From 9136ddacd246c7ea958bb8f10e1b5c216e654ca0 Mon Sep 17 00:00:00 2001 From: Jussi Kivilinna Date: Sun, 7 Apr 2013 16:43:51 +0300 Subject: crypto: testmgr - add AES GMAC test vectors Signed-off-by: Jussi Kivilinna Signed-off-by: Herbert Xu --- crypto/testmgr.c | 17 +++++++++++++++-- 1 file changed, 15 insertions(+), 2 deletions(-) (limited to 'crypto/testmgr.c') diff --git a/crypto/testmgr.c b/crypto/testmgr.c index efd8b20e..442ddb46 100644 --- a/crypto/testmgr.c +++ b/crypto/testmgr.c @@ -2696,8 +2696,6 @@ static const struct alg_test_desc alg_test_descs[] = { } } }, { - - .alg = "rfc4309(ccm(aes))", .test = alg_test_aead, .fips_allowed = 1, @@ -2713,6 +2711,21 @@ static const struct alg_test_desc alg_test_descs[] = { } } } + }, { + .alg = "rfc4543(gcm(aes))", + .test = alg_test_aead, + .suite = { + .aead = { + .enc = { + .vecs = aes_gcm_rfc4543_enc_tv_template, + .count = AES_GCM_4543_ENC_TEST_VECTORS + }, + .dec = { + .vecs = aes_gcm_rfc4543_dec_tv_template, + .count = AES_GCM_4543_DEC_TEST_VECTORS + }, + } + } }, { .alg = "rmd128", .test = alg_test_hash, -- cgit v1.2.3 From cd0082db29d7d97947c28e678d09ab8e0851a194 Mon Sep 17 00:00:00 2001 From: Jussi Kivilinna Date: Sun, 7 Apr 2013 16:43:56 +0300 Subject: crypto: testmgr - add empty test vectors for null ciphers Without these, kernel log shows: [ 5.984881] alg: No test for cipher_null (cipher_null-generic) [ 5.985096] alg: No test for ecb(cipher_null) (ecb-cipher_null) [ 5.985170] alg: No test for compress_null (compress_null-generic) [ 5.985297] alg: No test for digest_null (digest_null-generic) Signed-off-by: Jussi Kivilinna Signed-off-by: Herbert Xu --- crypto/testmgr.c | 9 +++++++++ 1 file changed, 9 insertions(+) (limited to 'crypto/testmgr.c') diff --git a/crypto/testmgr.c b/crypto/testmgr.c index 442ddb46..f37e544d 100644 --- a/crypto/testmgr.c +++ b/crypto/testmgr.c @@ -1912,6 +1912,9 @@ static const struct alg_test_desc alg_test_descs[] = { } } } + }, { + .alg = "compress_null", + .test = alg_test_null, }, { .alg = "crc32c", .test = alg_test_crc32c, @@ -2126,6 +2129,9 @@ static const struct alg_test_desc alg_test_descs[] = { } } } + }, { + .alg = "digest_null", + .test = alg_test_null, }, { .alg = "ecb(__aes-aesni)", .test = alg_test_null, @@ -2236,6 +2242,9 @@ static const struct alg_test_desc alg_test_descs[] = { } } } + }, { + .alg = "ecb(cipher_null)", + .test = alg_test_null, }, { .alg = "ecb(des)", .test = alg_test_skcipher, -- cgit v1.2.3 From c10537fbb0c9f7dc96a1327b33055c2a98036f7c Mon Sep 17 00:00:00 2001 From: Jussi Kivilinna Date: Mon, 8 Apr 2013 10:48:44 +0300 Subject: crypto: add CMAC support to CryptoAPI Patch adds support for NIST recommended block cipher mode CMAC to CryptoAPI. This work is based on Tom St Denis' earlier patch, http://marc.info/?l=linux-crypto-vger&m=135877306305466&w=2 Cc: Tom St Denis Signed-off-by: Jussi Kivilinna Acked-by: David S. Miller Signed-off-by: Herbert Xu --- crypto/Kconfig | 11 ++ crypto/Makefile | 1 + crypto/cmac.c | 315 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ crypto/tcrypt.c | 11 +- crypto/testmgr.c | 18 ++++ crypto/testmgr.h | 125 ++++++++++++++++++++++ 6 files changed, 480 insertions(+), 1 deletion(-) create mode 100644 crypto/cmac.c (limited to 'crypto/testmgr.c') diff --git a/crypto/Kconfig b/crypto/Kconfig index 6cc27f11..c1142f31 100644 --- a/crypto/Kconfig +++ b/crypto/Kconfig @@ -283,6 +283,17 @@ config CRYPTO_XTS comment "Hash modes" +config CRYPTO_CMAC + tristate "CMAC support" + select CRYPTO_HASH + select CRYPTO_MANAGER + help + Cipher-based Message Authentication Code (CMAC) specified by + The National Institute of Standards and Technology (NIST). + + https://tools.ietf.org/html/rfc4493 + http://csrc.nist.gov/publications/nistpubs/800-38B/SP_800-38B.pdf + config CRYPTO_HMAC tristate "HMAC support" select CRYPTO_HASH diff --git a/crypto/Makefile b/crypto/Makefile index be1a1beb..a8e9b0fe 100644 --- a/crypto/Makefile +++ b/crypto/Makefile @@ -32,6 +32,7 @@ cryptomgr-y := algboss.o testmgr.o obj-$(CONFIG_CRYPTO_MANAGER2) += cryptomgr.o obj-$(CONFIG_CRYPTO_USER) += crypto_user.o +obj-$(CONFIG_CRYPTO_CMAC) += cmac.o obj-$(CONFIG_CRYPTO_HMAC) += hmac.o obj-$(CONFIG_CRYPTO_VMAC) += vmac.o obj-$(CONFIG_CRYPTO_XCBC) += xcbc.o diff --git a/crypto/cmac.c b/crypto/cmac.c new file mode 100644 index 00000000..50880cf1 --- /dev/null +++ b/crypto/cmac.c @@ -0,0 +1,315 @@ +/* + * CMAC: Cipher Block Mode for Authentication + * + * Copyright © 2013 Jussi Kivilinna + * + * Based on work by: + * Copyright © 2013 Tom St Denis + * Based on crypto/xcbc.c: + * Copyright © 2006 USAGI/WIDE Project, + * Author: Kazunori Miyazawa + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + */ + +#include +#include +#include +#include + +/* + * +------------------------ + * | + * +------------------------ + * | cmac_tfm_ctx + * +------------------------ + * | consts (block size * 2) + * +------------------------ + */ +struct cmac_tfm_ctx { + struct crypto_cipher *child; + u8 ctx[]; +}; + +/* + * +------------------------ + * | + * +------------------------ + * | cmac_desc_ctx + * +------------------------ + * | odds (block size) + * +------------------------ + * | prev (block size) + * +------------------------ + */ +struct cmac_desc_ctx { + unsigned int len; + u8 ctx[]; +}; + +static int crypto_cmac_digest_setkey(struct crypto_shash *parent, + const u8 *inkey, unsigned int keylen) +{ + unsigned long alignmask = crypto_shash_alignmask(parent); + struct cmac_tfm_ctx *ctx = crypto_shash_ctx(parent); + unsigned int bs = crypto_shash_blocksize(parent); + __be64 *consts = PTR_ALIGN((void *)ctx->ctx, alignmask + 1); + u64 _const[2]; + int i, err = 0; + u8 msb_mask, gfmask; + + err = crypto_cipher_setkey(ctx->child, inkey, keylen); + if (err) + return err; + + /* encrypt the zero block */ + memset(consts, 0, bs); + crypto_cipher_encrypt_one(ctx->child, (u8 *)consts, (u8 *)consts); + + switch (bs) { + case 16: + gfmask = 0x87; + _const[0] = be64_to_cpu(consts[1]); + _const[1] = be64_to_cpu(consts[0]); + + /* gf(2^128) multiply zero-ciphertext with u and u^2 */ + for (i = 0; i < 4; i += 2) { + msb_mask = ((s64)_const[1] >> 63) & gfmask; + _const[1] = (_const[1] << 1) | (_const[0] >> 63); + _const[0] = (_const[0] << 1) ^ msb_mask; + + consts[i + 0] = cpu_to_be64(_const[1]); + consts[i + 1] = cpu_to_be64(_const[0]); + } + + break; + case 8: + gfmask = 0x1B; + _const[0] = be64_to_cpu(consts[0]); + + /* gf(2^64) multiply zero-ciphertext with u and u^2 */ + for (i = 0; i < 2; i++) { + msb_mask = ((s64)_const[0] >> 63) & gfmask; + _const[0] = (_const[0] << 1) ^ msb_mask; + + consts[i] = cpu_to_be64(_const[0]); + } + + break; + } + + return 0; +} + +static int crypto_cmac_digest_init(struct shash_desc *pdesc) +{ + unsigned long alignmask = crypto_shash_alignmask(pdesc->tfm); + struct cmac_desc_ctx *ctx = shash_desc_ctx(pdesc); + int bs = crypto_shash_blocksize(pdesc->tfm); + u8 *prev = PTR_ALIGN((void *)ctx->ctx, alignmask + 1) + bs; + + ctx->len = 0; + memset(prev, 0, bs); + + return 0; +} + +static int crypto_cmac_digest_update(struct shash_desc *pdesc, const u8 *p, + unsigned int len) +{ + struct crypto_shash *parent = pdesc->tfm; + unsigned long alignmask = crypto_shash_alignmask(parent); + struct cmac_tfm_ctx *tctx = crypto_shash_ctx(parent); + struct cmac_desc_ctx *ctx = shash_desc_ctx(pdesc); + struct crypto_cipher *tfm = tctx->child; + int bs = crypto_shash_blocksize(parent); + u8 *odds = PTR_ALIGN((void *)ctx->ctx, alignmask + 1); + u8 *prev = odds + bs; + + /* checking the data can fill the block */ + if ((ctx->len + len) <= bs) { + memcpy(odds + ctx->len, p, len); + ctx->len += len; + return 0; + } + + /* filling odds with new data and encrypting it */ + memcpy(odds + ctx->len, p, bs - ctx->len); + len -= bs - ctx->len; + p += bs - ctx->len; + + crypto_xor(prev, odds, bs); + crypto_cipher_encrypt_one(tfm, prev, prev); + + /* clearing the length */ + ctx->len = 0; + + /* encrypting the rest of data */ + while (len > bs) { + crypto_xor(prev, p, bs); + crypto_cipher_encrypt_one(tfm, prev, prev); + p += bs; + len -= bs; + } + + /* keeping the surplus of blocksize */ + if (len) { + memcpy(odds, p, len); + ctx->len = len; + } + + return 0; +} + +static int crypto_cmac_digest_final(struct shash_desc *pdesc, u8 *out) +{ + struct crypto_shash *parent = pdesc->tfm; + unsigned long alignmask = crypto_shash_alignmask(parent); + struct cmac_tfm_ctx *tctx = crypto_shash_ctx(parent); + struct cmac_desc_ctx *ctx = shash_desc_ctx(pdesc); + struct crypto_cipher *tfm = tctx->child; + int bs = crypto_shash_blocksize(parent); + u8 *consts = PTR_ALIGN((void *)tctx->ctx, alignmask + 1); + u8 *odds = PTR_ALIGN((void *)ctx->ctx, alignmask + 1); + u8 *prev = odds + bs; + unsigned int offset = 0; + + if (ctx->len != bs) { + unsigned int rlen; + u8 *p = odds + ctx->len; + + *p = 0x80; + p++; + + rlen = bs - ctx->len - 1; + if (rlen) + memset(p, 0, rlen); + + offset += bs; + } + + crypto_xor(prev, odds, bs); + crypto_xor(prev, consts + offset, bs); + + crypto_cipher_encrypt_one(tfm, out, prev); + + return 0; +} + +static int cmac_init_tfm(struct crypto_tfm *tfm) +{ + struct crypto_cipher *cipher; + struct crypto_instance *inst = (void *)tfm->__crt_alg; + struct crypto_spawn *spawn = crypto_instance_ctx(inst); + struct cmac_tfm_ctx *ctx = crypto_tfm_ctx(tfm); + + cipher = crypto_spawn_cipher(spawn); + if (IS_ERR(cipher)) + return PTR_ERR(cipher); + + ctx->child = cipher; + + return 0; +}; + +static void cmac_exit_tfm(struct crypto_tfm *tfm) +{ + struct cmac_tfm_ctx *ctx = crypto_tfm_ctx(tfm); + crypto_free_cipher(ctx->child); +} + +static int cmac_create(struct crypto_template *tmpl, struct rtattr **tb) +{ + struct shash_instance *inst; + struct crypto_alg *alg; + unsigned long alignmask; + int err; + + err = crypto_check_attr_type(tb, CRYPTO_ALG_TYPE_SHASH); + if (err) + return err; + + alg = crypto_get_attr_alg(tb, CRYPTO_ALG_TYPE_CIPHER, + CRYPTO_ALG_TYPE_MASK); + if (IS_ERR(alg)) + return PTR_ERR(alg); + + switch (alg->cra_blocksize) { + case 16: + case 8: + break; + default: + goto out_put_alg; + } + + inst = shash_alloc_instance("cmac", alg); + err = PTR_ERR(inst); + if (IS_ERR(inst)) + goto out_put_alg; + + err = crypto_init_spawn(shash_instance_ctx(inst), alg, + shash_crypto_instance(inst), + CRYPTO_ALG_TYPE_MASK); + if (err) + goto out_free_inst; + + alignmask = alg->cra_alignmask | (sizeof(long) - 1); + inst->alg.base.cra_alignmask = alignmask; + inst->alg.base.cra_priority = alg->cra_priority; + inst->alg.base.cra_blocksize = alg->cra_blocksize; + + inst->alg.digestsize = alg->cra_blocksize; + inst->alg.descsize = + ALIGN(sizeof(struct cmac_desc_ctx), crypto_tfm_ctx_alignment()) + + (alignmask & ~(crypto_tfm_ctx_alignment() - 1)) + + alg->cra_blocksize * 2; + + inst->alg.base.cra_ctxsize = + ALIGN(sizeof(struct cmac_tfm_ctx), alignmask + 1) + + alg->cra_blocksize * 2; + + inst->alg.base.cra_init = cmac_init_tfm; + inst->alg.base.cra_exit = cmac_exit_tfm; + + inst->alg.init = crypto_cmac_digest_init; + inst->alg.update = crypto_cmac_digest_update; + inst->alg.final = crypto_cmac_digest_final; + inst->alg.setkey = crypto_cmac_digest_setkey; + + err = shash_register_instance(tmpl, inst); + if (err) { +out_free_inst: + shash_free_instance(shash_crypto_instance(inst)); + } + +out_put_alg: + crypto_mod_put(alg); + return err; +} + +static struct crypto_template crypto_cmac_tmpl = { + .name = "cmac", + .create = cmac_create, + .free = shash_free_instance, + .module = THIS_MODULE, +}; + +static int __init crypto_cmac_module_init(void) +{ + return crypto_register_template(&crypto_cmac_tmpl); +} + +static void __exit crypto_cmac_module_exit(void) +{ + crypto_unregister_template(&crypto_cmac_tmpl); +} + +module_init(crypto_cmac_module_init); +module_exit(crypto_cmac_module_exit); + +MODULE_LICENSE("GPL"); +MODULE_DESCRIPTION("CMAC keyed hash algorithm"); diff --git a/crypto/tcrypt.c b/crypto/tcrypt.c index 6b911ef8..24ea7dff 100644 --- a/crypto/tcrypt.c +++ b/crypto/tcrypt.c @@ -1095,7 +1095,6 @@ static int do_test(int m) break; case 28: - ret += tcrypt_test("tgr160"); break; @@ -1118,6 +1117,7 @@ static int do_test(int m) ret += tcrypt_test("lrw(camellia)"); ret += tcrypt_test("xts(camellia)"); break; + case 33: ret += tcrypt_test("sha224"); break; @@ -1213,6 +1213,7 @@ static int do_test(int m) case 109: ret += tcrypt_test("vmac(aes)"); break; + case 110: ret += tcrypt_test("hmac(crc32)"); break; @@ -1229,6 +1230,14 @@ static int do_test(int m) ret += tcrypt_test("rfc4543(gcm(aes))"); break; + case 153: + ret += tcrypt_test("cmac(aes)"); + break; + + case 154: + ret += tcrypt_test("cmac(des3_ede)"); + break; + case 200: test_cipher_speed("ecb(aes)", ENCRYPT, sec, NULL, 0, speed_template_16_24_32); diff --git a/crypto/testmgr.c b/crypto/testmgr.c index f37e544d..38070847 100644 --- a/crypto/testmgr.c +++ b/crypto/testmgr.c @@ -1912,6 +1912,24 @@ static const struct alg_test_desc alg_test_descs[] = { } } } + }, { + .alg = "cmac(aes)", + .test = alg_test_hash, + .suite = { + .hash = { + .vecs = aes_cmac128_tv_template, + .count = CMAC_AES_TEST_VECTORS + } + } + }, { + .alg = "cmac(des3_ede)", + .test = alg_test_hash, + .suite = { + .hash = { + .vecs = des3_ede_cmac64_tv_template, + .count = CMAC_DES3_EDE_TEST_VECTORS + } + } }, { .alg = "compress_null", .test = alg_test_null, diff --git a/crypto/testmgr.h b/crypto/testmgr.h index 92db37dd..d5036609 100644 --- a/crypto/testmgr.h +++ b/crypto/testmgr.h @@ -1639,6 +1639,131 @@ static struct hash_testvec hmac_sha256_tv_template[] = { }, }; +#define CMAC_AES_TEST_VECTORS 6 + +static struct hash_testvec aes_cmac128_tv_template[] = { + { /* From NIST Special Publication 800-38B, AES-128 */ + .key = "\x2b\x7e\x15\x16\x28\xae\xd2\xa6" + "\xab\xf7\x15\x88\x09\xcf\x4f\x3c", + .plaintext = zeroed_string, + .digest = "\xbb\x1d\x69\x29\xe9\x59\x37\x28" + "\x7f\xa3\x7d\x12\x9b\x75\x67\x46", + .psize = 0, + .ksize = 16, + }, { + .key = "\x2b\x7e\x15\x16\x28\xae\xd2\xa6" + "\xab\xf7\x15\x88\x09\xcf\x4f\x3c", + .plaintext = "\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96" + "\xe9\x3d\x7e\x11\x73\x93\x17\x2a", + .digest = "\x07\x0a\x16\xb4\x6b\x4d\x41\x44" + "\xf7\x9b\xdd\x9d\xd0\x4a\x28\x7c", + .psize = 16, + .ksize = 16, + }, { + .key = "\x2b\x7e\x15\x16\x28\xae\xd2\xa6" + "\xab\xf7\x15\x88\x09\xcf\x4f\x3c", + .plaintext = "\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96" + "\xe9\x3d\x7e\x11\x73\x93\x17\x2a" + "\xae\x2d\x8a\x57\x1e\x03\xac\x9c" + "\x9e\xb7\x6f\xac\x45\xaf\x8e\x51" + "\x30\xc8\x1c\x46\xa3\x5c\xe4\x11", + .digest = "\xdf\xa6\x67\x47\xde\x9a\xe6\x30" + "\x30\xca\x32\x61\x14\x97\xc8\x27", + .psize = 40, + .ksize = 16, + }, { + .key = "\x2b\x7e\x15\x16\x28\xae\xd2\xa6" + "\xab\xf7\x15\x88\x09\xcf\x4f\x3c", + .plaintext = "\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96" + "\xe9\x3d\x7e\x11\x73\x93\x17\x2a" + "\xae\x2d\x8a\x57\x1e\x03\xac\x9c" + "\x9e\xb7\x6f\xac\x45\xaf\x8e\x51" + "\x30\xc8\x1c\x46\xa3\x5c\xe4\x11" + "\xe5\xfb\xc1\x19\x1a\x0a\x52\xef" + "\xf6\x9f\x24\x45\xdf\x4f\x9b\x17" + "\xad\x2b\x41\x7b\xe6\x6c\x37\x10", + .digest = "\x51\xf0\xbe\xbf\x7e\x3b\x9d\x92" + "\xfc\x49\x74\x17\x79\x36\x3c\xfe", + .psize = 64, + .ksize = 16, + }, { /* From NIST Special Publication 800-38B, AES-256 */ + .key = "\x60\x3d\xeb\x10\x15\xca\x71\xbe" + "\x2b\x73\xae\xf0\x85\x7d\x77\x81" + "\x1f\x35\x2c\x07\x3b\x61\x08\xd7" + "\x2d\x98\x10\xa3\x09\x14\xdf\xf4", + .plaintext = zeroed_string, + .digest = "\x02\x89\x62\xf6\x1b\x7b\xf8\x9e" + "\xfc\x6b\x55\x1f\x46\x67\xd9\x83", + .psize = 0, + .ksize = 32, + }, { + .key = "\x60\x3d\xeb\x10\x15\xca\x71\xbe" + "\x2b\x73\xae\xf0\x85\x7d\x77\x81" + "\x1f\x35\x2c\x07\x3b\x61\x08\xd7" + "\x2d\x98\x10\xa3\x09\x14\xdf\xf4", + .plaintext = "\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96" + "\xe9\x3d\x7e\x11\x73\x93\x17\x2a" + "\xae\x2d\x8a\x57\x1e\x03\xac\x9c" + "\x9e\xb7\x6f\xac\x45\xaf\x8e\x51" + "\x30\xc8\x1c\x46\xa3\x5c\xe4\x11" + "\xe5\xfb\xc1\x19\x1a\x0a\x52\xef" + "\xf6\x9f\x24\x45\xdf\x4f\x9b\x17" + "\xad\x2b\x41\x7b\xe6\x6c\x37\x10", + .digest = "\xe1\x99\x21\x90\x54\x9f\x6e\xd5" + "\x69\x6a\x2c\x05\x6c\x31\x54\x10", + .psize = 64, + .ksize = 32, + } +}; + +#define CMAC_DES3_EDE_TEST_VECTORS 4 + +static struct hash_testvec des3_ede_cmac64_tv_template[] = { +/* + * From NIST Special Publication 800-38B, Three Key TDEA + * Corrected test vectors from: + * http://csrc.nist.gov/publications/nistpubs/800-38B/Updated_CMAC_Examples.pdf + */ + { + .key = "\x8a\xa8\x3b\xf8\xcb\xda\x10\x62" + "\x0b\xc1\xbf\x19\xfb\xb6\xcd\x58" + "\xbc\x31\x3d\x4a\x37\x1c\xa8\xb5", + .plaintext = zeroed_string, + .digest = "\xb7\xa6\x88\xe1\x22\xff\xaf\x95", + .psize = 0, + .ksize = 24, + }, { + .key = "\x8a\xa8\x3b\xf8\xcb\xda\x10\x62" + "\x0b\xc1\xbf\x19\xfb\xb6\xcd\x58" + "\xbc\x31\x3d\x4a\x37\x1c\xa8\xb5", + .plaintext = "\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96", + .digest = "\x8e\x8f\x29\x31\x36\x28\x37\x97", + .psize = 8, + .ksize = 24, + }, { + .key = "\x8a\xa8\x3b\xf8\xcb\xda\x10\x62" + "\x0b\xc1\xbf\x19\xfb\xb6\xcd\x58" + "\xbc\x31\x3d\x4a\x37\x1c\xa8\xb5", + .plaintext = "\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96" + "\xe9\x3d\x7e\x11\x73\x93\x17\x2a" + "\xae\x2d\x8a\x57", + .digest = "\x74\x3d\xdb\xe0\xce\x2d\xc2\xed", + .psize = 20, + .ksize = 24, + }, { + .key = "\x8a\xa8\x3b\xf8\xcb\xda\x10\x62" + "\x0b\xc1\xbf\x19\xfb\xb6\xcd\x58" + "\xbc\x31\x3d\x4a\x37\x1c\xa8\xb5", + .plaintext = "\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96" + "\xe9\x3d\x7e\x11\x73\x93\x17\x2a" + "\xae\x2d\x8a\x57\x1e\x03\xac\x9c" + "\x9e\xb7\x6f\xac\x45\xaf\x8e\x51", + .digest = "\x33\xe6\xb1\x09\x24\x00\xea\xe5", + .psize = 32, + .ksize = 24, + } +}; + #define XCBC_AES_TEST_VECTORS 6 static struct hash_testvec aes_xcbc128_tv_template[] = { -- cgit v1.2.3 From 7241dc00ba8f356b890acf6f38d17cf0279d2b2d Mon Sep 17 00:00:00 2001 From: Jussi Kivilinna Date: Sat, 13 Apr 2013 13:46:45 +0300 Subject: crypto: blowfish - add AVX2/x86_64 implementation of blowfish cipher Patch adds AVX2/x86-64 implementation of Blowfish cipher, requiring 32 parallel blocks for input (256 bytes). Table look-ups are performed using vpgatherdd instruction directly from vector registers and thus should be faster than earlier implementations. Signed-off-by: Jussi Kivilinna Signed-off-by: Herbert Xu --- crypto/Kconfig | 18 ++++++++++++++++++ crypto/testmgr.c | 12 ++++++++++++ 2 files changed, 30 insertions(+) (limited to 'crypto/testmgr.c') diff --git a/crypto/Kconfig b/crypto/Kconfig index 0e7a2372..6b9564f9 100644 --- a/crypto/Kconfig +++ b/crypto/Kconfig @@ -820,6 +820,24 @@ config