @fail: If set to one, the test need to fail * @wk: Does the test need CRYPTO_TFM_REQ_WEAK_KEY * ( e.g. test needs to fail due to a weak key ) @@ -60,23 +59,23 @@ struct hash_testvec { * @also_non_np: if set to 1, the test will be also done without * splitting data in @np SGs * @fips_skip: Skip the test vector in FIPS mode + * @generates_iv: Encryption should ignore the given IV, and output @iv. + * Decryption takes @iv. Needed for AES Keywrap ("kw(aes)"). */ - struct cipher_testvec { const char *key; const char *iv; - const char *iv_out; - const char *input; - const char *result; + const char *ptext; + const char *ctext; unsigned short tap[MAX_TAP]; int np; unsigned char also_non_np; bool fail; unsigned char wk; /* weak key flag */ unsigned char klen; - unsigned short ilen; - unsigned short rlen; + unsigned short len; bool fips_skip; + bool generates_iv; }; struct aead_testvec { @@ -5542,111 +5541,121 @@ static const struct hash_testvec poly1305_tv_template[] = { /* * DES test vectors. */ -static const struct cipher_testvec des_enc_tv_template[] = { +static const struct cipher_testvec des_tv_template[] = { { /* From Applied Cryptography */ .key = "\x01\x23\x45\x67\x89\xab\xcd\xef", .klen = 8, - .input = "\x01\x23\x45\x67\x89\xab\xcd\xe7", - .ilen = 8, - .result = "\xc9\x57\x44\x25\x6a\x5e\xd3\x1d", - .rlen = 8, + .ptext = "\x01\x23\x45\x67\x89\xab\xcd\xe7", + .ctext = "\xc9\x57\x44\x25\x6a\x5e\xd3\x1d", + .len = 8, }, { /* Same key, different plaintext block */ .key = "\x01\x23\x45\x67\x89\xab\xcd\xef", .klen = 8, - .input = "\x22\x33\x44\x55\x66\x77\x88\x99", - .ilen = 8, - .result = "\xf7\x9c\x89\x2a\x33\x8f\x4a\x8b", - .rlen = 8, + .ptext = "\x22\x33\x44\x55\x66\x77\x88\x99", + .ctext = "\xf7\x9c\x89\x2a\x33\x8f\x4a\x8b", + .len = 8, }, { /* Sbox test from NBS */ .key = "\x7c\xa1\x10\x45\x4a\x1a\x6e\x57", .klen = 8, - .input = "\x01\xa1\xd6\xd0\x39\x77\x67\x42", - .ilen = 8, - .result = "\x69\x0f\x5b\x0d\x9a\x26\x93\x9b", - .rlen = 8, + .ptext = "\x01\xa1\xd6\xd0\x39\x77\x67\x42", + .ctext = "\x69\x0f\x5b\x0d\x9a\x26\x93\x9b", + .len = 8, }, { /* Three blocks */ .key = "\x01\x23\x45\x67\x89\xab\xcd\xef", .klen = 8, - .input = "\x01\x23\x45\x67\x89\xab\xcd\xe7" + .ptext = "\x01\x23\x45\x67\x89\xab\xcd\xe7" "\x22\x33\x44\x55\x66\x77\x88\x99" "\xca\xfe\xba\xbe\xfe\xed\xbe\xef", - .ilen = 24, - .result = "\xc9\x57\x44\x25\x6a\x5e\xd3\x1d" + .ctext = "\xc9\x57\x44\x25\x6a\x5e\xd3\x1d" "\xf7\x9c\x89\x2a\x33\x8f\x4a\x8b" "\xb4\x99\x26\xf7\x1f\xe1\xd4\x90", - .rlen = 24, + .len = 24, }, { /* Weak key */ .fail = true, .wk = 1, .key = "\x01\x01\x01\x01\x01\x01\x01\x01", .klen = 8, - .input = "\x01\x23\x45\x67\x89\xab\xcd\xe7", - .ilen = 8, - .result = "\xc9\x57\x44\x25\x6a\x5e\xd3\x1d", - .rlen = 8, + .ptext = "\x01\x23\x45\x67\x89\xab\xcd\xe7", + .ctext = "\xc9\x57\x44\x25\x6a\x5e\xd3\x1d", + .len = 8, }, { /* Two blocks -- for testing encryption across pages */ .key = "\x01\x23\x45\x67\x89\xab\xcd\xef", .klen = 8, - .input = "\x01\x23\x45\x67\x89\xab\xcd\xe7" + .ptext = "\x01\x23\x45\x67\x89\xab\xcd\xe7" "\x22\x33\x44\x55\x66\x77\x88\x99", - .ilen = 16, - .result = "\xc9\x57\x44\x25\x6a\x5e\xd3\x1d" + .ctext = "\xc9\x57\x44\x25\x6a\x5e\xd3\x1d" "\xf7\x9c\x89\x2a\x33\x8f\x4a\x8b", - .rlen = 16, + .len = 16, .np = 2, .tap = { 8, 8 } + }, { + .key = "\x01\x23\x45\x67\x89\xab\xcd\xef", + .klen = 8, + .ptext = "\x01\x23\x45\x67\x89\xab\xcd\xe7" + "\xa3\x99\x7b\xca\xaf\x69\xa0\xf5", + .ctext = "\xc9\x57\x44\x25\x6a\x5e\xd3\x1d" + "\x69\x0f\x5b\x0d\x9a\x26\x93\x9b", + .len = 16, + .np = 2, + .tap = { 8, 8 } + }, { + .key = "\x01\x23\x45\x67\x89\xab\xcd\xef", + .klen = 8, + .ptext = "\x01\x23\x45\x67\x89\xab\xcd\xe7" + "\xa3\x99\x7b\xca\xaf\x69\xa0\xf5", + .ctext = "\xc9\x57\x44\x25\x6a\x5e\xd3\x1d" + "\x69\x0f\x5b\x0d\x9a\x26\x93\x9b", + .len = 16, + .np = 3, + .tap = { 3, 12, 1 } }, { /* Four blocks -- for testing encryption with chunking */ .key = "\x01\x23\x45\x67\x89\xab\xcd\xef", .klen = 8, - .input = "\x01\x23\x45\x67\x89\xab\xcd\xe7" + .ptext = "\x01\x23\x45\x67\x89\xab\xcd\xe7" "\x22\x33\x44\x55\x66\x77\x88\x99" "\xca\xfe\xba\xbe\xfe\xed\xbe\xef" "\x22\x33\x44\x55\x66\x77\x88\x99", - .ilen = 32, - .result = "\xc9\x57\x44\x25\x6a\x5e\xd3\x1d" + .ctext = "\xc9\x57\x44\x25\x6a\x5e\xd3\x1d" "\xf7\x9c\x89\x2a\x33\x8f\x4a\x8b" "\xb4\x99\x26\xf7\x1f\xe1\xd4\x90" "\xf7\x9c\x89\x2a\x33\x8f\x4a\x8b", - .rlen = 32, + .len = 32, .np = 3, .tap = { 14, 10, 8 } }, { .key = "\x01\x23\x45\x67\x89\xab\xcd\xef", .klen = 8, - .input = "\x01\x23\x45\x67\x89\xab\xcd\xe7" + .ptext = "\x01\x23\x45\x67\x89\xab\xcd\xe7" "\x22\x33\x44\x55\x66\x77\x88\x99" "\xca\xfe\xba\xbe\xfe\xed\xbe\xef", - .ilen = 24, - .result = "\xc9\x57\x44\x25\x6a\x5e\xd3\x1d" + .ctext = "\xc9\x57\x44\x25\x6a\x5e\xd3\x1d" "\xf7\x9c\x89\x2a\x33\x8f\x4a\x8b" "\xb4\x99\x26\xf7\x1f\xe1\xd4\x90", - .rlen = 24, + .len = 24, .np = 4, .tap = { 2, 1, 3, 18 } }, { .key = "\x01\x23\x45\x67\x89\xab\xcd\xef", .klen = 8, - .input = "\x01\x23\x45\x67\x89\xab\xcd\xe7" + .ptext = "\x01\x23\x45\x67\x89\xab\xcd\xe7" "\x22\x33\x44\x55\x66\x77\x88\x99", - .ilen = 16, - .result = "\xc9\x57\x44\x25\x6a\x5e\xd3\x1d" + .ctext = "\xc9\x57\x44\x25\x6a\x5e\xd3\x1d" "\xf7\x9c\x89\x2a\x33\x8f\x4a\x8b", - .rlen = 16, + .len = 16, .np = 5, .tap = { 2, 2, 2, 2, 8 } }, { .key = "\x01\x23\x45\x67\x89\xab\xcd\xef", .klen = 8, - .input = "\x01\x23\x45\x67\x89\xab\xcd\xe7", - .ilen = 8, - .result = "\xc9\x57\x44\x25\x6a\x5e\xd3\x1d", - .rlen = 8, + .ptext = "\x01\x23\x45\x67\x89\xab\xcd\xe7", + .ctext = "\xc9\x57\x44\x25\x6a\x5e\xd3\x1d", + .len = 8, .np = 8, .tap = { 1, 1, 1, 1, 1, 1, 1, 1 } }, { /* Generated with Crypto++ */ .key = "\xC9\x83\xA6\xC9\xEC\x0F\x32\x55", .klen = 8, - .input = "\x50\xB9\x22\xAE\x17\x80\x0C\x75" + .ptext = "\x50\xB9\x22\xAE\x17\x80\x0C\x75" "\xDE\x47\xD3\x3C\xA5\x0E\x9A\x03" "\x6C\xF8\x61\xCA\x33\xBF\x28\x91" "\x1D\x86\xEF\x58\xE4\x4D\xB6\x1F" @@ -5677,8 +5686,7 @@ static const struct cipher_testvec des_enc_tv_template[] = { "\xAA\x13\x7C\x08\x71\xDA\x43\xCF" "\x38\xA1\x0A\x96\xFF\x68\xF4\x5D" "\xC6\x2F\xBB\x24\x8D\x19\x82\xEB", - .ilen = 248, - .result = "\x88\xCB\x1F\xAB\x2F\x2A\x49\x57" + .ctext = "\x88\xCB\x1F\xAB\x2F\x2A\x49\x57" "\x92\xB9\x77\xFF\x2F\x47\x58\xDD" "\xD7\x8A\x91\x95\x26\x33\x78\xB2" "\x33\xBA\xB2\x3E\x02\xF5\x1F\xEF" @@ -5709,180 +5717,68 @@ static const struct cipher_testvec des_enc_tv_template[] = { "\x46\x31\x4C\x5E\x2E\x95\x61\xEF" "\xE1\x58\x39\x09\xB4\x8B\x40\xAC" "\x5F\x62\xC7\x72\xD9\xFC\xCB\x9A", - .rlen = 248, + .len = 248, .also_non_np = 1, .np = 3, .tap = { 248 - 10, 2, 8 }, }, }; -static const struct cipher_testvec des_dec_tv_template[] = { - { /* From Applied Cryptography */ - .key = "\x01\x23\x45\x67\x89\xab\xcd\xef", - .klen = 8, - .input = "\xc9\x57\x44\x25\x6a\x5e\xd3\x1d", - .ilen = 8, - .result = "\x01\x23\x45\x67\x89\xab\xcd\xe7", - .rlen = 8, - }, { /* Sbox test from NBS */ - .key = "\x7c\xa1\x10\x45\x4a\x1a\x6e\x57", - .klen = 8, - .input = "\x69\x0f\x5b\x0d\x9a\x26\x93\x9b", - .ilen = 8, - .result = "\x01\xa1\xd6\xd0\x39\x77\x67\x42", - .rlen = 8, - }, { /* Two blocks, for chunking test */ - .key = "\x01\x23\x45\x67\x89\xab\xcd\xef", - .klen = 8, - .input = "\xc9\x57\x44\x25\x6a\x5e\xd3\x1d" - "\x69\x0f\x5b\x0d\x9a\x26\x93\x9b", - .ilen = 16, - .result = "\x01\x23\x45\x67\x89\xab\xcd\xe7" - "\xa3\x99\x7b\xca\xaf\x69\xa0\xf5", - .rlen = 16, - .np = 2, - .tap = { 8, 8 } - }, { - .key = "\x01\x23\x45\x67\x89\xab\xcd\xef", - .klen = 8, - .input = "\xc9\x57\x44\x25\x6a\x5e\xd3\x1d" - "\x69\x0f\x5b\x0d\x9a\x26\x93\x9b", - .ilen = 16, - .result = "\x01\x23\x45\x67\x89\xab\xcd\xe7" - "\xa3\x99\x7b\xca\xaf\x69\xa0\xf5", - .rlen = 16, - .np = 3, - .tap = { 3, 12, 1 } - }, { /* Generated with Crypto++ */ - .key = "\xC9\x83\xA6\xC9\xEC\x0F\x32\x55", - .klen = 8, - .input = "\x88\xCB\x1F\xAB\x2F\x2A\x49\x57" - "\x92\xB9\x77\xFF\x2F\x47\x58\xDD" - "\xD7\x8A\x91\x95\x26\x33\x78\xB2" - "\x33\xBA\xB2\x3E\x02\xF5\x1F\xEF" - "\x98\xC5\xA6\xD2\x7D\x79\xEC\xB3" - "\x45\xF3\x4C\x61\xAC\x6C\xC2\x55" - "\xE5\xD3\x06\x58\x8A\x42\x3E\xDD" - "\x3D\x20\x45\xE9\x6F\x0D\x25\xA8" - "\xA5\xC7\x69\xCE\xD5\x3B\x7B\xC9" - "\x9E\x65\xE7\xA3\xF2\xE4\x18\x94" - "\xD2\x81\xE9\x33\x2B\x2D\x49\xC4" - "\xFE\xDA\x7F\xE2\xF2\x8C\x9C\xDC" - "\x73\x58\x11\x1F\x81\xD7\x21\x1A" - "\x80\xD0\x0D\xE8\x45\xD6\xD8\xD5" - "\x2E\x51\x16\xCA\x09\x89\x54\x62" - "\xF7\x04\x3D\x75\xB9\xA3\x84\xF4" - "\x62\xF0\x02\x58\x83\xAF\x30\x87" - "\x85\x3F\x01\xCD\x8E\x58\x42\xC4" - "\x41\x73\xE0\x15\x0A\xE6\x2E\x80" - "\x94\xF8\x5B\x3A\x4E\xDF\x51\xB2" - "\x9D\xE4\xC4\x9D\xF7\x3F\xF8\x8E" - "\x37\x22\x4D\x00\x2A\xEF\xC1\x0F" - "\x14\xA0\x66\xAB\x79\x39\xD0\x8E" - "\xE9\x95\x61\x74\x12\xED\x07\xD7" - "\xDD\x95\xDC\x7B\x57\x25\x27\x9C" - "\x51\x96\x16\xF7\x94\x61\xB8\x87" - "\xF0\x21\x1B\x32\xFB\x07\x0F\x29" - "\x56\xBD\x9D\x22\xA2\x9F\xA2\xB9" - "\x46\x31\x4C\x5E\x2E\x95\x61\xEF" - "\xE1\x58\x39\x09\xB4\x8B\x40\xAC" - "\x5F\x62\xC7\x72\xD9\xFC\xCB\x9A", - .ilen = 248, - .result = "\x50\xB9\x22\xAE\x17\x80\x0C\x75" - "\xDE\x47\xD3\x3C\xA5\x0E\x9A\x03" - "\x6C\xF8\x61\xCA\x33\xBF\x28\x91" - "\x1D\x86\xEF\x58\xE4\x4D\xB6\x1F" - "\xAB\x14\x7D\x09\x72\xDB\x44\xD0" - "\x39\xA2\x0B\x97\x00\x69\xF5\x5E" - "\xC7\x30\xBC\x25\x8E\x1A\x83\xEC" - "\x55\xE1\x4A\xB3\x1C\xA8\x11\x7A" - "\x06\x6F\xD8\x41\xCD\x36\x9F\x08" - "\x94\xFD\x66\xF2\x5B\xC4\x2D\xB9" - "\x22\x8B\x17\x80\xE9\x52\xDE\x47" - "\xB0\x19\xA5\x0E\x77\x03\x6C\xD5" - "\x3E\xCA\x33\x9C\x05\x91\xFA\x63" - "\xEF\x58\xC1\x2A\xB6\x1F\x88\x14" - "\x7D\xE6\x4F\xDB\x44\xAD\x16\xA2" - "\x0B\x74\x00\x69\xD2\x3B\xC7\x30" - "\x99\x02\x8E\xF7\x60\xEC\x55\xBE" - "\x27\xB3\x1C\x85\x11\x7A\xE3\x4C" - "\xD8\x41\xAA\x13\x9F\x08\x71\xFD" - "\x66\xCF\x38\xC4\x2D\x96\x22\x8B" - "\xF4\x5D\xE9\x52\xBB\x24\xB0\x19" - "\x82\x0E\x77\xE0\x49\xD5\x3E\xA7" - "\x10\x9C\x05\x6E\xFA\x63\xCC\x35" - "\xC1\x2A\x93\x1F\x88\xF1\x5A\xE6" - "\x4F\xB8\x21\xAD\x16\x7F\x0B\x74" - "\xDD\x46\xD2\x3B\xA4\x0D\x99\x02" - "\x6B\xF7\x60\xC9\x32\xBE\x27\x90" - "\x1C\x85\xEE\x57\xE3\x4C\xB5\x1E" - "\xAA\x13\x7C\x08\x71\xDA\x43\xCF" - "\x38\xA1\x0A\x96\xFF\x68\xF4\x5D" - "\xC6\x2F\xBB\x24\x8D\x19\x82\xEB", - .rlen = 248, - .also_non_np = 1, - .np = 3, - .tap = { 248 - 10, 2, 8 }, - }, -}; - -static const struct cipher_testvec des_cbc_enc_tv_template[] = { +static const struct cipher_testvec des_cbc_tv_template[] = { { /* From OpenSSL */ .key = "\x01\x23\x45\x67\x89\xab\xcd\xef", .klen = 8, .iv = "\xfe\xdc\xba\x98\x76\x54\x32\x10", - .input = "\x37\x36\x35\x34\x33\x32\x31\x20" + .ptext = "\x37\x36\x35\x34\x33\x32\x31\x20" "\x4e\x6f\x77\x20\x69\x73\x20\x74" "\x68\x65\x20\x74\x69\x6d\x65\x20", - .ilen = 24, - .result = "\xcc\xd1\x73\xff\xab\x20\x39\xf4" + .ctext = "\xcc\xd1\x73\xff\xab\x20\x39\xf4" "\xac\xd8\xae\xfd\xdf\xd8\xa1\xeb" "\x46\x8e\x91\x15\x78\x88\xba\x68", - .rlen = 24, + .len = 24, }, { /* FIPS Pub 81 */ .key = "\x01\x23\x45\x67\x89\xab\xcd\xef", .klen = 8, .iv = "\x12\x34\x56\x78\x90\xab\xcd\xef", - .input = "\x4e\x6f\x77\x20\x69\x73\x20\x74", - .ilen = 8, - .result = "\xe5\xc7\xcd\xde\x87\x2b\xf2\x7c", - .rlen = 8, + .ptext = "\x4e\x6f\x77\x20\x69\x73\x20\x74", + .ctext = "\xe5\xc7\xcd\xde\x87\x2b\xf2\x7c", + .len = 8, }, { .key = "\x01\x23\x45\x67\x89\xab\xcd\xef", .klen = 8, .iv = "\xe5\xc7\xcd\xde\x87\x2b\xf2\x7c", - .input = "\x68\x65\x20\x74\x69\x6d\x65\x20", - .ilen = 8, - .result = "\x43\xe9\x34\x00\x8c\x38\x9c\x0f", - .rlen = 8, + .ptext = "\x68\x65\x20\x74\x69\x6d\x65\x20", + .ctext = "\x43\xe9\x34\x00\x8c\x38\x9c\x0f", + .len = 8, }, { .key = "\x01\x23\x45\x67\x89\xab\xcd\xef", .klen = 8, .iv = "\x43\xe9\x34\x00\x8c\x38\x9c\x0f", - .input = "\x66\x6f\x72\x20\x61\x6c\x6c\x20", - .ilen = 8, - .result = "\x68\x37\x88\x49\x9a\x7c\x05\xf6", - .rlen = 8, + .ptext = "\x66\x6f\x72\x20\x61\x6c\x6c\x20", + .ctext = "\x68\x37\x88\x49\x9a\x7c\x05\xf6", + .len = 8, + .np = 2, + .tap = { 4, 4 }, + .also_non_np = 1, }, { /* Copy of openssl vector for chunk testing */ /* From OpenSSL */ .key = "\x01\x23\x45\x67\x89\xab\xcd\xef", .klen = 8, .iv = "\xfe\xdc\xba\x98\x76\x54\x32\x10", - .input = "\x37\x36\x35\x34\x33\x32\x31\x20" + .ptext = "\x37\x36\x35\x34\x33\x32\x31\x20" "\x4e\x6f\x77\x20\x69\x73\x20\x74" "\x68\x65\x20\x74\x69\x6d\x65\x20", - .ilen = 24, - .result = "\xcc\xd1\x73\xff\xab\x20\x39\xf4" + .ctext = "\xcc\xd1\x73\xff\xab\x20\x39\xf4" "\xac\xd8\xae\xfd\xdf\xd8\xa1\xeb" "\x46\x8e\x91\x15\x78\x88\xba\x68", - .rlen = 24, + .len = 24, .np = 2, .tap = { 13, 11 } }, { /* Generated with Crypto++ */ .key = "\xC9\x83\xA6\xC9\xEC\x0F\x32\x55", .klen = 8, .iv = "\xE7\x82\x1D\xB8\x53\x11\xAC\x47", - .input = "\x50\xB9\x22\xAE\x17\x80\x0C\x75" + .ptext = "\x50\xB9\x22\xAE\x17\x80\x0C\x75" "\xDE\x47\xD3\x3C\xA5\x0E\x9A\x03" "\x6C\xF8\x61\xCA\x33\xBF\x28\x91" "\x1D\x86\xEF\x58\xE4\x4D\xB6\x1F" @@ -5913,85 +5809,7 @@ static const struct cipher_testvec des_cbc_enc_tv_template[] = { "\xAA\x13\x7C\x08\x71\xDA\x43\xCF" "\x38\xA1\x0A\x96\xFF\x68\xF4\x5D" "\xC6\x2F\xBB\x24\x8D\x19\x82\xEB", - .ilen = 248, - .result = "\x71\xCC\x56\x1C\x87\x2C\x43\x20" - "\x1C\x20\x13\x09\xF9\x2B\x40\x47" - "\x99\x10\xD1\x1B\x65\x33\x33\xBA" - "\x88\x0D\xA2\xD1\x86\xFF\x4D\xF4" - "\x5A\x0C\x12\x96\x32\x57\xAA\x26" - "\xA7\xF4\x32\x8D\xBC\x10\x31\x9E" - "\x81\x72\x74\xDE\x30\x19\x69\x49" - "\x54\x9C\xC3\xEB\x0B\x97\xDD\xD1" - "\xE8\x6D\x0D\x05\x83\xA5\x12\x08" - "\x47\xF8\x88\x03\x86\x51\x3C\xEF" - "\xE7\x11\x73\x4D\x44\x2B\xE2\x16" - "\xE8\xA5\x06\x50\x66\x70\x0E\x14" - "\xBA\x21\x3B\xD5\x23\x5B\xA7\x8F" - "\x56\xB6\xA7\x44\xDB\x86\xAB\x69" - "\x33\x3C\xBE\x64\xC4\x22\xD3\xFE" - "\x49\x90\x88\x6A\x09\x8F\x76\x59" - "\xCB\xB7\xA0\x2D\x79\x75\x92\x8A" - "\x82\x1D\xC2\xFE\x09\x1F\x78\x6B" - "\x2F\xD6\xA4\x87\x1E\xC4\x53\x63" - "\x80\x02\x61\x2F\xE3\x46\xB6\xB5" - "\xAA\x95\xF4\xEE\xA7\x64\x2B\x4F" - "\x20\xCF\xD2\x47\x4E\x39\x65\xB3" - "\x11\x87\xA2\x6C\x49\x7E\x36\xC7" - "\x62\x8B\x48\x0D\x6A\x64\x00\xBD" - "\x71\x91\x8C\xE9\x70\x19\x01\x4F" - "\x4E\x68\x23\xBA\xDA\x24\x2E\x45" - "\x02\x14\x33\x21\xAE\x58\x4B\xCF" - "\x3B\x4B\xE8\xF8\xF6\x4F\x34\x93" - "\xD7\x07\x8A\xD7\x18\x92\x36\x8C" - "\x82\xA9\xBD\x6A\x31\x91\x39\x11" - "\xC6\x4A\xF3\x55\xC7\x29\x2E\x63", - .rlen = 248, - .also_non_np = 1, - .np = 3, - .tap = { 248 - 10, 2, 8 }, - }, -}; - -static const struct cipher_testvec des_cbc_dec_tv_template[] = { - { /* FIPS Pub 81 */ - .key = "\x01\x23\x45\x67\x89\xab\xcd\xef", - .klen = 8, - .iv = "\x12\x34\x56\x78\x90\xab\xcd\xef", - .input = "\xe5\xc7\xcd\xde\x87\x2b\xf2\x7c", - .ilen = 8, - .result = "\x4e\x6f\x77\x20\x69\x73\x20\x74", - .rlen = 8, - }, { - .key = "\x01\x23\x45\x67\x89\xab\xcd\xef", - .klen = 8, - .iv = "\xe5\xc7\xcd\xde\x87\x2b\xf2\x7c", - .input = "\x43\xe9\x34\x00\x8c\x38\x9c\x0f", - .ilen = 8, - .result = "\x68\x65\x20\x74\x69\x6d\x65\x20", - .rlen = 8, - }, { - .key = "\x01\x23\x45\x67\x89\xab\xcd\xef", - .klen = 8, - .iv = "\x43\xe9\x34\x00\x8c\x38\x9c\x0f", - .input = "\x68\x37\x88\x49\x9a\x7c\x05\xf6", - .ilen = 8, - .result = "\x66\x6f\x72\x20\x61\x6c\x6c\x20", - .rlen = 8, - }, { /* Copy of above, for chunk testing */ - .key = "\x01\x23\x45\x67\x89\xab\xcd\xef", - .klen = 8, - .iv = "\x43\xe9\x34\x00\x8c\x38\x9c\x0f", - .input = "\x68\x37\x88\x49\x9a\x7c\x05\xf6", - .ilen = 8, - .result = "\x66\x6f\x72\x20\x61\x6c\x6c\x20", - .rlen = 8, - .np = 2, - .tap = { 4, 4 } - }, { /* Generated with Crypto++ */ - .key = "\xC9\x83\xA6\xC9\xEC\x0F\x32\x55", - .klen = 8, - .iv = "\xE7\x82\x1D\xB8\x53\x11\xAC\x47", - .input = "\x71\xCC\x56\x1C\x87\x2C\x43\x20" + .ctext = "\x71\xCC\x56\x1C\x87\x2C\x43\x20" "\x1C\x20\x13\x09\xF9\x2B\x40\x47" "\x99\x10\xD1\x1B\x65\x33\x33\xBA" "\x88\x0D\xA2\xD1\x86\xFF\x4D\xF4" @@ -6022,51 +5840,19 @@ static const struct cipher_testvec des_cbc_dec_tv_template[] = { "\xD7\x07\x8A\xD7\x18\x92\x36\x8C" "\x82\xA9\xBD\x6A\x31\x91\x39\x11" "\xC6\x4A\xF3\x55\xC7\x29\x2E\x63", - .ilen = 248, - .result = "\x50\xB9\x22\xAE\x17\x80\x0C\x75" - "\xDE\x47\xD3\x3C\xA5\x0E\x9A\x03" - "\x6C\xF8\x61\xCA\x33\xBF\x28\x91" - "\x1D\x86\xEF\x58\xE4\x4D\xB6\x1F" - "\xAB\x14\x7D\x09\x72\xDB\x44\xD0" - "\x39\xA2\x0B\x97\x00\x69\xF5\x5E" - "\xC7\x30\xBC\x25\x8E\x1A\x83\xEC" - "\x55\xE1\x4A\xB3\x1C\xA8\x11\x7A" - "\x06\x6F\xD8\x41\xCD\x36\x9F\x08" - "\x94\xFD\x66\xF2\x5B\xC4\x2D\xB9" - "\x22\x8B\x17\x80\xE9\x52\xDE\x47" - "\xB0\x19\xA5\x0E\x77\x03\x6C\xD5" - "\x3E\xCA\x33\x9C\x05\x91\xFA\x63" - "\xEF\x58\xC1\x2A\xB6\x1F\x88\x14" - "\x7D\xE6\x4F\xDB\x44\xAD\x16\xA2" - "\x0B\x74\x00\x69\xD2\x3B\xC7\x30" - "\x99\x02\x8E\xF7\x60\xEC\x55\xBE" - "\x27\xB3\x1C\x85\x11\x7A\xE3\x4C" - "\xD8\x41\xAA\x13\x9F\x08\x71\xFD" - "\x66\xCF\x38\xC4\x2D\x96\x22\x8B" - "\xF4\x5D\xE9\x52\xBB\x24\xB0\x19" - "\x82\x0E\x77\xE0\x49\xD5\x3E\xA7" - "\x10\x9C\x05\x6E\xFA\x63\xCC\x35" - "\xC1\x2A\x93\x1F\x88\xF1\x5A\xE6" - "\x4F\xB8\x21\xAD\x16\x7F\x0B\x74" - "\xDD\x46\xD2\x3B\xA4\x0D\x99\x02" - "\x6B\xF7\x60\xC9\x32\xBE\x27\x90" - "\x1C\x85\xEE\x57\xE3\x4C\xB5\x1E" - "\xAA\x13\x7C\x08\x71\xDA\x43\xCF" - "\x38\xA1\x0A\x96\xFF\x68\xF4\x5D" - "\xC6\x2F\xBB\x24\x8D\x19\x82\xEB", - .rlen = 248, + .len = 248, .also_non_np = 1, .np = 3, .tap = { 248 - 10, 2, 8 }, }, }; -static const struct cipher_testvec des_ctr_enc_tv_template[] = { +static const struct cipher_testvec des_ctr_tv_template[] = { { /* Generated with Crypto++ */ .key = "\xC9\x83\xA6\xC9\xEC\x0F\x32\x55", .klen = 8, .iv = "\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFD", - .input = "\x50\xB9\x22\xAE\x17\x80\x0C\x75" + .ptext = "\x50\xB9\x22\xAE\x17\x80\x0C\x75" "\xDE\x47\xD3\x3C\xA5\x0E\x9A\x03" "\x6C\xF8\x61\xCA\x33\xBF\x28\x91" "\x1D\x86\xEF\x58\xE4\x4D\xB6\x1F" @@ -6097,8 +5883,7 @@ static const struct cipher_testvec des_ctr_enc_tv_template[] = { "\xAA\x13\x7C\x08\x71\xDA\x43\xCF" "\x38\xA1\x0A\x96\xFF\x68\xF4\x5D" "\xC6\x2F\xBB\x24\x8D\x19\x82\xEB", - .ilen = 248, - .result = "\x2F\x96\x06\x0F\x50\xC9\x68\x03" + .ctext = "\x2F\x96\x06\x0F\x50\xC9\x68\x03" "\x0F\x31\xD4\x64\xA5\x29\x77\x35" "\xBC\x7A\x9F\x19\xE7\x0D\x33\x3E" "\x12\x0B\x8C\xAE\x48\xAE\xD9\x02" @@ -6129,7 +5914,7 @@ static const struct cipher_testvec des_ctr_enc_tv_template[] = { "\x5C\xC4\x15\xC9\x9A\x21\xC5\xCD" "\x19\x7F\x99\x19\x53\xCE\x1D\x14" "\x69\x74\xA1\x06\x46\x0F\x4E\x75", - .rlen = 248, + .len = 248, .also_non_np = 1, .np = 3, .tap = { 248 - 10, 2, 8 }, @@ -6137,7 +5922,7 @@ static const struct cipher_testvec des_ctr_enc_tv_template[] = { .key = "\xC9\x83\xA6\xC9\xEC\x0F\x32\x55", .klen = 8, .iv = "\xE7\x82\x1D\xB8\x53\x11\xAC\x47", - .input = "\x50\xB9\x22\xAE\x17\x80\x0C\x75" + .ptext = "\x50\xB9\x22\xAE\x17\x80\x0C\x75" "\xDE\x47\xD3\x3C\xA5\x0E\x9A\x03" "\x6C\xF8\x61\xCA\x33\xBF\x28\x91" "\x1D\x86\xEF\x58\xE4\x4D\xB6\x1F" @@ -6168,8 +5953,7 @@ static const struct cipher_testvec des_ctr_enc_tv_template[] = { "\xAA\x13\x7C\x08\x71\xDA\x43\xCF" "\x38\xA1\x0A\x96\xFF\x68\xF4\x5D" "\xC6\x2F\xBB\x24\x8D\x19\x82", - .ilen = 247, - .result = "\x62\xE5\xF4\xDC\x99\xE7\x89\xE3" + .ctext = "\x62\xE5\xF4\xDC\x99\xE7\x89\xE3" "\xF4\x10\xCC\x21\x99\xEB\xDC\x15" "\x19\x13\x93\x27\x9D\xB6\x6F\x45" "\x17\x55\x61\x72\xC8\xD3\x7F\xA5" @@ -6200,193 +5984,44 @@ static const struct cipher_testvec des_ctr_enc_tv_template[] = { "\xDF\x85\x2D\xE1\xB2\xD6\xAB\x94" "\xA5\xA6\xE7\xB0\x51\x36\x52\x37" "\x91\x45\x05\x3E\x58\xBF\x32", - .rlen = 247, - .also_non_np = 1, - .np = 2, - .tap = { 247 - 8, 8 }, - }, -}; - -static const struct cipher_testvec des_ctr_dec_tv_template[] = { - { /* Generated with Crypto++ */ - .key = "\xC9\x83\xA6\xC9\xEC\x0F\x32\x55", - .klen = 8, - .iv = "\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFD", - .input = "\x2F\x96\x06\x0F\x50\xC9\x68\x03" - "\x0F\x31\xD4\x64\xA5\x29\x77\x35" - "\xBC\x7A\x9F\x19\xE7\x0D\x33\x3E" - "\x12\x0B\x8C\xAE\x48\xAE\xD9\x02" - "\x0A\xD4\xB0\xD6\x37\xB2\x65\x1C" - "\x4B\x65\xEB\x24\xB5\x8E\xAD\x47" - "\x0D\xDA\x79\x77\xA0\x29\xA0\x2B" - "\xC8\x0F\x85\xDC\x03\x13\xA9\x04" - "\x19\x40\xBE\xBE\x5C\x49\x4A\x69" - "\xED\xE8\xE1\x9E\x14\x43\x74\xDE" - "\xEC\x6E\x11\x3F\x36\xEF\x7B\xFB" - "\xBE\x4C\x91\x43\x22\x65\x72\x48" - "\xE2\x12\xED\x88\xAC\xA7\xC9\x91" - "\x14\xA2\x36\x1C\x29\xFF\xC8\x4F" - "\x72\x5C\x4B\xB0\x1E\x93\xC2\xFA" - "\x9D\x53\x86\xA0\xAE\xC6\xB7\x3C" - "\x59\x0C\xD0\x8F\xA6\xD8\xA4\x31" - "\xB7\x30\x1C\x21\x38\xFB\x68\x8C" - "\x2E\xF5\x6E\x73\xC3\x16\x5F\x12" - "\x0C\x33\xB9\x1E\x7B\x70\xDE\x86" - "\x32\xB3\xC1\x16\xAB\xD9\x49\x0B" - "\x96\x28\x72\x6B\xF3\x30\xA9\xEB" - "\x69\xE2\x1E\x58\x46\xA2\x8E\xC7" - "\xC0\xEF\x07\xB7\x77\x2C\x00\x05" - "\x46\xBD\xFE\x53\x81\x8B\xA4\x03" - "\x20\x0F\xDB\x78\x0B\x1F\x53\x04" - "\x4C\x60\x4C\xC3\x2A\x86\x86\x7E" - "\x13\xD2\x26\xED\x5D\x3E\x9C\xF2" - "\x5C\xC4\x15\xC9\x9A\x21\xC5\xCD" - "\x19\x7F\x99\x19\x53\xCE\x1D\x14" - "\x69\x74\xA1\x06\x46\x0F\x4E\x75", - .ilen = 248, - .result = "\x50\xB9\x22\xAE\x17\x80\x0C\x75" - "\xDE\x47\xD3\x3C\xA5\x0E\x9A\x03" - "\x6C\xF8\x61\xCA\x33\xBF\x28\x91" - "\x1D\x86\xEF\x58\xE4\x4D\xB6\x1F" - "\xAB\x14\x7D\x09\x72\xDB\x44\xD0" - "\x39\xA2\x0B\x97\x00\x69\xF5\x5E" - "\xC7\x30\xBC\x25\x8E\x1A\x83\xEC" - "\x55\xE1\x4A\xB3\x1C\xA8\x11\x7A" - "\x06\x6F\xD8\x41\xCD\x36\x9F\x08" - "\x94\xFD\x66\xF2\x5B\xC4\x2D\xB9" - "\x22\x8B\x17\x80\xE9\x52\xDE\x47" - "\xB0\x19\xA5\x0E\x77\x03\x6C\xD5" - "\x3E\xCA\x33\x9C\x05\x91\xFA\x63" - "\xEF\x58\xC1\x2A\xB6\x1F\x88\x14" - "\x7D\xE6\x4F\xDB\x44\xAD\x16\xA2" - "\x0B\x74\x00\x69\xD2\x3B\xC7\x30" - "\x99\x02\x8E\xF7\x60\xEC\x55\xBE" - "\x27\xB3\x1C\x85\x11\x7A\xE3\x4C" - "\xD8\x41\xAA\x13\x9F\x08\x71\xFD" - "\x66\xCF\x38\xC4\x2D\x96\x22\x8B" - "\xF4\x5D\xE9\x52\xBB\x24\xB0\x19" - "\x82\x0E\x77\xE0\x49\xD5\x3E\xA7" - "\x10\x9C\x05\x6E\xFA\x63\xCC\x35" - "\xC1\x2A\x93\x1F\x88\xF1\x5A\xE6" - "\x4F\xB8\x21\xAD\x16\x7F\x0B\x74" - "\xDD\x46\xD2\x3B\xA4\x0D\x99\x02" - "\x6B\xF7\x60\xC9\x32\xBE\x27\x90" - "\x1C\x85\xEE\x57\xE3\x4C\xB5\x1E" - "\xAA\x13\x7C\x08\x71\xDA\x43\xCF" - "\x38\xA1\x0A\x96\xFF\x68\xF4\x5D" - "\xC6\x2F\xBB\x24\x8D\x19\x82\xEB", - .rlen = 248, - .also_non_np = 1, - .np = 3, - .tap = { 248 - 10, 2, 8 }, - }, { /* Generated with Crypto++ */ - .key = "\xC9\x83\xA6\xC9\xEC\x0F\x32\x55", - .klen = 8, - .iv = "\xE7\x82\x1D\xB8\x53\x11\xAC\x47", - .input = "\x62\xE5\xF4\xDC\x99\xE7\x89\xE3" - "\xF4\x10\xCC\x21\x99\xEB\xDC\x15" - "\x19\x13\x93\x27\x9D\xB6\x6F\x45" - "\x17\x55\x61\x72\xC8\xD3\x7F\xA5" - "\x32\xD0\xD3\x02\x15\xA4\x05\x23" - "\x9C\x23\x61\x60\x77\x7B\x6C\x95" - "\x26\x49\x42\x2E\xF3\xC1\x8C\x6D" - "\xC8\x47\xD5\x94\xE7\x53\xC8\x23" - "\x1B\xA5\x0B\xCB\x12\xD3\x7A\x12" - "\xA4\x42\x15\x34\xF7\x5F\xDC\x58" - "\x5B\x58\x4C\xAD\xD1\x33\x8E\xE6" - "\xE5\xA0\xDA\x4D\x94\x3D\x63\xA8" - "\x02\x82\xBB\x16\xB8\xDC\xB5\x58" - "\xC3\x2D\x79\xE4\x25\x79\x43\xF9" - "\x6D\xD3\xCA\xC0\xE8\x12\xD4\x7E" - "\x04\x25\x79\xFD\x27\xFB\xC4\xEA" - "\x32\x94\x48\x92\xF3\x68\x1A\x7F" - "\x36\x33\x43\x79\xF7\xCA\xC2\x38" - "\xC0\x68\xD4\x53\xA9\xCC\x43\x0C" - "\x40\x57\x3E\xED\x00\x9F\x22\x6E" - "\x80\x99\x0B\xCC\x40\x63\x46\x8A" - "\xE8\xC4\x9B\x6D\x7A\x08\x6E\xA9" - "\x6F\x84\xBC\xB3\xF4\x95\x0B\x2D" - "\x6A\xBA\x37\x50\xC3\xCF\x9F\x7C" - "\x59\x5E\xDE\x0B\x30\xFA\x34\x8A" - "\xF8\xD1\xA2\xF8\x4E\xBD\x5D\x5E" - "\x7D\x71\x99\xE0\xF6\xE5\x7C\xE0" - "\x6D\xEE\x82\x89\x92\xD4\xF5\xD7" - "\xDF\x85\x2D\xE1\xB2\xD6\xAB\x94" - "\xA5\xA6\xE7\xB0\x51\x36\x52\x37" - "\x91\x45\x05\x3E\x58\xBF\x32", - .ilen = 247, - .result = "\x50\xB9\x22\xAE\x17\x80\x0C\x75" - "\xDE\x47\xD3\x3C\xA5\x0E\x9A\x03" - "\x6C\xF8\x61\xCA\x33\xBF\x28\x91" - "\x1D\x86\xEF\x58\xE4\x4D\xB6\x1F" - "\xAB\x14\x7D\x09\x72\xDB\x44\xD0" - "\x39\xA2\x0B\x97\x00\x69\xF5\x5E" - "\xC7\x30\xBC\x25\x8E\x1A\x83\xEC" - "\x55\xE1\x4A\xB3\x1C\xA8\x11\x7A" - "\x06\x6F\xD8\x41\xCD\x36\x9F\x08" - "\x94\xFD\x66\xF2\x5B\xC4\x2D\xB9" - "\x22\x8B\x17\x80\xE9\x52\xDE\x47" - "\xB0\x19\xA5\x0E\x77\x03\x6C\xD5" - "\x3E\xCA\x33\x9C\x05\x91\xFA\x63" - "\xEF\x58\xC1\x2A\xB6\x1F\x88\x14" - "\x7D\xE6\x4F\xDB\x44\xAD\x16\xA2" - "\x0B\x74\x00\x69\xD2\x3B\xC7\x30" - "\x99\x02\x8E\xF7\x60\xEC\x55\xBE" - "\x27\xB3\x1C\x85\x11\x7A\xE3\x4C" - "\xD8\x41\xAA\x13\x9F\x08\x71\xFD" - "\x66\xCF\x38\xC4\x2D\x96\x22\x8B" - "\xF4\x5D\xE9\x52\xBB\x24\xB0\x19" - "\x82\x0E\x77\xE0\x49\xD5\x3E\xA7" - "\x10\x9C\x05\x6E\xFA\x63\xCC\x35" - "\xC1\x2A\x93\x1F\x88\xF1\x5A\xE6" - "\x4F\xB8\x21\xAD\x16\x7F\x0B\x74" - "\xDD\x46\xD2\x3B\xA4\x0D\x99\x02" - "\x6B\xF7\x60\xC9\x32\xBE\x27\x90" - "\x1C\x85\xEE\x57\xE3\x4C\xB5\x1E" - "\xAA\x13\x7C\x08\x71\xDA\x43\xCF" - "\x38\xA1\x0A\x96\xFF\x68\xF4\x5D" - "\xC6\x2F\xBB\x24\x8D\x19\x82", - .rlen = 247, + .len = 247, .also_non_np = 1, .np = 2, .tap = { 247 - 8, 8 }, }, }; -static const struct cipher_testvec des3_ede_enc_tv_template[] = { +static const struct cipher_testvec des3_ede_tv_template[] = { { /* These are from openssl */ .key = "\x01\x23\x45\x67\x89\xab\xcd\xef" "\x55\x55\x55\x55\x55\x55\x55\x55" "\xfe\xdc\xba\x98\x76\x54\x32\x10", .klen = 24, - .input = "\x73\x6f\x6d\x65\x64\x61\x74\x61", - .ilen = 8, - .result = "\x18\xd7\x48\xe5\x63\x62\x05\x72", - .rlen = 8, + .ptext = "\x73\x6f\x6d\x65\x64\x61\x74\x61", + .ctext = "\x18\xd7\x48\xe5\x63\x62\x05\x72", + .len = 8, }, { .key = "\x03\x52\x02\x07\x67\x20\x82\x17" "\x86\x02\x87\x66\x59\x08\x21\x98" "\x64\x05\x6a\xbd\xfe\xa9\x34\x57", .klen = 24, - .input = "\x73\x71\x75\x69\x67\x67\x6c\x65", - .ilen = 8, - .result = "\xc0\x7d\x2a\x0f\xa5\x66\xfa\x30", - .rlen = 8, + .ptext = "\x73\x71\x75\x69\x67\x67\x6c\x65", + .ctext = "\xc0\x7d\x2a\x0f\xa5\x66\xfa\x30", + .len = 8, }, { .key = "\x10\x46\x10\x34\x89\x98\x80\x20" "\x91\x07\xd0\x15\x89\x19\x01\x01" "\x19\x07\x92\x10\x98\x1a\x01\x01", .klen = 24, - .input = "\x00\x00\x00\x00\x00\x00\x00\x00", - .ilen = 8, - .result = "\xe1\xef\x62\xc3\x32\xfe\x82\x5b", - .rlen = 8, + .ptext = "\x00\x00\x00\x00\x00\x00\x00\x00", + .ctext = "\xe1\xef\x62\xc3\x32\xfe\x82\x5b", + .len = 8, }, { /* Generated with Crypto++ */ .key = "\xF3\x9C\xD6\xF3\x9C\xB9\x5A\x67" "\x00\x5A\x67\x00\x2D\xCE\xEB\x2D" "\xCE\xEB\xB4\x51\x72\xB4\x51\x72", .klen = 24, - .input = "\x05\xEC\x77\xFB\x42\xD5\x59\x20" + .ptext = "\x05\xEC\x77\xFB\x42\xD5\x59\x20" "\x8B\x12\x86\x69\xF0\x5B\xCF\x56" "\x39\xAD\x34\x9F\x66\xEA\x7D\xC4" "\x48\xD3\xBA\x0D\xB1\x18\xE3\x4A" @@ -6448,8 +6083,7 @@ static const struct cipher_testvec des3_ede_enc_tv_template[] = { "\xFB\x42\xF6\x59\x20\x54\x3F\x86" "\x69\x9D\x64\xCF\x56\xDA\xAD\x34" "\xB8\x03\xEA\x7D\xE1\x48\xD3\x47", - .ilen = 496, - .result = "\x4E\x9A\x40\x3D\x61\x7D\x17\xFA" + .ctext = "\x4E\x9A\x40\x3D\x61\x7D\x17\xFA" "\x16\x86\x88\x0B\xD8\xAE\xF8\xE4" "\x81\x01\x04\x00\x76\xFA\xED\xD3" "\x44\x7E\x21\x9D\xF0\xFB\x2B\x64" @@ -6511,186 +6145,21 @@ static const struct cipher_testvec des3_ede_enc_tv_template[] = { "\x12\xE1\x71\x4A\xF9\x2A\xF5\xF6" "\x93\x03\xD7\x51\x09\xFA\xBE\x68" "\xD8\x45\xFF\x33\xBA\xBB\x2B\x63", - .rlen = 496, + .len = 496, .also_non_np = 1, .np = 3, .tap = { 496 - 20, 4, 16 }, }, }; -static const struct cipher_testvec des3_ede_dec_tv_template[] = { - { /* These are from openssl */ - .key = "\x01\x23\x45\x67\x89\xab\xcd\xef" - "\x55\x55\x55\x55\x55\x55\x55\x55" - "\xfe\xdc\xba\x98\x76\x54\x32\x10", - .klen = 24, - .input = "\x18\xd7\x48\xe5\x63\x62\x05\x72", - .ilen = 8, - .result = "\x73\x6f\x6d\x65\x64\x61\x74\x61", - .rlen = 8, - }, { - .key = "\x03\x52\x02\x07\x67\x20\x82\x17" - "\x86\x02\x87\x66\x59\x08\x21\x98" - "\x64\x05\x6a\xbd\xfe\xa9\x34\x57", - .klen = 24, - .input = "\xc0\x7d\x2a\x0f\xa5\x66\xfa\x30", - .ilen = 8, - .result = "\x73\x71\x75\x69\x67\x67\x6c\x65", - .rlen = 8, - }, { - .key = "\x10\x46\x10\x34\x89\x98\x80\x20" - "\x91\x07\xd0\x15\x89\x19\x01\x01" - "\x19\x07\x92\x10\x98\x1a\x01\x01", - .klen = 24, - .input = "\xe1\xef\x62\xc3\x32\xfe\x82\x5b", - .ilen = 8, - .result = "\x00\x00\x00\x00\x00\x00\x00\x00", - .rlen = 8, - }, { /* Generated with Crypto++ */ - .key = "\xF3\x9C\xD6\xF3\x9C\xB9\x5A\x67" - "\x00\x5A\x67\x00\x2D\xCE\xEB\x2D" - "\xCE\xEB\xB4\x51\x72\xB4\x51\x72", - .klen = 24, - .input = "\x4E\x9A\x40\x3D\x61\x7D\x17\xFA" - "\x16\x86\x88\x0B\xD8\xAE\xF8\xE4" - "\x81\x01\x04\x00\x76\xFA\xED\xD3" - "\x44\x7E\x21\x9D\xF0\xFB\x2B\x64" - "\xCA\x4E\x90\xE0\xC0\x63\x28\x92" - "\xF3\x1F\xA4\x53\x2C\x77\xCC\x77" - "\x69\x56\xD0\x19\xAD\x00\x2D\x97" - "\xBC\xDE\x49\x6A\x82\xBC\x16\xE2" - "\x2F\x3E\x72\xEE\xD1\xCE\xFC\x1B" - "\xEA\x32\x56\xE4\x0B\xAF\x27\x36" - "\xAF\x08\xB9\x61\xB7\x48\x23\x27" - "\xEE\x4D\xC8\x79\x56\x06\xEB\xC7" - "\x5B\xCA\x0A\xC6\x5E\x5C\xCB\xB6" - "\x9D\xDA\x04\x59\xE2\x09\x48\x7E" - "\x6B\x37\xC6\xFE\x92\xA9\x1E\x6E" - "\x0D\x19\xFA\x33\x0F\xEE\x36\x68" - "\x11\xBB\xF9\x5A\x73\xAB\x3A\xEA" - "\xAC\x28\xD8\xD5\x27\xE8\x6B\x16" - "\x45\x86\x50\x01\x70\x35\x99\x92" - "\xDF\x0C\x07\x88\x8B\x7F\x9E\x4B" - "\xD2\x04\x84\x90\xC4\x27\xDF\x0A" - "\x49\xA8\xA7\x1A\x6D\x78\x16\xCA" - "\xB3\x18\x5C\xC3\x93\x63\x5A\x68" - "\x77\x02\xBA\xED\x62\x71\xB1\xD9" - "\x5E\xE5\x6F\x1A\xCC\x1D\xBE\x2E" - "\x11\xF3\xA6\x97\xCA\x8E\xBF\xB4" - "\x56\xA1\x36\x6B\xB1\x0A\x3E\x70" - "\xEA\xD7\xCD\x72\x7B\x79\xC8\xAD" - "\x6B\xFE\xFB\xBA\x64\xAE\x19\xC1" - "\x82\xCF\x8A\xA1\x50\x17\x7F\xB2" - "\x6F\x7B\x0F\x52\xC5\x3E\x4A\x52" - "\x3F\xD9\x3F\x01\xA6\x41\x1A\xB3" - "\xB3\x7A\x0E\x8E\x75\xB2\xB1\x5F" - "\xDB\xEA\x84\x13\x26\x6C\x85\x4E" - "\xAE\x6B\xDC\xE7\xE7\xAD\xB0\x06" - "\x5C\xBA\x92\xD0\x30\xBB\x8D\xD2" - "\xAE\x4C\x70\x85\xA0\x07\xE3\x2C" - "\xD1\x27\x9C\xCF\xDB\x13\xB7\xE5" - "\xF9\x6A\x02\xD0\x39\x9D\xB6\xE7" - "\xD1\x17\x25\x08\xF9\xA9\xA6\x67" - "\x38\x80\xD1\x22\xAB\x1A\xD7\x26" - "\xAD\xCA\x19\x1B\xFA\x18\xA7\x57" - "\x31\xEC\xC9\xED\xDB\x79\xC0\x48" - "\xAC\x31\x9F\x03\x8B\x62\x5B\x7E" - "\x0E\xA6\xD0\x64\xEE\xEA\x00\xFC" - "\x58\xC8\xDE\x51\x4E\x17\x15\x11" - "\x66\x58\xB6\x90\xDC\xDF\xA1\x49" - "\xCA\x79\xE9\x31\x31\x42\xDC\x56" - "\x0B\xCD\xB6\x0D\xC7\x64\xF7\x19" - "\xD9\x42\x05\x7F\xBC\x2F\xFC\x90" - "\xAE\x29\x86\xAA\x43\x7A\x4F\x6B" - "\xCE\xEA\xBC\x31\x8D\x65\x9D\x46" - "\xEA\x77\xB4\xF9\x58\xEA\x5D\x84" - "\xE4\xDC\x14\xBB\xBD\x15\x0E\xDA" - "\xD8\xE4\xA4\x5D\x61\xF9\x58\x0F" - "\xE4\x82\x77\xCE\x87\xC0\x09\xF0" - "\xD6\x10\x9E\x34\xE1\x0C\x67\x55" - "\x7B\x6D\xD5\x51\x4B\x00\xEE\xBA" - "\xF2\x7B\xBE\x75\x07\x42\x9D\x99" - "\x12\xE1\x71\x4A\xF9\x2A\xF5\xF6" - "\x93\x03\xD7\x51\x09\xFA\xBE\x68" - "\xD8\x45\xFF\x33\xBA\xBB\x2B\x63", - .ilen = 496, - .result = "\x05\xEC\x77\xFB\x42\xD5\x59\x20" - "\x8B\x12\x86\x69\xF0\x5B\xCF\x56" - "\x39\xAD\x34\x9F\x66\xEA\x7D\xC4" - "\x48\xD3\xBA\x0D\xB1\x18\xE3\x4A" - "\xFE\x41\x28\x5C\x27\x8E\x11\x85" - "\x6C\xF7\x5E\xC2\x55\x3C\xA0\x0B" - "\x92\x65\xE9\x70\xDB\x4F\xD6\xB9" - "\x00\xB4\x1F\xE6\x49\xFD\x44\x2F" - "\x53\x3A\x8D\x14\x98\x63\xCA\x5D" - "\xC1\xA8\x33\xA7\x0E\x91\x78\xEC" - "\x77\xDE\x42\xD5\xBC\x07\x8B\x12" - "\xE5\x4C\xF0\x5B\x22\x56\x39\x80" - "\x6B\x9F\x66\xC9\x50\xC4\xAF\x36" - "\xBA\x0D\x94\x7F\xE3\x4A\xDD\x41" - "\x28\xB3\x1A\x8E\x11\xF8\x43\xF7" - "\x5E\x21\x55\x3C\x87\x6E\x92\x65" - "\xCC\x57\xDB\xA2\x35\xB9\x00\xEB" - "\x72\xE6\x49\xD0\x44\x2F\xB6\x19" - "\x8D\x14\xFF\x46\xCA\x5D\x24\xA8" - "\x33\x9A\x6D\x91\x78\xC3\x77\xDE" - "\xA1\x08\xBC\x07\xEE\x71\xE5\x4C" - "\xD7\x5B\x22\xB5\x1C\x80\x6B\xF2" - "\x45\xC9\x50\x3B\xAF\x36\x99\x60" - "\x94\x7F\xC6\x4A\xDD\xA4\x0F\xB3" - "\x1A\xED\x74\xF8\x43\x2A\x5E\x21" - "\x88\x13\x87\x6E\xF1\x58\xCC\x57" - "\x3E\xA2\x35\x9C\x67\xEB\x72\xC5" - "\x49\xD0\xBB\x02\xB6\x19\xE0\x4B" - "\xFF\x46\x29\x5D\x24\x8F\x16\x9A" - "\x6D\xF4\x5F\xC3\xAA\x3D\xA1\x08" - "\x93\x7A\xEE\x71\xD8\x4C\xD7\xBE" - "\x01\xB5\x1C\xE7\x4E\xF2\x45\x2C" - "\x50\x3B\x82\x15\x99\x60\xCB\x52" - "\xC6\xA9\x30\xA4\x0F\x96\x79\xED" - "\x74\xDF\x43\x2A\xBD\x04\x88\x13" - "\xFA\x4D\xF1\x58\x23\x57\x3E\x81" - "\x68\x9C\x67\xCE\x51\xC5\xAC\x37" - "\xBB\x02\x95\x7C\xE0\x4B\xD2\x46" - "\x29\xB0\x1B\x8F\x16\xF9\x40\xF4" - "\x5F\x26\xAA\x3D\x84\x6F\x93\x7A" - "\xCD\x54\xD8\xA3\x0A\xBE\x01\xE8" - "\x73\xE7\x4E\xD1\x45\x2C\xB7\x1E" - "\x82\x15\xFC\x47\xCB\x52\x25\xA9" - "\x30\x9B\x62\x96\x79\xC0\x74\xDF" - "\xA6\x09\xBD\x04\xEF\x76\xFA\x4D" - "\xD4\x58\x23\x8A\x1D\x81\x68\xF3" - "\x5A\xCE\x51\x38\xAC\x37\x9E\x61" - "\x95\x7C\xC7\x4B\xD2\xA5\x0C\xB0" - "\x1B\xE2\x75\xF9\x40\x2B\x5F\x26" - "\x89\x10\x84\x6F\xF6\x59\xCD\x54" - "\x3F\xA3\x0A\x9D\x64\xE8\x73\xDA" - "\x4E\xD1\xB8\x03\xB7\x1E\xE1\x48" - "\xFC\x47\x2E\x52\x25\x8C\x17\x9B" - "\x62\xF5\x5C\xC0\xAB\x32\xA6\x09" - "\x90\x7B\xEF\x76\xD9\x4D\xD4\xBF" - "\x06\x8A\x1D\xE4\x4F\xF3\x5A\x2D" - "\x51\x38\x83\x6A\x9E\x61\xC8\x53" - "\xC7\xAE\x31\xA5\x0C\x97\x7E\xE2" - "\x75\xDC\x40\x2B\xB2\x05\x89\x10" - "\xFB\x42\xF6\x59\x20\x54\x3F\x86" - "\x69\x9D\x64\xCF\x56\xDA\xAD\x34" - "\xB8\x03\xEA\x7D\xE1\x48\xD3\x47", - .rlen = 496, - .also_non_np = 1, - .np = 3, - .tap = { 496 - 20, 4, 16 }, - }, -}; - -static const struct cipher_testvec des3_ede_cbc_enc_tv_template[] = { +static const struct cipher_testvec des3_ede_cbc_tv_template[] = { { /* Generated from openssl */ .key = "\xE9\xC0\xFF\x2E\x76\x0B\x64\x24" "\x44\x4D\x99\x5A\x12\xD6\x40\xC0" "\xEA\xC2\x84\xE8\x14\x95\xDB\xE8", .klen = 24, .iv = "\x7D\x33\x88\x93\x0F\x93\xB2\x42", - .input = "\x6f\x54\x20\x6f\x61\x4d\x79\x6e" + .ptext = "\x6f\x54\x20\x6f\x61\x4d\x79\x6e" "\x53\x20\x63\x65\x65\x72\x73\x74" "\x54\x20\x6f\x6f\x4d\x20\x6e\x61" "\x20\x79\x65\x53\x72\x63\x74\x65" @@ -6706,8 +6175,7 @@ static const struct cipher_testvec des3_ede_cbc_enc_tv_template[] = { "\x20\x6f\x61\x4d\x79\x6e\x53\x20" "\x63\x65\x65\x72\x73\x74\x54\x20" "\x6f\x6f\x4d\x20\x6e\x61\x0a\x79", - .ilen = 128, - .result = "\x0e\x2d\xb6\x97\x3c\x56\x33\xf4" + .ctext = "\x0e\x2d\xb6\x97\x3c\x56\x33\xf4" "\x67\x17\x21\xc7\x6e\x8a\xd5\x49" "\x74\xb3\x49\x05\xc5\x1c\xd0\xed" "\x12\x56\x5c\x53\x96\xb6\x00\x7d" @@ -6723,7 +6191,7 @@ static const struct cipher_testvec des3_ede_cbc_enc_tv_template[] = { "\xd6\xbc\x5a\xd3\x2d\x54\x43\xcc" "\x9d\xde\xa5\x70\xe9\x42\x45\x8a" "\x6b\xfa\xb1\x91\x13\xb0\xd9\x19", - .rlen = 128, + .len = 128, }, { /* Generated with Crypto++ */ .key = "\x9C\xD6\xF3\x9C\xB9\x5A\x67\x00" "\x5A\x67\x00\x2D\xCE\xEB\x2D\xCE" @@ -6731,7 +6199,7 @@ static const struct cipher_testvec des3_ede_cbc_enc_tv_template[] = { .klen = 24, .iv = "\xB2\xD7\x48\xED\x06\x44\xF9\x12" "\xB7\x28\x4D\x83\x24\x59\xF2\x17", - .input = "\x05\xEC\x77\xFB\x42\xD5\x59\x20" + .ptext = "\x05\xEC\x77\xFB\x42\xD5\x59\x20" "\x8B\x12\x86\x69\xF0\x5B\xCF\x56" "\x39\xAD\x34\x9F\x66\xEA\x7D\xC4" "\x48\xD3\xBA\x0D\xB1\x18\xE3\x4A" @@ -6793,125 +6261,7 @@ static const struct cipher_testvec des3_ede_cbc_enc_tv_template[] = { "\xFB\x42\xF6\x59\x20\x54\x3F\x86" "\x69\x9D\x64\xCF\x56\xDA\xAD\x34" "\xB8\x03\xEA\x7D\xE1\x48\xD3\x47", - .ilen = 496, - .result = "\xF8\xF6\xB5\x60\x5C\x5A\x75\x84" - "\x87\x81\x53\xBA\xC9\x6F\xEC\xD5" - "\x1E\x68\x8E\x85\x12\x86\x1D\x38" - "\x1C\x91\x40\xCC\x69\x6A\xD5\x35" - "\x0D\x7C\xB5\x07\x7C\x7B\x2A\xAF" - "\x32\xBC\xA1\xB3\x84\x31\x1B\x3C" - "\x0A\x2B\xFA\xD3\x9F\xB0\x8C\x37" - "\x8F\x9D\xA7\x6D\x6C\xFA\xD7\x90" - "\xE3\x69\x54\xED\x3A\xC4\xF1\x6B" - "\xB1\xCC\xFB\x7D\xD8\x8E\x17\x0B" - "\x9C\xF6\x4C\xD6\xFF\x03\x4E\xD9" - "\xE6\xA5\xAD\x25\xE6\x17\x69\x63" - "\x11\x35\x61\x94\x88\x7B\x1C\x48" - "\xF1\x24\x20\x29\x6B\x93\x1A\x8E" - "\x43\x03\x89\xD8\xB1\xDA\x47\x7B" - "\x79\x3A\x83\x76\xDA\xAE\xC6\xBB" - "\x22\xF8\xE8\x3D\x9A\x65\x54\xD8" - "\x4C\xE9\xE7\xE4\x63\x2F\x5C\x73" - "\x5A\xC3\xAE\x46\xA8\xCD\x57\xE6" - "\x67\x88\xA5\x20\x6F\x5F\x97\xC7" - "\xCC\x15\xA2\x0A\x93\xEA\x33\xE7" - "\x03\x5F\xEC\x64\x30\x6F\xEE\xD7" - "\x7E\xDF\xD6\xE9\x6F\x3F\xD6\x1E" - "\xBE\x67\x6C\x5B\x97\xA0\x09\xE6" - "\xEE\xFE\x55\xA3\x29\x65\xE0\x12" - "\xA1\x6A\x8A\x6F\xF2\xE6\xF1\x96" - "\x87\xFB\x9C\x05\xDD\x80\xEC\xFF" - "\xC5\xED\x50\xFE\xFC\x91\xCD\xCE" - "\x25\x2C\x5F\xD9\xAD\x95\x7D\x99" - "\xF0\x05\xC4\x71\x46\x5F\xF9\x0D" - "\xD2\x63\xDF\x9B\x96\x2E\x2B\xA6" - "\x2B\x1C\xD5\xFB\x96\x24\x60\x60" - "\x54\x40\xB8\x62\xA4\xF8\x46\x95" - "\x73\x28\xA3\xA6\x16\x2B\x17\xE7" - "\x7A\xF8\x62\x54\x3B\x64\x69\xE1" - "\x71\x34\x29\x5B\x4E\x05\x9B\xFA" - "\x5E\xF1\x96\xB7\xCE\x16\x9B\x59" - "\xF1\x1A\x4C\x51\x26\xFD\x79\xE2" - "\x3B\x8E\x71\x69\x6A\x91\xB6\x65" - "\x32\x09\xB8\xE4\x09\x1F\xEA\x39" - "\xCE\x20\x65\x9F\xD6\xD1\xC7\xF0" - "\x73\x50\x08\x56\x20\x9B\x94\x23" - "\x14\x39\xB7\x2B\xB1\x2D\x6D\x6F" - "\x41\x5B\xCC\xE2\x18\xAE\x62\x89" - "\x78\x8E\x67\x23\xD0\xFB\x2B\xE5" - "\x25\xC9\x48\x97\xB5\xD3\x17\xD5" - "\x6A\x9F\xA7\x48\x0C\x2B\x73\x3B" - "\x57\x08\xAE\x91\xF2\xB7\x57\x89" - "\xF4\xD0\xB0\x07\xB0\x42\x6C\xAF" - "\x98\x1A\xE7\xD1\xAC\x1E\xB5\x02" - "\xD4\x56\x42\x79\x79\x7F\x2A\x77" - "\x25\xE9\x7D\xC1\x88\x19\x2B\x49" - "\x6F\x46\x59\xAB\x56\x1F\x61\xE0" - "\x0C\x24\x9C\xC9\x5B\x63\xA9\x12" - "\xCF\x88\x96\xB6\xA8\x24\xC6\xA8" - "\x21\x85\x1A\x62\x7E\x34\xBB\xEB" - "\xBD\x02\x2A\xC7\xD8\x89\x80\xC5" - "\xB1\xBB\x60\xA5\x22\xFC\x6F\x38" - "\x02\x80\xA3\x28\x22\x75\xE1\xE9" - "\x90\xE9\xFA\x4B\x00\x10\xAC\x58" - "\x83\x70\xFF\x86\xE6\xAA\x0F\x1F" - "\x95\x63\x73\xA2\x44\xAC\xF8\xA5", - .rlen = 496, - .also_non_np = 1, - .np = 3, - .tap = { 496 - 20, 4, 16 }, - }, -}; - -static const struct cipher_testvec des3_ede_cbc_dec_tv_template[] = { - { /* Generated from openssl */ - .key = "\xE9\xC0\xFF\x2E\x76\x0B\x64\x24" - "\x44\x4D\x99\x5A\x12\xD6\x40\xC0" - "\xEA\xC2\x84\xE8\x14\x95\xDB\xE8", - .klen = 24, - .iv = "\x7D\x33\x88\x93\x0F\x93\xB2\x42", - .input = "\x0e\x2d\xb6\x97\x3c\x56\x33\xf4" - "\x67\x17\x21\xc7\x6e\x8a\xd5\x49" - "\x74\xb3\x49\x05\xc5\x1c\xd0\xed" - "\x12\x56\x5c\x53\x96\xb6\x00\x7d" - "\x90\x48\xfc\xf5\x8d\x29\x39\xcc" - "\x8a\xd5\x35\x18\x36\x23\x4e\xd7" - "\x76\xd1\xda\x0c\x94\x67\xbb\x04" - "\x8b\xf2\x03\x6c\xa8\xcf\xb6\xea" - "\x22\x64\x47\xaa\x8f\x75\x13\xbf" - "\x9f\xc2\xc3\xf0\xc9\x56\xc5\x7a" - "\x71\x63\x2e\x89\x7b\x1e\x12\xca" - "\xe2\x5f\xaf\xd8\xa4\xf8\xc9\x7a" - "\xd6\xf9\x21\x31\x62\x44\x45\xa6" - "\xd6\xbc\x5a\xd3\x2d\x54\x43\xcc" - "\x9d\xde\xa5\x70\xe9\x42\x45\x8a" - "\x6b\xfa\xb1\x91\x13\xb0\xd9\x19", - .ilen = 128, - .result = "\x6f\x54\x20\x6f\x61\x4d\x79\x6e" - "\x53\x20\x63\x65\x65\x72\x73\x74" - "\x54\x20\x6f\x6f\x4d\x20\x6e\x61" - "\x20\x79\x65\x53\x72\x63\x74\x65" - "\x20\x73\x6f\x54\x20\x6f\x61\x4d" - "\x79\x6e\x53\x20\x63\x65\x65\x72" - "\x73\x74\x54\x20\x6f\x6f\x4d\x20" - "\x6e\x61\x20\x79\x65\x53\x72\x63" - "\x74\x65\x20\x73\x6f\x54\x20\x6f" - "\x61\x4d\x79\x6e\x53\x20\x63\x65" - "\x65\x72\x73\x74\x54\x20\x6f\x6f" - "\x4d\x20\x6e\x61\x20\x79\x65\x53" - "\x72\x63\x74\x65\x20\x73\x6f\x54" - "\x20\x6f\x61\x4d\x79\x6e\x53\x20" - "\x63\x65\x65\x72\x73\x74\x54\x20" - "\x6f\x6f\x4d\x20\x6e\x61\x0a\x79", - .rlen = 128, - }, { /* Generated with Crypto++ */ - .key = "\x9C\xD6\xF3\x9C\xB9\x5A\x67\x00" - "\x5A\x67\x00\x2D\xCE\xEB\x2D\xCE" - "\xEB\xB4\x51\x72\xB4\x51\x72\x1F", - .klen = 24, - .iv = "\xB2\xD7\x48\xED\x06\x44\xF9\x12" - "\xB7\x28\x4D\x83\x24\x59\xF2\x17", - .input = "\xF8\xF6\xB5\x60\x5C\x5A\x75\x84" + .ctext = "\xF8\xF6\xB5\x60\x5C\x5A\x75\x84" "\x87\x81\x53\xBA\xC9\x6F\xEC\xD5" "\x1E\x68\x8E\x85\x12\x86\x1D\x38" "\x1C\x91\x40\xCC\x69\x6A\xD5\x35" @@ -6973,77 +6323,14 @@ static const struct cipher_testvec des3_ede_cbc_dec_tv_template[] = { "\x90\xE9\xFA\x4B\x00\x10\xAC\x58" "\x83\x70\xFF\x86\xE6\xAA\x0F\x1F" "\x95\x63\x73\xA2\x44\xAC\xF8\xA5", - .ilen = 496, - .result = "\x05\xEC\x77\xFB\x42\xD5\x59\x20" - "\x8B\x12\x86\x69\xF0\x5B\xCF\x56" - "\x39\xAD\x34\x9F\x66\xEA\x7D\xC4" - "\x48\xD3\xBA\x0D\xB1\x18\xE3\x4A" - "\xFE\x41\x28\x5C\x27\x8E\x11\x85" - "\x6C\xF7\x5E\xC2\x55\x3C\xA0\x0B" - "\x92\x65\xE9\x70\xDB\x4F\xD6\xB9" - "\x00\xB4\x1F\xE6\x49\xFD\x44\x2F" - "\x53\x3A\x8D\x14\x98\x63\xCA\x5D" - "\xC1\xA8\x33\xA7\x0E\x91\x78\xEC" - "\x77\xDE\x42\xD5\xBC\x07\x8B\x12" - "\xE5\x4C\xF0\x5B\x22\x56\x39\x80" - "\x6B\x9F\x66\xC9\x50\xC4\xAF\x36" - "\xBA\x0D\x94\x7F\xE3\x4A\xDD\x41" - "\x28\xB3\x1A\x8E\x11\xF8\x43\xF7" - "\x5E\x21\x55\x3C\x87\x6E\x92\x65" - "\xCC\x57\xDB\xA2\x35\xB9\x00\xEB" - "\x72\xE6\x49\xD0\x44\x2F\xB6\x19" - "\x8D\x14\xFF\x46\xCA\x5D\x24\xA8" - "\x33\x9A\x6D\x91\x78\xC3\x77\xDE" - "\xA1\x08\xBC\x07\xEE\x71\xE5\x4C" - "\xD7\x5B\x22\xB5\x1C\x80\x6B\xF2" - "\x45\xC9\x50\x3B\xAF\x36\x99\x60" - "\x94\x7F\xC6\x4A\xDD\xA4\x0F\xB3" - "\x1A\xED\x74\xF8\x43\x2A\x5E\x21" - "\x88\x13\x87\x6E\xF1\x58\xCC\x57" - "\x3E\xA2\x35\x9C\x67\xEB\x72\xC5" - "\x49\xD0\xBB\x02\xB6\x19\xE0\x4B" - "\xFF\x46\x29\x5D\x24\x8F\x16\x9A" - "\x6D\xF4\x5F\xC3\xAA\x3D\xA1\x08" - "\x93\x7A\xEE\x71\xD8\x4C\xD7\xBE" - "\x01\xB5\x1C\xE7\x4E\xF2\x45\x2C" - "\x50\x3B\x82\x15\x99\x60\xCB\x52" - "\xC6\xA9\x30\xA4\x0F\x96\x79\xED" - "\x74\xDF\x43\x2A\xBD\x04\x88\x13" - "\xFA\x4D\xF1\x58\x23\x57\x3E\x81" - "\x68\x9C\x67\xCE\x51\xC5\xAC\x37" - "\xBB\x02\x95\x7C\xE0\x4B\xD2\x46" - "\x29\xB0\x1B\x8F\x16\xF9\x40\xF4" - "\x5F\x26\xAA\x3D\x84\x6F\x93\x7A" - "\xCD\x54\xD8\xA3\x0A\xBE\x01\xE8" - "\x73\xE7\x4E\xD1\x45\x2C\xB7\x1E" - "\x82\x15\xFC\x47\xCB\x52\x25\xA9" - "\x30\x9B\x62\x96\x79\xC0\x74\xDF" - "\xA6\x09\xBD\x04\xEF\x76\xFA\x4D" - "\xD4\x58\x23\x8A\x1D\x81\x68\xF3" - "\x5A\xCE\x51\x38\xAC\x37\x9E\x61" - "\x95\x7C\xC7\x4B\xD2\xA5\x0C\xB0" - "\x1B\xE2\x75\xF9\x40\x2B\x5F\x26" - "\x89\x10\x84\x6F\xF6\x59\xCD\x54" - "\x3F\xA3\x0A\x9D\x64\xE8\x73\xDA" - "\x4E\xD1\xB8\x03\xB7\x1E\xE1\x48" - "\xFC\x47\x2E\x52\x25\x8C\x17\x9B" - "\x62\xF5\x5C\xC0\xAB\x32\xA6\x09" - "\x90\x7B\xEF\x76\xD9\x4D\xD4\xBF" - "\x06\x8A\x1D\xE4\x4F\xF3\x5A\x2D" - "\x51\x38\x83\x6A\x9E\x61\xC8\x53" - "\xC7\xAE\x31\xA5\x0C\x97\x7E\xE2" - "\x75\xDC\x40\x2B\xB2\x05\x89\x10" - "\xFB\x42\xF6\x59\x20\x54\x3F\x86" - "\x69\x9D\x64\xCF\x56\xDA\xAD\x34" - "\xB8\x03\xEA\x7D\xE1\x48\xD3\x47", - .rlen = 496, + .len = 496, .also_non_np = 1, .np = 3, .tap = { 496 - 20, 4, 16 }, }, }; -static const struct cipher_testvec des3_ede_ctr_enc_tv_template[] = { +static const struct cipher_testvec des3_ede_ctr_tv_template[] = { { /* Generated with Crypto++ */ .key = "\x9C\xD6\xF3\x9C\xB9\x5A\x67\x00" "\x5A\x67\x00\x2D\xCE\xEB\x2D\xCE" @@ -7051,7 +6338,7 @@ static const struct cipher_testvec des3_ede_ctr_enc_tv_template[] = { .klen = 24, .iv = "\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF" "\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFD", - .input = "\x05\xEC\x77\xFB\x42\xD5\x59\x20" + .ptext = "\x05\xEC\x77\xFB\x42\xD5\x59\x20" "\x8B\x12\x86\x69\xF0\x5B\xCF\x56" "\x39\xAD\x34\x9F\x66\xEA\x7D\xC4" "\x48\xD3\xBA\x0D\xB1\x18\xE3\x4A" @@ -7113,8 +6400,7 @@ static const struct cipher_testvec des3_ede_ctr_enc_tv_template[] = { "\xFB\x42\xF6\x59\x20\x54\x3F\x86" "\x69\x9D\x64\xCF\x56\xDA\xAD\x34" "\xB8\x03\xEA\x7D\xE1\x48\xD3\x47", - .ilen = 496, - .result = "\x07\xC2\x08\x20\x72\x1F\x49\xEF" + .ctext = "\x07\xC2\x08\x20\x72\x1F\x49\xEF" "\x19\xCD\x6F\x32\x53\x05\x22\x15" "\xA2\x85\x2B\xDB\x85\xD2\xD8\xB9" "\xDD\x0D\x1B\x45\xCB\x69\x11\xD4" @@ -7176,7 +6462,7 @@ static const struct cipher_testvec des3_ede_ctr_enc_tv_template[] = { "\x46\xB9\x91\xB6\xE7\x3D\x51\x42" "\xFD\x51\xB0\xC6\x2C\x63\x13\x78" "\x5C\xEE\xFC\xCF\xC4\x70\x00\x34", - .rlen = 496, + .len = 496, .also_non_np = 1, .np = 3, .tap = { 496 - 20, 4, 16 }, @@ -7187,7 +6473,7 @@ static const struct cipher_testvec des3_ede_ctr_enc_tv_template[] = { .klen = 24, .iv = "\xB2\xD7\x48\xED\x06\x44\xF9\x12" "\xB7\x28\x4D\x83\x24\x59\xF2\x17", - .input = "\x05\xEC\x77\xFB\x42\xD5\x59\x20" + .ptext = "\x05\xEC\x77\xFB\x42\xD5\x59\x20" "\x8B\x12\x86\x69\xF0\x5B\xCF\x56" "\x39\xAD\x34\x9F\x66\xEA\x7D\xC4" "\x48\xD3\xBA\x0D\xB1\x18\xE3\x4A" @@ -7250,222 +6536,7 @@ static const struct cipher_testvec des3_ede_ctr_enc_tv_template[] = { "\x69\x9D\x64\xCF\x56\xDA\xAD\x34" "\xB8\x03\xEA\x7D\xE1\x48\xD3\x47" "\x2E\xB1\x18", - .ilen = 499, - .result = "\x23\xFF\x5C\x99\x75\xBB\x1F\xD4" - "\xBC\x27\x9D\x36\x60\xA9\xC9\xF7" - "\x94\x9D\x1B\xFF\x8E\x95\x57\x89" - "\x8C\x2E\x33\x70\x43\x61\xE6\xD2" - "\x82\x33\x63\xB6\xC4\x34\x5E\xF8" - "\x96\x07\xA7\xD2\x3B\x8E\xC9\xAA" - "\x7C\xA0\x55\x89\x2E\xE1\x85\x25" - "\x14\x04\xDA\x6B\xE0\xEE\x56\xCF" - "\x08\x2E\x69\xD4\x54\xDE\x22\x84" - "\x69\xA6\xA7\xD3\x3A\x9A\xE8\x05" - "\x63\xDB\xBF\x46\x3A\x26\x2E\x0F" - "\x58\x5C\x46\xEA\x07\x40\xDA\xE1" - "\x14\x1D\xCD\x4F\x06\xC0\xCA\x54" - "\x1E\xC9\x45\x85\x67\x7C\xC2\xB5" - "\x97\x5D\x61\x78\x2E\x46\xEC\x6A" - "\x53\xF4\xD0\xAE\xFA\xB4\x86\x29" - "\x9F\x17\x33\x24\xD8\xB9\xB2\x05" - "\x93\x88\xEA\xF7\xA0\x70\x69\x49" - "\x88\x6B\x73\x40\x41\x8D\xD9\xD9" - "\x7E\x78\xE9\xBE\x6C\x14\x22\x7A" - "\x66\xE1\xDA\xED\x10\xFF\x69\x1D" - "\xB9\xAA\xF2\x56\x72\x1B\x23\xE2" - "\x45\x54\x8B\xA3\x70\x23\xB4\x5E" - "\x8E\x96\xC9\x05\x00\xB3\xB6\xC2" - "\x2A\x02\x43\x7A\x62\xD5\xC8\xD2" - "\xC2\xD0\xE4\x78\xA1\x7B\x3E\xE8" - "\x9F\x7F\x7D\x40\x54\x30\x3B\xC0" - "\xA5\x54\xFD\xCA\x25\xEC\x44\x3E" - "\x1A\x54\x7F\x88\xD0\xE1\xFE\x71" - "\xCE\x05\x49\x89\xBA\xD6\x72\xE7" - "\xD6\x5D\x3F\xA2\xD9\xAB\xC5\x02" - "\xD6\x43\x22\xAF\xA2\xE4\x80\x85" - "\xD7\x87\xB9\xEA\x43\xDB\xC8\xEF" - "\x5C\x82\x2E\x98\x0D\x30\x41\x6B" - "\x08\x48\x8D\xF0\xF8\x60\xD7\x9D" - "\xE9\xDE\x40\xAD\x0D\xAD\x0D\x58" - "\x2A\x98\x35\xFE\xF7\xDD\x4B\x40" - "\xDE\xB0\x05\xD9\x7B\x09\x4D\xBC" - "\x42\xC0\xF1\x15\x0B\xFA\x26\x6B" - "\xC6\x12\x13\x4F\xCB\x35\xBA\x35" - "\xDD\x7A\x36\x9C\x12\x57\x55\x83" - "\x78\x58\x09\xD0\xB0\xCF\x7C\x5C" - "\x38\xCF\xBD\x79\x5B\x13\x4D\x97" - "\xC1\x85\x6F\x97\xC9\xE8\xC2\xA4" - "\x98\xE2\xBD\x77\x6B\x53\x39\x1A" - "\x28\x10\xE7\xE0\xE7\xDE\x9D\x69" - "\x78\x6F\x8E\xD2\xD9\x5D\xD2\x15" - "\x9E\xB5\x4D\x8C\xC0\x78\x22\x2F" - "\x17\x11\x2E\x99\xD7\xE3\xA4\x4F" - "\x65\xA5\x6B\x03\x2C\x35\x6F\xDA" - "\x8A\x19\x08\xE1\x08\x48\x59\x51" - "\x53\x4B\xD1\xDF\xDA\x14\x50\x5F" - "\xDF\xB5\x8C\xDF\xC6\xFD\x85\xFA" - "\xD4\xF9\x64\x45\x65\x0D\x7D\xF4" - "\xC8\xCD\x3F\x32\xAF\xDD\x30\xED" - "\x7B\xAA\xAC\xF0\xDA\x7F\xDF\x75" - "\x1C\xA4\xF1\xCB\x5E\x4F\x0B\xB4" - "\x97\x73\x28\xDE\xCF\xAF\x82\xBD" - "\xC4\xBA\xB4\x9C\x0D\x16\x77\x42" - "\x42\x39\x7C\x53\xA4\xD4\xDD\x40" - "\x5C\x60\x1F\x6E\xA7\xE2\xDC\xE7" - "\x32\x0F\x05\x2F\xF2\x4C\x95\x3B" - "\xF2\x79\xD9", - .rlen = 499, - .also_non_np = 1, - .np = 2, - .tap = { 499 - 16, 16 }, - }, -}; - -static const struct cipher_testvec des3_ede_ctr_dec_tv_template[] = { - { /* Generated with Crypto++ */ - .key = "\x9C\xD6\xF3\x9C\xB9\x5A\x67\x00" - "\x5A\x67\x00\x2D\xCE\xEB\x2D\xCE" - "\xEB\xB4\x51\x72\xB4\x51\x72\x1F", - .klen = 24, - .iv = "\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF" - "\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFD", - .input = "\x07\xC2\x08\x20\x72\x1F\x49\xEF" - "\x19\xCD\x6F\x32\x53\x05\x22\x15" - "\xA2\x85\x2B\xDB\x85\xD2\xD8\xB9" - "\xDD\x0D\x1B\x45\xCB\x69\x11\xD4" - "\xEA\xBE\xB2\x45\x5D\x0C\xAE\xBE" - "\xA0\xC1\x27\xAC\x65\x9F\x53\x7E" - "\xAF\xC2\x1B\xB5\xB8\x6D\x36\x0C" - "\x25\xC0\xF8\x6D\x0B\x29\x01\xDA" - "\x13\x78\xDC\x89\x12\x12\x43\xFA" - "\xF6\x12\xEF\x8D\x87\x62\x78\x83" - "\xE2\xBE\x41\x20\x4C\x6D\x35\x1B" - "\xD1\x0C\x30\xCF\xE2\xDE\x2B\x03" - "\xBF\x45\x73\xD4\xE5\x59\x95\xD1" - "\xB3\x9B\x27\x62\x97\xBD\xDE\x7F" - "\xA4\xD2\x39\x80\xAA\x50\x23\xF0" - "\x74\x88\x3D\xA8\x6A\x18\x79\x3B" - "\xC4\x96\x6C\x8D\x22\x40\x92\x6E" - "\xD6\xAD\x2A\x1F\xDE\x63\xC0\xE7" - "\x07\xF7\x2D\xF7\xB5\xF3\xF0\xCC" - "\x01\x7C\x2A\x9B\xC2\x10\xCA\xAA" - "\xFD\x2B\x3F\xC5\xF3\xF6\xFC\x9B" - "\x45\xDB\x53\xE4\x5B\xF3\xC9\x7B" - "\x8E\x52\xFF\xC8\x02\xB8\xAC\x9D" - "\xA1\x00\x39\xDA\x3D\x2D\x0E\x01" - "\x09\x7D\x8D\x5E\xBE\x53\xB9\xB0" - "\x8E\xE7\xE2\x96\x6A\xB2\x78\xEA" - "\xDE\x23\x8B\xA5\xFA\x5C\xE3\xDA" - "\xBF\x8E\x31\x6A\x55\xD1\x6A\xB2" - "\xB5\x46\x6F\xA5\xF0\xEE\xBA\x1F" - "\x9F\x98\xB0\x66\x4F\xD0\x3F\xA9" - "\xDF\x5F\x58\xC4\xF4\xFF\x75\x5C" - "\x40\x3A\x09\x7E\x6E\x1C\x97\xD4" - "\xCC\xE7\xE7\x71\xCF\x0B\x15\x08" - "\x71\xFA\x07\x97\xCD\xE6\xCA\x1D" - "\x14\x28\x0C\xCF\x99\x13\x7A\xF1" - "\xEB\xFA\xFA\x92\x07\xDE\x1D\xA1" - "\xD3\x36\x69\xFE\x51\x4D\x9F\x2E" - "\x83\x37\x4F\x1F\x48\x30\xED\x04" - "\x4D\xA4\xEF\x3A\xCA\x76\xF4\x1C" - "\x41\x8F\x63\x37\x78\x2F\x86\xA6" - "\xEF\x41\x7E\xD2\xAF\x88\xAB\x67" - "\x52\x71\xC3\x8E\xF8\x26\x93\x72" - "\xAA\xD6\x0E\xE7\x0B\x46\xB1\x3A" - "\xB4\x08\xA9\xA8\xA0\xCF\x20\x0C" - "\x52\xBC\x8B\x05\x56\xB2\xBC\x31" - "\x9B\x74\xB9\x29\x29\x96\x9A\x50" - "\xDC\x45\xDC\x1A\xEB\x0C\x64\xD4" - "\xD3\x05\x7E\x59\x55\xC3\xF4\x90" - "\xC2\xAB\xF8\x9B\x8A\xDA\xCE\xA1" - "\xC3\xF4\xAD\x77\xDD\x44\xC8\xAC" - "\xA3\xF1\xC9\xD2\x19\x5C\xB0\xCA" - "\xA2\x34\xC1\xF7\x6C\xFD\xAC\x65" - "\x32\xDC\x48\xC4\xF2\x00\x6B\x77" - "\xF1\x7D\x76\xAC\xC0\x31\x63\x2A" - "\xA5\x3A\x62\xC8\x91\xB1\x03\x65" - "\xCB\x43\xD1\x06\xDF\xC3\x67\xBC" - "\xDC\xE0\xCD\x35\xCE\x49\x65\xA0" - "\x52\x7B\xA7\x0D\x07\xA9\x1B\xB0" - "\x40\x77\x72\xC2\xEA\x0E\x3A\x78" - "\x46\xB9\x91\xB6\xE7\x3D\x51\x42" - "\xFD\x51\xB0\xC6\x2C\x63\x13\x78" - "\x5C\xEE\xFC\xCF\xC4\x70\x00\x34", - .ilen = 496, - .result = "\x05\xEC\x77\xFB\x42\xD5\x59\x20" - "\x8B\x12\x86\x69\xF0\x5B\xCF\x56" - "\x39\xAD\x34\x9F\x66\xEA\x7D\xC4" - "\x48\xD3\xBA\x0D\xB1\x18\xE3\x4A" - "\xFE\x41\x28\x5C\x27\x8E\x11\x85" - "\x6C\xF7\x5E\xC2\x55\x3C\xA0\x0B" - "\x92\x65\xE9\x70\xDB\x4F\xD6\xB9" - "\x00\xB4\x1F\xE6\x49\xFD\x44\x2F" - "\x53\x3A\x8D\x14\x98\x63\xCA\x5D" - "\xC1\xA8\x33\xA7\x0E\x91\x78\xEC" - "\x77\xDE\x42\xD5\xBC\x07\x8B\x12" - "\xE5\x4C\xF0\x5B\x22\x56\x39\x80" - "\x6B\x9F\x66\xC9\x50\xC4\xAF\x36" - "\xBA\x0D\x94\x7F\xE3\x4A\xDD\x41" - "\x28\xB3\x1A\x8E\x11\xF8\x43\xF7" - "\x5E\x21\x55\x3C\x87\x6E\x92\x65" - "\xCC\x57\xDB\xA2\x35\xB9\x00\xEB" - "\x72\xE6\x49\xD0\x44\x2F\xB6\x19" - "\x8D\x14\xFF\x46\xCA\x5D\x24\xA8" - "\x33\x9A\x6D\x91\x78\xC3\x77\xDE" - "\xA1\x08\xBC\x07\xEE\x71\xE5\x4C" - "\xD7\x5B\x22\xB5\x1C\x80\x6B\xF2" - "\x45\xC9\x50\x3B\xAF\x36\x99\x60" - "\x94\x7F\xC6\x4A\xDD\xA4\x0F\xB3" - "\x1A\xED\x74\xF8\x43\x2A\x5E\x21" - "\x88\x13\x87\x6E\xF1\x58\xCC\x57" - "\x3E\xA2\x35\x9C\x67\xEB\x72\xC5" - "\x49\xD0\xBB\x02\xB6\x19\xE0\x4B" - "\xFF\x46\x29\x5D\x24\x8F\x16\x9A" - "\x6D\xF4\x5F\xC3\xAA\x3D\xA1\x08" - "\x93\x7A\xEE\x71\xD8\x4C\xD7\xBE" - "\x01\xB5\x1C\xE7\x4E\xF2\x45\x2C" - "\x50\x3B\x82\x15\x99\x60\xCB\x52" - "\xC6\xA9\x30\xA4\x0F\x96\x79\xED" - "\x74\xDF\x43\x2A\xBD\x04\x88\x13" - "\xFA\x4D\xF1\x58\x23\x57\x3E\x81" - "\x68\x9C\x67\xCE\x51\xC5\xAC\x37" - "\xBB\x02\x95\x7C\xE0\x4B\xD2\x46" - "\x29\xB0\x1B\x8F\x16\xF9\x40\xF4" - "\x5F\x26\xAA\x3D\x84\x6F\x93\x7A" - "\xCD\x54\xD8\xA3\x0A\xBE\x01\xE8" - "\x73\xE7\x4E\xD1\x45\x2C\xB7\x1E" - "\x82\x15\xFC\x47\xCB\x52\x25\xA9" - "\x30\x9B\x62\x96\x79\xC0\x74\xDF" - "\xA6\x09\xBD\x04\xEF\x76\xFA\x4D" - "\xD4\x58\x23\x8A\x1D\x81\x68\xF3" - "\x5A\xCE\x51\x38\xAC\x37\x9E\x61" - "\x95\x7C\xC7\x4B\xD2\xA5\x0C\xB0" - "\x1B\xE2\x75\xF9\x40\x2B\x5F\x26" - "\x89\x10\x84\x6F\xF6\x59\xCD\x54" - "\x3F\xA3\x0A\x9D\x64\xE8\x73\xDA" - "\x4E\xD1\xB8\x03\xB7\x1E\xE1\x48" - "\xFC\x47\x2E\x52\x25\x8C\x17\x9B" - "\x62\xF5\x5C\xC0\xAB\x32\xA6\x09" - "\x90\x7B\xEF\x76\xD9\x4D\xD4\xBF" - "\x06\x8A\x1D\xE4\x4F\xF3\x5A\x2D" - "\x51\x38\x83\x6A\x9E\x61\xC8\x53" - "\xC7\xAE\x31\xA5\x0C\x97\x7E\xE2" - "\x75\xDC\x40\x2B\xB2\x05\x89\x10" - "\xFB\x42\xF6\x59\x20\x54\x3F\x86" - "\x69\x9D\x64\xCF\x56\xDA\xAD\x34" - "\xB8\x03\xEA\x7D\xE1\x48\xD3\x47", - .rlen = 496, - .also_non_np = 1, - .np = 3, - .tap = { 496 - 20, 4, 16 }, - }, { /* Generated with Crypto++ */ - .key = "\x9C\xD6\xF3\x9C\xB9\x5A\x67\x00" - "\x5A\x67\x00\x2D\xCE\xEB\x2D\xCE" - "\xEB\xB4\x51\x72\xB4\x51\x72\x1F", - .klen = 24, - .iv = "\xB2\xD7\x48\xED\x06\x44\xF9\x12" - "\xB7\x28\x4D\x83\x24\x59\xF2\x17", - .input = "\x23\xFF\x5C\x99\x75\xBB\x1F\xD4" + .ctext = "\x23\xFF\x5C\x99\x75\xBB\x1F\xD4" "\xBC\x27\x9D\x36\x60\xA9\xC9\xF7" "\x94\x9D\x1B\xFF\x8E\x95\x57\x89" "\x8C\x2E\x33\x70\x43\x61\xE6\xD2" @@ -7528,71 +6599,7 @@ static const struct cipher_testvec des3_ede_ctr_dec_tv_template[] = { "\x5C\x60\x1F\x6E\xA7\xE2\xDC\xE7" "\x32\x0F\x05\x2F\xF2\x4C\x95\x3B" "\xF2\x79\xD9", - .ilen = 499, - .result = "\x05\xEC\x77\xFB\x42\xD5\x59\x20" - "\x8B\x12\x86\x69\xF0\x5B\xCF\x56" - "\x39\xAD\x34\x9F\x66\xEA\x7D\xC4" - "\x48\xD3\xBA\x0D\xB1\x18\xE3\x4A" - "\xFE\x41\x28\x5C\x27\x8E\x11\x85" - "\x6C\xF7\x5E\xC2\x55\x3C\xA0\x0B" - "\x92\x65\xE9\x70\xDB\x4F\xD6\xB9" - "\x00\xB4\x1F\xE6\x49\xFD\x44\x2F" - "\x53\x3A\x8D\x14\x98\x63\xCA\x5D" - "\xC1\xA8\x33\xA7\x0E\x91\x78\xEC" - "\x77\xDE\x42\xD5\xBC\x07\x8B\x12" - "\xE5\x4C\xF0\x5B\x22\x56\x39\x80" - "\x6B\x9F\x66\xC9\x50\xC4\xAF\x36" - "\xBA\x0D\x94\x7F\xE3\x4A\xDD\x41" - "\x28\xB3\x1A\x8E\x11\xF8\x43\xF7" - "\x5E\x21\x55\x3C\x87\x6E\x92\x65" - "\xCC\x57\xDB\xA2\x35\xB9\x00\xEB" - "\x72\xE6\x49\xD0\x44\x2F\xB6\x19" - "\x8D\x14\xFF\x46\xCA\x5D\x24\xA8" - "\x33\x9A\x6D\x91\x78\xC3\x77\xDE" - "\xA1\x08\xBC\x07\xEE\x71\xE5\x4C" - "\xD7\x5B\x22\xB5\x1C\x80\x6B\xF2" - "\x45\xC9\x50\x3B\xAF\x36\x99\x60" - "\x94\x7F\xC6\x4A\xDD\xA4\x0F\xB3" - "\x1A\xED\x74\xF8\x43\x2A\x5E\x21" - "\x88\x13\x87\x6E\xF1\x58\xCC\x57" - "\x3E\xA2\x35\x9C\x67\xEB\x72\xC5" - "\x49\xD0\xBB\x02\xB6\x19\xE0\x4B" - "\xFF\x46\x29\x5D\x24\x8F\x16\x9A" - "\x6D\xF4\x5F\xC3\xAA\x3D\xA1\x08" - "\x93\x7A\xEE\x71\xD8\x4C\xD7\xBE" - "\x01\xB5\x1C\xE7\x4E\xF2\x45\x2C" - "\x50\x3B\x82\x15\x99\x60\xCB\x52" - "\xC6\xA9\x30\xA4\x0F\x96\x79\xED" - "\x74\xDF\x43\x2A\xBD\x04\x88\x13" - "\xFA\x4D\xF1\x58\x23\x57\x3E\x81" - "\x68\x9C\x67\xCE\x51\xC5\xAC\x37" - "\xBB\x02\x95\x7C\xE0\x4B\xD2\x46" - "\x29\xB0\x1B\x8F\x16\xF9\x40\xF4" - "\x5F\x26\xAA\x3D\x84\x6F\x93\x7A" - "\xCD\x54\xD8\xA3\x0A\xBE\x01\xE8" - "\x73\xE7\x4E\xD1\x45\x2C\xB7\x1E" - "\x82\x15\xFC\x47\xCB\x52\x25\xA9" - "\x30\x9B\x62\x96\x79\xC0\x74\xDF" - "\xA6\x09\xBD\x04\xEF\x76\xFA\x4D" - "\xD4\x58\x23\x8A\x1D\x81\x68\xF3" - "\x5A\xCE\x51\x38\xAC\x37\x9E\x61" - "\x95\x7C\xC7\x4B\xD2\xA5\x0C\xB0" - "\x1B\xE2\x75\xF9\x40\x2B\x5F\x26" - "\x89\x10\x84\x6F\xF6\x59\xCD\x54" - "\x3F\xA3\x0A\x9D\x64\xE8\x73\xDA" - "\x4E\xD1\xB8\x03\xB7\x1E\xE1\x48" - "\xFC\x47\x2E\x52\x25\x8C\x17\x9B" - "\x62\xF5\x5C\xC0\xAB\x32\xA6\x09" - "\x90\x7B\xEF\x76\xD9\x4D\xD4\xBF" - "\x06\x8A\x1D\xE4\x4F\xF3\x5A\x2D" - "\x51\x38\x83\x6A\x9E\x61\xC8\x53" - "\xC7\xAE\x31\xA5\x0C\x97\x7E\xE2" - "\x75\xDC\x40\x2B\xB2\x05\x89\x10" - "\xFB\x42\xF6\x59\x20\x54\x3F\x86" - "\x69\x9D\x64\xCF\x56\xDA\xAD\x34" - "\xB8\x03\xEA\x7D\xE1\x48\xD3\x47" - "\x2E\xB1\x18", - .rlen = 499, + .len = 499, .also_non_np = 1, .np = 2, .tap = { 499 - 16, 16 }, @@ -7602,45 +6609,40 @@ static const struct cipher_testvec des3_ede_ctr_dec_tv_template[] = { /* * Blowfish test vectors. */ -static const struct cipher_testvec bf_enc_tv_template[] = { +static const struct cipher_testvec bf_tv_template[] = { { /* DES test vectors from OpenSSL */ .key = "\x00\x00\x00\x00\x00\x00\x00\x00", .klen = 8, - .input = "\x00\x00\x00\x00\x00\x00\x00\x00", - .ilen = 8, - .result = "\x4e\xf9\x97\x45\x61\x98\xdd\x78", - .rlen = 8, + .ptext = "\x00\x00\x00\x00\x00\x00\x00\x00", + .ctext = "\x4e\xf9\x97\x45\x61\x98\xdd\x78", + .len = 8, }, { .key = "\x1f\x1f\x1f\x1f\x0e\x0e\x0e\x0e", .klen = 8, - .input = "\x01\x23\x45\x67\x89\xab\xcd\xef", - .ilen = 8, - .result = "\xa7\x90\x79\x51\x08\xea\x3c\xae", - .rlen = 8, + .ptext = "\x01\x23\x45\x67\x89\xab\xcd\xef", + .ctext = "\xa7\x90\x79\x51\x08\xea\x3c\xae", + .len = 8, }, { .key = "\xf0\xe1\xd2\xc3\xb4\xa5\x96\x87", .klen = 8, - .input = "\xfe\xdc\xba\x98\x76\x54\x32\x10", - .ilen = 8, - .result = "\xe8\x7a\x24\x4e\x2c\xc8\x5e\x82", - .rlen = 8, + .ptext = "\xfe\xdc\xba\x98\x76\x54\x32\x10", + .ctext = "\xe8\x7a\x24\x4e\x2c\xc8\x5e\x82", + .len = 8, }, { /* Vary the keylength... */ .key = "\xf0\xe1\xd2\xc3\xb4\xa5\x96\x87" "\x78\x69\x5a\x4b\x3c\x2d\x1e\x0f", .klen = 16, - .input = "\xfe\xdc\xba\x98\x76\x54\x32\x10", - .ilen = 8, - .result = "\x93\x14\x28\x87\xee\x3b\xe1\x5c", - .rlen = 8, + .ptext = "\xfe\xdc\xba\x98\x76\x54\x32\x10", + .ctext = "\x93\x14\x28\x87\xee\x3b\xe1\x5c", + .len = 8, }, { .key = "\xf0\xe1\xd2\xc3\xb4\xa5\x96\x87" "\x78\x69\x5a\x4b\x3c\x2d\x1e\x0f" "\x00\x11\x22\x33\x44", .klen = 21, - .input = "\xfe\xdc\xba\x98\x76\x54\x32\x10", - .ilen = 8, - .result = "\xe6\xf5\x1e\xd7\x9b\x9d\xb2\x1f", - .rlen = 8, + .ptext = "\xfe\xdc\xba\x98\x76\x54\x32\x10", + .ctext = "\xe6\xf5\x1e\xd7\x9b\x9d\xb2\x1f", + .len = 8, }, { /* Generated with bf488 */ .key = "\xf0\xe1\xd2\xc3\xb4\xa5\x96\x87" "\x78\x69\x5a\x4b\x3c\x2d\x1e\x0f" @@ -7650,17 +6652,16 @@ static const struct cipher_testvec bf_enc_tv_template[] = { "\x1f\x1f\x1f\x1f\x0e\x0e\x0e\x0e" "\xff\xff\xff\xff\xff\xff\xff\xff", .klen = 56, - .input = "\xfe\xdc\xba\x98\x76\x54\x32\x10", - .ilen = 8, - .result = "\xc0\x45\x04\x01\x2e\x4e\x1f\x53", - .rlen = 8, + .ptext = "\xfe\xdc\xba\x98\x76\x54\x32\x10", + .ctext = "\xc0\x45\x04\x01\x2e\x4e\x1f\x53", + .len = 8, }, { /* Generated with Crypto++ */ .key = "\x85\x62\x3F\x1C\xF9\xD6\x1C\xF9" "\xD6\xB3\x90\x6D\x4A\x90\x6D\x4A" "\x27\x04\xE1\x27\x04\xE1\xBE\x9B" "\x78\xBE\x9B\x78\x55\x32\x0F\x55", .klen = 32, - .input = "\x56\xED\x84\x1B\x8F\x26\xBD\x31" + .ptext = "\x56\xED\x84\x1B\x8F\x26\xBD\x31" "\xC8\x5F\xF6\x6A\x01\x98\x0C\xA3" "\x3A\xD1\x45\xDC\x73\x0A\x7E\x15" "\xAC\x20\xB7\x4E\xE5\x59\xF0\x87" @@ -7723,136 +6724,7 @@ static const struct cipher_testvec bf_enc_tv_template[] = { "\x6A\x01\x75\x0C\xA3\x17\xAE\x45" "\xDC\x50\xE7\x7E\x15\x89\x20\xB7" "\x2B\xC2\x59\xF0\x64\xFB\x92\x06", - .ilen = 504, - .result = "\x96\x87\x3D\x0C\x7B\xFB\xBD\x1F" - "\xE3\xC1\x99\x6D\x39\xD4\xC2\x7D" - "\xD7\x87\xA1\xF2\xDF\x51\x71\x26" - "\xC2\xF4\x6D\xFF\xF6\xCD\x6B\x40" - "\xE1\xB3\xBF\xD4\x38\x2B\xC8\x3B" - "\xD3\xB2\xD4\x61\xC7\x9F\x06\xE9" - "\xCD\xF3\x88\x39\x39\x7A\xDF\x19" - "\xE8\x03\x2A\x0B\x9E\xA0\x2B\x86" - "\x31\xF8\x9D\xB1\xEE\x78\x9D\xB5" - "\xCD\x8B\x7C\x2E\xF5\xA2\x2D\x5D" - "\x6E\x66\xAF\x38\x6C\xD3\x13\xED" - "\x14\xEA\x5D\xD0\x17\x77\x0F\x4A" - "\x50\xF2\xD0\x0F\xC8\xF7\x1E\x7B" - "\x9D\x5B\x54\x65\x4F\x16\x8A\x97" - "\xF3\xF6\xD4\xAA\x87\x36\x77\x72" - "\x99\x4A\xB5\x5E\x88\xC3\xCD\x7D" - "\x1D\x97\xF9\x11\xBD\xE0\x1F\x1F" - "\x96\x3E\x4B\x22\xF4\xC0\xE6\xB8" - "\x47\x82\x98\x23\x33\x36\xBC\x1B" - "\x36\xE7\xF6\xCF\x97\x37\x16\xC0" - "\x87\x31\x8B\xB0\xDB\x19\x42\xA5" - "\x1F\x90\x7E\x66\x34\xDD\x5E\xE9" - "\x4F\xB2\x2B\x9A\xDE\xB3\x5D\x71" - "\x4D\x68\xF0\xDC\xA6\xEA\xE3\x9B" - "\x60\x00\x55\x57\x06\x8B\xD5\xB3" - "\x86\x30\x78\xDA\x33\x9A\x9D\xCC" - "\xBA\x0B\x81\x06\x77\x43\xC7\xC9" - "\xDB\x37\x60\x11\x45\x59\x6D\x2D" - "\x90\x3D\x65\x3E\xD0\x13\xC6\x3C" - "\x0E\x78\x7D\x9A\x00\xD6\x2F\x0B" - "\x3B\x53\x19\x1E\xA8\x9B\x11\xD9" - "\x98\xE4\x7F\xC3\x6E\x51\x24\x70" - "\x9F\x04\x9C\xC2\x9E\x44\x84\xE3" - "\xE0\x8A\x44\xA2\x5C\x94\x74\x34" - "\x37\x52\x7C\x03\xE8\x8E\x97\xE1" - "\x5B\x5C\x0E\xB0\x70\xFE\x54\x3F" - "\xD8\x65\xA9\xC5\xCD\xEC\xF4\x45" - "\x55\xC5\xA7\xA3\x19\x80\x28\x51" - "\xBE\x64\x4A\xC1\xD4\xE1\xBE\xEB" - "\x73\x4C\xB6\xF9\x5F\x6D\x82\xBC" - "\x3E\x42\x14\x49\x88\x51\xBF\x68" - "\x45\x75\x27\x1B\x0A\x72\xED\xAF" - "\xDA\xC4\x4D\x67\x0D\xEE\x75\xE3" - "\x34\xDD\x91\x19\x42\x3A\xCB\xDA" - "\x38\xFA\x3C\x93\x62\xF2\xE3\x81" - "\xB3\xE4\xBB\xF6\x0D\x0B\x1D\x09" - "\x9C\x52\x0D\x50\x63\xA4\xB2\xD2" - "\x82\xA0\x23\x3F\x1F\xB6\xED\x6E" - "\xC2\x9C\x1C\xD0\x9A\x40\xB6\xFC" - "\x36\x56\x6E\x85\x73\xD7\x52\xBA" - "\x35\x5E\x32\x89\x5D\x42\xF5\x36" - "\x52\x8D\x46\x7D\xC8\x71\xAD\x33" - "\xE1\xAF\x6A\xA8\xEC\xBA\x1C\xDC" - "\xFE\x88\xE6\x16\xE4\xC8\x13\x00" - "\x3C\xDA\x59\x32\x38\x19\xD5\xEB" - "\xB6\x7F\x78\x45\x1B\x8E\x07\x8C" - "\x66\x52\x75\xFF\xAF\xCE\x2D\x2B" - "\x22\x29\xCA\xB3\x5F\x7F\xE3\x29" - "\xB2\xB8\x9D\xEB\x16\xC8\xC5\x1D" - "\xC9\x0D\x59\x82\x27\x57\x9D\x42" - "\x54\x59\x09\xA5\x3D\xC5\x84\x68" - "\x56\xEB\x36\x77\x3D\xAA\xB8\xF5" - "\xC9\x1A\xFB\x5D\xDE\xBB\x43\xF4", - .rlen = 504, - .also_non_np = 1, - .np = 3, - .tap = { 504 - 10, 2, 8 }, - }, -}; - -static const struct cipher_testvec bf_dec_tv_template[] = { - { /* DES test vectors from OpenSSL */ - .key = "\x00\x00\x00\x00\x00\x00\x00\x00", - .klen = 8, - .input = "\x4e\xf9\x97\x45\x61\x98\xdd\x78", - .ilen = 8, - .result = "\x00\x00\x00\x00\x00\x00\x00\x00", - .rlen = 8, - }, { - .key = "\x1f\x1f\x1f\x1f\x0e\x0e\x0e\x0e", - .klen = 8, - .input = "\xa7\x90\x79\x51\x08\xea\x3c\xae", - .ilen = 8, - .result = "\x01\x23\x45\x67\x89\xab\xcd\xef", - .rlen = 8, - }, { - .key = "\xf0\xe1\xd2\xc3\xb4\xa5\x96\x87", - .klen = 8, - .input = "\xe8\x7a\x24\x4e\x2c\xc8\x5e\x82", - .ilen = 8, - .result = "\xfe\xdc\xba\x98\x76\x54\x32\x10", - .rlen = 8, - }, { /* Vary the keylength... */ - .key = "\xf0\xe1\xd2\xc3\xb4\xa5\x96\x87" - "\x78\x69\x5a\x4b\x3c\x2d\x1e\x0f", - .klen = 16, - .input = "\x93\x14\x28\x87\xee\x3b\xe1\x5c", - .ilen = 8, - .result = "\xfe\xdc\xba\x98\x76\x54\x32\x10", - .rlen = 8, - }, { - .key = "\xf0\xe1\xd2\xc3\xb4\xa5\x96\x87" - "\x78\x69\x5a\x4b\x3c\x2d\x1e\x0f" - "\x00\x11\x22\x33\x44", - .klen = 21, - .input = "\xe6\xf5\x1e\xd7\x9b\x9d\xb2\x1f", - .ilen = 8, - .result = "\xfe\xdc\xba\x98\x76\x54\x32\x10", - .rlen = 8, - }, { /* Generated with bf488, using OpenSSL, Libgcrypt and Nettle */ - .key = "\xf0\xe1\xd2\xc3\xb4\xa5\x96\x87" - "\x78\x69\x5a\x4b\x3c\x2d\x1e\x0f" - "\x00\x11\x22\x33\x44\x55\x66\x77" - "\x04\x68\x91\x04\xc2\xfd\x3b\x2f" - "\x58\x40\x23\x64\x1a\xba\x61\x76" - "\x1f\x1f\x1f\x1f\x0e\x0e\x0e\x0e" - "\xff\xff\xff\xff\xff\xff\xff\xff", - .klen = 56, - .input = "\xc0\x45\x04\x01\x2e\x4e\x1f\x53", - .ilen = 8, - .result = "\xfe\xdc\xba\x98\x76\x54\x32\x10", - .rlen = 8, - }, { /* Generated with Crypto++ */ - .key = "\x85\x62\x3F\x1C\xF9\xD6\x1C\xF9" - "\xD6\xB3\x90\x6D\x4A\x90\x6D\x4A" - "\x27\x04\xE1\x27\x04\xE1\xBE\x9B" - "\x78\xBE\x9B\x78\x55\x32\x0F\x55", - .klen = 32, - .input = "\x96\x87\x3D\x0C\x7B\xFB\xBD\x1F" + .ctext = "\x96\x87\x3D\x0C\x7B\xFB\xBD\x1F" "\xE3\xC1\x99\x6D\x39\xD4\xC2\x7D" "\xD7\x87\xA1\xF2\xDF\x51\x71\x26" "\xC2\xF4\x6D\xFF\xF6\xCD\x6B\x40" @@ -7915,93 +6787,28 @@ static const struct cipher_testvec bf_dec_tv_template[] = { "\x54\x59\x09\xA5\x3D\xC5\x84\x68" "\x56\xEB\x36\x77\x3D\xAA\xB8\xF5" "\xC9\x1A\xFB\x5D\xDE\xBB\x43\xF4", - .ilen = 504, - .result = "\x56\xED\x84\x1B\x8F\x26\xBD\x31" - "\xC8\x5F\xF6\x6A\x01\x98\x0C\xA3" - "\x3A\xD1\x45\xDC\x73\x0A\x7E\x15" - "\xAC\x20\xB7\x4E\xE5\x59\xF0\x87" - "\x1E\x92\x29\xC0\x34\xCB\x62\xF9" - "\x6D\x04\x9B\x0F\xA6\x3D\xD4\x48" - "\xDF\x76\x0D\x81\x18\xAF\x23\xBA" - "\x51\xE8\x5C\xF3\x8A\x21\x95\x2C" - "\xC3\x37\xCE\x65\xFC\x70\x07\x9E" - "\x12\xA9\x40\xD7\x4B\xE2\x79\x10" - "\x84\x1B\xB2\x26\xBD\x54\xEB\x5F" - "\xF6\x8D\x01\x98\x2F\xC6\x3A\xD1" - "\x68\xFF\x73\x0A\xA1\x15\xAC\x43" - "\xDA\x4E\xE5\x7C\x13\x87\x1E\xB5" - "\x29\xC0\x57\xEE\x62\xF9\x90\x04" - "\x9B\x32\xC9\x3D\xD4\x6B\x02\x76" - "\x0D\xA4\x18\xAF\x46\xDD\x51\xE8" - "\x7F\x16\x8A\x21\xB8\x2C\xC3\x5A" - "\xF1\x65\xFC\x93\x07\x9E\x35\xCC" - "\x40\xD7\x6E\x05\x79\x10\xA7\x1B" - "\xB2\x49\xE0\x54\xEB\x82\x19\x8D" - "\x24\xBB\x2F\xC6\x5D\xF4\x68\xFF" - "\x96\x0A\xA1\x38\xCF\x43\xDA\x71" - "\x08\x7C\x13\xAA\x1E\xB5\x4C\xE3" - "\x57\xEE\x85\x1C\x90\x27\xBE\x32" - "\xC9\x60\xF7\x6B\x02\x99\x0D\xA4" - "\x3B\xD2\x46\xDD\x74\x0B\x7F\x16" - "\xAD\x21\xB8\x4F\xE6\x5A\xF1\x88" - "\x1F\x93\x2A\xC1\x35\xCC\x63\xFA" - "\x6E\x05\x9C\x10\xA7\x3E\xD5\x49" - "\xE0\x77\x0E\x82\x19\xB0\x24\xBB" - "\x52\xE9\x5D\xF4\x8B\x22\x96\x2D" - "\xC4\x38\xCF\x66\xFD\x71\x08\x9F" - "\x13\xAA\x41\xD8\x4C\xE3\x7A\x11" - "\x85\x1C\xB3\x27\xBE\x55\xEC\x60" - "\xF7\x8E\x02\x99\x30\xC7\x3B\xD2" - "\x69\x00\x74\x0B\xA2\x16\xAD\x44" - "\xDB\x4F\xE6\x7D\x14\x88\x1F\xB6" - "\x2A\xC1\x58\xEF\x63\xFA\x91\x05" - "\x9C\x33\xCA\x3E\xD5\x6C\x03\x77" - "\x0E\xA5\x19\xB0\x47\xDE\x52\xE9" - "\x80\x17\x8B\x22\xB9\x2D\xC4\x5B" - "\xF2\x66\xFD\x94\x08\x9F\x36\xCD" - "\x41\xD8\x6F\x06\x7A\x11\xA8\x1C" - "\xB3\x4A\xE1\x55\xEC\x83\x1A\x8E" - "\x25\xBC\x30\xC7\x5E\xF5\x69\x00" - "\x97\x0B\xA2\x39\xD0\x44\xDB\x72" - "\x09\x7D\x14\xAB\x1F\xB6\x4D\xE4" - "\x58\xEF\x86\x1D\x91\x28\xBF\x33" - "\xCA\x61\xF8\x6C\x03\x9A\x0E\xA5" - "\x3C\xD3\x47\xDE\x75\x0C\x80\x17" - "\xAE\x22\xB9\x50\xE7\x5B\xF2\x89" - "\x20\x94\x2B\xC2\x36\xCD\x64\xFB" - "\x6F\x06\x9D\x11\xA8\x3F\xD6\x4A" - "\xE1\x78\x0F\x83\x1A\xB1\x25\xBC" - "\x53\xEA\x5E\xF5\x8C\x00\x97\x2E" - "\xC5\x39\xD0\x67\xFE\x72\x09\xA0" - "\x14\xAB\x42\xD9\x4D\xE4\x7B\x12" - "\x86\x1D\xB4\x28\xBF\x56\xED\x61" - "\xF8\x8F\x03\x9A\x31\xC8\x3C\xD3" - "\x6A\x01\x75\x0C\xA3\x17\xAE\x45" - "\xDC\x50\xE7\x7E\x15\x89\x20\xB7" - "\x2B\xC2\x59\xF0\x64\xFB\x92\x06", - .rlen = 504, + .len = 504, .also_non_np = 1, .np = 3, .tap = { 504 - 10, 2, 8 }, }, }; -static const struct cipher_testvec bf_cbc_enc_tv_template[] = { +static const struct cipher_testvec bf_cbc_tv_template[] = { { /* From OpenSSL */ .key = "\x01\x23\x45\x67\x89\xab\xcd\xef" "\xf0\xe1\xd2\xc3\xb4\xa5\x96\x87", .klen = 16, .iv = "\xfe\xdc\xba\x98\x76\x54\x32\x10", - .input = "\x37\x36\x35\x34\x33\x32\x31\x20" + .ptext = "\x37\x36\x35\x34\x33\x32\x31\x20" "\x4e\x6f\x77\x20\x69\x73\x20\x74" "\x68\x65\x20\x74\x69\x6d\x65\x20" "\x66\x6f\x72\x20\x00\x00\x00\x00", - .ilen = 32, - .result = "\x6b\x77\xb4\xd6\x30\x06\xde\xe6" + .ctext = "\x6b\x77\xb4\xd6\x30\x06\xde\xe6" "\x05\xb1\x56\xe2\x74\x03\x97\x93" "\x58\xde\xb9\xe7\x15\x46\x16\xd9" "\x59\xf1\x65\x2b\xd5\xff\x92\xcc", - .rlen = 32, + .len = 32, }, { /* Generated with Crypto++ */ .key = "\x85\x62\x3F\x1C\xF9\xD6\x1C\xF9" "\xD6\xB3\x90\x6D\x4A\x90\x6D\x4A" @@ -8009,7 +6816,7 @@ static const struct cipher_testvec bf_cbc_enc_tv_template[] = { "\x78\xBE\x9B\x78\x55\x32\x0F\x55", .klen = 32, .iv = "\xE2\x24\x89\xEE\x53\xB8\x1D\x5F", - .input = "\x56\xED\x84\x1B\x8F\x26\xBD\x31" + .ptext = "\x56\xED\x84\x1B\x8F\x26\xBD\x31" "\xC8\x5F\xF6\x6A\x01\x98\x0C\xA3" "\x3A\xD1\x45\xDC\x73\x0A\x7E\x15" "\xAC\x20\xB7\x4E\xE5\x59\xF0\x87" @@ -8072,8 +6879,7 @@ static const struct cipher_testvec bf_cbc_enc_tv_template[] = { "\x6A\x01\x75\x0C\xA3\x17\xAE\x45" "\xDC\x50\xE7\x7E\x15\x89\x20\xB7" "\x2B\xC2\x59\xF0\x64\xFB\x92\x06", - .ilen = 504, - .result = "\xB4\xFE\xA5\xBB\x3D\x2C\x27\x06" + .ctext = "\xB4\xFE\xA5\xBB\x3D\x2C\x27\x06" "\x06\x2B\x3A\x92\xB2\xF5\x5E\x62" "\x84\xCD\xF7\x66\x7E\x41\x6C\x8E" "\x1B\xD9\x02\xB6\x48\xB0\x87\x25" @@ -8136,171 +6942,14 @@ static const struct cipher_testvec bf_cbc_enc_tv_template[] = { "\xCD\xE9\xD5\x0C\xFE\x12\x39\xA9" "\x93\x9B\xEE\xB5\x97\x41\xD2\xA0" "\xB4\x98\xD8\x6B\x74\xE7\x65\xF4", - .rlen = 504, - .also_non_np = 1, - .np = 3, - .tap = { 504 - 10, 2, 8 }, - }, -}; - -static const struct cipher_testvec bf_cbc_dec_tv_template[] = { - { /* From OpenSSL */ - .key = "\x01\x23\x45\x67\x89\xab\xcd\xef" - "\xf0\xe1\xd2\xc3\xb4\xa5\x96\x87", - .klen = 16, - .iv = "\xfe\xdc\xba\x98\x76\x54\x32\x10", - .input = "\x6b\x77\xb4\xd6\x30\x06\xde\xe6" - "\x05\xb1\x56\xe2\x74\x03\x97\x93" - "\x58\xde\xb9\xe7\x15\x46\x16\xd9" - "\x59\xf1\x65\x2b\xd5\xff\x92\xcc", - .ilen = 32, - .result = "\x37\x36\x35\x34\x33\x32\x31\x20" - "\x4e\x6f\x77\x20\x69\x73\x20\x74" - "\x68\x65\x20\x74\x69\x6d\x65\x20" - "\x66\x6f\x72\x20\x00\x00\x00\x00", - .rlen = 32, - }, { /* Generated with Crypto++ */ - .key = "\x85\x62\x3F\x1C\xF9\xD6\x1C\xF9" - "\xD6\xB3\x90\x6D\x4A\x90\x6D\x4A" - "\x27\x04\xE1\x27\x04\xE1\xBE\x9B" - "\x78\xBE\x9B\x78\x55\x32\x0F\x55", - .klen = 32, - .iv = "\xE2\x24\x89\xEE\x53\xB8\x1D\x5F", - .input = "\xB4\xFE\xA5\xBB\x3D\x2C\x27\x06" - "\x06\x2B\x3A\x92\xB2\xF5\x5E\x62" - "\x84\xCD\xF7\x66\x7E\x41\x6C\x8E" - "\x1B\xD9\x02\xB6\x48\xB0\x87\x25" - "\x01\x9C\x93\x63\x51\x60\x82\xD2" - "\x4D\xE5\xC2\xB7\xAE\x60\xD8\xAD" - "\x9F\xAB\x6C\xFA\x20\x05\xDA\x6F" - "\x1F\xD1\xD8\x36\x0F\xB5\x16\x69" - "\x3C\xAF\xB3\x30\x18\x33\xE6\xB5" - "\x43\x29\x9D\x94\xF4\x2F\x0A\x65" - "\x40\xB2\xB2\xB2\x42\x89\xEE\x8A" - "\x60\xD3\x52\xA8\xED\x91\xDF\xE1" - "\x91\x73\x7C\x28\xA1\x14\xC3\x4C" - "\x82\x72\x4B\x7D\x7D\x32\xD5\x19" - "\xE8\xB8\x6B\x30\x21\x09\x0E\x27" - "\x10\x9D\x2D\x3A\x6A\x4B\x7B\xE6" - "\x8D\x4E\x02\x32\xFF\x7F\x8E\x13" - "\xB0\x96\xF4\xC2\xA1\x60\x8A\x69" - "\xEF\x0F\x86\xD0\x25\x13\x1A\x7C" - "\x6E\xF0\x41\xA3\xFB\xB3\xAB\x40" - "\x7D\x19\xA0\x11\x4F\x3E\x1D\x43" - "\x65\xFE\x15\x40\xD0\x62\x41\x02" - "\xEA\x0C\x7A\xC3\x84\xEE\xB0\xBE" - "\xBE\xC8\x57\x51\xCD\x4F\xAD\x5C" - "\xCC\x79\xBA\x0D\x85\x3A\xED\x6B" - "\xAC\x6B\xA3\x4D\xBC\xE8\x02\x6A" - "\xC2\x6D\xBD\x5E\x89\x95\x86\x43" - "\x2C\x17\x4B\xC6\x40\xA2\xBD\x24" - "\x04\xF0\x86\x08\x78\x18\x42\xE0" - "\x39\x1B\x22\x9E\x89\x4C\x04\x6B" - "\x65\xC5\xB6\x0E\xF6\x63\xFC\xD7" - "\xAE\x9E\x87\x13\xCC\xD3\x1A\xEC" - "\xF0\x51\xCC\x93\x68\xFC\xE9\x19" - "\x7C\x4E\x9B\xCC\x17\xAD\xD2\xFC" - "\x97\x18\x92\xFF\x15\x11\xCE\xED" - "\x04\x41\x05\xA3\x92\xFF\x3B\xE6" - "\xB6\x8C\x90\xC6\xCD\x15\xA0\x04" - "\x25\x8B\x5D\x5B\x5F\xDB\xAE\x68" - "\xEF\xB3\x61\x18\xDB\x83\x9B\x39" - "\xCA\x82\xD1\x88\xF0\xA2\x5C\x02" - "\x87\xBD\x8D\x8F\xBB\x62\xF0\x35" - "\x75\x6F\x06\x81\x0A\x97\x4D\xF0" - "\x43\x12\x73\x77\xDB\x91\x83\x5B" - "\xE7\x3A\xA6\x07\x7B\xBF\x2C\x50" - "\x94\xDE\x7B\x65\xDA\x1C\xF1\x9F" - "\x7E\x12\x40\xB2\x3E\x19\x23\xF1" - "\x7C\x1B\x5F\xA8\xF3\xAC\x63\x87" - "\xEB\x3E\x0C\xBE\xA3\x63\x97\x88" - "\x8D\x27\xC6\x2A\xF8\xF2\x67\x9A" - "\x0D\x14\x16\x2B\x6F\xCB\xD4\x76" - "\x14\x48\x2E\xDE\x2A\x44\x5E\x45" - "\xF1\x97\x82\xEF\xB7\xAE\xED\x3A" - "\xED\x73\xD3\x79\xF7\x38\x1D\xD0" - "\xC5\xF8\x69\x83\x28\x84\x87\x56" - "\x3F\xAE\x81\x04\x79\x1F\xD1\x09" - "\xC5\xE5\x05\x0D\x64\x16\xCE\x42" - "\xC5\xF8\xDB\x57\x89\x33\x22\xFC" - "\xB4\xD7\x94\xB9\xF3\xCC\x02\x90" - "\x02\xBA\x55\x1E\x24\x3E\x02\x1D" - "\xC6\xCD\x8F\xD9\xBD\xED\xB0\x51" - "\xCD\xE9\xD5\x0C\xFE\x12\x39\xA9" - "\x93\x9B\xEE\xB5\x97\x41\xD2\xA0" - "\xB4\x98\xD8\x6B\x74\xE7\x65\xF4", - .ilen = 504, - .result = "\x56\xED\x84\x1B\x8F\x26\xBD\x31" - "\xC8\x5F\xF6\x6A\x01\x98\x0C\xA3" - "\x3A\xD1\x45\xDC\x73\x0A\x7E\x15" - "\xAC\x20\xB7\x4E\xE5\x59\xF0\x87" - "\x1E\x92\x29\xC0\x34\xCB\x62\xF9" - "\x6D\x04\x9B\x0F\xA6\x3D\xD4\x48" - "\xDF\x76\x0D\x81\x18\xAF\x23\xBA" - "\x51\xE8\x5C\xF3\x8A\x21\x95\x2C" - "\xC3\x37\xCE\x65\xFC\x70\x07\x9E" - "\x12\xA9\x40\xD7\x4B\xE2\x79\x10" - "\x84\x1B\xB2\x26\xBD\x54\xEB\x5F" - "\xF6\x8D\x01\x98\x2F\xC6\x3A\xD1" - "\x68\xFF\x73\x0A\xA1\x15\xAC\x43" - "\xDA\x4E\xE5\x7C\x13\x87\x1E\xB5" - "\x29\xC0\x57\xEE\x62\xF9\x90\x04" - "\x9B\x32\xC9\x3D\xD4\x6B\x02\x76" - "\x0D\xA4\x18\xAF\x46\xDD\x51\xE8" - "\x7F\x16\x8A\x21\xB8\x2C\xC3\x5A" - "\xF1\x65\xFC\x93\x07\x9E\x35\xCC" - "\x40\xD7\x6E\x05\x79\x10\xA7\x1B" - "\xB2\x49\xE0\x54\xEB\x82\x19\x8D" - "\x24\xBB\x2F\xC6\x5D\xF4\x68\xFF" - "\x96\x0A\xA1\x38\xCF\x43\xDA\x71" - "\x08\x7C\x13\xAA\x1E\xB5\x4C\xE3" - "\x57\xEE\x85\x1C\x90\x27\xBE\x32" - "\xC9\x60\xF7\x6B\x02\x99\x0D\xA4" - "\x3B\xD2\x46\xDD\x74\x0B\x7F\x16" - "\xAD\x21\xB8\x4F\xE6\x5A\xF1\x88" - "\x1F\x93\x2A\xC1\x35\xCC\x63\xFA" - "\x6E\x05\x9C\x10\xA7\x3E\xD5\x49" - "\xE0\x77\x0E\x82\x19\xB0\x24\xBB" - "\x52\xE9\x5D\xF4\x8B\x22\x96\x2D" - "\xC4\x38\xCF\x66\xFD\x71\x08\x9F" - "\x13\xAA\x41\xD8\x4C\xE3\x7A\x11" - "\x85\x1C\xB3\x27\xBE\x55\xEC\x60" - "\xF7\x8E\x02\x99\x30\xC7\x3B\xD2" - "\x69\x00\x74\x0B\xA2\x16\xAD\x44" - "\xDB\x4F\xE6\x7D\x14\x88\x1F\xB6" - "\x2A\xC1\x58\xEF\x63\xFA\x91\x05" - "\x9C\x33\xCA\x3E\xD5\x6C\x03\x77" - "\x0E\xA5\x19\xB0\x47\xDE\x52\xE9" - "\x80\x17\x8B\x22\xB9\x2D\xC4\x5B" - "\xF2\x66\xFD\x94\x08\x9F\x36\xCD" - "\x41\xD8\x6F\x06\x7A\x11\xA8\x1C" - "\xB3\x4A\xE1\x55\xEC\x83\x1A\x8E" - "\x25\xBC\x30\xC7\x5E\xF5\x69\x00" - "\x97\x0B\xA2\x39\xD0\x44\xDB\x72" - "\x09\x7D\x14\xAB\x1F\xB6\x4D\xE4" - "\x58\xEF\x86\x1D\x91\x28\xBF\x33" - "\xCA\x61\xF8\x6C\x03\x9A\x0E\xA5" - "\x3C\xD3\x47\xDE\x75\x0C\x80\x17" - "\xAE\x22\xB9\x50\xE7\x5B\xF2\x89" - "\x20\x94\x2B\xC2\x36\xCD\x64\xFB" - "\x6F\x06\x9D\x11\xA8\x3F\xD6\x4A" - "\xE1\x78\x0F\x83\x1A\xB1\x25\xBC" - "\x53\xEA\x5E\xF5\x8C\x00\x97\x2E" - "\xC5\x39\xD0\x67\xFE\x72\x09\xA0" - "\x14\xAB\x42\xD9\x4D\xE4\x7B\x12" - "\x86\x1D\xB4\x28\xBF\x56\xED\x61" - "\xF8\x8F\x03\x9A\x31\xC8\x3C\xD3" - "\x6A\x01\x75\x0C\xA3\x17\xAE\x45" - "\xDC\x50\xE7\x7E\x15\x89\x20\xB7" - "\x2B\xC2\x59\xF0\x64\xFB\x92\x06", - .rlen = 504, + .len = 504, .also_non_np = 1, .np = 3, .tap = { 504 - 10, 2, 8 }, }, }; -static const struct cipher_testvec bf_ctr_enc_tv_template[] = { +static const struct cipher_testvec bf_ctr_tv_template[] = { { /* Generated with Crypto++ */ .key = "\x85\x62\x3F\x1C\xF9\xD6\x1C\xF9" "\xD6\xB3\x90\x6D\x4A\x90\x6D\x4A" @@ -8308,7 +6957,7 @@ static const struct cipher_testvec bf_ctr_enc_tv_template[] = { "\x78\xBE\x9B\x78\x55\x32\x0F\x55", .klen = 32, .iv = "\xE2\x24\x89\xEE\x53\xB8\x1D\x5F", - .input = "\x56\xED\x84\x1B\x8F\x26\xBD\x31" + .ptext = "\x56\xED\x84\x1B\x8F\x26\xBD\x31" "\xC8\x5F\xF6\x6A\x01\x98\x0C\xA3" "\x3A\xD1\x45\xDC\x73\x0A\x7E\x15" "\xAC\x20\xB7\x4E\xE5\x59\xF0\x87" @@ -8371,8 +7020,7 @@ static const struct cipher_testvec bf_ctr_enc_tv_template[] = { "\x6A\x01\x75\x0C\xA3\x17\xAE\x45" "\xDC\x50\xE7\x7E\x15\x89\x20\xB7" "\x2B\xC2\x59\xF0\x64\xFB\x92\x06", - .ilen = 504, - .result = "\xC7\xA3\xDF\xB9\x05\xF4\x9E\x8D" + .ctext = "\xC7\xA3\xDF\xB9\x05\xF4\x9E\x8D" "\x9E\xDF\x38\x18\x83\x07\xEF\xC1" "\x93\x3C\xAA\xAA\xFE\x06\x42\xCC" "\x0D\x70\x86\x5A\x44\xAD\x85\x17" @@ -8435,7 +7083,7 @@ static const struct cipher_testvec bf_ctr_enc_tv_template[] = { "\x64\xBB\x15\xB8\x56\xCF\xEE\xE5" "\x32\x44\x96\x1C\xD8\xEB\x95\xD2" "\xF3\x71\xEF\xEB\x4E\xBB\x4D\x29", - .rlen = 504, + .len = 504, }, { /* Generated with Crypto++ */ .key = "\x85\x62\x3F\x1C\xF9\xD6\x1C\xF9" "\xD6\xB3\x90\x6D\x4A\x90\x6D\x4A" @@ -8443,7 +7091,7 @@ static const struct cipher_testvec bf_ctr_enc_tv_template[] = { "\x78\xBE\x9B\x78\x55\x32\x0F\x55", .klen = 32, .iv = "\xE2\x24\x89\xEE\x53\xB8\x1D\x5F", - .input = "\x56\xED\x84\x1B\x8F\x26\xBD\x31" + .ptext = "\x56\xED\x84\x1B\x8F\x26\xBD\x31" "\xC8\x5F\xF6\x6A\x01\x98\x0C\xA3" "\x3A\xD1\x45\xDC\x73\x0A\x7E\x15" "\xAC\x20\xB7\x4E\xE5\x59\xF0\x87" @@ -8506,8 +7154,7 @@ static const struct cipher_testvec bf_ctr_enc_tv_template[] = { "\x6A\x01\x75\x0C\xA3\x17\xAE\x45" "\xDC\x50\xE7\x7E\x15\x89\x20\xB7" "\x2B\xC2\x59\xF0\x64\xFB\x92", - .ilen = 503, - .result = "\xC7\xA3\xDF\xB9\x05\xF4\x9E\x8D" + .ctext = "\xC7\xA3\xDF\xB9\x05\xF4\x9E\x8D" "\x9E\xDF\x38\x18\x83\x07\xEF\xC1" "\x93\x3C\xAA\xAA\xFE\x06\x42\xCC" "\x0D\x70\x86\x5A\x44\xAD\x85\x17" @@ -8570,7 +7217,7 @@ static const struct cipher_testvec bf_ctr_enc_tv_template[] = { "\x64\xBB\x15\xB8\x56\xCF\xEE\xE5" "\x32\x44\x96\x1C\xD8\xEB\x95\xD2" "\xF3\x71\xEF\xEB\x4E\xBB\x4D", - .rlen = 503, + .len = 503, .also_non_np = 1, .np = 2, .tap = { 503 - 8, 8 }, @@ -8581,210 +7228,7 @@ static const struct cipher_testvec bf_ctr_enc_tv_template[] = { "\x78\xBE\x9B\x78\x55\x32\x0F\x55", .klen = 32, .iv = "\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFD", - .input = "\x56\xED\x84\x1B\x8F\x26\xBD\x31" - "\xC8\x5F\xF6\x6A\x01\x98\x0C\xA3" - "\x3A\xD1\x45\xDC\x73\x0A\x7E\x15" - "\xAC\x20\xB7\x4E\xE5\x59\xF0\x87" - "\x1E\x92\x29\xC0\x34\xCB\x62\xF9" - "\x6D\x04\x9B\x0F\xA6\x3D\xD4\x48" - "\xDF\x76\x0D\x81\x18\xAF\x23\xBA" - "\x51\xE8\x5C\xF3\x8A\x21\x95\x2C" - "\xC3\x37\xCE\x65\xFC\x70\x07\x9E" - "\x12\xA9\x40\xD7\x4B\xE2\x79\x10" - "\x84\x1B\xB2\x26\xBD\x54\xEB\x5F" - "\xF6\x8D\x01\x98\x2F\xC6\x3A\xD1" - "\x68\xFF\x73\x0A\xA1\x15\xAC\x43" - "\xDA\x4E\xE5\x7C\x13\x87\x1E\xB5" - "\x29\xC0\x57\xEE\x62\xF9\x90\x04" - "\x9B\x32\xC9\x3D\xD4\x6B\x02\x76" - "\x0D\xA4\x18\xAF\x46\xDD\x51\xE8" - "\x7F\x16\x8A\x21\xB8\x2C\xC3\x5A" - "\xF1\x65\xFC\x93\x07\x9E\x35\xCC" - "\x40\xD7\x6E\x05\x79\x10\xA7\x1B" - "\xB2\x49\xE0\x54\xEB\x82\x19\x8D" - "\x24\xBB\x2F\xC6\x5D\xF4\x68\xFF" - "\x96\x0A\xA1\x38\xCF\x43\xDA\x71" - "\x08\x7C\x13\xAA\x1E\xB5\x4C\xE3" - "\x57\xEE\x85\x1C\x90\x27\xBE\x32" - "\xC9\x60\xF7\x6B\x02\x99\x0D\xA4" - "\x3B\xD2\x46\xDD\x74\x0B\x7F\x16" - "\xAD\x21\xB8\x4F\xE6\x5A\xF1\x88" - "\x1F\x93\x2A\xC1\x35\xCC\x63\xFA" - "\x6E\x05\x9C\x10\xA7\x3E\xD5\x49" - "\xE0\x77\x0E\x82\x19\xB0\x24\xBB" - "\x52\xE9\x5D\xF4\x8B\x22\x96\x2D" - "\xC4\x38\xCF\x66\xFD\x71\x08\x9F" - "\x13\xAA\x41\xD8\x4C\xE3\x7A\x11" - "\x85\x1C\xB3\x27\xBE\x55\xEC\x60" - "\xF7\x8E\x02\x99\x30\xC7\x3B\xD2" - "\x69\x00\x74\x0B\xA2\x16\xAD\x44" - "\xDB\x4F\xE6\x7D\x14\x88\x1F\xB6" - "\x2A\xC1\x58\xEF\x63\xFA\x91\x05" - "\x9C\x33\xCA\x3E\xD5\x6C\x03\x77" - "\x0E\xA5\x19\xB0\x47\xDE\x52\xE9" - "\x80\x17\x8B\x22\xB9\x2D\xC4\x5B" - "\xF2\x66\xFD\x94\x08\x9F\x36\xCD" - "\x41\xD8\x6F\x06\x7A\x11\xA8\x1C" - "\xB3\x4A\xE1\x55\xEC\x83\x1A\x8E" - "\x25\xBC\x30\xC7\x5E\xF5\x69\x00" - "\x97\x0B\xA2\x39\xD0\x44\xDB\x72" - "\x09\x7D\x14\xAB\x1F\xB6\x4D\xE4" - "\x58\xEF\x86\x1D\x91\x28\xBF\x33" - "\xCA\x61\xF8\x6C\x03\x9A\x0E\xA5" - "\x3C\xD3\x47\xDE\x75\x0C\x80\x17" - "\xAE\x22\xB9\x50\xE7\x5B\xF2\x89" - "\x20\x94\x2B\xC2\x36\xCD\x64\xFB" - "\x6F\x06\x9D\x11\xA8\x3F\xD6\x4A" - "\xE1\x78\x0F\x83\x1A\xB1\x25\xBC" - "\x53\xEA\x5E\xF5\x8C\x00\x97\x2E" - "\xC5\x39\xD0\x67\xFE\x72\x09\xA0" - "\x14\xAB\x42\xD9\x4D\xE4\x7B\x12" - "\x86\x1D\xB4\x28\xBF\x56\xED\x61" - "\xF8\x8F\x03\x9A\x31\xC8\x3C\xD3" - "\x6A\x01\x75\x0C\xA3\x17\xAE\x45" - "\xDC\x50\xE7\x7E\x15\x89\x20\xB7" - "\x2B\xC2\x59\xF0\x64\xFB\x92\x06", - .ilen = 504, - .result = "\x5F\x58\x6E\x60\x51\x6E\xDC\x3D" - "\xD1\xBB\xF7\xB7\xFD\x04\x44\x82" - "\xDC\x9F\x4B\x02\xF1\xD2\x5A\x6F" - "\x25\xF9\x27\x21\xF2\xD2\x9A\x01" - "\xBD\xAD\x3D\x93\x87\xCA\x0D\xFE" - "\xB7\x2C\x17\x1F\x42\x8C\x13\xB2" - "\x62\x44\x72\xB9\x5D\xC0\xF8\x37" - "\xDF\xEA\x78\x81\x8F\xA6\x34\xB2" - "\x07\x09\x7C\xB9\x3A\xA0\x2B\x18" - "\x34\x6A\x9D\x3D\xA5\xEB\xF4\x60" - "\xF8\x98\xA2\x39\x81\x23\x6C\xA9" - "\x70\xCA\xCC\x45\xD8\x1F\xDF\x44" - "\x2A\x67\x7A\x88\x28\xDC\x36\x83" - "\x18\xD7\x48\x43\x17\x2B\x1B\xE6" - "\x0B\x82\x59\x14\x26\x67\x08\x09" - "\x5B\x5D\x38\xD0\x81\xCE\x54\x2A" - "\xCD\x22\x94\x42\xF5\xBA\x74\x7E" - "\xD9\x00\x40\xA9\x0D\x0B\xBD\x8E" - "\xC4\x8E\x5E\x17\x8F\x48\xE2\xB8" - "\xF4\xCC\x19\x76\xAB\x48\x29\xAA" - "\x81\xD5\xCE\xD5\x8A\x3B\xC9\x21" - "\xEF\x50\x4F\x04\x02\xBF\xE1\x1F" - "\x59\x28\x1A\xE4\x18\x16\xA0\x29" - "\xBF\x34\xA9\x2D\x28\x83\xC0\x5E" - "\xEA\x44\xC4\x6E\xAB\x24\x79\x9D" - "\x2D\xA1\xE8\x55\xCA\x74\xFC\xBD" - "\xFE\xDD\xDA\xA5\xFB\x34\x90\x31" - "\x0E\x62\x28\x9B\xDC\xD7\xA1\xBB" - "\xF0\x1A\xB3\xE2\xD0\xFA\xBD\xE8" - "\x5C\x5A\x10\x67\xF6\x6A\x17\x3F" - "\xC5\xE9\x09\x08\xDD\x22\x77\x42" - "\x26\x6A\x6A\x7A\x3F\x87\x80\x0C" - "\xF0\xFF\x15\x8E\x84\x86\xC0\x10" - "\x0F\x8D\x33\x06\xB8\x72\xA4\x47" - "\x6B\xED\x2E\x05\x94\x6C\x5C\x5B" - "\x13\xF6\x77\xEE\x3B\x16\xDF\xC2" - "\x63\x66\x07\x6D\x3F\x6C\x51\x7C" - "\x1C\xAC\x80\xB6\x58\x48\xB7\x9D" - "\xB4\x19\xD8\x19\x45\x66\x27\x02" - "\xA1\xA9\x99\xF3\x1F\xE5\xA7\x1D" - "\x31\xE7\x1B\x0D\xFF\xBB\xB5\xA1" - "\xF5\x9C\x45\x1E\x18\x19\xA1\xE7" - "\xC2\xF1\xBF\x68\xC3\xEC\xCF\x53" - "\x67\xA6\x2B\x7D\x3C\x6D\x24\xC3" - "\xE8\xE6\x07\x5A\x09\xE0\x32\xA8" - "\x52\xF6\xE9\xED\x0E\xC6\x0A\x6A" - "\xFC\x60\x2A\xE0\x93\xCE\xB8\x2E" - "\xA2\xA8\x0E\x79\x9E\x34\x5D\x37" - "\x6F\x12\xFE\x48\x7B\xE7\xB9\x22" - "\x29\xE8\xD7\xBE\x5D\xD1\x8B\xD9" - "\x91\x51\x4E\x71\xF2\x98\x85\x16" - "\x25\x7A\x76\x8A\x51\x0E\x65\x14" - "\x81\xB5\x3A\x37\xFD\xEC\xB5\x8A" - "\xE1\xCF\x41\x72\x14\x29\x4C\xF0" - "\x20\xD9\x9A\xC5\x66\xA4\x03\x76" - "\x5B\xA4\x15\x4F\x0E\x64\x39\x40" - "\x25\xF9\x20\x22\xF5\x88\xF5\xBA" - "\xE4\xDF\x45\x61\xBF\x8D\x7A\x24" - "\x4B\x92\x71\xD9\x2F\x77\xA7\x95" - "\xA8\x7F\x61\xD5\xA4\x57\xB0\xFB" - "\xB5\x77\xBA\x1C\xEE\x71\xFA\xB0" - "\x16\x4C\x18\x6B\xF2\x69\xA0\x07" - "\xEF\xBE\xEC\x69\xAC\xA8\x63\x9E", - .rlen = 504, - }, -}; - -static const struct cipher_testvec bf_ctr_dec_tv_template[] = { - { /* Generated with Crypto++ */ - .key = "\x85\x62\x3F\x1C\xF9\xD6\x1C\xF9" - "\xD6\xB3\x90\x6D\x4A\x90\x6D\x4A" - "\x27\x04\xE1\x27\x04\xE1\xBE\x9B" - "\x78\xBE\x9B\x78\x55\x32\x0F\x55", - .klen = 32, - .iv = "\xE2\x24\x89\xEE\x53\xB8\x1D\x5F", - .input = "\xC7\xA3\xDF\xB9\x05\xF4\x9E\x8D" - "\x9E\xDF\x38\x18\x83\x07\xEF\xC1" - "\x93\x3C\xAA\xAA\xFE\x06\x42\xCC" - "\x0D\x70\x86\x5A\x44\xAD\x85\x17" - "\xE4\x1F\x5E\xA5\x89\xAC\x32\xBC" - "\x3D\xA7\xE9\x0A\x5C\x70\x4D\xDE" - "\x99\x38\x07\xCA\x1D\x21\xC1\x11" - "\x97\xEB\x98\x75\xC4\x73\x45\x83" - "\x46\x1C\x9C\x91\x87\xC1\xA0\x56" - "\x98\xA1\x8B\xDB\x22\x76\xBD\x62" - "\xA4\xBC\xE8\x86\xDA\xD2\x51\x13" - "\x13\xD2\x96\x68\x69\x10\x67\x0C" - "\xD0\x17\x25\x7C\xB2\xAE\x4F\x93" - "\xA6\x82\x20\xCF\x0F\xA6\x47\x79" - "\x88\x09\x40\x59\xBD\x12\x64\xB5" - "\x19\x38\x0D\xFF\x86\xD9\x42\x20" - "\x81\x0D\x96\x99\xAF\x22\x1F\x94" - "\x5C\x6E\xEC\xEA\xA3\x39\xCB\x09" - "\x43\x19\x7F\xD0\xBB\x10\xC2\x49" - "\xF7\xE9\xF2\xEE\xBF\xF7\xF8\xB3" - "\x0E\x1A\xF1\x8D\x70\x82\x0C\x04" - "\xFD\x29\x1A\xAC\xC0\x92\x48\x34" - "\x6A\xE3\x1D\x4F\xFC\x1C\x72\x6A" - "\x57\xCB\xAD\xD0\x98\xAB\xB1\x01" - "\x03\x6A\x45\xDD\x07\x71\x5F\x5B" - "\xB5\x4A\xE4\xE5\xB9\xB9\xBC\xAC" - "\x44\xF7\x41\xA4\x5F\x2E\xE9\x28" - "\xE3\x05\xD2\x94\x78\x4C\x33\x1B" - "\xBD\xC1\x6E\x51\xD9\xAD\xD9\x86" - "\x15\x4A\x78\xAE\x7B\xAD\x3B\xBC" - "\x2F\xE0\x0E\xC5\x7B\x54\x97\x5F" - "\x60\x51\x14\x65\xF9\x91\xE9\xDA" - "\x9A\xBC\xFC\x19\x29\x67\xAA\x63" - "\x5E\xF2\x48\x88\xEB\x79\xE1\xE4" - "\xF7\xF6\x4C\xA9\xE2\x8C\x3B\xE0" - "\xED\x52\xAE\x90\x8F\x5B\x98\x34" - "\x29\x94\x34\x7F\xF9\x6C\x1E\xB6" - "\xA4\xE7\x2D\x06\x54\x9D\xC3\x02" - "\xC1\x90\xA4\x72\x31\x6B\x24\x51" - "\x0B\xB3\x7C\x63\x15\xBA\xAF\x5D" - "\x41\xE0\x37\x6D\xBE\x41\x58\xDE" - "\xF2\x07\x62\x99\xBE\xC1\x8C\x0F" - "\x0F\x28\xFB\x8F\x0E\x1D\x91\xE2" - "\xDA\x99\x5C\x49\xBA\x9C\xA8\x86" - "\x82\x63\x11\xB3\x54\x49\x00\x08" - "\x07\xF2\xE8\x1F\x34\x49\x61\xF4" - "\x81\xE9\xF6\xA9\x5A\x28\x60\x1F" - "\x66\x99\x08\x06\xF2\xE8\x2D\xD1" - "\xD0\x67\xBA\x32\x1F\x02\x86\x7B" - "\xFB\x79\x3D\xC5\xB1\x7F\x15\xAF" - "\xD7\xBF\x31\x46\x22\x7F\xAE\x5B" - "\x8B\x95\x47\xC2\xB1\x62\xA1\xCE" - "\x52\xAC\x9C\x8B\xC2\x49\x7F\xBC" - "\x9C\x89\xB8\xB6\xCA\xE3\x8F\xEA" - "\xAC\xB4\x5D\xE4\x50\xDC\x3A\xB5" - "\x91\x04\x94\x99\x03\x3B\x42\x6D" - "\x9C\x4A\x02\xF5\xB5\x38\x98\xA8" - "\x5C\x97\x2E\x4D\x79\x67\x71\xAF" - "\xF0\x70\x77\xFF\x2D\xDA\xA0\x9E" - "\x23\x8D\xD6\xA6\x68\x10\x78\x9A" - "\x64\xBB\x15\xB8\x56\xCF\xEE\xE5" - "\x32\x44\x96\x1C\xD8\xEB\x95\xD2" - "\xF3\x71\xEF\xEB\x4E\xBB\x4D\x29", - .ilen = 504, - .result = "\x56\xED\x84\x1B\x8F\x26\xBD\x31" + .ptext = "\x56\xED\x84\x1B\x8F\x26\xBD\x31" "\xC8\x5F\xF6\x6A\x01\x98\x0C\xA3" "\x3A\xD1\x45\xDC\x73\x0A\x7E\x15" "\xAC\x20\xB7\x4E\xE5\x59\xF0\x87" @@ -8847,153 +7291,7 @@ static const struct cipher_testvec bf_ctr_dec_tv_template[] = { "\x6A\x01\x75\x0C\xA3\x17\xAE\x45" "\xDC\x50\xE7\x7E\x15\x89\x20\xB7" "\x2B\xC2\x59\xF0\x64\xFB\x92\x06", - .rlen = 504, - }, { /* Generated with Crypto++ */ - .key = "\x85\x62\x3F\x1C\xF9\xD6\x1C\xF9" - "\xD6\xB3\x90\x6D\x4A\x90\x6D\x4A" - "\x27\x04\xE1\x27\x04\xE1\xBE\x9B" - "\x78\xBE\x9B\x78\x55\x32\x0F\x55", - .klen = 32, - .iv = "\xE2\x24\x89\xEE\x53\xB8\x1D\x5F", - .input = "\xC7\xA3\xDF\xB9\x05\xF4\x9E\x8D" - "\x9E\xDF\x38\x18\x83\x07\xEF\xC1" - "\x93\x3C\xAA\xAA\xFE\x06\x42\xCC" - "\x0D\x70\x86\x5A\x44\xAD\x85\x17" - "\xE4\x1F\x5E\xA5\x89\xAC\x32\xBC" - "\x3D\xA7\xE9\x0A\x5C\x70\x4D\xDE" - "\x99\x38\x07\xCA\x1D\x21\xC1\x11" - "\x97\xEB\x98\x75\xC4\x73\x45\x83" - "\x46\x1C\x9C\x91\x87\xC1\xA0\x56" - "\x98\xA1\x8B\xDB\x22\x76\xBD\x62" - "\xA4\xBC\xE8\x86\xDA\xD2\x51\x13" - "\x13\xD2\x96\x68\x69\x10\x67\x0C" - "\xD0\x17\x25\x7C\xB2\xAE\x4F\x93" - "\xA6\x82\x20\xCF\x0F\xA6\x47\x79" - "\x88\x09\x40\x59\xBD\x12\x64\xB5" - "\x19\x38\x0D\xFF\x86\xD9\x42\x20" - "\x81\x0D\x96\x99\xAF\x22\x1F\x94" - "\x5C\x6E\xEC\xEA\xA3\x39\xCB\x09" - "\x43\x19\x7F\xD0\xBB\x10\xC2\x49" - "\xF7\xE9\xF2\xEE\xBF\xF7\xF8\xB3" - "\x0E\x1A\xF1\x8D\x70\x82\x0C\x04" - "\xFD\x29\x1A\xAC\xC0\x92\x48\x34" - "\x6A\xE3\x1D\x4F\xFC\x1C\x72\x6A" - "\x57\xCB\xAD\xD0\x98\xAB\xB1\x01" - "\x03\x6A\x45\xDD\x07\x71\x5F\x5B" - "\xB5\x4A\xE4\xE5\xB9\xB9\xBC\xAC" - "\x44\xF7\x41\xA4\x5F\x2E\xE9\x28" - "\xE3\x05\xD2\x94\x78\x4C\x33\x1B" - "\xBD\xC1\x6E\x51\xD9\xAD\xD9\x86" - "\x15\x4A\x78\xAE\x7B\xAD\x3B\xBC" - "\x2F\xE0\x0E\xC5\x7B\x54\x97\x5F" - "\x60\x51\x14\x65\xF9\x91\xE9\xDA" - "\x9A\xBC\xFC\x19\x29\x67\xAA\x63" - "\x5E\xF2\x48\x88\xEB\x79\xE1\xE4" - "\xF7\xF6\x4C\xA9\xE2\x8C\x3B\xE0" - "\xED\x52\xAE\x90\x8F\x5B\x98\x34" - "\x29\x94\x34\x7F\xF9\x6C\x1E\xB6" - "\xA4\xE7\x2D\x06\x54\x9D\xC3\x02" - "\xC1\x90\xA4\x72\x31\x6B\x24\x51" - "\x0B\xB3\x7C\x63\x15\xBA\xAF\x5D" - "\x41\xE0\x37\x6D\xBE\x41\x58\xDE" - "\xF2\x07\x62\x99\xBE\xC1\x8C\x0F" - "\x0F\x28\xFB\x8F\x0E\x1D\x91\xE2" - "\xDA\x99\x5C\x49\xBA\x9C\xA8\x86" - "\x82\x63\x11\xB3\x54\x49\x00\x08" - "\x07\xF2\xE8\x1F\x34\x49\x61\xF4" - "\x81\xE9\xF6\xA9\x5A\x28\x60\x1F" - "\x66\x99\x08\x06\xF2\xE8\x2D\xD1" - "\xD0\x67\xBA\x32\x1F\x02\x86\x7B" - "\xFB\x79\x3D\xC5\xB1\x7F\x15\xAF" - "\xD7\xBF\x31\x46\x22\x7F\xAE\x5B" - "\x8B\x95\x47\xC2\xB1\x62\xA1\xCE" - "\x52\xAC\x9C\x8B\xC2\x49\x7F\xBC" - "\x9C\x89\xB8\xB6\xCA\xE3\x8F\xEA" - "\xAC\xB4\x5D\xE4\x50\xDC\x3A\xB5" - "\x91\x04\x94\x99\x03\x3B\x42\x6D" - "\x9C\x4A\x02\xF5\xB5\x38\x98\xA8" - "\x5C\x97\x2E\x4D\x79\x67\x71\xAF" - "\xF0\x70\x77\xFF\x2D\xDA\xA0\x9E" - "\x23\x8D\xD6\xA6\x68\x10\x78\x9A" - "\x64\xBB\x15\xB8\x56\xCF\xEE\xE5" - "\x32\x44\x96\x1C\xD8\xEB\x95\xD2" - "\xF3\x71\xEF\xEB\x4E\xBB\x4D", - .ilen = 503, - .result = "\x56\xED\x84\x1B\x8F\x26\xBD\x31" - "\xC8\x5F\xF6\x6A\x01\x98\x0C\xA3" - "\x3A\xD1\x45\xDC\x73\x0A\x7E\x15" - "\xAC\x20\xB7\x4E\xE5\x59\xF0\x87" - "\x1E\x92\x29\xC0\x34\xCB\x62\xF9" - "\x6D\x04\x9B\x0F\xA6\x3D\xD4\x48" - "\xDF\x76\x0D\x81\x18\xAF\x23\xBA" - "\x51\xE8\x5C\xF3\x8A\x21\x95\x2C" - "\xC3\x37\xCE\x65\xFC\x70\x07\x9E" - "\x12\xA9\x40\xD7\x4B\xE2\x79\x10" - "\x84\x1B\xB2\x26\xBD\x54\xEB\x5F" - "\xF6\x8D\x01\x98\x2F\xC6\x3A\xD1" - "\x68\xFF\x73\x0A\xA1\x15\xAC\x43" - "\xDA\x4E\xE5\x7C\x13\x87\x1E\xB5" - "\x29\xC0\x57\xEE\x62\xF9\x90\x04" - "\x9B\x32\xC9\x3D\xD4\x6B\x02\x76" - "\x0D\xA4\x18\xAF\x46\xDD\x51\xE8" - "\x7F\x16\x8A\x21\xB8\x2C\xC3\x5A" - "\xF1\x65\xFC\x93\x07\x9E\x35\xCC" - "\x40\xD7\x6E\x05\x79\x10\xA7\x1B" - "\xB2\x49\xE0\x54\xEB\x82\x19\x8D" - "\x24\xBB\x2F\xC6\x5D\xF4\x68\xFF" - "\x96\x0A\xA1\x38\xCF\x43\xDA\x71" - "\x08\x7C\x13\xAA\x1E\xB5\x4C\xE3" - "\x57\xEE\x85\x1C\x90\x27\xBE\x32" - "\xC9\x60\xF7\x6B\x02\x99\x0D\xA4" - "\x3B\xD2\x46\xDD\x74\x0B\x7F\x16" - "\xAD\x21\xB8\x4F\xE6\x5A\xF1\x88" - "\x1F\x93\x2A\xC1\x35\xCC\x63\xFA" - "\x6E\x05\x9C\x10\xA7\x3E\xD5\x49" - "\xE0\x77\x0E\x82\x19\xB0\x24\xBB" - "\x52\xE9\x5D\xF4\x8B\x22\x96\x2D" - "\xC4\x38\xCF\x66\xFD\x71\x08\x9F" - "\x13\xAA\x41\xD8\x4C\xE3\x7A\x11" - "\x85\x1C\xB3\x27\xBE\x55\xEC\x60" - "\xF7\x8E\x02\x99\x30\xC7\x3B\xD2" - "\x69\x00\x74\x0B\xA2\x16\xAD\x44" - "\xDB\x4F\xE6\x7D\x14\x88\x1F\xB6" - "\x2A\xC1\x58\xEF\x63\xFA\x91\x05" - "\x9C\x33\xCA\x3E\xD5\x6C\x03\x77" - "\x0E\xA5\x19\xB0\x47\xDE\x52\xE9" - "\x80\x17\x8B\x22\xB9\x2D\xC4\x5B" - "\xF2\x66\xFD\x94\x08\x9F\x36\xCD" - "\x41\xD8\x6F\x06\x7A\x11\xA8\x1C" - "\xB3\x4A\xE1\x55\xEC\x83\x1A\x8E" - "\x25\xBC\x30\xC7\x5E\xF5\x69\x00" - "\x97\x0B\xA2\x39\xD0\x44\xDB\x72" - "\x09\x7D\x14\xAB\x1F\xB6\x4D\xE4" - "\x58\xEF\x86\x1D\x91\x28\xBF\x33" - "\xCA\x61\xF8\x6C\x03\x9A\x0E\xA5" - "\x3C\xD3\x47\xDE\x75\x0C\x80\x17" - "\xAE\x22\xB9\x50\xE7\x5B\xF2\x89" - "\x20\x94\x2B\xC2\x36\xCD\x64\xFB" - "\x6F\x06\x9D\x11\xA8\x3F\xD6\x4A" - "\xE1\x78\x0F\x83\x1A\xB1\x25\xBC" - "\x53\xEA\x5E\xF5\x8C\x00\x97\x2E" - "\xC5\x39\xD0\x67\xFE\x72\x09\xA0" - "\x14\xAB\x42\xD9\x4D\xE4\x7B\x12" - "\x86\x1D\xB4\x28\xBF\x56\xED\x61" - "\xF8\x8F\x03\x9A\x31\xC8\x3C\xD3" - "\x6A\x01\x75\x0C\xA3\x17\xAE\x45" - "\xDC\x50\xE7\x7E\x15\x89\x20\xB7" - "\x2B\xC2\x59\xF0\x64\xFB\x92", - .rlen = 503, - .also_non_np = 1, - .np = 2, - .tap = { 503 - 8, 8 }, - }, { /* Generated with Crypto++ */ - .key = "\x85\x62\x3F\x1C\xF9\xD6\x1C\xF9" - "\xD6\xB3\x90\x6D\x4A\x90\x6D\x4A" - "\x27\x04\xE1\x27\x04\xE1\xBE\x9B" - "\x78\xBE\x9B\x78\x55\x32\x0F\x55", - .klen = 32, - .iv = "\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFD", - .input = "\x5F\x58\x6E\x60\x51\x6E\xDC\x3D" + .ctext = "\x5F\x58\x6E\x60\x51\x6E\xDC\x3D" "\xD1\xBB\xF7\xB7\xFD\x04\x44\x82" "\xDC\x9F\x4B\x02\xF1\xD2\x5A\x6F" "\x25\xF9\x27\x21\xF2\xD2\x9A\x01" @@ -9056,114 +7354,47 @@ static const struct cipher_testvec bf_ctr_dec_tv_template[] = { "\xB5\x77\xBA\x1C\xEE\x71\xFA\xB0" "\x16\x4C\x18\x6B\xF2\x69\xA0\x07" "\xEF\xBE\xEC\x69\xAC\xA8\x63\x9E", - .ilen = 504, - .result = "\x56\xED\x84\x1B\x8F\x26\xBD\x31" - "\xC8\x5F\xF6\x6A\x01\x98\x0C\xA3" - "\x3A\xD1\x45\xDC\x73\x0A\x7E\x15" - "\xAC\x20\xB7\x4E\xE5\x59\xF0\x87" - "\x1E\x92\x29\xC0\x34\xCB\x62\xF9" - "\x6D\x04\x9B\x0F\xA6\x3D\xD4\x48" - "\xDF\x76\x0D\x81\x18\xAF\x23\xBA" - "\x51\xE8\x5C\xF3\x8A\x21\x95\x2C" - "\xC3\x37\xCE\x65\xFC\x70\x07\x9E" - "\x12\xA9\x40\xD7\x4B\xE2\x79\x10" - "\x84\x1B\xB2\x26\xBD\x54\xEB\x5F" - "\xF6\x8D\x01\x98\x2F\xC6\x3A\xD1" - "\x68\xFF\x73\x0A\xA1\x15\xAC\x43" - "\xDA\x4E\xE5\x7C\x13\x87\x1E\xB5" - "\x29\xC0\x57\xEE\x62\xF9\x90\x04" - "\x9B\x32\xC9\x3D\xD4\x6B\x02\x76" - "\x0D\xA4\x18\xAF\x46\xDD\x51\xE8" - "\x7F\x16\x8A\x21\xB8\x2C\xC3\x5A" - "\xF1\x65\xFC\x93\x07\x9E\x35\xCC" - "\x40\xD7\x6E\x05\x79\x10\xA7\x1B" - "\xB2\x49\xE0\x54\xEB\x82\x19\x8D" - "\x24\xBB\x2F\xC6\x5D\xF4\x68\xFF" - "\x96\x0A\xA1\x38\xCF\x43\xDA\x71" - "\x08\x7C\x13\xAA\x1E\xB5\x4C\xE3" - "\x57\xEE\x85\x1C\x90\x27\xBE\x32" - "\xC9\x60\xF7\x6B\x02\x99\x0D\xA4" - "\x3B\xD2\x46\xDD\x74\x0B\x7F\x16" - "\xAD\x21\xB8\x4F\xE6\x5A\xF1\x88" - "\x1F\x93\x2A\xC1\x35\xCC\x63\xFA" - "\x6E\x05\x9C\x10\xA7\x3E\xD5\x49" - "\xE0\x77\x0E\x82\x19\xB0\x24\xBB" - "\x52\xE9\x5D\xF4\x8B\x22\x96\x2D" - "\xC4\x38\xCF\x66\xFD\x71\x08\x9F" - "\x13\xAA\x41\xD8\x4C\xE3\x7A\x11" - "\x85\x1C\xB3\x27\xBE\x55\xEC\x60" - "\xF7\x8E\x02\x99\x30\xC7\x3B\xD2" - "\x69\x00\x74\x0B\xA2\x16\xAD\x44" - "\xDB\x4F\xE6\x7D\x14\x88\x1F\xB6" - "\x2A\xC1\x58\xEF\x63\xFA\x91\x05" - "\x9C\x33\xCA\x3E\xD5\x6C\x03\x77" - "\x0E\xA5\x19\xB0\x47\xDE\x52\xE9" - "\x80\x17\x8B\x22\xB9\x2D\xC4\x5B" - "\xF2\x66\xFD\x94\x08\x9F\x36\xCD" - "\x41\xD8\x6F\x06\x7A\x11\xA8\x1C" - "\xB3\x4A\xE1\x55\xEC\x83\x1A\x8E" - "\x25\xBC\x30\xC7\x5E\xF5\x69\x00" - "\x97\x0B\xA2\x39\xD0\x44\xDB\x72" - "\x09\x7D\x14\xAB\x1F\xB6\x4D\xE4" - "\x58\xEF\x86\x1D\x91\x28\xBF\x33" - "\xCA\x61\xF8\x6C\x03\x9A\x0E\xA5" - "\x3C\xD3\x47\xDE\x75\x0C\x80\x17" - "\xAE\x22\xB9\x50\xE7\x5B\xF2\x89" - "\x20\x94\x2B\xC2\x36\xCD\x64\xFB" - "\x6F\x06\x9D\x11\xA8\x3F\xD6\x4A" - "\xE1\x78\x0F\x83\x1A\xB1\x25\xBC" - "\x53\xEA\x5E\xF5\x8C\x00\x97\x2E" - "\xC5\x39\xD0\x67\xFE\x72\x09\xA0" - "\x14\xAB\x42\xD9\x4D\xE4\x7B\x12" - "\x86\x1D\xB4\x28\xBF\x56\xED\x61" - "\xF8\x8F\x03\x9A\x31\xC8\x3C\xD3" - "\x6A\x01\x75\x0C\xA3\x17\xAE\x45" - "\xDC\x50\xE7\x7E\x15\x89\x20\xB7" - "\x2B\xC2\x59\xF0\x64\xFB\x92\x06", - .rlen = 504, + .len = 504, }, }; /* * Twofish test vectors. */ -static const struct cipher_testvec tf_enc_tv_template[] = { +static const struct cipher_testvec tf_tv_template[] = { { .key = zeroed_string, .klen = 16, - .input = zeroed_string, - .ilen = 16, - .result = "\x9f\x58\x9f\x5c\xf6\x12\x2c\x32" + .ptext = zeroed_string, + .ctext = "\x9f\x58\x9f\x5c\xf6\x12\x2c\x32" "\xb6\xbf\xec\x2f\x2a\xe8\xc3\x5a", - .rlen = 16, + .len = 16, }, { .key = "\x01\x23\x45\x67\x89\xab\xcd\xef" "\xfe\xdc\xba\x98\x76\x54\x32\x10" "\x00\x11\x22\x33\x44\x55\x66\x77", .klen = 24, - .input = zeroed_string, - .ilen = 16, - .result = "\xcf\xd1\xd2\xe5\xa9\xbe\x9c\xdf" + .ptext = zeroed_string, + .ctext = "\xcf\xd1\xd2\xe5\xa9\xbe\x9c\xdf" "\x50\x1f\x13\xb8\x92\xbd\x22\x48", - .rlen = 16, + .len = 16, }, { .key = "\x01\x23\x45\x67\x89\xab\xcd\xef" "\xfe\xdc\xba\x98\x76\x54\x32\x10" "\x00\x11\x22\x33\x44\x55\x66\x77" "\x88\x99\xaa\xbb\xcc\xdd\xee\xff", .klen = 32, - .input = zeroed_string, - .ilen = 16, - .result = "\x37\x52\x7b\xe0\x05\x23\x34\xb8" + .ptext = zeroed_string, + .ctext = "\x37\x52\x7b\xe0\x05\x23\x34\xb8" "\x9f\x0c\xfc\xca\xe8\x7c\xfa\x20", - .rlen = 16, + .len = 16, }, { /* Generated with Crypto++ */ .key = "\x3F\x85\x62\x3F\x1C\xF9\xD6\x1C" "\xF9\xD6\xB3\x90\x6D\x4A\x90\x6D" "\x4A\x27\x04\xE1\x27\x04\xE1\xBE" "\x9B\x78\xBE\x9B\x78\x55\x32\x0F", .klen = 32, - .input = "\x56\xED\x84\x1B\x8F\x26\xBD\x31" + .ptext = "\x56\xED\x84\x1B\x8F\x26\xBD\x31" "\xC8\x5F\xF6\x6A\x01\x98\x0C\xA3" "\x3A\xD1\x45\xDC\x73\x0A\x7E\x15" "\xAC\x20\xB7\x4E\xE5\x59\xF0\x87" @@ -9225,113 +7456,7 @@ static const struct cipher_testvec tf_enc_tv_template[] = { "\xF8\x8F\x03\x9A\x31\xC8\x3C\xD3" "\x6A\x01\x75\x0C\xA3\x17\xAE\x45" "\xDC\x50\xE7\x7E\x15\x89\x20\xB7", - .ilen = 496, - .result = "\x88\xCB\x1E\xC2\xAF\x8A\x97\xFF" - "\xF6\x90\x46\x9C\x4A\x0F\x08\xDC" - "\xDE\xAB\xAD\xFA\xFC\xA8\xC2\x3D" - "\xE0\xE4\x8B\x3F\xD5\xA3\xF7\x14" - "\x34\x9E\xB6\x08\xB2\xDD\xA8\xF5" - "\xDF\xFA\xC7\xE8\x09\x50\x76\x08" - "\xA2\xB6\x6A\x59\xC0\x2B\x6D\x05" - "\x89\xF6\x82\xF0\xD3\xDB\x06\x02" - "\xB5\x11\x5C\x5E\x79\x1A\xAC\x43" - "\x5C\xC0\x30\x4B\x6B\x16\xA1\x40" - "\x80\x27\x88\xBA\x2C\x74\x42\xE0" - "\x1B\xA5\x85\x08\xB9\xE6\x22\x7A" - "\x36\x3B\x0D\x9F\xA0\x22\x6C\x2A" - "\x91\x75\x47\xBC\x67\x21\x4E\xF9" - "\xEA\xFF\xD9\xD5\xC0\xFC\x9E\x2C" - "\x3E\xAD\xC6\x61\x0E\x93\x7A\x22" - "\x09\xC8\x8D\xC1\x8E\xB4\x8B\x5C" - "\xC6\x24\x42\xB8\x23\x66\x80\xA9" - "\x32\x0B\x7A\x29\xBF\xB3\x0B\x63" - "\x43\x27\x13\xA9\xBE\xEB\xBD\xF3" - "\x33\x62\x70\xE2\x1B\x86\x7A\xA1" - "\x51\x4A\x16\xFE\x29\x63\x7E\xD0" - "\x7A\xA4\x6E\x2C\xF8\xC1\xDB\xE8" - "\xCB\x4D\xD2\x8C\x04\x14\xB4\x66" - "\x41\xB7\x3A\x96\x16\x7C\x1D\x5B" - "\xB6\x41\x42\x64\x43\xEE\x6E\x7C" - "\x8B\xAF\x01\x9C\xA4\x6E\x75\x8F" - "\xDE\x10\x9F\xA6\xE7\xD6\x44\x97" - "\x66\xA3\x96\x0F\x1C\x25\x60\xF5" - "\x3C\x2E\x32\x69\x0E\x82\xFF\x27" - "\x0F\xB5\x06\xDA\xD8\x31\x15\x6C" - "\xDF\x18\x6C\x87\xF5\x3B\x11\x9A" - "\x1B\x42\x1F\x5B\x29\x19\x96\x13" - "\x68\x2E\x5E\x08\x1C\x8F\x32\x4B" - "\x81\x77\x6D\xF4\xA0\x01\x42\xEC" - "\xDD\x5B\xFD\x3A\x8E\x6A\x14\xFB" - "\x83\x54\xDF\x0F\x86\xB7\xEA\x40" - "\x46\x39\xF7\x2A\x89\x8D\x4E\x96" - "\x5F\x5F\x6D\x76\xC6\x13\x9D\x3D" - "\x1D\x5F\x0C\x7D\xE2\xBC\xC2\x16" - "\x16\xBE\x89\x3E\xB0\x61\xA2\x5D" - "\xAF\xD1\x40\x5F\x1A\xB8\x26\x41" - "\xC6\xBD\x36\xEF\xED\x29\x50\x6D" - "\x10\xEF\x26\xE8\xA8\x93\x11\x3F" - "\x2D\x1F\x88\x20\x77\x45\xF5\x66" - "\x08\xB9\xF1\xEF\xB1\x93\xA8\x81" - "\x65\xC5\xCD\x3E\x8C\x06\x60\x2C" - "\xB2\x10\x7A\xCA\x05\x25\x59\xDB" - "\xC7\x28\xF5\x20\x35\x52\x9E\x62" - "\xF8\x88\x24\x1C\x4D\x84\x12\x39" - "\x39\xE4\x2E\xF4\xD4\x9D\x2B\xBC" - "\x87\x66\xE6\xC0\x6B\x31\x9A\x66" - "\x03\xDC\x95\xD8\x6B\xD0\x30\x8F" - "\xDF\x8F\x8D\xFA\xEC\x1F\x08\xBD" - "\xA3\x63\xE2\x71\x4F\x03\x94\x87" - "\x50\xDF\x15\x1F\xED\x3A\xA3\x7F" - "\x1F\x2A\xB5\xA1\x69\xAC\x4B\x0D" - "\x84\x9B\x2A\xE9\x55\xDD\x46\x91" - "\x15\x33\xF3\x2B\x9B\x46\x97\x00" - "\xF0\x29\xD8\x59\x5D\x33\x37\xF9" - "\x58\x33\x9B\x78\xC7\x58\x48\x6B" - "\x2C\x75\x64\xC4\xCA\xC1\x7E\xD5", - .rlen = 496, - .also_non_np = 1, - .np = 3, - .tap = { 496 - 20, 4, 16 }, - }, -}; - -static const struct cipher_testvec tf_dec_tv_template[] = { - { - .key = zeroed_string, - .klen = 16, - .input = "\x9f\x58\x9f\x5c\xf6\x12\x2c\x32" - "\xb6\xbf\xec\x2f\x2a\xe8\xc3\x5a", - .ilen = 16, - .result = zeroed_string, - .rlen = 16, - }, { - .key = "\x01\x23\x45\x67\x89\xab\xcd\xef" - "\xfe\xdc\xba\x98\x76\x54\x32\x10" - "\x00\x11\x22\x33\x44\x55\x66\x77", - .klen = 24, - .input = "\xcf\xd1\xd2\xe5\xa9\xbe\x9c\xdf" - "\x50\x1f\x13\xb8\x92\xbd\x22\x48", - .ilen = 16, - .result = zeroed_string, - .rlen = 16, - }, { - .key = "\x01\x23\x45\x67\x89\xab\xcd\xef" - "\xfe\xdc\xba\x98\x76\x54\x32\x10" - "\x00\x11\x22\x33\x44\x55\x66\x77" - "\x88\x99\xaa\xbb\xcc\xdd\xee\xff", - .klen = 32, - .input = "\x37\x52\x7b\xe0\x05\x23\x34\xb8" - "\x9f\x0c\xfc\xca\xe8\x7c\xfa\x20", - .ilen = 16, - .result = zeroed_string, - .rlen = 16, - }, { /* Generated with Crypto++ */ - .key = "\x3F\x85\x62\x3F\x1C\xF9\xD6\x1C" - "\xF9\xD6\xB3\x90\x6D\x4A\x90\x6D" - "\x4A\x27\x04\xE1\x27\x04\xE1\xBE" - "\x9B\x78\xBE\x9B\x78\x55\x32\x0F", - .klen = 32, - .input = "\x88\xCB\x1E\xC2\xAF\x8A\x97\xFF" + .ctext = "\x88\xCB\x1E\xC2\xAF\x8A\x97\xFF" "\xF6\x90\x46\x9C\x4A\x0F\x08\xDC" "\xDE\xAB\xAD\xFA\xFC\xA8\xC2\x3D" "\xE0\xE4\x8B\x3F\xD5\xA3\xF7\x14" @@ -9393,119 +7518,52 @@ static const struct cipher_testvec tf_dec_tv_template[] = { "\xF0\x29\xD8\x59\x5D\x33\x37\xF9" "\x58\x33\x9B\x78\xC7\x58\x48\x6B" "\x2C\x75\x64\xC4\xCA\xC1\x7E\xD5", - .ilen = 496, - .result = "\x56\xED\x84\x1B\x8F\x26\xBD\x31" - "\xC8\x5F\xF6\x6A\x01\x98\x0C\xA3" - "\x3A\xD1\x45\xDC\x73\x0A\x7E\x15" - "\xAC\x20\xB7\x4E\xE5\x59\xF0\x87" - "\x1E\x92\x29\xC0\x34\xCB\x62\xF9" - "\x6D\x04\x9B\x0F\xA6\x3D\xD4\x48" - "\xDF\x76\x0D\x81\x18\xAF\x23\xBA" - "\x51\xE8\x5C\xF3\x8A\x21\x95\x2C" - "\xC3\x37\xCE\x65\xFC\x70\x07\x9E" - "\x12\xA9\x40\xD7\x4B\xE2\x79\x10" - "\x84\x1B\xB2\x26\xBD\x54\xEB\x5F" - "\xF6\x8D\x01\x98\x2F\xC6\x3A\xD1" - "\x68\xFF\x73\x0A\xA1\x15\xAC\x43" - "\xDA\x4E\xE5\x7C\x13\x87\x1E\xB5" - "\x29\xC0\x57\xEE\x62\xF9\x90\x04" - "\x9B\x32\xC9\x3D\xD4\x6B\x02\x76" - "\x0D\xA4\x18\xAF\x46\xDD\x51\xE8" - "\x7F\x16\x8A\x21\xB8\x2C\xC3\x5A" - "\xF1\x65\xFC\x93\x07\x9E\x35\xCC" - "\x40\xD7\x6E\x05\x79\x10\xA7\x1B" - "\xB2\x49\xE0\x54\xEB\x82\x19\x8D" - "\x24\xBB\x2F\xC6\x5D\xF4\x68\xFF" - "\x96\x0A\xA1\x38\xCF\x43\xDA\x71" - "\x08\x7C\x13\xAA\x1E\xB5\x4C\xE3" - "\x57\xEE\x85\x1C\x90\x27\xBE\x32" - "\xC9\x60\xF7\x6B\x02\x99\x0D\xA4" - "\x3B\xD2\x46\xDD\x74\x0B\x7F\x16" - "\xAD\x21\xB8\x4F\xE6\x5A\xF1\x88" - "\x1F\x93\x2A\xC1\x35\xCC\x63\xFA" - "\x6E\x05\x9C\x10\xA7\x3E\xD5\x49" - "\xE0\x77\x0E\x82\x19\xB0\x24\xBB" - "\x52\xE9\x5D\xF4\x8B\x22\x96\x2D" - "\xC4\x38\xCF\x66\xFD\x71\x08\x9F" - "\x13\xAA\x41\xD8\x4C\xE3\x7A\x11" - "\x85\x1C\xB3\x27\xBE\x55\xEC\x60" - "\xF7\x8E\x02\x99\x30\xC7\x3B\xD2" - "\x69\x00\x74\x0B\xA2\x16\xAD\x44" - "\xDB\x4F\xE6\x7D\x14\x88\x1F\xB6" - "\x2A\xC1\x58\xEF\x63\xFA\x91\x05" - "\x9C\x33\xCA\x3E\xD5\x6C\x03\x77" - "\x0E\xA5\x19\xB0\x47\xDE\x52\xE9" - "\x80\x17\x8B\x22\xB9\x2D\xC4\x5B" - "\xF2\x66\xFD\x94\x08\x9F\x36\xCD" - "\x41\xD8\x6F\x06\x7A\x11\xA8\x1C" - "\xB3\x4A\xE1\x55\xEC\x83\x1A\x8E" - "\x25\xBC\x30\xC7\x5E\xF5\x69\x00" - "\x97\x0B\xA2\x39\xD0\x44\xDB\x72" - "\x09\x7D\x14\xAB\x1F\xB6\x4D\xE4" - "\x58\xEF\x86\x1D\x91\x28\xBF\x33" - "\xCA\x61\xF8\x6C\x03\x9A\x0E\xA5" - "\x3C\xD3\x47\xDE\x75\x0C\x80\x17" - "\xAE\x22\xB9\x50\xE7\x5B\xF2\x89" - "\x20\x94\x2B\xC2\x36\xCD\x64\xFB" - "\x6F\x06\x9D\x11\xA8\x3F\xD6\x4A" - "\xE1\x78\x0F\x83\x1A\xB1\x25\xBC" - "\x53\xEA\x5E\xF5\x8C\x00\x97\x2E" - "\xC5\x39\xD0\x67\xFE\x72\x09\xA0" - "\x14\xAB\x42\xD9\x4D\xE4\x7B\x12" - "\x86\x1D\xB4\x28\xBF\x56\xED\x61" - "\xF8\x8F\x03\x9A\x31\xC8\x3C\xD3" - "\x6A\x01\x75\x0C\xA3\x17\xAE\x45" - "\xDC\x50\xE7\x7E\x15\x89\x20\xB7", - .rlen = 496, + .len = 496, .also_non_np = 1, .np = 3, .tap = { 496 - 20, 4, 16 }, }, }; -static const struct cipher_testvec tf_cbc_enc_tv_template[] = { +static const struct cipher_testvec tf_cbc_tv_template[] = { { /* Generated with Nettle */ .key = zeroed_string, .klen = 16, .iv = zeroed_string, - .input = zeroed_string, - .ilen = 16, - .result = "\x9f\x58\x9f\x5c\xf6\x12\x2c\x32" + .ptext = zeroed_string, + .ctext = "\x9f\x58\x9f\x5c\xf6\x12\x2c\x32" "\xb6\xbf\xec\x2f\x2a\xe8\xc3\x5a", - .rlen = 16, + .len = 16, }, { .key = zeroed_string, .klen = 16, .iv = "\x9f\x58\x9f\x5c\xf6\x12\x2c\x32" "\xb6\xbf\xec\x2f\x2a\xe8\xc3\x5a", - .input = zeroed_string, - .ilen = 16, - .result = "\xd4\x91\xdb\x16\xe7\xb1\xc3\x9e" + .ptext = zeroed_string, + .ctext = "\xd4\x91\xdb\x16\xe7\xb1\xc3\x9e" "\x86\xcb\x08\x6b\x78\x9f\x54\x19", - .rlen = 16, + .len = 16, }, { .key = zeroed_string, .klen = 16, .iv = "\xd4\x91\xdb\x16\xe7\xb1\xc3\x9e" "\x86\xcb\x08\x6b\x78\x9f\x54\x19", - .input = zeroed_string, - .ilen = 16, - .result = "\x05\xef\x8c\x61\xa8\x11\x58\x26" + .ptext = zeroed_string, + .ctext = "\x05\xef\x8c\x61\xa8\x11\x58\x26" "\x34\xba\x5c\xb7\x10\x6a\xa6\x41", - .rlen = 16, + .len = 16, }, { .key = zeroed_string, .klen = 16, .iv = zeroed_string, - .input = zeroed_string, - .ilen = 48, - .result = "\x9f\x58\x9f\x5c\xf6\x12\x2c\x32" + .ptext = zeroed_string, + .ctext = "\x9f\x58\x9f\x5c\xf6\x12\x2c\x32" "\xb6\xbf\xec\x2f\x2a\xe8\xc3\x5a" "\xd4\x91\xdb\x16\xe7\xb1\xc3\x9e" "\x86\xcb\x08\x6b\x78\x9f\x54\x19" "\x05\xef\x8c\x61\xa8\x11\x58\x26" "\x34\xba\x5c\xb7\x10\x6a\xa6\x41", - .rlen = 48, + .len = 48, }, { /* Generated with Crypto++ */ .key = "\x85\x62\x3F\x1C\xF9\xD6\x1C\xF9" "\xD6\xB3\x90\x6D\x4A\x90\x6D\x4A" @@ -9514,7 +7572,7 @@ static const struct cipher_testvec tf_cbc_enc_tv_template[] = { .klen = 32, .iv = "\xE2\x24\x89\xEE\x53\xB8\x1D\x5F" "\xC4\x29\x8E\xF3\x35\x9A\xFF\x64", - .input = "\x56\xED\x84\x1B\x8F\x26\xBD\x31" + .ptext = "\x56\xED\x84\x1B\x8F\x26\xBD\x31" "\xC8\x5F\xF6\x6A\x01\x98\x0C\xA3" "\x3A\xD1\x45\xDC\x73\x0A\x7E\x15" "\xAC\x20\xB7\x4E\xE5\x59\xF0\x87" @@ -9576,128 +7634,7 @@ static const struct cipher_testvec tf_cbc_enc_tv_template[] = { "\xF8\x8F\x03\x9A\x31\xC8\x3C\xD3" "\x6A\x01\x75\x0C\xA3\x17\xAE\x45" "\xDC\x50\xE7\x7E\x15\x89\x20\xB7", - .ilen = 496, - .result = "\xC8\xFF\xF2\x53\xA6\x27\x09\xD1" - "\x33\x38\xC2\xC0\x0C\x14\x7E\xB5" - "\x26\x1B\x05\x0C\x05\x12\x3F\xC0" - "\xF9\x1C\x02\x28\x40\x96\x6F\xD0" - "\x3D\x32\xDF\xDA\x56\x00\x6E\xEE" - "\x5B\x2A\x72\x9D\xC2\x4D\x19\xBC" - "\x8C\x53\xFA\x87\x6F\xDD\x81\xA3" - "\xB1\xD3\x44\x65\xDF\xE7\x63\x38" - "\x4A\xFC\xDC\xEC\x3F\x26\x8E\xB8" - "\x43\xFC\xFE\x18\xB5\x11\x6D\x31" - "\x81\x8B\x0D\x75\xF6\x80\xEC\x84" - "\x04\xB9\xE6\x09\x63\xED\x39\xDB" - "\xC3\xF6\x14\xD6\x6E\x5E\x8B\xBD" - "\x3E\xFA\xD7\x98\x50\x6F\xD9\x63" - "\x02\xCD\x0D\x39\x4B\x0D\xEC\x80" - "\xE3\x6A\x17\xF4\xCC\xAD\xFF\x68" - "\x45\xDD\xC8\x83\x1D\x41\x96\x0D" - "\x91\x2E\x05\xD3\x59\x82\xE0\x43" - "\x90\x4F\xB9\xF7\xAD\x6B\x2E\xAF" - "\xA7\x84\x00\x53\xCD\x6F\xD1\x0C" - "\x4E\xF9\x5A\x23\xFB\xCA\xC7\xD3" - "\xA9\xAA\x9D\xB2\x3F\x66\xF1\xAC" - "\x25\x21\x8F\xF7\xEF\xF2\x6A\xDF" - "\xE8\xDA\x75\x1A\x8A\xF1\xDD\x38" - "\x1F\xF9\x3D\x68\x4A\xBB\x9E\x34" - "\x1F\x66\x1F\x9C\x2B\x54\xFF\x60" - "\x7F\x29\x4B\x55\x80\x8F\x4E\xA7" - "\xA6\x9A\x0A\xD9\x0D\x19\x00\xF8" - "\x1F\xBC\x0C\x40\x6B\xEC\x99\x25" - "\x94\x70\x74\x0E\x1D\xC5\xBC\x12" - "\xF3\x42\xBE\x95\xBF\xFB\x4E\x55" - "\x9A\xB9\xCE\x14\x16\x5B\xDC\xD3" - "\x75\x42\x62\x04\x31\x1F\x95\x7C" - "\x66\x1A\x97\xDC\x2F\x40\x5C\x39" - "\x78\xE6\x02\xDB\x49\xE1\xC6\x47" - "\xC2\x78\x9A\xBB\xF3\xBE\xCB\x93" - "\xD8\xB8\xE8\xBB\x8C\xB3\x9B\xA7" - "\xC2\x89\xF3\x91\x88\x83\x3D\xF0" - "\x29\xA2\xCD\xB5\x79\x16\xC2\x40" - "\x11\x03\x8E\x9C\xFD\xC9\x43\xC4" - "\xC2\x19\xF0\x4A\x32\xEF\x0C\x2B" - "\xD3\x2B\xE9\xD4\x4C\xDE\x95\xCF" - "\x04\x03\xD3\x2C\x7F\x82\xC8\xFA" - "\x0F\xD8\x7A\x39\x7B\x01\x41\x9C" - "\x78\xB6\xC9\xBF\xF9\x78\x57\x88" - "\xB1\xA5\xE1\xE0\xD9\x16\xD4\xC8" - "\xEE\xC4\xBE\x7B\x55\x59\x00\x48" - "\x1B\xBC\x14\xFA\x2A\x9D\xC9\x1C" - "\xFB\x28\x3F\x95\xDD\xB7\xD6\xCE" - "\x3A\x7F\x09\x0C\x0E\x69\x30\x7D" - "\xBC\x68\x9C\x91\x2A\x59\x57\x04" - "\xED\x1A\x1E\x00\xB1\x85\x92\x04" - "\x28\x8C\x0C\x3C\xC1\xD5\x12\xF7" - "\x4C\x3E\xB0\xE7\x86\x62\x68\x91" - "\xFC\xC4\xE2\xCE\xA6\xDC\x5E\x93" - "\x5D\x8D\x8C\x68\xB3\xB2\xB9\x64" - "\x16\xB8\xC8\x6F\xD8\xEE\x21\xBD" - "\xAC\x18\x0C\x7D\x0D\x05\xAB\xF1" - "\xFA\xDD\xE2\x48\xDF\x4C\x02\x39" - "\x69\xA1\x62\xBD\x49\x3A\x9D\x91" - "\x30\x70\x56\xA4\x37\xDD\x7C\xC0" - "\x0A\xA3\x30\x10\x26\x25\x41\x2C", - .rlen = 496, - .also_non_np = 1, - .np = 3, - .tap = { 496 - 20, 4, 16 }, - }, -}; - -static const struct cipher_testvec tf_cbc_dec_tv_template[] = { - { /* Reverse of the first four above */ - .key = zeroed_string, - .klen = 16, - .iv = zeroed_string, - .input = "\x9f\x58\x9f\x5c\xf6\x12\x2c\x32" - "\xb6\xbf\xec\x2f\x2a\xe8\xc3\x5a", - .ilen = 16, - .result = zeroed_string, - .rlen = 16, - }, { - .key = zeroed_string, - .klen = 16, - .iv = "\x9f\x58\x9f\x5c\xf6\x12\x2c\x32" - "\xb6\xbf\xec\x2f\x2a\xe8\xc3\x5a", - .input = "\xd4\x91\xdb\x16\xe7\xb1\xc3\x9e" - "\x86\xcb\x08\x6b\x78\x9f\x54\x19", - .ilen = 16, - .result = zeroed_string, - .rlen = 16, - }, { - .key = zeroed_string, - .klen = 16, - .iv = "\xd4\x91\xdb\x16\xe7\xb1\xc3\x9e" - "\x86\xcb\x08\x6b\x78\x9f\x54\x19", - .input = "\x05\xef\x8c\x61\xa8\x11\x58\x26" - "\x34\xba\x5c\xb7\x10\x6a\xa6\x41", - .ilen = 16, - .result = zeroed_string, - .rlen = 16, - }, { - .key = zeroed_string, - .klen = 16, - .iv = zeroed_string, - .input = "\x9f\x58\x9f\x5c\xf6\x12\x2c\x32" - "\xb6\xbf\xec\x2f\x2a\xe8\xc3\x5a" - "\xd4\x91\xdb\x16\xe7\xb1\xc3\x9e" - "\x86\xcb\x08\x6b\x78\x9f\x54\x19" - "\x05\xef\x8c\x61\xa8\x11\x58\x26" - "\x34\xba\x5c\xb7\x10\x6a\xa6\x41", - .ilen = 48, - .result = zeroed_string, - .rlen = 48, - }, { /* Generated with Crypto++ */ - .key = "\x85\x62\x3F\x1C\xF9\xD6\x1C\xF9" - "\xD6\xB3\x90\x6D\x4A\x90\x6D\x4A" - "\x27\x04\xE1\x27\x04\xE1\xBE\x9B" - "\x78\xBE\x9B\x78\x55\x32\x0F\x55", - .klen = 32, - .iv = "\xE2\x24\x89\xEE\x53\xB8\x1D\x5F" - "\xC4\x29\x8E\xF3\x35\x9A\xFF\x64", - .input = "\xC8\xFF\xF2\x53\xA6\x27\x09\xD1" + .ctext = "\xC8\xFF\xF2\x53\xA6\x27\x09\xD1" "\x33\x38\xC2\xC0\x0C\x14\x7E\xB5" "\x26\x1B\x05\x0C\x05\x12\x3F\xC0" "\xF9\x1C\x02\x28\x40\x96\x6F\xD0" @@ -9759,77 +7696,14 @@ static const struct cipher_testvec tf_cbc_dec_tv_template[] = { "\x69\xA1\x62\xBD\x49\x3A\x9D\x91" "\x30\x70\x56\xA4\x37\xDD\x7C\xC0" "\x0A\xA3\x30\x10\x26\x25\x41\x2C", - .ilen = 496, - .result = "\x56\xED\x84\x1B\x8F\x26\xBD\x31" - "\xC8\x5F\xF6\x6A\x01\x98\x0C\xA3" - "\x3A\xD1\x45\xDC\x73\x0A\x7E\x15" - "\xAC\x20\xB7\x4E\xE5\x59\xF0\x87" - "\x1E\x92\x29\xC0\x34\xCB\x62\xF9" - "\x6D\x04\x9B\x0F\xA6\x3D\xD4\x48" - "\xDF\x76\x0D\x81\x18\xAF\x23\xBA" - "\x51\xE8\x5C\xF3\x8A\x21\x95\x2C" - "\xC3\x37\xCE\x65\xFC\x70\x07\x9E" - "\x12\xA9\x40\xD7\x4B\xE2\x79\x10" - "\x84\x1B\xB2\x26\xBD\x54\xEB\x5F" - "\xF6\x8D\x01\x98\x2F\xC6\x3A\xD1" - "\x68\xFF\x73\x0A\xA1\x15\xAC\x43" - "\xDA\x4E\xE5\x7C\x13\x87\x1E\xB5" - "\x29\xC0\x57\xEE\x62\xF9\x90\x04" - "\x9B\x32\xC9\x3D\xD4\x6B\x02\x76" - "\x0D\xA4\x18\xAF\x46\xDD\x51\xE8" - "\x7F\x16\x8A\x21\xB8\x2C\xC3\x5A" - "\xF1\x65\xFC\x93\x07\x9E\x35\xCC" - "\x40\xD7\x6E\x05\x79\x10\xA7\x1B" - "\xB2\x49\xE0\x54\xEB\x82\x19\x8D" - "\x24\xBB\x2F\xC6\x5D\xF4\x68\xFF" - "\x96\x0A\xA1\x38\xCF\x43\xDA\x71" - "\x08\x7C\x13\xAA\x1E\xB5\x4C\xE3" - "\x57\xEE\x85\x1C\x90\x27\xBE\x32" - "\xC9\x60\xF7\x6B\x02\x99\x0D\xA4" - "\x3B\xD2\x46\xDD\x74\x0B\x7F\x16" - "\xAD\x21\xB8\x4F\xE6\x5A\xF1\x88" - "\x1F\x93\x2A\xC1\x35\xCC\x63\xFA" - "\x6E\x05\x9C\x10\xA7\x3E\xD5\x49" - "\xE0\x77\x0E\x82\x19\xB0\x24\xBB" - "\x52\xE9\x5D\xF4\x8B\x22\x96\x2D" - "\xC4\x38\xCF\x66\xFD\x71\x08\x9F" - "\x13\xAA\x41\xD8\x4C\xE3\x7A\x11" - "\x85\x1C\xB3\x27\xBE\x55\xEC\x60" - "\xF7\x8E\x02\x99\x30\xC7\x3B\xD2" - "\x69\x00\x74\x0B\xA2\x16\xAD\x44" - "\xDB\x4F\xE6\x7D\x14\x88\x1F\xB6" - "\x2A\xC1\x58\xEF\x63\xFA\x91\x05" - "\x9C\x33\xCA\x3E\xD5\x6C\x03\x77" - "\x0E\xA5\x19\xB0\x47\xDE\x52\xE9" - "\x80\x17\x8B\x22\xB9\x2D\xC4\x5B" - "\xF2\x66\xFD\x94\x08\x9F\x36\xCD" - "\x41\xD8\x6F\x06\x7A\x11\xA8\x1C" - "\xB3\x4A\xE1\x55\xEC\x83\x1A\x8E" - "\x25\xBC\x30\xC7\x5E\xF5\x69\x00" - "\x97\x0B\xA2\x39\xD0\x44\xDB\x72" - "\x09\x7D\x14\xAB\x1F\xB6\x4D\xE4" - "\x58\xEF\x86\x1D\x91\x28\xBF\x33" - "\xCA\x61\xF8\x6C\x03\x9A\x0E\xA5" - "\x3C\xD3\x47\xDE\x75\x0C\x80\x17" - "\xAE\x22\xB9\x50\xE7\x5B\xF2\x89" - "\x20\x94\x2B\xC2\x36\xCD\x64\xFB" - "\x6F\x06\x9D\x11\xA8\x3F\xD6\x4A" - "\xE1\x78\x0F\x83\x1A\xB1\x25\xBC" - "\x53\xEA\x5E\xF5\x8C\x00\x97\x2E" - "\xC5\x39\xD0\x67\xFE\x72\x09\xA0" - "\x14\xAB\x42\xD9\x4D\xE4\x7B\x12" - "\x86\x1D\xB4\x28\xBF\x56\xED\x61" - "\xF8\x8F\x03\x9A\x31\xC8\x3C\xD3" - "\x6A\x01\x75\x0C\xA3\x17\xAE\x45" - "\xDC\x50\xE7\x7E\x15\x89\x20\xB7", - .rlen = 496, + .len = 496, .also_non_np = 1, .np = 3, .tap = { 496 - 20, 4, 16 }, }, }; -static const struct cipher_testvec tf_ctr_enc_tv_template[] = { +static const struct cipher_testvec tf_ctr_tv_template[] = { { /* Generated with Crypto++ */ .key = "\x85\x62\x3F\x1C\xF9\xD6\x1C\xF9" "\xD6\xB3\x90\x6D\x4A\x90\x6D\x4A" @@ -9838,7 +7712,7 @@ static const struct cipher_testvec tf_ctr_enc_tv_template[] = { .klen = 32, .iv = "\xE2\x24\x89\xEE\x53\xB8\x1D\x5F" "\xC4\x29\x8E\xF3\x35\x9A\xFF\x64", - .input = "\x56\xED\x84\x1B\x8F\x26\xBD\x31" + .ptext = "\x56\xED\x84\x1B\x8F\x26\xBD\x31" "\xC8\x5F\xF6\x6A\x01\x98\x0C\xA3" "\x3A\xD1\x45\xDC\x73\x0A\x7E\x15" "\xAC\x20\xB7\x4E\xE5\x59\xF0\x87" @@ -9900,8 +7774,7 @@ static const struct cipher_testvec tf_ctr_enc_tv_template[] = { "\xF8\x8F\x03\x9A\x31\xC8\x3C\xD3" "\x6A\x01\x75\x0C\xA3\x17\xAE\x45" "\xDC\x50\xE7\x7E\x15\x89\x20\xB7", - .ilen = 496, - .result = "\xDF\xDD\x69\xFA\xB0\x2E\xFD\xFE" + .ctext = "\xDF\xDD\x69\xFA\xB0\x2E\xFD\xFE" "\x70\x9E\xC5\x4B\xC9\xD4\xA1\x30" "\x26\x9B\x89\xA1\xEE\x43\xE0\x52" "\x55\x17\x4E\xC7\x0E\x33\x1F\xF1" @@ -9963,7 +7836,7 @@ static const struct cipher_testvec tf_ctr_enc_tv_template[] = { "\xE8\x47\x2A\x4D\xFD\xA1\xBC\xE3" "\xB9\x32\xE2\xC1\x82\xAC\xFE\xCC" "\xC5\xC9\x7F\x9E\xCF\x33\x7A\xDF", - .rlen = 496, + .len = 496, }, { /* Generated with Crypto++ */ .key = "\x85\x62\x3F\x1C\xF9\xD6\x1C\xF9" "\xD6\xB3\x90\x6D\x4A\x90\x6D\x4A" @@ -9972,7 +7845,7 @@ static const struct cipher_testvec tf_ctr_enc_tv_template[] = { .klen = 32, .iv = "\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF" "\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFD", - .input = "\x56\xED\x84\x1B\x8F\x26\xBD\x31" + .ptext = "\x56\xED\x84\x1B\x8F\x26\xBD\x31" "\xC8\x5F\xF6\x6A\x01\x98\x0C\xA3" "\x3A\xD1\x45\xDC\x73\x0A\x7E\x15" "\xAC\x20\xB7\x4E\xE5\x59\xF0\x87" @@ -10034,8 +7907,7 @@ static const struct cipher_testvec tf_ctr_enc_tv_template[] = { "\xF8\x8F\x03\x9A\x31\xC8\x3C\xD3" "\x6A\x01\x75\x0C\xA3\x17\xAE\x45" "\xDC\x50\xE7\x7E\x15\x89\x20\xB7", - .ilen = 496, - .result = "\xEB\x44\xAF\x49\x27\xB8\xFB\x44" + .ctext = "\xEB\x44\xAF\x49\x27\xB8\xFB\x44" "\x4C\xA6\xC3\x0C\x8B\xD0\x01\x0C" "\x53\xC8\x16\x38\xDE\x40\x4F\x91" "\x25\x6D\x4C\xA0\x9A\x87\x1E\xDA" @@ -10097,7 +7969,7 @@ static const struct cipher_testvec tf_ctr_enc_tv_template[] = { "\x4C\xB6\xF8\xF4\x5F\x48\x52\x54" "\x94\x63\xA8\x4E\xCF\xD2\x1B\x1B" "\x22\x18\x6A\xAF\x6E\x3E\xE1\x0D", - .rlen = 496, + .len = 496, }, { /* Generated with Crypto++ */ .key = "\x85\x62\x3F\x1C\xF9\xD6\x1C\xF9" "\xD6\xB3\x90\x6D\x4A\x90\x6D\x4A" @@ -10106,7 +7978,7 @@ static const struct cipher_testvec tf_ctr_enc_tv_template[] = { .klen = 32, .iv = "\xE2\x24\x89\xEE\x53\xB8\x1D\x5F" "\xC4\x29\x8E\xF3\x35\x9A\xFF\x64", - .input = "\x56\xED\x84\x1B\x8F\x26\xBD\x31" + .ptext = "\x56\xED\x84\x1B\x8F\x26\xBD\x31" "\xC8\x5F\xF6\x6A\x01\x98\x0C\xA3" "\x3A\xD1\x45\xDC\x73\x0A\x7E\x15" "\xAC\x20\xB7\x4E\xE5\x59\xF0\x87" @@ -10169,355 +8041,7 @@ static const struct cipher_testvec tf_ctr_enc_tv_template[] = { "\x6A\x01\x75\x0C\xA3\x17\xAE\x45" "\xDC\x50\xE7\x7E\x15\x89\x20\xB7" "\x2B\xC2\x59", - .ilen = 499, - .result = "\xDF\xDD\x69\xFA\xB0\x2E\xFD\xFE" - "\x70\x9E\xC5\x4B\xC9\xD4\xA1\x30" - "\x26\x9B\x89\xA1\xEE\x43\xE0\x52" - "\x55\x17\x4E\xC7\x0E\x33\x1F\xF1" - "\x9F\x8D\x40\x9F\x24\xFD\x92\xA0" - "\xBC\x8F\x35\xDD\x67\x38\xD8\xAA" - "\xCF\xF8\x48\xCA\xFB\xE4\x5C\x60" - "\x01\x41\x21\x12\x38\xAB\x52\x4F" - "\xA8\x57\x20\xE0\x21\x6A\x17\x0D" - "\x0E\xF9\x8E\x49\x42\x00\x3C\x94" - "\x14\xC0\xD0\x8D\x8A\x98\xEB\x29" - "\xEC\xAE\x96\x44\xC0\x3C\x48\xDC" - "\x29\x35\x25\x2F\xE7\x11\x6C\x68" - "\xC8\x67\x0A\x2F\xF4\x07\xBE\xF9" - "\x2C\x31\x87\x40\xAB\xB2\xB6\xFA" - "\xD2\xC9\x6D\x5C\x50\xE9\xE6\x7E" - "\xE3\x0A\xD2\xD5\x6D\x8D\x64\x9E" - "\x70\xCE\x03\x76\xDD\xE0\xF0\x8C" - "\x84\x86\x8B\x6A\xFE\xC7\xF9\x69" - "\x2E\xFE\xFC\xC2\xC4\x1A\x55\x58" - "\xB3\xBE\xE2\x7E\xED\x39\x42\x6C" - "\xB4\x42\x97\x9A\xEC\xE1\x0A\x06" - "\x02\xC5\x03\x9D\xC4\x48\x15\x66" - "\x35\x6A\xC2\xC9\xA2\x26\x30\xBB" - "\xDB\x2D\xC8\x08\x2B\xA0\x29\x1A" - "\x23\x61\x48\xEA\x80\x04\x27\xAA" - "\x69\x49\xE8\xE8\x4A\x83\x6B\x5A" - "\xCA\x7C\xD3\xB1\xB5\x0B\xCC\x23" - "\x74\x1F\xA9\x87\xCD\xED\xC0\x2D" - "\xBF\xEB\xCF\x16\x2D\x2A\x2E\x1D" - "\x96\xBA\x36\x11\x45\x41\xDA\xCE" - "\xA4\x48\x80\x8B\x06\xF4\x98\x89" - "\x8B\x23\x08\x53\xF4\xD4\x5A\x24" - "\x8B\xF8\x43\x73\xD1\xEE\xC4\xB0" - "\xF8\xFE\x09\x0C\x75\x05\x38\x0B" - "\x7C\x81\xDE\x9D\xE4\x61\x37\x63" - "\x63\xAD\x12\xD2\x04\xB9\xCE\x45" - "\x5A\x1A\x6E\xB3\x78\x2A\xA4\x74" - "\x86\xD0\xE3\xFF\xDA\x38\x9C\xB5" - "\xB8\xB1\xDB\x38\x2F\xC5\x6A\xB4" - "\xEB\x6E\x96\xE8\x43\x80\xB5\x51" - "\x61\x2D\x48\xAA\x07\x65\x11\x8C" - "\x48\xE3\x90\x7E\x78\x3A\xEC\x97" - "\x05\x3D\x84\xE7\x90\x2B\xAA\xBD" - "\x83\x29\x0E\x1A\x81\x73\x7B\xE0" - "\x7A\x01\x4A\x37\x3B\x77\x7F\x8D" - "\x49\xA4\x2F\x6E\xBE\x68\x99\x08" - "\x99\xAA\x4C\x12\x04\xAE\x1F\x77" - "\x35\x88\xF1\x65\x06\x0A\x0B\x4D" - "\x47\xF9\x50\x38\x5D\x71\xF9\x6E" - "\xDE\xEC\x61\x35\x2C\x4C\x96\x50" - "\xE8\x28\x93\x9C\x7E\x01\xC6\x04" - "\xB2\xD6\xBC\x6C\x17\xEB\xC1\x7D" - "\x11\xE9\x43\x83\x76\xAA\x53\x37" - "\x0C\x1D\x39\x89\x53\x72\x09\x7E" - "\xD9\x85\x16\x04\xA5\x2C\x05\x6F" - "\x17\x0C\x6E\x66\xAA\x84\xA7\xD9" - "\xE2\xD9\xC4\xEB\x43\x3E\xB1\x8D" - "\x7C\x36\xC7\x71\x70\x9C\x10\xD8" - "\xE8\x47\x2A\x4D\xFD\xA1\xBC\xE3" - "\xB9\x32\xE2\xC1\x82\xAC\xFE\xCC" - "\xC5\xC9\x7F\x9E\xCF\x33\x7A\xDF" - "\x6C\x82\x9D", - .rlen = 499, - .also_non_np = 1, - .np = 2, - .tap = { 499 - 16, 16 }, - }, -}; - -static const struct cipher_testvec tf_ctr_dec_tv_template[] = { - { /* Generated with Crypto++ */ - .key = "\x85\x62\x3F\x1C\xF9\xD6\x1C\xF9" - "\xD6\xB3\x90\x6D\x4A\x90\x6D\x4A" - "\x27\x04\xE1\x27\x04\xE1\xBE\x9B" - "\x78\xBE\x9B\x78\x55\x32\x0F\x55", - .klen = 32, - .iv = "\xE2\x24\x89\xEE\x53\xB8\x1D\x5F" - "\xC4\x29\x8E\xF3\x35\x9A\xFF\x64", - .input = "\xDF\xDD\x69\xFA\xB0\x2E\xFD\xFE" - "\x70\x9E\xC5\x4B\xC9\xD4\xA1\x30" - "\x26\x9B\x89\xA1\xEE\x43\xE0\x52" - "\x55\x17\x4E\xC7\x0E\x33\x1F\xF1" - "\x9F\x8D\x40\x9F\x24\xFD\x92\xA0" - "\xBC\x8F\x35\xDD\x67\x38\xD8\xAA" - "\xCF\xF8\x48\xCA\xFB\xE4\x5C\x60" - "\x01\x41\x21\x12\x38\xAB\x52\x4F" - "\xA8\x57\x20\xE0\x21\x6A\x17\x0D" - "\x0E\xF9\x8E\x49\x42\x00\x3C\x94" - "\x14\xC0\xD0\x8D\x8A\x98\xEB\x29" - "\xEC\xAE\x96\x44\xC0\x3C\x48\xDC" - "\x29\x35\x25\x2F\xE7\x11\x6C\x68" - "\xC8\x67\x0A\x2F\xF4\x07\xBE\xF9" - "\x2C\x31\x87\x40\xAB\xB2\xB6\xFA" - "\xD2\xC9\x6D\x5C\x50\xE9\xE6\x7E" - "\xE3\x0A\xD2\xD5\x6D\x8D\x64\x9E" - "\x70\xCE\x03\x76\xDD\xE0\xF0\x8C" - "\x84\x86\x8B\x6A\xFE\xC7\xF9\x69" - "\x2E\xFE\xFC\xC2\xC4\x1A\x55\x58" - "\xB3\xBE\xE2\x7E\xED\x39\x42\x6C" - "\xB4\x42\x97\x9A\xEC\xE1\x0A\x06" - "\x02\xC5\x03\x9D\xC4\x48\x15\x66" - "\x35\x6A\xC2\xC9\xA2\x26\x30\xBB" - "\xDB\x2D\xC8\x08\x2B\xA0\x29\x1A" - "\x23\x61\x48\xEA\x80\x04\x27\xAA" - "\x69\x49\xE8\xE8\x4A\x83\x6B\x5A" - "\xCA\x7C\xD3\xB1\xB5\x0B\xCC\x23" - "\x74\x1F\xA9\x87\xCD\xED\xC0\x2D" - "\xBF\xEB\xCF\x16\x2D\x2A\x2E\x1D" - "\x96\xBA\x36\x11\x45\x41\xDA\xCE" - "\xA4\x48\x80\x8B\x06\xF4\x98\x89" - "\x8B\x23\x08\x53\xF4\xD4\x5A\x24" - "\x8B\xF8\x43\x73\xD1\xEE\xC4\xB0" - "\xF8\xFE\x09\x0C\x75\x05\x38\x0B" - "\x7C\x81\xDE\x9D\xE4\x61\x37\x63" - "\x63\xAD\x12\xD2\x04\xB9\xCE\x45" - "\x5A\x1A\x6E\xB3\x78\x2A\xA4\x74" - "\x86\xD0\xE3\xFF\xDA\x38\x9C\xB5" - "\xB8\xB1\xDB\x38\x2F\xC5\x6A\xB4" - "\xEB\x6E\x96\xE8\x43\x80\xB5\x51" - "\x61\x2D\x48\xAA\x07\x65\x11\x8C" - "\x48\xE3\x90\x7E\x78\x3A\xEC\x97" - "\x05\x3D\x84\xE7\x90\x2B\xAA\xBD" - "\x83\x29\x0E\x1A\x81\x73\x7B\xE0" - "\x7A\x01\x4A\x37\x3B\x77\x7F\x8D" - "\x49\xA4\x2F\x6E\xBE\x68\x99\x08" - "\x99\xAA\x4C\x12\x04\xAE\x1F\x77" - "\x35\x88\xF1\x65\x06\x0A\x0B\x4D" - "\x47\xF9\x50\x38\x5D\x71\xF9\x6E" - "\xDE\xEC\x61\x35\x2C\x4C\x96\x50" - "\xE8\x28\x93\x9C\x7E\x01\xC6\x04" - "\xB2\xD6\xBC\x6C\x17\xEB\xC1\x7D" - "\x11\xE9\x43\x83\x76\xAA\x53\x37" - "\x0C\x1D\x39\x89\x53\x72\x09\x7E" - "\xD9\x85\x16\x04\xA5\x2C\x05\x6F" - "\x17\x0C\x6E\x66\xAA\x84\xA7\xD9" - "\xE2\xD9\xC4\xEB\x43\x3E\xB1\x8D" - "\x7C\x36\xC7\x71\x70\x9C\x10\xD8" - "\xE8\x47\x2A\x4D\xFD\xA1\xBC\xE3" - "\xB9\x32\xE2\xC1\x82\xAC\xFE\xCC" - "\xC5\xC9\x7F\x9E\xCF\x33\x7A\xDF", - .ilen = 496, - .result = "\x56\xED\x84\x1B\x8F\x26\xBD\x31" - "\xC8\x5F\xF6\x6A\x01\x98\x0C\xA3" - "\x3A\xD1\x45\xDC\x73\x0A\x7E\x15" - "\xAC\x20\xB7\x4E\xE5\x59\xF0\x87" - "\x1E\x92\x29\xC0\x34\xCB\x62\xF9" - "\x6D\x04\x9B\x0F\xA6\x3D\xD4\x48" - "\xDF\x76\x0D\x81\x18\xAF\x23\xBA" - "\x51\xE8\x5C\xF3\x8A\x21\x95\x2C" - "\xC3\x37\xCE\x65\xFC\x70\x07\x9E" - "\x12\xA9\x40\xD7\x4B\xE2\x79\x10" - "\x84\x1B\xB2\x26\xBD\x54\xEB\x5F" - "\xF6\x8D\x01\x98\x2F\xC6\x3A\xD1" - "\x68\xFF\x73\x0A\xA1\x15\xAC\x43" - "\xDA\x4E\xE5\x7C\x13\x87\x1E\xB5" - "\x29\xC0\x57\xEE\x62\xF9\x90\x04" - "\x9B\x32\xC9\x3D\xD4\x6B\x02\x76" - "\x0D\xA4\x18\xAF\x46\xDD\x51\xE8" - "\x7F\x16\x8A\x21\xB8\x2C\xC3\x5A" - "\xF1\x65\xFC\x93\x07\x9E\x35\xCC" - "\x40\xD7\x6E\x05\x79\x10\xA7\x1B" - "\xB2\x49\xE0\x54\xEB\x82\x19\x8D" - "\x24\xBB\x2F\xC6\x5D\xF4\x68\xFF" - "\x96\x0A\xA1\x38\xCF\x43\xDA\x71" - "\x08\x7C\x13\xAA\x1E\xB5\x4C\xE3" - "\x57\xEE\x85\x1C\x90\x27\xBE\x32" - "\xC9\x60\xF7\x6B\x02\x99\x0D\xA4" - "\x3B\xD2\x46\xDD\x74\x0B\x7F\x16" - "\xAD\x21\xB8\x4F\xE6\x5A\xF1\x88" - "\x1F\x93\x2A\xC1\x35\xCC\x63\xFA" - "\x6E\x05\x9C\x10\xA7\x3E\xD5\x49" - "\xE0\x77\x0E\x82\x19\xB0\x24\xBB" - "\x52\xE9\x5D\xF4\x8B\x22\x96\x2D" - "\xC4\x38\xCF\x66\xFD\x71\x08\x9F" - "\x13\xAA\x41\xD8\x4C\xE3\x7A\x11" - "\x85\x1C\xB3\x27\xBE\x55\xEC\x60" - "\xF7\x8E\x02\x99\x30\xC7\x3B\xD2" - "\x69\x00\x74\x0B\xA2\x16\xAD\x44" - "\xDB\x4F\xE6\x7D\x14\x88\x1F\xB6" - "\x2A\xC1\x58\xEF\x63\xFA\x91\x05" - "\x9C\x33\xCA\x3E\xD5\x6C\x03\x77" - "\x0E\xA5\x19\xB0\x47\xDE\x52\xE9" - "\x80\x17\x8B\x22\xB9\x2D\xC4\x5B" - "\xF2\x66\xFD\x94\x08\x9F\x36\xCD" - "\x41\xD8\x6F\x06\x7A\x11\xA8\x1C" - "\xB3\x4A\xE1\x55\xEC\x83\x1A\x8E" - "\x25\xBC\x30\xC7\x5E\xF5\x69\x00" - "\x97\x0B\xA2\x39\xD0\x44\xDB\x72" - "\x09\x7D\x14\xAB\x1F\xB6\x4D\xE4" - "\x58\xEF\x86\x1D\x91\x28\xBF\x33" - "\xCA\x61\xF8\x6C\x03\x9A\x0E\xA5" - "\x3C\xD3\x47\xDE\x75\x0C\x80\x17" - "\xAE\x22\xB9\x50\xE7\x5B\xF2\x89" - "\x20\x94\x2B\xC2\x36\xCD\x64\xFB" - "\x6F\x06\x9D\x11\xA8\x3F\xD6\x4A" - "\xE1\x78\x0F\x83\x1A\xB1\x25\xBC" - "\x53\xEA\x5E\xF5\x8C\x00\x97\x2E" - "\xC5\x39\xD0\x67\xFE\x72\x09\xA0" - "\x14\xAB\x42\xD9\x4D\xE4\x7B\x12" - "\x86\x1D\xB4\x28\xBF\x56\xED\x61" - "\xF8\x8F\x03\x9A\x31\xC8\x3C\xD3" - "\x6A\x01\x75\x0C\xA3\x17\xAE\x45" - "\xDC\x50\xE7\x7E\x15\x89\x20\xB7", - .rlen = 496, - }, { /* Generated with Crypto++ */ - .key = "\x85\x62\x3F\x1C\xF9\xD6\x1C\xF9" - "\xD6\xB3\x90\x6D\x4A\x90\x6D\x4A" - "\x27\x04\xE1\x27\x04\xE1\xBE\x9B" - "\x78\xBE\x9B\x78\x55\x32\x0F\x55", - .klen = 32, - .iv = "\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF" - "\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFD", - .input = "\xEB\x44\xAF\x49\x27\xB8\xFB\x44" - "\x4C\xA6\xC3\x0C\x8B\xD0\x01\x0C" - "\x53\xC8\x16\x38\xDE\x40\x4F\x91" - "\x25\x6D\x4C\xA0\x9A\x87\x1E\xDA" - "\x88\x7E\x89\xE9\x67\x2B\x83\xA2" - "\x5F\x2E\x23\x3E\x45\xB9\x77\x7B" - "\xA6\x7E\x47\x36\x81\x9F\x9B\xF3" - "\xE0\xF0\xD7\x47\xA9\xC8\xEF\x33" - "\x0C\x43\xFE\x67\x50\x0A\x2C\x3E" - "\xA0\xE1\x25\x8E\x80\x07\x4A\xC0" - "\x64\x89\x9F\x6A\x27\x96\x07\xA6" - "\x9B\xC8\x1B\x21\x60\xAE\x5D\x01" - "\xE2\xCD\xC8\xAA\x6C\x9D\x1C\x34" - "\x39\x18\x09\xA4\x82\x59\x78\xE7" - "\xFC\x59\x65\xF2\x94\xFF\xFB\xE2" - "\x3C\xDA\xB1\x90\x95\xBF\x91\xE3" - "\xE6\x87\x31\x9E\x16\x85\xAD\xB1" - "\x4C\xAE\x43\x4D\x19\x58\xB5\x5E" - "\x2E\xF5\x09\xAA\x39\xF4\xC0\xB3" - "\xD4\x4D\xDB\x73\x7A\xD4\xF1\xBF" - "\x89\x16\x4D\x2D\xA2\x26\x33\x72" - "\x18\x33\x7E\xD6\xD2\x16\xA4\x54" - "\xF4\x8C\xB3\x52\xDF\x21\x9C\xEB" - "\xBF\x49\xD3\xF9\x05\x06\xCB\xD2" - "\xA9\xD2\x3B\x6E\x19\x8C\xBC\x19" - "\xAB\x89\xD6\xD8\xCD\x56\x89\x5E" - "\xAC\x00\xE3\x50\x63\x4A\x80\x9A" - "\x05\xBC\x50\x39\xD3\x32\xD9\x0D" - "\xE3\x20\x0D\x75\x54\xEC\xE6\x31" - "\x14\xB9\x3A\x59\x00\x43\x37\x8E" - "\x8C\x5A\x79\x62\x14\x76\x8A\xAE" - "\x8F\xCC\xA1\x6C\x38\x78\xDD\x2D" - "\x8B\x6D\xEA\xBD\x7B\x25\xFF\x60" - "\xC9\x87\xB1\x79\x1E\xA5\x86\x68" - "\x81\xB4\xE2\xC1\x05\x7D\x3A\x73" - "\xD0\xDA\x75\x77\x9E\x05\x27\xF1" - "\x08\xA9\x66\x64\x6C\xBC\x82\x17" - "\x2C\x23\x5F\x62\x4D\x02\x1A\x58" - "\xE7\xB7\x23\x6D\xE2\x20\xDA\xEF" - "\xB4\xB3\x3F\xB2\x2B\x69\x98\x83" - "\x95\x87\x13\x57\x60\xD7\xB5\xB1" - "\xEE\x0A\x2F\x95\x36\x4C\x76\x5D" - "\x5F\xD9\x19\xED\xB9\xA5\x48\xBF" - "\xC8\xAB\x0F\x71\xCC\x61\x8E\x0A" - "\xD0\x29\x44\xA8\xB9\xC1\xE8\xC8" - "\xC9\xA8\x28\x81\xFB\x50\xF2\xF0" - "\x26\xAE\x39\xB8\x91\xCD\xA8\xAC" - "\xDE\x55\x1B\x50\x14\x53\x44\x17" - "\x54\x46\xFC\xB1\xE4\x07\x6B\x9A" - "\x01\x14\xF0\x2E\x2E\xDB\x46\x1B" - "\x1A\x09\x97\xA9\xB6\x97\x79\x06" - "\xFB\xCB\x85\xCF\xDD\xA1\x41\xB1" - "\x00\xAA\xF7\xE0\x89\x73\xFB\xE5" - "\xBF\x84\xDB\xC9\xCD\xC4\xA2\x0D" - "\x3B\xAC\xF9\xDF\x96\xBF\x88\x23" - "\x41\x67\xA1\x24\x99\x7E\xCC\x9B" - "\x02\x8F\x6A\x49\xF6\x25\xBA\x7A" - "\xF4\x78\xFD\x79\x62\x63\x4F\x14" - "\xD6\x11\x11\x04\x05\x5F\x7E\xEA" - "\x4C\xB6\xF8\xF4\x5F\x48\x52\x54" - "\x94\x63\xA8\x4E\xCF\xD2\x1B\x1B" - "\x22\x18\x6A\xAF\x6E\x3E\xE1\x0D", - .ilen = 496, - .result = "\x56\xED\x84\x1B\x8F\x26\xBD\x31" - "\xC8\x5F\xF6\x6A\x01\x98\x0C\xA3" - "\x3A\xD1\x45\xDC\x73\x0A\x7E\x15" - "\xAC\x20\xB7\x4E\xE5\x59\xF0\x87" - "\x1E\x92\x29\xC0\x34\xCB\x62\xF9" - "\x6D\x04\x9B\x0F\xA6\x3D\xD4\x48" - "\xDF\x76\x0D\x81\x18\xAF\x23\xBA" - "\x51\xE8\x5C\xF3\x8A\x21\x95\x2C" - "\xC3\x37\xCE\x65\xFC\x70\x07\x9E" - "\x12\xA9\x40\xD7\x4B\xE2\x79\x10" - "\x84\x1B\xB2\x26\xBD\x54\xEB\x5F" - "\xF6\x8D\x01\x98\x2F\xC6\x3A\xD1" - "\x68\xFF\x73\x0A\xA1\x15\xAC\x43" - "\xDA\x4E\xE5\x7C\x13\x87\x1E\xB5" - "\x29\xC0\x57\xEE\x62\xF9\x90\x04" - "\x9B\x32\xC9\x3D\xD4\x6B\x02\x76" - "\x0D\xA4\x18\xAF\x46\xDD\x51\xE8" - "\x7F\x16\x8A\x21\xB8\x2C\xC3\x5A" - "\xF1\x65\xFC\x93\x07\x9E\x35\xCC" - "\x40\xD7\x6E\x05\x79\x10\xA7\x1B" - "\xB2\x49\xE0\x54\xEB\x82\x19\x8D" - "\x24\xBB\x2F\xC6\x5D\xF4\x68\xFF" - "\x96\x0A\xA1\x38\xCF\x43\xDA\x71" - "\x08\x7C\x13\xAA\x1E\xB5\x4C\xE3" - "\x57\xEE\x85\x1C\x90\x27\xBE\x32" - "\xC9\x60\xF7\x6B\x02\x99\x0D\xA4" - "\x3B\xD2\x46\xDD\x74\x0B\x7F\x16" - "\xAD\x21\xB8\x4F\xE6\x5A\xF1\x88" - "\x1F\x93\x2A\xC1\x35\xCC\x63\xFA" - "\x6E\x05\x9C\x10\xA7\x3E\xD5\x49" - "\xE0\x77\x0E\x82\x19\xB0\x24\xBB" - "\x52\xE9\x5D\xF4\x8B\x22\x96\x2D" - "\xC4\x38\xCF\x66\xFD\x71\x08\x9F" - "\x13\xAA\x41\xD8\x4C\xE3\x7A\x11" - "\x85\x1C\xB3\x27\xBE\x55\xEC\x60" - "\xF7\x8E\x02\x99\x30\xC7\x3B\xD2" - "\x69\x00\x74\x0B\xA2\x16\xAD\x44" - "\xDB\x4F\xE6\x7D\x14\x88\x1F\xB6" - "\x2A\xC1\x58\xEF\x63\xFA\x91\x05" - "\x9C\x33\xCA\x3E\xD5\x6C\x03\x77" - "\x0E\xA5\x19\xB0\x47\xDE\x52\xE9" - "\x80\x17\x8B\x22\xB9\x2D\xC4\x5B" - "\xF2\x66\xFD\x94\x08\x9F\x36\xCD" - "\x41\xD8\x6F\x06\x7A\x11\xA8\x1C" - "\xB3\x4A\xE1\x55\xEC\x83\x1A\x8E" - "\x25\xBC\x30\xC7\x5E\xF5\x69\x00" - "\x97\x0B\xA2\x39\xD0\x44\xDB\x72" - "\x09\x7D\x14\xAB\x1F\xB6\x4D\xE4" - "\x58\xEF\x86\x1D\x91\x28\xBF\x33" - "\xCA\x61\xF8\x6C\x03\x9A\x0E\xA5" - "\x3C\xD3\x47\xDE\x75\x0C\x80\x17" - "\xAE\x22\xB9\x50\xE7\x5B\xF2\x89" - "\x20\x94\x2B\xC2\x36\xCD\x64\xFB" - "\x6F\x06\x9D\x11\xA8\x3F\xD6\x4A" - "\xE1\x78\x0F\x83\x1A\xB1\x25\xBC" - "\x53\xEA\x5E\xF5\x8C\x00\x97\x2E" - "\xC5\x39\xD0\x67\xFE\x72\x09\xA0" - "\x14\xAB\x42\xD9\x4D\xE4\x7B\x12" - "\x86\x1D\xB4\x28\xBF\x56\xED\x61" - "\xF8\x8F\x03\x9A\x31\xC8\x3C\xD3" - "\x6A\x01\x75\x0C\xA3\x17\xAE\x45" - "\xDC\x50\xE7\x7E\x15\x89\x20\xB7", - .rlen = 496, - }, { /* Generated with Crypto++ */ - .key = "\x85\x62\x3F\x1C\xF9\xD6\x1C\xF9" - "\xD6\xB3\x90\x6D\x4A\x90\x6D\x4A" - "\x27\x04\xE1\x27\x04\xE1\xBE\x9B" - "\x78\xBE\x9B\x78\x55\x32\x0F\x55", - .klen = 32, - .iv = "\xE2\x24\x89\xEE\x53\xB8\x1D\x5F" - "\xC4\x29\x8E\xF3\x35\x9A\xFF\x64", - .input = "\xDF\xDD\x69\xFA\xB0\x2E\xFD\xFE" + .ctext = "\xDF\xDD\x69\xFA\xB0\x2E\xFD\xFE" "\x70\x9E\xC5\x4B\xC9\xD4\xA1\x30" "\x26\x9B\x89\xA1\xEE\x43\xE0\x52" "\x55\x17\x4E\xC7\x0E\x33\x1F\xF1" @@ -10580,78 +8104,14 @@ static const struct cipher_testvec tf_ctr_dec_tv_template[] = { "\xB9\x32\xE2\xC1\x82\xAC\xFE\xCC" "\xC5\xC9\x7F\x9E\xCF\x33\x7A\xDF" "\x6C\x82\x9D", - .ilen = 499, - .result = "\x56\xED\x84\x1B\x8F\x26\xBD\x31" - "\xC8\x5F\xF6\x6A\x01\x98\x0C\xA3" - "\x3A\xD1\x45\xDC\x73\x0A\x7E\x15" - "\xAC\x20\xB7\x4E\xE5\x59\xF0\x87" - "\x1E\x92\x29\xC0\x34\xCB\x62\xF9" - "\x6D\x04\x9B\x0F\xA6\x3D\xD4\x48" - "\xDF\x76\x0D\x81\x18\xAF\x23\xBA" - "\x51\xE8\x5C\xF3\x8A\x21\x95\x2C" - "\xC3\x37\xCE\x65\xFC\x70\x07\x9E" - "\x12\xA9\x40\xD7\x4B\xE2\x79\x10" - "\x84\x1B\xB2\x26\xBD\x54\xEB\x5F" - "\xF6\x8D\x01\x98\x2F\xC6\x3A\xD1" - "\x68\xFF\x73\x0A\xA1\x15\xAC\x43" - "\xDA\x4E\xE5\x7C\x13\x87\x1E\xB5" - "\x29\xC0\x57\xEE\x62\xF9\x90\x04" - "\x9B\x32\xC9\x3D\xD4\x6B\x02\x76" - "\x0D\xA4\x18\xAF\x46\xDD\x51\xE8" - "\x7F\x16\x8A\x21\xB8\x2C\xC3\x5A" - "\xF1\x65\xFC\x93\x07\x9E\x35\xCC" - "\x40\xD7\x6E\x05\x79\x10\xA7\x1B" - "\xB2\x49\xE0\x54\xEB\x82\x19\x8D" - "\x24\xBB\x2F\xC6\x5D\xF4\x68\xFF" - "\x96\x0A\xA1\x38\xCF\x43\xDA\x71" - "\x08\x7C\x13\xAA\x1E\xB5\x4C\xE3" - "\x57\xEE\x85\x1C\x90\x27\xBE\x32" - "\xC9\x60\xF7\x6B\x02\x99\x0D\xA4" - "\x3B\xD2\x46\xDD\x74\x0B\x7F\x16" - "\xAD\x21\xB8\x4F\xE6\x5A\xF1\x88" - "\x1F\x93\x2A\xC1\x35\xCC\x63\xFA" - "\x6E\x05\x9C\x10\xA7\x3E\xD5\x49" - "\xE0\x77\x0E\x82\x19\xB0\x24\xBB" - "\x52\xE9\x5D\xF4\x8B\x22\x96\x2D" - "\xC4\x38\xCF\x66\xFD\x71\x08\x9F" - "\x13\xAA\x41\xD8\x4C\xE3\x7A\x11" - "\x85\x1C\xB3\x27\xBE\x55\xEC\x60" - "\xF7\x8E\x02\x99\x30\xC7\x3B\xD2" - "\x69\x00\x74\x0B\xA2\x16\xAD\x44" - "\xDB\x4F\xE6\x7D\x14\x88\x1F\xB6" - "\x2A\xC1\x58\xEF\x63\xFA\x91\x05" - "\x9C\x33\xCA\x3E\xD5\x6C\x03\x77" - "\x0E\xA5\x19\xB0\x47\xDE\x52\xE9" - "\x80\x17\x8B\x22\xB9\x2D\xC4\x5B" - "\xF2\x66\xFD\x94\x08\x9F\x36\xCD" - "\x41\xD8\x6F\x06\x7A\x11\xA8\x1C" - "\xB3\x4A\xE1\x55\xEC\x83\x1A\x8E" - "\x25\xBC\x30\xC7\x5E\xF5\x69\x00" - "\x97\x0B\xA2\x39\xD0\x44\xDB\x72" - "\x09\x7D\x14\xAB\x1F\xB6\x4D\xE4" - "\x58\xEF\x86\x1D\x91\x28\xBF\x33" - "\xCA\x61\xF8\x6C\x03\x9A\x0E\xA5" - "\x3C\xD3\x47\xDE\x75\x0C\x80\x17" - "\xAE\x22\xB9\x50\xE7\x5B\xF2\x89" - "\x20\x94\x2B\xC2\x36\xCD\x64\xFB" - "\x6F\x06\x9D\x11\xA8\x3F\xD6\x4A" - "\xE1\x78\x0F\x83\x1A\xB1\x25\xBC" - "\x53\xEA\x5E\xF5\x8C\x00\x97\x2E" - "\xC5\x39\xD0\x67\xFE\x72\x09\xA0" - "\x14\xAB\x42\xD9\x4D\xE4\x7B\x12" - "\x86\x1D\xB4\x28\xBF\x56\xED\x61" - "\xF8\x8F\x03\x9A\x31\xC8\x3C\xD3" - "\x6A\x01\x75\x0C\xA3\x17\xAE\x45" - "\xDC\x50\xE7\x7E\x15\x89\x20\xB7" - "\x2B\xC2\x59", - .rlen = 499, + .len = 499, .also_non_np = 1, .np = 2, .tap = { 499 - 16, 16 }, }, }; -static const struct cipher_testvec tf_lrw_enc_tv_template[] = { +static const struct cipher_testvec tf_lrw_tv_template[] = { /* Generated from AES-LRW test vectors */ { .key = "\x45\x62\xac\x25\xf8\x28\x17\x6d" @@ -10661,12 +8121,11 @@ static const struct cipher_testvec tf_lrw_enc_tv_template[] = { .klen = 32, .iv = "\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x01", - .input = "\x30\x31\x32\x33\x34\x35\x36\x37" + .ptext = "\x30\x31\x32\x33\x34\x35\x36\x37" "\x38\x39\x41\x42\x43\x44\x45\x46", - .ilen = 16, - .result = "\xa1\x6c\x50\x69\x26\xa4\xef\x7b" + .ctext = "\xa1\x6c\x50\x69\x26\xa4\xef\x7b" "\x7c\xc6\x91\xeb\x72\xdd\x9b\xee", - .rlen = 16, + .len = 16, }, { .key = "\x59\x70\x47\x14\xf5\x57\x47\x8c" "\xd7\x79\xe8\x0f\x54\x88\x79\x44" @@ -10675,12 +8134,11 @@ static const struct cipher_testvec tf_lrw_enc_tv_template[] = { .klen = 32, .iv = "\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x02", - .input = "\x30\x31\x32\x33\x34\x35\x36\x37" + .ptext = "\x30\x31\x32\x33\x34\x35\x36\x37" "\x38\x39\x41\x42\x43\x44\x45\x46", - .ilen = 16, - .result = "\xab\x72\x0a\xad\x3b\x0c\xf0\xc9" + .ctext = "\xab\x72\x0a\xad\x3b\x0c\xf0\xc9" "\x42\x2f\xf1\xae\xf1\x3c\xb1\xbd", - .rlen = 16, + .len = 16, }, { .key = "\xd8\x2a\x91\x34\xb2\x6a\x56\x50" "\x30\xfe\x69\xe2\x37\x7f\x98\x47" @@ -10689,12 +8147,11 @@ static const struct cipher_testvec tf_lrw_enc_tv_template[] = { .klen = 32, .iv = "\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x02\x00\x00\x00\x00", - .input = "\x30\x31\x32\x33\x34\x35\x36\x37" + .ptext = "\x30\x31\x32\x33\x34\x35\x36\x37" "\x38\x39\x41\x42\x43\x44\x45\x46", - .ilen = 16, - .result = "\x85\xa7\x56\x67\x08\xfa\x42\xe1" + .ctext = "\x85\xa7\x56\x67\x08\xfa\x42\xe1" "\x22\xe6\x82\xfc\xd9\xb4\xd7\xd4", - .rlen = 16, + .len = 16, }, { .key = "\x0f\x6a\xef\xf8\xd3\xd2\xbb\x15" "\x25\x83\xf7\x3c\x1f\x01\x28\x74" @@ -10704,12 +8161,11 @@ static const struct cipher_testvec tf_lrw_enc_tv_template[] = { .klen = 40, .iv = "\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x01", - .input = "\x30\x31\x32\x33\x34\x35\x36\x37" + .ptext = "\x30\x31\x32\x33\x34\x35\x36\x37" "\x38\x39\x41\x42\x43\x44\x45\x46", - .ilen = 16, - .result = "\xd2\xaf\x69\x35\x24\x1d\x0e\x1c" + .ctext = "\xd2\xaf\x69\x35\x24\x1d\x0e\x1c" "\x84\x8b\x05\xe4\xa2\x2f\x16\xf5", - .rlen = 16, + .len = 16, }, { .key = "\x8a\xd4\xee\x10\x2f\xbd\x81\xff" "\xf8\x86\xce\xac\x93\xc5\xad\xc6" @@ -10719,12 +8175,11 @@ static const struct cipher_testvec tf_lrw_enc_tv_template[] = { .klen = 40, .iv = "\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x02\x00\x00\x00\x00", - .input = "\x30\x31\x32\x33\x34\x35\x36\x37" + .ptext = "\x30\x31\x32\x33\x34\x35\x36\x37" "\x38\x39\x41\x42\x43\x44\x45\x46", - .ilen = 16, - .result = "\x4a\x23\x56\xd7\xff\x90\xd0\x9a" + .ctext = "\x4a\x23\x56\xd7\xff\x90\xd0\x9a" "\x0d\x7c\x26\xfc\xf0\xf0\xf6\xe4", - .rlen = 16, + .len = 16, }, { .key = "\xf8\xd4\x76\xff\xd6\x46\xee\x6c" "\x23\x84\xcb\x1c\x77\xd6\x19\x5d" @@ -10735,12 +8190,11 @@ static const struct cipher_testvec tf_lrw_enc_tv_template[] = { .klen = 48, .iv = "\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x01", - .input = "\x30\x31\x32\x33\x34\x35\x36\x37" + .ptext = "\x30\x31\x32\x33\x34\x35\x36\x37" "\x38\x39\x41\x42\x43\x44\x45\x46", - .ilen = 16, - .result = "\x30\xaf\x26\x05\x9d\x5d\x0a\x58" + .ctext = "\x30\xaf\x26\x05\x9d\x5d\x0a\x58" "\xe2\xe7\xce\x8a\xb2\x56\x6d\x76", - .rlen = 16, + .len = 16, }, { .key = "\xfb\x76\x15\xb2\x3d\x80\x89\x1d" "\xd4\x70\x98\x0b\xc7\x95\x84\xc8" @@ -10751,12 +8205,11 @@ static const struct cipher_testvec tf_lrw_enc_tv_template[] = { .klen = 48, .iv = "\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x02\x00\x00\x00\x00", - .input = "\x30\x31\x32\x33\x34\x35\x36\x37" + .ptext = "\x30\x31\x32\x33\x34\x35\x36\x37" "\x38\x39\x41\x42\x43\x44\x45\x46", - .ilen = 16, - .result = "\xdf\xcf\xdc\xd2\xe1\xcf\x86\x75" + .ctext = "\xdf\xcf\xdc\xd2\xe1\xcf\x86\x75" "\x17\x66\x5e\x0c\x14\xa1\x3d\x40", - .rlen = 16, + .len = 16, }, { .key = "\xf8\xd4\x76\xff\xd6\x46\xee\x6c" "\x23\x84\xcb\x1c\x77\xd6\x19\x5d" @@ -10767,7 +8220,7 @@ static const struct cipher_testvec tf_lrw_enc_tv_template[] = { .klen = 48, .iv = "\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x01", - .input = "\x05\x11\xb7\x18\xab\xc6\x2d\xac" + .ptext = "\x05\x11\xb7\x18\xab\xc6\x2d\xac" "\x70\x5d\xf6\x22\x94\xcd\xe5\x6c" "\x17\x6b\xf6\x1c\xf0\xf3\x6e\xf8" "\x50\x38\x1f\x71\x49\xb6\x57\xd6" @@ -10831,196 +8284,7 @@ static const struct cipher_testvec tf_lrw_enc_tv_template[] = { "\xa4\xc7\xa8\xb4\xf6\x13\x03\xf6" "\xe9\x2e\xc4\x29\x0f\x84\xdb\xc4" "\x21\xc4\xc2\x75\x67\x89\x37\x0a", - .ilen = 512, - .result = "\x30\x38\xeb\xaf\x12\x43\x1a\x89" - "\x62\xa2\x36\xe5\xcf\x77\x1e\xd9" - "\x08\xc3\x0d\xdd\x95\xab\x19\x96" - "\x27\x52\x41\xc3\xca\xfb\xf6\xee" - "\x40\x2d\xdf\xdd\x00\x0c\xb9\x0a" - "\x3a\xf0\xc0\xd1\xda\x63\x9e\x45" - "\x42\xe9\x29\xc0\xb4\x07\xb4\x31" - "\x66\x77\x72\xb5\xb6\xb3\x57\x46" - "\x34\x9a\xfe\x03\xaf\x6b\x36\x07" - "\x63\x8e\xc2\x5d\xa6\x0f\xb6\x7d" - "\xfb\x6d\x82\x51\xb6\x98\xd0\x71" - "\xe7\x10\x7a\xdf\xb2\xbd\xf1\x1d" - "\x72\x2b\x54\x13\xe3\x6d\x79\x37" - "\xa9\x39\x2c\xdf\x21\xab\x87\xd5" - "\xee\xef\x9a\x12\x50\x39\x2e\x1b" - "\x7d\xe6\x6a\x27\x48\xb9\xe7\xac" - "\xaa\xcd\x79\x5f\xf2\xf3\xa0\x08" - "\x6f\x2c\xf4\x0e\xd1\xb8\x89\x25" - "\x31\x9d\xef\xb1\x1d\x27\x55\x04" - "\xc9\x8c\xb7\x68\xdc\xb6\x67\x8a" - "\xdb\xcf\x22\xf2\x3b\x6f\xce\xbb" - "\x26\xbe\x4f\x27\x04\x42\xd1\x44" - "\x4c\x08\xa3\x95\x4c\x7f\x1a\xaf" - "\x1d\x28\x14\xfd\xb1\x1a\x34\x18" - "\xf5\x1e\x28\x69\x95\x6a\x5a\xba" - "\x8e\xb2\x58\x1d\x28\x17\x13\x3d" - "\x38\x7d\x14\x8d\xab\x5d\xf9\xe8" - "\x3c\x0f\x2b\x0d\x2b\x08\xb4\x4b" - "\x6b\x0d\xc8\xa7\x84\xc2\x3a\x1a" - "\xb7\xbd\xda\x92\x29\xb8\x5b\x5a" - "\x63\xa5\x99\x82\x09\x72\x8f\xc6" - "\xa4\x62\x24\x69\x8c\x2d\x26\x00" - "\x99\x83\x91\xd6\xc6\xcf\x57\x67" - "\x38\xea\xf2\xfc\x29\xe0\x73\x39" - "\xf9\x13\x94\x6d\xe2\x58\x28\x75" - "\x3e\xae\x71\x90\x07\x70\x1c\x38" - "\x5b\x4c\x1e\xb5\xa5\x3b\x20\xef" - "\xb1\x4c\x3e\x1a\x72\x62\xbb\x22" - "\x82\x09\xe3\x18\x3f\x4f\x48\xfc" - "\xdd\xac\xfc\xb6\x09\xdb\xd2\x7b" - "\xd6\xb7\x7e\x41\x2f\x14\xf5\x0e" - "\xc3\xac\x4a\xed\xe7\x82\xef\x31" - "\x1f\x1a\x51\x1e\x29\x60\xc8\x98" - "\x93\x51\x1d\x3d\x62\x59\x83\x82" - "\x0c\xf1\xd7\x8d\xac\x33\x44\x81" - "\x3c\x59\xb7\xd4\x5b\x65\x82\xc4" - "\xec\xdc\x24\xfd\x0e\x1a\x79\x94" - "\x34\xb0\x62\xfa\x98\x49\x26\x1f" - "\xf4\x9e\x40\x44\x5b\x1f\xf8\xbe" - "\x36\xff\xc6\xc6\x9d\xf2\xd6\xcc" - "\x63\x93\x29\xb9\x0b\x6d\xd7\x6c" - "\xdb\xf6\x21\x80\xf7\x5a\x37\x15" - "\x0c\xe3\x36\xc8\x74\x75\x20\x91" - "\xdf\x52\x2d\x0c\xe7\x45\xff\x46" - "\xb3\xf4\xec\xc2\xbd\xd3\x37\xb6" - "\x26\xa2\x5d\x7d\x61\xbf\x10\x46" - "\x57\x8d\x05\x96\x70\x0b\xd6\x41" - "\x5c\xe9\xd3\x54\x81\x39\x3a\xdd" - "\x5f\x92\x81\x6e\x35\x03\xd4\x72" - "\x3d\x5a\xe7\xb9\x3b\x0c\x84\x23" - "\x45\x5d\xec\x72\xc1\x52\xef\x2e" - "\x81\x00\xd3\xfe\x4c\x3c\x05\x61" - "\x80\x18\xc4\x6c\x03\xd3\xb7\xba" - "\x11\xd7\xb8\x6e\xea\xe1\x80\x30", - .rlen = 512, - .also_non_np = 1, - .np = 3, - .tap = { 512 - 20, 4, 16 }, - }, -}; - -static const struct cipher_testvec tf_lrw_dec_tv_template[] = { - /* Generated from AES-LRW test vectors */ - /* same as enc vectors with input and result reversed */ - { - .key = "\x45\x62\xac\x25\xf8\x28\x17\x6d" - "\x4c\x26\x84\x14\xb5\x68\x01\x85" - "\x25\x8e\x2a\x05\xe7\x3e\x9d\x03" - "\xee\x5a\x83\x0c\xcc\x09\x4c\x87", - .klen = 32, - .iv = "\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x01", - .input = "\xa1\x6c\x50\x69\x26\xa4\xef\x7b" - "\x7c\xc6\x91\xeb\x72\xdd\x9b\xee", - .ilen = 16, - .result = "\x30\x31\x32\x33\x34\x35\x36\x37" - "\x38\x39\x41\x42\x43\x44\x45\x46", - .rlen = 16, - }, { - .key = "\x59\x70\x47\x14\xf5\x57\x47\x8c" - "\xd7\x79\xe8\x0f\x54\x88\x79\x44" - "\x0d\x48\xf0\xb7\xb1\x5a\x53\xea" - "\x1c\xaa\x6b\x29\xc2\xca\xfb\xaf", - .klen = 32, - .iv = "\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x02", - .input = "\xab\x72\x0a\xad\x3b\x0c\xf0\xc9" - "\x42\x2f\xf1\xae\xf1\x3c\xb1\xbd", - .ilen = 16, - .result = "\x30\x31\x32\x33\x34\x35\x36\x37" - "\x38\x39\x41\x42\x43\x44\x45\x46", - .rlen = 16, - }, { - .key = "\xd8\x2a\x91\x34\xb2\x6a\x56\x50" - "\x30\xfe\x69\xe2\x37\x7f\x98\x47" - "\xcd\xf9\x0b\x16\x0c\x64\x8f\xb6" - "\xb0\x0d\x0d\x1b\xae\x85\x87\x1f", - .klen = 32, - .iv = "\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x02\x00\x00\x00\x00", - .input = "\x85\xa7\x56\x67\x08\xfa\x42\xe1" - "\x22\xe6\x82\xfc\xd9\xb4\xd7\xd4", - .ilen = 16, - .result = "\x30\x31\x32\x33\x34\x35\x36\x37" - "\x38\x39\x41\x42\x43\x44\x45\x46", - .rlen = 16, - }, { - .key = "\x0f\x6a\xef\xf8\xd3\xd2\xbb\x15" - "\x25\x83\xf7\x3c\x1f\x01\x28\x74" - "\xca\xc6\xbc\x35\x4d\x4a\x65\x54" - "\x90\xae\x61\xcf\x7b\xae\xbd\xcc" - "\xad\xe4\x94\xc5\x4a\x29\xae\x70", - .klen = 40, - .iv = "\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x01", - .input = "\xd2\xaf\x69\x35\x24\x1d\x0e\x1c" - "\x84\x8b\x05\xe4\xa2\x2f\x16\xf5", - .ilen = 16, - .result = "\x30\x31\x32\x33\x34\x35\x36\x37" - "\x38\x39\x41\x42\x43\x44\x45\x46", - .rlen = 16, - }, { - .key = "\x8a\xd4\xee\x10\x2f\xbd\x81\xff" - "\xf8\x86\xce\xac\x93\xc5\xad\xc6" - "\xa0\x19\x07\xc0\x9d\xf7\xbb\xdd" - "\x52\x13\xb2\xb7\xf0\xff\x11\xd8" - "\xd6\x08\xd0\xcd\x2e\xb1\x17\x6f", - .klen = 40, - .iv = "\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x02\x00\x00\x00\x00", - .input = "\x4a\x23\x56\xd7\xff\x90\xd0\x9a" - "\x0d\x7c\x26\xfc\xf0\xf0\xf6\xe4", - .ilen = 16, - .result = "\x30\x31\x32\x33\x34\x35\x36\x37" - "\x38\x39\x41\x42\x43\x44\x45\x46", - .rlen = 16, - }, { - .key = "\xf8\xd4\x76\xff\xd6\x46\xee\x6c" - "\x23\x84\xcb\x1c\x77\xd6\x19\x5d" - "\xfe\xf1\xa9\xf3\x7b\xbc\x8d\x21" - "\xa7\x9c\x21\xf8\xcb\x90\x02\x89" - "\xa8\x45\x34\x8e\xc8\xc5\xb5\xf1" - "\x26\xf5\x0e\x76\xfe\xfd\x1b\x1e", - .klen = 48, - .iv = "\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x01", - .input = "\x30\xaf\x26\x05\x9d\x5d\x0a\x58" - "\xe2\xe7\xce\x8a\xb2\x56\x6d\x76", - .ilen = 16, - .result = "\x30\x31\x32\x33\x34\x35\x36\x37" - "\x38\x39\x41\x42\x43\x44\x45\x46", - .rlen = 16, - }, { - .key = "\xfb\x76\x15\xb2\x3d\x80\x89\x1d" - "\xd4\x70\x98\x0b\xc7\x95\x84\xc8" - "\xb2\xfb\x64\xce\x60\x97\x87\x8d" - "\x17\xfc\xe4\x5a\x49\xe8\x30\xb7" - "\x6e\x78\x17\xe7\x2d\x5e\x12\xd4" - "\x60\x64\x04\x7a\xf1\x2f\x9e\x0c", - .klen = 48, - .iv = "\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x02\x00\x00\x00\x00", - .input = "\xdf\xcf\xdc\xd2\xe1\xcf\x86\x75" - "\x17\x66\x5e\x0c\x14\xa1\x3d\x40", - .ilen = 16, - .result = "\x30\x31\x32\x33\x34\x35\x36\x37" - "\x38\x39\x41\x42\x43\x44\x45\x46", - .rlen = 16, - }, { - .key = "\xf8\xd4\x76\xff\xd6\x46\xee\x6c" - "\x23\x84\xcb\x1c\x77\xd6\x19\x5d" - "\xfe\xf1\xa9\xf3\x7b\xbc\x8d\x21" - "\xa7\x9c\x21\xf8\xcb\x90\x02\x89" - "\xa8\x45\x34\x8e\xc8\xc5\xb5\xf1" - "\x26\xf5\x0e\x76\xfe\xfd\x1b\x1e", - .klen = 48, - .iv = "\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x01", - .input = "\x30\x38\xeb\xaf\x12\x43\x1a\x89" + .ctext = "\x30\x38\xeb\xaf\x12\x43\x1a\x89" "\x62\xa2\x36\xe5\xcf\x77\x1e\xd9" "\x08\xc3\x0d\xdd\x95\xab\x19\x96" "\x27\x52\x41\xc3\xca\xfb\xf6\xee" @@ -11084,79 +8348,14 @@ static const struct cipher_testvec tf_lrw_dec_tv_template[] = { "\x81\x00\xd3\xfe\x4c\x3c\x05\x61" "\x80\x18\xc4\x6c\x03\xd3\xb7\xba" "\x11\xd7\xb8\x6e\xea\xe1\x80\x30", - .ilen = 512, - .result = "\x05\x11\xb7\x18\xab\xc6\x2d\xac" - "\x70\x5d\xf6\x22\x94\xcd\xe5\x6c" - "\x17\x6b\xf6\x1c\xf0\xf3\x6e\xf8" - "\x50\x38\x1f\x71\x49\xb6\x57\xd6" - "\x8f\xcb\x8d\x6b\xe3\xa6\x29\x90" - "\xfe\x2a\x62\x82\xae\x6d\x8b\xf6" - "\xad\x1e\x9e\x20\x5f\x38\xbe\x04" - "\xda\x10\x8e\xed\xa2\xa4\x87\xab" - "\xda\x6b\xb4\x0c\x75\xba\xd3\x7c" - "\xc9\xac\x42\x31\x95\x7c\xc9\x04" - "\xeb\xd5\x6e\x32\x69\x8a\xdb\xa6" - "\x15\xd7\x3f\x4f\x2f\x66\x69\x03" - "\x9c\x1f\x54\x0f\xde\x1f\xf3\x65" - "\x4c\x96\x12\xed\x7c\x92\x03\x01" - "\x6f\xbc\x35\x93\xac\xf1\x27\xf1" - "\xb4\x96\x82\x5a\x5f\xb0\xa0\x50" - "\x89\xa4\x8e\x66\x44\x85\xcc\xfd" - "\x33\x14\x70\xe3\x96\xb2\xc3\xd3" - "\xbb\x54\x5a\x1a\xf9\x74\xa2\xc5" - "\x2d\x64\x75\xdd\xb4\x54\xe6\x74" - "\x8c\xd3\x9d\x9e\x86\xab\x51\x53" - "\xb7\x93\x3e\x6f\xd0\x4e\x2c\x40" - "\xf6\xa8\x2e\x3e\x9d\xf4\x66\xa5" - "\x76\x12\x73\x44\x1a\x56\xd7\x72" - "\x88\xcd\x21\x8c\x4c\x0f\xfe\xda" - "\x95\xe0\x3a\xa6\xa5\x84\x46\xcd" - "\xd5\x3e\x9d\x3a\xe2\x67\xe6\x60" - "\x1a\xe2\x70\x85\x58\xc2\x1b\x09" - "\xe1\xd7\x2c\xca\xad\xa8\x8f\xf9" - "\xac\xb3\x0e\xdb\xca\x2e\xe2\xb8" - "\x51\x71\xd9\x3c\x6c\xf1\x56\xf8" - "\xea\x9c\xf1\xfb\x0c\xe6\xb7\x10" - "\x1c\xf8\xa9\x7c\xe8\x53\x35\xc1" - "\x90\x3e\x76\x4a\x74\xa4\x21\x2c" - "\xf6\x2c\x4e\x0f\x94\x3a\x88\x2e" - "\x41\x09\x6a\x33\x7d\xf6\xdd\x3f" - "\x8d\x23\x31\x74\x84\xeb\x88\x6e" - "\xcc\xb9\xbc\x22\x83\x19\x07\x22" - "\xa5\x2d\xdf\xa5\xf3\x80\x85\x78" - "\x84\x39\x6a\x6d\x6a\x99\x4f\xa5" - "\x15\xfe\x46\xb0\xe4\x6c\xa5\x41" - "\x3c\xce\x8f\x42\x60\x71\xa7\x75" - "\x08\x40\x65\x8a\x82\xbf\xf5\x43" - "\x71\x96\xa9\x4d\x44\x8a\x20\xbe" - "\xfa\x4d\xbb\xc0\x7d\x31\x96\x65" - "\xe7\x75\xe5\x3e\xfd\x92\x3b\xc9" - "\x55\xbb\x16\x7e\xf7\xc2\x8c\xa4" - "\x40\x1d\xe5\xef\x0e\xdf\xe4\x9a" - "\x62\x73\x65\xfd\x46\x63\x25\x3d" - "\x2b\xaf\xe5\x64\xfe\xa5\x5c\xcf" - "\x24\xf3\xb4\xac\x64\xba\xdf\x4b" - "\xc6\x96\x7d\x81\x2d\x8d\x97\xf7" - "\xc5\x68\x77\x84\x32\x2b\xcc\x85" - "\x74\x96\xf0\x12\x77\x61\xb9\xeb" - "\x71\xaa\x82\xcb\x1c\xdb\x89\xc8" - "\xc6\xb5\xe3\x5c\x7d\x39\x07\x24" - "\xda\x39\x87\x45\xc0\x2b\xbb\x01" - "\xac\xbc\x2a\x5c\x7f\xfc\xe8\xce" - "\x6d\x9c\x6f\xed\xd3\xc1\xa1\xd6" - "\xc5\x55\xa9\x66\x2f\xe1\xc8\x32" - "\xa6\x5d\xa4\x3a\x98\x73\xe8\x45" - "\xa4\xc7\xa8\xb4\xf6\x13\x03\xf6" - "\xe9\x2e\xc4\x29\x0f\x84\xdb\xc4" - "\x21\xc4\xc2\x75\x67\x89\x37\x0a", - .rlen = 512, + .len = 512, .also_non_np = 1, .np = 3, .tap = { 512 - 20, 4, 16 }, }, }; -static const struct cipher_testvec tf_xts_enc_tv_template[] = { +static const struct cipher_testvec tf_xts_tv_template[] = { /* Generated from AES-XTS test vectors */ { .key = "\x00\x00\x00\x00\x00\x00\x00\x00" @@ -11166,16 +8365,15 @@ static const struct cipher_testvec tf_xts_enc_tv_template[] = { .klen = 32, .iv = "\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00", - .input = "\x00\x00\x00\x00\x00\x00\x00\x00" + .ptext = "\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00", - .ilen = 32, - .result = "\x4b\xc9\x44\x4a\x11\xa3\xef\xac" + .ctext = "\x4b\xc9\x44\x4a\x11\xa3\xef\xac" "\x30\x74\xe4\x44\x52\x77\x97\x43" "\xa7\x60\xb2\x45\x2e\xf9\x00\x90" "\x9f\xaa\xfd\x89\x6e\x9d\x4a\xe0", - .rlen = 32, + .len = 32, }, { .key = "\x11\x11\x11\x11\x11\x11\x11\x11" "\x11\x11\x11\x11\x11\x11\x11\x11" @@ -11184,16 +8382,15 @@ static const struct cipher_testvec tf_xts_enc_tv_template[] = { .klen = 32, .iv = "\x33\x33\x33\x33\x33\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00", - .input = "\x44\x44\x44\x44\x44\x44\x44\x44" + .ptext = "\x44\x44\x44\x44\x44\x44\x44\x44" "\x44\x44\x44\x44\x44\x44\x44\x44" "\x44\x44\x44\x44\x44\x44\x44\x44" "\x44\x44\x44\x44\x44\x44\x44\x44", - .ilen = 32, - .result = "\x57\x0e\x8f\xe5\x2a\x35\x61\x4f" + .ctext = "\x57\x0e\x8f\xe5\x2a\x35\x61\x4f" "\x32\xd3\xbd\x36\x05\x15\x44\x2c" "\x58\x06\xf7\xf8\x00\xa8\xb6\xd5" "\xc6\x28\x92\xdb\xd8\x34\xa2\xe9", - .rlen = 32, + .len = 32, }, { .key = "\xff\xfe\xfd\xfc\xfb\xfa\xf9\xf8" "\xf7\xf6\xf5\xf4\xf3\xf2\xf1\xf0" @@ -11202,16 +8399,15 @@ static const struct cipher_testvec tf_xts_enc_tv_template[] = { .klen = 32, .iv = "\x33\x33\x33\x33\x33\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00", - .input = "\x44\x44\x44\x44\x44\x44\x44\x44" + .ptext = "\x44\x44\x44\x44\x44\x44\x44\x44" "\x44\x44\x44\x44\x44\x44\x44\x44" "\x44\x44\x44\x44\x44\x44\x44\x44" "\x44\x44\x44\x44\x44\x44\x44\x44", - .ilen = 32, - .result = "\x96\x45\x8f\x8d\x7a\x75\xb1\xde" + .ctext = "\x96\x45\x8f\x8d\x7a\x75\xb1\xde" "\x40\x0c\x89\x56\xf6\x4d\xa7\x07" "\x38\xbb\x5b\xe9\xcd\x84\xae\xb2" "\x7b\x6a\x62\xf4\x8c\xb5\x37\xea", - .rlen = 32, + .len = 32, }, { .key = "\x27\x18\x28\x18\x28\x45\x90\x45" "\x23\x53\x60\x28\x74\x71\x35\x26" @@ -11220,7 +8416,7 @@ static const struct cipher_testvec tf_xts_enc_tv_template[] = { .klen = 32, .iv = "\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00", - .input = "\x00\x01\x02\x03\x04\x05\x06\x07" + .ptext = "\x00\x01\x02\x03\x04\x05\x06\x07" "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f" "\x10\x11\x12\x13\x14\x15\x16\x17" "\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f" @@ -11284,8 +8480,7 @@ static const struct cipher_testvec tf_xts_enc_tv_template[] = { "\xe8\xe9\xea\xeb\xec\xed\xee\xef" "\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7" "\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff", - .ilen = 512, - .result = "\xa9\x78\xae\x1e\xea\xa2\x44\x4c" + .ctext = "\xa9\x78\xae\x1e\xea\xa2\x44\x4c" "\xa2\x7a\x64\x1f\xaf\x46\xc1\xe0" "\x6c\xb2\xf3\x92\x9a\xd6\x7d\x58" "\xb8\x2d\xb9\x5d\x58\x07\x66\x50" @@ -11349,7 +8544,7 @@ static const struct cipher_testvec tf_xts_enc_tv_template[] = { "\x43\xc4\x46\x24\x22\x4f\x8f\x7e" "\xe5\xf4\x6d\x1e\x0e\x18\x7a\xbb" "\xa6\x8f\xfb\x49\x49\xd8\x7e\x5a", - .rlen = 512, + .len = 512, }, { .key = "\x27\x18\x28\x18\x28\x45\x90\x45" "\x23\x53\x60\x28\x74\x71\x35\x26" @@ -11362,7 +8557,7 @@ static const struct cipher_testvec tf_xts_enc_tv_template[] = { .klen = 64, .iv = "\xff\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00", - .input = "\x00\x01\x02\x03\x04\x05\x06\x07" + .ptext = "\x00\x01\x02\x03\x04\x05\x06\x07" "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f" "\x10\x11\x12\x13\x14\x15\x16\x17" "\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f" @@ -11426,8 +8621,7 @@ static const struct cipher_testvec tf_xts_enc_tv_template[] = { "\xe8\xe9\xea\xeb\xec\xed\xee\xef" "\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7" "\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff", - .ilen = 512, - .result = "\xd7\x4b\x93\x7d\x13\xa2\xa2\xe1" + .ctext = "\xd7\x4b\x93\x7d\x13\xa2\xa2\xe1" "\x35\x39\x71\x88\x76\x1e\xc9\xea" "\x86\xad\xf3\x14\x48\x3d\x5e\xe9" "\xe9\x2d\xb2\x56\x59\x35\x9d\xec" @@ -11491,350 +8685,7 @@ static const struct cipher_testvec tf_xts_enc_tv_template[] = { "\xf3\xea\x67\x52\x78\xc2\xce\x70" "\xa4\x05\x0b\xb2\xb3\xa8\x30\x97" "\x37\x30\xe1\x91\x8d\xb3\x2a\xff", - .rlen = 512, - .also_non_np = 1, - .np = 3, - .tap = { 512 - 20, 4, 16 }, - }, -}; - -static const struct cipher_testvec tf_xts_dec_tv_template[] = { - /* Generated from AES-XTS test vectors */ - /* same as enc vectors with input and result reversed */ - { - .key = "\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00", - .klen = 32, - .iv = "\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00", - .input = "\x4b\xc9\x44\x4a\x11\xa3\xef\xac" - "\x30\x74\xe4\x44\x52\x77\x97\x43" - "\xa7\x60\xb2\x45\x2e\xf9\x00\x90" - "\x9f\xaa\xfd\x89\x6e\x9d\x4a\xe0", - .ilen = 32, - .result = "\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00", - .rlen = 32, - }, { - .key = "\x11\x11\x11\x11\x11\x11\x11\x11" - "\x11\x11\x11\x11\x11\x11\x11\x11" - "\x22\x22\x22\x22\x22\x22\x22\x22" - "\x22\x22\x22\x22\x22\x22\x22\x22", - .klen = 32, - .iv = "\x33\x33\x33\x33\x33\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00", - .input = "\x57\x0e\x8f\xe5\x2a\x35\x61\x4f" - "\x32\xd3\xbd\x36\x05\x15\x44\x2c" - "\x58\x06\xf7\xf8\x00\xa8\xb6\xd5" - "\xc6\x28\x92\xdb\xd8\x34\xa2\xe9", - .ilen = 32, - .result = "\x44\x44\x44\x44\x44\x44\x44\x44" - "\x44\x44\x44\x44\x44\x44\x44\x44" - "\x44\x44\x44\x44\x44\x44\x44\x44" - "\x44\x44\x44\x44\x44\x44\x44\x44", - .rlen = 32, - }, { - .key = "\xff\xfe\xfd\xfc\xfb\xfa\xf9\xf8" - "\xf7\xf6\xf5\xf4\xf3\xf2\xf1\xf0" - "\x22\x22\x22\x22\x22\x22\x22\x22" - "\x22\x22\x22\x22\x22\x22\x22\x22", - .klen = 32, - .iv = "\x33\x33\x33\x33\x33\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00", - .input = "\x96\x45\x8f\x8d\x7a\x75\xb1\xde" - "\x40\x0c\x89\x56\xf6\x4d\xa7\x07" - "\x38\xbb\x5b\xe9\xcd\x84\xae\xb2" - "\x7b\x6a\x62\xf4\x8c\xb5\x37\xea", - .ilen = 32, - .result = "\x44\x44\x44\x44\x44\x44\x44\x44" - "\x44\x44\x44\x44\x44\x44\x44\x44" - "\x44\x44\x44\x44\x44\x44\x44\x44" - "\x44\x44\x44\x44\x44\x44\x44\x44", - .rlen = 32, - }, { - .key = "\x27\x18\x28\x18\x28\x45\x90\x45" - "\x23\x53\x60\x28\x74\x71\x35\x26" - "\x31\x41\x59\x26\x53\x58\x97\x93" - "\x23\x84\x62\x64\x33\x83\x27\x95", - .klen = 32, - .iv = "\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00", - .input = "\xa9\x78\xae\x1e\xea\xa2\x44\x4c" - "\xa2\x7a\x64\x1f\xaf\x46\xc1\xe0" - "\x6c\xb2\xf3\x92\x9a\xd6\x7d\x58" - "\xb8\x2d\xb9\x5d\x58\x07\x66\x50" - "\xea\x35\x35\x8c\xb2\x46\x61\x06" - "\x5d\x65\xfc\x57\x8f\x69\x74\xab" - "\x8a\x06\x69\xb5\x6c\xda\x66\xc7" - "\x52\x90\xbb\x8e\x6d\x8b\xb5\xa2" - "\x78\x1d\xc2\xa9\xc2\x73\x00\xc3" - "\x32\x36\x7c\x97\x6b\x4e\x8a\x50" - "\xe4\x91\x83\x96\x8f\xf4\x94\x1a" - "\xa6\x27\xe1\x33\xcb\x91\xc6\x5f" - "\x94\x75\xbc\xd7\x3e\x3e\x6f\x9e" - "\xa9\x31\x80\x5e\xe5\xdb\xc8\x53" - "\x01\x73\x68\x32\x25\x19\xfa\xfb" - "\xe4\xcf\xb9\x3e\xa2\xa0\x8f\x31" - "\xbf\x54\x06\x93\xa8\xb1\x0f\xb6" - "\x7c\x3c\xde\x6f\x0f\xfb\x0c\x11" - "\x39\x80\x39\x09\x97\x65\xf2\x83" - "\xae\xe6\xa1\x6f\x47\xb8\x49\xde" - "\x99\x36\x20\x7d\x97\x3b\xec\xfa" - "\xb4\x33\x6e\x7a\xc7\x46\x84\x49" - "\x91\xcd\xe1\x57\x0d\xed\x40\x08" - "\x13\xf1\x4e\x3e\xa4\xa4\x5c\xe6" - "\xd2\x0c\x20\x8f\x3e\xdf\x3f\x47" - "\x9a\x2f\xde\x6d\x66\xc9\x99\x4a" - "\x2d\x9e\x9d\x4b\x1a\x27\xa2\x12" - "\x99\xf0\xf8\xb1\xb6\xf6\x57\xc3" - "\xca\x1c\xa3\x8e\xed\x39\x28\xb5" - "\x10\x1b\x4b\x08\x42\x00\x4a\xd3" - "\xad\x5a\xc6\x8e\xc8\xbb\x95\xc4" - "\x4b\xaa\xfe\xd5\x42\xa8\xa3\x6d" - "\x3c\xf3\x34\x91\x2d\xb4\xdd\x20" - "\x0c\x90\x6d\xa3\x9b\x66\x9d\x24" - "\x02\xa6\xa9\x3f\x3f\x58\x5d\x47" - "\x24\x65\x63\x7e\xbd\x8c\xe6\x52" - "\x7d\xef\x33\x53\x63\xec\xaa\x0b" - "\x64\x15\xa9\xa6\x1f\x10\x00\x38" - "\x35\xa8\xe7\xbe\x23\x70\x22\xe0" - "\xd3\xb9\xe6\xfd\xe6\xaa\x03\x50" - "\xf3\x3c\x27\x36\x8b\xcc\xfe\x9c" - "\x9c\xa3\xb3\xe7\x68\x9b\xa2\x71" - "\xe0\x07\xd9\x1f\x68\x1f\xac\x5e" - "\x7a\x74\x85\xa9\x6a\x90\xab\x2c" - "\x38\x51\xbc\x1f\x43\x4a\x56\x1c" - "\xf8\x47\x03\x4e\x67\xa8\x1f\x99" - "\x04\x39\x73\x32\xb2\x86\x79\xe7" - "\x14\x28\x70\xb8\xe2\x7d\x69\x85" - "\xb6\x0f\xc5\xd0\xd0\x01\x5c\xe6" - "\x09\x0f\x75\xf7\xb6\x81\xd2\x11" - "\x20\x9c\xa1\xee\x11\x44\x79\xd0" - "\xb2\x34\x77\xda\x10\x9a\x6f\x6f" - "\xef\x7c\xd9\xdc\x35\xb7\x61\xdd" - "\xf1\xa4\xc6\x1c\xbf\x05\x22\xac" - "\xfe\x2f\x85\x00\x44\xdf\x33\x16" - "\x35\xb6\xa3\xd3\x70\xdf\x69\x35" - "\x6a\xc7\xb4\x99\x45\x27\xc8\x8e" - "\x5a\x14\x30\xd0\x55\x3e\x4f\x64" - "\x0d\x38\xe3\xdf\x8b\xa8\x93\x26" - "\x75\xae\xf6\xb5\x23\x0b\x17\x31" - "\xbf\x27\xb8\xb5\x94\x31\xa7\x8f" - "\x43\xc4\x46\x24\x22\x4f\x8f\x7e" - "\xe5\xf4\x6d\x1e\x0e\x18\x7a\xbb" - "\xa6\x8f\xfb\x49\x49\xd8\x7e\x5a", - .ilen = 512, - .result = "\x00\x01\x02\x03\x04\x05\x06\x07" - "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f" - "\x10\x11\x12\x13\x14\x15\x16\x17" - "\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f" - "\x20\x21\x22\x23\x24\x25\x26\x27" - "\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f" - "\x30\x31\x32\x33\x34\x35\x36\x37" - "\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f" - "\x40\x41\x42\x43\x44\x45\x46\x47" - "\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f" - "\x50\x51\x52\x53\x54\x55\x56\x57" - "\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f" - "\x60\x61\x62\x63\x64\x65\x66\x67" - "\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f" - "\x70\x71\x72\x73\x74\x75\x76\x77" - "\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f" - "\x80\x81\x82\x83\x84\x85\x86\x87" - "\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f" - "\x90\x91\x92\x93\x94\x95\x96\x97" - "\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f" - "\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7" - "\xa8\xa9\xaa\xab\xac\xad\xae\xaf" - "\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7" - "\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf" - "\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7" - "\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf" - "\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7" - "\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf" - "\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7" - "\xe8\xe9\xea\xeb\xec\xed\xee\xef" - "\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7" - "\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff" - "\x00\x01\x02\x03\x04\x05\x06\x07" - "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f" - "\x10\x11\x12\x13\x14\x15\x16\x17" - "\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f" - "\x20\x21\x22\x23\x24\x25\x26\x27" - "\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f" - "\x30\x31\x32\x33\x34\x35\x36\x37" - "\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f" - "\x40\x41\x42\x43\x44\x45\x46\x47" - "\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f" - "\x50\x51\x52\x53\x54\x55\x56\x57" - "\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f" - "\x60\x61\x62\x63\x64\x65\x66\x67" - "\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f" - "\x70\x71\x72\x73\x74\x75\x76\x77" - "\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f" - "\x80\x81\x82\x83\x84\x85\x86\x87" - "\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f" - "\x90\x91\x92\x93\x94\x95\x96\x97" - "\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f" - "\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7" - "\xa8\xa9\xaa\xab\xac\xad\xae\xaf" - "\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7" - "\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf" - "\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7" - "\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf" - "\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7" - "\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf" - "\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7" - "\xe8\xe9\xea\xeb\xec\xed\xee\xef" - "\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7" - "\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff", - .rlen = 512, - }, { - .key = "\x27\x18\x28\x18\x28\x45\x90\x45" - "\x23\x53\x60\x28\x74\x71\x35\x26" - "\x62\x49\x77\x57\x24\x70\x93\x69" - "\x99\x59\x57\x49\x66\x96\x76\x27" - "\x31\x41\x59\x26\x53\x58\x97\x93" - "\x23\x84\x62\x64\x33\x83\x27\x95" - "\x02\x88\x41\x97\x16\x93\x99\x37" - "\x51\x05\x82\x09\x74\x94\x45\x92", - .klen = 64, - .iv = "\xff\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00", - .input = "\xd7\x4b\x93\x7d\x13\xa2\xa2\xe1" - "\x35\x39\x71\x88\x76\x1e\xc9\xea" - "\x86\xad\xf3\x14\x48\x3d\x5e\xe9" - "\xe9\x2d\xb2\x56\x59\x35\x9d\xec" - "\x84\xfa\x7e\x9d\x6d\x33\x36\x8f" - "\xce\xf4\xa9\x21\x0b\x5f\x96\xec" - "\xcb\xf9\x57\x68\x33\x88\x39\xbf" - "\x2f\xbb\x59\x03\xbd\x66\x8b\x11" - "\x11\x65\x51\x2e\xb8\x67\x05\xd1" - "\x27\x11\x5c\xd4\xcc\x97\xc2\xb3" - "\xa9\x55\xaf\x07\x56\xd1\xdc\xf5" - "\x85\xdc\x46\xe6\xf0\x24\xeb\x93" - "\x4d\xf0\x9b\xf5\x73\x1c\xda\x03" - "\x22\xc8\x3a\x4f\xb4\x19\x91\x09" - "\x54\x0b\xf6\xfe\x17\x3d\x1a\x53" - "\x72\x60\x79\xcb\x0e\x32\x8a\x77" - "\xd5\xed\xdb\x33\xd7\x62\x16\x69" - "\x63\xe0\xab\xb5\xf6\x9c\x5f\x3d" - "\x69\x35\x61\x86\xf8\x86\xb9\x89" - "\x6e\x59\x35\xac\xf6\x6b\x33\xa0" - "\xea\xef\x96\x62\xd8\xa9\xcf\x56" - "\xbf\xdb\x8a\xfd\xa1\x82\x77\x73" - "\x3d\x94\x4a\x49\x42\x6d\x08\x60" - "\xa1\xea\xab\xb6\x88\x13\x94\xb8" - "\x51\x98\xdb\x35\x85\xdf\xf6\xb9" - "\x8f\xcd\xdf\x80\xd3\x40\x2d\x72" - "\xb8\xb2\x6c\x02\x43\x35\x22\x2a" - "\x31\xed\xcd\x16\x19\xdf\x62\x0f" - "\x29\xcf\x87\x04\xec\x02\x4f\xe4" - "\xa2\xed\x73\xc6\x69\xd3\x7e\x89" - "\x0b\x76\x10\x7c\xd6\xf9\x6a\x25" - "\xed\xcc\x60\x5d\x61\x20\xc1\x97" - "\x56\x91\x57\x28\xbe\x71\x0d\xcd" - "\xde\xc4\x9e\x55\x91\xbe\xd1\x28" - "\x9b\x90\xeb\x73\xf3\x68\x51\xc6" - "\xdf\x82\xcc\xd8\x1f\xce\x5b\x27" - "\xc0\x60\x5e\x33\xd6\xa7\x20\xea" - "\xb2\x54\xc7\x5d\x6a\x3b\x67\x47" - "\xcf\xa0\xe3\xab\x86\xaf\xc1\x42" - "\xe6\xb0\x23\x4a\xaf\x53\xdf\xa0" - "\xad\x12\x32\x31\x03\xf7\x21\xbe" - "\x2d\xd5\x82\x42\xb6\x4a\x3d\xcd" - "\xd8\x81\x77\xa9\x49\x98\x6c\x09" - "\xc5\xa3\x61\x12\x62\x85\x6b\xcd" - "\xb3\xf4\x20\x0c\x41\xc4\x05\x37" - "\x46\x5f\xeb\x71\x8b\xf1\xaf\x6e" - "\xba\xf3\x50\x2e\xfe\xa8\x37\xeb" - "\xe8\x8c\x4f\xa4\x0c\xf1\x31\xc8" - "\x6e\x71\x4f\xa5\xd7\x97\x73\xe0" - "\x93\x4a\x2f\xda\x7b\xe0\x20\x54" - "\x1f\x8d\x85\x79\x0b\x7b\x5e\x75" - "\xb9\x07\x67\xcc\xc8\xe7\x21\x15" - "\xa7\xc8\x98\xff\x4b\x80\x1c\x12" - "\xa8\x54\xe1\x38\x52\xe6\x74\x81" - "\x97\x47\xa1\x41\x0e\xc0\x50\xe3" - "\x55\x0e\xc3\xa7\x70\x77\xce\x07" - "\xed\x8c\x88\xe6\xa1\x5b\x14\xec" - "\xe6\xde\x06\x6d\x74\xc5\xd9\xfa" - "\xe5\x2f\x5a\xff\xc8\x05\xee\x27" - "\x35\x61\xbf\x0b\x19\x78\x9b\xd2" - "\x04\xc7\x05\xb1\x79\xb4\xff\x5f" - "\xf3\xea\x67\x52\x78\xc2\xce\x70" - "\xa4\x05\x0b\xb2\xb3\xa8\x30\x97" - "\x37\x30\xe1\x91\x8d\xb3\x2a\xff", - .ilen = 512, - .result = "\x00\x01\x02\x03\x04\x05\x06\x07" - "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f" - "\x10\x11\x12\x13\x14\x15\x16\x17" - "\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f" - "\x20\x21\x22\x23\x24\x25\x26\x27" - "\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f" - "\x30\x31\x32\x33\x34\x35\x36\x37" - "\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f" - "\x40\x41\x42\x43\x44\x45\x46\x47" - "\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f" - "\x50\x51\x52\x53\x54\x55\x56\x57" - "\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f" - "\x60\x61\x62\x63\x64\x65\x66\x67" - "\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f" - "\x70\x71\x72\x73\x74\x75\x76\x77" - "\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f" - "\x80\x81\x82\x83\x84\x85\x86\x87" - "\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f" - "\x90\x91\x92\x93\x94\x95\x96\x97" - "\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f" - "\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7" - "\xa8\xa9\xaa\xab\xac\xad\xae\xaf" - "\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7" - "\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf" - "\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7" - "\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf" - "\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7" - "\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf" - "\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7" - "\xe8\xe9\xea\xeb\xec\xed\xee\xef" - "\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7" - "\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff" - "\x00\x01\x02\x03\x04\x05\x06\x07" - "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f" - "\x10\x11\x12\x13\x14\x15\x16\x17" - "\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f" - "\x20\x21\x22\x23\x24\x25\x26\x27" - "\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f" - "\x30\x31\x32\x33\x34\x35\x36\x37" - "\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f" - "\x40\x41\x42\x43\x44\x45\x46\x47" - "\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f" - "\x50\x51\x52\x53\x54\x55\x56\x57" - "\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f" - "\x60\x61\x62\x63\x64\x65\x66\x67" - "\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f" - "\x70\x71\x72\x73\x74\x75\x76\x77" - "\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f" - "\x80\x81\x82\x83\x84\x85\x86\x87" - "\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f" - "\x90\x91\x92\x93\x94\x95\x96\x97" - "\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f" - "\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7" - "\xa8\xa9\xaa\xab\xac\xad\xae\xaf" - "\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7" - "\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf" - "\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7" - "\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf" - "\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7" - "\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf" - "\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7" - "\xe8\xe9\xea\xeb\xec\xed\xee\xef" - "\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7" - "\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff", - .rlen = 512, + .len = 512, .also_non_np = 1, .np = 3, .tap = { 512 - 20, 4, 16 }, @@ -11845,51 +8696,47 @@ static const struct cipher_testvec tf_xts_dec_tv_template[] = { * Serpent test vectors. These are backwards because Serpent writes * octet sequences in right-to-left mode. */ -static const struct cipher_testvec serpent_enc_tv_template[] = { +static const struct cipher_testvec serpent_tv_template[] = { { - .input = "\x00\x01\x02\x03\x04\x05\x06\x07" + .ptext = "\x00\x01\x02\x03\x04\x05\x06\x07" "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f", - .ilen = 16, - .result = "\x12\x07\xfc\xce\x9b\xd0\xd6\x47" + .ctext = "\x12\x07\xfc\xce\x9b\xd0\xd6\x47" "\x6a\xe9\x8f\xbe\xd1\x43\xa0\xe2", - .rlen = 16, + .len = 16, }, { .key = "\x00\x01\x02\x03\x04\x05\x06\x07" "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f", .klen = 16, - .input = "\x00\x01\x02\x03\x04\x05\x06\x07" + .ptext = "\x00\x01\x02\x03\x04\x05\x06\x07" "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f", - .ilen = 16, - .result = "\x4c\x7d\x8a\x32\x80\x72\xa2\x2c" + .ctext = "\x4c\x7d\x8a\x32\x80\x72\xa2\x2c" "\x82\x3e\x4a\x1f\x3a\xcd\xa1\x6d", - .rlen = 16, + .len = 16, }, { .key = "\x00\x01\x02\x03\x04\x05\x06\x07" "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f" "\x10\x11\x12\x13\x14\x15\x16\x17" "\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f", .klen = 32, - .input = "\x00\x01\x02\x03\x04\x05\x06\x07" + .ptext = "\x00\x01\x02\x03\x04\x05\x06\x07" "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f", - .ilen = 16, - .result = "\xde\x26\x9f\xf8\x33\xe4\x32\xb8" + .ctext = "\xde\x26\x9f\xf8\x33\xe4\x32\xb8" "\x5b\x2e\x88\xd2\x70\x1c\xe7\x5c", - .rlen = 16, + .len = 16, }, { .key = "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80", .klen = 16, - .input = zeroed_string, - .ilen = 16, - .result = "\xdd\xd2\x6b\x98\xa5\xff\xd8\x2c" + .ptext = zeroed_string, + .ctext = "\xdd\xd2\x6b\x98\xa5\xff\xd8\x2c" "\x05\x34\x5a\x9d\xad\xbf\xaf\x49", - .rlen = 16, + .len = 16, }, { /* Generated with Crypto++ */ .key = "\x85\x62\x3F\x1C\xF9\xD6\x1C\xF9" "\xD6\xB3\x90\x6D\x4A\x90\x6D\x4A" "\x27\x04\xE1\x27\x04\xE1\xBE\x9B" "\x78\xBE\x9B\x78\x55\x32\x0F\x55", .klen = 32, - .input = "\x56\xED\x84\x1B\x8F\x26\xBD\x31" + .ptext = "\x56\xED\x84\x1B\x8F\x26\xBD\x31" "\xC8\x5F\xF6\x6A\x01\x98\x0C\xA3" "\x3A\xD1\x45\xDC\x73\x0A\x7E\x15" "\xAC\x20\xB7\x4E\xE5\x59\xF0\x87" @@ -11951,8 +8798,7 @@ static const struct cipher_testvec serpent_enc_tv_template[] = { "\xF8\x8F\x03\x9A\x31\xC8\x3C\xD3" "\x6A\x01\x75\x0C\xA3\x17\xAE\x45" "\xDC\x50\xE7\x7E\x15\x89\x20\xB7", - .ilen = 496, - .result = "\xFB\xB0\x5D\xDE\xC0\xFE\xFC\xEB" + .ctext = "\xFB\xB0\x5D\xDE\xC0\xFE\xFC\xEB" "\xB1\x80\x10\x43\xDE\x62\x70\xBD" "\xFA\x8A\x93\xEA\x6B\xF7\xC5\xD7" "\x0C\xD1\xBB\x29\x25\x14\x4C\x22" @@ -12014,281 +8860,93 @@ static const struct cipher_testvec serpent_enc_tv_template[] = { "\x34\xC1\xC9\xF2\x28\x4A\xCD\x02" "\x75\x55\x9B\xFF\x36\x73\xAB\x7C" "\xF4\x46\x2E\xEB\xAC\xF3\xD2\xB7", - .rlen = 496, + .len = 496, .also_non_np = 1, .np = 3, .tap = { 496 - 20, 4, 16 }, }, }; -static const struct cipher_testvec tnepres_enc_tv_template[] = { +static const struct cipher_testvec tnepres_tv_template[] = { + { /* KeySize=0 */ + .ptext = "\x00\x01\x02\x03\x04\x05\x06\x07" + "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f", + .ctext = "\x41\xcc\x6b\x31\x59\x31\x45\x97" + "\x6d\x6f\xbb\x38\x4b\x37\x21\x28", + .len = 16, + }, { /* KeySize=128, PT=0, I=1 */ - .input = "\x00\x00\x00\x00\x00\x00\x00\x00" + .ptext = "\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00", .key = "\x80\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00", .klen = 16, - .ilen = 16, - .result = "\x49\xaf\xbf\xad\x9d\x5a\x34\x05" + .ctext = "\x49\xaf\xbf\xad\x9d\x5a\x34\x05" "\x2c\xd8\xff\xa5\x98\x6b\xd2\xdd", - .rlen = 16, + .len = 16, + }, { /* KeySize=128 */ + .key = "\x00\x01\x02\x03\x04\x05\x06\x07" + "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f", + .klen = 16, + .ptext = "\x00\x01\x02\x03\x04\x05\x06\x07" + "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f", + .ctext = "\xea\xf4\xd7\xfc\xd8\x01\x34\x47" + "\x81\x45\x0b\xfa\x0c\xd6\xad\x6e", + .len = 16, + }, { /* KeySize=128, I=121 */ + .key = "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80", + .klen = 16, + .ptext = zeroed_string, + .ctext = "\x3d\xda\xbf\xc0\x06\xda\xab\x06" + "\x46\x2a\xf4\xef\x81\x54\x4e\x26", + .len = 16, }, { /* KeySize=192, PT=0, I=1 */ .key = "\x80\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00", .klen = 24, - .input = "\x00\x00\x00\x00\x00\x00\x00\x00" + .ptext = "\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00", - .ilen = 16, - .result = "\xe7\x8e\x54\x02\xc7\x19\x55\x68" + .ctext = "\xe7\x8e\x54\x02\xc7\x19\x55\x68" "\xac\x36\x78\xf7\xa3\xf6\x0c\x66", - .rlen = 16, + .len = 16, }, { /* KeySize=256, PT=0, I=1 */ .key = "\x80\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00", .klen = 32, - .input = "\x00\x00\x00\x00\x00\x00\x00\x00" + .ptext = "\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00", - .ilen = 16, - .result = "\xab\xed\x96\xe7\x66\xbf\x28\xcb" + .ctext = "\xab\xed\x96\xe7\x66\xbf\x28\xcb" "\xc0\xeb\xd2\x1a\x82\xef\x08\x19", - .rlen = 16, + .len = 16, }, { /* KeySize=256, I=257 */ .key = "\x1f\x1e\x1d\x1c\x1b\x1a\x19\x18" "\x17\x16\x15\x14\x13\x12\x11\x10" "\x0f\x0e\x0d\x0c\x0b\x0a\x09\x08" "\x07\x06\x05\x04\x03\x02\x01\x00", .klen = 32, - .input = "\x0f\x0e\x0d\x0c\x0b\x0a\x09\x08" + .ptext = "\x0f\x0e\x0d\x0c\x0b\x0a\x09\x08" "\x07\x06\x05\x04\x03\x02\x01\x00", - .ilen = 16, - .result = "\x5c\xe7\x1c\x70\xd2\x88\x2e\x5b" + .ctext = "\x5c\xe7\x1c\x70\xd2\x88\x2e\x5b" "\xb8\x32\xe4\x33\xf8\x9f\x26\xde", - .rlen = 16, - }, -}; - - -static const struct cipher_testvec serpent_dec_tv_template[] = { - { - .input = "\x12\x07\xfc\xce\x9b\xd0\xd6\x47" - "\x6a\xe9\x8f\xbe\xd1\x43\xa0\xe2", - .ilen = 16, - .result = "\x00\x01\x02\x03\x04\x05\x06\x07" - "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f", - .rlen = 16, - }, { - .key = "\x00\x01\x02\x03\x04\x05\x06\x07" - "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f", - .klen = 16, - .input = "\x4c\x7d\x8a\x32\x80\x72\xa2\x2c" - "\x82\x3e\x4a\x1f\x3a\xcd\xa1\x6d", - .ilen = 16, - .result = "\x00\x01\x02\x03\x04\x05\x06\x07" - "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f", - .rlen = 16, - }, { + .len = 16, + }, { /* KeySize=256 */ .key = "\x00\x01\x02\x03\x04\x05\x06\x07" "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f" "\x10\x11\x12\x13\x14\x15\x16\x17" "\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f", .klen = 32, - .input = "\xde\x26\x9f\xf8\x33\xe4\x32\xb8" - "\x5b\x2e\x88\xd2\x70\x1c\xe7\x5c", - .ilen = 16, - .result = "\x00\x01\x02\x03\x04\x05\x06\x07" - "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f", - .rlen = 16, - }, { - .key = "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80", - .klen = 16, - .input = "\xdd\xd2\x6b\x98\xa5\xff\xd8\x2c" - "\x05\x34\x5a\x9d\xad\xbf\xaf\x49", - .ilen = 16, - .result = zeroed_string, - .rlen = 16, - }, { /* Generated with Crypto++ */ - .key = "\x85\x62\x3F\x1C\xF9\xD6\x1C\xF9" - "\xD6\xB3\x90\x6D\x4A\x90\x6D\x4A" - "\x27\x04\xE1\x27\x04\xE1\xBE\x9B" - "\x78\xBE\x9B\x78\x55\x32\x0F\x55", - .klen = 32, - .input = "\xFB\xB0\x5D\xDE\xC0\xFE\xFC\xEB" - "\xB1\x80\x10\x43\xDE\x62\x70\xBD" - "\xFA\x8A\x93\xEA\x6B\xF7\xC5\xD7" - "\x0C\xD1\xBB\x29\x25\x14\x4C\x22" - "\x77\xA6\x38\x00\xDB\xB9\xE2\x07" - "\xD1\xAC\x82\xBA\xEA\x67\xAA\x39" - "\x99\x34\x89\x5B\x54\xE9\x12\x13" - "\x3B\x04\xE5\x12\x42\xC5\x79\xAB" - "\x0D\xC7\x3C\x58\x2D\xA3\x98\xF6" - "\xE4\x61\x9E\x17\x0B\xCE\xE8\xAA" - "\xB5\x6C\x1A\x3A\x67\x52\x81\x6A" - "\x04\xFF\x8A\x1B\x96\xFE\xE6\x87" - "\x3C\xD4\x39\x7D\x36\x9B\x03\xD5" - "\xB6\xA0\x75\x3C\x83\xE6\x1C\x73" - "\x9D\x74\x2B\x77\x53\x2D\xE5\xBD" - "\x69\xDA\x7A\x01\xF5\x6A\x70\x39" - "\x30\xD4\x2C\xF2\x8E\x06\x4B\x39" - "\xB3\x12\x1D\xB3\x17\x46\xE6\xD6" - "\xB6\x31\x36\x34\x38\x3C\x1D\x69" - "\x9F\x47\x28\x9A\x1D\x96\x70\x54" - "\x8E\x88\xCB\xE0\xF5\x6A\xAE\x0A" - "\x3C\xD5\x93\x1C\x21\xC9\x14\x3A" - "\x23\x9C\x9B\x79\xC7\x75\xC8\x39" - "\xA6\xAC\x65\x9A\x99\x37\xAF\x6D" - "\xBD\xB5\x32\xFD\xD8\x9C\x95\x7B" - "\xC6\x6A\x80\x64\xEA\xEF\x6D\x3F" - "\xA9\xFE\x5B\x16\xA3\xCF\x32\xC8" - "\xEF\x50\x22\x20\x93\x30\xBE\xE2" - "\x38\x05\x65\xAF\xBA\xB6\xE4\x72" - "\xA9\xEE\x05\x42\x88\xBD\x9D\x49" - "\xAD\x93\xCA\x4D\x45\x11\x43\x4D" - "\xB8\xF5\x74\x2B\x48\xE7\x21\xE4" - "\x4E\x3A\x4C\xDE\x65\x7A\x5A\xAD" - "\x86\xE6\x23\xEC\x6B\xA7\x17\xE6" - "\xF6\xA1\xAC\x29\xAE\xF9\x9B\x69" - "\x73\x65\x65\x51\xD6\x0B\x4E\x8C" - "\x17\x15\x9D\xB0\xCF\xB2\x42\x2B" - "\x51\xC3\x03\xE8\xB7\x7D\x2D\x39" - "\xE8\x10\x93\x16\xC8\x68\x4C\x60" - "\x87\x70\x14\xD0\x01\x57\xCB\x42" - "\x13\x59\xB1\x7F\x12\x4F\xBB\xC7" - "\xBD\x2B\xD4\xA9\x12\x26\x4F\xDE" - "\xFD\x72\xEC\xD7\x6F\x97\x14\x90" - "\x0E\x37\x13\xE6\x67\x1D\xE5\xFE" - "\x9E\x18\x3C\x8F\x3A\x3F\x59\x9B" - "\x71\x80\x05\x35\x3F\x40\x0B\x21" - "\x76\xE5\xEF\x42\x6C\xDB\x31\x05" - "\x5F\x05\xCF\x14\xE3\xF0\x61\xA2" - "\x49\x03\x5E\x77\x2E\x20\xBA\xA1" - "\xAF\x46\x51\xC0\x2B\xC4\x64\x1E" - "\x65\xCC\x51\x58\x0A\xDF\xF0\x5F" - "\x75\x9F\x48\xCD\x81\xEC\xC3\xF6" - "\xED\xC9\x4B\x7B\x4E\x26\x23\xE1" - "\xBB\xE9\x83\x0B\xCF\xE4\xDE\x00" - "\x48\xFF\xBF\x6C\xB4\x72\x16\xEF" - "\xC7\x46\xEE\x48\x8C\xB8\xAF\x45" - "\x91\x76\xE7\x6E\x65\x3D\x15\x86" - "\x10\xF8\xDB\x66\x97\x7C\x43\x4D" - "\x79\x12\x4E\xCE\x06\xD1\xD1\x6A" - "\x34\xC1\xC9\xF2\x28\x4A\xCD\x02" - "\x75\x55\x9B\xFF\x36\x73\xAB\x7C" - "\xF4\x46\x2E\xEB\xAC\xF3\xD2\xB7", - .ilen = 496, - .result = "\x56\xED\x84\x1B\x8F\x26\xBD\x31" - "\xC8\x5F\xF6\x6A\x01\x98\x0C\xA3" - "\x3A\xD1\x45\xDC\x73\x0A\x7E\x15" - "\xAC\x20\xB7\x4E\xE5\x59\xF0\x87" - "\x1E\x92\x29\xC0\x34\xCB\x62\xF9" - "\x6D\x04\x9B\x0F\xA6\x3D\xD4\x48" - "\xDF\x76\x0D\x81\x18\xAF\x23\xBA" - "\x51\xE8\x5C\xF3\x8A\x21\x95\x2C" - "\xC3\x37\xCE\x65\xFC\x70\x07\x9E" - "\x12\xA9\x40\xD7\x4B\xE2\x79\x10" - "\x84\x1B\xB2\x26\xBD\x54\xEB\x5F" - "\xF6\x8D\x01\x98\x2F\xC6\x3A\xD1" - "\x68\xFF\x73\x0A\xA1\x15\xAC\x43" - "\xDA\x4E\xE5\x7C\x13\x87\x1E\xB5" - "\x29\xC0\x57\xEE\x62\xF9\x90\x04" - "\x9B\x32\xC9\x3D\xD4\x6B\x02\x76" - "\x0D\xA4\x18\xAF\x46\xDD\x51\xE8" - "\x7F\x16\x8A\x21\xB8\x2C\xC3\x5A" - "\xF1\x65\xFC\x93\x07\x9E\x35\xCC" - "\x40\xD7\x6E\x05\x79\x10\xA7\x1B" - "\xB2\x49\xE0\x54\xEB\x82\x19\x8D" - "\x24\xBB\x2F\xC6\x5D\xF4\x68\xFF" - "\x96\x0A\xA1\x38\xCF\x43\xDA\x71" - "\x08\x7C\x13\xAA\x1E\xB5\x4C\xE3" - "\x57\xEE\x85\x1C\x90\x27\xBE\x32" - "\xC9\x60\xF7\x6B\x02\x99\x0D\xA4" - "\x3B\xD2\x46\xDD\x74\x0B\x7F\x16" - "\xAD\x21\xB8\x4F\xE6\x5A\xF1\x88" - "\x1F\x93\x2A\xC1\x35\xCC\x63\xFA" - "\x6E\x05\x9C\x10\xA7\x3E\xD5\x49" - "\xE0\x77\x0E\x82\x19\xB0\x24\xBB" - "\x52\xE9\x5D\xF4\x8B\x22\x96\x2D" - "\xC4\x38\xCF\x66\xFD\x71\x08\x9F" - "\x13\xAA\x41\xD8\x4C\xE3\x7A\x11" - "\x85\x1C\xB3\x27\xBE\x55\xEC\x60" - "\xF7\x8E\x02\x99\x30\xC7\x3B\xD2" - "\x69\x00\x74\x0B\xA2\x16\xAD\x44" - "\xDB\x4F\xE6\x7D\x14\x88\x1F\xB6" - "\x2A\xC1\x58\xEF\x63\xFA\x91\x05" - "\x9C\x33\xCA\x3E\xD5\x6C\x03\x77" - "\x0E\xA5\x19\xB0\x47\xDE\x52\xE9" - "\x80\x17\x8B\x22\xB9\x2D\xC4\x5B" - "\xF2\x66\xFD\x94\x08\x9F\x36\xCD" - "\x41\xD8\x6F\x06\x7A\x11\xA8\x1C" - "\xB3\x4A\xE1\x55\xEC\x83\x1A\x8E" - "\x25\xBC\x30\xC7\x5E\xF5\x69\x00" - "\x97\x0B\xA2\x39\xD0\x44\xDB\x72" - "\x09\x7D\x14\xAB\x1F\xB6\x4D\xE4" - "\x58\xEF\x86\x1D\x91\x28\xBF\x33" - "\xCA\x61\xF8\x6C\x03\x9A\x0E\xA5" - "\x3C\xD3\x47\xDE\x75\x0C\x80\x17" - "\xAE\x22\xB9\x50\xE7\x5B\xF2\x89" - "\x20\x94\x2B\xC2\x36\xCD\x64\xFB" - "\x6F\x06\x9D\x11\xA8\x3F\xD6\x4A" - "\xE1\x78\x0F\x83\x1A\xB1\x25\xBC" - "\x53\xEA\x5E\xF5\x8C\x00\x97\x2E" - "\xC5\x39\xD0\x67\xFE\x72\x09\xA0" - "\x14\xAB\x42\xD9\x4D\xE4\x7B\x12" - "\x86\x1D\xB4\x28\xBF\x56\xED\x61" - "\xF8\x8F\x03\x9A\x31\xC8\x3C\xD3" - "\x6A\x01\x75\x0C\xA3\x17\xAE\x45" - "\xDC\x50\xE7\x7E\x15\x89\x20\xB7", - .rlen = 496, - .also_non_np = 1, - .np = 3, - .tap = { 496 - 20, 4, 16 }, - }, -}; - -static const struct cipher_testvec tnepres_dec_tv_template[] = { - { - .input = "\x41\xcc\x6b\x31\x59\x31\x45\x97" - "\x6d\x6f\xbb\x38\x4b\x37\x21\x28", - .ilen = 16, - .result = "\x00\x01\x02\x03\x04\x05\x06\x07" - "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f", - .rlen = 16, - }, { - .key = "\x00\x01\x02\x03\x04\x05\x06\x07" - "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f", - .klen = 16, - .input = "\xea\xf4\xd7\xfc\xd8\x01\x34\x47" - "\x81\x45\x0b\xfa\x0c\xd6\xad\x6e", - .ilen = 16, - .result = "\x00\x01\x02\x03\x04\x05\x06\x07" + .ptext = "\x00\x01\x02\x03\x04\x05\x06\x07" "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f", - .rlen = 16, - }, { - .key = "\x00\x01\x02\x03\x04\x05\x06\x07" - "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f" - "\x10\x11\x12\x13\x14\x15\x16\x17" - "\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f", - .klen = 32, - .input = "\x64\xa9\x1a\x37\xed\x9f\xe7\x49" + .ctext = "\x64\xa9\x1a\x37\xed\x9f\xe7\x49" "\xa8\x4e\x76\xd6\xf5\x0d\x78\xee", - .ilen = 16, - .result = "\x00\x01\x02\x03\x04\x05\x06\x07" - "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f", - .rlen = 16, - }, { /* KeySize=128, I=121 */ - .key = "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80", - .klen = 16, - .input = "\x3d\xda\xbf\xc0\x06\xda\xab\x06" - "\x46\x2a\xf4\xef\x81\x54\x4e\x26", - .ilen = 16, - .result = zeroed_string, - .rlen = 16, - }, + .len = 16, + } }; -static const struct cipher_testvec serpent_cbc_enc_tv_template[] = { +static const struct cipher_testvec serpent_cbc_tv_template[] = { { /* Generated with Crypto++ */ .key = "\x85\x62\x3F\x1C\xF9\xD6\x1C\xF9" "\xD6\xB3\x90\x6D\x4A\x90\x6D\x4A" @@ -12297,7 +8955,7 @@ static const struct cipher_testvec serpent_cbc_enc_tv_template[] = { .klen = 32, .iv = "\xE2\x24\x89\xEE\x53\xB8\x1D\x5F" "\xC4\x29\x8E\xF3\x35\x9A\xFF\x64", - .input = "\x56\xED\x84\x1B\x8F\x26\xBD\x31" + .ptext = "\x56\xED\x84\x1B\x8F\x26\xBD\x31" "\xC8\x5F\xF6\x6A\x01\x98\x0C\xA3" "\x3A\xD1\x45\xDC\x73\x0A\x7E\x15" "\xAC\x20\xB7\x4E\xE5\x59\xF0\x87" @@ -12359,8 +9017,7 @@ static const struct cipher_testvec serpent_cbc_enc_tv_template[] = { "\xF8\x8F\x03\x9A\x31\xC8\x3C\xD3" "\x6A\x01\x75\x0C\xA3\x17\xAE\x45" "\xDC\x50\xE7\x7E\x15\x89\x20\xB7", - .ilen = 496, - .result = "\x80\xCF\x11\x41\x1A\xB9\x4B\x9C" + .ctext = "\x80\xCF\x11\x41\x1A\xB9\x4B\x9C" "\xFF\xB7\x6C\xEA\xF0\xAF\x77\x6E" "\x71\x75\x95\x9D\x4E\x1C\xCF\xAD" "\x81\x34\xE9\x8F\xAE\x5A\x91\x1C" @@ -12422,155 +9079,14 @@ static const struct cipher_testvec serpent_cbc_enc_tv_template[] = { "\x02\xC4\xAF\xFA\xAD\x31\xF4\xBF" "\xFC\x66\xAA\x37\xF2\x37\x39\x6B" "\xBC\x08\x3A\xA2\x29\xB3\xDF\xD1", - .rlen = 496, - .also_non_np = 1, - .np = 3, - .tap = { 496 - 20, 4, 16 }, - }, -}; - -static const struct cipher_testvec serpent_cbc_dec_tv_template[] = { - { /* Generated with Crypto++ */ - .key = "\x85\x62\x3F\x1C\xF9\xD6\x1C\xF9" - "\xD6\xB3\x90\x6D\x4A\x90\x6D\x4A" - "\x27\x04\xE1\x27\x04\xE1\xBE\x9B" - "\x78\xBE\x9B\x78\x55\x32\x0F\x55", - .klen = 32, - .iv = "\xE2\x24\x89\xEE\x53\xB8\x1D\x5F" - "\xC4\x29\x8E\xF3\x35\x9A\xFF\x64", - .input = "\x80\xCF\x11\x41\x1A\xB9\x4B\x9C" - "\xFF\xB7\x6C\xEA\xF0\xAF\x77\x6E" - "\x71\x75\x95\x9D\x4E\x1C\xCF\xAD" - "\x81\x34\xE9\x8F\xAE\x5A\x91\x1C" - "\x38\x63\x35\x7E\x79\x18\x0A\xE8" - "\x67\x06\x76\xD5\xFF\x22\x2F\xDA" - "\xB6\x2D\x57\x13\xB6\x3C\xBC\x97" - "\xFE\x53\x75\x35\x97\x7F\x51\xEA" - "\xDF\x5D\xE8\x9D\xCC\xD9\xAE\xE7" - "\x62\x67\xFF\x04\xC2\x18\x22\x5F" - "\x2E\x06\xC1\xE2\x26\xCD\xC6\x1E" - "\xE5\x2C\x4E\x87\x23\xDD\xF0\x41" - "\x08\xA5\xB4\x3E\x07\x1E\x0B\xBB" - "\x72\x84\xF8\x0A\x3F\x38\x5E\x91" - "\x15\x26\xE1\xDB\xA4\x3D\x74\xD2" - "\x41\x1E\x3F\xA9\xC6\x7D\x2A\xAB" - "\x27\xDF\x89\x1D\x86\x3E\xF7\x5A" - "\xF6\xE3\x0F\xC7\x6B\x4C\x96\x7C" - "\x2D\x12\xA5\x05\x92\xCB\xD7\x4A" - "\x4D\x1E\x88\x21\xE1\x63\xB4\xFC" - "\x4A\xF2\xCD\x35\xB9\xD7\x70\x97" - "\x5A\x5E\x7E\x96\x52\x20\xDC\x25" - "\xE9\x6B\x36\xB4\xE0\x98\x85\x2C" - "\x3C\xD2\xF7\x78\x8A\x73\x26\x9B" - "\xAF\x0B\x11\xE8\x4D\x67\x23\xE9" - "\x77\xDF\x58\xF6\x6F\x9E\xA4\xC5" - "\x10\xA1\x82\x0E\x80\xA0\x8F\x4B" - "\xA1\xC0\x12\x54\x4E\xC9\x20\x92" - "\x11\x00\x10\x4E\xB3\x7C\xCA\x63" - "\xE5\x3F\xD3\x41\x37\xCD\x74\xB7" - "\xA5\x7C\x61\xB8\x0B\x7A\x7F\x4D" - "\xFE\x96\x7D\x1B\xBE\x60\x37\xB7" - "\x81\x92\x66\x67\x15\x1E\x39\x98" - "\x52\xC0\xF4\x69\xC0\x99\x4F\x5A" - "\x2E\x32\xAD\x7C\x8B\xE9\xAD\x05" - "\x55\xF9\x0A\x1F\x97\x5C\xFA\x2B" - "\xF4\x99\x76\x3A\x6E\x4D\xE1\x4C" - "\x14\x4E\x6F\x87\xEE\x1A\x85\xA3" - "\x96\xC6\x66\x49\xDA\x0D\x71\xAC" - "\x04\x05\x46\xD3\x90\x0F\x64\x64" - "\x01\x66\x2C\x62\x5D\x34\xD1\xCB" - "\x3A\x24\xCE\x95\xEF\xAE\x2C\x97" - "\x0E\x0C\x1D\x36\x49\xEB\xE9\x3D" - "\x62\xA6\x19\x28\x9E\x26\xB4\x3F" - "\xD7\x55\x42\x3C\xCD\x72\x0A\xF0" - "\x7D\xE9\x95\x45\x86\xED\xB1\xE0" - "\x8D\xE9\xC5\x86\x13\x24\x28\x7D" - "\x74\xEF\xCA\x50\x12\x7E\x64\x8F" - "\x1B\xF5\x5B\xFE\xE2\xAC\xFA\xE7" - "\xBD\x38\x8C\x11\x20\xEF\xB1\xAA" - "\x7B\xE5\xE5\x78\xAD\x9D\x2D\xA2" - "\x8E\xDD\x48\xB3\xEF\x18\x92\x7E" - "\xE6\x75\x0D\x54\x64\x11\xA3\x3A" - "\xDB\x97\x0F\xD3\xDF\x07\xD3\x7E" - "\x1E\xD1\x87\xE4\x74\xBB\x46\xF4" - "\xBA\x23\x2D\x8D\x29\x07\x12\xCF" - "\x34\xCD\x72\x7F\x01\x30\xE7\xA0" - "\xF8\xDD\xA8\x08\xF0\xBC\xB1\xA2" - "\xCC\xE1\x6B\x5F\xBE\xEA\xF1\xE4" - "\x02\xC4\xAF\xFA\xAD\x31\xF4\xBF" - "\xFC\x66\xAA\x37\xF2\x37\x39\x6B" - "\xBC\x08\x3A\xA2\x29\xB3\xDF\xD1", - .ilen = 496, - .result = "\x56\xED\x84\x1B\x8F\x26\xBD\x31" - "\xC8\x5F\xF6\x6A\x01\x98\x0C\xA3" - "\x3A\xD1\x45\xDC\x73\x0A\x7E\x15" - "\xAC\x20\xB7\x4E\xE5\x59\xF0\x87" - "\x1E\x92\x29\xC0\x34\xCB\x62\xF9" - "\x6D\x04\x9B\x0F\xA6\x3D\xD4\x48" - "\xDF\x76\x0D\x81\x18\xAF\x23\xBA" - "\x51\xE8\x5C\xF3\x8A\x21\x95\x2C" - "\xC3\x37\xCE\x65\xFC\x70\x07\x9E" - "\x12\xA9\x40\xD7\x4B\xE2\x79\x10" - "\x84\x1B\xB2\x26\xBD\x54\xEB\x5F" - "\xF6\x8D\x01\x98\x2F\xC6\x3A\xD1" - "\x68\xFF\x73\x0A\xA1\x15\xAC\x43" - "\xDA\x4E\xE5\x7C\x13\x87\x1E\xB5" - "\x29\xC0\x57\xEE\x62\xF9\x90\x04" - "\x9B\x32\xC9\x3D\xD4\x6B\x02\x76" - "\x0D\xA4\x18\xAF\x46\xDD\x51\xE8" - "\x7F\x16\x8A\x21\xB8\x2C\xC3\x5A" - "\xF1\x65\xFC\x93\x07\x9E\x35\xCC" - "\x40\xD7\x6E\x05\x79\x10\xA7\x1B" - "\xB2\x49\xE0\x54\xEB\x82\x19\x8D" - "\x24\xBB\x2F\xC6\x5D\xF4\x68\xFF" - "\x96\x0A\xA1\x38\xCF\x43\xDA\x71" - "\x08\x7C\x13\xAA\x1E\xB5\x4C\xE3" - "\x57\xEE\x85\x1C\x90\x27\xBE\x32" - "\xC9\x60\xF7\x6B\x02\x99\x0D\xA4" - "\x3B\xD2\x46\xDD\x74\x0B\x7F\x16" - "\xAD\x21\xB8\x4F\xE6\x5A\xF1\x88" - "\x1F\x93\x2A\xC1\x35\xCC\x63\xFA" - "\x6E\x05\x9C\x10\xA7\x3E\xD5\x49" - "\xE0\x77\x0E\x82\x19\xB0\x24\xBB" - "\x52\xE9\x5D\xF4\x8B\x22\x96\x2D" - "\xC4\x38\xCF\x66\xFD\x71\x08\x9F" - "\x13\xAA\x41\xD8\x4C\xE3\x7A\x11" - "\x85\x1C\xB3\x27\xBE\x55\xEC\x60" - "\xF7\x8E\x02\x99\x30\xC7\x3B\xD2" - "\x69\x00\x74\x0B\xA2\x16\xAD\x44" - "\xDB\x4F\xE6\x7D\x14\x88\x1F\xB6" - "\x2A\xC1\x58\xEF\x63\xFA\x91\x05" - "\x9C\x33\xCA\x3E\xD5\x6C\x03\x77" - "\x0E\xA5\x19\xB0\x47\xDE\x52\xE9" - "\x80\x17\x8B\x22\xB9\x2D\xC4\x5B" - "\xF2\x66\xFD\x94\x08\x9F\x36\xCD" - "\x41\xD8\x6F\x06\x7A\x11\xA8\x1C" - "\xB3\x4A\xE1\x55\xEC\x83\x1A\x8E" - "\x25\xBC\x30\xC7\x5E\xF5\x69\x00" - "\x97\x0B\xA2\x39\xD0\x44\xDB\x72" - "\x09\x7D\x14\xAB\x1F\xB6\x4D\xE4" - "\x58\xEF\x86\x1D\x91\x28\xBF\x33" - "\xCA\x61\xF8\x6C\x03\x9A\x0E\xA5" - "\x3C\xD3\x47\xDE\x75\x0C\x80\x17" - "\xAE\x22\xB9\x50\xE7\x5B\xF2\x89" - "\x20\x94\x2B\xC2\x36\xCD\x64\xFB" - "\x6F\x06\x9D\x11\xA8\x3F\xD6\x4A" - "\xE1\x78\x0F\x83\x1A\xB1\x25\xBC" - "\x53\xEA\x5E\xF5\x8C\x00\x97\x2E" - "\xC5\x39\xD0\x67\xFE\x72\x09\xA0" - "\x14\xAB\x42\xD9\x4D\xE4\x7B\x12" - "\x86\x1D\xB4\x28\xBF\x56\xED\x61" - "\xF8\x8F\x03\x9A\x31\xC8\x3C\xD3" - "\x6A\x01\x75\x0C\xA3\x17\xAE\x45" - "\xDC\x50\xE7\x7E\x15\x89\x20\xB7", - .rlen = 496, + .len = 496, .also_non_np = 1, .np = 3, .tap = { 496 - 20, 4, 16 }, }, }; -static const struct cipher_testvec serpent_ctr_enc_tv_template[] = { +static const struct cipher_testvec serpent_ctr_tv_template[] = { { /* Generated with Crypto++ */ .key = "\x85\x62\x3F\x1C\xF9\xD6\x1C\xF9" "\xD6\xB3\x90\x6D\x4A\x90\x6D\x4A" @@ -12579,7 +9095,7 @@ static const struct cipher_testvec serpent_ctr_enc_tv_template[] = { .klen = 32, .iv = "\xE2\x24\x89\xEE\x53\xB8\x1D\x5F" "\xC4\x29\x8E\xF3\x35\x9A\xFF\x64", - .input = "\x56\xED\x84\x1B\x8F\x26\xBD\x31" + .ptext = "\x56\xED\x84\x1B\x8F\x26\xBD\x31" "\xC8\x5F\xF6\x6A\x01\x98\x0C\xA3" "\x3A\xD1\x45\xDC\x73\x0A\x7E\x15" "\xAC\x20\xB7\x4E\xE5\x59\xF0\x87" @@ -12641,8 +9157,7 @@ static const struct cipher_testvec serpent_ctr_enc_tv_template[] = { "\xF8\x8F\x03\x9A\x31\xC8\x3C\xD3" "\x6A\x01\x75\x0C\xA3\x17\xAE\x45" "\xDC\x50\xE7\x7E\x15\x89\x20\xB7", - .ilen = 496, - .result = "\x84\x68\xEC\xF2\x1C\x88\x20\xCA" + .ctext = "\x84\x68\xEC\xF2\x1C\x88\x20\xCA" "\x37\x69\xE3\x3A\x22\x85\x48\x46" "\x70\xAA\x25\xB4\xCD\x8B\x04\x4E" "\x8D\x15\x2B\x98\xDF\x7B\x6D\xB9" @@ -12704,7 +9219,7 @@ static const struct cipher_testvec serpent_ctr_enc_tv_template[] = { "\xB2\xE6\x7E\x86\x7A\x12\x17\x5B" "\x30\xF3\x9B\x0D\xFA\x57\xE4\x50" "\x40\x53\x77\x8C\x15\xF8\x8D\x13", - .rlen = 496, + .len = 496, }, { /* Generated with Crypto++ */ .key = "\x85\x62\x3F\x1C\xF9\xD6\x1C\xF9" "\xD6\xB3\x90\x6D\x4A\x90\x6D\x4A" @@ -12713,7 +9228,7 @@ static const struct cipher_testvec serpent_ctr_enc_tv_template[] = { .klen = 32, .iv = "\xE2\x24\x89\xEE\x53\xB8\x1D\x5F" "\xC4\x29\x8E\xF3\x35\x9A\xFF\x64", - .input = "\x56\xED\x84\x1B\x8F\x26\xBD\x31" + .ptext = "\x56\xED\x84\x1B\x8F\x26\xBD\x31" "\xC8\x5F\xF6\x6A\x01\x98\x0C\xA3" "\x3A\xD1\x45\xDC\x73\x0A\x7E\x15" "\xAC\x20\xB7\x4E\xE5\x59\xF0\x87" @@ -12776,8 +9291,7 @@ static const struct cipher_testvec serpent_ctr_enc_tv_template[] = { "\x6A\x01\x75\x0C\xA3\x17\xAE\x45" "\xDC\x50\xE7\x7E\x15\x89\x20\xB7" "\x2B\xC2\x59", - .ilen = 499, - .result = "\x84\x68\xEC\xF2\x1C\x88\x20\xCA" + .ctext = "\x84\x68\xEC\xF2\x1C\x88\x20\xCA" "\x37\x69\xE3\x3A\x22\x85\x48\x46" "\x70\xAA\x25\xB4\xCD\x8B\x04\x4E" "\x8D\x15\x2B\x98\xDF\x7B\x6D\xB9" @@ -12840,7 +9354,7 @@ static const struct cipher_testvec serpent_ctr_enc_tv_template[] = { "\x30\xF3\x9B\x0D\xFA\x57\xE4\x50" "\x40\x53\x77\x8C\x15\xF8\x8D\x13" "\x38\xE2\xE5", - .rlen = 499, + .len = 499, .also_non_np = 1, .np = 2, .tap = { 499 - 16, 16 }, @@ -12852,208 +9366,7 @@ static const struct cipher_testvec serpent_ctr_enc_tv_template[] = { .klen = 32, .iv = "\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF" "\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFD", - .input = "\x56\xED\x84\x1B\x8F\x26\xBD\x31" - "\xC8\x5F\xF6\x6A\x01\x98\x0C\xA3" - "\x3A\xD1\x45\xDC\x73\x0A\x7E\x15" - "\xAC\x20\xB7\x4E\xE5\x59\xF0\x87" - "\x1E\x92\x29\xC0\x34\xCB\x62\xF9" - "\x6D\x04\x9B\x0F\xA6\x3D\xD4\x48" - "\xDF\x76\x0D\x81\x18\xAF\x23\xBA" - "\x51\xE8\x5C\xF3\x8A\x21\x95\x2C" - "\xC3\x37\xCE\x65\xFC\x70\x07\x9E" - "\x12\xA9\x40\xD7\x4B\xE2\x79\x10" - "\x84\x1B\xB2\x26\xBD\x54\xEB\x5F" - "\xF6\x8D\x01\x98\x2F\xC6\x3A\xD1" - "\x68\xFF\x73\x0A\xA1\x15\xAC\x43" - "\xDA\x4E\xE5\x7C\x13\x87\x1E\xB5" - "\x29\xC0\x57\xEE\x62\xF9\x90\x04" - "\x9B\x32\xC9\x3D\xD4\x6B\x02\x76" - "\x0D\xA4\x18\xAF\x46\xDD\x51\xE8" - "\x7F\x16\x8A\x21\xB8\x2C\xC3\x5A" - "\xF1\x65\xFC\x93\x07\x9E\x35\xCC" - "\x40\xD7\x6E\x05\x79\x10\xA7\x1B" - "\xB2\x49\xE0\x54\xEB\x82\x19\x8D" - "\x24\xBB\x2F\xC6\x5D\xF4\x68\xFF" - "\x96\x0A\xA1\x38\xCF\x43\xDA\x71" - "\x08\x7C\x13\xAA\x1E\xB5\x4C\xE3" - "\x57\xEE\x85\x1C\x90\x27\xBE\x32" - "\xC9\x60\xF7\x6B\x02\x99\x0D\xA4" - "\x3B\xD2\x46\xDD\x74\x0B\x7F\x16" - "\xAD\x21\xB8\x4F\xE6\x5A\xF1\x88" - "\x1F\x93\x2A\xC1\x35\xCC\x63\xFA" - "\x6E\x05\x9C\x10\xA7\x3E\xD5\x49" - "\xE0\x77\x0E\x82\x19\xB0\x24\xBB" - "\x52\xE9\x5D\xF4\x8B\x22\x96\x2D" - "\xC4\x38\xCF\x66\xFD\x71\x08\x9F" - "\x13\xAA\x41\xD8\x4C\xE3\x7A\x11" - "\x85\x1C\xB3\x27\xBE\x55\xEC\x60" - "\xF7\x8E\x02\x99\x30\xC7\x3B\xD2" - "\x69\x00\x74\x0B\xA2\x16\xAD\x44" - "\xDB\x4F\xE6\x7D\x14\x88\x1F\xB6" - "\x2A\xC1\x58\xEF\x63\xFA\x91\x05" - "\x9C\x33\xCA\x3E\xD5\x6C\x03\x77" - "\x0E\xA5\x19\xB0\x47\xDE\x52\xE9" - "\x80\x17\x8B\x22\xB9\x2D\xC4\x5B" - "\xF2\x66\xFD\x94\x08\x9F\x36\xCD" - "\x41\xD8\x6F\x06\x7A\x11\xA8\x1C" - "\xB3\x4A\xE1\x55\xEC\x83\x1A\x8E" - "\x25\xBC\x30\xC7\x5E\xF5\x69\x00" - "\x97\x0B\xA2\x39\xD0\x44\xDB\x72" - "\x09\x7D\x14\xAB\x1F\xB6\x4D\xE4" - "\x58\xEF\x86\x1D\x91\x28\xBF\x33" - "\xCA\x61\xF8\x6C\x03\x9A\x0E\xA5" - "\x3C\xD3\x47\xDE\x75\x0C\x80\x17" - "\xAE\x22\xB9\x50\xE7\x5B\xF2\x89" - "\x20\x94\x2B\xC2\x36\xCD\x64\xFB" - "\x6F\x06\x9D\x11\xA8\x3F\xD6\x4A" - "\xE1\x78\x0F\x83\x1A\xB1\x25\xBC" - "\x53\xEA\x5E\xF5\x8C\x00\x97\x2E" - "\xC5\x39\xD0\x67\xFE\x72\x09\xA0" - "\x14\xAB\x42\xD9\x4D\xE4\x7B\x12" - "\x86\x1D\xB4\x28\xBF\x56\xED\x61" - "\xF8\x8F\x03\x9A\x31\xC8\x3C\xD3" - "\x6A\x01\x75\x0C\xA3\x17\xAE\x45" - "\xDC\x50\xE7\x7E\x15\x89\x20\xB7", - .ilen = 496, - .result = "\x06\x9A\xF8\xB4\x53\x88\x62\xFC" - "\x68\xB8\x2E\xDF\xC1\x05\x0F\x3D" - "\xAF\x4D\x95\xAE\xC4\xE9\x1C\xDC" - "\xF6\x2B\x8F\x90\x89\xF6\x7E\x1A" - "\xA6\xB9\xE4\xF4\xFA\xCA\xE5\x7E" - "\x71\x28\x06\x4F\xE8\x08\x39\xDA" - "\xA5\x0E\xC8\xC0\xB8\x16\xE5\x69" - "\xE5\xCA\xEC\x4F\x63\x2C\xC0\x9B" - "\x9F\x3E\x39\x79\xF0\xCD\x64\x35" - "\x4A\xD3\xC8\xA9\x31\xCD\x48\x5B" - "\x92\x3D\x8F\x3F\x96\xBD\xB3\x18" - "\x74\x2A\x5D\x29\x3F\x57\x8F\xE2" - "\x67\x9A\xE0\xE5\xD4\x4A\xE2\x47" - "\xBC\xF6\xEB\x14\xF3\x8C\x20\xC2" - "\x7D\xE2\x43\x81\x86\x72\x2E\xB1" - "\x39\xF6\x95\xE1\x1F\xCB\x76\x33" - "\x5B\x7D\x23\x0F\x3A\x67\x2A\x2F" - "\xB9\x37\x9D\xDD\x1F\x16\xA1\x3C" - "\x70\xFE\x52\xAA\x93\x3C\xC4\x46" - "\xB1\xE5\xFF\xDA\xAF\xE2\x84\xFE" - "\x25\x92\xB2\x63\xBD\x49\x77\xB4" - "\x22\xA4\x6A\xD5\x04\xE0\x45\x58" - "\x1C\x34\x96\x7C\x03\x0C\x13\xA2" - "\x05\x22\xE2\xCB\x5A\x35\x03\x09" - "\x40\xD2\x82\x05\xCA\x58\x73\xF2" - "\x29\x5E\x01\x47\x13\x32\x78\xBE" - "\x06\xB0\x51\xDB\x6C\x31\xA0\x1C" - "\x74\xBC\x8D\x25\xDF\xF8\x65\xD1" - "\x38\x35\x11\x26\x4A\xB4\x06\x32" - "\xFA\xD2\x07\x77\xB3\x74\x98\x80" - "\x61\x59\xA8\x9F\xF3\x6F\x2A\xBF" - "\xE6\xA5\x9A\xC4\x6B\xA6\x49\x6F" - "\xBC\x47\xD9\xFB\xC6\xEF\x25\x65" - "\x96\xAC\x9F\xE4\x81\x4B\xD8\xBA" - "\xD6\x9B\xC9\x6D\x58\x40\x81\x02" - "\x73\x44\x4E\x43\x6E\x37\xBB\x11" - "\xE3\xF9\xB8\x2F\xEC\x76\x34\xEA" - "\x90\xCD\xB7\x2E\x0E\x32\x71\xE8" - "\xBB\x4E\x0B\x98\xA4\x17\x17\x5B" - "\x07\xB5\x82\x3A\xC4\xE8\x42\x51" - "\x5A\x4C\x4E\x7D\xBF\xC4\xC0\x4F" - "\x68\xB8\xC6\x4A\x32\x6F\x0B\xD7" - "\x85\xED\x6B\xFB\x72\xD2\xA5\x8F" - "\xBF\xF9\xAC\x59\x50\xA8\x08\x70" - "\xEC\xBD\x0A\xBF\xE5\x87\xA1\xC2" - "\x92\x14\x78\xAF\xE8\xEA\x2E\xDD" - "\xC1\x03\x9A\xAA\x89\x8B\x32\x46" - "\x5B\x18\x27\xBA\x46\xAA\x64\xDE" - "\xE3\xD5\xA3\xFC\x7B\x5B\x61\xDB" - "\x7E\xDA\xEC\x30\x17\x19\xF8\x80" - "\xB5\x5E\x27\xB5\x37\x3A\x1F\x28" - "\x07\x73\xC3\x63\xCE\xFF\x8C\xFE" - "\x81\x4E\xF8\x24\xF3\xB8\xC7\xE8" - "\x16\x9A\xCC\x58\x2F\x88\x1C\x4B" - "\xBB\x33\xA2\x73\xF0\x1C\x89\x0E" - "\xDC\x34\x27\x89\x98\xCE\x1C\xA2" - "\xD8\xB8\x90\xBE\xEC\x72\x28\x13" - "\xAC\x7B\xF1\xD0\x7F\x7A\x28\x50" - "\xB7\x99\x65\x8A\xC9\xC6\x21\x34" - "\x7F\x67\x9D\xB7\x2C\xCC\xF5\x17" - "\x2B\x89\xAC\xB0\xD7\x1E\x47\xB0" - "\x61\xAF\xD4\x63\x6D\xB8\x2D\x20", - .rlen = 496, - }, -}; - -static const struct cipher_testvec serpent_ctr_dec_tv_template[] = { - { /* Generated with Crypto++ */ - .key = "\x85\x62\x3F\x1C\xF9\xD6\x1C\xF9" - "\xD6\xB3\x90\x6D\x4A\x90\x6D\x4A" - "\x27\x04\xE1\x27\x04\xE1\xBE\x9B" - "\x78\xBE\x9B\x78\x55\x32\x0F\x55", - .klen = 32, - .iv = "\xE2\x24\x89\xEE\x53\xB8\x1D\x5F" - "\xC4\x29\x8E\xF3\x35\x9A\xFF\x64", - .input = "\x84\x68\xEC\xF2\x1C\x88\x20\xCA" - "\x37\x69\xE3\x3A\x22\x85\x48\x46" - "\x70\xAA\x25\xB4\xCD\x8B\x04\x4E" - "\x8D\x15\x2B\x98\xDF\x7B\x6D\xB9" - "\xE0\x4A\x73\x00\x65\xB6\x1A\x0D" - "\x5C\x60\xDF\x34\xDC\x60\x4C\xDF" - "\xB5\x1F\x26\x8C\xDA\xC1\x11\xA8" - "\x80\xFA\x37\x7A\x89\xAA\xAE\x7B" - "\x92\x6E\xB9\xDC\xC9\x62\x4F\x88" - "\x0A\x5D\x97\x2F\x6B\xAC\x03\x7C" - "\x22\xF6\x55\x5A\xFA\x35\xA5\x17" - "\xA1\x5C\x5E\x2B\x63\x2D\xB9\x91" - "\x3E\x83\x26\x00\x4E\xD5\xBE\xCE" - "\x79\xC4\x3D\xFC\x70\xA0\xAD\x96" - "\xBA\x58\x2A\x1C\xDF\xC2\x3A\xA5" - "\x7C\xB5\x12\x89\xED\xBF\xB6\x09" - "\x13\x4F\x7D\x61\x3C\x5C\x27\xFC" - "\x5D\xE1\x4F\xA1\xEA\xB3\xCA\xB9" - "\xE6\xD0\x97\x81\xDE\xD1\xFB\x8A" - "\x30\xDB\xA3\x5D\xEC\x25\x0B\x86" - "\x71\xC8\xA7\x67\xE8\xBC\x7D\x4C" - "\xAE\x82\xD3\x73\x31\x09\xCB\xB3" - "\x4D\xD4\xC0\x8A\x2B\xFA\xA6\x55" - "\x39\x0A\xBC\x6E\x75\xAB\xC2\xE2" - "\x8A\xF2\x26\xCD\x63\x38\x35\xF7" - "\xAE\x12\x83\xCD\x8A\x9E\x7E\x4C" - "\xFE\x4D\xD7\xCE\x5C\x6E\x4C\xAF" - "\xE3\xCD\x76\xA7\x87\xA1\x54\x7C" - "\xEC\x32\xC7\x83\x2A\xFF\xF8\xEA" - "\x87\xB2\x47\xA3\x9D\xC2\x9C\xA2" - "\xB7\x2C\x7C\x1A\x24\xCB\x88\x61" - "\xFF\xA7\x1A\x16\x01\xDD\x4B\xFC" - "\x2E\xE0\x48\x67\x09\x42\xCC\x91" - "\xBE\x20\x38\xC0\x5E\x3B\x95\x00" - "\xA1\x96\x66\x0B\x8A\xE9\x9E\xF7" - "\x6B\x34\x0A\x51\xC0\x3B\xEB\x71" - "\x07\x97\x38\x4B\x5C\x56\x98\x67" - "\x78\x9C\xD0\x0E\x2B\xB5\x67\x90" - "\x75\xF8\xFE\x6D\x4E\x85\xCC\x0D" - "\x18\x06\x15\x9D\x5A\x10\x13\x37" - "\xA3\xD6\x68\xA2\xDF\x7E\xC7\x12" - "\xC9\x0D\x4D\x91\xB0\x2A\x55\xFF" - "\x6F\x73\x13\xDF\x28\xB5\x2A\x2C" - "\xE4\xFC\x20\xD9\xF1\x7A\x82\xB1" - "\xCB\x57\xB6\x3D\x8C\xF4\x8E\x27" - "\x37\xDC\x35\xF3\x79\x01\x53\xA4" - "\x7B\x37\xDE\x7C\x04\xAE\x50\xDB" - "\x9B\x1E\x8C\x07\xA7\x52\x49\x50" - "\x34\x25\x65\xDD\xA9\x8F\x7E\xBD" - "\x7A\xC9\x36\xAE\xDE\x21\x48\x64" - "\xC2\x02\xBA\xBE\x11\x1E\x3D\x9C" - "\x98\x52\xCC\x04\xBD\x5E\x61\x26" - "\x10\xD3\x21\xD9\x6E\x25\x98\x77" - "\x8E\x98\x63\xF6\xF6\x52\xFB\x13" - "\xAA\x30\xF2\xB9\xA4\x43\x53\x39" - "\x1C\x97\x07\x7E\x6B\xFF\x3D\x43" - "\xA6\x71\x6B\x66\x8F\x58\x3F\x71" - "\x90\x47\x40\x92\xE6\x69\xD1\x96" - "\x34\xB3\x3B\xE5\x43\xE4\xD5\x56" - "\xB2\xE6\x7E\x86\x7A\x12\x17\x5B" - "\x30\xF3\x9B\x0D\xFA\x57\xE4\x50" - "\x40\x53\x77\x8C\x15\xF8\x8D\x13", - .ilen = 496, - .result = "\x56\xED\x84\x1B\x8F\x26\xBD\x31" + .ptext = "\x56\xED\x84\x1B\x8F\x26\xBD\x31" "\xC8\x5F\xF6\x6A\x01\x98\x0C\xA3" "\x3A\xD1\x45\xDC\x73\x0A\x7E\x15" "\xAC\x20\xB7\x4E\xE5\x59\xF0\x87" @@ -13115,155 +9428,7 @@ static const struct cipher_testvec serpent_ctr_dec_tv_template[] = { "\xF8\x8F\x03\x9A\x31\xC8\x3C\xD3" "\x6A\x01\x75\x0C\xA3\x17\xAE\x45" "\xDC\x50\xE7\x7E\x15\x89\x20\xB7", - .rlen = 496, - }, { /* Generated with Crypto++ */ - .key = "\x85\x62\x3F\x1C\xF9\xD6\x1C\xF9" - "\xD6\xB3\x90\x6D\x4A\x90\x6D\x4A" - "\x27\x04\xE1\x27\x04\xE1\xBE\x9B" - "\x78\xBE\x9B\x78\x55\x32\x0F\x55", - .klen = 32, - .iv = "\xE2\x24\x89\xEE\x53\xB8\x1D\x5F" - "\xC4\x29\x8E\xF3\x35\x9A\xFF\x64", - .input = "\x84\x68\xEC\xF2\x1C\x88\x20\xCA" - "\x37\x69\xE3\x3A\x22\x85\x48\x46" - "\x70\xAA\x25\xB4\xCD\x8B\x04\x4E" - "\x8D\x15\x2B\x98\xDF\x7B\x6D\xB9" - "\xE0\x4A\x73\x00\x65\xB6\x1A\x0D" - "\x5C\x60\xDF\x34\xDC\x60\x4C\xDF" - "\xB5\x1F\x26\x8C\xDA\xC1\x11\xA8" - "\x80\xFA\x37\x7A\x89\xAA\xAE\x7B" - "\x92\x6E\xB9\xDC\xC9\x62\x4F\x88" - "\x0A\x5D\x97\x2F\x6B\xAC\x03\x7C" - "\x22\xF6\x55\x5A\xFA\x35\xA5\x17" - "\xA1\x5C\x5E\x2B\x63\x2D\xB9\x91" - "\x3E\x83\x26\x00\x4E\xD5\xBE\xCE" - "\x79\xC4\x3D\xFC\x70\xA0\xAD\x96" - "\xBA\x58\x2A\x1C\xDF\xC2\x3A\xA5" - "\x7C\xB5\x12\x89\xED\xBF\xB6\x09" - "\x13\x4F\x7D\x61\x3C\x5C\x27\xFC" - "\x5D\xE1\x4F\xA1\xEA\xB3\xCA\xB9" - "\xE6\xD0\x97\x81\xDE\xD1\xFB\x8A" - "\x30\xDB\xA3\x5D\xEC\x25\x0B\x86" - "\x71\xC8\xA7\x67\xE8\xBC\x7D\x4C" - "\xAE\x82\xD3\x73\x31\x09\xCB\xB3" - "\x4D\xD4\xC0\x8A\x2B\xFA\xA6\x55" - "\x39\x0A\xBC\x6E\x75\xAB\xC2\xE2" - "\x8A\xF2\x26\xCD\x63\x38\x35\xF7" - "\xAE\x12\x83\xCD\x8A\x9E\x7E\x4C" - "\xFE\x4D\xD7\xCE\x5C\x6E\x4C\xAF" - "\xE3\xCD\x76\xA7\x87\xA1\x54\x7C" - "\xEC\x32\xC7\x83\x2A\xFF\xF8\xEA" - "\x87\xB2\x47\xA3\x9D\xC2\x9C\xA2" - "\xB7\x2C\x7C\x1A\x24\xCB\x88\x61" - "\xFF\xA7\x1A\x16\x01\xDD\x4B\xFC" - "\x2E\xE0\x48\x67\x09\x42\xCC\x91" - "\xBE\x20\x38\xC0\x5E\x3B\x95\x00" - "\xA1\x96\x66\x0B\x8A\xE9\x9E\xF7" - "\x6B\x34\x0A\x51\xC0\x3B\xEB\x71" - "\x07\x97\x38\x4B\x5C\x56\x98\x67" - "\x78\x9C\xD0\x0E\x2B\xB5\x67\x90" - "\x75\xF8\xFE\x6D\x4E\x85\xCC\x0D" - "\x18\x06\x15\x9D\x5A\x10\x13\x37" - "\xA3\xD6\x68\xA2\xDF\x7E\xC7\x12" - "\xC9\x0D\x4D\x91\xB0\x2A\x55\xFF" - "\x6F\x73\x13\xDF\x28\xB5\x2A\x2C" - "\xE4\xFC\x20\xD9\xF1\x7A\x82\xB1" - "\xCB\x57\xB6\x3D\x8C\xF4\x8E\x27" - "\x37\xDC\x35\xF3\x79\x01\x53\xA4" - "\x7B\x37\xDE\x7C\x04\xAE\x50\xDB" - "\x9B\x1E\x8C\x07\xA7\x52\x49\x50" - "\x34\x25\x65\xDD\xA9\x8F\x7E\xBD" - "\x7A\xC9\x36\xAE\xDE\x21\x48\x64" - "\xC2\x02\xBA\xBE\x11\x1E\x3D\x9C" - "\x98\x52\xCC\x04\xBD\x5E\x61\x26" - "\x10\xD3\x21\xD9\x6E\x25\x98\x77" - "\x8E\x98\x63\xF6\xF6\x52\xFB\x13" - "\xAA\x30\xF2\xB9\xA4\x43\x53\x39" - "\x1C\x97\x07\x7E\x6B\xFF\x3D\x43" - "\xA6\x71\x6B\x66\x8F\x58\x3F\x71" - "\x90\x47\x40\x92\xE6\x69\xD1\x96" - "\x34\xB3\x3B\xE5\x43\xE4\xD5\x56" - "\xB2\xE6\x7E\x86\x7A\x12\x17\x5B" - "\x30\xF3\x9B\x0D\xFA\x57\xE4\x50" - "\x40\x53\x77\x8C\x15\xF8\x8D\x13" - "\x38\xE2\xE5", - .ilen = 499, - .result = "\x56\xED\x84\x1B\x8F\x26\xBD\x31" - "\xC8\x5F\xF6\x6A\x01\x98\x0C\xA3" - "\x3A\xD1\x45\xDC\x73\x0A\x7E\x15" - "\xAC\x20\xB7\x4E\xE5\x59\xF0\x87" - "\x1E\x92\x29\xC0\x34\xCB\x62\xF9" - "\x6D\x04\x9B\x0F\xA6\x3D\xD4\x48" - "\xDF\x76\x0D\x81\x18\xAF\x23\xBA" - "\x51\xE8\x5C\xF3\x8A\x21\x95\x2C" - "\xC3\x37\xCE\x65\xFC\x70\x07\x9E" - "\x12\xA9\x40\xD7\x4B\xE2\x79\x10" - "\x84\x1B\xB2\x26\xBD\x54\xEB\x5F" - "\xF6\x8D\x01\x98\x2F\xC6\x3A\xD1" - "\x68\xFF\x73\x0A\xA1\x15\xAC\x43" - "\xDA\x4E\xE5\x7C\x13\x87\x1E\xB5" - "\x29\xC0\x57\xEE\x62\xF9\x90\x04" - "\x9B\x32\xC9\x3D\xD4\x6B\x02\x76" - "\x0D\xA4\x18\xAF\x46\xDD\x51\xE8" - "\x7F\x16\x8A\x21\xB8\x2C\xC3\x5A" - "\xF1\x65\xFC\x93\x07\x9E\x35\xCC" - "\x40\xD7\x6E\x05\x79\x10\xA7\x1B" - "\xB2\x49\xE0\x54\xEB\x82\x19\x8D" - "\x24\xBB\x2F\xC6\x5D\xF4\x68\xFF" - "\x96\x0A\xA1\x38\xCF\x43\xDA\x71" - "\x08\x7C\x13\xAA\x1E\xB5\x4C\xE3" - "\x57\xEE\x85\x1C\x90\x27\xBE\x32" - "\xC9\x60\xF7\x6B\x02\x99\x0D\xA4" - "\x3B\xD2\x46\xDD\x74\x0B\x7F\x16" - "\xAD\x21\xB8\x4F\xE6\x5A\xF1\x88" - "\x1F\x93\x2A\xC1\x35\xCC\x63\xFA" - "\x6E\x05\x9C\x10\xA7\x3E\xD5\x49" - "\xE0\x77\x0E\x82\x19\xB0\x24\xBB" - "\x52\xE9\x5D\xF4\x8B\x22\x96\x2D" - "\xC4\x38\xCF\x66\xFD\x71\x08\x9F" - "\x13\xAA\x41\xD8\x4C\xE3\x7A\x11" - "\x85\x1C\xB3\x27\xBE\x55\xEC\x60" - "\xF7\x8E\x02\x99\x30\xC7\x3B\xD2" - "\x69\x00\x74\x0B\xA2\x16\xAD\x44" - "\xDB\x4F\xE6\x7D\x14\x88\x1F\xB6" - "\x2A\xC1\x58\xEF\x63\xFA\x91\x05" - "\x9C\x33\xCA\x3E\xD5\x6C\x03\x77" - "\x0E\xA5\x19\xB0\x47\xDE\x52\xE9" - "\x80\x17\x8B\x22\xB9\x2D\xC4\x5B" - "\xF2\x66\xFD\x94\x08\x9F\x36\xCD" - "\x41\xD8\x6F\x06\x7A\x11\xA8\x1C" - "\xB3\x4A\xE1\x55\xEC\x83\x1A\x8E" - "\x25\xBC\x30\xC7\x5E\xF5\x69\x00" - "\x97\x0B\xA2\x39\xD0\x44\xDB\x72" - "\x09\x7D\x14\xAB\x1F\xB6\x4D\xE4" - "\x58\xEF\x86\x1D\x91\x28\xBF\x33" - "\xCA\x61\xF8\x6C\x03\x9A\x0E\xA5" - "\x3C\xD3\x47\xDE\x75\x0C\x80\x17" - "\xAE\x22\xB9\x50\xE7\x5B\xF2\x89" - "\x20\x94\x2B\xC2\x36\xCD\x64\xFB" - "\x6F\x06\x9D\x11\xA8\x3F\xD6\x4A" - "\xE1\x78\x0F\x83\x1A\xB1\x25\xBC" - "\x53\xEA\x5E\xF5\x8C\x00\x97\x2E" - "\xC5\x39\xD0\x67\xFE\x72\x09\xA0" - "\x14\xAB\x42\xD9\x4D\xE4\x7B\x12" - "\x86\x1D\xB4\x28\xBF\x56\xED\x61" - "\xF8\x8F\x03\x9A\x31\xC8\x3C\xD3" - "\x6A\x01\x75\x0C\xA3\x17\xAE\x45" - "\xDC\x50\xE7\x7E\x15\x89\x20\xB7" - "\x2B\xC2\x59", - .rlen = 499, - .also_non_np = 1, - .np = 2, - .tap = { 499 - 16, 16 }, - }, { /* Generated with Crypto++ */ - .key = "\x85\x62\x3F\x1C\xF9\xD6\x1C\xF9" - "\xD6\xB3\x90\x6D\x4A\x90\x6D\x4A" - "\x27\x04\xE1\x27\x04\xE1\xBE\x9B" - "\x78\xBE\x9B\x78\x55\x32\x0F\x55", - .klen = 32, - .iv = "\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF" - "\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFD", - .input = "\x06\x9A\xF8\xB4\x53\x88\x62\xFC" + .ctext = "\x06\x9A\xF8\xB4\x53\x88\x62\xFC" "\x68\xB8\x2E\xDF\xC1\x05\x0F\x3D" "\xAF\x4D\x95\xAE\xC4\xE9\x1C\xDC" "\xF6\x2B\x8F\x90\x89\xF6\x7E\x1A" @@ -13325,74 +9490,11 @@ static const struct cipher_testvec serpent_ctr_dec_tv_template[] = { "\x7F\x67\x9D\xB7\x2C\xCC\xF5\x17" "\x2B\x89\xAC\xB0\xD7\x1E\x47\xB0" "\x61\xAF\xD4\x63\x6D\xB8\x2D\x20", - .ilen = 496, - .result = "\x56\xED\x84\x1B\x8F\x26\xBD\x31" - "\xC8\x5F\xF6\x6A\x01\x98\x0C\xA3" - "\x3A\xD1\x45\xDC\x73\x0A\x7E\x15" - "\xAC\x20\xB7\x4E\xE5\x59\xF0\x87" - "\x1E\x92\x29\xC0\x34\xCB\x62\xF9" - "\x6D\x04\x9B\x0F\xA6\x3D\xD4\x48" - "\xDF\x76\x0D\x81\x18\xAF\x23\xBA" - "\x51\xE8\x5C\xF3\x8A\x21\x95\x2C" - "\xC3\x37\xCE\x65\xFC\x70\x07\x9E" - "\x12\xA9\x40\xD7\x4B\xE2\x79\x10" - "\x84\x1B\xB2\x26\xBD\x54\xEB\x5F" - "\xF6\x8D\x01\x98\x2F\xC6\x3A\xD1" - "\x68\xFF\x73\x0A\xA1\x15\xAC\x43" - "\xDA\x4E\xE5\x7C\x13\x87\x1E\xB5" - "\x29\xC0\x57\xEE\x62\xF9\x90\x04" - "\x9B\x32\xC9\x3D\xD4\x6B\x02\x76" - "\x0D\xA4\x18\xAF\x46\xDD\x51\xE8" - "\x7F\x16\x8A\x21\xB8\x2C\xC3\x5A" - "\xF1\x65\xFC\x93\x07\x9E\x35\xCC" - "\x40\xD7\x6E\x05\x79\x10\xA7\x1B" - "\xB2\x49\xE0\x54\xEB\x82\x19\x8D" - "\x24\xBB\x2F\xC6\x5D\xF4\x68\xFF" - "\x96\x0A\xA1\x38\xCF\x43\xDA\x71" - "\x08\x7C\x13\xAA\x1E\xB5\x4C\xE3" - "\x57\xEE\x85\x1C\x90\x27\xBE\x32" - "\xC9\x60\xF7\x6B\x02\x99\x0D\xA4" - "\x3B\xD2\x46\xDD\x74\x0B\x7F\x16" - "\xAD\x21\xB8\x4F\xE6\x5A\xF1\x88" - "\x1F\x93\x2A\xC1\x35\xCC\x63\xFA" - "\x6E\x05\x9C\x10\xA7\x3E\xD5\x49" - "\xE0\x77\x0E\x82\x19\xB0\x24\xBB" - "\x52\xE9\x5D\xF4\x8B\x22\x96\x2D" - "\xC4\x38\xCF\x66\xFD\x71\x08\x9F" - "\x13\xAA\x41\xD8\x4C\xE3\x7A\x11" - "\x85\x1C\xB3\x27\xBE\x55\xEC\x60" - "\xF7\x8E\x02\x99\x30\xC7\x3B\xD2" - "\x69\x00\x74\x0B\xA2\x16\xAD\x44" - "\xDB\x4F\xE6\x7D\x14\x88\x1F\xB6" - "\x2A\xC1\x58\xEF\x63\xFA\x91\x05" - "\x9C\x33\xCA\x3E\xD5\x6C\x03\x77" - "\x0E\xA5\x19\xB0\x47\xDE\x52\xE9" - "\x80\x17\x8B\x22\xB9\x2D\xC4\x5B" - "\xF2\x66\xFD\x94\x08\x9F\x36\xCD" - "\x41\xD8\x6F\x06\x7A\x11\xA8\x1C" - "\xB3\x4A\xE1\x55\xEC\x83\x1A\x8E" - "\x25\xBC\x30\xC7\x5E\xF5\x69\x00" - "\x97\x0B\xA2\x39\xD0\x44\xDB\x72" - "\x09\x7D\x14\xAB\x1F\xB6\x4D\xE4" - "\x58\xEF\x86\x1D\x91\x28\xBF\x33" - "\xCA\x61\xF8\x6C\x03\x9A\x0E\xA5" - "\x3C\xD3\x47\xDE\x75\x0C\x80\x17" - "\xAE\x22\xB9\x50\xE7\x5B\xF2\x89" - "\x20\x94\x2B\xC2\x36\xCD\x64\xFB" - "\x6F\x06\x9D\x11\xA8\x3F\xD6\x4A" - "\xE1\x78\x0F\x83\x1A\xB1\x25\xBC" - "\x53\xEA\x5E\xF5\x8C\x00\x97\x2E" - "\xC5\x39\xD0\x67\xFE\x72\x09\xA0" - "\x14\xAB\x42\xD9\x4D\xE4\x7B\x12" - "\x86\x1D\xB4\x28\xBF\x56\xED\x61" - "\xF8\x8F\x03\x9A\x31\xC8\x3C\xD3" - "\x6A\x01\x75\x0C\xA3\x17\xAE\x45" - "\xDC\x50\xE7\x7E\x15\x89\x20\xB7", - .rlen = 496, + .len = 496, }, }; -static const struct cipher_testvec serpent_lrw_enc_tv_template[] = { +static const struct cipher_testvec serpent_lrw_tv_template[] = { /* Generated from AES-LRW test vectors */ { .key = "\x45\x62\xac\x25\xf8\x28\x17\x6d" @@ -13402,12 +9504,11 @@ static const struct cipher_testvec serpent_lrw_enc_tv_template[] = { .klen = 32, .iv = "\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x01", - .input = "\x30\x31\x32\x33\x34\x35\x36\x37" + .ptext = "\x30\x31\x32\x33\x34\x35\x36\x37" "\x38\x39\x41\x42\x43\x44\x45\x46", - .ilen = 16, - .result = "\x6f\xbf\xd4\xa4\x5d\x71\x16\x79" + .ctext = "\x6f\xbf\xd4\xa4\x5d\x71\x16\x79" "\x63\x9c\xa6\x8e\x40\xbe\x0d\x8a", - .rlen = 16, + .len = 16, }, { .key = "\x59\x70\x47\x14\xf5\x57\x47\x8c" "\xd7\x79\xe8\x0f\x54\x88\x79\x44" @@ -13416,12 +9517,11 @@ static const struct cipher_testvec serpent_lrw_enc_tv_template[] = { .klen = 32, .iv = "\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x02", - .input = "\x30\x31\x32\x33\x34\x35\x36\x37" + .ptext = "\x30\x31\x32\x33\x34\x35\x36\x37" "\x38\x39\x41\x42\x43\x44\x45\x46", - .ilen = 16, - .result = "\xfd\xb2\x66\x98\x80\x96\x55\xad" + .ctext = "\xfd\xb2\x66\x98\x80\x96\x55\xad" "\x08\x94\x54\x9c\x21\x7c\x69\xe3", - .rlen = 16, + .len = 16, }, { .key = "\xd8\x2a\x91\x34\xb2\x6a\x56\x50" "\x30\xfe\x69\xe2\x37\x7f\x98\x47" @@ -13430,12 +9530,11 @@ static const struct cipher_testvec serpent_lrw_enc_tv_template[] = { .klen = 32, .iv = "\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x02\x00\x00\x00\x00", - .input = "\x30\x31\x32\x33\x34\x35\x36\x37" + .ptext = "\x30\x31\x32\x33\x34\x35\x36\x37" "\x38\x39\x41\x42\x43\x44\x45\x46", - .ilen = 16, - .result = "\x14\x5e\x3d\x70\xc0\x6e\x9c\x34" + .ctext = "\x14\x5e\x3d\x70\xc0\x6e\x9c\x34" "\x5b\x5e\xcf\x0f\xe4\x8c\x21\x5c", - .rlen = 16, + .len = 16, }, { .key = "\x0f\x6a\xef\xf8\xd3\xd2\xbb\x15" "\x25\x83\xf7\x3c\x1f\x01\x28\x74" @@ -13445,12 +9544,11 @@ static const struct cipher_testvec serpent_lrw_enc_tv_template[] = { .klen = 40, .iv = "\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x01", - .input = "\x30\x31\x32\x33\x34\x35\x36\x37" + .ptext = "\x30\x31\x32\x33\x34\x35\x36\x37" "\x38\x39\x41\x42\x43\x44\x45\x46", - .ilen = 16, - .result = "\x25\x39\xaa\xa5\xf0\x65\xc8\xdc" + .ctext = "\x25\x39\xaa\xa5\xf0\x65\xc8\xdc" "\x5d\x45\x95\x30\x8f\xff\x2f\x1b", - .rlen = 16, + .len = 16, }, { .key = "\x8a\xd4\xee\x10\x2f\xbd\x81\xff" "\xf8\x86\xce\xac\x93\xc5\xad\xc6" @@ -13460,12 +9558,11 @@ static const struct cipher_testvec serpent_lrw_enc_tv_template[] = { .klen = 40, .iv = "\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x02\x00\x00\x00\x00", - .input = "\x30\x31\x32\x33\x34\x35\x36\x37" + .ptext = "\x30\x31\x32\x33\x34\x35\x36\x37" "\x38\x39\x41\x42\x43\x44\x45\x46", - .ilen = 16, - .result = "\x0c\x20\x20\x63\xd6\x8b\xfc\x8f" + .ctext = "\x0c\x20\x20\x63\xd6\x8b\xfc\x8f" "\xc0\xe2\x17\xbb\xd2\x59\x6f\x26", - .rlen = 16, + .len = 16, }, { .key = "\xf8\xd4\x76\xff\xd6\x46\xee\x6c" "\x23\x84\xcb\x1c\x77\xd6\x19\x5d" @@ -13476,12 +9573,11 @@ static const struct cipher_testvec serpent_lrw_enc_tv_template[] = { .klen = 48, .iv = "\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x01", - .input = "\x30\x31\x32\x33\x34\x35\x36\x37" + .ptext = "\x30\x31\x32\x33\x34\x35\x36\x37" "\x38\x39\x41\x42\x43\x44\x45\x46", - .ilen = 16, - .result = "\xc1\x35\x2e\x53\xf0\x96\x4d\x9c" + .ctext = "\xc1\x35\x2e\x53\xf0\x96\x4d\x9c" "\x2e\x18\xe6\x99\xcd\xd3\x15\x68", - .rlen = 16, + .len = 16, }, { .key = "\xfb\x76\x15\xb2\x3d\x80\x89\x1d" "\xd4\x70\x98\x0b\xc7\x95\x84\xc8" @@ -13492,12 +9588,11 @@ static const struct cipher_testvec serpent_lrw_enc_tv_template[] = { .klen = 48, .iv = "\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x02\x00\x00\x00\x00", - .input = "\x30\x31\x32\x33\x34\x35\x36\x37" + .ptext = "\x30\x31\x32\x33\x34\x35\x36\x37" "\x38\x39\x41\x42\x43\x44\x45\x46", - .ilen = 16, - .result = "\x86\x0a\xc6\xa9\x1a\x9f\xe7\xe6" + .ctext = "\x86\x0a\xc6\xa9\x1a\x9f\xe7\xe6" "\x64\x3b\x33\xd6\xd5\x84\xd6\xdf", - .rlen = 16, + .len = 16, }, { .key = "\xf8\xd4\x76\xff\xd6\x46\xee\x6c" "\x23\x84\xcb\x1c\x77\xd6\x19\x5d" @@ -13508,7 +9603,7 @@ static const struct cipher_testvec serpent_lrw_enc_tv_template[] = { .klen = 48, .iv = "\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x01", - .input = "\x05\x11\xb7\x18\xab\xc6\x2d\xac" + .ptext = "\x05\x11\xb7\x18\xab\xc6\x2d\xac" "\x70\x5d\xf6\x22\x94\xcd\xe5\x6c" "\x17\x6b\xf6\x1c\xf0\xf3\x6e\xf8" "\x50\x38\x1f\x71\x49\xb6\x57\xd6" @@ -13572,196 +9667,7 @@ static const struct cipher_testvec serpent_lrw_enc_tv_template[] = { "\xa4\xc7\xa8\xb4\xf6\x13\x03\xf6" "\xe9\x2e\xc4\x29\x0f\x84\xdb\xc4" "\x21\xc4\xc2\x75\x67\x89\x37\x0a", - .ilen = 512, - .result = "\xe3\x5a\x38\x0f\x4d\x92\x3a\x74" - "\x15\xb1\x50\x8c\x9a\xd8\x99\x1d" - "\x82\xec\xf1\x5f\x03\x6d\x02\x58" - "\x90\x67\xfc\xdd\x8d\xe1\x38\x08" - "\x7b\xc9\x9b\x4b\x04\x09\x50\x15" - "\xce\xab\xda\x33\x30\x20\x12\xfa" - "\x83\xc4\xa6\x9a\x2e\x7d\x90\xd9" - "\xa6\xa6\x67\x43\xb4\xa7\xa8\x5c" - "\xbb\x6a\x49\x2b\x8b\xf8\xd0\x22" - "\xe5\x9e\xba\xe8\x8c\x67\xb8\x5b" - "\x60\xbc\xf5\xa4\x95\x4e\x66\xe5" - "\x6d\x8e\xa9\xf6\x65\x2e\x04\xf5" - "\xba\xb5\xdb\x88\xc2\xf6\x7a\x4b" - "\x89\x58\x7c\x9a\xae\x26\xe8\xb7" - "\xb7\x28\xcc\xd6\xcc\xa5\x98\x4d" - "\xb9\x91\xcb\xb4\xe4\x8b\x96\x47" - "\x5f\x03\x8b\xdd\x94\xd1\xee\x12" - "\xa7\x83\x80\xf2\xc1\x15\x74\x4f" - "\x49\xf9\xb0\x7e\x6f\xdc\x73\x2f" - "\xe2\xcf\xe0\x1b\x34\xa5\xa0\x52" - "\xfb\x3c\x5d\x85\x91\xe6\x6d\x98" - "\x04\xd6\xdd\x4c\x00\x64\xd9\x54" - "\x5c\x3c\x08\x1d\x4c\x06\x9f\xb8" - "\x1c\x4d\x8d\xdc\xa4\x3c\xb9\x3b" - "\x9e\x85\xce\xc3\xa8\x4a\x0c\xd9" - "\x04\xc3\x6f\x17\x66\xa9\x1f\x59" - "\xd9\xe2\x19\x36\xa3\x88\xb8\x0b" - "\x0f\x4a\x4d\xf8\xc8\x6f\xd5\x43" - "\xeb\xa0\xab\x1f\x61\xc0\x06\xeb" - "\x93\xb7\xb8\x6f\x0d\xbd\x07\x49" - "\xb3\xac\x5d\xcf\x31\xa0\x27\x26" - "\x21\xbe\x94\x2e\x19\xea\xf4\xee" - "\xb5\x13\x89\xf7\x94\x0b\xef\x59" - "\x44\xc5\x78\x8b\x3c\x3b\x71\x20" - "\xf9\x35\x0c\x70\x74\xdc\x5b\xc2" - "\xb4\x11\x0e\x2c\x61\xa1\x52\x46" - "\x18\x11\x16\xc6\x86\x44\xa7\xaf" - "\xd5\x0c\x7d\xa6\x9e\x25\x2d\x1b" - "\x9a\x8f\x0f\xf8\x6a\x61\xa0\xea" - "\x3f\x0e\x90\xd6\x8f\x83\x30\x64" - "\xb5\x51\x2d\x08\x3c\xcd\x99\x36" - "\x96\xd4\xb1\xb5\x48\x30\xca\x48" - "\xf7\x11\xa8\xf5\x97\x8a\x6a\x6d" - "\x12\x33\x2f\xc0\xe8\xda\xec\x8a" - "\xe1\x88\x72\x63\xde\x20\xa3\xe1" - "\x8e\xac\x84\x37\x35\xf5\xf7\x3f" - "\x00\x02\x0e\xe4\xc1\x53\x68\x3f" - "\xaa\xd5\xac\x52\x3d\x20\x2f\x4d" - "\x7c\x83\xd0\xbd\xaa\x97\x35\x36" - "\x98\x88\x59\x5d\xe7\x24\xe3\x90" - "\x9d\x30\x47\xa7\xc3\x60\x35\xf4" - "\xd5\xdb\x0e\x4d\x44\xc1\x81\x8b" - "\xfd\xbd\xc3\x2b\xba\x68\xfe\x8d" - "\x49\x5a\x3c\x8a\xa3\x01\xae\x25" - "\x42\xab\xd2\x87\x1b\x35\xd6\xd2" - "\xd7\x70\x1c\x1f\x72\xd1\xe1\x39" - "\x1c\x58\xa2\xb4\xd0\x78\x55\x72" - "\x76\x59\xea\xd9\xd7\x6e\x63\x8b" - "\xcc\x9b\xa7\x74\x89\xfc\xa3\x68" - "\x86\x28\xd1\xbb\x54\x8d\x66\xad" - "\x2a\x92\xf9\x4e\x04\x3d\xae\xfd" - "\x1b\x2b\x7f\xc3\x2f\x1a\x78\x0a" - "\x5c\xc6\x84\xfe\x7c\xcb\x26\xfd" - "\xd9\x51\x0f\xd7\x94\x2f\xc5\xa7", - .rlen = 512, - .also_non_np = 1, - .np = 3, - .tap = { 512 - 20, 4, 16 }, - }, -}; - -static const struct cipher_testvec serpent_lrw_dec_tv_template[] = { - /* Generated from AES-LRW test vectors */ - /* same as enc vectors with input and result reversed */ - { - .key = "\x45\x62\xac\x25\xf8\x28\x17\x6d" - "\x4c\x26\x84\x14\xb5\x68\x01\x85" - "\x25\x8e\x2a\x05\xe7\x3e\x9d\x03" - "\xee\x5a\x83\x0c\xcc\x09\x4c\x87", - .klen = 32, - .iv = "\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x01", - .input = "\x6f\xbf\xd4\xa4\x5d\x71\x16\x79" - "\x63\x9c\xa6\x8e\x40\xbe\x0d\x8a", - .ilen = 16, - .result = "\x30\x31\x32\x33\x34\x35\x36\x37" - "\x38\x39\x41\x42\x43\x44\x45\x46", - .rlen = 16, - }, { - .key = "\x59\x70\x47\x14\xf5\x57\x47\x8c" - "\xd7\x79\xe8\x0f\x54\x88\x79\x44" - "\x0d\x48\xf0\xb7\xb1\x5a\x53\xea" - "\x1c\xaa\x6b\x29\xc2\xca\xfb\xaf", - .klen = 32, - .iv = "\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x02", - .input = "\xfd\xb2\x66\x98\x80\x96\x55\xad" - "\x08\x94\x54\x9c\x21\x7c\x69\xe3", - .ilen = 16, - .result = "\x30\x31\x32\x33\x34\x35\x36\x37" - "\x38\x39\x41\x42\x43\x44\x45\x46", - .rlen = 16, - }, { - .key = "\xd8\x2a\x91\x34\xb2\x6a\x56\x50" - "\x30\xfe\x69\xe2\x37\x7f\x98\x47" - "\xcd\xf9\x0b\x16\x0c\x64\x8f\xb6" - "\xb0\x0d\x0d\x1b\xae\x85\x87\x1f", - .klen = 32, - .iv = "\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x02\x00\x00\x00\x00", - .input = "\x14\x5e\x3d\x70\xc0\x6e\x9c\x34" - "\x5b\x5e\xcf\x0f\xe4\x8c\x21\x5c", - .ilen = 16, - .result = "\x30\x31\x32\x33\x34\x35\x36\x37" - "\x38\x39\x41\x42\x43\x44\x45\x46", - .rlen = 16, - }, { - .key = "\x0f\x6a\xef\xf8\xd3\xd2\xbb\x15" - "\x25\x83\xf7\x3c\x1f\x01\x28\x74" - "\xca\xc6\xbc\x35\x4d\x4a\x65\x54" - "\x90\xae\x61\xcf\x7b\xae\xbd\xcc" - "\xad\xe4\x94\xc5\x4a\x29\xae\x70", - .klen = 40, - .iv = "\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x01", - .input = "\x25\x39\xaa\xa5\xf0\x65\xc8\xdc" - "\x5d\x45\x95\x30\x8f\xff\x2f\x1b", - .ilen = 16, - .result = "\x30\x31\x32\x33\x34\x35\x36\x37" - "\x38\x39\x41\x42\x43\x44\x45\x46", - .rlen = 16, - }, { - .key = "\x8a\xd4\xee\x10\x2f\xbd\x81\xff" - "\xf8\x86\xce\xac\x93\xc5\xad\xc6" - "\xa0\x19\x07\xc0\x9d\xf7\xbb\xdd" - "\x52\x13\xb2\xb7\xf0\xff\x11\xd8" - "\xd6\x08\xd0\xcd\x2e\xb1\x17\x6f", - .klen = 40, - .iv = "\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x02\x00\x00\x00\x00", - .input = "\x0c\x20\x20\x63\xd6\x8b\xfc\x8f" - "\xc0\xe2\x17\xbb\xd2\x59\x6f\x26", - .ilen = 16, - .result = "\x30\x31\x32\x33\x34\x35\x36\x37" - "\x38\x39\x41\x42\x43\x44\x45\x46", - .rlen = 16, - }, { - .key = "\xf8\xd4\x76\xff\xd6\x46\xee\x6c" - "\x23\x84\xcb\x1c\x77\xd6\x19\x5d" - "\xfe\xf1\xa9\xf3\x7b\xbc\x8d\x21" - "\xa7\x9c\x21\xf8\xcb\x90\x02\x89" - "\xa8\x45\x34\x8e\xc8\xc5\xb5\xf1" - "\x26\xf5\x0e\x76\xfe\xfd\x1b\x1e", - .klen = 48, - .iv = "\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x01", - .input = "\xc1\x35\x2e\x53\xf0\x96\x4d\x9c" - "\x2e\x18\xe6\x99\xcd\xd3\x15\x68", - .ilen = 16, - .result = "\x30\x31\x32\x33\x34\x35\x36\x37" - "\x38\x39\x41\x42\x43\x44\x45\x46", - .rlen = 16, - }, { - .key = "\xfb\x76\x15\xb2\x3d\x80\x89\x1d" - "\xd4\x70\x98\x0b\xc7\x95\x84\xc8" - "\xb2\xfb\x64\xce\x60\x97\x87\x8d" - "\x17\xfc\xe4\x5a\x49\xe8\x30\xb7" - "\x6e\x78\x17\xe7\x2d\x5e\x12\xd4" - "\x60\x64\x04\x7a\xf1\x2f\x9e\x0c", - .klen = 48, - .iv = "\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x02\x00\x00\x00\x00", - .input = "\x86\x0a\xc6\xa9\x1a\x9f\xe7\xe6" - "\x64\x3b\x33\xd6\xd5\x84\xd6\xdf", - .ilen = 16, - .result = "\x30\x31\x32\x33\x34\x35\x36\x37" - "\x38\x39\x41\x42\x43\x44\x45\x46", - .rlen = 16, - }, { - .key = "\xf8\xd4\x76\xff\xd6\x46\xee\x6c" - "\x23\x84\xcb\x1c\x77\xd6\x19\x5d" - "\xfe\xf1\xa9\xf3\x7b\xbc\x8d\x21" - "\xa7\x9c\x21\xf8\xcb\x90\x02\x89" - "\xa8\x45\x34\x8e\xc8\xc5\xb5\xf1" - "\x26\xf5\x0e\x76\xfe\xfd\x1b\x1e", - .klen = 48, - .iv = "\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x01", - .input = "\xe3\x5a\x38\x0f\x4d\x92\x3a\x74" + .ctext = "\xe3\x5a\x38\x0f\x4d\x92\x3a\x74" "\x15\xb1\x50\x8c\x9a\xd8\x99\x1d" "\x82\xec\xf1\x5f\x03\x6d\x02\x58" "\x90\x67\xfc\xdd\x8d\xe1\x38\x08" @@ -13825,79 +9731,14 @@ static const struct cipher_testvec serpent_lrw_dec_tv_template[] = { "\x1b\x2b\x7f\xc3\x2f\x1a\x78\x0a" "\x5c\xc6\x84\xfe\x7c\xcb\x26\xfd" "\xd9\x51\x0f\xd7\x94\x2f\xc5\xa7", - .ilen = 512, - .result = "\x05\x11\xb7\x18\xab\xc6\x2d\xac" - "\x70\x5d\xf6\x22\x94\xcd\xe5\x6c" - "\x17\x6b\xf6\x1c\xf0\xf3\x6e\xf8" - "\x50\x38\x1f\x71\x49\xb6\x57\xd6" - "\x8f\xcb\x8d\x6b\xe3\xa6\x29\x90" - "\xfe\x2a\x62\x82\xae\x6d\x8b\xf6" - "\xad\x1e\x9e\x20\x5f\x38\xbe\x04" - "\xda\x10\x8e\xed\xa2\xa4\x87\xab" - "\xda\x6b\xb4\x0c\x75\xba\xd3\x7c" - "\xc9\xac\x42\x31\x95\x7c\xc9\x04" - "\xeb\xd5\x6e\x32\x69\x8a\xdb\xa6" - "\x15\xd7\x3f\x4f\x2f\x66\x69\x03" - "\x9c\x1f\x54\x0f\xde\x1f\xf3\x65" - "\x4c\x96\x12\xed\x7c\x92\x03\x01" - "\x6f\xbc\x35\x93\xac\xf1\x27\xf1" - "\xb4\x96\x82\x5a\x5f\xb0\xa0\x50" - "\x89\xa4\x8e\x66\x44\x85\xcc\xfd" - "\x33\x14\x70\xe3\x96\xb2\xc3\xd3" - "\xbb\x54\x5a\x1a\xf9\x74\xa2\xc5" - "\x2d\x64\x75\xdd\xb4\x54\xe6\x74" - "\x8c\xd3\x9d\x9e\x86\xab\x51\x53" - "\xb7\x93\x3e\x6f\xd0\x4e\x2c\x40" - "\xf6\xa8\x2e\x3e\x9d\xf4\x66\xa5" - "\x76\x12\x73\x44\x1a\x56\xd7\x72" - "\x88\xcd\x21\x8c\x4c\x0f\xfe\xda" - "\x95\xe0\x3a\xa6\xa5\x84\x46\xcd" - "\xd5\x3e\x9d\x3a\xe2\x67\xe6\x60" - "\x1a\xe2\x70\x85\x58\xc2\x1b\x09" - "\xe1\xd7\x2c\xca\xad\xa8\x8f\xf9" - "\xac\xb3\x0e\xdb\xca\x2e\xe2\xb8" - "\x51\x71\xd9\x3c\x6c\xf1\x56\xf8" - "\xea\x9c\xf1\xfb\x0c\xe6\xb7\x10" - "\x1c\xf8\xa9\x7c\xe8\x53\x35\xc1" - "\x90\x3e\x76\x4a\x74\xa4\x21\x2c" - "\xf6\x2c\x4e\x0f\x94\x3a\x88\x2e" - "\x41\x09\x6a\x33\x7d\xf6\xdd\x3f" - "\x8d\x23\x31\x74\x84\xeb\x88\x6e" - "\xcc\xb9\xbc\x22\x83\x19\x07\x22" - "\xa5\x2d\xdf\xa5\xf3\x80\x85\x78" - "\x84\x39\x6a\x6d\x6a\x99\x4f\xa5" - "\x15\xfe\x46\xb0\xe4\x6c\xa5\x41" - "\x3c\xce\x8f\x42\x60\x71\xa7\x75" - "\x08\x40\x65\x8a\x82\xbf\xf5\x43" - "\x71\x96\xa9\x4d\x44\x8a\x20\xbe" - "\xfa\x4d\xbb\xc0\x7d\x31\x96\x65" - "\xe7\x75\xe5\x3e\xfd\x92\x3b\xc9" - "\x55\xbb\x16\x7e\xf7\xc2\x8c\xa4" - "\x40\x1d\xe5\xef\x0e\xdf\xe4\x9a" - "\x62\x73\x65\xfd\x46\x63\x25\x3d" - "\x2b\xaf\xe5\x64\xfe\xa5\x5c\xcf" - "\x24\xf3\xb4\xac\x64\xba\xdf\x4b" - "\xc6\x96\x7d\x81\x2d\x8d\x97\xf7" - "\xc5\x68\x77\x84\x32\x2b\xcc\x85" - "\x74\x96\xf0\x12\x77\x61\xb9\xeb" - "\x71\xaa\x82\xcb\x1c\xdb\x89\xc8" - "\xc6\xb5\xe3\x5c\x7d\x39\x07\x24" - "\xda\x39\x87\x45\xc0\x2b\xbb\x01" - "\xac\xbc\x2a\x5c\x7f\xfc\xe8\xce" - "\x6d\x9c\x6f\xed\xd3\xc1\xa1\xd6" - "\xc5\x55\xa9\x66\x2f\xe1\xc8\x32" - "\xa6\x5d\xa4\x3a\x98\x73\xe8\x45" - "\xa4\xc7\xa8\xb4\xf6\x13\x03\xf6" - "\xe9\x2e\xc4\x29\x0f\x84\xdb\xc4" - "\x21\xc4\xc2\x75\x67\x89\x37\x0a", - .rlen = 512, + .len = 512, .also_non_np = 1, .np = 3, .tap = { 512 - 20, 4, 16 }, }, }; -static const struct cipher_testvec serpent_xts_enc_tv_template[] = { +static const struct cipher_testvec serpent_xts_tv_template[] = { /* Generated from AES-XTS test vectors */ { .key = "\x00\x00\x00\x00\x00\x00\x00\x00" @@ -13907,16 +9748,15 @@ static const struct cipher_testvec serpent_xts_enc_tv_template[] = { .klen = 32, .iv = "\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00", - .input = "\x00\x00\x00\x00\x00\x00\x00\x00" + .ptext = "\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00", - .ilen = 32, - .result = "\xe1\x08\xb8\x1d\x2c\xf5\x33\x64" + .ctext = "\xe1\x08\xb8\x1d\x2c\xf5\x33\x64" "\xc8\x12\x04\xc7\xb3\x70\xe8\xc4" "\x6a\x31\xc5\xf3\x00\xca\xb9\x16" "\xde\xe2\x77\x66\xf7\xfe\x62\x08", - .rlen = 32, + .len = 32, }, { .key = "\x11\x11\x11\x11\x11\x11\x11\x11" "\x11\x11\x11\x11\x11\x11\x11\x11" @@ -13925,16 +9765,15 @@ static const struct cipher_testvec serpent_xts_enc_tv_template[] = { .klen = 32, .iv = "\x33\x33\x33\x33\x33\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00", - .input = "\x44\x44\x44\x44\x44\x44\x44\x44" + .ptext = "\x44\x44\x44\x44\x44\x44\x44\x44" "\x44\x44\x44\x44\x44\x44\x44\x44" "\x44\x44\x44\x44\x44\x44\x44\x44" "\x44\x44\x44\x44\x44\x44\x44\x44", - .ilen = 32, - .result = "\x1a\x0a\x09\x5f\xcd\x07\x07\x98" + .ctext = "\x1a\x0a\x09\x5f\xcd\x07\x07\x98" "\x41\x86\x12\xaf\xb3\xd7\x68\x13" "\xed\x81\xcd\x06\x87\x43\x1a\xbb" "\x13\x3d\xd6\x1e\x2b\xe1\x77\xbe", - .rlen = 32, + .len = 32, }, { .key = "\xff\xfe\xfd\xfc\xfb\xfa\xf9\xf8" "\xf7\xf6\xf5\xf4\xf3\xf2\xf1\xf0" @@ -13943,16 +9782,15 @@ static const struct cipher_testvec serpent_xts_enc_tv_template[] = { .klen = 32, .iv = "\x33\x33\x33\x33\x33\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00", - .input = "\x44\x44\x44\x44\x44\x44\x44\x44" + .ptext = "\x44\x44\x44\x44\x44\x44\x44\x44" "\x44\x44\x44\x44\x44\x44\x44\x44" "\x44\x44\x44\x44\x44\x44\x44\x44" "\x44\x44\x44\x44\x44\x44\x44\x44", - .ilen = 32, - .result = "\xf9\x9b\x28\xb8\x5c\xaf\x8c\x61" + .ctext = "\xf9\x9b\x28\xb8\x5c\xaf\x8c\x61" "\xb6\x1c\x81\x8f\x2c\x87\x60\x89" "\x0d\x8d\x7a\xe8\x60\x48\xcc\x86" "\xc1\x68\x45\xaa\x00\xe9\x24\xc5", - .rlen = 32, + .len = 32, }, { .key = "\x27\x18\x28\x18\x28\x45\x90\x45" "\x23\x53\x60\x28\x74\x71\x35\x26" @@ -13961,7 +9799,7 @@ static const struct cipher_testvec serpent_xts_enc_tv_template[] = { .klen = 32, .iv = "\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00", - .input = "\x00\x01\x02\x03\x04\x05\x06\x07" + .ptext = "\x00\x01\x02\x03\x04\x05\x06\x07" "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f" "\x10\x11\x12\x13\x14\x15\x16\x17" "\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f" @@ -14025,8 +9863,7 @@ static const struct cipher_testvec serpent_xts_enc_tv_template[] = { "\xe8\xe9\xea\xeb\xec\xed\xee\xef" "\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7" "\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff", - .ilen = 512, - .result = "\xfe\x47\x4a\xc8\x60\x7e\xb4\x8b" + .ctext = "\xfe\x47\x4a\xc8\x60\x7e\xb4\x8b" "\x0d\x10\xf4\xb0\x0d\xba\xf8\x53" "\x65\x6e\x38\x4b\xdb\xaa\xb1\x9e" "\x28\xca\xb0\x22\xb3\x85\x75\xf4" @@ -14090,7 +9927,7 @@ static const struct cipher_testvec serpent_xts_enc_tv_template[] = { "\xef\x91\x64\x1d\x18\x07\x4e\x31" "\x88\x21\x7c\xb0\xa5\x12\x4c\x3c" "\xb0\x20\xbd\xda\xdf\xf9\x7c\xdd", - .rlen = 512, + .len = 512, }, { .key = "\x27\x18\x28\x18\x28\x45\x90\x45" "\x23\x53\x60\x28\x74\x71\x35\x26" @@ -14103,7 +9940,7 @@ static const struct cipher_testvec serpent_xts_enc_tv_template[] = { .klen = 64, .iv = "\xff\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00", - .input = "\x00\x01\x02\x03\x04\x05\x06\x07" + .ptext = "\x00\x01\x02\x03\x04\x05\x06\x07" "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f" "\x10\x11\x12\x13\x14\x15\x16\x17" "\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f" @@ -14167,8 +10004,7 @@ static const struct cipher_testvec serpent_xts_enc_tv_template[] = { "\xe8\xe9\xea\xeb\xec\xed\xee\xef" "\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7" "\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff", - .ilen = 512, - .result = "\x2b\xc9\xb4\x6b\x10\x94\xa9\x32" + .ctext = "\x2b\xc9\xb4\x6b\x10\x94\xa9\x32" "\xaa\xb0\x20\xc6\x44\x3d\x74\x1f" "\x75\x01\xa7\xf6\xf5\xf7\x62\x1b" "\x80\x1b\x82\xcb\x01\x59\x91\x7f" @@ -14232,350 +10068,7 @@ static const struct cipher_testvec serpent_xts_enc_tv_template[] = { "\x30\x05\xc8\x92\x98\x80\xff\x7a" "\xaf\x43\x0b\xc5\x20\x41\x92\x20" "\xd4\xa0\x91\x98\x11\x5f\x4d\xb1", - .rlen = 512, - .also_non_np = 1, - .np = 3, - .tap = { 512 - 20, 4, 16 }, - }, -}; - -static const struct cipher_testvec serpent_xts_dec_tv_template[] = { - /* Generated from AES-XTS test vectors */ - /* same as enc vectors with input and result reversed */ - { - .key = "\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00", - .klen = 32, - .iv = "\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00", - .input = "\xe1\x08\xb8\x1d\x2c\xf5\x33\x64" - "\xc8\x12\x04\xc7\xb3\x70\xe8\xc4" - "\x6a\x31\xc5\xf3\x00\xca\xb9\x16" - "\xde\xe2\x77\x66\xf7\xfe\x62\x08", - .ilen = 32, - .result = "\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00", - .rlen = 32, - }, { - .key = "\x11\x11\x11\x11\x11\x11\x11\x11" - "\x11\x11\x11\x11\x11\x11\x11\x11" - "\x22\x22\x22\x22\x22\x22\x22\x22" - "\x22\x22\x22\x22\x22\x22\x22\x22", - .klen = 32, - .iv = "\x33\x33\x33\x33\x33\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00", - .input = "\x1a\x0a\x09\x5f\xcd\x07\x07\x98" - "\x41\x86\x12\xaf\xb3\xd7\x68\x13" - "\xed\x81\xcd\x06\x87\x43\x1a\xbb" - "\x13\x3d\xd6\x1e\x2b\xe1\x77\xbe", - .ilen = 32, - .result = "\x44\x44\x44\x44\x44\x44\x44\x44" - "\x44\x44\x44\x44\x44\x44\x44\x44" - "\x44\x44\x44\x44\x44\x44\x44\x44" - "\x44\x44\x44\x44\x44\x44\x44\x44", - .rlen = 32, - }, { - .key = "\xff\xfe\xfd\xfc\xfb\xfa\xf9\xf8" - "\xf7\xf6\xf5\xf4\xf3\xf2\xf1\xf0" - "\x22\x22\x22\x22\x22\x22\x22\x22" - "\x22\x22\x22\x22\x22\x22\x22\x22", - .klen = 32, - .iv = "\x33\x33\x33\x33\x33\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00", - .input = "\xf9\x9b\x28\xb8\x5c\xaf\x8c\x61" - "\xb6\x1c\x81\x8f\x2c\x87\x60\x89" - "\x0d\x8d\x7a\xe8\x60\x48\xcc\x86" - "\xc1\x68\x45\xaa\x00\xe9\x24\xc5", - .ilen = 32, - .result = "\x44\x44\x44\x44\x44\x44\x44\x44" - "\x44\x44\x44\x44\x44\x44\x44\x44" - "\x44\x44\x44\x44\x44\x44\x44\x44" - "\x44\x44\x44\x44\x44\x44\x44\x44", - .rlen = 32, - }, { - .key = "\x27\x18\x28\x18\x28\x45\x90\x45" - "\x23\x53\x60\x28\x74\x71\x35\x26" - "\x31\x41\x59\x26\x53\x58\x97\x93" - "\x23\x84\x62\x64\x33\x83\x27\x95", - .klen = 32, - .iv = "\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00", - .input = "\xfe\x47\x4a\xc8\x60\x7e\xb4\x8b" - "\x0d\x10\xf4\xb0\x0d\xba\xf8\x53" - "\x65\x6e\x38\x4b\xdb\xaa\xb1\x9e" - "\x28\xca\xb0\x22\xb3\x85\x75\xf4" - "\x00\x5c\x75\x14\x06\xd6\x25\x82" - "\xe6\xcb\x08\xf7\x29\x90\x23\x8e" - "\xa4\x68\x57\xe4\xf0\xd8\x32\xf3" - "\x80\x51\x67\xb5\x0b\x85\x69\xe8" - "\x19\xfe\xc4\xc7\x3e\xea\x90\xd3" - "\x8f\xa3\xf2\x0a\xac\x17\x4b\xa0" - "\x63\x5a\x16\x0f\xf0\xce\x66\x1f" - "\x2c\x21\x07\xf1\xa4\x03\xa3\x44" - "\x41\x61\x87\x5d\x6b\xb3\xef\xd4" - "\xfc\xaa\x32\x7e\x55\x58\x04\x41" - "\xc9\x07\x33\xc6\xa2\x68\xd6\x5a" - "\x55\x79\x4b\x6f\xcf\x89\xb9\x19" - "\xe5\x54\x13\x15\xb2\x1a\xfa\x15" - "\xc2\xf0\x06\x59\xfa\xa0\x25\x05" - "\x58\xfa\x43\x91\x16\x85\x40\xbb" - "\x0d\x34\x4d\xc5\x1e\x20\xd5\x08" - "\xcd\x22\x22\x41\x11\x9f\x6c\x7c" - "\x8d\x57\xc9\xba\x57\xe8\x2c\xf7" - "\xa0\x42\xa8\xde\xfc\xa3\xca\x98" - "\x4b\x43\xb1\xce\x4b\xbf\x01\x67" - "\x6e\x29\x60\xbd\x10\x14\x84\x82" - "\x83\x82\x0c\x63\x73\x92\x02\x7c" - "\x55\x37\x20\x80\x17\x51\xc8\xbc" - "\x46\x02\xcb\x38\x07\x6d\xe2\x85" - "\xaa\x29\xaf\x24\x58\x0d\xf0\x75" - "\x08\x0a\xa5\x34\x25\x16\xf3\x74" - "\xa7\x0b\x97\xbe\xc1\xa9\xdc\x29" - "\x1a\x0a\x56\xc1\x1a\x91\x97\x8c" - "\x0b\xc7\x16\xed\x5a\x22\xa6\x2e" - "\x8c\x2b\x4f\x54\x76\x47\x53\x8e" - "\xe8\x00\xec\x92\xb9\x55\xe6\xa2" - "\xf3\xe2\x4f\x6a\x66\x60\xd0\x87" - "\xe6\xd1\xcc\xe3\x6a\xc5\x2d\x21" - "\xcc\x9d\x6a\xb6\x75\xaa\xe2\x19" - "\x21\x9f\xa1\x5e\x4c\xfd\x72\xf9" - "\x94\x4e\x63\xc7\xae\xfc\xed\x47" - "\xe2\xfe\x7a\x63\x77\xfe\x97\x82" - "\xb1\x10\x6e\x36\x1d\xe1\xc4\x80" - "\xec\x69\x41\xec\xa7\x8a\xe0\x2f" - "\xe3\x49\x26\xa2\x41\xb2\x08\x0f" - "\x28\xb4\xa7\x39\xa1\x99\x2d\x1e" - "\x43\x42\x35\xd0\xcf\xec\x77\x67" - "\xb2\x3b\x9e\x1c\x35\xde\x4f\x5e" - "\x73\x3f\x5d\x6f\x07\x4b\x2e\x50" - "\xab\x6c\x6b\xff\xea\x00\x67\xaa" - "\x0e\x82\x32\xdd\x3d\xb5\xe5\x76" - "\x2b\x77\x3f\xbe\x12\x75\xfb\x92" - "\xc6\x89\x67\x4d\xca\xf7\xd4\x50" - "\xc0\x74\x47\xcc\xd9\x0a\xd4\xc6" - "\x3b\x17\x2e\xe3\x35\xbb\x53\xb5" - "\x86\xad\x51\xcc\xd5\x96\xb8\xdc" - "\x03\x57\xe6\x98\x52\x2f\x61\x62" - "\xc4\x5c\x9c\x36\x71\x07\xfb\x94" - "\xe3\x02\xc4\x2b\x08\x75\xc7\x35" - "\xfb\x2e\x88\x7b\xbb\x67\x00\xe1" - "\xc9\xdd\x99\xb2\x13\x53\x1a\x4e" - "\x76\x87\x19\x04\x1a\x2f\x38\x3e" - "\xef\x91\x64\x1d\x18\x07\x4e\x31" - "\x88\x21\x7c\xb0\xa5\x12\x4c\x3c" - "\xb0\x20\xbd\xda\xdf\xf9\x7c\xdd", - .ilen = 512, - .result = "\x00\x01\x02\x03\x04\x05\x06\x07" - "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f" - "\x10\x11\x12\x13\x14\x15\x16\x17" - "\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f" - "\x20\x21\x22\x23\x24\x25\x26\x27" - "\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f" - "\x30\x31\x32\x33\x34\x35\x36\x37" - "\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f" - "\x40\x41\x42\x43\x44\x45\x46\x47" - "\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f" - "\x50\x51\x52\x53\x54\x55\x56\x57" - "\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f" - "\x60\x61\x62\x63\x64\x65\x66\x67" - "\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f" - "\x70\x71\x72\x73\x74\x75\x76\x77" - "\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f" - "\x80\x81\x82\x83\x84\x85\x86\x87" - "\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f" - "\x90\x91\x92\x93\x94\x95\x96\x97" - "\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f" - "\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7" - "\xa8\xa9\xaa\xab\xac\xad\xae\xaf" - "\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7" - "\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf" - "\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7" - "\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf" - "\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7" - "\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf" - "\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7" - "\xe8\xe9\xea\xeb\xec\xed\xee\xef" - "\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7" - "\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff" - "\x00\x01\x02\x03\x04\x05\x06\x07" - "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f" - "\x10\x11\x12\x13\x14\x15\x16\x17" - "\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f" - "\x20\x21\x22\x23\x24\x25\x26\x27" - "\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f" - "\x30\x31\x32\x33\x34\x35\x36\x37" - "\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f" - "\x40\x41\x42\x43\x44\x45\x46\x47" - "\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f" - "\x50\x51\x52\x53\x54\x55\x56\x57" - "\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f" - "\x60\x61\x62\x63\x64\x65\x66\x67" - "\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f" - "\x70\x71\x72\x73\x74\x75\x76\x77" - "\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f" - "\x80\x81\x82\x83\x84\x85\x86\x87" - "\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f" - "\x90\x91\x92\x93\x94\x95\x96\x97" - "\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f" - "\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7" - "\xa8\xa9\xaa\xab\xac\xad\xae\xaf" - "\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7" - "\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf" - "\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7" - "\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf" - "\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7" - "\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf" - "\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7" - "\xe8\xe9\xea\xeb\xec\xed\xee\xef" - "\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7" - "\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff", - .rlen = 512, - }, { - .key = "\x27\x18\x28\x18\x28\x45\x90\x45" - "\x23\x53\x60\x28\x74\x71\x35\x26" - "\x62\x49\x77\x57\x24\x70\x93\x69" - "\x99\x59\x57\x49\x66\x96\x76\x27" - "\x31\x41\x59\x26\x53\x58\x97\x93" - "\x23\x84\x62\x64\x33\x83\x27\x95" - "\x02\x88\x41\x97\x16\x93\x99\x37" - "\x51\x05\x82\x09\x74\x94\x45\x92", - .klen = 64, - .iv = "\xff\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00", - .input = "\x2b\xc9\xb4\x6b\x10\x94\xa9\x32" - "\xaa\xb0\x20\xc6\x44\x3d\x74\x1f" - "\x75\x01\xa7\xf6\xf5\xf7\x62\x1b" - "\x80\x1b\x82\xcb\x01\x59\x91\x7f" - "\x80\x3a\x98\xf0\xd2\xca\xc4\xc3" - "\x34\xfd\xe6\x11\xf9\x33\x45\x12" - "\x48\xc5\x8c\x25\xf1\xc5\xc5\x23" - "\xd3\x44\xb4\x73\xd5\x04\xc0\xb7" - "\xca\x2f\xf5\xcd\xc5\xb4\xdd\xb0" - "\xf4\x60\xe8\xfb\xc6\x9c\xc5\x78" - "\xcd\xec\x7d\xdc\x19\x9c\x72\x64" - "\x63\x0b\x38\x2e\x76\xdd\x2d\x36" - "\x49\xb0\x1d\xea\x78\x9e\x00\xca" - "\x20\xcc\x1b\x1e\x98\x74\xab\xed" - "\x79\xf7\xd0\x6c\xd8\x93\x80\x29" - "\xac\xa5\x5e\x34\xa9\xab\xa0\x55" - "\x9a\xea\xaa\x95\x4d\x7b\xfe\x46" - "\x26\x8a\xfd\x88\xa2\xa8\xa6\xae" - "\x25\x42\x17\xbf\x76\x8f\x1c\x3d" - "\xec\x9a\xda\x64\x96\xb5\x61\xff" - "\x99\xeb\x12\x96\x85\x82\x9d\xd5" - "\x81\x85\x14\xa8\x59\xac\x8c\x94" - "\xbb\x3b\x85\x2b\xdf\xb3\x0c\xba" - "\x82\xc6\x4d\xca\x86\xea\x53\x28" - "\x4c\xe0\x4e\x31\xe3\x73\x2f\x79" - "\x9d\x42\xe1\x03\xe3\x8b\xc4\xff" - "\x05\xca\x81\x7b\xda\xa2\xde\x63" - "\x3a\x10\xbe\xc2\xac\x32\xc4\x05" - "\x47\x7e\xef\x67\xe2\x5f\x5b\xae" - "\xed\xf1\x70\x34\x16\x9a\x07\x7b" - "\xf2\x25\x2b\xb0\xf8\x3c\x15\x9a" - "\xa6\x59\x55\x5f\xc1\xf4\x1e\xcd" - "\x93\x1f\x06\xba\xd4\x9a\x22\x69" - "\xfa\x8e\x95\x0d\xf3\x23\x59\x2c" - "\xfe\x00\xba\xf0\x0e\xbc\x6d\xd6" - "\x62\xf0\x7a\x0e\x83\x3e\xdb\x32" - "\xfd\x43\x7d\xda\x42\x51\x87\x43" - "\x9d\xf9\xef\xf4\x30\x97\xf8\x09" - "\x88\xfc\x3f\x93\x70\xc1\x4a\xec" - "\x27\x5f\x11\xac\x71\xc7\x48\x46" - "\x2f\xf9\xdf\x8d\x9f\xf7\x2e\x56" - "\x0d\x4e\xb0\x32\x76\xce\x86\x81" - "\xcd\xdf\xe4\x00\xbf\xfd\x5f\x24" - "\xaf\xf7\x9a\xde\xff\x18\xac\x14" - "\x90\xc5\x01\x39\x34\x0f\x24\xf3" - "\x13\x2f\x5e\x4f\x30\x9a\x36\x40" - "\xec\xea\xbc\xcd\x9e\x0e\x5b\x23" - "\x50\x88\x97\x40\x69\xb1\x37\xf5" - "\xc3\x15\xf9\x3f\xb7\x79\x64\xe8" - "\x7b\x10\x20\xb9\x2b\x46\x83\x5b" - "\xd8\x39\xfc\xe4\xfa\x88\x52\xf2" - "\x72\xb0\x97\x4e\x89\xb3\x48\x00" - "\xc1\x16\x73\x50\x77\xba\xa6\x65" - "\x20\x2d\xb0\x02\x27\x89\xda\x99" - "\x45\xfb\xe9\xd3\x1d\x39\x2f\xd6" - "\x2a\xda\x09\x12\x11\xaf\xe6\x57" - "\x01\x04\x8a\xff\x86\x8b\xac\xf8" - "\xee\xe4\x1c\x98\x5b\xcf\x6b\x76" - "\xa3\x0e\x33\x74\x40\x18\x39\x72" - "\x66\x50\x31\xfd\x70\xdf\xe8\x51" - "\x96\x21\x36\xb2\x9b\xfa\x85\xd1" - "\x30\x05\xc8\x92\x98\x80\xff\x7a" - "\xaf\x43\x0b\xc5\x20\x41\x92\x20" - "\xd4\xa0\x91\x98\x11\x5f\x4d\xb1", - .ilen = 512, - .result = "\x00\x01\x02\x03\x04\x05\x06\x07" - "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f" - "\x10\x11\x12\x13\x14\x15\x16\x17" - "\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f" - "\x20\x21\x22\x23\x24\x25\x26\x27" - "\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f" - "\x30\x31\x32\x33\x34\x35\x36\x37" - "\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f" - "\x40\x41\x42\x43\x44\x45\x46\x47" - "\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f" - "\x50\x51\x52\x53\x54\x55\x56\x57" - "\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f" - "\x60\x61\x62\x63\x64\x65\x66\x67" - "\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f" - "\x70\x71\x72\x73\x74\x75\x76\x77" - "\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f" - "\x80\x81\x82\x83\x84\x85\x86\x87" - "\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f" - "\x90\x91\x92\x93\x94\x95\x96\x97" - "\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f" - "\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7" - "\xa8\xa9\xaa\xab\xac\xad\xae\xaf" - "\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7" - "\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf" - "\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7" - "\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf" - "\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7" - "\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf" - "\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7" - "\xe8\xe9\xea\xeb\xec\xed\xee\xef" - "\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7" - "\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff" - "\x00\x01\x02\x03\x04\x05\x06\x07" - "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f" - "\x10\x11\x12\x13\x14\x15\x16\x17" - "\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f" - "\x20\x21\x22\x23\x24\x25\x26\x27" - "\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f" - "\x30\x31\x32\x33\x34\x35\x36\x37" - "\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f" - "\x40\x41\x42\x43\x44\x45\x46\x47" - "\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f" - "\x50\x51\x52\x53\x54\x55\x56\x57" - "\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f" - "\x60\x61\x62\x63\x64\x65\x66\x67" - "\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f" - "\x70\x71\x72\x73\x74\x75\x76\x77" - "\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f" - "\x80\x81\x82\x83\x84\x85\x86\x87" - "\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f" - "\x90\x91\x92\x93\x94\x95\x96\x97" - "\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f" - "\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7" - "\xa8\xa9\xaa\xab\xac\xad\xae\xaf" - "\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7" - "\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf" - "\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7" - "\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf" - "\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7" - "\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf" - "\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7" - "\xe8\xe9\xea\xeb\xec\xed\xee\xef" - "\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7" - "\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff", - .rlen = 512, + .len = 512, .also_non_np = 1, .np = 3, .tap = { 512 - 20, 4, 16 }, @@ -14587,17 +10080,16 @@ static const struct cipher_testvec serpent_xts_dec_tv_template[] = { * https://tools.ietf.org/html/draft-crypto-sm4-00#ref-GBT.32907-2016 */ -static const struct cipher_testvec sm4_enc_tv_template[] = { +static const struct cipher_testvec sm4_tv_template[] = { { /* SM4 Appendix A: Example Calculations. Example 1. */ .key = "\x01\x23\x45\x67\x89\xAB\xCD\xEF" "\xFE\xDC\xBA\x98\x76\x54\x32\x10", .klen = 16, - .input = "\x01\x23\x45\x67\x89\xAB\xCD\xEF" + .ptext = "\x01\x23\x45\x67\x89\xAB\xCD\xEF" "\xFE\xDC\xBA\x98\x76\x54\x32\x10", - .ilen = 16, - .result = "\x68\x1E\xDF\x34\xD2\x06\x96\x5E" + .ctext = "\x68\x1E\xDF\x34\xD2\x06\x96\x5E" "\x86\xB3\xE9\x4F\x53\x6E\x42\x46", - .rlen = 16, + .len = 16, }, { /* * SM4 Appendix A: Example Calculations. * Last 10 iterations of Example 2. @@ -14605,7 +10097,7 @@ static const struct cipher_testvec sm4_enc_tv_template[] = { .key = "\x01\x23\x45\x67\x89\xAB\xCD\xEF" "\xFE\xDC\xBA\x98\x76\x54\x32\x10", .klen = 16, - .input = "\x99\x4a\xc3\xe7\xc3\x57\x89\x6a" + .ptext = "\x99\x4a\xc3\xe7\xc3\x57\x89\x6a" "\x81\xfc\xa8\xe\x38\x3e\xef\x80" "\xb1\x98\xf2\xde\x3f\x4b\xae\xd1" "\xf0\xf1\x30\x4c\x1\x27\x5a\x8f" @@ -14625,50 +10117,7 @@ static const struct cipher_testvec sm4_enc_tv_template[] = { "\xed\xce\x0\x19\xe\x16\x2\x6e" "\x87\xff\x2c\xac\xe8\xe7\xe9\xbf" "\x31\x51\xec\x47\xc3\x51\x83\xc1", - .ilen = 160, - .result = "\xb1\x98\xf2\xde\x3f\x4b\xae\xd1" - "\xf0\xf1\x30\x4c\x1\x27\x5a\x8f" - "\x45\xe1\x39\xb7\xae\xff\x1f\x27" - "\xad\x57\x15\xab\x31\x5d\xc\xef" - "\x8c\xc8\x80\xbd\x11\x98\xf3\x7b" - "\xa2\xdd\x14\x20\xf9\xe8\xbb\x82" - "\xf7\x32\xca\x4b\xa8\xf7\xb3\x4d" - "\x27\xd1\xcd\xe6\xb6\x65\x5a\x23" - "\xc2\xf3\x54\x84\x53\xe3\xb9\x20" - "\xa5\x37\x0\xbe\xe7\x7b\x48\xfb" - "\x21\x3d\x9e\x48\x1d\x9e\xf5\xbf" - "\x77\xd5\xb4\x4a\x53\x71\x94\x7a" - "\x88\xa6\x6e\x6\x93\xca\x43\xa5" - "\xc4\xf6\xcd\x53\x4b\x7b\x8e\xfe" - "\xb4\x28\x7c\x42\x29\x32\x5d\x88" - "\xed\xce\x0\x19\xe\x16\x2\x6e" - "\x87\xff\x2c\xac\xe8\xe7\xe9\xbf" - "\x31\x51\xec\x47\xc3\x51\x83\xc1" - "\x59\x52\x98\xc7\xc6\xfd\x27\x1f" - "\x4\x2\xf8\x4\xc3\x3d\x3f\x66", - .rlen = 160 - } -}; - -static const struct cipher_testvec sm4_dec_tv_template[] = { - { /* SM4 Appendix A: Example Calculations. Example 1. */ - .key = "\x01\x23\x45\x67\x89\xAB\xCD\xEF" - "\xFE\xDC\xBA\x98\x76\x54\x32\x10", - .klen = 16, - .input = "\x68\x1E\xDF\x34\xD2\x06\x96\x5E" - "\x86\xB3\xE9\x4F\x53\x6E\x42\x46", - .ilen = 16, - .result = "\x01\x23\x45\x67\x89\xAB\xCD\xEF" - "\xFE\xDC\xBA\x98\x76\x54\x32\x10", - .rlen = 16, - }, { /* - * SM4 Appendix A: Example Calculations. - * Last 10 iterations of Example 2. - */ - .key = "\x01\x23\x45\x67\x89\xAB\xCD\xEF" - "\xFE\xDC\xBA\x98\x76\x54\x32\x10", - .klen = 16, - .input = "\xb1\x98\xf2\xde\x3f\x4b\xae\xd1" + .ctext = "\xb1\x98\xf2\xde\x3f\x4b\xae\xd1" "\xf0\xf1\x30\x4c\x1\x27\x5a\x8f" "\x45\xe1\x39\xb7\xae\xff\x1f\x27" "\xad\x57\x15\xab\x31\x5d\xc\xef" @@ -14688,28 +10137,7 @@ static const struct cipher_testvec sm4_dec_tv_template[] = { "\x31\x51\xec\x47\xc3\x51\x83\xc1" "\x59\x52\x98\xc7\xc6\xfd\x27\x1f" "\x4\x2\xf8\x4\xc3\x3d\x3f\x66", - .ilen = 160, - .result = "\x99\x4a\xc3\xe7\xc3\x57\x89\x6a" - "\x81\xfc\xa8\xe\x38\x3e\xef\x80" - "\xb1\x98\xf2\xde\x3f\x4b\xae\xd1" - "\xf0\xf1\x30\x4c\x1\x27\x5a\x8f" - "\x45\xe1\x39\xb7\xae\xff\x1f\x27" - "\xad\x57\x15\xab\x31\x5d\xc\xef" - "\x8c\xc8\x80\xbd\x11\x98\xf3\x7b" - "\xa2\xdd\x14\x20\xf9\xe8\xbb\x82" - "\xf7\x32\xca\x4b\xa8\xf7\xb3\x4d" - "\x27\xd1\xcd\xe6\xb6\x65\x5a\x23" - "\xc2\xf3\x54\x84\x53\xe3\xb9\x20" - "\xa5\x37\x0\xbe\xe7\x7b\x48\xfb" - "\x21\x3d\x9e\x48\x1d\x9e\xf5\xbf" - "\x77\xd5\xb4\x4a\x53\x71\x94\x7a" - "\x88\xa6\x6e\x6\x93\xca\x43\xa5" - "\xc4\xf6\xcd\x53\x4b\x7b\x8e\xfe" - "\xb4\x28\x7c\x42\x29\x32\x5d\x88" - "\xed\xce\x0\x19\xe\x16\x2\x6e" - "\x87\xff\x2c\xac\xe8\xe7\xe9\xbf" - "\x31\x51\xec\x47\xc3\x51\x83\xc1", - .rlen = 160 + .len = 160 } }; @@ -14727,86 +10155,45 @@ static const struct cipher_testvec sm4_dec_tv_template[] = { * the lowest memory address. */ -static const struct cipher_testvec speck128_enc_tv_template[] = { +static const struct cipher_testvec speck128_tv_template[] = { { /* Speck128/128 */ .key = "\x00\x01\x02\x03\x04\x05\x06\x07" "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f", .klen = 16, - .input = "\x20\x6d\x61\x64\x65\x20\x69\x74" + .ptext = "\x20\x6d\x61\x64\x65\x20\x69\x74" "\x20\x65\x71\x75\x69\x76\x61\x6c", - .ilen = 16, - .result = "\x18\x0d\x57\x5c\xdf\xfe\x60\x78" + .ctext = "\x18\x0d\x57\x5c\xdf\xfe\x60\x78" "\x65\x32\x78\x79\x51\x98\x5d\xa6", - .rlen = 16, + .len = 16, }, { /* Speck128/192 */ .key = "\x00\x01\x02\x03\x04\x05\x06\x07" "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f" "\x10\x11\x12\x13\x14\x15\x16\x17", .klen = 24, - .input = "\x65\x6e\x74\x20\x74\x6f\x20\x43" + .ptext = "\x65\x6e\x74\x20\x74\x6f\x20\x43" "\x68\x69\x65\x66\x20\x48\x61\x72", - .ilen = 16, - .result = "\x86\x18\x3c\xe0\x5d\x18\xbc\xf9" + .ctext = "\x86\x18\x3c\xe0\x5d\x18\xbc\xf9" "\x66\x55\x13\x13\x3a\xcf\xe4\x1b", - .rlen = 16, + .len = 16, }, { /* Speck128/256 */ .key = "\x00\x01\x02\x03\x04\x05\x06\x07" "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f" "\x10\x11\x12\x13\x14\x15\x16\x17" "\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f", .klen = 32, - .input = "\x70\x6f\x6f\x6e\x65\x72\x2e\x20" + .ptext = "\x70\x6f\x6f\x6e\x65\x72\x2e\x20" "\x49\x6e\x20\x74\x68\x6f\x73\x65", - .ilen = 16, - .result = "\x43\x8f\x18\x9c\x8d\xb4\xee\x4e" - "\x3e\xf5\xc0\x05\x04\x01\x09\x41", - .rlen = 16, - }, -}; - -static const struct cipher_testvec speck128_dec_tv_template[] = { - { /* Speck128/128 */ - .key = "\x00\x01\x02\x03\x04\x05\x06\x07" - "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f", - .klen = 16, - .input = "\x18\x0d\x57\x5c\xdf\xfe\x60\x78" - "\x65\x32\x78\x79\x51\x98\x5d\xa6", - .ilen = 16, - .result = "\x20\x6d\x61\x64\x65\x20\x69\x74" - "\x20\x65\x71\x75\x69\x76\x61\x6c", - .rlen = 16, - }, { /* Speck128/192 */ - .key = "\x00\x01\x02\x03\x04\x05\x06\x07" - "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f" - "\x10\x11\x12\x13\x14\x15\x16\x17", - .klen = 24, - .input = "\x86\x18\x3c\xe0\x5d\x18\xbc\xf9" - "\x66\x55\x13\x13\x3a\xcf\xe4\x1b", - .ilen = 16, - .result = "\x65\x6e\x74\x20\x74\x6f\x20\x43" - "\x68\x69\x65\x66\x20\x48\x61\x72", - .rlen = 16, - }, { /* Speck128/256 */ - .key = "\x00\x01\x02\x03\x04\x05\x06\x07" - "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f" - "\x10\x11\x12\x13\x14\x15\x16\x17" - "\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f", - .klen = 32, - .input = "\x43\x8f\x18\x9c\x8d\xb4\xee\x4e" + .ctext = "\x43\x8f\x18\x9c\x8d\xb4\xee\x4e" "\x3e\xf5\xc0\x05\x04\x01\x09\x41", - .ilen = 16, - .result = "\x70\x6f\x6f\x6e\x65\x72\x2e\x20" - "\x49\x6e\x20\x74\x68\x6f\x73\x65", - .rlen = 16, + .len = 16, }, }; /* * Speck128-XTS test vectors, taken from the AES-XTS test vectors with the - * result recomputed with Speck128 as the cipher + * ciphertext recomputed with Speck128 as the cipher */ - -static const struct cipher_testvec speck128_xts_enc_tv_template[] = { +static const struct cipher_testvec speck128_xts_tv_template[] = { { .key = "\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00" @@ -14815,16 +10202,15 @@ static const struct cipher_testvec speck128_xts_enc_tv_template[] = { .klen = 32, .iv = "\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00", - .input = "\x00\x00\x00\x00\x00\x00\x00\x00" + .ptext = "\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00", - .ilen = 32, - .result = "\xbe\xa0\xe7\x03\xd7\xfe\xab\x62" + .ctext = "\xbe\xa0\xe7\x03\xd7\xfe\xab\x62" "\x3b\x99\x4a\x64\x74\x77\xac\xed" "\xd8\xf4\xa6\xcf\xae\xb9\x07\x42" "\x51\xd9\xb6\x1d\xe0\x5e\xbc\x54", - .rlen = 32, + .len = 32, }, { .key = "\x11\x11\x11\x11\x11\x11\x11\x11" "\x11\x11\x11\x11\x11\x11\x11\x11" @@ -14833,16 +10219,15 @@ static const struct cipher_testvec speck128_xts_enc_tv_template[] = { .klen = 32, .iv = "\x33\x33\x33\x33\x33\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00", - .input = "\x44\x44\x44\x44\x44\x44\x44\x44" + .ptext = "\x44\x44\x44\x44\x44\x44\x44\x44" "\x44\x44\x44\x44\x44\x44\x44\x44" "\x44\x44\x44\x44\x44\x44\x44\x44" "\x44\x44\x44\x44\x44\x44\x44\x44", - .ilen = 32, - .result = "\xfb\x53\x81\x75\x6f\x9f\x34\xad" + .ctext = "\xfb\x53\x81\x75\x6f\x9f\x34\xad" "\x7e\x01\xed\x7b\xcc\xda\x4e\x4a" "\xd4\x84\xa4\x53\xd5\x88\x73\x1b" "\xfd\xcb\xae\x0d\xf3\x04\xee\xe6", - .rlen = 32, + .len = 32, }, { .key = "\xff\xfe\xfd\xfc\xfb\xfa\xf9\xf8" "\xf7\xf6\xf5\xf4\xf3\xf2\xf1\xf0" @@ -14851,16 +10236,15 @@ static const struct cipher_testvec speck128_xts_enc_tv_template[] = { .klen = 32, .iv = "\x33\x33\x33\x33\x33\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00", - .input = "\x44\x44\x44\x44\x44\x44\x44\x44" + .ptext = "\x44\x44\x44\x44\x44\x44\x44\x44" "\x44\x44\x44\x44\x44\x44\x44\x44" "\x44\x44\x44\x44\x44\x44\x44\x44" "\x44\x44\x44\x44\x44\x44\x44\x44", - .ilen = 32, - .result = "\x21\x52\x84\x15\xd1\xf7\x21\x55" + .ctext = "\x21\x52\x84\x15\xd1\xf7\x21\x55" "\xd9\x75\x4a\xd3\xc5\xdb\x9f\x7d" "\xda\x63\xb2\xf1\x82\xb0\x89\x59" "\x86\xd4\xaa\xaa\xdd\xff\x4f\x92", - .rlen = 32, + .len = 32, }, { .key = "\x27\x18\x28\x18\x28\x45\x90\x45" "\x23\x53\x60\x28\x74\x71\x35\x26" @@ -14869,7 +10253,7 @@ static const struct cipher_testvec speck128_xts_enc_tv_template[] = { .klen = 32, .iv = "\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00", - .input = "\x00\x01\x02\x03\x04\x05\x06\x07" + .ptext = "\x00\x01\x02\x03\x04\x05\x06\x07" "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f" "\x10\x11\x12\x13\x14\x15\x16\x17" "\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f" @@ -14933,8 +10317,7 @@ static const struct cipher_testvec speck128_xts_enc_tv_template[] = { "\xe8\xe9\xea\xeb\xec\xed\xee\xef" "\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7" "\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff", - .ilen = 512, - .result = "\x57\xb5\xf8\x71\x6e\x6d\xdd\x82" + .ctext = "\x57\xb5\xf8\x71\x6e\x6d\xdd\x82" "\x53\xd0\xed\x2d\x30\xc1\x20\xef" "\x70\x67\x5e\xff\x09\x70\xbb\xc1" "\x3a\x7b\x48\x26\xd9\x0b\xf4\x48" @@ -14998,7 +10381,7 @@ static const struct cipher_testvec speck128_xts_enc_tv_template[] = { "\xaa\xf2\x01\xa9\xc1\x8d\xee\xca" "\x47\x26\xef\x39\xb8\xb4\xf2\xd1" "\xd6\xbb\x1b\x2a\xc1\x34\x14\xcf", - .rlen = 512, + .len = 512, }, { .key = "\x27\x18\x28\x18\x28\x45\x90\x45" "\x23\x53\x60\x28\x74\x71\x35\x26" @@ -15011,271 +10394,7 @@ static const struct cipher_testvec speck128_xts_enc_tv_template[] = { .klen = 64, .iv = "\xff\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00", - .input = "\x00\x01\x02\x03\x04\x05\x06\x07" - "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f" - "\x10\x11\x12\x13\x14\x15\x16\x17" - "\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f" - "\x20\x21\x22\x23\x24\x25\x26\x27" - "\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f" - "\x30\x31\x32\x33\x34\x35\x36\x37" - "\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f" - "\x40\x41\x42\x43\x44\x45\x46\x47" - "\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f" - "\x50\x51\x52\x53\x54\x55\x56\x57" - "\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f" - "\x60\x61\x62\x63\x64\x65\x66\x67" - "\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f" - "\x70\x71\x72\x73\x74\x75\x76\x77" - "\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f" - "\x80\x81\x82\x83\x84\x85\x86\x87" - "\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f" - "\x90\x91\x92\x93\x94\x95\x96\x97" - "\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f" - "\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7" - "\xa8\xa9\xaa\xab\xac\xad\xae\xaf" - "\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7" - "\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf" - "\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7" - "\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf" - "\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7" - "\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf" - "\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7" - "\xe8\xe9\xea\xeb\xec\xed\xee\xef" - "\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7" - "\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff" - "\x00\x01\x02\x03\x04\x05\x06\x07" - "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f" - "\x10\x11\x12\x13\x14\x15\x16\x17" - "\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f" - "\x20\x21\x22\x23\x24\x25\x26\x27" - "\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f" - "\x30\x31\x32\x33\x34\x35\x36\x37" - "\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f" - "\x40\x41\x42\x43\x44\x45\x46\x47" - "\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f" - "\x50\x51\x52\x53\x54\x55\x56\x57" - "\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f" - "\x60\x61\x62\x63\x64\x65\x66\x67" - "\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f" - "\x70\x71\x72\x73\x74\x75\x76\x77" - "\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f" - "\x80\x81\x82\x83\x84\x85\x86\x87" - "\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f" - "\x90\x91\x92\x93\x94\x95\x96\x97" - "\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f" - "\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7" - "\xa8\xa9\xaa\xab\xac\xad\xae\xaf" - "\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7" - "\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf" - "\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7" - "\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf" - "\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7" - "\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf" - "\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7" - "\xe8\xe9\xea\xeb\xec\xed\xee\xef" - "\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7" - "\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff", - .ilen = 512, - .result = "\xc5\x85\x2a\x4b\x73\xe4\xf6\xf1" - "\x7e\xf9\xf6\xe9\xa3\x73\x36\xcb" - "\xaa\xb6\x22\xb0\x24\x6e\x3d\x73" - "\x92\x99\xde\xd3\x76\xed\xcd\x63" - "\x64\x3a\x22\x57\xc1\x43\x49\xd4" - "\x79\x36\x31\x19\x62\xae\x10\x7e" - "\x7d\xcf\x7a\xe2\x6b\xce\x27\xfa" - "\xdc\x3d\xd9\x83\xd3\x42\x4c\xe0" - "\x1b\xd6\x1d\x1a\x6f\xd2\x03\x00" - "\xfc\x81\x99\x8a\x14\x62\xf5\x7e" - "\x0d\xe7\x12\xe8\x17\x9d\x0b\xec" - "\xe2\xf7\xc9\xa7\x63\xd1\x79\xb6" - "\x62\x62\x37\xfe\x0a\x4c\x4a\x37" - "\x70\xc7\x5e\x96\x5f\xbc\x8e\x9e" - "\x85\x3c\x4f\x26\x64\x85\xbc\x68" - "\xb0\xe0\x86\x5e\x26\x41\xce\x11" - "\x50\xda\x97\x14\xe9\x9e\xc7\x6d" - "\x3b\xdc\x43\xde\x2b\x27\x69\x7d" - "\xfc\xb0\x28\xbd\x8f\xb1\xc6\x31" - "\x14\x4d\xf0\x74\x37\xfd\x07\x25" - "\x96\x55\xe5\xfc\x9e\x27\x2a\x74" - "\x1b\x83\x4d\x15\x83\xac\x57\xa0" - "\xac\xa5\xd0\x38\xef\x19\x56\x53" - "\x25\x4b\xfc\xce\x04\x23\xe5\x6b" - "\xf6\xc6\x6c\x32\x0b\xb3\x12\xc5" - "\xed\x22\x34\x1c\x5d\xed\x17\x06" - "\x36\xa3\xe6\x77\xb9\x97\x46\xb8" - "\xe9\x3f\x7e\xc7\xbc\x13\x5c\xdc" - "\x6e\x3f\x04\x5e\xd1\x59\xa5\x82" - "\x35\x91\x3d\x1b\xe4\x97\x9f\x92" - "\x1c\x5e\x5f\x6f\x41\xd4\x62\xa1" - "\x8d\x39\xfc\x42\xfb\x38\x80\xb9" - "\x0a\xe3\xcc\x6a\x93\xd9\x7a\xb1" - "\xe9\x69\xaf\x0a\x6b\x75\x38\xa7" - "\xa1\xbf\xf7\xda\x95\x93\x4b\x78" - "\x19\xf5\x94\xf9\xd2\x00\x33\x37" - "\xcf\xf5\x9e\x9c\xf3\xcc\xa6\xee" - "\x42\xb2\x9e\x2c\x5f\x48\x23\x26" - "\x15\x25\x17\x03\x3d\xfe\x2c\xfc" - "\xeb\xba\xda\xe0\x00\x05\xb6\xa6" - "\x07\xb3\xe8\x36\x5b\xec\x5b\xbf" - "\xd6\x5b\x00\x74\xc6\x97\xf1\x6a" - "\x49\xa1\xc3\xfa\x10\x52\xb9\x14" - "\xad\xb7\x73\xf8\x78\x12\xc8\x59" - "\x17\x80\x4c\x57\x39\xf1\x6d\x80" - "\x25\x77\x0f\x5e\x7d\xf0\xaf\x21" - "\xec\xce\xb7\xc8\x02\x8a\xed\x53" - "\x2c\x25\x68\x2e\x1f\x85\x5e\x67" - "\xd1\x07\x7a\x3a\x89\x08\xe0\x34" - "\xdc\xdb\x26\xb4\x6b\x77\xfc\x40" - "\x31\x15\x72\xa0\xf0\x73\xd9\x3b" - "\xd5\xdb\xfe\xfc\x8f\xa9\x44\xa2" - "\x09\x9f\xc6\x33\xe5\xe2\x88\xe8" - "\xf3\xf0\x1a\xf4\xce\x12\x0f\xd6" - "\xf7\x36\xe6\xa4\xf4\x7a\x10\x58" - "\xcc\x1f\x48\x49\x65\x47\x75\xe9" - "\x28\xe1\x65\x7b\xf2\xc4\xb5\x07" - "\xf2\xec\x76\xd8\x8f\x09\xf3\x16" - "\xa1\x51\x89\x3b\xeb\x96\x42\xac" - "\x65\xe0\x67\x63\x29\xdc\xb4\x7d" - "\xf2\x41\x51\x6a\xcb\xde\x3c\xfb" - "\x66\x8d\x13\xca\xe0\x59\x2a\x00" - "\xc9\x53\x4c\xe6\x9e\xe2\x73\xd5" - "\x67\x19\xb2\xbd\x9a\x63\xd7\x5c", - .rlen = 512, - .also_non_np = 1, - .np = 3, - .tap = { 512 - 20, 4, 16 }, - } -}; - -static const struct cipher_testvec speck128_xts_dec_tv_template[] = { - { - .key = "\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00", - .klen = 32, - .iv = "\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00", - .input = "\xbe\xa0\xe7\x03\xd7\xfe\xab\x62" - "\x3b\x99\x4a\x64\x74\x77\xac\xed" - "\xd8\xf4\xa6\xcf\xae\xb9\x07\x42" - "\x51\xd9\xb6\x1d\xe0\x5e\xbc\x54", - .ilen = 32, - .result = "\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00", - .rlen = 32, - }, { - .key = "\x11\x11\x11\x11\x11\x11\x11\x11" - "\x11\x11\x11\x11\x11\x11\x11\x11" - "\x22\x22\x22\x22\x22\x22\x22\x22" - "\x22\x22\x22\x22\x22\x22\x22\x22", - .klen = 32, - .iv = "\x33\x33\x33\x33\x33\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00", - .input = "\xfb\x53\x81\x75\x6f\x9f\x34\xad" - "\x7e\x01\xed\x7b\xcc\xda\x4e\x4a" - "\xd4\x84\xa4\x53\xd5\x88\x73\x1b" - "\xfd\xcb\xae\x0d\xf3\x04\xee\xe6", - .ilen = 32, - .result = "\x44\x44\x44\x44\x44\x44\x44\x44" - "\x44\x44\x44\x44\x44\x44\x44\x44" - "\x44\x44\x44\x44\x44\x44\x44\x44" - "\x44\x44\x44\x44\x44\x44\x44\x44", - .rlen = 32, - }, { - .key = "\xff\xfe\xfd\xfc\xfb\xfa\xf9\xf8" - "\xf7\xf6\xf5\xf4\xf3\xf2\xf1\xf0" - "\x22\x22\x22\x22\x22\x22\x22\x22" - "\x22\x22\x22\x22\x22\x22\x22\x22", - .klen = 32, - .iv = "\x33\x33\x33\x33\x33\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00", - .input = "\x21\x52\x84\x15\xd1\xf7\x21\x55" - "\xd9\x75\x4a\xd3\xc5\xdb\x9f\x7d" - "\xda\x63\xb2\xf1\x82\xb0\x89\x59" - "\x86\xd4\xaa\xaa\xdd\xff\x4f\x92", - .ilen = 32, - .result = "\x44\x44\x44\x44\x44\x44\x44\x44" - "\x44\x44\x44\x44\x44\x44\x44\x44" - "\x44\x44\x44\x44\x44\x44\x44\x44" - "\x44\x44\x44\x44\x44\x44\x44\x44", - .rlen = 32, - }, { - .key = "\x27\x18\x28\x18\x28\x45\x90\x45" - "\x23\x53\x60\x28\x74\x71\x35\x26" - "\x31\x41\x59\x26\x53\x58\x97\x93" - "\x23\x84\x62\x64\x33\x83\x27\x95", - .klen = 32, - .iv = "\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00", - .input = "\x57\xb5\xf8\x71\x6e\x6d\xdd\x82" - "\x53\xd0\xed\x2d\x30\xc1\x20\xef" - "\x70\x67\x5e\xff\x09\x70\xbb\xc1" - "\x3a\x7b\x48\x26\xd9\x0b\xf4\x48" - "\xbe\xce\xb1\xc7\xb2\x67\xc4\xa7" - "\x76\xf8\x36\x30\xb7\xb4\x9a\xd9" - "\xf5\x9d\xd0\x7b\xc1\x06\x96\x44" - "\x19\xc5\x58\x84\x63\xb9\x12\x68" - "\x68\xc7\xaa\x18\x98\xf2\x1f\x5c" - "\x39\xa6\xd8\x32\x2b\xc3\x51\xfd" - "\x74\x79\x2e\xb4\x44\xd7\x69\xc4" - "\xfc\x29\xe6\xed\x26\x1e\xa6\x9d" - "\x1c\xbe\x00\x0e\x7f\x3a\xca\xfb" - "\x6d\x13\x65\xa0\xf9\x31\x12\xe2" - "\x26\xd1\xec\x2b\x0a\x8b\x59\x99" - "\xa7\x49\xa0\x0e\x09\x33\x85\x50" - "\xc3\x23\xca\x7a\xdd\x13\x45\x5f" - "\xde\x4c\xa7\xcb\x00\x8a\x66\x6f" - "\xa2\xb6\xb1\x2e\xe1\xa0\x18\xf6" - "\xad\xf3\xbd\xeb\xc7\xef\x55\x4f" - "\x79\x91\x8d\x36\x13\x7b\xd0\x4a" - "\x6c\x39\xfb\x53\xb8\x6f\x02\x51" - "\xa5\x20\xac\x24\x1c\x73\x59\x73" - "\x58\x61\x3a\x87\x58\xb3\x20\x56" - "\x39\x06\x2b\x4d\xd3\x20\x2b\x89" - "\x3f\xa2\xf0\x96\xeb\x7f\xa4\xcd" - "\x11\xae\xbd\xcb\x3a\xb4\xd9\x91" - "\x09\x35\x71\x50\x65\xac\x92\xe3" - "\x7b\x32\xc0\x7a\xdd\xd4\xc3\x92" - "\x6f\xeb\x79\xde\x6f\xd3\x25\xc9" - "\xcd\x63\xf5\x1e\x7a\x3b\x26\x9d" - "\x77\x04\x80\xa9\xbf\x38\xb5\xbd" - "\xb8\x05\x07\xbd\xfd\xab\x7b\xf8" - "\x2a\x26\xcc\x49\x14\x6d\x55\x01" - "\x06\x94\xd8\xb2\x2d\x53\x83\x1b" - "\x8f\xd4\xdd\x57\x12\x7e\x18\xba" - "\x8e\xe2\x4d\x80\xef\x7e\x6b\x9d" - "\x24\xa9\x60\xa4\x97\x85\x86\x2a" - "\x01\x00\x09\xf1\xcb\x4a\x24\x1c" - "\xd8\xf6\xe6\x5b\xe7\x5d\xf2\xc4" - "\x97\x1c\x10\xc6\x4d\x66\x4f\x98" - "\x87\x30\xac\xd5\xea\x73\x49\x10" - "\x80\xea\xe5\x5f\x4d\x5f\x03\x33" - "\x66\x02\x35\x3d\x60\x06\x36\x4f" - "\x14\x1c\xd8\x07\x1f\x78\xd0\xf8" - "\x4f\x6c\x62\x7c\x15\xa5\x7c\x28" - "\x7c\xcc\xeb\x1f\xd1\x07\x90\x93" - "\x7e\xc2\xa8\x3a\x80\xc0\xf5\x30" - "\xcc\x75\xcf\x16\x26\xa9\x26\x3b" - "\xe7\x68\x2f\x15\x21\x5b\xe4\x00" - "\xbd\x48\x50\xcd\x75\x70\xc4\x62" - "\xbb\x41\xfb\x89\x4a\x88\x3b\x3b" - "\x51\x66\x02\x69\x04\x97\x36\xd4" - "\x75\xae\x0b\xa3\x42\xf8\xca\x79" - "\x8f\x93\xe9\xcc\x38\xbd\xd6\xd2" - "\xf9\x70\x4e\xc3\x6a\x8e\x25\xbd" - "\xea\x15\x5a\xa0\x85\x7e\x81\x0d" - "\x03\xe7\x05\x39\xf5\x05\x26\xee" - "\xec\xaa\x1f\x3d\xc9\x98\x76\x01" - "\x2c\xf4\xfc\xa3\x88\x77\x38\xc4" - "\x50\x65\x50\x6d\x04\x1f\xdf\x5a" - "\xaa\xf2\x01\xa9\xc1\x8d\xee\xca" - "\x47\x26\xef\x39\xb8\xb4\xf2\xd1" - "\xd6\xbb\x1b\x2a\xc1\x34\x14\xcf", - .ilen = 512, - .result = "\x00\x01\x02\x03\x04\x05\x06\x07" + .ptext = "\x00\x01\x02\x03\x04\x05\x06\x07" "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f" "\x10\x11\x12\x13\x14\x15\x16\x17" "\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f" @@ -15339,20 +10458,7 @@ static const struct cipher_testvec speck128_xts_dec_tv_template[] = { "\xe8\xe9\xea\xeb\xec\xed\xee\xef" "\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7" "\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff", - .rlen = 512, - }, { - .key = "\x27\x18\x28\x18\x28\x45\x90\x45" - "\x23\x53\x60\x28\x74\x71\x35\x26" - "\x62\x49\x77\x57\x24\x70\x93\x69" - "\x99\x59\x57\x49\x66\x96\x76\x27" - "\x31\x41\x59\x26\x53\x58\x97\x93" - "\x23\x84\x62\x64\x33\x83\x27\x95" - "\x02\x88\x41\x97\x16\x93\x99\x37" - "\x51\x05\x82\x09\x74\x94\x45\x92", - .klen = 64, - .iv = "\xff\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00", - .input = "\xc5\x85\x2a\x4b\x73\xe4\xf6\xf1" + .ctext = "\xc5\x85\x2a\x4b\x73\xe4\xf6\xf1" "\x7e\xf9\xf6\xe9\xa3\x73\x36\xcb" "\xaa\xb6\x22\xb0\x24\x6e\x3d\x73" "\x92\x99\xde\xd3\x76\xed\xcd\x63" @@ -15416,124 +10522,36 @@ static const struct cipher_testvec speck128_xts_dec_tv_template[] = { "\x66\x8d\x13\xca\xe0\x59\x2a\x00" "\xc9\x53\x4c\xe6\x9e\xe2\x73\xd5" "\x67\x19\xb2\xbd\x9a\x63\xd7\x5c", - .ilen = 512, - .result = "\x00\x01\x02\x03\x04\x05\x06\x07" - "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f" - "\x10\x11\x12\x13\x14\x15\x16\x17" - "\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f" - "\x20\x21\x22\x23\x24\x25\x26\x27" - "\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f" - "\x30\x31\x32\x33\x34\x35\x36\x37" - "\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f" - "\x40\x41\x42\x43\x44\x45\x46\x47" - "\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f" - "\x50\x51\x52\x53\x54\x55\x56\x57" - "\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f" - "\x60\x61\x62\x63\x64\x65\x66\x67" - "\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f" - "\x70\x71\x72\x73\x74\x75\x76\x77" - "\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f" - "\x80\x81\x82\x83\x84\x85\x86\x87" - "\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f" - "\x90\x91\x92\x93\x94\x95\x96\x97" - "\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f" - "\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7" - "\xa8\xa9\xaa\xab\xac\xad\xae\xaf" - "\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7" - "\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf" - "\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7" - "\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf" - "\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7" - "\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf" - "\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7" - "\xe8\xe9\xea\xeb\xec\xed\xee\xef" - "\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7" - "\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff" - "\x00\x01\x02\x03\x04\x05\x06\x07" - "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f" - "\x10\x11\x12\x13\x14\x15\x16\x17" - "\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f" - "\x20\x21\x22\x23\x24\x25\x26\x27" - "\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f" - "\x30\x31\x32\x33\x34\x35\x36\x37" - "\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f" - "\x40\x41\x42\x43\x44\x45\x46\x47" - "\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f" - "\x50\x51\x52\x53\x54\x55\x56\x57" - "\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f" - "\x60\x61\x62\x63\x64\x65\x66\x67" - "\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f" - "\x70\x71\x72\x73\x74\x75\x76\x77" - "\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f" - "\x80\x81\x82\x83\x84\x85\x86\x87" - "\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f" - "\x90\x91\x92\x93\x94\x95\x96\x97" - "\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f" - "\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7" - "\xa8\xa9\xaa\xab\xac\xad\xae\xaf" - "\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7" - "\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf" - "\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7" - "\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf" - "\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7" - "\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf" - "\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7" - "\xe8\xe9\xea\xeb\xec\xed\xee\xef" - "\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7" - "\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff", - .rlen = 512, + .len = 512, .also_non_np = 1, .np = 3, .tap = { 512 - 20, 4, 16 }, } }; -static const struct cipher_testvec speck64_enc_tv_template[] = { +static const struct cipher_testvec speck64_tv_template[] = { { /* Speck64/96 */ .key = "\x00\x01\x02\x03\x08\x09\x0a\x0b" "\x10\x11\x12\x13", .klen = 12, - .input = "\x65\x61\x6e\x73\x20\x46\x61\x74", - .ilen = 8, - .result = "\x6c\x94\x75\x41\xec\x52\x79\x9f", - .rlen = 8, + .ptext = "\x65\x61\x6e\x73\x20\x46\x61\x74", + .ctext = "\x6c\x94\x75\x41\xec\x52\x79\x9f", + .len = 8, }, { /* Speck64/128 */ .key = "\x00\x01\x02\x03\x08\x09\x0a\x0b" "\x10\x11\x12\x13\x18\x19\x1a\x1b", .klen = 16, - .input = "\x2d\x43\x75\x74\x74\x65\x72\x3b", - .ilen = 8, - .result = "\x8b\x02\x4e\x45\x48\xa5\x6f\x8c", - .rlen = 8, - }, -}; - -static const struct cipher_testvec speck64_dec_tv_template[] = { - { /* Speck64/96 */ - .key = "\x00\x01\x02\x03\x08\x09\x0a\x0b" - "\x10\x11\x12\x13", - .klen = 12, - .input = "\x6c\x94\x75\x41\xec\x52\x79\x9f", - .ilen = 8, - .result = "\x65\x61\x6e\x73\x20\x46\x61\x74", - .rlen = 8, - }, { /* Speck64/128 */ - .key = "\x00\x01\x02\x03\x08\x09\x0a\x0b" - "\x10\x11\x12\x13\x18\x19\x1a\x1b", - .klen = 16, - .input = "\x8b\x02\x4e\x45\x48\xa5\x6f\x8c", - .ilen = 8, - .result = "\x2d\x43\x75\x74\x74\x65\x72\x3b", - .rlen = 8, + .ptext = "\x2d\x43\x75\x74\x74\x65\x72\x3b", + .ctext = "\x8b\x02\x4e\x45\x48\xa5\x6f\x8c", + .len = 8, }, }; /* - * Speck64-XTS test vectors, taken from the AES-XTS test vectors with the result - * recomputed with Speck64 as the cipher, and key lengths adjusted + * Speck64-XTS test vectors, taken from the AES-XTS test vectors with the + * ciphertext recomputed with Speck64 as the cipher, and key lengths adjusted */ - -static const struct cipher_testvec speck64_xts_enc_tv_template[] = { +static const struct cipher_testvec speck64_xts_tv_template[] = { { .key = "\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00" @@ -15541,16 +10559,15 @@ static const struct cipher_testvec speck64_xts_enc_tv_template[] = { .klen = 24, .iv = "\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00", - .input = "\x00\x00\x00\x00\x00\x00\x00\x00" + .ptext = "\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00", - .ilen = 32, - .result = "\x84\xaf\x54\x07\x19\xd4\x7c\xa6" + .ctext = "\x84\xaf\x54\x07\x19\xd4\x7c\xa6" "\xe4\xfe\xdf\xc4\x1f\x34\xc3\xc2" "\x80\xf5\x72\xe7\xcd\xf0\x99\x22" "\x35\xa7\x2f\x06\xef\xdc\x51\xaa", - .rlen = 32, + .len = 32, }, { .key = "\x11\x11\x11\x11\x11\x11\x11\x11" "\x11\x11\x11\x11\x11\x11\x11\x11" @@ -15558,16 +10575,15 @@ static const struct cipher_testvec speck64_xts_enc_tv_template[] = { .klen = 24, .iv = "\x33\x33\x33\x33\x33\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00", - .input = "\x44\x44\x44\x44\x44\x44\x44\x44" + .ptext = "\x44\x44\x44\x44\x44\x44\x44\x44" "\x44\x44\x44\x44\x44\x44\x44\x44" "\x44\x44\x44\x44\x44\x44\x44\x44" "\x44\x44\x44\x44\x44\x44\x44\x44", - .ilen = 32, - .result = "\x12\x56\x73\xcd\x15\x87\xa8\x59" + .ctext = "\x12\x56\x73\xcd\x15\x87\xa8\x59" "\xcf\x84\xae\xd9\x1c\x66\xd6\x9f" "\xb3\x12\x69\x7e\x36\xeb\x52\xff" "\x62\xdd\xba\x90\xb3\xe1\xee\x99", - .rlen = 32, + .len = 32, }, { .key = "\xff\xfe\xfd\xfc\xfb\xfa\xf9\xf8" "\xf7\xf6\xf5\xf4\xf3\xf2\xf1\xf0" @@ -15575,16 +10591,15 @@ static const struct cipher_testvec speck64_xts_enc_tv_template[] = { .klen = 24, .iv = "\x33\x33\x33\x33\x33\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00", - .input = "\x44\x44\x44\x44\x44\x44\x44\x44" + .ptext = "\x44\x44\x44\x44\x44\x44\x44\x44" "\x44\x44\x44\x44\x44\x44\x44\x44" "\x44\x44\x44\x44\x44\x44\x44\x44" "\x44\x44\x44\x44\x44\x44\x44\x44", - .ilen = 32, - .result = "\x15\x1b\xe4\x2c\xa2\x5a\x2d\x2c" + .ctext = "\x15\x1b\xe4\x2c\xa2\x5a\x2d\x2c" "\x27\x36\xc0\xbf\x5d\xea\x36\x37" "\x2d\x1a\x88\xbc\x66\xb5\xd0\x0b" "\xa1\xbc\x19\xb2\x0f\x3b\x75\x34", - .rlen = 32, + .len = 32, }, { .key = "\x27\x18\x28\x18\x28\x45\x90\x45" "\x23\x53\x60\x28\x74\x71\x35\x26" @@ -15592,7 +10607,7 @@ static const struct cipher_testvec speck64_xts_enc_tv_template[] = { .klen = 24, .iv = "\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00", - .input = "\x00\x01\x02\x03\x04\x05\x06\x07" + .ptext = "\x00\x01\x02\x03\x04\x05\x06\x07" "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f" "\x10\x11\x12\x13\x14\x15\x16\x17" "\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f" @@ -15656,8 +10671,7 @@ static const struct cipher_testvec speck64_xts_enc_tv_template[] = { "\xe8\xe9\xea\xeb\xec\xed\xee\xef" "\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7" "\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff", - .ilen = 512, - .result = "\xaf\xa1\x81\xa6\x32\xbb\x15\x8e" + .ctext = "\xaf\xa1\x81\xa6\x32\xbb\x15\x8e" "\xf8\x95\x2e\xd3\xe6\xee\x7e\x09" "\x0c\x1a\xf5\x02\x97\x8b\xe3\xb3" "\x11\xc7\x39\x96\xd0\x95\xf4\x56" @@ -15721,7 +10735,7 @@ static const struct cipher_testvec speck64_xts_enc_tv_template[] = { "\x50\xf7\x5f\xf4\xc2\xca\x41\x97" "\x37\xbe\x75\x74\xcd\xf0\x75\x6e" "\x25\x23\x94\xbd\xda\x8d\xb0\xd4", - .rlen = 512, + .len = 512, }, { .key = "\x27\x18\x28\x18\x28\x45\x90\x45" "\x23\x53\x60\x28\x74\x71\x35\x26" @@ -15730,7 +10744,7 @@ static const struct cipher_testvec speck64_xts_enc_tv_template[] = { .klen = 32, .iv = "\xff\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00", - .input = "\x00\x01\x02\x03\x04\x05\x06\x07" + .ptext = "\x00\x01\x02\x03\x04\x05\x06\x07" "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f" "\x10\x11\x12\x13\x14\x15\x16\x17" "\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f" @@ -15794,8 +10808,7 @@ static const struct cipher_testvec speck64_xts_enc_tv_template[] = { "\xe8\xe9\xea\xeb\xec\xed\xee\xef" "\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7" "\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff", - .ilen = 512, - .result = "\x55\xed\x71\xd3\x02\x8e\x15\x3b" + .ctext = "\x55\xed\x71\xd3\x02\x8e\x15\x3b" "\xc6\x71\x29\x2d\x3e\x89\x9f\x59" "\x68\x6a\xcc\x8a\x56\x97\xf3\x95" "\x4e\x51\x08\xda\x2a\xf8\x6f\x3c" @@ -15859,340 +10872,7 @@ static const struct cipher_testvec speck64_xts_enc_tv_template[] = { "\x9b\x63\x76\x32\x2f\x19\x72\x10" "\x9f\x21\x0c\xf1\x66\x50\x7f\xa5" "\x0d\x1f\x46\xe0\xba\xd3\x2f\x3c", - .rlen = 512, - .also_non_np = 1, - .np = 3, - .tap = { 512 - 20, 4, 16 }, - } -}; - -static const struct cipher_testvec speck64_xts_dec_tv_template[] = { - { - .key = "\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00", - .klen = 24, - .iv = "\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00", - .input = "\x84\xaf\x54\x07\x19\xd4\x7c\xa6" - "\xe4\xfe\xdf\xc4\x1f\x34\xc3\xc2" - "\x80\xf5\x72\xe7\xcd\xf0\x99\x22" - "\x35\xa7\x2f\x06\xef\xdc\x51\xaa", - .ilen = 32, - .result = "\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00", - .rlen = 32, - }, { - .key = "\x11\x11\x11\x11\x11\x11\x11\x11" - "\x11\x11\x11\x11\x11\x11\x11\x11" - "\x22\x22\x22\x22\x22\x22\x22\x22", - .klen = 24, - .iv = "\x33\x33\x33\x33\x33\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00", - .input = "\x12\x56\x73\xcd\x15\x87\xa8\x59" - "\xcf\x84\xae\xd9\x1c\x66\xd6\x9f" - "\xb3\x12\x69\x7e\x36\xeb\x52\xff" - "\x62\xdd\xba\x90\xb3\xe1\xee\x99", - .ilen = 32, - .result = "\x44\x44\x44\x44\x44\x44\x44\x44" - "\x44\x44\x44\x44\x44\x44\x44\x44" - "\x44\x44\x44\x44\x44\x44\x44\x44" - "\x44\x44\x44\x44\x44\x44\x44\x44", - .rlen = 32, - }, { - .key = "\xff\xfe\xfd\xfc\xfb\xfa\xf9\xf8" - "\xf7\xf6\xf5\xf4\xf3\xf2\xf1\xf0" - "\x22\x22\x22\x22\x22\x22\x22\x22", - .klen = 24, - .iv = "\x33\x33\x33\x33\x33\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00", - .input = "\x15\x1b\xe4\x2c\xa2\x5a\x2d\x2c" - "\x27\x36\xc0\xbf\x5d\xea\x36\x37" - "\x2d\x1a\x88\xbc\x66\xb5\xd0\x0b" - "\xa1\xbc\x19\xb2\x0f\x3b\x75\x34", - .ilen = 32, - .result = "\x44\x44\x44\x44\x44\x44\x44\x44" - "\x44\x44\x44\x44\x44\x44\x44\x44" - "\x44\x44\x44\x44\x44\x44\x44\x44" - "\x44\x44\x44\x44\x44\x44\x44\x44", - .rlen = 32, - }, { - .key = "\x27\x18\x28\x18\x28\x45\x90\x45" - "\x23\x53\x60\x28\x74\x71\x35\x26" - "\x31\x41\x59\x26\x53\x58\x97\x93", - .klen = 24, - .iv = "\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00", - .input = "\xaf\xa1\x81\xa6\x32\xbb\x15\x8e" - "\xf8\x95\x2e\xd3\xe6\xee\x7e\x09" - "\x0c\x1a\xf5\x02\x97\x8b\xe3\xb3" - "\x11\xc7\x39\x96\xd0\x95\xf4\x56" - "\xf4\xdd\x03\x38\x01\x44\x2c\xcf" - "\x88\xae\x8e\x3c\xcd\xe7\xaa\x66" - "\xfe\x3d\xc6\xfb\x01\x23\x51\x43" - "\xd5\xd2\x13\x86\x94\x34\xe9\x62" - "\xf9\x89\xe3\xd1\x7b\xbe\xf8\xef" - "\x76\x35\x04\x3f\xdb\x23\x9d\x0b" - "\x85\x42\xb9\x02\xd6\xcc\xdb\x96" - "\xa7\x6b\x27\xb6\xd4\x45\x8f\x7d" - "\xae\xd2\x04\xd5\xda\xc1\x7e\x24" - "\x8c\x73\xbe\x48\x7e\xcf\x65\x28" - "\x29\xe5\xbe\x54\x30\xcb\x46\x95" - "\x4f\x2e\x8a\x36\xc8\x27\xc5\xbe" - "\xd0\x1a\xaf\xab\x26\xcd\x9e\x69" - "\xa1\x09\x95\x71\x26\xe9\xc4\xdf" - "\xe6\x31\xc3\x46\xda\xaf\x0b\x41" - "\x1f\xab\xb1\x8e\xd6\xfc\x0b\xb3" - "\x82\xc0\x37\x27\xfc\x91\xa7\x05" - "\xfb\xc5\xdc\x2b\x74\x96\x48\x43" - "\x5d\x9c\x19\x0f\x60\x63\x3a\x1f" - "\x6f\xf0\x03\xbe\x4d\xfd\xc8\x4a" - "\xc6\xa4\x81\x6d\xc3\x12\x2a\x5c" - "\x07\xff\xf3\x72\x74\x48\xb5\x40" - "\x50\xb5\xdd\x90\x43\x31\x18\x15" - "\x7b\xf2\xa6\xdb\x83\xc8\x4b\x4a" - "\x29\x93\x90\x8b\xda\x07\xf0\x35" - "\x6d\x90\x88\x09\x4e\x83\xf5\x5b" - "\x94\x12\xbb\x33\x27\x1d\x3f\x23" - "\x51\xa8\x7c\x07\xa2\xae\x77\xa6" - "\x50\xfd\xcc\xc0\x4f\x80\x7a\x9f" - "\x66\xdd\xcd\x75\x24\x8b\x33\xf7" - "\x20\xdb\x83\x9b\x4f\x11\x63\x6e" - "\xcf\x37\xef\xc9\x11\x01\x5c\x45" - "\x32\x99\x7c\x3c\x9e\x42\x89\xe3" - "\x70\x6d\x15\x9f\xb1\xe6\xb6\x05" - "\xfe\x0c\xb9\x49\x2d\x90\x6d\xcc" - "\x5d\x3f\xc1\xfe\x89\x0a\x2e\x2d" - "\xa0\xa8\x89\x3b\x73\x39\xa5\x94" - "\x4c\xa4\xa6\xbb\xa7\x14\x46\x89" - "\x10\xff\xaf\xef\xca\xdd\x4f\x80" - "\xb3\xdf\x3b\xab\xd4\xe5\x5a\xc7" - "\x33\xca\x00\x8b\x8b\x3f\xea\xec" - "\x68\x8a\xc2\x6d\xfd\xd4\x67\x0f" - "\x22\x31\xe1\x0e\xfe\x5a\x04\xd5" - "\x64\xa3\xf1\x1a\x76\x28\xcc\x35" - "\x36\xa7\x0a\x74\xf7\x1c\x44\x9b" - "\xc7\x1b\x53\x17\x02\xea\xd1\xad" - "\x13\x51\x73\xc0\xa0\xb2\x05\x32" - "\xa8\xa2\x37\x2e\xe1\x7a\x3a\x19" - "\x26\xb4\x6c\x62\x5d\xb3\x1a\x1d" - "\x59\xda\xee\x1a\x22\x18\xda\x0d" - "\x88\x0f\x55\x8b\x72\x62\xfd\xc1" - "\x69\x13\xcd\x0d\x5f\xc1\x09\x52" - "\xee\xd6\xe3\x84\x4d\xee\xf6\x88" - "\xaf\x83\xdc\x76\xf4\xc0\x93\x3f" - "\x4a\x75\x2f\xb0\x0b\x3e\xc4\x54" - "\x7d\x69\x8d\x00\x62\x77\x0d\x14" - "\xbe\x7c\xa6\x7d\xc5\x24\x4f\xf3" - "\x50\xf7\x5f\xf4\xc2\xca\x41\x97" - "\x37\xbe\x75\x74\xcd\xf0\x75\x6e" - "\x25\x23\x94\xbd\xda\x8d\xb0\xd4", - .ilen = 512, - .result = "\x00\x01\x02\x03\x04\x05\x06\x07" - "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f" - "\x10\x11\x12\x13\x14\x15\x16\x17" - "\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f" - "\x20\x21\x22\x23\x24\x25\x26\x27" - "\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f" - "\x30\x31\x32\x33\x34\x35\x36\x37" - "\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f" - "\x40\x41\x42\x43\x44\x45\x46\x47" - "\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f" - "\x50\x51\x52\x53\x54\x55\x56\x57" - "\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f" - "\x60\x61\x62\x63\x64\x65\x66\x67" - "\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f" - "\x70\x71\x72\x73\x74\x75\x76\x77" - "\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f" - "\x80\x81\x82\x83\x84\x85\x86\x87" - "\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f" - "\x90\x91\x92\x93\x94\x95\x96\x97" - "\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f" - "\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7" - "\xa8\xa9\xaa\xab\xac\xad\xae\xaf" - "\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7" - "\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf" - "\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7" - "\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf" - "\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7" - "\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf" - "\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7" - "\xe8\xe9\xea\xeb\xec\xed\xee\xef" - "\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7" - "\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff" - "\x00\x01\x02\x03\x04\x05\x06\x07" - "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f" - "\x10\x11\x12\x13\x14\x15\x16\x17" - "\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f" - "\x20\x21\x22\x23\x24\x25\x26\x27" - "\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f" - "\x30\x31\x32\x33\x34\x35\x36\x37" - "\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f" - "\x40\x41\x42\x43\x44\x45\x46\x47" - "\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f" - "\x50\x51\x52\x53\x54\x55\x56\x57" - "\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f" - "\x60\x61\x62\x63\x64\x65\x66\x67" - "\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f" - "\x70\x71\x72\x73\x74\x75\x76\x77" - "\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f" - "\x80\x81\x82\x83\x84\x85\x86\x87" - "\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f" - "\x90\x91\x92\x93\x94\x95\x96\x97" - "\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f" - "\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7" - "\xa8\xa9\xaa\xab\xac\xad\xae\xaf" - "\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7" - "\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf" - "\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7" - "\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf" - "\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7" - "\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf" - "\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7" - "\xe8\xe9\xea\xeb\xec\xed\xee\xef" - "\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7" - "\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff", - .rlen = 512, - }, { - .key = "\x27\x18\x28\x18\x28\x45\x90\x45" - "\x23\x53\x60\x28\x74\x71\x35\x26" - "\x62\x49\x77\x57\x24\x70\x93\x69" - "\x99\x59\x57\x49\x66\x96\x76\x27", - .klen = 32, - .iv = "\xff\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00", - .input = "\x55\xed\x71\xd3\x02\x8e\x15\x3b" - "\xc6\x71\x29\x2d\x3e\x89\x9f\x59" - "\x68\x6a\xcc\x8a\x56\x97\xf3\x95" - "\x4e\x51\x08\xda\x2a\xf8\x6f\x3c" - "\x78\x16\xea\x80\xdb\x33\x75\x94" - "\xf9\x29\xc4\x2b\x76\x75\x97\xc7" - "\xf2\x98\x2c\xf9\xff\xc8\xd5\x2b" - "\x18\xf1\xaf\xcf\x7c\xc5\x0b\xee" - "\xad\x3c\x76\x7c\xe6\x27\xa2\x2a" - "\xe4\x66\xe1\xab\xa2\x39\xfc\x7c" - "\xf5\xec\x32\x74\xa3\xb8\x03\x88" - "\x52\xfc\x2e\x56\x3f\xa1\xf0\x9f" - "\x84\x5e\x46\xed\x20\x89\xb6\x44" - "\x8d\xd0\xed\x54\x47\x16\xbe\x95" - "\x8a\xb3\x6b\x72\xc4\x32\x52\x13" - "\x1b\xb0\x82\xbe\xac\xf9\x70\xa6" - "\x44\x18\xdd\x8c\x6e\xca\x6e\x45" - "\x8f\x1e\x10\x07\x57\x25\x98\x7b" - "\x17\x8c\x78\xdd\x80\xa7\xd9\xd8" - "\x63\xaf\xb9\x67\x57\xfd\xbc\xdb" - "\x44\xe9\xc5\x65\xd1\xc7\x3b\xff" - "\x20\xa0\x80\x1a\xc3\x9a\xad\x5e" - "\x5d\x3b\xd3\x07\xd9\xf5\xfd\x3d" - "\x4a\x8b\xa8\xd2\x6e\x7a\x51\x65" - "\x6c\x8e\x95\xe0\x45\xc9\x5f\x4a" - "\x09\x3c\x3d\x71\x7f\x0c\x84\x2a" - "\xc8\x48\x52\x1a\xc2\xd5\xd6\x78" - "\x92\x1e\xa0\x90\x2e\xea\xf0\xf3" - "\xdc\x0f\xb1\xaf\x0d\x9b\x06\x2e" - "\x35\x10\x30\x82\x0d\xe7\xc5\x9b" - "\xde\x44\x18\xbd\x9f\xd1\x45\xa9" - "\x7b\x7a\x4a\xad\x35\x65\x27\xca" - "\xb2\xc3\xd4\x9b\x71\x86\x70\xee" - "\xf1\x89\x3b\x85\x4b\x5b\xaa\xaf" - "\xfc\x42\xc8\x31\x59\xbe\x16\x60" - "\x4f\xf9\xfa\x12\xea\xd0\xa7\x14" - "\xf0\x7a\xf3\xd5\x8d\xbd\x81\xef" - "\x52\x7f\x29\x51\x94\x20\x67\x3c" - "\xd1\xaf\x77\x9f\x22\x5a\x4e\x63" - "\xe7\xff\x73\x25\xd1\xdd\x96\x8a" - "\x98\x52\x6d\xf3\xac\x3e\xf2\x18" - "\x6d\xf6\x0a\x29\xa6\x34\x3d\xed" - "\xe3\x27\x0d\x9d\x0a\x02\x44\x7e" - "\x5a\x7e\x67\x0f\x0a\x9e\xd6\xad" - "\x91\xe6\x4d\x81\x8c\x5c\x59\xaa" - "\xfb\xeb\x56\x53\xd2\x7d\x4c\x81" - "\x65\x53\x0f\x41\x11\xbd\x98\x99" - "\xf9\xc6\xfa\x51\x2e\xa3\xdd\x8d" - "\x84\x98\xf9\x34\xed\x33\x2a\x1f" - "\x82\xed\xc1\x73\x98\xd3\x02\xdc" - "\xe6\xc2\x33\x1d\xa2\xb4\xca\x76" - "\x63\x51\x34\x9d\x96\x12\xae\xce" - "\x83\xc9\x76\x5e\xa4\x1b\x53\x37" - "\x17\xd5\xc0\x80\x1d\x62\xf8\x3d" - "\x54\x27\x74\xbb\x10\x86\x57\x46" - "\x68\xe1\xed\x14\xe7\x9d\xfc\x84" - "\x47\xbc\xc2\xf8\x19\x4b\x99\xcf" - "\x7a\xe9\xc4\xb8\x8c\x82\x72\x4d" - "\x7b\x4f\x38\x55\x36\x71\x64\xc1" - "\xfc\x5c\x75\x52\x33\x02\x18\xf8" - "\x17\xe1\x2b\xc2\x43\x39\xbd\x76" - "\x9b\x63\x76\x32\x2f\x19\x72\x10" - "\x9f\x21\x0c\xf1\x66\x50\x7f\xa5" - "\x0d\x1f\x46\xe0\xba\xd3\x2f\x3c", - .ilen = 512, - .result = "\x00\x01\x02\x03\x04\x05\x06\x07" - "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f" - "\x10\x11\x12\x13\x14\x15\x16\x17" - "\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f" - "\x20\x21\x22\x23\x24\x25\x26\x27" - "\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f" - "\x30\x31\x32\x33\x34\x35\x36\x37" - "\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f" - "\x40\x41\x42\x43\x44\x45\x46\x47" - "\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f" - "\x50\x51\x52\x53\x54\x55\x56\x57" - "\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f" - "\x60\x61\x62\x63\x64\x65\x66\x67" - "\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f" - "\x70\x71\x72\x73\x74\x75\x76\x77" - "\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f" - "\x80\x81\x82\x83\x84\x85\x86\x87" - "\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f" - "\x90\x91\x92\x93\x94\x95\x96\x97" - "\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f" - "\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7" - "\xa8\xa9\xaa\xab\xac\xad\xae\xaf" - "\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7" - "\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf" - "\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7" - "\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf" - "\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7" - "\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf" - "\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7" - "\xe8\xe9\xea\xeb\xec\xed\xee\xef" - "\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7" - "\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff" - "\x00\x01\x02\x03\x04\x05\x06\x07" - "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f" - "\x10\x11\x12\x13\x14\x15\x16\x17" - "\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f" - "\x20\x21\x22\x23\x24\x25\x26\x27" - "\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f" - "\x30\x31\x32\x33\x34\x35\x36\x37" - "\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f" - "\x40\x41\x42\x43\x44\x45\x46\x47" - "\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f" - "\x50\x51\x52\x53\x54\x55\x56\x57" - "\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f" - "\x60\x61\x62\x63\x64\x65\x66\x67" - "\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f" - "\x70\x71\x72\x73\x74\x75\x76\x77" - "\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f" - "\x80\x81\x82\x83\x84\x85\x86\x87" - "\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f" - "\x90\x91\x92\x93\x94\x95\x96\x97" - "\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f" - "\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7" - "\xa8\xa9\xaa\xab\xac\xad\xae\xaf" - "\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7" - "\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf" - "\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7" - "\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf" - "\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7" - "\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf" - "\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7" - "\xe8\xe9\xea\xeb\xec\xed\xee\xef" - "\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7" - "\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff", - .rlen = 512, + .len = 512, .also_non_np = 1, .np = 3, .tap = { 512 - 20, 4, 16 }, @@ -16200,37 +10880,34 @@ static const struct cipher_testvec speck64_xts_dec_tv_template[] = { }; /* Cast6 test vectors from RFC 2612 */ -static const struct cipher_testvec cast6_enc_tv_template[] = { +static const struct cipher_testvec cast6_tv_template[] = { { .key = "\x23\x42\xbb\x9e\xfa\x38\x54\x2c" "\x0a\xf7\x56\x47\xf2\x9f\x61\x5d", .klen = 16, - .input = zeroed_string, - .ilen = 16, - .result = "\xc8\x42\xa0\x89\x72\xb4\x3d\x20" + .ptext = zeroed_string, + .ctext = "\xc8\x42\xa0\x89\x72\xb4\x3d\x20" "\x83\x6c\x91\xd1\xb7\x53\x0f\x6b", - .rlen = 16, + .len = 16, }, { .key = "\x23\x42\xbb\x9e\xfa\x38\x54\x2c" "\xbe\xd0\xac\x83\x94\x0a\xc2\x98" "\xba\xc7\x7a\x77\x17\x94\x28\x63", .klen = 24, - .input = zeroed_string, - .ilen = 16, - .result = "\x1b\x38\x6c\x02\x10\xdc\xad\xcb" + .ptext = zeroed_string, + .ctext = "\x1b\x38\x6c\x02\x10\xdc\xad\xcb" "\xdd\x0e\x41\xaa\x08\xa7\xa7\xe8", - .rlen = 16, + .len = 16, }, { .key = "\x23\x42\xbb\x9e\xfa\x38\x54\x2c" "\xbe\xd0\xac\x83\x94\x0a\xc2\x98" "\x8d\x7c\x47\xce\x26\x49\x08\x46" "\x1c\xc1\xb5\x13\x7a\xe6\xb6\x04", .klen = 32, - .input = zeroed_string, - .ilen = 16, - .result = "\x4f\x6a\x20\x38\x28\x68\x97\xb9" + .ptext = zeroed_string, + .ctext = "\x4f\x6a\x20\x38\x28\x68\x97\xb9" "\xc9\x87\x01\x36\x55\x33\x17\xfa", - .rlen = 16, + .len = 16, }, { /* Generated from TF test vectors */ .key = "\x85\x62\x3F\x1C\xF9\xD6\x1C\xF9" "\xD6\xB3\x90\x6D\x4A\x90\x6D\x4A" @@ -16239,7 +10916,7 @@ static const struct cipher_testvec cast6_enc_tv_template[] = { .klen = 32, .iv = "\xE2\x24\x89\xEE\x53\xB8\x1D\x5F" "\xC4\x29\x8E\xF3\x35\x9A\xFF\x64", - .input = "\x56\xED\x84\x1B\x8F\x26\xBD\x31" + .ptext = "\x56\xED\x84\x1B\x8F\x26\xBD\x31" "\xC8\x5F\xF6\x6A\x01\x98\x0C\xA3" "\x3A\xD1\x45\xDC\x73\x0A\x7E\x15" "\xAC\x20\xB7\x4E\xE5\x59\xF0\x87" @@ -16301,116 +10978,7 @@ static const struct cipher_testvec cast6_enc_tv_template[] = { "\xF8\x8F\x03\x9A\x31\xC8\x3C\xD3" "\x6A\x01\x75\x0C\xA3\x17\xAE\x45" "\xDC\x50\xE7\x7E\x15\x89\x20\xB7", - .ilen = 496, - .result = "\xC3\x70\x22\x32\xF5\x80\xCB\x54" - "\xFC\x30\xE0\xF6\xEB\x39\x57\xA6" - "\xB6\xB9\xC5\xA4\x91\x55\x14\x97" - "\xC1\x20\xFF\x6C\x5C\xF0\x67\xEA" - "\x2F\xED\xD8\xC9\xFB\x38\x3F\xFE" - "\x93\xBE\xDC\x00\xD3\x7F\xAD\x4C" - "\x5A\x08\x92\xD1\x47\x0C\xFA\x6C" - "\xD0\x6A\x99\x10\x72\xF8\x47\x62" - "\x81\x42\xF8\xD8\xF5\xBB\x94\x08" - "\xAA\x97\xA2\x8B\x69\xB3\xD2\x7E" - "\xBC\xB5\x00\x0C\xE5\x44\x4B\x58" - "\xE8\x63\xDC\xB3\xC4\xE5\x23\x12" - "\x5A\x72\x85\x47\x8B\xEC\x9F\x26" - "\x84\xB6\xED\x10\x33\x63\x9B\x5F" - "\x4D\x53\xEE\x94\x45\x8B\x60\x58" - "\x86\x20\xF9\x1E\x82\x08\x3E\x58" - "\x60\x1B\x34\x19\x02\xBE\x4E\x09" - "\xBB\x7C\x15\xCC\x60\x27\x55\x7A" - "\x12\xB8\xD8\x08\x89\x3C\xA6\xF3" - "\xF1\xDD\xA7\x07\xA3\x12\x85\x28" - "\xE9\x57\xAC\x80\x0C\x5C\x0F\x3A" - "\x5D\xC2\x91\xC7\x90\xE4\x8C\x43" - "\x92\xE4\x7C\x26\x69\x4D\x83\x68" - "\x14\x96\x42\x47\xBD\xA9\xE4\x8A" - "\x33\x19\xEB\x54\x8E\x0D\x4B\x6E" - "\x91\x51\xB5\x36\x08\xDE\x1C\x06" - "\x03\xBD\xDE\x81\x26\xF7\x99\xC2" - "\xBA\xF7\x6D\x87\x0D\xE4\xA6\xCF" - "\xC1\xF5\x27\x05\xB8\x02\x57\x72" - "\xE6\x42\x13\x0B\xC6\x47\x05\x74" - "\x24\x15\xF7\x0D\xC2\x23\x9D\xB9" - "\x3C\x77\x18\x93\xBA\xB4\xFC\x8C" - "\x98\x82\x67\x67\xB4\xD7\xD3\x43" - "\x23\x08\x02\xB7\x9B\x99\x05\xFB" - "\xD3\xB5\x00\x0A\xA9\x9D\x66\xD6" - "\x2E\x49\x58\xD0\xA8\x57\x29\x7F" - "\x0A\x0E\x7D\xFC\x92\x83\xCC\x67" - "\xA2\xB1\x70\x3A\x8F\x87\x4A\x8D" - "\x17\xE2\x58\x2B\x88\x0D\x68\x62" - "\xBF\x35\xD1\x6F\xC0\xF0\x18\x62" - "\xB2\xC7\x2D\x58\xC7\x16\xDE\x08" - "\xEB\x84\x1D\x25\xA7\x38\x94\x06" - "\x93\x9D\xF8\xFE\x88\x71\xE7\x84" - "\x2C\xA0\x38\xA3\x1D\x48\xCF\x29" - "\x0B\xBC\xD8\x50\x99\x1A\x26\xFB" - "\x8E\x75\x3D\x73\xEB\x6A\xED\x29" - "\xE0\x8E\xED\xFC\xFE\x6F\xF6\xBA" - "\x41\xE2\x10\x4C\x01\x8B\x69\x2B" - "\x25\x3F\x4D\x70\x7B\x92\xD6\x3B" - "\xAC\xF9\x77\x18\xD9\x6A\x30\xA6" - "\x2E\xFA\x30\xFF\xC8\xD5\x1D\x06" - "\x59\x28\x1D\x86\x43\x04\x5D\x3B" - "\x99\x4C\x04\x5A\x21\x17\x8B\x76" - "\x8F\x72\xCB\xA1\x9C\x29\x4C\xC3" - "\x65\xA2\x58\x2A\xC5\x66\x24\xBF" - "\xBA\xE6\x0C\xDD\x34\x24\x74\xC8" - "\x84\x0A\x66\x2C\xBE\x8F\x32\xA9" - "\xE7\xE4\xA1\xD7\xDA\xAB\x23\x1E" - "\xEB\xEE\x6C\x94\x6F\x9C\x2E\xD1" - "\x49\x2C\xF3\xD4\x90\xCC\x93\x4C" - "\x84\x52\x6D\x68\xDE\xC6\x64\xB2" - "\x11\x74\x93\x57\xB4\x7E\xC6\x00", - .rlen = 496, - .also_non_np = 1, - .np = 3, - .tap = { 496 - 20, 4, 16 }, - }, -}; - -static const struct cipher_testvec cast6_dec_tv_template[] = { - { - .key = "\x23\x42\xbb\x9e\xfa\x38\x54\x2c" - "\x0a\xf7\x56\x47\xf2\x9f\x61\x5d", - .klen = 16, - .input = "\xc8\x42\xa0\x89\x72\xb4\x3d\x20" - "\x83\x6c\x91\xd1\xb7\x53\x0f\x6b", - .ilen = 16, - .result = zeroed_string, - .rlen = 16, - }, { - .key = "\x23\x42\xbb\x9e\xfa\x38\x54\x2c" - "\xbe\xd0\xac\x83\x94\x0a\xc2\x98" - "\xba\xc7\x7a\x77\x17\x94\x28\x63", - .klen = 24, - .input = "\x1b\x38\x6c\x02\x10\xdc\xad\xcb" - "\xdd\x0e\x41\xaa\x08\xa7\xa7\xe8", - .ilen = 16, - .result = zeroed_string, - .rlen = 16, - }, { - .key = "\x23\x42\xbb\x9e\xfa\x38\x54\x2c" - "\xbe\xd0\xac\x83\x94\x0a\xc2\x98" - "\x8d\x7c\x47\xce\x26\x49\x08\x46" - "\x1c\xc1\xb5\x13\x7a\xe6\xb6\x04", - .klen = 32, - .input = "\x4f\x6a\x20\x38\x28\x68\x97\xb9" - "\xc9\x87\x01\x36\x55\x33\x17\xfa", - .ilen = 16, - .result = zeroed_string, - .rlen = 16, - }, { /* Generated from TF test vectors */ - .key = "\x85\x62\x3F\x1C\xF9\xD6\x1C\xF9" - "\xD6\xB3\x90\x6D\x4A\x90\x6D\x4A" - "\x27\x04\xE1\x27\x04\xE1\xBE\x9B" - "\x78\xBE\x9B\x78\x55\x32\x0F\x55", - .klen = 32, - .iv = "\xE2\x24\x89\xEE\x53\xB8\x1D\x5F" - "\xC4\x29\x8E\xF3\x35\x9A\xFF\x64", - .input = "\xC3\x70\x22\x32\xF5\x80\xCB\x54" + .ctext = "\xC3\x70\x22\x32\xF5\x80\xCB\x54" "\xFC\x30\xE0\xF6\xEB\x39\x57\xA6" "\xB6\xB9\xC5\xA4\x91\x55\x14\x97" "\xC1\x20\xFF\x6C\x5C\xF0\x67\xEA" @@ -16472,77 +11040,14 @@ static const struct cipher_testvec cast6_dec_tv_template[] = { "\x49\x2C\xF3\xD4\x90\xCC\x93\x4C" "\x84\x52\x6D\x68\xDE\xC6\x64\xB2" "\x11\x74\x93\x57\xB4\x7E\xC6\x00", - .ilen = 496, - .result = "\x56\xED\x84\x1B\x8F\x26\xBD\x31" - "\xC8\x5F\xF6\x6A\x01\x98\x0C\xA3" - "\x3A\xD1\x45\xDC\x73\x0A\x7E\x15" - "\xAC\x20\xB7\x4E\xE5\x59\xF0\x87" - "\x1E\x92\x29\xC0\x34\xCB\x62\xF9" - "\x6D\x04\x9B\x0F\xA6\x3D\xD4\x48" - "\xDF\x76\x0D\x81\x18\xAF\x23\xBA" - "\x51\xE8\x5C\xF3\x8A\x21\x95\x2C" - "\xC3\x37\xCE\x65\xFC\x70\x07\x9E" - "\x12\xA9\x40\xD7\x4B\xE2\x79\x10" - "\x84\x1B\xB2\x26\xBD\x54\xEB\x5F" - "\xF6\x8D\x01\x98\x2F\xC6\x3A\xD1" - "\x68\xFF\x73\x0A\xA1\x15\xAC\x43" - "\xDA\x4E\xE5\x7C\x13\x87\x1E\xB5" - "\x29\xC0\x57\xEE\x62\xF9\x90\x04" - "\x9B\x32\xC9\x3D\xD4\x6B\x02\x76" - "\x0D\xA4\x18\xAF\x46\xDD\x51\xE8" - "\x7F\x16\x8A\x21\xB8\x2C\xC3\x5A" - "\xF1\x65\xFC\x93\x07\x9E\x35\xCC" - "\x40\xD7\x6E\x05\x79\x10\xA7\x1B" - "\xB2\x49\xE0\x54\xEB\x82\x19\x8D" - "\x24\xBB\x2F\xC6\x5D\xF4\x68\xFF" - "\x96\x0A\xA1\x38\xCF\x43\xDA\x71" - "\x08\x7C\x13\xAA\x1E\xB5\x4C\xE3" - "\x57\xEE\x85\x1C\x90\x27\xBE\x32" - "\xC9\x60\xF7\x6B\x02\x99\x0D\xA4" - "\x3B\xD2\x46\xDD\x74\x0B\x7F\x16" - "\xAD\x21\xB8\x4F\xE6\x5A\xF1\x88" - "\x1F\x93\x2A\xC1\x35\xCC\x63\xFA" - "\x6E\x05\x9C\x10\xA7\x3E\xD5\x49" - "\xE0\x77\x0E\x82\x19\xB0\x24\xBB" - "\x52\xE9\x5D\xF4\x8B\x22\x96\x2D" - "\xC4\x38\xCF\x66\xFD\x71\x08\x9F" - "\x13\xAA\x41\xD8\x4C\xE3\x7A\x11" - "\x85\x1C\xB3\x27\xBE\x55\xEC\x60" - "\xF7\x8E\x02\x99\x30\xC7\x3B\xD2" - "\x69\x00\x74\x0B\xA2\x16\xAD\x44" - "\xDB\x4F\xE6\x7D\x14\x88\x1F\xB6" - "\x2A\xC1\x58\xEF\x63\xFA\x91\x05" - "\x9C\x33\xCA\x3E\xD5\x6C\x03\x77" - "\x0E\xA5\x19\xB0\x47\xDE\x52\xE9" - "\x80\x17\x8B\x22\xB9\x2D\xC4\x5B" - "\xF2\x66\xFD\x94\x08\x9F\x36\xCD" - "\x41\xD8\x6F\x06\x7A\x11\xA8\x1C" - "\xB3\x4A\xE1\x55\xEC\x83\x1A\x8E" - "\x25\xBC\x30\xC7\x5E\xF5\x69\x00" - "\x97\x0B\xA2\x39\xD0\x44\xDB\x72" - "\x09\x7D\x14\xAB\x1F\xB6\x4D\xE4" - "\x58\xEF\x86\x1D\x91\x28\xBF\x33" - "\xCA\x61\xF8\x6C\x03\x9A\x0E\xA5" - "\x3C\xD3\x47\xDE\x75\x0C\x80\x17" - "\xAE\x22\xB9\x50\xE7\x5B\xF2\x89" - "\x20\x94\x2B\xC2\x36\xCD\x64\xFB" - "\x6F\x06\x9D\x11\xA8\x3F\xD6\x4A" - "\xE1\x78\x0F\x83\x1A\xB1\x25\xBC" - "\x53\xEA\x5E\xF5\x8C\x00\x97\x2E" - "\xC5\x39\xD0\x67\xFE\x72\x09\xA0" - "\x14\xAB\x42\xD9\x4D\xE4\x7B\x12" - "\x86\x1D\xB4\x28\xBF\x56\xED\x61" - "\xF8\x8F\x03\x9A\x31\xC8\x3C\xD3" - "\x6A\x01\x75\x0C\xA3\x17\xAE\x45" - "\xDC\x50\xE7\x7E\x15\x89\x20\xB7", - .rlen = 496, + .len = 496, .also_non_np = 1, .np = 3, .tap = { 496 - 20, 4, 16 }, }, }; -static const struct cipher_testvec cast6_cbc_enc_tv_template[] = { +static const struct cipher_testvec cast6_cbc_tv_template[] = { { /* Generated from TF test vectors */ .key = "\x85\x62\x3F\x1C\xF9\xD6\x1C\xF9" "\xD6\xB3\x90\x6D\x4A\x90\x6D\x4A" @@ -16551,7 +11056,7 @@ static const struct cipher_testvec cast6_cbc_enc_tv_template[] = { .klen = 32, .iv = "\xE2\x24\x89\xEE\x53\xB8\x1D\x5F" "\xC4\x29\x8E\xF3\x35\x9A\xFF\x64", - .input = "\x56\xED\x84\x1B\x8F\x26\xBD\x31" + .ptext = "\x56\xED\x84\x1B\x8F\x26\xBD\x31" "\xC8\x5F\xF6\x6A\x01\x98\x0C\xA3" "\x3A\xD1\x45\xDC\x73\x0A\x7E\x15" "\xAC\x20\xB7\x4E\xE5\x59\xF0\x87" @@ -16613,8 +11118,7 @@ static const struct cipher_testvec cast6_cbc_enc_tv_template[] = { "\xF8\x8F\x03\x9A\x31\xC8\x3C\xD3" "\x6A\x01\x75\x0C\xA3\x17\xAE\x45" "\xDC\x50\xE7\x7E\x15\x89\x20\xB7", - .ilen = 496, - .result = "\xDF\x77\x68\x96\xC7\xBA\xF8\xE2" + .ctext = "\xDF\x77\x68\x96\xC7\xBA\xF8\xE2" "\x0E\x24\x99\x1A\xAA\xF3\xC6\x9F" "\xA0\x73\xB3\x70\xC3\x68\x64\x70" "\xAD\x33\x02\xFB\x88\x74\xAA\x78" @@ -16676,14 +11180,14 @@ static const struct cipher_testvec cast6_cbc_enc_tv_template[] = { "\xC5\x5C\xAD\xB6\x07\xB6\x84\xF3" "\x4D\x59\x7D\xC5\x28\x69\xFA\x92" "\x22\x46\x89\x2D\x0F\x2B\x08\x24", - .rlen = 496, + .len = 496, .also_non_np = 1, .np = 3, .tap = { 496 - 20, 4, 16 }, }, }; -static const struct cipher_testvec cast6_cbc_dec_tv_template[] = { +static const struct cipher_testvec cast6_ctr_tv_template[] = { { /* Generated from TF test vectors */ .key = "\x85\x62\x3F\x1C\xF9\xD6\x1C\xF9" "\xD6\xB3\x90\x6D\x4A\x90\x6D\x4A" @@ -16692,155 +11196,13 @@ static const struct cipher_testvec cast6_cbc_dec_tv_template[] = { .klen = 32, .iv = "\xE2\x24\x89\xEE\x53\xB8\x1D\x5F" "\xC4\x29\x8E\xF3\x35\x9A\xFF\x64", - .input = "\xDF\x77\x68\x96\xC7\xBA\xF8\xE2" - "\x0E\x24\x99\x1A\xAA\xF3\xC6\x9F" - "\xA0\x73\xB3\x70\xC3\x68\x64\x70" - "\xAD\x33\x02\xFB\x88\x74\xAA\x78" - "\xC7\x47\x1A\x18\x61\x2D\xAC\x9F" - "\x7E\x6F\xDF\x05\x13\x76\xA6\x72" - "\xB7\x13\x09\x0F\x7D\x38\xDF\x25" - "\x4E\xFD\x50\x45\xFA\x35\x6A\xC0" - "\x57\x95\xE1\x21\x26\x10\x9A\x21" - "\xA1\x8A\x51\x05\xD1\xB1\x78\x35" - "\x98\xF5\xAE\xC0\xC1\x8B\x94\xFF" - "\xD0\x69\x3F\x42\xC2\x01\xA7\x9B" - "\x23\x16\x47\x72\x81\x13\x3A\x72" - "\xEC\xD9\x40\x88\x00\x9C\xB0\xA8" - "\x9C\xAC\xCE\x11\x73\x7B\x63\x3E" - "\xA3\x63\x98\x7D\x35\xE4\xD9\x83" - "\xE2\xD0\x52\x87\x0C\x1F\xB0\xB3" - "\x41\x1A\x93\x8D\x76\x31\x9F\xF2" - "\xFE\x09\xA3\x8F\x22\x6A\x3B\xB9" - "\x6C\x9E\xE4\xA1\xA0\xC4\xE7\xA1" - "\x21\x9C\x1A\xCA\x65\xDE\x44\x03" - "\x99\xF2\xD2\x39\xE3\x3F\x0F\x37" - "\x53\x50\x23\xA4\x81\x6E\xDA\xFB" - "\xF8\x7B\x01\xD7\xB2\x32\x9C\xB8" - "\xB1\x0E\x99\x17\xB5\x38\xF9\xD7" - "\x86\x2D\x6E\x94\x5C\x99\x9D\xB3" - "\xD3\x63\x4B\x2A\x7D\x44\x6A\xB2" - "\xC1\x03\xE6\x5A\x37\xD8\x64\x18" - "\xAA\x32\xCE\x29\xED\xC0\xA2\xCB" - "\x8D\xAF\xCD\xBE\x8F\xB6\xEC\xB4" - "\x89\x05\x81\x6E\x71\x4F\xC3\x28" - "\x10\xC1\x62\xC4\x41\xE9\xD2\x39" - "\xF3\x22\x39\x12\x2C\xC2\x95\x2D" - "\xBF\x93\x58\x4B\x04\xD1\x8D\x57" - "\xAE\xEB\x60\x03\x56\x35\xAD\x5A" - "\xE9\xC3\xFF\x4E\x31\xE1\x37\xF8" - "\x7D\xEE\x65\x8A\xB6\x88\x1A\x3E" - "\x07\x09\x82\xBA\xF0\x80\x8A\xD0" - "\xA0\x3F\x6A\xE9\x24\x87\x19\x65" - "\x73\x3F\x12\x91\x47\x54\xBA\x39" - "\x30\x5B\x1E\xE5\xC2\xF9\x3F\xEF" - "\xD6\x75\xF9\xB8\x7C\x8B\x05\x76" - "\xEE\xB7\x08\x25\x4B\xB6\x7B\x47" - "\x72\xC0\x4C\xD4\xDA\xE0\x75\xF1" - "\x7C\xE8\x94\x9E\x16\x6E\xB8\x12" - "\xA1\xC1\x6E\x3B\x1C\x59\x41\x2D" - "\x23\xFA\x7D\x77\xB8\x46\x75\xFE" - "\x4F\x10\xD3\x09\x60\xA1\x36\x96" - "\x5B\xC2\xDC\x6E\x84\x7D\x9B\x14" - "\x80\x21\x83\x58\x3C\x76\xFD\x28" - "\x1D\xF9\x93\x13\xD7\x0E\x62\x14" - "\x5A\xC5\x4E\x08\xA5\x56\xA4\x3C" - "\x68\x93\x44\x70\xDF\xCF\x4A\x51" - "\x0B\x81\x29\x41\xE5\x62\x4D\x36" - "\xB3\xEA\x94\xA6\xB9\xDD\x3F\x09" - "\x62\x34\xA0\x6A\x7E\x7D\xF5\xF6" - "\x01\x91\xB4\x27\xDA\x59\xD6\x17" - "\x56\x4D\x82\x62\x37\xA3\x48\x01" - "\x99\x91\x77\xB2\x08\x6B\x2C\x37" - "\xC5\x5C\xAD\xB6\x07\xB6\x84\xF3" - "\x4D\x59\x7D\xC5\x28\x69\xFA\x92" - "\x22\x46\x89\x2D\x0F\x2B\x08\x24", - .ilen = 496, - .result = "\x56\xED\x84\x1B\x8F\x26\xBD\x31" - "\xC8\x5F\xF6\x6A\x01\x98\x0C\xA3" - "\x3A\xD1\x45\xDC\x73\x0A\x7E\x15" - "\xAC\x20\xB7\x4E\xE5\x59\xF0\x87" - "\x1E\x92\x29\xC0\x34\xCB\x62\xF9" - "\x6D\x04\x9B\x0F\xA6\x3D\xD4\x48" - "\xDF\x76\x0D\x81\x18\xAF\x23\xBA" - "\x51\xE8\x5C\xF3\x8A\x21\x95\x2C" - "\xC3\x37\xCE\x65\xFC\x70\x07\x9E" - "\x12\xA9\x40\xD7\x4B\xE2\x79\x10" - "\x84\x1B\xB2\x26\xBD\x54\xEB\x5F" - "\xF6\x8D\x01\x98\x2F\xC6\x3A\xD1" - "\x68\xFF\x73\x0A\xA1\x15\xAC\x43" - "\xDA\x4E\xE5\x7C\x13\x87\x1E\xB5" - "\x29\xC0\x57\xEE\x62\xF9\x90\x04" - "\x9B\x32\xC9\x3D\xD4\x6B\x02\x76" - "\x0D\xA4\x18\xAF\x46\xDD\x51\xE8" - "\x7F\x16\x8A\x21\xB8\x2C\xC3\x5A" - "\xF1\x65\xFC\x93\x07\x9E\x35\xCC" - "\x40\xD7\x6E\x05\x79\x10\xA7\x1B" - "\xB2\x49\xE0\x54\xEB\x82\x19\x8D" - "\x24\xBB\x2F\xC6\x5D\xF4\x68\xFF" - "\x96\x0A\xA1\x38\xCF\x43\xDA\x71" - "\x08\x7C\x13\xAA\x1E\xB5\x4C\xE3" - "\x57\xEE\x85\x1C\x90\x27\xBE\x32" - "\xC9\x60\xF7\x6B\x02\x99\x0D\xA4" - "\x3B\xD2\x46\xDD\x74\x0B\x7F\x16" - "\xAD\x21\xB8\x4F\xE6\x5A\xF1\x88" - "\x1F\x93\x2A\xC1\x35\xCC\x63\xFA" - "\x6E\x05\x9C\x10\xA7\x3E\xD5\x49" - "\xE0\x77\x0E\x82\x19\xB0\x24\xBB" - "\x52\xE9\x5D\xF4\x8B\x22\x96\x2D" - "\xC4\x38\xCF\x66\xFD\x71\x08\x9F" - "\x13\xAA\x41\xD8\x4C\xE3\x7A\x11" - "\x85\x1C\xB3\x27\xBE\x55\xEC\x60" - "\xF7\x8E\x02\x99\x30\xC7\x3B\xD2" - "\x69\x00\x74\x0B\xA2\x16\xAD\x44" - "\xDB\x4F\xE6\x7D\x14\x88\x1F\xB6" - "\x2A\xC1\x58\xEF\x63\xFA\x91\x05" - "\x9C\x33\xCA\x3E\xD5\x6C\x03\x77" - "\x0E\xA5\x19\xB0\x47\xDE\x52\xE9" - "\x80\x17\x8B\x22\xB9\x2D\xC4\x5B" - "\xF2\x66\xFD\x94\x08\x9F\x36\xCD" - "\x41\xD8\x6F\x06\x7A\x11\xA8\x1C" - "\xB3\x4A\xE1\x55\xEC\x83\x1A\x8E" - "\x25\xBC\x30\xC7\x5E\xF5\x69\x00" - "\x97\x0B\xA2\x39\xD0\x44\xDB\x72" - "\x09\x7D\x14\xAB\x1F\xB6\x4D\xE4" - "\x58\xEF\x86\x1D\x91\x28\xBF\x33" - "\xCA\x61\xF8\x6C\x03\x9A\x0E\xA5" - "\x3C\xD3\x47\xDE\x75\x0C\x80\x17" - "\xAE\x22\xB9\x50\xE7\x5B\xF2\x89" - "\x20\x94\x2B\xC2\x36\xCD\x64\xFB" - "\x6F\x06\x9D\x11\xA8\x3F\xD6\x4A" - "\xE1\x78\x0F\x83\x1A\xB1\x25\xBC" - "\x53\xEA\x5E\xF5\x8C\x00\x97\x2E" - "\xC5\x39\xD0\x67\xFE\x72\x09\xA0" - "\x14\xAB\x42\xD9\x4D\xE4\x7B\x12" - "\x86\x1D\xB4\x28\xBF\x56\xED\x61" - "\xF8\x8F\x03\x9A\x31\xC8\x3C\xD3" - "\x6A\x01\x75\x0C\xA3\x17\xAE\x45" - "\xDC\x50\xE7\x7E\x15\x89\x20\xB7", - .rlen = 496, - .also_non_np = 1, - .np = 3, - .tap = { 496 - 20, 4, 16 }, - }, -}; - -static const struct cipher_testvec cast6_ctr_enc_tv_template[] = { - { /* Generated from TF test vectors */ - .key = "\x85\x62\x3F\x1C\xF9\xD6\x1C\xF9" - "\xD6\xB3\x90\x6D\x4A\x90\x6D\x4A" - "\x27\x04\xE1\x27\x04\xE1\xBE\x9B" - "\x78\xBE\x9B\x78\x55\x32\x0F\x55", - .klen = 32, - .iv = "\xE2\x24\x89\xEE\x53\xB8\x1D\x5F" - "\xC4\x29\x8E\xF3\x35\x9A\xFF\x64", - .input = "\x56\xED\x84\x1B\x8F\x26\xBD\x31" + .ptext = "\x56\xED\x84\x1B\x8F\x26\xBD\x31" "\xC8\x5F\xF6\x6A\x01\x98\x0C\xA3" "\x3A", - .ilen = 17, - .result = "\x26\x0A\xF1\xE2\x3F\x8A\xEF\xA3" + .ctext = "\x26\x0A\xF1\xE2\x3F\x8A\xEF\xA3" "\x53\x9A\x5E\x1B\x2A\x1A\xC6\x0A" "\x57", - .rlen = 17, + .len = 17, }, { /* Generated from TF test vectors */ .key = "\x85\x62\x3F\x1C\xF9\xD6\x1C\xF9" "\xD6\xB3\x90\x6D\x4A\x90\x6D\x4A" @@ -16849,7 +11211,7 @@ static const struct cipher_testvec cast6_ctr_enc_tv_template[] = { .klen = 32, .iv = "\xE2\x24\x89\xEE\x53\xB8\x1D\x5F" "\xC4\x29\x8E\xF3\x35\x9A\xFF\x64", - .input = "\x56\xED\x84\x1B\x8F\x26\xBD\x31" + .ptext = "\x56\xED\x84\x1B\x8F\x26\xBD\x31" "\xC8\x5F\xF6\x6A\x01\x98\x0C\xA3" "\x3A\xD1\x45\xDC\x73\x0A\x7E\x15" "\xAC\x20\xB7\x4E\xE5\x59\xF0\x87" @@ -16911,8 +11273,7 @@ static const struct cipher_testvec cast6_ctr_enc_tv_template[] = { "\xF8\x8F\x03\x9A\x31\xC8\x3C\xD3" "\x6A\x01\x75\x0C\xA3\x17\xAE\x45" "\xDC\x50\xE7\x7E\x15\x89\x20\xB7", - .ilen = 496, - .result = "\x26\x0A\xF1\xE2\x3F\x8A\xEF\xA3" + .ctext = "\x26\x0A\xF1\xE2\x3F\x8A\xEF\xA3" "\x53\x9A\x5E\x1B\x2A\x1A\xC6\x0A" "\x57\xA3\xEF\x47\x2A\xE8\x88\xA7" "\x3C\xD0\xEC\xB9\x94\x50\x7D\x56" @@ -16974,171 +11335,14 @@ static const struct cipher_testvec cast6_ctr_enc_tv_template[] = { "\x9B\x66\x8D\x32\xBA\x81\x34\x87" "\x0E\x74\x33\x30\x62\xB9\x89\xDF" "\xF9\xC5\xDD\x27\xB3\x39\xCB\xCB", - .rlen = 496, + .len = 496, .also_non_np = 1, .np = 3, .tap = { 496 - 20, 4, 16 }, }, }; -static const struct cipher_testvec cast6_ctr_dec_tv_template[] = { - { /* Generated from TF test vectors */ - .key = "\x85\x62\x3F\x1C\xF9\xD6\x1C\xF9" - "\xD6\xB3\x90\x6D\x4A\x90\x6D\x4A" - "\x27\x04\xE1\x27\x04\xE1\xBE\x9B" - "\x78\xBE\x9B\x78\x55\x32\x0F\x55", - .klen = 32, - .iv = "\xE2\x24\x89\xEE\x53\xB8\x1D\x5F" - "\xC4\x29\x8E\xF3\x35\x9A\xFF\x64", - .input = "\x26\x0A\xF1\xE2\x3F\x8A\xEF\xA3" - "\x53\x9A\x5E\x1B\x2A\x1A\xC6\x0A" - "\x57", - .ilen = 17, - .result = "\x56\xED\x84\x1B\x8F\x26\xBD\x31" - "\xC8\x5F\xF6\x6A\x01\x98\x0C\xA3" - "\x3A", - .rlen = 17, - }, { /* Generated from TF test vectors */ - .key = "\x85\x62\x3F\x1C\xF9\xD6\x1C\xF9" - "\xD6\xB3\x90\x6D\x4A\x90\x6D\x4A" - "\x27\x04\xE1\x27\x04\xE1\xBE\x9B" - "\x78\xBE\x9B\x78\x55\x32\x0F\x55", - .klen = 32, - .iv = "\xE2\x24\x89\xEE\x53\xB8\x1D\x5F" - "\xC4\x29\x8E\xF3\x35\x9A\xFF\x64", - .input = "\x26\x0A\xF1\xE2\x3F\x8A\xEF\xA3" - "\x53\x9A\x5E\x1B\x2A\x1A\xC6\x0A" - "\x57\xA3\xEF\x47\x2A\xE8\x88\xA7" - "\x3C\xD0\xEC\xB9\x94\x50\x7D\x56" - "\xBC\xE1\xC1\xF5\xE1\xEE\x12\xF8" - "\x4F\x03\x82\x3A\x93\x6B\x4C\xD3" - "\xE3\xF3\xFA\xC2\x23\x55\x98\x20" - "\x49\x76\x9B\x6B\xC1\x23\xBF\xE5" - "\xD4\xC4\x2F\x61\xE1\x67\x2A\x30" - "\x6F\x29\xCA\x54\xF8\x1B\xA6\x7D" - "\x66\x45\xEE\xC8\x19\xBE\x50\xF0" - "\x5F\x65\xF8\x1E\x4D\x07\x87\xD9" - "\xD3\xD9\x1B\x09\x89\xFD\x42\xC5" - "\xDB\xEB\x86\xF1\x67\x04\x0F\x5C" - "\x81\xDF\x82\x12\xC7\x4C\x1B\x07" - "\xDE\xE6\xFA\x29\x86\xD1\xB0\xBA" - "\x3D\x6A\x69\x76\xEC\x0F\xB4\xE6" - "\xCD\xA7\xF8\xA8\xB8\xE0\x33\xF5" - "\x49\x61\x22\x52\x64\x8C\x46\x41" - "\x1F\x48\x5F\x4F\xA2\x89\x36\x17" - "\x20\xF8\x2F\x8F\x4B\xFA\xF2\xC0" - "\x1E\x18\xA2\xF8\xB7\x6D\x98\xE3" - "\x00\x14\x15\x59\xC1\x30\x64\xAF" - "\xA8\x01\x38\xAB\xD4\x8B\xEC\x7C" - "\x44\x9A\xC6\x2C\x2E\x2B\x2B\xF4" - "\x02\x37\xC4\x69\xEF\x36\xC1\xF3" - "\xA0\xFB\xFE\x29\xAD\x39\xCF\xD0" - "\x51\x73\xA3\x22\x42\x41\xAB\xD2" - "\x0F\x50\x14\xB9\x54\xD3\xD4\xFA" - "\xBF\xC9\xBB\xCE\xC4\x1D\x2D\xAF" - "\xC9\x3F\x07\x87\x42\x4B\x3A\x54" - "\x34\x8E\x37\xA3\x03\x6F\x65\x66" - "\xDB\x44\xC3\xE8\xD7\xDD\x7D\xDD" - "\x61\xB4\x2B\x80\xA3\x98\x13\xF5" - "\x5A\xD3\x34\x58\xC3\x6E\xF6\xB8" - "\x0A\xC6\x50\x01\x8E\xD5\x6C\x7D" - "\xFE\x16\xB6\xCF\xFC\x51\x40\xAE" - "\xB3\x15\xAC\x90\x6F\x0B\x28\x3A" - "\x60\x40\x38\x90\x20\x46\xC7\xB3" - "\x0B\x12\x6D\x3B\x15\x14\xF9\xF4" - "\x11\x41\x76\x6B\xB3\x60\x82\x3C" - "\x84\xFB\x08\x2E\x92\x25\xCB\x79" - "\x6F\x58\xC5\x94\x00\x00\x47\xB6" - "\x9E\xDC\x0F\x29\x70\x46\x20\x76" - "\x65\x75\x66\x5C\x00\x96\xB3\xE1" - "\x0B\xA7\x11\x8B\x2E\x61\x4E\x45" - "\x73\xFC\x91\xAB\x79\x41\x23\x14" - "\x13\xB6\x72\x6C\x46\xB3\x03\x11" - "\xE4\xF1\xEE\xC9\x7A\xCF\x96\x32" - "\xB6\xF0\x8B\x97\xB4\xCF\x82\xB7" - "\x15\x48\x44\x99\x09\xF6\xE0\xD7" - "\xBC\xF1\x5B\x91\x4F\x30\x22\xA2" - "\x45\xC4\x68\x55\xC2\xBE\xA7\xD2" - "\x12\x53\x35\x9C\xF9\xE7\x35\x5D" - "\x81\xE4\x86\x42\xC3\x58\xFB\xF0" - "\x38\x9B\x8E\x5A\xEF\x83\x33\x0F" - "\x00\x4E\x3F\x9F\xF5\x84\x62\xC4" - "\x19\x35\x88\x22\x45\x59\x0E\x8F" - "\xEC\x27\xDD\x4A\xA4\x1F\xBC\x41" - "\x9B\x66\x8D\x32\xBA\x81\x34\x87" - "\x0E\x74\x33\x30\x62\xB9\x89\xDF" - "\xF9\xC5\xDD\x27\xB3\x39\xCB\xCB", - .ilen = 496, - .result = "\x56\xED\x84\x1B\x8F\x26\xBD\x31" - "\xC8\x5F\xF6\x6A\x01\x98\x0C\xA3" - "\x3A\xD1\x45\xDC\x73\x0A\x7E\x15" - "\xAC\x20\xB7\x4E\xE5\x59\xF0\x87" - "\x1E\x92\x29\xC0\x34\xCB\x62\xF9" - "\x6D\x04\x9B\x0F\xA6\x3D\xD4\x48" - "\xDF\x76\x0D\x81\x18\xAF\x23\xBA" - "\x51\xE8\x5C\xF3\x8A\x21\x95\x2C" - "\xC3\x37\xCE\x65\xFC\x70\x07\x9E" - "\x12\xA9\x40\xD7\x4B\xE2\x79\x10" - "\x84\x1B\xB2\x26\xBD\x54\xEB\x5F" - "\xF6\x8D\x01\x98\x2F\xC6\x3A\xD1" - "\x68\xFF\x73\x0A\xA1\x15\xAC\x43" - "\xDA\x4E\xE5\x7C\x13\x87\x1E\xB5" - "\x29\xC0\x57\xEE\x62\xF9\x90\x04" - "\x9B\x32\xC9\x3D\xD4\x6B\x02\x76" - "\x0D\xA4\x18\xAF\x46\xDD\x51\xE8" - "\x7F\x16\x8A\x21\xB8\x2C\xC3\x5A" - "\xF1\x65\xFC\x93\x07\x9E\x35\xCC" - "\x40\xD7\x6E\x05\x79\x10\xA7\x1B" - "\xB2\x49\xE0\x54\xEB\x82\x19\x8D" - "\x24\xBB\x2F\xC6\x5D\xF4\x68\xFF" - "\x96\x0A\xA1\x38\xCF\x43\xDA\x71" - "\x08\x7C\x13\xAA\x1E\xB5\x4C\xE3" - "\x57\xEE\x85\x1C\x90\x27\xBE\x32" - "\xC9\x60\xF7\x6B\x02\x99\x0D\xA4" - "\x3B\xD2\x46\xDD\x74\x0B\x7F\x16" - "\xAD\x21\xB8\x4F\xE6\x5A\xF1\x88" - "\x1F\x93\x2A\xC1\x35\xCC\x63\xFA" - "\x6E\x05\x9C\x10\xA7\x3E\xD5\x49" - "\xE0\x77\x0E\x82\x19\xB0\x24\xBB" - "\x52\xE9\x5D\xF4\x8B\x22\x96\x2D" - "\xC4\x38\xCF\x66\xFD\x71\x08\x9F" - "\x13\xAA\x41\xD8\x4C\xE3\x7A\x11" - "\x85\x1C\xB3\x27\xBE\x55\xEC\x60" - "\xF7\x8E\x02\x99\x30\xC7\x3B\xD2" - "\x69\x00\x74\x0B\xA2\x16\xAD\x44" - "\xDB\x4F\xE6\x7D\x14\x88\x1F\xB6" - "\x2A\xC1\x58\xEF\x63\xFA\x91\x05" - "\x9C\x33\xCA\x3E\xD5\x6C\x03\x77" - "\x0E\xA5\x19\xB0\x47\xDE\x52\xE9" - "\x80\x17\x8B\x22\xB9\x2D\xC4\x5B" - "\xF2\x66\xFD\x94\x08\x9F\x36\xCD" - "\x41\xD8\x6F\x06\x7A\x11\xA8\x1C" - "\xB3\x4A\xE1\x55\xEC\x83\x1A\x8E" - "\x25\xBC\x30\xC7\x5E\xF5\x69\x00" - "\x97\x0B\xA2\x39\xD0\x44\xDB\x72" - "\x09\x7D\x14\xAB\x1F\xB6\x4D\xE4" - "\x58\xEF\x86\x1D\x91\x28\xBF\x33" - "\xCA\x61\xF8\x6C\x03\x9A\x0E\xA5" - "\x3C\xD3\x47\xDE\x75\x0C\x80\x17" - "\xAE\x22\xB9\x50\xE7\x5B\xF2\x89" - "\x20\x94\x2B\xC2\x36\xCD\x64\xFB" - "\x6F\x06\x9D\x11\xA8\x3F\xD6\x4A" - "\xE1\x78\x0F\x83\x1A\xB1\x25\xBC" - "\x53\xEA\x5E\xF5\x8C\x00\x97\x2E" - "\xC5\x39\xD0\x67\xFE\x72\x09\xA0" - "\x14\xAB\x42\xD9\x4D\xE4\x7B\x12" - "\x86\x1D\xB4\x28\xBF\x56\xED\x61" - "\xF8\x8F\x03\x9A\x31\xC8\x3C\xD3" - "\x6A\x01\x75\x0C\xA3\x17\xAE\x45" - "\xDC\x50\xE7\x7E\x15\x89\x20\xB7", - .rlen = 496, - .also_non_np = 1, - .np = 3, - .tap = { 496 - 20, 4, 16 }, - }, -}; - -static const struct cipher_testvec cast6_lrw_enc_tv_template[] = { +static const struct cipher_testvec cast6_lrw_tv_template[] = { { /* Generated from TF test vectors */ .key = "\xf8\xd4\x76\xff\xd6\x46\xee\x6c" "\x23\x84\xcb\x1c\x77\xd6\x19\x5d" @@ -17149,7 +11353,7 @@ static const struct cipher_testvec cast6_lrw_enc_tv_template[] = { .klen = 48, .iv = "\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x01", - .input = "\x05\x11\xb7\x18\xab\xc6\x2d\xac" + .ptext = "\x05\x11\xb7\x18\xab\xc6\x2d\xac" "\x70\x5d\xf6\x22\x94\xcd\xe5\x6c" "\x17\x6b\xf6\x1c\xf0\xf3\x6e\xf8" "\x50\x38\x1f\x71\x49\xb6\x57\xd6" @@ -17213,90 +11417,7 @@ static const struct cipher_testvec cast6_lrw_enc_tv_template[] = { "\xa4\xc7\xa8\xb4\xf6\x13\x03\xf6" "\xe9\x2e\xc4\x29\x0f\x84\xdb\xc4" "\x21\xc4\xc2\x75\x67\x89\x37\x0a", - .ilen = 512, - .result = "\x55\x25\x09\x8B\xB5\xD5\xF8\xBF" - "\x37\x4A\xFE\x3C\x47\xD8\xE6\xEB" - "\xCA\xA4\x9B\xB0\xAB\x6D\x64\xCA" - "\x58\xB6\x73\xF0\xD7\x52\x34\xEF" - "\xFB\x3E\x96\x81\xB7\x71\x34\xA4" - "\x55\x20\xBE\x39\x5A\x2B\xF9\xD1" - "\x65\x0B\xDA\xD3\x7E\xB3\xA6\xF7" - "\x2E\x0B\x5A\x52\xDB\x39\x8C\x9B" - "\x61\x17\x5F\xAF\xB6\x5A\xC8\x08" - "\xA7\xB7\x2A\x11\x7C\x97\x38\x9D" - "\x59\x0E\x66\x59\x5E\xD8\x8B\xCE" - "\x70\xE0\xC3\x42\xB0\x8C\x0F\xBA" - "\xB2\x0D\x81\xB6\xBE\x61\x1C\x2D" - "\x7E\xEA\x91\x25\xAC\xEC\xF8\x28" - "\x80\x1D\xF0\x30\xBA\x62\x77\x7D" - "\xDB\x15\x69\xDF\xFA\x2A\x81\x64" - "\x95\x5B\xA4\x7F\x3E\x4F\xE3\x30" - "\xB0\x5C\xC2\x05\xF8\xF0\x29\xE7" - "\x0A\xA0\x66\xB2\x5D\x0F\x39\x2B" - "\xB4\xB3\x00\xA9\xD0\xAB\x63\x61" - "\x5E\xDB\xFC\x11\x74\x25\x96\x65" - "\xE8\xE2\x34\x57\x77\x15\x5E\x70" - "\xFF\x10\x90\xC3\x64\xF0\x11\x0A" - "\x63\x3A\xD3\x55\x92\x15\x4B\x0C" - "\xC7\x08\x89\x17\x3B\x99\xAD\x63" - "\xE7\x06\xDF\x52\xBC\x15\x64\x45" - "\x9D\x7A\xFB\x69\xBC\x2D\x6E\xA9" - "\x35\xD9\xD8\xF5\x0C\xC4\xA2\x23" - "\x9C\x18\x8B\xA8\x8C\xFE\xF8\x0E" - "\xBD\xAB\x60\x1A\x51\x17\x54\x27" - "\xB6\xE8\xBE\x0F\xA9\xA5\x82\x19" - "\x2F\x6F\x20\xA7\x47\xED\x74\x6C" - "\x4E\xC1\xF8\x8C\x14\xF3\xBB\x1F" - "\xED\x4D\x8F\x7C\x37\xEF\x19\xA1" - "\x07\x16\xDE\x76\xCC\x5E\x94\x02" - "\xFB\xBF\xE4\x81\x50\xCE\xFC\x0F" - "\x9E\xCF\x3D\xF6\x67\x00\xBF\xA7" - "\x6E\x21\x58\x36\x06\xDE\xB3\xD4" - "\xA2\xFA\xD8\x4E\xE0\xB9\x7F\x23" - "\x51\x21\x2B\x32\x68\xAA\xF8\xA8" - "\x93\x08\xB5\x6D\xE6\x43\x2C\xB7" - "\x31\xB2\x0F\xD0\xA2\x51\xC0\x25" - "\x30\xC7\x10\x3F\x97\x27\x01\x8E" - "\xFA\xD8\x4F\x78\xD8\x2E\x1D\xEB" - "\xA1\x37\x52\x0F\x7B\x5E\x87\xA8" - "\x22\xE2\xE6\x92\xA7\x5F\x11\x32" - "\xCC\x93\x34\xFC\xD1\x7E\xAE\x54" - "\xBC\x6A\x1B\x91\xD1\x2E\x21\xEC" - "\x5D\xF1\xC4\xF1\x55\x20\xBF\xE5" - "\x96\x3D\x69\x91\x20\x4E\xF2\x61" - "\xDA\x77\xFE\xEE\xC3\x74\x57\x2A" - "\x78\x39\xB0\xE0\xCF\x12\x56\xD6" - "\x05\xDC\xF9\x19\x66\x44\x1D\xF9" - "\x82\x37\xD4\xC2\x60\xB6\x31\xDF" - "\x0C\xAF\xBC\x8B\x55\x9A\xC8\x2D" - "\xAB\xA7\x88\x7B\x41\xE8\x29\xC9" - "\x9B\x8D\xA7\x00\x86\x25\xB6\x14" - "\xF5\x13\x73\xD7\x4B\x6B\x83\xF3" - "\xAF\x96\x00\xE4\xB7\x3C\x65\xA6" - "\x15\xB7\x94\x7D\x4E\x70\x4C\x75" - "\xF3\xB4\x02\xA9\x17\x1C\x7A\x0A" - "\xC0\xD5\x33\x11\x56\xDE\xDC\xF5" - "\x8D\xD9\xCD\x3B\x22\x67\x18\xC7" - "\xC4\xF5\x99\x61\xBC\xBB\x5B\x46", - .rlen = 512, - .also_non_np = 1, - .np = 3, - .tap = { 512 - 20, 4, 16 }, - }, -}; - -static const struct cipher_testvec cast6_lrw_dec_tv_template[] = { - { /* Generated from TF test vectors */ - .key = "\xf8\xd4\x76\xff\xd6\x46\xee\x6c" - "\x23\x84\xcb\x1c\x77\xd6\x19\x5d" - "\xfe\xf1\xa9\xf3\x7b\xbc\x8d\x21" - "\xa7\x9c\x21\xf8\xcb\x90\x02\x89" - "\xa8\x45\x34\x8e\xc8\xc5\xb5\xf1" - "\x26\xf5\x0e\x76\xfe\xfd\x1b\x1e", - .klen = 48, - .iv = "\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x01", - .input = "\x55\x25\x09\x8B\xB5\xD5\xF8\xBF" + .ctext = "\x55\x25\x09\x8B\xB5\xD5\xF8\xBF" "\x37\x4A\xFE\x3C\x47\xD8\xE6\xEB" "\xCA\xA4\x9B\xB0\xAB\x6D\x64\xCA" "\x58\xB6\x73\xF0\xD7\x52\x34\xEF" @@ -17360,79 +11481,14 @@ static const struct cipher_testvec cast6_lrw_dec_tv_template[] = { "\xC0\xD5\x33\x11\x56\xDE\xDC\xF5" "\x8D\xD9\xCD\x3B\x22\x67\x18\xC7" "\xC4\xF5\x99\x61\xBC\xBB\x5B\x46", - .ilen = 512, - .result = "\x05\x11\xb7\x18\xab\xc6\x2d\xac" - "\x70\x5d\xf6\x22\x94\xcd\xe5\x6c" - "\x17\x6b\xf6\x1c\xf0\xf3\x6e\xf8" - "\x50\x38\x1f\x71\x49\xb6\x57\xd6" - "\x8f\xcb\x8d\x6b\xe3\xa6\x29\x90" - "\xfe\x2a\x62\x82\xae\x6d\x8b\xf6" - "\xad\x1e\x9e\x20\x5f\x38\xbe\x04" - "\xda\x10\x8e\xed\xa2\xa4\x87\xab" - "\xda\x6b\xb4\x0c\x75\xba\xd3\x7c" - "\xc9\xac\x42\x31\x95\x7c\xc9\x04" - "\xeb\xd5\x6e\x32\x69\x8a\xdb\xa6" - "\x15\xd7\x3f\x4f\x2f\x66\x69\x03" - "\x9c\x1f\x54\x0f\xde\x1f\xf3\x65" - "\x4c\x96\x12\xed\x7c\x92\x03\x01" - "\x6f\xbc\x35\x93\xac\xf1\x27\xf1" - "\xb4\x96\x82\x5a\x5f\xb0\xa0\x50" - "\x89\xa4\x8e\x66\x44\x85\xcc\xfd" - "\x33\x14\x70\xe3\x96\xb2\xc3\xd3" - "\xbb\x54\x5a\x1a\xf9\x74\xa2\xc5" - "\x2d\x64\x75\xdd\xb4\x54\xe6\x74" - "\x8c\xd3\x9d\x9e\x86\xab\x51\x53" - "\xb7\x93\x3e\x6f\xd0\x4e\x2c\x40" - "\xf6\xa8\x2e\x3e\x9d\xf4\x66\xa5" - "\x76\x12\x73\x44\x1a\x56\xd7\x72" - "\x88\xcd\x21\x8c\x4c\x0f\xfe\xda" - "\x95\xe0\x3a\xa6\xa5\x84\x46\xcd" - "\xd5\x3e\x9d\x3a\xe2\x67\xe6\x60" - "\x1a\xe2\x70\x85\x58\xc2\x1b\x09" - "\xe1\xd7\x2c\xca\xad\xa8\x8f\xf9" - "\xac\xb3\x0e\xdb\xca\x2e\xe2\xb8" - "\x51\x71\xd9\x3c\x6c\xf1\x56\xf8" - "\xea\x9c\xf1\xfb\x0c\xe6\xb7\x10" - "\x1c\xf8\xa9\x7c\xe8\x53\x35\xc1" - "\x90\x3e\x76\x4a\x74\xa4\x21\x2c" - "\xf6\x2c\x4e\x0f\x94\x3a\x88\x2e" - "\x41\x09\x6a\x33\x7d\xf6\xdd\x3f" - "\x8d\x23\x31\x74\x84\xeb\x88\x6e" - "\xcc\xb9\xbc\x22\x83\x19\x07\x22" - "\xa5\x2d\xdf\xa5\xf3\x80\x85\x78" - "\x84\x39\x6a\x6d\x6a\x99\x4f\xa5" - "\x15\xfe\x46\xb0\xe4\x6c\xa5\x41" - "\x3c\xce\x8f\x42\x60\x71\xa7\x75" - "\x08\x40\x65\x8a\x82\xbf\xf5\x43" - "\x71\x96\xa9\x4d\x44\x8a\x20\xbe" - "\xfa\x4d\xbb\xc0\x7d\x31\x96\x65" - "\xe7\x75\xe5\x3e\xfd\x92\x3b\xc9" - "\x55\xbb\x16\x7e\xf7\xc2\x8c\xa4" - "\x40\x1d\xe5\xef\x0e\xdf\xe4\x9a" - "\x62\x73\x65\xfd\x46\x63\x25\x3d" - "\x2b\xaf\xe5\x64\xfe\xa5\x5c\xcf" - "\x24\xf3\xb4\xac\x64\xba\xdf\x4b" - "\xc6\x96\x7d\x81\x2d\x8d\x97\xf7" - "\xc5\x68\x77\x84\x32\x2b\xcc\x85" - "\x74\x96\xf0\x12\x77\x61\xb9\xeb" - "\x71\xaa\x82\xcb\x1c\xdb\x89\xc8" - "\xc6\xb5\xe3\x5c\x7d\x39\x07\x24" - "\xda\x39\x87\x45\xc0\x2b\xbb\x01" - "\xac\xbc\x2a\x5c\x7f\xfc\xe8\xce" - "\x6d\x9c\x6f\xed\xd3\xc1\xa1\xd6" - "\xc5\x55\xa9\x66\x2f\xe1\xc8\x32" - "\xa6\x5d\xa4\x3a\x98\x73\xe8\x45" - "\xa4\xc7\xa8\xb4\xf6\x13\x03\xf6" - "\xe9\x2e\xc4\x29\x0f\x84\xdb\xc4" - "\x21\xc4\xc2\x75\x67\x89\x37\x0a", - .rlen = 512, + .len = 512, .also_non_np = 1, .np = 3, .tap = { 512 - 20, 4, 16 }, }, }; -static const struct cipher_testvec cast6_xts_enc_tv_template[] = { +static const struct cipher_testvec cast6_xts_tv_template[] = { { /* Generated from TF test vectors */ .key = "\x27\x18\x28\x18\x28\x45\x90\x45" "\x23\x53\x60\x28\x74\x71\x35\x26" @@ -17445,7 +11501,7 @@ static const struct cipher_testvec cast6_xts_enc_tv_template[] = { .klen = 64, .iv = "\xff\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00", - .input = "\x00\x01\x02\x03\x04\x05\x06\x07" + .ptext = "\x00\x01\x02\x03\x04\x05\x06\x07" "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f" "\x10\x11\x12\x13\x14\x15\x16\x17" "\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f" @@ -17509,8 +11565,7 @@ static const struct cipher_testvec cast6_xts_enc_tv_template[] = { "\xe8\xe9\xea\xeb\xec\xed\xee\xef" "\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7" "\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff", - .ilen = 512, - .result = "\xDE\x6F\x22\xA5\xE8\x39\xE8\x78" + .ctext = "\xDE\x6F\x22\xA5\xE8\x39\xE8\x78" "\x88\x5A\x4F\x8D\x82\x76\x52\x6D" "\xB2\x41\x16\xF4\x2B\xA6\xEB\xF6" "\xE2\xC5\x62\x8D\x61\xA1\x01\xED" @@ -17574,207 +11629,54 @@ static const struct cipher_testvec cast6_xts_enc_tv_template[] = { "\x45\x72\x80\x17\x81\xBD\x9D\x62" "\xA1\xAC\xE8\xCF\xC6\x74\xCF\xDC" "\x22\x60\x4E\xE8\xA4\x5D\x85\xB9", - .rlen = 512, - .also_non_np = 1, - .np = 3, - .tap = { 512 - 20, 4, 16 }, - }, -}; - -static const struct cipher_testvec cast6_xts_dec_tv_template[] = { - { /* Generated from TF test vectors */ - .key = "\x27\x18\x28\x18\x28\x45\x90\x45" - "\x23\x53\x60\x28\x74\x71\x35\x26" - "\x62\x49\x77\x57\x24\x70\x93\x69" - "\x99\x59\x57\x49\x66\x96\x76\x27" - "\x31\x41\x59\x26\x53\x58\x97\x93" - "\x23\x84\x62\x64\x33\x83\x27\x95" - "\x02\x88\x41\x97\x16\x93\x99\x37" - "\x51\x05\x82\x09\x74\x94\x45\x92", - .klen = 64, - .iv = "\xff\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00", - .input = "\xDE\x6F\x22\xA5\xE8\x39\xE8\x78" - "\x88\x5A\x4F\x8D\x82\x76\x52\x6D" - "\xB2\x41\x16\xF4\x2B\xA6\xEB\xF6" - "\xE2\xC5\x62\x8D\x61\xA1\x01\xED" - "\xD9\x38\x01\xC1\x43\x63\x4E\x88" - "\xC9\x4B\x5A\x88\x80\xB7\x5C\x71" - "\x47\xEE\x11\xD8\xB7\x2D\x5D\x13" - "\x1A\xB1\x68\x5B\x61\xA7\xA9\x81" - "\x8B\x83\xA1\x6A\xAA\x36\xD6\xB6" - "\x60\x54\x09\x32\xFE\x6A\x76\x2E" - "\x28\xFF\xD5\xD6\xDD\x1D\x45\x7D" - "\xF0\x8B\xF3\x32\x4E\x6C\x12\xCB" - "\xB8\x25\x70\xF8\x40\xBC\x90\x1B" - "\x11\xC3\x59\xAF\xF0\x2F\x92\xDD" - "\xD3\x3B\xCF\x60\xA1\x78\x94\x57" - "\xAF\x76\xC1\x67\xA6\x3C\xCD\x98" - "\xB1\xF7\x27\xB9\xA3\xBD\x10\xEA" - "\xCD\x8B\xC2\xF2\x14\xF2\xB2\x67" - "\x05\xDD\x1D\x58\x6E\x2F\x95\x08" - "\x3A\xF8\x78\x76\x82\x56\xA7\xEC" - "\x51\x4B\x85\x77\xC2\x4C\x4A\x34" - "\x71\x38\x17\x91\x44\xE8\xFC\x65" - "\x99\x0D\x52\x91\xEE\xF8\xEF\x27" - "\x2A\x9E\x6E\x78\xC4\x26\x87\xF4" - "\x8A\xF0\x2D\x04\xE8\x14\x92\x5D" - "\x59\x22\x9B\x29\x5C\x18\xF0\xC3" - "\x47\xF3\x76\xD8\xE4\xF3\x1B\xD1" - "\x70\xA3\x0D\xB5\x70\x02\x1D\xA3" - "\x91\x3B\x49\x73\x18\xAB\xD4\xC9" - "\xC3\x1E\xEF\x1F\xFE\xD5\x59\x8A" - "\xD7\xF6\xC9\x71\x67\x79\xD7\x0E" - "\xBE\x1F\x8E\xEC\x55\x7E\x4F\x24" - "\xE6\x87\xEA\xFE\x96\x25\x67\x8E" - "\x93\x03\xFA\xFF\xCE\xAF\xB2\x3C" - "\x6F\xEB\x57\xFB\xD3\x28\x87\xA9" - "\xCE\xC2\xF5\x9C\xC6\x67\xB5\x97" - "\x49\xF7\x04\xCB\xEF\x84\x98\x33" - "\xAF\x38\xD3\x04\x1C\x24\x71\x38" - "\xC7\x71\xDD\x43\x0D\x12\x4A\x18" - "\xBA\xC4\xAF\xBA\xB2\x5B\xEB\x95" - "\x02\x43\x5D\xCE\x19\xCC\xCD\x66" - "\x91\x0B\x8C\x7F\x51\xC4\xBF\x3C" - "\x8B\xF1\xCC\xAA\x29\xD7\x87\xCB" - "\x3E\xC5\xF3\xC9\x75\xE8\xA3\x5B" - "\x30\x45\xA9\xB7\xAF\x80\x64\x6F" - "\x75\x4A\xA7\xC0\x6D\x19\x6B\xDE" - "\x17\xDE\x6D\xEA\x87\x9F\x95\xAE" - "\xF5\x3C\xEE\x54\xB8\x27\x84\xF8" - "\x97\xA3\xE1\x6F\x38\x24\x34\x88" - "\xCE\xBD\x32\x52\xE0\x00\x6C\x94" - "\xC9\xD7\x5D\x37\x81\x33\x2E\x7F" - "\x4F\x7E\x2E\x0D\x94\xBD\xEA\x59" - "\x34\x39\xA8\x35\x12\xB7\xBC\xAC" - "\xEA\x52\x9C\x78\x02\x6D\x92\x36" - "\xFB\x59\x2B\xA4\xEA\x7B\x1B\x83" - "\xE1\x4D\x5E\x2A\x7E\x92\xB1\x64" - "\xDE\xE0\x27\x4B\x0A\x6F\x4C\xE3" - "\xB0\xEB\x31\xE4\x69\x95\xAB\x35" - "\x8B\x2C\xF5\x6B\x7F\xF1\xA2\x82" - "\xF8\xD9\x47\x82\xA9\x82\x03\x91" - "\x69\x1F\xBE\x4C\xE7\xC7\x34\x2F" - "\x45\x72\x80\x17\x81\xBD\x9D\x62" - "\xA1\xAC\xE8\xCF\xC6\x74\xCF\xDC" - "\x22\x60\x4E\xE8\xA4\x5D\x85\xB9", - .ilen = 512, - .result = "\x00\x01\x02\x03\x04\x05\x06\x07" - "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f" - "\x10\x11\x12\x13\x14\x15\x16\x17" - "\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f" - "\x20\x21\x22\x23\x24\x25\x26\x27" - "\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f" - "\x30\x31\x32\x33\x34\x35\x36\x37" - "\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f" - "\x40\x41\x42\x43\x44\x45\x46\x47" - "\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f" - "\x50\x51\x52\x53\x54\x55\x56\x57" - "\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f" - "\x60\x61\x62\x63\x64\x65\x66\x67" - "\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f" - "\x70\x71\x72\x73\x74\x75\x76\x77" - "\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f" - "\x80\x81\x82\x83\x84\x85\x86\x87" - "\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f" - "\x90\x91\x92\x93\x94\x95\x96\x97" - "\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f" - "\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7" - "\xa8\xa9\xaa\xab\xac\xad\xae\xaf" - "\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7" - "\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf" - "\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7" - "\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf" - "\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7" - "\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf" - "\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7" - "\xe8\xe9\xea\xeb\xec\xed\xee\xef" - "\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7" - "\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff" - "\x00\x01\x02\x03\x04\x05\x06\x07" - "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f" - "\x10\x11\x12\x13\x14\x15\x16\x17" - "\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f" - "\x20\x21\x22\x23\x24\x25\x26\x27" - "\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f" - "\x30\x31\x32\x33\x34\x35\x36\x37" - "\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f" - "\x40\x41\x42\x43\x44\x45\x46\x47" - "\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f" - "\x50\x51\x52\x53\x54\x55\x56\x57" - "\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f" - "\x60\x61\x62\x63\x64\x65\x66\x67" - "\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f" - "\x70\x71\x72\x73\x74\x75\x76\x77" - "\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f" - "\x80\x81\x82\x83\x84\x85\x86\x87" - "\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f" - "\x90\x91\x92\x93\x94\x95\x96\x97" - "\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f" - "\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7" - "\xa8\xa9\xaa\xab\xac\xad\xae\xaf" - "\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7" - "\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf" - "\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7" - "\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf" - "\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7" - "\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf" - "\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7" - "\xe8\xe9\xea\xeb\xec\xed\xee\xef" - "\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7" - "\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff", - .rlen = 512, + .len = 512, .also_non_np = 1, .np = 3, .tap = { 512 - 20, 4, 16 }, }, }; - /* * AES test vectors. */ -static const struct cipher_testvec aes_enc_tv_template[] = { +static const struct cipher_testvec aes_tv_template[] = { { /* From FIPS-197 */ .key = "\x00\x01\x02\x03\x04\x05\x06\x07" "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f", .klen = 16, - .input = "\x00\x11\x22\x33\x44\x55\x66\x77" + .ptext = "\x00\x11\x22\x33\x44\x55\x66\x77" "\x88\x99\xaa\xbb\xcc\xdd\xee\xff", - .ilen = 16, - .result = "\x69\xc4\xe0\xd8\x6a\x7b\x04\x30" + .ctext = "\x69\xc4\xe0\xd8\x6a\x7b\x04\x30" "\xd8\xcd\xb7\x80\x70\xb4\xc5\x5a", - .rlen = 16, + .len = 16, }, { .key = "\x00\x01\x02\x03\x04\x05\x06\x07" "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f" "\x10\x11\x12\x13\x14\x15\x16\x17", .klen = 24, - .input = "\x00\x11\x22\x33\x44\x55\x66\x77" + .ptext = "\x00\x11\x22\x33\x44\x55\x66\x77" "\x88\x99\xaa\xbb\xcc\xdd\xee\xff", - .ilen = 16, - .result = "\xdd\xa9\x7c\xa4\x86\x4c\xdf\xe0" + .ctext = "\xdd\xa9\x7c\xa4\x86\x4c\xdf\xe0" "\x6e\xaf\x70\xa0\xec\x0d\x71\x91", - .rlen = 16, + .len = 16, }, { .key = "\x00\x01\x02\x03\x04\x05\x06\x07" "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f" "\x10\x11\x12\x13\x14\x15\x16\x17" "\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f", .klen = 32, - .input = "\x00\x11\x22\x33\x44\x55\x66\x77" + .ptext = "\x00\x11\x22\x33\x44\x55\x66\x77" "\x88\x99\xaa\xbb\xcc\xdd\xee\xff", - .ilen = 16, - .result = "\x8e\xa2\xb7\xca\x51\x67\x45\xbf" + .ctext = "\x8e\xa2\xb7\xca\x51\x67\x45\xbf" "\xea\xfc\x49\x90\x4b\x49\x60\x89", - .rlen = 16, + .len = 16, }, { /* Generated with Crypto++ */ .key = "\xA6\xC9\x83\xA6\xC9\xEC\x0F\x32" "\x55\x0F\x32\x55\x78\x9B\xBE\x78" "\x9B\xBE\xE1\x04\x27\xE1\x04\x27" "\x4A\x6D\x90\x4A\x6D\x90\xB3\xD6", .klen = 32, - .input = "\x50\xB9\x22\xAE\x17\x80\x0C\x75" + .ptext = "\x50\xB9\x22\xAE\x17\x80\x0C\x75" "\xDE\x47\xD3\x3C\xA5\x0E\x9A\x03" "\x6C\xF8\x61\xCA\x33\xBF\x28\x91" "\x1D\x86\xEF\x58\xE4\x4D\xB6\x1F" @@ -17836,8 +11738,7 @@ static const struct cipher_testvec aes_enc_tv_template[] = { "\xAE\x17\xA3\x0C\x75\x01\x6A\xD3" "\x3C\xC8\x31\x9A\x03\x8F\xF8\x61" "\xED\x56\xBF\x28\xB4\x1D\x86\x12", - .ilen = 496, - .result = "\x71\x73\xF7\xDB\x24\x93\x21\x6D" + .ctext = "\x71\x73\xF7\xDB\x24\x93\x21\x6D" "\x61\x1E\xBB\x63\x42\x79\xDB\x64" "\x6F\x82\xC0\xCA\xA3\x9B\xFA\x0B" "\xD9\x08\xC7\x4A\x90\xAE\x8F\x5F" @@ -17899,197 +11800,24 @@ static const struct cipher_testvec aes_enc_tv_template[] = { "\x88\xE6\x68\x47\xE3\x2B\xC5\xFF" "\x09\x79\xA0\x43\x5C\x0D\x08\x58" "\x17\xBB\xC0\x6B\x62\x3F\x56\xE9", - .rlen = 496, - .also_non_np = 1, - .np = 3, - .tap = { 496 - 20, 4, 16 }, - }, -}; - -static const struct cipher_testvec aes_dec_tv_template[] = { - { /* From FIPS-197 */ - .key = "\x00\x01\x02\x03\x04\x05\x06\x07" - "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f", - .klen = 16, - .input = "\x69\xc4\xe0\xd8\x6a\x7b\x04\x30" - "\xd8\xcd\xb7\x80\x70\xb4\xc5\x5a", - .ilen = 16, - .result = "\x00\x11\x22\x33\x44\x55\x66\x77" - "\x88\x99\xaa\xbb\xcc\xdd\xee\xff", - .rlen = 16, - }, { - .key = "\x00\x01\x02\x03\x04\x05\x06\x07" - "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f" - "\x10\x11\x12\x13\x14\x15\x16\x17", - .klen = 24, - .input = "\xdd\xa9\x7c\xa4\x86\x4c\xdf\xe0" - "\x6e\xaf\x70\xa0\xec\x0d\x71\x91", - .ilen = 16, - .result = "\x00\x11\x22\x33\x44\x55\x66\x77" - "\x88\x99\xaa\xbb\xcc\xdd\xee\xff", - .rlen = 16, - }, { - .key = "\x00\x01\x02\x03\x04\x05\x06\x07" - "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f" - "\x10\x11\x12\x13\x14\x15\x16\x17" - "\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f", - .klen = 32, - .input = "\x8e\xa2\xb7\xca\x51\x67\x45\xbf" - "\xea\xfc\x49\x90\x4b\x49\x60\x89", - .ilen = 16, - .result = "\x00\x11\x22\x33\x44\x55\x66\x77" - "\x88\x99\xaa\xbb\xcc\xdd\xee\xff", - .rlen = 16, - }, { /* Generated with Crypto++ */ - .key = "\xA6\xC9\x83\xA6\xC9\xEC\x0F\x32" - "\x55\x0F\x32\x55\x78\x9B\xBE\x78" - "\x9B\xBE\xE1\x04\x27\xE1\x04\x27" - "\x4A\x6D\x90\x4A\x6D\x90\xB3\xD6", - .klen = 32, - .input = "\x71\x73\xF7\xDB\x24\x93\x21\x6D" - "\x61\x1E\xBB\x63\x42\x79\xDB\x64" - "\x6F\x82\xC0\xCA\xA3\x9B\xFA\x0B" - "\xD9\x08\xC7\x4A\x90\xAE\x8F\x5F" - "\x5E\x06\xF0\x5F\x31\x51\x18\x37" - "\x45\xD7\xCA\x3A\xFD\x6C\x3F\xE1" - "\xDD\x8D\x22\x65\x2B\x00\x50\xCE" - "\xBA\x28\x67\xD7\xCE\x0E\x0D\xEA" - "\x78\x69\x7F\xAE\x8F\x8B\x69\x37" - "\x75\xE0\xDC\x96\xE0\xB7\xF4\x09" - "\xCB\x6D\xA2\xFB\xDA\xAF\x09\xF8" - "\x81\x82\x27\xFA\x45\x9C\x29\xA4" - "\x22\x8B\x78\x69\x5B\x46\xF9\x39" - "\x1B\xCC\xF9\x1D\x09\xEB\xBC\x5C" - "\x41\x72\x51\x97\x1D\x07\x49\xA0" - "\x1B\x8E\x65\x4B\xB2\x6A\x12\x03" - "\x6A\x60\x95\xAC\xBD\xAC\x1A\x64" - "\xDE\x5A\xA5\xF0\x83\x2F\xCB\xCA" - "\x22\x74\xA6\x6C\x9B\x73\xCE\x3F" - "\xE1\x8B\x22\x17\x59\x0C\x47\x89" - "\x33\xA1\xD6\x47\x03\x19\x4F\xA8" - "\x67\x69\xF0\x5B\xF0\x20\xAD\x06" - "\x27\x81\x92\xD8\xC5\xBA\x98\x12" - "\xBE\x24\xB5\x2F\x75\x02\xC2\xAD" - "\x12\x2F\x07\x32\xEE\x39\xAF\x64" - "\x05\x8F\xB3\xD4\xEB\x1B\x46\x6E" - "\xD9\x21\xF9\xC4\xB7\xC9\x45\x68" - "\xB4\xA1\x74\x9F\x82\x47\xEB\xCC" - "\xBD\x0A\x14\x95\x0F\x8B\xA8\x2F" - "\x4B\x1B\xA7\xBF\x82\xA6\x43\x0C" - "\xB9\x39\x4A\xA8\x10\x6F\x50\x7B" - "\x25\xFB\x26\x81\xE0\x2F\xF0\x96" - "\x8D\x8B\xAC\x92\x0F\xF6\xED\x64" - "\x63\x29\x4C\x8E\x18\x13\xC5\xBF" - "\xFC\xA0\xD9\xBF\x7C\x3A\x0E\x29" - "\x6F\xD1\x6C\x6F\xA5\xDA\xBF\xB1" - "\x30\xEA\x44\x2D\xC3\x8F\x16\xE1" - "\x66\xFA\xA3\x21\x3E\xFC\x13\xCA" - "\xF0\xF6\xF0\x59\xBD\x8F\x38\x50" - "\x31\xCB\x69\x3F\x96\x15\xD6\xF5" - "\xAE\xFF\xF6\xAA\x41\x85\x4C\x10" - "\x58\xE3\xF9\x44\xE6\x28\xDA\x9A" - "\xDC\x6A\x80\x34\x73\x97\x1B\xC5" - "\xCA\x26\x16\x77\x0E\x60\xAB\x89" - "\x0F\x04\x27\xBD\xCE\x3E\x71\xB4" - "\xA0\xD7\x22\x7E\xDB\xEB\x24\x70" - "\x42\x71\x51\x78\x70\xB3\xE0\x3D" - "\x84\x8E\x8D\x7B\xD0\x6D\xEA\x92" - "\x11\x08\x42\x4F\xE5\xAD\x26\x92" - "\xD2\x00\xAE\xA8\xE3\x4B\x37\x47" - "\x22\xC1\x95\xC1\x63\x7F\xCB\x03" - "\xF3\xE3\xD7\x9D\x60\xC7\xBC\xEA" - "\x35\xA2\xFD\x45\x52\x39\x13\x6F" - "\xC1\x53\xF3\x53\xDF\x33\x84\xD7" - "\xD2\xC8\x37\xB0\x75\xE3\x41\x46" - "\xB3\xC7\x83\x2E\x8A\xBB\xA4\xE5" - "\x7F\x3C\xFD\x8B\xEB\xEA\x63\xBD" - "\xB7\x46\xE7\xBF\x09\x9C\x0D\x0F" - "\x40\x86\x7F\x51\xE1\x11\x9C\xCB" - "\x88\xE6\x68\x47\xE3\x2B\xC5\xFF" - "\x09\x79\xA0\x43\x5C\x0D\x08\x58" - "\x17\xBB\xC0\x6B\x62\x3F\x56\xE9", - .ilen = 496, - .result = "\x50\xB9\x22\xAE\x17\x80\x0C\x75" - "\xDE\x47\xD3\x3C\xA5\x0E\x9A\x03" - "\x6C\xF8\x61\xCA\x33\xBF\x28\x91" - "\x1D\x86\xEF\x58\xE4\x4D\xB6\x1F" - "\xAB\x14\x7D\x09\x72\xDB\x44\xD0" - "\x39\xA2\x0B\x97\x00\x69\xF5\x5E" - "\xC7\x30\xBC\x25\x8E\x1A\x83\xEC" - "\x55\xE1\x4A\xB3\x1C\xA8\x11\x7A" - "\x06\x6F\xD8\x41\xCD\x36\x9F\x08" - "\x94\xFD\x66\xF2\x5B\xC4\x2D\xB9" - "\x22\x8B\x17\x80\xE9\x52\xDE\x47" - "\xB0\x19\xA5\x0E\x77\x03\x6C\xD5" - "\x3E\xCA\x33\x9C\x05\x91\xFA\x63" - "\xEF\x58\xC1\x2A\xB6\x1F\x88\x14" - "\x7D\xE6\x4F\xDB\x44\xAD\x16\xA2" - "\x0B\x74\x00\x69\xD2\x3B\xC7\x30" - "\x99\x02\x8E\xF7\x60\xEC\x55\xBE" - "\x27\xB3\x1C\x85\x11\x7A\xE3\x4C" - "\xD8\x41\xAA\x13\x9F\x08\x71\xFD" - "\x66\xCF\x38\xC4\x2D\x96\x22\x8B" - "\xF4\x5D\xE9\x52\xBB\x24\xB0\x19" - "\x82\x0E\x77\xE0\x49\xD5\x3E\xA7" - "\x10\x9C\x05\x6E\xFA\x63\xCC\x35" - "\xC1\x2A\x93\x1F\x88\xF1\x5A\xE6" - "\x4F\xB8\x21\xAD\x16\x7F\x0B\x74" - "\xDD\x46\xD2\x3B\xA4\x0D\x99\x02" - "\x6B\xF7\x60\xC9\x32\xBE\x27\x90" - "\x1C\x85\xEE\x57\xE3\x4C\xB5\x1E" - "\xAA\x13\x7C\x08\x71\xDA\x43\xCF" - "\x38\xA1\x0A\x96\xFF\x68\xF4\x5D" - "\xC6\x2F\xBB\x24\x8D\x19\x82\xEB" - "\x54\xE0\x49\xB2\x1B\xA7\x10\x79" - "\x05\x6E\xD7\x40\xCC\x35\x9E\x07" - "\x93\xFC\x65\xF1\x5A\xC3\x2C\xB8" - "\x21\x8A\x16\x7F\xE8\x51\xDD\x46" - "\xAF\x18\xA4\x0D\x76\x02\x6B\xD4" - "\x3D\xC9\x32\x9B\x04\x90\xF9\x62" - "\xEE\x57\xC0\x29\xB5\x1E\x87\x13" - "\x7C\xE5\x4E\xDA\x43\xAC\x15\xA1" - "\x0A\x73\xFF\x68\xD1\x3A\xC6\x2F" - "\x98\x01\x8D\xF6\x5F\xEB\x54\xBD" - "\x26\xB2\x1B\x84\x10\x79\xE2\x4B" - "\xD7\x40\xA9\x12\x9E\x07\x70\xFC" - "\x65\xCE\x37\xC3\x2C\x95\x21\x8A" - "\xF3\x5C\xE8\x51\xBA\x23\xAF\x18" - "\x81\x0D\x76\xDF\x48\xD4\x3D\xA6" - "\x0F\x9B\x04\x6D\xF9\x62\xCB\x34" - "\xC0\x29\x92\x1E\x87\xF0\x59\xE5" - "\x4E\xB7\x20\xAC\x15\x7E\x0A\x73" - "\xDC\x45\xD1\x3A\xA3\x0C\x98\x01" - "\x6A\xF6\x5F\xC8\x31\xBD\x26\x8F" - "\x1B\x84\xED\x56\xE2\x4B\xB4\x1D" - "\xA9\x12\x7B\x07\x70\xD9\x42\xCE" - "\x37\xA0\x09\x95\xFE\x67\xF3\x5C" - "\xC5\x2E\xBA\x23\x8C\x18\x81\xEA" - "\x53\xDF\x48\xB1\x1A\xA6\x0F\x78" - "\x04\x6D\xD6\x3F\xCB\x34\x9D\x06" - "\x92\xFB\x64\xF0\x59\xC2\x2B\xB7" - "\x20\x89\x15\x7E\xE7\x50\xDC\x45" - "\xAE\x17\xA3\x0C\x75\x01\x6A\xD3" - "\x3C\xC8\x31\x9A\x03\x8F\xF8\x61" - "\xED\x56\xBF\x28\xB4\x1D\x86\x12", - .rlen = 496, + .len = 496, .also_non_np = 1, .np = 3, .tap = { 496 - 20, 4, 16 }, }, }; -static const struct cipher_testvec aes_cbc_enc_tv_template[] = { +static const struct cipher_testvec aes_cbc_tv_template[] = { { /* From RFC 3602 */ .key = "\x06\xa9\x21\x40\x36\xb8\xa1\x5b" "\x51\x2e\x03\xd5\x34\x12\x00\x06", .klen = 16, .iv = "\x3d\xaf\xba\x42\x9d\x9e\xb4\x30" "\xb4\x22\xda\x80\x2c\x9f\xac\x41", - .input = "Single block msg", - .ilen = 16, - .result = "\xe3\x53\x77\x9c\x10\x79\xae\xb8" + .ptext = "Single block msg", + .ctext = "\xe3\x53\x77\x9c\x10\x79\xae\xb8" "\x27\x08\x94\x2d\xbe\x77\x18\x1a", - .rlen = 16, + .len = 16, .also_non_np = 1, .np = 8, .tap = { 3, 2, 3, 2, 3, 1, 1, 1 }, @@ -18099,16 +11827,15 @@ static const struct cipher_testvec aes_cbc_enc_tv_template[] = { .klen = 16, .iv = "\x56\x2e\x17\x99\x6d\x09\x3d\x28" "\xdd\xb3\xba\x69\x5a\x2e\x6f\x58", - .input = "\x00\x01\x02\x03\x04\x05\x06\x07" + .ptext = "\x00\x01\x02\x03\x04\x05\x06\x07" "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f" "\x10\x11\x12\x13\x14\x15\x16\x17" "\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f", - .ilen = 32, - .result = "\xd2\x96\xcd\x94\xc2\xcc\xcf\x8a" + .ctext = "\xd2\x96\xcd\x94\xc2\xcc\xcf\x8a" "\x3a\x86\x30\x28\xb5\xe1\xdc\x0a" "\x75\x86\x60\x2d\x25\x3c\xff\xf9" "\x1b\x82\x66\xbe\xa6\xd6\x1a\xb1", - .rlen = 32, + .len = 32, }, { /* From NIST SP800-38A */ .key = "\x8e\x73\xb0\xf7\xda\x0e\x64\x52" "\xc8\x10\xf3\x2b\x80\x90\x79\xe5" @@ -18116,7 +11843,7 @@ static const struct cipher_testvec aes_cbc_enc_tv_template[] = { .klen = 24, .iv = "\x00\x01\x02\x03\x04\x05\x06\x07" "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f", - .input = "\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96" + .ptext = "\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96" "\xe9\x3d\x7e\x11\x73\x93\x17\x2a" "\xae\x2d\x8a\x57\x1e\x03\xac\x9c" "\x9e\xb7\x6f\xac\x45\xaf\x8e\x51" @@ -18124,8 +11851,7 @@ static const struct cipher_testvec aes_cbc_enc_tv_template[] = { "\xe5\xfb\xc1\x19\x1a\x0a\x52\xef" "\xf6\x9f\x24\x45\xdf\x4f\x9b\x17" "\xad\x2b\x41\x7b\xe6\x6c\x37\x10", - .ilen = 64, - .result = "\x4f\x02\x1d\xb2\x43\xbc\x63\x3d" + .ctext = "\x4f\x02\x1d\xb2\x43\xbc\x63\x3d" "\x71\x78\x18\x3a\x9f\xa0\x71\xe8" "\xb4\xd9\xad\xa9\xad\x7d\xed\xf4" "\xe5\xe7\x38\x76\x3f\x69\x14\x5a" @@ -18133,7 +11859,7 @@ static const struct cipher_testvec aes_cbc_enc_tv_template[] = { "\x7f\xa9\xba\xac\x3d\xf1\x02\xe0" "\x08\xb0\xe2\x79\x88\x59\x88\x81" "\xd9\x20\xa9\xe6\x4f\x56\x15\xcd", - .rlen = 64, + .len = 64, }, { .key = "\x60\x3d\xeb\x10\x15\xca\x71\xbe" "\x2b\x73\xae\xf0\x85\x7d\x77\x81" @@ -18142,7 +11868,7 @@ static const struct cipher_testvec aes_cbc_enc_tv_template[] = { .klen = 32, .iv = "\x00\x01\x02\x03\x04\x05\x06\x07" "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f", - .input = "\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96" + .ptext = "\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96" "\xe9\x3d\x7e\x11\x73\x93\x17\x2a" "\xae\x2d\x8a\x57\x1e\x03\xac\x9c" "\x9e\xb7\x6f\xac\x45\xaf\x8e\x51" @@ -18150,8 +11876,7 @@ static const struct cipher_testvec aes_cbc_enc_tv_template[] = { "\xe5\xfb\xc1\x19\x1a\x0a\x52\xef" "\xf6\x9f\x24\x45\xdf\x4f\x9b\x17" "\xad\x2b\x41\x7b\xe6\x6c\x37\x10", - .ilen = 64, - .result = "\xf5\x8c\x4c\x04\xd6\xe5\xf1\xba" + .ctext = "\xf5\x8c\x4c\x04\xd6\xe5\xf1\xba" "\x77\x9e\xab\xfb\x5f\x7b\xfb\xd6" "\x9c\xfc\x4e\x96\x7e\xdb\x80\x8d" "\x67\x9f\x77\x7b\xc6\x70\x2c\x7d" @@ -18159,7 +11884,7 @@ static const struct cipher_testvec aes_cbc_enc_tv_template[] = { "\xa5\x30\xe2\x63\x04\x23\x14\x61" "\xb2\xeb\x05\xe2\xc3\x9b\xe9\xfc" "\xda\x6c\x19\x07\x8c\x6a\x9d\x1b", - .rlen = 64, + .len = 64, }, { /* Generated with Crypto++ */ .key = "\xC9\x83\xA6\xC9\xEC\x0F\x32\x55" "\x0F\x32\x55\x78\x9B\xBE\x78\x9B" @@ -18168,7 +11893,7 @@ static const struct cipher_testvec aes_cbc_enc_tv_template[] = { .klen = 32, .iv = "\xE7\x82\x1D\xB8\x53\x11\xAC\x47" "\xE2\x7D\x18\xD6\x71\x0C\xA7\x42", - .input = "\x50\xB9\x22\xAE\x17\x80\x0C\x75" + .ptext = "\x50\xB9\x22\xAE\x17\x80\x0C\x75" "\xDE\x47\xD3\x3C\xA5\x0E\x9A\x03" "\x6C\xF8\x61\xCA\x33\xBF\x28\x91" "\x1D\x86\xEF\x58\xE4\x4D\xB6\x1F" @@ -18230,8 +11955,7 @@ static const struct cipher_testvec aes_cbc_enc_tv_template[] = { "\xAE\x17\xA3\x0C\x75\x01\x6A\xD3" "\x3C\xC8\x31\x9A\x03\x8F\xF8\x61" "\xED\x56\xBF\x28\xB4\x1D\x86\x12", - .ilen = 496, - .result = "\xEA\x65\x8A\x19\xB0\x66\xC1\x3F" + .ctext = "\xEA\x65\x8A\x19\xB0\x66\xC1\x3F" "\xCE\xF1\x97\x75\xC1\xFD\xB5\xAF" "\x52\x65\xF7\xFF\xBC\xD8\x2D\x9F" "\x2F\xB9\x26\x9B\x6F\x10\xB7\xB8" @@ -18293,229 +12017,7 @@ static const struct cipher_testvec aes_cbc_enc_tv_template[] = { "\xBC\x06\x41\xE3\x01\xB4\x4E\x0A" "\xE0\x1F\x91\xF8\x82\x96\x2D\x65" "\xA3\xAA\x13\xCC\x50\xFF\x7B\x02", - .rlen = 496, - .also_non_np = 1, - .np = 3, - .tap = { 496 - 20, 4, 16 }, - }, -}; - -static const struct cipher_testvec aes_cbc_dec_tv_template[] = { - { /* From RFC 3602 */ - .key = "\x06\xa9\x21\x40\x36\xb8\xa1\x5b" - "\x51\x2e\x03\xd5\x34\x12\x00\x06", - .klen = 16, - .iv = "\x3d\xaf\xba\x42\x9d\x9e\xb4\x30" - "\xb4\x22\xda\x80\x2c\x9f\xac\x41", - .input = "\xe3\x53\x77\x9c\x10\x79\xae\xb8" - "\x27\x08\x94\x2d\xbe\x77\x18\x1a", - .ilen = 16, - .result = "Single block msg", - .rlen = 16, - .also_non_np = 1, - .np = 8, - .tap = { 3, 2, 3, 2, 3, 1, 1, 1 }, - }, { - .key = "\xc2\x86\x69\x6d\x88\x7c\x9a\xa0" - "\x61\x1b\xbb\x3e\x20\x25\xa4\x5a", - .klen = 16, - .iv = "\x56\x2e\x17\x99\x6d\x09\x3d\x28" - "\xdd\xb3\xba\x69\x5a\x2e\x6f\x58", - .input = "\xd2\x96\xcd\x94\xc2\xcc\xcf\x8a" - "\x3a\x86\x30\x28\xb5\xe1\xdc\x0a" - "\x75\x86\x60\x2d\x25\x3c\xff\xf9" - "\x1b\x82\x66\xbe\xa6\xd6\x1a\xb1", - .ilen = 32, - .result = "\x00\x01\x02\x03\x04\x05\x06\x07" - "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f" - "\x10\x11\x12\x13\x14\x15\x16\x17" - "\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f", - .rlen = 32, - }, { /* From NIST SP800-38A */ - .key = "\x8e\x73\xb0\xf7\xda\x0e\x64\x52" - "\xc8\x10\xf3\x2b\x80\x90\x79\xe5" - "\x62\xf8\xea\xd2\x52\x2c\x6b\x7b", - .klen = 24, - .iv = "\x00\x01\x02\x03\x04\x05\x06\x07" - "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f", - .input = "\x4f\x02\x1d\xb2\x43\xbc\x63\x3d" - "\x71\x78\x18\x3a\x9f\xa0\x71\xe8" - "\xb4\xd9\xad\xa9\xad\x7d\xed\xf4" - "\xe5\xe7\x38\x76\x3f\x69\x14\x5a" - "\x57\x1b\x24\x20\x12\xfb\x7a\xe0" - "\x7f\xa9\xba\xac\x3d\xf1\x02\xe0" - "\x08\xb0\xe2\x79\x88\x59\x88\x81" - "\xd9\x20\xa9\xe6\x4f\x56\x15\xcd", - .ilen = 64, - .result = "\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96" - "\xe9\x3d\x7e\x11\x73\x93\x17\x2a" - "\xae\x2d\x8a\x57\x1e\x03\xac\x9c" - "\x9e\xb7\x6f\xac\x45\xaf\x8e\x51" - "\x30\xc8\x1c\x46\xa3\x5c\xe4\x11" - "\xe5\xfb\xc1\x19\x1a\x0a\x52\xef" - "\xf6\x9f\x24\x45\xdf\x4f\x9b\x17" - "\xad\x2b\x41\x7b\xe6\x6c\x37\x10", - .rlen = 64, - }, { - .key = "\x60\x3d\xeb\x10\x15\xca\x71\xbe" - "\x2b\x73\xae\xf0\x85\x7d\x77\x81" - "\x1f\x35\x2c\x07\x3b\x61\x08\xd7" - "\x2d\x98\x10\xa3\x09\x14\xdf\xf4", - .klen = 32, - .iv = "\x00\x01\x02\x03\x04\x05\x06\x07" - "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f", - .input = "\xf5\x8c\x4c\x04\xd6\xe5\xf1\xba" - "\x77\x9e\xab\xfb\x5f\x7b\xfb\xd6" - "\x9c\xfc\x4e\x96\x7e\xdb\x80\x8d" - "\x67\x9f\x77\x7b\xc6\x70\x2c\x7d" - "\x39\xf2\x33\x69\xa9\xd9\xba\xcf" - "\xa5\x30\xe2\x63\x04\x23\x14\x61" - "\xb2\xeb\x05\xe2\xc3\x9b\xe9\xfc" - "\xda\x6c\x19\x07\x8c\x6a\x9d\x1b", - .ilen = 64, - .result = "\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96" - "\xe9\x3d\x7e\x11\x73\x93\x17\x2a" - "\xae\x2d\x8a\x57\x1e\x03\xac\x9c" - "\x9e\xb7\x6f\xac\x45\xaf\x8e\x51" - "\x30\xc8\x1c\x46\xa3\x5c\xe4\x11" - "\xe5\xfb\xc1\x19\x1a\x0a\x52\xef" - "\xf6\x9f\x24\x45\xdf\x4f\x9b\x17" - "\xad\x2b\x41\x7b\xe6\x6c\x37\x10", - .rlen = 64, - }, { /* Generated with Crypto++ */ - .key = "\xC9\x83\xA6\xC9\xEC\x0F\x32\x55" - "\x0F\x32\x55\x78\x9B\xBE\x78\x9B" - "\xBE\xE1\x04\x27\xE1\x04\x27\x4A" - "\x6D\x90\x4A\x6D\x90\xB3\xD6\xF9", - .klen = 32, - .iv = "\xE7\x82\x1D\xB8\x53\x11\xAC\x47" - "\xE2\x7D\x18\xD6\x71\x0C\xA7\x42", - .input = "\xEA\x65\x8A\x19\xB0\x66\xC1\x3F" - "\xCE\xF1\x97\x75\xC1\xFD\xB5\xAF" - "\x52\x65\xF7\xFF\xBC\xD8\x2D\x9F" - "\x2F\xB9\x26\x9B\x6F\x10\xB7\xB8" - "\x26\xA1\x02\x46\xA2\xAD\xC6\xC0" - "\x11\x15\xFF\x6D\x1E\x82\x04\xA6" - "\xB1\x74\xD1\x08\x13\xFD\x90\x7C" - "\xF5\xED\xD3\xDB\x5A\x0A\x0C\x2F" - "\x0A\x70\xF1\x88\x07\xCF\x21\x26" - "\x40\x40\x8A\xF5\x53\xF7\x24\x4F" - "\x83\x38\x43\x5F\x08\x99\xEB\xE3" - "\xDC\x02\x64\x67\x50\x6E\x15\xC3" - "\x01\x1A\xA0\x81\x13\x65\xA6\x73" - "\x71\xA6\x3B\x91\x83\x77\xBE\xFA" - "\xDB\x71\x73\xA6\xC1\xAE\x43\xC3" - "\x36\xCE\xD6\xEB\xF9\x30\x1C\x4F" - "\x80\x38\x5E\x9C\x6E\xAB\x98\x2F" - "\x53\xAF\xCF\xC8\x9A\xB8\x86\x43" - "\x3E\x86\xE7\xA1\xF4\x2F\x30\x40" - "\x03\xA8\x6C\x50\x42\x9F\x77\x59" - "\x89\xA0\xC5\xEC\x9A\xB8\xDD\x99" - "\x16\x24\x02\x07\x48\xAE\xF2\x31" - "\x34\x0E\xC3\x85\xFE\x1C\x95\x99" - "\x87\x58\x98\x8B\xE7\xC6\xC5\x70" - "\x73\x81\x07\x7C\x56\x2F\xD8\x1B" - "\xB7\xB9\x2B\xAB\xE3\x01\x87\x0F" - "\xD8\xBB\xC0\x0D\xAC\x2C\x2F\x98" - "\x3C\x0B\xA2\x99\x4A\x8C\xF7\x04" - "\xE0\xE0\xCF\xD1\x81\x5B\xFE\xF5" - "\x24\x04\xFD\xB8\xDF\x13\xD8\xCD" - "\xF1\xE3\x3D\x98\x50\x02\x77\x9E" - "\xBC\x22\xAB\xFA\xC2\x43\x1F\x66" - "\x20\x02\x23\xDA\xDF\xA0\x89\xF6" - "\xD8\xF3\x45\x24\x53\x6F\x16\x77" - "\x02\x3E\x7B\x36\x5F\xA0\x3B\x78" - "\x63\xA2\xBD\xB5\xA4\xCA\x1E\xD3" - "\x57\xBC\x0B\x9F\x43\x51\x28\x4F" - "\x07\x50\x6C\x68\x12\x07\xCF\xFA" - "\x6B\x72\x0B\xEB\xF8\x88\x90\x2C" - "\x7E\xF5\x91\xD1\x03\xD8\xD5\xBD" - "\x22\x39\x7B\x16\x03\x01\x69\xAF" - "\x3D\x38\x66\x28\x0C\xBE\x5B\xC5" - "\x03\xB4\x2F\x51\x8A\x56\x17\x2B" - "\x88\x42\x6D\x40\x68\x8F\xD0\x11" - "\x19\xF9\x1F\x43\x79\x95\x31\xFA" - "\x28\x7A\x3D\xF7\x66\xEB\xEF\xAC" - "\x06\xB2\x01\xAD\xDB\x68\xDB\xEC" - "\x8D\x53\x6E\x72\x68\xA3\xC7\x63" - "\x43\x2B\x78\xE0\x04\x29\x8F\x72" - "\xB2\x2C\xE6\x84\x03\x30\x6D\xCD" - "\x26\x92\x37\xE1\x2F\xBB\x8B\x9D" - "\xE4\x4C\xF6\x93\xBC\xD9\xAD\x44" - "\x52\x65\xC7\xB0\x0E\x3F\x0E\x61" - "\x56\x5D\x1C\x6D\xA7\x05\x2E\xBC" - "\x58\x08\x15\xAB\x12\xAB\x17\x4A" - "\x5E\x1C\xF2\xCD\xB8\xA2\xAE\xFB" - "\x9B\x2E\x0E\x85\x34\x80\x0E\x3F" - "\x4C\xB8\xDB\xCE\x1C\x90\xA1\x61" - "\x6C\x69\x09\x35\x9E\xD4\xF4\xAD" - "\xBC\x06\x41\xE3\x01\xB4\x4E\x0A" - "\xE0\x1F\x91\xF8\x82\x96\x2D\x65" - "\xA3\xAA\x13\xCC\x50\xFF\x7B\x02", - .ilen = 496, - .result = "\x50\xB9\x22\xAE\x17\x80\x0C\x75" - "\xDE\x47\xD3\x3C\xA5\x0E\x9A\x03" - "\x6C\xF8\x61\xCA\x33\xBF\x28\x91" - "\x1D\x86\xEF\x58\xE4\x4D\xB6\x1F" - "\xAB\x14\x7D\x09\x72\xDB\x44\xD0" - "\x39\xA2\x0B\x97\x00\x69\xF5\x5E" - "\xC7\x30\xBC\x25\x8E\x1A\x83\xEC" - "\x55\xE1\x4A\xB3\x1C\xA8\x11\x7A" - "\x06\x6F\xD8\x41\xCD\x36\x9F\x08" - "\x94\xFD\x66\xF2\x5B\xC4\x2D\xB9" - "\x22\x8B\x17\x80\xE9\x52\xDE\x47" - "\xB0\x19\xA5\x0E\x77\x03\x6C\xD5" - "\x3E\xCA\x33\x9C\x05\x91\xFA\x63" - "\xEF\x58\xC1\x2A\xB6\x1F\x88\x14" - "\x7D\xE6\x4F\xDB\x44\xAD\x16\xA2" - "\x0B\x74\x00\x69\xD2\x3B\xC7\x30" - "\x99\x02\x8E\xF7\x60\xEC\x55\xBE" - "\x27\xB3\x1C\x85\x11\x7A\xE3\x4C" - "\xD8\x41\xAA\x13\x9F\x08\x71\xFD" - "\x66\xCF\x38\xC4\x2D\x96\x22\x8B" - "\xF4\x5D\xE9\x52\xBB\x24\xB0\x19" - "\x82\x0E\x77\xE0\x49\xD5\x3E\xA7" - "\x10\x9C\x05\x6E\xFA\x63\xCC\x35" - "\xC1\x2A\x93\x1F\x88\xF1\x5A\xE6" - "\x4F\xB8\x21\xAD\x16\x7F\x0B\x74" - "\xDD\x46\xD2\x3B\xA4\x0D\x99\x02" - "\x6B\xF7\x60\xC9\x32\xBE\x27\x90" - "\x1C\x85\xEE\x57\xE3\x4C\xB5\x1E" - "\xAA\x13\x7C\x08\x71\xDA\x43\xCF" - "\x38\xA1\x0A\x96\xFF\x68\xF4\x5D" - "\xC6\x2F\xBB\x24\x8D\x19\x82\xEB" - "\x54\xE0\x49\xB2\x1B\xA7\x10\x79" - "\x05\x6E\xD7\x40\xCC\x35\x9E\x07" - "\x93\xFC\x65\xF1\x5A\xC3\x2C\xB8" - "\x21\x8A\x16\x7F\xE8\x51\xDD\x46" - "\xAF\x18\xA4\x0D\x76\x02\x6B\xD4" - "\x3D\xC9\x32\x9B\x04\x90\xF9\x62" - "\xEE\x57\xC0\x29\xB5\x1E\x87\x13" - "\x7C\xE5\x4E\xDA\x43\xAC\x15\xA1" - "\x0A\x73\xFF\x68\xD1\x3A\xC6\x2F" - "\x98\x01\x8D\xF6\x5F\xEB\x54\xBD" - "\x26\xB2\x1B\x84\x10\x79\xE2\x4B" - "\xD7\x40\xA9\x12\x9E\x07\x70\xFC" - "\x65\xCE\x37\xC3\x2C\x95\x21\x8A" - "\xF3\x5C\xE8\x51\xBA\x23\xAF\x18" - "\x81\x0D\x76\xDF\x48\xD4\x3D\xA6" - "\x0F\x9B\x04\x6D\xF9\x62\xCB\x34" - "\xC0\x29\x92\x1E\x87\xF0\x59\xE5" - "\x4E\xB7\x20\xAC\x15\x7E\x0A\x73" - "\xDC\x45\xD1\x3A\xA3\x0C\x98\x01" - "\x6A\xF6\x5F\xC8\x31\xBD\x26\x8F" - "\x1B\x84\xED\x56\xE2\x4B\xB4\x1D" - "\xA9\x12\x7B\x07\x70\xD9\x42\xCE" - "\x37\xA0\x09\x95\xFE\x67\xF3\x5C" - "\xC5\x2E\xBA\x23\x8C\x18\x81\xEA" - "\x53\xDF\x48\xB1\x1A\xA6\x0F\x78" - "\x04\x6D\xD6\x3F\xCB\x34\x9D\x06" - "\x92\xFB\x64\xF0\x59\xC2\x2B\xB7" - "\x20\x89\x15\x7E\xE7\x50\xDC\x45" - "\xAE\x17\xA3\x0C\x75\x01\x6A\xD3" - "\x3C\xC8\x31\x9A\x03\x8F\xF8\x61" - "\xED\x56\xBF\x28\xB4\x1D\x86\x12", - .rlen = 496, + .len = 496, .also_non_np = 1, .np = 3, .tap = { 496 - 20, 4, 16 }, @@ -20225,7 +13727,7 @@ static const struct aead_testvec hmac_sha512_des3_ede_cbc_enc_tv_temp[] = { }, }; -static const struct cipher_testvec aes_lrw_enc_tv_template[] = { +static const struct cipher_testvec aes_lrw_tv_template[] = { /* from http://grouper.ieee.org/groups/1619/email/pdf00017.pdf */ { /* LRW-32-AES 1 */ .key = "\x45\x62\xac\x25\xf8\x28\x17\x6d" @@ -20235,12 +13737,11 @@ static const struct cipher_testvec aes_lrw_enc_tv_template[] = { .klen = 32, .iv = "\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x01", - .input = "\x30\x31\x32\x33\x34\x35\x36\x37" + .ptext = "\x30\x31\x32\x33\x34\x35\x36\x37" "\x38\x39\x41\x42\x43\x44\x45\x46", - .ilen = 16, - .result = "\xf1\xb2\x73\xcd\x65\xa3\xdf\x5f" + .ctext = "\xf1\xb2\x73\xcd\x65\xa3\xdf\x5f" "\xe9\x5d\x48\x92\x54\x63\x4e\xb8", - .rlen = 16, + .len = 16, }, { /* LRW-32-AES 2 */ .key = "\x59\x70\x47\x14\xf5\x57\x47\x8c" "\xd7\x79\xe8\x0f\x54\x88\x79\x44" @@ -20249,12 +13750,11 @@ static const struct cipher_testvec aes_lrw_enc_tv_template[] = { .klen = 32, .iv = "\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x02", - .input = "\x30\x31\x32\x33\x34\x35\x36\x37" + .ptext = "\x30\x31\x32\x33\x34\x35\x36\x37" "\x38\x39\x41\x42\x43\x44\x45\x46", - .ilen = 16, - .result = "\x00\xc8\x2b\xae\x95\xbb\xcd\xe5" + .ctext = "\x00\xc8\x2b\xae\x95\xbb\xcd\xe5" "\x27\x4f\x07\x69\xb2\x60\xe1\x36", - .rlen = 16, + .len = 16, }, { /* LRW-32-AES 3 */ .key = "\xd8\x2a\x91\x34\xb2\x6a\x56\x50" "\x30\xfe\x69\xe2\x37\x7f\x98\x47" @@ -20263,12 +13763,11 @@ static const struct cipher_testvec aes_lrw_enc_tv_template[] = { .klen = 32, .iv = "\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x02\x00\x00\x00\x00", - .input = "\x30\x31\x32\x33\x34\x35\x36\x37" + .ptext = "\x30\x31\x32\x33\x34\x35\x36\x37" "\x38\x39\x41\x42\x43\x44\x45\x46", - .ilen = 16, - .result = "\x76\x32\x21\x83\xed\x8f\xf1\x82" + .ctext = "\x76\x32\x21\x83\xed\x8f\xf1\x82" "\xf9\x59\x62\x03\x69\x0e\x5e\x01", - .rlen = 16, + .len = 16, }, { /* LRW-32-AES 4 */ .key = "\x0f\x6a\xef\xf8\xd3\xd2\xbb\x15" "\x25\x83\xf7\x3c\x1f\x01\x28\x74" @@ -20278,12 +13777,11 @@ static const struct cipher_testvec aes_lrw_enc_tv_template[] = { .klen = 40, .iv = "\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x01", - .input = "\x30\x31\x32\x33\x34\x35\x36\x37" + .ptext = "\x30\x31\x32\x33\x34\x35\x36\x37" "\x38\x39\x41\x42\x43\x44\x45\x46", - .ilen = 16, - .result = "\x9c\x0f\x15\x2f\x55\xa2\xd8\xf0" + .ctext = "\x9c\x0f\x15\x2f\x55\xa2\xd8\xf0" "\xd6\x7b\x8f\x9e\x28\x22\xbc\x41", - .rlen = 16, + .len = 16, }, { /* LRW-32-AES 5 */ .key = "\x8a\xd4\xee\x10\x2f\xbd\x81\xff" "\xf8\x86\xce\xac\x93\xc5\xad\xc6" @@ -20293,12 +13791,11 @@ static const struct cipher_testvec aes_lrw_enc_tv_template[] = { .klen = 40, .iv = "\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x02\x00\x00\x00\x00", - .input = "\x30\x31\x32\x33\x34\x35\x36\x37" + .ptext = "\x30\x31\x32\x33\x34\x35\x36\x37" "\x38\x39\x41\x42\x43\x44\x45\x46", - .ilen = 16, - .result = "\xd4\x27\x6a\x7f\x14\x91\x3d\x65" + .ctext = "\xd4\x27\x6a\x7f\x14\x91\x3d\x65" "\xc8\x60\x48\x02\x87\xe3\x34\x06", - .rlen = 16, + .len = 16, }, { /* LRW-32-AES 6 */ .key = "\xf8\xd4\x76\xff\xd6\x46\xee\x6c" "\x23\x84\xcb\x1c\x77\xd6\x19\x5d" @@ -20309,12 +13806,11 @@ static const struct cipher_testvec aes_lrw_enc_tv_template[] = { .klen = 48, .iv = "\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x01", - .input = "\x30\x31\x32\x33\x34\x35\x36\x37" + .ptext = "\x30\x31\x32\x33\x34\x35\x36\x37" "\x38\x39\x41\x42\x43\x44\x45\x46", - .ilen = 16, - .result = "\xbd\x06\xb8\xe1\xdb\x98\x89\x9e" + .ctext = "\xbd\x06\xb8\xe1\xdb\x98\x89\x9e" "\xc4\x98\xe4\x91\xcf\x1c\x70\x2b", - .rlen = 16, + .len = 16, }, { /* LRW-32-AES 7 */ .key = "\xfb\x76\x15\xb2\x3d\x80\x89\x1d" "\xd4\x70\x98\x0b\xc7\x95\x84\xc8" @@ -20325,12 +13821,11 @@ static const struct cipher_testvec aes_lrw_enc_tv_template[] = { .klen = 48, .iv = "\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x02\x00\x00\x00\x00", - .input = "\x30\x31\x32\x33\x34\x35\x36\x37" + .ptext = "\x30\x31\x32\x33\x34\x35\x36\x37" "\x38\x39\x41\x42\x43\x44\x45\x46", - .ilen = 16, - .result = "\x5b\x90\x8e\xc1\xab\xdd\x67\x5f" + .ctext = "\x5b\x90\x8e\xc1\xab\xdd\x67\x5f" "\x3d\x69\x8a\x95\x53\xc8\x9c\xe5", - .rlen = 16, + .len = 16, }, { /* http://www.mail-archive.com/stds-p1619@listserv.ieee.org/msg00173.html */ .key = "\xf8\xd4\x76\xff\xd6\x46\xee\x6c" @@ -20342,7 +13837,7 @@ static const struct cipher_testvec aes_lrw_enc_tv_template[] = { .klen = 48, .iv = "\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x01", - .input = "\x05\x11\xb7\x18\xab\xc6\x2d\xac" + .ptext = "\x05\x11\xb7\x18\xab\xc6\x2d\xac" "\x70\x5d\xf6\x22\x94\xcd\xe5\x6c" "\x17\x6b\xf6\x1c\xf0\xf3\x6e\xf8" "\x50\x38\x1f\x71\x49\xb6\x57\xd6" @@ -20406,197 +13901,7 @@ static const struct cipher_testvec aes_lrw_enc_tv_template[] = { "\xa4\xc7\xa8\xb4\xf6\x13\x03\xf6" "\xe9\x2e\xc4\x29\x0f\x84\xdb\xc4" "\x21\xc4\xc2\x75\x67\x89\x37\x0a", - .ilen = 512, - .result = "\x1a\x1d\xa9\x30\xad\xf9\x2f\x9b" - "\xb6\x1d\xae\xef\xf0\x2f\xf8\x5a" - "\x39\x3c\xbf\x2a\xb2\x45\xb2\x23" - "\x1b\x63\x3c\xcf\xaa\xbe\xcf\x4e" - "\xfa\xe8\x29\xc2\x20\x68\x2b\x3c" - "\x2e\x8b\xf7\x6e\x25\xbd\xe3\x3d" - "\x66\x27\xd6\xaf\xd6\x64\x3e\xe3" - "\xe8\x58\x46\x97\x39\x51\x07\xde" - "\xcb\x37\xbc\xa9\xc0\x5f\x75\xc3" - "\x0e\x84\x23\x1d\x16\xd4\x1c\x59" - "\x9c\x1a\x02\x55\xab\x3a\x97\x1d" - "\xdf\xdd\xc7\x06\x51\xd7\x70\xae" - "\x23\xc6\x8c\xf5\x1e\xa0\xe5\x82" - "\xb8\xb2\xbf\x04\xa0\x32\x8e\x68" - "\xeb\xaf\x6e\x2d\x94\x22\x2f\xce" - "\x4c\xb5\x59\xe2\xa2\x2f\xa0\x98" - "\x1a\x97\xc6\xd4\xb5\x00\x59\xf2" - "\x84\x14\x72\xb1\x9a\x6e\xa3\x7f" - "\xea\x20\xe7\xcb\x65\x77\x3a\xdf" - "\xc8\x97\x67\x15\xc2\x2a\x27\xcc" - "\x18\x55\xa1\x24\x0b\x24\x24\xaf" - "\x5b\xec\x68\xb8\xc8\xf5\xba\x63" - "\xff\xed\x89\xce\xd5\x3d\x88\xf3" - "\x25\xef\x05\x7c\x3a\xef\xeb\xd8" - "\x7a\x32\x0d\xd1\x1e\x58\x59\x99" - "\x90\x25\xb5\x26\xb0\xe3\x2b\x6c" - "\x4c\xa9\x8b\x84\x4f\x5e\x01\x50" - "\x41\x30\x58\xc5\x62\x74\x52\x1d" - "\x45\x24\x6a\x42\x64\x4f\x97\x1c" - "\xa8\x66\xb5\x6d\x79\xd4\x0d\x48" - "\xc5\x5f\xf3\x90\x32\xdd\xdd\xe1" - "\xe4\xa9\x9f\xfc\xc3\x52\x5a\x46" - "\xe4\x81\x84\x95\x36\x59\x7a\x6b" - "\xaa\xb3\x60\xad\xce\x9f\x9f\x28" - "\xe0\x01\x75\x22\xc4\x4e\xa9\x62" - "\x5c\x62\x0d\x00\xcb\x13\xe8\x43" - "\x72\xd4\x2d\x53\x46\xb5\xd1\x16" - "\x22\x18\xdf\x34\x33\xf5\xd6\x1c" - "\xb8\x79\x78\x97\x94\xff\x72\x13" - "\x4c\x27\xfc\xcb\xbf\x01\x53\xa6" - "\xb4\x50\x6e\xde\xdf\xb5\x43\xa4" - "\x59\xdf\x52\xf9\x7c\xe0\x11\x6f" - "\x2d\x14\x8e\x24\x61\x2c\xe1\x17" - "\xcc\xce\x51\x0c\x19\x8a\x82\x30" - "\x94\xd5\x3d\x6a\x53\x06\x5e\xbd" - "\xb7\xeb\xfa\xfd\x27\x51\xde\x85" - "\x1e\x86\x53\x11\x53\x94\x00\xee" - "\x2b\x8c\x08\x2a\xbf\xdd\xae\x11" - "\xcb\x1e\xa2\x07\x9a\x80\xcf\x62" - "\x9b\x09\xdc\x95\x3c\x96\x8e\xb1" - "\x09\xbd\xe4\xeb\xdb\xca\x70\x7a" - "\x9e\xfa\x31\x18\x45\x3c\x21\x33" - "\xb0\xb3\x2b\xea\xf3\x71\x2d\xe1" - "\x03\xad\x1b\x48\xd4\x67\x27\xf0" - "\x62\xe4\x3d\xfb\x9b\x08\x76\xe7" - "\xdd\x2b\x01\x39\x04\x5a\x58\x7a" - "\xf7\x11\x90\xec\xbd\x51\x5c\x32" - "\x6b\xd7\x35\x39\x02\x6b\xf2\xa6" - "\xd0\x0d\x07\xe1\x06\xc4\x5b\x7d" - "\xe4\x6a\xd7\xee\x15\x1f\x83\xb4" - "\xa3\xa7\x5e\xc3\x90\xb7\xef\xd3" - "\xb7\x4f\xf8\x92\x4c\xb7\x3c\x29" - "\xcd\x7e\x2b\x5d\x43\xea\x42\xe7" - "\x74\x3f\x7d\x58\x88\x75\xde\x3e", - .rlen = 512, - .also_non_np = 1, - .np = 3, - .tap = { 512 - 20, 4, 16 }, - } -}; - -static const struct cipher_testvec aes_lrw_dec_tv_template[] = { - /* from http://grouper.ieee.org/groups/1619/email/pdf00017.pdf */ - /* same as enc vectors with input and result reversed */ - { /* LRW-32-AES 1 */ - .key = "\x45\x62\xac\x25\xf8\x28\x17\x6d" - "\x4c\x26\x84\x14\xb5\x68\x01\x85" - "\x25\x8e\x2a\x05\xe7\x3e\x9d\x03" - "\xee\x5a\x83\x0c\xcc\x09\x4c\x87", - .klen = 32, - .iv = "\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x01", - .input = "\xf1\xb2\x73\xcd\x65\xa3\xdf\x5f" - "\xe9\x5d\x48\x92\x54\x63\x4e\xb8", - .ilen = 16, - .result = "\x30\x31\x32\x33\x34\x35\x36\x37" - "\x38\x39\x41\x42\x43\x44\x45\x46", - .rlen = 16, - }, { /* LRW-32-AES 2 */ - .key = "\x59\x70\x47\x14\xf5\x57\x47\x8c" - "\xd7\x79\xe8\x0f\x54\x88\x79\x44" - "\x0d\x48\xf0\xb7\xb1\x5a\x53\xea" - "\x1c\xaa\x6b\x29\xc2\xca\xfb\xaf", - .klen = 32, - .iv = "\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x02", - .input = "\x00\xc8\x2b\xae\x95\xbb\xcd\xe5" - "\x27\x4f\x07\x69\xb2\x60\xe1\x36", - .ilen = 16, - .result = "\x30\x31\x32\x33\x34\x35\x36\x37" - "\x38\x39\x41\x42\x43\x44\x45\x46", - .rlen = 16, - }, { /* LRW-32-AES 3 */ - .key = "\xd8\x2a\x91\x34\xb2\x6a\x56\x50" - "\x30\xfe\x69\xe2\x37\x7f\x98\x47" - "\xcd\xf9\x0b\x16\x0c\x64\x8f\xb6" - "\xb0\x0d\x0d\x1b\xae\x85\x87\x1f", - .klen = 32, - .iv = "\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x02\x00\x00\x00\x00", - .input = "\x76\x32\x21\x83\xed\x8f\xf1\x82" - "\xf9\x59\x62\x03\x69\x0e\x5e\x01", - .ilen = 16, - .result = "\x30\x31\x32\x33\x34\x35\x36\x37" - "\x38\x39\x41\x42\x43\x44\x45\x46", - .rlen = 16, - }, { /* LRW-32-AES 4 */ - .key = "\x0f\x6a\xef\xf8\xd3\xd2\xbb\x15" - "\x25\x83\xf7\x3c\x1f\x01\x28\x74" - "\xca\xc6\xbc\x35\x4d\x4a\x65\x54" - "\x90\xae\x61\xcf\x7b\xae\xbd\xcc" - "\xad\xe4\x94\xc5\x4a\x29\xae\x70", - .klen = 40, - .iv = "\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x01", - .input = "\x9c\x0f\x15\x2f\x55\xa2\xd8\xf0" - "\xd6\x7b\x8f\x9e\x28\x22\xbc\x41", - .ilen = 16, - .result = "\x30\x31\x32\x33\x34\x35\x36\x37" - "\x38\x39\x41\x42\x43\x44\x45\x46", - .rlen = 16, - }, { /* LRW-32-AES 5 */ - .key = "\x8a\xd4\xee\x10\x2f\xbd\x81\xff" - "\xf8\x86\xce\xac\x93\xc5\xad\xc6" - "\xa0\x19\x07\xc0\x9d\xf7\xbb\xdd" - "\x52\x13\xb2\xb7\xf0\xff\x11\xd8" - "\xd6\x08\xd0\xcd\x2e\xb1\x17\x6f", - .klen = 40, - .iv = "\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x02\x00\x00\x00\x00", - .input = "\xd4\x27\x6a\x7f\x14\x91\x3d\x65" - "\xc8\x60\x48\x02\x87\xe3\x34\x06", - .ilen = 16, - .result = "\x30\x31\x32\x33\x34\x35\x36\x37" - "\x38\x39\x41\x42\x43\x44\x45\x46", - .rlen = 16, - }, { /* LRW-32-AES 6 */ - .key = "\xf8\xd4\x76\xff\xd6\x46\xee\x6c" - "\x23\x84\xcb\x1c\x77\xd6\x19\x5d" - "\xfe\xf1\xa9\xf3\x7b\xbc\x8d\x21" - "\xa7\x9c\x21\xf8\xcb\x90\x02\x89" - "\xa8\x45\x34\x8e\xc8\xc5\xb5\xf1" - "\x26\xf5\x0e\x76\xfe\xfd\x1b\x1e", - .klen = 48, - .iv = "\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x01", - .input = "\xbd\x06\xb8\xe1\xdb\x98\x89\x9e" - "\xc4\x98\xe4\x91\xcf\x1c\x70\x2b", - .ilen = 16, - .result = "\x30\x31\x32\x33\x34\x35\x36\x37" - "\x38\x39\x41\x42\x43\x44\x45\x46", - .rlen = 16, - }, { /* LRW-32-AES 7 */ - .key = "\xfb\x76\x15\xb2\x3d\x80\x89\x1d" - "\xd4\x70\x98\x0b\xc7\x95\x84\xc8" - "\xb2\xfb\x64\xce\x60\x97\x87\x8d" - "\x17\xfc\xe4\x5a\x49\xe8\x30\xb7" - "\x6e\x78\x17\xe7\x2d\x5e\x12\xd4" - "\x60\x64\x04\x7a\xf1\x2f\x9e\x0c", - .klen = 48, - .iv = "\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x02\x00\x00\x00\x00", - .input = "\x5b\x90\x8e\xc1\xab\xdd\x67\x5f" - "\x3d\x69\x8a\x95\x53\xc8\x9c\xe5", - .ilen = 16, - .result = "\x30\x31\x32\x33\x34\x35\x36\x37" - "\x38\x39\x41\x42\x43\x44\x45\x46", - .rlen = 16, - }, { -/* http://www.mail-archive.com/stds-p1619@listserv.ieee.org/msg00173.html */ - .key = "\xf8\xd4\x76\xff\xd6\x46\xee\x6c" - "\x23\x84\xcb\x1c\x77\xd6\x19\x5d" - "\xfe\xf1\xa9\xf3\x7b\xbc\x8d\x21" - "\xa7\x9c\x21\xf8\xcb\x90\x02\x89" - "\xa8\x45\x34\x8e\xc8\xc5\xb5\xf1" - "\x26\xf5\x0e\x76\xfe\xfd\x1b\x1e", - .klen = 48, - .iv = "\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x01", - .input = "\x1a\x1d\xa9\x30\xad\xf9\x2f\x9b" + .ctext = "\x1a\x1d\xa9\x30\xad\xf9\x2f\x9b" "\xb6\x1d\xae\xef\xf0\x2f\xf8\x5a" "\x39\x3c\xbf\x2a\xb2\x45\xb2\x23" "\x1b\x63\x3c\xcf\xaa\xbe\xcf\x4e" @@ -20660,79 +13965,14 @@ static const struct cipher_testvec aes_lrw_dec_tv_template[] = { "\xb7\x4f\xf8\x92\x4c\xb7\x3c\x29" "\xcd\x7e\x2b\x5d\x43\xea\x42\xe7" "\x74\x3f\x7d\x58\x88\x75\xde\x3e", - .ilen = 512, - .result = "\x05\x11\xb7\x18\xab\xc6\x2d\xac" - "\x70\x5d\xf6\x22\x94\xcd\xe5\x6c" - "\x17\x6b\xf6\x1c\xf0\xf3\x6e\xf8" - "\x50\x38\x1f\x71\x49\xb6\x57\xd6" - "\x8f\xcb\x8d\x6b\xe3\xa6\x29\x90" - "\xfe\x2a\x62\x82\xae\x6d\x8b\xf6" - "\xad\x1e\x9e\x20\x5f\x38\xbe\x04" - "\xda\x10\x8e\xed\xa2\xa4\x87\xab" - "\xda\x6b\xb4\x0c\x75\xba\xd3\x7c" - "\xc9\xac\x42\x31\x95\x7c\xc9\x04" - "\xeb\xd5\x6e\x32\x69\x8a\xdb\xa6" - "\x15\xd7\x3f\x4f\x2f\x66\x69\x03" - "\x9c\x1f\x54\x0f\xde\x1f\xf3\x65" - "\x4c\x96\x12\xed\x7c\x92\x03\x01" - "\x6f\xbc\x35\x93\xac\xf1\x27\xf1" - "\xb4\x96\x82\x5a\x5f\xb0\xa0\x50" - "\x89\xa4\x8e\x66\x44\x85\xcc\xfd" - "\x33\x14\x70\xe3\x96\xb2\xc3\xd3" - "\xbb\x54\x5a\x1a\xf9\x74\xa2\xc5" - "\x2d\x64\x75\xdd\xb4\x54\xe6\x74" - "\x8c\xd3\x9d\x9e\x86\xab\x51\x53" - "\xb7\x93\x3e\x6f\xd0\x4e\x2c\x40" - "\xf6\xa8\x2e\x3e\x9d\xf4\x66\xa5" - "\x76\x12\x73\x44\x1a\x56\xd7\x72" - "\x88\xcd\x21\x8c\x4c\x0f\xfe\xda" - "\x95\xe0\x3a\xa6\xa5\x84\x46\xcd" - "\xd5\x3e\x9d\x3a\xe2\x67\xe6\x60" - "\x1a\xe2\x70\x85\x58\xc2\x1b\x09" - "\xe1\xd7\x2c\xca\xad\xa8\x8f\xf9" - "\xac\xb3\x0e\xdb\xca\x2e\xe2\xb8" - "\x51\x71\xd9\x3c\x6c\xf1\x56\xf8" - "\xea\x9c\xf1\xfb\x0c\xe6\xb7\x10" - "\x1c\xf8\xa9\x7c\xe8\x53\x35\xc1" - "\x90\x3e\x76\x4a\x74\xa4\x21\x2c" - "\xf6\x2c\x4e\x0f\x94\x3a\x88\x2e" - "\x41\x09\x6a\x33\x7d\xf6\xdd\x3f" - "\x8d\x23\x31\x74\x84\xeb\x88\x6e" - "\xcc\xb9\xbc\x22\x83\x19\x07\x22" - "\xa5\x2d\xdf\xa5\xf3\x80\x85\x78" - "\x84\x39\x6a\x6d\x6a\x99\x4f\xa5" - "\x15\xfe\x46\xb0\xe4\x6c\xa5\x41" - "\x3c\xce\x8f\x42\x60\x71\xa7\x75" - "\x08\x40\x65\x8a\x82\xbf\xf5\x43" - "\x71\x96\xa9\x4d\x44\x8a\x20\xbe" - "\xfa\x4d\xbb\xc0\x7d\x31\x96\x65" - "\xe7\x75\xe5\x3e\xfd\x92\x3b\xc9" - "\x55\xbb\x16\x7e\xf7\xc2\x8c\xa4" - "\x40\x1d\xe5\xef\x0e\xdf\xe4\x9a" - "\x62\x73\x65\xfd\x46\x63\x25\x3d" - "\x2b\xaf\xe5\x64\xfe\xa5\x5c\xcf" - "\x24\xf3\xb4\xac\x64\xba\xdf\x4b" - "\xc6\x96\x7d\x81\x2d\x8d\x97\xf7" - "\xc5\x68\x77\x84\x32\x2b\xcc\x85" - "\x74\x96\xf0\x12\x77\x61\xb9\xeb" - "\x71\xaa\x82\xcb\x1c\xdb\x89\xc8" - "\xc6\xb5\xe3\x5c\x7d\x39\x07\x24" - "\xda\x39\x87\x45\xc0\x2b\xbb\x01" - "\xac\xbc\x2a\x5c\x7f\xfc\xe8\xce" - "\x6d\x9c\x6f\xed\xd3\xc1\xa1\xd6" - "\xc5\x55\xa9\x66\x2f\xe1\xc8\x32" - "\xa6\x5d\xa4\x3a\x98\x73\xe8\x45" - "\xa4\xc7\xa8\xb4\xf6\x13\x03\xf6" - "\xe9\x2e\xc4\x29\x0f\x84\xdb\xc4" - "\x21\xc4\xc2\x75\x67\x89\x37\x0a", - .rlen = 512, + .len = 512, .also_non_np = 1, .np = 3, .tap = { 512 - 20, 4, 16 }, } }; -static const struct cipher_testvec aes_xts_enc_tv_template[] = { +static const struct cipher_testvec aes_xts_tv_template[] = { /* http://grouper.ieee.org/groups/1619/email/pdf00086.pdf */ { /* XTS-AES 1 */ .key = "\x00\x00\x00\x00\x00\x00\x00\x00" @@ -20743,16 +13983,15 @@ static const struct cipher_testvec aes_xts_enc_tv_template[] = { .fips_skip = 1, .iv = "\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00", - .input = "\x00\x00\x00\x00\x00\x00\x00\x00" + .ptext = "\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00", - .ilen = 32, - .result = "\x91\x7c\xf6\x9e\xbd\x68\xb2\xec" + .ctext = "\x91\x7c\xf6\x9e\xbd\x68\xb2\xec" "\x9b\x9f\xe9\xa3\xea\xdd\xa6\x92" "\xcd\x43\xd2\xf5\x95\x98\xed\x85" "\x8c\x02\xc2\x65\x2f\xbf\x92\x2e", - .rlen = 32, + .len = 32, }, { /* XTS-AES 2 */ .key = "\x11\x11\x11\x11\x11\x11\x11\x11" "\x11\x11\x11\x11\x11\x11\x11\x11" @@ -20761,16 +14000,15 @@ static const struct cipher_testvec aes_xts_enc_tv_template[] = { .klen = 32, .iv = "\x33\x33\x33\x33\x33\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00", - .input = "\x44\x44\x44\x44\x44\x44\x44\x44" + .ptext = "\x44\x44\x44\x44\x44\x44\x44\x44" "\x44\x44\x44\x44\x44\x44\x44\x44" "\x44\x44\x44\x44\x44\x44\x44\x44" "\x44\x44\x44\x44\x44\x44\x44\x44", - .ilen = 32, - .result = "\xc4\x54\x18\x5e\x6a\x16\x93\x6e" + .ctext = "\xc4\x54\x18\x5e\x6a\x16\x93\x6e" "\x39\x33\x40\x38\xac\xef\x83\x8b" "\xfb\x18\x6f\xff\x74\x80\xad\xc4" "\x28\x93\x82\xec\xd6\xd3\x94\xf0", - .rlen = 32, + .len = 32, }, { /* XTS-AES 3 */ .key = "\xff\xfe\xfd\xfc\xfb\xfa\xf9\xf8" "\xf7\xf6\xf5\xf4\xf3\xf2\xf1\xf0" @@ -20779,16 +14017,15 @@ static const struct cipher_testvec aes_xts_enc_tv_template[] = { .klen = 32, .iv = "\x33\x33\x33\x33\x33\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00", - .input = "\x44\x44\x44\x44\x44\x44\x44\x44" + .ptext = "\x44\x44\x44\x44\x44\x44\x44\x44" "\x44\x44\x44\x44\x44\x44\x44\x44" "\x44\x44\x44\x44\x44\x44\x44\x44" "\x44\x44\x44\x44\x44\x44\x44\x44", - .ilen = 32, - .result = "\xaf\x85\x33\x6b\x59\x7a\xfc\x1a" + .ctext = "\xaf\x85\x33\x6b\x59\x7a\xfc\x1a" "\x90\x0b\x2e\xb2\x1e\xc9\x49\xd2" "\x92\xdf\x4c\x04\x7e\x0b\x21\x53" "\x21\x86\xa5\x97\x1a\x22\x7a\x89", - .rlen = 32, + .len = 32, }, { /* XTS-AES 4 */ .key = "\x27\x18\x28\x18\x28\x45\x90\x45" "\x23\x53\x60\x28\x74\x71\x35\x26" @@ -20797,7 +14034,7 @@ static const struct cipher_testvec aes_xts_enc_tv_template[] = { .klen = 32, .iv = "\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00", - .input = "\x00\x01\x02\x03\x04\x05\x06\x07" + .ptext = "\x00\x01\x02\x03\x04\x05\x06\x07" "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f" "\x10\x11\x12\x13\x14\x15\x16\x17" "\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f" @@ -20861,8 +14098,7 @@ static const struct cipher_testvec aes_xts_enc_tv_template[] = { "\xe8\xe9\xea\xeb\xec\xed\xee\xef" "\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7" "\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff", - .ilen = 512, - .result = "\x27\xa7\x47\x9b\xef\xa1\xd4\x76" + .ctext = "\x27\xa7\x47\x9b\xef\xa1\xd4\x76" "\x48\x9f\x30\x8c\xd4\xcf\xa6\xe2" "\xa9\x6e\x4b\xbe\x32\x08\xff\x25" "\x28\x7d\xd3\x81\x96\x16\xe8\x9c" @@ -20926,7 +14162,7 @@ static const struct cipher_testvec aes_xts_enc_tv_template[] = { "\xf2\x62\x73\x57\x79\xa4\x18\xf2" "\x0a\x28\x2d\xf9\x20\x14\x7b\xea" "\xbe\x42\x1e\xe5\x31\x9d\x05\x68", - .rlen = 512, + .len = 512, }, { /* XTS-AES 10, XTS-AES-256, data unit 512 bytes */ .key = "\x27\x18\x28\x18\x28\x45\x90\x45" "\x23\x53\x60\x28\x74\x71\x35\x26" @@ -20939,273 +14175,7 @@ static const struct cipher_testvec aes_xts_enc_tv_template[] = { .klen = 64, .iv = "\xff\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00", - .input = "\x00\x01\x02\x03\x04\x05\x06\x07" - "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f" - "\x10\x11\x12\x13\x14\x15\x16\x17" - "\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f" - "\x20\x21\x22\x23\x24\x25\x26\x27" - "\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f" - "\x30\x31\x32\x33\x34\x35\x36\x37" - "\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f" - "\x40\x41\x42\x43\x44\x45\x46\x47" - "\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f" - "\x50\x51\x52\x53\x54\x55\x56\x57" - "\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f" - "\x60\x61\x62\x63\x64\x65\x66\x67" - "\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f" - "\x70\x71\x72\x73\x74\x75\x76\x77" - "\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f" - "\x80\x81\x82\x83\x84\x85\x86\x87" - "\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f" - "\x90\x91\x92\x93\x94\x95\x96\x97" - "\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f" - "\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7" - "\xa8\xa9\xaa\xab\xac\xad\xae\xaf" - "\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7" - "\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf" - "\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7" - "\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf" - "\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7" - "\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf" - "\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7" - "\xe8\xe9\xea\xeb\xec\xed\xee\xef" - "\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7" - "\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff" - "\x00\x01\x02\x03\x04\x05\x06\x07" - "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f" - "\x10\x11\x12\x13\x14\x15\x16\x17" - "\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f" - "\x20\x21\x22\x23\x24\x25\x26\x27" - "\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f" - "\x30\x31\x32\x33\x34\x35\x36\x37" - "\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f" - "\x40\x41\x42\x43\x44\x45\x46\x47" - "\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f" - "\x50\x51\x52\x53\x54\x55\x56\x57" - "\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f" - "\x60\x61\x62\x63\x64\x65\x66\x67" - "\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f" - "\x70\x71\x72\x73\x74\x75\x76\x77" - "\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f" - "\x80\x81\x82\x83\x84\x85\x86\x87" - "\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f" - "\x90\x91\x92\x93\x94\x95\x96\x97" - "\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f" - "\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7" - "\xa8\xa9\xaa\xab\xac\xad\xae\xaf" - "\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7" - "\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf" - "\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7" - "\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf" - "\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7" - "\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf" - "\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7" - "\xe8\xe9\xea\xeb\xec\xed\xee\xef" - "\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7" - "\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff", - .ilen = 512, - .result = "\x1c\x3b\x3a\x10\x2f\x77\x03\x86" - "\xe4\x83\x6c\x99\xe3\x70\xcf\x9b" - "\xea\x00\x80\x3f\x5e\x48\x23\x57" - "\xa4\xae\x12\xd4\x14\xa3\xe6\x3b" - "\x5d\x31\xe2\x76\xf8\xfe\x4a\x8d" - "\x66\xb3\x17\xf9\xac\x68\x3f\x44" - "\x68\x0a\x86\xac\x35\xad\xfc\x33" - "\x45\xbe\xfe\xcb\x4b\xb1\x88\xfd" - "\x57\x76\x92\x6c\x49\xa3\x09\x5e" - "\xb1\x08\xfd\x10\x98\xba\xec\x70" - "\xaa\xa6\x69\x99\xa7\x2a\x82\xf2" - "\x7d\x84\x8b\x21\xd4\xa7\x41\xb0" - "\xc5\xcd\x4d\x5f\xff\x9d\xac\x89" - "\xae\xba\x12\x29\x61\xd0\x3a\x75" - "\x71\x23\xe9\x87\x0f\x8a\xcf\x10" - "\x00\x02\x08\x87\x89\x14\x29\xca" - "\x2a\x3e\x7a\x7d\x7d\xf7\xb1\x03" - "\x55\x16\x5c\x8b\x9a\x6d\x0a\x7d" - "\xe8\xb0\x62\xc4\x50\x0d\xc4\xcd" - "\x12\x0c\x0f\x74\x18\xda\xe3\xd0" - "\xb5\x78\x1c\x34\x80\x3f\xa7\x54" - "\x21\xc7\x90\xdf\xe1\xde\x18\x34" - "\xf2\x80\xd7\x66\x7b\x32\x7f\x6c" - "\x8c\xd7\x55\x7e\x12\xac\x3a\x0f" - "\x93\xec\x05\xc5\x2e\x04\x93\xef" - "\x31\xa1\x2d\x3d\x92\x60\xf7\x9a" - "\x28\x9d\x6a\x37\x9b\xc7\x0c\x50" - "\x84\x14\x73\xd1\xa8\xcc\x81\xec" - "\x58\x3e\x96\x45\xe0\x7b\x8d\x96" - "\x70\x65\x5b\xa5\xbb\xcf\xec\xc6" - "\xdc\x39\x66\x38\x0a\xd8\xfe\xcb" - "\x17\xb6\xba\x02\x46\x9a\x02\x0a" - "\x84\xe1\x8e\x8f\x84\x25\x20\x70" - "\xc1\x3e\x9f\x1f\x28\x9b\xe5\x4f" - "\xbc\x48\x14\x57\x77\x8f\x61\x60" - "\x15\xe1\x32\x7a\x02\xb1\x40\xf1" - "\x50\x5e\xb3\x09\x32\x6d\x68\x37" - "\x8f\x83\x74\x59\x5c\x84\x9d\x84" - "\xf4\xc3\x33\xec\x44\x23\x88\x51" - "\x43\xcb\x47\xbd\x71\xc5\xed\xae" - "\x9b\xe6\x9a\x2f\xfe\xce\xb1\xbe" - "\xc9\xde\x24\x4f\xbe\x15\x99\x2b" - "\x11\xb7\x7c\x04\x0f\x12\xbd\x8f" - "\x6a\x97\x5a\x44\xa0\xf9\x0c\x29" - "\xa9\xab\xc3\xd4\xd8\x93\x92\x72" - "\x84\xc5\x87\x54\xcc\xe2\x94\x52" - "\x9f\x86\x14\xdc\xd2\xab\xa9\x91" - "\x92\x5f\xed\xc4\xae\x74\xff\xac" - "\x6e\x33\x3b\x93\xeb\x4a\xff\x04" - "\x79\xda\x9a\x41\x0e\x44\x50\xe0" - "\xdd\x7a\xe4\xc6\xe2\x91\x09\x00" - "\x57\x5d\xa4\x01\xfc\x07\x05\x9f" - "\x64\x5e\x8b\x7e\x9b\xfd\xef\x33" - "\x94\x30\x54\xff\x84\x01\x14\x93" - "\xc2\x7b\x34\x29\xea\xed\xb4\xed" - "\x53\x76\x44\x1a\x77\xed\x43\x85" - "\x1a\xd7\x7f\x16\xf5\x41\xdf\xd2" - "\x69\xd5\x0d\x6a\x5f\x14\xfb\x0a" - "\xab\x1c\xbb\x4c\x15\x50\xbe\x97" - "\xf7\xab\x40\x66\x19\x3c\x4c\xaa" - "\x77\x3d\xad\x38\x01\x4b\xd2\x09" - "\x2f\xa7\x55\xc8\x24\xbb\x5e\x54" - "\xc4\xf3\x6f\xfd\xa9\xfc\xea\x70" - "\xb9\xc6\xe6\x93\xe1\x48\xc1\x51", - .rlen = 512, - .also_non_np = 1, - .np = 3, - .tap = { 512 - 20, 4, 16 }, - } -}; - -static const struct cipher_testvec aes_xts_dec_tv_template[] = { - /* http://grouper.ieee.org/groups/1619/email/pdf00086.pdf */ - { /* XTS-AES 1 */ - .key = "\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00", - .klen = 32, - .fips_skip = 1, - .iv = "\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00", - .input = "\x91\x7c\xf6\x9e\xbd\x68\xb2\xec" - "\x9b\x9f\xe9\xa3\xea\xdd\xa6\x92" - "\xcd\x43\xd2\xf5\x95\x98\xed\x85" - "\x8c\x02\xc2\x65\x2f\xbf\x92\x2e", - .ilen = 32, - .result = "\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00", - .rlen = 32, - }, { /* XTS-AES 2 */ - .key = "\x11\x11\x11\x11\x11\x11\x11\x11" - "\x11\x11\x11\x11\x11\x11\x11\x11" - "\x22\x22\x22\x22\x22\x22\x22\x22" - "\x22\x22\x22\x22\x22\x22\x22\x22", - .klen = 32, - .iv = "\x33\x33\x33\x33\x33\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00", - .input = "\xc4\x54\x18\x5e\x6a\x16\x93\x6e" - "\x39\x33\x40\x38\xac\xef\x83\x8b" - "\xfb\x18\x6f\xff\x74\x80\xad\xc4" - "\x28\x93\x82\xec\xd6\xd3\x94\xf0", - .ilen = 32, - .result = "\x44\x44\x44\x44\x44\x44\x44\x44" - "\x44\x44\x44\x44\x44\x44\x44\x44" - "\x44\x44\x44\x44\x44\x44\x44\x44" - "\x44\x44\x44\x44\x44\x44\x44\x44", - .rlen = 32, - }, { /* XTS-AES 3 */ - .key = "\xff\xfe\xfd\xfc\xfb\xfa\xf9\xf8" - "\xf7\xf6\xf5\xf4\xf3\xf2\xf1\xf0" - "\x22\x22\x22\x22\x22\x22\x22\x22" - "\x22\x22\x22\x22\x22\x22\x22\x22", - .klen = 32, - .iv = "\x33\x33\x33\x33\x33\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00", - .input = "\xaf\x85\x33\x6b\x59\x7a\xfc\x1a" - "\x90\x0b\x2e\xb2\x1e\xc9\x49\xd2" - "\x92\xdf\x4c\x04\x7e\x0b\x21\x53" - "\x21\x86\xa5\x97\x1a\x22\x7a\x89", - .ilen = 32, - .result = "\x44\x44\x44\x44\x44\x44\x44\x44" - "\x44\x44\x44\x44\x44\x44\x44\x44" - "\x44\x44\x44\x44\x44\x44\x44\x44" - "\x44\x44\x44\x44\x44\x44\x44\x44", - .rlen = 32, - }, { /* XTS-AES 4 */ - .key = "\x27\x18\x28\x18\x28\x45\x90\x45" - "\x23\x53\x60\x28\x74\x71\x35\x26" - "\x31\x41\x59\x26\x53\x58\x97\x93" - "\x23\x84\x62\x64\x33\x83\x27\x95", - .klen = 32, - .iv = "\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00", - .input = "\x27\xa7\x47\x9b\xef\xa1\xd4\x76" - "\x48\x9f\x30\x8c\xd4\xcf\xa6\xe2" - "\xa9\x6e\x4b\xbe\x32\x08\xff\x25" - "\x28\x7d\xd3\x81\x96\x16\xe8\x9c" - "\xc7\x8c\xf7\xf5\xe5\x43\x44\x5f" - "\x83\x33\xd8\xfa\x7f\x56\x00\x00" - "\x05\x27\x9f\xa5\xd8\xb5\xe4\xad" - "\x40\xe7\x36\xdd\xb4\xd3\x54\x12" - "\x32\x80\x63\xfd\x2a\xab\x53\xe5" - "\xea\x1e\x0a\x9f\x33\x25\x00\xa5" - "\xdf\x94\x87\xd0\x7a\x5c\x92\xcc" - "\x51\x2c\x88\x66\xc7\xe8\x60\xce" - "\x93\xfd\xf1\x66\xa2\x49\x12\xb4" - "\x22\x97\x61\x46\xae\x20\xce\x84" - "\x6b\xb7\xdc\x9b\xa9\x4a\x76\x7a" - "\xae\xf2\x0c\x0d\x61\xad\x02\x65" - "\x5e\xa9\x2d\xc4\xc4\xe4\x1a\x89" - "\x52\xc6\x51\xd3\x31\x74\xbe\x51" - "\xa1\x0c\x42\x11\x10\xe6\xd8\x15" - "\x88\xed\xe8\x21\x03\xa2\x52\xd8" - "\xa7\x50\xe8\x76\x8d\xef\xff\xed" - "\x91\x22\x81\x0a\xae\xb9\x9f\x91" - "\x72\xaf\x82\xb6\x04\xdc\x4b\x8e" - "\x51\xbc\xb0\x82\x35\xa6\xf4\x34" - "\x13\x32\xe4\xca\x60\x48\x2a\x4b" - "\xa1\xa0\x3b\x3e\x65\x00\x8f\xc5" - "\xda\x76\xb7\x0b\xf1\x69\x0d\xb4" - "\xea\xe2\x9c\x5f\x1b\xad\xd0\x3c" - "\x5c\xcf\x2a\x55\xd7\x05\xdd\xcd" - "\x86\xd4\x49\x51\x1c\xeb\x7e\xc3" - "\x0b\xf1\x2b\x1f\xa3\x5b\x91\x3f" - "\x9f\x74\x7a\x8a\xfd\x1b\x13\x0e" - "\x94\xbf\xf9\x4e\xff\xd0\x1a\x91" - "\x73\x5c\xa1\x72\x6a\xcd\x0b\x19" - "\x7c\x4e\x5b\x03\x39\x36\x97\xe1" - "\x26\x82\x6f\xb6\xbb\xde\x8e\xcc" - "\x1e\x08\x29\x85\x16\xe2\xc9\xed" - "\x03\xff\x3c\x1b\x78\x60\xf6\xde" - "\x76\xd4\xce\xcd\x94\xc8\x11\x98" - "\x55\xef\x52\x97\xca\x67\xe9\xf3" - "\xe7\xff\x72\xb1\xe9\x97\x85\xca" - "\x0a\x7e\x77\x20\xc5\xb3\x6d\xc6" - "\xd7\x2c\xac\x95\x74\xc8\xcb\xbc" - "\x2f\x80\x1e\x23\xe5\x6f\xd3\x44" - "\xb0\x7f\x22\x15\x4b\xeb\xa0\xf0" - "\x8c\xe8\x89\x1e\x64\x3e\xd9\x95" - "\xc9\x4d\x9a\x69\xc9\xf1\xb5\xf4" - "\x99\x02\x7a\x78\x57\x2a\xee\xbd" - "\x74\xd2\x0c\xc3\x98\x81\xc2\x13" - "\xee\x77\x0b\x10\x10\xe4\xbe\xa7" - "\x18\x84\x69\x77\xae\x11\x9f\x7a" - "\x02\x3a\xb5\x8c\xca\x0a\xd7\x52" - "\xaf\xe6\x56\xbb\x3c\x17\x25\x6a" - "\x9f\x6e\x9b\xf1\x9f\xdd\x5a\x38" - "\xfc\x82\xbb\xe8\x72\xc5\x53\x9e" - "\xdb\x60\x9e\xf4\xf7\x9c\x20\x3e" - "\xbb\x14\x0f\x2e\x58\x3c\xb2\xad" - "\x15\xb4\xaa\x5b\x65\x50\x16\xa8" - "\x44\x92\x77\xdb\xd4\x77\xef\x2c" - "\x8d\x6c\x01\x7d\xb7\x38\xb1\x8d" - "\xeb\x4a\x42\x7d\x19\x23\xce\x3f" - "\xf2\x62\x73\x57\x79\xa4\x18\xf2" - "\x0a\x28\x2d\xf9\x20\x14\x7b\xea" - "\xbe\x42\x1e\xe5\x31\x9d\x05\x68", - .ilen = 512, - .result = "\x00\x01\x02\x03\x04\x05\x06\x07" + .ptext = "\x00\x01\x02\x03\x04\x05\x06\x07" "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f" "\x10\x11\x12\x13\x14\x15\x16\x17" "\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f" @@ -21269,20 +14239,7 @@ static const struct cipher_testvec aes_xts_dec_tv_template[] = { "\xe8\xe9\xea\xeb\xec\xed\xee\xef" "\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7" "\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff", - .rlen = 512, - }, { /* XTS-AES 10, XTS-AES-256, data unit 512 bytes */ - .key = "\x27\x18\x28\x18\x28\x45\x90\x45" - "\x23\x53\x60\x28\x74\x71\x35\x26" - "\x62\x49\x77\x57\x24\x70\x93\x69" - "\x99\x59\x57\x49\x66\x96\x76\x27" - "\x31\x41\x59\x26\x53\x58\x97\x93" - "\x23\x84\x62\x64\x33\x83\x27\x95" - "\x02\x88\x41\x97\x16\x93\x99\x37" - "\x51\x05\x82\x09\x74\x94\x45\x92", - .klen = 64, - .iv = "\xff\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00", - .input = "\x1c\x3b\x3a\x10\x2f\x77\x03\x86" + .ctext = "\x1c\x3b\x3a\x10\x2f\x77\x03\x86" "\xe4\x83\x6c\x99\xe3\x70\xcf\x9b" "\xea\x00\x80\x3f\x5e\x48\x23\x57" "\xa4\xae\x12\xd4\x14\xa3\xe6\x3b" @@ -21346,87 +14303,21 @@ static const struct cipher_testvec aes_xts_dec_tv_template[] = { "\x2f\xa7\x55\xc8\x24\xbb\x5e\x54" "\xc4\xf3\x6f\xfd\xa9\xfc\xea\x70" "\xb9\xc6\xe6\x93\xe1\x48\xc1\x51", - .ilen = 512, - .result = "\x00\x01\x02\x03\x04\x05\x06\x07" - "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f" - "\x10\x11\x12\x13\x14\x15\x16\x17" - "\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f" - "\x20\x21\x22\x23\x24\x25\x26\x27" - "\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f" - "\x30\x31\x32\x33\x34\x35\x36\x37" - "\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f" - "\x40\x41\x42\x43\x44\x45\x46\x47" - "\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f" - "\x50\x51\x52\x53\x54\x55\x56\x57" - "\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f" - "\x60\x61\x62\x63\x64\x65\x66\x67" - "\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f" - "\x70\x71\x72\x73\x74\x75\x76\x77" - "\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f" - "\x80\x81\x82\x83\x84\x85\x86\x87" - "\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f" - "\x90\x91\x92\x93\x94\x95\x96\x97" - "\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f" - "\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7" - "\xa8\xa9\xaa\xab\xac\xad\xae\xaf" - "\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7" - "\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf" - "\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7" - "\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf" - "\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7" - "\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf" - "\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7" - "\xe8\xe9\xea\xeb\xec\xed\xee\xef" - "\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7" - "\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff" - "\x00\x01\x02\x03\x04\x05\x06\x07" - "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f" - "\x10\x11\x12\x13\x14\x15\x16\x17" - "\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f" - "\x20\x21\x22\x23\x24\x25\x26\x27" - "\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f" - "\x30\x31\x32\x33\x34\x35\x36\x37" - "\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f" - "\x40\x41\x42\x43\x44\x45\x46\x47" - "\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f" - "\x50\x51\x52\x53\x54\x55\x56\x57" - "\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f" - "\x60\x61\x62\x63\x64\x65\x66\x67" - "\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f" - "\x70\x71\x72\x73\x74\x75\x76\x77" - "\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f" - "\x80\x81\x82\x83\x84\x85\x86\x87" - "\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f" - "\x90\x91\x92\x93\x94\x95\x96\x97" - "\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f" - "\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7" - "\xa8\xa9\xaa\xab\xac\xad\xae\xaf" - "\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7" - "\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf" - "\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7" - "\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf" - "\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7" - "\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf" - "\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7" - "\xe8\xe9\xea\xeb\xec\xed\xee\xef" - "\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7" - "\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff", - .rlen = 512, + .len = 512, .also_non_np = 1, .np = 3, .tap = { 512 - 20, 4, 16 }, } }; - -static const struct cipher_testvec aes_ctr_enc_tv_template[] = { +static const struct cipher_testvec aes_ctr_tv_template[] = { { /* From NIST Special Publication 800-38A, Appendix F.5 */ .key = "\x2b\x7e\x15\x16\x28\xae\xd2\xa6" "\xab\xf7\x15\x88\x09\xcf\x4f\x3c", .klen = 16, .iv = "\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7" "\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff", - .input = "\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96" + .ptext = "\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96" "\xe9\x3d\x7e\x11\x73\x93\x17\x2a" "\xae\x2d\x8a\x57\x1e\x03\xac\x9c" "\x9e\xb7\x6f\xac\x45\xaf\x8e\x51" @@ -21434,8 +14325,7 @@ static const struct cipher_testvec aes_ctr_enc_tv_template[] = { "\xe5\xfb\xc1\x19\x1a\x0a\x52\xef" "\xf6\x9f\x24\x45\xdf\x4f\x9b\x17" "\xad\x2b\x41\x7b\xe6\x6c\x37\x10", - .ilen = 64, - .result = "\x87\x4d\x61\x91\xb6\x20\xe3\x26" + .ctext = "\x87\x4d\x61\x91\xb6\x20\xe3\x26" "\x1b\xef\x68\x64\x99\x0d\xb6\xce" "\x98\x06\xf6\x6b\x79\x70\xfd\xff" "\x86\x17\x18\x7b\xb9\xff\xfd\xff" @@ -21443,7 +14333,7 @@ static const struct cipher_testvec aes_ctr_enc_tv_template[] = { "\x5b\x4f\x09\x02\x0d\xb0\x3e\xab" "\x1e\x03\x1d\xda\x2f\xbe\x03\xd1" "\x79\x21\x70\xa0\xf3\x00\x9c\xee", - .rlen = 64, + .len = 64, }, { .key = "\x8e\x73\xb0\xf7\xda\x0e\x64\x52" "\xc8\x10\xf3\x2b\x80\x90\x79\xe5" @@ -21451,7 +14341,7 @@ static const struct cipher_testvec aes_ctr_enc_tv_template[] = { .klen = 24, .iv = "\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7" "\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff", - .input = "\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96" + .ptext = "\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96" "\xe9\x3d\x7e\x11\x73\x93\x17\x2a" "\xae\x2d\x8a\x57\x1e\x03\xac\x9c" "\x9e\xb7\x6f\xac\x45\xaf\x8e\x51" @@ -21459,8 +14349,7 @@ static const struct cipher_testvec aes_ctr_enc_tv_template[] = { "\xe5\xfb\xc1\x19\x1a\x0a\x52\xef" "\xf6\x9f\x24\x45\xdf\x4f\x9b\x17" "\xad\x2b\x41\x7b\xe6\x6c\x37\x10", - .ilen = 64, - .result = "\x1a\xbc\x93\x24\x17\x52\x1c\xa2" + .ctext = "\x1a\xbc\x93\x24\x17\x52\x1c\xa2" "\x4f\x2b\x04\x59\xfe\x7e\x6e\x0b" "\x09\x03\x39\xec\x0a\xa6\xfa\xef" "\xd5\xcc\xc2\xc6\xf4\xce\x8e\x94" @@ -21468,7 +14357,7 @@ static const struct cipher_testvec aes_ctr_enc_tv_template[] = { "\xd1\xbd\x1d\x66\x56\x20\xab\xf7" "\x4f\x78\xa7\xf6\xd2\x98\x09\x58" "\x5a\x97\xda\xec\x58\xc6\xb0\x50", - .rlen = 64, + .len = 64, }, { .key = "\x60\x3d\xeb\x10\x15\xca\x71\xbe" "\x2b\x73\xae\xf0\x85\x7d\x77\x81" @@ -21477,7 +14366,7 @@ static const struct cipher_testvec aes_ctr_enc_tv_template[] = { .klen = 32, .iv = "\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7" "\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff", - .input = "\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96" + .ptext = "\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96" "\xe9\x3d\x7e\x11\x73\x93\x17\x2a" "\xae\x2d\x8a\x57\x1e\x03\xac\x9c" "\x9e\xb7\x6f\xac\x45\xaf\x8e\x51" @@ -21485,8 +14374,7 @@ static const struct cipher_testvec aes_ctr_enc_tv_template[] = { "\xe5\xfb\xc1\x19\x1a\x0a\x52\xef" "\xf6\x9f\x24\x45\xdf\x4f\x9b\x17" "\xad\x2b\x41\x7b\xe6\x6c\x37\x10", - .ilen = 64, - .result = "\x60\x1e\xc3\x13\x77\x57\x89\xa5" + .ctext = "\x60\x1e\xc3\x13\x77\x57\x89\xa5" "\xb7\xa7\xf5\x04\xbb\xf3\xd2\x28" "\xf4\x43\xe3\xca\x4d\x62\xb5\x9a" "\xca\x84\xe9\x90\xca\xca\xf5\xc5" @@ -21494,7 +14382,7 @@ static const struct cipher_testvec aes_ctr_enc_tv_template[] = { "\xe8\x70\x17\xba\x2d\x84\x98\x8d" "\xdf\xc9\xc5\x8d\xb6\x7a\xad\xa6" "\x13\xc2\xdd\x08\x45\x79\x41\xa6", - .rlen = 64, + .len = 64, }, { /* Generated with Crypto++ */ .key = "\xC9\x83\xA6\xC9\xEC\x0F\x32\x55" "\x0F\x32\x55\x78\x9B\xBE\x78\x9B" @@ -21503,7 +14391,7 @@ static const struct cipher_testvec aes_ctr_enc_tv_template[] = { .klen = 32, .iv = "\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF" "\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFD", - .input = "\x50\xB9\x22\xAE\x17\x80\x0C\x75" + .ptext = "\x50\xB9\x22\xAE\x17\x80\x0C\x75" "\xDE\x47\xD3\x3C\xA5\x0E\x9A\x03" "\x6C\xF8\x61\xCA\x33\xBF\x28\x91" "\x1D\x86\xEF\x58\xE4\x4D\xB6\x1F" @@ -21565,8 +14453,7 @@ static const struct cipher_testvec aes_ctr_enc_tv_template[] = { "\xAE\x17\xA3\x0C\x75\x01\x6A\xD3" "\x3C\xC8\x31\x9A\x03\x8F\xF8\x61" "\xED\x56\xBF\x28\xB4\x1D\x86\x12", - .ilen = 496, - .result = "\x04\xF3\xD3\x88\x17\xEF\xDC\xEF" + .ctext = "\x04\xF3\xD3\x88\x17\xEF\xDC\xEF" "\x8B\x04\xF8\x3A\x66\x8D\x1A\x53" "\x57\x1F\x4B\x23\xE4\xA0\xAF\xF9" "\x69\x95\x35\x98\x8D\x4D\x8C\xC1" @@ -21628,7 +14515,7 @@ static const struct cipher_testvec aes_ctr_enc_tv_template[] = { "\x10\x09\x9B\x46\x9B\xF2\x2C\x2B" "\xFA\x3A\x05\x4C\xFA\xD1\xFF\xFE" "\xF1\x4C\xE5\xB2\x91\x64\x0C\x51", - .rlen = 496, + .len = 496, .also_non_np = 1, .np = 3, .tap = { 496 - 20, 4, 16 }, @@ -21640,7 +14527,7 @@ static const struct cipher_testvec aes_ctr_enc_tv_template[] = { .klen = 32, .iv = "\xE7\x82\x1D\xB8\x53\x11\xAC\x47" "\xE2\x7D\x18\xD6\x71\x0C\xA7\x42", - .input = "\x50\xB9\x22\xAE\x17\x80\x0C\x75" + .ptext = "\x50\xB9\x22\xAE\x17\x80\x0C\x75" "\xDE\x47\xD3\x3C\xA5\x0E\x9A\x03" "\x6C\xF8\x61\xCA\x33\xBF\x28\x91" "\x1D\x86\xEF\x58\xE4\x4D\xB6\x1F" @@ -21703,299 +14590,7 @@ static const struct cipher_testvec aes_ctr_enc_tv_template[] = { "\x3C\xC8\x31\x9A\x03\x8F\xF8\x61" "\xED\x56\xBF\x28\xB4\x1D\x86\x12" "\x7B\xE4\x4D", - .ilen = 499, - .result = "\xDA\x4E\x3F\xBC\xE8\xB6\x3A\xA2" - "\xD5\x4D\x84\x4A\xA9\x0C\xE1\xA5" - "\xB8\x73\xBC\xF9\xBB\x59\x2F\x44" - "\x8B\xAB\x82\x6C\xB4\x32\x9A\xDE" - "\x5A\x0B\xDB\x7A\x6B\xF2\x38\x9F" - "\x06\xF7\xF7\xFF\xFF\xC0\x8A\x2E" - "\x76\xEA\x06\x32\x23\xF3\x59\x2E" - "\x75\xDE\x71\x86\x3C\x98\x23\x44" - "\x5B\xF2\xFA\x6A\x00\xBB\xC1\xAD" - "\x58\xBD\x3E\x6F\x2E\xB4\x19\x04" - "\x70\x8B\x92\x55\x23\xE9\x6A\x3A" - "\x78\x7A\x1B\x10\x85\x52\x9C\x12" - "\xE4\x55\x81\x21\xCE\x53\xD0\x3B" - "\x63\x77\x2C\x74\xD1\xF5\x60\xF3" - "\xA1\xDE\x44\x3C\x8F\x4D\x2F\xDD" - "\x8A\xFE\x3C\x42\x8E\xD3\xF2\x8E" - "\xA8\x28\x69\x65\x31\xE1\x45\x83" - "\xE4\x49\xC4\x9C\xA7\x28\xAA\x21" - "\xCD\x5D\x0F\x15\xB7\x93\x07\x26" - "\xB0\x65\x6D\x91\x90\x23\x7A\xC6" - "\xDB\x68\xB0\xA1\x8E\xA4\x76\x4E" - "\xC6\x91\x83\x20\x92\x4D\x63\x7A" - "\x45\x18\x18\x74\x19\xAD\x71\x01" - "\x6B\x23\xAD\x9D\x4E\xE4\x6E\x46" - "\xC9\x73\x7A\xF9\x02\x95\xF4\x07" - "\x0E\x7A\xA6\xC5\xAE\xFA\x15\x2C" - "\x51\x71\xF1\xDC\x22\xB6\xAC\xD8" - "\x19\x24\x44\xBC\x0C\xFB\x3C\x2D" - "\xB1\x50\x47\x15\x0E\xDB\xB6\xD7" - "\xE8\x61\xE5\x95\x52\x1E\x3E\x49" - "\x70\xE9\x66\x04\x4C\xE1\xAF\xBD" - "\xDD\x15\x3B\x20\x59\x24\xFF\xB0" - "\x39\xAA\xE7\xBF\x23\xA3\x6E\xD5" - "\x15\xF0\x61\x4F\xAE\x89\x10\x58" - "\x5A\x33\x95\x52\x2A\xB5\x77\x9C" - "\xA5\x43\x80\x40\x27\x2D\xAE\xD9" - "\x3F\xE0\x80\x94\x78\x79\xCB\x7E" - "\xAD\x12\x44\x4C\xEC\x27\xB0\xEE" - "\x0B\x05\x2A\x82\x99\x58\xBB\x7A" - "\x8D\x6D\x9D\x8E\xE2\x8E\xE7\x93" - "\x2F\xB3\x09\x8D\x06\xD5\xEE\x70" - "\x16\xAE\x35\xC5\x52\x0F\x46\x1F" - "\x71\xF9\x5E\xF2\x67\xDC\x98\x2F" - "\xA3\x23\xAA\xD5\xD0\x49\xF4\xA6" - "\xF6\xB8\x32\xCD\xD6\x85\x73\x60" - "\x59\x20\xE7\x55\x0E\x91\xE2\x0C" - "\x3F\x1C\xEB\x3D\xDF\x52\x64\xF2" - "\x7D\x8B\x5D\x63\x16\xB9\xB2\x5D" - "\x5E\xAB\xB2\x97\xAB\x78\x44\xE7" - "\xC6\x72\x20\xC5\x90\x9B\xDC\x5D" - "\xB0\xEF\x44\xEF\x87\x31\x8D\xF4" - "\xFB\x81\x5D\xF7\x96\x96\xD4\x50" - "\x89\xA7\xF6\xB9\x67\x76\x40\x9E" - "\x9D\x40\xD5\x2C\x30\xB8\x01\x8F" - "\xE4\x7B\x71\x48\xA9\xA0\xA0\x1D" - "\x87\x52\xA4\x91\xA9\xD7\xA9\x51" - "\xD9\x59\xF7\xCC\x63\x22\xC1\x8D" - "\x84\x7B\xD8\x22\x32\x5C\x6F\x1D" - "\x6E\x9F\xFA\xDD\x49\x40\xDC\x37" - "\x14\x8C\xE1\x80\x1B\xDD\x36\x2A" - "\xD0\xE9\x54\x99\x5D\xBA\x3B\x11" - "\xD8\xFE\xC9\x5B\x5C\x25\xE5\x76" - "\xFB\xF2\x3F", - .rlen = 499, - .also_non_np = 1, - .np = 2, - .tap = { 499 - 16, 16 }, - }, -}; - -static const struct cipher_testvec aes_ctr_dec_tv_template[] = { - { /* From NIST Special Publication 800-38A, Appendix F.5 */ - .key = "\x2b\x7e\x15\x16\x28\xae\xd2\xa6" - "\xab\xf7\x15\x88\x09\xcf\x4f\x3c", - .klen = 16, - .iv = "\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7" - "\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff", - .input = "\x87\x4d\x61\x91\xb6\x20\xe3\x26" - "\x1b\xef\x68\x64\x99\x0d\xb6\xce" - "\x98\x06\xf6\x6b\x79\x70\xfd\xff" - "\x86\x17\x18\x7b\xb9\xff\xfd\xff" - "\x5a\xe4\xdf\x3e\xdb\xd5\xd3\x5e" - "\x5b\x4f\x09\x02\x0d\xb0\x3e\xab" - "\x1e\x03\x1d\xda\x2f\xbe\x03\xd1" - "\x79\x21\x70\xa0\xf3\x00\x9c\xee", - .ilen = 64, - .result = "\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96" - "\xe9\x3d\x7e\x11\x73\x93\x17\x2a" - "\xae\x2d\x8a\x57\x1e\x03\xac\x9c" - "\x9e\xb7\x6f\xac\x45\xaf\x8e\x51" - "\x30\xc8\x1c\x46\xa3\x5c\xe4\x11" - "\xe5\xfb\xc1\x19\x1a\x0a\x52\xef" - "\xf6\x9f\x24\x45\xdf\x4f\x9b\x17" - "\xad\x2b\x41\x7b\xe6\x6c\x37\x10", - .rlen = 64, - }, { - .key = "\x8e\x73\xb0\xf7\xda\x0e\x64\x52" - "\xc8\x10\xf3\x2b\x80\x90\x79\xe5" - "\x62\xf8\xea\xd2\x52\x2c\x6b\x7b", - .klen = 24, - .iv = "\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7" - "\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff", - .input = "\x1a\xbc\x93\x24\x17\x52\x1c\xa2" - "\x4f\x2b\x04\x59\xfe\x7e\x6e\x0b" - "\x09\x03\x39\xec\x0a\xa6\xfa\xef" - "\xd5\xcc\xc2\xc6\xf4\xce\x8e\x94" - "\x1e\x36\xb2\x6b\xd1\xeb\xc6\x70" - "\xd1\xbd\x1d\x66\x56\x20\xab\xf7" - "\x4f\x78\xa7\xf6\xd2\x98\x09\x58" - "\x5a\x97\xda\xec\x58\xc6\xb0\x50", - .ilen = 64, - .result = "\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96" - "\xe9\x3d\x7e\x11\x73\x93\x17\x2a" - "\xae\x2d\x8a\x57\x1e\x03\xac\x9c" - "\x9e\xb7\x6f\xac\x45\xaf\x8e\x51" - "\x30\xc8\x1c\x46\xa3\x5c\xe4\x11" - "\xe5\xfb\xc1\x19\x1a\x0a\x52\xef" - "\xf6\x9f\x24\x45\xdf\x4f\x9b\x17" - "\xad\x2b\x41\x7b\xe6\x6c\x37\x10", - .rlen = 64, - }, { - .key = "\x60\x3d\xeb\x10\x15\xca\x71\xbe" - "\x2b\x73\xae\xf0\x85\x7d\x77\x81" - "\x1f\x35\x2c\x07\x3b\x61\x08\xd7" - "\x2d\x98\x10\xa3\x09\x14\xdf\xf4", - .klen = 32, - .iv = "\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7" - "\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff", - .input = "\x60\x1e\xc3\x13\x77\x57\x89\xa5" - "\xb7\xa7\xf5\x04\xbb\xf3\xd2\x28" - "\xf4\x43\xe3\xca\x4d\x62\xb5\x9a" - "\xca\x84\xe9\x90\xca\xca\xf5\xc5" - "\x2b\x09\x30\xda\xa2\x3d\xe9\x4c" - "\xe8\x70\x17\xba\x2d\x84\x98\x8d" - "\xdf\xc9\xc5\x8d\xb6\x7a\xad\xa6" - "\x13\xc2\xdd\x08\x45\x79\x41\xa6", - .ilen = 64, - .result = "\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96" - "\xe9\x3d\x7e\x11\x73\x93\x17\x2a" - "\xae\x2d\x8a\x57\x1e\x03\xac\x9c" - "\x9e\xb7\x6f\xac\x45\xaf\x8e\x51" - "\x30\xc8\x1c\x46\xa3\x5c\xe4\x11" - "\xe5\xfb\xc1\x19\x1a\x0a\x52\xef" - "\xf6\x9f\x24\x45\xdf\x4f\x9b\x17" - "\xad\x2b\x41\x7b\xe6\x6c\x37\x10", - .rlen = 64, - }, { /* Generated with Crypto++ */ - .key = "\xC9\x83\xA6\xC9\xEC\x0F\x32\x55" - "\x0F\x32\x55\x78\x9B\xBE\x78\x9B" - "\xBE\xE1\x04\x27\xE1\x04\x27\x4A" - "\x6D\x90\x4A\x6D\x90\xB3\xD6\xF9", - .klen = 32, - .iv = "\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF" - "\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFD", - .input = "\x04\xF3\xD3\x88\x17\xEF\xDC\xEF" - "\x8B\x04\xF8\x3A\x66\x8D\x1A\x53" - "\x57\x1F\x4B\x23\xE4\xA0\xAF\xF9" - "\x69\x95\x35\x98\x8D\x4D\x8C\xC1" - "\xF0\xB2\x7F\x80\xBB\x54\x28\xA2" - "\x7A\x1B\x9F\x77\xEC\x0E\x6E\xDE" - "\xF0\xEC\xB8\xE4\x20\x62\xEE\xDB" - "\x5D\xF5\xDD\xE3\x54\xFC\xDD\xEB" - "\x6A\xEE\x65\xA1\x21\xD6\xD7\x81" - "\x47\x61\x12\x4D\xC2\x8C\xFA\x78" - "\x1F\x28\x02\x01\xC3\xFC\x1F\xEC" - "\x0F\x10\x4F\xB3\x12\x45\xC6\x3B" - "\x7E\x08\xF9\x5A\xD0\x5D\x73\x2D" - "\x58\xA4\xE5\xCB\x1C\xB4\xCE\x74" - "\x32\x41\x1F\x31\x9C\x08\xA2\x5D" - "\x67\xEB\x72\x1D\xF8\xE7\x70\x54" - "\x34\x4B\x31\x69\x84\x66\x96\x44" - "\x56\xCC\x1E\xD9\xE6\x13\x6A\xB9" - "\x2D\x0A\x05\x45\x2D\x90\xCC\xDF" - "\x16\x5C\x5F\x79\x34\x52\x54\xFE" - "\xFE\xCD\xAD\x04\x2E\xAD\x86\x06" - "\x1F\x37\xE8\x28\xBC\xD3\x8F\x5B" - "\x92\x66\x87\x3B\x8A\x0A\x1A\xCC" - "\x6E\xAB\x9F\x0B\xFA\x5C\xE6\xFD" - "\x3C\x98\x08\x12\xEC\xAA\x9E\x11" - "\xCA\xB2\x1F\xCE\x5E\x5B\xB2\x72" - "\x9C\xCC\x5D\xC5\xE0\x32\xC0\x56" - "\xD5\x45\x16\xD2\xAF\x13\x66\xF7" - "\x8C\x67\xAC\x79\xB2\xAF\x56\x27" - "\x3F\xCC\xFE\xCB\x1E\xC0\x75\xF1" - "\xA7\xC9\xC3\x1D\x8E\xDD\xF9\xD4" - "\x42\xC8\x21\x08\x16\xF7\x01\xD7" - "\xAC\x8E\x3F\x1D\x56\xC1\x06\xE4" - "\x9C\x62\xD6\xA5\x6A\x50\x44\xB3" - "\x35\x1C\x82\xB9\x10\xF9\x42\xA1" - "\xFC\x74\x9B\x44\x4F\x25\x02\xE3" - "\x08\xF5\xD4\x32\x39\x08\x11\xE8" - "\xD2\x6B\x50\x53\xD4\x08\xD1\x6B" - "\x3A\x4A\x68\x7B\x7C\xCD\x46\x5E" - "\x0D\x07\x19\xDB\x67\xD7\x98\x91" - "\xD7\x17\x10\x9B\x7B\x8A\x9B\x33" - "\xAE\xF3\x00\xA6\xD4\x15\xD9\xEA" - "\x85\x99\x22\xE8\x91\x38\x70\x83" - "\x93\x01\x24\x6C\xFA\x9A\xB9\x07" - "\xEA\x8D\x3B\xD9\x2A\x43\x59\x16" - "\x2F\x69\xEE\x84\x36\x44\x76\x98" - "\xF3\x04\x2A\x7C\x74\x3D\x29\x2B" - "\x0D\xAD\x8F\x44\x82\x9E\x57\x8D" - "\xAC\xED\x18\x1F\x50\xA4\xF5\x98" - "\x1F\xBD\x92\x91\x1B\x2D\xA6\xD6" - "\xD2\xE3\x02\xAA\x92\x3B\xC6\xB3" - "\x1B\x39\x72\xD5\x26\xCA\x04\xE0" - "\xFC\x58\x78\xBB\xB1\x3F\xA1\x9C" - "\x42\x24\x3E\x2E\x22\xBB\x4B\xBA" - "\xF4\x52\x0A\xE6\xAE\x47\xB4\x7D" - "\x1D\xA8\xBE\x81\x1A\x75\xDA\xAC" - "\xA6\x25\x1E\xEF\x3A\xC0\x6C\x63" - "\xEF\xDC\xC9\x79\x10\x26\xE8\x61" - "\x29\xFC\xA4\x05\xDF\x7D\x5C\x63" - "\x10\x09\x9B\x46\x9B\xF2\x2C\x2B" - "\xFA\x3A\x05\x4C\xFA\xD1\xFF\xFE" - "\xF1\x4C\xE5\xB2\x91\x64\x0C\x51", - .ilen = 496, - .result = "\x50\xB9\x22\xAE\x17\x80\x0C\x75" - "\xDE\x47\xD3\x3C\xA5\x0E\x9A\x03" - "\x6C\xF8\x61\xCA\x33\xBF\x28\x91" - "\x1D\x86\xEF\x58\xE4\x4D\xB6\x1F" - "\xAB\x14\x7D\x09\x72\xDB\x44\xD0" - "\x39\xA2\x0B\x97\x00\x69\xF5\x5E" - "\xC7\x30\xBC\x25\x8E\x1A\x83\xEC" - "\x55\xE1\x4A\xB3\x1C\xA8\x11\x7A" - "\x06\x6F\xD8\x41\xCD\x36\x9F\x08" - "\x94\xFD\x66\xF2\x5B\xC4\x2D\xB9" - "\x22\x8B\x17\x80\xE9\x52\xDE\x47" - "\xB0\x19\xA5\x0E\x77\x03\x6C\xD5" - "\x3E\xCA\x33\x9C\x05\x91\xFA\x63" - "\xEF\x58\xC1\x2A\xB6\x1F\x88\x14" - "\x7D\xE6\x4F\xDB\x44\xAD\x16\xA2" - "\x0B\x74\x00\x69\xD2\x3B\xC7\x30" - "\x99\x02\x8E\xF7\x60\xEC\x55\xBE" - "\x27\xB3\x1C\x85\x11\x7A\xE3\x4C" - "\xD8\x41\xAA\x13\x9F\x08\x71\xFD" - "\x66\xCF\x38\xC4\x2D\x96\x22\x8B" - "\xF4\x5D\xE9\x52\xBB\x24\xB0\x19" - "\x82\x0E\x77\xE0\x49\xD5\x3E\xA7" - "\x10\x9C\x05\x6E\xFA\x63\xCC\x35" - "\xC1\x2A\x93\x1F\x88\xF1\x5A\xE6" - "\x4F\xB8\x21\xAD\x16\x7F\x0B\x74" - "\xDD\x46\xD2\x3B\xA4\x0D\x99\x02" - "\x6B\xF7\x60\xC9\x32\xBE\x27\x90" - "\x1C\x85\xEE\x57\xE3\x4C\xB5\x1E" - "\xAA\x13\x7C\x08\x71\xDA\x43\xCF" - "\x38\xA1\x0A\x96\xFF\x68\xF4\x5D" - "\xC6\x2F\xBB\x24\x8D\x19\x82\xEB" - "\x54\xE0\x49\xB2\x1B\xA7\x10\x79" - "\x05\x6E\xD7\x40\xCC\x35\x9E\x07" - "\x93\xFC\x65\xF1\x5A\xC3\x2C\xB8" - "\x21\x8A\x16\x7F\xE8\x51\xDD\x46" - "\xAF\x18\xA4\x0D\x76\x02\x6B\xD4" - "\x3D\xC9\x32\x9B\x04\x90\xF9\x62" - "\xEE\x57\xC0\x29\xB5\x1E\x87\x13" - "\x7C\xE5\x4E\xDA\x43\xAC\x15\xA1" - "\x0A\x73\xFF\x68\xD1\x3A\xC6\x2F" - "\x98\x01\x8D\xF6\x5F\xEB\x54\xBD" - "\x26\xB2\x1B\x84\x10\x79\xE2\x4B" - "\xD7\x40\xA9\x12\x9E\x07\x70\xFC" - "\x65\xCE\x37\xC3\x2C\x95\x21\x8A" - "\xF3\x5C\xE8\x51\xBA\x23\xAF\x18" - "\x81\x0D\x76\xDF\x48\xD4\x3D\xA6" - "\x0F\x9B\x04\x6D\xF9\x62\xCB\x34" - "\xC0\x29\x92\x1E\x87\xF0\x59\xE5" - "\x4E\xB7\x20\xAC\x15\x7E\x0A\x73" - "\xDC\x45\xD1\x3A\xA3\x0C\x98\x01" - "\x6A\xF6\x5F\xC8\x31\xBD\x26\x8F" - "\x1B\x84\xED\x56\xE2\x4B\xB4\x1D" - "\xA9\x12\x7B\x07\x70\xD9\x42\xCE" - "\x37\xA0\x09\x95\xFE\x67\xF3\x5C" - "\xC5\x2E\xBA\x23\x8C\x18\x81\xEA" - "\x53\xDF\x48\xB1\x1A\xA6\x0F\x78" - "\x04\x6D\xD6\x3F\xCB\x34\x9D\x06" - "\x92\xFB\x64\xF0\x59\xC2\x2B\xB7" - "\x20\x89\x15\x7E\xE7\x50\xDC\x45" - "\xAE\x17\xA3\x0C\x75\x01\x6A\xD3" - "\x3C\xC8\x31\x9A\x03\x8F\xF8\x61" - "\xED\x56\xBF\x28\xB4\x1D\x86\x12", - .rlen = 496, - .also_non_np = 1, - .np = 3, - .tap = { 496 - 20, 4, 16 }, - }, { /* Generated with Crypto++ */ - .key = "\xC9\x83\xA6\xC9\xEC\x0F\x32\x55" - "\x0F\x32\x55\x78\x9B\xBE\x78\x9B" - "\xBE\xE1\x04\x27\xE1\x04\x27\x4A" - "\x6D\x90\x4A\x6D\x90\xB3\xD6\xF9", - .klen = 32, - .iv = "\xE7\x82\x1D\xB8\x53\x11\xAC\x47" - "\xE2\x7D\x18\xD6\x71\x0C\xA7\x42", - .input = "\xDA\x4E\x3F\xBC\xE8\xB6\x3A\xA2" + .ctext = "\xDA\x4E\x3F\xBC\xE8\xB6\x3A\xA2" "\xD5\x4D\x84\x4A\xA9\x0C\xE1\xA5" "\xB8\x73\xBC\xF9\xBB\x59\x2F\x44" "\x8B\xAB\x82\x6C\xB4\x32\x9A\xDE" @@ -22058,105 +14653,39 @@ static const struct cipher_testvec aes_ctr_dec_tv_template[] = { "\xD0\xE9\x54\x99\x5D\xBA\x3B\x11" "\xD8\xFE\xC9\x5B\x5C\x25\xE5\x76" "\xFB\xF2\x3F", - .ilen = 499, - .result = "\x50\xB9\x22\xAE\x17\x80\x0C\x75" - "\xDE\x47\xD3\x3C\xA5\x0E\x9A\x03" - "\x6C\xF8\x61\xCA\x33\xBF\x28\x91" - "\x1D\x86\xEF\x58\xE4\x4D\xB6\x1F" - "\xAB\x14\x7D\x09\x72\xDB\x44\xD0" - "\x39\xA2\x0B\x97\x00\x69\xF5\x5E" - "\xC7\x30\xBC\x25\x8E\x1A\x83\xEC" - "\x55\xE1\x4A\xB3\x1C\xA8\x11\x7A" - "\x06\x6F\xD8\x41\xCD\x36\x9F\x08" - "\x94\xFD\x66\xF2\x5B\xC4\x2D\xB9" - "\x22\x8B\x17\x80\xE9\x52\xDE\x47" - "\xB0\x19\xA5\x0E\x77\x03\x6C\xD5" - "\x3E\xCA\x33\x9C\x05\x91\xFA\x63" - "\xEF\x58\xC1\x2A\xB6\x1F\x88\x14" - "\x7D\xE6\x4F\xDB\x44\xAD\x16\xA2" - "\x0B\x74\x00\x69\xD2\x3B\xC7\x30" - "\x99\x02\x8E\xF7\x60\xEC\x55\xBE" - "\x27\xB3\x1C\x85\x11\x7A\xE3\x4C" - "\xD8\x41\xAA\x13\x9F\x08\x71\xFD" - "\x66\xCF\x38\xC4\x2D\x96\x22\x8B" - "\xF4\x5D\xE9\x52\xBB\x24\xB0\x19" - "\x82\x0E\x77\xE0\x49\xD5\x3E\xA7" - "\x10\x9C\x05\x6E\xFA\x63\xCC\x35" - "\xC1\x2A\x93\x1F\x88\xF1\x5A\xE6" - "\x4F\xB8\x21\xAD\x16\x7F\x0B\x74" - "\xDD\x46\xD2\x3B\xA4\x0D\x99\x02" - "\x6B\xF7\x60\xC9\x32\xBE\x27\x90" - "\x1C\x85\xEE\x57\xE3\x4C\xB5\x1E" - "\xAA\x13\x7C\x08\x71\xDA\x43\xCF" - "\x38\xA1\x0A\x96\xFF\x68\xF4\x5D" - "\xC6\x2F\xBB\x24\x8D\x19\x82\xEB" - "\x54\xE0\x49\xB2\x1B\xA7\x10\x79" - "\x05\x6E\xD7\x40\xCC\x35\x9E\x07" - "\x93\xFC\x65\xF1\x5A\xC3\x2C\xB8" - "\x21\x8A\x16\x7F\xE8\x51\xDD\x46" - "\xAF\x18\xA4\x0D\x76\x02\x6B\xD4" - "\x3D\xC9\x32\x9B\x04\x90\xF9\x62" - "\xEE\x57\xC0\x29\xB5\x1E\x87\x13" - "\x7C\xE5\x4E\xDA\x43\xAC\x15\xA1" - "\x0A\x73\xFF\x68\xD1\x3A\xC6\x2F" - "\x98\x01\x8D\xF6\x5F\xEB\x54\xBD" - "\x26\xB2\x1B\x84\x10\x79\xE2\x4B" - "\xD7\x40\xA9\x12\x9E\x07\x70\xFC" - "\x65\xCE\x37\xC3\x2C\x95\x21\x8A" - "\xF3\x5C\xE8\x51\xBA\x23\xAF\x18" - "\x81\x0D\x76\xDF\x48\xD4\x3D\xA6" - "\x0F\x9B\x04\x6D\xF9\x62\xCB\x34" - "\xC0\x29\x92\x1E\x87\xF0\x59\xE5" - "\x4E\xB7\x20\xAC\x15\x7E\x0A\x73" - "\xDC\x45\xD1\x3A\xA3\x0C\x98\x01" - "\x6A\xF6\x5F\xC8\x31\xBD\x26\x8F" - "\x1B\x84\xED\x56\xE2\x4B\xB4\x1D" - "\xA9\x12\x7B\x07\x70\xD9\x42\xCE" - "\x37\xA0\x09\x95\xFE\x67\xF3\x5C" - "\xC5\x2E\xBA\x23\x8C\x18\x81\xEA" - "\x53\xDF\x48\xB1\x1A\xA6\x0F\x78" - "\x04\x6D\xD6\x3F\xCB\x34\x9D\x06" - "\x92\xFB\x64\xF0\x59\xC2\x2B\xB7" - "\x20\x89\x15\x7E\xE7\x50\xDC\x45" - "\xAE\x17\xA3\x0C\x75\x01\x6A\xD3" - "\x3C\xC8\x31\x9A\x03\x8F\xF8\x61" - "\xED\x56\xBF\x28\xB4\x1D\x86\x12" - "\x7B\xE4\x4D", - .rlen = 499, + .len = 499, .also_non_np = 1, .np = 2, .tap = { 499 - 16, 16 }, }, }; -static const struct cipher_testvec aes_ctr_rfc3686_enc_tv_template[] = { +static const struct cipher_testvec aes_ctr_rfc3686_tv_template[] = { { /* From RFC 3686 */ .key = "\xae\x68\x52\xf8\x12\x10\x67\xcc" "\x4b\xf7\xa5\x76\x55\x77\xf3\x9e" "\x00\x00\x00\x30", .klen = 20, .iv = "\x00\x00\x00\x00\x00\x00\x00\x00", - .input = "Single block msg", - .ilen = 16, - .result = "\xe4\x09\x5d\x4f\xb7\xa7\xb3\x79" + .ptext = "Single block msg", + .ctext = "\xe4\x09\x5d\x4f\xb7\xa7\xb3\x79" "\x2d\x61\x75\xa3\x26\x13\x11\xb8", - .rlen = 16, + .len = 16, }, { .key = "\x7e\x24\x06\x78\x17\xfa\xe0\xd7" "\x43\xd6\xce\x1f\x32\x53\x91\x63" "\x00\x6c\xb6\xdb", .klen = 20, .iv = "\xc0\x54\x3b\x59\xda\x48\xd9\x0b", - .input = "\x00\x01\x02\x03\x04\x05\x06\x07" + .ptext = "\x00\x01\x02\x03\x04\x05\x06\x07" "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f" "\x10\x11\x12\x13\x14\x15\x16\x17" "\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f", - .ilen = 32, - .result = "\x51\x04\xa1\x06\x16\x8a\x72\xd9" + .ctext = "\x51\x04\xa1\x06\x16\x8a\x72\xd9" "\x79\x0d\x41\xee\x8e\xda\xd3\x88" "\xeb\x2e\x1e\xfc\x46\xda\x57\xc8" "\xfc\xe6\x30\xdf\x91\x41\xbe\x28", - .rlen = 32, + .len = 32, }, { .key = "\x16\xaf\x5b\x14\x5f\xc9\xf5\x79" "\xc1\x75\xf9\x3e\x3b\xfb\x0e\xed" @@ -22164,11 +14693,10 @@ static const struct cipher_testvec aes_ctr_rfc3686_enc_tv_template[] = { "\x00\x00\x00\x48", .klen = 28, .iv = "\x36\x73\x3c\x14\x7d\x6d\x93\xcb", - .input = "Single block msg", - .ilen = 16, - .result = "\x4b\x55\x38\x4f\xe2\x59\xc9\xc8" + .ptext = "Single block msg", + .ctext = "\x4b\x55\x38\x4f\xe2\x59\xc9\xc8" "\x4e\x79\x35\xa0\x03\xcb\xe9\x28", - .rlen = 16, + .len = 16, }, { .key = "\x7c\x5c\xb2\x40\x1b\x3d\xc3\x3c" "\x19\xe7\x34\x08\x19\xe0\xf6\x9c" @@ -22176,16 +14704,15 @@ static const struct cipher_testvec aes_ctr_rfc3686_enc_tv_template[] = { "\x00\x96\xb0\x3b", .klen = 28, .iv = "\x02\x0c\x6e\xad\xc2\xcb\x50\x0d", - .input = "\x00\x01\x02\x03\x04\x05\x06\x07" + .ptext = "\x00\x01\x02\x03\x04\x05\x06\x07" "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f" "\x10\x11\x12\x13\x14\x15\x16\x17" "\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f", - .ilen = 32, - .result = "\x45\x32\x43\xfc\x60\x9b\x23\x32" + .ctext = "\x45\x32\x43\xfc\x60\x9b\x23\x32" "\x7e\xdf\xaa\xfa\x71\x31\xcd\x9f" "\x84\x90\x70\x1c\x5a\xd4\xa7\x9c" "\xfc\x1f\xe0\xff\x42\xf4\xfb\x00", - .rlen = 32, + .len = 32, }, { .key = "\x77\x6b\xef\xf2\x85\x1d\xb0\x6f" "\x4c\x8a\x05\x42\xc8\x69\x6f\x6c" @@ -22194,11 +14721,10 @@ static const struct cipher_testvec aes_ctr_rfc3686_enc_tv_template[] = { "\x00\x00\x00\x60", .klen = 36, .iv = "\xdb\x56\x72\xc9\x7a\xa8\xf0\xb2", - .input = "Single block msg", - .ilen = 16, - .result = "\x14\x5a\xd0\x1d\xbf\x82\x4e\xc7" + .ptext = "Single block msg", + .ctext = "\x14\x5a\xd0\x1d\xbf\x82\x4e\xc7" "\x56\x08\x63\xdc\x71\xe3\xe0\xc0", - .rlen = 16, + .len = 16, }, { .key = "\xf6\xd6\x6d\x6b\xd5\x2d\x59\xbb" "\x07\x96\x36\x58\x79\xef\xf8\x86" @@ -22207,16 +14733,15 @@ static const struct cipher_testvec aes_ctr_rfc3686_enc_tv_template[] = { "\x00\xfa\xac\x24", .klen = 36, .iv = "\xc1\x58\x5e\xf1\x5a\x43\xd8\x75", - .input = "\x00\x01\x02\x03\x04\x05\x06\x07" + .ptext = "\x00\x01\x02\x03\x04\x05\x06\x07" "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f" "\x10\x11\x12\x13\x14\x15\x16\x17" "\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f", - .ilen = 32, - .result = "\xf0\x5e\x23\x1b\x38\x94\x61\x2c" + .ctext = "\xf0\x5e\x23\x1b\x38\x94\x61\x2c" "\x49\xee\x00\x0b\x80\x4e\xb2\xa9" "\xb8\x30\x6b\x50\x8f\x83\x9d\x6a" "\x55\x30\x83\x1d\x93\x44\xaf\x1c", - .rlen = 32, + .len = 32, }, { // generated using Crypto++ .key = "\x00\x01\x02\x03\x04\x05\x06\x07" @@ -22226,7 +14751,7 @@ static const struct cipher_testvec aes_ctr_rfc3686_enc_tv_template[] = { "\x00\x00\x00\x00", .klen = 32 + 4, .iv = "\x00\x00\x00\x00\x00\x00\x00\x00", - .input = + .ptext = "\x00\x01\x02\x03\x04\x05\x06\x07" "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f" "\x10\x11\x12\x13\x14\x15\x16\x17" @@ -22740,8 +15265,7 @@ static const struct cipher_testvec aes_ctr_rfc3686_enc_tv_template[] = { "\x10\x2f\x4e\x6d\x8c\xab\xca\xe9" "\x08\x27\x46\x65\x84\xa3\xc2\xe1" "\x00\x21\x42\x63", - .ilen = 4100, - .result = + .ctext = "\xf0\x5c\x74\xad\x4e\xbc\x99\xe2" "\xae\xff\x91\x3a\x44\xcf\x38\x32" "\x1e\xad\xa7\xcd\xa1\x39\x95\xaa" @@ -23255,104 +15779,13 @@ static const struct cipher_testvec aes_ctr_rfc3686_enc_tv_template[] = { "\x41\x01\x18\x5d\x5d\x07\x97\xa6" "\x4b\xef\x31\x18\xea\xac\xb1\x84" "\x21\xed\xda\x86", - .rlen = 4100, + .len = 4100, .np = 2, .tap = { 4064, 36 }, }, }; -static const struct cipher_testvec aes_ctr_rfc3686_dec_tv_template[] = { - { /* From RFC 3686 */ - .key = "\xae\x68\x52\xf8\x12\x10\x67\xcc" - "\x4b\xf7\xa5\x76\x55\x77\xf3\x9e" - "\x00\x00\x00\x30", - .klen = 20, - .iv = "\x00\x00\x00\x00\x00\x00\x00\x00", - .input = "\xe4\x09\x5d\x4f\xb7\xa7\xb3\x79" - "\x2d\x61\x75\xa3\x26\x13\x11\xb8", - .ilen = 16, - .result = "Single block msg", - .rlen = 16, - }, { - .key = "\x7e\x24\x06\x78\x17\xfa\xe0\xd7" - "\x43\xd6\xce\x1f\x32\x53\x91\x63" - "\x00\x6c\xb6\xdb", - .klen = 20, - .iv = "\xc0\x54\x3b\x59\xda\x48\xd9\x0b", - .input = "\x51\x04\xa1\x06\x16\x8a\x72\xd9" - "\x79\x0d\x41\xee\x8e\xda\xd3\x88" - "\xeb\x2e\x1e\xfc\x46\xda\x57\xc8" - "\xfc\xe6\x30\xdf\x91\x41\xbe\x28", - .ilen = 32, - .result = "\x00\x01\x02\x03\x04\x05\x06\x07" - "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f" - "\x10\x11\x12\x13\x14\x15\x16\x17" - "\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f", - .rlen = 32, - }, { - .key = "\x16\xaf\x5b\x14\x5f\xc9\xf5\x79" - "\xc1\x75\xf9\x3e\x3b\xfb\x0e\xed" - "\x86\x3d\x06\xcc\xfd\xb7\x85\x15" - "\x00\x00\x00\x48", - .klen = 28, - .iv = "\x36\x73\x3c\x14\x7d\x6d\x93\xcb", - .input = "\x4b\x55\x38\x4f\xe2\x59\xc9\xc8" - "\x4e\x79\x35\xa0\x03\xcb\xe9\x28", - .ilen = 16, - .result = "Single block msg", - .rlen = 16, - }, { - .key = "\x7c\x5c\xb2\x40\x1b\x3d\xc3\x3c" - "\x19\xe7\x34\x08\x19\xe0\xf6\x9c" - "\x67\x8c\x3d\xb8\xe6\xf6\xa9\x1a" - "\x00\x96\xb0\x3b", - .klen = 28, - .iv = "\x02\x0c\x6e\xad\xc2\xcb\x50\x0d", - .input = "\x45\x32\x43\xfc\x60\x9b\x23\x32" - "\x7e\xdf\xaa\xfa\x71\x31\xcd\x9f" - "\x84\x90\x70\x1c\x5a\xd4\xa7\x9c" - "\xfc\x1f\xe0\xff\x42\xf4\xfb\x00", - .ilen = 32, - .result = "\x00\x01\x02\x03\x04\x05\x06\x07" - "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f" - "\x10\x11\x12\x13\x14\x15\x16\x17" - "\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f", - .rlen = 32, - }, { - .key = "\x77\x6b\xef\xf2\x85\x1d\xb0\x6f" - "\x4c\x8a\x05\x42\xc8\x69\x6f\x6c" - "\x6a\x81\xaf\x1e\xec\x96\xb4\xd3" - "\x7f\xc1\xd6\x89\xe6\xc1\xc1\x04" - "\x00\x00\x00\x60", - .klen = 36, - .iv = "\xdb\x56\x72\xc9\x7a\xa8\xf0\xb2", - .input = "\x14\x5a\xd0\x1d\xbf\x82\x4e\xc7" - "\x56\x08\x63\xdc\x71\xe3\xe0\xc0", - .ilen = 16, - .result = "Single block msg", - .rlen = 16, - }, { - .key = "\xf6\xd6\x6d\x6b\xd5\x2d\x59\xbb" - "\x07\x96\x36\x58\x79\xef\xf8\x86" - "\xc6\x6d\xd5\x1a\x5b\x6a\x99\x74" - "\x4b\x50\x59\x0c\x87\xa2\x38\x84" - "\x00\xfa\xac\x24", - .klen = 36, - .iv = "\xc1\x58\x5e\xf1\x5a\x43\xd8\x75", - .input = "\xf0\x5e\x23\x1b\x38\x94\x61\x2c" - "\x49\xee\x00\x0b\x80\x4e\xb2\xa9" - "\xb8\x30\x6b\x50\x8f\x83\x9d\x6a" - "\x55\x30\x83\x1d\x93\x44\xaf\x1c", - .ilen = 32, - .result = "\x00\x01\x02\x03\x04\x05\x06\x07" - "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f" - "\x10\x11\x12\x13\x14\x15\x16\x17" - "\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f", - .rlen = 32, - }, -}; - -static const struct cipher_testvec aes_ofb_enc_tv_template[] = { +static const struct cipher_testvec aes_ofb_tv_template[] = { /* From NIST Special Publication 800-38A, Appendix F.5 */ { .key = "\x2b\x7e\x15\x16\x28\xae\xd2\xa6" @@ -23360,7 +15793,7 @@ static const struct cipher_testvec aes_ofb_enc_tv_template[] = { .klen = 16, .iv = "\x00\x01\x02\x03\x04\x05\x06\x07\x08" "\x09\x0a\x0b\x0c\x0d\x0e\x0f", - .input = "\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96" + .ptext = "\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96" "\xe9\x3d\x7e\x11\x73\x93\x17\x2a" "\xae\x2d\x8a\x57\x1e\x03\xac\x9c" "\x9e\xb7\x6f\xac\x45\xaf\x8e\x51" @@ -23368,8 +15801,7 @@ static const struct cipher_testvec aes_ofb_enc_tv_template[] = { "\xe5\xfb\xc1\x19\x1a\x0a\x52\xef" "\xf6\x9f\x24\x45\xdf\x4f\x9b\x17" "\xad\x2b\x41\x7b\xe6\x6c\x37\x10", - .ilen = 64, - .result = "\x3b\x3f\xd9\x2e\xb7\x2d\xad\x20" + .ctext = "\x3b\x3f\xd9\x2e\xb7\x2d\xad\x20" "\x33\x34\x49\xf8\xe8\x3c\xfb\x4a" "\x77\x89\x50\x8d\x16\x91\x8f\x03\xf5" "\x3c\x52\xda\xc5\x4e\xd8\x25" @@ -23377,36 +15809,7 @@ static const struct cipher_testvec aes_ofb_enc_tv_template[] = { "\x44\xf7\xa8\x22\x60\xed\xcc" "\x30\x4c\x65\x28\xf6\x59\xc7\x78" "\x66\xa5\x10\xd9\xc1\xd6\xae\x5e", - .rlen = 64, - } -}; - -static const struct cipher_testvec aes_ofb_dec_tv_template[] = { - /* From NIST Special Publication 800-38A, Appendix F.5 */ - { - .key = "\x2b\x7e\x15\x16\x28\xae\xd2\xa6" - "\xab\xf7\x15\x88\x09\xcf\x4f\x3c", - .klen = 16, - .iv = "\x00\x01\x02\x03\x04\x05\x06\x07\x08" - "\x09\x0a\x0b\x0c\x0d\x0e\x0f", - .input = "\x3b\x3f\xd9\x2e\xb7\x2d\xad\x20" - "\x33\x34\x49\xf8\xe8\x3c\xfb\x4a" - "\x77\x89\x50\x8d\x16\x91\x8f\x03\xf5" - "\x3c\x52\xda\xc5\x4e\xd8\x25" - "\x97\x40\x05\x1e\x9c\x5f\xec\xf6\x43" - "\x44\xf7\xa8\x22\x60\xed\xcc" - "\x30\x4c\x65\x28\xf6\x59\xc7\x78" - "\x66\xa5\x10\xd9\xc1\xd6\xae\x5e", - .ilen = 64, - .result = "\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96" - "\xe9\x3d\x7e\x11\x73\x93\x17\x2a" - "\xae\x2d\x8a\x57\x1e\x03\xac\x9c" - "\x9e\xb7\x6f\xac\x45\xaf\x8e\x51" - "\x30\xc8\x1c\x46\xa3\x5c\xe4\x11" - "\xe5\xfb\xc1\x19\x1a\x0a\x52\xef" - "\xf6\x9f\x24\x45\xdf\x4f\x9b\x17" - "\xad\x2b\x41\x7b\xe6\x6c\x37\x10", - .rlen = 64, + .len = 64, } }; @@ -27377,6 +19780,6241 @@ static const struct aead_testvec rfc7539esp_dec_tv_template[] = { }, }; +static const struct aead_testvec aegis128_enc_tv_template[] = { + { + .key = "\x0f\xc9\x8e\x67\x44\x9e\xaa\x86" + "\x20\x36\x2c\x24\xfe\xc9\x30\x81", + .klen = 16, + .iv = "\x1e\x92\x1c\xcf\x88\x3d\x54\x0d" + "\x40\x6d\x59\x48\xfc\x92\x61\x03", + .assoc = "", + .alen = 0, + .input = "", + .ilen = 0, + .result = "\x07\xa5\x11\xf2\x9d\x40\xb8\x6d" + "\xda\xb8\x12\x34\x4c\x53\xd9\x72", + .rlen = 16, + }, { + .key = "\x4b\xed\xc8\x07\x54\x1a\x52\xa2" + "\xa1\x10\xde\xb5\xf8\xed\xf3\x87", + .klen = 16, + .iv = "\x5a\xb7\x56\x6e\x98\xb9\xfd\x29" + "\xc1\x47\x0b\xda\xf6\xb6\x23\x09", + .assoc = "", + .alen = 0, + .input = "\x79", + .ilen = 1, + .result = "\x9e\x78\x52\xae\xcb\x9e\xe4\xd3" + "\x9a\xd7\x5d\xd7\xaa\x9a\xe9\x5a" + "\xcc", + .rlen = 17, + }, { + .key = "\x88\x12\x01\xa6\x64\x96\xfb\xbe" + "\x22\xea\x90\x47\xf2\x11\xb5\x8e", + .klen = 16, + .iv = "\x97\xdb\x90\x0e\xa8\x35\xa5\x45" + "\x42\x21\xbd\x6b\xf0\xda\xe6\x0f", + .assoc = "", + .alen = 0, + .input = "\xb5\x6e\xad\xdd\x30\x72\xfa\x53" + "\x82\x8e\x16\xb4\xed\x6d\x47", + .ilen = 15, + .result = "\xc3\x80\x83\x04\x5f\xaa\x61\xc7" + "\xca\xdd\x6f\xac\x85\x08\xb5\x35" + "\x2b\xc2\x3e\x0b\x1b\x39\x37\x2b" + "\x7a\x21\x16\xb3\xe6\x67\x66", + .rlen = 31, + }, { + .key = "\xc4\x37\x3b\x45\x74\x11\xa4\xda" + "\xa2\xc5\x42\xd8\xec\x36\x78\x94", + .klen = 16, + .iv = "\xd3\x00\xc9\xad\xb8\xb0\x4e\x61" + "\xc3\xfb\x6f\xfd\xea\xff\xa9\x15", + .assoc = "", + .alen = 0, + .input = "\xf2\x92\xe6\x7d\x40\xee\xa3\x6f" + "\x03\x68\xc8\x45\xe7\x91\x0a\x18", + .ilen = 16, + .result = "\x23\x25\x30\xe5\x6a\xb6\x36\x7d" + "\x38\xfd\x3a\xd2\xc2\x58\xa9\x11" + "\x1e\xa8\x30\x9c\x16\xa4\xdb\x65" + "\x51\x10\x16\x27\x70\x9b\x64\x29", + .rlen = 32, + }, { + .key = "\x01\x5c\x75\xe5\x84\x8d\x4d\xf6" + "\x23\x9f\xf4\x6a\xe6\x5a\x3b\x9a", + .klen = 16, + .iv = "\x10\x25\x03\x4c\xc8\x2c\xf7\x7d" + "\x44\xd5\x21\x8e\xe4\x23\x6b\x1c", + .assoc = "", + .alen = 0, + .input = "\x2e\xb7\x20\x1c\x50\x6a\x4b\x8b" + "\x84\x42\x7a\xd7\xe1\xb5\xcd\x1f" + "\xd3", + .ilen = 17, + .result = "\x2a\x8d\x56\x91\xc6\xf3\x56\xa5" + "\x1f\xf0\x89\x2e\x13\xad\xe6\xf6" + "\x46\x80\xb1\x0e\x18\x30\x40\x97" + "\x03\xdf\x64\x3c\xbe\x93\x9e\xc9" + "\x3b", + .rlen = 33, + }, { + .key = "\x3d\x80\xae\x84\x94\x09\xf6\x12" + "\xa4\x79\xa6\xfb\xe0\x7f\xfd\xa0", + .klen = 16, + .iv = "\x4c\x49\x3d\xec\xd8\xa8\xa0\x98" + "\xc5\xb0\xd3\x1f\xde\x48\x2e\x22", + .assoc = "", + .alen = 0, + .input = "\x6b\xdc\x5a\xbb\x60\xe5\xf4\xa6" + "\x05\x1d\x2c\x68\xdb\xda\x8f\x25" + "\xfe\x8d\x45\x19\x1e\xc0\x0b\x99" + "\x88\x11\x39\x12\x1c\x3a\xbb", + .ilen = 31, + .result = "\x4e\xf6\xfa\x13\xde\x43\x63\x4c" + "\xe2\x04\x3e\xe4\x85\x14\xb6\x3f" + "\xb1\x8f\x4c\xdb\x41\xa2\x14\x99" + "\xf5\x53\x0f\x73\x86\x7e\x97\xa1" + "\x4b\x56\x5b\x94\xce\xcd\x74\xcd" + "\x75\xc4\x53\x01\x89\x45\x59", + .rlen = 47, + }, { + .key = "\x7a\xa5\xe8\x23\xa4\x84\x9e\x2d" + "\x25\x53\x58\x8c\xda\xa3\xc0\xa6", + .klen = 16, + .iv = "\x89\x6e\x77\x8b\xe8\x23\x49\xb4" + "\x45\x8a\x85\xb1\xd8\x6c\xf1\x28", + .assoc = "", + .alen = 0, + .input = "\xa7\x00\x93\x5b\x70\x61\x9d\xc2" + "\x86\xf7\xde\xfa\xd5\xfe\x52\x2b" + "\x28\x50\x51\x9d\x24\x60\x8d\xb3" + "\x49\x3e\x17\xea\xf6\x99\x5a\xdd", + .ilen = 32, + .result = "\xa4\x9a\xb7\xfd\xa0\xd4\xd6\x47" + "\x95\xf4\x58\x38\x14\x83\x27\x01" + "\x4c\xed\x32\x2c\xf7\xd6\x31\xf7" + "\x38\x1b\x2c\xc9\xb6\x31\xce\xaa" + "\xa5\x3c\x1a\x18\x5c\xce\xb9\xdf" + "\x51\x52\x77\xf2\x5e\x85\x80\x41", + .rlen = 48, + }, { + .key = "\xb6\xca\x22\xc3\xb4\x00\x47\x49" + "\xa6\x2d\x0a\x1e\xd4\xc7\x83\xad", + .klen = 16, + .iv = "\xc5\x93\xb0\x2a\xf8\x9f\xf1\xd0" + "\xc6\x64\x37\x42\xd2\x90\xb3\x2e", + .assoc = "\xd5", + .alen = 1, + .input = "", + .ilen = 0, + .result = "\xfb\xd4\x83\x71\x9e\x63\xad\x60" + "\xb9\xf9\xeb\x34\x52\x49\xcf\xb7", + .rlen = 16, + }, { + .key = "\xf3\xee\x5c\x62\xc4\x7c\xf0\x65" + "\x27\x08\xbd\xaf\xce\xec\x45\xb3", + .klen = 16, + .iv = "\x02\xb8\xea\xca\x09\x1b\x9a\xec" + "\x47\x3e\xe9\xd4\xcc\xb5\x76\x34", + .assoc = "\x11\x81\x78\x32\x4d\xb9\x44\x73" + "\x68\x75\x16\xf8\xcb\x7e\xa7", + .alen = 15, + .input = "", + .ilen = 0, + .result = "\x0c\xaf\x2e\x96\xf6\x97\x08\x71" + "\x7d\x3a\x84\xc4\x44\x57\x77\x7e", + .rlen = 16, + }, { + .key = "\x2f\x13\x95\x01\xd5\xf7\x99\x81" + "\xa8\xe2\x6f\x41\xc8\x10\x08\xb9", + .klen = 16, + .iv = "\x3f\xdc\x24\x69\x19\x96\x43\x08" + "\xc8\x18\x9b\x65\xc6\xd9\x39\x3b", + .assoc = "\x4e\xa5\xb2\xd1\x5d\x35\xed\x8f" + "\xe8\x4f\xc8\x89\xc5\xa2\x69\xbc", + .alen = 16, + .input = "", + .ilen = 0, + .result = "\xc7\x87\x09\x3b\xc7\x19\x74\x22" + "\x22\xa5\x67\x10\xb2\x36\xb3\x45", + .rlen = 16, + }, { + .key = "\x6c\x38\xcf\xa1\xe5\x73\x41\x9d" + "\x29\xbc\x21\xd2\xc2\x35\xcb\xbf", + .klen = 16, + .iv = "\x7b\x01\x5d\x08\x29\x12\xec\x24" + "\x49\xf3\x4d\xf7\xc0\xfe\xfb\x41", + .assoc = "\x8a\xca\xec\x70\x6d\xb1\x96\xab" + "\x69\x29\x7a\x1b\xbf\xc7\x2c\xc2" + "\x07", + .alen = 17, + .input = "", + .ilen = 0, + .result = "\x02\xc6\x3b\x46\x65\xb2\xef\x91" + "\x31\xf0\x45\x48\x8a\x2a\xed\xe4", + .rlen = 16, + }, { + .key = "\xa8\x5c\x09\x40\xf5\xef\xea\xb8" + "\xaa\x96\xd3\x64\xbc\x59\x8d\xc6", + .klen = 16, + .iv = "\xb8\x26\x97\xa8\x39\x8e\x94\x3f" + "\xca\xcd\xff\x88\xba\x22\xbe\x47", + .assoc = "\xc7\xef\x26\x10\x7d\x2c\x3f\xc6" + "\xea\x03\x2c\xac\xb9\xeb\xef\xc9" + "\x31\x6b\x08\x12\xfc\xd8\x37\x2d" + "\xe0\x17\x3a\x2e\x83\x5c\x8f", + .alen = 31, + .input = "", + .ilen = 0, + .result = "\x20\x85\xa8\xd0\x91\x48\x85\xf3" + "\x5a\x16\xc0\x57\x68\x47\xdd\xcb", + .rlen = 16, + }, { + .key = "\xe5\x81\x42\xdf\x05\x6a\x93\xd4" + "\x2b\x70\x85\xf5\xb6\x7d\x50\xcc", + .klen = 16, + .iv = "\xf4\x4a\xd1\x47\x49\x09\x3d\x5b" + "\x4b\xa7\xb1\x19\xb4\x46\x81\x4d", + .assoc = "\x03\x14\x5f\xaf\x8d\xa8\xe7\xe2" + "\x6b\xde\xde\x3e\xb3\x10\xb1\xcf" + "\x5c\x2d\x14\x96\x01\x78\xb9\x47" + "\xa1\x44\x19\x06\x5d\xbb\x2e\x2f", + .alen = 32, + .input = "", + .ilen = 0, + .result = "\x6a\xf8\x8d\x9c\x42\x75\x35\x79" + "\xc1\x96\xbd\x31\x6e\x69\x1b\x50", + .rlen = 16, + }, { + .key = "\x22\xa6\x7c\x7f\x15\xe6\x3c\xf0" + "\xac\x4b\x37\x86\xb0\xa2\x13\xd2", + .klen = 16, + .iv = "\x31\x6f\x0b\xe6\x59\x85\xe6\x77" + "\xcc\x81\x63\xab\xae\x6b\x43\x54", + .assoc = "\x40", + .alen = 1, + .input = "\x4f", + .ilen = 1, + .result = "\x01\x24\xb1\xba\xf6\xd3\xdf\x83" + "\x70\x45\xe3\x2a\x9d\x5c\x63\x98" + "\x39", + .rlen = 17, + }, { + .key = "\x5e\xcb\xb6\x1e\x25\x62\xe4\x0c" + "\x2d\x25\xe9\x18\xaa\xc6\xd5\xd8", + .klen = 16, + .iv = "\x6d\x94\x44\x86\x69\x00\x8f\x93" + "\x4d\x5b\x15\x3c\xa8\x8f\x06\x5a", + .assoc = "\x7c\x5d\xd3\xee\xad\x9f\x39\x1a" + "\x6d\x92\x42\x61\xa7\x58\x37", + .alen = 15, + .input = "\x8b\x26\x61\x55\xf1\x3e\xe3\xa1" + "\x8d\xc8\x6e\x85\xa5\x21\x67", + .ilen = 15, + .result = "\x18\x78\xc2\x6e\xe1\xf7\xe6\x8a" + "\xca\x0e\x62\x00\xa8\x21\xb5\x21" + "\x3d\x36\xdb\xf7\xcc\x31\x94\x9c" + "\x98\xbd\x71\x7a\xef\xa4\xfa", + .rlen = 31, + }, { + .key = "\x9b\xef\xf0\xbd\x35\xdd\x8d\x28" + "\xad\xff\x9b\xa9\xa4\xeb\x98\xdf", + .klen = 16, + .iv = "\xaa\xb8\x7e\x25\x79\x7c\x37\xaf" + "\xce\x36\xc7\xce\xa2\xb4\xc9\x60", + .assoc = "\xb9\x82\x0c\x8d\xbd\x1b\xe2\x36" + "\xee\x6c\xf4\xf2\xa1\x7d\xf9\xe2", + .alen = 16, + .input = "\xc8\x4b\x9b\xf5\x01\xba\x8c\xbd" + "\x0e\xa3\x21\x16\x9f\x46\x2a\x63", + .ilen = 16, + .result = "\xea\xd1\x81\x75\xb4\x13\x1d\x86" + "\xd4\x17\x26\xe5\xd6\x89\x39\x04" + "\xa9\x6c\xca\xac\x40\x73\xb2\x4c" + "\x9c\xb9\x0e\x79\x4c\x40\x65\xc6", + .rlen = 32, + }, { + .key = "\xd7\x14\x29\x5d\x45\x59\x36\x44" + "\x2e\xd9\x4d\x3b\x9e\x0f\x5b\xe5", + .klen = 16, + .iv = "\xe6\xdd\xb8\xc4\x89\xf8\xe0\xca" + "\x4f\x10\x7a\x5f\x9c\xd8\x8b\x66", + .assoc = "\xf5\xa6\x46\x2c\xce\x97\x8a\x51" + "\x6f\x46\xa6\x83\x9b\xa1\xbc\xe8" + "\x05", + .alen = 17, + .input = "\x05\x70\xd5\x94\x12\x36\x35\xd8" + "\x8f\x7d\xd3\xa8\x99\x6a\xed\x69" + "\xd0", + .ilen = 17, + .result = "\xf4\xb2\x84\xd1\x81\xfa\x98\x1c" + "\x38\x2d\x69\x90\x1c\x71\x38\x98" + "\x9f\xe1\x19\x3b\x63\x91\xaf\x6e" + "\x4b\x07\x2c\xac\x53\xc5\xd5\xfe" + "\x93", + .rlen = 33, + }, { + .key = "\x14\x39\x63\xfc\x56\xd5\xdf\x5f" + "\xaf\xb3\xff\xcc\x98\x33\x1d\xeb", + .klen = 16, + .iv = "\x23\x02\xf1\x64\x9a\x73\x89\xe6" + "\xd0\xea\x2c\xf1\x96\xfc\x4e\x6d", + .assoc = "\x32\xcb\x80\xcc\xde\x12\x33\x6d" + "\xf0\x20\x58\x15\x95\xc6\x7f\xee" + "\x2f\xf9\x4e\x2c\x1b\x98\x43\xc7" + "\x68\x28\x73\x40\x9f\x96\x4a", + .alen = 31, + .input = "\x41\x94\x0e\x33\x22\xb1\xdd\xf4" + "\x10\x57\x85\x39\x93\x8f\xaf\x70" + "\xfa\xa9\xd0\x4d\x5c\x40\x23\xcd" + "\x98\x34\xab\x37\x56\xae\x32", + .ilen = 31, + .result = "\xa0\xe7\x0a\x60\xe7\xb8\x8a\xdb" + "\x94\xd3\x93\xf2\x41\x86\x16\xdd" + "\x4c\xe8\xe7\xe0\x62\x48\x89\x40" + "\xc0\x49\x9b\x63\x32\xec\x8b\xdb" + "\xdc\xa6\xea\x2c\xc2\x7f\xf5\x04" + "\xcb\xe5\x47\xbb\xa7\xd1\x9d", + .rlen = 47, + }, { + .key = "\x50\x5d\x9d\x9b\x66\x50\x88\x7b" + "\x30\x8e\xb1\x5e\x92\x58\xe0\xf1", + .klen = 16, + .iv = "\x5f\x27\x2b\x03\xaa\xef\x32\x02" + "\x50\xc4\xde\x82\x90\x21\x11\x73", + .assoc = "\x6e\xf0\xba\x6b\xee\x8e\xdc\x89" + "\x71\xfb\x0a\xa6\x8f\xea\x41\xf4" + "\x5a\xbb\x59\xb0\x20\x38\xc5\xe0" + "\x29\x56\x52\x19\x79\xf5\xe9\x37", + .alen = 32, + .input = "\x7e\xb9\x48\xd3\x32\x2d\x86\x10" + "\x91\x31\x37\xcb\x8d\xb3\x72\x76" + "\x24\x6b\xdc\xd1\x61\xe0\xa5\xe7" + "\x5a\x61\x8a\x0f\x30\x0d\xd1\xec", + .ilen = 32, + .result = "\x62\xdc\x2d\x68\x2d\x71\xbb\x33" + "\x13\xdf\xc0\x46\xf6\x61\x94\xa7" + "\x60\xd3\xd4\xca\xd9\xbe\x82\xf3" + "\xf1\x5b\xa0\xfa\x15\xba\xda\xea" + "\x87\x68\x47\x08\x5d\xdd\x83\xb0" + "\x60\xf4\x93\x20\xdf\x34\x8f\xea", + .rlen = 48, + }, { + .key = "\x8d\x82\xd6\x3b\x76\xcc\x30\x97" + "\xb1\x68\x63\xef\x8c\x7c\xa3\xf7", + .klen = 16, + .iv = "\x9c\x4b\x65\xa2\xba\x6b\xdb\x1e" + "\xd1\x9e\x90\x13\x8a\x45\xd3\x79", + .assoc = "\xab\x14\xf3\x0a\xfe\x0a\x85\xa5" + "\xf2\xd5\xbc\x38\x89\x0e\x04\xfb" + "\x84\x7d\x65\x34\x25\xd8\x47\xfa" + "\xeb\x83\x31\xf1\x54\x54\x89\x0d" + "\x9d", + .alen = 33, + .input = "\xba\xde\x82\x72\x42\xa9\x2f\x2c" + "\x12\x0b\xe9\x5c\x87\xd7\x35\x7c" + "\x4f\x2e\xe8\x55\x66\x80\x27\x00" + "\x1b\x8f\x68\xe7\x0a\x6c\x71\xc3" + "\x21\x78\x55\x9d\x9c\x65\x7b\xcd" + "\x0a\x34\x97\xff\x47\x37\xb0\x2a" + "\x80\x0d\x19\x98\x33\xa9\x7a\xe3" + "\x2e\x4c\xc6\xf3\x8c\x88\x42\x01" + "\xbd", + .ilen = 65, + .result = "\x84\xc5\x21\xab\xe1\xeb\xbb\x6d" + "\xaa\x2a\xaf\xeb\x3b\x3b\x69\xe7" + "\x2c\x47\xef\x9d\xb7\x53\x36\xb7" + "\xb6\xf5\xe5\xa8\xc9\x9e\x02\xd7" + "\x83\x88\xc2\xbd\x2f\xf9\x10\xc0" + "\xf5\xa1\x6e\xd3\x97\x64\x82\xa3" + "\xfb\xda\x2c\xb1\x94\xa1\x58\x32" + "\xe8\xd4\x39\xfc\x9e\x26\xf9\xf1" + "\x61\xe6\xae\x07\xf2\xe0\xa7\x44" + "\x96\x28\x3b\xee\x6b\xc6\x16\x31" + "\x3f", + .rlen = 81, + }, { + .key = "\xc9\xa7\x10\xda\x86\x48\xd9\xb3" + "\x32\x42\x15\x80\x85\xa1\x65\xfe", + .klen = 16, + .iv = "\xd8\x70\x9f\x42\xca\xe6\x83\x3a" + "\x52\x79\x42\xa5\x84\x6a\x96\x7f", + .assoc = "\xe8\x39\x2d\xaa\x0e\x85\x2d\xc1" + "\x72\xaf\x6e\xc9\x82\x33\xc7\x01" + "\xaf\x40\x70\xb8\x2a\x78\xc9\x14" + "\xac\xb1\x10\xca\x2e\xb3\x28\xe4" + "\xac\xfa\x58\x7f\xe5\x73\x09\x8c" + "\x1d\x40\x87\x8c\xd9\x75\xc0\x55" + "\xa2\xda\x07\xd1\xc2\xa9\xd1\xbb" + "\x09\x4f\x77\x62\x88\x2d\xf2\x68" + "\x54", + .alen = 65, + .input = "\xf7\x02\xbb\x11\x52\x24\xd8\x48" + "\x93\xe6\x9b\xee\x81\xfc\xf7\x82" + "\x79\xf0\xf3\xd9\x6c\x20\xa9\x1a" + "\xdc\xbc\x47\xc0\xe4\xcb\x10\x99" + "\x2f", + .ilen = 33, + .result = "\x8f\x23\x47\xfb\xf2\xac\x23\x83" + "\x77\x09\xac\x74\xef\xd2\x56\xae" + "\x20\x7b\x7b\xca\x45\x8e\xc8\xc2" + "\x50\xbd\xc7\x44\x1c\x54\x98\xd8" + "\x1f\xd0\x9a\x79\xaa\xf9\xe1\xb3" + "\xb4\x98\x5a\x9b\xe4\x4d\xbf\x4e" + "\x39", + .rlen = 49, + }, { + .key = "\x06\xcc\x4a\x79\x96\xc3\x82\xcf" + "\xb3\x1c\xc7\x12\x7f\xc5\x28\x04", + .klen = 16, + .iv = "\x15\x95\xd8\xe1\xda\x62\x2c\x56" + "\xd3\x53\xf4\x36\x7e\x8e\x59\x85", + .assoc = "\x24\x5e\x67\x49\x1e\x01\xd6\xdd" + "\xf3\x89\x20\x5b\x7c\x57\x89\x07", + .alen = 16, + .input = "\x33\x27\xf5\xb1\x62\xa0\x80\x63" + "\x14\xc0\x4d\x7f\x7b\x20\xba\x89", + .ilen = 16, + .result = "\x42\xc3\x58\xfb\x29\xe2\x4a\x56" + "\xf1\xf5\xe1\x51\x55\x4b\x0a\x45" + "\x46\xb5\x8d\xac\xb6\x34\xd8\x8b" + "\xde\x20\x59\x77\xc1\x74\x90", + .rlen = 31, + }, { + .key = "\x42\xf0\x84\x19\xa6\x3f\x2b\xea" + "\x34\xf6\x79\xa3\x79\xe9\xeb\x0a", + .klen = 16, + .iv = "\x51\xb9\x12\x80\xea\xde\xd5\x71" + "\x54\x2d\xa6\xc8\x78\xb2\x1b\x8c", + .assoc = "\x61\x83\xa0\xe8\x2e\x7d\x7f\xf8" + "\x74\x63\xd2\xec\x76\x7c\x4c\x0d", + .alen = 16, + .input = "\x70\x4c\x2f\x50\x72\x1c\x29\x7f" + "\x95\x9a\xff\x10\x75\x45\x7d\x8f", + .ilen = 16, + .result = "\xb2\xfb\xf6\x97\x69\x7a\xe9\xec" + "\xe2\x94\xa1\x8b\xa0\x2b\x60\x72" + "\x1d\x04\xdd\x6a\xef\x46\x8f\x68" + "\xe9\xe0\x17\x45\x70\x12", + .rlen = 30, + }, { + .key = "\x7f\x15\xbd\xb8\xb6\xba\xd3\x06" + "\xb5\xd1\x2b\x35\x73\x0e\xad\x10", + .klen = 16, + .iv = "\x8e\xde\x4c\x20\xfa\x59\x7e\x8d" + "\xd5\x07\x58\x59\x72\xd7\xde\x92", + .assoc = "\x9d\xa7\xda\x88\x3e\xf8\x28\x14" + "\xf5\x3e\x85\x7d\x70\xa0\x0f\x13", + .alen = 16, + .input = "\xac\x70\x69\xef\x82\x97\xd2\x9b" + "\x15\x74\xb1\xa2\x6f\x69\x3f\x95", + .ilen = 16, + .result = "\x47\xda\x54\x42\x51\x72\xc4\x8b" + "\xf5\x57\x0f\x2f\x49\x0e\x11\x3b" + "\x78\x93\xec\xfc\xf4\xff\xe1\x2d", + .rlen = 24, + }, +}; + +/* + * AEGIS-128 test vectors - generated via reference implementation from + * SUPERCOP (https://bench.cr.yp.to/supercop.html): + * + * https://bench.cr.yp.to/supercop/supercop-20170228.tar.xz + * (see crypto_aead/aegis128/) + */ +static const struct aead_testvec aegis128_dec_tv_template[] = { + { + .key = "\x0f\xc9\x8e\x67\x44\x9e\xaa\x86" + "\x20\x36\x2c\x24\xfe\xc9\x30\x81", + .klen = 16, + .iv = "\x1e\x92\x1c\xcf\x88\x3d\x54\x0d" + "\x40\x6d\x59\x48\xfc\x92\x61\x03", + .assoc = "", + .alen = 0, + .input = "\x07\xa5\x11\xf2\x9d\x40\xb8\x6d" + "\xda\xb8\x12\x34\x4c\x53\xd9\x72", + .ilen = 16, + .result = "", + .rlen = 0, + }, { + .key = "\x4b\xed\xc8\x07\x54\x1a\x52\xa2" + "\xa1\x10\xde\xb5\xf8\xed\xf3\x87", + .klen = 16, + .iv = "\x5a\xb7\x56\x6e\x98\xb9\xfd\x29" + "\xc1\x47\x0b\xda\xf6\xb6\x23\x09", + .assoc = "", + .alen = 0, + .input = "\x9e\x78\x52\xae\xcb\x9e\xe4\xd3" + "\x9a\xd7\x5d\xd7\xaa\x9a\xe9\x5a" + "\xcc", + .ilen = 17, + .result = "\x79", + .rlen = 1, + }, { + .key = "\x88\x12\x01\xa6\x64\x96\xfb\xbe" + "\x22\xea\x90\x47\xf2\x11\xb5\x8e", + .klen = 16, + .iv = "\x97\xdb\x90\x0e\xa8\x35\xa5\x45" + "\x42\x21\xbd\x6b\xf0\xda\xe6\x0f", + .assoc = "", + .alen = 0, + .input = "\xc3\x80\x83\x04\x5f\xaa\x61\xc7" + "\xca\xdd\x6f\xac\x85\x08\xb5\x35" + "\x2b\xc2\x3e\x0b\x1b\x39\x37\x2b" + "\x7a\x21\x16\xb3\xe6\x67\x66", + .ilen = 31, + .result = "\xb5\x6e\xad\xdd\x30\x72\xfa\x53" + "\x82\x8e\x16\xb4\xed\x6d\x47", + .rlen = 15, + }, { + .key = "\xc4\x37\x3b\x45\x74\x11\xa4\xda" + "\xa2\xc5\x42\xd8\xec\x36\x78\x94", + .klen = 16, + .iv = "\xd3\x00\xc9\xad\xb8\xb0\x4e\x61" + "\xc3\xfb\x6f\xfd\xea\xff\xa9\x15", + .assoc = "", + .alen = 0, + .input = "\x23\x25\x30\xe5\x6a\xb6\x36\x7d" + "\x38\xfd\x3a\xd2\xc2\x58\xa9\x11" + "\x1e\xa8\x30\x9c\x16\xa4\xdb\x65" + "\x51\x10\x16\x27\x70\x9b\x64\x29", + .ilen = 32, + .result = "\xf2\x92\xe6\x7d\x40\xee\xa3\x6f" + "\x03\x68\xc8\x45\xe7\x91\x0a\x18", + .rlen = 16, + }, { + .key = "\x01\x5c\x75\xe5\x84\x8d\x4d\xf6" + "\x23\x9f\xf4\x6a\xe6\x5a\x3b\x9a", + .klen = 16, + .iv = "\x10\x25\x03\x4c\xc8\x2c\xf7\x7d" + "\x44\xd5\x21\x8e\xe4\x23\x6b\x1c", + .assoc = "", + .alen = 0, + .input = "\x2a\x8d\x56\x91\xc6\xf3\x56\xa5" + "\x1f\xf0\x89\x2e\x13\xad\xe6\xf6" + "\x46\x80\xb1\x0e\x18\x30\x40\x97" + "\x03\xdf\x64\x3c\xbe\x93\x9e\xc9" + "\x3b", + .ilen = 33, + .result = "\x2e\xb7\x20\x1c\x50\x6a\x4b\x8b" + "\x84\x42\x7a\xd7\xe1\xb5\xcd\x1f" + "\xd3", + .rlen = 17, + }, { + .key = "\x3d\x80\xae\x84\x94\x09\xf6\x12" + "\xa4\x79\xa6\xfb\xe0\x7f\xfd\xa0", + .klen = 16, + .iv = "\x4c\x49\x3d\xec\xd8\xa8\xa0\x98" + "\xc5\xb0\xd3\x1f\xde\x48\x2e\x22", + .assoc = "", + .alen = 0, + .input = "\x4e\xf6\xfa\x13\xde\x43\x63\x4c" + "\xe2\x04\x3e\xe4\x85\x14\xb6\x3f" + "\xb1\x8f\x4c\xdb\x41\xa2\x14\x99" + "\xf5\x53\x0f\x73\x86\x7e\x97\xa1" + "\x4b\x56\x5b\x94\xce\xcd\x74\xcd" + "\x75\xc4\x53\x01\x89\x45\x59", + .ilen = 47, + .result = "\x6b\xdc\x5a\xbb\x60\xe5\xf4\xa6" + "\x05\x1d\x2c\x68\xdb\xda\x8f\x25" + "\xfe\x8d\x45\x19\x1e\xc0\x0b\x99" + "\x88\x11\x39\x12\x1c\x3a\xbb", + .rlen = 31, + }, { + .key = "\x7a\xa5\xe8\x23\xa4\x84\x9e\x2d" + "\x25\x53\x58\x8c\xda\xa3\xc0\xa6", + .klen = 16, + .iv = "\x89\x6e\x77\x8b\xe8\x23\x49\xb4" + "\x45\x8a\x85\xb1\xd8\x6c\xf1\x28", + .assoc = "", + .alen = 0, + .input = "\xa4\x9a\xb7\xfd\xa0\xd4\xd6\x47" + "\x95\xf4\x58\x38\x14\x83\x27\x01" + "\x4c\xed\x32\x2c\xf7\xd6\x31\xf7" + "\x38\x1b\x2c\xc9\xb6\x31\xce\xaa" + "\xa5\x3c\x1a\x18\x5c\xce\xb9\xdf" + "\x51\x52\x77\xf2\x5e\x85\x80\x41", + .ilen = 48, + .result = "\xa7\x00\x93\x5b\x70\x61\x9d\xc2" + "\x86\xf7\xde\xfa\xd5\xfe\x52\x2b" + "\x28\x50\x51\x9d\x24\x60\x8d\xb3" + "\x49\x3e\x17\xea\xf6\x99\x5a\xdd", + .rlen = 32, + }, { + .key = "\xb6\xca\x22\xc3\xb4\x00\x47\x49" + "\xa6\x2d\x0a\x1e\xd4\xc7\x83\xad", + .klen = 16, + .iv = "\xc5\x93\xb0\x2a\xf8\x9f\xf1\xd0" + "\xc6\x64\x37\x42\xd2\x90\xb3\x2e", + .assoc = "\xd5", + .alen = 1, + .input = "\xfb\xd4\x83\x71\x9e\x63\xad\x60" + "\xb9\xf9\xeb\x34\x52\x49\xcf\xb7", + .ilen = 16, + .result = "", + .rlen = 0, + }, { + .key = "\xf3\xee\x5c\x62\xc4\x7c\xf0\x65" + "\x27\x08\xbd\xaf\xce\xec\x45\xb3", + .klen = 16, + .iv = "\x02\xb8\xea\xca\x09\x1b\x9a\xec" + "\x47\x3e\xe9\xd4\xcc\xb5\x76\x34", + .assoc = "\x11\x81\x78\x32\x4d\xb9\x44\x73" + "\x68\x75\x16\xf8\xcb\x7e\xa7", + .alen = 15, + .input = "\x0c\xaf\x2e\x96\xf6\x97\x08\x71" + "\x7d\x3a\x84\xc4\x44\x57\x77\x7e", + .ilen = 16, + .result = "", + .rlen = 0, + }, { + .key = "\x2f\x13\x95\x01\xd5\xf7\x99\x81" + "\xa8\xe2\x6f\x41\xc8\x10\x08\xb9", + .klen = 16, + .iv = "\x3f\xdc\x24\x69\x19\x96\x43\x08" + "\xc8\x18\x9b\x65\xc6\xd9\x39\x3b", + .assoc = "\x4e\xa5\xb2\xd1\x5d\x35\xed\x8f" + "\xe8\x4f\xc8\x89\xc5\xa2\x69\xbc", + .alen = 16, + .input = "\xc7\x87\x09\x3b\xc7\x19\x74\x22" + "\x22\xa5\x67\x10\xb2\x36\xb3\x45", + .ilen = 16, + .result = "", + .rlen = 0, + }, { + .key = "\x6c\x38\xcf\xa1\xe5\x73\x41\x9d" + "\x29\xbc\x21\xd2\xc2\x35\xcb\xbf", + .klen = 16, + .iv = "\x7b\x01\x5d\x08\x29\x12\xec\x24" + "\x49\xf3\x4d\xf7\xc0\xfe\xfb\x41", + .assoc = "\x8a\xca\xec\x70\x6d\xb1\x96\xab" + "\x69\x29\x7a\x1b\xbf\xc7\x2c\xc2" + "\x07", + .alen = 17, + .input = "\x02\xc6\x3b\x46\x65\xb2\xef\x91" + "\x31\xf0\x45\x48\x8a\x2a\xed\xe4", + .ilen = 16, + .result = "", + .rlen = 0, + }, { + .key = "\xa8\x5c\x09\x40\xf5\xef\xea\xb8" + "\xaa\x96\xd3\x64\xbc\x59\x8d\xc6", + .klen = 16, + .iv = "\xb8\x26\x97\xa8\x39\x8e\x94\x3f" + "\xca\xcd\xff\x88\xba\x22\xbe\x47", + .assoc = "\xc7\xef\x26\x10\x7d\x2c\x3f\xc6" + "\xea\x03\x2c\xac\xb9\xeb\xef\xc9" + "\x31\x6b\x08\x12\xfc\xd8\x37\x2d" + "\xe0\x17\x3a\x2e\x83\x5c\x8f", + .alen = 31, + .input = "\x20\x85\xa8\xd0\x91\x48\x85\xf3" + "\x5a\x16\xc0\x57\x68\x47\xdd\xcb", + .ilen = 16, + .result = "", + .rlen = 0, + }, { + .key = "\xe5\x81\x42\xdf\x05\x6a\x93\xd4" + "\x2b\x70\x85\xf5\xb6\x7d\x50\xcc", + .klen = 16, + .iv = "\xf4\x4a\xd1\x47\x49\x09\x3d\x5b" + "\x4b\xa7\xb1\x19\xb4\x46\x81\x4d", + .assoc = "\x03\x14\x5f\xaf\x8d\xa8\xe7\xe2" + "\x6b\xde\xde\x3e\xb3\x10\xb1\xcf" + "\x5c\x2d\x14\x96\x01\x78\xb9\x47" + "\xa1\x44\x19\x06\x5d\xbb\x2e\x2f", + .alen = 32, + .input = "\x6a\xf8\x8d\x9c\x42\x75\x35\x79" + "\xc1\x96\xbd\x31\x6e\x69\x1b\x50", + .ilen = 16, + .result = "", + .rlen = 0, + }, { + .key = "\x22\xa6\x7c\x7f\x15\xe6\x3c\xf0" + "\xac\x4b\x37\x86\xb0\xa2\x13\xd2", + .klen = 16, + .iv = "\x31\x6f\x0b\xe6\x59\x85\xe6\x77" + "\xcc\x81\x63\xab\xae\x6b\x43\x54", + .assoc = "\x40", + .alen = 1, + .input = "\x01\x24\xb1\xba\xf6\xd3\xdf\x83" + "\x70\x45\xe3\x2a\x9d\x5c\x63\x98" + "\x39", + .ilen = 17, + .result = "\x4f", + .rlen = 1, + }, { + .key = "\x5e\xcb\xb6\x1e\x25\x62\xe4\x0c" + "\x2d\x25\xe9\x18\xaa\xc6\xd5\xd8", + .klen = 16, + .iv = "\x6d\x94\x44\x86\x69\x00\x8f\x93" + "\x4d\x5b\x15\x3c\xa8\x8f\x06\x5a", + .assoc = "\x7c\x5d\xd3\xee\xad\x9f\x39\x1a" + "\x6d\x92\x42\x61\xa7\x58\x37", + .alen = 15, + .input = "\x18\x78\xc2\x6e\xe1\xf7\xe6\x8a" + "\xca\x0e\x62\x00\xa8\x21\xb5\x21" + "\x3d\x36\xdb\xf7\xcc\x31\x94\x9c" + "\x98\xbd\x71\x7a\xef\xa4\xfa", + .ilen = 31, + .result = "\x8b\x26\x61\x55\xf1\x3e\xe3\xa1" + "\x8d\xc8\x6e\x85\xa5\x21\x67", + .rlen = 15, + }, { + .key = "\x9b\xef\xf0\xbd\x35\xdd\x8d\x28" + "\xad\xff\x9b\xa9\xa4\xeb\x98\xdf", + .klen = 16, + .iv = "\xaa\xb8\x7e\x25\x79\x7c\x37\xaf" + "\xce\x36\xc7\xce\xa2\xb4\xc9\x60", + .assoc = "\xb9\x82\x0c\x8d\xbd\x1b\xe2\x36" + "\xee\x6c\xf4\xf2\xa1\x7d\xf9\xe2", + .alen = 16, + .input = "\xea\xd1\x81\x75\xb4\x13\x1d\x86" + "\xd4\x17\x26\xe5\xd6\x89\x39\x04" + "\xa9\x6c\xca\xac\x40\x73\xb2\x4c" + "\x9c\xb9\x0e\x79\x4c\x40\x65\xc6", + .ilen = 32, + .result = "\xc8\x4b\x9b\xf5\x01\xba\x8c\xbd" + "\x0e\xa3\x21\x16\x9f\x46\x2a\x63", + .rlen = 16, + }, { + .key = "\xd7\x14\x29\x5d\x45\x59\x36\x44" + "\x2e\xd9\x4d\x3b\x9e\x0f\x5b\xe5", + .klen = 16, + .iv = "\xe6\xdd\xb8\xc4\x89\xf8\xe0\xca" + "\x4f\x10\x7a\x5f\x9c\xd8\x8b\x66", + .assoc = "\xf5\xa6\x46\x2c\xce\x97\x8a\x51" + "\x6f\x46\xa6\x83\x9b\xa1\xbc\xe8" + "\x05", + .alen = 17, + .input = "\xf4\xb2\x84\xd1\x81\xfa\x98\x1c" + "\x38\x2d\x69\x90\x1c\x71\x38\x98" + "\x9f\xe1\x19\x3b\x63\x91\xaf\x6e" + "\x4b\x07\x2c\xac\x53\xc5\xd5\xfe" + "\x93", + .ilen = 33, + .result = "\x05\x70\xd5\x94\x12\x36\x35\xd8" + "\x8f\x7d\xd3\xa8\x99\x6a\xed\x69" + "\xd0", + .rlen = 17, + }, { + .key = "\x14\x39\x63\xfc\x56\xd5\xdf\x5f" + "\xaf\xb3\xff\xcc\x98\x33\x1d\xeb", + .klen = 16, + .iv = "\x23\x02\xf1\x64\x9a\x73\x89\xe6" + "\xd0\xea\x2c\xf1\x96\xfc\x4e\x6d", + .assoc = "\x32\xcb\x80\xcc\xde\x12\x33\x6d" + "\xf0\x20\x58\x15\x95\xc6\x7f\xee" + "\x2f\xf9\x4e\x2c\x1b\x98\x43\xc7" + "\x68\x28\x73\x40\x9f\x96\x4a", + .alen = 31, + .input = "\xa0\xe7\x0a\x60\xe7\xb8\x8a\xdb" + "\x94\xd3\x93\xf2\x41\x86\x16\xdd" + "\x4c\xe8\xe7\xe0\x62\x48\x89\x40" + "\xc0\x49\x9b\x63\x32\xec\x8b\xdb" + "\xdc\xa6\xea\x2c\xc2\x7f\xf5\x04" + "\xcb\xe5\x47\xbb\xa7\xd1\x9d", + .ilen = 47, + .result = "\x41\x94\x0e\x33\x22\xb1\xdd\xf4" + "\x10\x57\x85\x39\x93\x8f\xaf\x70" + "\xfa\xa9\xd0\x4d\x5c\x40\x23\xcd" + "\x98\x34\xab\x37\x56\xae\x32", + .rlen = 31, + }, { + .key = "\x50\x5d\x9d\x9b\x66\x50\x88\x7b" + "\x30\x8e\xb1\x5e\x92\x58\xe0\xf1", + .klen = 16, + .iv = "\x5f\x27\x2b\x03\xaa\xef\x32\x02" + "\x50\xc4\xde\x82\x90\x21\x11\x73", + .assoc = "\x6e\xf0\xba\x6b\xee\x8e\xdc\x89" + "\x71\xfb\x0a\xa6\x8f\xea\x41\xf4" + "\x5a\xbb\x59\xb0\x20\x38\xc5\xe0" + "\x29\x56\x52\x19\x79\xf5\xe9\x37", + .alen = 32, + .input = "\x62\xdc\x2d\x68\x2d\x71\xbb\x33" + "\x13\xdf\xc0\x46\xf6\x61\x94\xa7" + "\x60\xd3\xd4\xca\xd9\xbe\x82\xf3" + "\xf1\x5b\xa0\xfa\x15\xba\xda\xea" + "\x87\x68\x47\x08\x5d\xdd\x83\xb0" + "\x60\xf4\x93\x20\xdf\x34\x8f\xea", + .ilen = 48, + .result = "\x7e\xb9\x48\xd3\x32\x2d\x86\x10" + "\x91\x31\x37\xcb\x8d\xb3\x72\x76" + "\x24\x6b\xdc\xd1\x61\xe0\xa5\xe7" + "\x5a\x61\x8a\x0f\x30\x0d\xd1\xec", + .rlen = 32, + }, { + .key = "\x8d\x82\xd6\x3b\x76\xcc\x30\x97" + "\xb1\x68\x63\xef\x8c\x7c\xa3\xf7", + .klen = 16, + .iv = "\x9c\x4b\x65\xa2\xba\x6b\xdb\x1e" + "\xd1\x9e\x90\x13\x8a\x45\xd3\x79", + .assoc = "\xab\x14\xf3\x0a\xfe\x0a\x85\xa5" + "\xf2\xd5\xbc\x38\x89\x0e\x04\xfb" + "\x84\x7d\x65\x34\x25\xd8\x47\xfa" + "\xeb\x83\x31\xf1\x54\x54\x89\x0d" + "\x9d", + .alen = 33, + .input = "\x84\xc5\x21\xab\xe1\xeb\xbb\x6d" + "\xaa\x2a\xaf\xeb\x3b\x3b\x69\xe7" + "\x2c\x47\xef\x9d\xb7\x53\x36\xb7" + "\xb6\xf5\xe5\xa8\xc9\x9e\x02\xd7" + "\x83\x88\xc2\xbd\x2f\xf9\x10\xc0" + "\xf5\xa1\x6e\xd3\x97\x64\x82\xa3" + "\xfb\xda\x2c\xb1\x94\xa1\x58\x32" + "\xe8\xd4\x39\xfc\x9e\x26\xf9\xf1" + "\x61\xe6\xae\x07\xf2\xe0\xa7\x44" + "\x96\x28\x3b\xee\x6b\xc6\x16\x31" + "\x3f", + .ilen = 81, + .result = "\xba\xde\x82\x72\x42\xa9\x2f\x2c" + "\x12\x0b\xe9\x5c\x87\xd7\x35\x7c" + "\x4f\x2e\xe8\x55\x66\x80\x27\x00" + "\x1b\x8f\x68\xe7\x0a\x6c\x71\xc3" + "\x21\x78\x55\x9d\x9c\x65\x7b\xcd" + "\x0a\x34\x97\xff\x47\x37\xb0\x2a" + "\x80\x0d\x19\x98\x33\xa9\x7a\xe3" + "\x2e\x4c\xc6\xf3\x8c\x88\x42\x01" + "\xbd", + .rlen = 65, + }, { + .key = "\xc9\xa7\x10\xda\x86\x48\xd9\xb3" + "\x32\x42\x15\x80\x85\xa1\x65\xfe", + .klen = 16, + .iv = "\xd8\x70\x9f\x42\xca\xe6\x83\x3a" + "\x52\x79\x42\xa5\x84\x6a\x96\x7f", + .assoc = "\xe8\x39\x2d\xaa\x0e\x85\x2d\xc1" + "\x72\xaf\x6e\xc9\x82\x33\xc7\x01" + "\xaf\x40\x70\xb8\x2a\x78\xc9\x14" + "\xac\xb1\x10\xca\x2e\xb3\x28\xe4" + "\xac\xfa\x58\x7f\xe5\x73\x09\x8c" + "\x1d\x40\x87\x8c\xd9\x75\xc0\x55" + "\xa2\xda\x07\xd1\xc2\xa9\xd1\xbb" + "\x09\x4f\x77\x62\x88\x2d\xf2\x68" + "\x54", + .alen = 65, + .input = "\x8f\x23\x47\xfb\xf2\xac\x23\x83" + "\x77\x09\xac\x74\xef\xd2\x56\xae" + "\x20\x7b\x7b\xca\x45\x8e\xc8\xc2" + "\x50\xbd\xc7\x44\x1c\x54\x98\xd8" + "\x1f\xd0\x9a\x79\xaa\xf9\xe1\xb3" + "\xb4\x98\x5a\x9b\xe4\x4d\xbf\x4e" + "\x39", + .ilen = 49, + .result = "\xf7\x02\xbb\x11\x52\x24\xd8\x48" + "\x93\xe6\x9b\xee\x81\xfc\xf7\x82" + "\x79\xf0\xf3\xd9\x6c\x20\xa9\x1a" + "\xdc\xbc\x47\xc0\xe4\xcb\x10\x99" + "\x2f", + .rlen = 33, + }, { + .key = "\x06\xcc\x4a\x79\x96\xc3\x82\xcf" + "\xb3\x1c\xc7\x12\x7f\xc5\x28\x04", + .klen = 16, + .iv = "\x15\x95\xd8\xe1\xda\x62\x2c\x56" + "\xd3\x53\xf4\x36\x7e\x8e\x59\x85", + .assoc = "\x24\x5e\x67\x49\x1e\x01\xd6\xdd" + "\xf3\x89\x20\x5b\x7c\x57\x89\x07", + .alen = 16, + .input = "\x42\xc3\x58\xfb\x29\xe2\x4a\x56" + "\xf1\xf5\xe1\x51\x55\x4b\x0a\x45" + "\x46\xb5\x8d\xac\xb6\x34\xd8\x8b" + "\xde\x20\x59\x77\xc1\x74\x90", + .ilen = 31, + .result = "\x33\x27\xf5\xb1\x62\xa0\x80\x63" + "\x14\xc0\x4d\x7f\x7b\x20\xba\x89", + .rlen = 16, + }, { + .key = "\x42\xf0\x84\x19\xa6\x3f\x2b\xea" + "\x34\xf6\x79\xa3\x79\xe9\xeb\x0a", + .klen = 16, + .iv = "\x51\xb9\x12\x80\xea\xde\xd5\x71" + "\x54\x2d\xa6\xc8\x78\xb2\x1b\x8c", + .assoc = "\x61\x83\xa0\xe8\x2e\x7d\x7f\xf8" + "\x74\x63\xd2\xec\x76\x7c\x4c\x0d", + .alen = 16, + .input = "\xb2\xfb\xf6\x97\x69\x7a\xe9\xec" + "\xe2\x94\xa1\x8b\xa0\x2b\x60\x72" + "\x1d\x04\xdd\x6a\xef\x46\x8f\x68" + "\xe9\xe0\x17\x45\x70\x12", + .ilen = 30, + .result = "\x70\x4c\x2f\x50\x72\x1c\x29\x7f" + "\x95\x9a\xff\x10\x75\x45\x7d\x8f", + .rlen = 16, + }, { + .key = "\x7f\x15\xbd\xb8\xb6\xba\xd3\x06" + "\xb5\xd1\x2b\x35\x73\x0e\xad\x10", + .klen = 16, + .iv = "\x8e\xde\x4c\x20\xfa\x59\x7e\x8d" + "\xd5\x07\x58\x59\x72\xd7\xde\x92", + .assoc = "\x9d\xa7\xda\x88\x3e\xf8\x28\x14" + "\xf5\x3e\x85\x7d\x70\xa0\x0f\x13", + .alen = 16, + .input = "\x47\xda\x54\x42\x51\x72\xc4\x8b" + "\xf5\x57\x0f\x2f\x49\x0e\x11\x3b" + "\x78\x93\xec\xfc\xf4\xff\xe1\x2d", + .ilen = 24, + .result = "\xac\x70\x69\xef\x82\x97\xd2\x9b" + "\x15\x74\xb1\xa2\x6f\x69\x3f\x95", + .rlen = 16, + }, +}; + +/* + * AEGIS-128L test vectors - generated via reference implementation from + * SUPERCOP (https://bench.cr.yp.to/supercop.html): + * + * https://bench.cr.yp.to/supercop/supercop-20170228.tar.xz + * (see crypto_aead/aegis128l/) + */ +static const struct aead_testvec aegis128l_enc_tv_template[] = { + { + .key = "\x0f\xc9\x8e\x67\x44\x9e\xaa\x86" + "\x20\x36\x2c\x24\xfe\xc9\x30\x81", + .klen = 16, + .iv = "\x1e\x92\x1c\xcf\x88\x3d\x54\x0d" + "\x40\x6d\x59\x48\xfc\x92\x61\x03", + .assoc = "", + .alen = 0, + .input = "", + .ilen = 0, + .result = "\x30\x4f\xf3\xe9\xb1\xfa\x81\xa6" + "\x20\x72\x78\xdd\x93\xc8\x57\xef", + .rlen = 16, + }, { + .key = "\x4b\xed\xc8\x07\x54\x1a\x52\xa2" + "\xa1\x10\xde\xb5\xf8\xed\xf3\x87", + .klen = 16, + .iv = "\x5a\xb7\x56\x6e\x98\xb9\xfd\x29" + "\xc1\x47\x0b\xda\xf6\xb6\x23\x09", + .assoc = "", + .alen = 0, + .input = "\x79", + .ilen = 1, + .result = "\xa9\x24\xa0\xb6\x2d\xdd\x29\xdb" + "\x40\xb3\x71\xc5\x22\x58\x31\x77" + "\x6d", + .rlen = 17, + }, { + .key = "\x88\x12\x01\xa6\x64\x96\xfb\xbe" + "\x22\xea\x90\x47\xf2\x11\xb5\x8e", + .klen = 16, + .iv = "\x97\xdb\x90\x0e\xa8\x35\xa5\x45" + "\x42\x21\xbd\x6b\xf0\xda\xe6\x0f", + .assoc = "", + .alen = 0, + .input = "\xb5\x6e\xad\xdd\x30\x72\xfa\x53" + "\x82\x8e\x16\xb4\xed\x6d\x47", + .ilen = 15, + .result = "\xbb\x0a\x53\xc4\xaa\x7e\xa4\x03" + "\x2b\xee\x62\x99\x7b\x98\x13\x1f" + "\xe0\x76\x4c\x2e\x53\x99\x4f\xbe" + "\xe1\xa8\x04\x7f\xe1\x71\xbe", + .rlen = 31, + }, { + .key = "\xc4\x37\x3b\x45\x74\x11\xa4\xda" + "\xa2\xc5\x42\xd8\xec\x36\x78\x94", + .klen = 16, + .iv = "\xd3\x00\xc9\xad\xb8\xb0\x4e\x61" + "\xc3\xfb\x6f\xfd\xea\xff\xa9\x15", + .assoc = "", + .alen = 0, + .input = "\xf2\x92\xe6\x7d\x40\xee\xa3\x6f" + "\x03\x68\xc8\x45\xe7\x91\x0a\x18", + .ilen = 16, + .result = "\x66\xdf\x6e\x71\xc0\x6e\xa4\x4c" + "\x9d\xb7\x8c\x9a\xdb\x1f\xd2\x2e" + "\x23\xb6\xa4\xfb\xd3\x86\xdd\xbb" + "\xde\x54\x9b\xf5\x92\x8b\x93\xc5", + .rlen = 32, + }, { + .key = "\x01\x5c\x75\xe5\x84\x8d\x4d\xf6" + "\x23\x9f\xf4\x6a\xe6\x5a\x3b\x9a", + .klen = 16, + .iv = "\x10\x25\x03\x4c\xc8\x2c\xf7\x7d" + "\x44\xd5\x21\x8e\xe4\x23\x6b\x1c", + .assoc = "", + .alen = 0, + .input = "\x2e\xb7\x20\x1c\x50\x6a\x4b\x8b" + "\x84\x42\x7a\xd7\xe1\xb5\xcd\x1f" + "\xd3", + .ilen = 17, + .result = "\x4f\xc3\x69\xb6\xd3\xa4\x64\x8b" + "\x71\xc3\x8a\x91\x22\x4f\x1b\xd2" + "\x33\x6d\x86\xbc\xf8\x2f\x06\xf9" + "\x82\x64\xc7\x72\x00\x30\xfc\xf0" + "\xf8", + .rlen = 33, + }, { + .key = "\x3d\x80\xae\x84\x94\x09\xf6\x12" + "\xa4\x79\xa6\xfb\xe0\x7f\xfd\xa0", + .klen = 16, + .iv = "\x4c\x49\x3d\xec\xd8\xa8\xa0\x98" + "\xc5\xb0\xd3\x1f\xde\x48\x2e\x22", + .assoc = "", + .alen = 0, + .input = "\x6b\xdc\x5a\xbb\x60\xe5\xf4\xa6" + "\x05\x1d\x2c\x68\xdb\xda\x8f\x25" + "\xfe\x8d\x45\x19\x1e\xc0\x0b\x99" + "\x88\x11\x39\x12\x1c\x3a\xbb", + .ilen = 31, + .result = "\xe3\x93\x15\xae\x5f\x9d\x3c\xb5" + "\xd6\x9d\xee\xee\xcf\xaa\xaf\xe1" + "\x45\x10\x96\xe0\xbf\x55\x0f\x4c" + "\x1a\xfd\xf4\xda\x4e\x10\xde\xc9" + "\x0e\x6f\xc7\x3c\x49\x94\x41\xfc" + "\x59\x28\x88\x3c\x79\x10\x6b", + .rlen = 47, + }, { + .key = "\x7a\xa5\xe8\x23\xa4\x84\x9e\x2d" + "\x25\x53\x58\x8c\xda\xa3\xc0\xa6", + .klen = 16, + .iv = "\x89\x6e\x77\x8b\xe8\x23\x49\xb4" + "\x45\x8a\x85\xb1\xd8\x6c\xf1\x28", + .assoc = "", + .alen = 0, + .input = "\xa7\x00\x93\x5b\x70\x61\x9d\xc2" + "\x86\xf7\xde\xfa\xd5\xfe\x52\x2b" + "\x28\x50\x51\x9d\x24\x60\x8d\xb3" + "\x49\x3e\x17\xea\xf6\x99\x5a\xdd", + .ilen = 32, + .result = "\x1c\x8e\x22\x34\xfd\xab\xe6\x0d" + "\x1c\x9f\x06\x54\x8b\x0b\xb4\x40" + "\xde\x11\x59\x3e\xfd\x74\xf6\x42" + "\x97\x17\xf7\x24\xb6\x7e\xc4\xc6" + "\x06\xa3\x94\xda\x3d\x7f\x55\x0a" + "\x92\x07\x2f\xa6\xf3\x6b\x2c\xfc", + .rlen = 48, + }, { + .key = "\xb6\xca\x22\xc3\xb4\x00\x47\x49" + "\xa6\x2d\x0a\x1e\xd4\xc7\x83\xad", + .klen = 16, + .iv = "\xc5\x93\xb0\x2a\xf8\x9f\xf1\xd0" + "\xc6\x64\x37\x42\xd2\x90\xb3\x2e", + .assoc = "\xd5", + .alen = 1, + .input = "", + .ilen = 0, + .result = "\xa0\x2a\xb4\x9a\x91\x00\x15\xb8" + "\x0f\x9a\x15\x60\x0e\x9b\x13\x8f", + .rlen = 16, + }, { + .key = "\xf3\xee\x5c\x62\xc4\x7c\xf0\x65" + "\x27\x08\xbd\xaf\xce\xec\x45\xb3", + .klen = 16, + .iv = "\x02\xb8\xea\xca\x09\x1b\x9a\xec" + "\x47\x3e\xe9\xd4\xcc\xb5\x76\x34", + .assoc = "\x11\x81\x78\x32\x4d\xb9\x44\x73" + "\x68\x75\x16\xf8\xcb\x7e\xa7", + .alen = 15, + .input = "", + .ilen = 0, + .result = "\x4c\x26\xad\x9c\x14\xfd\x9c\x8c" + "\x84\xfb\x26\xfb\xd5\xca\x62\x39", + .rlen = 16, + }, { + .key = "\x2f\x13\x95\x01\xd5\xf7\x99\x81" + "\xa8\xe2\x6f\x41\xc8\x10\x08\xb9", + .klen = 16, + .iv = "\x3f\xdc\x24\x69\x19\x96\x43\x08" + "\xc8\x18\x9b\x65\xc6\xd9\x39\x3b", + .assoc = "\x4e\xa5\xb2\xd1\x5d\x35\xed\x8f" + "\xe8\x4f\xc8\x89\xc5\xa2\x69\xbc", + .alen = 16, + .input = "", + .ilen = 0, + .result = "\x45\x85\x0e\x0f\xf4\xae\x96\xa1" + "\x99\x4d\x6d\xb4\x67\x32\xb0\x3a", + .rlen = 16, + }, { + .key = "\x6c\x38\xcf\xa1\xe5\x73\x41\x9d" + "\x29\xbc\x21\xd2\xc2\x35\xcb\xbf", + .klen = 16, + .iv = "\x7b\x01\x5d\x08\x29\x12\xec\x24" + "\x49\xf3\x4d\xf7\xc0\xfe\xfb\x41", + .assoc = "\x8a\xca\xec\x70\x6d\xb1\x96\xab" + "\x69\x29\x7a\x1b\xbf\xc7\x2c\xc2" + "\x07", + .alen = 17, + .input = "", + .ilen = 0, + .result = "\x33\xb1\x42\x97\x8e\x16\x7b\x63" + "\x06\xba\x5b\xcb\xae\x6d\x8b\x56", + .rlen = 16, + }, { + .key = "\xa8\x5c\x09\x40\xf5\xef\xea\xb8" + "\xaa\x96\xd3\x64\xbc\x59\x8d\xc6", + .klen = 16, + .iv = "\xb8\x26\x97\xa8\x39\x8e\x94\x3f" + "\xca\xcd\xff\x88\xba\x22\xbe\x47", + .assoc = "\xc7\xef\x26\x10\x7d\x2c\x3f\xc6" + "\xea\x03\x2c\xac\xb9\xeb\xef\xc9" + "\x31\x6b\x08\x12\xfc\xd8\x37\x2d" + "\xe0\x17\x3a\x2e\x83\x5c\x8f", + .alen = 31, + .input = "", + .ilen = 0, + .result = "\xda\x44\x08\x8c\x2a\xa5\x07\x35" + "\x0b\x54\x4e\x6d\xe3\xfd\xc4\x5f", + .rlen = 16, + }, { + .key = "\xe5\x81\x42\xdf\x05\x6a\x93\xd4" + "\x2b\x70\x85\xf5\xb6\x7d\x50\xcc", + .klen = 16, + .iv = "\xf4\x4a\xd1\x47\x49\x09\x3d\x5b" + "\x4b\xa7\xb1\x19\xb4\x46\x81\x4d", + .assoc = "\x03\x14\x5f\xaf\x8d\xa8\xe7\xe2" + "\x6b\xde\xde\x3e\xb3\x10\xb1\xcf" + "\x5c\x2d\x14\x96\x01\x78\xb9\x47" + "\xa1\x44\x19\x06\x5d\xbb\x2e\x2f", + .alen = 32, + .input = "", + .ilen = 0, + .result = "\x1b\xb1\xf1\xa8\x9e\xc2\xb2\x88" + "\x40\x7f\x7b\x19\x7a\x52\x8c\xf0", + .rlen = 16, + }, { + .key = "\x22\xa6\x7c\x7f\x15\xe6\x3c\xf0" + "\xac\x4b\x37\x86\xb0\xa2\x13\xd2", + .klen = 16, + .iv = "\x31\x6f\x0b\xe6\x59\x85\xe6\x77" + "\xcc\x81\x63\xab\xae\x6b\x43\x54", + .assoc = "\x40", + .alen = 1, + .input = "\x4f", + .ilen = 1, + .result = "\x6e\xc8\xfb\x15\x9d\x98\x49\xc9" + "\xa0\x98\x09\x85\xbe\x56\x8e\x79" + "\xf4", + .rlen = 17, + }, { + .key = "\x5e\xcb\xb6\x1e\x25\x62\xe4\x0c" + "\x2d\x25\xe9\x18\xaa\xc6\xd5\xd8", + .klen = 16, + .iv = "\x6d\x94\x44\x86\x69\x00\x8f\x93" + "\x4d\x5b\x15\x3c\xa8\x8f\x06\x5a", + .assoc = "\x7c\x5d\xd3\xee\xad\x9f\x39\x1a" + "\x6d\x92\x42\x61\xa7\x58\x37", + .alen = 15, + .input = "\x8b\x26\x61\x55\xf1\x3e\xe3\xa1" + "\x8d\xc8\x6e\x85\xa5\x21\x67", + .ilen = 15, + .result = "\x99\x2e\x84\x50\x64\x5c\xab\x29" + "\x20\xba\xb9\x2f\x62\x3a\xce\x2a" + "\x75\x25\x3b\xe3\x40\xe0\x1d\xfc" + "\x20\x63\x0b\x49\x7e\x97\x08", + .rlen = 31, + }, { + .key = "\x9b\xef\xf0\xbd\x35\xdd\x8d\x28" + "\xad\xff\x9b\xa9\xa4\xeb\x98\xdf", + .klen = 16, + .iv = "\xaa\xb8\x7e\x25\x79\x7c\x37\xaf" + "\xce\x36\xc7\xce\xa2\xb4\xc9\x60", + .assoc = "\xb9\x82\x0c\x8d\xbd\x1b\xe2\x36" + "\xee\x6c\xf4\xf2\xa1\x7d\xf9\xe2", + .alen = 16, + .input = "\xc8\x4b\x9b\xf5\x01\xba\x8c\xbd" + "\x0e\xa3\x21\x16\x9f\x46\x2a\x63", + .ilen = 16, + .result = "\xd9\x8e\xfd\x50\x8f\x02\x9f\xee" + "\x78\x08\x12\xec\x09\xaf\x53\x14" + "\x90\x3e\x3d\x76\xad\x71\x21\x08" + "\x77\xe5\x4b\x15\xc2\xe6\xbc\xdb", + .rlen = 32, + }, { + .key = "\xd7\x14\x29\x5d\x45\x59\x36\x44" + "\x2e\xd9\x4d\x3b\x9e\x0f\x5b\xe5", + .klen = 16, + .iv = "\xe6\xdd\xb8\xc4\x89\xf8\xe0\xca" + "\x4f\x10\x7a\x5f\x9c\xd8\x8b\x66", + .assoc = "\xf5\xa6\x46\x2c\xce\x97\x8a\x51" + "\x6f\x46\xa6\x83\x9b\xa1\xbc\xe8" + "\x05", + .alen = 17, + .input = "\x05\x70\xd5\x94\x12\x36\x35\xd8" + "\x8f\x7d\xd3\xa8\x99\x6a\xed\x69" + "\xd0", + .ilen = 17, + .result = "\xf3\xe7\x95\x86\xcf\x34\x95\x96" + "\x17\xfe\x1b\xae\x1b\x31\xf2\x1a" + "\xbd\xbc\xc9\x4e\x11\x29\x09\x5c" + "\x05\xd3\xb4\x2e\x4a\x74\x59\x49" + "\x7d", + .rlen = 33, + }, { + .key = "\x14\x39\x63\xfc\x56\xd5\xdf\x5f" + "\xaf\xb3\xff\xcc\x98\x33\x1d\xeb", + .klen = 16, + .iv = "\x23\x02\xf1\x64\x9a\x73\x89\xe6" + "\xd0\xea\x2c\xf1\x96\xfc\x4e\x6d", + .assoc = "\x32\xcb\x80\xcc\xde\x12\x33\x6d" + "\xf0\x20\x58\x15\x95\xc6\x7f\xee" + "\x2f\xf9\x4e\x2c\x1b\x98\x43\xc7" + "\x68\x28\x73\x40\x9f\x96\x4a", + .alen = 31, + .input = "\x41\x94\x0e\x33\x22\xb1\xdd\xf4" + "\x10\x57\x85\x39\x93\x8f\xaf\x70" + "\xfa\xa9\xd0\x4d\x5c\x40\x23\xcd" + "\x98\x34\xab\x37\x56\xae\x32", + .ilen = 31, + .result = "\x06\x96\xb2\xbf\x63\xf4\x1e\x24" + "\x0d\x19\x15\x61\x65\x3b\x06\x26" + "\x71\xe8\x7e\x16\xdb\x96\x01\x01" + "\x52\xcd\x49\x5b\x07\x33\x4e\xe7" + "\xaa\x91\xf5\xd5\xc6\xfe\x41\xb5" + "\xed\x90\xce\xb9\xcd\xcc\xa1", + .rlen = 47, + }, { + .key = "\x50\x5d\x9d\x9b\x66\x50\x88\x7b" + "\x30\x8e\xb1\x5e\x92\x58\xe0\xf1", + .klen = 16, + .iv = "\x5f\x27\x2b\x03\xaa\xef\x32\x02" + "\x50\xc4\xde\x82\x90\x21\x11\x73", + .assoc = "\x6e\xf0\xba\x6b\xee\x8e\xdc\x89" + "\x71\xfb\x0a\xa6\x8f\xea\x41\xf4" + "\x5a\xbb\x59\xb0\x20\x38\xc5\xe0" + "\x29\x56\x52\x19\x79\xf5\xe9\x37", + .alen = 32, + .input = "\x7e\xb9\x48\xd3\x32\x2d\x86\x10" + "\x91\x31\x37\xcb\x8d\xb3\x72\x76" + "\x24\x6b\xdc\xd1\x61\xe0\xa5\xe7" + "\x5a\x61\x8a\x0f\x30\x0d\xd1\xec", + .ilen = 32, + .result = "\xf9\xd7\xee\x17\xfd\x24\xcd\xf1" + "\xbc\x0f\x35\x97\x97\x0c\x4b\x18" + "\xce\x58\xc8\x3b\xd4\x85\x93\x79" + "\xcc\x9c\xea\xc1\x73\x13\x0b\x4c" + "\xcc\x6f\x28\xf8\xa4\x4e\xb8\x56" + "\x64\x4e\x47\xce\xb2\xb4\x92\xb4", + .rlen = 48, + }, { + .key = "\x8d\x82\xd6\x3b\x76\xcc\x30\x97" + "\xb1\x68\x63\xef\x8c\x7c\xa3\xf7", + .klen = 16, + .iv = "\x9c\x4b\x65\xa2\xba\x6b\xdb\x1e" + "\xd1\x9e\x90\x13\x8a\x45\xd3\x79", + .assoc = "\xab\x14\xf3\x0a\xfe\x0a\x85\xa5" + "\xf2\xd5\xbc\x38\x89\x0e\x04\xfb" + "\x84\x7d\x65\x34\x25\xd8\x47\xfa" + "\xeb\x83\x31\xf1\x54\x54\x89\x0d" + "\x9d", + .alen = 33, + .input = "\xba\xde\x82\x72\x42\xa9\x2f\x2c" + "\x12\x0b\xe9\x5c\x87\xd7\x35\x7c" + "\x4f\x2e\xe8\x55\x66\x80\x27\x00" + "\x1b\x8f\x68\xe7\x0a\x6c\x71\xc3" + "\x21\x78\x55\x9d\x9c\x65\x7b\xcd" + "\x0a\x34\x97\xff\x47\x37\xb0\x2a" + "\x80\x0d\x19\x98\x33\xa9\x7a\xe3" + "\x2e\x4c\xc6\xf3\x8c\x88\x42\x01" + "\xbd", + .ilen = 65, + .result = "\x58\xfa\x3a\x3d\xd9\x88\x63\xe8" + "\xc5\x78\x50\x8b\x4a\xc9\xdf\x7f" + "\x4b\xfa\xc8\x2e\x67\x43\xf3\x63" + "\x42\x8e\x99\x5a\x9c\x0b\x84\x77" + "\xbc\x46\x76\x48\x82\xc7\x57\x96" + "\xe1\x65\xd1\xed\x1d\xdd\x80\x24" + "\xa6\x4d\xa9\xf1\x53\x8b\x5e\x0e" + "\x26\xb9\xcc\x37\xe5\x43\xe1\x5a" + "\x8a\xd6\x8c\x5a\xe4\x95\xd1\x8d" + "\xf7\x33\x64\xc1\xd3\xf2\xfc\x35" + "\x01", + .rlen = 81, + }, { + .key = "\xc9\xa7\x10\xda\x86\x48\xd9\xb3" + "\x32\x42\x15\x80\x85\xa1\x65\xfe", + .klen = 16, + .iv = "\xd8\x70\x9f\x42\xca\xe6\x83\x3a" + "\x52\x79\x42\xa5\x84\x6a\x96\x7f", + .assoc = "\xe8\x39\x2d\xaa\x0e\x85\x2d\xc1" + "\x72\xaf\x6e\xc9\x82\x33\xc7\x01" + "\xaf\x40\x70\xb8\x2a\x78\xc9\x14" + "\xac\xb1\x10\xca\x2e\xb3\x28\xe4" + "\xac\xfa\x58\x7f\xe5\x73\x09\x8c" + "\x1d\x40\x87\x8c\xd9\x75\xc0\x55" + "\xa2\xda\x07\xd1\xc2\xa9\xd1\xbb" + "\x09\x4f\x77\x62\x88\x2d\xf2\x68" + "\x54", + .alen = 65, + .input = "\xf7\x02\xbb\x11\x52\x24\xd8\x48" + "\x93\xe6\x9b\xee\x81\xfc\xf7\x82" + "\x79\xf0\xf3\xd9\x6c\x20\xa9\x1a" + "\xdc\xbc\x47\xc0\xe4\xcb\x10\x99" + "\x2f", + .ilen = 33, + .result = "\x4c\xa9\xac\x71\xed\x10\xa6\x24" + "\xb7\xa7\xdf\x8b\xf5\xc2\x41\xcb" + "\x05\xc9\xd6\x97\xb6\x10\x7f\x17" + "\xc2\xc0\x93\xcf\xe0\x94\xfd\x99" + "\xf2\x62\x25\x28\x01\x23\x6f\x8b" + "\x04\x52\xbc\xb0\x3e\x66\x52\x90" + "\x9f", + .rlen = 49, + }, { + .key = "\x06\xcc\x4a\x79\x96\xc3\x82\xcf" + "\xb3\x1c\xc7\x12\x7f\xc5\x28\x04", + .klen = 16, + .iv = "\x15\x95\xd8\xe1\xda\x62\x2c\x56" + "\xd3\x53\xf4\x36\x7e\x8e\x59\x85", + .assoc = "\x24\x5e\x67\x49\x1e\x01\xd6\xdd" + "\xf3\x89\x20\x5b\x7c\x57\x89\x07", + .alen = 16, + .input = "\x33\x27\xf5\xb1\x62\xa0\x80\x63" + "\x14\xc0\x4d\x7f\x7b\x20\xba\x89", + .ilen = 16, + .result = "\x6d\xed\x04\x7a\x2f\x0c\x30\xa5" + "\x96\xe6\x97\xe4\x10\xeb\x40\x95" + "\xc5\x9a\xdf\x31\xd5\xa5\xa6\xec" + "\x05\xa8\x31\x50\x11\x19\x44", + .rlen = 31, + }, { + .key = "\x42\xf0\x84\x19\xa6\x3f\x2b\xea" + "\x34\xf6\x79\xa3\x79\xe9\xeb\x0a", + .klen = 16, + .iv = "\x51\xb9\x12\x80\xea\xde\xd5\x71" + "\x54\x2d\xa6\xc8\x78\xb2\x1b\x8c", + .assoc = "\x61\x83\xa0\xe8\x2e\x7d\x7f\xf8" + "\x74\x63\xd2\xec\x76\x7c\x4c\x0d", + .alen = 16, + .input = "\x70\x4c\x2f\x50\x72\x1c\x29\x7f" + "\x95\x9a\xff\x10\x75\x45\x7d\x8f", + .ilen = 16, + .result = "\x30\x95\x7d\xea\xdc\x62\xc0\x88" + "\xa1\xe3\x8d\x8c\xac\x04\x10\xa7" + "\xfa\xfa\x07\xbd\xa0\xf0\x36\xeb" + "\x21\x93\x2e\x31\x84\x83", + .rlen = 30, + }, { + .key = "\x7f\x15\xbd\xb8\xb6\xba\xd3\x06" + "\xb5\xd1\x2b\x35\x73\x0e\xad\x10", + .klen = 16, + .iv = "\x8e\xde\x4c\x20\xfa\x59\x7e\x8d" + "\xd5\x07\x58\x59\x72\xd7\xde\x92", + .assoc = "\x9d\xa7\xda\x88\x3e\xf8\x28\x14" + "\xf5\x3e\x85\x7d\x70\xa0\x0f\x13", + .alen = 16, + .input = "\xac\x70\x69\xef\x82\x97\xd2\x9b" + "\x15\x74\xb1\xa2\x6f\x69\x3f\x95", + .ilen = 16, + .result = "\x93\xcd\xee\xd4\xcb\x9d\x8d\x16" + "\x63\x0d\x43\xd5\x49\xca\xa8\x85" + "\x49\xc0\xae\x13\xbc\x26\x1d\x4b", + .rlen = 24, + }, +}; + +static const struct aead_testvec aegis128l_dec_tv_template[] = { + { + .key = "\x0f\xc9\x8e\x67\x44\x9e\xaa\x86" + "\x20\x36\x2c\x24\xfe\xc9\x30\x81", + .klen = 16, + .iv = "\x1e\x92\x1c\xcf\x88\x3d\x54\x0d" + "\x40\x6d\x59\x48\xfc\x92\x61\x03", + .assoc = "", + .alen = 0, + .input = "\x30\x4f\xf3\xe9\xb1\xfa\x81\xa6" + "\x20\x72\x78\xdd\x93\xc8\x57\xef", + .ilen = 16, + .result = "", + .rlen = 0, + }, { + .key = "\x4b\xed\xc8\x07\x54\x1a\x52\xa2" + "\xa1\x10\xde\xb5\xf8\xed\xf3\x87", + .klen = 16, + .iv = "\x5a\xb7\x56\x6e\x98\xb9\xfd\x29" + "\xc1\x47\x0b\xda\xf6\xb6\x23\x09", + .assoc = "", + .alen = 0, + .input = "\xa9\x24\xa0\xb6\x2d\xdd\x29\xdb" + "\x40\xb3\x71\xc5\x22\x58\x31\x77" + "\x6d", + .ilen = 17, + .result = "\x79", + .rlen = 1, + }, { + .key = "\x88\x12\x01\xa6\x64\x96\xfb\xbe" + "\x22\xea\x90\x47\xf2\x11\xb5\x8e", + .klen = 16, + .iv = "\x97\xdb\x90\x0e\xa8\x35\xa5\x45" + "\x42\x21\xbd\x6b\xf0\xda\xe6\x0f", + .assoc = "", + .alen = 0, + .input = "\xbb\x0a\x53\xc4\xaa\x7e\xa4\x03" + "\x2b\xee\x62\x99\x7b\x98\x13\x1f" + "\xe0\x76\x4c\x2e\x53\x99\x4f\xbe" + "\xe1\xa8\x04\x7f\xe1\x71\xbe", + .ilen = 31, + .result = "\xb5\x6e\xad\xdd\x30\x72\xfa\x53" + "\x82\x8e\x16\xb4\xed\x6d\x47", + .rlen = 15, + }, { + .key = "\xc4\x37\x3b\x45\x74\x11\xa4\xda" + "\xa2\xc5\x42\xd8\xec\x36\x78\x94", + .klen = 16, + .iv = "\xd3\x00\xc9\xad\xb8\xb0\x4e\x61" + "\xc3\xfb\x6f\xfd\xea\xff\xa9\x15", + .assoc = "", + .alen = 0, + .input = "\x66\xdf\x6e\x71\xc0\x6e\xa4\x4c" + "\x9d\xb7\x8c\x9a\xdb\x1f\xd2\x2e" + "\x23\xb6\xa4\xfb\xd3\x86\xdd\xbb" + "\xde\x54\x9b\xf5\x92\x8b\x93\xc5", + .ilen = 32, + .result = "\xf2\x92\xe6\x7d\x40\xee\xa3\x6f" + "\x03\x68\xc8\x45\xe7\x91\x0a\x18", + .rlen = 16, + }, { + .key = "\x01\x5c\x75\xe5\x84\x8d\x4d\xf6" + "\x23\x9f\xf4\x6a\xe6\x5a\x3b\x9a", + .klen = 16, + .iv = "\x10\x25\x03\x4c\xc8\x2c\xf7\x7d" + "\x44\xd5\x21\x8e\xe4\x23\x6b\x1c", + .assoc = "", + .alen = 0, + .input = "\x4f\xc3\x69\xb6\xd3\xa4\x64\x8b" + "\x71\xc3\x8a\x91\x22\x4f\x1b\xd2" + "\x33\x6d\x86\xbc\xf8\x2f\x06\xf9" + "\x82\x64\xc7\x72\x00\x30\xfc\xf0" + "\xf8", + .ilen = 33, + .result = "\x2e\xb7\x20\x1c\x50\x6a\x4b\x8b" + "\x84\x42\x7a\xd7\xe1\xb5\xcd\x1f" + "\xd3", + .rlen = 17, + }, { + .key = "\x3d\x80\xae\x84\x94\x09\xf6\x12" + "\xa4\x79\xa6\xfb\xe0\x7f\xfd\xa0", + .klen = 16, + .iv = "\x4c\x49\x3d\xec\xd8\xa8\xa0\x98" + "\xc5\xb0\xd3\x1f\xde\x48\x2e\x22", + .assoc = "", + .alen = 0, + .input = "\xe3\x93\x15\xae\x5f\x9d\x3c\xb5" + "\xd6\x9d\xee\xee\xcf\xaa\xaf\xe1" + "\x45\x10\x96\xe0\xbf\x55\x0f\x4c" + "\x1a\xfd\xf4\xda\x4e\x10\xde\xc9" + "\x0e\x6f\xc7\x3c\x49\x94\x41\xfc" + "\x59\x28\x88\x3c\x79\x10\x6b", + .ilen = 47, + .result = "\x6b\xdc\x5a\xbb\x60\xe5\xf4\xa6" + "\x05\x1d\x2c\x68\xdb\xda\x8f\x25" + "\xfe\x8d\x45\x19\x1e\xc0\x0b\x99" + "\x88\x11\x39\x12\x1c\x3a\xbb", + .rlen = 31, + }, { + .key = "\x7a\xa5\xe8\x23\xa4\x84\x9e\x2d" + "\x25\x53\x58\x8c\xda\xa3\xc0\xa6", + .klen = 16, + .iv = "\x89\x6e\x77\x8b\xe8\x23\x49\xb4" + "\x45\x8a\x85\xb1\xd8\x6c\xf1\x28", + .assoc = "", + .alen = 0, + .input = "\x1c\x8e\x22\x34\xfd\xab\xe6\x0d" + "\x1c\x9f\x06\x54\x8b\x0b\xb4\x40" + "\xde\x11\x59\x3e\xfd\x74\xf6\x42" + "\x97\x17\xf7\x24\xb6\x7e\xc4\xc6" + "\x06\xa3\x94\xda\x3d\x7f\x55\x0a" + "\x92\x07\x2f\xa6\xf3\x6b\x2c\xfc", + .ilen = 48, + .result = "\xa7\x00\x93\x5b\x70\x61\x9d\xc2" + "\x86\xf7\xde\xfa\xd5\xfe\x52\x2b" + "\x28\x50\x51\x9d\x24\x60\x8d\xb3" + "\x49\x3e\x17\xea\xf6\x99\x5a\xdd", + .rlen = 32, + }, { + .key = "\xb6\xca\x22\xc3\xb4\x00\x47\x49" + "\xa6\x2d\x0a\x1e\xd4\xc7\x83\xad", + .klen = 16, + .iv = "\xc5\x93\xb0\x2a\xf8\x9f\xf1\xd0" + "\xc6\x64\x37\x42\xd2\x90\xb3\x2e", + .assoc = "\xd5", + .alen = 1, + .input = "\xa0\x2a\xb4\x9a\x91\x00\x15\xb8" + "\x0f\x9a\x15\x60\x0e\x9b\x13\x8f", + .ilen = 16, + .result = "", + .rlen = 0, + }, { + .key = "\xf3\xee\x5c\x62\xc4\x7c\xf0\x65" + "\x27\x08\xbd\xaf\xce\xec\x45\xb3", + .klen = 16, + .iv = "\x02\xb8\xea\xca\x09\x1b\x9a\xec" + "\x47\x3e\xe9\xd4\xcc\xb5\x76\x34", + .assoc = "\x11\x81\x78\x32\x4d\xb9\x44\x73" + "\x68\x75\x16\xf8\xcb\x7e\xa7", + .alen = 15, + .input = "\x4c\x26\xad\x9c\x14\xfd\x9c\x8c" + "\x84\xfb\x26\xfb\xd5\xca\x62\x39", + .ilen = 16, + .result = "", + .rlen = 0, + }, { + .key = "\x2f\x13\x95\x01\xd5\xf7\x99\x81" + "\xa8\xe2\x6f\x41\xc8\x10\x08\xb9", + .klen = 16, + .iv = "\x3f\xdc\x24\x69\x19\x96\x43\x08" + "\xc8\x18\x9b\x65\xc6\xd9\x39\x3b", + .assoc = "\x4e\xa5\xb2\xd1\x5d\x35\xed\x8f" + "\xe8\x4f\xc8\x89\xc5\xa2\x69\xbc", + .alen = 16, + .input = "\x45\x85\x0e\x0f\xf4\xae\x96\xa1" + "\x99\x4d\x6d\xb4\x67\x32\xb0\x3a", + .ilen = 16, + .result = "", + .rlen = 0, + }, { + .key = "\x6c\x38\xcf\xa1\xe5\x73\x41\x9d" + "\x29\xbc\x21\xd2\xc2\x35\xcb\xbf", + .klen = 16, + .iv = "\x7b\x01\x5d\x08\x29\x12\xec\x24" + "\x49\xf3\x4d\xf7\xc0\xfe\xfb\x41", + .assoc = "\x8a\xca\xec\x70\x6d\xb1\x96\xab" + "\x69\x29\x7a\x1b\xbf\xc7\x2c\xc2" + "\x07", + .alen = 17, + .input = "\x33\xb1\x42\x97\x8e\x16\x7b\x63" + "\x06\xba\x5b\xcb\xae\x6d\x8b\x56", + .ilen = 16, + .result = "", + .rlen = 0, + }, { + .key = "\xa8\x5c\x09\x40\xf5\xef\xea\xb8" + "\xaa\x96\xd3\x64\xbc\x59\x8d\xc6", + .klen = 16, + .iv = "\xb8\x26\x97\xa8\x39\x8e\x94\x3f" + "\xca\xcd\xff\x88\xba\x22\xbe\x47", + .assoc = "\xc7\xef\x26\x10\x7d\x2c\x3f\xc6" + "\xea\x03\x2c\xac\xb9\xeb\xef\xc9" + "\x31\x6b\x08\x12\xfc\xd8\x37\x2d" + "\xe0\x17\x3a\x2e\x83\x5c\x8f", + .alen = 31, + .input = "\xda\x44\x08\x8c\x2a\xa5\x07\x35" + "\x0b\x54\x4e\x6d\xe3\xfd\xc4\x5f", + .ilen = 16, + .result = "", + .rlen = 0, + }, { + .key = "\xe5\x81\x42\xdf\x05\x6a\x93\xd4" + "\x2b\x70\x85\xf5\xb6\x7d\x50\xcc", + .klen = 16, + .iv = "\xf4\x4a\xd1\x47\x49\x09\x3d\x5b" + "\x4b\xa7\xb1\x19\xb4\x46\x81\x4d", + .assoc = "\x03\x14\x5f\xaf\x8d\xa8\xe7\xe2" + "\x6b\xde\xde\x3e\xb3\x10\xb1\xcf" + "\x5c\x2d\x14\x96\x01\x78\xb9\x47" + "\xa1\x44\x19\x06\x5d\xbb\x2e\x2f", + .alen = 32, + .input = "\x1b\xb1\xf1\xa8\x9e\xc2\xb2\x88" + "\x40\x7f\x7b\x19\x7a\x52\x8c\xf0", + .ilen = 16, + .result = "", + .rlen = 0, + }, { + .key = "\x22\xa6\x7c\x7f\x15\xe6\x3c\xf0" + "\xac\x4b\x37\x86\xb0\xa2\x13\xd2", + .klen = 16, + .iv = "\x31\x6f\x0b\xe6\x59\x85\xe6\x77" + "\xcc\x81\x63\xab\xae\x6b\x43\x54", + .assoc = "\x40", + .alen = 1, + .input = "\x6e\xc8\xfb\x15\x9d\x98\x49\xc9" + "\xa0\x98\x09\x85\xbe\x56\x8e\x79" + "\xf4", + .ilen = 17, + .result = "\x4f", + .rlen = 1, + }, { + .key = "\x5e\xcb\xb6\x1e\x25\x62\xe4\x0c" + "\x2d\x25\xe9\x18\xaa\xc6\xd5\xd8", + .klen = 16, + .iv = "\x6d\x94\x44\x86\x69\x00\x8f\x93" + "\x4d\x5b\x15\x3c\xa8\x8f\x06\x5a", + .assoc = "\x7c\x5d\xd3\xee\xad\x9f\x39\x1a" + "\x6d\x92\x42\x61\xa7\x58\x37", + .alen = 15, + .input = "\x99\x2e\x84\x50\x64\x5c\xab\x29" + "\x20\xba\xb9\x2f\x62\x3a\xce\x2a" + "\x75\x25\x3b\xe3\x40\xe0\x1d\xfc" + "\x20\x63\x0b\x49\x7e\x97\x08", + .ilen = 31, + .result = "\x8b\x26\x61\x55\xf1\x3e\xe3\xa1" + "\x8d\xc8\x6e\x85\xa5\x21\x67", + .rlen = 15, + }, { + .key = "\x9b\xef\xf0\xbd\x35\xdd\x8d\x28" + "\xad\xff\x9b\xa9\xa4\xeb\x98\xdf", + .klen = 16, + .iv = "\xaa\xb8\x7e\x25\x79\x7c\x37\xaf" + "\xce\x36\xc7\xce\xa2\xb4\xc9\x60", + .assoc = "\xb9\x82\x0c\x8d\xbd\x1b\xe2\x36" + "\xee\x6c\xf4\xf2\xa1\x7d\xf9\xe2", + .alen = 16, + .input = "\xd9\x8e\xfd\x50\x8f\x02\x9f\xee" + "\x78\x08\x12\xec\x09\xaf\x53\x14" + "\x90\x3e\x3d\x76\xad\x71\x21\x08" + "\x77\xe5\x4b\x15\xc2\xe6\xbc\xdb", + .ilen = 32, + .result = "\xc8\x4b\x9b\xf5\x01\xba\x8c\xbd" + "\x0e\xa3\x21\x16\x9f\x46\x2a\x63", + .rlen = 16, + }, { + .key = "\xd7\x14\x29\x5d\x45\x59\x36\x44" + "\x2e\xd9\x4d\x3b\x9e\x0f\x5b\xe5", + .klen = 16, + .iv = "\xe6\xdd\xb8\xc4\x89\xf8\xe0\xca" + "\x4f\x10\x7a\x5f\x9c\xd8\x8b\x66", + .assoc = "\xf5\xa6\x46\x2c\xce\x97\x8a\x51" + "\x6f\x46\xa6\x83\x9b\xa1\xbc\xe8" + "\x05", + .alen = 17, + .input = "\xf3\xe7\x95\x86\xcf\x34\x95\x96" + "\x17\xfe\x1b\xae\x1b\x31\xf2\x1a" + "\xbd\xbc\xc9\x4e\x11\x29\x09\x5c" + "\x05\xd3\xb4\x2e\x4a\x74\x59\x49" + "\x7d", + .ilen = 33, + .result = "\x05\x70\xd5\x94\x12\x36\x35\xd8" + "\x8f\x7d\xd3\xa8\x99\x6a\xed\x69" + "\xd0", + .rlen = 17, + }, { + .key = "\x14\x39\x63\xfc\x56\xd5\xdf\x5f" + "\xaf\xb3\xff\xcc\x98\x33\x1d\xeb", + .klen = 16, + .iv = "\x23\x02\xf1\x64\x9a\x73\x89\xe6" + "\xd0\xea\x2c\xf1\x96\xfc\x4e\x6d", + .assoc = "\x32\xcb\x80\xcc\xde\x12\x33\x6d" + "\xf0\x20\x58\x15\x95\xc6\x7f\xee" + "\x2f\xf9\x4e\x2c\x1b\x98\x43\xc7" + "\x68\x28\x73\x40\x9f\x96\x4a", + .alen = 31, + .input = "\x06\x96\xb2\xbf\x63\xf4\x1e\x24" + "\x0d\x19\x15\x61\x65\x3b\x06\x26" + "\x71\xe8\x7e\x16\xdb\x96\x01\x01" + "\x52\xcd\x49\x5b\x07\x33\x4e\xe7" + "\xaa\x91\xf5\xd5\xc6\xfe\x41\xb5" + "\xed\x90\xce\xb9\xcd\xcc\xa1", + .ilen = 47, + .result = "\x41\x94\x0e\x33\x22\xb1\xdd\xf4" + "\x10\x57\x85\x39\x93\x8f\xaf\x70" + "\xfa\xa9\xd0\x4d\x5c\x40\x23\xcd" + "\x98\x34\xab\x37\x56\xae\x32", + .rlen = 31, + }, { + .key = "\x50\x5d\x9d\x9b\x66\x50\x88\x7b" + "\x30\x8e\xb1\x5e\x92\x58\xe0\xf1", + .klen = 16, + .iv = "\x5f\x27\x2b\x03\xaa\xef\x32\x02" + "\x50\xc4\xde\x82\x90\x21\x11\x73", + .assoc = "\x6e\xf0\xba\x6b\xee\x8e\xdc\x89" + "\x71\xfb\x0a\xa6\x8f\xea\x41\xf4" + "\x5a\xbb\x59\xb0\x20\x38\xc5\xe0" + "\x29\x56\x52\x19\x79\xf5\xe9\x37", + .alen = 32, + .input = "\xf9\xd7\xee\x17\xfd\x24\xcd\xf1" + "\xbc\x0f\x35\x97\x97\x0c\x4b\x18" + "\xce\x58\xc8\x3b\xd4\x85\x93\x79" + "\xcc\x9c\xea\xc1\x73\x13\x0b\x4c" + "\xcc\x6f\x28\xf8\xa4\x4e\xb8\x56" + "\x64\x4e\x47\xce\xb2\xb4\x92\xb4", + .ilen = 48, + .result = "\x7e\xb9\x48\xd3\x32\x2d\x86\x10" + "\x91\x31\x37\xcb\x8d\xb3\x72\x76" + "\x24\x6b\xdc\xd1\x61\xe0\xa5\xe7" + "\x5a\x61\x8a\x0f\x30\x0d\xd1\xec", + .rlen = 32, + }, { + .key = "\x8d\x82\xd6\x3b\x76\xcc\x30\x97" + "\xb1\x68\x63\xef\x8c\x7c\xa3\xf7", + .klen = 16, + .iv = "\x9c\x4b\x65\xa2\xba\x6b\xdb\x1e" + "\xd1\x9e\x90\x13\x8a\x45\xd3\x79", + .assoc = "\xab\x14\xf3\x0a\xfe\x0a\x85\xa5" + "\xf2\xd5\xbc\x38\x89\x0e\x04\xfb" + "\x84\x7d\x65\x34\x25\xd8\x47\xfa" + "\xeb\x83\x31\xf1\x54\x54\x89\x0d" + "\x9d", + .alen = 33, + .input = "\x58\xfa\x3a\x3d\xd9\x88\x63\xe8" + "\xc5\x78\x50\x8b\x4a\xc9\xdf\x7f" + "\x4b\xfa\xc8\x2e\x67\x43\xf3\x63" + "\x42\x8e\x99\x5a\x9c\x0b\x84\x77" + "\xbc\x46\x76\x48\x82\xc7\x57\x96" + "\xe1\x65\xd1\xed\x1d\xdd\x80\x24" + "\xa6\x4d\xa9\xf1\x53\x8b\x5e\x0e" + "\x26\xb9\xcc\x37\xe5\x43\xe1\x5a" + "\x8a\xd6\x8c\x5a\xe4\x95\xd1\x8d" + "\xf7\x33\x64\xc1\xd3\xf2\xfc\x35" + "\x01", + .ilen = 81, + .result = "\xba\xde\x82\x72\x42\xa9\x2f\x2c" + "\x12\x0b\xe9\x5c\x87\xd7\x35\x7c" + "\x4f\x2e\xe8\x55\x66\x80\x27\x00" + "\x1b\x8f\x68\xe7\x0a\x6c\x71\xc3" + "\x21\x78\x55\x9d\x9c\x65\x7b\xcd" + "\x0a\x34\x97\xff\x47\x37\xb0\x2a" + "\x80\x0d\x19\x98\x33\xa9\x7a\xe3" + "\x2e\x4c\xc6\xf3\x8c\x88\x42\x01" + "\xbd", + .rlen = 65, + }, { + .key = "\xc9\xa7\x10\xda\x86\x48\xd9\xb3" + "\x32\x42\x15\x80\x85\xa1\x65\xfe", + .klen = 16, + .iv = "\xd8\x70\x9f\x42\xca\xe6\x83\x3a" + "\x52\x79\x42\xa5\x84\x6a\x96\x7f", + .assoc = "\xe8\x39\x2d\xaa\x0e\x85\x2d\xc1" + "\x72\xaf\x6e\xc9\x82\x33\xc7\x01" + "\xaf\x40\x70\xb8\x2a\x78\xc9\x14" + "\xac\xb1\x10\xca\x2e\xb3\x28\xe4" + "\xac\xfa\x58\x7f\xe5\x73\x09\x8c" + "\x1d\x40\x87\x8c\xd9\x75\xc0\x55" + "\xa2\xda\x07\xd1\xc2\xa9\xd1\xbb" + "\x09\x4f\x77\x62\x88\x2d\xf2\x68" + "\x54", + .alen = 65, + .input = "\x4c\xa9\xac\x71\xed\x10\xa6\x24" + "\xb7\xa7\xdf\x8b\xf5\xc2\x41\xcb" + "\x05\xc9\xd6\x97\xb6\x10\x7f\x17" + "\xc2\xc0\x93\xcf\xe0\x94\xfd\x99" + "\xf2\x62\x25\x28\x01\x23\x6f\x8b" + "\x04\x52\xbc\xb0\x3e\x66\x52\x90" + "\x9f", + .ilen = 49, + .result = "\xf7\x02\xbb\x11\x52\x24\xd8\x48" + "\x93\xe6\x9b\xee\x81\xfc\xf7\x82" + "\x79\xf0\xf3\xd9\x6c\x20\xa9\x1a" + "\xdc\xbc\x47\xc0\xe4\xcb\x10\x99" + "\x2f", + .rlen = 33, + }, { + .key = "\x06\xcc\x4a\x79\x96\xc3\x82\xcf" + "\xb3\x1c\xc7\x12\x7f\xc5\x28\x04", + .klen = 16, + .iv = "\x15\x95\xd8\xe1\xda\x62\x2c\x56" + "\xd3\x53\xf4\x36\x7e\x8e\x59\x85", + .assoc = "\x24\x5e\x67\x49\x1e\x01\xd6\xdd" + "\xf3\x89\x20\x5b\x7c\x57\x89\x07", + .alen = 16, + .input = "\x6d\xed\x04\x7a\x2f\x0c\x30\xa5" + "\x96\xe6\x97\xe4\x10\xeb\x40\x95" + "\xc5\x9a\xdf\x31\xd5\xa5\xa6\xec" + "\x05\xa8\x31\x50\x11\x19\x44", + .ilen = 31, + .result = "\x33\x27\xf5\xb1\x62\xa0\x80\x63" + "\x14\xc0\x4d\x7f\x7b\x20\xba\x89", + .rlen = 16, + }, { + .key = "\x42\xf0\x84\x19\xa6\x3f\x2b\xea" + "\x34\xf6\x79\xa3\x79\xe9\xeb\x0a", + .klen = 16, + .iv = "\x51\xb9\x12\x80\xea\xde\xd5\x71" + "\x54\x2d\xa6\xc8\x78\xb2\x1b\x8c", + .assoc = "\x61\x83\xa0\xe8\x2e\x7d\x7f\xf8" + "\x74\x63\xd2\xec\x76\x7c\x4c\x0d", + .alen = 16, + .input = "\x30\x95\x7d\xea\xdc\x62\xc0\x88" + "\xa1\xe3\x8d\x8c\xac\x04\x10\xa7" + "\xfa\xfa\x07\xbd\xa0\xf0\x36\xeb" + "\x21\x93\x2e\x31\x84\x83", + .ilen = 30, + .result = "\x70\x4c\x2f\x50\x72\x1c\x29\x7f" + "\x95\x9a\xff\x10\x75\x45\x7d\x8f", + .rlen = 16, + }, { + .key = "\x7f\x15\xbd\xb8\xb6\xba\xd3\x06" + "\xb5\xd1\x2b\x35\x73\x0e\xad\x10", + .klen = 16, + .iv = "\x8e\xde\x4c\x20\xfa\x59\x7e\x8d" + "\xd5\x07\x58\x59\x72\xd7\xde\x92", + .assoc = "\x9d\xa7\xda\x88\x3e\xf8\x28\x14" + "\xf5\x3e\x85\x7d\x70\xa0\x0f\x13", + .alen = 16, + .input = "\x93\xcd\xee\xd4\xcb\x9d\x8d\x16" + "\x63\x0d\x43\xd5\x49\xca\xa8\x85" + "\x49\xc0\xae\x13\xbc\x26\x1d\x4b", + .ilen = 24, + .result = "\xac\x70\x69\xef\x82\x97\xd2\x9b" + "\x15\x74\xb1\xa2\x6f\x69\x3f\x95", + .rlen = 16, + }, +}; + +/* + * AEGIS-256 test vectors - generated via reference implementation from + * SUPERCOP (https://bench.cr.yp.to/supercop.html): + * + * https://bench.cr.yp.to/supercop/supercop-20170228.tar.xz + * (see crypto_aead/aegis256/) + */ +static const struct aead_testvec aegis256_enc_tv_template[] = { + { + .key = "\x0f\xc9\x8e\x67\x44\x9e\xaa\x86" + "\x20\x36\x2c\x24\xfe\xc9\x30\x81" + "\xca\xb0\x82\x21\x41\xa8\xe0\x06" + "\x30\x0b\x37\xf6\xb6\x17\xe7\xb5", + .klen = 32, + .iv = "\x1e\x92\x1c\xcf\x88\x3d\x54\x0d" + "\x40\x6d\x59\x48\xfc\x92\x61\x03" + "\x95\x61\x05\x42\x82\x50\xc0\x0c" + "\x60\x16\x6f\xec\x6d\x2f\xcf\x6b", + .assoc = "", + .alen = 0, + .input = "", + .ilen = 0, + .result = "\xd5\x65\x3a\xa9\x03\x51\xd7\xaa" + "\xfa\x4b\xd8\xa2\x41\x9b\xc1\xb2", + .rlen = 16, + }, { + .key = "\x4b\xed\xc8\x07\x54\x1a\x52\xa2" + "\xa1\x10\xde\xb5\xf8\xed\xf3\x87" + "\xf4\x72\x8e\xa5\x46\x48\x62\x20" + "\xf1\x38\x16\xce\x90\x76\x87\x8c", + .klen = 32, + .iv = "\x5a\xb7\x56\x6e\x98\xb9\xfd\x29" + "\xc1\x47\x0b\xda\xf6\xb6\x23\x09" + "\xbf\x23\x11\xc6\x87\xf0\x42\x26" + "\x22\x44\x4e\xc4\x47\x8e\x6e\x41", + .assoc = "", + .alen = 0, + .input = "\x79", + .ilen = 1, + .result = "\x84\xa2\x8f\xad\xdb\x8d\x2c\x16" + "\x9e\x89\xd9\x06\xa6\xa8\x14\x29" + "\x8b", + .rlen = 17, + }, { + .key = "\x88\x12\x01\xa6\x64\x96\xfb\xbe" + "\x22\xea\x90\x47\xf2\x11\xb5\x8e" + "\x1f\x35\x9a\x29\x4b\xe8\xe4\x39" + "\xb3\x66\xf5\xa6\x6a\xd5\x26\x62", + .klen = 32, + .iv = "\x97\xdb\x90\x0e\xa8\x35\xa5\x45" + "\x42\x21\xbd\x6b\xf0\xda\xe6\x0f" + "\xe9\xe5\x1d\x4a\x8c\x90\xc4\x40" + "\xe3\x71\x2d\x9c\x21\xed\x0e\x18", + .assoc = "", + .alen = 0, + .input = "\xb5\x6e\xad\xdd\x30\x72\xfa\x53" + "\x82\x8e\x16\xb4\xed\x6d\x47", + .ilen = 15, + .result = "\x09\x94\x1f\xa6\x13\xc3\x74\x75" + "\x17\xad\x8a\x0e\xd8\x66\x9a\x28" + "\xd7\x30\x66\x09\x2a\xdc\xfa\x2a" + "\x9f\x3b\xd7\xdd\x66\xd1\x2b", + .rlen = 31, + }, { + .key = "\xc4\x37\x3b\x45\x74\x11\xa4\xda" + "\xa2\xc5\x42\xd8\xec\x36\x78\x94" + "\x49\xf7\xa5\xad\x50\x88\x66\x53" + "\x74\x94\xd4\x7f\x44\x34\xc5\x39", + .klen = 32, + .iv = "\xd3\x00\xc9\xad\xb8\xb0\x4e\x61" + "\xc3\xfb\x6f\xfd\xea\xff\xa9\x15" + "\x14\xa8\x28\xce\x92\x30\x46\x59" + "\xa4\x9f\x0b\x75\xfb\x4c\xad\xee", + .assoc = "", + .alen = 0, + .input = "\xf2\x92\xe6\x7d\x40\xee\xa3\x6f" + "\x03\x68\xc8\x45\xe7\x91\x0a\x18", + .ilen = 16, + .result = "\x8a\x46\xa2\x22\x8c\x03\xab\x6f" + "\x54\x63\x4e\x7f\xc9\x8e\xfa\x70" + "\x7b\xe5\x8d\x78\xbc\xe9\xb6\xa1" + "\x29\x17\xc8\x3b\x52\xa4\x98\x72", + .rlen = 32, + }, { + .key = "\x01\x5c\x75\xe5\x84\x8d\x4d\xf6" + "\x23\x9f\xf4\x6a\xe6\x5a\x3b\x9a" + "\x74\xb9\xb1\x32\x55\x28\xe8\x6d" + "\x35\xc1\xb3\x57\x1f\x93\x64\x0f", + .klen = 32, + .iv = "\x10\x25\x03\x4c\xc8\x2c\xf7\x7d" + "\x44\xd5\x21\x8e\xe4\x23\x6b\x1c" + "\x3e\x6a\x34\x53\x97\xd0\xc8\x73" + "\x66\xcd\xea\x4d\xd5\xab\x4c\xc5", + .assoc = "", + .alen = 0, + .input = "\x2e\xb7\x20\x1c\x50\x6a\x4b\x8b" + "\x84\x42\x7a\xd7\xe1\xb5\xcd\x1f" + "\xd3", + .ilen = 17, + .result = "\x71\x6b\x37\x0b\x02\x61\x28\x12" + "\x83\xab\x66\x90\x84\xc7\xd1\xc5" + "\xb2\x7a\xb4\x7b\xb4\xfe\x02\xb2" + "\xc0\x00\x39\x13\xb5\x51\x68\x44" + "\xad", + .rlen = 33, + }, { + .key = "\x3d\x80\xae\x84\x94\x09\xf6\x12" + "\xa4\x79\xa6\xfb\xe0\x7f\xfd\xa0" + "\x9e\x7c\xbc\xb6\x5b\xc8\x6a\x86" + "\xf7\xef\x91\x30\xf9\xf2\x04\xe6", + .klen = 32, + .iv = "\x4c\x49\x3d\xec\xd8\xa8\xa0\x98" + "\xc5\xb0\xd3\x1f\xde\x48\x2e\x22" + "\x69\x2c\x3f\xd7\x9c\x70\x4a\x8d" + "\x27\xfa\xc9\x26\xaf\x0a\xeb\x9c", + .assoc = "", + .alen = 0, + .input = "\x6b\xdc\x5a\xbb\x60\xe5\xf4\xa6" + "\x05\x1d\x2c\x68\xdb\xda\x8f\x25" + "\xfe\x8d\x45\x19\x1e\xc0\x0b\x99" + "\x88\x11\x39\x12\x1c\x3a\xbb", + .ilen = 31, + .result = "\xaf\xa4\x34\x0d\x59\xe6\x1c\x2f" + "\x06\x3b\x52\x18\x49\x75\x1b\xf0" + "\x53\x09\x72\x7b\x45\x79\xe0\xbe" + "\x89\x85\x23\x15\xb8\x79\x07\x4c" + "\x53\x7a\x15\x37\x0a\xee\xb7\xfb" + "\xc4\x1f\x12\x27\xcf\x77\x90", + .rlen = 47, + }, { + .key = "\x7a\xa5\xe8\x23\xa4\x84\x9e\x2d" + "\x25\x53\x58\x8c\xda\xa3\xc0\xa6" + "\xc8\x3e\xc8\x3a\x60\x68\xec\xa0" + "\xb8\x1c\x70\x08\xd3\x51\xa3\xbd", + .klen = 32, + .iv = "\x89\x6e\x77\x8b\xe8\x23\x49\xb4" + "\x45\x8a\x85\xb1\xd8\x6c\xf1\x28" + "\x93\xef\x4b\x5b\xa1\x10\xcc\xa6" + "\xe8\x28\xa8\xfe\x89\x69\x8b\x72", + .assoc = "", + .alen = 0, + .input = "\xa7\x00\x93\x5b\x70\x61\x9d\xc2" + "\x86\xf7\xde\xfa\xd5\xfe\x52\x2b" + "\x28\x50\x51\x9d\x24\x60\x8d\xb3" + "\x49\x3e\x17\xea\xf6\x99\x5a\xdd", + .ilen = 32, + .result = "\xe2\xc9\x0b\x33\x31\x02\xb3\xb4" + "\x33\xfe\xeb\xa8\xb7\x9b\xb2\xd7" + "\xeb\x0f\x05\x2b\xba\xb3\xca\xef" + "\xf6\xd1\xb6\xc0\xb9\x9b\x85\xc5" + "\xbf\x7a\x3e\xcc\x31\x76\x09\x80" + "\x32\x5d\xbb\xe8\x38\x0e\x77\xd3", + .rlen = 48, + }, { + .key = "\xb6\xca\x22\xc3\xb4\x00\x47\x49" + "\xa6\x2d\x0a\x1e\xd4\xc7\x83\xad" + "\xf3\x00\xd4\xbf\x65\x08\x6e\xb9" + "\x7a\x4a\x4f\xe0\xad\xb0\x42\x93", + .klen = 32, + .iv = "\xc5\x93\xb0\x2a\xf8\x9f\xf1\xd0" + "\xc6\x64\x37\x42\xd2\x90\xb3\x2e" + "\xbd\xb1\x57\xe0\xa6\xb0\x4e\xc0" + "\xaa\x55\x87\xd6\x63\xc8\x2a\x49", + .assoc = "\xd5", + .alen = 1, + .input = "", + .ilen = 0, + .result = "\x96\x43\x30\xca\x6c\x4f\xd7\x12" + "\xba\xd9\xb3\x18\x86\xdf\xc3\x52", + .rlen = 16, + }, { + .key = "\xf3\xee\x5c\x62\xc4\x7c\xf0\x65" + "\x27\x08\xbd\xaf\xce\xec\x45\xb3" + "\x1d\xc3\xdf\x43\x6a\xa8\xf0\xd3" + "\x3b\x77\x2e\xb9\x87\x0f\xe1\x6a", + .klen = 32, + .iv = "\x02\xb8\xea\xca\x09\x1b\x9a\xec" + "\x47\x3e\xe9\xd4\xcc\xb5\x76\x34" + "\xe8\x73\x62\x64\xab\x50\xd0\xda" + "\x6b\x83\x66\xaf\x3e\x27\xc9\x1f", + .assoc = "\x11\x81\x78\x32\x4d\xb9\x44\x73" + "\x68\x75\x16\xf8\xcb\x7e\xa7", + .alen = 15, + .input = "", + .ilen = 0, + .result = "\x2f\xab\x45\xe2\xa7\x46\xc5\x83" + "\x11\x9f\xb0\x74\xee\xc7\x03\xdd", + .rlen = 16, + }, { + .key = "\x2f\x13\x95\x01\xd5\xf7\x99\x81" + "\xa8\xe2\x6f\x41\xc8\x10\x08\xb9" + "\x47\x85\xeb\xc7\x6f\x48\x72\xed" + "\xfc\xa5\x0d\x91\x61\x6e\x81\x40", + .klen = 32, + .iv = "\x3f\xdc\x24\x69\x19\x96\x43\x08" + "\xc8\x18\x9b\x65\xc6\xd9\x39\x3b" + "\x12\x35\x6e\xe8\xb0\xf0\x52\xf3" + "\x2d\xb0\x45\x87\x18\x86\x68\xf6", + .assoc = "\x4e\xa5\xb2\xd1\x5d\x35\xed\x8f" + "\xe8\x4f\xc8\x89\xc5\xa2\x69\xbc", + .alen = 16, + .input = "", + .ilen = 0, + .result = "\x16\x44\x73\x33\x5d\xf2\xb9\x04" + "\x6b\x79\x98\xef\xdb\xd5\xc5\xf1", + .rlen = 16, + }, { + .key = "\x6c\x38\xcf\xa1\xe5\x73\x41\x9d" + "\x29\xbc\x21\xd2\xc2\x35\xcb\xbf" + "\x72\x47\xf6\x4b\x74\xe8\xf4\x06" + "\xbe\xd3\xec\x6a\x3b\xcd\x20\x17", + .klen = 32, + .iv = "\x7b\x01\x5d\x08\x29\x12\xec\x24" + "\x49\xf3\x4d\xf7\xc0\xfe\xfb\x41" + "\x3c\xf8\x79\x6c\xb6\x90\xd4\x0d" + "\xee\xde\x23\x60\xf2\xe5\x08\xcc", + .assoc = "\x8a\xca\xec\x70\x6d\xb1\x96\xab" + "\x69\x29\x7a\x1b\xbf\xc7\x2c\xc2" + "\x07", + .alen = 17, + .input = "", + .ilen = 0, + .result = "\xa4\x9b\xb8\x47\xc0\xed\x7a\x45" + "\x98\x54\x8c\xed\x3d\x17\xf0\xdd", + .rlen = 16, + }, { + .key = "\xa8\x5c\x09\x40\xf5\xef\xea\xb8" + "\xaa\x96\xd3\x64\xbc\x59\x8d\xc6" + "\x9c\x0a\x02\xd0\x79\x88\x76\x20" + "\x7f\x00\xca\x42\x15\x2c\xbf\xed", + .klen = 32, + .iv = "\xb8\x26\x97\xa8\x39\x8e\x94\x3f" + "\xca\xcd\xff\x88\xba\x22\xbe\x47" + "\x67\xba\x85\xf1\xbb\x30\x56\x26" + "\xaf\x0b\x02\x38\xcc\x44\xa7\xa3", + .assoc = "\xc7\xef\x26\x10\x7d\x2c\x3f\xc6" + "\xea\x03\x2c\xac\xb9\xeb\xef\xc9" + "\x31\x6b\x08\x12\xfc\xd8\x37\x2d" + "\xe0\x17\x3a\x2e\x83\x5c\x8f", + .alen = 31, + .input = "", + .ilen = 0, + .result = "\x20\x24\xe2\x33\x5c\x60\xc9\xf0" + "\xa4\x96\x2f\x0d\x53\xc2\xf8\xfc", + .rlen = 16, + }, { + .key = "\xe5\x81\x42\xdf\x05\x6a\x93\xd4" + "\x2b\x70\x85\xf5\xb6\x7d\x50\xcc" + "\xc6\xcc\x0e\x54\x7f\x28\xf8\x3a" + "\x40\x2e\xa9\x1a\xf0\x8b\x5e\xc4", + .klen = 32, + .iv = "\xf4\x4a\xd1\x47\x49\x09\x3d\x5b" + "\x4b\xa7\xb1\x19\xb4\x46\x81\x4d" + "\x91\x7c\x91\x75\xc0\xd0\xd8\x40" + "\x71\x39\xe1\x10\xa6\xa3\x46\x7a", + .assoc = "\x03\x14\x5f\xaf\x8d\xa8\xe7\xe2" + "\x6b\xde\xde\x3e\xb3\x10\xb1\xcf" + "\x5c\x2d\x14\x96\x01\x78\xb9\x47" + "\xa1\x44\x19\x06\x5d\xbb\x2e\x2f", + .alen = 32, + .input = "", + .ilen = 0, + .result = "\x6f\x4a\xb9\xe0\xff\x51\xa3\xf1" + "\xd2\x64\x3e\x66\x6a\xb2\x03\xc0", + .rlen = 16, + }, { + .key = "\x22\xa6\x7c\x7f\x15\xe6\x3c\xf0" + "\xac\x4b\x37\x86\xb0\xa2\x13\xd2" + "\xf1\x8e\x19\xd8\x84\xc8\x7a\x53" + "\x02\x5b\x88\xf3\xca\xea\xfe\x9b", + .klen = 32, + .iv = "\x31\x6f\x0b\xe6\x59\x85\xe6\x77" + "\xcc\x81\x63\xab\xae\x6b\x43\x54" + "\xbb\x3f\x9c\xf9\xc5\x70\x5a\x5a" + "\x32\x67\xc0\xe9\x80\x02\xe5\x50", + .assoc = "\x40", + .alen = 1, + .input = "\x4f", + .ilen = 1, + .result = "\x2c\xfb\xad\x7e\xbe\xa0\x9a\x5b" + "\x7a\x3f\x81\xf7\xfc\x1b\x79\x83" + "\xc7", + .rlen = 17, + }, { + .key = "\x5e\xcb\xb6\x1e\x25\x62\xe4\x0c" + "\x2d\x25\xe9\x18\xaa\xc6\xd5\xd8" + "\x1b\x50\x25\x5d\x89\x68\xfc\x6d" + "\xc3\x89\x67\xcb\xa4\x49\x9d\x71", + .klen = 32, + .iv = "\x6d\x94\x44\x86\x69\x00\x8f\x93" + "\x4d\x5b\x15\x3c\xa8\x8f\x06\x5a" + "\xe6\x01\xa8\x7e\xca\x10\xdc\x73" + "\xf4\x94\x9f\xc1\x5a\x61\x85\x27", + .assoc = "\x7c\x5d\xd3\xee\xad\x9f\x39\x1a" + "\x6d\x92\x42\x61\xa7\x58\x37", + .alen = 15, + .input = "\x8b\x26\x61\x55\xf1\x3e\xe3\xa1" + "\x8d\xc8\x6e\x85\xa5\x21\x67", + .ilen = 15, + .result = "\x1f\x7f\xca\x3c\x2b\xe7\x27\xba" + "\x7e\x98\x83\x02\x34\x23\xf7\x94" + "\xde\x35\xe6\x1d\x14\x18\xe5\x38" + "\x14\x80\x6a\xa7\x1b\xae\x1d", + .rlen = 31, + }, { + .key = "\x9b\xef\xf0\xbd\x35\xdd\x8d\x28" + "\xad\xff\x9b\xa9\xa4\xeb\x98\xdf" + "\x46\x13\x31\xe1\x8e\x08\x7e\x87" + "\x85\xb6\x46\xa3\x7e\xa8\x3c\x48", + .klen = 32, + .iv = "\xaa\xb8\x7e\x25\x79\x7c\x37\xaf" + "\xce\x36\xc7\xce\xa2\xb4\xc9\x60" + "\x10\xc3\xb3\x02\xcf\xb0\x5e\x8d" + "\xb5\xc2\x7e\x9a\x35\xc0\x24\xfd", + .assoc = "\xb9\x82\x0c\x8d\xbd\x1b\xe2\x36" + "\xee\x6c\xf4\xf2\xa1\x7d\xf9\xe2", + .alen = 16, + .input = "\xc8\x4b\x9b\xf5\x01\xba\x8c\xbd" + "\x0e\xa3\x21\x16\x9f\x46\x2a\x63", + .ilen = 16, + .result = "\x05\x86\x9e\xd7\x2b\xa3\x97\x01" + "\xbe\x28\x98\x10\x6f\xe9\x61\x32" + "\x96\xbb\xb1\x2e\x8f\x0c\x44\xb9" + "\x46\x2d\x55\xe3\x42\x67\xf2\xaf", + .rlen = 32, + }, { + .key = "\xd7\x14\x29\x5d\x45\x59\x36\x44" + "\x2e\xd9\x4d\x3b\x9e\x0f\x5b\xe5" + "\x70\xd5\x3c\x65\x93\xa8\x00\xa0" + "\x46\xe4\x25\x7c\x58\x08\xdb\x1e", + .klen = 32, + .iv = "\xe6\xdd\xb8\xc4\x89\xf8\xe0\xca" + "\x4f\x10\x7a\x5f\x9c\xd8\x8b\x66" + "\x3b\x86\xbf\x86\xd4\x50\xe0\xa7" + "\x76\xef\x5c\x72\x0f\x1f\xc3\xd4", + .assoc = "\xf5\xa6\x46\x2c\xce\x97\x8a\x51" + "\x6f\x46\xa6\x83\x9b\xa1\xbc\xe8" + "\x05", + .alen = 17, + .input = "\x05\x70\xd5\x94\x12\x36\x35\xd8" + "\x8f\x7d\xd3\xa8\x99\x6a\xed\x69" + "\xd0", + .ilen = 17, + .result = "\x9c\xe0\x06\x7b\x86\xcf\x2e\xd8" + "\x45\x65\x1b\x72\x9b\xaa\xa3\x1e" + "\x87\x9d\x26\xdf\xff\x81\x11\xd2" + "\x47\x41\xb9\x24\xc1\x8a\xa3\x8b" + "\x55", + .rlen = 33, + }, { + .key = "\x14\x39\x63\xfc\x56\xd5\xdf\x5f" + "\xaf\xb3\xff\xcc\x98\x33\x1d\xeb" + "\x9a\x97\x48\xe9\x98\x48\x82\xba" + "\x07\x11\x04\x54\x32\x67\x7b\xf5", + .klen = 32, + .iv = "\x23\x02\xf1\x64\x9a\x73\x89\xe6" + "\xd0\xea\x2c\xf1\x96\xfc\x4e\x6d" + "\x65\x48\xcb\x0a\xda\xf0\x62\xc0" + "\x38\x1d\x3b\x4a\xe9\x7e\x62\xaa", + .assoc = "\x32\xcb\x80\xcc\xde\x12\x33\x6d" + "\xf0\x20\x58\x15\x95\xc6\x7f\xee" + "\x2f\xf9\x4e\x2c\x1b\x98\x43\xc7" + "\x68\x28\x73\x40\x9f\x96\x4a", + .alen = 31, + .input = "\x41\x94\x0e\x33\x22\xb1\xdd\xf4" + "\x10\x57\x85\x39\x93\x8f\xaf\x70" + "\xfa\xa9\xd0\x4d\x5c\x40\x23\xcd" + "\x98\x34\xab\x37\x56\xae\x32", + .ilen = 31, + .result = "\xa0\xc8\xde\x83\x0d\xc3\x4e\xd5" + "\x69\x7f\x7a\xdd\x8c\x46\xda\xba" + "\x0a\x5c\x0e\x7f\xac\xee\x02\xd2" + "\xe5\x4b\x0a\xba\xb8\xa4\x7b\x66" + "\xde\xae\xdb\xc2\xc0\x0b\xf7\x2b" + "\xdf\xb8\xea\xd8\xa9\x38\xed", + .rlen = 47, + }, { + .key = "\x50\x5d\x9d\x9b\x66\x50\x88\x7b" + "\x30\x8e\xb1\x5e\x92\x58\xe0\xf1" + "\xc5\x5a\x53\x6e\x9d\xe8\x04\xd4" + "\xc9\x3f\xe2\x2d\x0c\xc6\x1a\xcb", + .klen = 32, + .iv = "\x5f\x27\x2b\x03\xaa\xef\x32\x02" + "\x50\xc4\xde\x82\x90\x21\x11\x73" + "\x8f\x0a\xd6\x8f\xdf\x90\xe4\xda" + "\xf9\x4a\x1a\x23\xc3\xdd\x02\x81", + .assoc = "\x6e\xf0\xba\x6b\xee\x8e\xdc\x89" + "\x71\xfb\x0a\xa6\x8f\xea\x41\xf4" + "\x5a\xbb\x59\xb0\x20\x38\xc5\xe0" + "\x29\x56\x52\x19\x79\xf5\xe9\x37", + .alen = 32, + .input = "\x7e\xb9\x48\xd3\x32\x2d\x86\x10" + "\x91\x31\x37\xcb\x8d\xb3\x72\x76" + "\x24\x6b\xdc\xd1\x61\xe0\xa5\xe7" + "\x5a\x61\x8a\x0f\x30\x0d\xd1\xec", + .ilen = 32, + .result = "\xd3\x68\x14\x70\x3c\x01\x43\x86" + "\x02\xab\xbe\x75\xaa\xe7\xf5\x53" + "\x5c\x05\xbd\x9b\x19\xbb\x2a\x61" + "\x8f\x69\x05\x75\x8e\xca\x60\x0c" + "\x5b\xa2\x48\x61\x32\x74\x11\x2b" + "\xf6\xcf\x06\x78\x6f\x78\x1a\x4a", + .rlen = 48, + }, { + .key = "\x8d\x82\xd6\x3b\x76\xcc\x30\x97" + "\xb1\x68\x63\xef\x8c\x7c\xa3\xf7" + "\xef\x1c\x5f\xf2\xa3\x88\x86\xed" + "\x8a\x6d\xc1\x05\xe7\x25\xb9\xa2", + .klen = 32, + .iv = "\x9c\x4b\x65\xa2\xba\x6b\xdb\x1e" + "\xd1\x9e\x90\x13\x8a\x45\xd3\x79" + "\xba\xcd\xe2\x13\xe4\x30\x66\xf4" + "\xba\x78\xf9\xfb\x9d\x3c\xa1\x58", + .assoc = "\xab\x14\xf3\x0a\xfe\x0a\x85\xa5" + "\xf2\xd5\xbc\x38\x89\x0e\x04\xfb" + "\x84\x7d\x65\x34\x25\xd8\x47\xfa" + "\xeb\x83\x31\xf1\x54\x54\x89\x0d" + "\x9d", + .alen = 33, + .input = "\xba\xde\x82\x72\x42\xa9\x2f\x2c" + "\x12\x0b\xe9\x5c\x87\xd7\x35\x7c" + "\x4f\x2e\xe8\x55\x66\x80\x27\x00" + "\x1b\x8f\x68\xe7\x0a\x6c\x71\xc3" + "\x21\x78\x55\x9d\x9c\x65\x7b\xcd" + "\x0a\x34\x97\xff\x47\x37\xb0\x2a" + "\x80\x0d\x19\x98\x33\xa9\x7a\xe3" + "\x2e\x4c\xc6\xf3\x8c\x88\x42\x01" + "\xbd", + .ilen = 65, + .result = "\x07\x0a\x35\xb0\x82\x03\x5a\xd2" + "\x15\x3a\x6c\x72\x83\x9b\xb1\x75" + "\xea\xf2\xfc\xff\xc6\xf1\x13\xa4" + "\x1a\x93\x33\x79\x97\x82\x81\xc0" + "\x96\xc2\x00\xab\x39\xae\xa1\x62" + "\x53\xa3\x86\xc9\x07\x8c\xaf\x22" + "\x47\x31\x29\xca\x4a\x95\xf5\xd5" + "\x20\x63\x5a\x54\x80\x2c\x4a\x63" + "\xfb\x18\x73\x31\x4f\x08\x21\x5d" + "\x20\xe9\xc3\x7e\xea\x25\x77\x3a" + "\x65", + .rlen = 81, + }, { + .key = "\xc9\xa7\x10\xda\x86\x48\xd9\xb3" + "\x32\x42\x15\x80\x85\xa1\x65\xfe" + "\x19\xde\x6b\x76\xa8\x28\x08\x07" + "\x4b\x9a\xa0\xdd\xc1\x84\x58\x79", + .klen = 32, + .iv = "\xd8\x70\x9f\x42\xca\xe6\x83\x3a" + "\x52\x79\x42\xa5\x84\x6a\x96\x7f" + "\xe4\x8f\xed\x97\xe9\xd0\xe8\x0d" + "\x7c\xa6\xd8\xd4\x77\x9b\x40\x2e", + .assoc = "\xe8\x39\x2d\xaa\x0e\x85\x2d\xc1" + "\x72\xaf\x6e\xc9\x82\x33\xc7\x01" + "\xaf\x40\x70\xb8\x2a\x78\xc9\x14" + "\xac\xb1\x10\xca\x2e\xb3\x28\xe4" + "\xac\xfa\x58\x7f\xe5\x73\x09\x8c" + "\x1d\x40\x87\x8c\xd9\x75\xc0\x55" + "\xa2\xda\x07\xd1\xc2\xa9\xd1\xbb" + "\x09\x4f\x77\x62\x88\x2d\xf2\x68" + "\x54", + .alen = 65, + .input = "\xf7\x02\xbb\x11\x52\x24\xd8\x48" + "\x93\xe6\x9b\xee\x81\xfc\xf7\x82" + "\x79\xf0\xf3\xd9\x6c\x20\xa9\x1a" + "\xdc\xbc\x47\xc0\xe4\xcb\x10\x99" + "\x2f", + .ilen = 33, + .result = "\x33\xc1\xda\xfa\x15\x21\x07\x8e" + "\x93\x68\xea\x64\x7b\x3d\x4b\x6b" + "\x71\x5e\x5e\x6b\x92\xaa\x65\xc2" + "\x7a\x2a\xc1\xa9\x0a\xa1\x24\x81" + "\x26\x3a\x5a\x09\xe8\xce\x73\x72" + "\xde\x7b\x58\x9e\x85\xb9\xa4\x28" + "\xda", + .rlen = 49, + }, { + .key = "\x06\xcc\x4a\x79\x96\xc3\x82\xcf" + "\xb3\x1c\xc7\x12\x7f\xc5\x28\x04" + "\x44\xa1\x76\xfb\xad\xc8\x8a\x21" + "\x0d\xc8\x7f\xb6\x9b\xe3\xf8\x4f", + .klen = 32, + .iv = "\x15\x95\xd8\xe1\xda\x62\x2c\x56" + "\xd3\x53\xf4\x36\x7e\x8e\x59\x85" + "\x0e\x51\xf9\x1c\xee\x70\x6a\x27" + "\x3d\xd3\xb7\xac\x51\xfa\xdf\x05", + .assoc = "\x24\x5e\x67\x49\x1e\x01\xd6\xdd" + "\xf3\x89\x20\x5b\x7c\x57\x89\x07", + .alen = 16, + .input = "\x33\x27\xf5\xb1\x62\xa0\x80\x63" + "\x14\xc0\x4d\x7f\x7b\x20\xba\x89", + .ilen = 16, + .result = "\x3e\xf8\x86\x3d\x39\xf8\x96\x02" + "\x0f\xdf\xc9\x6e\x37\x1e\x57\x99" + "\x07\x2a\x1a\xac\xd1\xda\xfd\x3b" + "\xc7\xff\xbd\xbc\x85\x09\x0b", + .rlen = 31, + }, { + .key = "\x42\xf0\x84\x19\xa6\x3f\x2b\xea" + "\x34\xf6\x79\xa3\x79\xe9\xeb\x0a" + "\x6e\x63\x82\x7f\xb2\x68\x0c\x3a" + "\xce\xf5\x5e\x8e\x75\x42\x97\x26", + .klen = 32, + .iv = "\x51\xb9\x12\x80\xea\xde\xd5\x71" + "\x54\x2d\xa6\xc8\x78\xb2\x1b\x8c" + "\x39\x14\x05\xa0\xf3\x10\xec\x41" + "\xff\x01\x95\x84\x2b\x59\x7f\xdb", + .assoc = "\x61\x83\xa0\xe8\x2e\x7d\x7f\xf8" + "\x74\x63\xd2\xec\x76\x7c\x4c\x0d", + .alen = 16, + .input = "\x70\x4c\x2f\x50\x72\x1c\x29\x7f" + "\x95\x9a\xff\x10\x75\x45\x7d\x8f", + .ilen = 16, + .result = "\x2f\xc4\xd8\x0d\xa6\x07\xef\x2e" + "\x6c\xd9\x84\x63\x70\x97\x61\x37" + "\x08\x2f\x16\x90\x9e\x62\x30\x0d" + "\x62\xd5\xc8\xf0\x46\x1a", + .rlen = 30, + }, { + .key = "\x7f\x15\xbd\xb8\xb6\xba\xd3\x06" + "\xb5\xd1\x2b\x35\x73\x0e\xad\x10" + "\x98\x25\x8d\x03\xb7\x08\x8e\x54" + "\x90\x23\x3d\x67\x4f\xa1\x36\xfc", + .klen = 32, + .iv = "\x8e\xde\x4c\x20\xfa\x59\x7e\x8d" + "\xd5\x07\x58\x59\x72\xd7\xde\x92" + "\x63\xd6\x10\x24\xf8\xb0\x6e\x5a" + "\xc0\x2e\x74\x5d\x06\xb8\x1e\xb2", + .assoc = "\x9d\xa7\xda\x88\x3e\xf8\x28\x14" + "\xf5\x3e\x85\x7d\x70\xa0\x0f\x13", + .alen = 16, + .input = "\xac\x70\x69\xef\x82\x97\xd2\x9b" + "\x15\x74\xb1\xa2\x6f\x69\x3f\x95", + .ilen = 16, + .result = "\xce\xf3\x17\x87\x49\xc2\x00\x46" + "\xc6\x12\x5c\x8f\x81\x38\xaa\x55" + "\xf8\x67\x75\xf1\x75\xe3\x2a\x24", + .rlen = 24, + }, +}; + +static const struct aead_testvec aegis256_dec_tv_template[] = { + { + .key = "\x0f\xc9\x8e\x67\x44\x9e\xaa\x86" + "\x20\x36\x2c\x24\xfe\xc9\x30\x81" + "\xca\xb0\x82\x21\x41\xa8\xe0\x06" + "\x30\x0b\x37\xf6\xb6\x17\xe7\xb5", + .klen = 32, + .iv = "\x1e\x92\x1c\xcf\x88\x3d\x54\x0d" + "\x40\x6d\x59\x48\xfc\x92\x61\x03" + "\x95\x61\x05\x42\x82\x50\xc0\x0c" + "\x60\x16\x6f\xec\x6d\x2f\xcf\x6b", + .assoc = "", + .alen = 0, + .input = "\xd5\x65\x3a\xa9\x03\x51\xd7\xaa" + "\xfa\x4b\xd8\xa2\x41\x9b\xc1\xb2", + .ilen = 16, + .result = "", + .rlen = 0, + }, { + .key = "\x4b\xed\xc8\x07\x54\x1a\x52\xa2" + "\xa1\x10\xde\xb5\xf8\xed\xf3\x87" + "\xf4\x72\x8e\xa5\x46\x48\x62\x20" + "\xf1\x38\x16\xce\x90\x76\x87\x8c", + .klen = 32, + .iv = "\x5a\xb7\x56\x6e\x98\xb9\xfd\x29" + "\xc1\x47\x0b\xda\xf6\xb6\x23\x09" + "\xbf\x23\x11\xc6\x87\xf0\x42\x26" + "\x22\x44\x4e\xc4\x47\x8e\x6e\x41", + .assoc = "", + .alen = 0, + .input = "\x84\xa2\x8f\xad\xdb\x8d\x2c\x16" + "\x9e\x89\xd9\x06\xa6\xa8\x14\x29" + "\x8b", + .ilen = 17, + .result = "\x79", + .rlen = 1, + }, { + .key = "\x88\x12\x01\xa6\x64\x96\xfb\xbe" + "\x22\xea\x90\x47\xf2\x11\xb5\x8e" + "\x1f\x35\x9a\x29\x4b\xe8\xe4\x39" + "\xb3\x66\xf5\xa6\x6a\xd5\x26\x62", + .klen = 32, + .iv = "\x97\xdb\x90\x0e\xa8\x35\xa5\x45" + "\x42\x21\xbd\x6b\xf0\xda\xe6\x0f" + "\xe9\xe5\x1d\x4a\x8c\x90\xc4\x40" + "\xe3\x71\x2d\x9c\x21\xed\x0e\x18", + .assoc = "", + .alen = 0, + .input = "\x09\x94\x1f\xa6\x13\xc3\x74\x75" + "\x17\xad\x8a\x0e\xd8\x66\x9a\x28" + "\xd7\x30\x66\x09\x2a\xdc\xfa\x2a" + "\x9f\x3b\xd7\xdd\x66\xd1\x2b", + .ilen = 31, + .result = "\xb5\x6e\xad\xdd\x30\x72\xfa\x53" + "\x82\x8e\x16\xb4\xed\x6d\x47", + .rlen = 15, + }, { + .key = "\xc4\x37\x3b\x45\x74\x11\xa4\xda" + "\xa2\xc5\x42\xd8\xec\x36\x78\x94" + "\x49\xf7\xa5\xad\x50\x88\x66\x53" + "\x74\x94\xd4\x7f\x44\x34\xc5\x39", + .klen = 32, + .iv = "\xd3\x00\xc9\xad\xb8\xb0\x4e\x61" + "\xc3\xfb\x6f\xfd\xea\xff\xa9\x15" + "\x14\xa8\x28\xce\x92\x30\x46\x59" + "\xa4\x9f\x0b\x75\xfb\x4c\xad\xee", + .assoc = "", + .alen = 0, + .input = "\x8a\x46\xa2\x22\x8c\x03\xab\x6f" + "\x54\x63\x4e\x7f\xc9\x8e\xfa\x70" + "\x7b\xe5\x8d\x78\xbc\xe9\xb6\xa1" + "\x29\x17\xc8\x3b\x52\xa4\x98\x72", + .ilen = 32, + .result = "\xf2\x92\xe6\x7d\x40\xee\xa3\x6f" + "\x03\x68\xc8\x45\xe7\x91\x0a\x18", + .rlen = 16, + }, { + .key = "\x01\x5c\x75\xe5\x84\x8d\x4d\xf6" + "\x23\x9f\xf4\x6a\xe6\x5a\x3b\x9a" + "\x74\xb9\xb1\x32\x55\x28\xe8\x6d" + "\x35\xc1\xb3\x57\x1f\x93\x64\x0f", + .klen = 32, + .iv = "\x10\x25\x03\x4c\xc8\x2c\xf7\x7d" + "\x44\xd5\x21\x8e\xe4\x23\x6b\x1c" + "\x3e\x6a\x34\x53\x97\xd0\xc8\x73" + "\x66\xcd\xea\x4d\xd5\xab\x4c\xc5", + .assoc = "", + .alen = 0, + .input = "\x71\x6b\x37\x0b\x02\x61\x28\x12" + "\x83\xab\x66\x90\x84\xc7\xd1\xc5" + "\xb2\x7a\xb4\x7b\xb4\xfe\x02\xb2" + "\xc0\x00\x39\x13\xb5\x51\x68\x44" + "\xad", + .ilen = 33, + .result = "\x2e\xb7\x20\x1c\x50\x6a\x4b\x8b" + "\x84\x42\x7a\xd7\xe1\xb5\xcd\x1f" + "\xd3", + .rlen = 17, + }, { + .key = "\x3d\x80\xae\x84\x94\x09\xf6\x12" + "\xa4\x79\xa6\xfb\xe0\x7f\xfd\xa0" + "\x9e\x7c\xbc\xb6\x5b\xc8\x6a\x86" + "\xf7\xef\x91\x30\xf9\xf2\x04\xe6", + .klen = 32, + .iv = "\x4c\x49\x3d\xec\xd8\xa8\xa0\x98" + "\xc5\xb0\xd3\x1f\xde\x48\x2e\x22" + "\x69\x2c\x3f\xd7\x9c\x70\x4a\x8d" + "\x27\xfa\xc9\x26\xaf\x0a\xeb\x9c", + .assoc = "", + .alen = 0, + .input = "\xaf\xa4\x34\x0d\x59\xe6\x1c\x2f" + "\x06\x3b\x52\x18\x49\x75\x1b\xf0" + "\x53\x09\x72\x7b\x45\x79\xe0\xbe" + "\x89\x85\x23\x15\xb8\x79\x07\x4c" + "\x53\x7a\x15\x37\x0a\xee\xb7\xfb" + "\xc4\x1f\x12\x27\xcf\x77\x90", + .ilen = 47, + .result = "\x6b\xdc\x5a\xbb\x60\xe5\xf4\xa6" + "\x05\x1d\x2c\x68\xdb\xda\x8f\x25" + "\xfe\x8d\x45\x19\x1e\xc0\x0b\x99" + "\x88\x11\x39\x12\x1c\x3a\xbb", + .rlen = 31, + }, { + .key = "\x7a\xa5\xe8\x23\xa4\x84\x9e\x2d" + "\x25\x53\x58\x8c\xda\xa3\xc0\xa6" + "\xc8\x3e\xc8\x3a\x60\x68\xec\xa0" + "\xb8\x1c\x70\x08\xd3\x51\xa3\xbd", + .klen = 32, + .iv = "\x89\x6e\x77\x8b\xe8\x23\x49\xb4" + "\x45\x8a\x85\xb1\xd8\x6c\xf1\x28" + "\x93\xef\x4b\x5b\xa1\x10\xcc\xa6" + "\xe8\x28\xa8\xfe\x89\x69\x8b\x72", + .assoc = "", + .alen = 0, + .input = "\xe2\xc9\x0b\x33\x31\x02\xb3\xb4" + "\x33\xfe\xeb\xa8\xb7\x9b\xb2\xd7" + "\xeb\x0f\x05\x2b\xba\xb3\xca\xef" + "\xf6\xd1\xb6\xc0\xb9\x9b\x85\xc5" + "\xbf\x7a\x3e\xcc\x31\x76\x09\x80" + "\x32\x5d\xbb\xe8\x38\x0e\x77\xd3", + .ilen = 48, + .result = "\xa7\x00\x93\x5b\x70\x61\x9d\xc2" + "\x86\xf7\xde\xfa\xd5\xfe\x52\x2b" + "\x28\x50\x51\x9d\x24\x60\x8d\xb3" + "\x49\x3e\x17\xea\xf6\x99\x5a\xdd", + .rlen = 32, + }, { + .key = "\xb6\xca\x22\xc3\xb4\x00\x47\x49" + "\xa6\x2d\x0a\x1e\xd4\xc7\x83\xad" + "\xf3\x00\xd4\xbf\x65\x08\x6e\xb9" + "\x7a\x4a\x4f\xe0\xad\xb0\x42\x93", + .klen = 32, + .iv = "\xc5\x93\xb0\x2a\xf8\x9f\xf1\xd0" + "\xc6\x64\x37\x42\xd2\x90\xb3\x2e" + "\xbd\xb1\x57\xe0\xa6\xb0\x4e\xc0" + "\xaa\x55\x87\xd6\x63\xc8\x2a\x49", + .assoc = "\xd5", + .alen = 1, + .input = "\x96\x43\x30\xca\x6c\x4f\xd7\x12" + "\xba\xd9\xb3\x18\x86\xdf\xc3\x52", + .ilen = 16, + .result = "", + .rlen = 0, + }, { + .key = "\xf3\xee\x5c\x62\xc4\x7c\xf0\x65" + "\x27\x08\xbd\xaf\xce\xec\x45\xb3" + "\x1d\xc3\xdf\x43\x6a\xa8\xf0\xd3" + "\x3b\x77\x2e\xb9\x87\x0f\xe1\x6a", + .klen = 32, + .iv = "\x02\xb8\xea\xca\x09\x1b\x9a\xec" + "\x47\x3e\xe9\xd4\xcc\xb5\x76\x34" + "\xe8\x73\x62\x64\xab\x50\xd0\xda" + "\x6b\x83\x66\xaf\x3e\x27\xc9\x1f", + .assoc = "\x11\x81\x78\x32\x4d\xb9\x44\x73" + "\x68\x75\x16\xf8\xcb\x7e\xa7", + .alen = 15, + .input = "\x2f\xab\x45\xe2\xa7\x46\xc5\x83" + "\x11\x9f\xb0\x74\xee\xc7\x03\xdd", + .ilen = 16, + .result = "", + .rlen = 0, + }, { + .key = "\x2f\x13\x95\x01\xd5\xf7\x99\x81" + "\xa8\xe2\x6f\x41\xc8\x10\x08\xb9" + "\x47\x85\xeb\xc7\x6f\x48\x72\xed" + "\xfc\xa5\x0d\x91\x61\x6e\x81\x40", + .klen = 32, + .iv = "\x3f\xdc\x24\x69\x19\x96\x43\x08" + "\xc8\x18\x9b\x65\xc6\xd9\x39\x3b" + "\x12\x35\x6e\xe8\xb0\xf0\x52\xf3" + "\x2d\xb0\x45\x87\x18\x86\x68\xf6", + .assoc = "\x4e\xa5\xb2\xd1\x5d\x35\xed\x8f" + "\xe8\x4f\xc8\x89\xc5\xa2\x69\xbc", + .alen = 16, + .input = "\x16\x44\x73\x33\x5d\xf2\xb9\x04" + "\x6b\x79\x98\xef\xdb\xd5\xc5\xf1", + .ilen = 16, + .result = "", + .rlen = 0, + }, { + .key = "\x6c\x38\xcf\xa1\xe5\x73\x41\x9d" + "\x29\xbc\x21\xd2\xc2\x35\xcb\xbf" + "\x72\x47\xf6\x4b\x74\xe8\xf4\x06" + "\xbe\xd3\xec\x6a\x3b\xcd\x20\x17", + .klen = 32, + .iv = "\x7b\x01\x5d\x08\x29\x12\xec\x24" + "\x49\xf3\x4d\xf7\xc0\xfe\xfb\x41" + "\x3c\xf8\x79\x6c\xb6\x90\xd4\x0d" + "\xee\xde\x23\x60\xf2\xe5\x08\xcc", + .assoc = "\x8a\xca\xec\x70\x6d\xb1\x96\xab" + "\x69\x29\x7a\x1b\xbf\xc7\x2c\xc2" + "\x07", + .alen = 17, + .input = "\xa4\x9b\xb8\x47\xc0\xed\x7a\x45" + "\x98\x54\x8c\xed\x3d\x17\xf0\xdd", + .ilen = 16, + .result = "", + .rlen = 0, + }, { + .key = "\xa8\x5c\x09\x40\xf5\xef\xea\xb8" + "\xaa\x96\xd3\x64\xbc\x59\x8d\xc6" + "\x9c\x0a\x02\xd0\x79\x88\x76\x20" + "\x7f\x00\xca\x42\x15\x2c\xbf\xed", + .klen = 32, + .iv = "\xb8\x26\x97\xa8\x39\x8e\x94\x3f" + "\xca\xcd\xff\x88\xba\x22\xbe\x47" + "\x67\xba\x85\xf1\xbb\x30\x56\x26" + "\xaf\x0b\x02\x38\xcc\x44\xa7\xa3", + .assoc = "\xc7\xef\x26\x10\x7d\x2c\x3f\xc6" + "\xea\x03\x2c\xac\xb9\xeb\xef\xc9" + "\x31\x6b\x08\x12\xfc\xd8\x37\x2d" + "\xe0\x17\x3a\x2e\x83\x5c\x8f", + .alen = 31, + .input = "\x20\x24\xe2\x33\x5c\x60\xc9\xf0" + "\xa4\x96\x2f\x0d\x53\xc2\xf8\xfc", + .ilen = 16, + .result = "", + .rlen = 0, + }, { + .key = "\xe5\x81\x42\xdf\x05\x6a\x93\xd4" + "\x2b\x70\x85\xf5\xb6\x7d\x50\xcc" + "\xc6\xcc\x0e\x54\x7f\x28\xf8\x3a" + "\x40\x2e\xa9\x1a\xf0\x8b\x5e\xc4", + .klen = 32, + .iv = "\xf4\x4a\xd1\x47\x49\x09\x3d\x5b" + "\x4b\xa7\xb1\x19\xb4\x46\x81\x4d" + "\x91\x7c\x91\x75\xc0\xd0\xd8\x40" + "\x71\x39\xe1\x10\xa6\xa3\x46\x7a", + .assoc = "\x03\x14\x5f\xaf\x8d\xa8\xe7\xe2" + "\x6b\xde\xde\x3e\xb3\x10\xb1\xcf" + "\x5c\x2d\x14\x96\x01\x78\xb9\x47" + "\xa1\x44\x19\x06\x5d\xbb\x2e\x2f", + .alen = 32, + .input = "\x6f\x4a\xb9\xe0\xff\x51\xa3\xf1" + "\xd2\x64\x3e\x66\x6a\xb2\x03\xc0", + .ilen = 16, + .result = "", + .rlen = 0, + }, { + .key = "\x22\xa6\x7c\x7f\x15\xe6\x3c\xf0" + "\xac\x4b\x37\x86\xb0\xa2\x13\xd2" + "\xf1\x8e\x19\xd8\x84\xc8\x7a\x53" + "\x02\x5b\x88\xf3\xca\xea\xfe\x9b", + .klen = 32, + .iv = "\x31\x6f\x0b\xe6\x59\x85\xe6\x77" + "\xcc\x81\x63\xab\xae\x6b\x43\x54" + "\xbb\x3f\x9c\xf9\xc5\x70\x5a\x5a" + "\x32\x67\xc0\xe9\x80\x02\xe5\x50", + .assoc = "\x40", + .alen = 1, + .input = "\x2c\xfb\xad\x7e\xbe\xa0\x9a\x5b" + "\x7a\x3f\x81\xf7\xfc\x1b\x79\x83" + "\xc7", + .ilen = 17, + .result = "\x4f", + .rlen = 1, + }, { + .key = "\x5e\xcb\xb6\x1e\x25\x62\xe4\x0c" + "\x2d\x25\xe9\x18\xaa\xc6\xd5\xd8" + "\x1b\x50\x25\x5d\x89\x68\xfc\x6d" + "\xc3\x89\x67\xcb\xa4\x49\x9d\x71", + .klen = 32, + .iv = "\x6d\x94\x44\x86\x69\x00\x8f\x93" + "\x4d\x5b\x15\x3c\xa8\x8f\x06\x5a" + "\xe6\x01\xa8\x7e\xca\x10\xdc\x73" + "\xf4\x94\x9f\xc1\x5a\x61\x85\x27", + .assoc = "\x7c\x5d\xd3\xee\xad\x9f\x39\x1a" + "\x6d\x92\x42\x61\xa7\x58\x37", + .alen = 15, + .input = "\x1f\x7f\xca\x3c\x2b\xe7\x27\xba" + "\x7e\x98\x83\x02\x34\x23\xf7\x94" + "\xde\x35\xe6\x1d\x14\x18\xe5\x38" + "\x14\x80\x6a\xa7\x1b\xae\x1d", + .ilen = 31, + .result = "\x8b\x26\x61\x55\xf1\x3e\xe3\xa1" + "\x8d\xc8\x6e\x85\xa5\x21\x67", + .rlen = 15, + }, { + .key = "\x9b\xef\xf0\xbd\x35\xdd\x8d\x28" + "\xad\xff\x9b\xa9\xa4\xeb\x98\xdf" + "\x46\x13\x31\xe1\x8e\x08\x7e\x87" + "\x85\xb6\x46\xa3\x7e\xa8\x3c\x48", + .klen = 32, + .iv = "\xaa\xb8\x7e\x25\x79\x7c\x37\xaf" + "\xce\x36\xc7\xce\xa2\xb4\xc9\x60" + "\x10\xc3\xb3\x02\xcf\xb0\x5e\x8d" + "\xb5\xc2\x7e\x9a\x35\xc0\x24\xfd", + .assoc = "\xb9\x82\x0c\x8d\xbd\x1b\xe2\x36" + "\xee\x6c\xf4\xf2\xa1\x7d\xf9\xe2", + .alen = 16, + .input = "\x05\x86\x9e\xd7\x2b\xa3\x97\x01" + "\xbe\x28\x98\x10\x6f\xe9\x61\x32" + "\x96\xbb\xb1\x2e\x8f\x0c\x44\xb9" + "\x46\x2d\x55\xe3\x42\x67\xf2\xaf", + .ilen = 32, + .result = "\xc8\x4b\x9b\xf5\x01\xba\x8c\xbd" + "\x0e\xa3\x21\x16\x9f\x46\x2a\x63", + .rlen = 16, + }, { + .key = "\xd7\x14\x29\x5d\x45\x59\x36\x44" + "\x2e\xd9\x4d\x3b\x9e\x0f\x5b\xe5" + "\x70\xd5\x3c\x65\x93\xa8\x00\xa0" + "\x46\xe4\x25\x7c\x58\x08\xdb\x1e", + .klen = 32, + .iv = "\xe6\xdd\xb8\xc4\x89\xf8\xe0\xca" + "\x4f\x10\x7a\x5f\x9c\xd8\x8b\x66" + "\x3b\x86\xbf\x86\xd4\x50\xe0\xa7" + "\x76\xef\x5c\x72\x0f\x1f\xc3\xd4", + .assoc = "\xf5\xa6\x46\x2c\xce\x97\x8a\x51" + "\x6f\x46\xa6\x83\x9b\xa1\xbc\xe8" + "\x05", + .alen = 17, + .input = "\x9c\xe0\x06\x7b\x86\xcf\x2e\xd8" + "\x45\x65\x1b\x72\x9b\xaa\xa3\x1e" + "\x87\x9d\x26\xdf\xff\x81\x11\xd2" + "\x47\x41\xb9\x24\xc1\x8a\xa3\x8b" + "\x55", + .ilen = 33, + .result = "\x05\x70\xd5\x94\x12\x36\x35\xd8" + "\x8f\x7d\xd3\xa8\x99\x6a\xed\x69" + "\xd0", + .rlen = 17, + }, { + .key = "\x14\x39\x63\xfc\x56\xd5\xdf\x5f" + "\xaf\xb3\xff\xcc\x98\x33\x1d\xeb" + "\x9a\x97\x48\xe9\x98\x48\x82\xba" + "\x07\x11\x04\x54\x32\x67\x7b\xf5", + .klen = 32, + .iv = "\x23\x02\xf1\x64\x9a\x73\x89\xe6" + "\xd0\xea\x2c\xf1\x96\xfc\x4e\x6d" + "\x65\x48\xcb\x0a\xda\xf0\x62\xc0" + "\x38\x1d\x3b\x4a\xe9\x7e\x62\xaa", + .assoc = "\x32\xcb\x80\xcc\xde\x12\x33\x6d" + "\xf0\x20\x58\x15\x95\xc6\x7f\xee" + "\x2f\xf9\x4e\x2c\x1b\x98\x43\xc7" + "\x68\x28\x73\x40\x9f\x96\x4a", + .alen = 31, + .input = "\xa0\xc8\xde\x83\x0d\xc3\x4e\xd5" + "\x69\x7f\x7a\xdd\x8c\x46\xda\xba" + "\x0a\x5c\x0e\x7f\xac\xee\x02\xd2" + "\xe5\x4b\x0a\xba\xb8\xa4\x7b\x66" + "\xde\xae\xdb\xc2\xc0\x0b\xf7\x2b" + "\xdf\xb8\xea\xd8\xa9\x38\xed", + .ilen = 47, + .result = "\x41\x94\x0e\x33\x22\xb1\xdd\xf4" + "\x10\x57\x85\x39\x93\x8f\xaf\x70" + "\xfa\xa9\xd0\x4d\x5c\x40\x23\xcd" + "\x98\x34\xab\x37\x56\xae\x32", + .rlen = 31, + }, { + .key = "\x50\x5d\x9d\x9b\x66\x50\x88\x7b" + "\x30\x8e\xb1\x5e\x92\x58\xe0\xf1" + "\xc5\x5a\x53\x6e\x9d\xe8\x04\xd4" + "\xc9\x3f\xe2\x2d\x0c\xc6\x1a\xcb", + .klen = 32, + .iv = "\x5f\x27\x2b\x03\xaa\xef\x32\x02" + "\x50\xc4\xde\x82\x90\x21\x11\x73" + "\x8f\x0a\xd6\x8f\xdf\x90\xe4\xda" + "\xf9\x4a\x1a\x23\xc3\xdd\x02\x81", + .assoc = "\x6e\xf0\xba\x6b\xee\x8e\xdc\x89" + "\x71\xfb\x0a\xa6\x8f\xea\x41\xf4" + "\x5a\xbb\x59\xb0\x20\x38\xc5\xe0" + "\x29\x56\x52\x19\x79\xf5\xe9\x37", + .alen = 32, + .input = "\xd3\x68\x14\x70\x3c\x01\x43\x86" + "\x02\xab\xbe\x75\xaa\xe7\xf5\x53" + "\x5c\x05\xbd\x9b\x19\xbb\x2a\x61" + "\x8f\x69\x05\x75\x8e\xca\x60\x0c" + "\x5b\xa2\x48\x61\x32\x74\x11\x2b" + "\xf6\xcf\x06\x78\x6f\x78\x1a\x4a", + .ilen = 48, + .result = "\x7e\xb9\x48\xd3\x32\x2d\x86\x10" + "\x91\x31\x37\xcb\x8d\xb3\x72\x76" + "\x24\x6b\xdc\xd1\x61\xe0\xa5\xe7" + "\x5a\x61\x8a\x0f\x30\x0d\xd1\xec", + .rlen = 32, + }, { + .key = "\x8d\x82\xd6\x3b\x76\xcc\x30\x97" + "\xb1\x68\x63\xef\x8c\x7c\xa3\xf7" + "\xef\x1c\x5f\xf2\xa3\x88\x86\xed" + "\x8a\x6d\xc1\x05\xe7\x25\xb9\xa2", + .klen = 32, + .iv = "\x9c\x4b\x65\xa2\xba\x6b\xdb\x1e" + "\xd1\x9e\x90\x13\x8a\x45\xd3\x79" + "\xba\xcd\xe2\x13\xe4\x30\x66\xf4" + "\xba\x78\xf9\xfb\x9d\x3c\xa1\x58", + .assoc = "\xab\x14\xf3\x0a\xfe\x0a\x85\xa5" + "\xf2\xd5\xbc\x38\x89\x0e\x04\xfb" + "\x84\x7d\x65\x34\x25\xd8\x47\xfa" + "\xeb\x83\x31\xf1\x54\x54\x89\x0d" + "\x9d", + .alen = 33, + .input = "\x07\x0a\x35\xb0\x82\x03\x5a\xd2" + "\x15\x3a\x6c\x72\x83\x9b\xb1\x75" + "\xea\xf2\xfc\xff\xc6\xf1\x13\xa4" + "\x1a\x93\x33\x79\x97\x82\x81\xc0" + "\x96\xc2\x00\xab\x39\xae\xa1\x62" + "\x53\xa3\x86\xc9\x07\x8c\xaf\x22" + "\x47\x31\x29\xca\x4a\x95\xf5\xd5" + "\x20\x63\x5a\x54\x80\x2c\x4a\x63" + "\xfb\x18\x73\x31\x4f\x08\x21\x5d" + "\x20\xe9\xc3\x7e\xea\x25\x77\x3a" + "\x65", + .ilen = 81, + .result = "\xba\xde\x82\x72\x42\xa9\x2f\x2c" + "\x12\x0b\xe9\x5c\x87\xd7\x35\x7c" + "\x4f\x2e\xe8\x55\x66\x80\x27\x00" + "\x1b\x8f\x68\xe7\x0a\x6c\x71\xc3" + "\x21\x78\x55\x9d\x9c\x65\x7b\xcd" + "\x0a\x34\x97\xff\x47\x37\xb0\x2a" + "\x80\x0d\x19\x98\x33\xa9\x7a\xe3" + "\x2e\x4c\xc6\xf3\x8c\x88\x42\x01" + "\xbd", + .rlen = 65, + }, { + .key = "\xc9\xa7\x10\xda\x86\x48\xd9\xb3" + "\x32\x42\x15\x80\x85\xa1\x65\xfe" + "\x19\xde\x6b\x76\xa8\x28\x08\x07" + "\x4b\x9a\xa0\xdd\xc1\x84\x58\x79", + .klen = 32, + .iv = "\xd8\x70\x9f\x42\xca\xe6\x83\x3a" + "\x52\x79\x42\xa5\x84\x6a\x96\x7f" + "\xe4\x8f\xed\x97\xe9\xd0\xe8\x0d" + "\x7c\xa6\xd8\xd4\x77\x9b\x40\x2e", + .assoc = "\xe8\x39\x2d\xaa\x0e\x85\x2d\xc1" + "\x72\xaf\x6e\xc9\x82\x33\xc7\x01" + "\xaf\x40\x70\xb8\x2a\x78\xc9\x14" + "\xac\xb1\x10\xca\x2e\xb3\x28\xe4" + "\xac\xfa\x58\x7f\xe5\x73\x09\x8c" + "\x1d\x40\x87\x8c\xd9\x75\xc0\x55" + "\xa2\xda\x07\xd1\xc2\xa9\xd1\xbb" + "\x09\x4f\x77\x62\x88\x2d\xf2\x68" + "\x54", + .alen = 65, + .input = "\x33\xc1\xda\xfa\x15\x21\x07\x8e" + "\x93\x68\xea\x64\x7b\x3d\x4b\x6b" + "\x71\x5e\x5e\x6b\x92\xaa\x65\xc2" + "\x7a\x2a\xc1\xa9\x0a\xa1\x24\x81" + "\x26\x3a\x5a\x09\xe8\xce\x73\x72" + "\xde\x7b\x58\x9e\x85\xb9\xa4\x28" + "\xda", + .ilen = 49, + .result = "\xf7\x02\xbb\x11\x52\x24\xd8\x48" + "\x93\xe6\x9b\xee\x81\xfc\xf7\x82" + "\x79\xf0\xf3\xd9\x6c\x20\xa9\x1a" + "\xdc\xbc\x47\xc0\xe4\xcb\x10\x99" + "\x2f", + .rlen = 33, + }, { + .key = "\x06\xcc\x4a\x79\x96\xc3\x82\xcf" + "\xb3\x1c\xc7\x12\x7f\xc5\x28\x04" + "\x44\xa1\x76\xfb\xad\xc8\x8a\x21" + "\x0d\xc8\x7f\xb6\x9b\xe3\xf8\x4f", + .klen = 32, + .iv = "\x15\x95\xd8\xe1\xda\x62\x2c\x56" + "\xd3\x53\xf4\x36\x7e\x8e\x59\x85" + "\x0e\x51\xf9\x1c\xee\x70\x6a\x27" + "\x3d\xd3\xb7\xac\x51\xfa\xdf\x05", + .assoc = "\x24\x5e\x67\x49\x1e\x01\xd6\xdd" + "\xf3\x89\x20\x5b\x7c\x57\x89\x07", + .alen = 16, + .input = "\x3e\xf8\x86\x3d\x39\xf8\x96\x02" + "\x0f\xdf\xc9\x6e\x37\x1e\x57\x99" + "\x07\x2a\x1a\xac\xd1\xda\xfd\x3b" + "\xc7\xff\xbd\xbc\x85\x09\x0b", + .ilen = 31, + .result = "\x33\x27\xf5\xb1\x62\xa0\x80\x63" + "\x14\xc0\x4d\x7f\x7b\x20\xba\x89", + .rlen = 16, + }, { + .key = "\x42\xf0\x84\x19\xa6\x3f\x2b\xea" + "\x34\xf6\x79\xa3\x79\xe9\xeb\x0a" + "\x6e\x63\x82\x7f\xb2\x68\x0c\x3a" + "\xce\xf5\x5e\x8e\x75\x42\x97\x26", + .klen = 32, + .iv = "\x51\xb9\x12\x80\xea\xde\xd5\x71" + "\x54\x2d\xa6\xc8\x78\xb2\x1b\x8c" + "\x39\x14\x05\xa0\xf3\x10\xec\x41" + "\xff\x01\x95\x84\x2b\x59\x7f\xdb", + .assoc = "\x61\x83\xa0\xe8\x2e\x7d\x7f\xf8" + "\x74\x63\xd2\xec\x76\x7c\x4c\x0d", + .alen = 16, + .input = "\x2f\xc4\xd8\x0d\xa6\x07\xef\x2e" + "\x6c\xd9\x84\x63\x70\x97\x61\x37" + "\x08\x2f\x16\x90\x9e\x62\x30\x0d" + "\x62\xd5\xc8\xf0\x46\x1a", + .ilen = 30, + .result = "\x70\x4c\x2f\x50\x72\x1c\x29\x7f" + "\x95\x9a\xff\x10\x75\x45\x7d\x8f", + .rlen = 16, + }, { + .key = "\x7f\x15\xbd\xb8\xb6\xba\xd3\x06" + "\xb5\xd1\x2b\x35\x73\x0e\xad\x10" + "\x98\x25\x8d\x03\xb7\x08\x8e\x54" + "\x90\x23\x3d\x67\x4f\xa1\x36\xfc", + .klen = 32, + .iv = "\x8e\xde\x4c\x20\xfa\x59\x7e\x8d" + "\xd5\x07\x58\x59\x72\xd7\xde\x92" + "\x63\xd6\x10\x24\xf8\xb0\x6e\x5a" + "\xc0\x2e\x74\x5d\x06\xb8\x1e\xb2", + .assoc = "\x9d\xa7\xda\x88\x3e\xf8\x28\x14" + "\xf5\x3e\x85\x7d\x70\xa0\x0f\x13", + .alen = 16, + .input = "\xce\xf3\x17\x87\x49\xc2\x00\x46" + "\xc6\x12\x5c\x8f\x81\x38\xaa\x55" + "\xf8\x67\x75\xf1\x75\xe3\x2a\x24", + .ilen = 24, + .result = "\xac\x70\x69\xef\x82\x97\xd2\x9b" + "\x15\x74\xb1\xa2\x6f\x69\x3f\x95", + .rlen = 16, + }, +}; + +/* + * MORUS-640 test vectors - generated via reference implementation from + * SUPERCOP (https://bench.cr.yp.to/supercop.html): + * + * https://bench.cr.yp.to/supercop/supercop-20170228.tar.xz + * (see crypto_aead/morus640128v2/) + */ +static const struct aead_testvec morus640_enc_tv_template[] = { + { + .key = "\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00", + .klen = 16, + .iv = "\x0f\xc9\x8e\x67\x44\x9e\xaa\x86" + "\x20\x36\x2c\x24\xfe\xc9\x30\x81", + .assoc = "", + .alen = 0, + .input = "", + .ilen = 0, + .result = "\x89\x62\x7d\xf3\x07\x9d\x52\x05" + "\x53\xc3\x04\x60\x93\xb4\x37\x9a", + .rlen = 16, + }, { + .key = "\x3c\x24\x39\x9f\x10\x7b\xa8\x1b" + "\x80\xda\xb2\x91\xf9\x24\xc2\x06", + .klen = 16, + .iv = "\x4b\xed\xc8\x07\x54\x1a\x52\xa2" + "\xa1\x10\xde\xb5\xf8\xed\xf3\x87", + .assoc = "", + .alen = 0, + .input = "\x69", + .ilen = 1, + .result = "\xa8\x8d\xe4\x90\xb5\x50\x8f\x78" + "\xb6\x10\x9a\x59\x5f\x61\x37\x70" + "\x09", + .rlen = 17, + }, { + .key = "\x79\x49\x73\x3e\x20\xf7\x51\x37" + "\x01\xb4\x64\x22\xf3\x48\x85\x0c", + .klen = 16, + .iv = "\x88\x12\x01\xa6\x64\x96\xfb\xbe" + "\x22\xea\x90\x47\xf2\x11\xb5\x8e", + .assoc = "", + .alen = 0, + .input = "\xa6\xa4\x1e\x76\xec\xd4\x50\xcc" + "\x62\x58\xe9\x8f\xef\xa4\x17", + .ilen = 15, + .result = "\x76\xdd\xb9\x05\x3d\xce\x61\x38" + "\xf3\xef\xf7\xe5\xd7\xfd\x70\xa5" + "\xcf\x9d\x64\xb8\x0a\x9f\xfd\x8b" + "\xd4\x6e\xfe\xd9\xc8\x63\x4b", + .rlen = 31, + }, { + .key = "\xb5\x6e\xad\xdd\x30\x72\xfa\x53" + "\x82\x8e\x16\xb4\xed\x6d\x47\x12", + .klen = 16, + .iv = "\xc4\x37\x3b\x45\x74\x11\xa4\xda" + "\xa2\xc5\x42\xd8\xec\x36\x78\x94", + .assoc = "", + .alen = 0, + .input = "\xe2\xc9\x58\x15\xfc\x4f\xf8\xe8" + "\xe3\x32\x9b\x21\xe9\xc8\xd9\x97", + .ilen = 16, + .result = "\xdc\x72\xe8\x14\xfb\x63\xad\x72" + "\x1f\x57\x9a\x1f\x88\x81\xdb\xd6" + "\xc1\x91\x9d\xb9\x25\xc4\x99\x4c" + "\x97\xcd\x8a\x0c\x9d\x68\x00\x1c", + .rlen = 32, + }, { + .key = "\xf2\x92\xe6\x7d\x40\xee\xa3\x6f" + "\x03\x68\xc8\x45\xe7\x91\x0a\x18", + .klen = 16, + .iv = "\x01\x5c\x75\xe5\x84\x8d\x4d\xf6" + "\x23\x9f\xf4\x6a\xe6\x5a\x3b\x9a", + .assoc = "", + .alen = 0, + .input = "\x1f\xee\x92\xb4\x0c\xcb\xa1\x04" + "\x64\x0c\x4d\xb2\xe3\xec\x9c\x9d" + "\x09", + .ilen = 17, + .result = "\x6b\x4f\x3b\x90\x9a\xa2\xb3\x82" + "\x0a\xb8\x55\xee\xeb\x73\x4d\x7f" + "\x54\x11\x3a\x8a\x31\xa3\xb5\xf2" + "\xcd\x49\xdb\xf3\xee\x26\xbd\xa2" + "\x0d", + .rlen = 33, + }, { + .key = "\x2e\xb7\x20\x1c\x50\x6a\x4b\x8b" + "\x84\x42\x7a\xd7\xe1\xb5\xcd\x1f", + .klen = 16, + .iv = "\x3d\x80\xae\x84\x94\x09\xf6\x12" + "\xa4\x79\xa6\xfb\xe0\x7f\xfd\xa0", + .assoc = "", + .alen = 0, + .input = "\x5c\x13\xcb\x54\x1c\x47\x4a\x1f" + "\xe5\xe6\xff\x44\xdd\x11\x5f\xa3" + "\x33\xdd\xc2\xf8\xdd\x18\x2b\x93" + "\x57\x05\x01\x1c\x66\x22\xd3", + .ilen = 31, + .result = "\x59\xd1\x0f\x6b\xee\x27\x84\x92" + "\xb7\xa9\xb5\xdd\x02\xa4\x12\xa5" + "\x50\x32\xb4\x9a\x2e\x35\x83\x55" + "\x36\x12\x12\xed\xa3\x31\xc5\x30" + "\xa7\xe2\x4a\x6d\x05\x59\x43\x91" + "\x75\xfa\x6c\x17\xc6\x73\xca", + .rlen = 47, + }, { + .key = "\x6b\xdc\x5a\xbb\x60\xe5\xf4\xa6" + "\x05\x1d\x2c\x68\xdb\xda\x8f\x25", + .klen = 16, + .iv = "\x7a\xa5\xe8\x23\xa4\x84\x9e\x2d" + "\x25\x53\x58\x8c\xda\xa3\xc0\xa6", + .assoc = "", + .alen = 0, + .input = "\x98\x37\x05\xf3\x2c\xc2\xf3\x3b" + "\x66\xc0\xb1\xd5\xd7\x35\x21\xaa" + "\x5d\x9f\xce\x7c\xe2\xb8\xad\xad" + "\x19\x33\xe0\xf4\x40\x81\x72\x28", + .ilen = 32, + .result = "\xdb\x49\x68\x0f\x91\x5b\x21\xb1" + "\xcf\x50\xb2\x4c\x32\xe1\xa6\x69" + "\xc0\xfb\x44\x1f\xa0\x9a\xeb\x39" + "\x1b\xde\x68\x38\xcc\x27\x52\xc5" + "\xf6\x3e\x74\xea\x66\x5b\x5f\x0c" + "\x65\x9e\x58\xe6\x52\xa2\xfe\x59", + .rlen = 48, + }, { + .key = "\xa7\x00\x93\x5b\x70\x61\x9d\xc2" + "\x86\xf7\xde\xfa\xd5\xfe\x52\x2b", + .klen = 16, + .iv = "\xb6\xca\x22\xc3\xb4\x00\x47\x49" + "\xa6\x2d\x0a\x1e\xd4\xc7\x83\xad", + .assoc = "\xc5", + .alen = 1, + .input = "", + .ilen = 0, + .result = "\x56\xe7\x24\x52\xdd\x95\x60\x5b" + "\x09\x48\x39\x69\x9c\xb3\x62\x46", + .rlen = 16, + }, { + .key = "\xe4\x25\xcd\xfa\x80\xdd\x46\xde" + "\x07\xd1\x90\x8b\xcf\x23\x15\x31", + .klen = 16, + .iv = "\xf3\xee\x5c\x62\xc4\x7c\xf0\x65" + "\x27\x08\xbd\xaf\xce\xec\x45\xb3", + .assoc = "\x02\xb8\xea\xca\x09\x1b\x9a\xec" + "\x47\x3e\xe9\xd4\xcc\xb5\x76", + .alen = 15, + .input = "", + .ilen = 0, + .result = "\xdd\xfa\x6c\x1f\x5d\x86\x87\x01" + "\x13\xe5\x73\x46\x46\xf2\x5c\xe1", + .rlen = 16, + }, { + .key = "\x20\x4a\x07\x99\x91\x58\xee\xfa" + "\x88\xab\x42\x1c\xc9\x47\xd7\x38", + .klen = 16, + .iv = "\x2f\x13\x95\x01\xd5\xf7\x99\x81" + "\xa8\xe2\x6f\x41\xc8\x10\x08\xb9", + .assoc = "\x3f\xdc\x24\x69\x19\x96\x43\x08" + "\xc8\x18\x9b\x65\xc6\xd9\x39\x3b", + .alen = 16, + .input = "", + .ilen = 0, + .result = "\xa6\x1b\xb9\xd7\x5e\x3c\xcf\xac" + "\xa9\x21\x45\x0b\x16\x52\xf7\xe1", + .rlen = 16, + }, { + .key = "\x5d\x6f\x41\x39\xa1\xd4\x97\x16" + "\x09\x85\xf4\xae\xc3\x6b\x9a\x3e", + .klen = 16, + .iv = "\x6c\x38\xcf\xa1\xe5\x73\x41\x9d" + "\x29\xbc\x21\xd2\xc2\x35\xcb\xbf", + .assoc = "\x7b\x01\x5d\x08\x29\x12\xec\x24" + "\x49\xf3\x4d\xf7\xc0\xfe\xfb\x41" + "\x3c", + .alen = 17, + .input = "", + .ilen = 0, + .result = "\x15\xff\xde\x3b\x34\xfc\xf6\xf9" + "\xbb\xa8\x62\xad\x0a\xf5\x48\x60", + .rlen = 16, + }, { + .key = "\x99\x93\x7a\xd8\xb1\x50\x40\x31" + "\x8a\x60\xa6\x3f\xbd\x90\x5d\x44", + .klen = 16, + .iv = "\xa8\x5c\x09\x40\xf5\xef\xea\xb8" + "\xaa\x96\xd3\x64\xbc\x59\x8d\xc6", + .assoc = "\xb8\x26\x97\xa8\x39\x8e\x94\x3f" + "\xca\xcd\xff\x88\xba\x22\xbe\x47" + "\x67\xba\x85\xf1\xbb\x30\x56\x26" + "\xaf\x0b\x02\x38\xcc\x44\xa7", + .alen = 31, + .input = "", + .ilen = 0, + .result = "\xd2\x9d\xf8\x3b\xd7\x84\xe9\x2d" + "\x4b\xef\x75\x16\x0a\x99\xae\x6b", + .rlen = 16, + }, { + .key = "\xd6\xb8\xb4\x77\xc1\xcb\xe9\x4d" + "\x0a\x3a\x58\xd1\xb7\xb4\x1f\x4a", + .klen = 16, + .iv = "\xe5\x81\x42\xdf\x05\x6a\x93\xd4" + "\x2b\x70\x85\xf5\xb6\x7d\x50\xcc", + .assoc = "\xf4\x4a\xd1\x47\x49\x09\x3d\x5b" + "\x4b\xa7\xb1\x19\xb4\x46\x81\x4d" + "\x91\x7c\x91\x75\xc0\xd0\xd8\x40" + "\x71\x39\xe1\x10\xa6\xa3\x46\x7a", + .alen = 32, + .input = "", + .ilen = 0, + .result = "\xe4\x8d\xa7\xa7\x45\xc1\x31\x4f" + "\xce\xfb\xaf\xd6\xc2\xe6\xee\xc0", + .rlen = 16, + }, { + .key = "\x12\xdd\xee\x17\xd1\x47\x92\x69" + "\x8b\x14\x0a\x62\xb1\xd9\xe2\x50", + .klen = 16, + .iv = "\x22\xa6\x7c\x7f\x15\xe6\x3c\xf0" + "\xac\x4b\x37\x86\xb0\xa2\x13\xd2", + .assoc = "\x31", + .alen = 1, + .input = "\x40", + .ilen = 1, + .result = "\xe2\x67\x38\x4f\xb9\xad\x7d\x38" + "\x01\xfe\x84\x14\x85\xf8\xd1\xe3" + "\x22", + .rlen = 17, + }, { + .key = "\x4f\x01\x27\xb6\xe1\xc3\x3a\x85" + "\x0c\xee\xbc\xf4\xab\xfd\xa5\x57", + .klen = 16, + .iv = "\x5e\xcb\xb6\x1e\x25\x62\xe4\x0c" + "\x2d\x25\xe9\x18\xaa\xc6\xd5\xd8", + .assoc = "\x6d\x94\x44\x86\x69\x00\x8f\x93" + "\x4d\x5b\x15\x3c\xa8\x8f\x06", + .alen = 15, + .input = "\x7c\x5d\xd3\xee\xad\x9f\x39\x1a" + "\x6d\x92\x42\x61\xa7\x58\x37", + .ilen = 15, + .result = "\x77\x32\x61\xeb\xb4\x33\x29\x92" + "\x29\x95\xc5\x8e\x85\x76\xab\xfc" + "\x07\x95\xa7\x44\x74\xf7\x22\xff" + "\xd8\xd8\x36\x3d\x8a\x7f\x9e", + .rlen = 31, + }, { + .key = "\x8b\x26\x61\x55\xf1\x3e\xe3\xa1" + "\x8d\xc8\x6e\x85\xa5\x21\x67\x5d", + .klen = 16, + .iv = "\x9b\xef\xf0\xbd\x35\xdd\x8d\x28" + "\xad\xff\x9b\xa9\xa4\xeb\x98\xdf", + .assoc = "\xaa\xb8\x7e\x25\x79\x7c\x37\xaf" + "\xce\x36\xc7\xce\xa2\xb4\xc9\x60", + .alen = 16, + .input = "\xb9\x82\x0c\x8d\xbd\x1b\xe2\x36" + "\xee\x6c\xf4\xf2\xa1\x7d\xf9\xe2", + .ilen = 16, + .result = "\xd8\xfd\x44\x45\xf6\x42\x12\x38" + "\xf2\x0b\xea\x4f\x9e\x11\x61\x07" + "\x48\x67\x98\x18\x9b\xd0\x0c\x59" + "\x67\xa4\x11\xb3\x2b\xd6\xc1\x70", + .rlen = 32, + }, { + .key = "\xc8\x4b\x9b\xf5\x01\xba\x8c\xbd" + "\x0e\xa3\x21\x16\x9f\x46\x2a\x63", + .klen = 16, + .iv = "\xd7\x14\x29\x5d\x45\x59\x36\x44" + "\x2e\xd9\x4d\x3b\x9e\x0f\x5b\xe5", + .assoc = "\xe6\xdd\xb8\xc4\x89\xf8\xe0\xca" + "\x4f\x10\x7a\x5f\x9c\xd8\x8b\x66" + "\x3b", + .alen = 17, + .input = "\xf5\xa6\x46\x2c\xce\x97\x8a\x51" + "\x6f\x46\xa6\x83\x9b\xa1\xbc\xe8" + "\x05", + .ilen = 17, + .result = "\xb1\xab\x53\x4e\xc7\x40\x16\xb6" + "\x71\x3a\x00\x9f\x41\x88\xb0\xb2" + "\x71\x83\x85\x5f\xc8\x79\x0a\x99" + "\x99\xdc\x89\x1c\x88\xd2\x3e\xf9" + "\x83", + .rlen = 33, + }, { + .key = "\x05\x70\xd5\x94\x12\x36\x35\xd8" + "\x8f\x7d\xd3\xa8\x99\x6a\xed\x69", + .klen = 16, + .iv = "\x14\x39\x63\xfc\x56\xd5\xdf\x5f" + "\xaf\xb3\xff\xcc\x98\x33\x1d\xeb", + .assoc = "\x23\x02\xf1\x64\x9a\x73\x89\xe6" + "\xd0\xea\x2c\xf1\x96\xfc\x4e\x6d" + "\x65\x48\xcb\x0a\xda\xf0\x62\xc0" + "\x38\x1d\x3b\x4a\xe9\x7e\x62", + .alen = 31, + .input = "\x32\xcb\x80\xcc\xde\x12\x33\x6d" + "\xf0\x20\x58\x15\x95\xc6\x7f\xee" + "\x2f\xf9\x4e\x2c\x1b\x98\x43\xc7" + "\x68\x28\x73\x40\x9f\x96\x4a", + .ilen = 31, + .result = "\x29\xc4\xf0\x03\xc1\x86\xdf\x06" + "\x5c\x7b\xef\x64\x87\x00\xd1\x37" + "\xa7\x08\xbc\x7f\x8f\x41\x54\xd0" + "\x3e\xf1\xc3\xa2\x96\x84\xdd\x2a" + "\x2d\x21\x30\xf9\x02\xdb\x06\x0c" + "\xf1\x5a\x66\x69\xe0\xca\x83", + .rlen = 47, + }, { + .key = "\x41\x94\x0e\x33\x22\xb1\xdd\xf4" + "\x10\x57\x85\x39\x93\x8f\xaf\x70", + .klen = 16, + .iv = "\x50\x5d\x9d\x9b\x66\x50\x88\x7b" + "\x30\x8e\xb1\x5e\x92\x58\xe0\xf1", + .assoc = "\x5f\x27\x2b\x03\xaa\xef\x32\x02" + "\x50\xc4\xde\x82\x90\x21\x11\x73" + "\x8f\x0a\xd6\x8f\xdf\x90\xe4\xda" + "\xf9\x4a\x1a\x23\xc3\xdd\x02\x81", + .alen = 32, + .input = "\x6e\xf0\xba\x6b\xee\x8e\xdc\x89" + "\x71\xfb\x0a\xa6\x8f\xea\x41\xf4" + "\x5a\xbb\x59\xb0\x20\x38\xc5\xe0" + "\x29\x56\x52\x19\x79\xf5\xe9\x37", + .ilen = 32, + .result = "\xe2\x2e\x44\xdf\xd3\x60\x6d\xb2" + "\x70\x57\x37\xc5\xc2\x4f\x8d\x14" + "\xc6\xbf\x8b\xec\xf5\x62\x67\xf2" + "\x2f\xa1\xe6\xd6\xa7\xb1\x8c\x54" + "\xe5\x6b\x49\xf9\x6e\x90\xc3\xaa" + "\x7a\x00\x2e\x4d\x7f\x31\x2e\x81", + .rlen = 48, + }, { + .key = "\x7e\xb9\x48\xd3\x32\x2d\x86\x10" + "\x91\x31\x37\xcb\x8d\xb3\x72\x76", + .klen = 16, + .iv = "\x8d\x82\xd6\x3b\x76\xcc\x30\x97" + "\xb1\x68\x63\xef\x8c\x7c\xa3\xf7", + .assoc = "\x9c\x4b\x65\xa2\xba\x6b\xdb\x1e" + "\xd1\x9e\x90\x13\x8a\x45\xd3\x79" + "\xba\xcd\xe2\x13\xe4\x30\x66\xf4" + "\xba\x78\xf9\xfb\x9d\x3c\xa1\x58" + "\x1a", + .alen = 33, + .input = "\xab\x14\xf3\x0a\xfe\x0a\x85\xa5" + "\xf2\xd5\xbc\x38\x89\x0e\x04\xfb" + "\x84\x7d\x65\x34\x25\xd8\x47\xfa" + "\xeb\x83\x31\xf1\x54\x54\x89\x0d" + "\x9d\x4d\x54\x51\x84\x61\xf6\x8e" + "\x03\x31\xf2\x25\x16\xcc\xaa\xc6" + "\x75\x73\x20\x30\x59\x54\xb2\xf0" + "\x3a\x4b\xe0\x23\x8e\xa6\x08\x35" + "\x8a", + .ilen = 65, + .result = "\xc7\xca\x26\x61\x57\xee\xa2\xb9" + "\xb1\x37\xde\x95\x06\x90\x11\x08" + "\x4d\x30\x9f\x24\xc0\x56\xb7\xe1" + "\x0b\x9f\xd2\x57\xe9\xd2\xb1\x76" + "\x56\x9a\xb4\x58\xc5\x08\xfc\xb5" + "\xf2\x31\x9b\xc9\xcd\xb3\x64\xdb" + "\x6f\x50\xbf\xf4\x73\x9d\xfb\x6b" + "\xef\x35\x25\x48\xed\xcf\x29\xa8" + "\xac\xc3\xb9\xcb\x61\x8f\x73\x92" + "\x2c\x7a\x6f\xda\xf9\x09\x6f\xe1" + "\xc4", + .rlen = 81, + }, { + .key = "\xba\xde\x82\x72\x42\xa9\x2f\x2c" + "\x12\x0b\xe9\x5c\x87\xd7\x35\x7c", + .klen = 16, + .iv = "\xc9\xa7\x10\xda\x86\x48\xd9\xb3" + "\x32\x42\x15\x80\x85\xa1\x65\xfe", + .assoc = "\xd8\x70\x9f\x42\xca\xe6\x83\x3a" + "\x52\x79\x42\xa5\x84\x6a\x96\x7f" + "\xe4\x8f\xed\x97\xe9\xd0\xe8\x0d" + "\x7c\xa6\xd8\xd4\x77\x9b\x40\x2e" + "\x28\xce\x57\x34\xcd\x6e\x84\x4c" + "\x17\x3c\xe1\xb2\xa8\x0b\xbb\xf1" + "\x96\x41\x0d\x69\xe8\x54\x0a\xc8" + "\x15\x4e\x91\x92\x89\x4b\xb7\x9b" + "\x21", + .alen = 65, + .input = "\xe8\x39\x2d\xaa\x0e\x85\x2d\xc1" + "\x72\xaf\x6e\xc9\x82\x33\xc7\x01" + "\xaf\x40\x70\xb8\x2a\x78\xc9\x14" + "\xac\xb1\x10\xca\x2e\xb3\x28\xe4" + "\xac", + .ilen = 33, + .result = "\x57\xcd\x3d\x46\xc5\xf9\x68\x3b" + "\x2c\x0f\xb4\x7e\x7b\x64\x3e\x40" + "\xf3\x78\x63\x34\x89\x79\x39\x6b" + "\x61\x64\x4a\x9a\xfa\x70\xa4\xd3" + "\x54\x0b\xea\x05\xa6\x95\x64\xed" + "\x3d\x69\xa2\x0c\x27\x56\x2f\x34" + "\x66", + .rlen = 49, + }, { + .key = "\xf7\x02\xbb\x11\x52\x24\xd8\x48" + "\x93\xe6\x9b\xee\x81\xfc\xf7\x82", + .klen = 16, + .iv = "\x06\xcc\x4a\x79\x96\xc3\x82\xcf" + "\xb3\x1c\xc7\x12\x7f\xc5\x28\x04", + .assoc = "\x15\x95\xd8\xe1\xda\x62\x2c\x56" + "\xd3\x53\xf4\x36\x7e\x8e\x59\x85", + .alen = 16, + .input = "\x24\x5e\x67\x49\x1e\x01\xd6\xdd" + "\xf3\x89\x20\x5b\x7c\x57\x89\x07", + .ilen = 16, + .result = "\xfc\x85\x06\x28\x8f\xe8\x23\x1f" + "\x33\x98\x87\xde\x08\xb6\xb6\xae" + "\x3e\xa4\xf8\x19\xf1\x92\x60\x39" + "\xb9\x6b\x3f\xdf\xc8\xcb\x30", + .rlen = 31, + }, { + .key = "\x33\x27\xf5\xb1\x62\xa0\x80\x63" + "\x14\xc0\x4d\x7f\x7b\x20\xba\x89", + .klen = 16, + .iv = "\x42\xf0\x84\x19\xa6\x3f\x2b\xea" + "\x34\xf6\x79\xa3\x79\xe9\xeb\x0a", + .assoc = "\x51\xb9\x12\x80\xea\xde\xd5\x71" + "\x54\x2d\xa6\xc8\x78\xb2\x1b\x8c", + .alen = 16, + .input = "\x61\x83\xa0\xe8\x2e\x7d\x7f\xf8" + "\x74\x63\xd2\xec\x76\x7c\x4c\x0d", + .ilen = 16, + .result = "\x74\x7d\x70\x07\xe9\xba\x01\xee" + "\x6c\xc6\x6f\x50\x25\x33\xbe\x50" + "\x17\xb8\x17\x62\xed\x80\xa2\xf5" + "\x03\xde\x85\x71\x5d\x34", + .rlen = 30, + }, { + .key = "\x70\x4c\x2f\x50\x72\x1c\x29\x7f" + "\x95\x9a\xff\x10\x75\x45\x7d\x8f", + .klen = 16, + .iv = "\x7f\x15\xbd\xb8\xb6\xba\xd3\x06" + "\xb5\xd1\x2b\x35\x73\x0e\xad\x10", + .assoc = "\x8e\xde\x4c\x20\xfa\x59\x7e\x8d" + "\xd5\x07\x58\x59\x72\xd7\xde\x92", + .alen = 16, + .input = "\x9d\xa7\xda\x88\x3e\xf8\x28\x14" + "\xf5\x3e\x85\x7d\x70\xa0\x0f\x13", + .ilen = 16, + .result = "\xf4\xb3\x85\xf9\xac\xde\xb1\x38" + "\x29\xfd\x6c\x7c\x49\xe5\x1d\xaf" + "\xba\xea\xd4\xfa\x3f\x11\x33\x98", + .rlen = 24, + }, { + .key = "\xac\x70\x69\xef\x82\x97\xd2\x9b" + "\x15\x74\xb1\xa2\x6f\x69\x3f\x95", + .klen = 16, + .iv = "\xbb\x3a\xf7\x57\xc6\x36\x7c\x22" + "\x36\xab\xde\xc6\x6d\x32\x70\x17", + .assoc = "\xcb\x03\x85\xbf\x0a\xd5\x26\xa9" + "\x56\xe1\x0a\xeb\x6c\xfb\xa1\x98", + .alen = 16, + .input = "\xda\xcc\x14\x27\x4e\x74\xd1\x30" + "\x76\x18\x37\x0f\x6a\xc4\xd1\x1a", + .ilen = 16, + .result = "\xe6\x5c\x49\x4f\x78\xf3\x62\x86" + "\xe1\xb7\xa5\xc3\x32\x88\x3c\x8c" + "\x6e", + .rlen = 17, + }, +}; + +static const struct aead_testvec morus640_dec_tv_template[] = { + { + .key = "\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00", + .klen = 16, + .iv = "\x0f\xc9\x8e\x67\x44\x9e\xaa\x86" + "\x20\x36\x2c\x24\xfe\xc9\x30\x81", + .assoc = "", + .alen = 0, + .input = "\x89\x62\x7d\xf3\x07\x9d\x52\x05" + "\x53\xc3\x04\x60\x93\xb4\x37\x9a", + .ilen = 16, + .result = "", + .rlen = 0, + }, { + .key = "\x3c\x24\x39\x9f\x10\x7b\xa8\x1b" + "\x80\xda\xb2\x91\xf9\x24\xc2\x06", + .klen = 16, + .iv = "\x4b\xed\xc8\x07\x54\x1a\x52\xa2" + "\xa1\x10\xde\xb5\xf8\xed\xf3\x87", + .assoc = "", + .alen = 0, + .input = "\xa8\x8d\xe4\x90\xb5\x50\x8f\x78" + "\xb6\x10\x9a\x59\x5f\x61\x37\x70" + "\x09", + .ilen = 17, + .result = "\x69", + .rlen = 1, + }, { + .key = "\x79\x49\x73\x3e\x20\xf7\x51\x37" + "\x01\xb4\x64\x22\xf3\x48\x85\x0c", + .klen = 16, + .iv = "\x88\x12\x01\xa6\x64\x96\xfb\xbe" + "\x22\xea\x90\x47\xf2\x11\xb5\x8e", + .assoc = "", + .alen = 0, + .input = "\x76\xdd\xb9\x05\x3d\xce\x61\x38" + "\xf3\xef\xf7\xe5\xd7\xfd\x70\xa5" + "\xcf\x9d\x64\xb8\x0a\x9f\xfd\x8b" + "\xd4\x6e\xfe\xd9\xc8\x63\x4b", + .ilen = 31, + .result = "\xa6\xa4\x1e\x76\xec\xd4\x50\xcc" + "\x62\x58\xe9\x8f\xef\xa4\x17", + .rlen = 15, + }, { + .key = "\xb5\x6e\xad\xdd\x30\x72\xfa\x53" + "\x82\x8e\x16\xb4\xed\x6d\x47\x12", + .klen = 16, + .iv = "\xc4\x37\x3b\x45\x74\x11\xa4\xda" + "\xa2\xc5\x42\xd8\xec\x36\x78\x94", + .assoc = "", + .alen = 0, + .input = "\xdc\x72\xe8\x14\xfb\x63\xad\x72" + "\x1f\x57\x9a\x1f\x88\x81\xdb\xd6" + "\xc1\x91\x9d\xb9\x25\xc4\x99\x4c" + "\x97\xcd\x8a\x0c\x9d\x68\x00\x1c", + .ilen = 32, + .result = "\xe2\xc9\x58\x15\xfc\x4f\xf8\xe8" + "\xe3\x32\x9b\x21\xe9\xc8\xd9\x97", + .rlen = 16, + }, { + .key = "\xf2\x92\xe6\x7d\x40\xee\xa3\x6f" + "\x03\x68\xc8\x45\xe7\x91\x0a\x18", + .klen = 16, + .iv = "\x01\x5c\x75\xe5\x84\x8d\x4d\xf6" + "\x23\x9f\xf4\x6a\xe6\x5a\x3b\x9a", + .assoc = "", + .alen = 0, + .input = "\x6b\x4f\x3b\x90\x9a\xa2\xb3\x82" + "\x0a\xb8\x55\xee\xeb\x73\x4d\x7f" + "\x54\x11\x3a\x8a\x31\xa3\xb5\xf2" + "\xcd\x49\xdb\xf3\xee\x26\xbd\xa2" + "\x0d", + .ilen = 33, + .result = "\x1f\xee\x92\xb4\x0c\xcb\xa1\x04" + "\x64\x0c\x4d\xb2\xe3\xec\x9c\x9d" + "\x09", + .rlen = 17, + }, { + .key = "\x2e\xb7\x20\x1c\x50\x6a\x4b\x8b" + "\x84\x42\x7a\xd7\xe1\xb5\xcd\x1f", + .klen = 16, + .iv = "\x3d\x80\xae\x84\x94\x09\xf6\x12" + "\xa4\x79\xa6\xfb\xe0\x7f\xfd\xa0", + .assoc = "", + .alen = 0, + .input = "\x59\xd1\x0f\x6b\xee\x27\x84\x92" + "\xb7\xa9\xb5\xdd\x02\xa4\x12\xa5" + "\x50\x32\xb4\x9a\x2e\x35\x83\x55" + "\x36\x12\x12\xed\xa3\x31\xc5\x30" + "\xa7\xe2\x4a\x6d\x05\x59\x43\x91" + "\x75\xfa\x6c\x17\xc6\x73\xca", + .ilen = 47, + .result = "\x5c\x13\xcb\x54\x1c\x47\x4a\x1f" + "\xe5\xe6\xff\x44\xdd\x11\x5f\xa3" + "\x33\xdd\xc2\xf8\xdd\x18\x2b\x93" + "\x57\x05\x01\x1c\x66\x22\xd3", + .rlen = 31, + }, { + .key = "\x6b\xdc\x5a\xbb\x60\xe5\xf4\xa6" + "\x05\x1d\x2c\x68\xdb\xda\x8f\x25", + .klen = 16, + .iv = "\x7a\xa5\xe8\x23\xa4\x84\x9e\x2d" + "\x25\x53\x58\x8c\xda\xa3\xc0\xa6", + .assoc = "", + .alen = 0, + .input = "\xdb\x49\x68\x0f\x91\x5b\x21\xb1" + "\xcf\x50\xb2\x4c\x32\xe1\xa6\x69" + "\xc0\xfb\x44\x1f\xa0\x9a\xeb\x39" + "\x1b\xde\x68\x38\xcc\x27\x52\xc5" + "\xf6\x3e\x74\xea\x66\x5b\x5f\x0c" + "\x65\x9e\x58\xe6\x52\xa2\xfe\x59", + .ilen = 48, + .result = "\x98\x37\x05\xf3\x2c\xc2\xf3\x3b" + "\x66\xc0\xb1\xd5\xd7\x35\x21\xaa" + "\x5d\x9f\xce\x7c\xe2\xb8\xad\xad" + "\x19\x33\xe0\xf4\x40\x81\x72\x28", + .rlen = 32, + }, { + .key = "\xa7\x00\x93\x5b\x70\x61\x9d\xc2" + "\x86\xf7\xde\xfa\xd5\xfe\x52\x2b", + .klen = 16, + .iv = "\xb6\xca\x22\xc3\xb4\x00\x47\x49" + "\xa6\x2d\x0a\x1e\xd4\xc7\x83\xad", + .assoc = "\xc5", + .alen = 1, + .input = "\x56\xe7\x24\x52\xdd\x95\x60\x5b" + "\x09\x48\x39\x69\x9c\xb3\x62\x46", + .ilen = 16, + .result = "", + .rlen = 0, + }, { + .key = "\xe4\x25\xcd\xfa\x80\xdd\x46\xde" + "\x07\xd1\x90\x8b\xcf\x23\x15\x31", + .klen = 16, + .iv = "\xf3\xee\x5c\x62\xc4\x7c\xf0\x65" + "\x27\x08\xbd\xaf\xce\xec\x45\xb3", + .assoc = "\x02\xb8\xea\xca\x09\x1b\x9a\xec" + "\x47\x3e\xe9\xd4\xcc\xb5\x76", + .alen = 15, + .input = "\xdd\xfa\x6c\x1f\x5d\x86\x87\x01" + "\x13\xe5\x73\x46\x46\xf2\x5c\xe1", + .ilen = 16, + .result = "", + .rlen = 0, + }, { + .key = "\x20\x4a\x07\x99\x91\x58\xee\xfa" + "\x88\xab\x42\x1c\xc9\x47\xd7\x38", + .klen = 16, + .iv = "\x2f\x13\x95\x01\xd5\xf7\x99\x81" + "\xa8\xe2\x6f\x41\xc8\x10\x08\xb9", + .assoc = "\x3f\xdc\x24\x69\x19\x96\x43\x08" + "\xc8\x18\x9b\x65\xc6\xd9\x39\x3b", + .alen = 16, + .input = "\xa6\x1b\xb9\xd7\x5e\x3c\xcf\xac" + "\xa9\x21\x45\x0b\x16\x52\xf7\xe1", + .ilen = 16, + .result = "", + .rlen = 0, + }, { + .key = "\x5d\x6f\x41\x39\xa1\xd4\x97\x16" + "\x09\x85\xf4\xae\xc3\x6b\x9a\x3e", + .klen = 16, + .iv = "\x6c\x38\xcf\xa1\xe5\x73\x41\x9d" + "\x29\xbc\x21\xd2\xc2\x35\xcb\xbf", + .assoc = "\x7b\x01\x5d\x08\x29\x12\xec\x24" + "\x49\xf3\x4d\xf7\xc0\xfe\xfb\x41" + "\x3c", + .alen = 17, + .input = "\x15\xff\xde\x3b\x34\xfc\xf6\xf9" + "\xbb\xa8\x62\xad\x0a\xf5\x48\x60", + .ilen = 16, + .result = "", + .rlen = 0, + }, { + .key = "\x99\x93\x7a\xd8\xb1\x50\x40\x31" + "\x8a\x60\xa6\x3f\xbd\x90\x5d\x44", + .klen = 16, + .iv = "\xa8\x5c\x09\x40\xf5\xef\xea\xb8" + "\xaa\x96\xd3\x64\xbc\x59\x8d\xc6", + .assoc = "\xb8\x26\x97\xa8\x39\x8e\x94\x3f" + "\xca\xcd\xff\x88\xba\x22\xbe\x47" + "\x67\xba\x85\xf1\xbb\x30\x56\x26" + "\xaf\x0b\x02\x38\xcc\x44\xa7", + .alen = 31, + .input = "\xd2\x9d\xf8\x3b\xd7\x84\xe9\x2d" + "\x4b\xef\x75\x16\x0a\x99\xae\x6b", + .ilen = 16, + .result = "", + .rlen = 0, + }, { + .key = "\xd6\xb8\xb4\x77\xc1\xcb\xe9\x4d" + "\x0a\x3a\x58\xd1\xb7\xb4\x1f\x4a", + .klen = 16, + .iv = "\xe5\x81\x42\xdf\x05\x6a\x93\xd4" + "\x2b\x70\x85\xf5\xb6\x7d\x50\xcc", + .assoc = "\xf4\x4a\xd1\x47\x49\x09\x3d\x5b" + "\x4b\xa7\xb1\x19\xb4\x46\x81\x4d" + "\x91\x7c\x91\x75\xc0\xd0\xd8\x40" + "\x71\x39\xe1\x10\xa6\xa3\x46\x7a", + .alen = 32, + .input = "\xe4\x8d\xa7\xa7\x45\xc1\x31\x4f" + "\xce\xfb\xaf\xd6\xc2\xe6\xee\xc0", + .ilen = 16, + .result = "", + .rlen = 0, + }, { + .key = "\x12\xdd\xee\x17\xd1\x47\x92\x69" + "\x8b\x14\x0a\x62\xb1\xd9\xe2\x50", + .klen = 16, + .iv = "\x22\xa6\x7c\x7f\x15\xe6\x3c\xf0" + "\xac\x4b\x37\x86\xb0\xa2\x13\xd2", + .assoc = "\x31", + .alen = 1, + .input = "\xe2\x67\x38\x4f\xb9\xad\x7d\x38" + "\x01\xfe\x84\x14\x85\xf8\xd1\xe3" + "\x22", + .ilen = 17, + .result = "\x40", + .rlen = 1, + }, { + .key = "\x4f\x01\x27\xb6\xe1\xc3\x3a\x85" + "\x0c\xee\xbc\xf4\xab\xfd\xa5\x57", + .klen = 16, + .iv = "\x5e\xcb\xb6\x1e\x25\x62\xe4\x0c" + "\x2d\x25\xe9\x18\xaa\xc6\xd5\xd8", + .assoc = "\x6d\x94\x44\x86\x69\x00\x8f\x93" + "\x4d\x5b\x15\x3c\xa8\x8f\x06", + .alen = 15, + .input = "\x77\x32\x61\xeb\xb4\x33\x29\x92" + "\x29\x95\xc5\x8e\x85\x76\xab\xfc" + "\x07\x95\xa7\x44\x74\xf7\x22\xff" + "\xd8\xd8\x36\x3d\x8a\x7f\x9e", + .ilen = 31, + .result = "\x7c\x5d\xd3\xee\xad\x9f\x39\x1a" + "\x6d\x92\x42\x61\xa7\x58\x37", + .rlen = 15, + }, { + .key = "\x8b\x26\x61\x55\xf1\x3e\xe3\xa1" + "\x8d\xc8\x6e\x85\xa5\x21\x67\x5d", + .klen = 16, + .iv = "\x9b\xef\xf0\xbd\x35\xdd\x8d\x28" + "\xad\xff\x9b\xa9\xa4\xeb\x98\xdf", + .assoc = "\xaa\xb8\x7e\x25\x79\x7c\x37\xaf" + "\xce\x36\xc7\xce\xa2\xb4\xc9\x60", + .alen = 16, + .input = "\xd8\xfd\x44\x45\xf6\x42\x12\x38" + "\xf2\x0b\xea\x4f\x9e\x11\x61\x07" + "\x48\x67\x98\x18\x9b\xd0\x0c\x59" + "\x67\xa4\x11\xb3\x2b\xd6\xc1\x70", + .ilen = 32, + .result = "\xb9\x82\x0c\x8d\xbd\x1b\xe2\x36" + "\xee\x6c\xf4\xf2\xa1\x7d\xf9\xe2", + .rlen = 16, + }, { + .key = "\xc8\x4b\x9b\xf5\x01\xba\x8c\xbd" + "\x0e\xa3\x21\x16\x9f\x46\x2a\x63", + .klen = 16, + .iv = "\xd7\x14\x29\x5d\x45\x59\x36\x44" + "\x2e\xd9\x4d\x3b\x9e\x0f\x5b\xe5", + .assoc = "\xe6\xdd\xb8\xc4\x89\xf8\xe0\xca" + "\x4f\x10\x7a\x5f\x9c\xd8\x8b\x66" + "\x3b", + .alen = 17, + .input = "\xb1\xab\x53\x4e\xc7\x40\x16\xb6" + "\x71\x3a\x00\x9f\x41\x88\xb0\xb2" + "\x71\x83\x85\x5f\xc8\x79\x0a\x99" + "\x99\xdc\x89\x1c\x88\xd2\x3e\xf9" + "\x83", + .ilen = 33, + .result = "\xf5\xa6\x46\x2c\xce\x97\x8a\x51" + "\x6f\x46\xa6\x83\x9b\xa1\xbc\xe8" + "\x05", + .rlen = 17, + }, { + .key = "\x05\x70\xd5\x94\x12\x36\x35\xd8" + "\x8f\x7d\xd3\xa8\x99\x6a\xed\x69", + .klen = 16, + .iv = "\x14\x39\x63\xfc\x56\xd5\xdf\x5f" + "\xaf\xb3\xff\xcc\x98\x33\x1d\xeb", + .assoc = "\x23\x02\xf1\x64\x9a\x73\x89\xe6" + "\xd0\xea\x2c\xf1\x96\xfc\x4e\x6d" + "\x65\x48\xcb\x0a\xda\xf0\x62\xc0" + "\x38\x1d\x3b\x4a\xe9\x7e\x62", + .alen = 31, + .input = "\x29\xc4\xf0\x03\xc1\x86\xdf\x06" + "\x5c\x7b\xef\x64\x87\x00\xd1\x37" + "\xa7\x08\xbc\x7f\x8f\x41\x54\xd0" + "\x3e\xf1\xc3\xa2\x96\x84\xdd\x2a" + "\x2d\x21\x30\xf9\x02\xdb\x06\x0c" + "\xf1\x5a\x66\x69\xe0\xca\x83", + .ilen = 47, + .result = "\x32\xcb\x80\xcc\xde\x12\x33\x6d" + "\xf0\x20\x58\x15\x95\xc6\x7f\xee" + "\x2f\xf9\x4e\x2c\x1b\x98\x43\xc7" + "\x68\x28\x73\x40\x9f\x96\x4a", + .rlen = 31, + }, { + .key = "\x41\x94\x0e\x33\x22\xb1\xdd\xf4" + "\x10\x57\x85\x39\x93\x8f\xaf\x70", + .klen = 16, + .iv = "\x50\x5d\x9d\x9b\x66\x50\x88\x7b" + "\x30\x8e\xb1\x5e\x92\x58\xe0\xf1", + .assoc = "\x5f\x27\x2b\x03\xaa\xef\x32\x02" + "\x50\xc4\xde\x82\x90\x21\x11\x73" + "\x8f\x0a\xd6\x8f\xdf\x90\xe4\xda" + "\xf9\x4a\x1a\x23\xc3\xdd\x02\x81", + .alen = 32, + .input = "\xe2\x2e\x44\xdf\xd3\x60\x6d\xb2" + "\x70\x57\x37\xc5\xc2\x4f\x8d\x14" + "\xc6\xbf\x8b\xec\xf5\x62\x67\xf2" + "\x2f\xa1\xe6\xd6\xa7\xb1\x8c\x54" + "\xe5\x6b\x49\xf9\x6e\x90\xc3\xaa" + "\x7a\x00\x2e\x4d\x7f\x31\x2e\x81", + .ilen = 48, + .result = "\x6e\xf0\xba\x6b\xee\x8e\xdc\x89" + "\x71\xfb\x0a\xa6\x8f\xea\x41\xf4" + "\x5a\xbb\x59\xb0\x20\x38\xc5\xe0" + "\x29\x56\x52\x19\x79\xf5\xe9\x37", + .rlen = 32, + }, { + .key = "\x7e\xb9\x48\xd3\x32\x2d\x86\x10" + "\x91\x31\x37\xcb\x8d\xb3\x72\x76", + .klen = 16, + .iv = "\x8d\x82\xd6\x3b\x76\xcc\x30\x97" + "\xb1\x68\x63\xef\x8c\x7c\xa3\xf7", + .assoc = "\x9c\x4b\x65\xa2\xba\x6b\xdb\x1e" + "\xd1\x9e\x90\x13\x8a\x45\xd3\x79" + "\xba\xcd\xe2\x13\xe4\x30\x66\xf4" + "\xba\x78\xf9\xfb\x9d\x3c\xa1\x58" + "\x1a", + .alen = 33, + .input = "\xc7\xca\x26\x61\x57\xee\xa2\xb9" + "\xb1\x37\xde\x95\x06\x90\x11\x08" + "\x4d\x30\x9f\x24\xc0\x56\xb7\xe1" + "\x0b\x9f\xd2\x57\xe9\xd2\xb1\x76" + "\x56\x9a\xb4\x58\xc5\x08\xfc\xb5" + "\xf2\x31\x9b\xc9\xcd\xb3\x64\xdb" + "\x6f\x50\xbf\xf4\x73\x9d\xfb\x6b" + "\xef\x35\x25\x48\xed\xcf\x29\xa8" + "\xac\xc3\xb9\xcb\x61\x8f\x73\x92" + "\x2c\x7a\x6f\xda\xf9\x09\x6f\xe1" + "\xc4", + .ilen = 81, + .result = "\xab\x14\xf3\x0a\xfe\x0a\x85\xa5" + "\xf2\xd5\xbc\x38\x89\x0e\x04\xfb" + "\x84\x7d\x65\x34\x25\xd8\x47\xfa" + "\xeb\x83\x31\xf1\x54\x54\x89\x0d" + "\x9d\x4d\x54\x51\x84\x61\xf6\x8e" + "\x03\x31\xf2\x25\x16\xcc\xaa\xc6" + "\x75\x73\x20\x30\x59\x54\xb2\xf0" + "\x3a\x4b\xe0\x23\x8e\xa6\x08\x35" + "\x8a", + .rlen = 65, + }, { + .key = "\xba\xde\x82\x72\x42\xa9\x2f\x2c" + "\x12\x0b\xe9\x5c\x87\xd7\x35\x7c", + .klen = 16, + .iv = "\xc9\xa7\x10\xda\x86\x48\xd9\xb3" + "\x32\x42\x15\x80\x85\xa1\x65\xfe", + .assoc = "\xd8\x70\x9f\x42\xca\xe6\x83\x3a" + "\x52\x79\x42\xa5\x84\x6a\x96\x7f" + "\xe4\x8f\xed\x97\xe9\xd0\xe8\x0d" + "\x7c\xa6\xd8\xd4\x77\x9b\x40\x2e" + "\x28\xce\x57\x34\xcd\x6e\x84\x4c" + "\x17\x3c\xe1\xb2\xa8\x0b\xbb\xf1" + "\x96\x41\x0d\x69\xe8\x54\x0a\xc8" + "\x15\x4e\x91\x92\x89\x4b\xb7\x9b" + "\x21", + .alen = 65, + .input = "\x57\xcd\x3d\x46\xc5\xf9\x68\x3b" + "\x2c\x0f\xb4\x7e\x7b\x64\x3e\x40" + "\xf3\x78\x63\x34\x89\x79\x39\x6b" + "\x61\x64\x4a\x9a\xfa\x70\xa4\xd3" + "\x54\x0b\xea\x05\xa6\x95\x64\xed" + "\x3d\x69\xa2\x0c\x27\x56\x2f\x34" + "\x66", + .ilen = 49, + .result = "\xe8\x39\x2d\xaa\x0e\x85\x2d\xc1" + "\x72\xaf\x6e\xc9\x82\x33\xc7\x01" + "\xaf\x40\x70\xb8\x2a\x78\xc9\x14" + "\xac\xb1\x10\xca\x2e\xb3\x28\xe4" + "\xac", + .rlen = 33, + }, { + .key = "\xf7\x02\xbb\x11\x52\x24\xd8\x48" + "\x93\xe6\x9b\xee\x81\xfc\xf7\x82", + .klen = 16, + .iv = "\x06\xcc\x4a\x79\x96\xc3\x82\xcf" + "\xb3\x1c\xc7\x12\x7f\xc5\x28\x04", + .assoc = "\x15\x95\xd8\xe1\xda\x62\x2c\x56" + "\xd3\x53\xf4\x36\x7e\x8e\x59\x85", + .alen = 16, + .input = "\xfc\x85\x06\x28\x8f\xe8\x23\x1f" + "\x33\x98\x87\xde\x08\xb6\xb6\xae" + "\x3e\xa4\xf8\x19\xf1\x92\x60\x39" + "\xb9\x6b\x3f\xdf\xc8\xcb\x30", + .ilen = 31, + .result = "\x24\x5e\x67\x49\x1e\x01\xd6\xdd" + "\xf3\x89\x20\x5b\x7c\x57\x89\x07", + .rlen = 16, + }, { + .key = "\x33\x27\xf5\xb1\x62\xa0\x80\x63" + "\x14\xc0\x4d\x7f\x7b\x20\xba\x89", + .klen = 16, + .iv = "\x42\xf0\x84\x19\xa6\x3f\x2b\xea" + "\x34\xf6\x79\xa3\x79\xe9\xeb\x0a", + .assoc = "\x51\xb9\x12\x80\xea\xde\xd5\x71" + "\x54\x2d\xa6\xc8\x78\xb2\x1b\x8c", + .alen = 16, + .input = "\x74\x7d\x70\x07\xe9\xba\x01\xee" + "\x6c\xc6\x6f\x50\x25\x33\xbe\x50" + "\x17\xb8\x17\x62\xed\x80\xa2\xf5" + "\x03\xde\x85\x71\x5d\x34", + .ilen = 30, + .result = "\x61\x83\xa0\xe8\x2e\x7d\x7f\xf8" + "\x74\x63\xd2\xec\x76\x7c\x4c\x0d", + .rlen = 16, + }, { + .key = "\x70\x4c\x2f\x50\x72\x1c\x29\x7f" + "\x95\x9a\xff\x10\x75\x45\x7d\x8f", + .klen = 16, + .iv = "\x7f\x15\xbd\xb8\xb6\xba\xd3\x06" + "\xb5\xd1\x2b\x35\x73\x0e\xad\x10", + .assoc = "\x8e\xde\x4c\x20\xfa\x59\x7e\x8d" + "\xd5\x07\x58\x59\x72\xd7\xde\x92", + .alen = 16, + .input = "\xf4\xb3\x85\xf9\xac\xde\xb1\x38" + "\x29\xfd\x6c\x7c\x49\xe5\x1d\xaf" + "\xba\xea\xd4\xfa\x3f\x11\x33\x98", + .ilen = 24, + .result = "\x9d\xa7\xda\x88\x3e\xf8\x28\x14" + "\xf5\x3e\x85\x7d\x70\xa0\x0f\x13", + .rlen = 16, + }, { + .key = "\xac\x70\x69\xef\x82\x97\xd2\x9b" + "\x15\x74\xb1\xa2\x6f\x69\x3f\x95", + .klen = 16, + .iv = "\xbb\x3a\xf7\x57\xc6\x36\x7c\x22" + "\x36\xab\xde\xc6\x6d\x32\x70\x17", + .assoc = "\xcb\x03\x85\xbf\x0a\xd5\x26\xa9" + "\x56\xe1\x0a\xeb\x6c\xfb\xa1\x98", + .alen = 16, + .input = "\xe6\x5c\x49\x4f\x78\xf3\x62\x86" + "\xe1\xb7\xa5\xc3\x32\x88\x3c\x8c" + "\x6e", + .ilen = 17, + .result = "\xda\xcc\x14\x27\x4e\x74\xd1\x30" + "\x76\x18\x37\x0f\x6a\xc4\xd1\x1a", + .rlen = 16, + }, +}; + +/* + * MORUS-1280 test vectors - generated via reference implementation from + * SUPERCOP (https://bench.cr.yp.to/supercop.html): + * + * https://bench.cr.yp.to/supercop/supercop-20170228.tar.xz + * (see crypto_aead/morus1280128v2/ and crypto_aead/morus1280256v2/ ) + */ +static const struct aead_testvec morus1280_enc_tv_template[] = { + { + .key = "\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00", + .klen = 16, + .iv = "\x0f\xc9\x8e\x67\x44\x9e\xaa\x86" + "\x20\x36\x2c\x24\xfe\xc9\x30\x81", + .assoc = "", + .alen = 0, + .input = "", + .ilen = 0, + .result = "\x91\x85\x0f\xf5\x52\x9e\xce\xce" + "\x65\x99\xc7\xbf\xd3\x76\xe8\x98", + .rlen = 16, + }, { + .key = "\x3c\x24\x39\x9f\x10\x7b\xa8\x1b" + "\x80\xda\xb2\x91\xf9\x24\xc2\x06", + .klen = 16, + .iv = "\x4b\xed\xc8\x07\x54\x1a\x52\xa2" + "\xa1\x10\xde\xb5\xf8\xed\xf3\x87", + .assoc = "", + .alen = 0, + .input = "\x69", + .ilen = 1, + .result = "\x88\xc3\x4c\xf0\x2f\x43\x76\x13" + "\x96\xda\x76\x34\x33\x4e\xd5\x39" + "\x73", + .rlen = 17, + }, { + .key = "\x79\x49\x73\x3e\x20\xf7\x51\x37" + "\x01\xb4\x64\x22\xf3\x48\x85\x0c", + .klen = 16, + .iv = "\x88\x12\x01\xa6\x64\x96\xfb\xbe" + "\x22\xea\x90\x47\xf2\x11\xb5\x8e", + .assoc = "", + .alen = 0, + .input = "\xa6\xa4\x1e\x76\xec\xd4\x50\xcc" + "\x62\x58\xe9\x8f\xef\xa4\x17\x91" + "\xb4\x96\x9f\x6b\xce\x38\xa5\x46" + "\x13\x7d\x64\x93\xd7\x05\xf5", + .ilen = 31, + .result = "\x3e\x5c\x3b\x58\x3b\x7d\x2a\x22" + "\x75\x0b\x24\xa6\x0e\xc3\xde\x52" + "\x97\x0b\x64\xd4\xce\x90\x52\xf7" + "\xef\xdb\x6a\x38\xd2\xa8\xa1\x0d" + "\xe0\x61\x33\x24\xc6\x4d\x51\xbc" + "\xa4\x21\x74\xcf\x19\x16\x59", + .rlen = 47, + }, { + .key = "\xb5\x6e\xad\xdd\x30\x72\xfa\x53" + "\x82\x8e\x16\xb4\xed\x6d\x47\x12", + .klen = 16, + .iv = "\xc4\x37\x3b\x45\x74\x11\xa4\xda" + "\xa2\xc5\x42\xd8\xec\x36\x78\x94", + .assoc = "", + .alen = 0, + .input = "\xe2\xc9\x58\x15\xfc\x4f\xf8\xe8" + "\xe3\x32\x9b\x21\xe9\xc8\xd9\x97" + "\xde\x58\xab\xf0\xd3\xd8\x27\x60" + "\xd5\xaa\x43\x6b\xb1\x64\x95\xa4", + .ilen = 32, + .result = "\x30\x82\x9c\x2b\x67\xcb\xf9\x1f" + "\xde\x9f\x77\xb2\xda\x92\x61\x5c" + "\x09\x0b\x2d\x9a\x26\xaa\x1c\x06" + "\xab\x74\xb7\x2b\x95\x5f\x9f\xa1" + "\x9a\xff\x50\xa0\xa2\xff\xc5\xad" + "\x21\x8e\x84\x5c\x12\x61\xb2\xae", + .rlen = 48, + }, { + .key = "\xf2\x92\xe6\x7d\x40\xee\xa3\x6f" + "\x03\x68\xc8\x45\xe7\x91\x0a\x18", + .klen = 16, + .iv = "\x01\x5c\x75\xe5\x84\x8d\x4d\xf6" + "\x23\x9f\xf4\x6a\xe6\x5a\x3b\x9a", + .assoc = "", + .alen = 0, + .input = "\x1f\xee\x92\xb4\x0c\xcb\xa1\x04" + "\x64\x0c\x4d\xb2\xe3\xec\x9c\x9d" + "\x09\x1a\xb7\x74\xd8\x78\xa9\x79" + "\x96\xd8\x22\x43\x8c\xc3\x34\x7b" + "\xc4", + .ilen = 33, + .result = "\x67\x5d\x8e\x45\xc8\x39\xf5\x17" + "\xc1\x1d\x2a\xdd\x88\x67\xda\x1f" + "\x6d\xe8\x37\x28\x5a\xc1\x5e\x9f" + "\xa6\xec\xc6\x92\x05\x4b\xc0\xa3" + "\x63\xef\x88\xa4\x9b\x0a\x5c\xed" + "\x2b\x6a\xac\x63\x52\xaa\x10\x94" + "\xd0", + .rlen = 49, + }, { + .key = "\x2e\xb7\x20\x1c\x50\x6a\x4b\x8b" + "\x84\x42\x7a\xd7\xe1\xb5\xcd\x1f", + .klen = 16, + .iv = "\x3d\x80\xae\x84\x94\x09\xf6\x12" + "\xa4\x79\xa6\xfb\xe0\x7f\xfd\xa0", + .assoc = "", + .alen = 0, + .input = "\x5c\x13\xcb\x54\x1c\x47\x4a\x1f" + "\xe5\xe6\xff\x44\xdd\x11\x5f\xa3" + "\x33\xdd\xc2\xf8\xdd\x18\x2b\x93" + "\x57\x05\x01\x1c\x66\x22\xd3\x51" + "\xd3\xdf\x18\xc9\x30\x66\xed\xb1" + "\x96\x58\xd5\x8c\x64\x8c\x7c\xf5" + "\x01\xd0\x74\x5f\x9b\xaa\xf6\xd1" + "\xe6\x16\xa2\xac\xde\x47\x40", + .ilen = 63, + .result = "\x7d\x61\x1a\x35\x20\xcc\x07\x88" + "\x03\x98\x87\xcf\xc0\x6e\x4d\x19" + "\xe3\xd4\x0b\xfb\x29\x8f\x49\x1a" + "\x3a\x06\x77\xce\x71\x2c\xcd\xdd" + "\xed\xf6\xc9\xbe\xa6\x3b\xb8\xfc" + "\x6c\xbe\x77\xed\x74\x0e\x20\x85" + "\xd0\x65\xde\x24\x6f\xe3\x25\xc5" + "\xdf\x5b\x0f\xbd\x8a\x88\x78\xc9" + "\xe5\x81\x37\xde\x84\x7a\xf6\x84" + "\x99\x7a\x72\x9c\x54\x31\xa1", + .rlen = 79, + }, { + .key = "\x6b\xdc\x5a\xbb\x60\xe5\xf4\xa6" + "\x05\x1d\x2c\x68\xdb\xda\x8f\x25", + .klen = 16, + .iv = "\x7a\xa5\xe8\x23\xa4\x84\x9e\x2d" + "\x25\x53\x58\x8c\xda\xa3\xc0\xa6", + .assoc = "", + .alen = 0, + .input = "\x98\x37\x05\xf3\x2c\xc2\xf3\x3b" + "\x66\xc0\xb1\xd5\xd7\x35\x21\xaa" + "\x5d\x9f\xce\x7c\xe2\xb8\xad\xad" + "\x19\x33\xe0\xf4\x40\x81\x72\x28" + "\xe1\x8b\x1c\xf8\x91\x78\xff\xaf" + "\xb0\x68\x69\xf2\x27\x35\x91\x84" + "\x2e\x37\x5b\x00\x04\xff\x16\x9c" + "\xb5\x19\x39\xeb\xd9\xcd\x29\x9a", + .ilen = 64, + .result = "\x05\xc5\xb1\xf9\x1b\xb9\xab\x2c" + "\xa5\x07\x12\xa7\x12\x39\x60\x66" + "\x30\x81\x4a\x03\x78\x28\x45\x52" + "\xd2\x2b\x24\xfd\x8b\xa5\xb7\x66" + "\x6f\x45\xd7\x3b\x67\x6f\x51\xb9" + "\xc0\x3d\x6c\xca\x1e\xae\xff\xb6" + "\x79\xa9\xe4\x82\x5d\x4c\x2d\xdf" + "\xeb\x71\x40\xc9\x2c\x40\x45\x6d" + "\x73\x77\x01\xf3\x4f\xf3\x9d\x2a" + "\x5d\x57\xa8\xa1\x18\xa2\xad\xcb", + .rlen = 80, + }, { + .key = "\xa7\x00\x93\x5b\x70\x61\x9d\xc2" + "\x86\xf7\xde\xfa\xd5\xfe\x52\x2b", + .klen = 16, + .iv = "\xb6\xca\x22\xc3\xb4\x00\x47\x49" + "\xa6\x2d\x0a\x1e\xd4\xc7\x83\xad", + .assoc = "\xc5", + .alen = 1, + .input = "", + .ilen = 0, + .result = "\x4d\xbf\x11\xac\x7f\x97\x0b\x2e" + "\x89\x3b\x9d\x0f\x83\x1c\x08\xc3", + .rlen = 16, + }, { + .key = "\xe4\x25\xcd\xfa\x80\xdd\x46\xde" + "\x07\xd1\x90\x8b\xcf\x23\x15\x31", + .klen = 16, + .iv = "\xf3\xee\x5c\x62\xc4\x7c\xf0\x65" + "\x27\x08\xbd\xaf\xce\xec\x45\xb3", + .assoc = "\x02\xb8\xea\xca\x09\x1b\x9a\xec" + "\x47\x3e\xe9\xd4\xcc\xb5\x76\x34" + "\xe8\x73\x62\x64\xab\x50\xd0\xda" + "\x6b\x83\x66\xaf\x3e\x27\xc9", + .alen = 31, + .input = "", + .ilen = 0, + .result = "\x5b\xc0\x8d\x54\xe4\xec\xbe\x38" + "\x03\x12\xf9\xcc\x9e\x46\x42\x92", + .rlen = 16, + }, { + .key = "\x20\x4a\x07\x99\x91\x58\xee\xfa" + "\x88\xab\x42\x1c\xc9\x47\xd7\x38", + .klen = 16, + .iv = "\x2f\x13\x95\x01\xd5\xf7\x99\x81" + "\xa8\xe2\x6f\x41\xc8\x10\x08\xb9", + .assoc = "\x3f\xdc\x24\x69\x19\x96\x43\x08" + "\xc8\x18\x9b\x65\xc6\xd9\x39\x3b" + "\x12\x35\x6e\xe8\xb0\xf0\x52\xf3" + "\x2d\xb0\x45\x87\x18\x86\x68\xf6", + .alen = 32, + .input = "", + .ilen = 0, + .result = "\x48\xc5\xc3\x4c\x40\x2e\x2f\xc2" + "\x6d\x65\xe0\x67\x9c\x1d\xa0\xf0", + .rlen = 16, + }, { + .key = "\x5d\x6f\x41\x39\xa1\xd4\x97\x16" + "\x09\x85\xf4\xae\xc3\x6b\x9a\x3e", + .klen = 16, + .iv = "\x6c\x38\xcf\xa1\xe5\x73\x41\x9d" + "\x29\xbc\x21\xd2\xc2\x35\xcb\xbf", + .assoc = "\x7b\x01\x5d\x08\x29\x12\xec\x24" + "\x49\xf3\x4d\xf7\xc0\xfe\xfb\x41" + "\x3c\xf8\x79\x6c\xb6\x90\xd4\x0d" + "\xee\xde\x23\x60\xf2\xe5\x08\xcc" + "\x97", + .alen = 33, + .input = "", + .ilen = 0, + .result = "\x28\x64\x78\x51\x55\xd8\x56\x4a" + "\x58\x3e\xf7\xbe\xee\x21\xfe\x94", + .rlen = 16, + }, { + .key = "\x99\x93\x7a\xd8\xb1\x50\x40\x31" + "\x8a\x60\xa6\x3f\xbd\x90\x5d\x44", + .klen = 16, + .iv = "\xa8\x5c\x09\x40\xf5\xef\xea\xb8" + "\xaa\x96\xd3\x64\xbc\x59\x8d\xc6", + .assoc = "\xb8\x26\x97\xa8\x39\x8e\x94\x3f" + "\xca\xcd\xff\x88\xba\x22\xbe\x47" + "\x67\xba\x85\xf1\xbb\x30\x56\x26" + "\xaf\x0b\x02\x38\xcc\x44\xa7\xa3" + "\xa6\xbf\x31\x93\x60\xcd\xda\x63" + "\x2c\xb1\xaa\x19\xc8\x19\xf8\xeb" + "\x03\xa1\xe8\xbe\x37\x54\xec\xa2" + "\xcd\x2c\x45\x58\xbd\x8e\x80", + .alen = 63, + .input = "", + .ilen = 0, + .result = "\xb3\xa6\x00\x4e\x09\x20\xac\x21" + "\x77\x72\x69\x76\x2d\x36\xe5\xc8", + .rlen = 16, + }, { + .key = "\xd6\xb8\xb4\x77\xc1\xcb\xe9\x4d" + "\x0a\x3a\x58\xd1\xb7\xb4\x1f\x4a", + .klen = 16, + .iv = "\xe5\x81\x42\xdf\x05\x6a\x93\xd4" + "\x2b\x70\x85\xf5\xb6\x7d\x50\xcc", + .assoc = "\xf4\x4a\xd1\x47\x49\x09\x3d\x5b" + "\x4b\xa7\xb1\x19\xb4\x46\x81\x4d" + "\x91\x7c\x91\x75\xc0\xd0\xd8\x40" + "\x71\x39\xe1\x10\xa6\xa3\x46\x7a" + "\xb4\x6b\x35\xc2\xc1\xdf\xed\x60" + "\x46\xc1\x3e\x7f\x8c\xc2\x0e\x7a" + "\x30\x08\xd0\x5f\xa0\xaa\x0c\x6d" + "\x9c\x2f\xdb\x97\xb8\x15\x69\x01", + .alen = 64, + .input = "", + .ilen = 0, + .result = "\x65\x33\x7b\xa1\x63\xf4\x20\xdd" + "\xe4\xb9\x4a\xaa\x9a\x21\xaa\x14", + .rlen = 16, + }, { + .key = "\x12\xdd\xee\x17\xd1\x47\x92\x69" + "\x8b\x14\x0a\x62\xb1\xd9\xe2\x50", + .klen = 16, + .iv = "\x22\xa6\x7c\x7f\x15\xe6\x3c\xf0" + "\xac\x4b\x37\x86\xb0\xa2\x13\xd2", + .assoc = "\x31", + .alen = 1, + .input = "\x40", + .ilen = 1, + .result = "\x1d\x47\x17\x34\x86\xf5\x54\x1a" + "\x6d\x28\xb8\x5d\x6c\xcf\xa0\xb9" + "\xbf", + .rlen = 17, + }, { + .key = "\x4f\x01\x27\xb6\xe1\xc3\x3a\x85" + "\x0c\xee\xbc\xf4\xab\xfd\xa5\x57", + .klen = 16, + .iv = "\x5e\xcb\xb6\x1e\x25\x62\xe4\x0c" + "\x2d\x25\xe9\x18\xaa\xc6\xd5\xd8", + .assoc = "\x6d\x94\x44\x86\x69\x00\x8f\x93" + "\x4d\x5b\x15\x3c\xa8\x8f\x06\x5a" + "\xe6\x01\xa8\x7e\xca\x10\xdc\x73" + "\xf4\x94\x9f\xc1\x5a\x61\x85", + .alen = 31, + .input = "\x7c\x5d\xd3\xee\xad\x9f\x39\x1a" + "\x6d\x92\x42\x61\xa7\x58\x37\xdb" + "\xb0\xb2\x2b\x9f\x0b\xb8\xbd\x7a" + "\x24\xa0\xd6\xb7\x11\x79\x6c", + .ilen = 31, + .result = "\x78\x90\x52\xae\x0f\xf7\x2e\xef" + "\x63\x09\x08\x58\xb5\x56\xbd\x72" + "\x6e\x42\xcf\x27\x04\x7c\xdb\x92" + "\x18\xe9\xa4\x33\x90\xba\x62\xb5" + "\x70\xd3\x88\x9b\x4f\x05\xa7\x51" + "\x85\x87\x17\x09\x42\xed\x4e", + .rlen = 47, + }, { + .key = "\x8b\x26\x61\x55\xf1\x3e\xe3\xa1" + "\x8d\xc8\x6e\x85\xa5\x21\x67\x5d", + .klen = 16, + .iv = "\x9b\xef\xf0\xbd\x35\xdd\x8d\x28" + "\xad\xff\x9b\xa9\xa4\xeb\x98\xdf", + .assoc = "\xaa\xb8\x7e\x25\x79\x7c\x37\xaf" + "\xce\x36\xc7\xce\xa2\xb4\xc9\x60" + "\x10\xc3\xb3\x02\xcf\xb0\x5e\x8d" + "\xb5\xc2\x7e\x9a\x35\xc0\x24\xfd", + .alen = 32, + .input = "\xb9\x82\x0c\x8d\xbd\x1b\xe2\x36" + "\xee\x6c\xf4\xf2\xa1\x7d\xf9\xe2" + "\xdb\x74\x36\x23\x11\x58\x3f\x93" + "\xe5\xcd\xb5\x90\xeb\xd8\x0c\xb3", + .ilen = 32, + .result = "\x1d\x2c\x57\xe0\x50\x38\x3d\x41" + "\x2e\x71\xc8\x3b\x92\x43\x58\xaf" + "\x5a\xfb\xad\x8f\xd9\xd5\x8a\x5e" + "\xdb\xf3\xcd\x3a\x2b\xe1\x2c\x1a" + "\xb0\xed\xe3\x0c\x6e\xf9\xf2\xd6" + "\x90\xe6\xb1\x0e\xa5\x8a\xac\xb7", + .rlen = 48, + }, { + .key = "\xc8\x4b\x9b\xf5\x01\xba\x8c\xbd" + "\x0e\xa3\x21\x16\x9f\x46\x2a\x63", + .klen = 16, + .iv = "\xd7\x14\x29\x5d\x45\x59\x36\x44" + "\x2e\xd9\x4d\x3b\x9e\x0f\x5b\xe5", + .assoc = "\xe6\xdd\xb8\xc4\x89\xf8\xe0\xca" + "\x4f\x10\x7a\x5f\x9c\xd8\x8b\x66" + "\x3b\x86\xbf\x86\xd4\x50\xe0\xa7" + "\x76\xef\x5c\x72\x0f\x1f\xc3\xd4" + "\xee", + .alen = 33, + .input = "\xf5\xa6\x46\x2c\xce\x97\x8a\x51" + "\x6f\x46\xa6\x83\x9b\xa1\xbc\xe8" + "\x05\x36\x42\xa7\x16\xf8\xc1\xad" + "\xa7\xfb\x94\x68\xc5\x37\xab\x8a" + "\x72", + .ilen = 33, + .result = "\x59\x10\x84\x1c\x83\x4c\x8b\xfc" + "\xfd\x2e\x4b\x46\x84\xff\x78\x4e" + "\x50\xda\x5c\xb9\x61\x1d\xf5\xb9" + "\xfe\xbb\x7f\xae\x8c\xc1\x24\xbd" + "\x8c\x6f\x1f\x9b\xce\xc6\xc1\x37" + "\x08\x06\x5a\xe5\x96\x10\x95\xc2" + "\x5e", + .rlen = 49, + }, { + .key = "\x05\x70\xd5\x94\x12\x36\x35\xd8" + "\x8f\x7d\xd3\xa8\x99\x6a\xed\x69", + .klen = 16, + .iv = "\x14\x39\x63\xfc\x56\xd5\xdf\x5f" + "\xaf\xb3\xff\xcc\x98\x33\x1d\xeb", + .assoc = "\x23\x02\xf1\x64\x9a\x73\x89\xe6" + "\xd0\xea\x2c\xf1\x96\xfc\x4e\x6d" + "\x65\x48\xcb\x0a\xda\xf0\x62\xc0" + "\x38\x1d\x3b\x4a\xe9\x7e\x62\xaa" + "\xfd\xc9\x4a\xa9\xa9\x39\x4b\x54" + "\xc8\x0e\x24\x7f\x5e\x10\x7a\x45" + "\x10\x0b\x56\x85\xad\x54\xaa\x66" + "\xa8\x43\xcd\xd4\x9b\xb7\xfa", + .alen = 63, + .input = "\x32\xcb\x80\xcc\xde\x12\x33\x6d" + "\xf0\x20\x58\x15\x95\xc6\x7f\xee" + "\x2f\xf9\x4e\x2c\x1b\x98\x43\xc7" + "\x68\x28\x73\x40\x9f\x96\x4a\x60" + "\x80\xf4\x4b\xf4\xc1\x3d\xd0\x93" + "\xcf\x12\xc9\x59\x8f\x7a\x7f\xa8" + "\x1b\xa5\x50\xed\x87\xa9\x72\x59" + "\x9c\x44\xb2\xa4\x99\x98\x34", + .ilen = 63, + .result = "\x9a\x12\xbc\xdf\x72\xa8\x56\x22" + "\x49\x2d\x07\x92\xfc\x3d\x6d\x5f" + "\xef\x36\x19\xae\x91\xfa\xd6\x63" + "\x46\xea\x8a\x39\x14\x21\xa6\x37" + "\x18\xfc\x97\x3e\x16\xa5\x4d\x39" + "\x45\x2e\x69\xcc\x9c\x5f\xdf\x6d" + "\x5e\xa2\xbf\xac\x83\x32\x72\x52" + "\x58\x58\x23\x40\xfd\xa5\xc2\xe6" + "\xe9\x5a\x50\x98\x00\x58\xc9\x86" + "\x4f\x20\x37\xdb\x7b\x22\xa3", + .rlen = 79, + }, { + .key = "\x41\x94\x0e\x33\x22\xb1\xdd\xf4" + "\x10\x57\x85\x39\x93\x8f\xaf\x70", + .klen = 16, + .iv = "\x50\x5d\x9d\x9b\x66\x50\x88\x7b" + "\x30\x8e\xb1\x5e\x92\x58\xe0\xf1", + .assoc = "\x5f\x27\x2b\x03\xaa\xef\x32\x02" + "\x50\xc4\xde\x82\x90\x21\x11\x73" + "\x8f\x0a\xd6\x8f\xdf\x90\xe4\xda" + "\xf9\x4a\x1a\x23\xc3\xdd\x02\x81" + "\x0b\x76\x4f\xd7\x0a\x4b\x5e\x51" + "\xe3\x1d\xb9\xe5\x21\xb9\x8f\xd4" + "\x3d\x72\x3e\x26\x16\xa9\xca\x32" + "\x77\x47\x63\x14\x95\x3d\xe4\x34", + .alen = 64, + .input = "\x6e\xf0\xba\x6b\xee\x8e\xdc\x89" + "\x71\xfb\x0a\xa6\x8f\xea\x41\xf4" + "\x5a\xbb\x59\xb0\x20\x38\xc5\xe0" + "\x29\x56\x52\x19\x79\xf5\xe9\x37" + "\x8f\xa1\x50\x23\x22\x4f\xe3\x91" + "\xe9\x21\x5e\xbf\x52\x23\x95\x37" + "\x48\x0c\x38\x8f\xf0\xff\x92\x24" + "\x6b\x47\x49\xe3\x94\x1f\x1e\x01", + .ilen = 64, + .result = "\xe6\xeb\x92\x5a\x5b\xf0\x2d\xbb" + "\x23\xec\x35\xe3\xae\xc9\xfb\x0b" + "\x90\x14\x46\xeb\xa8\x8d\xb0\x9b" + "\x39\xda\x8b\x48\xec\xb2\x00\x4e" + "\x80\x6f\x46\x4f\x9b\x1e\xbb\x35" + "\xea\x5a\xbc\xa2\x36\xa5\x89\x45" + "\xc2\xd6\xd7\x15\x0b\xf6\x6c\x56" + "\xec\x99\x7d\x61\xb3\x15\x93\xed" + "\x83\x1e\xd9\x48\x84\x0b\x37\xfe" + "\x95\x74\x44\xd5\x54\xa6\x27\x06", + .rlen = 80, + }, { + .key = "\x7e\xb9\x48\xd3\x32\x2d\x86\x10" + "\x91\x31\x37\xcb\x8d\xb3\x72\x76", + .klen = 16, + .iv = "\x8d\x82\xd6\x3b\x76\xcc\x30\x97" + "\xb1\x68\x63\xef\x8c\x7c\xa3\xf7", + .assoc = "\x9c\x4b\x65\xa2\xba\x6b\xdb\x1e" + "\xd1\x9e\x90\x13\x8a\x45\xd3\x79" + "\xba\xcd\xe2\x13\xe4\x30\x66\xf4" + "\xba\x78\xf9\xfb\x9d\x3c\xa1\x58" + "\x1a\x22\x53\x05\x6b\x5c\x71\x4f" + "\xfd\x2d\x4d\x4c\xe5\x62\xa5\x63" + "\x6a\xda\x26\xc8\x7f\xff\xea\xfd" + "\x46\x4a\xfa\x53\x8f\xc4\xcd\x68" + "\x58", + .alen = 65, + .input = "\xab\x14\xf3\x0a\xfe\x0a\x85\xa5" + "\xf2\xd5\xbc\x38\x89\x0e\x04\xfb" + "\x84\x7d\x65\x34\x25\xd8\x47\xfa" + "\xeb\x83\x31\xf1\x54\x54\x89\x0d" + "\x9d\x4d\x54\x51\x84\x61\xf6\x8e" + "\x03\x31\xf2\x25\x16\xcc\xaa\xc6" + "\x75\x73\x20\x30\x59\x54\xb2\xf0" + "\x3a\x4b\xe0\x23\x8e\xa6\x08\x35" + "\x8a\xdf\x27\xa0\xe4\x60\x99\xae" + "\x8e\x43\xd9\x39\x7b\x10\x40\x67" + "\x5c\x7e\xc9\x70\x63\x34\xca\x59" + "\xfe\x86\xbc\xb7\x9c\x39\xf3\x6d" + "\x6a\x41\x64\x6f\x16\x7f\x65\x7e" + "\x89\x84\x68\xeb\xb0\x51\xbe\x55" + "\x33\x16\x59\x6c\x3b\xef\x88\xad" + "\x2f\xab\xbc\x25\x76\x87\x41\x2f" + "\x36", + .ilen = 129, + .result = "\x89\x24\x27\x86\xdc\xd7\x6b\xd9" + "\xd1\xcd\xdc\x16\xdd\x2c\xc1\xfb" + "\x52\xb5\xb3\xab\x50\x99\x3f\xa0" + "\x38\xa4\x74\xa5\x04\x15\x63\x05" + "\x8f\x54\x81\x06\x5a\x6b\xa4\x63" + "\x6d\xa7\x21\xcb\xff\x42\x30\x8e" + "\x3b\xd1\xca\x3f\x4b\x1a\xb8\xc3" + "\x42\x01\xe6\xbc\x75\x15\x87\xee" + "\xc9\x8e\x65\x01\xd9\xd8\xb5\x9f" + "\x48\x86\xa6\x5f\x2c\xc7\xb5\xb0" + "\xed\x5d\x14\x7c\x3f\x40\xb1\x0b" + "\x72\xef\x94\x8d\x7a\x85\x56\xe5" + "\x56\x08\x15\x56\xba\xaf\xbd\xf0" + "\x20\xef\xa0\xf6\xa9\xad\xa2\xc9" + "\x1c\x3b\x28\x51\x7e\x77\xb2\x18" + "\x4f\x61\x64\x37\x22\x36\x6d\x78" + "\xed\xed\x35\xe8\x83\xa5\xec\x25" + "\x6b\xff\x5f\x1a\x09\x96\x3d\xdc" + "\x20", + .rlen = 145, + }, { + .key = "\xba\xde\x82\x72\x42\xa9\x2f\x2c" + "\x12\x0b\xe9\x5c\x87\xd7\x35\x7c", + .klen = 16, + .iv = "\xc9\xa7\x10\xda\x86\x48\xd9\xb3" + "\x32\x42\x15\x80\x85\xa1\x65\xfe", + .assoc = "\xd8\x70\x9f\x42\xca\xe6\x83\x3a" + "\x52\x79\x42\xa5\x84\x6a\x96\x7f" + "\xe4\x8f\xed\x97\xe9\xd0\xe8\x0d" + "\x7c\xa6\xd8\xd4\x77\x9b\x40\x2e" + "\x28\xce\x57\x34\xcd\x6e\x84\x4c" + "\x17\x3c\xe1\xb2\xa8\x0b\xbb\xf1" + "\x96\x41\x0d\x69\xe8\x54\x0a\xc8" + "\x15\x4e\x91\x92\x89\x4b\xb7\x9b" + "\x21\xf7\x42\x89\xac\x12\x2a\x54" + "\x69\xee\x18\xc7\x8d\xed\xe8\xfd" + "\xbb\x04\x28\xe6\x8a\x3c\x98\xc1" + "\x04\x2d\xa9\xa1\x24\x83\xff\xe9" + "\x55\x7a\xf0\xd1\xf6\x63\x05\xe1" + "\xd9\x1e\x75\x72\xc1\x9f\xae\x32" + "\xe1\x6b\xcd\x9e\x61\x19\x23\x86" + "\xd9\xd2\xaf\x8e\xd5\xd3\xa8\xa9" + "\x51", + .alen = 129, + .input = "\xe8\x39\x2d\xaa\x0e\x85\x2d\xc1" + "\x72\xaf\x6e\xc9\x82\x33\xc7\x01" + "\xaf\x40\x70\xb8\x2a\x78\xc9\x14" + "\xac\xb1\x10\xca\x2e\xb3\x28\xe4" + "\xac\xfa\x58\x7f\xe5\x73\x09\x8c" + "\x1d\x40\x87\x8c\xd9\x75\xc0\x55" + "\xa2\xda\x07\xd1\xc2\xa9\xd1\xbb" + "\x09\x4f\x77\x62\x88\x2d\xf2\x68" + "\x54", + .ilen = 65, + .result = "\x36\x78\xb9\x22\xde\x62\x35\x55" + "\x1a\x7a\xf5\x45\xbc\xd7\x15\x82" + "\x01\xe9\x5a\x07\xea\x46\xaf\x91" + "\xcb\x73\xa5\xee\xe1\xb4\xbf\xc2" + "\xdb\xd2\x9d\x59\xde\xfc\x83\x00" + "\xf5\x46\xac\x97\xd5\x57\xa9\xb9" + "\x1f\x8c\xe8\xca\x68\x8b\x91\x0c" + "\x01\xbe\x0a\xaf\x7c\xf6\x67\xa4" + "\xbf\xbc\x88\x3f\x5d\xd1\xf9\x19" + "\x0f\x9d\xb2\xaf\xb9\x6e\x17\xdf" + "\xa2", + .rlen = 81, + }, { + .key = "\xf7\x02\xbb\x11\x52\x24\xd8\x48" + "\x93\xe6\x9b\xee\x81\xfc\xf7\x82", + .klen = 16, + .iv = "\x06\xcc\x4a\x79\x96\xc3\x82\xcf" + "\xb3\x1c\xc7\x12\x7f\xc5\x28\x04", + .assoc = "\x15\x95\xd8\xe1\xda\x62\x2c\x56" + "\xd3\x53\xf4\x36\x7e\x8e\x59\x85" + "\x0e\x51\xf9\x1c\xee\x70\x6a\x27" + "\x3d\xd3\xb7\xac\x51\xfa\xdf\x05", + .alen = 32, + .input = "\x24\x5e\x67\x49\x1e\x01\xd6\xdd" + "\xf3\x89\x20\x5b\x7c\x57\x89\x07" + "\xd9\x02\x7c\x3d\x2f\x18\x4b\x2d" + "\x6e\xde\xee\xa2\x08\x12\xc7\xba", + .ilen = 32, + .result = "\x08\x1b\x95\x0e\x41\x95\x02\x4b" + "\x9c\xbb\xa8\xd0\x7c\xd3\x44\x6e" + "\x89\x14\x33\x70\x0a\xbc\xea\x39" + "\x88\xaa\x2b\xd5\x73\x11\x55\xf5" + "\x33\x33\x9c\xd7\x42\x34\x49\x8e" + "\x2f\x03\x30\x05\x47\xaf\x34", + .rlen = 47, + }, { + .key = "\x33\x27\xf5\xb1\x62\xa0\x80\x63" + "\x14\xc0\x4d\x7f\x7b\x20\xba\x89", + .klen = 16, + .iv = "\x42\xf0\x84\x19\xa6\x3f\x2b\xea" + "\x34\xf6\x79\xa3\x79\xe9\xeb\x0a", + .assoc = "\x51\xb9\x12\x80\xea\xde\xd5\x71" + "\x54\x2d\xa6\xc8\x78\xb2\x1b\x8c" + "\x39\x14\x05\xa0\xf3\x10\xec\x41" + "\xff\x01\x95\x84\x2b\x59\x7f\xdb", + .alen = 32, + .input = "\x61\x83\xa0\xe8\x2e\x7d\x7f\xf8" + "\x74\x63\xd2\xec\x76\x7c\x4c\x0d" + "\x03\xc4\x88\xc1\x35\xb8\xcd\x47" + "\x2f\x0c\xcd\x7a\xe2\x71\x66\x91", + .ilen = 32, + .result = "\x97\xca\xf4\xe0\x8d\x89\xbf\x68" + "\x0c\x60\xb9\x27\xdf\xaa\x41\xc6" + "\x25\xd8\xf7\x1f\x10\x15\x48\x61" + "\x4c\x95\x00\xdf\x51\x9b\x7f\xe6" + "\x24\x40\x9e\xbe\x3b\xeb\x1b\x98" + "\xb9\x9c\xe5\xef\xf2\x05", + .rlen = 46, + }, { + .key = "\x70\x4c\x2f\x50\x72\x1c\x29\x7f" + "\x95\x9a\xff\x10\x75\x45\x7d\x8f", + .klen = 16, + .iv = "\x7f\x15\xbd\xb8\xb6\xba\xd3\x06" + "\xb5\xd1\x2b\x35\x73\x0e\xad\x10", + .assoc = "\x8e\xde\x4c\x20\xfa\x59\x7e\x8d" + "\xd5\x07\x58\x59\x72\xd7\xde\x92" + "\x63\xd6\x10\x24\xf8\xb0\x6e\x5a" + "\xc0\x2e\x74\x5d\x06\xb8\x1e\xb2", + .alen = 32, + .input = "\x9d\xa7\xda\x88\x3e\xf8\x28\x14" + "\xf5\x3e\x85\x7d\x70\xa0\x0f\x13" + "\x2e\x86\x93\x45\x3a\x58\x4f\x61" + "\xf0\x3a\xac\x53\xbc\xd0\x06\x68", + .ilen = 32, + .result = "\x63\x4c\x2a\x8e\xb4\x6b\x63\x0d" + "\xb5\xec\x9b\x4e\x12\x23\xa3\xcf" + "\x1a\x5a\x70\x15\x5a\x10\x40\x51" + "\xca\x47\x4c\x9d\xc9\x97\xf4\x77" + "\xdb\xc8\x10\x2d\xdc\x65\x20\x3f", + .rlen = 40, + }, { + .key = "\xac\x70\x69\xef\x82\x97\xd2\x9b" + "\x15\x74\xb1\xa2\x6f\x69\x3f\x95", + .klen = 16, + .iv = "\xbb\x3a\xf7\x57\xc6\x36\x7c\x22" + "\x36\xab\xde\xc6\x6d\x32\x70\x17", + .assoc = "\xcb\x03\x85\xbf\x0a\xd5\x26\xa9" + "\x56\xe1\x0a\xeb\x6c\xfb\xa1\x98" + "\x8d\x98\x1c\xa8\xfe\x50\xf0\x74" + "\x81\x5c\x53\x35\xe0\x17\xbd\x88", + .alen = 32, + .input = "\xda\xcc\x14\x27\x4e\x74\xd1\x30" + "\x76\x18\x37\x0f\x6a\xc4\xd1\x1a" + "\x58\x49\x9f\xc9\x3f\xf8\xd1\x7a" + "\xb2\x67\x8b\x2b\x96\x2f\xa5\x3e", + .ilen = 32, + .result = "\xf1\x62\x44\xc7\x5f\x19\xca\x43" + "\x47\x2c\xaf\x68\x82\xbd\x51\xef" + "\x3d\x65\xd8\x45\x2d\x06\x07\x78" + "\x08\x2e\xb3\x23\xcd\x81\x12\x55" + "\x1a", + .rlen = 33, + }, { + .key = "\xe9\x95\xa2\x8f\x93\x13\x7b\xb7" + "\x96\x4e\x63\x33\x69\x8d\x02\x9b" + "\x23\xf9\x22\xeb\x80\xa0\xb1\x81" + "\xe2\x73\xc3\x21\x4d\x47\x8d\xf4", + .klen = 32, + .iv = "\xf8\x5e\x31\xf7\xd7\xb2\x25\x3e" + "\xb7\x85\x90\x58\x67\x57\x33\x1d", + .assoc = "", + .alen = 0, + .input = "", + .ilen = 0, + .result = "\xdf\x2f\x83\xc0\x45\x4a\x2c\xcf" + "\xb9\xd2\x41\xf6\x80\xa1\x52\x70", + .rlen = 16, + }, { + .key = "\x25\xba\xdc\x2e\xa3\x8f\x24\xd3" + "\x17\x29\x15\xc5\x63\xb2\xc5\xa1" + "\x4d\xbc\x2d\x6f\x85\x40\x33\x9a" + "\xa3\xa0\xa1\xfa\x27\xa6\x2c\xca", + .klen = 32, + .iv = "\x34\x83\x6a\x96\xe7\x2d\xce\x5a" + "\x38\x5f\x42\xe9\x61\x7b\xf5\x23", + .assoc = "", + .alen = 0, + .input = "\x53", + .ilen = 1, + .result = "\x01\xd8\x55\x3c\xc0\x5a\x4b\xc7" + "\x01\xf4\x08\xe3\x0d\xf7\xf0\x78" + "\x53", + .rlen = 17, + }, { + .key = "\x62\xdf\x16\xcd\xb3\x0a\xcc\xef" + "\x98\x03\xc7\x56\x5d\xd6\x87\xa8" + "\x77\x7e\x39\xf3\x8a\xe0\xb5\xb4" + "\x65\xce\x80\xd2\x01\x05\xcb\xa1", + .klen = 32, + .iv = "\x71\xa8\xa4\x35\xf7\xa9\x76\x75" + "\xb8\x39\xf4\x7a\x5b\x9f\xb8\x29", + .assoc = "", + .alen = 0, + .input = "\x8f\x3a\xc1\x05\x7f\xe7\xcb\x83" + "\xf9\xa6\x4d\xc3\x58\x31\x19\x2c" + "\xd7\x90\xc2\x56\x4e\xd8\x57\xc7" + "\xf6\xf0\x27\xb4\x25\x4c\x83", + .ilen = 31, + .result = "\xc2\x4b\x41\x0f\x2d\xb9\x62\x07" + "\xff\x8e\x74\xf8\xa1\xa6\xd5\x37" + "\xa5\x64\x31\x5c\xca\x73\x9b\x43" + "\xe6\x70\x63\x46\x95\xcb\xf7\xb5" + "\x20\x8c\x75\x7a\x2a\x17\x2f\xa9" + "\xb8\x4d\x11\x42\xd1\xf8\xf1", + .rlen = 47, + }, { + .key = "\x9e\x03\x4f\x6d\xc3\x86\x75\x0a" + "\x19\xdd\x79\xe8\x57\xfb\x4a\xae" + "\xa2\x40\x45\x77\x90\x80\x37\xce" + "\x26\xfb\x5f\xaa\xdb\x64\x6b\x77", + .klen = 32, + .iv = "\xae\xcc\xde\xd5\x07\x25\x1f\x91" + "\x39\x14\xa6\x0c\x55\xc4\x7b\x30", + .assoc = "", + .alen = 0, + .input = "\xcc\x5f\xfb\xa4\x8f\x63\x74\x9f" + "\x7a\x81\xff\x55\x52\x56\xdc\x33" + "\x01\x52\xcd\xdb\x53\x78\xd9\xe1" + "\xb7\x1d\x06\x8d\xff\xab\x22\x98", + .ilen = 32, + .result = "\xbb\x01\x7c\xd1\x2c\x33\x7b\x37" + "\x0a\xee\xc4\x30\x19\xd7\x3a\x6f" + "\xf8\x2b\x67\xf5\x3b\x84\x87\x2a" + "\xfb\x07\x7a\x82\xb5\xe4\x85\x26" + "\x1e\xa8\xe5\x04\x54\xce\xe5\x5f" + "\xb5\x3f\xc1\xd5\x7f\xbd\xd2\xa6", + .rlen = 48, + }, { + .key = "\xdb\x28\x89\x0c\xd3\x01\x1e\x26" + "\x9a\xb7\x2b\x79\x51\x1f\x0d\xb4" + "\xcc\x03\x50\xfc\x95\x20\xb9\xe7" + "\xe8\x29\x3e\x83\xb5\xc3\x0a\x4e", + .klen = 32, + .iv = "\xea\xf1\x18\x74\x17\xa0\xc8\xad" + "\xba\xee\x58\x9d\x4f\xe8\x3d\x36", + .assoc = "", + .alen = 0, + .input = "\x08\x84\x34\x44\x9f\xde\x1c\xbb" + "\xfb\x5b\xb1\xe6\x4c\x7a\x9f\x39" + "\x2c\x14\xd9\x5f\x59\x18\x5b\xfb" + "\x79\x4b\xe5\x65\xd9\x0a\xc1\x6f" + "\x2e", + .ilen = 33, + .result = "\xc2\xf4\x40\x55\xf9\x59\xff\x73" + "\x08\xf5\x98\x92\x0c\x7b\x35\x9a" + "\xa8\xf4\x42\x7e\x6f\x93\xca\x22" + "\x23\x06\x1e\xf8\x89\x22\xf4\x46" + "\x7c\x7c\x67\x75\xab\xe5\x75\xaa" + "\x15\xd7\x83\x19\xfd\x31\x59\x5b" + "\x32", + .rlen = 49, + }, { + .key = "\x17\x4d\xc3\xab\xe3\x7d\xc7\x42" + "\x1b\x91\xdd\x0a\x4b\x43\xcf\xba" + "\xf6\xc5\x5c\x80\x9a\xc0\x3b\x01" + "\xa9\x56\x1d\x5b\x8f\x22\xa9\x25", + .klen = 32, + .iv = "\x27\x16\x51\x13\x27\x1c\x71\xc9" + "\x3b\xc8\x0a\x2f\x49\x0c\x00\x3c", + .assoc = "", + .alen = 0, + .input = "\x45\xa8\x6e\xe3\xaf\x5a\xc5\xd7" + "\x7c\x35\x63\x77\x46\x9f\x61\x3f" + "\x56\xd7\xe4\xe3\x5e\xb8\xdc\x14" + "\x3a\x79\xc4\x3e\xb3\x69\x61\x46" + "\x3c\xb6\x83\x4e\xb4\x26\xc7\x73" + "\x22\xda\x52\x8b\x7d\x11\x98\xea" + "\x62\xe1\x14\x1e\xdc\xfe\x0f\xad" + "\x20\x76\x5a\xdc\x4e\x71\x13", + .ilen = 63, + .result = "\xc9\x82\x3b\x4b\x87\x84\xa5\xdb" + "\xa0\x8c\xd3\x3e\x7f\x8d\xe8\x28" + "\x2a\xdc\xfa\x01\x84\x87\x9a\x70" + "\x81\x75\x37\x0a\xd2\x75\xa9\xb6" + "\x21\x72\xee\x7e\x65\x95\xe5\xcc" + "\x01\xb7\x39\xa6\x51\x15\xca\xff" + "\x61\xdc\x97\x38\xcc\xf4\xca\xc7" + "\x83\x9b\x05\x11\x72\x60\xf0\xb4" + "\x7e\x06\xab\x0a\xc0\xbb\x59\x23" + "\xaa\x2d\xfc\x4e\x35\x05\x59", + .rlen = 79, + }, { + .key = "\x54\x71\xfd\x4b\xf3\xf9\x6f\x5e" + "\x9c\x6c\x8f\x9c\x45\x68\x92\xc1" + "\x21\x87\x67\x04\x9f\x60\xbd\x1b" + "\x6a\x84\xfc\x34\x6a\x81\x48\xfb", + .klen = 32, + .iv = "\x63\x3b\x8b\xb3\x37\x98\x1a\xe5" + "\xbc\xa2\xbc\xc0\x43\x31\xc2\x42", + .assoc = "", + .alen = 0, + .input = "\x81\xcd\xa8\x82\xbf\xd6\x6e\xf3" + "\xfd\x0f\x15\x09\x40\xc3\x24\x45" + "\x81\x99\xf0\x67\x63\x58\x5e\x2e" + "\xfb\xa6\xa3\x16\x8d\xc8\x00\x1c" + "\x4b\x62\x87\x7c\x15\x38\xda\x70" + "\x3d\xea\xe7\xf2\x40\xba\xae\x79" + "\x8f\x48\xfc\xbf\x45\x53\x2e\x78" + "\xef\x79\xf0\x1b\x49\xf7\xfd\x9c", + .ilen = 64, + .result = "\x11\x7c\x7d\xef\xce\x29\x95\xec" + "\x7e\x9f\x42\xa6\x26\x07\xa1\x75" + "\x2f\x4e\x09\x9a\xf6\x6b\xc2\xfa" + "\x0d\xd0\x17\xdc\x25\x1e\x9b\xdc" + "\x5f\x8c\x1c\x60\x15\x4f\x9b\x20" + "\x7b\xff\xcd\x82\x60\x84\xf4\xa5" + "\x20\x9a\x05\x19\x5b\x02\x0a\x72" + "\x43\x11\x26\x58\xcf\xc5\x41\xcf" + "\x13\xcc\xde\x32\x92\xfa\x86\xf2" + "\xaf\x16\xe8\x8f\xca\xb6\xfd\x54", + .rlen = 80, + }, { + .key = "\x90\x96\x36\xea\x03\x74\x18\x7a" + "\x1d\x46\x42\x2d\x3f\x8c\x54\xc7" + "\x4b\x4a\x73\x89\xa4\x00\x3f\x34" + "\x2c\xb1\xdb\x0c\x44\xe0\xe8\xd2", + .klen = 32, + .iv = "\xa0\x5f\xc5\x52\x47\x13\xc2\x01" + "\x3d\x7c\x6e\x52\x3d\x55\x85\x48", + .assoc = "\xaf", + .alen = 1, + .input = "", + .ilen = 0, + .result = "\x9b\xc5\x3b\x20\x0a\x88\x56\xbe" + "\x69\xdf\xc4\xc4\x02\x46\x3a\xf0", + .rlen = 16, + }, { + .key = "\xcd\xbb\x70\x89\x13\xf0\xc1\x95" + "\x9e\x20\xf4\xbf\x39\xb1\x17\xcd" + "\x76\x0c\x7f\x0d\xa9\xa0\xc1\x4e" + "\xed\xdf\xb9\xe4\x1e\x3f\x87\xa8", + .klen = 32, + .iv = "\xdc\x84\xfe\xf1\x58\x8f\x6b\x1c" + "\xbe\x57\x20\xe3\x37\x7a\x48\x4f", + .assoc = "\xeb\x4d\x8d\x59\x9c\x2e\x15\xa3" + "\xde\x8d\x4d\x07\x36\x43\x78\xd0" + "\x0b\x6d\x84\x4f\x2c\xf0\x82\x5b" + "\x4e\xf6\x29\xd1\x8b\x6f\x56", + .alen = 31, + .input = "", + .ilen = 0, + .result = "\xe0\x6d\xa1\x07\x98\x2f\x40\x2d" + "\x2e\x9a\xd6\x61\x43\xc0\x74\x69", + .rlen = 16, + }, { + .key = "\x0a\xe0\xaa\x29\x24\x6c\x6a\xb1" + "\x1f\xfa\xa6\x50\x33\xd5\xda\xd3" + "\xa0\xce\x8a\x91\xae\x40\x43\x68" + "\xae\x0d\x98\xbd\xf8\x9e\x26\x7f", + .klen = 32, + .iv = "\x19\xa9\x38\x91\x68\x0b\x14\x38" + "\x3f\x31\xd2\x74\x31\x9e\x0a\x55", + .assoc = "\x28\x72\xc7\xf8\xac\xaa\xbe\xbf" + "\x5f\x67\xff\x99\x30\x67\x3b\xd6" + "\x35\x2f\x90\xd3\x31\x90\x04\x74" + "\x0f\x23\x08\xa9\x65\xce\xf6\xea", + .alen = 32, + .input = "", + .ilen = 0, + .result = "\xb9\x57\x13\x3e\x82\x31\x61\x65" + "\x0d\x7f\x6c\x96\x93\x5c\x50\xe2", + .rlen = 16, + }, { + .key = "\x46\x04\xe3\xc8\x34\xe7\x12\xcd" + "\xa0\xd4\x58\xe2\x2d\xf9\x9c\xda" + "\xca\x91\x96\x15\xb4\xe0\xc5\x81" + "\x70\x3a\x77\x95\xd2\xfd\xc5\x55", + .klen = 32, + .iv = "\x55\xcd\x72\x30\x78\x86\xbd\x54" + "\xc0\x0b\x84\x06\x2b\xc2\xcd\x5b", + .assoc = "\x64\x97\x00\x98\xbc\x25\x67\xdb" + "\xe0\x41\xb1\x2a\x2a\x8c\xfe\xdd" + "\x5f\xf2\x9c\x58\x36\x30\x86\x8e" + "\xd1\x51\xe6\x81\x3f\x2d\x95\xc1" + "\x01", + .alen = 33, + .input = "", + .ilen = 0, + .result = "\x81\x96\x34\xde\xbb\x36\xdd\x3e" + "\x4e\x5e\xcb\x44\x21\xb8\x3f\xf1", + .rlen = 16, + }, { + .key = "\x83\x29\x1d\x67\x44\x63\xbb\xe9" + "\x20\xaf\x0a\x73\x27\x1e\x5f\xe0" + "\xf5\x53\xa1\x9a\xb9\x80\x47\x9b" + "\x31\x68\x56\x6e\xac\x5c\x65\x2c", + .klen = 32, + .iv = "\x92\xf2\xac\xcf\x88\x02\x65\x70" + "\x41\xe5\x36\x97\x25\xe7\x90\x61", + .assoc = "\xa1\xbb\x3a\x37\xcc\xa1\x10\xf7" + "\x61\x1c\x63\xbc\x24\xb0\xc0\xe3" + "\x8a\xb4\xa7\xdc\x3b\xd0\x08\xa8" + "\x92\x7f\xc5\x5a\x19\x8c\x34\x97" + "\x0f\x95\x9b\x18\xe4\x8d\xb4\x24" + "\xb9\x33\x28\x18\xe1\x9d\x14\xe0" + "\x64\xb2\x89\x7d\x78\xa8\x05\x7e" + "\x07\x8c\xfc\x88\x2d\xb8\x53", + .alen = 63, + .input = "", + .ilen = 0, + .result = "\x2e\x99\xb6\x79\x57\x56\x80\x36" + "\x8e\xc4\x1c\x12\x7d\x71\x36\x0c", + .rlen = 16, + }, { + .key = "\xbf\x4e\x57\x07\x54\xdf\x64\x05" + "\xa1\x89\xbc\x04\x21\x42\x22\xe6" + "\x1f\x15\xad\x1e\xbe\x20\xc9\xb4" + "\xf3\x95\x35\x46\x86\xbb\x04\x03", + .klen = 32, + .iv = "\xce\x17\xe5\x6f\x98\x7e\x0e\x8c" + "\xc2\xbf\xe8\x29\x1f\x0b\x52\x68", + .assoc = "\xdd\xe0\x74\xd6\xdc\x1d\xb8\x13" + "\xe2\xf6\x15\x4d\x1e\xd4\x83\xe9" + "\xb4\x76\xb3\x60\x40\x70\x8a\xc1" + "\x53\xac\xa4\x32\xf3\xeb\xd3\x6e" + "\x1e\x42\xa0\x46\x45\x9f\xc7\x22" + "\xd3\x43\xbc\x7e\xa5\x47\x2a\x6f" + "\x91\x19\x70\x1e\xe1\xfe\x25\x49" + "\xd6\x8f\x93\xc7\x28\x3f\x3d\x03", + .alen = 64, + .input = "", + .ilen = 0, + .result = "\x7b\x25\x3d\x47\xd4\xa7\x08\xce" + "\x3b\x89\x40\x36\xba\x6d\x0e\xa2", + .rlen = 16, + }, { + .key = "\xfc\x72\x90\xa6\x64\x5a\x0d\x21" + "\x22\x63\x6e\x96\x1b\x67\xe4\xec" + "\x49\xd7\xb9\xa2\xc3\xc0\x4b\xce" + "\xb4\xc3\x14\x1e\x61\x1a\xa3\xd9", + .klen = 32, + .iv = "\x0b\x3c\x1f\x0e\xa8\xf9\xb7\xa7" + "\x42\x9a\x9a\xba\x19\x30\x15\x6e", + .assoc = "\x1a", + .alen = 1, + .input = "\x29", + .ilen = 1, + .result = "\xe6\x09\x6f\x95\x9a\x18\xc8\xf6" + "\x17\x75\x81\x16\xdf\x26\xff\x67" + "\x92", + .rlen = 17, + }, { + .key = "\x38\x97\xca\x45\x74\xd6\xb6\x3c" + "\xa3\x3d\x20\x27\x15\x8b\xa7\xf2" + "\x74\x9a\xc4\x27\xc8\x60\xcd\xe8" + "\x75\xf0\xf2\xf7\x3b\x79\x42\xb0", + .klen = 32, + .iv = "\x47\x60\x59\xad\xb8\x75\x60\xc3" + "\xc3\x74\x4c\x4c\x13\x54\xd8\x74", + .assoc = "\x56\x29\xe7\x15\xfc\x14\x0a\x4a" + "\xe4\xaa\x79\x70\x12\x1d\x08\xf6" + "\x09\xfb\xca\x69\x4b\xb0\x8e\xf5" + "\xd6\x07\x62\xe3\xa8\xa9\x12", + .alen = 31, + .input = "\x66\xf3\x75\x7d\x40\xb3\xb4\xd1" + "\x04\xe1\xa6\x94\x10\xe6\x39\x77" + "\xd3\xac\x4d\x8a\x8c\x58\x6e\xfb" + "\x06\x13\x9a\xd9\x5e\xc0\xfa", + .ilen = 31, + .result = "\x82\xc0\x56\xf0\xd7\xc4\xc9\xfd" + "\x3c\xd1\x2a\xd4\x15\x86\x9d\xda" + "\xea\x6c\x6f\xa1\x33\xb0\x7a\x01" + "\x57\xe7\xf3\x7b\x73\xe7\x54\x10" + "\xc6\x91\xe2\xc6\xa0\x69\xe7\xe6" + "\x76\xc3\xf5\x3a\x76\xfd\x4a", + .rlen = 47, + }, { + .key = "\x75\xbc\x04\xe5\x84\x52\x5e\x58" + "\x24\x17\xd2\xb9\x0e\xaf\x6a\xf9" + "\x9e\x5c\xd0\xab\xcd\x00\x4f\x01" + "\x37\x1e\xd1\xcf\x15\xd8\xe2\x86", + .klen = 32, + .iv = "\x84\x85\x92\x4d\xc8\xf1\x08\xdf" + "\x44\x4e\xff\xdd\x0d\x78\x9a\x7a", + .assoc = "\x93\x4e\x21\xb4\x0c\x90\xb3\x66" + "\x65\x84\x2b\x01\x0b\x42\xcb\xfc" + "\x33\xbd\xd6\xed\x50\x50\x10\x0e" + "\x97\x35\x41\xbb\x82\x08\xb1\xf2", + .alen = 32, + .input = "\xa2\x17\xaf\x1c\x50\x2e\x5d\xed" + "\x85\xbb\x58\x26\x0a\x0b\xfc\x7d" + "\xfe\x6e\x59\x0e\x91\xf8\xf0\x15" + "\xc8\x40\x78\xb1\x38\x1f\x99\xa7", + .ilen = 32, + .result = "\x01\x47\x8e\x6c\xf6\x64\x89\x3a" + "\x71\xce\xe4\xaa\x45\x70\xe6\x84" + "\x62\x48\x08\x64\x86\x6a\xdf\xec" + "\xb4\xa0\xfb\x34\x03\x0c\x19\xf4" + "\x2b\x7b\x36\x73\xec\x54\xa9\x1e" + "\x30\x85\xdb\xe4\xac\xe9\x2c\xca", + .rlen = 48, + }, { + .key = "\xb1\xe1\x3e\x84\x94\xcd\x07\x74" + "\xa5\xf2\x84\x4a\x08\xd4\x2c\xff" + "\xc8\x1e\xdb\x2f\xd2\xa0\xd1\x1b" + "\xf8\x4c\xb0\xa8\xef\x37\x81\x5d", + .klen = 32, + .iv = "\xc0\xaa\xcc\xec\xd8\x6c\xb1\xfb" + "\xc5\x28\xb1\x6e\x07\x9d\x5d\x81", + .assoc = "\xd0\x73\x5a\x54\x1d\x0b\x5b\x82" + "\xe5\x5f\xdd\x93\x05\x66\x8e\x02" + "\x5e\x80\xe1\x71\x55\xf0\x92\x28" + "\x59\x62\x20\x94\x5c\x67\x50\xc8" + "\x58", + .alen = 33, + .input = "\xdf\x3c\xe9\xbc\x61\xaa\x06\x09" + "\x06\x95\x0a\xb7\x04\x2f\xbe\x84" + "\x28\x30\x64\x92\x96\x98\x72\x2e" + "\x89\x6e\x57\x8a\x13\x7e\x38\x7e" + "\xdb", + .ilen = 33, + .result = "\x85\xe0\xf8\x0f\x8e\x49\xe3\x60" + "\xcb\x4a\x54\x94\xcf\xf5\x7e\x34" + "\xe9\xf8\x80\x65\x53\xd0\x72\x70" + "\x4f\x7d\x9d\xd1\x15\x6f\xb9\x2c" + "\xfa\xe8\xdd\xac\x2e\xe1\x3f\x67" + "\x63\x0f\x1a\x59\xb7\x89\xdb\xf4" + "\xc3", + .rlen = 49, + }, { + .key = "\xee\x05\x77\x23\xa5\x49\xb0\x90" + "\x26\xcc\x36\xdc\x02\xf8\xef\x05" + "\xf3\xe1\xe7\xb3\xd8\x40\x53\x35" + "\xb9\x79\x8f\x80\xc9\x96\x20\x33", + .klen = 32, + .iv = "\xfd\xce\x06\x8b\xe9\xe8\x5a\x17" + "\x46\x02\x63\x00\x01\xc1\x20\x87", + .assoc = "\x0c\x98\x94\xf3\x2d\x87\x04\x9e" + "\x66\x39\x8f\x24\xff\x8a\x50\x08" + "\x88\x42\xed\xf6\x5a\x90\x14\x42" + "\x1a\x90\xfe\x6c\x36\xc6\xf0\x9f" + "\x66\xa0\xb5\x2d\x2c\xf8\x25\x15" + "\x55\x90\xa2\x7e\x77\x94\x96\x3a" + "\x71\x1c\xf7\x44\xee\xa8\xc3\x42" + "\xe2\xa3\x84\x04\x0b\xe1\xce", + .alen = 63, + .input = "\x1b\x61\x23\x5b\x71\x26\xae\x25" + "\x87\x6f\xbc\x49\xfe\x53\x81\x8a" + "\x53\xf2\x70\x17\x9b\x38\xf4\x48" + "\x4b\x9b\x36\x62\xed\xdd\xd8\x54" + "\xea\xcb\xb6\x79\x45\xfc\xaa\x54" + "\x5c\x94\x47\x58\xa7\xff\x9c\x9e" + "\x7c\xb6\xf1\xac\xc8\xfd\x8b\x35" + "\xd5\xa4\x6a\xd4\x09\xc2\x08", + .ilen = 63, + .result = "\x00\xe5\x5b\x87\x5c\x20\x22\x8a" + "\xda\x1f\xd3\xff\xbb\xb2\xb0\xf8" + "\xef\xe9\xeb\x9e\x7c\x80\xf4\x2b" + "\x59\xc0\x79\xbc\x17\xa0\x15\x01" + "\xf5\x72\xfb\x5a\xe7\xaf\x07\xe3" + "\x1b\x49\x21\x34\x23\x63\x55\x5e" + "\xee\x4f\x34\x17\xfa\xfe\xa5\x0c" + "\xed\x0b\x23\xea\x9b\xda\x57\x2f" + "\xf6\xa9\xae\x0d\x4e\x40\x96\x45" + "\x7f\xfa\xf0\xbf\xc4\x98\x78", + .rlen = 79, + }, { + .key = "\x2a\x2a\xb1\xc3\xb5\xc5\x59\xac" + "\xa7\xa6\xe8\x6d\xfc\x1d\xb2\x0b" + "\x1d\xa3\xf3\x38\xdd\xe0\xd5\x4e" + "\x7b\xa7\x6e\x58\xa3\xf5\xbf\x0a", + .klen = 32, + .iv = "\x39\xf3\x3f\x2b\xf9\x64\x03\x33" + "\xc7\xdd\x15\x91\xfb\xe6\xe2\x8d", + .assoc = "\x49\xbc\xce\x92\x3d\x02\xad\xba" + "\xe7\x13\x41\xb6\xf9\xaf\x13\x0f" + "\xb2\x04\xf8\x7a\x5f\x30\x96\x5b" + "\xdc\xbd\xdd\x44\x10\x25\x8f\x75" + "\x75\x4d\xb9\x5b\x8e\x0a\x38\x13" + "\x6f\x9f\x36\xe4\x3a\x3e\xac\xc9" + "\x9d\x83\xde\xe5\x57\xfd\xe3\x0e" + "\xb1\xa7\x1b\x44\x05\x67\xb7\x37", + .alen = 64, + .input = "\x58\x85\x5c\xfa\x81\xa1\x57\x40" + "\x08\x4a\x6e\xda\xf8\x78\x44\x90" + "\x7d\xb5\x7b\x9b\xa1\xd8\x76\x62" + "\x0c\xc9\x15\x3b\xc7\x3c\x77\x2b" + "\xf8\x78\xba\xa7\xa6\x0e\xbd\x52" + "\x76\xa3\xdc\xbe\x6b\xa8\xb1\x2d" + "\xa9\x1d\xd8\x4e\x31\x53\xab\x00" + "\xa5\xa7\x01\x13\x04\x49\xf2\x04", + .ilen = 64, + .result = "\x28\xdd\xb9\x4a\x12\xc7\x0a\xe1" + "\x58\x06\x1a\x9b\x8c\x67\xdf\xeb" + "\x35\x35\x60\x9d\x06\x40\x65\xc1" + "\x93\xe8\xb3\x82\x50\x29\xdd\xb5" + "\x2b\xcb\xde\x18\x78\x6b\x42\xbe" + "\x6d\x24\xd0\xb2\x7d\xd7\x08\x8f" + "\x4a\x18\x98\xad\x8c\xf2\x97\xb4" + "\xf4\x77\xe4\xbf\x41\x3b\xc4\x06" + "\xce\x9e\x34\x81\xf0\x89\x11\x13" + "\x02\x65\xa1\x7c\xdf\x07\x33\x06", + .rlen = 80, + }, { + .key = "\x67\x4f\xeb\x62\xc5\x40\x01\xc7" + "\x28\x80\x9a\xfe\xf6\x41\x74\x12" + "\x48\x65\xfe\xbc\xe2\x80\x57\x68" + "\x3c\xd4\x4d\x31\x7d\x54\x5f\xe1", + .klen = 32, + .iv = "\x76\x18\x79\xca\x09\xdf\xac\x4e" + "\x48\xb7\xc7\x23\xf5\x0a\xa5\x93", + .assoc = "\x85\xe1\x08\x32\x4d\x7e\x56\xd5" + "\x68\xed\xf3\x47\xf3\xd3\xd6\x15" + "\xdd\xc7\x04\xfe\x64\xd0\x18\x75" + "\x9d\xeb\xbc\x1d\xea\x84\x2e\x4c" + "\x83\xf9\xbe\x8a\xef\x1c\x4b\x10" + "\x89\xaf\xcb\x4b\xfe\xe7\xc1\x58" + "\xca\xea\xc6\x87\xc0\x53\x03\xd9" + "\x80\xaa\xb2\x83\xff\xee\xa1\x6a" + "\x04", + .alen = 65, + .input = "\x94\xaa\x96\x9a\x91\x1d\x00\x5c" + "\x88\x24\x20\x6b\xf2\x9c\x06\x96" + "\xa7\x77\x87\x1f\xa6\x78\xf8\x7b" + "\xcd\xf6\xf4\x13\xa1\x9b\x16\x02" + "\x07\x24\xbf\xd5\x08\x20\xd0\x4f" + "\x90\xb3\x70\x24\x2f\x51\xc7\xbb" + "\xd6\x84\xc0\xef\x9a\xa8\xca\xcc" + "\x74\xab\x97\x53\xfe\xd0\xdb\x37" + "\x37\x6a\x0e\x9f\x3f\xa3\x2a\xe3" + "\x1b\x34\x6d\x51\x72\x2b\x17\xe7" + "\x4d\xaa\x2c\x18\xda\xa3\x33\x89" + "\x2a\x9f\xf4\xd2\xed\x76\x3d\x3f" + "\x3c\x15\x9d\x8e\x4f\x3c\x27\xb0" + "\x42\x3f\x2f\x8a\xd4\xc2\x10\xb2" + "\x27\x7f\xe3\x34\x80\x02\x49\x4b" + "\x07\x68\x22\x2a\x88\x25\x53\xb2" + "\x2f", + .ilen = 129, + .result = "\x85\x39\x69\x35\xfb\xf9\xb0\xa6" + "\x85\x43\x88\xd0\xd7\x78\x60\x19" + "\x3e\x1f\xb1\xa4\xd6\xc5\x96\xec" + "\xf7\x84\x85\xc7\x27\x0f\x74\x57" + "\x28\x9e\xdd\x90\x3c\x43\x12\xc5" + "\x51\x3d\x39\x8f\xa5\xf4\xe0\x0b" + "\x57\x04\xf1\x6d\xfe\x9b\x84\x27" + "\xe8\xeb\x4d\xda\x02\x0a\xc5\x49" + "\x1a\x55\x5e\x50\x56\x4d\x94\xda" + "\x20\xf8\x12\x54\x50\xb3\x11\xda" + "\xed\x44\x27\x67\xd5\xd1\x8b\x4b" + "\x38\x67\x56\x65\x59\xda\xe6\x97" + "\x81\xae\x2f\x92\x3b\xae\x22\x1c" + "\x91\x59\x38\x18\x00\xe8\xba\x92" + "\x04\x19\x56\xdf\xb0\x82\xeb\x6f" + "\x2e\xdb\x54\x3c\x4b\xbb\x60\x90" + "\x4c\x50\x10\x62\xba\x7a\xb1\x68" + "\x37\xd7\x87\x4e\xe4\x66\x09\x1f" + "\xa5", + .rlen = 145, + }, { + .key = "\xa3\x73\x24\x01\xd5\xbc\xaa\xe3" + "\xa9\x5a\x4c\x90\xf0\x65\x37\x18" + "\x72\x28\x0a\x40\xe7\x20\xd9\x82" + "\xfe\x02\x2b\x09\x57\xb3\xfe\xb7", + .klen = 32, + .iv = "\xb3\x3d\xb3\x69\x19\x5b\x54\x6a" + "\xc9\x91\x79\xb4\xef\x2e\x68\x99", + .assoc = "\xc2\x06\x41\xd1\x5d\xfa\xff\xf1" + "\xe9\xc7\xa5\xd9\xed\xf8\x98\x1b" + "\x07\x89\x10\x82\x6a\x70\x9a\x8f" + "\x5e\x19\x9b\xf5\xc5\xe3\xcd\x22" + "\x92\xa5\xc2\xb8\x51\x2e\x5e\x0e" + "\xa4\xbe\x5f\xb1\xc1\x90\xd7\xe7" + "\xf7\x52\xae\x28\x29\xa8\x22\xa4" + "\x4f\xae\x48\xc2\xfa\x75\x8b\x9e" + "\xce\x83\x2a\x88\x07\x55\xbb\x89" + "\xf6\xdf\xac\xdf\x83\x08\xbf\x7d" + "\xac\x30\x8b\x8e\x02\xac\x00\xf1" + "\x30\x46\xe1\xbc\x75\xbf\x49\xbb" + "\x26\x4e\x29\xf0\x2f\x21\xc6\x13" + "\x92\xd9\x3d\x11\xe4\x10\x00\x8e" + "\xd4\xd4\x58\x65\xa6\x2b\xe3\x25" + "\xb1\x8f\x15\x93\xe7\x71\xb9\x2c" + "\x4b", + .alen = 129, + .input = "\xd1\xcf\xd0\x39\xa1\x99\xa9\x78" + "\x09\xfe\xd2\xfd\xec\xc1\xc9\x9d" + "\xd2\x39\x93\xa3\xab\x18\x7a\x95" + "\x8f\x24\xd3\xeb\x7b\xfa\xb5\xd8" + "\x15\xd1\xc3\x04\x69\x32\xe3\x4d" + "\xaa\xc2\x04\x8b\xf2\xfa\xdc\x4a" + "\x02\xeb\xa8\x90\x03\xfd\xea\x97" + "\x43\xaf\x2e\x92\xf8\x57\xc5\x6a" + "\x00", + .ilen = 65, + .result = "\x7d\xde\x53\x22\xe4\x23\x3b\x30" + "\x78\xde\x35\x90\x7a\xd9\x0b\x93" + "\xf6\x0e\x0b\xed\x40\xee\x10\x9c" + "\x96\x3a\xd3\x34\xb2\xd0\x67\xcf" + "\x63\x7f\x2d\x0c\xcf\x96\xec\x64" + "\x1a\x87\xcc\x7d\x2c\x5e\x81\x4b" + "\xd2\x8f\x4c\x7c\x00\xb1\xb4\xe0" + "\x87\x4d\xb1\xbc\xd8\x78\x2c\x17" + "\xf2\x3b\xd8\x28\x40\xe2\x76\xf6" + "\x20\x13\x83\x46\xaf\xff\xe3\x0f" + "\x72", + .rlen = 81, + }, { + .key = "\xe0\x98\x5e\xa1\xe5\x38\x53\xff" + "\x2a\x35\xfe\x21\xea\x8a\xfa\x1e" + "\x9c\xea\x15\xc5\xec\xc0\x5b\x9b" + "\xbf\x2f\x0a\xe1\x32\x12\x9d\x8e", + .klen = 32, + .iv = "\xef\x61\xed\x08\x29\xd7\xfd\x86" + "\x4a\x6b\x2b\x46\xe9\x53\x2a\xa0", + .assoc = "\xfe\x2a\x7b\x70\x6d\x75\xa7\x0d" + "\x6a\xa2\x57\x6a\xe7\x1c\x5b\x21" + "\x31\x4b\x1b\x07\x6f\x10\x1c\xa8" + "\x20\x46\x7a\xce\x9f\x42\x6d\xf9", + .alen = 32, + .input = "\x0d\xf4\x09\xd8\xb1\x14\x51\x94" + "\x8a\xd8\x84\x8e\xe6\xe5\x8c\xa3" + "\xfc\xfc\x9e\x28\xb0\xb8\xfc\xaf" + "\x50\x52\xb1\xc4\x55\x59\x55\xaf", + .ilen = 32, + .result = "\x5a\xcd\x8c\x57\xf2\x6a\xb6\xbe" + "\x53\xc7\xaa\x9a\x60\x74\x9c\xc4" + "\xa2\xc2\xd0\x6d\xe1\x03\x63\xdc" + "\xbb\x51\x7e\x9c\x89\x73\xde\x4e" + "\x24\xf8\x52\x7c\x15\x41\x0e\xba" + "\x69\x0e\x36\x5f\x2f\x22\x8c", + .rlen = 47, + }, { + .key = "\x1c\xbd\x98\x40\xf5\xb3\xfc\x1b" + "\xaa\x0f\xb0\xb3\xe4\xae\xbc\x24" + "\xc7\xac\x21\x49\xf1\x60\xdd\xb5" + "\x80\x5d\xe9\xba\x0c\x71\x3c\x64", + .klen = 32, + .iv = "\x2c\x86\x26\xa8\x39\x52\xa6\xa2" + "\xcb\x45\xdd\xd7\xe3\x77\xed\xa6", + .assoc = "\x3b\x4f\xb5\x10\x7d\xf1\x50\x29" + "\xeb\x7c\x0a\xfb\xe1\x40\x1e\x27" + "\x5c\x0d\x27\x8b\x74\xb0\x9e\xc2" + "\xe1\x74\x59\xa6\x79\xa1\x0c\xd0", + .alen = 32, + .input = "\x4a\x18\x43\x77\xc1\x90\xfa\xb0" + "\x0b\xb2\x36\x20\xe0\x09\x4e\xa9" + "\x26\xbe\xaa\xac\xb5\x58\x7e\xc8" + "\x11\x7f\x90\x9c\x2f\xb8\xf4\x85", + .ilen = 32, + .result = "\x47\xd6\xce\x78\xd6\xbf\x4a\x51" + "\xb8\xda\x92\x3c\xfd\xda\xac\x8e" + "\x8d\x88\xd7\x4d\x90\xe5\xeb\xa1" + "\xab\xd6\x7c\x76\xad\xea\x7d\x76" + "\x53\xee\xb0\xcd\xd0\x02\xbb\x70" + "\x5b\x6f\x7b\xe2\x8c\xe8", + .rlen = 46, + }, { + .key = "\x59\xe1\xd2\xdf\x05\x2f\xa4\x37" + "\x2b\xe9\x63\x44\xde\xd3\x7f\x2b" + "\xf1\x6f\x2d\xcd\xf6\x00\x5f\xcf" + "\x42\x8a\xc8\x92\xe6\xd0\xdc\x3b", + .klen = 32, + .iv = "\x68\xab\x60\x47\x49\xce\x4f\xbe" + "\x4c\x20\x8f\x68\xdd\x9c\xb0\xac", + .assoc = "\x77\x74\xee\xaf\x8d\x6d\xf9\x45" + "\x6c\x56\xbc\x8d\xdb\x65\xe0\x2e" + "\x86\xd0\x32\x0f\x79\x50\x20\xdb" + "\xa2\xa1\x37\x7e\x53\x00\xab\xa6", + .alen = 32, + .input = "\x86\x3d\x7d\x17\xd1\x0c\xa3\xcc" + "\x8c\x8d\xe8\xb1\xda\x2e\x11\xaf" + "\x51\x80\xb5\x30\xba\xf8\x00\xe2" + "\xd3\xad\x6f\x75\x09\x18\x93\x5c", + .ilen = 32, + .result = "\x9f\xa9\x2b\xa4\x8f\x00\x05\x2b" + "\xe7\x68\x81\x51\xbb\xfb\xdf\x60" + "\xbb\xac\xe8\xc1\xdc\x68\xae\x68" + "\x3a\xcd\x7a\x06\x49\xfe\x80\x11" + "\xe6\x61\x99\xe2\xdd\xbe\x2c\xbf", + .rlen = 40, + }, { + .key = "\x96\x06\x0b\x7f\x15\xab\x4d\x53" + "\xac\xc3\x15\xd6\xd8\xf7\x42\x31" + "\x1b\x31\x38\x51\xfc\xa0\xe1\xe8" + "\x03\xb8\xa7\x6b\xc0\x2f\x7b\x11", + .klen = 32, + .iv = "\xa5\xcf\x9a\xe6\x59\x4a\xf7\xd9" + "\xcd\xfa\x41\xfa\xd7\xc0\x72\xb2", + .assoc = "\xb4\x99\x28\x4e\x9d\xe8\xa2\x60" + "\xed\x30\x6e\x1e\xd5\x89\xa3\x34" + "\xb1\x92\x3e\x93\x7e\xf0\xa2\xf5" + "\x64\xcf\x16\x57\x2d\x5f\x4a\x7d", + .alen = 32, + .input = "\xc3\x62\xb7\xb6\xe2\x87\x4c\xe7" + "\x0d\x67\x9a\x43\xd4\x52\xd4\xb5" + "\x7b\x43\xc1\xb5\xbf\x98\x82\xfc" + "\x94\xda\x4e\x4d\xe4\x77\x32\x32", + .ilen = 32, + .result = "\xe2\x34\xfa\x25\xfd\xfb\x89\x5e" + "\x5b\x4e\x0b\x15\x6e\x39\xfb\x0c" + "\x73\xc7\xd9\x6b\xbe\xce\x9b\x70" + "\xc7\x4f\x96\x16\x03\xfc\xea\xfb" + "\x56", + .rlen = 33, + }, +}; + +static const struct aead_testvec morus1280_dec_tv_template[] = { + { + .key = "\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00", + .klen = 16, + .iv = "\x0f\xc9\x8e\x67\x44\x9e\xaa\x86" + "\x20\x36\x2c\x24\xfe\xc9\x30\x81", + .assoc = "", + .alen = 0, + .input = "\x91\x85\x0f\xf5\x52\x9e\xce\xce" + "\x65\x99\xc7\xbf\xd3\x76\xe8\x98", + .ilen = 16, + .result = "", + .rlen = 0, + }, { + .key = "\x3c\x24\x39\x9f\x10\x7b\xa8\x1b" + "\x80\xda\xb2\x91\xf9\x24\xc2\x06", + .klen = 16, + .iv = "\x4b\xed\xc8\x07\x54\x1a\x52\xa2" + "\xa1\x10\xde\xb5\xf8\xed\xf3\x87", + .assoc = "", + .alen = 0, + .input = "\x88\xc3\x4c\xf0\x2f\x43\x76\x13" + "\x96\xda\x76\x34\x33\x4e\xd5\x39" + "\x73", + .ilen = 17, + .result = "\x69", + .rlen = 1, + }, { + .key = "\x79\x49\x73\x3e\x20\xf7\x51\x37" + "\x01\xb4\x64\x22\xf3\x48\x85\x0c", + .klen = 16, + .iv = "\x88\x12\x01\xa6\x64\x96\xfb\xbe" + "\x22\xea\x90\x47\xf2\x11\xb5\x8e", + .assoc = "", + .alen = 0, + .input = "\x3e\x5c\x3b\x58\x3b\x7d\x2a\x22" + "\x75\x0b\x24\xa6\x0e\xc3\xde\x52" + "\x97\x0b\x64\xd4\xce\x90\x52\xf7" + "\xef\xdb\x6a\x38\xd2\xa8\xa1\x0d" + "\xe0\x61\x33\x24\xc6\x4d\x51\xbc" + "\xa4\x21\x74\xcf\x19\x16\x59", + .ilen = 47, + .result = "\xa6\xa4\x1e\x76\xec\xd4\x50\xcc" + "\x62\x58\xe9\x8f\xef\xa4\x17\x91" + "\xb4\x96\x9f\x6b\xce\x38\xa5\x46" + "\x13\x7d\x64\x93\xd7\x05\xf5", + .rlen = 31, + }, { + .key = "\xb5\x6e\xad\xdd\x30\x72\xfa\x53" + "\x82\x8e\x16\xb4\xed\x6d\x47\x12", + .klen = 16, + .iv = "\xc4\x37\x3b\x45\x74\x11\xa4\xda" + "\xa2\xc5\x42\xd8\xec\x36\x78\x94", + .assoc = "", + .alen = 0, + .input = "\x30\x82\x9c\x2b\x67\xcb\xf9\x1f" + "\xde\x9f\x77\xb2\xda\x92\x61\x5c" + "\x09\x0b\x2d\x9a\x26\xaa\x1c\x06" + "\xab\x74\xb7\x2b\x95\x5f\x9f\xa1" + "\x9a\xff\x50\xa0\xa2\xff\xc5\xad" + "\x21\x8e\x84\x5c\x12\x61\xb2\xae", + .ilen = 48, + .result = "\xe2\xc9\x58\x15\xfc\x4f\xf8\xe8" + "\xe3\x32\x9b\x21\xe9\xc8\xd9\x97" + "\xde\x58\xab\xf0\xd3\xd8\x27\x60" + "\xd5\xaa\x43\x6b\xb1\x64\x95\xa4", + .rlen = 32, + }, { + .key = "\xf2\x92\xe6\x7d\x40\xee\xa3\x6f" + "\x03\x68\xc8\x45\xe7\x91\x0a\x18", + .klen = 16, + .iv = "\x01\x5c\x75\xe5\x84\x8d\x4d\xf6" + "\x23\x9f\xf4\x6a\xe6\x5a\x3b\x9a", + .assoc = "", + .alen = 0, + .input = "\x67\x5d\x8e\x45\xc8\x39\xf5\x17" + "\xc1\x1d\x2a\xdd\x88\x67\xda\x1f" + "\x6d\xe8\x37\x28\x5a\xc1\x5e\x9f" + "\xa6\xec\xc6\x92\x05\x4b\xc0\xa3" + "\x63\xef\x88\xa4\x9b\x0a\x5c\xed" + "\x2b\x6a\xac\x63\x52\xaa\x10\x94" + "\xd0", + .ilen = 49, + .result = "\x1f\xee\x92\xb4\x0c\xcb\xa1\x04" + "\x64\x0c\x4d\xb2\xe3\xec\x9c\x9d" + "\x09\x1a\xb7\x74\xd8\x78\xa9\x79" + "\x96\xd8\x22\x43\x8c\xc3\x34\x7b" + "\xc4", + .rlen = 33, + }, { + .key = "\x2e\xb7\x20\x1c\x50\x6a\x4b\x8b" + "\x84\x42\x7a\xd7\xe1\xb5\xcd\x1f", + .klen = 16, + .iv = "\x3d\x80\xae\x84\x94\x09\xf6\x12" + "\xa4\x79\xa6\xfb\xe0\x7f\xfd\xa0", + .assoc = "", + .alen = 0, + .input = "\x7d\x61\x1a\x35\x20\xcc\x07\x88" + "\x03\x98\x87\xcf\xc0\x6e\x4d\x19" + "\xe3\xd4\x0b\xfb\x29\x8f\x49\x1a" + "\x3a\x06\x77\xce\x71\x2c\xcd\xdd" + "\xed\xf6\xc9\xbe\xa6\x3b\xb8\xfc" + "\x6c\xbe\x77\xed\x74\x0e\x20\x85" + "\xd0\x65\xde\x24\x6f\xe3\x25\xc5" + "\xdf\x5b\x0f\xbd\x8a\x88\x78\xc9" + "\xe5\x81\x37\xde\x84\x7a\xf6\x84" + "\x99\x7a\x72\x9c\x54\x31\xa1", + .ilen = 79, + .result = "\x5c\x13\xcb\x54\x1c\x47\x4a\x1f" + "\xe5\xe6\xff\x44\xdd\x11\x5f\xa3" + "\x33\xdd\xc2\xf8\xdd\x18\x2b\x93" + "\x57\x05\x01\x1c\x66\x22\xd3\x51" + "\xd3\xdf\x18\xc9\x30\x66\xed\xb1" + "\x96\x58\xd5\x8c\x64\x8c\x7c\xf5" + "\x01\xd0\x74\x5f\x9b\xaa\xf6\xd1" + "\xe6\x16\xa2\xac\xde\x47\x40", + .rlen = 63, + }, { + .key = "\x6b\xdc\x5a\xbb\x60\xe5\xf4\xa6" + "\x05\x1d\x2c\x68\xdb\xda\x8f\x25", + .klen = 16, + .iv = "\x7a\xa5\xe8\x23\xa4\x84\x9e\x2d" + "\x25\x53\x58\x8c\xda\xa3\xc0\xa6", + .assoc = "", + .alen = 0, + .input = "\x05\xc5\xb1\xf9\x1b\xb9\xab\x2c" + "\xa5\x07\x12\xa7\x12\x39\x60\x66" + "\x30\x81\x4a\x03\x78\x28\x45\x52" + "\xd2\x2b\x24\xfd\x8b\xa5\xb7\x66" + "\x6f\x45\xd7\x3b\x67\x6f\x51\xb9" + "\xc0\x3d\x6c\xca\x1e\xae\xff\xb6" + "\x79\xa9\xe4\x82\x5d\x4c\x2d\xdf" + "\xeb\x71\x40\xc9\x2c\x40\x45\x6d" + "\x73\x77\x01\xf3\x4f\xf3\x9d\x2a" + "\x5d\x57\xa8\xa1\x18\xa2\xad\xcb", + .ilen = 80, + .result = "\x98\x37\x05\xf3\x2c\xc2\xf3\x3b" + "\x66\xc0\xb1\xd5\xd7\x35\x21\xaa" + "\x5d\x9f\xce\x7c\xe2\xb8\xad\xad" + "\x19\x33\xe0\xf4\x40\x81\x72\x28" + "\xe1\x8b\x1c\xf8\x91\x78\xff\xaf" + "\xb0\x68\x69\xf2\x27\x35\x91\x84" + "\x2e\x37\x5b\x00\x04\xff\x16\x9c" + "\xb5\x19\x39\xeb\xd9\xcd\x29\x9a", + .rlen = 64, + }, { + .key = "\xa7\x00\x93\x5b\x70\x61\x9d\xc2" + "\x86\xf7\xde\xfa\xd5\xfe\x52\x2b", + .klen = 16, + .iv = "\xb6\xca\x22\xc3\xb4\x00\x47\x49" + "\xa6\x2d\x0a\x1e\xd4\xc7\x83\xad", + .assoc = "\xc5", + .alen = 1, + .input = "\x4d\xbf\x11\xac\x7f\x97\x0b\x2e" + "\x89\x3b\x9d\x0f\x83\x1c\x08\xc3", + .ilen = 16, + .result = "", + .rlen = 0, + }, { + .key = "\xe4\x25\xcd\xfa\x80\xdd\x46\xde" + "\x07\xd1\x90\x8b\xcf\x23\x15\x31", + .klen = 16, + .iv = "\xf3\xee\x5c\x62\xc4\x7c\xf0\x65" + "\x27\x08\xbd\xaf\xce\xec\x45\xb3", + .assoc = "\x02\xb8\xea\xca\x09\x1b\x9a\xec" + "\x47\x3e\xe9\xd4\xcc\xb5\x76\x34" + "\xe8\x73\x62\x64\xab\x50\xd0\xda" + "\x6b\x83\x66\xaf\x3e\x27\xc9", + .alen = 31, + .input = "\x5b\xc0\x8d\x54\xe4\xec\xbe\x38" + "\x03\x12\xf9\xcc\x9e\x46\x42\x92", + .ilen = 16, + .result = "", + .rlen = 0, + }, { + .key = "\x20\x4a\x07\x99\x91\x58\xee\xfa" + "\x88\xab\x42\x1c\xc9\x47\xd7\x38", + .klen = 16, + .iv = "\x2f\x13\x95\x01\xd5\xf7\x99\x81" + "\xa8\xe2\x6f\x41\xc8\x10\x08\xb9", + .assoc = "\x3f\xdc\x24\x69\x19\x96\x43\x08" + "\xc8\x18\x9b\x65\xc6\xd9\x39\x3b" + "\x12\x35\x6e\xe8\xb0\xf0\x52\xf3" + "\x2d\xb0\x45\x87\x18\x86\x68\xf6", + .alen = 32, + .input = "\x48\xc5\xc3\x4c\x40\x2e\x2f\xc2" + "\x6d\x65\xe0\x67\x9c\x1d\xa0\xf0", + .ilen = 16, + .result = "", + .rlen = 0, + }, { + .key = "\x5d\x6f\x41\x39\xa1\xd4\x97\x16" + "\x09\x85\xf4\xae\xc3\x6b\x9a\x3e", + .klen = 16, + .iv = "\x6c\x38\xcf\xa1\xe5\x73\x41\x9d" + "\x29\xbc\x21\xd2\xc2\x35\xcb\xbf", + .assoc = "\x7b\x01\x5d\x08\x29\x12\xec\x24" + "\x49\xf3\x4d\xf7\xc0\xfe\xfb\x41" + "\x3c\xf8\x79\x6c\xb6\x90\xd4\x0d" + "\xee\xde\x23\x60\xf2\xe5\x08\xcc" + "\x97", + .alen = 33, + .input = "\x28\x64\x78\x51\x55\xd8\x56\x4a" + "\x58\x3e\xf7\xbe\xee\x21\xfe\x94", + .ilen = 16, + .result = "", + .rlen = 0, + }, { + .key = "\x99\x93\x7a\xd8\xb1\x50\x40\x31" + "\x8a\x60\xa6\x3f\xbd\x90\x5d\x44", + .klen = 16, + .iv = "\xa8\x5c\x09\x40\xf5\xef\xea\xb8" + "\xaa\x96\xd3\x64\xbc\x59\x8d\xc6", + .assoc = "\xb8\x26\x97\xa8\x39\x8e\x94\x3f" + "\xca\xcd\xff\x88\xba\x22\xbe\x47" + "\x67\xba\x85\xf1\xbb\x30\x56\x26" + "\xaf\x0b\x02\x38\xcc\x44\xa7\xa3" + "\xa6\xbf\x31\x93\x60\xcd\xda\x63" + "\x2c\xb1\xaa\x19\xc8\x19\xf8\xeb" + "\x03\xa1\xe8\xbe\x37\x54\xec\xa2" + "\xcd\x2c\x45\x58\xbd\x8e\x80", + .alen = 63, + .input = "\xb3\xa6\x00\x4e\x09\x20\xac\x21" + "\x77\x72\x69\x76\x2d\x36\xe5\xc8", + .ilen = 16, + .result = "", + .rlen = 0, + }, { + .key = "\xd6\xb8\xb4\x77\xc1\xcb\xe9\x4d" + "\x0a\x3a\x58\xd1\xb7\xb4\x1f\x4a", + .klen = 16, + .iv = "\xe5\x81\x42\xdf\x05\x6a\x93\xd4" + "\x2b\x70\x85\xf5\xb6\x7d\x50\xcc", + .assoc = "\xf4\x4a\xd1\x47\x49\x09\x3d\x5b" + "\x4b\xa7\xb1\x19\xb4\x46\x81\x4d" + "\x91\x7c\x91\x75\xc0\xd0\xd8\x40" + "\x71\x39\xe1\x10\xa6\xa3\x46\x7a" + "\xb4\x6b\x35\xc2\xc1\xdf\xed\x60" + "\x46\xc1\x3e\x7f\x8c\xc2\x0e\x7a" + "\x30\x08\xd0\x5f\xa0\xaa\x0c\x6d" + "\x9c\x2f\xdb\x97\xb8\x15\x69\x01", + .alen = 64, + .input = "\x65\x33\x7b\xa1\x63\xf4\x20\xdd" + "\xe4\xb9\x4a\xaa\x9a\x21\xaa\x14", + .ilen = 16, + .result = "", + .rlen = 0, + }, { + .key = "\x12\xdd\xee\x17\xd1\x47\x92\x69" + "\x8b\x14\x0a\x62\xb1\xd9\xe2\x50", + .klen = 16, + .iv = "\x22\xa6\x7c\x7f\x15\xe6\x3c\xf0" + "\xac\x4b\x37\x86\xb0\xa2\x13\xd2", + .assoc = "\x31", + .alen = 1, + .input = "\x1d\x47\x17\x34\x86\xf5\x54\x1a" + "\x6d\x28\xb8\x5d\x6c\xcf\xa0\xb9" + "\xbf", + .ilen = 17, + .result = "\x40", + .rlen = 1, + }, { + .key = "\x4f\x01\x27\xb6\xe1\xc3\x3a\x85" + "\x0c\xee\xbc\xf4\xab\xfd\xa5\x57", + .klen = 16, + .iv = "\x5e\xcb\xb6\x1e\x25\x62\xe4\x0c" + "\x2d\x25\xe9\x18\xaa\xc6\xd5\xd8", + .assoc = "\x6d\x94\x44\x86\x69\x00\x8f\x93" + "\x4d\x5b\x15\x3c\xa8\x8f\x06\x5a" + "\xe6\x01\xa8\x7e\xca\x10\xdc\x73" + "\xf4\x94\x9f\xc1\x5a\x61\x85", + .alen = 31, + .input = "\x78\x90\x52\xae\x0f\xf7\x2e\xef" + "\x63\x09\x08\x58\xb5\x56\xbd\x72" + "\x6e\x42\xcf\x27\x04\x7c\xdb\x92" + "\x18\xe9\xa4\x33\x90\xba\x62\xb5" + "\x70\xd3\x88\x9b\x4f\x05\xa7\x51" + "\x85\x87\x17\x09\x42\xed\x4e", + .ilen = 47, + .result = "\x7c\x5d\xd3\xee\xad\x9f\x39\x1a" + "\x6d\x92\x42\x61\xa7\x58\x37\xdb" + "\xb0\xb2\x2b\x9f\x0b\xb8\xbd\x7a" + "\x24\xa0\xd6\xb7\x11\x79\x6c", + .rlen = 31, + }, { + .key = "\x8b\x26\x61\x55\xf1\x3e\xe3\xa1" + "\x8d\xc8\x6e\x85\xa5\x21\x67\x5d", + .klen = 16, + .iv = "\x9b\xef\xf0\xbd\x35\xdd\x8d\x28" + "\xad\xff\x9b\xa9\xa4\xeb\x98\xdf", + .assoc = "\xaa\xb8\x7e\x25\x79\x7c\x37\xaf" + "\xce\x36\xc7\xce\xa2\xb4\xc9\x60" + "\x10\xc3\xb3\x02\xcf\xb0\x5e\x8d" + "\xb5\xc2\x7e\x9a\x35\xc0\x24\xfd", + .alen = 32, + .input = "\x1d\x2c\x57\xe0\x50\x38\x3d\x41" + "\x2e\x71\xc8\x3b\x92\x43\x58\xaf" + "\x5a\xfb\xad\x8f\xd9\xd5\x8a\x5e" + "\xdb\xf3\xcd\x3a\x2b\xe1\x2c\x1a" + "\xb0\xed\xe3\x0c\x6e\xf9\xf2\xd6" + "\x90\xe6\xb1\x0e\xa5\x8a\xac\xb7", + .ilen = 48, + .result = "\xb9\x82\x0c\x8d\xbd\x1b\xe2\x36" + "\xee\x6c\xf4\xf2\xa1\x7d\xf9\xe2" + "\xdb\x74\x36\x23\x11\x58\x3f\x93" + "\xe5\xcd\xb5\x90\xeb\xd8\x0c\xb3", + .rlen = 32, + }, { + .key = "\xc8\x4b\x9b\xf5\x01\xba\x8c\xbd" + "\x0e\xa3\x21\x16\x9f\x46\x2a\x63", + .klen = 16, + .iv = "\xd7\x14\x29\x5d\x45\x59\x36\x44" + "\x2e\xd9\x4d\x3b\x9e\x0f\x5b\xe5", + .assoc = "\xe6\xdd\xb8\xc4\x89\xf8\xe0\xca" + "\x4f\x10\x7a\x5f\x9c\xd8\x8b\x66" + "\x3b\x86\xbf\x86\xd4\x50\xe0\xa7" + "\x76\xef\x5c\x72\x0f\x1f\xc3\xd4" + "\xee", + .alen = 33, + .input = "\x59\x10\x84\x1c\x83\x4c\x8b\xfc" + "\xfd\x2e\x4b\x46\x84\xff\x78\x4e" + "\x50\xda\x5c\xb9\x61\x1d\xf5\xb9" + "\xfe\xbb\x7f\xae\x8c\xc1\x24\xbd" + "\x8c\x6f\x1f\x9b\xce\xc6\xc1\x37" + "\x08\x06\x5a\xe5\x96\x10\x95\xc2" + "\x5e", + .ilen = 49, + .result = "\xf5\xa6\x46\x2c\xce\x97\x8a\x51" + "\x6f\x46\xa6\x83\x9b\xa1\xbc\xe8" + "\x05\x36\x42\xa7\x16\xf8\xc1\xad" + "\xa7\xfb\x94\x68\xc5\x37\xab\x8a" + "\x72", + .rlen = 33, + }, { + .key = "\x05\x70\xd5\x94\x12\x36\x35\xd8" + "\x8f\x7d\xd3\xa8\x99\x6a\xed\x69", + .klen = 16, + .iv = "\x14\x39\x63\xfc\x56\xd5\xdf\x5f" + "\xaf\xb3\xff\xcc\x98\x33\x1d\xeb", + .assoc = "\x23\x02\xf1\x64\x9a\x73\x89\xe6" + "\xd0\xea\x2c\xf1\x96\xfc\x4e\x6d" + "\x65\x48\xcb\x0a\xda\xf0\x62\xc0" + "\x38\x1d\x3b\x4a\xe9\x7e\x62\xaa" + "\xfd\xc9\x4a\xa9\xa9\x39\x4b\x54" + "\xc8\x0e\x24\x7f\x5e\x10\x7a\x45" + "\x10\x0b\x56\x85\xad\x54\xaa\x66" + "\xa8\x43\xcd\xd4\x9b\xb7\xfa", + .alen = 63, + .input = "\x9a\x12\xbc\xdf\x72\xa8\x56\x22" + "\x49\x2d\x07\x92\xfc\x3d\x6d\x5f" + "\xef\x36\x19\xae\x91\xfa\xd6\x63" + "\x46\xea\x8a\x39\x14\x21\xa6\x37" + "\x18\xfc\x97\x3e\x16\xa5\x4d\x39" + "\x45\x2e\x69\xcc\x9c\x5f\xdf\x6d" + "\x5e\xa2\xbf\xac\x83\x32\x72\x52" + "\x58\x58\x23\x40\xfd\xa5\xc2\xe6" + "\xe9\x5a\x50\x98\x00\x58\xc9\x86" + "\x4f\x20\x37\xdb\x7b\x22\xa3", + .ilen = 79, + .result = "\x32\xcb\x80\xcc\xde\x12\x33\x6d" + "\xf0\x20\x58\x15\x95\xc6\x7f\xee" + "\x2f\xf9\x4e\x2c\x1b\x98\x43\xc7" + "\x68\x28\x73\x40\x9f\x96\x4a\x60" + "\x80\xf4\x4b\xf4\xc1\x3d\xd0\x93" + "\xcf\x12\xc9\x59\x8f\x7a\x7f\xa8" + "\x1b\xa5\x50\xed\x87\xa9\x72\x59" + "\x9c\x44\xb2\xa4\x99\x98\x34", + .rlen = 63, + }, { + .key = "\x41\x94\x0e\x33\x22\xb1\xdd\xf4" + "\x10\x57\x85\x39\x93\x8f\xaf\x70", + .klen = 16, + .iv = "\x50\x5d\x9d\x9b\x66\x50\x88\x7b" + "\x30\x8e\xb1\x5e\x92\x58\xe0\xf1", + .assoc = "\x5f\x27\x2b\x03\xaa\xef\x32\x02" + "\x50\xc4\xde\x82\x90\x21\x11\x73" + "\x8f\x0a\xd6\x8f\xdf\x90\xe4\xda" + "\xf9\x4a\x1a\x23\xc3\xdd\x02\x81" + "\x0b\x76\x4f\xd7\x0a\x4b\x5e\x51" + "\xe3\x1d\xb9\xe5\x21\xb9\x8f\xd4" + "\x3d\x72\x3e\x26\x16\xa9\xca\x32" + "\x77\x47\x63\x14\x95\x3d\xe4\x34", + .alen = 64, + .input = "\xe6\xeb\x92\x5a\x5b\xf0\x2d\xbb" + "\x23\xec\x35\xe3\xae\xc9\xfb\x0b" + "\x90\x14\x46\xeb\xa8\x8d\xb0\x9b" + "\x39\xda\x8b\x48\xec\xb2\x00\x4e" + "\x80\x6f\x46\x4f\x9b\x1e\xbb\x35" + "\xea\x5a\xbc\xa2\x36\xa5\x89\x45" + "\xc2\xd6\xd7\x15\x0b\xf6\x6c\x56" + "\xec\x99\x7d\x61\xb3\x15\x93\xed" + "\x83\x1e\xd9\x48\x84\x0b\x37\xfe" + "\x95\x74\x44\xd5\x54\xa6\x27\x06", + .ilen = 80, + .result = "\x6e\xf0\xba\x6b\xee\x8e\xdc\x89" + "\x71\xfb\x0a\xa6\x8f\xea\x41\xf4" + "\x5a\xbb\x59\xb0\x20\x38\xc5\xe0" + "\x29\x56\x52\x19\x79\xf5\xe9\x37" + "\x8f\xa1\x50\x23\x22\x4f\xe3\x91" + "\xe9\x21\x5e\xbf\x52\x23\x95\x37" + "\x48\x0c\x38\x8f\xf0\xff\x92\x24" + "\x6b\x47\x49\xe3\x94\x1f\x1e\x01", + .rlen = 64, + }, { + .key = "\x7e\xb9\x48\xd3\x32\x2d\x86\x10" + "\x91\x31\x37\xcb\x8d\xb3\x72\x76", + .klen = 16, + .iv = "\x8d\x82\xd6\x3b\x76\xcc\x30\x97" + "\xb1\x68\x63\xef\x8c\x7c\xa3\xf7", + .assoc = "\x9c\x4b\x65\xa2\xba\x6b\xdb\x1e" + "\xd1\x9e\x90\x13\x8a\x45\xd3\x79" + "\xba\xcd\xe2\x13\xe4\x30\x66\xf4" + "\xba\x78\xf9\xfb\x9d\x3c\xa1\x58" + "\x1a\x22\x53\x05\x6b\x5c\x71\x4f" + "\xfd\x2d\x4d\x4c\xe5\x62\xa5\x63" + "\x6a\xda\x26\xc8\x7f\xff\xea\xfd" + "\x46\x4a\xfa\x53\x8f\xc4\xcd\x68" + "\x58", + .alen = 65, + .input = "\x89\x24\x27\x86\xdc\xd7\x6b\xd9" + "\xd1\xcd\xdc\x16\xdd\x2c\xc1\xfb" + "\x52\xb5\xb3\xab\x50\x99\x3f\xa0" + "\x38\xa4\x74\xa5\x04\x15\x63\x05" + "\x8f\x54\x81\x06\x5a\x6b\xa4\x63" + "\x6d\xa7\x21\xcb\xff\x42\x30\x8e" + "\x3b\xd1\xca\x3f\x4b\x1a\xb8\xc3" + "\x42\x01\xe6\xbc\x75\x15\x87\xee" + "\xc9\x8e\x65\x01\xd9\xd8\xb5\x9f" + "\x48\x86\xa6\x5f\x2c\xc7\xb5\xb0" + "\xed\x5d\x14\x7c\x3f\x40\xb1\x0b" + "\x72\xef\x94\x8d\x7a\x85\x56\xe5" + "\x56\x08\x15\x56\xba\xaf\xbd\xf0" + "\x20\xef\xa0\xf6\xa9\xad\xa2\xc9" + "\x1c\x3b\x28\x51\x7e\x77\xb2\x18" + "\x4f\x61\x64\x37\x22\x36\x6d\x78" + "\xed\xed\x35\xe8\x83\xa5\xec\x25" + "\x6b\xff\x5f\x1a\x09\x96\x3d\xdc" + "\x20", + .ilen = 145, + .result = "\xab\x14\xf3\x0a\xfe\x0a\x85\xa5" + "\xf2\xd5\xbc\x38\x89\x0e\x04\xfb" + "\x84\x7d\x65\x34\x25\xd8\x47\xfa" + "\xeb\x83\x31\xf1\x54\x54\x89\x0d" + "\x9d\x4d\x54\x51\x84\x61\xf6\x8e" + "\x03\x31\xf2\x25\x16\xcc\xaa\xc6" + "\x75\x73\x20\x30\x59\x54\xb2\xf0" + "\x3a\x4b\xe0\x23\x8e\xa6\x08\x35" + "\x8a\xdf\x27\xa0\xe4\x60\x99\xae" + "\x8e\x43\xd9\x39\x7b\x10\x40\x67" + "\x5c\x7e\xc9\x70\x63\x34\xca\x59" + "\xfe\x86\xbc\xb7\x9c\x39\xf3\x6d" + "\x6a\x41\x64\x6f\x16\x7f\x65\x7e" + "\x89\x84\x68\xeb\xb0\x51\xbe\x55" + "\x33\x16\x59\x6c\x3b\xef\x88\xad" + "\x2f\xab\xbc\x25\x76\x87\x41\x2f" + "\x36", + .rlen = 129, + }, { + .key = "\xba\xde\x82\x72\x42\xa9\x2f\x2c" + "\x12\x0b\xe9\x5c\x87\xd7\x35\x7c", + .klen = 16, + .iv = "\xc9\xa7\x10\xda\x86\x48\xd9\xb3" + "\x32\x42\x15\x80\x85\xa1\x65\xfe", + .assoc = "\xd8\x70\x9f\x42\xca\xe6\x83\x3a" + "\x52\x79\x42\xa5\x84\x6a\x96\x7f" + "\xe4\x8f\xed\x97\xe9\xd0\xe8\x0d" + "\x7c\xa6\xd8\xd4\x77\x9b\x40\x2e" + "\x28\xce\x57\x34\xcd\x6e\x84\x4c" + "\x17\x3c\xe1\xb2\xa8\x0b\xbb\xf1" + "\x96\x41\x0d\x69\xe8\x54\x0a\xc8" + "\x15\x4e\x91\x92\x89\x4b\xb7\x9b" + "\x21\xf7\x42\x89\xac\x12\x2a\x54" + "\x69\xee\x18\xc7\x8d\xed\xe8\xfd" + "\xbb\x04\x28\xe6\x8a\x3c\x98\xc1" + "\x04\x2d\xa9\xa1\x24\x83\xff\xe9" + "\x55\x7a\xf0\xd1\xf6\x63\x05\xe1" + "\xd9\x1e\x75\x72\xc1\x9f\xae\x32" + "\xe1\x6b\xcd\x9e\x61\x19\x23\x86" + "\xd9\xd2\xaf\x8e\xd5\xd3\xa8\xa9" + "\x51", + .alen = 129, + .input = "\x36\x78\xb9\x22\xde\x62\x35\x55" + "\x1a\x7a\xf5\x45\xbc\xd7\x15\x82" + "\x01\xe9\x5a\x07\xea\x46\xaf\x91" + "\xcb\x73\xa5\xee\xe1\xb4\xbf\xc2" + "\xdb\xd2\x9d\x59\xde\xfc\x83\x00" + "\xf5\x46\xac\x97\xd5\x57\xa9\xb9" + "\x1f\x8c\xe8\xca\x68\x8b\x91\x0c" + "\x01\xbe\x0a\xaf\x7c\xf6\x67\xa4" + "\xbf\xbc\x88\x3f\x5d\xd1\xf9\x19" + "\x0f\x9d\xb2\xaf\xb9\x6e\x17\xdf" + "\xa2", + .ilen = 81, + .result = "\xe8\x39\x2d\xaa\x0e\x85\x2d\xc1" + "\x72\xaf\x6e\xc9\x82\x33\xc7\x01" + "\xaf\x40\x70\xb8\x2a\x78\xc9\x14" + "\xac\xb1\x10\xca\x2e\xb3\x28\xe4" + "\xac\xfa\x58\x7f\xe5\x73\x09\x8c" + "\x1d\x40\x87\x8c\xd9\x75\xc0\x55" + "\xa2\xda\x07\xd1\xc2\xa9\xd1\xbb" + "\x09\x4f\x77\x62\x88\x2d\xf2\x68" + "\x54", + .rlen = 65, + }, { + .key = "\xf7\x02\xbb\x11\x52\x24\xd8\x48" + "\x93\xe6\x9b\xee\x81\xfc\xf7\x82", + .klen = 16, + .iv = "\x06\xcc\x4a\x79\x96\xc3\x82\xcf" + "\xb3\x1c\xc7\x12\x7f\xc5\x28\x04", + .assoc = "\x15\x95\xd8\xe1\xda\x62\x2c\x56" + "\xd3\x53\xf4\x36\x7e\x8e\x59\x85" + "\x0e\x51\xf9\x1c\xee\x70\x6a\x27" + "\x3d\xd3\xb7\xac\x51\xfa\xdf\x05", + .alen = 32, + .input = "\x08\x1b\x95\x0e\x41\x95\x02\x4b" + "\x9c\xbb\xa8\xd0\x7c\xd3\x44\x6e" + "\x89\x14\x33\x70\x0a\xbc\xea\x39" + "\x88\xaa\x2b\xd5\x73\x11\x55\xf5" + "\x33\x33\x9c\xd7\x42\x34\x49\x8e" + "\x2f\x03\x30\x05\x47\xaf\x34", + .ilen = 47, + .result = "\x24\x5e\x67\x49\x1e\x01\xd6\xdd" + "\xf3\x89\x20\x5b\x7c\x57\x89\x07" + "\xd9\x02\x7c\x3d\x2f\x18\x4b\x2d" + "\x6e\xde\xee\xa2\x08\x12\xc7\xba", + .rlen = 32, + }, { + .key = "\x33\x27\xf5\xb1\x62\xa0\x80\x63" + "\x14\xc0\x4d\x7f\x7b\x20\xba\x89", + .klen = 16, + .iv = "\x42\xf0\x84\x19\xa6\x3f\x2b\xea" + "\x34\xf6\x79\xa3\x79\xe9\xeb\x0a", + .assoc = "\x51\xb9\x12\x80\xea\xde\xd5\x71" + "\x54\x2d\xa6\xc8\x78\xb2\x1b\x8c" + "\x39\x14\x05\xa0\xf3\x10\xec\x41" + "\xff\x01\x95\x84\x2b\x59\x7f\xdb", + .alen = 32, + .input = "\x97\xca\xf4\xe0\x8d\x89\xbf\x68" + "\x0c\x60\xb9\x27\xdf\xaa\x41\xc6" + "\x25\xd8\xf7\x1f\x10\x15\x48\x61" + "\x4c\x95\x00\xdf\x51\x9b\x7f\xe6" + "\x24\x40\x9e\xbe\x3b\xeb\x1b\x98" + "\xb9\x9c\xe5\xef\xf2\x05", + .ilen = 46, + .result = "\x61\x83\xa0\xe8\x2e\x7d\x7f\xf8" + "\x74\x63\xd2\xec\x76\x7c\x4c\x0d" + "\x03\xc4\x88\xc1\x35\xb8\xcd\x47" + "\x2f\x0c\xcd\x7a\xe2\x71\x66\x91", + .rlen = 32, + }, { + .key = "\x70\x4c\x2f\x50\x72\x1c\x29\x7f" + "\x95\x9a\xff\x10\x75\x45\x7d\x8f", + .klen = 16, + .iv = "\x7f\x15\xbd\xb8\xb6\xba\xd3\x06" + "\xb5\xd1\x2b\x35\x73\x0e\xad\x10", + .assoc = "\x8e\xde\x4c\x20\xfa\x59\x7e\x8d" + "\xd5\x07\x58\x59\x72\xd7\xde\x92" + "\x63\xd6\x10\x24\xf8\xb0\x6e\x5a" + "\xc0\x2e\x74\x5d\x06\xb8\x1e\xb2", + .alen = 32, + .input = "\x63\x4c\x2a\x8e\xb4\x6b\x63\x0d" + "\xb5\xec\x9b\x4e\x12\x23\xa3\xcf" + "\x1a\x5a\x70\x15\x5a\x10\x40\x51" + "\xca\x47\x4c\x9d\xc9\x97\xf4\x77" + "\xdb\xc8\x10\x2d\xdc\x65\x20\x3f", + .ilen = 40, + .result = "\x9d\xa7\xda\x88\x3e\xf8\x28\x14" + "\xf5\x3e\x85\x7d\x70\xa0\x0f\x13" + "\x2e\x86\x93\x45\x3a\x58\x4f\x61" + "\xf0\x3a\xac\x53\xbc\xd0\x06\x68", + .rlen = 32, + }, { + .key = "\xac\x70\x69\xef\x82\x97\xd2\x9b" + "\x15\x74\xb1\xa2\x6f\x69\x3f\x95", + .klen = 16, + .iv = "\xbb\x3a\xf7\x57\xc6\x36\x7c\x22" + "\x36\xab\xde\xc6\x6d\x32\x70\x17", + .assoc = "\xcb\x03\x85\xbf\x0a\xd5\x26\xa9" + "\x56\xe1\x0a\xeb\x6c\xfb\xa1\x98" + "\x8d\x98\x1c\xa8\xfe\x50\xf0\x74" + "\x81\x5c\x53\x35\xe0\x17\xbd\x88", + .alen = 32, + .input = "\xf1\x62\x44\xc7\x5f\x19\xca\x43" + "\x47\x2c\xaf\x68\x82\xbd\x51\xef" + "\x3d\x65\xd8\x45\x2d\x06\x07\x78" + "\x08\x2e\xb3\x23\xcd\x81\x12\x55" + "\x1a", + .ilen = 33, + .result = "\xda\xcc\x14\x27\x4e\x74\xd1\x30" + "\x76\x18\x37\x0f\x6a\xc4\xd1\x1a" + "\x58\x49\x9f\xc9\x3f\xf8\xd1\x7a" + "\xb2\x67\x8b\x2b\x96\x2f\xa5\x3e", + .rlen = 32, + }, { + .key = "\xe9\x95\xa2\x8f\x93\x13\x7b\xb7" + "\x96\x4e\x63\x33\x69\x8d\x02\x9b" + "\x23\xf9\x22\xeb\x80\xa0\xb1\x81" + "\xe2\x73\xc3\x21\x4d\x47\x8d\xf4", + .klen = 32, + .iv = "\xf8\x5e\x31\xf7\xd7\xb2\x25\x3e" + "\xb7\x85\x90\x58\x67\x57\x33\x1d", + .assoc = "", + .alen = 0, + .input = "\xdf\x2f\x83\xc0\x45\x4a\x2c\xcf" + "\xb9\xd2\x41\xf6\x80\xa1\x52\x70", + .ilen = 16, + .result = "", + .rlen = 0, + }, { + .key = "\x25\xba\xdc\x2e\xa3\x8f\x24\xd3" + "\x17\x29\x15\xc5\x63\xb2\xc5\xa1" + "\x4d\xbc\x2d\x6f\x85\x40\x33\x9a" + "\xa3\xa0\xa1\xfa\x27\xa6\x2c\xca", + .klen = 32, + .iv = "\x34\x83\x6a\x96\xe7\x2d\xce\x5a" + "\x38\x5f\x42\xe9\x61\x7b\xf5\x23", + .assoc = "", + .alen = 0, + .input = "\x01\xd8\x55\x3c\xc0\x5a\x4b\xc7" + "\x01\xf4\x08\xe3\x0d\xf7\xf0\x78" + "\x53", + .ilen = 17, + .result = "\x53", + .rlen = 1, + }, { + .key = "\x62\xdf\x16\xcd\xb3\x0a\xcc\xef" + "\x98\x03\xc7\x56\x5d\xd6\x87\xa8" + "\x77\x7e\x39\xf3\x8a\xe0\xb5\xb4" + "\x65\xce\x80\xd2\x01\x05\xcb\xa1", + .klen = 32, + .iv = "\x71\xa8\xa4\x35\xf7\xa9\x76\x75" + "\xb8\x39\xf4\x7a\x5b\x9f\xb8\x29", + .assoc = "", + .alen = 0, + .input = "\xc2\x4b\x41\x0f\x2d\xb9\x62\x07" + "\xff\x8e\x74\xf8\xa1\xa6\xd5\x37" + "\xa5\x64\x31\x5c\xca\x73\x9b\x43" + "\xe6\x70\x63\x46\x95\xcb\xf7\xb5" + "\x20\x8c\x75\x7a\x2a\x17\x2f\xa9" + "\xb8\x4d\x11\x42\xd1\xf8\xf1", + .ilen = 47, + .result = "\x8f\x3a\xc1\x05\x7f\xe7\xcb\x83" + "\xf9\xa6\x4d\xc3\x58\x31\x19\x2c" + "\xd7\x90\xc2\x56\x4e\xd8\x57\xc7" + "\xf6\xf0\x27\xb4\x25\x4c\x83", + .rlen = 31, + }, { + .key = "\x9e\x03\x4f\x6d\xc3\x86\x75\x0a" + "\x19\xdd\x79\xe8\x57\xfb\x4a\xae" + "\xa2\x40\x45\x77\x90\x80\x37\xce" + "\x26\xfb\x5f\xaa\xdb\x64\x6b\x77", + .klen = 32, + .iv = "\xae\xcc\xde\xd5\x07\x25\x1f\x91" + "\x39\x14\xa6\x0c\x55\xc4\x7b\x30", + .assoc = "", + .alen = 0, + .input = "\xbb\x01\x7c\xd1\x2c\x33\x7b\x37" + "\x0a\xee\xc4\x30\x19\xd7\x3a\x6f" + "\xf8\x2b\x67\xf5\x3b\x84\x87\x2a" + "\xfb\x07\x7a\x82\xb5\xe4\x85\x26" + "\x1e\xa8\xe5\x04\x54\xce\xe5\x5f" + "\xb5\x3f\xc1\xd5\x7f\xbd\xd2\xa6", + .ilen = 48, + .result = "\xcc\x5f\xfb\xa4\x8f\x63\x74\x9f" + "\x7a\x81\xff\x55\x52\x56\xdc\x33" + "\x01\x52\xcd\xdb\x53\x78\xd9\xe1" + "\xb7\x1d\x06\x8d\xff\xab\x22\x98", + .rlen = 32, + }, { + .key = "\xdb\x28\x89\x0c\xd3\x01\x1e\x26" + "\x9a\xb7\x2b\x79\x51\x1f\x0d\xb4" + "\xcc\x03\x50\xfc\x95\x20\xb9\xe7" + "\xe8\x29\x3e\x83\xb5\xc3\x0a\x4e", + .klen = 32, + .iv = "\xea\xf1\x18\x74\x17\xa0\xc8\xad" + "\xba\xee\x58\x9d\x4f\xe8\x3d\x36", + .assoc = "", + .alen = 0, + .input = "\xc2\xf4\x40\x55\xf9\x59\xff\x73" + "\x08\xf5\x98\x92\x0c\x7b\x35\x9a" + "\xa8\xf4\x42\x7e\x6f\x93\xca\x22" + "\x23\x06\x1e\xf8\x89\x22\xf4\x46" + "\x7c\x7c\x67\x75\xab\xe5\x75\xaa" + "\x15\xd7\x83\x19\xfd\x31\x59\x5b" + "\x32", + .ilen = 49, + .result = "\x08\x84\x34\x44\x9f\xde\x1c\xbb" + "\xfb\x5b\xb1\xe6\x4c\x7a\x9f\x39" + "\x2c\x14\xd9\x5f\x59\x18\x5b\xfb" + "\x79\x4b\xe5\x65\xd9\x0a\xc1\x6f" + "\x2e", + .rlen = 33, + }, { + .key = "\x17\x4d\xc3\xab\xe3\x7d\xc7\x42" + "\x1b\x91\xdd\x0a\x4b\x43\xcf\xba" + "\xf6\xc5\x5c\x80\x9a\xc0\x3b\x01" + "\xa9\x56\x1d\x5b\x8f\x22\xa9\x25", + .klen = 32, + .iv = "\x27\x16\x51\x13\x27\x1c\x71\xc9" + "\x3b\xc8\x0a\x2f\x49\x0c\x00\x3c", + .assoc = "", + .alen = 0, + .input = "\xc9\x82\x3b\x4b\x87\x84\xa5\xdb" + "\xa0\x8c\xd3\x3e\x7f\x8d\xe8\x28" + "\x2a\xdc\xfa\x01\x84\x87\x9a\x70" + "\x81\x75\x37\x0a\xd2\x75\xa9\xb6" + "\x21\x72\xee\x7e\x65\x95\xe5\xcc" + "\x01\xb7\x39\xa6\x51\x15\xca\xff" + "\x61\xdc\x97\x38\xcc\xf4\xca\xc7" + "\x83\x9b\x05\x11\x72\x60\xf0\xb4" + "\x7e\x06\xab\x0a\xc0\xbb\x59\x23" + "\xaa\x2d\xfc\x4e\x35\x05\x59", + .ilen = 79, + .result = "\x45\xa8\x6e\xe3\xaf\x5a\xc5\xd7" + "\x7c\x35\x63\x77\x46\x9f\x61\x3f" + "\x56\xd7\xe4\xe3\x5e\xb8\xdc\x14" + "\x3a\x79\xc4\x3e\xb3\x69\x61\x46" + "\x3c\xb6\x83\x4e\xb4\x26\xc7\x73" + "\x22\xda\x52\x8b\x7d\x11\x98\xea" + "\x62\xe1\x14\x1e\xdc\xfe\x0f\xad" + "\x20\x76\x5a\xdc\x4e\x71\x13", + .rlen = 63, + }, { + .key = "\x54\x71\xfd\x4b\xf3\xf9\x6f\x5e" + "\x9c\x6c\x8f\x9c\x45\x68\x92\xc1" + "\x21\x87\x67\x04\x9f\x60\xbd\x1b" + "\x6a\x84\xfc\x34\x6a\x81\x48\xfb", + .klen = 32, + .iv = "\x63\x3b\x8b\xb3\x37\x98\x1a\xe5" + "\xbc\xa2\xbc\xc0\x43\x31\xc2\x42", + .assoc = "", + .alen = 0, + .input = "\x11\x7c\x7d\xef\xce\x29\x95\xec" + "\x7e\x9f\x42\xa6\x26\x07\xa1\x75" + "\x2f\x4e\x09\x9a\xf6\x6b\xc2\xfa" + "\x0d\xd0\x17\xdc\x25\x1e\x9b\xdc" + "\x5f\x8c\x1c\x60\x15\x4f\x9b\x20" + "\x7b\xff\xcd\x82\x60\x84\xf4\xa5" + "\x20\x9a\x05\x19\x5b\x02\x0a\x72" + "\x43\x11\x26\x58\xcf\xc5\x41\xcf" + "\x13\xcc\xde\x32\x92\xfa\x86\xf2" + "\xaf\x16\xe8\x8f\xca\xb6\xfd\x54", + .ilen = 80, + .result = "\x81\xcd\xa8\x82\xbf\xd6\x6e\xf3" + "\xfd\x0f\x15\x09\x40\xc3\x24\x45" + "\x81\x99\xf0\x67\x63\x58\x5e\x2e" + "\xfb\xa6\xa3\x16\x8d\xc8\x00\x1c" + "\x4b\x62\x87\x7c\x15\x38\xda\x70" + "\x3d\xea\xe7\xf2\x40\xba\xae\x79" + "\x8f\x48\xfc\xbf\x45\x53\x2e\x78" + "\xef\x79\xf0\x1b\x49\xf7\xfd\x9c", + .rlen = 64, + }, { + .key = "\x90\x96\x36\xea\x03\x74\x18\x7a" + "\x1d\x46\x42\x2d\x3f\x8c\x54\xc7" + "\x4b\x4a\x73\x89\xa4\x00\x3f\x34" + "\x2c\xb1\xdb\x0c\x44\xe0\xe8\xd2", + .klen = 32, + .iv = "\xa0\x5f\xc5\x52\x47\x13\xc2\x01" + "\x3d\x7c\x6e\x52\x3d\x55\x85\x48", + .assoc = "\xaf", + .alen = 1, + .input = "\x9b\xc5\x3b\x20\x0a\x88\x56\xbe" + "\x69\xdf\xc4\xc4\x02\x46\x3a\xf0", + .ilen = 16, + .result = "", + .rlen = 0, + }, { + .key = "\xcd\xbb\x70\x89\x13\xf0\xc1\x95" + "\x9e\x20\xf4\xbf\x39\xb1\x17\xcd" + "\x76\x0c\x7f\x0d\xa9\xa0\xc1\x4e" + "\xed\xdf\xb9\xe4\x1e\x3f\x87\xa8", + .klen = 32, + .iv = "\xdc\x84\xfe\xf1\x58\x8f\x6b\x1c" + "\xbe\x57\x20\xe3\x37\x7a\x48\x4f", + .assoc = "\xeb\x4d\x8d\x59\x9c\x2e\x15\xa3" + "\xde\x8d\x4d\x07\x36\x43\x78\xd0" + "\x0b\x6d\x84\x4f\x2c\xf0\x82\x5b" + "\x4e\xf6\x29\xd1\x8b\x6f\x56", + .alen = 31, + .input = "\xe0\x6d\xa1\x07\x98\x2f\x40\x2d" + "\x2e\x9a\xd6\x61\x43\xc0\x74\x69", + .ilen = 16, + .result = "", + .rlen = 0, + }, { + .key = "\x0a\xe0\xaa\x29\x24\x6c\x6a\xb1" + "\x1f\xfa\xa6\x50\x33\xd5\xda\xd3" + "\xa0\xce\x8a\x91\xae\x40\x43\x68" + "\xae\x0d\x98\xbd\xf8\x9e\x26\x7f", + .klen = 32, + .iv = "\x19\xa9\x38\x91\x68\x0b\x14\x38" + "\x3f\x31\xd2\x74\x31\x9e\x0a\x55", + .assoc = "\x28\x72\xc7\xf8\xac\xaa\xbe\xbf" + "\x5f\x67\xff\x99\x30\x67\x3b\xd6" + "\x35\x2f\x90\xd3\x31\x90\x04\x74" + "\x0f\x23\x08\xa9\x65\xce\xf6\xea", + .alen = 32, + .input = "\xb9\x57\x13\x3e\x82\x31\x61\x65" + "\x0d\x7f\x6c\x96\x93\x5c\x50\xe2", + .ilen = 16, + .result = "", + .rlen = 0, + }, { + .key = "\x46\x04\xe3\xc8\x34\xe7\x12\xcd" + "\xa0\xd4\x58\xe2\x2d\xf9\x9c\xda" + "\xca\x91\x96\x15\xb4\xe0\xc5\x81" + "\x70\x3a\x77\x95\xd2\xfd\xc5\x55", + .klen = 32, + .iv = "\x55\xcd\x72\x30\x78\x86\xbd\x54" + "\xc0\x0b\x84\x06\x2b\xc2\xcd\x5b", + .assoc = "\x64\x97\x00\x98\xbc\x25\x67\xdb" + "\xe0\x41\xb1\x2a\x2a\x8c\xfe\xdd" + "\x5f\xf2\x9c\x58\x36\x30\x86\x8e" + "\xd1\x51\xe6\x81\x3f\x2d\x95\xc1" + "\x01", + .alen = 33, + .input = "\x81\x96\x34\xde\xbb\x36\xdd\x3e" + "\x4e\x5e\xcb\x44\x21\xb8\x3f\xf1", + .ilen = 16, + .result = "", + .rlen = 0, + }, { + .key = "\x83\x29\x1d\x67\x44\x63\xbb\xe9" + "\x20\xaf\x0a\x73\x27\x1e\x5f\xe0" + "\xf5\x53\xa1\x9a\xb9\x80\x47\x9b" + "\x31\x68\x56\x6e\xac\x5c\x65\x2c", + .klen = 32, + .iv = "\x92\xf2\xac\xcf\x88\x02\x65\x70" + "\x41\xe5\x36\x97\x25\xe7\x90\x61", + .assoc = "\xa1\xbb\x3a\x37\xcc\xa1\x10\xf7" + "\x61\x1c\x63\xbc\x24\xb0\xc0\xe3" + "\x8a\xb4\xa7\xdc\x3b\xd0\x08\xa8" + "\x92\x7f\xc5\x5a\x19\x8c\x34\x97" + "\x0f\x95\x9b\x18\xe4\x8d\xb4\x24" + "\xb9\x33\x28\x18\xe1\x9d\x14\xe0" + "\x64\xb2\x89\x7d\x78\xa8\x05\x7e" + "\x07\x8c\xfc\x88\x2d\xb8\x53", + .alen = 63, + .input = "\x2e\x99\xb6\x79\x57\x56\x80\x36" + "\x8e\xc4\x1c\x12\x7d\x71\x36\x0c", + .ilen = 16, + .result = "", + .rlen = 0, + }, { + .key = "\xbf\x4e\x57\x07\x54\xdf\x64\x05" + "\xa1\x89\xbc\x04\x21\x42\x22\xe6" + "\x1f\x15\xad\x1e\xbe\x20\xc9\xb4" + "\xf3\x95\x35\x46\x86\xbb\x04\x03", + .klen = 32, + .iv = "\xce\x17\xe5\x6f\x98\x7e\x0e\x8c" + "\xc2\xbf\xe8\x29\x1f\x0b\x52\x68", + .assoc = "\xdd\xe0\x74\xd6\xdc\x1d\xb8\x13" + "\xe2\xf6\x15\x4d\x1e\xd4\x83\xe9" + "\xb4\x76\xb3\x60\x40\x70\x8a\xc1" + "\x53\xac\xa4\x32\xf3\xeb\xd3\x6e" + "\x1e\x42\xa0\x46\x45\x9f\xc7\x22" + "\xd3\x43\xbc\x7e\xa5\x47\x2a\x6f" + "\x91\x19\x70\x1e\xe1\xfe\x25\x49" + "\xd6\x8f\x93\xc7\x28\x3f\x3d\x03", + .alen = 64, + .input = "\x7b\x25\x3d\x47\xd4\xa7\x08\xce" + "\x3b\x89\x40\x36\xba\x6d\x0e\xa2", + .ilen = 16, + .result = "", + .rlen = 0, + }, { + .key = "\xfc\x72\x90\xa6\x64\x5a\x0d\x21" + "\x22\x63\x6e\x96\x1b\x67\xe4\xec" + "\x49\xd7\xb9\xa2\xc3\xc0\x4b\xce" + "\xb4\xc3\x14\x1e\x61\x1a\xa3\xd9", + .klen = 32, + .iv = "\x0b\x3c\x1f\x0e\xa8\xf9\xb7\xa7" + "\x42\x9a\x9a\xba\x19\x30\x15\x6e", + .assoc = "\x1a", + .alen = 1, + .input = "\xe6\x09\x6f\x95\x9a\x18\xc8\xf6" + "\x17\x75\x81\x16\xdf\x26\xff\x67" + "\x92", + .ilen = 17, + .result = "\x29", + .rlen = 1, + }, { + .key = "\x38\x97\xca\x45\x74\xd6\xb6\x3c" + "\xa3\x3d\x20\x27\x15\x8b\xa7\xf2" + "\x74\x9a\xc4\x27\xc8\x60\xcd\xe8" + "\x75\xf0\xf2\xf7\x3b\x79\x42\xb0", + .klen = 32, + .iv = "\x47\x60\x59\xad\xb8\x75\x60\xc3" + "\xc3\x74\x4c\x4c\x13\x54\xd8\x74", + .assoc = "\x56\x29\xe7\x15\xfc\x14\x0a\x4a" + "\xe4\xaa\x79\x70\x12\x1d\x08\xf6" + "\x09\xfb\xca\x69\x4b\xb0\x8e\xf5" + "\xd6\x07\x62\xe3\xa8\xa9\x12", + .alen = 31, + .input = "\x82\xc0\x56\xf0\xd7\xc4\xc9\xfd" + "\x3c\xd1\x2a\xd4\x15\x86\x9d\xda" + "\xea\x6c\x6f\xa1\x33\xb0\x7a\x01" + "\x57\xe7\xf3\x7b\x73\xe7\x54\x10" + "\xc6\x91\xe2\xc6\xa0\x69\xe7\xe6" + "\x76\xc3\xf5\x3a\x76\xfd\x4a", + .ilen = 47, + .result = "\x66\xf3\x75\x7d\x40\xb3\xb4\xd1" + "\x04\xe1\xa6\x94\x10\xe6\x39\x77" + "\xd3\xac\x4d\x8a\x8c\x58\x6e\xfb" + "\x06\x13\x9a\xd9\x5e\xc0\xfa", + .rlen = 31, + }, { + .key = "\x75\xbc\x04\xe5\x84\x52\x5e\x58" + "\x24\x17\xd2\xb9\x0e\xaf\x6a\xf9" + "\x9e\x5c\xd0\xab\xcd\x00\x4f\x01" + "\x37\x1e\xd1\xcf\x15\xd8\xe2\x86", + .klen = 32, + .iv = "\x84\x85\x92\x4d\xc8\xf1\x08\xdf" + "\x44\x4e\xff\xdd\x0d\x78\x9a\x7a", + .assoc = "\x93\x4e\x21\xb4\x0c\x90\xb3\x66" + "\x65\x84\x2b\x01\x0b\x42\xcb\xfc" + "\x33\xbd\xd6\xed\x50\x50\x10\x0e" + "\x97\x35\x41\xbb\x82\x08\xb1\xf2", + .alen = 32, + .input = "\x01\x47\x8e\x6c\xf6\x64\x89\x3a" + "\x71\xce\xe4\xaa\x45\x70\xe6\x84" + "\x62\x48\x08\x64\x86\x6a\xdf\xec" + "\xb4\xa0\xfb\x34\x03\x0c\x19\xf4" + "\x2b\x7b\x36\x73\xec\x54\xa9\x1e" + "\x30\x85\xdb\xe4\xac\xe9\x2c\xca", + .ilen = 48, + .result = "\xa2\x17\xaf\x1c\x50\x2e\x5d\xed" + "\x85\xbb\x58\x26\x0a\x0b\xfc\x7d" + "\xfe\x6e\x59\x0e\x91\xf8\xf0\x15" + "\xc8\x40\x78\xb1\x38\x1f\x99\xa7", + .rlen = 32, + }, { + .key = "\xb1\xe1\x3e\x84\x94\xcd\x07\x74" + "\xa5\xf2\x84\x4a\x08\xd4\x2c\xff" + "\xc8\x1e\xdb\x2f\xd2\xa0\xd1\x1b" + "\xf8\x4c\xb0\xa8\xef\x37\x81\x5d", + .klen = 32, + .iv = "\xc0\xaa\xcc\xec\xd8\x6c\xb1\xfb" + "\xc5\x28\xb1\x6e\x07\x9d\x5d\x81", + .assoc = "\xd0\x73\x5a\x54\x1d\x0b\x5b\x82" + "\xe5\x5f\xdd\x93\x05\x66\x8e\x02" + "\x5e\x80\xe1\x71\x55\xf0\x92\x28" + "\x59\x62\x20\x94\x5c\x67\x50\xc8" + "\x58", + .alen = 33, + .input = "\x85\xe0\xf8\x0f\x8e\x49\xe3\x60" + "\xcb\x4a\x54\x94\xcf\xf5\x7e\x34" + "\xe9\xf8\x80\x65\x53\xd0\x72\x70" + "\x4f\x7d\x9d\xd1\x15\x6f\xb9\x2c" + "\xfa\xe8\xdd\xac\x2e\xe1\x3f\x67" + "\x63\x0f\x1a\x59\xb7\x89\xdb\xf4" + "\xc3", + .ilen = 49, + .result = "\xdf\x3c\xe9\xbc\x61\xaa\x06\x09" + "\x06\x95\x0a\xb7\x04\x2f\xbe\x84" + "\x28\x30\x64\x92\x96\x98\x72\x2e" + "\x89\x6e\x57\x8a\x13\x7e\x38\x7e" + "\xdb", + .rlen = 33, + }, { + .key = "\xee\x05\x77\x23\xa5\x49\xb0\x90" + "\x26\xcc\x36\xdc\x02\xf8\xef\x05" + "\xf3\xe1\xe7\xb3\xd8\x40\x53\x35" + "\xb9\x79\x8f\x80\xc9\x96\x20\x33", + .klen = 32, + .iv = "\xfd\xce\x06\x8b\xe9\xe8\x5a\x17" + "\x46\x02\x63\x00\x01\xc1\x20\x87", + .assoc = "\x0c\x98\x94\xf3\x2d\x87\x04\x9e" + "\x66\x39\x8f\x24\xff\x8a\x50\x08" + "\x88\x42\xed\xf6\x5a\x90\x14\x42" + "\x1a\x90\xfe\x6c\x36\xc6\xf0\x9f" + "\x66\xa0\xb5\x2d\x2c\xf8\x25\x15" + "\x55\x90\xa2\x7e\x77\x94\x96\x3a" + "\x71\x1c\xf7\x44\xee\xa8\xc3\x42" + "\xe2\xa3\x84\x04\x0b\xe1\xce", + .alen = 63, + .input = "\x00\xe5\x5b\x87\x5c\x20\x22\x8a" + "\xda\x1f\xd3\xff\xbb\xb2\xb0\xf8" + "\xef\xe9\xeb\x9e\x7c\x80\xf4\x2b" + "\x59\xc0\x79\xbc\x17\xa0\x15\x01" + "\xf5\x72\xfb\x5a\xe7\xaf\x07\xe3" + "\x1b\x49\x21\x34\x23\x63\x55\x5e" + "\xee\x4f\x34\x17\xfa\xfe\xa5\x0c" + "\xed\x0b\x23\xea\x9b\xda\x57\x2f" + "\xf6\xa9\xae\x0d\x4e\x40\x96\x45" + "\x7f\xfa\xf0\xbf\xc4\x98\x78", + .ilen = 79, + .result = "\x1b\x61\x23\x5b\x71\x26\xae\x25" + "\x87\x6f\xbc\x49\xfe\x53\x81\x8a" + "\x53\xf2\x70\x17\x9b\x38\xf4\x48" + "\x4b\x9b\x36\x62\xed\xdd\xd8\x54" + "\xea\xcb\xb6\x79\x45\xfc\xaa\x54" + "\x5c\x94\x47\x58\xa7\xff\x9c\x9e" + "\x7c\xb6\xf1\xac\xc8\xfd\x8b\x35" + "\xd5\xa4\x6a\xd4\x09\xc2\x08", + .rlen = 63, + }, { + .key = "\x2a\x2a\xb1\xc3\xb5\xc5\x59\xac" + "\xa7\xa6\xe8\x6d\xfc\x1d\xb2\x0b" + "\x1d\xa3\xf3\x38\xdd\xe0\xd5\x4e" + "\x7b\xa7\x6e\x58\xa3\xf5\xbf\x0a", + .klen = 32, + .iv = "\x39\xf3\x3f\x2b\xf9\x64\x03\x33" + "\xc7\xdd\x15\x91\xfb\xe6\xe2\x8d", + .assoc = "\x49\xbc\xce\x92\x3d\x02\xad\xba" + "\xe7\x13\x41\xb6\xf9\xaf\x13\x0f" + "\xb2\x04\xf8\x7a\x5f\x30\x96\x5b" + "\xdc\xbd\xdd\x44\x10\x25\x8f\x75" + "\x75\x4d\xb9\x5b\x8e\x0a\x38\x13" + "\x6f\x9f\x36\xe4\x3a\x3e\xac\xc9" + "\x9d\x83\xde\xe5\x57\xfd\xe3\x0e" + "\xb1\xa7\x1b\x44\x05\x67\xb7\x37", + .alen = 64, + .input = "\x28\xdd\xb9\x4a\x12\xc7\x0a\xe1" + "\x58\x06\x1a\x9b\x8c\x67\xdf\xeb" + "\x35\x35\x60\x9d\x06\x40\x65\xc1" + "\x93\xe8\xb3\x82\x50\x29\xdd\xb5" + "\x2b\xcb\xde\x18\x78\x6b\x42\xbe" + "\x6d\x24\xd0\xb2\x7d\xd7\x08\x8f" + "\x4a\x18\x98\xad\x8c\xf2\x97\xb4" + "\xf4\x77\xe4\xbf\x41\x3b\xc4\x06" + "\xce\x9e\x34\x81\xf0\x89\x11\x13" + "\x02\x65\xa1\x7c\xdf\x07\x33\x06", + .ilen = 80, + .result = "\x58\x85\x5c\xfa\x81\xa1\x57\x40" + "\x08\x4a\x6e\xda\xf8\x78\x44\x90" + "\x7d\xb5\x7b\x9b\xa1\xd8\x76\x62" + "\x0c\xc9\x15\x3b\xc7\x3c\x77\x2b" + "\xf8\x78\xba\xa7\xa6\x0e\xbd\x52" + "\x76\xa3\xdc\xbe\x6b\xa8\xb1\x2d" + "\xa9\x1d\xd8\x4e\x31\x53\xab\x00" + "\xa5\xa7\x01\x13\x04\x49\xf2\x04", + .rlen = 64, + }, { + .key = "\x67\x4f\xeb\x62\xc5\x40\x01\xc7" + "\x28\x80\x9a\xfe\xf6\x41\x74\x12" + "\x48\x65\xfe\xbc\xe2\x80\x57\x68" + "\x3c\xd4\x4d\x31\x7d\x54\x5f\xe1", + .klen = 32, + .iv = "\x76\x18\x79\xca\x09\xdf\xac\x4e" + "\x48\xb7\xc7\x23\xf5\x0a\xa5\x93", + .assoc = "\x85\xe1\x08\x32\x4d\x7e\x56\xd5" + "\x68\xed\xf3\x47\xf3\xd3\xd6\x15" + "\xdd\xc7\x04\xfe\x64\xd0\x18\x75" + "\x9d\xeb\xbc\x1d\xea\x84\x2e\x4c" + "\x83\xf9\xbe\x8a\xef\x1c\x4b\x10" + "\x89\xaf\xcb\x4b\xfe\xe7\xc1\x58" + "\xca\xea\xc6\x87\xc0\x53\x03\xd9" + "\x80\xaa\xb2\x83\xff\xee\xa1\x6a" + "\x04", + .alen = 65, + .input = "\x85\x39\x69\x35\xfb\xf9\xb0\xa6" + "\x85\x43\x88\xd0\xd7\x78\x60\x19" + "\x3e\x1f\xb1\xa4\xd6\xc5\x96\xec" + "\xf7\x84\x85\xc7\x27\x0f\x74\x57" + "\x28\x9e\xdd\x90\x3c\x43\x12\xc5" + "\x51\x3d\x39\x8f\xa5\xf4\xe0\x0b" + "\x57\x04\xf1\x6d\xfe\x9b\x84\x27" + "\xe8\xeb\x4d\xda\x02\x0a\xc5\x49" + "\x1a\x55\x5e\x50\x56\x4d\x94\xda" + "\x20\xf8\x12\x54\x50\xb3\x11\xda" + "\xed\x44\x27\x67\xd5\xd1\x8b\x4b" + "\x38\x67\x56\x65\x59\xda\xe6\x97" + "\x81\xae\x2f\x92\x3b\xae\x22\x1c" + "\x91\x59\x38\x18\x00\xe8\xba\x92" + "\x04\x19\x56\xdf\xb0\x82\xeb\x6f" + "\x2e\xdb\x54\x3c\x4b\xbb\x60\x90" + "\x4c\x50\x10\x62\xba\x7a\xb1\x68" + "\x37\xd7\x87\x4e\xe4\x66\x09\x1f" + "\xa5", + .ilen = 145, + .result = "\x94\xaa\x96\x9a\x91\x1d\x00\x5c" + "\x88\x24\x20\x6b\xf2\x9c\x06\x96" + "\xa7\x77\x87\x1f\xa6\x78\xf8\x7b" + "\xcd\xf6\xf4\x13\xa1\x9b\x16\x02" + "\x07\x24\xbf\xd5\x08\x20\xd0\x4f" + "\x90\xb3\x70\x24\x2f\x51\xc7\xbb" + "\xd6\x84\xc0\xef\x9a\xa8\xca\xcc" + "\x74\xab\x97\x53\xfe\xd0\xdb\x37" + "\x37\x6a\x0e\x9f\x3f\xa3\x2a\xe3" + "\x1b\x34\x6d\x51\x72\x2b\x17\xe7" + "\x4d\xaa\x2c\x18\xda\xa3\x33\x89" + "\x2a\x9f\xf4\xd2\xed\x76\x3d\x3f" + "\x3c\x15\x9d\x8e\x4f\x3c\x27\xb0" + "\x42\x3f\x2f\x8a\xd4\xc2\x10\xb2" + "\x27\x7f\xe3\x34\x80\x02\x49\x4b" + "\x07\x68\x22\x2a\x88\x25\x53\xb2" + "\x2f", + .rlen = 129, + }, { + .key = "\xa3\x73\x24\x01\xd5\xbc\xaa\xe3" + "\xa9\x5a\x4c\x90\xf0\x65\x37\x18" + "\x72\x28\x0a\x40\xe7\x20\xd9\x82" + "\xfe\x02\x2b\x09\x57\xb3\xfe\xb7", + .klen = 32, + .iv = "\xb3\x3d\xb3\x69\x19\x5b\x54\x6a" + "\xc9\x91\x79\xb4\xef\x2e\x68\x99", + .assoc = "\xc2\x06\x41\xd1\x5d\xfa\xff\xf1" + "\xe9\xc7\xa5\xd9\xed\xf8\x98\x1b" + "\x07\x89\x10\x82\x6a\x70\x9a\x8f" + "\x5e\x19\x9b\xf5\xc5\xe3\xcd\x22" + "\x92\xa5\xc2\xb8\x51\x2e\x5e\x0e" + "\xa4\xbe\x5f\xb1\xc1\x90\xd7\xe7" + "\xf7\x52\xae\x28\x29\xa8\x22\xa4" + "\x4f\xae\x48\xc2\xfa\x75\x8b\x9e" + "\xce\x83\x2a\x88\x07\x55\xbb\x89" + "\xf6\xdf\xac\xdf\x83\x08\xbf\x7d" + "\xac\x30\x8b\x8e\x02\xac\x00\xf1" + "\x30\x46\xe1\xbc\x75\xbf\x49\xbb" + "\x26\x4e\x29\xf0\x2f\x21\xc6\x13" + "\x92\xd9\x3d\x11\xe4\x10\x00\x8e" + "\xd4\xd4\x58\x65\xa6\x2b\xe3\x25" + "\xb1\x8f\x15\x93\xe7\x71\xb9\x2c" + "\x4b", + .alen = 129, + .input = "\x7d\xde\x53\x22\xe4\x23\x3b\x30" + "\x78\xde\x35\x90\x7a\xd9\x0b\x93" + "\xf6\x0e\x0b\xed\x40\xee\x10\x9c" + "\x96\x3a\xd3\x34\xb2\xd0\x67\xcf" + "\x63\x7f\x2d\x0c\xcf\x96\xec\x64" + "\x1a\x87\xcc\x7d\x2c\x5e\x81\x4b" + "\xd2\x8f\x4c\x7c\x00\xb1\xb4\xe0" + "\x87\x4d\xb1\xbc\xd8\x78\x2c\x17" + "\xf2\x3b\xd8\x28\x40\xe2\x76\xf6" + "\x20\x13\x83\x46\xaf\xff\xe3\x0f" + "\x72", + .ilen = 81, + .result = "\xd1\xcf\xd0\x39\xa1\x99\xa9\x78" + "\x09\xfe\xd2\xfd\xec\xc1\xc9\x9d" + "\xd2\x39\x93\xa3\xab\x18\x7a\x95" + "\x8f\x24\xd3\xeb\x7b\xfa\xb5\xd8" + "\x15\xd1\xc3\x04\x69\x32\xe3\x4d" + "\xaa\xc2\x04\x8b\xf2\xfa\xdc\x4a" + "\x02\xeb\xa8\x90\x03\xfd\xea\x97" + "\x43\xaf\x2e\x92\xf8\x57\xc5\x6a" + "\x00", + .rlen = 65, + }, { + .key = "\xe0\x98\x5e\xa1\xe5\x38\x53\xff" + "\x2a\x35\xfe\x21\xea\x8a\xfa\x1e" + "\x9c\xea\x15\xc5\xec\xc0\x5b\x9b" + "\xbf\x2f\x0a\xe1\x32\x12\x9d\x8e", + .klen = 32, + .iv = "\xef\x61\xed\x08\x29\xd7\xfd\x86" + "\x4a\x6b\x2b\x46\xe9\x53\x2a\xa0", + .assoc = "\xfe\x2a\x7b\x70\x6d\x75\xa7\x0d" + "\x6a\xa2\x57\x6a\xe7\x1c\x5b\x21" + "\x31\x4b\x1b\x07\x6f\x10\x1c\xa8" + "\x20\x46\x7a\xce\x9f\x42\x6d\xf9", + .alen = 32, + .input = "\x5a\xcd\x8c\x57\xf2\x6a\xb6\xbe" + "\x53\xc7\xaa\x9a\x60\x74\x9c\xc4" + "\xa2\xc2\xd0\x6d\xe1\x03\x63\xdc" + "\xbb\x51\x7e\x9c\x89\x73\xde\x4e" + "\x24\xf8\x52\x7c\x15\x41\x0e\xba" + "\x69\x0e\x36\x5f\x2f\x22\x8c", + .ilen = 47, + .result = "\x0d\xf4\x09\xd8\xb1\x14\x51\x94" + "\x8a\xd8\x84\x8e\xe6\xe5\x8c\xa3" + "\xfc\xfc\x9e\x28\xb0\xb8\xfc\xaf" + "\x50\x52\xb1\xc4\x55\x59\x55\xaf", + .rlen = 32, + }, { + .key = "\x1c\xbd\x98\x40\xf5\xb3\xfc\x1b" + "\xaa\x0f\xb0\xb3\xe4\xae\xbc\x24" + "\xc7\xac\x21\x49\xf1\x60\xdd\xb5" + "\x80\x5d\xe9\xba\x0c\x71\x3c\x64", + .klen = 32, + .iv = "\x2c\x86\x26\xa8\x39\x52\xa6\xa2" + "\xcb\x45\xdd\xd7\xe3\x77\xed\xa6", + .assoc = "\x3b\x4f\xb5\x10\x7d\xf1\x50\x29" + "\xeb\x7c\x0a\xfb\xe1\x40\x1e\x27" + "\x5c\x0d\x27\x8b\x74\xb0\x9e\xc2" + "\xe1\x74\x59\xa6\x79\xa1\x0c\xd0", + .alen = 32, + .input = "\x47\xd6\xce\x78\xd6\xbf\x4a\x51" + "\xb8\xda\x92\x3c\xfd\xda\xac\x8e" + "\x8d\x88\xd7\x4d\x90\xe5\xeb\xa1" + "\xab\xd6\x7c\x76\xad\xea\x7d\x76" + "\x53\xee\xb0\xcd\xd0\x02\xbb\x70" + "\x5b\x6f\x7b\xe2\x8c\xe8", + .ilen = 46, + .result = "\x4a\x18\x43\x77\xc1\x90\xfa\xb0" + "\x0b\xb2\x36\x20\xe0\x09\x4e\xa9" + "\x26\xbe\xaa\xac\xb5\x58\x7e\xc8" + "\x11\x7f\x90\x9c\x2f\xb8\xf4\x85", + .rlen = 32, + }, { + .key = "\x59\xe1\xd2\xdf\x05\x2f\xa4\x37" + "\x2b\xe9\x63\x44\xde\xd3\x7f\x2b" + "\xf1\x6f\x2d\xcd\xf6\x00\x5f\xcf" + "\x42\x8a\xc8\x92\xe6\xd0\xdc\x3b", + .klen = 32, + .iv = "\x68\xab\x60\x47\x49\xce\x4f\xbe" + "\x4c\x20\x8f\x68\xdd\x9c\xb0\xac", + .assoc = "\x77\x74\xee\xaf\x8d\x6d\xf9\x45" + "\x6c\x56\xbc\x8d\xdb\x65\xe0\x2e" + "\x86\xd0\x32\x0f\x79\x50\x20\xdb" + "\xa2\xa1\x37\x7e\x53\x00\xab\xa6", + .alen = 32, + .input = "\x9f\xa9\x2b\xa4\x8f\x00\x05\x2b" + "\xe7\x68\x81\x51\xbb\xfb\xdf\x60" + "\xbb\xac\xe8\xc1\xdc\x68\xae\x68" + "\x3a\xcd\x7a\x06\x49\xfe\x80\x11" + "\xe6\x61\x99\xe2\xdd\xbe\x2c\xbf", + .ilen = 40, + .result = "\x86\x3d\x7d\x17\xd1\x0c\xa3\xcc" + "\x8c\x8d\xe8\xb1\xda\x2e\x11\xaf" + "\x51\x80\xb5\x30\xba\xf8\x00\xe2" + "\xd3\xad\x6f\x75\x09\x18\x93\x5c", + .rlen = 32, + }, { + .key = "\x96\x06\x0b\x7f\x15\xab\x4d\x53" + "\xac\xc3\x15\xd6\xd8\xf7\x42\x31" + "\x1b\x31\x38\x51\xfc\xa0\xe1\xe8" + "\x03\xb8\xa7\x6b\xc0\x2f\x7b\x11", + .klen = 32, + .iv = "\xa5\xcf\x9a\xe6\x59\x4a\xf7\xd9" + "\xcd\xfa\x41\xfa\xd7\xc0\x72\xb2", + .assoc = "\xb4\x99\x28\x4e\x9d\xe8\xa2\x60" + "\xed\x30\x6e\x1e\xd5\x89\xa3\x34" + "\xb1\x92\x3e\x93\x7e\xf0\xa2\xf5" + "\x64\xcf\x16\x57\x2d\x5f\x4a\x7d", + .alen = 32, + .input = "\xe2\x34\xfa\x25\xfd\xfb\x89\x5e" + "\x5b\x4e\x0b\x15\x6e\x39\xfb\x0c" + "\x73\xc7\xd9\x6b\xbe\xce\x9b\x70" + "\xc7\x4f\x96\x16\x03\xfc\xea\xfb" + "\x56", + .ilen = 33, + .result = "\xc3\x62\xb7\xb6\xe2\x87\x4c\xe7" + "\x0d\x67\x9a\x43\xd4\x52\xd4\xb5" + "\x7b\x43\xc1\xb5\xbf\x98\x82\xfc" + "\x94\xda\x4e\x4d\xe4\x77\x32\x32", + .rlen = 32, + }, +}; + /* * All key wrapping test vectors taken from * http://csrc.nist.gov/groups/STM/cavp/documents/mac/kwtestvectors.zip @@ -27385,35 +26023,31 @@ static const struct aead_testvec rfc7539esp_dec_tv_template[] = { * semiblock of the ciphertext from the test vector. For decryption, iv is * the first semiblock of the ciphertext. */ -static const struct cipher_testvec aes_kw_enc_tv_template[] = { +static const struct cipher_testvec aes_kw_tv_template[] = { { .key = "\x75\x75\xda\x3a\x93\x60\x7c\xc2" "\xbf\xd8\xce\xc7\xaa\xdf\xd9\xa6", .klen = 16, - .input = "\x42\x13\x6d\x3c\x38\x4a\x3e\xea" + .ptext = "\x42\x13\x6d\x3c\x38\x4a\x3e\xea" "\xc9\x5a\x06\x6f\xd2\x8f\xed\x3f", - .ilen = 16, - .result = "\xf6\x85\x94\x81\x6f\x64\xca\xa3" + .ctext = "\xf6\x85\x94\x81\x6f\x64\xca\xa3" "\xf5\x6f\xab\xea\x25\x48\xf5\xfb", - .rlen = 16, - .iv_out = "\x03\x1f\x6b\xd7\xe6\x1e\x64\x3d", - }, -}; - -static const struct cipher_testvec aes_kw_dec_tv_template[] = { - { + .len = 16, + .iv = "\x03\x1f\x6b\xd7\xe6\x1e\x64\x3d", + .generates_iv = true, + }, { .key = "\x80\xaa\x99\x73\x27\xa4\x80\x6b" "\x6a\x7a\x41\xa5\x2b\x86\xc3\x71" "\x03\x86\xf9\x32\x78\x6e\xf7\x96" "\x76\xfa\xfb\x90\xb8\x26\x3c\x5f", .klen = 32, - .input = "\xd3\x3d\x3d\x97\x7b\xf0\xa9\x15" - "\x59\xf9\x9c\x8a\xcd\x29\x3d\x43", - .ilen = 16, - .result = "\x0a\x25\x6b\xa7\x5c\xfa\x03\xaa" + .ptext = "\x0a\x25\x6b\xa7\x5c\xfa\x03\xaa" "\xa0\x2b\xa9\x42\x03\xf1\x5b\xaa", - .rlen = 16, + .ctext = "\xd3\x3d\x3d\x97\x7b\xf0\xa9\x15" + "\x59\xf9\x9c\x8a\xcd\x29\x3d\x43", + .len = 16, .iv = "\x42\x3c\x96\x0d\x8a\x2a\xc4\xc1", + .generates_iv = true, }, }; @@ -28340,36 +26974,33 @@ static const struct drbg_testvec drbg_nopr_ctr_aes128_tv_template[] = { }; /* Cast5 test vectors from RFC 2144 */ -static const struct cipher_testvec cast5_enc_tv_template[] = { +static const struct cipher_testvec cast5_tv_template[] = { { .key = "\x01\x23\x45\x67\x12\x34\x56\x78" "\x23\x45\x67\x89\x34\x56\x78\x9a", .klen = 16, - .input = "\x01\x23\x45\x67\x89\xab\xcd\xef", - .ilen = 8, - .result = "\x23\x8b\x4f\xe5\x84\x7e\x44\xb2", - .rlen = 8, + .ptext = "\x01\x23\x45\x67\x89\xab\xcd\xef", + .ctext = "\x23\x8b\x4f\xe5\x84\x7e\x44\xb2", + .len = 8, }, { .key = "\x01\x23\x45\x67\x12\x34\x56\x78" "\x23\x45", .klen = 10, - .input = "\x01\x23\x45\x67\x89\xab\xcd\xef", - .ilen = 8, - .result = "\xeb\x6a\x71\x1a\x2c\x02\x27\x1b", - .rlen = 8, + .ptext = "\x01\x23\x45\x67\x89\xab\xcd\xef", + .ctext = "\xeb\x6a\x71\x1a\x2c\x02\x27\x1b", + .len = 8, }, { .key = "\x01\x23\x45\x67\x12", .klen = 5, - .input = "\x01\x23\x45\x67\x89\xab\xcd\xef", - .ilen = 8, - .result = "\x7a\xc8\x16\xd1\x6e\x9b\x30\x2e", - .rlen = 8, + .ptext = "\x01\x23\x45\x67\x89\xab\xcd\xef", + .ctext = "\x7a\xc8\x16\xd1\x6e\x9b\x30\x2e", + .len = 8, }, { /* Generated from TF test vectors */ .key = "\x85\x62\x3F\x1C\xF9\xD6\x1C\xF9" "\xD6\xB3\x90\x6D\x4A\x90\x6D\x4A", .klen = 16, .iv = "\xE2\x24\x89\xEE\x53\xB8\x1D\x5F", - .input = "\x56\xED\x84\x1B\x8F\x26\xBD\x31" + .ptext = "\x56\xED\x84\x1B\x8F\x26\xBD\x31" "\xC8\x5F\xF6\x6A\x01\x98\x0C\xA3" "\x3A\xD1\x45\xDC\x73\x0A\x7E\x15" "\xAC\x20\xB7\x4E\xE5\x59\xF0\x87" @@ -28431,8 +27062,7 @@ static const struct cipher_testvec cast5_enc_tv_template[] = { "\xF8\x8F\x03\x9A\x31\xC8\x3C\xD3" "\x6A\x01\x75\x0C\xA3\x17\xAE\x45" "\xDC\x50\xE7\x7E\x15\x89\x20\xB7", - .ilen = 496, - .result = "\x8D\xFC\x81\x9C\xCB\xAA\x5A\x1C" + .ctext = "\x8D\xFC\x81\x9C\xCB\xAA\x5A\x1C" "\x7E\x95\xCF\x40\xAB\x4D\x6F\xEA" "\xD3\xD9\xB0\x9A\xB7\xC7\xE0\x2E" "\xD1\x39\x34\x92\x8F\xFA\x14\xF1" @@ -28494,181 +27124,20 @@ static const struct cipher_testvec cast5_enc_tv_template[] = { "\x5D\x0B\x3F\x03\x8F\x30\xF9\xAE" "\x4F\xFE\x24\x9C\x9A\x02\xE5\x57" "\xF5\xBC\x25\xD6\x02\x56\x57\x1C", - .rlen = 496, + .len = 496, .also_non_np = 1, .np = 3, .tap = { 496 - 20, 4, 16 }, }, }; -static const struct cipher_testvec cast5_dec_tv_template[] = { - { - .key = "\x01\x23\x45\x67\x12\x34\x56\x78" - "\x23\x45\x67\x89\x34\x56\x78\x9a", - .klen = 16, - .input = "\x23\x8b\x4f\xe5\x84\x7e\x44\xb2", - .ilen = 8, - .result = "\x01\x23\x45\x67\x89\xab\xcd\xef", - .rlen = 8, - }, { - .key = "\x01\x23\x45\x67\x12\x34\x56\x78" - "\x23\x45", - .klen = 10, - .input = "\xeb\x6a\x71\x1a\x2c\x02\x27\x1b", - .ilen = 8, - .result = "\x01\x23\x45\x67\x89\xab\xcd\xef", - .rlen = 8, - }, { - .key = "\x01\x23\x45\x67\x12", - .klen = 5, - .input = "\x7a\xc8\x16\xd1\x6e\x9b\x30\x2e", - .ilen = 8, - .result = "\x01\x23\x45\x67\x89\xab\xcd\xef", - .rlen = 8, - }, { /* Generated from TF test vectors */ - .key = "\x85\x62\x3F\x1C\xF9\xD6\x1C\xF9" - "\xD6\xB3\x90\x6D\x4A\x90\x6D\x4A", - .klen = 16, - .iv = "\xE2\x24\x89\xEE\x53\xB8\x1D\x5F", - .input = "\x8D\xFC\x81\x9C\xCB\xAA\x5A\x1C" - "\x7E\x95\xCF\x40\xAB\x4D\x6F\xEA" - "\xD3\xD9\xB0\x9A\xB7\xC7\xE0\x2E" - "\xD1\x39\x34\x92\x8F\xFA\x14\xF1" - "\xD5\xD2\x7B\x59\x1F\x35\x28\xC2" - "\x20\xD9\x42\x06\xC9\x0B\x10\x04" - "\xF8\x79\xCD\x32\x86\x75\x4C\xB6" - "\x7B\x1C\x52\xB1\x91\x64\x22\x4B" - "\x13\xC7\xAE\x98\x0E\xB5\xCF\x6F" - "\x3F\xF4\x43\x96\x73\x0D\xA2\x05" - "\xDB\xFD\x28\x90\x2C\x56\xB9\x37" - "\x5B\x69\x0C\xAD\x84\x67\xFF\x15" - "\x4A\xD4\xA7\xD3\xDD\x99\x47\x3A" - "\xED\x34\x35\x78\x6B\x91\xC9\x32" - "\xE1\xBF\xBC\xB4\x04\x85\x6A\x39" - "\xC0\xBA\x51\xD0\x0F\x4E\xD1\xE2" - "\x1C\xFD\x0E\x05\x07\xF4\x10\xED" - "\xA2\x17\xFF\xF5\x64\xC6\x1A\x22" - "\xAD\x78\xE7\xD7\x11\xE9\x99\xB9" - "\xAA\xEC\x6F\xF8\x3B\xBF\xCE\x77" - "\x93\xE8\xAD\x1D\x50\x6C\xAE\xBC" - "\xBA\x5C\x80\xD1\x91\x65\x51\x1B" - "\xE8\x0A\xCD\x99\x96\x71\x3D\xB6" - "\x78\x75\x37\x55\xC1\xF5\x90\x40" - "\x34\xF4\x7E\xC8\xCC\x3A\x5F\x6E" - "\x36\xA1\xA1\xC2\x3A\x72\x42\x8E" - "\x0E\x37\x88\xE8\xCE\x83\xCB\xAD" - "\xE0\x69\x77\x50\xC7\x0C\x99\xCA" - "\x19\x5B\x30\x25\x9A\xEF\x9B\x0C" - "\xEF\x8F\x74\x4C\xCF\x49\x4E\xB9" - "\xC5\xAE\x9E\x2E\x78\x9A\xB9\x48" - "\xD5\x81\xE4\x37\x1D\xBF\x27\xD9" - "\xC5\xD6\x65\x43\x45\x8C\xBB\xB6" - "\x55\xF4\x06\xBB\x49\x53\x8B\x1B" - "\x07\xA9\x96\x69\x5B\xCB\x0F\xBC" - "\x93\x85\x90\x0F\x0A\x68\x40\x2A" - "\x95\xED\x2D\x88\xBF\x71\xD0\xBB" - "\xEC\xB0\x77\x6C\x79\xFC\x3C\x05" - "\x49\x3F\xB8\x24\xEF\x8E\x09\xA2" - "\x1D\xEF\x92\x02\x96\xD4\x7F\xC8" - "\x03\xB2\xCA\xDB\x17\x5C\x52\xCF" - "\xDD\x70\x37\x63\xAA\xA5\x83\x20" - "\x52\x02\xF6\xB9\xE7\x6E\x0A\xB6" - "\x79\x03\xA0\xDA\xA3\x79\x21\xBD" - "\xE3\x37\x3A\xC0\xF7\x2C\x32\xBE" - "\x8B\xE8\xA6\x00\xC7\x32\xD5\x06" - "\xBB\xE3\xAB\x06\x21\x82\xB8\x32" - "\x31\x34\x2A\xA7\x1F\x64\x99\xBF" - "\xFA\xDA\x3D\x75\xF7\x48\xD5\x48" - "\x4B\x52\x7E\xF6\x7C\xAB\x67\x59" - "\xC5\xDC\xA8\xC6\x63\x85\x4A\xDF" - "\xF0\x40\x5F\xCF\xE3\x58\x52\x67" - "\x7A\x24\x32\xC5\xEC\x9E\xA9\x6F" - "\x58\x56\xDD\x94\x1F\x71\x8D\xF4" - "\x6E\xFF\x2C\xA7\xA5\xD8\xBA\xAF" - "\x1D\x8B\xA2\x46\xB5\xC4\x9F\x57" - "\x8D\xD8\xB3\x3C\x02\x0D\xBB\x84" - "\xC7\xBD\xB4\x9A\x6E\xBB\xB1\x37" - "\x95\x79\xC4\xA7\xEA\x1D\xDC\x33" - "\x5D\x0B\x3F\x03\x8F\x30\xF9\xAE" - "\x4F\xFE\x24\x9C\x9A\x02\xE5\x57" - "\xF5\xBC\x25\xD6\x02\x56\x57\x1C", - .ilen = 496, - .result = "\x56\xED\x84\x1B\x8F\x26\xBD\x31" - "\xC8\x5F\xF6\x6A\x01\x98\x0C\xA3" - "\x3A\xD1\x45\xDC\x73\x0A\x7E\x15" - "\xAC\x20\xB7\x4E\xE5\x59\xF0\x87" - "\x1E\x92\x29\xC0\x34\xCB\x62\xF9" - "\x6D\x04\x9B\x0F\xA6\x3D\xD4\x48" - "\xDF\x76\x0D\x81\x18\xAF\x23\xBA" - "\x51\xE8\x5C\xF3\x8A\x21\x95\x2C" - "\xC3\x37\xCE\x65\xFC\x70\x07\x9E" - "\x12\xA9\x40\xD7\x4B\xE2\x79\x10" - "\x84\x1B\xB2\x26\xBD\x54\xEB\x5F" - "\xF6\x8D\x01\x98\x2F\xC6\x3A\xD1" - "\x68\xFF\x73\x0A\xA1\x15\xAC\x43" - "\xDA\x4E\xE5\x7C\x13\x87\x1E\xB5" - "\x29\xC0\x57\xEE\x62\xF9\x90\x04" - "\x9B\x32\xC9\x3D\xD4\x6B\x02\x76" - "\x0D\xA4\x18\xAF\x46\xDD\x51\xE8" - "\x7F\x16\x8A\x21\xB8\x2C\xC3\x5A" - "\xF1\x65\xFC\x93\x07\x9E\x35\xCC" - "\x40\xD7\x6E\x05\x79\x10\xA7\x1B" - "\xB2\x49\xE0\x54\xEB\x82\x19\x8D" - "\x24\xBB\x2F\xC6\x5D\xF4\x68\xFF" - "\x96\x0A\xA1\x38\xCF\x43\xDA\x71" - "\x08\x7C\x13\xAA\x1E\xB5\x4C\xE3" - "\x57\xEE\x85\x1C\x90\x27\xBE\x32" - "\xC9\x60\xF7\x6B\x02\x99\x0D\xA4" - "\x3B\xD2\x46\xDD\x74\x0B\x7F\x16" - "\xAD\x21\xB8\x4F\xE6\x5A\xF1\x88" - "\x1F\x93\x2A\xC1\x35\xCC\x63\xFA" - "\x6E\x05\x9C\x10\xA7\x3E\xD5\x49" - "\xE0\x77\x0E\x82\x19\xB0\x24\xBB" - "\x52\xE9\x5D\xF4\x8B\x22\x96\x2D" - "\xC4\x38\xCF\x66\xFD\x71\x08\x9F" - "\x13\xAA\x41\xD8\x4C\xE3\x7A\x11" - "\x85\x1C\xB3\x27\xBE\x55\xEC\x60" - "\xF7\x8E\x02\x99\x30\xC7\x3B\xD2" - "\x69\x00\x74\x0B\xA2\x16\xAD\x44" - "\xDB\x4F\xE6\x7D\x14\x88\x1F\xB6" - "\x2A\xC1\x58\xEF\x63\xFA\x91\x05" - "\x9C\x33\xCA\x3E\xD5\x6C\x03\x77" - "\x0E\xA5\x19\xB0\x47\xDE\x52\xE9" - "\x80\x17\x8B\x22\xB9\x2D\xC4\x5B" - "\xF2\x66\xFD\x94\x08\x9F\x36\xCD" - "\x41\xD8\x6F\x06\x7A\x11\xA8\x1C" - "\xB3\x4A\xE1\x55\xEC\x83\x1A\x8E" - "\x25\xBC\x30\xC7\x5E\xF5\x69\x00" - "\x97\x0B\xA2\x39\xD0\x44\xDB\x72" - "\x09\x7D\x14\xAB\x1F\xB6\x4D\xE4" - "\x58\xEF\x86\x1D\x91\x28\xBF\x33" - "\xCA\x61\xF8\x6C\x03\x9A\x0E\xA5" - "\x3C\xD3\x47\xDE\x75\x0C\x80\x17" - "\xAE\x22\xB9\x50\xE7\x5B\xF2\x89" - "\x20\x94\x2B\xC2\x36\xCD\x64\xFB" - "\x6F\x06\x9D\x11\xA8\x3F\xD6\x4A" - "\xE1\x78\x0F\x83\x1A\xB1\x25\xBC" - "\x53\xEA\x5E\xF5\x8C\x00\x97\x2E" - "\xC5\x39\xD0\x67\xFE\x72\x09\xA0" - "\x14\xAB\x42\xD9\x4D\xE4\x7B\x12" - "\x86\x1D\xB4\x28\xBF\x56\xED\x61" - "\xF8\x8F\x03\x9A\x31\xC8\x3C\xD3" - "\x6A\x01\x75\x0C\xA3\x17\xAE\x45" - "\xDC\x50\xE7\x7E\x15\x89\x20\xB7", - .rlen = 496, - .also_non_np = 1, - .np = 3, - .tap = { 496 - 20, 4, 16 }, - }, -}; - -static const struct cipher_testvec cast5_cbc_enc_tv_template[] = { +static const struct cipher_testvec cast5_cbc_tv_template[] = { { /* Generated from TF test vectors */ .key = "\x85\x62\x3F\x1C\xF9\xD6\x1C\xF9" "\xD6\xB3\x90\x6D\x4A\x90\x6D\x4A", .klen = 16, .iv = "\xE2\x24\x89\xEE\x53\xB8\x1D\x5F", - .input = "\x56\xED\x84\x1B\x8F\x26\xBD\x31" + .ptext = "\x56\xED\x84\x1B\x8F\x26\xBD\x31" "\xC8\x5F\xF6\x6A\x01\x98\x0C\xA3" "\x3A\xD1\x45\xDC\x73\x0A\x7E\x15" "\xAC\x20\xB7\x4E\xE5\x59\xF0\x87" @@ -28730,83 +27199,7 @@ static const struct cipher_testvec cast5_cbc_enc_tv_template[] = { "\xF8\x8F\x03\x9A\x31\xC8\x3C\xD3" "\x6A\x01\x75\x0C\xA3\x17\xAE\x45" "\xDC\x50\xE7\x7E\x15\x89\x20\xB7", - .ilen = 496, - .result = "\x05\x28\xCE\x61\x90\x80\xE1\x78" - "\xB9\x2A\x97\x7C\xB0\x83\xD8\x1A" - "\xDE\x58\x7F\xD7\xFD\x72\xB8\xFB" - "\xDA\xF0\x6E\x77\x14\x47\x82\xBA" - "\x29\x0E\x25\x6E\xB4\x39\xD9\x7F" - "\x05\xA7\xA7\x3A\xC1\x5D\x9E\x39" - "\xA7\xFB\x0D\x05\x00\xF3\x58\x67" - "\x60\xEC\x73\x77\x46\x85\x9B\x6A" - "\x08\x3E\xBE\x59\xFB\xE4\x96\x34" - "\xB4\x05\x49\x1A\x97\x43\xAD\xA0" - "\xA9\x1E\x6E\x74\xF1\x94\xEC\xA8" - "\xB5\x8A\x20\xEA\x89\x6B\x19\xAA" - "\xA7\xF1\x33\x67\x90\x23\x0D\xEE" - "\x81\xD5\x78\x4F\xD3\x63\xEA\x46" - "\xB5\xB2\x6E\xBB\xCA\x76\x06\x10" - "\x96\x2A\x0A\xBA\xF9\x41\x5A\x1D" - "\x36\x7C\x56\x14\x54\x83\xFA\xA1" - "\x27\xDD\xBA\x8A\x90\x29\xD6\xA6" - "\xFA\x48\x3E\x1E\x23\x6E\x98\xA8" - "\xA7\xD9\x67\x92\x5C\x13\xB4\x71" - "\xA8\xAA\x89\x4A\xA4\xB3\x49\x7C" - "\x7D\x7F\xCE\x6F\x29\x2E\x7E\x37" - "\xC8\x52\x60\xD9\xE7\xCA\x60\x98" - "\xED\xCD\xE8\x60\x83\xAD\x34\x4D" - "\x96\x4A\x99\x2B\xB7\x14\x75\x66" - "\x6C\x2C\x1A\xBA\x4B\xBB\x49\x56" - "\xE1\x86\xA2\x0E\xD0\xF0\x07\xD3" - "\x18\x38\x09\x9C\x0E\x8B\x86\x07" - "\x90\x12\x37\x49\x27\x98\x69\x18" - "\xB0\xCC\xFB\xD3\xBD\x04\xA0\x85" - "\x4B\x22\x97\x07\xB6\x97\xE9\x95" - "\x0F\x88\x36\xA9\x44\x00\xC6\xE9" - "\x27\x53\x5C\x5B\x1F\xD3\xE2\xEE" - "\xD0\xCD\x63\x30\xA9\xC0\xDD\x49" - "\xFE\x16\xA4\x07\x0D\xE2\x5D\x97" - "\xDE\x89\xBA\x2E\xF3\xA9\x5E\xBE" - "\x03\x55\x0E\x02\x41\x4A\x45\x06" - "\xBE\xEA\x32\xF2\xDC\x91\x5C\x20" - "\x94\x02\x30\xD2\xFC\x29\xFA\x8E" - "\x34\xA0\x31\xB8\x34\xBA\xAE\x54" - "\xB5\x88\x1F\xDC\x43\xDC\x22\x9F" - "\xDC\xCE\xD3\xFA\xA4\xA8\xBC\x8A" - "\xC7\x5A\x43\x21\xA5\xB1\xDB\xC3" - "\x84\x3B\xB4\x9B\xB5\xA7\xF1\x0A" - "\xB6\x37\x21\x19\x55\xC2\xBD\x99" - "\x49\x24\xBB\x7C\xB3\x8E\xEF\xD2" - "\x3A\xCF\xA0\x31\x28\x0E\x25\xA2" - "\x11\xB4\x18\x17\x1A\x65\x92\x56" - "\xE8\xE0\x52\x9C\x61\x18\x2A\xB1" - "\x1A\x01\x22\x45\x17\x62\x52\x6C" - "\x91\x44\xCF\x98\xC7\xC0\x79\x26" - "\x32\x66\x6F\x23\x7F\x94\x36\x88" - "\x3C\xC9\xD0\xB7\x45\x30\x31\x86" - "\x3D\xC6\xA3\x98\x62\x84\x1A\x8B" - "\x16\x88\xC7\xA3\xE9\x4F\xE0\x86" - "\xA4\x93\xA8\x34\x5A\xCA\xDF\xCA" - "\x46\x38\xD2\xF4\xE0\x2D\x1E\xC9" - "\x7C\xEF\x53\xB7\x60\x72\x41\xBF" - "\x29\x00\x87\x02\xAF\x44\x4C\xB7" - "\x8C\xF5\x3F\x19\xF4\x80\x45\xA7" - "\x15\x5F\xDB\xE9\xB1\x83\xD2\xE6" - "\x1D\x18\x66\x44\x5B\x8F\x14\xEB", - .rlen = 496, - .also_non_np = 1, - .np = 3, - .tap = { 496 - 20, 4, 16 }, - }, -}; - -static const struct cipher_testvec cast5_cbc_dec_tv_template[] = { - { /* Generated from TF test vectors */ - .key = "\x85\x62\x3F\x1C\xF9\xD6\x1C\xF9" - "\xD6\xB3\x90\x6D\x4A\x90\x6D\x4A", - .klen = 16, - .iv = "\xE2\x24\x89\xEE\x53\xB8\x1D\x5F", - .input = "\x05\x28\xCE\x61\x90\x80\xE1\x78" + .ctext = "\x05\x28\xCE\x61\x90\x80\xE1\x78" "\xB9\x2A\x97\x7C\xB0\x83\xD8\x1A" "\xDE\x58\x7F\xD7\xFD\x72\xB8\xFB" "\xDA\xF0\x6E\x77\x14\x47\x82\xBA" @@ -28868,96 +27261,32 @@ static const struct cipher_testvec cast5_cbc_dec_tv_template[] = { "\x8C\xF5\x3F\x19\xF4\x80\x45\xA7" "\x15\x5F\xDB\xE9\xB1\x83\xD2\xE6" "\x1D\x18\x66\x44\x5B\x8F\x14\xEB", - .ilen = 496, - .result = "\x56\xED\x84\x1B\x8F\x26\xBD\x31" - "\xC8\x5F\xF6\x6A\x01\x98\x0C\xA3" - "\x3A\xD1\x45\xDC\x73\x0A\x7E\x15" - "\xAC\x20\xB7\x4E\xE5\x59\xF0\x87" - "\x1E\x92\x29\xC0\x34\xCB\x62\xF9" - "\x6D\x04\x9B\x0F\xA6\x3D\xD4\x48" - "\xDF\x76\x0D\x81\x18\xAF\x23\xBA" - "\x51\xE8\x5C\xF3\x8A\x21\x95\x2C" - "\xC3\x37\xCE\x65\xFC\x70\x07\x9E" - "\x12\xA9\x40\xD7\x4B\xE2\x79\x10" - "\x84\x1B\xB2\x26\xBD\x54\xEB\x5F" - "\xF6\x8D\x01\x98\x2F\xC6\x3A\xD1" - "\x68\xFF\x73\x0A\xA1\x15\xAC\x43" - "\xDA\x4E\xE5\x7C\x13\x87\x1E\xB5" - "\x29\xC0\x57\xEE\x62\xF9\x90\x04" - "\x9B\x32\xC9\x3D\xD4\x6B\x02\x76" - "\x0D\xA4\x18\xAF\x46\xDD\x51\xE8" - "\x7F\x16\x8A\x21\xB8\x2C\xC3\x5A" - "\xF1\x65\xFC\x93\x07\x9E\x35\xCC" - "\x40\xD7\x6E\x05\x79\x10\xA7\x1B" - "\xB2\x49\xE0\x54\xEB\x82\x19\x8D" - "\x24\xBB\x2F\xC6\x5D\xF4\x68\xFF" - "\x96\x0A\xA1\x38\xCF\x43\xDA\x71" - "\x08\x7C\x13\xAA\x1E\xB5\x4C\xE3" - "\x57\xEE\x85\x1C\x90\x27\xBE\x32" - "\xC9\x60\xF7\x6B\x02\x99\x0D\xA4" - "\x3B\xD2\x46\xDD\x74\x0B\x7F\x16" - "\xAD\x21\xB8\x4F\xE6\x5A\xF1\x88" - "\x1F\x93\x2A\xC1\x35\xCC\x63\xFA" - "\x6E\x05\x9C\x10\xA7\x3E\xD5\x49" - "\xE0\x77\x0E\x82\x19\xB0\x24\xBB" - "\x52\xE9\x5D\xF4\x8B\x22\x96\x2D" - "\xC4\x38\xCF\x66\xFD\x71\x08\x9F" - "\x13\xAA\x41\xD8\x4C\xE3\x7A\x11" - "\x85\x1C\xB3\x27\xBE\x55\xEC\x60" - "\xF7\x8E\x02\x99\x30\xC7\x3B\xD2" - "\x69\x00\x74\x0B\xA2\x16\xAD\x44" - "\xDB\x4F\xE6\x7D\x14\x88\x1F\xB6" - "\x2A\xC1\x58\xEF\x63\xFA\x91\x05" - "\x9C\x33\xCA\x3E\xD5\x6C\x03\x77" - "\x0E\xA5\x19\xB0\x47\xDE\x52\xE9" - "\x80\x17\x8B\x22\xB9\x2D\xC4\x5B" - "\xF2\x66\xFD\x94\x08\x9F\x36\xCD" - "\x41\xD8\x6F\x06\x7A\x11\xA8\x1C" - "\xB3\x4A\xE1\x55\xEC\x83\x1A\x8E" - "\x25\xBC\x30\xC7\x5E\xF5\x69\x00" - "\x97\x0B\xA2\x39\xD0\x44\xDB\x72" - "\x09\x7D\x14\xAB\x1F\xB6\x4D\xE4" - "\x58\xEF\x86\x1D\x91\x28\xBF\x33" - "\xCA\x61\xF8\x6C\x03\x9A\x0E\xA5" - "\x3C\xD3\x47\xDE\x75\x0C\x80\x17" - "\xAE\x22\xB9\x50\xE7\x5B\xF2\x89" - "\x20\x94\x2B\xC2\x36\xCD\x64\xFB" - "\x6F\x06\x9D\x11\xA8\x3F\xD6\x4A" - "\xE1\x78\x0F\x83\x1A\xB1\x25\xBC" - "\x53\xEA\x5E\xF5\x8C\x00\x97\x2E" - "\xC5\x39\xD0\x67\xFE\x72\x09\xA0" - "\x14\xAB\x42\xD9\x4D\xE4\x7B\x12" - "\x86\x1D\xB4\x28\xBF\x56\xED\x61" - "\xF8\x8F\x03\x9A\x31\xC8\x3C\xD3" - "\x6A\x01\x75\x0C\xA3\x17\xAE\x45" - "\xDC\x50\xE7\x7E\x15\x89\x20\xB7", - .rlen = 496, + .len = 496, .also_non_np = 1, .np = 3, .tap = { 496 - 20, 4, 16 }, }, }; -static const struct cipher_testvec cast5_ctr_enc_tv_template[] = { +static const struct cipher_testvec cast5_ctr_tv_template[] = { { /* Generated from TF test vectors */ .key = "\x85\x62\x3F\x1C\xF9\xD6\x1C\xF9" "\xD6\xB3\x90\x6D\x4A\x90\x6D\x4A", .klen = 16, .iv = "\xE2\x24\x89\xEE\x53\xB8\x1D\x5F", - .input = "\x56\xED\x84\x1B\x8F\x26\xBD\x31" + .ptext = "\x56\xED\x84\x1B\x8F\x26\xBD\x31" "\xC8\x5F\xF6\x6A\x01\x98\x0C\xA3" "\x3A", - .ilen = 17, - .result = "\xFF\xC4\x2E\x82\x3D\xF8\xA8\x39" + .ctext = "\xFF\xC4\x2E\x82\x3D\xF8\xA8\x39" "\x7C\x52\xC4\xD3\xBB\x62\xC6\xA8" "\x0C", - .rlen = 17, + .len = 17, }, { /* Generated from TF test vectors */ .key = "\x85\x62\x3F\x1C\xF9\xD6\x1C\xF9" "\xD6\xB3\x90\x6D\x4A\x90\x6D\x4A", .klen = 16, .iv = "\xE2\x24\x89\xEE\x53\xB8\x1D\x5F", - .input = "\x56\xED\x84\x1B\x8F\x26\xBD\x31" + .ptext = "\x56\xED\x84\x1B\x8F\x26\xBD\x31" "\xC8\x5F\xF6\x6A\x01\x98\x0C\xA3" "\x3A\xD1\x45\xDC\x73\x0A\x7E\x15" "\xAC\x20\xB7\x4E\xE5\x59\xF0\x87" @@ -29019,96 +27348,7 @@ static const struct cipher_testvec cast5_ctr_enc_tv_template[] = { "\xF8\x8F\x03\x9A\x31\xC8\x3C\xD3" "\x6A\x01\x75\x0C\xA3\x17\xAE\x45" "\xDC\x50\xE7\x7E\x15\x89\x20\xB7", - .ilen = 496, - .result = "\xFF\xC4\x2E\x82\x3D\xF8\xA8\x39" - "\x7C\x52\xC4\xD3\xBB\x62\xC6\xA8" - "\x0C\x63\xA5\x55\xE3\xF8\x1C\x7F" - "\xDC\x59\xF9\xA0\x52\xAD\x83\xDF" - "\xD5\x3B\x53\x4A\xAA\x1F\x49\x44" - "\xE8\x20\xCC\xF8\x97\xE6\xE0\x3C" - "\x5A\xD2\x83\xEC\xEE\x25\x3F\xCF" - "\x0D\xC2\x79\x80\x99\x6E\xFF\x7B" - "\x64\xB0\x7B\x86\x29\x1D\x9F\x17" - "\x10\xA5\xA5\xEB\x16\x55\x9E\xE3" - "\x88\x18\x52\x56\x48\x58\xD1\x6B" - "\xE8\x74\x6E\x48\xB0\x2E\x69\x63" - "\x32\xAA\xAC\x26\x55\x45\x94\xDE" - "\x30\x26\x26\xE6\x08\x82\x2F\x5F" - "\xA7\x15\x94\x07\x75\x2D\xC6\x3A" - "\x1B\xA0\x39\xFB\xBA\xB9\x06\x56" - "\xF6\x9F\xF1\x2F\x9B\xF3\x89\x8B" - "\x08\xC8\x9D\x5E\x6B\x95\x09\xC7" - "\x98\xB7\x62\xA4\x1D\x25\xFA\xC5" - "\x62\xC8\x5D\x6B\xB4\x85\x88\x7F" - "\x3B\x29\xF9\xB4\x32\x62\x69\xBF" - "\x32\xB8\xEB\xFD\x0E\x26\xAA\xA3" - "\x44\x67\x90\x20\xAC\x41\xDF\x43" - "\xC6\xC7\x19\x9F\x2C\x28\x74\xEB" - "\x3E\x7F\x7A\x80\x5B\xE4\x08\x60" - "\xC7\xC9\x71\x34\x44\xCE\x05\xFD" - "\xA8\x91\xA8\x44\x5E\xD3\x89\x2C" - "\xAE\x59\x0F\x07\x88\x79\x53\x26" - "\xAF\xAC\xCB\x1D\x6F\x08\x25\x62" - "\xD0\x82\x65\x66\xE4\x2A\x29\x1C" - "\x9C\x64\x5F\x49\x9D\xF8\x62\xF9" - "\xED\xC4\x13\x52\x75\xDC\xE4\xF9" - "\x68\x0F\x8A\xCD\xA6\x8D\x75\xAA" - "\x49\xA1\x86\x86\x37\x5C\x6B\x3D" - "\x56\xE5\x6F\xBE\x27\xC0\x10\xF8" - "\x3C\x4D\x17\x35\x14\xDC\x1C\xA0" - "\x6E\xAE\xD1\x10\xDD\x83\x06\xC2" - "\x23\xD3\xC7\x27\x15\x04\x2C\x27" - "\xDD\x1F\x2E\x97\x09\x9C\x33\x7D" - "\xAC\x50\x1B\x2E\xC9\x52\x0C\x14" - "\x4B\x78\xC4\xDE\x07\x6A\x12\x02" - "\x6E\xD7\x4B\x91\xB9\x88\x4D\x02" - "\xC3\xB5\x04\xBC\xE0\x67\xCA\x18" - "\x22\xA1\xAE\x9A\x21\xEF\xB2\x06" - "\x35\xCD\xEC\x37\x70\x2D\xFC\x1E" - "\xA8\x31\xE7\xFC\xE5\x8E\x88\x66" - "\x16\xB5\xC8\x45\x21\x37\xBD\x24" - "\xA9\xD5\x36\x12\x9F\x6E\x67\x80" - "\x87\x54\xD5\xAF\x97\xE1\x15\xA7" - "\x11\xF0\x63\x7B\xE1\x44\x14\x1C" - "\x06\x32\x05\x8C\x6C\xDB\x9B\x36" - "\x6A\x6B\xAD\x3A\x27\x55\x20\x4C" - "\x76\x36\x43\xE8\x16\x60\xB5\xF3" - "\xDF\x5A\xC6\xA5\x69\x78\x59\x51" - "\x54\x68\x65\x06\x84\xDE\x3D\xAE" - "\x38\x91\xBD\xCC\xA2\x8A\xEC\xE6" - "\x9E\x83\xAE\x1E\x8E\x34\x5D\xDE" - "\x91\xCE\x8F\xED\x40\xF7\xC8\x8B" - "\x9A\x13\x4C\xAD\x89\x97\x9E\xD1" - "\x91\x01\xD7\x21\x23\x28\x1E\xCC" - "\x8C\x98\xDB\xDE\xFC\x72\x94\xAA" - "\xC0\x0D\x96\xAA\x23\xF8\xFE\x13", - .rlen = 496, - .also_non_np = 1, - .np = 3, - .tap = { 496 - 20, 4, 16 }, - }, -}; - -static const struct cipher_testvec cast5_ctr_dec_tv_template[] = { - { /* Generated from TF test vectors */ - .key = "\x85\x62\x3F\x1C\xF9\xD6\x1C\xF9" - "\xD6\xB3\x90\x6D\x4A\x90\x6D\x4A", - .klen = 16, - .iv = "\xE2\x24\x89\xEE\x53\xB8\x1D\x5F", - .input = "\xFF\xC4\x2E\x82\x3D\xF8\xA8\x39" - "\x7C\x52\xC4\xD3\xBB\x62\xC6\xA8" - "\x0C", - .ilen = 17, - .result = "\x56\xED\x84\x1B\x8F\x26\xBD\x31" - "\xC8\x5F\xF6\x6A\x01\x98\x0C\xA3" - "\x3A", - .rlen = 17, - }, { /* Generated from TF test vectors */ - .key = "\x85\x62\x3F\x1C\xF9\xD6\x1C\xF9" - "\xD6\xB3\x90\x6D\x4A\x90\x6D\x4A", - .klen = 16, - .iv = "\xE2\x24\x89\xEE\x53\xB8\x1D\x5F", - .input = "\xFF\xC4\x2E\x82\x3D\xF8\xA8\x39" + .ctext = "\xFF\xC4\x2E\x82\x3D\xF8\xA8\x39" "\x7C\x52\xC4\xD3\xBB\x62\xC6\xA8" "\x0C\x63\xA5\x55\xE3\xF8\x1C\x7F" "\xDC\x59\xF9\xA0\x52\xAD\x83\xDF" @@ -29170,70 +27410,7 @@ static const struct cipher_testvec cast5_ctr_dec_tv_template[] = { "\x91\x01\xD7\x21\x23\x28\x1E\xCC" "\x8C\x98\xDB\xDE\xFC\x72\x94\xAA" "\xC0\x0D\x96\xAA\x23\xF8\xFE\x13", - .ilen = 496, - .result = "\x56\xED\x84\x1B\x8F\x26\xBD\x31" - "\xC8\x5F\xF6\x6A\x01\x98\x0C\xA3" - "\x3A\xD1\x45\xDC\x73\x0A\x7E\x15" - "\xAC\x20\xB7\x4E\xE5\x59\xF0\x87" - "\x1E\x92\x29\xC0\x34\xCB\x62\xF9" - "\x6D\x04\x9B\x0F\xA6\x3D\xD4\x48" - "\xDF\x76\x0D\x81\x18\xAF\x23\xBA" - "\x51\xE8\x5C\xF3\x8A\x21\x95\x2C" - "\xC3\x37\xCE\x65\xFC\x70\x07\x9E" - "\x12\xA9\x40\xD7\x4B\xE2\x79\x10" - "\x84\x1B\xB2\x26\xBD\x54\xEB\x5F" - "\xF6\x8D\x01\x98\x2F\xC6\x3A\xD1" - "\x68\xFF\x73\x0A\xA1\x15\xAC\x43" - "\xDA\x4E\xE5\x7C\x13\x87\x1E\xB5" - "\x29\xC0\x57\xEE\x62\xF9\x90\x04" - "\x9B\x32\xC9\x3D\xD4\x6B\x02\x76" - "\x0D\xA4\x18\xAF\x46\xDD\x51\xE8" - "\x7F\x16\x8A\x21\xB8\x2C\xC3\x5A" - "\xF1\x65\xFC\x93\x07\x9E\x35\xCC" - "\x40\xD7\x6E\x05\x79\x10\xA7\x1B" - "\xB2\x49\xE0\x54\xEB\x82\x19\x8D" - "\x24\xBB\x2F\xC6\x5D\xF4\x68\xFF" - "\x96\x0A\xA1\x38\xCF\x43\xDA\x71" - "\x08\x7C\x13\xAA\x1E\xB5\x4C\xE3" - "\x57\xEE\x85\x1C\x90\x27\xBE\x32" - "\xC9\x60\xF7\x6B\x02\x99\x0D\xA4" - "\x3B\xD2\x46\xDD\x74\x0B\x7F\x16" - "\xAD\x21\xB8\x4F\xE6\x5A\xF1\x88" - "\x1F\x93\x2A\xC1\x35\xCC\x63\xFA" - "\x6E\x05\x9C\x10\xA7\x3E\xD5\x49" - "\xE0\x77\x0E\x82\x19\xB0\x24\xBB" - "\x52\xE9\x5D\xF4\x8B\x22\x96\x2D" - "\xC4\x38\xCF\x66\xFD\x71\x08\x9F" - "\x13\xAA\x41\xD8\x4C\xE3\x7A\x11" - "\x85\x1C\xB3\x27\xBE\x55\xEC\x60" - "\xF7\x8E\x02\x99\x30\xC7\x3B\xD2" - "\x69\x00\x74\x0B\xA2\x16\xAD\x44" - "\xDB\x4F\xE6\x7D\x14\x88\x1F\xB6" - "\x2A\xC1\x58\xEF\x63\xFA\x91\x05" - "\x9C\x33\xCA\x3E\xD5\x6C\x03\x77" - "\x0E\xA5\x19\xB0\x47\xDE\x52\xE9" - "\x80\x17\x8B\x22\xB9\x2D\xC4\x5B" - "\xF2\x66\xFD\x94\x08\x9F\x36\xCD" - "\x41\xD8\x6F\x06\x7A\x11\xA8\x1C" - "\xB3\x4A\xE1\x55\xEC\x83\x1A\x8E" - "\x25\xBC\x30\xC7\x5E\xF5\x69\x00" - "\x97\x0B\xA2\x39\xD0\x44\xDB\x72" - "\x09\x7D\x14\xAB\x1F\xB6\x4D\xE4" - "\x58\xEF\x86\x1D\x91\x28\xBF\x33" - "\xCA\x61\xF8\x6C\x03\x9A\x0E\xA5" - "\x3C\xD3\x47\xDE\x75\x0C\x80\x17" - "\xAE\x22\xB9\x50\xE7\x5B\xF2\x89" - "\x20\x94\x2B\xC2\x36\xCD\x64\xFB" - "\x6F\x06\x9D\x11\xA8\x3F\xD6\x4A" - "\xE1\x78\x0F\x83\x1A\xB1\x25\xBC" - "\x53\xEA\x5E\xF5\x8C\x00\x97\x2E" - "\xC5\x39\xD0\x67\xFE\x72\x09\xA0" - "\x14\xAB\x42\xD9\x4D\xE4\x7B\x12" - "\x86\x1D\xB4\x28\xBF\x56\xED\x61" - "\xF8\x8F\x03\x9A\x31\xC8\x3C\xD3" - "\x6A\x01\x75\x0C\xA3\x17\xAE\x45" - "\xDC\x50\xE7\x7E\x15\x89\x20\xB7", - .rlen = 496, + .len = 496, .also_non_np = 1, .np = 3, .tap = { 496 - 20, 4, 16 }, @@ -29243,408 +27420,190 @@ static const struct cipher_testvec cast5_ctr_dec_tv_template[] = { /* * ARC4 test vectors from OpenSSL */ -static const struct cipher_testvec arc4_enc_tv_template[] = { +static const struct cipher_testvec arc4_tv_template[] = { { .key = "\x01\x23\x45\x67\x89\xab\xcd\xef", .klen = 8, - .input = "\x01\x23\x45\x67\x89\xab\xcd\xef", - .ilen = 8, - .result = "\x75\xb7\x87\x80\x99\xe0\xc5\x96", - .rlen = 8, + .ptext = "\x01\x23\x45\x67\x89\xab\xcd\xef", + .ctext = "\x75\xb7\x87\x80\x99\xe0\xc5\x96", + .len = 8, }, { .key = "\x01\x23\x45\x67\x89\xab\xcd\xef", .klen = 8, - .input = "\x00\x00\x00\x00\x00\x00\x00\x00", - .ilen = 8, - .result = "\x74\x94\xc2\xe7\x10\x4b\x08\x79", - .rlen = 8, + .ptext = "\x00\x00\x00\x00\x00\x00\x00\x00", + .ctext = "\x74\x94\xc2\xe7\x10\x4b\x08\x79", + .len = 8, }, { .key = "\x00\x00\x00\x00\x00\x00\x00\x00", .klen = 8, - .input = "\x00\x00\x00\x00\x00\x00\x00\x00", - .ilen = 8, - .result = "\xde\x18\x89\x41\xa3\x37\x5d\x3a", - .rlen = 8, + .ptext = "\x00\x00\x00\x00\x00\x00\x00\x00", + .ctext = "\xde\x18\x89\x41\xa3\x37\x5d\x3a", + .len = 8, }, { .key = "\xef\x01\x23\x45", .klen = 4, - .input = "\x00\x00\x00\x00\x00\x00\x00\x00" + .ptext = "\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00", - .ilen = 20, - .result = "\xd6\xa1\x41\xa7\xec\x3c\x38\xdf" + .ctext = "\xd6\xa1\x41\xa7\xec\x3c\x38\xdf" "\xbd\x61\x5a\x11\x62\xe1\xc7\xba" "\x36\xb6\x78\x58", - .rlen = 20, + .len = 20, }, { .key = "\x01\x23\x45\x67\x89\xab\xcd\xef", .klen = 8, - .input = "\x12\x34\x56\x78\x9A\xBC\xDE\xF0" + .ptext = "\x12\x34\x56\x78\x9A\xBC\xDE\xF0" "\x12\x34\x56\x78\x9A\xBC\xDE\xF0" "\x12\x34\x56\x78\x9A\xBC\xDE\xF0" "\x12\x34\x56\x78", - .ilen = 28, - .result = "\x66\xa0\x94\x9f\x8a\xf7\xd6\x89" + .ctext = "\x66\xa0\x94\x9f\x8a\xf7\xd6\x89" "\x1f\x7f\x83\x2b\xa8\x33\xc0\x0c" "\x89\x2e\xbe\x30\x14\x3c\xe2\x87" "\x40\x01\x1e\xcf", - .rlen = 28, + .len = 28, }, { .key = "\xef\x01\x23\x45", .klen = 4, - .input = "\x00\x00\x00\x00\x00\x00\x00\x00" + .ptext = "\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00", - .ilen = 10, - .result = "\xd6\xa1\x41\xa7\xec\x3c\x38\xdf" + .ctext = "\xd6\xa1\x41\xa7\xec\x3c\x38\xdf" "\xbd\x61", - .rlen = 10, + .len = 10, }, { .key = "\x01\x23\x45\x67\x89\xAB\xCD\xEF" "\x00\x00\x00\x00\x00\x00\x00\x00", .klen = 16, - .input = "\x01\x23\x45\x67\x89\xAB\xCD\xEF", - .ilen = 8, - .result = "\x69\x72\x36\x59\x1B\x52\x42\xB1", - .rlen = 8, - }, -}; - -static const struct cipher_testvec arc4_dec_tv_template[] = { - { - .key = "\x01\x23\x45\x67\x89\xab\xcd\xef", - .klen = 8, - .input = "\x75\xb7\x87\x80\x99\xe0\xc5\x96", - .ilen = 8, - .result = "\x01\x23\x45\x67\x89\xab\xcd\xef", - .rlen = 8, - }, { - .key = "\x01\x23\x45\x67\x89\xab\xcd\xef", - .klen = 8, - .input = "\x74\x94\xc2\xe7\x10\x4b\x08\x79", - .ilen = 8, - .result = "\x00\x00\x00\x00\x00\x00\x00\x00", - .rlen = 8, - }, { - .key = "\x00\x00\x00\x00\x00\x00\x00\x00", - .klen = 8, - .input = "\xde\x18\x89\x41\xa3\x37\x5d\x3a", - .ilen = 8, - .result = "\x00\x00\x00\x00\x00\x00\x00\x00", - .rlen = 8, - }, { - .key = "\xef\x01\x23\x45", - .klen = 4, - .input = "\xd6\xa1\x41\xa7\xec\x3c\x38\xdf" - "\xbd\x61\x5a\x11\x62\xe1\xc7\xba" - "\x36\xb6\x78\x58", - .ilen = 20, - .result = "\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00", - .rlen = 20, - }, { - .key = "\x01\x23\x45\x67\x89\xab\xcd\xef", - .klen = 8, - .input = "\x66\xa0\x94\x9f\x8a\xf7\xd6\x89" - "\x1f\x7f\x83\x2b\xa8\x33\xc0\x0c" - "\x89\x2e\xbe\x30\x14\x3c\xe2\x87" - "\x40\x01\x1e\xcf", - .ilen = 28, - .result = "\x12\x34\x56\x78\x9A\xBC\xDE\xF0" - "\x12\x34\x56\x78\x9A\xBC\xDE\xF0" - "\x12\x34\x56\x78\x9A\xBC\xDE\xF0" - "\x12\x34\x56\x78", - .rlen = 28, - }, { - .key = "\xef\x01\x23\x45", - .klen = 4, - .input = "\xd6\xa1\x41\xa7\xec\x3c\x38\xdf" - "\xbd\x61", - .ilen = 10, - .result = "\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00", - .rlen = 10, - }, { - .key = "\x01\x23\x45\x67\x89\xAB\xCD\xEF" - "\x00\x00\x00\x00\x00\x00\x00\x00", - .klen = 16, - .input = "\x69\x72\x36\x59\x1B\x52\x42\xB1", - .ilen = 8, - .result = "\x01\x23\x45\x67\x89\xAB\xCD\xEF", - .rlen = 8, + .ptext = "\x01\x23\x45\x67\x89\xAB\xCD\xEF", + .ctext = "\x69\x72\x36\x59\x1B\x52\x42\xB1", + .len = 8, }, }; /* * TEA test vectors */ -static const struct cipher_testvec tea_enc_tv_template[] = { +static const struct cipher_testvec tea_tv_template[] = { { .key = zeroed_string, .klen = 16, - .input = zeroed_string, - .ilen = 8, - .result = "\x0a\x3a\xea\x41\x40\xa9\xba\x94", - .rlen = 8, + .ptext = zeroed_string, + .ctext = "\x0a\x3a\xea\x41\x40\xa9\xba\x94", + .len = 8, }, { .key = "\x2b\x02\x05\x68\x06\x14\x49\x76" "\x77\x5d\x0e\x26\x6c\x28\x78\x43", .klen = 16, - .input = "\x74\x65\x73\x74\x20\x6d\x65\x2e", - .ilen = 8, - .result = "\x77\x5d\x2a\x6a\xf6\xce\x92\x09", - .rlen = 8, + .ptext = "\x74\x65\x73\x74\x20\x6d\x65\x2e", + .ctext = "\x77\x5d\x2a\x6a\xf6\xce\x92\x09", + .len = 8, }, { .key = "\x09\x65\x43\x11\x66\x44\x39\x25" "\x51\x3a\x16\x10\x0a\x08\x12\x6e", .klen = 16, - .input = "\x6c\x6f\x6e\x67\x65\x72\x5f\x74" + .ptext = "\x6c\x6f\x6e\x67\x65\x72\x5f\x74" "\x65\x73\x74\x5f\x76\x65\x63\x74", - .ilen = 16, - .result = "\xbe\x7a\xbb\x81\x95\x2d\x1f\x1e" + .ctext = "\xbe\x7a\xbb\x81\x95\x2d\x1f\x1e" "\xdd\x89\xa1\x25\x04\x21\xdf\x95", - .rlen = 16, + .len = 16, }, { .key = "\x4d\x76\x32\x17\x05\x3f\x75\x2c" "\x5d\x04\x16\x36\x15\x72\x63\x2f", .klen = 16, - .input = "\x54\x65\x61\x20\x69\x73\x20\x67" + .ptext = "\x54\x65\x61\x20\x69\x73\x20\x67" "\x6f\x6f\x64\x20\x66\x6f\x72\x20" "\x79\x6f\x75\x21\x21\x21\x20\x72" "\x65\x61\x6c\x6c\x79\x21\x21\x21", - .ilen = 32, - .result = "\xe0\x4d\x5d\x3c\xb7\x8c\x36\x47" - "\x94\x18\x95\x91\xa9\xfc\x49\xf8" - "\x44\xd1\x2d\xc2\x99\xb8\x08\x2a" - "\x07\x89\x73\xc2\x45\x92\xc6\x90", - .rlen = 32, - } -}; - -static const struct cipher_testvec tea_dec_tv_template[] = { - { - .key = zeroed_string, - .klen = 16, - .input = "\x0a\x3a\xea\x41\x40\xa9\xba\x94", - .ilen = 8, - .result = zeroed_string, - .rlen = 8, - }, { - .key = "\x2b\x02\x05\x68\x06\x14\x49\x76" - "\x77\x5d\x0e\x26\x6c\x28\x78\x43", - .klen = 16, - .input = "\x77\x5d\x2a\x6a\xf6\xce\x92\x09", - .ilen = 8, - .result = "\x74\x65\x73\x74\x20\x6d\x65\x2e", - .rlen = 8, - }, { - .key = "\x09\x65\x43\x11\x66\x44\x39\x25" - "\x51\x3a\x16\x10\x0a\x08\x12\x6e", - .klen = 16, - .input = "\xbe\x7a\xbb\x81\x95\x2d\x1f\x1e" - "\xdd\x89\xa1\x25\x04\x21\xdf\x95", - .ilen = 16, - .result = "\x6c\x6f\x6e\x67\x65\x72\x5f\x74" - "\x65\x73\x74\x5f\x76\x65\x63\x74", - .rlen = 16, - }, { - .key = "\x4d\x76\x32\x17\x05\x3f\x75\x2c" - "\x5d\x04\x16\x36\x15\x72\x63\x2f", - .klen = 16, - .input = "\xe0\x4d\x5d\x3c\xb7\x8c\x36\x47" + .ctext = "\xe0\x4d\x5d\x3c\xb7\x8c\x36\x47" "\x94\x18\x95\x91\xa9\xfc\x49\xf8" "\x44\xd1\x2d\xc2\x99\xb8\x08\x2a" "\x07\x89\x73\xc2\x45\x92\xc6\x90", - .ilen = 32, - .result = "\x54\x65\x61\x20\x69\x73\x20\x67" - "\x6f\x6f\x64\x20\x66\x6f\x72\x20" - "\x79\x6f\x75\x21\x21\x21\x20\x72" - "\x65\x61\x6c\x6c\x79\x21\x21\x21", - .rlen = 32, + .len = 32, } }; /* * XTEA test vectors */ -static const struct cipher_testvec xtea_enc_tv_template[] = { +static const struct cipher_testvec xtea_tv_template[] = { { .key = zeroed_string, .klen = 16, - .input = zeroed_string, - .ilen = 8, - .result = "\xd8\xd4\xe9\xde\xd9\x1e\x13\xf7", - .rlen = 8, + .ptext = zeroed_string, + .ctext = "\xd8\xd4\xe9\xde\xd9\x1e\x13\xf7", + .len = 8, }, { .key = "\x2b\x02\x05\x68\x06\x14\x49\x76" "\x77\x5d\x0e\x26\x6c\x28\x78\x43", .klen = 16, - .input = "\x74\x65\x73\x74\x20\x6d\x65\x2e", - .ilen = 8, - .result = "\x94\xeb\xc8\x96\x84\x6a\x49\xa8", - .rlen = 8, + .ptext = "\x74\x65\x73\x74\x20\x6d\x65\x2e", + .ctext = "\x94\xeb\xc8\x96\x84\x6a\x49\xa8", + .len = 8, }, { .key = "\x09\x65\x43\x11\x66\x44\x39\x25" "\x51\x3a\x16\x10\x0a\x08\x12\x6e", .klen = 16, - .input = "\x6c\x6f\x6e\x67\x65\x72\x5f\x74" + .ptext = "\x6c\x6f\x6e\x67\x65\x72\x5f\x74" "\x65\x73\x74\x5f\x76\x65\x63\x74", - .ilen = 16, - .result = "\x3e\xce\xae\x22\x60\x56\xa8\x9d" + .ctext = "\x3e\xce\xae\x22\x60\x56\xa8\x9d" "\x77\x4d\xd4\xb4\x87\x24\xe3\x9a", - .rlen = 16, + .len = 16, }, { .key = "\x4d\x76\x32\x17\x05\x3f\x75\x2c" "\x5d\x04\x16\x36\x15\x72\x63\x2f", .klen = 16, - .input = "\x54\x65\x61\x20\x69\x73\x20\x67" + .ptext = "\x54\x65\x61\x20\x69\x73\x20\x67" "\x6f\x6f\x64\x20\x66\x6f\x72\x20" "\x79\x6f\x75\x21\x21\x21\x20\x72" "\x65\x61\x6c\x6c\x79\x21\x21\x21", - .ilen = 32, - .result = "\x99\x81\x9f\x5d\x6f\x4b\x31\x3a" - "\x86\xff\x6f\xd0\xe3\x87\x70\x07" - "\x4d\xb8\xcf\xf3\x99\x50\xb3\xd4" - "\x73\xa2\xfa\xc9\x16\x59\x5d\x81", - .rlen = 32, - } -}; - -static const struct cipher_testvec xtea_dec_tv_template[] = { - { - .key = zeroed_string, - .klen = 16, - .input = "\xd8\xd4\xe9\xde\xd9\x1e\x13\xf7", - .ilen = 8, - .result = zeroed_string, - .rlen = 8, - }, { - .key = "\x2b\x02\x05\x68\x06\x14\x49\x76" - "\x77\x5d\x0e\x26\x6c\x28\x78\x43", - .klen = 16, - .input = "\x94\xeb\xc8\x96\x84\x6a\x49\xa8", - .ilen = 8, - .result = "\x74\x65\x73\x74\x20\x6d\x65\x2e", - .rlen = 8, - }, { - .key = "\x09\x65\x43\x11\x66\x44\x39\x25" - "\x51\x3a\x16\x10\x0a\x08\x12\x6e", - .klen = 16, - .input = "\x3e\xce\xae\x22\x60\x56\xa8\x9d" - "\x77\x4d\xd4\xb4\x87\x24\xe3\x9a", - .ilen = 16, - .result = "\x6c\x6f\x6e\x67\x65\x72\x5f\x74" - "\x65\x73\x74\x5f\x76\x65\x63\x74", - .rlen = 16, - }, { - .key = "\x4d\x76\x32\x17\x05\x3f\x75\x2c" - "\x5d\x04\x16\x36\x15\x72\x63\x2f", - .klen = 16, - .input = "\x99\x81\x9f\x5d\x6f\x4b\x31\x3a" + .ctext = "\x99\x81\x9f\x5d\x6f\x4b\x31\x3a" "\x86\xff\x6f\xd0\xe3\x87\x70\x07" "\x4d\xb8\xcf\xf3\x99\x50\xb3\xd4" "\x73\xa2\xfa\xc9\x16\x59\x5d\x81", - .ilen = 32, - .result = "\x54\x65\x61\x20\x69\x73\x20\x67" - "\x6f\x6f\x64\x20\x66\x6f\x72\x20" - "\x79\x6f\x75\x21\x21\x21\x20\x72" - "\x65\x61\x6c\x6c\x79\x21\x21\x21", - .rlen = 32, + .len = 32, } }; /* * KHAZAD test vectors. */ -static const struct cipher_testvec khazad_enc_tv_template[] = { +static const struct cipher_testvec khazad_tv_template[] = { { .key = "\x80\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00", .klen = 16, - .input = "\x00\x00\x00\x00\x00\x00\x00\x00", - .ilen = 8, - .result = "\x49\xa4\xce\x32\xac\x19\x0e\x3f", - .rlen = 8, + .ptext = "\x00\x00\x00\x00\x00\x00\x00\x00", + .ctext = "\x49\xa4\xce\x32\xac\x19\x0e\x3f", + .len = 8, }, { .key = "\x38\x38\x38\x38\x38\x38\x38\x38" "\x38\x38\x38\x38\x38\x38\x38\x38", .klen = 16, - .input = "\x38\x38\x38\x38\x38\x38\x38\x38", - .ilen = 8, - .result = "\x7e\x82\x12\xa1\xd9\x5b\xe4\xf9", - .rlen = 8, + .ptext = "\x38\x38\x38\x38\x38\x38\x38\x38", + .ctext = "\x7e\x82\x12\xa1\xd9\x5b\xe4\xf9", + .len = 8, }, { .key = "\xa2\xa2\xa2\xa2\xa2\xa2\xa2\xa2" "\xa2\xa2\xa2\xa2\xa2\xa2\xa2\xa2", .klen = 16, - .input = "\xa2\xa2\xa2\xa2\xa2\xa2\xa2\xa2", - .ilen = 8, - .result = "\xaa\xbe\xc1\x95\xc5\x94\x1a\x9c", - .rlen = 8, + .ptext = "\xa2\xa2\xa2\xa2\xa2\xa2\xa2\xa2", + .ctext = "\xaa\xbe\xc1\x95\xc5\x94\x1a\x9c", + .len = 8, }, { .key = "\x2f\x2f\x2f\x2f\x2f\x2f\x2f\x2f" "\x2f\x2f\x2f\x2f\x2f\x2f\x2f\x2f", .klen = 16, - .input = "\x2f\x2f\x2f\x2f\x2f\x2f\x2f\x2f", - .ilen = 8, - .result = "\x04\x74\xf5\x70\x50\x16\xd3\xb8", - .rlen = 8, + .ptext = "\x2f\x2f\x2f\x2f\x2f\x2f\x2f\x2f", + .ctext = "\x04\x74\xf5\x70\x50\x16\xd3\xb8", + .len = 8, }, { .key = "\x2f\x2f\x2f\x2f\x2f\x2f\x2f\x2f" "\x2f\x2f\x2f\x2f\x2f\x2f\x2f\x2f", .klen = 16, - .input = "\x2f\x2f\x2f\x2f\x2f\x2f\x2f\x2f" + .ptext = "\x2f\x2f\x2f\x2f\x2f\x2f\x2f\x2f" "\x2f\x2f\x2f\x2f\x2f\x2f\x2f\x2f", - .ilen = 16, - .result = "\x04\x74\xf5\x70\x50\x16\xd3\xb8" + .ctext = "\x04\x74\xf5\x70\x50\x16\xd3\xb8" "\x04\x74\xf5\x70\x50\x16\xd3\xb8", - .rlen = 16, - }, -}; - -static const struct cipher_testvec khazad_dec_tv_template[] = { - { - .key = "\x80\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00", - .klen = 16, - .input = "\x49\xa4\xce\x32\xac\x19\x0e\x3f", - .ilen = 8, - .result = "\x00\x00\x00\x00\x00\x00\x00\x00", - .rlen = 8, - }, { - .key = "\x38\x38\x38\x38\x38\x38\x38\x38" - "\x38\x38\x38\x38\x38\x38\x38\x38", - .klen = 16, - .input = "\x7e\x82\x12\xa1\xd9\x5b\xe4\xf9", - .ilen = 8, - .result = "\x38\x38\x38\x38\x38\x38\x38\x38", - .rlen = 8, - }, { - .key = "\xa2\xa2\xa2\xa2\xa2\xa2\xa2\xa2" - "\xa2\xa2\xa2\xa2\xa2\xa2\xa2\xa2", - .klen = 16, - .input = "\xaa\xbe\xc1\x95\xc5\x94\x1a\x9c", - .ilen = 8, - .result = "\xa2\xa2\xa2\xa2\xa2\xa2\xa2\xa2", - .rlen = 8, - }, { - .key = "\x2f\x2f\x2f\x2f\x2f\x2f\x2f\x2f" - "\x2f\x2f\x2f\x2f\x2f\x2f\x2f\x2f", - .klen = 16, - .input = "\x04\x74\xf5\x70\x50\x16\xd3\xb8", - .ilen = 8, - .result = "\x2f\x2f\x2f\x2f\x2f\x2f\x2f\x2f", - .rlen = 8, - }, { - .key = "\x2f\x2f\x2f\x2f\x2f\x2f\x2f\x2f" - "\x2f\x2f\x2f\x2f\x2f\x2f\x2f\x2f", - .klen = 16, - .input = "\x04\x74\xf5\x70\x50\x16\xd3\xb8" - "\x04\x74\xf5\x70\x50\x16\xd3\xb8", - .ilen = 16, - .result = "\x2f\x2f\x2f\x2f\x2f\x2f\x2f\x2f" - "\x2f\x2f\x2f\x2f\x2f\x2f\x2f\x2f", - .rlen = 16, + .len = 16, }, }; @@ -29652,53 +27611,49 @@ static const struct cipher_testvec khazad_dec_tv_template[] = { * Anubis test vectors. */ -static const struct cipher_testvec anubis_enc_tv_template[] = { +static const struct cipher_testvec anubis_tv_template[] = { { .key = "\xfe\xfe\xfe\xfe\xfe\xfe\xfe\xfe" "\xfe\xfe\xfe\xfe\xfe\xfe\xfe\xfe", .klen = 16, - .input = "\xfe\xfe\xfe\xfe\xfe\xfe\xfe\xfe" + .ptext = "\xfe\xfe\xfe\xfe\xfe\xfe\xfe\xfe" "\xfe\xfe\xfe\xfe\xfe\xfe\xfe\xfe", - .ilen = 16, - .result = "\x6d\xc5\xda\xa2\x26\x7d\x62\x6f" + .ctext = "\x6d\xc5\xda\xa2\x26\x7d\x62\x6f" "\x08\xb7\x52\x8e\x6e\x6e\x86\x90", - .rlen = 16, + .len = 16, }, { .key = "\x03\x03\x03\x03\x03\x03\x03\x03" "\x03\x03\x03\x03\x03\x03\x03\x03" "\x03\x03\x03\x03", .klen = 20, - .input = "\x03\x03\x03\x03\x03\x03\x03\x03" + .ptext = "\x03\x03\x03\x03\x03\x03\x03\x03" "\x03\x03\x03\x03\x03\x03\x03\x03", - .ilen = 16, - .result = "\xdb\xf1\x42\xf4\xd1\x8a\xc7\x49" + .ctext = "\xdb\xf1\x42\xf4\xd1\x8a\xc7\x49" "\x87\x41\x6f\x82\x0a\x98\x64\xae", - .rlen = 16, + .len = 16, }, { .key = "\x24\x24\x24\x24\x24\x24\x24\x24" "\x24\x24\x24\x24\x24\x24\x24\x24" "\x24\x24\x24\x24\x24\x24\x24\x24" "\x24\x24\x24\x24", .klen = 28, - .input = "\x24\x24\x24\x24\x24\x24\x24\x24" + .ptext = "\x24\x24\x24\x24\x24\x24\x24\x24" "\x24\x24\x24\x24\x24\x24\x24\x24", - .ilen = 16, - .result = "\xfd\x1b\x4a\xe3\xbf\xf0\xad\x3d" + .ctext = "\xfd\x1b\x4a\xe3\xbf\xf0\xad\x3d" "\x06\xd3\x61\x27\xfd\x13\x9e\xde", - .rlen = 16, + .len = 16, }, { .key = "\x25\x25\x25\x25\x25\x25\x25\x25" "\x25\x25\x25\x25\x25\x25\x25\x25" "\x25\x25\x25\x25\x25\x25\x25\x25" "\x25\x25\x25\x25\x25\x25\x25\x25", .klen = 32, - .input = "\x25\x25\x25\x25\x25\x25\x25\x25" + .ptext = "\x25\x25\x25\x25\x25\x25\x25\x25" "\x25\x25\x25\x25\x25\x25\x25\x25", - .ilen = 16, - .result = "\x1a\x91\xfb\x2b\xb7\x78\x6b\xc4" + .ctext = "\x1a\x91\xfb\x2b\xb7\x78\x6b\xc4" "\x17\xd9\xff\x40\x3b\x0e\xe5\xfe", - .rlen = 16, + .len = 16, }, { .key = "\x35\x35\x35\x35\x35\x35\x35\x35" "\x35\x35\x35\x35\x35\x35\x35\x35" @@ -29706,93 +27661,28 @@ static const struct cipher_testvec anubis_enc_tv_template[] = { "\x35\x35\x35\x35\x35\x35\x35\x35" "\x35\x35\x35\x35\x35\x35\x35\x35", .klen = 40, - .input = "\x35\x35\x35\x35\x35\x35\x35\x35" + .ptext = "\x35\x35\x35\x35\x35\x35\x35\x35" "\x35\x35\x35\x35\x35\x35\x35\x35", - .ilen = 16, - .result = "\xa5\x2c\x85\x6f\x9c\xba\xa0\x97" + .ctext = "\xa5\x2c\x85\x6f\x9c\xba\xa0\x97" "\x9e\xc6\x84\x0f\x17\x21\x07\xee", - .rlen = 16, + .len = 16, }, }; -static const struct cipher_testvec anubis_dec_tv_template[] = { +static const struct cipher_testvec anubis_cbc_tv_template[] = { { .key = "\xfe\xfe\xfe\xfe\xfe\xfe\xfe\xfe" "\xfe\xfe\xfe\xfe\xfe\xfe\xfe\xfe", .klen = 16, - .input = "\x6d\xc5\xda\xa2\x26\x7d\x62\x6f" - "\x08\xb7\x52\x8e\x6e\x6e\x86\x90", - .ilen = 16, - .result = "\xfe\xfe\xfe\xfe\xfe\xfe\xfe\xfe" - "\xfe\xfe\xfe\xfe\xfe\xfe\xfe\xfe", - .rlen = 16, - }, { - - .key = "\x03\x03\x03\x03\x03\x03\x03\x03" - "\x03\x03\x03\x03\x03\x03\x03\x03" - "\x03\x03\x03\x03", - .klen = 20, - .input = "\xdb\xf1\x42\xf4\xd1\x8a\xc7\x49" - "\x87\x41\x6f\x82\x0a\x98\x64\xae", - .ilen = 16, - .result = "\x03\x03\x03\x03\x03\x03\x03\x03" - "\x03\x03\x03\x03\x03\x03\x03\x03", - .rlen = 16, - }, { - .key = "\x24\x24\x24\x24\x24\x24\x24\x24" - "\x24\x24\x24\x24\x24\x24\x24\x24" - "\x24\x24\x24\x24\x24\x24\x24\x24" - "\x24\x24\x24\x24", - .klen = 28, - .input = "\xfd\x1b\x4a\xe3\xbf\xf0\xad\x3d" - "\x06\xd3\x61\x27\xfd\x13\x9e\xde", - .ilen = 16, - .result = "\x24\x24\x24\x24\x24\x24\x24\x24" - "\x24\x24\x24\x24\x24\x24\x24\x24", - .rlen = 16, - }, { - .key = "\x25\x25\x25\x25\x25\x25\x25\x25" - "\x25\x25\x25\x25\x25\x25\x25\x25" - "\x25\x25\x25\x25\x25\x25\x25\x25" - "\x25\x25\x25\x25\x25\x25\x25\x25", - .klen = 32, - .input = "\x1a\x91\xfb\x2b\xb7\x78\x6b\xc4" - "\x17\xd9\xff\x40\x3b\x0e\xe5\xfe", - .ilen = 16, - .result = "\x25\x25\x25\x25\x25\x25\x25\x25" - "\x25\x25\x25\x25\x25\x25\x25\x25", - .rlen = 16, - }, { - .key = "\x35\x35\x35\x35\x35\x35\x35\x35" - "\x35\x35\x35\x35\x35\x35\x35\x35" - "\x35\x35\x35\x35\x35\x35\x35\x35" - "\x35\x35\x35\x35\x35\x35\x35\x35" - "\x35\x35\x35\x35\x35\x35\x35\x35", - .input = "\xa5\x2c\x85\x6f\x9c\xba\xa0\x97" - "\x9e\xc6\x84\x0f\x17\x21\x07\xee", - .klen = 40, - .ilen = 16, - .result = "\x35\x35\x35\x35\x35\x35\x35\x35" - "\x35\x35\x35\x35\x35\x35\x35\x35", - .rlen = 16, - }, -}; - -static const struct cipher_testvec anubis_cbc_enc_tv_template[] = { - { - .key = "\xfe\xfe\xfe\xfe\xfe\xfe\xfe\xfe" - "\xfe\xfe\xfe\xfe\xfe\xfe\xfe\xfe", - .klen = 16, - .input = "\xfe\xfe\xfe\xfe\xfe\xfe\xfe\xfe" + .ptext = "\xfe\xfe\xfe\xfe\xfe\xfe\xfe\xfe" "\xfe\xfe\xfe\xfe\xfe\xfe\xfe\xfe" "\xfe\xfe\xfe\xfe\xfe\xfe\xfe\xfe" "\xfe\xfe\xfe\xfe\xfe\xfe\xfe\xfe", - .ilen = 32, - .result = "\x6d\xc5\xda\xa2\x26\x7d\x62\x6f" + .ctext = "\x6d\xc5\xda\xa2\x26\x7d\x62\x6f" "\x08\xb7\x52\x8e\x6e\x6e\x86\x90" "\x86\xd8\xb5\x6f\x98\x5e\x8a\x66" "\x4f\x1f\x78\xa1\xbb\x37\xf1\xbe", - .rlen = 32, + .len = 32, }, { .key = "\x35\x35\x35\x35\x35\x35\x35\x35" "\x35\x35\x35\x35\x35\x35\x35\x35" @@ -29800,263 +27690,114 @@ static const struct cipher_testvec anubis_cbc_enc_tv_template[] = { "\x35\x35\x35\x35\x35\x35\x35\x35" "\x35\x35\x35\x35\x35\x35\x35\x35", .klen = 40, - .input = "\x35\x35\x35\x35\x35\x35\x35\x35" - "\x35\x35\x35\x35\x35\x35\x35\x35" - "\x35\x35\x35\x35\x35\x35\x35\x35" - "\x35\x35\x35\x35\x35\x35\x35\x35", - .ilen = 32, - .result = "\xa5\x2c\x85\x6f\x9c\xba\xa0\x97" - "\x9e\xc6\x84\x0f\x17\x21\x07\xee" - "\xa2\xbc\x06\x98\xc6\x4b\xda\x75" - "\x2e\xaa\xbe\x58\xce\x01\x5b\xc7", - .rlen = 32, - }, -}; - -static const struct cipher_testvec anubis_cbc_dec_tv_template[] = { - { - .key = "\xfe\xfe\xfe\xfe\xfe\xfe\xfe\xfe" - "\xfe\xfe\xfe\xfe\xfe\xfe\xfe\xfe", - .klen = 16, - .input = "\x6d\xc5\xda\xa2\x26\x7d\x62\x6f" - "\x08\xb7\x52\x8e\x6e\x6e\x86\x90" - "\x86\xd8\xb5\x6f\x98\x5e\x8a\x66" - "\x4f\x1f\x78\xa1\xbb\x37\xf1\xbe", - .ilen = 32, - .result = "\xfe\xfe\xfe\xfe\xfe\xfe\xfe\xfe" - "\xfe\xfe\xfe\xfe\xfe\xfe\xfe\xfe" - "\xfe\xfe\xfe\xfe\xfe\xfe\xfe\xfe" - "\xfe\xfe\xfe\xfe\xfe\xfe\xfe\xfe", - .rlen = 32, - }, { - .key = "\x35\x35\x35\x35\x35\x35\x35\x35" - "\x35\x35\x35\x35\x35\x35\x35\x35" + .ptext = "\x35\x35\x35\x35\x35\x35\x35\x35" "\x35\x35\x35\x35\x35\x35\x35\x35" "\x35\x35\x35\x35\x35\x35\x35\x35" "\x35\x35\x35\x35\x35\x35\x35\x35", - .klen = 40, - .input = "\xa5\x2c\x85\x6f\x9c\xba\xa0\x97" + .ctext = "\xa5\x2c\x85\x6f\x9c\xba\xa0\x97" "\x9e\xc6\x84\x0f\x17\x21\x07\xee" "\xa2\xbc\x06\x98\xc6\x4b\xda\x75" "\x2e\xaa\xbe\x58\xce\x01\x5b\xc7", - .ilen = 32, - .result = "\x35\x35\x35\x35\x35\x35\x35\x35" - "\x35\x35\x35\x35\x35\x35\x35\x35" - "\x35\x35\x35\x35\x35\x35\x35\x35" - "\x35\x35\x35\x35\x35\x35\x35\x35", - .rlen = 32, + .len = 32, }, }; /* * XETA test vectors */ -static const struct cipher_testvec xeta_enc_tv_template[] = { +static const struct cipher_testvec xeta_tv_template[] = { { .key = zeroed_string, .klen = 16, - .input = zeroed_string, - .ilen = 8, - .result = "\xaa\x22\x96\xe5\x6c\x61\xf3\x45", - .rlen = 8, + .ptext = zeroed_string, + .ctext = "\xaa\x22\x96\xe5\x6c\x61\xf3\x45", + .len = 8, }, { .key = "\x2b\x02\x05\x68\x06\x14\x49\x76" "\x77\x5d\x0e\x26\x6c\x28\x78\x43", .klen = 16, - .input = "\x74\x65\x73\x74\x20\x6d\x65\x2e", - .ilen = 8, - .result = "\x82\x3e\xeb\x35\xdc\xdd\xd9\xc3", - .rlen = 8, + .ptext = "\x74\x65\x73\x74\x20\x6d\x65\x2e", + .ctext = "\x82\x3e\xeb\x35\xdc\xdd\xd9\xc3", + .len = 8, }, { .key = "\x09\x65\x43\x11\x66\x44\x39\x25" "\x51\x3a\x16\x10\x0a\x08\x12\x6e", .klen = 16, - .input = "\x6c\x6f\x6e\x67\x65\x72\x5f\x74" + .ptext = "\x6c\x6f\x6e\x67\x65\x72\x5f\x74" "\x65\x73\x74\x5f\x76\x65\x63\x74", - .ilen = 16, - .result = "\xe2\x04\xdb\xf2\x89\x85\x9e\xea" + .ctext = "\xe2\x04\xdb\xf2\x89\x85\x9e\xea" "\x61\x35\xaa\xed\xb5\xcb\x71\x2c", - .rlen = 16, + .len = 16, }, { .key = "\x4d\x76\x32\x17\x05\x3f\x75\x2c" "\x5d\x04\x16\x36\x15\x72\x63\x2f", .klen = 16, - .input = "\x54\x65\x61\x20\x69\x73\x20\x67" + .ptext = "\x54\x65\x61\x20\x69\x73\x20\x67" "\x6f\x6f\x64\x20\x66\x6f\x72\x20" "\x79\x6f\x75\x21\x21\x21\x20\x72" "\x65\x61\x6c\x6c\x79\x21\x21\x21", - .ilen = 32, - .result = "\x0b\x03\xcd\x8a\xbe\x95\xfd\xb1" - "\xc1\x44\x91\x0b\xa5\xc9\x1b\xb4" - "\xa9\xda\x1e\x9e\xb1\x3e\x2a\x8f" - "\xea\xa5\x6a\x85\xd1\xf4\xa8\xa5", - .rlen = 32, - } -}; - -static const struct cipher_testvec xeta_dec_tv_template[] = { - { - .key = zeroed_string, - .klen = 16, - .input = "\xaa\x22\x96\xe5\x6c\x61\xf3\x45", - .ilen = 8, - .result = zeroed_string, - .rlen = 8, - }, { - .key = "\x2b\x02\x05\x68\x06\x14\x49\x76" - "\x77\x5d\x0e\x26\x6c\x28\x78\x43", - .klen = 16, - .input = "\x82\x3e\xeb\x35\xdc\xdd\xd9\xc3", - .ilen = 8, - .result = "\x74\x65\x73\x74\x20\x6d\x65\x2e", - .rlen = 8, - }, { - .key = "\x09\x65\x43\x11\x66\x44\x39\x25" - "\x51\x3a\x16\x10\x0a\x08\x12\x6e", - .klen = 16, - .input = "\xe2\x04\xdb\xf2\x89\x85\x9e\xea" - "\x61\x35\xaa\xed\xb5\xcb\x71\x2c", - .ilen = 16, - .result = "\x6c\x6f\x6e\x67\x65\x72\x5f\x74" - "\x65\x73\x74\x5f\x76\x65\x63\x74", - .rlen = 16, - }, { - .key = "\x4d\x76\x32\x17\x05\x3f\x75\x2c" - "\x5d\x04\x16\x36\x15\x72\x63\x2f", - .klen = 16, - .input = "\x0b\x03\xcd\x8a\xbe\x95\xfd\xb1" + .ctext = "\x0b\x03\xcd\x8a\xbe\x95\xfd\xb1" "\xc1\x44\x91\x0b\xa5\xc9\x1b\xb4" "\xa9\xda\x1e\x9e\xb1\x3e\x2a\x8f" "\xea\xa5\x6a\x85\xd1\xf4\xa8\xa5", - .ilen = 32, - .result = "\x54\x65\x61\x20\x69\x73\x20\x67" - "\x6f\x6f\x64\x20\x66\x6f\x72\x20" - "\x79\x6f\x75\x21\x21\x21\x20\x72" - "\x65\x61\x6c\x6c\x79\x21\x21\x21", - .rlen = 32, + .len = 32, } }; /* * FCrypt test vectors */ -static const struct cipher_testvec fcrypt_pcbc_enc_tv_template[] = { +static const struct cipher_testvec fcrypt_pcbc_tv_template[] = { { /* http://www.openafs.org/pipermail/openafs-devel/2000-December/005320.html */ .key = "\x00\x00\x00\x00\x00\x00\x00\x00", .klen = 8, .iv = "\x00\x00\x00\x00\x00\x00\x00\x00", - .input = "\x00\x00\x00\x00\x00\x00\x00\x00", - .ilen = 8, - .result = "\x0E\x09\x00\xC7\x3E\xF7\xED\x41", - .rlen = 8, + .ptext = "\x00\x00\x00\x00\x00\x00\x00\x00", + .ctext = "\x0E\x09\x00\xC7\x3E\xF7\xED\x41", + .len = 8, }, { .key = "\x11\x44\x77\xAA\xDD\x00\x33\x66", .klen = 8, .iv = "\x00\x00\x00\x00\x00\x00\x00\x00", - .input = "\x12\x34\x56\x78\x9A\xBC\xDE\xF0", - .ilen = 8, - .result = "\xD8\xED\x78\x74\x77\xEC\x06\x80", - .rlen = 8, + .ptext = "\x12\x34\x56\x78\x9A\xBC\xDE\xF0", + .ctext = "\xD8\xED\x78\x74\x77\xEC\x06\x80", + .len = 8, }, { /* From Arla */ .key = "\xf0\xe1\xd2\xc3\xb4\xa5\x96\x87", .klen = 8, .iv = "\xfe\xdc\xba\x98\x76\x54\x32\x10", - .input = "The quick brown fox jumps over the lazy dogs.\0\0", - .ilen = 48, - .result = "\x00\xf0\x0e\x11\x75\xe6\x23\x82" + .ptext = "The quick brown fox jumps over the lazy dogs.\0\0", + .ctext = "\x00\xf0\x0e\x11\x75\xe6\x23\x82" "\xee\xac\x98\x62\x44\x51\xe4\x84" "\xc3\x59\xd8\xaa\x64\x60\xae\xf7" "\xd2\xd9\x13\x79\x72\xa3\x45\x03" "\x23\xb5\x62\xd7\x0c\xf5\x27\xd1" "\xf8\x91\x3c\xac\x44\x22\x92\xef", - .rlen = 48, + .len = 48, }, { .key = "\xfe\xdc\xba\x98\x76\x54\x32\x10", .klen = 8, .iv = "\xf0\xe1\xd2\xc3\xb4\xa5\x96\x87", - .input = "The quick brown fox jumps over the lazy dogs.\0\0", - .ilen = 48, - .result = "\xca\x90\xf5\x9d\xcb\xd4\xd2\x3c" + .ptext = "The quick brown fox jumps over the lazy dogs.\0\0", + .ctext = "\xca\x90\xf5\x9d\xcb\xd4\xd2\x3c" "\x01\x88\x7f\x3e\x31\x6e\x62\x9d" "\xd8\xe0\x57\xa3\x06\x3a\x42\x58" "\x2a\x28\xfe\x72\x52\x2f\xdd\xe0" "\x19\x89\x09\x1c\x2a\x8e\x8c\x94" "\xfc\xc7\x68\xe4\x88\xaa\xde\x0f", - .rlen = 48, + .len = 48, }, { /* split-page version */ .key = "\xfe\xdc\xba\x98\x76\x54\x32\x10", .klen = 8, .iv = "\xf0\xe1\xd2\xc3\xb4\xa5\x96\x87", - .input = "The quick brown fox jumps over the lazy dogs.\0\0", - .ilen = 48, - .result = "\xca\x90\xf5\x9d\xcb\xd4\xd2\x3c" + .ptext = "The quick brown fox jumps over the lazy dogs.\0\0", + .ctext = "\xca\x90\xf5\x9d\xcb\xd4\xd2\x3c" "\x01\x88\x7f\x3e\x31\x6e\x62\x9d" "\xd8\xe0\x57\xa3\x06\x3a\x42\x58" "\x2a\x28\xfe\x72\x52\x2f\xdd\xe0" "\x19\x89\x09\x1c\x2a\x8e\x8c\x94" "\xfc\xc7\x68\xe4\x88\xaa\xde\x0f", - .rlen = 48, - .np = 2, - .tap = { 20, 28 }, - } -}; - -static const struct cipher_testvec fcrypt_pcbc_dec_tv_template[] = { - { /* http://www.openafs.org/pipermail/openafs-devel/2000-December/005320.html */ - .key = "\x00\x00\x00\x00\x00\x00\x00\x00", - .klen = 8, - .iv = "\x00\x00\x00\x00\x00\x00\x00\x00", - .input = "\x0E\x09\x00\xC7\x3E\xF7\xED\x41", - .ilen = 8, - .result = "\x00\x00\x00\x00\x00\x00\x00\x00", - .rlen = 8, - }, { - .key = "\x11\x44\x77\xAA\xDD\x00\x33\x66", - .klen = 8, - .iv = "\x00\x00\x00\x00\x00\x00\x00\x00", - .input = "\xD8\xED\x78\x74\x77\xEC\x06\x80", - .ilen = 8, - .result = "\x12\x34\x56\x78\x9A\xBC\xDE\xF0", - .rlen = 8, - }, { /* From Arla */ - .key = "\xf0\xe1\xd2\xc3\xb4\xa5\x96\x87", - .klen = 8, - .iv = "\xfe\xdc\xba\x98\x76\x54\x32\x10", - .input = "\x00\xf0\x0e\x11\x75\xe6\x23\x82" - "\xee\xac\x98\x62\x44\x51\xe4\x84" - "\xc3\x59\xd8\xaa\x64\x60\xae\xf7" - "\xd2\xd9\x13\x79\x72\xa3\x45\x03" - "\x23\xb5\x62\xd7\x0c\xf5\x27\xd1" - "\xf8\x91\x3c\xac\x44\x22\x92\xef", - .ilen = 48, - .result = "The quick brown fox jumps over the lazy dogs.\0\0", - .rlen = 48, - }, { - .key = "\xfe\xdc\xba\x98\x76\x54\x32\x10", - .klen = 8, - .iv = "\xf0\xe1\xd2\xc3\xb4\xa5\x96\x87", - .input = "\xca\x90\xf5\x9d\xcb\xd4\xd2\x3c" - "\x01\x88\x7f\x3e\x31\x6e\x62\x9d" - "\xd8\xe0\x57\xa3\x06\x3a\x42\x58" - "\x2a\x28\xfe\x72\x52\x2f\xdd\xe0" - "\x19\x89\x09\x1c\x2a\x8e\x8c\x94" - "\xfc\xc7\x68\xe4\x88\xaa\xde\x0f", - .ilen = 48, - .result = "The quick brown fox jumps over the lazy dogs.\0\0", - .rlen = 48, - }, { /* split-page version */ - .key = "\xfe\xdc\xba\x98\x76\x54\x32\x10", - .klen = 8, - .iv = "\xf0\xe1\xd2\xc3\xb4\xa5\x96\x87", - .input = "\xca\x90\xf5\x9d\xcb\xd4\xd2\x3c" - "\x01\x88\x7f\x3e\x31\x6e\x62\x9d" - "\xd8\xe0\x57\xa3\x06\x3a\x42\x58" - "\x2a\x28\xfe\x72\x52\x2f\xdd\xe0" - "\x19\x89\x09\x1c\x2a\x8e\x8c\x94" - "\xfc\xc7\x68\xe4\x88\xaa\xde\x0f", - .ilen = 48, - .result = "The quick brown fox jumps over the lazy dogs.\0\0", - .rlen = 48, + .len = 48, .np = 2, .tap = { 20, 28 }, } @@ -30065,47 +27806,44 @@ static const struct cipher_testvec fcrypt_pcbc_dec_tv_template[] = { /* * CAMELLIA test vectors. */ -static const struct cipher_testvec camellia_enc_tv_template[] = { +static const struct cipher_testvec camellia_tv_template[] = { { .key = "\x01\x23\x45\x67\x89\xab\xcd\xef" "\xfe\xdc\xba\x98\x76\x54\x32\x10", .klen = 16, - .input = "\x01\x23\x45\x67\x89\xab\xcd\xef" + .ptext = "\x01\x23\x45\x67\x89\xab\xcd\xef" "\xfe\xdc\xba\x98\x76\x54\x32\x10", - .ilen = 16, - .result = "\x67\x67\x31\x38\x54\x96\x69\x73" + .ctext = "\x67\x67\x31\x38\x54\x96\x69\x73" "\x08\x57\x06\x56\x48\xea\xbe\x43", - .rlen = 16, + .len = 16, }, { .key = "\x01\x23\x45\x67\x89\xab\xcd\xef" "\xfe\xdc\xba\x98\x76\x54\x32\x10" "\x00\x11\x22\x33\x44\x55\x66\x77", .klen = 24, - .input = "\x01\x23\x45\x67\x89\xab\xcd\xef" + .ptext = "\x01\x23\x45\x67\x89\xab\xcd\xef" "\xfe\xdc\xba\x98\x76\x54\x32\x10", - .ilen = 16, - .result = "\xb4\x99\x34\x01\xb3\xe9\x96\xf8" + .ctext = "\xb4\x99\x34\x01\xb3\xe9\x96\xf8" "\x4e\xe5\xce\xe7\xd7\x9b\x09\xb9", - .rlen = 16, + .len = 16, }, { .key = "\x01\x23\x45\x67\x89\xab\xcd\xef" "\xfe\xdc\xba\x98\x76\x54\x32\x10" "\x00\x11\x22\x33\x44\x55\x66\x77" "\x88\x99\xaa\xbb\xcc\xdd\xee\xff", .klen = 32, - .input = "\x01\x23\x45\x67\x89\xab\xcd\xef" + .ptext = "\x01\x23\x45\x67\x89\xab\xcd\xef" "\xfe\xdc\xba\x98\x76\x54\x32\x10", - .ilen = 16, - .result = "\x9a\xcc\x23\x7d\xff\x16\xd7\x6c" + .ctext = "\x9a\xcc\x23\x7d\xff\x16\xd7\x6c" "\x20\xef\x7c\x91\x9e\x3a\x75\x09", - .rlen = 16, + .len = 16, }, { /* Generated with Crypto++ */ .key = "\x3F\x85\x62\x3F\x1C\xF9\xD6\x1C" "\xF9\xD6\xB3\x90\x6D\x4A\x90\x6D" "\x4A\x27\x04\xE1\x27\x04\xE1\xBE" "\x9B\x78\xBE\x9B\x78\x55\x32\x0F", .klen = 32, - .input = "\x56\xED\x84\x1B\x8F\x26\xBD\x31" + .ptext = "\x56\xED\x84\x1B\x8F\x26\xBD\x31" "\xC8\x5F\xF6\x6A\x01\x98\x0C\xA3" "\x3A\xD1\x45\xDC\x73\x0A\x7E\x15" "\xAC\x20\xB7\x4E\xE5\x59\xF0\x87" @@ -30231,181 +27969,7 @@ static const struct cipher_testvec camellia_enc_tv_template[] = { "\xB1\x25\xBC\x53\xEA\x5E\xF5\x8C" "\x00\x97\x2E\xC5\x39\xD0\x67\xFE" "\x72\x09\xA0\x14\xAB\x42\xD9\x4D", - .ilen = 1008, - .result = "\xED\xCD\xDB\xB8\x68\xCE\xBD\xEA" - "\x9D\x9D\xCD\x9F\x4F\xFC\x4D\xB7" - "\xA5\xFF\x6F\x43\x0F\xBA\x32\x04" - "\xB3\xC2\xB9\x03\xAA\x91\x56\x29" - "\x0D\xD0\xFD\xC4\x65\xA5\x69\xB9" - "\xF1\xF6\xB1\xA5\xB2\x75\x4F\x8A" - "\x8D\x7D\x1B\x9B\xC7\x68\x72\xF8" - "\x01\x9B\x17\x0A\x29\xE7\x61\x28" - "\x7F\xA7\x50\xCA\x20\x2C\x96\x3B" - "\x6E\x5C\x5D\x3F\xB5\x7F\xF3\x2B" - "\x04\xEF\x9D\xD4\xCE\x41\x28\x8E" - "\x83\x54\xAE\x7C\x82\x46\x10\xC9" - "\xC4\x8A\x1E\x1F\x4C\xA9\xFC\xEC" - "\x3C\x8C\x30\xFC\x59\xD2\x54\xC4" - "\x6F\x50\xC6\xCA\x8C\x14\x5B\x9C" - "\x18\x56\x5B\xF8\x33\x0E\x4A\xDB" - "\xEC\xB5\x6E\x5B\x31\xC4\x0E\x98" - "\x9F\x32\xBA\xA2\x18\xCF\x55\x43" - "\xFE\x80\x8F\x60\xCF\x05\x30\x9B" - "\x70\x50\x1E\x9C\x08\x87\xE6\x20" - "\xD2\xF3\x27\xF8\x2A\x8D\x12\xB2" - "\xBC\x5F\xFE\x52\x52\xF6\x7F\xB6" - "\xB8\x30\x86\x3B\x0F\x94\x1E\x79" - "\x13\x94\x35\xA2\xB1\x35\x5B\x05" - "\x2A\x98\x6B\x96\x4C\xB1\x20\xBE" - "\xB6\x14\xC2\x06\xBF\xFD\x5F\x2A" - "\xF5\x33\xC8\x19\x45\x14\x44\x5D" - "\xFE\x94\x7B\xBB\x63\x13\x57\xC3" - "\x2A\x8F\x6C\x11\x2A\x07\xA7\x6A" - "\xBF\x20\xD3\x99\xC6\x00\x0B\xBF" - "\x83\x46\x25\x3A\xB0\xF6\xC5\xC8" - "\x00\xCA\xE5\x28\x4A\x7C\x95\x9C" - "\x7B\x43\xAB\xF9\xE4\xF8\x74\xAB" - "\xA7\xB8\x9C\x0F\x53\x7B\xB6\x74" - "\x60\x64\x0D\x1C\x80\xD1\x20\x9E" - "\xDC\x14\x27\x9B\xFC\xBD\x5C\x96" - "\xD2\x51\xDC\x96\xEE\xE5\xEA\x2B" - "\x02\x7C\xAA\x3C\xDC\x9D\x7B\x01" - "\x20\xC3\xE1\x0B\xDD\xAB\xF3\x1E" - "\x19\xA8\x84\x29\x5F\xCC\xC3\x5B" - "\xE4\x33\x59\xDC\x12\xEB\x2B\x4D" - "\x5B\x55\x23\xB7\x40\x31\xDE\xEE" - "\x18\xC9\x3C\x4D\xBC\xED\xE0\x42" - "\xAD\xDE\xA0\xA3\xC3\xFE\x44\xD3" - "\xE1\x9A\xDA\xAB\x32\xFC\x1A\xBF" - "\x63\xA9\xF0\x6A\x08\x46\xBD\x48" - "\x83\x06\xAB\x82\x99\x01\x16\x1A" - "\x03\x36\xC5\x59\x6B\xB8\x8C\x9F" - "\xC6\x51\x3D\xE5\x7F\xBF\xAB\xBC" - "\xC9\xA1\x88\x34\x5F\xA9\x7C\x3B" - "\x9F\x1B\x98\x2B\x4F\xFB\x9B\xF0" - "\xCD\xB6\x45\xB2\x29\x2E\x34\x23" - "\xA9\x97\xC0\x22\x8C\x42\x9B\x5F" - "\x40\xC8\xD7\x3D\x82\x9A\x6F\xAA" - "\x74\x83\x29\x05\xE8\xC4\x4D\x01" - "\xB5\xE5\x84\x3F\x7F\xD3\xE0\x99" - "\xDA\xE7\x6F\x30\xFD\xAA\x92\x30" - "\xA5\x46\x8B\xA2\xE6\x58\x62\x7C" - "\x2C\x35\x1B\x38\x85\x7D\xE8\xF3" - "\x87\x4F\xDA\xD8\x5F\xFC\xB6\x44" - "\xD0\xE3\x9B\x8B\xBF\xD6\xB8\xC4" - "\x73\xAE\x1D\x8B\x5B\x74\x8B\xCB" - "\xA4\xAD\xCF\x5D\xD4\x58\xC9\xCD" - "\xF7\x90\x68\xCF\xC9\x11\x52\x3E" - "\xE8\xA1\xA3\x78\x8B\xD0\xAC\x0A" - "\xD4\xC9\xA3\xA5\x55\x30\xC8\x3E" - "\xED\x28\x39\xE9\x63\xED\x41\x70" - "\x51\xE3\xC4\xA0\xFC\xD5\x43\xCB" - "\x4D\x65\xC8\xFD\x3A\x91\x8F\x60" - "\x8A\xA6\x6D\x9D\x3E\x01\x23\x4B" - "\x50\x47\xC9\xDC\x9B\xDE\x37\xC5" - "\xBF\x67\xB1\x6B\x78\x38\xD5\x7E" - "\xB6\xFF\x67\x83\x3B\x6E\xBE\x23" - "\x45\xFA\x1D\x69\x44\xFD\xC6\xB9" - "\xD0\x4A\x92\xD1\xBE\xF6\x4A\xB7" - "\xCA\xA8\xA2\x9E\x13\x87\x57\x92" - "\x64\x7C\x85\x0B\xB3\x29\x37\xD8" - "\xE6\xAA\xAF\xC4\x03\x67\xA3\xBF" - "\x2E\x45\x83\xB6\xD8\x54\x00\x89" - "\xF6\xBC\x3A\x7A\x88\x58\x51\xED" - "\xF4\x4E\x01\xA5\xC3\x2E\xD9\x42" - "\xBD\x6E\x0D\x0B\x21\xB0\x1A\xCC" - "\xA4\xD3\x3F\xDC\x9B\x81\xD8\xF1" - "\xEA\x7A\x6A\xB7\x07\xC9\x6D\x91" - "\x6D\x3A\xF5\x5F\xA6\xFF\x87\x1E" - "\x3F\xDD\xC0\x72\xEA\xAC\x08\x15" - "\x21\xE6\xC6\xB6\x0D\xD8\x51\x86" - "\x2A\x03\x73\xF7\x29\xD4\xC4\xE4" - "\x7F\x95\x10\xF7\xAB\x3F\x92\x23" - "\xD3\xCE\x9C\x2E\x46\x3B\x63\x43" - "\xBB\xC2\x82\x7A\x83\xD5\x55\xE2" - "\xE7\x9B\x2F\x92\xAF\xFD\x81\x56" - "\x79\xFD\x3E\xF9\x46\xE0\x25\xD4" - "\x38\xDE\xBC\x2C\xC4\x7A\x2A\x8F" - "\x94\x4F\xD0\xAD\x9B\x37\x18\xD4" - "\x0E\x4D\x0F\x02\x3A\xDC\x5A\xA2" - "\x39\x25\x55\x20\x5A\xA6\x02\x9F" - "\xE6\x77\x21\x77\xE5\x4B\x7B\x0B" - "\x30\xF8\x5F\x33\x0F\x49\xCD\xFF" - "\xF2\xE4\x35\xF9\xF0\x63\xC3\x7E" - "\xF1\xA6\x73\xB4\xDF\xE7\xBB\x78" - "\xFF\x21\xA9\xF3\xF3\xCF\x5D\xBA" - "\xED\x87\x98\xAC\xFE\x48\x97\x6D" - "\xA6\x7F\x69\x31\xB1\xC4\xFF\x14" - "\xC6\x76\xD4\x10\xDD\xF6\x49\x2C" - "\x9C\xC8\x6D\x76\xC0\x8F\x5F\x55" - "\x2F\x3C\x8A\x30\xAA\xC3\x16\x55" - "\xC6\xFC\x8D\x8B\xB9\xE5\x80\x6C" - "\xC8\x7E\xBD\x65\x58\x36\xD5\xBC" - "\xF0\x33\x52\x29\x70\xF9\x5C\xE9" - "\xAC\x1F\xB5\x73\x56\x66\x54\xAF" - "\x1B\x8F\x7D\xED\xAB\x03\xCE\xE3" - "\xAE\x47\xB6\x69\x86\xE9\x01\x31" - "\x83\x18\x3D\xF4\x74\x7B\xF9\x42" - "\x4C\xFD\x75\x4A\x6D\xF0\x03\xA6" - "\x2B\x20\x63\xDA\x49\x65\x5E\x8B" - "\xC0\x19\xE3\x8D\xD9\xF3\xB0\x34" - "\xD3\x52\xFC\x68\x00\x43\x1B\x37" - "\x31\x93\x51\x1C\x63\x97\x70\xB0" - "\x99\x78\x83\x13\xFD\xCF\x53\x81" - "\x36\x46\xB5\x42\x52\x2F\x32\xEB" - "\x4A\x3D\xF1\x8F\x1C\x54\x2E\xFC" - "\x41\x75\x5A\x8C\x8E\x6F\xE7\x1A" - "\xAE\xEF\x3E\x82\x12\x0B\x74\x72" - "\xF8\xB2\xAA\x7A\xD6\xFF\xFA\x55" - "\x33\x1A\xBB\xD3\xA2\x7E\x97\x66", - .rlen = 1008, - .also_non_np = 1, - .np = 3, - .tap = { 1008 - 20, 4, 16 }, - }, -}; - -static const struct cipher_testvec camellia_dec_tv_template[] = { - { - .key = "\x01\x23\x45\x67\x89\xab\xcd\xef" - "\xfe\xdc\xba\x98\x76\x54\x32\x10", - .klen = 16, - .input = "\x67\x67\x31\x38\x54\x96\x69\x73" - "\x08\x57\x06\x56\x48\xea\xbe\x43", - .ilen = 16, - .result = "\x01\x23\x45\x67\x89\xab\xcd\xef" - "\xfe\xdc\xba\x98\x76\x54\x32\x10", - .rlen = 16, - }, { - .key = "\x01\x23\x45\x67\x89\xab\xcd\xef" - "\xfe\xdc\xba\x98\x76\x54\x32\x10" - "\x00\x11\x22\x33\x44\x55\x66\x77", - .klen = 24, - .input = "\xb4\x99\x34\x01\xb3\xe9\x96\xf8" - "\x4e\xe5\xce\xe7\xd7\x9b\x09\xb9", - .ilen = 16, - .result = "\x01\x23\x45\x67\x89\xab\xcd\xef" - "\xfe\xdc\xba\x98\x76\x54\x32\x10", - .rlen = 16, - }, { - .key = "\x01\x23\x45\x67\x89\xab\xcd\xef" - "\xfe\xdc\xba\x98\x76\x54\x32\x10" - "\x00\x11\x22\x33\x44\x55\x66\x77" - "\x88\x99\xaa\xbb\xcc\xdd\xee\xff", - .klen = 32, - .input = "\x9a\xcc\x23\x7d\xff\x16\xd7\x6c" - "\x20\xef\x7c\x91\x9e\x3a\x75\x09", - .ilen = 16, - .result = "\x01\x23\x45\x67\x89\xab\xcd\xef" - "\xfe\xdc\xba\x98\x76\x54\x32\x10", - .rlen = 16, - }, { /* Generated with Crypto++ */ - .key = "\x3F\x85\x62\x3F\x1C\xF9\xD6\x1C" - "\xF9\xD6\xB3\x90\x6D\x4A\x90\x6D" - "\x4A\x27\x04\xE1\x27\x04\xE1\xBE" - "\x9B\x78\xBE\x9B\x78\x55\x32\x0F", - .klen = 32, - .input = "\xED\xCD\xDB\xB8\x68\xCE\xBD\xEA" + .ctext = "\xED\xCD\xDB\xB8\x68\xCE\xBD\xEA" "\x9D\x9D\xCD\x9F\x4F\xFC\x4D\xB7" "\xA5\xFF\x6F\x43\x0F\xBA\x32\x04" "\xB3\xC2\xB9\x03\xAA\x91\x56\x29" @@ -30531,168 +28095,39 @@ static const struct cipher_testvec camellia_dec_tv_template[] = { "\xAE\xEF\x3E\x82\x12\x0B\x74\x72" "\xF8\xB2\xAA\x7A\xD6\xFF\xFA\x55" "\x33\x1A\xBB\xD3\xA2\x7E\x97\x66", - .ilen = 1008, - .result = "\x56\xED\x84\x1B\x8F\x26\xBD\x31" - "\xC8\x5F\xF6\x6A\x01\x98\x0C\xA3" - "\x3A\xD1\x45\xDC\x73\x0A\x7E\x15" - "\xAC\x20\xB7\x4E\xE5\x59\xF0\x87" - "\x1E\x92\x29\xC0\x34\xCB\x62\xF9" - "\x6D\x04\x9B\x0F\xA6\x3D\xD4\x48" - "\xDF\x76\x0D\x81\x18\xAF\x23\xBA" - "\x51\xE8\x5C\xF3\x8A\x21\x95\x2C" - "\xC3\x37\xCE\x65\xFC\x70\x07\x9E" - "\x12\xA9\x40\xD7\x4B\xE2\x79\x10" - "\x84\x1B\xB2\x26\xBD\x54\xEB\x5F" - "\xF6\x8D\x01\x98\x2F\xC6\x3A\xD1" - "\x68\xFF\x73\x0A\xA1\x15\xAC\x43" - "\xDA\x4E\xE5\x7C\x13\x87\x1E\xB5" - "\x29\xC0\x57\xEE\x62\xF9\x90\x04" - "\x9B\x32\xC9\x3D\xD4\x6B\x02\x76" - "\x0D\xA4\x18\xAF\x46\xDD\x51\xE8" - "\x7F\x16\x8A\x21\xB8\x2C\xC3\x5A" - "\xF1\x65\xFC\x93\x07\x9E\x35\xCC" - "\x40\xD7\x6E\x05\x79\x10\xA7\x1B" - "\xB2\x49\xE0\x54\xEB\x82\x19\x8D" - "\x24\xBB\x2F\xC6\x5D\xF4\x68\xFF" - "\x96\x0A\xA1\x38\xCF\x43\xDA\x71" - "\x08\x7C\x13\xAA\x1E\xB5\x4C\xE3" - "\x57\xEE\x85\x1C\x90\x27\xBE\x32" - "\xC9\x60\xF7\x6B\x02\x99\x0D\xA4" - "\x3B\xD2\x46\xDD\x74\x0B\x7F\x16" - "\xAD\x21\xB8\x4F\xE6\x5A\xF1\x88" - "\x1F\x93\x2A\xC1\x35\xCC\x63\xFA" - "\x6E\x05\x9C\x10\xA7\x3E\xD5\x49" - "\xE0\x77\x0E\x82\x19\xB0\x24\xBB" - "\x52\xE9\x5D\xF4\x8B\x22\x96\x2D" - "\xC4\x38\xCF\x66\xFD\x71\x08\x9F" - "\x13\xAA\x41\xD8\x4C\xE3\x7A\x11" - "\x85\x1C\xB3\x27\xBE\x55\xEC\x60" - "\xF7\x8E\x02\x99\x30\xC7\x3B\xD2" - "\x69\x00\x74\x0B\xA2\x16\xAD\x44" - "\xDB\x4F\xE6\x7D\x14\x88\x1F\xB6" - "\x2A\xC1\x58\xEF\x63\xFA\x91\x05" - "\x9C\x33\xCA\x3E\xD5\x6C\x03\x77" - "\x0E\xA5\x19\xB0\x47\xDE\x52\xE9" - "\x80\x17\x8B\x22\xB9\x2D\xC4\x5B" - "\xF2\x66\xFD\x94\x08\x9F\x36\xCD" - "\x41\xD8\x6F\x06\x7A\x11\xA8\x1C" - "\xB3\x4A\xE1\x55\xEC\x83\x1A\x8E" - "\x25\xBC\x30\xC7\x5E\xF5\x69\x00" - "\x97\x0B\xA2\x39\xD0\x44\xDB\x72" - "\x09\x7D\x14\xAB\x1F\xB6\x4D\xE4" - "\x58\xEF\x86\x1D\x91\x28\xBF\x33" - "\xCA\x61\xF8\x6C\x03\x9A\x0E\xA5" - "\x3C\xD3\x47\xDE\x75\x0C\x80\x17" - "\xAE\x22\xB9\x50\xE7\x5B\xF2\x89" - "\x20\x94\x2B\xC2\x36\xCD\x64\xFB" - "\x6F\x06\x9D\x11\xA8\x3F\xD6\x4A" - "\xE1\x78\x0F\x83\x1A\xB1\x25\xBC" - "\x53\xEA\x5E\xF5\x8C\x00\x97\x2E" - "\xC5\x39\xD0\x67\xFE\x72\x09\xA0" - "\x14\xAB\x42\xD9\x4D\xE4\x7B\x12" - "\x86\x1D\xB4\x28\xBF\x56\xED\x61" - "\xF8\x8F\x03\x9A\x31\xC8\x3C\xD3" - "\x6A\x01\x75\x0C\xA3\x17\xAE\x45" - "\xDC\x50\xE7\x7E\x15\x89\x20\xB7" - "\x2B\xC2\x59\xF0\x64\xFB\x92\x06" - "\x9D\x34\xCB\x3F\xD6\x6D\x04\x78" - "\x0F\xA6\x1A\xB1\x48\xDF\x53\xEA" - "\x81\x18\x8C\x23\xBA\x2E\xC5\x5C" - "\xF3\x67\xFE\x95\x09\xA0\x37\xCE" - "\x42\xD9\x70\x07\x7B\x12\xA9\x1D" - "\xB4\x4B\xE2\x56\xED\x84\x1B\x8F" - "\x26\xBD\x31\xC8\x5F\xF6\x6A\x01" - "\x98\x0C\xA3\x3A\xD1\x45\xDC\x73" - "\x0A\x7E\x15\xAC\x20\xB7\x4E\xE5" - "\x59\xF0\x87\x1E\x92\x29\xC0\x34" - "\xCB\x62\xF9\x6D\x04\x9B\x0F\xA6" - "\x3D\xD4\x48\xDF\x76\x0D\x81\x18" - "\xAF\x23\xBA\x51\xE8\x5C\xF3\x8A" - "\x21\x95\x2C\xC3\x37\xCE\x65\xFC" - "\x70\x07\x9E\x12\xA9\x40\xD7\x4B" - "\xE2\x79\x10\x84\x1B\xB2\x26\xBD" - "\x54\xEB\x5F\xF6\x8D\x01\x98\x2F" - "\xC6\x3A\xD1\x68\xFF\x73\x0A\xA1" - "\x15\xAC\x43\xDA\x4E\xE5\x7C\x13" - "\x87\x1E\xB5\x29\xC0\x57\xEE\x62" - "\xF9\x90\x04\x9B\x32\xC9\x3D\xD4" - "\x6B\x02\x76\x0D\xA4\x18\xAF\x46" - "\xDD\x51\xE8\x7F\x16\x8A\x21\xB8" - "\x2C\xC3\x5A\xF1\x65\xFC\x93\x07" - "\x9E\x35\xCC\x40\xD7\x6E\x05\x79" - "\x10\xA7\x1B\xB2\x49\xE0\x54\xEB" - "\x82\x19\x8D\x24\xBB\x2F\xC6\x5D" - "\xF4\x68\xFF\x96\x0A\xA1\x38\xCF" - "\x43\xDA\x71\x08\x7C\x13\xAA\x1E" - "\xB5\x4C\xE3\x57\xEE\x85\x1C\x90" - "\x27\xBE\x32\xC9\x60\xF7\x6B\x02" - "\x99\x0D\xA4\x3B\xD2\x46\xDD\x74" - "\x0B\x7F\x16\xAD\x21\xB8\x4F\xE6" - "\x5A\xF1\x88\x1F\x93\x2A\xC1\x35" - "\xCC\x63\xFA\x6E\x05\x9C\x10\xA7" - "\x3E\xD5\x49\xE0\x77\x0E\x82\x19" - "\xB0\x24\xBB\x52\xE9\x5D\xF4\x8B" - "\x22\x96\x2D\xC4\x38\xCF\x66\xFD" - "\x71\x08\x9F\x13\xAA\x41\xD8\x4C" - "\xE3\x7A\x11\x85\x1C\xB3\x27\xBE" - "\x55\xEC\x60\xF7\x8E\x02\x99\x30" - "\xC7\x3B\xD2\x69\x00\x74\x0B\xA2" - "\x16\xAD\x44\xDB\x4F\xE6\x7D\x14" - "\x88\x1F\xB6\x2A\xC1\x58\xEF\x63" - "\xFA\x91\x05\x9C\x33\xCA\x3E\xD5" - "\x6C\x03\x77\x0E\xA5\x19\xB0\x47" - "\xDE\x52\xE9\x80\x17\x8B\x22\xB9" - "\x2D\xC4\x5B\xF2\x66\xFD\x94\x08" - "\x9F\x36\xCD\x41\xD8\x6F\x06\x7A" - "\x11\xA8\x1C\xB3\x4A\xE1\x55\xEC" - "\x83\x1A\x8E\x25\xBC\x30\xC7\x5E" - "\xF5\x69\x00\x97\x0B\xA2\x39\xD0" - "\x44\xDB\x72\x09\x7D\x14\xAB\x1F" - "\xB6\x4D\xE4\x58\xEF\x86\x1D\x91" - "\x28\xBF\x33\xCA\x61\xF8\x6C\x03" - "\x9A\x0E\xA5\x3C\xD3\x47\xDE\x75" - "\x0C\x80\x17\xAE\x22\xB9\x50\xE7" - "\x5B\xF2\x89\x20\x94\x2B\xC2\x36" - "\xCD\x64\xFB\x6F\x06\x9D\x11\xA8" - "\x3F\xD6\x4A\xE1\x78\x0F\x83\x1A" - "\xB1\x25\xBC\x53\xEA\x5E\xF5\x8C" - "\x00\x97\x2E\xC5\x39\xD0\x67\xFE" - "\x72\x09\xA0\x14\xAB\x42\xD9\x4D", - .rlen = 1008, + .len = 1008, .also_non_np = 1, .np = 3, .tap = { 1008 - 20, 4, 16 }, }, }; -static const struct cipher_testvec camellia_cbc_enc_tv_template[] = { +static const struct cipher_testvec camellia_cbc_tv_template[] = { { .key = "\x06\xa9\x21\x40\x36\xb8\xa1\x5b" "\x51\x2e\x03\xd5\x34\x12\x00\x06", .klen = 16, .iv = "\x3d\xaf\xba\x42\x9d\x9e\xb4\x30" "\xb4\x22\xda\x80\x2c\x9f\xac\x41", - .input = "Single block msg", - .ilen = 16, - .result = "\xea\x32\x12\x76\x3b\x50\x10\xe7" + .ptext = "Single block msg", + .ctext = "\xea\x32\x12\x76\x3b\x50\x10\xe7" "\x18\xf6\xfd\x5d\xf6\x8f\x13\x51", - .rlen = 16, + .len = 16, }, { .key = "\xc2\x86\x69\x6d\x88\x7c\x9a\xa0" "\x61\x1b\xbb\x3e\x20\x25\xa4\x5a", .klen = 16, .iv = "\x56\x2e\x17\x99\x6d\x09\x3d\x28" "\xdd\xb3\xba\x69\x5a\x2e\x6f\x58", - .input = "\x00\x01\x02\x03\x04\x05\x06\x07" + .ptext = "\x00\x01\x02\x03\x04\x05\x06\x07" "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f" "\x10\x11\x12\x13\x14\x15\x16\x17" "\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f", - .ilen = 32, - .result = "\xa5\xdf\x6e\x50\xda\x70\x6c\x01" + .ctext = "\xa5\xdf\x6e\x50\xda\x70\x6c\x01" "\x4a\xab\xf3\xf2\xd6\xfc\x6c\xfd" "\x19\xb4\x3e\x57\x1c\x02\x5e\xa0" "\x15\x78\xe0\x5e\xf2\xcb\x87\x16", - .rlen = 32, + .len = 32, }, { /* Generated with Crypto++ */ .key = "\x85\x62\x3F\x1C\xF9\xD6\x1C\xF9" "\xD6\xB3\x90\x6D\x4A\x90\x6D\x4A" @@ -30701,7 +28136,7 @@ static const struct cipher_testvec camellia_cbc_enc_tv_template[] = { .klen = 32, .iv = "\xE2\x24\x89\xEE\x53\xB8\x1D\x5F" "\xC4\x29\x8E\xF3\x35\x9A\xFF\x64", - .input = "\x56\xED\x84\x1B\x8F\x26\xBD\x31" + .ptext = "\x56\xED\x84\x1B\x8F\x26\xBD\x31" "\xC8\x5F\xF6\x6A\x01\x98\x0C\xA3" "\x3A\xD1\x45\xDC\x73\x0A\x7E\x15" "\xAC\x20\xB7\x4E\xE5\x59\xF0\x87" @@ -30827,8 +28262,7 @@ static const struct cipher_testvec camellia_cbc_enc_tv_template[] = { "\xB1\x25\xBC\x53\xEA\x5E\xF5\x8C" "\x00\x97\x2E\xC5\x39\xD0\x67\xFE" "\x72\x09\xA0\x14\xAB\x42\xD9\x4D", - .ilen = 1008, - .result = "\xCD\x3E\x2A\x3B\x3E\x94\xC5\x77" + .ctext = "\xCD\x3E\x2A\x3B\x3E\x94\xC5\x77" "\xBA\xBB\x5B\xB1\xDE\x7B\xA4\x40" "\x88\x39\xE3\xFD\x94\x4B\x25\x58" "\xE1\x4B\xC4\x18\x7A\xFD\x17\x2B" @@ -30954,310 +28388,14 @@ static const struct cipher_testvec camellia_cbc_enc_tv_template[] = { "\x43\x94\x23\x7E\xEE\xF0\xA5\x79" "\x55\x01\xD4\x58\xB2\xF2\x85\x49" "\x70\xC5\xB9\x0B\x3B\x7A\x6E\x6C", - .rlen = 1008, - .also_non_np = 1, - .np = 3, - .tap = { 1008 - 20, 4, 16 }, - }, -}; - -static const struct cipher_testvec camellia_cbc_dec_tv_template[] = { - { - .key = "\x06\xa9\x21\x40\x36\xb8\xa1\x5b" - "\x51\x2e\x03\xd5\x34\x12\x00\x06", - .klen = 16, - .iv = "\x3d\xaf\xba\x42\x9d\x9e\xb4\x30" - "\xb4\x22\xda\x80\x2c\x9f\xac\x41", - .input = "\xea\x32\x12\x76\x3b\x50\x10\xe7" - "\x18\xf6\xfd\x5d\xf6\x8f\x13\x51", - .ilen = 16, - .result = "Single block msg", - .rlen = 16, - }, { - .key = "\xc2\x86\x69\x6d\x88\x7c\x9a\xa0" - "\x61\x1b\xbb\x3e\x20\x25\xa4\x5a", - .klen = 16, - .iv = "\x56\x2e\x17\x99\x6d\x09\x3d\x28" - "\xdd\xb3\xba\x69\x5a\x2e\x6f\x58", - .input = "\xa5\xdf\x6e\x50\xda\x70\x6c\x01" - "\x4a\xab\xf3\xf2\xd6\xfc\x6c\xfd" - "\x19\xb4\x3e\x57\x1c\x02\x5e\xa0" - "\x15\x78\xe0\x5e\xf2\xcb\x87\x16", - .ilen = 32, - .result = "\x00\x01\x02\x03\x04\x05\x06\x07" - "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f" - "\x10\x11\x12\x13\x14\x15\x16\x17" - "\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f", - .rlen = 32, - }, { /* Generated with Crypto++ */ - .key = "\x85\x62\x3F\x1C\xF9\xD6\x1C\xF9" - "\xD6\xB3\x90\x6D\x4A\x90\x6D\x4A" - "\x27\x04\xE1\x27\x04\xE1\xBE\x9B" - "\x78\xBE\x9B\x78\x55\x32\x0F\x55", - .klen = 32, - .iv = "\xE2\x24\x89\xEE\x53\xB8\x1D\x5F" - "\xC4\x29\x8E\xF3\x35\x9A\xFF\x64", - .input = "\xCD\x3E\x2A\x3B\x3E\x94\xC5\x77" - "\xBA\xBB\x5B\xB1\xDE\x7B\xA4\x40" - "\x88\x39\xE3\xFD\x94\x4B\x25\x58" - "\xE1\x4B\xC4\x18\x7A\xFD\x17\x2B" - "\xB9\xF9\xC2\x27\x6A\xB6\x31\x27" - "\xA6\xAD\xEF\xE5\x5D\xE4\x02\x01" - "\x56\x2E\x10\xC2\x2C\xFF\xC6\x83" - "\xB5\xDC\x4F\x63\xAD\x0E\x63\x5E" - "\x56\xC8\x18\x3D\x79\x86\x97\xEF" - "\x57\x0E\x63\xA1\xC1\x41\x48\xB8" - "\x98\xB7\x51\x6D\x18\xF6\x19\x82" - "\x37\x49\x88\xA4\xEF\x91\x21\x47" - "\x03\x28\xEA\x42\xF4\xFB\x7A\x58" - "\x28\x90\x77\x46\xD8\xD2\x35\x16" - "\x44\xA9\x9E\x49\x52\x2A\xE4\x16" - "\x5D\xF7\x65\xEB\x0F\xC9\x29\xE6" - "\xCF\x76\x91\x89\x8A\x94\x39\xFA" - "\x6B\x5F\x63\x53\x74\x43\x91\xF5" - "\x3F\xBC\x88\x53\xB2\x1A\x02\x3F" - "\x9D\x32\x84\xEB\x56\x28\xD6\x06" - "\xD5\xB2\x20\xA9\xFC\xC3\x76\x62" - "\x32\xCC\x86\xC8\x36\x67\x5E\x7E" - "\xA4\xAA\x15\x63\x6B\xA9\x86\xAF" - "\x1A\x52\x82\x36\x5F\xF4\x3F\x7A" - "\x9B\x78\x62\x3B\x02\x28\x60\xB3" - "\xBA\x82\xB1\xDD\xC9\x60\x8F\x47" - "\xF1\x6B\xFE\xE5\x39\x34\xA0\x28" - "\xA4\xB3\xC9\x7E\xED\x28\x8D\x70" - "\xB2\x1D\xFD\xC6\x00\xCF\x1A\x94" - "\x28\xF8\xC1\x34\xB7\x58\xA5\x6C" - "\x1A\x9D\xE4\xE4\xF6\xB9\xB4\xB0" - "\x5D\x51\x54\x9A\x53\xA0\xF9\x32" - "\xBD\x31\x54\x14\x7B\x33\xEE\x17" - "\xD3\xC7\x1F\x48\xBF\x0B\x22\xA2" - "\x7D\x0C\xDF\xD0\x2E\x98\xFA\xD2" - "\xFA\xCF\x24\x1D\x99\x9B\xD0\x7E" - "\xF4\x4F\x88\xFF\x45\x99\x4A\xF4" - "\xF2\x0A\x5B\x3B\x21\xAB\x92\xAE" - "\x40\x78\x91\x95\xC4\x2F\xA3\xE8" - "\x18\xC7\x07\xA6\xC8\xC0\x66\x33" - "\x35\xC0\xB4\xA0\xF8\xEE\x1E\xF3" - "\x40\xF5\x40\x54\xF1\x84\x8C\xEA" - "\x27\x38\x1F\xF8\x77\xC7\xDF\xD8" - "\x1D\xE2\xD9\x59\x40\x4F\x59\xD4" - "\xF8\x17\x99\x8D\x58\x2D\x72\x44" - "\x9D\x1D\x91\x64\xD6\x3F\x0A\x82" - "\xC7\x57\x3D\xEF\xD3\x41\xFA\xA7" - "\x68\xA3\xB8\xA5\x93\x74\x2E\x85" - "\x4C\x9D\x69\x59\xCE\x15\xAE\xBF" - "\x9C\x8F\x14\x64\x5D\x7F\xCF\x0B" - "\xCE\x43\x5D\x28\xC0\x2F\xFB\x18" - "\x79\x9A\xFC\x43\x16\x7C\x6B\x7B" - "\x38\xB8\x48\x36\x66\x4E\x20\x43" - "\xBA\x76\x13\x9A\xC3\xF2\xEB\x52" - "\xD7\xDC\xB2\x67\x63\x14\x25\xCD" - "\xB1\x13\x4B\xDE\x8C\x59\x21\x84" - "\x81\x8D\x97\x23\x45\x33\x7C\xF3" - "\xC5\xBC\x79\x95\xAA\x84\x68\x31" - "\x2D\x1A\x68\xFE\xEC\x92\x94\xDA" - "\x94\x2A\x6F\xD6\xFE\xE5\x76\x97" - "\xF4\x6E\xEE\xCB\x2B\x95\x4E\x36" - "\x5F\x74\x8C\x86\x5B\x71\xD0\x20" - "\x78\x1A\x7F\x18\x8C\xD9\xCD\xF5" - "\x21\x41\x56\x72\x13\xE1\x86\x07" - "\x07\x26\xF3\x4F\x7B\xEA\xB5\x18" - "\xFE\x94\x2D\x9F\xE0\x72\x18\x65" - "\xB2\xA5\x63\x48\xB4\x13\x22\xF7" - "\x25\xF1\x80\xA8\x7F\x54\x86\x7B" - "\x39\xAE\x95\x0C\x09\x32\x22\x2D" - "\x4D\x73\x39\x0C\x09\x2C\x7C\x10" - "\xD0\x4B\x53\xF6\x90\xC5\x99\x2F" - "\x15\xE1\x7F\xC6\xC5\x7A\x52\x14" - "\x65\xEE\x93\x54\xD0\x66\x15\x3C" - "\x4C\x68\xFD\x64\x0F\xF9\x10\x39" - "\x46\x7A\xDD\x97\x20\xEE\xC7\xD2" - "\x98\x4A\xB6\xE6\xF5\xA8\x1F\x4F" - "\xDB\xAB\x6D\xD5\x9B\x34\x16\x97" - "\x2F\x64\xE5\x37\xEF\x0E\xA1\xE9" - "\xBE\x31\x31\x96\x8B\x40\x18\x75" - "\x11\x75\x14\x32\xA5\x2D\x1B\x6B" - "\xDB\x59\xEB\xFA\x3D\x8E\x7C\xC4" - "\xDE\x68\xC8\x9F\xC9\x99\xE3\xC6" - "\x71\xB0\x12\x57\x89\x0D\xC0\x2B" - "\x9F\x12\x6A\x04\x67\xF1\x95\x31" - "\x59\xFD\x84\x95\x2C\x9C\x5B\xEC" - "\x09\xB0\x43\x96\x4A\x64\x80\x40" - "\xB9\x72\x19\xDD\x70\x42\xFA\xB1" - "\x4A\x2C\x0C\x0A\x60\x6E\xE3\x7C" - "\x37\x5A\xBE\xA4\x62\xCF\x29\xAB" - "\x7F\x4D\xA6\xB3\xE2\xB6\x64\xC6" - "\x33\x0B\xF3\xD5\x01\x38\x74\xA4" - "\x67\x1E\x75\x68\xC3\xAD\x76\xE9" - "\xE9\xBC\xF0\xEB\xD8\xFD\x31\x8A" - "\x5F\xC9\x18\x94\x4B\x86\x66\xFC" - "\xBD\x0B\x3D\xB3\x9F\xFA\x1F\xD9" - "\x78\xC4\xE3\x24\x1C\x67\xA2\xF8" - "\x43\xBC\x76\x75\xBF\x6C\x05\xB3" - "\x32\xE8\x7C\x80\xDB\xC7\xB6\x61" - "\x1A\x3E\x2B\xA7\x25\xED\x8F\xA0" - "\x00\x4B\xF8\x90\xCA\xD8\xFB\x12" - "\xAC\x1F\x18\xE9\xD2\x5E\xA2\x8E" - "\xE4\x84\x6B\x9D\xEB\x1E\x6B\xA3" - "\x7B\xDC\xCE\x15\x97\x27\xB2\x65" - "\xBC\x0E\x47\xAB\x55\x13\x53\xAB" - "\x0E\x34\x55\x02\x5F\x27\xC5\x89" - "\xDF\xC5\x70\xC4\xDD\x76\x82\xEE" - "\x68\xA6\x09\xB0\xE5\x5E\xF1\x0C" - "\xE3\xF3\x09\x9B\xFE\x65\x4B\xB8" - "\x30\xEC\xD5\x7C\x6A\xEC\x1D\xD2" - "\x93\xB7\xA1\x1A\x02\xD4\xC0\xD6" - "\x8D\x4D\x83\x9A\xED\x29\x4E\x14" - "\x86\xD5\x3C\x1A\xD5\xB9\x0A\x6A" - "\x72\x22\xD5\x92\x38\xF1\xA1\x86" - "\xB2\x41\x51\xCA\x4E\xAB\x8F\xD3" - "\x80\x56\xC3\xD7\x65\xE1\xB3\x86" - "\xCB\xCE\x98\xA1\xD4\x59\x1C\x06" - "\x01\xED\xF8\x29\x91\x19\x5C\x9A" - "\xEE\x28\x1B\x48\xD7\x32\xEF\x9F" - "\x6C\x2B\x66\x4E\x78\xD5\x8B\x72" - "\x80\xE7\x29\xDC\x23\x55\x98\x54" - "\xB1\xFF\x3E\x95\x56\xA8\x78\x78" - "\xEF\xC4\xA5\x11\x2D\x2B\xD8\x93" - "\x30\x6E\x7E\x51\xBB\x42\x5F\x03" - "\x43\x94\x23\x7E\xEE\xF0\xA5\x79" - "\x55\x01\xD4\x58\xB2\xF2\x85\x49" - "\x70\xC5\xB9\x0B\x3B\x7A\x6E\x6C", - .ilen = 1008, - .result = "\x56\xED\x84\x1B\x8F\x26\xBD\x31" - "\xC8\x5F\xF6\x6A\x01\x98\x0C\xA3" - "\x3A\xD1\x45\xDC\x73\x0A\x7E\x15" - "\xAC\x20\xB7\x4E\xE5\x59\xF0\x87" - "\x1E\x92\x29\xC0\x34\xCB\x62\xF9" - "\x6D\x04\x9B\x0F\xA6\x3D\xD4\x48" - "\xDF\x76\x0D\x81\x18\xAF\x23\xBA" - "\x51\xE8\x5C\xF3\x8A\x21\x95\x2C" - "\xC3\x37\xCE\x65\xFC\x70\x07\x9E" - "\x12\xA9\x40\xD7\x4B\xE2\x79\x10" - "\x84\x1B\xB2\x26\xBD\x54\xEB\x5F" - "\xF6\x8D\x01\x98\x2F\xC6\x3A\xD1" - "\x68\xFF\x73\x0A\xA1\x15\xAC\x43" - "\xDA\x4E\xE5\x7C\x13\x87\x1E\xB5" - "\x29\xC0\x57\xEE\x62\xF9\x90\x04" - "\x9B\x32\xC9\x3D\xD4\x6B\x02\x76" - "\x0D\xA4\x18\xAF\x46\xDD\x51\xE8" - "\x7F\x16\x8A\x21\xB8\x2C\xC3\x5A" - "\xF1\x65\xFC\x93\x07\x9E\x35\xCC" - "\x40\xD7\x6E\x05\x79\x10\xA7\x1B" - "\xB2\x49\xE0\x54\xEB\x82\x19\x8D" - "\x24\xBB\x2F\xC6\x5D\xF4\x68\xFF" - "\x96\x0A\xA1\x38\xCF\x43\xDA\x71" - "\x08\x7C\x13\xAA\x1E\xB5\x4C\xE3" - "\x57\xEE\x85\x1C\x90\x27\xBE\x32" - "\xC9\x60\xF7\x6B\x02\x99\x0D\xA4" - "\x3B\xD2\x46\xDD\x74\x0B\x7F\x16" - "\xAD\x21\xB8\x4F\xE6\x5A\xF1\x88" - "\x1F\x93\x2A\xC1\x35\xCC\x63\xFA" - "\x6E\x05\x9C\x10\xA7\x3E\xD5\x49" - "\xE0\x77\x0E\x82\x19\xB0\x24\xBB" - "\x52\xE9\x5D\xF4\x8B\x22\x96\x2D" - "\xC4\x38\xCF\x66\xFD\x71\x08\x9F" - "\x13\xAA\x41\xD8\x4C\xE3\x7A\x11" - "\x85\x1C\xB3\x27\xBE\x55\xEC\x60" - "\xF7\x8E\x02\x99\x30\xC7\x3B\xD2" - "\x69\x00\x74\x0B\xA2\x16\xAD\x44" - "\xDB\x4F\xE6\x7D\x14\x88\x1F\xB6" - "\x2A\xC1\x58\xEF\x63\xFA\x91\x05" - "\x9C\x33\xCA\x3E\xD5\x6C\x03\x77" - "\x0E\xA5\x19\xB0\x47\xDE\x52\xE9" - "\x80\x17\x8B\x22\xB9\x2D\xC4\x5B" - "\xF2\x66\xFD\x94\x08\x9F\x36\xCD" - "\x41\xD8\x6F\x06\x7A\x11\xA8\x1C" - "\xB3\x4A\xE1\x55\xEC\x83\x1A\x8E" - "\x25\xBC\x30\xC7\x5E\xF5\x69\x00" - "\x97\x0B\xA2\x39\xD0\x44\xDB\x72" - "\x09\x7D\x14\xAB\x1F\xB6\x4D\xE4" - "\x58\xEF\x86\x1D\x91\x28\xBF\x33" - "\xCA\x61\xF8\x6C\x03\x9A\x0E\xA5" - "\x3C\xD3\x47\xDE\x75\x0C\x80\x17" - "\xAE\x22\xB9\x50\xE7\x5B\xF2\x89" - "\x20\x94\x2B\xC2\x36\xCD\x64\xFB" - "\x6F\x06\x9D\x11\xA8\x3F\xD6\x4A" - "\xE1\x78\x0F\x83\x1A\xB1\x25\xBC" - "\x53\xEA\x5E\xF5\x8C\x00\x97\x2E" - "\xC5\x39\xD0\x67\xFE\x72\x09\xA0" - "\x14\xAB\x42\xD9\x4D\xE4\x7B\x12" - "\x86\x1D\xB4\x28\xBF\x56\xED\x61" - "\xF8\x8F\x03\x9A\x31\xC8\x3C\xD3" - "\x6A\x01\x75\x0C\xA3\x17\xAE\x45" - "\xDC\x50\xE7\x7E\x15\x89\x20\xB7" - "\x2B\xC2\x59\xF0\x64\xFB\x92\x06" - "\x9D\x34\xCB\x3F\xD6\x6D\x04\x78" - "\x0F\xA6\x1A\xB1\x48\xDF\x53\xEA" - "\x81\x18\x8C\x23\xBA\x2E\xC5\x5C" - "\xF3\x67\xFE\x95\x09\xA0\x37\xCE" - "\x42\xD9\x70\x07\x7B\x12\xA9\x1D" - "\xB4\x4B\xE2\x56\xED\x84\x1B\x8F" - "\x26\xBD\x31\xC8\x5F\xF6\x6A\x01" - "\x98\x0C\xA3\x3A\xD1\x45\xDC\x73" - "\x0A\x7E\x15\xAC\x20\xB7\x4E\xE5" - "\x59\xF0\x87\x1E\x92\x29\xC0\x34" - "\xCB\x62\xF9\x6D\x04\x9B\x0F\xA6" - "\x3D\xD4\x48\xDF\x76\x0D\x81\x18" - "\xAF\x23\xBA\x51\xE8\x5C\xF3\x8A" - "\x21\x95\x2C\xC3\x37\xCE\x65\xFC" - "\x70\x07\x9E\x12\xA9\x40\xD7\x4B" - "\xE2\x79\x10\x84\x1B\xB2\x26\xBD" - "\x54\xEB\x5F\xF6\x8D\x01\x98\x2F" - "\xC6\x3A\xD1\x68\xFF\x73\x0A\xA1" - "\x15\xAC\x43\xDA\x4E\xE5\x7C\x13" - "\x87\x1E\xB5\x29\xC0\x57\xEE\x62" - "\xF9\x90\x04\x9B\x32\xC9\x3D\xD4" - "\x6B\x02\x76\x0D\xA4\x18\xAF\x46" - "\xDD\x51\xE8\x7F\x16\x8A\x21\xB8" - "\x2C\xC3\x5A\xF1\x65\xFC\x93\x07" - "\x9E\x35\xCC\x40\xD7\x6E\x05\x79" - "\x10\xA7\x1B\xB2\x49\xE0\x54\xEB" - "\x82\x19\x8D\x24\xBB\x2F\xC6\x5D" - "\xF4\x68\xFF\x96\x0A\xA1\x38\xCF" - "\x43\xDA\x71\x08\x7C\x13\xAA\x1E" - "\xB5\x4C\xE3\x57\xEE\x85\x1C\x90" - "\x27\xBE\x32\xC9\x60\xF7\x6B\x02" - "\x99\x0D\xA4\x3B\xD2\x46\xDD\x74" - "\x0B\x7F\x16\xAD\x21\xB8\x4F\xE6" - "\x5A\xF1\x88\x1F\x93\x2A\xC1\x35" - "\xCC\x63\xFA\x6E\x05\x9C\x10\xA7" - "\x3E\xD5\x49\xE0\x77\x0E\x82\x19" - "\xB0\x24\xBB\x52\xE9\x5D\xF4\x8B" - "\x22\x96\x2D\xC4\x38\xCF\x66\xFD" - "\x71\x08\x9F\x13\xAA\x41\xD8\x4C" - "\xE3\x7A\x11\x85\x1C\xB3\x27\xBE" - "\x55\xEC\x60\xF7\x8E\x02\x99\x30" - "\xC7\x3B\xD2\x69\x00\x74\x0B\xA2" - "\x16\xAD\x44\xDB\x4F\xE6\x7D\x14" - "\x88\x1F\xB6\x2A\xC1\x58\xEF\x63" - "\xFA\x91\x05\x9C\x33\xCA\x3E\xD5" - "\x6C\x03\x77\x0E\xA5\x19\xB0\x47" - "\xDE\x52\xE9\x80\x17\x8B\x22\xB9" - "\x2D\xC4\x5B\xF2\x66\xFD\x94\x08" - "\x9F\x36\xCD\x41\xD8\x6F\x06\x7A" - "\x11\xA8\x1C\xB3\x4A\xE1\x55\xEC" - "\x83\x1A\x8E\x25\xBC\x30\xC7\x5E" - "\xF5\x69\x00\x97\x0B\xA2\x39\xD0" - "\x44\xDB\x72\x09\x7D\x14\xAB\x1F" - "\xB6\x4D\xE4\x58\xEF\x86\x1D\x91" - "\x28\xBF\x33\xCA\x61\xF8\x6C\x03" - "\x9A\x0E\xA5\x3C\xD3\x47\xDE\x75" - "\x0C\x80\x17\xAE\x22\xB9\x50\xE7" - "\x5B\xF2\x89\x20\x94\x2B\xC2\x36" - "\xCD\x64\xFB\x6F\x06\x9D\x11\xA8" - "\x3F\xD6\x4A\xE1\x78\x0F\x83\x1A" - "\xB1\x25\xBC\x53\xEA\x5E\xF5\x8C" - "\x00\x97\x2E\xC5\x39\xD0\x67\xFE" - "\x72\x09\xA0\x14\xAB\x42\xD9\x4D", - .rlen = 1008, + .len = 1008, .also_non_np = 1, .np = 3, .tap = { 1008 - 20, 4, 16 }, }, }; -static const struct cipher_testvec camellia_ctr_enc_tv_template[] = { +static const struct cipher_testvec camellia_ctr_tv_template[] = { { /* Generated with Crypto++ */ .key = "\x85\x62\x3F\x1C\xF9\xD6\x1C\xF9" "\xD6\xB3\x90\x6D\x4A\x90\x6D\x4A" @@ -31266,7 +28404,7 @@ static const struct cipher_testvec camellia_ctr_enc_tv_template[] = { .klen = 32, .iv = "\xE2\x24\x89\xEE\x53\xB8\x1D\x5F" "\xC4\x29\x8E\xF3\x35\x9A\xFF\x64", - .input = "\x56\xED\x84\x1B\x8F\x26\xBD\x31" + .ptext = "\x56\xED\x84\x1B\x8F\x26\xBD\x31" "\xC8\x5F\xF6\x6A\x01\x98\x0C\xA3" "\x3A\xD1\x45\xDC\x73\x0A\x7E\x15" "\xAC\x20\xB7\x4E\xE5\x59\xF0\x87" @@ -31328,8 +28466,7 @@ static const struct cipher_testvec camellia_ctr_enc_tv_template[] = { "\xF8\x8F\x03\x9A\x31\xC8\x3C\xD3" "\x6A\x01\x75\x0C\xA3\x17\xAE\x45" "\xDC\x50\xE7\x7E\x15\x89\x20\xB7", - .ilen = 496, - .result = "\xF3\x06\x3A\x84\xCD\xBA\x8E\x11" + .ctext = "\xF3\x06\x3A\x84\xCD\xBA\x8E\x11" "\xB7\x74\x6F\x5C\x97\xFB\x36\xFE" "\xDE\x71\x58\xD4\x15\xD1\xC1\xA4" "\xC9\x28\x74\xA6\x6B\xC7\x95\xA6" @@ -31391,7 +28528,7 @@ static const struct cipher_testvec camellia_ctr_enc_tv_template[] = { "\x7E\x42\xEC\xB6\x6F\x4D\x6B\x48" "\xE6\xA6\x50\x80\x78\x9E\xF1\xB0" "\x4D\xB2\x0D\x3D\xFC\x40\x25\x4D", - .rlen = 496, + .len = 496, }, { /* Generated with Crypto++ */ .key = "\x85\x62\x3F\x1C\xF9\xD6\x1C\xF9" "\xD6\xB3\x90\x6D\x4A\x90\x6D\x4A" @@ -31400,7 +28537,7 @@ static const struct cipher_testvec camellia_ctr_enc_tv_template[] = { .klen = 32, .iv = "\xE2\x24\x89\xEE\x53\xB8\x1D\x5F" "\xC4\x29\x8E\xF3\x35\x9A\xFF\x64", - .input = "\x56\xED\x84\x1B\x8F\x26\xBD\x31" + .ptext = "\x56\xED\x84\x1B\x8F\x26\xBD\x31" "\xC8\x5F\xF6\x6A\x01\x98\x0C\xA3" "\x3A\xD1\x45\xDC\x73\x0A\x7E\x15" "\xAC\x20\xB7\x4E\xE5\x59\xF0\x87" @@ -31527,8 +28664,7 @@ static const struct cipher_testvec camellia_ctr_enc_tv_template[] = { "\x00\x97\x2E\xC5\x39\xD0\x67\xFE" "\x72\x09\xA0\x14\xAB\x42\xD9\x4D" "\xE4\x7B\x12", - .ilen = 1011, - .result = "\xF3\x06\x3A\x84\xCD\xBA\x8E\x11" + .ctext = "\xF3\x06\x3A\x84\xCD\xBA\x8E\x11" "\xB7\x74\x6F\x5C\x97\xFB\x36\xFE" "\xDE\x71\x58\xD4\x15\xD1\xC1\xA4" "\xC9\x28\x74\xA6\x6B\xC7\x95\xA6" @@ -31655,7 +28791,7 @@ static const struct cipher_testvec camellia_ctr_enc_tv_template[] = { "\x45\xE3\x35\x0D\x69\x91\x54\x1C" "\xE7\x2C\x49\x08\x8B\x72\xFA\x5C" "\xF1\x6B\xD9", - .rlen = 1011, + .len = 1011, .also_non_np = 1, .np = 2, .tap = { 1011 - 16, 16 }, @@ -31667,7 +28803,7 @@ static const struct cipher_testvec camellia_ctr_enc_tv_template[] = { .klen = 32, .iv = "\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF" "\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFD", - .input = "\x56\xED\x84\x1B\x8F\x26\xBD\x31" + .ptext = "\x56\xED\x84\x1B\x8F\x26\xBD\x31" "\xC8\x5F\xF6\x6A\x01\x98\x0C\xA3" "\x3A\xD1\x45\xDC\x73\x0A\x7E\x15" "\xAC\x20\xB7\x4E\xE5\x59\xF0\x87" @@ -31793,8 +28929,7 @@ static const struct cipher_testvec camellia_ctr_enc_tv_template[] = { "\xB1\x25\xBC\x53\xEA\x5E\xF5\x8C" "\x00\x97\x2E\xC5\x39\xD0\x67\xFE" "\x72\x09\xA0\x14\xAB\x42\xD9\x4D", - .ilen = 1008, - .result = "\x85\x79\x6C\x8B\x2B\x6D\x14\xF9" + .ctext = "\x85\x79\x6C\x8B\x2B\x6D\x14\xF9" "\xA6\x83\xB6\x80\x5B\x3A\xF3\x7E" "\x30\x29\xEB\x1F\xDC\x19\x5F\xEB" "\xF7\xC4\x27\x04\x51\x87\xD7\x6F" @@ -31920,678 +29055,11 @@ static const struct cipher_testvec camellia_ctr_enc_tv_template[] = { "\xC5\x9B\x03\x70\x29\x2A\x49\x09" "\x67\xA1\xEA\xD6\x3A\x5B\xBF\x71" "\x1D\x48\x64\x6C\xFB\xC0\x9E\x36", - .rlen = 1008, + .len = 1008, }, }; -static const struct cipher_testvec camellia_ctr_dec_tv_template[] = { - { /* Generated with Crypto++ */ - .key = "\x85\x62\x3F\x1C\xF9\xD6\x1C\xF9" - "\xD6\xB3\x90\x6D\x4A\x90\x6D\x4A" - "\x27\x04\xE1\x27\x04\xE1\xBE\x9B" - "\x78\xBE\x9B\x78\x55\x32\x0F\x55", - .klen = 32, - .iv = "\xE2\x24\x89\xEE\x53\xB8\x1D\x5F" - "\xC4\x29\x8E\xF3\x35\x9A\xFF\x64", - .input = "\xF3\x06\x3A\x84\xCD\xBA\x8E\x11" - "\xB7\x74\x6F\x5C\x97\xFB\x36\xFE" - "\xDE\x71\x58\xD4\x15\xD1\xC1\xA4" - "\xC9\x28\x74\xA6\x6B\xC7\x95\xA6" - "\x6C\x77\xF7\x2F\xDF\xC7\xBB\x85" - "\x60\xFC\xE8\x94\xE8\xB5\x09\x2C" - "\x1E\x43\xEF\x6C\xE9\x98\xC5\xA0" - "\x7B\x13\xE5\x7F\xF8\x49\x9A\x8C" - "\xE6\x7B\x08\xC3\x32\x66\x55\x4E" - "\xA5\x44\x1D\x2C\x18\xC7\x29\x1F" - "\x61\x28\x4A\xE3\xCD\xE5\x47\xB2" - "\x82\x2F\x66\x83\x91\x51\xAE\xD7" - "\x1C\x91\x3C\x57\xE3\x1D\x5A\xC9" - "\xFD\xC5\x58\x58\xEF\xCC\x33\xC9" - "\x0F\xEA\x26\x32\xD1\x15\x19\x2D" - "\x25\xB4\x7F\xB0\xDF\xFB\x88\x60" - "\x4E\x4D\x06\x7D\xCC\x1F\xED\x3B" - "\x68\x84\xD5\xB3\x1B\xE7\xB9\xA1" - "\x68\x8B\x2C\x1A\x44\xDA\x63\xD3" - "\x29\xE9\x59\x32\x1F\x30\x1C\x43" - "\xEA\x3A\xA3\x6B\x54\x3C\xAA\x11" - "\xAD\x38\x20\xC9\xB9\x8A\x64\x66" - "\x5A\x07\x49\xDF\xA1\x9C\xF9\x76" - "\x36\x65\xB6\x81\x8F\x76\x09\xE5" - "\xEB\xD1\x29\xA4\xE4\xF4\x4C\xCD" - "\xAF\xFC\xB9\x16\xD9\xC3\x73\x6A" - "\x33\x12\xF8\x7E\xBC\xCC\x7D\x80" - "\xBF\x3C\x25\x06\x13\x84\xFA\x35" - "\xF7\x40\xFA\xA1\x44\x13\x70\xD8" - "\x01\xF9\x85\x15\x63\xEC\x7D\xB9" - "\x02\xD8\xBA\x41\x6C\x92\x68\x66" - "\x95\xDD\xD6\x42\xE7\xBB\xE1\xFD" - "\x28\x3E\x94\xB6\xBD\xA7\xBF\x47" - "\x58\x8D\xFF\x19\x30\x75\x0D\x48" - "\x94\xE9\xA6\xCD\xB3\x8E\x1E\xCD" - "\x59\xBC\x1A\xAC\x3C\x4F\xA9\xEB" - "\xF4\xA7\xE4\x75\x4A\x18\x40\xC9" - "\x1E\xEC\x06\x9C\x28\x4B\xF7\x2B" - "\xE2\xEF\xD6\x42\x2E\xBB\xFC\x0A" - "\x79\xA2\x99\x28\x93\x1B\x00\x57" - "\x35\x1E\x1A\x93\x90\xA4\x68\x95" - "\x5E\x57\x40\xD5\xA9\xAA\x19\x48" - "\xEC\xFF\x76\x77\xDC\x78\x89\x76" - "\xE5\x3B\x00\xEC\x58\x4D\xD1\xE3" - "\xC8\x6C\x2C\x45\x5E\x5F\xD9\x4E" - "\x71\xA5\x36\x6D\x03\xF1\xC7\xD5" - "\xF3\x63\xC0\xD8\xCB\x2B\xF1\xA8" - "\xB9\x2B\xE6\x0B\xB9\x65\x78\xA0" - "\xC4\x46\xE6\x9B\x8B\x43\x2D\xAB" - "\x70\xA6\xE0\x59\x1E\xAC\x9D\xE0" - "\x76\x44\x45\xF3\x24\x11\x57\x98" - "\x9A\x86\xB4\x12\x80\x28\x86\x20" - "\x23\x9D\x2D\xE9\x38\x32\xB1\xE1" - "\xCF\x0A\x23\x73\x7D\xC5\x80\x3D" - "\x9F\x6D\xA0\xD0\xEE\x93\x8A\x79" - "\x3A\xDD\x1D\xBB\x9E\x26\x5D\x01" - "\x44\xD0\xD4\x4E\xC3\xF1\xE4\x38" - "\x09\x62\x0A\x1A\x4E\xD2\x63\x0F" - "\x6E\x3E\xD2\xA4\x3A\xF4\xF3\xFF" - "\x7E\x42\xEC\xB6\x6F\x4D\x6B\x48" - "\xE6\xA6\x50\x80\x78\x9E\xF1\xB0" - "\x4D\xB2\x0D\x3D\xFC\x40\x25\x4D", - .ilen = 496, - .result = "\x56\xED\x84\x1B\x8F\x26\xBD\x31" - "\xC8\x5F\xF6\x6A\x01\x98\x0C\xA3" - "\x3A\xD1\x45\xDC\x73\x0A\x7E\x15" - "\xAC\x20\xB7\x4E\xE5\x59\xF0\x87" - "\x1E\x92\x29\xC0\x34\xCB\x62\xF9" - "\x6D\x04\x9B\x0F\xA6\x3D\xD4\x48" - "\xDF\x76\x0D\x81\x18\xAF\x23\xBA" - "\x51\xE8\x5C\xF3\x8A\x21\x95\x2C" - "\xC3\x37\xCE\x65\xFC\x70\x07\x9E" - "\x12\xA9\x40\xD7\x4B\xE2\x79\x10" - "\x84\x1B\xB2\x26\xBD\x54\xEB\x5F" - "\xF6\x8D\x01\x98\x2F\xC6\x3A\xD1" - "\x68\xFF\x73\x0A\xA1\x15\xAC\x43" - "\xDA\x4E\xE5\x7C\x13\x87\x1E\xB5" - "\x29\xC0\x57\xEE\x62\xF9\x90\x04" - "\x9B\x32\xC9\x3D\xD4\x6B\x02\x76" - "\x0D\xA4\x18\xAF\x46\xDD\x51\xE8" - "\x7F\x16\x8A\x21\xB8\x2C\xC3\x5A" - "\xF1\x65\xFC\x93\x07\x9E\x35\xCC" - "\x40\xD7\x6E\x05\x79\x10\xA7\x1B" - "\xB2\x49\xE0\x54\xEB\x82\x19\x8D" - "\x24\xBB\x2F\xC6\x5D\xF4\x68\xFF" - "\x96\x0A\xA1\x38\xCF\x43\xDA\x71" - "\x08\x7C\x13\xAA\x1E\xB5\x4C\xE3" - "\x57\xEE\x85\x1C\x90\x27\xBE\x32" - "\xC9\x60\xF7\x6B\x02\x99\x0D\xA4" - "\x3B\xD2\x46\xDD\x74\x0B\x7F\x16" - "\xAD\x21\xB8\x4F\xE6\x5A\xF1\x88" - "\x1F\x93\x2A\xC1\x35\xCC\x63\xFA" - "\x6E\x05\x9C\x10\xA7\x3E\xD5\x49" - "\xE0\x77\x0E\x82\x19\xB0\x24\xBB" - "\x52\xE9\x5D\xF4\x8B\x22\x96\x2D" - "\xC4\x38\xCF\x66\xFD\x71\x08\x9F" - "\x13\xAA\x41\xD8\x4C\xE3\x7A\x11" - "\x85\x1C\xB3\x27\xBE\x55\xEC\x60" - "\xF7\x8E\x02\x99\x30\xC7\x3B\xD2" - "\x69\x00\x74\x0B\xA2\x16\xAD\x44" - "\xDB\x4F\xE6\x7D\x14\x88\x1F\xB6" - "\x2A\xC1\x58\xEF\x63\xFA\x91\x05" - "\x9C\x33\xCA\x3E\xD5\x6C\x03\x77" - "\x0E\xA5\x19\xB0\x47\xDE\x52\xE9" - "\x80\x17\x8B\x22\xB9\x2D\xC4\x5B" - "\xF2\x66\xFD\x94\x08\x9F\x36\xCD" - "\x41\xD8\x6F\x06\x7A\x11\xA8\x1C" - "\xB3\x4A\xE1\x55\xEC\x83\x1A\x8E" - "\x25\xBC\x30\xC7\x5E\xF5\x69\x00" - "\x97\x0B\xA2\x39\xD0\x44\xDB\x72" - "\x09\x7D\x14\xAB\x1F\xB6\x4D\xE4" - "\x58\xEF\x86\x1D\x91\x28\xBF\x33" - "\xCA\x61\xF8\x6C\x03\x9A\x0E\xA5" - "\x3C\xD3\x47\xDE\x75\x0C\x80\x17" - "\xAE\x22\xB9\x50\xE7\x5B\xF2\x89" - "\x20\x94\x2B\xC2\x36\xCD\x64\xFB" - "\x6F\x06\x9D\x11\xA8\x3F\xD6\x4A" - "\xE1\x78\x0F\x83\x1A\xB1\x25\xBC" - "\x53\xEA\x5E\xF5\x8C\x00\x97\x2E" - "\xC5\x39\xD0\x67\xFE\x72\x09\xA0" - "\x14\xAB\x42\xD9\x4D\xE4\x7B\x12" - "\x86\x1D\xB4\x28\xBF\x56\xED\x61" - "\xF8\x8F\x03\x9A\x31\xC8\x3C\xD3" - "\x6A\x01\x75\x0C\xA3\x17\xAE\x45" - "\xDC\x50\xE7\x7E\x15\x89\x20\xB7", - .rlen = 496, - }, { /* Generated with Crypto++ */ - .key = "\x85\x62\x3F\x1C\xF9\xD6\x1C\xF9" - "\xD6\xB3\x90\x6D\x4A\x90\x6D\x4A" - "\x27\x04\xE1\x27\x04\xE1\xBE\x9B" - "\x78\xBE\x9B\x78\x55\x32\x0F\x55", - .klen = 32, - .iv = "\xE2\x24\x89\xEE\x53\xB8\x1D\x5F" - "\xC4\x29\x8E\xF3\x35\x9A\xFF\x64", - .input = "\xF3\x06\x3A\x84\xCD\xBA\x8E\x11" - "\xB7\x74\x6F\x5C\x97\xFB\x36\xFE" - "\xDE\x71\x58\xD4\x15\xD1\xC1\xA4" - "\xC9\x28\x74\xA6\x6B\xC7\x95\xA6" - "\x6C\x77\xF7\x2F\xDF\xC7\xBB\x85" - "\x60\xFC\xE8\x94\xE8\xB5\x09\x2C" - "\x1E\x43\xEF\x6C\xE9\x98\xC5\xA0" - "\x7B\x13\xE5\x7F\xF8\x49\x9A\x8C" - "\xE6\x7B\x08\xC3\x32\x66\x55\x4E" - "\xA5\x44\x1D\x2C\x18\xC7\x29\x1F" - "\x61\x28\x4A\xE3\xCD\xE5\x47\xB2" - "\x82\x2F\x66\x83\x91\x51\xAE\xD7" - "\x1C\x91\x3C\x57\xE3\x1D\x5A\xC9" - "\xFD\xC5\x58\x58\xEF\xCC\x33\xC9" - "\x0F\xEA\x26\x32\xD1\x15\x19\x2D" - "\x25\xB4\x7F\xB0\xDF\xFB\x88\x60" - "\x4E\x4D\x06\x7D\xCC\x1F\xED\x3B" - "\x68\x84\xD5\xB3\x1B\xE7\xB9\xA1" - "\x68\x8B\x2C\x1A\x44\xDA\x63\xD3" - "\x29\xE9\x59\x32\x1F\x30\x1C\x43" - "\xEA\x3A\xA3\x6B\x54\x3C\xAA\x11" - "\xAD\x38\x20\xC9\xB9\x8A\x64\x66" - "\x5A\x07\x49\xDF\xA1\x9C\xF9\x76" - "\x36\x65\xB6\x81\x8F\x76\x09\xE5" - "\xEB\xD1\x29\xA4\xE4\xF4\x4C\xCD" - "\xAF\xFC\xB9\x16\xD9\xC3\x73\x6A" - "\x33\x12\xF8\x7E\xBC\xCC\x7D\x80" - "\xBF\x3C\x25\x06\x13\x84\xFA\x35" - "\xF7\x40\xFA\xA1\x44\x13\x70\xD8" - "\x01\xF9\x85\x15\x63\xEC\x7D\xB9" - "\x02\xD8\xBA\x41\x6C\x92\x68\x66" - "\x95\xDD\xD6\x42\xE7\xBB\xE1\xFD" - "\x28\x3E\x94\xB6\xBD\xA7\xBF\x47" - "\x58\x8D\xFF\x19\x30\x75\x0D\x48" - "\x94\xE9\xA6\xCD\xB3\x8E\x1E\xCD" - "\x59\xBC\x1A\xAC\x3C\x4F\xA9\xEB" - "\xF4\xA7\xE4\x75\x4A\x18\x40\xC9" - "\x1E\xEC\x06\x9C\x28\x4B\xF7\x2B" - "\xE2\xEF\xD6\x42\x2E\xBB\xFC\x0A" - "\x79\xA2\x99\x28\x93\x1B\x00\x57" - "\x35\x1E\x1A\x93\x90\xA4\x68\x95" - "\x5E\x57\x40\xD5\xA9\xAA\x19\x48" - "\xEC\xFF\x76\x77\xDC\x78\x89\x76" - "\xE5\x3B\x00\xEC\x58\x4D\xD1\xE3" - "\xC8\x6C\x2C\x45\x5E\x5F\xD9\x4E" - "\x71\xA5\x36\x6D\x03\xF1\xC7\xD5" - "\xF3\x63\xC0\xD8\xCB\x2B\xF1\xA8" - "\xB9\x2B\xE6\x0B\xB9\x65\x78\xA0" - "\xC4\x46\xE6\x9B\x8B\x43\x2D\xAB" - "\x70\xA6\xE0\x59\x1E\xAC\x9D\xE0" - "\x76\x44\x45\xF3\x24\x11\x57\x98" - "\x9A\x86\xB4\x12\x80\x28\x86\x20" - "\x23\x9D\x2D\xE9\x38\x32\xB1\xE1" - "\xCF\x0A\x23\x73\x7D\xC5\x80\x3D" - "\x9F\x6D\xA0\xD0\xEE\x93\x8A\x79" - "\x3A\xDD\x1D\xBB\x9E\x26\x5D\x01" - "\x44\xD0\xD4\x4E\xC3\xF1\xE4\x38" - "\x09\x62\x0A\x1A\x4E\xD2\x63\x0F" - "\x6E\x3E\xD2\xA4\x3A\xF4\xF3\xFF" - "\x7E\x42\xEC\xB6\x6F\x4D\x6B\x48" - "\xE6\xA6\x50\x80\x78\x9E\xF1\xB0" - "\x4D\xB2\x0D\x3D\xFC\x40\x25\x4D" - "\x93\x11\x1C\xE9\xD2\x9F\x6E\x90" - "\xE5\x41\x4A\xE2\x3C\x45\x29\x35" - "\xEC\xD6\x47\x50\xCB\x7B\xA2\x32" - "\xF7\x8B\x62\xF1\xE3\x9A\xFE\xC7" - "\x1D\x8C\x02\x72\x68\x09\xE9\xB6" - "\x4A\x80\xE6\xB1\x56\xDF\x90\xD4" - "\x93\x74\xA4\xCE\x20\x23\xBF\x48" - "\xA5\xDE\x1B\xFA\x40\x69\x31\x98" - "\x62\x6E\xA5\xC7\xBF\x0C\x62\xE5" - "\x6D\xE1\x93\xF1\x83\x10\x1C\xCA" - "\xF6\x5C\x19\xF8\x90\x78\xCB\xE4" - "\x0B\x3A\xB5\xF8\x43\x86\xD3\x3F" - "\xBA\x83\x34\x3C\x42\xCC\x7D\x28" - "\x29\x63\x4F\xD8\x02\x17\xC5\x07" - "\x2C\xA4\xAC\x79\xCB\xC3\xA9\x09" - "\x81\x45\x18\xED\xE4\xCB\x42\x3B" - "\x87\x2D\x23\xDC\xC5\xBA\x45\xBD" - "\x92\xE5\x02\x97\x96\xCE\xAD\xEC" - "\xBA\xD8\x76\xF8\xCA\xC1\x31\xEC" - "\x1E\x4F\x3F\x83\xF8\x33\xE8\x6E" - "\xCC\xF8\x5F\xDD\x65\x50\x99\x69" - "\xAF\x48\xCE\xA5\xBA\xB6\x14\x9F" - "\x05\x93\xB2\xE6\x59\xC8\x28\xFE" - "\x8F\x37\xF9\x64\xB9\xA5\x56\x8F" - "\xF1\x1B\x90\xEF\xAE\xEB\xFC\x09" - "\x11\x7A\xF2\x19\x0A\x0A\x9A\x3C" - "\xE2\x5E\x29\xFA\x31\x9B\xC1\x74" - "\x1E\x10\x3E\x07\xA9\x31\x6D\xF8" - "\x81\xF5\xD5\x8A\x04\x23\x51\xAC" - "\xA2\xE2\x63\xFD\x27\x1F\x79\x5B" - "\x1F\xE8\xDA\x11\x49\x4D\x1C\xBA" - "\x54\xCC\x0F\xBA\x92\x69\xE5\xCB" - "\x41\x1A\x67\xA6\x40\x82\x70\x8C" - "\x19\x79\x08\xA4\x51\x20\x7D\xC9" - "\x12\x27\xAE\x20\x0D\x2C\xA1\x6D" - "\xF4\x55\xD4\xE7\xE6\xD4\x28\x08" - "\x00\x70\x12\x56\x56\x50\xAD\x14" - "\x5C\x3E\xA2\xD1\x36\x3F\x36\x48" - "\xED\xB1\x57\x3E\x5D\x15\xF6\x1E" - "\x53\xE9\xA4\x3E\xED\x7D\xCF\x7D" - "\x29\xAF\xF3\x1E\x51\xA8\x9F\x85" - "\x8B\xF0\xBB\xCE\xCC\x39\xC3\x64" - "\x4B\xF2\xAD\x70\x19\xD4\x44\x8F" - "\x91\x76\xE8\x15\x66\x34\x9F\xF6" - "\x0F\x15\xA4\xA8\x24\xF8\x58\xB1" - "\x38\x46\x47\xC7\x9B\xCA\xE9\x42" - "\x44\xAA\xE6\xB5\x9C\x91\xA4\xD3" - "\x16\xA0\xED\x42\xBE\xB5\x06\x19" - "\xBE\x67\xE8\xBC\x22\x32\xA4\x1E" - "\x93\xEB\xBE\xE9\xE1\x93\xE5\x31" - "\x3A\xA2\x75\xDF\xE3\x6B\xE7\xCC" - "\xB4\x70\x20\xE0\x6D\x82\x7C\xC8" - "\x94\x5C\x5E\x37\x18\xAD\xED\x8B" - "\x44\x86\xCA\x5E\x07\xB7\x70\x8D" - "\x40\x48\x19\x73\x7C\x78\x64\x0B" - "\xDB\x01\xCA\xAE\x63\x19\xE9\xD1" - "\x6B\x2C\x84\x10\x45\x42\x2E\xC3" - "\xDF\x7F\xAA\xE8\x87\x1B\x63\x46" - "\x74\x28\x9D\x05\x30\x20\x62\x41" - "\xC0\x9F\x2C\x36\x2B\x78\xD7\x26" - "\xDF\x58\x51\xED\xFA\xDC\x87\x79" - "\xBF\x8C\xBF\xC4\x0F\xE5\x05\xDA" - "\x45\xE3\x35\x0D\x69\x91\x54\x1C" - "\xE7\x2C\x49\x08\x8B\x72\xFA\x5C" - "\xF1\x6B\xD9", - .ilen = 1011, - .result = "\x56\xED\x84\x1B\x8F\x26\xBD\x31" - "\xC8\x5F\xF6\x6A\x01\x98\x0C\xA3" - "\x3A\xD1\x45\xDC\x73\x0A\x7E\x15" - "\xAC\x20\xB7\x4E\xE5\x59\xF0\x87" - "\x1E\x92\x29\xC0\x34\xCB\x62\xF9" - "\x6D\x04\x9B\x0F\xA6\x3D\xD4\x48" - "\xDF\x76\x0D\x81\x18\xAF\x23\xBA" - "\x51\xE8\x5C\xF3\x8A\x21\x95\x2C" - "\xC3\x37\xCE\x65\xFC\x70\x07\x9E" - "\x12\xA9\x40\xD7\x4B\xE2\x79\x10" - "\x84\x1B\xB2\x26\xBD\x54\xEB\x5F" - "\xF6\x8D\x01\x98\x2F\xC6\x3A\xD1" - "\x68\xFF\x73\x0A\xA1\x15\xAC\x43" - "\xDA\x4E\xE5\x7C\x13\x87\x1E\xB5" - "\x29\xC0\x57\xEE\x62\xF9\x90\x04" - "\x9B\x32\xC9\x3D\xD4\x6B\x02\x76" - "\x0D\xA4\x18\xAF\x46\xDD\x51\xE8" - "\x7F\x16\x8A\x21\xB8\x2C\xC3\x5A" - "\xF1\x65\xFC\x93\x07\x9E\x35\xCC" - "\x40\xD7\x6E\x05\x79\x10\xA7\x1B" - "\xB2\x49\xE0\x54\xEB\x82\x19\x8D" - "\x24\xBB\x2F\xC6\x5D\xF4\x68\xFF" - "\x96\x0A\xA1\x38\xCF\x43\xDA\x71" - "\x08\x7C\x13\xAA\x1E\xB5\x4C\xE3" - "\x57\xEE\x85\x1C\x90\x27\xBE\x32" - "\xC9\x60\xF7\x6B\x02\x99\x0D\xA4" - "\x3B\xD2\x46\xDD\x74\x0B\x7F\x16" - "\xAD\x21\xB8\x4F\xE6\x5A\xF1\x88" - "\x1F\x93\x2A\xC1\x35\xCC\x63\xFA" - "\x6E\x05\x9C\x10\xA7\x3E\xD5\x49" - "\xE0\x77\x0E\x82\x19\xB0\x24\xBB" - "\x52\xE9\x5D\xF4\x8B\x22\x96\x2D" - "\xC4\x38\xCF\x66\xFD\x71\x08\x9F" - "\x13\xAA\x41\xD8\x4C\xE3\x7A\x11" - "\x85\x1C\xB3\x27\xBE\x55\xEC\x60" - "\xF7\x8E\x02\x99\x30\xC7\x3B\xD2" - "\x69\x00\x74\x0B\xA2\x16\xAD\x44" - "\xDB\x4F\xE6\x7D\x14\x88\x1F\xB6" - "\x2A\xC1\x58\xEF\x63\xFA\x91\x05" - "\x9C\x33\xCA\x3E\xD5\x6C\x03\x77" - "\x0E\xA5\x19\xB0\x47\xDE\x52\xE9" - "\x80\x17\x8B\x22\xB9\x2D\xC4\x5B" - "\xF2\x66\xFD\x94\x08\x9F\x36\xCD" - "\x41\xD8\x6F\x06\x7A\x11\xA8\x1C" - "\xB3\x4A\xE1\x55\xEC\x83\x1A\x8E" - "\x25\xBC\x30\xC7\x5E\xF5\x69\x00" - "\x97\x0B\xA2\x39\xD0\x44\xDB\x72" - "\x09\x7D\x14\xAB\x1F\xB6\x4D\xE4" - "\x58\xEF\x86\x1D\x91\x28\xBF\x33" - "\xCA\x61\xF8\x6C\x03\x9A\x0E\xA5" - "\x3C\xD3\x47\xDE\x75\x0C\x80\x17" - "\xAE\x22\xB9\x50\xE7\x5B\xF2\x89" - "\x20\x94\x2B\xC2\x36\xCD\x64\xFB" - "\x6F\x06\x9D\x11\xA8\x3F\xD6\x4A" - "\xE1\x78\x0F\x83\x1A\xB1\x25\xBC" - "\x53\xEA\x5E\xF5\x8C\x00\x97\x2E" - "\xC5\x39\xD0\x67\xFE\x72\x09\xA0" - "\x14\xAB\x42\xD9\x4D\xE4\x7B\x12" - "\x86\x1D\xB4\x28\xBF\x56\xED\x61" - "\xF8\x8F\x03\x9A\x31\xC8\x3C\xD3" - "\x6A\x01\x75\x0C\xA3\x17\xAE\x45" - "\xDC\x50\xE7\x7E\x15\x89\x20\xB7" - "\x2B\xC2\x59\xF0\x64\xFB\x92\x06" - "\x9D\x34\xCB\x3F\xD6\x6D\x04\x78" - "\x0F\xA6\x1A\xB1\x48\xDF\x53\xEA" - "\x81\x18\x8C\x23\xBA\x2E\xC5\x5C" - "\xF3\x67\xFE\x95\x09\xA0\x37\xCE" - "\x42\xD9\x70\x07\x7B\x12\xA9\x1D" - "\xB4\x4B\xE2\x56\xED\x84\x1B\x8F" - "\x26\xBD\x31\xC8\x5F\xF6\x6A\x01" - "\x98\x0C\xA3\x3A\xD1\x45\xDC\x73" - "\x0A\x7E\x15\xAC\x20\xB7\x4E\xE5" - "\x59\xF0\x87\x1E\x92\x29\xC0\x34" - "\xCB\x62\xF9\x6D\x04\x9B\x0F\xA6" - "\x3D\xD4\x48\xDF\x76\x0D\x81\x18" - "\xAF\x23\xBA\x51\xE8\x5C\xF3\x8A" - "\x21\x95\x2C\xC3\x37\xCE\x65\xFC" - "\x70\x07\x9E\x12\xA9\x40\xD7\x4B" - "\xE2\x79\x10\x84\x1B\xB2\x26\xBD" - "\x54\xEB\x5F\xF6\x8D\x01\x98\x2F" - "\xC6\x3A\xD1\x68\xFF\x73\x0A\xA1" - "\x15\xAC\x43\xDA\x4E\xE5\x7C\x13" - "\x87\x1E\xB5\x29\xC0\x57\xEE\x62" - "\xF9\x90\x04\x9B\x32\xC9\x3D\xD4" - "\x6B\x02\x76\x0D\xA4\x18\xAF\x46" - "\xDD\x51\xE8\x7F\x16\x8A\x21\xB8" - "\x2C\xC3\x5A\xF1\x65\xFC\x93\x07" - "\x9E\x35\xCC\x40\xD7\x6E\x05\x79" - "\x10\xA7\x1B\xB2\x49\xE0\x54\xEB" - "\x82\x19\x8D\x24\xBB\x2F\xC6\x5D" - "\xF4\x68\xFF\x96\x0A\xA1\x38\xCF" - "\x43\xDA\x71\x08\x7C\x13\xAA\x1E" - "\xB5\x4C\xE3\x57\xEE\x85\x1C\x90" - "\x27\xBE\x32\xC9\x60\xF7\x6B\x02" - "\x99\x0D\xA4\x3B\xD2\x46\xDD\x74" - "\x0B\x7F\x16\xAD\x21\xB8\x4F\xE6" - "\x5A\xF1\x88\x1F\x93\x2A\xC1\x35" - "\xCC\x63\xFA\x6E\x05\x9C\x10\xA7" - "\x3E\xD5\x49\xE0\x77\x0E\x82\x19" - "\xB0\x24\xBB\x52\xE9\x5D\xF4\x8B" - "\x22\x96\x2D\xC4\x38\xCF\x66\xFD" - "\x71\x08\x9F\x13\xAA\x41\xD8\x4C" - "\xE3\x7A\x11\x85\x1C\xB3\x27\xBE" - "\x55\xEC\x60\xF7\x8E\x02\x99\x30" - "\xC7\x3B\xD2\x69\x00\x74\x0B\xA2" - "\x16\xAD\x44\xDB\x4F\xE6\x7D\x14" - "\x88\x1F\xB6\x2A\xC1\x58\xEF\x63" - "\xFA\x91\x05\x9C\x33\xCA\x3E\xD5" - "\x6C\x03\x77\x0E\xA5\x19\xB0\x47" - "\xDE\x52\xE9\x80\x17\x8B\x22\xB9" - "\x2D\xC4\x5B\xF2\x66\xFD\x94\x08" - "\x9F\x36\xCD\x41\xD8\x6F\x06\x7A" - "\x11\xA8\x1C\xB3\x4A\xE1\x55\xEC" - "\x83\x1A\x8E\x25\xBC\x30\xC7\x5E" - "\xF5\x69\x00\x97\x0B\xA2\x39\xD0" - "\x44\xDB\x72\x09\x7D\x14\xAB\x1F" - "\xB6\x4D\xE4\x58\xEF\x86\x1D\x91" - "\x28\xBF\x33\xCA\x61\xF8\x6C\x03" - "\x9A\x0E\xA5\x3C\xD3\x47\xDE\x75" - "\x0C\x80\x17\xAE\x22\xB9\x50\xE7" - "\x5B\xF2\x89\x20\x94\x2B\xC2\x36" - "\xCD\x64\xFB\x6F\x06\x9D\x11\xA8" - "\x3F\xD6\x4A\xE1\x78\x0F\x83\x1A" - "\xB1\x25\xBC\x53\xEA\x5E\xF5\x8C" - "\x00\x97\x2E\xC5\x39\xD0\x67\xFE" - "\x72\x09\xA0\x14\xAB\x42\xD9\x4D" - "\xE4\x7B\x12", - .rlen = 1011, - .also_non_np = 1, - .np = 2, - .tap = { 1011 - 16, 16 }, - }, { /* Generated with Crypto++ */ - .key = "\x85\x62\x3F\x1C\xF9\xD6\x1C\xF9" - "\xD6\xB3\x90\x6D\x4A\x90\x6D\x4A" - "\x27\x04\xE1\x27\x04\xE1\xBE\x9B" - "\x78\xBE\x9B\x78\x55\x32\x0F\x55", - .klen = 32, - .iv = "\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF" - "\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFD", - .input = "\x85\x79\x6C\x8B\x2B\x6D\x14\xF9" - "\xA6\x83\xB6\x80\x5B\x3A\xF3\x7E" - "\x30\x29\xEB\x1F\xDC\x19\x5F\xEB" - "\xF7\xC4\x27\x04\x51\x87\xD7\x6F" - "\xB8\x4E\x07\xFB\xAC\x3B\x08\xB4" - "\x4D\xCB\xE8\xE1\x71\x7D\x4F\x48" - "\xCD\x81\x64\xA5\xC4\x07\x1A\x9A" - "\x4B\x62\x90\x0E\xC8\xB3\x2B\x6B" - "\x8F\x9C\x6E\x72\x4B\xBA\xEF\x07" - "\x2C\x56\x07\x5E\x37\x30\x60\xA9" - "\xE3\xEF\xD6\x69\xE1\xA1\x77\x64" - "\x93\x75\x7A\xB7\x7A\x3B\xE9\x43" - "\x23\x35\x95\x91\x80\x8A\xC7\xCF" - "\xC3\xD5\xBF\xE7\xFE\x4C\x06\x6B" - "\x05\x19\x48\xE2\x62\xBA\x4F\xF2" - "\xFB\xEE\xE4\xCB\x79\x9D\xA3\x10" - "\x1D\x29\x8C\x1D\x7A\x88\x5A\xDD" - "\x4E\xB6\x18\xAA\xCD\xE6\x33\x96" - "\xD9\x0F\x90\x5A\x78\x76\x4D\x77" - "\x3C\x20\x89\x3B\xA3\xF9\x07\xFD" - "\xE4\xE8\x20\x2D\x15\x0A\x63\x49" - "\xF5\x4F\x89\xD8\xDE\xA1\x28\x78" - "\x28\x07\x09\x1B\x03\x94\x1D\x4B" - "\x82\x28\x1E\x1D\x95\xBA\xAC\x85" - "\x71\x6E\x3C\x18\x4B\x77\x74\x79" - "\xBF\x67\x0A\x53\x3C\x94\xD9\x60" - "\xE9\x6D\x40\x34\xA0\x2A\x53\x5D" - "\x27\xD5\x47\xF9\xC3\x4B\x27\x29" - "\xE4\x76\x9C\x3F\xA7\x1C\x87\xFC" - "\x6E\x0F\xCF\x9B\x60\xF0\xF0\x8B" - "\x70\x1C\x84\x81\x72\x4D\xB4\x98" - "\x23\x62\xE7\x6A\x2B\xFC\xA5\xB2" - "\xFF\xF5\x71\x07\xCD\x90\x23\x13" - "\x19\xD7\x79\x36\x6C\x9D\x55\x8B" - "\x93\x78\x86\x05\x69\x46\xD0\xC5" - "\x39\x09\xEB\x79\xEF\xFA\x9F\xAE" - "\xF3\xD5\x44\xC3\xFD\x86\xD2\x7C" - "\x83\x4B\xD8\x75\x9C\x18\x04\x7B" - "\x73\xAD\x72\xA4\xF6\xAB\xCF\x4B" - "\xCC\x01\x45\x90\xA6\x43\x05\x0C" - "\x6C\x4F\x62\x77\x57\x97\x9F\xEE" - "\x75\xA7\x3C\x38\xD1\x0F\x3D\x0E" - "\x2C\x43\x98\xFB\x13\x65\x73\xE4" - "\x3C\x1E\xD6\x90\x08\xF7\xE0\x99" - "\x3B\xF1\x9D\x6C\x48\xA9\x0E\x32" - "\x17\xC2\xCC\x20\xA1\x19\x26\xAA" - "\xE0\x75\x2F\xFB\x54\x66\x0A\xDF" - "\xB5\xF2\x1F\xC1\x34\x3C\x30\x56" - "\xE8\xDC\xF7\x92\x6B\xBF\x17\x24" - "\xEC\x94\xB5\x3B\xD6\xCE\xA2\x54" - "\x10\x7F\x50\xDE\x69\x77\xD5\x37" - "\xFE\x9C\x10\x83\xC5\xEB\xC9\x53" - "\xB7\xF3\xC4\x20\xAF\x0A\x7E\x57" - "\x3A\xE6\x75\xFE\x89\x00\x6E\x48" - "\xFB\x99\x17\x2C\xF6\x64\x40\x95" - "\x5E\xDC\x7A\xA6\x70\xC7\xF4\xDD" - "\x52\x05\x24\x34\xF9\x0E\xC8\x64" - "\x6D\xE2\xD8\x80\x53\x31\x4C\xFE" - "\xB4\x3A\x5F\x19\xCF\x42\x1B\x22" - "\x0B\x2D\x7B\xF1\xC5\x43\xF7\x5E" - "\x12\xA8\x01\x64\x16\x0B\x26\x5A" - "\x0C\x95\x0F\x40\xC5\x5A\x06\x7C" - "\xCF\xF5\xD5\xB7\x7A\x34\x23\xB6" - "\xAA\x9E\xA8\x98\xA2\xF8\x3D\xD3" - "\x3F\x23\x69\x63\x56\x96\x45\xD6" - "\x74\x23\x1D\x5C\x63\xCC\xD8\x78" - "\x16\xE2\x9C\xD2\x80\x02\xF2\x28" - "\x69\x2F\xC4\xA8\x15\x15\x24\x3B" - "\xCB\xF0\x14\xE4\x62\xC8\xF3\xD1" - "\x03\x58\x1B\x33\x77\x74\x1F\xB4" - "\x07\x86\xF2\x21\xB7\x41\xAE\xBF" - "\x25\xC2\xFF\x51\xEF\xEA\xCE\xC4" - "\x5F\xD9\xB8\x18\x6A\xF0\x0F\x0D" - "\xF8\x04\xBB\x6D\x62\x33\x87\x26" - "\x4F\x2F\x14\x6E\xDC\xDB\x66\x09" - "\x2A\xEF\x7D\x84\x10\xAC\x82\x5E" - "\xD2\xE4\xAD\x74\x7A\x6D\xCC\x3A" - "\x7B\x62\xD8\xD6\x07\x2D\xF7\xDF" - "\x9B\xB3\x82\xCF\x9C\x1D\x76\x5C" - "\xAC\x7B\xD4\x9B\x45\xA1\x64\x11" - "\x66\xF1\xA7\x0B\xF9\xDD\x00\xDD" - "\xA4\x45\x3D\x3E\x03\xC9\x2E\xCB" - "\xC3\x14\x84\x72\xFD\x41\xDC\xBD" - "\x75\xBE\xA8\xE5\x16\x48\x64\x39" - "\xCA\xF3\xE6\xDC\x25\x24\xF1\x6D" - "\xB2\x8D\xC5\x38\x54\xD3\x5D\x6D" - "\x0B\x29\x10\x15\x0E\x13\x3B\xAC" - "\x7E\xCC\x9E\x3E\x18\x48\xA6\x02" - "\xEF\x03\xB2\x2E\xE3\xD2\x70\x21" - "\xB4\x19\x26\xBE\x3A\x3D\x05\xE0" - "\xF8\x09\xAF\xE4\x31\x26\x92\x2F" - "\x8F\x55\xAC\xED\x0B\xB2\xA5\x34" - "\xBE\x50\xB1\x02\x22\x96\xE3\x40" - "\x7B\x70\x50\x6E\x3B\xD5\xE5\xA0" - "\x8E\xA2\xAD\x14\x60\x5C\x7A\x2B" - "\x3D\x1B\x7F\xC1\xC0\x2C\x56\x36" - "\xD2\x0A\x32\x06\x97\x34\xB9\xF4" - "\x6F\x9F\x7E\x80\xD0\x9D\xF7\x6A" - "\x21\xC1\xA2\x6A\xB1\x96\x5B\x4D" - "\x7A\x15\x6C\xC4\x4E\xB8\xE0\x9E" - "\x6C\x50\xF3\x9C\xC9\xB5\x23\xB7" - "\xF1\xD4\x29\x4A\x23\xC4\xAD\x1E" - "\x2C\x07\xD2\x43\x5F\x57\x93\xCA" - "\x85\xF9\x9F\xAD\x4C\xF1\xE4\xB1" - "\x1A\x8E\x28\xA4\xB6\x52\x77\x7E" - "\x68\xC6\x47\xB9\x76\xCC\x65\x5F" - "\x0B\xF9\x67\x93\xD8\x0E\x9A\x37" - "\x5F\x41\xED\x64\x6C\xAD\x5F\xED" - "\x3F\x8D\xFB\x8E\x1E\xA0\xE4\x1F" - "\xC2\xC7\xED\x18\x43\xE1\x20\x86" - "\x5D\xBC\x30\x70\x22\xA1\xDC\x53" - "\x10\x3A\x8D\x47\x82\xCD\x7F\x59" - "\x03\x2D\x6D\xF5\xE7\x79\xD4\x07" - "\x68\x2A\xA5\x42\x19\x4D\xAF\xF5" - "\xED\x47\x83\xBC\x5F\x62\x84\xDA" - "\xDA\x41\xFF\xB0\x1D\x64\xA3\xC8" - "\xBD\x4E\xE0\xB8\x7F\xEE\x55\x0A" - "\x4E\x61\xB2\x51\xF6\x9C\x95\xF6" - "\x92\xBB\xF6\xC5\xF0\x09\x86\xDE" - "\x37\x9E\x29\xF9\x2A\x18\x73\x0D" - "\xDC\x7E\x6B\x7B\x1B\x43\x8C\xEA" - "\x13\xC8\x1A\x47\x0A\x2D\x6D\x56" - "\xCD\xD2\xE7\x53\x1A\xAB\x1C\x3C" - "\xC5\x9B\x03\x70\x29\x2A\x49\x09" - "\x67\xA1\xEA\xD6\x3A\x5B\xBF\x71" - "\x1D\x48\x64\x6C\xFB\xC0\x9E\x36", - .ilen = 1008, - .result = "\x56\xED\x84\x1B\x8F\x26\xBD\x31" - "\xC8\x5F\xF6\x6A\x01\x98\x0C\xA3" - "\x3A\xD1\x45\xDC\x73\x0A\x7E\x15" - "\xAC\x20\xB7\x4E\xE5\x59\xF0\x87" - "\x1E\x92\x29\xC0\x34\xCB\x62\xF9" - "\x6D\x04\x9B\x0F\xA6\x3D\xD4\x48" - "\xDF\x76\x0D\x81\x18\xAF\x23\xBA" - "\x51\xE8\x5C\xF3\x8A\x21\x95\x2C" - "\xC3\x37\xCE\x65\xFC\x70\x07\x9E" - "\x12\xA9\x40\xD7\x4B\xE2\x79\x10" - "\x84\x1B\xB2\x26\xBD\x54\xEB\x5F" - "\xF6\x8D\x01\x98\x2F\xC6\x3A\xD1" - "\x68\xFF\x73\x0A\xA1\x15\xAC\x43" - "\xDA\x4E\xE5\x7C\x13\x87\x1E\xB5" - "\x29\xC0\x57\xEE\x62\xF9\x90\x04" - "\x9B\x32\xC9\x3D\xD4\x6B\x02\x76" - "\x0D\xA4\x18\xAF\x46\xDD\x51\xE8" - "\x7F\x16\x8A\x21\xB8\x2C\xC3\x5A" - "\xF1\x65\xFC\x93\x07\x9E\x35\xCC" - "\x40\xD7\x6E\x05\x79\x10\xA7\x1B" - "\xB2\x49\xE0\x54\xEB\x82\x19\x8D" - "\x24\xBB\x2F\xC6\x5D\xF4\x68\xFF" - "\x96\x0A\xA1\x38\xCF\x43\xDA\x71" - "\x08\x7C\x13\xAA\x1E\xB5\x4C\xE3" - "\x57\xEE\x85\x1C\x90\x27\xBE\x32" - "\xC9\x60\xF7\x6B\x02\x99\x0D\xA4" - "\x3B\xD2\x46\xDD\x74\x0B\x7F\x16" - "\xAD\x21\xB8\x4F\xE6\x5A\xF1\x88" - "\x1F\x93\x2A\xC1\x35\xCC\x63\xFA" - "\x6E\x05\x9C\x10\xA7\x3E\xD5\x49" - "\xE0\x77\x0E\x82\x19\xB0\x24\xBB" - "\x52\xE9\x5D\xF4\x8B\x22\x96\x2D" - "\xC4\x38\xCF\x66\xFD\x71\x08\x9F" - "\x13\xAA\x41\xD8\x4C\xE3\x7A\x11" - "\x85\x1C\xB3\x27\xBE\x55\xEC\x60" - "\xF7\x8E\x02\x99\x30\xC7\x3B\xD2" - "\x69\x00\x74\x0B\xA2\x16\xAD\x44" - "\xDB\x4F\xE6\x7D\x14\x88\x1F\xB6" - "\x2A\xC1\x58\xEF\x63\xFA\x91\x05" - "\x9C\x33\xCA\x3E\xD5\x6C\x03\x77" - "\x0E\xA5\x19\xB0\x47\xDE\x52\xE9" - "\x80\x17\x8B\x22\xB9\x2D\xC4\x5B" - "\xF2\x66\xFD\x94\x08\x9F\x36\xCD" - "\x41\xD8\x6F\x06\x7A\x11\xA8\x1C" - "\xB3\x4A\xE1\x55\xEC\x83\x1A\x8E" - "\x25\xBC\x30\xC7\x5E\xF5\x69\x00" - "\x97\x0B\xA2\x39\xD0\x44\xDB\x72" - "\x09\x7D\x14\xAB\x1F\xB6\x4D\xE4" - "\x58\xEF\x86\x1D\x91\x28\xBF\x33" - "\xCA\x61\xF8\x6C\x03\x9A\x0E\xA5" - "\x3C\xD3\x47\xDE\x75\x0C\x80\x17" - "\xAE\x22\xB9\x50\xE7\x5B\xF2\x89" - "\x20\x94\x2B\xC2\x36\xCD\x64\xFB" - "\x6F\x06\x9D\x11\xA8\x3F\xD6\x4A" - "\xE1\x78\x0F\x83\x1A\xB1\x25\xBC" - "\x53\xEA\x5E\xF5\x8C\x00\x97\x2E" - "\xC5\x39\xD0\x67\xFE\x72\x09\xA0" - "\x14\xAB\x42\xD9\x4D\xE4\x7B\x12" - "\x86\x1D\xB4\x28\xBF\x56\xED\x61" - "\xF8\x8F\x03\x9A\x31\xC8\x3C\xD3" - "\x6A\x01\x75\x0C\xA3\x17\xAE\x45" - "\xDC\x50\xE7\x7E\x15\x89\x20\xB7" - "\x2B\xC2\x59\xF0\x64\xFB\x92\x06" - "\x9D\x34\xCB\x3F\xD6\x6D\x04\x78" - "\x0F\xA6\x1A\xB1\x48\xDF\x53\xEA" - "\x81\x18\x8C\x23\xBA\x2E\xC5\x5C" - "\xF3\x67\xFE\x95\x09\xA0\x37\xCE" - "\x42\xD9\x70\x07\x7B\x12\xA9\x1D" - "\xB4\x4B\xE2\x56\xED\x84\x1B\x8F" - "\x26\xBD\x31\xC8\x5F\xF6\x6A\x01" - "\x98\x0C\xA3\x3A\xD1\x45\xDC\x73" - "\x0A\x7E\x15\xAC\x20\xB7\x4E\xE5" - "\x59\xF0\x87\x1E\x92\x29\xC0\x34" - "\xCB\x62\xF9\x6D\x04\x9B\x0F\xA6" - "\x3D\xD4\x48\xDF\x76\x0D\x81\x18" - "\xAF\x23\xBA\x51\xE8\x5C\xF3\x8A" - "\x21\x95\x2C\xC3\x37\xCE\x65\xFC" - "\x70\x07\x9E\x12\xA9\x40\xD7\x4B" - "\xE2\x79\x10\x84\x1B\xB2\x26\xBD" - "\x54\xEB\x5F\xF6\x8D\x01\x98\x2F" - "\xC6\x3A\xD1\x68\xFF\x73\x0A\xA1" - "\x15\xAC\x43\xDA\x4E\xE5\x7C\x13" - "\x87\x1E\xB5\x29\xC0\x57\xEE\x62" - "\xF9\x90\x04\x9B\x32\xC9\x3D\xD4" - "\x6B\x02\x76\x0D\xA4\x18\xAF\x46" - "\xDD\x51\xE8\x7F\x16\x8A\x21\xB8" - "\x2C\xC3\x5A\xF1\x65\xFC\x93\x07" - "\x9E\x35\xCC\x40\xD7\x6E\x05\x79" - "\x10\xA7\x1B\xB2\x49\xE0\x54\xEB" - "\x82\x19\x8D\x24\xBB\x2F\xC6\x5D" - "\xF4\x68\xFF\x96\x0A\xA1\x38\xCF" - "\x43\xDA\x71\x08\x7C\x13\xAA\x1E" - "\xB5\x4C\xE3\x57\xEE\x85\x1C\x90" - "\x27\xBE\x32\xC9\x60\xF7\x6B\x02" - "\x99\x0D\xA4\x3B\xD2\x46\xDD\x74" - "\x0B\x7F\x16\xAD\x21\xB8\x4F\xE6" - "\x5A\xF1\x88\x1F\x93\x2A\xC1\x35" - "\xCC\x63\xFA\x6E\x05\x9C\x10\xA7" - "\x3E\xD5\x49\xE0\x77\x0E\x82\x19" - "\xB0\x24\xBB\x52\xE9\x5D\xF4\x8B" - "\x22\x96\x2D\xC4\x38\xCF\x66\xFD" - "\x71\x08\x9F\x13\xAA\x41\xD8\x4C" - "\xE3\x7A\x11\x85\x1C\xB3\x27\xBE" - "\x55\xEC\x60\xF7\x8E\x02\x99\x30" - "\xC7\x3B\xD2\x69\x00\x74\x0B\xA2" - "\x16\xAD\x44\xDB\x4F\xE6\x7D\x14" - "\x88\x1F\xB6\x2A\xC1\x58\xEF\x63" - "\xFA\x91\x05\x9C\x33\xCA\x3E\xD5" - "\x6C\x03\x77\x0E\xA5\x19\xB0\x47" - "\xDE\x52\xE9\x80\x17\x8B\x22\xB9" - "\x2D\xC4\x5B\xF2\x66\xFD\x94\x08" - "\x9F\x36\xCD\x41\xD8\x6F\x06\x7A" - "\x11\xA8\x1C\xB3\x4A\xE1\x55\xEC" - "\x83\x1A\x8E\x25\xBC\x30\xC7\x5E" - "\xF5\x69\x00\x97\x0B\xA2\x39\xD0" - "\x44\xDB\x72\x09\x7D\x14\xAB\x1F" - "\xB6\x4D\xE4\x58\xEF\x86\x1D\x91" - "\x28\xBF\x33\xCA\x61\xF8\x6C\x03" - "\x9A\x0E\xA5\x3C\xD3\x47\xDE\x75" - "\x0C\x80\x17\xAE\x22\xB9\x50\xE7" - "\x5B\xF2\x89\x20\x94\x2B\xC2\x36" - "\xCD\x64\xFB\x6F\x06\x9D\x11\xA8" - "\x3F\xD6\x4A\xE1\x78\x0F\x83\x1A" - "\xB1\x25\xBC\x53\xEA\x5E\xF5\x8C" - "\x00\x97\x2E\xC5\x39\xD0\x67\xFE" - "\x72\x09\xA0\x14\xAB\x42\xD9\x4D", - .rlen = 1008, - }, -}; - -static const struct cipher_testvec camellia_lrw_enc_tv_template[] = { +static const struct cipher_testvec camellia_lrw_tv_template[] = { /* Generated from AES-LRW test vectors */ { .key = "\x45\x62\xac\x25\xf8\x28\x17\x6d" @@ -32601,12 +29069,11 @@ static const struct cipher_testvec camellia_lrw_enc_tv_template[] = { .klen = 32, .iv = "\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x01", - .input = "\x30\x31\x32\x33\x34\x35\x36\x37" + .ptext = "\x30\x31\x32\x33\x34\x35\x36\x37" "\x38\x39\x41\x42\x43\x44\x45\x46", - .ilen = 16, - .result = "\x92\x68\x19\xd7\xb7\x5b\x0a\x31" + .ctext = "\x92\x68\x19\xd7\xb7\x5b\x0a\x31" "\x97\xcc\x72\xbe\x99\x17\xeb\x3e", - .rlen = 16, + .len = 16, }, { .key = "\x59\x70\x47\x14\xf5\x57\x47\x8c" "\xd7\x79\xe8\x0f\x54\x88\x79\x44" @@ -32615,12 +29082,11 @@ static const struct cipher_testvec camellia_lrw_enc_tv_template[] = { .klen = 32, .iv = "\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x02", - .input = "\x30\x31\x32\x33\x34\x35\x36\x37" + .ptext = "\x30\x31\x32\x33\x34\x35\x36\x37" "\x38\x39\x41\x42\x43\x44\x45\x46", - .ilen = 16, - .result = "\x73\x09\xb7\x50\xb6\x77\x30\x50" + .ctext = "\x73\x09\xb7\x50\xb6\x77\x30\x50" "\x5c\x8a\x9c\x26\x77\x9d\xfc\x4a", - .rlen = 16, + .len = 16, }, { .key = "\xd8\x2a\x91\x34\xb2\x6a\x56\x50" "\x30\xfe\x69\xe2\x37\x7f\x98\x47" @@ -32629,12 +29095,11 @@ static const struct cipher_testvec camellia_lrw_enc_tv_template[] = { .klen = 32, .iv = "\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x02\x00\x00\x00\x00", - .input = "\x30\x31\x32\x33\x34\x35\x36\x37" + .ptext = "\x30\x31\x32\x33\x34\x35\x36\x37" "\x38\x39\x41\x42\x43\x44\x45\x46", - .ilen = 16, - .result = "\x90\xae\x83\xe0\x22\xb9\x60\x91" + .ctext = "\x90\xae\x83\xe0\x22\xb9\x60\x91" "\xfa\xa9\xb7\x98\xe3\xed\x87\x01", - .rlen = 16, + .len = 16, }, { .key = "\x0f\x6a\xef\xf8\xd3\xd2\xbb\x15" "\x25\x83\xf7\x3c\x1f\x01\x28\x74" @@ -32644,12 +29109,11 @@ static const struct cipher_testvec camellia_lrw_enc_tv_template[] = { .klen = 40, .iv = "\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x01", - .input = "\x30\x31\x32\x33\x34\x35\x36\x37" + .ptext = "\x30\x31\x32\x33\x34\x35\x36\x37" "\x38\x39\x41\x42\x43\x44\x45\x46", - .ilen = 16, - .result = "\x99\xe9\x6e\xd4\xc9\x21\xa5\xf0" + .ctext = "\x99\xe9\x6e\xd4\xc9\x21\xa5\xf0" "\xd8\x83\xef\xd9\x07\x16\x5f\x35", - .rlen = 16, + .len = 16, }, { .key = "\x8a\xd4\xee\x10\x2f\xbd\x81\xff" "\xf8\x86\xce\xac\x93\xc5\xad\xc6" @@ -32659,12 +29123,11 @@ static const struct cipher_testvec camellia_lrw_enc_tv_template[] = { .klen = 40, .iv = "\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x02\x00\x00\x00\x00", - .input = "\x30\x31\x32\x33\x34\x35\x36\x37" + .ptext = "\x30\x31\x32\x33\x34\x35\x36\x37" "\x38\x39\x41\x42\x43\x44\x45\x46", - .ilen = 16, - .result = "\x42\x88\xf4\xcb\x21\x11\x6d\x8e" + .ctext = "\x42\x88\xf4\xcb\x21\x11\x6d\x8e" "\xde\x1a\xf2\x29\xf1\x4a\xe0\x15", - .rlen = 16, + .len = 16, }, { .key = "\xf8\xd4\x76\xff\xd6\x46\xee\x6c" "\x23\x84\xcb\x1c\x77\xd6\x19\x5d" @@ -32675,12 +29138,11 @@ static const struct cipher_testvec camellia_lrw_enc_tv_template[] = { .klen = 48, .iv = "\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x01", - .input = "\x30\x31\x32\x33\x34\x35\x36\x37" + .ptext = "\x30\x31\x32\x33\x34\x35\x36\x37" "\x38\x39\x41\x42\x43\x44\x45\x46", - .ilen = 16, - .result = "\x40\xaa\x34\x86\x4a\x8f\x78\xb9" + .ctext = "\x40\xaa\x34\x86\x4a\x8f\x78\xb9" "\xdb\xdb\x0f\x3d\x48\x70\xbe\x8d", - .rlen = 16, + .len = 16, }, { .key = "\xfb\x76\x15\xb2\x3d\x80\x89\x1d" "\xd4\x70\x98\x0b\xc7\x95\x84\xc8" @@ -32691,12 +29153,11 @@ static const struct cipher_testvec camellia_lrw_enc_tv_template[] = { .klen = 48, .iv = "\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x02\x00\x00\x00\x00", - .input = "\x30\x31\x32\x33\x34\x35\x36\x37" + .ptext = "\x30\x31\x32\x33\x34\x35\x36\x37" "\x38\x39\x41\x42\x43\x44\x45\x46", - .ilen = 16, - .result = "\x04\xab\x28\x37\x31\x7a\x26\xab" + .ctext = "\x04\xab\x28\x37\x31\x7a\x26\xab" "\xa1\x70\x1b\x9c\xe7\xdd\x83\xff", - .rlen = 16, + .len = 16, }, { .key = "\xf8\xd4\x76\xff\xd6\x46\xee\x6c" "\x23\x84\xcb\x1c\x77\xd6\x19\x5d" @@ -32707,7 +29168,7 @@ static const struct cipher_testvec camellia_lrw_enc_tv_template[] = { .klen = 48, .iv = "\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x01", - .input = "\x05\x11\xb7\x18\xab\xc6\x2d\xac" + .ptext = "\x05\x11\xb7\x18\xab\xc6\x2d\xac" "\x70\x5d\xf6\x22\x94\xcd\xe5\x6c" "\x17\x6b\xf6\x1c\xf0\xf3\x6e\xf8" "\x50\x38\x1f\x71\x49\xb6\x57\xd6" @@ -32771,8 +29232,7 @@ static const struct cipher_testvec camellia_lrw_enc_tv_template[] = { "\xa4\xc7\xa8\xb4\xf6\x13\x03\xf6" "\xe9\x2e\xc4\x29\x0f\x84\xdb\xc4" "\x21\xc4\xc2\x75\x67\x89\x37\x0a", - .ilen = 512, - .result = "\x90\x69\x8e\xf2\x14\x86\x59\xf9" + .ctext = "\x90\x69\x8e\xf2\x14\x86\x59\xf9" "\xec\xe7\xfa\x3f\x48\x9d\x7f\x96" "\x67\x76\xac\x2c\xd2\x63\x18\x93" "\x13\xf8\xf1\xf6\x71\x77\xb3\xee" @@ -32836,267 +29296,14 @@ static const struct cipher_testvec camellia_lrw_enc_tv_template[] = { "\x93\x6c\x01\xf7\xcc\x4e\x20\xd1" "\xb2\x1a\xd8\x4c\xbd\x1d\x10\xe9" "\x5a\xa8\x92\x7f\xba\xe6\x0c\x95", - .rlen = 512, + .len = 512, .also_non_np = 1, .np = 3, .tap = { 512 - 20, 4, 16 }, }, }; -static const struct cipher_testvec camellia_lrw_dec_tv_template[] = { - /* Generated from AES-LRW test vectors */ - /* same as enc vectors with input and result reversed */ - { - .key = "\x45\x62\xac\x25\xf8\x28\x17\x6d" - "\x4c\x26\x84\x14\xb5\x68\x01\x85" - "\x25\x8e\x2a\x05\xe7\x3e\x9d\x03" - "\xee\x5a\x83\x0c\xcc\x09\x4c\x87", - .klen = 32, - .iv = "\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x01", - .input = "\x92\x68\x19\xd7\xb7\x5b\x0a\x31" - "\x97\xcc\x72\xbe\x99\x17\xeb\x3e", - .ilen = 16, - .result = "\x30\x31\x32\x33\x34\x35\x36\x37" - "\x38\x39\x41\x42\x43\x44\x45\x46", - .rlen = 16, - }, { - .key = "\x59\x70\x47\x14\xf5\x57\x47\x8c" - "\xd7\x79\xe8\x0f\x54\x88\x79\x44" - "\x0d\x48\xf0\xb7\xb1\x5a\x53\xea" - "\x1c\xaa\x6b\x29\xc2\xca\xfb\xaf", - .klen = 32, - .iv = "\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x02", - .input = "\x73\x09\xb7\x50\xb6\x77\x30\x50" - "\x5c\x8a\x9c\x26\x77\x9d\xfc\x4a", - .ilen = 16, - .result = "\x30\x31\x32\x33\x34\x35\x36\x37" - "\x38\x39\x41\x42\x43\x44\x45\x46", - .rlen = 16, - }, { - .key = "\xd8\x2a\x91\x34\xb2\x6a\x56\x50" - "\x30\xfe\x69\xe2\x37\x7f\x98\x47" - "\xcd\xf9\x0b\x16\x0c\x64\x8f\xb6" - "\xb0\x0d\x0d\x1b\xae\x85\x87\x1f", - .klen = 32, - .iv = "\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x02\x00\x00\x00\x00", - .input = "\x90\xae\x83\xe0\x22\xb9\x60\x91" - "\xfa\xa9\xb7\x98\xe3\xed\x87\x01", - .ilen = 16, - .result = "\x30\x31\x32\x33\x34\x35\x36\x37" - "\x38\x39\x41\x42\x43\x44\x45\x46", - .rlen = 16, - }, { - .key = "\x0f\x6a\xef\xf8\xd3\xd2\xbb\x15" - "\x25\x83\xf7\x3c\x1f\x01\x28\x74" - "\xca\xc6\xbc\x35\x4d\x4a\x65\x54" - "\x90\xae\x61\xcf\x7b\xae\xbd\xcc" - "\xad\xe4\x94\xc5\x4a\x29\xae\x70", - .klen = 40, - .iv = "\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x01", - .input = "\x99\xe9\x6e\xd4\xc9\x21\xa5\xf0" - "\xd8\x83\xef\xd9\x07\x16\x5f\x35", - .ilen = 16, - .result = "\x30\x31\x32\x33\x34\x35\x36\x37" - "\x38\x39\x41\x42\x43\x44\x45\x46", - .rlen = 16, - }, { - .key = "\x8a\xd4\xee\x10\x2f\xbd\x81\xff" - "\xf8\x86\xce\xac\x93\xc5\xad\xc6" - "\xa0\x19\x07\xc0\x9d\xf7\xbb\xdd" - "\x52\x13\xb2\xb7\xf0\xff\x11\xd8" - "\xd6\x08\xd0\xcd\x2e\xb1\x17\x6f", - .klen = 40, - .iv = "\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x02\x00\x00\x00\x00", - .input = "\x42\x88\xf4\xcb\x21\x11\x6d\x8e" - "\xde\x1a\xf2\x29\xf1\x4a\xe0\x15", - .ilen = 16, - .result = "\x30\x31\x32\x33\x34\x35\x36\x37" - "\x38\x39\x41\x42\x43\x44\x45\x46", - .rlen = 16, - }, { - .key = "\xf8\xd4\x76\xff\xd6\x46\xee\x6c" - "\x23\x84\xcb\x1c\x77\xd6\x19\x5d" - "\xfe\xf1\xa9\xf3\x7b\xbc\x8d\x21" - "\xa7\x9c\x21\xf8\xcb\x90\x02\x89" - "\xa8\x45\x34\x8e\xc8\xc5\xb5\xf1" - "\x26\xf5\x0e\x76\xfe\xfd\x1b\x1e", - .klen = 48, - .iv = "\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x01", - .input = "\x40\xaa\x34\x86\x4a\x8f\x78\xb9" - "\xdb\xdb\x0f\x3d\x48\x70\xbe\x8d", - .ilen = 16, - .result = "\x30\x31\x32\x33\x34\x35\x36\x37" - "\x38\x39\x41\x42\x43\x44\x45\x46", - .rlen = 16, - }, { - .key = "\xfb\x76\x15\xb2\x3d\x80\x89\x1d" - "\xd4\x70\x98\x0b\xc7\x95\x84\xc8" - "\xb2\xfb\x64\xce\x60\x97\x87\x8d" - "\x17\xfc\xe4\x5a\x49\xe8\x30\xb7" - "\x6e\x78\x17\xe7\x2d\x5e\x12\xd4" - "\x60\x64\x04\x7a\xf1\x2f\x9e\x0c", - .klen = 48, - .iv = "\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x02\x00\x00\x00\x00", - .input = "\x04\xab\x28\x37\x31\x7a\x26\xab" - "\xa1\x70\x1b\x9c\xe7\xdd\x83\xff", - .ilen = 16, - .result = "\x30\x31\x32\x33\x34\x35\x36\x37" - "\x38\x39\x41\x42\x43\x44\x45\x46", - .rlen = 16, - }, { - .key = "\xf8\xd4\x76\xff\xd6\x46\xee\x6c" - "\x23\x84\xcb\x1c\x77\xd6\x19\x5d" - "\xfe\xf1\xa9\xf3\x7b\xbc\x8d\x21" - "\xa7\x9c\x21\xf8\xcb\x90\x02\x89" - "\xa8\x45\x34\x8e\xc8\xc5\xb5\xf1" - "\x26\xf5\x0e\x76\xfe\xfd\x1b\x1e", - .klen = 48, - .iv = "\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x01", - .input = "\x90\x69\x8e\xf2\x14\x86\x59\xf9" - "\xec\xe7\xfa\x3f\x48\x9d\x7f\x96" - "\x67\x76\xac\x2c\xd2\x63\x18\x93" - "\x13\xf8\xf1\xf6\x71\x77\xb3\xee" - "\x93\xb2\xcc\xf3\x26\xc1\x16\x4f" - "\xd4\xe8\x43\xc1\x68\xa3\x3e\x06" - "\x38\x51\xff\xa8\xb9\xa4\xeb\xb1" - "\x62\xdd\x78\x81\xea\x1d\xef\x04" - "\x1d\x07\xc1\x67\xc8\xd6\x77\xa1" - "\x84\x95\xf4\x9a\xd9\xbc\x2d\xe2" - "\xf6\x80\xfc\x91\x2a\xbc\x42\xa0" - "\x40\x41\x69\xaa\x71\xc0\x37\xec" - "\x39\xf3\xf2\xec\x82\xc3\x88\x79" - "\xbc\xc3\xaa\xb7\xcf\x6a\x72\x80" - "\x4c\xf4\x84\x8f\x13\x9e\x94\x5c" - "\xe5\xb2\x91\xbb\x92\x51\x4d\xf1" - "\xd6\x0d\x71\x6b\x7a\xc2\x2f\x12" - "\x6f\x75\xc7\x80\x99\x50\x84\xcf" - "\xa8\xeb\xd6\xe1\x1c\x59\x81\x7e" - "\xb9\xb3\xde\x7a\x93\x14\x12\xa2" - "\xf7\x43\xb3\x9d\x1a\x87\x65\x91" - "\x42\x08\x40\x82\x06\x1c\x2d\x55" - "\x6e\x48\xd5\x74\x07\x6e\x9d\x80" - "\xeb\xb4\x97\xa1\x36\xdf\xfa\x74" - "\x79\x7f\x5a\x75\xe7\x71\xc8\x8c" - "\x7e\xf8\x3a\x77\xcd\x32\x05\xf9" - "\x3d\xd4\xe9\xa2\xbb\xc4\x8b\x83" - "\x42\x5c\x82\xfa\xe9\x4b\x96\x3b" - "\x7f\x89\x8b\xf9\xf1\x87\xda\xf0" - "\x87\xef\x13\x5d\xf0\xe2\xc5\xc1" - "\xed\x14\xa9\x57\x19\x63\x40\x04" - "\x24\xeb\x6e\x19\xd1\x3d\x70\x78" - "\xeb\xda\x55\x70\x2c\x4f\x41\x5b" - "\x56\x9f\x1a\xd3\xac\xf1\xc0\xc3" - "\x21\xec\xd7\xd2\x55\x32\x7c\x2e" - "\x3c\x48\x8e\xb4\x85\x35\x47\xfe" - "\xe2\x88\x79\x98\x6a\xc9\x8d\xff" - "\xe9\x89\x6e\xb8\xe2\x97\x00\xbd" - "\xa4\x8f\xba\xd0\x8c\xcb\x79\x99" - "\xb3\xb2\xb2\x7a\xc3\xb7\xef\x75" - "\x23\x52\x76\xc3\x50\x6e\x66\xf8" - "\xa2\xe2\xce\xba\x40\x21\x3f\xc9" - "\x0a\x32\x7f\xf7\x08\x8c\x66\xcf" - "\xd3\xdf\x57\x59\x83\xb8\xe1\x85" - "\xd6\x8f\xfb\x48\x1f\x3a\xc4\x2f" - "\xb4\x2d\x58\xab\xd8\x7f\x5e\x3a" - "\xbc\x62\x3e\xe2\x6a\x52\x0d\x76" - "\x2f\x1c\x1a\x30\xed\x95\x2a\x44" - "\x35\xa5\x83\x04\x84\x01\x99\x56" - "\xb7\xe3\x10\x96\xfa\xdc\x19\xdd" - "\xe2\x7f\xcb\xa0\x49\x1b\xff\x4c" - "\x73\xf6\xbb\x94\x00\xe8\xa9\x3d" - "\xe2\x20\xe9\x3f\xfa\x07\x5d\x77" - "\x06\xd5\x4f\x4d\x02\xb8\x40\x1b" - "\x30\xed\x1a\x50\x19\xef\xc4\x2c" - "\x02\xd9\xc5\xd3\x11\x33\x37\xe5" - "\x2b\xa3\x95\xa6\xee\xd8\x74\x1d" - "\x68\xa0\xeb\xbf\xdd\x5e\x99\x96" - "\x91\xc3\x94\x24\xa5\x12\xa2\x37" - "\xb3\xac\xcf\x2a\xfd\x55\x34\xfe" - "\x79\x92\x3e\xe6\x1b\x49\x57\x5d" - "\x93\x6c\x01\xf7\xcc\x4e\x20\xd1" - "\xb2\x1a\xd8\x4c\xbd\x1d\x10\xe9" - "\x5a\xa8\x92\x7f\xba\xe6\x0c\x95", - .ilen = 512, - .result = "\x05\x11\xb7\x18\xab\xc6\x2d\xac" - "\x70\x5d\xf6\x22\x94\xcd\xe5\x6c" - "\x17\x6b\xf6\x1c\xf0\xf3\x6e\xf8" - "\x50\x38\x1f\x71\x49\xb6\x57\xd6" - "\x8f\xcb\x8d\x6b\xe3\xa6\x29\x90" - "\xfe\x2a\x62\x82\xae\x6d\x8b\xf6" - "\xad\x1e\x9e\x20\x5f\x38\xbe\x04" - "\xda\x10\x8e\xed\xa2\xa4\x87\xab" - "\xda\x6b\xb4\x0c\x75\xba\xd3\x7c" - "\xc9\xac\x42\x31\x95\x7c\xc9\x04" - "\xeb\xd5\x6e\x32\x69\x8a\xdb\xa6" - "\x15\xd7\x3f\x4f\x2f\x66\x69\x03" - "\x9c\x1f\x54\x0f\xde\x1f\xf3\x65" - "\x4c\x96\x12\xed\x7c\x92\x03\x01" - "\x6f\xbc\x35\x93\xac\xf1\x27\xf1" - "\xb4\x96\x82\x5a\x5f\xb0\xa0\x50" - "\x89\xa4\x8e\x66\x44\x85\xcc\xfd" - "\x33\x14\x70\xe3\x96\xb2\xc3\xd3" - "\xbb\x54\x5a\x1a\xf9\x74\xa2\xc5" - "\x2d\x64\x75\xdd\xb4\x54\xe6\x74" - "\x8c\xd3\x9d\x9e\x86\xab\x51\x53" - "\xb7\x93\x3e\x6f\xd0\x4e\x2c\x40" - "\xf6\xa8\x2e\x3e\x9d\xf4\x66\xa5" - "\x76\x12\x73\x44\x1a\x56\xd7\x72" - "\x88\xcd\x21\x8c\x4c\x0f\xfe\xda" - "\x95\xe0\x3a\xa6\xa5\x84\x46\xcd" - "\xd5\x3e\x9d\x3a\xe2\x67\xe6\x60" - "\x1a\xe2\x70\x85\x58\xc2\x1b\x09" - "\xe1\xd7\x2c\xca\xad\xa8\x8f\xf9" - "\xac\xb3\x0e\xdb\xca\x2e\xe2\xb8" - "\x51\x71\xd9\x3c\x6c\xf1\x56\xf8" - "\xea\x9c\xf1\xfb\x0c\xe6\xb7\x10" - "\x1c\xf8\xa9\x7c\xe8\x53\x35\xc1" - "\x90\x3e\x76\x4a\x74\xa4\x21\x2c" - "\xf6\x2c\x4e\x0f\x94\x3a\x88\x2e" - "\x41\x09\x6a\x33\x7d\xf6\xdd\x3f" - "\x8d\x23\x31\x74\x84\xeb\x88\x6e" - "\xcc\xb9\xbc\x22\x83\x19\x07\x22" - "\xa5\x2d\xdf\xa5\xf3\x80\x85\x78" - "\x84\x39\x6a\x6d\x6a\x99\x4f\xa5" - "\x15\xfe\x46\xb0\xe4\x6c\xa5\x41" - "\x3c\xce\x8f\x42\x60\x71\xa7\x75" - "\x08\x40\x65\x8a\x82\xbf\xf5\x43" - "\x71\x96\xa9\x4d\x44\x8a\x20\xbe" - "\xfa\x4d\xbb\xc0\x7d\x31\x96\x65" - "\xe7\x75\xe5\x3e\xfd\x92\x3b\xc9" - "\x55\xbb\x16\x7e\xf7\xc2\x8c\xa4" - "\x40\x1d\xe5\xef\x0e\xdf\xe4\x9a" - "\x62\x73\x65\xfd\x46\x63\x25\x3d" - "\x2b\xaf\xe5\x64\xfe\xa5\x5c\xcf" - "\x24\xf3\xb4\xac\x64\xba\xdf\x4b" - "\xc6\x96\x7d\x81\x2d\x8d\x97\xf7" - "\xc5\x68\x77\x84\x32\x2b\xcc\x85" - "\x74\x96\xf0\x12\x77\x61\xb9\xeb" - "\x71\xaa\x82\xcb\x1c\xdb\x89\xc8" - "\xc6\xb5\xe3\x5c\x7d\x39\x07\x24" - "\xda\x39\x87\x45\xc0\x2b\xbb\x01" - "\xac\xbc\x2a\x5c\x7f\xfc\xe8\xce" - "\x6d\x9c\x6f\xed\xd3\xc1\xa1\xd6" - "\xc5\x55\xa9\x66\x2f\xe1\xc8\x32" - "\xa6\x5d\xa4\x3a\x98\x73\xe8\x45" - "\xa4\xc7\xa8\xb4\xf6\x13\x03\xf6" - "\xe9\x2e\xc4\x29\x0f\x84\xdb\xc4" - "\x21\xc4\xc2\x75\x67\x89\x37\x0a", - .rlen = 512, - .also_non_np = 1, - .np = 3, - .tap = { 512 - 20, 4, 16 }, - }, -}; - -static const struct cipher_testvec camellia_xts_enc_tv_template[] = { +static const struct cipher_testvec camellia_xts_tv_template[] = { /* Generated from AES-XTS test vectors */ { .key = "\x00\x00\x00\x00\x00\x00\x00\x00" @@ -33106,16 +29313,15 @@ static const struct cipher_testvec camellia_xts_enc_tv_template[] = { .klen = 32, .iv = "\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00", - .input = "\x00\x00\x00\x00\x00\x00\x00\x00" + .ptext = "\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00", - .ilen = 32, - .result = "\x06\xcb\xa5\xf1\x04\x63\xb2\x41" + .ctext = "\x06\xcb\xa5\xf1\x04\x63\xb2\x41" "\xdc\xca\xfa\x09\xba\x74\xb9\x05" "\x78\xba\xa4\xf8\x67\x4d\x7e\xad" "\x20\x18\xf5\x0c\x41\x16\x2a\x61", - .rlen = 32, + .len = 32, }, { .key = "\x11\x11\x11\x11\x11\x11\x11\x11" "\x11\x11\x11\x11\x11\x11\x11\x11" @@ -33124,16 +29330,15 @@ static const struct cipher_testvec camellia_xts_enc_tv_template[] = { .klen = 32, .iv = "\x33\x33\x33\x33\x33\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00", - .input = "\x44\x44\x44\x44\x44\x44\x44\x44" + .ptext = "\x44\x44\x44\x44\x44\x44\x44\x44" "\x44\x44\x44\x44\x44\x44\x44\x44" "\x44\x44\x44\x44\x44\x44\x44\x44" "\x44\x44\x44\x44\x44\x44\x44\x44", - .ilen = 32, - .result = "\xc2\xb9\xdc\x44\x1d\xdf\xf2\x86" + .ctext = "\xc2\xb9\xdc\x44\x1d\xdf\xf2\x86" "\x8d\x35\x42\x0a\xa5\x5e\x3d\x4f" "\xb5\x37\x06\xff\xbd\xd4\x91\x70" "\x80\x1f\xb2\x39\x10\x89\x44\xf5", - .rlen = 32, + .len = 32, }, { .key = "\xff\xfe\xfd\xfc\xfb\xfa\xf9\xf8" "\xf7\xf6\xf5\xf4\xf3\xf2\xf1\xf0" @@ -33142,16 +29347,15 @@ static const struct cipher_testvec camellia_xts_enc_tv_template[] = { .klen = 32, .iv = "\x33\x33\x33\x33\x33\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00", - .input = "\x44\x44\x44\x44\x44\x44\x44\x44" + .ptext = "\x44\x44\x44\x44\x44\x44\x44\x44" "\x44\x44\x44\x44\x44\x44\x44\x44" "\x44\x44\x44\x44\x44\x44\x44\x44" "\x44\x44\x44\x44\x44\x44\x44\x44", - .ilen = 32, - .result = "\x52\x1f\x9d\xf5\x5a\x58\x5a\x7e" + .ctext = "\x52\x1f\x9d\xf5\x5a\x58\x5a\x7e" "\x9f\xd0\x8e\x02\x9c\x9a\x6a\xa7" "\xb4\x3b\xce\xe7\x17\xaa\x89\x6a" "\x35\x3c\x6b\xb5\x61\x1c\x79\x38", - .rlen = 32, + .len = 32, }, { .key = "\x27\x18\x28\x18\x28\x45\x90\x45" "\x23\x53\x60\x28\x74\x71\x35\x26" @@ -33160,7 +29364,7 @@ static const struct cipher_testvec camellia_xts_enc_tv_template[] = { .klen = 32, .iv = "\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00", - .input = "\x00\x01\x02\x03\x04\x05\x06\x07" + .ptext = "\x00\x01\x02\x03\x04\x05\x06\x07" "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f" "\x10\x11\x12\x13\x14\x15\x16\x17" "\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f" @@ -33224,8 +29428,7 @@ static const struct cipher_testvec camellia_xts_enc_tv_template[] = { "\xe8\xe9\xea\xeb\xec\xed\xee\xef" "\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7" "\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff", - .ilen = 512, - .result = "\xc7\xf9\x0a\xaa\xcb\xb5\x8f\x33" + .ctext = "\xc7\xf9\x0a\xaa\xcb\xb5\x8f\x33" "\x60\xc3\xe9\x47\x90\xb7\x50\x57" "\xa3\xad\x81\x2f\xf5\x22\x96\x02" "\xaa\x7f\xea\xac\x29\x78\xca\x2a" @@ -33289,7 +29492,7 @@ static const struct cipher_testvec camellia_xts_enc_tv_template[] = { "\xcc\x06\xdb\xe7\x82\x29\x63\xd1" "\x52\x84\x4f\xee\x27\xe8\x02\xd4" "\x34\x3c\x69\xc2\xbd\x20\xe6\x7a", - .rlen = 512, + .len = 512, }, { .key = "\x27\x18\x28\x18\x28\x45\x90\x45" "\x23\x53\x60\x28\x74\x71\x35\x26" @@ -33302,7 +29505,7 @@ static const struct cipher_testvec camellia_xts_enc_tv_template[] = { .klen = 64, .iv = "\xff\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00", - .input = "\x00\x01\x02\x03\x04\x05\x06\x07" + .ptext = "\x00\x01\x02\x03\x04\x05\x06\x07" "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f" "\x10\x11\x12\x13\x14\x15\x16\x17" "\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f" @@ -33366,8 +29569,7 @@ static const struct cipher_testvec camellia_xts_enc_tv_template[] = { "\xe8\xe9\xea\xeb\xec\xed\xee\xef" "\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7" "\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff", - .ilen = 512, - .result = "\x49\xcd\xb8\xbf\x2f\x73\x37\x28" + .ctext = "\x49\xcd\xb8\xbf\x2f\x73\x37\x28" "\x9a\x7f\x6e\x57\x55\xb8\x07\x88" "\x4a\x0d\x8b\x55\x60\xed\xb6\x7b" "\xf1\x74\xac\x96\x05\x7b\x32\xca" @@ -33431,350 +29633,7 @@ static const struct cipher_testvec camellia_xts_enc_tv_template[] = { "\xb1\x02\x0a\x5c\x79\x19\x3b\x75" "\xb7\x16\xd8\x12\x5c\xcd\x7d\x4e" "\xd5\xc6\x99\xcc\x4e\x6c\x94\x95", - .rlen = 512, - .also_non_np = 1, - .np = 3, - .tap = { 512 - 20, 4, 16 }, - }, -}; - -static const struct cipher_testvec camellia_xts_dec_tv_template[] = { - /* Generated from AES-XTS test vectors */ - /* same as enc vectors with input and result reversed */ - { - .key = "\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00", - .klen = 32, - .iv = "\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00", - .input = "\x06\xcb\xa5\xf1\x04\x63\xb2\x41" - "\xdc\xca\xfa\x09\xba\x74\xb9\x05" - "\x78\xba\xa4\xf8\x67\x4d\x7e\xad" - "\x20\x18\xf5\x0c\x41\x16\x2a\x61", - .ilen = 32, - .result = "\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00", - .rlen = 32, - }, { - .key = "\x11\x11\x11\x11\x11\x11\x11\x11" - "\x11\x11\x11\x11\x11\x11\x11\x11" - "\x22\x22\x22\x22\x22\x22\x22\x22" - "\x22\x22\x22\x22\x22\x22\x22\x22", - .klen = 32, - .iv = "\x33\x33\x33\x33\x33\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00", - .input = "\xc2\xb9\xdc\x44\x1d\xdf\xf2\x86" - "\x8d\x35\x42\x0a\xa5\x5e\x3d\x4f" - "\xb5\x37\x06\xff\xbd\xd4\x91\x70" - "\x80\x1f\xb2\x39\x10\x89\x44\xf5", - .ilen = 32, - .result = "\x44\x44\x44\x44\x44\x44\x44\x44" - "\x44\x44\x44\x44\x44\x44\x44\x44" - "\x44\x44\x44\x44\x44\x44\x44\x44" - "\x44\x44\x44\x44\x44\x44\x44\x44", - .rlen = 32, - }, { - .key = "\xff\xfe\xfd\xfc\xfb\xfa\xf9\xf8" - "\xf7\xf6\xf5\xf4\xf3\xf2\xf1\xf0" - "\x22\x22\x22\x22\x22\x22\x22\x22" - "\x22\x22\x22\x22\x22\x22\x22\x22", - .klen = 32, - .iv = "\x33\x33\x33\x33\x33\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00", - .input = "\x52\x1f\x9d\xf5\x5a\x58\x5a\x7e" - "\x9f\xd0\x8e\x02\x9c\x9a\x6a\xa7" - "\xb4\x3b\xce\xe7\x17\xaa\x89\x6a" - "\x35\x3c\x6b\xb5\x61\x1c\x79\x38", - .ilen = 32, - .result = "\x44\x44\x44\x44\x44\x44\x44\x44" - "\x44\x44\x44\x44\x44\x44\x44\x44" - "\x44\x44\x44\x44\x44\x44\x44\x44" - "\x44\x44\x44\x44\x44\x44\x44\x44", - .rlen = 32, - }, { - .key = "\x27\x18\x28\x18\x28\x45\x90\x45" - "\x23\x53\x60\x28\x74\x71\x35\x26" - "\x31\x41\x59\x26\x53\x58\x97\x93" - "\x23\x84\x62\x64\x33\x83\x27\x95", - .klen = 32, - .iv = "\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00", - .input = "\xc7\xf9\x0a\xaa\xcb\xb5\x8f\x33" - "\x60\xc3\xe9\x47\x90\xb7\x50\x57" - "\xa3\xad\x81\x2f\xf5\x22\x96\x02" - "\xaa\x7f\xea\xac\x29\x78\xca\x2a" - "\x7c\xcd\x31\x1a\x3c\x40\x0a\x73" - "\x09\x66\xad\x72\x0e\x4d\x5d\x77" - "\xbc\xb8\x76\x80\x37\x59\xa9\x01" - "\x9e\xfb\xdb\x6c\x93\xef\xb6\x8d" - "\x1e\xc1\x94\xa8\xd4\xb5\xb0\x01" - "\xd5\x01\x97\x28\xcd\x7a\x1f\xe8" - "\x08\xda\x76\x00\x65\xcf\x7b\x31" - "\xc6\xfa\xf2\x3b\x00\xa7\x6a\x9e" - "\x6c\x43\x80\x87\xe0\xbb\x4e\xe5" - "\xdc\x8a\xdf\xc3\x1d\x1b\x41\x04" - "\xfb\x54\xdd\x29\x27\xc2\x65\x17" - "\x36\x88\xb0\x85\x8d\x73\x7e\x4b" - "\x1d\x16\x8a\x52\xbc\xa6\xbc\xa4" - "\x8c\xd1\x04\x16\xbf\x8c\x01\x0f" - "\x7e\x6b\x59\x15\x29\xd1\x9b\xd3" - "\x6c\xee\xac\xdc\x45\x58\xca\x5b" - "\x70\x0e\x6a\x12\x86\x82\x79\x9f" - "\x16\xd4\x9d\x67\xcd\x70\x65\x26" - "\x21\x72\x1e\xa1\x94\x8a\x83\x0c" - "\x92\x42\x58\x5e\xa2\xc5\x31\xf3" - "\x7b\xd1\x31\xd4\x15\x80\x31\x61" - "\x5c\x53\x10\xdd\xea\xc8\x83\x5c" - "\x7d\xa7\x05\x66\xcc\x1e\xbb\x05" - "\x47\xae\xb4\x0f\x84\xd8\xf6\xb5" - "\xa1\xc6\x52\x00\x52\xe8\xdc\xd9" - "\x16\x31\xb2\x47\x91\x67\xaa\x28" - "\x2c\x29\x85\xa3\xf7\xf2\x24\x93" - "\x23\x80\x1f\xa8\x1b\x82\x8d\xdc" - "\x9f\x0b\xcd\xb4\x3c\x20\xbc\xec" - "\x4f\xc7\xee\xf8\xfd\xd9\xfb\x7e" - "\x3f\x0d\x23\xfa\x3f\xa7\xcc\x66" - "\x1c\xfe\xa6\x86\xf6\xf7\x85\xc7" - "\x43\xc1\xd4\xfc\xe4\x79\xc9\x1d" - "\xf8\x89\xcd\x20\x27\x84\x5d\x5c" - "\x8e\x4f\x1f\xeb\x08\x21\x4f\xa3" - "\xe0\x7e\x0b\x9c\xe7\x42\xcf\xb7" - "\x3f\x43\xcc\x86\x71\x34\x6a\xd9" - "\x5e\xec\x8f\x36\xc9\x0a\x03\xfe" - "\x18\x41\xdc\x9e\x2e\x75\x20\x3e" - "\xcc\x77\xe0\x8f\xe8\x43\x37\x4c" - "\xed\x1a\x5a\xb3\xfa\x43\xc9\x71" - "\x9f\xc5\xce\xcf\xff\xe7\x77\x1e" - "\x35\x93\xde\x6b\xc0\x6a\x7e\xa9" - "\x34\xb8\x27\x74\x08\xda\xf2\x4a" - "\x23\x5b\x9f\x55\x3a\x57\x82\x52" - "\xea\x6d\xc3\xc7\xf2\xc8\xb5\xdc" - "\xc5\xb9\xbb\xaa\xf2\x29\x9f\x49" - "\x7a\xef\xfe\xdc\x9f\xc9\x28\xe2" - "\x96\x0b\x35\x84\x05\x0d\xd6\x2a" - "\xea\x5a\xbf\x69\xde\xee\x4f\x8f" - "\x84\xb9\xcf\xa7\x57\xea\xe0\xe8" - "\x96\xef\x0f\x0e\xec\xc7\xa6\x74" - "\xb1\xfe\x7a\x6d\x11\xdd\x0e\x15" - "\x4a\x1e\x73\x7f\x55\xea\xf6\xe1" - "\x5b\xb6\x71\xda\xb0\x0c\xba\x26" - "\x5c\x48\x38\x6d\x1c\x32\xb2\x7d" - "\x05\x87\xc2\x1e\x7e\x2d\xd4\x33" - "\xcc\x06\xdb\xe7\x82\x29\x63\xd1" - "\x52\x84\x4f\xee\x27\xe8\x02\xd4" - "\x34\x3c\x69\xc2\xbd\x20\xe6\x7a", - .ilen = 512, - .result = "\x00\x01\x02\x03\x04\x05\x06\x07" - "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f" - "\x10\x11\x12\x13\x14\x15\x16\x17" - "\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f" - "\x20\x21\x22\x23\x24\x25\x26\x27" - "\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f" - "\x30\x31\x32\x33\x34\x35\x36\x37" - "\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f" - "\x40\x41\x42\x43\x44\x45\x46\x47" - "\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f" - "\x50\x51\x52\x53\x54\x55\x56\x57" - "\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f" - "\x60\x61\x62\x63\x64\x65\x66\x67" - "\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f" - "\x70\x71\x72\x73\x74\x75\x76\x77" - "\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f" - "\x80\x81\x82\x83\x84\x85\x86\x87" - "\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f" - "\x90\x91\x92\x93\x94\x95\x96\x97" - "\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f" - "\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7" - "\xa8\xa9\xaa\xab\xac\xad\xae\xaf" - "\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7" - "\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf" - "\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7" - "\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf" - "\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7" - "\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf" - "\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7" - "\xe8\xe9\xea\xeb\xec\xed\xee\xef" - "\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7" - "\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff" - "\x00\x01\x02\x03\x04\x05\x06\x07" - "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f" - "\x10\x11\x12\x13\x14\x15\x16\x17" - "\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f" - "\x20\x21\x22\x23\x24\x25\x26\x27" - "\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f" - "\x30\x31\x32\x33\x34\x35\x36\x37" - "\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f" - "\x40\x41\x42\x43\x44\x45\x46\x47" - "\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f" - "\x50\x51\x52\x53\x54\x55\x56\x57" - "\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f" - "\x60\x61\x62\x63\x64\x65\x66\x67" - "\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f" - "\x70\x71\x72\x73\x74\x75\x76\x77" - "\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f" - "\x80\x81\x82\x83\x84\x85\x86\x87" - "\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f" - "\x90\x91\x92\x93\x94\x95\x96\x97" - "\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f" - "\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7" - "\xa8\xa9\xaa\xab\xac\xad\xae\xaf" - "\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7" - "\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf" - "\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7" - "\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf" - "\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7" - "\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf" - "\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7" - "\xe8\xe9\xea\xeb\xec\xed\xee\xef" - "\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7" - "\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff", - .rlen = 512, - }, { - .key = "\x27\x18\x28\x18\x28\x45\x90\x45" - "\x23\x53\x60\x28\x74\x71\x35\x26" - "\x62\x49\x77\x57\x24\x70\x93\x69" - "\x99\x59\x57\x49\x66\x96\x76\x27" - "\x31\x41\x59\x26\x53\x58\x97\x93" - "\x23\x84\x62\x64\x33\x83\x27\x95" - "\x02\x88\x41\x97\x16\x93\x99\x37" - "\x51\x05\x82\x09\x74\x94\x45\x92", - .klen = 64, - .iv = "\xff\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00", - .input = "\x49\xcd\xb8\xbf\x2f\x73\x37\x28" - "\x9a\x7f\x6e\x57\x55\xb8\x07\x88" - "\x4a\x0d\x8b\x55\x60\xed\xb6\x7b" - "\xf1\x74\xac\x96\x05\x7b\x32\xca" - "\xd1\x4e\xf1\x58\x29\x16\x24\x6c" - "\xf2\xb3\xe4\x88\x84\xac\x4d\xee" - "\x97\x07\x82\xf0\x07\x12\x38\x0a" - "\x67\x62\xaf\xfd\x85\x9f\x0a\x55" - "\xa5\x20\xc5\x60\xe4\x68\x53\xa4" - "\x0e\x2e\x65\xe3\xe4\x0c\x30\x7c" - "\x1c\x01\x4f\x55\xa9\x13\xeb\x25" - "\x21\x87\xbc\xd3\xe7\x67\x4f\x38" - "\xa8\x14\x25\x71\xe9\x2e\x4c\x21" - "\x41\x82\x0c\x45\x39\x35\xa8\x75" - "\x03\x29\x01\x84\x8c\xab\x48\xbe" - "\x11\x56\x22\x67\xb7\x67\x1a\x09" - "\xa1\x72\x25\x41\x3c\x39\x65\x80" - "\x7d\x2f\xf8\x2c\x73\x04\x58\x9d" - "\xdd\x16\x8b\x63\x70\x4e\xc5\x17" - "\x21\xe0\x84\x51\x4b\x6f\x05\x52" - "\xe3\x63\x34\xfa\xa4\xaf\x33\x20" - "\xc1\xae\x32\xc4\xb8\x2b\xdb\x76" - "\xd9\x02\x31\x2f\xa3\xc6\xd0\x7b" - "\xaf\x1b\x84\xe3\x9b\xbf\xa6\xe0" - "\xb8\x8a\x13\x88\x71\xf4\x11\xa5" - "\xe9\xa9\x10\x33\xe0\xbe\x49\x89" - "\x41\x22\xf5\x9d\x80\x3e\x3b\x76" - "\x01\x16\x50\x6e\x7c\x6a\x81\xe9" - "\x13\x2c\xde\xb2\x5f\x79\xba\xb2" - "\xb1\x75\xae\xd2\x07\x98\x4b\x69" - "\xae\x7d\x5b\x90\xc2\x6c\xe6\x98" - "\xd3\x4c\xa1\xa3\x9c\xc9\x33\x6a" - "\x0d\x23\xb1\x79\x25\x13\x4b\xe5" - "\xaf\x93\x20\x5c\x7f\x06\x7a\x34" - "\x0b\x78\xe3\x67\x26\xe0\xad\x95" - "\xc5\x4e\x26\x22\xcf\x73\x77\x62" - "\x3e\x10\xd7\x90\x4b\x52\x1c\xc9" - "\xef\x38\x52\x18\x0e\x29\x7e\xef" - "\x34\xfe\x31\x95\xc5\xbc\xa8\xe2" - "\xa8\x4e\x9f\xea\xa6\xf0\xfe\x5d" - "\xc5\x39\x86\xed\x2f\x6d\xa0\xfe" - "\x96\xcd\x41\x10\x78\x4e\x0c\xc9" - "\xc3\x6d\x0f\xb7\xe8\xe0\x62\xab" - "\x8b\xf1\x21\x89\xa1\x12\xaa\xfa" - "\x9d\x70\xbe\x4c\xa8\x98\x89\x01" - "\xb9\xe2\x61\xde\x0c\x4a\x0b\xaa" - "\x89\xf5\x14\x79\x18\x8f\x3b\x0d" - "\x21\x17\xf8\x59\x15\x24\x64\x22" - "\x57\x48\x80\xd5\x3d\x92\x30\x07" - "\xd9\xa1\x4a\x23\x16\x43\x48\x0e" - "\x2b\x2d\x1b\x87\xef\x7e\xbd\xfa" - "\x49\xbc\x7e\x68\x6e\xa8\x46\x95" - "\xad\x5e\xfe\x0a\xa8\xd3\x1a\x5d" - "\x6b\x84\xf3\x00\xba\x52\x05\x02" - "\xe3\x96\x4e\xb6\x79\x3f\x43\xd3" - "\x4d\x3f\xd6\xab\x0a\xc4\x75\x2d" - "\xd1\x08\xc3\x6a\xc8\x37\x29\xa0" - "\xcc\x9a\x05\xdd\x5c\xe1\xff\x66" - "\xf2\x7a\x1d\xf2\xaf\xa9\x48\x89" - "\xf5\x21\x0f\x02\x48\x83\x74\xbf" - "\x2e\xe6\x93\x7b\xa0\xf4\xb1\x2b" - "\xb1\x02\x0a\x5c\x79\x19\x3b\x75" - "\xb7\x16\xd8\x12\x5c\xcd\x7d\x4e" - "\xd5\xc6\x99\xcc\x4e\x6c\x94\x95", - .ilen = 512, - .result = "\x00\x01\x02\x03\x04\x05\x06\x07" - "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f" - "\x10\x11\x12\x13\x14\x15\x16\x17" - "\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f" - "\x20\x21\x22\x23\x24\x25\x26\x27" - "\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f" - "\x30\x31\x32\x33\x34\x35\x36\x37" - "\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f" - "\x40\x41\x42\x43\x44\x45\x46\x47" - "\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f" - "\x50\x51\x52\x53\x54\x55\x56\x57" - "\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f" - "\x60\x61\x62\x63\x64\x65\x66\x67" - "\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f" - "\x70\x71\x72\x73\x74\x75\x76\x77" - "\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f" - "\x80\x81\x82\x83\x84\x85\x86\x87" - "\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f" - "\x90\x91\x92\x93\x94\x95\x96\x97" - "\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f" - "\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7" - "\xa8\xa9\xaa\xab\xac\xad\xae\xaf" - "\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7" - "\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf" - "\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7" - "\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf" - "\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7" - "\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf" - "\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7" - "\xe8\xe9\xea\xeb\xec\xed\xee\xef" - "\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7" - "\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff" - "\x00\x01\x02\x03\x04\x05\x06\x07" - "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f" - "\x10\x11\x12\x13\x14\x15\x16\x17" - "\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f" - "\x20\x21\x22\x23\x24\x25\x26\x27" - "\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f" - "\x30\x31\x32\x33\x34\x35\x36\x37" - "\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f" - "\x40\x41\x42\x43\x44\x45\x46\x47" - "\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f" - "\x50\x51\x52\x53\x54\x55\x56\x57" - "\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f" - "\x60\x61\x62\x63\x64\x65\x66\x67" - "\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f" - "\x70\x71\x72\x73\x74\x75\x76\x77" - "\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f" - "\x80\x81\x82\x83\x84\x85\x86\x87" - "\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f" - "\x90\x91\x92\x93\x94\x95\x96\x97" - "\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f" - "\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7" - "\xa8\xa9\xaa\xab\xac\xad\xae\xaf" - "\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7" - "\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf" - "\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7" - "\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf" - "\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7" - "\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf" - "\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7" - "\xe8\xe9\xea\xeb\xec\xed\xee\xef" - "\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7" - "\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff", - .rlen = 512, + .len = 512, .also_non_np = 1, .np = 3, .tap = { 512 - 20, 4, 16 }, @@ -33784,91 +29643,45 @@ static const struct cipher_testvec camellia_xts_dec_tv_template[] = { /* * SEED test vectors */ -static const struct cipher_testvec seed_enc_tv_template[] = { +static const struct cipher_testvec seed_tv_template[] = { { .key = zeroed_string, .klen = 16, - .input = "\x00\x01\x02\x03\x04\x05\x06\x07" + .ptext = "\x00\x01\x02\x03\x04\x05\x06\x07" "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f", - .ilen = 16, - .result = "\x5e\xba\xc6\xe0\x05\x4e\x16\x68" + .ctext = "\x5e\xba\xc6\xe0\x05\x4e\x16\x68" "\x19\xaf\xf1\xcc\x6d\x34\x6c\xdb", - .rlen = 16, + .len = 16, }, { .key = "\x00\x01\x02\x03\x04\x05\x06\x07" "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f", .klen = 16, - .input = zeroed_string, - .ilen = 16, - .result = "\xc1\x1f\x22\xf2\x01\x40\x50\x50" + .ptext = zeroed_string, + .ctext = "\xc1\x1f\x22\xf2\x01\x40\x50\x50" "\x84\x48\x35\x97\xe4\x37\x0f\x43", - .rlen = 16, + .len = 16, }, { .key = "\x47\x06\x48\x08\x51\xe6\x1b\xe8" "\x5d\x74\xbf\xb3\xfd\x95\x61\x85", .klen = 16, - .input = "\x83\xa2\xf8\xa2\x88\x64\x1f\xb9" + .ptext = "\x83\xa2\xf8\xa2\x88\x64\x1f\xb9" "\xa4\xe9\xa5\xcc\x2f\x13\x1c\x7d", - .ilen = 16, - .result = "\xee\x54\xd1\x3e\xbc\xae\x70\x6d" + .ctext = "\xee\x54\xd1\x3e\xbc\xae\x70\x6d" "\x22\x6b\xc3\x14\x2c\xd4\x0d\x4a", - .rlen = 16, + .len = 16, }, { .key = "\x28\xdb\xc3\xbc\x49\xff\xd8\x7d" "\xcf\xa5\x09\xb1\x1d\x42\x2b\xe7", .klen = 16, - .input = "\xb4\x1e\x6b\xe2\xeb\xa8\x4a\x14" + .ptext = "\xb4\x1e\x6b\xe2\xeb\xa8\x4a\x14" "\x8e\x2e\xed\x84\x59\x3c\x5e\xc7", - .ilen = 16, - .result = "\x9b\x9b\x7b\xfc\xd1\x81\x3c\xb9" - "\x5d\x0b\x36\x18\xf4\x0f\x51\x22", - .rlen = 16, - } -}; - -static const struct cipher_testvec seed_dec_tv_template[] = { - { - .key = zeroed_string, - .klen = 16, - .input = "\x5e\xba\xc6\xe0\x05\x4e\x16\x68" - "\x19\xaf\xf1\xcc\x6d\x34\x6c\xdb", - .ilen = 16, - .result = "\x00\x01\x02\x03\x04\x05\x06\x07" - "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f", - .rlen = 16, - }, { - .key = "\x00\x01\x02\x03\x04\x05\x06\x07" - "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f", - .klen = 16, - .input = "\xc1\x1f\x22\xf2\x01\x40\x50\x50" - "\x84\x48\x35\x97\xe4\x37\x0f\x43", - .ilen = 16, - .result = zeroed_string, - .rlen = 16, - }, { - .key = "\x47\x06\x48\x08\x51\xe6\x1b\xe8" - "\x5d\x74\xbf\xb3\xfd\x95\x61\x85", - .klen = 16, - .input = "\xee\x54\xd1\x3e\xbc\xae\x70\x6d" - "\x22\x6b\xc3\x14\x2c\xd4\x0d\x4a", - .ilen = 16, - .result = "\x83\xa2\xf8\xa2\x88\x64\x1f\xb9" - "\xa4\xe9\xa5\xcc\x2f\x13\x1c\x7d", - .rlen = 16, - }, { - .key = "\x28\xdb\xc3\xbc\x49\xff\xd8\x7d" - "\xcf\xa5\x09\xb1\x1d\x42\x2b\xe7", - .klen = 16, - .input = "\x9b\x9b\x7b\xfc\xd1\x81\x3c\xb9" + .ctext = "\x9b\x9b\x7b\xfc\xd1\x81\x3c\xb9" "\x5d\x0b\x36\x18\xf4\x0f\x51\x22", - .ilen = 16, - .result = "\xb4\x1e\x6b\xe2\xeb\xa8\x4a\x14" - "\x8e\x2e\xed\x84\x59\x3c\x5e\xc7", - .rlen = 16, + .len = 16, } }; -static const struct cipher_testvec salsa20_stream_enc_tv_template[] = { +static const struct cipher_testvec salsa20_stream_tv_template[] = { /* * Testvectors from verified.test-vectors submitted to ECRYPT. * They are truncated to size 39, 64, 111, 129 to test a variety @@ -33879,24 +29692,23 @@ static const struct cipher_testvec salsa20_stream_enc_tv_template[] = { "\x08\x09\x0A\x0B\x0C\x0D\x0E\x0F", .klen = 16, .iv = "\x00\x00\x00\x00\x00\x00\x00\x00", - .input = "\x00\x00\x00\x00\x00\x00\x00\x00" + .ptext = "\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00", - .ilen = 39, - .result = "\x2D\xD5\xC3\xF7\xBA\x2B\x20\xF7" + .ctext = "\x2D\xD5\xC3\xF7\xBA\x2B\x20\xF7" "\x68\x02\x41\x0C\x68\x86\x88\x89" "\x5A\xD8\xC1\xBD\x4E\xA6\xC9\xB1" "\x40\xFB\x9B\x90\xE2\x10\x49\xBF" "\x58\x3F\x52\x79\x70\xEB\xC1", - .rlen = 39, + .len = 39, }, { /* Set 5, vector 0 */ .key = "\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00", .klen = 16, .iv = "\x80\x00\x00\x00\x00\x00\x00\x00", - .input = "\x00\x00\x00\x00\x00\x00\x00\x00" + .ptext = "\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00" @@ -33904,8 +29716,7 @@ static const struct cipher_testvec salsa20_stream_enc_tv_template[] = { "\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00", - .ilen = 64, - .result = "\xB6\x6C\x1E\x44\x46\xDD\x95\x57" + .ctext = "\xB6\x6C\x1E\x44\x46\xDD\x95\x57" "\xE5\x78\xE2\x23\xB0\xB7\x68\x01" "\x7B\x23\xB2\x67\xBB\x02\x34\xAE" "\x46\x26\xBF\x44\x3F\x21\x97\x76" @@ -33913,7 +29724,7 @@ static const struct cipher_testvec salsa20_stream_enc_tv_template[] = { "\xCD\x0D\xE9\xA9\x53\x8F\x4A\x09" "\xCA\x9A\xC0\x73\x2E\x30\xBC\xF9" "\x8E\x4F\x13\xE4\xB9\xE2\x01\xD9", - .rlen = 64, + .len = 64, }, { /* Set 3, vector 27 */ .key = "\x1B\x1C\x1D\x1E\x1F\x20\x21\x22" "\x23\x24\x25\x26\x27\x28\x29\x2A" @@ -33921,7 +29732,7 @@ static const struct cipher_testvec salsa20_stream_enc_tv_template[] = { "\x33\x34\x35\x36\x37\x38\x39\x3A", .klen = 32, .iv = "\x00\x00\x00\x00\x00\x00\x00\x00", - .input = "\x00\x00\x00\x00\x00\x00\x00\x00" + .ptext = "\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00" @@ -33935,8 +29746,7 @@ static const struct cipher_testvec salsa20_stream_enc_tv_template[] = { "\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00", - .ilen = 111, - .result = "\xAE\x39\x50\x8E\xAC\x9A\xEC\xE7" + .ctext = "\xAE\x39\x50\x8E\xAC\x9A\xEC\xE7" "\xBF\x97\xBB\x20\xB9\xDE\xE4\x1F" "\x87\xD9\x47\xF8\x28\x91\x35\x98" "\xDB\x72\xCC\x23\x29\x48\x56\x5E" @@ -33950,7 +29760,7 @@ static const struct cipher_testvec salsa20_stream_enc_tv_template[] = { "\xB1\x41\x3F\x19\x2F\xC4\x3B\xC6" "\x95\x46\x45\x54\xE9\x75\x03\x08" "\x44\xAF\xE5\x8A\x81\x12\x09", - .rlen = 111, + .len = 111, }, { /* Set 5, vector 27 */ .key = "\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00" @@ -33958,7 +29768,7 @@ static const struct cipher_testvec salsa20_stream_enc_tv_template[] = { "\x00\x00\x00\x00\x00\x00\x00\x00", .klen = 32, .iv = "\x00\x00\x00\x10\x00\x00\x00\x00", - .input = "\x00\x00\x00\x00\x00\x00\x00\x00" + .ptext = "\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00" @@ -33975,8 +29785,7 @@ static const struct cipher_testvec salsa20_stream_enc_tv_template[] = { "\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00" "\x00", - .ilen = 129, - .result = "\xD2\xDB\x1A\x5C\xF1\xC1\xAC\xDB" + .ctext = "\xD2\xDB\x1A\x5C\xF1\xC1\xAC\xDB" "\xE8\x1A\x7A\x43\x40\xEF\x53\x43" "\x5E\x7F\x4B\x1A\x50\x52\x3F\x8D" "\x28\x3D\xCF\x85\x1D\x69\x6E\x60" @@ -33993,7 +29802,7 @@ static const struct cipher_testvec salsa20_stream_enc_tv_template[] = { "\x2E\x40\x48\x75\xE9\xE2\x21\x45" "\x0B\xC9\xB6\xB5\x66\xBC\x9A\x59" "\x5A", - .rlen = 129, + .len = 129, }, { /* large test vector generated using Crypto++ */ .key = "\x00\x01\x02\x03\x04\x05\x06\x07" "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f" @@ -34002,7 +29811,7 @@ static const struct cipher_testvec salsa20_stream_enc_tv_template[] = { .klen = 32, .iv = "\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00", - .input = + .ptext = "\x00\x01\x02\x03\x04\x05\x06\x07" "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f" "\x10\x11\x12\x13\x14\x15\x16\x17" @@ -34516,8 +30325,7 @@ static const struct cipher_testvec salsa20_stream_enc_tv_template[] = { "\x10\x2f\x4e\x6d\x8c\xab\xca\xe9" "\x08\x27\x46\x65\x84\xa3\xc2\xe1" "\x00\x21\x42\x63", - .ilen = 4100, - .result = + .ctext = "\xb5\x81\xf5\x64\x18\x73\xe3\xf0" "\x4c\x13\xf2\x77\x18\x60\x65\x5e" "\x29\x01\xce\x98\x55\x53\xf9\x0c" @@ -35031,13 +30839,13 @@ static const struct cipher_testvec salsa20_stream_enc_tv_template[] = { "\xfc\x3f\x09\x7a\x0b\xdc\xc5\x1b" "\x87\x13\xc6\x5b\x59\x8d\xf2\xc8" "\xaf\xdf\x11\x95", - .rlen = 4100, + .len = 4100, .np = 2, .tap = { 4064, 36 }, }, }; -static const struct cipher_testvec chacha20_enc_tv_template[] = { +static const struct cipher_testvec chacha20_tv_template[] = { { /* RFC7539 A.2. Test Vector #1 */ .key = "\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00" @@ -35046,7 +30854,7 @@ static const struct cipher_testvec chacha20_enc_tv_template[] = { .klen = 32, .iv = "\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00", - .input = "\x00\x00\x00\x00\x00\x00\x00\x00" + .ptext = "\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00" @@ -35054,8 +30862,7 @@ static const struct cipher_testvec chacha20_enc_tv_template[] = { "\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00", - .ilen = 64, - .result = "\x76\xb8\xe0\xad\xa0\xf1\x3d\x90" + .ctext = "\x76\xb8\xe0\xad\xa0\xf1\x3d\x90" "\x40\x5d\x6a\xe5\x53\x86\xbd\x28" "\xbd\xd2\x19\xb8\xa0\x8d\xed\x1a" "\xa8\x36\xef\xcc\x8b\x77\x0d\xc7" @@ -35063,7 +30870,7 @@ static const struct cipher_testvec chacha20_enc_tv_template[] = { "\x77\x24\xe0\x3f\xb8\xd8\x4a\x37" "\x6a\x43\xb8\xf4\x15\x18\xa1\x1c" "\xc3\x87\xb6\x69\xb2\xee\x65\x86", - .rlen = 64, + .len = 64, }, { /* RFC7539 A.2. Test Vector #2 */ .key = "\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00" @@ -35072,7 +30879,7 @@ static const struct cipher_testvec chacha20_enc_tv_template[] = { .klen = 32, .iv = "\x01\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x02", - .input = "\x41\x6e\x79\x20\x73\x75\x62\x6d" + .ptext = "\x41\x6e\x79\x20\x73\x75\x62\x6d" "\x69\x73\x73\x69\x6f\x6e\x20\x74" "\x6f\x20\x74\x68\x65\x20\x49\x45" "\x54\x46\x20\x69\x6e\x74\x65\x6e" @@ -35119,8 +30926,7 @@ static const struct cipher_testvec chacha20_enc_tv_template[] = { "\x20\x77\x68\x69\x63\x68\x20\x61" "\x72\x65\x20\x61\x64\x64\x72\x65" "\x73\x73\x65\x64\x20\x74\x6f", - .ilen = 375, - .result = "\xa3\xfb\xf0\x7d\xf3\xfa\x2f\xde" + .ctext = "\xa3\xfb\xf0\x7d\xf3\xfa\x2f\xde" "\x4f\x37\x6c\xa2\x3e\x82\x73\x70" "\x41\x60\x5d\x9f\x4f\x4f\x57\xbd" "\x8c\xff\x2c\x1d\x4b\x79\x55\xec" @@ -35167,7 +30973,7 @@ static const struct cipher_testvec chacha20_enc_tv_template[] = { "\x7a\xc6\x1d\xd2\x9c\x6f\x21\xba" "\x5b\x86\x2f\x37\x30\xe3\x7c\xfd" "\xc4\xfd\x80\x6c\x22\xf2\x21", - .rlen = 375, + .len = 375, .also_non_np = 1, .np = 3, .tap = { 375 - 20, 4, 16 }, @@ -35180,7 +30986,7 @@ static const struct cipher_testvec chacha20_enc_tv_template[] = { .klen = 32, .iv = "\x2a\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x02", - .input = "\x27\x54\x77\x61\x73\x20\x62\x72" + .ptext = "\x27\x54\x77\x61\x73\x20\x62\x72" "\x69\x6c\x6c\x69\x67\x2c\x20\x61" "\x6e\x64\x20\x74\x68\x65\x20\x73" "\x6c\x69\x74\x68\x79\x20\x74\x6f" @@ -35196,8 +31002,7 @@ static const struct cipher_testvec chacha20_enc_tv_template[] = { "\x68\x65\x20\x6d\x6f\x6d\x65\x20" "\x72\x61\x74\x68\x73\x20\x6f\x75" "\x74\x67\x72\x61\x62\x65\x2e", - .ilen = 127, - .result = "\x62\xe6\x34\x7f\x95\xed\x87\xa4" + .ctext = "\x62\xe6\x34\x7f\x95\xed\x87\xa4" "\x5f\xfa\xe7\x42\x6f\x27\xa1\xdf" "\x5f\xb6\x91\x10\x04\x4c\x0d\x73" "\x11\x8e\xff\xa9\x5b\x01\xe5\xcf" @@ -35213,7 +31018,7 @@ static const struct cipher_testvec chacha20_enc_tv_template[] = { "\x50\xd6\x15\x4b\x6d\xa7\x31\xb1" "\x87\xb5\x8d\xfd\x72\x8a\xfa\x36" "\x75\x7a\x79\x7a\xc1\x88\xd1", - .rlen = 127, + .len = 127, }, { /* Self-made test vector for long data */ .key = "\x1c\x92\x40\xa5\xeb\x55\xd3\x8a" "\xf3\x33\x88\x86\x04\xf6\xb5\xf0" @@ -35222,7 +31027,7 @@ static const struct cipher_testvec chacha20_enc_tv_template[] = { .klen = 32, .iv = "\x1c\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x01", - .input = "\x49\xee\xe0\xdc\x24\x90\x40\xcd" + .ptext = "\x49\xee\xe0\xdc\x24\x90\x40\xcd" "\xc5\x40\x8f\x47\x05\xbc\xdd\x81" "\x47\xc6\x8d\xe6\xb1\x8f\xd7\xcb" "\x09\x0e\x6e\x22\x48\x1f\xbf\xb8" @@ -35383,8 +31188,7 @@ static const struct cipher_testvec chacha20_enc_tv_template[] = { "\x08\x7c\xbc\x66\x8a\xb0\xb6\x9f" "\x92\xd6\x41\x7c\x5b\x2a\x00\x79" "\x72", - .ilen = 1281, - .result = "\x45\xe8\xe0\xb6\x9c\xca\xfd\x87" + .ctext = "\x45\xe8\xe0\xb6\x9c\xca\xfd\x87" "\xe8\x1d\x37\x96\x8a\xe3\x40\x35" "\xcf\x5e\x3a\x46\x3d\xfb\xd0\x69" "\xde\xaf\x7a\xd5\x0d\xe9\x52\xec" @@ -35545,7 +31349,7 @@ static const struct cipher_testvec chacha20_enc_tv_template[] = { "\x23\x45\x89\x42\xa0\x30\xeb\xbf" "\xa1\xed\xad\xd5\x76\xfa\x24\x8f" "\x98", - .rlen = 1281, + .len = 1281, .also_non_np = 1, .np = 3, .tap = { 1200, 1, 80 }, @@ -35555,30 +31359,28 @@ static const struct cipher_testvec chacha20_enc_tv_template[] = { /* * CTS (Cipher Text Stealing) mode tests */ -static const struct cipher_testvec cts_mode_enc_tv_template[] = { +static const struct cipher_testvec cts_mode_tv_template[] = { { /* from rfc3962 */ .klen = 16, .key = "\x63\x68\x69\x63\x6b\x65\x6e\x20" "\x74\x65\x72\x69\x79\x61\x6b\x69", - .ilen = 17, - .input = "\x49\x20\x77\x6f\x75\x6c\x64\x20" + .ptext = "\x49\x20\x77\x6f\x75\x6c\x64\x20" "\x6c\x69\x6b\x65\x20\x74\x68\x65" "\x20", - .rlen = 17, - .result = "\xc6\x35\x35\x68\xf2\xbf\x8c\xb4" + .len = 17, + .ctext = "\xc6\x35\x35\x68\xf2\xbf\x8c\xb4" "\xd8\xa5\x80\x36\x2d\xa7\xff\x7f" "\x97", }, { .klen = 16, .key = "\x63\x68\x69\x63\x6b\x65\x6e\x20" "\x74\x65\x72\x69\x79\x61\x6b\x69", - .ilen = 31, - .input = "\x49\x20\x77\x6f\x75\x6c\x64\x20" + .ptext = "\x49\x20\x77\x6f\x75\x6c\x64\x20" "\x6c\x69\x6b\x65\x20\x74\x68\x65" "\x20\x47\x65\x6e\x65\x72\x61\x6c" "\x20\x47\x61\x75\x27\x73\x20", - .rlen = 31, - .result = "\xfc\x00\x78\x3e\x0e\xfd\xb2\xc1" + .len = 31, + .ctext = "\xfc\x00\x78\x3e\x0e\xfd\xb2\xc1" "\xd4\x45\xd4\xc8\xef\xf7\xed\x22" "\x97\x68\x72\x68\xd6\xec\xcc\xc0" "\xc0\x7b\x25\xe2\x5e\xcf\xe5", @@ -35586,13 +31388,12 @@ static const struct cipher_testvec cts_mode_enc_tv_template[] = { .klen = 16, .key = "\x63\x68\x69\x63\x6b\x65\x6e\x20" "\x74\x65\x72\x69\x79\x61\x6b\x69", - .ilen = 32, - .input = "\x49\x20\x77\x6f\x75\x6c\x64\x20" + .ptext = "\x49\x20\x77\x6f\x75\x6c\x64\x20" "\x6c\x69\x6b\x65\x20\x74\x68\x65" "\x20\x47\x65\x6e\x65\x72\x61\x6c" "\x20\x47\x61\x75\x27\x73\x20\x43", - .rlen = 32, - .result = "\x39\x31\x25\x23\xa7\x86\x62\xd5" + .len = 32, + .ctext = "\x39\x31\x25\x23\xa7\x86\x62\xd5" "\xbe\x7f\xcb\xcc\x98\xeb\xf5\xa8" "\x97\x68\x72\x68\xd6\xec\xcc\xc0" "\xc0\x7b\x25\xe2\x5e\xcf\xe5\x84", @@ -35600,15 +31401,14 @@ static const struct cipher_testvec cts_mode_enc_tv_template[] = { .klen = 16, .key = "\x63\x68\x69\x63\x6b\x65\x6e\x20" "\x74\x65\x72\x69\x79\x61\x6b\x69", - .ilen = 47, - .input = "\x49\x20\x77\x6f\x75\x6c\x64\x20" + .ptext = "\x49\x20\x77\x6f\x75\x6c\x64\x20" "\x6c\x69\x6b\x65\x20\x74\x68\x65" "\x20\x47\x65\x6e\x65\x72\x61\x6c" "\x20\x47\x61\x75\x27\x73\x20\x43" "\x68\x69\x63\x6b\x65\x6e\x2c\x20" "\x70\x6c\x65\x61\x73\x65\x2c", - .rlen = 47, - .result = "\x97\x68\x72\x68\xd6\xec\xcc\xc0" + .len = 47, + .ctext = "\x97\x68\x72\x68\xd6\xec\xcc\xc0" "\xc0\x7b\x25\xe2\x5e\xcf\xe5\x84" "\xb3\xff\xfd\x94\x0c\x16\xa1\x8c" "\x1b\x55\x49\xd2\xf8\x38\x02\x9e" @@ -35618,15 +31418,14 @@ static const struct cipher_testvec cts_mode_enc_tv_template[] = { .klen = 16, .key = "\x63\x68\x69\x63\x6b\x65\x6e\x20" "\x74\x65\x72\x69\x79\x61\x6b\x69", - .ilen = 48, - .input = "\x49\x20\x77\x6f\x75\x6c\x64\x20" + .ptext = "\x49\x20\x77\x6f\x75\x6c\x64\x20" "\x6c\x69\x6b\x65\x20\x74\x68\x65" "\x20\x47\x65\x6e\x65\x72\x61\x6c" "\x20\x47\x61\x75\x27\x73\x20\x43" "\x68\x69\x63\x6b\x65\x6e\x2c\x20" "\x70\x6c\x65\x61\x73\x65\x2c\x20", - .rlen = 48, - .result = "\x97\x68\x72\x68\xd6\xec\xcc\xc0" + .len = 48, + .ctext = "\x97\x68\x72\x68\xd6\xec\xcc\xc0" "\xc0\x7b\x25\xe2\x5e\xcf\xe5\x84" "\x9d\xad\x8b\xbb\x96\xc4\xcd\xc0" "\x3b\xc1\x03\xe1\xa1\x94\xbb\xd8" @@ -35636,8 +31435,7 @@ static const struct cipher_testvec cts_mode_enc_tv_template[] = { .klen = 16, .key = "\x63\x68\x69\x63\x6b\x65\x6e\x20" "\x74\x65\x72\x69\x79\x61\x6b\x69", - .ilen = 64, - .input = "\x49\x20\x77\x6f\x75\x6c\x64\x20" + .ptext = "\x49\x20\x77\x6f\x75\x6c\x64\x20" "\x6c\x69\x6b\x65\x20\x74\x68\x65" "\x20\x47\x65\x6e\x65\x72\x61\x6c" "\x20\x47\x61\x75\x27\x73\x20\x43" @@ -35645,110 +31443,8 @@ static const struct cipher_testvec cts_mode_enc_tv_template[] = { "\x70\x6c\x65\x61\x73\x65\x2c\x20" "\x61\x6e\x64\x20\x77\x6f\x6e\x74" "\x6f\x6e\x20\x73\x6f\x75\x70\x2e", - .rlen = 64, - .result = "\x97\x68\x72\x68\xd6\xec\xcc\xc0" - "\xc0\x7b\x25\xe2\x5e\xcf\xe5\x84" - "\x39\x31\x25\x23\xa7\x86\x62\xd5" - "\xbe\x7f\xcb\xcc\x98\xeb\xf5\xa8" - "\x48\x07\xef\xe8\x36\xee\x89\xa5" - "\x26\x73\x0d\xbc\x2f\x7b\xc8\x40" - "\x9d\xad\x8b\xbb\x96\xc4\xcd\xc0" - "\x3b\xc1\x03\xe1\xa1\x94\xbb\xd8", - } -}; - -static const struct cipher_testvec cts_mode_dec_tv_template[] = { - { /* from rfc3962 */ - .klen = 16, - .key = "\x63\x68\x69\x63\x6b\x65\x6e\x20" - "\x74\x65\x72\x69\x79\x61\x6b\x69", - .rlen = 17, - .result = "\x49\x20\x77\x6f\x75\x6c\x64\x20" - "\x6c\x69\x6b\x65\x20\x74\x68\x65" - "\x20", - .ilen = 17, - .input = "\xc6\x35\x35\x68\xf2\xbf\x8c\xb4" - "\xd8\xa5\x80\x36\x2d\xa7\xff\x7f" - "\x97", - }, { - .klen = 16, - .key = "\x63\x68\x69\x63\x6b\x65\x6e\x20" - "\x74\x65\x72\x69\x79\x61\x6b\x69", - .rlen = 31, - .result = "\x49\x20\x77\x6f\x75\x6c\x64\x20" - "\x6c\x69\x6b\x65\x20\x74\x68\x65" - "\x20\x47\x65\x6e\x65\x72\x61\x6c" - "\x20\x47\x61\x75\x27\x73\x20", - .ilen = 31, - .input = "\xfc\x00\x78\x3e\x0e\xfd\xb2\xc1" - "\xd4\x45\xd4\xc8\xef\xf7\xed\x22" - "\x97\x68\x72\x68\xd6\xec\xcc\xc0" - "\xc0\x7b\x25\xe2\x5e\xcf\xe5", - }, { - .klen = 16, - .key = "\x63\x68\x69\x63\x6b\x65\x6e\x20" - "\x74\x65\x72\x69\x79\x61\x6b\x69", - .rlen = 32, - .result = "\x49\x20\x77\x6f\x75\x6c\x64\x20" - "\x6c\x69\x6b\x65\x20\x74\x68\x65" - "\x20\x47\x65\x6e\x65\x72\x61\x6c" - "\x20\x47\x61\x75\x27\x73\x20\x43", - .ilen = 32, - .input = "\x39\x31\x25\x23\xa7\x86\x62\xd5" - "\xbe\x7f\xcb\xcc\x98\xeb\xf5\xa8" - "\x97\x68\x72\x68\xd6\xec\xcc\xc0" - "\xc0\x7b\x25\xe2\x5e\xcf\xe5\x84", - }, { - .klen = 16, - .key = "\x63\x68\x69\x63\x6b\x65\x6e\x20" - "\x74\x65\x72\x69\x79\x61\x6b\x69", - .rlen = 47, - .result = "\x49\x20\x77\x6f\x75\x6c\x64\x20" - "\x6c\x69\x6b\x65\x20\x74\x68\x65" - "\x20\x47\x65\x6e\x65\x72\x61\x6c" - "\x20\x47\x61\x75\x27\x73\x20\x43" - "\x68\x69\x63\x6b\x65\x6e\x2c\x20" - "\x70\x6c\x65\x61\x73\x65\x2c", - .ilen = 47, - .input = "\x97\x68\x72\x68\xd6\xec\xcc\xc0" - "\xc0\x7b\x25\xe2\x5e\xcf\xe5\x84" - "\xb3\xff\xfd\x94\x0c\x16\xa1\x8c" - "\x1b\x55\x49\xd2\xf8\x38\x02\x9e" - "\x39\x31\x25\x23\xa7\x86\x62\xd5" - "\xbe\x7f\xcb\xcc\x98\xeb\xf5", - }, { - .klen = 16, - .key = "\x63\x68\x69\x63\x6b\x65\x6e\x20" - "\x74\x65\x72\x69\x79\x61\x6b\x69", - .rlen = 48, - .result = "\x49\x20\x77\x6f\x75\x6c\x64\x20" - "\x6c\x69\x6b\x65\x20\x74\x68\x65" - "\x20\x47\x65\x6e\x65\x72\x61\x6c" - "\x20\x47\x61\x75\x27\x73\x20\x43" - "\x68\x69\x63\x6b\x65\x6e\x2c\x20" - "\x70\x6c\x65\x61\x73\x65\x2c\x20", - .ilen = 48, - .input = "\x97\x68\x72\x68\xd6\xec\xcc\xc0" - "\xc0\x7b\x25\xe2\x5e\xcf\xe5\x84" - "\x9d\xad\x8b\xbb\x96\xc4\xcd\xc0" - "\x3b\xc1\x03\xe1\xa1\x94\xbb\xd8" - "\x39\x31\x25\x23\xa7\x86\x62\xd5" - "\xbe\x7f\xcb\xcc\x98\xeb\xf5\xa8", - }, { - .klen = 16, - .key = "\x63\x68\x69\x63\x6b\x65\x6e\x20" - "\x74\x65\x72\x69\x79\x61\x6b\x69", - .rlen = 64, - .result = "\x49\x20\x77\x6f\x75\x6c\x64\x20" - "\x6c\x69\x6b\x65\x20\x74\x68\x65" - "\x20\x47\x65\x6e\x65\x72\x61\x6c" - "\x20\x47\x61\x75\x27\x73\x20\x43" - "\x68\x69\x63\x6b\x65\x6e\x2c\x20" - "\x70\x6c\x65\x61\x73\x65\x2c\x20" - "\x61\x6e\x64\x20\x77\x6f\x6e\x74" - "\x6f\x6e\x20\x73\x6f\x75\x70\x2e", - .ilen = 64, - .input = "\x97\x68\x72\x68\xd6\xec\xcc\xc0" + .len = 64, + .ctext = "\x97\x68\x72\x68\xd6\xec\xcc\xc0" "\xc0\x7b\x25\xe2\x5e\xcf\xe5\x84" "\x39\x31\x25\x23\xa7\x86\x62\xd5" "\xbe\x7f\xcb\xcc\x98\xeb\xf5\xa8" @@ -36058,6 +31754,15 @@ static const struct hash_testvec michael_mic_tv_template[] = { */ static const struct hash_testvec crc32_tv_template[] = { { + .psize = 0, + .digest = "\x00\x00\x00\x00", + }, + { + .plaintext = "abcdefg", + .psize = 7, + .digest = "\xd8\xb5\x46\xac", + }, + { .key = "\x87\xa9\xcb\xed", .ksize = 4, .psize = 0, @@ -36494,6 +32199,11 @@ static const struct hash_testvec crc32c_tv_template[] = { .digest = "\x00\x00\x00\x00", }, { + .plaintext = "abcdefg", + .psize = 7, + .digest = "\x41\xf4\x27\xe6", + }, + { .key = "\x87\xa9\xcb\xed", .ksize = 4, .psize = 0, @@ -36921,94 +32631,6 @@ static const struct hash_testvec crc32c_tv_template[] = { } }; -/* - * Blakcifn CRC test vectors - */ -static const struct hash_testvec bfin_crc_tv_template[] = { - { - .psize = 0, - .digest = "\x00\x00\x00\x00", - }, - { - .key = "\x87\xa9\xcb\xed", - .ksize = 4, - .psize = 0, - .digest = "\x87\xa9\xcb\xed", - }, - { - .key = "\xff\xff\xff\xff", - .ksize = 4, - .plaintext = "\x01\x02\x03\x04\x05\x06\x07\x08" - "\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10" - "\x11\x12\x13\x14\x15\x16\x17\x18" - "\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20" - "\x21\x22\x23\x24\x25\x26\x27\x28", - .psize = 40, - .digest = "\x84\x0c\x8d\xa2", - }, - { - .key = "\xff\xff\xff\xff", - .ksize = 4, - .plaintext = "\x01\x02\x03\x04\x05\x06\x07\x08" - "\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10" - "\x11\x12\x13\x14\x15\x16\x17\x18" - "\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20" - "\x21\x22\x23\x24\x25\x26", - .psize = 38, - .digest = "\x8c\x58\xec\xb7", - }, - { - .key = "\xff\xff\xff\xff", - .ksize = 4, - .plaintext = "\x01\x02\x03\x04\x05\x06\x07\x08" - "\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10" - "\x11\x12\x13\x14\x15\x16\x17\x18" - "\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20" - "\x21\x22\x23\x24\x25\x26\x27", - .psize = 39, - .digest = "\xdc\x50\x28\x7b", - }, - { - .key = "\xff\xff\xff\xff", - .ksize = 4, - .plaintext = "\x01\x02\x03\x04\x05\x06\x07\x08" - "\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10" - "\x11\x12\x13\x14\x15\x16\x17\x18" - "\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20" - "\x21\x22\x23\x24\x25\x26\x27\x28" - "\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30" - "\x31\x32\x33\x34\x35\x36\x37\x38" - "\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40" - "\x41\x42\x43\x44\x45\x46\x47\x48" - "\x49\x4a\x4b\x4c\x4d\x4e\x4f\x50" - "\x51\x52\x53\x54\x55\x56\x57\x58" - "\x59\x5a\x5b\x5c\x5d\x5e\x5f\x60" - "\x61\x62\x63\x64\x65\x66\x67\x68" - "\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70" - "\x71\x72\x73\x74\x75\x76\x77\x78" - "\x79\x7a\x7b\x7c\x7d\x7e\x7f\x80" - "\x81\x82\x83\x84\x85\x86\x87\x88" - "\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90" - "\x91\x92\x93\x94\x95\x96\x97\x98" - "\x99\x9a\x9b\x9c\x9d\x9e\x9f\xa0" - "\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8" - "\xa9\xaa\xab\xac\xad\xae\xaf\xb0" - "\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8" - "\xb9\xba\xbb\xbc\xbd\xbe\xbf\xc0" - "\xc1\xc2\xc3\xc4\xc5\xc6\xc7\xc8" - "\xc9\xca\xcb\xcc\xcd\xce\xcf\xd0" - "\xd1\xd2\xd3\xd4\xd5\xd6\xd7\xd8" - "\xd9\xda\xdb\xdc\xdd\xde\xdf\xe0" - "\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8" - "\xe9\xea\xeb\xec\xed\xee\xef\xf0", - .psize = 240, - .digest = "\x10\x19\x4a\x5c", - .np = 2, - .tap = { 31, 209 } - }, - -}; - static const struct comp_testvec lz4_comp_tv_template[] = { { .inlen = 255, @@ -37131,4 +32753,75 @@ static const struct comp_testvec lz4hc_decomp_tv_template[] = { }, }; +static const struct comp_testvec zstd_comp_tv_template[] = { + { + .inlen = 68, + .outlen = 39, + .input = "The algorithm is zstd. " + "The algorithm is zstd. " + "The algorithm is zstd.", + .output = "\x28\xb5\x2f\xfd\x00\x50\xf5\x00\x00\xb8\x54\x68\x65" + "\x20\x61\x6c\x67\x6f\x72\x69\x74\x68\x6d\x20\x69\x73" + "\x20\x7a\x73\x74\x64\x2e\x20\x01\x00\x55\x73\x36\x01" + , + }, + { + .inlen = 244, + .outlen = 151, + .input = "zstd, short for Zstandard, is a fast lossless " + "compression algorithm, targeting real-time " + "compression scenarios at zlib-level and better " + "compression ratios. The zstd compression library " + "provides in-memory compression and decompression " + "functions.", + .output = "\x28\xb5\x2f\xfd\x00\x50\x75\x04\x00\x42\x4b\x1e\x17" + "\x90\x81\x31\x00\xf2\x2f\xe4\x36\xc9\xef\x92\x88\x32" + "\xc9\xf2\x24\x94\xd8\x68\x9a\x0f\x00\x0c\xc4\x31\x6f" + "\x0d\x0c\x38\xac\x5c\x48\x03\xcd\x63\x67\xc0\xf3\xad" + "\x4e\x90\xaa\x78\xa0\xa4\xc5\x99\xda\x2f\xb6\x24\x60" + "\xe2\x79\x4b\xaa\xb6\x6b\x85\x0b\xc9\xc6\x04\x66\x86" + "\xe2\xcc\xe2\x25\x3f\x4f\x09\xcd\xb8\x9d\xdb\xc1\x90" + "\xa9\x11\xbc\x35\x44\x69\x2d\x9c\x64\x4f\x13\x31\x64" + "\xcc\xfb\x4d\x95\x93\x86\x7f\x33\x7f\x1a\xef\xe9\x30" + "\xf9\x67\xa1\x94\x0a\x69\x0f\x60\xcd\xc3\xab\x99\xdc" + "\x42\xed\x97\x05\x00\x33\xc3\x15\x95\x3a\x06\xa0\x0e" + "\x20\xa9\x0e\x82\xb9\x43\x45\x01", + }, +}; + +static const struct comp_testvec zstd_decomp_tv_template[] = { + { + .inlen = 43, + .outlen = 68, + .input = "\x28\xb5\x2f\xfd\x04\x50\xf5\x00\x00\xb8\x54\x68\x65" + "\x20\x61\x6c\x67\x6f\x72\x69\x74\x68\x6d\x20\x69\x73" + "\x20\x7a\x73\x74\x64\x2e\x20\x01\x00\x55\x73\x36\x01" + "\x6b\xf4\x13\x35", + .output = "The algorithm is zstd. " + "The algorithm is zstd. " + "The algorithm is zstd.", + }, + { + .inlen = 155, + .outlen = 244, + .input = "\x28\xb5\x2f\xfd\x04\x50\x75\x04\x00\x42\x4b\x1e\x17" + "\x90\x81\x31\x00\xf2\x2f\xe4\x36\xc9\xef\x92\x88\x32" + "\xc9\xf2\x24\x94\xd8\x68\x9a\x0f\x00\x0c\xc4\x31\x6f" + "\x0d\x0c\x38\xac\x5c\x48\x03\xcd\x63\x67\xc0\xf3\xad" + "\x4e\x90\xaa\x78\xa0\xa4\xc5\x99\xda\x2f\xb6\x24\x60" + "\xe2\x79\x4b\xaa\xb6\x6b\x85\x0b\xc9\xc6\x04\x66\x86" + "\xe2\xcc\xe2\x25\x3f\x4f\x09\xcd\xb8\x9d\xdb\xc1\x90" + "\xa9\x11\xbc\x35\x44\x69\x2d\x9c\x64\x4f\x13\x31\x64" + "\xcc\xfb\x4d\x95\x93\x86\x7f\x33\x7f\x1a\xef\xe9\x30" + "\xf9\x67\xa1\x94\x0a\x69\x0f\x60\xcd\xc3\xab\x99\xdc" + "\x42\xed\x97\x05\x00\x33\xc3\x15\x95\x3a\x06\xa0\x0e" + "\x20\xa9\x0e\x82\xb9\x43\x45\x01\xaa\x6d\xda\x0d", + .output = "zstd, short for Zstandard, is a fast lossless " + "compression algorithm, targeting real-time " + "compression scenarios at zlib-level and better " + "compression ratios. The zstd compression library " + "provides in-memory compression and decompression " + "functions.", + }, +}; #endif /* _CRYPTO_TESTMGR_H */ diff --git a/crypto/zstd.c b/crypto/zstd.c new file mode 100644 index 000000000000..9a76b3ed8b8b --- /dev/null +++ b/crypto/zstd.c @@ -0,0 +1,265 @@ +/* + * Cryptographic API. + * + * Copyright (c) 2017-present, Facebook, Inc. + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 as published by + * the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for + * more details. + */ +#include <linux/crypto.h> +#include <linux/init.h> +#include <linux/interrupt.h> +#include <linux/mm.h> +#include <linux/module.h> +#include <linux/net.h> +#include <linux/vmalloc.h> +#include <linux/zstd.h> +#include <crypto/internal/scompress.h> + + +#define ZSTD_DEF_LEVEL 3 + +struct zstd_ctx { + ZSTD_CCtx *cctx; + ZSTD_DCtx *dctx; + void *cwksp; + void *dwksp; +}; + +static ZSTD_parameters zstd_params(void) +{ + return ZSTD_getParams(ZSTD_DEF_LEVEL, 0, 0); +} + +static int zstd_comp_init(struct zstd_ctx *ctx) +{ + int ret = 0; + const ZSTD_parameters params = zstd_params(); + const size_t wksp_size = ZSTD_CCtxWorkspaceBound(params.cParams); + + ctx->cwksp = vzalloc(wksp_size); + if (!ctx->cwksp) { + ret = -ENOMEM; + goto out; + } + + ctx->cctx = ZSTD_initCCtx(ctx->cwksp, wksp_size); + if (!ctx->cctx) { + ret = -EINVAL; + goto out_free; + } +out: + return ret; +out_free: + vfree(ctx->cwksp); + goto out; +} + +static int zstd_decomp_init(struct zstd_ctx *ctx) +{ + int ret = 0; + const size_t wksp_size = ZSTD_DCtxWorkspaceBound(); + + ctx->dwksp = vzalloc(wksp_size); + if (!ctx->dwksp) { + ret = -ENOMEM; + goto out; + } + + ctx->dctx = ZSTD_initDCtx(ctx->dwksp, wksp_size); + if (!ctx->dctx) { + ret = -EINVAL; + goto out_free; + } +out: + return ret; +out_free: + vfree(ctx->dwksp); + goto out; +} + +static void zstd_comp_exit(struct zstd_ctx *ctx) +{ + vfree(ctx->cwksp); + ctx->cwksp = NULL; + ctx->cctx = NULL; +} + +static void zstd_decomp_exit(struct zstd_ctx *ctx) +{ + vfree(ctx->dwksp); + ctx->dwksp = NULL; + ctx->dctx = NULL; +} + +static int __zstd_init(void *ctx) +{ + int ret; + + ret = zstd_comp_init(ctx); + if (ret) + return ret; + ret = zstd_decomp_init(ctx); + if (ret) + zstd_comp_exit(ctx); + return ret; +} + +static void *zstd_alloc_ctx(struct crypto_scomp *tfm) +{ + int ret; + struct zstd_ctx *ctx; + + ctx = kzalloc(sizeof(*ctx), GFP_KERNEL); + if (!ctx) + return ERR_PTR(-ENOMEM); + + ret = __zstd_init(ctx); + if (ret) { + kfree(ctx); + return ERR_PTR(ret); + } + + return ctx; +} + +static int zstd_init(struct crypto_tfm *tfm) +{ + struct zstd_ctx *ctx = crypto_tfm_ctx(tfm); + + return __zstd_init(ctx); +} + +static void __zstd_exit(void *ctx) +{ + zstd_comp_exit(ctx); + zstd_decomp_exit(ctx); +} + +static void zstd_free_ctx(struct crypto_scomp *tfm, void *ctx) +{ + __zstd_exit(ctx); + kzfree(ctx); +} + +static void zstd_exit(struct crypto_tfm *tfm) +{ + struct zstd_ctx *ctx = crypto_tfm_ctx(tfm); + + __zstd_exit(ctx); +} + +static int __zstd_compress(const u8 *src, unsigned int slen, + u8 *dst, unsigned int *dlen, void *ctx) +{ + size_t out_len; + struct zstd_ctx *zctx = ctx; + const ZSTD_parameters params = zstd_params(); + + out_len = ZSTD_compressCCtx(zctx->cctx, dst, *dlen, src, slen, params); + if (ZSTD_isError(out_len)) + return -EINVAL; + *dlen = out_len; + return 0; +} + +static int zstd_compress(struct crypto_tfm *tfm, const u8 *src, + unsigned int slen, u8 *dst, unsigned int *dlen) +{ + struct zstd_ctx *ctx = crypto_tfm_ctx(tfm); + + return __zstd_compress(src, slen, dst, dlen, ctx); +} + +static int zstd_scompress(struct crypto_scomp *tfm, const u8 *src, + unsigned int slen, u8 *dst, unsigned int *dlen, + void *ctx) +{ + return __zstd_compress(src, slen, dst, dlen, ctx); +} + +static int __zstd_decompress(const u8 *src, unsigned int slen, + u8 *dst, unsigned int *dlen, void *ctx) +{ + size_t out_len; + struct zstd_ctx *zctx = ctx; + + out_len = ZSTD_decompressDCtx(zctx->dctx, dst, *dlen, src, slen); + if (ZSTD_isError(out_len)) + return -EINVAL; + *dlen = out_len; + return 0; +} + +static int zstd_decompress(struct crypto_tfm *tfm, const u8 *src, + unsigned int slen, u8 *dst, unsigned int *dlen) +{ + struct zstd_ctx *ctx = crypto_tfm_ctx(tfm); + + return __zstd_decompress(src, slen, dst, dlen, ctx); +} + +static int zstd_sdecompress(struct crypto_scomp *tfm, const u8 *src, + unsigned int slen, u8 *dst, unsigned int *dlen, + void *ctx) +{ + return __zstd_decompress(src, slen, dst, dlen, ctx); +} + +static struct crypto_alg alg = { + .cra_name = "zstd", + .cra_flags = CRYPTO_ALG_TYPE_COMPRESS, + .cra_ctxsize = sizeof(struct zstd_ctx), + .cra_module = THIS_MODULE, + .cra_init = zstd_init, + .cra_exit = zstd_exit, + .cra_u = { .compress = { + .coa_compress = zstd_compress, + .coa_decompress = zstd_decompress } } +}; + +static struct scomp_alg scomp = { + .alloc_ctx = zstd_alloc_ctx, + .free_ctx = zstd_free_ctx, + .compress = zstd_scompress, + .decompress = zstd_sdecompress, + .base = { + .cra_name = "zstd", + .cra_driver_name = "zstd-scomp", + .cra_module = THIS_MODULE, + } +}; + +static int __init zstd_mod_init(void) +{ + int ret; + + ret = crypto_register_alg(&alg); + if (ret) + return ret; + + ret = crypto_register_scomp(&scomp); + if (ret) + crypto_unregister_alg(&alg); + + return ret; +} + +static void __exit zstd_mod_fini(void) +{ + crypto_unregister_alg(&alg); + crypto_unregister_scomp(&scomp); +} + +module_init(zstd_mod_init); +module_exit(zstd_mod_fini); + +MODULE_LICENSE("GPL"); +MODULE_DESCRIPTION("Zstd Compression Algorithm"); +MODULE_ALIAS_CRYPTO("zstd"); diff --git a/drivers/char/hw_random/Kconfig b/drivers/char/hw_random/Kconfig index d53541e96bee..c34b257d852d 100644 --- a/drivers/char/hw_random/Kconfig +++ b/drivers/char/hw_random/Kconfig @@ -347,6 +347,7 @@ config HW_RANDOM_STM32 tristate "STMicroelectronics STM32 random number generator" depends on HW_RANDOM && (ARCH_STM32 || COMPILE_TEST) depends on HAS_IOMEM + default HW_RANDOM help This driver provides kernel-side support for the Random Number Generator hardware found on STM32 microcontrollers. diff --git a/drivers/char/hw_random/n2-drv.c b/drivers/char/hw_random/n2-drv.c index 92dd4e925315..f8411515fe1c 100644 --- a/drivers/char/hw_random/n2-drv.c +++ b/drivers/char/hw_random/n2-drv.c @@ -435,7 +435,7 @@ static int n2rng_data_read(struct hwrng *rng, u32 *data) *data = np->test_data & 0xffffffff; len = 4; } else { - dev_err(&np->op->dev, "RNG error, restesting\n"); + dev_err(&np->op->dev, "RNG error, retesting\n"); np->flags &= ~N2RNG_FLAG_READY; if (!(np->flags & N2RNG_FLAG_SHUTDOWN)) schedule_delayed_work(&np->work, 0); diff --git a/drivers/char/hw_random/stm32-rng.c b/drivers/char/hw_random/stm32-rng.c index 0d2328da3b76..042860d97b15 100644 --- a/drivers/char/hw_random/stm32-rng.c +++ b/drivers/char/hw_random/stm32-rng.c @@ -187,8 +187,13 @@ static int stm32_rng_runtime_resume(struct device *dev) } #endif -static UNIVERSAL_DEV_PM_OPS(stm32_rng_pm_ops, stm32_rng_runtime_suspend, - stm32_rng_runtime_resume, NULL); +static const struct dev_pm_ops stm32_rng_pm_ops = { + SET_RUNTIME_PM_OPS(stm32_rng_runtime_suspend, + stm32_rng_runtime_resume, NULL) + SET_SYSTEM_SLEEP_PM_OPS(pm_runtime_force_suspend, + pm_runtime_force_resume) +}; + static const struct of_device_id stm32_rng_match[] = { { diff --git a/drivers/char/hw_random/via-rng.c b/drivers/char/hw_random/via-rng.c index 6e9df558325b..ffe9b0c6c647 100644 --- a/drivers/char/hw_random/via-rng.c +++ b/drivers/char/hw_random/via-rng.c @@ -135,7 +135,7 @@ static int via_rng_init(struct hwrng *rng) * is always enabled if CPUID rng_en is set. There is no * RNG configuration like it used to be the case in this * register */ - if ((c->x86 == 6) && (c->x86_model >= 0x0f)) { + if (((c->x86 == 6) && (c->x86_model >= 0x0f)) || (c->x86 > 6)){ if (!boot_cpu_has(X86_FEATURE_XSTORE_EN)) { pr_err(PFX "can't enable hardware RNG " "if XSTORE is not enabled\n"); diff --git a/drivers/crypto/Kconfig b/drivers/crypto/Kconfig index d1ea1a07cecb..43cccf6aff61 100644 --- a/drivers/crypto/Kconfig +++ b/drivers/crypto/Kconfig @@ -302,6 +302,7 @@ config CRYPTO_DEV_PPC4XX select CRYPTO_AEAD select CRYPTO_AES select CRYPTO_CCM + select CRYPTO_CTR select CRYPTO_GCM select CRYPTO_BLKCIPHER help @@ -419,7 +420,7 @@ config CRYPTO_DEV_EXYNOS_RNG config CRYPTO_DEV_S5P tristate "Support for Samsung S5PV210/Exynos crypto accelerator" depends on ARCH_S5PV210 || ARCH_EXYNOS || COMPILE_TEST - depends on HAS_IOMEM && HAS_DMA + depends on HAS_IOMEM select CRYPTO_AES select CRYPTO_BLKCIPHER help @@ -466,7 +467,6 @@ endif # if CRYPTO_DEV_UX500 config CRYPTO_DEV_ATMEL_AUTHENC tristate "Support for Atmel IPSEC/SSL hw accelerator" - depends on HAS_DMA depends on ARCH_AT91 || COMPILE_TEST select CRYPTO_AUTHENC select CRYPTO_DEV_ATMEL_AES @@ -479,7 +479,6 @@ config CRYPTO_DEV_ATMEL_AUTHENC config CRYPTO_DEV_ATMEL_AES tristate "Support for Atmel AES hw accelerator" - depends on HAS_DMA depends on ARCH_AT91 || COMPILE_TEST select CRYPTO_AES select CRYPTO_AEAD @@ -494,7 +493,6 @@ config CRYPTO_DEV_ATMEL_AES config CRYPTO_DEV_ATMEL_TDES tristate "Support for Atmel DES/TDES hw accelerator" - depends on HAS_DMA depends on ARCH_AT91 || COMPILE_TEST select CRYPTO_DES select CRYPTO_BLKCIPHER @@ -508,7 +506,6 @@ config CRYPTO_DEV_ATMEL_TDES config CRYPTO_DEV_ATMEL_SHA tristate "Support for Atmel SHA hw accelerator" - depends on HAS_DMA depends on ARCH_AT91 || COMPILE_TEST select CRYPTO_HASH help @@ -574,7 +571,8 @@ config CRYPTO_DEV_CAVIUM_ZIP config CRYPTO_DEV_QCE tristate "Qualcomm crypto engine accelerator" - depends on (ARCH_QCOM || COMPILE_TEST) && HAS_DMA && HAS_IOMEM + depends on ARCH_QCOM || COMPILE_TEST + depends on HAS_IOMEM select CRYPTO_AES select CRYPTO_DES select CRYPTO_ECB @@ -598,7 +596,6 @@ source "drivers/crypto/vmx/Kconfig" config CRYPTO_DEV_IMGTEC_HASH tristate "Imagination Technologies hardware hash accelerator" depends on MIPS || COMPILE_TEST - depends on HAS_DMA select CRYPTO_MD5 select CRYPTO_SHA1 select CRYPTO_SHA256 @@ -650,7 +647,6 @@ config CRYPTO_DEV_ROCKCHIP config CRYPTO_DEV_MEDIATEK tristate "MediaTek's EIP97 Cryptographic Engine driver" - depends on HAS_DMA depends on (ARM && ARCH_MEDIATEK) || COMPILE_TEST select CRYPTO_AES select CRYPTO_AEAD @@ -688,9 +684,10 @@ source "drivers/crypto/stm32/Kconfig" config CRYPTO_DEV_SAFEXCEL tristate "Inside Secure's SafeXcel cryptographic engine driver" - depends on HAS_DMA && OF + depends on OF depends on (ARM64 && ARCH_MVEBU) || (COMPILE_TEST && 64BIT) select CRYPTO_AES + select CRYPTO_AUTHENC select CRYPTO_BLKCIPHER select CRYPTO_HASH select CRYPTO_HMAC @@ -706,7 +703,6 @@ config CRYPTO_DEV_SAFEXCEL config CRYPTO_DEV_ARTPEC6 tristate "Support for Axis ARTPEC-6/7 hardware crypto acceleration." depends on ARM && (ARCH_ARTPEC || COMPILE_TEST) - depends on HAS_DMA depends on OF select CRYPTO_AEAD select CRYPTO_AES diff --git a/drivers/crypto/amcc/crypto4xx_alg.c b/drivers/crypto/amcc/crypto4xx_alg.c index ea83d0bff0e9..f5c07498ea4f 100644 --- a/drivers/crypto/amcc/crypto4xx_alg.c +++ b/drivers/crypto/amcc/crypto4xx_alg.c @@ -31,6 +31,7 @@ #include <crypto/gcm.h> #include <crypto/sha.h> #include <crypto/ctr.h> +#include <crypto/skcipher.h> #include "crypto4xx_reg_def.h" #include "crypto4xx_core.h" #include "crypto4xx_sa.h" @@ -74,51 +75,57 @@ static void set_dynamic_sa_command_1(struct dynamic_sa_ctl *sa, u32 cm, sa->sa_command_1.bf.copy_hdr = cp_hdr; } -int crypto4xx_encrypt(struct ablkcipher_request *req) +static inline int crypto4xx_crypt(struct skcipher_request *req, + const unsigned int ivlen, bool decrypt) { - struct crypto4xx_ctx *ctx = crypto_tfm_ctx(req->base.tfm); - unsigned int ivlen = crypto_ablkcipher_ivsize( - crypto_ablkcipher_reqtfm(req)); - __le32 iv[ivlen]; + struct crypto_skcipher *cipher = crypto_skcipher_reqtfm(req); + struct crypto4xx_ctx *ctx = crypto_skcipher_ctx(cipher); + __le32 iv[AES_IV_SIZE]; if (ivlen) - crypto4xx_memcpy_to_le32(iv, req->info, ivlen); + crypto4xx_memcpy_to_le32(iv, req->iv, ivlen); return crypto4xx_build_pd(&req->base, ctx, req->src, req->dst, - req->nbytes, iv, ivlen, ctx->sa_out, ctx->sa_len, 0); + req->cryptlen, iv, ivlen, decrypt ? ctx->sa_in : ctx->sa_out, + ctx->sa_len, 0, NULL); } -int crypto4xx_decrypt(struct ablkcipher_request *req) +int crypto4xx_encrypt_noiv(struct skcipher_request *req) { - struct crypto4xx_ctx *ctx = crypto_tfm_ctx(req->base.tfm); - unsigned int ivlen = crypto_ablkcipher_ivsize( - crypto_ablkcipher_reqtfm(req)); - __le32 iv[ivlen]; + return crypto4xx_crypt(req, 0, false); +} - if (ivlen) - crypto4xx_memcpy_to_le32(iv, req->info, ivlen); +int crypto4xx_encrypt_iv(struct skcipher_request *req) +{ + return crypto4xx_crypt(req, AES_IV_SIZE, false); +} - return crypto4xx_build_pd(&req->base, ctx, req->src, req->dst, - req->nbytes, iv, ivlen, ctx->sa_in, ctx->sa_len, 0); +int crypto4xx_decrypt_noiv(struct skcipher_request *req) +{ + return crypto4xx_crypt(req, 0, true); +} + +int crypto4xx_decrypt_iv(struct skcipher_request *req) +{ + return crypto4xx_crypt(req, AES_IV_SIZE, true); } /** * AES Functions */ -static int crypto4xx_setkey_aes(struct crypto_ablkcipher *cipher, +static int crypto4xx_setkey_aes(struct crypto_skcipher *cipher, const u8 *key, unsigned int keylen, unsigned char cm, u8 fb) { - struct crypto_tfm *tfm = crypto_ablkcipher_tfm(cipher); - struct crypto4xx_ctx *ctx = crypto_tfm_ctx(tfm); + struct crypto4xx_ctx *ctx = crypto_skcipher_ctx(cipher); struct dynamic_sa_ctl *sa; int rc; if (keylen != AES_KEYSIZE_256 && keylen != AES_KEYSIZE_192 && keylen != AES_KEYSIZE_128) { - crypto_ablkcipher_set_flags(cipher, + crypto_skcipher_set_flags(cipher, CRYPTO_TFM_RES_BAD_KEY_LEN); return -EINVAL; } @@ -134,7 +141,8 @@ static int crypto4xx_setkey_aes(struct crypto_ablkcipher *cipher, /* Setup SA */ sa = ctx->sa_in; - set_dynamic_sa_command_0(sa, SA_NOT_SAVE_HASH, SA_NOT_SAVE_IV, + set_dynamic_sa_command_0(sa, SA_NOT_SAVE_HASH, (cm == CRYPTO_MODE_CBC ? + SA_SAVE_IV : SA_NOT_SAVE_IV), SA_LOAD_HASH_FROM_SA, SA_LOAD_IV_FROM_STATE, SA_NO_HEADER_PROC, SA_HASH_ALG_NULL, SA_CIPHER_ALG_AES, SA_PAD_TYPE_ZERO, @@ -158,39 +166,38 @@ static int crypto4xx_setkey_aes(struct crypto_ablkcipher *cipher, return 0; } -int crypto4xx_setkey_aes_cbc(struct crypto_ablkcipher *cipher, +int crypto4xx_setkey_aes_cbc(struct crypto_skcipher *cipher, const u8 *key, unsigned int keylen) { return crypto4xx_setkey_aes(cipher, key, keylen, CRYPTO_MODE_CBC, CRYPTO_FEEDBACK_MODE_NO_FB); } -int crypto4xx_setkey_aes_cfb(struct crypto_ablkcipher *cipher, +int crypto4xx_setkey_aes_cfb(struct crypto_skcipher *cipher, const u8 *key, unsigned int keylen) { return crypto4xx_setkey_aes(cipher, key, keylen, CRYPTO_MODE_CFB, CRYPTO_FEEDBACK_MODE_128BIT_CFB); } -int crypto4xx_setkey_aes_ecb(struct crypto_ablkcipher *cipher, +int crypto4xx_setkey_aes_ecb(struct crypto_skcipher *cipher, const u8 *key, unsigned int keylen) { return crypto4xx_setkey_aes(cipher, key, keylen, CRYPTO_MODE_ECB, CRYPTO_FEEDBACK_MODE_NO_FB); } -int crypto4xx_setkey_aes_ofb(struct crypto_ablkcipher *cipher, +int crypto4xx_setkey_aes_ofb(struct crypto_skcipher *cipher, const u8 *key, unsigned int keylen) { return crypto4xx_setkey_aes(cipher, key, keylen, CRYPTO_MODE_OFB, CRYPTO_FEEDBACK_MODE_64BIT_OFB); } -int crypto4xx_setkey_rfc3686(struct crypto_ablkcipher *cipher, +int crypto4xx_setkey_rfc3686(struct crypto_skcipher *cipher, const u8 *key, unsigned int keylen) { - struct crypto_tfm *tfm = crypto_ablkcipher_tfm(cipher); - struct crypto4xx_ctx *ctx = crypto_tfm_ctx(tfm); + struct crypto4xx_ctx *ctx = crypto_skcipher_ctx(cipher); int rc; rc = crypto4xx_setkey_aes(cipher, key, keylen - CTR_RFC3686_NONCE_SIZE, @@ -204,35 +211,117 @@ int crypto4xx_setkey_rfc3686(struct crypto_ablkcipher *cipher, return 0; } -int crypto4xx_rfc3686_encrypt(struct ablkcipher_request *req) +int crypto4xx_rfc3686_encrypt(struct skcipher_request *req) { - struct crypto4xx_ctx *ctx = crypto_tfm_ctx(req->base.tfm); + struct crypto_skcipher *cipher = crypto_skcipher_reqtfm(req); + struct crypto4xx_ctx *ctx = crypto_skcipher_ctx(cipher); __le32 iv[AES_IV_SIZE / 4] = { ctx->iv_nonce, - cpu_to_le32p((u32 *) req->info), - cpu_to_le32p((u32 *) (req->info + 4)), + cpu_to_le32p((u32 *) req->iv), + cpu_to_le32p((u32 *) (req->iv + 4)), cpu_to_le32(1) }; return crypto4xx_build_pd(&req->base, ctx, req->src, req->dst, - req->nbytes, iv, AES_IV_SIZE, - ctx->sa_out, ctx->sa_len, 0); + req->cryptlen, iv, AES_IV_SIZE, + ctx->sa_out, ctx->sa_len, 0, NULL); } -int crypto4xx_rfc3686_decrypt(struct ablkcipher_request *req) +int crypto4xx_rfc3686_decrypt(struct skcipher_request *req) { - struct crypto4xx_ctx *ctx = crypto_tfm_ctx(req->base.tfm); + struct crypto_skcipher *cipher = crypto_skcipher_reqtfm(req); + struct crypto4xx_ctx *ctx = crypto_skcipher_ctx(cipher); __le32 iv[AES_IV_SIZE / 4] = { ctx->iv_nonce, - cpu_to_le32p((u32 *) req->info), - cpu_to_le32p((u32 *) (req->info + 4)), + cpu_to_le32p((u32 *) req->iv), + cpu_to_le32p((u32 *) (req->iv + 4)), cpu_to_le32(1) }; return crypto4xx_build_pd(&req->base, ctx, req->src, req->dst, - req->nbytes, iv, AES_IV_SIZE, - ctx->sa_out, ctx->sa_len, 0); + req->cryptlen, iv, AES_IV_SIZE, + ctx->sa_out, ctx->sa_len, 0, NULL); +} + +static int +crypto4xx_ctr_crypt(struct skcipher_request *req, bool encrypt) +{ + struct crypto_skcipher *cipher = crypto_skcipher_reqtfm(req); + struct crypto4xx_ctx *ctx = crypto_skcipher_ctx(cipher); + size_t iv_len = crypto_skcipher_ivsize(cipher); + unsigned int counter = be32_to_cpup((__be32 *)(req->iv + iv_len - 4)); + unsigned int nblks = ALIGN(req->cryptlen, AES_BLOCK_SIZE) / + AES_BLOCK_SIZE; + + /* + * The hardware uses only the last 32-bits as the counter while the + * kernel tests (aes_ctr_enc_tv_template[4] for example) expect that + * the whole IV is a counter. So fallback if the counter is going to + * overlow. + */ + if (counter + nblks < counter) { + struct skcipher_request *subreq = skcipher_request_ctx(req); + int ret; + + skcipher_request_set_tfm(subreq, ctx->sw_cipher.cipher); + skcipher_request_set_callback(subreq, req->base.flags, + NULL, NULL); + skcipher_request_set_crypt(subreq, req->src, req->dst, + req->cryptlen, req->iv); + ret = encrypt ? crypto_skcipher_encrypt(subreq) + : crypto_skcipher_decrypt(subreq); + skcipher_request_zero(subreq); + return ret; + } + + return encrypt ? crypto4xx_encrypt_iv(req) + : crypto4xx_decrypt_iv(req); +} + +static int crypto4xx_sk_setup_fallback(struct crypto4xx_ctx *ctx, + struct crypto_skcipher *cipher, + const u8 *key, + unsigned int keylen) +{ + int rc; + + crypto_skcipher_clear_flags(ctx->sw_cipher.cipher, + CRYPTO_TFM_REQ_MASK); + crypto_skcipher_set_flags(ctx->sw_cipher.cipher, + crypto_skcipher_get_flags(cipher) & CRYPTO_TFM_REQ_MASK); + rc = crypto_skcipher_setkey(ctx->sw_cipher.cipher, key, keylen); + crypto_skcipher_clear_flags(cipher, CRYPTO_TFM_RES_MASK); + crypto_skcipher_set_flags(cipher, + crypto_skcipher_get_flags(ctx->sw_cipher.cipher) & + CRYPTO_TFM_RES_MASK); + + return rc; +} + +int crypto4xx_setkey_aes_ctr(struct crypto_skcipher *cipher, + const u8 *key, unsigned int keylen) +{ + struct crypto4xx_ctx *ctx = crypto_skcipher_ctx(cipher); + int rc; + + rc = crypto4xx_sk_setup_fallback(ctx, cipher, key, keylen); + if (rc) + return rc; + + return crypto4xx_setkey_aes(cipher, key, keylen, + CRYPTO_MODE_CTR, CRYPTO_FEEDBACK_MODE_NO_FB); +} + +int crypto4xx_encrypt_ctr(struct skcipher_request *req) +{ + return crypto4xx_ctr_crypt(req, true); +} + +int crypto4xx_decrypt_ctr(struct skcipher_request *req) +{ + return crypto4xx_ctr_crypt(req, false); } static inline bool crypto4xx_aead_need_fallback(struct aead_request *req, + unsigned int len, bool is_ccm, bool decrypt) { struct crypto_aead *aead = crypto_aead_reqtfm(req); @@ -242,14 +331,14 @@ static inline bool crypto4xx_aead_need_fallback(struct aead_request *req, return true; /* - * hardware does not handle cases where cryptlen - * is less than a block + * hardware does not handle cases where plaintext + * is less than a block. */ - if (req->cryptlen < AES_BLOCK_SIZE) + if (len < AES_BLOCK_SIZE) return true; - /* assoc len needs to be a multiple of 4 */ - if (req->assoclen & 0x3) + /* assoc len needs to be a multiple of 4 and <= 1020 */ + if (req->assoclen & 0x3 || req->assoclen > 1020) return true; /* CCM supports only counter field length of 2 and 4 bytes */ @@ -262,13 +351,7 @@ static inline bool crypto4xx_aead_need_fallback(struct aead_request *req, static int crypto4xx_aead_fallback(struct aead_request *req, struct crypto4xx_ctx *ctx, bool do_decrypt) { - char aead_req_data[sizeof(struct aead_request) + - crypto_aead_reqsize(ctx->sw_cipher.aead)] - __aligned(__alignof__(struct aead_request)); - - struct aead_request *subreq = (void *) aead_req_data; - - memset(subreq, 0, sizeof(aead_req_data)); + struct aead_request *subreq = aead_request_ctx(req); aead_request_set_tfm(subreq, ctx->sw_cipher.aead); aead_request_set_callback(subreq, req->base.flags, @@ -280,10 +363,10 @@ static int crypto4xx_aead_fallback(struct aead_request *req, crypto_aead_encrypt(subreq); } -static int crypto4xx_setup_fallback(struct crypto4xx_ctx *ctx, - struct crypto_aead *cipher, - const u8 *key, - unsigned int keylen) +static int crypto4xx_aead_setup_fallback(struct crypto4xx_ctx *ctx, + struct crypto_aead *cipher, + const u8 *key, + unsigned int keylen) { int rc; @@ -311,7 +394,7 @@ int crypto4xx_setkey_aes_ccm(struct crypto_aead *cipher, const u8 *key, struct dynamic_sa_ctl *sa; int rc = 0; - rc = crypto4xx_setup_fallback(ctx, cipher, key, keylen); + rc = crypto4xx_aead_setup_fallback(ctx, cipher, key, keylen); if (rc) return rc; @@ -366,19 +449,20 @@ int crypto4xx_setkey_aes_ccm(struct crypto_aead *cipher, const u8 *key, static int crypto4xx_crypt_aes_ccm(struct aead_request *req, bool decrypt) { struct crypto4xx_ctx *ctx = crypto_tfm_ctx(req->base.tfm); + struct crypto4xx_aead_reqctx *rctx = aead_request_ctx(req); struct crypto_aead *aead = crypto_aead_reqtfm(req); - unsigned int len = req->cryptlen; __le32 iv[16]; - u32 tmp_sa[ctx->sa_len * 4]; + u32 tmp_sa[SA_AES128_CCM_LEN + 4]; struct dynamic_sa_ctl *sa = (struct dynamic_sa_ctl *)tmp_sa; - - if (crypto4xx_aead_need_fallback(req, true, decrypt)) - return crypto4xx_aead_fallback(req, ctx, decrypt); + unsigned int len = req->cryptlen; if (decrypt) len -= crypto_aead_authsize(aead); - memcpy(tmp_sa, decrypt ? ctx->sa_in : ctx->sa_out, sizeof(tmp_sa)); + if (crypto4xx_aead_need_fallback(req, len, true, decrypt)) + return crypto4xx_aead_fallback(req, ctx, decrypt); + + memcpy(tmp_sa, decrypt ? ctx->sa_in : ctx->sa_out, ctx->sa_len * 4); sa->sa_command_0.bf.digest_len = crypto_aead_authsize(aead) >> 2; if (req->iv[0] == 1) { @@ -391,7 +475,7 @@ static int crypto4xx_crypt_aes_ccm(struct aead_request *req, bool decrypt) return crypto4xx_build_pd(&req->base, ctx, req->src, req->dst, len, iv, sizeof(iv), - sa, ctx->sa_len, req->assoclen); + sa, ctx->sa_len, req->assoclen, rctx->dst); } int crypto4xx_encrypt_aes_ccm(struct aead_request *req) @@ -470,7 +554,7 @@ int crypto4xx_setkey_aes_gcm(struct crypto_aead *cipher, return -EINVAL; } - rc = crypto4xx_setup_fallback(ctx, cipher, key, keylen); + rc = crypto4xx_aead_setup_fallback(ctx, cipher, key, keylen); if (rc) return rc; @@ -523,22 +607,23 @@ static inline int crypto4xx_crypt_aes_gcm(struct aead_request *req, bool decrypt) { struct crypto4xx_ctx *ctx = crypto_tfm_ctx(req->base.tfm); - unsigned int len = req->cryptlen; + struct crypto4xx_aead_reqctx *rctx = aead_request_ctx(req); __le32 iv[4]; + unsigned int len = req->cryptlen; + + if (decrypt) + len -= crypto_aead_authsize(crypto_aead_reqtfm(req)); - if (crypto4xx_aead_need_fallback(req, false, decrypt)) + if (crypto4xx_aead_need_fallback(req, len, false, decrypt)) return crypto4xx_aead_fallback(req, ctx, decrypt); crypto4xx_memcpy_to_le32(iv, req->iv, GCM_AES_IV_SIZE); iv[3] = cpu_to_le32(1); - if (decrypt) - len -= crypto_aead_authsize(crypto_aead_reqtfm(req)); - return crypto4xx_build_pd(&req->base, ctx, req->src, req->dst, len, iv, sizeof(iv), decrypt ? ctx->sa_in : ctx->sa_out, - ctx->sa_len, req->assoclen); + ctx->sa_len, req->assoclen, rctx->dst); } int crypto4xx_encrypt_aes_gcm(struct aead_request *req) @@ -623,7 +708,7 @@ int crypto4xx_hash_update(struct ahash_request *req) return crypto4xx_build_pd(&req->base, ctx, req->src, &dst, req->nbytes, NULL, 0, ctx->sa_in, - ctx->sa_len, 0); + ctx->sa_len, 0, NULL); } int crypto4xx_hash_final(struct ahash_request *req) @@ -642,7 +727,7 @@ int crypto4xx_hash_digest(struct ahash_request *req) return crypto4xx_build_pd(&req->base, ctx, req->src, &dst, req->nbytes, NULL, 0, ctx->sa_in, - ctx->sa_len, 0); + ctx->sa_len, 0, NULL); } /** diff --git a/drivers/crypto/amcc/crypto4xx_core.c b/drivers/crypto/amcc/crypto4xx_core.c index 76f459ad2821..9cb234c72549 100644 --- a/drivers/crypto/amcc/crypto4xx_core.c +++ b/drivers/crypto/amcc/crypto4xx_core.c @@ -41,6 +41,7 @@ #include <crypto/gcm.h> #include <crypto/sha.h> #include <crypto/scatterwalk.h> +#include <crypto/skcipher.h> #include <crypto/internal/aead.h> #include <crypto/internal/skcipher.h> #include "crypto4xx_reg_def.h" @@ -526,31 +527,38 @@ static void crypto4xx_ret_sg_desc(struct crypto4xx_device *dev, } } -static void crypto4xx_ablkcipher_done(struct crypto4xx_device *dev, +static void crypto4xx_cipher_done(struct crypto4xx_device *dev, struct pd_uinfo *pd_uinfo, struct ce_pd *pd) { - struct crypto4xx_ctx *ctx; - struct ablkcipher_request *ablk_req; + struct skcipher_request *req; struct scatterlist *dst; dma_addr_t addr; - ablk_req = ablkcipher_request_cast(pd_uinfo->async_req); - ctx = crypto_tfm_ctx(ablk_req->base.tfm); + req = skcipher_request_cast(pd_uinfo->async_req); if (pd_uinfo->using_sd) { - crypto4xx_copy_pkt_to_dst(dev, pd, pd_uinfo, ablk_req->nbytes, - ablk_req->dst); + crypto4xx_copy_pkt_to_dst(dev, pd, pd_uinfo, + req->cryptlen, req->dst); } else { dst = pd_uinfo->dest_va; addr = dma_map_page(dev->core_dev->device, sg_page(dst), dst->offset, dst->length, DMA_FROM_DEVICE); } + + if (pd_uinfo->sa_va->sa_command_0.bf.save_iv == SA_SAVE_IV) { + struct crypto_skcipher *skcipher = crypto_skcipher_reqtfm(req); + + crypto4xx_memcpy_from_le32((u32 *)req->iv, + pd_uinfo->sr_va->save_iv, + crypto_skcipher_ivsize(skcipher)); + } + crypto4xx_ret_sg_desc(dev, pd_uinfo); if (pd_uinfo->state & PD_ENTRY_BUSY) - ablkcipher_request_complete(ablk_req, -EINPROGRESS); - ablkcipher_request_complete(ablk_req, 0); + skcipher_request_complete(req, -EINPROGRESS); + skcipher_request_complete(req, 0); } static void crypto4xx_ahash_done(struct crypto4xx_device *dev, @@ -580,7 +588,7 @@ static void crypto4xx_aead_done(struct crypto4xx_device *dev, struct scatterlist *dst = pd_uinfo->dest_va; size_t cp_len = crypto_aead_authsize( crypto_aead_reqtfm(aead_req)); - u32 icv[cp_len]; + u32 icv[AES_BLOCK_SIZE]; int err = 0; if (pd_uinfo->using_sd) { @@ -595,7 +603,7 @@ static void crypto4xx_aead_done(struct crypto4xx_device *dev, if (pd_uinfo->sa_va->sa_command_0.bf.dir == DIR_OUTBOUND) { /* append icv at the end */ crypto4xx_memcpy_from_le32(icv, pd_uinfo->sr_va->save_digest, - cp_len); + sizeof(icv)); scatterwalk_map_and_copy(icv, dst, aead_req->cryptlen, cp_len, 1); @@ -605,7 +613,7 @@ static void crypto4xx_aead_done(struct crypto4xx_device *dev, aead_req->assoclen + aead_req->cryptlen - cp_len, cp_len, 0); - crypto4xx_memcpy_from_le32(icv, icv, cp_len); + crypto4xx_memcpy_from_le32(icv, icv, sizeof(icv)); if (crypto_memneq(icv, pd_uinfo->sr_va->save_digest, cp_len)) err = -EBADMSG; @@ -641,8 +649,8 @@ static void crypto4xx_pd_done(struct crypto4xx_device *dev, u32 idx) struct pd_uinfo *pd_uinfo = &dev->pdr_uinfo[idx]; switch (crypto_tfm_alg_type(pd_uinfo->async_req->tfm)) { - case CRYPTO_ALG_TYPE_ABLKCIPHER: - crypto4xx_ablkcipher_done(dev, pd_uinfo, pd); + case CRYPTO_ALG_TYPE_SKCIPHER: + crypto4xx_cipher_done(dev, pd_uinfo, pd); break; case CRYPTO_ALG_TYPE_AEAD: crypto4xx_aead_done(dev, pd_uinfo, pd); @@ -687,9 +695,9 @@ int crypto4xx_build_pd(struct crypto_async_request *req, const __le32 *iv, const u32 iv_len, const struct dynamic_sa_ctl *req_sa, const unsigned int sa_len, - const unsigned int assoclen) + const unsigned int assoclen, + struct scatterlist *_dst) { - struct scatterlist _dst[2]; struct crypto4xx_device *dev = ctx->dev; struct dynamic_sa_ctl *sa; struct ce_gd *gd; @@ -936,15 +944,27 @@ static void crypto4xx_ctx_init(struct crypto4xx_alg *amcc_alg, ctx->sa_len = 0; } -static int crypto4xx_ablk_init(struct crypto_tfm *tfm) +static int crypto4xx_sk_init(struct crypto_skcipher *sk) { - struct crypto_alg *alg = tfm->__crt_alg; + struct skcipher_alg *alg = crypto_skcipher_alg(sk); struct crypto4xx_alg *amcc_alg; - struct crypto4xx_ctx *ctx = crypto_tfm_ctx(tfm); + struct crypto4xx_ctx *ctx = crypto_skcipher_ctx(sk); + + if (alg->base.cra_flags & CRYPTO_ALG_NEED_FALLBACK) { + ctx->sw_cipher.cipher = + crypto_alloc_skcipher(alg->base.cra_name, 0, + CRYPTO_ALG_NEED_FALLBACK | + CRYPTO_ALG_ASYNC); + if (IS_ERR(ctx->sw_cipher.cipher)) + return PTR_ERR(ctx->sw_cipher.cipher); + + crypto_skcipher_set_reqsize(sk, + sizeof(struct skcipher_request) + 32 + + crypto_skcipher_reqsize(ctx->sw_cipher.cipher)); + } amcc_alg = container_of(alg, struct crypto4xx_alg, alg.u.cipher); crypto4xx_ctx_init(amcc_alg, ctx); - tfm->crt_ablkcipher.reqsize = sizeof(struct crypto4xx_ctx); return 0; } @@ -953,9 +973,13 @@ static void crypto4xx_common_exit(struct crypto4xx_ctx *ctx) crypto4xx_free_sa(ctx); } -static void crypto4xx_ablk_exit(struct crypto_tfm *tfm) +static void crypto4xx_sk_exit(struct crypto_skcipher *sk) { - crypto4xx_common_exit(crypto_tfm_ctx(tfm)); + struct crypto4xx_ctx *ctx = crypto_skcipher_ctx(sk); + + crypto4xx_common_exit(ctx); + if (ctx->sw_cipher.cipher) + crypto_free_skcipher(ctx->sw_cipher.cipher); } static int crypto4xx_aead_init(struct crypto_aead *tfm) @@ -972,9 +996,9 @@ static int crypto4xx_aead_init(struct crypto_aead *tfm) amcc_alg = container_of(alg, struct crypto4xx_alg, alg.u.aead); crypto4xx_ctx_init(amcc_alg, ctx); - crypto_aead_set_reqsize(tfm, sizeof(struct aead_request) + - max(sizeof(struct crypto4xx_ctx), 32 + - crypto_aead_reqsize(ctx->sw_cipher.aead))); + crypto_aead_set_reqsize(tfm, max(sizeof(struct aead_request) + 32 + + crypto_aead_reqsize(ctx->sw_cipher.aead), + sizeof(struct crypto4xx_aead_reqctx))); return 0; } @@ -1012,7 +1036,7 @@ static int crypto4xx_register_alg(struct crypto4xx_device *sec_dev, break; default: - rc = crypto_register_alg(&alg->alg.u.cipher); + rc = crypto_register_skcipher(&alg->alg.u.cipher); break; } @@ -1041,7 +1065,7 @@ static void crypto4xx_unregister_alg(struct crypto4xx_device *sec_dev) break; default: - crypto_unregister_alg(&alg->alg.u.cipher); + crypto_unregister_skcipher(&alg->alg.u.cipher); } kfree(alg); } @@ -1103,126 +1127,131 @@ static irqreturn_t crypto4xx_ce_interrupt_handler_revb(int irq, void *data) */ static struct crypto4xx_alg_common crypto4xx_alg[] = { /* Crypto AES modes */ - { .type = CRYPTO_ALG_TYPE_ABLKCIPHER, .u.cipher = { - .cra_name = "cbc(aes)", - .cra_driver_name = "cbc-aes-ppc4xx", - .cra_priority = CRYPTO4XX_CRYPTO_PRIORITY, - .cra_flags = CRYPTO_ALG_TYPE_ABLKCIPHER | - CRYPTO_ALG_ASYNC | - CRYPTO_ALG_KERN_DRIVER_ONLY, - .cra_blocksize = AES_BLOCK_SIZE, - .cra_ctxsize = sizeof(struct crypto4xx_ctx), - .cra_type = &crypto_ablkcipher_type, - .cra_init = crypto4xx_ablk_init, - .cra_exit = crypto4xx_ablk_exit, - .cra_module = THIS_MODULE, - .cra_u = { - .ablkcipher = { - .min_keysize = AES_MIN_KEY_SIZE, - .max_keysize = AES_MAX_KEY_SIZE, - .ivsize = AES_IV_SIZE, - .setkey = crypto4xx_setkey_aes_cbc, - .encrypt = crypto4xx_encrypt, - .decrypt = crypto4xx_decrypt, - } - } - }}, - { .type = CRYPTO_ALG_TYPE_ABLKCIPHER, .u.cipher = { - .cra_name = "cfb(aes)", - .cra_driver_name = "cfb-aes-ppc4xx", - .cra_priority = CRYPTO4XX_CRYPTO_PRIORITY, - .cra_flags = CRYPTO_ALG_TYPE_ABLKCIPHER | - CRYPTO_ALG_ASYNC | - CRYPTO_ALG_KERN_DRIVER_ONLY, - .cra_blocksize = AES_BLOCK_SIZE, - .cra_ctxsize = sizeof(struct crypto4xx_ctx), - .cra_type = &crypto_ablkcipher_type, - .cra_init = crypto4xx_ablk_init, - .cra_exit = crypto4xx_ablk_exit, - .cra_module = THIS_MODULE, - .cra_u = { - .ablkcipher = { - .min_keysize = AES_MIN_KEY_SIZE, - .max_keysize = AES_MAX_KEY_SIZE, - .ivsize = AES_IV_SIZE, - .setkey = crypto4xx_setkey_aes_cfb, - .encrypt = crypto4xx_encrypt, - .decrypt = crypto4xx_decrypt, - } - } + { .type = CRYPTO_ALG_TYPE_SKCIPHER, .u.cipher = { + .base = { + .cra_name = "cbc(aes)", + .cra_driver_name = "cbc-aes-ppc4xx", + .cra_priority = CRYPTO4XX_CRYPTO_PRIORITY, + .cra_flags = CRYPTO_ALG_TYPE_SKCIPHER | + CRYPTO_ALG_ASYNC | + CRYPTO_ALG_KERN_DRIVER_ONLY, + .cra_blocksize = AES_BLOCK_SIZE, + .cra_ctxsize = sizeof(struct crypto4xx_ctx), + .cra_module = THIS_MODULE, + }, + .min_keysize = AES_MIN_KEY_SIZE, + .max_keysize = AES_MAX_KEY_SIZE, + .ivsize = AES_IV_SIZE, + .setkey = crypto4xx_setkey_aes_cbc, + .encrypt = crypto4xx_encrypt_iv, + .decrypt = crypto4xx_decrypt_iv, + .init = crypto4xx_sk_init, + .exit = crypto4xx_sk_exit, } }, - { .type = CRYPTO_ALG_TYPE_ABLKCIPHER, .u.cipher = { - .cra_name = "rfc3686(ctr(aes))", - .cra_driver_name = "rfc3686-ctr-aes-ppc4xx", - .cra_priority = CRYPTO4XX_CRYPTO_PRIORITY, - .cra_flags = CRYPTO_ALG_TYPE_ABLKCIPHER | - CRYPTO_ALG_ASYNC | - CRYPTO_ALG_KERN_DRIVER_ONLY, - .cra_blocksize = AES_BLOCK_SIZE, - .cra_ctxsize = sizeof(struct crypto4xx_ctx), - .cra_type = &crypto_ablkcipher_type, - .cra_init = crypto4xx_ablk_init, - .cra_exit = crypto4xx_ablk_exit, - .cra_module = THIS_MODULE, - .cra_u = { - .ablkcipher = { - .min_keysize = AES_MIN_KEY_SIZE + - CTR_RFC3686_NONCE_SIZE, - .max_keysize = AES_MAX_KEY_SIZE + - CTR_RFC3686_NONCE_SIZE, - .ivsize = CTR_RFC3686_IV_SIZE, - .setkey = crypto4xx_setkey_rfc3686, - .encrypt = crypto4xx_rfc3686_encrypt, - .decrypt = crypto4xx_rfc3686_decrypt, - } - } + { .type = CRYPTO_ALG_TYPE_SKCIPHER, .u.cipher = { + .base = { + .cra_name = "cfb(aes)", + .cra_driver_name = "cfb-aes-ppc4xx", + .cra_priority = CRYPTO4XX_CRYPTO_PRIORITY, + .cra_flags = CRYPTO_ALG_TYPE_SKCIPHER | + CRYPTO_ALG_ASYNC | + CRYPTO_ALG_KERN_DRIVER_ONLY, + .cra_blocksize = AES_BLOCK_SIZE, + .cra_ctxsize = sizeof(struct crypto4xx_ctx), + .cra_module = THIS_MODULE, + }, + .min_keysize = AES_MIN_KEY_SIZE, + .max_keysize = AES_MAX_KEY_SIZE, + .ivsize = AES_IV_SIZE, + .setkey = crypto4xx_setkey_aes_cfb, + .encrypt = crypto4xx_encrypt_iv, + .decrypt = crypto4xx_decrypt_iv, + .init = crypto4xx_sk_init, + .exit = crypto4xx_sk_exit, } }, - { .type = CRYPTO_ALG_TYPE_ABLKCIPHER, .u.cipher = { - .cra_name = "ecb(aes)", - .cra_driver_name = "ecb-aes-ppc4xx", - .cra_priority = CRYPTO4XX_CRYPTO_PRIORITY, - .cra_flags = CRYPTO_ALG_TYPE_ABLKCIPHER | - CRYPTO_ALG_ASYNC | - CRYPTO_ALG_KERN_DRIVER_ONLY, - .cra_blocksize = AES_BLOCK_SIZE, - .cra_ctxsize = sizeof(struct crypto4xx_ctx), - .cra_type = &crypto_ablkcipher_type, - .cra_init = crypto4xx_ablk_init, - .cra_exit = crypto4xx_ablk_exit, - .cra_module = THIS_MODULE, - .cra_u = { - .ablkcipher = { - .min_keysize = AES_MIN_KEY_SIZE, - .max_keysize = AES_MAX_KEY_SIZE, - .setkey = crypto4xx_setkey_aes_ecb, - .encrypt = crypto4xx_encrypt, - .decrypt = crypto4xx_decrypt, - } - } + { .type = CRYPTO_ALG_TYPE_SKCIPHER, .u.cipher = { + .base = { + .cra_name = "ctr(aes)", + .cra_driver_name = "ctr-aes-ppc4xx", + .cra_priority = CRYPTO4XX_CRYPTO_PRIORITY, + .cra_flags = CRYPTO_ALG_TYPE_SKCIPHER | + CRYPTO_ALG_NEED_FALLBACK | + CRYPTO_ALG_ASYNC | + CRYPTO_ALG_KERN_DRIVER_ONLY, + .cra_blocksize = AES_BLOCK_SIZE, + .cra_ctxsize = sizeof(struct crypto4xx_ctx), + .cra_module = THIS_MODULE, + }, + .min_keysize = AES_MIN_KEY_SIZE, + .max_keysize = AES_MAX_KEY_SIZE, + .ivsize = AES_IV_SIZE, + .setkey = crypto4xx_setkey_aes_ctr, + .encrypt = crypto4xx_encrypt_ctr, + .decrypt = crypto4xx_decrypt_ctr, + .init = crypto4xx_sk_init, + .exit = crypto4xx_sk_exit, } }, - { .type = CRYPTO_ALG_TYPE_ABLKCIPHER, .u.cipher = { - .cra_name = "ofb(aes)", - .cra_driver_name = "ofb-aes-ppc4xx", - .cra_priority = CRYPTO4XX_CRYPTO_PRIORITY, - .cra_flags = CRYPTO_ALG_TYPE_ABLKCIPHER | - CRYPTO_ALG_ASYNC | - CRYPTO_ALG_KERN_DRIVER_ONLY, - .cra_blocksize = AES_BLOCK_SIZE, - .cra_ctxsize = sizeof(struct crypto4xx_ctx), - .cra_type = &crypto_ablkcipher_type, - .cra_init = crypto4xx_ablk_init, - .cra_exit = crypto4xx_ablk_exit, - .cra_module = THIS_MODULE, - .cra_u = { - .ablkcipher = { - .min_keysize = AES_MIN_KEY_SIZE, - .max_keysize = AES_MAX_KEY_SIZE, - .ivsize = AES_IV_SIZE, - .setkey = crypto4xx_setkey_aes_ofb, - .encrypt = crypto4xx_encrypt, - .decrypt = crypto4xx_decrypt, - } - } + { .type = CRYPTO_ALG_TYPE_SKCIPHER, .u.cipher = { + .base = { + .cra_name = "rfc3686(ctr(aes))", + .cra_driver_name = "rfc3686-ctr-aes-ppc4xx", + .cra_priority = CRYPTO4XX_CRYPTO_PRIORITY, + .cra_flags = CRYPTO_ALG_TYPE_SKCIPHER | + CRYPTO_ALG_ASYNC | + CRYPTO_ALG_KERN_DRIVER_ONLY, + .cra_blocksize = AES_BLOCK_SIZE, + .cra_ctxsize = sizeof(struct crypto4xx_ctx), + .cra_module = THIS_MODULE, + }, + .min_keysize = AES_MIN_KEY_SIZE + CTR_RFC3686_NONCE_SIZE, + .max_keysize = AES_MAX_KEY_SIZE + CTR_RFC3686_NONCE_SIZE, + .ivsize = CTR_RFC3686_IV_SIZE, + .setkey = crypto4xx_setkey_rfc3686, + .encrypt = crypto4xx_rfc3686_encrypt, + .decrypt = crypto4xx_rfc3686_decrypt, + .init = crypto4xx_sk_init, + .exit = crypto4xx_sk_exit, + } }, + { .type = CRYPTO_ALG_TYPE_SKCIPHER, .u.cipher = { + .base = { + .cra_name = "ecb(aes)", + .cra_driver_name = "ecb-aes-ppc4xx", + .cra_priority = CRYPTO4XX_CRYPTO_PRIORITY, + .cra_flags = CRYPTO_ALG_TYPE_SKCIPHER | + CRYPTO_ALG_ASYNC | + CRYPTO_ALG_KERN_DRIVER_ONLY, + .cra_blocksize = AES_BLOCK_SIZE, + .cra_ctxsize = sizeof(struct crypto4xx_ctx), + .cra_module = THIS_MODULE, + }, + .min_keysize = AES_MIN_KEY_SIZE, + .max_keysize = AES_MAX_KEY_SIZE, + .setkey = crypto4xx_setkey_aes_ecb, + .encrypt = crypto4xx_encrypt_noiv, + .decrypt = crypto4xx_decrypt_noiv, + .init = crypto4xx_sk_init, + .exit = crypto4xx_sk_exit, + } }, + { .type = CRYPTO_ALG_TYPE_SKCIPHER, .u.cipher = { + .base = { + .cra_name = "ofb(aes)", + .cra_driver_name = "ofb-aes-ppc4xx", + .cra_priority = CRYPTO4XX_CRYPTO_PRIORITY, + .cra_flags = CRYPTO_ALG_TYPE_SKCIPHER | + CRYPTO_ALG_ASYNC | + CRYPTO_ALG_KERN_DRIVER_ONLY, + .cra_blocksize = AES_BLOCK_SIZE, + .cra_ctxsize = sizeof(struct crypto4xx_ctx), + .cra_module = THIS_MODULE, + }, + .min_keysize = AES_MIN_KEY_SIZE, + .max_keysize = AES_MAX_KEY_SIZE, + .ivsize = AES_IV_SIZE, + .setkey = crypto4xx_setkey_aes_ofb, + .encrypt = crypto4xx_encrypt_iv, + .decrypt = crypto4xx_decrypt_iv, + .init = crypto4xx_sk_init, + .exit = crypto4xx_sk_exit, } }, /* AEAD */ diff --git a/drivers/crypto/amcc/crypto4xx_core.h b/drivers/crypto/amcc/crypto4xx_core.h index 23b726da6534..e2ca56722f07 100644 --- a/drivers/crypto/amcc/crypto4xx_core.h +++ b/drivers/crypto/amcc/crypto4xx_core.h @@ -25,6 +25,7 @@ #include <linux/ratelimit.h> #include <crypto/internal/hash.h> #include <crypto/internal/aead.h> +#include <crypto/internal/skcipher.h> #include "crypto4xx_reg_def.h" #include "crypto4xx_sa.h" @@ -127,14 +128,19 @@ struct crypto4xx_ctx { __le32 iv_nonce; u32 sa_len; union { + struct crypto_skcipher *cipher; struct crypto_aead *aead; } sw_cipher; }; +struct crypto4xx_aead_reqctx { + struct scatterlist dst[2]; +}; + struct crypto4xx_alg_common { u32 type; union { - struct crypto_alg cipher; + struct skcipher_alg cipher; struct ahash_alg hash; struct aead_alg aead; } u; @@ -157,21 +163,28 @@ int crypto4xx_build_pd(struct crypto_async_request *req, const __le32 *iv, const u32 iv_len, const struct dynamic_sa_ctl *sa, const unsigned int sa_len, - const unsigned int assoclen); -int crypto4xx_setkey_aes_cbc(struct crypto_ablkcipher *cipher, + const unsigned int assoclen, + struct scatterlist *dst_tmp); +int crypto4xx_setkey_aes_cbc(struct crypto_skcipher *cipher, + const u8 *key, unsigned int keylen); +int crypto4xx_setkey_aes_cfb(struct crypto_skcipher *cipher, const u8 *key, unsigned int keylen); -int crypto4xx_setkey_aes_cfb(struct crypto_ablkcipher *cipher, +int crypto4xx_setkey_aes_ctr(struct crypto_skcipher *cipher, const u8 *key, unsigned int keylen); -int crypto4xx_setkey_aes_ecb(struct crypto_ablkcipher *cipher, +int crypto4xx_setkey_aes_ecb(struct crypto_skcipher *cipher, const u8 *key, unsigned int keylen); -int crypto4xx_setkey_aes_ofb(struct crypto_ablkcipher *cipher, +int crypto4xx_setkey_aes_ofb(struct crypto_skcipher *cipher, const u8 *key, unsigned int keylen); -int crypto4xx_setkey_rfc3686(struct crypto_ablkcipher *cipher, +int crypto4xx_setkey_rfc3686(struct crypto_skcipher *cipher, const u8 *key, unsigned int keylen); -int crypto4xx_encrypt(struct ablkcipher_request *req); -int crypto4xx_decrypt(struct ablkcipher_request *req); -int crypto4xx_rfc3686_encrypt(struct ablkcipher_request *req); -int crypto4xx_rfc3686_decrypt(struct ablkcipher_request *req); +int crypto4xx_encrypt_ctr(struct skcipher_request *req); +int crypto4xx_decrypt_ctr(struct skcipher_request *req); +int crypto4xx_encrypt_iv(struct skcipher_request *req); +int crypto4xx_decrypt_iv(struct skcipher_request *req); +int crypto4xx_encrypt_noiv(struct skcipher_request *req); +int crypto4xx_decrypt_noiv(struct skcipher_request *req); +int crypto4xx_rfc3686_encrypt(struct skcipher_request *req); +int crypto4xx_rfc3686_decrypt(struct skcipher_request *req); int crypto4xx_sha1_alg_init(struct crypto_tfm *tfm); int crypto4xx_hash_digest(struct ahash_request *req); int crypto4xx_hash_final(struct ahash_request *req); diff --git a/drivers/crypto/caam/caamalg.c b/drivers/crypto/caam/caamalg.c index 7207a535942d..d67667970f7e 100644 --- a/drivers/crypto/caam/caamalg.c +++ b/drivers/crypto/caam/caamalg.c @@ -769,15 +769,18 @@ struct aead_edesc { * @src_nents: number of segments in input s/w scatterlist * @dst_nents: number of segments in output s/w scatterlist * @iv_dma: dma address of iv for checking continuity and link table + * @iv_dir: DMA mapping direction for IV * @sec4_sg_bytes: length of dma mapped sec4_sg space * @sec4_sg_dma: bus physical mapped address of h/w link table * @sec4_sg: pointer to h/w link table * @hw_desc: the h/w job descriptor followed by any referenced link tables + * and IV */ struct ablkcipher_edesc { int src_nents; int dst_nents; dma_addr_t iv_dma; + enum dma_data_direction iv_dir; int sec4_sg_bytes; dma_addr_t sec4_sg_dma; struct sec4_sg_entry *sec4_sg; @@ -787,7 +790,8 @@ struct ablkcipher_edesc { static void caam_unmap(struct device *dev, struct scatterlist *src, struct scatterlist *dst, int src_nents, int dst_nents, - dma_addr_t iv_dma, int ivsize, dma_addr_t sec4_sg_dma, + dma_addr_t iv_dma, int ivsize, + enum dma_data_direction iv_dir, dma_addr_t sec4_sg_dma, int sec4_sg_bytes) { if (dst != src) { @@ -799,7 +803,7 @@ static void caam_unmap(struct device *dev, struct scatterlist *src, } if (iv_dma) - dma_unmap_single(dev, iv_dma, ivsize, DMA_TO_DEVICE); + dma_unmap_single(dev, iv_dma, ivsize, iv_dir); if (sec4_sg_bytes) dma_unmap_single(dev, sec4_sg_dma, sec4_sg_bytes, DMA_TO_DEVICE); @@ -810,7 +814,7 @@ static void aead_unmap(struct device *dev, struct aead_request *req) { caam_unmap(dev, req->src, req->dst, - edesc->src_nents, edesc->dst_nents, 0, 0, + edesc->src_nents, edesc->dst_nents, 0, 0, DMA_NONE, edesc->sec4_sg_dma, edesc->sec4_sg_bytes); } @@ -823,7 +827,7 @@ static void ablkcipher_unmap(struct device *dev, caam_unmap(dev, req->src, req->dst, edesc->src_nents, edesc->dst_nents, - edesc->iv_dma, ivsize, + edesc->iv_dma, ivsize, edesc->iv_dir, edesc->sec4_sg_dma, edesc->sec4_sg_bytes); } @@ -912,6 +916,18 @@ static void ablkcipher_encrypt_done(struct device *jrdev, u32 *desc, u32 err, scatterwalk_map_and_copy(req->info, req->dst, req->nbytes - ivsize, ivsize, 0); + /* In case initial IV was generated, copy it in GIVCIPHER request */ + if (edesc->iv_dir == DMA_FROM_DEVICE) { + u8 *iv; + struct skcipher_givcrypt_request *greq; + + greq = container_of(req, struct skcipher_givcrypt_request, + creq); + iv = (u8 *)edesc->hw_desc + desc_bytes(edesc->hw_desc) + + edesc->sec4_sg_bytes; + memcpy(greq->giv, iv, ivsize); + } + kfree(edesc); ablkcipher_request_complete(req, err); @@ -922,10 +938,10 @@ static void ablkcipher_decrypt_done(struct device *jrdev, u32 *desc, u32 err, { struct ablkcipher_request *req = context; struct ablkcipher_edesc *edesc; +#ifdef DEBUG struct crypto_ablkcipher *ablkcipher = crypto_ablkcipher_reqtfm(req); int ivsize = crypto_ablkcipher_ivsize(ablkcipher); -#ifdef DEBUG dev_err(jrdev, "%s %d: err 0x%x\n", __func__, __LINE__, err); #endif @@ -943,14 +959,6 @@ static void ablkcipher_decrypt_done(struct device *jrdev, u32 *desc, u32 err, edesc->dst_nents > 1 ? 100 : req->nbytes, 1); ablkcipher_unmap(jrdev, edesc, req); - - /* - * The crypto API expects us to set the IV (req->info) to the last - * ciphertext block. - */ - scatterwalk_map_and_copy(req->info, req->src, req->nbytes - ivsize, - ivsize, 0); - kfree(edesc); ablkcipher_request_complete(req, err); @@ -1099,15 +1107,14 @@ static void init_authenc_job(struct aead_request *req, */ static void init_ablkcipher_job(u32 *sh_desc, dma_addr_t ptr, struct ablkcipher_edesc *edesc, - struct ablkcipher_request *req, - bool iv_contig) + struct ablkcipher_request *req) { struct crypto_ablkcipher *ablkcipher = crypto_ablkcipher_reqtfm(req); int ivsize = crypto_ablkcipher_ivsize(ablkcipher); u32 *desc = edesc->hw_desc; - u32 out_options = 0, in_options; - dma_addr_t dst_dma, src_dma; - int len, sec4_sg_index = 0; + u32 out_options = 0; + dma_addr_t dst_dma; + int len; #ifdef DEBUG print_hex_dump(KERN_ERR, "presciv@"__stringify(__LINE__)": ", @@ -1123,30 +1130,18 @@ static void init_ablkcipher_job(u32 *sh_desc, dma_addr_t ptr, len = desc_len(sh_desc); init_job_desc_shared(desc, ptr, len, HDR_SHARE_DEFER | HDR_REVERSE); - if (iv_contig) { - src_dma = edesc->iv_dma; - in_options = 0; - } else { - src_dma = edesc->sec4_sg_dma; - sec4_sg_index += edesc->src_nents + 1; - in_options = LDST_SGF; - } - append_seq_in_ptr(desc, src_dma, req->nbytes + ivsize, in_options); + append_seq_in_ptr(desc, edesc->sec4_sg_dma, req->nbytes + ivsize, + LDST_SGF); if (likely(req->src == req->dst)) { - if (edesc->src_nents == 1 && iv_contig) { - dst_dma = sg_dma_address(req->src); - } else { - dst_dma = edesc->sec4_sg_dma + - sizeof(struct sec4_sg_entry); - out_options = LDST_SGF; - } + dst_dma = edesc->sec4_sg_dma + sizeof(struct sec4_sg_entry); + out_options = LDST_SGF; } else { if (edesc->dst_nents == 1) { dst_dma = sg_dma_address(req->dst); } else { - dst_dma = edesc->sec4_sg_dma + - sec4_sg_index * sizeof(struct sec4_sg_entry); + dst_dma = edesc->sec4_sg_dma + (edesc->src_nents + 1) * + sizeof(struct sec4_sg_entry); out_options = LDST_SGF; } } @@ -1158,13 +1153,12 @@ static void init_ablkcipher_job(u32 *sh_desc, dma_addr_t ptr, */ static void init_ablkcipher_giv_job(u32 *sh_desc, dma_addr_t ptr, struct ablkcipher_edesc *edesc, - struct ablkcipher_request *req, - bool iv_contig) + struct ablkcipher_request *req) { struct crypto_ablkcipher *ablkcipher = crypto_ablkcipher_reqtfm(req); int ivsize = crypto_ablkcipher_ivsize(ablkcipher); u32 *desc = edesc->hw_desc; - u32 out_options, in_options; + u32 in_options; dma_addr_t dst_dma, src_dma; int len, sec4_sg_index = 0; @@ -1190,15 +1184,9 @@ static void init_ablkcipher_giv_job(u32 *sh_desc, dma_addr_t ptr, } append_seq_in_ptr(desc, src_dma, req->nbytes, in_options); - if (iv_contig) { - dst_dma = edesc->iv_dma; - out_options = 0; - } else { - dst_dma = edesc->sec4_sg_dma + - sec4_sg_index * sizeof(struct sec4_sg_entry); - out_options = LDST_SGF; - } - append_seq_out_ptr(desc, dst_dma, req->nbytes + ivsize, out_options); + dst_dma = edesc->sec4_sg_dma + sec4_sg_index * + sizeof(struct sec4_sg_entry); + append_seq_out_ptr(desc, dst_dma, req->nbytes + ivsize, LDST_SGF); } /* @@ -1287,7 +1275,7 @@ static struct aead_edesc *aead_edesc_alloc(struct aead_request *req, GFP_DMA | flags); if (!edesc) { caam_unmap(jrdev, req->src, req->dst, src_nents, dst_nents, 0, - 0, 0, 0); + 0, DMA_NONE, 0, 0); return ERR_PTR(-ENOMEM); } @@ -1491,8 +1479,7 @@ static int aead_decrypt(struct aead_request *req) * allocate and map the ablkcipher extended descriptor for ablkcipher */ static struct ablkcipher_edesc *ablkcipher_edesc_alloc(struct ablkcipher_request - *req, int desc_bytes, - bool *iv_contig_out) + *req, int desc_bytes) { struct crypto_ablkcipher *ablkcipher = crypto_ablkcipher_reqtfm(req); struct caam_ctx *ctx = crypto_ablkcipher_ctx(ablkcipher); @@ -1501,8 +1488,8 @@ static struct ablkcipher_edesc *ablkcipher_edesc_alloc(struct ablkcipher_request GFP_KERNEL : GFP_ATOMIC; int src_nents, mapped_src_nents, dst_nents = 0, mapped_dst_nents = 0; struct ablkcipher_edesc *edesc; - dma_addr_t iv_dma = 0; - bool in_contig; + dma_addr_t iv_dma; + u8 *iv; int ivsize = crypto_ablkcipher_ivsize(ablkcipher); int dst_sg_idx, sec4_sg_ents, sec4_sg_bytes; @@ -1546,33 +1533,20 @@ static struct ablkcipher_edesc *ablkcipher_edesc_alloc(struct ablkcipher_request } } - iv_dma = dma_map_single(jrdev, req->info, ivsize, DMA_TO_DEVICE); - if (dma_mapping_error(jrdev, iv_dma)) { - dev_err(jrdev, "unable to map IV\n"); - caam_unmap(jrdev, req->src, req->dst, src_nents, dst_nents, 0, - 0, 0, 0); - return ERR_PTR(-ENOMEM); - } - - if (mapped_src_nents == 1 && - iv_dma + ivsize == sg_dma_address(req->src)) { - in_contig = true; - sec4_sg_ents = 0; - } else { - in_contig = false; - sec4_sg_ents = 1 + mapped_src_nents; - } + sec4_sg_ents = 1 + mapped_src_nents; dst_sg_idx = sec4_sg_ents; sec4_sg_ents += mapped_dst_nents > 1 ? mapped_dst_nents : 0; sec4_sg_bytes = sec4_sg_ents * sizeof(struct sec4_sg_entry); - /* allocate space for base edesc and hw desc commands, link tables */ - edesc = kzalloc(sizeof(*edesc) + desc_bytes + sec4_sg_bytes, + /* + * allocate space for base edesc and hw desc commands, link tables, IV + */ + edesc = kzalloc(sizeof(*edesc) + desc_bytes + sec4_sg_bytes + ivsize, GFP_DMA | flags); if (!edesc) { dev_err(jrdev, "could not allocate extended descriptor\n"); - caam_unmap(jrdev, req->src, req->dst, src_nents, dst_nents, - iv_dma, ivsize, 0, 0); + caam_unmap(jrdev, req->src, req->dst, src_nents, dst_nents, 0, + 0, DMA_NONE, 0, 0); return ERR_PTR(-ENOMEM); } @@ -1581,13 +1555,24 @@ static struct ablkcipher_edesc *ablkcipher_edesc_alloc(struct ablkcipher_request edesc->sec4_sg_bytes = sec4_sg_bytes; edesc->sec4_sg = (void *)edesc + sizeof(struct ablkcipher_edesc) + desc_bytes; + edesc->iv_dir = DMA_TO_DEVICE; - if (!in_contig) { - dma_to_sec4_sg_one(edesc->sec4_sg, iv_dma, ivsize, 0); - sg_to_sec4_sg_last(req->src, mapped_src_nents, - edesc->sec4_sg + 1, 0); + /* Make sure IV is located in a DMAable area */ + iv = (u8 *)edesc->hw_desc + desc_bytes + sec4_sg_bytes; + memcpy(iv, req->info, ivsize); + + iv_dma = dma_map_single(jrdev, iv, ivsize, DMA_TO_DEVICE); + if (dma_mapping_error(jrdev, iv_dma)) { + dev_err(jrdev, "unable to map IV\n"); + caam_unmap(jrdev, req->src, req->dst, src_nents, dst_nents, 0, + 0, DMA_NONE, 0, 0); + kfree(edesc); + return ERR_PTR(-ENOMEM); } + dma_to_sec4_sg_one(edesc->sec4_sg, iv_dma, ivsize, 0); + sg_to_sec4_sg_last(req->src, mapped_src_nents, edesc->sec4_sg + 1, 0); + if (mapped_dst_nents > 1) { sg_to_sec4_sg_last(req->dst, mapped_dst_nents, edesc->sec4_sg + dst_sg_idx, 0); @@ -1598,7 +1583,7 @@ static struct ablkcipher_edesc *ablkcipher_edesc_alloc(struct ablkcipher_request if (dma_mapping_error(jrdev, edesc->sec4_sg_dma)) { dev_err(jrdev, "unable to map S/G table\n"); caam_unmap(jrdev, req->src, req->dst, src_nents, dst_nents, - iv_dma, ivsize, 0, 0); + iv_dma, ivsize, DMA_TO_DEVICE, 0, 0); kfree(edesc); return ERR_PTR(-ENOMEM); } @@ -1611,7 +1596,6 @@ static struct ablkcipher_edesc *ablkcipher_edesc_alloc(struct ablkcipher_request sec4_sg_bytes, 1); #endif - *iv_contig_out = in_contig; return edesc; } @@ -1621,19 +1605,16 @@ static int ablkcipher_encrypt(struct ablkcipher_request *req) struct crypto_ablkcipher *ablkcipher = crypto_ablkcipher_reqtfm(req); struct caam_ctx *ctx = crypto_ablkcipher_ctx(ablkcipher); struct device *jrdev = ctx->jrdev; - bool iv_contig; u32 *desc; int ret = 0; /* allocate extended descriptor */ - edesc = ablkcipher_edesc_alloc(req, DESC_JOB_IO_LEN * - CAAM_CMD_SZ, &iv_contig); + edesc = ablkcipher_edesc_alloc(req, DESC_JOB_IO_LEN * CAAM_CMD_SZ); if (IS_ERR(edesc)) return PTR_ERR(edesc); /* Create and submit job descriptor*/ - init_ablkcipher_job(ctx->sh_desc_enc, - ctx->sh_desc_enc_dma, edesc, req, iv_contig); + init_ablkcipher_job(ctx->sh_desc_enc, ctx->sh_desc_enc_dma, edesc, req); #ifdef DEBUG print_hex_dump(KERN_ERR, "ablkcipher jobdesc@"__stringify(__LINE__)": ", DUMP_PREFIX_ADDRESS, 16, 4, edesc->hw_desc, @@ -1657,20 +1638,25 @@ static int ablkcipher_decrypt(struct ablkcipher_request *req) struct ablkcipher_edesc *edesc; struct crypto_ablkcipher *ablkcipher = crypto_ablkcipher_reqtfm(req); struct caam_ctx *ctx = crypto_ablkcipher_ctx(ablkcipher); + int ivsize = crypto_ablkcipher_ivsize(ablkcipher); struct device *jrdev = ctx->jrdev; - bool iv_contig; u32 *desc; int ret = 0; /* allocate extended descriptor */ - edesc = ablkcipher_edesc_alloc(req, DESC_JOB_IO_LEN * - CAAM_CMD_SZ, &iv_contig); + edesc = ablkcipher_edesc_alloc(req, DESC_JOB_IO_LEN * CAAM_CMD_SZ); if (IS_ERR(edesc)) return PTR_ERR(edesc); + /* + * The crypto API expects us to set the IV (req->info) to the last + * ciphertext block. + */ + scatterwalk_map_and_copy(req->info, req->src, req->nbytes - ivsize, + ivsize, 0); + /* Create and submit job descriptor*/ - init_ablkcipher_job(ctx->sh_desc_dec, - ctx->sh_desc_dec_dma, edesc, req, iv_contig); + init_ablkcipher_job(ctx->sh_desc_dec, ctx->sh_desc_dec_dma, edesc, req); desc = edesc->hw_desc; #ifdef DEBUG print_hex_dump(KERN_ERR, "ablkcipher jobdesc@"__stringify(__LINE__)": ", @@ -1695,8 +1681,7 @@ static int ablkcipher_decrypt(struct ablkcipher_request *req) */ static struct ablkcipher_edesc *ablkcipher_giv_edesc_alloc( struct skcipher_givcrypt_request *greq, - int desc_bytes, - bool *iv_contig_out) + int desc_bytes) { struct ablkcipher_request *req = &greq->creq; struct crypto_ablkcipher *ablkcipher = crypto_ablkcipher_reqtfm(req); @@ -1706,8 +1691,8 @@ static struct ablkcipher_edesc *ablkcipher_giv_edesc_alloc( GFP_KERNEL : GFP_ATOMIC; int src_nents, mapped_src_nents, dst_nents, mapped_dst_nents; struct ablkcipher_edesc *edesc; - dma_addr_t iv_dma = 0; - bool out_contig; + dma_addr_t iv_dma; + u8 *iv; int ivsize = crypto_ablkcipher_ivsize(ablkcipher); int dst_sg_idx, sec4_sg_ents, sec4_sg_bytes; @@ -1752,36 +1737,20 @@ static struct ablkcipher_edesc *ablkcipher_giv_edesc_alloc( } } - /* - * Check if iv can be contiguous with source and destination. - * If so, include it. If not, create scatterlist. - */ - iv_dma = dma_map_single(jrdev, greq->giv, ivsize, DMA_TO_DEVICE); - if (dma_mapping_error(jrdev, iv_dma)) { - dev_err(jrdev, "unable to map IV\n"); - caam_unmap(jrdev, req->src, req->dst, src_nents, dst_nents, 0, - 0, 0, 0); - return ERR_PTR(-ENOMEM); - } - sec4_sg_ents = mapped_src_nents > 1 ? mapped_src_nents : 0; dst_sg_idx = sec4_sg_ents; - if (mapped_dst_nents == 1 && - iv_dma + ivsize == sg_dma_address(req->dst)) { - out_contig = true; - } else { - out_contig = false; - sec4_sg_ents += 1 + mapped_dst_nents; - } + sec4_sg_ents += 1 + mapped_dst_nents; - /* allocate space for base edesc and hw desc commands, link tables */ + /* + * allocate space for base edesc and hw desc commands, link tables, IV + */ sec4_sg_bytes = sec4_sg_ents * sizeof(struct sec4_sg_entry); - edesc = kzalloc(sizeof(*edesc) + desc_bytes + sec4_sg_bytes, + edesc = kzalloc(sizeof(*edesc) + desc_bytes + sec4_sg_bytes + ivsize, GFP_DMA | flags); if (!edesc) { dev_err(jrdev, "could not allocate extended descriptor\n"); - caam_unmap(jrdev, req->src, req->dst, src_nents, dst_nents, - iv_dma, ivsize, 0, 0); + caam_unmap(jrdev, req->src, req->dst, src_nents, dst_nents, 0, + 0, DMA_NONE, 0, 0); return ERR_PTR(-ENOMEM); } @@ -1790,24 +1759,33 @@ static struct ablkcipher_edesc *ablkcipher_giv_edesc_alloc( edesc->sec4_sg_bytes = sec4_sg_bytes; edesc->sec4_sg = (void *)edesc + sizeof(struct ablkcipher_edesc) + desc_bytes; + edesc->iv_dir = DMA_FROM_DEVICE; + + /* Make sure IV is located in a DMAable area */ + iv = (u8 *)edesc->hw_desc + desc_bytes + sec4_sg_bytes; + iv_dma = dma_map_single(jrdev, iv, ivsize, DMA_FROM_DEVICE); + if (dma_mapping_error(jrdev, iv_dma)) { + dev_err(jrdev, "unable to map IV\n"); + caam_unmap(jrdev, req->src, req->dst, src_nents, dst_nents, 0, + 0, DMA_NONE, 0, 0); + kfree(edesc); + return ERR_PTR(-ENOMEM); + } if (mapped_src_nents > 1) sg_to_sec4_sg_last(req->src, mapped_src_nents, edesc->sec4_sg, 0); - if (!out_contig) { - dma_to_sec4_sg_one(edesc->sec4_sg + dst_sg_idx, - iv_dma, ivsize, 0); - sg_to_sec4_sg_last(req->dst, mapped_dst_nents, - edesc->sec4_sg + dst_sg_idx + 1, 0); - } + dma_to_sec4_sg_one(edesc->sec4_sg + dst_sg_idx, iv_dma, ivsize, 0); + sg_to_sec4_sg_last(req->dst, mapped_dst_nents, edesc->sec4_sg + + dst_sg_idx + 1, 0); edesc->sec4_sg_dma = dma_map_single(jrdev, edesc->sec4_sg, sec4_sg_bytes, DMA_TO_DEVICE); if (dma_mapping_error(jrdev, edesc->sec4_sg_dma)) { dev_err(jrdev, "unable to map S/G table\n"); caam_unmap(jrdev, req->src, req->dst, src_nents, dst_nents, - iv_dma, ivsize, 0, 0); + iv_dma, ivsize, DMA_FROM_DEVICE, 0, 0); kfree(edesc); return ERR_PTR(-ENOMEM); } @@ -1820,7 +1798,6 @@ static struct ablkcipher_edesc *ablkcipher_giv_edesc_alloc( sec4_sg_bytes, 1); #endif - *iv_contig_out = out_contig; return edesc; } @@ -1831,19 +1808,17 @@ static int ablkcipher_givencrypt(struct skcipher_givcrypt_request *creq) struct crypto_ablkcipher *ablkcipher = crypto_ablkcipher_reqtfm(req); struct caam_ctx *ctx = crypto_ablkcipher_ctx(ablkcipher); struct device *jrdev = ctx->jrdev; - bool iv_contig = false; u32 *desc; int ret = 0; /* allocate extended descriptor */ - edesc = ablkcipher_giv_edesc_alloc(creq, DESC_JOB_IO_LEN * - CAAM_CMD_SZ, &iv_contig); + edesc = ablkcipher_giv_edesc_alloc(creq, DESC_JOB_IO_LEN * CAAM_CMD_SZ); if (IS_ERR(edesc)) return PTR_ERR(edesc); /* Create and submit job descriptor*/ init_ablkcipher_giv_job(ctx->sh_desc_givenc, ctx->sh_desc_givenc_dma, - edesc, req, iv_contig); + edesc, req); #ifdef DEBUG print_hex_dump(KERN_ERR, "ablkcipher jobdesc@" __stringify(__LINE__) ": ", diff --git a/drivers/crypto/caam/caamalg_desc.c b/drivers/crypto/caam/caamalg_desc.c index 8ae7a1be7dfd..a408edd84f34 100644 --- a/drivers/crypto/caam/caamalg_desc.c +++ b/drivers/crypto/caam/caamalg_desc.c @@ -1093,7 +1093,7 @@ void cnstr_shdsc_rfc4543_encap(u32 * const desc, struct alginfo *cdata, read_move_cmd = append_move(desc, MOVE_SRC_DESCBUF | MOVE_DEST_MATH3 | (0x6 << MOVE_LEN_SHIFT)); write_move_cmd = append_move(desc, MOVE_SRC_MATH3 | MOVE_DEST_DESCBUF | - (0x8 << MOVE_LEN_SHIFT)); + (0x8 << MOVE_LEN_SHIFT) | MOVE_WAITCOMP); /* Will read assoclen + cryptlen bytes */ append_math_sub(desc, VARSEQINLEN, SEQINLEN, REG0, CAAM_CMD_SZ); @@ -1178,7 +1178,7 @@ void cnstr_shdsc_rfc4543_decap(u32 * const desc, struct alginfo *cdata, read_move_cmd = append_move(desc, MOVE_SRC_DESCBUF | MOVE_DEST_MATH3 | (0x6 << MOVE_LEN_SHIFT)); write_move_cmd = append_move(desc, MOVE_SRC_MATH3 | MOVE_DEST_DESCBUF | - (0x8 << MOVE_LEN_SHIFT)); + (0x8 << MOVE_LEN_SHIFT) | MOVE_WAITCOMP); /* Will read assoclen + cryptlen bytes */ append_math_sub(desc, VARSEQINLEN, SEQOUTLEN, REG0, CAAM_CMD_SZ); diff --git a/drivers/crypto/caam/caamalg_qi.c b/drivers/crypto/caam/caamalg_qi.c index cacda0831390..6e61cc93c2b0 100644 --- a/drivers/crypto/caam/caamalg_qi.c +++ b/drivers/crypto/caam/caamalg_qi.c @@ -728,7 +728,7 @@ badkey: * @assoclen: associated data length, in CAAM endianness * @assoclen_dma: bus physical mapped address of req->assoclen * @drv_req: driver-specific request structure - * @sgt: the h/w link table + * @sgt: the h/w link table, followed by IV */ struct aead_edesc { int src_nents; @@ -739,9 +739,6 @@ struct aead_edesc { unsigned int assoclen; dma_addr_t assoclen_dma; struct caam_drv_req drv_req; -#define CAAM_QI_MAX_AEAD_SG \ - ((CAAM_QI_MEMCACHE_SIZE - offsetof(struct aead_edesc, sgt)) / \ - sizeof(struct qm_sg_entry)) struct qm_sg_entry sgt[0]; }; @@ -753,7 +750,7 @@ struct aead_edesc { * @qm_sg_bytes: length of dma mapped h/w link table * @qm_sg_dma: bus physical mapped address of h/w link table * @drv_req: driver-specific request structure - * @sgt: the h/w link table + * @sgt: the h/w link table, followed by IV */ struct ablkcipher_edesc { int src_nents; @@ -762,9 +759,6 @@ struct ablkcipher_edesc { int qm_sg_bytes; dma_addr_t qm_sg_dma; struct caam_drv_req drv_req; -#define CAAM_QI_MAX_ABLKCIPHER_SG \ - ((CAAM_QI_MEMCACHE_SIZE - offsetof(struct ablkcipher_edesc, sgt)) / \ - sizeof(struct qm_sg_entry)) struct qm_sg_entry sgt[0]; }; @@ -986,17 +980,8 @@ static struct aead_edesc *aead_edesc_alloc(struct aead_request *req, } } - if ((alg->caam.rfc3686 && encrypt) || !alg->caam.geniv) { + if ((alg->caam.rfc3686 && encrypt) || !alg->caam.geniv) ivsize = crypto_aead_ivsize(aead); - iv_dma = dma_map_single(qidev, req->iv, ivsize, DMA_TO_DEVICE); - if (dma_mapping_error(qidev, iv_dma)) { - dev_err(qidev, "unable to map IV\n"); - caam_unmap(qidev, req->src, req->dst, src_nents, - dst_nents, 0, 0, op_type, 0, 0); - qi_cache_free(edesc); - return ERR_PTR(-ENOMEM); - } - } /* * Create S/G table: req->assoclen, [IV,] req->src [, req->dst]. @@ -1004,16 +989,33 @@ static struct aead_edesc *aead_edesc_alloc(struct aead_request *req, */ qm_sg_ents = 1 + !!ivsize + mapped_src_nents + (mapped_dst_nents > 1 ? mapped_dst_nents : 0); - if (unlikely(qm_sg_ents > CAAM_QI_MAX_AEAD_SG)) { - dev_err(qidev, "Insufficient S/G entries: %d > %zu\n", - qm_sg_ents, CAAM_QI_MAX_AEAD_SG); - caam_unmap(qidev, req->src, req->dst, src_nents, dst_nents, - iv_dma, ivsize, op_type, 0, 0); + sg_table = &edesc->sgt[0]; + qm_sg_bytes = qm_sg_ents * sizeof(*sg_table); + if (unlikely(offsetof(struct aead_edesc, sgt) + qm_sg_bytes + ivsize > + CAAM_QI_MEMCACHE_SIZE)) { + dev_err(qidev, "No space for %d S/G entries and/or %dB IV\n", + qm_sg_ents, ivsize); + caam_unmap(qidev, req->src, req->dst, src_nents, dst_nents, 0, + 0, 0, 0, 0); qi_cache_free(edesc); return ERR_PTR(-ENOMEM); } - sg_table = &edesc->sgt[0]; - qm_sg_bytes = qm_sg_ents * sizeof(*sg_table); + + if (ivsize) { + u8 *iv = (u8 *)(sg_table + qm_sg_ents); + + /* Make sure IV is located in a DMAable area */ + memcpy(iv, req->iv, ivsize); + + iv_dma = dma_map_single(qidev, iv, ivsize, DMA_TO_DEVICE); + if (dma_mapping_error(qidev, iv_dma)) { + dev_err(qidev, "unable to map IV\n"); + caam_unmap(qidev, req->src, req->dst, src_nents, + dst_nents, 0, 0, 0, 0, 0); + qi_cache_free(edesc); + return ERR_PTR(-ENOMEM); + } + } edesc->src_nents = src_nents; edesc->dst_nents = dst_nents; @@ -1166,15 +1168,27 @@ static void ablkcipher_done(struct caam_drv_req *drv_req, u32 status) #endif ablkcipher_unmap(qidev, edesc, req); - qi_cache_free(edesc); + + /* In case initial IV was generated, copy it in GIVCIPHER request */ + if (edesc->drv_req.drv_ctx->op_type == GIVENCRYPT) { + u8 *iv; + struct skcipher_givcrypt_request *greq; + + greq = container_of(req, struct skcipher_givcrypt_request, + creq); + iv = (u8 *)edesc->sgt + edesc->qm_sg_bytes; + memcpy(greq->giv, iv, ivsize); + } /* * The crypto API expects us to set the IV (req->info) to the last * ciphertext block. This is used e.g. by the CTS mode. */ - scatterwalk_map_and_copy(req->info, req->dst, req->nbytes - ivsize, - ivsize, 0); + if (edesc->drv_req.drv_ctx->op_type != DECRYPT) + scatterwalk_map_and_copy(req->info, req->dst, req->nbytes - + ivsize, ivsize, 0); + qi_cache_free(edesc); ablkcipher_request_complete(req, status); } @@ -1189,9 +1203,9 @@ static struct ablkcipher_edesc *ablkcipher_edesc_alloc(struct ablkcipher_request int src_nents, mapped_src_nents, dst_nents = 0, mapped_dst_nents = 0; struct ablkcipher_edesc *edesc; dma_addr_t iv_dma; - bool in_contig; + u8 *iv; int ivsize = crypto_ablkcipher_ivsize(ablkcipher); - int dst_sg_idx, qm_sg_ents; + int dst_sg_idx, qm_sg_ents, qm_sg_bytes; struct qm_sg_entry *sg_table, *fd_sgt; struct caam_drv_ctx *drv_ctx; enum optype op_type = encrypt ? ENCRYPT : DECRYPT; @@ -1238,55 +1252,53 @@ static struct ablkcipher_edesc *ablkcipher_edesc_alloc(struct ablkcipher_request } } - iv_dma = dma_map_single(qidev, req->info, ivsize, DMA_TO_DEVICE); - if (dma_mapping_error(qidev, iv_dma)) { - dev_err(qidev, "unable to map IV\n"); - caam_unmap(qidev, req->src, req->dst, src_nents, dst_nents, 0, - 0, 0, 0, 0); - return ERR_PTR(-ENOMEM); - } - - if (mapped_src_nents == 1 && - iv_dma + ivsize == sg_dma_address(req->src)) { - in_contig = true; - qm_sg_ents = 0; - } else { - in_contig = false; - qm_sg_ents = 1 + mapped_src_nents; - } + qm_sg_ents = 1 + mapped_src_nents; dst_sg_idx = qm_sg_ents; qm_sg_ents += mapped_dst_nents > 1 ? mapped_dst_nents : 0; - if (unlikely(qm_sg_ents > CAAM_QI_MAX_ABLKCIPHER_SG)) { - dev_err(qidev, "Insufficient S/G entries: %d > %zu\n", - qm_sg_ents, CAAM_QI_MAX_ABLKCIPHER_SG); - caam_unmap(qidev, req->src, req->dst, src_nents, dst_nents, - iv_dma, ivsize, op_type, 0, 0); + qm_sg_bytes = qm_sg_ents * sizeof(struct qm_sg_entry); + if (unlikely(offsetof(struct ablkcipher_edesc, sgt) + qm_sg_bytes + + ivsize > CAAM_QI_MEMCACHE_SIZE)) { + dev_err(qidev, "No space for %d S/G entries and/or %dB IV\n", + qm_sg_ents, ivsize); + caam_unmap(qidev, req->src, req->dst, src_nents, dst_nents, 0, + 0, 0, 0, 0); return ERR_PTR(-ENOMEM); } - /* allocate space for base edesc and link tables */ + /* allocate space for base edesc, link tables and IV */ edesc = qi_cache_alloc(GFP_DMA | flags); if (unlikely(!edesc)) { dev_err(qidev, "could not allocate extended descriptor\n"); - caam_unmap(qidev, req->src, req->dst, src_nents, dst_nents, - iv_dma, ivsize, op_type, 0, 0); + caam_unmap(qidev, req->src, req->dst, src_nents, dst_nents, 0, + 0, 0, 0, 0); + return ERR_PTR(-ENOMEM); + } + + /* Make sure IV is located in a DMAable area */ + sg_table = &edesc->sgt[0]; + iv = (u8 *)(sg_table + qm_sg_ents); + memcpy(iv, req->info, ivsize); + + iv_dma = dma_map_single(qidev, iv, ivsize, DMA_TO_DEVICE); + if (dma_mapping_error(qidev, iv_dma)) { + dev_err(qidev, "unable to map IV\n"); + caam_unmap(qidev, req->src, req->dst, src_nents, dst_nents, 0, + 0, 0, 0, 0); + qi_cache_free(edesc); return ERR_PTR(-ENOMEM); } edesc->src_nents = src_nents; edesc->dst_nents = dst_nents; edesc->iv_dma = iv_dma; - sg_table = &edesc->sgt[0]; - edesc->qm_sg_bytes = qm_sg_ents * sizeof(*sg_table); + edesc->qm_sg_bytes = qm_sg_bytes; edesc->drv_req.app_ctx = req; edesc->drv_req.cbk = ablkcipher_done; edesc->drv_req.drv_ctx = drv_ctx; - if (!in_contig) { - dma_to_qm_sg_one(sg_table, iv_dma, ivsize, 0); - sg_to_qm_sg_last(req->src, mapped_src_nents, sg_table + 1, 0); - } + dma_to_qm_sg_one(sg_table, iv_dma, ivsize, 0); + sg_to_qm_sg_last(req->src, mapped_src_nents, sg_table + 1, 0); if (mapped_dst_nents > 1) sg_to_qm_sg_last(req->dst, mapped_dst_nents, sg_table + @@ -1304,20 +1316,12 @@ static struct ablkcipher_edesc *ablkcipher_edesc_alloc(struct ablkcipher_request fd_sgt = &edesc->drv_req.fd_sgt[0]; - if (!in_contig) - dma_to_qm_sg_one_last_ext(&fd_sgt[1], edesc->qm_sg_dma, - ivsize + req->nbytes, 0); - else - dma_to_qm_sg_one_last(&fd_sgt[1], iv_dma, ivsize + req->nbytes, - 0); + dma_to_qm_sg_one_last_ext(&fd_sgt[1], edesc->qm_sg_dma, + ivsize + req->nbytes, 0); if (req->src == req->dst) { - if (!in_contig) - dma_to_qm_sg_one_ext(&fd_sgt[0], edesc->qm_sg_dma + - sizeof(*sg_table), req->nbytes, 0); - else - dma_to_qm_sg_one(&fd_sgt[0], sg_dma_address(req->src), - req->nbytes, 0); + dma_to_qm_sg_one_ext(&fd_sgt[0], edesc->qm_sg_dma + + sizeof(*sg_table), req->nbytes, 0); } else if (mapped_dst_nents > 1) { dma_to_qm_sg_one_ext(&fd_sgt[0], edesc->qm_sg_dma + dst_sg_idx * sizeof(*sg_table), req->nbytes, 0); @@ -1341,10 +1345,10 @@ static struct ablkcipher_edesc *ablkcipher_giv_edesc_alloc( int src_nents, mapped_src_nents, dst_nents, mapped_dst_nents; struct ablkcipher_edesc *edesc; dma_addr_t iv_dma; - bool out_contig; + u8 *iv; int ivsize = crypto_ablkcipher_ivsize(ablkcipher); struct qm_sg_entry *sg_table, *fd_sgt; - int dst_sg_idx, qm_sg_ents; + int dst_sg_idx, qm_sg_ents, qm_sg_bytes; struct caam_drv_ctx *drv_ctx; drv_ctx = get_drv_ctx(ctx, GIVENCRYPT); @@ -1392,46 +1396,45 @@ static struct ablkcipher_edesc *ablkcipher_giv_edesc_alloc( mapped_dst_nents = src_nents; } - iv_dma = dma_map_single(qidev, creq->giv, ivsize, DMA_FROM_DEVICE); - if (dma_mapping_error(qidev, iv_dma)) { - dev_err(qidev, "unable to map IV\n"); - caam_unmap(qidev, req->src, req->dst, src_nents, dst_nents, 0, - 0, 0, 0, 0); - return ERR_PTR(-ENOMEM); - } - qm_sg_ents = mapped_src_nents > 1 ? mapped_src_nents : 0; dst_sg_idx = qm_sg_ents; - if (mapped_dst_nents == 1 && - iv_dma + ivsize == sg_dma_address(req->dst)) { - out_contig = true; - } else { - out_contig = false; - qm_sg_ents += 1 + mapped_dst_nents; - } - if (unlikely(qm_sg_ents > CAAM_QI_MAX_ABLKCIPHER_SG)) { - dev_err(qidev, "Insufficient S/G entries: %d > %zu\n", - qm_sg_ents, CAAM_QI_MAX_ABLKCIPHER_SG); - caam_unmap(qidev, req->src, req->dst, src_nents, dst_nents, - iv_dma, ivsize, GIVENCRYPT, 0, 0); + qm_sg_ents += 1 + mapped_dst_nents; + qm_sg_bytes = qm_sg_ents * sizeof(struct qm_sg_entry); + if (unlikely(offsetof(struct ablkcipher_edesc, sgt) + qm_sg_bytes + + ivsize > CAAM_QI_MEMCACHE_SIZE)) { + dev_err(qidev, "No space for %d S/G entries and/or %dB IV\n", + qm_sg_ents, ivsize); + caam_unmap(qidev, req->src, req->dst, src_nents, dst_nents, 0, + 0, 0, 0, 0); return ERR_PTR(-ENOMEM); } - /* allocate space for base edesc and link tables */ + /* allocate space for base edesc, link tables and IV */ edesc = qi_cache_alloc(GFP_DMA | flags); if (!edesc) { dev_err(qidev, "could not allocate extended descriptor\n"); - caam_unmap(qidev, req->src, req->dst, src_nents, dst_nents, - iv_dma, ivsize, GIVENCRYPT, 0, 0); + caam_unmap(qidev, req->src, req->dst, src_nents, dst_nents, 0, + 0, 0, 0, 0); + return ERR_PTR(-ENOMEM); + } + + /* Make sure IV is located in a DMAable area */ + sg_table = &edesc->sgt[0]; + iv = (u8 *)(sg_table + qm_sg_ents); + iv_dma = dma_map_single(qidev, iv, ivsize, DMA_FROM_DEVICE); + if (dma_mapping_error(qidev, iv_dma)) { + dev_err(qidev, "unable to map IV\n"); + caam_unmap(qidev, req->src, req->dst, src_nents, dst_nents, 0, + 0, 0, 0, 0); + qi_cache_free(edesc); return ERR_PTR(-ENOMEM); } edesc->src_nents = src_nents; edesc->dst_nents = dst_nents; edesc->iv_dma = iv_dma; - sg_table = &edesc->sgt[0]; - edesc->qm_sg_bytes = qm_sg_ents * sizeof(*sg_table); + edesc->qm_sg_bytes = qm_sg_bytes; edesc->drv_req.app_ctx = req; edesc->drv_req.cbk = ablkcipher_done; edesc->drv_req.drv_ctx = drv_ctx; @@ -1439,11 +1442,9 @@ static struct ablkcipher_edesc *ablkcipher_giv_edesc_alloc( if (mapped_src_nents > 1) sg_to_qm_sg_last(req->src, mapped_src_nents, sg_table, 0); - if (!out_contig) { - dma_to_qm_sg_one(sg_table + dst_sg_idx, iv_dma, ivsize, 0); - sg_to_qm_sg_last(req->dst, mapped_dst_nents, sg_table + - dst_sg_idx + 1, 0); - } + dma_to_qm_sg_one(sg_table + dst_sg_idx, iv_dma, ivsize, 0); + sg_to_qm_sg_last(req->dst, mapped_dst_nents, sg_table + dst_sg_idx + 1, + 0); edesc->qm_sg_dma = dma_map_single(qidev, sg_table, edesc->qm_sg_bytes, DMA_TO_DEVICE); @@ -1464,13 +1465,8 @@ static struct ablkcipher_edesc *ablkcipher_giv_edesc_alloc( dma_to_qm_sg_one(&fd_sgt[1], sg_dma_address(req->src), req->nbytes, 0); - if (!out_contig) - dma_to_qm_sg_one_ext(&fd_sgt[0], edesc->qm_sg_dma + dst_sg_idx * - sizeof(*sg_table), ivsize + req->nbytes, - 0); - else - dma_to_qm_sg_one(&fd_sgt[0], sg_dma_address(req->dst), - ivsize + req->nbytes, 0); + dma_to_qm_sg_one_ext(&fd_sgt[0], edesc->qm_sg_dma + dst_sg_idx * + sizeof(*sg_table), ivsize + req->nbytes, 0); return edesc; } @@ -1480,6 +1476,7 @@ static inline int ablkcipher_crypt(struct ablkcipher_request *req, bool encrypt) struct ablkcipher_edesc *edesc; struct crypto_ablkcipher *ablkcipher = crypto_ablkcipher_reqtfm(req); struct caam_ctx *ctx = crypto_ablkcipher_ctx(ablkcipher); + int ivsize = crypto_ablkcipher_ivsize(ablkcipher); int ret; if (unlikely(caam_congested)) @@ -1490,6 +1487,14 @@ static inline int ablkcipher_crypt(struct ablkcipher_request *req, bool encrypt) if (IS_ERR(edesc)) return PTR_ERR(edesc); + /* + * The crypto API expects us to set the IV (req->info) to the last + * ciphertext block. + */ + if (!encrypt) + scatterwalk_map_and_copy(req->info, req->src, req->nbytes - + ivsize, ivsize, 0); + ret = caam_qi_enqueue(ctx->qidev, &edesc->drv_req); if (!ret) { ret = -EINPROGRESS; diff --git a/drivers/crypto/caam/caampkc.c b/drivers/crypto/caam/caampkc.c index 7a897209f181..578ea63a3109 100644 --- a/drivers/crypto/caam/caampkc.c +++ b/drivers/crypto/caam/caampkc.c @@ -66,7 +66,7 @@ static void rsa_priv_f2_unmap(struct device *dev, struct rsa_edesc *edesc, struct caam_rsa_key *key = &ctx->key; struct rsa_priv_f2_pdb *pdb = &edesc->pdb.priv_f2; size_t p_sz = key->p_sz; - size_t q_sz = key->p_sz; + size_t q_sz = key->q_sz; dma_unmap_single(dev, pdb->d_dma, key->d_sz, DMA_TO_DEVICE); dma_unmap_single(dev, pdb->p_dma, p_sz, DMA_TO_DEVICE); @@ -83,7 +83,7 @@ static void rsa_priv_f3_unmap(struct device *dev, struct rsa_edesc *edesc, struct caam_rsa_key *key = &ctx->key; struct rsa_priv_f3_pdb *pdb = &edesc->pdb.priv_f3; size_t p_sz = key->p_sz; - size_t q_sz = key->p_sz; + size_t q_sz = key->q_sz; dma_unmap_single(dev, pdb->p_dma, p_sz, DMA_TO_DEVICE); dma_unmap_single(dev, pdb->q_dma, q_sz, DMA_TO_DEVICE); @@ -166,18 +166,71 @@ static void rsa_priv_f3_done(struct device *dev, u32 *desc, u32 err, akcipher_request_complete(req, err); } +static int caam_rsa_count_leading_zeros(struct scatterlist *sgl, + unsigned int nbytes, + unsigned int flags) +{ + struct sg_mapping_iter miter; + int lzeros, ents; + unsigned int len; + unsigned int tbytes = nbytes; + const u8 *buff; + + ents = sg_nents_for_len(sgl, nbytes); + if (ents < 0) + return ents; + + sg_miter_start(&miter, sgl, ents, SG_MITER_FROM_SG | flags); + + lzeros = 0; + len = 0; + while (nbytes > 0) { + while (len && !*buff) { + lzeros++; + len--; + buff++; + } + + if (len && *buff) + break; + + sg_miter_next(&miter); + buff = miter.addr; + len = miter.length; + + nbytes -= lzeros; + lzeros = 0; + } + + miter.consumed = lzeros; + sg_miter_stop(&miter); + nbytes -= lzeros; + + return tbytes - nbytes; +} + static struct rsa_edesc *rsa_edesc_alloc(struct akcipher_request *req, size_t desclen) { struct crypto_akcipher *tfm = crypto_akcipher_reqtfm(req); struct caam_rsa_ctx *ctx = akcipher_tfm_ctx(tfm); struct device *dev = ctx->dev; + struct caam_rsa_req_ctx *req_ctx = akcipher_request_ctx(req); struct rsa_edesc *edesc; gfp_t flags = (req->base.flags & CRYPTO_TFM_REQ_MAY_SLEEP) ? GFP_KERNEL : GFP_ATOMIC; + int sg_flags = (flags == GFP_ATOMIC) ? SG_MITER_ATOMIC : 0; int sgc; int sec4_sg_index, sec4_sg_len = 0, sec4_sg_bytes; int src_nents, dst_nents; + int lzeros; + + lzeros = caam_rsa_count_leading_zeros(req->src, req->src_len, sg_flags); + if (lzeros < 0) + return ERR_PTR(lzeros); + + req->src_len -= lzeros; + req->src = scatterwalk_ffwd(req_ctx->src, req->src, lzeros); src_nents = sg_nents_for_len(req->src, req->src_len); dst_nents = sg_nents_for_len(req->dst, req->dst_len); @@ -344,7 +397,7 @@ static int set_rsa_priv_f2_pdb(struct akcipher_request *req, struct rsa_priv_f2_pdb *pdb = &edesc->pdb.priv_f2; int sec4_sg_index = 0; size_t p_sz = key->p_sz; - size_t q_sz = key->p_sz; + size_t q_sz = key->q_sz; pdb->d_dma = dma_map_single(dev, key->d, key->d_sz, DMA_TO_DEVICE); if (dma_mapping_error(dev, pdb->d_dma)) { @@ -419,7 +472,7 @@ static int set_rsa_priv_f3_pdb(struct akcipher_request *req, struct rsa_priv_f3_pdb *pdb = &edesc->pdb.priv_f3; int sec4_sg_index = 0; size_t p_sz = key->p_sz; - size_t q_sz = key->p_sz; + size_t q_sz = key->q_sz; pdb->p_dma = dma_map_single(dev, key->p, p_sz, DMA_TO_DEVICE); if (dma_mapping_error(dev, pdb->p_dma)) { @@ -730,19 +783,12 @@ static u8 *caam_read_rsa_crt(const u8 *ptr, size_t nbytes, size_t dstlen) */ static inline u8 *caam_read_raw_data(const u8 *buf, size_t *nbytes) { - u8 *val; caam_rsa_drop_leading_zeros(&buf, nbytes); if (!*nbytes) return NULL; - val = kzalloc(*nbytes, GFP_DMA | GFP_KERNEL); - if (!val) - return NULL; - - memcpy(val, buf, *nbytes); - - return val; + return kmemdup(buf, *nbytes, GFP_DMA | GFP_KERNEL); } static int caam_rsa_check_key_length(unsigned int len) @@ -953,6 +999,7 @@ static struct akcipher_alg caam_rsa = { .max_size = caam_rsa_max_size, .init = caam_rsa_init_tfm, .exit = caam_rsa_exit_tfm, + .reqsize = sizeof(struct caam_rsa_req_ctx), .base = { .cra_name = "rsa", .cra_driver_name = "rsa-caam", diff --git a/drivers/crypto/caam/caampkc.h b/drivers/crypto/caam/caampkc.h index fd145c46eae1..82645bcf8b27 100644 --- a/drivers/crypto/caam/caampkc.h +++ b/drivers/crypto/caam/caampkc.h @@ -96,6 +96,14 @@ struct caam_rsa_ctx { }; /** + * caam_rsa_req_ctx - per request context. + * @src: input scatterlist (stripped of leading zeros) + */ +struct caam_rsa_req_ctx { + struct scatterlist src[2]; +}; + +/** * rsa_edesc - s/w-extended rsa descriptor * @src_nents : number of segments in input scatterlist * @dst_nents : number of segments in output scatterlist diff --git a/drivers/crypto/caam/ctrl.c b/drivers/crypto/caam/ctrl.c index e4cc636e1104..538c01f428c1 100644 --- a/drivers/crypto/caam/ctrl.c +++ b/drivers/crypto/caam/ctrl.c @@ -322,9 +322,9 @@ static int caam_remove(struct platform_device *pdev) /* * De-initialize RNG state handles initialized by this driver. - * In case of DPAA 2.x, RNG is managed by MC firmware. + * In case of SoCs with Management Complex, RNG is managed by MC f/w. */ - if (!caam_dpaa2 && ctrlpriv->rng4_sh_init) + if (!ctrlpriv->mc_en && ctrlpriv->rng4_sh_init) deinstantiate_rng(ctrldev, ctrlpriv->rng4_sh_init); /* Shut down debug views */ @@ -396,11 +396,56 @@ start_rng: clrsetbits_32(&r4tst->rtmctl, RTMCTL_PRGM, RTMCTL_SAMP_MODE_RAW_ES_SC); } +static int caam_get_era_from_hw(struct caam_ctrl __iomem *ctrl) +{ + static const struct { + u16 ip_id; + u8 maj_rev; + u8 era; + } id[] = { + {0x0A10, 1, 1}, + {0x0A10, 2, 2}, + {0x0A12, 1, 3}, + {0x0A14, 1, 3}, + {0x0A14, 2, 4}, + {0x0A16, 1, 4}, + {0x0A10, 3, 4}, + {0x0A11, 1, 4}, + {0x0A18, 1, 4}, + {0x0A11, 2, 5}, + {0x0A12, 2, 5}, + {0x0A13, 1, 5}, + {0x0A1C, 1, 5} + }; + u32 ccbvid, id_ms; + u8 maj_rev, era; + u16 ip_id; + int i; + + ccbvid = rd_reg32(&ctrl->perfmon.ccb_id); + era = (ccbvid & CCBVID_ERA_MASK) >> CCBVID_ERA_SHIFT; + if (era) /* This is '0' prior to CAAM ERA-6 */ + return era; + + id_ms = rd_reg32(&ctrl->perfmon.caam_id_ms); + ip_id = (id_ms & SECVID_MS_IPID_MASK) >> SECVID_MS_IPID_SHIFT; + maj_rev = (id_ms & SECVID_MS_MAJ_REV_MASK) >> SECVID_MS_MAJ_REV_SHIFT; + + for (i = 0; i < ARRAY_SIZE(id); i++) + if (id[i].ip_id == ip_id && id[i].maj_rev == maj_rev) + return id[i].era; + + return -ENOTSUPP; +} + /** * caam_get_era() - Return the ERA of the SEC on SoC, based - * on "sec-era" propery in the DTS. This property is updated by u-boot. + * on "sec-era" optional property in the DTS. This property is updated + * by u-boot. + * In case this property is not passed an attempt to retrieve the CAAM + * era via register reads will be made. **/ -int caam_get_era(void) +static int caam_get_era(struct caam_ctrl __iomem *ctrl) { struct device_node *caam_node; int ret; @@ -410,9 +455,11 @@ int caam_get_era(void) ret = of_property_read_u32(caam_node, "fsl,sec-era", &prop); of_node_put(caam_node); - return ret ? -ENOTSUPP : prop; + if (!ret) + return prop; + else + return caam_get_era_from_hw(ctrl); } -EXPORT_SYMBOL(caam_get_era); static const struct of_device_id caam_match[] = { { @@ -571,11 +618,15 @@ static int caam_probe(struct platform_device *pdev) /* * Enable DECO watchdogs and, if this is a PHYS_ADDR_T_64BIT kernel, * long pointers in master configuration register. - * In case of DPAA 2.x, Management Complex firmware performs + * In case of SoCs with Management Complex, MC f/w performs * the configuration. */ caam_dpaa2 = !!(comp_params & CTPR_MS_DPAA2); - if (!caam_dpaa2) + np = of_find_compatible_node(NULL, NULL, "fsl,qoriq-mc"); + ctrlpriv->mc_en = !!np; + of_node_put(np); + + if (!ctrlpriv->mc_en) clrsetbits_32(&ctrl->mcr, MCFGR_AWCACHE_MASK | MCFGR_LONG_PTR, MCFGR_AWCACHE_CACH | MCFGR_AWCACHE_BUFF | MCFGR_WDENABLE | MCFGR_LARGE_BURST | @@ -623,7 +674,7 @@ static int caam_probe(struct platform_device *pdev) goto iounmap_ctrl; } - ctrlpriv->era = caam_get_era(); + ctrlpriv->era = caam_get_era(ctrl); ret = of_platform_populate(nprop, caam_match, NULL, dev); if (ret) { @@ -686,9 +737,9 @@ static int caam_probe(struct platform_device *pdev) /* * If SEC has RNG version >= 4 and RNG state handle has not been * already instantiated, do RNG instantiation - * In case of DPAA 2.x, RNG is managed by MC firmware. + * In case of SoCs with Management Complex, RNG is managed by MC f/w. */ - if (!caam_dpaa2 && + if (!ctrlpriv->mc_en && (cha_vid_ls & CHA_ID_LS_RNG_MASK) >> CHA_ID_LS_RNG_SHIFT >= 4) { ctrlpriv->rng4_sh_init = rd_reg32(&ctrl->r4tst[0].rdsta); @@ -757,9 +808,8 @@ static int caam_probe(struct platform_device *pdev) /* Report "alive" for developer to see */ dev_info(dev, "device ID = 0x%016llx (Era %d)\n", caam_id, ctrlpriv->era); - dev_info(dev, "job rings = %d, qi = %d, dpaa2 = %s\n", - ctrlpriv->total_jobrs, ctrlpriv->qi_present, - caam_dpaa2 ? "yes" : "no"); + dev_info(dev, "job rings = %d, qi = %d\n", + ctrlpriv->total_jobrs, ctrlpriv->qi_present); #ifdef CONFIG_DEBUG_FS debugfs_create_file("rq_dequeued", S_IRUSR | S_IRGRP | S_IROTH, diff --git a/drivers/crypto/caam/ctrl.h b/drivers/crypto/caam/ctrl.h index be693a2cc25e..f3ecd67922a7 100644 --- a/drivers/crypto/caam/ctrl.h +++ b/drivers/crypto/caam/ctrl.h @@ -9,8 +9,6 @@ #define CTRL_H /* Prototypes for backend-level services exposed to APIs */ -int caam_get_era(void); - extern bool caam_dpaa2; #endif /* CTRL_H */ diff --git a/drivers/crypto/caam/intern.h b/drivers/crypto/caam/intern.h index 7696a774a362..babc78abd155 100644 --- a/drivers/crypto/caam/intern.h +++ b/drivers/crypto/caam/intern.h @@ -82,6 +82,7 @@ struct caam_drv_private { */ u8 total_jobrs; /* Total Job Rings in device */ u8 qi_present; /* Nonzero if QI present in device */ + u8 mc_en; /* Nonzero if MC f/w is active */ int secvio_irq; /* Security violation interrupt number */ int virt_en; /* Virtualization enabled in CAAM */ int era; /* CAAM Era (internal HW revision) */ diff --git a/drivers/crypto/caam/qi.c b/drivers/crypto/caam/qi.c index b9480828da38..67f7f8c42c93 100644 --- a/drivers/crypto/caam/qi.c +++ b/drivers/crypto/caam/qi.c @@ -657,9 +657,8 @@ static int init_cgr(struct device *qidev) { int ret; struct qm_mcc_initcgr opts; - const u64 cpus = *(u64 *)qman_affine_cpus(); - const int num_cpus = hweight64(cpus); - const u64 val = num_cpus * MAX_RSP_FQ_BACKLOG_PER_CPU; + const u64 val = (u64)cpumask_weight(qman_affine_cpus()) * + MAX_RSP_FQ_BACKLOG_PER_CPU; ret = qman_alloc_cgrid(&qipriv.cgr.cgrid); if (ret) { diff --git a/drivers/crypto/caam/regs.h b/drivers/crypto/caam/regs.h index fee363865d88..4fb91ba39c36 100644 --- a/drivers/crypto/caam/regs.h +++ b/drivers/crypto/caam/regs.h @@ -312,11 +312,17 @@ struct caam_perfmon { /* Component Instantiation Parameters fe0-fff */ u32 rtic_id; /* RVID - RTIC Version ID */ +#define CCBVID_ERA_MASK 0xff000000 +#define CCBVID_ERA_SHIFT 24 u32 ccb_id; /* CCBVID - CCB Version ID */ u32 cha_id_ms; /* CHAVID - CHA Version ID Most Significant*/ u32 cha_id_ls; /* CHAVID - CHA Version ID Least Significant*/ u32 cha_num_ms; /* CHANUM - CHA Number Most Significant */ u32 cha_num_ls; /* CHANUM - CHA Number Least Significant*/ +#define SECVID_MS_IPID_MASK 0xffff0000 +#define SECVID_MS_IPID_SHIFT 16 +#define SECVID_MS_MAJ_REV_MASK 0x0000ff00 +#define SECVID_MS_MAJ_REV_SHIFT 8 u32 caam_id_ms; /* CAAMVID - CAAM Version ID MS */ u32 caam_id_ls; /* CAAMVID - CAAM Version ID LS */ }; diff --git a/drivers/crypto/cavium/zip/common.h b/drivers/crypto/cavium/zip/common.h index dc451e0a43c5..58fb3ed6e644 100644 --- a/drivers/crypto/cavium/zip/common.h +++ b/drivers/crypto/cavium/zip/common.h @@ -46,8 +46,10 @@ #ifndef __COMMON_H__ #define __COMMON_H__ +#include <linux/delay.h> #include <linux/init.h> #include <linux/interrupt.h> +#include <linux/io.h> #include <linux/kernel.h> #include <linux/module.h> #include <linux/pci.h> @@ -149,6 +151,25 @@ struct zip_operation { u32 sizeofzops; }; +static inline int zip_poll_result(union zip_zres_s *result) +{ + int retries = 1000; + + while (!result->s.compcode) { + if (!--retries) { + pr_err("ZIP ERR: request timed out"); + return -ETIMEDOUT; + } + udelay(10); + /* + * Force re-reading of compcode which is updated + * by the ZIP coprocessor. + */ + rmb(); + } + return 0; +} + /* error messages */ #define zip_err(fmt, args...) pr_err("ZIP ERR:%s():%d: " \ fmt "\n", __func__, __LINE__, ## args) diff --git a/drivers/crypto/cavium/zip/zip_crypto.c b/drivers/crypto/cavium/zip/zip_crypto.c index 8df4d26cf9d4..b92b6e7e100f 100644 --- a/drivers/crypto/cavium/zip/zip_crypto.c +++ b/drivers/crypto/cavium/zip/zip_crypto.c @@ -124,7 +124,7 @@ int zip_compress(const u8 *src, unsigned int slen, struct zip_kernel_ctx *zip_ctx) { struct zip_operation *zip_ops = NULL; - struct zip_state zip_state; + struct zip_state *zip_state; struct zip_device *zip = NULL; int ret; @@ -135,20 +135,23 @@ int zip_compress(const u8 *src, unsigned int slen, if (!zip) return -ENODEV; - memset(&zip_state, 0, sizeof(struct zip_state)); + zip_state = kzalloc(sizeof(*zip_state), GFP_ATOMIC); + if (!zip_state) + return -ENOMEM; + zip_ops = &zip_ctx->zip_comp; zip_ops->input_len = slen; zip_ops->output_len = *dlen; memcpy(zip_ops->input, src, slen); - ret = zip_deflate(zip_ops, &zip_state, zip); + ret = zip_deflate(zip_ops, zip_state, zip); if (!ret) { *dlen = zip_ops->output_len; memcpy(dst, zip_ops->output, *dlen); } - + kfree(zip_state); return ret; } @@ -157,7 +160,7 @@ int zip_decompress(const u8 *src, unsigned int slen, struct zip_kernel_ctx *zip_ctx) { struct zip_operation *zip_ops = NULL; - struct zip_state zip_state; + struct zip_state *zip_state; struct zip_device *zip = NULL; int ret; @@ -168,7 +171,10 @@ int zip_decompress(const u8 *src, unsigned int slen, if (!zip) return -ENODEV; - memset(&zip_state, 0, sizeof(struct zip_state)); + zip_state = kzalloc(sizeof(*zip_state), GFP_ATOMIC); + if (!zip_state) + return -ENOMEM; + zip_ops = &zip_ctx->zip_decomp; memcpy(zip_ops->input, src, slen); @@ -179,13 +185,13 @@ int zip_decompress(const u8 *src, unsigned int slen, zip_ops->input_len = slen; zip_ops->output_len = *dlen; - ret = zip_inflate(zip_ops, &zip_state, zip); + ret = zip_inflate(zip_ops, zip_state, zip); if (!ret) { *dlen = zip_ops->output_len; memcpy(dst, zip_ops->output, *dlen); } - + kfree(zip_state); return ret; } diff --git a/drivers/crypto/cavium/zip/zip_deflate.c b/drivers/crypto/cavium/zip/zip_deflate.c index 9a944b8c1e29..d7133f857d67 100644 --- a/drivers/crypto/cavium/zip/zip_deflate.c +++ b/drivers/crypto/cavium/zip/zip_deflate.c @@ -129,8 +129,8 @@ int zip_deflate(struct zip_operation *zip_ops, struct zip_state *s, /* Stats update for compression requests submitted */ atomic64_inc(&zip_dev->stats.comp_req_submit); - while (!result_ptr->s.compcode) - continue; + /* Wait for completion or error */ + zip_poll_result(result_ptr); /* Stats update for compression requests completed */ atomic64_inc(&zip_dev->stats.comp_req_complete); diff --git a/drivers/crypto/cavium/zip/zip_device.c b/drivers/crypto/cavium/zip/zip_device.c index ccf21fb91513..f174ec29ed69 100644 --- a/drivers/crypto/cavium/zip/zip_device.c +++ b/drivers/crypto/cavium/zip/zip_device.c @@ -87,12 +87,12 @@ u32 zip_load_instr(union zip_inst_s *instr, * Distribute the instructions between the enabled queues based on * the CPU id. */ - if (smp_processor_id() % 2 == 0) + if (raw_smp_processor_id() % 2 == 0) queue = 0; else queue = 1; - zip_dbg("CPU Core: %d Queue number:%d", smp_processor_id(), queue); + zip_dbg("CPU Core: %d Queue number:%d", raw_smp_processor_id(), queue); /* Take cmd buffer lock */ spin_lock(&zip_dev->iq[queue].lock); diff --git a/drivers/crypto/cavium/zip/zip_inflate.c b/drivers/crypto/cavium/zip/zip_inflate.c index 50cbdd83dbf2..7e0d73e2f89e 100644 --- a/drivers/crypto/cavium/zip/zip_inflate.c +++ b/drivers/crypto/cavium/zip/zip_inflate.c @@ -143,8 +143,8 @@ int zip_inflate(struct zip_operation *zip_ops, struct zip_state *s, /* Decompression requests submitted stats update */ atomic64_inc(&zip_dev->stats.decomp_req_submit); - while (!result_ptr->s.compcode) - continue; + /* Wait for completion or error */ + zip_poll_result(result_ptr); /* Decompression requests completed stats update */ atomic64_inc(&zip_dev->stats.decomp_req_complete); diff --git a/drivers/crypto/cavium/zip/zip_main.c b/drivers/crypto/cavium/zip/zip_main.c index 1cd8aa488185..be055b9547f6 100644 --- a/drivers/crypto/cavium/zip/zip_main.c +++ b/drivers/crypto/cavium/zip/zip_main.c @@ -113,7 +113,7 @@ struct zip_device *zip_get_device(int node) */ int zip_get_node_id(void) { - return cpu_to_node(smp_processor_id()); + return cpu_to_node(raw_smp_processor_id()); } /* Initializes the ZIP h/w sub-system */ @@ -469,6 +469,8 @@ static int zip_show_stats(struct seq_file *s, void *unused) struct zip_stats *st; for (index = 0; index < MAX_ZIP_DEVICES; index++) { + u64 pending = 0; + if (zip_dev[index]) { zip = zip_dev[index]; st = &zip->stats; @@ -476,16 +478,15 @@ static int zip_show_stats(struct seq_file *s, void *unused) /* Get all the pending requests */ for (q = 0; q < ZIP_NUM_QUEUES; q++) { val = zip_reg_read((zip->reg_base + - ZIP_DBG_COREX_STA(q))); - val = (val >> 32); - val = val & 0xffffff; - atomic64_add(val, &st->pending_req); + ZIP_DBG_QUEX_STA(q))); + pending += val >> 32 & 0xffffff; } - avg_chunk = (atomic64_read(&st->comp_in_bytes) / - atomic64_read(&st->comp_req_complete)); - avg_cr = (atomic64_read(&st->comp_in_bytes) / - atomic64_read(&st->comp_out_bytes)); + val = atomic64_read(&st->comp_req_complete); + avg_chunk = (val) ? atomic64_read(&st->comp_in_bytes) / val : 0; + + val = atomic64_read(&st->comp_out_bytes); + avg_cr = (val) ? atomic64_read(&st->comp_in_bytes) / val : 0; seq_printf(s, " ZIP Device %d Stats\n" "-----------------------------------\n" "Comp Req Submitted : \t%lld\n" @@ -513,10 +514,7 @@ static int zip_show_stats(struct seq_file *s, void *unused) (u64)atomic64_read(&st->decomp_in_bytes), (u64)atomic64_read(&st->decomp_out_bytes), (u64)atomic64_read(&st->decomp_bad_reqs), - (u64)atomic64_read(&st->pending_req)); - - /* Reset pending requests count */ - atomic64_set(&st->pending_req, 0); + pending); } } return 0; diff --git a/drivers/crypto/cavium/zip/zip_main.h b/drivers/crypto/cavium/zip/zip_main.h index 64e051f60784..e1e4fa92ce80 100644 --- a/drivers/crypto/cavium/zip/zip_main.h +++ b/drivers/crypto/cavium/zip/zip_main.h @@ -74,7 +74,6 @@ struct zip_stats { atomic64_t comp_req_complete; atomic64_t decomp_req_submit; atomic64_t decomp_req_complete; - atomic64_t pending_req; atomic64_t comp_in_bytes; atomic64_t comp_out_bytes; atomic64_t decomp_in_bytes; diff --git a/drivers/crypto/cavium/zip/zip_regs.h b/drivers/crypto/cavium/zip/zip_regs.h index d0be682305c1..874e0236c87e 100644 --- a/drivers/crypto/cavium/zip/zip_regs.h +++ b/drivers/crypto/cavium/zip/zip_regs.h @@ -443,7 +443,7 @@ union zip_corex_bist_status { static inline u64 ZIP_COREX_BIST_STATUS(u64 param1) { - if (((param1 <= 1))) + if (param1 <= 1) return 0x0520ull + (param1 & 1) * 0x8ull; pr_err("ZIP_COREX_BIST_STATUS: %llu\n", param1); return 0; @@ -537,7 +537,7 @@ union zip_dbg_corex_inst { static inline u64 ZIP_DBG_COREX_INST(u64 param1) { - if (((param1 <= 1))) + if (param1 <= 1) return 0x0640ull + (param1 & 1) * 0x8ull; pr_err("ZIP_DBG_COREX_INST: %llu\n", param1); return 0; @@ -568,7 +568,7 @@ union zip_dbg_corex_sta { static inline u64 ZIP_DBG_COREX_STA(u64 param1) { - if (((param1 <= 1))) + if (param1 <= 1) return 0x0680ull + (param1 & 1) * 0x8ull; pr_err("ZIP_DBG_COREX_STA: %llu\n", param1); return 0; @@ -599,7 +599,7 @@ union zip_dbg_quex_sta { static inline u64 ZIP_DBG_QUEX_STA(u64 param1) { - if (((param1 <= 7))) + if (param1 <= 7) return 0x1800ull + (param1 & 7) * 0x8ull; pr_err("ZIP_DBG_QUEX_STA: %llu\n", param1); return 0; @@ -817,7 +817,7 @@ union zip_msix_pbax { static inline u64 ZIP_MSIX_PBAX(u64 param1) { - if (((param1 == 0))) + if (param1 == 0) return 0x0000838000FF0000ull; pr_err("ZIP_MSIX_PBAX: %llu\n", param1); return 0; @@ -846,7 +846,7 @@ union zip_msix_vecx_addr { static inline u64 ZIP_MSIX_VECX_ADDR(u64 param1) { - if (((param1 <= 17))) + if (param1 <= 17) return 0x0000838000F00000ull + (param1 & 31) * 0x10ull; pr_err("ZIP_MSIX_VECX_ADDR: %llu\n", param1); return 0; @@ -875,7 +875,7 @@ union zip_msix_vecx_ctl { static inline u64 ZIP_MSIX_VECX_CTL(u64 param1) { - if (((param1 <= 17))) + if (param1 <= 17) return 0x0000838000F00008ull + (param1 & 31) * 0x10ull; pr_err("ZIP_MSIX_VECX_CTL: %llu\n", param1); return 0; @@ -900,7 +900,7 @@ union zip_quex_done { static inline u64 ZIP_QUEX_DONE(u64 param1) { - if (((param1 <= 7))) + if (param1 <= 7) return 0x2000ull + (param1 & 7) * 0x8ull; pr_err("ZIP_QUEX_DONE: %llu\n", param1); return 0; @@ -925,7 +925,7 @@ union zip_quex_done_ack { static inline u64 ZIP_QUEX_DONE_ACK(u64 param1) { - if (((param1 <= 7))) + if (param1 <= 7) return 0x2200ull + (param1 & 7) * 0x8ull; pr_err("ZIP_QUEX_DONE_ACK: %llu\n", param1); return 0; @@ -950,7 +950,7 @@ union zip_quex_done_ena_w1c { static inline u64 ZIP_QUEX_DONE_ENA_W1C(u64 param1) { - if (((param1 <= 7))) + if (param1 <= 7) return 0x2600ull + (param1 & 7) * 0x8ull; pr_err("ZIP_QUEX_DONE_ENA_W1C: %llu\n", param1); return 0; @@ -975,7 +975,7 @@ union zip_quex_done_ena_w1s { static inline u64 ZIP_QUEX_DONE_ENA_W1S(u64 param1) { - if (((param1 <= 7))) + if (param1 <= 7) return 0x2400ull + (param1 & 7) * 0x8ull; pr_err("ZIP_QUEX_DONE_ENA_W1S: %llu\n", param1); return 0; @@ -1004,7 +1004,7 @@ union zip_quex_done_wait { static inline u64 ZIP_QUEX_DONE_WAIT(u64 param1) { - if (((param1 <= 7))) + if (param1 <= 7) return 0x2800ull + (param1 & 7) * 0x8ull; pr_err("ZIP_QUEX_DONE_WAIT: %llu\n", param1); return 0; @@ -1029,7 +1029,7 @@ union zip_quex_doorbell { static inline u64 ZIP_QUEX_DOORBELL(u64 param1) { - if (((param1 <= 7))) + if (param1 <= 7) return 0x4000ull + (param1 & 7) * 0x8ull; pr_err("ZIP_QUEX_DOORBELL: %llu\n", param1); return 0; @@ -1058,7 +1058,7 @@ union zip_quex_err_ena_w1c { static inline u64 ZIP_QUEX_ERR_ENA_W1C(u64 param1) { - if (((param1 <= 7))) + if (param1 <= 7) return 0x3600ull + (param1 & 7) * 0x8ull; pr_err("ZIP_QUEX_ERR_ENA_W1C: %llu\n", param1); return 0; @@ -1087,7 +1087,7 @@ union zip_quex_err_ena_w1s { static inline u64 ZIP_QUEX_ERR_ENA_W1S(u64 param1) { - if (((param1 <= 7))) + if (param1 <= 7) return 0x3400ull + (param1 & 7) * 0x8ull; pr_err("ZIP_QUEX_ERR_ENA_W1S: %llu\n", param1); return 0; @@ -1120,7 +1120,7 @@ union zip_quex_err_int { static inline u64 ZIP_QUEX_ERR_INT(u64 param1) { - if (((param1 <= 7))) + if (param1 <= 7) return 0x3000ull + (param1 & 7) * 0x8ull; pr_err("ZIP_QUEX_ERR_INT: %llu\n", param1); return 0; @@ -1150,7 +1150,7 @@ union zip_quex_err_int_w1s { static inline u64 ZIP_QUEX_ERR_INT_W1S(u64 param1) { - if (((param1 <= 7))) + if (param1 <= 7) return 0x3200ull + (param1 & 7) * 0x8ull; pr_err("ZIP_QUEX_ERR_INT_W1S: %llu\n", param1); return 0; @@ -1179,7 +1179,7 @@ union zip_quex_gcfg { static inline u64 ZIP_QUEX_GCFG(u64 param1) { - if (((param1 <= 7))) + if (param1 <= 7) return 0x1A00ull + (param1 & 7) * 0x8ull; pr_err("ZIP_QUEX_GCFG: %llu\n", param1); return 0; @@ -1204,7 +1204,7 @@ union zip_quex_map { static inline u64 ZIP_QUEX_MAP(u64 param1) { - if (((param1 <= 7))) + if (param1 <= 7) return 0x1400ull + (param1 & 7) * 0x8ull; pr_err("ZIP_QUEX_MAP: %llu\n", param1); return 0; @@ -1236,7 +1236,7 @@ union zip_quex_sbuf_addr { static inline u64 ZIP_QUEX_SBUF_ADDR(u64 param1) { - if (((param1 <= 7))) + if (param1 <= 7) return 0x1000ull + (param1 & 7) * 0x8ull; pr_err("ZIP_QUEX_SBUF_ADDR: %llu\n", param1); return 0; @@ -1276,7 +1276,7 @@ union zip_quex_sbuf_ctl { static inline u64 ZIP_QUEX_SBUF_CTL(u64 param1) { - if (((param1 <= 7))) + if (param1 <= 7) return 0x1200ull + (param1 & 7) * 0x8ull; pr_err("ZIP_QUEX_SBUF_CTL: %llu\n", param1); return 0; diff --git a/drivers/crypto/ccp/psp-dev.c b/drivers/crypto/ccp/psp-dev.c index d95ec526587a..ff478d826d7d 100644 --- a/drivers/crypto/ccp/psp-dev.c +++ b/drivers/crypto/ccp/psp-dev.c @@ -22,11 +22,17 @@ #include <linux/delay.h> #include <linux/hw_random.h> #include <linux/ccp.h> +#include <linux/firmware.h> #include "sp-dev.h" #include "psp-dev.h" +#define SEV_VERSION_GREATER_OR_EQUAL(_maj, _min) \ + ((psp_master->api_major) >= _maj && \ + (psp_master->api_minor) >= _min) + #define DEVICE_NAME "sev" +#define SEV_FW_FILE "amd/sev.fw" static DEFINE_MUTEX(sev_cmd_mutex); static struct sev_misc_dev *misc_dev; @@ -112,6 +118,8 @@ static int sev_cmd_buffer_len(int cmd) case SEV_CMD_RECEIVE_UPDATE_DATA: return sizeof(struct sev_data_receive_update_data); case SEV_CMD_RECEIVE_UPDATE_VMSA: return sizeof(struct sev_data_receive_update_vmsa); case SEV_CMD_LAUNCH_UPDATE_SECRET: return sizeof(struct sev_data_launch_secret); + case SEV_CMD_DOWNLOAD_FIRMWARE: return sizeof(struct sev_data_download_firmware); + case SEV_CMD_GET_ID: return sizeof(struct sev_data_get_id); default: return 0; } @@ -378,6 +386,79 @@ void *psp_copy_user_blob(u64 __user uaddr, u32 len) } EXPORT_SYMBOL_GPL(psp_copy_user_blob); +static int sev_get_api_version(void) +{ + struct sev_user_data_status *status; + int error, ret; + + status = &psp_master->status_cmd_buf; + ret = sev_platform_status(status, &error); + if (ret) { + dev_err(psp_master->dev, + "SEV: failed to get status. Error: %#x\n", error); + return 1; + } + + psp_master->api_major = status->api_major; + psp_master->api_minor = status->api_minor; + psp_master->build = status->build; + + return 0; +} + +/* Don't fail if SEV FW couldn't be updated. Continue with existing SEV FW */ +static int sev_update_firmware(struct device *dev) +{ + struct sev_data_download_firmware *data; + const struct firmware *firmware; + int ret, error, order; + struct page *p; + u64 data_size; + + ret = request_firmware(&firmware, SEV_FW_FILE, dev); + if (ret < 0) + return -1; + + /* + * SEV FW expects the physical address given to it to be 32 + * byte aligned. Memory allocated has structure placed at the + * beginning followed by the firmware being passed to the SEV + * FW. Allocate enough memory for data structure + alignment + * padding + SEV FW. + */ + data_size = ALIGN(sizeof(struct sev_data_download_firmware), 32); + + order = get_order(firmware->size + data_size); + p = alloc_pages(GFP_KERNEL, order); + if (!p) { + ret = -1; + goto fw_err; + } + + /* + * Copy firmware data to a kernel allocated contiguous + * memory region. + */ + data = page_address(p); + memcpy(page_address(p) + data_size, firmware->data, firmware->size); + + data->address = __psp_pa(page_address(p) + data_size); + data->len = firmware->size; + + ret = sev_do_cmd(SEV_CMD_DOWNLOAD_FIRMWARE, data, &error); + if (ret) + dev_dbg(dev, "Failed to update SEV firmware: %#x\n", error); + else + dev_info(dev, "SEV firmware update successful\n"); + + __free_pages(p, order); + +fw_err: + release_firmware(firmware); + + return ret; +} + static int sev_ioctl_do_pek_import(struct sev_issue_cmd *argp) { struct sev_user_data_pek_cert_import input; @@ -430,6 +511,46 @@ e_free: return ret; } +static int sev_ioctl_do_get_id(struct sev_issue_cmd *argp) +{ + struct sev_data_get_id *data; + u64 data_size, user_size; + void *id_blob, *mem; + int ret; + + /* SEV GET_ID available from SEV API v0.16 and up */ + if (!SEV_VERSION_GREATER_OR_EQUAL(0, 16)) + return -ENOTSUPP; + + /* SEV FW expects the buffer it fills with the ID to be + * 8-byte aligned. Memory allocated should be enough to + * hold data structure + alignment padding + memory + * where SEV FW writes the ID. + */ + data_size = ALIGN(sizeof(struct sev_data_get_id), 8); + user_size = sizeof(struct sev_user_data_get_id); + + mem = kzalloc(data_size + user_size, GFP_KERNEL); + if (!mem) + return -ENOMEM; + + data = mem; + id_blob = mem + data_size; + + data->address = __psp_pa(id_blob); + data->len = user_size; + + ret = __sev_do_cmd_locked(SEV_CMD_GET_ID, data, &argp->error); + if (!ret) { + if (copy_to_user((void __user *)argp->data, id_blob, data->len)) + ret = -EFAULT; + } + + kfree(mem); + + return ret; +} + static int sev_ioctl_do_pdh_export(struct sev_issue_cmd *argp) { struct sev_user_data_pdh_cert_export input; @@ -567,6 +688,9 @@ static long sev_ioctl(struct file *file, unsigned int ioctl, unsigned long arg) case SEV_PDH_CERT_EXPORT: ret = sev_ioctl_do_pdh_export(&input); break; + case SEV_GET_ID: + ret = sev_ioctl_do_get_id(&input); + break; default: ret = -EINVAL; goto out; @@ -750,7 +874,6 @@ EXPORT_SYMBOL_GPL(sev_issue_cmd_external_user); void psp_pci_init(void) { - struct sev_user_data_status *status; struct sp_device *sp; int error, rc; @@ -760,6 +883,13 @@ void psp_pci_init(void) psp_master = sp->psp_data; + if (sev_get_api_version()) + goto err; + + if (SEV_VERSION_GREATER_OR_EQUAL(0, 15) && + sev_update_firmware(psp_master->dev) == 0) + sev_get_api_version(); + /* Initialize the platform */ rc = sev_platform_init(&error); if (rc) { @@ -767,16 +897,9 @@ void psp_pci_init(void) goto err; } - /* Display SEV firmware version */ - status = &psp_master->status_cmd_buf; - rc = sev_platform_status(status, &error); - if (rc) { - dev_err(sp->dev, "SEV: failed to get status error %#x\n", error); - goto err; - } + dev_info(sp->dev, "SEV API:%d.%d build:%d\n", psp_master->api_major, + psp_master->api_minor, psp_master->build); - dev_info(sp->dev, "SEV API:%d.%d build:%d\n", status->api_major, - status->api_minor, status->build); return; err: diff --git a/drivers/crypto/ccp/psp-dev.h b/drivers/crypto/ccp/psp-dev.h index c81f0b11287a..c7e9098a233c 100644 --- a/drivers/crypto/ccp/psp-dev.h +++ b/drivers/crypto/ccp/psp-dev.h @@ -78,6 +78,10 @@ struct psp_device { struct sev_misc_dev *sev_misc; struct sev_user_data_status status_cmd_buf; struct sev_data_init init_cmd_buf; + + u8 api_major; + u8 api_minor; + u8 build; }; #endif /* __PSP_DEV_H */ diff --git a/drivers/crypto/ccree/cc_cipher.c b/drivers/crypto/ccree/cc_cipher.c index df98f7afe645..d2810c183b73 100644 --- a/drivers/crypto/ccree/cc_cipher.c +++ b/drivers/crypto/ccree/cc_cipher.c @@ -42,6 +42,7 @@ struct cc_cipher_ctx { int cipher_mode; int flow_mode; unsigned int flags; + bool hw_key; struct cc_user_key_info user; struct cc_hw_key_info hw; struct crypto_shash *shash_tfm; @@ -49,6 +50,13 @@ struct cc_cipher_ctx { static void cc_cipher_complete(struct device *dev, void *cc_req, int err); +static inline bool cc_is_hw_key(struct crypto_tfm *tfm) +{ + struct cc_cipher_ctx *ctx_p = crypto_tfm_ctx(tfm); + + return ctx_p->hw_key; +} + static int validate_keys_sizes(struct cc_cipher_ctx *ctx_p, u32 size) { switch (ctx_p->flow_mode) { @@ -211,7 +219,7 @@ struct tdes_keys { u8 key3[DES_KEY_SIZE]; }; -static enum cc_hw_crypto_key hw_key_to_cc_hw_key(int slot_num) +static enum cc_hw_crypto_key cc_slot_to_hw_key(int slot_num) { switch (slot_num) { case 0: @@ -226,69 +234,100 @@ static enum cc_hw_crypto_key hw_key_to_cc_hw_key(int slot_num) return END_OF_KEYS; } -static int cc_cipher_setkey(struct crypto_skcipher *sktfm, const u8 *key, - unsigned int keylen) +static int cc_cipher_sethkey(struct crypto_skcipher *sktfm, const u8 *key, + unsigned int keylen) { struct crypto_tfm *tfm = crypto_skcipher_tfm(sktfm); struct cc_cipher_ctx *ctx_p = crypto_tfm_ctx(tfm); struct device *dev = drvdata_to_dev(ctx_p->drvdata); - u32 tmp[DES3_EDE_EXPKEY_WORDS]; - struct cc_crypto_alg *cc_alg = - container_of(tfm->__crt_alg, struct cc_crypto_alg, - skcipher_alg.base); - unsigned int max_key_buf_size = cc_alg->skcipher_alg.max_keysize; + struct cc_hkey_info hki; - dev_dbg(dev, "Setting key in context @%p for %s. keylen=%u\n", + dev_dbg(dev, "Setting HW key in context @%p for %s. keylen=%u\n", ctx_p, crypto_tfm_alg_name(tfm), keylen); dump_byte_array("key", (u8 *)key, keylen); /* STAT_PHASE_0: Init and sanity checks */ + /* This check the size of the hardware key token */ + if (keylen != sizeof(hki)) { + dev_err(dev, "Unsupported HW key size %d.\n", keylen); + crypto_tfm_set_flags(tfm, CRYPTO_TFM_RES_BAD_KEY_LEN); + return -EINVAL; + } + + if (ctx_p->flow_mode != S_DIN_to_AES) { + dev_err(dev, "HW key not supported for non-AES flows\n"); + return -EINVAL; + } + + memcpy(&hki, key, keylen); + + /* The real key len for crypto op is the size of the HW key + * referenced by the HW key slot, not the hardware key token + */ + keylen = hki.keylen; + if (validate_keys_sizes(ctx_p, keylen)) { dev_err(dev, "Unsupported key size %d.\n", keylen); crypto_tfm_set_flags(tfm, CRYPTO_TFM_RES_BAD_KEY_LEN); return -EINVAL; } - if (cc_is_hw_key(tfm)) { - /* setting HW key slots */ - struct arm_hw_key_info *hki = (struct arm_hw_key_info *)key; + ctx_p->hw.key1_slot = cc_slot_to_hw_key(hki.hw_key1); + if (ctx_p->hw.key1_slot == END_OF_KEYS) { + dev_err(dev, "Unsupported hw key1 number (%d)\n", hki.hw_key1); + return -EINVAL; + } - if (ctx_p->flow_mode != S_DIN_to_AES) { - dev_err(dev, "HW key not supported for non-AES flows\n"); + if (ctx_p->cipher_mode == DRV_CIPHER_XTS || + ctx_p->cipher_mode == DRV_CIPHER_ESSIV || + ctx_p->cipher_mode == DRV_CIPHER_BITLOCKER) { + if (hki.hw_key1 == hki.hw_key2) { + dev_err(dev, "Illegal hw key numbers (%d,%d)\n", + hki.hw_key1, hki.hw_key2); return -EINVAL; } - - ctx_p->hw.key1_slot = hw_key_to_cc_hw_key(hki->hw_key1); - if (ctx_p->hw.key1_slot == END_OF_KEYS) { - dev_err(dev, "Unsupported hw key1 number (%d)\n", - hki->hw_key1); + ctx_p->hw.key2_slot = cc_slot_to_hw_key(hki.hw_key2); + if (ctx_p->hw.key2_slot == END_OF_KEYS) { + dev_err(dev, "Unsupported hw key2 number (%d)\n", + hki.hw_key2); return -EINVAL; } + } - if (ctx_p->cipher_mode == DRV_CIPHER_XTS || - ctx_p->cipher_mode == DRV_CIPHER_ESSIV || - ctx_p->cipher_mode == DRV_CIPHER_BITLOCKER) { - if (hki->hw_key1 == hki->hw_key2) { - dev_err(dev, "Illegal hw key numbers (%d,%d)\n", - hki->hw_key1, hki->hw_key2); - return -EINVAL; - } - ctx_p->hw.key2_slot = - hw_key_to_cc_hw_key(hki->hw_key2); - if (ctx_p->hw.key2_slot == END_OF_KEYS) { - dev_err(dev, "Unsupported hw key2 number (%d)\n", - hki->hw_key2); - return -EINVAL; - } - } + ctx_p->keylen = keylen; + ctx_p->hw_key = true; + dev_dbg(dev, "cc_is_hw_key ret 0"); + + return 0; +} + +static int cc_cipher_setkey(struct crypto_skcipher *sktfm, const u8 *key, + unsigned int keylen) +{ + struct crypto_tfm *tfm = crypto_skcipher_tfm(sktfm); + struct cc_cipher_ctx *ctx_p = crypto_tfm_ctx(tfm); + struct device *dev = drvdata_to_dev(ctx_p->drvdata); + u32 tmp[DES3_EDE_EXPKEY_WORDS]; + struct cc_crypto_alg *cc_alg = + container_of(tfm->__crt_alg, struct cc_crypto_alg, + skcipher_alg.base); + unsigned int max_key_buf_size = cc_alg->skcipher_alg.max_keysize; + + dev_dbg(dev, "Setting key in context @%p for %s. keylen=%u\n", + ctx_p, crypto_tfm_alg_name(tfm), keylen); + dump_byte_array("key", (u8 *)key, keylen); - ctx_p->keylen = keylen; - dev_dbg(dev, "cc_is_hw_key ret 0"); + /* STAT_PHASE_0: Init and sanity checks */ - return 0; + if (validate_keys_sizes(ctx_p, keylen)) { + dev_err(dev, "Unsupported key size %d.