CRYPTO_BLOWFISH_X86_64 See also: +config CRYPTO_BLOWFISH_AVX2_X86_64 + tristate "Blowfish cipher algorithm (x86_64/AVX2)" + depends on X86 && 64BIT + select CRYPTO_ALGAPI + select CRYPTO_CRYPTD + select CRYPTO_ABLK_HELPER_X86 + select CRYPTO_BLOWFISH_COMMON + select CRYPTO_BLOWFISH_X86_64 + help + Blowfish cipher algorithm (x86_64/AVX2), by Bruce Schneier. + + This is a variable key length cipher which can use keys from 32 + bits to 448 bits in length. It's fast, simple and specifically + designed for use on "large microprocessors". + + See also: + + config CRYPTO_CAMELLIA tristate "Camellia cipher algorithms" depends on CRYPTO diff --git a/crypto/testmgr.c b/crypto/testmgr.c index 38070847..f3effb42 100644 --- a/crypto/testmgr.c +++ b/crypto/testmgr.c @@ -1654,6 +1654,9 @@ static const struct alg_test_desc alg_test_descs[] = { .alg = "__driver-cbc-aes-aesni", .test = alg_test_null, .fips_allowed = 1, + }, { + .alg = "__driver-cbc-blowfish-avx2", + .test = alg_test_null, }, { .alg = "__driver-cbc-camellia-aesni", .test = alg_test_null, @@ -1676,6 +1679,9 @@ static const struct alg_test_desc alg_test_descs[] = { .alg = "__driver-ecb-aes-aesni", .test = alg_test_null, .fips_allowed = 1, + }, { + .alg = "__driver-ecb-blowfish-avx2", + .test = alg_test_null, }, { .alg = "__driver-ecb-camellia-aesni", .test = alg_test_null, @@ -1947,6 +1953,9 @@ static const struct alg_test_desc alg_test_descs[] = { .alg = "cryptd(__driver-cbc-aes-aesni)", .test = alg_test_null, .fips_allowed = 1, + }, { + .alg = "cryptd(__driver-cbc-blowfish-avx2)", + .test = alg_test_null, }, { .alg = "cryptd(__driver-cbc-camellia-aesni)", .test = alg_test_null, @@ -1954,6 +1963,9 @@ static const struct alg_test_desc alg_test_descs[] = { .alg = "cryptd(__driver-ecb-aes-aesni)", .test = alg_test_null, .fips_allowed = 1, + }, { + .alg = "cryptd(__driver-ecb-blowfish-avx2)", + .test = alg_test_null, }, { .alg = "cryptd(__driver-ecb-camellia-aesni)", .test = alg_test_null, -- cgit v1.2.3 From b1e33ac036aa0653c3de6d5b7cced9faebcad1df Mon Sep 17 00:00:00 2001 From: Jussi Kivilinna Date: Sat, 13 Apr 2013 13:46:50 +0300 Subject: crypto: twofish - add AVX2/x86_64 assembler implementation of twofish cipher Patch adds AVX2/x86-64 implementation of Twofish cipher, requiring 16 parallel blocks for input (256 bytes). Table look-ups are performed using vpgatherdd instruction directly from vector registers and thus should be faster than earlier implementations. Implementation also uses 256-bit wide YMM registers, which should give additional speed up compared to the AVX implementation. Signed-off-by: Jussi Kivilinna Signed-off-by: Herbert Xu --- crypto/Kconfig | 24 ++++++++++++++++++++++++ crypto/testmgr.c | 12 ++++++++++++ 2 files changed, 36 insertions(+) (limited to 'crypto/testmgr.c') diff --git a/crypto/Kconfig b/crypto/Kconfig index 6b9564f9..1ba48ddd 100644 --- a/crypto/Kconfig +++ b/crypto/Kconfig @@ -1250,6 +1250,30 @@ config CRYPTO_TWOFISH_AVX_X86_64 See also: +config CRYPTO_TWOFISH_AVX2_X86_64 + tristate "Twofish cipher algorithm (x86_64/AVX2)" + depends on X86 && 64BIT + select CRYPTO_ALGAPI + select CRYPTO_CRYPTD + select CRYPTO_ABLK_HELPER_X86 + select CRYPTO_GLUE_HELPER_X86 + select CRYPTO_TWOFISH_COMMON + select CRYPTO_TWOFISH_X86_64 + select CRYPTO_TWOFISH_X86_64_3WAY + select CRYPTO_TWOFISH_AVX_X86_64 + select CRYPTO_LRW + select CRYPTO_XTS + help + Twofish cipher algorithm (x86_64/AVX2). + + Twofish was submitted as an AES (Advanced Encryption Standard) + candidate cipher by researchers at CounterPane Systems. It is a + 16 round block cipher supporting key sizes of 128, 192, and 256 + bits. + + See also: + + comment "Compression" config CRYPTO_DEFLATE diff --git a/crypto/testmgr.c