\n", keylen); + crypto_tfm_set_flags(tfm, CRYPTO_TFM_RES_BAD_KEY_LEN); + return -EINVAL; } + ctx_p->hw_key = false; + /* * Verify DES weak keys * Note that we're dropping the expanded key since the @@ -735,6 +774,241 @@ static int cc_cipher_decrypt(struct skcipher_request *req) /* Block cipher alg */ static const struct cc_alg_template skcipher_algs[] = { { + .name = "xts(paes)", + .driver_name = "xts-paes-ccree", + .blocksize = AES_BLOCK_SIZE, + .template_skcipher = { + .setkey = cc_cipher_sethkey, + .encrypt = cc_cipher_encrypt, + .decrypt = cc_cipher_decrypt, + .min_keysize = CC_HW_KEY_SIZE, + .max_keysize = CC_HW_KEY_SIZE, + .ivsize = AES_BLOCK_SIZE, + }, + .cipher_mode = DRV_CIPHER_XTS, + .flow_mode = S_DIN_to_AES, + .min_hw_rev = CC_HW_REV_630, + }, + { + .name = "xts512(paes)", + .driver_name = "xts-paes-du512-ccree", + .blocksize = AES_BLOCK_SIZE, + .template_skcipher = { + .setkey = cc_cipher_sethkey, + .encrypt = cc_cipher_encrypt, + .decrypt = cc_cipher_decrypt, + .min_keysize = CC_HW_KEY_SIZE, + .max_keysize = CC_HW_KEY_SIZE, + .ivsize = AES_BLOCK_SIZE, + }, + .cipher_mode = DRV_CIPHER_XTS, + .flow_mode = S_DIN_to_AES, + .data_unit = 512, + .min_hw_rev = CC_HW_REV_712, + }, + { + .name = "xts4096(paes)", + .driver_name = "xts-paes-du4096-ccree", + .blocksize = AES_BLOCK_SIZE, + .template_skcipher = { + .setkey = cc_cipher_sethkey, + .encrypt = cc_cipher_encrypt, + .decrypt = cc_cipher_decrypt, + .min_keysize = CC_HW_KEY_SIZE, + .max_keysize = CC_HW_KEY_SIZE, + .ivsize = AES_BLOCK_SIZE, + }, + .cipher_mode = DRV_CIPHER_XTS, + .flow_mode = S_DIN_to_AES, + .data_unit = 4096, + .min_hw_rev = CC_HW_REV_712, + }, + { + .name = "essiv(paes)", + .driver_name = "essiv-paes-ccree", + .blocksize = AES_BLOCK_SIZE, + .template_skcipher = { + .setkey = cc_cipher_sethkey, + .encrypt = cc_cipher_encrypt, + .decrypt = cc_cipher_decrypt, + .min_keysize = CC_HW_KEY_SIZE, + .max_keysize = CC_HW_KEY_SIZE, + .ivsize = AES_BLOCK_SIZE, + }, + .cipher_mode = DRV_CIPHER_ESSIV, + .flow_mode = S_DIN_to_AES, + .min_hw_rev = CC_HW_REV_712, + }, + { + .name = "essiv512(paes)", + .driver_name = "essiv-paes-du512-ccree", + .blocksize = AES_BLOCK_SIZE, + .template_skcipher = { + .setkey = cc_cipher_sethkey, + .encrypt = cc_cipher_encrypt, + .decrypt = cc_cipher_decrypt, + .min_keysize = CC_HW_KEY_SIZE, + .max_keysize = CC_HW_KEY_SIZE, + .ivsize = AES_BLOCK_SIZE, + }, + .cipher_mode = DRV_CIPHER_ESSIV, + .flow_mode = S_DIN_to_AES, + .data_unit = 512, + .min_hw_rev = CC_HW_REV_712, + }, + { + .name = "essiv4096(paes)", + .driver_name = "essiv-paes-du4096-ccree", + .blocksize = AES_BLOCK_SIZE, + .template_skcipher = { + .setkey = cc_cipher_sethkey, + .encrypt = cc_cipher_encrypt, + .decrypt = cc_cipher_decrypt, + .min_keysize = CC_HW_KEY_SIZE, + .max_keysize = CC_HW_KEY_SIZE, + .ivsize = AES_BLOCK_SIZE, + }, + .cipher_mode = DRV_CIPHER_ESSIV, + .flow_mode = S_DIN_to_AES, + .data_unit = 4096, + .min_hw_rev = CC_HW_REV_712, + }, + { + .name = "bitlocker(paes)", + .driver_name = "bitlocker-paes-ccree", + .blocksize = AES_BLOCK_SIZE, + .template_skcipher = { + .setkey = cc_cipher_sethkey, + .encrypt = cc_cipher_encrypt, + .decrypt = cc_cipher_decrypt, + .min_keysize = CC_HW_KEY_SIZE, + .max_keysize = CC_HW_KEY_SIZE, + .ivsize = AES_BLOCK_SIZE, + }, + .cipher_mode = DRV_CIPHER_BITLOCKER, + .flow_mode = S_DIN_to_AES, + .min_hw_rev = CC_HW_REV_712, + }, + { + .name = "bitlocker512(paes)", + .driver_name = "bitlocker-paes-du512-ccree", + .blocksize = AES_BLOCK_SIZE, + .template_skcipher = { + .setkey = cc_cipher_sethkey, + .encrypt = cc_cipher_encrypt, + .decrypt = cc_cipher_decrypt, + .min_keysize = CC_HW_KEY_SIZE, + .max_keysize = CC_HW_KEY_SIZE, + .ivsize = AES_BLOCK_SIZE, + }, + .cipher_mode = DRV_CIPHER_BITLOCKER, + .flow_mode = S_DIN_to_AES, + .data_unit = 512, + .min_hw_rev = CC_HW_REV_712, + }, + { + .name = "bitlocker4096(paes)", + .driver_name = "bitlocker-paes-du4096-ccree", + .blocksize = AES_BLOCK_SIZE, + .template_skcipher = { + .setkey = cc_cipher_sethkey, + .encrypt = cc_cipher_encrypt, + .decrypt = cc_cipher_decrypt, + .min_keysize = CC_HW_KEY_SIZE, + .max_keysize = CC_HW_KEY_SIZE, + .ivsize = AES_BLOCK_SIZE, + }, + .cipher_mode = DRV_CIPHER_BITLOCKER, + .flow_mode = S_DIN_to_AES, + .data_unit = 4096, + .min_hw_rev = CC_HW_REV_712, + }, + { + .name = "ecb(paes)", + .driver_name = "ecb-paes-ccree", + .blocksize = AES_BLOCK_SIZE, + .type = CRYPTO_ALG_TYPE_ABLKCIPHER, + .template_skcipher = { + .setkey = cc_cipher_sethkey, + .encrypt = cc_cipher_encrypt, + .decrypt = cc_cipher_decrypt, + .min_keysize = CC_HW_KEY_SIZE, + .max_keysize = CC_HW_KEY_SIZE, + .ivsize = 0, + }, + .cipher_mode = DRV_CIPHER_ECB, + .flow_mode = S_DIN_to_AES, + .min_hw_rev = CC_HW_REV_712, + }, + { + .name = "cbc(paes)", + .driver_name = "cbc-paes-ccree", + .blocksize = AES_BLOCK_SIZE, + .type = CRYPTO_ALG_TYPE_ABLKCIPHER, + .template_skcipher = { + .setkey = cc_cipher_sethkey, + .encrypt = cc_cipher_encrypt, + .decrypt = cc_cipher_decrypt, + .min_keysize = CC_HW_KEY_SIZE, + .max_keysize = CC_HW_KEY_SIZE, + .ivsize = AES_BLOCK_SIZE, + }, + .cipher_mode = DRV_CIPHER_CBC, + .flow_mode = S_DIN_to_AES, + .min_hw_rev = CC_HW_REV_712, + }, + { + .name = "ofb(paes)", + .driver_name = "ofb-paes-ccree", + .blocksize = AES_BLOCK_SIZE, + .type = CRYPTO_ALG_TYPE_ABLKCIPHER, + .template_skcipher = { + .setkey = cc_cipher_sethkey, + .encrypt = cc_cipher_encrypt, + .decrypt = cc_cipher_decrypt, + .min_keysize = CC_HW_KEY_SIZE, + .max_keysize = CC_HW_KEY_SIZE, + .ivsize = AES_BLOCK_SIZE, + }, + .cipher_mode = DRV_CIPHER_OFB, + .flow_mode = S_DIN_to_AES, + .min_hw_rev = CC_HW_REV_712, + }, + { + .name = "cts1(cbc(paes))", + .driver_name = "cts1-cbc-paes-ccree", + .blocksize = AES_BLOCK_SIZE, + .type = CRYPTO_ALG_TYPE_ABLKCIPHER, + .template_skcipher = { + .setkey = cc_cipher_sethkey, + .encrypt = cc_cipher_encrypt, + .decrypt = cc_cipher_decrypt, + .min_keysize = CC_HW_KEY_SIZE, + .max_keysize = CC_HW_KEY_SIZE, + .ivsize = AES_BLOCK_SIZE, + }, + .cipher_mode = DRV_CIPHER_CBC_CTS, + .flow_mode = S_DIN_to_AES, + .min_hw_rev = CC_HW_REV_712, + }, + { + .name = "ctr(paes)", + .driver_name = "ctr-paes-ccree", + .blocksize = 1, + .type = CRYPTO_ALG_TYPE_ABLKCIPHER, + .template_skcipher = { + .setkey = cc_cipher_sethkey, + .encrypt = cc_cipher_encrypt, + .decrypt = cc_cipher_decrypt, + .min_keysize = CC_HW_KEY_SIZE, + .max_keysize = CC_HW_KEY_SIZE, + .ivsize = AES_BLOCK_SIZE, + }, + .cipher_mode = DRV_CIPHER_CTR, + .flow_mode = S_DIN_to_AES, + .min_hw_rev = CC_HW_REV_712, + }, + { .name = "xts(aes)", .driver_name = "xts-aes-ccree", .blocksize = AES_BLOCK_SIZE, diff --git a/drivers/crypto/ccree/cc_cipher.h b/drivers/crypto/ccree/cc_cipher.h index 2a2a6f46c515..68444cfa936b 100644 --- a/drivers/crypto/ccree/cc_cipher.h +++ b/drivers/crypto/ccree/cc_cipher.h @@ -13,18 +13,6 @@ #include "cc_driver.h" #include "cc_buffer_mgr.h" -/* Crypto cipher flags */ -#define CC_CRYPTO_CIPHER_KEY_KFDE0 BIT(0) -#define CC_CRYPTO_CIPHER_KEY_KFDE1 BIT(1) -#define CC_CRYPTO_CIPHER_KEY_KFDE2 BIT(2) -#define CC_CRYPTO_CIPHER_KEY_KFDE3 BIT(3) -#define CC_CRYPTO_CIPHER_DU_SIZE_512B BIT(4) - -#define CC_CRYPTO_CIPHER_KEY_KFDE_MASK (CC_CRYPTO_CIPHER_KEY_KFDE0 | \ - CC_CRYPTO_CIPHER_KEY_KFDE1 | \ - CC_CRYPTO_CIPHER_KEY_KFDE2 | \ - CC_CRYPTO_CIPHER_KEY_KFDE3) - struct cipher_req_ctx { struct async_gen_req_ctx gen_ctx; enum cc_req_dma_buf_type dma_buf_type; @@ -42,18 +30,12 @@ int cc_cipher_alloc(struct cc_drvdata *drvdata); int cc_cipher_free(struct cc_drvdata *drvdata); -struct arm_hw_key_info { - int hw_key1; - int hw_key2; -}; +struct cc_hkey_info { + u16 keylen; + u8 hw_key1; + u8 hw_key2; +} __packed; -/* - * This is a stub function that will replaced when we - * implement secure keys - */ -static inline bool cc_is_hw_key(struct crypto_tfm *tfm) -{ - return false; -} +#define CC_HW_KEY_SIZE sizeof(struct cc_hkey_info) #endif /*__CC_CIPHER_H__*/ diff --git a/drivers/crypto/ccree/cc_debugfs.c b/drivers/crypto/ccree/cc_debugfs.c index 08f8db489cf0..5ca184e42483 100644 --- a/drivers/crypto/ccree/cc_debugfs.c +++ b/drivers/crypto/ccree/cc_debugfs.c @@ -26,7 +26,8 @@ struct cc_debugfs_ctx { static struct dentry *cc_debugfs_dir; static struct debugfs_reg32 debug_regs[] = { - CC_DEBUG_REG(HOST_SIGNATURE), + { .name = "SIGNATURE" }, /* Must be 0th */ + { .name = "VERSION" }, /* Must be 1st */ CC_DEBUG_REG(HOST_IRR), CC_DEBUG_REG(HOST_POWER_DOWN_EN), CC_DEBUG_REG(AXIM_MON_ERR), @@ -34,7 +35,6 @@ static struct debugfs_reg32 debug_regs[] = { CC_DEBUG_REG(HOST_IMR), CC_DEBUG_REG(AXIM_CFG), CC_DEBUG_REG(AXIM_CACHE_PARAMS), - CC_DEBUG_REG(HOST_VERSION), CC_DEBUG_REG(GPR_HOST), CC_DEBUG_REG(AXIM_MON_COMP), }; @@ -58,6 +58,9 @@ int cc_debugfs_init(struct cc_drvdata *drvdata) struct debugfs_regset32 *regset; struct dentry *file; + debug_regs[0].offset = drvdata->sig_offset; + debug_regs[1].offset = drvdata->ver_offset; + ctx = devm_kzalloc(dev, sizeof(*ctx), GFP_KERNEL); if (!ctx) return -ENOMEM; diff --git a/drivers/crypto/ccree/cc_driver.c b/drivers/crypto/ccree/cc_driver.c index 89ce013ae093..bd974fef05e4 100644 --- a/drivers/crypto/ccree/cc_driver.c +++ b/drivers/crypto/ccree/cc_driver.c @@ -168,14 +168,14 @@ int init_cc_regs(struct cc_drvdata *drvdata, bool is_probe) val = cc_ioread(drvdata, CC_REG(AXIM_CACHE_PARAMS)); if (is_probe) - dev_info(dev, "Cache params previous: 0x%08X\n", val); + dev_dbg(dev, "Cache params previous: 0x%08X\n", val); cc_iowrite(drvdata, CC_REG(AXIM_CACHE_PARAMS), cache_params); val = cc_ioread(drvdata, CC_REG(AXIM_CACHE_PARAMS)); if (is_probe) - dev_info(dev, "Cache params current: 0x%08X (expect: 0x%08X)\n", - val, cache_params); + dev_dbg(dev, "Cache params current: 0x%08X (expect: 0x%08X)\n", + val, cache_params); return 0; } @@ -190,6 +190,7 @@ static int init_cc_resources(struct platform_device *plat_dev) u64 dma_mask; const struct cc_hw_data *hw_rev; const struct of_device_id *dev_id; + struct clk *clk; int rc = 0; new_drvdata = devm_kzalloc(dev, sizeof(*new_drvdata), GFP_KERNEL); @@ -207,15 +208,36 @@ static int init_cc_resources(struct platform_device *plat_dev) if (hw_rev->rev >= CC_HW_REV_712) { new_drvdata->hash_len_sz = HASH_LEN_SIZE_712; new_drvdata->axim_mon_offset = CC_REG(AXIM_MON_COMP); + new_drvdata->sig_offset = CC_REG(HOST_SIGNATURE_712); + new_drvdata->ver_offset = CC_REG(HOST_VERSION_712); } else { new_drvdata->hash_len_sz = HASH_LEN_SIZE_630; new_drvdata->axim_mon_offset = CC_REG(AXIM_MON_COMP8); + new_drvdata->sig_offset = CC_REG(HOST_SIGNATURE_630); + new_drvdata->ver_offset = CC_REG(HOST_VERSION_630); } platform_set_drvdata(plat_dev, new_drvdata); new_drvdata->plat_dev = plat_dev; - new_drvdata->clk = of_clk_get(np, 0); + clk = devm_clk_get(dev, NULL); + if (IS_ERR(clk)) + switch (PTR_ERR(clk)) { + /* Clock is optional so this might be fine */ + case -ENOENT: + break; + + /* Clock not available, let's try again soon */ + case -EPROBE_DEFER: + return -EPROBE_DEFER; + + default: + dev_err(dev, "Error getting clock: %ld\n", + PTR_ERR(clk)); + return PTR_ERR(clk); + } + new_drvdata->clk = clk; + new_drvdata->coherent = of_dma_is_coherent(np); /* Get device resources */ @@ -265,7 +287,7 @@ static int init_cc_resources(struct platform_device *plat_dev) } if (rc) { - dev_err(dev, "Failed in dma_set_mask, mask=%pad\n", &dma_mask); + dev_err(dev, "Failed in dma_set_mask, mask=%llx\n", dma_mask); return rc; } @@ -276,7 +298,7 @@ static int init_cc_resources(struct platform_device *plat_dev) } /* Verify correct mapping */ - signature_val = cc_ioread(new_drvdata, CC_REG(HOST_SIGNATURE)); + signature_val = cc_ioread(new_drvdata, new_drvdata->sig_offset); if (signature_val != hw_rev->sig) { dev_err(dev, "Invalid CC signature: SIGNATURE=0x%08X != expected=0x%08X\n", signature_val, hw_rev->sig); @@ -287,7 +309,7 @@ static int init_cc_resources(struct platform_device *plat_dev) /* Display HW versions */ dev_info(dev, "ARM CryptoCell %s Driver: HW version 0x%08X, Driver version %s\n", - hw_rev->name, cc_ioread(new_drvdata, CC_REG(HOST_VERSION)), + hw_rev->name, cc_ioread(new_drvdata, new_drvdata->ver_offset), DRV_MODULE_VERSION); rc = init_cc_regs(new_drvdata, true); diff --git a/drivers/crypto/ccree/cc_driver.h b/drivers/crypto/ccree/cc_driver.h index 2048fdeb9579..95f82b2d1e70 100644 --- a/drivers/crypto/ccree/cc_driver.h +++ b/drivers/crypto/ccree/cc_driver.h @@ -129,6 +129,8 @@ struct cc_drvdata { enum cc_hw_rev hw_rev; u32 hash_len_sz; u32 axim_mon_offset; + u32 sig_offset; + u32 ver_offset; }; struct cc_crypto_alg { diff --git a/drivers/crypto/ccree/cc_host_regs.h b/drivers/crypto/ccree/cc_host_regs.h index f51001898ca1..616b2e1c41ba 100644 --- a/drivers/crypto/ccree/cc_host_regs.h +++ b/drivers/crypto/ccree/cc_host_regs.h @@ -45,7 +45,8 @@ #define CC_HOST_ICR_DSCRPTR_WATERMARK_QUEUE0_CLEAR_BIT_SIZE 0x1UL #define CC_HOST_ICR_AXIM_COMP_INT_CLEAR_BIT_SHIFT 0x17UL #define CC_HOST_ICR_AXIM_COMP_INT_CLEAR_BIT_SIZE 0x1UL -#define CC_HOST_SIGNATURE_REG_OFFSET 0xA24UL +#define CC_HOST_SIGNATURE_712_REG_OFFSET 0xA24UL +#define CC_HOST_SIGNATURE_630_REG_OFFSET 0xAC8UL #define CC_HOST_SIGNATURE_VALUE_BIT_SHIFT 0x0UL #define CC_HOST_SIGNATURE_VALUE_BIT_SIZE 0x20UL #define CC_HOST_BOOT_REG_OFFSET 0xA28UL @@ -105,7 +106,8 @@ #define CC_HOST_BOOT_ONLY_ENCRYPT_LOCAL_BIT_SIZE 0x1UL #define CC_HOST_BOOT_AES_EXISTS_LOCAL_BIT_SHIFT 0x1EUL #define CC_HOST_BOOT_AES_EXISTS_LOCAL_BIT_SIZE 0x1UL -#define CC_HOST_VERSION_REG_OFFSET 0xA40UL +#define CC_HOST_VERSION_712_REG_OFFSET 0xA40UL +#define CC_HOST_VERSION_630_REG_OFFSET 0xAD8UL #define CC_HOST_VERSION_VALUE_BIT_SHIFT 0x0UL #define CC_HOST_VERSION_VALUE_BIT_SIZE 0x20UL #define CC_HOST_KFDE0_VALID_REG_OFFSET 0xA60UL diff --git a/drivers/crypto/chelsio/chcr_algo.c b/drivers/crypto/chelsio/chcr_algo.c index 59fe6631e73e..b916c4eb608c 100644 --- a/drivers/crypto/chelsio/chcr_algo.c +++ b/drivers/crypto/chelsio/chcr_algo.c @@ -203,13 +203,8 @@ static inline void chcr_handle_aead_resp(struct aead_request *req, int err) { struct chcr_aead_reqctx *reqctx = aead_request_ctx(req); - struct crypto_aead *tfm = crypto_aead_reqtfm(req); - struct uld_ctx *u_ctx = ULD_CTX(a_ctx(tfm)); - chcr_aead_dma_unmap(&u_ctx->lldi.pdev->dev, req, reqctx->op); - if (reqctx->b0_dma) - dma_unmap_single(&u_ctx->lldi.pdev->dev, reqctx->b0_dma, - reqctx->b0_len, DMA_BIDIRECTIONAL); + chcr_aead_common_exit(req); if (reqctx->verify == VERIFY_SW) { chcr_verify_tag(req, input, &err); reqctx->verify = VERIFY_HW; @@ -638,7 +633,6 @@ static int chcr_sg_ent_in_wr(struct scatterlist *src, src = sg_next(src); srcskip = 0; } - if (sg_dma_len(dst) == dstskip) { dst = sg_next(dst); dstskip = 0; @@ -688,6 +682,7 @@ static int chcr_cipher_fallback(struct crypto_skcipher *cipher, int err; SKCIPHER_REQUEST_ON_STACK(subreq, cipher); + skcipher_request_set_tfm(subreq, cipher); skcipher_request_set_callback(subreq, flags, NULL, NULL); skcipher_request_set_crypt(subreq, src, dst, @@ -760,13 +755,13 @@ static struct sk_buff *create_cipher_wr(struct cipher_wr_param *wrparam) nents = sg_nents_xlen(reqctx->dstsg, wrparam->bytes, CHCR_DST_SG_SIZE, reqctx->dst_ofst); - dst_size = get_space_for_phys_dsgl(nents + 1); + dst_size = get_space_for_phys_dsgl(nents); kctx_len = roundup(ablkctx->enckey_len, 16); transhdr_len = CIPHER_TRANSHDR_SIZE(kctx_len, dst_size); nents = sg_nents_xlen(reqctx->srcsg, wrparam->bytes, CHCR_SRC_SG_SIZE, reqctx->src_ofst); - temp = reqctx->imm ? roundup(IV + wrparam->req->nbytes, 16) : - (sgl_len(nents + MIN_CIPHER_SG) * 8); + temp = reqctx->imm ? roundup(wrparam->bytes, 16) : + (sgl_len(nents) * 8); transhdr_len += temp; transhdr_len = roundup(transhdr_len, 16); skb = alloc_skb(SGE_MAX_WR_LEN, flags); @@ -788,7 +783,7 @@ static struct sk_buff *create_cipher_wr(struct cipher_wr_param *wrparam) ablkctx->ciph_mode, 0, 0, IV >> 1); chcr_req->sec_cpl.ivgen_hdrlen = FILL_SEC_CPL_IVGEN_HDRLEN(0, 0, 0, - 0, 0, dst_size); + 0, 1, dst_size); chcr_req->key_ctx.ctx_hdr = ablkctx->key_ctx_hdr; if ((reqctx->op == CHCR_DECRYPT_OP) && @@ -818,8 +813,8 @@ static struct sk_buff *create_cipher_wr(struct cipher_wr_param *wrparam) chcr_add_cipher_dst_ent(wrparam->req, phys_cpl, wrparam, wrparam->qid); atomic_inc(&adap->chcr_stats.cipher_rqst); - temp = sizeof(struct cpl_rx_phys_dsgl) + dst_size + kctx_len - +(reqctx->imm ? (IV + wrparam->bytes) : 0); + temp = sizeof(struct cpl_rx_phys_dsgl) + dst_size + kctx_len + IV + + (reqctx->imm ? (wrparam->bytes) : 0); create_wreq(c_ctx(tfm), chcr_req, &(wrparam->req->base), reqctx->imm, 0, transhdr_len, temp, ablkctx->ciph_mode == CHCR_SCMD_CIPHER_MODE_AES_CBC); @@ -1022,7 +1017,7 @@ static int chcr_update_tweak(struct ablkcipher_request *req, u8 *iv, ret = crypto_cipher_setkey(cipher, key, keylen); if (ret) goto out; - /*H/W sends the encrypted IV in dsgl when AADIVDROP bit is 0*/ + crypto_cipher_encrypt_one(cipher, iv, iv); for (i = 0; i < round8; i++) gf128mul_x8_ble((le128 *)iv, (le128 *)iv); @@ -1113,16 +1108,8 @@ static int chcr_handle_cipher_resp(struct ablkcipher_request *req, goto complete; } - if (unlikely(cxgb4_is_crypto_q_full(u_ctx->lldi.ports[0], - c_ctx(tfm)->tx_qidx))) { - if (!(req->base.flags & CRYPTO_TFM_REQ_MAY_BACKLOG)) { - err = -EBUSY; - goto unmap; - } - - } if (!reqctx->imm) { - bytes = chcr_sg_ent_in_wr(reqctx->srcsg, reqctx->dstsg, 1, + bytes = chcr_sg_ent_in_wr(reqctx->srcsg, reqctx->dstsg, 0, CIP_SPACE_LEFT(ablkctx->enckey_len), reqctx->src_ofst, reqctx->dst_ofst); if ((bytes + reqctx->processed) >= req->nbytes) @@ -1133,11 +1120,7 @@ static int chcr_handle_cipher_resp(struct ablkcipher_request *req, /*CTR mode counter overfloa*/ bytes = req->nbytes - reqctx->processed; } - dma_sync_single_for_cpu(&ULD_CTX(c_ctx(tfm))->lldi.pdev->dev, - reqctx->iv_dma, IV, DMA_BIDIRECTIONAL); err = chcr_update_cipher_iv(req, fw6_pld, reqctx->iv); - dma_sync_single_for_device(&ULD_CTX(c_ctx(tfm))->lldi.pdev->dev, - reqctx->iv_dma, IV, DMA_BIDIRECTIONAL); if (err) goto unmap; @@ -1212,7 +1195,6 @@ static int process_cipher(struct ablkcipher_request *req, dnents = sg_nents_xlen(req->dst, req->nbytes, CHCR_DST_SG_SIZE, 0); - dnents += 1; // IV phys_dsgl = get_space_for_phys_dsgl(dnents); kctx_len = roundup(ablkctx->enckey_len, 16); transhdr_len = CIPHER_TRANSHDR_SIZE(kctx_len, phys_dsgl); @@ -1225,8 +1207,7 @@ static int process_cipher(struct ablkcipher_request *req, } if (!reqctx->imm) { - bytes = chcr_sg_ent_in_wr(req->src, req->dst, - MIN_CIPHER_SG, + bytes = chcr_sg_ent_in_wr(req->src, req->dst, 0, CIP_SPACE_LEFT(ablkctx->enckey_len), 0, 0); if ((bytes + reqctx->processed) >= req->nbytes) @@ -1293,13 +1274,14 @@ static int chcr_aes_encrypt(struct ablkcipher_request *req) { struct crypto_ablkcipher *tfm = crypto_ablkcipher_reqtfm(req); struct sk_buff *skb = NULL; - int err; + int err, isfull = 0; struct uld_ctx *u_ctx = ULD_CTX(c_ctx(tfm)); if (unlikely(cxgb4_is_crypto_q_full(u_ctx->lldi.ports[0], c_ctx(tfm)->tx_qidx))) { + isfull = 1; if (!(req->base.flags & CRYPTO_TFM_REQ_MAY_BACKLOG)) - return -EBUSY; + return -ENOSPC; } err = process_cipher(req, u_ctx->lldi.rxq_ids[c_ctx(tfm)->rx_qidx], @@ -1309,7 +1291,7 @@ static int chcr_aes_encrypt(struct ablkcipher_request *req) skb->dev = u_ctx->lldi.ports[0]; set_wr_txq(skb, CPL_PRIORITY_DATA, c_ctx(tfm)->tx_qidx); chcr_send_wr(skb); - return -EINPROGRESS; + return isfull ? -EBUSY : -EINPROGRESS; } static int chcr_aes_decrypt(struct ablkcipher_request *req) @@ -1317,12 +1299,13 @@ static int chcr_aes_decrypt(struct ablkcipher_request *req) struct crypto_ablkcipher *tfm = crypto_ablkcipher_reqtfm(req); struct uld_ctx *u_ctx = ULD_CTX(c_ctx(tfm)); struct sk_buff *skb = NULL; - int err; + int err, isfull = 0; if (unlikely(cxgb4_is_crypto_q_full(u_ctx->lldi.ports[0], c_ctx(tfm)->tx_qidx))) { + isfull = 1; if (!(req->base.flags & CRYPTO_TFM_REQ_MAY_BACKLOG)) - return -EBUSY; + return -ENOSPC; } err = process_cipher(req, u_ctx->lldi.rxq_ids[c_ctx(tfm)->rx_qidx], @@ -1332,7 +1315,7 @@ static int chcr_aes_decrypt(struct ablkcipher_request *req) skb->dev = u_ctx->lldi.ports[0]; set_wr_txq(skb, CPL_PRIORITY_DATA, c_ctx(tfm)->tx_qidx); chcr_send_wr(skb); - return -EINPROGRESS; + return isfull ? -EBUSY : -EINPROGRESS; } static int chcr_device_init(struct chcr_context *ctx) @@ -1574,14 +1557,15 @@ static int chcr_ahash_update(struct ahash_request *req) u8 remainder = 0, bs; unsigned int nbytes = req->nbytes; struct hash_wr_param params; - int error; + int error, isfull = 0; bs = crypto_tfm_alg_blocksize(crypto_ahash_tfm(rtfm)); u_ctx = ULD_CTX(h_ctx(rtfm)); if (unlikely(cxgb4_is_crypto_q_full(u_ctx->lldi.ports[0], h_ctx(rtfm)->tx_qidx))) { + isfull = 1; if (!(req->base.flags & CRYPTO_TFM_REQ_MAY_BACKLOG)) - return -EBUSY; + return -ENOSPC; } if (nbytes + req_ctx->reqlen >= bs) { @@ -1633,7 +1617,7 @@ static int chcr_ahash_update(struct ahash_request *req) set_wr_txq(skb, CPL_PRIORITY_DATA, h_ctx(rtfm)->tx_qidx); chcr_send_wr(skb); - return -EINPROGRESS; + return isfull ? -EBUSY : -EINPROGRESS; unmap: chcr_hash_dma_unmap(&u_ctx->lldi.pdev->dev, req); return error; @@ -1710,15 +1694,16 @@ static int chcr_ahash_finup(struct ahash_request *req) struct sk_buff *skb; struct hash_wr_param params; u8 bs; - int error; + int error, isfull = 0; bs = crypto_tfm_alg_blocksize(crypto_ahash_tfm(rtfm)); u_ctx = ULD_CTX(h_ctx(rtfm)); if (unlikely(cxgb4_is_crypto_q_full(u_ctx->lldi.ports[0], h_ctx(rtfm)->tx_qidx))) { + isfull = 1; if (!(req->base.flags & CRYPTO_TFM_REQ_MAY_BACKLOG)) - return -EBUSY; + return -ENOSPC; } chcr_init_hctx_per_wr(req_ctx); error = chcr_hash_dma_map(&u_ctx->lldi.pdev->dev, req); @@ -1777,7 +1762,7 @@ static int chcr_ahash_finup(struct ahash_request *req) set_wr_txq(skb, CPL_PRIORITY_DATA, h_ctx(rtfm)->tx_qidx); chcr_send_wr(skb); - return -EINPROGRESS; + return isfull ? -EBUSY : -EINPROGRESS; unmap: chcr_hash_dma_unmap(&u_ctx->lldi.pdev->dev, req); return error; @@ -1791,7 +1776,7 @@ static int chcr_ahash_digest(struct ahash_request *req) struct sk_buff *skb; struct hash_wr_param params; u8 bs; - int error; + int error, isfull = 0; rtfm->init(req); bs = crypto_tfm_alg_blocksize(crypto_ahash_tfm(rtfm)); @@ -1799,8 +1784,9 @@ static int chcr_ahash_digest(struct ahash_request *req) u_ctx = ULD_CTX(h_ctx(rtfm)); if (unlikely(cxgb4_is_crypto_q_full(u_ctx->lldi.ports[0], h_ctx(rtfm)->tx_qidx))) { + isfull = 1; if (!(req->base.flags & CRYPTO_TFM_REQ_MAY_BACKLOG)) - return -EBUSY; + return -ENOSPC; } chcr_init_hctx_per_wr(req_ctx); @@ -1856,7 +1842,7 @@ static int chcr_ahash_digest(struct ahash_request *req) skb->dev = u_ctx->lldi.ports[0]; set_wr_txq(skb, CPL_PRIORITY_DATA, h_ctx(rtfm)->tx_qidx); chcr_send_wr(skb); - return -EINPROGRESS; + return isfull ? -EBUSY : -EINPROGRESS; unmap: chcr_hash_dma_unmap(&u_ctx->lldi.pdev->dev, req); return error; @@ -1875,11 +1861,6 @@ static int chcr_ahash_continue(struct ahash_request *req) bs = crypto_tfm_alg_blocksize(crypto_ahash_tfm(rtfm)); u_ctx = ULD_CTX(h_ctx(rtfm)); - if (unlikely(cxgb4_is_crypto_q_full(u_ctx->lldi.ports[0], - h_ctx(rtfm)->tx_qidx))) { - if (!(req->base.flags & CRYPTO_TFM_REQ_MAY_BACKLOG)) - return -EBUSY; - } get_alg_config(¶ms.alg_prm, crypto_ahash_digestsize(rtfm)); params.kctx_len = roundup(params.alg_prm.result_size, 16); if (is_hmac(crypto_ahash_tfm(rtfm))) { @@ -2192,22 +2173,35 @@ static void chcr_hmac_cra_exit(struct crypto_tfm *tfm) } } -static int chcr_aead_common_init(struct aead_request *req, - unsigned short op_type) +inline void chcr_aead_common_exit(struct aead_request *req) +{ + struct chcr_aead_reqctx *reqctx = aead_request_ctx(req); + struct crypto_aead *tfm = crypto_aead_reqtfm(req); + struct uld_ctx *u_ctx = ULD_CTX(a_ctx(tfm)); + + chcr_aead_dma_unmap(&u_ctx->lldi.pdev->dev, req, reqctx->op); +} + +static int chcr_aead_common_init(struct aead_request *req) { struct crypto_aead *tfm = crypto_aead_reqtfm(req); struct chcr_aead_ctx *aeadctx = AEAD_CTX(a_ctx(tfm)); struct chcr_aead_reqctx *reqctx = aead_request_ctx(req); - int error = -EINVAL; unsigned int authsize = crypto_aead_authsize(tfm); + int error = -EINVAL; /* validate key size */ if (aeadctx->enckey_len == 0) goto err; - if (op_type && req->cryptlen < authsize) + if (reqctx->op && req->cryptlen < authsize) goto err; + if (reqctx->b0_len) + reqctx->scratch_pad = reqctx->iv + IV; + else + reqctx->scratch_pad = NULL; + error = chcr_aead_dma_map(&ULD_CTX(a_ctx(tfm))->lldi.pdev->dev, req, - op_type); + reqctx->op); if (error) { error = -ENOMEM; goto err; @@ -2244,7 +2238,7 @@ static int chcr_aead_fallback(struct aead_request *req, unsigned short op_type) aead_request_set_tfm(subreq, aeadctx->sw_cipher); aead_request_set_callback(subreq, req->base.flags, req->base.complete, req->base.data); - aead_request_set_crypt(subreq, req->src, req->dst, req->cryptlen, + aead_request_set_crypt(subreq, req->src, req->dst, req->cryptlen, req->iv); aead_request_set_ad(subreq, req->assoclen); return op_type ? crypto_aead_decrypt(subreq) : @@ -2253,8 +2247,7 @@ static int chcr_aead_fallback(struct aead_request *req, unsigned short op_type) static struct sk_buff *create_authenc_wr(struct aead_request *req, unsigned short qid, - int size, - unsigned short op_type) + int size) { struct crypto_aead *tfm = crypto_aead_reqtfm(req); struct chcr_aead_ctx *aeadctx = AEAD_CTX(a_ctx(tfm)); @@ -2278,18 +2271,20 @@ static struct sk_buff *create_authenc_wr(struct aead_request *req, if (req->cryptlen == 0) return NULL; - reqctx->b0_dma = 0; + reqctx->b0_len = 0; + error = chcr_aead_common_init(req); + if (error) + return ERR_PTR(error); + if (subtype == CRYPTO_ALG_SUB_TYPE_CBC_NULL || - subtype == CRYPTO_ALG_SUB_TYPE_CTR_NULL) { + subtype == CRYPTO_ALG_SUB_TYPE_CTR_NULL) { null = 1; assoclen = 0; + reqctx->aad_nents = 0; } - error = chcr_aead_common_init(req, op_type); - if (error) - return ERR_PTR(error); dnents = sg_nents_xlen(req->dst, assoclen, CHCR_DST_SG_SIZE, 0); dnents += sg_nents_xlen(req->dst, req->cryptlen + - (op_type ? -authsize : authsize), CHCR_DST_SG_SIZE, + (reqctx->op ? -authsize : authsize), CHCR_DST_SG_SIZE, req->assoclen); dnents += MIN_AUTH_SG; // For IV @@ -2306,11 +2301,10 @@ static struct sk_buff *create_authenc_wr(struct aead_request *req, transhdr_len = roundup(transhdr_len, 16); if (chcr_aead_need_fallback(req, dnents, T6_MAX_AAD_SIZE, - transhdr_len, op_type)) { + transhdr_len, reqctx->op)) { atomic_inc(&adap->chcr_stats.fallback); - chcr_aead_dma_unmap(&ULD_CTX(a_ctx(tfm))->lldi.pdev->dev, req, - op_type); - return ERR_PTR(chcr_aead_fallback(req, op_type)); + chcr_aead_common_exit(req); + return ERR_PTR(chcr_aead_fallback(req, reqctx->op)); } skb = alloc_skb(SGE_MAX_WR_LEN, flags); if (!skb) { @@ -2320,7 +2314,7 @@ static struct sk_buff *create_authenc_wr(struct aead_request *req, chcr_req = __skb_put_zero(skb, transhdr_len); - temp = (op_type == CHCR_ENCRYPT_OP) ? 0 : authsize; + temp = (reqctx->op == CHCR_ENCRYPT_OP) ? 0 : authsize; /* * Input order is AAD,IV and Payload. where IV should be included as @@ -2344,8 +2338,8 @@ static struct sk_buff *create_authenc_wr(struct aead_request *req, temp = CHCR_SCMD_CIPHER_MODE_AES_CTR; else temp = CHCR_SCMD_CIPHER_MODE_AES_CBC; - chcr_req->sec_cpl.seqno_numivs = FILL_SEC_CPL_SCMD0_SEQNO(op_type, - (op_type == CHCR_ENCRYPT_OP) ? 1 : 0, + chcr_req->sec_cpl.seqno_numivs = FILL_SEC_CPL_SCMD0_SEQNO(reqctx->op, + (reqctx->op == CHCR_ENCRYPT_OP) ? 1 : 0, temp, actx->auth_mode, aeadctx->hmac_ctrl, IV >> 1); @@ -2353,7 +2347,7 @@ static struct sk_buff *create_authenc_wr(struct aead_request *req, 0, 0, dst_size); chcr_req->key_ctx.ctx_hdr = aeadctx->key_ctx_hdr; - if (op_type == CHCR_ENCRYPT_OP || + if (reqctx->op == CHCR_ENCRYPT_OP || subtype == CRYPTO_ALG_SUB_TYPE_CTR_SHA || subtype == CRYPTO_ALG_SUB_TYPE_CTR_NULL) memcpy(chcr_req->key_ctx.key, aeadctx->key, @@ -2376,20 +2370,18 @@ static struct sk_buff *create_authenc_wr(struct aead_request *req, } phys_cpl = (struct cpl_rx_phys_dsgl *)((u8 *)(chcr_req + 1) + kctx_len); ulptx = (struct ulptx_sgl *)((u8 *)(phys_cpl + 1) + dst_size); - chcr_add_aead_dst_ent(req, phys_cpl, assoclen, op_type, qid); - chcr_add_aead_src_ent(req, ulptx, assoclen, op_type); + chcr_add_aead_dst_ent(req, phys_cpl, assoclen, qid); + chcr_add_aead_src_ent(req, ulptx, assoclen); atomic_inc(&adap->chcr_stats.cipher_rqst); temp = sizeof(struct cpl_rx_phys_dsgl) + dst_size + kctx_len + (reqctx->imm ? (assoclen + IV + req->cryptlen) : 0); create_wreq(a_ctx(tfm), chcr_req, &req->base, reqctx->imm, size, transhdr_len, temp, 0); reqctx->skb = skb; - reqctx->op = op_type; return skb; err: - chcr_aead_dma_unmap(&ULD_CTX(a_ctx(tfm))->lldi.pdev->dev, req, - op_type); + chcr_aead_common_exit(req); return ERR_PTR(error); } @@ -2408,11 +2400,14 @@ int chcr_aead_dma_map(struct device *dev, -authsize : authsize); if (!req->cryptlen || !dst_size) return 0; - reqctx->iv_dma = dma_map_single(dev, reqctx->iv, IV, + reqctx->iv_dma = dma_map_single(dev, reqctx->iv, (IV + reqctx->b0_len), DMA_BIDIRECTIONAL); if (dma_mapping_error(dev, reqctx->iv_dma)) return -ENOMEM; - + if (reqctx->b0_len) + reqctx->b0_dma = reqctx->iv_dma + IV; + else + reqctx->b0_dma = 0; if (req->src == req->dst) { error = dma_map_sg(dev, req->src, sg_nents(req->src), DMA_BIDIRECTIONAL); @@ -2452,7 +2447,7 @@ void chcr_aead_dma_unmap(struct device *dev, if (!req->cryptlen || !dst_size) return; - dma_unmap_single(dev, reqctx->iv_dma, IV, + dma_unmap_single(dev, reqctx->iv_dma, (IV + reqctx->b0_len), DMA_BIDIRECTIONAL); if (req->src == req->dst) { dma_unmap_sg(dev, req->src, sg_nents(req->src), @@ -2467,8 +2462,7 @@ void chcr_aead_dma_unmap(struct device *dev, void chcr_add_aead_src_ent(struct aead_request *req, struct ulptx_sgl *ulptx, - unsigned int assoclen, - unsigned short op_type) + unsigned int assoclen) { struct ulptx_walk ulp_walk; struct chcr_aead_reqctx *reqctx = aead_request_ctx(req); @@ -2476,7 +2470,7 @@ void chcr_add_aead_src_ent(struct aead_request *req, if (reqctx->imm) { u8 *buf = (u8 *)ulptx; - if (reqctx->b0_dma) { + if (reqctx->b0_len) { memcpy(buf, reqctx->scratch_pad, reqctx->b0_len); buf += reqctx->b0_len; } @@ -2489,7 +2483,7 @@ void chcr_add_aead_src_ent(struct aead_request *req, buf, req->cryptlen, req->assoclen); } else { ulptx_walk_init(&ulp_walk, ulptx); - if (reqctx->b0_dma) + if (reqctx->b0_len) ulptx_walk_add_page(&ulp_walk, reqctx->b0_len, &reqctx->b0_dma); ulptx_walk_add_sg(&ulp_walk, req->src, assoclen, 0); @@ -2503,7 +2497,6 @@ void chcr_add_aead_src_ent(struct aead_request *req, void chcr_add_aead_dst_ent(struct aead_request *req, struct cpl_rx_phys_dsgl *phys_cpl, unsigned int assoclen, - unsigned short op_type, unsigned short qid) { struct chcr_aead_reqctx *reqctx = aead_request_ctx(req); @@ -2513,32 +2506,30 @@ void chcr_add_aead_dst_ent(struct aead_request *req, u32 temp; dsgl_walk_init(&dsgl_walk, phys_cpl); - if (reqctx->b0_dma) + if (reqctx->b0_len) dsgl_walk_add_page(&dsgl_walk, reqctx->b0_len, &reqctx->b0_dma); dsgl_walk_add_sg(&dsgl_walk, req->dst, assoclen, 0); dsgl_walk_add_page(&dsgl_walk, IV, &reqctx->iv_dma); - temp = req->cryptlen + (op_type ? -authsize : authsize); + temp = req->cryptlen + (reqctx->op ? -authsize : authsize); dsgl_walk_add_sg(&dsgl_walk, req->dst, temp, req->assoclen); dsgl_walk_end(&dsgl_walk, qid); } void chcr_add_cipher_src_ent(struct ablkcipher_request *req, - struct ulptx_sgl *ulptx, + void *ulptx, struct cipher_wr_param *wrparam) { struct ulptx_walk ulp_walk; struct chcr_blkcipher_req_ctx *reqctx = ablkcipher_request_ctx(req); + u8 *buf = ulptx; + memcpy(buf, reqctx->iv, IV); + buf += IV; if (reqctx->imm) { - u8 *buf = (u8 *)ulptx; - - memcpy(buf, reqctx->iv, IV); - buf += IV; sg_pcopy_to_buffer(req->src, sg_nents(req->src), buf, wrparam->bytes, reqctx->processed); } else { - ulptx_walk_init(&ulp_walk, ulptx); - ulptx_walk_add_page(&ulp_walk, IV, &reqctx->iv_dma); + ulptx_walk_init(&ulp_walk, (struct ulptx_sgl *)buf); ulptx_walk_add_sg(&ulp_walk, reqctx->srcsg, wrparam->bytes, reqctx->src_ofst); reqctx->srcsg = ulp_walk.last_sg; @@ -2556,7 +2547,6 @@ void chcr_add_cipher_dst_ent(struct ablkcipher_request *req, struct dsgl_walk dsgl_walk; dsgl_walk_init(&dsgl_walk, phys_cpl); - dsgl_walk_add_page(&dsgl_walk, IV, &reqctx->iv_dma); dsgl_walk_add_sg(&dsgl_walk, reqctx->dstsg, wrparam->bytes, reqctx->dst_ofst); reqctx->dstsg = dsgl_walk.last_sg; @@ -2630,12 +2620,6 @@ int chcr_cipher_dma_map(struct device *dev, struct ablkcipher_request *req) { int error; - struct chcr_blkcipher_req_ctx *reqctx = ablkcipher_request_ctx(req); - - reqctx->iv_dma = dma_map_single(dev, reqctx->iv, IV, - DMA_BIDIRECTIONAL); - if (dma_mapping_error(dev, reqctx->iv_dma)) - return -ENOMEM; if (req->src == req->dst) { error = dma_map_sg(dev, req->src, sg_nents(req->src), @@ -2658,17 +2642,12 @@ int chcr_cipher_dma_map(struct device *dev, return 0; err: - dma_unmap_single(dev, reqctx->iv_dma, IV, DMA_BIDIRECTIONAL); return -ENOMEM; } void chcr_cipher_dma_unmap(struct device *dev, struct ablkcipher_request *req) { - struct chcr_blkcipher_req_ctx *reqctx = ablkcipher_request_ctx(req); - - dma_unmap_single(dev, reqctx->iv_dma, IV, - DMA_BIDIRECTIONAL); if (req->src == req->dst) { dma_unmap_sg(dev, req->src, sg_nents(req->src), DMA_BIDIRECTIONAL); @@ -2738,7 +2717,8 @@ static inline int crypto_ccm_check_iv(const u8 *iv) static int ccm_format_packet(struct aead_request *req, struct chcr_aead_ctx *aeadctx, unsigned int sub_type, - unsigned short op_type) + unsigned short op_type, + unsigned int assoclen) { struct chcr_aead_reqctx *reqctx = aead_request_ctx(req); int rc = 0; @@ -2748,13 +2728,13 @@ static int ccm_format_packet(struct aead_request *req, memcpy(reqctx->iv + 1, &aeadctx->salt[0], 3); memcpy(reqctx->iv + 4, req->iv, 8); memset(reqctx->iv + 12, 0, 4); - *((unsigned short *)(reqctx->scratch_pad + 16)) = - htons(req->assoclen - 8); } else { memcpy(reqctx->iv, req->iv, 16); - *((unsigned short *)(reqctx->scratch_pad + 16)) = - htons(req->assoclen); } + if (assoclen) + *((unsigned short *)(reqctx->scratch_pad + 16)) = + htons(assoclen); + generate_b0(req, aeadctx, op_type); /* zero the ctr value */ memset(reqctx->iv + 15 - reqctx->iv[0], 0, reqctx->iv[0] + 1); @@ -2836,8 +2816,7 @@ static int aead_ccm_validate_input(unsigned short op_type, static struct sk_buff *create_aead_ccm_wr(struct aead_request *req, unsigned short qid, - int size, - unsigned short op_type) + int size) { struct crypto_aead *tfm = crypto_aead_reqtfm(req); struct chcr_aead_ctx *aeadctx = AEAD_CTX(a_ctx(tfm)); @@ -2855,22 +2834,20 @@ static struct sk_buff *create_aead_ccm_wr(struct aead_request *req, GFP_ATOMIC; struct adapter *adap = padap(a_ctx(tfm)->dev); - reqctx->b0_dma = 0; sub_type = get_aead_subtype(tfm); if (sub_type == CRYPTO_ALG_SUB_TYPE_AEAD_RFC4309) assoclen -= 8; - error = chcr_aead_common_init(req, op_type); + reqctx->b0_len = CCM_B0_SIZE + (assoclen ? CCM_AAD_FIELD_SIZE : 0); + error = chcr_aead_common_init(req); if (error) return ERR_PTR(error); - - reqctx->b0_len = CCM_B0_SIZE + (assoclen ? CCM_AAD_FIELD_SIZE : 0); - error = aead_ccm_validate_input(op_type, req, aeadctx, sub_type); + error = aead_ccm_validate_input(reqctx->op, req, aeadctx, sub_type); if (error) goto err; dnents = sg_nents_xlen(req->dst, assoclen, CHCR_DST_SG_SIZE, 0); dnents += sg_nents_xlen(req->dst, req->cryptlen - + (op_type ? -authsize : authsize), + + (reqctx->op ? -authsize : authsize), CHCR_DST_SG_SIZE, req->assoclen); dnents += MIN_CCM_SG; // For IV and B0 dst_size = get_space_for_phys_dsgl(dnents); @@ -2886,11 +2863,10 @@ static struct sk_buff *create_aead_ccm_wr(struct aead_request *req, transhdr_len = roundup(transhdr_len, 16); if (chcr_aead_need_fallback(req, dnents, T6_MAX_AAD_SIZE - - reqctx->b0_len, transhdr_len, op_type)) { + reqctx->b0_len, transhdr_len, reqctx->op)) { atomic_inc(&adap->chcr_stats.fallback); - chcr_aead_dma_unmap(&ULD_CTX(a_ctx(tfm))->lldi.pdev->dev, req, - op_type); - return ERR_PTR(chcr_aead_fallback(req, op_type)); + chcr_aead_common_exit(req); + return ERR_PTR(chcr_aead_fallback(req, reqctx->op)); } skb = alloc_skb(SGE_MAX_WR_LEN, flags); @@ -2901,7 +2877,7 @@ static struct sk_buff *create_aead_ccm_wr(struct aead_request *req, chcr_req = (struct chcr_wr *) __skb_put_zero(skb, transhdr_len); - fill_sec_cpl_for_aead(&chcr_req->sec_cpl, dst_size, req, op_type); + fill_sec_cpl_for_aead(&chcr_req->sec_cpl, dst_size, req, reqctx->op); chcr_req->key_ctx.ctx_hdr = aeadctx->key_ctx_hdr; memcpy(chcr_req->key_ctx.key, aeadctx->key, aeadctx->enckey_len); @@ -2910,21 +2886,11 @@ static struct sk_buff *create_aead_ccm_wr(struct aead_request *req, phys_cpl = (struct cpl_rx_phys_dsgl *)((u8 *)(chcr_req + 1) + kctx_len); ulptx = (struct ulptx_sgl *)((u8 *)(phys_cpl + 1) + dst_size); - error = ccm_format_packet(req, aeadctx, sub_type, op_type); + error = ccm_format_packet(req, aeadctx, sub_type, reqctx->op, assoclen); if (error) goto dstmap_fail; - - reqctx->b0_dma = dma_map_single(&ULD_CTX(a_ctx(tfm))->lldi.pdev->dev, - &reqctx->scratch_pad, reqctx->b0_len, - DMA_BIDIRECTIONAL); - if (dma_mapping_error(&ULD_CTX(a_ctx(tfm))->lldi.pdev->dev, - reqctx->b0_dma)) { - error = -ENOMEM; - goto dstmap_fail; - } - - chcr_add_aead_dst_ent(req, phys_cpl, assoclen, op_type, qid); - chcr_add_aead_src_ent(req, ulptx, assoclen, op_type); + chcr_add_aead_dst_ent(req, phys_cpl, assoclen, qid); + chcr_add_aead_src_ent(req, ulptx, assoclen); atomic_inc(&adap->chcr_stats.aead_rqst); temp = sizeof(struct cpl_rx_phys_dsgl) + dst_size + @@ -2933,20 +2899,18 @@ static struct sk_buff *create_aead_ccm_wr(struct aead_request *req, create_wreq(a_ctx(tfm), chcr_req, &req->base, reqctx->imm, 0, transhdr_len, temp, 0); reqctx->skb = skb; - reqctx->op = op_type; return skb; dstmap_fail: kfree_skb(skb); err: - chcr_aead_dma_unmap(&ULD_CTX(a_ctx(tfm))->lldi.pdev->dev, req, op_type); + chcr_aead_common_exit(req); return ERR_PTR(error); } static struct sk_buff *create_gcm_wr(struct aead_request *req, unsigned short qid, - int size, - unsigned short op_type) + int size) { struct crypto_aead *tfm = crypto_aead_reqtfm(req); struct chcr_aead_ctx *aeadctx = AEAD_CTX(a_ctx(tfm)); @@ -2966,13 +2930,13 @@ static struct sk_buff *create_gcm_wr(struct aead_request *req, if (get_aead_subtype(tfm) == CRYPTO_ALG_SUB_TYPE_AEAD_RFC4106) assoclen = req->assoclen - 8; - reqctx->b0_dma = 0; - error = chcr_aead_common_init(req, op_type); + reqctx->b0_len = 0; + error = chcr_aead_common_init(req); if (error) return ERR_PTR(error); dnents = sg_nents_xlen(req->dst, assoclen, CHCR_DST_SG_SIZE, 0); dnents += sg_nents_xlen(req->dst, req->cryptlen + - (op_type ? -authsize : authsize), + (reqctx->op ? -authsize : authsize), CHCR_DST_SG_SIZE, req->assoclen); dnents += MIN_GCM_SG; // For IV dst_size = get_space_for_phys_dsgl(dnents); @@ -2986,11 +2950,11 @@ static struct sk_buff *create_gcm_wr(struct aead_request *req, transhdr_len += temp; transhdr_len = roundup(transhdr_len, 16); if (chcr_aead_need_fallback(req, dnents, T6_MAX_AAD_SIZE, - transhdr_len, op_type)) { + transhdr_len, reqctx->op)) { + atomic_inc(&adap->chcr_stats.fallback); - chcr_aead_dma_unmap(&ULD_CTX(a_ctx(tfm))->lldi.pdev->dev, req, - op_type); - return ERR_PTR(chcr_aead_fallback(req, op_type)); + chcr_aead_common_exit(req); + return ERR_PTR(chcr_aead_fallback(req, reqctx->op)); } skb = alloc_skb(SGE_MAX_WR_LEN, flags); if (!skb) { @@ -3001,7 +2965,7 @@ static struct sk_buff *create_gcm_wr(struct aead_request *req, chcr_req = __skb_put_zero(skb, transhdr_len); //Offset of tag from end - temp = (op_type == CHCR_ENCRYPT_OP) ? 0 : authsize; + temp = (reqctx->op == CHCR_ENCRYPT_OP) ? 0 : authsize; chcr_req->sec_cpl.op_ivinsrtofst = FILL_SEC_CPL_OP_IVINSR( a_ctx(tfm)->dev->rx_channel_id, 2, (assoclen + 1)); @@ -3014,7 +2978,7 @@ static struct sk_buff *create_gcm_wr(struct aead_request *req, FILL_SEC_CPL_AUTHINSERT(0, assoclen + IV + 1, temp, temp); chcr_req->sec_cpl.seqno_numivs = - FILL_SEC_CPL_SCMD0_SEQNO(op_type, (op_type == + FILL_SEC_CPL_SCMD0_SEQNO(reqctx->op, (reqctx->op == CHCR_ENCRYPT_OP) ? 1 : 0, CHCR_SCMD_CIPHER_MODE_AES_GCM, CHCR_SCMD_AUTH_MODE_GHASH, @@ -3040,19 +3004,18 @@ static struct sk_buff *create_gcm_wr(struct aead_request *req, phys_cpl = (struct cpl_rx_phys_dsgl *)((u8 *)(chcr_req + 1) + kctx_len); ulptx = (struct ulptx_sgl *)((u8 *)(phys_cpl + 1) + dst_size); - chcr_add_aead_dst_ent(req, phys_cpl, assoclen, op_type, qid); - chcr_add_aead_src_ent(req, ulptx, assoclen, op_type); + chcr_add_aead_dst_ent(req, phys_cpl, assoclen, qid); + chcr_add_aead_src_ent(req, ulptx, assoclen); atomic_inc(&adap->chcr_stats.aead_rqst); temp = sizeof(struct cpl_rx_phys_dsgl) + dst_size + kctx_len + (reqctx->imm ? (assoclen + IV + req->cryptlen) : 0); create_wreq(a_ctx(tfm), chcr_req, &req->base, reqctx->imm, size, transhdr_len, temp, reqctx->verify); reqctx->skb = skb; - reqctx->op = op_type; return skb; err: - chcr_aead_dma_unmap(&ULD_CTX(a_ctx(tfm))->lldi.pdev->dev, req, op_type); + chcr_aead_common_exit(req); return ERR_PTR(error); } @@ -3461,6 +3424,7 @@ static int chcr_authenc_setkey(struct crypto_aead *authenc, const u8 *key, } { SHASH_DESC_ON_STACK(shash, base_hash); + shash->tfm = base_hash; shash->flags = crypto_shash_get_flags(base_hash); bs = crypto_shash_blocksize(base_hash); @@ -3585,13 +3549,13 @@ out: } static int chcr_aead_op(struct aead_request *req, - unsigned short op_type, int size, create_wr_t create_wr_fn) { struct crypto_aead *tfm = crypto_aead_reqtfm(req); struct uld_ctx *u_ctx; struct sk_buff *skb; + int isfull = 0; if (!a_ctx(tfm)->dev) { pr_err("chcr : %s : No crypto device.\n", __func__); @@ -3600,13 +3564,13 @@ static int chcr_aead_op(struct aead_request *req, u_ctx = ULD_CTX(a_ctx(tfm)); if (cxgb4_is_crypto_q_full(u_ctx->lldi.ports[0], a_ctx(tfm)->tx_qidx)) { + isfull = 1; if (!(req->base.flags & CRYPTO_TFM_REQ_MAY_BACKLOG)) - return -EBUSY; + return -ENOSPC; } /* Form a WR from req */ - skb = create_wr_fn(req, u_ctx->lldi.rxq_ids[a_ctx(tfm)->rx_qidx], size, - op_type); + skb = create_wr_fn(req, u_ctx->lldi.rxq_ids[a_ctx(tfm)->rx_qidx], size); if (IS_ERR(skb) || !skb) return PTR_ERR(skb); @@ -3614,7 +3578,7 @@ static int chcr_aead_op(struct aead_request *req, skb->dev = u_ctx->lldi.ports[0]; set_wr_txq(skb, CPL_PRIORITY_DATA, a_ctx(tfm)->tx_qidx); chcr_send_wr(skb); - return -EINPROGRESS; + return isfull ? -EBUSY : -EINPROGRESS; } static int chcr_aead_encrypt(struct aead_request *req) @@ -3623,21 +3587,19 @@ static int chcr_aead_encrypt(struct aead_request *req) struct chcr_aead_reqctx *reqctx = aead_request_ctx(req); reqctx->verify = VERIFY_HW; + reqctx->op = CHCR_ENCRYPT_OP; switch (get_aead_subtype(tfm)) { case CRYPTO_ALG_SUB_TYPE_CTR_SHA: case CRYPTO_ALG_SUB_TYPE_CBC_SHA: case CRYPTO_ALG_SUB_TYPE_CBC_NULL: case CRYPTO_ALG_SUB_TYPE_CTR_NULL: - return chcr_aead_op(req, CHCR_ENCRYPT_OP, 0, - create_authenc_wr); + return chcr_aead_op(req, 0, create_authenc_wr); case CRYPTO_ALG_SUB_TYPE_AEAD_CCM: case CRYPTO_ALG_SUB_TYPE_AEAD_RFC4309: - return chcr_aead_op(req, CHCR_ENCRYPT_OP, 0, - create_aead_ccm_wr); + return chcr_aead_op(req, 0, create_aead_ccm_wr); default: - return chcr_aead_op(req, CHCR_ENCRYPT_OP, 0, - create_gcm_wr); + return chcr_aead_op(req, 0, create_gcm_wr); } } @@ -3655,21 +3617,18 @@ static int chcr_aead_decrypt(struct aead_request *req) size = 0; reqctx->verify = VERIFY_HW; } - + reqctx->op = CHCR_DECRYPT_OP; switch (get_aead_subtype(tfm)) { case CRYPTO_ALG_SUB_TYPE_CBC_SHA: case CRYPTO_ALG_SUB_TYPE_CTR_SHA: case CRYPTO_ALG_SUB_TYPE_CBC_NULL: case CRYPTO_ALG_SUB_TYPE_CTR_NULL: - return chcr_aead_op(req, CHCR_DECRYPT_OP, size, - create_authenc_wr); + return chcr_aead_op(req, size, create_authenc_wr); case CRYPTO_ALG_SUB_TYPE_AEAD_CCM: case CRYPTO_ALG_SUB_TYPE_AEAD_RFC4309: - return chcr_aead_op(req, CHCR_DECRYPT_OP, size, - create_aead_ccm_wr); + return chcr_aead_op(req, size, create_aead_ccm_wr); default: - return chcr_aead_op(req, CHCR_DECRYPT_OP, size, - create_gcm_wr); + return chcr_aead_op(req, size, create_gcm_wr); } } diff --git a/drivers/crypto/chelsio/chcr_algo.h b/drivers/crypto/chelsio/chcr_algo.h index dba3dff1e209..1871500309e2 100644 --- a/drivers/crypto/chelsio/chcr_algo.h +++ b/drivers/crypto/chelsio/chcr_algo.h @@ -146,7 +146,7 @@ kctx_len) #define CIPHER_TRANSHDR_SIZE(kctx_len, sge_pairs) \ (TRANSHDR_SIZE((kctx_len)) + (sge_pairs) +\ - sizeof(struct cpl_rx_phys_dsgl)) + sizeof(struct cpl_rx_phys_dsgl) + AES_BLOCK_SIZE) #define HASH_TRANSHDR_SIZE(kctx_len)\ (TRANSHDR_SIZE(kctx_len) + DUMMY_BYTES) @@ -259,7 +259,6 @@ ULP_TX_SC_MORE_V((immdatalen))) #define MAX_NK 8 #define MAX_DSGL_ENT 32 -#define MIN_CIPHER_SG 1 /* IV */ #define MIN_AUTH_SG 1 /* IV */ #define MIN_GCM_SG 1 /* IV */ #define MIN_DIGEST_SG 1 /*Partial Buffer*/ diff --git a/drivers/crypto/chelsio/chcr_core.h b/drivers/crypto/chelsio/chcr_core.h index 1a20424e18c6..de3a9c085daf 100644 --- a/drivers/crypto/chelsio/chcr_core.h +++ b/drivers/crypto/chelsio/chcr_core.h @@ -56,7 +56,7 @@ #define MAX_SALT 4 #define CIP_WR_MIN_LEN (sizeof(struct chcr_wr) + \ sizeof(struct cpl_rx_phys_dsgl) + \ - sizeof(struct ulptx_sgl)) + sizeof(struct ulptx_sgl) + 16) //IV #define HASH_WR_MIN_LEN (sizeof(struct chcr_wr) + \ DUMMY_BYTES + \ diff --git a/drivers/crypto/chelsio/chcr_crypto.h b/drivers/crypto/chelsio/chcr_crypto.h index c8e8972af283..54835cb109e5 100644 --- a/drivers/crypto/chelsio/chcr_crypto.h +++ b/drivers/crypto/chelsio/chcr_crypto.h @@ -190,8 +190,8 @@ struct chcr_aead_reqctx { short int dst_nents; u16 imm; u16 verify; - u8 iv[CHCR_MAX_CRYPTO_IV_LEN]; - unsigned char scratch_pad[MAX_SCRATCH_PAD_SIZE]; + u8 iv[CHCR_MAX_CRYPTO_IV_LEN + MAX_SCRATCH_PAD_SIZE]; + u8 *scratch_pad; }; struct ulptx_walk { @@ -295,7 +295,6 @@ struct chcr_blkcipher_req_ctx { unsigned int src_ofst; unsigned int dst_ofst; unsigned int op; - dma_addr_t iv_dma; u16 imm; u8 iv[CHCR_MAX_CRYPTO_IV_LEN]; }; @@ -312,8 +311,7 @@ struct chcr_alg_template { typedef struct sk_buff *(*create_wr_t)(struct aead_request *req, unsigned short qid, - int size, - unsigned short op_type); + int size); void chcr_verify_tag(struct aead_request *req, u8 *input, int *err); int chcr_aead_dma_map(struct device *dev, struct aead_request *req, @@ -322,12 +320,12 @@ void chcr_aead_dma_unmap(struct device *dev, struct aead_request *req, unsigned short op_type); void chcr_add_aead_dst_ent(struct aead_request *req, struct cpl_rx_phys_dsgl *phys_cpl, - unsigned int assoclen, unsigned short op_type, + unsigned int assoclen, unsigned short qid); void chcr_add_aead_src_ent(struct aead_request *req, struct ulptx_sgl *ulptx, - unsigned int assoclen, unsigned short op_type); + unsigned int assoclen); void chcr_add_cipher_src_ent(struct ablkcipher_request *req, - struct ulptx_sgl *ulptx, + void *ulptx, struct cipher_wr_param *wrparam); int chcr_cipher_dma_map(struct device *dev, struct ablkcipher_request *req); void chcr_cipher_dma_unmap(struct device *dev, struct ablkcipher_request *req); @@ -340,4 +338,5 @@ void chcr_add_hash_src_ent(struct ahash_request *req, struct ulptx_sgl *ulptx, struct hash_wr_param *param); int chcr_hash_dma_map(struct device *dev, struct ahash_request *req); void chcr_hash_dma_unmap(struct device *dev, struct ahash_request *req); +void chcr_aead_common_exit(struct aead_request *req); #endif /* __CHCR_CRYPTO_H__ */ diff --git a/drivers/crypto/chelsio/chcr_ipsec.c b/drivers/crypto/chelsio/chcr_ipsec.c index 8e0aa3f175c9..461b97e2f1fd 100644 --- a/drivers/crypto/chelsio/chcr_ipsec.c +++ b/drivers/crypto/chelsio/chcr_ipsec.c @@ -346,18 +346,23 @@ inline void *copy_cpltx_pktxt(struct sk_buff *skb, struct net_device *dev, void *pos) { + struct cpl_tx_pkt_core *cpl; + struct sge_eth_txq *q; struct adapter *adap; struct port_info *pi; - struct sge_eth_txq *q; - struct cpl_tx_pkt_core *cpl; - u64 cntrl = 0; u32 ctrl0, qidx; + u64 cntrl = 0; + int left; pi = netdev_priv(dev); adap = pi->adapter; qidx = skb->queue_mapping; q = &adap->sge.ethtxq[qidx + pi->first_qset]; + left = (void *)q->q.stat - pos; + if (!left) + pos = q->q.desc; + cpl = (struct cpl_tx_pkt_core *)pos; cntrl = TXPKT_L4CSUM_DIS_F | TXPKT_IPCSUM_DIS_F; @@ -382,18 +387,17 @@ inline void *copy_key_cpltx_pktxt(struct sk_buff *skb, void *pos, struct ipsec_sa_entry *sa_entry) { - struct adapter *adap; - struct port_info *pi; - struct sge_eth_txq *q; - unsigned int len, qidx; struct _key_ctx *key_ctx; int left, eoq, key_len; + struct sge_eth_txq *q; + struct adapter *adap; + struct port_info *pi; + unsigned int qidx; pi = netdev_priv(dev); adap = pi->adapter; qidx = skb->queue_mapping; q = &adap->sge.ethtxq[qidx + pi->first_qset]; - len = sa_entry->enckey_len + sizeof(struct cpl_tx_pkt_core); key_len = sa_entry->kctx_len; /* end of queue, reset pos to start of queue */ @@ -411,19 +415,14 @@ inline void *copy_key_cpltx_pktxt(struct sk_buff *skb, pos += sizeof(struct _key_ctx); left -= sizeof(struct _key_ctx); - if (likely(len <= left)) { + if (likely(key_len <= left)) { memcpy(key_ctx->key, sa_entry->key, key_len); pos += key_len; } else { - if (key_len <= left) { - memcpy(pos, sa_entry->key, key_len); - pos += key_len; - } else { - memcpy(pos, sa_entry->key, left); - memcpy(q->q.desc, sa_entry->key + left, - key_len - left); - pos = (u8 *)q->q.desc + (key_len - left); - } + memcpy(pos, sa_entry->key, left); + memcpy(q->q.desc, sa_entry->key + left, + key_len - left); + pos = (u8 *)q->q.desc + (key_len - left); } /* Copy CPL TX PKT XT */ pos = copy_cpltx_pktxt(skb, dev, pos); diff --git a/drivers/crypto/chelsio/chtls/chtls.h b/drivers/crypto/chelsio/chtls/chtls.h index f4b8f1ec0061..a53a0e6ba024 100644 --- a/drivers/crypto/chelsio/chtls/chtls.h +++ b/drivers/crypto/chelsio/chtls/chtls.h @@ -67,11 +67,6 @@ enum { CPL_RET_UNKNOWN_TID = 4 /* unexpected unknown TID */ }; -#define TLS_RCV_ST_READ_HEADER 0xF0 -#define TLS_RCV_ST_READ_BODY 0xF1 -#define TLS_RCV_ST_READ_DONE 0xF2 -#define TLS_RCV_ST_READ_NB 0xF3 - #define LISTEN_INFO_HASH_SIZE 32 #define RSPQ_HASH_BITS 5 struct listen_info { @@ -149,6 +144,7 @@ struct chtls_dev { struct list_head rcu_node; struct list_head na_node; unsigned int send_page_order; + int max_host_sndbuf; struct key_map kmap; }; @@ -278,6 +274,7 @@ struct tlsrx_cmp_hdr { #define TLSRX_HDR_PKT_MAC_ERROR_F TLSRX_HDR_PKT_MAC_ERROR_V(1U) #define TLSRX_HDR_PKT_ERROR_M 0x1F +#define CONTENT_TYPE_ERROR 0x7F struct ulp_mem_rw { __be32 cmd; @@ -347,8 +344,8 @@ enum { ULPCB_FLAG_HOLD = 1 << 3, /* skb not ready for Tx yet */ ULPCB_FLAG_COMPL = 1 << 4, /* request WR completion */ ULPCB_FLAG_URG = 1 << 5, /* urgent data */ - ULPCB_FLAG_TLS_ND = 1 << 6, /* payload of zero length */ - ULPCB_FLAG_NO_HDR = 1 << 7, /* not a ofld wr */ + ULPCB_FLAG_TLS_HDR = 1 << 6, /* payload with tls hdr */ + ULPCB_FLAG_NO_HDR = 1 << 7, /* not a ofld wr */ }; /* The ULP mode/submode of an skbuff */ diff --git a/drivers/crypto/chelsio/chtls/chtls_cm.c b/drivers/crypto/chelsio/chtls/chtls_cm.c index 82a473a0cefa..2bb6f0380758 100644 --- a/drivers/crypto/chelsio/chtls/chtls_cm.c +++ b/drivers/crypto/chelsio/chtls/chtls_cm.c @@ -1537,6 +1537,10 @@ static int chtls_rx_data(struct chtls_dev *cdev, struct sk_buff *skb) struct sock *sk; sk = lookup_tid(cdev->tids, hwtid); + if (unlikely(!sk)) { + pr_err("can't find conn. for hwtid %u.\n", hwtid); + return -EINVAL; + } skb_dst_set(skb, NULL); process_cpl_msg(chtls_recv_data, sk, skb); return 0; @@ -1585,6 +1589,10 @@ static int chtls_rx_pdu(struct chtls_dev *cdev, struct sk_buff *skb) struct sock *sk; sk = lookup_tid(cdev->tids, hwtid); + if (unlikely(!sk)) { + pr_err("can't find conn. for hwtid %u.\n", hwtid); + return -EINVAL; + } skb_dst_set(skb, NULL); process_cpl_msg(chtls_recv_pdu, sk, skb); return 0; @@ -1600,12 +1608,14 @@ static void chtls_set_hdrlen(struct sk_buff *skb, unsigned int nlen) static void chtls_rx_hdr(struct sock *sk, struct sk_buff *skb) { - struct cpl_rx_tls_cmp *cmp_cpl = cplhdr(skb); + struct tlsrx_cmp_hdr *tls_hdr_pkt; + struct cpl_rx_tls_cmp *cmp_cpl; struct sk_buff *skb_rec; struct chtls_sock *csk; struct chtls_hws *tlsk; struct tcp_sock *tp; + cmp_cpl = cplhdr(skb); csk = rcu_dereference_sk_user_data(sk); tlsk = &csk->tlshws; tp = tcp_sk(sk); @@ -1615,16 +1625,18 @@ static void chtls_rx_hdr(struct sock *sk, struct sk_buff *skb) skb_reset_transport_header(skb); __skb_pull(skb, sizeof(*cmp_cpl)); + tls_hdr_pkt = (struct tlsrx_cmp_hdr *)skb->data; + if (tls_hdr_pkt->res_to_mac_error & TLSRX_HDR_PKT_ERROR_M) + tls_hdr_pkt->type = CONTENT_TYPE_ERROR; if (!skb->data_len) - __skb_trim(skb, CPL_RX_TLS_CMP_LENGTH_G - (ntohl(cmp_cpl->pdulength_length))); + __skb_trim(skb, TLS_HEADER_LENGTH); tp->rcv_nxt += CPL_RX_TLS_CMP_PDULENGTH_G(ntohl(cmp_cpl->pdulength_length)); + ULP_SKB_CB(skb)->flags |= ULPCB_FLAG_TLS_HDR; skb_rec = __skb_dequeue(&tlsk->sk_recv_queue); if (!skb_rec) { - ULP_SKB_CB(skb)->flags |= ULPCB_FLAG_TLS_ND; __skb_queue_tail(&sk->sk_receive_queue, skb); } else { chtls_set_hdrlen(skb, tlsk->pldlen); @@ -1646,6 +1658,10 @@ static int chtls_rx_cmp(struct chtls_dev *cdev, struct sk_buff *skb) struct sock *sk; sk = lookup_tid(cdev->tids, hwtid); + if (unlikely(!sk)) { + pr_err("can't find conn. for hwtid %u.\n", hwtid); + return -EINVAL; + } skb_dst_set(skb, NULL); process_cpl_msg(chtls_rx_hdr, sk, skb); @@ -2105,6 +2121,10 @@ static int chtls_wr_ack(struct chtls_dev *cdev, struct sk_buff *skb) struct sock *sk; sk = lookup_tid(cdev->tids, hwtid); + if (unlikely(!sk)) { + pr_err("can't find conn. for hwtid %u.\n", hwtid); + return -EINVAL; + } process_cpl_msg(chtls_rx_ack, sk, skb); return 0; diff --git a/drivers/crypto/chelsio/chtls/chtls_hw.c b/drivers/crypto/chelsio/chtls/chtls_hw.c index 54a13aa99121..55d50140f9e5 100644 --- a/drivers/crypto/chelsio/chtls/chtls_hw.c +++ b/drivers/crypto/chelsio/chtls/chtls_hw.c @@ -213,7 +213,7 @@ static int chtls_key_info(struct chtls_sock *csk, struct _key_ctx *kctx, u32 keylen, u32 optname) { - unsigned char key[CHCR_KEYCTX_CIPHER_KEY_SIZE_256]; + unsigned char key[AES_KEYSIZE_128]; struct tls12_crypto_info_aes_gcm_128 *gcm_ctx; unsigned char ghash_h[AEAD_H_SIZE]; struct crypto_cipher *cipher; @@ -228,10 +228,6 @@ static int chtls_key_info(struct chtls_sock *csk, if (keylen == AES_KEYSIZE_128) { ck_size = CHCR_KEYCTX_CIPHER_KEY_SIZE_128; - } else if (keylen == AES_KEYSIZE_192) { - ck_size = CHCR_KEYCTX_CIPHER_KEY_SIZE_192; - } else if (keylen == AES_KEYSIZE_256) { - ck_size = CHCR_KEYCTX_CIPHER_KEY_SIZE_256; } else { pr_err("GCM: Invalid key length %d\n", keylen); return -EINVAL; diff --git a/drivers/crypto/chelsio/chtls/chtls_io.c b/drivers/crypto/chelsio/chtls/chtls_io.c index 5a75be43950f..51fc6821cbbf 100644 --- a/drivers/crypto/chelsio/chtls/chtls_io.c +++ b/drivers/crypto/chelsio/chtls/chtls_io.c @@ -907,11 +907,83 @@ static int chtls_skb_copy_to_page_nocache(struct sock *sk, } /* Read TLS header to find content type and data length */ -static u16 tls_header_read(struct tls_hdr *thdr, struct iov_iter *from) +static int tls_header_read(struct tls_hdr *thdr, struct iov_iter *from) { if (copy_from_iter(thdr, sizeof(*thdr), from) != sizeof(*thdr)) return -EFAULT; - return (__force u16)cpu_to_be16(thdr->length); + return (__force int)cpu_to_be16(thdr->length); +} + +static int csk_mem_free(struct chtls_dev *cdev, struct sock *sk) +{ + return (cdev->max_host_sndbuf - sk->sk_wmem_queued); +} + +static int csk_wait_memory(struct chtls_dev *cdev, + struct sock *sk, long *timeo_p) +{ + DEFINE_WAIT_FUNC(wait, woken_wake_function); + int sndbuf, err = 0; + long current_timeo; + long vm_wait = 0; + bool noblock; + + current_timeo = *timeo_p; + noblock = (*timeo_p ? false : true); + sndbuf = cdev->max_host_sndbuf; + if (csk_mem_free(cdev, sk)) { + current_timeo = (prandom_u32() % (HZ / 5)) + 2; + vm_wait = (prandom_u32() % (HZ / 5)) + 2; + } + + add_wait_queue(sk_sleep(sk), &wait); + while (1) { + sk_set_bit(SOCKWQ_ASYNC_NOSPACE, sk); + + if (sk->sk_err || (sk->sk_shutdown & SEND_SHUTDOWN)) + goto do_error; + if (!*timeo_p) { + if (noblock) + set_bit(SOCK_NOSPACE, &sk->sk_socket->flags); + goto do_nonblock; + } + if (signal_pending(current)) + goto do_interrupted; + sk_clear_bit(SOCKWQ_ASYNC_NOSPACE, sk); + if (csk_mem_free(cdev, sk) && !vm_wait) + break; + + set_bit(SOCK_NOSPACE, &sk->sk_socket->flags); + sk->sk_write_pending++; + sk_wait_event(sk, ¤t_timeo, sk->sk_err || + (sk->sk_shutdown & SEND_SHUTDOWN) || + (csk_mem_free(cdev, sk) && !vm_wait), &wait); + sk->sk_write_pending--; + + if (vm_wait) { + vm_wait -= current_timeo; + current_timeo = *timeo_p; + if (current_timeo != MAX_SCHEDULE_TIMEOUT) { + current_timeo -= vm_wait; + if (current_timeo < 0) + current_timeo = 0; + } + vm_wait = 0; + } + *timeo_p = current_timeo; + } +do_rm_wq: + remove_wait_queue(sk_sleep(sk), &wait); + return err; +do_error: + err = -EPIPE; + goto do_rm_wq; +do_nonblock: + err = -EAGAIN; + goto do_rm_wq; +do_interrupted: + err = sock_intr_errno(*timeo_p); + goto do_rm_wq; } int chtls_sendmsg(struct sock *sk, struct msghdr *msg, size_t size) @@ -952,6 +1024,8 @@ int chtls_sendmsg(struct sock *sk, struct msghdr *msg, size_t size) copy = mss - skb->len; skb->ip_summed = CHECKSUM_UNNECESSARY; } + if (!csk_mem_free(cdev, sk)) + goto wait_for_sndbuf; if (is_tls_tx(csk) && !csk->tlshws.txleft) { struct tls_hdr hdr; @@ -1009,9 +1083,10 @@ new_buf: int off = TCP_OFF(sk); bool merge; - if (page) - pg_size <<= compound_order(page); + if (!page) + goto wait_for_memory; + pg_size <<= compound_order(page); if (off < pg_size && skb_can_coalesce(skb, i, page, off)) { merge = 1; @@ -1099,8 +1174,10 @@ copy: if (ULP_SKB_CB(skb)->flags & ULPCB_FLAG_NO_APPEND) push_frames_if_head(sk); continue; +wait_for_sndbuf: + set_bit(SOCK_NOSPACE, &sk->sk_socket->flags); wait_for_memory: - err = sk_stream_wait_memory(sk, &timeo); + err = csk_wait_memory(cdev, sk, &timeo); if (err) goto do_error; } @@ -1131,6 +1208,7 @@ int chtls_sendpage(struct sock *sk, struct page *page, int offset, size_t size, int flags) { struct chtls_sock *csk; + struct chtls_dev *cdev; int mss, err, copied; struct tcp_sock *tp; long timeo; @@ -1138,6 +1216,7 @@ int chtls_sendpage(struct sock *sk, struct page *page, tp = tcp_sk(sk); copied = 0; csk = rcu_dereference_sk_user_data(sk); + cdev = csk->cdev; timeo = sock_sndtimeo(sk, flags & MSG_DONTWAIT); err = sk_stream_wait_connect(sk, &timeo); @@ -1152,10 +1231,11 @@ int chtls_sendpage(struct sock *sk, struct page *page, struct sk_buff *skb = skb_peek_tail(&csk->txq); int copy, i; - copy = mss - skb->len; if (!skb || (ULP_SKB_CB(skb)->flags & ULPCB_FLAG_NO_APPEND) || - copy <= 0) { + (copy = mss - skb->len) <= 0) { new_buf: + if (!csk_mem_free(cdev, sk)) + goto wait_for_sndbuf; if (is_tls_tx(csk)) { skb = get_record_skb(sk, @@ -1167,7 +1247,7 @@ new_buf: skb = get_tx_skb(sk, 0); } if (!skb) - goto do_error; + goto wait_for_memory; copy = mss; } if (copy > size) @@ -1206,8 +1286,12 @@ new_buf: if (unlikely(ULP_SKB_CB(skb)->flags & ULPCB_FLAG_NO_APPEND)) push_frames_if_head(sk); continue; - +wait_for_sndbuf: set_bit(SOCK_NOSPACE, &sk->sk_socket->flags); +wait_for_memory: + err = csk_wait_memory(cdev, sk, &timeo); + if (err) + goto do_error; } out: csk_reset_flag(csk, CSK_TX_MORE_DATA); @@ -1409,7 +1493,7 @@ static int chtls_pt_recvmsg(struct sock *sk, struct msghdr *msg, size_t len, break; chtls_cleanup_rbuf(sk, copied); sk_wait_data(sk, &timeo, NULL); - continue; + continue; found_ok_skb: if (!skb->len) { skb_dst_set(skb, NULL); @@ -1449,31 +1533,13 @@ found_ok_skb: } } } - if (hws->rstate == TLS_RCV_ST_READ_BODY) { - if (skb_copy_datagram_msg(skb, offset, - msg, avail)) { - if (!copied) { - copied = -EFAULT; - break; - } - } - } else { - struct tlsrx_cmp_hdr *tls_hdr_pkt = - (struct tlsrx_cmp_hdr *)skb->data; - - if ((tls_hdr_pkt->res_to_mac_error & - TLSRX_HDR_PKT_ERROR_M)) - tls_hdr_pkt->type = 0x7F; - - /* CMP pld len is for recv seq */ - hws->rcvpld = skb->hdr_len; - if (skb_copy_datagram_msg(skb, offset, msg, avail)) { - if (!copied) { - copied = -EFAULT; - break; - } + if (skb_copy_datagram_msg(skb, offset, msg, avail)) { + if (!copied) { + copied = -EFAULT; + break; } } + copied += avail; len -= avail; hws->copied_seq += avail; @@ -1481,32 +1547,20 @@ skip_copy: if (tp->urg_data && after(tp->copied_seq, tp->urg_seq)) tp->urg_data = 0; - if (hws->rstate == TLS_RCV_ST_READ_BODY && - (avail + offset) >= skb->len) { + if ((avail + offset) >= skb->len) { if (likely(skb)) chtls_free_skb(sk, skb); buffers_freed++; - hws->rstate = TLS_RCV_ST_READ_HEADER; - atomic_inc(&adap->chcr_stats.tls_pdu_rx); - tp->copied_seq += hws->rcvpld; + if (ULP_SKB_CB(skb)->flags & ULPCB_FLAG_TLS_HDR) { + tp->copied_seq += skb->len; + hws->rcvpld = skb->hdr_len; + } else { + tp->copied_seq += hws->rcvpld; + } hws->copied_seq = 0; if (copied >= target && !skb_peek(&sk->sk_receive_queue)) break; - } else { - if (likely(skb)) { - if (ULP_SKB_CB(skb)->flags & - ULPCB_FLAG_TLS_ND) - hws->rstate = - TLS_RCV_ST_READ_HEADER; - else - hws->rstate = - TLS_RCV_ST_READ_BODY; - chtls_free_skb(sk, skb); - } - buffers_freed++; - tp->copied_seq += avail; - hws->copied_seq = 0; } } while (len > 0); diff --git a/drivers/crypto/chelsio/chtls/chtls_main.c b/drivers/crypto/chelsio/chtls/chtls_main.c index 007c45c38fc7..9b07f9165658 100644 --- a/drivers/crypto/chelsio/chtls/chtls_main.c +++ b/drivers/crypto/chelsio/chtls/chtls_main.c @@ -216,7 +216,6 @@ static void *chtls_uld_add(const struct cxgb4_lld_info *info) cdev->lldi = lldi; cdev->pdev = lldi->pdev; cdev->tids = lldi->tids; - cdev->ports = (struct net_device **)(cdev + 1); cdev->ports = lldi->ports; cdev->mtus = lldi->mtus; cdev->tids = lldi->tids; @@ -239,6 +238,7 @@ static void *chtls_uld_add(const struct cxgb4_lld_info *info) spin_lock_init(&cdev->idr_lock); cdev->send_page_order = min_t(uint, get_order(32768), send_page_order); + cdev->max_host_sndbuf = 48 * 1024; if (lldi->vr->key.size) if (chtls_init_kmap(cdev, lldi)) @@ -250,7 +250,7 @@ static void *chtls_uld_add(const struct cxgb4_lld_info *info) return cdev; out_rspq_skb: - for (j = 0; j <= i; j++) + for (j = 0; j < i; j++) kfree_skb(cdev->rspq_skb_cache[j]); kfree_skb(cdev->askb); out_skb: @@ -441,7 +441,7 @@ nomem: static int do_chtls_getsockopt(struct sock *sk, char __user *optval, int __user *optlen) { - struct tls_crypto_info crypto_info; + struct tls_crypto_info crypto_info = { 0 }; crypto_info.version = TLS_1_2_VERSION; if (copy_to_user(optval, &crypto_info, sizeof(struct tls_crypto_info))) @@ -491,9 +491,13 @@ static int do_chtls_setsockopt(struct sock *sk, int optname, switch (tmp_crypto_info.cipher_type) { case TLS_CIPHER_AES_GCM_128: { - rc = copy_from_user(crypto_info, optval, - sizeof(struct - tls12_crypto_info_aes_gcm_128)); + /* Obtain version and type from previous copy */ + crypto_info[0] = tmp_crypto_info; + /* Now copy the following data */ + rc = copy_from_user((char *)crypto_info + sizeof(*crypto_info), + optval + sizeof(*crypto_info), + sizeof(struct tls12_crypto_info_aes_gcm_128) + - sizeof(*crypto_info)); if (rc) { rc = -EFAULT; diff --git a/drivers/crypto/exynos-rng.c b/drivers/crypto/exynos-rng.c index 86f5f459762e..2cfabb99cb6e 100644 --- a/drivers/crypto/exynos-rng.c +++ b/drivers/crypto/exynos-rng.c @@ -319,8 +319,7 @@ static int exynos_rng_remove(struct platform_device *pdev) static int __maybe_unused exynos_rng_suspend(struct device *dev) { - struct platform_device *pdev = to_platform_device(dev); - struct exynos_rng_dev *rng = platform_get_drvdata(pdev); + struct exynos_rng_dev *rng = dev_get_drvdata(dev); int ret; /* If we were never seeded then after resume it will be the same */ @@ -350,8 +349,7 @@ static int __maybe_unused exynos_rng_suspend(struct device *dev) static int __maybe_unused exynos_rng_resume(struct device *dev) { - struct platform_device *pdev = to_platform_device(dev); - struct exynos_rng_dev *rng = platform_get_drvdata(pdev); + struct exynos_rng_dev *rng = dev_get_drvdata(dev); int ret; /* Never seeded so nothing to do */ diff --git a/drivers/crypto/inside-secure/safexcel.c b/drivers/crypto/inside-secure/safexcel.c index b6be62025325..4e86f864a952 100644 --- a/drivers/crypto/inside-secure/safexcel.c +++ b/drivers/crypto/inside-secure/safexcel.c @@ -20,6 +20,7 @@ #include <linux/platform_device.h> #include <linux/workqueue.h> +#include <crypto/internal/aead.h> #include <crypto/internal/hash.h> #include <crypto/internal/skcipher.h> @@ -352,6 +353,7 @@ static int safexcel_hw_init(struct safexcel_crypto_priv *priv) /* H/W capabilities selection */ val = EIP197_FUNCTION_RSVD; val |= EIP197_PROTOCOL_ENCRYPT_ONLY | EIP197_PROTOCOL_HASH_ONLY; + val |= EIP197_PROTOCOL_ENCRYPT_HASH | EIP197_PROTOCOL_HASH_DECRYPT; val |= EIP197_ALG_AES_ECB | EIP197_ALG_AES_CBC; val |= EIP197_ALG_SHA1 | EIP197_ALG_HMAC_SHA1; val |= EIP197_ALG_SHA2 | EIP197_ALG_HMAC_SHA2; @@ -537,6 +539,27 @@ finalize: EIP197_HIA_CDR(priv, ring) + EIP197_HIA_xDR_PREP_COUNT); } +inline int safexcel_rdesc_check_errors(struct safexcel_crypto_priv *priv, + struct safexcel_result_desc *rdesc) +{ + if (likely(!rdesc->result_data.error_code)) + return 0; + + if (rdesc->result_data.error_code & 0x407f) { + /* Fatal error (bits 0-7, 14) */ + dev_err(priv->dev, + "cipher: result: result descriptor error (%d)\n", + rdesc->result_data.error_code); + return -EIO; + } else if (rdesc->result_data.error_code == BIT(9)) { + /* Authentication failed */ + return -EBADMSG; + } + + /* All other non-fatal errors */ + return -EINVAL; +} + void safexcel_complete(struct safexcel_crypto_priv *priv, int ring) { struct safexcel_command_desc *cdesc; @@ -770,6 +793,9 @@ static struct safexcel_alg_template *safexcel_algs[] = { &safexcel_alg_hmac_sha1, &safexcel_alg_hmac_sha224, &safexcel_alg_hmac_sha256, + &safexcel_alg_authenc_hmac_sha1_cbc_aes, + &safexcel_alg_authenc_hmac_sha224_cbc_aes, + &safexcel_alg_authenc_hmac_sha256_cbc_aes, }; static int safexcel_register_algorithms(struct safexcel_crypto_priv *priv) @@ -781,6 +807,8 @@ static int safexcel_register_algorithms(struct safexcel_crypto_priv *priv) if (safexcel_algs[i]->type == SAFEXCEL_ALG_TYPE_SKCIPHER) ret = crypto_register_skcipher(&safexcel_algs[i]->alg.skcipher); + else if (safexcel_algs[i]->type == SAFEXCEL_ALG_TYPE_AEAD) + ret = crypto_register_aead(&safexcel_algs[i]->alg.aead); else ret = crypto_register_ahash(&safexcel_algs[i]->alg.ahash); @@ -794,6 +822,8 @@ fail: for (j = 0; j < i; j++) { if (safexcel_algs[j]->type == SAFEXCEL_ALG_TYPE_SKCIPHER) crypto_unregister_skcipher(&safexcel_algs[j]->alg.skcipher); + else if (safexcel_algs[j]->type == SAFEXCEL_ALG_TYPE_AEAD) + crypto_unregister_aead(&safexcel_algs[j]->alg.aead); else crypto_unregister_ahash(&safexcel_algs[j]->alg.ahash); } @@ -808,6 +838,8 @@ static void safexcel_unregister_algorithms(struct safexcel_crypto_priv *priv) for (i = 0; i < ARRAY_SIZE(safexcel_algs); i++) { if (safexcel_algs[i]->type == SAFEXCEL_ALG_TYPE_SKCIPHER) crypto_unregister_skcipher(&safexcel_algs[i]->alg.skcipher); + else if (safexcel_algs[i]->type == SAFEXCEL_ALG_TYPE_AEAD) + crypto_unregister_aead(&safexcel_algs[i]->alg.aead); else crypto_unregister_ahash(&safexcel_algs[i]->alg.ahash); } diff --git a/drivers/crypto/inside-secure/safexcel.h b/drivers/crypto/inside-secure/safexcel.h index b470a849721f..8b3ee9b59f53 100644 --- a/drivers/crypto/inside-secure/safexcel.h +++ b/drivers/crypto/inside-secure/safexcel.h @@ -11,8 +11,10 @@ #ifndef __SAFEXCEL_H__ #define __SAFEXCEL_H__ +#include <crypto/aead.h> #include <crypto/algapi.h> #include <crypto/internal/hash.h> +#include <crypto/sha.h> #include <crypto/skcipher.h> #define EIP197_HIA_VERSION_LE 0xca35 @@ -20,7 +22,7 @@ /* Static configuration */ #define EIP197_DEFAULT_RING_SIZE 400 -#define EIP197_MAX_TOKENS 5 +#define EIP197_MAX_TOKENS 8 #define EIP197_MAX_RINGS 4 #define EIP197_FETCH_COUNT 1 #define EIP197_MAX_BATCH_SZ 64 @@ -28,6 +30,17 @@ #define EIP197_GFP_FLAGS(base) ((base).flags & CRYPTO_TFM_REQ_MAY_SLEEP ? \ GFP_KERNEL : GFP_ATOMIC) +/* Custom on-stack requests (for invalidation) */ +#define EIP197_SKCIPHER_REQ_SIZE sizeof(struct skcipher_request) + \ + sizeof(struct safexcel_cipher_req) +#define EIP197_AHASH_REQ_SIZE sizeof(struct ahash_request) + \ + sizeof(struct safexcel_ahash_req) +#define EIP197_AEAD_REQ_SIZE sizeof(struct aead_request) + \ + sizeof(struct safexcel_cipher_req) +#define EIP197_REQUEST_ON_STACK(name, type, size) \ + char __##name##_desc[size] CRYPTO_MINALIGN_ATTR; \ + struct type##_request *name = (void *)__##name##_desc + /* Register base offsets */ #define EIP197_HIA_AIC(priv) ((priv)->base + (priv)->offsets.hia_aic) #define EIP197_HIA_AIC_G(priv) ((priv)->base + (priv)->offsets.hia_aic_g) @@ -274,7 +287,7 @@ struct safexcel_context_record { u32 control0; u32 control1; - __le32 data[12]; + __le32 data[24]; } __packed; /* control0 */ @@ -286,8 +299,8 @@ struct safexcel_context_record { #define CONTEXT_CONTROL_TYPE_CRYPTO_IN 0x5 #define CONTEXT_CONTROL_TYPE_ENCRYPT_HASH_OUT 0x6 #define CONTEXT_CONTROL_TYPE_DECRYPT_HASH_IN 0x7 -#define CONTEXT_CONTROL_TYPE_HASH_ENCRYPT_OUT 0x14 -#define CONTEXT_CONTROL_TYPE_HASH_DECRYPT_OUT 0x15 +#define CONTEXT_CONTROL_TYPE_HASH_ENCRYPT_OUT 0xe +#define CONTEXT_CONTROL_TYPE_HASH_DECRYPT_IN 0xf #define CONTEXT_CONTROL_RESTART_HASH BIT(4) #define CONTEXT_CONTROL_NO_FINISH_HASH BIT(5) #define CONTEXT_CONTROL_SIZE(n) ((n) << 8) @@ -391,11 +404,15 @@ struct safexcel_token { u8 opcode:4; } __packed; +#define EIP197_TOKEN_HASH_RESULT_VERIFY BIT(16) + #define EIP197_TOKEN_STAT_LAST_HASH BIT(0) #define EIP197_TOKEN_STAT_LAST_PACKET BIT(1) #define EIP197_TOKEN_OPCODE_DIRECTION 0x0 #define EIP197_TOKEN_OPCODE_INSERT 0x2 #define EIP197_TOKEN_OPCODE_NOOP EIP197_TOKEN_OPCODE_INSERT +#define EIP197_TOKEN_OPCODE_RETRIEVE 0x4 +#define EIP197_TOKEN_OPCODE_VERIFY 0xd #define EIP197_TOKEN_OPCODE_BYPASS GENMASK(3, 0) static inline void eip197_noop_token(struct safexcel_token *token) @@ -479,6 +496,7 @@ struct safexcel_ring { enum safexcel_alg_type { SAFEXCEL_ALG_TYPE_SKCIPHER, + SAFEXCEL_ALG_TYPE_AEAD, SAFEXCEL_ALG_TYPE_AHASH, }; @@ -581,6 +599,16 @@ struct safexcel_context { bool exit_inv; }; +struct safexcel_ahash_export_state { + u64 len; + u64 processed; + + u32 digest; + + u32 state[SHA256_DIGEST_SIZE / sizeof(u32)]; + u8 cache[SHA256_BLOCK_SIZE]; +}; + /* * Template structure to describe the algorithms in order to register them. * It also has the purpose to contain our private structure and is actually @@ -591,6 +619,7 @@ struct safexcel_alg_template { enum safexcel_alg_type type; union { struct skcipher_alg skcipher; + struct aead_alg aead; struct ahash_alg ahash; } alg; }; @@ -601,6 +630,8 @@ struct safexcel_inv_result { }; void safexcel_dequeue(struct safexcel_crypto_priv *priv, int ring); +int safexcel_rdesc_check_errors(struct safexcel_crypto_priv *priv, + struct safexcel_result_desc *rdesc); void safexcel_complete(struct safexcel_crypto_priv *priv, int ring); int safexcel_invalidate_cache(struct crypto_async_request *async, struct safexcel_crypto_priv *priv, @@ -625,6 +656,8 @@ struct safexcel_result_desc *safexcel_add_rdesc(struct safexcel_crypto_priv *pri bool first, bool last, dma_addr_t data, u32 len); void safexcel_inv_complete(struct crypto_async_request *req, int error); +int safexcel_hmac_setkey(const char *alg, const u8 *key, unsigned int keylen, + void *istate, void *ostate); /* available algorithms */ extern struct safexcel_alg_template safexcel_alg_ecb_aes; @@ -635,5 +668,8 @@ extern struct safexcel_alg_template safexcel_alg_sha256; extern struct safexcel_alg_template safexcel_alg_hmac_sha1; extern struct safexcel_alg_template safexcel_alg_hmac_sha224; extern struct safexcel_alg_template safexcel_alg_hmac_sha256; +extern struct safexcel_alg_template safexcel_alg_authenc_hmac_sha1_cbc_aes; +extern struct safexcel_alg_template safexcel_alg_authenc_hmac_sha224_cbc_aes; +extern struct safexcel_alg_template safexcel_alg_authenc_hmac_sha256_cbc_aes; #endif diff --git a/drivers/crypto/inside-secure/safexcel_cipher.c b/drivers/crypto/inside-secure/safexcel_cipher.c index bafb60505fab..6bb60fda2043 100644 --- a/drivers/crypto/inside-secure/safexcel_cipher.c +++ b/drivers/crypto/inside-secure/safexcel_cipher.c @@ -12,8 +12,12 @@ #include <linux/dma-mapping.h> #include <linux/dmapool.h> +#include <crypto/aead.h> #include <crypto/aes.h> +#include <crypto/authenc.h> +#include <crypto/sha.h> #include <crypto/skcipher.h> +#include <crypto/internal/aead.h> #include <crypto/internal/skcipher.h> #include "safexcel.h" @@ -28,9 +32,16 @@ struct safexcel_cipher_ctx { struct safexcel_crypto_priv *priv; u32 mode; + bool aead; __le32 key[8]; unsigned int key_len; + + /* All the below is AEAD specific */ + u32 alg; + u32 state_sz; + u32 ipad[SHA256_DIGEST_SIZE / sizeof(u32)]; + u32 opad[SHA256_DIGEST_SIZE / sizeof(u32)]; }; struct safexcel_cipher_req { @@ -38,18 +49,16 @@ struct safexcel_cipher_req { bool needs_inv; }; -static void safexcel_cipher_token(struct safexcel_cipher_ctx *ctx, - struct crypto_async_request *async, - struct safexcel_command_desc *cdesc, - u32 length) +static void safexcel_skcipher_token(struct safexcel_cipher_ctx *ctx, u8 *iv, + struct safexcel_command_desc *cdesc, + u32 length) { - struct skcipher_request *req = skcipher_request_cast(async); struct safexcel_token *token; unsigned offset = 0; if (ctx->mode == CONTEXT_CONTROL_CRYPTO_MODE_CBC) { offset = AES_BLOCK_SIZE / sizeof(u32); - memcpy(cdesc->control_data.token, req->iv, AES_BLOCK_SIZE); + memcpy(cdesc->control_data.token, iv, AES_BLOCK_SIZE); cdesc->control_data.options |= EIP197_OPTION_4_TOKEN_IV_CMD; } @@ -65,8 +74,64 @@ static void safexcel_cipher_token(struct safexcel_cipher_ctx *ctx, EIP197_TOKEN_INS_TYPE_OUTPUT; } -static int safexcel_aes_setkey(struct crypto_skcipher *ctfm, const u8 *key, - unsigned int len) +static void safexcel_aead_token(struct safexcel_cipher_ctx *ctx, u8 *iv, + struct safexcel_command_desc *cdesc, + enum safexcel_cipher_direction direction, + u32 cryptlen, u32 assoclen, u32 digestsize) +{ + struct safexcel_token *token; + unsigned offset = 0; + + if (ctx->mode == CONTEXT_CONTROL_CRYPTO_MODE_CBC) { + offset = AES_BLOCK_SIZE / sizeof(u32); + memcpy(cdesc->control_data.token, iv, AES_BLOCK_SIZE); + + cdesc->control_data.options |= EIP197_OPTION_4_TOKEN_IV_CMD; + } + + token = (struct safexcel_token *)(cdesc->control_data.token + offset); + + if (direction == SAFEXCEL_DECRYPT) + cryptlen -= digestsize; + + token[0].opcode = EIP197_TOKEN_OPCODE_DIRECTION; + token[0].packet_length = assoclen; + token[0].instructions = EIP197_TOKEN_INS_TYPE_HASH | + EIP197_TOKEN_INS_TYPE_OUTPUT; + + token[1].opcode = EIP197_TOKEN_OPCODE_DIRECTION; + token[1].packet_length = cryptlen; + token[1].stat = EIP197_TOKEN_STAT_LAST_HASH; + token[1].instructions = EIP197_TOKEN_INS_LAST | + EIP197_TOKEN_INS_TYPE_CRYTO | + EIP197_TOKEN_INS_TYPE_HASH | + EIP197_TOKEN_INS_TYPE_OUTPUT; + + if (direction == SAFEXCEL_ENCRYPT) { + token[2].opcode = EIP197_TOKEN_OPCODE_INSERT; + token[2].packet_length = digestsize; + token[2].stat = EIP197_TOKEN_STAT_LAST_HASH | + EIP197_TOKEN_STAT_LAST_PACKET; + token[2].instructions = EIP197_TOKEN_INS_TYPE_OUTPUT | + EIP197_TOKEN_INS_INSERT_HASH_DIGEST; + } else { + token[2].opcode = EIP197_TOKEN_OPCODE_RETRIEVE; + token[2].packet_length = digestsize; + token[2].stat = EIP197_TOKEN_STAT_LAST_HASH | + EIP197_TOKEN_STAT_LAST_PACKET; + token[2].instructions = EIP197_TOKEN_INS_INSERT_HASH_DIGEST; + + token[3].opcode = EIP197_TOKEN_OPCODE_VERIFY; + token[3].packet_length = digestsize | + EIP197_TOKEN_HASH_RESULT_VERIFY; + token[3].stat = EIP197_TOKEN_STAT_LAST_HASH | + EIP197_TOKEN_STAT_LAST_PACKET; + token[3].instructions = EIP197_TOKEN_INS_TYPE_OUTPUT; + } +} + +static int safexcel_skcipher_aes_setkey(struct crypto_skcipher *ctfm, + const u8 *key, unsigned int len) { struct crypto_tfm *tfm = crypto_skcipher_tfm(ctfm); struct safexcel_cipher_ctx *ctx = crypto_tfm_ctx(tfm); @@ -98,41 +163,123 @@ static int safexcel_aes_setkey(struct crypto_skcipher *ctfm, const u8 *key, return 0; } +static int safexcel_aead_aes_setkey(struct crypto_aead *ctfm, const u8 *key, + unsigned int len) +{ + struct crypto_tfm *tfm = crypto_aead_tfm(ctfm); + struct safexcel_cipher_ctx *ctx = crypto_tfm_ctx(tfm); + struct safexcel_ahash_export_state istate, ostate; + struct safexcel_crypto_priv *priv = ctx->priv; + struct crypto_authenc_keys keys; + + if (crypto_authenc_extractkeys(&keys, key, len) != 0) + goto badkey; + + if (keys.enckeylen > sizeof(ctx->key)) + goto badkey; + + /* Encryption key */ + if (priv->version == EIP197 && ctx->base.ctxr_dma && + memcmp(ctx->key, keys.enckey, keys.enckeylen)) + ctx->base.needs_inv = true; + + /* Auth key */ + switch (ctx->alg) { + case CONTEXT_CONTROL_CRYPTO_ALG_SHA1: + if (safexcel_hmac_setkey("safexcel-sha1", keys.authkey, + keys.authkeylen, &istate, &ostate)) + goto badkey; + break; + case CONTEXT_CONTROL_CRYPTO_ALG_SHA224: + if (safexcel_hmac_setkey("safexcel-sha224", keys.authkey, + keys.authkeylen, &istate, &ostate)) + goto badkey; + break; + case CONTEXT_CONTROL_CRYPTO_ALG_SHA256: + if (safexcel_hmac_setkey("safexcel-sha256", keys.authkey, + keys.authkeylen, &istate, &ostate)) + goto badkey; + break; + default: + dev_err(priv->dev, "aead: unsupported hash algorithm\n"); + goto badkey; + } + + crypto_aead_set_flags(ctfm, crypto_aead_get_flags(ctfm) & + CRYPTO_TFM_RES_MASK); + + if (priv->version == EIP197 && ctx->base.ctxr_dma && + (memcmp(ctx->ipad, istate.state, ctx->state_sz) || + memcmp(ctx->opad, ostate.state, ctx->state_sz))) + ctx->base.needs_inv = true; + + /* Now copy the keys into the context */ + memcpy(ctx->key, keys.enckey, keys.enckeylen); + ctx->key_len = keys.enckeylen; + + memcpy(ctx->ipad, &istate.state, ctx->state_sz); + memcpy(ctx->opad, &ostate.state, ctx->state_sz); + + memzero_explicit(&keys, sizeof(keys)); + return 0; + +badkey: + crypto_aead_set_flags(ctfm, CRYPTO_TFM_RES_BAD_KEY_LEN); + memzero_explicit(&keys, sizeof(keys)); + return -EINVAL; +} + static int safexcel_context_control(struct safexcel_cipher_ctx *ctx, struct crypto_async_request *async, + struct safexcel_cipher_req *sreq, struct safexcel_command_desc *cdesc) { struct safexcel_crypto_priv *priv = ctx->priv; - struct skcipher_request *req = skcipher_request_cast(async); - struct safexcel_cipher_req *sreq = skcipher_request_ctx(req); int ctrl_size; - if (sreq->direction == SAFEXCEL_ENCRYPT) + if (ctx->aead) { + if (sreq->direction == SAFEXCEL_ENCRYPT) + cdesc->control_data.control0 |= CONTEXT_CONTROL_TYPE_ENCRYPT_HASH_OUT; + else + cdesc->control_data.control0 |= CONTEXT_CONTROL_TYPE_HASH_DECRYPT_IN; + } else { cdesc->control_data.control0 |= CONTEXT_CONTROL_TYPE_CRYPTO_OUT; - else - cdesc->control_data.control0 |= CONTEXT_CONTROL_TYPE_CRYPTO_IN; + + /* The decryption control type is a combination of the + * encryption type and CONTEXT_CONTROL_TYPE_NULL_IN, for all + * types. + */ + if (sreq->direction == SAFEXCEL_DECRYPT) + cdesc->control_data.control0 |= CONTEXT_CONTROL_TYPE_NULL_IN; + } cdesc->control_data.control0 |= CONTEXT_CONTROL_KEY_EN; cdesc->control_data.control1 |= ctx->mode; + if (ctx->aead) + cdesc->control_data.control0 |= CONTEXT_CONTROL_DIGEST_HMAC | + ctx->alg; + switch (ctx->key_len) { case AES_KEYSIZE_128: cdesc->control_data.control0 |= CONTEXT_CONTROL_CRYPTO_ALG_AES128; - ctrl_size = 4; break; case AES_KEYSIZE_192: cdesc->control_data.control0 |= CONTEXT_CONTROL_CRYPTO_ALG_AES192; - ctrl_size = 6; break; case AES_KEYSIZE_256: cdesc->control_data.control0 |= CONTEXT_CONTROL_CRYPTO_ALG_AES256; - ctrl_size = 8; break; default: dev_err(priv->dev, "aes keysize not supported: %u\n", ctx->key_len); return -EINVAL; } + + ctrl_size = ctx->key_len / sizeof(u32); + if (ctx->aead) + /* Take in account the ipad+opad digests */ + ctrl_size += ctx->state_sz / sizeof(u32) * 2; cdesc->control_data.control0 |= CONTEXT_CONTROL_SIZE(ctrl_size); return 0; @@ -140,9 +287,12 @@ static int safexcel_context_control(struct safexcel_cipher_ctx *ctx, static int safexcel_handle_req_result(struct safexcel_crypto_priv *priv, int ring, struct crypto_async_request *async, + struct scatterlist *src, + struct scatterlist *dst, + unsigned int cryptlen, + struct safexcel_cipher_req *sreq, bool *should_complete, int *ret) { - struct skcipher_request *req = skcipher_request_cast(async); struct safexcel_result_desc *rdesc; int ndesc = 0; @@ -158,12 +308,8 @@ static int safexcel_handle_req_result(struct safexcel_crypto_priv *priv, int rin break; } - if (rdesc->result_data.error_code) { - dev_err(priv->dev, - "cipher: result: result descriptor error (%d)\n", - rdesc->result_data.error_code); - *ret = -EIO; - } + if (likely(!*ret)) + *ret = safexcel_rdesc_check_errors(priv, rdesc); ndesc++; } while (!rdesc->last_seg); @@ -171,16 +317,16 @@ static int safexcel_handle_req_result(struct safexcel_crypto_priv *priv, int rin safexcel_complete(priv, ring); spin_unlock_bh(&priv->ring[ring].egress_lock); - if (req->src == req->dst) { - dma_unmap_sg(priv->dev, req->src, - sg_nents_for_len(req->src, req->cryptlen), + if (src == dst) { + dma_unmap_sg(priv->dev, src, + sg_nents_for_len(src, cryptlen), DMA_BIDIRECTIONAL); } else { - dma_unmap_sg(priv->dev, req->src, - sg_nents_for_len(req->src, req->cryptlen), + dma_unmap_sg(priv->dev, src, + sg_nents_for_len(src, cryptlen), DMA_TO_DEVICE); - dma_unmap_sg(priv->dev, req->dst, - sg_nents_for_len(req->dst, req->cryptlen), + dma_unmap_sg(priv->dev, dst, + sg_nents_for_len(dst, cryptlen), DMA_FROM_DEVICE); } @@ -189,39 +335,43 @@ static int safexcel_handle_req_result(struct safexcel_crypto_priv *priv, int rin return ndesc; } -static int safexcel_aes_send(struct crypto_async_request *async, - int ring, struct safexcel_request *request, - int *commands, int *results) +static int safexcel_aes_send(struct crypto_async_request *base, int ring, + struct safexcel_request *request, + struct safexcel_cipher_req *sreq, + struct scatterlist *src, struct scatterlist *dst, + unsigned int cryptlen, unsigned int assoclen, + unsigned int digestsize, u8 *iv, int *commands, + int *results) { - struct skcipher_request *req = skcipher_request_cast(async); - struct safexcel_cipher_ctx *ctx = crypto_tfm_ctx(req->base.tfm); + struct safexcel_cipher_ctx *ctx = crypto_tfm_ctx(base->tfm); struct safexcel_crypto_priv *priv = ctx->priv; struct safexcel_command_desc *cdesc; struct safexcel_result_desc *rdesc; struct scatterlist *sg; - int nr_src, nr_dst, n_cdesc = 0, n_rdesc = 0, queued = req->cryptlen; + unsigned int totlen = cryptlen + assoclen; + int nr_src, nr_dst, n_cdesc = 0, n_rdesc = 0, queued = totlen; int i, ret = 0; - if (req->src == req->dst) { - nr_src = dma_map_sg(priv->dev, req->src, - sg_nents_for_len(req->src, req->cryptlen), + if (src == dst) { + nr_src = dma_map_sg(priv->dev, src, + sg_nents_for_len(src, totlen), DMA_BIDIRECTIONAL); nr_dst = nr_src; if (!nr_src) return -EINVAL; } else { - nr_src = dma_map_sg(priv->dev, req->src, - sg_nents_for_len(req->src, req->cryptlen), + nr_src = dma_map_sg(priv->dev, src, + sg_nents_for_len(src, totlen), DMA_TO_DEVICE); if (!nr_src) return -EINVAL; - nr_dst = dma_map_sg(priv->dev, req->dst, - sg_nents_for_len(req->dst, req->cryptlen), + nr_dst = dma_map_sg(priv->dev, dst, + sg_nents_for_len(dst, totlen), DMA_FROM_DEVICE); if (!nr_dst) { - dma_unmap_sg(priv->dev, req->src, - sg_nents_for_len(req->src, req->cryptlen), + dma_unmap_sg(priv->dev, src, + sg_nents_for_len(src, totlen), DMA_TO_DEVICE); return -EINVAL; } @@ -229,10 +379,17 @@ static int safexcel_aes_send(struct crypto_async_request *async, memcpy(ctx->base.ctxr->data, ctx->key, ctx->key_len); + if (ctx->aead) { + memcpy(ctx->base.ctxr->data + ctx->key_len / sizeof(u32), + ctx->ipad, ctx->state_sz); + memcpy(ctx->base.ctxr->data + (ctx->key_len + ctx->state_sz) / sizeof(u32), + ctx->opad, ctx->state_sz); + } + spin_lock_bh(&priv->ring[ring].egress_lock); /* command descriptors */ - for_each_sg(req->src, sg, nr_src, i) { + for_each_sg(src, sg, nr_src, i) { int len = sg_dma_len(sg); /* Do not overflow the request */ @@ -240,7 +397,7 @@ static int safexcel_aes_send(struct crypto_async_request *async, len = queued; cdesc = safexcel_add_cdesc(priv, ring, !n_cdesc, !(queued - len), - sg_dma_address(sg), len, req->cryptlen, + sg_dma_address(sg), len, totlen, ctx->base.ctxr_dma); if (IS_ERR(cdesc)) { /* No space left in the command descriptor ring */ @@ -250,8 +407,14 @@ static int safexcel_aes_send(struct crypto_async_request *async, n_cdesc++; if (n_cdesc == 1) { - safexcel_context_control(ctx, async, cdesc); - safexcel_cipher_token(ctx, async, cdesc, req->cryptlen); + safexcel_context_control(ctx, base, sreq, cdesc); + if (ctx->aead) + safexcel_aead_token(ctx, iv, cdesc, + sreq->direction, cryptlen, + assoclen, digestsize); + else + safexcel_skcipher_token(ctx, iv, cdesc, + cryptlen); } queued -= len; @@ -260,7 +423,7 @@ static int safexcel_aes_send(struct crypto_async_request *async, } /* result descriptors */ - for_each_sg(req->dst, sg, nr_dst, i) { + for_each_sg(dst, sg, nr_dst, i) { bool first = !i, last = (i == nr_dst - 1); u32 len = sg_dma_len(sg); @@ -276,7 +439,7 @@ static int safexcel_aes_send(struct crypto_async_request *async, spin_unlock_bh(&priv->ring[ring].egress_lock); - request->req = &req->base; + request->req = base; *commands = n_cdesc; *results = n_rdesc; @@ -291,16 +454,16 @@ cdesc_rollback: spin_unlock_bh(&priv->ring[ring].egress_lock); - if (req->src == req->dst) { - dma_unmap_sg(priv->dev, req->src, - sg_nents_for_len(req->src, req->cryptlen), + if (src == dst) { + dma_unmap_sg(priv->dev, src, + sg_nents_for_len(src, totlen), DMA_BIDIRECTIONAL); } else { - dma_unmap_sg(priv->dev, req->src, - sg_nents_for_len(req->src, req->cryptlen), + dma_unmap_sg(priv->dev, src, + sg_nents_for_len(src, totlen), DMA_TO_DEVICE); - dma_unmap_sg(priv->dev, req->dst, - sg_nents_for_len(req->dst, req->cryptlen), + dma_unmap_sg(priv->dev, dst, + sg_nents_for_len(dst, totlen), DMA_FROM_DEVICE); } @@ -309,11 +472,10 @@ cdesc_rollback: static int safexcel_handle_inv_result(struct safexcel_crypto_priv *priv, int ring, - struct crypto_async_request *async, + struct crypto_async_request *base, bool *should_complete, int *ret) { - struct skcipher_request *req = skcipher_request_cast(async); - struct safexcel_cipher_ctx *ctx = crypto_tfm_ctx(req->base.tfm); + struct safexcel_cipher_ctx *ctx = crypto_tfm_ctx(base->tfm); struct safexcel_result_desc *rdesc; int ndesc = 0, enq_ret; @@ -354,7 +516,7 @@ static int safexcel_handle_inv_result(struct safexcel_crypto_priv *priv, ctx->base.ring = ring; spin_lock_bh(&priv->ring[ring].queue_lock); - enq_ret = crypto_enqueue_request(&priv->ring[ring].queue, async); + enq_ret = crypto_enqueue_request(&priv->ring[ring].queue, base); spin_unlock_bh(&priv->ring[ring].queue_lock); if (enq_ret != -EINPROGRESS) @@ -368,9 +530,10 @@ static int safexcel_handle_inv_result(struct safexcel_crypto_priv *priv, return ndesc; } -static int safexcel_handle_result(struct safexcel_crypto_priv *priv, int ring, - struct crypto_async_request *async, - bool *should_complete, int *ret) +static int safexcel_skcipher_handle_result(struct safexcel_crypto_priv *priv, + int ring, + struct crypto_async_request *async, + bool *should_complete, int *ret) { struct skcipher_request *req = skcipher_request_cast(async); struct safexcel_cipher_req *sreq = skcipher_request_ctx(req); @@ -381,24 +544,48 @@ static int safexcel_handle_result(struct safexcel_crypto_priv *priv, int ring, err = safexcel_handle_inv_result(priv, ring, async, should_complete, ret); } else { - err = safexcel_handle_req_result(priv, ring, async, + err = safexcel_handle_req_result(priv, ring, async, req->src, + req->dst, req->cryptlen, sreq, should_complete, ret); } return err; } -static int safexcel_cipher_send_inv(struct crypto_async_request *async, +static int safexcel_aead_handle_result(struct safexcel_crypto_priv *priv, + int ring, + struct crypto_async_request *async, + bool *should_complete, int *ret) +{ + struct aead_request *req = aead_request_cast(async); + struct crypto_aead *tfm = crypto_aead_reqtfm(req); + struct safexcel_cipher_req *sreq = aead_request_ctx(req); + int err; + + if (sreq->needs_inv) { + sreq->needs_inv = false; + err = safexcel_handle_inv_result(priv, ring, async, + should_complete, ret); + } else { + err = safexcel_handle_req_result(priv, ring, async, req->src, + req->dst, + req->cryptlen + crypto_aead_authsize(tfm), + sreq, should_complete, ret); + } + + return err; +} + +static int safexcel_cipher_send_inv(struct crypto_async_request *base, int ring, struct safexcel_request *request, int *commands, int *results) { - struct skcipher_request *req = skcipher_request_cast(async); - struct safexcel_cipher_ctx *ctx = crypto_tfm_ctx(req->base.tfm); + struct safexcel_cipher_ctx *ctx = crypto_tfm_ctx(base->tfm); struct safexcel_crypto_priv *priv = ctx->priv; int ret; - ret = safexcel_invalidate_cache(async, priv, - ctx->base.ctxr_dma, ring, request); + ret = safexcel_invalidate_cache(base, priv, ctx->base.ctxr_dma, ring, + request); if (unlikely(ret)) return ret; @@ -408,9 +595,9 @@ static int safexcel_cipher_send_inv(struct crypto_async_request *async, return 0; } -static int safexcel_send(struct crypto_async_request *async, - int ring, struct safexcel_request *request, - int *commands, int *results) +static int safexcel_skcipher_send(struct crypto_async_request *async, int ring, + struct safexcel_request *request, + int *commands, int *results) { struct skcipher_request *req = skcipher_request_cast(async); struct safexcel_cipher_ctx *ctx = crypto_tfm_ctx(req->base.tfm); @@ -421,59 +608,108 @@ static int safexcel_send(struct crypto_async_request *async, BUG_ON(priv->version == EIP97 && sreq->needs_inv); if (sreq->needs_inv) - ret = safexcel_cipher_send_inv(async, ring, request, - commands, results); + ret = safexcel_cipher_send_inv(async, ring, request, commands, + results); + else + ret = safexcel_aes_send(async, ring, request, sreq, req->src, + req->dst, req->cryptlen, 0, 0, req->iv, + commands, results); + return ret; +} + +static int safexcel_aead_send(struct crypto_async_request *async, int ring, + struct safexcel_request *request, int *commands, + int *results) +{ + struct aead_request *req = aead_request_cast(async); + struct crypto_aead *tfm = crypto_aead_reqtfm(req); + struct safexcel_cipher_ctx *ctx = crypto_tfm_ctx(req->base.tfm); + struct safexcel_cipher_req *sreq = aead_request_ctx(req); + struct safexcel_crypto_priv *priv = ctx->priv; + int ret; + + BUG_ON(priv->version == EIP97 && sreq->needs_inv); + + if (sreq->needs_inv) + ret = safexcel_cipher_send_inv(async, ring, request, commands, + results); else - ret = safexcel_aes_send(async, ring, request, + ret = safexcel_aes_send(async, ring, request, sreq, req->src, + req->dst, req->cryptlen, req->assoclen, + crypto_aead_authsize(tfm), req->iv, commands, results); return ret; } -static int safexcel_cipher_exit_inv(struct crypto_tfm *tfm) +static int safexcel_cipher_exit_inv(struct crypto_tfm *tfm, + struct crypto_async_request *base, + struct safexcel_cipher_req *sreq, + struct safexcel_inv_result *result) { struct safexcel_cipher_ctx *ctx = crypto_tfm_ctx(tfm); struct safexcel_crypto_priv *priv = ctx->priv; - SKCIPHER_REQUEST_ON_STACK(req, __crypto_skcipher_cast(tfm)); - struct safexcel_cipher_req *sreq = skcipher_request_ctx(req); - struct safexcel_inv_result result = {}; int ring = ctx->base.ring; - memset(req, 0, sizeof(struct skcipher_request)); + init_completion(&result->completion); - /* create invalidation request */ - init_completion(&result.completion); - skcipher_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG, - safexcel_inv_complete, &result); - - skcipher_request_set_tfm(req, __crypto_skcipher_cast(tfm)); - ctx = crypto_tfm_ctx(req->base.tfm); + ctx = crypto_tfm_ctx(base->tfm); ctx->base.exit_inv = true; sreq->needs_inv = true; spin_lock_bh(&priv->ring[ring].queue_lock); - crypto_enqueue_request(&priv->ring[ring].queue, &req->base); + crypto_enqueue_request(&priv->ring[ring].queue, base); spin_unlock_bh(&priv->ring[ring].queue_lock); queue_work(priv->ring[ring].workqueue, &priv->ring[ring].work_data.work); - wait_for_completion(&result.completion); + wait_for_completion(&result->completion); - if (result.error) { + if (result->error) { dev_warn(priv->dev, "cipher: sync: invalidate: completion error %d\n", - result.error); - return result.error; + result->error); + return result->error; } return 0; } -static int safexcel_aes(struct skcipher_request *req, - enum safexcel_cipher_direction dir, u32 mode) +static int safexcel_skcipher_exit_inv(struct crypto_tfm *tfm) { - struct safexcel_cipher_ctx *ctx = crypto_tfm_ctx(req->base.tfm); + EIP197_REQUEST_ON_STACK(req, skcipher, EIP197_SKCIPHER_REQ_SIZE); struct safexcel_cipher_req *sreq = skcipher_request_ctx(req); + struct safexcel_inv_result result = {}; + + memset(req, 0, sizeof(struct skcipher_request)); + + skcipher_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG, + safexcel_inv_complete, &result); + skcipher_request_set_tfm(req, __crypto_skcipher_cast(tfm)); + + return safexcel_cipher_exit_inv(tfm, &req->base, sreq, &result); +} + +static int safexcel_aead_exit_inv(struct crypto_tfm *tfm) +{ + EIP197_REQUEST_ON_STACK(req, aead, EIP197_AEAD_REQ_SIZE); + struct safexcel_cipher_req *sreq = aead_request_ctx(req); + struct safexcel_inv_result result = {}; + + memset(req, 0, sizeof(struct aead_request)); + + aead_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG, + safexcel_inv_complete, &result); + aead_request_set_tfm(req, __crypto_aead_cast(tfm)); + + return safexcel_cipher_exit_inv(tfm, &req->base, sreq, &result); +} + +static int safexcel_aes(struct crypto_async_request *base, + struct safexcel_cipher_req *sreq, + enum safexcel_cipher_direction dir, u32 mode) +{ + struct safexcel_cipher_ctx *ctx = crypto_tfm_ctx(base->tfm); struct safexcel_crypto_priv *priv = ctx->priv; int ret, ring; @@ -489,7 +725,7 @@ static int safexcel_aes(struct skcipher_request *req, } else { ctx->base.ring = safexcel_select_ring(priv); ctx->base.ctxr = dma_pool_zalloc(priv->context_pool, - EIP197_GFP_FLAGS(req->base), + EIP197_GFP_FLAGS(*base), &ctx->base.ctxr_dma); if (!ctx->base.ctxr) return -ENOMEM; @@ -498,7 +734,7 @@ static int safexcel_aes(struct skcipher_request *req, ring = ctx->base.ring; spin_lock_bh(&priv->ring[ring].queue_lock); - ret = crypto_enqueue_request(&priv->ring[ring].queue, &req->base); + ret = crypto_enqueue_request(&priv->ring[ring].queue, base); spin_unlock_bh(&priv->ring[ring].queue_lock); queue_work(priv->ring[ring].workqueue, @@ -509,14 +745,14 @@ static int safexcel_aes(struct skcipher_request *req, static int safexcel_ecb_aes_encrypt(struct skcipher_request *req) { - return safexcel_aes(req, SAFEXCEL_ENCRYPT, - CONTEXT_CONTROL_CRYPTO_MODE_ECB); + return safexcel_aes(&req->base, skcipher_request_ctx(req), + SAFEXCEL_ENCRYPT, CONTEXT_CONTROL_CRYPTO_MODE_ECB); } static int safexcel_ecb_aes_decrypt(struct skcipher_request *req) { - return safexcel_aes(req, SAFEXCEL_DECRYPT, - CONTEXT_CONTROL_CRYPTO_MODE_ECB); + return safexcel_aes(&req->base, skcipher_request_ctx(req), + SAFEXCEL_DECRYPT, CONTEXT_CONTROL_CRYPTO_MODE_ECB); } static int safexcel_skcipher_cra_init(struct crypto_tfm *tfm) @@ -526,34 +762,64 @@ static int safexcel_skcipher_cra_init(struct crypto_tfm *tfm) container_of(tfm->__crt_alg, struct safexcel_alg_template, alg.skcipher.base); - ctx->priv = tmpl->priv; - ctx->base.send = safexcel_send; - ctx->base.handle_result = safexcel_handle_result; - crypto_skcipher_set_reqsize(__crypto_skcipher_cast(tfm), sizeof(struct safexcel_cipher_req)); + ctx->priv = tmpl->priv; + + ctx->base.send = safexcel_skcipher_send; + ctx->base.handle_result = safexcel_skcipher_handle_result; return 0; } -static void safexcel_skcipher_cra_exit(struct crypto_tfm *tfm) +static int safexcel_cipher_cra_exit(struct crypto_tfm *tfm) { struct safexcel_cipher_ctx *ctx = crypto_tfm_ctx(tfm); - struct safexcel_crypto_priv *priv = ctx->priv; - int ret; - memzero_explicit(ctx->key, 8 * sizeof(u32)); + memzero_explicit(ctx->key, sizeof(ctx->key)); /* context not allocated, skip invalidation */ if (!ctx->base.ctxr) + return -ENOMEM; + + memzero_explicit(ctx->base.ctxr->data, sizeof(ctx->base.ctxr->data)); + return 0; +} + +static void safexcel_skcipher_cra_exit(struct crypto_tfm *tfm) +{ + struct safexcel_cipher_ctx *ctx = crypto_tfm_ctx(tfm); + struct safexcel_crypto_priv *priv = ctx->priv; + int ret; + + if (safexcel_cipher_cra_exit(tfm)) return; - memzero_explicit(ctx->base.ctxr->data, 8 * sizeof(u32)); + if (priv->version == EIP197) { + ret = safexcel_skcipher_exit_inv(tfm); + if (ret) + dev_warn(priv->dev, "skcipher: invalidation error %d\n", + ret); + } else { + dma_pool_free(priv->context_pool, ctx->base.ctxr, + ctx->base.ctxr_dma); + } +} + +static void safexcel_aead_cra_exit(struct crypto_tfm *tfm) +{ + struct safexcel_cipher_ctx *ctx = crypto_tfm_ctx(tfm); + struct safexcel_crypto_priv *priv = ctx->priv; + int ret; + + if (safexcel_cipher_cra_exit(tfm)) + return; if (priv->version == EIP197) { - ret = safexcel_cipher_exit_inv(tfm); + ret = safexcel_aead_exit_inv(tfm); if (ret) - dev_warn(priv->dev, "cipher: invalidation error %d\n", ret); + dev_warn(priv->dev, "aead: invalidation error %d\n", + ret); } else { dma_pool_free(priv->context_pool, ctx->base.ctxr, ctx->base.ctxr_dma); @@ -563,7 +829,7 @@ static void safexcel_skcipher_cra_exit(struct crypto_tfm *tfm) struct safexcel_alg_template safexcel_alg_ecb_aes = { .type = SAFEXCEL_ALG_TYPE_SKCIPHER, .alg.skcipher = { - .setkey = safexcel_aes_setkey, + .setkey = safexcel_skcipher_aes_setkey, .encrypt = safexcel_ecb_aes_encrypt, .decrypt = safexcel_ecb_aes_decrypt, .min_keysize = AES_MIN_KEY_SIZE, @@ -586,20 +852,20 @@ struct safexcel_alg_template safexcel_alg_ecb_aes = { static int safexcel_cbc_aes_encrypt(struct skcipher_request *req) { - return safexcel_aes(req, SAFEXCEL_ENCRYPT, - CONTEXT_CONTROL_CRYPTO_MODE_CBC); + return safexcel_aes(&req->base, skcipher_request_ctx(req), + SAFEXCEL_ENCRYPT, CONTEXT_CONTROL_CRYPTO_MODE_CBC); } static int safexcel_cbc_aes_decrypt(struct skcipher_request *req) { - return safexcel_aes(req, SAFEXCEL_DECRYPT, - CONTEXT_CONTROL_CRYPTO_MODE_CBC); + return safexcel_aes(&req->base, skcipher_request_ctx(req), + SAFEXCEL_DECRYPT, CONTEXT_CONTROL_CRYPTO_MODE_CBC); } struct safexcel_alg_template safexcel_alg_cbc_aes = { .type = SAFEXCEL_ALG_TYPE_SKCIPHER, .alg.skcipher = { - .setkey = safexcel_aes_setkey, + .setkey = safexcel_skcipher_aes_setkey, .encrypt = safexcel_cbc_aes_encrypt, .decrypt = safexcel_cbc_aes_decrypt, .min_keysize = AES_MIN_KEY_SIZE, @@ -620,3 +886,139 @@ struct safexcel_alg_template safexcel_alg_cbc_aes = { }, }, }; + +static int safexcel_aead_encrypt(struct aead_request *req) +{ + struct safexcel_cipher_req *creq = aead_request_ctx(req); + + return safexcel_aes(&req->base, creq, SAFEXCEL_ENCRYPT, + CONTEXT_CONTROL_CRYPTO_MODE_CBC); +} + +static int safexcel_aead_decrypt(struct aead_request *req) +{ + struct safexcel_cipher_req *creq = aead_request_ctx(req); + + return safexcel_aes(&req->base, creq, SAFEXCEL_DECRYPT, + CONTEXT_CONTROL_CRYPTO_MODE_CBC); +} + +static int safexcel_aead_cra_init(struct crypto_tfm *tfm) +{ + struct safexcel_cipher_ctx *ctx = crypto_tfm_ctx(tfm); + struct safexcel_alg_template *tmpl = + container_of(tfm->__crt_alg, struct safexcel_alg_template, + alg.aead.base); + + crypto_aead_set_reqsize(__crypto_aead_cast(tfm), + sizeof(struct safexcel_cipher_req)); + + ctx->priv = tmpl->priv; + + ctx->aead = true; + ctx->base.send = safexcel_aead_send; + ctx->base.handle_result = safexcel_aead_handle_result; + return 0; +} + +static int safexcel_aead_sha1_cra_init(struct crypto_tfm *tfm) +{ + struct safexcel_cipher_ctx *ctx = crypto_tfm_ctx(tfm); + + safexcel_aead_cra_init(tfm); + ctx->alg = CONTEXT_CONTROL_CRYPTO_ALG_SHA1; + ctx->state_sz = SHA1_DIGEST_SIZE; + return 0; +} + +struct safexcel_alg_template safexcel_alg_authenc_hmac_sha1_cbc_aes = { + .type = SAFEXCEL_ALG_TYPE_AEAD, + .alg.aead = { + .setkey = safexcel_aead_aes_setkey, + .encrypt = safexcel_aead_encrypt, + .decrypt = safexcel_aead_decrypt, + .ivsize = AES_BLOCK_SIZE, + .maxauthsize = SHA1_DIGEST_SIZE, + .base = { + .cra_name = "authenc(hmac(sha1),cbc(aes))", + .cra_driver_name = "safexcel-authenc-hmac-sha1-cbc-aes", + .cra_priority = 300, + .cra_flags = CRYPTO_ALG_TYPE_AEAD | CRYPTO_ALG_ASYNC | + CRYPTO_ALG_KERN_DRIVER_ONLY, + .cra_blocksize = AES_BLOCK_SIZE, + .cra_ctxsize = sizeof(struct safexcel_cipher_ctx), + .cra_alignmask = 0, + .cra_init = safexcel_aead_sha1_cra_init, + .cra_exit = safexcel_aead_cra_exit, + .cra_module = THIS_MODULE, + }, + }, +}; + +static int safexcel_aead_sha256_cra_init(struct crypto_tfm *tfm) +{ + struct safexcel_cipher_ctx *ctx = crypto_tfm_ctx(tfm); + + safexcel_aead_cra_init(tfm); + ctx->alg = CONTEXT_CONTROL_CRYPTO_ALG_SHA256; + ctx->state_sz = SHA256_DIGEST_SIZE; + return 0; +} + +struct safexcel_alg_template safexcel_alg_authenc_hmac_sha256_cbc_aes = { + .type = SAFEXCEL_ALG_TYPE_AEAD, + .alg.aead = { + .setkey = safexcel_aead_aes_setkey, + .encrypt = safexcel_aead_encrypt, + .decrypt = safexcel_aead_decrypt, + .ivsize = AES_BLOCK_SIZE, + .maxauthsize = SHA256_DIGEST_SIZE, + .base = { + .cra_name = "authenc(hmac(sha256),cbc(aes))", + .cra_driver_name = "safexcel-authenc-hmac-sha256-cbc-aes", + .cra_priority = 300, + .cra_flags = CRYPTO_ALG_TYPE_AEAD | CRYPTO_ALG_ASYNC | + CRYPTO_ALG_KERN_DRIVER_ONLY, + .cra_blocksize = AES_BLOCK_SIZE, + .cra_ctxsize = sizeof(struct safexcel_cipher_ctx), + .cra_alignmask = 0, + .cra_init = safexcel_aead_sha256_cra_init, + .cra_exit = safexcel_aead_cra_exit, + .cra_module = THIS_MODULE, + }, + }, +}; + +static int safexcel_aead_sha224_cra_init(struct crypto_tfm *tfm) +{ + struct safexcel_cipher_ctx *ctx = crypto_tfm_ctx(tfm); + + safexcel_aead_cra_init(tfm); + ctx->alg = CONTEXT_CONTROL_CRYPTO_ALG_SHA224; + ctx->state_sz = SHA256_DIGEST_SIZE; + return 0; +} + +struct safexcel_alg_template safexcel_alg_authenc_hmac_sha224_cbc_aes = { + .type = SAFEXCEL_ALG_TYPE_AEAD, + .alg.aead = { + .setkey = safexcel_aead_aes_setkey, + .encrypt = safexcel_aead_encrypt, + .decrypt = safexcel_aead_decrypt, + .ivsize = AES_BLOCK_SIZE, + .maxauthsize = SHA224_DIGEST_SIZE, + .base = { + .cra_name = "authenc(hmac(sha224),cbc(aes))", + .cra_driver_name = "safexcel-authenc-hmac-sha224-cbc-aes", + .cra_priority = 300, + .cra_flags = CRYPTO_ALG_TYPE_AEAD | CRYPTO_ALG_ASYNC | + CRYPTO_ALG_KERN_DRIVER_ONLY, + .cra_blocksize = AES_BLOCK_SIZE, + .cra_ctxsize = sizeof(struct safexcel_cipher_ctx), + .cra_alignmask = 0, + .cra_init = safexcel_aead_sha224_cra_init, + .cra_exit = safexcel_aead_cra_exit, + .cra_module = THIS_MODULE, + }, + }, +}; diff --git a/drivers/crypto/inside-secure/safexcel_hash.c b/drivers/crypto/inside-secure/safexcel_hash.c index 317b9e480312..d138d6b8fec5 100644 --- a/drivers/crypto/inside-secure/safexcel_hash.c +++ b/drivers/crypto/inside-secure/safexcel_hash.c @@ -50,16 +50,6 @@ struct safexcel_ahash_req { u8 cache_next[SHA256_BLOCK_SIZE] __aligned(sizeof(u32)); }; -struct safexcel_ahash_export_state { - u64 len; - u64 processed; - - u32 digest; - - u32 state[SHA256_DIGEST_SIZE / sizeof(u32)]; - u8 cache[SHA256_BLOCK_SIZE]; -}; - static void safexcel_hash_token(struct safexcel_command_desc *cdesc, u32 input_length, u32 result_length) { @@ -146,11 +136,8 @@ static int safexcel_handle_req_result(struct safexcel_crypto_priv *priv, int rin dev_err(priv->dev, "hash: result: could not retrieve the result descriptor\n"); *ret = PTR_ERR(rdesc); - } else if (rdesc->result_data.error_code) { - dev_err(priv->dev, - "hash: result: result descriptor error (%d)\n", - rdesc->result_data.error_code); - *ret = -EINVAL; + } else { + *ret = safexcel_rdesc_check_errors(priv, rdesc); } safexcel_complete(priv, ring); @@ -480,7 +467,7 @@ static int safexcel_ahash_exit_inv(struct crypto_tfm *tfm) { struct safexcel_ahash_ctx *ctx = crypto_tfm_ctx(tfm); struct safexcel_crypto_priv *priv = ctx->priv; - AHASH_REQUEST_ON_STACK(req, __crypto_ahash_cast(tfm)); + EIP197_REQUEST_ON_STACK(req, ahash, EIP197_AHASH_REQ_SIZE); struct safexcel_ahash_req *rctx = ahash_request_ctx(req); struct safexcel_inv_result result = {}; int ring = ctx->base.ring; @@ -912,8 +899,8 @@ static int safexcel_hmac_init_iv(struct ahash_request *areq, return crypto_ahash_export(areq, state); } -static int safexcel_hmac_setkey(const char *alg, const u8 *key, - unsigned int keylen, void *istate, void *ostate) +int safexcel_hmac_setkey(const char *alg, const u8 *key, unsigned int keylen, + void *istate, void *ostate) { struct ahash_request *areq; struct crypto_ahash *tfm; diff --git a/drivers/crypto/nx/nx-842-powernv.c b/drivers/crypto/nx/nx-842-powernv.c index 1e87637c412d..36afd6d8753c 100644 --- a/drivers/crypto/nx/nx-842-powernv.c +++ b/drivers/crypto/nx/nx-842-powernv.c @@ -334,7 +334,7 @@ static int wait_for_csb(struct nx842_workmem *wmem, return -EPROTO; case CSB_CC_SEQUENCE: /* should not happen, we don't use chained CRBs */ - CSB_ERR(csb, "CRB seqeunce number error"); + CSB_ERR(csb, "CRB sequence number error"); return -EPROTO; case CSB_CC_UNKNOWN_CODE: CSB_ERR(csb, "Unknown subfunction code"); diff --git a/drivers/crypto/omap-sham.c b/drivers/crypto/omap-sham.c index ad02aa63b519..d1a1c74fb56a 100644 --- a/drivers/crypto/omap-sham.c +++ b/drivers/crypto/omap-sham.c @@ -1087,7 +1087,7 @@ static void omap_sham_finish_req(struct ahash_request *req, int err) if (test_bit(FLAGS_SGS_COPIED, &dd->flags)) free_pages((unsigned long)sg_virt(ctx->sg), - get_order(ctx->sg->length)); + get_order(ctx->sg->length + ctx->bufcnt)); if (test_bit(FLAGS_SGS_ALLOCED, &dd->flags)) kfree(ctx->sg); diff --git a/drivers/crypto/picoxcell_crypto.c b/drivers/crypto/picoxcell_crypto.c index a4df966adbf6..321d5e2ac833 100644 --- a/drivers/crypto/picoxcell_crypto.c +++ b/drivers/crypto/picoxcell_crypto.c @@ -1169,8 +1169,7 @@ static void spacc_spacc_complete(unsigned long data) #ifdef CONFIG_PM static int spacc_suspend(struct device *dev) { - struct platform_device *pdev = to_platform_device(dev); - struct spacc_engine *engine = platform_get_drvdata(pdev); + struct spacc_engine *engine = dev_get_drvdata(dev); /* * We only support standby mode. All we have to do is gate the clock to @@ -1184,8 +1183,7 @@ static int spacc_suspend(struct device *dev) static int spacc_resume(struct device *dev) { - struct platform_device *pdev = to_platform_device(dev); - struct spacc_engine *engine = platform_get_drvdata(pdev); + struct spacc_engine *engine = dev_get_drvdata(dev); return clk_enable(engine->clk); } diff --git a/drivers/crypto/qat/qat_c3xxx/adf_drv.c b/drivers/crypto/qat/qat_c3xxx/adf_drv.c index f172171668ee..ba197f34c252 100644 --- a/drivers/crypto/qat/qat_c3xxx/adf_drv.c +++ b/drivers/crypto/qat/qat_c3xxx/adf_drv.c @@ -329,5 +329,7 @@ module_exit(adfdrv_release); MODULE_LICENSE("Dual BSD/GPL"); MODULE_AUTHOR("Intel"); +MODULE_FIRMWARE(ADF_C3XXX_FW); +MODULE_FIRMWARE(ADF_C3XXX_MMP); MODULE_DESCRIPTION("Intel(R) QuickAssist Technology"); MODULE_VERSION(ADF_DRV_VERSION); diff --git a/drivers/crypto/qat/qat_c62x/adf_drv.c b/drivers/crypto/qat/qat_c62x/adf_drv.c index 58a984c9c3ec..59a5a0df50b6 100644 --- a/drivers/crypto/qat/qat_c62x/adf_drv.c +++ b/drivers/crypto/qat/qat_c62x/adf_drv.c @@ -329,5 +329,7 @@ module_exit(adfdrv_release); MODULE_LICENSE("Dual BSD/GPL"); MODULE_AUTHOR("Intel"); +MODULE_FIRMWARE(ADF_C62X_FW); +MODULE_FIRMWARE(ADF_C62X_MMP); MODULE_DESCRIPTION("Intel(R) QuickAssist Technology"); MODULE_VERSION(ADF_DRV_VERSION); diff --git a/drivers/crypto/qat/qat_dh895xcc/adf_drv.c b/drivers/crypto/qat/qat_dh895xcc/adf_drv.c index 2ce01f010c74..be5c5a988ca5 100644 --- a/drivers/crypto/qat/qat_dh895xcc/adf_drv.c +++ b/drivers/crypto/qat/qat_dh895xcc/adf_drv.c @@ -332,5 +332,6 @@ module_exit(adfdrv_release); MODULE_LICENSE("Dual BSD/GPL"); MODULE_AUTHOR("Intel"); MODULE_FIRMWARE(ADF_DH895XCC_FW); +MODULE_FIRMWARE(ADF_DH895XCC_MMP); MODULE_DESCRIPTION("Intel(R) QuickAssist Technology"); MODULE_VERSION(ADF_DRV_VERSION); diff --git a/drivers/crypto/vmx/aes.c b/drivers/crypto/vmx/aes.c index 96072b9b55c4..d7316f7a3a69 100644 --- a/drivers/crypto/vmx/aes.c +++ b/drivers/crypto/vmx/aes.c @@ -48,8 +48,6 @@ static int p8_aes_init(struct crypto_tfm *tfm) alg, PTR_ERR(fallback)); return PTR_ERR(fallback); } - printk(KERN_INFO "Using '%s' as fallback implementation.\n", - crypto_tfm_alg_driver_name((struct crypto_tfm *) fallback)); crypto_cipher_set_flags(fallback, crypto_cipher_get_flags((struct diff --git a/drivers/crypto/vmx/aes_cbc.c b/drivers/crypto/vmx/aes_cbc.c index 7394d35d5936..5285ece4f33a 100644 --- a/drivers/crypto/vmx/aes_cbc.c +++ b/drivers/crypto/vmx/aes_cbc.c @@ -52,9 +52,6 @@ static int p8_aes_cbc_init(struct crypto_tfm *tfm) alg, PTR_ERR(fallback)); return PTR_ERR(fallback); } - printk(KERN_INFO "Using '%s' as fallback implementation.\n", - crypto_skcipher_driver_name(fallback)); - crypto_skcipher_set_flags( fallback, diff --git a/drivers/crypto/vmx/aes_ctr.c b/drivers/crypto/vmx/aes_ctr.c index fc60d00a2e84..cd777c75291d 100644 --- a/drivers/crypto/vmx/aes_ctr.c +++ b/drivers/crypto/vmx/aes_ctr.c @@ -50,8 +50,6 @@ static int p8_aes_ctr_init(struct crypto_tfm *tfm) alg, PTR_ERR(fallback)); return PTR_ERR(fallback); } - printk(KERN_INFO "Using '%s' as fallback implementation.\n", - crypto_skcipher_driver_name(fallback)); crypto_skcipher_set_flags( fallback, diff --git a/drivers/crypto/vmx/aes_xts.c b/drivers/crypto/vmx/aes_xts.c index 8cd6e62e4c90..8bd9aff0f55f 100644 --- a/drivers/crypto/vmx/aes_xts.c +++ b/drivers/crypto/vmx/aes_xts.c @@ -53,8 +53,6 @@ static int p8_aes_xts_init(struct crypto_tfm *tfm) alg, PTR_ERR(fallback)); return PTR_ERR(fallback); } - printk(KERN_INFO "Using '%s' as fallback implementation.\n", - crypto_skcipher_driver_name(fallback)); crypto_skcipher_set_flags( fallback, diff --git a/drivers/crypto/vmx/aesp8-ppc.pl b/drivers/crypto/vmx/aesp8-ppc.pl index 0b4a293b8a1e..d6a9f63d65ba 100644 --- a/drivers/crypto/vmx/aesp8-ppc.pl +++ b/drivers/crypto/vmx/aesp8-ppc.pl @@ -1,12 +1,51 @@ #! /usr/bin/env perl -# Copyright 2014-2016 The OpenSSL Project Authors. All Rights Reserved. +# SPDX-License-Identifier: GPL-2.0 + +# This code is taken from CRYPTOGAMs[1] and is included here using the option +# in the license to distribute the code under the GPL. Therefore this program +# is free software; you can redistribute it and/or modify it under the terms of +# the GNU General Public License version 2 as published by the Free Software +# Foundation. # -# Licensed under the OpenSSL license (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html +# [1] https://www.openssl.org/~appro/cryptogams/ +# Copyright (c) 2006-2017, CRYPTOGAMS by <appro@openssl.org> +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# +# * Redistributions of source code must retain copyright notices, +# this list of conditions and the following disclaimer. +# +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials +# provided with the distribution. # +# * Neither the name of the CRYPTOGAMS nor the names of its +# copyright holder and contributors may be used to endorse or +# promote products derived from this software without specific +# prior written permission. +# +# ALTERNATIVELY, provided that this notice is retained in full, this +# product may be distributed under the terms of the GNU General Public +# License (GPL), in which case the provisions of the GPL apply INSTEAD OF +# those given above. +# +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDER AND CONTRIBUTORS +# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR +# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT +# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT +# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + # ==================================================================== # Written by Andy Polyakov <appro@openssl.org> for the OpenSSL # project. The module is, however, dual licensed under OpenSSL and diff --git a/drivers/crypto/vmx/ghash.c b/drivers/crypto/vmx/ghash.c index 27a94a119009..1c4b5b889fba 100644 --- a/drivers/crypto/vmx/ghash.c +++ b/drivers/crypto/vmx/ghash.c @@ -64,8 +64,6 @@ static int p8_ghash_init_tfm(struct crypto_tfm *tfm) alg, PTR_ERR(fallback)); return PTR_ERR(fallback); } - printk(KERN_INFO "Using '%s' as fallback implementation.\n", - crypto_tfm_alg_driver_name(crypto_shash_tfm(fallback))); crypto_shash_set_flags(fallback, crypto_shash_get_flags((struct crypto_shash diff --git a/drivers/crypto/vmx/ghashp8-ppc.pl b/drivers/crypto/vmx/ghashp8-ppc.pl index d8429cb71f02..f746af271460 100644 --- a/drivers/crypto/vmx/ghashp8-ppc.pl +++ b/drivers/crypto/vmx/ghashp8-ppc.pl @@ -1,5 +1,14 @@ #!/usr/bin/env perl +# SPDX-License-Identifier: GPL-2.0 + +# This code is taken from the OpenSSL project but the author (Andy Polyakov) +# has relicensed it under the GPLv2. Therefore this program is free software; +# you can redistribute it and/or modify it under the terms of the GNU General +# Public License version 2 as published by the Free Software Foundation. # +# The original headers, including the original license headers, are +# included below for completeness. + # ==================================================================== # Written by Andy Polyakov <appro@openssl.org> for the OpenSSL # project. The module is, however, dual licensed under OpenSSL and diff --git a/include/crypto/algapi.h b/include/crypto/algapi.h index 1aba888241dd..bd5e8ccf1687 100644 --- a/include/crypto/algapi.h +++ b/include/crypto/algapi.h @@ -17,6 +17,14 @@ #include <linux/kernel.h> #include <linux/skbuff.h> +/* + * Maximum values for blocksize and alignmask, used to allocate + * static buffers that are big enough for any combination of + * ciphers and architectures. + */ +#define MAX_CIPHER_BLOCKSIZE 16 +#define MAX_CIPHER_ALIGNMASK 15 + struct crypto_aead; struct crypto_instance; struct module; diff --git a/include/crypto/morus1280_glue.h b/include/crypto/morus1280_glue.h new file mode 100644 index 000000000000..b26dd70efd9a --- /dev/null +++ b/include/crypto/morus1280_glue.h @@ -0,0 +1,137 @@ +/* SPDX-License-Identifier: GPL-2.0 */ +/* + * The MORUS-1280 Authenticated-Encryption Algorithm + * Common glue skeleton -- header file + * + * Copyright (c) 2016-2018 Ondrej Mosnacek <omosnacek@gmail.com> + * Copyright (C) 2017-2018 Red Hat, Inc. All rights reserved. + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the Free + * Software Foundation; either version 2 of the License, or (at your option) + * any later version. + */ + +#ifndef _CRYPTO_MORUS1280_GLUE_H +#define _CRYPTO_MORUS1280_GLUE_H + +#include <linux/module.h> +#include <linux/types.h> +#include <crypto/algapi.h> +#include <crypto/aead.h> +#include <crypto/morus_common.h> + +#define MORUS1280_WORD_SIZE 8 +#define MORUS1280_BLOCK_SIZE (MORUS_BLOCK_WORDS * MORUS1280_WORD_SIZE) + +struct morus1280_block { + u8 bytes[MORUS1280_BLOCK_SIZE]; +}; + +struct morus1280_glue_ops { + void (*init)(void *state, const void *key, const void *iv); + void (*ad)(void *state, const void *data, unsigned int length); + void (*enc)(void *state, const void *src, void *dst, unsigned int length); + void (*dec)(void *state, const void *src, void *dst, unsigned int length); + void (*enc_tail)(void *state, const void *src, void *dst, unsigned int length); + void (*dec_tail)(void *state, const void *src, void *dst, unsigned int length); + void (*final)(void *state, void *tag_xor, u64 assoclen, u64 cryptlen); +}; + +struct morus1280_ctx { + const struct morus1280_glue_ops *ops; + struct morus1280_block key; +}; + +void crypto_morus1280_glue_init_ops(struct crypto_aead *aead, + const struct morus1280_glue_ops *ops); +int crypto_morus1280_glue_setkey(struct crypto_aead *aead, const u8 *key, + unsigned int keylen); +int crypto_morus1280_glue_setauthsize(struct crypto_aead *tfm, + unsigned int authsize); +int crypto_morus1280_glue_encrypt(struct aead_request *req); +int crypto_morus1280_glue_decrypt(struct aead_request *req); + +int cryptd_morus1280_glue_setkey(struct crypto_aead *aead, const u8 *key, + unsigned int keylen); +int cryptd_morus1280_glue_setauthsize(struct crypto_aead *aead, + unsigned int authsize); +int cryptd_morus1280_glue_encrypt(struct aead_request *req); +int cryptd_morus1280_glue_decrypt(struct aead_request *req); +int cryptd_morus1280_glue_init_tfm(struct crypto_aead *aead); +void cryptd_morus1280_glue_exit_tfm(struct crypto_aead *aead); + +#define MORUS1280_DECLARE_ALGS(id, driver_name, priority) \ + static const struct morus1280_glue_ops crypto_morus1280_##id##_ops = {\ + .init = crypto_morus1280_##id##_init, \ + .ad = crypto_morus1280_##id##_ad, \ + .enc = crypto_morus1280_##id##_enc, \ + .enc_tail = crypto_morus1280_##id##_enc_tail, \ + .dec = crypto_morus1280_##id##_dec, \ + .dec_tail = crypto_morus1280_##id##_dec_tail, \ + .final = crypto_morus1280_##id##_final, \ + }; \ + \ + static int crypto_morus1280_##id##_init_tfm(struct crypto_aead *tfm) \ + { \ + crypto_morus1280_glue_init_ops(tfm, &crypto_morus1280_##id##_ops); \ + return 0; \ + } \ + \ + static void crypto_morus1280_##id##_exit_tfm(struct crypto_aead *tfm) \ + { \ + } \ + \ + struct aead_alg crypto_morus1280_##id##_algs[] = {\ + { \ + .setkey = crypto_morus1280_glue_setkey, \ + .setauthsize = crypto_morus1280_glue_setauthsize, \ + .encrypt = crypto_morus1280_glue_encrypt, \ + .decrypt = crypto_morus1280_glue_decrypt, \ + .init = crypto_morus1280_##id##_init_tfm, \ + .exit = crypto_morus1280_##id##_exit_tfm, \ + \ + .ivsize = MORUS_NONCE_SIZE, \ + .maxauthsize = MORUS_MAX_AUTH_SIZE, \ + .chunksize = MORUS1280_BLOCK_SIZE, \ + \ + .base = { \ + .cra_flags = CRYPTO_ALG_INTERNAL, \ + .cra_blocksize = 1, \ + .cra_ctxsize = sizeof(struct morus1280_ctx), \ + .cra_alignmask = 0, \ + \ + .cra_name = "__morus1280", \ + .cra_driver_name = "__"driver_name, \ + \ + .cra_module = THIS_MODULE, \ + } \ + }, { \ + .setkey = cryptd_morus1280_glue_setkey, \ + .setauthsize = cryptd_morus1280_glue_setauthsize, \ + .encrypt = cryptd_morus1280_glue_encrypt, \ + .decrypt = cryptd_morus1280_glue_decrypt, \ + .init = cryptd_morus1280_glue_init_tfm, \ + .exit = cryptd_morus1280_glue_exit_tfm, \ + \ + .ivsize = MORUS_NONCE_SIZE, \ + .maxauthsize = MORUS_MAX_AUTH_SIZE, \ + .chunksize = MORUS1280_BLOCK_SIZE, \ + \ + .base = { \ + .cra_flags = CRYPTO_ALG_ASYNC, \ + .cra_blocksize = 1, \ + .cra_ctxsize = sizeof(struct crypto_aead *), \ + .cra_alignmask = 0, \ + \ + .cra_priority = priority, \ + \ + .cra_name = "morus1280", \ + .cra_driver_name = driver_name, \ + \ + .cra_module = THIS_MODULE, \ + } \ + } \ + } + +#endif /* _CRYPTO_MORUS1280_GLUE_H */ diff --git a/include/crypto/morus640_glue.h b/include/crypto/morus640_glue.h new file mode 100644 index 000000000000..90c8db07e740 --- /dev/null +++ b/include/crypto/morus640_glue.h @@ -0,0 +1,137 @@ +/* SPDX-License-Identifier: GPL-2.0 */ +/* + * The MORUS-640 Authenticated-Encryption Algorithm + * Common glue skeleton -- header file + * + * Copyright (c) 2016-2018 Ondrej Mosnacek <omosnacek@gmail.com> + * Copyright (C) 2017-2018 Red Hat, Inc. All rights reserved. + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the Free + * Software Foundation; either version 2 of the License, or (at your option) + * any later version. + */ + +#ifndef _CRYPTO_MORUS640_GLUE_H +#define _CRYPTO_MORUS640_GLUE_H + +#include <linux/module.h> +#include <linux/types.h> +#include <crypto/algapi.h> +#include <crypto/aead.h> +#include <crypto/morus_common.h> + +#define MORUS640_WORD_SIZE 4 +#define MORUS640_BLOCK_SIZE (MORUS_BLOCK_WORDS * MORUS640_WORD_SIZE) + +struct morus640_block { + u8 bytes[MORUS640_BLOCK_SIZE]; +}; + +struct morus640_glue_ops { + void (*init)(void *state, const void *key, const void *iv); + void (*ad)(void *state, const void *data, unsigned int length); + void (*enc)(void *state, const void *src, void *dst, unsigned int length); + void (*dec)(void *state, const void *src, void *dst, unsigned int length); + void (*enc_tail)(void *state, const void *src, void *dst, unsigned int length); + void (*dec_tail)(void *state, const void *src, void *dst, unsigned int length); + void (*final)(void *state, void *tag_xor, u64 assoclen, u64 cryptlen); +}; + +struct morus640_ctx { + const struct morus640_glue_ops *ops; + struct morus640_block key; +}; + +void crypto_morus640_glue_init_ops(struct crypto_aead *aead, + const struct morus640_glue_ops *ops); +int crypto_morus640_glue_setkey(struct crypto_aead *aead, const u8 *key, + unsigned int keylen); +int crypto_morus640_glue_setauthsize(struct crypto_aead *tfm, + unsigned int authsize); +int crypto_morus640_glue_encrypt(struct aead_request *req); +int crypto_morus640_glue_decrypt(struct aead_request *req); + +int cryptd_morus640_glue_setkey(struct crypto_aead *aead, const u8 *key, + unsigned int keylen); +int cryptd_morus640_glue_setauthsize(struct crypto_aead *aead, + unsigned int authsize); +int cryptd_morus640_glue_encrypt(struct aead_request *req); +int cryptd_morus640_glue_decrypt(struct aead_request *req); +int cryptd_morus640_glue_init_tfm(struct crypto_aead *aead); +void cryptd_morus640_glue_exit_tfm(struct crypto_aead *aead); + +#define MORUS640_DECLARE_ALGS(id, driver_name, priority) \ + static const struct morus640_glue_ops crypto_morus640_##id##_ops = {\ + .init = crypto_morus640_##id##_init, \ + .ad = crypto_morus640_##id##_ad, \ + .enc = crypto_morus640_##id##_enc, \ + .enc_tail = crypto_morus640_##id##_enc_tail, \ + .dec = crypto_morus640_##id##_dec, \ + .dec_tail = crypto_morus640_##id##_dec_tail, \ + .final = crypto_morus640_##id##_final, \ + }; \ + \ + static int crypto_morus640_##id##_init_tfm(struct crypto_aead *tfm) \ + { \ + crypto_morus640_glue_init_ops(tfm, &crypto_morus640_##id##_ops); \ + return 0; \ + } \ + \ + static void crypto_morus640_##id##_exit_tfm(struct crypto_aead *tfm) \ + { \ + } \ + \ + struct aead_alg crypto_morus640_##id##_algs[] = {\ + { \ + .setkey = crypto_morus640_glue_setkey, \ + .setauthsize = crypto_morus640_glue_setauthsize, \ + .encrypt = crypto_morus640_glue_encrypt, \ + .decrypt = crypto_morus640_glue_decrypt, \ + .init = crypto_morus640_##id##_init_tfm, \ + .exit = crypto_morus640_##id##_exit_tfm, \ + \ + .ivsize = MORUS_NONCE_SIZE, \ + .maxauthsize = MORUS_MAX_AUTH_SIZE, \ + .chunksize = MORUS640_BLOCK_SIZE, \ + \ + .base = { \ + .cra_flags = CRYPTO_ALG_INTERNAL, \ + .cra_blocksize = 1, \ + .cra_ctxsize = sizeof(struct morus640_ctx), \ + .cra_alignmask = 0, \ + \ + .cra_name = "__morus640", \ + .cra_driver_name = "__"driver_name, \ + \ + .cra_module = THIS_MODULE, \ + } \ + }, { \ + .setkey = cryptd_morus640_glue_setkey, \ + .setauthsize = cryptd_morus640_glue_setauthsize, \ + .encrypt = cryptd_morus640_glue_encrypt, \ + .decrypt = cryptd_morus640_glue_decrypt, \ + .init = cryptd_morus640_glue_init_tfm, \ + .exit = cryptd_morus640_glue_exit_tfm, \ + \ + .ivsize = MORUS_NONCE_SIZE, \ + .maxauthsize = MORUS_MAX_AUTH_SIZE, \ + .chunksize = MORUS640_BLOCK_SIZE, \ + \ + .base = { \ + .cra_flags = CRYPTO_ALG_ASYNC, \ + .cra_blocksize = 1, \ + .cra_ctxsize = sizeof(struct crypto_aead *), \ + .cra_alignmask = 0, \ + \ + .cra_priority = priority, \ + \ + .cra_name = "morus640", \ + .cra_driver_name = driver_name, \ + \ + .cra_module = THIS_MODULE, \ + } \ + } \ + } + +#endif /* _CRYPTO_MORUS640_GLUE_H */ diff --git a/include/crypto/morus_common.h b/include/crypto/morus_common.h new file mode 100644 index 000000000000..39f28c749951 --- /dev/null +++ b/include/crypto/morus_common.h @@ -0,0 +1,23 @@ +/* SPDX-License-Identifier: GPL-2.0 */ +/* + * The MORUS Authenticated-Encryption Algorithm + * Common definitions + * + * Copyright (c) 2016-2018 Ondrej Mosnacek <omosnacek@gmail.com> + * Copyright (C) 2017-2018 Red Hat, Inc. All rights reserved. + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the Free + * Software Foundation; either version 2 of the License, or (at your option) + * any later version. + */ + +#ifndef _CRYPTO_MORUS_COMMON_H +#define _CRYPTO_MORUS_COMMON_H + +#define MORUS_BLOCK_WORDS 4 +#define MORUS_STATE_BLOCKS 5 +#define MORUS_NONCE_SIZE 16 +#define MORUS_MAX_AUTH_SIZE 16 + +#endif /* _CRYPTO_MORUS_COMMON_H */ diff --git a/include/crypto/salsa20.h b/include/crypto/salsa20.h deleted file mode 100644 index 19ed48aefc86..000000000000 --- a/include/crypto/salsa20.h +++ /dev/null @@ -1,27 +0,0 @@ -/* SPDX-License-Identifier: GPL-2.0 */ -/* - * Common values for the Salsa20 algorithm - */ - -#ifndef _CRYPTO_SALSA20_H -#define _CRYPTO_SALSA20_H - -#include <linux/types.h> - -#define SALSA20_IV_SIZE 8 -#define SALSA20_MIN_KEY_SIZE 16 -#define SALSA20_MAX_KEY_SIZE 32 -#define SALSA20_BLOCK_SIZE 64 - -struct crypto_skcipher; - -struct salsa20_ctx { - u32 initial_state[16]; -}; - -void crypto_salsa20_init(u32 *state, const struct salsa20_ctx *ctx, - const u8 *iv); -int crypto_salsa20_setkey(struct crypto_skcipher *tfm, const u8 *key, - unsigned int keysize); - -#endif /* _CRYPTO_SALSA20_H */ diff --git a/include/crypto/sm4.h b/include/crypto/sm4.h index b64e64d20b28..7afd730d16ff 100644 --- a/include/crypto/sm4.h +++ b/include/crypto/sm4.h @@ -25,4 +25,7 @@ int crypto_sm4_set_key(struct crypto_tfm *tfm, const u8 *in_key, int crypto_sm4_expand_key(struct crypto_sm4_ctx *ctx, const u8 *in_key, unsigned int key_len); +void crypto_sm4_encrypt(struct crypto_tfm *tfm, u8 *out, const u8 *in); +void crypto_sm4_decrypt(struct crypto_tfm *tfm, u8 *out, const u8 *in); + #endif diff --git a/include/linux/psp-sev.h b/include/linux/psp-sev.h index 93addfa34061..827c601841c4 100644 --- a/include/linux/psp-sev.h +++ b/include/linux/psp-sev.h @@ -54,6 +54,8 @@ enum sev_cmd { SEV_CMD_PDH_CERT_EXPORT = 0x008, SEV_CMD_PDH_GEN = 0x009, SEV_CMD_DF_FLUSH = 0x00A, + SEV_CMD_DOWNLOAD_FIRMWARE = 0x00B, + SEV_CMD_GET_ID = 0x00C, /* Guest commands */ SEV_CMD_DECOMMISSION = 0x020, @@ -130,6 +132,27 @@ struct sev_data_pek_cert_import { } __packed; /** + * struct sev_data_download_firmware - DOWNLOAD_FIRMWARE command parameters + * + * @address: physical address of firmware image + * @len: len of the firmware image + */ +struct sev_data_download_firmware { + u64 address; /* In */ + u32 len; /* In */ +} __packed; + +/** + * struct sev_data_get_id - GET_ID command parameters + * + * @address: physical address of region to place unique CPU ID(s) + * @len: len of the region + */ +struct sev_data_get_id { + u64 address; /* In */ + u32 len; /* In/Out */ +} __packed; +/** * struct sev_data_pdh_cert_export - PDH_CERT_EXPORT command parameters * * @pdh_address: PDH certificate address diff --git a/include/uapi/linux/psp-sev.h b/include/uapi/linux/psp-sev.h index 9008f31c7eb6..ac8c60bcc83b 100644 --- a/include/uapi/linux/psp-sev.h +++ b/include/uapi/linux/psp-sev.h @@ -30,6 +30,7 @@ enum { SEV_PDH_GEN, SEV_PDH_CERT_EXPORT, SEV_PEK_CERT_IMPORT, + SEV_GET_ID, SEV_MAX, }; @@ -124,6 +125,17 @@ struct sev_user_data_pdh_cert_export { } __packed; /** + * struct sev_user_data_get_id - GET_ID command parameters + * + * @socket1: Buffer to pass unique ID of first socket + * @socket2: Buffer to pass unique ID of second socket + */ +struct sev_user_data_get_id { + __u8 socket1[64]; /* Out */ + __u8 socket2[64]; /* Out */ +} __packed; + +/** * struct sev_issue_cmd - SEV ioctl parameters * * @cmd: SEV commands to execute |