b/crypto/testmgr.c index f3effb42..fea7841d 100644 --- a/crypto/testmgr.c +++ b/crypto/testmgr.c @@ -1650,6 +1650,9 @@ static const struct alg_test_desc alg_test_descs[] = { }, { .alg = "__cbc-twofish-avx", .test = alg_test_null, + }, { + .alg = "__cbc-twofish-avx2", + .test = alg_test_null, }, { .alg = "__driver-cbc-aes-aesni", .test = alg_test_null, @@ -1675,6 +1678,9 @@ static const struct alg_test_desc alg_test_descs[] = { }, { .alg = "__driver-cbc-twofish-avx", .test = alg_test_null, + }, { + .alg = "__driver-cbc-twofish-avx2", + .test = alg_test_null, }, { .alg = "__driver-ecb-aes-aesni", .test = alg_test_null, @@ -1700,6 +1706,9 @@ static const struct alg_test_desc alg_test_descs[] = { }, { .alg = "__driver-ecb-twofish-avx", .test = alg_test_null, + }, { + .alg = "__driver-ecb-twofish-avx2", + .test = alg_test_null, }, { .alg = "__ghash-pclmulqdqni", .test = alg_test_null, @@ -1984,6 +1993,9 @@ static const struct alg_test_desc alg_test_descs[] = { }, { .alg = "cryptd(__driver-ecb-twofish-avx)", .test = alg_test_null, + }, { + .alg = "cryptd(__driver-ecb-twofish-avx2)", + .test = alg_test_null, }, { .alg = "cryptd(__driver-gcm-aes-aesni)", .test = alg_test_null, -- cgit v1.2.3 From cc7e74d285f112c1c775b7e90836ee3052633074 Mon Sep 17 00:00:00 2001 From: Jussi Kivilinna Date: Sat, 13 Apr 2013 13:46:55 +0300 Subject: crypto: serpent - add AVX2/x86_64 assembler implementation of serpent cipher Patch adds AVX2/x86-64 implementation of Serpent cipher, requiring 16 parallel blocks for input (256 bytes). Implementation is based on the AVX implementation and extends to use the 256-bit wide YMM registers. Since serpent does not use table look-ups, this implementation should be close to two times faster than the AVX implementation. Signed-off-by: Jussi Kivilinna Signed-off-by: Herbert Xu --- crypto/Kconfig | 23 +++++++++++++++++++++++ crypto/testmgr.c | 15 +++++++++++++++ 2 files changed, 38 insertions(+) (limited to 'crypto/testmgr.c') diff --git a/crypto/Kconfig b/crypto/Kconfig index 1ba48ddd..9ad3d78c 100644 --- a/crypto/Kconfig +++ b/crypto/Kconfig @@ -1131,6 +1131,29 @@ config CRYPTO_SERPENT_AVX_X86_64 See also: +config CRYPTO_SERPENT_AVX2_X86_64 + tristate "Serpent cipher algorithm (x86_64/AVX2)" + depends on X86 && 64BIT + select CRYPTO_ALGAPI + select CRYPTO_CRYPTD + select CRYPTO_ABLK_HELPER_X86 + select CRYPTO_GLUE_HELPER_X86 + select CRYPTO_SERPENT + select CRYPTO_SERPENT_AVX_X86_64 + select CRYPTO_LRW + select CRYPTO_XTS + help + Serpent cipher algorithm, by Anderson, Biham & Knudsen. + + Keys are allowed to be from 0 to 256 bits in length, in steps + of 8 bits. + + This module provides Serpent cipher algorithm that processes 16 + blocks parallel using AVX2 instruction set. + + See also: + + config CRYPTO_TEA tristate "TEA, XTEA and XETA cipher algorithms" select CRYPTO_ALGAPI diff --git a/crypto/testmgr.c b/crypto/testmgr.c index fea7841d..f5e13dea 100644 --- a/crypto/testmgr.c +++ b/crypto/testmgr.c @@ -1644,6 +1644,9 @@ static const struct alg_test_desc alg_test_descs[] = { }, { .alg = "__cbc-serpent-avx", .test = alg_test_null, + }, { + .alg = "__cbc-serpent-avx2", + .test = alg_test_null, }, { .alg = "__cbc-serpent-sse2", .test = alg_test_null, @@ -1672,6 +1675,9 @@ static const struct alg_test_desc alg_test_descs[] = { }, { .alg = "__driver-cbc-serpent-avx", .test = alg_test_null, + }, { + .alg = "__driver-cbc-serpent-avx2", + .test = alg_test_null, }, { .alg = "__driver-cbc-serpent-sse2", .test = alg_test_null, @@ -1700,6 +1706,9 @@ static const struct alg_test_desc alg_test_descs[] = { }, { .alg = "__driver-ecb-serpent-avx", .test = alg_test_null, + }, { + .alg = "__driver-ecb-serpent-avx2", + .test = alg_test_null, }, { .alg = "__driver-ecb-serpent-sse2", .test = alg_test_null, @@ -1968,6 +1977,9 @@ static const struct alg_test_desc alg_test_descs[] = { }, { .alg = "cryptd(__driver-cbc-camellia-aesni)", .test = alg_test_null, + }, { + .alg = "cryptd(__driver-cbc-serpent-avx2)", + .test = alg_test_null, }, { .alg = "cryptd(__driver-ecb-aes-aesni)", .test = alg_test_null, @@ -1987,6 +1999,9 @@ static const struct alg_test_desc alg_test_descs[] = { }, { .alg = "cryptd(__driver-ecb-serpent-avx)", .test = alg_test_null, + }, { + .alg = "cryptd(__driver-ecb-serpent-avx2)", + .test = alg_test_null, }, { .alg = "cryptd(__driver-ecb-serpent-sse2)", .test = alg_test_null, -- cgit v1.2.3 From 25e1ef619895c3c7d5dceab96c0f1de2767e7811 Mon Sep 17 00:00:00 2001 From: Jussi Kivilinna Date: Sat, 13 Apr 2013 13:47:00 +0300 Subject: crypto: camellia - add AVX2/AES-NI/x86_64 assembler implementation of camellia cipher Patch adds AVX2/AES-NI/x86-64 implementation of Camellia cipher, requiring 32 parallel blocks for input (512 bytes). Compared to AVX implementation, this version is extended to use the 256-bit wide YMM registers. For AES-NI instructions data is split to two 128-bit registers and merged afterwards. Even with this additional handling, performance should be higher compared to the AES-NI/AVX implementation. Signed-off-by: Jussi Kivilinna Signed-off-by: Herbert Xu --- crypto/Kconfig | 23 +++++++++++++++++++++++ crypto/testmgr.c | 12 ++++++++++++ 2 files changed, 35 insertions(+) (limited to 'crypto/testmgr.c') diff --git a/crypto/Kconfig b/crypto/Kconfig index 9ad3d78c..622d8a48 100644 --- a/crypto/Kconfig +++ b/crypto/Kconfig @@ -894,6 +894,29 @@ config CRYPTO_CAMELLIA_AESNI_AVX_X86_64 See also: +config CRYPTO_CAMELLIA_AESNI_AVX2_X86_64 + tristate "Camellia cipher algorithm (x86_64/AES-NI/AVX2)" + depends on X86 && 64BIT + depends on CRYPTO + select CRYPTO_ALGAPI + select CRYPTO_CRYPTD + select CRYPTO_ABLK_HELPER_X86 + select CRYPTO_GLUE_HELPER_X86 + select CRYPTO_CAMELLIA_X86_64 + select CRYPTO_CAMELLIA_AESNI_AVX_X86_64 + select CRYPTO_LRW + select CRYPTO_XTS + help + Camellia cipher algorithm module (x86_64/AES-NI/AVX2). + + Camellia is a symmetric key block cipher developed jointly + at NTT and Mitsubishi Electric Corporation. + + The Camellia specifies three key sizes: 128, 192 and 256 bits. + + See also: + + config CRYPTO_CAMELLIA_SPARC64 tristate "Camellia cipher algorithm (SPARC64)" depends on SPARC64 diff --git a/crypto/testmgr.c b/crypto/testmgr.c index f5e13dea..5823735c 100644 --- a/crypto/testmgr.c +++ b/crypto/testmgr.c @@ -1666,6 +1666,9 @@ static const struct alg_test_desc alg_test_descs[] = { }, { .alg = "__driver-cbc-camellia-aesni", .test = alg_test_null, + }, { + .alg = "__driver-cbc-camellia-aesni-avx2", + .test = alg_test_null, }, { .alg = "__driver-cbc-cast5-avx", .test = alg_test_null, @@ -1697,6 +1700,9 @@ static const struct alg_test_desc alg_test_descs[] = { }, { .alg = "__driver-ecb-camellia-aesni", .test = alg_test_null, + }, { + .alg = "__driver-ecb-camellia-aesni-avx2", + .test = alg_test_null, }, { .alg = "__driver-ecb-cast5-avx", .test = alg_test_null, @@ -1977,6 +1983,9 @@ static const struct alg_test_desc alg_test_descs[] = { }, { .alg = "cryptd(__driver-cbc-camellia-aesni)", .test = alg_test_null, + }, { + .alg = "cryptd(__driver-cbc-camellia-aesni-avx2)", + .test = alg_test_null, }, { .alg = "cryptd(__driver-cbc-serpent-avx2)", .test = alg_test_null, @@ -1990,6 +1999,9 @@ static const struct alg_test_desc alg_test_descs[] = { }, { .alg = "cryptd(__driver-ecb-camellia-aesni)", .test = alg_test_null, + }, { + .alg = "cryptd(__driver-ecb-camellia-aesni-avx2)", + .test = alg_test_null, }, { .alg = "cryptd(__driver-ecb-cast5-avx)", .test = alg_test_null, -- cgit v1.2.3